[Midnightbsd-cvs] src [11606] vendor-crypto/openssl/1.0.1u: tag 1.0.1u

laffer1 at midnightbsd.org laffer1 at midnightbsd.org
Sun Jul 8 12:17:14 EDT 2018


Revision: 11606
          http://svnweb.midnightbsd.org/src/?rev=11606
Author:   laffer1
Date:     2018-07-08 12:17:13 -0400 (Sun, 08 Jul 2018)
Log Message:
-----------
tag 1.0.1u

Added Paths:
-----------
    vendor-crypto/openssl/1.0.1u/
    vendor-crypto/openssl/1.0.1u/ACKNOWLEDGMENTS
    vendor-crypto/openssl/1.0.1u/CHANGES
    vendor-crypto/openssl/1.0.1u/CONTRIBUTING
    vendor-crypto/openssl/1.0.1u/Configure
    vendor-crypto/openssl/1.0.1u/INSTALL
    vendor-crypto/openssl/1.0.1u/LICENSE
    vendor-crypto/openssl/1.0.1u/Makefile
    vendor-crypto/openssl/1.0.1u/Makefile.bak
    vendor-crypto/openssl/1.0.1u/Makefile.org
    vendor-crypto/openssl/1.0.1u/NEWS
    vendor-crypto/openssl/1.0.1u/README
    vendor-crypto/openssl/1.0.1u/apps/apps.c
    vendor-crypto/openssl/1.0.1u/apps/enc.c
    vendor-crypto/openssl/1.0.1u/apps/engine.c
    vendor-crypto/openssl/1.0.1u/apps/ocsp.c
    vendor-crypto/openssl/1.0.1u/apps/passwd.c
    vendor-crypto/openssl/1.0.1u/apps/pkcs12.c
    vendor-crypto/openssl/1.0.1u/apps/pkcs7.c
    vendor-crypto/openssl/1.0.1u/apps/s_server.c
    vendor-crypto/openssl/1.0.1u/apps/speed.c
    vendor-crypto/openssl/1.0.1u/apps/x509.c
    vendor-crypto/openssl/1.0.1u/crypto/aes/aes.h
    vendor-crypto/openssl/1.0.1u/crypto/aes/aes_cbc.c
    vendor-crypto/openssl/1.0.1u/crypto/aes/aes_cfb.c
    vendor-crypto/openssl/1.0.1u/crypto/aes/aes_core.c
    vendor-crypto/openssl/1.0.1u/crypto/aes/aes_ctr.c
    vendor-crypto/openssl/1.0.1u/crypto/aes/aes_ecb.c
    vendor-crypto/openssl/1.0.1u/crypto/aes/aes_ige.c
    vendor-crypto/openssl/1.0.1u/crypto/aes/aes_locl.h
    vendor-crypto/openssl/1.0.1u/crypto/aes/aes_misc.c
    vendor-crypto/openssl/1.0.1u/crypto/aes/aes_ofb.c
    vendor-crypto/openssl/1.0.1u/crypto/aes/aes_x86core.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/a_bytes.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/a_d2i_fp.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/a_object.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/a_set.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/a_type.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/asn1_lib.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/asn1_par.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/asn_mime.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/d2i_pr.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/f_enum.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/f_int.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/f_string.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/p5_pbe.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/p5_pbev2.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/t_x509.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/tasn_dec.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/tasn_enc.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/tasn_prn.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/x_name.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/x_x509.c
    vendor-crypto/openssl/1.0.1u/crypto/bio/b_print.c
    vendor-crypto/openssl/1.0.1u/crypto/bio/bf_nbio.c
    vendor-crypto/openssl/1.0.1u/crypto/bio/bio.h
    vendor-crypto/openssl/1.0.1u/crypto/bio/bss_bio.c
    vendor-crypto/openssl/1.0.1u/crypto/bio/bss_conn.c
    vendor-crypto/openssl/1.0.1u/crypto/bio/bss_dgram.c
    vendor-crypto/openssl/1.0.1u/crypto/bn/Makefile
    vendor-crypto/openssl/1.0.1u/crypto/bn/asm/x86-mont.pl
    vendor-crypto/openssl/1.0.1u/crypto/bn/asm/x86_64-mont.pl
    vendor-crypto/openssl/1.0.1u/crypto/bn/asm/x86_64-mont5.pl
    vendor-crypto/openssl/1.0.1u/crypto/bn/bn.h
    vendor-crypto/openssl/1.0.1u/crypto/bn/bn_exp.c
    vendor-crypto/openssl/1.0.1u/crypto/bn/bn_lib.c
    vendor-crypto/openssl/1.0.1u/crypto/bn/bn_print.c
    vendor-crypto/openssl/1.0.1u/crypto/bn/bn_rand.c
    vendor-crypto/openssl/1.0.1u/crypto/bn/bn_recp.c
    vendor-crypto/openssl/1.0.1u/crypto/bn/exptest.c
    vendor-crypto/openssl/1.0.1u/crypto/camellia/camellia.c
    vendor-crypto/openssl/1.0.1u/crypto/camellia/camellia.h
    vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_cbc.c
    vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_cfb.c
    vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_ctr.c
    vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_ecb.c
    vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_locl.h
    vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_misc.c
    vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_ofb.c
    vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_utl.c
    vendor-crypto/openssl/1.0.1u/crypto/cms/cms_enc.c
    vendor-crypto/openssl/1.0.1u/crypto/cms/cms_ess.c
    vendor-crypto/openssl/1.0.1u/crypto/cms/cms_pwri.c
    vendor-crypto/openssl/1.0.1u/crypto/comp/comp.h
    vendor-crypto/openssl/1.0.1u/crypto/des/des.c
    vendor-crypto/openssl/1.0.1u/crypto/des/des_old.c
    vendor-crypto/openssl/1.0.1u/crypto/des/des_old.h
    vendor-crypto/openssl/1.0.1u/crypto/des/des_old2.c
    vendor-crypto/openssl/1.0.1u/crypto/des/enc_writ.c
    vendor-crypto/openssl/1.0.1u/crypto/dsa/dsa_ameth.c
    vendor-crypto/openssl/1.0.1u/crypto/dsa/dsa_gen.c
    vendor-crypto/openssl/1.0.1u/crypto/dsa/dsa_ossl.c
    vendor-crypto/openssl/1.0.1u/crypto/dso/dso.h
    vendor-crypto/openssl/1.0.1u/crypto/dso/dso_dl.c
    vendor-crypto/openssl/1.0.1u/crypto/dso/dso_dlfcn.c
    vendor-crypto/openssl/1.0.1u/crypto/dso/dso_lib.c
    vendor-crypto/openssl/1.0.1u/crypto/dso/dso_vms.c
    vendor-crypto/openssl/1.0.1u/crypto/dso/dso_win32.c
    vendor-crypto/openssl/1.0.1u/crypto/ec/ectest.c
    vendor-crypto/openssl/1.0.1u/crypto/engine/eng_all.c
    vendor-crypto/openssl/1.0.1u/crypto/evp/Makefile
    vendor-crypto/openssl/1.0.1u/crypto/evp/bio_ok.c
    vendor-crypto/openssl/1.0.1u/crypto/evp/digest.c
    vendor-crypto/openssl/1.0.1u/crypto/evp/e_aes_cbc_hmac_sha1.c
    vendor-crypto/openssl/1.0.1u/crypto/evp/e_camellia.c
    vendor-crypto/openssl/1.0.1u/crypto/evp/e_old.c
    vendor-crypto/openssl/1.0.1u/crypto/evp/e_seed.c
    vendor-crypto/openssl/1.0.1u/crypto/evp/encode.c
    vendor-crypto/openssl/1.0.1u/crypto/evp/evp_enc.c
    vendor-crypto/openssl/1.0.1u/crypto/md2/md2_dgst.c
    vendor-crypto/openssl/1.0.1u/crypto/md32_common.h
    vendor-crypto/openssl/1.0.1u/crypto/mdc2/mdc2dgst.c
    vendor-crypto/openssl/1.0.1u/crypto/mem_clr.c
    vendor-crypto/openssl/1.0.1u/crypto/modes/ctr128.c
    vendor-crypto/openssl/1.0.1u/crypto/o_dir.c
    vendor-crypto/openssl/1.0.1u/crypto/o_dir.h
    vendor-crypto/openssl/1.0.1u/crypto/o_dir_test.c
    vendor-crypto/openssl/1.0.1u/crypto/o_str.c
    vendor-crypto/openssl/1.0.1u/crypto/o_str.h
    vendor-crypto/openssl/1.0.1u/crypto/o_time.c
    vendor-crypto/openssl/1.0.1u/crypto/o_time.h
    vendor-crypto/openssl/1.0.1u/crypto/ocsp/ocsp_ext.c
    vendor-crypto/openssl/1.0.1u/crypto/opensslconf.h
    vendor-crypto/openssl/1.0.1u/crypto/opensslv.h
    vendor-crypto/openssl/1.0.1u/crypto/pem/pem.h
    vendor-crypto/openssl/1.0.1u/crypto/pem/pem_err.c
    vendor-crypto/openssl/1.0.1u/crypto/pem/pem_lib.c
    vendor-crypto/openssl/1.0.1u/crypto/pem/pvkfmt.c
    vendor-crypto/openssl/1.0.1u/crypto/perlasm/x86_64-xlate.pl
    vendor-crypto/openssl/1.0.1u/crypto/pkcs12/p12_mutl.c
    vendor-crypto/openssl/1.0.1u/crypto/pkcs12/p12_npas.c
    vendor-crypto/openssl/1.0.1u/crypto/pkcs12/p12_utl.c
    vendor-crypto/openssl/1.0.1u/crypto/pkcs12/pkcs12.h
    vendor-crypto/openssl/1.0.1u/crypto/pkcs7/pk7_doit.c
    vendor-crypto/openssl/1.0.1u/crypto/rand/rand_unix.c
    vendor-crypto/openssl/1.0.1u/crypto/rand/rand_vms.c
    vendor-crypto/openssl/1.0.1u/crypto/rc4/rc4_utl.c
    vendor-crypto/openssl/1.0.1u/crypto/rsa/rsa_chk.c
    vendor-crypto/openssl/1.0.1u/crypto/seed/seed_cbc.c
    vendor-crypto/openssl/1.0.1u/crypto/seed/seed_cfb.c
    vendor-crypto/openssl/1.0.1u/crypto/seed/seed_ecb.c
    vendor-crypto/openssl/1.0.1u/crypto/seed/seed_ofb.c
    vendor-crypto/openssl/1.0.1u/crypto/sha/sha1test.c
    vendor-crypto/openssl/1.0.1u/crypto/srp/srp.h
    vendor-crypto/openssl/1.0.1u/crypto/srp/srp_lib.c
    vendor-crypto/openssl/1.0.1u/crypto/srp/srp_vfy.c
    vendor-crypto/openssl/1.0.1u/crypto/store/store.h
    vendor-crypto/openssl/1.0.1u/crypto/store/str_lib.c
    vendor-crypto/openssl/1.0.1u/crypto/store/str_locl.h
    vendor-crypto/openssl/1.0.1u/crypto/store/str_mem.c
    vendor-crypto/openssl/1.0.1u/crypto/store/str_meth.c
    vendor-crypto/openssl/1.0.1u/crypto/ts/ts_lib.c
    vendor-crypto/openssl/1.0.1u/crypto/ts/ts_rsp_verify.c
    vendor-crypto/openssl/1.0.1u/crypto/ui/ui.h
    vendor-crypto/openssl/1.0.1u/crypto/ui/ui_compat.c
    vendor-crypto/openssl/1.0.1u/crypto/ui/ui_compat.h
    vendor-crypto/openssl/1.0.1u/crypto/ui/ui_lib.c
    vendor-crypto/openssl/1.0.1u/crypto/ui/ui_locl.h
    vendor-crypto/openssl/1.0.1u/crypto/ui/ui_openssl.c
    vendor-crypto/openssl/1.0.1u/crypto/ui/ui_util.c
    vendor-crypto/openssl/1.0.1u/crypto/whrlpool/wp_dgst.c
    vendor-crypto/openssl/1.0.1u/crypto/x509/x509.h
    vendor-crypto/openssl/1.0.1u/crypto/x509/x509_err.c
    vendor-crypto/openssl/1.0.1u/crypto/x509/x509_obj.c
    vendor-crypto/openssl/1.0.1u/crypto/x509/x509_txt.c
    vendor-crypto/openssl/1.0.1u/crypto/x509/x509_vfy.c
    vendor-crypto/openssl/1.0.1u/crypto/x509/x509_vfy.h
    vendor-crypto/openssl/1.0.1u/crypto/x509v3/v3_addr.c
    vendor-crypto/openssl/1.0.1u/crypto/x509v3/v3_pci.c
    vendor-crypto/openssl/1.0.1u/crypto/x509v3/v3_pcia.c
    vendor-crypto/openssl/1.0.1u/demos/easy_tls/easy-tls.c
    vendor-crypto/openssl/1.0.1u/demos/easy_tls/easy-tls.h
    vendor-crypto/openssl/1.0.1u/demos/tunala/tunala.c
    vendor-crypto/openssl/1.0.1u/doc/apps/ciphers.pod
    vendor-crypto/openssl/1.0.1u/doc/apps/cms.pod
    vendor-crypto/openssl/1.0.1u/doc/apps/s_client.pod
    vendor-crypto/openssl/1.0.1u/doc/apps/s_server.pod
    vendor-crypto/openssl/1.0.1u/doc/apps/s_time.pod
    vendor-crypto/openssl/1.0.1u/doc/apps/smime.pod
    vendor-crypto/openssl/1.0.1u/doc/apps/verify.pod
    vendor-crypto/openssl/1.0.1u/doc/crypto/BIO_s_connect.pod
    vendor-crypto/openssl/1.0.1u/doc/crypto/EVP_EncodeInit.pod
    vendor-crypto/openssl/1.0.1u/doc/crypto/X509_verify_cert.pod
    vendor-crypto/openssl/1.0.1u/doc/crypto/d2i_PrivateKey.pod
    vendor-crypto/openssl/1.0.1u/doc/crypto/evp.pod
    vendor-crypto/openssl/1.0.1u/doc/ssl/SSL_CTX_new.pod
    vendor-crypto/openssl/1.0.1u/doc/ssl/SSL_CTX_set_options.pod
    vendor-crypto/openssl/1.0.1u/doc/ssl/SSL_CTX_set_tlsext_status_cb.pod
    vendor-crypto/openssl/1.0.1u/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
    vendor-crypto/openssl/1.0.1u/doc/ssl/ssl.pod
    vendor-crypto/openssl/1.0.1u/engines/e_chil.c
    vendor-crypto/openssl/1.0.1u/include/
    vendor-crypto/openssl/1.0.1u/ms/uplink-x86.pl
    vendor-crypto/openssl/1.0.1u/openssl.spec
    vendor-crypto/openssl/1.0.1u/ssl/Makefile
    vendor-crypto/openssl/1.0.1u/ssl/d1_both.c
    vendor-crypto/openssl/1.0.1u/ssl/d1_clnt.c
    vendor-crypto/openssl/1.0.1u/ssl/d1_lib.c
    vendor-crypto/openssl/1.0.1u/ssl/d1_pkt.c
    vendor-crypto/openssl/1.0.1u/ssl/d1_srvr.c
    vendor-crypto/openssl/1.0.1u/ssl/kssl.c
    vendor-crypto/openssl/1.0.1u/ssl/kssl.h
    vendor-crypto/openssl/1.0.1u/ssl/kssl_lcl.h
    vendor-crypto/openssl/1.0.1u/ssl/s23_clnt.c
    vendor-crypto/openssl/1.0.1u/ssl/s2_clnt.c
    vendor-crypto/openssl/1.0.1u/ssl/s2_lib.c
    vendor-crypto/openssl/1.0.1u/ssl/s2_meth.c
    vendor-crypto/openssl/1.0.1u/ssl/s2_srvr.c
    vendor-crypto/openssl/1.0.1u/ssl/s3_both.c
    vendor-crypto/openssl/1.0.1u/ssl/s3_clnt.c
    vendor-crypto/openssl/1.0.1u/ssl/s3_lib.c
    vendor-crypto/openssl/1.0.1u/ssl/s3_srvr.c
    vendor-crypto/openssl/1.0.1u/ssl/ssl.h
    vendor-crypto/openssl/1.0.1u/ssl/ssl_ciph.c
    vendor-crypto/openssl/1.0.1u/ssl/ssl_err.c
    vendor-crypto/openssl/1.0.1u/ssl/ssl_lib.c
    vendor-crypto/openssl/1.0.1u/ssl/ssl_locl.h
    vendor-crypto/openssl/1.0.1u/ssl/ssl_sess.c
    vendor-crypto/openssl/1.0.1u/ssl/t1_enc.c
    vendor-crypto/openssl/1.0.1u/ssl/t1_lib.c
    vendor-crypto/openssl/1.0.1u/test/igetest.c
    vendor-crypto/openssl/1.0.1u/test/smime-certs/smdsa1.pem
    vendor-crypto/openssl/1.0.1u/test/smime-certs/smdsa2.pem
    vendor-crypto/openssl/1.0.1u/test/smime-certs/smdsa3.pem
    vendor-crypto/openssl/1.0.1u/test/smime-certs/smroot.pem
    vendor-crypto/openssl/1.0.1u/test/smime-certs/smrsa1.pem
    vendor-crypto/openssl/1.0.1u/test/smime-certs/smrsa2.pem
    vendor-crypto/openssl/1.0.1u/test/smime-certs/smrsa3.pem
    vendor-crypto/openssl/1.0.1u/test/testfipsssl
    vendor-crypto/openssl/1.0.1u/util/libeay.num
    vendor-crypto/openssl/1.0.1u/util/mk1mf.pl
    vendor-crypto/openssl/1.0.1u/util/mkdef.pl
    vendor-crypto/openssl/1.0.1u/util/pl/BC-32.pl
    vendor-crypto/openssl/1.0.1u/util/pl/Mingw32.pl
    vendor-crypto/openssl/1.0.1u/util/pl/OS2-EMX.pl
    vendor-crypto/openssl/1.0.1u/util/pl/VC-32.pl
    vendor-crypto/openssl/1.0.1u/util/pl/linux.pl
    vendor-crypto/openssl/1.0.1u/util/pl/netware.pl
    vendor-crypto/openssl/1.0.1u/util/pl/ultrix.pl
    vendor-crypto/openssl/1.0.1u/util/pl/unix.pl
    vendor-crypto/openssl/1.0.1u/util/ssleay.num

Removed Paths:
-------------
    vendor-crypto/openssl/1.0.1u/ACKNOWLEDGMENTS
    vendor-crypto/openssl/1.0.1u/CHANGES
    vendor-crypto/openssl/1.0.1u/CONTRIBUTING
    vendor-crypto/openssl/1.0.1u/Configure
    vendor-crypto/openssl/1.0.1u/INSTALL
    vendor-crypto/openssl/1.0.1u/LICENSE
    vendor-crypto/openssl/1.0.1u/Makefile
    vendor-crypto/openssl/1.0.1u/Makefile.bak
    vendor-crypto/openssl/1.0.1u/Makefile.org
    vendor-crypto/openssl/1.0.1u/NEWS
    vendor-crypto/openssl/1.0.1u/README
    vendor-crypto/openssl/1.0.1u/apps/apps.c
    vendor-crypto/openssl/1.0.1u/apps/enc.c
    vendor-crypto/openssl/1.0.1u/apps/engine.c
    vendor-crypto/openssl/1.0.1u/apps/md4.c
    vendor-crypto/openssl/1.0.1u/apps/ocsp.c
    vendor-crypto/openssl/1.0.1u/apps/passwd.c
    vendor-crypto/openssl/1.0.1u/apps/pkcs12.c
    vendor-crypto/openssl/1.0.1u/apps/pkcs7.c
    vendor-crypto/openssl/1.0.1u/apps/s_server.c
    vendor-crypto/openssl/1.0.1u/apps/speed.c
    vendor-crypto/openssl/1.0.1u/apps/x509.c
    vendor-crypto/openssl/1.0.1u/crypto/aes/aes.h
    vendor-crypto/openssl/1.0.1u/crypto/aes/aes_cbc.c
    vendor-crypto/openssl/1.0.1u/crypto/aes/aes_cfb.c
    vendor-crypto/openssl/1.0.1u/crypto/aes/aes_core.c
    vendor-crypto/openssl/1.0.1u/crypto/aes/aes_ctr.c
    vendor-crypto/openssl/1.0.1u/crypto/aes/aes_ecb.c
    vendor-crypto/openssl/1.0.1u/crypto/aes/aes_ige.c
    vendor-crypto/openssl/1.0.1u/crypto/aes/aes_locl.h
    vendor-crypto/openssl/1.0.1u/crypto/aes/aes_misc.c
    vendor-crypto/openssl/1.0.1u/crypto/aes/aes_ofb.c
    vendor-crypto/openssl/1.0.1u/crypto/aes/aes_x86core.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/a_bytes.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/a_d2i_fp.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/a_object.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/a_set.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/a_type.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/asn1_lib.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/asn1_par.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/asn_mime.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/d2i_pr.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/f_enum.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/f_int.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/f_string.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/p5_pbe.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/p5_pbev2.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/t_x509.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/tasn_dec.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/tasn_enc.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/tasn_prn.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/x_name.c
    vendor-crypto/openssl/1.0.1u/crypto/asn1/x_x509.c
    vendor-crypto/openssl/1.0.1u/crypto/bio/b_print.c
    vendor-crypto/openssl/1.0.1u/crypto/bio/bf_nbio.c
    vendor-crypto/openssl/1.0.1u/crypto/bio/bio.h
    vendor-crypto/openssl/1.0.1u/crypto/bio/bss_bio.c
    vendor-crypto/openssl/1.0.1u/crypto/bio/bss_conn.c
    vendor-crypto/openssl/1.0.1u/crypto/bio/bss_dgram.c
    vendor-crypto/openssl/1.0.1u/crypto/bn/Makefile
    vendor-crypto/openssl/1.0.1u/crypto/bn/asm/x86-mont.pl
    vendor-crypto/openssl/1.0.1u/crypto/bn/asm/x86_64-mont.pl
    vendor-crypto/openssl/1.0.1u/crypto/bn/asm/x86_64-mont5.pl
    vendor-crypto/openssl/1.0.1u/crypto/bn/bn.h
    vendor-crypto/openssl/1.0.1u/crypto/bn/bn_exp.c
    vendor-crypto/openssl/1.0.1u/crypto/bn/bn_lib.c
    vendor-crypto/openssl/1.0.1u/crypto/bn/bn_print.c
    vendor-crypto/openssl/1.0.1u/crypto/bn/bn_rand.c
    vendor-crypto/openssl/1.0.1u/crypto/bn/bn_recp.c
    vendor-crypto/openssl/1.0.1u/crypto/bn/exptest.c
    vendor-crypto/openssl/1.0.1u/crypto/camellia/camellia.c
    vendor-crypto/openssl/1.0.1u/crypto/camellia/camellia.h
    vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_cbc.c
    vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_cfb.c
    vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_ctr.c
    vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_ecb.c
    vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_locl.h
    vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_misc.c
    vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_ofb.c
    vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_utl.c
    vendor-crypto/openssl/1.0.1u/crypto/cms/cms_enc.c
    vendor-crypto/openssl/1.0.1u/crypto/cms/cms_ess.c
    vendor-crypto/openssl/1.0.1u/crypto/cms/cms_pwri.c
    vendor-crypto/openssl/1.0.1u/crypto/comp/comp.h
    vendor-crypto/openssl/1.0.1u/crypto/des/des.c
    vendor-crypto/openssl/1.0.1u/crypto/des/des_old.c
    vendor-crypto/openssl/1.0.1u/crypto/des/des_old.h
    vendor-crypto/openssl/1.0.1u/crypto/des/des_old2.c
    vendor-crypto/openssl/1.0.1u/crypto/des/enc_writ.c
    vendor-crypto/openssl/1.0.1u/crypto/dsa/dsa_ameth.c
    vendor-crypto/openssl/1.0.1u/crypto/dsa/dsa_gen.c
    vendor-crypto/openssl/1.0.1u/crypto/dsa/dsa_ossl.c
    vendor-crypto/openssl/1.0.1u/crypto/dso/dso.h
    vendor-crypto/openssl/1.0.1u/crypto/dso/dso_dl.c
    vendor-crypto/openssl/1.0.1u/crypto/dso/dso_dlfcn.c
    vendor-crypto/openssl/1.0.1u/crypto/dso/dso_lib.c
    vendor-crypto/openssl/1.0.1u/crypto/dso/dso_vms.c
    vendor-crypto/openssl/1.0.1u/crypto/dso/dso_win32.c
    vendor-crypto/openssl/1.0.1u/crypto/ec/ectest.c
    vendor-crypto/openssl/1.0.1u/crypto/engine/eng_all.c
    vendor-crypto/openssl/1.0.1u/crypto/evp/Makefile
    vendor-crypto/openssl/1.0.1u/crypto/evp/bio_ok.c
    vendor-crypto/openssl/1.0.1u/crypto/evp/digest.c
    vendor-crypto/openssl/1.0.1u/crypto/evp/e_aes_cbc_hmac_sha1.c
    vendor-crypto/openssl/1.0.1u/crypto/evp/e_camellia.c
    vendor-crypto/openssl/1.0.1u/crypto/evp/e_old.c
    vendor-crypto/openssl/1.0.1u/crypto/evp/e_seed.c
    vendor-crypto/openssl/1.0.1u/crypto/evp/encode.c
    vendor-crypto/openssl/1.0.1u/crypto/evp/evp_enc.c
    vendor-crypto/openssl/1.0.1u/crypto/md2/md2_dgst.c
    vendor-crypto/openssl/1.0.1u/crypto/md32_common.h
    vendor-crypto/openssl/1.0.1u/crypto/mdc2/mdc2dgst.c
    vendor-crypto/openssl/1.0.1u/crypto/mem_clr.c
    vendor-crypto/openssl/1.0.1u/crypto/modes/ctr128.c
    vendor-crypto/openssl/1.0.1u/crypto/o_dir.c
    vendor-crypto/openssl/1.0.1u/crypto/o_dir.h
    vendor-crypto/openssl/1.0.1u/crypto/o_dir_test.c
    vendor-crypto/openssl/1.0.1u/crypto/o_str.c
    vendor-crypto/openssl/1.0.1u/crypto/o_str.h
    vendor-crypto/openssl/1.0.1u/crypto/o_time.c
    vendor-crypto/openssl/1.0.1u/crypto/o_time.h
    vendor-crypto/openssl/1.0.1u/crypto/ocsp/ocsp_ext.c
    vendor-crypto/openssl/1.0.1u/crypto/opensslconf.h
    vendor-crypto/openssl/1.0.1u/crypto/opensslv.h
    vendor-crypto/openssl/1.0.1u/crypto/pem/pem.h
    vendor-crypto/openssl/1.0.1u/crypto/pem/pem_err.c
    vendor-crypto/openssl/1.0.1u/crypto/pem/pem_lib.c
    vendor-crypto/openssl/1.0.1u/crypto/pem/pvkfmt.c
    vendor-crypto/openssl/1.0.1u/crypto/perlasm/x86_64-xlate.pl
    vendor-crypto/openssl/1.0.1u/crypto/pkcs12/p12_mutl.c
    vendor-crypto/openssl/1.0.1u/crypto/pkcs12/p12_npas.c
    vendor-crypto/openssl/1.0.1u/crypto/pkcs12/p12_utl.c
    vendor-crypto/openssl/1.0.1u/crypto/pkcs12/pkcs12.h
    vendor-crypto/openssl/1.0.1u/crypto/pkcs7/pk7_doit.c
    vendor-crypto/openssl/1.0.1u/crypto/rand/rand_unix.c
    vendor-crypto/openssl/1.0.1u/crypto/rand/rand_vms.c
    vendor-crypto/openssl/1.0.1u/crypto/rc4/rc4_utl.c
    vendor-crypto/openssl/1.0.1u/crypto/rsa/rsa_chk.c
    vendor-crypto/openssl/1.0.1u/crypto/seed/seed_cbc.c
    vendor-crypto/openssl/1.0.1u/crypto/seed/seed_cfb.c
    vendor-crypto/openssl/1.0.1u/crypto/seed/seed_ecb.c
    vendor-crypto/openssl/1.0.1u/crypto/seed/seed_ofb.c
    vendor-crypto/openssl/1.0.1u/crypto/sha/sha1test.c
    vendor-crypto/openssl/1.0.1u/crypto/srp/srp.h
    vendor-crypto/openssl/1.0.1u/crypto/srp/srp_lib.c
    vendor-crypto/openssl/1.0.1u/crypto/srp/srp_vfy.c
    vendor-crypto/openssl/1.0.1u/crypto/store/store.h
    vendor-crypto/openssl/1.0.1u/crypto/store/str_lib.c
    vendor-crypto/openssl/1.0.1u/crypto/store/str_locl.h
    vendor-crypto/openssl/1.0.1u/crypto/store/str_mem.c
    vendor-crypto/openssl/1.0.1u/crypto/store/str_meth.c
    vendor-crypto/openssl/1.0.1u/crypto/ts/ts_lib.c
    vendor-crypto/openssl/1.0.1u/crypto/ts/ts_rsp_verify.c
    vendor-crypto/openssl/1.0.1u/crypto/ui/ui.h
    vendor-crypto/openssl/1.0.1u/crypto/ui/ui_compat.c
    vendor-crypto/openssl/1.0.1u/crypto/ui/ui_compat.h
    vendor-crypto/openssl/1.0.1u/crypto/ui/ui_lib.c
    vendor-crypto/openssl/1.0.1u/crypto/ui/ui_locl.h
    vendor-crypto/openssl/1.0.1u/crypto/ui/ui_openssl.c
    vendor-crypto/openssl/1.0.1u/crypto/ui/ui_util.c
    vendor-crypto/openssl/1.0.1u/crypto/whrlpool/wp_dgst.c
    vendor-crypto/openssl/1.0.1u/crypto/x509/x509.h
    vendor-crypto/openssl/1.0.1u/crypto/x509/x509_err.c
    vendor-crypto/openssl/1.0.1u/crypto/x509/x509_obj.c
    vendor-crypto/openssl/1.0.1u/crypto/x509/x509_txt.c
    vendor-crypto/openssl/1.0.1u/crypto/x509/x509_vfy.c
    vendor-crypto/openssl/1.0.1u/crypto/x509/x509_vfy.h
    vendor-crypto/openssl/1.0.1u/crypto/x509v3/v3_addr.c
    vendor-crypto/openssl/1.0.1u/crypto/x509v3/v3_pci.c
    vendor-crypto/openssl/1.0.1u/crypto/x509v3/v3_pcia.c
    vendor-crypto/openssl/1.0.1u/demos/easy_tls/easy-tls.c
    vendor-crypto/openssl/1.0.1u/demos/easy_tls/easy-tls.h
    vendor-crypto/openssl/1.0.1u/demos/tunala/tunala.c
    vendor-crypto/openssl/1.0.1u/doc/apps/ciphers.pod
    vendor-crypto/openssl/1.0.1u/doc/apps/cms.pod
    vendor-crypto/openssl/1.0.1u/doc/apps/s_client.pod
    vendor-crypto/openssl/1.0.1u/doc/apps/s_server.pod
    vendor-crypto/openssl/1.0.1u/doc/apps/s_time.pod
    vendor-crypto/openssl/1.0.1u/doc/apps/smime.pod
    vendor-crypto/openssl/1.0.1u/doc/apps/verify.pod
    vendor-crypto/openssl/1.0.1u/doc/crypto/BIO_s_connect.pod
    vendor-crypto/openssl/1.0.1u/doc/crypto/X509_verify_cert.pod
    vendor-crypto/openssl/1.0.1u/doc/crypto/evp.pod
    vendor-crypto/openssl/1.0.1u/doc/ssl/SSL_CTX_new.pod
    vendor-crypto/openssl/1.0.1u/doc/ssl/SSL_CTX_set_options.pod
    vendor-crypto/openssl/1.0.1u/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
    vendor-crypto/openssl/1.0.1u/doc/ssl/ssl.pod
    vendor-crypto/openssl/1.0.1u/engines/e_chil.c
    vendor-crypto/openssl/1.0.1u/ms/uplink-x86.pl
    vendor-crypto/openssl/1.0.1u/openssl.spec
    vendor-crypto/openssl/1.0.1u/ssl/Makefile
    vendor-crypto/openssl/1.0.1u/ssl/d1_both.c
    vendor-crypto/openssl/1.0.1u/ssl/d1_clnt.c
    vendor-crypto/openssl/1.0.1u/ssl/d1_lib.c
    vendor-crypto/openssl/1.0.1u/ssl/d1_pkt.c
    vendor-crypto/openssl/1.0.1u/ssl/d1_srvr.c
    vendor-crypto/openssl/1.0.1u/ssl/kssl.c
    vendor-crypto/openssl/1.0.1u/ssl/kssl.h
    vendor-crypto/openssl/1.0.1u/ssl/kssl_lcl.h
    vendor-crypto/openssl/1.0.1u/ssl/s23_clnt.c
    vendor-crypto/openssl/1.0.1u/ssl/s2_clnt.c
    vendor-crypto/openssl/1.0.1u/ssl/s2_lib.c
    vendor-crypto/openssl/1.0.1u/ssl/s2_meth.c
    vendor-crypto/openssl/1.0.1u/ssl/s2_srvr.c
    vendor-crypto/openssl/1.0.1u/ssl/s3_both.c
    vendor-crypto/openssl/1.0.1u/ssl/s3_clnt.c
    vendor-crypto/openssl/1.0.1u/ssl/s3_lib.c
    vendor-crypto/openssl/1.0.1u/ssl/s3_srvr.c
    vendor-crypto/openssl/1.0.1u/ssl/ssl.h
    vendor-crypto/openssl/1.0.1u/ssl/ssl_ciph.c
    vendor-crypto/openssl/1.0.1u/ssl/ssl_err.c
    vendor-crypto/openssl/1.0.1u/ssl/ssl_lib.c
    vendor-crypto/openssl/1.0.1u/ssl/ssl_locl.h
    vendor-crypto/openssl/1.0.1u/ssl/ssl_sess.c
    vendor-crypto/openssl/1.0.1u/ssl/t1_enc.c
    vendor-crypto/openssl/1.0.1u/ssl/t1_lib.c
    vendor-crypto/openssl/1.0.1u/test/bftest.c
    vendor-crypto/openssl/1.0.1u/test/bntest.c
    vendor-crypto/openssl/1.0.1u/test/casttest.c
    vendor-crypto/openssl/1.0.1u/test/clienthellotest.c
    vendor-crypto/openssl/1.0.1u/test/constant_time_test.c
    vendor-crypto/openssl/1.0.1u/test/destest.c
    vendor-crypto/openssl/1.0.1u/test/dhtest.c
    vendor-crypto/openssl/1.0.1u/test/dsatest.c
    vendor-crypto/openssl/1.0.1u/test/ecdhtest.c
    vendor-crypto/openssl/1.0.1u/test/ecdsatest.c
    vendor-crypto/openssl/1.0.1u/test/ectest.c
    vendor-crypto/openssl/1.0.1u/test/enginetest.c
    vendor-crypto/openssl/1.0.1u/test/evp_extra_test.c
    vendor-crypto/openssl/1.0.1u/test/evp_test.c
    vendor-crypto/openssl/1.0.1u/test/exptest.c
    vendor-crypto/openssl/1.0.1u/test/heartbeat_test.c
    vendor-crypto/openssl/1.0.1u/test/hmactest.c
    vendor-crypto/openssl/1.0.1u/test/ideatest.c
    vendor-crypto/openssl/1.0.1u/test/igetest.c
    vendor-crypto/openssl/1.0.1u/test/jpaketest.c
    vendor-crypto/openssl/1.0.1u/test/md2test.c
    vendor-crypto/openssl/1.0.1u/test/md4test.c
    vendor-crypto/openssl/1.0.1u/test/md5test.c
    vendor-crypto/openssl/1.0.1u/test/mdc2test.c
    vendor-crypto/openssl/1.0.1u/test/randtest.c
    vendor-crypto/openssl/1.0.1u/test/rc2test.c
    vendor-crypto/openssl/1.0.1u/test/rc4test.c
    vendor-crypto/openssl/1.0.1u/test/rc5test.c
    vendor-crypto/openssl/1.0.1u/test/rmdtest.c
    vendor-crypto/openssl/1.0.1u/test/rsa_test.c
    vendor-crypto/openssl/1.0.1u/test/sha1test.c
    vendor-crypto/openssl/1.0.1u/test/sha256t.c
    vendor-crypto/openssl/1.0.1u/test/sha512t.c
    vendor-crypto/openssl/1.0.1u/test/shatest.c
    vendor-crypto/openssl/1.0.1u/test/smime-certs/smdsa1.pem
    vendor-crypto/openssl/1.0.1u/test/smime-certs/smdsa2.pem
    vendor-crypto/openssl/1.0.1u/test/smime-certs/smdsa3.pem
    vendor-crypto/openssl/1.0.1u/test/smime-certs/smroot.pem
    vendor-crypto/openssl/1.0.1u/test/smime-certs/smrsa1.pem
    vendor-crypto/openssl/1.0.1u/test/smime-certs/smrsa2.pem
    vendor-crypto/openssl/1.0.1u/test/smime-certs/smrsa3.pem
    vendor-crypto/openssl/1.0.1u/test/srptest.c
    vendor-crypto/openssl/1.0.1u/test/ssltest.c
    vendor-crypto/openssl/1.0.1u/test/testfipsssl
    vendor-crypto/openssl/1.0.1u/test/verify_extra_test.c
    vendor-crypto/openssl/1.0.1u/test/wp_test.c
    vendor-crypto/openssl/1.0.1u/util/libeay.num
    vendor-crypto/openssl/1.0.1u/util/mk1mf.pl
    vendor-crypto/openssl/1.0.1u/util/mkdef.pl
    vendor-crypto/openssl/1.0.1u/util/pl/BC-32.pl
    vendor-crypto/openssl/1.0.1u/util/pl/Mingw32.pl
    vendor-crypto/openssl/1.0.1u/util/pl/OS2-EMX.pl
    vendor-crypto/openssl/1.0.1u/util/pl/VC-32.pl
    vendor-crypto/openssl/1.0.1u/util/pl/linux.pl
    vendor-crypto/openssl/1.0.1u/util/pl/netware.pl
    vendor-crypto/openssl/1.0.1u/util/pl/ultrix.pl
    vendor-crypto/openssl/1.0.1u/util/pl/unix.pl
    vendor-crypto/openssl/1.0.1u/util/ssleay.num

Deleted: vendor-crypto/openssl/1.0.1u/ACKNOWLEDGMENTS
===================================================================
--- vendor-crypto/openssl/dist/ACKNOWLEDGMENTS	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/ACKNOWLEDGMENTS	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,30 +0,0 @@
-The OpenSSL project depends on volunteer efforts and financial support from
-the end user community. That support comes in the form of donations and paid
-sponsorships, software support contracts, paid consulting services
-and commissioned software development.
-
-Since all these activities support the continued development and improvement
-of OpenSSL we consider all these clients and customers as sponsors of the
-OpenSSL project.
-
-We would like to identify and thank the following such sponsors for their past
-or current significant support of the OpenSSL project:
-
-Major support:
-
-	Qualys		http://www.qualys.com/
-
-Very significant support:
-
-	OpenGear:	http://www.opengear.com/
-
-Significant support:
-
-	PSW Group:	http://www.psw.net/
-	Acano Ltd.	http://acano.com/
-
-Please note that we ask permission to identify sponsors and that some sponsors
-we consider eligible for inclusion here have requested to remain anonymous.
-
-Additional sponsorship or financial support is always welcome: for more
-information please contact the OpenSSL Software Foundation.

Copied: vendor-crypto/openssl/1.0.1u/ACKNOWLEDGMENTS (from rev 11605, vendor-crypto/openssl/dist/ACKNOWLEDGMENTS)
===================================================================
--- vendor-crypto/openssl/1.0.1u/ACKNOWLEDGMENTS	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/ACKNOWLEDGMENTS	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,2 @@
+Please https://www.openssl.org/community/thanks.html for the current
+acknowledgements.

Deleted: vendor-crypto/openssl/1.0.1u/CHANGES
===================================================================
--- vendor-crypto/openssl/dist/CHANGES	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/CHANGES	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,10484 +0,0 @@
-
- OpenSSL CHANGES
- _______________
-
- Changes between 1.0.1p and 1.0.1q [3 Dec 2015]
-
-  *) Certificate verify crash with missing PSS parameter
-
-     The signature verification routines will crash with a NULL pointer
-     dereference if presented with an ASN.1 signature using the RSA PSS
-     algorithm and absent mask generation function parameter. Since these
-     routines are used to verify certificate signature algorithms this can be
-     used to crash any certificate verification operation and exploited in a
-     DoS attack. Any application which performs certificate verification is
-     vulnerable including OpenSSL clients and servers which enable client
-     authentication.
-
-     This issue was reported to OpenSSL by Loïc Jonas Etienne (Qnective AG).
-     (CVE-2015-3194)
-     [Stephen Henson]
-
-  *) X509_ATTRIBUTE memory leak
-
-     When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak
-     memory. This structure is used by the PKCS#7 and CMS routines so any
-     application which reads PKCS#7 or CMS data from untrusted sources is
-     affected. SSL/TLS is not affected.
-
-     This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using
-     libFuzzer.
-     (CVE-2015-3195)
-     [Stephen Henson]
-
-  *) Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs.
-     This changes the decoding behaviour for some invalid messages,
-     though the change is mostly in the more lenient direction, and
-     legacy behaviour is preserved as much as possible.
-     [Emilia Käsper]
-
-  *) In DSA_generate_parameters_ex, if the provided seed is too short,
-     return an error
-     [Rich Salz and Ismo Puustinen <ismo.puustinen at intel.com>]
-
- Changes between 1.0.1o and 1.0.1p [9 Jul 2015]
-
-  *) Alternate chains certificate forgery
-
-     During certificate verfification, OpenSSL will attempt to find an
-     alternative certificate chain if the first attempt to build such a chain
-     fails. An error in the implementation of this logic can mean that an
-     attacker could cause certain checks on untrusted certificates to be
-     bypassed, such as the CA flag, enabling them to use a valid leaf
-     certificate to act as a CA and "issue" an invalid certificate.
-
-     This issue was reported to OpenSSL by Adam Langley/David Benjamin
-     (Google/BoringSSL).
-     (CVE-2015-1793)
-     [Matt Caswell]
-
-  *) Race condition handling PSK identify hint
-
-     If PSK identity hints are received by a multi-threaded client then
-     the values are wrongly updated in the parent SSL_CTX structure. This can
-     result in a race condition potentially leading to a double free of the
-     identify hint data.
-     (CVE-2015-3196)
-     [Stephen Henson]
-
- Changes between 1.0.1n and 1.0.1o [12 Jun 2015]
-  *) Fix HMAC ABI incompatibility. The previous version introduced an ABI
-     incompatibility in the handling of HMAC. The previous ABI has now been
-     restored.
-
- Changes between 1.0.1m and 1.0.1n [11 Jun 2015]
-
-  *) Malformed ECParameters causes infinite loop
-
-     When processing an ECParameters structure OpenSSL enters an infinite loop
-     if the curve specified is over a specially malformed binary polynomial
-     field.
-
-     This can be used to perform denial of service against any
-     system which processes public keys, certificate requests or
-     certificates.  This includes TLS clients and TLS servers with
-     client authentication enabled.
-
-     This issue was reported to OpenSSL by Joseph Barr-Pixton.
-     (CVE-2015-1788)
-     [Andy Polyakov]
-
-  *) Exploitable out-of-bounds read in X509_cmp_time
-
-     X509_cmp_time does not properly check the length of the ASN1_TIME
-     string and can read a few bytes out of bounds. In addition,
-     X509_cmp_time accepts an arbitrary number of fractional seconds in the
-     time string.
-
-     An attacker can use this to craft malformed certificates and CRLs of
-     various sizes and potentially cause a segmentation fault, resulting in
-     a DoS on applications that verify certificates or CRLs. TLS clients
-     that verify CRLs are affected. TLS clients and servers with client
-     authentication enabled may be affected if they use custom verification
-     callbacks.
-
-     This issue was reported to OpenSSL by Robert Swiecki (Google), and
-     independently by Hanno Böck.
-     (CVE-2015-1789)
-     [Emilia Käsper]
-
-  *) PKCS7 crash with missing EnvelopedContent
-
-     The PKCS#7 parsing code does not handle missing inner EncryptedContent
-     correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs
-     with missing content and trigger a NULL pointer dereference on parsing.
-
-     Applications that decrypt PKCS#7 data or otherwise parse PKCS#7
-     structures from untrusted sources are affected. OpenSSL clients and
-     servers are not affected.
-
-     This issue was reported to OpenSSL by Michal Zalewski (Google).
-     (CVE-2015-1790)
-     [Emilia Käsper]
-
-  *) CMS verify infinite loop with unknown hash function
-
-     When verifying a signedData message the CMS code can enter an infinite loop
-     if presented with an unknown hash function OID. This can be used to perform
-     denial of service against any system which verifies signedData messages using
-     the CMS code.
-     This issue was reported to OpenSSL by Johannes Bauer.
-     (CVE-2015-1792)
-     [Stephen Henson]
-
-  *) Race condition handling NewSessionTicket
-
-     If a NewSessionTicket is received by a multi-threaded client when attempting to
-     reuse a previous ticket then a race condition can occur potentially leading to
-     a double free of the ticket data.
-     (CVE-2015-1791)
-     [Matt Caswell]
-
-  *) Reject DH handshakes with parameters shorter than 768 bits.
-     [Kurt Roeckx and Emilia Kasper]
-
-  *) dhparam: generate 2048-bit parameters by default.
-     [Kurt Roeckx and Emilia Kasper]
-
- Changes between 1.0.1l and 1.0.1m [19 Mar 2015]
-
-  *) Segmentation fault in ASN1_TYPE_cmp fix
-
-     The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is
-     made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check
-     certificate signature algorithm consistency this can be used to crash any
-     certificate verification operation and exploited in a DoS attack. Any
-     application which performs certificate verification is vulnerable including
-     OpenSSL clients and servers which enable client authentication.
-     (CVE-2015-0286)
-     [Stephen Henson]
-
-  *) ASN.1 structure reuse memory corruption fix
-
-     Reusing a structure in ASN.1 parsing may allow an attacker to cause
-     memory corruption via an invalid write. Such reuse is and has been
-     strongly discouraged and is believed to be rare.
-
-     Applications that parse structures containing CHOICE or ANY DEFINED BY
-     components may be affected. Certificate parsing (d2i_X509 and related
-     functions) are however not affected. OpenSSL clients and servers are
-     not affected.
-     (CVE-2015-0287)
-     [Stephen Henson]
-
-  *) PKCS7 NULL pointer dereferences fix
-
-     The PKCS#7 parsing code does not handle missing outer ContentInfo
-     correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with
-     missing content and trigger a NULL pointer dereference on parsing.
-
-     Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or
-     otherwise parse PKCS#7 structures from untrusted sources are
-     affected. OpenSSL clients and servers are not affected.
-
-     This issue was reported to OpenSSL by Michal Zalewski (Google).
-     (CVE-2015-0289)
-     [Emilia Käsper]
-
-  *) DoS via reachable assert in SSLv2 servers fix
-
-     A malicious client can trigger an OPENSSL_assert (i.e., an abort) in
-     servers that both support SSLv2 and enable export cipher suites by sending
-     a specially crafted SSLv2 CLIENT-MASTER-KEY message.
-
-     This issue was discovered by Sean Burford (Google) and Emilia Käsper
-     (OpenSSL development team).
-     (CVE-2015-0293)
-     [Emilia Käsper]
-
-  *) Use After Free following d2i_ECPrivatekey error fix
-
-     A malformed EC private key file consumed via the d2i_ECPrivateKey function
-     could cause a use after free condition. This, in turn, could cause a double
-     free in several private key parsing functions (such as d2i_PrivateKey
-     or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption
-     for applications that receive EC private keys from untrusted
-     sources. This scenario is considered rare.
-
-     This issue was discovered by the BoringSSL project and fixed in their
-     commit 517073cd4b.
-     (CVE-2015-0209)
-     [Matt Caswell]
-
-  *) X509_to_X509_REQ NULL pointer deref fix
-
-     The function X509_to_X509_REQ will crash with a NULL pointer dereference if
-     the certificate key is invalid. This function is rarely used in practice.
-
-     This issue was discovered by Brian Carpenter.
-     (CVE-2015-0288)
-     [Stephen Henson]
-
-  *) Removed the export ciphers from the DEFAULT ciphers
-     [Kurt Roeckx]
-
- Changes between 1.0.1k and 1.0.1l [15 Jan 2015]
-
-  *) Build fixes for the Windows and OpenVMS platforms
-     [Matt Caswell and Richard Levitte]
-
- Changes between 1.0.1j and 1.0.1k [8 Jan 2015]
-
-  *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS
-     message can cause a segmentation fault in OpenSSL due to a NULL pointer
-     dereference. This could lead to a Denial Of Service attack. Thanks to
-     Markus Stenberg of Cisco Systems, Inc. for reporting this issue.
-     (CVE-2014-3571)
-     [Steve Henson]
-
-  *) Fix DTLS memory leak in dtls1_buffer_record. A memory leak can occur in the
-     dtls1_buffer_record function under certain conditions. In particular this
-     could occur if an attacker sent repeated DTLS records with the same
-     sequence number but for the next epoch. The memory leak could be exploited
-     by an attacker in a Denial of Service attack through memory exhaustion.
-     Thanks to Chris Mueller for reporting this issue.
-     (CVE-2015-0206)
-     [Matt Caswell]
-
-  *) Fix issue where no-ssl3 configuration sets method to NULL. When openssl is
-     built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl
-     method would be set to NULL which could later result in a NULL pointer
-     dereference. Thanks to Frank Schmirler for reporting this issue.
-     (CVE-2014-3569)
-     [Kurt Roeckx]
-
-  *) Abort handshake if server key exchange message is omitted for ephemeral
-     ECDH ciphersuites.
-
-     Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for
-     reporting this issue.
-     (CVE-2014-3572)
-     [Steve Henson]
-
-  *) Remove non-export ephemeral RSA code on client and server. This code
-     violated the TLS standard by allowing the use of temporary RSA keys in
-     non-export ciphersuites and could be used by a server to effectively
-     downgrade the RSA key length used to a value smaller than the server
-     certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at
-     INRIA or reporting this issue.
-     (CVE-2015-0204)
-     [Steve Henson]
-
-  *) Fixed issue where DH client certificates are accepted without verification.
-     An OpenSSL server will accept a DH certificate for client authentication
-     without the certificate verify message. This effectively allows a client to
-     authenticate without the use of a private key. This only affects servers
-     which trust a client certificate authority which issues certificates
-     containing DH keys: these are extremely rare and hardly ever encountered.
-     Thanks for Karthikeyan Bhargavan of the PROSECCO team at INRIA or reporting
-     this issue.
-     (CVE-2015-0205)
-     [Steve Henson]
-
-  *) Ensure that the session ID context of an SSL is updated when its
-     SSL_CTX is updated via SSL_set_SSL_CTX.
-
-     The session ID context is typically set from the parent SSL_CTX,
-     and can vary with the CTX.
-     [Adam Langley]
-
-  *) Fix various certificate fingerprint issues.
-
-     By using non-DER or invalid encodings outside the signed portion of a
-     certificate the fingerprint can be changed without breaking the signature.
-     Although no details of the signed portion of the certificate can be changed
-     this can cause problems with some applications: e.g. those using the
-     certificate fingerprint for blacklists.
-
-     1. Reject signatures with non zero unused bits.
-
-     If the BIT STRING containing the signature has non zero unused bits reject
-     the signature. All current signature algorithms require zero unused bits.
-
-     2. Check certificate algorithm consistency.
-
-     Check the AlgorithmIdentifier inside TBS matches the one in the
-     certificate signature. NB: this will result in signature failure
-     errors for some broken certificates.
-
-     Thanks to Konrad Kraszewski from Google for reporting this issue.
-
-     3. Check DSA/ECDSA signatures use DER.
-
-     Reencode DSA/ECDSA signatures and compare with the original received
-     signature. Return an error if there is a mismatch.
-
-     This will reject various cases including garbage after signature
-     (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS
-     program for discovering this case) and use of BER or invalid ASN.1 INTEGERs
-     (negative or with leading zeroes).
-
-     Further analysis was conducted and fixes were developed by Stephen Henson
-     of the OpenSSL core team.
-
-     (CVE-2014-8275)
-     [Steve Henson]
-
-   *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect
-      results on some platforms, including x86_64. This bug occurs at random
-      with a very low probability, and is not known to be exploitable in any
-      way, though its exact impact is difficult to determine. Thanks to Pieter
-      Wuille (Blockstream) who reported this issue and also suggested an initial
-      fix. Further analysis was conducted by the OpenSSL development team and
-      Adam Langley of Google. The final fix was developed by Andy Polyakov of
-      the OpenSSL core team.
-      (CVE-2014-3570)
-      [Andy Polyakov]
-
-   *) Do not resume sessions on the server if the negotiated protocol
-      version does not match the session's version. Resuming with a different
-      version, while not strictly forbidden by the RFC, is of questionable
-      sanity and breaks all known clients.
-      [David Benjamin, Emilia Käsper]
-
-   *) Tighten handling of the ChangeCipherSpec (CCS) message: reject
-      early CCS messages during renegotiation. (Note that because
-      renegotiation is encrypted, this early CCS was not exploitable.)
-      [Emilia Käsper]
-
-   *) Tighten client-side session ticket handling during renegotiation:
-      ensure that the client only accepts a session ticket if the server sends
-      the extension anew in the ServerHello. Previously, a TLS client would
-      reuse the old extension state and thus accept a session ticket if one was
-      announced in the initial ServerHello.
-
-      Similarly, ensure that the client requires a session ticket if one
-      was advertised in the ServerHello. Previously, a TLS client would
-      ignore a missing NewSessionTicket message.
-      [Emilia Käsper]
-
- Changes between 1.0.1i and 1.0.1j [15 Oct 2014]
-
-  *) SRTP Memory Leak.
-
-     A flaw in the DTLS SRTP extension parsing code allows an attacker, who
-     sends a carefully crafted handshake message, to cause OpenSSL to fail
-     to free up to 64k of memory causing a memory leak. This could be
-     exploited in a Denial Of Service attack. This issue affects OpenSSL
-     1.0.1 server implementations for both SSL/TLS and DTLS regardless of
-     whether SRTP is used or configured. Implementations of OpenSSL that
-     have been compiled with OPENSSL_NO_SRTP defined are not affected.
-
-     The fix was developed by the OpenSSL team.
-     (CVE-2014-3513)
-     [OpenSSL team]
-
-  *) Session Ticket Memory Leak.
-
-     When an OpenSSL SSL/TLS/DTLS server receives a session ticket the
-     integrity of that ticket is first verified. In the event of a session
-     ticket integrity check failing, OpenSSL will fail to free memory
-     causing a memory leak. By sending a large number of invalid session
-     tickets an attacker could exploit this issue in a Denial Of Service
-     attack.
-     (CVE-2014-3567)
-     [Steve Henson]
-
-  *) Build option no-ssl3 is incomplete.
-
-     When OpenSSL is configured with "no-ssl3" as a build option, servers
-     could accept and complete a SSL 3.0 handshake, and clients could be
-     configured to send them.
-     (CVE-2014-3568)
-     [Akamai and the OpenSSL team]
-
-  *) Add support for TLS_FALLBACK_SCSV.
-     Client applications doing fallback retries should call
-     SSL_set_mode(s, SSL_MODE_SEND_FALLBACK_SCSV).
-     (CVE-2014-3566)
-     [Adam Langley, Bodo Moeller]
-
-  *) Add additional DigestInfo checks.
- 
-     Reencode DigestInto in DER and check against the original when
-     verifying RSA signature: this will reject any improperly encoded
-     DigestInfo structures.
-
-     Note: this is a precautionary measure and no attacks are currently known.
-
-     [Steve Henson]
-
- Changes between 1.0.1h and 1.0.1i [6 Aug 2014]
-
-  *) Fix SRP buffer overrun vulnerability. Invalid parameters passed to the
-     SRP code can be overrun an internal buffer. Add sanity check that
-     g, A, B < N to SRP code.
-
-     Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC
-     Group for discovering this issue.
-     (CVE-2014-3512)
-     [Steve Henson]
-
-  *) A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate
-     TLS 1.0 instead of higher protocol versions when the ClientHello message
-     is badly fragmented. This allows a man-in-the-middle attacker to force a
-     downgrade to TLS 1.0 even if both the server and the client support a
-     higher protocol version, by modifying the client's TLS records.
-
-     Thanks to David Benjamin and Adam Langley (Google) for discovering and
-     researching this issue.
-     (CVE-2014-3511)
-     [David Benjamin]
-
-  *) OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject
-     to a denial of service attack. A malicious server can crash the client
-     with a null pointer dereference (read) by specifying an anonymous (EC)DH
-     ciphersuite and sending carefully crafted handshake messages.
-
-     Thanks to Felix Gröbert (Google) for discovering and researching this
-     issue.
-     (CVE-2014-3510)
-     [Emilia Käsper]
-
-  *) By sending carefully crafted DTLS packets an attacker could cause openssl
-     to leak memory. This can be exploited through a Denial of Service attack.
-     Thanks to Adam Langley for discovering and researching this issue.
-     (CVE-2014-3507)
-     [Adam Langley]
-
-  *) An attacker can force openssl to consume large amounts of memory whilst
-     processing DTLS handshake messages. This can be exploited through a
-     Denial of Service attack.
-     Thanks to Adam Langley for discovering and researching this issue.
-     (CVE-2014-3506)
-     [Adam Langley]
-
-  *) An attacker can force an error condition which causes openssl to crash
-     whilst processing DTLS packets due to memory being freed twice. This
-     can be exploited through a Denial of Service attack.
-     Thanks to Adam Langley and Wan-Teh Chang for discovering and researching
-     this issue.
-     (CVE-2014-3505)
-     [Adam Langley]
-
-  *) If a multithreaded client connects to a malicious server using a resumed
-     session and the server sends an ec point format extension it could write
-     up to 255 bytes to freed memory.
-
-     Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this
-     issue.
-     (CVE-2014-3509)
-     [Gabor Tyukasz]
-
-  *) A malicious server can crash an OpenSSL client with a null pointer
-     dereference (read) by specifying an SRP ciphersuite even though it was not
-     properly negotiated with the client. This can be exploited through a
-     Denial of Service attack.
-
-     Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for
-     discovering and researching this issue.
-     (CVE-2014-5139)
-     [Steve Henson]
-
-  *) A flaw in OBJ_obj2txt may cause pretty printing functions such as
-     X509_name_oneline, X509_name_print_ex et al. to leak some information
-     from the stack. Applications may be affected if they echo pretty printing
-     output to the attacker.
-
-     Thanks to Ivan Fratric (Google) for discovering this issue.
-     (CVE-2014-3508)
-     [Emilia Käsper, and Steve Henson]
-
-  *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.)
-     for corner cases. (Certain input points at infinity could lead to
-     bogus results, with non-infinity inputs mapped to infinity too.)
-     [Bodo Moeller]
-
- Changes between 1.0.1g and 1.0.1h [5 Jun 2014]
-
-  *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted
-     handshake can force the use of weak keying material in OpenSSL
-     SSL/TLS clients and servers.
-
-     Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and
-     researching this issue. (CVE-2014-0224)
-     [KIKUCHI Masashi, Steve Henson]
-
-  *) Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an
-     OpenSSL DTLS client the code can be made to recurse eventually crashing
-     in a DoS attack.
-
-     Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
-     (CVE-2014-0221)
-     [Imre Rad, Steve Henson]
-
-  *) Fix DTLS invalid fragment vulnerability. A buffer overrun attack can
-     be triggered by sending invalid DTLS fragments to an OpenSSL DTLS
-     client or server. This is potentially exploitable to run arbitrary
-     code on a vulnerable client or server.
-
-     Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195)
-     [Jüri Aedla, Steve Henson]
-
-  *) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites
-     are subject to a denial of service attack.
-
-     Thanks to Felix Gröbert and Ivan Fratric at Google for discovering
-     this issue. (CVE-2014-3470)
-     [Felix Gröbert, Ivan Fratric, Steve Henson]
-
-  *) Harmonize version and its documentation. -f flag is used to display
-     compilation flags.
-     [mancha <mancha1 at zoho.com>]
-
-  *) Fix eckey_priv_encode so it immediately returns an error upon a failure
-     in i2d_ECPrivateKey.
-     [mancha <mancha1 at zoho.com>]
-
-  *) Fix some double frees. These are not thought to be exploitable.
-     [mancha <mancha1 at zoho.com>]
-
- Changes between 1.0.1f and 1.0.1g [7 Apr 2014]
-
-  *) A missing bounds check in the handling of the TLS heartbeat extension
-     can be used to reveal up to 64k of memory to a connected client or
-     server.
-
-     Thanks for Neel Mehta of Google Security for discovering this bug and to
-     Adam Langley <agl at chromium.org> and Bodo Moeller <bmoeller at acm.org> for
-     preparing the fix (CVE-2014-0160)
-     [Adam Langley, Bodo Moeller]
-
-  *) Fix for the attack described in the paper "Recovering OpenSSL
-     ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
-     by Yuval Yarom and Naomi Benger. Details can be obtained from:
-     http://eprint.iacr.org/2014/140
-
-     Thanks to Yuval Yarom and Naomi Benger for discovering this
-     flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
-     [Yuval Yarom and Naomi Benger]
-
-  *) TLS pad extension: draft-agl-tls-padding-03
-
-     Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the
-     TLS client Hello record length value would otherwise be > 255 and
-     less that 512 pad with a dummy extension containing zeroes so it
-     is at least 512 bytes long.
-
-     [Adam Langley, Steve Henson]
-
- Changes between 1.0.1e and 1.0.1f [6 Jan 2014]
-
-  *) Fix for TLS record tampering bug. A carefully crafted invalid 
-     handshake could crash OpenSSL with a NULL pointer exception.
-     Thanks to Anton Johansson for reporting this issues.
-     (CVE-2013-4353)
-
-  *) Keep original DTLS digest and encryption contexts in retransmission
-     structures so we can use the previous session parameters if they need
-     to be resent. (CVE-2013-6450)
-     [Steve Henson]
-
-  *) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which
-     avoids preferring ECDHE-ECDSA ciphers when the client appears to be
-     Safari on OS X.  Safari on OS X 10.8..10.8.3 advertises support for
-     several ECDHE-ECDSA ciphers, but fails to negotiate them.  The bug
-     is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing
-     10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer.
-     [Rob Stradling, Adam Langley]
-
- Changes between 1.0.1d and 1.0.1e [11 Feb 2013]
-
-  *) Correct fix for CVE-2013-0169. The original didn't work on AES-NI
-     supporting platforms or when small records were transferred.
-     [Andy Polyakov, Steve Henson]
-
- Changes between 1.0.1c and 1.0.1d [5 Feb 2013]
-
-  *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
-
-     This addresses the flaw in CBC record processing discovered by 
-     Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
-     at: http://www.isg.rhul.ac.uk/tls/     
-
-     Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
-     Security Group at Royal Holloway, University of London
-     (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
-     Emilia Käsper for the initial patch.
-     (CVE-2013-0169)
-     [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
-
-  *) Fix flaw in AESNI handling of TLS 1.2 and 1.1 records for CBC mode
-     ciphersuites which can be exploited in a denial of service attack.
-     Thanks go to and to Adam Langley <agl at chromium.org> for discovering
-     and detecting this bug and to Wolfgang Ettlinger
-     <wolfgang.ettlinger at gmail.com> for independently discovering this issue.
-     (CVE-2012-2686)
-     [Adam Langley]
-
-  *) Return an error when checking OCSP signatures when key is NULL.
-     This fixes a DoS attack. (CVE-2013-0166)
-     [Steve Henson]
-
-  *) Make openssl verify return errors.
-     [Chris Palmer <palmer at google.com> and Ben Laurie]
-
-  *) Call OCSP Stapling callback after ciphersuite has been chosen, so
-     the right response is stapled. Also change SSL_get_certificate()
-     so it returns the certificate actually sent.
-     See http://rt.openssl.org/Ticket/Display.html?id=2836.
-     [Rob Stradling <rob.stradling at comodo.com>]
-
-  *) Fix possible deadlock when decoding public keys.
-     [Steve Henson]
-
-  *) Don't use TLS 1.0 record version number in initial client hello
-     if renegotiating.
-     [Steve Henson]
-
- Changes between 1.0.1b and 1.0.1c [10 May 2012]
-
-  *) Sanity check record length before skipping explicit IV in TLS
-     1.2, 1.1 and DTLS to fix DoS attack.
-
-     Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
-     fuzzing as a service testing platform.
-     (CVE-2012-2333)
-     [Steve Henson]
-
-  *) Initialise tkeylen properly when encrypting CMS messages.
-     Thanks to Solar Designer of Openwall for reporting this issue.
-     [Steve Henson]
-
-  *) In FIPS mode don't try to use composite ciphers as they are not
-     approved.
-     [Steve Henson]
-
- Changes between 1.0.1a and 1.0.1b [26 Apr 2012]
-
-  *) OpenSSL 1.0.0 sets SSL_OP_ALL to 0x80000FFFL and OpenSSL 1.0.1 and
-     1.0.1a set SSL_OP_NO_TLSv1_1 to 0x00000400L which would unfortunately
-     mean any application compiled against OpenSSL 1.0.0 headers setting
-     SSL_OP_ALL would also set SSL_OP_NO_TLSv1_1, unintentionally disablng
-     TLS 1.1 also. Fix this by changing the value of SSL_OP_NO_TLSv1_1 to
-     0x10000000L Any application which was previously compiled against
-     OpenSSL 1.0.1 or 1.0.1a headers and which cares about SSL_OP_NO_TLSv1_1
-     will need to be recompiled as a result. Letting be results in
-     inability to disable specifically TLS 1.1 and in client context,
-     in unlike event, limit maximum offered version to TLS 1.0 [see below].
-     [Steve Henson]
-
-  *) In order to ensure interoperabilty SSL_OP_NO_protocolX does not
-     disable just protocol X, but all protocols above X *if* there are
-     protocols *below* X still enabled. In more practical terms it means
-     that if application wants to disable TLS1.0 in favor of TLS1.1 and
-     above, it's not sufficient to pass SSL_OP_NO_TLSv1, one has to pass
-     SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2. This applies to
-     client side.
-     [Andy Polyakov]
-
- Changes between 1.0.1 and 1.0.1a [19 Apr 2012]
-
-  *) Check for potentially exploitable overflows in asn1_d2i_read_bio
-     BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
-     in CRYPTO_realloc_clean.
-
-     Thanks to Tavis Ormandy, Google Security Team, for discovering this
-     issue and to Adam Langley <agl at chromium.org> for fixing it.
-     (CVE-2012-2110)
-     [Adam Langley (Google), Tavis Ormandy, Google Security Team]
-
-  *) Don't allow TLS 1.2 SHA-256 ciphersuites in TLS 1.0, 1.1 connections.
-     [Adam Langley]
-
-  *) Workarounds for some broken servers that "hang" if a client hello
-     record length exceeds 255 bytes.
-
-     1. Do not use record version number > TLS 1.0 in initial client
-        hello: some (but not all) hanging servers will now work.
-     2. If we set OPENSSL_MAX_TLS1_2_CIPHER_LENGTH this will truncate
-	the number of ciphers sent in the client hello. This should be
-        set to an even number, such as 50, for example by passing:
-        -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 to config or Configure.
-        Most broken servers should now work.
-     3. If all else fails setting OPENSSL_NO_TLS1_2_CLIENT will disable
-	TLS 1.2 client support entirely.
-     [Steve Henson]
-
-  *) Fix SEGV in Vector Permutation AES module observed in OpenSSH.
-     [Andy Polyakov]
-
- Changes between 1.0.0h and 1.0.1  [14 Mar 2012]
-
-  *) Add compatibility with old MDC2 signatures which use an ASN1 OCTET
-     STRING form instead of a DigestInfo.
-     [Steve Henson]
-
-  *) The format used for MDC2 RSA signatures is inconsistent between EVP
-     and the RSA_sign/RSA_verify functions. This was made more apparent when
-     OpenSSL used RSA_sign/RSA_verify for some RSA signatures in particular
-     those which went through EVP_PKEY_METHOD in 1.0.0 and later. Detect 
-     the correct format in RSA_verify so both forms transparently work.
-     [Steve Henson]
-
-  *) Some servers which support TLS 1.0 can choke if we initially indicate
-     support for TLS 1.2 and later renegotiate using TLS 1.0 in the RSA
-     encrypted premaster secret. As a workaround use the maximum pemitted
-     client version in client hello, this should keep such servers happy
-     and still work with previous versions of OpenSSL.
-     [Steve Henson]
-
-  *) Add support for TLS/DTLS heartbeats.
-     [Robin Seggelmann <seggelmann at fh-muenster.de>]
-
-  *) Add support for SCTP.
-     [Robin Seggelmann <seggelmann at fh-muenster.de>]
-
-  *) Improved PRNG seeding for VOS.
-     [Paul Green <Paul.Green at stratus.com>]
-
-  *) Extensive assembler packs updates, most notably:
-
-	- x86[_64]:     AES-NI, PCLMULQDQ, RDRAND support;
-	- x86[_64]:     SSSE3 support (SHA1, vector-permutation AES);
-	- x86_64:       bit-sliced AES implementation;
-	- ARM:          NEON support, contemporary platforms optimizations;
-	- s390x:        z196 support;
-	- *:            GHASH and GF(2^m) multiplication implementations;
-
-     [Andy Polyakov]
-
-  *) Make TLS-SRP code conformant with RFC 5054 API cleanup
-     (removal of unnecessary code)
-     [Peter Sylvester <peter.sylvester at edelweb.fr>]
-
-  *) Add TLS key material exporter from RFC 5705.
-     [Eric Rescorla]
-
-  *) Add DTLS-SRTP negotiation from RFC 5764.
-     [Eric Rescorla]
-
-  *) Add Next Protocol Negotiation,
-     http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-00. Can be
-     disabled with a no-npn flag to config or Configure. Code donated
-     by Google.
-     [Adam Langley <agl at google.com> and Ben Laurie]
-
-  *) Add optional 64-bit optimized implementations of elliptic curves NIST-P224,
-     NIST-P256, NIST-P521, with constant-time single point multiplication on
-     typical inputs. Compiler support for the nonstandard type __uint128_t is
-     required to use this (present in gcc 4.4 and later, for 64-bit builds).
-     Code made available under Apache License version 2.0.
-
-     Specify "enable-ec_nistp_64_gcc_128" on the Configure (or config) command
-     line to include this in your build of OpenSSL, and run "make depend" (or
-     "make update"). This enables the following EC_METHODs:
-
-         EC_GFp_nistp224_method()
-         EC_GFp_nistp256_method()
-         EC_GFp_nistp521_method()
-
-     EC_GROUP_new_by_curve_name() will automatically use these (while
-     EC_GROUP_new_curve_GFp() currently prefers the more flexible
-     implementations).
-     [Emilia Käsper, Adam Langley, Bodo Moeller (Google)]
-
-  *) Use type ossl_ssize_t instad of ssize_t which isn't available on
-     all platforms. Move ssize_t definition from e_os.h to the public
-     header file e_os2.h as it now appears in public header file cms.h
-     [Steve Henson]
-
-  *) New -sigopt option to the ca, req and x509 utilities. Additional
-     signature parameters can be passed using this option and in
-     particular PSS. 
-     [Steve Henson]
-
-  *) Add RSA PSS signing function. This will generate and set the
-     appropriate AlgorithmIdentifiers for PSS based on those in the
-     corresponding EVP_MD_CTX structure. No application support yet.
-     [Steve Henson]
-
-  *) Support for companion algorithm specific ASN1 signing routines.
-     New function ASN1_item_sign_ctx() signs a pre-initialised
-     EVP_MD_CTX structure and sets AlgorithmIdentifiers based on
-     the appropriate parameters.
-     [Steve Henson]
-
-  *) Add new algorithm specific ASN1 verification initialisation function
-     to EVP_PKEY_ASN1_METHOD: this is not in EVP_PKEY_METHOD since the ASN1
-     handling will be the same no matter what EVP_PKEY_METHOD is used.
-     Add a PSS handler to support verification of PSS signatures: checked
-     against a number of sample certificates.
-     [Steve Henson]
-
-  *) Add signature printing for PSS. Add PSS OIDs.
-     [Steve Henson, Martin Kaiser <lists at kaiser.cx>]
-
-  *) Add algorithm specific signature printing. An individual ASN1 method
-     can now print out signatures instead of the standard hex dump. 
-
-     More complex signatures (e.g. PSS) can print out more meaningful
-     information. Include DSA version that prints out the signature
-     parameters r, s.
-     [Steve Henson]
-
-  *) Password based recipient info support for CMS library: implementing
-     RFC3211.
-     [Steve Henson]
-
-  *) Split password based encryption into PBES2 and PBKDF2 functions. This
-     neatly separates the code into cipher and PBE sections and is required
-     for some algorithms that split PBES2 into separate pieces (such as
-     password based CMS).
-     [Steve Henson]
-
-  *) Session-handling fixes:
-     - Fix handling of connections that are resuming with a session ID,
-       but also support Session Tickets.
-     - Fix a bug that suppressed issuing of a new ticket if the client
-       presented a ticket with an expired session.
-     - Try to set the ticket lifetime hint to something reasonable.
-     - Make tickets shorter by excluding irrelevant information.
-     - On the client side, don't ignore renewed tickets.
-     [Adam Langley, Bodo Moeller (Google)]
-
-  *) Fix PSK session representation.
-     [Bodo Moeller]
-
-  *) Add RC4-MD5 and AESNI-SHA1 "stitched" implementations.
-
-     This work was sponsored by Intel.
-     [Andy Polyakov]
-
-  *) Add GCM support to TLS library. Some custom code is needed to split
-     the IV between the fixed (from PRF) and explicit (from TLS record)
-     portions. This adds all GCM ciphersuites supported by RFC5288 and 
-     RFC5289. Generalise some AES* cipherstrings to inlclude GCM and
-     add a special AESGCM string for GCM only.
-     [Steve Henson]
-
-  *) Expand range of ctrls for AES GCM. Permit setting invocation
-     field on decrypt and retrieval of invocation field only on encrypt.
-     [Steve Henson]
-
-  *) Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support.
-     As required by RFC5289 these ciphersuites cannot be used if for
-     versions of TLS earlier than 1.2.
-     [Steve Henson]
-
-  *) For FIPS capable OpenSSL interpret a NULL default public key method
-     as unset and return the appopriate default but do *not* set the default.
-     This means we can return the appopriate method in applications that
-     swicth between FIPS and non-FIPS modes.
-     [Steve Henson]
-
-  *) Redirect HMAC and CMAC operations to FIPS module in FIPS mode. If an
-     ENGINE is used then we cannot handle that in the FIPS module so we
-     keep original code iff non-FIPS operations are allowed.
-     [Steve Henson]
-
-  *) Add -attime option to openssl utilities.
-     [Peter Eckersley <pde at eff.org>, Ben Laurie and Steve Henson]
-
-  *) Redirect DSA and DH operations to FIPS module in FIPS mode.
-     [Steve Henson]
-
-  *) Redirect ECDSA and ECDH operations to FIPS module in FIPS mode. Also use
-     FIPS EC methods unconditionally for now.
-     [Steve Henson]
-
-  *) New build option no-ec2m to disable characteristic 2 code.
-     [Steve Henson]
-
-  *) Backport libcrypto audit of return value checking from 1.1.0-dev; not
-     all cases can be covered as some introduce binary incompatibilities.
-     [Steve Henson]
-
-  *) Redirect RSA operations to FIPS module including keygen,
-     encrypt, decrypt, sign and verify. Block use of non FIPS RSA methods.
-     [Steve Henson]
-
-  *) Add similar low level API blocking to ciphers.
-     [Steve Henson]
-
-  *) Low level digest APIs are not approved in FIPS mode: any attempt
-     to use these will cause a fatal error. Applications that *really* want
-     to use them can use the private_* version instead.
-     [Steve Henson]
-
-  *) Redirect cipher operations to FIPS module for FIPS builds. 
-     [Steve Henson]
-
-  *) Redirect digest operations to FIPS module for FIPS builds. 
-     [Steve Henson]
-
-  *) Update build system to add "fips" flag which will link in fipscanister.o
-     for static and shared library builds embedding a signature if needed.
-     [Steve Henson]
-
-  *) Output TLS supported curves in preference order instead of numerical
-     order. This is currently hardcoded for the highest order curves first.
-     This should be configurable so applications can judge speed vs strength.
-     [Steve Henson]
-
-  *) Add TLS v1.2 server support for client authentication. 
-     [Steve Henson]
-
-  *) Add support for FIPS mode in ssl library: disable SSLv3, non-FIPS ciphers
-     and enable MD5.
-     [Steve Henson]
-
-  *) Functions FIPS_mode_set() and FIPS_mode() which call the underlying
-     FIPS modules versions.
-     [Steve Henson]
-
-  *) Add TLS v1.2 client side support for client authentication. Keep cache
-     of handshake records longer as we don't know the hash algorithm to use
-     until after the certificate request message is received.
-     [Steve Henson]
-
-  *) Initial TLS v1.2 client support. Add a default signature algorithms
-     extension including all the algorithms we support. Parse new signature
-     format in client key exchange. Relax some ECC signing restrictions for
-     TLS v1.2 as indicated in RFC5246.
-     [Steve Henson]
-
-  *) Add server support for TLS v1.2 signature algorithms extension. Switch
-     to new signature format when needed using client digest preference.
-     All server ciphersuites should now work correctly in TLS v1.2. No client
-     support yet and no support for client certificates.
-     [Steve Henson]
-
-  *) Initial TLS v1.2 support. Add new SHA256 digest to ssl code, switch
-     to SHA256 for PRF when using TLS v1.2 and later. Add new SHA256 based
-     ciphersuites. At present only RSA key exchange ciphersuites work with
-     TLS v1.2. Add new option for TLS v1.2 replacing the old and obsolete
-     SSL_OP_PKCS1_CHECK flags with SSL_OP_NO_TLSv1_2. New TLSv1.2 methods
-     and version checking.
-     [Steve Henson]
-
-  *) New option OPENSSL_NO_SSL_INTERN. If an application can be compiled
-     with this defined it will not be affected by any changes to ssl internal
-     structures. Add several utility functions to allow openssl application
-     to work with OPENSSL_NO_SSL_INTERN defined.
-     [Steve Henson]
-
-  *) Add SRP support.
-     [Tom Wu <tjw at cs.stanford.edu> and Ben Laurie]
-
-  *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
-     [Steve Henson]
-
-  *) Permit abbreviated handshakes when renegotiating using the function
-     SSL_renegotiate_abbreviated().
-     [Robin Seggelmann <seggelmann at fh-muenster.de>]
-
-  *) Add call to ENGINE_register_all_complete() to
-     ENGINE_load_builtin_engines(), so some implementations get used
-     automatically instead of needing explicit application support.
-     [Steve Henson]
-
-  *) Add support for TLS key exporter as described in RFC5705.
-     [Robin Seggelmann <seggelmann at fh-muenster.de>, Steve Henson]
-
-  *) Initial TLSv1.1 support. Since TLSv1.1 is very similar to TLS v1.0 only
-     a few changes are required:
-
-       Add SSL_OP_NO_TLSv1_1 flag.
-       Add TLSv1_1 methods.
-       Update version checking logic to handle version 1.1.
-       Add explicit IV handling (ported from DTLS code).
-       Add command line options to s_client/s_server.
-     [Steve Henson]
-
- Changes between 1.0.0g and 1.0.0h [12 Mar 2012]
-
-  *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
-     in CMS and PKCS7 code. When RSA decryption fails use a random key for
-     content decryption and always return the same error. Note: this attack
-     needs on average 2^20 messages so it only affects automated senders. The
-     old behaviour can be reenabled in the CMS code by setting the
-     CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
-     an MMA defence is not necessary.
-     Thanks to Ivan Nestlerode <inestlerode at us.ibm.com> for discovering
-     this issue. (CVE-2012-0884)
-     [Steve Henson]
-
-  *) Fix CVE-2011-4619: make sure we really are receiving a 
-     client hello before rejecting multiple SGC restarts. Thanks to
-     Ivan Nestlerode <inestlerode at us.ibm.com> for discovering this bug.
-     [Steve Henson]
-
- Changes between 1.0.0f and 1.0.0g [18 Jan 2012]
-
-  *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
-     Thanks to Antonio Martin, Enterprise Secure Access Research and
-     Development, Cisco Systems, Inc. for discovering this bug and
-     preparing a fix. (CVE-2012-0050)
-     [Antonio Martin]
-
- Changes between 1.0.0e and 1.0.0f [4 Jan 2012]
-
-  *) Nadhem Alfardan and Kenny Paterson have discovered an extension
-     of the Vaudenay padding oracle attack on CBC mode encryption
-     which enables an efficient plaintext recovery attack against
-     the OpenSSL implementation of DTLS. Their attack exploits timing
-     differences arising during decryption processing. A research
-     paper describing this attack can be found at:
-                  http://www.isg.rhul.ac.uk/~kp/dtls.pdf
-     Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
-     Security Group at Royal Holloway, University of London
-     (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann
-     <seggelmann at fh-muenster.de> and Michael Tuexen <tuexen at fh-muenster.de>
-     for preparing the fix. (CVE-2011-4108)
-     [Robin Seggelmann, Michael Tuexen]
-
-  *) Clear bytes used for block padding of SSL 3.0 records.
-     (CVE-2011-4576)
-     [Adam Langley (Google)]
-
-  *) Only allow one SGC handshake restart for SSL/TLS. Thanks to George
-     Kadianakis <desnacked at gmail.com> for discovering this issue and
-     Adam Langley for preparing the fix. (CVE-2011-4619)
-     [Adam Langley (Google)]
-
-  *) Check parameters are not NULL in GOST ENGINE. (CVE-2012-0027)
-     [Andrey Kulikov <amdeich at gmail.com>]
-
-  *) Prevent malformed RFC3779 data triggering an assertion failure.
-     Thanks to Andrew Chi, BBN Technologies, for discovering the flaw
-     and Rob Austein <sra at hactrn.net> for fixing it. (CVE-2011-4577)
-     [Rob Austein <sra at hactrn.net>]
-
-  *) Improved PRNG seeding for VOS.
-     [Paul Green <Paul.Green at stratus.com>]
-
-  *) Fix ssl_ciph.c set-up race.
-     [Adam Langley (Google)]
-
-  *) Fix spurious failures in ecdsatest.c.
-     [Emilia Käsper (Google)]
-
-  *) Fix the BIO_f_buffer() implementation (which was mixing different
-     interpretations of the '..._len' fields).
-     [Adam Langley (Google)]
-
-  *) Fix handling of BN_BLINDING: now BN_BLINDING_invert_ex (rather than
-     BN_BLINDING_invert_ex) calls BN_BLINDING_update, ensuring that concurrent
-     threads won't reuse the same blinding coefficients.
-
-     This also avoids the need to obtain the CRYPTO_LOCK_RSA_BLINDING
-     lock to call BN_BLINDING_invert_ex, and avoids one use of
-     BN_BLINDING_update for each BN_BLINDING structure (previously,
-     the last update always remained unused).
-     [Emilia Käsper (Google)]
-
-  *) In ssl3_clear, preserve s3->init_extra along with s3->rbuf.
-     [Bob Buckholz (Google)]
-
- Changes between 1.0.0d and 1.0.0e [6 Sep 2011]
-
-  *) Fix bug where CRLs with nextUpdate in the past are sometimes accepted
-     by initialising X509_STORE_CTX properly. (CVE-2011-3207)
-     [Kaspar Brand <ossl at velox.ch>]
-
-  *) Fix SSL memory handling for (EC)DH ciphersuites, in particular
-     for multi-threaded use of ECDH. (CVE-2011-3210)
-     [Adam Langley (Google)]
-
-  *) Fix x509_name_ex_d2i memory leak on bad inputs.
-     [Bodo Moeller]
-
-  *) Remove hard coded ecdsaWithSHA1 signature tests in ssl code and check
-     signature public key algorithm by using OID xref utilities instead.
-     Before this you could only use some ECC ciphersuites with SHA1 only.
-     [Steve Henson]
-
-  *) Add protection against ECDSA timing attacks as mentioned in the paper
-     by Billy Bob Brumley and Nicola Tuveri, see:
-
-	http://eprint.iacr.org/2011/232.pdf
-
-     [Billy Bob Brumley and Nicola Tuveri]
-
- Changes between 1.0.0c and 1.0.0d [8 Feb 2011]
-
-  *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014
-     [Neel Mehta, Adam Langley, Bodo Moeller (Google)]
-
-  *) Fix bug in string printing code: if *any* escaping is enabled we must
-     escape the escape character (backslash) or the resulting string is
-     ambiguous.
-     [Steve Henson]
-
- Changes between 1.0.0b and 1.0.0c  [2 Dec 2010]
-
-  *) Disable code workaround for ancient and obsolete Netscape browsers
-     and servers: an attacker can use it in a ciphersuite downgrade attack.
-     Thanks to Martin Rex for discovering this bug. CVE-2010-4180
-     [Steve Henson]
-
-  *) Fixed J-PAKE implementation error, originally discovered by
-     Sebastien Martini, further info and confirmation from Stefan
-     Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252
-     [Ben Laurie]
-
- Changes between 1.0.0a and 1.0.0b  [16 Nov 2010]
-
-  *) Fix extension code to avoid race conditions which can result in a buffer
-     overrun vulnerability: resumed sessions must not be modified as they can
-     be shared by multiple threads. CVE-2010-3864
-     [Steve Henson]
-
-  *) Fix WIN32 build system to correctly link an ENGINE directory into
-     a DLL. 
-     [Steve Henson]
-
- Changes between 1.0.0 and 1.0.0a  [01 Jun 2010]
-
-  *) Check return value of int_rsa_verify in pkey_rsa_verifyrecover 
-     (CVE-2010-1633)
-     [Steve Henson, Peter-Michael Hager <hager at dortmund.net>]
-
- Changes between 0.9.8n and 1.0.0  [29 Mar 2010]
-
-  *) Add "missing" function EVP_CIPHER_CTX_copy(). This copies a cipher
-     context. The operation can be customised via the ctrl mechanism in
-     case ENGINEs want to include additional functionality.
-     [Steve Henson]
-
-  *) Tolerate yet another broken PKCS#8 key format: private key value negative.
-     [Steve Henson]
-
-  *) Add new -subject_hash_old and -issuer_hash_old options to x509 utility to
-     output hashes compatible with older versions of OpenSSL.
-     [Willy Weisz <weisz at vcpc.univie.ac.at>]
-
-  *) Fix compression algorithm handling: if resuming a session use the
-     compression algorithm of the resumed session instead of determining
-     it from client hello again. Don't allow server to change algorithm.
-     [Steve Henson]
-
-  *) Add load_crls() function to apps tidying load_certs() too. Add option
-     to verify utility to allow additional CRLs to be included.
-     [Steve Henson]
-
-  *) Update OCSP request code to permit adding custom headers to the request:
-     some responders need this.
-     [Steve Henson]
-
-  *) The function EVP_PKEY_sign() returns <=0 on error: check return code
-     correctly.
-     [Julia Lawall <julia at diku.dk>]
-
-  *) Update verify callback code in apps/s_cb.c and apps/verify.c, it
-     needlessly dereferenced structures, used obsolete functions and
-     didn't handle all updated verify codes correctly.
-     [Steve Henson]
-
-  *) Disable MD2 in the default configuration.
-     [Steve Henson]
-
-  *) In BIO_pop() and BIO_push() use the ctrl argument (which was NULL) to
-     indicate the initial BIO being pushed or popped. This makes it possible
-     to determine whether the BIO is the one explicitly called or as a result
-     of the ctrl being passed down the chain. Fix BIO_pop() and SSL BIOs so
-     it handles reference counts correctly and doesn't zero out the I/O bio
-     when it is not being explicitly popped. WARNING: applications which
-     included workarounds for the old buggy behaviour will need to be modified
-     or they could free up already freed BIOs.
-     [Steve Henson]
-
-  *) Extend the uni2asc/asc2uni => OPENSSL_uni2asc/OPENSSL_asc2uni
-     renaming to all platforms (within the 0.9.8 branch, this was
-     done conditionally on Netware platforms to avoid a name clash).
-     [Guenter <lists at gknw.net>]
-
-  *) Add ECDHE and PSK support to DTLS.
-     [Michael Tuexen <tuexen at fh-muenster.de>]
-
-  *) Add CHECKED_STACK_OF macro to safestack.h, otherwise safestack can't
-     be used on C++.
-     [Steve Henson]
-
-  *) Add "missing" function EVP_MD_flags() (without this the only way to
-     retrieve a digest flags is by accessing the structure directly. Update
-     EVP_MD_do_all*() and EVP_CIPHER_do_all*() to include the name a digest
-     or cipher is registered as in the "from" argument. Print out all
-     registered digests in the dgst usage message instead of manually 
-     attempting to work them out.
-     [Steve Henson]
-
-  *) If no SSLv2 ciphers are used don't use an SSLv2 compatible client hello:
-     this allows the use of compression and extensions. Change default cipher
-     string to remove SSLv2 ciphersuites. This effectively avoids ancient SSLv2
-     by default unless an application cipher string requests it.
-     [Steve Henson]
-
-  *) Alter match criteria in PKCS12_parse(). It used to try to use local
-     key ids to find matching certificates and keys but some PKCS#12 files
-     don't follow the (somewhat unwritten) rules and this strategy fails.
-     Now just gather all certificates together and the first private key
-     then look for the first certificate that matches the key.
-     [Steve Henson]
-
-  *) Support use of registered digest and cipher names for dgst and cipher
-     commands instead of having to add each one as a special case. So now
-     you can do:
-
-        openssl sha256 foo
-
-     as well as:
-
-        openssl dgst -sha256 foo
-
-     and this works for ENGINE based algorithms too.
-
-     [Steve Henson]
-
-  *) Update Gost ENGINE to support parameter files.
-     [Victor B. Wagner <vitus at cryptocom.ru>]
-
-  *) Support GeneralizedTime in ca utility. 
-     [Oliver Martin <oliver at volatilevoid.net>, Steve Henson]
-
-  *) Enhance the hash format used for certificate directory links. The new
-     form uses the canonical encoding (meaning equivalent names will work
-     even if they aren't identical) and uses SHA1 instead of MD5. This form
-     is incompatible with the older format and as a result c_rehash should
-     be used to rebuild symbolic links.
-     [Steve Henson]
-
-  *) Make PKCS#8 the default write format for private keys, replacing the
-     traditional format. This form is standardised, more secure and doesn't
-     include an implicit MD5 dependency.
-     [Steve Henson]
-
-  *) Add a $gcc_devteam_warn option to Configure. The idea is that any code
-     committed to OpenSSL should pass this lot as a minimum.
-     [Steve Henson]
-
-  *) Add session ticket override functionality for use by EAP-FAST.
-     [Jouni Malinen <j at w1.fi>]
-
-  *) Modify HMAC functions to return a value. Since these can be implemented
-     in an ENGINE errors can occur.
-     [Steve Henson]
-
-  *) Type-checked OBJ_bsearch_ex.
-     [Ben Laurie]
-
-  *) Type-checked OBJ_bsearch. Also some constification necessitated
-     by type-checking.  Still to come: TXT_DB, bsearch(?),
-     OBJ_bsearch_ex, qsort, CRYPTO_EX_DATA, ASN1_VALUE, ASN1_STRING,
-     CONF_VALUE.
-     [Ben Laurie]
-
-  *) New function OPENSSL_gmtime_adj() to add a specific number of days and
-     seconds to a tm structure directly, instead of going through OS
-     specific date routines. This avoids any issues with OS routines such
-     as the year 2038 bug. New *_adj() functions for ASN1 time structures
-     and X509_time_adj_ex() to cover the extended range. The existing
-     X509_time_adj() is still usable and will no longer have any date issues.
-     [Steve Henson]
-
-  *) Delta CRL support. New use deltas option which will attempt to locate
-     and search any appropriate delta CRLs available.
-
-     This work was sponsored by Google.
-     [Steve Henson]
-
-  *) Support for CRLs partitioned by reason code. Reorganise CRL processing
-     code and add additional score elements. Validate alternate CRL paths
-     as part of the CRL checking and indicate a new error "CRL path validation
-     error" in this case. Applications wanting additional details can use
-     the verify callback and check the new "parent" field. If this is not
-     NULL CRL path validation is taking place. Existing applications wont
-     see this because it requires extended CRL support which is off by
-     default.
-
-     This work was sponsored by Google.
-     [Steve Henson]
-
-  *) Support for freshest CRL extension.
-
-     This work was sponsored by Google.
-     [Steve Henson]
-
-  *) Initial indirect CRL support. Currently only supported in the CRLs
-     passed directly and not via lookup. Process certificate issuer
-     CRL entry extension and lookup CRL entries by bother issuer name
-     and serial number. Check and process CRL issuer entry in IDP extension.
-
-     This work was sponsored by Google.
-     [Steve Henson]
-
-  *) Add support for distinct certificate and CRL paths. The CRL issuer
-     certificate is validated separately in this case. Only enabled if
-     an extended CRL support flag is set: this flag will enable additional
-     CRL functionality in future.
-
-     This work was sponsored by Google.
-     [Steve Henson]
-
-  *) Add support for policy mappings extension.
-
-     This work was sponsored by Google.
-     [Steve Henson]
-
-  *) Fixes to pathlength constraint, self issued certificate handling,
-     policy processing to align with RFC3280 and PKITS tests.
-
-     This work was sponsored by Google.
-     [Steve Henson]
-
-  *) Support for name constraints certificate extension. DN, email, DNS
-     and URI types are currently supported.
-
-     This work was sponsored by Google.
-     [Steve Henson]
-
-  *) To cater for systems that provide a pointer-based thread ID rather
-     than numeric, deprecate the current numeric thread ID mechanism and
-     replace it with a structure and associated callback type. This
-     mechanism allows a numeric "hash" to be extracted from a thread ID in
-     either case, and on platforms where pointers are larger than 'long',
-     mixing is done to help ensure the numeric 'hash' is usable even if it
-     can't be guaranteed unique. The default mechanism is to use "&errno"
-     as a pointer-based thread ID to distinguish between threads.
-
-     Applications that want to provide their own thread IDs should now use
-     CRYPTO_THREADID_set_callback() to register a callback that will call
-     either CRYPTO_THREADID_set_numeric() or CRYPTO_THREADID_set_pointer().
-
-     Note that ERR_remove_state() is now deprecated, because it is tied
-     to the assumption that thread IDs are numeric.  ERR_remove_state(0)
-     to free the current thread's error state should be replaced by
-     ERR_remove_thread_state(NULL).
-
-     (This new approach replaces the functions CRYPTO_set_idptr_callback(),
-     CRYPTO_get_idptr_callback(), and CRYPTO_thread_idptr() that existed in
-     OpenSSL 0.9.9-dev between June 2006 and August 2008. Also, if an
-     application was previously providing a numeric thread callback that
-     was inappropriate for distinguishing threads, then uniqueness might
-     have been obtained with &errno that happened immediately in the
-     intermediate development versions of OpenSSL; this is no longer the
-     case, the numeric thread callback will now override the automatic use
-     of &errno.)
-     [Geoff Thorpe, with help from Bodo Moeller]
-
-  *) Initial support for different CRL issuing certificates. This covers a
-     simple case where the self issued certificates in the chain exist and
-     the real CRL issuer is higher in the existing chain.
-
-     This work was sponsored by Google.
-     [Steve Henson]
-
-  *) Removed effectively defunct crypto/store from the build.
-     [Ben Laurie]
-
-  *) Revamp of STACK to provide stronger type-checking. Still to come:
-     TXT_DB, bsearch(?), OBJ_bsearch, qsort, CRYPTO_EX_DATA, ASN1_VALUE,
-     ASN1_STRING, CONF_VALUE.
-     [Ben Laurie]
-
-  *) Add a new SSL_MODE_RELEASE_BUFFERS mode flag to release unused buffer
-     RAM on SSL connections.  This option can save about 34k per idle SSL.
-     [Nick Mathewson]
-
-  *) Revamp of LHASH to provide stronger type-checking. Still to come:
-     STACK, TXT_DB, bsearch, qsort.
-     [Ben Laurie]
-
-  *) Initial support for Cryptographic Message Syntax (aka CMS) based
-     on RFC3850, RFC3851 and RFC3852. New cms directory and cms utility,
-     support for data, signedData, compressedData, digestedData and
-     encryptedData, envelopedData types included. Scripts to check against
-     RFC4134 examples draft and interop and consistency checks of many
-     content types and variants.
-     [Steve Henson]
-
-  *) Add options to enc utility to support use of zlib compression BIO.
-     [Steve Henson]
-
-  *) Extend mk1mf to support importing of options and assembly language
-     files from Configure script, currently only included in VC-WIN32.
-     The assembly language rules can now optionally generate the source
-     files from the associated perl scripts.
-     [Steve Henson]
-
-  *) Implement remaining functionality needed to support GOST ciphersuites.
-     Interop testing has been performed using CryptoPro implementations.
-     [Victor B. Wagner <vitus at cryptocom.ru>]
-
-  *) s390x assembler pack.
-     [Andy Polyakov]
-
-  *) ARMv4 assembler pack. ARMv4 refers to v4 and later ISA, not CPU
-     "family."
-     [Andy Polyakov]
-
-  *) Implement Opaque PRF Input TLS extension as specified in
-     draft-rescorla-tls-opaque-prf-input-00.txt.  Since this is not an
-     official specification yet and no extension type assignment by
-     IANA exists, this extension (for now) will have to be explicitly
-     enabled when building OpenSSL by providing the extension number
-     to use.  For example, specify an option
-
-         -DTLSEXT_TYPE_opaque_prf_input=0x9527
-
-     to the "config" or "Configure" script to enable the extension,
-     assuming extension number 0x9527 (which is a completely arbitrary
-     and unofficial assignment based on the MD5 hash of the Internet
-     Draft).  Note that by doing so, you potentially lose
-     interoperability with other TLS implementations since these might
-     be using the same extension number for other purposes.
-
-     SSL_set_tlsext_opaque_prf_input(ssl, src, len) is used to set the
-     opaque PRF input value to use in the handshake.  This will create
-     an interal copy of the length-'len' string at 'src', and will
-     return non-zero for success.
-
-     To get more control and flexibility, provide a callback function
-     by using
-
-          SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb)
-          SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg)
-
-     where
-
-          int (*cb)(SSL *, void *peerinput, size_t len, void *arg);
-          void *arg;
-
-     Callback function 'cb' will be called in handshakes, and is
-     expected to use SSL_set_tlsext_opaque_prf_input() as appropriate.
-     Argument 'arg' is for application purposes (the value as given to
-     SSL_CTX_set_tlsext_opaque_prf_input_callback_arg() will directly
-     be provided to the callback function).  The callback function
-     has to return non-zero to report success: usually 1 to use opaque
-     PRF input just if possible, or 2 to enforce use of the opaque PRF
-     input.  In the latter case, the library will abort the handshake
-     if opaque PRF input is not successfully negotiated.
-
-     Arguments 'peerinput' and 'len' given to the callback function
-     will always be NULL and 0 in the case of a client.  A server will
-     see the client's opaque PRF input through these variables if
-     available (NULL and 0 otherwise).  Note that if the server
-     provides an opaque PRF input, the length must be the same as the
-     length of the client's opaque PRF input.
-
-     Note that the callback function will only be called when creating
-     a new session (session resumption can resume whatever was
-     previously negotiated), and will not be called in SSL 2.0
-     handshakes; thus, SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) or
-     SSL_set_options(ssl, SSL_OP_NO_SSLv2) is especially recommended
-     for applications that need to enforce opaque PRF input.
-
-     [Bodo Moeller]
-
-  *) Update ssl code to support digests other than SHA1+MD5 for handshake
-     MAC. 
-
-     [Victor B. Wagner <vitus at cryptocom.ru>]
-
-  *) Add RFC4507 support to OpenSSL. This includes the corrections in
-     RFC4507bis. The encrypted ticket format is an encrypted encoded
-     SSL_SESSION structure, that way new session features are automatically
-     supported.
-
-     If a client application caches session in an SSL_SESSION structure
-     support is transparent because tickets are now stored in the encoded
-     SSL_SESSION.
-     
-     The SSL_CTX structure automatically generates keys for ticket
-     protection in servers so again support should be possible
-     with no application modification.
-
-     If a client or server wishes to disable RFC4507 support then the option
-     SSL_OP_NO_TICKET can be set.
-
-     Add a TLS extension debugging callback to allow the contents of any client
-     or server extensions to be examined.
-
-     This work was sponsored by Google.
-     [Steve Henson]
-
-  *) Final changes to avoid use of pointer pointer casts in OpenSSL.
-     OpenSSL should now compile cleanly on gcc 4.2
-     [Peter Hartley <pdh at utter.chaos.org.uk>, Steve Henson]
-
-  *) Update SSL library to use new EVP_PKEY MAC API. Include generic MAC
-     support including streaming MAC support: this is required for GOST
-     ciphersuite support.
-     [Victor B. Wagner <vitus at cryptocom.ru>, Steve Henson]
-
-  *) Add option -stream to use PKCS#7 streaming in smime utility. New
-     function i2d_PKCS7_bio_stream() and PEM_write_PKCS7_bio_stream()
-     to output in BER and PEM format.
-     [Steve Henson]
-
-  *) Experimental support for use of HMAC via EVP_PKEY interface. This
-     allows HMAC to be handled via the EVP_DigestSign*() interface. The
-     EVP_PKEY "key" in this case is the HMAC key, potentially allowing
-     ENGINE support for HMAC keys which are unextractable. New -mac and
-     -macopt options to dgst utility.
-     [Steve Henson]
-
-  *) New option -sigopt to dgst utility. Update dgst to use
-     EVP_Digest{Sign,Verify}*. These two changes make it possible to use
-     alternative signing paramaters such as X9.31 or PSS in the dgst 
-     utility.
-     [Steve Henson]
-
-  *) Change ssl_cipher_apply_rule(), the internal function that does
-     the work each time a ciphersuite string requests enabling
-     ("foo+bar"), moving ("+foo+bar"), disabling ("-foo+bar", or
-     removing ("!foo+bar") a class of ciphersuites: Now it maintains
-     the order of disabled ciphersuites such that those ciphersuites
-     that most recently went from enabled to disabled not only stay
-     in order with respect to each other, but also have higher priority
-     than other disabled ciphersuites the next time ciphersuites are
-     enabled again.
-
-     This means that you can now say, e.g., "PSK:-PSK:HIGH" to enable
-     the same ciphersuites as with "HIGH" alone, but in a specific
-     order where the PSK ciphersuites come first (since they are the
-     most recently disabled ciphersuites when "HIGH" is parsed).
-
-     Also, change ssl_create_cipher_list() (using this new
-     funcionality) such that between otherwise identical
-     cihpersuites, ephemeral ECDH is preferred over ephemeral DH in
-     the default order.
-     [Bodo Moeller]
-
-  *) Change ssl_create_cipher_list() so that it automatically
-     arranges the ciphersuites in reasonable order before starting
-     to process the rule string.  Thus, the definition for "DEFAULT"
-     (SSL_DEFAULT_CIPHER_LIST) now is just "ALL:!aNULL:!eNULL", but
-     remains equivalent to "AES:ALL:!aNULL:!eNULL:+aECDH:+kRSA:+RC4:@STRENGTH".
-     This makes it much easier to arrive at a reasonable default order
-     in applications for which anonymous ciphers are OK (meaning
-     that you can't actually use DEFAULT).
-     [Bodo Moeller; suggested by Victor Duchovni]
-
-  *) Split the SSL/TLS algorithm mask (as used for ciphersuite string
-     processing) into multiple integers instead of setting
-     "SSL_MKEY_MASK" bits, "SSL_AUTH_MASK" bits, "SSL_ENC_MASK",
-     "SSL_MAC_MASK", and "SSL_SSL_MASK" bits all in a single integer.
-     (These masks as well as the individual bit definitions are hidden
-     away into the non-exported interface ssl/ssl_locl.h, so this
-     change to the definition of the SSL_CIPHER structure shouldn't
-     affect applications.)  This give us more bits for each of these
-     categories, so there is no longer a need to coagulate AES128 and
-     AES256 into a single algorithm bit, and to coagulate Camellia128
-     and Camellia256 into a single algorithm bit, which has led to all
-     kinds of kludges.
-
-     Thus, among other things, the kludge introduced in 0.9.7m and
-     0.9.8e for masking out AES256 independently of AES128 or masking
-     out Camellia256 independently of AES256 is not needed here in 0.9.9.
-
-     With the change, we also introduce new ciphersuite aliases that
-     so far were missing: "AES128", "AES256", "CAMELLIA128", and
-     "CAMELLIA256".
-     [Bodo Moeller]
-
-  *) Add support for dsa-with-SHA224 and dsa-with-SHA256.
-     Use the leftmost N bytes of the signature input if the input is
-     larger than the prime q (with N being the size in bytes of q).
-     [Nils Larsch]
-
-  *) Very *very* experimental PKCS#7 streaming encoder support. Nothing uses
-     it yet and it is largely untested.
-     [Steve Henson]
-
-  *) Add support for the ecdsa-with-SHA224/256/384/512 signature types.
-     [Nils Larsch]
-
-  *) Initial incomplete changes to avoid need for function casts in OpenSSL
-     some compilers (gcc 4.2 and later) reject their use. Safestack is
-     reimplemented.  Update ASN1 to avoid use of legacy functions. 
-     [Steve Henson]
-
-  *) Win32/64 targets are linked with Winsock2.
-     [Andy Polyakov]
-
-  *) Add an X509_CRL_METHOD structure to allow CRL processing to be redirected
-     to external functions. This can be used to increase CRL handling 
-     efficiency especially when CRLs are very large by (for example) storing
-     the CRL revoked certificates in a database.
-     [Steve Henson]
-
-  *) Overhaul of by_dir code. Add support for dynamic loading of CRLs so
-     new CRLs added to a directory can be used. New command line option
-     -verify_return_error to s_client and s_server. This causes real errors
-     to be returned by the verify callback instead of carrying on no matter
-     what. This reflects the way a "real world" verify callback would behave.
-     [Steve Henson]
-
-  *) GOST engine, supporting several GOST algorithms and public key formats.
-     Kindly donated by Cryptocom.
-     [Cryptocom]
-
-  *) Partial support for Issuing Distribution Point CRL extension. CRLs
-     partitioned by DP are handled but no indirect CRL or reason partitioning
-     (yet). Complete overhaul of CRL handling: now the most suitable CRL is
-     selected via a scoring technique which handles IDP and AKID in CRLs.
-     [Steve Henson]
-
-  *) New X509_STORE_CTX callbacks lookup_crls() and lookup_certs() which
-     will ultimately be used for all verify operations: this will remove the
-     X509_STORE dependency on certificate verification and allow alternative
-     lookup methods.  X509_STORE based implementations of these two callbacks.
-     [Steve Henson]
-
-  *) Allow multiple CRLs to exist in an X509_STORE with matching issuer names.
-     Modify get_crl() to find a valid (unexpired) CRL if possible.
-     [Steve Henson]
-
-  *) New function X509_CRL_match() to check if two CRLs are identical. Normally
-     this would be called X509_CRL_cmp() but that name is already used by
-     a function that just compares CRL issuer names. Cache several CRL 
-     extensions in X509_CRL structure and cache CRLDP in X509.
-     [Steve Henson]
-
-  *) Store a "canonical" representation of X509_NAME structure (ASN1 Name)
-     this maps equivalent X509_NAME structures into a consistent structure.
-     Name comparison can then be performed rapidly using memcmp().
-     [Steve Henson]
-
-  *) Non-blocking OCSP request processing. Add -timeout option to ocsp 
-     utility.
-     [Steve Henson]
-
-  *) Allow digests to supply their own micalg string for S/MIME type using
-     the ctrl EVP_MD_CTRL_MICALG.
-     [Steve Henson]
-
-  *) During PKCS7 signing pass the PKCS7 SignerInfo structure to the
-     EVP_PKEY_METHOD before and after signing via the EVP_PKEY_CTRL_PKCS7_SIGN
-     ctrl. It can then customise the structure before and/or after signing
-     if necessary.
-     [Steve Henson]
-
-  *) New function OBJ_add_sigid() to allow application defined signature OIDs
-     to be added to OpenSSLs internal tables. New function OBJ_sigid_free()
-     to free up any added signature OIDs.
-     [Steve Henson]
-
-  *) New functions EVP_CIPHER_do_all(), EVP_CIPHER_do_all_sorted(),
-     EVP_MD_do_all() and EVP_MD_do_all_sorted() to enumerate internal
-     digest and cipher tables. New options added to openssl utility:
-     list-message-digest-algorithms and list-cipher-algorithms.
-     [Steve Henson]
-
-  *) Change the array representation of binary polynomials: the list
-     of degrees of non-zero coefficients is now terminated with -1.
-     Previously it was terminated with 0, which was also part of the
-     value; thus, the array representation was not applicable to
-     polynomials where t^0 has coefficient zero.  This change makes
-     the array representation useful in a more general context.
-     [Douglas Stebila]
-
-  *) Various modifications and fixes to SSL/TLS cipher string
-     handling.  For ECC, the code now distinguishes between fixed ECDH
-     with RSA certificates on the one hand and with ECDSA certificates
-     on the other hand, since these are separate ciphersuites.  The
-     unused code for Fortezza ciphersuites has been removed.
-
-     For consistency with EDH, ephemeral ECDH is now called "EECDH"
-     (not "ECDHE").  For consistency with the code for DH
-     certificates, use of ECDH certificates is now considered ECDH
-     authentication, not RSA or ECDSA authentication (the latter is
-     merely the CA's signing algorithm and not actively used in the
-     protocol).
-
-     The temporary ciphersuite alias "ECCdraft" is no longer
-     available, and ECC ciphersuites are no longer excluded from "ALL"
-     and "DEFAULT".  The following aliases now exist for RFC 4492
-     ciphersuites, most of these by analogy with the DH case:
-
-         kECDHr   - ECDH cert, signed with RSA
-         kECDHe   - ECDH cert, signed with ECDSA
-         kECDH    - ECDH cert (signed with either RSA or ECDSA)
-         kEECDH   - ephemeral ECDH
-         ECDH     - ECDH cert or ephemeral ECDH
-
-         aECDH    - ECDH cert
-         aECDSA   - ECDSA cert
-         ECDSA    - ECDSA cert
-
-         AECDH    - anonymous ECDH
-         EECDH    - non-anonymous ephemeral ECDH (equivalent to "kEECDH:-AECDH")
-
-     [Bodo Moeller]
-
-  *) Add additional S/MIME capabilities for AES and GOST ciphers if supported.
-     Use correct micalg parameters depending on digest(s) in signed message.
-     [Steve Henson]
-
-  *) Add engine support for EVP_PKEY_ASN1_METHOD. Add functions to process
-     an ENGINE asn1 method. Support ENGINE lookups in the ASN1 code.
-     [Steve Henson]
-
-  *) Initial engine support for EVP_PKEY_METHOD. New functions to permit
-     an engine to register a method. Add ENGINE lookups for methods and
-     functional reference processing.
-     [Steve Henson]
-
-  *) New functions EVP_Digest{Sign,Verify)*. These are enchance versions of
-     EVP_{Sign,Verify}* which allow an application to customise the signature
-     process.
-     [Steve Henson]
-
-  *) New -resign option to smime utility. This adds one or more signers
-     to an existing PKCS#7 signedData structure. Also -md option to use an
-     alternative message digest algorithm for signing.
-     [Steve Henson]
-
-  *) Tidy up PKCS#7 routines and add new functions to make it easier to
-     create PKCS7 structures containing multiple signers. Update smime
-     application to support multiple signers.
-     [Steve Henson]
-
-  *) New -macalg option to pkcs12 utility to allow setting of an alternative
-     digest MAC.
-     [Steve Henson]
-
-  *) Initial support for PKCS#5 v2.0 PRFs other than default SHA1 HMAC.
-     Reorganize PBE internals to lookup from a static table using NIDs,
-     add support for HMAC PBE OID translation. Add a EVP_CIPHER ctrl:
-     EVP_CTRL_PBE_PRF_NID this allows a cipher to specify an alternative
-     PRF which will be automatically used with PBES2.
-     [Steve Henson]
-
-  *) Replace the algorithm specific calls to generate keys in "req" with the
-     new API.
-     [Steve Henson]
-
-  *) Update PKCS#7 enveloped data routines to use new API. This is now
-     supported by any public key method supporting the encrypt operation. A
-     ctrl is added to allow the public key algorithm to examine or modify
-     the PKCS#7 RecipientInfo structure if it needs to: for RSA this is
-     a no op.
-     [Steve Henson]
-
-  *) Add a ctrl to asn1 method to allow a public key algorithm to express
-     a default digest type to use. In most cases this will be SHA1 but some
-     algorithms (such as GOST) need to specify an alternative digest. The
-     return value indicates how strong the prefernce is 1 means optional and
-     2 is mandatory (that is it is the only supported type). Modify
-     ASN1_item_sign() to accept a NULL digest argument to indicate it should
-     use the default md. Update openssl utilities to use the default digest
-     type for signing if it is not explicitly indicated.
-     [Steve Henson]
-
-  *) Use OID cross reference table in ASN1_sign() and ASN1_verify(). New 
-     EVP_MD flag EVP_MD_FLAG_PKEY_METHOD_SIGNATURE. This uses the relevant
-     signing method from the key type. This effectively removes the link
-     between digests and public key types.
-     [Steve Henson]
-
-  *) Add an OID cross reference table and utility functions. Its purpose is to
-     translate between signature OIDs such as SHA1WithrsaEncryption and SHA1,
-     rsaEncryption. This will allow some of the algorithm specific hackery
-     needed to use the correct OID to be removed. 
-     [Steve Henson]
-
-  *) Remove algorithm specific dependencies when setting PKCS7_SIGNER_INFO
-     structures for PKCS7_sign(). They are now set up by the relevant public
-     key ASN1 method.
-     [Steve Henson]
-
-  *) Add provisional EC pkey method with support for ECDSA and ECDH.
-     [Steve Henson]
-
-  *) Add support for key derivation (agreement) in the API, DH method and
-     pkeyutl.
-     [Steve Henson]
-
-  *) Add DSA pkey method and DH pkey methods, extend DH ASN1 method to support
-     public and private key formats. As a side effect these add additional 
-     command line functionality not previously available: DSA signatures can be
-     generated and verified using pkeyutl and DH key support and generation in
-     pkey, genpkey.
-     [Steve Henson]
-
-  *) BeOS support.
-     [Oliver Tappe <zooey at hirschkaefer.de>]
-
-  *) New make target "install_html_docs" installs HTML renditions of the
-     manual pages.
-     [Oliver Tappe <zooey at hirschkaefer.de>]
-
-  *) New utility "genpkey" this is analagous to "genrsa" etc except it can
-     generate keys for any algorithm. Extend and update EVP_PKEY_METHOD to
-     support key and parameter generation and add initial key generation
-     functionality for RSA.
-     [Steve Henson]
-
-  *) Add functions for main EVP_PKEY_method operations. The undocumented
-     functions EVP_PKEY_{encrypt,decrypt} have been renamed to
-     EVP_PKEY_{encrypt,decrypt}_old. 
-     [Steve Henson]
-
-  *) Initial definitions for EVP_PKEY_METHOD. This will be a high level public
-     key API, doesn't do much yet.
-     [Steve Henson]
-
-  *) New function EVP_PKEY_asn1_get0_info() to retrieve information about
-     public key algorithms. New option to openssl utility:
-     "list-public-key-algorithms" to print out info.
-     [Steve Henson]
-
-  *) Implement the Supported Elliptic Curves Extension for
-     ECC ciphersuites from draft-ietf-tls-ecc-12.txt.
-     [Douglas Stebila]
-
-  *) Don't free up OIDs in OBJ_cleanup() if they are in use by EVP_MD or
-     EVP_CIPHER structures to avoid later problems in EVP_cleanup().
-     [Steve Henson]
-
-  *) New utilities pkey and pkeyparam. These are similar to algorithm specific
-     utilities such as rsa, dsa, dsaparam etc except they process any key
-     type.
-     [Steve Henson]
-
-  *) Transfer public key printing routines to EVP_PKEY_ASN1_METHOD. New 
-     functions EVP_PKEY_print_public(), EVP_PKEY_print_private(),
-     EVP_PKEY_print_param() to print public key data from an EVP_PKEY
-     structure.
-     [Steve Henson]
-
-  *) Initial support for pluggable public key ASN1.
-     De-spaghettify the public key ASN1 handling. Move public and private
-     key ASN1 handling to a new EVP_PKEY_ASN1_METHOD structure. Relocate
-     algorithm specific handling to a single module within the relevant
-     algorithm directory. Add functions to allow (near) opaque processing
-     of public and private key structures.
-     [Steve Henson]
-
-  *) Implement the Supported Point Formats Extension for
-     ECC ciphersuites from draft-ietf-tls-ecc-12.txt.
-     [Douglas Stebila]
-
-  *) Add initial support for RFC 4279 PSK TLS ciphersuites. Add members
-     for the psk identity [hint] and the psk callback functions to the
-     SSL_SESSION, SSL and SSL_CTX structure.
-     
-     New ciphersuites:
-         PSK-RC4-SHA, PSK-3DES-EDE-CBC-SHA, PSK-AES128-CBC-SHA,
-         PSK-AES256-CBC-SHA
- 
-     New functions:
-         SSL_CTX_use_psk_identity_hint
-         SSL_get_psk_identity_hint
-         SSL_get_psk_identity
-         SSL_use_psk_identity_hint
-
-     [Mika Kousa and Pasi Eronen of Nokia Corporation]
-
-  *) Add RFC 3161 compliant time stamp request creation, response generation
-     and response verification functionality.
-     [Zoltán Glózik <zglozik at opentsa.org>, The OpenTSA Project]
-
-  *) Add initial support for TLS extensions, specifically for the server_name
-     extension so far.  The SSL_SESSION, SSL_CTX, and SSL data structures now
-     have new members for a host name.  The SSL data structure has an
-     additional member SSL_CTX *initial_ctx so that new sessions can be
-     stored in that context to allow for session resumption, even after the
-     SSL has been switched to a new SSL_CTX in reaction to a client's
-     server_name extension.
-
-     New functions (subject to change):
-
-         SSL_get_servername()
-         SSL_get_servername_type()
-         SSL_set_SSL_CTX()
-
-     New CTRL codes and macros (subject to change):
-
-         SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
-                                 - SSL_CTX_set_tlsext_servername_callback()
-         SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG
-                                      - SSL_CTX_set_tlsext_servername_arg()
-         SSL_CTRL_SET_TLSEXT_HOSTNAME           - SSL_set_tlsext_host_name()
-
-     openssl s_client has a new '-servername ...' option.
-
-     openssl s_server has new options '-servername_host ...', '-cert2 ...',
-     '-key2 ...', '-servername_fatal' (subject to change).  This allows
-     testing the HostName extension for a specific single host name ('-cert'
-     and '-key' remain fallbacks for handshakes without HostName
-     negotiation).  If the unrecogninzed_name alert has to be sent, this by
-     default is a warning; it becomes fatal with the '-servername_fatal'
-     option.
-
-     [Peter Sylvester,  Remy Allais, Christophe Renou]
-
-  *) Whirlpool hash implementation is added.
-     [Andy Polyakov]
-
-  *) BIGNUM code on 64-bit SPARCv9 targets is switched from bn(64,64) to
-     bn(64,32). Because of instruction set limitations it doesn't have
-     any negative impact on performance. This was done mostly in order
-     to make it possible to share assembler modules, such as bn_mul_mont
-     implementations, between 32- and 64-bit builds without hassle.
-     [Andy Polyakov]
-
-  *) Move code previously exiled into file crypto/ec/ec2_smpt.c
-     to ec2_smpl.c, and no longer require the OPENSSL_EC_BIN_PT_COMP
-     macro.
-     [Bodo Moeller]
-
-  *) New candidate for BIGNUM assembler implementation, bn_mul_mont,
-     dedicated Montgomery multiplication procedure, is introduced.
-     BN_MONT_CTX is modified to allow bn_mul_mont to reach for higher
-     "64-bit" performance on certain 32-bit targets.
-     [Andy Polyakov]
-
-  *) New option SSL_OP_NO_COMP to disable use of compression selectively
-     in SSL structures. New SSL ctrl to set maximum send fragment size. 
-     Save memory by seeting the I/O buffer sizes dynamically instead of
-     using the maximum available value.
-     [Steve Henson]
-
-  *) New option -V for 'openssl ciphers'. This prints the ciphersuite code
-     in addition to the text details.
-     [Bodo Moeller]
-
-  *) Very, very preliminary EXPERIMENTAL support for printing of general
-     ASN1 structures. This currently produces rather ugly output and doesn't
-     handle several customised structures at all.
-     [Steve Henson]
-
-  *) Integrated support for PVK file format and some related formats such
-     as MS PUBLICKEYBLOB and PRIVATEKEYBLOB. Command line switches to support
-     these in the 'rsa' and 'dsa' utilities.
-     [Steve Henson]
-
-  *) Support for PKCS#1 RSAPublicKey format on rsa utility command line.
-     [Steve Henson]
-
-  *) Remove the ancient ASN1_METHOD code. This was only ever used in one
-     place for the (very old) "NETSCAPE" format certificates which are now
-     handled using new ASN1 code equivalents.
-     [Steve Henson]
-
-  *) Let the TLSv1_method() etc. functions return a 'const' SSL_METHOD
-     pointer and make the SSL_METHOD parameter in SSL_CTX_new,
-     SSL_CTX_set_ssl_version and SSL_set_ssl_method 'const'.
-     [Nils Larsch]
-
-  *) Modify CRL distribution points extension code to print out previously
-     unsupported fields. Enhance extension setting code to allow setting of
-     all fields.
-     [Steve Henson]
-
-  *) Add print and set support for Issuing Distribution Point CRL extension.
-     [Steve Henson]
-
-  *) Change 'Configure' script to enable Camellia by default.
-     [NTT]
-
- Changes between 0.9.8m and 0.9.8n [24 Mar 2010]
-
-  *) When rejecting SSL/TLS records due to an incorrect version number, never
-     update s->server with a new major version number.  As of
-     - OpenSSL 0.9.8m if 'short' is a 16-bit type,
-     - OpenSSL 0.9.8f if 'short' is longer than 16 bits,
-     the previous behavior could result in a read attempt at NULL when
-     receiving specific incorrect SSL/TLS records once record payload
-     protection is active.  (CVE-2010-0740)
-     [Bodo Moeller, Adam Langley <agl at chromium.org>]
-
-  *) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL 
-     could be crashed if the relevant tables were not present (e.g. chrooted).
-     [Tomas Hoger <thoger at redhat.com>]
-
- Changes between 0.9.8l and 0.9.8m [25 Feb 2010]
-
-  *) Always check bn_wexpend() return values for failure.  (CVE-2009-3245)
-     [Martin Olsson, Neel Mehta]
-
-  *) Fix X509_STORE locking: Every 'objs' access requires a lock (to
-     accommodate for stack sorting, always a write lock!).
-     [Bodo Moeller]
-
-  *) On some versions of WIN32 Heap32Next is very slow. This can cause
-     excessive delays in the RAND_poll(): over a minute. As a workaround
-     include a time check in the inner Heap32Next loop too.
-     [Steve Henson]
-
-  *) The code that handled flushing of data in SSL/TLS originally used the
-     BIO_CTRL_INFO ctrl to see if any data was pending first. This caused
-     the problem outlined in PR#1949. The fix suggested there however can
-     trigger problems with buggy BIO_CTRL_WPENDING (e.g. some versions
-     of Apache). So instead simplify the code to flush unconditionally.
-     This should be fine since flushing with no data to flush is a no op.
-     [Steve Henson]
-
-  *) Handle TLS versions 2.0 and later properly and correctly use the
-     highest version of TLS/SSL supported. Although TLS >= 2.0 is some way
-     off ancient servers have a habit of sticking around for a while...
-     [Steve Henson]
-
-  *) Modify compression code so it frees up structures without using the
-     ex_data callbacks. This works around a problem where some applications
-     call CRYPTO_cleanup_all_ex_data() before application exit (e.g. when
-     restarting) then use compression (e.g. SSL with compression) later.
-     This results in significant per-connection memory leaks and
-     has caused some security issues including CVE-2008-1678 and
-     CVE-2009-4355.
-     [Steve Henson]
-
-  *) Constify crypto/cast (i.e., <openssl/cast.h>): a CAST_KEY doesn't
-     change when encrypting or decrypting.
-     [Bodo Moeller]
-
-  *) Add option SSL_OP_LEGACY_SERVER_CONNECT which will allow clients to
-     connect and renegotiate with servers which do not support RI.
-     Until RI is more widely deployed this option is enabled by default.
-     [Steve Henson]
-
-  *) Add "missing" ssl ctrls to clear options and mode.
-     [Steve Henson]
-
-  *) If client attempts to renegotiate and doesn't support RI respond with
-     a no_renegotiation alert as required by RFC5746.  Some renegotiating
-     TLS clients will continue a connection gracefully when they receive
-     the alert. Unfortunately OpenSSL mishandled this alert and would hang
-     waiting for a server hello which it will never receive. Now we treat a
-     received no_renegotiation alert as a fatal error. This is because
-     applications requesting a renegotiation might well expect it to succeed
-     and would have no code in place to handle the server denying it so the
-     only safe thing to do is to terminate the connection.
-     [Steve Henson]
-
-  *) Add ctrl macro SSL_get_secure_renegotiation_support() which returns 1 if
-     peer supports secure renegotiation and 0 otherwise. Print out peer
-     renegotiation support in s_client/s_server.
-     [Steve Henson]
-
-  *) Replace the highly broken and deprecated SPKAC certification method with
-     the updated NID creation version. This should correctly handle UTF8.
-     [Steve Henson]
-
-  *) Implement RFC5746. Re-enable renegotiation but require the extension
-     as needed. Unfortunately, SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
-     turns out to be a bad idea. It has been replaced by
-     SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION which can be set with
-     SSL_CTX_set_options(). This is really not recommended unless you
-     know what you are doing.
-     [Eric Rescorla <ekr at networkresonance.com>, Ben Laurie, Steve Henson]
-
-  *) Fixes to stateless session resumption handling. Use initial_ctx when
-     issuing and attempting to decrypt tickets in case it has changed during
-     servername handling. Use a non-zero length session ID when attempting
-     stateless session resumption: this makes it possible to determine if
-     a resumption has occurred immediately after receiving server hello
-     (several places in OpenSSL subtly assume this) instead of later in
-     the handshake.
-     [Steve Henson]
-
-  *) The functions ENGINE_ctrl(), OPENSSL_isservice(),
-     CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error
-     fixes for a few places where the return code is not checked
-     correctly.
-     [Julia Lawall <julia at diku.dk>]
-
-  *) Add --strict-warnings option to Configure script to include devteam
-     warnings in other configurations.
-     [Steve Henson]
-
-  *) Add support for --libdir option and LIBDIR variable in makefiles. This
-     makes it possible to install openssl libraries in locations which
-     have names other than "lib", for example "/usr/lib64" which some
-     systems need.
-     [Steve Henson, based on patch from Jeremy Utley]
-
-  *) Don't allow the use of leading 0x80 in OIDs. This is a violation of
-     X690 8.9.12 and can produce some misleading textual output of OIDs.
-     [Steve Henson, reported by Dan Kaminsky]
-
-  *) Delete MD2 from algorithm tables. This follows the recommendation in
-     several standards that it is not used in new applications due to
-     several cryptographic weaknesses. For binary compatibility reasons
-     the MD2 API is still compiled in by default.
-     [Steve Henson]
-
-  *) Add compression id to {d2i,i2d}_SSL_SESSION so it is correctly saved
-     and restored.
-     [Steve Henson]
-
-  *) Rename uni2asc and asc2uni functions to OPENSSL_uni2asc and
-     OPENSSL_asc2uni conditionally on Netware platforms to avoid a name
-     clash.
-     [Guenter <lists at gknw.net>]
-
-  *) Fix the server certificate chain building code to use X509_verify_cert(),
-     it used to have an ad-hoc builder which was unable to cope with anything
-     other than a simple chain.
-     [David Woodhouse <dwmw2 at infradead.org>, Steve Henson]
-
-  *) Don't check self signed certificate signatures in X509_verify_cert()
-     by default (a flag can override this): it just wastes time without
-     adding any security. As a useful side effect self signed root CAs
-     with non-FIPS digests are now usable in FIPS mode.
-     [Steve Henson]
-
-  *) In dtls1_process_out_of_seq_message() the check if the current message
-     is already buffered was missing. For every new message was memory
-     allocated, allowing an attacker to perform an denial of service attack
-     with sending out of seq handshake messages until there is no memory
-     left. Additionally every future messege was buffered, even if the
-     sequence number made no sense and would be part of another handshake.
-     So only messages with sequence numbers less than 10 in advance will be
-     buffered.  (CVE-2009-1378)
-     [Robin Seggelmann, discovered by Daniel Mentz] 	
-
-  *) Records are buffered if they arrive with a future epoch to be
-     processed after finishing the corresponding handshake. There is
-     currently no limitation to this buffer allowing an attacker to perform
-     a DOS attack with sending records with future epochs until there is no
-     memory left. This patch adds the pqueue_size() function to detemine
-     the size of a buffer and limits the record buffer to 100 entries.
-     (CVE-2009-1377)
-     [Robin Seggelmann, discovered by Daniel Mentz] 	
-
-  *) Keep a copy of frag->msg_header.frag_len so it can be used after the
-     parent structure is freed.  (CVE-2009-1379)
-     [Daniel Mentz] 	
-
-  *) Handle non-blocking I/O properly in SSL_shutdown() call.
-     [Darryl Miles <darryl-mailinglists at netbauds.net>]
-
-  *) Add 2.5.4.* OIDs
-     [Ilya O. <vrghost at gmail.com>]
-
- Changes between 0.9.8k and 0.9.8l  [5 Nov 2009]
-
-  *) Disable renegotiation completely - this fixes a severe security
-     problem (CVE-2009-3555) at the cost of breaking all
-     renegotiation. Renegotiation can be re-enabled by setting
-     SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s3->flags at
-     run-time. This is really not recommended unless you know what
-     you're doing.
-     [Ben Laurie]
-
- Changes between 0.9.8j and 0.9.8k  [25 Mar 2009]
-
-  *) Don't set val to NULL when freeing up structures, it is freed up by
-     underlying code. If sizeof(void *) > sizeof(long) this can result in
-     zeroing past the valid field. (CVE-2009-0789)
-     [Paolo Ganci <Paolo.Ganci at AdNovum.CH>]
-
-  *) Fix bug where return value of CMS_SignerInfo_verify_content() was not
-     checked correctly. This would allow some invalid signed attributes to
-     appear to verify correctly. (CVE-2009-0591)
-     [Ivan Nestlerode <inestlerode at us.ibm.com>]
-
-  *) Reject UniversalString and BMPString types with invalid lengths. This
-     prevents a crash in ASN1_STRING_print_ex() which assumes the strings have
-     a legal length. (CVE-2009-0590)
-     [Steve Henson]
-
-  *) Set S/MIME signing as the default purpose rather than setting it 
-     unconditionally. This allows applications to override it at the store
-     level.
-     [Steve Henson]
-
-  *) Permit restricted recursion of ASN1 strings. This is needed in practice
-     to handle some structures.
-     [Steve Henson]
-
-  *) Improve efficiency of mem_gets: don't search whole buffer each time
-     for a '\n'
-     [Jeremy Shapiro <jnshapir at us.ibm.com>]
-
-  *) New -hex option for openssl rand.
-     [Matthieu Herrb]
-
-  *) Print out UTF8String and NumericString when parsing ASN1.
-     [Steve Henson]
-
-  *) Support NumericString type for name components.
-     [Steve Henson]
-
-  *) Allow CC in the environment to override the automatically chosen
-     compiler. Note that nothing is done to ensure flags work with the
-     chosen compiler.
-     [Ben Laurie]
-
- Changes between 0.9.8i and 0.9.8j  [07 Jan 2009]
-
-  *) Properly check EVP_VerifyFinal() and similar return values
-     (CVE-2008-5077).
-     [Ben Laurie, Bodo Moeller, Google Security Team]
-
-  *) Enable TLS extensions by default.
-     [Ben Laurie]
-
-  *) Allow the CHIL engine to be loaded, whether the application is
-     multithreaded or not. (This does not release the developer from the
-     obligation to set up the dynamic locking callbacks.)
-     [Sander Temme <sander at temme.net>]
-
-  *) Use correct exit code if there is an error in dgst command.
-     [Steve Henson; problem pointed out by Roland Dirlewanger]
-
-  *) Tweak Configure so that you need to say "experimental-jpake" to enable
-     JPAKE, and need to use -DOPENSSL_EXPERIMENTAL_JPAKE in applications.
-     [Bodo Moeller]
-
-  *) Add experimental JPAKE support, including demo authentication in
-     s_client and s_server.
-     [Ben Laurie]
-
-  *) Set the comparison function in v3_addr_canonize().
-     [Rob Austein <sra at hactrn.net>]
-
-  *) Add support for XMPP STARTTLS in s_client.
-     [Philip Paeps <philip at freebsd.org>]
-
-  *) Change the server-side SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG behavior
-     to ensure that even with this option, only ciphersuites in the
-     server's preference list will be accepted.  (Note that the option
-     applies only when resuming a session, so the earlier behavior was
-     just about the algorithm choice for symmetric cryptography.)
-     [Bodo Moeller]
-
- Changes between 0.9.8h and 0.9.8i  [15 Sep 2008]
-
-  *) Fix NULL pointer dereference if a DTLS server received
-     ChangeCipherSpec as first record (CVE-2009-1386).
-     [PR #1679]
-
-  *) Fix a state transitition in s3_srvr.c and d1_srvr.c
-     (was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...).
-     [Nagendra Modadugu]
-
-  *) The fix in 0.9.8c that supposedly got rid of unsafe
-     double-checked locking was incomplete for RSA blinding,
-     addressing just one layer of what turns out to have been
-     doubly unsafe triple-checked locking.
-
-     So now fix this for real by retiring the MONT_HELPER macro
-     in crypto/rsa/rsa_eay.c.
-
-     [Bodo Moeller; problem pointed out by Marius Schilder]
-
-  *) Various precautionary measures:
-
-     - Avoid size_t integer overflow in HASH_UPDATE (md32_common.h).
-
-     - Avoid a buffer overflow in d2i_SSL_SESSION() (ssl_asn1.c).
-       (NB: This would require knowledge of the secret session ticket key
-       to exploit, in which case you'd be SOL either way.)
-
-     - Change bn_nist.c so that it will properly handle input BIGNUMs
-       outside the expected range.
-
-     - Enforce the 'num' check in BN_div() (bn_div.c) for non-BN_DEBUG
-       builds.
-
-     [Neel Mehta, Bodo Moeller]
-
-  *) Allow engines to be "soft loaded" - i.e. optionally don't die if
-     the load fails. Useful for distros.
-     [Ben Laurie and the FreeBSD team]
-
-  *) Add support for Local Machine Keyset attribute in PKCS#12 files.
-     [Steve Henson]
-
-  *) Fix BN_GF2m_mod_arr() top-bit cleanup code.
-     [Huang Ying]
-
-  *) Expand ENGINE to support engine supplied SSL client certificate functions.
-
-     This work was sponsored by Logica.
-     [Steve Henson]
-
-  *) Add CryptoAPI ENGINE to support use of RSA and DSA keys held in Windows
-     keystores. Support for SSL/TLS client authentication too.
-     Not compiled unless enable-capieng specified to Configure.
-
-     This work was sponsored by Logica.
-     [Steve Henson]
-
-  *) Fix bug in X509_ATTRIBUTE creation: dont set attribute using
-     ASN1_TYPE_set1 if MBSTRING flag set. This bug would crash certain
-     attribute creation routines such as certifcate requests and PKCS#12
-     files.
-     [Steve Henson]
-
- Changes between 0.9.8g and 0.9.8h  [28 May 2008]
-
-  *) Fix flaw if 'Server Key exchange message' is omitted from a TLS
-     handshake which could lead to a cilent crash as found using the
-     Codenomicon TLS test suite (CVE-2008-1672) 
-     [Steve Henson, Mark Cox]
-
-  *) Fix double free in TLS server name extensions which could lead to
-     a remote crash found by Codenomicon TLS test suite (CVE-2008-0891) 
-     [Joe Orton]
-
-  *) Clear error queue in SSL_CTX_use_certificate_chain_file()
-
-     Clear the error queue to ensure that error entries left from
-     older function calls do not interfere with the correct operation.
-     [Lutz Jaenicke, Erik de Castro Lopo]
-
-  *) Remove root CA certificates of commercial CAs:
-
-     The OpenSSL project does not recommend any specific CA and does not
-     have any policy with respect to including or excluding any CA.
-     Therefore it does not make any sense to ship an arbitrary selection
-     of root CA certificates with the OpenSSL software.
-     [Lutz Jaenicke]
-
-  *) RSA OAEP patches to fix two separate invalid memory reads.
-     The first one involves inputs when 'lzero' is greater than
-     'SHA_DIGEST_LENGTH' (it would read about SHA_DIGEST_LENGTH bytes
-     before the beginning of from). The second one involves inputs where
-     the 'db' section contains nothing but zeroes (there is a one-byte
-     invalid read after the end of 'db').
-     [Ivan Nestlerode <inestlerode at us.ibm.com>]
-
-  *) Partial backport from 0.9.9-dev:
-
-     Introduce bn_mul_mont (dedicated Montgomery multiplication
-     procedure) as a candidate for BIGNUM assembler implementation.
-     While 0.9.9-dev uses assembler for various architectures, only
-     x86_64 is available by default here in the 0.9.8 branch, and
-     32-bit x86 is available through a compile-time setting.
-
-     To try the 32-bit x86 assembler implementation, use Configure
-     option "enable-montasm" (which exists only for this backport).
-
-     As "enable-montasm" for 32-bit x86 disclaims code stability
-     anyway, in this constellation we activate additional code
-     backported from 0.9.9-dev for further performance improvements,
-     namely BN_from_montgomery_word.  (To enable this otherwise,
-     e.g. x86_64, try "-DMONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD".)
-
-     [Andy Polyakov (backport partially by Bodo Moeller)]
-
-  *) Add TLS session ticket callback. This allows an application to set
-     TLS ticket cipher and HMAC keys rather than relying on hardcoded fixed
-     values. This is useful for key rollover for example where several key
-     sets may exist with different names.
-     [Steve Henson]
-
-  *) Reverse ENGINE-internal logic for caching default ENGINE handles.
-     This was broken until now in 0.9.8 releases, such that the only way
-     a registered ENGINE could be used (assuming it initialises
-     successfully on the host) was to explicitly set it as the default
-     for the relevant algorithms. This is in contradiction with 0.9.7
-     behaviour and the documentation. With this fix, when an ENGINE is
-     registered into a given algorithm's table of implementations, the
-     'uptodate' flag is reset so that auto-discovery will be used next
-     time a new context for that algorithm attempts to select an
-     implementation.
-     [Ian Lister (tweaked by Geoff Thorpe)]
-
-  *) Backport of CMS code to OpenSSL 0.9.8. This differs from the 0.9.9
-     implemention in the following ways:
-
-     Lack of EVP_PKEY_ASN1_METHOD means algorithm parameters have to be
-     hard coded.
-
-     Lack of BER streaming support means one pass streaming processing is
-     only supported if data is detached: setting the streaming flag is
-     ignored for embedded content.
-
-     CMS support is disabled by default and must be explicitly enabled
-     with the enable-cms configuration option.
-     [Steve Henson]
-
-  *) Update the GMP engine glue to do direct copies between BIGNUM and
-     mpz_t when openssl and GMP use the same limb size. Otherwise the
-     existing "conversion via a text string export" trick is still used.
-     [Paul Sheer <paulsheer at gmail.com>]
-
-  *) Zlib compression BIO. This is a filter BIO which compressed and
-     uncompresses any data passed through it.
-     [Steve Henson]
-
-  *) Add AES_wrap_key() and AES_unwrap_key() functions to implement
-     RFC3394 compatible AES key wrapping.
-     [Steve Henson]
-
-  *) Add utility functions to handle ASN1 structures. ASN1_STRING_set0():
-     sets string data without copying. X509_ALGOR_set0() and
-     X509_ALGOR_get0(): set and retrieve X509_ALGOR (AlgorithmIdentifier)
-     data. Attribute function X509at_get0_data_by_OBJ(): retrieves data
-     from an X509_ATTRIBUTE structure optionally checking it occurs only
-     once. ASN1_TYPE_set1(): set and ASN1_TYPE structure copying supplied
-     data.
-     [Steve Henson]
-
-  *) Fix BN flag handling in RSA_eay_mod_exp() and BN_MONT_CTX_set()
-     to get the expected BN_FLG_CONSTTIME behavior.
-     [Bodo Moeller (Google)]
-  
-  *) Netware support:
-
-     - fixed wrong usage of ioctlsocket() when build for LIBC BSD sockets
-     - fixed do_tests.pl to run the test suite with CLIB builds too (CLIB_OPT)
-     - added some more tests to do_tests.pl
-     - fixed RunningProcess usage so that it works with newer LIBC NDKs too
-     - removed usage of BN_LLONG for CLIB builds to avoid runtime dependency
-     - added new Configure targets netware-clib-bsdsock, netware-clib-gcc,
-       netware-clib-bsdsock-gcc, netware-libc-bsdsock-gcc
-     - various changes to netware.pl to enable gcc-cross builds on Win32
-       platform
-     - changed crypto/bio/b_sock.c to work with macro functions (CLIB BSD)
-     - various changes to fix missing prototype warnings
-     - fixed x86nasm.pl to create correct asm files for NASM COFF output
-     - added AES, WHIRLPOOL and CPUID assembler code to build files
-     - added missing AES assembler make rules to mk1mf.pl
-     - fixed order of includes in apps/ocsp.c so that e_os.h settings apply
-     [Guenter Knauf <eflash at gmx.net>]
-
-  *) Implement certificate status request TLS extension defined in RFC3546.
-     A client can set the appropriate parameters and receive the encoded
-     OCSP response via a callback. A server can query the supplied parameters
-     and set the encoded OCSP response in the callback. Add simplified examples
-     to s_client and s_server.
-     [Steve Henson]
-
- Changes between 0.9.8f and 0.9.8g  [19 Oct 2007]
-
-  *) Fix various bugs:
-     + Binary incompatibility of ssl_ctx_st structure
-     + DTLS interoperation with non-compliant servers
-     + Don't call get_session_cb() without proposed session
-     + Fix ia64 assembler code
-     [Andy Polyakov, Steve Henson]
-
- Changes between 0.9.8e and 0.9.8f  [11 Oct 2007]
-
-  *) DTLS Handshake overhaul. There were longstanding issues with
-     OpenSSL DTLS implementation, which were making it impossible for
-     RFC 4347 compliant client to communicate with OpenSSL server.
-     Unfortunately just fixing these incompatibilities would "cut off"
-     pre-0.9.8f clients. To allow for hassle free upgrade post-0.9.8e
-     server keeps tolerating non RFC compliant syntax. The opposite is
-     not true, 0.9.8f client can not communicate with earlier server.
-     This update even addresses CVE-2007-4995.
-     [Andy Polyakov]
-
-  *) Changes to avoid need for function casts in OpenSSL: some compilers
-     (gcc 4.2 and later) reject their use.
-     [Kurt Roeckx <kurt at roeckx.be>, Peter Hartley <pdh at utter.chaos.org.uk>,
-      Steve Henson]
-  
-  *) Add RFC4507 support to OpenSSL. This includes the corrections in
-     RFC4507bis. The encrypted ticket format is an encrypted encoded
-     SSL_SESSION structure, that way new session features are automatically
-     supported.
-
-     If a client application caches session in an SSL_SESSION structure
-     support is transparent because tickets are now stored in the encoded
-     SSL_SESSION.
-     
-     The SSL_CTX structure automatically generates keys for ticket
-     protection in servers so again support should be possible
-     with no application modification.
-
-     If a client or server wishes to disable RFC4507 support then the option
-     SSL_OP_NO_TICKET can be set.
-
-     Add a TLS extension debugging callback to allow the contents of any client
-     or server extensions to be examined.
-
-     This work was sponsored by Google.
-     [Steve Henson]
-
-  *) Add initial support for TLS extensions, specifically for the server_name
-     extension so far.  The SSL_SESSION, SSL_CTX, and SSL data structures now
-     have new members for a host name.  The SSL data structure has an
-     additional member SSL_CTX *initial_ctx so that new sessions can be
-     stored in that context to allow for session resumption, even after the
-     SSL has been switched to a new SSL_CTX in reaction to a client's
-     server_name extension.
-
-     New functions (subject to change):
-
-         SSL_get_servername()
-         SSL_get_servername_type()
-         SSL_set_SSL_CTX()
-
-     New CTRL codes and macros (subject to change):
-
-         SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
-                                 - SSL_CTX_set_tlsext_servername_callback()
-         SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG
-                                      - SSL_CTX_set_tlsext_servername_arg()
-         SSL_CTRL_SET_TLSEXT_HOSTNAME           - SSL_set_tlsext_host_name()
-
-     openssl s_client has a new '-servername ...' option.
-
-     openssl s_server has new options '-servername_host ...', '-cert2 ...',
-     '-key2 ...', '-servername_fatal' (subject to change).  This allows
-     testing the HostName extension for a specific single host name ('-cert'
-     and '-key' remain fallbacks for handshakes without HostName
-     negotiation).  If the unrecogninzed_name alert has to be sent, this by
-     default is a warning; it becomes fatal with the '-servername_fatal'
-     option.
-
-     [Peter Sylvester,  Remy Allais, Christophe Renou, Steve Henson]
-
-  *) Add AES and SSE2 assembly language support to VC++ build.
-     [Steve Henson]
-
-  *) Mitigate attack on final subtraction in Montgomery reduction.
-     [Andy Polyakov]
-
-  *) Fix crypto/ec/ec_mult.c to work properly with scalars of value 0
-     (which previously caused an internal error).
-     [Bodo Moeller]
-
-  *) Squeeze another 10% out of IGE mode when in != out.
-     [Ben Laurie]
-
-  *) AES IGE mode speedup.
-     [Dean Gaudet (Google)]
-
-  *) Add the Korean symmetric 128-bit cipher SEED (see
-     http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp) and
-     add SEED ciphersuites from RFC 4162:
-
-        TLS_RSA_WITH_SEED_CBC_SHA      =  "SEED-SHA"
-        TLS_DHE_DSS_WITH_SEED_CBC_SHA  =  "DHE-DSS-SEED-SHA"
-        TLS_DHE_RSA_WITH_SEED_CBC_SHA  =  "DHE-RSA-SEED-SHA"
-        TLS_DH_anon_WITH_SEED_CBC_SHA  =  "ADH-SEED-SHA"
-
-     To minimize changes between patchlevels in the OpenSSL 0.9.8
-     series, SEED remains excluded from compilation unless OpenSSL
-     is configured with 'enable-seed'.
-     [KISA, Bodo Moeller]
-
-  *) Mitigate branch prediction attacks, which can be practical if a
-     single processor is shared, allowing a spy process to extract
-     information.  For detailed background information, see
-     http://eprint.iacr.org/2007/039 (O. Aciicmez, S. Gueron,
-     J.-P. Seifert, "New Branch Prediction Vulnerabilities in OpenSSL
-     and Necessary Software Countermeasures").  The core of the change
-     are new versions BN_div_no_branch() and
-     BN_mod_inverse_no_branch() of BN_div() and BN_mod_inverse(),
-     respectively, which are slower, but avoid the security-relevant
-     conditional branches.  These are automatically called by BN_div()
-     and BN_mod_inverse() if the flag BN_FLG_CONSTTIME is set for one
-     of the input BIGNUMs.  Also, BN_is_bit_set() has been changed to
-     remove a conditional branch.
-
-     BN_FLG_CONSTTIME is the new name for the previous
-     BN_FLG_EXP_CONSTTIME flag, since it now affects more than just
-     modular exponentiation.  (Since OpenSSL 0.9.7h, setting this flag
-     in the exponent causes BN_mod_exp_mont() to use the alternative
-     implementation in BN_mod_exp_mont_consttime().)  The old name
-     remains as a deprecated alias.
-
-     Similary, RSA_FLAG_NO_EXP_CONSTTIME is replaced by a more general
-     RSA_FLAG_NO_CONSTTIME flag since the RSA implementation now uses
-     constant-time implementations for more than just exponentiation.
-     Here too the old name is kept as a deprecated alias.
-
-     BN_BLINDING_new() will now use BN_dup() for the modulus so that
-     the BN_BLINDING structure gets an independent copy of the
-     modulus.  This means that the previous "BIGNUM *m" argument to
-     BN_BLINDING_new() and to BN_BLINDING_create_param() now
-     essentially becomes "const BIGNUM *m", although we can't actually
-     change this in the header file before 0.9.9.  It allows
-     RSA_setup_blinding() to use BN_with_flags() on the modulus to
-     enable BN_FLG_CONSTTIME.
-
-     [Matthew D Wood (Intel Corp)]
-
-  *) In the SSL/TLS server implementation, be strict about session ID
-     context matching (which matters if an application uses a single
-     external cache for different purposes).  Previously,
-     out-of-context reuse was forbidden only if SSL_VERIFY_PEER was
-     set.  This did ensure strict client verification, but meant that,
-     with applications using a single external cache for quite
-     different requirements, clients could circumvent ciphersuite
-     restrictions for a given session ID context by starting a session
-     in a different context.
-     [Bodo Moeller]
-
-  *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that
-     a ciphersuite string such as "DEFAULT:RSA" cannot enable
-     authentication-only ciphersuites.
-     [Bodo Moeller]
-
-  *) Update the SSL_get_shared_ciphers() fix CVE-2006-3738 which was
-     not complete and could lead to a possible single byte overflow
-     (CVE-2007-5135) [Ben Laurie]
-
- Changes between 0.9.8d and 0.9.8e  [23 Feb 2007]
-
-  *) Since AES128 and AES256 (and similarly Camellia128 and
-     Camellia256) share a single mask bit in the logic of
-     ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a
-     kludge to work properly if AES128 is available and AES256 isn't
-     (or if Camellia128 is available and Camellia256 isn't).
-     [Victor Duchovni]
-
-  *) Fix the BIT STRING encoding generated by crypto/ec/ec_asn1.c
-     (within i2d_ECPrivateKey, i2d_ECPKParameters, i2d_ECParameters):
-     When a point or a seed is encoded in a BIT STRING, we need to
-     prevent the removal of trailing zero bits to get the proper DER
-     encoding.  (By default, crypto/asn1/a_bitstr.c assumes the case
-     of a NamedBitList, for which trailing 0 bits need to be removed.)
-     [Bodo Moeller]
-
-  *) Have SSL/TLS server implementation tolerate "mismatched" record
-     protocol version while receiving ClientHello even if the
-     ClientHello is fragmented.  (The server can't insist on the
-     particular protocol version it has chosen before the ServerHello
-     message has informed the client about his choice.)
-     [Bodo Moeller]
-
-  *) Add RFC 3779 support.
-     [Rob Austein for ARIN, Ben Laurie]
-
-  *) Load error codes if they are not already present instead of using a
-     static variable. This allows them to be cleanly unloaded and reloaded.
-     Improve header file function name parsing.
-     [Steve Henson]
-
-  *) extend SMTP and IMAP protocol emulation in s_client to use EHLO
-     or CAPABILITY handshake as required by RFCs.
-     [Goetz Babin-Ebell]
-
- Changes between 0.9.8c and 0.9.8d  [28 Sep 2006]
-
-  *) Introduce limits to prevent malicious keys being able to
-     cause a denial of service.  (CVE-2006-2940)
-     [Steve Henson, Bodo Moeller]
-
-  *) Fix ASN.1 parsing of certain invalid structures that can result
-     in a denial of service.  (CVE-2006-2937)  [Steve Henson]
-
-  *) Fix buffer overflow in SSL_get_shared_ciphers() function. 
-     (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
-
-  *) Fix SSL client code which could crash if connecting to a
-     malicious SSLv2 server.  (CVE-2006-4343)
-     [Tavis Ormandy and Will Drewry, Google Security Team]
-
-  *) Since 0.9.8b, ciphersuite strings naming explicit ciphersuites
-     match only those.  Before that, "AES256-SHA" would be interpreted
-     as a pattern and match "AES128-SHA" too (since AES128-SHA got
-     the same strength classification in 0.9.7h) as we currently only
-     have a single AES bit in the ciphersuite description bitmap.
-     That change, however, also applied to ciphersuite strings such as
-     "RC4-MD5" that intentionally matched multiple ciphersuites --
-     namely, SSL 2.0 ciphersuites in addition to the more common ones
-     from SSL 3.0/TLS 1.0.
-
-     So we change the selection algorithm again: Naming an explicit
-     ciphersuite selects this one ciphersuite, and any other similar
-     ciphersuite (same bitmap) from *other* protocol versions.
-     Thus, "RC4-MD5" again will properly select both the SSL 2.0
-     ciphersuite and the SSL 3.0/TLS 1.0 ciphersuite.
-
-     Since SSL 2.0 does not have any ciphersuites for which the
-     128/256 bit distinction would be relevant, this works for now.
-     The proper fix will be to use different bits for AES128 and
-     AES256, which would have avoided the problems from the beginning;
-     however, bits are scarce, so we can only do this in a new release
-     (not just a patchlevel) when we can change the SSL_CIPHER
-     definition to split the single 'unsigned long mask' bitmap into
-     multiple values to extend the available space.
-
-     [Bodo Moeller]
-
- Changes between 0.9.8b and 0.9.8c  [05 Sep 2006]
-
-  *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
-     (CVE-2006-4339)  [Ben Laurie and Google Security Team]
-
-  *) Add AES IGE and biIGE modes.
-     [Ben Laurie]
-
-  *) Change the Unix randomness entropy gathering to use poll() when
-     possible instead of select(), since the latter has some
-     undesirable limitations.
-     [Darryl Miles via Richard Levitte and Bodo Moeller]
-
-  *) Disable "ECCdraft" ciphersuites more thoroughly.  Now special
-     treatment in ssl/ssl_ciph.s makes sure that these ciphersuites
-     cannot be implicitly activated as part of, e.g., the "AES" alias.
-     However, please upgrade to OpenSSL 0.9.9[-dev] for
-     non-experimental use of the ECC ciphersuites to get TLS extension
-     support, which is required for curve and point format negotiation
-     to avoid potential handshake problems.
-     [Bodo Moeller]
-
-  *) Disable rogue ciphersuites:
-
-      - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
-      - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
-      - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
-
-     The latter two were purportedly from
-     draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
-     appear there.
-
-     Also deactivate the remaining ciphersuites from
-     draft-ietf-tls-56-bit-ciphersuites-01.txt.  These are just as
-     unofficial, and the ID has long expired.
-     [Bodo Moeller]
-
-  *) Fix RSA blinding Heisenbug (problems sometimes occured on
-     dual-core machines) and other potential thread-safety issues.
-     [Bodo Moeller]
-
-  *) Add the symmetric cipher Camellia (128-bit, 192-bit, 256-bit key
-     versions), which is now available for royalty-free use
-     (see http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html).
-     Also, add Camellia TLS ciphersuites from RFC 4132.
-
-     To minimize changes between patchlevels in the OpenSSL 0.9.8
-     series, Camellia remains excluded from compilation unless OpenSSL
-     is configured with 'enable-camellia'.
-     [NTT]
-
-  *) Disable the padding bug check when compression is in use. The padding
-     bug check assumes the first packet is of even length, this is not
-     necessarily true if compresssion is enabled and can result in false
-     positives causing handshake failure. The actual bug test is ancient
-     code so it is hoped that implementations will either have fixed it by
-     now or any which still have the bug do not support compression.
-     [Steve Henson]
-
- Changes between 0.9.8a and 0.9.8b  [04 May 2006]
-
-  *) When applying a cipher rule check to see if string match is an explicit
-     cipher suite and only match that one cipher suite if it is.
-     [Steve Henson]
-
-  *) Link in manifests for VC++ if needed.
-     [Austin Ziegler <halostatue at gmail.com>]
-
-  *) Update support for ECC-based TLS ciphersuites according to
-     draft-ietf-tls-ecc-12.txt with proposed changes (but without
-     TLS extensions, which are supported starting with the 0.9.9
-     branch, not in the OpenSSL 0.9.8 branch).
-     [Douglas Stebila]
-
-  *) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support
-     opaque EVP_CIPHER_CTX handling.
-     [Steve Henson]
-
-  *) Fixes and enhancements to zlib compression code. We now only use
-     "zlib1.dll" and use the default __cdecl calling convention on Win32
-     to conform with the standards mentioned here:
-           http://www.zlib.net/DLL_FAQ.txt
-     Static zlib linking now works on Windows and the new --with-zlib-include
-     --with-zlib-lib options to Configure can be used to supply the location
-     of the headers and library. Gracefully handle case where zlib library
-     can't be loaded.
-     [Steve Henson]
-
-  *) Several fixes and enhancements to the OID generation code. The old code
-     sometimes allowed invalid OIDs (1.X for X >= 40 for example), couldn't
-     handle numbers larger than ULONG_MAX, truncated printing and had a
-     non standard OBJ_obj2txt() behaviour.
-     [Steve Henson]
-
-  *) Add support for building of engines under engine/ as shared libraries
-     under VC++ build system.
-     [Steve Henson]
-
-  *) Corrected the numerous bugs in the Win32 path splitter in DSO.
-     Hopefully, we will not see any false combination of paths any more.
-     [Richard Levitte]
-
- Changes between 0.9.8 and 0.9.8a  [11 Oct 2005]
-
-  *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
-     (part of SSL_OP_ALL).  This option used to disable the
-     countermeasure against man-in-the-middle protocol-version
-     rollback in the SSL 2.0 server implementation, which is a bad
-     idea.  (CVE-2005-2969)
-
-     [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
-     for Information Security, National Institute of Advanced Industrial
-     Science and Technology [AIST], Japan)]
-
-  *) Add two function to clear and return the verify parameter flags.
-     [Steve Henson]
-
-  *) Keep cipherlists sorted in the source instead of sorting them at
-     runtime, thus removing the need for a lock.
-     [Nils Larsch]
-
-  *) Avoid some small subgroup attacks in Diffie-Hellman.
-     [Nick Mathewson and Ben Laurie]
-
-  *) Add functions for well-known primes.
-     [Nick Mathewson]
-
-  *) Extended Windows CE support.
-     [Satoshi Nakamura and Andy Polyakov]
-
-  *) Initialize SSL_METHOD structures at compile time instead of during
-     runtime, thus removing the need for a lock.
-     [Steve Henson]
-
-  *) Make PKCS7_decrypt() work even if no certificate is supplied by
-     attempting to decrypt each encrypted key in turn. Add support to
-     smime utility.
-     [Steve Henson]
-
- Changes between 0.9.7h and 0.9.8  [05 Jul 2005]
-
-  [NB: OpenSSL 0.9.7i and later 0.9.7 patch levels were released after
-  OpenSSL 0.9.8.]
-
-  *) Add libcrypto.pc and libssl.pc for those who feel they need them.
-     [Richard Levitte]
-
-  *) Change CA.sh and CA.pl so they don't bundle the CSR and the private
-     key into the same file any more.
-     [Richard Levitte]
-
-  *) Add initial support for Win64, both IA64 and AMD64/x64 flavors.
-     [Andy Polyakov]
-
-  *) Add -utf8 command line and config file option to 'ca'.
-     [Stefan <stf at udoma.org]
-
-  *) Removed the macro des_crypt(), as it seems to conflict with some
-     libraries.  Use DES_crypt().
-     [Richard Levitte]
-
-  *) Correct naming of the 'chil' and '4758cca' ENGINEs. This
-     involves renaming the source and generated shared-libs for
-     both. The engines will accept the corrected or legacy ids
-     ('ncipher' and '4758_cca' respectively) when binding. NB,
-     this only applies when building 'shared'.
-     [Corinna Vinschen <vinschen at redhat.com> and Geoff Thorpe]
-
-  *) Add attribute functions to EVP_PKEY structure. Modify
-     PKCS12_create() to recognize a CSP name attribute and
-     use it. Make -CSP option work again in pkcs12 utility.
-     [Steve Henson]
-
-  *) Add new functionality to the bn blinding code:
-     - automatic re-creation of the BN_BLINDING parameters after
-       a fixed number of uses (currently 32)
-     - add new function for parameter creation
-     - introduce flags to control the update behaviour of the
-       BN_BLINDING parameters
-     - hide BN_BLINDING structure
-     Add a second BN_BLINDING slot to the RSA structure to improve
-     performance when a single RSA object is shared among several
-     threads.
-     [Nils Larsch]
-
-  *) Add support for DTLS.
-     [Nagendra Modadugu <nagendra at cs.stanford.edu> and Ben Laurie]
-
-  *) Add support for DER encoded private keys (SSL_FILETYPE_ASN1)
-     to SSL_CTX_use_PrivateKey_file() and SSL_use_PrivateKey_file()
-     [Walter Goulet]
-
-  *) Remove buggy and incompletet DH cert support from
-     ssl/ssl_rsa.c and ssl/s3_both.c
-     [Nils Larsch]
-
-  *) Use SHA-1 instead of MD5 as the default digest algorithm for
-     the apps/openssl applications.
-     [Nils Larsch]
-
-  *) Compile clean with "-Wall -Wmissing-prototypes
-     -Wstrict-prototypes -Wmissing-declarations -Werror". Currently
-     DEBUG_SAFESTACK must also be set.
-     [Ben Laurie]
-
-  *) Change ./Configure so that certain algorithms can be disabled by default.
-     The new counterpiece to "no-xxx" is "enable-xxx".
-
-     The patented RC5 and MDC2 algorithms will now be disabled unless
-     "enable-rc5" and "enable-mdc2", respectively, are specified.
-
-     (IDEA remains enabled despite being patented.  This is because IDEA
-     is frequently required for interoperability, and there is no license
-     fee for non-commercial use.  As before, "no-idea" can be used to
-     avoid this algorithm.)
-
-     [Bodo Moeller]
-
-  *) Add processing of proxy certificates (see RFC 3820).  This work was
-     sponsored by KTH (The Royal Institute of Technology in Stockholm) and
-     EGEE (Enabling Grids for E-science in Europe).
-     [Richard Levitte]
-
-  *) RC4 performance overhaul on modern architectures/implementations, such
-     as Intel P4, IA-64 and AMD64.
-     [Andy Polyakov]
-
-  *) New utility extract-section.pl. This can be used specify an alternative
-     section number in a pod file instead of having to treat each file as
-     a separate case in Makefile. This can be done by adding two lines to the
-     pod file:
-
-     =for comment openssl_section:XXX
-
-     The blank line is mandatory.
-
-     [Steve Henson]
-
-  *) New arguments -certform, -keyform and -pass for s_client and s_server
-     to allow alternative format key and certificate files and passphrase
-     sources.
-     [Steve Henson]
-
-  *) New structure X509_VERIFY_PARAM which combines current verify parameters,
-     update associated structures and add various utility functions.
-
-     Add new policy related verify parameters, include policy checking in 
-     standard verify code. Enhance 'smime' application with extra parameters
-     to support policy checking and print out.
-     [Steve Henson]
-
-  *) Add a new engine to support VIA PadLock ACE extensions in the VIA C3
-     Nehemiah processors. These extensions support AES encryption in hardware
-     as well as RNG (though RNG support is currently disabled).
-     [Michal Ludvig <michal at logix.cz>, with help from Andy Polyakov]
-
-  *) Deprecate BN_[get|set]_params() functions (they were ignored internally).
-     [Geoff Thorpe]
-
-  *) New FIPS 180-2 algorithms, SHA-224/-256/-384/-512 are implemented.
-     [Andy Polyakov and a number of other people]
-
-  *) Improved PowerPC platform support. Most notably BIGNUM assembler
-     implementation contributed by IBM.
-     [Suresh Chari, Peter Waltenberg, Andy Polyakov]
-
-  *) The new 'RSA_generate_key_ex' function now takes a BIGNUM for the public
-     exponent rather than 'unsigned long'. There is a corresponding change to
-     the new 'rsa_keygen' element of the RSA_METHOD structure.
-     [Jelte Jansen, Geoff Thorpe]
-
-  *) Functionality for creating the initial serial number file is now
-     moved from CA.pl to the 'ca' utility with a new option -create_serial.
-
-     (Before OpenSSL 0.9.7e, CA.pl used to initialize the serial
-     number file to 1, which is bound to cause problems.  To avoid
-     the problems while respecting compatibility between different 0.9.7
-     patchlevels, 0.9.7e  employed 'openssl x509 -next_serial' in
-     CA.pl for serial number initialization.  With the new release 0.9.8,
-     we can fix the problem directly in the 'ca' utility.)
-     [Steve Henson]
-
-  *) Reduced header interdepencies by declaring more opaque objects in
-     ossl_typ.h. As a consequence, including some headers (eg. engine.h) will
-     give fewer recursive includes, which could break lazy source code - so
-     this change is covered by the OPENSSL_NO_DEPRECATED symbol. As always,
-     developers should define this symbol when building and using openssl to
-     ensure they track the recommended behaviour, interfaces, [etc], but
-     backwards-compatible behaviour prevails when this isn't defined.
-     [Geoff Thorpe]
-
-  *) New function X509_POLICY_NODE_print() which prints out policy nodes.
-     [Steve Henson]
-
-  *) Add new EVP function EVP_CIPHER_CTX_rand_key and associated functionality.
-     This will generate a random key of the appropriate length based on the 
-     cipher context. The EVP_CIPHER can provide its own random key generation
-     routine to support keys of a specific form. This is used in the des and 
-     3des routines to generate a key of the correct parity. Update S/MIME
-     code to use new functions and hence generate correct parity DES keys.
-     Add EVP_CHECK_DES_KEY #define to return an error if the key is not 
-     valid (weak or incorrect parity).
-     [Steve Henson]
-
-  *) Add a local set of CRLs that can be used by X509_verify_cert() as well
-     as looking them up. This is useful when the verified structure may contain
-     CRLs, for example PKCS#7 signedData. Modify PKCS7_verify() to use any CRLs
-     present unless the new PKCS7_NO_CRL flag is asserted.
-     [Steve Henson]
-
-  *) Extend ASN1 oid configuration module. It now additionally accepts the
-     syntax:
-
-     shortName = some long name, 1.2.3.4
-     [Steve Henson]
-
-  *) Reimplemented the BN_CTX implementation. There is now no more static
-     limitation on the number of variables it can handle nor the depth of the
-     "stack" handling for BN_CTX_start()/BN_CTX_end() pairs. The stack
-     information can now expand as required, and rather than having a single
-     static array of bignums, BN_CTX now uses a linked-list of such arrays
-     allowing it to expand on demand whilst maintaining the usefulness of
-     BN_CTX's "bundling".
-     [Geoff Thorpe]
-
-  *) Add a missing BN_CTX parameter to the 'rsa_mod_exp' callback in RSA_METHOD
-     to allow all RSA operations to function using a single BN_CTX.
-     [Geoff Thorpe]
-
-  *) Preliminary support for certificate policy evaluation and checking. This
-     is initially intended to pass the tests outlined in "Conformance Testing
-     of Relying Party Client Certificate Path Processing Logic" v1.07.
-     [Steve Henson]
-
-  *) bn_dup_expand() has been deprecated, it was introduced in 0.9.7 and
-     remained unused and not that useful. A variety of other little bignum
-     tweaks and fixes have also been made continuing on from the audit (see
-     below).
-     [Geoff Thorpe]
-
-  *) Constify all or almost all d2i, c2i, s2i and r2i functions, along with
-     associated ASN1, EVP and SSL functions and old ASN1 macros.
-     [Richard Levitte]
-
-  *) BN_zero() only needs to set 'top' and 'neg' to zero for correct results,
-     and this should never fail. So the return value from the use of
-     BN_set_word() (which can fail due to needless expansion) is now deprecated;
-     if OPENSSL_NO_DEPRECATED is defined, BN_zero() is a void macro.
-     [Geoff Thorpe]
-
-  *) BN_CTX_get() should return zero-valued bignums, providing the same
-     initialised value as BN_new().
-     [Geoff Thorpe, suggested by Ulf Möller]
-
-  *) Support for inhibitAnyPolicy certificate extension.
-     [Steve Henson]
-
-  *) An audit of the BIGNUM code is underway, for which debugging code is
-     enabled when BN_DEBUG is defined. This makes stricter enforcements on what
-     is considered valid when processing BIGNUMs, and causes execution to
-     assert() when a problem is discovered. If BN_DEBUG_RAND is defined,
-     further steps are taken to deliberately pollute unused data in BIGNUM
-     structures to try and expose faulty code further on. For now, openssl will
-     (in its default mode of operation) continue to tolerate the inconsistent
-     forms that it has tolerated in the past, but authors and packagers should
-     consider trying openssl and their own applications when compiled with
-     these debugging symbols defined. It will help highlight potential bugs in
-     their own code, and will improve the test coverage for OpenSSL itself. At
-     some point, these tighter rules will become openssl's default to improve
-     maintainability, though the assert()s and other overheads will remain only
-     in debugging configurations. See bn.h for more details.
-     [Geoff Thorpe, Nils Larsch, Ulf Möller]
-
-  *) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure
-     that can only be obtained through BN_CTX_new() (which implicitly
-     initialises it). The presence of this function only made it possible
-     to overwrite an existing structure (and cause memory leaks).
-     [Geoff Thorpe]
-
-  *) Because of the callback-based approach for implementing LHASH as a
-     template type, lh_insert() adds opaque objects to hash-tables and
-     lh_doall() or lh_doall_arg() are typically used with a destructor callback
-     to clean up those corresponding objects before destroying the hash table
-     (and losing the object pointers). So some over-zealous constifications in
-     LHASH have been relaxed so that lh_insert() does not take (nor store) the
-     objects as "const" and the lh_doall[_arg] callback wrappers are not
-     prototyped to have "const" restrictions on the object pointers they are
-     given (and so aren't required to cast them away any more).
-     [Geoff Thorpe]
-
-  *) The tmdiff.h API was so ugly and minimal that our own timing utility
-     (speed) prefers to use its own implementation. The two implementations
-     haven't been consolidated as yet (volunteers?) but the tmdiff API has had
-     its object type properly exposed (MS_TM) instead of casting to/from "char
-     *". This may still change yet if someone realises MS_TM and "ms_time_***"
-     aren't necessarily the greatest nomenclatures - but this is what was used
-     internally to the implementation so I've used that for now.
-     [Geoff Thorpe]
-
-  *) Ensure that deprecated functions do not get compiled when
-     OPENSSL_NO_DEPRECATED is defined. Some "openssl" subcommands and a few of
-     the self-tests were still using deprecated key-generation functions so
-     these have been updated also.
-     [Geoff Thorpe]
-
-  *) Reorganise PKCS#7 code to separate the digest location functionality
-     into PKCS7_find_digest(), digest addtion into PKCS7_bio_add_digest().
-     New function PKCS7_set_digest() to set the digest type for PKCS#7
-     digestedData type. Add additional code to correctly generate the
-     digestedData type and add support for this type in PKCS7 initialization
-     functions.
-     [Steve Henson]
-
-  *) New function PKCS7_set0_type_other() this initializes a PKCS7 
-     structure of type "other".
-     [Steve Henson]
-
-  *) Fix prime generation loop in crypto/bn/bn_prime.pl by making
-     sure the loop does correctly stop and breaking ("division by zero")
-     modulus operations are not performed. The (pre-generated) prime
-     table crypto/bn/bn_prime.h was already correct, but it could not be
-     re-generated on some platforms because of the "division by zero"
-     situation in the script.
-     [Ralf S. Engelschall]
-
-  *) Update support for ECC-based TLS ciphersuites according to
-     draft-ietf-tls-ecc-03.txt: the KDF1 key derivation function with
-     SHA-1 now is only used for "small" curves (where the
-     representation of a field element takes up to 24 bytes); for
-     larger curves, the field element resulting from ECDH is directly
-     used as premaster secret.
-     [Douglas Stebila (Sun Microsystems Laboratories)]
-
-  *) Add code for kP+lQ timings to crypto/ec/ectest.c, and add SEC2
-     curve secp160r1 to the tests.
-     [Douglas Stebila (Sun Microsystems Laboratories)]
-
-  *) Add the possibility to load symbols globally with DSO.
-     [Götz Babin-Ebell <babin-ebell at trustcenter.de> via Richard Levitte]
-
-  *) Add the functions ERR_set_mark() and ERR_pop_to_mark() for better
-     control of the error stack.
-     [Richard Levitte]
-
-  *) Add support for STORE in ENGINE.
-     [Richard Levitte]
-
-  *) Add the STORE type.  The intention is to provide a common interface
-     to certificate and key stores, be they simple file-based stores, or
-     HSM-type store, or LDAP stores, or...
-     NOTE: The code is currently UNTESTED and isn't really used anywhere.
-     [Richard Levitte]
-
-  *) Add a generic structure called OPENSSL_ITEM.  This can be used to
-     pass a list of arguments to any function as well as provide a way
-     for a function to pass data back to the caller.
-     [Richard Levitte]
-
-  *) Add the functions BUF_strndup() and BUF_memdup().  BUF_strndup()
-     works like BUF_strdup() but can be used to duplicate a portion of
-     a string.  The copy gets NUL-terminated.  BUF_memdup() duplicates
-     a memory area.
-     [Richard Levitte]
-
-  *) Add the function sk_find_ex() which works like sk_find(), but will
-     return an index to an element even if an exact match couldn't be
-     found.  The index is guaranteed to point at the element where the
-     searched-for key would be inserted to preserve sorting order.
-     [Richard Levitte]
-
-  *) Add the function OBJ_bsearch_ex() which works like OBJ_bsearch() but
-     takes an extra flags argument for optional functionality.  Currently,
-     the following flags are defined:
-
-	OBJ_BSEARCH_VALUE_ON_NOMATCH
-	This one gets OBJ_bsearch_ex() to return a pointer to the first
-	element where the comparing function returns a negative or zero
-	number.
-
-	OBJ_BSEARCH_FIRST_VALUE_ON_MATCH
-	This one gets OBJ_bsearch_ex() to return a pointer to the first
-	element where the comparing function returns zero.  This is useful
-	if there are more than one element where the comparing function
-	returns zero.
-     [Richard Levitte]
-
-  *) Make it possible to create self-signed certificates with 'openssl ca'
-     in such a way that the self-signed certificate becomes part of the
-     CA database and uses the same mechanisms for serial number generation
-     as all other certificate signing.  The new flag '-selfsign' enables
-     this functionality.  Adapt CA.sh and CA.pl.in.
-     [Richard Levitte]
-
-  *) Add functionality to check the public key of a certificate request
-     against a given private.  This is useful to check that a certificate
-     request can be signed by that key (self-signing).
-     [Richard Levitte]
-
-  *) Make it possible to have multiple active certificates with the same
-     subject in the CA index file.  This is done only if the keyword
-     'unique_subject' is set to 'no' in the main CA section (default
-     if 'CA_default') of the configuration file.  The value is saved
-     with the database itself in a separate index attribute file,
-     named like the index file with '.attr' appended to the name.
-     [Richard Levitte]
-
-  *) Generate muti valued AVAs using '+' notation in config files for
-     req and dirName.
-     [Steve Henson]
-
-  *) Support for nameConstraints certificate extension.
-     [Steve Henson]
-
-  *) Support for policyConstraints certificate extension.
-     [Steve Henson]
-
-  *) Support for policyMappings certificate extension.
-     [Steve Henson]
-
-  *) Make sure the default DSA_METHOD implementation only uses its
-     dsa_mod_exp() and/or bn_mod_exp() handlers if they are non-NULL,
-     and change its own handlers to be NULL so as to remove unnecessary
-     indirection. This lets alternative implementations fallback to the
-     default implementation more easily.
-     [Geoff Thorpe]
-
-  *) Support for directoryName in GeneralName related extensions
-     in config files.
-     [Steve Henson]
-
-  *) Make it possible to link applications using Makefile.shared.
-     Make that possible even when linking against static libraries!
-     [Richard Levitte]
-
-  *) Support for single pass processing for S/MIME signing. This now
-     means that S/MIME signing can be done from a pipe, in addition
-     cleartext signing (multipart/signed type) is effectively streaming
-     and the signed data does not need to be all held in memory.
-
-     This is done with a new flag PKCS7_STREAM. When this flag is set
-     PKCS7_sign() only initializes the PKCS7 structure and the actual signing
-     is done after the data is output (and digests calculated) in
-     SMIME_write_PKCS7().
-     [Steve Henson]
-
-  *) Add full support for -rpath/-R, both in shared libraries and
-     applications, at least on the platforms where it's known how
-     to do it.
-     [Richard Levitte]
-
-  *) In crypto/ec/ec_mult.c, implement fast point multiplication with
-     precomputation, based on wNAF splitting: EC_GROUP_precompute_mult()
-     will now compute a table of multiples of the generator that
-     makes subsequent invocations of EC_POINTs_mul() or EC_POINT_mul()
-     faster (notably in the case of a single point multiplication,
-     scalar * generator).
-     [Nils Larsch, Bodo Moeller]
-
-  *) IPv6 support for certificate extensions. The various extensions
-     which use the IP:a.b.c.d can now take IPv6 addresses using the
-     formats of RFC1884 2.2 . IPv6 addresses are now also displayed
-     correctly.
-     [Steve Henson]
-
-  *) Added an ENGINE that implements RSA by performing private key
-     exponentiations with the GMP library. The conversions to and from
-     GMP's mpz_t format aren't optimised nor are any montgomery forms
-     cached, and on x86 it appears OpenSSL's own performance has caught up.
-     However there are likely to be other architectures where GMP could
-     provide a boost. This ENGINE is not built in by default, but it can be
-     specified at Configure time and should be accompanied by the necessary
-     linker additions, eg;
-         ./config -DOPENSSL_USE_GMP -lgmp
-     [Geoff Thorpe]
-
-  *) "openssl engine" will not display ENGINE/DSO load failure errors when
-     testing availability of engines with "-t" - the old behaviour is
-     produced by increasing the feature's verbosity with "-tt".
-     [Geoff Thorpe]
-
-  *) ECDSA routines: under certain error conditions uninitialized BN objects
-     could be freed. Solution: make sure initialization is performed early
-     enough. (Reported and fix supplied by Nils Larsch <nla at trustcenter.de>
-     via PR#459)
-     [Lutz Jaenicke]
-
-  *) Key-generation can now be implemented in RSA_METHOD, DSA_METHOD
-     and DH_METHOD (eg. by ENGINE implementations) to override the normal
-     software implementations. For DSA and DH, parameter generation can
-     also be overriden by providing the appropriate method callbacks.
-     [Geoff Thorpe]
-
-  *) Change the "progress" mechanism used in key-generation and
-     primality testing to functions that take a new BN_GENCB pointer in
-     place of callback/argument pairs. The new API functions have "_ex"
-     postfixes and the older functions are reimplemented as wrappers for
-     the new ones. The OPENSSL_NO_DEPRECATED symbol can be used to hide
-     declarations of the old functions to help (graceful) attempts to
-     migrate to the new functions. Also, the new key-generation API
-     functions operate on a caller-supplied key-structure and return
-     success/failure rather than returning a key or NULL - this is to
-     help make "keygen" another member function of RSA_METHOD etc.
-
-     Example for using the new callback interface:
-
-          int (*my_callback)(int a, int b, BN_GENCB *cb) = ...;
-          void *my_arg = ...;
-          BN_GENCB my_cb;
-
-          BN_GENCB_set(&my_cb, my_callback, my_arg);
-
-          return BN_is_prime_ex(some_bignum, BN_prime_checks, NULL, &cb);
-          /* For the meaning of a, b in calls to my_callback(), see the
-           * documentation of the function that calls the callback.
-           * cb will point to my_cb; my_arg can be retrieved as cb->arg.
-           * my_callback should return 1 if it wants BN_is_prime_ex()
-           * to continue, or 0 to stop.
-           */
-
-     [Geoff Thorpe]
-
-  *) Change the ZLIB compression method to be stateful, and make it
-     available to TLS with the number defined in 
-     draft-ietf-tls-compression-04.txt.
-     [Richard Levitte]
-
-  *) Add the ASN.1 structures and functions for CertificatePair, which
-     is defined as follows (according to X.509_4thEditionDraftV6.pdf):
-
-     CertificatePair ::= SEQUENCE {
-        forward		[0]	Certificate OPTIONAL,
-        reverse		[1]	Certificate OPTIONAL,
-        -- at least one of the pair shall be present -- }
-
-     Also implement the PEM functions to read and write certificate
-     pairs, and defined the PEM tag as "CERTIFICATE PAIR".
-
-     This needed to be defined, mostly for the sake of the LDAP
-     attribute crossCertificatePair, but may prove useful elsewhere as
-     well.
-     [Richard Levitte]
-
-  *) Make it possible to inhibit symlinking of shared libraries in
-     Makefile.shared, for Cygwin's sake.
-     [Richard Levitte]
-
-  *) Extend the BIGNUM API by creating a function 
-          void BN_set_negative(BIGNUM *a, int neg);
-     and a macro that behave like
-          int  BN_is_negative(const BIGNUM *a);
-
-     to avoid the need to access 'a->neg' directly in applications.
-     [Nils Larsch]
-
-  *) Implement fast modular reduction for pseudo-Mersenne primes
-     used in NIST curves (crypto/bn/bn_nist.c, crypto/ec/ecp_nist.c).
-     EC_GROUP_new_curve_GFp() will now automatically use this
-     if applicable.
-     [Nils Larsch <nla at trustcenter.de>]
-
-  *) Add new lock type (CRYPTO_LOCK_BN).
-     [Bodo Moeller]
-
-  *) Change the ENGINE framework to automatically load engines
-     dynamically from specific directories unless they could be
-     found to already be built in or loaded.  Move all the
-     current engines except for the cryptodev one to a new
-     directory engines/.
-     The engines in engines/ are built as shared libraries if
-     the "shared" options was given to ./Configure or ./config.
-     Otherwise, they are inserted in libcrypto.a.
-     /usr/local/ssl/engines is the default directory for dynamic
-     engines, but that can be overriden at configure time through
-     the usual use of --prefix and/or --openssldir, and at run
-     time with the environment variable OPENSSL_ENGINES.
-     [Geoff Thorpe and Richard Levitte]
-
-  *) Add Makefile.shared, a helper makefile to build shared
-     libraries.  Addapt Makefile.org.
-     [Richard Levitte]
-
-  *) Add version info to Win32 DLLs.
-     [Peter 'Luna' Runestig" <peter at runestig.com>]
-
-  *) Add new 'medium level' PKCS#12 API. Certificates and keys
-     can be added using this API to created arbitrary PKCS#12
-     files while avoiding the low level API.
-
-     New options to PKCS12_create(), key or cert can be NULL and
-     will then be omitted from the output file. The encryption
-     algorithm NIDs can be set to -1 for no encryption, the mac
-     iteration count can be set to 0 to omit the mac.
-
-     Enhance pkcs12 utility by making the -nokeys and -nocerts
-     options work when creating a PKCS#12 file. New option -nomac
-     to omit the mac, NONE can be set for an encryption algorithm.
-     New code is modified to use the enhanced PKCS12_create()
-     instead of the low level API.
-     [Steve Henson]
-
-  *) Extend ASN1 encoder to support indefinite length constructed
-     encoding. This can output sequences tags and octet strings in
-     this form. Modify pk7_asn1.c to support indefinite length
-     encoding. This is experimental and needs additional code to
-     be useful, such as an ASN1 bio and some enhanced streaming
-     PKCS#7 code.
-
-     Extend template encode functionality so that tagging is passed
-     down to the template encoder.
-     [Steve Henson]
-
-  *) Let 'openssl req' fail if an argument to '-newkey' is not
-     recognized instead of using RSA as a default.
-     [Bodo Moeller]
-
-  *) Add support for ECC-based ciphersuites from draft-ietf-tls-ecc-01.txt.
-     As these are not official, they are not included in "ALL";
-     the "ECCdraft" ciphersuite group alias can be used to select them.
-     [Vipul Gupta and Sumit Gupta (Sun Microsystems Laboratories)]
-
-  *) Add ECDH engine support.
-     [Nils Gura and Douglas Stebila (Sun Microsystems Laboratories)]
-
-  *) Add ECDH in new directory crypto/ecdh/.
-     [Douglas Stebila (Sun Microsystems Laboratories)]
-
-  *) Let BN_rand_range() abort with an error after 100 iterations
-     without success (which indicates a broken PRNG).
-     [Bodo Moeller]
-
-  *) Change BN_mod_sqrt() so that it verifies that the input value
-     is really the square of the return value.  (Previously,
-     BN_mod_sqrt would show GIGO behaviour.)
-     [Bodo Moeller]
-
-  *) Add named elliptic curves over binary fields from X9.62, SECG,
-     and WAP/WTLS; add OIDs that were still missing.
-
-     [Sheueling Chang Shantz and Douglas Stebila
-     (Sun Microsystems Laboratories)]
-
-  *) Extend the EC library for elliptic curves over binary fields
-     (new files ec2_smpl.c, ec2_smpt.c, ec2_mult.c in crypto/ec/).
-     New EC_METHOD:
-
-          EC_GF2m_simple_method
-
-     New API functions:
-
-          EC_GROUP_new_curve_GF2m
-          EC_GROUP_set_curve_GF2m
-          EC_GROUP_get_curve_GF2m
-          EC_POINT_set_affine_coordinates_GF2m
-          EC_POINT_get_affine_coordinates_GF2m
-          EC_POINT_set_compressed_coordinates_GF2m
-
-     Point compression for binary fields is disabled by default for
-     patent reasons (compile with OPENSSL_EC_BIN_PT_COMP defined to
-     enable it).
-
-     As binary polynomials are represented as BIGNUMs, various members
-     of the EC_GROUP and EC_POINT data structures can be shared
-     between the implementations for prime fields and binary fields;
-     the above ..._GF2m functions (except for EX_GROUP_new_curve_GF2m)
-     are essentially identical to their ..._GFp counterparts.
-     (For simplicity, the '..._GFp' prefix has been dropped from
-     various internal method names.)
-
-     An internal 'field_div' method (similar to 'field_mul' and
-     'field_sqr') has been added; this is used only for binary fields.
-
-     [Sheueling Chang Shantz and Douglas Stebila
-     (Sun Microsystems Laboratories)]
-
-  *) Optionally dispatch EC_POINT_mul(), EC_POINT_precompute_mult()
-     through methods ('mul', 'precompute_mult').
-
-     The generic implementations (now internally called 'ec_wNAF_mul'
-     and 'ec_wNAF_precomputed_mult') remain the default if these
-     methods are undefined.
-
-     [Sheueling Chang Shantz and Douglas Stebila
-     (Sun Microsystems Laboratories)]
-
-  *) New function EC_GROUP_get_degree, which is defined through
-     EC_METHOD.  For curves over prime fields, this returns the bit
-     length of the modulus.
-
-     [Sheueling Chang Shantz and Douglas Stebila
-     (Sun Microsystems Laboratories)]
-
-  *) New functions EC_GROUP_dup, EC_POINT_dup.
-     (These simply call ..._new  and ..._copy).
-
-     [Sheueling Chang Shantz and Douglas Stebila
-     (Sun Microsystems Laboratories)]
-
-  *) Add binary polynomial arithmetic software in crypto/bn/bn_gf2m.c.
-     Polynomials are represented as BIGNUMs (where the sign bit is not
-     used) in the following functions [macros]:  
-
-          BN_GF2m_add
-          BN_GF2m_sub             [= BN_GF2m_add]
-          BN_GF2m_mod             [wrapper for BN_GF2m_mod_arr]
-          BN_GF2m_mod_mul         [wrapper for BN_GF2m_mod_mul_arr]
-          BN_GF2m_mod_sqr         [wrapper for BN_GF2m_mod_sqr_arr]
-          BN_GF2m_mod_inv
-          BN_GF2m_mod_exp         [wrapper for BN_GF2m_mod_exp_arr]
-          BN_GF2m_mod_sqrt        [wrapper for BN_GF2m_mod_sqrt_arr]
-          BN_GF2m_mod_solve_quad  [wrapper for BN_GF2m_mod_solve_quad_arr]
-          BN_GF2m_cmp             [= BN_ucmp]
-
-     (Note that only the 'mod' functions are actually for fields GF(2^m).
-     BN_GF2m_add() is misnomer, but this is for the sake of consistency.)
-
-     For some functions, an the irreducible polynomial defining a
-     field can be given as an 'unsigned int[]' with strictly
-     decreasing elements giving the indices of those bits that are set;
-     i.e., p[] represents the polynomial
-          f(t) = t^p[0] + t^p[1] + ... + t^p[k]
-     where
-          p[0] > p[1] > ... > p[k] = 0.
-     This applies to the following functions:
-
-          BN_GF2m_mod_arr
-          BN_GF2m_mod_mul_arr
-          BN_GF2m_mod_sqr_arr
-          BN_GF2m_mod_inv_arr        [wrapper for BN_GF2m_mod_inv]
-          BN_GF2m_mod_div_arr        [wrapper for BN_GF2m_mod_div]
-          BN_GF2m_mod_exp_arr
-          BN_GF2m_mod_sqrt_arr
-          BN_GF2m_mod_solve_quad_arr
-          BN_GF2m_poly2arr
-          BN_GF2m_arr2poly
-
-     Conversion can be performed by the following functions:
-
-          BN_GF2m_poly2arr
-          BN_GF2m_arr2poly
-
-     bntest.c has additional tests for binary polynomial arithmetic.
-
-     Two implementations for BN_GF2m_mod_div() are available.
-     The default algorithm simply uses BN_GF2m_mod_inv() and
-     BN_GF2m_mod_mul().  The alternative algorithm is compiled in only
-     if OPENSSL_SUN_GF2M_DIV is defined (patent pending; read the
-     copyright notice in crypto/bn/bn_gf2m.c before enabling it).
-
-     [Sheueling Chang Shantz and Douglas Stebila
-     (Sun Microsystems Laboratories)]
-
-  *) Add new error code 'ERR_R_DISABLED' that can be used when some
-     functionality is disabled at compile-time.
-     [Douglas Stebila <douglas.stebila at sun.com>]
-
-  *) Change default behaviour of 'openssl asn1parse' so that more
-     information is visible when viewing, e.g., a certificate:
-
-     Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump'
-     mode the content of non-printable OCTET STRINGs is output in a
-     style similar to INTEGERs, but with '[HEX DUMP]' prepended to
-     avoid the appearance of a printable string.
-     [Nils Larsch <nla at trustcenter.de>]
-
-  *) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access
-     functions
-          EC_GROUP_set_asn1_flag()
-          EC_GROUP_get_asn1_flag()
-          EC_GROUP_set_point_conversion_form()
-          EC_GROUP_get_point_conversion_form()
-     These control ASN1 encoding details:
-     - Curves (i.e., groups) are encoded explicitly unless asn1_flag
-       has been set to OPENSSL_EC_NAMED_CURVE.
-     - Points are encoded in uncompressed form by default; options for
-       asn1_for are as for point2oct, namely
-          POINT_CONVERSION_COMPRESSED
-          POINT_CONVERSION_UNCOMPRESSED
-          POINT_CONVERSION_HYBRID
-
-     Also add 'seed' and 'seed_len' members to EC_GROUP with access
-     functions
-          EC_GROUP_set_seed()
-          EC_GROUP_get0_seed()
-          EC_GROUP_get_seed_len()
-     This is used only for ASN1 purposes (so far).
-     [Nils Larsch <nla at trustcenter.de>]
-
-  *) Add 'field_type' member to EC_METHOD, which holds the NID
-     of the appropriate field type OID.  The new function
-     EC_METHOD_get_field_type() returns this value.
-     [Nils Larsch <nla at trustcenter.de>]
-
-  *) Add functions 
-          EC_POINT_point2bn()
-          EC_POINT_bn2point()
-          EC_POINT_point2hex()
-          EC_POINT_hex2point()
-     providing useful interfaces to EC_POINT_point2oct() and
-     EC_POINT_oct2point().
-     [Nils Larsch <nla at trustcenter.de>]
-
-  *) Change internals of the EC library so that the functions
-          EC_GROUP_set_generator()
-          EC_GROUP_get_generator()
-          EC_GROUP_get_order()
-          EC_GROUP_get_cofactor()
-     are implemented directly in crypto/ec/ec_lib.c and not dispatched
-     to methods, which would lead to unnecessary code duplication when
-     adding different types of curves.
-     [Nils Larsch <nla at trustcenter.de> with input by Bodo Moeller]
-
-  *) Implement compute_wNAF (crypto/ec/ec_mult.c) without BIGNUM
-     arithmetic, and such that modified wNAFs are generated
-     (which avoid length expansion in many cases).
-     [Bodo Moeller]
-
-  *) Add a function EC_GROUP_check_discriminant() (defined via
-     EC_METHOD) that verifies that the curve discriminant is non-zero.
-
-     Add a function EC_GROUP_check() that makes some sanity tests
-     on a EC_GROUP, its generator and order.  This includes
-     EC_GROUP_check_discriminant().
-     [Nils Larsch <nla at trustcenter.de>]
-
-  *) Add ECDSA in new directory crypto/ecdsa/.
-
-     Add applications 'openssl ecparam' and 'openssl ecdsa'
-     (these are based on 'openssl dsaparam' and 'openssl dsa').
-
-     ECDSA support is also included in various other files across the
-     library.  Most notably,
-     - 'openssl req' now has a '-newkey ecdsa:file' option;
-     - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA;
-     - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and
-       d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make
-       them suitable for ECDSA where domain parameters must be
-       extracted before the specific public key;
-     - ECDSA engine support has been added.
-     [Nils Larsch <nla at trustcenter.de>]
-
-  *) Include some named elliptic curves, and add OIDs from X9.62,
-     SECG, and WAP/WTLS.  Each curve can be obtained from the new
-     function
-          EC_GROUP_new_by_curve_name(),
-     and the list of available named curves can be obtained with
-          EC_get_builtin_curves().
-     Also add a 'curve_name' member to EC_GROUP objects, which can be
-     accessed via
-         EC_GROUP_set_curve_name()
-         EC_GROUP_get_curve_name()
-     [Nils Larsch <larsch at trustcenter.de, Bodo Moeller]
- 
-  *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there
-     was actually never needed) and in BN_mul().  The removal in BN_mul()
-     required a small change in bn_mul_part_recursive() and the addition
-     of the functions bn_cmp_part_words(), bn_sub_part_words() and
-     bn_add_part_words(), which do the same thing as bn_cmp_words(),
-     bn_sub_words() and bn_add_words() except they take arrays with
-     differing sizes.
-     [Richard Levitte]
-
- Changes between 0.9.7l and 0.9.7m  [23 Feb 2007]
-
-  *) Cleanse PEM buffers before freeing them since they may contain 
-     sensitive data.
-     [Benjamin Bennett <ben at psc.edu>]
-
-  *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that
-     a ciphersuite string such as "DEFAULT:RSA" cannot enable
-     authentication-only ciphersuites.
-     [Bodo Moeller]
-
-  *) Since AES128 and AES256 share a single mask bit in the logic of
-     ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a
-     kludge to work properly if AES128 is available and AES256 isn't.
-     [Victor Duchovni]
-
-  *) Expand security boundary to match 1.1.1 module.
-     [Steve Henson]
-
-  *) Remove redundant features: hash file source, editing of test vectors
-     modify fipsld to use external fips_premain.c signature.
-     [Steve Henson]
-
-  *) New perl script mkfipsscr.pl to create shell scripts or batch files to
-     run algorithm test programs.
-     [Steve Henson]
-
-  *) Make algorithm test programs more tolerant of whitespace.
-     [Steve Henson]
-
-  *) Have SSL/TLS server implementation tolerate "mismatched" record
-     protocol version while receiving ClientHello even if the
-     ClientHello is fragmented.  (The server can't insist on the
-     particular protocol version it has chosen before the ServerHello
-     message has informed the client about his choice.)
-     [Bodo Moeller]
-
-  *) Load error codes if they are not already present instead of using a
-     static variable. This allows them to be cleanly unloaded and reloaded.
-     [Steve Henson]
-
- Changes between 0.9.7k and 0.9.7l  [28 Sep 2006]
-
-  *) Introduce limits to prevent malicious keys being able to
-     cause a denial of service.  (CVE-2006-2940)
-     [Steve Henson, Bodo Moeller]
-
-  *) Fix ASN.1 parsing of certain invalid structures that can result
-     in a denial of service.  (CVE-2006-2937)  [Steve Henson]
-
-  *) Fix buffer overflow in SSL_get_shared_ciphers() function. 
-     (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
-
-  *) Fix SSL client code which could crash if connecting to a
-     malicious SSLv2 server.  (CVE-2006-4343)
-     [Tavis Ormandy and Will Drewry, Google Security Team]
-
-  *) Change ciphersuite string processing so that an explicit
-     ciphersuite selects this one ciphersuite (so that "AES256-SHA"
-     will no longer include "AES128-SHA"), and any other similar
-     ciphersuite (same bitmap) from *other* protocol versions (so that
-     "RC4-MD5" will still include both the SSL 2.0 ciphersuite and the
-     SSL 3.0/TLS 1.0 ciphersuite).  This is a backport combining
-     changes from 0.9.8b and 0.9.8d.
-     [Bodo Moeller]
-
- Changes between 0.9.7j and 0.9.7k  [05 Sep 2006]
-
-  *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
-     (CVE-2006-4339)  [Ben Laurie and Google Security Team]
-
-  *) Change the Unix randomness entropy gathering to use poll() when
-     possible instead of select(), since the latter has some
-     undesirable limitations.
-     [Darryl Miles via Richard Levitte and Bodo Moeller]
-
-  *) Disable rogue ciphersuites:
-
-      - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
-      - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
-      - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
-
-     The latter two were purportedly from
-     draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
-     appear there.
-
-     Also deactive the remaining ciphersuites from
-     draft-ietf-tls-56-bit-ciphersuites-01.txt.  These are just as
-     unofficial, and the ID has long expired.
-     [Bodo Moeller]
-
-  *) Fix RSA blinding Heisenbug (problems sometimes occured on
-     dual-core machines) and other potential thread-safety issues.
-     [Bodo Moeller]
-
- Changes between 0.9.7i and 0.9.7j  [04 May 2006]
-
-  *) Adapt fipsld and the build system to link against the validated FIPS
-     module in FIPS mode.
-     [Steve Henson]
-
-  *) Fixes for VC++ 2005 build under Windows.
-     [Steve Henson]
-
-  *) Add new Windows build target VC-32-GMAKE for VC++. This uses GNU make 
-     from a Windows bash shell such as MSYS. It is autodetected from the
-     "config" script when run from a VC++ environment. Modify standard VC++
-     build to use fipscanister.o from the GNU make build. 
-     [Steve Henson]
-
- Changes between 0.9.7h and 0.9.7i  [14 Oct 2005]
-
-  *) Wrapped the definition of EVP_MAX_MD_SIZE in a #ifdef OPENSSL_FIPS.
-     The value now differs depending on if you build for FIPS or not.
-     BEWARE!  A program linked with a shared FIPSed libcrypto can't be
-     safely run with a non-FIPSed libcrypto, as it may crash because of
-     the difference induced by this change.
-     [Andy Polyakov]
-
- Changes between 0.9.7g and 0.9.7h  [11 Oct 2005]
-
-  *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
-     (part of SSL_OP_ALL).  This option used to disable the
-     countermeasure against man-in-the-middle protocol-version
-     rollback in the SSL 2.0 server implementation, which is a bad
-     idea.  (CVE-2005-2969)
-
-     [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
-     for Information Security, National Institute of Advanced Industrial
-     Science and Technology [AIST], Japan)]
-
-  *) Minimal support for X9.31 signatures and PSS padding modes. This is
-     mainly for FIPS compliance and not fully integrated at this stage.
-     [Steve Henson]
-
-  *) For DSA signing, unless DSA_FLAG_NO_EXP_CONSTTIME is set, perform
-     the exponentiation using a fixed-length exponent.  (Otherwise,
-     the information leaked through timing could expose the secret key
-     after many signatures; cf. Bleichenbacher's attack on DSA with
-     biased k.)
-     [Bodo Moeller]
-
-  *) Make a new fixed-window mod_exp implementation the default for
-     RSA, DSA, and DH private-key operations so that the sequence of
-     squares and multiplies and the memory access pattern are
-     independent of the particular secret key.  This will mitigate
-     cache-timing and potential related attacks.
-
-     BN_mod_exp_mont_consttime() is the new exponentiation implementation,
-     and this is automatically used by BN_mod_exp_mont() if the new flag
-     BN_FLG_EXP_CONSTTIME is set for the exponent.  RSA, DSA, and DH
-     will use this BN flag for private exponents unless the flag
-     RSA_FLAG_NO_EXP_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME, or
-     DH_FLAG_NO_EXP_CONSTTIME, respectively, is set.
-
-     [Matthew D Wood (Intel Corp), with some changes by Bodo Moeller]
-
-  *) Change the client implementation for SSLv23_method() and
-     SSLv23_client_method() so that is uses the SSL 3.0/TLS 1.0
-     Client Hello message format if the SSL_OP_NO_SSLv2 option is set.
-     (Previously, the SSL 2.0 backwards compatible Client Hello
-     message format would be used even with SSL_OP_NO_SSLv2.)
-     [Bodo Moeller]
-
-  *) Add support for smime-type MIME parameter in S/MIME messages which some
-     clients need.
-     [Steve Henson]
-
-  *) New function BN_MONT_CTX_set_locked() to set montgomery parameters in
-     a threadsafe manner. Modify rsa code to use new function and add calls
-     to dsa and dh code (which had race conditions before).
-     [Steve Henson]
-
-  *) Include the fixed error library code in the C error file definitions
-     instead of fixing them up at runtime. This keeps the error code
-     structures constant.
-     [Steve Henson]
-
- Changes between 0.9.7f and 0.9.7g  [11 Apr 2005]
-
-  [NB: OpenSSL 0.9.7h and later 0.9.7 patch levels were released after
-  OpenSSL 0.9.8.]
-
-  *) Fixes for newer kerberos headers. NB: the casts are needed because
-     the 'length' field is signed on one version and unsigned on another
-     with no (?) obvious way to tell the difference, without these VC++
-     complains. Also the "definition" of FAR (blank) is no longer included
-     nor is the error ENOMEM. KRB5_PRIVATE has to be set to 1 to pick up
-     some needed definitions.
-     [Steve Henson]
-
-  *) Undo Cygwin change.
-     [Ulf Möller]
-
-  *) Added support for proxy certificates according to RFC 3820.
-     Because they may be a security thread to unaware applications,
-     they must be explicitely allowed in run-time.  See
-     docs/HOWTO/proxy_certificates.txt for further information.
-     [Richard Levitte]
-
- Changes between 0.9.7e and 0.9.7f  [22 Mar 2005]
-
-  *) Use (SSL_RANDOM_VALUE - 4) bytes of pseudo random data when generating
-     server and client random values. Previously
-     (SSL_RANDOM_VALUE - sizeof(time_t)) would be used which would result in
-     less random data when sizeof(time_t) > 4 (some 64 bit platforms).
-
-     This change has negligible security impact because:
-
-     1. Server and client random values still have 24 bytes of pseudo random
-        data.
-
-     2. Server and client random values are sent in the clear in the initial
-        handshake.
-
-     3. The master secret is derived using the premaster secret (48 bytes in
-        size for static RSA ciphersuites) as well as client server and random
-        values.
-
-     The OpenSSL team would like to thank the UK NISCC for bringing this issue
-     to our attention. 
-
-     [Stephen Henson, reported by UK NISCC]
-
-  *) Use Windows randomness collection on Cygwin.
-     [Ulf Möller]
-
-  *) Fix hang in EGD/PRNGD query when communication socket is closed
-     prematurely by EGD/PRNGD.
-     [Darren Tucker <dtucker at zip.com.au> via Lutz Jänicke, resolves #1014]
-
-  *) Prompt for pass phrases when appropriate for PKCS12 input format.
-     [Steve Henson]
-
-  *) Back-port of selected performance improvements from development
-     branch, as well as improved support for PowerPC platforms.
-     [Andy Polyakov]
-
-  *) Add lots of checks for memory allocation failure, error codes to indicate
-     failure and freeing up memory if a failure occurs.
-     [Nauticus Networks SSL Team <openssl at nauticusnet.com>, Steve Henson]
-
-  *) Add new -passin argument to dgst.
-     [Steve Henson]
-
-  *) Perform some character comparisons of different types in X509_NAME_cmp:
-     this is needed for some certificates that reencode DNs into UTF8Strings
-     (in violation of RFC3280) and can't or wont issue name rollover
-     certificates.
-     [Steve Henson]
-
-  *) Make an explicit check during certificate validation to see that
-     the CA setting in each certificate on the chain is correct.  As a
-     side effect always do the following basic checks on extensions,
-     not just when there's an associated purpose to the check:
-
-      - if there is an unhandled critical extension (unless the user
-        has chosen to ignore this fault)
-      - if the path length has been exceeded (if one is set at all)
-      - that certain extensions fit the associated purpose (if one has
-        been given)
-     [Richard Levitte]
-
- Changes between 0.9.7d and 0.9.7e  [25 Oct 2004]
-
-  *) Avoid a race condition when CRLs are checked in a multi threaded 
-     environment. This would happen due to the reordering of the revoked
-     entries during signature checking and serial number lookup. Now the
-     encoding is cached and the serial number sort performed under a lock.
-     Add new STACK function sk_is_sorted().
-     [Steve Henson]
-
-  *) Add Delta CRL to the extension code.
-     [Steve Henson]
-
-  *) Various fixes to s3_pkt.c so alerts are sent properly.
-     [David Holmes <d.holmes at f5.com>]
-
-  *) Reduce the chances of duplicate issuer name and serial numbers (in
-     violation of RFC3280) using the OpenSSL certificate creation utilities.
-     This is done by creating a random 64 bit value for the initial serial
-     number when a serial number file is created or when a self signed
-     certificate is created using 'openssl req -x509'. The initial serial
-     number file is created using 'openssl x509 -next_serial' in CA.pl
-     rather than being initialized to 1.
-     [Steve Henson]
-
- Changes between 0.9.7c and 0.9.7d  [17 Mar 2004]
-
-  *) Fix null-pointer assignment in do_change_cipher_spec() revealed           
-     by using the Codenomicon TLS Test Tool (CVE-2004-0079)                    
-     [Joe Orton, Steve Henson]   
-
-  *) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
-     (CVE-2004-0112)
-     [Joe Orton, Steve Henson]   
-
-  *) Make it possible to have multiple active certificates with the same
-     subject in the CA index file.  This is done only if the keyword
-     'unique_subject' is set to 'no' in the main CA section (default
-     if 'CA_default') of the configuration file.  The value is saved
-     with the database itself in a separate index attribute file,
-     named like the index file with '.attr' appended to the name.
-     [Richard Levitte]
-
-  *) X509 verify fixes. Disable broken certificate workarounds when 
-     X509_V_FLAGS_X509_STRICT is set. Check CRL issuer has cRLSign set if
-     keyUsage extension present. Don't accept CRLs with unhandled critical
-     extensions: since verify currently doesn't process CRL extensions this
-     rejects a CRL with *any* critical extensions. Add new verify error codes
-     for these cases.
-     [Steve Henson]
-
-  *) When creating an OCSP nonce use an OCTET STRING inside the extnValue.
-     A clarification of RFC2560 will require the use of OCTET STRINGs and 
-     some implementations cannot handle the current raw format. Since OpenSSL
-     copies and compares OCSP nonces as opaque blobs without any attempt at
-     parsing them this should not create any compatibility issues.
-     [Steve Henson]
-
-  *) New md flag EVP_MD_CTX_FLAG_REUSE this allows md_data to be reused when
-     calling EVP_MD_CTX_copy_ex() to avoid calling OPENSSL_malloc(). Without
-     this HMAC (and other) operations are several times slower than OpenSSL
-     < 0.9.7.
-     [Steve Henson]
-
-  *) Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex().
-     [Peter Sylvester <Peter.Sylvester at EdelWeb.fr>]
-
-  *) Use the correct content when signing type "other".
-     [Steve Henson]
-
- Changes between 0.9.7b and 0.9.7c  [30 Sep 2003]
-
-  *) Fix various bugs revealed by running the NISCC test suite:
-
-     Stop out of bounds reads in the ASN1 code when presented with
-     invalid tags (CVE-2003-0543 and CVE-2003-0544).
-     
-     Free up ASN1_TYPE correctly if ANY type is invalid (CVE-2003-0545).
-
-     If verify callback ignores invalid public key errors don't try to check
-     certificate signature with the NULL public key.
-
-     [Steve Henson]
-
-  *) New -ignore_err option in ocsp application to stop the server
-     exiting on the first error in a request.
-     [Steve Henson]
-
-  *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
-     if the server requested one: as stated in TLS 1.0 and SSL 3.0
-     specifications.
-     [Steve Henson]
-
-  *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
-     extra data after the compression methods not only for TLS 1.0
-     but also for SSL 3.0 (as required by the specification).
-     [Bodo Moeller; problem pointed out by Matthias Loepfe]
-
-  *) Change X509_certificate_type() to mark the key as exported/exportable
-     when it's 512 *bits* long, not 512 bytes.
-     [Richard Levitte]
-
-  *) Change AES_cbc_encrypt() so it outputs exact multiple of
-     blocks during encryption.
-     [Richard Levitte]
-
-  *) Various fixes to base64 BIO and non blocking I/O. On write 
-     flushes were not handled properly if the BIO retried. On read
-     data was not being buffered properly and had various logic bugs.
-     This also affects blocking I/O when the data being decoded is a
-     certain size.
-     [Steve Henson]
-
-  *) Various S/MIME bugfixes and compatibility changes:
-     output correct application/pkcs7 MIME type if
-     PKCS7_NOOLDMIMETYPE is set. Tolerate some broken signatures.
-     Output CR+LF for EOL if PKCS7_CRLFEOL is set (this makes opening
-     of files as .eml work). Correctly handle very long lines in MIME
-     parser.
-     [Steve Henson]
-
- Changes between 0.9.7a and 0.9.7b  [10 Apr 2003]
-
-  *) Countermeasure against the Klima-Pokorny-Rosa extension of
-     Bleichbacher's attack on PKCS #1 v1.5 padding: treat
-     a protocol version number mismatch like a decryption error
-     in ssl3_get_client_key_exchange (ssl/s3_srvr.c).
-     [Bodo Moeller]
-
-  *) Turn on RSA blinding by default in the default implementation
-     to avoid a timing attack. Applications that don't want it can call
-     RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
-     They would be ill-advised to do so in most cases.
-     [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]
-
-  *) Change RSA blinding code so that it works when the PRNG is not
-     seeded (in this case, the secret RSA exponent is abused as
-     an unpredictable seed -- if it is not unpredictable, there
-     is no point in blinding anyway).  Make RSA blinding thread-safe
-     by remembering the creator's thread ID in rsa->blinding and
-     having all other threads use local one-time blinding factors
-     (this requires more computation than sharing rsa->blinding, but
-     avoids excessive locking; and if an RSA object is not shared
-     between threads, blinding will still be very fast).
-     [Bodo Moeller]
-
-  *) Fixed a typo bug that would cause ENGINE_set_default() to set an
-     ENGINE as defaults for all supported algorithms irrespective of
-     the 'flags' parameter. 'flags' is now honoured, so applications
-     should make sure they are passing it correctly.
-     [Geoff Thorpe]
-
-  *) Target "mingw" now allows native Windows code to be generated in
-     the Cygwin environment as well as with the MinGW compiler.
-     [Ulf Moeller] 
-
- Changes between 0.9.7 and 0.9.7a  [19 Feb 2003]
-
-  *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
-     via timing by performing a MAC computation even if incorrrect
-     block cipher padding has been found.  This is a countermeasure
-     against active attacks where the attacker has to distinguish
-     between bad padding and a MAC verification error. (CVE-2003-0078)
-
-     [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
-     Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
-     Martin Vuagnoux (EPFL, Ilion)]
-
-  *) Make the no-err option work as intended.  The intention with no-err
-     is not to have the whole error stack handling routines removed from
-     libcrypto, it's only intended to remove all the function name and
-     reason texts, thereby removing some of the footprint that may not
-     be interesting if those errors aren't displayed anyway.
-
-     NOTE: it's still possible for any application or module to have it's
-     own set of error texts inserted.  The routines are there, just not
-     used by default when no-err is given.
-     [Richard Levitte]
-
-  *) Add support for FreeBSD on IA64.
-     [dirk.meyer at dinoex.sub.org via Richard Levitte, resolves #454]
-
-  *) Adjust DES_cbc_cksum() so it returns the same value as the MIT
-     Kerberos function mit_des_cbc_cksum().  Before this change,
-     the value returned by DES_cbc_cksum() was like the one from
-     mit_des_cbc_cksum(), except the bytes were swapped.
-     [Kevin Greaney <Kevin.Greaney at hp.com> and Richard Levitte]
-
-  *) Allow an application to disable the automatic SSL chain building.
-     Before this a rather primitive chain build was always performed in
-     ssl3_output_cert_chain(): an application had no way to send the 
-     correct chain if the automatic operation produced an incorrect result.
-
-     Now the chain builder is disabled if either:
-
-     1. Extra certificates are added via SSL_CTX_add_extra_chain_cert().
-
-     2. The mode flag SSL_MODE_NO_AUTO_CHAIN is set.
-
-     The reasoning behind this is that an application would not want the
-     auto chain building to take place if extra chain certificates are
-     present and it might also want a means of sending no additional
-     certificates (for example the chain has two certificates and the
-     root is omitted).
-     [Steve Henson]
-
-  *) Add the possibility to build without the ENGINE framework.
-     [Steven Reddie <smr at essemer.com.au> via Richard Levitte]
-
-  *) Under Win32 gmtime() can return NULL: check return value in
-     OPENSSL_gmtime(). Add error code for case where gmtime() fails.
-     [Steve Henson]
-
-  *) DSA routines: under certain error conditions uninitialized BN objects
-     could be freed. Solution: make sure initialization is performed early
-     enough. (Reported and fix supplied by Ivan D Nestlerode <nestler at MIT.EDU>,
-     Nils Larsch <nla at trustcenter.de> via PR#459)
-     [Lutz Jaenicke]
-
-  *) Another fix for SSLv2 session ID handling: the session ID was incorrectly
-     checked on reconnect on the client side, therefore session resumption
-     could still fail with a "ssl session id is different" error. This
-     behaviour is masked when SSL_OP_ALL is used due to
-     SSL_OP_MICROSOFT_SESS_ID_BUG being set.
-     Behaviour observed by Crispin Flowerday <crispin at flowerday.cx> as
-     followup to PR #377.
-     [Lutz Jaenicke]
-
-  *) IA-32 assembler support enhancements: unified ELF targets, support
-     for SCO/Caldera platforms, fix for Cygwin shared build.
-     [Andy Polyakov]
-
-  *) Add support for FreeBSD on sparc64.  As a consequence, support for
-     FreeBSD on non-x86 processors is separate from x86 processors on
-     the config script, much like the NetBSD support.
-     [Richard Levitte & Kris Kennaway <kris at obsecurity.org>]
-
- Changes between 0.9.6h and 0.9.7  [31 Dec 2002]
-
-  [NB: OpenSSL 0.9.6i and later 0.9.6 patch levels were released after
-  OpenSSL 0.9.7.]
-
-  *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED
-     code (06) was taken as the first octet of the session ID and the last
-     octet was ignored consequently. As a result SSLv2 client side session
-     caching could not have worked due to the session ID mismatch between
-     client and server.
-     Behaviour observed by Crispin Flowerday <crispin at flowerday.cx> as
-     PR #377.
-     [Lutz Jaenicke]
-
-  *) Change the declaration of needed Kerberos libraries to use EX_LIBS
-     instead of the special (and badly supported) LIBKRB5.  LIBKRB5 is
-     removed entirely.
-     [Richard Levitte]
-
-  *) The hw_ncipher.c engine requires dynamic locks.  Unfortunately, it
-     seems that in spite of existing for more than a year, many application
-     author have done nothing to provide the necessary callbacks, which
-     means that this particular engine will not work properly anywhere.
-     This is a very unfortunate situation which forces us, in the name
-     of usability, to give the hw_ncipher.c a static lock, which is part
-     of libcrypto.
-     NOTE: This is for the 0.9.7 series ONLY.  This hack will never
-     appear in 0.9.8 or later.  We EXPECT application authors to have
-     dealt properly with this when 0.9.8 is released (unless we actually
-     make such changes in the libcrypto locking code that changes will
-     have to be made anyway).
-     [Richard Levitte]
-
-  *) In asn1_d2i_read_bio() repeatedly call BIO_read() until all content
-     octets have been read, EOF or an error occurs. Without this change
-     some truncated ASN1 structures will not produce an error.
-     [Steve Henson]
-
-  *) Disable Heimdal support, since it hasn't been fully implemented.
-     Still give the possibility to force the use of Heimdal, but with
-     warnings and a request that patches get sent to openssl-dev.
-     [Richard Levitte]
-
-  *) Add the VC-CE target, introduce the WINCE sysname, and add
-     INSTALL.WCE and appropriate conditionals to make it build.
-     [Steven Reddie <smr at essemer.com.au> via Richard Levitte]
-
-  *) Change the DLL names for Cygwin to cygcrypto-x.y.z.dll and
-     cygssl-x.y.z.dll, where x, y and z are the major, minor and
-     edit numbers of the version.
-     [Corinna Vinschen <vinschen at redhat.com> and Richard Levitte]
-
-  *) Introduce safe string copy and catenation functions
-     (BUF_strlcpy() and BUF_strlcat()).
-     [Ben Laurie (CHATS) and Richard Levitte]
-
-  *) Avoid using fixed-size buffers for one-line DNs.
-     [Ben Laurie (CHATS)]
-
-  *) Add BUF_MEM_grow_clean() to avoid information leakage when
-     resizing buffers containing secrets, and use where appropriate.
-     [Ben Laurie (CHATS)]
-
-  *) Avoid using fixed size buffers for configuration file location.
-     [Ben Laurie (CHATS)]
-
-  *) Avoid filename truncation for various CA files.
-     [Ben Laurie (CHATS)]
-
-  *) Use sizeof in preference to magic numbers.
-     [Ben Laurie (CHATS)]
-
-  *) Avoid filename truncation in cert requests.
-     [Ben Laurie (CHATS)]
-
-  *) Add assertions to check for (supposedly impossible) buffer
-     overflows.
-     [Ben Laurie (CHATS)]
-
-  *) Don't cache truncated DNS entries in the local cache (this could
-     potentially lead to a spoofing attack).
-     [Ben Laurie (CHATS)]
-
-  *) Fix various buffers to be large enough for hex/decimal
-     representations in a platform independent manner.
-     [Ben Laurie (CHATS)]
-
-  *) Add CRYPTO_realloc_clean() to avoid information leakage when
-     resizing buffers containing secrets, and use where appropriate.
-     [Ben Laurie (CHATS)]
-
-  *) Add BIO_indent() to avoid much slightly worrying code to do
-     indents.
-     [Ben Laurie (CHATS)]
-
-  *) Convert sprintf()/BIO_puts() to BIO_printf().
-     [Ben Laurie (CHATS)]
-
-  *) buffer_gets() could terminate with the buffer only half
-     full. Fixed.
-     [Ben Laurie (CHATS)]
-
-  *) Add assertions to prevent user-supplied crypto functions from
-     overflowing internal buffers by having large block sizes, etc.
-     [Ben Laurie (CHATS)]
-
-  *) New OPENSSL_assert() macro (similar to assert(), but enabled
-     unconditionally).
-     [Ben Laurie (CHATS)]
-
-  *) Eliminate unused copy of key in RC4.
-     [Ben Laurie (CHATS)]
-
-  *) Eliminate unused and incorrectly sized buffers for IV in pem.h.
-     [Ben Laurie (CHATS)]
-
-  *) Fix off-by-one error in EGD path.
-     [Ben Laurie (CHATS)]
-
-  *) If RANDFILE path is too long, ignore instead of truncating.
-     [Ben Laurie (CHATS)]
-
-  *) Eliminate unused and incorrectly sized X.509 structure
-     CBCParameter.
-     [Ben Laurie (CHATS)]
-
-  *) Eliminate unused and dangerous function knumber().
-     [Ben Laurie (CHATS)]
-
-  *) Eliminate unused and dangerous structure, KSSL_ERR.
-     [Ben Laurie (CHATS)]
-
-  *) Protect against overlong session ID context length in an encoded
-     session object. Since these are local, this does not appear to be
-     exploitable.
-     [Ben Laurie (CHATS)]
-
-  *) Change from security patch (see 0.9.6e below) that did not affect
-     the 0.9.6 release series:
-
-     Remote buffer overflow in SSL3 protocol - an attacker could
-     supply an oversized master key in Kerberos-enabled versions.
-     (CVE-2002-0657)
-     [Ben Laurie (CHATS)]
-
-  *) Change the SSL kerb5 codes to match RFC 2712.
-     [Richard Levitte]
-
-  *) Make -nameopt work fully for req and add -reqopt switch.
-     [Michael Bell <michael.bell at rz.hu-berlin.de>, Steve Henson]
-
-  *) The "block size" for block ciphers in CFB and OFB mode should be 1.
-     [Steve Henson, reported by Yngve Nysaeter Pettersen <yngve at opera.com>]
-
-  *) Make sure tests can be performed even if the corresponding algorithms
-     have been removed entirely.  This was also the last step to make
-     OpenSSL compilable with DJGPP under all reasonable conditions.
-     [Richard Levitte, Doug Kaufman <dkaufman at rahul.net>]
-
-  *) Add cipher selection rules COMPLEMENTOFALL and COMPLEMENTOFDEFAULT
-     to allow version independent disabling of normally unselected ciphers,
-     which may be activated as a side-effect of selecting a single cipher.
-
-     (E.g., cipher list string "RSA" enables ciphersuites that are left
-     out of "ALL" because they do not provide symmetric encryption.
-     "RSA:!COMPLEMEMENTOFALL" avoids these unsafe ciphersuites.)
-     [Lutz Jaenicke, Bodo Moeller]
-
-  *) Add appropriate support for separate platform-dependent build
-     directories.  The recommended way to make a platform-dependent
-     build directory is the following (tested on Linux), maybe with
-     some local tweaks:
-
-	# Place yourself outside of the OpenSSL source tree.  In
-	# this example, the environment variable OPENSSL_SOURCE
-	# is assumed to contain the absolute OpenSSL source directory.
-	mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
-	cd objtree/"`uname -s`-`uname -r`-`uname -m`"
-	(cd $OPENSSL_SOURCE; find . -type f) | while read F; do
-		mkdir -p `dirname $F`
-		ln -s $OPENSSL_SOURCE/$F $F
-	done
-
-     To be absolutely sure not to disturb the source tree, a "make clean"
-     is a good thing.  If it isn't successfull, don't worry about it,
-     it probably means the source directory is very clean.
-     [Richard Levitte]
-
-  *) Make sure any ENGINE control commands make local copies of string
-     pointers passed to them whenever necessary. Otherwise it is possible
-     the caller may have overwritten (or deallocated) the original string
-     data when a later ENGINE operation tries to use the stored values.
-     [Götz Babin-Ebell <babinebell at trustcenter.de>]
-
-  *) Improve diagnostics in file reading and command-line digests.
-     [Ben Laurie aided and abetted by Solar Designer <solar at openwall.com>]
-
-  *) Add AES modes CFB and OFB to the object database.  Correct an
-     error in AES-CFB decryption.
-     [Richard Levitte]
-
-  *) Remove most calls to EVP_CIPHER_CTX_cleanup() in evp_enc.c, this 
-     allows existing EVP_CIPHER_CTX structures to be reused after
-     calling EVP_*Final(). This behaviour is used by encryption
-     BIOs and some applications. This has the side effect that
-     applications must explicitly clean up cipher contexts with
-     EVP_CIPHER_CTX_cleanup() or they will leak memory.
-     [Steve Henson]
-
-  *) Check the values of dna and dnb in bn_mul_recursive before calling
-     bn_mul_comba (a non zero value means the a or b arrays do not contain
-     n2 elements) and fallback to bn_mul_normal if either is not zero.
-     [Steve Henson]
-
-  *) Fix escaping of non-ASCII characters when using the -subj option
-     of the "openssl req" command line tool. (Robert Joop <joop at fokus.gmd.de>)
-     [Lutz Jaenicke]
-
-  *) Make object definitions compliant to LDAP (RFC2256): SN is the short
-     form for "surname", serialNumber has no short form.
-     Use "mail" as the short name for "rfc822Mailbox" according to RFC2798;
-     therefore remove "mail" short name for "internet 7".
-     The OID for unique identifiers in X509 certificates is
-     x500UniqueIdentifier, not uniqueIdentifier.
-     Some more OID additions. (Michael Bell <michael.bell at rz.hu-berlin.de>)
-     [Lutz Jaenicke]
-
-  *) Add an "init" command to the ENGINE config module and auto initialize
-     ENGINEs. Without any "init" command the ENGINE will be initialized 
-     after all ctrl commands have been executed on it. If init=1 the 
-     ENGINE is initailized at that point (ctrls before that point are run
-     on the uninitialized ENGINE and after on the initialized one). If
-     init=0 then the ENGINE will not be iniatialized at all.
-     [Steve Henson]
-
-  *) Fix the 'app_verify_callback' interface so that the user-defined
-     argument is actually passed to the callback: In the
-     SSL_CTX_set_cert_verify_callback() prototype, the callback
-     declaration has been changed from
-          int (*cb)()
-     into
-          int (*cb)(X509_STORE_CTX *,void *);
-     in ssl_verify_cert_chain (ssl/ssl_cert.c), the call
-          i=s->ctx->app_verify_callback(&ctx)
-     has been changed into
-          i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg).
-
-     To update applications using SSL_CTX_set_cert_verify_callback(),
-     a dummy argument can be added to their callback functions.
-     [D. K. Smetters <smetters at parc.xerox.com>]
-
-  *) Added the '4758cca' ENGINE to support IBM 4758 cards.
-     [Maurice Gittens <maurice at gittens.nl>, touchups by Geoff Thorpe]
-
-  *) Add and OPENSSL_LOAD_CONF define which will cause
-     OpenSSL_add_all_algorithms() to load the openssl.cnf config file.
-     This allows older applications to transparently support certain
-     OpenSSL features: such as crypto acceleration and dynamic ENGINE loading.
-     Two new functions OPENSSL_add_all_algorithms_noconf() which will never
-     load the config file and OPENSSL_add_all_algorithms_conf() which will
-     always load it have also been added.
-     [Steve Henson]
-
-  *) Add the OFB, CFB and CTR (all with 128 bit feedback) to AES.
-     Adjust NIDs and EVP layer.
-     [Stephen Sprunk <stephen at sprunk.org> and Richard Levitte]
-
-  *) Config modules support in openssl utility.
-
-     Most commands now load modules from the config file,
-     though in a few (such as version) this isn't done 
-     because it couldn't be used for anything.
-
-     In the case of ca and req the config file used is
-     the same as the utility itself: that is the -config
-     command line option can be used to specify an
-     alternative file.
-     [Steve Henson]
-
-  *) Move default behaviour from OPENSSL_config(). If appname is NULL
-     use "openssl_conf" if filename is NULL use default openssl config file.
-     [Steve Henson]
-
-  *) Add an argument to OPENSSL_config() to allow the use of an alternative
-     config section name. Add a new flag to tolerate a missing config file
-     and move code to CONF_modules_load_file().
-     [Steve Henson]
-
-  *) Support for crypto accelerator cards from Accelerated Encryption
-     Processing, www.aep.ie.  (Use engine 'aep')
-     The support was copied from 0.9.6c [engine] and adapted/corrected
-     to work with the new engine framework.
-     [AEP Inc. and Richard Levitte]
-
-  *) Support for SureWare crypto accelerator cards from Baltimore
-     Technologies.  (Use engine 'sureware')
-     The support was copied from 0.9.6c [engine] and adapted
-     to work with the new engine framework.
-     [Richard Levitte]
-
-  *) Have the CHIL engine fork-safe (as defined by nCipher) and actually
-     make the newer ENGINE framework commands for the CHIL engine work.
-     [Toomas Kiisk <vix at cyber.ee> and Richard Levitte]
-
-  *) Make it possible to produce shared libraries on ReliantUNIX.
-     [Robert Dahlem <Robert.Dahlem at ffm2.siemens.de> via Richard Levitte]
-
-  *) Add the configuration target debug-linux-ppro.
-     Make 'openssl rsa' use the general key loading routines
-     implemented in apps.c, and make those routines able to
-     handle the key format FORMAT_NETSCAPE and the variant
-     FORMAT_IISSGC.
-     [Toomas Kiisk <vix at cyber.ee> via Richard Levitte]
-
- *) Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
-     [Toomas Kiisk <vix at cyber.ee> via Richard Levitte]
-
-  *) Add -keyform to rsautl, and document -engine.
-     [Richard Levitte, inspired by Toomas Kiisk <vix at cyber.ee>]
-
-  *) Change BIO_new_file (crypto/bio/bss_file.c) to use new
-     BIO_R_NO_SUCH_FILE error code rather than the generic
-     ERR_R_SYS_LIB error code if fopen() fails with ENOENT.
-     [Ben Laurie]
-
-  *) Add new functions
-          ERR_peek_last_error
-          ERR_peek_last_error_line
-          ERR_peek_last_error_line_data.
-     These are similar to
-          ERR_peek_error
-          ERR_peek_error_line
-          ERR_peek_error_line_data,
-     but report on the latest error recorded rather than the first one
-     still in the error queue.
-     [Ben Laurie, Bodo Moeller]
-        
-  *) default_algorithms option in ENGINE config module. This allows things
-     like:
-     default_algorithms = ALL
-     default_algorithms = RSA, DSA, RAND, CIPHERS, DIGESTS
-     [Steve Henson]
-
-  *) Prelminary ENGINE config module.
-     [Steve Henson]
-
-  *) New experimental application configuration code.
-     [Steve Henson]
-
-  *) Change the AES code to follow the same name structure as all other
-     symmetric ciphers, and behave the same way.  Move everything to
-     the directory crypto/aes, thereby obsoleting crypto/rijndael.
-     [Stephen Sprunk <stephen at sprunk.org> and Richard Levitte]
-
-  *) SECURITY: remove unsafe setjmp/signal interaction from ui_openssl.c.
-     [Ben Laurie and Theo de Raadt]
-
-  *) Add option to output public keys in req command.
-     [Massimiliano Pala madwolf at openca.org]
-
-  *) Use wNAFs in EC_POINTs_mul() for improved efficiency
-     (up to about 10% better than before for P-192 and P-224).
-     [Bodo Moeller]
-
-  *) New functions/macros
-
-          SSL_CTX_set_msg_callback(ctx, cb)
-          SSL_CTX_set_msg_callback_arg(ctx, arg)
-          SSL_set_msg_callback(ssl, cb)
-          SSL_set_msg_callback_arg(ssl, arg)
-
-     to request calling a callback function
-
-          void cb(int write_p, int version, int content_type,
-                  const void *buf, size_t len, SSL *ssl, void *arg)
-
-     whenever a protocol message has been completely received
-     (write_p == 0) or sent (write_p == 1).  Here 'version' is the
-     protocol version  according to which the SSL library interprets
-     the current protocol message (SSL2_VERSION, SSL3_VERSION, or
-     TLS1_VERSION).  'content_type' is 0 in the case of SSL 2.0, or
-     the content type as defined in the SSL 3.0/TLS 1.0 protocol
-     specification (change_cipher_spec(20), alert(21), handshake(22)).
-     'buf' and 'len' point to the actual message, 'ssl' to the
-     SSL object, and 'arg' is the application-defined value set by
-     SSL[_CTX]_set_msg_callback_arg().
-
-     'openssl s_client' and 'openssl s_server' have new '-msg' options
-     to enable a callback that displays all protocol messages.
-     [Bodo Moeller]
-
-  *) Change the shared library support so shared libraries are built as
-     soon as the corresponding static library is finished, and thereby get
-     openssl and the test programs linked against the shared library.
-     This still only happens when the keyword "shard" has been given to
-     the configuration scripts.
-
-     NOTE: shared library support is still an experimental thing, and
-     backward binary compatibility is still not guaranteed.
-     ["Maciej W. Rozycki" <macro at ds2.pg.gda.pl> and Richard Levitte]
-
-  *) Add support for Subject Information Access extension.
-     [Peter Sylvester <Peter.Sylvester at EdelWeb.fr>]
-
-  *) Make BUF_MEM_grow() behaviour more consistent: Initialise to zero
-     additional bytes when new memory had to be allocated, not just
-     when reusing an existing buffer.
-     [Bodo Moeller]
-
-  *) New command line and configuration option 'utf8' for the req command.
-     This allows field values to be specified as UTF8 strings.
-     [Steve Henson]
-
-  *) Add -multi and -mr options to "openssl speed" - giving multiple parallel
-     runs for the former and machine-readable output for the latter.
-     [Ben Laurie]
-
-  *) Add '-noemailDN' option to 'openssl ca'.  This prevents inclusion
-     of the e-mail address in the DN (i.e., it will go into a certificate
-     extension only).  The new configuration file option 'email_in_dn = no'
-     has the same effect.
-     [Massimiliano Pala madwolf at openca.org]
-
-  *) Change all functions with names starting with des_ to be starting
-     with DES_ instead.  Add wrappers that are compatible with libdes,
-     but are named _ossl_old_des_*.  Finally, add macros that map the
-     des_* symbols to the corresponding _ossl_old_des_* if libdes
-     compatibility is desired.  If OpenSSL 0.9.6c compatibility is
-     desired, the des_* symbols will be mapped to DES_*, with one
-     exception.
-
-     Since we provide two compatibility mappings, the user needs to
-     define the macro OPENSSL_DES_LIBDES_COMPATIBILITY if libdes
-     compatibility is desired.  The default (i.e., when that macro
-     isn't defined) is OpenSSL 0.9.6c compatibility.
-
-     There are also macros that enable and disable the support of old
-     des functions altogether.  Those are OPENSSL_ENABLE_OLD_DES_SUPPORT
-     and OPENSSL_DISABLE_OLD_DES_SUPPORT.  If none or both of those
-     are defined, the default will apply: to support the old des routines.
-
-     In either case, one must include openssl/des.h to get the correct
-     definitions.  Do not try to just include openssl/des_old.h, that
-     won't work.
-
-     NOTE: This is a major break of an old API into a new one.  Software
-     authors are encouraged to switch to the DES_ style functions.  Some
-     time in the future, des_old.h and the libdes compatibility functions
-     will be disable (i.e. OPENSSL_DISABLE_OLD_DES_SUPPORT will be the
-     default), and then completely removed.
-     [Richard Levitte]
-
-  *) Test for certificates which contain unsupported critical extensions.
-     If such a certificate is found during a verify operation it is 
-     rejected by default: this behaviour can be overridden by either
-     handling the new error X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION or
-     by setting the verify flag X509_V_FLAG_IGNORE_CRITICAL. A new function
-     X509_supported_extension() has also been added which returns 1 if a
-     particular extension is supported.
-     [Steve Henson]
-
-  *) Modify the behaviour of EVP cipher functions in similar way to digests
-     to retain compatibility with existing code.
-     [Steve Henson]
-
-  *) Modify the behaviour of EVP_DigestInit() and EVP_DigestFinal() to retain
-     compatibility with existing code. In particular the 'ctx' parameter does
-     not have to be to be initialized before the call to EVP_DigestInit() and
-     it is tidied up after a call to EVP_DigestFinal(). New function
-     EVP_DigestFinal_ex() which does not tidy up the ctx. Similarly function
-     EVP_MD_CTX_copy() changed to not require the destination to be
-     initialized valid and new function EVP_MD_CTX_copy_ex() added which
-     requires the destination to be valid.
-
-     Modify all the OpenSSL digest calls to use EVP_DigestInit_ex(),
-     EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex().
-     [Steve Henson]
-
-  *) Change ssl3_get_message (ssl/s3_both.c) and the functions using it
-     so that complete 'Handshake' protocol structures are kept in memory
-     instead of overwriting 'msg_type' and 'length' with 'body' data.
-     [Bodo Moeller]
-
-  *) Add an implementation of SSL_add_dir_cert_subjects_to_stack for Win32.
-     [Massimo Santin via Richard Levitte]
-
-  *) Major restructuring to the underlying ENGINE code. This includes
-     reduction of linker bloat, separation of pure "ENGINE" manipulation
-     (initialisation, etc) from functionality dealing with implementations
-     of specific crypto iterfaces. This change also introduces integrated
-     support for symmetric ciphers and digest implementations - so ENGINEs
-     can now accelerate these by providing EVP_CIPHER and EVP_MD
-     implementations of their own. This is detailed in crypto/engine/README
-     as it couldn't be adequately described here. However, there are a few
-     API changes worth noting - some RSA, DSA, DH, and RAND functions that
-     were changed in the original introduction of ENGINE code have now
-     reverted back - the hooking from this code to ENGINE is now a good
-     deal more passive and at run-time, operations deal directly with
-     RSA_METHODs, DSA_METHODs (etc) as they did before, rather than
-     dereferencing through an ENGINE pointer any more. Also, the ENGINE
-     functions dealing with BN_MOD_EXP[_CRT] handlers have been removed -
-     they were not being used by the framework as there is no concept of a
-     BIGNUM_METHOD and they could not be generalised to the new
-     'ENGINE_TABLE' mechanism that underlies the new code. Similarly,
-     ENGINE_cpy() has been removed as it cannot be consistently defined in
-     the new code.
-     [Geoff Thorpe]
-
-  *) Change ASN1_GENERALIZEDTIME_check() to allow fractional seconds.
-     [Steve Henson]
-
-  *) Change mkdef.pl to sort symbols that get the same entry number,
-     and make sure the automatically generated functions ERR_load_*
-     become part of libeay.num as well.
-     [Richard Levitte]
-
-  *) New function SSL_renegotiate_pending().  This returns true once
-     renegotiation has been requested (either SSL_renegotiate() call
-     or HelloRequest/ClientHello receveived from the peer) and becomes
-     false once a handshake has been completed.
-     (For servers, SSL_renegotiate() followed by SSL_do_handshake()
-     sends a HelloRequest, but does not ensure that a handshake takes
-     place.  SSL_renegotiate_pending() is useful for checking if the
-     client has followed the request.)
-     [Bodo Moeller]
-
-  *) New SSL option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.
-     By default, clients may request session resumption even during
-     renegotiation (if session ID contexts permit); with this option,
-     session resumption is possible only in the first handshake.
-
-     SSL_OP_ALL is now 0x00000FFFL instead of 0x000FFFFFL.  This makes
-     more bits available for options that should not be part of
-     SSL_OP_ALL (such as SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION).
-     [Bodo Moeller]
-
-  *) Add some demos for certificate and certificate request creation.
-     [Steve Henson]
-
-  *) Make maximum certificate chain size accepted from the peer application
-     settable (SSL*_get/set_max_cert_list()), as proposed by
-     "Douglas E. Engert" <deengert at anl.gov>.
-     [Lutz Jaenicke]
-
-  *) Add support for shared libraries for Unixware-7
-     (Boyd Lynn Gerber <gerberb at zenez.com>).
-     [Lutz Jaenicke]
-
-  *) Add a "destroy" handler to ENGINEs that allows structural cleanup to
-     be done prior to destruction. Use this to unload error strings from
-     ENGINEs that load their own error strings. NB: This adds two new API
-     functions to "get" and "set" this destroy handler in an ENGINE.
-     [Geoff Thorpe]
-
-  *) Alter all existing ENGINE implementations (except "openssl" and
-     "openbsd") to dynamically instantiate their own error strings. This
-     makes them more flexible to be built both as statically-linked ENGINEs
-     and self-contained shared-libraries loadable via the "dynamic" ENGINE.
-     Also, add stub code to each that makes building them as self-contained
-     shared-libraries easier (see README.ENGINE).
-     [Geoff Thorpe]
-
-  *) Add a "dynamic" ENGINE that provides a mechanism for binding ENGINE
-     implementations into applications that are completely implemented in
-     self-contained shared-libraries. The "dynamic" ENGINE exposes control
-     commands that can be used to configure what shared-library to load and
-     to control aspects of the way it is handled. Also, made an update to
-     the README.ENGINE file that brings its information up-to-date and
-     provides some information and instructions on the "dynamic" ENGINE
-     (ie. how to use it, how to build "dynamic"-loadable ENGINEs, etc).
-     [Geoff Thorpe]
-
-  *) Make it possible to unload ranges of ERR strings with a new
-     "ERR_unload_strings" function.
-     [Geoff Thorpe]
-
-  *) Add a copy() function to EVP_MD.
-     [Ben Laurie]
-
-  *) Make EVP_MD routines take a context pointer instead of just the
-     md_data void pointer.
-     [Ben Laurie]
-
-  *) Add flags to EVP_MD and EVP_MD_CTX. EVP_MD_FLAG_ONESHOT indicates
-     that the digest can only process a single chunk of data
-     (typically because it is provided by a piece of
-     hardware). EVP_MD_CTX_FLAG_ONESHOT indicates that the application
-     is only going to provide a single chunk of data, and hence the
-     framework needn't accumulate the data for oneshot drivers.
-     [Ben Laurie]
-
-  *) As with "ERR", make it possible to replace the underlying "ex_data"
-     functions. This change also alters the storage and management of global
-     ex_data state - it's now all inside ex_data.c and all "class" code (eg.
-     RSA, BIO, SSL_CTX, etc) no longer stores its own STACKS and per-class
-     index counters. The API functions that use this state have been changed
-     to take a "class_index" rather than pointers to the class's local STACK
-     and counter, and there is now an API function to dynamically create new
-     classes. This centralisation allows us to (a) plug a lot of the
-     thread-safety problems that existed, and (b) makes it possible to clean
-     up all allocated state using "CRYPTO_cleanup_all_ex_data()". W.r.t. (b)
-     such data would previously have always leaked in application code and
-     workarounds were in place to make the memory debugging turn a blind eye
-     to it. Application code that doesn't use this new function will still
-     leak as before, but their memory debugging output will announce it now
-     rather than letting it slide.
-
-     Besides the addition of CRYPTO_cleanup_all_ex_data(), another API change
-     induced by the "ex_data" overhaul is that X509_STORE_CTX_init() now
-     has a return value to indicate success or failure.
-     [Geoff Thorpe]
-
-  *) Make it possible to replace the underlying "ERR" functions such that the
-     global state (2 LHASH tables and 2 locks) is only used by the "default"
-     implementation. This change also adds two functions to "get" and "set"
-     the implementation prior to it being automatically set the first time
-     any other ERR function takes place. Ie. an application can call "get",
-     pass the return value to a module it has just loaded, and that module
-     can call its own "set" function using that value. This means the
-     module's "ERR" operations will use (and modify) the error state in the
-     application and not in its own statically linked copy of OpenSSL code.
-     [Geoff Thorpe]
-
-  *) Give DH, DSA, and RSA types their own "**_up_ref()" function to increment
-     reference counts. This performs normal REF_PRINT/REF_CHECK macros on
-     the operation, and provides a more encapsulated way for external code
-     (crypto/evp/ and ssl/) to do this. Also changed the evp and ssl code
-     to use these functions rather than manually incrementing the counts.
-
-     Also rename "DSO_up()" function to more descriptive "DSO_up_ref()".
-     [Geoff Thorpe]
-
-  *) Add EVP test program.
-     [Ben Laurie]
-
-  *) Add symmetric cipher support to ENGINE. Expect the API to change!
-     [Ben Laurie]
-
-  *) New CRL functions: X509_CRL_set_version(), X509_CRL_set_issuer_name()
-     X509_CRL_set_lastUpdate(), X509_CRL_set_nextUpdate(), X509_CRL_sort(),
-     X509_REVOKED_set_serialNumber(), and X509_REVOKED_set_revocationDate().
-     These allow a CRL to be built without having to access X509_CRL fields
-     directly. Modify 'ca' application to use new functions.
-     [Steve Henson]
-
-  *) Move SSL_OP_TLS_ROLLBACK_BUG out of the SSL_OP_ALL list of recommended
-     bug workarounds. Rollback attack detection is a security feature.
-     The problem will only arise on OpenSSL servers when TLSv1 is not
-     available (sslv3_server_method() or SSL_OP_NO_TLSv1).
-     Software authors not wanting to support TLSv1 will have special reasons
-     for their choice and can explicitly enable this option.
-     [Bodo Moeller, Lutz Jaenicke]
-
-  *) Rationalise EVP so it can be extended: don't include a union of
-     cipher/digest structures, add init/cleanup functions for EVP_MD_CTX
-     (similar to those existing for EVP_CIPHER_CTX).
-     Usage example:
-
-         EVP_MD_CTX md;
-
-         EVP_MD_CTX_init(&md);             /* new function call */
-         EVP_DigestInit(&md, EVP_sha1());
-         EVP_DigestUpdate(&md, in, len);
-         EVP_DigestFinal(&md, out, NULL);
-         EVP_MD_CTX_cleanup(&md);          /* new function call */
-
-     [Ben Laurie]
-
-  *) Make DES key schedule conform to the usual scheme, as well as
-     correcting its structure. This means that calls to DES functions
-     now have to pass a pointer to a des_key_schedule instead of a
-     plain des_key_schedule (which was actually always a pointer
-     anyway): E.g.,
-
-         des_key_schedule ks;
-
-	 des_set_key_checked(..., &ks);
-	 des_ncbc_encrypt(..., &ks, ...);
-
-     (Note that a later change renames 'des_...' into 'DES_...'.)
-     [Ben Laurie]
-
-  *) Initial reduction of linker bloat: the use of some functions, such as
-     PEM causes large amounts of unused functions to be linked in due to
-     poor organisation. For example pem_all.c contains every PEM function
-     which has a knock on effect of linking in large amounts of (unused)
-     ASN1 code. Grouping together similar functions and splitting unrelated
-     functions prevents this.
-     [Steve Henson]
-
-  *) Cleanup of EVP macros.
-     [Ben Laurie]
-
-  *) Change historical references to {NID,SN,LN}_des_ede and ede3 to add the
-     correct _ecb suffix.
-     [Ben Laurie]
-
-  *) Add initial OCSP responder support to ocsp application. The
-     revocation information is handled using the text based index
-     use by the ca application. The responder can either handle
-     requests generated internally, supplied in files (for example
-     via a CGI script) or using an internal minimal server.
-     [Steve Henson]
-
-  *) Add configuration choices to get zlib compression for TLS.
-     [Richard Levitte]
-
-  *) Changes to Kerberos SSL for RFC 2712 compliance:
-     1.  Implemented real KerberosWrapper, instead of just using
-         KRB5 AP_REQ message.  [Thanks to Simon Wilkinson <sxw at sxw.org.uk>]
-     2.  Implemented optional authenticator field of KerberosWrapper.
-
-     Added openssl-style ASN.1 macros for Kerberos ticket, ap_req,
-     and authenticator structs; see crypto/krb5/.
-
-     Generalized Kerberos calls to support multiple Kerberos libraries.
-     [Vern Staats <staatsvr at asc.hpc.mil>,
-      Jeffrey Altman <jaltman at columbia.edu>
-      via Richard Levitte]
-
-  *) Cause 'openssl speed' to use fully hard-coded DSA keys as it
-     already does with RSA. testdsa.h now has 'priv_key/pub_key'
-     values for each of the key sizes rather than having just
-     parameters (and 'speed' generating keys each time).
-     [Geoff Thorpe]
-
-  *) Speed up EVP routines.
-     Before:
-encrypt
-type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
-des-cbc           4408.85k     5560.51k     5778.46k     5862.20k     5825.16k
-des-cbc           4389.55k     5571.17k     5792.23k     5846.91k     5832.11k
-des-cbc           4394.32k     5575.92k     5807.44k     5848.37k     5841.30k
-decrypt
-des-cbc           3482.66k     5069.49k     5496.39k     5614.16k     5639.28k
-des-cbc           3480.74k     5068.76k     5510.34k     5609.87k     5635.52k
-des-cbc           3483.72k     5067.62k     5504.60k     5708.01k     5724.80k
-     After:
-encrypt
-des-cbc           4660.16k     5650.19k     5807.19k     5827.13k     5783.32k
-decrypt
-des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
-     [Ben Laurie]
-
-  *) Added the OS2-EMX target.
-     ["Brian Havard" <brianh at kheldar.apana.org.au> and Richard Levitte]
-
-  *) Rewrite apps to use NCONF routines instead of the old CONF. New functions
-     to support NCONF routines in extension code. New function CONF_set_nconf()
-     to allow functions which take an NCONF to also handle the old LHASH
-     structure: this means that the old CONF compatible routines can be
-     retained (in particular wrt extensions) without having to duplicate the
-     code. New function X509V3_add_ext_nconf_sk to add extensions to a stack.
-     [Steve Henson]
-
-  *) Enhance the general user interface with mechanisms for inner control
-     and with possibilities to have yes/no kind of prompts.
-     [Richard Levitte]
-
-  *) Change all calls to low level digest routines in the library and
-     applications to use EVP. Add missing calls to HMAC_cleanup() and
-     don't assume HMAC_CTX can be copied using memcpy().
-     [Verdon Walker <VWalker at novell.com>, Steve Henson]
-
-  *) Add the possibility to control engines through control names but with
-     arbitrary arguments instead of just a string.
-     Change the key loaders to take a UI_METHOD instead of a callback
-     function pointer.  NOTE: this breaks binary compatibility with earlier
-     versions of OpenSSL [engine].
-     Adapt the nCipher code for these new conditions and add a card insertion
-     callback.
-     [Richard Levitte]
-
-  *) Enhance the general user interface with mechanisms to better support
-     dialog box interfaces, application-defined prompts, the possibility
-     to use defaults (for example default passwords from somewhere else)
-     and interrupts/cancellations.
-     [Richard Levitte]
-
-  *) Tidy up PKCS#12 attribute handling. Add support for the CSP name
-     attribute in PKCS#12 files, add new -CSP option to pkcs12 utility.
-     [Steve Henson]
-
-  *) Fix a memory leak in 'sk_dup()' in the case reallocation fails. (Also
-     tidy up some unnecessarily weird code in 'sk_new()').
-     [Geoff, reported by Diego Tartara <dtartara at novamens.com>]
-
-  *) Change the key loading routines for ENGINEs to use the same kind
-     callback (pem_password_cb) as all other routines that need this
-     kind of callback.
-     [Richard Levitte]
-
-  *) Increase ENTROPY_NEEDED to 32 bytes, as Rijndael can operate with
-     256 bit (=32 byte) keys. Of course seeding with more entropy bytes
-     than this minimum value is recommended.
-     [Lutz Jaenicke]
-
-  *) New random seeder for OpenVMS, using the system process statistics
-     that are easily reachable.
-     [Richard Levitte]
-
-  *) Windows apparently can't transparently handle global
-     variables defined in DLLs. Initialisations such as:
-
-        const ASN1_ITEM *it = &ASN1_INTEGER_it;
-
-     wont compile. This is used by the any applications that need to
-     declare their own ASN1 modules. This was fixed by adding the option
-     EXPORT_VAR_AS_FN to all Win32 platforms, although this isn't strictly
-     needed for static libraries under Win32.
-     [Steve Henson]
-
-  *) New functions X509_PURPOSE_set() and X509_TRUST_set() to handle
-     setting of purpose and trust fields. New X509_STORE trust and
-     purpose functions and tidy up setting in other SSL functions.
-     [Steve Henson]
-
-  *) Add copies of X509_STORE_CTX fields and callbacks to X509_STORE
-     structure. These are inherited by X509_STORE_CTX when it is 
-     initialised. This allows various defaults to be set in the
-     X509_STORE structure (such as flags for CRL checking and custom
-     purpose or trust settings) for functions which only use X509_STORE_CTX
-     internally such as S/MIME.
-
-     Modify X509_STORE_CTX_purpose_inherit() so it only sets purposes and
-     trust settings if they are not set in X509_STORE. This allows X509_STORE
-     purposes and trust (in S/MIME for example) to override any set by default.
-
-     Add command line options for CRL checking to smime, s_client and s_server
-     applications.
-     [Steve Henson]
-
-  *) Initial CRL based revocation checking. If the CRL checking flag(s)
-     are set then the CRL is looked up in the X509_STORE structure and
-     its validity and signature checked, then if the certificate is found
-     in the CRL the verify fails with a revoked error.
-
-     Various new CRL related callbacks added to X509_STORE_CTX structure.
-
-     Command line options added to 'verify' application to support this.
-
-     This needs some additional work, such as being able to handle multiple
-     CRLs with different times, extension based lookup (rather than just
-     by subject name) and ultimately more complete V2 CRL extension
-     handling.
-     [Steve Henson]
-
-  *) Add a general user interface API (crypto/ui/).  This is designed
-     to replace things like des_read_password and friends (backward
-     compatibility functions using this new API are provided).
-     The purpose is to remove prompting functions from the DES code
-     section as well as provide for prompting through dialog boxes in
-     a window system and the like.
-     [Richard Levitte]
-
-  *) Add "ex_data" support to ENGINE so implementations can add state at a
-     per-structure level rather than having to store it globally.
-     [Geoff]
-
-  *) Make it possible for ENGINE structures to be copied when retrieved by
-     ENGINE_by_id() if the ENGINE specifies a new flag: ENGINE_FLAGS_BY_ID_COPY.
-     This causes the "original" ENGINE structure to act like a template,
-     analogous to the RSA vs. RSA_METHOD type of separation. Because of this
-     operational state can be localised to each ENGINE structure, despite the
-     fact they all share the same "methods". New ENGINE structures returned in
-     this case have no functional references and the return value is the single
-     structural reference. This matches the single structural reference returned
-     by ENGINE_by_id() normally, when it is incremented on the pre-existing
-     ENGINE structure.
-     [Geoff]
-
-  *) Fix ASN1 decoder when decoding type ANY and V_ASN1_OTHER: since this
-     needs to match any other type at all we need to manually clear the
-     tag cache.
-     [Steve Henson]
-
-  *) Changes to the "openssl engine" utility to include;
-     - verbosity levels ('-v', '-vv', and '-vvv') that provide information
-       about an ENGINE's available control commands.
-     - executing control commands from command line arguments using the
-       '-pre' and '-post' switches. '-post' is only used if '-t' is
-       specified and the ENGINE is successfully initialised. The syntax for
-       the individual commands are colon-separated, for example;
-	 openssl engine chil -pre FORK_CHECK:0 -pre SO_PATH:/lib/test.so
-     [Geoff]
-
-  *) New dynamic control command support for ENGINEs. ENGINEs can now
-     declare their own commands (numbers), names (strings), descriptions,
-     and input types for run-time discovery by calling applications. A
-     subset of these commands are implicitly classed as "executable"
-     depending on their input type, and only these can be invoked through
-     the new string-based API function ENGINE_ctrl_cmd_string(). (Eg. this
-     can be based on user input, config files, etc). The distinction is
-     that "executable" commands cannot return anything other than a boolean
-     result and can only support numeric or string input, whereas some
-     discoverable commands may only be for direct use through
-     ENGINE_ctrl(), eg. supporting the exchange of binary data, function
-     pointers, or other custom uses. The "executable" commands are to
-     support parameterisations of ENGINE behaviour that can be
-     unambiguously defined by ENGINEs and used consistently across any
-     OpenSSL-based application. Commands have been added to all the
-     existing hardware-supporting ENGINEs, noticeably "SO_PATH" to allow
-     control over shared-library paths without source code alterations.
-     [Geoff]
-
-  *) Changed all ENGINE implementations to dynamically allocate their
-     ENGINEs rather than declaring them statically. Apart from this being
-     necessary with the removal of the ENGINE_FLAGS_MALLOCED distinction,
-     this also allows the implementations to compile without using the
-     internal engine_int.h header.
-     [Geoff]
-
-  *) Minor adjustment to "rand" code. RAND_get_rand_method() now returns a
-     'const' value. Any code that should be able to modify a RAND_METHOD
-     should already have non-const pointers to it (ie. they should only
-     modify their own ones).
-     [Geoff]
-
-  *) Made a variety of little tweaks to the ENGINE code.
-     - "atalla" and "ubsec" string definitions were moved from header files
-       to C code. "nuron" string definitions were placed in variables
-       rather than hard-coded - allowing parameterisation of these values
-       later on via ctrl() commands.
-     - Removed unused "#if 0"'d code.
-     - Fixed engine list iteration code so it uses ENGINE_free() to release
-       structural references.
-     - Constified the RAND_METHOD element of ENGINE structures.
-     - Constified various get/set functions as appropriate and added
-       missing functions (including a catch-all ENGINE_cpy that duplicates
-       all ENGINE values onto a new ENGINE except reference counts/state).
-     - Removed NULL parameter checks in get/set functions. Setting a method
-       or function to NULL is a way of cancelling out a previously set
-       value.  Passing a NULL ENGINE parameter is just plain stupid anyway
-       and doesn't justify the extra error symbols and code.
-     - Deprecate the ENGINE_FLAGS_MALLOCED define and move the area for
-       flags from engine_int.h to engine.h.
-     - Changed prototypes for ENGINE handler functions (init(), finish(),
-       ctrl(), key-load functions, etc) to take an (ENGINE*) parameter.
-     [Geoff]
-
-  *) Implement binary inversion algorithm for BN_mod_inverse in addition
-     to the algorithm using long division.  The binary algorithm can be
-     used only if the modulus is odd.  On 32-bit systems, it is faster
-     only for relatively small moduli (roughly 20-30% for 128-bit moduli,
-     roughly 5-15% for 256-bit moduli), so we use it only for moduli
-     up to 450 bits.  In 64-bit environments, the binary algorithm
-     appears to be advantageous for much longer moduli; here we use it
-     for moduli up to 2048 bits.
-     [Bodo Moeller]
-
-  *) Rewrite CHOICE field setting in ASN1_item_ex_d2i(). The old code
-     could not support the combine flag in choice fields.
-     [Steve Henson]
-
-  *) Add a 'copy_extensions' option to the 'ca' utility. This copies
-     extensions from a certificate request to the certificate.
-     [Steve Henson]
-
-  *) Allow multiple 'certopt' and 'nameopt' options to be separated
-     by commas. Add 'namopt' and 'certopt' options to the 'ca' config
-     file: this allows the display of the certificate about to be
-     signed to be customised, to allow certain fields to be included
-     or excluded and extension details. The old system didn't display
-     multicharacter strings properly, omitted fields not in the policy
-     and couldn't display additional details such as extensions.
-     [Steve Henson]
-
-  *) Function EC_POINTs_mul for multiple scalar multiplication
-     of an arbitrary number of elliptic curve points
-          \sum scalars[i]*points[i],
-     optionally including the generator defined for the EC_GROUP:
-          scalar*generator +  \sum scalars[i]*points[i].
-
-     EC_POINT_mul is a simple wrapper function for the typical case
-     that the point list has just one item (besides the optional
-     generator).
-     [Bodo Moeller]
-
-  *) First EC_METHODs for curves over GF(p):
-
-     EC_GFp_simple_method() uses the basic BN_mod_mul and BN_mod_sqr
-     operations and provides various method functions that can also
-     operate with faster implementations of modular arithmetic.     
-
-     EC_GFp_mont_method() reuses most functions that are part of
-     EC_GFp_simple_method, but uses Montgomery arithmetic.
-
-     [Bodo Moeller; point addition and point doubling
-     implementation directly derived from source code provided by
-     Lenka Fibikova <fibikova at exp-math.uni-essen.de>]
-
-  *) Framework for elliptic curves (crypto/ec/ec.h, crypto/ec/ec_lcl.h,
-     crypto/ec/ec_lib.c):
-
-     Curves are EC_GROUP objects (with an optional group generator)
-     based on EC_METHODs that are built into the library.
-
-     Points are EC_POINT objects based on EC_GROUP objects.
-
-     Most of the framework would be able to handle curves over arbitrary
-     finite fields, but as there are no obvious types for fields other
-     than GF(p), some functions are limited to that for now.
-     [Bodo Moeller]
-
-  *) Add the -HTTP option to s_server.  It is similar to -WWW, but requires
-     that the file contains a complete HTTP response.
-     [Richard Levitte]
-
-  *) Add the ec directory to mkdef.pl and mkfiles.pl. In mkdef.pl
-     change the def and num file printf format specifier from "%-40sXXX"
-     to "%-39s XXX". The latter will always guarantee a space after the
-     field while the former will cause them to run together if the field
-     is 40 of more characters long.
-     [Steve Henson]
-
-  *) Constify the cipher and digest 'method' functions and structures
-     and modify related functions to take constant EVP_MD and EVP_CIPHER
-     pointers.
-     [Steve Henson]
-
-  *) Hide BN_CTX structure details in bn_lcl.h instead of publishing them
-     in <openssl/bn.h>.  Also further increase BN_CTX_NUM to 32.
-     [Bodo Moeller]
-
-  *) Modify EVP_Digest*() routines so they now return values. Although the
-     internal software routines can never fail additional hardware versions
-     might.
-     [Steve Henson]
-
-  *) Clean up crypto/err/err.h and change some error codes to avoid conflicts:
-
-     Previously ERR_R_FATAL was too small and coincided with ERR_LIB_PKCS7
-     (= ERR_R_PKCS7_LIB); it is now 64 instead of 32.
-
-     ASN1 error codes
-          ERR_R_NESTED_ASN1_ERROR
-          ...
-          ERR_R_MISSING_ASN1_EOS
-     were 4 .. 9, conflicting with
-          ERR_LIB_RSA (= ERR_R_RSA_LIB)
-          ...
-          ERR_LIB_PEM (= ERR_R_PEM_LIB).
-     They are now 58 .. 63 (i.e., just below ERR_R_FATAL).
-
-     Add new error code 'ERR_R_INTERNAL_ERROR'.
-     [Bodo Moeller]
-
-  *) Don't overuse locks in crypto/err/err.c: For data retrieval, CRYPTO_r_lock
-     suffices.
-     [Bodo Moeller]
-
-  *) New option '-subj arg' for 'openssl req' and 'openssl ca'.  This
-     sets the subject name for a new request or supersedes the
-     subject name in a given request. Formats that can be parsed are
-          'CN=Some Name, OU=myOU, C=IT'
-     and
-          'CN=Some Name/OU=myOU/C=IT'.
-
-     Add options '-batch' and '-verbose' to 'openssl req'.
-     [Massimiliano Pala <madwolf at hackmasters.net>]
-
-  *) Introduce the possibility to access global variables through
-     functions on platform were that's the best way to handle exporting
-     global variables in shared libraries.  To enable this functionality,
-     one must configure with "EXPORT_VAR_AS_FN" or defined the C macro
-     "OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter
-     is normally done by Configure or something similar).
-
-     To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL
-     in the source file (foo.c) like this:
-
-	OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1;
-	OPENSSL_IMPLEMENT_GLOBAL(double,bar);
-
-     To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL
-     and OPENSSL_GLOBAL_REF in the header file (foo.h) like this:
-
-	OPENSSL_DECLARE_GLOBAL(int,foo);
-	#define foo OPENSSL_GLOBAL_REF(foo)
-	OPENSSL_DECLARE_GLOBAL(double,bar);
-	#define bar OPENSSL_GLOBAL_REF(bar)
-
-     The #defines are very important, and therefore so is including the
-     header file everywhere where the defined globals are used.
-
-     The macro OPENSSL_EXPORT_VAR_AS_FUNCTION also affects the definition
-     of ASN.1 items, but that structure is a bit different.
-
-     The largest change is in util/mkdef.pl which has been enhanced with
-     better and easier to understand logic to choose which symbols should
-     go into the Windows .def files as well as a number of fixes and code
-     cleanup (among others, algorithm keywords are now sorted
-     lexicographically to avoid constant rewrites).
-     [Richard Levitte]
-
-  *) In BN_div() keep a copy of the sign of 'num' before writing the
-     result to 'rm' because if rm==num the value will be overwritten
-     and produce the wrong result if 'num' is negative: this caused
-     problems with BN_mod() and BN_nnmod().
-     [Steve Henson]
-
-  *) Function OCSP_request_verify(). This checks the signature on an
-     OCSP request and verifies the signer certificate. The signer
-     certificate is just checked for a generic purpose and OCSP request
-     trust settings.
-     [Steve Henson]
-
-  *) Add OCSP_check_validity() function to check the validity of OCSP
-     responses. OCSP responses are prepared in real time and may only
-     be a few seconds old. Simply checking that the current time lies
-     between thisUpdate and nextUpdate max reject otherwise valid responses
-     caused by either OCSP responder or client clock inaccuracy. Instead
-     we allow thisUpdate and nextUpdate to fall within a certain period of
-     the current time. The age of the response can also optionally be
-     checked. Two new options -validity_period and -status_age added to
-     ocsp utility.
-     [Steve Henson]
-
-  *) If signature or public key algorithm is unrecognized print out its
-     OID rather that just UNKNOWN.
-     [Steve Henson]
-
-  *) Change OCSP_cert_to_id() to tolerate a NULL subject certificate and
-     OCSP_cert_id_new() a NULL serialNumber. This allows a partial certificate
-     ID to be generated from the issuer certificate alone which can then be
-     passed to OCSP_id_issuer_cmp().
-     [Steve Henson]
-
-  *) New compilation option ASN1_ITEM_FUNCTIONS. This causes the new
-     ASN1 modules to export functions returning ASN1_ITEM pointers
-     instead of the ASN1_ITEM structures themselves. This adds several
-     new macros which allow the underlying ASN1 function/structure to
-     be accessed transparently. As a result code should not use ASN1_ITEM
-     references directly (such as &X509_it) but instead use the relevant
-     macros (such as ASN1_ITEM_rptr(X509)). This option is to allow
-     use of the new ASN1 code on platforms where exporting structures
-     is problematical (for example in shared libraries) but exporting
-     functions returning pointers to structures is not.
-     [Steve Henson]
-
-  *) Add support for overriding the generation of SSL/TLS session IDs.
-     These callbacks can be registered either in an SSL_CTX or per SSL.
-     The purpose of this is to allow applications to control, if they wish,
-     the arbitrary values chosen for use as session IDs, particularly as it
-     can be useful for session caching in multiple-server environments. A
-     command-line switch for testing this (and any client code that wishes
-     to use such a feature) has been added to "s_server".
-     [Geoff Thorpe, Lutz Jaenicke]
-
-  *) Modify mkdef.pl to recognise and parse preprocessor conditionals
-     of the form '#if defined(...) || defined(...) || ...' and
-     '#if !defined(...) && !defined(...) && ...'.  This also avoids
-     the growing number of special cases it was previously handling.
-     [Richard Levitte]
-
-  *) Make all configuration macros available for application by making
-     sure they are available in opensslconf.h, by giving them names starting
-     with "OPENSSL_" to avoid conflicts with other packages and by making
-     sure e_os2.h will cover all platform-specific cases together with
-     opensslconf.h.
-     Additionally, it is now possible to define configuration/platform-
-     specific names (called "system identities").  In the C code, these
-     are prefixed with "OPENSSL_SYSNAME_".  e_os2.h will create another
-     macro with the name beginning with "OPENSSL_SYS_", which is determined
-     from "OPENSSL_SYSNAME_*" or compiler-specific macros depending on
-     what is available.
-     [Richard Levitte]
-
-  *) New option -set_serial to 'req' and 'x509' this allows the serial
-     number to use to be specified on the command line. Previously self
-     signed certificates were hard coded with serial number 0 and the 
-     CA options of 'x509' had to use a serial number in a file which was
-     auto incremented.
-     [Steve Henson]
-
-  *) New options to 'ca' utility to support V2 CRL entry extensions.
-     Currently CRL reason, invalidity date and hold instruction are
-     supported. Add new CRL extensions to V3 code and some new objects.
-     [Steve Henson]
-
-  *) New function EVP_CIPHER_CTX_set_padding() this is used to
-     disable standard block padding (aka PKCS#5 padding) in the EVP
-     API, which was previously mandatory. This means that the data is
-     not padded in any way and so the total length much be a multiple
-     of the block size, otherwise an error occurs.
-     [Steve Henson]
-
-  *) Initial (incomplete) OCSP SSL support.
-     [Steve Henson]
-
-  *) New function OCSP_parse_url(). This splits up a URL into its host,
-     port and path components: primarily to parse OCSP URLs. New -url
-     option to ocsp utility.
-     [Steve Henson]
-
-  *) New nonce behavior. The return value of OCSP_check_nonce() now 
-     reflects the various checks performed. Applications can decide
-     whether to tolerate certain situations such as an absent nonce
-     in a response when one was present in a request: the ocsp application
-     just prints out a warning. New function OCSP_add1_basic_nonce()
-     this is to allow responders to include a nonce in a response even if
-     the request is nonce-less.
-     [Steve Henson]
-
-  *) Disable stdin buffering in load_cert (apps/apps.c) so that no certs are
-     skipped when using openssl x509 multiple times on a single input file,
-     e.g. "(openssl x509 -out cert1; openssl x509 -out cert2) <certs".
-     [Bodo Moeller]
-
-  *) Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string()
-     set string type: to handle setting ASN1_TIME structures. Fix ca
-     utility to correctly initialize revocation date of CRLs.
-     [Steve Henson]
-
-  *) New option SSL_OP_CIPHER_SERVER_PREFERENCE allows the server to override
-     the clients preferred ciphersuites and rather use its own preferences.
-     Should help to work around M$ SGC (Server Gated Cryptography) bug in
-     Internet Explorer by ensuring unchanged hash method during stepup.
-     (Also replaces the broken/deactivated SSL_OP_NON_EXPORT_FIRST option.)
-     [Lutz Jaenicke]
-
-  *) Make mkdef.pl recognise all DECLARE_ASN1 macros, change rijndael
-     to aes and add a new 'exist' option to print out symbols that don't
-     appear to exist.
-     [Steve Henson]
-
-  *) Additional options to ocsp utility to allow flags to be set and
-     additional certificates supplied.
-     [Steve Henson]
-
-  *) Add the option -VAfile to 'openssl ocsp', so the user can give the
-     OCSP client a number of certificate to only verify the response
-     signature against.
-     [Richard Levitte]
-
-  *) Update Rijndael code to version 3.0 and change EVP AES ciphers to
-     handle the new API. Currently only ECB, CBC modes supported. Add new
-     AES OIDs.
-
-     Add TLS AES ciphersuites as described in RFC3268, "Advanced
-     Encryption Standard (AES) Ciphersuites for Transport Layer
-     Security (TLS)".  (In beta versions of OpenSSL 0.9.7, these were
-     not enabled by default and were not part of the "ALL" ciphersuite
-     alias because they were not yet official; they could be
-     explicitly requested by specifying the "AESdraft" ciphersuite
-     group alias.  In the final release of OpenSSL 0.9.7, the group
-     alias is called "AES" and is part of "ALL".)
-     [Ben Laurie, Steve  Henson, Bodo Moeller]
-
-  *) New function OCSP_copy_nonce() to copy nonce value (if present) from
-     request to response.
-     [Steve Henson]
-
-  *) Functions for OCSP responders. OCSP_request_onereq_count(),
-     OCSP_request_onereq_get0(), OCSP_onereq_get0_id() and OCSP_id_get0_info()
-     extract information from a certificate request. OCSP_response_create()
-     creates a response and optionally adds a basic response structure.
-     OCSP_basic_add1_status() adds a complete single response to a basic
-     response and returns the OCSP_SINGLERESP structure just added (to allow
-     extensions to be included for example). OCSP_basic_add1_cert() adds a
-     certificate to a basic response and OCSP_basic_sign() signs a basic
-     response with various flags. New helper functions ASN1_TIME_check()
-     (checks validity of ASN1_TIME structure) and ASN1_TIME_to_generalizedtime()
-     (converts ASN1_TIME to GeneralizedTime).
-     [Steve Henson]
-
-  *) Various new functions. EVP_Digest() combines EVP_Digest{Init,Update,Final}()
-     in a single operation. X509_get0_pubkey_bitstr() extracts the public_key
-     structure from a certificate. X509_pubkey_digest() digests the public_key
-     contents: this is used in various key identifiers. 
-     [Steve Henson]
-
-  *) Make sk_sort() tolerate a NULL argument.
-     [Steve Henson reported by Massimiliano Pala <madwolf at comune.modena.it>]
-
-  *) New OCSP verify flag OCSP_TRUSTOTHER. When set the "other" certificates
-     passed by the function are trusted implicitly. If any of them signed the
-     response then it is assumed to be valid and is not verified.
-     [Steve Henson]
-
-  *) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT
-     to data. This was previously part of the PKCS7 ASN1 code. This
-     was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures.
-     [Steve Henson, reported by Kenneth R. Robinette
-				<support at securenetterm.com>]
-
-  *) Add CRYPTO_push_info() and CRYPTO_pop_info() calls to new ASN1
-     routines: without these tracing memory leaks is very painful.
-     Fix leaks in PKCS12 and PKCS7 routines.
-     [Steve Henson]
-
-  *) Make X509_time_adj() cope with the new behaviour of ASN1_TIME_new().
-     Previously it initialised the 'type' argument to V_ASN1_UTCTIME which
-     effectively meant GeneralizedTime would never be used. Now it
-     is initialised to -1 but X509_time_adj() now has to check the value
-     and use ASN1_TIME_set() if the value is not V_ASN1_UTCTIME or
-     V_ASN1_GENERALIZEDTIME, without this it always uses GeneralizedTime.
-     [Steve Henson, reported by Kenneth R. Robinette
-				<support at securenetterm.com>]
-
-  *) Fixes to BN_to_ASN1_INTEGER when bn is zero. This would previously
-     result in a zero length in the ASN1_INTEGER structure which was
-     not consistent with the structure when d2i_ASN1_INTEGER() was used
-     and would cause ASN1_INTEGER_cmp() to fail. Enhance s2i_ASN1_INTEGER()
-     to cope with hex and negative integers. Fix bug in i2a_ASN1_INTEGER()
-     where it did not print out a minus for negative ASN1_INTEGER.
-     [Steve Henson]
-
-  *) Add summary printout to ocsp utility. The various functions which
-     convert status values to strings have been renamed to:
-     OCSP_response_status_str(), OCSP_cert_status_str() and
-     OCSP_crl_reason_str() and are no longer static. New options
-     to verify nonce values and to disable verification. OCSP response
-     printout format cleaned up.
-     [Steve Henson]
-
-  *) Add additional OCSP certificate checks. These are those specified
-     in RFC2560. This consists of two separate checks: the CA of the
-     certificate being checked must either be the OCSP signer certificate
-     or the issuer of the OCSP signer certificate. In the latter case the
-     OCSP signer certificate must contain the OCSP signing extended key
-     usage. This check is performed by attempting to match the OCSP
-     signer or the OCSP signer CA to the issuerNameHash and issuerKeyHash
-     in the OCSP_CERTID structures of the response.
-     [Steve Henson]
-
-  *) Initial OCSP certificate verification added to OCSP_basic_verify()
-     and related routines. This uses the standard OpenSSL certificate
-     verify routines to perform initial checks (just CA validity) and
-     to obtain the certificate chain. Then additional checks will be
-     performed on the chain. Currently the root CA is checked to see
-     if it is explicitly trusted for OCSP signing. This is used to set
-     a root CA as a global signing root: that is any certificate that
-     chains to that CA is an acceptable OCSP signing certificate.
-     [Steve Henson]
-
-  *) New '-extfile ...' option to 'openssl ca' for reading X.509v3
-     extensions from a separate configuration file.
-     As when reading extensions from the main configuration file,
-     the '-extensions ...' option may be used for specifying the
-     section to use.
-     [Massimiliano Pala <madwolf at comune.modena.it>]
-
-  *) New OCSP utility. Allows OCSP requests to be generated or
-     read. The request can be sent to a responder and the output
-     parsed, outputed or printed in text form. Not complete yet:
-     still needs to check the OCSP response validity.
-     [Steve Henson]
-
-  *) New subcommands for 'openssl ca':
-     'openssl ca -status <serial>' prints the status of the cert with
-     the given serial number (according to the index file).
-     'openssl ca -updatedb' updates the expiry status of certificates
-     in the index file.
-     [Massimiliano Pala <madwolf at comune.modena.it>]
-
-  *) New '-newreq-nodes' command option to CA.pl.  This is like
-     '-newreq', but calls 'openssl req' with the '-nodes' option
-     so that the resulting key is not encrypted.
-     [Damien Miller <djm at mindrot.org>]
-
-  *) New configuration for the GNU Hurd.
-     [Jonathan Bartlett <johnnyb at wolfram.com> via Richard Levitte]
-
-  *) Initial code to implement OCSP basic response verify. This
-     is currently incomplete. Currently just finds the signer's
-     certificate and verifies the signature on the response.
-     [Steve Henson]
-
-  *) New SSLeay_version code SSLEAY_DIR to determine the compiled-in
-     value of OPENSSLDIR.  This is available via the new '-d' option
-     to 'openssl version', and is also included in 'openssl version -a'.
-     [Bodo Moeller]
-
-  *) Allowing defining memory allocation callbacks that will be given
-     file name and line number information in additional arguments
-     (a const char* and an int).  The basic functionality remains, as
-     well as the original possibility to just replace malloc(),
-     realloc() and free() by functions that do not know about these
-     additional arguments.  To register and find out the current
-     settings for extended allocation functions, the following
-     functions are provided:
-
-	CRYPTO_set_mem_ex_functions
-	CRYPTO_set_locked_mem_ex_functions
-	CRYPTO_get_mem_ex_functions
-	CRYPTO_get_locked_mem_ex_functions
-
-     These work the same way as CRYPTO_set_mem_functions and friends.
-     CRYPTO_get_[locked_]mem_functions now writes 0 where such an
-     extended allocation function is enabled.
-     Similarly, CRYPTO_get_[locked_]mem_ex_functions writes 0 where
-     a conventional allocation function is enabled.
-     [Richard Levitte, Bodo Moeller]
-
-  *) Finish off removing the remaining LHASH function pointer casts.
-     There should no longer be any prototype-casting required when using
-     the LHASH abstraction, and any casts that remain are "bugs". See
-     the callback types and macros at the head of lhash.h for details
-     (and "OBJ_cleanup" in crypto/objects/obj_dat.c as an example).
-     [Geoff Thorpe]
-
-  *) Add automatic query of EGD sockets in RAND_poll() for the unix variant.
-     If /dev/[u]random devices are not available or do not return enough
-     entropy, EGD style sockets (served by EGD or PRNGD) will automatically
-     be queried.
-     The locations /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool, and
-     /etc/entropy will be queried once each in this sequence, quering stops
-     when enough entropy was collected without querying more sockets.
-     [Lutz Jaenicke]
-
-  *) Change the Unix RAND_poll() variant to be able to poll several
-     random devices, as specified by DEVRANDOM, until a sufficient amount
-     of data has been collected.   We spend at most 10 ms on each file
-     (select timeout) and read in non-blocking mode.  DEVRANDOM now
-     defaults to the list "/dev/urandom", "/dev/random", "/dev/srandom"
-     (previously it was just the string "/dev/urandom"), so on typical
-     platforms the 10 ms delay will never occur.
-     Also separate out the Unix variant to its own file, rand_unix.c.
-     For VMS, there's a currently-empty rand_vms.c.
-     [Richard Levitte]
-
-  *) Move OCSP client related routines to ocsp_cl.c. These
-     provide utility functions which an application needing
-     to issue a request to an OCSP responder and analyse the
-     response will typically need: as opposed to those which an
-     OCSP responder itself would need which will be added later.
-
-     OCSP_request_sign() signs an OCSP request with an API similar
-     to PKCS7_sign(). OCSP_response_status() returns status of OCSP
-     response. OCSP_response_get1_basic() extracts basic response
-     from response. OCSP_resp_find_status(): finds and extracts status
-     information from an OCSP_CERTID structure (which will be created
-     when the request structure is built). These are built from lower
-     level functions which work on OCSP_SINGLERESP structures but
-     wont normally be used unless the application wishes to examine
-     extensions in the OCSP response for example.
-
-     Replace nonce routines with a pair of functions.
-     OCSP_request_add1_nonce() adds a nonce value and optionally
-     generates a random value. OCSP_check_nonce() checks the
-     validity of the nonce in an OCSP response.
-     [Steve Henson]
-
-  *) Change function OCSP_request_add() to OCSP_request_add0_id().
-     This doesn't copy the supplied OCSP_CERTID and avoids the
-     need to free up the newly created id. Change return type
-     to OCSP_ONEREQ to return the internal OCSP_ONEREQ structure.
-     This can then be used to add extensions to the request.
-     Deleted OCSP_request_new(), since most of its functionality
-     is now in OCSP_REQUEST_new() (and the case insensitive name
-     clash) apart from the ability to set the request name which
-     will be added elsewhere.
-     [Steve Henson]
-
-  *) Update OCSP API. Remove obsolete extensions argument from
-     various functions. Extensions are now handled using the new
-     OCSP extension code. New simple OCSP HTTP function which 
-     can be used to send requests and parse the response.
-     [Steve Henson]
-
-  *) Fix the PKCS#7 (S/MIME) code to work with new ASN1. Two new
-     ASN1_ITEM structures help with sign and verify. PKCS7_ATTR_SIGN
-     uses the special reorder version of SET OF to sort the attributes
-     and reorder them to match the encoded order. This resolves a long
-     standing problem: a verify on a PKCS7 structure just after signing
-     it used to fail because the attribute order did not match the
-     encoded order. PKCS7_ATTR_VERIFY does not reorder the attributes:
-     it uses the received order. This is necessary to tolerate some broken
-     software that does not order SET OF. This is handled by encoding
-     as a SEQUENCE OF but using implicit tagging (with UNIVERSAL class)
-     to produce the required SET OF.
-     [Steve Henson]
-
-  *) Have mk1mf.pl generate the macros OPENSSL_BUILD_SHLIBCRYPTO and
-     OPENSSL_BUILD_SHLIBSSL and use them appropriately in the header
-     files to get correct declarations of the ASN.1 item variables.
-     [Richard Levitte]
-
-  *) Rewrite of PKCS#12 code to use new ASN1 functionality. Replace many
-     PKCS#12 macros with real functions. Fix two unrelated ASN1 bugs:
-     asn1_check_tlen() would sometimes attempt to use 'ctx' when it was
-     NULL and ASN1_TYPE was not dereferenced properly in asn1_ex_c2i().
-     New ASN1 macro: DECLARE_ASN1_ITEM() which just declares the relevant
-     ASN1_ITEM and no wrapper functions.
-     [Steve Henson]
-
-  *) New functions or ASN1_item_d2i_fp() and ASN1_item_d2i_bio(). These
-     replace the old function pointer based I/O routines. Change most of
-     the *_d2i_bio() and *_d2i_fp() functions to use these.
-     [Steve Henson]
-
-  *) Enhance mkdef.pl to be more accepting about spacing in C preprocessor
-     lines, recognice more "algorithms" that can be deselected, and make
-     it complain about algorithm deselection that isn't recognised.
-     [Richard Levitte]
-
-  *) New ASN1 functions to handle dup, sign, verify, digest, pack and
-     unpack operations in terms of ASN1_ITEM. Modify existing wrappers
-     to use new functions. Add NO_ASN1_OLD which can be set to remove
-     some old style ASN1 functions: this can be used to determine if old
-     code will still work when these eventually go away.
-     [Steve Henson]
-
-  *) New extension functions for OCSP structures, these follow the
-     same conventions as certificates and CRLs.
-     [Steve Henson]
-
-  *) New function X509V3_add1_i2d(). This automatically encodes and
-     adds an extension. Its behaviour can be customised with various
-     flags to append, replace or delete. Various wrappers added for
-     certifcates and CRLs.
-     [Steve Henson]
-
-  *) Fix to avoid calling the underlying ASN1 print routine when
-     an extension cannot be parsed. Correct a typo in the
-     OCSP_SERVICELOC extension. Tidy up print OCSP format.
-     [Steve Henson]
-
-  *) Make mkdef.pl parse some of the ASN1 macros and add apropriate
-     entries for variables.
-     [Steve Henson]
-
-  *) Add functionality to apps/openssl.c for detecting locking
-     problems: As the program is single-threaded, all we have
-     to do is register a locking callback using an array for
-     storing which locks are currently held by the program.
-     [Bodo Moeller]
-
-  *) Use a lock around the call to CRYPTO_get_ex_new_index() in
-     SSL_get_ex_data_X509_STORE_idx(), which is used in
-     ssl_verify_cert_chain() and thus can be called at any time
-     during TLS/SSL handshakes so that thread-safety is essential.
-     Unfortunately, the ex_data design is not at all suited
-     for multi-threaded use, so it probably should be abolished.
-     [Bodo Moeller]
-
-  *) Added Broadcom "ubsec" ENGINE to OpenSSL.
-     [Broadcom, tweaked and integrated by Geoff Thorpe]
-
-  *) Move common extension printing code to new function
-     X509V3_print_extensions(). Reorganise OCSP print routines and
-     implement some needed OCSP ASN1 functions. Add OCSP extensions.
-     [Steve Henson]
-
-  *) New function X509_signature_print() to remove duplication in some
-     print routines.
-     [Steve Henson]
-
-  *) Add a special meaning when SET OF and SEQUENCE OF flags are both
-     set (this was treated exactly the same as SET OF previously). This
-     is used to reorder the STACK representing the structure to match the
-     encoding. This will be used to get round a problem where a PKCS7
-     structure which was signed could not be verified because the STACK
-     order did not reflect the encoded order.
-     [Steve Henson]
-
-  *) Reimplement the OCSP ASN1 module using the new code.
-     [Steve Henson]
-
-  *) Update the X509V3 code to permit the use of an ASN1_ITEM structure
-     for its ASN1 operations. The old style function pointers still exist
-     for now but they will eventually go away.
-     [Steve Henson]
-
-  *) Merge in replacement ASN1 code from the ASN1 branch. This almost
-     completely replaces the old ASN1 functionality with a table driven
-     encoder and decoder which interprets an ASN1_ITEM structure describing
-     the ASN1 module. Compatibility with the existing ASN1 API (i2d,d2i) is
-     largely maintained. Almost all of the old asn1_mac.h macro based ASN1
-     has also been converted to the new form.
-     [Steve Henson]
-
-  *) Change BN_mod_exp_recp so that negative moduli are tolerated
-     (the sign is ignored).  Similarly, ignore the sign in BN_MONT_CTX_set
-     so that BN_mod_exp_mont and BN_mod_exp_mont_word work
-     for negative moduli.
-     [Bodo Moeller]
-
-  *) Fix BN_uadd and BN_usub: Always return non-negative results instead
-     of not touching the result's sign bit.
-     [Bodo Moeller]
-
-  *) BN_div bugfix: If the result is 0, the sign (res->neg) must not be
-     set.
-     [Bodo Moeller]
-
-  *) Changed the LHASH code to use prototypes for callbacks, and created
-     macros to declare and implement thin (optionally static) functions
-     that provide type-safety and avoid function pointer casting for the
-     type-specific callbacks.
-     [Geoff Thorpe]
-
-  *) Added Kerberos Cipher Suites to be used with TLS, as written in
-     RFC 2712.
-     [Veers Staats <staatsvr at asc.hpc.mil>,
-      Jeffrey Altman <jaltman at columbia.edu>, via Richard Levitte]
-
-  *) Reformat the FAQ so the different questions and answers can be divided
-     in sections depending on the subject.
-     [Richard Levitte]
-
-  *) Have the zlib compression code load ZLIB.DLL dynamically under
-     Windows.
-     [Richard Levitte]
-
-  *) New function BN_mod_sqrt for computing square roots modulo a prime
-     (using the probabilistic Tonelli-Shanks algorithm unless
-     p == 3 (mod 4)  or  p == 5 (mod 8),  which are cases that can
-     be handled deterministically).
-     [Lenka Fibikova <fibikova at exp-math.uni-essen.de>, Bodo Moeller]
-
-  *) Make BN_mod_inverse faster by explicitly handling small quotients
-     in the Euclid loop. (Speed gain about 20% for small moduli [256 or
-     512 bits], about 30% for larger ones [1024 or 2048 bits].)
-     [Bodo Moeller]
-
-  *) New function BN_kronecker.
-     [Bodo Moeller]
-
-  *) Fix BN_gcd so that it works on negative inputs; the result is
-     positive unless both parameters are zero.
-     Previously something reasonably close to an infinite loop was
-     possible because numbers could be growing instead of shrinking
-     in the implementation of Euclid's algorithm.
-     [Bodo Moeller]
-
-  *) Fix BN_is_word() and BN_is_one() macros to take into account the
-     sign of the number in question.
-
-     Fix BN_is_word(a,w) to work correctly for w == 0.
-
-     The old BN_is_word(a,w) macro is now called BN_abs_is_word(a,w)
-     because its test if the absolute value of 'a' equals 'w'.
-     Note that BN_abs_is_word does *not* handle w == 0 reliably;
-     it exists mostly for use in the implementations of BN_is_zero(),
-     BN_is_one(), and BN_is_word().
-     [Bodo Moeller]
-
-  *) New function BN_swap.
-     [Bodo Moeller]
-
-  *) Use BN_nnmod instead of BN_mod in crypto/bn/bn_exp.c so that
-     the exponentiation functions are more likely to produce reasonable
-     results on negative inputs.
-     [Bodo Moeller]
-
-  *) Change BN_mod_mul so that the result is always non-negative.
-     Previously, it could be negative if one of the factors was negative;
-     I don't think anyone really wanted that behaviour.
-     [Bodo Moeller]
-
-  *) Move BN_mod_... functions into new file crypto/bn/bn_mod.c
-     (except for exponentiation, which stays in crypto/bn/bn_exp.c,
-     and BN_mod_mul_reciprocal, which stays in crypto/bn/bn_recp.c)
-     and add new functions:
-
-          BN_nnmod
-          BN_mod_sqr
-          BN_mod_add
-          BN_mod_add_quick
-          BN_mod_sub
-          BN_mod_sub_quick
-          BN_mod_lshift1
-          BN_mod_lshift1_quick
-          BN_mod_lshift
-          BN_mod_lshift_quick
-
-     These functions always generate non-negative results.
-
-     BN_nnmod otherwise is like BN_mod (if BN_mod computes a remainder  r
-     such that  |m| < r < 0,  BN_nnmod will output  rem + |m|  instead).
-
-     BN_mod_XXX_quick(r, a, [b,] m) generates the same result as
-     BN_mod_XXX(r, a, [b,] m, ctx), but requires that  a  [and  b]
-     be reduced modulo  m.
-     [Lenka Fibikova <fibikova at exp-math.uni-essen.de>, Bodo Moeller]
-
-#if 0
-     The following entry accidentily appeared in the CHANGES file
-     distributed with OpenSSL 0.9.7.  The modifications described in
-     it do *not* apply to OpenSSL 0.9.7.
-
-  *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there
-     was actually never needed) and in BN_mul().  The removal in BN_mul()
-     required a small change in bn_mul_part_recursive() and the addition
-     of the functions bn_cmp_part_words(), bn_sub_part_words() and
-     bn_add_part_words(), which do the same thing as bn_cmp_words(),
-     bn_sub_words() and bn_add_words() except they take arrays with
-     differing sizes.
-     [Richard Levitte]
-#endif
-
-  *) In 'openssl passwd', verify passwords read from the terminal
-     unless the '-salt' option is used (which usually means that
-     verification would just waste user's time since the resulting
-     hash is going to be compared with some given password hash)
-     or the new '-noverify' option is used.
-
-     This is an incompatible change, but it does not affect
-     non-interactive use of 'openssl passwd' (passwords on the command
-     line, '-stdin' option, '-in ...' option) and thus should not
-     cause any problems.
-     [Bodo Moeller]
-
-  *) Remove all references to RSAref, since there's no more need for it.
-     [Richard Levitte]
-
-  *) Make DSO load along a path given through an environment variable
-     (SHLIB_PATH) with shl_load().
-     [Richard Levitte]
-
-  *) Constify the ENGINE code as a result of BIGNUM constification.
-     Also constify the RSA code and most things related to it.  In a
-     few places, most notable in the depth of the ASN.1 code, ugly
-     casts back to non-const were required (to be solved at a later
-     time)
-     [Richard Levitte]
-
-  *) Make it so the openssl application has all engines loaded by default.
-     [Richard Levitte]
-
-  *) Constify the BIGNUM routines a little more.
-     [Richard Levitte]
-
-  *) Add the following functions:
-
-	ENGINE_load_cswift()
-	ENGINE_load_chil()
-	ENGINE_load_atalla()
-	ENGINE_load_nuron()
-	ENGINE_load_builtin_engines()
-
-     That way, an application can itself choose if external engines that
-     are built-in in OpenSSL shall ever be used or not.  The benefit is
-     that applications won't have to be linked with libdl or other dso
-     libraries unless it's really needed.
-
-     Changed 'openssl engine' to load all engines on demand.
-     Changed the engine header files to avoid the duplication of some
-     declarations (they differed!).
-     [Richard Levitte]
-
-  *) 'openssl engine' can now list capabilities.
-     [Richard Levitte]
-
-  *) Better error reporting in 'openssl engine'.
-     [Richard Levitte]
-
-  *) Never call load_dh_param(NULL) in s_server.
-     [Bodo Moeller]
-
-  *) Add engine application.  It can currently list engines by name and
-     identity, and test if they are actually available.
-     [Richard Levitte]
-
-  *) Improve RPM specification file by forcing symbolic linking and making
-     sure the installed documentation is also owned by root.root.
-     [Damien Miller <djm at mindrot.org>]
-
-  *) Give the OpenSSL applications more possibilities to make use of
-     keys (public as well as private) handled by engines.
-     [Richard Levitte]
-
-  *) Add OCSP code that comes from CertCo.
-     [Richard Levitte]
-
-  *) Add VMS support for the Rijndael code.
-     [Richard Levitte]
-
-  *) Added untested support for Nuron crypto accelerator.
-     [Ben Laurie]
-
-  *) Add support for external cryptographic devices.  This code was
-     previously distributed separately as the "engine" branch.
-     [Geoff Thorpe, Richard Levitte]
-
-  *) Rework the filename-translation in the DSO code. It is now possible to
-     have far greater control over how a "name" is turned into a filename
-     depending on the operating environment and any oddities about the
-     different shared library filenames on each system.
-     [Geoff Thorpe]
-
-  *) Support threads on FreeBSD-elf in Configure.
-     [Richard Levitte]
-
-  *) Fix for SHA1 assembly problem with MASM: it produces
-     warnings about corrupt line number information when assembling
-     with debugging information. This is caused by the overlapping
-     of two sections.
-     [Bernd Matthes <mainbug at celocom.de>, Steve Henson]
-
-  *) NCONF changes.
-     NCONF_get_number() has no error checking at all.  As a replacement,
-     NCONF_get_number_e() is defined (_e for "error checking") and is
-     promoted strongly.  The old NCONF_get_number is kept around for
-     binary backward compatibility.
-     Make it possible for methods to load from something other than a BIO,
-     by providing a function pointer that is given a name instead of a BIO.
-     For example, this could be used to load configuration data from an
-     LDAP server.
-     [Richard Levitte]
-
-  *) Fix for non blocking accept BIOs. Added new I/O special reason
-     BIO_RR_ACCEPT to cover this case. Previously use of accept BIOs
-     with non blocking I/O was not possible because no retry code was
-     implemented. Also added new SSL code SSL_WANT_ACCEPT to cover
-     this case.
-     [Steve Henson]
-
-  *) Added the beginnings of Rijndael support.
-     [Ben Laurie]
-
-  *) Fix for bug in DirectoryString mask setting. Add support for
-     X509_NAME_print_ex() in 'req' and X509_print_ex() function
-     to allow certificate printing to more controllable, additional
-     'certopt' option to 'x509' to allow new printing options to be
-     set.
-     [Steve Henson]
-
-  *) Clean old EAY MD5 hack from e_os.h.
-     [Richard Levitte]
-
- Changes between 0.9.6l and 0.9.6m  [17 Mar 2004]
-
-  *) Fix null-pointer assignment in do_change_cipher_spec() revealed
-     by using the Codenomicon TLS Test Tool (CVE-2004-0079)
-     [Joe Orton, Steve Henson]
-
- Changes between 0.9.6k and 0.9.6l  [04 Nov 2003]
-
-  *) Fix additional bug revealed by the NISCC test suite:
-
-     Stop bug triggering large recursion when presented with
-     certain ASN.1 tags (CVE-2003-0851)
-     [Steve Henson]
-
- Changes between 0.9.6j and 0.9.6k  [30 Sep 2003]
-
-  *) Fix various bugs revealed by running the NISCC test suite:
-
-     Stop out of bounds reads in the ASN1 code when presented with
-     invalid tags (CVE-2003-0543 and CVE-2003-0544).
-     
-     If verify callback ignores invalid public key errors don't try to check
-     certificate signature with the NULL public key.
-
-     [Steve Henson]
-
-  *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
-     if the server requested one: as stated in TLS 1.0 and SSL 3.0
-     specifications.
-     [Steve Henson]
-
-  *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
-     extra data after the compression methods not only for TLS 1.0
-     but also for SSL 3.0 (as required by the specification).
-     [Bodo Moeller; problem pointed out by Matthias Loepfe]
-
-  *) Change X509_certificate_type() to mark the key as exported/exportable
-     when it's 512 *bits* long, not 512 bytes.
-     [Richard Levitte]
-
- Changes between 0.9.6i and 0.9.6j  [10 Apr 2003]
-
-  *) Countermeasure against the Klima-Pokorny-Rosa extension of
-     Bleichbacher's attack on PKCS #1 v1.5 padding: treat
-     a protocol version number mismatch like a decryption error
-     in ssl3_get_client_key_exchange (ssl/s3_srvr.c).
-     [Bodo Moeller]
-
-  *) Turn on RSA blinding by default in the default implementation
-     to avoid a timing attack. Applications that don't want it can call
-     RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
-     They would be ill-advised to do so in most cases.
-     [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]
-
-  *) Change RSA blinding code so that it works when the PRNG is not
-     seeded (in this case, the secret RSA exponent is abused as
-     an unpredictable seed -- if it is not unpredictable, there
-     is no point in blinding anyway).  Make RSA blinding thread-safe
-     by remembering the creator's thread ID in rsa->blinding and
-     having all other threads use local one-time blinding factors
-     (this requires more computation than sharing rsa->blinding, but
-     avoids excessive locking; and if an RSA object is not shared
-     between threads, blinding will still be very fast).
-     [Bodo Moeller]
-
- Changes between 0.9.6h and 0.9.6i  [19 Feb 2003]
-
-  *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
-     via timing by performing a MAC computation even if incorrrect
-     block cipher padding has been found.  This is a countermeasure
-     against active attacks where the attacker has to distinguish
-     between bad padding and a MAC verification error. (CVE-2003-0078)
-
-     [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
-     Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
-     Martin Vuagnoux (EPFL, Ilion)]
-
- Changes between 0.9.6g and 0.9.6h  [5 Dec 2002]
-
-  *) New function OPENSSL_cleanse(), which is used to cleanse a section of
-     memory from it's contents.  This is done with a counter that will
-     place alternating values in each byte.  This can be used to solve
-     two issues: 1) the removal of calls to memset() by highly optimizing
-     compilers, and 2) cleansing with other values than 0, since those can
-     be read through on certain media, for example a swap space on disk.
-     [Geoff Thorpe]
-
-  *) Bugfix: client side session caching did not work with external caching,
-     because the session->cipher setting was not restored when reloading
-     from the external cache. This problem was masked, when
-     SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (part of SSL_OP_ALL) was set.
-     (Found by Steve Haslam <steve at araqnid.ddts.net>.)
-     [Lutz Jaenicke]
-
-  *) Fix client_certificate (ssl/s2_clnt.c): The permissible total
-     length of the REQUEST-CERTIFICATE message is 18 .. 34, not 17 .. 33.
-     [Zeev Lieber <zeev-l at yahoo.com>]
-
-  *) Undo an undocumented change introduced in 0.9.6e which caused
-     repeated calls to OpenSSL_add_all_ciphers() and 
-     OpenSSL_add_all_digests() to be ignored, even after calling
-     EVP_cleanup().
-     [Richard Levitte]
-
-  *) Change the default configuration reader to deal with last line not
-     being properly terminated.
-     [Richard Levitte]
-
-  *) Change X509_NAME_cmp() so it applies the special rules on handling
-     DN values that are of type PrintableString, as well as RDNs of type
-     emailAddress where the value has the type ia5String.
-     [stefank at valicert.com via Richard Levitte]
-
-  *) Add a SSL_SESS_CACHE_NO_INTERNAL_STORE flag to take over half
-     the job SSL_SESS_CACHE_NO_INTERNAL_LOOKUP was inconsistently
-     doing, define a new flag (SSL_SESS_CACHE_NO_INTERNAL) to be
-     the bitwise-OR of the two for use by the majority of applications
-     wanting this behaviour, and update the docs. The documented
-     behaviour and actual behaviour were inconsistent and had been
-     changing anyway, so this is more a bug-fix than a behavioural
-     change.
-     [Geoff Thorpe, diagnosed by Nadav Har'El]
-
-  *) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c
-     (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes).
-     [Bodo Moeller]
-
-  *) Fix initialization code race conditions in
-        SSLv23_method(),  SSLv23_client_method(),   SSLv23_server_method(),
-        SSLv2_method(),   SSLv2_client_method(),    SSLv2_server_method(),
-        SSLv3_method(),   SSLv3_client_method(),    SSLv3_server_method(),
-        TLSv1_method(),   TLSv1_client_method(),    TLSv1_server_method(),
-        ssl2_get_cipher_by_char(),
-        ssl3_get_cipher_by_char().
-     [Patrick McCormick <patrick at tellme.com>, Bodo Moeller]
-
-  *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after
-     the cached sessions are flushed, as the remove_cb() might use ex_data
-     contents. Bug found by Sam Varshavchik <mrsam at courier-mta.com>
-     (see [openssl.org #212]).
-     [Geoff Thorpe, Lutz Jaenicke]
-
-  *) Fix typo in OBJ_txt2obj which incorrectly passed the content
-     length, instead of the encoding length to d2i_ASN1_OBJECT.
-     [Steve Henson]
-
- Changes between 0.9.6f and 0.9.6g  [9 Aug 2002]
-
-  *) [In 0.9.6g-engine release:]
-     Fix crypto/engine/vendor_defns/cswift.h for WIN32 (use '_stdcall').
-     [Lynn Gazis <lgazis at rainbow.com>]
-
- Changes between 0.9.6e and 0.9.6f  [8 Aug 2002]
-
-  *) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
-     and get fix the header length calculation.
-     [Florian Weimer <Weimer at CERT.Uni-Stuttgart.DE>,
-	Alon Kantor <alonk at checkpoint.com> (and others),
-	Steve Henson]
-
-  *) Use proper error handling instead of 'assertions' in buffer
-     overflow checks added in 0.9.6e.  This prevents DoS (the
-     assertions could call abort()).
-     [Arne Ansper <arne at ats.cyber.ee>, Bodo Moeller]
-
- Changes between 0.9.6d and 0.9.6e  [30 Jul 2002]
-
-  *) Add various sanity checks to asn1_get_length() to reject
-     the ASN1 length bytes if they exceed sizeof(long), will appear
-     negative or the content length exceeds the length of the
-     supplied buffer.
-     [Steve Henson, Adi Stav <stav at mercury.co.il>, James Yonan <jim at ntlp.com>]
-
-  *) Fix cipher selection routines: ciphers without encryption had no flags
-     for the cipher strength set and where therefore not handled correctly
-     by the selection routines (PR #130).
-     [Lutz Jaenicke]
-
-  *) Fix EVP_dsa_sha macro.
-     [Nils Larsch]
-
-  *) New option
-          SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
-     for disabling the SSL 3.0/TLS 1.0 CBC vulnerability countermeasure
-     that was added in OpenSSL 0.9.6d.
-
-     As the countermeasure turned out to be incompatible with some
-     broken SSL implementations, the new option is part of SSL_OP_ALL.
-     SSL_OP_ALL is usually employed when compatibility with weird SSL
-     implementations is desired (e.g. '-bugs' option to 's_client' and
-     's_server'), so the new option is automatically set in many
-     applications.
-     [Bodo Moeller]
-
-  *) Changes in security patch:
-
-     Changes marked "(CHATS)" were sponsored by the Defense Advanced
-     Research Projects Agency (DARPA) and Air Force Research Laboratory,
-     Air Force Materiel Command, USAF, under agreement number
-     F30602-01-2-0537.
-
-  *) Add various sanity checks to asn1_get_length() to reject
-     the ASN1 length bytes if they exceed sizeof(long), will appear
-     negative or the content length exceeds the length of the
-     supplied buffer. (CVE-2002-0659)
-     [Steve Henson, Adi Stav <stav at mercury.co.il>, James Yonan <jim at ntlp.com>]
-
-  *) Assertions for various potential buffer overflows, not known to
-     happen in practice.
-     [Ben Laurie (CHATS)]
-
-  *) Various temporary buffers to hold ASCII versions of integers were
-     too small for 64 bit platforms. (CVE-2002-0655)
-     [Matthew Byng-Maddick <mbm at aldigital.co.uk> and Ben Laurie (CHATS)>
-
-  *) Remote buffer overflow in SSL3 protocol - an attacker could
-     supply an oversized session ID to a client. (CVE-2002-0656)
-     [Ben Laurie (CHATS)]
-
-  *) Remote buffer overflow in SSL2 protocol - an attacker could
-     supply an oversized client master key. (CVE-2002-0656)
-     [Ben Laurie (CHATS)]
-
- Changes between 0.9.6c and 0.9.6d  [9 May 2002]
-
-  *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
-     encoded as NULL) with id-dsa-with-sha1.
-     [Nils Larsch <nla at trustcenter.de>; problem pointed out by Bodo Moeller]
-
-  *) Check various X509_...() return values in apps/req.c.
-     [Nils Larsch <nla at trustcenter.de>]
-
-  *) Fix BASE64 decode (EVP_DecodeUpdate) for data with CR/LF ended lines:
-     an end-of-file condition would erronously be flagged, when the CRLF
-     was just at the end of a processed block. The bug was discovered when
-     processing data through a buffering memory BIO handing the data to a
-     BASE64-decoding BIO. Bug fund and patch submitted by Pavel Tsekov
-     <ptsekov at syntrex.com> and Nedelcho Stanev.
-     [Lutz Jaenicke]
-
-  *) Implement a countermeasure against a vulnerability recently found
-     in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment
-     before application data chunks to avoid the use of known IVs
-     with data potentially chosen by the attacker.
-     [Bodo Moeller]
-
-  *) Fix length checks in ssl3_get_client_hello().
-     [Bodo Moeller]
-
-  *) TLS/SSL library bugfix: use s->s3->in_read_app_data differently
-     to prevent ssl3_read_internal() from incorrectly assuming that
-     ssl3_read_bytes() found application data while handshake
-     processing was enabled when in fact s->s3->in_read_app_data was
-     merely automatically cleared during the initial handshake.
-     [Bodo Moeller; problem pointed out by Arne Ansper <arne at ats.cyber.ee>]
-
-  *) Fix object definitions for Private and Enterprise: they were not
-     recognized in their shortname (=lowercase) representation. Extend
-     obj_dat.pl to issue an error when using undefined keywords instead
-     of silently ignoring the problem (Svenning Sorensen
-     <sss at sss.dnsalias.net>).
-     [Lutz Jaenicke]
-
-  *) Fix DH_generate_parameters() so that it works for 'non-standard'
-     generators, i.e. generators other than 2 and 5.  (Previously, the
-     code did not properly initialise the 'add' and 'rem' values to
-     BN_generate_prime().)
-
-     In the new general case, we do not insist that 'generator' is
-     actually a primitive root: This requirement is rather pointless;
-     a generator of the order-q subgroup is just as good, if not
-     better.
-     [Bodo Moeller]
- 
-  *) Map new X509 verification errors to alerts. Discovered and submitted by
-     Tom Wu <tom at arcot.com>.
-     [Lutz Jaenicke]
-
-  *) Fix ssl3_pending() (ssl/s3_lib.c) to prevent SSL_pending() from
-     returning non-zero before the data has been completely received
-     when using non-blocking I/O.
-     [Bodo Moeller; problem pointed out by John Hughes]
-
-  *) Some of the ciphers missed the strength entry (SSL_LOW etc).
-     [Ben Laurie, Lutz Jaenicke]
-
-  *) Fix bug in SSL_clear(): bad sessions were not removed (found by
-     Yoram Zahavi <YoramZ at gilian.com>).
-     [Lutz Jaenicke]
-
-  *) Add information about CygWin 1.3 and on, and preserve proper
-     configuration for the versions before that.
-     [Corinna Vinschen <vinschen at redhat.com> and Richard Levitte]
-
-  *) Make removal from session cache (SSL_CTX_remove_session()) more robust:
-     check whether we deal with a copy of a session and do not delete from
-     the cache in this case. Problem reported by "Izhar Shoshani Levi"
-     <izhar at checkpoint.com>.
-     [Lutz Jaenicke]
-
-  *) Do not store session data into the internal session cache, if it
-     is never intended to be looked up (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
-     flag is set). Proposed by Aslam <aslam at funk.com>.
-     [Lutz Jaenicke]
-
-  *) Have ASN1_BIT_STRING_set_bit() really clear a bit when the requested
-     value is 0.
-     [Richard Levitte]
-
-  *) [In 0.9.6d-engine release:]
-     Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
-     [Toomas Kiisk <vix at cyber.ee> via Richard Levitte]
-
-  *) Add the configuration target linux-s390x.
-     [Neale Ferguson <Neale.Ferguson at SoftwareAG-USA.com> via Richard Levitte]
-
-  *) The earlier bugfix for the SSL3_ST_SW_HELLO_REQ_C case of
-     ssl3_accept (ssl/s3_srvr.c) incorrectly used a local flag
-     variable as an indication that a ClientHello message has been
-     received.  As the flag value will be lost between multiple
-     invocations of ssl3_accept when using non-blocking I/O, the
-     function may not be aware that a handshake has actually taken
-     place, thus preventing a new session from being added to the
-     session cache.
-
-     To avoid this problem, we now set s->new_session to 2 instead of
-     using a local variable.
-     [Lutz Jaenicke, Bodo Moeller]
-
-  *) Bugfix: Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c)
-     if the SSL_R_LENGTH_MISMATCH error is detected.
-     [Geoff Thorpe, Bodo Moeller]
-
-  *) New 'shared_ldflag' column in Configure platform table.
-     [Richard Levitte]
-
-  *) Fix EVP_CIPHER_mode macro.
-     ["Dan S. Camper" <dan at bti.net>]
-
-  *) Fix ssl3_read_bytes (ssl/s3_pkt.c): To ignore messages of unknown
-     type, we must throw them away by setting rr->length to 0.
-     [D P Chang <dpc at qualys.com>]
-
- Changes between 0.9.6b and 0.9.6c  [21 dec 2001]
-
-  *) Fix BN_rand_range bug pointed out by Dominikus Scherkl
-     <Dominikus.Scherkl at biodata.com>.  (The previous implementation
-     worked incorrectly for those cases where  range = 10..._2  and
-     3*range  is two bits longer than  range.)
-     [Bodo Moeller]
-
-  *) Only add signing time to PKCS7 structures if it is not already
-     present.
-     [Steve Henson]
-
-  *) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce",
-     OBJ_ld_ce should be OBJ_id_ce.
-     Also some ip-pda OIDs in crypto/objects/objects.txt were
-     incorrect (cf. RFC 3039).
-     [Matt Cooper, Frederic Giudicelli, Bodo Moeller]
-
-  *) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid()
-     returns early because it has nothing to do.
-     [Andy Schneider <andy.schneider at bjss.co.uk>]
-
-  *) [In 0.9.6c-engine release:]
-     Fix mutex callback return values in crypto/engine/hw_ncipher.c.
-     [Andy Schneider <andy.schneider at bjss.co.uk>]
-
-  *) [In 0.9.6c-engine release:]
-     Add support for Cryptographic Appliance's keyserver technology.
-     (Use engine 'keyclient')
-     [Cryptographic Appliances and Geoff Thorpe]
-
-  *) Add a configuration entry for OS/390 Unix.  The C compiler 'c89'
-     is called via tools/c89.sh because arguments have to be
-     rearranged (all '-L' options must appear before the first object
-     modules).
-     [Richard Shapiro <rshapiro at abinitio.com>]
-
-  *) [In 0.9.6c-engine release:]
-     Add support for Broadcom crypto accelerator cards, backported
-     from 0.9.7.
-     [Broadcom, Nalin Dahyabhai <nalin at redhat.com>, Mark Cox]
-
-  *) [In 0.9.6c-engine release:]
-     Add support for SureWare crypto accelerator cards from 
-     Baltimore Technologies.  (Use engine 'sureware')
-     [Baltimore Technologies and Mark Cox]
-
-  *) [In 0.9.6c-engine release:]
-     Add support for crypto accelerator cards from Accelerated
-     Encryption Processing, www.aep.ie.  (Use engine 'aep')
-     [AEP Inc. and Mark Cox]
-
-  *) Add a configuration entry for gcc on UnixWare.
-     [Gary Benson <gbenson at redhat.com>]
-
-  *) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake
-     messages are stored in a single piece (fixed-length part and
-     variable-length part combined) and fix various bugs found on the way.
-     [Bodo Moeller]
-
-  *) Disable caching in BIO_gethostbyname(), directly use gethostbyname()
-     instead.  BIO_gethostbyname() does not know what timeouts are
-     appropriate, so entries would stay in cache even when they have
-     become invalid.
-     [Bodo Moeller; problem pointed out by Rich Salz <rsalz at zolera.com>
-
-  *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when
-     faced with a pathologically small ClientHello fragment that does
-     not contain client_version: Instead of aborting with an error,
-     simply choose the highest available protocol version (i.e.,
-     TLS 1.0 unless it is disabled).  In practice, ClientHello
-     messages are never sent like this, but this change gives us
-     strictly correct behaviour at least for TLS.
-     [Bodo Moeller]
-
-  *) Fix SSL handshake functions and SSL_clear() such that SSL_clear()
-     never resets s->method to s->ctx->method when called from within
-     one of the SSL handshake functions.
-     [Bodo Moeller; problem pointed out by Niko Baric]
-
-  *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert
-     (sent using the client's version number) if client_version is
-     smaller than the protocol version in use.  Also change
-     ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if
-     the client demanded SSL 3.0 but only TLS 1.0 is enabled; then
-     the client will at least see that alert.
-     [Bodo Moeller]
-
-  *) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation
-     correctly.
-     [Bodo Moeller]
-
-  *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a
-     client receives HelloRequest while in a handshake.
-     [Bodo Moeller; bug noticed by Andy Schneider <andy.schneider at bjss.co.uk>]
-
-  *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C
-     should end in 'break', not 'goto end' which circuments various
-     cleanups done in state SSL_ST_OK.   But session related stuff
-     must be disabled for SSL_ST_OK in the case that we just sent a
-     HelloRequest.
-
-     Also avoid some overhead by not calling ssl_init_wbio_buffer()
-     before just sending a HelloRequest.
-     [Bodo Moeller, Eric Rescorla <ekr at rtfm.com>]
-
-  *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
-     reveal whether illegal block cipher padding was found or a MAC
-     verification error occured.  (Neither SSLerr() codes nor alerts
-     are directly visible to potential attackers, but the information
-     may leak via logfiles.)
-
-     Similar changes are not required for the SSL 2.0 implementation
-     because the number of padding bytes is sent in clear for SSL 2.0,
-     and the extra bytes are just ignored.  However ssl/s2_pkt.c
-     failed to verify that the purported number of padding bytes is in
-     the legal range.
-     [Bodo Moeller]
-
-  *) Add OpenUNIX-8 support including shared libraries
-     (Boyd Lynn Gerber <gerberb at zenez.com>).
-     [Lutz Jaenicke]
-
-  *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid
-     'wristwatch attack' using huge encoding parameters (cf.
-     James H. Manger's CRYPTO 2001 paper).  Note that the
-     RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use
-     encoding parameters and hence was not vulnerable.
-     [Bodo Moeller]
-
-  *) BN_sqr() bug fix.
-     [Ulf Möller, reported by Jim Ellis <jim.ellis at cavium.com>]
-
-  *) Rabin-Miller test analyses assume uniformly distributed witnesses,
-     so use BN_pseudo_rand_range() instead of using BN_pseudo_rand()
-     followed by modular reduction.
-     [Bodo Moeller; pointed out by Adam Young <AYoung1 at NCSUS.JNJ.COM>]
-
-  *) Add BN_pseudo_rand_range() with obvious functionality: BN_rand_range()
-     equivalent based on BN_pseudo_rand() instead of BN_rand().
-     [Bodo Moeller]
-
-  *) s3_srvr.c: allow sending of large client certificate lists (> 16 kB).
-     This function was broken, as the check for a new client hello message
-     to handle SGC did not allow these large messages.
-     (Tracked down by "Douglas E. Engert" <deengert at anl.gov>.)
-     [Lutz Jaenicke]
-
-  *) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long]().
-     [Lutz Jaenicke]
-
-  *) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl()
-     for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" <shinton at netopia.com>).
-     [Lutz Jaenicke]
-
-  *) Rework the configuration and shared library support for Tru64 Unix.
-     The configuration part makes use of modern compiler features and
-     still retains old compiler behavior for those that run older versions
-     of the OS.  The shared library support part includes a variant that
-     uses the RPATH feature, and is available through the special
-     configuration target "alpha-cc-rpath", which will never be selected
-     automatically.
-     [Tim Mooney <mooney at dogbert.cc.ndsu.NoDak.edu> via Richard Levitte]
-
-  *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message()
-     with the same message size as in ssl3_get_certificate_request().
-     Otherwise, if no ServerKeyExchange message occurs, CertificateRequest
-     messages might inadvertently be reject as too long.
-     [Petr Lampa <lampa at fee.vutbr.cz>]
-
-  *) Enhanced support for IA-64 Unix platforms (well, Linux and HP-UX).
-     [Andy Polyakov]
-
-  *) Modified SSL library such that the verify_callback that has been set
-     specificly for an SSL object with SSL_set_verify() is actually being
-     used. Before the change, a verify_callback set with this function was
-     ignored and the verify_callback() set in the SSL_CTX at the time of
-     the call was used. New function X509_STORE_CTX_set_verify_cb() introduced
-     to allow the necessary settings.
-     [Lutz Jaenicke]
-
-  *) Initialize static variable in crypto/dsa/dsa_lib.c and crypto/dh/dh_lib.c
-     explicitly to NULL, as at least on Solaris 8 this seems not always to be
-     done automatically (in contradiction to the requirements of the C
-     standard). This made problems when used from OpenSSH.
-     [Lutz Jaenicke]
-
-  *) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored
-     dh->length and always used
-
-          BN_rand_range(priv_key, dh->p).
-
-     BN_rand_range() is not necessary for Diffie-Hellman, and this
-     specific range makes Diffie-Hellman unnecessarily inefficient if
-     dh->length (recommended exponent length) is much smaller than the
-     length of dh->p.  We could use BN_rand_range() if the order of
-     the subgroup was stored in the DH structure, but we only have
-     dh->length.
-
-     So switch back to
-
-          BN_rand(priv_key, l, ...)
-
-     where 'l' is dh->length if this is defined, or BN_num_bits(dh->p)-1
-     otherwise.
-     [Bodo Moeller]
-
-  *) In
-
-          RSA_eay_public_encrypt
-          RSA_eay_private_decrypt
-          RSA_eay_private_encrypt (signing)
-          RSA_eay_public_decrypt (signature verification)
-
-     (default implementations for RSA_public_encrypt,
-     RSA_private_decrypt, RSA_private_encrypt, RSA_public_decrypt),
-     always reject numbers >= n.
-     [Bodo Moeller]
-
-  *) In crypto/rand/md_rand.c, use a new short-time lock CRYPTO_LOCK_RAND2
-     to synchronize access to 'locking_thread'.  This is necessary on
-     systems where access to 'locking_thread' (an 'unsigned long'
-     variable) is not atomic.
-     [Bodo Moeller]
-
-  *) In crypto/rand/md_rand.c, set 'locking_thread' to current thread's ID
-     *before* setting the 'crypto_lock_rand' flag.  The previous code had
-     a race condition if 0 is a valid thread ID.
-     [Travis Vitek <vitek at roguewave.com>]
-
-  *) Add support for shared libraries under Irix.
-     [Albert Chin-A-Young <china at thewrittenword.com>]
-
-  *) Add configuration option to build on Linux on both big-endian and
-     little-endian MIPS.
-     [Ralf Baechle <ralf at uni-koblenz.de>]
-
-  *) Add the possibility to create shared libraries on HP-UX.
-     [Richard Levitte]
-
- Changes between 0.9.6a and 0.9.6b  [9 Jul 2001]
-
-  *) Change ssleay_rand_bytes (crypto/rand/md_rand.c)
-     to avoid a SSLeay/OpenSSL PRNG weakness pointed out by
-     Markku-Juhani O. Saarinen <markku-juhani.saarinen at nokia.com>:
-     PRNG state recovery was possible based on the output of
-     one PRNG request appropriately sized to gain knowledge on
-     'md' followed by enough consecutive 1-byte PRNG requests
-     to traverse all of 'state'.
-
-     1. When updating 'md_local' (the current thread's copy of 'md')
-        during PRNG output generation, hash all of the previous
-        'md_local' value, not just the half used for PRNG output.
-
-     2. Make the number of bytes from 'state' included into the hash
-        independent from the number of PRNG bytes requested.
-
-     The first measure alone would be sufficient to avoid
-     Markku-Juhani's attack.  (Actually it had never occurred
-     to me that the half of 'md_local' used for chaining was the
-     half from which PRNG output bytes were taken -- I had always
-     assumed that the secret half would be used.)  The second
-     measure makes sure that additional data from 'state' is never
-     mixed into 'md_local' in small portions; this heuristically
-     further strengthens the PRNG.
-     [Bodo Moeller]
-
-  *) Fix crypto/bn/asm/mips3.s.
-     [Andy Polyakov]
-
-  *) When only the key is given to "enc", the IV is undefined. Print out
-     an error message in this case.
-     [Lutz Jaenicke]
-
-  *) Handle special case when X509_NAME is empty in X509 printing routines.
-     [Steve Henson]
-
-  *) In dsa_do_verify (crypto/dsa/dsa_ossl.c), verify that r and s are
-     positive and less than q.
-     [Bodo Moeller]
-
-  *) Don't change *pointer in CRYPTO_add_lock() is add_lock_callback is
-     used: it isn't thread safe and the add_lock_callback should handle
-     that itself.
-     [Paul Rose <Paul.Rose at bridge.com>]
-
-  *) Verify that incoming data obeys the block size in
-     ssl3_enc (ssl/s3_enc.c) and tls1_enc (ssl/t1_enc.c).
-     [Bodo Moeller]
-
-  *) Fix OAEP check.
-     [Ulf Möller, Bodo Möller]
-
-  *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5
-     RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5
-     when fixing the server behaviour for backwards-compatible 'client
-     hello' messages.  (Note that the attack is impractical against
-     SSL 3.0 and TLS 1.0 anyway because length and version checking
-     means that the probability of guessing a valid ciphertext is
-     around 2^-40; see section 5 in Bleichenbacher's CRYPTO '98
-     paper.)
-
-     Before 0.9.5, the countermeasure (hide the error by generating a
-     random 'decryption result') did not work properly because
-     ERR_clear_error() was missing, meaning that SSL_get_error() would
-     detect the supposedly ignored error.
-
-     Both problems are now fixed.
-     [Bodo Moeller]
-
-  *) In crypto/bio/bf_buff.c, increase DEFAULT_BUFFER_SIZE to 4096
-     (previously it was 1024).
-     [Bodo Moeller]
-
-  *) Fix for compatibility mode trust settings: ignore trust settings
-     unless some valid trust or reject settings are present.
-     [Steve Henson]
-
-  *) Fix for blowfish EVP: its a variable length cipher.
-     [Steve Henson]
-
-  *) Fix various bugs related to DSA S/MIME verification. Handle missing
-     parameters in DSA public key structures and return an error in the
-     DSA routines if parameters are absent.
-     [Steve Henson]
-
-  *) In versions up to 0.9.6, RAND_file_name() resorted to file ".rnd"
-     in the current directory if neither $RANDFILE nor $HOME was set.
-     RAND_file_name() in 0.9.6a returned NULL in this case.  This has
-     caused some confusion to Windows users who haven't defined $HOME.
-     Thus RAND_file_name() is changed again: e_os.h can define a
-     DEFAULT_HOME, which will be used if $HOME is not set.
-     For Windows, we use "C:"; on other platforms, we still require
-     environment variables.
-
-  *) Move 'if (!initialized) RAND_poll()' into regions protected by
-     CRYPTO_LOCK_RAND.  This is not strictly necessary, but avoids
-     having multiple threads call RAND_poll() concurrently.
-     [Bodo Moeller]
-
-  *) In crypto/rand/md_rand.c, replace 'add_do_not_lock' flag by a
-     combination of a flag and a thread ID variable.
-     Otherwise while one thread is in ssleay_rand_bytes (which sets the
-     flag), *other* threads can enter ssleay_add_bytes without obeying
-     the CRYPTO_LOCK_RAND lock (and may even illegally release the lock
-     that they do not hold after the first thread unsets add_do_not_lock).
-     [Bodo Moeller]
-
-  *) Change bctest again: '-x' expressions are not available in all
-     versions of 'test'.
-     [Bodo Moeller]
-
- Changes between 0.9.6 and 0.9.6a  [5 Apr 2001]
-
-  *) Fix a couple of memory leaks in PKCS7_dataDecode()
-     [Steve Henson, reported by Heyun Zheng <hzheng at atdsprint.com>]
-
-  *) Change Configure and Makefiles to provide EXE_EXT, which will contain
-     the default extension for executables, if any.  Also, make the perl
-     scripts that use symlink() to test if it really exists and use "cp"
-     if it doesn't.  All this made OpenSSL compilable and installable in
-     CygWin.
-     [Richard Levitte]
-
-  *) Fix for asn1_GetSequence() for indefinite length constructed data.
-     If SEQUENCE is length is indefinite just set c->slen to the total
-     amount of data available.
-     [Steve Henson, reported by shige at FreeBSD.org]
-     [This change does not apply to 0.9.7.]
-
-  *) Change bctest to avoid here-documents inside command substitution
-     (workaround for FreeBSD /bin/sh bug).
-     For compatibility with Ultrix, avoid shell functions (introduced
-     in the bctest version that searches along $PATH).
-     [Bodo Moeller]
-
-  *) Rename 'des_encrypt' to 'des_encrypt1'.  This avoids the clashes
-     with des_encrypt() defined on some operating systems, like Solaris
-     and UnixWare.
-     [Richard Levitte]
-
-  *) Check the result of RSA-CRT (see D. Boneh, R. DeMillo, R. Lipton:
-     On the Importance of Eliminating Errors in Cryptographic
-     Computations, J. Cryptology 14 (2001) 2, 101-119,
-     http://theory.stanford.edu/~dabo/papers/faults.ps.gz).
-     [Ulf Moeller]
-  
-  *) MIPS assembler BIGNUM division bug fix. 
-     [Andy Polyakov]
-
-  *) Disabled incorrect Alpha assembler code.
-     [Richard Levitte]
-
-  *) Fix PKCS#7 decode routines so they correctly update the length
-     after reading an EOC for the EXPLICIT tag.
-     [Steve Henson]
-     [This change does not apply to 0.9.7.]
-
-  *) Fix bug in PKCS#12 key generation routines. This was triggered
-     if a 3DES key was generated with a 0 initial byte. Include
-     PKCS12_BROKEN_KEYGEN compilation option to retain the old
-     (but broken) behaviour.
-     [Steve Henson]
-
-  *) Enhance bctest to search for a working bc along $PATH and print
-     it when found.
-     [Tim Rice <tim at multitalents.net> via Richard Levitte]
-
-  *) Fix memory leaks in err.c: free err_data string if necessary;
-     don't write to the wrong index in ERR_set_error_data.
-     [Bodo Moeller]
-
-  *) Implement ssl23_peek (analogous to ssl23_read), which previously
-     did not exist.
-     [Bodo Moeller]
-
-  *) Replace rdtsc with _emit statements for VC++ version 5.
-     [Jeremy Cooper <jeremy at baymoo.org>]
-
-  *) Make it possible to reuse SSLv2 sessions.
-     [Richard Levitte]
-
-  *) In copy_email() check for >= 0 as a return value for
-     X509_NAME_get_index_by_NID() since 0 is a valid index.
-     [Steve Henson reported by Massimiliano Pala <madwolf at opensca.org>]
-
-  *) Avoid coredump with unsupported or invalid public keys by checking if
-     X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when
-     PKCS7_verify() fails with non detached data.
-     [Steve Henson]
-
-  *) Don't use getenv in library functions when run as setuid/setgid.
-     New function OPENSSL_issetugid().
-     [Ulf Moeller]
-
-  *) Avoid false positives in memory leak detection code (crypto/mem_dbg.c)
-     due to incorrect handling of multi-threading:
-
-     1. Fix timing glitch in the MemCheck_off() portion of CRYPTO_mem_ctrl().
-
-     2. Fix logical glitch in is_MemCheck_on() aka CRYPTO_is_mem_check_on().
-
-     3. Count how many times MemCheck_off() has been called so that
-        nested use can be treated correctly.  This also avoids 
-        inband-signalling in the previous code (which relied on the
-        assumption that thread ID 0 is impossible).
-     [Bodo Moeller]
-
-  *) Add "-rand" option also to s_client and s_server.
-     [Lutz Jaenicke]
-
-  *) Fix CPU detection on Irix 6.x.
-     [Kurt Hockenbury <khockenb at stevens-tech.edu> and
-      "Bruce W. Forsberg" <bruce.forsberg at baesystems.com>]
-
-  *) Fix X509_NAME bug which produced incorrect encoding if X509_NAME
-     was empty.
-     [Steve Henson]
-     [This change does not apply to 0.9.7.]
-
-  *) Use the cached encoding of an X509_NAME structure rather than
-     copying it. This is apparently the reason for the libsafe "errors"
-     but the code is actually correct.
-     [Steve Henson]
-
-  *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent
-     Bleichenbacher's DSA attack.
-     Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits
-     to be set and top=0 forces the highest bit to be set; top=-1 is new
-     and leaves the highest bit random.
-     [Ulf Moeller, Bodo Moeller]
-
-  *) In the NCONF_...-based implementations for CONF_... queries
-     (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using
-     a temporary CONF structure with the data component set to NULL
-     (which gives segmentation faults in lh_retrieve).
-     Instead, use NULL for the CONF pointer in CONF_get_string and
-     CONF_get_number (which may use environment variables) and directly
-     return NULL from CONF_get_section.
-     [Bodo Moeller]
-
-  *) Fix potential buffer overrun for EBCDIC.
-     [Ulf Moeller]
-
-  *) Tolerate nonRepudiation as being valid for S/MIME signing and certSign
-     keyUsage if basicConstraints absent for a CA.
-     [Steve Henson]
-
-  *) Make SMIME_write_PKCS7() write mail header values with a format that
-     is more generally accepted (no spaces before the semicolon), since
-     some programs can't parse those values properly otherwise.  Also make
-     sure BIO's that break lines after each write do not create invalid
-     headers.
-     [Richard Levitte]
-
-  *) Make the CRL encoding routines work with empty SEQUENCE OF. The
-     macros previously used would not encode an empty SEQUENCE OF
-     and break the signature.
-     [Steve Henson]
-     [This change does not apply to 0.9.7.]
-
-  *) Zero the premaster secret after deriving the master secret in
-     DH ciphersuites.
-     [Steve Henson]
-
-  *) Add some EVP_add_digest_alias registrations (as found in
-     OpenSSL_add_all_digests()) to SSL_library_init()
-     aka OpenSSL_add_ssl_algorithms().  This provides improved
-     compatibility with peers using X.509 certificates
-     with unconventional AlgorithmIdentifier OIDs.
-     [Bodo Moeller]
-
-  *) Fix for Irix with NO_ASM.
-     ["Bruce W. Forsberg" <bruce.forsberg at baesystems.com>]
-
-  *) ./config script fixes.
-     [Ulf Moeller, Richard Levitte]
-
-  *) Fix 'openssl passwd -1'.
-     [Bodo Moeller]
-
-  *) Change PKCS12_key_gen_asc() so it can cope with non null
-     terminated strings whose length is passed in the passlen
-     parameter, for example from PEM callbacks. This was done
-     by adding an extra length parameter to asc2uni().
-     [Steve Henson, reported by <oddissey at samsung.co.kr>]
-
-  *) Fix C code generated by 'openssl dsaparam -C': If a BN_bin2bn
-     call failed, free the DSA structure.
-     [Bodo Moeller]
-
-  *) Fix to uni2asc() to cope with zero length Unicode strings.
-     These are present in some PKCS#12 files.
-     [Steve Henson]
-
-  *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c).
-     Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits
-     when writing a 32767 byte record.
-     [Bodo Moeller; problem reported by Eric Day <eday at concentric.net>]
-
-  *) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c),
-     obtain lock CRYPTO_LOCK_RSA before setting rsa->_method_mod_{n,p,q}.
-
-     (RSA objects have a reference count access to which is protected
-     by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c],
-     so they are meant to be shared between threads.)
-     [Bodo Moeller, Geoff Thorpe; original patch submitted by
-     "Reddie, Steven" <Steven.Reddie at ca.com>]
-
-  *) Fix a deadlock in CRYPTO_mem_leaks().
-     [Bodo Moeller]
-
-  *) Use better test patterns in bntest.
-     [Ulf Möller]
-
-  *) rand_win.c fix for Borland C.
-     [Ulf Möller]
- 
-  *) BN_rshift bugfix for n == 0.
-     [Bodo Moeller]
-
-  *) Add a 'bctest' script that checks for some known 'bc' bugs
-     so that 'make test' does not abort just because 'bc' is broken.
-     [Bodo Moeller]
-
-  *) Store verify_result within SSL_SESSION also for client side to
-     avoid potential security hole. (Re-used sessions on the client side
-     always resulted in verify_result==X509_V_OK, not using the original
-     result of the server certificate verification.)
-     [Lutz Jaenicke]
-
-  *) Fix ssl3_pending: If the record in s->s3->rrec is not of type
-     SSL3_RT_APPLICATION_DATA, return 0.
-     Similarly, change ssl2_pending to return 0 if SSL_in_init(s) is true.
-     [Bodo Moeller]
-
-  *) Fix SSL_peek:
-     Both ssl2_peek and ssl3_peek, which were totally broken in earlier
-     releases, have been re-implemented by renaming the previous
-     implementations of ssl2_read and ssl3_read to ssl2_read_internal
-     and ssl3_read_internal, respectively, and adding 'peek' parameters
-     to them.  The new ssl[23]_{read,peek} functions are calls to
-     ssl[23]_read_internal with the 'peek' flag set appropriately.
-     A 'peek' parameter has also been added to ssl3_read_bytes, which
-     does the actual work for ssl3_read_internal.
-     [Bodo Moeller]
-
-  *) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling
-     the method-specific "init()" handler. Also clean up ex_data after
-     calling the method-specific "finish()" handler. Previously, this was
-     happening the other way round.
-     [Geoff Thorpe]
-
-  *) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16.
-     The previous value, 12, was not always sufficient for BN_mod_exp().
-     [Bodo Moeller]
-
-  *) Make sure that shared libraries get the internal name engine with
-     the full version number and not just 0.  This should mark the
-     shared libraries as not backward compatible.  Of course, this should
-     be changed again when we can guarantee backward binary compatibility.
-     [Richard Levitte]
-
-  *) Fix typo in get_cert_by_subject() in by_dir.c
-     [Jean-Marc Desperrier <jean-marc.desperrier at certplus.com>]
-
-  *) Rework the system to generate shared libraries:
-
-     - Make note of the expected extension for the shared libraries and
-       if there is a need for symbolic links from for example libcrypto.so.0
-       to libcrypto.so.0.9.7.  There is extended info in Configure for
-       that.
-
-     - Make as few rebuilds of the shared libraries as possible.
-
-     - Still avoid linking the OpenSSL programs with the shared libraries.
-
-     - When installing, install the shared libraries separately from the
-       static ones.
-     [Richard Levitte]
-
-  *) Fix SSL_CTX_set_read_ahead macro to actually use its argument.
-
-     Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new
-     and not in SSL_clear because the latter is also used by the
-     accept/connect functions; previously, the settings made by
-     SSL_set_read_ahead would be lost during the handshake.
-     [Bodo Moeller; problems reported by Anders Gertz <gertz at epact.se>]     
-
-  *) Correct util/mkdef.pl to be selective about disabled algorithms.
-     Previously, it would create entries for disableed algorithms no
-     matter what.
-     [Richard Levitte]
-
-  *) Added several new manual pages for SSL_* function.
-     [Lutz Jaenicke]
-
- Changes between 0.9.5a and 0.9.6  [24 Sep 2000]
-
-  *) In ssl23_get_client_hello, generate an error message when faced
-     with an initial SSL 3.0/TLS record that is too small to contain the
-     first two bytes of the ClientHello message, i.e. client_version.
-     (Note that this is a pathologic case that probably has never happened
-     in real life.)  The previous approach was to use the version number
-     from the record header as a substitute; but our protocol choice
-     should not depend on that one because it is not authenticated
-     by the Finished messages.
-     [Bodo Moeller]
-
-  *) More robust randomness gathering functions for Windows.
-     [Jeffrey Altman <jaltman at columbia.edu>]
-
-  *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is
-     not set then we don't setup the error code for issuer check errors
-     to avoid possibly overwriting other errors which the callback does
-     handle. If an application does set the flag then we assume it knows
-     what it is doing and can handle the new informational codes
-     appropriately.
-     [Steve Henson]
-
-  *) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for
-     a general "ANY" type, as such it should be able to decode anything
-     including tagged types. However it didn't check the class so it would
-     wrongly interpret tagged types in the same way as their universal
-     counterpart and unknown types were just rejected. Changed so that the
-     tagged and unknown types are handled in the same way as a SEQUENCE:
-     that is the encoding is stored intact. There is also a new type
-     "V_ASN1_OTHER" which is used when the class is not universal, in this
-     case we have no idea what the actual type is so we just lump them all
-     together.
-     [Steve Henson]
-
-  *) On VMS, stdout may very well lead to a file that is written to
-     in a record-oriented fashion.  That means that every write() will
-     write a separate record, which will be read separately by the
-     programs trying to read from it.  This can be very confusing.
-
-     The solution is to put a BIO filter in the way that will buffer
-     text until a linefeed is reached, and then write everything a
-     line at a time, so every record written will be an actual line,
-     not chunks of lines and not (usually doesn't happen, but I've
-     seen it once) several lines in one record.  BIO_f_linebuffer() is
-     the answer.
-
-     Currently, it's a VMS-only method, because that's where it has
-     been tested well enough.
-     [Richard Levitte]
-
-  *) Remove 'optimized' squaring variant in BN_mod_mul_montgomery,
-     it can return incorrect results.
-     (Note: The buggy variant was not enabled in OpenSSL 0.9.5a,
-     but it was in 0.9.6-beta[12].)
-     [Bodo Moeller]
-
-  *) Disable the check for content being present when verifying detached
-     signatures in pk7_smime.c. Some versions of Netscape (wrongly)
-     include zero length content when signing messages.
-     [Steve Henson]
-
-  *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR
-     BIO_ctrl (for BIO pairs).
-     [Bodo Möller]
-
-  *) Add DSO method for VMS.
-     [Richard Levitte]
-
-  *) Bug fix: Montgomery multiplication could produce results with the
-     wrong sign.
-     [Ulf Möller]
-
-  *) Add RPM specification openssl.spec and modify it to build three
-     packages.  The default package contains applications, application
-     documentation and run-time libraries.  The devel package contains
-     include files, static libraries and function documentation.  The
-     doc package contains the contents of the doc directory.  The original
-     openssl.spec was provided by Damien Miller <djm at mindrot.org>.
-     [Richard Levitte]
-     
-  *) Add a large number of documentation files for many SSL routines.
-     [Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>]
-
-  *) Add a configuration entry for Sony News 4.
-     [NAKAJI Hiroyuki <nakaji at tutrp.tut.ac.jp>]
-
-  *) Don't set the two most significant bits to one when generating a
-     random number < q in the DSA library.
-     [Ulf Möller]
-
-  *) New SSL API mode 'SSL_MODE_AUTO_RETRY'.  This disables the default
-     behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if
-     the underlying transport is blocking) if a handshake took place.
-     (The default behaviour is needed by applications such as s_client
-     and s_server that use select() to determine when to use SSL_read;
-     but for applications that know in advance when to expect data, it
-     just makes things more complicated.)
-     [Bodo Moeller]
-
-  *) Add RAND_egd_bytes(), which gives control over the number of bytes read
-     from EGD.
-     [Ben Laurie]
-
-  *) Add a few more EBCDIC conditionals that make `req' and `x509'
-     work better on such systems.
-     [Martin Kraemer <Martin.Kraemer at MchP.Siemens.De>]
-
-  *) Add two demo programs for PKCS12_parse() and PKCS12_create().
-     Update PKCS12_parse() so it copies the friendlyName and the
-     keyid to the certificates aux info.
-     [Steve Henson]
-
-  *) Fix bug in PKCS7_verify() which caused an infinite loop
-     if there was more than one signature.
-     [Sven Uszpelkat <su at celocom.de>]
-
-  *) Major change in util/mkdef.pl to include extra information
-     about each symbol, as well as presentig variables as well
-     as functions.  This change means that there's n more need
-     to rebuild the .num files when some algorithms are excluded.
-     [Richard Levitte]
-
-  *) Allow the verify time to be set by an application,
-     rather than always using the current time.
-     [Steve Henson]
-  
-  *) Phase 2 verify code reorganisation. The certificate
-     verify code now looks up an issuer certificate by a
-     number of criteria: subject name, authority key id
-     and key usage. It also verifies self signed certificates
-     by the same criteria. The main comparison function is
-     X509_check_issued() which performs these checks.
- 
-     Lot of changes were necessary in order to support this
-     without completely rewriting the lookup code.
- 
-     Authority and subject key identifier are now cached.
- 
-     The LHASH 'certs' is X509_STORE has now been replaced
-     by a STACK_OF(X509_OBJECT). This is mainly because an
-     LHASH can't store or retrieve multiple objects with
-     the same hash value.
-
-     As a result various functions (which were all internal
-     use only) have changed to handle the new X509_STORE
-     structure. This will break anything that messed round
-     with X509_STORE internally.
- 
-     The functions X509_STORE_add_cert() now checks for an
-     exact match, rather than just subject name.
- 
-     The X509_STORE API doesn't directly support the retrieval
-     of multiple certificates matching a given criteria, however
-     this can be worked round by performing a lookup first
-     (which will fill the cache with candidate certificates)
-     and then examining the cache for matches. This is probably
-     the best we can do without throwing out X509_LOOKUP
-     entirely (maybe later...).
- 
-     The X509_VERIFY_CTX structure has been enhanced considerably.
- 
-     All certificate lookup operations now go via a get_issuer()
-     callback. Although this currently uses an X509_STORE it
-     can be replaced by custom lookups. This is a simple way
-     to bypass the X509_STORE hackery necessary to make this
-     work and makes it possible to use more efficient techniques
-     in future. A very simple version which uses a simple
-     STACK for its trusted certificate store is also provided
-     using X509_STORE_CTX_trusted_stack().
- 
-     The verify_cb() and verify() callbacks now have equivalents
-     in the X509_STORE_CTX structure.
- 
-     X509_STORE_CTX also has a 'flags' field which can be used
-     to customise the verify behaviour.
-     [Steve Henson]
- 
-  *) Add new PKCS#7 signing option PKCS7_NOSMIMECAP which 
-     excludes S/MIME capabilities.
-     [Steve Henson]
-
-  *) When a certificate request is read in keep a copy of the
-     original encoding of the signed data and use it when outputing
-     again. Signatures then use the original encoding rather than
-     a decoded, encoded version which may cause problems if the
-     request is improperly encoded.
-     [Steve Henson]
-
-  *) For consistency with other BIO_puts implementations, call
-     buffer_write(b, ...) directly in buffer_puts instead of calling
-     BIO_write(b, ...).
-
-     In BIO_puts, increment b->num_write as in BIO_write.
-     [Peter.Sylvester at EdelWeb.fr]
-
-  *) Fix BN_mul_word for the case where the word is 0. (We have to use
-     BN_zero, we may not return a BIGNUM with an array consisting of
-     words set to zero.)
-     [Bodo Moeller]
-
-  *) Avoid calling abort() from within the library when problems are
-     detected, except if preprocessor symbols have been defined
-     (such as REF_CHECK, BN_DEBUG etc.).
-     [Bodo Moeller]
-
-  *) New openssl application 'rsautl'. This utility can be
-     used for low level RSA operations. DER public key
-     BIO/fp routines also added.
-     [Steve Henson]
-
-  *) New Configure entry and patches for compiling on QNX 4.
-     [Andreas Schneider <andreas at ds3.etech.fh-hamburg.de>]
-
-  *) A demo state-machine implementation was sponsored by
-     Nuron (http://www.nuron.com/) and is now available in
-     demos/state_machine.
-     [Ben Laurie]
-
-  *) New options added to the 'dgst' utility for signature
-     generation and verification.
-     [Steve Henson]
-
-  *) Unrecognized PKCS#7 content types are now handled via a
-     catch all ASN1_TYPE structure. This allows unsupported
-     types to be stored as a "blob" and an application can
-     encode and decode it manually.
-     [Steve Henson]
-
-  *) Fix various signed/unsigned issues to make a_strex.c
-     compile under VC++.
-     [Oscar Jacobsson <oscar.jacobsson at celocom.com>]
-
-  *) ASN1 fixes. i2d_ASN1_OBJECT was not returning the correct
-     length if passed a buffer. ASN1_INTEGER_to_BN failed
-     if passed a NULL BN and its argument was negative.
-     [Steve Henson, pointed out by Sven Heiberg <sven at tartu.cyber.ee>]
-
-  *) Modification to PKCS#7 encoding routines to output definite
-     length encoding. Since currently the whole structures are in
-     memory there's not real point in using indefinite length 
-     constructed encoding. However if OpenSSL is compiled with
-     the flag PKCS7_INDEFINITE_ENCODING the old form is used.
-     [Steve Henson]
-
-  *) Added BIO_vprintf() and BIO_vsnprintf().
-     [Richard Levitte]
-
-  *) Added more prefixes to parse for in the the strings written
-     through a logging bio, to cover all the levels that are available
-     through syslog.  The prefixes are now:
-
-	PANIC, EMERG, EMR	=>	LOG_EMERG
-	ALERT, ALR		=>	LOG_ALERT
-	CRIT, CRI		=>	LOG_CRIT
-	ERROR, ERR		=>	LOG_ERR
-	WARNING, WARN, WAR	=>	LOG_WARNING
-	NOTICE, NOTE, NOT	=>	LOG_NOTICE
-	INFO, INF		=>	LOG_INFO
-	DEBUG, DBG		=>	LOG_DEBUG
-
-     and as before, if none of those prefixes are present at the
-     beginning of the string, LOG_ERR is chosen.
-
-     On Win32, the LOG_* levels are mapped according to this:
-
-	LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR	=> EVENTLOG_ERROR_TYPE
-	LOG_WARNING				=> EVENTLOG_WARNING_TYPE
-	LOG_NOTICE, LOG_INFO, LOG_DEBUG		=> EVENTLOG_INFORMATION_TYPE
-
-     [Richard Levitte]
-
-  *) Made it possible to reconfigure with just the configuration
-     argument "reconf" or "reconfigure".  The command line arguments
-     are stored in Makefile.ssl in the variable CONFIGURE_ARGS,
-     and are retrieved from there when reconfiguring.
-     [Richard Levitte]
-
-  *) MD4 implemented.
-     [Assar Westerlund <assar at sics.se>, Richard Levitte]
-
-  *) Add the arguments -CAfile and -CApath to the pkcs12 utility.
-     [Richard Levitte]
-
-  *) The obj_dat.pl script was messing up the sorting of object
-     names. The reason was that it compared the quoted version
-     of strings as a result "OCSP" > "OCSP Signing" because
-     " > SPACE. Changed script to store unquoted versions of
-     names and add quotes on output. It was also omitting some
-     names from the lookup table if they were given a default
-     value (that is if SN is missing it is given the same
-     value as LN and vice versa), these are now added on the
-     grounds that if an object has a name we should be able to
-     look it up. Finally added warning output when duplicate
-     short or long names are found.
-     [Steve Henson]
-
-  *) Changes needed for Tandem NSK.
-     [Scott Uroff <scott at xypro.com>]
-
-  *) Fix SSL 2.0 rollback checking: Due to an off-by-one error in
-     RSA_padding_check_SSLv23(), special padding was never detected
-     and thus the SSL 3.0/TLS 1.0 countermeasure against protocol
-     version rollback attacks was not effective.
-
-     In s23_clnt.c, don't use special rollback-attack detection padding
-     (RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the
-     client; similarly, in s23_srvr.c, don't do the rollback check if
-     SSL 2.0 is the only protocol enabled in the server.
-     [Bodo Moeller]
-
-  *) Make it possible to get hexdumps of unprintable data with 'openssl
-     asn1parse'.  By implication, the functions ASN1_parse_dump() and
-     BIO_dump_indent() are added.
-     [Richard Levitte]
-
-  *) New functions ASN1_STRING_print_ex() and X509_NAME_print_ex()
-     these print out strings and name structures based on various
-     flags including RFC2253 support and proper handling of
-     multibyte characters. Added options to the 'x509' utility 
-     to allow the various flags to be set.
-     [Steve Henson]
-
-  *) Various fixes to use ASN1_TIME instead of ASN1_UTCTIME.
-     Also change the functions X509_cmp_current_time() and
-     X509_gmtime_adj() work with an ASN1_TIME structure,
-     this will enable certificates using GeneralizedTime in validity
-     dates to be checked.
-     [Steve Henson]
-
-  *) Make the NEG_PUBKEY_BUG code (which tolerates invalid
-     negative public key encodings) on by default,
-     NO_NEG_PUBKEY_BUG can be set to disable it.
-     [Steve Henson]
-
-  *) New function c2i_ASN1_OBJECT() which acts on ASN1_OBJECT
-     content octets. An i2c_ASN1_OBJECT is unnecessary because
-     the encoding can be trivially obtained from the structure.
-     [Steve Henson]
-
-  *) crypto/err.c locking bugfix: Use write locks (CRYPTO_w_[un]lock),
-     not read locks (CRYPTO_r_[un]lock).
-     [Bodo Moeller]
-
-  *) A first attempt at creating official support for shared
-     libraries through configuration.  I've kept it so the
-     default is static libraries only, and the OpenSSL programs
-     are always statically linked for now, but there are
-     preparations for dynamic linking in place.
-     This has been tested on Linux and Tru64.
-     [Richard Levitte]
-
-  *) Randomness polling function for Win9x, as described in:
-     Peter Gutmann, Software Generation of Practically Strong
-     Random Numbers.
-     [Ulf Möller]
-
-  *) Fix so PRNG is seeded in req if using an already existing
-     DSA key.
-     [Steve Henson]
-
-  *) New options to smime application. -inform and -outform
-     allow alternative formats for the S/MIME message including
-     PEM and DER. The -content option allows the content to be
-     specified separately. This should allow things like Netscape
-     form signing output easier to verify.
-     [Steve Henson]
-
-  *) Fix the ASN1 encoding of tags using the 'long form'.
-     [Steve Henson]
-
-  *) New ASN1 functions, i2c_* and c2i_* for INTEGER and BIT
-     STRING types. These convert content octets to and from the
-     underlying type. The actual tag and length octets are
-     already assumed to have been read in and checked. These
-     are needed because all other string types have virtually
-     identical handling apart from the tag. By having versions
-     of the ASN1 functions that just operate on content octets
-     IMPLICIT tagging can be handled properly. It also allows
-     the ASN1_ENUMERATED code to be cut down because ASN1_ENUMERATED
-     and ASN1_INTEGER are identical apart from the tag.
-     [Steve Henson]
-
-  *) Change the handling of OID objects as follows:
-
-     - New object identifiers are inserted in objects.txt, following
-       the syntax given in objects.README.
-     - objects.pl is used to process obj_mac.num and create a new
-       obj_mac.h.
-     - obj_dat.pl is used to create a new obj_dat.h, using the data in
-       obj_mac.h.
-
-     This is currently kind of a hack, and the perl code in objects.pl
-     isn't very elegant, but it works as I intended.  The simplest way
-     to check that it worked correctly is to look in obj_dat.h and
-     check the array nid_objs and make sure the objects haven't moved
-     around (this is important!).  Additions are OK, as well as
-     consistent name changes. 
-     [Richard Levitte]
-
-  *) Add BSD-style MD5-based passwords to 'openssl passwd' (option '-1').
-     [Bodo Moeller]
-
-  *) Addition of the command line parameter '-rand file' to 'openssl req'.
-     The given file adds to whatever has already been seeded into the
-     random pool through the RANDFILE configuration file option or
-     environment variable, or the default random state file.
-     [Richard Levitte]
-
-  *) mkstack.pl now sorts each macro group into lexical order.
-     Previously the output order depended on the order the files
-     appeared in the directory, resulting in needless rewriting
-     of safestack.h .
-     [Steve Henson]
-
-  *) Patches to make OpenSSL compile under Win32 again. Mostly
-     work arounds for the VC++ problem that it treats func() as
-     func(void). Also stripped out the parts of mkdef.pl that
-     added extra typesafe functions: these no longer exist.
-     [Steve Henson]
-
-  *) Reorganisation of the stack code. The macros are now all 
-     collected in safestack.h . Each macro is defined in terms of
-     a "stack macro" of the form SKM_<name>(type, a, b). The 
-     DEBUG_SAFESTACK is now handled in terms of function casts,
-     this has the advantage of retaining type safety without the
-     use of additional functions. If DEBUG_SAFESTACK is not defined
-     then the non typesafe macros are used instead. Also modified the
-     mkstack.pl script to handle the new form. Needs testing to see
-     if which (if any) compilers it chokes and maybe make DEBUG_SAFESTACK
-     the default if no major problems. Similar behaviour for ASN1_SET_OF
-     and PKCS12_STACK_OF.
-     [Steve Henson]
-
-  *) When some versions of IIS use the 'NET' form of private key the
-     key derivation algorithm is different. Normally MD5(password) is
-     used as a 128 bit RC4 key. In the modified case
-     MD5(MD5(password) + "SGCKEYSALT")  is used insted. Added some
-     new functions i2d_RSA_NET(), d2i_RSA_NET() etc which are the same
-     as the old Netscape_RSA functions except they have an additional
-     'sgckey' parameter which uses the modified algorithm. Also added
-     an -sgckey command line option to the rsa utility. Thanks to 
-     Adrian Peck <bertie at ncipher.com> for posting details of the modified
-     algorithm to openssl-dev.
-     [Steve Henson]
-
-  *) The evp_local.h macros were using 'c.##kname' which resulted in
-     invalid expansion on some systems (SCO 5.0.5 for example).
-     Corrected to 'c.kname'.
-     [Phillip Porch <root at theporch.com>]
-
-  *) New X509_get1_email() and X509_REQ_get1_email() functions that return
-     a STACK of email addresses from a certificate or request, these look
-     in the subject name and the subject alternative name extensions and 
-     omit any duplicate addresses.
-     [Steve Henson]
-
-  *) Re-implement BN_mod_exp2_mont using independent (and larger) windows.
-     This makes DSA verification about 2 % faster.
-     [Bodo Moeller]
-
-  *) Increase maximum window size in BN_mod_exp_... to 6 bits instead of 5
-     (meaning that now 2^5 values will be precomputed, which is only 4 KB
-     plus overhead for 1024 bit moduli).
-     This makes exponentiations about 0.5 % faster for 1024 bit
-     exponents (as measured by "openssl speed rsa2048").
-     [Bodo Moeller]
-
-  *) Rename memory handling macros to avoid conflicts with other
-     software:
-          Malloc         =>  OPENSSL_malloc
-          Malloc_locked  =>  OPENSSL_malloc_locked
-          Realloc        =>  OPENSSL_realloc
-          Free           =>  OPENSSL_free
-     [Richard Levitte]
-
-  *) New function BN_mod_exp_mont_word for small bases (roughly 15%
-     faster than BN_mod_exp_mont, i.e. 7% for a full DH exchange).
-     [Bodo Moeller]
-
-  *) CygWin32 support.
-     [John Jarvie <jjarvie at newsguy.com>]
-
-  *) The type-safe stack code has been rejigged. It is now only compiled
-     in when OpenSSL is configured with the DEBUG_SAFESTACK option and
-     by default all type-specific stack functions are "#define"d back to
-     standard stack functions. This results in more streamlined output
-     but retains the type-safety checking possibilities of the original
-     approach.
-     [Geoff Thorpe]
-
-  *) The STACK code has been cleaned up, and certain type declarations
-     that didn't make a lot of sense have been brought in line. This has
-     also involved a cleanup of sorts in safestack.h to more correctly
-     map type-safe stack functions onto their plain stack counterparts.
-     This work has also resulted in a variety of "const"ifications of
-     lots of the code, especially "_cmp" operations which should normally
-     be prototyped with "const" parameters anyway.
-     [Geoff Thorpe]
-
-  *) When generating bytes for the first time in md_rand.c, 'stir the pool'
-     by seeding with STATE_SIZE dummy bytes (with zero entropy count).
-     (The PRNG state consists of two parts, the large pool 'state' and 'md',
-     where all of 'md' is used each time the PRNG is used, but 'state'
-     is used only indexed by a cyclic counter. As entropy may not be
-     well distributed from the beginning, 'md' is important as a
-     chaining variable. However, the output function chains only half
-     of 'md', i.e. 80 bits.  ssleay_rand_add, on the other hand, chains
-     all of 'md', and seeding with STATE_SIZE dummy bytes will result
-     in all of 'state' being rewritten, with the new values depending
-     on virtually all of 'md'.  This overcomes the 80 bit limitation.)
-     [Bodo Moeller]
-
-  *) In ssl/s2_clnt.c and ssl/s3_clnt.c, call ERR_clear_error() when
-     the handshake is continued after ssl_verify_cert_chain();
-     otherwise, if SSL_VERIFY_NONE is set, remaining error codes
-     can lead to 'unexplainable' connection aborts later.
-     [Bodo Moeller; problem tracked down by Lutz Jaenicke]
-
-  *) Major EVP API cipher revision.
-     Add hooks for extra EVP features. This allows various cipher
-     parameters to be set in the EVP interface. Support added for variable
-     key length ciphers via the EVP_CIPHER_CTX_set_key_length() function and
-     setting of RC2 and RC5 parameters.
-
-     Modify EVP_OpenInit() and EVP_SealInit() to cope with variable key length
-     ciphers.
-
-     Remove lots of duplicated code from the EVP library. For example *every*
-     cipher init() function handles the 'iv' in the same way according to the
-     cipher mode. They also all do nothing if the 'key' parameter is NULL and
-     for CFB and OFB modes they zero ctx->num.
-
-     New functionality allows removal of S/MIME code RC2 hack.
-
-     Most of the routines have the same form and so can be declared in terms
-     of macros.
-
-     By shifting this to the top level EVP_CipherInit() it can be removed from
-     all individual ciphers. If the cipher wants to handle IVs or keys
-     differently it can set the EVP_CIPH_CUSTOM_IV or EVP_CIPH_ALWAYS_CALL_INIT
-     flags.
-
-     Change lots of functions like EVP_EncryptUpdate() to now return a
-     value: although software versions of the algorithms cannot fail
-     any installed hardware versions can.
-     [Steve Henson]
-
-  *) Implement SSL_OP_TLS_ROLLBACK_BUG: In ssl3_get_client_key_exchange, if
-     this option is set, tolerate broken clients that send the negotiated
-     protocol version number instead of the requested protocol version
-     number.
-     [Bodo Moeller]
-
-  *) Call dh_tmp_cb (set by ..._TMP_DH_CB) with correct 'is_export' flag;
-     i.e. non-zero for export ciphersuites, zero otherwise.
-     Previous versions had this flag inverted, inconsistent with
-     rsa_tmp_cb (..._TMP_RSA_CB).
-     [Bodo Moeller; problem reported by Amit Chopra]
-
-  *) Add missing DSA library text string. Work around for some IIS
-     key files with invalid SEQUENCE encoding.
-     [Steve Henson]
-
-  *) Add a document (doc/standards.txt) that list all kinds of standards
-     and so on that are implemented in OpenSSL.
-     [Richard Levitte]
-
-  *) Enhance c_rehash script. Old version would mishandle certificates
-     with the same subject name hash and wouldn't handle CRLs at all.
-     Added -fingerprint option to crl utility, to support new c_rehash
-     features.
-     [Steve Henson]
-
-  *) Eliminate non-ANSI declarations in crypto.h and stack.h.
-     [Ulf Möller]
-
-  *) Fix for SSL server purpose checking. Server checking was
-     rejecting certificates which had extended key usage present
-     but no ssl client purpose.
-     [Steve Henson, reported by Rene Grosser <grosser at hisolutions.com>]
-
-  *) Make PKCS#12 code work with no password. The PKCS#12 spec
-     is a little unclear about how a blank password is handled.
-     Since the password in encoded as a BMPString with terminating
-     double NULL a zero length password would end up as just the
-     double NULL. However no password at all is different and is
-     handled differently in the PKCS#12 key generation code. NS
-     treats a blank password as zero length. MSIE treats it as no
-     password on export: but it will try both on import. We now do
-     the same: PKCS12_parse() tries zero length and no password if
-     the password is set to "" or NULL (NULL is now a valid password:
-     it wasn't before) as does the pkcs12 application.
-     [Steve Henson]
-
-  *) Bugfixes in apps/x509.c: Avoid a memory leak; and don't use
-     perror when PEM_read_bio_X509_REQ fails, the error message must
-     be obtained from the error queue.
-     [Bodo Moeller]
-
-  *) Avoid 'thread_hash' memory leak in crypto/err/err.c by freeing
-     it in ERR_remove_state if appropriate, and change ERR_get_state
-     accordingly to avoid race conditions (this is necessary because
-     thread_hash is no longer constant once set).
-     [Bodo Moeller]
-
-  *) Bugfix for linux-elf makefile.one.
-     [Ulf Möller]
-
-  *) RSA_get_default_method() will now cause a default
-     RSA_METHOD to be chosen if one doesn't exist already.
-     Previously this was only set during a call to RSA_new()
-     or RSA_new_method(NULL) meaning it was possible for
-     RSA_get_default_method() to return NULL.
-     [Geoff Thorpe]
-
-  *) Added native name translation to the existing DSO code
-     that will convert (if the flag to do so is set) filenames
-     that are sufficiently small and have no path information
-     into a canonical native form. Eg. "blah" converted to
-     "libblah.so" or "blah.dll" etc.
-     [Geoff Thorpe]
-
-  *) New function ERR_error_string_n(e, buf, len) which is like
-     ERR_error_string(e, buf), but writes at most 'len' bytes
-     including the 0 terminator.  For ERR_error_string_n, 'buf'
-     may not be NULL.
-     [Damien Miller <djm at mindrot.org>, Bodo Moeller]
-
-  *) CONF library reworked to become more general.  A new CONF
-     configuration file reader "class" is implemented as well as a
-     new functions (NCONF_*, for "New CONF") to handle it.  The now
-     old CONF_* functions are still there, but are reimplemented to
-     work in terms of the new functions.  Also, a set of functions
-     to handle the internal storage of the configuration data is
-     provided to make it easier to write new configuration file
-     reader "classes" (I can definitely see something reading a
-     configuration file in XML format, for example), called _CONF_*,
-     or "the configuration storage API"...
-
-     The new configuration file reading functions are:
-
-        NCONF_new, NCONF_free, NCONF_load, NCONF_load_fp, NCONF_load_bio,
-        NCONF_get_section, NCONF_get_string, NCONF_get_numbre
-
-        NCONF_default, NCONF_WIN32
-
-        NCONF_dump_fp, NCONF_dump_bio
-
-     NCONF_default and NCONF_WIN32 are method (or "class") choosers,
-     NCONF_new creates a new CONF object.  This works in the same way
-     as other interfaces in OpenSSL, like the BIO interface.
-     NCONF_dump_* dump the internal storage of the configuration file,
-     which is useful for debugging.  All other functions take the same
-     arguments as the old CONF_* functions wth the exception of the
-     first that must be a `CONF *' instead of a `LHASH *'.
-
-     To make it easer to use the new classes with the old CONF_* functions,
-     the function CONF_set_default_method is provided.
-     [Richard Levitte]
-
-  *) Add '-tls1' option to 'openssl ciphers', which was already
-     mentioned in the documentation but had not been implemented.
-     (This option is not yet really useful because even the additional
-     experimental TLS 1.0 ciphers are currently treated as SSL 3.0 ciphers.)
-     [Bodo Moeller]
-
-  *) Initial DSO code added into libcrypto for letting OpenSSL (and
-     OpenSSL-based applications) load shared libraries and bind to
-     them in a portable way.
-     [Geoff Thorpe, with contributions from Richard Levitte]
-
- Changes between 0.9.5 and 0.9.5a  [1 Apr 2000]
-
-  *) Make sure _lrotl and _lrotr are only used with MSVC.
-
-  *) Use lock CRYPTO_LOCK_RAND correctly in ssleay_rand_status
-     (the default implementation of RAND_status).
-
-  *) Rename openssl x509 option '-crlext', which was added in 0.9.5,
-     to '-clrext' (= clear extensions), as intended and documented.
-     [Bodo Moeller; inconsistency pointed out by Michael Attili
-     <attili at amaxo.com>]
-
-  *) Fix for HMAC. It wasn't zeroing the rest of the block if the key length
-     was larger than the MD block size.      
-     [Steve Henson, pointed out by Yost William <YostW at tce.com>]
-
-  *) Modernise PKCS12_parse() so it uses STACK_OF(X509) for its ca argument
-     fix a leak when the ca argument was passed as NULL. Stop X509_PUBKEY_set()
-     using the passed key: if the passed key was a private key the result
-     of X509_print(), for example, would be to print out all the private key
-     components.
-     [Steve Henson]
-
-  *) des_quad_cksum() byte order bug fix.
-     [Ulf Möller, using the problem description in krb4-0.9.7, where
-      the solution is attributed to Derrick J Brashear <shadow at DEMENTIA.ORG>]
-
-  *) Fix so V_ASN1_APP_CHOOSE works again: however its use is strongly
-     discouraged.
-     [Steve Henson, pointed out by Brian Korver <briank at cs.stanford.edu>]
-
-  *) For easily testing in shell scripts whether some command
-     'openssl XXX' exists, the new pseudo-command 'openssl no-XXX'
-     returns with exit code 0 iff no command of the given name is available.
-     'no-XXX' is printed in this case, 'XXX' otherwise.  In both cases,
-     the output goes to stdout and nothing is printed to stderr.
-     Additional arguments are always ignored.
-
-     Since for each cipher there is a command of the same name,
-     the 'no-cipher' compilation switches can be tested this way.
-
-     ('openssl no-XXX' is not able to detect pseudo-commands such
-     as 'quit', 'list-XXX-commands', or 'no-XXX' itself.)
-     [Bodo Moeller]
-
-  *) Update test suite so that 'make test' succeeds in 'no-rsa' configuration.
-     [Bodo Moeller]
-
-  *) For SSL_[CTX_]set_tmp_dh, don't create a DH key if SSL_OP_SINGLE_DH_USE
-     is set; it will be thrown away anyway because each handshake creates
-     its own key.
-     ssl_cert_dup, which is used by SSL_new, now copies DH keys in addition
-     to parameters -- in previous versions (since OpenSSL 0.9.3) the
-     'default key' from SSL_CTX_set_tmp_dh would always be lost, meanining
-     you effectivly got SSL_OP_SINGLE_DH_USE when using this macro.
-     [Bodo Moeller]
-
-  *) New s_client option -ign_eof: EOF at stdin is ignored, and
-     'Q' and 'R' lose their special meanings (quit/renegotiate).
-     This is part of what -quiet does; unlike -quiet, -ign_eof
-     does not suppress any output.
-     [Richard Levitte]
-
-  *) Add compatibility options to the purpose and trust code. The
-     purpose X509_PURPOSE_ANY is "any purpose" which automatically
-     accepts a certificate or CA, this was the previous behaviour,
-     with all the associated security issues.
-
-     X509_TRUST_COMPAT is the old trust behaviour: only and
-     automatically trust self signed roots in certificate store. A
-     new trust setting X509_TRUST_DEFAULT is used to specify that
-     a purpose has no associated trust setting and it should instead
-     use the value in the default purpose.
-     [Steve Henson]
-
-  *) Fix the PKCS#8 DSA private key code so it decodes keys again
-     and fix a memory leak.
-     [Steve Henson]
-
-  *) In util/mkerr.pl (which implements 'make errors'), preserve
-     reason strings from the previous version of the .c file, as
-     the default to have only downcase letters (and digits) in
-     automatically generated reasons codes is not always appropriate.
-     [Bodo Moeller]
-
-  *) In ERR_load_ERR_strings(), build an ERR_LIB_SYS error reason table
-     using strerror.  Previously, ERR_reason_error_string() returned
-     library names as reason strings for SYSerr; but SYSerr is a special
-     case where small numbers are errno values, not library numbers.
-     [Bodo Moeller]
-
-  *) Add '-dsaparam' option to 'openssl dhparam' application.  This
-     converts DSA parameters into DH parameters. (When creating parameters,
-     DSA_generate_parameters is used.)
-     [Bodo Moeller]
-
-  *) Include 'length' (recommended exponent length) in C code generated
-     by 'openssl dhparam -C'.
-     [Bodo Moeller]
-
-  *) The second argument to set_label in perlasm was already being used
-     so couldn't be used as a "file scope" flag. Moved to third argument
-     which was free.
-     [Steve Henson]
-
-  *) In PEM_ASN1_write_bio and some other functions, use RAND_pseudo_bytes
-     instead of RAND_bytes for encryption IVs and salts.
-     [Bodo Moeller]
-
-  *) Include RAND_status() into RAND_METHOD instead of implementing
-     it only for md_rand.c  Otherwise replacing the PRNG by calling
-     RAND_set_rand_method would be impossible.
-     [Bodo Moeller]
-
-  *) Don't let DSA_generate_key() enter an infinite loop if the random
-     number generation fails.
-     [Bodo Moeller]
-
-  *) New 'rand' application for creating pseudo-random output.
-     [Bodo Moeller]
-
-  *) Added configuration support for Linux/IA64
-     [Rolf Haberrecker <rolf at suse.de>]
-
-  *) Assembler module support for Mingw32.
-     [Ulf Möller]
-
-  *) Shared library support for HPUX (in shlib/).
-     [Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE> and Anonymous]
-
-  *) Shared library support for Solaris gcc.
-     [Lutz Behnke <behnke at trustcenter.de>]
-
- Changes between 0.9.4 and 0.9.5  [28 Feb 2000]
-
-  *) PKCS7_encrypt() was adding text MIME headers twice because they
-     were added manually and by SMIME_crlf_copy().
-     [Steve Henson]
-
-  *) In bntest.c don't call BN_rand with zero bits argument.
-     [Steve Henson, pointed out by Andrew W. Gray <agray at iconsinc.com>]
-
-  *) BN_mul bugfix: In bn_mul_part_recursion() only the a>a[n] && b>b[n]
-     case was implemented. This caused BN_div_recp() to fail occasionally.
-     [Ulf Möller]
-
-  *) Add an optional second argument to the set_label() in the perl
-     assembly language builder. If this argument exists and is set
-     to 1 it signals that the assembler should use a symbol whose 
-     scope is the entire file, not just the current function. This
-     is needed with MASM which uses the format label:: for this scope.
-     [Steve Henson, pointed out by Peter Runestig <peter at runestig.com>]
-
-  *) Change the ASN1 types so they are typedefs by default. Before
-     almost all types were #define'd to ASN1_STRING which was causing
-     STACK_OF() problems: you couldn't declare STACK_OF(ASN1_UTF8STRING)
-     for example.
-     [Steve Henson]
-
-  *) Change names of new functions to the new get1/get0 naming
-     convention: After 'get1', the caller owns a reference count
-     and has to call ..._free; 'get0' returns a pointer to some
-     data structure without incrementing reference counters.
-     (Some of the existing 'get' functions increment a reference
-     counter, some don't.)
-     Similarly, 'set1' and 'add1' functions increase reference
-     counters or duplicate objects.
-     [Steve Henson]
-
-  *) Allow for the possibility of temp RSA key generation failure:
-     the code used to assume it always worked and crashed on failure.
-     [Steve Henson]
-
-  *) Fix potential buffer overrun problem in BIO_printf().
-     [Ulf Möller, using public domain code by Patrick Powell; problem
-      pointed out by David Sacerdote <das33 at cornell.edu>]
-
-  *) Support EGD <http://www.lothar.com/tech/crypto/>.  New functions
-     RAND_egd() and RAND_status().  In the command line application,
-     the EGD socket can be specified like a seed file using RANDFILE
-     or -rand.
-     [Ulf Möller]
-
-  *) Allow the string CERTIFICATE to be tolerated in PKCS#7 structures.
-     Some CAs (e.g. Verisign) distribute certificates in this form.
-     [Steve Henson]
-
-  *) Remove the SSL_ALLOW_ADH compile option and set the default cipher
-     list to exclude them. This means that no special compilation option
-     is needed to use anonymous DH: it just needs to be included in the
-     cipher list.
-     [Steve Henson]
-
-  *) Change the EVP_MD_CTX_type macro so its meaning consistent with
-     EVP_MD_type. The old functionality is available in a new macro called
-     EVP_MD_md(). Change code that uses it and update docs.
-     [Steve Henson]
-
-  *) ..._ctrl functions now have corresponding ..._callback_ctrl functions
-     where the 'void *' argument is replaced by a function pointer argument.
-     Previously 'void *' was abused to point to functions, which works on
-     many platforms, but is not correct.  As these functions are usually
-     called by macros defined in OpenSSL header files, most source code
-     should work without changes.
-     [Richard Levitte]
-
-  *) <openssl/opensslconf.h> (which is created by Configure) now contains
-     sections with information on -D... compiler switches used for
-     compiling the library so that applications can see them.  To enable
-     one of these sections, a pre-processor symbol OPENSSL_..._DEFINES
-     must be defined.  E.g.,
-        #define OPENSSL_ALGORITHM_DEFINES
-        #include <openssl/opensslconf.h>
-     defines all pertinent NO_<algo> symbols, such as NO_IDEA, NO_RSA, etc.
-     [Richard Levitte, Ulf and Bodo Möller]
-
-  *) Bugfix: Tolerate fragmentation and interleaving in the SSL 3/TLS
-     record layer.
-     [Bodo Moeller]
-
-  *) Change the 'other' type in certificate aux info to a STACK_OF
-     X509_ALGOR. Although not an AlgorithmIdentifier as such it has
-     the required ASN1 format: arbitrary types determined by an OID.
-     [Steve Henson]
-
-  *) Add some PEM_write_X509_REQ_NEW() functions and a command line
-     argument to 'req'. This is not because the function is newer or
-     better than others it just uses the work 'NEW' in the certificate
-     request header lines. Some software needs this.
-     [Steve Henson]
-
-  *) Reorganise password command line arguments: now passwords can be
-     obtained from various sources. Delete the PEM_cb function and make
-     it the default behaviour: i.e. if the callback is NULL and the
-     usrdata argument is not NULL interpret it as a null terminated pass
-     phrase. If usrdata and the callback are NULL then the pass phrase
-     is prompted for as usual.
-     [Steve Henson]
-
-  *) Add support for the Compaq Atalla crypto accelerator. If it is installed,
-     the support is automatically enabled. The resulting binaries will
-     autodetect the card and use it if present.
-     [Ben Laurie and Compaq Inc.]
-
-  *) Work around for Netscape hang bug. This sends certificate request
-     and server done in one record. Since this is perfectly legal in the
-     SSL/TLS protocol it isn't a "bug" option and is on by default. See
-     the bugs/SSLv3 entry for more info.
-     [Steve Henson]
-
-  *) HP-UX tune-up: new unified configs, HP C compiler bug workaround.
-     [Andy Polyakov]
-
-  *) Add -rand argument to smime and pkcs12 applications and read/write
-     of seed file.
-     [Steve Henson]
-
-  *) New 'passwd' tool for crypt(3) and apr1 password hashes.
-     [Bodo Moeller]
-
-  *) Add command line password options to the remaining applications.
-     [Steve Henson]
-
-  *) Bug fix for BN_div_recp() for numerators with an even number of
-     bits.
-     [Ulf Möller]
-
-  *) More tests in bntest.c, and changed test_bn output.
-     [Ulf Möller]
-
-  *) ./config recognizes MacOS X now.
-     [Andy Polyakov]
-
-  *) Bug fix for BN_div() when the first words of num and divsor are
-     equal (it gave wrong results if (rem=(n1-q*d0)&BN_MASK2) < d0).
-     [Ulf Möller]
-
-  *) Add support for various broken PKCS#8 formats, and command line
-     options to produce them.
-     [Steve Henson]
-
-  *) New functions BN_CTX_start(), BN_CTX_get() and BT_CTX_end() to
-     get temporary BIGNUMs from a BN_CTX.
-     [Ulf Möller]
-
-  *) Correct return values in BN_mod_exp_mont() and BN_mod_exp2_mont()
-     for p == 0.
-     [Ulf Möller]
-
-  *) Change the SSLeay_add_all_*() functions to OpenSSL_add_all_*() and
-     include a #define from the old name to the new. The original intent
-     was that statically linked binaries could for example just call
-     SSLeay_add_all_ciphers() to just add ciphers to the table and not
-     link with digests. This never worked becayse SSLeay_add_all_digests()
-     and SSLeay_add_all_ciphers() were in the same source file so calling
-     one would link with the other. They are now in separate source files.
-     [Steve Henson]
-
-  *) Add a new -notext option to 'ca' and a -pubkey option to 'spkac'.
-     [Steve Henson]
-
-  *) Use a less unusual form of the Miller-Rabin primality test (it used
-     a binary algorithm for exponentiation integrated into the Miller-Rabin
-     loop, our standard modexp algorithms are faster).
-     [Bodo Moeller]
-
-  *) Support for the EBCDIC character set completed.
-     [Martin Kraemer <Martin.Kraemer at Mch.SNI.De>]
-
-  *) Source code cleanups: use const where appropriate, eliminate casts,
-     use void * instead of char * in lhash.
-     [Ulf Möller] 
-
-  *) Bugfix: ssl3_send_server_key_exchange was not restartable
-     (the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of
-     this the server could overwrite ephemeral keys that the client
-     has already seen).
-     [Bodo Moeller]
-
-  *) Turn DSA_is_prime into a macro that calls BN_is_prime,
-     using 50 iterations of the Rabin-Miller test.
-
-     DSA_generate_parameters now uses BN_is_prime_fasttest (with 50
-     iterations of the Rabin-Miller test as required by the appendix
-     to FIPS PUB 186[-1]) instead of DSA_is_prime.
-     As BN_is_prime_fasttest includes trial division, DSA parameter
-     generation becomes much faster.
-
-     This implies a change for the callback functions in DSA_is_prime
-     and DSA_generate_parameters: The callback function is called once
-     for each positive witness in the Rabin-Miller test, not just
-     occasionally in the inner loop; and the parameters to the
-     callback function now provide an iteration count for the outer
-     loop rather than for the current invocation of the inner loop.
-     DSA_generate_parameters additionally can call the callback
-     function with an 'iteration count' of -1, meaning that a
-     candidate has passed the trial division test (when q is generated 
-     from an application-provided seed, trial division is skipped).
-     [Bodo Moeller]
-
-  *) New function BN_is_prime_fasttest that optionally does trial
-     division before starting the Rabin-Miller test and has
-     an additional BN_CTX * argument (whereas BN_is_prime always
-     has to allocate at least one BN_CTX).
-     'callback(1, -1, cb_arg)' is called when a number has passed the
-     trial division stage.
-     [Bodo Moeller]
-
-  *) Fix for bug in CRL encoding. The validity dates weren't being handled
-     as ASN1_TIME.
-     [Steve Henson]
-
-  *) New -pkcs12 option to CA.pl script to write out a PKCS#12 file.
-     [Steve Henson]
-
-  *) New function BN_pseudo_rand().
-     [Ulf Möller]
-
-  *) Clean up BN_mod_mul_montgomery(): replace the broken (and unreadable)
-     bignum version of BN_from_montgomery() with the working code from
-     SSLeay 0.9.0 (the word based version is faster anyway), and clean up
-     the comments.
-     [Ulf Möller]
-
-  *) Avoid a race condition in s2_clnt.c (function get_server_hello) that
-     made it impossible to use the same SSL_SESSION data structure in
-     SSL2 clients in multiple threads.
-     [Bodo Moeller]
-
-  *) The return value of RAND_load_file() no longer counts bytes obtained
-     by stat().  RAND_load_file(..., -1) is new and uses the complete file
-     to seed the PRNG (previously an explicit byte count was required).
-     [Ulf Möller, Bodo Möller]
-
-  *) Clean up CRYPTO_EX_DATA functions, some of these didn't have prototypes
-     used (char *) instead of (void *) and had casts all over the place.
-     [Steve Henson]
-
-  *) Make BN_generate_prime() return NULL on error if ret!=NULL.
-     [Ulf Möller]
-
-  *) Retain source code compatibility for BN_prime_checks macro:
-     BN_is_prime(..., BN_prime_checks, ...) now uses
-     BN_prime_checks_for_size to determine the appropriate number of
-     Rabin-Miller iterations.
-     [Ulf Möller]
-
-  *) Diffie-Hellman uses "safe" primes: DH_check() return code renamed to
-     DH_CHECK_P_NOT_SAFE_PRIME.
-     (Check if this is true? OpenPGP calls them "strong".)
-     [Ulf Möller]
-
-  *) Merge the functionality of "dh" and "gendh" programs into a new program
-     "dhparam". The old programs are retained for now but will handle DH keys
-     (instead of parameters) in future.
-     [Steve Henson]
-
-  *) Make the ciphers, s_server and s_client programs check the return values
-     when a new cipher list is set.
-     [Steve Henson]
-
-  *) Enhance the SSL/TLS cipher mechanism to correctly handle the TLS 56bit
-     ciphers. Before when the 56bit ciphers were enabled the sorting was
-     wrong.
-
-     The syntax for the cipher sorting has been extended to support sorting by
-     cipher-strength (using the strength_bits hard coded in the tables).
-     The new command is "@STRENGTH" (see also doc/apps/ciphers.pod).
-
-     Fix a bug in the cipher-command parser: when supplying a cipher command
-     string with an "undefined" symbol (neither command nor alphanumeric
-     [A-Za-z0-9], ssl_set_cipher_list used to hang in an endless loop. Now
-     an error is flagged.
-
-     Due to the strength-sorting extension, the code of the
-     ssl_create_cipher_list() function was completely rearranged. I hope that
-     the readability was also increased :-)
-     [Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>]
-
-  *) Minor change to 'x509' utility. The -CAcreateserial option now uses 1
-     for the first serial number and places 2 in the serial number file. This
-     avoids problems when the root CA is created with serial number zero and
-     the first user certificate has the same issuer name and serial number
-     as the root CA.
-     [Steve Henson]
-
-  *) Fixes to X509_ATTRIBUTE utilities, change the 'req' program so it uses
-     the new code. Add documentation for this stuff.
-     [Steve Henson]
-
-  *) Changes to X509_ATTRIBUTE utilities. These have been renamed from
-     X509_*() to X509at_*() on the grounds that they don't handle X509
-     structures and behave in an analagous way to the X509v3 functions:
-     they shouldn't be called directly but wrapper functions should be used
-     instead.
-
-     So we also now have some wrapper functions that call the X509at functions
-     when passed certificate requests. (TO DO: similar things can be done with
-     PKCS#7 signed and unsigned attributes, PKCS#12 attributes and a few other
-     things. Some of these need some d2i or i2d and print functionality
-     because they handle more complex structures.)
-     [Steve Henson]
-
-  *) Add missing #ifndefs that caused missing symbols when building libssl
-     as a shared library without RSA.  Use #ifndef NO_SSL2 instead of
-     NO_RSA in ssl/s2*.c. 
-     [Kris Kennaway <kris at hub.freebsd.org>, modified by Ulf Möller]
-
-  *) Precautions against using the PRNG uninitialized: RAND_bytes() now
-     has a return value which indicates the quality of the random data
-     (1 = ok, 0 = not seeded).  Also an error is recorded on the thread's
-     error queue. New function RAND_pseudo_bytes() generates output that is
-     guaranteed to be unique but not unpredictable. RAND_add is like
-     RAND_seed, but takes an extra argument for an entropy estimate
-     (RAND_seed always assumes full entropy).
-     [Ulf Möller]
-
-  *) Do more iterations of Rabin-Miller probable prime test (specifically,
-     3 for 1024-bit primes, 6 for 512-bit primes, 12 for 256-bit primes
-     instead of only 2 for all lengths; see BN_prime_checks_for_size definition
-     in crypto/bn/bn_prime.c for the complete table).  This guarantees a
-     false-positive rate of at most 2^-80 for random input.
-     [Bodo Moeller]
-
-  *) Rewrite ssl3_read_n (ssl/s3_pkt.c) avoiding a couple of bugs.
-     [Bodo Moeller]
-
-  *) New function X509_CTX_rget_chain() (renamed to X509_CTX_get1_chain
-     in the 0.9.5 release), this returns the chain
-     from an X509_CTX structure with a dup of the stack and all
-     the X509 reference counts upped: so the stack will exist
-     after X509_CTX_cleanup() has been called. Modify pkcs12.c
-     to use this.
-
-     Also make SSL_SESSION_print() print out the verify return
-     code.
-     [Steve Henson]
-
-  *) Add manpage for the pkcs12 command. Also change the default
-     behaviour so MAC iteration counts are used unless the new
-     -nomaciter option is used. This improves file security and
-     only older versions of MSIE (4.0 for example) need it.
-     [Steve Henson]
-
-  *) Honor the no-xxx Configure options when creating .DEF files.
-     [Ulf Möller]
-
-  *) Add PKCS#10 attributes to field table: challengePassword, 
-     unstructuredName and unstructuredAddress. These are taken from
-     draft PKCS#9 v2.0 but are compatible with v1.2 provided no 
-     international characters are used.
-
-     More changes to X509_ATTRIBUTE code: allow the setting of types
-     based on strings. Remove the 'loc' parameter when adding
-     attributes because these will be a SET OF encoding which is sorted
-     in ASN1 order.
-     [Steve Henson]
-
-  *) Initial changes to the 'req' utility to allow request generation
-     automation. This will allow an application to just generate a template
-     file containing all the field values and have req construct the
-     request.
-
-     Initial support for X509_ATTRIBUTE handling. Stacks of these are
-     used all over the place including certificate requests and PKCS#7
-     structures. They are currently handled manually where necessary with
-     some primitive wrappers for PKCS#7. The new functions behave in a
-     manner analogous to the X509 extension functions: they allow
-     attributes to be looked up by NID and added.
-
-     Later something similar to the X509V3 code would be desirable to
-     automatically handle the encoding, decoding and printing of the
-     more complex types. The string types like challengePassword can
-     be handled by the string table functions.
-
-     Also modified the multi byte string table handling. Now there is
-     a 'global mask' which masks out certain types. The table itself
-     can use the flag STABLE_NO_MASK to ignore the mask setting: this
-     is useful when for example there is only one permissible type
-     (as in countryName) and using the mask might result in no valid
-     types at all.
-     [Steve Henson]
-
-  *) Clean up 'Finished' handling, and add functions SSL_get_finished and
-     SSL_get_peer_finished to allow applications to obtain the latest
-     Finished messages sent to the peer or expected from the peer,
-     respectively.  (SSL_get_peer_finished is usually the Finished message
-     actually received from the peer, otherwise the protocol will be aborted.)
-
-     As the Finished message are message digests of the complete handshake
-     (with a total of 192 bits for TLS 1.0 and more for SSL 3.0), they can
-     be used for external authentication procedures when the authentication
-     provided by SSL/TLS is not desired or is not enough.
-     [Bodo Moeller]
-
-  *) Enhanced support for Alpha Linux is added. Now ./config checks if
-     the host supports BWX extension and if Compaq C is present on the
-     $PATH. Just exploiting of the BWX extension results in 20-30%
-     performance kick for some algorithms, e.g. DES and RC4 to mention
-     a couple. Compaq C in turn generates ~20% faster code for MD5 and
-     SHA1.
-     [Andy Polyakov]
-
-  *) Add support for MS "fast SGC". This is arguably a violation of the
-     SSL3/TLS protocol. Netscape SGC does two handshakes: the first with
-     weak crypto and after checking the certificate is SGC a second one
-     with strong crypto. MS SGC stops the first handshake after receiving
-     the server certificate message and sends a second client hello. Since
-     a server will typically do all the time consuming operations before
-     expecting any further messages from the client (server key exchange
-     is the most expensive) there is little difference between the two.
-
-     To get OpenSSL to support MS SGC we have to permit a second client
-     hello message after we have sent server done. In addition we have to
-     reset the MAC if we do get this second client hello.
-     [Steve Henson]
-
-  *) Add a function 'd2i_AutoPrivateKey()' this will automatically decide
-     if a DER encoded private key is RSA or DSA traditional format. Changed
-     d2i_PrivateKey_bio() to use it. This is only needed for the "traditional"
-     format DER encoded private key. Newer code should use PKCS#8 format which
-     has the key type encoded in the ASN1 structure. Added DER private key
-     support to pkcs8 application.
-     [Steve Henson]
-
-  *) SSL 3/TLS 1 servers now don't request certificates when an anonymous
-     ciphersuites has been selected (as required by the SSL 3/TLS 1
-     specifications).  Exception: When SSL_VERIFY_FAIL_IF_NO_PEER_CERT
-     is set, we interpret this as a request to violate the specification
-     (the worst that can happen is a handshake failure, and 'correct'
-     behaviour would result in a handshake failure anyway).
-     [Bodo Moeller]
-
-  *) In SSL_CTX_add_session, take into account that there might be multiple
-     SSL_SESSION structures with the same session ID (e.g. when two threads
-     concurrently obtain them from an external cache).
-     The internal cache can handle only one SSL_SESSION with a given ID,
-     so if there's a conflict, we now throw out the old one to achieve
-     consistency.
-     [Bodo Moeller]
-
-  *) Add OIDs for idea and blowfish in CBC mode. This will allow both
-     to be used in PKCS#5 v2.0 and S/MIME.  Also add checking to
-     some routines that use cipher OIDs: some ciphers do not have OIDs
-     defined and so they cannot be used for S/MIME and PKCS#5 v2.0 for
-     example.
-     [Steve Henson]
-
-  *) Simplify the trust setting structure and code. Now we just have
-     two sequences of OIDs for trusted and rejected settings. These will
-     typically have values the same as the extended key usage extension
-     and any application specific purposes.
-
-     The trust checking code now has a default behaviour: it will just
-     check for an object with the same NID as the passed id. Functions can
-     be provided to override either the default behaviour or the behaviour
-     for a given id. SSL client, server and email already have functions
-     in place for compatibility: they check the NID and also return "trusted"
-     if the certificate is self signed.
-     [Steve Henson]
-
-  *) Add d2i,i2d bio/fp functions for PrivateKey: these convert the
-     traditional format into an EVP_PKEY structure.
-     [Steve Henson]
-
-  *) Add a password callback function PEM_cb() which either prompts for
-     a password if usr_data is NULL or otherwise assumes it is a null
-     terminated password. Allow passwords to be passed on command line
-     environment or config files in a few more utilities.
-     [Steve Henson]
-
-  *) Add a bunch of DER and PEM functions to handle PKCS#8 format private
-     keys. Add some short names for PKCS#8 PBE algorithms and allow them
-     to be specified on the command line for the pkcs8 and pkcs12 utilities.
-     Update documentation.
-     [Steve Henson]
-
-  *) Support for ASN1 "NULL" type. This could be handled before by using
-     ASN1_TYPE but there wasn't any function that would try to read a NULL
-     and produce an error if it couldn't. For compatibility we also have
-     ASN1_NULL_new() and ASN1_NULL_free() functions but these are faked and
-     don't allocate anything because they don't need to.
-     [Steve Henson]
-
-  *) Initial support for MacOS is now provided. Examine INSTALL.MacOS
-     for details.
-     [Andy Polyakov, Roy Woods <roy at centicsystems.ca>]
-
-  *) Rebuild of the memory allocation routines used by OpenSSL code and
-     possibly others as well.  The purpose is to make an interface that
-     provide hooks so anyone can build a separate set of allocation and
-     deallocation routines to be used by OpenSSL, for example memory
-     pool implementations, or something else, which was previously hard
-     since Malloc(), Realloc() and Free() were defined as macros having
-     the values malloc, realloc and free, respectively (except for Win32
-     compilations).  The same is provided for memory debugging code.
-     OpenSSL already comes with functionality to find memory leaks, but
-     this gives people a chance to debug other memory problems.
-
-     With these changes, a new set of functions and macros have appeared:
-
-       CRYPTO_set_mem_debug_functions()	        [F]
-       CRYPTO_get_mem_debug_functions()         [F]
-       CRYPTO_dbg_set_options()	                [F]
-       CRYPTO_dbg_get_options()                 [F]
-       CRYPTO_malloc_debug_init()               [M]
-
-     The memory debug functions are NULL by default, unless the library
-     is compiled with CRYPTO_MDEBUG or friends is defined.  If someone
-     wants to debug memory anyway, CRYPTO_malloc_debug_init() (which
-     gives the standard debugging functions that come with OpenSSL) or
-     CRYPTO_set_mem_debug_functions() (tells OpenSSL to use functions
-     provided by the library user) must be used.  When the standard
-     debugging functions are used, CRYPTO_dbg_set_options can be used to
-     request additional information:
-     CRYPTO_dbg_set_options(V_CYRPTO_MDEBUG_xxx) corresponds to setting
-     the CRYPTO_MDEBUG_xxx macro when compiling the library.   
-
-     Also, things like CRYPTO_set_mem_functions will always give the
-     expected result (the new set of functions is used for allocation
-     and deallocation) at all times, regardless of platform and compiler
-     options.
-
-     To finish it up, some functions that were never use in any other
-     way than through macros have a new API and new semantic:
-
-       CRYPTO_dbg_malloc()
-       CRYPTO_dbg_realloc()
-       CRYPTO_dbg_free()
-
-     All macros of value have retained their old syntax.
-     [Richard Levitte and Bodo Moeller]
-
-  *) Some S/MIME fixes. The OID for SMIMECapabilities was wrong, the
-     ordering of SMIMECapabilities wasn't in "strength order" and there
-     was a missing NULL in the AlgorithmIdentifier for the SHA1 signature
-     algorithm.
-     [Steve Henson]
-
-  *) Some ASN1 types with illegal zero length encoding (INTEGER,
-     ENUMERATED and OBJECT IDENTIFIER) choked the ASN1 routines.
-     [Frans Heymans <fheymans at isaserver.be>, modified by Steve Henson]
-
-  *) Merge in my S/MIME library for OpenSSL. This provides a simple
-     S/MIME API on top of the PKCS#7 code, a MIME parser (with enough
-     functionality to handle multipart/signed properly) and a utility
-     called 'smime' to call all this stuff. This is based on code I
-     originally wrote for Celo who have kindly allowed it to be
-     included in OpenSSL.
-     [Steve Henson]
-
-  *) Add variants des_set_key_checked and des_set_key_unchecked of
-     des_set_key (aka des_key_sched).  Global variable des_check_key
-     decides which of these is called by des_set_key; this way
-     des_check_key behaves as it always did, but applications and
-     the library itself, which was buggy for des_check_key == 1,
-     have a cleaner way to pick the version they need.
-     [Bodo Moeller]
-
-  *) New function PKCS12_newpass() which changes the password of a
-     PKCS12 structure.
-     [Steve Henson]
-
-  *) Modify X509_TRUST and X509_PURPOSE so it also uses a static and
-     dynamic mix. In both cases the ids can be used as an index into the
-     table. Also modified the X509_TRUST_add() and X509_PURPOSE_add()
-     functions so they accept a list of the field values and the
-     application doesn't need to directly manipulate the X509_TRUST
-     structure.
-     [Steve Henson]
-
-  *) Modify the ASN1_STRING_TABLE stuff so it also uses bsearch and doesn't
-     need initialising.
-     [Steve Henson]
-
-  *) Modify the way the V3 extension code looks up extensions. This now
-     works in a similar way to the object code: we have some "standard"
-     extensions in a static table which is searched with OBJ_bsearch()
-     and the application can add dynamic ones if needed. The file
-     crypto/x509v3/ext_dat.h now has the info: this file needs to be
-     updated whenever a new extension is added to the core code and kept
-     in ext_nid order. There is a simple program 'tabtest.c' which checks
-     this. New extensions are not added too often so this file can readily
-     be maintained manually.
-
-     There are two big advantages in doing things this way. The extensions
-     can be looked up immediately and no longer need to be "added" using
-     X509V3_add_standard_extensions(): this function now does nothing.
-     [Side note: I get *lots* of email saying the extension code doesn't
-      work because people forget to call this function]
-     Also no dynamic allocation is done unless new extensions are added:
-     so if we don't add custom extensions there is no need to call
-     X509V3_EXT_cleanup().
-     [Steve Henson]
-
-  *) Modify enc utility's salting as follows: make salting the default. Add a
-     magic header, so unsalted files fail gracefully instead of just decrypting
-     to garbage. This is because not salting is a big security hole, so people
-     should be discouraged from doing it.
-     [Ben Laurie]
-
-  *) Fixes and enhancements to the 'x509' utility. It allowed a message
-     digest to be passed on the command line but it only used this
-     parameter when signing a certificate. Modified so all relevant
-     operations are affected by the digest parameter including the
-     -fingerprint and -x509toreq options. Also -x509toreq choked if a
-     DSA key was used because it didn't fix the digest.
-     [Steve Henson]
-
-  *) Initial certificate chain verify code. Currently tests the untrusted
-     certificates for consistency with the verify purpose (which is set
-     when the X509_STORE_CTX structure is set up) and checks the pathlength.
-
-     There is a NO_CHAIN_VERIFY compilation option to keep the old behaviour:
-     this is because it will reject chains with invalid extensions whereas
-     every previous version of OpenSSL and SSLeay made no checks at all.
-
-     Trust code: checks the root CA for the relevant trust settings. Trust
-     settings have an initial value consistent with the verify purpose: e.g.
-     if the verify purpose is for SSL client use it expects the CA to be
-     trusted for SSL client use. However the default value can be changed to
-     permit custom trust settings: one example of this would be to only trust
-     certificates from a specific "secure" set of CAs.
-
-     Also added X509_STORE_CTX_new() and X509_STORE_CTX_free() functions
-     which should be used for version portability: especially since the
-     verify structure is likely to change more often now.
-
-     SSL integration. Add purpose and trust to SSL_CTX and SSL and functions
-     to set them. If not set then assume SSL clients will verify SSL servers
-     and vice versa.
-
-     Two new options to the verify program: -untrusted allows a set of
-     untrusted certificates to be passed in and -purpose which sets the
-     intended purpose of the certificate. If a purpose is set then the
-     new chain verify code is used to check extension consistency.
-     [Steve Henson]
-
-  *) Support for the authority information access extension.
-     [Steve Henson]
-
-  *) Modify RSA and DSA PEM read routines to transparently handle
-     PKCS#8 format private keys. New *_PUBKEY_* functions that handle
-     public keys in a format compatible with certificate
-     SubjectPublicKeyInfo structures. Unfortunately there were already
-     functions called *_PublicKey_* which used various odd formats so
-     these are retained for compatibility: however the DSA variants were
-     never in a public release so they have been deleted. Changed dsa/rsa
-     utilities to handle the new format: note no releases ever handled public
-     keys so we should be OK.
-
-     The primary motivation for this change is to avoid the same fiasco
-     that dogs private keys: there are several incompatible private key
-     formats some of which are standard and some OpenSSL specific and
-     require various evil hacks to allow partial transparent handling and
-     even then it doesn't work with DER formats. Given the option anything
-     other than PKCS#8 should be dumped: but the other formats have to
-     stay in the name of compatibility.
-
-     With public keys and the benefit of hindsight one standard format 
-     is used which works with EVP_PKEY, RSA or DSA structures: though
-     it clearly returns an error if you try to read the wrong kind of key.
-
-     Added a -pubkey option to the 'x509' utility to output the public key.
-     Also rename the EVP_PKEY_get_*() to EVP_PKEY_rget_*()
-     (renamed to EVP_PKEY_get1_*() in the OpenSSL 0.9.5 release) and add
-     EVP_PKEY_rset_*() functions (renamed to EVP_PKEY_set1_*())
-     that do the same as the EVP_PKEY_assign_*() except they up the
-     reference count of the added key (they don't "swallow" the
-     supplied key).
-     [Steve Henson]
-
-  *) Fixes to crypto/x509/by_file.c the code to read in certificates and
-     CRLs would fail if the file contained no certificates or no CRLs:
-     added a new function to read in both types and return the number
-     read: this means that if none are read it will be an error. The
-     DER versions of the certificate and CRL reader would always fail
-     because it isn't possible to mix certificates and CRLs in DER format
-     without choking one or the other routine. Changed this to just read
-     a certificate: this is the best we can do. Also modified the code
-     in apps/verify.c to take notice of return codes: it was previously
-     attempting to read in certificates from NULL pointers and ignoring
-     any errors: this is one reason why the cert and CRL reader seemed
-     to work. It doesn't check return codes from the default certificate
-     routines: these may well fail if the certificates aren't installed.
-     [Steve Henson]
-
-  *) Code to support otherName option in GeneralName.
-     [Steve Henson]
-
-  *) First update to verify code. Change the verify utility
-     so it warns if it is passed a self signed certificate:
-     for consistency with the normal behaviour. X509_verify
-     has been modified to it will now verify a self signed
-     certificate if *exactly* the same certificate appears
-     in the store: it was previously impossible to trust a
-     single self signed certificate. This means that:
-     openssl verify ss.pem
-     now gives a warning about a self signed certificate but
-     openssl verify -CAfile ss.pem ss.pem
-     is OK.
-     [Steve Henson]
-
-  *) For servers, store verify_result in SSL_SESSION data structure
-     (and add it to external session representation).
-     This is needed when client certificate verifications fails,
-     but an application-provided verification callback (set by
-     SSL_CTX_set_cert_verify_callback) allows accepting the session
-     anyway (i.e. leaves x509_store_ctx->error != X509_V_OK
-     but returns 1): When the session is reused, we have to set
-     ssl->verify_result to the appropriate error code to avoid
-     security holes.
-     [Bodo Moeller, problem pointed out by Lutz Jaenicke]
-
-  *) Fix a bug in the new PKCS#7 code: it didn't consider the
-     case in PKCS7_dataInit() where the signed PKCS7 structure
-     didn't contain any existing data because it was being created.
-     [Po-Cheng Chen <pocheng at nst.com.tw>, slightly modified by Steve Henson]
-
-  *) Add a salt to the key derivation routines in enc.c. This
-     forms the first 8 bytes of the encrypted file. Also add a
-     -S option to allow a salt to be input on the command line.
-     [Steve Henson]
-
-  *) New function X509_cmp(). Oddly enough there wasn't a function
-     to compare two certificates. We do this by working out the SHA1
-     hash and comparing that. X509_cmp() will be needed by the trust
-     code.
-     [Steve Henson]
-
-  *) SSL_get1_session() is like SSL_get_session(), but increments
-     the reference count in the SSL_SESSION returned.
-     [Geoff Thorpe <geoff at eu.c2.net>]
-
-  *) Fix for 'req': it was adding a null to request attributes.
-     Also change the X509_LOOKUP and X509_INFO code to handle
-     certificate auxiliary information.
-     [Steve Henson]
-
-  *) Add support for 40 and 64 bit RC2 and RC4 algorithms: document
-     the 'enc' command.
-     [Steve Henson]
-
-  *) Add the possibility to add extra information to the memory leak
-     detecting output, to form tracebacks, showing from where each
-     allocation was originated: CRYPTO_push_info("constant string") adds
-     the string plus current file name and line number to a per-thread
-     stack, CRYPTO_pop_info() does the obvious, CRYPTO_remove_all_info()
-     is like calling CYRPTO_pop_info() until the stack is empty.
-     Also updated memory leak detection code to be multi-thread-safe.
-     [Richard Levitte]
-
-  *) Add options -text and -noout to pkcs7 utility and delete the
-     encryption options which never did anything. Update docs.
-     [Steve Henson]
-
-  *) Add options to some of the utilities to allow the pass phrase
-     to be included on either the command line (not recommended on
-     OSes like Unix) or read from the environment. Update the
-     manpages and fix a few bugs.
-     [Steve Henson]
-
-  *) Add a few manpages for some of the openssl commands.
-     [Steve Henson]
-
-  *) Fix the -revoke option in ca. It was freeing up memory twice,
-     leaking and not finding already revoked certificates.
-     [Steve Henson]
-
-  *) Extensive changes to support certificate auxiliary information.
-     This involves the use of X509_CERT_AUX structure and X509_AUX
-     functions. An X509_AUX function such as PEM_read_X509_AUX()
-     can still read in a certificate file in the usual way but it
-     will also read in any additional "auxiliary information". By
-     doing things this way a fair degree of compatibility can be
-     retained: existing certificates can have this information added
-     using the new 'x509' options. 
-
-     Current auxiliary information includes an "alias" and some trust
-     settings. The trust settings will ultimately be used in enhanced
-     certificate chain verification routines: currently a certificate
-     can only be trusted if it is self signed and then it is trusted
-     for all purposes.
-     [Steve Henson]
-
-  *) Fix assembler for Alpha (tested only on DEC OSF not Linux or *BSD).
-     The problem was that one of the replacement routines had not been working
-     since SSLeay releases.  For now the offending routine has been replaced
-     with non-optimised assembler.  Even so, this now gives around 95%
-     performance improvement for 1024 bit RSA signs.
-     [Mark Cox]
-
-  *) Hack to fix PKCS#7 decryption when used with some unorthodox RC2 
-     handling. Most clients have the effective key size in bits equal to
-     the key length in bits: so a 40 bit RC2 key uses a 40 bit (5 byte) key.
-     A few however don't do this and instead use the size of the decrypted key
-     to determine the RC2 key length and the AlgorithmIdentifier to determine
-     the effective key length. In this case the effective key length can still
-     be 40 bits but the key length can be 168 bits for example. This is fixed
-     by manually forcing an RC2 key into the EVP_PKEY structure because the
-     EVP code can't currently handle unusual RC2 key sizes: it always assumes
-     the key length and effective key length are equal.
-     [Steve Henson]
-
-  *) Add a bunch of functions that should simplify the creation of 
-     X509_NAME structures. Now you should be able to do:
-     X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC, "Steve", -1, -1, 0);
-     and have it automatically work out the correct field type and fill in
-     the structures. The more adventurous can try:
-     X509_NAME_add_entry_by_txt(nm, field, MBSTRING_UTF8, str, -1, -1, 0);
-     and it will (hopefully) work out the correct multibyte encoding.
-     [Steve Henson]
-
-  *) Change the 'req' utility to use the new field handling and multibyte
-     copy routines. Before the DN field creation was handled in an ad hoc
-     way in req, ca, and x509 which was rather broken and didn't support
-     BMPStrings or UTF8Strings. Since some software doesn't implement
-     BMPStrings or UTF8Strings yet, they can be enabled using the config file
-     using the dirstring_type option. See the new comment in the default
-     openssl.cnf for more info.
-     [Steve Henson]
-
-  *) Make crypto/rand/md_rand.c more robust:
-     - Assure unique random numbers after fork().
-     - Make sure that concurrent threads access the global counter and
-       md serializably so that we never lose entropy in them
-       or use exactly the same state in multiple threads.
-       Access to the large state is not always serializable because
-       the additional locking could be a performance killer, and
-       md should be large enough anyway.
-     [Bodo Moeller]
-
-  *) New file apps/app_rand.c with commonly needed functionality
-     for handling the random seed file.
-
-     Use the random seed file in some applications that previously did not:
-          ca,
-          dsaparam -genkey (which also ignored its '-rand' option), 
-          s_client,
-          s_server,
-          x509 (when signing).
-     Except on systems with /dev/urandom, it is crucial to have a random
-     seed file at least for key creation, DSA signing, and for DH exchanges;
-     for RSA signatures we could do without one.
-
-     gendh and gendsa (unlike genrsa) used to read only the first byte
-     of each file listed in the '-rand' option.  The function as previously
-     found in genrsa is now in app_rand.c and is used by all programs
-     that support '-rand'.
-     [Bodo Moeller]
-
-  *) In RAND_write_file, use mode 0600 for creating files;
-     don't just chmod when it may be too late.
-     [Bodo Moeller]
-
-  *) Report an error from X509_STORE_load_locations
-     when X509_LOOKUP_load_file or X509_LOOKUP_add_dir failed.
-     [Bill Perry]
-
-  *) New function ASN1_mbstring_copy() this copies a string in either
-     ASCII, Unicode, Universal (4 bytes per character) or UTF8 format
-     into an ASN1_STRING type. A mask of permissible types is passed
-     and it chooses the "minimal" type to use or an error if not type
-     is suitable.
-     [Steve Henson]
-
-  *) Add function equivalents to the various macros in asn1.h. The old
-     macros are retained with an M_ prefix. Code inside the library can
-     use the M_ macros. External code (including the openssl utility)
-     should *NOT* in order to be "shared library friendly".
-     [Steve Henson]
-
-  *) Add various functions that can check a certificate's extensions
-     to see if it usable for various purposes such as SSL client,
-     server or S/MIME and CAs of these types. This is currently 
-     VERY EXPERIMENTAL but will ultimately be used for certificate chain
-     verification. Also added a -purpose flag to x509 utility to
-     print out all the purposes.
-     [Steve Henson]
-
-  *) Add a CRYPTO_EX_DATA to X509 certificate structure and associated
-     functions.
-     [Steve Henson]
-
-  *) New X509V3_{X509,CRL,REVOKED}_get_d2i() functions. These will search
-     for, obtain and decode and extension and obtain its critical flag.
-     This allows all the necessary extension code to be handled in a
-     single function call.
-     [Steve Henson]
-
-  *) RC4 tune-up featuring 30-40% performance improvement on most RISC
-     platforms. See crypto/rc4/rc4_enc.c for further details.
-     [Andy Polyakov]
-
-  *) New -noout option to asn1parse. This causes no output to be produced
-     its main use is when combined with -strparse and -out to extract data
-     from a file (which may not be in ASN.1 format).
-     [Steve Henson]
-
-  *) Fix for pkcs12 program. It was hashing an invalid certificate pointer
-     when producing the local key id.
-     [Richard Levitte <levitte at stacken.kth.se>]
-
-  *) New option -dhparam in s_server. This allows a DH parameter file to be
-     stated explicitly. If it is not stated then it tries the first server
-     certificate file. The previous behaviour hard coded the filename
-     "server.pem".
-     [Steve Henson]
-
-  *) Add -pubin and -pubout options to the rsa and dsa commands. These allow
-     a public key to be input or output. For example:
-     openssl rsa -in key.pem -pubout -out pubkey.pem
-     Also added necessary DSA public key functions to handle this.
-     [Steve Henson]
-
-  *) Fix so PKCS7_dataVerify() doesn't crash if no certificates are contained
-     in the message. This was handled by allowing
-     X509_find_by_issuer_and_serial() to tolerate a NULL passed to it.
-     [Steve Henson, reported by Sampo Kellomaki <sampo at mail.neuronio.pt>]
-
-  *) Fix for bug in d2i_ASN1_bytes(): other ASN1 functions add an extra null
-     to the end of the strings whereas this didn't. This would cause problems
-     if strings read with d2i_ASN1_bytes() were later modified.
-     [Steve Henson, reported by Arne Ansper <arne at ats.cyber.ee>]
-
-  *) Fix for base64 decode bug. When a base64 bio reads only one line of
-     data and it contains EOF it will end up returning an error. This is
-     caused by input 46 bytes long. The cause is due to the way base64
-     BIOs find the start of base64 encoded data. They do this by trying a
-     trial decode on each line until they find one that works. When they
-     do a flag is set and it starts again knowing it can pass all the
-     data directly through the decoder. Unfortunately it doesn't reset
-     the context it uses. This means that if EOF is reached an attempt
-     is made to pass two EOFs through the context and this causes the
-     resulting error. This can also cause other problems as well. As is
-     usual with these problems it takes *ages* to find and the fix is
-     trivial: move one line.
-     [Steve Henson, reported by ian at uns.ns.ac.yu (Ivan Nejgebauer) ]
-
-  *) Ugly workaround to get s_client and s_server working under Windows. The
-     old code wouldn't work because it needed to select() on sockets and the
-     tty (for keypresses and to see if data could be written). Win32 only
-     supports select() on sockets so we select() with a 1s timeout on the
-     sockets and then see if any characters are waiting to be read, if none
-     are present then we retry, we also assume we can always write data to
-     the tty. This isn't nice because the code then blocks until we've
-     received a complete line of data and it is effectively polling the
-     keyboard at 1s intervals: however it's quite a bit better than not
-     working at all :-) A dedicated Windows application might handle this
-     with an event loop for example.
-     [Steve Henson]
-
-  *) Enhance RSA_METHOD structure. Now there are two extra methods, rsa_sign
-     and rsa_verify. When the RSA_FLAGS_SIGN_VER option is set these functions
-     will be called when RSA_sign() and RSA_verify() are used. This is useful
-     if rsa_pub_dec() and rsa_priv_enc() equivalents are not available.
-     For this to work properly RSA_public_decrypt() and RSA_private_encrypt()
-     should *not* be used: RSA_sign() and RSA_verify() must be used instead.
-     This necessitated the support of an extra signature type NID_md5_sha1
-     for SSL signatures and modifications to the SSL library to use it instead
-     of calling RSA_public_decrypt() and RSA_private_encrypt().
-     [Steve Henson]
-
-  *) Add new -verify -CAfile and -CApath options to the crl program, these
-     will lookup a CRL issuers certificate and verify the signature in a
-     similar way to the verify program. Tidy up the crl program so it
-     no longer accesses structures directly. Make the ASN1 CRL parsing a bit
-     less strict. It will now permit CRL extensions even if it is not
-     a V2 CRL: this will allow it to tolerate some broken CRLs.
-     [Steve Henson]
-
-  *) Initialize all non-automatic variables each time one of the openssl
-     sub-programs is started (this is necessary as they may be started
-     multiple times from the "OpenSSL>" prompt).
-     [Lennart Bang, Bodo Moeller]
-
-  *) Preliminary compilation option RSA_NULL which disables RSA crypto without
-     removing all other RSA functionality (this is what NO_RSA does). This
-     is so (for example) those in the US can disable those operations covered
-     by the RSA patent while allowing storage and parsing of RSA keys and RSA
-     key generation.
-     [Steve Henson]
-
-  *) Non-copying interface to BIO pairs.
-     (still largely untested)
-     [Bodo Moeller]
-
-  *) New function ANS1_tag2str() to convert an ASN1 tag to a descriptive
-     ASCII string. This was handled independently in various places before.
-     [Steve Henson]
-
-  *) New functions UTF8_getc() and UTF8_putc() that parse and generate
-     UTF8 strings a character at a time.
-     [Steve Henson]
-
-  *) Use client_version from client hello to select the protocol
-     (s23_srvr.c) and for RSA client key exchange verification
-     (s3_srvr.c), as required by the SSL 3.0/TLS 1.0 specifications.
-     [Bodo Moeller]
-
-  *) Add various utility functions to handle SPKACs, these were previously
-     handled by poking round in the structure internals. Added new function
-     NETSCAPE_SPKI_print() to print out SPKAC and a new utility 'spkac' to
-     print, verify and generate SPKACs. Based on an original idea from
-     Massimiliano Pala <madwolf at comune.modena.it> but extensively modified.
-     [Steve Henson]
-
-  *) RIPEMD160 is operational on all platforms and is back in 'make test'.
-     [Andy Polyakov]
-
-  *) Allow the config file extension section to be overwritten on the
-     command line. Based on an original idea from Massimiliano Pala
-     <madwolf at comune.modena.it>. The new option is called -extensions
-     and can be applied to ca, req and x509. Also -reqexts to override
-     the request extensions in req and -crlexts to override the crl extensions
-     in ca.
-     [Steve Henson]
-
-  *) Add new feature to the SPKAC handling in ca.  Now you can include
-     the same field multiple times by preceding it by "XXXX." for example:
-     1.OU="Unit name 1"
-     2.OU="Unit name 2"
-     this is the same syntax as used in the req config file.
-     [Steve Henson]
-
-  *) Allow certificate extensions to be added to certificate requests. These
-     are specified in a 'req_extensions' option of the req section of the
-     config file. They can be printed out with the -text option to req but
-     are otherwise ignored at present.
-     [Steve Henson]
-
-  *) Fix a horrible bug in enc_read() in crypto/evp/bio_enc.c: if the first
-     data read consists of only the final block it would not decrypted because
-     EVP_CipherUpdate() would correctly report zero bytes had been decrypted.
-     A misplaced 'break' also meant the decrypted final block might not be
-     copied until the next read.
-     [Steve Henson]
-
-  *) Initial support for DH_METHOD. Again based on RSA_METHOD. Also added
-     a few extra parameters to the DH structure: these will be useful if
-     for example we want the value of 'q' or implement X9.42 DH.
-     [Steve Henson]
-
-  *) Initial support for DSA_METHOD. This is based on the RSA_METHOD and
-     provides hooks that allow the default DSA functions or functions on a
-     "per key" basis to be replaced. This allows hardware acceleration and
-     hardware key storage to be handled without major modification to the
-     library. Also added low level modexp hooks and CRYPTO_EX structure and 
-     associated functions.
-     [Steve Henson]
-
-  *) Add a new flag to memory BIOs, BIO_FLAG_MEM_RDONLY. This marks the BIO
-     as "read only": it can't be written to and the buffer it points to will
-     not be freed. Reading from a read only BIO is much more efficient than
-     a normal memory BIO. This was added because there are several times when
-     an area of memory needs to be read from a BIO. The previous method was
-     to create a memory BIO and write the data to it, this results in two
-     copies of the data and an O(n^2) reading algorithm. There is a new
-     function BIO_new_mem_buf() which creates a read only memory BIO from
-     an area of memory. Also modified the PKCS#7 routines to use read only
-     memory BIOs.
-     [Steve Henson]
-
-  *) Bugfix: ssl23_get_client_hello did not work properly when called in
-     state SSL23_ST_SR_CLNT_HELLO_B, i.e. when the first 7 bytes of
-     a SSLv2-compatible client hello for SSLv3 or TLSv1 could be read,
-     but a retry condition occured while trying to read the rest.
-     [Bodo Moeller]
-
-  *) The PKCS7_ENC_CONTENT_new() function was setting the content type as
-     NID_pkcs7_encrypted by default: this was wrong since this should almost
-     always be NID_pkcs7_data. Also modified the PKCS7_set_type() to handle
-     the encrypted data type: this is a more sensible place to put it and it
-     allows the PKCS#12 code to be tidied up that duplicated this
-     functionality.
-     [Steve Henson]
-
-  *) Changed obj_dat.pl script so it takes its input and output files on
-     the command line. This should avoid shell escape redirection problems
-     under Win32.
-     [Steve Henson]
-
-  *) Initial support for certificate extension requests, these are included
-     in things like Xenroll certificate requests. Included functions to allow
-     extensions to be obtained and added.
-     [Steve Henson]
-
-  *) -crlf option to s_client and s_server for sending newlines as
-     CRLF (as required by many protocols).
-     [Bodo Moeller]
-
- Changes between 0.9.3a and 0.9.4  [09 Aug 1999]
-  
-  *) Install libRSAglue.a when OpenSSL is built with RSAref.
-     [Ralf S. Engelschall]
-
-  *) A few more ``#ifndef NO_FP_API / #endif'' pairs for consistency.
-     [Andrija Antonijevic <TheAntony2 at bigfoot.com>]
-
-  *) Fix -startdate and -enddate (which was missing) arguments to 'ca'
-     program.
-     [Steve Henson]
-
-  *) New function DSA_dup_DH, which duplicates DSA parameters/keys as
-     DH parameters/keys (q is lost during that conversion, but the resulting
-     DH parameters contain its length).
-
-     For 1024-bit p, DSA_generate_parameters followed by DSA_dup_DH is
-     much faster than DH_generate_parameters (which creates parameters
-     where p = 2*q + 1), and also the smaller q makes DH computations
-     much more efficient (160-bit exponentiation instead of 1024-bit
-     exponentiation); so this provides a convenient way to support DHE
-     ciphersuites in SSL/TLS servers (see ssl/ssltest.c).  It is of
-     utter importance to use
-         SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
-     or
-         SSL_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
-     when such DH parameters are used, because otherwise small subgroup
-     attacks may become possible!
-     [Bodo Moeller]
-
-  *) Avoid memory leak in i2d_DHparams.
-     [Bodo Moeller]
-
-  *) Allow the -k option to be used more than once in the enc program:
-     this allows the same encrypted message to be read by multiple recipients.
-     [Steve Henson]
-
-  *) New function OBJ_obj2txt(buf, buf_len, a, no_name), this converts
-     an ASN1_OBJECT to a text string. If the "no_name" parameter is set then
-     it will always use the numerical form of the OID, even if it has a short
-     or long name.
-     [Steve Henson]
-
-  *) Added an extra RSA flag: RSA_FLAG_EXT_PKEY. Previously the rsa_mod_exp
-     method only got called if p,q,dmp1,dmq1,iqmp components were present,
-     otherwise bn_mod_exp was called. In the case of hardware keys for example
-     no private key components need be present and it might store extra data
-     in the RSA structure, which cannot be accessed from bn_mod_exp.
-     By setting RSA_FLAG_EXT_PKEY rsa_mod_exp will always be called for
-     private key operations.
-     [Steve Henson]
-
-  *) Added support for SPARC Linux.
-     [Andy Polyakov]
-
-  *) pem_password_cb function type incompatibly changed from
-          typedef int pem_password_cb(char *buf, int size, int rwflag);
-     to
-          ....(char *buf, int size, int rwflag, void *userdata);
-     so that applications can pass data to their callbacks:
-     The PEM[_ASN1]_{read,write}... functions and macros now take an
-     additional void * argument, which is just handed through whenever
-     the password callback is called.
-     [Damien Miller <dmiller at ilogic.com.au>; tiny changes by Bodo Moeller]
-
-     New function SSL_CTX_set_default_passwd_cb_userdata.
-
-     Compatibility note: As many C implementations push function arguments
-     onto the stack in reverse order, the new library version is likely to
-     interoperate with programs that have been compiled with the old
-     pem_password_cb definition (PEM_whatever takes some data that
-     happens to be on the stack as its last argument, and the callback
-     just ignores this garbage); but there is no guarantee whatsoever that
-     this will work.
-
-  *) The -DPLATFORM="\"$(PLATFORM)\"" definition and the similar -DCFLAGS=...
-     (both in crypto/Makefile.ssl for use by crypto/cversion.c) caused
-     problems not only on Windows, but also on some Unix platforms.
-     To avoid problematic command lines, these definitions are now in an
-     auto-generated file crypto/buildinf.h (created by crypto/Makefile.ssl
-     for standard "make" builds, by util/mk1mf.pl for "mk1mf" builds).
-     [Bodo Moeller]
-
-  *) MIPS III/IV assembler module is reimplemented.
-     [Andy Polyakov]
-
-  *) More DES library cleanups: remove references to srand/rand and
-     delete an unused file.
-     [Ulf Möller]
-
-  *) Add support for the the free Netwide assembler (NASM) under Win32,
-     since not many people have MASM (ml) and it can be hard to obtain.
-     This is currently experimental but it seems to work OK and pass all
-     the tests. Check out INSTALL.W32 for info.
-     [Steve Henson]
-
-  *) Fix memory leaks in s3_clnt.c: All non-anonymous SSL3/TLS1 connections
-     without temporary keys kept an extra copy of the server key,
-     and connections with temporary keys did not free everything in case
-     of an error.
-     [Bodo Moeller]
-
-  *) New function RSA_check_key and new openssl rsa option -check
-     for verifying the consistency of RSA keys.
-     [Ulf Moeller, Bodo Moeller]
-
-  *) Various changes to make Win32 compile work: 
-     1. Casts to avoid "loss of data" warnings in p5_crpt2.c
-     2. Change unsigned int to int in b_dump.c to avoid "signed/unsigned
-        comparison" warnings.
-     3. Add sk_<TYPE>_sort to DEF file generator and do make update.
-     [Steve Henson]
-
-  *) Add a debugging option to PKCS#5 v2 key generation function: when
-     you #define DEBUG_PKCS5V2 passwords, salts, iteration counts and
-     derived keys are printed to stderr.
-     [Steve Henson]
-
-  *) Copy the flags in ASN1_STRING_dup().
-     [Roman E. Pavlov <pre at mo.msk.ru>]
-
-  *) The x509 application mishandled signing requests containing DSA
-     keys when the signing key was also DSA and the parameters didn't match.
-
-     It was supposed to omit the parameters when they matched the signing key:
-     the verifying software was then supposed to automatically use the CA's
-     parameters if they were absent from the end user certificate.
-
-     Omitting parameters is no longer recommended. The test was also
-     the wrong way round! This was probably due to unusual behaviour in
-     EVP_cmp_parameters() which returns 1 if the parameters match. 
-     This meant that parameters were omitted when they *didn't* match and
-     the certificate was useless. Certificates signed with 'ca' didn't have
-     this bug.
-     [Steve Henson, reported by Doug Erickson <Doug.Erickson at Part.NET>]
-
-  *) Memory leak checking (-DCRYPTO_MDEBUG) had some problems.
-     The interface is as follows:
-     Applications can use
-         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) aka MemCheck_start(),
-         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) aka MemCheck_stop();
-     "off" is now the default.
-     The library internally uses
-         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) aka MemCheck_off(),
-         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE) aka MemCheck_on()
-     to disable memory-checking temporarily.
-
-     Some inconsistent states that previously were possible (and were
-     even the default) are now avoided.
-
-     -DCRYPTO_MDEBUG_TIME is new and additionally stores the current time
-     with each memory chunk allocated; this is occasionally more helpful
-     than just having a counter.
-
-     -DCRYPTO_MDEBUG_THREAD is also new and adds the thread ID.
-
-     -DCRYPTO_MDEBUG_ALL enables all of the above, plus any future
-     extensions.
-     [Bodo Moeller]
-
-  *) Introduce "mode" for SSL structures (with defaults in SSL_CTX),
-     which largely parallels "options", but is for changing API behaviour,
-     whereas "options" are about protocol behaviour.
-     Initial "mode" flags are:
-
-     SSL_MODE_ENABLE_PARTIAL_WRITE   Allow SSL_write to report success when
-                                     a single record has been written.
-     SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER  Don't insist that SSL_write
-                                     retries use the same buffer location.
-                                     (But all of the contents must be
-                                     copied!)
-     [Bodo Moeller]
-
-  *) Bugfix: SSL_set_options ignored its parameter, only SSL_CTX_set_options
-     worked.
-
-  *) Fix problems with no-hmac etc.
-     [Ulf Möller, pointed out by Brian Wellington <bwelling at tislabs.com>]
-
-  *) New functions RSA_get_default_method(), RSA_set_method() and
-     RSA_get_method(). These allows replacement of RSA_METHODs without having
-     to mess around with the internals of an RSA structure.
-     [Steve Henson]
-
-  *) Fix memory leaks in DSA_do_sign and DSA_is_prime.
-     Also really enable memory leak checks in openssl.c and in some
-     test programs.
-     [Chad C. Mulligan, Bodo Moeller]
-
-  *) Fix a bug in d2i_ASN1_INTEGER() and i2d_ASN1_INTEGER() which can mess
-     up the length of negative integers. This has now been simplified to just
-     store the length when it is first determined and use it later, rather
-     than trying to keep track of where data is copied and updating it to
-     point to the end.
-     [Steve Henson, reported by Brien Wheeler
-      <bwheeler at authentica-security.com>]
-
-  *) Add a new function PKCS7_signatureVerify. This allows the verification
-     of a PKCS#7 signature but with the signing certificate passed to the
-     function itself. This contrasts with PKCS7_dataVerify which assumes the
-     certificate is present in the PKCS#7 structure. This isn't always the
-     case: certificates can be omitted from a PKCS#7 structure and be
-     distributed by "out of band" means (such as a certificate database).
-     [Steve Henson]
-
-  *) Complete the PEM_* macros with DECLARE_PEM versions to replace the
-     function prototypes in pem.h, also change util/mkdef.pl to add the
-     necessary function names. 
-     [Steve Henson]
-
-  *) mk1mf.pl (used by Windows builds) did not properly read the
-     options set by Configure in the top level Makefile, and Configure
-     was not even able to write more than one option correctly.
-     Fixed, now "no-idea no-rc5 -DCRYPTO_MDEBUG" etc. works as intended.
-     [Bodo Moeller]
-
-  *) New functions CONF_load_bio() and CONF_load_fp() to allow a config
-     file to be loaded from a BIO or FILE pointer. The BIO version will
-     for example allow memory BIOs to contain config info.
-     [Steve Henson]
-
-  *) New function "CRYPTO_num_locks" that returns CRYPTO_NUM_LOCKS.
-     Whoever hopes to achieve shared-library compatibility across versions
-     must use this, not the compile-time macro.
-     (Exercise 0.9.4: Which is the minimum library version required by
-     such programs?)
-     Note: All this applies only to multi-threaded programs, others don't
-     need locks.
-     [Bodo Moeller]
-
-  *) Add missing case to s3_clnt.c state machine -- one of the new SSL tests
-     through a BIO pair triggered the default case, i.e.
-     SSLerr(...,SSL_R_UNKNOWN_STATE).
-     [Bodo Moeller]
-
-  *) New "BIO pair" concept (crypto/bio/bss_bio.c) so that applications
-     can use the SSL library even if none of the specific BIOs is
-     appropriate.
-     [Bodo Moeller]
-
-  *) Fix a bug in i2d_DSAPublicKey() which meant it returned the wrong value
-     for the encoded length.
-     [Jeon KyoungHo <khjeon at sds.samsung.co.kr>]
-
-  *) Add initial documentation of the X509V3 functions.
-     [Steve Henson]
-
-  *) Add a new pair of functions PEM_write_PKCS8PrivateKey() and 
-     PEM_write_bio_PKCS8PrivateKey() that are equivalent to
-     PEM_write_PrivateKey() and PEM_write_bio_PrivateKey() but use the more
-     secure PKCS#8 private key format with a high iteration count.
-     [Steve Henson]
-
-  *) Fix determination of Perl interpreter: A perl or perl5
-     _directory_ in $PATH was also accepted as the interpreter.
-     [Ralf S. Engelschall]
-
-  *) Fix demos/sign/sign.c: well there wasn't anything strictly speaking
-     wrong with it but it was very old and did things like calling
-     PEM_ASN1_read() directly and used MD5 for the hash not to mention some
-     unusual formatting.
-     [Steve Henson]
-
-  *) Fix demos/selfsign.c: it used obsolete and deleted functions, changed
-     to use the new extension code.
-     [Steve Henson]
-
-  *) Implement the PEM_read/PEM_write functions in crypto/pem/pem_all.c
-     with macros. This should make it easier to change their form, add extra
-     arguments etc. Fix a few PEM prototypes which didn't have cipher as a
-     constant.
-     [Steve Henson]
-
-  *) Add to configuration table a new entry that can specify an alternative
-     name for unistd.h (for pre-POSIX systems); we need this for NeXTstep,
-     according to Mark Crispin <MRC at Panda.COM>.
-     [Bodo Moeller]
-
-#if 0
-  *) DES CBC did not update the IV. Weird.
-     [Ben Laurie]
-#else
-     des_cbc_encrypt does not update the IV, but des_ncbc_encrypt does.
-     Changing the behaviour of the former might break existing programs --
-     where IV updating is needed, des_ncbc_encrypt can be used.
-#endif
-
-  *) When bntest is run from "make test" it drives bc to check its
-     calculations, as well as internally checking them. If an internal check
-     fails, it needs to cause bc to give a non-zero result or make test carries
-     on without noticing the failure. Fixed.
-     [Ben Laurie]
-
-  *) DES library cleanups.
-     [Ulf Möller]
-
-  *) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be
-     used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit
-     ciphers. NOTE: although the key derivation function has been verified
-     against some published test vectors it has not been extensively tested
-     yet. Added a -v2 "cipher" option to pkcs8 application to allow the use
-     of v2.0.
-     [Steve Henson]
-
-  *) Instead of "mkdir -p", which is not fully portable, use new
-     Perl script "util/mkdir-p.pl".
-     [Bodo Moeller]
-
-  *) Rewrite the way password based encryption (PBE) is handled. It used to
-     assume that the ASN1 AlgorithmIdentifier parameter was a PBEParameter
-     structure. This was true for the PKCS#5 v1.5 and PKCS#12 PBE algorithms
-     but doesn't apply to PKCS#5 v2.0 where it can be something else. Now
-     the 'parameter' field of the AlgorithmIdentifier is passed to the
-     underlying key generation function so it must do its own ASN1 parsing.
-     This has also changed the EVP_PBE_CipherInit() function which now has a
-     'parameter' argument instead of literal salt and iteration count values
-     and the function EVP_PBE_ALGOR_CipherInit() has been deleted.
-     [Steve Henson]
-
-  *) Support for PKCS#5 v1.5 compatible password based encryption algorithms
-     and PKCS#8 functionality. New 'pkcs8' application linked to openssl.
-     Needed to change the PEM_STRING_EVP_PKEY value which was just "PRIVATE
-     KEY" because this clashed with PKCS#8 unencrypted string. Since this
-     value was just used as a "magic string" and not used directly its
-     value doesn't matter.
-     [Steve Henson]
-
-  *) Introduce some semblance of const correctness to BN. Shame C doesn't
-     support mutable.
-     [Ben Laurie]
-
-  *) "linux-sparc64" configuration (ultrapenguin).
-     [Ray Miller <ray.miller at oucs.ox.ac.uk>]
-     "linux-sparc" configuration.
-     [Christian Forster <fo at hawo.stw.uni-erlangen.de>]
-
-  *) config now generates no-xxx options for missing ciphers.
-     [Ulf Möller]
-
-  *) Support the EBCDIC character set (work in progress).
-     File ebcdic.c not yet included because it has a different license.
-     [Martin Kraemer <Martin.Kraemer at MchP.Siemens.De>]
-
-  *) Support BS2000/OSD-POSIX.
-     [Martin Kraemer <Martin.Kraemer at MchP.Siemens.De>]
-
-  *) Make callbacks for key generation use void * instead of char *.
-     [Ben Laurie]
-
-  *) Make S/MIME samples compile (not yet tested).
-     [Ben Laurie]
-
-  *) Additional typesafe stacks.
-     [Ben Laurie]
-
-  *) New configuration variants "bsdi-elf-gcc" (BSD/OS 4.x).
-     [Bodo Moeller]
-
-
- Changes between 0.9.3 and 0.9.3a  [29 May 1999]
-
-  *) New configuration variant "sco5-gcc".
-
-  *) Updated some demos.
-     [Sean O Riordain, Wade Scholine]
-
-  *) Add missing BIO_free at exit of pkcs12 application.
-     [Wu Zhigang]
-
-  *) Fix memory leak in conf.c.
-     [Steve Henson]
-
-  *) Updates for Win32 to assembler version of MD5.
-     [Steve Henson]
-
-  *) Set #! path to perl in apps/der_chop to where we found it
-     instead of using a fixed path.
-     [Bodo Moeller]
-
-  *) SHA library changes for irix64-mips4-cc.
-     [Andy Polyakov]
-
-  *) Improvements for VMS support.
-     [Richard Levitte]
-
-
- Changes between 0.9.2b and 0.9.3  [24 May 1999]
-
-  *) Bignum library bug fix. IRIX 6 passes "make test" now!
-     This also avoids the problems with SC4.2 and unpatched SC5.  
-     [Andy Polyakov <appro at fy.chalmers.se>]
-
-  *) New functions sk_num, sk_value and sk_set to replace the previous macros.
-     These are required because of the typesafe stack would otherwise break 
-     existing code. If old code used a structure member which used to be STACK
-     and is now STACK_OF (for example cert in a PKCS7_SIGNED structure) with
-     sk_num or sk_value it would produce an error because the num, data members
-     are not present in STACK_OF. Now it just produces a warning. sk_set
-     replaces the old method of assigning a value to sk_value
-     (e.g. sk_value(x, i) = y) which the library used in a few cases. Any code
-     that does this will no longer work (and should use sk_set instead) but
-     this could be regarded as a "questionable" behaviour anyway.
-     [Steve Henson]
-
-  *) Fix most of the other PKCS#7 bugs. The "experimental" code can now
-     correctly handle encrypted S/MIME data.
-     [Steve Henson]
-
-  *) Change type of various DES function arguments from des_cblock
-     (which means, in function argument declarations, pointer to char)
-     to des_cblock * (meaning pointer to array with 8 char elements),
-     which allows the compiler to do more typechecking; it was like
-     that back in SSLeay, but with lots of ugly casts.
-
-     Introduce new type const_des_cblock.
-     [Bodo Moeller]
-
-  *) Reorganise the PKCS#7 library and get rid of some of the more obvious
-     problems: find RecipientInfo structure that matches recipient certificate
-     and initialise the ASN1 structures properly based on passed cipher.
-     [Steve Henson]
-
-  *) Belatedly make the BN tests actually check the results.
-     [Ben Laurie]
-
-  *) Fix the encoding and decoding of negative ASN1 INTEGERS and conversion
-     to and from BNs: it was completely broken. New compilation option
-     NEG_PUBKEY_BUG to allow for some broken certificates that encode public
-     key elements as negative integers.
-     [Steve Henson]
-
-  *) Reorganize and speed up MD5.
-     [Andy Polyakov <appro at fy.chalmers.se>]
-
-  *) VMS support.
-     [Richard Levitte <richard at levitte.org>]
-
-  *) New option -out to asn1parse to allow the parsed structure to be
-     output to a file. This is most useful when combined with the -strparse
-     option to examine the output of things like OCTET STRINGS.
-     [Steve Henson]
-
-  *) Make SSL library a little more fool-proof by not requiring any longer
-     that SSL_set_{accept,connect}_state be called before
-     SSL_{accept,connect} may be used (SSL_set_..._state is omitted
-     in many applications because usually everything *appeared* to work as
-     intended anyway -- now it really works as intended).
-     [Bodo Moeller]
-
-  *) Move openssl.cnf out of lib/.
-     [Ulf Möller]
-
-  *) Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall
-     -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes
-     -Wmissing-declarations -Wnested-externs -Winline'' with EGCS 1.1.2+ 
-     [Ralf S. Engelschall]
-
-  *) Various fixes to the EVP and PKCS#7 code. It may now be able to
-     handle PKCS#7 enveloped data properly.
-     [Sebastian Akerman <sak at parallelconsulting.com>, modified by Steve]
-
-  *) Create a duplicate of the SSL_CTX's CERT in SSL_new instead of
-     copying pointers.  The cert_st handling is changed by this in
-     various ways (and thus what used to be known as ctx->default_cert
-     is now called ctx->cert, since we don't resort to s->ctx->[default_]cert
-     any longer when s->cert does not give us what we need).
-     ssl_cert_instantiate becomes obsolete by this change.
-     As soon as we've got the new code right (possibly it already is?),
-     we have solved a couple of bugs of the earlier code where s->cert
-     was used as if it could not have been shared with other SSL structures.
-
-     Note that using the SSL API in certain dirty ways now will result
-     in different behaviour than observed with earlier library versions:
-     Changing settings for an SSL_CTX *ctx after having done s = SSL_new(ctx)
-     does not influence s as it used to.
-     
-     In order to clean up things more thoroughly, inside SSL_SESSION
-     we don't use CERT any longer, but a new structure SESS_CERT
-     that holds per-session data (if available); currently, this is
-     the peer's certificate chain and, for clients, the server's certificate
-     and temporary key.  CERT holds only those values that can have
-     meaningful defaults in an SSL_CTX.
-     [Bodo Moeller]
-
-  *) New function X509V3_EXT_i2d() to create an X509_EXTENSION structure
-     from the internal representation. Various PKCS#7 fixes: remove some
-     evil casts and set the enc_dig_alg field properly based on the signing
-     key type.
-     [Steve Henson]
-
-  *) Allow PKCS#12 password to be set from the command line or the
-     environment. Let 'ca' get its config file name from the environment
-     variables "OPENSSL_CONF" or "SSLEAY_CONF" (for consistency with 'req'
-     and 'x509').
-     [Steve Henson]
-
-  *) Allow certificate policies extension to use an IA5STRING for the
-     organization field. This is contrary to the PKIX definition but
-     VeriSign uses it and IE5 only recognises this form. Document 'x509'
-     extension option.
-     [Steve Henson]
-
-  *) Add PEDANTIC compiler flag to allow compilation with gcc -pedantic,
-     without disallowing inline assembler and the like for non-pedantic builds.
-     [Ben Laurie]
-
-  *) Support Borland C++ builder.
-     [Janez Jere <jj at void.si>, modified by Ulf Möller]
-
-  *) Support Mingw32.
-     [Ulf Möller]
-
-  *) SHA-1 cleanups and performance enhancements.
-     [Andy Polyakov <appro at fy.chalmers.se>]
-
-  *) Sparc v8plus assembler for the bignum library.
-     [Andy Polyakov <appro at fy.chalmers.se>]
-
-  *) Accept any -xxx and +xxx compiler options in Configure.
-     [Ulf Möller]
-
-  *) Update HPUX configuration.
-     [Anonymous]
-  
-  *) Add missing sk_<type>_unshift() function to safestack.h
-     [Ralf S. Engelschall]
-
-  *) New function SSL_CTX_use_certificate_chain_file that sets the
-     "extra_cert"s in addition to the certificate.  (This makes sense
-     only for "PEM" format files, as chains as a whole are not
-     DER-encoded.)
-     [Bodo Moeller]
-
-  *) Support verify_depth from the SSL API.
-     x509_vfy.c had what can be considered an off-by-one-error:
-     Its depth (which was not part of the external interface)
-     was actually counting the number of certificates in a chain;
-     now it really counts the depth.
-     [Bodo Moeller]
-
-  *) Bugfix in crypto/x509/x509_cmp.c: The SSLerr macro was used
-     instead of X509err, which often resulted in confusing error
-     messages since the error codes are not globally unique
-     (e.g. an alleged error in ssl3_accept when a certificate
-     didn't match the private key).
-
-  *) New function SSL_CTX_set_session_id_context that allows to set a default
-     value (so that you don't need SSL_set_session_id_context for each
-     connection using the SSL_CTX).
-     [Bodo Moeller]
-
-  *) OAEP decoding bug fix.
-     [Ulf Möller]
-
-  *) Support INSTALL_PREFIX for package builders, as proposed by
-     David Harris.
-     [Bodo Moeller]
-
-  *) New Configure options "threads" and "no-threads".  For systems
-     where the proper compiler options are known (currently Solaris
-     and Linux), "threads" is the default.
-     [Bodo Moeller]
-
-  *) New script util/mklink.pl as a faster substitute for util/mklink.sh.
-     [Bodo Moeller]
-
-  *) Install various scripts to $(OPENSSLDIR)/misc, not to
-     $(INSTALLTOP)/bin -- they shouldn't clutter directories
-     such as /usr/local/bin.
-     [Bodo Moeller]
-
-  *) "make linux-shared" to build shared libraries.
-     [Niels Poppe <niels at netbox.org>]
-
-  *) New Configure option no-<cipher> (rsa, idea, rc5, ...).
-     [Ulf Möller]
-
-  *) Add the PKCS#12 API documentation to openssl.txt. Preliminary support for
-     extension adding in x509 utility.
-     [Steve Henson]
-
-  *) Remove NOPROTO sections and error code comments.
-     [Ulf Möller]
-
-  *) Partial rewrite of the DEF file generator to now parse the ANSI
-     prototypes.
-     [Steve Henson]
-
-  *) New Configure options --prefix=DIR and --openssldir=DIR.
-     [Ulf Möller]
-
-  *) Complete rewrite of the error code script(s). It is all now handled
-     by one script at the top level which handles error code gathering,
-     header rewriting and C source file generation. It should be much better
-     than the old method: it now uses a modified version of Ulf's parser to
-     read the ANSI prototypes in all header files (thus the old K&R definitions
-     aren't needed for error creation any more) and do a better job of
-     translating function codes into names. The old 'ASN1 error code imbedded
-     in a comment' is no longer necessary and it doesn't use .err files which
-     have now been deleted. Also the error code call doesn't have to appear all
-     on one line (which resulted in some large lines...).
-     [Steve Henson]
-
-  *) Change #include filenames from <foo.h> to <openssl/foo.h>.
-     [Bodo Moeller]
-
-  *) Change behaviour of ssl2_read when facing length-0 packets: Don't return
-     0 (which usually indicates a closed connection), but continue reading.
-     [Bodo Moeller]
-
-  *) Fix some race conditions.
-     [Bodo Moeller]
-
-  *) Add support for CRL distribution points extension. Add Certificate
-     Policies and CRL distribution points documentation.
-     [Steve Henson]
-
-  *) Move the autogenerated header file parts to crypto/opensslconf.h.
-     [Ulf Möller]
-
-  *) Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of
-     8 of keying material. Merlin has also confirmed interop with this fix
-     between OpenSSL and Baltimore C/SSL 2.0 and J/SSL 2.0.
-     [Merlin Hughes <merlin at baltimore.ie>]
-
-  *) Fix lots of warnings.
-     [Richard Levitte <levitte at stacken.kth.se>]
- 
-  *) In add_cert_dir() in crypto/x509/by_dir.c, break out of the loop if
-     the directory spec didn't end with a LIST_SEPARATOR_CHAR.
-     [Richard Levitte <levitte at stacken.kth.se>]
- 
-  *) Fix problems with sizeof(long) == 8.
-     [Andy Polyakov <appro at fy.chalmers.se>]
-
-  *) Change functions to ANSI C.
-     [Ulf Möller]
-
-  *) Fix typos in error codes.
-     [Martin Kraemer <Martin.Kraemer at MchP.Siemens.De>, Ulf Möller]
-
-  *) Remove defunct assembler files from Configure.
-     [Ulf Möller]
-
-  *) SPARC v8 assembler BIGNUM implementation.
-     [Andy Polyakov <appro at fy.chalmers.se>]
-
-  *) Support for Certificate Policies extension: both print and set.
-     Various additions to support the r2i method this uses.
-     [Steve Henson]
-
-  *) A lot of constification, and fix a bug in X509_NAME_oneline() that could
-     return a const string when you are expecting an allocated buffer.
-     [Ben Laurie]
-
-  *) Add support for ASN1 types UTF8String and VISIBLESTRING, also the CHOICE
-     types DirectoryString and DisplayText.
-     [Steve Henson]
-
-  *) Add code to allow r2i extensions to access the configuration database,
-     add an LHASH database driver and add several ctx helper functions.
-     [Steve Henson]
-
-  *) Fix an evil bug in bn_expand2() which caused various BN functions to
-     fail when they extended the size of a BIGNUM.
-     [Steve Henson]
-
-  *) Various utility functions to handle SXNet extension. Modify mkdef.pl to
-     support typesafe stack.
-     [Steve Henson]
-
-  *) Fix typo in SSL_[gs]et_options().
-     [Nils Frostberg <nils at medcom.se>]
-
-  *) Delete various functions and files that belonged to the (now obsolete)
-     old X509V3 handling code.
-     [Steve Henson]
-
-  *) New Configure option "rsaref".
-     [Ulf Möller]
-
-  *) Don't auto-generate pem.h.
-     [Bodo Moeller]
-
-  *) Introduce type-safe ASN.1 SETs.
-     [Ben Laurie]
-
-  *) Convert various additional casted stacks to type-safe STACK_OF() variants.
-     [Ben Laurie, Ralf S. Engelschall, Steve Henson]
-
-  *) Introduce type-safe STACKs. This will almost certainly break lots of code
-     that links with OpenSSL (well at least cause lots of warnings), but fear
-     not: the conversion is trivial, and it eliminates loads of evil casts. A
-     few STACKed things have been converted already. Feel free to convert more.
-     In the fullness of time, I'll do away with the STACK type altogether.
-     [Ben Laurie]
-
-  *) Add `openssl ca -revoke <certfile>' facility which revokes a certificate
-     specified in <certfile> by updating the entry in the index.txt file.
-     This way one no longer has to edit the index.txt file manually for
-     revoking a certificate. The -revoke option does the gory details now.
-     [Massimiliano Pala <madwolf at openca.org>, Ralf S. Engelschall]
-
-  *) Fix `openssl crl -noout -text' combination where `-noout' killed the
-     `-text' option at all and this way the `-noout -text' combination was
-     inconsistent in `openssl crl' with the friends in `openssl x509|rsa|dsa'.
-     [Ralf S. Engelschall]
-
-  *) Make sure a corresponding plain text error message exists for the
-     X509_V_ERR_CERT_REVOKED/23 error number which can occur when a
-     verify callback function determined that a certificate was revoked.
-     [Ralf S. Engelschall]
-
-  *) Bugfix: In test/testenc, don't test "openssl <cipher>" for
-     ciphers that were excluded, e.g. by -DNO_IDEA.  Also, test
-     all available cipers including rc5, which was forgotten until now.
-     In order to let the testing shell script know which algorithms
-     are available, a new (up to now undocumented) command
-     "openssl list-cipher-commands" is used.
-     [Bodo Moeller]
-
-  *) Bugfix: s_client occasionally would sleep in select() when
-     it should have checked SSL_pending() first.
-     [Bodo Moeller]
-
-  *) New functions DSA_do_sign and DSA_do_verify to provide access to
-     the raw DSA values prior to ASN.1 encoding.
-     [Ulf Möller]
-
-  *) Tweaks to Configure
-     [Niels Poppe <niels at netbox.org>]
-
-  *) Add support for PKCS#5 v2.0 ASN1 PBES2 structures. No other support,
-     yet...
-     [Steve Henson]
-
-  *) New variables $(RANLIB) and $(PERL) in the Makefiles.
-     [Ulf Möller]
-
-  *) New config option to avoid instructions that are illegal on the 80386.
-     The default code is faster, but requires at least a 486.
-     [Ulf Möller]
-  
-  *) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and
-     SSL2_SERVER_VERSION (not used at all) macros, which are now the
-     same as SSL2_VERSION anyway.
-     [Bodo Moeller]
-
-  *) New "-showcerts" option for s_client.
-     [Bodo Moeller]
-
-  *) Still more PKCS#12 integration. Add pkcs12 application to openssl
-     application. Various cleanups and fixes.
-     [Steve Henson]
-
-  *) More PKCS#12 integration. Add new pkcs12 directory with Makefile.ssl and
-     modify error routines to work internally. Add error codes and PBE init
-     to library startup routines.
-     [Steve Henson]
-
-  *) Further PKCS#12 integration. Added password based encryption, PKCS#8 and
-     packing functions to asn1 and evp. Changed function names and error
-     codes along the way.
-     [Steve Henson]
-
-  *) PKCS12 integration: and so it begins... First of several patches to
-     slowly integrate PKCS#12 functionality into OpenSSL. Add PKCS#12
-     objects to objects.h
-     [Steve Henson]
-
-  *) Add a new 'indent' option to some X509V3 extension code. Initial ASN1
-     and display support for Thawte strong extranet extension.
-     [Steve Henson]
-
-  *) Add LinuxPPC support.
-     [Jeff Dubrule <igor at pobox.org>]
-
-  *) Get rid of redundant BN file bn_mulw.c, and rename bn_div64 to
-     bn_div_words in alpha.s.
-     [Hannes Reinecke <H.Reinecke at hw.ac.uk> and Ben Laurie]
-
-  *) Make sure the RSA OAEP test is skipped under -DRSAref because
-     OAEP isn't supported when OpenSSL is built with RSAref.
-     [Ulf Moeller <ulf at fitug.de>]
-
-  *) Move definitions of IS_SET/IS_SEQUENCE inside crypto/asn1/asn1.h 
-     so they no longer are missing under -DNOPROTO. 
-     [Soren S. Jorvang <soren at t.dk>]
-
-
- Changes between 0.9.1c and 0.9.2b  [22 Mar 1999]
-
-  *) Make SSL_get_peer_cert_chain() work in servers. Unfortunately, it still
-     doesn't work when the session is reused. Coming soon!
-     [Ben Laurie]
-
-  *) Fix a security hole, that allows sessions to be reused in the wrong
-     context thus bypassing client cert protection! All software that uses
-     client certs and session caches in multiple contexts NEEDS PATCHING to
-     allow session reuse! A fuller solution is in the works.
-     [Ben Laurie, problem pointed out by Holger Reif, Bodo Moeller (and ???)]
-
-  *) Some more source tree cleanups (removed obsolete files
-     crypto/bf/asm/bf586.pl, test/test.txt and crypto/sha/asm/f.s; changed
-     permission on "config" script to be executable) and a fix for the INSTALL
-     document.
-     [Ulf Moeller <ulf at fitug.de>]
-
-  *) Remove some legacy and erroneous uses of malloc, free instead of
-     Malloc, Free.
-     [Lennart Bang <lob at netstream.se>, with minor changes by Steve]
-
-  *) Make rsa_oaep_test return non-zero on error.
-     [Ulf Moeller <ulf at fitug.de>]
-
-  *) Add support for native Solaris shared libraries. Configure
-     solaris-sparc-sc4-pic, make, then run shlib/solaris-sc4.sh. It'd be nice
-     if someone would make that last step automatic.
-     [Matthias Loepfe <Matthias.Loepfe at AdNovum.CH>]
-
-  *) ctx_size was not built with the right compiler during "make links". Fixed.
-     [Ben Laurie]
-
-  *) Change the meaning of 'ALL' in the cipher list. It now means "everything
-     except NULL ciphers". This means the default cipher list will no longer
-     enable NULL ciphers. They need to be specifically enabled e.g. with
-     the string "DEFAULT:eNULL".
-     [Steve Henson]
-
-  *) Fix to RSA private encryption routines: if p < q then it would
-     occasionally produce an invalid result. This will only happen with
-     externally generated keys because OpenSSL (and SSLeay) ensure p > q.
-     [Steve Henson]
-
-  *) Be less restrictive and allow also `perl util/perlpath.pl
-     /path/to/bin/perl' in addition to `perl util/perlpath.pl /path/to/bin',
-     because this way one can also use an interpreter named `perl5' (which is
-     usually the name of Perl 5.xxx on platforms where an Perl 4.x is still
-     installed as `perl').
-     [Matthias Loepfe <Matthias.Loepfe at adnovum.ch>]
-
-  *) Let util/clean-depend.pl work also with older Perl 5.00x versions.
-     [Matthias Loepfe <Matthias.Loepfe at adnovum.ch>]
-
-  *) Fix Makefile.org so CC,CFLAG etc are passed to 'make links' add
-     advapi32.lib to Win32 build and change the pem test comparision
-     to fc.exe (thanks to Ulrich Kroener <kroneru at yahoo.com> for the
-     suggestion). Fix misplaced ASNI prototypes and declarations in evp.h
-     and crypto/des/ede_cbcm_enc.c.
-     [Steve Henson]
-
-  *) DES quad checksum was broken on big-endian architectures. Fixed.
-     [Ben Laurie]
-
-  *) Comment out two functions in bio.h that aren't implemented. Fix up the
-     Win32 test batch file so it (might) work again. The Win32 test batch file
-     is horrible: I feel ill....
-     [Steve Henson]
-
-  *) Move various #ifdefs around so NO_SYSLOG, NO_DIRENT etc are now selected
-     in e_os.h. Audit of header files to check ANSI and non ANSI
-     sections: 10 functions were absent from non ANSI section and not exported
-     from Windows DLLs. Fixed up libeay.num for new functions.
-     [Steve Henson]
-
-  *) Make `openssl version' output lines consistent.
-     [Ralf S. Engelschall]
-
-  *) Fix Win32 symbol export lists for BIO functions: Added
-     BIO_get_ex_new_index, BIO_get_ex_num, BIO_get_ex_data and BIO_set_ex_data
-     to ms/libeay{16,32}.def.
-     [Ralf S. Engelschall]
-
-  *) Second round of fixing the OpenSSL perl/ stuff. It now at least compiled
-     fine under Unix and passes some trivial tests I've now added. But the
-     whole stuff is horribly incomplete, so a README.1ST with a disclaimer was
-     added to make sure no one expects that this stuff really works in the
-     OpenSSL 0.9.2 release.  Additionally I've started to clean the XS sources
-     up and fixed a few little bugs and inconsistencies in OpenSSL.{pm,xs} and
-     openssl_bio.xs.
-     [Ralf S. Engelschall]
-
-  *) Fix the generation of two part addresses in perl.
-     [Kenji Miyake <kenji at miyake.org>, integrated by Ben Laurie]
-
-  *) Add config entry for Linux on MIPS.
-     [John Tobey <jtobey at channel1.com>]
-
-  *) Make links whenever Configure is run, unless we are on Windoze.
-     [Ben Laurie]
-
-  *) Permit extensions to be added to CRLs using crl_section in openssl.cnf.
-     Currently only issuerAltName and AuthorityKeyIdentifier make any sense
-     in CRLs.
-     [Steve Henson]
-
-  *) Add a useful kludge to allow package maintainers to specify compiler and
-     other platforms details on the command line without having to patch the
-     Configure script everytime: One now can use ``perl Configure
-     <id>:<details>'', i.e. platform ids are allowed to have details appended
-     to them (seperated by colons). This is treated as there would be a static
-     pre-configured entry in Configure's %table under key <id> with value
-     <details> and ``perl Configure <id>'' is called.  So, when you want to
-     perform a quick test-compile under FreeBSD 3.1 with pgcc and without
-     assembler stuff you can use ``perl Configure "FreeBSD-elf:pgcc:-O6:::"''
-     now, which overrides the FreeBSD-elf entry on-the-fly.
-     [Ralf S. Engelschall]
-
-  *) Disable new TLS1 ciphersuites by default: they aren't official yet.
-     [Ben Laurie]
-
-  *) Allow DSO flags like -fpic, -fPIC, -KPIC etc. to be specified
-     on the `perl Configure ...' command line. This way one can compile
-     OpenSSL libraries with Position Independent Code (PIC) which is needed
-     for linking it into DSOs.
-     [Ralf S. Engelschall]
-
-  *) Remarkably, export ciphers were totally broken and no-one had noticed!
-     Fixed.
-     [Ben Laurie]
-
-  *) Cleaned up the LICENSE document: The official contact for any license
-     questions now is the OpenSSL core team under openssl-core at openssl.org.
-     And add a paragraph about the dual-license situation to make sure people
-     recognize that _BOTH_ the OpenSSL license _AND_ the SSLeay license apply
-     to the OpenSSL toolkit.
-     [Ralf S. Engelschall]
-
-  *) General source tree makefile cleanups: Made `making xxx in yyy...'
-     display consistent in the source tree and replaced `/bin/rm' by `rm'.
-     Additonally cleaned up the `make links' target: Remove unnecessary
-     semicolons, subsequent redundant removes, inline point.sh into mklink.sh
-     to speed processing and no longer clutter the display with confusing
-     stuff. Instead only the actually done links are displayed.
-     [Ralf S. Engelschall]
-
-  *) Permit null encryption ciphersuites, used for authentication only. It used
-     to be necessary to set the preprocessor define SSL_ALLOW_ENULL to do this.
-     It is now necessary to set SSL_FORBID_ENULL to prevent the use of null
-     encryption.
-     [Ben Laurie]
-
-  *) Add a bunch of fixes to the PKCS#7 stuff. It used to sometimes reorder
-     signed attributes when verifying signatures (this would break them), 
-     the detached data encoding was wrong and public keys obtained using
-     X509_get_pubkey() weren't freed.
-     [Steve Henson]
-
-  *) Add text documentation for the BUFFER functions. Also added a work around
-     to a Win95 console bug. This was triggered by the password read stuff: the
-     last character typed gets carried over to the next fread(). If you were 
-     generating a new cert request using 'req' for example then the last
-     character of the passphrase would be CR which would then enter the first
-     field as blank.
-     [Steve Henson]
-
-  *) Added the new `Includes OpenSSL Cryptography Software' button as
-     doc/openssl_button.{gif,html} which is similar in style to the old SSLeay
-     button and can be used by applications based on OpenSSL to show the
-     relationship to the OpenSSL project.  
-     [Ralf S. Engelschall]
-
-  *) Remove confusing variables in function signatures in files
-     ssl/ssl_lib.c and ssl/ssl.h.
-     [Lennart Bong <lob at kulthea.stacken.kth.se>]
-
-  *) Don't install bss_file.c under PREFIX/include/
-     [Lennart Bong <lob at kulthea.stacken.kth.se>]
-
-  *) Get the Win32 compile working again. Modify mkdef.pl so it can handle
-     functions that return function pointers and has support for NT specific
-     stuff. Fix mk1mf.pl and VC-32.pl to support NT differences also. Various
-     #ifdef WIN32 and WINNTs sprinkled about the place and some changes from
-     unsigned to signed types: this was killing the Win32 compile.
-     [Steve Henson]
-
-  *) Add new certificate file to stack functions,
-     SSL_add_dir_cert_subjects_to_stack() and
-     SSL_add_file_cert_subjects_to_stack().  These largely supplant
-     SSL_load_client_CA_file(), and can be used to add multiple certs easily
-     to a stack (usually this is then handed to SSL_CTX_set_client_CA_list()).
-     This means that Apache-SSL and similar packages don't have to mess around
-     to add as many CAs as they want to the preferred list.
-     [Ben Laurie]
-
-  *) Experiment with doxygen documentation. Currently only partially applied to
-     ssl/ssl_lib.c.
-     See http://www.stack.nl/~dimitri/doxygen/index.html, and run doxygen with
-     openssl.doxy as the configuration file.
-     [Ben Laurie]
-  
-  *) Get rid of remaining C++-style comments which strict C compilers hate.
-     [Ralf S. Engelschall, pointed out by Carlos Amengual]
-
-  *) Changed BN_RECURSION in bn_mont.c to BN_RECURSION_MONT so it is not
-     compiled in by default: it has problems with large keys.
-     [Steve Henson]
-
-  *) Add a bunch of SSL_xxx() functions for configuring the temporary RSA and
-     DH private keys and/or callback functions which directly correspond to
-     their SSL_CTX_xxx() counterparts but work on a per-connection basis. This
-     is needed for applications which have to configure certificates on a
-     per-connection basis (e.g. Apache+mod_ssl) instead of a per-context basis
-     (e.g. s_server). 
-        For the RSA certificate situation is makes no difference, but
-     for the DSA certificate situation this fixes the "no shared cipher"
-     problem where the OpenSSL cipher selection procedure failed because the
-     temporary keys were not overtaken from the context and the API provided
-     no way to reconfigure them. 
-        The new functions now let applications reconfigure the stuff and they
-     are in detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh,
-     SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback.  Additionally a new
-     non-public-API function ssl_cert_instantiate() is used as a helper
-     function and also to reduce code redundancy inside ssl_rsa.c.
-     [Ralf S. Engelschall]
-
-  *) Move s_server -dcert and -dkey options out of the undocumented feature
-     area because they are useful for the DSA situation and should be
-     recognized by the users.
-     [Ralf S. Engelschall]
-
-  *) Fix the cipher decision scheme for export ciphers: the export bits are
-     *not* within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within
-     SSL_EXP_MASK.  So, the original variable has to be used instead of the
-     already masked variable.
-     [Richard Levitte <levitte at stacken.kth.se>]
-
-  *) Fix 'port' variable from `int' to `unsigned int' in crypto/bio/b_sock.c
-     [Richard Levitte <levitte at stacken.kth.se>]
-
-  *) Change type of another md_len variable in pk7_doit.c:PKCS7_dataFinal()
-     from `int' to `unsigned int' because it's a length and initialized by
-     EVP_DigestFinal() which expects an `unsigned int *'.
-     [Richard Levitte <levitte at stacken.kth.se>]
-
-  *) Don't hard-code path to Perl interpreter on shebang line of Configure
-     script. Instead use the usual Shell->Perl transition trick.
-     [Ralf S. Engelschall]
-
-  *) Make `openssl x509 -noout -modulus' functional also for DSA certificates
-     (in addition to RSA certificates) to match the behaviour of `openssl dsa
-     -noout -modulus' as it's already the case for `openssl rsa -noout
-     -modulus'.  For RSA the -modulus is the real "modulus" while for DSA
-     currently the public key is printed (a decision which was already done by
-     `openssl dsa -modulus' in the past) which serves a similar purpose.
-     Additionally the NO_RSA no longer completely removes the whole -modulus
-     option; it now only avoids using the RSA stuff. Same applies to NO_DSA
-     now, too.
-     [Ralf S.  Engelschall]
-
-  *) Add Arne Ansper's reliable BIO - this is an encrypted, block-digested
-     BIO. See the source (crypto/evp/bio_ok.c) for more info.
-     [Arne Ansper <arne at ats.cyber.ee>]
-
-  *) Dump the old yucky req code that tried (and failed) to allow raw OIDs
-     to be added. Now both 'req' and 'ca' can use new objects defined in the
-     config file.
-     [Steve Henson]
-
-  *) Add cool BIO that does syslog (or event log on NT).
-     [Arne Ansper <arne at ats.cyber.ee>, integrated by Ben Laurie]
-
-  *) Add support for new TLS ciphersuites, TLS_RSA_EXPORT56_WITH_RC4_56_MD5,
-     TLS_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 and
-     TLS_RSA_EXPORT56_WITH_DES_CBC_SHA, as specified in "56-bit Export Cipher
-     Suites For TLS", draft-ietf-tls-56-bit-ciphersuites-00.txt.
-     [Ben Laurie]
-
-  *) Add preliminary config info for new extension code.
-     [Steve Henson]
-
-  *) Make RSA_NO_PADDING really use no padding.
-     [Ulf Moeller <ulf at fitug.de>]
-
-  *) Generate errors when private/public key check is done.
-     [Ben Laurie]
-
-  *) Overhaul for 'crl' utility. New function X509_CRL_print. Partial support
-     for some CRL extensions and new objects added.
-     [Steve Henson]
-
-  *) Really fix the ASN1 IMPLICIT bug this time... Partial support for private
-     key usage extension and fuller support for authority key id.
-     [Steve Henson]
-
-  *) Add OAEP encryption for the OpenSSL crypto library. OAEP is the improved
-     padding method for RSA, which is recommended for new applications in PKCS
-     #1 v2.0 (RFC 2437, October 1998).
-     OAEP (Optimal Asymmetric Encryption Padding) has better theoretical
-     foundations than the ad-hoc padding used in PKCS #1 v1.5. It is secure
-     against Bleichbacher's attack on RSA.
-     [Ulf Moeller <ulf at fitug.de>, reformatted, corrected and integrated by
-      Ben Laurie]
-
-  *) Updates to the new SSL compression code
-     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
-
-  *) Fix so that the version number in the master secret, when passed
-     via RSA, checks that if TLS was proposed, but we roll back to SSLv3
-     (because the server will not accept higher), that the version number
-     is 0x03,0x01, not 0x03,0x00
-     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
-
-  *) Run extensive memory leak checks on SSL apps. Fixed *lots* of memory
-     leaks in ssl/ relating to new X509_get_pubkey() behaviour. Also fixes
-     in apps/ and an unrelated leak in crypto/dsa/dsa_vrf.c
-     [Steve Henson]
-
-  *) Support for RAW extensions where an arbitrary extension can be
-     created by including its DER encoding. See apps/openssl.cnf for
-     an example.
-     [Steve Henson]
-
-  *) Make sure latest Perl versions don't interpret some generated C array
-     code as Perl array code in the crypto/err/err_genc.pl script.
-     [Lars Weber <3weber at informatik.uni-hamburg.de>]
-
-  *) Modify ms/do_ms.bat to not generate assembly language makefiles since
-     not many people have the assembler. Various Win32 compilation fixes and
-     update to the INSTALL.W32 file with (hopefully) more accurate Win32
-     build instructions.
-     [Steve Henson]
-
-  *) Modify configure script 'Configure' to automatically create crypto/date.h
-     file under Win32 and also build pem.h from pem.org. New script
-     util/mkfiles.pl to create the MINFO file on environments that can't do a
-     'make files': perl util/mkfiles.pl >MINFO should work.
-     [Steve Henson]
-
-  *) Major rework of DES function declarations, in the pursuit of correctness
-     and purity. As a result, many evil casts evaporated, and some weirdness,
-     too. You may find this causes warnings in your code. Zapping your evil
-     casts will probably fix them. Mostly.
-     [Ben Laurie]
-
-  *) Fix for a typo in asn1.h. Bug fix to object creation script
-     obj_dat.pl. It considered a zero in an object definition to mean
-     "end of object": none of the objects in objects.h have any zeros
-     so it wasn't spotted.
-     [Steve Henson, reported by Erwann ABALEA <eabalea at certplus.com>]
-
-  *) Add support for Triple DES Cipher Block Chaining with Output Feedback
-     Masking (CBCM). In the absence of test vectors, the best I have been able
-     to do is check that the decrypt undoes the encrypt, so far. Send me test
-     vectors if you have them.
-     [Ben Laurie]
-
-  *) Correct calculation of key length for export ciphers (too much space was
-     allocated for null ciphers). This has not been tested!
-     [Ben Laurie]
-
-  *) Modifications to the mkdef.pl for Win32 DEF file creation. The usage
-     message is now correct (it understands "crypto" and "ssl" on its
-     command line). There is also now an "update" option. This will update
-     the util/ssleay.num and util/libeay.num files with any new functions.
-     If you do a: 
-     perl util/mkdef.pl crypto ssl update
-     it will update them.
-     [Steve Henson]
-
-  *) Overhauled the Perl interface (perl/*):
-     - ported BN stuff to OpenSSL's different BN library
-     - made the perl/ source tree CVS-aware
-     - renamed the package from SSLeay to OpenSSL (the files still contain
-       their history because I've copied them in the repository)
-     - removed obsolete files (the test scripts will be replaced
-       by better Test::Harness variants in the future)
-     [Ralf S. Engelschall]
-
-  *) First cut for a very conservative source tree cleanup:
-     1. merge various obsolete readme texts into doc/ssleay.txt
-     where we collect the old documents and readme texts.
-     2. remove the first part of files where I'm already sure that we no
-     longer need them because of three reasons: either they are just temporary
-     files which were left by Eric or they are preserved original files where
-     I've verified that the diff is also available in the CVS via "cvs diff
-     -rSSLeay_0_8_1b" or they were renamed (as it was definitely the case for
-     the crypto/md/ stuff).
-     [Ralf S. Engelschall]
-
-  *) More extension code. Incomplete support for subject and issuer alt
-     name, issuer and authority key id. Change the i2v function parameters
-     and add an extra 'crl' parameter in the X509V3_CTX structure: guess
-     what that's for :-) Fix to ASN1 macro which messed up
-     IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED.
-     [Steve Henson]
-
-  *) Preliminary support for ENUMERATED type. This is largely copied from the
-     INTEGER code.
-     [Steve Henson]
-
-  *) Add new function, EVP_MD_CTX_copy() to replace frequent use of memcpy.
-     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
-
-  *) Make sure `make rehash' target really finds the `openssl' program.
-     [Ralf S. Engelschall, Matthias Loepfe <Matthias.Loepfe at adnovum.ch>]
-
-  *) Squeeze another 7% of speed out of MD5 assembler, at least on a P2. I'd
-     like to hear about it if this slows down other processors.
-     [Ben Laurie]
-
-  *) Add CygWin32 platform information to Configure script.
-     [Alan Batie <batie at aahz.jf.intel.com>]
-
-  *) Fixed ms/32all.bat script: `no_asm' -> `no-asm'
-     [Rainer W. Gerling <gerling at mpg-gv.mpg.de>]
-  
-  *) New program nseq to manipulate netscape certificate sequences
-     [Steve Henson]
-
-  *) Modify crl2pkcs7 so it supports multiple -certfile arguments. Fix a
-     few typos.
-     [Steve Henson]
-
-  *) Fixes to BN code.  Previously the default was to define BN_RECURSION
-     but the BN code had some problems that would cause failures when
-     doing certificate verification and some other functions.
-     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
-
-  *) Add ASN1 and PEM code to support netscape certificate sequences.
-     [Steve Henson]
-
-  *) Add ASN1 and PEM code to support netscape certificate sequences.
-     [Steve Henson]
-
-  *) Add several PKIX and private extended key usage OIDs.
-     [Steve Henson]
-
-  *) Modify the 'ca' program to handle the new extension code. Modify
-     openssl.cnf for new extension format, add comments.
-     [Steve Henson]
-
-  *) More X509 V3 changes. Fix typo in v3_bitstr.c. Add support to 'req'
-     and add a sample to openssl.cnf so req -x509 now adds appropriate
-     CA extensions.
-     [Steve Henson]
-
-  *) Continued X509 V3 changes. Add to other makefiles, integrate with the
-     error code, add initial support to X509_print() and x509 application.
-     [Steve Henson]
-
-  *) Takes a deep breath and start addding X509 V3 extension support code. Add
-     files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this
-     stuff is currently isolated and isn't even compiled yet.
-     [Steve Henson]
-
-  *) Continuing patches for GeneralizedTime. Fix up certificate and CRL
-     ASN1 to use ASN1_TIME and modify print routines to use ASN1_TIME_print.
-     Removed the versions check from X509 routines when loading extensions:
-     this allows certain broken certificates that don't set the version
-     properly to be processed.
-     [Steve Henson]
-
-  *) Deal with irritating shit to do with dependencies, in YAAHW (Yet Another
-     Ad Hoc Way) - Makefile.ssls now all contain local dependencies, which
-     can still be regenerated with "make depend".
-     [Ben Laurie]
-
-  *) Spelling mistake in C version of CAST-128.
-     [Ben Laurie, reported by Jeremy Hylton <jeremy at cnri.reston.va.us>]
-
-  *) Changes to the error generation code. The perl script err-code.pl 
-     now reads in the old error codes and retains the old numbers, only
-     adding new ones if necessary. It also only changes the .err files if new
-     codes are added. The makefiles have been modified to only insert errors
-     when needed (to avoid needlessly modifying header files). This is done
-     by only inserting errors if the .err file is newer than the auto generated
-     C file. To rebuild all the error codes from scratch (the old behaviour)
-     either modify crypto/Makefile.ssl to pass the -regen flag to err_code.pl
-     or delete all the .err files.
-     [Steve Henson]
-
-  *) CAST-128 was incorrectly implemented for short keys. The C version has
-     been fixed, but is untested. The assembler versions are also fixed, but
-     new assembler HAS NOT BEEN GENERATED FOR WIN32 - the Makefile needs fixing
-     to regenerate it if needed.
-     [Ben Laurie, reported (with fix for C version) by Jun-ichiro itojun
-      Hagino <itojun at kame.net>]
-
-  *) File was opened incorrectly in randfile.c.
-     [Ulf Möller <ulf at fitug.de>]
-
-  *) Beginning of support for GeneralizedTime. d2i, i2d, check and print
-     functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or
-     GeneralizedTime. ASN1_TIME is the proper type used in certificates et
-     al: it's just almost always a UTCTime. Note this patch adds new error
-     codes so do a "make errors" if there are problems.
-     [Steve Henson]
-
-  *) Correct Linux 1 recognition in config.
-     [Ulf Möller <ulf at fitug.de>]
-
-  *) Remove pointless MD5 hash when using DSA keys in ca.
-     [Anonymous <nobody at replay.com>]
-
-  *) Generate an error if given an empty string as a cert directory. Also
-     generate an error if handed NULL (previously returned 0 to indicate an
-     error, but didn't set one).
-     [Ben Laurie, reported by Anonymous <nobody at replay.com>]
-
-  *) Add prototypes to SSL methods. Make SSL_write's buffer const, at last.
-     [Ben Laurie]
-
-  *) Fix the dummy function BN_ref_mod_exp() in rsaref.c to have the correct
-     parameters. This was causing a warning which killed off the Win32 compile.
-     [Steve Henson]
-
-  *) Remove C++ style comments from crypto/bn/bn_local.h.
-     [Neil Costigan <neil.costigan at celocom.com>]
-
-  *) The function OBJ_txt2nid was broken. It was supposed to return a nid
-     based on a text string, looking up short and long names and finally
-     "dot" format. The "dot" format stuff didn't work. Added new function
-     OBJ_txt2obj to do the same but return an ASN1_OBJECT and rewrote 
-     OBJ_txt2nid to use it. OBJ_txt2obj can also return objects even if the
-     OID is not part of the table.
-     [Steve Henson]
-
-  *) Add prototypes to X509 lookup/verify methods, fixing a bug in
-     X509_LOOKUP_by_alias().
-     [Ben Laurie]
-
-  *) Sort openssl functions by name.
-     [Ben Laurie]
-
-  *) Get the gendsa program working (hopefully) and add it to app list. Remove
-     encryption from sample DSA keys (in case anyone is interested the password
-     was "1234").
-     [Steve Henson]
-
-  *) Make _all_ *_free functions accept a NULL pointer.
-     [Frans Heymans <fheymans at isaserver.be>]
-
-  *) If a DH key is generated in s3_srvr.c, don't blow it by trying to use
-     NULL pointers.
-     [Anonymous <nobody at replay.com>]
-
-  *) s_server should send the CAfile as acceptable CAs, not its own cert.
-     [Bodo Moeller <3moeller at informatik.uni-hamburg.de>]
-
-  *) Don't blow it for numeric -newkey arguments to apps/req.
-     [Bodo Moeller <3moeller at informatik.uni-hamburg.de>]
-
-  *) Temp key "for export" tests were wrong in s3_srvr.c.
-     [Anonymous <nobody at replay.com>]
-
-  *) Add prototype for temp key callback functions
-     SSL_CTX_set_tmp_{rsa,dh}_callback().
-     [Ben Laurie]
-
-  *) Make DH_free() tolerate being passed a NULL pointer (like RSA_free() and
-     DSA_free()). Make X509_PUBKEY_set() check for errors in d2i_PublicKey().
-     [Steve Henson]
-
-  *) X509_name_add_entry() freed the wrong thing after an error.
-     [Arne Ansper <arne at ats.cyber.ee>]
-
-  *) rsa_eay.c would attempt to free a NULL context.
-     [Arne Ansper <arne at ats.cyber.ee>]
-
-  *) BIO_s_socket() had a broken should_retry() on Windoze.
-     [Arne Ansper <arne at ats.cyber.ee>]
-
-  *) BIO_f_buffer() didn't pass on BIO_CTRL_FLUSH.
-     [Arne Ansper <arne at ats.cyber.ee>]
-
-  *) Make sure the already existing X509_STORE->depth variable is initialized
-     in X509_STORE_new(), but document the fact that this variable is still
-     unused in the certificate verification process.
-     [Ralf S. Engelschall]
-
-  *) Fix the various library and apps files to free up pkeys obtained from
-     X509_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions.
-     [Steve Henson]
-
-  *) Fix reference counting in X509_PUBKEY_get(). This makes
-     demos/maurice/example2.c work, amongst others, probably.
-     [Steve Henson and Ben Laurie]
-
-  *) First cut of a cleanup for apps/. First the `ssleay' program is now named
-     `openssl' and second, the shortcut symlinks for the `openssl <command>'
-     are no longer created. This way we have a single and consistent command
-     line interface `openssl <command>', similar to `cvs <command>'.
-     [Ralf S. Engelschall, Paul Sutton and Ben Laurie]
-
-  *) ca.c: move test for DSA keys inside #ifndef NO_DSA. Make pubkey
-     BIT STRING wrapper always have zero unused bits.
-     [Steve Henson]
-
-  *) Add CA.pl, perl version of CA.sh, add extended key usage OID.
-     [Steve Henson]
-
-  *) Make the top-level INSTALL documentation easier to understand.
-     [Paul Sutton]
-
-  *) Makefiles updated to exit if an error occurs in a sub-directory
-     make (including if user presses ^C) [Paul Sutton]
-
-  *) Make Montgomery context stuff explicit in RSA data structure.
-     [Ben Laurie]
-
-  *) Fix build order of pem and err to allow for generated pem.h.
-     [Ben Laurie]
-
-  *) Fix renumbering bug in X509_NAME_delete_entry().
-     [Ben Laurie]
-
-  *) Enhanced the err-ins.pl script so it makes the error library number 
-     global and can add a library name. This is needed for external ASN1 and
-     other error libraries.
-     [Steve Henson]
-
-  *) Fixed sk_insert which never worked properly.
-     [Steve Henson]
-
-  *) Fix ASN1 macros so they can handle indefinite length construted 
-     EXPLICIT tags. Some non standard certificates use these: they can now
-     be read in.
-     [Steve Henson]
-
-  *) Merged the various old/obsolete SSLeay documentation files (doc/xxx.doc)
-     into a single doc/ssleay.txt bundle. This way the information is still
-     preserved but no longer messes up this directory. Now it's new room for
-     the new set of documenation files.
-     [Ralf S. Engelschall]
-
-  *) SETs were incorrectly DER encoded. This was a major pain, because they
-     shared code with SEQUENCEs, which aren't coded the same. This means that
-     almost everything to do with SETs or SEQUENCEs has either changed name or
-     number of arguments.
-     [Ben Laurie, based on a partial fix by GP Jayan <gp at nsj.co.jp>]
-
-  *) Fix test data to work with the above.
-     [Ben Laurie]
-
-  *) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but
-     was already fixed by Eric for 0.9.1 it seems.
-     [Ben Laurie - pointed out by Ulf Möller <ulf at fitug.de>]
-
-  *) Autodetect FreeBSD3.
-     [Ben Laurie]
-
-  *) Fix various bugs in Configure. This affects the following platforms:
-     nextstep
-     ncr-scde
-     unixware-2.0
-     unixware-2.0-pentium
-     sco5-cc.
-     [Ben Laurie]
-
-  *) Eliminate generated files from CVS. Reorder tests to regenerate files
-     before they are needed.
-     [Ben Laurie]
-
-  *) Generate Makefile.ssl from Makefile.org (to keep CVS happy).
-     [Ben Laurie]
-
-
- Changes between 0.9.1b and 0.9.1c  [23-Dec-1998]
-
-  *) Added OPENSSL_VERSION_NUMBER to crypto/crypto.h and 
-     changed SSLeay to OpenSSL in version strings.
-     [Ralf S. Engelschall]
-  
-  *) Some fixups to the top-level documents.
-     [Paul Sutton]
-
-  *) Fixed the nasty bug where rsaref.h was not found under compile-time
-     because the symlink to include/ was missing.
-     [Ralf S. Engelschall]
-
-  *) Incorporated the popular no-RSA/DSA-only patches 
-     which allow to compile a RSA-free SSLeay.
-     [Andrew Cooke / Interrader Ldt., Ralf S. Engelschall]
-
-  *) Fixed nasty rehash problem under `make -f Makefile.ssl links'
-     when "ssleay" is still not found.
-     [Ralf S. Engelschall]
-
-  *) Added more platforms to Configure: Cray T3E, HPUX 11, 
-     [Ralf S. Engelschall, Beckmann <beckman at acl.lanl.gov>]
-
-  *) Updated the README file.
-     [Ralf S. Engelschall]
-
-  *) Added various .cvsignore files in the CVS repository subdirs
-     to make a "cvs update" really silent.
-     [Ralf S. Engelschall]
-
-  *) Recompiled the error-definition header files and added
-     missing symbols to the Win32 linker tables.
-     [Ralf S. Engelschall]
-
-  *) Cleaned up the top-level documents;
-     o new files: CHANGES and LICENSE
-     o merged VERSION, HISTORY* and README* files a CHANGES.SSLeay 
-     o merged COPYRIGHT into LICENSE
-     o removed obsolete TODO file
-     o renamed MICROSOFT to INSTALL.W32
-     [Ralf S. Engelschall]
-
-  *) Removed dummy files from the 0.9.1b source tree: 
-     crypto/asn1/x crypto/bio/cd crypto/bio/fg crypto/bio/grep crypto/bio/vi
-     crypto/bn/asm/......add.c crypto/bn/asm/a.out crypto/dsa/f crypto/md5/f
-     crypto/pem/gmon.out crypto/perlasm/f crypto/pkcs7/build crypto/rsa/f
-     crypto/sha/asm/f crypto/threads/f ms/zzz ssl/f ssl/f.mak test/f
-     util/f.mak util/pl/f util/pl/f.mak crypto/bf/bf_locl.old apps/f
-     [Ralf S. Engelschall]
-
-  *) Added various platform portability fixes.
-     [Mark J. Cox]
-
-  *) The Genesis of the OpenSSL rpject:
-     We start with the latest (unreleased) SSLeay version 0.9.1b which Eric A.
-     Young and Tim J. Hudson created while they were working for C2Net until
-     summer 1998.
-     [The OpenSSL Project]
- 
-
- Changes between 0.9.0b and 0.9.1b  [not released]
-
-  *) Updated a few CA certificates under certs/
-     [Eric A. Young]
-
-  *) Changed some BIGNUM api stuff.
-     [Eric A. Young]
-
-  *) Various platform ports: OpenBSD, Ultrix, IRIX 64bit, NetBSD, 
-     DGUX x86, Linux Alpha, etc.
-     [Eric A. Young]
-
-  *) New COMP library [crypto/comp/] for SSL Record Layer Compression: 
-     RLE (dummy implemented) and ZLIB (really implemented when ZLIB is
-     available).
-     [Eric A. Young]
-
-  *) Add -strparse option to asn1pars program which parses nested 
-     binary structures 
-     [Dr Stephen Henson <shenson at bigfoot.com>]
-
-  *) Added "oid_file" to ssleay.cnf for "ca" and "req" programs.
-     [Eric A. Young]
-
-  *) DSA fix for "ca" program.
-     [Eric A. Young]
-
-  *) Added "-genkey" option to "dsaparam" program.
-     [Eric A. Young]
-
-  *) Added RIPE MD160 (rmd160) message digest.
-     [Eric A. Young]
-
-  *) Added -a (all) option to "ssleay version" command.
-     [Eric A. Young]
-
-  *) Added PLATFORM define which is the id given to Configure.
-     [Eric A. Young]
-
-  *) Added MemCheck_XXXX functions to crypto/mem.c for memory checking.
-     [Eric A. Young]
-
-  *) Extended the ASN.1 parser routines.
-     [Eric A. Young]
-
-  *) Extended BIO routines to support REUSEADDR, seek, tell, etc.
-     [Eric A. Young]
-
-  *) Added a BN_CTX to the BN library.
-     [Eric A. Young]
-
-  *) Fixed the weak key values in DES library
-     [Eric A. Young]
-
-  *) Changed API in EVP library for cipher aliases.
-     [Eric A. Young]
-
-  *) Added support for RC2/64bit cipher.
-     [Eric A. Young]
-
-  *) Converted the lhash library to the crypto/mem.c functions.
-     [Eric A. Young]
-
-  *) Added more recognized ASN.1 object ids.
-     [Eric A. Young]
-
-  *) Added more RSA padding checks for SSL/TLS.
-     [Eric A. Young]
-
-  *) Added BIO proxy/filter functionality.
-     [Eric A. Young]
-
-  *) Added extra_certs to SSL_CTX which can be used
-     send extra CA certificates to the client in the CA cert chain sending
-     process. It can be configured with SSL_CTX_add_extra_chain_cert().
-     [Eric A. Young]
-
-  *) Now Fortezza is denied in the authentication phase because
-     this is key exchange mechanism is not supported by SSLeay at all.
-     [Eric A. Young]
-
-  *) Additional PKCS1 checks.
-     [Eric A. Young]
-
-  *) Support the string "TLSv1" for all TLS v1 ciphers.
-     [Eric A. Young]
-
-  *) Added function SSL_get_ex_data_X509_STORE_CTX_idx() which gives the
-     ex_data index of the SSL context in the X509_STORE_CTX ex_data.
-     [Eric A. Young]
-
-  *) Fixed a few memory leaks.
-     [Eric A. Young]
-
-  *) Fixed various code and comment typos.
-     [Eric A. Young]
-
-  *) A minor bug in ssl/s3_clnt.c where there would always be 4 0 
-     bytes sent in the client random.
-     [Edward Bishop <ebishop at spyglass.com>]
-

Copied: vendor-crypto/openssl/1.0.1u/CHANGES (from rev 11605, vendor-crypto/openssl/dist/CHANGES)
===================================================================
--- vendor-crypto/openssl/1.0.1u/CHANGES	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/CHANGES	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,10897 @@
+
+ OpenSSL CHANGES
+ _______________
+
+ Changes between 1.0.1t and 1.0.1u [22 Sep 2016]
+
+  *) OCSP Status Request extension unbounded memory growth
+
+     A malicious client can send an excessively large OCSP Status Request
+     extension. If that client continually requests renegotiation, sending a
+     large OCSP Status Request extension each time, then there will be unbounded
+     memory growth on the server. This will eventually lead to a Denial Of
+     Service attack through memory exhaustion. Servers with a default
+     configuration are vulnerable even if they do not support OCSP. Builds using
+     the "no-ocsp" build time option are not affected.
+
+     This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
+     (CVE-2016-6304)
+     [Matt Caswell]
+
+  *) In order to mitigate the SWEET32 attack, the DES ciphers were moved from
+     HIGH to MEDIUM.
+
+     This issue was reported to OpenSSL Karthikeyan Bhargavan and Gaetan
+     Leurent (INRIA)
+     (CVE-2016-2183)
+     [Rich Salz]
+
+  *) OOB write in MDC2_Update()
+
+     An overflow can occur in MDC2_Update() either if called directly or
+     through the EVP_DigestUpdate() function using MDC2. If an attacker
+     is able to supply very large amounts of input data after a previous
+     call to EVP_EncryptUpdate() with a partial block then a length check
+     can overflow resulting in a heap corruption.
+
+     The amount of data needed is comparable to SIZE_MAX which is impractical
+     on most platforms.
+
+     This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
+     (CVE-2016-6303)
+     [Stephen Henson]
+
+  *) Malformed SHA512 ticket DoS
+
+     If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a
+     DoS attack where a malformed ticket will result in an OOB read which will
+     ultimately crash.
+
+     The use of SHA512 in TLS session tickets is comparatively rare as it requires
+     a custom server callback and ticket lookup mechanism.
+
+     This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
+     (CVE-2016-6302)
+     [Stephen Henson]
+
+  *) OOB write in BN_bn2dec()
+
+     The function BN_bn2dec() does not check the return value of BN_div_word().
+     This can cause an OOB write if an application uses this function with an
+     overly large BIGNUM. This could be a problem if an overly large certificate
+     or CRL is printed out from an untrusted source. TLS is not affected because
+     record limits will reject an oversized certificate before it is parsed.
+
+     This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
+     (CVE-2016-2182)
+     [Stephen Henson]
+
+  *) OOB read in TS_OBJ_print_bio()
+
+     The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is
+     the total length the OID text representation would use and not the amount
+     of data written. This will result in OOB reads when large OIDs are
+     presented.
+
+     This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
+     (CVE-2016-2180)
+     [Stephen Henson]
+
+  *) Pointer arithmetic undefined behaviour
+
+     Avoid some undefined pointer arithmetic
+
+     A common idiom in the codebase is to check limits in the following manner:
+     "p + len > limit"
+
+     Where "p" points to some malloc'd data of SIZE bytes and
+     limit == p + SIZE
+
+     "len" here could be from some externally supplied data (e.g. from a TLS
+     message).
+
+     The rules of C pointer arithmetic are such that "p + len" is only well
+     defined where len <= SIZE. Therefore the above idiom is actually
+     undefined behaviour.
+
+     For example this could cause problems if some malloc implementation
+     provides an address for "p" such that "p + len" actually overflows for
+     values of len that are too big and therefore p + len < limit.
+
+     This issue was reported to OpenSSL by Guido Vranken
+     (CVE-2016-2177)
+     [Matt Caswell]
+
+  *) Constant time flag not preserved in DSA signing
+
+     Operations in the DSA signing algorithm should run in constant time in
+     order to avoid side channel attacks. A flaw in the OpenSSL DSA
+     implementation means that a non-constant time codepath is followed for
+     certain operations. This has been demonstrated through a cache-timing
+     attack to be sufficient for an attacker to recover the private DSA key.
+
+     This issue was reported by César Pereida (Aalto University), Billy Brumley
+     (Tampere University of Technology), and Yuval Yarom (The University of
+     Adelaide and NICTA).
+     (CVE-2016-2178)
+     [César Pereida]
+
+  *) DTLS buffered message DoS
+
+     In a DTLS connection where handshake messages are delivered out-of-order
+     those messages that OpenSSL is not yet ready to process will be buffered
+     for later use. Under certain circumstances, a flaw in the logic means that
+     those messages do not get removed from the buffer even though the handshake
+     has been completed. An attacker could force up to approx. 15 messages to
+     remain in the buffer when they are no longer required. These messages will
+     be cleared when the DTLS connection is closed. The default maximum size for
+     a message is 100k. Therefore the attacker could force an additional 1500k
+     to be consumed per connection. By opening many simulataneous connections an
+     attacker could cause a DoS attack through memory exhaustion.
+
+     This issue was reported to OpenSSL by Quan Luo.
+     (CVE-2016-2179)
+     [Matt Caswell]
+
+  *) DTLS replay protection DoS
+
+     A flaw in the DTLS replay attack protection mechanism means that records
+     that arrive for future epochs update the replay protection "window" before
+     the MAC for the record has been validated. This could be exploited by an
+     attacker by sending a record for the next epoch (which does not have to
+     decrypt or have a valid MAC), with a very large sequence number. This means
+     that all subsequent legitimate packets are dropped causing a denial of
+     service for a specific DTLS connection.
+
+     This issue was reported to OpenSSL by the OCAP audit team.
+     (CVE-2016-2181)
+     [Matt Caswell]
+
+  *) Certificate message OOB reads
+
+     In OpenSSL 1.0.2 and earlier some missing message length checks can result
+     in OOB reads of up to 2 bytes beyond an allocated buffer. There is a
+     theoretical DoS risk but this has not been observed in practice on common
+     platforms.
+
+     The messages affected are client certificate, client certificate request
+     and server certificate. As a result the attack can only be performed
+     against a client or a server which enables client authentication.
+
+     This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
+     (CVE-2016-6306)
+     [Stephen Henson]
+
+ Changes between 1.0.1s and 1.0.1t [3 May 2016]
+
+  *) Prevent padding oracle in AES-NI CBC MAC check
+
+     A MITM attacker can use a padding oracle attack to decrypt traffic
+     when the connection uses an AES CBC cipher and the server support
+     AES-NI.
+
+     This issue was introduced as part of the fix for Lucky 13 padding
+     attack (CVE-2013-0169). The padding check was rewritten to be in
+     constant time by making sure that always the same bytes are read and
+     compared against either the MAC or padding bytes. But it no longer
+     checked that there was enough data to have both the MAC and padding
+     bytes.
+
+     This issue was reported by Juraj Somorovsky using TLS-Attacker.
+     (CVE-2016-2107)
+     [Kurt Roeckx]
+
+  *) Fix EVP_EncodeUpdate overflow
+
+     An overflow can occur in the EVP_EncodeUpdate() function which is used for
+     Base64 encoding of binary data. If an attacker is able to supply very large
+     amounts of input data then a length check can overflow resulting in a heap
+     corruption.
+
+     Internally to OpenSSL the EVP_EncodeUpdate() function is primarly used by
+     the PEM_write_bio* family of functions. These are mainly used within the
+     OpenSSL command line applications, so any application which processes data
+     from an untrusted source and outputs it as a PEM file should be considered
+     vulnerable to this issue. User applications that call these APIs directly
+     with large amounts of untrusted data may also be vulnerable.
+
+     This issue was reported by Guido Vranken.
+     (CVE-2016-2105)
+     [Matt Caswell]
+
+  *) Fix EVP_EncryptUpdate overflow
+
+     An overflow can occur in the EVP_EncryptUpdate() function. If an attacker
+     is able to supply very large amounts of input data after a previous call to
+     EVP_EncryptUpdate() with a partial block then a length check can overflow
+     resulting in a heap corruption. Following an analysis of all OpenSSL
+     internal usage of the EVP_EncryptUpdate() function all usage is one of two
+     forms. The first form is where the EVP_EncryptUpdate() call is known to be
+     the first called function after an EVP_EncryptInit(), and therefore that
+     specific call must be safe. The second form is where the length passed to
+     EVP_EncryptUpdate() can be seen from the code to be some small value and
+     therefore there is no possibility of an overflow. Since all instances are
+     one of these two forms, it is believed that there can be no overflows in
+     internal code due to this problem. It should be noted that
+     EVP_DecryptUpdate() can call EVP_EncryptUpdate() in certain code paths.
+     Also EVP_CipherUpdate() is a synonym for EVP_EncryptUpdate(). All instances
+     of these calls have also been analysed too and it is believed there are no
+     instances in internal usage where an overflow could occur.
+
+     This issue was reported by Guido Vranken.
+     (CVE-2016-2106)
+     [Matt Caswell]
+
+  *) Prevent ASN.1 BIO excessive memory allocation
+
+     When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()
+     a short invalid encoding can casuse allocation of large amounts of memory
+     potentially consuming excessive resources or exhausting memory.
+
+     Any application parsing untrusted data through d2i BIO functions is
+     affected. The memory based functions such as d2i_X509() are *not* affected.
+     Since the memory based functions are used by the TLS library, TLS
+     applications are not affected.
+
+     This issue was reported by Brian Carpenter.
+     (CVE-2016-2109)
+     [Stephen Henson]
+
+  *) EBCDIC overread
+
+     ASN1 Strings that are over 1024 bytes can cause an overread in applications
+     using the X509_NAME_oneline() function on EBCDIC systems. This could result
+     in arbitrary stack data being returned in the buffer.
+
+     This issue was reported by Guido Vranken.
+     (CVE-2016-2176)
+     [Matt Caswell]
+
+  *) Modify behavior of ALPN to invoke callback after SNI/servername
+     callback, such that updates to the SSL_CTX affect ALPN.
+     [Todd Short]
+
+  *) Remove LOW from the DEFAULT cipher list.  This removes singles DES from the
+     default.
+     [Kurt Roeckx]
+
+  *) Only remove the SSLv2 methods with the no-ssl2-method option. When the
+     methods are enabled and ssl2 is disabled the methods return NULL.
+     [Kurt Roeckx]
+
+ Changes between 1.0.1r and 1.0.1s [1 Mar 2016]
+
+  * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
+    Builds that are not configured with "enable-weak-ssl-ciphers" will not
+    provide any "EXPORT" or "LOW" strength ciphers.
+    [Viktor Dukhovni]
+
+  * Disable SSLv2 default build, default negotiation and weak ciphers.  SSLv2
+    is by default disabled at build-time.  Builds that are not configured with
+    "enable-ssl2" will not support SSLv2.  Even if "enable-ssl2" is used,
+    users who want to negotiate SSLv2 via the version-flexible SSLv23_method()
+    will need to explicitly call either of:
+
+        SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2);
+    or
+        SSL_clear_options(ssl, SSL_OP_NO_SSLv2);
+
+    as appropriate.  Even if either of those is used, or the application
+    explicitly uses the version-specific SSLv2_method() or its client and
+    server variants, SSLv2 ciphers vulnerable to exhaustive search key
+    recovery have been removed.  Specifically, the SSLv2 40-bit EXPORT
+    ciphers, and SSLv2 56-bit DES are no longer available.
+    (CVE-2016-0800)
+    [Viktor Dukhovni]
+
+  *) Fix a double-free in DSA code
+
+     A double free bug was discovered when OpenSSL parses malformed DSA private
+     keys and could lead to a DoS attack or memory corruption for applications
+     that receive DSA private keys from untrusted sources.  This scenario is
+     considered rare.
+
+     This issue was reported to OpenSSL by Adam Langley(Google/BoringSSL) using
+     libFuzzer.
+     (CVE-2016-0705)
+     [Stephen Henson]
+
+  *) Disable SRP fake user seed to address a server memory leak.
+
+     Add a new method SRP_VBASE_get1_by_user that handles the seed properly.
+
+     SRP_VBASE_get_by_user had inconsistent memory management behaviour.
+     In order to fix an unavoidable memory leak, SRP_VBASE_get_by_user
+     was changed to ignore the "fake user" SRP seed, even if the seed
+     is configured.
+
+     Users should use SRP_VBASE_get1_by_user instead. Note that in
+     SRP_VBASE_get1_by_user, caller must free the returned value. Note
+     also that even though configuring the SRP seed attempts to hide
+     invalid usernames by continuing the handshake with fake
+     credentials, this behaviour is not constant time and no strong
+     guarantees are made that the handshake is indistinguishable from
+     that of a valid user.
+     (CVE-2016-0798)
+     [Emilia Käsper]
+
+  *) Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
+
+     In the BN_hex2bn function the number of hex digits is calculated using an
+     int value |i|. Later |bn_expand| is called with a value of |i * 4|. For
+     large values of |i| this can result in |bn_expand| not allocating any
+     memory because |i * 4| is negative. This can leave the internal BIGNUM data
+     field as NULL leading to a subsequent NULL ptr deref. For very large values
+     of |i|, the calculation |i * 4| could be a positive value smaller than |i|.
+     In this case memory is allocated to the internal BIGNUM data field, but it
+     is insufficiently sized leading to heap corruption. A similar issue exists
+     in BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn
+     is ever called by user applications with very large untrusted hex/dec data.
+     This is anticipated to be a rare occurrence.
+
+     All OpenSSL internal usage of these functions use data that is not expected
+     to be untrusted, e.g. config file data or application command line
+     arguments. If user developed applications generate config file data based
+     on untrusted data then it is possible that this could also lead to security
+     consequences. This is also anticipated to be rare.
+
+     This issue was reported to OpenSSL by Guido Vranken.
+     (CVE-2016-0797)
+     [Matt Caswell]
+
+  *) Fix memory issues in BIO_*printf functions
+
+     The internal |fmtstr| function used in processing a "%s" format string in
+     the BIO_*printf functions could overflow while calculating the length of a
+     string and cause an OOB read when printing very long strings.
+
+     Additionally the internal |doapr_outch| function can attempt to write to an
+     OOB memory location (at an offset from the NULL pointer) in the event of a
+     memory allocation failure. In 1.0.2 and below this could be caused where
+     the size of a buffer to be allocated is greater than INT_MAX. E.g. this
+     could be in processing a very long "%s" format string. Memory leaks can
+     also occur.
+
+     The first issue may mask the second issue dependent on compiler behaviour.
+     These problems could enable attacks where large amounts of untrusted data
+     is passed to the BIO_*printf functions. If applications use these functions
+     in this way then they could be vulnerable. OpenSSL itself uses these
+     functions when printing out human-readable dumps of ASN.1 data. Therefore
+     applications that print this data could be vulnerable if the data is from
+     untrusted sources. OpenSSL command line applications could also be
+     vulnerable where they print out ASN.1 data, or if untrusted data is passed
+     as command line arguments.
+
+     Libssl is not considered directly vulnerable. Additionally certificates etc
+     received via remote connections via libssl are also unlikely to be able to
+     trigger these issues because of message size limits enforced within libssl.
+
+     This issue was reported to OpenSSL Guido Vranken.
+     (CVE-2016-0799)
+     [Matt Caswell]
+
+  *) Side channel attack on modular exponentiation
+
+     A side-channel attack was found which makes use of cache-bank conflicts on
+     the Intel Sandy-Bridge microarchitecture which could lead to the recovery
+     of RSA keys.  The ability to exploit this issue is limited as it relies on
+     an attacker who has control of code in a thread running on the same
+     hyper-threaded core as the victim thread which is performing decryptions.
+
+     This issue was reported to OpenSSL by Yuval Yarom, The University of
+     Adelaide and NICTA, Daniel Genkin, Technion and Tel Aviv University, and
+     Nadia Heninger, University of Pennsylvania with more information at
+     http://cachebleed.info.
+     (CVE-2016-0702)
+     [Andy Polyakov]
+
+  *) Change the req app to generate a 2048-bit RSA/DSA key by default,
+     if no keysize is specified with default_bits. This fixes an
+     omission in an earlier change that changed all RSA/DSA key generation
+     apps to use 2048 bits by default.
+     [Emilia Käsper]
+
+ Changes between 1.0.1q and 1.0.1r [28 Jan 2016]
+
+  *) Protection for DH small subgroup attacks
+
+     As a precautionary measure the SSL_OP_SINGLE_DH_USE option has been
+     switched on by default and cannot be disabled. This could have some
+     performance impact.
+     [Matt Caswell]
+
+  *) SSLv2 doesn't block disabled ciphers
+
+     A malicious client can negotiate SSLv2 ciphers that have been disabled on
+     the server and complete SSLv2 handshakes even if all SSLv2 ciphers have
+     been disabled, provided that the SSLv2 protocol was not also disabled via
+     SSL_OP_NO_SSLv2.
+
+     This issue was reported to OpenSSL on 26th December 2015 by Nimrod Aviram
+     and Sebastian Schinzel.
+     (CVE-2015-3197)
+     [Viktor Dukhovni]
+
+  *) Reject DH handshakes with parameters shorter than 1024 bits.
+     [Kurt Roeckx]
+
+ Changes between 1.0.1p and 1.0.1q [3 Dec 2015]
+
+  *) Certificate verify crash with missing PSS parameter
+
+     The signature verification routines will crash with a NULL pointer
+     dereference if presented with an ASN.1 signature using the RSA PSS
+     algorithm and absent mask generation function parameter. Since these
+     routines are used to verify certificate signature algorithms this can be
+     used to crash any certificate verification operation and exploited in a
+     DoS attack. Any application which performs certificate verification is
+     vulnerable including OpenSSL clients and servers which enable client
+     authentication.
+
+     This issue was reported to OpenSSL by Loïc Jonas Etienne (Qnective AG).
+     (CVE-2015-3194)
+     [Stephen Henson]
+
+  *) X509_ATTRIBUTE memory leak
+
+     When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak
+     memory. This structure is used by the PKCS#7 and CMS routines so any
+     application which reads PKCS#7 or CMS data from untrusted sources is
+     affected. SSL/TLS is not affected.
+
+     This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using
+     libFuzzer.
+     (CVE-2015-3195)
+     [Stephen Henson]
+
+  *) Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs.
+     This changes the decoding behaviour for some invalid messages,
+     though the change is mostly in the more lenient direction, and
+     legacy behaviour is preserved as much as possible.
+     [Emilia Käsper]
+
+  *) In DSA_generate_parameters_ex, if the provided seed is too short,
+     use a random seed, as already documented.
+     [Rich Salz and Ismo Puustinen <ismo.puustinen at intel.com>]
+
+ Changes between 1.0.1o and 1.0.1p [9 Jul 2015]
+
+  *) Alternate chains certificate forgery
+
+     During certificate verfification, OpenSSL will attempt to find an
+     alternative certificate chain if the first attempt to build such a chain
+     fails. An error in the implementation of this logic can mean that an
+     attacker could cause certain checks on untrusted certificates to be
+     bypassed, such as the CA flag, enabling them to use a valid leaf
+     certificate to act as a CA and "issue" an invalid certificate.
+
+     This issue was reported to OpenSSL by Adam Langley/David Benjamin
+     (Google/BoringSSL).
+     (CVE-2015-1793)
+     [Matt Caswell]
+
+  *) Race condition handling PSK identify hint
+
+     If PSK identity hints are received by a multi-threaded client then
+     the values are wrongly updated in the parent SSL_CTX structure. This can
+     result in a race condition potentially leading to a double free of the
+     identify hint data.
+     (CVE-2015-3196)
+     [Stephen Henson]
+
+ Changes between 1.0.1n and 1.0.1o [12 Jun 2015]
+  *) Fix HMAC ABI incompatibility. The previous version introduced an ABI
+     incompatibility in the handling of HMAC. The previous ABI has now been
+     restored.
+
+ Changes between 1.0.1m and 1.0.1n [11 Jun 2015]
+
+  *) Malformed ECParameters causes infinite loop
+
+     When processing an ECParameters structure OpenSSL enters an infinite loop
+     if the curve specified is over a specially malformed binary polynomial
+     field.
+
+     This can be used to perform denial of service against any
+     system which processes public keys, certificate requests or
+     certificates.  This includes TLS clients and TLS servers with
+     client authentication enabled.
+
+     This issue was reported to OpenSSL by Joseph Barr-Pixton.
+     (CVE-2015-1788)
+     [Andy Polyakov]
+
+  *) Exploitable out-of-bounds read in X509_cmp_time
+
+     X509_cmp_time does not properly check the length of the ASN1_TIME
+     string and can read a few bytes out of bounds. In addition,
+     X509_cmp_time accepts an arbitrary number of fractional seconds in the
+     time string.
+
+     An attacker can use this to craft malformed certificates and CRLs of
+     various sizes and potentially cause a segmentation fault, resulting in
+     a DoS on applications that verify certificates or CRLs. TLS clients
+     that verify CRLs are affected. TLS clients and servers with client
+     authentication enabled may be affected if they use custom verification
+     callbacks.
+
+     This issue was reported to OpenSSL by Robert Swiecki (Google), and
+     independently by Hanno Böck.
+     (CVE-2015-1789)
+     [Emilia Käsper]
+
+  *) PKCS7 crash with missing EnvelopedContent
+
+     The PKCS#7 parsing code does not handle missing inner EncryptedContent
+     correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs
+     with missing content and trigger a NULL pointer dereference on parsing.
+
+     Applications that decrypt PKCS#7 data or otherwise parse PKCS#7
+     structures from untrusted sources are affected. OpenSSL clients and
+     servers are not affected.
+
+     This issue was reported to OpenSSL by Michal Zalewski (Google).
+     (CVE-2015-1790)
+     [Emilia Käsper]
+
+  *) CMS verify infinite loop with unknown hash function
+
+     When verifying a signedData message the CMS code can enter an infinite loop
+     if presented with an unknown hash function OID. This can be used to perform
+     denial of service against any system which verifies signedData messages using
+     the CMS code.
+     This issue was reported to OpenSSL by Johannes Bauer.
+     (CVE-2015-1792)
+     [Stephen Henson]
+
+  *) Race condition handling NewSessionTicket
+
+     If a NewSessionTicket is received by a multi-threaded client when attempting to
+     reuse a previous ticket then a race condition can occur potentially leading to
+     a double free of the ticket data.
+     (CVE-2015-1791)
+     [Matt Caswell]
+
+  *) Reject DH handshakes with parameters shorter than 768 bits.
+     [Kurt Roeckx and Emilia Kasper]
+
+  *) dhparam: generate 2048-bit parameters by default.
+     [Kurt Roeckx and Emilia Kasper]
+
+ Changes between 1.0.1l and 1.0.1m [19 Mar 2015]
+
+  *) Segmentation fault in ASN1_TYPE_cmp fix
+
+     The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is
+     made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check
+     certificate signature algorithm consistency this can be used to crash any
+     certificate verification operation and exploited in a DoS attack. Any
+     application which performs certificate verification is vulnerable including
+     OpenSSL clients and servers which enable client authentication.
+     (CVE-2015-0286)
+     [Stephen Henson]
+
+  *) ASN.1 structure reuse memory corruption fix
+
+     Reusing a structure in ASN.1 parsing may allow an attacker to cause
+     memory corruption via an invalid write. Such reuse is and has been
+     strongly discouraged and is believed to be rare.
+
+     Applications that parse structures containing CHOICE or ANY DEFINED BY
+     components may be affected. Certificate parsing (d2i_X509 and related
+     functions) are however not affected. OpenSSL clients and servers are
+     not affected.
+     (CVE-2015-0287)
+     [Stephen Henson]
+
+  *) PKCS7 NULL pointer dereferences fix
+
+     The PKCS#7 parsing code does not handle missing outer ContentInfo
+     correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with
+     missing content and trigger a NULL pointer dereference on parsing.
+
+     Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or
+     otherwise parse PKCS#7 structures from untrusted sources are
+     affected. OpenSSL clients and servers are not affected.
+
+     This issue was reported to OpenSSL by Michal Zalewski (Google).
+     (CVE-2015-0289)
+     [Emilia Käsper]
+
+  *) DoS via reachable assert in SSLv2 servers fix
+
+     A malicious client can trigger an OPENSSL_assert (i.e., an abort) in
+     servers that both support SSLv2 and enable export cipher suites by sending
+     a specially crafted SSLv2 CLIENT-MASTER-KEY message.
+
+     This issue was discovered by Sean Burford (Google) and Emilia Käsper
+     (OpenSSL development team).
+     (CVE-2015-0293)
+     [Emilia Käsper]
+
+  *) Use After Free following d2i_ECPrivatekey error fix
+
+     A malformed EC private key file consumed via the d2i_ECPrivateKey function
+     could cause a use after free condition. This, in turn, could cause a double
+     free in several private key parsing functions (such as d2i_PrivateKey
+     or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption
+     for applications that receive EC private keys from untrusted
+     sources. This scenario is considered rare.
+
+     This issue was discovered by the BoringSSL project and fixed in their
+     commit 517073cd4b.
+     (CVE-2015-0209)
+     [Matt Caswell]
+
+  *) X509_to_X509_REQ NULL pointer deref fix
+
+     The function X509_to_X509_REQ will crash with a NULL pointer dereference if
+     the certificate key is invalid. This function is rarely used in practice.
+
+     This issue was discovered by Brian Carpenter.
+     (CVE-2015-0288)
+     [Stephen Henson]
+
+  *) Removed the export ciphers from the DEFAULT ciphers
+     [Kurt Roeckx]
+
+ Changes between 1.0.1k and 1.0.1l [15 Jan 2015]
+
+  *) Build fixes for the Windows and OpenVMS platforms
+     [Matt Caswell and Richard Levitte]
+
+ Changes between 1.0.1j and 1.0.1k [8 Jan 2015]
+
+  *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS
+     message can cause a segmentation fault in OpenSSL due to a NULL pointer
+     dereference. This could lead to a Denial Of Service attack. Thanks to
+     Markus Stenberg of Cisco Systems, Inc. for reporting this issue.
+     (CVE-2014-3571)
+     [Steve Henson]
+
+  *) Fix DTLS memory leak in dtls1_buffer_record. A memory leak can occur in the
+     dtls1_buffer_record function under certain conditions. In particular this
+     could occur if an attacker sent repeated DTLS records with the same
+     sequence number but for the next epoch. The memory leak could be exploited
+     by an attacker in a Denial of Service attack through memory exhaustion.
+     Thanks to Chris Mueller for reporting this issue.
+     (CVE-2015-0206)
+     [Matt Caswell]
+
+  *) Fix issue where no-ssl3 configuration sets method to NULL. When openssl is
+     built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl
+     method would be set to NULL which could later result in a NULL pointer
+     dereference. Thanks to Frank Schmirler for reporting this issue.
+     (CVE-2014-3569)
+     [Kurt Roeckx]
+
+  *) Abort handshake if server key exchange message is omitted for ephemeral
+     ECDH ciphersuites.
+
+     Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for
+     reporting this issue.
+     (CVE-2014-3572)
+     [Steve Henson]
+
+  *) Remove non-export ephemeral RSA code on client and server. This code
+     violated the TLS standard by allowing the use of temporary RSA keys in
+     non-export ciphersuites and could be used by a server to effectively
+     downgrade the RSA key length used to a value smaller than the server
+     certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at
+     INRIA or reporting this issue.
+     (CVE-2015-0204)
+     [Steve Henson]
+
+  *) Fixed issue where DH client certificates are accepted without verification.
+     An OpenSSL server will accept a DH certificate for client authentication
+     without the certificate verify message. This effectively allows a client to
+     authenticate without the use of a private key. This only affects servers
+     which trust a client certificate authority which issues certificates
+     containing DH keys: these are extremely rare and hardly ever encountered.
+     Thanks for Karthikeyan Bhargavan of the PROSECCO team at INRIA or reporting
+     this issue.
+     (CVE-2015-0205)
+     [Steve Henson]
+
+  *) Ensure that the session ID context of an SSL is updated when its
+     SSL_CTX is updated via SSL_set_SSL_CTX.
+
+     The session ID context is typically set from the parent SSL_CTX,
+     and can vary with the CTX.
+     [Adam Langley]
+
+  *) Fix various certificate fingerprint issues.
+
+     By using non-DER or invalid encodings outside the signed portion of a
+     certificate the fingerprint can be changed without breaking the signature.
+     Although no details of the signed portion of the certificate can be changed
+     this can cause problems with some applications: e.g. those using the
+     certificate fingerprint for blacklists.
+
+     1. Reject signatures with non zero unused bits.
+
+     If the BIT STRING containing the signature has non zero unused bits reject
+     the signature. All current signature algorithms require zero unused bits.
+
+     2. Check certificate algorithm consistency.
+
+     Check the AlgorithmIdentifier inside TBS matches the one in the
+     certificate signature. NB: this will result in signature failure
+     errors for some broken certificates.
+
+     Thanks to Konrad Kraszewski from Google for reporting this issue.
+
+     3. Check DSA/ECDSA signatures use DER.
+
+     Reencode DSA/ECDSA signatures and compare with the original received
+     signature. Return an error if there is a mismatch.
+
+     This will reject various cases including garbage after signature
+     (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS
+     program for discovering this case) and use of BER or invalid ASN.1 INTEGERs
+     (negative or with leading zeroes).
+
+     Further analysis was conducted and fixes were developed by Stephen Henson
+     of the OpenSSL core team.
+
+     (CVE-2014-8275)
+     [Steve Henson]
+
+   *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect
+      results on some platforms, including x86_64. This bug occurs at random
+      with a very low probability, and is not known to be exploitable in any
+      way, though its exact impact is difficult to determine. Thanks to Pieter
+      Wuille (Blockstream) who reported this issue and also suggested an initial
+      fix. Further analysis was conducted by the OpenSSL development team and
+      Adam Langley of Google. The final fix was developed by Andy Polyakov of
+      the OpenSSL core team.
+      (CVE-2014-3570)
+      [Andy Polyakov]
+
+   *) Do not resume sessions on the server if the negotiated protocol
+      version does not match the session's version. Resuming with a different
+      version, while not strictly forbidden by the RFC, is of questionable
+      sanity and breaks all known clients.
+      [David Benjamin, Emilia Käsper]
+
+   *) Tighten handling of the ChangeCipherSpec (CCS) message: reject
+      early CCS messages during renegotiation. (Note that because
+      renegotiation is encrypted, this early CCS was not exploitable.)
+      [Emilia Käsper]
+
+   *) Tighten client-side session ticket handling during renegotiation:
+      ensure that the client only accepts a session ticket if the server sends
+      the extension anew in the ServerHello. Previously, a TLS client would
+      reuse the old extension state and thus accept a session ticket if one was
+      announced in the initial ServerHello.
+
+      Similarly, ensure that the client requires a session ticket if one
+      was advertised in the ServerHello. Previously, a TLS client would
+      ignore a missing NewSessionTicket message.
+      [Emilia Käsper]
+
+ Changes between 1.0.1i and 1.0.1j [15 Oct 2014]
+
+  *) SRTP Memory Leak.
+
+     A flaw in the DTLS SRTP extension parsing code allows an attacker, who
+     sends a carefully crafted handshake message, to cause OpenSSL to fail
+     to free up to 64k of memory causing a memory leak. This could be
+     exploited in a Denial Of Service attack. This issue affects OpenSSL
+     1.0.1 server implementations for both SSL/TLS and DTLS regardless of
+     whether SRTP is used or configured. Implementations of OpenSSL that
+     have been compiled with OPENSSL_NO_SRTP defined are not affected.
+
+     The fix was developed by the OpenSSL team.
+     (CVE-2014-3513)
+     [OpenSSL team]
+
+  *) Session Ticket Memory Leak.
+
+     When an OpenSSL SSL/TLS/DTLS server receives a session ticket the
+     integrity of that ticket is first verified. In the event of a session
+     ticket integrity check failing, OpenSSL will fail to free memory
+     causing a memory leak. By sending a large number of invalid session
+     tickets an attacker could exploit this issue in a Denial Of Service
+     attack.
+     (CVE-2014-3567)
+     [Steve Henson]
+
+  *) Build option no-ssl3 is incomplete.
+
+     When OpenSSL is configured with "no-ssl3" as a build option, servers
+     could accept and complete a SSL 3.0 handshake, and clients could be
+     configured to send them.
+     (CVE-2014-3568)
+     [Akamai and the OpenSSL team]
+
+  *) Add support for TLS_FALLBACK_SCSV.
+     Client applications doing fallback retries should call
+     SSL_set_mode(s, SSL_MODE_SEND_FALLBACK_SCSV).
+     (CVE-2014-3566)
+     [Adam Langley, Bodo Moeller]
+
+  *) Add additional DigestInfo checks.
+ 
+     Reencode DigestInto in DER and check against the original when
+     verifying RSA signature: this will reject any improperly encoded
+     DigestInfo structures.
+
+     Note: this is a precautionary measure and no attacks are currently known.
+
+     [Steve Henson]
+
+ Changes between 1.0.1h and 1.0.1i [6 Aug 2014]
+
+  *) Fix SRP buffer overrun vulnerability. Invalid parameters passed to the
+     SRP code can be overrun an internal buffer. Add sanity check that
+     g, A, B < N to SRP code.
+
+     Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC
+     Group for discovering this issue.
+     (CVE-2014-3512)
+     [Steve Henson]
+
+  *) A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate
+     TLS 1.0 instead of higher protocol versions when the ClientHello message
+     is badly fragmented. This allows a man-in-the-middle attacker to force a
+     downgrade to TLS 1.0 even if both the server and the client support a
+     higher protocol version, by modifying the client's TLS records.
+
+     Thanks to David Benjamin and Adam Langley (Google) for discovering and
+     researching this issue.
+     (CVE-2014-3511)
+     [David Benjamin]
+
+  *) OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject
+     to a denial of service attack. A malicious server can crash the client
+     with a null pointer dereference (read) by specifying an anonymous (EC)DH
+     ciphersuite and sending carefully crafted handshake messages.
+
+     Thanks to Felix Gröbert (Google) for discovering and researching this
+     issue.
+     (CVE-2014-3510)
+     [Emilia Käsper]
+
+  *) By sending carefully crafted DTLS packets an attacker could cause openssl
+     to leak memory. This can be exploited through a Denial of Service attack.
+     Thanks to Adam Langley for discovering and researching this issue.
+     (CVE-2014-3507)
+     [Adam Langley]
+
+  *) An attacker can force openssl to consume large amounts of memory whilst
+     processing DTLS handshake messages. This can be exploited through a
+     Denial of Service attack.
+     Thanks to Adam Langley for discovering and researching this issue.
+     (CVE-2014-3506)
+     [Adam Langley]
+
+  *) An attacker can force an error condition which causes openssl to crash
+     whilst processing DTLS packets due to memory being freed twice. This
+     can be exploited through a Denial of Service attack.
+     Thanks to Adam Langley and Wan-Teh Chang for discovering and researching
+     this issue.
+     (CVE-2014-3505)
+     [Adam Langley]
+
+  *) If a multithreaded client connects to a malicious server using a resumed
+     session and the server sends an ec point format extension it could write
+     up to 255 bytes to freed memory.
+
+     Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this
+     issue.
+     (CVE-2014-3509)
+     [Gabor Tyukasz]
+
+  *) A malicious server can crash an OpenSSL client with a null pointer
+     dereference (read) by specifying an SRP ciphersuite even though it was not
+     properly negotiated with the client. This can be exploited through a
+     Denial of Service attack.
+
+     Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for
+     discovering and researching this issue.
+     (CVE-2014-5139)
+     [Steve Henson]
+
+  *) A flaw in OBJ_obj2txt may cause pretty printing functions such as
+     X509_name_oneline, X509_name_print_ex et al. to leak some information
+     from the stack. Applications may be affected if they echo pretty printing
+     output to the attacker.
+
+     Thanks to Ivan Fratric (Google) for discovering this issue.
+     (CVE-2014-3508)
+     [Emilia Käsper, and Steve Henson]
+
+  *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.)
+     for corner cases. (Certain input points at infinity could lead to
+     bogus results, with non-infinity inputs mapped to infinity too.)
+     [Bodo Moeller]
+
+ Changes between 1.0.1g and 1.0.1h [5 Jun 2014]
+
+  *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted
+     handshake can force the use of weak keying material in OpenSSL
+     SSL/TLS clients and servers.
+
+     Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and
+     researching this issue. (CVE-2014-0224)
+     [KIKUCHI Masashi, Steve Henson]
+
+  *) Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an
+     OpenSSL DTLS client the code can be made to recurse eventually crashing
+     in a DoS attack.
+
+     Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
+     (CVE-2014-0221)
+     [Imre Rad, Steve Henson]
+
+  *) Fix DTLS invalid fragment vulnerability. A buffer overrun attack can
+     be triggered by sending invalid DTLS fragments to an OpenSSL DTLS
+     client or server. This is potentially exploitable to run arbitrary
+     code on a vulnerable client or server.
+
+     Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195)
+     [Jüri Aedla, Steve Henson]
+
+  *) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites
+     are subject to a denial of service attack.
+
+     Thanks to Felix Gröbert and Ivan Fratric at Google for discovering
+     this issue. (CVE-2014-3470)
+     [Felix Gröbert, Ivan Fratric, Steve Henson]
+
+  *) Harmonize version and its documentation. -f flag is used to display
+     compilation flags.
+     [mancha <mancha1 at zoho.com>]
+
+  *) Fix eckey_priv_encode so it immediately returns an error upon a failure
+     in i2d_ECPrivateKey.
+     [mancha <mancha1 at zoho.com>]
+
+  *) Fix some double frees. These are not thought to be exploitable.
+     [mancha <mancha1 at zoho.com>]
+
+ Changes between 1.0.1f and 1.0.1g [7 Apr 2014]
+
+  *) A missing bounds check in the handling of the TLS heartbeat extension
+     can be used to reveal up to 64k of memory to a connected client or
+     server.
+
+     Thanks for Neel Mehta of Google Security for discovering this bug and to
+     Adam Langley <agl at chromium.org> and Bodo Moeller <bmoeller at acm.org> for
+     preparing the fix (CVE-2014-0160)
+     [Adam Langley, Bodo Moeller]
+
+  *) Fix for the attack described in the paper "Recovering OpenSSL
+     ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
+     by Yuval Yarom and Naomi Benger. Details can be obtained from:
+     http://eprint.iacr.org/2014/140
+
+     Thanks to Yuval Yarom and Naomi Benger for discovering this
+     flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
+     [Yuval Yarom and Naomi Benger]
+
+  *) TLS pad extension: draft-agl-tls-padding-03
+
+     Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the
+     TLS client Hello record length value would otherwise be > 255 and
+     less that 512 pad with a dummy extension containing zeroes so it
+     is at least 512 bytes long.
+
+     [Adam Langley, Steve Henson]
+
+ Changes between 1.0.1e and 1.0.1f [6 Jan 2014]
+
+  *) Fix for TLS record tampering bug. A carefully crafted invalid 
+     handshake could crash OpenSSL with a NULL pointer exception.
+     Thanks to Anton Johansson for reporting this issues.
+     (CVE-2013-4353)
+
+  *) Keep original DTLS digest and encryption contexts in retransmission
+     structures so we can use the previous session parameters if they need
+     to be resent. (CVE-2013-6450)
+     [Steve Henson]
+
+  *) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which
+     avoids preferring ECDHE-ECDSA ciphers when the client appears to be
+     Safari on OS X.  Safari on OS X 10.8..10.8.3 advertises support for
+     several ECDHE-ECDSA ciphers, but fails to negotiate them.  The bug
+     is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing
+     10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer.
+     [Rob Stradling, Adam Langley]
+
+ Changes between 1.0.1d and 1.0.1e [11 Feb 2013]
+
+  *) Correct fix for CVE-2013-0169. The original didn't work on AES-NI
+     supporting platforms or when small records were transferred.
+     [Andy Polyakov, Steve Henson]
+
+ Changes between 1.0.1c and 1.0.1d [5 Feb 2013]
+
+  *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
+
+     This addresses the flaw in CBC record processing discovered by 
+     Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
+     at: http://www.isg.rhul.ac.uk/tls/     
+
+     Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
+     Security Group at Royal Holloway, University of London
+     (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
+     Emilia Käsper for the initial patch.
+     (CVE-2013-0169)
+     [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
+
+  *) Fix flaw in AESNI handling of TLS 1.2 and 1.1 records for CBC mode
+     ciphersuites which can be exploited in a denial of service attack.
+     Thanks go to and to Adam Langley <agl at chromium.org> for discovering
+     and detecting this bug and to Wolfgang Ettlinger
+     <wolfgang.ettlinger at gmail.com> for independently discovering this issue.
+     (CVE-2012-2686)
+     [Adam Langley]
+
+  *) Return an error when checking OCSP signatures when key is NULL.
+     This fixes a DoS attack. (CVE-2013-0166)
+     [Steve Henson]
+
+  *) Make openssl verify return errors.
+     [Chris Palmer <palmer at google.com> and Ben Laurie]
+
+  *) Call OCSP Stapling callback after ciphersuite has been chosen, so
+     the right response is stapled. Also change SSL_get_certificate()
+     so it returns the certificate actually sent.
+     See http://rt.openssl.org/Ticket/Display.html?id=2836.
+     [Rob Stradling <rob.stradling at comodo.com>]
+
+  *) Fix possible deadlock when decoding public keys.
+     [Steve Henson]
+
+  *) Don't use TLS 1.0 record version number in initial client hello
+     if renegotiating.
+     [Steve Henson]
+
+ Changes between 1.0.1b and 1.0.1c [10 May 2012]
+
+  *) Sanity check record length before skipping explicit IV in TLS
+     1.2, 1.1 and DTLS to fix DoS attack.
+
+     Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
+     fuzzing as a service testing platform.
+     (CVE-2012-2333)
+     [Steve Henson]
+
+  *) Initialise tkeylen properly when encrypting CMS messages.
+     Thanks to Solar Designer of Openwall for reporting this issue.
+     [Steve Henson]
+
+  *) In FIPS mode don't try to use composite ciphers as they are not
+     approved.
+     [Steve Henson]
+
+ Changes between 1.0.1a and 1.0.1b [26 Apr 2012]
+
+  *) OpenSSL 1.0.0 sets SSL_OP_ALL to 0x80000FFFL and OpenSSL 1.0.1 and
+     1.0.1a set SSL_OP_NO_TLSv1_1 to 0x00000400L which would unfortunately
+     mean any application compiled against OpenSSL 1.0.0 headers setting
+     SSL_OP_ALL would also set SSL_OP_NO_TLSv1_1, unintentionally disablng
+     TLS 1.1 also. Fix this by changing the value of SSL_OP_NO_TLSv1_1 to
+     0x10000000L Any application which was previously compiled against
+     OpenSSL 1.0.1 or 1.0.1a headers and which cares about SSL_OP_NO_TLSv1_1
+     will need to be recompiled as a result. Letting be results in
+     inability to disable specifically TLS 1.1 and in client context,
+     in unlike event, limit maximum offered version to TLS 1.0 [see below].
+     [Steve Henson]
+
+  *) In order to ensure interoperabilty SSL_OP_NO_protocolX does not
+     disable just protocol X, but all protocols above X *if* there are
+     protocols *below* X still enabled. In more practical terms it means
+     that if application wants to disable TLS1.0 in favor of TLS1.1 and
+     above, it's not sufficient to pass SSL_OP_NO_TLSv1, one has to pass
+     SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2. This applies to
+     client side.
+     [Andy Polyakov]
+
+ Changes between 1.0.1 and 1.0.1a [19 Apr 2012]
+
+  *) Check for potentially exploitable overflows in asn1_d2i_read_bio
+     BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
+     in CRYPTO_realloc_clean.
+
+     Thanks to Tavis Ormandy, Google Security Team, for discovering this
+     issue and to Adam Langley <agl at chromium.org> for fixing it.
+     (CVE-2012-2110)
+     [Adam Langley (Google), Tavis Ormandy, Google Security Team]
+
+  *) Don't allow TLS 1.2 SHA-256 ciphersuites in TLS 1.0, 1.1 connections.
+     [Adam Langley]
+
+  *) Workarounds for some broken servers that "hang" if a client hello
+     record length exceeds 255 bytes.
+
+     1. Do not use record version number > TLS 1.0 in initial client
+        hello: some (but not all) hanging servers will now work.
+     2. If we set OPENSSL_MAX_TLS1_2_CIPHER_LENGTH this will truncate
+	the number of ciphers sent in the client hello. This should be
+        set to an even number, such as 50, for example by passing:
+        -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 to config or Configure.
+        Most broken servers should now work.
+     3. If all else fails setting OPENSSL_NO_TLS1_2_CLIENT will disable
+	TLS 1.2 client support entirely.
+     [Steve Henson]
+
+  *) Fix SEGV in Vector Permutation AES module observed in OpenSSH.
+     [Andy Polyakov]
+
+ Changes between 1.0.0h and 1.0.1  [14 Mar 2012]
+
+  *) Add compatibility with old MDC2 signatures which use an ASN1 OCTET
+     STRING form instead of a DigestInfo.
+     [Steve Henson]
+
+  *) The format used for MDC2 RSA signatures is inconsistent between EVP
+     and the RSA_sign/RSA_verify functions. This was made more apparent when
+     OpenSSL used RSA_sign/RSA_verify for some RSA signatures in particular
+     those which went through EVP_PKEY_METHOD in 1.0.0 and later. Detect 
+     the correct format in RSA_verify so both forms transparently work.
+     [Steve Henson]
+
+  *) Some servers which support TLS 1.0 can choke if we initially indicate
+     support for TLS 1.2 and later renegotiate using TLS 1.0 in the RSA
+     encrypted premaster secret. As a workaround use the maximum pemitted
+     client version in client hello, this should keep such servers happy
+     and still work with previous versions of OpenSSL.
+     [Steve Henson]
+
+  *) Add support for TLS/DTLS heartbeats.
+     [Robin Seggelmann <seggelmann at fh-muenster.de>]
+
+  *) Add support for SCTP.
+     [Robin Seggelmann <seggelmann at fh-muenster.de>]
+
+  *) Improved PRNG seeding for VOS.
+     [Paul Green <Paul.Green at stratus.com>]
+
+  *) Extensive assembler packs updates, most notably:
+
+	- x86[_64]:     AES-NI, PCLMULQDQ, RDRAND support;
+	- x86[_64]:     SSSE3 support (SHA1, vector-permutation AES);
+	- x86_64:       bit-sliced AES implementation;
+	- ARM:          NEON support, contemporary platforms optimizations;
+	- s390x:        z196 support;
+	- *:            GHASH and GF(2^m) multiplication implementations;
+
+     [Andy Polyakov]
+
+  *) Make TLS-SRP code conformant with RFC 5054 API cleanup
+     (removal of unnecessary code)
+     [Peter Sylvester <peter.sylvester at edelweb.fr>]
+
+  *) Add TLS key material exporter from RFC 5705.
+     [Eric Rescorla]
+
+  *) Add DTLS-SRTP negotiation from RFC 5764.
+     [Eric Rescorla]
+
+  *) Add Next Protocol Negotiation,
+     http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-00. Can be
+     disabled with a no-npn flag to config or Configure. Code donated
+     by Google.
+     [Adam Langley <agl at google.com> and Ben Laurie]
+
+  *) Add optional 64-bit optimized implementations of elliptic curves NIST-P224,
+     NIST-P256, NIST-P521, with constant-time single point multiplication on
+     typical inputs. Compiler support for the nonstandard type __uint128_t is
+     required to use this (present in gcc 4.4 and later, for 64-bit builds).
+     Code made available under Apache License version 2.0.
+
+     Specify "enable-ec_nistp_64_gcc_128" on the Configure (or config) command
+     line to include this in your build of OpenSSL, and run "make depend" (or
+     "make update"). This enables the following EC_METHODs:
+
+         EC_GFp_nistp224_method()
+         EC_GFp_nistp256_method()
+         EC_GFp_nistp521_method()
+
+     EC_GROUP_new_by_curve_name() will automatically use these (while
+     EC_GROUP_new_curve_GFp() currently prefers the more flexible
+     implementations).
+     [Emilia Käsper, Adam Langley, Bodo Moeller (Google)]
+
+  *) Use type ossl_ssize_t instad of ssize_t which isn't available on
+     all platforms. Move ssize_t definition from e_os.h to the public
+     header file e_os2.h as it now appears in public header file cms.h
+     [Steve Henson]
+
+  *) New -sigopt option to the ca, req and x509 utilities. Additional
+     signature parameters can be passed using this option and in
+     particular PSS. 
+     [Steve Henson]
+
+  *) Add RSA PSS signing function. This will generate and set the
+     appropriate AlgorithmIdentifiers for PSS based on those in the
+     corresponding EVP_MD_CTX structure. No application support yet.
+     [Steve Henson]
+
+  *) Support for companion algorithm specific ASN1 signing routines.
+     New function ASN1_item_sign_ctx() signs a pre-initialised
+     EVP_MD_CTX structure and sets AlgorithmIdentifiers based on
+     the appropriate parameters.
+     [Steve Henson]
+
+  *) Add new algorithm specific ASN1 verification initialisation function
+     to EVP_PKEY_ASN1_METHOD: this is not in EVP_PKEY_METHOD since the ASN1
+     handling will be the same no matter what EVP_PKEY_METHOD is used.
+     Add a PSS handler to support verification of PSS signatures: checked
+     against a number of sample certificates.
+     [Steve Henson]
+
+  *) Add signature printing for PSS. Add PSS OIDs.
+     [Steve Henson, Martin Kaiser <lists at kaiser.cx>]
+
+  *) Add algorithm specific signature printing. An individual ASN1 method
+     can now print out signatures instead of the standard hex dump. 
+
+     More complex signatures (e.g. PSS) can print out more meaningful
+     information. Include DSA version that prints out the signature
+     parameters r, s.
+     [Steve Henson]
+
+  *) Password based recipient info support for CMS library: implementing
+     RFC3211.
+     [Steve Henson]
+
+  *) Split password based encryption into PBES2 and PBKDF2 functions. This
+     neatly separates the code into cipher and PBE sections and is required
+     for some algorithms that split PBES2 into separate pieces (such as
+     password based CMS).
+     [Steve Henson]
+
+  *) Session-handling fixes:
+     - Fix handling of connections that are resuming with a session ID,
+       but also support Session Tickets.
+     - Fix a bug that suppressed issuing of a new ticket if the client
+       presented a ticket with an expired session.
+     - Try to set the ticket lifetime hint to something reasonable.
+     - Make tickets shorter by excluding irrelevant information.
+     - On the client side, don't ignore renewed tickets.
+     [Adam Langley, Bodo Moeller (Google)]
+
+  *) Fix PSK session representation.
+     [Bodo Moeller]
+
+  *) Add RC4-MD5 and AESNI-SHA1 "stitched" implementations.
+
+     This work was sponsored by Intel.
+     [Andy Polyakov]
+
+  *) Add GCM support to TLS library. Some custom code is needed to split
+     the IV between the fixed (from PRF) and explicit (from TLS record)
+     portions. This adds all GCM ciphersuites supported by RFC5288 and 
+     RFC5289. Generalise some AES* cipherstrings to inlclude GCM and
+     add a special AESGCM string for GCM only.
+     [Steve Henson]
+
+  *) Expand range of ctrls for AES GCM. Permit setting invocation
+     field on decrypt and retrieval of invocation field only on encrypt.
+     [Steve Henson]
+
+  *) Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support.
+     As required by RFC5289 these ciphersuites cannot be used if for
+     versions of TLS earlier than 1.2.
+     [Steve Henson]
+
+  *) For FIPS capable OpenSSL interpret a NULL default public key method
+     as unset and return the appopriate default but do *not* set the default.
+     This means we can return the appopriate method in applications that
+     swicth between FIPS and non-FIPS modes.
+     [Steve Henson]
+
+  *) Redirect HMAC and CMAC operations to FIPS module in FIPS mode. If an
+     ENGINE is used then we cannot handle that in the FIPS module so we
+     keep original code iff non-FIPS operations are allowed.
+     [Steve Henson]
+
+  *) Add -attime option to openssl utilities.
+     [Peter Eckersley <pde at eff.org>, Ben Laurie and Steve Henson]
+
+  *) Redirect DSA and DH operations to FIPS module in FIPS mode.
+     [Steve Henson]
+
+  *) Redirect ECDSA and ECDH operations to FIPS module in FIPS mode. Also use
+     FIPS EC methods unconditionally for now.
+     [Steve Henson]
+
+  *) New build option no-ec2m to disable characteristic 2 code.
+     [Steve Henson]
+
+  *) Backport libcrypto audit of return value checking from 1.1.0-dev; not
+     all cases can be covered as some introduce binary incompatibilities.
+     [Steve Henson]
+
+  *) Redirect RSA operations to FIPS module including keygen,
+     encrypt, decrypt, sign and verify. Block use of non FIPS RSA methods.
+     [Steve Henson]
+
+  *) Add similar low level API blocking to ciphers.
+     [Steve Henson]
+
+  *) Low level digest APIs are not approved in FIPS mode: any attempt
+     to use these will cause a fatal error. Applications that *really* want
+     to use them can use the private_* version instead.
+     [Steve Henson]
+
+  *) Redirect cipher operations to FIPS module for FIPS builds. 
+     [Steve Henson]
+
+  *) Redirect digest operations to FIPS module for FIPS builds. 
+     [Steve Henson]
+
+  *) Update build system to add "fips" flag which will link in fipscanister.o
+     for static and shared library builds embedding a signature if needed.
+     [Steve Henson]
+
+  *) Output TLS supported curves in preference order instead of numerical
+     order. This is currently hardcoded for the highest order curves first.
+     This should be configurable so applications can judge speed vs strength.
+     [Steve Henson]
+
+  *) Add TLS v1.2 server support for client authentication. 
+     [Steve Henson]
+
+  *) Add support for FIPS mode in ssl library: disable SSLv3, non-FIPS ciphers
+     and enable MD5.
+     [Steve Henson]
+
+  *) Functions FIPS_mode_set() and FIPS_mode() which call the underlying
+     FIPS modules versions.
+     [Steve Henson]
+
+  *) Add TLS v1.2 client side support for client authentication. Keep cache
+     of handshake records longer as we don't know the hash algorithm to use
+     until after the certificate request message is received.
+     [Steve Henson]
+
+  *) Initial TLS v1.2 client support. Add a default signature algorithms
+     extension including all the algorithms we support. Parse new signature
+     format in client key exchange. Relax some ECC signing restrictions for
+     TLS v1.2 as indicated in RFC5246.
+     [Steve Henson]
+
+  *) Add server support for TLS v1.2 signature algorithms extension. Switch
+     to new signature format when needed using client digest preference.
+     All server ciphersuites should now work correctly in TLS v1.2. No client
+     support yet and no support for client certificates.
+     [Steve Henson]
+
+  *) Initial TLS v1.2 support. Add new SHA256 digest to ssl code, switch
+     to SHA256 for PRF when using TLS v1.2 and later. Add new SHA256 based
+     ciphersuites. At present only RSA key exchange ciphersuites work with
+     TLS v1.2. Add new option for TLS v1.2 replacing the old and obsolete
+     SSL_OP_PKCS1_CHECK flags with SSL_OP_NO_TLSv1_2. New TLSv1.2 methods
+     and version checking.
+     [Steve Henson]
+
+  *) New option OPENSSL_NO_SSL_INTERN. If an application can be compiled
+     with this defined it will not be affected by any changes to ssl internal
+     structures. Add several utility functions to allow openssl application
+     to work with OPENSSL_NO_SSL_INTERN defined.
+     [Steve Henson]
+
+  *) Add SRP support.
+     [Tom Wu <tjw at cs.stanford.edu> and Ben Laurie]
+
+  *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
+     [Steve Henson]
+
+  *) Permit abbreviated handshakes when renegotiating using the function
+     SSL_renegotiate_abbreviated().
+     [Robin Seggelmann <seggelmann at fh-muenster.de>]
+
+  *) Add call to ENGINE_register_all_complete() to
+     ENGINE_load_builtin_engines(), so some implementations get used
+     automatically instead of needing explicit application support.
+     [Steve Henson]
+
+  *) Add support for TLS key exporter as described in RFC5705.
+     [Robin Seggelmann <seggelmann at fh-muenster.de>, Steve Henson]
+
+  *) Initial TLSv1.1 support. Since TLSv1.1 is very similar to TLS v1.0 only
+     a few changes are required:
+
+       Add SSL_OP_NO_TLSv1_1 flag.
+       Add TLSv1_1 methods.
+       Update version checking logic to handle version 1.1.
+       Add explicit IV handling (ported from DTLS code).
+       Add command line options to s_client/s_server.
+     [Steve Henson]
+
+ Changes between 1.0.0g and 1.0.0h [12 Mar 2012]
+
+  *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
+     in CMS and PKCS7 code. When RSA decryption fails use a random key for
+     content decryption and always return the same error. Note: this attack
+     needs on average 2^20 messages so it only affects automated senders. The
+     old behaviour can be reenabled in the CMS code by setting the
+     CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
+     an MMA defence is not necessary.
+     Thanks to Ivan Nestlerode <inestlerode at us.ibm.com> for discovering
+     this issue. (CVE-2012-0884)
+     [Steve Henson]
+
+  *) Fix CVE-2011-4619: make sure we really are receiving a 
+     client hello before rejecting multiple SGC restarts. Thanks to
+     Ivan Nestlerode <inestlerode at us.ibm.com> for discovering this bug.
+     [Steve Henson]
+
+ Changes between 1.0.0f and 1.0.0g [18 Jan 2012]
+
+  *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
+     Thanks to Antonio Martin, Enterprise Secure Access Research and
+     Development, Cisco Systems, Inc. for discovering this bug and
+     preparing a fix. (CVE-2012-0050)
+     [Antonio Martin]
+
+ Changes between 1.0.0e and 1.0.0f [4 Jan 2012]
+
+  *) Nadhem Alfardan and Kenny Paterson have discovered an extension
+     of the Vaudenay padding oracle attack on CBC mode encryption
+     which enables an efficient plaintext recovery attack against
+     the OpenSSL implementation of DTLS. Their attack exploits timing
+     differences arising during decryption processing. A research
+     paper describing this attack can be found at:
+                  http://www.isg.rhul.ac.uk/~kp/dtls.pdf
+     Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
+     Security Group at Royal Holloway, University of London
+     (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann
+     <seggelmann at fh-muenster.de> and Michael Tuexen <tuexen at fh-muenster.de>
+     for preparing the fix. (CVE-2011-4108)
+     [Robin Seggelmann, Michael Tuexen]
+
+  *) Clear bytes used for block padding of SSL 3.0 records.
+     (CVE-2011-4576)
+     [Adam Langley (Google)]
+
+  *) Only allow one SGC handshake restart for SSL/TLS. Thanks to George
+     Kadianakis <desnacked at gmail.com> for discovering this issue and
+     Adam Langley for preparing the fix. (CVE-2011-4619)
+     [Adam Langley (Google)]
+
+  *) Check parameters are not NULL in GOST ENGINE. (CVE-2012-0027)
+     [Andrey Kulikov <amdeich at gmail.com>]
+
+  *) Prevent malformed RFC3779 data triggering an assertion failure.
+     Thanks to Andrew Chi, BBN Technologies, for discovering the flaw
+     and Rob Austein <sra at hactrn.net> for fixing it. (CVE-2011-4577)
+     [Rob Austein <sra at hactrn.net>]
+
+  *) Improved PRNG seeding for VOS.
+     [Paul Green <Paul.Green at stratus.com>]
+
+  *) Fix ssl_ciph.c set-up race.
+     [Adam Langley (Google)]
+
+  *) Fix spurious failures in ecdsatest.c.
+     [Emilia Käsper (Google)]
+
+  *) Fix the BIO_f_buffer() implementation (which was mixing different
+     interpretations of the '..._len' fields).
+     [Adam Langley (Google)]
+
+  *) Fix handling of BN_BLINDING: now BN_BLINDING_invert_ex (rather than
+     BN_BLINDING_invert_ex) calls BN_BLINDING_update, ensuring that concurrent
+     threads won't reuse the same blinding coefficients.
+
+     This also avoids the need to obtain the CRYPTO_LOCK_RSA_BLINDING
+     lock to call BN_BLINDING_invert_ex, and avoids one use of
+     BN_BLINDING_update for each BN_BLINDING structure (previously,
+     the last update always remained unused).
+     [Emilia Käsper (Google)]
+
+  *) In ssl3_clear, preserve s3->init_extra along with s3->rbuf.
+     [Bob Buckholz (Google)]
+
+ Changes between 1.0.0d and 1.0.0e [6 Sep 2011]
+
+  *) Fix bug where CRLs with nextUpdate in the past are sometimes accepted
+     by initialising X509_STORE_CTX properly. (CVE-2011-3207)
+     [Kaspar Brand <ossl at velox.ch>]
+
+  *) Fix SSL memory handling for (EC)DH ciphersuites, in particular
+     for multi-threaded use of ECDH. (CVE-2011-3210)
+     [Adam Langley (Google)]
+
+  *) Fix x509_name_ex_d2i memory leak on bad inputs.
+     [Bodo Moeller]
+
+  *) Remove hard coded ecdsaWithSHA1 signature tests in ssl code and check
+     signature public key algorithm by using OID xref utilities instead.
+     Before this you could only use some ECC ciphersuites with SHA1 only.
+     [Steve Henson]
+
+  *) Add protection against ECDSA timing attacks as mentioned in the paper
+     by Billy Bob Brumley and Nicola Tuveri, see:
+
+	http://eprint.iacr.org/2011/232.pdf
+
+     [Billy Bob Brumley and Nicola Tuveri]
+
+ Changes between 1.0.0c and 1.0.0d [8 Feb 2011]
+
+  *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014
+     [Neel Mehta, Adam Langley, Bodo Moeller (Google)]
+
+  *) Fix bug in string printing code: if *any* escaping is enabled we must
+     escape the escape character (backslash) or the resulting string is
+     ambiguous.
+     [Steve Henson]
+
+ Changes between 1.0.0b and 1.0.0c  [2 Dec 2010]
+
+  *) Disable code workaround for ancient and obsolete Netscape browsers
+     and servers: an attacker can use it in a ciphersuite downgrade attack.
+     Thanks to Martin Rex for discovering this bug. CVE-2010-4180
+     [Steve Henson]
+
+  *) Fixed J-PAKE implementation error, originally discovered by
+     Sebastien Martini, further info and confirmation from Stefan
+     Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252
+     [Ben Laurie]
+
+ Changes between 1.0.0a and 1.0.0b  [16 Nov 2010]
+
+  *) Fix extension code to avoid race conditions which can result in a buffer
+     overrun vulnerability: resumed sessions must not be modified as they can
+     be shared by multiple threads. CVE-2010-3864
+     [Steve Henson]
+
+  *) Fix WIN32 build system to correctly link an ENGINE directory into
+     a DLL. 
+     [Steve Henson]
+
+ Changes between 1.0.0 and 1.0.0a  [01 Jun 2010]
+
+  *) Check return value of int_rsa_verify in pkey_rsa_verifyrecover 
+     (CVE-2010-1633)
+     [Steve Henson, Peter-Michael Hager <hager at dortmund.net>]
+
+ Changes between 0.9.8n and 1.0.0  [29 Mar 2010]
+
+  *) Add "missing" function EVP_CIPHER_CTX_copy(). This copies a cipher
+     context. The operation can be customised via the ctrl mechanism in
+     case ENGINEs want to include additional functionality.
+     [Steve Henson]
+
+  *) Tolerate yet another broken PKCS#8 key format: private key value negative.
+     [Steve Henson]
+
+  *) Add new -subject_hash_old and -issuer_hash_old options to x509 utility to
+     output hashes compatible with older versions of OpenSSL.
+     [Willy Weisz <weisz at vcpc.univie.ac.at>]
+
+  *) Fix compression algorithm handling: if resuming a session use the
+     compression algorithm of the resumed session instead of determining
+     it from client hello again. Don't allow server to change algorithm.
+     [Steve Henson]
+
+  *) Add load_crls() function to apps tidying load_certs() too. Add option
+     to verify utility to allow additional CRLs to be included.
+     [Steve Henson]
+
+  *) Update OCSP request code to permit adding custom headers to the request:
+     some responders need this.
+     [Steve Henson]
+
+  *) The function EVP_PKEY_sign() returns <=0 on error: check return code
+     correctly.
+     [Julia Lawall <julia at diku.dk>]
+
+  *) Update verify callback code in apps/s_cb.c and apps/verify.c, it
+     needlessly dereferenced structures, used obsolete functions and
+     didn't handle all updated verify codes correctly.
+     [Steve Henson]
+
+  *) Disable MD2 in the default configuration.
+     [Steve Henson]
+
+  *) In BIO_pop() and BIO_push() use the ctrl argument (which was NULL) to
+     indicate the initial BIO being pushed or popped. This makes it possible
+     to determine whether the BIO is the one explicitly called or as a result
+     of the ctrl being passed down the chain. Fix BIO_pop() and SSL BIOs so
+     it handles reference counts correctly and doesn't zero out the I/O bio
+     when it is not being explicitly popped. WARNING: applications which
+     included workarounds for the old buggy behaviour will need to be modified
+     or they could free up already freed BIOs.
+     [Steve Henson]
+
+  *) Extend the uni2asc/asc2uni => OPENSSL_uni2asc/OPENSSL_asc2uni
+     renaming to all platforms (within the 0.9.8 branch, this was
+     done conditionally on Netware platforms to avoid a name clash).
+     [Guenter <lists at gknw.net>]
+
+  *) Add ECDHE and PSK support to DTLS.
+     [Michael Tuexen <tuexen at fh-muenster.de>]
+
+  *) Add CHECKED_STACK_OF macro to safestack.h, otherwise safestack can't
+     be used on C++.
+     [Steve Henson]
+
+  *) Add "missing" function EVP_MD_flags() (without this the only way to
+     retrieve a digest flags is by accessing the structure directly. Update
+     EVP_MD_do_all*() and EVP_CIPHER_do_all*() to include the name a digest
+     or cipher is registered as in the "from" argument. Print out all
+     registered digests in the dgst usage message instead of manually 
+     attempting to work them out.
+     [Steve Henson]
+
+  *) If no SSLv2 ciphers are used don't use an SSLv2 compatible client hello:
+     this allows the use of compression and extensions. Change default cipher
+     string to remove SSLv2 ciphersuites. This effectively avoids ancient SSLv2
+     by default unless an application cipher string requests it.
+     [Steve Henson]
+
+  *) Alter match criteria in PKCS12_parse(). It used to try to use local
+     key ids to find matching certificates and keys but some PKCS#12 files
+     don't follow the (somewhat unwritten) rules and this strategy fails.
+     Now just gather all certificates together and the first private key
+     then look for the first certificate that matches the key.
+     [Steve Henson]
+
+  *) Support use of registered digest and cipher names for dgst and cipher
+     commands instead of having to add each one as a special case. So now
+     you can do:
+
+        openssl sha256 foo
+
+     as well as:
+
+        openssl dgst -sha256 foo
+
+     and this works for ENGINE based algorithms too.
+
+     [Steve Henson]
+
+  *) Update Gost ENGINE to support parameter files.
+     [Victor B. Wagner <vitus at cryptocom.ru>]
+
+  *) Support GeneralizedTime in ca utility. 
+     [Oliver Martin <oliver at volatilevoid.net>, Steve Henson]
+
+  *) Enhance the hash format used for certificate directory links. The new
+     form uses the canonical encoding (meaning equivalent names will work
+     even if they aren't identical) and uses SHA1 instead of MD5. This form
+     is incompatible with the older format and as a result c_rehash should
+     be used to rebuild symbolic links.
+     [Steve Henson]
+
+  *) Make PKCS#8 the default write format for private keys, replacing the
+     traditional format. This form is standardised, more secure and doesn't
+     include an implicit MD5 dependency.
+     [Steve Henson]
+
+  *) Add a $gcc_devteam_warn option to Configure. The idea is that any code
+     committed to OpenSSL should pass this lot as a minimum.
+     [Steve Henson]
+
+  *) Add session ticket override functionality for use by EAP-FAST.
+     [Jouni Malinen <j at w1.fi>]
+
+  *) Modify HMAC functions to return a value. Since these can be implemented
+     in an ENGINE errors can occur.
+     [Steve Henson]
+
+  *) Type-checked OBJ_bsearch_ex.
+     [Ben Laurie]
+
+  *) Type-checked OBJ_bsearch. Also some constification necessitated
+     by type-checking.  Still to come: TXT_DB, bsearch(?),
+     OBJ_bsearch_ex, qsort, CRYPTO_EX_DATA, ASN1_VALUE, ASN1_STRING,
+     CONF_VALUE.
+     [Ben Laurie]
+
+  *) New function OPENSSL_gmtime_adj() to add a specific number of days and
+     seconds to a tm structure directly, instead of going through OS
+     specific date routines. This avoids any issues with OS routines such
+     as the year 2038 bug. New *_adj() functions for ASN1 time structures
+     and X509_time_adj_ex() to cover the extended range. The existing
+     X509_time_adj() is still usable and will no longer have any date issues.
+     [Steve Henson]
+
+  *) Delta CRL support. New use deltas option which will attempt to locate
+     and search any appropriate delta CRLs available.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Support for CRLs partitioned by reason code. Reorganise CRL processing
+     code and add additional score elements. Validate alternate CRL paths
+     as part of the CRL checking and indicate a new error "CRL path validation
+     error" in this case. Applications wanting additional details can use
+     the verify callback and check the new "parent" field. If this is not
+     NULL CRL path validation is taking place. Existing applications wont
+     see this because it requires extended CRL support which is off by
+     default.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Support for freshest CRL extension.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Initial indirect CRL support. Currently only supported in the CRLs
+     passed directly and not via lookup. Process certificate issuer
+     CRL entry extension and lookup CRL entries by bother issuer name
+     and serial number. Check and process CRL issuer entry in IDP extension.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Add support for distinct certificate and CRL paths. The CRL issuer
+     certificate is validated separately in this case. Only enabled if
+     an extended CRL support flag is set: this flag will enable additional
+     CRL functionality in future.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Add support for policy mappings extension.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Fixes to pathlength constraint, self issued certificate handling,
+     policy processing to align with RFC3280 and PKITS tests.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Support for name constraints certificate extension. DN, email, DNS
+     and URI types are currently supported.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) To cater for systems that provide a pointer-based thread ID rather
+     than numeric, deprecate the current numeric thread ID mechanism and
+     replace it with a structure and associated callback type. This
+     mechanism allows a numeric "hash" to be extracted from a thread ID in
+     either case, and on platforms where pointers are larger than 'long',
+     mixing is done to help ensure the numeric 'hash' is usable even if it
+     can't be guaranteed unique. The default mechanism is to use "&errno"
+     as a pointer-based thread ID to distinguish between threads.
+
+     Applications that want to provide their own thread IDs should now use
+     CRYPTO_THREADID_set_callback() to register a callback that will call
+     either CRYPTO_THREADID_set_numeric() or CRYPTO_THREADID_set_pointer().
+
+     Note that ERR_remove_state() is now deprecated, because it is tied
+     to the assumption that thread IDs are numeric.  ERR_remove_state(0)
+     to free the current thread's error state should be replaced by
+     ERR_remove_thread_state(NULL).
+
+     (This new approach replaces the functions CRYPTO_set_idptr_callback(),
+     CRYPTO_get_idptr_callback(), and CRYPTO_thread_idptr() that existed in
+     OpenSSL 0.9.9-dev between June 2006 and August 2008. Also, if an
+     application was previously providing a numeric thread callback that
+     was inappropriate for distinguishing threads, then uniqueness might
+     have been obtained with &errno that happened immediately in the
+     intermediate development versions of OpenSSL; this is no longer the
+     case, the numeric thread callback will now override the automatic use
+     of &errno.)
+     [Geoff Thorpe, with help from Bodo Moeller]
+
+  *) Initial support for different CRL issuing certificates. This covers a
+     simple case where the self issued certificates in the chain exist and
+     the real CRL issuer is higher in the existing chain.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Removed effectively defunct crypto/store from the build.
+     [Ben Laurie]
+
+  *) Revamp of STACK to provide stronger type-checking. Still to come:
+     TXT_DB, bsearch(?), OBJ_bsearch, qsort, CRYPTO_EX_DATA, ASN1_VALUE,
+     ASN1_STRING, CONF_VALUE.
+     [Ben Laurie]
+
+  *) Add a new SSL_MODE_RELEASE_BUFFERS mode flag to release unused buffer
+     RAM on SSL connections.  This option can save about 34k per idle SSL.
+     [Nick Mathewson]
+
+  *) Revamp of LHASH to provide stronger type-checking. Still to come:
+     STACK, TXT_DB, bsearch, qsort.
+     [Ben Laurie]
+
+  *) Initial support for Cryptographic Message Syntax (aka CMS) based
+     on RFC3850, RFC3851 and RFC3852. New cms directory and cms utility,
+     support for data, signedData, compressedData, digestedData and
+     encryptedData, envelopedData types included. Scripts to check against
+     RFC4134 examples draft and interop and consistency checks of many
+     content types and variants.
+     [Steve Henson]
+
+  *) Add options to enc utility to support use of zlib compression BIO.
+     [Steve Henson]
+
+  *) Extend mk1mf to support importing of options and assembly language
+     files from Configure script, currently only included in VC-WIN32.
+     The assembly language rules can now optionally generate the source
+     files from the associated perl scripts.
+     [Steve Henson]
+
+  *) Implement remaining functionality needed to support GOST ciphersuites.
+     Interop testing has been performed using CryptoPro implementations.
+     [Victor B. Wagner <vitus at cryptocom.ru>]
+
+  *) s390x assembler pack.
+     [Andy Polyakov]
+
+  *) ARMv4 assembler pack. ARMv4 refers to v4 and later ISA, not CPU
+     "family."
+     [Andy Polyakov]
+
+  *) Implement Opaque PRF Input TLS extension as specified in
+     draft-rescorla-tls-opaque-prf-input-00.txt.  Since this is not an
+     official specification yet and no extension type assignment by
+     IANA exists, this extension (for now) will have to be explicitly
+     enabled when building OpenSSL by providing the extension number
+     to use.  For example, specify an option
+
+         -DTLSEXT_TYPE_opaque_prf_input=0x9527
+
+     to the "config" or "Configure" script to enable the extension,
+     assuming extension number 0x9527 (which is a completely arbitrary
+     and unofficial assignment based on the MD5 hash of the Internet
+     Draft).  Note that by doing so, you potentially lose
+     interoperability with other TLS implementations since these might
+     be using the same extension number for other purposes.
+
+     SSL_set_tlsext_opaque_prf_input(ssl, src, len) is used to set the
+     opaque PRF input value to use in the handshake.  This will create
+     an interal copy of the length-'len' string at 'src', and will
+     return non-zero for success.
+
+     To get more control and flexibility, provide a callback function
+     by using
+
+          SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb)
+          SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg)
+
+     where
+
+          int (*cb)(SSL *, void *peerinput, size_t len, void *arg);
+          void *arg;
+
+     Callback function 'cb' will be called in handshakes, and is
+     expected to use SSL_set_tlsext_opaque_prf_input() as appropriate.
+     Argument 'arg' is for application purposes (the value as given to
+     SSL_CTX_set_tlsext_opaque_prf_input_callback_arg() will directly
+     be provided to the callback function).  The callback function
+     has to return non-zero to report success: usually 1 to use opaque
+     PRF input just if possible, or 2 to enforce use of the opaque PRF
+     input.  In the latter case, the library will abort the handshake
+     if opaque PRF input is not successfully negotiated.
+
+     Arguments 'peerinput' and 'len' given to the callback function
+     will always be NULL and 0 in the case of a client.  A server will
+     see the client's opaque PRF input through these variables if
+     available (NULL and 0 otherwise).  Note that if the server
+     provides an opaque PRF input, the length must be the same as the
+     length of the client's opaque PRF input.
+
+     Note that the callback function will only be called when creating
+     a new session (session resumption can resume whatever was
+     previously negotiated), and will not be called in SSL 2.0
+     handshakes; thus, SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) or
+     SSL_set_options(ssl, SSL_OP_NO_SSLv2) is especially recommended
+     for applications that need to enforce opaque PRF input.
+
+     [Bodo Moeller]
+
+  *) Update ssl code to support digests other than SHA1+MD5 for handshake
+     MAC. 
+
+     [Victor B. Wagner <vitus at cryptocom.ru>]
+
+  *) Add RFC4507 support to OpenSSL. This includes the corrections in
+     RFC4507bis. The encrypted ticket format is an encrypted encoded
+     SSL_SESSION structure, that way new session features are automatically
+     supported.
+
+     If a client application caches session in an SSL_SESSION structure
+     support is transparent because tickets are now stored in the encoded
+     SSL_SESSION.
+     
+     The SSL_CTX structure automatically generates keys for ticket
+     protection in servers so again support should be possible
+     with no application modification.
+
+     If a client or server wishes to disable RFC4507 support then the option
+     SSL_OP_NO_TICKET can be set.
+
+     Add a TLS extension debugging callback to allow the contents of any client
+     or server extensions to be examined.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Final changes to avoid use of pointer pointer casts in OpenSSL.
+     OpenSSL should now compile cleanly on gcc 4.2
+     [Peter Hartley <pdh at utter.chaos.org.uk>, Steve Henson]
+
+  *) Update SSL library to use new EVP_PKEY MAC API. Include generic MAC
+     support including streaming MAC support: this is required for GOST
+     ciphersuite support.
+     [Victor B. Wagner <vitus at cryptocom.ru>, Steve Henson]
+
+  *) Add option -stream to use PKCS#7 streaming in smime utility. New
+     function i2d_PKCS7_bio_stream() and PEM_write_PKCS7_bio_stream()
+     to output in BER and PEM format.
+     [Steve Henson]
+
+  *) Experimental support for use of HMAC via EVP_PKEY interface. This
+     allows HMAC to be handled via the EVP_DigestSign*() interface. The
+     EVP_PKEY "key" in this case is the HMAC key, potentially allowing
+     ENGINE support for HMAC keys which are unextractable. New -mac and
+     -macopt options to dgst utility.
+     [Steve Henson]
+
+  *) New option -sigopt to dgst utility. Update dgst to use
+     EVP_Digest{Sign,Verify}*. These two changes make it possible to use
+     alternative signing paramaters such as X9.31 or PSS in the dgst 
+     utility.
+     [Steve Henson]
+
+  *) Change ssl_cipher_apply_rule(), the internal function that does
+     the work each time a ciphersuite string requests enabling
+     ("foo+bar"), moving ("+foo+bar"), disabling ("-foo+bar", or
+     removing ("!foo+bar") a class of ciphersuites: Now it maintains
+     the order of disabled ciphersuites such that those ciphersuites
+     that most recently went from enabled to disabled not only stay
+     in order with respect to each other, but also have higher priority
+     than other disabled ciphersuites the next time ciphersuites are
+     enabled again.
+
+     This means that you can now say, e.g., "PSK:-PSK:HIGH" to enable
+     the same ciphersuites as with "HIGH" alone, but in a specific
+     order where the PSK ciphersuites come first (since they are the
+     most recently disabled ciphersuites when "HIGH" is parsed).
+
+     Also, change ssl_create_cipher_list() (using this new
+     funcionality) such that between otherwise identical
+     cihpersuites, ephemeral ECDH is preferred over ephemeral DH in
+     the default order.
+     [Bodo Moeller]
+
+  *) Change ssl_create_cipher_list() so that it automatically
+     arranges the ciphersuites in reasonable order before starting
+     to process the rule string.  Thus, the definition for "DEFAULT"
+     (SSL_DEFAULT_CIPHER_LIST) now is just "ALL:!aNULL:!eNULL", but
+     remains equivalent to "AES:ALL:!aNULL:!eNULL:+aECDH:+kRSA:+RC4:@STRENGTH".
+     This makes it much easier to arrive at a reasonable default order
+     in applications for which anonymous ciphers are OK (meaning
+     that you can't actually use DEFAULT).
+     [Bodo Moeller; suggested by Victor Duchovni]
+
+  *) Split the SSL/TLS algorithm mask (as used for ciphersuite string
+     processing) into multiple integers instead of setting
+     "SSL_MKEY_MASK" bits, "SSL_AUTH_MASK" bits, "SSL_ENC_MASK",
+     "SSL_MAC_MASK", and "SSL_SSL_MASK" bits all in a single integer.
+     (These masks as well as the individual bit definitions are hidden
+     away into the non-exported interface ssl/ssl_locl.h, so this
+     change to the definition of the SSL_CIPHER structure shouldn't
+     affect applications.)  This give us more bits for each of these
+     categories, so there is no longer a need to coagulate AES128 and
+     AES256 into a single algorithm bit, and to coagulate Camellia128
+     and Camellia256 into a single algorithm bit, which has led to all
+     kinds of kludges.
+
+     Thus, among other things, the kludge introduced in 0.9.7m and
+     0.9.8e for masking out AES256 independently of AES128 or masking
+     out Camellia256 independently of AES256 is not needed here in 0.9.9.
+
+     With the change, we also introduce new ciphersuite aliases that
+     so far were missing: "AES128", "AES256", "CAMELLIA128", and
+     "CAMELLIA256".
+     [Bodo Moeller]
+
+  *) Add support for dsa-with-SHA224 and dsa-with-SHA256.
+     Use the leftmost N bytes of the signature input if the input is
+     larger than the prime q (with N being the size in bytes of q).
+     [Nils Larsch]
+
+  *) Very *very* experimental PKCS#7 streaming encoder support. Nothing uses
+     it yet and it is largely untested.
+     [Steve Henson]
+
+  *) Add support for the ecdsa-with-SHA224/256/384/512 signature types.
+     [Nils Larsch]
+
+  *) Initial incomplete changes to avoid need for function casts in OpenSSL
+     some compilers (gcc 4.2 and later) reject their use. Safestack is
+     reimplemented.  Update ASN1 to avoid use of legacy functions. 
+     [Steve Henson]
+
+  *) Win32/64 targets are linked with Winsock2.
+     [Andy Polyakov]
+
+  *) Add an X509_CRL_METHOD structure to allow CRL processing to be redirected
+     to external functions. This can be used to increase CRL handling 
+     efficiency especially when CRLs are very large by (for example) storing
+     the CRL revoked certificates in a database.
+     [Steve Henson]
+
+  *) Overhaul of by_dir code. Add support for dynamic loading of CRLs so
+     new CRLs added to a directory can be used. New command line option
+     -verify_return_error to s_client and s_server. This causes real errors
+     to be returned by the verify callback instead of carrying on no matter
+     what. This reflects the way a "real world" verify callback would behave.
+     [Steve Henson]
+
+  *) GOST engine, supporting several GOST algorithms and public key formats.
+     Kindly donated by Cryptocom.
+     [Cryptocom]
+
+  *) Partial support for Issuing Distribution Point CRL extension. CRLs
+     partitioned by DP are handled but no indirect CRL or reason partitioning
+     (yet). Complete overhaul of CRL handling: now the most suitable CRL is
+     selected via a scoring technique which handles IDP and AKID in CRLs.
+     [Steve Henson]
+
+  *) New X509_STORE_CTX callbacks lookup_crls() and lookup_certs() which
+     will ultimately be used for all verify operations: this will remove the
+     X509_STORE dependency on certificate verification and allow alternative
+     lookup methods.  X509_STORE based implementations of these two callbacks.
+     [Steve Henson]
+
+  *) Allow multiple CRLs to exist in an X509_STORE with matching issuer names.
+     Modify get_crl() to find a valid (unexpired) CRL if possible.
+     [Steve Henson]
+
+  *) New function X509_CRL_match() to check if two CRLs are identical. Normally
+     this would be called X509_CRL_cmp() but that name is already used by
+     a function that just compares CRL issuer names. Cache several CRL 
+     extensions in X509_CRL structure and cache CRLDP in X509.
+     [Steve Henson]
+
+  *) Store a "canonical" representation of X509_NAME structure (ASN1 Name)
+     this maps equivalent X509_NAME structures into a consistent structure.
+     Name comparison can then be performed rapidly using memcmp().
+     [Steve Henson]
+
+  *) Non-blocking OCSP request processing. Add -timeout option to ocsp 
+     utility.
+     [Steve Henson]
+
+  *) Allow digests to supply their own micalg string for S/MIME type using
+     the ctrl EVP_MD_CTRL_MICALG.
+     [Steve Henson]
+
+  *) During PKCS7 signing pass the PKCS7 SignerInfo structure to the
+     EVP_PKEY_METHOD before and after signing via the EVP_PKEY_CTRL_PKCS7_SIGN
+     ctrl. It can then customise the structure before and/or after signing
+     if necessary.
+     [Steve Henson]
+
+  *) New function OBJ_add_sigid() to allow application defined signature OIDs
+     to be added to OpenSSLs internal tables. New function OBJ_sigid_free()
+     to free up any added signature OIDs.
+     [Steve Henson]
+
+  *) New functions EVP_CIPHER_do_all(), EVP_CIPHER_do_all_sorted(),
+     EVP_MD_do_all() and EVP_MD_do_all_sorted() to enumerate internal
+     digest and cipher tables. New options added to openssl utility:
+     list-message-digest-algorithms and list-cipher-algorithms.
+     [Steve Henson]
+
+  *) Change the array representation of binary polynomials: the list
+     of degrees of non-zero coefficients is now terminated with -1.
+     Previously it was terminated with 0, which was also part of the
+     value; thus, the array representation was not applicable to
+     polynomials where t^0 has coefficient zero.  This change makes
+     the array representation useful in a more general context.
+     [Douglas Stebila]
+
+  *) Various modifications and fixes to SSL/TLS cipher string
+     handling.  For ECC, the code now distinguishes between fixed ECDH
+     with RSA certificates on the one hand and with ECDSA certificates
+     on the other hand, since these are separate ciphersuites.  The
+     unused code for Fortezza ciphersuites has been removed.
+
+     For consistency with EDH, ephemeral ECDH is now called "EECDH"
+     (not "ECDHE").  For consistency with the code for DH
+     certificates, use of ECDH certificates is now considered ECDH
+     authentication, not RSA or ECDSA authentication (the latter is
+     merely the CA's signing algorithm and not actively used in the
+     protocol).
+
+     The temporary ciphersuite alias "ECCdraft" is no longer
+     available, and ECC ciphersuites are no longer excluded from "ALL"
+     and "DEFAULT".  The following aliases now exist for RFC 4492
+     ciphersuites, most of these by analogy with the DH case:
+
+         kECDHr   - ECDH cert, signed with RSA
+         kECDHe   - ECDH cert, signed with ECDSA
+         kECDH    - ECDH cert (signed with either RSA or ECDSA)
+         kEECDH   - ephemeral ECDH
+         ECDH     - ECDH cert or ephemeral ECDH
+
+         aECDH    - ECDH cert
+         aECDSA   - ECDSA cert
+         ECDSA    - ECDSA cert
+
+         AECDH    - anonymous ECDH
+         EECDH    - non-anonymous ephemeral ECDH (equivalent to "kEECDH:-AECDH")
+
+     [Bodo Moeller]
+
+  *) Add additional S/MIME capabilities for AES and GOST ciphers if supported.
+     Use correct micalg parameters depending on digest(s) in signed message.
+     [Steve Henson]
+
+  *) Add engine support for EVP_PKEY_ASN1_METHOD. Add functions to process
+     an ENGINE asn1 method. Support ENGINE lookups in the ASN1 code.
+     [Steve Henson]
+
+  *) Initial engine support for EVP_PKEY_METHOD. New functions to permit
+     an engine to register a method. Add ENGINE lookups for methods and
+     functional reference processing.
+     [Steve Henson]
+
+  *) New functions EVP_Digest{Sign,Verify)*. These are enchance versions of
+     EVP_{Sign,Verify}* which allow an application to customise the signature
+     process.
+     [Steve Henson]
+
+  *) New -resign option to smime utility. This adds one or more signers
+     to an existing PKCS#7 signedData structure. Also -md option to use an
+     alternative message digest algorithm for signing.
+     [Steve Henson]
+
+  *) Tidy up PKCS#7 routines and add new functions to make it easier to
+     create PKCS7 structures containing multiple signers. Update smime
+     application to support multiple signers.
+     [Steve Henson]
+
+  *) New -macalg option to pkcs12 utility to allow setting of an alternative
+     digest MAC.
+     [Steve Henson]
+
+  *) Initial support for PKCS#5 v2.0 PRFs other than default SHA1 HMAC.
+     Reorganize PBE internals to lookup from a static table using NIDs,
+     add support for HMAC PBE OID translation. Add a EVP_CIPHER ctrl:
+     EVP_CTRL_PBE_PRF_NID this allows a cipher to specify an alternative
+     PRF which will be automatically used with PBES2.
+     [Steve Henson]
+
+  *) Replace the algorithm specific calls to generate keys in "req" with the
+     new API.
+     [Steve Henson]
+
+  *) Update PKCS#7 enveloped data routines to use new API. This is now
+     supported by any public key method supporting the encrypt operation. A
+     ctrl is added to allow the public key algorithm to examine or modify
+     the PKCS#7 RecipientInfo structure if it needs to: for RSA this is
+     a no op.
+     [Steve Henson]
+
+  *) Add a ctrl to asn1 method to allow a public key algorithm to express
+     a default digest type to use. In most cases this will be SHA1 but some
+     algorithms (such as GOST) need to specify an alternative digest. The
+     return value indicates how strong the prefernce is 1 means optional and
+     2 is mandatory (that is it is the only supported type). Modify
+     ASN1_item_sign() to accept a NULL digest argument to indicate it should
+     use the default md. Update openssl utilities to use the default digest
+     type for signing if it is not explicitly indicated.
+     [Steve Henson]
+
+  *) Use OID cross reference table in ASN1_sign() and ASN1_verify(). New 
+     EVP_MD flag EVP_MD_FLAG_PKEY_METHOD_SIGNATURE. This uses the relevant
+     signing method from the key type. This effectively removes the link
+     between digests and public key types.
+     [Steve Henson]
+
+  *) Add an OID cross reference table and utility functions. Its purpose is to
+     translate between signature OIDs such as SHA1WithrsaEncryption and SHA1,
+     rsaEncryption. This will allow some of the algorithm specific hackery
+     needed to use the correct OID to be removed. 
+     [Steve Henson]
+
+  *) Remove algorithm specific dependencies when setting PKCS7_SIGNER_INFO
+     structures for PKCS7_sign(). They are now set up by the relevant public
+     key ASN1 method.
+     [Steve Henson]
+
+  *) Add provisional EC pkey method with support for ECDSA and ECDH.
+     [Steve Henson]
+
+  *) Add support for key derivation (agreement) in the API, DH method and
+     pkeyutl.
+     [Steve Henson]
+
+  *) Add DSA pkey method and DH pkey methods, extend DH ASN1 method to support
+     public and private key formats. As a side effect these add additional 
+     command line functionality not previously available: DSA signatures can be
+     generated and verified using pkeyutl and DH key support and generation in
+     pkey, genpkey.
+     [Steve Henson]
+
+  *) BeOS support.
+     [Oliver Tappe <zooey at hirschkaefer.de>]
+
+  *) New make target "install_html_docs" installs HTML renditions of the
+     manual pages.
+     [Oliver Tappe <zooey at hirschkaefer.de>]
+
+  *) New utility "genpkey" this is analagous to "genrsa" etc except it can
+     generate keys for any algorithm. Extend and update EVP_PKEY_METHOD to
+     support key and parameter generation and add initial key generation
+     functionality for RSA.
+     [Steve Henson]
+
+  *) Add functions for main EVP_PKEY_method operations. The undocumented
+     functions EVP_PKEY_{encrypt,decrypt} have been renamed to
+     EVP_PKEY_{encrypt,decrypt}_old. 
+     [Steve Henson]
+
+  *) Initial definitions for EVP_PKEY_METHOD. This will be a high level public
+     key API, doesn't do much yet.
+     [Steve Henson]
+
+  *) New function EVP_PKEY_asn1_get0_info() to retrieve information about
+     public key algorithms. New option to openssl utility:
+     "list-public-key-algorithms" to print out info.
+     [Steve Henson]
+
+  *) Implement the Supported Elliptic Curves Extension for
+     ECC ciphersuites from draft-ietf-tls-ecc-12.txt.
+     [Douglas Stebila]
+
+  *) Don't free up OIDs in OBJ_cleanup() if they are in use by EVP_MD or
+     EVP_CIPHER structures to avoid later problems in EVP_cleanup().
+     [Steve Henson]
+
+  *) New utilities pkey and pkeyparam. These are similar to algorithm specific
+     utilities such as rsa, dsa, dsaparam etc except they process any key
+     type.
+     [Steve Henson]
+
+  *) Transfer public key printing routines to EVP_PKEY_ASN1_METHOD. New 
+     functions EVP_PKEY_print_public(), EVP_PKEY_print_private(),
+     EVP_PKEY_print_param() to print public key data from an EVP_PKEY
+     structure.
+     [Steve Henson]
+
+  *) Initial support for pluggable public key ASN1.
+     De-spaghettify the public key ASN1 handling. Move public and private
+     key ASN1 handling to a new EVP_PKEY_ASN1_METHOD structure. Relocate
+     algorithm specific handling to a single module within the relevant
+     algorithm directory. Add functions to allow (near) opaque processing
+     of public and private key structures.
+     [Steve Henson]
+
+  *) Implement the Supported Point Formats Extension for
+     ECC ciphersuites from draft-ietf-tls-ecc-12.txt.
+     [Douglas Stebila]
+
+  *) Add initial support for RFC 4279 PSK TLS ciphersuites. Add members
+     for the psk identity [hint] and the psk callback functions to the
+     SSL_SESSION, SSL and SSL_CTX structure.
+     
+     New ciphersuites:
+         PSK-RC4-SHA, PSK-3DES-EDE-CBC-SHA, PSK-AES128-CBC-SHA,
+         PSK-AES256-CBC-SHA
+ 
+     New functions:
+         SSL_CTX_use_psk_identity_hint
+         SSL_get_psk_identity_hint
+         SSL_get_psk_identity
+         SSL_use_psk_identity_hint
+
+     [Mika Kousa and Pasi Eronen of Nokia Corporation]
+
+  *) Add RFC 3161 compliant time stamp request creation, response generation
+     and response verification functionality.
+     [Zoltán Glózik <zglozik at opentsa.org>, The OpenTSA Project]
+
+  *) Add initial support for TLS extensions, specifically for the server_name
+     extension so far.  The SSL_SESSION, SSL_CTX, and SSL data structures now
+     have new members for a host name.  The SSL data structure has an
+     additional member SSL_CTX *initial_ctx so that new sessions can be
+     stored in that context to allow for session resumption, even after the
+     SSL has been switched to a new SSL_CTX in reaction to a client's
+     server_name extension.
+
+     New functions (subject to change):
+
+         SSL_get_servername()
+         SSL_get_servername_type()
+         SSL_set_SSL_CTX()
+
+     New CTRL codes and macros (subject to change):
+
+         SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
+                                 - SSL_CTX_set_tlsext_servername_callback()
+         SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG
+                                      - SSL_CTX_set_tlsext_servername_arg()
+         SSL_CTRL_SET_TLSEXT_HOSTNAME           - SSL_set_tlsext_host_name()
+
+     openssl s_client has a new '-servername ...' option.
+
+     openssl s_server has new options '-servername_host ...', '-cert2 ...',
+     '-key2 ...', '-servername_fatal' (subject to change).  This allows
+     testing the HostName extension for a specific single host name ('-cert'
+     and '-key' remain fallbacks for handshakes without HostName
+     negotiation).  If the unrecogninzed_name alert has to be sent, this by
+     default is a warning; it becomes fatal with the '-servername_fatal'
+     option.
+
+     [Peter Sylvester,  Remy Allais, Christophe Renou]
+
+  *) Whirlpool hash implementation is added.
+     [Andy Polyakov]
+
+  *) BIGNUM code on 64-bit SPARCv9 targets is switched from bn(64,64) to
+     bn(64,32). Because of instruction set limitations it doesn't have
+     any negative impact on performance. This was done mostly in order
+     to make it possible to share assembler modules, such as bn_mul_mont
+     implementations, between 32- and 64-bit builds without hassle.
+     [Andy Polyakov]
+
+  *) Move code previously exiled into file crypto/ec/ec2_smpt.c
+     to ec2_smpl.c, and no longer require the OPENSSL_EC_BIN_PT_COMP
+     macro.
+     [Bodo Moeller]
+
+  *) New candidate for BIGNUM assembler implementation, bn_mul_mont,
+     dedicated Montgomery multiplication procedure, is introduced.
+     BN_MONT_CTX is modified to allow bn_mul_mont to reach for higher
+     "64-bit" performance on certain 32-bit targets.
+     [Andy Polyakov]
+
+  *) New option SSL_OP_NO_COMP to disable use of compression selectively
+     in SSL structures. New SSL ctrl to set maximum send fragment size. 
+     Save memory by seeting the I/O buffer sizes dynamically instead of
+     using the maximum available value.
+     [Steve Henson]
+
+  *) New option -V for 'openssl ciphers'. This prints the ciphersuite code
+     in addition to the text details.
+     [Bodo Moeller]
+
+  *) Very, very preliminary EXPERIMENTAL support for printing of general
+     ASN1 structures. This currently produces rather ugly output and doesn't
+     handle several customised structures at all.
+     [Steve Henson]
+
+  *) Integrated support for PVK file format and some related formats such
+     as MS PUBLICKEYBLOB and PRIVATEKEYBLOB. Command line switches to support
+     these in the 'rsa' and 'dsa' utilities.
+     [Steve Henson]
+
+  *) Support for PKCS#1 RSAPublicKey format on rsa utility command line.
+     [Steve Henson]
+
+  *) Remove the ancient ASN1_METHOD code. This was only ever used in one
+     place for the (very old) "NETSCAPE" format certificates which are now
+     handled using new ASN1 code equivalents.
+     [Steve Henson]
+
+  *) Let the TLSv1_method() etc. functions return a 'const' SSL_METHOD
+     pointer and make the SSL_METHOD parameter in SSL_CTX_new,
+     SSL_CTX_set_ssl_version and SSL_set_ssl_method 'const'.
+     [Nils Larsch]
+
+  *) Modify CRL distribution points extension code to print out previously
+     unsupported fields. Enhance extension setting code to allow setting of
+     all fields.
+     [Steve Henson]
+
+  *) Add print and set support for Issuing Distribution Point CRL extension.
+     [Steve Henson]
+
+  *) Change 'Configure' script to enable Camellia by default.
+     [NTT]
+
+ Changes between 0.9.8m and 0.9.8n [24 Mar 2010]
+
+  *) When rejecting SSL/TLS records due to an incorrect version number, never
+     update s->server with a new major version number.  As of
+     - OpenSSL 0.9.8m if 'short' is a 16-bit type,
+     - OpenSSL 0.9.8f if 'short' is longer than 16 bits,
+     the previous behavior could result in a read attempt at NULL when
+     receiving specific incorrect SSL/TLS records once record payload
+     protection is active.  (CVE-2010-0740)
+     [Bodo Moeller, Adam Langley <agl at chromium.org>]
+
+  *) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL 
+     could be crashed if the relevant tables were not present (e.g. chrooted).
+     [Tomas Hoger <thoger at redhat.com>]
+
+ Changes between 0.9.8l and 0.9.8m [25 Feb 2010]
+
+  *) Always check bn_wexpend() return values for failure.  (CVE-2009-3245)
+     [Martin Olsson, Neel Mehta]
+
+  *) Fix X509_STORE locking: Every 'objs' access requires a lock (to
+     accommodate for stack sorting, always a write lock!).
+     [Bodo Moeller]
+
+  *) On some versions of WIN32 Heap32Next is very slow. This can cause
+     excessive delays in the RAND_poll(): over a minute. As a workaround
+     include a time check in the inner Heap32Next loop too.
+     [Steve Henson]
+
+  *) The code that handled flushing of data in SSL/TLS originally used the
+     BIO_CTRL_INFO ctrl to see if any data was pending first. This caused
+     the problem outlined in PR#1949. The fix suggested there however can
+     trigger problems with buggy BIO_CTRL_WPENDING (e.g. some versions
+     of Apache). So instead simplify the code to flush unconditionally.
+     This should be fine since flushing with no data to flush is a no op.
+     [Steve Henson]
+
+  *) Handle TLS versions 2.0 and later properly and correctly use the
+     highest version of TLS/SSL supported. Although TLS >= 2.0 is some way
+     off ancient servers have a habit of sticking around for a while...
+     [Steve Henson]
+
+  *) Modify compression code so it frees up structures without using the
+     ex_data callbacks. This works around a problem where some applications
+     call CRYPTO_cleanup_all_ex_data() before application exit (e.g. when
+     restarting) then use compression (e.g. SSL with compression) later.
+     This results in significant per-connection memory leaks and
+     has caused some security issues including CVE-2008-1678 and
+     CVE-2009-4355.
+     [Steve Henson]
+
+  *) Constify crypto/cast (i.e., <openssl/cast.h>): a CAST_KEY doesn't
+     change when encrypting or decrypting.
+     [Bodo Moeller]
+
+  *) Add option SSL_OP_LEGACY_SERVER_CONNECT which will allow clients to
+     connect and renegotiate with servers which do not support RI.
+     Until RI is more widely deployed this option is enabled by default.
+     [Steve Henson]
+
+  *) Add "missing" ssl ctrls to clear options and mode.
+     [Steve Henson]
+
+  *) If client attempts to renegotiate and doesn't support RI respond with
+     a no_renegotiation alert as required by RFC5746.  Some renegotiating
+     TLS clients will continue a connection gracefully when they receive
+     the alert. Unfortunately OpenSSL mishandled this alert and would hang
+     waiting for a server hello which it will never receive. Now we treat a
+     received no_renegotiation alert as a fatal error. This is because
+     applications requesting a renegotiation might well expect it to succeed
+     and would have no code in place to handle the server denying it so the
+     only safe thing to do is to terminate the connection.
+     [Steve Henson]
+
+  *) Add ctrl macro SSL_get_secure_renegotiation_support() which returns 1 if
+     peer supports secure renegotiation and 0 otherwise. Print out peer
+     renegotiation support in s_client/s_server.
+     [Steve Henson]
+
+  *) Replace the highly broken and deprecated SPKAC certification method with
+     the updated NID creation version. This should correctly handle UTF8.
+     [Steve Henson]
+
+  *) Implement RFC5746. Re-enable renegotiation but require the extension
+     as needed. Unfortunately, SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
+     turns out to be a bad idea. It has been replaced by
+     SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION which can be set with
+     SSL_CTX_set_options(). This is really not recommended unless you
+     know what you are doing.
+     [Eric Rescorla <ekr at networkresonance.com>, Ben Laurie, Steve Henson]
+
+  *) Fixes to stateless session resumption handling. Use initial_ctx when
+     issuing and attempting to decrypt tickets in case it has changed during
+     servername handling. Use a non-zero length session ID when attempting
+     stateless session resumption: this makes it possible to determine if
+     a resumption has occurred immediately after receiving server hello
+     (several places in OpenSSL subtly assume this) instead of later in
+     the handshake.
+     [Steve Henson]
+
+  *) The functions ENGINE_ctrl(), OPENSSL_isservice(),
+     CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error
+     fixes for a few places where the return code is not checked
+     correctly.
+     [Julia Lawall <julia at diku.dk>]
+
+  *) Add --strict-warnings option to Configure script to include devteam
+     warnings in other configurations.
+     [Steve Henson]
+
+  *) Add support for --libdir option and LIBDIR variable in makefiles. This
+     makes it possible to install openssl libraries in locations which
+     have names other than "lib", for example "/usr/lib64" which some
+     systems need.
+     [Steve Henson, based on patch from Jeremy Utley]
+
+  *) Don't allow the use of leading 0x80 in OIDs. This is a violation of
+     X690 8.9.12 and can produce some misleading textual output of OIDs.
+     [Steve Henson, reported by Dan Kaminsky]
+
+  *) Delete MD2 from algorithm tables. This follows the recommendation in
+     several standards that it is not used in new applications due to
+     several cryptographic weaknesses. For binary compatibility reasons
+     the MD2 API is still compiled in by default.
+     [Steve Henson]
+
+  *) Add compression id to {d2i,i2d}_SSL_SESSION so it is correctly saved
+     and restored.
+     [Steve Henson]
+
+  *) Rename uni2asc and asc2uni functions to OPENSSL_uni2asc and
+     OPENSSL_asc2uni conditionally on Netware platforms to avoid a name
+     clash.
+     [Guenter <lists at gknw.net>]
+
+  *) Fix the server certificate chain building code to use X509_verify_cert(),
+     it used to have an ad-hoc builder which was unable to cope with anything
+     other than a simple chain.
+     [David Woodhouse <dwmw2 at infradead.org>, Steve Henson]
+
+  *) Don't check self signed certificate signatures in X509_verify_cert()
+     by default (a flag can override this): it just wastes time without
+     adding any security. As a useful side effect self signed root CAs
+     with non-FIPS digests are now usable in FIPS mode.
+     [Steve Henson]
+
+  *) In dtls1_process_out_of_seq_message() the check if the current message
+     is already buffered was missing. For every new message was memory
+     allocated, allowing an attacker to perform an denial of service attack
+     with sending out of seq handshake messages until there is no memory
+     left. Additionally every future messege was buffered, even if the
+     sequence number made no sense and would be part of another handshake.
+     So only messages with sequence numbers less than 10 in advance will be
+     buffered.  (CVE-2009-1378)
+     [Robin Seggelmann, discovered by Daniel Mentz] 	
+
+  *) Records are buffered if they arrive with a future epoch to be
+     processed after finishing the corresponding handshake. There is
+     currently no limitation to this buffer allowing an attacker to perform
+     a DOS attack with sending records with future epochs until there is no
+     memory left. This patch adds the pqueue_size() function to detemine
+     the size of a buffer and limits the record buffer to 100 entries.
+     (CVE-2009-1377)
+     [Robin Seggelmann, discovered by Daniel Mentz] 	
+
+  *) Keep a copy of frag->msg_header.frag_len so it can be used after the
+     parent structure is freed.  (CVE-2009-1379)
+     [Daniel Mentz] 	
+
+  *) Handle non-blocking I/O properly in SSL_shutdown() call.
+     [Darryl Miles <darryl-mailinglists at netbauds.net>]
+
+  *) Add 2.5.4.* OIDs
+     [Ilya O. <vrghost at gmail.com>]
+
+ Changes between 0.9.8k and 0.9.8l  [5 Nov 2009]
+
+  *) Disable renegotiation completely - this fixes a severe security
+     problem (CVE-2009-3555) at the cost of breaking all
+     renegotiation. Renegotiation can be re-enabled by setting
+     SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s3->flags at
+     run-time. This is really not recommended unless you know what
+     you're doing.
+     [Ben Laurie]
+
+ Changes between 0.9.8j and 0.9.8k  [25 Mar 2009]
+
+  *) Don't set val to NULL when freeing up structures, it is freed up by
+     underlying code. If sizeof(void *) > sizeof(long) this can result in
+     zeroing past the valid field. (CVE-2009-0789)
+     [Paolo Ganci <Paolo.Ganci at AdNovum.CH>]
+
+  *) Fix bug where return value of CMS_SignerInfo_verify_content() was not
+     checked correctly. This would allow some invalid signed attributes to
+     appear to verify correctly. (CVE-2009-0591)
+     [Ivan Nestlerode <inestlerode at us.ibm.com>]
+
+  *) Reject UniversalString and BMPString types with invalid lengths. This
+     prevents a crash in ASN1_STRING_print_ex() which assumes the strings have
+     a legal length. (CVE-2009-0590)
+     [Steve Henson]
+
+  *) Set S/MIME signing as the default purpose rather than setting it 
+     unconditionally. This allows applications to override it at the store
+     level.
+     [Steve Henson]
+
+  *) Permit restricted recursion of ASN1 strings. This is needed in practice
+     to handle some structures.
+     [Steve Henson]
+
+  *) Improve efficiency of mem_gets: don't search whole buffer each time
+     for a '\n'
+     [Jeremy Shapiro <jnshapir at us.ibm.com>]
+
+  *) New -hex option for openssl rand.
+     [Matthieu Herrb]
+
+  *) Print out UTF8String and NumericString when parsing ASN1.
+     [Steve Henson]
+
+  *) Support NumericString type for name components.
+     [Steve Henson]
+
+  *) Allow CC in the environment to override the automatically chosen
+     compiler. Note that nothing is done to ensure flags work with the
+     chosen compiler.
+     [Ben Laurie]
+
+ Changes between 0.9.8i and 0.9.8j  [07 Jan 2009]
+
+  *) Properly check EVP_VerifyFinal() and similar return values
+     (CVE-2008-5077).
+     [Ben Laurie, Bodo Moeller, Google Security Team]
+
+  *) Enable TLS extensions by default.
+     [Ben Laurie]
+
+  *) Allow the CHIL engine to be loaded, whether the application is
+     multithreaded or not. (This does not release the developer from the
+     obligation to set up the dynamic locking callbacks.)
+     [Sander Temme <sander at temme.net>]
+
+  *) Use correct exit code if there is an error in dgst command.
+     [Steve Henson; problem pointed out by Roland Dirlewanger]
+
+  *) Tweak Configure so that you need to say "experimental-jpake" to enable
+     JPAKE, and need to use -DOPENSSL_EXPERIMENTAL_JPAKE in applications.
+     [Bodo Moeller]
+
+  *) Add experimental JPAKE support, including demo authentication in
+     s_client and s_server.
+     [Ben Laurie]
+
+  *) Set the comparison function in v3_addr_canonize().
+     [Rob Austein <sra at hactrn.net>]
+
+  *) Add support for XMPP STARTTLS in s_client.
+     [Philip Paeps <philip at freebsd.org>]
+
+  *) Change the server-side SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG behavior
+     to ensure that even with this option, only ciphersuites in the
+     server's preference list will be accepted.  (Note that the option
+     applies only when resuming a session, so the earlier behavior was
+     just about the algorithm choice for symmetric cryptography.)
+     [Bodo Moeller]
+
+ Changes between 0.9.8h and 0.9.8i  [15 Sep 2008]
+
+  *) Fix NULL pointer dereference if a DTLS server received
+     ChangeCipherSpec as first record (CVE-2009-1386).
+     [PR #1679]
+
+  *) Fix a state transitition in s3_srvr.c and d1_srvr.c
+     (was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...).
+     [Nagendra Modadugu]
+
+  *) The fix in 0.9.8c that supposedly got rid of unsafe
+     double-checked locking was incomplete for RSA blinding,
+     addressing just one layer of what turns out to have been
+     doubly unsafe triple-checked locking.
+
+     So now fix this for real by retiring the MONT_HELPER macro
+     in crypto/rsa/rsa_eay.c.
+
+     [Bodo Moeller; problem pointed out by Marius Schilder]
+
+  *) Various precautionary measures:
+
+     - Avoid size_t integer overflow in HASH_UPDATE (md32_common.h).
+
+     - Avoid a buffer overflow in d2i_SSL_SESSION() (ssl_asn1.c).
+       (NB: This would require knowledge of the secret session ticket key
+       to exploit, in which case you'd be SOL either way.)
+
+     - Change bn_nist.c so that it will properly handle input BIGNUMs
+       outside the expected range.
+
+     - Enforce the 'num' check in BN_div() (bn_div.c) for non-BN_DEBUG
+       builds.
+
+     [Neel Mehta, Bodo Moeller]
+
+  *) Allow engines to be "soft loaded" - i.e. optionally don't die if
+     the load fails. Useful for distros.
+     [Ben Laurie and the FreeBSD team]
+
+  *) Add support for Local Machine Keyset attribute in PKCS#12 files.
+     [Steve Henson]
+
+  *) Fix BN_GF2m_mod_arr() top-bit cleanup code.
+     [Huang Ying]
+
+  *) Expand ENGINE to support engine supplied SSL client certificate functions.
+
+     This work was sponsored by Logica.
+     [Steve Henson]
+
+  *) Add CryptoAPI ENGINE to support use of RSA and DSA keys held in Windows
+     keystores. Support for SSL/TLS client authentication too.
+     Not compiled unless enable-capieng specified to Configure.
+
+     This work was sponsored by Logica.
+     [Steve Henson]
+
+  *) Fix bug in X509_ATTRIBUTE creation: dont set attribute using
+     ASN1_TYPE_set1 if MBSTRING flag set. This bug would crash certain
+     attribute creation routines such as certifcate requests and PKCS#12
+     files.
+     [Steve Henson]
+
+ Changes between 0.9.8g and 0.9.8h  [28 May 2008]
+
+  *) Fix flaw if 'Server Key exchange message' is omitted from a TLS
+     handshake which could lead to a cilent crash as found using the
+     Codenomicon TLS test suite (CVE-2008-1672) 
+     [Steve Henson, Mark Cox]
+
+  *) Fix double free in TLS server name extensions which could lead to
+     a remote crash found by Codenomicon TLS test suite (CVE-2008-0891) 
+     [Joe Orton]
+
+  *) Clear error queue in SSL_CTX_use_certificate_chain_file()
+
+     Clear the error queue to ensure that error entries left from
+     older function calls do not interfere with the correct operation.
+     [Lutz Jaenicke, Erik de Castro Lopo]
+
+  *) Remove root CA certificates of commercial CAs:
+
+     The OpenSSL project does not recommend any specific CA and does not
+     have any policy with respect to including or excluding any CA.
+     Therefore it does not make any sense to ship an arbitrary selection
+     of root CA certificates with the OpenSSL software.
+     [Lutz Jaenicke]
+
+  *) RSA OAEP patches to fix two separate invalid memory reads.
+     The first one involves inputs when 'lzero' is greater than
+     'SHA_DIGEST_LENGTH' (it would read about SHA_DIGEST_LENGTH bytes
+     before the beginning of from). The second one involves inputs where
+     the 'db' section contains nothing but zeroes (there is a one-byte
+     invalid read after the end of 'db').
+     [Ivan Nestlerode <inestlerode at us.ibm.com>]
+
+  *) Partial backport from 0.9.9-dev:
+
+     Introduce bn_mul_mont (dedicated Montgomery multiplication
+     procedure) as a candidate for BIGNUM assembler implementation.
+     While 0.9.9-dev uses assembler for various architectures, only
+     x86_64 is available by default here in the 0.9.8 branch, and
+     32-bit x86 is available through a compile-time setting.
+
+     To try the 32-bit x86 assembler implementation, use Configure
+     option "enable-montasm" (which exists only for this backport).
+
+     As "enable-montasm" for 32-bit x86 disclaims code stability
+     anyway, in this constellation we activate additional code
+     backported from 0.9.9-dev for further performance improvements,
+     namely BN_from_montgomery_word.  (To enable this otherwise,
+     e.g. x86_64, try "-DMONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD".)
+
+     [Andy Polyakov (backport partially by Bodo Moeller)]
+
+  *) Add TLS session ticket callback. This allows an application to set
+     TLS ticket cipher and HMAC keys rather than relying on hardcoded fixed
+     values. This is useful for key rollover for example where several key
+     sets may exist with different names.
+     [Steve Henson]
+
+  *) Reverse ENGINE-internal logic for caching default ENGINE handles.
+     This was broken until now in 0.9.8 releases, such that the only way
+     a registered ENGINE could be used (assuming it initialises
+     successfully on the host) was to explicitly set it as the default
+     for the relevant algorithms. This is in contradiction with 0.9.7
+     behaviour and the documentation. With this fix, when an ENGINE is
+     registered into a given algorithm's table of implementations, the
+     'uptodate' flag is reset so that auto-discovery will be used next
+     time a new context for that algorithm attempts to select an
+     implementation.
+     [Ian Lister (tweaked by Geoff Thorpe)]
+
+  *) Backport of CMS code to OpenSSL 0.9.8. This differs from the 0.9.9
+     implemention in the following ways:
+
+     Lack of EVP_PKEY_ASN1_METHOD means algorithm parameters have to be
+     hard coded.
+
+     Lack of BER streaming support means one pass streaming processing is
+     only supported if data is detached: setting the streaming flag is
+     ignored for embedded content.
+
+     CMS support is disabled by default and must be explicitly enabled
+     with the enable-cms configuration option.
+     [Steve Henson]
+
+  *) Update the GMP engine glue to do direct copies between BIGNUM and
+     mpz_t when openssl and GMP use the same limb size. Otherwise the
+     existing "conversion via a text string export" trick is still used.
+     [Paul Sheer <paulsheer at gmail.com>]
+
+  *) Zlib compression BIO. This is a filter BIO which compressed and
+     uncompresses any data passed through it.
+     [Steve Henson]
+
+  *) Add AES_wrap_key() and AES_unwrap_key() functions to implement
+     RFC3394 compatible AES key wrapping.
+     [Steve Henson]
+
+  *) Add utility functions to handle ASN1 structures. ASN1_STRING_set0():
+     sets string data without copying. X509_ALGOR_set0() and
+     X509_ALGOR_get0(): set and retrieve X509_ALGOR (AlgorithmIdentifier)
+     data. Attribute function X509at_get0_data_by_OBJ(): retrieves data
+     from an X509_ATTRIBUTE structure optionally checking it occurs only
+     once. ASN1_TYPE_set1(): set and ASN1_TYPE structure copying supplied
+     data.
+     [Steve Henson]
+
+  *) Fix BN flag handling in RSA_eay_mod_exp() and BN_MONT_CTX_set()
+     to get the expected BN_FLG_CONSTTIME behavior.
+     [Bodo Moeller (Google)]
+  
+  *) Netware support:
+
+     - fixed wrong usage of ioctlsocket() when build for LIBC BSD sockets
+     - fixed do_tests.pl to run the test suite with CLIB builds too (CLIB_OPT)
+     - added some more tests to do_tests.pl
+     - fixed RunningProcess usage so that it works with newer LIBC NDKs too
+     - removed usage of BN_LLONG for CLIB builds to avoid runtime dependency
+     - added new Configure targets netware-clib-bsdsock, netware-clib-gcc,
+       netware-clib-bsdsock-gcc, netware-libc-bsdsock-gcc
+     - various changes to netware.pl to enable gcc-cross builds on Win32
+       platform
+     - changed crypto/bio/b_sock.c to work with macro functions (CLIB BSD)
+     - various changes to fix missing prototype warnings
+     - fixed x86nasm.pl to create correct asm files for NASM COFF output
+     - added AES, WHIRLPOOL and CPUID assembler code to build files
+     - added missing AES assembler make rules to mk1mf.pl
+     - fixed order of includes in apps/ocsp.c so that e_os.h settings apply
+     [Guenter Knauf <eflash at gmx.net>]
+
+  *) Implement certificate status request TLS extension defined in RFC3546.
+     A client can set the appropriate parameters and receive the encoded
+     OCSP response via a callback. A server can query the supplied parameters
+     and set the encoded OCSP response in the callback. Add simplified examples
+     to s_client and s_server.
+     [Steve Henson]
+
+ Changes between 0.9.8f and 0.9.8g  [19 Oct 2007]
+
+  *) Fix various bugs:
+     + Binary incompatibility of ssl_ctx_st structure
+     + DTLS interoperation with non-compliant servers
+     + Don't call get_session_cb() without proposed session
+     + Fix ia64 assembler code
+     [Andy Polyakov, Steve Henson]
+
+ Changes between 0.9.8e and 0.9.8f  [11 Oct 2007]
+
+  *) DTLS Handshake overhaul. There were longstanding issues with
+     OpenSSL DTLS implementation, which were making it impossible for
+     RFC 4347 compliant client to communicate with OpenSSL server.
+     Unfortunately just fixing these incompatibilities would "cut off"
+     pre-0.9.8f clients. To allow for hassle free upgrade post-0.9.8e
+     server keeps tolerating non RFC compliant syntax. The opposite is
+     not true, 0.9.8f client can not communicate with earlier server.
+     This update even addresses CVE-2007-4995.
+     [Andy Polyakov]
+
+  *) Changes to avoid need for function casts in OpenSSL: some compilers
+     (gcc 4.2 and later) reject their use.
+     [Kurt Roeckx <kurt at roeckx.be>, Peter Hartley <pdh at utter.chaos.org.uk>,
+      Steve Henson]
+  
+  *) Add RFC4507 support to OpenSSL. This includes the corrections in
+     RFC4507bis. The encrypted ticket format is an encrypted encoded
+     SSL_SESSION structure, that way new session features are automatically
+     supported.
+
+     If a client application caches session in an SSL_SESSION structure
+     support is transparent because tickets are now stored in the encoded
+     SSL_SESSION.
+     
+     The SSL_CTX structure automatically generates keys for ticket
+     protection in servers so again support should be possible
+     with no application modification.
+
+     If a client or server wishes to disable RFC4507 support then the option
+     SSL_OP_NO_TICKET can be set.
+
+     Add a TLS extension debugging callback to allow the contents of any client
+     or server extensions to be examined.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Add initial support for TLS extensions, specifically for the server_name
+     extension so far.  The SSL_SESSION, SSL_CTX, and SSL data structures now
+     have new members for a host name.  The SSL data structure has an
+     additional member SSL_CTX *initial_ctx so that new sessions can be
+     stored in that context to allow for session resumption, even after the
+     SSL has been switched to a new SSL_CTX in reaction to a client's
+     server_name extension.
+
+     New functions (subject to change):
+
+         SSL_get_servername()
+         SSL_get_servername_type()
+         SSL_set_SSL_CTX()
+
+     New CTRL codes and macros (subject to change):
+
+         SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
+                                 - SSL_CTX_set_tlsext_servername_callback()
+         SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG
+                                      - SSL_CTX_set_tlsext_servername_arg()
+         SSL_CTRL_SET_TLSEXT_HOSTNAME           - SSL_set_tlsext_host_name()
+
+     openssl s_client has a new '-servername ...' option.
+
+     openssl s_server has new options '-servername_host ...', '-cert2 ...',
+     '-key2 ...', '-servername_fatal' (subject to change).  This allows
+     testing the HostName extension for a specific single host name ('-cert'
+     and '-key' remain fallbacks for handshakes without HostName
+     negotiation).  If the unrecogninzed_name alert has to be sent, this by
+     default is a warning; it becomes fatal with the '-servername_fatal'
+     option.
+
+     [Peter Sylvester,  Remy Allais, Christophe Renou, Steve Henson]
+
+  *) Add AES and SSE2 assembly language support to VC++ build.
+     [Steve Henson]
+
+  *) Mitigate attack on final subtraction in Montgomery reduction.
+     [Andy Polyakov]
+
+  *) Fix crypto/ec/ec_mult.c to work properly with scalars of value 0
+     (which previously caused an internal error).
+     [Bodo Moeller]
+
+  *) Squeeze another 10% out of IGE mode when in != out.
+     [Ben Laurie]
+
+  *) AES IGE mode speedup.
+     [Dean Gaudet (Google)]
+
+  *) Add the Korean symmetric 128-bit cipher SEED (see
+     http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp) and
+     add SEED ciphersuites from RFC 4162:
+
+        TLS_RSA_WITH_SEED_CBC_SHA      =  "SEED-SHA"
+        TLS_DHE_DSS_WITH_SEED_CBC_SHA  =  "DHE-DSS-SEED-SHA"
+        TLS_DHE_RSA_WITH_SEED_CBC_SHA  =  "DHE-RSA-SEED-SHA"
+        TLS_DH_anon_WITH_SEED_CBC_SHA  =  "ADH-SEED-SHA"
+
+     To minimize changes between patchlevels in the OpenSSL 0.9.8
+     series, SEED remains excluded from compilation unless OpenSSL
+     is configured with 'enable-seed'.
+     [KISA, Bodo Moeller]
+
+  *) Mitigate branch prediction attacks, which can be practical if a
+     single processor is shared, allowing a spy process to extract
+     information.  For detailed background information, see
+     http://eprint.iacr.org/2007/039 (O. Aciicmez, S. Gueron,
+     J.-P. Seifert, "New Branch Prediction Vulnerabilities in OpenSSL
+     and Necessary Software Countermeasures").  The core of the change
+     are new versions BN_div_no_branch() and
+     BN_mod_inverse_no_branch() of BN_div() and BN_mod_inverse(),
+     respectively, which are slower, but avoid the security-relevant
+     conditional branches.  These are automatically called by BN_div()
+     and BN_mod_inverse() if the flag BN_FLG_CONSTTIME is set for one
+     of the input BIGNUMs.  Also, BN_is_bit_set() has been changed to
+     remove a conditional branch.
+
+     BN_FLG_CONSTTIME is the new name for the previous
+     BN_FLG_EXP_CONSTTIME flag, since it now affects more than just
+     modular exponentiation.  (Since OpenSSL 0.9.7h, setting this flag
+     in the exponent causes BN_mod_exp_mont() to use the alternative
+     implementation in BN_mod_exp_mont_consttime().)  The old name
+     remains as a deprecated alias.
+
+     Similary, RSA_FLAG_NO_EXP_CONSTTIME is replaced by a more general
+     RSA_FLAG_NO_CONSTTIME flag since the RSA implementation now uses
+     constant-time implementations for more than just exponentiation.
+     Here too the old name is kept as a deprecated alias.
+
+     BN_BLINDING_new() will now use BN_dup() for the modulus so that
+     the BN_BLINDING structure gets an independent copy of the
+     modulus.  This means that the previous "BIGNUM *m" argument to
+     BN_BLINDING_new() and to BN_BLINDING_create_param() now
+     essentially becomes "const BIGNUM *m", although we can't actually
+     change this in the header file before 0.9.9.  It allows
+     RSA_setup_blinding() to use BN_with_flags() on the modulus to
+     enable BN_FLG_CONSTTIME.
+
+     [Matthew D Wood (Intel Corp)]
+
+  *) In the SSL/TLS server implementation, be strict about session ID
+     context matching (which matters if an application uses a single
+     external cache for different purposes).  Previously,
+     out-of-context reuse was forbidden only if SSL_VERIFY_PEER was
+     set.  This did ensure strict client verification, but meant that,
+     with applications using a single external cache for quite
+     different requirements, clients could circumvent ciphersuite
+     restrictions for a given session ID context by starting a session
+     in a different context.
+     [Bodo Moeller]
+
+  *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that
+     a ciphersuite string such as "DEFAULT:RSA" cannot enable
+     authentication-only ciphersuites.
+     [Bodo Moeller]
+
+  *) Update the SSL_get_shared_ciphers() fix CVE-2006-3738 which was
+     not complete and could lead to a possible single byte overflow
+     (CVE-2007-5135) [Ben Laurie]
+
+ Changes between 0.9.8d and 0.9.8e  [23 Feb 2007]
+
+  *) Since AES128 and AES256 (and similarly Camellia128 and
+     Camellia256) share a single mask bit in the logic of
+     ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a
+     kludge to work properly if AES128 is available and AES256 isn't
+     (or if Camellia128 is available and Camellia256 isn't).
+     [Victor Duchovni]
+
+  *) Fix the BIT STRING encoding generated by crypto/ec/ec_asn1.c
+     (within i2d_ECPrivateKey, i2d_ECPKParameters, i2d_ECParameters):
+     When a point or a seed is encoded in a BIT STRING, we need to
+     prevent the removal of trailing zero bits to get the proper DER
+     encoding.  (By default, crypto/asn1/a_bitstr.c assumes the case
+     of a NamedBitList, for which trailing 0 bits need to be removed.)
+     [Bodo Moeller]
+
+  *) Have SSL/TLS server implementation tolerate "mismatched" record
+     protocol version while receiving ClientHello even if the
+     ClientHello is fragmented.  (The server can't insist on the
+     particular protocol version it has chosen before the ServerHello
+     message has informed the client about his choice.)
+     [Bodo Moeller]
+
+  *) Add RFC 3779 support.
+     [Rob Austein for ARIN, Ben Laurie]
+
+  *) Load error codes if they are not already present instead of using a
+     static variable. This allows them to be cleanly unloaded and reloaded.
+     Improve header file function name parsing.
+     [Steve Henson]
+
+  *) extend SMTP and IMAP protocol emulation in s_client to use EHLO
+     or CAPABILITY handshake as required by RFCs.
+     [Goetz Babin-Ebell]
+
+ Changes between 0.9.8c and 0.9.8d  [28 Sep 2006]
+
+  *) Introduce limits to prevent malicious keys being able to
+     cause a denial of service.  (CVE-2006-2940)
+     [Steve Henson, Bodo Moeller]
+
+  *) Fix ASN.1 parsing of certain invalid structures that can result
+     in a denial of service.  (CVE-2006-2937)  [Steve Henson]
+
+  *) Fix buffer overflow in SSL_get_shared_ciphers() function. 
+     (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
+
+  *) Fix SSL client code which could crash if connecting to a
+     malicious SSLv2 server.  (CVE-2006-4343)
+     [Tavis Ormandy and Will Drewry, Google Security Team]
+
+  *) Since 0.9.8b, ciphersuite strings naming explicit ciphersuites
+     match only those.  Before that, "AES256-SHA" would be interpreted
+     as a pattern and match "AES128-SHA" too (since AES128-SHA got
+     the same strength classification in 0.9.7h) as we currently only
+     have a single AES bit in the ciphersuite description bitmap.
+     That change, however, also applied to ciphersuite strings such as
+     "RC4-MD5" that intentionally matched multiple ciphersuites --
+     namely, SSL 2.0 ciphersuites in addition to the more common ones
+     from SSL 3.0/TLS 1.0.
+
+     So we change the selection algorithm again: Naming an explicit
+     ciphersuite selects this one ciphersuite, and any other similar
+     ciphersuite (same bitmap) from *other* protocol versions.
+     Thus, "RC4-MD5" again will properly select both the SSL 2.0
+     ciphersuite and the SSL 3.0/TLS 1.0 ciphersuite.
+
+     Since SSL 2.0 does not have any ciphersuites for which the
+     128/256 bit distinction would be relevant, this works for now.
+     The proper fix will be to use different bits for AES128 and
+     AES256, which would have avoided the problems from the beginning;
+     however, bits are scarce, so we can only do this in a new release
+     (not just a patchlevel) when we can change the SSL_CIPHER
+     definition to split the single 'unsigned long mask' bitmap into
+     multiple values to extend the available space.
+
+     [Bodo Moeller]
+
+ Changes between 0.9.8b and 0.9.8c  [05 Sep 2006]
+
+  *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
+     (CVE-2006-4339)  [Ben Laurie and Google Security Team]
+
+  *) Add AES IGE and biIGE modes.
+     [Ben Laurie]
+
+  *) Change the Unix randomness entropy gathering to use poll() when
+     possible instead of select(), since the latter has some
+     undesirable limitations.
+     [Darryl Miles via Richard Levitte and Bodo Moeller]
+
+  *) Disable "ECCdraft" ciphersuites more thoroughly.  Now special
+     treatment in ssl/ssl_ciph.s makes sure that these ciphersuites
+     cannot be implicitly activated as part of, e.g., the "AES" alias.
+     However, please upgrade to OpenSSL 0.9.9[-dev] for
+     non-experimental use of the ECC ciphersuites to get TLS extension
+     support, which is required for curve and point format negotiation
+     to avoid potential handshake problems.
+     [Bodo Moeller]
+
+  *) Disable rogue ciphersuites:
+
+      - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
+      - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
+      - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
+
+     The latter two were purportedly from
+     draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
+     appear there.
+
+     Also deactivate the remaining ciphersuites from
+     draft-ietf-tls-56-bit-ciphersuites-01.txt.  These are just as
+     unofficial, and the ID has long expired.
+     [Bodo Moeller]
+
+  *) Fix RSA blinding Heisenbug (problems sometimes occured on
+     dual-core machines) and other potential thread-safety issues.
+     [Bodo Moeller]
+
+  *) Add the symmetric cipher Camellia (128-bit, 192-bit, 256-bit key
+     versions), which is now available for royalty-free use
+     (see http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html).
+     Also, add Camellia TLS ciphersuites from RFC 4132.
+
+     To minimize changes between patchlevels in the OpenSSL 0.9.8
+     series, Camellia remains excluded from compilation unless OpenSSL
+     is configured with 'enable-camellia'.
+     [NTT]
+
+  *) Disable the padding bug check when compression is in use. The padding
+     bug check assumes the first packet is of even length, this is not
+     necessarily true if compresssion is enabled and can result in false
+     positives causing handshake failure. The actual bug test is ancient
+     code so it is hoped that implementations will either have fixed it by
+     now or any which still have the bug do not support compression.
+     [Steve Henson]
+
+ Changes between 0.9.8a and 0.9.8b  [04 May 2006]
+
+  *) When applying a cipher rule check to see if string match is an explicit
+     cipher suite and only match that one cipher suite if it is.
+     [Steve Henson]
+
+  *) Link in manifests for VC++ if needed.
+     [Austin Ziegler <halostatue at gmail.com>]
+
+  *) Update support for ECC-based TLS ciphersuites according to
+     draft-ietf-tls-ecc-12.txt with proposed changes (but without
+     TLS extensions, which are supported starting with the 0.9.9
+     branch, not in the OpenSSL 0.9.8 branch).
+     [Douglas Stebila]
+
+  *) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support
+     opaque EVP_CIPHER_CTX handling.
+     [Steve Henson]
+
+  *) Fixes and enhancements to zlib compression code. We now only use
+     "zlib1.dll" and use the default __cdecl calling convention on Win32
+     to conform with the standards mentioned here:
+           http://www.zlib.net/DLL_FAQ.txt
+     Static zlib linking now works on Windows and the new --with-zlib-include
+     --with-zlib-lib options to Configure can be used to supply the location
+     of the headers and library. Gracefully handle case where zlib library
+     can't be loaded.
+     [Steve Henson]
+
+  *) Several fixes and enhancements to the OID generation code. The old code
+     sometimes allowed invalid OIDs (1.X for X >= 40 for example), couldn't
+     handle numbers larger than ULONG_MAX, truncated printing and had a
+     non standard OBJ_obj2txt() behaviour.
+     [Steve Henson]
+
+  *) Add support for building of engines under engine/ as shared libraries
+     under VC++ build system.
+     [Steve Henson]
+
+  *) Corrected the numerous bugs in the Win32 path splitter in DSO.
+     Hopefully, we will not see any false combination of paths any more.
+     [Richard Levitte]
+
+ Changes between 0.9.8 and 0.9.8a  [11 Oct 2005]
+
+  *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
+     (part of SSL_OP_ALL).  This option used to disable the
+     countermeasure against man-in-the-middle protocol-version
+     rollback in the SSL 2.0 server implementation, which is a bad
+     idea.  (CVE-2005-2969)
+
+     [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
+     for Information Security, National Institute of Advanced Industrial
+     Science and Technology [AIST], Japan)]
+
+  *) Add two function to clear and return the verify parameter flags.
+     [Steve Henson]
+
+  *) Keep cipherlists sorted in the source instead of sorting them at
+     runtime, thus removing the need for a lock.
+     [Nils Larsch]
+
+  *) Avoid some small subgroup attacks in Diffie-Hellman.
+     [Nick Mathewson and Ben Laurie]
+
+  *) Add functions for well-known primes.
+     [Nick Mathewson]
+
+  *) Extended Windows CE support.
+     [Satoshi Nakamura and Andy Polyakov]
+
+  *) Initialize SSL_METHOD structures at compile time instead of during
+     runtime, thus removing the need for a lock.
+     [Steve Henson]
+
+  *) Make PKCS7_decrypt() work even if no certificate is supplied by
+     attempting to decrypt each encrypted key in turn. Add support to
+     smime utility.
+     [Steve Henson]
+
+ Changes between 0.9.7h and 0.9.8  [05 Jul 2005]
+
+  [NB: OpenSSL 0.9.7i and later 0.9.7 patch levels were released after
+  OpenSSL 0.9.8.]
+
+  *) Add libcrypto.pc and libssl.pc for those who feel they need them.
+     [Richard Levitte]
+
+  *) Change CA.sh and CA.pl so they don't bundle the CSR and the private
+     key into the same file any more.
+     [Richard Levitte]
+
+  *) Add initial support for Win64, both IA64 and AMD64/x64 flavors.
+     [Andy Polyakov]
+
+  *) Add -utf8 command line and config file option to 'ca'.
+     [Stefan <stf at udoma.org]
+
+  *) Removed the macro des_crypt(), as it seems to conflict with some
+     libraries.  Use DES_crypt().
+     [Richard Levitte]
+
+  *) Correct naming of the 'chil' and '4758cca' ENGINEs. This
+     involves renaming the source and generated shared-libs for
+     both. The engines will accept the corrected or legacy ids
+     ('ncipher' and '4758_cca' respectively) when binding. NB,
+     this only applies when building 'shared'.
+     [Corinna Vinschen <vinschen at redhat.com> and Geoff Thorpe]
+
+  *) Add attribute functions to EVP_PKEY structure. Modify
+     PKCS12_create() to recognize a CSP name attribute and
+     use it. Make -CSP option work again in pkcs12 utility.
+     [Steve Henson]
+
+  *) Add new functionality to the bn blinding code:
+     - automatic re-creation of the BN_BLINDING parameters after
+       a fixed number of uses (currently 32)
+     - add new function for parameter creation
+     - introduce flags to control the update behaviour of the
+       BN_BLINDING parameters
+     - hide BN_BLINDING structure
+     Add a second BN_BLINDING slot to the RSA structure to improve
+     performance when a single RSA object is shared among several
+     threads.
+     [Nils Larsch]
+
+  *) Add support for DTLS.
+     [Nagendra Modadugu <nagendra at cs.stanford.edu> and Ben Laurie]
+
+  *) Add support for DER encoded private keys (SSL_FILETYPE_ASN1)
+     to SSL_CTX_use_PrivateKey_file() and SSL_use_PrivateKey_file()
+     [Walter Goulet]
+
+  *) Remove buggy and incompletet DH cert support from
+     ssl/ssl_rsa.c and ssl/s3_both.c
+     [Nils Larsch]
+
+  *) Use SHA-1 instead of MD5 as the default digest algorithm for
+     the apps/openssl applications.
+     [Nils Larsch]
+
+  *) Compile clean with "-Wall -Wmissing-prototypes
+     -Wstrict-prototypes -Wmissing-declarations -Werror". Currently
+     DEBUG_SAFESTACK must also be set.
+     [Ben Laurie]
+
+  *) Change ./Configure so that certain algorithms can be disabled by default.
+     The new counterpiece to "no-xxx" is "enable-xxx".
+
+     The patented RC5 and MDC2 algorithms will now be disabled unless
+     "enable-rc5" and "enable-mdc2", respectively, are specified.
+
+     (IDEA remains enabled despite being patented.  This is because IDEA
+     is frequently required for interoperability, and there is no license
+     fee for non-commercial use.  As before, "no-idea" can be used to
+     avoid this algorithm.)
+
+     [Bodo Moeller]
+
+  *) Add processing of proxy certificates (see RFC 3820).  This work was
+     sponsored by KTH (The Royal Institute of Technology in Stockholm) and
+     EGEE (Enabling Grids for E-science in Europe).
+     [Richard Levitte]
+
+  *) RC4 performance overhaul on modern architectures/implementations, such
+     as Intel P4, IA-64 and AMD64.
+     [Andy Polyakov]
+
+  *) New utility extract-section.pl. This can be used specify an alternative
+     section number in a pod file instead of having to treat each file as
+     a separate case in Makefile. This can be done by adding two lines to the
+     pod file:
+
+     =for comment openssl_section:XXX
+
+     The blank line is mandatory.
+
+     [Steve Henson]
+
+  *) New arguments -certform, -keyform and -pass for s_client and s_server
+     to allow alternative format key and certificate files and passphrase
+     sources.
+     [Steve Henson]
+
+  *) New structure X509_VERIFY_PARAM which combines current verify parameters,
+     update associated structures and add various utility functions.
+
+     Add new policy related verify parameters, include policy checking in 
+     standard verify code. Enhance 'smime' application with extra parameters
+     to support policy checking and print out.
+     [Steve Henson]
+
+  *) Add a new engine to support VIA PadLock ACE extensions in the VIA C3
+     Nehemiah processors. These extensions support AES encryption in hardware
+     as well as RNG (though RNG support is currently disabled).
+     [Michal Ludvig <michal at logix.cz>, with help from Andy Polyakov]
+
+  *) Deprecate BN_[get|set]_params() functions (they were ignored internally).
+     [Geoff Thorpe]
+
+  *) New FIPS 180-2 algorithms, SHA-224/-256/-384/-512 are implemented.
+     [Andy Polyakov and a number of other people]
+
+  *) Improved PowerPC platform support. Most notably BIGNUM assembler
+     implementation contributed by IBM.
+     [Suresh Chari, Peter Waltenberg, Andy Polyakov]
+
+  *) The new 'RSA_generate_key_ex' function now takes a BIGNUM for the public
+     exponent rather than 'unsigned long'. There is a corresponding change to
+     the new 'rsa_keygen' element of the RSA_METHOD structure.
+     [Jelte Jansen, Geoff Thorpe]
+
+  *) Functionality for creating the initial serial number file is now
+     moved from CA.pl to the 'ca' utility with a new option -create_serial.
+
+     (Before OpenSSL 0.9.7e, CA.pl used to initialize the serial
+     number file to 1, which is bound to cause problems.  To avoid
+     the problems while respecting compatibility between different 0.9.7
+     patchlevels, 0.9.7e  employed 'openssl x509 -next_serial' in
+     CA.pl for serial number initialization.  With the new release 0.9.8,
+     we can fix the problem directly in the 'ca' utility.)
+     [Steve Henson]
+
+  *) Reduced header interdepencies by declaring more opaque objects in
+     ossl_typ.h. As a consequence, including some headers (eg. engine.h) will
+     give fewer recursive includes, which could break lazy source code - so
+     this change is covered by the OPENSSL_NO_DEPRECATED symbol. As always,
+     developers should define this symbol when building and using openssl to
+     ensure they track the recommended behaviour, interfaces, [etc], but
+     backwards-compatible behaviour prevails when this isn't defined.
+     [Geoff Thorpe]
+
+  *) New function X509_POLICY_NODE_print() which prints out policy nodes.
+     [Steve Henson]
+
+  *) Add new EVP function EVP_CIPHER_CTX_rand_key and associated functionality.
+     This will generate a random key of the appropriate length based on the 
+     cipher context. The EVP_CIPHER can provide its own random key generation
+     routine to support keys of a specific form. This is used in the des and 
+     3des routines to generate a key of the correct parity. Update S/MIME
+     code to use new functions and hence generate correct parity DES keys.
+     Add EVP_CHECK_DES_KEY #define to return an error if the key is not 
+     valid (weak or incorrect parity).
+     [Steve Henson]
+
+  *) Add a local set of CRLs that can be used by X509_verify_cert() as well
+     as looking them up. This is useful when the verified structure may contain
+     CRLs, for example PKCS#7 signedData. Modify PKCS7_verify() to use any CRLs
+     present unless the new PKCS7_NO_CRL flag is asserted.
+     [Steve Henson]
+
+  *) Extend ASN1 oid configuration module. It now additionally accepts the
+     syntax:
+
+     shortName = some long name, 1.2.3.4
+     [Steve Henson]
+
+  *) Reimplemented the BN_CTX implementation. There is now no more static
+     limitation on the number of variables it can handle nor the depth of the
+     "stack" handling for BN_CTX_start()/BN_CTX_end() pairs. The stack
+     information can now expand as required, and rather than having a single
+     static array of bignums, BN_CTX now uses a linked-list of such arrays
+     allowing it to expand on demand whilst maintaining the usefulness of
+     BN_CTX's "bundling".
+     [Geoff Thorpe]
+
+  *) Add a missing BN_CTX parameter to the 'rsa_mod_exp' callback in RSA_METHOD
+     to allow all RSA operations to function using a single BN_CTX.
+     [Geoff Thorpe]
+
+  *) Preliminary support for certificate policy evaluation and checking. This
+     is initially intended to pass the tests outlined in "Conformance Testing
+     of Relying Party Client Certificate Path Processing Logic" v1.07.
+     [Steve Henson]
+
+  *) bn_dup_expand() has been deprecated, it was introduced in 0.9.7 and
+     remained unused and not that useful. A variety of other little bignum
+     tweaks and fixes have also been made continuing on from the audit (see
+     below).
+     [Geoff Thorpe]
+
+  *) Constify all or almost all d2i, c2i, s2i and r2i functions, along with
+     associated ASN1, EVP and SSL functions and old ASN1 macros.
+     [Richard Levitte]
+
+  *) BN_zero() only needs to set 'top' and 'neg' to zero for correct results,
+     and this should never fail. So the return value from the use of
+     BN_set_word() (which can fail due to needless expansion) is now deprecated;
+     if OPENSSL_NO_DEPRECATED is defined, BN_zero() is a void macro.
+     [Geoff Thorpe]
+
+  *) BN_CTX_get() should return zero-valued bignums, providing the same
+     initialised value as BN_new().
+     [Geoff Thorpe, suggested by Ulf Möller]
+
+  *) Support for inhibitAnyPolicy certificate extension.
+     [Steve Henson]
+
+  *) An audit of the BIGNUM code is underway, for which debugging code is
+     enabled when BN_DEBUG is defined. This makes stricter enforcements on what
+     is considered valid when processing BIGNUMs, and causes execution to
+     assert() when a problem is discovered. If BN_DEBUG_RAND is defined,
+     further steps are taken to deliberately pollute unused data in BIGNUM
+     structures to try and expose faulty code further on. For now, openssl will
+     (in its default mode of operation) continue to tolerate the inconsistent
+     forms that it has tolerated in the past, but authors and packagers should
+     consider trying openssl and their own applications when compiled with
+     these debugging symbols defined. It will help highlight potential bugs in
+     their own code, and will improve the test coverage for OpenSSL itself. At
+     some point, these tighter rules will become openssl's default to improve
+     maintainability, though the assert()s and other overheads will remain only
+     in debugging configurations. See bn.h for more details.
+     [Geoff Thorpe, Nils Larsch, Ulf Möller]
+
+  *) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure
+     that can only be obtained through BN_CTX_new() (which implicitly
+     initialises it). The presence of this function only made it possible
+     to overwrite an existing structure (and cause memory leaks).
+     [Geoff Thorpe]
+
+  *) Because of the callback-based approach for implementing LHASH as a
+     template type, lh_insert() adds opaque objects to hash-tables and
+     lh_doall() or lh_doall_arg() are typically used with a destructor callback
+     to clean up those corresponding objects before destroying the hash table
+     (and losing the object pointers). So some over-zealous constifications in
+     LHASH have been relaxed so that lh_insert() does not take (nor store) the
+     objects as "const" and the lh_doall[_arg] callback wrappers are not
+     prototyped to have "const" restrictions on the object pointers they are
+     given (and so aren't required to cast them away any more).
+     [Geoff Thorpe]
+
+  *) The tmdiff.h API was so ugly and minimal that our own timing utility
+     (speed) prefers to use its own implementation. The two implementations
+     haven't been consolidated as yet (volunteers?) but the tmdiff API has had
+     its object type properly exposed (MS_TM) instead of casting to/from "char
+     *". This may still change yet if someone realises MS_TM and "ms_time_***"
+     aren't necessarily the greatest nomenclatures - but this is what was used
+     internally to the implementation so I've used that for now.
+     [Geoff Thorpe]
+
+  *) Ensure that deprecated functions do not get compiled when
+     OPENSSL_NO_DEPRECATED is defined. Some "openssl" subcommands and a few of
+     the self-tests were still using deprecated key-generation functions so
+     these have been updated also.
+     [Geoff Thorpe]
+
+  *) Reorganise PKCS#7 code to separate the digest location functionality
+     into PKCS7_find_digest(), digest addtion into PKCS7_bio_add_digest().
+     New function PKCS7_set_digest() to set the digest type for PKCS#7
+     digestedData type. Add additional code to correctly generate the
+     digestedData type and add support for this type in PKCS7 initialization
+     functions.
+     [Steve Henson]
+
+  *) New function PKCS7_set0_type_other() this initializes a PKCS7 
+     structure of type "other".
+     [Steve Henson]
+
+  *) Fix prime generation loop in crypto/bn/bn_prime.pl by making
+     sure the loop does correctly stop and breaking ("division by zero")
+     modulus operations are not performed. The (pre-generated) prime
+     table crypto/bn/bn_prime.h was already correct, but it could not be
+     re-generated on some platforms because of the "division by zero"
+     situation in the script.
+     [Ralf S. Engelschall]
+
+  *) Update support for ECC-based TLS ciphersuites according to
+     draft-ietf-tls-ecc-03.txt: the KDF1 key derivation function with
+     SHA-1 now is only used for "small" curves (where the
+     representation of a field element takes up to 24 bytes); for
+     larger curves, the field element resulting from ECDH is directly
+     used as premaster secret.
+     [Douglas Stebila (Sun Microsystems Laboratories)]
+
+  *) Add code for kP+lQ timings to crypto/ec/ectest.c, and add SEC2
+     curve secp160r1 to the tests.
+     [Douglas Stebila (Sun Microsystems Laboratories)]
+
+  *) Add the possibility to load symbols globally with DSO.
+     [Götz Babin-Ebell <babin-ebell at trustcenter.de> via Richard Levitte]
+
+  *) Add the functions ERR_set_mark() and ERR_pop_to_mark() for better
+     control of the error stack.
+     [Richard Levitte]
+
+  *) Add support for STORE in ENGINE.
+     [Richard Levitte]
+
+  *) Add the STORE type.  The intention is to provide a common interface
+     to certificate and key stores, be they simple file-based stores, or
+     HSM-type store, or LDAP stores, or...
+     NOTE: The code is currently UNTESTED and isn't really used anywhere.
+     [Richard Levitte]
+
+  *) Add a generic structure called OPENSSL_ITEM.  This can be used to
+     pass a list of arguments to any function as well as provide a way
+     for a function to pass data back to the caller.
+     [Richard Levitte]
+
+  *) Add the functions BUF_strndup() and BUF_memdup().  BUF_strndup()
+     works like BUF_strdup() but can be used to duplicate a portion of
+     a string.  The copy gets NUL-terminated.  BUF_memdup() duplicates
+     a memory area.
+     [Richard Levitte]
+
+  *) Add the function sk_find_ex() which works like sk_find(), but will
+     return an index to an element even if an exact match couldn't be
+     found.  The index is guaranteed to point at the element where the
+     searched-for key would be inserted to preserve sorting order.
+     [Richard Levitte]
+
+  *) Add the function OBJ_bsearch_ex() which works like OBJ_bsearch() but
+     takes an extra flags argument for optional functionality.  Currently,
+     the following flags are defined:
+
+	OBJ_BSEARCH_VALUE_ON_NOMATCH
+	This one gets OBJ_bsearch_ex() to return a pointer to the first
+	element where the comparing function returns a negative or zero
+	number.
+
+	OBJ_BSEARCH_FIRST_VALUE_ON_MATCH
+	This one gets OBJ_bsearch_ex() to return a pointer to the first
+	element where the comparing function returns zero.  This is useful
+	if there are more than one element where the comparing function
+	returns zero.
+     [Richard Levitte]
+
+  *) Make it possible to create self-signed certificates with 'openssl ca'
+     in such a way that the self-signed certificate becomes part of the
+     CA database and uses the same mechanisms for serial number generation
+     as all other certificate signing.  The new flag '-selfsign' enables
+     this functionality.  Adapt CA.sh and CA.pl.in.
+     [Richard Levitte]
+
+  *) Add functionality to check the public key of a certificate request
+     against a given private.  This is useful to check that a certificate
+     request can be signed by that key (self-signing).
+     [Richard Levitte]
+
+  *) Make it possible to have multiple active certificates with the same
+     subject in the CA index file.  This is done only if the keyword
+     'unique_subject' is set to 'no' in the main CA section (default
+     if 'CA_default') of the configuration file.  The value is saved
+     with the database itself in a separate index attribute file,
+     named like the index file with '.attr' appended to the name.
+     [Richard Levitte]
+
+  *) Generate muti valued AVAs using '+' notation in config files for
+     req and dirName.
+     [Steve Henson]
+
+  *) Support for nameConstraints certificate extension.
+     [Steve Henson]
+
+  *) Support for policyConstraints certificate extension.
+     [Steve Henson]
+
+  *) Support for policyMappings certificate extension.
+     [Steve Henson]
+
+  *) Make sure the default DSA_METHOD implementation only uses its
+     dsa_mod_exp() and/or bn_mod_exp() handlers if they are non-NULL,
+     and change its own handlers to be NULL so as to remove unnecessary
+     indirection. This lets alternative implementations fallback to the
+     default implementation more easily.
+     [Geoff Thorpe]
+
+  *) Support for directoryName in GeneralName related extensions
+     in config files.
+     [Steve Henson]
+
+  *) Make it possible to link applications using Makefile.shared.
+     Make that possible even when linking against static libraries!
+     [Richard Levitte]
+
+  *) Support for single pass processing for S/MIME signing. This now
+     means that S/MIME signing can be done from a pipe, in addition
+     cleartext signing (multipart/signed type) is effectively streaming
+     and the signed data does not need to be all held in memory.
+
+     This is done with a new flag PKCS7_STREAM. When this flag is set
+     PKCS7_sign() only initializes the PKCS7 structure and the actual signing
+     is done after the data is output (and digests calculated) in
+     SMIME_write_PKCS7().
+     [Steve Henson]
+
+  *) Add full support for -rpath/-R, both in shared libraries and
+     applications, at least on the platforms where it's known how
+     to do it.
+     [Richard Levitte]
+
+  *) In crypto/ec/ec_mult.c, implement fast point multiplication with
+     precomputation, based on wNAF splitting: EC_GROUP_precompute_mult()
+     will now compute a table of multiples of the generator that
+     makes subsequent invocations of EC_POINTs_mul() or EC_POINT_mul()
+     faster (notably in the case of a single point multiplication,
+     scalar * generator).
+     [Nils Larsch, Bodo Moeller]
+
+  *) IPv6 support for certificate extensions. The various extensions
+     which use the IP:a.b.c.d can now take IPv6 addresses using the
+     formats of RFC1884 2.2 . IPv6 addresses are now also displayed
+     correctly.
+     [Steve Henson]
+
+  *) Added an ENGINE that implements RSA by performing private key
+     exponentiations with the GMP library. The conversions to and from
+     GMP's mpz_t format aren't optimised nor are any montgomery forms
+     cached, and on x86 it appears OpenSSL's own performance has caught up.
+     However there are likely to be other architectures where GMP could
+     provide a boost. This ENGINE is not built in by default, but it can be
+     specified at Configure time and should be accompanied by the necessary
+     linker additions, eg;
+         ./config -DOPENSSL_USE_GMP -lgmp
+     [Geoff Thorpe]
+
+  *) "openssl engine" will not display ENGINE/DSO load failure errors when
+     testing availability of engines with "-t" - the old behaviour is
+     produced by increasing the feature's verbosity with "-tt".
+     [Geoff Thorpe]
+
+  *) ECDSA routines: under certain error conditions uninitialized BN objects
+     could be freed. Solution: make sure initialization is performed early
+     enough. (Reported and fix supplied by Nils Larsch <nla at trustcenter.de>
+     via PR#459)
+     [Lutz Jaenicke]
+
+  *) Key-generation can now be implemented in RSA_METHOD, DSA_METHOD
+     and DH_METHOD (eg. by ENGINE implementations) to override the normal
+     software implementations. For DSA and DH, parameter generation can
+     also be overriden by providing the appropriate method callbacks.
+     [Geoff Thorpe]
+
+  *) Change the "progress" mechanism used in key-generation and
+     primality testing to functions that take a new BN_GENCB pointer in
+     place of callback/argument pairs. The new API functions have "_ex"
+     postfixes and the older functions are reimplemented as wrappers for
+     the new ones. The OPENSSL_NO_DEPRECATED symbol can be used to hide
+     declarations of the old functions to help (graceful) attempts to
+     migrate to the new functions. Also, the new key-generation API
+     functions operate on a caller-supplied key-structure and return
+     success/failure rather than returning a key or NULL - this is to
+     help make "keygen" another member function of RSA_METHOD etc.
+
+     Example for using the new callback interface:
+
+          int (*my_callback)(int a, int b, BN_GENCB *cb) = ...;
+          void *my_arg = ...;
+          BN_GENCB my_cb;
+
+          BN_GENCB_set(&my_cb, my_callback, my_arg);
+
+          return BN_is_prime_ex(some_bignum, BN_prime_checks, NULL, &cb);
+          /* For the meaning of a, b in calls to my_callback(), see the
+           * documentation of the function that calls the callback.
+           * cb will point to my_cb; my_arg can be retrieved as cb->arg.
+           * my_callback should return 1 if it wants BN_is_prime_ex()
+           * to continue, or 0 to stop.
+           */
+
+     [Geoff Thorpe]
+
+  *) Change the ZLIB compression method to be stateful, and make it
+     available to TLS with the number defined in 
+     draft-ietf-tls-compression-04.txt.
+     [Richard Levitte]
+
+  *) Add the ASN.1 structures and functions for CertificatePair, which
+     is defined as follows (according to X.509_4thEditionDraftV6.pdf):
+
+     CertificatePair ::= SEQUENCE {
+        forward		[0]	Certificate OPTIONAL,
+        reverse		[1]	Certificate OPTIONAL,
+        -- at least one of the pair shall be present -- }
+
+     Also implement the PEM functions to read and write certificate
+     pairs, and defined the PEM tag as "CERTIFICATE PAIR".
+
+     This needed to be defined, mostly for the sake of the LDAP
+     attribute crossCertificatePair, but may prove useful elsewhere as
+     well.
+     [Richard Levitte]
+
+  *) Make it possible to inhibit symlinking of shared libraries in
+     Makefile.shared, for Cygwin's sake.
+     [Richard Levitte]
+
+  *) Extend the BIGNUM API by creating a function 
+          void BN_set_negative(BIGNUM *a, int neg);
+     and a macro that behave like
+          int  BN_is_negative(const BIGNUM *a);
+
+     to avoid the need to access 'a->neg' directly in applications.
+     [Nils Larsch]
+
+  *) Implement fast modular reduction for pseudo-Mersenne primes
+     used in NIST curves (crypto/bn/bn_nist.c, crypto/ec/ecp_nist.c).
+     EC_GROUP_new_curve_GFp() will now automatically use this
+     if applicable.
+     [Nils Larsch <nla at trustcenter.de>]
+
+  *) Add new lock type (CRYPTO_LOCK_BN).
+     [Bodo Moeller]
+
+  *) Change the ENGINE framework to automatically load engines
+     dynamically from specific directories unless they could be
+     found to already be built in or loaded.  Move all the
+     current engines except for the cryptodev one to a new
+     directory engines/.
+     The engines in engines/ are built as shared libraries if
+     the "shared" options was given to ./Configure or ./config.
+     Otherwise, they are inserted in libcrypto.a.
+     /usr/local/ssl/engines is the default directory for dynamic
+     engines, but that can be overriden at configure time through
+     the usual use of --prefix and/or --openssldir, and at run
+     time with the environment variable OPENSSL_ENGINES.
+     [Geoff Thorpe and Richard Levitte]
+
+  *) Add Makefile.shared, a helper makefile to build shared
+     libraries.  Addapt Makefile.org.
+     [Richard Levitte]
+
+  *) Add version info to Win32 DLLs.
+     [Peter 'Luna' Runestig" <peter at runestig.com>]
+
+  *) Add new 'medium level' PKCS#12 API. Certificates and keys
+     can be added using this API to created arbitrary PKCS#12
+     files while avoiding the low level API.
+
+     New options to PKCS12_create(), key or cert can be NULL and
+     will then be omitted from the output file. The encryption
+     algorithm NIDs can be set to -1 for no encryption, the mac
+     iteration count can be set to 0 to omit the mac.
+
+     Enhance pkcs12 utility by making the -nokeys and -nocerts
+     options work when creating a PKCS#12 file. New option -nomac
+     to omit the mac, NONE can be set for an encryption algorithm.
+     New code is modified to use the enhanced PKCS12_create()
+     instead of the low level API.
+     [Steve Henson]
+
+  *) Extend ASN1 encoder to support indefinite length constructed
+     encoding. This can output sequences tags and octet strings in
+     this form. Modify pk7_asn1.c to support indefinite length
+     encoding. This is experimental and needs additional code to
+     be useful, such as an ASN1 bio and some enhanced streaming
+     PKCS#7 code.
+
+     Extend template encode functionality so that tagging is passed
+     down to the template encoder.
+     [Steve Henson]
+
+  *) Let 'openssl req' fail if an argument to '-newkey' is not
+     recognized instead of using RSA as a default.
+     [Bodo Moeller]
+
+  *) Add support for ECC-based ciphersuites from draft-ietf-tls-ecc-01.txt.
+     As these are not official, they are not included in "ALL";
+     the "ECCdraft" ciphersuite group alias can be used to select them.
+     [Vipul Gupta and Sumit Gupta (Sun Microsystems Laboratories)]
+
+  *) Add ECDH engine support.
+     [Nils Gura and Douglas Stebila (Sun Microsystems Laboratories)]
+
+  *) Add ECDH in new directory crypto/ecdh/.
+     [Douglas Stebila (Sun Microsystems Laboratories)]
+
+  *) Let BN_rand_range() abort with an error after 100 iterations
+     without success (which indicates a broken PRNG).
+     [Bodo Moeller]
+
+  *) Change BN_mod_sqrt() so that it verifies that the input value
+     is really the square of the return value.  (Previously,
+     BN_mod_sqrt would show GIGO behaviour.)
+     [Bodo Moeller]
+
+  *) Add named elliptic curves over binary fields from X9.62, SECG,
+     and WAP/WTLS; add OIDs that were still missing.
+
+     [Sheueling Chang Shantz and Douglas Stebila
+     (Sun Microsystems Laboratories)]
+
+  *) Extend the EC library for elliptic curves over binary fields
+     (new files ec2_smpl.c, ec2_smpt.c, ec2_mult.c in crypto/ec/).
+     New EC_METHOD:
+
+          EC_GF2m_simple_method
+
+     New API functions:
+
+          EC_GROUP_new_curve_GF2m
+          EC_GROUP_set_curve_GF2m
+          EC_GROUP_get_curve_GF2m
+          EC_POINT_set_affine_coordinates_GF2m
+          EC_POINT_get_affine_coordinates_GF2m
+          EC_POINT_set_compressed_coordinates_GF2m
+
+     Point compression for binary fields is disabled by default for
+     patent reasons (compile with OPENSSL_EC_BIN_PT_COMP defined to
+     enable it).
+
+     As binary polynomials are represented as BIGNUMs, various members
+     of the EC_GROUP and EC_POINT data structures can be shared
+     between the implementations for prime fields and binary fields;
+     the above ..._GF2m functions (except for EX_GROUP_new_curve_GF2m)
+     are essentially identical to their ..._GFp counterparts.
+     (For simplicity, the '..._GFp' prefix has been dropped from
+     various internal method names.)
+
+     An internal 'field_div' method (similar to 'field_mul' and
+     'field_sqr') has been added; this is used only for binary fields.
+
+     [Sheueling Chang Shantz and Douglas Stebila
+     (Sun Microsystems Laboratories)]
+
+  *) Optionally dispatch EC_POINT_mul(), EC_POINT_precompute_mult()
+     through methods ('mul', 'precompute_mult').
+
+     The generic implementations (now internally called 'ec_wNAF_mul'
+     and 'ec_wNAF_precomputed_mult') remain the default if these
+     methods are undefined.
+
+     [Sheueling Chang Shantz and Douglas Stebila
+     (Sun Microsystems Laboratories)]
+
+  *) New function EC_GROUP_get_degree, which is defined through
+     EC_METHOD.  For curves over prime fields, this returns the bit
+     length of the modulus.
+
+     [Sheueling Chang Shantz and Douglas Stebila
+     (Sun Microsystems Laboratories)]
+
+  *) New functions EC_GROUP_dup, EC_POINT_dup.
+     (These simply call ..._new  and ..._copy).
+
+     [Sheueling Chang Shantz and Douglas Stebila
+     (Sun Microsystems Laboratories)]
+
+  *) Add binary polynomial arithmetic software in crypto/bn/bn_gf2m.c.
+     Polynomials are represented as BIGNUMs (where the sign bit is not
+     used) in the following functions [macros]:  
+
+          BN_GF2m_add
+          BN_GF2m_sub             [= BN_GF2m_add]
+          BN_GF2m_mod             [wrapper for BN_GF2m_mod_arr]
+          BN_GF2m_mod_mul         [wrapper for BN_GF2m_mod_mul_arr]
+          BN_GF2m_mod_sqr         [wrapper for BN_GF2m_mod_sqr_arr]
+          BN_GF2m_mod_inv
+          BN_GF2m_mod_exp         [wrapper for BN_GF2m_mod_exp_arr]
+          BN_GF2m_mod_sqrt        [wrapper for BN_GF2m_mod_sqrt_arr]
+          BN_GF2m_mod_solve_quad  [wrapper for BN_GF2m_mod_solve_quad_arr]
+          BN_GF2m_cmp             [= BN_ucmp]
+
+     (Note that only the 'mod' functions are actually for fields GF(2^m).
+     BN_GF2m_add() is misnomer, but this is for the sake of consistency.)
+
+     For some functions, an the irreducible polynomial defining a
+     field can be given as an 'unsigned int[]' with strictly
+     decreasing elements giving the indices of those bits that are set;
+     i.e., p[] represents the polynomial
+          f(t) = t^p[0] + t^p[1] + ... + t^p[k]
+     where
+          p[0] > p[1] > ... > p[k] = 0.
+     This applies to the following functions:
+
+          BN_GF2m_mod_arr
+          BN_GF2m_mod_mul_arr
+          BN_GF2m_mod_sqr_arr
+          BN_GF2m_mod_inv_arr        [wrapper for BN_GF2m_mod_inv]
+          BN_GF2m_mod_div_arr        [wrapper for BN_GF2m_mod_div]
+          BN_GF2m_mod_exp_arr
+          BN_GF2m_mod_sqrt_arr
+          BN_GF2m_mod_solve_quad_arr
+          BN_GF2m_poly2arr
+          BN_GF2m_arr2poly
+
+     Conversion can be performed by the following functions:
+
+          BN_GF2m_poly2arr
+          BN_GF2m_arr2poly
+
+     bntest.c has additional tests for binary polynomial arithmetic.
+
+     Two implementations for BN_GF2m_mod_div() are available.
+     The default algorithm simply uses BN_GF2m_mod_inv() and
+     BN_GF2m_mod_mul().  The alternative algorithm is compiled in only
+     if OPENSSL_SUN_GF2M_DIV is defined (patent pending; read the
+     copyright notice in crypto/bn/bn_gf2m.c before enabling it).
+
+     [Sheueling Chang Shantz and Douglas Stebila
+     (Sun Microsystems Laboratories)]
+
+  *) Add new error code 'ERR_R_DISABLED' that can be used when some
+     functionality is disabled at compile-time.
+     [Douglas Stebila <douglas.stebila at sun.com>]
+
+  *) Change default behaviour of 'openssl asn1parse' so that more
+     information is visible when viewing, e.g., a certificate:
+
+     Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump'
+     mode the content of non-printable OCTET STRINGs is output in a
+     style similar to INTEGERs, but with '[HEX DUMP]' prepended to
+     avoid the appearance of a printable string.
+     [Nils Larsch <nla at trustcenter.de>]
+
+  *) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access
+     functions
+          EC_GROUP_set_asn1_flag()
+          EC_GROUP_get_asn1_flag()
+          EC_GROUP_set_point_conversion_form()
+          EC_GROUP_get_point_conversion_form()
+     These control ASN1 encoding details:
+     - Curves (i.e., groups) are encoded explicitly unless asn1_flag
+       has been set to OPENSSL_EC_NAMED_CURVE.
+     - Points are encoded in uncompressed form by default; options for
+       asn1_for are as for point2oct, namely
+          POINT_CONVERSION_COMPRESSED
+          POINT_CONVERSION_UNCOMPRESSED
+          POINT_CONVERSION_HYBRID
+
+     Also add 'seed' and 'seed_len' members to EC_GROUP with access
+     functions
+          EC_GROUP_set_seed()
+          EC_GROUP_get0_seed()
+          EC_GROUP_get_seed_len()
+     This is used only for ASN1 purposes (so far).
+     [Nils Larsch <nla at trustcenter.de>]
+
+  *) Add 'field_type' member to EC_METHOD, which holds the NID
+     of the appropriate field type OID.  The new function
+     EC_METHOD_get_field_type() returns this value.
+     [Nils Larsch <nla at trustcenter.de>]
+
+  *) Add functions 
+          EC_POINT_point2bn()
+          EC_POINT_bn2point()
+          EC_POINT_point2hex()
+          EC_POINT_hex2point()
+     providing useful interfaces to EC_POINT_point2oct() and
+     EC_POINT_oct2point().
+     [Nils Larsch <nla at trustcenter.de>]
+
+  *) Change internals of the EC library so that the functions
+          EC_GROUP_set_generator()
+          EC_GROUP_get_generator()
+          EC_GROUP_get_order()
+          EC_GROUP_get_cofactor()
+     are implemented directly in crypto/ec/ec_lib.c and not dispatched
+     to methods, which would lead to unnecessary code duplication when
+     adding different types of curves.
+     [Nils Larsch <nla at trustcenter.de> with input by Bodo Moeller]
+
+  *) Implement compute_wNAF (crypto/ec/ec_mult.c) without BIGNUM
+     arithmetic, and such that modified wNAFs are generated
+     (which avoid length expansion in many cases).
+     [Bodo Moeller]
+
+  *) Add a function EC_GROUP_check_discriminant() (defined via
+     EC_METHOD) that verifies that the curve discriminant is non-zero.
+
+     Add a function EC_GROUP_check() that makes some sanity tests
+     on a EC_GROUP, its generator and order.  This includes
+     EC_GROUP_check_discriminant().
+     [Nils Larsch <nla at trustcenter.de>]
+
+  *) Add ECDSA in new directory crypto/ecdsa/.
+
+     Add applications 'openssl ecparam' and 'openssl ecdsa'
+     (these are based on 'openssl dsaparam' and 'openssl dsa').
+
+     ECDSA support is also included in various other files across the
+     library.  Most notably,
+     - 'openssl req' now has a '-newkey ecdsa:file' option;
+     - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA;
+     - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and
+       d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make
+       them suitable for ECDSA where domain parameters must be
+       extracted before the specific public key;
+     - ECDSA engine support has been added.
+     [Nils Larsch <nla at trustcenter.de>]
+
+  *) Include some named elliptic curves, and add OIDs from X9.62,
+     SECG, and WAP/WTLS.  Each curve can be obtained from the new
+     function
+          EC_GROUP_new_by_curve_name(),
+     and the list of available named curves can be obtained with
+          EC_get_builtin_curves().
+     Also add a 'curve_name' member to EC_GROUP objects, which can be
+     accessed via
+         EC_GROUP_set_curve_name()
+         EC_GROUP_get_curve_name()
+     [Nils Larsch <larsch at trustcenter.de, Bodo Moeller]
+ 
+  *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there
+     was actually never needed) and in BN_mul().  The removal in BN_mul()
+     required a small change in bn_mul_part_recursive() and the addition
+     of the functions bn_cmp_part_words(), bn_sub_part_words() and
+     bn_add_part_words(), which do the same thing as bn_cmp_words(),
+     bn_sub_words() and bn_add_words() except they take arrays with
+     differing sizes.
+     [Richard Levitte]
+
+ Changes between 0.9.7l and 0.9.7m  [23 Feb 2007]
+
+  *) Cleanse PEM buffers before freeing them since they may contain 
+     sensitive data.
+     [Benjamin Bennett <ben at psc.edu>]
+
+  *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that
+     a ciphersuite string such as "DEFAULT:RSA" cannot enable
+     authentication-only ciphersuites.
+     [Bodo Moeller]
+
+  *) Since AES128 and AES256 share a single mask bit in the logic of
+     ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a
+     kludge to work properly if AES128 is available and AES256 isn't.
+     [Victor Duchovni]
+
+  *) Expand security boundary to match 1.1.1 module.
+     [Steve Henson]
+
+  *) Remove redundant features: hash file source, editing of test vectors
+     modify fipsld to use external fips_premain.c signature.
+     [Steve Henson]
+
+  *) New perl script mkfipsscr.pl to create shell scripts or batch files to
+     run algorithm test programs.
+     [Steve Henson]
+
+  *) Make algorithm test programs more tolerant of whitespace.
+     [Steve Henson]
+
+  *) Have SSL/TLS server implementation tolerate "mismatched" record
+     protocol version while receiving ClientHello even if the
+     ClientHello is fragmented.  (The server can't insist on the
+     particular protocol version it has chosen before the ServerHello
+     message has informed the client about his choice.)
+     [Bodo Moeller]
+
+  *) Load error codes if they are not already present instead of using a
+     static variable. This allows them to be cleanly unloaded and reloaded.
+     [Steve Henson]
+
+ Changes between 0.9.7k and 0.9.7l  [28 Sep 2006]
+
+  *) Introduce limits to prevent malicious keys being able to
+     cause a denial of service.  (CVE-2006-2940)
+     [Steve Henson, Bodo Moeller]
+
+  *) Fix ASN.1 parsing of certain invalid structures that can result
+     in a denial of service.  (CVE-2006-2937)  [Steve Henson]
+
+  *) Fix buffer overflow in SSL_get_shared_ciphers() function. 
+     (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
+
+  *) Fix SSL client code which could crash if connecting to a
+     malicious SSLv2 server.  (CVE-2006-4343)
+     [Tavis Ormandy and Will Drewry, Google Security Team]
+
+  *) Change ciphersuite string processing so that an explicit
+     ciphersuite selects this one ciphersuite (so that "AES256-SHA"
+     will no longer include "AES128-SHA"), and any other similar
+     ciphersuite (same bitmap) from *other* protocol versions (so that
+     "RC4-MD5" will still include both the SSL 2.0 ciphersuite and the
+     SSL 3.0/TLS 1.0 ciphersuite).  This is a backport combining
+     changes from 0.9.8b and 0.9.8d.
+     [Bodo Moeller]
+
+ Changes between 0.9.7j and 0.9.7k  [05 Sep 2006]
+
+  *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
+     (CVE-2006-4339)  [Ben Laurie and Google Security Team]
+
+  *) Change the Unix randomness entropy gathering to use poll() when
+     possible instead of select(), since the latter has some
+     undesirable limitations.
+     [Darryl Miles via Richard Levitte and Bodo Moeller]
+
+  *) Disable rogue ciphersuites:
+
+      - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
+      - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
+      - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
+
+     The latter two were purportedly from
+     draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
+     appear there.
+
+     Also deactive the remaining ciphersuites from
+     draft-ietf-tls-56-bit-ciphersuites-01.txt.  These are just as
+     unofficial, and the ID has long expired.
+     [Bodo Moeller]
+
+  *) Fix RSA blinding Heisenbug (problems sometimes occured on
+     dual-core machines) and other potential thread-safety issues.
+     [Bodo Moeller]
+
+ Changes between 0.9.7i and 0.9.7j  [04 May 2006]
+
+  *) Adapt fipsld and the build system to link against the validated FIPS
+     module in FIPS mode.
+     [Steve Henson]
+
+  *) Fixes for VC++ 2005 build under Windows.
+     [Steve Henson]
+
+  *) Add new Windows build target VC-32-GMAKE for VC++. This uses GNU make 
+     from a Windows bash shell such as MSYS. It is autodetected from the
+     "config" script when run from a VC++ environment. Modify standard VC++
+     build to use fipscanister.o from the GNU make build. 
+     [Steve Henson]
+
+ Changes between 0.9.7h and 0.9.7i  [14 Oct 2005]
+
+  *) Wrapped the definition of EVP_MAX_MD_SIZE in a #ifdef OPENSSL_FIPS.
+     The value now differs depending on if you build for FIPS or not.
+     BEWARE!  A program linked with a shared FIPSed libcrypto can't be
+     safely run with a non-FIPSed libcrypto, as it may crash because of
+     the difference induced by this change.
+     [Andy Polyakov]
+
+ Changes between 0.9.7g and 0.9.7h  [11 Oct 2005]
+
+  *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
+     (part of SSL_OP_ALL).  This option used to disable the
+     countermeasure against man-in-the-middle protocol-version
+     rollback in the SSL 2.0 server implementation, which is a bad
+     idea.  (CVE-2005-2969)
+
+     [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
+     for Information Security, National Institute of Advanced Industrial
+     Science and Technology [AIST], Japan)]
+
+  *) Minimal support for X9.31 signatures and PSS padding modes. This is
+     mainly for FIPS compliance and not fully integrated at this stage.
+     [Steve Henson]
+
+  *) For DSA signing, unless DSA_FLAG_NO_EXP_CONSTTIME is set, perform
+     the exponentiation using a fixed-length exponent.  (Otherwise,
+     the information leaked through timing could expose the secret key
+     after many signatures; cf. Bleichenbacher's attack on DSA with
+     biased k.)
+     [Bodo Moeller]
+
+  *) Make a new fixed-window mod_exp implementation the default for
+     RSA, DSA, and DH private-key operations so that the sequence of
+     squares and multiplies and the memory access pattern are
+     independent of the particular secret key.  This will mitigate
+     cache-timing and potential related attacks.
+
+     BN_mod_exp_mont_consttime() is the new exponentiation implementation,
+     and this is automatically used by BN_mod_exp_mont() if the new flag
+     BN_FLG_EXP_CONSTTIME is set for the exponent.  RSA, DSA, and DH
+     will use this BN flag for private exponents unless the flag
+     RSA_FLAG_NO_EXP_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME, or
+     DH_FLAG_NO_EXP_CONSTTIME, respectively, is set.
+
+     [Matthew D Wood (Intel Corp), with some changes by Bodo Moeller]
+
+  *) Change the client implementation for SSLv23_method() and
+     SSLv23_client_method() so that is uses the SSL 3.0/TLS 1.0
+     Client Hello message format if the SSL_OP_NO_SSLv2 option is set.
+     (Previously, the SSL 2.0 backwards compatible Client Hello
+     message format would be used even with SSL_OP_NO_SSLv2.)
+     [Bodo Moeller]
+
+  *) Add support for smime-type MIME parameter in S/MIME messages which some
+     clients need.
+     [Steve Henson]
+
+  *) New function BN_MONT_CTX_set_locked() to set montgomery parameters in
+     a threadsafe manner. Modify rsa code to use new function and add calls
+     to dsa and dh code (which had race conditions before).
+     [Steve Henson]
+
+  *) Include the fixed error library code in the C error file definitions
+     instead of fixing them up at runtime. This keeps the error code
+     structures constant.
+     [Steve Henson]
+
+ Changes between 0.9.7f and 0.9.7g  [11 Apr 2005]
+
+  [NB: OpenSSL 0.9.7h and later 0.9.7 patch levels were released after
+  OpenSSL 0.9.8.]
+
+  *) Fixes for newer kerberos headers. NB: the casts are needed because
+     the 'length' field is signed on one version and unsigned on another
+     with no (?) obvious way to tell the difference, without these VC++
+     complains. Also the "definition" of FAR (blank) is no longer included
+     nor is the error ENOMEM. KRB5_PRIVATE has to be set to 1 to pick up
+     some needed definitions.
+     [Steve Henson]
+
+  *) Undo Cygwin change.
+     [Ulf Möller]
+
+  *) Added support for proxy certificates according to RFC 3820.
+     Because they may be a security thread to unaware applications,
+     they must be explicitely allowed in run-time.  See
+     docs/HOWTO/proxy_certificates.txt for further information.
+     [Richard Levitte]
+
+ Changes between 0.9.7e and 0.9.7f  [22 Mar 2005]
+
+  *) Use (SSL_RANDOM_VALUE - 4) bytes of pseudo random data when generating
+     server and client random values. Previously
+     (SSL_RANDOM_VALUE - sizeof(time_t)) would be used which would result in
+     less random data when sizeof(time_t) > 4 (some 64 bit platforms).
+
+     This change has negligible security impact because:
+
+     1. Server and client random values still have 24 bytes of pseudo random
+        data.
+
+     2. Server and client random values are sent in the clear in the initial
+        handshake.
+
+     3. The master secret is derived using the premaster secret (48 bytes in
+        size for static RSA ciphersuites) as well as client server and random
+        values.
+
+     The OpenSSL team would like to thank the UK NISCC for bringing this issue
+     to our attention. 
+
+     [Stephen Henson, reported by UK NISCC]
+
+  *) Use Windows randomness collection on Cygwin.
+     [Ulf Möller]
+
+  *) Fix hang in EGD/PRNGD query when communication socket is closed
+     prematurely by EGD/PRNGD.
+     [Darren Tucker <dtucker at zip.com.au> via Lutz Jänicke, resolves #1014]
+
+  *) Prompt for pass phrases when appropriate for PKCS12 input format.
+     [Steve Henson]
+
+  *) Back-port of selected performance improvements from development
+     branch, as well as improved support for PowerPC platforms.
+     [Andy Polyakov]
+
+  *) Add lots of checks for memory allocation failure, error codes to indicate
+     failure and freeing up memory if a failure occurs.
+     [Nauticus Networks SSL Team <openssl at nauticusnet.com>, Steve Henson]
+
+  *) Add new -passin argument to dgst.
+     [Steve Henson]
+
+  *) Perform some character comparisons of different types in X509_NAME_cmp:
+     this is needed for some certificates that reencode DNs into UTF8Strings
+     (in violation of RFC3280) and can't or wont issue name rollover
+     certificates.
+     [Steve Henson]
+
+  *) Make an explicit check during certificate validation to see that
+     the CA setting in each certificate on the chain is correct.  As a
+     side effect always do the following basic checks on extensions,
+     not just when there's an associated purpose to the check:
+
+      - if there is an unhandled critical extension (unless the user
+        has chosen to ignore this fault)
+      - if the path length has been exceeded (if one is set at all)
+      - that certain extensions fit the associated purpose (if one has
+        been given)
+     [Richard Levitte]
+
+ Changes between 0.9.7d and 0.9.7e  [25 Oct 2004]
+
+  *) Avoid a race condition when CRLs are checked in a multi threaded 
+     environment. This would happen due to the reordering of the revoked
+     entries during signature checking and serial number lookup. Now the
+     encoding is cached and the serial number sort performed under a lock.
+     Add new STACK function sk_is_sorted().
+     [Steve Henson]
+
+  *) Add Delta CRL to the extension code.
+     [Steve Henson]
+
+  *) Various fixes to s3_pkt.c so alerts are sent properly.
+     [David Holmes <d.holmes at f5.com>]
+
+  *) Reduce the chances of duplicate issuer name and serial numbers (in
+     violation of RFC3280) using the OpenSSL certificate creation utilities.
+     This is done by creating a random 64 bit value for the initial serial
+     number when a serial number file is created or when a self signed
+     certificate is created using 'openssl req -x509'. The initial serial
+     number file is created using 'openssl x509 -next_serial' in CA.pl
+     rather than being initialized to 1.
+     [Steve Henson]
+
+ Changes between 0.9.7c and 0.9.7d  [17 Mar 2004]
+
+  *) Fix null-pointer assignment in do_change_cipher_spec() revealed           
+     by using the Codenomicon TLS Test Tool (CVE-2004-0079)                    
+     [Joe Orton, Steve Henson]   
+
+  *) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
+     (CVE-2004-0112)
+     [Joe Orton, Steve Henson]   
+
+  *) Make it possible to have multiple active certificates with the same
+     subject in the CA index file.  This is done only if the keyword
+     'unique_subject' is set to 'no' in the main CA section (default
+     if 'CA_default') of the configuration file.  The value is saved
+     with the database itself in a separate index attribute file,
+     named like the index file with '.attr' appended to the name.
+     [Richard Levitte]
+
+  *) X509 verify fixes. Disable broken certificate workarounds when 
+     X509_V_FLAGS_X509_STRICT is set. Check CRL issuer has cRLSign set if
+     keyUsage extension present. Don't accept CRLs with unhandled critical
+     extensions: since verify currently doesn't process CRL extensions this
+     rejects a CRL with *any* critical extensions. Add new verify error codes
+     for these cases.
+     [Steve Henson]
+
+  *) When creating an OCSP nonce use an OCTET STRING inside the extnValue.
+     A clarification of RFC2560 will require the use of OCTET STRINGs and 
+     some implementations cannot handle the current raw format. Since OpenSSL
+     copies and compares OCSP nonces as opaque blobs without any attempt at
+     parsing them this should not create any compatibility issues.
+     [Steve Henson]
+
+  *) New md flag EVP_MD_CTX_FLAG_REUSE this allows md_data to be reused when
+     calling EVP_MD_CTX_copy_ex() to avoid calling OPENSSL_malloc(). Without
+     this HMAC (and other) operations are several times slower than OpenSSL
+     < 0.9.7.
+     [Steve Henson]
+
+  *) Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex().
+     [Peter Sylvester <Peter.Sylvester at EdelWeb.fr>]
+
+  *) Use the correct content when signing type "other".
+     [Steve Henson]
+
+ Changes between 0.9.7b and 0.9.7c  [30 Sep 2003]
+
+  *) Fix various bugs revealed by running the NISCC test suite:
+
+     Stop out of bounds reads in the ASN1 code when presented with
+     invalid tags (CVE-2003-0543 and CVE-2003-0544).
+     
+     Free up ASN1_TYPE correctly if ANY type is invalid (CVE-2003-0545).
+
+     If verify callback ignores invalid public key errors don't try to check
+     certificate signature with the NULL public key.
+
+     [Steve Henson]
+
+  *) New -ignore_err option in ocsp application to stop the server
+     exiting on the first error in a request.
+     [Steve Henson]
+
+  *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
+     if the server requested one: as stated in TLS 1.0 and SSL 3.0
+     specifications.
+     [Steve Henson]
+
+  *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
+     extra data after the compression methods not only for TLS 1.0
+     but also for SSL 3.0 (as required by the specification).
+     [Bodo Moeller; problem pointed out by Matthias Loepfe]
+
+  *) Change X509_certificate_type() to mark the key as exported/exportable
+     when it's 512 *bits* long, not 512 bytes.
+     [Richard Levitte]
+
+  *) Change AES_cbc_encrypt() so it outputs exact multiple of
+     blocks during encryption.
+     [Richard Levitte]
+
+  *) Various fixes to base64 BIO and non blocking I/O. On write 
+     flushes were not handled properly if the BIO retried. On read
+     data was not being buffered properly and had various logic bugs.
+     This also affects blocking I/O when the data being decoded is a
+     certain size.
+     [Steve Henson]
+
+  *) Various S/MIME bugfixes and compatibility changes:
+     output correct application/pkcs7 MIME type if
+     PKCS7_NOOLDMIMETYPE is set. Tolerate some broken signatures.
+     Output CR+LF for EOL if PKCS7_CRLFEOL is set (this makes opening
+     of files as .eml work). Correctly handle very long lines in MIME
+     parser.
+     [Steve Henson]
+
+ Changes between 0.9.7a and 0.9.7b  [10 Apr 2003]
+
+  *) Countermeasure against the Klima-Pokorny-Rosa extension of
+     Bleichbacher's attack on PKCS #1 v1.5 padding: treat
+     a protocol version number mismatch like a decryption error
+     in ssl3_get_client_key_exchange (ssl/s3_srvr.c).
+     [Bodo Moeller]
+
+  *) Turn on RSA blinding by default in the default implementation
+     to avoid a timing attack. Applications that don't want it can call
+     RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
+     They would be ill-advised to do so in most cases.
+     [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]
+
+  *) Change RSA blinding code so that it works when the PRNG is not
+     seeded (in this case, the secret RSA exponent is abused as
+     an unpredictable seed -- if it is not unpredictable, there
+     is no point in blinding anyway).  Make RSA blinding thread-safe
+     by remembering the creator's thread ID in rsa->blinding and
+     having all other threads use local one-time blinding factors
+     (this requires more computation than sharing rsa->blinding, but
+     avoids excessive locking; and if an RSA object is not shared
+     between threads, blinding will still be very fast).
+     [Bodo Moeller]
+
+  *) Fixed a typo bug that would cause ENGINE_set_default() to set an
+     ENGINE as defaults for all supported algorithms irrespective of
+     the 'flags' parameter. 'flags' is now honoured, so applications
+     should make sure they are passing it correctly.
+     [Geoff Thorpe]
+
+  *) Target "mingw" now allows native Windows code to be generated in
+     the Cygwin environment as well as with the MinGW compiler.
+     [Ulf Moeller] 
+
+ Changes between 0.9.7 and 0.9.7a  [19 Feb 2003]
+
+  *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
+     via timing by performing a MAC computation even if incorrrect
+     block cipher padding has been found.  This is a countermeasure
+     against active attacks where the attacker has to distinguish
+     between bad padding and a MAC verification error. (CVE-2003-0078)
+
+     [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
+     Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
+     Martin Vuagnoux (EPFL, Ilion)]
+
+  *) Make the no-err option work as intended.  The intention with no-err
+     is not to have the whole error stack handling routines removed from
+     libcrypto, it's only intended to remove all the function name and
+     reason texts, thereby removing some of the footprint that may not
+     be interesting if those errors aren't displayed anyway.
+
+     NOTE: it's still possible for any application or module to have it's
+     own set of error texts inserted.  The routines are there, just not
+     used by default when no-err is given.
+     [Richard Levitte]
+
+  *) Add support for FreeBSD on IA64.
+     [dirk.meyer at dinoex.sub.org via Richard Levitte, resolves #454]
+
+  *) Adjust DES_cbc_cksum() so it returns the same value as the MIT
+     Kerberos function mit_des_cbc_cksum().  Before this change,
+     the value returned by DES_cbc_cksum() was like the one from
+     mit_des_cbc_cksum(), except the bytes were swapped.
+     [Kevin Greaney <Kevin.Greaney at hp.com> and Richard Levitte]
+
+  *) Allow an application to disable the automatic SSL chain building.
+     Before this a rather primitive chain build was always performed in
+     ssl3_output_cert_chain(): an application had no way to send the 
+     correct chain if the automatic operation produced an incorrect result.
+
+     Now the chain builder is disabled if either:
+
+     1. Extra certificates are added via SSL_CTX_add_extra_chain_cert().
+
+     2. The mode flag SSL_MODE_NO_AUTO_CHAIN is set.
+
+     The reasoning behind this is that an application would not want the
+     auto chain building to take place if extra chain certificates are
+     present and it might also want a means of sending no additional
+     certificates (for example the chain has two certificates and the
+     root is omitted).
+     [Steve Henson]
+
+  *) Add the possibility to build without the ENGINE framework.
+     [Steven Reddie <smr at essemer.com.au> via Richard Levitte]
+
+  *) Under Win32 gmtime() can return NULL: check return value in
+     OPENSSL_gmtime(). Add error code for case where gmtime() fails.
+     [Steve Henson]
+
+  *) DSA routines: under certain error conditions uninitialized BN objects
+     could be freed. Solution: make sure initialization is performed early
+     enough. (Reported and fix supplied by Ivan D Nestlerode <nestler at MIT.EDU>,
+     Nils Larsch <nla at trustcenter.de> via PR#459)
+     [Lutz Jaenicke]
+
+  *) Another fix for SSLv2 session ID handling: the session ID was incorrectly
+     checked on reconnect on the client side, therefore session resumption
+     could still fail with a "ssl session id is different" error. This
+     behaviour is masked when SSL_OP_ALL is used due to
+     SSL_OP_MICROSOFT_SESS_ID_BUG being set.
+     Behaviour observed by Crispin Flowerday <crispin at flowerday.cx> as
+     followup to PR #377.
+     [Lutz Jaenicke]
+
+  *) IA-32 assembler support enhancements: unified ELF targets, support
+     for SCO/Caldera platforms, fix for Cygwin shared build.
+     [Andy Polyakov]
+
+  *) Add support for FreeBSD on sparc64.  As a consequence, support for
+     FreeBSD on non-x86 processors is separate from x86 processors on
+     the config script, much like the NetBSD support.
+     [Richard Levitte & Kris Kennaway <kris at obsecurity.org>]
+
+ Changes between 0.9.6h and 0.9.7  [31 Dec 2002]
+
+  [NB: OpenSSL 0.9.6i and later 0.9.6 patch levels were released after
+  OpenSSL 0.9.7.]
+
+  *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED
+     code (06) was taken as the first octet of the session ID and the last
+     octet was ignored consequently. As a result SSLv2 client side session
+     caching could not have worked due to the session ID mismatch between
+     client and server.
+     Behaviour observed by Crispin Flowerday <crispin at flowerday.cx> as
+     PR #377.
+     [Lutz Jaenicke]
+
+  *) Change the declaration of needed Kerberos libraries to use EX_LIBS
+     instead of the special (and badly supported) LIBKRB5.  LIBKRB5 is
+     removed entirely.
+     [Richard Levitte]
+
+  *) The hw_ncipher.c engine requires dynamic locks.  Unfortunately, it
+     seems that in spite of existing for more than a year, many application
+     author have done nothing to provide the necessary callbacks, which
+     means that this particular engine will not work properly anywhere.
+     This is a very unfortunate situation which forces us, in the name
+     of usability, to give the hw_ncipher.c a static lock, which is part
+     of libcrypto.
+     NOTE: This is for the 0.9.7 series ONLY.  This hack will never
+     appear in 0.9.8 or later.  We EXPECT application authors to have
+     dealt properly with this when 0.9.8 is released (unless we actually
+     make such changes in the libcrypto locking code that changes will
+     have to be made anyway).
+     [Richard Levitte]
+
+  *) In asn1_d2i_read_bio() repeatedly call BIO_read() until all content
+     octets have been read, EOF or an error occurs. Without this change
+     some truncated ASN1 structures will not produce an error.
+     [Steve Henson]
+
+  *) Disable Heimdal support, since it hasn't been fully implemented.
+     Still give the possibility to force the use of Heimdal, but with
+     warnings and a request that patches get sent to openssl-dev.
+     [Richard Levitte]
+
+  *) Add the VC-CE target, introduce the WINCE sysname, and add
+     INSTALL.WCE and appropriate conditionals to make it build.
+     [Steven Reddie <smr at essemer.com.au> via Richard Levitte]
+
+  *) Change the DLL names for Cygwin to cygcrypto-x.y.z.dll and
+     cygssl-x.y.z.dll, where x, y and z are the major, minor and
+     edit numbers of the version.
+     [Corinna Vinschen <vinschen at redhat.com> and Richard Levitte]
+
+  *) Introduce safe string copy and catenation functions
+     (BUF_strlcpy() and BUF_strlcat()).
+     [Ben Laurie (CHATS) and Richard Levitte]
+
+  *) Avoid using fixed-size buffers for one-line DNs.
+     [Ben Laurie (CHATS)]
+
+  *) Add BUF_MEM_grow_clean() to avoid information leakage when
+     resizing buffers containing secrets, and use where appropriate.
+     [Ben Laurie (CHATS)]
+
+  *) Avoid using fixed size buffers for configuration file location.
+     [Ben Laurie (CHATS)]
+
+  *) Avoid filename truncation for various CA files.
+     [Ben Laurie (CHATS)]
+
+  *) Use sizeof in preference to magic numbers.
+     [Ben Laurie (CHATS)]
+
+  *) Avoid filename truncation in cert requests.
+     [Ben Laurie (CHATS)]
+
+  *) Add assertions to check for (supposedly impossible) buffer
+     overflows.
+     [Ben Laurie (CHATS)]
+
+  *) Don't cache truncated DNS entries in the local cache (this could
+     potentially lead to a spoofing attack).
+     [Ben Laurie (CHATS)]
+
+  *) Fix various buffers to be large enough for hex/decimal
+     representations in a platform independent manner.
+     [Ben Laurie (CHATS)]
+
+  *) Add CRYPTO_realloc_clean() to avoid information leakage when
+     resizing buffers containing secrets, and use where appropriate.
+     [Ben Laurie (CHATS)]
+
+  *) Add BIO_indent() to avoid much slightly worrying code to do
+     indents.
+     [Ben Laurie (CHATS)]
+
+  *) Convert sprintf()/BIO_puts() to BIO_printf().
+     [Ben Laurie (CHATS)]
+
+  *) buffer_gets() could terminate with the buffer only half
+     full. Fixed.
+     [Ben Laurie (CHATS)]
+
+  *) Add assertions to prevent user-supplied crypto functions from
+     overflowing internal buffers by having large block sizes, etc.
+     [Ben Laurie (CHATS)]
+
+  *) New OPENSSL_assert() macro (similar to assert(), but enabled
+     unconditionally).
+     [Ben Laurie (CHATS)]
+
+  *) Eliminate unused copy of key in RC4.
+     [Ben Laurie (CHATS)]
+
+  *) Eliminate unused and incorrectly sized buffers for IV in pem.h.
+     [Ben Laurie (CHATS)]
+
+  *) Fix off-by-one error in EGD path.
+     [Ben Laurie (CHATS)]
+
+  *) If RANDFILE path is too long, ignore instead of truncating.
+     [Ben Laurie (CHATS)]
+
+  *) Eliminate unused and incorrectly sized X.509 structure
+     CBCParameter.
+     [Ben Laurie (CHATS)]
+
+  *) Eliminate unused and dangerous function knumber().
+     [Ben Laurie (CHATS)]
+
+  *) Eliminate unused and dangerous structure, KSSL_ERR.
+     [Ben Laurie (CHATS)]
+
+  *) Protect against overlong session ID context length in an encoded
+     session object. Since these are local, this does not appear to be
+     exploitable.
+     [Ben Laurie (CHATS)]
+
+  *) Change from security patch (see 0.9.6e below) that did not affect
+     the 0.9.6 release series:
+
+     Remote buffer overflow in SSL3 protocol - an attacker could
+     supply an oversized master key in Kerberos-enabled versions.
+     (CVE-2002-0657)
+     [Ben Laurie (CHATS)]
+
+  *) Change the SSL kerb5 codes to match RFC 2712.
+     [Richard Levitte]
+
+  *) Make -nameopt work fully for req and add -reqopt switch.
+     [Michael Bell <michael.bell at rz.hu-berlin.de>, Steve Henson]
+
+  *) The "block size" for block ciphers in CFB and OFB mode should be 1.
+     [Steve Henson, reported by Yngve Nysaeter Pettersen <yngve at opera.com>]
+
+  *) Make sure tests can be performed even if the corresponding algorithms
+     have been removed entirely.  This was also the last step to make
+     OpenSSL compilable with DJGPP under all reasonable conditions.
+     [Richard Levitte, Doug Kaufman <dkaufman at rahul.net>]
+
+  *) Add cipher selection rules COMPLEMENTOFALL and COMPLEMENTOFDEFAULT
+     to allow version independent disabling of normally unselected ciphers,
+     which may be activated as a side-effect of selecting a single cipher.
+
+     (E.g., cipher list string "RSA" enables ciphersuites that are left
+     out of "ALL" because they do not provide symmetric encryption.
+     "RSA:!COMPLEMEMENTOFALL" avoids these unsafe ciphersuites.)
+     [Lutz Jaenicke, Bodo Moeller]
+
+  *) Add appropriate support for separate platform-dependent build
+     directories.  The recommended way to make a platform-dependent
+     build directory is the following (tested on Linux), maybe with
+     some local tweaks:
+
+	# Place yourself outside of the OpenSSL source tree.  In
+	# this example, the environment variable OPENSSL_SOURCE
+	# is assumed to contain the absolute OpenSSL source directory.
+	mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
+	cd objtree/"`uname -s`-`uname -r`-`uname -m`"
+	(cd $OPENSSL_SOURCE; find . -type f) | while read F; do
+		mkdir -p `dirname $F`
+		ln -s $OPENSSL_SOURCE/$F $F
+	done
+
+     To be absolutely sure not to disturb the source tree, a "make clean"
+     is a good thing.  If it isn't successfull, don't worry about it,
+     it probably means the source directory is very clean.
+     [Richard Levitte]
+
+  *) Make sure any ENGINE control commands make local copies of string
+     pointers passed to them whenever necessary. Otherwise it is possible
+     the caller may have overwritten (or deallocated) the original string
+     data when a later ENGINE operation tries to use the stored values.
+     [Götz Babin-Ebell <babinebell at trustcenter.de>]
+
+  *) Improve diagnostics in file reading and command-line digests.
+     [Ben Laurie aided and abetted by Solar Designer <solar at openwall.com>]
+
+  *) Add AES modes CFB and OFB to the object database.  Correct an
+     error in AES-CFB decryption.
+     [Richard Levitte]
+
+  *) Remove most calls to EVP_CIPHER_CTX_cleanup() in evp_enc.c, this 
+     allows existing EVP_CIPHER_CTX structures to be reused after
+     calling EVP_*Final(). This behaviour is used by encryption
+     BIOs and some applications. This has the side effect that
+     applications must explicitly clean up cipher contexts with
+     EVP_CIPHER_CTX_cleanup() or they will leak memory.
+     [Steve Henson]
+
+  *) Check the values of dna and dnb in bn_mul_recursive before calling
+     bn_mul_comba (a non zero value means the a or b arrays do not contain
+     n2 elements) and fallback to bn_mul_normal if either is not zero.
+     [Steve Henson]
+
+  *) Fix escaping of non-ASCII characters when using the -subj option
+     of the "openssl req" command line tool. (Robert Joop <joop at fokus.gmd.de>)
+     [Lutz Jaenicke]
+
+  *) Make object definitions compliant to LDAP (RFC2256): SN is the short
+     form for "surname", serialNumber has no short form.
+     Use "mail" as the short name for "rfc822Mailbox" according to RFC2798;
+     therefore remove "mail" short name for "internet 7".
+     The OID for unique identifiers in X509 certificates is
+     x500UniqueIdentifier, not uniqueIdentifier.
+     Some more OID additions. (Michael Bell <michael.bell at rz.hu-berlin.de>)
+     [Lutz Jaenicke]
+
+  *) Add an "init" command to the ENGINE config module and auto initialize
+     ENGINEs. Without any "init" command the ENGINE will be initialized 
+     after all ctrl commands have been executed on it. If init=1 the 
+     ENGINE is initailized at that point (ctrls before that point are run
+     on the uninitialized ENGINE and after on the initialized one). If
+     init=0 then the ENGINE will not be iniatialized at all.
+     [Steve Henson]
+
+  *) Fix the 'app_verify_callback' interface so that the user-defined
+     argument is actually passed to the callback: In the
+     SSL_CTX_set_cert_verify_callback() prototype, the callback
+     declaration has been changed from
+          int (*cb)()
+     into
+          int (*cb)(X509_STORE_CTX *,void *);
+     in ssl_verify_cert_chain (ssl/ssl_cert.c), the call
+          i=s->ctx->app_verify_callback(&ctx)
+     has been changed into
+          i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg).
+
+     To update applications using SSL_CTX_set_cert_verify_callback(),
+     a dummy argument can be added to their callback functions.
+     [D. K. Smetters <smetters at parc.xerox.com>]
+
+  *) Added the '4758cca' ENGINE to support IBM 4758 cards.
+     [Maurice Gittens <maurice at gittens.nl>, touchups by Geoff Thorpe]
+
+  *) Add and OPENSSL_LOAD_CONF define which will cause
+     OpenSSL_add_all_algorithms() to load the openssl.cnf config file.
+     This allows older applications to transparently support certain
+     OpenSSL features: such as crypto acceleration and dynamic ENGINE loading.
+     Two new functions OPENSSL_add_all_algorithms_noconf() which will never
+     load the config file and OPENSSL_add_all_algorithms_conf() which will
+     always load it have also been added.
+     [Steve Henson]
+
+  *) Add the OFB, CFB and CTR (all with 128 bit feedback) to AES.
+     Adjust NIDs and EVP layer.
+     [Stephen Sprunk <stephen at sprunk.org> and Richard Levitte]
+
+  *) Config modules support in openssl utility.
+
+     Most commands now load modules from the config file,
+     though in a few (such as version) this isn't done 
+     because it couldn't be used for anything.
+
+     In the case of ca and req the config file used is
+     the same as the utility itself: that is the -config
+     command line option can be used to specify an
+     alternative file.
+     [Steve Henson]
+
+  *) Move default behaviour from OPENSSL_config(). If appname is NULL
+     use "openssl_conf" if filename is NULL use default openssl config file.
+     [Steve Henson]
+
+  *) Add an argument to OPENSSL_config() to allow the use of an alternative
+     config section name. Add a new flag to tolerate a missing config file
+     and move code to CONF_modules_load_file().
+     [Steve Henson]
+
+  *) Support for crypto accelerator cards from Accelerated Encryption
+     Processing, www.aep.ie.  (Use engine 'aep')
+     The support was copied from 0.9.6c [engine] and adapted/corrected
+     to work with the new engine framework.
+     [AEP Inc. and Richard Levitte]
+
+  *) Support for SureWare crypto accelerator cards from Baltimore
+     Technologies.  (Use engine 'sureware')
+     The support was copied from 0.9.6c [engine] and adapted
+     to work with the new engine framework.
+     [Richard Levitte]
+
+  *) Have the CHIL engine fork-safe (as defined by nCipher) and actually
+     make the newer ENGINE framework commands for the CHIL engine work.
+     [Toomas Kiisk <vix at cyber.ee> and Richard Levitte]
+
+  *) Make it possible to produce shared libraries on ReliantUNIX.
+     [Robert Dahlem <Robert.Dahlem at ffm2.siemens.de> via Richard Levitte]
+
+  *) Add the configuration target debug-linux-ppro.
+     Make 'openssl rsa' use the general key loading routines
+     implemented in apps.c, and make those routines able to
+     handle the key format FORMAT_NETSCAPE and the variant
+     FORMAT_IISSGC.
+     [Toomas Kiisk <vix at cyber.ee> via Richard Levitte]
+
+ *) Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
+     [Toomas Kiisk <vix at cyber.ee> via Richard Levitte]
+
+  *) Add -keyform to rsautl, and document -engine.
+     [Richard Levitte, inspired by Toomas Kiisk <vix at cyber.ee>]
+
+  *) Change BIO_new_file (crypto/bio/bss_file.c) to use new
+     BIO_R_NO_SUCH_FILE error code rather than the generic
+     ERR_R_SYS_LIB error code if fopen() fails with ENOENT.
+     [Ben Laurie]
+
+  *) Add new functions
+          ERR_peek_last_error
+          ERR_peek_last_error_line
+          ERR_peek_last_error_line_data.
+     These are similar to
+          ERR_peek_error
+          ERR_peek_error_line
+          ERR_peek_error_line_data,
+     but report on the latest error recorded rather than the first one
+     still in the error queue.
+     [Ben Laurie, Bodo Moeller]
+        
+  *) default_algorithms option in ENGINE config module. This allows things
+     like:
+     default_algorithms = ALL
+     default_algorithms = RSA, DSA, RAND, CIPHERS, DIGESTS
+     [Steve Henson]
+
+  *) Prelminary ENGINE config module.
+     [Steve Henson]
+
+  *) New experimental application configuration code.
+     [Steve Henson]
+
+  *) Change the AES code to follow the same name structure as all other
+     symmetric ciphers, and behave the same way.  Move everything to
+     the directory crypto/aes, thereby obsoleting crypto/rijndael.
+     [Stephen Sprunk <stephen at sprunk.org> and Richard Levitte]
+
+  *) SECURITY: remove unsafe setjmp/signal interaction from ui_openssl.c.
+     [Ben Laurie and Theo de Raadt]
+
+  *) Add option to output public keys in req command.
+     [Massimiliano Pala madwolf at openca.org]
+
+  *) Use wNAFs in EC_POINTs_mul() for improved efficiency
+     (up to about 10% better than before for P-192 and P-224).
+     [Bodo Moeller]
+
+  *) New functions/macros
+
+          SSL_CTX_set_msg_callback(ctx, cb)
+          SSL_CTX_set_msg_callback_arg(ctx, arg)
+          SSL_set_msg_callback(ssl, cb)
+          SSL_set_msg_callback_arg(ssl, arg)
+
+     to request calling a callback function
+
+          void cb(int write_p, int version, int content_type,
+                  const void *buf, size_t len, SSL *ssl, void *arg)
+
+     whenever a protocol message has been completely received
+     (write_p == 0) or sent (write_p == 1).  Here 'version' is the
+     protocol version  according to which the SSL library interprets
+     the current protocol message (SSL2_VERSION, SSL3_VERSION, or
+     TLS1_VERSION).  'content_type' is 0 in the case of SSL 2.0, or
+     the content type as defined in the SSL 3.0/TLS 1.0 protocol
+     specification (change_cipher_spec(20), alert(21), handshake(22)).
+     'buf' and 'len' point to the actual message, 'ssl' to the
+     SSL object, and 'arg' is the application-defined value set by
+     SSL[_CTX]_set_msg_callback_arg().
+
+     'openssl s_client' and 'openssl s_server' have new '-msg' options
+     to enable a callback that displays all protocol messages.
+     [Bodo Moeller]
+
+  *) Change the shared library support so shared libraries are built as
+     soon as the corresponding static library is finished, and thereby get
+     openssl and the test programs linked against the shared library.
+     This still only happens when the keyword "shard" has been given to
+     the configuration scripts.
+
+     NOTE: shared library support is still an experimental thing, and
+     backward binary compatibility is still not guaranteed.
+     ["Maciej W. Rozycki" <macro at ds2.pg.gda.pl> and Richard Levitte]
+
+  *) Add support for Subject Information Access extension.
+     [Peter Sylvester <Peter.Sylvester at EdelWeb.fr>]
+
+  *) Make BUF_MEM_grow() behaviour more consistent: Initialise to zero
+     additional bytes when new memory had to be allocated, not just
+     when reusing an existing buffer.
+     [Bodo Moeller]
+
+  *) New command line and configuration option 'utf8' for the req command.
+     This allows field values to be specified as UTF8 strings.
+     [Steve Henson]
+
+  *) Add -multi and -mr options to "openssl speed" - giving multiple parallel
+     runs for the former and machine-readable output for the latter.
+     [Ben Laurie]
+
+  *) Add '-noemailDN' option to 'openssl ca'.  This prevents inclusion
+     of the e-mail address in the DN (i.e., it will go into a certificate
+     extension only).  The new configuration file option 'email_in_dn = no'
+     has the same effect.
+     [Massimiliano Pala madwolf at openca.org]
+
+  *) Change all functions with names starting with des_ to be starting
+     with DES_ instead.  Add wrappers that are compatible with libdes,
+     but are named _ossl_old_des_*.  Finally, add macros that map the
+     des_* symbols to the corresponding _ossl_old_des_* if libdes
+     compatibility is desired.  If OpenSSL 0.9.6c compatibility is
+     desired, the des_* symbols will be mapped to DES_*, with one
+     exception.
+
+     Since we provide two compatibility mappings, the user needs to
+     define the macro OPENSSL_DES_LIBDES_COMPATIBILITY if libdes
+     compatibility is desired.  The default (i.e., when that macro
+     isn't defined) is OpenSSL 0.9.6c compatibility.
+
+     There are also macros that enable and disable the support of old
+     des functions altogether.  Those are OPENSSL_ENABLE_OLD_DES_SUPPORT
+     and OPENSSL_DISABLE_OLD_DES_SUPPORT.  If none or both of those
+     are defined, the default will apply: to support the old des routines.
+
+     In either case, one must include openssl/des.h to get the correct
+     definitions.  Do not try to just include openssl/des_old.h, that
+     won't work.
+
+     NOTE: This is a major break of an old API into a new one.  Software
+     authors are encouraged to switch to the DES_ style functions.  Some
+     time in the future, des_old.h and the libdes compatibility functions
+     will be disable (i.e. OPENSSL_DISABLE_OLD_DES_SUPPORT will be the
+     default), and then completely removed.
+     [Richard Levitte]
+
+  *) Test for certificates which contain unsupported critical extensions.
+     If such a certificate is found during a verify operation it is 
+     rejected by default: this behaviour can be overridden by either
+     handling the new error X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION or
+     by setting the verify flag X509_V_FLAG_IGNORE_CRITICAL. A new function
+     X509_supported_extension() has also been added which returns 1 if a
+     particular extension is supported.
+     [Steve Henson]
+
+  *) Modify the behaviour of EVP cipher functions in similar way to digests
+     to retain compatibility with existing code.
+     [Steve Henson]
+
+  *) Modify the behaviour of EVP_DigestInit() and EVP_DigestFinal() to retain
+     compatibility with existing code. In particular the 'ctx' parameter does
+     not have to be to be initialized before the call to EVP_DigestInit() and
+     it is tidied up after a call to EVP_DigestFinal(). New function
+     EVP_DigestFinal_ex() which does not tidy up the ctx. Similarly function
+     EVP_MD_CTX_copy() changed to not require the destination to be
+     initialized valid and new function EVP_MD_CTX_copy_ex() added which
+     requires the destination to be valid.
+
+     Modify all the OpenSSL digest calls to use EVP_DigestInit_ex(),
+     EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex().
+     [Steve Henson]
+
+  *) Change ssl3_get_message (ssl/s3_both.c) and the functions using it
+     so that complete 'Handshake' protocol structures are kept in memory
+     instead of overwriting 'msg_type' and 'length' with 'body' data.
+     [Bodo Moeller]
+
+  *) Add an implementation of SSL_add_dir_cert_subjects_to_stack for Win32.
+     [Massimo Santin via Richard Levitte]
+
+  *) Major restructuring to the underlying ENGINE code. This includes
+     reduction of linker bloat, separation of pure "ENGINE" manipulation
+     (initialisation, etc) from functionality dealing with implementations
+     of specific crypto iterfaces. This change also introduces integrated
+     support for symmetric ciphers and digest implementations - so ENGINEs
+     can now accelerate these by providing EVP_CIPHER and EVP_MD
+     implementations of their own. This is detailed in crypto/engine/README
+     as it couldn't be adequately described here. However, there are a few
+     API changes worth noting - some RSA, DSA, DH, and RAND functions that
+     were changed in the original introduction of ENGINE code have now
+     reverted back - the hooking from this code to ENGINE is now a good
+     deal more passive and at run-time, operations deal directly with
+     RSA_METHODs, DSA_METHODs (etc) as they did before, rather than
+     dereferencing through an ENGINE pointer any more. Also, the ENGINE
+     functions dealing with BN_MOD_EXP[_CRT] handlers have been removed -
+     they were not being used by the framework as there is no concept of a
+     BIGNUM_METHOD and they could not be generalised to the new
+     'ENGINE_TABLE' mechanism that underlies the new code. Similarly,
+     ENGINE_cpy() has been removed as it cannot be consistently defined in
+     the new code.
+     [Geoff Thorpe]
+
+  *) Change ASN1_GENERALIZEDTIME_check() to allow fractional seconds.
+     [Steve Henson]
+
+  *) Change mkdef.pl to sort symbols that get the same entry number,
+     and make sure the automatically generated functions ERR_load_*
+     become part of libeay.num as well.
+     [Richard Levitte]
+
+  *) New function SSL_renegotiate_pending().  This returns true once
+     renegotiation has been requested (either SSL_renegotiate() call
+     or HelloRequest/ClientHello receveived from the peer) and becomes
+     false once a handshake has been completed.
+     (For servers, SSL_renegotiate() followed by SSL_do_handshake()
+     sends a HelloRequest, but does not ensure that a handshake takes
+     place.  SSL_renegotiate_pending() is useful for checking if the
+     client has followed the request.)
+     [Bodo Moeller]
+
+  *) New SSL option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.
+     By default, clients may request session resumption even during
+     renegotiation (if session ID contexts permit); with this option,
+     session resumption is possible only in the first handshake.
+
+     SSL_OP_ALL is now 0x00000FFFL instead of 0x000FFFFFL.  This makes
+     more bits available for options that should not be part of
+     SSL_OP_ALL (such as SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION).
+     [Bodo Moeller]
+
+  *) Add some demos for certificate and certificate request creation.
+     [Steve Henson]
+
+  *) Make maximum certificate chain size accepted from the peer application
+     settable (SSL*_get/set_max_cert_list()), as proposed by
+     "Douglas E. Engert" <deengert at anl.gov>.
+     [Lutz Jaenicke]
+
+  *) Add support for shared libraries for Unixware-7
+     (Boyd Lynn Gerber <gerberb at zenez.com>).
+     [Lutz Jaenicke]
+
+  *) Add a "destroy" handler to ENGINEs that allows structural cleanup to
+     be done prior to destruction. Use this to unload error strings from
+     ENGINEs that load their own error strings. NB: This adds two new API
+     functions to "get" and "set" this destroy handler in an ENGINE.
+     [Geoff Thorpe]
+
+  *) Alter all existing ENGINE implementations (except "openssl" and
+     "openbsd") to dynamically instantiate their own error strings. This
+     makes them more flexible to be built both as statically-linked ENGINEs
+     and self-contained shared-libraries loadable via the "dynamic" ENGINE.
+     Also, add stub code to each that makes building them as self-contained
+     shared-libraries easier (see README.ENGINE).
+     [Geoff Thorpe]
+
+  *) Add a "dynamic" ENGINE that provides a mechanism for binding ENGINE
+     implementations into applications that are completely implemented in
+     self-contained shared-libraries. The "dynamic" ENGINE exposes control
+     commands that can be used to configure what shared-library to load and
+     to control aspects of the way it is handled. Also, made an update to
+     the README.ENGINE file that brings its information up-to-date and
+     provides some information and instructions on the "dynamic" ENGINE
+     (ie. how to use it, how to build "dynamic"-loadable ENGINEs, etc).
+     [Geoff Thorpe]
+
+  *) Make it possible to unload ranges of ERR strings with a new
+     "ERR_unload_strings" function.
+     [Geoff Thorpe]
+
+  *) Add a copy() function to EVP_MD.
+     [Ben Laurie]
+
+  *) Make EVP_MD routines take a context pointer instead of just the
+     md_data void pointer.
+     [Ben Laurie]
+
+  *) Add flags to EVP_MD and EVP_MD_CTX. EVP_MD_FLAG_ONESHOT indicates
+     that the digest can only process a single chunk of data
+     (typically because it is provided by a piece of
+     hardware). EVP_MD_CTX_FLAG_ONESHOT indicates that the application
+     is only going to provide a single chunk of data, and hence the
+     framework needn't accumulate the data for oneshot drivers.
+     [Ben Laurie]
+
+  *) As with "ERR", make it possible to replace the underlying "ex_data"
+     functions. This change also alters the storage and management of global
+     ex_data state - it's now all inside ex_data.c and all "class" code (eg.
+     RSA, BIO, SSL_CTX, etc) no longer stores its own STACKS and per-class
+     index counters. The API functions that use this state have been changed
+     to take a "class_index" rather than pointers to the class's local STACK
+     and counter, and there is now an API function to dynamically create new
+     classes. This centralisation allows us to (a) plug a lot of the
+     thread-safety problems that existed, and (b) makes it possible to clean
+     up all allocated state using "CRYPTO_cleanup_all_ex_data()". W.r.t. (b)
+     such data would previously have always leaked in application code and
+     workarounds were in place to make the memory debugging turn a blind eye
+     to it. Application code that doesn't use this new function will still
+     leak as before, but their memory debugging output will announce it now
+     rather than letting it slide.
+
+     Besides the addition of CRYPTO_cleanup_all_ex_data(), another API change
+     induced by the "ex_data" overhaul is that X509_STORE_CTX_init() now
+     has a return value to indicate success or failure.
+     [Geoff Thorpe]
+
+  *) Make it possible to replace the underlying "ERR" functions such that the
+     global state (2 LHASH tables and 2 locks) is only used by the "default"
+     implementation. This change also adds two functions to "get" and "set"
+     the implementation prior to it being automatically set the first time
+     any other ERR function takes place. Ie. an application can call "get",
+     pass the return value to a module it has just loaded, and that module
+     can call its own "set" function using that value. This means the
+     module's "ERR" operations will use (and modify) the error state in the
+     application and not in its own statically linked copy of OpenSSL code.
+     [Geoff Thorpe]
+
+  *) Give DH, DSA, and RSA types their own "**_up_ref()" function to increment
+     reference counts. This performs normal REF_PRINT/REF_CHECK macros on
+     the operation, and provides a more encapsulated way for external code
+     (crypto/evp/ and ssl/) to do this. Also changed the evp and ssl code
+     to use these functions rather than manually incrementing the counts.
+
+     Also rename "DSO_up()" function to more descriptive "DSO_up_ref()".
+     [Geoff Thorpe]
+
+  *) Add EVP test program.
+     [Ben Laurie]
+
+  *) Add symmetric cipher support to ENGINE. Expect the API to change!
+     [Ben Laurie]
+
+  *) New CRL functions: X509_CRL_set_version(), X509_CRL_set_issuer_name()
+     X509_CRL_set_lastUpdate(), X509_CRL_set_nextUpdate(), X509_CRL_sort(),
+     X509_REVOKED_set_serialNumber(), and X509_REVOKED_set_revocationDate().
+     These allow a CRL to be built without having to access X509_CRL fields
+     directly. Modify 'ca' application to use new functions.
+     [Steve Henson]
+
+  *) Move SSL_OP_TLS_ROLLBACK_BUG out of the SSL_OP_ALL list of recommended
+     bug workarounds. Rollback attack detection is a security feature.
+     The problem will only arise on OpenSSL servers when TLSv1 is not
+     available (sslv3_server_method() or SSL_OP_NO_TLSv1).
+     Software authors not wanting to support TLSv1 will have special reasons
+     for their choice and can explicitly enable this option.
+     [Bodo Moeller, Lutz Jaenicke]
+
+  *) Rationalise EVP so it can be extended: don't include a union of
+     cipher/digest structures, add init/cleanup functions for EVP_MD_CTX
+     (similar to those existing for EVP_CIPHER_CTX).
+     Usage example:
+
+         EVP_MD_CTX md;
+
+         EVP_MD_CTX_init(&md);             /* new function call */
+         EVP_DigestInit(&md, EVP_sha1());
+         EVP_DigestUpdate(&md, in, len);
+         EVP_DigestFinal(&md, out, NULL);
+         EVP_MD_CTX_cleanup(&md);          /* new function call */
+
+     [Ben Laurie]
+
+  *) Make DES key schedule conform to the usual scheme, as well as
+     correcting its structure. This means that calls to DES functions
+     now have to pass a pointer to a des_key_schedule instead of a
+     plain des_key_schedule (which was actually always a pointer
+     anyway): E.g.,
+
+         des_key_schedule ks;
+
+	 des_set_key_checked(..., &ks);
+	 des_ncbc_encrypt(..., &ks, ...);
+
+     (Note that a later change renames 'des_...' into 'DES_...'.)
+     [Ben Laurie]
+
+  *) Initial reduction of linker bloat: the use of some functions, such as
+     PEM causes large amounts of unused functions to be linked in due to
+     poor organisation. For example pem_all.c contains every PEM function
+     which has a knock on effect of linking in large amounts of (unused)
+     ASN1 code. Grouping together similar functions and splitting unrelated
+     functions prevents this.
+     [Steve Henson]
+
+  *) Cleanup of EVP macros.
+     [Ben Laurie]
+
+  *) Change historical references to {NID,SN,LN}_des_ede and ede3 to add the
+     correct _ecb suffix.
+     [Ben Laurie]
+
+  *) Add initial OCSP responder support to ocsp application. The
+     revocation information is handled using the text based index
+     use by the ca application. The responder can either handle
+     requests generated internally, supplied in files (for example
+     via a CGI script) or using an internal minimal server.
+     [Steve Henson]
+
+  *) Add configuration choices to get zlib compression for TLS.
+     [Richard Levitte]
+
+  *) Changes to Kerberos SSL for RFC 2712 compliance:
+     1.  Implemented real KerberosWrapper, instead of just using
+         KRB5 AP_REQ message.  [Thanks to Simon Wilkinson <sxw at sxw.org.uk>]
+     2.  Implemented optional authenticator field of KerberosWrapper.
+
+     Added openssl-style ASN.1 macros for Kerberos ticket, ap_req,
+     and authenticator structs; see crypto/krb5/.
+
+     Generalized Kerberos calls to support multiple Kerberos libraries.
+     [Vern Staats <staatsvr at asc.hpc.mil>,
+      Jeffrey Altman <jaltman at columbia.edu>
+      via Richard Levitte]
+
+  *) Cause 'openssl speed' to use fully hard-coded DSA keys as it
+     already does with RSA. testdsa.h now has 'priv_key/pub_key'
+     values for each of the key sizes rather than having just
+     parameters (and 'speed' generating keys each time).
+     [Geoff Thorpe]
+
+  *) Speed up EVP routines.
+     Before:
+encrypt
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+des-cbc           4408.85k     5560.51k     5778.46k     5862.20k     5825.16k
+des-cbc           4389.55k     5571.17k     5792.23k     5846.91k     5832.11k
+des-cbc           4394.32k     5575.92k     5807.44k     5848.37k     5841.30k
+decrypt
+des-cbc           3482.66k     5069.49k     5496.39k     5614.16k     5639.28k
+des-cbc           3480.74k     5068.76k     5510.34k     5609.87k     5635.52k
+des-cbc           3483.72k     5067.62k     5504.60k     5708.01k     5724.80k
+     After:
+encrypt
+des-cbc           4660.16k     5650.19k     5807.19k     5827.13k     5783.32k
+decrypt
+des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
+     [Ben Laurie]
+
+  *) Added the OS2-EMX target.
+     ["Brian Havard" <brianh at kheldar.apana.org.au> and Richard Levitte]
+
+  *) Rewrite apps to use NCONF routines instead of the old CONF. New functions
+     to support NCONF routines in extension code. New function CONF_set_nconf()
+     to allow functions which take an NCONF to also handle the old LHASH
+     structure: this means that the old CONF compatible routines can be
+     retained (in particular wrt extensions) without having to duplicate the
+     code. New function X509V3_add_ext_nconf_sk to add extensions to a stack.
+     [Steve Henson]
+
+  *) Enhance the general user interface with mechanisms for inner control
+     and with possibilities to have yes/no kind of prompts.
+     [Richard Levitte]
+
+  *) Change all calls to low level digest routines in the library and
+     applications to use EVP. Add missing calls to HMAC_cleanup() and
+     don't assume HMAC_CTX can be copied using memcpy().
+     [Verdon Walker <VWalker at novell.com>, Steve Henson]
+
+  *) Add the possibility to control engines through control names but with
+     arbitrary arguments instead of just a string.
+     Change the key loaders to take a UI_METHOD instead of a callback
+     function pointer.  NOTE: this breaks binary compatibility with earlier
+     versions of OpenSSL [engine].
+     Adapt the nCipher code for these new conditions and add a card insertion
+     callback.
+     [Richard Levitte]
+
+  *) Enhance the general user interface with mechanisms to better support
+     dialog box interfaces, application-defined prompts, the possibility
+     to use defaults (for example default passwords from somewhere else)
+     and interrupts/cancellations.
+     [Richard Levitte]
+
+  *) Tidy up PKCS#12 attribute handling. Add support for the CSP name
+     attribute in PKCS#12 files, add new -CSP option to pkcs12 utility.
+     [Steve Henson]
+
+  *) Fix a memory leak in 'sk_dup()' in the case reallocation fails. (Also
+     tidy up some unnecessarily weird code in 'sk_new()').
+     [Geoff, reported by Diego Tartara <dtartara at novamens.com>]
+
+  *) Change the key loading routines for ENGINEs to use the same kind
+     callback (pem_password_cb) as all other routines that need this
+     kind of callback.
+     [Richard Levitte]
+
+  *) Increase ENTROPY_NEEDED to 32 bytes, as Rijndael can operate with
+     256 bit (=32 byte) keys. Of course seeding with more entropy bytes
+     than this minimum value is recommended.
+     [Lutz Jaenicke]
+
+  *) New random seeder for OpenVMS, using the system process statistics
+     that are easily reachable.
+     [Richard Levitte]
+
+  *) Windows apparently can't transparently handle global
+     variables defined in DLLs. Initialisations such as:
+
+        const ASN1_ITEM *it = &ASN1_INTEGER_it;
+
+     wont compile. This is used by the any applications that need to
+     declare their own ASN1 modules. This was fixed by adding the option
+     EXPORT_VAR_AS_FN to all Win32 platforms, although this isn't strictly
+     needed for static libraries under Win32.
+     [Steve Henson]
+
+  *) New functions X509_PURPOSE_set() and X509_TRUST_set() to handle
+     setting of purpose and trust fields. New X509_STORE trust and
+     purpose functions and tidy up setting in other SSL functions.
+     [Steve Henson]
+
+  *) Add copies of X509_STORE_CTX fields and callbacks to X509_STORE
+     structure. These are inherited by X509_STORE_CTX when it is 
+     initialised. This allows various defaults to be set in the
+     X509_STORE structure (such as flags for CRL checking and custom
+     purpose or trust settings) for functions which only use X509_STORE_CTX
+     internally such as S/MIME.
+
+     Modify X509_STORE_CTX_purpose_inherit() so it only sets purposes and
+     trust settings if they are not set in X509_STORE. This allows X509_STORE
+     purposes and trust (in S/MIME for example) to override any set by default.
+
+     Add command line options for CRL checking to smime, s_client and s_server
+     applications.
+     [Steve Henson]
+
+  *) Initial CRL based revocation checking. If the CRL checking flag(s)
+     are set then the CRL is looked up in the X509_STORE structure and
+     its validity and signature checked, then if the certificate is found
+     in the CRL the verify fails with a revoked error.
+
+     Various new CRL related callbacks added to X509_STORE_CTX structure.
+
+     Command line options added to 'verify' application to support this.
+
+     This needs some additional work, such as being able to handle multiple
+     CRLs with different times, extension based lookup (rather than just
+     by subject name) and ultimately more complete V2 CRL extension
+     handling.
+     [Steve Henson]
+
+  *) Add a general user interface API (crypto/ui/).  This is designed
+     to replace things like des_read_password and friends (backward
+     compatibility functions using this new API are provided).
+     The purpose is to remove prompting functions from the DES code
+     section as well as provide for prompting through dialog boxes in
+     a window system and the like.
+     [Richard Levitte]
+
+  *) Add "ex_data" support to ENGINE so implementations can add state at a
+     per-structure level rather than having to store it globally.
+     [Geoff]
+
+  *) Make it possible for ENGINE structures to be copied when retrieved by
+     ENGINE_by_id() if the ENGINE specifies a new flag: ENGINE_FLAGS_BY_ID_COPY.
+     This causes the "original" ENGINE structure to act like a template,
+     analogous to the RSA vs. RSA_METHOD type of separation. Because of this
+     operational state can be localised to each ENGINE structure, despite the
+     fact they all share the same "methods". New ENGINE structures returned in
+     this case have no functional references and the return value is the single
+     structural reference. This matches the single structural reference returned
+     by ENGINE_by_id() normally, when it is incremented on the pre-existing
+     ENGINE structure.
+     [Geoff]
+
+  *) Fix ASN1 decoder when decoding type ANY and V_ASN1_OTHER: since this
+     needs to match any other type at all we need to manually clear the
+     tag cache.
+     [Steve Henson]
+
+  *) Changes to the "openssl engine" utility to include;
+     - verbosity levels ('-v', '-vv', and '-vvv') that provide information
+       about an ENGINE's available control commands.
+     - executing control commands from command line arguments using the
+       '-pre' and '-post' switches. '-post' is only used if '-t' is
+       specified and the ENGINE is successfully initialised. The syntax for
+       the individual commands are colon-separated, for example;
+	 openssl engine chil -pre FORK_CHECK:0 -pre SO_PATH:/lib/test.so
+     [Geoff]
+
+  *) New dynamic control command support for ENGINEs. ENGINEs can now
+     declare their own commands (numbers), names (strings), descriptions,
+     and input types for run-time discovery by calling applications. A
+     subset of these commands are implicitly classed as "executable"
+     depending on their input type, and only these can be invoked through
+     the new string-based API function ENGINE_ctrl_cmd_string(). (Eg. this
+     can be based on user input, config files, etc). The distinction is
+     that "executable" commands cannot return anything other than a boolean
+     result and can only support numeric or string input, whereas some
+     discoverable commands may only be for direct use through
+     ENGINE_ctrl(), eg. supporting the exchange of binary data, function
+     pointers, or other custom uses. The "executable" commands are to
+     support parameterisations of ENGINE behaviour that can be
+     unambiguously defined by ENGINEs and used consistently across any
+     OpenSSL-based application. Commands have been added to all the
+     existing hardware-supporting ENGINEs, noticeably "SO_PATH" to allow
+     control over shared-library paths without source code alterations.
+     [Geoff]
+
+  *) Changed all ENGINE implementations to dynamically allocate their
+     ENGINEs rather than declaring them statically. Apart from this being
+     necessary with the removal of the ENGINE_FLAGS_MALLOCED distinction,
+     this also allows the implementations to compile without using the
+     internal engine_int.h header.
+     [Geoff]
+
+  *) Minor adjustment to "rand" code. RAND_get_rand_method() now returns a
+     'const' value. Any code that should be able to modify a RAND_METHOD
+     should already have non-const pointers to it (ie. they should only
+     modify their own ones).
+     [Geoff]
+
+  *) Made a variety of little tweaks to the ENGINE code.
+     - "atalla" and "ubsec" string definitions were moved from header files
+       to C code. "nuron" string definitions were placed in variables
+       rather than hard-coded - allowing parameterisation of these values
+       later on via ctrl() commands.
+     - Removed unused "#if 0"'d code.
+     - Fixed engine list iteration code so it uses ENGINE_free() to release
+       structural references.
+     - Constified the RAND_METHOD element of ENGINE structures.
+     - Constified various get/set functions as appropriate and added
+       missing functions (including a catch-all ENGINE_cpy that duplicates
+       all ENGINE values onto a new ENGINE except reference counts/state).
+     - Removed NULL parameter checks in get/set functions. Setting a method
+       or function to NULL is a way of cancelling out a previously set
+       value.  Passing a NULL ENGINE parameter is just plain stupid anyway
+       and doesn't justify the extra error symbols and code.
+     - Deprecate the ENGINE_FLAGS_MALLOCED define and move the area for
+       flags from engine_int.h to engine.h.
+     - Changed prototypes for ENGINE handler functions (init(), finish(),
+       ctrl(), key-load functions, etc) to take an (ENGINE*) parameter.
+     [Geoff]
+
+  *) Implement binary inversion algorithm for BN_mod_inverse in addition
+     to the algorithm using long division.  The binary algorithm can be
+     used only if the modulus is odd.  On 32-bit systems, it is faster
+     only for relatively small moduli (roughly 20-30% for 128-bit moduli,
+     roughly 5-15% for 256-bit moduli), so we use it only for moduli
+     up to 450 bits.  In 64-bit environments, the binary algorithm
+     appears to be advantageous for much longer moduli; here we use it
+     for moduli up to 2048 bits.
+     [Bodo Moeller]
+
+  *) Rewrite CHOICE field setting in ASN1_item_ex_d2i(). The old code
+     could not support the combine flag in choice fields.
+     [Steve Henson]
+
+  *) Add a 'copy_extensions' option to the 'ca' utility. This copies
+     extensions from a certificate request to the certificate.
+     [Steve Henson]
+
+  *) Allow multiple 'certopt' and 'nameopt' options to be separated
+     by commas. Add 'namopt' and 'certopt' options to the 'ca' config
+     file: this allows the display of the certificate about to be
+     signed to be customised, to allow certain fields to be included
+     or excluded and extension details. The old system didn't display
+     multicharacter strings properly, omitted fields not in the policy
+     and couldn't display additional details such as extensions.
+     [Steve Henson]
+
+  *) Function EC_POINTs_mul for multiple scalar multiplication
+     of an arbitrary number of elliptic curve points
+          \sum scalars[i]*points[i],
+     optionally including the generator defined for the EC_GROUP:
+          scalar*generator +  \sum scalars[i]*points[i].
+
+     EC_POINT_mul is a simple wrapper function for the typical case
+     that the point list has just one item (besides the optional
+     generator).
+     [Bodo Moeller]
+
+  *) First EC_METHODs for curves over GF(p):
+
+     EC_GFp_simple_method() uses the basic BN_mod_mul and BN_mod_sqr
+     operations and provides various method functions that can also
+     operate with faster implementations of modular arithmetic.     
+
+     EC_GFp_mont_method() reuses most functions that are part of
+     EC_GFp_simple_method, but uses Montgomery arithmetic.
+
+     [Bodo Moeller; point addition and point doubling
+     implementation directly derived from source code provided by
+     Lenka Fibikova <fibikova at exp-math.uni-essen.de>]
+
+  *) Framework for elliptic curves (crypto/ec/ec.h, crypto/ec/ec_lcl.h,
+     crypto/ec/ec_lib.c):
+
+     Curves are EC_GROUP objects (with an optional group generator)
+     based on EC_METHODs that are built into the library.
+
+     Points are EC_POINT objects based on EC_GROUP objects.
+
+     Most of the framework would be able to handle curves over arbitrary
+     finite fields, but as there are no obvious types for fields other
+     than GF(p), some functions are limited to that for now.
+     [Bodo Moeller]
+
+  *) Add the -HTTP option to s_server.  It is similar to -WWW, but requires
+     that the file contains a complete HTTP response.
+     [Richard Levitte]
+
+  *) Add the ec directory to mkdef.pl and mkfiles.pl. In mkdef.pl
+     change the def and num file printf format specifier from "%-40sXXX"
+     to "%-39s XXX". The latter will always guarantee a space after the
+     field while the former will cause them to run together if the field
+     is 40 of more characters long.
+     [Steve Henson]
+
+  *) Constify the cipher and digest 'method' functions and structures
+     and modify related functions to take constant EVP_MD and EVP_CIPHER
+     pointers.
+     [Steve Henson]
+
+  *) Hide BN_CTX structure details in bn_lcl.h instead of publishing them
+     in <openssl/bn.h>.  Also further increase BN_CTX_NUM to 32.
+     [Bodo Moeller]
+
+  *) Modify EVP_Digest*() routines so they now return values. Although the
+     internal software routines can never fail additional hardware versions
+     might.
+     [Steve Henson]
+
+  *) Clean up crypto/err/err.h and change some error codes to avoid conflicts:
+
+     Previously ERR_R_FATAL was too small and coincided with ERR_LIB_PKCS7
+     (= ERR_R_PKCS7_LIB); it is now 64 instead of 32.
+
+     ASN1 error codes
+          ERR_R_NESTED_ASN1_ERROR
+          ...
+          ERR_R_MISSING_ASN1_EOS
+     were 4 .. 9, conflicting with
+          ERR_LIB_RSA (= ERR_R_RSA_LIB)
+          ...
+          ERR_LIB_PEM (= ERR_R_PEM_LIB).
+     They are now 58 .. 63 (i.e., just below ERR_R_FATAL).
+
+     Add new error code 'ERR_R_INTERNAL_ERROR'.
+     [Bodo Moeller]
+
+  *) Don't overuse locks in crypto/err/err.c: For data retrieval, CRYPTO_r_lock
+     suffices.
+     [Bodo Moeller]
+
+  *) New option '-subj arg' for 'openssl req' and 'openssl ca'.  This
+     sets the subject name for a new request or supersedes the
+     subject name in a given request. Formats that can be parsed are
+          'CN=Some Name, OU=myOU, C=IT'
+     and
+          'CN=Some Name/OU=myOU/C=IT'.
+
+     Add options '-batch' and '-verbose' to 'openssl req'.
+     [Massimiliano Pala <madwolf at hackmasters.net>]
+
+  *) Introduce the possibility to access global variables through
+     functions on platform were that's the best way to handle exporting
+     global variables in shared libraries.  To enable this functionality,
+     one must configure with "EXPORT_VAR_AS_FN" or defined the C macro
+     "OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter
+     is normally done by Configure or something similar).
+
+     To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL
+     in the source file (foo.c) like this:
+
+	OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1;
+	OPENSSL_IMPLEMENT_GLOBAL(double,bar);
+
+     To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL
+     and OPENSSL_GLOBAL_REF in the header file (foo.h) like this:
+
+	OPENSSL_DECLARE_GLOBAL(int,foo);
+	#define foo OPENSSL_GLOBAL_REF(foo)
+	OPENSSL_DECLARE_GLOBAL(double,bar);
+	#define bar OPENSSL_GLOBAL_REF(bar)
+
+     The #defines are very important, and therefore so is including the
+     header file everywhere where the defined globals are used.
+
+     The macro OPENSSL_EXPORT_VAR_AS_FUNCTION also affects the definition
+     of ASN.1 items, but that structure is a bit different.
+
+     The largest change is in util/mkdef.pl which has been enhanced with
+     better and easier to understand logic to choose which symbols should
+     go into the Windows .def files as well as a number of fixes and code
+     cleanup (among others, algorithm keywords are now sorted
+     lexicographically to avoid constant rewrites).
+     [Richard Levitte]
+
+  *) In BN_div() keep a copy of the sign of 'num' before writing the
+     result to 'rm' because if rm==num the value will be overwritten
+     and produce the wrong result if 'num' is negative: this caused
+     problems with BN_mod() and BN_nnmod().
+     [Steve Henson]
+
+  *) Function OCSP_request_verify(). This checks the signature on an
+     OCSP request and verifies the signer certificate. The signer
+     certificate is just checked for a generic purpose and OCSP request
+     trust settings.
+     [Steve Henson]
+
+  *) Add OCSP_check_validity() function to check the validity of OCSP
+     responses. OCSP responses are prepared in real time and may only
+     be a few seconds old. Simply checking that the current time lies
+     between thisUpdate and nextUpdate max reject otherwise valid responses
+     caused by either OCSP responder or client clock inaccuracy. Instead
+     we allow thisUpdate and nextUpdate to fall within a certain period of
+     the current time. The age of the response can also optionally be
+     checked. Two new options -validity_period and -status_age added to
+     ocsp utility.
+     [Steve Henson]
+
+  *) If signature or public key algorithm is unrecognized print out its
+     OID rather that just UNKNOWN.
+     [Steve Henson]
+
+  *) Change OCSP_cert_to_id() to tolerate a NULL subject certificate and
+     OCSP_cert_id_new() a NULL serialNumber. This allows a partial certificate
+     ID to be generated from the issuer certificate alone which can then be
+     passed to OCSP_id_issuer_cmp().
+     [Steve Henson]
+
+  *) New compilation option ASN1_ITEM_FUNCTIONS. This causes the new
+     ASN1 modules to export functions returning ASN1_ITEM pointers
+     instead of the ASN1_ITEM structures themselves. This adds several
+     new macros which allow the underlying ASN1 function/structure to
+     be accessed transparently. As a result code should not use ASN1_ITEM
+     references directly (such as &X509_it) but instead use the relevant
+     macros (such as ASN1_ITEM_rptr(X509)). This option is to allow
+     use of the new ASN1 code on platforms where exporting structures
+     is problematical (for example in shared libraries) but exporting
+     functions returning pointers to structures is not.
+     [Steve Henson]
+
+  *) Add support for overriding the generation of SSL/TLS session IDs.
+     These callbacks can be registered either in an SSL_CTX or per SSL.
+     The purpose of this is to allow applications to control, if they wish,
+     the arbitrary values chosen for use as session IDs, particularly as it
+     can be useful for session caching in multiple-server environments. A
+     command-line switch for testing this (and any client code that wishes
+     to use such a feature) has been added to "s_server".
+     [Geoff Thorpe, Lutz Jaenicke]
+
+  *) Modify mkdef.pl to recognise and parse preprocessor conditionals
+     of the form '#if defined(...) || defined(...) || ...' and
+     '#if !defined(...) && !defined(...) && ...'.  This also avoids
+     the growing number of special cases it was previously handling.
+     [Richard Levitte]
+
+  *) Make all configuration macros available for application by making
+     sure they are available in opensslconf.h, by giving them names starting
+     with "OPENSSL_" to avoid conflicts with other packages and by making
+     sure e_os2.h will cover all platform-specific cases together with
+     opensslconf.h.
+     Additionally, it is now possible to define configuration/platform-
+     specific names (called "system identities").  In the C code, these
+     are prefixed with "OPENSSL_SYSNAME_".  e_os2.h will create another
+     macro with the name beginning with "OPENSSL_SYS_", which is determined
+     from "OPENSSL_SYSNAME_*" or compiler-specific macros depending on
+     what is available.
+     [Richard Levitte]
+
+  *) New option -set_serial to 'req' and 'x509' this allows the serial
+     number to use to be specified on the command line. Previously self
+     signed certificates were hard coded with serial number 0 and the 
+     CA options of 'x509' had to use a serial number in a file which was
+     auto incremented.
+     [Steve Henson]
+
+  *) New options to 'ca' utility to support V2 CRL entry extensions.
+     Currently CRL reason, invalidity date and hold instruction are
+     supported. Add new CRL extensions to V3 code and some new objects.
+     [Steve Henson]
+
+  *) New function EVP_CIPHER_CTX_set_padding() this is used to
+     disable standard block padding (aka PKCS#5 padding) in the EVP
+     API, which was previously mandatory. This means that the data is
+     not padded in any way and so the total length much be a multiple
+     of the block size, otherwise an error occurs.
+     [Steve Henson]
+
+  *) Initial (incomplete) OCSP SSL support.
+     [Steve Henson]
+
+  *) New function OCSP_parse_url(). This splits up a URL into its host,
+     port and path components: primarily to parse OCSP URLs. New -url
+     option to ocsp utility.
+     [Steve Henson]
+
+  *) New nonce behavior. The return value of OCSP_check_nonce() now 
+     reflects the various checks performed. Applications can decide
+     whether to tolerate certain situations such as an absent nonce
+     in a response when one was present in a request: the ocsp application
+     just prints out a warning. New function OCSP_add1_basic_nonce()
+     this is to allow responders to include a nonce in a response even if
+     the request is nonce-less.
+     [Steve Henson]
+
+  *) Disable stdin buffering in load_cert (apps/apps.c) so that no certs are
+     skipped when using openssl x509 multiple times on a single input file,
+     e.g. "(openssl x509 -out cert1; openssl x509 -out cert2) <certs".
+     [Bodo Moeller]
+
+  *) Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string()
+     set string type: to handle setting ASN1_TIME structures. Fix ca
+     utility to correctly initialize revocation date of CRLs.
+     [Steve Henson]
+
+  *) New option SSL_OP_CIPHER_SERVER_PREFERENCE allows the server to override
+     the clients preferred ciphersuites and rather use its own preferences.
+     Should help to work around M$ SGC (Server Gated Cryptography) bug in
+     Internet Explorer by ensuring unchanged hash method during stepup.
+     (Also replaces the broken/deactivated SSL_OP_NON_EXPORT_FIRST option.)
+     [Lutz Jaenicke]
+
+  *) Make mkdef.pl recognise all DECLARE_ASN1 macros, change rijndael
+     to aes and add a new 'exist' option to print out symbols that don't
+     appear to exist.
+     [Steve Henson]
+
+  *) Additional options to ocsp utility to allow flags to be set and
+     additional certificates supplied.
+     [Steve Henson]
+
+  *) Add the option -VAfile to 'openssl ocsp', so the user can give the
+     OCSP client a number of certificate to only verify the response
+     signature against.
+     [Richard Levitte]
+
+  *) Update Rijndael code to version 3.0 and change EVP AES ciphers to
+     handle the new API. Currently only ECB, CBC modes supported. Add new
+     AES OIDs.
+
+     Add TLS AES ciphersuites as described in RFC3268, "Advanced
+     Encryption Standard (AES) Ciphersuites for Transport Layer
+     Security (TLS)".  (In beta versions of OpenSSL 0.9.7, these were
+     not enabled by default and were not part of the "ALL" ciphersuite
+     alias because they were not yet official; they could be
+     explicitly requested by specifying the "AESdraft" ciphersuite
+     group alias.  In the final release of OpenSSL 0.9.7, the group
+     alias is called "AES" and is part of "ALL".)
+     [Ben Laurie, Steve  Henson, Bodo Moeller]
+
+  *) New function OCSP_copy_nonce() to copy nonce value (if present) from
+     request to response.
+     [Steve Henson]
+
+  *) Functions for OCSP responders. OCSP_request_onereq_count(),
+     OCSP_request_onereq_get0(), OCSP_onereq_get0_id() and OCSP_id_get0_info()
+     extract information from a certificate request. OCSP_response_create()
+     creates a response and optionally adds a basic response structure.
+     OCSP_basic_add1_status() adds a complete single response to a basic
+     response and returns the OCSP_SINGLERESP structure just added (to allow
+     extensions to be included for example). OCSP_basic_add1_cert() adds a
+     certificate to a basic response and OCSP_basic_sign() signs a basic
+     response with various flags. New helper functions ASN1_TIME_check()
+     (checks validity of ASN1_TIME structure) and ASN1_TIME_to_generalizedtime()
+     (converts ASN1_TIME to GeneralizedTime).
+     [Steve Henson]
+
+  *) Various new functions. EVP_Digest() combines EVP_Digest{Init,Update,Final}()
+     in a single operation. X509_get0_pubkey_bitstr() extracts the public_key
+     structure from a certificate. X509_pubkey_digest() digests the public_key
+     contents: this is used in various key identifiers. 
+     [Steve Henson]
+
+  *) Make sk_sort() tolerate a NULL argument.
+     [Steve Henson reported by Massimiliano Pala <madwolf at comune.modena.it>]
+
+  *) New OCSP verify flag OCSP_TRUSTOTHER. When set the "other" certificates
+     passed by the function are trusted implicitly. If any of them signed the
+     response then it is assumed to be valid and is not verified.
+     [Steve Henson]
+
+  *) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT
+     to data. This was previously part of the PKCS7 ASN1 code. This
+     was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures.
+     [Steve Henson, reported by Kenneth R. Robinette
+				<support at securenetterm.com>]
+
+  *) Add CRYPTO_push_info() and CRYPTO_pop_info() calls to new ASN1
+     routines: without these tracing memory leaks is very painful.
+     Fix leaks in PKCS12 and PKCS7 routines.
+     [Steve Henson]
+
+  *) Make X509_time_adj() cope with the new behaviour of ASN1_TIME_new().
+     Previously it initialised the 'type' argument to V_ASN1_UTCTIME which
+     effectively meant GeneralizedTime would never be used. Now it
+     is initialised to -1 but X509_time_adj() now has to check the value
+     and use ASN1_TIME_set() if the value is not V_ASN1_UTCTIME or
+     V_ASN1_GENERALIZEDTIME, without this it always uses GeneralizedTime.
+     [Steve Henson, reported by Kenneth R. Robinette
+				<support at securenetterm.com>]
+
+  *) Fixes to BN_to_ASN1_INTEGER when bn is zero. This would previously
+     result in a zero length in the ASN1_INTEGER structure which was
+     not consistent with the structure when d2i_ASN1_INTEGER() was used
+     and would cause ASN1_INTEGER_cmp() to fail. Enhance s2i_ASN1_INTEGER()
+     to cope with hex and negative integers. Fix bug in i2a_ASN1_INTEGER()
+     where it did not print out a minus for negative ASN1_INTEGER.
+     [Steve Henson]
+
+  *) Add summary printout to ocsp utility. The various functions which
+     convert status values to strings have been renamed to:
+     OCSP_response_status_str(), OCSP_cert_status_str() and
+     OCSP_crl_reason_str() and are no longer static. New options
+     to verify nonce values and to disable verification. OCSP response
+     printout format cleaned up.
+     [Steve Henson]
+
+  *) Add additional OCSP certificate checks. These are those specified
+     in RFC2560. This consists of two separate checks: the CA of the
+     certificate being checked must either be the OCSP signer certificate
+     or the issuer of the OCSP signer certificate. In the latter case the
+     OCSP signer certificate must contain the OCSP signing extended key
+     usage. This check is performed by attempting to match the OCSP
+     signer or the OCSP signer CA to the issuerNameHash and issuerKeyHash
+     in the OCSP_CERTID structures of the response.
+     [Steve Henson]
+
+  *) Initial OCSP certificate verification added to OCSP_basic_verify()
+     and related routines. This uses the standard OpenSSL certificate
+     verify routines to perform initial checks (just CA validity) and
+     to obtain the certificate chain. Then additional checks will be
+     performed on the chain. Currently the root CA is checked to see
+     if it is explicitly trusted for OCSP signing. This is used to set
+     a root CA as a global signing root: that is any certificate that
+     chains to that CA is an acceptable OCSP signing certificate.
+     [Steve Henson]
+
+  *) New '-extfile ...' option to 'openssl ca' for reading X.509v3
+     extensions from a separate configuration file.
+     As when reading extensions from the main configuration file,
+     the '-extensions ...' option may be used for specifying the
+     section to use.
+     [Massimiliano Pala <madwolf at comune.modena.it>]
+
+  *) New OCSP utility. Allows OCSP requests to be generated or
+     read. The request can be sent to a responder and the output
+     parsed, outputed or printed in text form. Not complete yet:
+     still needs to check the OCSP response validity.
+     [Steve Henson]
+
+  *) New subcommands for 'openssl ca':
+     'openssl ca -status <serial>' prints the status of the cert with
+     the given serial number (according to the index file).
+     'openssl ca -updatedb' updates the expiry status of certificates
+     in the index file.
+     [Massimiliano Pala <madwolf at comune.modena.it>]
+
+  *) New '-newreq-nodes' command option to CA.pl.  This is like
+     '-newreq', but calls 'openssl req' with the '-nodes' option
+     so that the resulting key is not encrypted.
+     [Damien Miller <djm at mindrot.org>]
+
+  *) New configuration for the GNU Hurd.
+     [Jonathan Bartlett <johnnyb at wolfram.com> via Richard Levitte]
+
+  *) Initial code to implement OCSP basic response verify. This
+     is currently incomplete. Currently just finds the signer's
+     certificate and verifies the signature on the response.
+     [Steve Henson]
+
+  *) New SSLeay_version code SSLEAY_DIR to determine the compiled-in
+     value of OPENSSLDIR.  This is available via the new '-d' option
+     to 'openssl version', and is also included in 'openssl version -a'.
+     [Bodo Moeller]
+
+  *) Allowing defining memory allocation callbacks that will be given
+     file name and line number information in additional arguments
+     (a const char* and an int).  The basic functionality remains, as
+     well as the original possibility to just replace malloc(),
+     realloc() and free() by functions that do not know about these
+     additional arguments.  To register and find out the current
+     settings for extended allocation functions, the following
+     functions are provided:
+
+	CRYPTO_set_mem_ex_functions
+	CRYPTO_set_locked_mem_ex_functions
+	CRYPTO_get_mem_ex_functions
+	CRYPTO_get_locked_mem_ex_functions
+
+     These work the same way as CRYPTO_set_mem_functions and friends.
+     CRYPTO_get_[locked_]mem_functions now writes 0 where such an
+     extended allocation function is enabled.
+     Similarly, CRYPTO_get_[locked_]mem_ex_functions writes 0 where
+     a conventional allocation function is enabled.
+     [Richard Levitte, Bodo Moeller]
+
+  *) Finish off removing the remaining LHASH function pointer casts.
+     There should no longer be any prototype-casting required when using
+     the LHASH abstraction, and any casts that remain are "bugs". See
+     the callback types and macros at the head of lhash.h for details
+     (and "OBJ_cleanup" in crypto/objects/obj_dat.c as an example).
+     [Geoff Thorpe]
+
+  *) Add automatic query of EGD sockets in RAND_poll() for the unix variant.
+     If /dev/[u]random devices are not available or do not return enough
+     entropy, EGD style sockets (served by EGD or PRNGD) will automatically
+     be queried.
+     The locations /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool, and
+     /etc/entropy will be queried once each in this sequence, quering stops
+     when enough entropy was collected without querying more sockets.
+     [Lutz Jaenicke]
+
+  *) Change the Unix RAND_poll() variant to be able to poll several
+     random devices, as specified by DEVRANDOM, until a sufficient amount
+     of data has been collected.   We spend at most 10 ms on each file
+     (select timeout) and read in non-blocking mode.  DEVRANDOM now
+     defaults to the list "/dev/urandom", "/dev/random", "/dev/srandom"
+     (previously it was just the string "/dev/urandom"), so on typical
+     platforms the 10 ms delay will never occur.
+     Also separate out the Unix variant to its own file, rand_unix.c.
+     For VMS, there's a currently-empty rand_vms.c.
+     [Richard Levitte]
+
+  *) Move OCSP client related routines to ocsp_cl.c. These
+     provide utility functions which an application needing
+     to issue a request to an OCSP responder and analyse the
+     response will typically need: as opposed to those which an
+     OCSP responder itself would need which will be added later.
+
+     OCSP_request_sign() signs an OCSP request with an API similar
+     to PKCS7_sign(). OCSP_response_status() returns status of OCSP
+     response. OCSP_response_get1_basic() extracts basic response
+     from response. OCSP_resp_find_status(): finds and extracts status
+     information from an OCSP_CERTID structure (which will be created
+     when the request structure is built). These are built from lower
+     level functions which work on OCSP_SINGLERESP structures but
+     wont normally be used unless the application wishes to examine
+     extensions in the OCSP response for example.
+
+     Replace nonce routines with a pair of functions.
+     OCSP_request_add1_nonce() adds a nonce value and optionally
+     generates a random value. OCSP_check_nonce() checks the
+     validity of the nonce in an OCSP response.
+     [Steve Henson]
+
+  *) Change function OCSP_request_add() to OCSP_request_add0_id().
+     This doesn't copy the supplied OCSP_CERTID and avoids the
+     need to free up the newly created id. Change return type
+     to OCSP_ONEREQ to return the internal OCSP_ONEREQ structure.
+     This can then be used to add extensions to the request.
+     Deleted OCSP_request_new(), since most of its functionality
+     is now in OCSP_REQUEST_new() (and the case insensitive name
+     clash) apart from the ability to set the request name which
+     will be added elsewhere.
+     [Steve Henson]
+
+  *) Update OCSP API. Remove obsolete extensions argument from
+     various functions. Extensions are now handled using the new
+     OCSP extension code. New simple OCSP HTTP function which 
+     can be used to send requests and parse the response.
+     [Steve Henson]
+
+  *) Fix the PKCS#7 (S/MIME) code to work with new ASN1. Two new
+     ASN1_ITEM structures help with sign and verify. PKCS7_ATTR_SIGN
+     uses the special reorder version of SET OF to sort the attributes
+     and reorder them to match the encoded order. This resolves a long
+     standing problem: a verify on a PKCS7 structure just after signing
+     it used to fail because the attribute order did not match the
+     encoded order. PKCS7_ATTR_VERIFY does not reorder the attributes:
+     it uses the received order. This is necessary to tolerate some broken
+     software that does not order SET OF. This is handled by encoding
+     as a SEQUENCE OF but using implicit tagging (with UNIVERSAL class)
+     to produce the required SET OF.
+     [Steve Henson]
+
+  *) Have mk1mf.pl generate the macros OPENSSL_BUILD_SHLIBCRYPTO and
+     OPENSSL_BUILD_SHLIBSSL and use them appropriately in the header
+     files to get correct declarations of the ASN.1 item variables.
+     [Richard Levitte]
+
+  *) Rewrite of PKCS#12 code to use new ASN1 functionality. Replace many
+     PKCS#12 macros with real functions. Fix two unrelated ASN1 bugs:
+     asn1_check_tlen() would sometimes attempt to use 'ctx' when it was
+     NULL and ASN1_TYPE was not dereferenced properly in asn1_ex_c2i().
+     New ASN1 macro: DECLARE_ASN1_ITEM() which just declares the relevant
+     ASN1_ITEM and no wrapper functions.
+     [Steve Henson]
+
+  *) New functions or ASN1_item_d2i_fp() and ASN1_item_d2i_bio(). These
+     replace the old function pointer based I/O routines. Change most of
+     the *_d2i_bio() and *_d2i_fp() functions to use these.
+     [Steve Henson]
+
+  *) Enhance mkdef.pl to be more accepting about spacing in C preprocessor
+     lines, recognice more "algorithms" that can be deselected, and make
+     it complain about algorithm deselection that isn't recognised.
+     [Richard Levitte]
+
+  *) New ASN1 functions to handle dup, sign, verify, digest, pack and
+     unpack operations in terms of ASN1_ITEM. Modify existing wrappers
+     to use new functions. Add NO_ASN1_OLD which can be set to remove
+     some old style ASN1 functions: this can be used to determine if old
+     code will still work when these eventually go away.
+     [Steve Henson]
+
+  *) New extension functions for OCSP structures, these follow the
+     same conventions as certificates and CRLs.
+     [Steve Henson]
+
+  *) New function X509V3_add1_i2d(). This automatically encodes and
+     adds an extension. Its behaviour can be customised with various
+     flags to append, replace or delete. Various wrappers added for
+     certifcates and CRLs.
+     [Steve Henson]
+
+  *) Fix to avoid calling the underlying ASN1 print routine when
+     an extension cannot be parsed. Correct a typo in the
+     OCSP_SERVICELOC extension. Tidy up print OCSP format.
+     [Steve Henson]
+
+  *) Make mkdef.pl parse some of the ASN1 macros and add apropriate
+     entries for variables.
+     [Steve Henson]
+
+  *) Add functionality to apps/openssl.c for detecting locking
+     problems: As the program is single-threaded, all we have
+     to do is register a locking callback using an array for
+     storing which locks are currently held by the program.
+     [Bodo Moeller]
+
+  *) Use a lock around the call to CRYPTO_get_ex_new_index() in
+     SSL_get_ex_data_X509_STORE_idx(), which is used in
+     ssl_verify_cert_chain() and thus can be called at any time
+     during TLS/SSL handshakes so that thread-safety is essential.
+     Unfortunately, the ex_data design is not at all suited
+     for multi-threaded use, so it probably should be abolished.
+     [Bodo Moeller]
+
+  *) Added Broadcom "ubsec" ENGINE to OpenSSL.
+     [Broadcom, tweaked and integrated by Geoff Thorpe]
+
+  *) Move common extension printing code to new function
+     X509V3_print_extensions(). Reorganise OCSP print routines and
+     implement some needed OCSP ASN1 functions. Add OCSP extensions.
+     [Steve Henson]
+
+  *) New function X509_signature_print() to remove duplication in some
+     print routines.
+     [Steve Henson]
+
+  *) Add a special meaning when SET OF and SEQUENCE OF flags are both
+     set (this was treated exactly the same as SET OF previously). This
+     is used to reorder the STACK representing the structure to match the
+     encoding. This will be used to get round a problem where a PKCS7
+     structure which was signed could not be verified because the STACK
+     order did not reflect the encoded order.
+     [Steve Henson]
+
+  *) Reimplement the OCSP ASN1 module using the new code.
+     [Steve Henson]
+
+  *) Update the X509V3 code to permit the use of an ASN1_ITEM structure
+     for its ASN1 operations. The old style function pointers still exist
+     for now but they will eventually go away.
+     [Steve Henson]
+
+  *) Merge in replacement ASN1 code from the ASN1 branch. This almost
+     completely replaces the old ASN1 functionality with a table driven
+     encoder and decoder which interprets an ASN1_ITEM structure describing
+     the ASN1 module. Compatibility with the existing ASN1 API (i2d,d2i) is
+     largely maintained. Almost all of the old asn1_mac.h macro based ASN1
+     has also been converted to the new form.
+     [Steve Henson]
+
+  *) Change BN_mod_exp_recp so that negative moduli are tolerated
+     (the sign is ignored).  Similarly, ignore the sign in BN_MONT_CTX_set
+     so that BN_mod_exp_mont and BN_mod_exp_mont_word work
+     for negative moduli.
+     [Bodo Moeller]
+
+  *) Fix BN_uadd and BN_usub: Always return non-negative results instead
+     of not touching the result's sign bit.
+     [Bodo Moeller]
+
+  *) BN_div bugfix: If the result is 0, the sign (res->neg) must not be
+     set.
+     [Bodo Moeller]
+
+  *) Changed the LHASH code to use prototypes for callbacks, and created
+     macros to declare and implement thin (optionally static) functions
+     that provide type-safety and avoid function pointer casting for the
+     type-specific callbacks.
+     [Geoff Thorpe]
+
+  *) Added Kerberos Cipher Suites to be used with TLS, as written in
+     RFC 2712.
+     [Veers Staats <staatsvr at asc.hpc.mil>,
+      Jeffrey Altman <jaltman at columbia.edu>, via Richard Levitte]
+
+  *) Reformat the FAQ so the different questions and answers can be divided
+     in sections depending on the subject.
+     [Richard Levitte]
+
+  *) Have the zlib compression code load ZLIB.DLL dynamically under
+     Windows.
+     [Richard Levitte]
+
+  *) New function BN_mod_sqrt for computing square roots modulo a prime
+     (using the probabilistic Tonelli-Shanks algorithm unless
+     p == 3 (mod 4)  or  p == 5 (mod 8),  which are cases that can
+     be handled deterministically).
+     [Lenka Fibikova <fibikova at exp-math.uni-essen.de>, Bodo Moeller]
+
+  *) Make BN_mod_inverse faster by explicitly handling small quotients
+     in the Euclid loop. (Speed gain about 20% for small moduli [256 or
+     512 bits], about 30% for larger ones [1024 or 2048 bits].)
+     [Bodo Moeller]
+
+  *) New function BN_kronecker.
+     [Bodo Moeller]
+
+  *) Fix BN_gcd so that it works on negative inputs; the result is
+     positive unless both parameters are zero.
+     Previously something reasonably close to an infinite loop was
+     possible because numbers could be growing instead of shrinking
+     in the implementation of Euclid's algorithm.
+     [Bodo Moeller]
+
+  *) Fix BN_is_word() and BN_is_one() macros to take into account the
+     sign of the number in question.
+
+     Fix BN_is_word(a,w) to work correctly for w == 0.
+
+     The old BN_is_word(a,w) macro is now called BN_abs_is_word(a,w)
+     because its test if the absolute value of 'a' equals 'w'.
+     Note that BN_abs_is_word does *not* handle w == 0 reliably;
+     it exists mostly for use in the implementations of BN_is_zero(),
+     BN_is_one(), and BN_is_word().
+     [Bodo Moeller]
+
+  *) New function BN_swap.
+     [Bodo Moeller]
+
+  *) Use BN_nnmod instead of BN_mod in crypto/bn/bn_exp.c so that
+     the exponentiation functions are more likely to produce reasonable
+     results on negative inputs.
+     [Bodo Moeller]
+
+  *) Change BN_mod_mul so that the result is always non-negative.
+     Previously, it could be negative if one of the factors was negative;
+     I don't think anyone really wanted that behaviour.
+     [Bodo Moeller]
+
+  *) Move BN_mod_... functions into new file crypto/bn/bn_mod.c
+     (except for exponentiation, which stays in crypto/bn/bn_exp.c,
+     and BN_mod_mul_reciprocal, which stays in crypto/bn/bn_recp.c)
+     and add new functions:
+
+          BN_nnmod
+          BN_mod_sqr
+          BN_mod_add
+          BN_mod_add_quick
+          BN_mod_sub
+          BN_mod_sub_quick
+          BN_mod_lshift1
+          BN_mod_lshift1_quick
+          BN_mod_lshift
+          BN_mod_lshift_quick
+
+     These functions always generate non-negative results.
+
+     BN_nnmod otherwise is like BN_mod (if BN_mod computes a remainder  r
+     such that  |m| < r < 0,  BN_nnmod will output  rem + |m|  instead).
+
+     BN_mod_XXX_quick(r, a, [b,] m) generates the same result as
+     BN_mod_XXX(r, a, [b,] m, ctx), but requires that  a  [and  b]
+     be reduced modulo  m.
+     [Lenka Fibikova <fibikova at exp-math.uni-essen.de>, Bodo Moeller]
+
+#if 0
+     The following entry accidentily appeared in the CHANGES file
+     distributed with OpenSSL 0.9.7.  The modifications described in
+     it do *not* apply to OpenSSL 0.9.7.
+
+  *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there
+     was actually never needed) and in BN_mul().  The removal in BN_mul()
+     required a small change in bn_mul_part_recursive() and the addition
+     of the functions bn_cmp_part_words(), bn_sub_part_words() and
+     bn_add_part_words(), which do the same thing as bn_cmp_words(),
+     bn_sub_words() and bn_add_words() except they take arrays with
+     differing sizes.
+     [Richard Levitte]
+#endif
+
+  *) In 'openssl passwd', verify passwords read from the terminal
+     unless the '-salt' option is used (which usually means that
+     verification would just waste user's time since the resulting
+     hash is going to be compared with some given password hash)
+     or the new '-noverify' option is used.
+
+     This is an incompatible change, but it does not affect
+     non-interactive use of 'openssl passwd' (passwords on the command
+     line, '-stdin' option, '-in ...' option) and thus should not
+     cause any problems.
+     [Bodo Moeller]
+
+  *) Remove all references to RSAref, since there's no more need for it.
+     [Richard Levitte]
+
+  *) Make DSO load along a path given through an environment variable
+     (SHLIB_PATH) with shl_load().
+     [Richard Levitte]
+
+  *) Constify the ENGINE code as a result of BIGNUM constification.
+     Also constify the RSA code and most things related to it.  In a
+     few places, most notable in the depth of the ASN.1 code, ugly
+     casts back to non-const were required (to be solved at a later
+     time)
+     [Richard Levitte]
+
+  *) Make it so the openssl application has all engines loaded by default.
+     [Richard Levitte]
+
+  *) Constify the BIGNUM routines a little more.
+     [Richard Levitte]
+
+  *) Add the following functions:
+
+	ENGINE_load_cswift()
+	ENGINE_load_chil()
+	ENGINE_load_atalla()
+	ENGINE_load_nuron()
+	ENGINE_load_builtin_engines()
+
+     That way, an application can itself choose if external engines that
+     are built-in in OpenSSL shall ever be used or not.  The benefit is
+     that applications won't have to be linked with libdl or other dso
+     libraries unless it's really needed.
+
+     Changed 'openssl engine' to load all engines on demand.
+     Changed the engine header files to avoid the duplication of some
+     declarations (they differed!).
+     [Richard Levitte]
+
+  *) 'openssl engine' can now list capabilities.
+     [Richard Levitte]
+
+  *) Better error reporting in 'openssl engine'.
+     [Richard Levitte]
+
+  *) Never call load_dh_param(NULL) in s_server.
+     [Bodo Moeller]
+
+  *) Add engine application.  It can currently list engines by name and
+     identity, and test if they are actually available.
+     [Richard Levitte]
+
+  *) Improve RPM specification file by forcing symbolic linking and making
+     sure the installed documentation is also owned by root.root.
+     [Damien Miller <djm at mindrot.org>]
+
+  *) Give the OpenSSL applications more possibilities to make use of
+     keys (public as well as private) handled by engines.
+     [Richard Levitte]
+
+  *) Add OCSP code that comes from CertCo.
+     [Richard Levitte]
+
+  *) Add VMS support for the Rijndael code.
+     [Richard Levitte]
+
+  *) Added untested support for Nuron crypto accelerator.
+     [Ben Laurie]
+
+  *) Add support for external cryptographic devices.  This code was
+     previously distributed separately as the "engine" branch.
+     [Geoff Thorpe, Richard Levitte]
+
+  *) Rework the filename-translation in the DSO code. It is now possible to
+     have far greater control over how a "name" is turned into a filename
+     depending on the operating environment and any oddities about the
+     different shared library filenames on each system.
+     [Geoff Thorpe]
+
+  *) Support threads on FreeBSD-elf in Configure.
+     [Richard Levitte]
+
+  *) Fix for SHA1 assembly problem with MASM: it produces
+     warnings about corrupt line number information when assembling
+     with debugging information. This is caused by the overlapping
+     of two sections.
+     [Bernd Matthes <mainbug at celocom.de>, Steve Henson]
+
+  *) NCONF changes.
+     NCONF_get_number() has no error checking at all.  As a replacement,
+     NCONF_get_number_e() is defined (_e for "error checking") and is
+     promoted strongly.  The old NCONF_get_number is kept around for
+     binary backward compatibility.
+     Make it possible for methods to load from something other than a BIO,
+     by providing a function pointer that is given a name instead of a BIO.
+     For example, this could be used to load configuration data from an
+     LDAP server.
+     [Richard Levitte]
+
+  *) Fix for non blocking accept BIOs. Added new I/O special reason
+     BIO_RR_ACCEPT to cover this case. Previously use of accept BIOs
+     with non blocking I/O was not possible because no retry code was
+     implemented. Also added new SSL code SSL_WANT_ACCEPT to cover
+     this case.
+     [Steve Henson]
+
+  *) Added the beginnings of Rijndael support.
+     [Ben Laurie]
+
+  *) Fix for bug in DirectoryString mask setting. Add support for
+     X509_NAME_print_ex() in 'req' and X509_print_ex() function
+     to allow certificate printing to more controllable, additional
+     'certopt' option to 'x509' to allow new printing options to be
+     set.
+     [Steve Henson]
+
+  *) Clean old EAY MD5 hack from e_os.h.
+     [Richard Levitte]
+
+ Changes between 0.9.6l and 0.9.6m  [17 Mar 2004]
+
+  *) Fix null-pointer assignment in do_change_cipher_spec() revealed
+     by using the Codenomicon TLS Test Tool (CVE-2004-0079)
+     [Joe Orton, Steve Henson]
+
+ Changes between 0.9.6k and 0.9.6l  [04 Nov 2003]
+
+  *) Fix additional bug revealed by the NISCC test suite:
+
+     Stop bug triggering large recursion when presented with
+     certain ASN.1 tags (CVE-2003-0851)
+     [Steve Henson]
+
+ Changes between 0.9.6j and 0.9.6k  [30 Sep 2003]
+
+  *) Fix various bugs revealed by running the NISCC test suite:
+
+     Stop out of bounds reads in the ASN1 code when presented with
+     invalid tags (CVE-2003-0543 and CVE-2003-0544).
+     
+     If verify callback ignores invalid public key errors don't try to check
+     certificate signature with the NULL public key.
+
+     [Steve Henson]
+
+  *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
+     if the server requested one: as stated in TLS 1.0 and SSL 3.0
+     specifications.
+     [Steve Henson]
+
+  *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
+     extra data after the compression methods not only for TLS 1.0
+     but also for SSL 3.0 (as required by the specification).
+     [Bodo Moeller; problem pointed out by Matthias Loepfe]
+
+  *) Change X509_certificate_type() to mark the key as exported/exportable
+     when it's 512 *bits* long, not 512 bytes.
+     [Richard Levitte]
+
+ Changes between 0.9.6i and 0.9.6j  [10 Apr 2003]
+
+  *) Countermeasure against the Klima-Pokorny-Rosa extension of
+     Bleichbacher's attack on PKCS #1 v1.5 padding: treat
+     a protocol version number mismatch like a decryption error
+     in ssl3_get_client_key_exchange (ssl/s3_srvr.c).
+     [Bodo Moeller]
+
+  *) Turn on RSA blinding by default in the default implementation
+     to avoid a timing attack. Applications that don't want it can call
+     RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
+     They would be ill-advised to do so in most cases.
+     [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]
+
+  *) Change RSA blinding code so that it works when the PRNG is not
+     seeded (in this case, the secret RSA exponent is abused as
+     an unpredictable seed -- if it is not unpredictable, there
+     is no point in blinding anyway).  Make RSA blinding thread-safe
+     by remembering the creator's thread ID in rsa->blinding and
+     having all other threads use local one-time blinding factors
+     (this requires more computation than sharing rsa->blinding, but
+     avoids excessive locking; and if an RSA object is not shared
+     between threads, blinding will still be very fast).
+     [Bodo Moeller]
+
+ Changes between 0.9.6h and 0.9.6i  [19 Feb 2003]
+
+  *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
+     via timing by performing a MAC computation even if incorrrect
+     block cipher padding has been found.  This is a countermeasure
+     against active attacks where the attacker has to distinguish
+     between bad padding and a MAC verification error. (CVE-2003-0078)
+
+     [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
+     Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
+     Martin Vuagnoux (EPFL, Ilion)]
+
+ Changes between 0.9.6g and 0.9.6h  [5 Dec 2002]
+
+  *) New function OPENSSL_cleanse(), which is used to cleanse a section of
+     memory from it's contents.  This is done with a counter that will
+     place alternating values in each byte.  This can be used to solve
+     two issues: 1) the removal of calls to memset() by highly optimizing
+     compilers, and 2) cleansing with other values than 0, since those can
+     be read through on certain media, for example a swap space on disk.
+     [Geoff Thorpe]
+
+  *) Bugfix: client side session caching did not work with external caching,
+     because the session->cipher setting was not restored when reloading
+     from the external cache. This problem was masked, when
+     SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (part of SSL_OP_ALL) was set.
+     (Found by Steve Haslam <steve at araqnid.ddts.net>.)
+     [Lutz Jaenicke]
+
+  *) Fix client_certificate (ssl/s2_clnt.c): The permissible total
+     length of the REQUEST-CERTIFICATE message is 18 .. 34, not 17 .. 33.
+     [Zeev Lieber <zeev-l at yahoo.com>]
+
+  *) Undo an undocumented change introduced in 0.9.6e which caused
+     repeated calls to OpenSSL_add_all_ciphers() and 
+     OpenSSL_add_all_digests() to be ignored, even after calling
+     EVP_cleanup().
+     [Richard Levitte]
+
+  *) Change the default configuration reader to deal with last line not
+     being properly terminated.
+     [Richard Levitte]
+
+  *) Change X509_NAME_cmp() so it applies the special rules on handling
+     DN values that are of type PrintableString, as well as RDNs of type
+     emailAddress where the value has the type ia5String.
+     [stefank at valicert.com via Richard Levitte]
+
+  *) Add a SSL_SESS_CACHE_NO_INTERNAL_STORE flag to take over half
+     the job SSL_SESS_CACHE_NO_INTERNAL_LOOKUP was inconsistently
+     doing, define a new flag (SSL_SESS_CACHE_NO_INTERNAL) to be
+     the bitwise-OR of the two for use by the majority of applications
+     wanting this behaviour, and update the docs. The documented
+     behaviour and actual behaviour were inconsistent and had been
+     changing anyway, so this is more a bug-fix than a behavioural
+     change.
+     [Geoff Thorpe, diagnosed by Nadav Har'El]
+
+  *) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c
+     (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes).
+     [Bodo Moeller]
+
+  *) Fix initialization code race conditions in
+        SSLv23_method(),  SSLv23_client_method(),   SSLv23_server_method(),
+        SSLv2_method(),   SSLv2_client_method(),    SSLv2_server_method(),
+        SSLv3_method(),   SSLv3_client_method(),    SSLv3_server_method(),
+        TLSv1_method(),   TLSv1_client_method(),    TLSv1_server_method(),
+        ssl2_get_cipher_by_char(),
+        ssl3_get_cipher_by_char().
+     [Patrick McCormick <patrick at tellme.com>, Bodo Moeller]
+
+  *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after
+     the cached sessions are flushed, as the remove_cb() might use ex_data
+     contents. Bug found by Sam Varshavchik <mrsam at courier-mta.com>
+     (see [openssl.org #212]).
+     [Geoff Thorpe, Lutz Jaenicke]
+
+  *) Fix typo in OBJ_txt2obj which incorrectly passed the content
+     length, instead of the encoding length to d2i_ASN1_OBJECT.
+     [Steve Henson]
+
+ Changes between 0.9.6f and 0.9.6g  [9 Aug 2002]
+
+  *) [In 0.9.6g-engine release:]
+     Fix crypto/engine/vendor_defns/cswift.h for WIN32 (use '_stdcall').
+     [Lynn Gazis <lgazis at rainbow.com>]
+
+ Changes between 0.9.6e and 0.9.6f  [8 Aug 2002]
+
+  *) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
+     and get fix the header length calculation.
+     [Florian Weimer <Weimer at CERT.Uni-Stuttgart.DE>,
+	Alon Kantor <alonk at checkpoint.com> (and others),
+	Steve Henson]
+
+  *) Use proper error handling instead of 'assertions' in buffer
+     overflow checks added in 0.9.6e.  This prevents DoS (the
+     assertions could call abort()).
+     [Arne Ansper <arne at ats.cyber.ee>, Bodo Moeller]
+
+ Changes between 0.9.6d and 0.9.6e  [30 Jul 2002]
+
+  *) Add various sanity checks to asn1_get_length() to reject
+     the ASN1 length bytes if they exceed sizeof(long), will appear
+     negative or the content length exceeds the length of the
+     supplied buffer.
+     [Steve Henson, Adi Stav <stav at mercury.co.il>, James Yonan <jim at ntlp.com>]
+
+  *) Fix cipher selection routines: ciphers without encryption had no flags
+     for the cipher strength set and where therefore not handled correctly
+     by the selection routines (PR #130).
+     [Lutz Jaenicke]
+
+  *) Fix EVP_dsa_sha macro.
+     [Nils Larsch]
+
+  *) New option
+          SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+     for disabling the SSL 3.0/TLS 1.0 CBC vulnerability countermeasure
+     that was added in OpenSSL 0.9.6d.
+
+     As the countermeasure turned out to be incompatible with some
+     broken SSL implementations, the new option is part of SSL_OP_ALL.
+     SSL_OP_ALL is usually employed when compatibility with weird SSL
+     implementations is desired (e.g. '-bugs' option to 's_client' and
+     's_server'), so the new option is automatically set in many
+     applications.
+     [Bodo Moeller]
+
+  *) Changes in security patch:
+
+     Changes marked "(CHATS)" were sponsored by the Defense Advanced
+     Research Projects Agency (DARPA) and Air Force Research Laboratory,
+     Air Force Materiel Command, USAF, under agreement number
+     F30602-01-2-0537.
+
+  *) Add various sanity checks to asn1_get_length() to reject
+     the ASN1 length bytes if they exceed sizeof(long), will appear
+     negative or the content length exceeds the length of the
+     supplied buffer. (CVE-2002-0659)
+     [Steve Henson, Adi Stav <stav at mercury.co.il>, James Yonan <jim at ntlp.com>]
+
+  *) Assertions for various potential buffer overflows, not known to
+     happen in practice.
+     [Ben Laurie (CHATS)]
+
+  *) Various temporary buffers to hold ASCII versions of integers were
+     too small for 64 bit platforms. (CVE-2002-0655)
+     [Matthew Byng-Maddick <mbm at aldigital.co.uk> and Ben Laurie (CHATS)>
+
+  *) Remote buffer overflow in SSL3 protocol - an attacker could
+     supply an oversized session ID to a client. (CVE-2002-0656)
+     [Ben Laurie (CHATS)]
+
+  *) Remote buffer overflow in SSL2 protocol - an attacker could
+     supply an oversized client master key. (CVE-2002-0656)
+     [Ben Laurie (CHATS)]
+
+ Changes between 0.9.6c and 0.9.6d  [9 May 2002]
+
+  *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
+     encoded as NULL) with id-dsa-with-sha1.
+     [Nils Larsch <nla at trustcenter.de>; problem pointed out by Bodo Moeller]
+
+  *) Check various X509_...() return values in apps/req.c.
+     [Nils Larsch <nla at trustcenter.de>]
+
+  *) Fix BASE64 decode (EVP_DecodeUpdate) for data with CR/LF ended lines:
+     an end-of-file condition would erronously be flagged, when the CRLF
+     was just at the end of a processed block. The bug was discovered when
+     processing data through a buffering memory BIO handing the data to a
+     BASE64-decoding BIO. Bug fund and patch submitted by Pavel Tsekov
+     <ptsekov at syntrex.com> and Nedelcho Stanev.
+     [Lutz Jaenicke]
+
+  *) Implement a countermeasure against a vulnerability recently found
+     in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment
+     before application data chunks to avoid the use of known IVs
+     with data potentially chosen by the attacker.
+     [Bodo Moeller]
+
+  *) Fix length checks in ssl3_get_client_hello().
+     [Bodo Moeller]
+
+  *) TLS/SSL library bugfix: use s->s3->in_read_app_data differently
+     to prevent ssl3_read_internal() from incorrectly assuming that
+     ssl3_read_bytes() found application data while handshake
+     processing was enabled when in fact s->s3->in_read_app_data was
+     merely automatically cleared during the initial handshake.
+     [Bodo Moeller; problem pointed out by Arne Ansper <arne at ats.cyber.ee>]
+
+  *) Fix object definitions for Private and Enterprise: they were not
+     recognized in their shortname (=lowercase) representation. Extend
+     obj_dat.pl to issue an error when using undefined keywords instead
+     of silently ignoring the problem (Svenning Sorensen
+     <sss at sss.dnsalias.net>).
+     [Lutz Jaenicke]
+
+  *) Fix DH_generate_parameters() so that it works for 'non-standard'
+     generators, i.e. generators other than 2 and 5.  (Previously, the
+     code did not properly initialise the 'add' and 'rem' values to
+     BN_generate_prime().)
+
+     In the new general case, we do not insist that 'generator' is
+     actually a primitive root: This requirement is rather pointless;
+     a generator of the order-q subgroup is just as good, if not
+     better.
+     [Bodo Moeller]
+ 
+  *) Map new X509 verification errors to alerts. Discovered and submitted by
+     Tom Wu <tom at arcot.com>.
+     [Lutz Jaenicke]
+
+  *) Fix ssl3_pending() (ssl/s3_lib.c) to prevent SSL_pending() from
+     returning non-zero before the data has been completely received
+     when using non-blocking I/O.
+     [Bodo Moeller; problem pointed out by John Hughes]
+
+  *) Some of the ciphers missed the strength entry (SSL_LOW etc).
+     [Ben Laurie, Lutz Jaenicke]
+
+  *) Fix bug in SSL_clear(): bad sessions were not removed (found by
+     Yoram Zahavi <YoramZ at gilian.com>).
+     [Lutz Jaenicke]
+
+  *) Add information about CygWin 1.3 and on, and preserve proper
+     configuration for the versions before that.
+     [Corinna Vinschen <vinschen at redhat.com> and Richard Levitte]
+
+  *) Make removal from session cache (SSL_CTX_remove_session()) more robust:
+     check whether we deal with a copy of a session and do not delete from
+     the cache in this case. Problem reported by "Izhar Shoshani Levi"
+     <izhar at checkpoint.com>.
+     [Lutz Jaenicke]
+
+  *) Do not store session data into the internal session cache, if it
+     is never intended to be looked up (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
+     flag is set). Proposed by Aslam <aslam at funk.com>.
+     [Lutz Jaenicke]
+
+  *) Have ASN1_BIT_STRING_set_bit() really clear a bit when the requested
+     value is 0.
+     [Richard Levitte]
+
+  *) [In 0.9.6d-engine release:]
+     Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
+     [Toomas Kiisk <vix at cyber.ee> via Richard Levitte]
+
+  *) Add the configuration target linux-s390x.
+     [Neale Ferguson <Neale.Ferguson at SoftwareAG-USA.com> via Richard Levitte]
+
+  *) The earlier bugfix for the SSL3_ST_SW_HELLO_REQ_C case of
+     ssl3_accept (ssl/s3_srvr.c) incorrectly used a local flag
+     variable as an indication that a ClientHello message has been
+     received.  As the flag value will be lost between multiple
+     invocations of ssl3_accept when using non-blocking I/O, the
+     function may not be aware that a handshake has actually taken
+     place, thus preventing a new session from being added to the
+     session cache.
+
+     To avoid this problem, we now set s->new_session to 2 instead of
+     using a local variable.
+     [Lutz Jaenicke, Bodo Moeller]
+
+  *) Bugfix: Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c)
+     if the SSL_R_LENGTH_MISMATCH error is detected.
+     [Geoff Thorpe, Bodo Moeller]
+
+  *) New 'shared_ldflag' column in Configure platform table.
+     [Richard Levitte]
+
+  *) Fix EVP_CIPHER_mode macro.
+     ["Dan S. Camper" <dan at bti.net>]
+
+  *) Fix ssl3_read_bytes (ssl/s3_pkt.c): To ignore messages of unknown
+     type, we must throw them away by setting rr->length to 0.
+     [D P Chang <dpc at qualys.com>]
+
+ Changes between 0.9.6b and 0.9.6c  [21 dec 2001]
+
+  *) Fix BN_rand_range bug pointed out by Dominikus Scherkl
+     <Dominikus.Scherkl at biodata.com>.  (The previous implementation
+     worked incorrectly for those cases where  range = 10..._2  and
+     3*range  is two bits longer than  range.)
+     [Bodo Moeller]
+
+  *) Only add signing time to PKCS7 structures if it is not already
+     present.
+     [Steve Henson]
+
+  *) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce",
+     OBJ_ld_ce should be OBJ_id_ce.
+     Also some ip-pda OIDs in crypto/objects/objects.txt were
+     incorrect (cf. RFC 3039).
+     [Matt Cooper, Frederic Giudicelli, Bodo Moeller]
+
+  *) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid()
+     returns early because it has nothing to do.
+     [Andy Schneider <andy.schneider at bjss.co.uk>]
+
+  *) [In 0.9.6c-engine release:]
+     Fix mutex callback return values in crypto/engine/hw_ncipher.c.
+     [Andy Schneider <andy.schneider at bjss.co.uk>]
+
+  *) [In 0.9.6c-engine release:]
+     Add support for Cryptographic Appliance's keyserver technology.
+     (Use engine 'keyclient')
+     [Cryptographic Appliances and Geoff Thorpe]
+
+  *) Add a configuration entry for OS/390 Unix.  The C compiler 'c89'
+     is called via tools/c89.sh because arguments have to be
+     rearranged (all '-L' options must appear before the first object
+     modules).
+     [Richard Shapiro <rshapiro at abinitio.com>]
+
+  *) [In 0.9.6c-engine release:]
+     Add support for Broadcom crypto accelerator cards, backported
+     from 0.9.7.
+     [Broadcom, Nalin Dahyabhai <nalin at redhat.com>, Mark Cox]
+
+  *) [In 0.9.6c-engine release:]
+     Add support for SureWare crypto accelerator cards from 
+     Baltimore Technologies.  (Use engine 'sureware')
+     [Baltimore Technologies and Mark Cox]
+
+  *) [In 0.9.6c-engine release:]
+     Add support for crypto accelerator cards from Accelerated
+     Encryption Processing, www.aep.ie.  (Use engine 'aep')
+     [AEP Inc. and Mark Cox]
+
+  *) Add a configuration entry for gcc on UnixWare.
+     [Gary Benson <gbenson at redhat.com>]
+
+  *) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake
+     messages are stored in a single piece (fixed-length part and
+     variable-length part combined) and fix various bugs found on the way.
+     [Bodo Moeller]
+
+  *) Disable caching in BIO_gethostbyname(), directly use gethostbyname()
+     instead.  BIO_gethostbyname() does not know what timeouts are
+     appropriate, so entries would stay in cache even when they have
+     become invalid.
+     [Bodo Moeller; problem pointed out by Rich Salz <rsalz at zolera.com>
+
+  *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when
+     faced with a pathologically small ClientHello fragment that does
+     not contain client_version: Instead of aborting with an error,
+     simply choose the highest available protocol version (i.e.,
+     TLS 1.0 unless it is disabled).  In practice, ClientHello
+     messages are never sent like this, but this change gives us
+     strictly correct behaviour at least for TLS.
+     [Bodo Moeller]
+
+  *) Fix SSL handshake functions and SSL_clear() such that SSL_clear()
+     never resets s->method to s->ctx->method when called from within
+     one of the SSL handshake functions.
+     [Bodo Moeller; problem pointed out by Niko Baric]
+
+  *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert
+     (sent using the client's version number) if client_version is
+     smaller than the protocol version in use.  Also change
+     ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if
+     the client demanded SSL 3.0 but only TLS 1.0 is enabled; then
+     the client will at least see that alert.
+     [Bodo Moeller]
+
+  *) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation
+     correctly.
+     [Bodo Moeller]
+
+  *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a
+     client receives HelloRequest while in a handshake.
+     [Bodo Moeller; bug noticed by Andy Schneider <andy.schneider at bjss.co.uk>]
+
+  *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C
+     should end in 'break', not 'goto end' which circuments various
+     cleanups done in state SSL_ST_OK.   But session related stuff
+     must be disabled for SSL_ST_OK in the case that we just sent a
+     HelloRequest.
+
+     Also avoid some overhead by not calling ssl_init_wbio_buffer()
+     before just sending a HelloRequest.
+     [Bodo Moeller, Eric Rescorla <ekr at rtfm.com>]
+
+  *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
+     reveal whether illegal block cipher padding was found or a MAC
+     verification error occured.  (Neither SSLerr() codes nor alerts
+     are directly visible to potential attackers, but the information
+     may leak via logfiles.)
+
+     Similar changes are not required for the SSL 2.0 implementation
+     because the number of padding bytes is sent in clear for SSL 2.0,
+     and the extra bytes are just ignored.  However ssl/s2_pkt.c
+     failed to verify that the purported number of padding bytes is in
+     the legal range.
+     [Bodo Moeller]
+
+  *) Add OpenUNIX-8 support including shared libraries
+     (Boyd Lynn Gerber <gerberb at zenez.com>).
+     [Lutz Jaenicke]
+
+  *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid
+     'wristwatch attack' using huge encoding parameters (cf.
+     James H. Manger's CRYPTO 2001 paper).  Note that the
+     RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use
+     encoding parameters and hence was not vulnerable.
+     [Bodo Moeller]
+
+  *) BN_sqr() bug fix.
+     [Ulf Möller, reported by Jim Ellis <jim.ellis at cavium.com>]
+
+  *) Rabin-Miller test analyses assume uniformly distributed witnesses,
+     so use BN_pseudo_rand_range() instead of using BN_pseudo_rand()
+     followed by modular reduction.
+     [Bodo Moeller; pointed out by Adam Young <AYoung1 at NCSUS.JNJ.COM>]
+
+  *) Add BN_pseudo_rand_range() with obvious functionality: BN_rand_range()
+     equivalent based on BN_pseudo_rand() instead of BN_rand().
+     [Bodo Moeller]
+
+  *) s3_srvr.c: allow sending of large client certificate lists (> 16 kB).
+     This function was broken, as the check for a new client hello message
+     to handle SGC did not allow these large messages.
+     (Tracked down by "Douglas E. Engert" <deengert at anl.gov>.)
+     [Lutz Jaenicke]
+
+  *) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long]().
+     [Lutz Jaenicke]
+
+  *) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl()
+     for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" <shinton at netopia.com>).
+     [Lutz Jaenicke]
+
+  *) Rework the configuration and shared library support for Tru64 Unix.
+     The configuration part makes use of modern compiler features and
+     still retains old compiler behavior for those that run older versions
+     of the OS.  The shared library support part includes a variant that
+     uses the RPATH feature, and is available through the special
+     configuration target "alpha-cc-rpath", which will never be selected
+     automatically.
+     [Tim Mooney <mooney at dogbert.cc.ndsu.NoDak.edu> via Richard Levitte]
+
+  *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message()
+     with the same message size as in ssl3_get_certificate_request().
+     Otherwise, if no ServerKeyExchange message occurs, CertificateRequest
+     messages might inadvertently be reject as too long.
+     [Petr Lampa <lampa at fee.vutbr.cz>]
+
+  *) Enhanced support for IA-64 Unix platforms (well, Linux and HP-UX).
+     [Andy Polyakov]
+
+  *) Modified SSL library such that the verify_callback that has been set
+     specificly for an SSL object with SSL_set_verify() is actually being
+     used. Before the change, a verify_callback set with this function was
+     ignored and the verify_callback() set in the SSL_CTX at the time of
+     the call was used. New function X509_STORE_CTX_set_verify_cb() introduced
+     to allow the necessary settings.
+     [Lutz Jaenicke]
+
+  *) Initialize static variable in crypto/dsa/dsa_lib.c and crypto/dh/dh_lib.c
+     explicitly to NULL, as at least on Solaris 8 this seems not always to be
+     done automatically (in contradiction to the requirements of the C
+     standard). This made problems when used from OpenSSH.
+     [Lutz Jaenicke]
+
+  *) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored
+     dh->length and always used
+
+          BN_rand_range(priv_key, dh->p).
+
+     BN_rand_range() is not necessary for Diffie-Hellman, and this
+     specific range makes Diffie-Hellman unnecessarily inefficient if
+     dh->length (recommended exponent length) is much smaller than the
+     length of dh->p.  We could use BN_rand_range() if the order of
+     the subgroup was stored in the DH structure, but we only have
+     dh->length.
+
+     So switch back to
+
+          BN_rand(priv_key, l, ...)
+
+     where 'l' is dh->length if this is defined, or BN_num_bits(dh->p)-1
+     otherwise.
+     [Bodo Moeller]
+
+  *) In
+
+          RSA_eay_public_encrypt
+          RSA_eay_private_decrypt
+          RSA_eay_private_encrypt (signing)
+          RSA_eay_public_decrypt (signature verification)
+
+     (default implementations for RSA_public_encrypt,
+     RSA_private_decrypt, RSA_private_encrypt, RSA_public_decrypt),
+     always reject numbers >= n.
+     [Bodo Moeller]
+
+  *) In crypto/rand/md_rand.c, use a new short-time lock CRYPTO_LOCK_RAND2
+     to synchronize access to 'locking_thread'.  This is necessary on
+     systems where access to 'locking_thread' (an 'unsigned long'
+     variable) is not atomic.
+     [Bodo Moeller]
+
+  *) In crypto/rand/md_rand.c, set 'locking_thread' to current thread's ID
+     *before* setting the 'crypto_lock_rand' flag.  The previous code had
+     a race condition if 0 is a valid thread ID.
+     [Travis Vitek <vitek at roguewave.com>]
+
+  *) Add support for shared libraries under Irix.
+     [Albert Chin-A-Young <china at thewrittenword.com>]
+
+  *) Add configuration option to build on Linux on both big-endian and
+     little-endian MIPS.
+     [Ralf Baechle <ralf at uni-koblenz.de>]
+
+  *) Add the possibility to create shared libraries on HP-UX.
+     [Richard Levitte]
+
+ Changes between 0.9.6a and 0.9.6b  [9 Jul 2001]
+
+  *) Change ssleay_rand_bytes (crypto/rand/md_rand.c)
+     to avoid a SSLeay/OpenSSL PRNG weakness pointed out by
+     Markku-Juhani O. Saarinen <markku-juhani.saarinen at nokia.com>:
+     PRNG state recovery was possible based on the output of
+     one PRNG request appropriately sized to gain knowledge on
+     'md' followed by enough consecutive 1-byte PRNG requests
+     to traverse all of 'state'.
+
+     1. When updating 'md_local' (the current thread's copy of 'md')
+        during PRNG output generation, hash all of the previous
+        'md_local' value, not just the half used for PRNG output.
+
+     2. Make the number of bytes from 'state' included into the hash
+        independent from the number of PRNG bytes requested.
+
+     The first measure alone would be sufficient to avoid
+     Markku-Juhani's attack.  (Actually it had never occurred
+     to me that the half of 'md_local' used for chaining was the
+     half from which PRNG output bytes were taken -- I had always
+     assumed that the secret half would be used.)  The second
+     measure makes sure that additional data from 'state' is never
+     mixed into 'md_local' in small portions; this heuristically
+     further strengthens the PRNG.
+     [Bodo Moeller]
+
+  *) Fix crypto/bn/asm/mips3.s.
+     [Andy Polyakov]
+
+  *) When only the key is given to "enc", the IV is undefined. Print out
+     an error message in this case.
+     [Lutz Jaenicke]
+
+  *) Handle special case when X509_NAME is empty in X509 printing routines.
+     [Steve Henson]
+
+  *) In dsa_do_verify (crypto/dsa/dsa_ossl.c), verify that r and s are
+     positive and less than q.
+     [Bodo Moeller]
+
+  *) Don't change *pointer in CRYPTO_add_lock() is add_lock_callback is
+     used: it isn't thread safe and the add_lock_callback should handle
+     that itself.
+     [Paul Rose <Paul.Rose at bridge.com>]
+
+  *) Verify that incoming data obeys the block size in
+     ssl3_enc (ssl/s3_enc.c) and tls1_enc (ssl/t1_enc.c).
+     [Bodo Moeller]
+
+  *) Fix OAEP check.
+     [Ulf Möller, Bodo Möller]
+
+  *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5
+     RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5
+     when fixing the server behaviour for backwards-compatible 'client
+     hello' messages.  (Note that the attack is impractical against
+     SSL 3.0 and TLS 1.0 anyway because length and version checking
+     means that the probability of guessing a valid ciphertext is
+     around 2^-40; see section 5 in Bleichenbacher's CRYPTO '98
+     paper.)
+
+     Before 0.9.5, the countermeasure (hide the error by generating a
+     random 'decryption result') did not work properly because
+     ERR_clear_error() was missing, meaning that SSL_get_error() would
+     detect the supposedly ignored error.
+
+     Both problems are now fixed.
+     [Bodo Moeller]
+
+  *) In crypto/bio/bf_buff.c, increase DEFAULT_BUFFER_SIZE to 4096
+     (previously it was 1024).
+     [Bodo Moeller]
+
+  *) Fix for compatibility mode trust settings: ignore trust settings
+     unless some valid trust or reject settings are present.
+     [Steve Henson]
+
+  *) Fix for blowfish EVP: its a variable length cipher.
+     [Steve Henson]
+
+  *) Fix various bugs related to DSA S/MIME verification. Handle missing
+     parameters in DSA public key structures and return an error in the
+     DSA routines if parameters are absent.
+     [Steve Henson]
+
+  *) In versions up to 0.9.6, RAND_file_name() resorted to file ".rnd"
+     in the current directory if neither $RANDFILE nor $HOME was set.
+     RAND_file_name() in 0.9.6a returned NULL in this case.  This has
+     caused some confusion to Windows users who haven't defined $HOME.
+     Thus RAND_file_name() is changed again: e_os.h can define a
+     DEFAULT_HOME, which will be used if $HOME is not set.
+     For Windows, we use "C:"; on other platforms, we still require
+     environment variables.
+
+  *) Move 'if (!initialized) RAND_poll()' into regions protected by
+     CRYPTO_LOCK_RAND.  This is not strictly necessary, but avoids
+     having multiple threads call RAND_poll() concurrently.
+     [Bodo Moeller]
+
+  *) In crypto/rand/md_rand.c, replace 'add_do_not_lock' flag by a
+     combination of a flag and a thread ID variable.
+     Otherwise while one thread is in ssleay_rand_bytes (which sets the
+     flag), *other* threads can enter ssleay_add_bytes without obeying
+     the CRYPTO_LOCK_RAND lock (and may even illegally release the lock
+     that they do not hold after the first thread unsets add_do_not_lock).
+     [Bodo Moeller]
+
+  *) Change bctest again: '-x' expressions are not available in all
+     versions of 'test'.
+     [Bodo Moeller]
+
+ Changes between 0.9.6 and 0.9.6a  [5 Apr 2001]
+
+  *) Fix a couple of memory leaks in PKCS7_dataDecode()
+     [Steve Henson, reported by Heyun Zheng <hzheng at atdsprint.com>]
+
+  *) Change Configure and Makefiles to provide EXE_EXT, which will contain
+     the default extension for executables, if any.  Also, make the perl
+     scripts that use symlink() to test if it really exists and use "cp"
+     if it doesn't.  All this made OpenSSL compilable and installable in
+     CygWin.
+     [Richard Levitte]
+
+  *) Fix for asn1_GetSequence() for indefinite length constructed data.
+     If SEQUENCE is length is indefinite just set c->slen to the total
+     amount of data available.
+     [Steve Henson, reported by shige at FreeBSD.org]
+     [This change does not apply to 0.9.7.]
+
+  *) Change bctest to avoid here-documents inside command substitution
+     (workaround for FreeBSD /bin/sh bug).
+     For compatibility with Ultrix, avoid shell functions (introduced
+     in the bctest version that searches along $PATH).
+     [Bodo Moeller]
+
+  *) Rename 'des_encrypt' to 'des_encrypt1'.  This avoids the clashes
+     with des_encrypt() defined on some operating systems, like Solaris
+     and UnixWare.
+     [Richard Levitte]
+
+  *) Check the result of RSA-CRT (see D. Boneh, R. DeMillo, R. Lipton:
+     On the Importance of Eliminating Errors in Cryptographic
+     Computations, J. Cryptology 14 (2001) 2, 101-119,
+     http://theory.stanford.edu/~dabo/papers/faults.ps.gz).
+     [Ulf Moeller]
+  
+  *) MIPS assembler BIGNUM division bug fix. 
+     [Andy Polyakov]
+
+  *) Disabled incorrect Alpha assembler code.
+     [Richard Levitte]
+
+  *) Fix PKCS#7 decode routines so they correctly update the length
+     after reading an EOC for the EXPLICIT tag.
+     [Steve Henson]
+     [This change does not apply to 0.9.7.]
+
+  *) Fix bug in PKCS#12 key generation routines. This was triggered
+     if a 3DES key was generated with a 0 initial byte. Include
+     PKCS12_BROKEN_KEYGEN compilation option to retain the old
+     (but broken) behaviour.
+     [Steve Henson]
+
+  *) Enhance bctest to search for a working bc along $PATH and print
+     it when found.
+     [Tim Rice <tim at multitalents.net> via Richard Levitte]
+
+  *) Fix memory leaks in err.c: free err_data string if necessary;
+     don't write to the wrong index in ERR_set_error_data.
+     [Bodo Moeller]
+
+  *) Implement ssl23_peek (analogous to ssl23_read), which previously
+     did not exist.
+     [Bodo Moeller]
+
+  *) Replace rdtsc with _emit statements for VC++ version 5.
+     [Jeremy Cooper <jeremy at baymoo.org>]
+
+  *) Make it possible to reuse SSLv2 sessions.
+     [Richard Levitte]
+
+  *) In copy_email() check for >= 0 as a return value for
+     X509_NAME_get_index_by_NID() since 0 is a valid index.
+     [Steve Henson reported by Massimiliano Pala <madwolf at opensca.org>]
+
+  *) Avoid coredump with unsupported or invalid public keys by checking if
+     X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when
+     PKCS7_verify() fails with non detached data.
+     [Steve Henson]
+
+  *) Don't use getenv in library functions when run as setuid/setgid.
+     New function OPENSSL_issetugid().
+     [Ulf Moeller]
+
+  *) Avoid false positives in memory leak detection code (crypto/mem_dbg.c)
+     due to incorrect handling of multi-threading:
+
+     1. Fix timing glitch in the MemCheck_off() portion of CRYPTO_mem_ctrl().
+
+     2. Fix logical glitch in is_MemCheck_on() aka CRYPTO_is_mem_check_on().
+
+     3. Count how many times MemCheck_off() has been called so that
+        nested use can be treated correctly.  This also avoids 
+        inband-signalling in the previous code (which relied on the
+        assumption that thread ID 0 is impossible).
+     [Bodo Moeller]
+
+  *) Add "-rand" option also to s_client and s_server.
+     [Lutz Jaenicke]
+
+  *) Fix CPU detection on Irix 6.x.
+     [Kurt Hockenbury <khockenb at stevens-tech.edu> and
+      "Bruce W. Forsberg" <bruce.forsberg at baesystems.com>]
+
+  *) Fix X509_NAME bug which produced incorrect encoding if X509_NAME
+     was empty.
+     [Steve Henson]
+     [This change does not apply to 0.9.7.]
+
+  *) Use the cached encoding of an X509_NAME structure rather than
+     copying it. This is apparently the reason for the libsafe "errors"
+     but the code is actually correct.
+     [Steve Henson]
+
+  *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent
+     Bleichenbacher's DSA attack.
+     Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits
+     to be set and top=0 forces the highest bit to be set; top=-1 is new
+     and leaves the highest bit random.
+     [Ulf Moeller, Bodo Moeller]
+
+  *) In the NCONF_...-based implementations for CONF_... queries
+     (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using
+     a temporary CONF structure with the data component set to NULL
+     (which gives segmentation faults in lh_retrieve).
+     Instead, use NULL for the CONF pointer in CONF_get_string and
+     CONF_get_number (which may use environment variables) and directly
+     return NULL from CONF_get_section.
+     [Bodo Moeller]
+
+  *) Fix potential buffer overrun for EBCDIC.
+     [Ulf Moeller]
+
+  *) Tolerate nonRepudiation as being valid for S/MIME signing and certSign
+     keyUsage if basicConstraints absent for a CA.
+     [Steve Henson]
+
+  *) Make SMIME_write_PKCS7() write mail header values with a format that
+     is more generally accepted (no spaces before the semicolon), since
+     some programs can't parse those values properly otherwise.  Also make
+     sure BIO's that break lines after each write do not create invalid
+     headers.
+     [Richard Levitte]
+
+  *) Make the CRL encoding routines work with empty SEQUENCE OF. The
+     macros previously used would not encode an empty SEQUENCE OF
+     and break the signature.
+     [Steve Henson]
+     [This change does not apply to 0.9.7.]
+
+  *) Zero the premaster secret after deriving the master secret in
+     DH ciphersuites.
+     [Steve Henson]
+
+  *) Add some EVP_add_digest_alias registrations (as found in
+     OpenSSL_add_all_digests()) to SSL_library_init()
+     aka OpenSSL_add_ssl_algorithms().  This provides improved
+     compatibility with peers using X.509 certificates
+     with unconventional AlgorithmIdentifier OIDs.
+     [Bodo Moeller]
+
+  *) Fix for Irix with NO_ASM.
+     ["Bruce W. Forsberg" <bruce.forsberg at baesystems.com>]
+
+  *) ./config script fixes.
+     [Ulf Moeller, Richard Levitte]
+
+  *) Fix 'openssl passwd -1'.
+     [Bodo Moeller]
+
+  *) Change PKCS12_key_gen_asc() so it can cope with non null
+     terminated strings whose length is passed in the passlen
+     parameter, for example from PEM callbacks. This was done
+     by adding an extra length parameter to asc2uni().
+     [Steve Henson, reported by <oddissey at samsung.co.kr>]
+
+  *) Fix C code generated by 'openssl dsaparam -C': If a BN_bin2bn
+     call failed, free the DSA structure.
+     [Bodo Moeller]
+
+  *) Fix to uni2asc() to cope with zero length Unicode strings.
+     These are present in some PKCS#12 files.
+     [Steve Henson]
+
+  *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c).
+     Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits
+     when writing a 32767 byte record.
+     [Bodo Moeller; problem reported by Eric Day <eday at concentric.net>]
+
+  *) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c),
+     obtain lock CRYPTO_LOCK_RSA before setting rsa->_method_mod_{n,p,q}.
+
+     (RSA objects have a reference count access to which is protected
+     by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c],
+     so they are meant to be shared between threads.)
+     [Bodo Moeller, Geoff Thorpe; original patch submitted by
+     "Reddie, Steven" <Steven.Reddie at ca.com>]
+
+  *) Fix a deadlock in CRYPTO_mem_leaks().
+     [Bodo Moeller]
+
+  *) Use better test patterns in bntest.
+     [Ulf Möller]
+
+  *) rand_win.c fix for Borland C.
+     [Ulf Möller]
+ 
+  *) BN_rshift bugfix for n == 0.
+     [Bodo Moeller]
+
+  *) Add a 'bctest' script that checks for some known 'bc' bugs
+     so that 'make test' does not abort just because 'bc' is broken.
+     [Bodo Moeller]
+
+  *) Store verify_result within SSL_SESSION also for client side to
+     avoid potential security hole. (Re-used sessions on the client side
+     always resulted in verify_result==X509_V_OK, not using the original
+     result of the server certificate verification.)
+     [Lutz Jaenicke]
+
+  *) Fix ssl3_pending: If the record in s->s3->rrec is not of type
+     SSL3_RT_APPLICATION_DATA, return 0.
+     Similarly, change ssl2_pending to return 0 if SSL_in_init(s) is true.
+     [Bodo Moeller]
+
+  *) Fix SSL_peek:
+     Both ssl2_peek and ssl3_peek, which were totally broken in earlier
+     releases, have been re-implemented by renaming the previous
+     implementations of ssl2_read and ssl3_read to ssl2_read_internal
+     and ssl3_read_internal, respectively, and adding 'peek' parameters
+     to them.  The new ssl[23]_{read,peek} functions are calls to
+     ssl[23]_read_internal with the 'peek' flag set appropriately.
+     A 'peek' parameter has also been added to ssl3_read_bytes, which
+     does the actual work for ssl3_read_internal.
+     [Bodo Moeller]
+
+  *) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling
+     the method-specific "init()" handler. Also clean up ex_data after
+     calling the method-specific "finish()" handler. Previously, this was
+     happening the other way round.
+     [Geoff Thorpe]
+
+  *) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16.
+     The previous value, 12, was not always sufficient for BN_mod_exp().
+     [Bodo Moeller]
+
+  *) Make sure that shared libraries get the internal name engine with
+     the full version number and not just 0.  This should mark the
+     shared libraries as not backward compatible.  Of course, this should
+     be changed again when we can guarantee backward binary compatibility.
+     [Richard Levitte]
+
+  *) Fix typo in get_cert_by_subject() in by_dir.c
+     [Jean-Marc Desperrier <jean-marc.desperrier at certplus.com>]
+
+  *) Rework the system to generate shared libraries:
+
+     - Make note of the expected extension for the shared libraries and
+       if there is a need for symbolic links from for example libcrypto.so.0
+       to libcrypto.so.0.9.7.  There is extended info in Configure for
+       that.
+
+     - Make as few rebuilds of the shared libraries as possible.
+
+     - Still avoid linking the OpenSSL programs with the shared libraries.
+
+     - When installing, install the shared libraries separately from the
+       static ones.
+     [Richard Levitte]
+
+  *) Fix SSL_CTX_set_read_ahead macro to actually use its argument.
+
+     Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new
+     and not in SSL_clear because the latter is also used by the
+     accept/connect functions; previously, the settings made by
+     SSL_set_read_ahead would be lost during the handshake.
+     [Bodo Moeller; problems reported by Anders Gertz <gertz at epact.se>]     
+
+  *) Correct util/mkdef.pl to be selective about disabled algorithms.
+     Previously, it would create entries for disableed algorithms no
+     matter what.
+     [Richard Levitte]
+
+  *) Added several new manual pages for SSL_* function.
+     [Lutz Jaenicke]
+
+ Changes between 0.9.5a and 0.9.6  [24 Sep 2000]
+
+  *) In ssl23_get_client_hello, generate an error message when faced
+     with an initial SSL 3.0/TLS record that is too small to contain the
+     first two bytes of the ClientHello message, i.e. client_version.
+     (Note that this is a pathologic case that probably has never happened
+     in real life.)  The previous approach was to use the version number
+     from the record header as a substitute; but our protocol choice
+     should not depend on that one because it is not authenticated
+     by the Finished messages.
+     [Bodo Moeller]
+
+  *) More robust randomness gathering functions for Windows.
+     [Jeffrey Altman <jaltman at columbia.edu>]
+
+  *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is
+     not set then we don't setup the error code for issuer check errors
+     to avoid possibly overwriting other errors which the callback does
+     handle. If an application does set the flag then we assume it knows
+     what it is doing and can handle the new informational codes
+     appropriately.
+     [Steve Henson]
+
+  *) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for
+     a general "ANY" type, as such it should be able to decode anything
+     including tagged types. However it didn't check the class so it would
+     wrongly interpret tagged types in the same way as their universal
+     counterpart and unknown types were just rejected. Changed so that the
+     tagged and unknown types are handled in the same way as a SEQUENCE:
+     that is the encoding is stored intact. There is also a new type
+     "V_ASN1_OTHER" which is used when the class is not universal, in this
+     case we have no idea what the actual type is so we just lump them all
+     together.
+     [Steve Henson]
+
+  *) On VMS, stdout may very well lead to a file that is written to
+     in a record-oriented fashion.  That means that every write() will
+     write a separate record, which will be read separately by the
+     programs trying to read from it.  This can be very confusing.
+
+     The solution is to put a BIO filter in the way that will buffer
+     text until a linefeed is reached, and then write everything a
+     line at a time, so every record written will be an actual line,
+     not chunks of lines and not (usually doesn't happen, but I've
+     seen it once) several lines in one record.  BIO_f_linebuffer() is
+     the answer.
+
+     Currently, it's a VMS-only method, because that's where it has
+     been tested well enough.
+     [Richard Levitte]
+
+  *) Remove 'optimized' squaring variant in BN_mod_mul_montgomery,
+     it can return incorrect results.
+     (Note: The buggy variant was not enabled in OpenSSL 0.9.5a,
+     but it was in 0.9.6-beta[12].)
+     [Bodo Moeller]
+
+  *) Disable the check for content being present when verifying detached
+     signatures in pk7_smime.c. Some versions of Netscape (wrongly)
+     include zero length content when signing messages.
+     [Steve Henson]
+
+  *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR
+     BIO_ctrl (for BIO pairs).
+     [Bodo Möller]
+
+  *) Add DSO method for VMS.
+     [Richard Levitte]
+
+  *) Bug fix: Montgomery multiplication could produce results with the
+     wrong sign.
+     [Ulf Möller]
+
+  *) Add RPM specification openssl.spec and modify it to build three
+     packages.  The default package contains applications, application
+     documentation and run-time libraries.  The devel package contains
+     include files, static libraries and function documentation.  The
+     doc package contains the contents of the doc directory.  The original
+     openssl.spec was provided by Damien Miller <djm at mindrot.org>.
+     [Richard Levitte]
+     
+  *) Add a large number of documentation files for many SSL routines.
+     [Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>]
+
+  *) Add a configuration entry for Sony News 4.
+     [NAKAJI Hiroyuki <nakaji at tutrp.tut.ac.jp>]
+
+  *) Don't set the two most significant bits to one when generating a
+     random number < q in the DSA library.
+     [Ulf Möller]
+
+  *) New SSL API mode 'SSL_MODE_AUTO_RETRY'.  This disables the default
+     behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if
+     the underlying transport is blocking) if a handshake took place.
+     (The default behaviour is needed by applications such as s_client
+     and s_server that use select() to determine when to use SSL_read;
+     but for applications that know in advance when to expect data, it
+     just makes things more complicated.)
+     [Bodo Moeller]
+
+  *) Add RAND_egd_bytes(), which gives control over the number of bytes read
+     from EGD.
+     [Ben Laurie]
+
+  *) Add a few more EBCDIC conditionals that make `req' and `x509'
+     work better on such systems.
+     [Martin Kraemer <Martin.Kraemer at MchP.Siemens.De>]
+
+  *) Add two demo programs for PKCS12_parse() and PKCS12_create().
+     Update PKCS12_parse() so it copies the friendlyName and the
+     keyid to the certificates aux info.
+     [Steve Henson]
+
+  *) Fix bug in PKCS7_verify() which caused an infinite loop
+     if there was more than one signature.
+     [Sven Uszpelkat <su at celocom.de>]
+
+  *) Major change in util/mkdef.pl to include extra information
+     about each symbol, as well as presentig variables as well
+     as functions.  This change means that there's n more need
+     to rebuild the .num files when some algorithms are excluded.
+     [Richard Levitte]
+
+  *) Allow the verify time to be set by an application,
+     rather than always using the current time.
+     [Steve Henson]
+  
+  *) Phase 2 verify code reorganisation. The certificate
+     verify code now looks up an issuer certificate by a
+     number of criteria: subject name, authority key id
+     and key usage. It also verifies self signed certificates
+     by the same criteria. The main comparison function is
+     X509_check_issued() which performs these checks.
+ 
+     Lot of changes were necessary in order to support this
+     without completely rewriting the lookup code.
+ 
+     Authority and subject key identifier are now cached.
+ 
+     The LHASH 'certs' is X509_STORE has now been replaced
+     by a STACK_OF(X509_OBJECT). This is mainly because an
+     LHASH can't store or retrieve multiple objects with
+     the same hash value.
+
+     As a result various functions (which were all internal
+     use only) have changed to handle the new X509_STORE
+     structure. This will break anything that messed round
+     with X509_STORE internally.
+ 
+     The functions X509_STORE_add_cert() now checks for an
+     exact match, rather than just subject name.
+ 
+     The X509_STORE API doesn't directly support the retrieval
+     of multiple certificates matching a given criteria, however
+     this can be worked round by performing a lookup first
+     (which will fill the cache with candidate certificates)
+     and then examining the cache for matches. This is probably
+     the best we can do without throwing out X509_LOOKUP
+     entirely (maybe later...).
+ 
+     The X509_VERIFY_CTX structure has been enhanced considerably.
+ 
+     All certificate lookup operations now go via a get_issuer()
+     callback. Although this currently uses an X509_STORE it
+     can be replaced by custom lookups. This is a simple way
+     to bypass the X509_STORE hackery necessary to make this
+     work and makes it possible to use more efficient techniques
+     in future. A very simple version which uses a simple
+     STACK for its trusted certificate store is also provided
+     using X509_STORE_CTX_trusted_stack().
+ 
+     The verify_cb() and verify() callbacks now have equivalents
+     in the X509_STORE_CTX structure.
+ 
+     X509_STORE_CTX also has a 'flags' field which can be used
+     to customise the verify behaviour.
+     [Steve Henson]
+ 
+  *) Add new PKCS#7 signing option PKCS7_NOSMIMECAP which 
+     excludes S/MIME capabilities.
+     [Steve Henson]
+
+  *) When a certificate request is read in keep a copy of the
+     original encoding of the signed data and use it when outputing
+     again. Signatures then use the original encoding rather than
+     a decoded, encoded version which may cause problems if the
+     request is improperly encoded.
+     [Steve Henson]
+
+  *) For consistency with other BIO_puts implementations, call
+     buffer_write(b, ...) directly in buffer_puts instead of calling
+     BIO_write(b, ...).
+
+     In BIO_puts, increment b->num_write as in BIO_write.
+     [Peter.Sylvester at EdelWeb.fr]
+
+  *) Fix BN_mul_word for the case where the word is 0. (We have to use
+     BN_zero, we may not return a BIGNUM with an array consisting of
+     words set to zero.)
+     [Bodo Moeller]
+
+  *) Avoid calling abort() from within the library when problems are
+     detected, except if preprocessor symbols have been defined
+     (such as REF_CHECK, BN_DEBUG etc.).
+     [Bodo Moeller]
+
+  *) New openssl application 'rsautl'. This utility can be
+     used for low level RSA operations. DER public key
+     BIO/fp routines also added.
+     [Steve Henson]
+
+  *) New Configure entry and patches for compiling on QNX 4.
+     [Andreas Schneider <andreas at ds3.etech.fh-hamburg.de>]
+
+  *) A demo state-machine implementation was sponsored by
+     Nuron (http://www.nuron.com/) and is now available in
+     demos/state_machine.
+     [Ben Laurie]
+
+  *) New options added to the 'dgst' utility for signature
+     generation and verification.
+     [Steve Henson]
+
+  *) Unrecognized PKCS#7 content types are now handled via a
+     catch all ASN1_TYPE structure. This allows unsupported
+     types to be stored as a "blob" and an application can
+     encode and decode it manually.
+     [Steve Henson]
+
+  *) Fix various signed/unsigned issues to make a_strex.c
+     compile under VC++.
+     [Oscar Jacobsson <oscar.jacobsson at celocom.com>]
+
+  *) ASN1 fixes. i2d_ASN1_OBJECT was not returning the correct
+     length if passed a buffer. ASN1_INTEGER_to_BN failed
+     if passed a NULL BN and its argument was negative.
+     [Steve Henson, pointed out by Sven Heiberg <sven at tartu.cyber.ee>]
+
+  *) Modification to PKCS#7 encoding routines to output definite
+     length encoding. Since currently the whole structures are in
+     memory there's not real point in using indefinite length 
+     constructed encoding. However if OpenSSL is compiled with
+     the flag PKCS7_INDEFINITE_ENCODING the old form is used.
+     [Steve Henson]
+
+  *) Added BIO_vprintf() and BIO_vsnprintf().
+     [Richard Levitte]
+
+  *) Added more prefixes to parse for in the the strings written
+     through a logging bio, to cover all the levels that are available
+     through syslog.  The prefixes are now:
+
+	PANIC, EMERG, EMR	=>	LOG_EMERG
+	ALERT, ALR		=>	LOG_ALERT
+	CRIT, CRI		=>	LOG_CRIT
+	ERROR, ERR		=>	LOG_ERR
+	WARNING, WARN, WAR	=>	LOG_WARNING
+	NOTICE, NOTE, NOT	=>	LOG_NOTICE
+	INFO, INF		=>	LOG_INFO
+	DEBUG, DBG		=>	LOG_DEBUG
+
+     and as before, if none of those prefixes are present at the
+     beginning of the string, LOG_ERR is chosen.
+
+     On Win32, the LOG_* levels are mapped according to this:
+
+	LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR	=> EVENTLOG_ERROR_TYPE
+	LOG_WARNING				=> EVENTLOG_WARNING_TYPE
+	LOG_NOTICE, LOG_INFO, LOG_DEBUG		=> EVENTLOG_INFORMATION_TYPE
+
+     [Richard Levitte]
+
+  *) Made it possible to reconfigure with just the configuration
+     argument "reconf" or "reconfigure".  The command line arguments
+     are stored in Makefile.ssl in the variable CONFIGURE_ARGS,
+     and are retrieved from there when reconfiguring.
+     [Richard Levitte]
+
+  *) MD4 implemented.
+     [Assar Westerlund <assar at sics.se>, Richard Levitte]
+
+  *) Add the arguments -CAfile and -CApath to the pkcs12 utility.
+     [Richard Levitte]
+
+  *) The obj_dat.pl script was messing up the sorting of object
+     names. The reason was that it compared the quoted version
+     of strings as a result "OCSP" > "OCSP Signing" because
+     " > SPACE. Changed script to store unquoted versions of
+     names and add quotes on output. It was also omitting some
+     names from the lookup table if they were given a default
+     value (that is if SN is missing it is given the same
+     value as LN and vice versa), these are now added on the
+     grounds that if an object has a name we should be able to
+     look it up. Finally added warning output when duplicate
+     short or long names are found.
+     [Steve Henson]
+
+  *) Changes needed for Tandem NSK.
+     [Scott Uroff <scott at xypro.com>]
+
+  *) Fix SSL 2.0 rollback checking: Due to an off-by-one error in
+     RSA_padding_check_SSLv23(), special padding was never detected
+     and thus the SSL 3.0/TLS 1.0 countermeasure against protocol
+     version rollback attacks was not effective.
+
+     In s23_clnt.c, don't use special rollback-attack detection padding
+     (RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the
+     client; similarly, in s23_srvr.c, don't do the rollback check if
+     SSL 2.0 is the only protocol enabled in the server.
+     [Bodo Moeller]
+
+  *) Make it possible to get hexdumps of unprintable data with 'openssl
+     asn1parse'.  By implication, the functions ASN1_parse_dump() and
+     BIO_dump_indent() are added.
+     [Richard Levitte]
+
+  *) New functions ASN1_STRING_print_ex() and X509_NAME_print_ex()
+     these print out strings and name structures based on various
+     flags including RFC2253 support and proper handling of
+     multibyte characters. Added options to the 'x509' utility 
+     to allow the various flags to be set.
+     [Steve Henson]
+
+  *) Various fixes to use ASN1_TIME instead of ASN1_UTCTIME.
+     Also change the functions X509_cmp_current_time() and
+     X509_gmtime_adj() work with an ASN1_TIME structure,
+     this will enable certificates using GeneralizedTime in validity
+     dates to be checked.
+     [Steve Henson]
+
+  *) Make the NEG_PUBKEY_BUG code (which tolerates invalid
+     negative public key encodings) on by default,
+     NO_NEG_PUBKEY_BUG can be set to disable it.
+     [Steve Henson]
+
+  *) New function c2i_ASN1_OBJECT() which acts on ASN1_OBJECT
+     content octets. An i2c_ASN1_OBJECT is unnecessary because
+     the encoding can be trivially obtained from the structure.
+     [Steve Henson]
+
+  *) crypto/err.c locking bugfix: Use write locks (CRYPTO_w_[un]lock),
+     not read locks (CRYPTO_r_[un]lock).
+     [Bodo Moeller]
+
+  *) A first attempt at creating official support for shared
+     libraries through configuration.  I've kept it so the
+     default is static libraries only, and the OpenSSL programs
+     are always statically linked for now, but there are
+     preparations for dynamic linking in place.
+     This has been tested on Linux and Tru64.
+     [Richard Levitte]
+
+  *) Randomness polling function for Win9x, as described in:
+     Peter Gutmann, Software Generation of Practically Strong
+     Random Numbers.
+     [Ulf Möller]
+
+  *) Fix so PRNG is seeded in req if using an already existing
+     DSA key.
+     [Steve Henson]
+
+  *) New options to smime application. -inform and -outform
+     allow alternative formats for the S/MIME message including
+     PEM and DER. The -content option allows the content to be
+     specified separately. This should allow things like Netscape
+     form signing output easier to verify.
+     [Steve Henson]
+
+  *) Fix the ASN1 encoding of tags using the 'long form'.
+     [Steve Henson]
+
+  *) New ASN1 functions, i2c_* and c2i_* for INTEGER and BIT
+     STRING types. These convert content octets to and from the
+     underlying type. The actual tag and length octets are
+     already assumed to have been read in and checked. These
+     are needed because all other string types have virtually
+     identical handling apart from the tag. By having versions
+     of the ASN1 functions that just operate on content octets
+     IMPLICIT tagging can be handled properly. It also allows
+     the ASN1_ENUMERATED code to be cut down because ASN1_ENUMERATED
+     and ASN1_INTEGER are identical apart from the tag.
+     [Steve Henson]
+
+  *) Change the handling of OID objects as follows:
+
+     - New object identifiers are inserted in objects.txt, following
+       the syntax given in objects.README.
+     - objects.pl is used to process obj_mac.num and create a new
+       obj_mac.h.
+     - obj_dat.pl is used to create a new obj_dat.h, using the data in
+       obj_mac.h.
+
+     This is currently kind of a hack, and the perl code in objects.pl
+     isn't very elegant, but it works as I intended.  The simplest way
+     to check that it worked correctly is to look in obj_dat.h and
+     check the array nid_objs and make sure the objects haven't moved
+     around (this is important!).  Additions are OK, as well as
+     consistent name changes. 
+     [Richard Levitte]
+
+  *) Add BSD-style MD5-based passwords to 'openssl passwd' (option '-1').
+     [Bodo Moeller]
+
+  *) Addition of the command line parameter '-rand file' to 'openssl req'.
+     The given file adds to whatever has already been seeded into the
+     random pool through the RANDFILE configuration file option or
+     environment variable, or the default random state file.
+     [Richard Levitte]
+
+  *) mkstack.pl now sorts each macro group into lexical order.
+     Previously the output order depended on the order the files
+     appeared in the directory, resulting in needless rewriting
+     of safestack.h .
+     [Steve Henson]
+
+  *) Patches to make OpenSSL compile under Win32 again. Mostly
+     work arounds for the VC++ problem that it treats func() as
+     func(void). Also stripped out the parts of mkdef.pl that
+     added extra typesafe functions: these no longer exist.
+     [Steve Henson]
+
+  *) Reorganisation of the stack code. The macros are now all 
+     collected in safestack.h . Each macro is defined in terms of
+     a "stack macro" of the form SKM_<name>(type, a, b). The 
+     DEBUG_SAFESTACK is now handled in terms of function casts,
+     this has the advantage of retaining type safety without the
+     use of additional functions. If DEBUG_SAFESTACK is not defined
+     then the non typesafe macros are used instead. Also modified the
+     mkstack.pl script to handle the new form. Needs testing to see
+     if which (if any) compilers it chokes and maybe make DEBUG_SAFESTACK
+     the default if no major problems. Similar behaviour for ASN1_SET_OF
+     and PKCS12_STACK_OF.
+     [Steve Henson]
+
+  *) When some versions of IIS use the 'NET' form of private key the
+     key derivation algorithm is different. Normally MD5(password) is
+     used as a 128 bit RC4 key. In the modified case
+     MD5(MD5(password) + "SGCKEYSALT")  is used insted. Added some
+     new functions i2d_RSA_NET(), d2i_RSA_NET() etc which are the same
+     as the old Netscape_RSA functions except they have an additional
+     'sgckey' parameter which uses the modified algorithm. Also added
+     an -sgckey command line option to the rsa utility. Thanks to 
+     Adrian Peck <bertie at ncipher.com> for posting details of the modified
+     algorithm to openssl-dev.
+     [Steve Henson]
+
+  *) The evp_local.h macros were using 'c.##kname' which resulted in
+     invalid expansion on some systems (SCO 5.0.5 for example).
+     Corrected to 'c.kname'.
+     [Phillip Porch <root at theporch.com>]
+
+  *) New X509_get1_email() and X509_REQ_get1_email() functions that return
+     a STACK of email addresses from a certificate or request, these look
+     in the subject name and the subject alternative name extensions and 
+     omit any duplicate addresses.
+     [Steve Henson]
+
+  *) Re-implement BN_mod_exp2_mont using independent (and larger) windows.
+     This makes DSA verification about 2 % faster.
+     [Bodo Moeller]
+
+  *) Increase maximum window size in BN_mod_exp_... to 6 bits instead of 5
+     (meaning that now 2^5 values will be precomputed, which is only 4 KB
+     plus overhead for 1024 bit moduli).
+     This makes exponentiations about 0.5 % faster for 1024 bit
+     exponents (as measured by "openssl speed rsa2048").
+     [Bodo Moeller]
+
+  *) Rename memory handling macros to avoid conflicts with other
+     software:
+          Malloc         =>  OPENSSL_malloc
+          Malloc_locked  =>  OPENSSL_malloc_locked
+          Realloc        =>  OPENSSL_realloc
+          Free           =>  OPENSSL_free
+     [Richard Levitte]
+
+  *) New function BN_mod_exp_mont_word for small bases (roughly 15%
+     faster than BN_mod_exp_mont, i.e. 7% for a full DH exchange).
+     [Bodo Moeller]
+
+  *) CygWin32 support.
+     [John Jarvie <jjarvie at newsguy.com>]
+
+  *) The type-safe stack code has been rejigged. It is now only compiled
+     in when OpenSSL is configured with the DEBUG_SAFESTACK option and
+     by default all type-specific stack functions are "#define"d back to
+     standard stack functions. This results in more streamlined output
+     but retains the type-safety checking possibilities of the original
+     approach.
+     [Geoff Thorpe]
+
+  *) The STACK code has been cleaned up, and certain type declarations
+     that didn't make a lot of sense have been brought in line. This has
+     also involved a cleanup of sorts in safestack.h to more correctly
+     map type-safe stack functions onto their plain stack counterparts.
+     This work has also resulted in a variety of "const"ifications of
+     lots of the code, especially "_cmp" operations which should normally
+     be prototyped with "const" parameters anyway.
+     [Geoff Thorpe]
+
+  *) When generating bytes for the first time in md_rand.c, 'stir the pool'
+     by seeding with STATE_SIZE dummy bytes (with zero entropy count).
+     (The PRNG state consists of two parts, the large pool 'state' and 'md',
+     where all of 'md' is used each time the PRNG is used, but 'state'
+     is used only indexed by a cyclic counter. As entropy may not be
+     well distributed from the beginning, 'md' is important as a
+     chaining variable. However, the output function chains only half
+     of 'md', i.e. 80 bits.  ssleay_rand_add, on the other hand, chains
+     all of 'md', and seeding with STATE_SIZE dummy bytes will result
+     in all of 'state' being rewritten, with the new values depending
+     on virtually all of 'md'.  This overcomes the 80 bit limitation.)
+     [Bodo Moeller]
+
+  *) In ssl/s2_clnt.c and ssl/s3_clnt.c, call ERR_clear_error() when
+     the handshake is continued after ssl_verify_cert_chain();
+     otherwise, if SSL_VERIFY_NONE is set, remaining error codes
+     can lead to 'unexplainable' connection aborts later.
+     [Bodo Moeller; problem tracked down by Lutz Jaenicke]
+
+  *) Major EVP API cipher revision.
+     Add hooks for extra EVP features. This allows various cipher
+     parameters to be set in the EVP interface. Support added for variable
+     key length ciphers via the EVP_CIPHER_CTX_set_key_length() function and
+     setting of RC2 and RC5 parameters.
+
+     Modify EVP_OpenInit() and EVP_SealInit() to cope with variable key length
+     ciphers.
+
+     Remove lots of duplicated code from the EVP library. For example *every*
+     cipher init() function handles the 'iv' in the same way according to the
+     cipher mode. They also all do nothing if the 'key' parameter is NULL and
+     for CFB and OFB modes they zero ctx->num.
+
+     New functionality allows removal of S/MIME code RC2 hack.
+
+     Most of the routines have the same form and so can be declared in terms
+     of macros.
+
+     By shifting this to the top level EVP_CipherInit() it can be removed from
+     all individual ciphers. If the cipher wants to handle IVs or keys
+     differently it can set the EVP_CIPH_CUSTOM_IV or EVP_CIPH_ALWAYS_CALL_INIT
+     flags.
+
+     Change lots of functions like EVP_EncryptUpdate() to now return a
+     value: although software versions of the algorithms cannot fail
+     any installed hardware versions can.
+     [Steve Henson]
+
+  *) Implement SSL_OP_TLS_ROLLBACK_BUG: In ssl3_get_client_key_exchange, if
+     this option is set, tolerate broken clients that send the negotiated
+     protocol version number instead of the requested protocol version
+     number.
+     [Bodo Moeller]
+
+  *) Call dh_tmp_cb (set by ..._TMP_DH_CB) with correct 'is_export' flag;
+     i.e. non-zero for export ciphersuites, zero otherwise.
+     Previous versions had this flag inverted, inconsistent with
+     rsa_tmp_cb (..._TMP_RSA_CB).
+     [Bodo Moeller; problem reported by Amit Chopra]
+
+  *) Add missing DSA library text string. Work around for some IIS
+     key files with invalid SEQUENCE encoding.
+     [Steve Henson]
+
+  *) Add a document (doc/standards.txt) that list all kinds of standards
+     and so on that are implemented in OpenSSL.
+     [Richard Levitte]
+
+  *) Enhance c_rehash script. Old version would mishandle certificates
+     with the same subject name hash and wouldn't handle CRLs at all.
+     Added -fingerprint option to crl utility, to support new c_rehash
+     features.
+     [Steve Henson]
+
+  *) Eliminate non-ANSI declarations in crypto.h and stack.h.
+     [Ulf Möller]
+
+  *) Fix for SSL server purpose checking. Server checking was
+     rejecting certificates which had extended key usage present
+     but no ssl client purpose.
+     [Steve Henson, reported by Rene Grosser <grosser at hisolutions.com>]
+
+  *) Make PKCS#12 code work with no password. The PKCS#12 spec
+     is a little unclear about how a blank password is handled.
+     Since the password in encoded as a BMPString with terminating
+     double NULL a zero length password would end up as just the
+     double NULL. However no password at all is different and is
+     handled differently in the PKCS#12 key generation code. NS
+     treats a blank password as zero length. MSIE treats it as no
+     password on export: but it will try both on import. We now do
+     the same: PKCS12_parse() tries zero length and no password if
+     the password is set to "" or NULL (NULL is now a valid password:
+     it wasn't before) as does the pkcs12 application.
+     [Steve Henson]
+
+  *) Bugfixes in apps/x509.c: Avoid a memory leak; and don't use
+     perror when PEM_read_bio_X509_REQ fails, the error message must
+     be obtained from the error queue.
+     [Bodo Moeller]
+
+  *) Avoid 'thread_hash' memory leak in crypto/err/err.c by freeing
+     it in ERR_remove_state if appropriate, and change ERR_get_state
+     accordingly to avoid race conditions (this is necessary because
+     thread_hash is no longer constant once set).
+     [Bodo Moeller]
+
+  *) Bugfix for linux-elf makefile.one.
+     [Ulf Möller]
+
+  *) RSA_get_default_method() will now cause a default
+     RSA_METHOD to be chosen if one doesn't exist already.
+     Previously this was only set during a call to RSA_new()
+     or RSA_new_method(NULL) meaning it was possible for
+     RSA_get_default_method() to return NULL.
+     [Geoff Thorpe]
+
+  *) Added native name translation to the existing DSO code
+     that will convert (if the flag to do so is set) filenames
+     that are sufficiently small and have no path information
+     into a canonical native form. Eg. "blah" converted to
+     "libblah.so" or "blah.dll" etc.
+     [Geoff Thorpe]
+
+  *) New function ERR_error_string_n(e, buf, len) which is like
+     ERR_error_string(e, buf), but writes at most 'len' bytes
+     including the 0 terminator.  For ERR_error_string_n, 'buf'
+     may not be NULL.
+     [Damien Miller <djm at mindrot.org>, Bodo Moeller]
+
+  *) CONF library reworked to become more general.  A new CONF
+     configuration file reader "class" is implemented as well as a
+     new functions (NCONF_*, for "New CONF") to handle it.  The now
+     old CONF_* functions are still there, but are reimplemented to
+     work in terms of the new functions.  Also, a set of functions
+     to handle the internal storage of the configuration data is
+     provided to make it easier to write new configuration file
+     reader "classes" (I can definitely see something reading a
+     configuration file in XML format, for example), called _CONF_*,
+     or "the configuration storage API"...
+
+     The new configuration file reading functions are:
+
+        NCONF_new, NCONF_free, NCONF_load, NCONF_load_fp, NCONF_load_bio,
+        NCONF_get_section, NCONF_get_string, NCONF_get_numbre
+
+        NCONF_default, NCONF_WIN32
+
+        NCONF_dump_fp, NCONF_dump_bio
+
+     NCONF_default and NCONF_WIN32 are method (or "class") choosers,
+     NCONF_new creates a new CONF object.  This works in the same way
+     as other interfaces in OpenSSL, like the BIO interface.
+     NCONF_dump_* dump the internal storage of the configuration file,
+     which is useful for debugging.  All other functions take the same
+     arguments as the old CONF_* functions wth the exception of the
+     first that must be a `CONF *' instead of a `LHASH *'.
+
+     To make it easer to use the new classes with the old CONF_* functions,
+     the function CONF_set_default_method is provided.
+     [Richard Levitte]
+
+  *) Add '-tls1' option to 'openssl ciphers', which was already
+     mentioned in the documentation but had not been implemented.
+     (This option is not yet really useful because even the additional
+     experimental TLS 1.0 ciphers are currently treated as SSL 3.0 ciphers.)
+     [Bodo Moeller]
+
+  *) Initial DSO code added into libcrypto for letting OpenSSL (and
+     OpenSSL-based applications) load shared libraries and bind to
+     them in a portable way.
+     [Geoff Thorpe, with contributions from Richard Levitte]
+
+ Changes between 0.9.5 and 0.9.5a  [1 Apr 2000]
+
+  *) Make sure _lrotl and _lrotr are only used with MSVC.
+
+  *) Use lock CRYPTO_LOCK_RAND correctly in ssleay_rand_status
+     (the default implementation of RAND_status).
+
+  *) Rename openssl x509 option '-crlext', which was added in 0.9.5,
+     to '-clrext' (= clear extensions), as intended and documented.
+     [Bodo Moeller; inconsistency pointed out by Michael Attili
+     <attili at amaxo.com>]
+
+  *) Fix for HMAC. It wasn't zeroing the rest of the block if the key length
+     was larger than the MD block size.      
+     [Steve Henson, pointed out by Yost William <YostW at tce.com>]
+
+  *) Modernise PKCS12_parse() so it uses STACK_OF(X509) for its ca argument
+     fix a leak when the ca argument was passed as NULL. Stop X509_PUBKEY_set()
+     using the passed key: if the passed key was a private key the result
+     of X509_print(), for example, would be to print out all the private key
+     components.
+     [Steve Henson]
+
+  *) des_quad_cksum() byte order bug fix.
+     [Ulf Möller, using the problem description in krb4-0.9.7, where
+      the solution is attributed to Derrick J Brashear <shadow at DEMENTIA.ORG>]
+
+  *) Fix so V_ASN1_APP_CHOOSE works again: however its use is strongly
+     discouraged.
+     [Steve Henson, pointed out by Brian Korver <briank at cs.stanford.edu>]
+
+  *) For easily testing in shell scripts whether some command
+     'openssl XXX' exists, the new pseudo-command 'openssl no-XXX'
+     returns with exit code 0 iff no command of the given name is available.
+     'no-XXX' is printed in this case, 'XXX' otherwise.  In both cases,
+     the output goes to stdout and nothing is printed to stderr.
+     Additional arguments are always ignored.
+
+     Since for each cipher there is a command of the same name,
+     the 'no-cipher' compilation switches can be tested this way.
+
+     ('openssl no-XXX' is not able to detect pseudo-commands such
+     as 'quit', 'list-XXX-commands', or 'no-XXX' itself.)
+     [Bodo Moeller]
+
+  *) Update test suite so that 'make test' succeeds in 'no-rsa' configuration.
+     [Bodo Moeller]
+
+  *) For SSL_[CTX_]set_tmp_dh, don't create a DH key if SSL_OP_SINGLE_DH_USE
+     is set; it will be thrown away anyway because each handshake creates
+     its own key.
+     ssl_cert_dup, which is used by SSL_new, now copies DH keys in addition
+     to parameters -- in previous versions (since OpenSSL 0.9.3) the
+     'default key' from SSL_CTX_set_tmp_dh would always be lost, meanining
+     you effectivly got SSL_OP_SINGLE_DH_USE when using this macro.
+     [Bodo Moeller]
+
+  *) New s_client option -ign_eof: EOF at stdin is ignored, and
+     'Q' and 'R' lose their special meanings (quit/renegotiate).
+     This is part of what -quiet does; unlike -quiet, -ign_eof
+     does not suppress any output.
+     [Richard Levitte]
+
+  *) Add compatibility options to the purpose and trust code. The
+     purpose X509_PURPOSE_ANY is "any purpose" which automatically
+     accepts a certificate or CA, this was the previous behaviour,
+     with all the associated security issues.
+
+     X509_TRUST_COMPAT is the old trust behaviour: only and
+     automatically trust self signed roots in certificate store. A
+     new trust setting X509_TRUST_DEFAULT is used to specify that
+     a purpose has no associated trust setting and it should instead
+     use the value in the default purpose.
+     [Steve Henson]
+
+  *) Fix the PKCS#8 DSA private key code so it decodes keys again
+     and fix a memory leak.
+     [Steve Henson]
+
+  *) In util/mkerr.pl (which implements 'make errors'), preserve
+     reason strings from the previous version of the .c file, as
+     the default to have only downcase letters (and digits) in
+     automatically generated reasons codes is not always appropriate.
+     [Bodo Moeller]
+
+  *) In ERR_load_ERR_strings(), build an ERR_LIB_SYS error reason table
+     using strerror.  Previously, ERR_reason_error_string() returned
+     library names as reason strings for SYSerr; but SYSerr is a special
+     case where small numbers are errno values, not library numbers.
+     [Bodo Moeller]
+
+  *) Add '-dsaparam' option to 'openssl dhparam' application.  This
+     converts DSA parameters into DH parameters. (When creating parameters,
+     DSA_generate_parameters is used.)
+     [Bodo Moeller]
+
+  *) Include 'length' (recommended exponent length) in C code generated
+     by 'openssl dhparam -C'.
+     [Bodo Moeller]
+
+  *) The second argument to set_label in perlasm was already being used
+     so couldn't be used as a "file scope" flag. Moved to third argument
+     which was free.
+     [Steve Henson]
+
+  *) In PEM_ASN1_write_bio and some other functions, use RAND_pseudo_bytes
+     instead of RAND_bytes for encryption IVs and salts.
+     [Bodo Moeller]
+
+  *) Include RAND_status() into RAND_METHOD instead of implementing
+     it only for md_rand.c  Otherwise replacing the PRNG by calling
+     RAND_set_rand_method would be impossible.
+     [Bodo Moeller]
+
+  *) Don't let DSA_generate_key() enter an infinite loop if the random
+     number generation fails.
+     [Bodo Moeller]
+
+  *) New 'rand' application for creating pseudo-random output.
+     [Bodo Moeller]
+
+  *) Added configuration support for Linux/IA64
+     [Rolf Haberrecker <rolf at suse.de>]
+
+  *) Assembler module support for Mingw32.
+     [Ulf Möller]
+
+  *) Shared library support for HPUX (in shlib/).
+     [Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE> and Anonymous]
+
+  *) Shared library support for Solaris gcc.
+     [Lutz Behnke <behnke at trustcenter.de>]
+
+ Changes between 0.9.4 and 0.9.5  [28 Feb 2000]
+
+  *) PKCS7_encrypt() was adding text MIME headers twice because they
+     were added manually and by SMIME_crlf_copy().
+     [Steve Henson]
+
+  *) In bntest.c don't call BN_rand with zero bits argument.
+     [Steve Henson, pointed out by Andrew W. Gray <agray at iconsinc.com>]
+
+  *) BN_mul bugfix: In bn_mul_part_recursion() only the a>a[n] && b>b[n]
+     case was implemented. This caused BN_div_recp() to fail occasionally.
+     [Ulf Möller]
+
+  *) Add an optional second argument to the set_label() in the perl
+     assembly language builder. If this argument exists and is set
+     to 1 it signals that the assembler should use a symbol whose 
+     scope is the entire file, not just the current function. This
+     is needed with MASM which uses the format label:: for this scope.
+     [Steve Henson, pointed out by Peter Runestig <peter at runestig.com>]
+
+  *) Change the ASN1 types so they are typedefs by default. Before
+     almost all types were #define'd to ASN1_STRING which was causing
+     STACK_OF() problems: you couldn't declare STACK_OF(ASN1_UTF8STRING)
+     for example.
+     [Steve Henson]
+
+  *) Change names of new functions to the new get1/get0 naming
+     convention: After 'get1', the caller owns a reference count
+     and has to call ..._free; 'get0' returns a pointer to some
+     data structure without incrementing reference counters.
+     (Some of the existing 'get' functions increment a reference
+     counter, some don't.)
+     Similarly, 'set1' and 'add1' functions increase reference
+     counters or duplicate objects.
+     [Steve Henson]
+
+  *) Allow for the possibility of temp RSA key generation failure:
+     the code used to assume it always worked and crashed on failure.
+     [Steve Henson]
+
+  *) Fix potential buffer overrun problem in BIO_printf().
+     [Ulf Möller, using public domain code by Patrick Powell; problem
+      pointed out by David Sacerdote <das33 at cornell.edu>]
+
+  *) Support EGD <http://www.lothar.com/tech/crypto/>.  New functions
+     RAND_egd() and RAND_status().  In the command line application,
+     the EGD socket can be specified like a seed file using RANDFILE
+     or -rand.
+     [Ulf Möller]
+
+  *) Allow the string CERTIFICATE to be tolerated in PKCS#7 structures.
+     Some CAs (e.g. Verisign) distribute certificates in this form.
+     [Steve Henson]
+
+  *) Remove the SSL_ALLOW_ADH compile option and set the default cipher
+     list to exclude them. This means that no special compilation option
+     is needed to use anonymous DH: it just needs to be included in the
+     cipher list.
+     [Steve Henson]
+
+  *) Change the EVP_MD_CTX_type macro so its meaning consistent with
+     EVP_MD_type. The old functionality is available in a new macro called
+     EVP_MD_md(). Change code that uses it and update docs.
+     [Steve Henson]
+
+  *) ..._ctrl functions now have corresponding ..._callback_ctrl functions
+     where the 'void *' argument is replaced by a function pointer argument.
+     Previously 'void *' was abused to point to functions, which works on
+     many platforms, but is not correct.  As these functions are usually
+     called by macros defined in OpenSSL header files, most source code
+     should work without changes.
+     [Richard Levitte]
+
+  *) <openssl/opensslconf.h> (which is created by Configure) now contains
+     sections with information on -D... compiler switches used for
+     compiling the library so that applications can see them.  To enable
+     one of these sections, a pre-processor symbol OPENSSL_..._DEFINES
+     must be defined.  E.g.,
+        #define OPENSSL_ALGORITHM_DEFINES
+        #include <openssl/opensslconf.h>
+     defines all pertinent NO_<algo> symbols, such as NO_IDEA, NO_RSA, etc.
+     [Richard Levitte, Ulf and Bodo Möller]
+
+  *) Bugfix: Tolerate fragmentation and interleaving in the SSL 3/TLS
+     record layer.
+     [Bodo Moeller]
+
+  *) Change the 'other' type in certificate aux info to a STACK_OF
+     X509_ALGOR. Although not an AlgorithmIdentifier as such it has
+     the required ASN1 format: arbitrary types determined by an OID.
+     [Steve Henson]
+
+  *) Add some PEM_write_X509_REQ_NEW() functions and a command line
+     argument to 'req'. This is not because the function is newer or
+     better than others it just uses the work 'NEW' in the certificate
+     request header lines. Some software needs this.
+     [Steve Henson]
+
+  *) Reorganise password command line arguments: now passwords can be
+     obtained from various sources. Delete the PEM_cb function and make
+     it the default behaviour: i.e. if the callback is NULL and the
+     usrdata argument is not NULL interpret it as a null terminated pass
+     phrase. If usrdata and the callback are NULL then the pass phrase
+     is prompted for as usual.
+     [Steve Henson]
+
+  *) Add support for the Compaq Atalla crypto accelerator. If it is installed,
+     the support is automatically enabled. The resulting binaries will
+     autodetect the card and use it if present.
+     [Ben Laurie and Compaq Inc.]
+
+  *) Work around for Netscape hang bug. This sends certificate request
+     and server done in one record. Since this is perfectly legal in the
+     SSL/TLS protocol it isn't a "bug" option and is on by default. See
+     the bugs/SSLv3 entry for more info.
+     [Steve Henson]
+
+  *) HP-UX tune-up: new unified configs, HP C compiler bug workaround.
+     [Andy Polyakov]
+
+  *) Add -rand argument to smime and pkcs12 applications and read/write
+     of seed file.
+     [Steve Henson]
+
+  *) New 'passwd' tool for crypt(3) and apr1 password hashes.
+     [Bodo Moeller]
+
+  *) Add command line password options to the remaining applications.
+     [Steve Henson]
+
+  *) Bug fix for BN_div_recp() for numerators with an even number of
+     bits.
+     [Ulf Möller]
+
+  *) More tests in bntest.c, and changed test_bn output.
+     [Ulf Möller]
+
+  *) ./config recognizes MacOS X now.
+     [Andy Polyakov]
+
+  *) Bug fix for BN_div() when the first words of num and divsor are
+     equal (it gave wrong results if (rem=(n1-q*d0)&BN_MASK2) < d0).
+     [Ulf Möller]
+
+  *) Add support for various broken PKCS#8 formats, and command line
+     options to produce them.
+     [Steve Henson]
+
+  *) New functions BN_CTX_start(), BN_CTX_get() and BT_CTX_end() to
+     get temporary BIGNUMs from a BN_CTX.
+     [Ulf Möller]
+
+  *) Correct return values in BN_mod_exp_mont() and BN_mod_exp2_mont()
+     for p == 0.
+     [Ulf Möller]
+
+  *) Change the SSLeay_add_all_*() functions to OpenSSL_add_all_*() and
+     include a #define from the old name to the new. The original intent
+     was that statically linked binaries could for example just call
+     SSLeay_add_all_ciphers() to just add ciphers to the table and not
+     link with digests. This never worked becayse SSLeay_add_all_digests()
+     and SSLeay_add_all_ciphers() were in the same source file so calling
+     one would link with the other. They are now in separate source files.
+     [Steve Henson]
+
+  *) Add a new -notext option to 'ca' and a -pubkey option to 'spkac'.
+     [Steve Henson]
+
+  *) Use a less unusual form of the Miller-Rabin primality test (it used
+     a binary algorithm for exponentiation integrated into the Miller-Rabin
+     loop, our standard modexp algorithms are faster).
+     [Bodo Moeller]
+
+  *) Support for the EBCDIC character set completed.
+     [Martin Kraemer <Martin.Kraemer at Mch.SNI.De>]
+
+  *) Source code cleanups: use const where appropriate, eliminate casts,
+     use void * instead of char * in lhash.
+     [Ulf Möller] 
+
+  *) Bugfix: ssl3_send_server_key_exchange was not restartable
+     (the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of
+     this the server could overwrite ephemeral keys that the client
+     has already seen).
+     [Bodo Moeller]
+
+  *) Turn DSA_is_prime into a macro that calls BN_is_prime,
+     using 50 iterations of the Rabin-Miller test.
+
+     DSA_generate_parameters now uses BN_is_prime_fasttest (with 50
+     iterations of the Rabin-Miller test as required by the appendix
+     to FIPS PUB 186[-1]) instead of DSA_is_prime.
+     As BN_is_prime_fasttest includes trial division, DSA parameter
+     generation becomes much faster.
+
+     This implies a change for the callback functions in DSA_is_prime
+     and DSA_generate_parameters: The callback function is called once
+     for each positive witness in the Rabin-Miller test, not just
+     occasionally in the inner loop; and the parameters to the
+     callback function now provide an iteration count for the outer
+     loop rather than for the current invocation of the inner loop.
+     DSA_generate_parameters additionally can call the callback
+     function with an 'iteration count' of -1, meaning that a
+     candidate has passed the trial division test (when q is generated 
+     from an application-provided seed, trial division is skipped).
+     [Bodo Moeller]
+
+  *) New function BN_is_prime_fasttest that optionally does trial
+     division before starting the Rabin-Miller test and has
+     an additional BN_CTX * argument (whereas BN_is_prime always
+     has to allocate at least one BN_CTX).
+     'callback(1, -1, cb_arg)' is called when a number has passed the
+     trial division stage.
+     [Bodo Moeller]
+
+  *) Fix for bug in CRL encoding. The validity dates weren't being handled
+     as ASN1_TIME.
+     [Steve Henson]
+
+  *) New -pkcs12 option to CA.pl script to write out a PKCS#12 file.
+     [Steve Henson]
+
+  *) New function BN_pseudo_rand().
+     [Ulf Möller]
+
+  *) Clean up BN_mod_mul_montgomery(): replace the broken (and unreadable)
+     bignum version of BN_from_montgomery() with the working code from
+     SSLeay 0.9.0 (the word based version is faster anyway), and clean up
+     the comments.
+     [Ulf Möller]
+
+  *) Avoid a race condition in s2_clnt.c (function get_server_hello) that
+     made it impossible to use the same SSL_SESSION data structure in
+     SSL2 clients in multiple threads.
+     [Bodo Moeller]
+
+  *) The return value of RAND_load_file() no longer counts bytes obtained
+     by stat().  RAND_load_file(..., -1) is new and uses the complete file
+     to seed the PRNG (previously an explicit byte count was required).
+     [Ulf Möller, Bodo Möller]
+
+  *) Clean up CRYPTO_EX_DATA functions, some of these didn't have prototypes
+     used (char *) instead of (void *) and had casts all over the place.
+     [Steve Henson]
+
+  *) Make BN_generate_prime() return NULL on error if ret!=NULL.
+     [Ulf Möller]
+
+  *) Retain source code compatibility for BN_prime_checks macro:
+     BN_is_prime(..., BN_prime_checks, ...) now uses
+     BN_prime_checks_for_size to determine the appropriate number of
+     Rabin-Miller iterations.
+     [Ulf Möller]
+
+  *) Diffie-Hellman uses "safe" primes: DH_check() return code renamed to
+     DH_CHECK_P_NOT_SAFE_PRIME.
+     (Check if this is true? OpenPGP calls them "strong".)
+     [Ulf Möller]
+
+  *) Merge the functionality of "dh" and "gendh" programs into a new program
+     "dhparam". The old programs are retained for now but will handle DH keys
+     (instead of parameters) in future.
+     [Steve Henson]
+
+  *) Make the ciphers, s_server and s_client programs check the return values
+     when a new cipher list is set.
+     [Steve Henson]
+
+  *) Enhance the SSL/TLS cipher mechanism to correctly handle the TLS 56bit
+     ciphers. Before when the 56bit ciphers were enabled the sorting was
+     wrong.
+
+     The syntax for the cipher sorting has been extended to support sorting by
+     cipher-strength (using the strength_bits hard coded in the tables).
+     The new command is "@STRENGTH" (see also doc/apps/ciphers.pod).
+
+     Fix a bug in the cipher-command parser: when supplying a cipher command
+     string with an "undefined" symbol (neither command nor alphanumeric
+     [A-Za-z0-9], ssl_set_cipher_list used to hang in an endless loop. Now
+     an error is flagged.
+
+     Due to the strength-sorting extension, the code of the
+     ssl_create_cipher_list() function was completely rearranged. I hope that
+     the readability was also increased :-)
+     [Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>]
+
+  *) Minor change to 'x509' utility. The -CAcreateserial option now uses 1
+     for the first serial number and places 2 in the serial number file. This
+     avoids problems when the root CA is created with serial number zero and
+     the first user certificate has the same issuer name and serial number
+     as the root CA.
+     [Steve Henson]
+
+  *) Fixes to X509_ATTRIBUTE utilities, change the 'req' program so it uses
+     the new code. Add documentation for this stuff.
+     [Steve Henson]
+
+  *) Changes to X509_ATTRIBUTE utilities. These have been renamed from
+     X509_*() to X509at_*() on the grounds that they don't handle X509
+     structures and behave in an analagous way to the X509v3 functions:
+     they shouldn't be called directly but wrapper functions should be used
+     instead.
+
+     So we also now have some wrapper functions that call the X509at functions
+     when passed certificate requests. (TO DO: similar things can be done with
+     PKCS#7 signed and unsigned attributes, PKCS#12 attributes and a few other
+     things. Some of these need some d2i or i2d and print functionality
+     because they handle more complex structures.)
+     [Steve Henson]
+
+  *) Add missing #ifndefs that caused missing symbols when building libssl
+     as a shared library without RSA.  Use #ifndef NO_SSL2 instead of
+     NO_RSA in ssl/s2*.c. 
+     [Kris Kennaway <kris at hub.freebsd.org>, modified by Ulf Möller]
+
+  *) Precautions against using the PRNG uninitialized: RAND_bytes() now
+     has a return value which indicates the quality of the random data
+     (1 = ok, 0 = not seeded).  Also an error is recorded on the thread's
+     error queue. New function RAND_pseudo_bytes() generates output that is
+     guaranteed to be unique but not unpredictable. RAND_add is like
+     RAND_seed, but takes an extra argument for an entropy estimate
+     (RAND_seed always assumes full entropy).
+     [Ulf Möller]
+
+  *) Do more iterations of Rabin-Miller probable prime test (specifically,
+     3 for 1024-bit primes, 6 for 512-bit primes, 12 for 256-bit primes
+     instead of only 2 for all lengths; see BN_prime_checks_for_size definition
+     in crypto/bn/bn_prime.c for the complete table).  This guarantees a
+     false-positive rate of at most 2^-80 for random input.
+     [Bodo Moeller]
+
+  *) Rewrite ssl3_read_n (ssl/s3_pkt.c) avoiding a couple of bugs.
+     [Bodo Moeller]
+
+  *) New function X509_CTX_rget_chain() (renamed to X509_CTX_get1_chain
+     in the 0.9.5 release), this returns the chain
+     from an X509_CTX structure with a dup of the stack and all
+     the X509 reference counts upped: so the stack will exist
+     after X509_CTX_cleanup() has been called. Modify pkcs12.c
+     to use this.
+
+     Also make SSL_SESSION_print() print out the verify return
+     code.
+     [Steve Henson]
+
+  *) Add manpage for the pkcs12 command. Also change the default
+     behaviour so MAC iteration counts are used unless the new
+     -nomaciter option is used. This improves file security and
+     only older versions of MSIE (4.0 for example) need it.
+     [Steve Henson]
+
+  *) Honor the no-xxx Configure options when creating .DEF files.
+     [Ulf Möller]
+
+  *) Add PKCS#10 attributes to field table: challengePassword, 
+     unstructuredName and unstructuredAddress. These are taken from
+     draft PKCS#9 v2.0 but are compatible with v1.2 provided no 
+     international characters are used.
+
+     More changes to X509_ATTRIBUTE code: allow the setting of types
+     based on strings. Remove the 'loc' parameter when adding
+     attributes because these will be a SET OF encoding which is sorted
+     in ASN1 order.
+     [Steve Henson]
+
+  *) Initial changes to the 'req' utility to allow request generation
+     automation. This will allow an application to just generate a template
+     file containing all the field values and have req construct the
+     request.
+
+     Initial support for X509_ATTRIBUTE handling. Stacks of these are
+     used all over the place including certificate requests and PKCS#7
+     structures. They are currently handled manually where necessary with
+     some primitive wrappers for PKCS#7. The new functions behave in a
+     manner analogous to the X509 extension functions: they allow
+     attributes to be looked up by NID and added.
+
+     Later something similar to the X509V3 code would be desirable to
+     automatically handle the encoding, decoding and printing of the
+     more complex types. The string types like challengePassword can
+     be handled by the string table functions.
+
+     Also modified the multi byte string table handling. Now there is
+     a 'global mask' which masks out certain types. The table itself
+     can use the flag STABLE_NO_MASK to ignore the mask setting: this
+     is useful when for example there is only one permissible type
+     (as in countryName) and using the mask might result in no valid
+     types at all.
+     [Steve Henson]
+
+  *) Clean up 'Finished' handling, and add functions SSL_get_finished and
+     SSL_get_peer_finished to allow applications to obtain the latest
+     Finished messages sent to the peer or expected from the peer,
+     respectively.  (SSL_get_peer_finished is usually the Finished message
+     actually received from the peer, otherwise the protocol will be aborted.)
+
+     As the Finished message are message digests of the complete handshake
+     (with a total of 192 bits for TLS 1.0 and more for SSL 3.0), they can
+     be used for external authentication procedures when the authentication
+     provided by SSL/TLS is not desired or is not enough.
+     [Bodo Moeller]
+
+  *) Enhanced support for Alpha Linux is added. Now ./config checks if
+     the host supports BWX extension and if Compaq C is present on the
+     $PATH. Just exploiting of the BWX extension results in 20-30%
+     performance kick for some algorithms, e.g. DES and RC4 to mention
+     a couple. Compaq C in turn generates ~20% faster code for MD5 and
+     SHA1.
+     [Andy Polyakov]
+
+  *) Add support for MS "fast SGC". This is arguably a violation of the
+     SSL3/TLS protocol. Netscape SGC does two handshakes: the first with
+     weak crypto and after checking the certificate is SGC a second one
+     with strong crypto. MS SGC stops the first handshake after receiving
+     the server certificate message and sends a second client hello. Since
+     a server will typically do all the time consuming operations before
+     expecting any further messages from the client (server key exchange
+     is the most expensive) there is little difference between the two.
+
+     To get OpenSSL to support MS SGC we have to permit a second client
+     hello message after we have sent server done. In addition we have to
+     reset the MAC if we do get this second client hello.
+     [Steve Henson]
+
+  *) Add a function 'd2i_AutoPrivateKey()' this will automatically decide
+     if a DER encoded private key is RSA or DSA traditional format. Changed
+     d2i_PrivateKey_bio() to use it. This is only needed for the "traditional"
+     format DER encoded private key. Newer code should use PKCS#8 format which
+     has the key type encoded in the ASN1 structure. Added DER private key
+     support to pkcs8 application.
+     [Steve Henson]
+
+  *) SSL 3/TLS 1 servers now don't request certificates when an anonymous
+     ciphersuites has been selected (as required by the SSL 3/TLS 1
+     specifications).  Exception: When SSL_VERIFY_FAIL_IF_NO_PEER_CERT
+     is set, we interpret this as a request to violate the specification
+     (the worst that can happen is a handshake failure, and 'correct'
+     behaviour would result in a handshake failure anyway).
+     [Bodo Moeller]
+
+  *) In SSL_CTX_add_session, take into account that there might be multiple
+     SSL_SESSION structures with the same session ID (e.g. when two threads
+     concurrently obtain them from an external cache).
+     The internal cache can handle only one SSL_SESSION with a given ID,
+     so if there's a conflict, we now throw out the old one to achieve
+     consistency.
+     [Bodo Moeller]
+
+  *) Add OIDs for idea and blowfish in CBC mode. This will allow both
+     to be used in PKCS#5 v2.0 and S/MIME.  Also add checking to
+     some routines that use cipher OIDs: some ciphers do not have OIDs
+     defined and so they cannot be used for S/MIME and PKCS#5 v2.0 for
+     example.
+     [Steve Henson]
+
+  *) Simplify the trust setting structure and code. Now we just have
+     two sequences of OIDs for trusted and rejected settings. These will
+     typically have values the same as the extended key usage extension
+     and any application specific purposes.
+
+     The trust checking code now has a default behaviour: it will just
+     check for an object with the same NID as the passed id. Functions can
+     be provided to override either the default behaviour or the behaviour
+     for a given id. SSL client, server and email already have functions
+     in place for compatibility: they check the NID and also return "trusted"
+     if the certificate is self signed.
+     [Steve Henson]
+
+  *) Add d2i,i2d bio/fp functions for PrivateKey: these convert the
+     traditional format into an EVP_PKEY structure.
+     [Steve Henson]
+
+  *) Add a password callback function PEM_cb() which either prompts for
+     a password if usr_data is NULL or otherwise assumes it is a null
+     terminated password. Allow passwords to be passed on command line
+     environment or config files in a few more utilities.
+     [Steve Henson]
+
+  *) Add a bunch of DER and PEM functions to handle PKCS#8 format private
+     keys. Add some short names for PKCS#8 PBE algorithms and allow them
+     to be specified on the command line for the pkcs8 and pkcs12 utilities.
+     Update documentation.
+     [Steve Henson]
+
+  *) Support for ASN1 "NULL" type. This could be handled before by using
+     ASN1_TYPE but there wasn't any function that would try to read a NULL
+     and produce an error if it couldn't. For compatibility we also have
+     ASN1_NULL_new() and ASN1_NULL_free() functions but these are faked and
+     don't allocate anything because they don't need to.
+     [Steve Henson]
+
+  *) Initial support for MacOS is now provided. Examine INSTALL.MacOS
+     for details.
+     [Andy Polyakov, Roy Woods <roy at centicsystems.ca>]
+
+  *) Rebuild of the memory allocation routines used by OpenSSL code and
+     possibly others as well.  The purpose is to make an interface that
+     provide hooks so anyone can build a separate set of allocation and
+     deallocation routines to be used by OpenSSL, for example memory
+     pool implementations, or something else, which was previously hard
+     since Malloc(), Realloc() and Free() were defined as macros having
+     the values malloc, realloc and free, respectively (except for Win32
+     compilations).  The same is provided for memory debugging code.
+     OpenSSL already comes with functionality to find memory leaks, but
+     this gives people a chance to debug other memory problems.
+
+     With these changes, a new set of functions and macros have appeared:
+
+       CRYPTO_set_mem_debug_functions()	        [F]
+       CRYPTO_get_mem_debug_functions()         [F]
+       CRYPTO_dbg_set_options()	                [F]
+       CRYPTO_dbg_get_options()                 [F]
+       CRYPTO_malloc_debug_init()               [M]
+
+     The memory debug functions are NULL by default, unless the library
+     is compiled with CRYPTO_MDEBUG or friends is defined.  If someone
+     wants to debug memory anyway, CRYPTO_malloc_debug_init() (which
+     gives the standard debugging functions that come with OpenSSL) or
+     CRYPTO_set_mem_debug_functions() (tells OpenSSL to use functions
+     provided by the library user) must be used.  When the standard
+     debugging functions are used, CRYPTO_dbg_set_options can be used to
+     request additional information:
+     CRYPTO_dbg_set_options(V_CYRPTO_MDEBUG_xxx) corresponds to setting
+     the CRYPTO_MDEBUG_xxx macro when compiling the library.   
+
+     Also, things like CRYPTO_set_mem_functions will always give the
+     expected result (the new set of functions is used for allocation
+     and deallocation) at all times, regardless of platform and compiler
+     options.
+
+     To finish it up, some functions that were never use in any other
+     way than through macros have a new API and new semantic:
+
+       CRYPTO_dbg_malloc()
+       CRYPTO_dbg_realloc()
+       CRYPTO_dbg_free()
+
+     All macros of value have retained their old syntax.
+     [Richard Levitte and Bodo Moeller]
+
+  *) Some S/MIME fixes. The OID for SMIMECapabilities was wrong, the
+     ordering of SMIMECapabilities wasn't in "strength order" and there
+     was a missing NULL in the AlgorithmIdentifier for the SHA1 signature
+     algorithm.
+     [Steve Henson]
+
+  *) Some ASN1 types with illegal zero length encoding (INTEGER,
+     ENUMERATED and OBJECT IDENTIFIER) choked the ASN1 routines.
+     [Frans Heymans <fheymans at isaserver.be>, modified by Steve Henson]
+
+  *) Merge in my S/MIME library for OpenSSL. This provides a simple
+     S/MIME API on top of the PKCS#7 code, a MIME parser (with enough
+     functionality to handle multipart/signed properly) and a utility
+     called 'smime' to call all this stuff. This is based on code I
+     originally wrote for Celo who have kindly allowed it to be
+     included in OpenSSL.
+     [Steve Henson]
+
+  *) Add variants des_set_key_checked and des_set_key_unchecked of
+     des_set_key (aka des_key_sched).  Global variable des_check_key
+     decides which of these is called by des_set_key; this way
+     des_check_key behaves as it always did, but applications and
+     the library itself, which was buggy for des_check_key == 1,
+     have a cleaner way to pick the version they need.
+     [Bodo Moeller]
+
+  *) New function PKCS12_newpass() which changes the password of a
+     PKCS12 structure.
+     [Steve Henson]
+
+  *) Modify X509_TRUST and X509_PURPOSE so it also uses a static and
+     dynamic mix. In both cases the ids can be used as an index into the
+     table. Also modified the X509_TRUST_add() and X509_PURPOSE_add()
+     functions so they accept a list of the field values and the
+     application doesn't need to directly manipulate the X509_TRUST
+     structure.
+     [Steve Henson]
+
+  *) Modify the ASN1_STRING_TABLE stuff so it also uses bsearch and doesn't
+     need initialising.
+     [Steve Henson]
+
+  *) Modify the way the V3 extension code looks up extensions. This now
+     works in a similar way to the object code: we have some "standard"
+     extensions in a static table which is searched with OBJ_bsearch()
+     and the application can add dynamic ones if needed. The file
+     crypto/x509v3/ext_dat.h now has the info: this file needs to be
+     updated whenever a new extension is added to the core code and kept
+     in ext_nid order. There is a simple program 'tabtest.c' which checks
+     this. New extensions are not added too often so this file can readily
+     be maintained manually.
+
+     There are two big advantages in doing things this way. The extensions
+     can be looked up immediately and no longer need to be "added" using
+     X509V3_add_standard_extensions(): this function now does nothing.
+     [Side note: I get *lots* of email saying the extension code doesn't
+      work because people forget to call this function]
+     Also no dynamic allocation is done unless new extensions are added:
+     so if we don't add custom extensions there is no need to call
+     X509V3_EXT_cleanup().
+     [Steve Henson]
+
+  *) Modify enc utility's salting as follows: make salting the default. Add a
+     magic header, so unsalted files fail gracefully instead of just decrypting
+     to garbage. This is because not salting is a big security hole, so people
+     should be discouraged from doing it.
+     [Ben Laurie]
+
+  *) Fixes and enhancements to the 'x509' utility. It allowed a message
+     digest to be passed on the command line but it only used this
+     parameter when signing a certificate. Modified so all relevant
+     operations are affected by the digest parameter including the
+     -fingerprint and -x509toreq options. Also -x509toreq choked if a
+     DSA key was used because it didn't fix the digest.
+     [Steve Henson]
+
+  *) Initial certificate chain verify code. Currently tests the untrusted
+     certificates for consistency with the verify purpose (which is set
+     when the X509_STORE_CTX structure is set up) and checks the pathlength.
+
+     There is a NO_CHAIN_VERIFY compilation option to keep the old behaviour:
+     this is because it will reject chains with invalid extensions whereas
+     every previous version of OpenSSL and SSLeay made no checks at all.
+
+     Trust code: checks the root CA for the relevant trust settings. Trust
+     settings have an initial value consistent with the verify purpose: e.g.
+     if the verify purpose is for SSL client use it expects the CA to be
+     trusted for SSL client use. However the default value can be changed to
+     permit custom trust settings: one example of this would be to only trust
+     certificates from a specific "secure" set of CAs.
+
+     Also added X509_STORE_CTX_new() and X509_STORE_CTX_free() functions
+     which should be used for version portability: especially since the
+     verify structure is likely to change more often now.
+
+     SSL integration. Add purpose and trust to SSL_CTX and SSL and functions
+     to set them. If not set then assume SSL clients will verify SSL servers
+     and vice versa.
+
+     Two new options to the verify program: -untrusted allows a set of
+     untrusted certificates to be passed in and -purpose which sets the
+     intended purpose of the certificate. If a purpose is set then the
+     new chain verify code is used to check extension consistency.
+     [Steve Henson]
+
+  *) Support for the authority information access extension.
+     [Steve Henson]
+
+  *) Modify RSA and DSA PEM read routines to transparently handle
+     PKCS#8 format private keys. New *_PUBKEY_* functions that handle
+     public keys in a format compatible with certificate
+     SubjectPublicKeyInfo structures. Unfortunately there were already
+     functions called *_PublicKey_* which used various odd formats so
+     these are retained for compatibility: however the DSA variants were
+     never in a public release so they have been deleted. Changed dsa/rsa
+     utilities to handle the new format: note no releases ever handled public
+     keys so we should be OK.
+
+     The primary motivation for this change is to avoid the same fiasco
+     that dogs private keys: there are several incompatible private key
+     formats some of which are standard and some OpenSSL specific and
+     require various evil hacks to allow partial transparent handling and
+     even then it doesn't work with DER formats. Given the option anything
+     other than PKCS#8 should be dumped: but the other formats have to
+     stay in the name of compatibility.
+
+     With public keys and the benefit of hindsight one standard format 
+     is used which works with EVP_PKEY, RSA or DSA structures: though
+     it clearly returns an error if you try to read the wrong kind of key.
+
+     Added a -pubkey option to the 'x509' utility to output the public key.
+     Also rename the EVP_PKEY_get_*() to EVP_PKEY_rget_*()
+     (renamed to EVP_PKEY_get1_*() in the OpenSSL 0.9.5 release) and add
+     EVP_PKEY_rset_*() functions (renamed to EVP_PKEY_set1_*())
+     that do the same as the EVP_PKEY_assign_*() except they up the
+     reference count of the added key (they don't "swallow" the
+     supplied key).
+     [Steve Henson]
+
+  *) Fixes to crypto/x509/by_file.c the code to read in certificates and
+     CRLs would fail if the file contained no certificates or no CRLs:
+     added a new function to read in both types and return the number
+     read: this means that if none are read it will be an error. The
+     DER versions of the certificate and CRL reader would always fail
+     because it isn't possible to mix certificates and CRLs in DER format
+     without choking one or the other routine. Changed this to just read
+     a certificate: this is the best we can do. Also modified the code
+     in apps/verify.c to take notice of return codes: it was previously
+     attempting to read in certificates from NULL pointers and ignoring
+     any errors: this is one reason why the cert and CRL reader seemed
+     to work. It doesn't check return codes from the default certificate
+     routines: these may well fail if the certificates aren't installed.
+     [Steve Henson]
+
+  *) Code to support otherName option in GeneralName.
+     [Steve Henson]
+
+  *) First update to verify code. Change the verify utility
+     so it warns if it is passed a self signed certificate:
+     for consistency with the normal behaviour. X509_verify
+     has been modified to it will now verify a self signed
+     certificate if *exactly* the same certificate appears
+     in the store: it was previously impossible to trust a
+     single self signed certificate. This means that:
+     openssl verify ss.pem
+     now gives a warning about a self signed certificate but
+     openssl verify -CAfile ss.pem ss.pem
+     is OK.
+     [Steve Henson]
+
+  *) For servers, store verify_result in SSL_SESSION data structure
+     (and add it to external session representation).
+     This is needed when client certificate verifications fails,
+     but an application-provided verification callback (set by
+     SSL_CTX_set_cert_verify_callback) allows accepting the session
+     anyway (i.e. leaves x509_store_ctx->error != X509_V_OK
+     but returns 1): When the session is reused, we have to set
+     ssl->verify_result to the appropriate error code to avoid
+     security holes.
+     [Bodo Moeller, problem pointed out by Lutz Jaenicke]
+
+  *) Fix a bug in the new PKCS#7 code: it didn't consider the
+     case in PKCS7_dataInit() where the signed PKCS7 structure
+     didn't contain any existing data because it was being created.
+     [Po-Cheng Chen <pocheng at nst.com.tw>, slightly modified by Steve Henson]
+
+  *) Add a salt to the key derivation routines in enc.c. This
+     forms the first 8 bytes of the encrypted file. Also add a
+     -S option to allow a salt to be input on the command line.
+     [Steve Henson]
+
+  *) New function X509_cmp(). Oddly enough there wasn't a function
+     to compare two certificates. We do this by working out the SHA1
+     hash and comparing that. X509_cmp() will be needed by the trust
+     code.
+     [Steve Henson]
+
+  *) SSL_get1_session() is like SSL_get_session(), but increments
+     the reference count in the SSL_SESSION returned.
+     [Geoff Thorpe <geoff at eu.c2.net>]
+
+  *) Fix for 'req': it was adding a null to request attributes.
+     Also change the X509_LOOKUP and X509_INFO code to handle
+     certificate auxiliary information.
+     [Steve Henson]
+
+  *) Add support for 40 and 64 bit RC2 and RC4 algorithms: document
+     the 'enc' command.
+     [Steve Henson]
+
+  *) Add the possibility to add extra information to the memory leak
+     detecting output, to form tracebacks, showing from where each
+     allocation was originated: CRYPTO_push_info("constant string") adds
+     the string plus current file name and line number to a per-thread
+     stack, CRYPTO_pop_info() does the obvious, CRYPTO_remove_all_info()
+     is like calling CYRPTO_pop_info() until the stack is empty.
+     Also updated memory leak detection code to be multi-thread-safe.
+     [Richard Levitte]
+
+  *) Add options -text and -noout to pkcs7 utility and delete the
+     encryption options which never did anything. Update docs.
+     [Steve Henson]
+
+  *) Add options to some of the utilities to allow the pass phrase
+     to be included on either the command line (not recommended on
+     OSes like Unix) or read from the environment. Update the
+     manpages and fix a few bugs.
+     [Steve Henson]
+
+  *) Add a few manpages for some of the openssl commands.
+     [Steve Henson]
+
+  *) Fix the -revoke option in ca. It was freeing up memory twice,
+     leaking and not finding already revoked certificates.
+     [Steve Henson]
+
+  *) Extensive changes to support certificate auxiliary information.
+     This involves the use of X509_CERT_AUX structure and X509_AUX
+     functions. An X509_AUX function such as PEM_read_X509_AUX()
+     can still read in a certificate file in the usual way but it
+     will also read in any additional "auxiliary information". By
+     doing things this way a fair degree of compatibility can be
+     retained: existing certificates can have this information added
+     using the new 'x509' options. 
+
+     Current auxiliary information includes an "alias" and some trust
+     settings. The trust settings will ultimately be used in enhanced
+     certificate chain verification routines: currently a certificate
+     can only be trusted if it is self signed and then it is trusted
+     for all purposes.
+     [Steve Henson]
+
+  *) Fix assembler for Alpha (tested only on DEC OSF not Linux or *BSD).
+     The problem was that one of the replacement routines had not been working
+     since SSLeay releases.  For now the offending routine has been replaced
+     with non-optimised assembler.  Even so, this now gives around 95%
+     performance improvement for 1024 bit RSA signs.
+     [Mark Cox]
+
+  *) Hack to fix PKCS#7 decryption when used with some unorthodox RC2 
+     handling. Most clients have the effective key size in bits equal to
+     the key length in bits: so a 40 bit RC2 key uses a 40 bit (5 byte) key.
+     A few however don't do this and instead use the size of the decrypted key
+     to determine the RC2 key length and the AlgorithmIdentifier to determine
+     the effective key length. In this case the effective key length can still
+     be 40 bits but the key length can be 168 bits for example. This is fixed
+     by manually forcing an RC2 key into the EVP_PKEY structure because the
+     EVP code can't currently handle unusual RC2 key sizes: it always assumes
+     the key length and effective key length are equal.
+     [Steve Henson]
+
+  *) Add a bunch of functions that should simplify the creation of 
+     X509_NAME structures. Now you should be able to do:
+     X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC, "Steve", -1, -1, 0);
+     and have it automatically work out the correct field type and fill in
+     the structures. The more adventurous can try:
+     X509_NAME_add_entry_by_txt(nm, field, MBSTRING_UTF8, str, -1, -1, 0);
+     and it will (hopefully) work out the correct multibyte encoding.
+     [Steve Henson]
+
+  *) Change the 'req' utility to use the new field handling and multibyte
+     copy routines. Before the DN field creation was handled in an ad hoc
+     way in req, ca, and x509 which was rather broken and didn't support
+     BMPStrings or UTF8Strings. Since some software doesn't implement
+     BMPStrings or UTF8Strings yet, they can be enabled using the config file
+     using the dirstring_type option. See the new comment in the default
+     openssl.cnf for more info.
+     [Steve Henson]
+
+  *) Make crypto/rand/md_rand.c more robust:
+     - Assure unique random numbers after fork().
+     - Make sure that concurrent threads access the global counter and
+       md serializably so that we never lose entropy in them
+       or use exactly the same state in multiple threads.
+       Access to the large state is not always serializable because
+       the additional locking could be a performance killer, and
+       md should be large enough anyway.
+     [Bodo Moeller]
+
+  *) New file apps/app_rand.c with commonly needed functionality
+     for handling the random seed file.
+
+     Use the random seed file in some applications that previously did not:
+          ca,
+          dsaparam -genkey (which also ignored its '-rand' option), 
+          s_client,
+          s_server,
+          x509 (when signing).
+     Except on systems with /dev/urandom, it is crucial to have a random
+     seed file at least for key creation, DSA signing, and for DH exchanges;
+     for RSA signatures we could do without one.
+
+     gendh and gendsa (unlike genrsa) used to read only the first byte
+     of each file listed in the '-rand' option.  The function as previously
+     found in genrsa is now in app_rand.c and is used by all programs
+     that support '-rand'.
+     [Bodo Moeller]
+
+  *) In RAND_write_file, use mode 0600 for creating files;
+     don't just chmod when it may be too late.
+     [Bodo Moeller]
+
+  *) Report an error from X509_STORE_load_locations
+     when X509_LOOKUP_load_file or X509_LOOKUP_add_dir failed.
+     [Bill Perry]
+
+  *) New function ASN1_mbstring_copy() this copies a string in either
+     ASCII, Unicode, Universal (4 bytes per character) or UTF8 format
+     into an ASN1_STRING type. A mask of permissible types is passed
+     and it chooses the "minimal" type to use or an error if not type
+     is suitable.
+     [Steve Henson]
+
+  *) Add function equivalents to the various macros in asn1.h. The old
+     macros are retained with an M_ prefix. Code inside the library can
+     use the M_ macros. External code (including the openssl utility)
+     should *NOT* in order to be "shared library friendly".
+     [Steve Henson]
+
+  *) Add various functions that can check a certificate's extensions
+     to see if it usable for various purposes such as SSL client,
+     server or S/MIME and CAs of these types. This is currently 
+     VERY EXPERIMENTAL but will ultimately be used for certificate chain
+     verification. Also added a -purpose flag to x509 utility to
+     print out all the purposes.
+     [Steve Henson]
+
+  *) Add a CRYPTO_EX_DATA to X509 certificate structure and associated
+     functions.
+     [Steve Henson]
+
+  *) New X509V3_{X509,CRL,REVOKED}_get_d2i() functions. These will search
+     for, obtain and decode and extension and obtain its critical flag.
+     This allows all the necessary extension code to be handled in a
+     single function call.
+     [Steve Henson]
+
+  *) RC4 tune-up featuring 30-40% performance improvement on most RISC
+     platforms. See crypto/rc4/rc4_enc.c for further details.
+     [Andy Polyakov]
+
+  *) New -noout option to asn1parse. This causes no output to be produced
+     its main use is when combined with -strparse and -out to extract data
+     from a file (which may not be in ASN.1 format).
+     [Steve Henson]
+
+  *) Fix for pkcs12 program. It was hashing an invalid certificate pointer
+     when producing the local key id.
+     [Richard Levitte <levitte at stacken.kth.se>]
+
+  *) New option -dhparam in s_server. This allows a DH parameter file to be
+     stated explicitly. If it is not stated then it tries the first server
+     certificate file. The previous behaviour hard coded the filename
+     "server.pem".
+     [Steve Henson]
+
+  *) Add -pubin and -pubout options to the rsa and dsa commands. These allow
+     a public key to be input or output. For example:
+     openssl rsa -in key.pem -pubout -out pubkey.pem
+     Also added necessary DSA public key functions to handle this.
+     [Steve Henson]
+
+  *) Fix so PKCS7_dataVerify() doesn't crash if no certificates are contained
+     in the message. This was handled by allowing
+     X509_find_by_issuer_and_serial() to tolerate a NULL passed to it.
+     [Steve Henson, reported by Sampo Kellomaki <sampo at mail.neuronio.pt>]
+
+  *) Fix for bug in d2i_ASN1_bytes(): other ASN1 functions add an extra null
+     to the end of the strings whereas this didn't. This would cause problems
+     if strings read with d2i_ASN1_bytes() were later modified.
+     [Steve Henson, reported by Arne Ansper <arne at ats.cyber.ee>]
+
+  *) Fix for base64 decode bug. When a base64 bio reads only one line of
+     data and it contains EOF it will end up returning an error. This is
+     caused by input 46 bytes long. The cause is due to the way base64
+     BIOs find the start of base64 encoded data. They do this by trying a
+     trial decode on each line until they find one that works. When they
+     do a flag is set and it starts again knowing it can pass all the
+     data directly through the decoder. Unfortunately it doesn't reset
+     the context it uses. This means that if EOF is reached an attempt
+     is made to pass two EOFs through the context and this causes the
+     resulting error. This can also cause other problems as well. As is
+     usual with these problems it takes *ages* to find and the fix is
+     trivial: move one line.
+     [Steve Henson, reported by ian at uns.ns.ac.yu (Ivan Nejgebauer) ]
+
+  *) Ugly workaround to get s_client and s_server working under Windows. The
+     old code wouldn't work because it needed to select() on sockets and the
+     tty (for keypresses and to see if data could be written). Win32 only
+     supports select() on sockets so we select() with a 1s timeout on the
+     sockets and then see if any characters are waiting to be read, if none
+     are present then we retry, we also assume we can always write data to
+     the tty. This isn't nice because the code then blocks until we've
+     received a complete line of data and it is effectively polling the
+     keyboard at 1s intervals: however it's quite a bit better than not
+     working at all :-) A dedicated Windows application might handle this
+     with an event loop for example.
+     [Steve Henson]
+
+  *) Enhance RSA_METHOD structure. Now there are two extra methods, rsa_sign
+     and rsa_verify. When the RSA_FLAGS_SIGN_VER option is set these functions
+     will be called when RSA_sign() and RSA_verify() are used. This is useful
+     if rsa_pub_dec() and rsa_priv_enc() equivalents are not available.
+     For this to work properly RSA_public_decrypt() and RSA_private_encrypt()
+     should *not* be used: RSA_sign() and RSA_verify() must be used instead.
+     This necessitated the support of an extra signature type NID_md5_sha1
+     for SSL signatures and modifications to the SSL library to use it instead
+     of calling RSA_public_decrypt() and RSA_private_encrypt().
+     [Steve Henson]
+
+  *) Add new -verify -CAfile and -CApath options to the crl program, these
+     will lookup a CRL issuers certificate and verify the signature in a
+     similar way to the verify program. Tidy up the crl program so it
+     no longer accesses structures directly. Make the ASN1 CRL parsing a bit
+     less strict. It will now permit CRL extensions even if it is not
+     a V2 CRL: this will allow it to tolerate some broken CRLs.
+     [Steve Henson]
+
+  *) Initialize all non-automatic variables each time one of the openssl
+     sub-programs is started (this is necessary as they may be started
+     multiple times from the "OpenSSL>" prompt).
+     [Lennart Bang, Bodo Moeller]
+
+  *) Preliminary compilation option RSA_NULL which disables RSA crypto without
+     removing all other RSA functionality (this is what NO_RSA does). This
+     is so (for example) those in the US can disable those operations covered
+     by the RSA patent while allowing storage and parsing of RSA keys and RSA
+     key generation.
+     [Steve Henson]
+
+  *) Non-copying interface to BIO pairs.
+     (still largely untested)
+     [Bodo Moeller]
+
+  *) New function ANS1_tag2str() to convert an ASN1 tag to a descriptive
+     ASCII string. This was handled independently in various places before.
+     [Steve Henson]
+
+  *) New functions UTF8_getc() and UTF8_putc() that parse and generate
+     UTF8 strings a character at a time.
+     [Steve Henson]
+
+  *) Use client_version from client hello to select the protocol
+     (s23_srvr.c) and for RSA client key exchange verification
+     (s3_srvr.c), as required by the SSL 3.0/TLS 1.0 specifications.
+     [Bodo Moeller]
+
+  *) Add various utility functions to handle SPKACs, these were previously
+     handled by poking round in the structure internals. Added new function
+     NETSCAPE_SPKI_print() to print out SPKAC and a new utility 'spkac' to
+     print, verify and generate SPKACs. Based on an original idea from
+     Massimiliano Pala <madwolf at comune.modena.it> but extensively modified.
+     [Steve Henson]
+
+  *) RIPEMD160 is operational on all platforms and is back in 'make test'.
+     [Andy Polyakov]
+
+  *) Allow the config file extension section to be overwritten on the
+     command line. Based on an original idea from Massimiliano Pala
+     <madwolf at comune.modena.it>. The new option is called -extensions
+     and can be applied to ca, req and x509. Also -reqexts to override
+     the request extensions in req and -crlexts to override the crl extensions
+     in ca.
+     [Steve Henson]
+
+  *) Add new feature to the SPKAC handling in ca.  Now you can include
+     the same field multiple times by preceding it by "XXXX." for example:
+     1.OU="Unit name 1"
+     2.OU="Unit name 2"
+     this is the same syntax as used in the req config file.
+     [Steve Henson]
+
+  *) Allow certificate extensions to be added to certificate requests. These
+     are specified in a 'req_extensions' option of the req section of the
+     config file. They can be printed out with the -text option to req but
+     are otherwise ignored at present.
+     [Steve Henson]
+
+  *) Fix a horrible bug in enc_read() in crypto/evp/bio_enc.c: if the first
+     data read consists of only the final block it would not decrypted because
+     EVP_CipherUpdate() would correctly report zero bytes had been decrypted.
+     A misplaced 'break' also meant the decrypted final block might not be
+     copied until the next read.
+     [Steve Henson]
+
+  *) Initial support for DH_METHOD. Again based on RSA_METHOD. Also added
+     a few extra parameters to the DH structure: these will be useful if
+     for example we want the value of 'q' or implement X9.42 DH.
+     [Steve Henson]
+
+  *) Initial support for DSA_METHOD. This is based on the RSA_METHOD and
+     provides hooks that allow the default DSA functions or functions on a
+     "per key" basis to be replaced. This allows hardware acceleration and
+     hardware key storage to be handled without major modification to the
+     library. Also added low level modexp hooks and CRYPTO_EX structure and 
+     associated functions.
+     [Steve Henson]
+
+  *) Add a new flag to memory BIOs, BIO_FLAG_MEM_RDONLY. This marks the BIO
+     as "read only": it can't be written to and the buffer it points to will
+     not be freed. Reading from a read only BIO is much more efficient than
+     a normal memory BIO. This was added because there are several times when
+     an area of memory needs to be read from a BIO. The previous method was
+     to create a memory BIO and write the data to it, this results in two
+     copies of the data and an O(n^2) reading algorithm. There is a new
+     function BIO_new_mem_buf() which creates a read only memory BIO from
+     an area of memory. Also modified the PKCS#7 routines to use read only
+     memory BIOs.
+     [Steve Henson]
+
+  *) Bugfix: ssl23_get_client_hello did not work properly when called in
+     state SSL23_ST_SR_CLNT_HELLO_B, i.e. when the first 7 bytes of
+     a SSLv2-compatible client hello for SSLv3 or TLSv1 could be read,
+     but a retry condition occured while trying to read the rest.
+     [Bodo Moeller]
+
+  *) The PKCS7_ENC_CONTENT_new() function was setting the content type as
+     NID_pkcs7_encrypted by default: this was wrong since this should almost
+     always be NID_pkcs7_data. Also modified the PKCS7_set_type() to handle
+     the encrypted data type: this is a more sensible place to put it and it
+     allows the PKCS#12 code to be tidied up that duplicated this
+     functionality.
+     [Steve Henson]
+
+  *) Changed obj_dat.pl script so it takes its input and output files on
+     the command line. This should avoid shell escape redirection problems
+     under Win32.
+     [Steve Henson]
+
+  *) Initial support for certificate extension requests, these are included
+     in things like Xenroll certificate requests. Included functions to allow
+     extensions to be obtained and added.
+     [Steve Henson]
+
+  *) -crlf option to s_client and s_server for sending newlines as
+     CRLF (as required by many protocols).
+     [Bodo Moeller]
+
+ Changes between 0.9.3a and 0.9.4  [09 Aug 1999]
+  
+  *) Install libRSAglue.a when OpenSSL is built with RSAref.
+     [Ralf S. Engelschall]
+
+  *) A few more ``#ifndef NO_FP_API / #endif'' pairs for consistency.
+     [Andrija Antonijevic <TheAntony2 at bigfoot.com>]
+
+  *) Fix -startdate and -enddate (which was missing) arguments to 'ca'
+     program.
+     [Steve Henson]
+
+  *) New function DSA_dup_DH, which duplicates DSA parameters/keys as
+     DH parameters/keys (q is lost during that conversion, but the resulting
+     DH parameters contain its length).
+
+     For 1024-bit p, DSA_generate_parameters followed by DSA_dup_DH is
+     much faster than DH_generate_parameters (which creates parameters
+     where p = 2*q + 1), and also the smaller q makes DH computations
+     much more efficient (160-bit exponentiation instead of 1024-bit
+     exponentiation); so this provides a convenient way to support DHE
+     ciphersuites in SSL/TLS servers (see ssl/ssltest.c).  It is of
+     utter importance to use
+         SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
+     or
+         SSL_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
+     when such DH parameters are used, because otherwise small subgroup
+     attacks may become possible!
+     [Bodo Moeller]
+
+  *) Avoid memory leak in i2d_DHparams.
+     [Bodo Moeller]
+
+  *) Allow the -k option to be used more than once in the enc program:
+     this allows the same encrypted message to be read by multiple recipients.
+     [Steve Henson]
+
+  *) New function OBJ_obj2txt(buf, buf_len, a, no_name), this converts
+     an ASN1_OBJECT to a text string. If the "no_name" parameter is set then
+     it will always use the numerical form of the OID, even if it has a short
+     or long name.
+     [Steve Henson]
+
+  *) Added an extra RSA flag: RSA_FLAG_EXT_PKEY. Previously the rsa_mod_exp
+     method only got called if p,q,dmp1,dmq1,iqmp components were present,
+     otherwise bn_mod_exp was called. In the case of hardware keys for example
+     no private key components need be present and it might store extra data
+     in the RSA structure, which cannot be accessed from bn_mod_exp.
+     By setting RSA_FLAG_EXT_PKEY rsa_mod_exp will always be called for
+     private key operations.
+     [Steve Henson]
+
+  *) Added support for SPARC Linux.
+     [Andy Polyakov]
+
+  *) pem_password_cb function type incompatibly changed from
+          typedef int pem_password_cb(char *buf, int size, int rwflag);
+     to
+          ....(char *buf, int size, int rwflag, void *userdata);
+     so that applications can pass data to their callbacks:
+     The PEM[_ASN1]_{read,write}... functions and macros now take an
+     additional void * argument, which is just handed through whenever
+     the password callback is called.
+     [Damien Miller <dmiller at ilogic.com.au>; tiny changes by Bodo Moeller]
+
+     New function SSL_CTX_set_default_passwd_cb_userdata.
+
+     Compatibility note: As many C implementations push function arguments
+     onto the stack in reverse order, the new library version is likely to
+     interoperate with programs that have been compiled with the old
+     pem_password_cb definition (PEM_whatever takes some data that
+     happens to be on the stack as its last argument, and the callback
+     just ignores this garbage); but there is no guarantee whatsoever that
+     this will work.
+
+  *) The -DPLATFORM="\"$(PLATFORM)\"" definition and the similar -DCFLAGS=...
+     (both in crypto/Makefile.ssl for use by crypto/cversion.c) caused
+     problems not only on Windows, but also on some Unix platforms.
+     To avoid problematic command lines, these definitions are now in an
+     auto-generated file crypto/buildinf.h (created by crypto/Makefile.ssl
+     for standard "make" builds, by util/mk1mf.pl for "mk1mf" builds).
+     [Bodo Moeller]
+
+  *) MIPS III/IV assembler module is reimplemented.
+     [Andy Polyakov]
+
+  *) More DES library cleanups: remove references to srand/rand and
+     delete an unused file.
+     [Ulf Möller]
+
+  *) Add support for the the free Netwide assembler (NASM) under Win32,
+     since not many people have MASM (ml) and it can be hard to obtain.
+     This is currently experimental but it seems to work OK and pass all
+     the tests. Check out INSTALL.W32 for info.
+     [Steve Henson]
+
+  *) Fix memory leaks in s3_clnt.c: All non-anonymous SSL3/TLS1 connections
+     without temporary keys kept an extra copy of the server key,
+     and connections with temporary keys did not free everything in case
+     of an error.
+     [Bodo Moeller]
+
+  *) New function RSA_check_key and new openssl rsa option -check
+     for verifying the consistency of RSA keys.
+     [Ulf Moeller, Bodo Moeller]
+
+  *) Various changes to make Win32 compile work: 
+     1. Casts to avoid "loss of data" warnings in p5_crpt2.c
+     2. Change unsigned int to int in b_dump.c to avoid "signed/unsigned
+        comparison" warnings.
+     3. Add sk_<TYPE>_sort to DEF file generator and do make update.
+     [Steve Henson]
+
+  *) Add a debugging option to PKCS#5 v2 key generation function: when
+     you #define DEBUG_PKCS5V2 passwords, salts, iteration counts and
+     derived keys are printed to stderr.
+     [Steve Henson]
+
+  *) Copy the flags in ASN1_STRING_dup().
+     [Roman E. Pavlov <pre at mo.msk.ru>]
+
+  *) The x509 application mishandled signing requests containing DSA
+     keys when the signing key was also DSA and the parameters didn't match.
+
+     It was supposed to omit the parameters when they matched the signing key:
+     the verifying software was then supposed to automatically use the CA's
+     parameters if they were absent from the end user certificate.
+
+     Omitting parameters is no longer recommended. The test was also
+     the wrong way round! This was probably due to unusual behaviour in
+     EVP_cmp_parameters() which returns 1 if the parameters match. 
+     This meant that parameters were omitted when they *didn't* match and
+     the certificate was useless. Certificates signed with 'ca' didn't have
+     this bug.
+     [Steve Henson, reported by Doug Erickson <Doug.Erickson at Part.NET>]
+
+  *) Memory leak checking (-DCRYPTO_MDEBUG) had some problems.
+     The interface is as follows:
+     Applications can use
+         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) aka MemCheck_start(),
+         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) aka MemCheck_stop();
+     "off" is now the default.
+     The library internally uses
+         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) aka MemCheck_off(),
+         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE) aka MemCheck_on()
+     to disable memory-checking temporarily.
+
+     Some inconsistent states that previously were possible (and were
+     even the default) are now avoided.
+
+     -DCRYPTO_MDEBUG_TIME is new and additionally stores the current time
+     with each memory chunk allocated; this is occasionally more helpful
+     than just having a counter.
+
+     -DCRYPTO_MDEBUG_THREAD is also new and adds the thread ID.
+
+     -DCRYPTO_MDEBUG_ALL enables all of the above, plus any future
+     extensions.
+     [Bodo Moeller]
+
+  *) Introduce "mode" for SSL structures (with defaults in SSL_CTX),
+     which largely parallels "options", but is for changing API behaviour,
+     whereas "options" are about protocol behaviour.
+     Initial "mode" flags are:
+
+     SSL_MODE_ENABLE_PARTIAL_WRITE   Allow SSL_write to report success when
+                                     a single record has been written.
+     SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER  Don't insist that SSL_write
+                                     retries use the same buffer location.
+                                     (But all of the contents must be
+                                     copied!)
+     [Bodo Moeller]
+
+  *) Bugfix: SSL_set_options ignored its parameter, only SSL_CTX_set_options
+     worked.
+
+  *) Fix problems with no-hmac etc.
+     [Ulf Möller, pointed out by Brian Wellington <bwelling at tislabs.com>]
+
+  *) New functions RSA_get_default_method(), RSA_set_method() and
+     RSA_get_method(). These allows replacement of RSA_METHODs without having
+     to mess around with the internals of an RSA structure.
+     [Steve Henson]
+
+  *) Fix memory leaks in DSA_do_sign and DSA_is_prime.
+     Also really enable memory leak checks in openssl.c and in some
+     test programs.
+     [Chad C. Mulligan, Bodo Moeller]
+
+  *) Fix a bug in d2i_ASN1_INTEGER() and i2d_ASN1_INTEGER() which can mess
+     up the length of negative integers. This has now been simplified to just
+     store the length when it is first determined and use it later, rather
+     than trying to keep track of where data is copied and updating it to
+     point to the end.
+     [Steve Henson, reported by Brien Wheeler
+      <bwheeler at authentica-security.com>]
+
+  *) Add a new function PKCS7_signatureVerify. This allows the verification
+     of a PKCS#7 signature but with the signing certificate passed to the
+     function itself. This contrasts with PKCS7_dataVerify which assumes the
+     certificate is present in the PKCS#7 structure. This isn't always the
+     case: certificates can be omitted from a PKCS#7 structure and be
+     distributed by "out of band" means (such as a certificate database).
+     [Steve Henson]
+
+  *) Complete the PEM_* macros with DECLARE_PEM versions to replace the
+     function prototypes in pem.h, also change util/mkdef.pl to add the
+     necessary function names. 
+     [Steve Henson]
+
+  *) mk1mf.pl (used by Windows builds) did not properly read the
+     options set by Configure in the top level Makefile, and Configure
+     was not even able to write more than one option correctly.
+     Fixed, now "no-idea no-rc5 -DCRYPTO_MDEBUG" etc. works as intended.
+     [Bodo Moeller]
+
+  *) New functions CONF_load_bio() and CONF_load_fp() to allow a config
+     file to be loaded from a BIO or FILE pointer. The BIO version will
+     for example allow memory BIOs to contain config info.
+     [Steve Henson]
+
+  *) New function "CRYPTO_num_locks" that returns CRYPTO_NUM_LOCKS.
+     Whoever hopes to achieve shared-library compatibility across versions
+     must use this, not the compile-time macro.
+     (Exercise 0.9.4: Which is the minimum library version required by
+     such programs?)
+     Note: All this applies only to multi-threaded programs, others don't
+     need locks.
+     [Bodo Moeller]
+
+  *) Add missing case to s3_clnt.c state machine -- one of the new SSL tests
+     through a BIO pair triggered the default case, i.e.
+     SSLerr(...,SSL_R_UNKNOWN_STATE).
+     [Bodo Moeller]
+
+  *) New "BIO pair" concept (crypto/bio/bss_bio.c) so that applications
+     can use the SSL library even if none of the specific BIOs is
+     appropriate.
+     [Bodo Moeller]
+
+  *) Fix a bug in i2d_DSAPublicKey() which meant it returned the wrong value
+     for the encoded length.
+     [Jeon KyoungHo <khjeon at sds.samsung.co.kr>]
+
+  *) Add initial documentation of the X509V3 functions.
+     [Steve Henson]
+
+  *) Add a new pair of functions PEM_write_PKCS8PrivateKey() and 
+     PEM_write_bio_PKCS8PrivateKey() that are equivalent to
+     PEM_write_PrivateKey() and PEM_write_bio_PrivateKey() but use the more
+     secure PKCS#8 private key format with a high iteration count.
+     [Steve Henson]
+
+  *) Fix determination of Perl interpreter: A perl or perl5
+     _directory_ in $PATH was also accepted as the interpreter.
+     [Ralf S. Engelschall]
+
+  *) Fix demos/sign/sign.c: well there wasn't anything strictly speaking
+     wrong with it but it was very old and did things like calling
+     PEM_ASN1_read() directly and used MD5 for the hash not to mention some
+     unusual formatting.
+     [Steve Henson]
+
+  *) Fix demos/selfsign.c: it used obsolete and deleted functions, changed
+     to use the new extension code.
+     [Steve Henson]
+
+  *) Implement the PEM_read/PEM_write functions in crypto/pem/pem_all.c
+     with macros. This should make it easier to change their form, add extra
+     arguments etc. Fix a few PEM prototypes which didn't have cipher as a
+     constant.
+     [Steve Henson]
+
+  *) Add to configuration table a new entry that can specify an alternative
+     name for unistd.h (for pre-POSIX systems); we need this for NeXTstep,
+     according to Mark Crispin <MRC at Panda.COM>.
+     [Bodo Moeller]
+
+#if 0
+  *) DES CBC did not update the IV. Weird.
+     [Ben Laurie]
+#else
+     des_cbc_encrypt does not update the IV, but des_ncbc_encrypt does.
+     Changing the behaviour of the former might break existing programs --
+     where IV updating is needed, des_ncbc_encrypt can be used.
+#endif
+
+  *) When bntest is run from "make test" it drives bc to check its
+     calculations, as well as internally checking them. If an internal check
+     fails, it needs to cause bc to give a non-zero result or make test carries
+     on without noticing the failure. Fixed.
+     [Ben Laurie]
+
+  *) DES library cleanups.
+     [Ulf Möller]
+
+  *) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be
+     used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit
+     ciphers. NOTE: although the key derivation function has been verified
+     against some published test vectors it has not been extensively tested
+     yet. Added a -v2 "cipher" option to pkcs8 application to allow the use
+     of v2.0.
+     [Steve Henson]
+
+  *) Instead of "mkdir -p", which is not fully portable, use new
+     Perl script "util/mkdir-p.pl".
+     [Bodo Moeller]
+
+  *) Rewrite the way password based encryption (PBE) is handled. It used to
+     assume that the ASN1 AlgorithmIdentifier parameter was a PBEParameter
+     structure. This was true for the PKCS#5 v1.5 and PKCS#12 PBE algorithms
+     but doesn't apply to PKCS#5 v2.0 where it can be something else. Now
+     the 'parameter' field of the AlgorithmIdentifier is passed to the
+     underlying key generation function so it must do its own ASN1 parsing.
+     This has also changed the EVP_PBE_CipherInit() function which now has a
+     'parameter' argument instead of literal salt and iteration count values
+     and the function EVP_PBE_ALGOR_CipherInit() has been deleted.
+     [Steve Henson]
+
+  *) Support for PKCS#5 v1.5 compatible password based encryption algorithms
+     and PKCS#8 functionality. New 'pkcs8' application linked to openssl.
+     Needed to change the PEM_STRING_EVP_PKEY value which was just "PRIVATE
+     KEY" because this clashed with PKCS#8 unencrypted string. Since this
+     value was just used as a "magic string" and not used directly its
+     value doesn't matter.
+     [Steve Henson]
+
+  *) Introduce some semblance of const correctness to BN. Shame C doesn't
+     support mutable.
+     [Ben Laurie]
+
+  *) "linux-sparc64" configuration (ultrapenguin).
+     [Ray Miller <ray.miller at oucs.ox.ac.uk>]
+     "linux-sparc" configuration.
+     [Christian Forster <fo at hawo.stw.uni-erlangen.de>]
+
+  *) config now generates no-xxx options for missing ciphers.
+     [Ulf Möller]
+
+  *) Support the EBCDIC character set (work in progress).
+     File ebcdic.c not yet included because it has a different license.
+     [Martin Kraemer <Martin.Kraemer at MchP.Siemens.De>]
+
+  *) Support BS2000/OSD-POSIX.
+     [Martin Kraemer <Martin.Kraemer at MchP.Siemens.De>]
+
+  *) Make callbacks for key generation use void * instead of char *.
+     [Ben Laurie]
+
+  *) Make S/MIME samples compile (not yet tested).
+     [Ben Laurie]
+
+  *) Additional typesafe stacks.
+     [Ben Laurie]
+
+  *) New configuration variants "bsdi-elf-gcc" (BSD/OS 4.x).
+     [Bodo Moeller]
+
+
+ Changes between 0.9.3 and 0.9.3a  [29 May 1999]
+
+  *) New configuration variant "sco5-gcc".
+
+  *) Updated some demos.
+     [Sean O Riordain, Wade Scholine]
+
+  *) Add missing BIO_free at exit of pkcs12 application.
+     [Wu Zhigang]
+
+  *) Fix memory leak in conf.c.
+     [Steve Henson]
+
+  *) Updates for Win32 to assembler version of MD5.
+     [Steve Henson]
+
+  *) Set #! path to perl in apps/der_chop to where we found it
+     instead of using a fixed path.
+     [Bodo Moeller]
+
+  *) SHA library changes for irix64-mips4-cc.
+     [Andy Polyakov]
+
+  *) Improvements for VMS support.
+     [Richard Levitte]
+
+
+ Changes between 0.9.2b and 0.9.3  [24 May 1999]
+
+  *) Bignum library bug fix. IRIX 6 passes "make test" now!
+     This also avoids the problems with SC4.2 and unpatched SC5.  
+     [Andy Polyakov <appro at fy.chalmers.se>]
+
+  *) New functions sk_num, sk_value and sk_set to replace the previous macros.
+     These are required because of the typesafe stack would otherwise break 
+     existing code. If old code used a structure member which used to be STACK
+     and is now STACK_OF (for example cert in a PKCS7_SIGNED structure) with
+     sk_num or sk_value it would produce an error because the num, data members
+     are not present in STACK_OF. Now it just produces a warning. sk_set
+     replaces the old method of assigning a value to sk_value
+     (e.g. sk_value(x, i) = y) which the library used in a few cases. Any code
+     that does this will no longer work (and should use sk_set instead) but
+     this could be regarded as a "questionable" behaviour anyway.
+     [Steve Henson]
+
+  *) Fix most of the other PKCS#7 bugs. The "experimental" code can now
+     correctly handle encrypted S/MIME data.
+     [Steve Henson]
+
+  *) Change type of various DES function arguments from des_cblock
+     (which means, in function argument declarations, pointer to char)
+     to des_cblock * (meaning pointer to array with 8 char elements),
+     which allows the compiler to do more typechecking; it was like
+     that back in SSLeay, but with lots of ugly casts.
+
+     Introduce new type const_des_cblock.
+     [Bodo Moeller]
+
+  *) Reorganise the PKCS#7 library and get rid of some of the more obvious
+     problems: find RecipientInfo structure that matches recipient certificate
+     and initialise the ASN1 structures properly based on passed cipher.
+     [Steve Henson]
+
+  *) Belatedly make the BN tests actually check the results.
+     [Ben Laurie]
+
+  *) Fix the encoding and decoding of negative ASN1 INTEGERS and conversion
+     to and from BNs: it was completely broken. New compilation option
+     NEG_PUBKEY_BUG to allow for some broken certificates that encode public
+     key elements as negative integers.
+     [Steve Henson]
+
+  *) Reorganize and speed up MD5.
+     [Andy Polyakov <appro at fy.chalmers.se>]
+
+  *) VMS support.
+     [Richard Levitte <richard at levitte.org>]
+
+  *) New option -out to asn1parse to allow the parsed structure to be
+     output to a file. This is most useful when combined with the -strparse
+     option to examine the output of things like OCTET STRINGS.
+     [Steve Henson]
+
+  *) Make SSL library a little more fool-proof by not requiring any longer
+     that SSL_set_{accept,connect}_state be called before
+     SSL_{accept,connect} may be used (SSL_set_..._state is omitted
+     in many applications because usually everything *appeared* to work as
+     intended anyway -- now it really works as intended).
+     [Bodo Moeller]
+
+  *) Move openssl.cnf out of lib/.
+     [Ulf Möller]
+
+  *) Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall
+     -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes
+     -Wmissing-declarations -Wnested-externs -Winline'' with EGCS 1.1.2+ 
+     [Ralf S. Engelschall]
+
+  *) Various fixes to the EVP and PKCS#7 code. It may now be able to
+     handle PKCS#7 enveloped data properly.
+     [Sebastian Akerman <sak at parallelconsulting.com>, modified by Steve]
+
+  *) Create a duplicate of the SSL_CTX's CERT in SSL_new instead of
+     copying pointers.  The cert_st handling is changed by this in
+     various ways (and thus what used to be known as ctx->default_cert
+     is now called ctx->cert, since we don't resort to s->ctx->[default_]cert
+     any longer when s->cert does not give us what we need).
+     ssl_cert_instantiate becomes obsolete by this change.
+     As soon as we've got the new code right (possibly it already is?),
+     we have solved a couple of bugs of the earlier code where s->cert
+     was used as if it could not have been shared with other SSL structures.
+
+     Note that using the SSL API in certain dirty ways now will result
+     in different behaviour than observed with earlier library versions:
+     Changing settings for an SSL_CTX *ctx after having done s = SSL_new(ctx)
+     does not influence s as it used to.
+     
+     In order to clean up things more thoroughly, inside SSL_SESSION
+     we don't use CERT any longer, but a new structure SESS_CERT
+     that holds per-session data (if available); currently, this is
+     the peer's certificate chain and, for clients, the server's certificate
+     and temporary key.  CERT holds only those values that can have
+     meaningful defaults in an SSL_CTX.
+     [Bodo Moeller]
+
+  *) New function X509V3_EXT_i2d() to create an X509_EXTENSION structure
+     from the internal representation. Various PKCS#7 fixes: remove some
+     evil casts and set the enc_dig_alg field properly based on the signing
+     key type.
+     [Steve Henson]
+
+  *) Allow PKCS#12 password to be set from the command line or the
+     environment. Let 'ca' get its config file name from the environment
+     variables "OPENSSL_CONF" or "SSLEAY_CONF" (for consistency with 'req'
+     and 'x509').
+     [Steve Henson]
+
+  *) Allow certificate policies extension to use an IA5STRING for the
+     organization field. This is contrary to the PKIX definition but
+     VeriSign uses it and IE5 only recognises this form. Document 'x509'
+     extension option.
+     [Steve Henson]
+
+  *) Add PEDANTIC compiler flag to allow compilation with gcc -pedantic,
+     without disallowing inline assembler and the like for non-pedantic builds.
+     [Ben Laurie]
+
+  *) Support Borland C++ builder.
+     [Janez Jere <jj at void.si>, modified by Ulf Möller]
+
+  *) Support Mingw32.
+     [Ulf Möller]
+
+  *) SHA-1 cleanups and performance enhancements.
+     [Andy Polyakov <appro at fy.chalmers.se>]
+
+  *) Sparc v8plus assembler for the bignum library.
+     [Andy Polyakov <appro at fy.chalmers.se>]
+
+  *) Accept any -xxx and +xxx compiler options in Configure.
+     [Ulf Möller]
+
+  *) Update HPUX configuration.
+     [Anonymous]
+  
+  *) Add missing sk_<type>_unshift() function to safestack.h
+     [Ralf S. Engelschall]
+
+  *) New function SSL_CTX_use_certificate_chain_file that sets the
+     "extra_cert"s in addition to the certificate.  (This makes sense
+     only for "PEM" format files, as chains as a whole are not
+     DER-encoded.)
+     [Bodo Moeller]
+
+  *) Support verify_depth from the SSL API.
+     x509_vfy.c had what can be considered an off-by-one-error:
+     Its depth (which was not part of the external interface)
+     was actually counting the number of certificates in a chain;
+     now it really counts the depth.
+     [Bodo Moeller]
+
+  *) Bugfix in crypto/x509/x509_cmp.c: The SSLerr macro was used
+     instead of X509err, which often resulted in confusing error
+     messages since the error codes are not globally unique
+     (e.g. an alleged error in ssl3_accept when a certificate
+     didn't match the private key).
+
+  *) New function SSL_CTX_set_session_id_context that allows to set a default
+     value (so that you don't need SSL_set_session_id_context for each
+     connection using the SSL_CTX).
+     [Bodo Moeller]
+
+  *) OAEP decoding bug fix.
+     [Ulf Möller]
+
+  *) Support INSTALL_PREFIX for package builders, as proposed by
+     David Harris.
+     [Bodo Moeller]
+
+  *) New Configure options "threads" and "no-threads".  For systems
+     where the proper compiler options are known (currently Solaris
+     and Linux), "threads" is the default.
+     [Bodo Moeller]
+
+  *) New script util/mklink.pl as a faster substitute for util/mklink.sh.
+     [Bodo Moeller]
+
+  *) Install various scripts to $(OPENSSLDIR)/misc, not to
+     $(INSTALLTOP)/bin -- they shouldn't clutter directories
+     such as /usr/local/bin.
+     [Bodo Moeller]
+
+  *) "make linux-shared" to build shared libraries.
+     [Niels Poppe <niels at netbox.org>]
+
+  *) New Configure option no-<cipher> (rsa, idea, rc5, ...).
+     [Ulf Möller]
+
+  *) Add the PKCS#12 API documentation to openssl.txt. Preliminary support for
+     extension adding in x509 utility.
+     [Steve Henson]
+
+  *) Remove NOPROTO sections and error code comments.
+     [Ulf Möller]
+
+  *) Partial rewrite of the DEF file generator to now parse the ANSI
+     prototypes.
+     [Steve Henson]
+
+  *) New Configure options --prefix=DIR and --openssldir=DIR.
+     [Ulf Möller]
+
+  *) Complete rewrite of the error code script(s). It is all now handled
+     by one script at the top level which handles error code gathering,
+     header rewriting and C source file generation. It should be much better
+     than the old method: it now uses a modified version of Ulf's parser to
+     read the ANSI prototypes in all header files (thus the old K&R definitions
+     aren't needed for error creation any more) and do a better job of
+     translating function codes into names. The old 'ASN1 error code imbedded
+     in a comment' is no longer necessary and it doesn't use .err files which
+     have now been deleted. Also the error code call doesn't have to appear all
+     on one line (which resulted in some large lines...).
+     [Steve Henson]
+
+  *) Change #include filenames from <foo.h> to <openssl/foo.h>.
+     [Bodo Moeller]
+
+  *) Change behaviour of ssl2_read when facing length-0 packets: Don't return
+     0 (which usually indicates a closed connection), but continue reading.
+     [Bodo Moeller]
+
+  *) Fix some race conditions.
+     [Bodo Moeller]
+
+  *) Add support for CRL distribution points extension. Add Certificate
+     Policies and CRL distribution points documentation.
+     [Steve Henson]
+
+  *) Move the autogenerated header file parts to crypto/opensslconf.h.
+     [Ulf Möller]
+
+  *) Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of
+     8 of keying material. Merlin has also confirmed interop with this fix
+     between OpenSSL and Baltimore C/SSL 2.0 and J/SSL 2.0.
+     [Merlin Hughes <merlin at baltimore.ie>]
+
+  *) Fix lots of warnings.
+     [Richard Levitte <levitte at stacken.kth.se>]
+ 
+  *) In add_cert_dir() in crypto/x509/by_dir.c, break out of the loop if
+     the directory spec didn't end with a LIST_SEPARATOR_CHAR.
+     [Richard Levitte <levitte at stacken.kth.se>]
+ 
+  *) Fix problems with sizeof(long) == 8.
+     [Andy Polyakov <appro at fy.chalmers.se>]
+
+  *) Change functions to ANSI C.
+     [Ulf Möller]
+
+  *) Fix typos in error codes.
+     [Martin Kraemer <Martin.Kraemer at MchP.Siemens.De>, Ulf Möller]
+
+  *) Remove defunct assembler files from Configure.
+     [Ulf Möller]
+
+  *) SPARC v8 assembler BIGNUM implementation.
+     [Andy Polyakov <appro at fy.chalmers.se>]
+
+  *) Support for Certificate Policies extension: both print and set.
+     Various additions to support the r2i method this uses.
+     [Steve Henson]
+
+  *) A lot of constification, and fix a bug in X509_NAME_oneline() that could
+     return a const string when you are expecting an allocated buffer.
+     [Ben Laurie]
+
+  *) Add support for ASN1 types UTF8String and VISIBLESTRING, also the CHOICE
+     types DirectoryString and DisplayText.
+     [Steve Henson]
+
+  *) Add code to allow r2i extensions to access the configuration database,
+     add an LHASH database driver and add several ctx helper functions.
+     [Steve Henson]
+
+  *) Fix an evil bug in bn_expand2() which caused various BN functions to
+     fail when they extended the size of a BIGNUM.
+     [Steve Henson]
+
+  *) Various utility functions to handle SXNet extension. Modify mkdef.pl to
+     support typesafe stack.
+     [Steve Henson]
+
+  *) Fix typo in SSL_[gs]et_options().
+     [Nils Frostberg <nils at medcom.se>]
+
+  *) Delete various functions and files that belonged to the (now obsolete)
+     old X509V3 handling code.
+     [Steve Henson]
+
+  *) New Configure option "rsaref".
+     [Ulf Möller]
+
+  *) Don't auto-generate pem.h.
+     [Bodo Moeller]
+
+  *) Introduce type-safe ASN.1 SETs.
+     [Ben Laurie]
+
+  *) Convert various additional casted stacks to type-safe STACK_OF() variants.
+     [Ben Laurie, Ralf S. Engelschall, Steve Henson]
+
+  *) Introduce type-safe STACKs. This will almost certainly break lots of code
+     that links with OpenSSL (well at least cause lots of warnings), but fear
+     not: the conversion is trivial, and it eliminates loads of evil casts. A
+     few STACKed things have been converted already. Feel free to convert more.
+     In the fullness of time, I'll do away with the STACK type altogether.
+     [Ben Laurie]
+
+  *) Add `openssl ca -revoke <certfile>' facility which revokes a certificate
+     specified in <certfile> by updating the entry in the index.txt file.
+     This way one no longer has to edit the index.txt file manually for
+     revoking a certificate. The -revoke option does the gory details now.
+     [Massimiliano Pala <madwolf at openca.org>, Ralf S. Engelschall]
+
+  *) Fix `openssl crl -noout -text' combination where `-noout' killed the
+     `-text' option at all and this way the `-noout -text' combination was
+     inconsistent in `openssl crl' with the friends in `openssl x509|rsa|dsa'.
+     [Ralf S. Engelschall]
+
+  *) Make sure a corresponding plain text error message exists for the
+     X509_V_ERR_CERT_REVOKED/23 error number which can occur when a
+     verify callback function determined that a certificate was revoked.
+     [Ralf S. Engelschall]
+
+  *) Bugfix: In test/testenc, don't test "openssl <cipher>" for
+     ciphers that were excluded, e.g. by -DNO_IDEA.  Also, test
+     all available cipers including rc5, which was forgotten until now.
+     In order to let the testing shell script know which algorithms
+     are available, a new (up to now undocumented) command
+     "openssl list-cipher-commands" is used.
+     [Bodo Moeller]
+
+  *) Bugfix: s_client occasionally would sleep in select() when
+     it should have checked SSL_pending() first.
+     [Bodo Moeller]
+
+  *) New functions DSA_do_sign and DSA_do_verify to provide access to
+     the raw DSA values prior to ASN.1 encoding.
+     [Ulf Möller]
+
+  *) Tweaks to Configure
+     [Niels Poppe <niels at netbox.org>]
+
+  *) Add support for PKCS#5 v2.0 ASN1 PBES2 structures. No other support,
+     yet...
+     [Steve Henson]
+
+  *) New variables $(RANLIB) and $(PERL) in the Makefiles.
+     [Ulf Möller]
+
+  *) New config option to avoid instructions that are illegal on the 80386.
+     The default code is faster, but requires at least a 486.
+     [Ulf Möller]
+  
+  *) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and
+     SSL2_SERVER_VERSION (not used at all) macros, which are now the
+     same as SSL2_VERSION anyway.
+     [Bodo Moeller]
+
+  *) New "-showcerts" option for s_client.
+     [Bodo Moeller]
+
+  *) Still more PKCS#12 integration. Add pkcs12 application to openssl
+     application. Various cleanups and fixes.
+     [Steve Henson]
+
+  *) More PKCS#12 integration. Add new pkcs12 directory with Makefile.ssl and
+     modify error routines to work internally. Add error codes and PBE init
+     to library startup routines.
+     [Steve Henson]
+
+  *) Further PKCS#12 integration. Added password based encryption, PKCS#8 and
+     packing functions to asn1 and evp. Changed function names and error
+     codes along the way.
+     [Steve Henson]
+
+  *) PKCS12 integration: and so it begins... First of several patches to
+     slowly integrate PKCS#12 functionality into OpenSSL. Add PKCS#12
+     objects to objects.h
+     [Steve Henson]
+
+  *) Add a new 'indent' option to some X509V3 extension code. Initial ASN1
+     and display support for Thawte strong extranet extension.
+     [Steve Henson]
+
+  *) Add LinuxPPC support.
+     [Jeff Dubrule <igor at pobox.org>]
+
+  *) Get rid of redundant BN file bn_mulw.c, and rename bn_div64 to
+     bn_div_words in alpha.s.
+     [Hannes Reinecke <H.Reinecke at hw.ac.uk> and Ben Laurie]
+
+  *) Make sure the RSA OAEP test is skipped under -DRSAref because
+     OAEP isn't supported when OpenSSL is built with RSAref.
+     [Ulf Moeller <ulf at fitug.de>]
+
+  *) Move definitions of IS_SET/IS_SEQUENCE inside crypto/asn1/asn1.h 
+     so they no longer are missing under -DNOPROTO. 
+     [Soren S. Jorvang <soren at t.dk>]
+
+
+ Changes between 0.9.1c and 0.9.2b  [22 Mar 1999]
+
+  *) Make SSL_get_peer_cert_chain() work in servers. Unfortunately, it still
+     doesn't work when the session is reused. Coming soon!
+     [Ben Laurie]
+
+  *) Fix a security hole, that allows sessions to be reused in the wrong
+     context thus bypassing client cert protection! All software that uses
+     client certs and session caches in multiple contexts NEEDS PATCHING to
+     allow session reuse! A fuller solution is in the works.
+     [Ben Laurie, problem pointed out by Holger Reif, Bodo Moeller (and ???)]
+
+  *) Some more source tree cleanups (removed obsolete files
+     crypto/bf/asm/bf586.pl, test/test.txt and crypto/sha/asm/f.s; changed
+     permission on "config" script to be executable) and a fix for the INSTALL
+     document.
+     [Ulf Moeller <ulf at fitug.de>]
+
+  *) Remove some legacy and erroneous uses of malloc, free instead of
+     Malloc, Free.
+     [Lennart Bang <lob at netstream.se>, with minor changes by Steve]
+
+  *) Make rsa_oaep_test return non-zero on error.
+     [Ulf Moeller <ulf at fitug.de>]
+
+  *) Add support for native Solaris shared libraries. Configure
+     solaris-sparc-sc4-pic, make, then run shlib/solaris-sc4.sh. It'd be nice
+     if someone would make that last step automatic.
+     [Matthias Loepfe <Matthias.Loepfe at AdNovum.CH>]
+
+  *) ctx_size was not built with the right compiler during "make links". Fixed.
+     [Ben Laurie]
+
+  *) Change the meaning of 'ALL' in the cipher list. It now means "everything
+     except NULL ciphers". This means the default cipher list will no longer
+     enable NULL ciphers. They need to be specifically enabled e.g. with
+     the string "DEFAULT:eNULL".
+     [Steve Henson]
+
+  *) Fix to RSA private encryption routines: if p < q then it would
+     occasionally produce an invalid result. This will only happen with
+     externally generated keys because OpenSSL (and SSLeay) ensure p > q.
+     [Steve Henson]
+
+  *) Be less restrictive and allow also `perl util/perlpath.pl
+     /path/to/bin/perl' in addition to `perl util/perlpath.pl /path/to/bin',
+     because this way one can also use an interpreter named `perl5' (which is
+     usually the name of Perl 5.xxx on platforms where an Perl 4.x is still
+     installed as `perl').
+     [Matthias Loepfe <Matthias.Loepfe at adnovum.ch>]
+
+  *) Let util/clean-depend.pl work also with older Perl 5.00x versions.
+     [Matthias Loepfe <Matthias.Loepfe at adnovum.ch>]
+
+  *) Fix Makefile.org so CC,CFLAG etc are passed to 'make links' add
+     advapi32.lib to Win32 build and change the pem test comparision
+     to fc.exe (thanks to Ulrich Kroener <kroneru at yahoo.com> for the
+     suggestion). Fix misplaced ASNI prototypes and declarations in evp.h
+     and crypto/des/ede_cbcm_enc.c.
+     [Steve Henson]
+
+  *) DES quad checksum was broken on big-endian architectures. Fixed.
+     [Ben Laurie]
+
+  *) Comment out two functions in bio.h that aren't implemented. Fix up the
+     Win32 test batch file so it (might) work again. The Win32 test batch file
+     is horrible: I feel ill....
+     [Steve Henson]
+
+  *) Move various #ifdefs around so NO_SYSLOG, NO_DIRENT etc are now selected
+     in e_os.h. Audit of header files to check ANSI and non ANSI
+     sections: 10 functions were absent from non ANSI section and not exported
+     from Windows DLLs. Fixed up libeay.num for new functions.
+     [Steve Henson]
+
+  *) Make `openssl version' output lines consistent.
+     [Ralf S. Engelschall]
+
+  *) Fix Win32 symbol export lists for BIO functions: Added
+     BIO_get_ex_new_index, BIO_get_ex_num, BIO_get_ex_data and BIO_set_ex_data
+     to ms/libeay{16,32}.def.
+     [Ralf S. Engelschall]
+
+  *) Second round of fixing the OpenSSL perl/ stuff. It now at least compiled
+     fine under Unix and passes some trivial tests I've now added. But the
+     whole stuff is horribly incomplete, so a README.1ST with a disclaimer was
+     added to make sure no one expects that this stuff really works in the
+     OpenSSL 0.9.2 release.  Additionally I've started to clean the XS sources
+     up and fixed a few little bugs and inconsistencies in OpenSSL.{pm,xs} and
+     openssl_bio.xs.
+     [Ralf S. Engelschall]
+
+  *) Fix the generation of two part addresses in perl.
+     [Kenji Miyake <kenji at miyake.org>, integrated by Ben Laurie]
+
+  *) Add config entry for Linux on MIPS.
+     [John Tobey <jtobey at channel1.com>]
+
+  *) Make links whenever Configure is run, unless we are on Windoze.
+     [Ben Laurie]
+
+  *) Permit extensions to be added to CRLs using crl_section in openssl.cnf.
+     Currently only issuerAltName and AuthorityKeyIdentifier make any sense
+     in CRLs.
+     [Steve Henson]
+
+  *) Add a useful kludge to allow package maintainers to specify compiler and
+     other platforms details on the command line without having to patch the
+     Configure script everytime: One now can use ``perl Configure
+     <id>:<details>'', i.e. platform ids are allowed to have details appended
+     to them (seperated by colons). This is treated as there would be a static
+     pre-configured entry in Configure's %table under key <id> with value
+     <details> and ``perl Configure <id>'' is called.  So, when you want to
+     perform a quick test-compile under FreeBSD 3.1 with pgcc and without
+     assembler stuff you can use ``perl Configure "FreeBSD-elf:pgcc:-O6:::"''
+     now, which overrides the FreeBSD-elf entry on-the-fly.
+     [Ralf S. Engelschall]
+
+  *) Disable new TLS1 ciphersuites by default: they aren't official yet.
+     [Ben Laurie]
+
+  *) Allow DSO flags like -fpic, -fPIC, -KPIC etc. to be specified
+     on the `perl Configure ...' command line. This way one can compile
+     OpenSSL libraries with Position Independent Code (PIC) which is needed
+     for linking it into DSOs.
+     [Ralf S. Engelschall]
+
+  *) Remarkably, export ciphers were totally broken and no-one had noticed!
+     Fixed.
+     [Ben Laurie]
+
+  *) Cleaned up the LICENSE document: The official contact for any license
+     questions now is the OpenSSL core team under openssl-core at openssl.org.
+     And add a paragraph about the dual-license situation to make sure people
+     recognize that _BOTH_ the OpenSSL license _AND_ the SSLeay license apply
+     to the OpenSSL toolkit.
+     [Ralf S. Engelschall]
+
+  *) General source tree makefile cleanups: Made `making xxx in yyy...'
+     display consistent in the source tree and replaced `/bin/rm' by `rm'.
+     Additonally cleaned up the `make links' target: Remove unnecessary
+     semicolons, subsequent redundant removes, inline point.sh into mklink.sh
+     to speed processing and no longer clutter the display with confusing
+     stuff. Instead only the actually done links are displayed.
+     [Ralf S. Engelschall]
+
+  *) Permit null encryption ciphersuites, used for authentication only. It used
+     to be necessary to set the preprocessor define SSL_ALLOW_ENULL to do this.
+     It is now necessary to set SSL_FORBID_ENULL to prevent the use of null
+     encryption.
+     [Ben Laurie]
+
+  *) Add a bunch of fixes to the PKCS#7 stuff. It used to sometimes reorder
+     signed attributes when verifying signatures (this would break them), 
+     the detached data encoding was wrong and public keys obtained using
+     X509_get_pubkey() weren't freed.
+     [Steve Henson]
+
+  *) Add text documentation for the BUFFER functions. Also added a work around
+     to a Win95 console bug. This was triggered by the password read stuff: the
+     last character typed gets carried over to the next fread(). If you were 
+     generating a new cert request using 'req' for example then the last
+     character of the passphrase would be CR which would then enter the first
+     field as blank.
+     [Steve Henson]
+
+  *) Added the new `Includes OpenSSL Cryptography Software' button as
+     doc/openssl_button.{gif,html} which is similar in style to the old SSLeay
+     button and can be used by applications based on OpenSSL to show the
+     relationship to the OpenSSL project.  
+     [Ralf S. Engelschall]
+
+  *) Remove confusing variables in function signatures in files
+     ssl/ssl_lib.c and ssl/ssl.h.
+     [Lennart Bong <lob at kulthea.stacken.kth.se>]
+
+  *) Don't install bss_file.c under PREFIX/include/
+     [Lennart Bong <lob at kulthea.stacken.kth.se>]
+
+  *) Get the Win32 compile working again. Modify mkdef.pl so it can handle
+     functions that return function pointers and has support for NT specific
+     stuff. Fix mk1mf.pl and VC-32.pl to support NT differences also. Various
+     #ifdef WIN32 and WINNTs sprinkled about the place and some changes from
+     unsigned to signed types: this was killing the Win32 compile.
+     [Steve Henson]
+
+  *) Add new certificate file to stack functions,
+     SSL_add_dir_cert_subjects_to_stack() and
+     SSL_add_file_cert_subjects_to_stack().  These largely supplant
+     SSL_load_client_CA_file(), and can be used to add multiple certs easily
+     to a stack (usually this is then handed to SSL_CTX_set_client_CA_list()).
+     This means that Apache-SSL and similar packages don't have to mess around
+     to add as many CAs as they want to the preferred list.
+     [Ben Laurie]
+
+  *) Experiment with doxygen documentation. Currently only partially applied to
+     ssl/ssl_lib.c.
+     See http://www.stack.nl/~dimitri/doxygen/index.html, and run doxygen with
+     openssl.doxy as the configuration file.
+     [Ben Laurie]
+  
+  *) Get rid of remaining C++-style comments which strict C compilers hate.
+     [Ralf S. Engelschall, pointed out by Carlos Amengual]
+
+  *) Changed BN_RECURSION in bn_mont.c to BN_RECURSION_MONT so it is not
+     compiled in by default: it has problems with large keys.
+     [Steve Henson]
+
+  *) Add a bunch of SSL_xxx() functions for configuring the temporary RSA and
+     DH private keys and/or callback functions which directly correspond to
+     their SSL_CTX_xxx() counterparts but work on a per-connection basis. This
+     is needed for applications which have to configure certificates on a
+     per-connection basis (e.g. Apache+mod_ssl) instead of a per-context basis
+     (e.g. s_server). 
+        For the RSA certificate situation is makes no difference, but
+     for the DSA certificate situation this fixes the "no shared cipher"
+     problem where the OpenSSL cipher selection procedure failed because the
+     temporary keys were not overtaken from the context and the API provided
+     no way to reconfigure them. 
+        The new functions now let applications reconfigure the stuff and they
+     are in detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh,
+     SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback.  Additionally a new
+     non-public-API function ssl_cert_instantiate() is used as a helper
+     function and also to reduce code redundancy inside ssl_rsa.c.
+     [Ralf S. Engelschall]
+
+  *) Move s_server -dcert and -dkey options out of the undocumented feature
+     area because they are useful for the DSA situation and should be
+     recognized by the users.
+     [Ralf S. Engelschall]
+
+  *) Fix the cipher decision scheme for export ciphers: the export bits are
+     *not* within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within
+     SSL_EXP_MASK.  So, the original variable has to be used instead of the
+     already masked variable.
+     [Richard Levitte <levitte at stacken.kth.se>]
+
+  *) Fix 'port' variable from `int' to `unsigned int' in crypto/bio/b_sock.c
+     [Richard Levitte <levitte at stacken.kth.se>]
+
+  *) Change type of another md_len variable in pk7_doit.c:PKCS7_dataFinal()
+     from `int' to `unsigned int' because it's a length and initialized by
+     EVP_DigestFinal() which expects an `unsigned int *'.
+     [Richard Levitte <levitte at stacken.kth.se>]
+
+  *) Don't hard-code path to Perl interpreter on shebang line of Configure
+     script. Instead use the usual Shell->Perl transition trick.
+     [Ralf S. Engelschall]
+
+  *) Make `openssl x509 -noout -modulus' functional also for DSA certificates
+     (in addition to RSA certificates) to match the behaviour of `openssl dsa
+     -noout -modulus' as it's already the case for `openssl rsa -noout
+     -modulus'.  For RSA the -modulus is the real "modulus" while for DSA
+     currently the public key is printed (a decision which was already done by
+     `openssl dsa -modulus' in the past) which serves a similar purpose.
+     Additionally the NO_RSA no longer completely removes the whole -modulus
+     option; it now only avoids using the RSA stuff. Same applies to NO_DSA
+     now, too.
+     [Ralf S.  Engelschall]
+
+  *) Add Arne Ansper's reliable BIO - this is an encrypted, block-digested
+     BIO. See the source (crypto/evp/bio_ok.c) for more info.
+     [Arne Ansper <arne at ats.cyber.ee>]
+
+  *) Dump the old yucky req code that tried (and failed) to allow raw OIDs
+     to be added. Now both 'req' and 'ca' can use new objects defined in the
+     config file.
+     [Steve Henson]
+
+  *) Add cool BIO that does syslog (or event log on NT).
+     [Arne Ansper <arne at ats.cyber.ee>, integrated by Ben Laurie]
+
+  *) Add support for new TLS ciphersuites, TLS_RSA_EXPORT56_WITH_RC4_56_MD5,
+     TLS_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 and
+     TLS_RSA_EXPORT56_WITH_DES_CBC_SHA, as specified in "56-bit Export Cipher
+     Suites For TLS", draft-ietf-tls-56-bit-ciphersuites-00.txt.
+     [Ben Laurie]
+
+  *) Add preliminary config info for new extension code.
+     [Steve Henson]
+
+  *) Make RSA_NO_PADDING really use no padding.
+     [Ulf Moeller <ulf at fitug.de>]
+
+  *) Generate errors when private/public key check is done.
+     [Ben Laurie]
+
+  *) Overhaul for 'crl' utility. New function X509_CRL_print. Partial support
+     for some CRL extensions and new objects added.
+     [Steve Henson]
+
+  *) Really fix the ASN1 IMPLICIT bug this time... Partial support for private
+     key usage extension and fuller support for authority key id.
+     [Steve Henson]
+
+  *) Add OAEP encryption for the OpenSSL crypto library. OAEP is the improved
+     padding method for RSA, which is recommended for new applications in PKCS
+     #1 v2.0 (RFC 2437, October 1998).
+     OAEP (Optimal Asymmetric Encryption Padding) has better theoretical
+     foundations than the ad-hoc padding used in PKCS #1 v1.5. It is secure
+     against Bleichbacher's attack on RSA.
+     [Ulf Moeller <ulf at fitug.de>, reformatted, corrected and integrated by
+      Ben Laurie]
+
+  *) Updates to the new SSL compression code
+     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+  *) Fix so that the version number in the master secret, when passed
+     via RSA, checks that if TLS was proposed, but we roll back to SSLv3
+     (because the server will not accept higher), that the version number
+     is 0x03,0x01, not 0x03,0x00
+     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+  *) Run extensive memory leak checks on SSL apps. Fixed *lots* of memory
+     leaks in ssl/ relating to new X509_get_pubkey() behaviour. Also fixes
+     in apps/ and an unrelated leak in crypto/dsa/dsa_vrf.c
+     [Steve Henson]
+
+  *) Support for RAW extensions where an arbitrary extension can be
+     created by including its DER encoding. See apps/openssl.cnf for
+     an example.
+     [Steve Henson]
+
+  *) Make sure latest Perl versions don't interpret some generated C array
+     code as Perl array code in the crypto/err/err_genc.pl script.
+     [Lars Weber <3weber at informatik.uni-hamburg.de>]
+
+  *) Modify ms/do_ms.bat to not generate assembly language makefiles since
+     not many people have the assembler. Various Win32 compilation fixes and
+     update to the INSTALL.W32 file with (hopefully) more accurate Win32
+     build instructions.
+     [Steve Henson]
+
+  *) Modify configure script 'Configure' to automatically create crypto/date.h
+     file under Win32 and also build pem.h from pem.org. New script
+     util/mkfiles.pl to create the MINFO file on environments that can't do a
+     'make files': perl util/mkfiles.pl >MINFO should work.
+     [Steve Henson]
+
+  *) Major rework of DES function declarations, in the pursuit of correctness
+     and purity. As a result, many evil casts evaporated, and some weirdness,
+     too. You may find this causes warnings in your code. Zapping your evil
+     casts will probably fix them. Mostly.
+     [Ben Laurie]
+
+  *) Fix for a typo in asn1.h. Bug fix to object creation script
+     obj_dat.pl. It considered a zero in an object definition to mean
+     "end of object": none of the objects in objects.h have any zeros
+     so it wasn't spotted.
+     [Steve Henson, reported by Erwann ABALEA <eabalea at certplus.com>]
+
+  *) Add support for Triple DES Cipher Block Chaining with Output Feedback
+     Masking (CBCM). In the absence of test vectors, the best I have been able
+     to do is check that the decrypt undoes the encrypt, so far. Send me test
+     vectors if you have them.
+     [Ben Laurie]
+
+  *) Correct calculation of key length for export ciphers (too much space was
+     allocated for null ciphers). This has not been tested!
+     [Ben Laurie]
+
+  *) Modifications to the mkdef.pl for Win32 DEF file creation. The usage
+     message is now correct (it understands "crypto" and "ssl" on its
+     command line). There is also now an "update" option. This will update
+     the util/ssleay.num and util/libeay.num files with any new functions.
+     If you do a: 
+     perl util/mkdef.pl crypto ssl update
+     it will update them.
+     [Steve Henson]
+
+  *) Overhauled the Perl interface (perl/*):
+     - ported BN stuff to OpenSSL's different BN library
+     - made the perl/ source tree CVS-aware
+     - renamed the package from SSLeay to OpenSSL (the files still contain
+       their history because I've copied them in the repository)
+     - removed obsolete files (the test scripts will be replaced
+       by better Test::Harness variants in the future)
+     [Ralf S. Engelschall]
+
+  *) First cut for a very conservative source tree cleanup:
+     1. merge various obsolete readme texts into doc/ssleay.txt
+     where we collect the old documents and readme texts.
+     2. remove the first part of files where I'm already sure that we no
+     longer need them because of three reasons: either they are just temporary
+     files which were left by Eric or they are preserved original files where
+     I've verified that the diff is also available in the CVS via "cvs diff
+     -rSSLeay_0_8_1b" or they were renamed (as it was definitely the case for
+     the crypto/md/ stuff).
+     [Ralf S. Engelschall]
+
+  *) More extension code. Incomplete support for subject and issuer alt
+     name, issuer and authority key id. Change the i2v function parameters
+     and add an extra 'crl' parameter in the X509V3_CTX structure: guess
+     what that's for :-) Fix to ASN1 macro which messed up
+     IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED.
+     [Steve Henson]
+
+  *) Preliminary support for ENUMERATED type. This is largely copied from the
+     INTEGER code.
+     [Steve Henson]
+
+  *) Add new function, EVP_MD_CTX_copy() to replace frequent use of memcpy.
+     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+  *) Make sure `make rehash' target really finds the `openssl' program.
+     [Ralf S. Engelschall, Matthias Loepfe <Matthias.Loepfe at adnovum.ch>]
+
+  *) Squeeze another 7% of speed out of MD5 assembler, at least on a P2. I'd
+     like to hear about it if this slows down other processors.
+     [Ben Laurie]
+
+  *) Add CygWin32 platform information to Configure script.
+     [Alan Batie <batie at aahz.jf.intel.com>]
+
+  *) Fixed ms/32all.bat script: `no_asm' -> `no-asm'
+     [Rainer W. Gerling <gerling at mpg-gv.mpg.de>]
+  
+  *) New program nseq to manipulate netscape certificate sequences
+     [Steve Henson]
+
+  *) Modify crl2pkcs7 so it supports multiple -certfile arguments. Fix a
+     few typos.
+     [Steve Henson]
+
+  *) Fixes to BN code.  Previously the default was to define BN_RECURSION
+     but the BN code had some problems that would cause failures when
+     doing certificate verification and some other functions.
+     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+  *) Add ASN1 and PEM code to support netscape certificate sequences.
+     [Steve Henson]
+
+  *) Add ASN1 and PEM code to support netscape certificate sequences.
+     [Steve Henson]
+
+  *) Add several PKIX and private extended key usage OIDs.
+     [Steve Henson]
+
+  *) Modify the 'ca' program to handle the new extension code. Modify
+     openssl.cnf for new extension format, add comments.
+     [Steve Henson]
+
+  *) More X509 V3 changes. Fix typo in v3_bitstr.c. Add support to 'req'
+     and add a sample to openssl.cnf so req -x509 now adds appropriate
+     CA extensions.
+     [Steve Henson]
+
+  *) Continued X509 V3 changes. Add to other makefiles, integrate with the
+     error code, add initial support to X509_print() and x509 application.
+     [Steve Henson]
+
+  *) Takes a deep breath and start addding X509 V3 extension support code. Add
+     files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this
+     stuff is currently isolated and isn't even compiled yet.
+     [Steve Henson]
+
+  *) Continuing patches for GeneralizedTime. Fix up certificate and CRL
+     ASN1 to use ASN1_TIME and modify print routines to use ASN1_TIME_print.
+     Removed the versions check from X509 routines when loading extensions:
+     this allows certain broken certificates that don't set the version
+     properly to be processed.
+     [Steve Henson]
+
+  *) Deal with irritating shit to do with dependencies, in YAAHW (Yet Another
+     Ad Hoc Way) - Makefile.ssls now all contain local dependencies, which
+     can still be regenerated with "make depend".
+     [Ben Laurie]
+
+  *) Spelling mistake in C version of CAST-128.
+     [Ben Laurie, reported by Jeremy Hylton <jeremy at cnri.reston.va.us>]
+
+  *) Changes to the error generation code. The perl script err-code.pl 
+     now reads in the old error codes and retains the old numbers, only
+     adding new ones if necessary. It also only changes the .err files if new
+     codes are added. The makefiles have been modified to only insert errors
+     when needed (to avoid needlessly modifying header files). This is done
+     by only inserting errors if the .err file is newer than the auto generated
+     C file. To rebuild all the error codes from scratch (the old behaviour)
+     either modify crypto/Makefile.ssl to pass the -regen flag to err_code.pl
+     or delete all the .err files.
+     [Steve Henson]
+
+  *) CAST-128 was incorrectly implemented for short keys. The C version has
+     been fixed, but is untested. The assembler versions are also fixed, but
+     new assembler HAS NOT BEEN GENERATED FOR WIN32 - the Makefile needs fixing
+     to regenerate it if needed.
+     [Ben Laurie, reported (with fix for C version) by Jun-ichiro itojun
+      Hagino <itojun at kame.net>]
+
+  *) File was opened incorrectly in randfile.c.
+     [Ulf Möller <ulf at fitug.de>]
+
+  *) Beginning of support for GeneralizedTime. d2i, i2d, check and print
+     functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or
+     GeneralizedTime. ASN1_TIME is the proper type used in certificates et
+     al: it's just almost always a UTCTime. Note this patch adds new error
+     codes so do a "make errors" if there are problems.
+     [Steve Henson]
+
+  *) Correct Linux 1 recognition in config.
+     [Ulf Möller <ulf at fitug.de>]
+
+  *) Remove pointless MD5 hash when using DSA keys in ca.
+     [Anonymous <nobody at replay.com>]
+
+  *) Generate an error if given an empty string as a cert directory. Also
+     generate an error if handed NULL (previously returned 0 to indicate an
+     error, but didn't set one).
+     [Ben Laurie, reported by Anonymous <nobody at replay.com>]
+
+  *) Add prototypes to SSL methods. Make SSL_write's buffer const, at last.
+     [Ben Laurie]
+
+  *) Fix the dummy function BN_ref_mod_exp() in rsaref.c to have the correct
+     parameters. This was causing a warning which killed off the Win32 compile.
+     [Steve Henson]
+
+  *) Remove C++ style comments from crypto/bn/bn_local.h.
+     [Neil Costigan <neil.costigan at celocom.com>]
+
+  *) The function OBJ_txt2nid was broken. It was supposed to return a nid
+     based on a text string, looking up short and long names and finally
+     "dot" format. The "dot" format stuff didn't work. Added new function
+     OBJ_txt2obj to do the same but return an ASN1_OBJECT and rewrote 
+     OBJ_txt2nid to use it. OBJ_txt2obj can also return objects even if the
+     OID is not part of the table.
+     [Steve Henson]
+
+  *) Add prototypes to X509 lookup/verify methods, fixing a bug in
+     X509_LOOKUP_by_alias().
+     [Ben Laurie]
+
+  *) Sort openssl functions by name.
+     [Ben Laurie]
+
+  *) Get the gendsa program working (hopefully) and add it to app list. Remove
+     encryption from sample DSA keys (in case anyone is interested the password
+     was "1234").
+     [Steve Henson]
+
+  *) Make _all_ *_free functions accept a NULL pointer.
+     [Frans Heymans <fheymans at isaserver.be>]
+
+  *) If a DH key is generated in s3_srvr.c, don't blow it by trying to use
+     NULL pointers.
+     [Anonymous <nobody at replay.com>]
+
+  *) s_server should send the CAfile as acceptable CAs, not its own cert.
+     [Bodo Moeller <3moeller at informatik.uni-hamburg.de>]
+
+  *) Don't blow it for numeric -newkey arguments to apps/req.
+     [Bodo Moeller <3moeller at informatik.uni-hamburg.de>]
+
+  *) Temp key "for export" tests were wrong in s3_srvr.c.
+     [Anonymous <nobody at replay.com>]
+
+  *) Add prototype for temp key callback functions
+     SSL_CTX_set_tmp_{rsa,dh}_callback().
+     [Ben Laurie]
+
+  *) Make DH_free() tolerate being passed a NULL pointer (like RSA_free() and
+     DSA_free()). Make X509_PUBKEY_set() check for errors in d2i_PublicKey().
+     [Steve Henson]
+
+  *) X509_name_add_entry() freed the wrong thing after an error.
+     [Arne Ansper <arne at ats.cyber.ee>]
+
+  *) rsa_eay.c would attempt to free a NULL context.
+     [Arne Ansper <arne at ats.cyber.ee>]
+
+  *) BIO_s_socket() had a broken should_retry() on Windoze.
+     [Arne Ansper <arne at ats.cyber.ee>]
+
+  *) BIO_f_buffer() didn't pass on BIO_CTRL_FLUSH.
+     [Arne Ansper <arne at ats.cyber.ee>]
+
+  *) Make sure the already existing X509_STORE->depth variable is initialized
+     in X509_STORE_new(), but document the fact that this variable is still
+     unused in the certificate verification process.
+     [Ralf S. Engelschall]
+
+  *) Fix the various library and apps files to free up pkeys obtained from
+     X509_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions.
+     [Steve Henson]
+
+  *) Fix reference counting in X509_PUBKEY_get(). This makes
+     demos/maurice/example2.c work, amongst others, probably.
+     [Steve Henson and Ben Laurie]
+
+  *) First cut of a cleanup for apps/. First the `ssleay' program is now named
+     `openssl' and second, the shortcut symlinks for the `openssl <command>'
+     are no longer created. This way we have a single and consistent command
+     line interface `openssl <command>', similar to `cvs <command>'.
+     [Ralf S. Engelschall, Paul Sutton and Ben Laurie]
+
+  *) ca.c: move test for DSA keys inside #ifndef NO_DSA. Make pubkey
+     BIT STRING wrapper always have zero unused bits.
+     [Steve Henson]
+
+  *) Add CA.pl, perl version of CA.sh, add extended key usage OID.
+     [Steve Henson]
+
+  *) Make the top-level INSTALL documentation easier to understand.
+     [Paul Sutton]
+
+  *) Makefiles updated to exit if an error occurs in a sub-directory
+     make (including if user presses ^C) [Paul Sutton]
+
+  *) Make Montgomery context stuff explicit in RSA data structure.
+     [Ben Laurie]
+
+  *) Fix build order of pem and err to allow for generated pem.h.
+     [Ben Laurie]
+
+  *) Fix renumbering bug in X509_NAME_delete_entry().
+     [Ben Laurie]
+
+  *) Enhanced the err-ins.pl script so it makes the error library number 
+     global and can add a library name. This is needed for external ASN1 and
+     other error libraries.
+     [Steve Henson]
+
+  *) Fixed sk_insert which never worked properly.
+     [Steve Henson]
+
+  *) Fix ASN1 macros so they can handle indefinite length construted 
+     EXPLICIT tags. Some non standard certificates use these: they can now
+     be read in.
+     [Steve Henson]
+
+  *) Merged the various old/obsolete SSLeay documentation files (doc/xxx.doc)
+     into a single doc/ssleay.txt bundle. This way the information is still
+     preserved but no longer messes up this directory. Now it's new room for
+     the new set of documenation files.
+     [Ralf S. Engelschall]
+
+  *) SETs were incorrectly DER encoded. This was a major pain, because they
+     shared code with SEQUENCEs, which aren't coded the same. This means that
+     almost everything to do with SETs or SEQUENCEs has either changed name or
+     number of arguments.
+     [Ben Laurie, based on a partial fix by GP Jayan <gp at nsj.co.jp>]
+
+  *) Fix test data to work with the above.
+     [Ben Laurie]
+
+  *) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but
+     was already fixed by Eric for 0.9.1 it seems.
+     [Ben Laurie - pointed out by Ulf Möller <ulf at fitug.de>]
+
+  *) Autodetect FreeBSD3.
+     [Ben Laurie]
+
+  *) Fix various bugs in Configure. This affects the following platforms:
+     nextstep
+     ncr-scde
+     unixware-2.0
+     unixware-2.0-pentium
+     sco5-cc.
+     [Ben Laurie]
+
+  *) Eliminate generated files from CVS. Reorder tests to regenerate files
+     before they are needed.
+     [Ben Laurie]
+
+  *) Generate Makefile.ssl from Makefile.org (to keep CVS happy).
+     [Ben Laurie]
+
+
+ Changes between 0.9.1b and 0.9.1c  [23-Dec-1998]
+
+  *) Added OPENSSL_VERSION_NUMBER to crypto/crypto.h and 
+     changed SSLeay to OpenSSL in version strings.
+     [Ralf S. Engelschall]
+  
+  *) Some fixups to the top-level documents.
+     [Paul Sutton]
+
+  *) Fixed the nasty bug where rsaref.h was not found under compile-time
+     because the symlink to include/ was missing.
+     [Ralf S. Engelschall]
+
+  *) Incorporated the popular no-RSA/DSA-only patches 
+     which allow to compile a RSA-free SSLeay.
+     [Andrew Cooke / Interrader Ldt., Ralf S. Engelschall]
+
+  *) Fixed nasty rehash problem under `make -f Makefile.ssl links'
+     when "ssleay" is still not found.
+     [Ralf S. Engelschall]
+
+  *) Added more platforms to Configure: Cray T3E, HPUX 11, 
+     [Ralf S. Engelschall, Beckmann <beckman at acl.lanl.gov>]
+
+  *) Updated the README file.
+     [Ralf S. Engelschall]
+
+  *) Added various .cvsignore files in the CVS repository subdirs
+     to make a "cvs update" really silent.
+     [Ralf S. Engelschall]
+
+  *) Recompiled the error-definition header files and added
+     missing symbols to the Win32 linker tables.
+     [Ralf S. Engelschall]
+
+  *) Cleaned up the top-level documents;
+     o new files: CHANGES and LICENSE
+     o merged VERSION, HISTORY* and README* files a CHANGES.SSLeay 
+     o merged COPYRIGHT into LICENSE
+     o removed obsolete TODO file
+     o renamed MICROSOFT to INSTALL.W32
+     [Ralf S. Engelschall]
+
+  *) Removed dummy files from the 0.9.1b source tree: 
+     crypto/asn1/x crypto/bio/cd crypto/bio/fg crypto/bio/grep crypto/bio/vi
+     crypto/bn/asm/......add.c crypto/bn/asm/a.out crypto/dsa/f crypto/md5/f
+     crypto/pem/gmon.out crypto/perlasm/f crypto/pkcs7/build crypto/rsa/f
+     crypto/sha/asm/f crypto/threads/f ms/zzz ssl/f ssl/f.mak test/f
+     util/f.mak util/pl/f util/pl/f.mak crypto/bf/bf_locl.old apps/f
+     [Ralf S. Engelschall]
+
+  *) Added various platform portability fixes.
+     [Mark J. Cox]
+
+  *) The Genesis of the OpenSSL rpject:
+     We start with the latest (unreleased) SSLeay version 0.9.1b which Eric A.
+     Young and Tim J. Hudson created while they were working for C2Net until
+     summer 1998.
+     [The OpenSSL Project]
+ 
+
+ Changes between 0.9.0b and 0.9.1b  [not released]
+
+  *) Updated a few CA certificates under certs/
+     [Eric A. Young]
+
+  *) Changed some BIGNUM api stuff.
+     [Eric A. Young]
+
+  *) Various platform ports: OpenBSD, Ultrix, IRIX 64bit, NetBSD, 
+     DGUX x86, Linux Alpha, etc.
+     [Eric A. Young]
+
+  *) New COMP library [crypto/comp/] for SSL Record Layer Compression: 
+     RLE (dummy implemented) and ZLIB (really implemented when ZLIB is
+     available).
+     [Eric A. Young]
+
+  *) Add -strparse option to asn1pars program which parses nested 
+     binary structures 
+     [Dr Stephen Henson <shenson at bigfoot.com>]
+
+  *) Added "oid_file" to ssleay.cnf for "ca" and "req" programs.
+     [Eric A. Young]
+
+  *) DSA fix for "ca" program.
+     [Eric A. Young]
+
+  *) Added "-genkey" option to "dsaparam" program.
+     [Eric A. Young]
+
+  *) Added RIPE MD160 (rmd160) message digest.
+     [Eric A. Young]
+
+  *) Added -a (all) option to "ssleay version" command.
+     [Eric A. Young]
+
+  *) Added PLATFORM define which is the id given to Configure.
+     [Eric A. Young]
+
+  *) Added MemCheck_XXXX functions to crypto/mem.c for memory checking.
+     [Eric A. Young]
+
+  *) Extended the ASN.1 parser routines.
+     [Eric A. Young]
+
+  *) Extended BIO routines to support REUSEADDR, seek, tell, etc.
+     [Eric A. Young]
+
+  *) Added a BN_CTX to the BN library.
+     [Eric A. Young]
+
+  *) Fixed the weak key values in DES library
+     [Eric A. Young]
+
+  *) Changed API in EVP library for cipher aliases.
+     [Eric A. Young]
+
+  *) Added support for RC2/64bit cipher.
+     [Eric A. Young]
+
+  *) Converted the lhash library to the crypto/mem.c functions.
+     [Eric A. Young]
+
+  *) Added more recognized ASN.1 object ids.
+     [Eric A. Young]
+
+  *) Added more RSA padding checks for SSL/TLS.
+     [Eric A. Young]
+
+  *) Added BIO proxy/filter functionality.
+     [Eric A. Young]
+
+  *) Added extra_certs to SSL_CTX which can be used
+     send extra CA certificates to the client in the CA cert chain sending
+     process. It can be configured with SSL_CTX_add_extra_chain_cert().
+     [Eric A. Young]
+
+  *) Now Fortezza is denied in the authentication phase because
+     this is key exchange mechanism is not supported by SSLeay at all.
+     [Eric A. Young]
+
+  *) Additional PKCS1 checks.
+     [Eric A. Young]
+
+  *) Support the string "TLSv1" for all TLS v1 ciphers.
+     [Eric A. Young]
+
+  *) Added function SSL_get_ex_data_X509_STORE_CTX_idx() which gives the
+     ex_data index of the SSL context in the X509_STORE_CTX ex_data.
+     [Eric A. Young]
+
+  *) Fixed a few memory leaks.
+     [Eric A. Young]
+
+  *) Fixed various code and comment typos.
+     [Eric A. Young]
+
+  *) A minor bug in ssl/s3_clnt.c where there would always be 4 0 
+     bytes sent in the client random.
+     [Edward Bishop <ebishop at spyglass.com>]
+

Deleted: vendor-crypto/openssl/1.0.1u/CONTRIBUTING
===================================================================
--- vendor-crypto/openssl/dist/CONTRIBUTING	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/CONTRIBUTING	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,38 +0,0 @@
-HOW TO CONTRIBUTE TO OpenSSL
-----------------------------
-
-Development is coordinated on the openssl-dev mailing list (see
-http://www.openssl.org for information on subscribing). If you
-would like to submit a patch, send it to rt at openssl.org with
-the string "[PATCH]" in the subject. Please be sure to include a
-textual explanation of what your patch does.
-
-You can also make GitHub pull requests. If you do this, please also send
-mail to rt at openssl.org with a brief description and a link to the PR so
-that we can more easily keep track of it.
-
-If you are unsure as to whether a feature will be useful for the general
-OpenSSL community please discuss it on the openssl-dev mailing list first.
-Someone may be already working on the same thing or there may be a good
-reason as to why that feature isn't implemented.
-
-Patches should be as up to date as possible, preferably relative to the
-current Git or the last snapshot. They should follow our coding style
-(see https://www.openssl.org/policies/codingstyle.html) and compile without
-warnings using the --strict-warnings flag.  OpenSSL compiles on many varied
-platforms: try to ensure you only use portable features.
-
-Our preferred format for patch files is "git format-patch" output. For example
-to provide a patch file containing the last commit in your local git repository
-use the following command:
-
-# git format-patch --stdout HEAD^ >mydiffs.patch
-
-Another method of creating an acceptable patch file without using git is as
-follows:
-
-# cd openssl-work
-# [your changes]
-# ./Configure dist; make clean
-# cd ..
-# diff -ur openssl-orig openssl-work > mydiffs.patch

Copied: vendor-crypto/openssl/1.0.1u/CONTRIBUTING (from rev 11605, vendor-crypto/openssl/dist/CONTRIBUTING)
===================================================================
--- vendor-crypto/openssl/1.0.1u/CONTRIBUTING	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/CONTRIBUTING	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,75 @@
+HOW TO CONTRIBUTE TO PATCHES OpenSSL
+------------------------------------
+
+(Please visit https://www.openssl.org/community/getting-started.html for
+other ideas about how to contribute.)
+
+Development is coordinated on the openssl-dev mailing list (see the
+above link or https://mta.openssl.org for information on subscribing).
+If you are unsure as to whether a feature will be useful for the general
+OpenSSL community you might want to discuss it on the openssl-dev mailing
+list first.  Someone may be already working on the same thing or there
+may be a good reason as to why that feature isn't implemented.
+
+The best way to submit a patch is to make a pull request on GitHub.
+(It is not necessary to send mail to rt at openssl.org to open a ticket!)
+If you think the patch could use feedback from the community, please
+start a thread on openssl-dev.
+
+You can also submit patches by sending it as mail to rt at openssl.org.
+Please include the word "PATCH" and an explanation of what the patch
+does in the subject line.  If you do this, our preferred format is "git
+format-patch" output. For example to provide a patch file containing the
+last commit in your local git repository use the following command:
+
+    % git format-patch --stdout HEAD^ >mydiffs.patch
+
+Another method of creating an acceptable patch file without using git is as
+follows:
+
+    % cd openssl-work
+    ...make your changes...
+    % ./Configure dist; make clean
+    % cd ..
+    % diff -ur openssl-orig openssl-work >mydiffs.patch
+
+Note that pull requests are generally easier for the team, and community, to
+work with.  Pull requests benefit from all of the standard GitHub features,
+including code review tools, simpler integration, and CI build support.
+
+No matter how a patch is submitted, the following items will help make
+the acceptance and review process faster:
+
+    1. Anything other than trivial contributions will require a contributor
+    licensing agreement, giving us permission to use your code. See
+    https://www.openssl.org/policies/cla.html for details.
+
+    2.  All source files should start with the following text (with
+    appropriate comment characters at the start of each line and the
+    year(s) updated):
+
+        Copyright 20xx-20yy The OpenSSL Project Authors. All Rights Reserved.
+
+        Licensed under the OpenSSL license (the "License").  You may not use
+        this file except in compliance with the License.  You can obtain a copy
+        in the file LICENSE in the source distribution or at
+        https://www.openssl.org/source/license.html
+
+    3.  Patches should be as current as possible.  When using GitHub, please
+    expect to have to rebase and update often. Note that we do not accept merge
+    commits. You will be asked to remove them before a patch is considered
+    acceptable.
+
+    4.  Patches should follow our coding style (see
+    https://www.openssl.org/policies/codingstyle.html) and compile without
+    warnings. Where gcc or clang is availble you should use the
+    --strict-warnings Configure option.  OpenSSL compiles on many varied
+    platforms: try to ensure you only use portable features.
+
+    5.  When at all possible, patches should include tests. These can either be
+    added to an existing test, or completely new.  Please see test/README
+    for information on the test framework.
+
+    6.  New features or changed functionality must include documentation. Please
+    look at the "pod" files in doc/apps, doc/crypto and doc/ssl for examples of
+    our style.

Deleted: vendor-crypto/openssl/1.0.1u/Configure
===================================================================
--- vendor-crypto/openssl/dist/Configure	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/Configure	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,2201 +0,0 @@
-:
-eval 'exec perl -S $0 ${1+"$@"}'
-    if $running_under_some_shell;
-##
-##  Configure -- OpenSSL source tree configuration script
-##
-
-require 5.000;
-use strict;
-
-# see INSTALL for instructions.
-
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
-
-# Options:
-#
-# --openssldir  install OpenSSL in OPENSSLDIR (Default: DIR/ssl if the
-#               --prefix option is given; /usr/local/ssl otherwise)
-# --prefix      prefix for the OpenSSL include, lib and bin directories
-#               (Default: the OPENSSLDIR directory)
-#
-# --install_prefix  Additional prefix for package builders (empty by
-#               default).  This needn't be set in advance, you can
-#               just as well use "make INSTALL_PREFIX=/whatever install".
-#
-# --with-krb5-dir  Declare where Kerberos 5 lives.  The libraries are expected
-#		to live in the subdirectory lib/ and the header files in
-#		include/.  A value is required.
-# --with-krb5-lib  Declare where the Kerberos 5 libraries live.  A value is
-#		required.
-#		(Default: KRB5_DIR/lib)
-# --with-krb5-include  Declare where the Kerberos 5 header files live.  A
-#		value is required.
-#		(Default: KRB5_DIR/include)
-# --with-krb5-flavor  Declare what flavor of Kerberos 5 is used.  Currently
-#		supported values are "MIT" and "Heimdal".  A value is required.
-#
-# --test-sanity Make a number of sanity checks on the data in this file.
-#               This is a debugging tool for OpenSSL developers.
-#
-# --cross-compile-prefix Add specified prefix to binutils components.
-#
-# no-hw-xxx     do not compile support for specific crypto hardware.
-#               Generic OpenSSL-style methods relating to this support
-#               are always compiled but return NULL if the hardware
-#               support isn't compiled.
-# no-hw         do not compile support for any crypto hardware.
-# [no-]threads  [don't] try to create a library that is suitable for
-#               multithreaded applications (default is "threads" if we
-#               know how to do it)
-# [no-]shared	[don't] try to create shared libraries when supported.
-# no-asm        do not use assembler
-# no-dso        do not compile in any native shared-library methods. This
-#               will ensure that all methods just return NULL.
-# no-krb5       do not compile in any KRB5 library or code.
-# [no-]zlib     [don't] compile support for zlib compression.
-# zlib-dynamic	Like "zlib", but the zlib library is expected to be a shared
-#		library and will be loaded in run-time by the OpenSSL library.
-# sctp          include SCTP support
-# 386           generate 80386 code
-# no-sse2	disables IA-32 SSE2 code, above option implies no-sse2
-# no-<cipher>   build without specified algorithm (rsa, idea, rc5, ...)
-# -<xxx> +<xxx> compiler options are passed through 
-#
-# DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items
-#		provided to stack calls. Generates unique stack functions for
-#		each possible stack type.
-# DES_PTR	use pointer lookup vs arrays in the DES in crypto/des/des_locl.h
-# DES_RISC1	use different DES_ENCRYPT macro that helps reduce register
-#		dependancies but needs to more registers, good for RISC CPU's
-# DES_RISC2	A different RISC variant.
-# DES_UNROLL	unroll the inner DES loop, sometimes helps, somtimes hinders.
-# DES_INT	use 'int' instead of 'long' for DES_LONG in crypto/des/des.h
-#		This is used on the DEC Alpha where long is 8 bytes
-#		and int is 4
-# BN_LLONG	use the type 'long long' in crypto/bn/bn.h
-# MD2_CHAR	use 'char' instead of 'int' for MD2_INT in crypto/md2/md2.h
-# MD2_LONG	use 'long' instead of 'int' for MD2_INT in crypto/md2/md2.h
-# IDEA_SHORT	use 'short' instead of 'int' for IDEA_INT in crypto/idea/idea.h
-# IDEA_LONG	use 'long' instead of 'int' for IDEA_INT in crypto/idea/idea.h
-# RC2_SHORT	use 'short' instead of 'int' for RC2_INT in crypto/rc2/rc2.h
-# RC2_LONG	use 'long' instead of 'int' for RC2_INT in crypto/rc2/rc2.h
-# RC4_CHAR	use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
-# RC4_LONG	use 'long' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
-# RC4_INDEX	define RC4_INDEX in crypto/rc4/rc4_locl.h.  This turns on
-#		array lookups instead of pointer use.
-# RC4_CHUNK	enables code that handles data aligned at long (natural CPU
-#		word) boundary.
-# RC4_CHUNK_LL	enables code that handles data aligned at long long boundary
-#		(intended for 64-bit CPUs running 32-bit OS).
-# BF_PTR	use 'pointer arithmatic' for Blowfish (unsafe on Alpha).
-# BF_PTR2	intel specific version (generic version is more efficient).
-#
-# Following are set automatically by this script
-#
-# MD5_ASM	use some extra md5 assember,
-# SHA1_ASM	use some extra sha1 assember, must define L_ENDIAN for x86
-# RMD160_ASM	use some extra ripemd160 assember,
-# SHA256_ASM	sha256_block is implemented in assembler
-# SHA512_ASM	sha512_block is implemented in assembler
-# AES_ASM	ASE_[en|de]crypt is implemented in assembler
-
-# Minimum warning options... any contributions to OpenSSL should at least get
-# past these. 
-
-my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
-
-my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments";
-
-my $strict_warnings = 0;
-
-my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
-
-# MD2_CHAR slags pentium pros
-my $x86_gcc_opts="RC4_INDEX MD2_INT";
-
-# MODIFY THESE PARAMETERS IF YOU ARE GOING TO USE THE 'util/speed.sh SCRIPT
-# Don't worry about these normally
-
-my $tcc="cc";
-my $tflags="-fast -Xa";
-my $tbn_mul="";
-my $tlib="-lnsl -lsocket";
-#$bits1="SIXTEEN_BIT ";
-#$bits2="THIRTY_TWO_BIT ";
-my $bits1="THIRTY_TWO_BIT ";
-my $bits2="SIXTY_FOUR_BIT ";
-
-my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o:des-586.o crypt586.o:aes-586.o vpaes-x86.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o:ghash-x86.o:";
-
-my $x86_elf_asm="$x86_asm:elf";
-
-my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o modexp512-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o:";
-my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o::void";
-my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o:des_enc-sparc.o fcrypt_b.o:aes_core.o aes_cbc.o aes-sparcv9.o:::sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o:::::::ghash-sparcv9.o::void";
-my $sparcv8_asm=":sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::::::void";
-my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o:::::sha1-alpha.o:::::::ghash-alpha.o::void";
-my $mips32_asm=":bn-mips.o::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o::::::::";
-my $mips64_asm=":bn-mips.o mips-mont.o::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o::::::::";
-my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o::aes-s390x.o aes-ctr.o aes-xts.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o:";
-my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o::aes_cbc.o aes-armv4.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o::void";
-my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::32";
-my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::64";
-my $ppc32_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o::aes_core.o aes_cbc.o aes-ppc.o:::sha1-ppc.o sha256-ppc.o::::::::";
-my $ppc64_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o::aes_core.o aes_cbc.o aes-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o::::::::";
-my $no_asm=":::::::::::::::void";
-
-# As for $BSDthreads. Idea is to maintain "collective" set of flags,
-# which would cover all BSD flavors. -pthread applies to them all, 
-# but is treated differently. OpenBSD expands is as -D_POSIX_THREAD
-# -lc_r, which is sufficient. FreeBSD 4.x expands it as -lc_r,
-# which has to be accompanied by explicit -D_THREAD_SAFE and
-# sometimes -D_REENTRANT. FreeBSD 5.x expands it as -lc_r, which
-# seems to be sufficient?
-my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";
-
-#config-string	$cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $wp_obj : $cmll_obj : $modes_obj : $engines_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags : $multilib
-
-my %table=(
-# File 'TABLE' (created by 'make TABLE') contains the data from this list,
-# formatted for better readability.
-
-
-#"b",		"${tcc}:${tflags}::${tlib}:${bits1}:${tbn_mul}::",
-#"bl-4c-2c",	"${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:${tbn_mul}::",
-#"bl-4c-ri",	"${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:${tbn_mul}::",
-#"b2-is-ri-dp",	"${tcc}:${tflags}::${tlib}:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:${tbn_mul}::",
-
-# Our development configs
-"purify",	"purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::",
-"debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::",
-"debug-ben",	"gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DDEBUG_SAFESTACK -O2 -pipe::(unknown):::::",
-"debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
-"debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
-"debug-ben-debug",	"gcc44:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O2 -pipe::(unknown)::::::",
-"debug-ben-debug-64",	"gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-ben-macos",	"cc:$gcc_devteam_warn -arch i386 -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::-Wl,-search_paths_first::::",
-"debug-ben-macos-gcc46",	"gcc-mp-4.6:$gcc_devteam_warn -Wconversion -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::::::",
-"debug-ben-darwin64","cc:$gcc_devteam_warn -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"debug-ben-no-opt",	"gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::",
-"debug-ben-strict",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
-"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-bodo",	"gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll",
-"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-geoff32","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-geoff64","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"debug-linux-x86_64-clang","clang: -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"dist",		"cc:-O::(unknown)::::::",
-
-# Basic configs that should work on any (32 and less bit) box
-"gcc",		"gcc:-O3::(unknown):::BN_LLONG:::",
-"cc",		"cc:-O::(unknown)::::::",
-
-####VOS Configurations
-"vos-gcc","gcc:-O3 -Wall -DOPENSSL_SYSNAME_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:",
-"debug-vos-gcc","gcc:-O0 -g -Wall -DOPENSSL_SYSNAME_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:",
-
-#### Solaris x86 with GNU C setups
-# -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have to do it
-# here because whenever GNU C instantiates an assembler template it
-# surrounds it with #APP #NO_APP comment pair which (at least Solaris
-# 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
-# error message.
-"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -march=pentium -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# -shared -static-libgcc might appear controversial, but modules taken
-# from static libgcc do not have relocations and linking them into our
-# shared objects doesn't have any negative side-effects. On the contrary,
-# doing so makes it possible to use gcc shared build with Sun C. Given
-# that gcc generates faster code [thanks to inline assembler], I would
-# actually recommend to consider using gcc shared build even with vendor
-# compiler:-)
-#						<appro at fy.chalmers.se>
-"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
- 
-#### Solaris x86 with Sun C setups
-"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
-
-#### SPARC Solaris with GNU C setups
-"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-gcc","gcc:-mcpu=v8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc
-"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
-####
-"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=v8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-#### SPARC Solaris with Sun C setups
-# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
-# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
-# SC5.0 note: Compiler common patch 107357-01 or later is required!
-"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
-####
-"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
-
-#### SunOS configs, assuming sparc for the gcc one.
-#"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::",
-"sunos-gcc","gcc:-O3 -mcpu=v8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::",
-
-#### IRIX 5.x configs
-# -mips2 flag is added by ./config when appropriate.
-"irix-gcc","gcc:-O3 -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-cc", "cc:-O2 -use_readonly_const -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-#### IRIX 6.x configs
-# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
-# './Configure irix-cc -o32' manually.
-"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
-"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
-# N64 ABI builds.
-"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-
-#### Unified HP-UX ANSI C configs.
-# Special notes:
-# - Originally we were optimizing at +O4 level. It should be noted
-#   that the only difference between +O3 and +O4 is global inter-
-#   procedural analysis. As it has to be performed during the link
-#   stage the compiler leaves behind certain pseudo-code in lib*.a
-#   which might be release or even patch level specific. Generating
-#   the machine code for and analyzing the *whole* program appears
-#   to be *extremely* memory demanding while the performance gain is
-#   actually questionable. The situation is intensified by the default
-#   HP-UX data set size limit (infamous 'maxdsiz' tunable) of 64MB
-#   which is way too low for +O4. In other words, doesn't +O3 make
-#   more sense?
-# - Keep in mind that the HP compiler by default generates code
-#   suitable for execution on the host you're currently compiling at.
-#   If the toolkit is ment to be used on various PA-RISC processors
-#   consider './config +DAportable'.
-# - +DD64 is chosen in favour of +DA2.0W because it's meant to be
-#   compatible with *future* releases.
-# - If you run ./Configure hpux-parisc-[g]cc manually don't forget to
-#   pass -D_REENTRANT on HP-UX 10 and later.
-# - -DMD32_XARRAY triggers workaround for compiler bug we ran into in
-#   32-bit message digests. (For the moment of this writing) HP C
-#   doesn't seem to "digest" too many local variables (they make "him"
-#   chew forever:-). For more details look-up MD32_XARRAY comment in
-#   crypto/sha/sha_lcl.h.
-#					<appro at fy.chalmers.se>
-#
-# Since there is mention of this in shlib/hpux10-cc.sh
-"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc1_1-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${parisc11_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa1.1",
-"hpux-parisc2-gcc","gcc:-march=2.0 -O3 -DB_ENDIAN -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1:".eval{my $asm=$parisc20_asm;$asm=~s/2W\./2\./;$asm=~s/:64/:32/;$asm}.":dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_32",
-"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o::::::::::::::void:dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64",
-
-# More attempts at unified 10.X and 11.X targets for HP C compiler.
-#
-# Chris Ruemmler <ruemmler at cup.hp.com>
-# Kevin Steves <ks at hp.se>
-"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc1_1-cc","cc:+DA1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${parisc11_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa1.1",
-"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:".eval{my $asm=$parisc20_asm;$asm=~s/2W\./2\./;$asm=~s/:64/:32/;$asm}.":dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_32",
-"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${parisc20_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64",
-
-# HP/UX IA-64 targets
-"hpux-ia64-cc","cc:-Ae +DD32 +O2 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD32 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux32",
-# Frank Geurts <frank.geurts at nl.abnamro.com> has patiently assisted with
-# with debugging of the following config.
-"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux64",
-# GCC builds...
-"hpux-ia64-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux32",
-"hpux64-ia64-gcc","gcc:-mlp64 -O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-mlp64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux64", 
-
-# Legacy HPUX 9.X configs...
-"hpux-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O2 -z::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-#### HP MPE/iX http://jazz.external.hp.com/src/openssl/
-"MPE/iX-gcc",	"gcc:-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
-
-# DEC Alpha OSF/1/Tru64 targets.
-#
-#	"What's in a name? That which we call a rose
-#	 By any other word would smell as sweet."
-#
-# - William Shakespeare, "Romeo & Juliet", Act II, scene II.
-#
-# For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
-#
-"osf1-alpha-gcc", "gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
-"osf1-alpha-cc",  "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
-"tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
-
-####
-#### Variety of LINUX:-)
-####
-# *-generic* is endian-neutral target, but ./config is free to
-# throw in -D[BL]_ENDIAN, whichever appropriate...
-"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc",	"gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# It's believed that majority of ARM toolchains predefine appropriate -march.
-# If you compiler does not, do complement config command line with one!
-"linux-armv4",	"gcc:-O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-#### IA-32 targets...
-"linux-ia32-icc",	"icc:-DL_ENDIAN -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-elf",	"gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-aout",	"gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
-####
-"linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc64",	"gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-ia64",	"gcc:-DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64-ecc","ecc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-x86_64",	"gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-x86_64-clang","clang: -m64 -DL_ENDIAN -O3 -Wall -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux64-s390x",	"gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-#### So called "highgprs" target for z/Architecture CPUs
-# "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
-# /proc/cpuinfo. The idea is to preserve most significant bits of
-# general purpose registers not only upon 32-bit process context
-# switch, but even on asynchronous signal delivery to such process.
-# This makes it possible to deploy 64-bit instructions even in legacy
-# application context and achieve better [or should we say adequate]
-# performance. The build is binary compatible with linux-generic32,
-# and the idea is to be able to install the resulting libcrypto.so
-# alongside generic one, e.g. as /lib/highgprs/libcrypto.so.x.y, for
-# ldconfig and run-time linker to autodiscover. Unfortunately it
-# doesn't work just yet, because of couple of bugs in glibc
-# sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1...
-"linux32-s390x",	"gcc:-m31 -Wa,-mzarch -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs",
-#### SPARC Linux setups
-# Ray Miller <ray.miller at computing-services.oxford.ac.uk> has patiently
-# assisted with debugging of following two configs.
-"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# it's a real mess with -mcpu=ultrasparc option under Linux, but
-# -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# GCC 3.1 is a requirement
-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-#### Alpha Linux with GNU C and Compaq C setups
-# Special notes:
-# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
-#   ought to run './Configure linux-alpha+bwx-gcc' manually, do
-#   complement the command line with -mcpu=ev56, -mcpu=ev6 or whatever
-#   which is appropriate.
-# - If you use ccc keep in mind that -fast implies -arch host and the
-#   compiler is free to issue instructions which gonna make elder CPU
-#   choke. If you wish to build "blended" toolkit, add -arch generic
-#   *after* -fast and invoke './Configure linux-alpha-ccc' manually.
-#
-#					<appro at fy.chalmers.se>
-#
-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
-"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
-
-# Android: linux-* but without pointers to headers and libs.
-"android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-#### *BSD [do see comment about ${BSDthreads} above!]
-"BSD-generic32","gcc:-O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-x86",	"gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-x86-elf",	"gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-BSD-x86-elf",	"gcc:-DL_ENDIAN -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-sparcv8",	"gcc:-DB_ENDIAN -O3 -mcpu=v8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-"BSD-generic64","gcc:-O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
-# simply *happens* to work around a compiler bug in gcc 3.3.3,
-# triggered by RIPEMD160 code.
-"BSD-sparc64",	"gcc:-DB_ENDIAN -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-ia64",	"gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-x86_64",	"gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-"bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-"nextstep",	"cc:-O -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
-"nextstep3.3",	"cc:-O3 -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
-
-# NCR MP-RAS UNIX ver 02.03.01
-"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl -lc89:${x86_gcc_des} ${x86_gcc_opts}:::",
-
-# QNX
-"qnx4",	"cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:",
-"QNX6",       "gcc:::::-lsocket::${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"QNX6-i386",  "gcc:-DL_ENDIAN -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-# BeOS
-"beos-x86-r5",   "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT:BEOS:-lbe -lnet:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:beos:beos-shared:-fPIC -DPIC:-shared:.so",
-"beos-x86-bone", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT:BEOS:-lbe -lbind -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:beos:beos-shared:-fPIC:-shared:.so",
-
-#### SCO/Caldera targets.
-#
-# Originally we had like unixware-*, unixware-*-pentium, unixware-*-p6, etc.
-# Now we only have blended unixware-* as it's the only one used by ./config.
-# If you want to optimize for particular microarchitecture, bypass ./config
-# and './Configure unixware-7 -Kpentium_pro' or whatever appropriate.
-# Note that not all targets include assembler support. Mostly because of
-# lack of motivation to support out-of-date platforms with out-of-date
-# compiler drivers and assemblers. Tim Rice <tim at multitalents.net> has
-# patiently assisted to debug most of it.
-#
-# UnixWare 2.0x fails destest with -O.
-"unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
-"unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
-"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# SCO 5 - Ben Laurie <ben at algroup.co.uk> says the -O breaks the SCO cc.
-"sco5-cc",  "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-#### IBM's AIX.
-"aix3-cc",  "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::",
-"aix-gcc",  "gcc:-O -DB_ENDIAN::-pthread:AIX::BN_LLONG RC4_CHAR:${ppc32_asm}:aix32:dlfcn:aix-shared::-shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X32",
-"aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64",
-# Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE
-# at build time. $OBJECT_MODE is respected at ./config stage!
-"aix-cc",   "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR:${ppc32_asm}:aix32:dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
-"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
-
-#
-# Cray T90 and similar (SDSC)
-# It's Big-endian, but the algorithms work properly when B_ENDIAN is NOT
-# defined.  The T90 ints and longs are 8 bytes long, and apparently the
-# B_ENDIAN code assumes 4 byte ints.  Fortunately, the non-B_ENDIAN and
-# non L_ENDIAN code aligns the bytes in each word correctly.
-#
-# The BIT_FIELD_LIMITS define is to avoid two fatal compiler errors:
-#'Taking the address of a bit field is not allowed. '
-#'An expression with bit field exists as the operand of "sizeof" '
-# (written by Wayne Schroeder <schroede at SDSC.EDU>)
-#
-# j90 is considered the base machine type for unicos machines,
-# so this configuration is now called "cray-j90" ...
-"cray-j90", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown):CRAY::SIXTY_FOUR_BIT_LONG DES_INT:::",
-
-#
-# Cray T3E (Research Center Juelich, beckman at acl.lanl.gov)
-#
-# The BIT_FIELD_LIMITS define was written for the C90 (it seems).  I added
-# another use.  Basically, the problem is that the T3E uses some bit fields
-# for some st_addr stuff, and then sizeof and address-of fails
-# I could not use the ams/alpha.o option because the Cray assembler, 'cam'
-# did not like it.
-"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown):CRAY::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:::",
-
-# DGUX, 88100.
-"dgux-R3-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown):::RC4_INDEX DES_UNROLL:::",
-"dgux-R4-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown)::-lnsl -lsocket:RC4_INDEX DES_UNROLL:::",
-"dgux-R4-x86-gcc",	"gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown)::-lnsl -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-
-# Sinix/ReliantUNIX RM400
-# NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g  */
-"ReliantUNIX","cc:-KPIC -g -DTERMIOS -DB_ENDIAN::-Kthread:SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${no_asm}:dlfcn:reliantunix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"SINIX","cc:-O::(unknown):SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:RC4_INDEX RC4_CHAR:::",
-"SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown)::-lucb:RC4_INDEX RC4_CHAR:::",
-
-# SIEMENS BS2000/OSD: an EBCDIC-based mainframe
-"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
-
-# OS/390 Unix an EBCDIC-based Unix system on IBM mainframe
-# You need to compile using the c89.sh wrapper in the tools directory, because the
-# IBM compiler does not like the -L switch after any object modules.
-#
-"OS390-Unix","c89.sh:-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H  -D_ALL_SOURCE::(unknown):::THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
-
-# Visual C targets
-#
-# Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64
-"VC-WIN64I","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o ia64-mont.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32",
-"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32",
-"debug-VC-WIN64I","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32",
-"debug-VC-WIN64A","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32",
-# x86 Win32 target defaults to ANSI API, if you want UNICODE, complement
-# 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE'
-"VC-WIN32","cl:-W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
-# Unified CE target
-"debug-VC-WIN32","cl:-W3 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
-"VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
-
-# Borland C++ 4.5
-"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm}:win32",
-
-# MinGW
-"mingw", "gcc:-mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall::-D_MT:MINGW32:-lws2_32 -lgdi32 -lcrypt32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_asm}:coff:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin:.dll.a",
-# As for OPENSSL_USE_APPLINK. Applink makes it possible to use .dll
-# compiled with one compiler with application compiled with another
-# compiler. It's possible to engage Applink support in mingw64 build,
-# but it's not done, because till mingw64 supports structured exception
-# handling, one can't seriously consider its binaries for using with
-# non-mingw64 run-time environment. And as mingw64 is always consistent
-# with itself, Applink is never engaged and can as well be omitted.
-"mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a",
-
-# UWIN 
-"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
-
-# Cygwin
-"Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
-"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
-"debug-Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32:::${no_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
-
-# NetWare from David Ward (dsward at novell.com)
-# requires either MetroWerks NLM development tools, or gcc / nlmconv
-# NetWare defaults socket bio to WinSock sockets. However,
-# the builds can be configured to use BSD sockets instead.
-# netware-clib => legacy CLib c-runtime support
-"netware-clib", "mwccnlm::::::${x86_gcc_opts}::",
-"netware-clib-bsdsock", "mwccnlm::::::${x86_gcc_opts}::",
-"netware-clib-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -I/ndk/ws295sdk/include -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYSNAME_NETWARE -O2 -Wall:::::${x86_gcc_opts}::",
-"netware-clib-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -DNETWARE_BSDSOCK -DNETDB_USE_INTERNET -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYSNAME_NETWARE -O2 -Wall:::::${x86_gcc_opts}::",
-# netware-libc => LibC/NKS support
-"netware-libc", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::",
-"netware-libc-bsdsock", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::",
-"netware-libc-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::",
-"netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::",
-
-# DJGPP
-"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:",
-
-# Ultrix from Bernhard Simon <simon at zid.tuwien.ac.at>
-"ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::",
-"ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown):::BN_LLONG::::",
-# K&R C is no longer supported; you need gcc on old Ultrix installations
-##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown):::::::",
-
-##### MacOS X (a.k.a. Rhapsody or Darwin) setup
-"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}::",
-"darwin-ppc-cc","cc:-arch ppc -O3 -DB_ENDIAN -Wa,-force_cpusubtype_ALL::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc64_asm}:osx64:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:".eval{my $asm=$x86_asm;$asm=~s/cast\-586\.o//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-# iPhoneOS/iOS
-"iphoneos-cross","llvm-gcc:-O3 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fomit-frame-pointer -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-
-##### A/UX
-"aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
-
-##### Sony NEWS-OS 4.x
-"newsos4-gcc","gcc:-O -DB_ENDIAN::(unknown):NEWS4:-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
-
-##### GNU Hurd
-"hurd-x86",  "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
-
-##### OS/2 EMX
-"OS2-EMX", "gcc::::::::",
-
-##### VxWorks for various targets
-"vxworks-ppc60x","ccppc:-D_REENTRANT -mrtp -mhard-float -mstrict-align -fno-implicit-fp -DPPC32_fp60x -O2 -fstrength-reduce -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip:::VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/common:::::",
-"vxworks-ppcgen","ccppc:-D_REENTRANT -mrtp -msoft-float -mstrict-align -O1 -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip:::VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/sfcommon:::::",
-"vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
-"vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::",
-"vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::",
-"vxworks-ppc860","ccppc:-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
-"vxworks-simlinux","ccpentium:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DL_ENDIAN -DCPU=SIMLINUX -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/h -I\$(WIND_BASE)/target/h/wrn/coreip -DOPENSSL_NO_HW_PADLOCK:::VXWORKS:-r::${no_asm}::::::ranlibpentium:",
-"vxworks-mips","ccmips:-mrtp -mips2 -O -G 0 -B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DCPU=MIPS32 -msoft-float -mno-branch-likely -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/h/wrn/coreip::-D_REENTRANT:VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/mips/MIPSI32/sfcommon::${mips32_asm}:o32::::::ranlibmips:",
-
-##### Compaq Non-Stop Kernel (Tandem)
-"tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::",
-
-# uClinux
-"uClinux-dist","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):BN_LLONG:${no_asm}:$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::",
-"uClinux-dist64","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):SIXTY_FOUR_BIT_LONG:${no_asm}:$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::",
-
-);
-
-my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A
-		    debug-VC-WIN64I debug-VC-WIN64A
-		    VC-NT VC-CE VC-WIN32 debug-VC-WIN32
-		    BC-32 
-		    netware-clib netware-clib-bsdsock
-		    netware-libc netware-libc-bsdsock);
-
-my $idx = 0;
-my $idx_cc = $idx++;
-my $idx_cflags = $idx++;
-my $idx_unistd = $idx++;
-my $idx_thread_cflag = $idx++;
-my $idx_sys_id = $idx++;
-my $idx_lflags = $idx++;
-my $idx_bn_ops = $idx++;
-my $idx_cpuid_obj = $idx++;
-my $idx_bn_obj = $idx++;
-my $idx_des_obj = $idx++;
-my $idx_aes_obj = $idx++;
-my $idx_bf_obj = $idx++;
-my $idx_md5_obj = $idx++;
-my $idx_sha1_obj = $idx++;
-my $idx_cast_obj = $idx++;
-my $idx_rc4_obj = $idx++;
-my $idx_rmd160_obj = $idx++;
-my $idx_rc5_obj = $idx++;
-my $idx_wp_obj = $idx++;
-my $idx_cmll_obj = $idx++;
-my $idx_modes_obj = $idx++;
-my $idx_engines_obj = $idx++;
-my $idx_perlasm_scheme = $idx++;
-my $idx_dso_scheme = $idx++;
-my $idx_shared_target = $idx++;
-my $idx_shared_cflag = $idx++;
-my $idx_shared_ldflag = $idx++;
-my $idx_shared_extension = $idx++;
-my $idx_ranlib = $idx++;
-my $idx_arflags = $idx++;
-my $idx_multilib = $idx++;
-
-my $prefix="";
-my $libdir="";
-my $openssldir="";
-my $exe_ext="";
-my $install_prefix= "$ENV{'INSTALL_PREFIX'}";
-my $cross_compile_prefix="";
-my $fipsdir="/usr/local/ssl/fips-2.0";
-my $fipslibdir="";
-my $baseaddr="0xFB00000";
-my $no_threads=0;
-my $threads=0;
-my $no_shared=0; # but "no-shared" is default
-my $zlib=1;      # but "no-zlib" is default
-my $no_krb5=0;   # but "no-krb5" is implied unless "--with-krb5-..." is used
-my $no_rfc3779=1; # but "no-rfc3779" is default
-my $no_asm=0;
-my $no_dso=0;
-my $no_gmp=0;
-my @skip=();
-my $Makefile="Makefile";
-my $des_locl="crypto/des/des_locl.h";
-my $des	="crypto/des/des.h";
-my $bn	="crypto/bn/bn.h";
-my $md2	="crypto/md2/md2.h";
-my $rc4	="crypto/rc4/rc4.h";
-my $rc4_locl="crypto/rc4/rc4_locl.h";
-my $idea	="crypto/idea/idea.h";
-my $rc2	="crypto/rc2/rc2.h";
-my $bf	="crypto/bf/bf_locl.h";
-my $bn_asm	="bn_asm.o";
-my $des_enc="des_enc.o fcrypt_b.o";
-my $aes_enc="aes_core.o aes_cbc.o";
-my $bf_enc	="bf_enc.o";
-my $cast_enc="c_enc.o";
-my $rc4_enc="rc4_enc.o rc4_skey.o";
-my $rc5_enc="rc5_enc.o";
-my $md5_obj="";
-my $sha1_obj="";
-my $rmd160_obj="";
-my $cmll_enc="camellia.o cmll_misc.o cmll_cbc.o";
-my $processor="";
-my $default_ranlib;
-my $perl;
-my $fips=0;
-
-if (exists $ENV{FIPSDIR})
-	{
-	$fipsdir = $ENV{FIPSDIR};
-	$fipsdir =~ s/\/$//;
-	}
-
-# All of the following is disabled by default (RC5 was enabled before 0.9.8):
-
-my %disabled = ( # "what"         => "comment" [or special keyword "experimental"]
-		 "ec_nistp_64_gcc_128" => "default",
-		 "gmp"		  => "default",
-		 "jpake"          => "experimental",
-		 "md2"            => "default",
-		 "rc5"            => "default",
-		 "rfc3779"	  => "default",
-		 "sctp"       => "default",
-		 "shared"         => "default",
-		 "store"	  => "experimental",
-		 "unit-test"	  => "default",
-		 "zlib"           => "default",
-		 "zlib-dynamic"   => "default"
-	       );
-my @experimental = ();
-
-# This is what $depflags will look like with the above defaults
-# (we need this to see if we should advise the user to run "make depend"):
-my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
-
-# Explicit "no-..." options will be collected in %disabled along with the defaults.
-# To remove something from %disabled, use "enable-foo" (unless it's experimental).
-# For symmetry, "disable-foo" is a synonym for "no-foo".
-
-# For features called "experimental" here, a more explicit "experimental-foo" is needed to enable.
-# We will collect such requests in @experimental.
-# To avoid accidental use of experimental features, applications will have to use -DOPENSSL_EXPERIMENTAL_FOO.
-
-
-my $no_sse2=0;
-
-&usage if ($#ARGV < 0);
-
-my $flags;
-my $depflags;
-my $openssl_experimental_defines;
-my $openssl_algorithm_defines;
-my $openssl_thread_defines;
-my $openssl_sys_defines="";
-my $openssl_other_defines;
-my $libs;
-my $libkrb5="";
-my $target;
-my $options;
-my $symlink;
-my $make_depend=0;
-my %withargs=();
-
-my @argvcopy=@ARGV;
-my $argvstring="";
-my $argv_unprocessed=1;
-
-while($argv_unprocessed)
-	{
-	$flags="";
-	$depflags="";
-	$openssl_experimental_defines="";
-	$openssl_algorithm_defines="";
-	$openssl_thread_defines="";
-	$openssl_sys_defines="";
-	$openssl_other_defines="";
-	$libs="";
-	$target="";
-	$options="";
-	$symlink=1;
-
-	$argv_unprocessed=0;
-	$argvstring=join(' ', at argvcopy);
-
-PROCESS_ARGS:
-	foreach (@argvcopy)
-		{
-		s /^-no-/no-/; # some people just can't read the instructions
-
-		# rewrite some options in "enable-..." form
-		s /^-?-?shared$/enable-shared/;
-		s /^sctp$/enable-sctp/;
-		s /^threads$/enable-threads/;
-		s /^zlib$/enable-zlib/;
-		s /^zlib-dynamic$/enable-zlib-dynamic/;
-
-		if (/^no-(.+)$/ || /^disable-(.+)$/)
-			{
-			if (!($disabled{$1} eq "experimental"))
-				{
-				if ($1 eq "ssl")
-					{
-					$disabled{"ssl2"} = "option(ssl)";
-					$disabled{"ssl3"} = "option(ssl)";
-					}
-				elsif ($1 eq "tls")
-					{
-					$disabled{"tls1"} = "option(tls)"
-					}
-				elsif ($1 eq "ssl3-method")
-					{
-					$disabled{"ssl3-method"} = "option(ssl)";
-					$disabled{"ssl3"} = "option(ssl)";
-					}
-				else
-					{
-					$disabled{$1} = "option";
-					}
-				}			
-			}
-		elsif (/^enable-(.+)$/ || /^experimental-(.+)$/)
-			{
-			my $algo = $1;
-			if ($disabled{$algo} eq "experimental")
-				{
-				die "You are requesting an experimental feature; please say 'experimental-$algo' if you are sure\n"
-					unless (/^experimental-/);
-				push @experimental, $algo;
-				}
-			delete $disabled{$algo};
-
-			$threads = 1 if ($algo eq "threads");
-			}
-		elsif (/^--test-sanity$/)
-			{
-			exit(&test_sanity());
-			}
-		elsif (/^--strict-warnings/)
-			{
-			$strict_warnings = 1;
-			}
-		elsif (/^reconfigure/ || /^reconf/)
-			{
-			if (open(IN,"<$Makefile"))
-				{
-				while (<IN>)
-					{
-					chomp;
-					if (/^CONFIGURE_ARGS=(.*)/)
-						{
-						$argvstring=$1;
-						@argvcopy=split(' ',$argvstring);
-						die "Incorrect data to reconfigure, please do a normal configuration\n"
-							if (grep(/^reconf/, at argvcopy));
-						print "Reconfiguring with: $argvstring\n";
-						$argv_unprocessed=1;
-						close(IN);
-						last PROCESS_ARGS;
-						}
-					}
-				close(IN);
-				}
-			die "Insufficient data to reconfigure, please do a normal configuration\n";
-			}
-		elsif (/^386$/)
-			{ $processor=386; }
-		elsif (/^fips$/)
-			{
-			$fips=1;
-			}
-		elsif (/^rsaref$/)
-			{
-			# No RSAref support any more since it's not needed.
-			# The check for the option is there so scripts aren't
-			# broken
-			}
-		elsif (/^[-+]/)
-			{
-			if (/^-[lL](.*)$/ or /^-Wl,/)
-				{
-				$libs.=$_." ";
-				}
-			elsif (/^-[^-]/ or /^\+/)
-				{
-				$_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei;
-				$flags.=$_." ";
-				}
-			elsif (/^--prefix=(.*)$/)
-				{
-				$prefix=$1;
-				}
-			elsif (/^--libdir=(.*)$/)
-				{
-				$libdir=$1;
-				}
-			elsif (/^--openssldir=(.*)$/)
-				{
-				$openssldir=$1;
-				}
-			elsif (/^--install.prefix=(.*)$/)
-				{
-				$install_prefix=$1;
-				}
-			elsif (/^--with-krb5-(dir|lib|include|flavor)=(.*)$/)
-				{
-				$withargs{"krb5-".$1}=$2;
-				}
-			elsif (/^--with-zlib-lib=(.*)$/)
-				{
-				$withargs{"zlib-lib"}=$1;
-				}
-			elsif (/^--with-zlib-include=(.*)$/)
-				{
-				$withargs{"zlib-include"}="-I$1";
-				}
-			elsif (/^--with-fipsdir=(.*)$/)
-				{
-				$fipsdir="$1";
-				}
-			elsif (/^--with-fipslibdir=(.*)$/)
-				{
-				$fipslibdir="$1";
-				}
-			elsif (/^--with-baseaddr=(.*)$/)
-				{
-				$baseaddr="$1";
-				}
-			elsif (/^--cross-compile-prefix=(.*)$/)
-				{
-				$cross_compile_prefix=$1;
-				}
-			else
-				{
-				print STDERR $usage;
-				exit(1);
-				}
-			}
-		elsif ($_ =~ /^([^:]+):(.+)$/)
-			{
-			eval "\$table{\$1} = \"$2\""; # allow $xxx constructs in the string
-			$target=$1;
-			}
-		else
-			{
-			die "target already defined - $target (offending arg: $_)\n" if ($target ne "");
-			$target=$_;
-			}
-
-		unless ($_ eq $target || /^no-/ || /^disable-/)
-			{
-			# "no-..." follows later after implied disactivations
-			# have been derived.  (Don't take this too seroiusly,
-			# we really only write OPTIONS to the Makefile out of
-			# nostalgia.)
-
-			if ($options eq "")
-				{ $options = $_; }
-			else
-				{ $options .= " ".$_; }
-			}
-		}
-	}
-
-
-
-if ($processor eq "386")
-	{
-	$disabled{"sse2"} = "forced";
-	}
-
-if (!defined($withargs{"krb5-flavor"}) || $withargs{"krb5-flavor"} eq "")
-	{
-	$disabled{"krb5"} = "krb5-flavor not specified";
-	}
-
-if (!defined($disabled{"zlib-dynamic"}))
-	{
-	# "zlib-dynamic" was specifically enabled, so enable "zlib"
-	delete $disabled{"zlib"};
-	}
-
-if (defined($disabled{"rijndael"}))
-	{
-	$disabled{"aes"} = "forced";
-	}
-if (defined($disabled{"des"}))
-	{
-	$disabled{"mdc2"} = "forced";
-	}
-if (defined($disabled{"ec"}))
-	{
-	$disabled{"ecdsa"} = "forced";
-	$disabled{"ecdh"} = "forced";
-	}
-
-# SSL 2.0 requires MD5 and RSA
-if (defined($disabled{"md5"}) || defined($disabled{"rsa"}))
-	{
-	$disabled{"ssl2"} = "forced";
-	}
-
-if ($fips && $fipslibdir eq "")
-	{
-	$fipslibdir = $fipsdir . "/lib/";
-	}
-
-# RSAX ENGINE sets default non-FIPS RSA method.
-if ($fips)
-	{
-	$disabled{"rsax"} = "forced";
-	}
-
-# SSL 3.0 and TLS requires MD5 and SHA and either RSA or DSA+DH
-if (defined($disabled{"md5"}) || defined($disabled{"sha"})
-    || (defined($disabled{"rsa"})
-        && (defined($disabled{"dsa"}) || defined($disabled{"dh"}))))
-	{
-	$disabled{"ssl3"} = "forced";
-	$disabled{"tls1"} = "forced";
-	}
-
-if (defined($disabled{"tls1"}))
-	{
-	$disabled{"tlsext"} = "forced";
-	}
-
-if (defined($disabled{"ec"}) || defined($disabled{"dsa"})
-    || defined($disabled{"dh"}))
-	{
-	$disabled{"gost"} = "forced";
-	}
-
-# SRP and HEARTBEATS require TLSEXT
-if (defined($disabled{"tlsext"}))
-	{
-	$disabled{"srp"} = "forced";
-	$disabled{"heartbeats"} = "forced";
-	}
-
-if ($target eq "TABLE") {
-	foreach $target (sort keys %table) {
-		print_table_entry($target);
-	}
-	exit 0;
-}
-
-if ($target eq "LIST") {
-	foreach (sort keys %table) {
-		print;
-		print "\n";
-	}
-	exit 0;
-}
-
-if ($target =~ m/^CygWin32(-.*)$/) {
-	$target = "Cygwin".$1;
-}
-
-print "Configuring for $target\n";
-
-&usage if (!defined($table{$target}));
-
-
-foreach (sort (keys %disabled))
-	{
-	$options .= " no-$_";
-
-	printf "    no-%-12s %-10s", $_, "[$disabled{$_}]";
-
-	if (/^dso$/)
-		{ $no_dso = 1; }
-	elsif (/^threads$/)
-		{ $no_threads = 1; }
-	elsif (/^shared$/)
-		{ $no_shared = 1; }
-	elsif (/^zlib$/)
-		{ $zlib = 0; }
-	elsif (/^static-engine$/)
-		{ }
-	elsif (/^zlib-dynamic$/)
-		{ }
-	elsif (/^symlinks$/)
-		{ $symlink = 0; }
-	elsif (/^sse2$/)
-		{ $no_sse2 = 1; }
-	else
-		{
-		my ($ALGO, $algo);
-		($ALGO = $algo = $_) =~ tr/[\-a-z]/[_A-Z]/;
-
-		if (/^asm$/ || /^err$/ || /^hw$/ || /^hw-/)
-			{
-			$openssl_other_defines .= "#define OPENSSL_NO_$ALGO\n";
-			print " OPENSSL_NO_$ALGO";
-		
-			if (/^err$/)	{ $flags .= "-DOPENSSL_NO_ERR "; }
-			elsif (/^asm$/)	{ $no_asm = 1; }
-			}
-		else
-			{
-			$openssl_algorithm_defines .= "#define OPENSSL_NO_$ALGO\n";
-			print " OPENSSL_NO_$ALGO";
-
-			if (/^krb5$/)
-				{ $no_krb5 = 1; }
-			else
-				{
-				push @skip, $algo;
-				# fix-up crypto/directory name(s)
-				@skip[$#skip]="whrlpool" if $algo eq "whirlpool";
-				print " (skip dir)";
-
-				$depflags .= " -DOPENSSL_NO_$ALGO";
-				}
-			}
-		}
-
-	print "\n";
-	}
-
-my $exp_cflags = "";
-foreach (sort @experimental)
-	{
-	my $ALGO;
-	($ALGO = $_) =~ tr/[a-z]/[A-Z]/;
-
-	# opensslconf.h will set OPENSSL_NO_... unless OPENSSL_EXPERIMENTAL_... is defined
-	$openssl_experimental_defines .= "#define OPENSSL_NO_$ALGO\n";
-	$exp_cflags .= " -DOPENSSL_EXPERIMENTAL_$ALGO";
-	}
-
-my $IsMK1MF=scalar grep /^$target$/, at MK1MF_Builds;
-
-$exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target =~ /^mingw/);
-$exe_ext=".nlm" if ($target =~ /netware/);
-$exe_ext=".pm"  if ($target =~ /vos/);
-$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
-$prefix=$openssldir if $prefix eq "";
-
-$default_ranlib= &which("ranlib") or $default_ranlib="true";
-$perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
-  or $perl="perl";
-my $make = $ENV{'MAKE'} || "make";
-
-$cross_compile_prefix=$ENV{'CROSS_COMPILE'} if $cross_compile_prefix eq "";
-
-chop $openssldir if $openssldir =~ /\/$/;
-chop $prefix if $prefix =~ /.\/$/;
-
-$openssldir=$prefix . "/ssl" if $openssldir eq "";
-$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
-
-
-print "IsMK1MF=$IsMK1MF\n";
-
-my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
-my $cc = $fields[$idx_cc];
-# Allow environment CC to override compiler...
-if($ENV{CC}) {
-    $cc = $ENV{CC};
-}
-my $cflags = $fields[$idx_cflags];
-my $unistd = $fields[$idx_unistd];
-my $thread_cflag = $fields[$idx_thread_cflag];
-my $sys_id = $fields[$idx_sys_id];
-my $lflags = $fields[$idx_lflags];
-my $bn_ops = $fields[$idx_bn_ops];
-my $cpuid_obj = $fields[$idx_cpuid_obj];
-my $bn_obj = $fields[$idx_bn_obj];
-my $des_obj = $fields[$idx_des_obj];
-my $aes_obj = $fields[$idx_aes_obj];
-my $bf_obj = $fields[$idx_bf_obj];
-my $md5_obj = $fields[$idx_md5_obj];
-my $sha1_obj = $fields[$idx_sha1_obj];
-my $cast_obj = $fields[$idx_cast_obj];
-my $rc4_obj = $fields[$idx_rc4_obj];
-my $rmd160_obj = $fields[$idx_rmd160_obj];
-my $rc5_obj = $fields[$idx_rc5_obj];
-my $wp_obj = $fields[$idx_wp_obj];
-my $cmll_obj = $fields[$idx_cmll_obj];
-my $modes_obj = $fields[$idx_modes_obj];
-my $engines_obj = $fields[$idx_engines_obj];
-my $perlasm_scheme = $fields[$idx_perlasm_scheme];
-my $dso_scheme = $fields[$idx_dso_scheme];
-my $shared_target = $fields[$idx_shared_target];
-my $shared_cflag = $fields[$idx_shared_cflag];
-my $shared_ldflag = $fields[$idx_shared_ldflag];
-my $shared_extension = $fields[$idx_shared_extension];
-my $ranlib = $ENV{'RANLIB'} || $fields[$idx_ranlib];
-my $ar = $ENV{'AR'} || "ar";
-my $arflags = $fields[$idx_arflags];
-my $multilib = $fields[$idx_multilib];
-
-# if $prefix/lib$multilib is not an existing directory, then
-# assume that it's not searched by linker automatically, in
-# which case adding $multilib suffix causes more grief than
-# we're ready to tolerate, so don't...
-$multilib="" if !-d "$prefix/lib$multilib";
-
-$libdir="lib$multilib" if $libdir eq "";
-
-$cflags = "$cflags$exp_cflags";
-
-# '%' in $lflags is used to split flags to "pre-" and post-flags
-my ($prelflags,$postlflags)=split('%',$lflags);
-if (defined($postlflags))	{ $lflags=$postlflags;	}
-else				{ $lflags=$prelflags; undef $prelflags;	}
-
-if ($target =~ /^mingw/ && `$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m)
-	{
-	$cflags =~ s/\-mno\-cygwin\s*//;
-	$shared_ldflag =~ s/\-mno\-cygwin\s*//;
-	}
-
-my $no_shared_warn=0;
-my $no_user_cflags=0;
-
-if ($flags ne "")	{ $cflags="$flags$cflags"; }
-else			{ $no_user_cflags=1;       }
-
-# Kerberos settings.  The flavor must be provided from outside, either through
-# the script "config" or manually.
-if (!$no_krb5)
-	{
-	my ($lresolv, $lpath, $lext);
-	if ($withargs{"krb5-flavor"} =~ /^[Hh]eimdal$/)
-		{
-		die "Sorry, Heimdal is currently not supported\n";
-		}
-	##### HACK to force use of Heimdal.
-	##### WARNING: Since we don't really have adequate support for Heimdal,
-	#####          using this will break the build.  You'll have to make
-	#####          changes to the source, and if you do, please send
-	#####          patches to openssl-dev at openssl.org
-	if ($withargs{"krb5-flavor"} =~ /^force-[Hh]eimdal$/)
-		{
-		warn "Heimdal isn't really supported.  Your build WILL break\n";
-		warn "If you fix the problems, please send a patch to openssl-dev\@openssl.org\n";
-		$withargs{"krb5-dir"} = "/usr/heimdal"
-			if $withargs{"krb5-dir"} eq "";
-		$withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}.
-			"/lib -lgssapi -lkrb5 -lcom_err"
-			if $withargs{"krb5-lib"} eq "" && !$IsMK1MF;
-		$cflags="-DKRB5_HEIMDAL $cflags";
-		}
-	if ($withargs{"krb5-flavor"} =~ /^[Mm][Ii][Tt]/)
-		{
-		$withargs{"krb5-dir"} = "/usr/kerberos"
-			if $withargs{"krb5-dir"} eq "";
-		$withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}.
-			"/lib -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto"
-			if $withargs{"krb5-lib"} eq "" && !$IsMK1MF;
-		$cflags="-DKRB5_MIT $cflags";
-		$withargs{"krb5-flavor"} =~ s/^[Mm][Ii][Tt][._-]*//;
-		if ($withargs{"krb5-flavor"} =~ /^1[._-]*[01]/)
-			{
-			$cflags="-DKRB5_MIT_OLD11 $cflags";
-			}
-		}
-	LRESOLV:
-	foreach $lpath ("/lib", "/usr/lib")
-		{
-		foreach $lext ("a", "so")
-			{
-			$lresolv = "$lpath/libresolv.$lext";
-			last LRESOLV	if (-r "$lresolv");
-			$lresolv = "";
-			}
-		}
-	$withargs{"krb5-lib"} .= " -lresolv"
-		if ("$lresolv" ne "");
-	$withargs{"krb5-include"} = "-I".$withargs{"krb5-dir"}."/include"
-		if $withargs{"krb5-include"} eq "" &&
-		   $withargs{"krb5-dir"} ne "";
-	}
-
-# The DSO code currently always implements all functions so that no
-# applications will have to worry about that from a compilation point
-# of view. However, the "method"s may return zero unless that platform
-# has support compiled in for them. Currently each method is enabled
-# by a define "DSO_<name>" ... we translate the "dso_scheme" config
-# string entry into using the following logic;
-my $dso_cflags;
-if (!$no_dso && $dso_scheme ne "")
-	{
-	$dso_scheme =~ tr/[a-z]/[A-Z]/;
-	if ($dso_scheme eq "DLFCN")
-		{
-		$dso_cflags = "-DDSO_DLFCN -DHAVE_DLFCN_H";
-		}
-	elsif ($dso_scheme eq "DLFCN_NO_H")
-		{
-		$dso_cflags = "-DDSO_DLFCN";
-		}
-	else
-		{
-		$dso_cflags = "-DDSO_$dso_scheme";
-		}
-	$cflags = "$dso_cflags $cflags";
-	}
-
-my $thread_cflags;
-my $thread_defines;
-if ($thread_cflag ne "(unknown)" && !$no_threads)
-	{
-	# If we know how to do it, support threads by default.
-	$threads = 1;
-	}
-if ($thread_cflag eq "(unknown)" && $threads)
-	{
-	# If the user asked for "threads", [s]he is also expected to
-	# provide any system-dependent compiler options that are
-	# necessary.
-	if ($no_user_cflags)
-		{
-		print "You asked for multi-threading support, but didn't\n";
-		print "provide any system-specific compiler options\n";
-		exit(1);
-		}
-	$thread_cflags="-DOPENSSL_THREADS $cflags" ;
-	$thread_defines .= "#define OPENSSL_THREADS\n";
-	}
-else
-	{
-	$thread_cflags="-DOPENSSL_THREADS $thread_cflag $cflags";
-	$thread_defines .= "#define OPENSSL_THREADS\n";
-#	my $def;
-#	foreach $def (split ' ',$thread_cflag)
-#		{
-#		if ($def =~ s/^-D// && $def !~ /^_/)
-#			{
-#			$thread_defines .= "#define $def\n";
-#			}
-#		}
-	}	
-
-$lflags="$libs$lflags" if ($libs ne "");
-
-if ($no_asm)
-	{
-	$cpuid_obj=$bn_obj=
-	$des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=$cmll_obj=
-	$modes_obj=$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=$engines_obj="";
-	}
-
-if (!$no_shared)
-	{
-	$cast_obj="";	# CAST assembler is not PIC
-	}
-
-if ($threads)
-	{
-	$cflags=$thread_cflags;
-	$openssl_thread_defines .= $thread_defines;
-	}
-
-if ($zlib)
-	{
-	$cflags = "-DZLIB $cflags";
-	if (defined($disabled{"zlib-dynamic"}))
-		{
-		if (defined($withargs{"zlib-lib"}))
-			{
-			$lflags = "$lflags -L" . $withargs{"zlib-lib"} . " -lz";
-			}
-		else
-			{
-			$lflags = "$lflags -lz";
-			}
-		}
-	else
-		{
-		$cflags = "-DZLIB_SHARED $cflags";
-		}
-	}
-
-# You will find shlib_mark1 and shlib_mark2 explained in Makefile.org
-my $shared_mark = "";
-if ($shared_target eq "")
-	{
-	$no_shared_warn = 1 if !$no_shared;
-	$no_shared = 1;
-	}
-if (!$no_shared)
-	{
-	if ($shared_cflag ne "")
-		{
-		$cflags = "$shared_cflag -DOPENSSL_PIC $cflags";
-		}
-	}
-
-if (!$IsMK1MF)
-	{
-	# add {no-}static-engine to options to allow mkdef.pl to work without extra arguments
-	if ($no_shared)
-		{
-		$openssl_other_defines.="#define OPENSSL_NO_DYNAMIC_ENGINE\n";
-		$options.=" static-engine";
-		}
-	else
-		{
-		$openssl_other_defines.="#define OPENSSL_NO_STATIC_ENGINE\n";
-		$options.=" no-static-engine";
-		}
-	}
-
-$cpuid_obj.=" uplink.o uplink-x86.o" if ($cflags =~ /\-DOPENSSL_USE_APPLINK/);
-
-#
-# Platform fix-ups
-#
-if ($target =~ /\-icc$/)	# Intel C compiler
-	{
-	my $iccver=0;
-	if (open(FD,"$cc -V 2>&1 |"))
-		{
-		while(<FD>) { $iccver=$1 if (/Version ([0-9]+)\./); }
-		close(FD);
-		}
-	if ($iccver>=8)
-		{
-		# Eliminate unnecessary dependency from libirc.a. This is
-		# essential for shared library support, as otherwise
-		# apps/openssl can end up in endless loop upon startup...
-		$cflags.=" -Dmemcpy=__builtin_memcpy -Dmemset=__builtin_memset";
-		}
-	if ($iccver>=9)
-		{
-		$cflags.=" -i-static";
-		$cflags=~s/\-no_cpprt/-no-cpprt/;
-		}
-	if ($iccver>=10)
-		{
-		$cflags=~s/\-i\-static/-static-intel/;
-		}
-	}
-
-# Unlike other OSes (like Solaris, Linux, Tru64, IRIX) BSD run-time
-# linkers (tested OpenBSD, NetBSD and FreeBSD) "demand" RPATH set on
-# .so objects. Apparently application RPATH is not global and does
-# not apply to .so linked with other .so. Problem manifests itself
-# when libssl.so fails to load libcrypto.so. One can argue that we
-# should engrave this into Makefile.shared rules or into BSD-* config
-# lines above. Meanwhile let's try to be cautious and pass -rpath to
-# linker only when --prefix is not /usr.
-if ($target =~ /^BSD\-/)
-	{
-	$shared_ldflag.=" -Wl,-rpath,\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
-	}
-
-if ($sys_id ne "")
-	{
-	#$cflags="-DOPENSSL_SYSNAME_$sys_id $cflags";
-	$openssl_sys_defines="#define OPENSSL_SYSNAME_$sys_id\n";
-	}
-
-if ($ranlib eq "")
-	{
-	$ranlib = $default_ranlib;
-	}
-
-#my ($bn1)=split(/\s+/,$bn_obj);
-#$bn1 = "" unless defined $bn1;
-#$bn1=$bn_asm unless ($bn1 =~ /\.o$/);
-#$bn_obj="$bn1";
-
-$cpuid_obj="" if ($processor eq "386");
-
-$bn_obj = $bn_asm unless $bn_obj ne "";
-# bn-586 is the only one implementing bn_*_part_words
-$cflags.=" -DOPENSSL_BN_ASM_PART_WORDS" if ($bn_obj =~ /bn-586/);
-$cflags.=" -DOPENSSL_IA32_SSE2" if (!$no_sse2 && $bn_obj =~ /86/);
-
-$cflags.=" -DOPENSSL_BN_ASM_MONT" if ($bn_obj =~ /-mont/);
-$cflags.=" -DOPENSSL_BN_ASM_MONT5" if ($bn_obj =~ /-mont5/);
-$cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($bn_obj =~ /-gf2m/);
-
-if ($fips)
-	{
-	$openssl_other_defines.="#define OPENSSL_FIPS\n";
-	$cflags .= " -I\$(FIPSDIR)/include";
-	}
-
-$cpuid_obj="mem_clr.o"	unless ($cpuid_obj =~ /\.o$/);
-$des_obj=$des_enc	unless ($des_obj =~ /\.o$/);
-$bf_obj=$bf_enc		unless ($bf_obj =~ /\.o$/);
-$cast_obj=$cast_enc	unless ($cast_obj =~ /\.o$/);
-$rc4_obj=$rc4_enc	unless ($rc4_obj =~ /\.o$/);
-$rc5_obj=$rc5_enc	unless ($rc5_obj =~ /\.o$/);
-if ($sha1_obj =~ /\.o$/)
-	{
-#	$sha1_obj=$sha1_enc;
-	$cflags.=" -DSHA1_ASM"   if ($sha1_obj =~ /sx86/ || $sha1_obj =~ /sha1/);
-	$cflags.=" -DSHA256_ASM" if ($sha1_obj =~ /sha256/);
-	$cflags.=" -DSHA512_ASM" if ($sha1_obj =~ /sha512/);
-	if ($sha1_obj =~ /sse2/)
-	    {	if ($no_sse2)
-		{   $sha1_obj =~ s/\S*sse2\S+//;        }
-		elsif ($cflags !~ /OPENSSL_IA32_SSE2/)
-		{   $cflags.=" -DOPENSSL_IA32_SSE2";    }
-	    }
-	}
-if ($md5_obj =~ /\.o$/)
-	{
-#	$md5_obj=$md5_enc;
-	$cflags.=" -DMD5_ASM";
-	}
-if ($rmd160_obj =~ /\.o$/)
-	{
-#	$rmd160_obj=$rmd160_enc;
-	$cflags.=" -DRMD160_ASM";
-	}
-if ($aes_obj =~ /\.o$/)
-	{
-	$cflags.=" -DAES_ASM";
-	# aes-ctr.o is not a real file, only indication that assembler
-	# module implements AES_ctr32_encrypt...
-	$cflags.=" -DAES_CTR_ASM" if ($aes_obj =~ s/\s*aes\-ctr\.o//);
-	# aes-xts.o indicates presense of AES_xts_[en|de]crypt...
-	$cflags.=" -DAES_XTS_ASM" if ($aes_obj =~ s/\s*aes\-xts\.o//);
-	$aes_obj =~ s/\s*(vpaes|aesni)\-x86\.o//g if ($no_sse2);
-	$cflags.=" -DVPAES_ASM" if ($aes_obj =~ m/vpaes/);
-	$cflags.=" -DBSAES_ASM" if ($aes_obj =~ m/bsaes/);
-	}
-else	{
-	$aes_obj=$aes_enc;
-	}
-$wp_obj="" if ($wp_obj =~ /mmx/ && $processor eq "386");
-if ($wp_obj =~ /\.o$/ && !$disabled{"whirlpool"})
-	{
-	$cflags.=" -DWHIRLPOOL_ASM";
-	}
-else	{
-	$wp_obj="wp_block.o";
-	}
-$cmll_obj=$cmll_enc	unless ($cmll_obj =~ /.o$/);
-if ($modes_obj =~ /ghash/)
-	{
-	$cflags.=" -DGHASH_ASM";
-	}
-
-# "Stringify" the C flags string.  This permits it to be made part of a string
-# and works as well on command lines.
-$cflags =~ s/([\\\"])/\\\1/g;
-
-my $version = "unknown";
-my $version_num = "unknown";
-my $major = "unknown";
-my $minor = "unknown";
-my $shlib_version_number = "unknown";
-my $shlib_version_history = "unknown";
-my $shlib_major = "unknown";
-my $shlib_minor = "unknown";
-
-open(IN,'<crypto/opensslv.h') || die "unable to read opensslv.h:$!\n";
-while (<IN>)
-	{
-	$version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /;
-	$version_num=$1 if /OPENSSL.VERSION.NUMBER.*0x(\S+)/;
-	$shlib_version_number=$1 if /SHLIB_VERSION_NUMBER *"([^"]+)"/;
-	$shlib_version_history=$1 if /SHLIB_VERSION_HISTORY *"([^"]*)"/;
-	}
-close(IN);
-if ($shlib_version_history ne "") { $shlib_version_history .= ":"; }
-
-if ($version =~ /(^[0-9]*)\.([0-9\.]*)/)
-	{
-	$major=$1;
-	$minor=$2;
-	}
-
-if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
-	{
-	$shlib_major=$1;
-	$shlib_minor=$2;
-	}
-
-if ($strict_warnings)
-	{
-	my $ecc = $cc;
-	$ecc = "clang" if `$cc --version 2>&1` =~ /clang/;
-	my $wopt;
-	die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/);
-	foreach $wopt (split /\s+/, $gcc_devteam_warn)
-		{
-		$cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
-		}
-	if ($ecc eq "clang")
-		{
-		foreach $wopt (split /\s+/, $clang_devteam_warn)
-			{
-			$cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
-			}
-		}
-	}
-
-open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
-unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
-open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
-print OUT "### Generated automatically from Makefile.org by Configure.\n\n";
-my $sdirs=0;
-while (<IN>)
-	{
-	chomp;
-	$sdirs = 1 if /^SDIRS=/;
-	if ($sdirs) {
-		my $dir;
-		foreach $dir (@skip) {
-			s/(\s)$dir /$1/;
-			s/\s$dir$//;
-			}
-		}
-	$sdirs = 0 unless /\\$/;
-        s/engines // if (/^DIRS=/ && $disabled{"engine"});
-	s/ccgost// if (/^ENGDIRS=/ && $disabled{"gost"});
-	s/^VERSION=.*/VERSION=$version/;
-	s/^MAJOR=.*/MAJOR=$major/;
-	s/^MINOR=.*/MINOR=$minor/;
-	s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/;
-	s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
-	s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
-	s/^SHLIB_MINOR=.*/SHLIB_MINOR=$shlib_minor/;
-	s/^SHLIB_EXT=.*/SHLIB_EXT=$shared_extension/;
-	s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/;
-	s/^MULTILIB=.*$/MULTILIB=$multilib/;
-	s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/;
-	s/^LIBDIR=.*$/LIBDIR=$libdir/;
-	s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/;
-	s/^PLATFORM=.*$/PLATFORM=$target/;
-	s/^OPTIONS=.*$/OPTIONS=$options/;
-	s/^CONFIGURE_ARGS=.*$/CONFIGURE_ARGS=$argvstring/;
-	if ($cross_compile_prefix)
-		{
-		s/^CC=.*$/CROSS_COMPILE= $cross_compile_prefix\nCC= \$\(CROSS_COMPILE\)$cc/;
-		s/^AR=\s*/AR= \$\(CROSS_COMPILE\)/;
-		s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/;
-		s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
-		s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc eq "gcc";
-		}
-	else	{
-		s/^CC=.*$/CC= $cc/;
-		s/^AR=\s*ar/AR= $ar/;
-		s/^RANLIB=.*/RANLIB= $ranlib/;
-		s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
-		}
-	s/^CFLAG=.*$/CFLAG= $cflags/;
-	s/^DEPFLAG=.*$/DEPFLAG=$depflags/;
-	s/^PEX_LIBS=.*$/PEX_LIBS= $prelflags/;
-	s/^EX_LIBS=.*$/EX_LIBS= $lflags/;
-	s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/;
-	s/^CPUID_OBJ=.*$/CPUID_OBJ= $cpuid_obj/;
-	s/^BN_ASM=.*$/BN_ASM= $bn_obj/;
-	s/^DES_ENC=.*$/DES_ENC= $des_obj/;
-	s/^AES_ENC=.*$/AES_ENC= $aes_obj/;
-	s/^BF_ENC=.*$/BF_ENC= $bf_obj/;
-	s/^CAST_ENC=.*$/CAST_ENC= $cast_obj/;
-	s/^RC4_ENC=.*$/RC4_ENC= $rc4_obj/;
-	s/^RC5_ENC=.*$/RC5_ENC= $rc5_obj/;
-	s/^MD5_ASM_OBJ=.*$/MD5_ASM_OBJ= $md5_obj/;
-	s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/;
-	s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/;
-	s/^WP_ASM_OBJ=.*$/WP_ASM_OBJ= $wp_obj/;
-	s/^CMLL_ENC=.*$/CMLL_ENC= $cmll_obj/;
-	s/^MODES_ASM_OBJ.=*$/MODES_ASM_OBJ= $modes_obj/;
-	s/^ENGINES_ASM_OBJ.=*$/ENGINES_ASM_OBJ= $engines_obj/;
-	s/^PERLASM_SCHEME=.*$/PERLASM_SCHEME= $perlasm_scheme/;
-	s/^PROCESSOR=.*/PROCESSOR= $processor/;
-	s/^ARFLAGS=.*/ARFLAGS= $arflags/;
-	s/^PERL=.*/PERL= $perl/;
-	s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/;
-	s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/;
-	s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/;
-	s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/;
-
-	s/^FIPSDIR=.*/FIPSDIR=$fipsdir/;
-	s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/;
-	s/^FIPSCANLIB=.*/FIPSCANLIB=libcrypto/ if $fips;
-	s/^BASEADDR=.*/BASEADDR=$baseaddr/;
-
-	s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
-	s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
-	s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
-	if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/)
-		{
-		my $sotmp = $1;
-		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/;
-		}
-	elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.dylib$/)
-		{
-		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.dylib/;
-		}
-	elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
-		{
-		my $sotmp = $1;
-		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
-		}
-	elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
-		{
-		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.\$(SHLIB_MAJOR).dylib .dylib/;
-		}
-	s/^SHARED_LDFLAGS=.*/SHARED_LDFLAGS=$shared_ldflag/;
-	print OUT $_."\n";
-	}
-close(IN);
-close(OUT);
-rename($Makefile,"$Makefile.bak") || die "unable to rename $Makefile\n" if -e $Makefile;
-rename("$Makefile.new",$Makefile) || die "unable to rename $Makefile.new\n";
-
-print "CC            =$cc\n";
-print "CFLAG         =$cflags\n";
-print "EX_LIBS       =$lflags\n";
-print "CPUID_OBJ     =$cpuid_obj\n";
-print "BN_ASM        =$bn_obj\n";
-print "DES_ENC       =$des_obj\n";
-print "AES_ENC       =$aes_obj\n";
-print "BF_ENC        =$bf_obj\n";
-print "CAST_ENC      =$cast_obj\n";
-print "RC4_ENC       =$rc4_obj\n";
-print "RC5_ENC       =$rc5_obj\n";
-print "MD5_OBJ_ASM   =$md5_obj\n";
-print "SHA1_OBJ_ASM  =$sha1_obj\n";
-print "RMD160_OBJ_ASM=$rmd160_obj\n";
-print "CMLL_ENC      =$cmll_obj\n";
-print "MODES_OBJ     =$modes_obj\n";
-print "ENGINES_OBJ   =$engines_obj\n";
-print "PROCESSOR     =$processor\n";
-print "RANLIB        =$ranlib\n";
-print "ARFLAGS       =$arflags\n";
-print "PERL          =$perl\n";
-print "KRB5_INCLUDES =",$withargs{"krb5-include"},"\n"
-	if $withargs{"krb5-include"} ne "";
-
-my $des_ptr=0;
-my $des_risc1=0;
-my $des_risc2=0;
-my $des_unroll=0;
-my $bn_ll=0;
-my $def_int=2;
-my $rc4_int=$def_int;
-my $md2_int=$def_int;
-my $idea_int=$def_int;
-my $rc2_int=$def_int;
-my $rc4_idx=0;
-my $rc4_chunk=0;
-my $bf_ptr=0;
-my @type=("char","short","int","long");
-my ($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0);
-my $export_var_as_fn=0;
-
-my $des_int;
-
-foreach (sort split(/\s+/,$bn_ops))
-	{
-	$des_ptr=1 if /DES_PTR/;
-	$des_risc1=1 if /DES_RISC1/;
-	$des_risc2=1 if /DES_RISC2/;
-	$des_unroll=1 if /DES_UNROLL/;
-	$des_int=1 if /DES_INT/;
-	$bn_ll=1 if /BN_LLONG/;
-	$rc4_int=0 if /RC4_CHAR/;
-	$rc4_int=3 if /RC4_LONG/;
-	$rc4_idx=1 if /RC4_INDEX/;
-	$rc4_chunk=1 if /RC4_CHUNK/;
-	$rc4_chunk=2 if /RC4_CHUNK_LL/;
-	$md2_int=0 if /MD2_CHAR/;
-	$md2_int=3 if /MD2_LONG/;
-	$idea_int=1 if /IDEA_SHORT/;
-	$idea_int=3 if /IDEA_LONG/;
-	$rc2_int=1 if /RC2_SHORT/;
-	$rc2_int=3 if /RC2_LONG/;
-	$bf_ptr=1 if $_ eq "BF_PTR";
-	$bf_ptr=2 if $_ eq "BF_PTR2";
-	($b64l,$b64,$b32,$b16,$b8)=(0,1,0,0,0) if /SIXTY_FOUR_BIT/;
-	($b64l,$b64,$b32,$b16,$b8)=(1,0,0,0,0) if /SIXTY_FOUR_BIT_LONG/;
-	($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0) if /THIRTY_TWO_BIT/;
-	($b64l,$b64,$b32,$b16,$b8)=(0,0,0,1,0) if /SIXTEEN_BIT/;
-	($b64l,$b64,$b32,$b16,$b8)=(0,0,0,0,1) if /EIGHT_BIT/;
-	$export_var_as_fn=1 if /EXPORT_VAR_AS_FN/;
-	}
-
-open(IN,'<crypto/opensslconf.h.in') || die "unable to read crypto/opensslconf.h.in:$!\n";
-unlink("crypto/opensslconf.h.new") || die "unable to remove old crypto/opensslconf.h.new:$!\n" if -e "crypto/opensslconf.h.new";
-open(OUT,'>crypto/opensslconf.h.new') || die "unable to create crypto/opensslconf.h.new:$!\n";
-print OUT "/* opensslconf.h */\n";
-print OUT "/* WARNING: Generated automatically from opensslconf.h.in by Configure. */\n\n";
-
-print OUT "#ifdef  __cplusplus\n";
-print OUT "extern \"C\" {\n";
-print OUT "#endif\n";
-print OUT "/* OpenSSL was configured with the following options: */\n";
-my $openssl_algorithm_defines_trans = $openssl_algorithm_defines;
-$openssl_experimental_defines =~ s/^\s*#\s*define\s+OPENSSL_NO_(.*)/#ifndef OPENSSL_EXPERIMENTAL_$1\n# ifndef OPENSSL_NO_$1\n#  define OPENSSL_NO_$1\n# endif\n#endif/mg;
-$openssl_algorithm_defines_trans =~ s/^\s*#\s*define\s+OPENSSL_(.*)/# if defined(OPENSSL_$1) \&\& !defined($1)\n#  define $1\n# endif/mg;
-$openssl_algorithm_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
-$openssl_algorithm_defines = "   /* no ciphers excluded */\n" if $openssl_algorithm_defines eq "";
-$openssl_thread_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
-$openssl_sys_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
-$openssl_other_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
-print OUT $openssl_sys_defines;
-print OUT "#ifndef OPENSSL_DOING_MAKEDEPEND\n\n";
-print OUT $openssl_experimental_defines;
-print OUT "\n";
-print OUT $openssl_algorithm_defines;
-print OUT "\n#endif /* OPENSSL_DOING_MAKEDEPEND */\n\n";
-print OUT $openssl_thread_defines;
-print OUT $openssl_other_defines,"\n";
-
-print OUT "/* The OPENSSL_NO_* macros are also defined as NO_* if the application\n";
-print OUT "   asks for it.  This is a transient feature that is provided for those\n";
-print OUT "   who haven't had the time to do the appropriate changes in their\n";
-print OUT "   applications.  */\n";
-print OUT "#ifdef OPENSSL_ALGORITHM_DEFINES\n";
-print OUT $openssl_algorithm_defines_trans;
-print OUT "#endif\n\n";
-
-print OUT "#define OPENSSL_CPUID_OBJ\n\n" if ($cpuid_obj ne "mem_clr.o");
-
-while (<IN>)
-	{
-	if	(/^#define\s+OPENSSLDIR/)
-		{
-		my $foo = $openssldir;
-		$foo =~ s/\\/\\\\/g;
-		print OUT "#define OPENSSLDIR \"$foo\"\n";
-		}
-	elsif	(/^#define\s+ENGINESDIR/)
-		{
-		my $foo = "$prefix/$libdir/engines";
-		$foo =~ s/\\/\\\\/g;
-		print OUT "#define ENGINESDIR \"$foo\"\n";
-		}
-	elsif	(/^#((define)|(undef))\s+OPENSSL_EXPORT_VAR_AS_FUNCTION/)
-		{ printf OUT "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION\n"
-			if $export_var_as_fn;
-		  printf OUT "#%s OPENSSL_EXPORT_VAR_AS_FUNCTION\n",
-			($export_var_as_fn)?"define":"undef"; }
-	elsif	(/^#define\s+OPENSSL_UNISTD/)
-		{
-		$unistd = "<unistd.h>" if $unistd eq "";
-		print OUT "#define OPENSSL_UNISTD $unistd\n";
-		}
-	elsif	(/^#((define)|(undef))\s+SIXTY_FOUR_BIT_LONG/)
-		{ printf OUT "#%s SIXTY_FOUR_BIT_LONG\n",($b64l)?"define":"undef"; }
-	elsif	(/^#((define)|(undef))\s+SIXTY_FOUR_BIT/)
-		{ printf OUT "#%s SIXTY_FOUR_BIT\n",($b64)?"define":"undef"; }
-	elsif	(/^#((define)|(undef))\s+THIRTY_TWO_BIT/)
-		{ printf OUT "#%s THIRTY_TWO_BIT\n",($b32)?"define":"undef"; }
-	elsif	(/^#((define)|(undef))\s+SIXTEEN_BIT/)
-		{ printf OUT "#%s SIXTEEN_BIT\n",($b16)?"define":"undef"; }
-	elsif	(/^#((define)|(undef))\s+EIGHT_BIT/)
-		{ printf OUT "#%s EIGHT_BIT\n",($b8)?"define":"undef"; }
-	elsif	(/^#((define)|(undef))\s+BN_LLONG\s*$/)
-		{ printf OUT "#%s BN_LLONG\n",($bn_ll)?"define":"undef"; }
-	elsif	(/^\#define\s+DES_LONG\s+.*/)
-		{ printf OUT "#define DES_LONG unsigned %s\n",
-			($des_int)?'int':'long'; }
-	elsif	(/^\#(define|undef)\s+DES_PTR/)
-		{ printf OUT "#%s DES_PTR\n",($des_ptr)?'define':'undef'; }
-	elsif	(/^\#(define|undef)\s+DES_RISC1/)
-		{ printf OUT "#%s DES_RISC1\n",($des_risc1)?'define':'undef'; }
-	elsif	(/^\#(define|undef)\s+DES_RISC2/)
-		{ printf OUT "#%s DES_RISC2\n",($des_risc2)?'define':'undef'; }
-	elsif	(/^\#(define|undef)\s+DES_UNROLL/)
-		{ printf OUT "#%s DES_UNROLL\n",($des_unroll)?'define':'undef'; }
-	elsif	(/^#define\s+RC4_INT\s/)
-		{ printf OUT "#define RC4_INT unsigned %s\n",$type[$rc4_int]; }
-	elsif	(/^#undef\s+RC4_CHUNK/)
-		{
-		printf OUT "#undef RC4_CHUNK\n" if $rc4_chunk==0;
-		printf OUT "#define RC4_CHUNK unsigned long\n" if $rc4_chunk==1;
-		printf OUT "#define RC4_CHUNK unsigned long long\n" if $rc4_chunk==2;
-		}
-	elsif	(/^#((define)|(undef))\s+RC4_INDEX/)
-		{ printf OUT "#%s RC4_INDEX\n",($rc4_idx)?"define":"undef"; }
-	elsif (/^#(define|undef)\s+I386_ONLY/)
-		{ printf OUT "#%s I386_ONLY\n", ($processor eq "386")?
-			"define":"undef"; }
-	elsif	(/^#define\s+MD2_INT\s/)
-		{ printf OUT "#define MD2_INT unsigned %s\n",$type[$md2_int]; }
-	elsif	(/^#define\s+IDEA_INT\s/)
-		{printf OUT "#define IDEA_INT unsigned %s\n",$type[$idea_int];}
-	elsif	(/^#define\s+RC2_INT\s/)
-		{printf OUT "#define RC2_INT unsigned %s\n",$type[$rc2_int];}
-	elsif (/^#(define|undef)\s+BF_PTR/)
-		{
-		printf OUT "#undef BF_PTR\n" if $bf_ptr == 0;
-		printf OUT "#define BF_PTR\n" if $bf_ptr == 1;
-		printf OUT "#define BF_PTR2\n" if $bf_ptr == 2;
-	        }
-	else
-		{ print OUT $_; }
-	}
-close(IN);
-print OUT "#ifdef  __cplusplus\n";
-print OUT "}\n";
-print OUT "#endif\n";
-close(OUT);
-rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h";
-rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n";
-
-
-# Fix the date
-
-print "SIXTY_FOUR_BIT_LONG mode\n" if $b64l;
-print "SIXTY_FOUR_BIT mode\n" if $b64;
-print "THIRTY_TWO_BIT mode\n" if $b32;
-print "SIXTEEN_BIT mode\n" if $b16;
-print "EIGHT_BIT mode\n" if $b8;
-print "DES_PTR used\n" if $des_ptr;
-print "DES_RISC1 used\n" if $des_risc1;
-print "DES_RISC2 used\n" if $des_risc2;
-print "DES_UNROLL used\n" if $des_unroll;
-print "DES_INT used\n" if $des_int;
-print "BN_LLONG mode\n" if $bn_ll;
-print "RC4 uses u$type[$rc4_int]\n" if $rc4_int != $def_int;
-print "RC4_INDEX mode\n" if $rc4_idx;
-print "RC4_CHUNK is undefined\n" if $rc4_chunk==0;
-print "RC4_CHUNK is unsigned long\n" if $rc4_chunk==1;
-print "RC4_CHUNK is unsigned long long\n" if $rc4_chunk==2;
-print "MD2 uses u$type[$md2_int]\n" if $md2_int != $def_int;
-print "IDEA uses u$type[$idea_int]\n" if $idea_int != $def_int;
-print "RC2 uses u$type[$rc2_int]\n" if $rc2_int != $def_int;
-print "BF_PTR used\n" if $bf_ptr == 1; 
-print "BF_PTR2 used\n" if $bf_ptr == 2; 
-
-if($IsMK1MF) {
-	open (OUT,">crypto/buildinf.h") || die "Can't open buildinf.h";
-	printf OUT <<EOF;
-#ifndef MK1MF_BUILD
-  /* auto-generated by Configure for crypto/cversion.c:
-   * for Unix builds, crypto/Makefile.ssl generates functional definitions;
-   * Windows builds (and other mk1mf builds) compile cversion.c with
-   * -DMK1MF_BUILD and use definitions added to this file by util/mk1mf.pl. */
-  #error "Windows builds (PLATFORM=$target) use mk1mf.pl-created Makefiles"
-#endif
-EOF
-	close(OUT);
-} else {
-	my $make_command = "$make PERL=\'$perl\'";
-	my $make_targets = "";
-	$make_targets .= " links" if $symlink;
-	$make_targets .= " depend" if $depflags ne $default_depflags && $make_depend;
-	$make_targets .= " gentests" if $symlink;
-	(system $make_command.$make_targets) == 0 or exit $?
-		if $make_targets ne "";
-	if ( $perl =~ m@^/@) {
-	    &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
-	    &dofile("apps/CA.pl",$perl,'^#!/', '#!%s');
-	} else {
-	    # No path for Perl known ...
-	    &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";',  '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
-	    &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
-	}
-	if ($depflags ne $default_depflags && !$make_depend) {
-		print <<EOF;
-
-Since you've disabled or enabled at least one algorithm, you need to do
-the following before building:
-
-	make depend
-EOF
-	}
-}
-
-# create the ms/version32.rc file if needed
-if ($IsMK1MF && ($target !~ /^netware/)) {
-	my ($v1, $v2, $v3, $v4);
-	if ($version_num =~ /(^[0-9a-f]{1})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) {
-		$v1=hex $1;
-		$v2=hex $2;
-		$v3=hex $3;
-		$v4=hex $4;
-	}
-	open (OUT,">ms/version32.rc") || die "Can't open ms/version32.rc";
-	print OUT <<EOF;
-#include <winver.h>
-
-LANGUAGE 0x09,0x01
-
-1 VERSIONINFO
-  FILEVERSION $v1,$v2,$v3,$v4
-  PRODUCTVERSION $v1,$v2,$v3,$v4
-  FILEFLAGSMASK 0x3fL
-#ifdef _DEBUG
-  FILEFLAGS 0x01L
-#else
-  FILEFLAGS 0x00L
-#endif
-  FILEOS VOS__WINDOWS32
-  FILETYPE VFT_DLL
-  FILESUBTYPE 0x0L
-BEGIN
-    BLOCK "StringFileInfo"
-    BEGIN
-	BLOCK "040904b0"
-	BEGIN
-	    // Required:	    
-	    VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0"
-	    VALUE "FileDescription", "OpenSSL Shared Library\\0"
-	    VALUE "FileVersion", "$version\\0"
-#if defined(CRYPTO)
-	    VALUE "InternalName", "libeay32\\0"
-	    VALUE "OriginalFilename", "libeay32.dll\\0"
-#elif defined(SSL)
-	    VALUE "InternalName", "ssleay32\\0"
-	    VALUE "OriginalFilename", "ssleay32.dll\\0"
-#endif
-	    VALUE "ProductName", "The OpenSSL Toolkit\\0"
-	    VALUE "ProductVersion", "$version\\0"
-	    // Optional:
-	    //VALUE "Comments", "\\0"
-	    VALUE "LegalCopyright", "Copyright \xA9 1998-2005 The OpenSSL Project. Copyright \xA9 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0"
-	    //VALUE "LegalTrademarks", "\\0"
-	    //VALUE "PrivateBuild", "\\0"
-	    //VALUE "SpecialBuild", "\\0"
-	END
-    END
-    BLOCK "VarFileInfo"
-    BEGIN
-        VALUE "Translation", 0x409, 0x4b0
-    END
-END
-EOF
-	close(OUT);
-  }
-  
-print <<EOF;
-
-Configured for $target.
-EOF
-
-print <<\EOF if (!$no_threads && !$threads);
-
-The library could not be configured for supporting multi-threaded
-applications as the compiler options required on this system are not known.
-See file INSTALL for details if you need multi-threading.
-EOF
-
-print <<\EOF if ($no_shared_warn);
-
-You gave the option 'shared'.  Normally, that would give you shared libraries.
-Unfortunately, the OpenSSL configuration doesn't include shared library support
-for this platform yet, so it will pretend you gave the option 'no-shared'.  If
-you can inform the developpers (openssl-dev\@openssl.org) how to support shared
-libraries on this platform, they will at least look at it and try their best
-(but please first make sure you have tried with a current version of OpenSSL).
-EOF
-
-exit(0);
-
-sub usage
-	{
-	print STDERR $usage;
-	print STDERR "\npick os/compiler from:\n";
-	my $j=0;
-	my $i;
-        my $k=0;
-	foreach $i (sort keys %table)
-		{
-		next if $i =~ /^debug/;
-		$k += length($i) + 1;
-		if ($k > 78)
-			{
-			print STDERR "\n";
-			$k=length($i);
-			}
-		print STDERR $i . " ";
-		}
-	foreach $i (sort keys %table)
-		{
-		next if $i !~ /^debug/;
-		$k += length($i) + 1;
-		if ($k > 78)
-			{
-			print STDERR "\n";
-			$k=length($i);
-			}
-		print STDERR $i . " ";
-		}
-	print STDERR "\n\nNOTE: If in doubt, on Unix-ish systems use './config'.\n";
-	exit(1);
-	}
-
-sub which
-	{
-	my($name)=@_;
-	my $path;
-	foreach $path (split /:/, $ENV{PATH})
-		{
-		if (-f "$path/$name$exe_ext" and -x _)
-			{
-			return "$path/$name$exe_ext" unless ($name eq "perl" and
-			 system("$path/$name$exe_ext -e " . '\'exit($]<5.0);\''));
-			}
-		}
-	}
-
-sub dofile
-	{
-	my $f; my $p; my %m; my @a; my $k; my $ff;
-	($f,$p,%m)=@_;
-
-	open(IN,"<$f.in") || open(IN,"<$f") || die "unable to open $f:$!\n";
-	@a=<IN>;
-	close(IN);
-	foreach $k (keys %m)
-		{
-		grep(/$k/ && ($_=sprintf($m{$k}."\n",$p)), at a);
-		}
-	open(OUT,">$f.new") || die "unable to open $f.new:$!\n";
-	print OUT @a;
-	close(OUT);
-	rename($f,"$f.bak") || die "unable to rename $f\n" if -e $f;
-	rename("$f.new",$f) || die "unable to rename $f.new\n";
-	}
-
-sub print_table_entry
-	{
-	my $target = shift;
-
-	(my $cc,my $cflags,my $unistd,my $thread_cflag,my $sys_id,my $lflags,
-	my $bn_ops,my $cpuid_obj,my $bn_obj,my $des_obj,my $aes_obj, my $bf_obj,
-	my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj,
-	my $rc5_obj,my $wp_obj,my $cmll_obj,my $modes_obj, my $engines_obj,
-	my $perlasm_scheme,my $dso_scheme,my $shared_target,my $shared_cflag,
-	my $shared_ldflag,my $shared_extension,my $ranlib,my $arflags,my $multilib)=
-	split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
-			
-	print <<EOF
-
-*** $target
-\$cc           = $cc
-\$cflags       = $cflags
-\$unistd       = $unistd
-\$thread_cflag = $thread_cflag
-\$sys_id       = $sys_id
-\$lflags       = $lflags
-\$bn_ops       = $bn_ops
-\$cpuid_obj    = $cpuid_obj
-\$bn_obj       = $bn_obj
-\$des_obj      = $des_obj
-\$aes_obj      = $aes_obj
-\$bf_obj       = $bf_obj
-\$md5_obj      = $md5_obj
-\$sha1_obj     = $sha1_obj
-\$cast_obj     = $cast_obj
-\$rc4_obj      = $rc4_obj
-\$rmd160_obj   = $rmd160_obj
-\$rc5_obj      = $rc5_obj
-\$wp_obj       = $wp_obj
-\$cmll_obj     = $cmll_obj
-\$modes_obj    = $modes_obj
-\$engines_obj  = $engines_obj
-\$perlasm_scheme = $perlasm_scheme
-\$dso_scheme   = $dso_scheme
-\$shared_target= $shared_target
-\$shared_cflag = $shared_cflag
-\$shared_ldflag = $shared_ldflag
-\$shared_extension = $shared_extension
-\$ranlib       = $ranlib
-\$arflags      = $arflags
-\$multilib     = $multilib
-EOF
-	}
-
-sub test_sanity
-	{
-	my $errorcnt = 0;
-
-	print STDERR "=" x 70, "\n";
-	print STDERR "=== SANITY TESTING!\n";
-	print STDERR "=== No configuration will be done, all other arguments will be ignored!\n";
-	print STDERR "=" x 70, "\n";
-
-	foreach $target (sort keys %table)
-		{
-		@fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
-
-		if ($fields[$idx_dso_scheme-1] =~ /^(beos|dl|dlfcn|win32|vms)$/)
-			{
-			$errorcnt++;
-			print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] values\n";
-			print STDERR "              in the previous field\n";
-			}
-		elsif ($fields[$idx_dso_scheme+1] =~ /^(beos|dl|dlfcn|win32|vms)$/)
-			{
-			$errorcnt++;
-			print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] values\n";
-			print STDERR "              in the following field\n";
-			}
-		elsif ($fields[$idx_dso_scheme] !~ /^(beos|dl|dlfcn|win32|vms|)$/)
-			{
-			$errorcnt++;
-			print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] field = ",$fields[$idx_dso_scheme],"\n";
-			print STDERR "              valid values are 'beos', 'dl', 'dlfcn', 'win32' and 'vms'\n";
-			}
-		}
-	print STDERR "No sanity errors detected!\n" if $errorcnt == 0;
-	return $errorcnt;
-	}

Copied: vendor-crypto/openssl/1.0.1u/Configure (from rev 11605, vendor-crypto/openssl/dist/Configure)
===================================================================
--- vendor-crypto/openssl/1.0.1u/Configure	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/Configure	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,2210 @@
+:
+eval 'exec perl -S $0 ${1+"$@"}'
+    if $running_under_some_shell;
+##
+##  Configure -- OpenSSL source tree configuration script
+##
+
+require 5.000;
+use strict;
+
+# see INSTALL for instructions.
+
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
+
+# Options:
+#
+# --openssldir  install OpenSSL in OPENSSLDIR (Default: DIR/ssl if the
+#               --prefix option is given; /usr/local/ssl otherwise)
+# --prefix      prefix for the OpenSSL include, lib and bin directories
+#               (Default: the OPENSSLDIR directory)
+#
+# --install_prefix  Additional prefix for package builders (empty by
+#               default).  This needn't be set in advance, you can
+#               just as well use "make INSTALL_PREFIX=/whatever install".
+#
+# --with-krb5-dir  Declare where Kerberos 5 lives.  The libraries are expected
+#		to live in the subdirectory lib/ and the header files in
+#		include/.  A value is required.
+# --with-krb5-lib  Declare where the Kerberos 5 libraries live.  A value is
+#		required.
+#		(Default: KRB5_DIR/lib)
+# --with-krb5-include  Declare where the Kerberos 5 header files live.  A
+#		value is required.
+#		(Default: KRB5_DIR/include)
+# --with-krb5-flavor  Declare what flavor of Kerberos 5 is used.  Currently
+#		supported values are "MIT" and "Heimdal".  A value is required.
+#
+# --test-sanity Make a number of sanity checks on the data in this file.
+#               This is a debugging tool for OpenSSL developers.
+#
+# --cross-compile-prefix Add specified prefix to binutils components.
+#
+# no-hw-xxx     do not compile support for specific crypto hardware.
+#               Generic OpenSSL-style methods relating to this support
+#               are always compiled but return NULL if the hardware
+#               support isn't compiled.
+# no-hw         do not compile support for any crypto hardware.
+# [no-]threads  [don't] try to create a library that is suitable for
+#               multithreaded applications (default is "threads" if we
+#               know how to do it)
+# [no-]shared	[don't] try to create shared libraries when supported.
+# no-asm        do not use assembler
+# no-dso        do not compile in any native shared-library methods. This
+#               will ensure that all methods just return NULL.
+# no-krb5       do not compile in any KRB5 library or code.
+# [no-]zlib     [don't] compile support for zlib compression.
+# zlib-dynamic	Like "zlib", but the zlib library is expected to be a shared
+#		library and will be loaded in run-time by the OpenSSL library.
+# sctp          include SCTP support
+# 386           generate 80386 code
+# enable-weak-ssl-ciphers
+#		Enable EXPORT and LOW SSLv3 ciphers that are disabled by
+#		default.  Note, weak SSLv2 ciphers are unconditionally
+#		disabled.
+# no-sse2	disables IA-32 SSE2 code, above option implies no-sse2
+# no-<cipher>   build without specified algorithm (rsa, idea, rc5, ...)
+# -<xxx> +<xxx> compiler options are passed through 
+#
+# DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items
+#		provided to stack calls. Generates unique stack functions for
+#		each possible stack type.
+# DES_PTR	use pointer lookup vs arrays in the DES in crypto/des/des_locl.h
+# DES_RISC1	use different DES_ENCRYPT macro that helps reduce register
+#		dependancies but needs to more registers, good for RISC CPU's
+# DES_RISC2	A different RISC variant.
+# DES_UNROLL	unroll the inner DES loop, sometimes helps, somtimes hinders.
+# DES_INT	use 'int' instead of 'long' for DES_LONG in crypto/des/des.h
+#		This is used on the DEC Alpha where long is 8 bytes
+#		and int is 4
+# BN_LLONG	use the type 'long long' in crypto/bn/bn.h
+# MD2_CHAR	use 'char' instead of 'int' for MD2_INT in crypto/md2/md2.h
+# MD2_LONG	use 'long' instead of 'int' for MD2_INT in crypto/md2/md2.h
+# IDEA_SHORT	use 'short' instead of 'int' for IDEA_INT in crypto/idea/idea.h
+# IDEA_LONG	use 'long' instead of 'int' for IDEA_INT in crypto/idea/idea.h
+# RC2_SHORT	use 'short' instead of 'int' for RC2_INT in crypto/rc2/rc2.h
+# RC2_LONG	use 'long' instead of 'int' for RC2_INT in crypto/rc2/rc2.h
+# RC4_CHAR	use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
+# RC4_LONG	use 'long' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
+# RC4_INDEX	define RC4_INDEX in crypto/rc4/rc4_locl.h.  This turns on
+#		array lookups instead of pointer use.
+# RC4_CHUNK	enables code that handles data aligned at long (natural CPU
+#		word) boundary.
+# RC4_CHUNK_LL	enables code that handles data aligned at long long boundary
+#		(intended for 64-bit CPUs running 32-bit OS).
+# BF_PTR	use 'pointer arithmatic' for Blowfish (unsafe on Alpha).
+# BF_PTR2	intel specific version (generic version is more efficient).
+#
+# Following are set automatically by this script
+#
+# MD5_ASM	use some extra md5 assember,
+# SHA1_ASM	use some extra sha1 assember, must define L_ENDIAN for x86
+# RMD160_ASM	use some extra ripemd160 assember,
+# SHA256_ASM	sha256_block is implemented in assembler
+# SHA512_ASM	sha512_block is implemented in assembler
+# AES_ASM	ASE_[en|de]crypt is implemented in assembler
+
+# Minimum warning options... any contributions to OpenSSL should at least get
+# past these. 
+
+my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
+
+# Warn that "make depend" should be run?
+my $warn_make_depend = 0;
+
+my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments";
+
+my $strict_warnings = 0;
+
+my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
+
+# MD2_CHAR slags pentium pros
+my $x86_gcc_opts="RC4_INDEX MD2_INT";
+
+# MODIFY THESE PARAMETERS IF YOU ARE GOING TO USE THE 'util/speed.sh SCRIPT
+# Don't worry about these normally
+
+my $tcc="cc";
+my $tflags="-fast -Xa";
+my $tbn_mul="";
+my $tlib="-lnsl -lsocket";
+#$bits1="SIXTEEN_BIT ";
+#$bits2="THIRTY_TWO_BIT ";
+my $bits1="THIRTY_TWO_BIT ";
+my $bits2="SIXTY_FOUR_BIT ";
+
+my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o:des-586.o crypt586.o:aes-586.o vpaes-x86.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o:ghash-x86.o:";
+
+my $x86_elf_asm="$x86_asm:elf";
+
+my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o modexp512-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o:";
+my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o::void";
+my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o:des_enc-sparc.o fcrypt_b.o:aes_core.o aes_cbc.o aes-sparcv9.o:::sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o:::::::ghash-sparcv9.o::void";
+my $sparcv8_asm=":sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::::::void";
+my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o:::::sha1-alpha.o:::::::ghash-alpha.o::void";
+my $mips32_asm=":bn-mips.o::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o::::::::";
+my $mips64_asm=":bn-mips.o mips-mont.o::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o::::::::";
+my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o::aes-s390x.o aes-ctr.o aes-xts.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o:";
+my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o::aes_cbc.o aes-armv4.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o::void";
+my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::32";
+my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::64";
+my $ppc32_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o::aes_core.o aes_cbc.o aes-ppc.o:::sha1-ppc.o sha256-ppc.o::::::::";
+my $ppc64_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o::aes_core.o aes_cbc.o aes-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o::::::::";
+my $no_asm=":::::::::::::::void";
+
+# As for $BSDthreads. Idea is to maintain "collective" set of flags,
+# which would cover all BSD flavors. -pthread applies to them all, 
+# but is treated differently. OpenBSD expands is as -D_POSIX_THREAD
+# -lc_r, which is sufficient. FreeBSD 4.x expands it as -lc_r,
+# which has to be accompanied by explicit -D_THREAD_SAFE and
+# sometimes -D_REENTRANT. FreeBSD 5.x expands it as -lc_r, which
+# seems to be sufficient?
+my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";
+
+#config-string	$cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $wp_obj : $cmll_obj : $modes_obj : $engines_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags : $multilib
+
+my %table=(
+# File 'TABLE' (created by 'make TABLE') contains the data from this list,
+# formatted for better readability.
+
+
+#"b",		"${tcc}:${tflags}::${tlib}:${bits1}:${tbn_mul}::",
+#"bl-4c-2c",	"${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:${tbn_mul}::",
+#"bl-4c-ri",	"${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:${tbn_mul}::",
+#"b2-is-ri-dp",	"${tcc}:${tflags}::${tlib}:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:${tbn_mul}::",
+
+# Our development configs
+"purify",	"purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::",
+"debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::",
+"debug-ben",	"gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DDEBUG_SAFESTACK -O2 -pipe::(unknown):::::",
+"debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
+"debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
+"debug-ben-debug",	"gcc44:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O2 -pipe::(unknown)::::::",
+"debug-ben-debug-64",	"gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-ben-macos",	"cc:$gcc_devteam_warn -arch i386 -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::-Wl,-search_paths_first::::",
+"debug-ben-macos-gcc46",	"gcc-mp-4.6:$gcc_devteam_warn -Wconversion -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::::::",
+"debug-ben-darwin64","cc:$gcc_devteam_warn -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"debug-ben-no-opt",	"gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::",
+"debug-ben-strict",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
+"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-bodo",	"gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll",
+"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-geoff32","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-geoff64","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"debug-linux-x86_64-clang","clang: -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"dist",		"cc:-O::(unknown)::::::",
+
+# Basic configs that should work on any (32 and less bit) box
+"gcc",		"gcc:-O3::(unknown):::BN_LLONG:::",
+"cc",		"cc:-O::(unknown)::::::",
+
+####VOS Configurations
+"vos-gcc","gcc:-O3 -Wall -DOPENSSL_SYSNAME_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:",
+"debug-vos-gcc","gcc:-O0 -g -Wall -DOPENSSL_SYSNAME_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:",
+
+#### Solaris x86 with GNU C setups
+# -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have to do it
+# here because whenever GNU C instantiates an assembler template it
+# surrounds it with #APP #NO_APP comment pair which (at least Solaris
+# 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
+# error message.
+"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -march=pentium -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# -shared -static-libgcc might appear controversial, but modules taken
+# from static libgcc do not have relocations and linking them into our
+# shared objects doesn't have any negative side-effects. On the contrary,
+# doing so makes it possible to use gcc shared build with Sun C. Given
+# that gcc generates faster code [thanks to inline assembler], I would
+# actually recommend to consider using gcc shared build even with vendor
+# compiler:-)
+#						<appro at fy.chalmers.se>
+"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
+ 
+#### Solaris x86 with Sun C setups
+"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
+
+#### SPARC Solaris with GNU C setups
+"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-gcc","gcc:-mcpu=v8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc
+"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
+####
+"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=v8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+#### SPARC Solaris with Sun C setups
+# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
+# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
+# SC5.0 note: Compiler common patch 107357-01 or later is required!
+"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
+####
+"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
+
+#### SunOS configs, assuming sparc for the gcc one.
+#"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::",
+"sunos-gcc","gcc:-O3 -mcpu=v8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::",
+
+#### IRIX 5.x configs
+# -mips2 flag is added by ./config when appropriate.
+"irix-gcc","gcc:-O3 -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-cc", "cc:-O2 -use_readonly_const -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+#### IRIX 6.x configs
+# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
+# './Configure irix-cc -o32' manually.
+"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
+"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
+# N64 ABI builds.
+"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+
+#### Unified HP-UX ANSI C configs.
+# Special notes:
+# - Originally we were optimizing at +O4 level. It should be noted
+#   that the only difference between +O3 and +O4 is global inter-
+#   procedural analysis. As it has to be performed during the link
+#   stage the compiler leaves behind certain pseudo-code in lib*.a
+#   which might be release or even patch level specific. Generating
+#   the machine code for and analyzing the *whole* program appears
+#   to be *extremely* memory demanding while the performance gain is
+#   actually questionable. The situation is intensified by the default
+#   HP-UX data set size limit (infamous 'maxdsiz' tunable) of 64MB
+#   which is way too low for +O4. In other words, doesn't +O3 make
+#   more sense?
+# - Keep in mind that the HP compiler by default generates code
+#   suitable for execution on the host you're currently compiling at.
+#   If the toolkit is ment to be used on various PA-RISC processors
+#   consider './config +DAportable'.
+# - +DD64 is chosen in favour of +DA2.0W because it's meant to be
+#   compatible with *future* releases.
+# - If you run ./Configure hpux-parisc-[g]cc manually don't forget to
+#   pass -D_REENTRANT on HP-UX 10 and later.
+# - -DMD32_XARRAY triggers workaround for compiler bug we ran into in
+#   32-bit message digests. (For the moment of this writing) HP C
+#   doesn't seem to "digest" too many local variables (they make "him"
+#   chew forever:-). For more details look-up MD32_XARRAY comment in
+#   crypto/sha/sha_lcl.h.
+#					<appro at fy.chalmers.se>
+#
+# Since there is mention of this in shlib/hpux10-cc.sh
+"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc1_1-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${parisc11_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa1.1",
+"hpux-parisc2-gcc","gcc:-march=2.0 -O3 -DB_ENDIAN -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1:".eval{my $asm=$parisc20_asm;$asm=~s/2W\./2\./;$asm=~s/:64/:32/;$asm}.":dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_32",
+"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o::::::::::::::void:dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64",
+
+# More attempts at unified 10.X and 11.X targets for HP C compiler.
+#
+# Chris Ruemmler <ruemmler at cup.hp.com>
+# Kevin Steves <ks at hp.se>
+"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc1_1-cc","cc:+DA1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${parisc11_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa1.1",
+"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:".eval{my $asm=$parisc20_asm;$asm=~s/2W\./2\./;$asm=~s/:64/:32/;$asm}.":dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_32",
+"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${parisc20_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64",
+
+# HP/UX IA-64 targets
+"hpux-ia64-cc","cc:-Ae +DD32 +O2 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD32 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux32",
+# Frank Geurts <frank.geurts at nl.abnamro.com> has patiently assisted with
+# with debugging of the following config.
+"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux64",
+# GCC builds...
+"hpux-ia64-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux32",
+"hpux64-ia64-gcc","gcc:-mlp64 -O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-mlp64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux64", 
+
+# Legacy HPUX 9.X configs...
+"hpux-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O2 -z::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+#### HP MPE/iX http://jazz.external.hp.com/src/openssl/
+"MPE/iX-gcc",	"gcc:-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+
+# DEC Alpha OSF/1/Tru64 targets.
+#
+#	"What's in a name? That which we call a rose
+#	 By any other word would smell as sweet."
+#
+# - William Shakespeare, "Romeo & Juliet", Act II, scene II.
+#
+# For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
+#
+"osf1-alpha-gcc", "gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
+"osf1-alpha-cc",  "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
+"tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
+
+####
+#### Variety of LINUX:-)
+####
+# *-generic* is endian-neutral target, but ./config is free to
+# throw in -D[BL]_ENDIAN, whichever appropriate...
+"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ppc",	"gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# It's believed that majority of ARM toolchains predefine appropriate -march.
+# If you compiler does not, do complement config command line with one!
+"linux-armv4",	"gcc:-O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+#### IA-32 targets...
+"linux-ia32-icc",	"icc:-DL_ENDIAN -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-elf",	"gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-aout",	"gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
+####
+"linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ppc64",	"gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-ia64",	"gcc:-DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64-ecc","ecc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-x86_64",	"gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-x86_64-clang","clang: -m64 -DL_ENDIAN -O3 -Wall -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux64-s390x",	"gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+#### So called "highgprs" target for z/Architecture CPUs
+# "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
+# /proc/cpuinfo. The idea is to preserve most significant bits of
+# general purpose registers not only upon 32-bit process context
+# switch, but even on asynchronous signal delivery to such process.
+# This makes it possible to deploy 64-bit instructions even in legacy
+# application context and achieve better [or should we say adequate]
+# performance. The build is binary compatible with linux-generic32,
+# and the idea is to be able to install the resulting libcrypto.so
+# alongside generic one, e.g. as /lib/highgprs/libcrypto.so.x.y, for
+# ldconfig and run-time linker to autodiscover. Unfortunately it
+# doesn't work just yet, because of couple of bugs in glibc
+# sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1...
+"linux32-s390x",	"gcc:-m31 -Wa,-mzarch -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs",
+#### SPARC Linux setups
+# Ray Miller <ray.miller at computing-services.oxford.ac.uk> has patiently
+# assisted with debugging of following two configs.
+"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# it's a real mess with -mcpu=ultrasparc option under Linux, but
+# -Wa,-Av8plus should do the trick no matter what.
+"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# GCC 3.1 is a requirement
+"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+#### Alpha Linux with GNU C and Compaq C setups
+# Special notes:
+# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
+#   ought to run './Configure linux-alpha+bwx-gcc' manually, do
+#   complement the command line with -mcpu=ev56, -mcpu=ev6 or whatever
+#   which is appropriate.
+# - If you use ccc keep in mind that -fast implies -arch host and the
+#   compiler is free to issue instructions which gonna make elder CPU
+#   choke. If you wish to build "blended" toolkit, add -arch generic
+#   *after* -fast and invoke './Configure linux-alpha-ccc' manually.
+#
+#					<appro at fy.chalmers.se>
+#
+"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+
+# Android: linux-* but without pointers to headers and libs.
+"android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+#### *BSD [do see comment about ${BSDthreads} above!]
+"BSD-generic32","gcc:-O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-x86",	"gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-x86-elf",	"gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-BSD-x86-elf",	"gcc:-DL_ENDIAN -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-sparcv8",	"gcc:-DB_ENDIAN -O3 -mcpu=v8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+"BSD-generic64","gcc:-O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
+# simply *happens* to work around a compiler bug in gcc 3.3.3,
+# triggered by RIPEMD160 code.
+"BSD-sparc64",	"gcc:-DB_ENDIAN -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-ia64",	"gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-x86_64",	"gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+"bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+"nextstep",	"cc:-O -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
+"nextstep3.3",	"cc:-O3 -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
+
+# NCR MP-RAS UNIX ver 02.03.01
+"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl -lc89:${x86_gcc_des} ${x86_gcc_opts}:::",
+
+# QNX
+"qnx4",	"cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:",
+"QNX6",       "gcc:::::-lsocket::${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"QNX6-i386",  "gcc:-DL_ENDIAN -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+# BeOS
+"beos-x86-r5",   "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT:BEOS:-lbe -lnet:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:beos:beos-shared:-fPIC -DPIC:-shared:.so",
+"beos-x86-bone", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT:BEOS:-lbe -lbind -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:beos:beos-shared:-fPIC:-shared:.so",
+
+#### SCO/Caldera targets.
+#
+# Originally we had like unixware-*, unixware-*-pentium, unixware-*-p6, etc.
+# Now we only have blended unixware-* as it's the only one used by ./config.
+# If you want to optimize for particular microarchitecture, bypass ./config
+# and './Configure unixware-7 -Kpentium_pro' or whatever appropriate.
+# Note that not all targets include assembler support. Mostly because of
+# lack of motivation to support out-of-date platforms with out-of-date
+# compiler drivers and assemblers. Tim Rice <tim at multitalents.net> has
+# patiently assisted to debug most of it.
+#
+# UnixWare 2.0x fails destest with -O.
+"unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
+"unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
+"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# SCO 5 - Ben Laurie <ben at algroup.co.uk> says the -O breaks the SCO cc.
+"sco5-cc",  "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+#### IBM's AIX.
+"aix3-cc",  "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::",
+"aix-gcc",  "gcc:-O -DB_ENDIAN::-pthread:AIX::BN_LLONG RC4_CHAR:${ppc32_asm}:aix32:dlfcn:aix-shared::-shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X32",
+"aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64",
+# Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE
+# at build time. $OBJECT_MODE is respected at ./config stage!
+"aix-cc",   "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR:${ppc32_asm}:aix32:dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
+"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
+
+#
+# Cray T90 and similar (SDSC)
+# It's Big-endian, but the algorithms work properly when B_ENDIAN is NOT
+# defined.  The T90 ints and longs are 8 bytes long, and apparently the
+# B_ENDIAN code assumes 4 byte ints.  Fortunately, the non-B_ENDIAN and
+# non L_ENDIAN code aligns the bytes in each word correctly.
+#
+# The BIT_FIELD_LIMITS define is to avoid two fatal compiler errors:
+#'Taking the address of a bit field is not allowed. '
+#'An expression with bit field exists as the operand of "sizeof" '
+# (written by Wayne Schroeder <schroede at SDSC.EDU>)
+#
+# j90 is considered the base machine type for unicos machines,
+# so this configuration is now called "cray-j90" ...
+"cray-j90", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown):CRAY::SIXTY_FOUR_BIT_LONG DES_INT:::",
+
+#
+# Cray T3E (Research Center Juelich, beckman at acl.lanl.gov)
+#
+# The BIT_FIELD_LIMITS define was written for the C90 (it seems).  I added
+# another use.  Basically, the problem is that the T3E uses some bit fields
+# for some st_addr stuff, and then sizeof and address-of fails
+# I could not use the ams/alpha.o option because the Cray assembler, 'cam'
+# did not like it.
+"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown):CRAY::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:::",
+
+# DGUX, 88100.
+"dgux-R3-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown):::RC4_INDEX DES_UNROLL:::",
+"dgux-R4-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown)::-lnsl -lsocket:RC4_INDEX DES_UNROLL:::",
+"dgux-R4-x86-gcc",	"gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown)::-lnsl -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+
+# Sinix/ReliantUNIX RM400
+# NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g  */
+"ReliantUNIX","cc:-KPIC -g -DTERMIOS -DB_ENDIAN::-Kthread:SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${no_asm}:dlfcn:reliantunix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"SINIX","cc:-O::(unknown):SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:RC4_INDEX RC4_CHAR:::",
+"SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown)::-lucb:RC4_INDEX RC4_CHAR:::",
+
+# SIEMENS BS2000/OSD: an EBCDIC-based mainframe
+"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
+
+# OS/390 Unix an EBCDIC-based Unix system on IBM mainframe
+# You need to compile using the c89.sh wrapper in the tools directory, because the
+# IBM compiler does not like the -L switch after any object modules.
+#
+"OS390-Unix","c89.sh:-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H  -D_ALL_SOURCE::(unknown):::THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
+
+# Visual C targets
+#
+# Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64
+"VC-WIN64I","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o ia64-mont.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32",
+"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32",
+"debug-VC-WIN64I","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32",
+"debug-VC-WIN64A","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32",
+# x86 Win32 target defaults to ANSI API, if you want UNICODE, complement
+# 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE'
+"VC-WIN32","cl:-W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
+# Unified CE target
+"debug-VC-WIN32","cl:-W3 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
+"VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
+
+# Borland C++ 4.5
+"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm}:win32",
+
+# MinGW
+"mingw", "gcc:-mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall::-D_MT:MINGW32:-lws2_32 -lgdi32 -lcrypt32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_asm}:coff:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin:.dll.a",
+# As for OPENSSL_USE_APPLINK. Applink makes it possible to use .dll
+# compiled with one compiler with application compiled with another
+# compiler. It's possible to engage Applink support in mingw64 build,
+# but it's not done, because till mingw64 supports structured exception
+# handling, one can't seriously consider its binaries for using with
+# non-mingw64 run-time environment. And as mingw64 is always consistent
+# with itself, Applink is never engaged and can as well be omitted.
+"mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a",
+
+# UWIN 
+"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
+
+# Cygwin
+"Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
+"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
+"debug-Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32:::${no_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
+
+# NetWare from David Ward (dsward at novell.com)
+# requires either MetroWerks NLM development tools, or gcc / nlmconv
+# NetWare defaults socket bio to WinSock sockets. However,
+# the builds can be configured to use BSD sockets instead.
+# netware-clib => legacy CLib c-runtime support
+"netware-clib", "mwccnlm::::::${x86_gcc_opts}::",
+"netware-clib-bsdsock", "mwccnlm::::::${x86_gcc_opts}::",
+"netware-clib-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -I/ndk/ws295sdk/include -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYSNAME_NETWARE -O2 -Wall:::::${x86_gcc_opts}::",
+"netware-clib-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -DNETWARE_BSDSOCK -DNETDB_USE_INTERNET -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYSNAME_NETWARE -O2 -Wall:::::${x86_gcc_opts}::",
+# netware-libc => LibC/NKS support
+"netware-libc", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::",
+"netware-libc-bsdsock", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::",
+"netware-libc-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::",
+"netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::",
+
+# DJGPP
+"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:",
+
+# Ultrix from Bernhard Simon <simon at zid.tuwien.ac.at>
+"ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::",
+"ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown):::BN_LLONG::::",
+# K&R C is no longer supported; you need gcc on old Ultrix installations
+##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown):::::::",
+
+##### MacOS X (a.k.a. Rhapsody or Darwin) setup
+"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}::",
+"darwin-ppc-cc","cc:-arch ppc -O3 -DB_ENDIAN -Wa,-force_cpusubtype_ALL::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc64_asm}:osx64:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:".eval{my $asm=$x86_asm;$asm=~s/cast\-586\.o//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+# iPhoneOS/iOS
+"iphoneos-cross","llvm-gcc:-O3 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fomit-frame-pointer -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+
+##### A/UX
+"aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
+
+##### Sony NEWS-OS 4.x
+"newsos4-gcc","gcc:-O -DB_ENDIAN::(unknown):NEWS4:-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
+
+##### GNU Hurd
+"hurd-x86",  "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
+
+##### OS/2 EMX
+"OS2-EMX", "gcc::::::::",
+
+##### VxWorks for various targets
+"vxworks-ppc60x","ccppc:-D_REENTRANT -mrtp -mhard-float -mstrict-align -fno-implicit-fp -DPPC32_fp60x -O2 -fstrength-reduce -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip:::VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/common:::::",
+"vxworks-ppcgen","ccppc:-D_REENTRANT -mrtp -msoft-float -mstrict-align -O1 -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip:::VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/sfcommon:::::",
+"vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
+"vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::",
+"vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::",
+"vxworks-ppc860","ccppc:-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
+"vxworks-simlinux","ccpentium:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DL_ENDIAN -DCPU=SIMLINUX -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/h -I\$(WIND_BASE)/target/h/wrn/coreip -DOPENSSL_NO_HW_PADLOCK:::VXWORKS:-r::${no_asm}::::::ranlibpentium:",
+"vxworks-mips","ccmips:-mrtp -mips2 -O -G 0 -B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DCPU=MIPS32 -msoft-float -mno-branch-likely -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/h/wrn/coreip::-D_REENTRANT:VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/mips/MIPSI32/sfcommon::${mips32_asm}:o32::::::ranlibmips:",
+
+##### Compaq Non-Stop Kernel (Tandem)
+"tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::",
+
+# uClinux
+"uClinux-dist","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):BN_LLONG:${no_asm}:$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::",
+"uClinux-dist64","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):SIXTY_FOUR_BIT_LONG:${no_asm}:$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::",
+
+);
+
+my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A
+		    debug-VC-WIN64I debug-VC-WIN64A
+		    VC-NT VC-CE VC-WIN32 debug-VC-WIN32
+		    BC-32 
+		    netware-clib netware-clib-bsdsock
+		    netware-libc netware-libc-bsdsock);
+
+my $idx = 0;
+my $idx_cc = $idx++;
+my $idx_cflags = $idx++;
+my $idx_unistd = $idx++;
+my $idx_thread_cflag = $idx++;
+my $idx_sys_id = $idx++;
+my $idx_lflags = $idx++;
+my $idx_bn_ops = $idx++;
+my $idx_cpuid_obj = $idx++;
+my $idx_bn_obj = $idx++;
+my $idx_des_obj = $idx++;
+my $idx_aes_obj = $idx++;
+my $idx_bf_obj = $idx++;
+my $idx_md5_obj = $idx++;
+my $idx_sha1_obj = $idx++;
+my $idx_cast_obj = $idx++;
+my $idx_rc4_obj = $idx++;
+my $idx_rmd160_obj = $idx++;
+my $idx_rc5_obj = $idx++;
+my $idx_wp_obj = $idx++;
+my $idx_cmll_obj = $idx++;
+my $idx_modes_obj = $idx++;
+my $idx_engines_obj = $idx++;
+my $idx_perlasm_scheme = $idx++;
+my $idx_dso_scheme = $idx++;
+my $idx_shared_target = $idx++;
+my $idx_shared_cflag = $idx++;
+my $idx_shared_ldflag = $idx++;
+my $idx_shared_extension = $idx++;
+my $idx_ranlib = $idx++;
+my $idx_arflags = $idx++;
+my $idx_multilib = $idx++;
+
+my $prefix="";
+my $libdir="";
+my $openssldir="";
+my $exe_ext="";
+my $install_prefix= "$ENV{'INSTALL_PREFIX'}";
+my $cross_compile_prefix="";
+my $fipsdir="/usr/local/ssl/fips-2.0";
+my $fipslibdir="";
+my $baseaddr="0xFB00000";
+my $no_threads=0;
+my $threads=0;
+my $no_shared=0; # but "no-shared" is default
+my $zlib=1;      # but "no-zlib" is default
+my $no_krb5=0;   # but "no-krb5" is implied unless "--with-krb5-..." is used
+my $no_rfc3779=1; # but "no-rfc3779" is default
+my $no_asm=0;
+my $no_dso=0;
+my $no_gmp=0;
+my @skip=();
+my $Makefile="Makefile";
+my $des_locl="crypto/des/des_locl.h";
+my $des	="crypto/des/des.h";
+my $bn	="crypto/bn/bn.h";
+my $md2	="crypto/md2/md2.h";
+my $rc4	="crypto/rc4/rc4.h";
+my $rc4_locl="crypto/rc4/rc4_locl.h";
+my $idea	="crypto/idea/idea.h";
+my $rc2	="crypto/rc2/rc2.h";
+my $bf	="crypto/bf/bf_locl.h";
+my $bn_asm	="bn_asm.o";
+my $des_enc="des_enc.o fcrypt_b.o";
+my $aes_enc="aes_core.o aes_cbc.o";
+my $bf_enc	="bf_enc.o";
+my $cast_enc="c_enc.o";
+my $rc4_enc="rc4_enc.o rc4_skey.o";
+my $rc5_enc="rc5_enc.o";
+my $md5_obj="";
+my $sha1_obj="";
+my $rmd160_obj="";
+my $cmll_enc="camellia.o cmll_misc.o cmll_cbc.o";
+my $processor="";
+my $default_ranlib;
+my $perl;
+my $fips=0;
+
+if (exists $ENV{FIPSDIR})
+	{
+	$fipsdir = $ENV{FIPSDIR};
+	$fipsdir =~ s/\/$//;
+	}
+
+# All of the following is disabled by default (RC5 was enabled before 0.9.8):
+
+my %disabled = ( # "what"         => "comment" [or special keyword "experimental"]
+		 "ec_nistp_64_gcc_128" => "default",
+		 "gmp"		  => "default",
+		 "jpake"          => "experimental",
+		 "md2"            => "default",
+		 "rc5"            => "default",
+		 "rfc3779"	  => "default",
+		 "sctp"           => "default",
+		 "shared"         => "default",
+		 "ssl2"           => "default",
+		 "store"	  => "experimental",
+		 "unit-test"	  => "default",
+		 "weak-ssl-ciphers" => "default",
+		 "zlib"           => "default",
+		 "zlib-dynamic"   => "default"
+	       );
+my @experimental = ();
+
+# This is what $depflags will look like with the above defaults
+# (we need this to see if we should advise the user to run "make depend"):
+my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS";
+
+# Explicit "no-..." options will be collected in %disabled along with the defaults.
+# To remove something from %disabled, use "enable-foo" (unless it's experimental).
+# For symmetry, "disable-foo" is a synonym for "no-foo".
+
+# For features called "experimental" here, a more explicit "experimental-foo" is needed to enable.
+# We will collect such requests in @experimental.
+# To avoid accidental use of experimental features, applications will have to use -DOPENSSL_EXPERIMENTAL_FOO.
+
+
+my $no_sse2=0;
+
+&usage if ($#ARGV < 0);
+
+my $flags;
+my $depflags;
+my $openssl_experimental_defines;
+my $openssl_algorithm_defines;
+my $openssl_thread_defines;
+my $openssl_sys_defines="";
+my $openssl_other_defines;
+my $libs;
+my $libkrb5="";
+my $target;
+my $options;
+my $symlink;
+my $make_depend=0;
+my %withargs=();
+
+my @argvcopy=@ARGV;
+my $argvstring="";
+my $argv_unprocessed=1;
+
+while($argv_unprocessed)
+	{
+	$flags="";
+	$depflags="";
+	$openssl_experimental_defines="";
+	$openssl_algorithm_defines="";
+	$openssl_thread_defines="";
+	$openssl_sys_defines="";
+	$openssl_other_defines="";
+	$libs="";
+	$target="";
+	$options="";
+	$symlink=1;
+
+	$argv_unprocessed=0;
+	$argvstring=join(' ', at argvcopy);
+
+PROCESS_ARGS:
+	foreach (@argvcopy)
+		{
+		s /^-no-/no-/; # some people just can't read the instructions
+
+		# rewrite some options in "enable-..." form
+		s /^-?-?shared$/enable-shared/;
+		s /^sctp$/enable-sctp/;
+		s /^threads$/enable-threads/;
+		s /^zlib$/enable-zlib/;
+		s /^zlib-dynamic$/enable-zlib-dynamic/;
+
+		if (/^no-(.+)$/ || /^disable-(.+)$/)
+			{
+			if (!($disabled{$1} eq "experimental"))
+				{
+				if ($1 eq "ssl")
+					{
+					$disabled{"ssl2"} = "option(ssl)";
+					$disabled{"ssl3"} = "option(ssl)";
+					}
+				elsif ($1 eq "tls")
+					{
+					$disabled{"tls1"} = "option(tls)"
+					}
+				elsif ($1 eq "ssl3-method")
+					{
+					$disabled{"ssl3-method"} = "option(ssl)";
+					$disabled{"ssl3"} = "option(ssl)";
+					}
+				else
+					{
+					$disabled{$1} = "option";
+					}
+				}			
+			}
+		elsif (/^enable-(.+)$/ || /^experimental-(.+)$/)
+			{
+			my $algo = $1;
+			if ($disabled{$algo} eq "experimental")
+				{
+				die "You are requesting an experimental feature; please say 'experimental-$algo' if you are sure\n"
+					unless (/^experimental-/);
+				push @experimental, $algo;
+				}
+			delete $disabled{$algo};
+
+			$threads = 1 if ($algo eq "threads");
+			}
+		elsif (/^--test-sanity$/)
+			{
+			exit(&test_sanity());
+			}
+		elsif (/^--strict-warnings/)
+			{
+			$strict_warnings = 1;
+			}
+		elsif (/^reconfigure/ || /^reconf/)
+			{
+			if (open(IN,"<$Makefile"))
+				{
+				while (<IN>)
+					{
+					chomp;
+					if (/^CONFIGURE_ARGS=(.*)/)
+						{
+						$argvstring=$1;
+						@argvcopy=split(' ',$argvstring);
+						die "Incorrect data to reconfigure, please do a normal configuration\n"
+							if (grep(/^reconf/, at argvcopy));
+						print "Reconfiguring with: $argvstring\n";
+						$argv_unprocessed=1;
+						close(IN);
+						last PROCESS_ARGS;
+						}
+					}
+				close(IN);
+				}
+			die "Insufficient data to reconfigure, please do a normal configuration\n";
+			}
+		elsif (/^386$/)
+			{ $processor=386; }
+		elsif (/^fips$/)
+			{
+			$fips=1;
+			}
+		elsif (/^rsaref$/)
+			{
+			# No RSAref support any more since it's not needed.
+			# The check for the option is there so scripts aren't
+			# broken
+			}
+		elsif (/^[-+]/)
+			{
+			if (/^-[lL](.*)$/ or /^-Wl,/)
+				{
+				$libs.=$_." ";
+				}
+			elsif (/^-[^-]/ or /^\+/)
+				{
+				$_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei;
+				$flags.=$_." ";
+				}
+			elsif (/^--prefix=(.*)$/)
+				{
+				$prefix=$1;
+				}
+			elsif (/^--libdir=(.*)$/)
+				{
+				$libdir=$1;
+				}
+			elsif (/^--openssldir=(.*)$/)
+				{
+				$openssldir=$1;
+				}
+			elsif (/^--install.prefix=(.*)$/)
+				{
+				$install_prefix=$1;
+				}
+			elsif (/^--with-krb5-(dir|lib|include|flavor)=(.*)$/)
+				{
+				$withargs{"krb5-".$1}=$2;
+				}
+			elsif (/^--with-zlib-lib=(.*)$/)
+				{
+				$withargs{"zlib-lib"}=$1;
+				}
+			elsif (/^--with-zlib-include=(.*)$/)
+				{
+				$withargs{"zlib-include"}="-I$1";
+				}
+			elsif (/^--with-fipsdir=(.*)$/)
+				{
+				$fipsdir="$1";
+				}
+			elsif (/^--with-fipslibdir=(.*)$/)
+				{
+				$fipslibdir="$1";
+				}
+			elsif (/^--with-baseaddr=(.*)$/)
+				{
+				$baseaddr="$1";
+				}
+			elsif (/^--cross-compile-prefix=(.*)$/)
+				{
+				$cross_compile_prefix=$1;
+				}
+			else
+				{
+				print STDERR $usage;
+				exit(1);
+				}
+			}
+		elsif ($_ =~ /^([^:]+):(.+)$/)
+			{
+			eval "\$table{\$1} = \"$2\""; # allow $xxx constructs in the string
+			$target=$1;
+			}
+		else
+			{
+			die "target already defined - $target (offending arg: $_)\n" if ($target ne "");
+			$target=$_;
+			}
+
+		unless ($_ eq $target || /^no-/ || /^disable-/)
+			{
+			# "no-..." follows later after implied disactivations
+			# have been derived.  (Don't take this too seroiusly,
+			# we really only write OPTIONS to the Makefile out of
+			# nostalgia.)
+
+			if ($options eq "")
+				{ $options = $_; }
+			else
+				{ $options .= " ".$_; }
+			}
+		}
+	}
+
+
+
+if ($processor eq "386")
+	{
+	$disabled{"sse2"} = "forced";
+	}
+
+if (!defined($withargs{"krb5-flavor"}) || $withargs{"krb5-flavor"} eq "")
+	{
+	$disabled{"krb5"} = "krb5-flavor not specified";
+	}
+
+if (!defined($disabled{"zlib-dynamic"}))
+	{
+	# "zlib-dynamic" was specifically enabled, so enable "zlib"
+	delete $disabled{"zlib"};
+	}
+
+if (defined($disabled{"rijndael"}))
+	{
+	$disabled{"aes"} = "forced";
+	}
+if (defined($disabled{"des"}))
+	{
+	$disabled{"mdc2"} = "forced";
+	}
+if (defined($disabled{"ec"}))
+	{
+	$disabled{"ecdsa"} = "forced";
+	$disabled{"ecdh"} = "forced";
+	}
+
+# SSL 2.0 requires MD5 and RSA
+if (defined($disabled{"md5"}) || defined($disabled{"rsa"}))
+	{
+	$disabled{"ssl2"} = "forced";
+	}
+
+if ($fips && $fipslibdir eq "")
+	{
+	$fipslibdir = $fipsdir . "/lib/";
+	}
+
+# RSAX ENGINE sets default non-FIPS RSA method.
+if ($fips)
+	{
+	$disabled{"rsax"} = "forced";
+	}
+
+# SSL 3.0 and TLS requires MD5 and SHA and either RSA or DSA+DH
+if (defined($disabled{"md5"}) || defined($disabled{"sha"})
+    || (defined($disabled{"rsa"})
+        && (defined($disabled{"dsa"}) || defined($disabled{"dh"}))))
+	{
+	$disabled{"ssl3"} = "forced";
+	$disabled{"tls1"} = "forced";
+	}
+
+if (defined($disabled{"tls1"}))
+	{
+	$disabled{"tlsext"} = "forced";
+	}
+
+if (defined($disabled{"ec"}) || defined($disabled{"dsa"})
+    || defined($disabled{"dh"}))
+	{
+	$disabled{"gost"} = "forced";
+	}
+
+# SRP and HEARTBEATS require TLSEXT
+if (defined($disabled{"tlsext"}))
+	{
+	$disabled{"srp"} = "forced";
+	$disabled{"heartbeats"} = "forced";
+	}
+
+if ($target eq "TABLE") {
+	foreach $target (sort keys %table) {
+		print_table_entry($target);
+	}
+	exit 0;
+}
+
+if ($target eq "LIST") {
+	foreach (sort keys %table) {
+		print;
+		print "\n";
+	}
+	exit 0;
+}
+
+if ($target =~ m/^CygWin32(-.*)$/) {
+	$target = "Cygwin".$1;
+}
+
+print "Configuring for $target\n";
+
+&usage if (!defined($table{$target}));
+
+
+foreach (sort (keys %disabled))
+	{
+	$options .= " no-$_";
+
+	printf "    no-%-12s %-10s", $_, "[$disabled{$_}]";
+
+	if (/^dso$/)
+		{ $no_dso = 1; }
+	elsif (/^threads$/)
+		{ $no_threads = 1; }
+	elsif (/^shared$/)
+		{ $no_shared = 1; }
+	elsif (/^zlib$/)
+		{ $zlib = 0; }
+	elsif (/^static-engine$/)
+		{ }
+	elsif (/^zlib-dynamic$/)
+		{ }
+	elsif (/^symlinks$/)
+		{ $symlink = 0; }
+	elsif (/^sse2$/)
+		{ $no_sse2 = 1; }
+	else
+		{
+		my ($ALGO, $algo);
+		($ALGO = $algo = $_) =~ tr/[\-a-z]/[_A-Z]/;
+
+		if (/^asm$/ || /^err$/ || /^hw$/ || /^hw-/)
+			{
+			$openssl_other_defines .= "#define OPENSSL_NO_$ALGO\n";
+			print " OPENSSL_NO_$ALGO";
+		
+			if (/^err$/)	{ $flags .= "-DOPENSSL_NO_ERR "; }
+			elsif (/^asm$/)	{ $no_asm = 1; }
+			}
+		else
+			{
+			$openssl_algorithm_defines .= "#define OPENSSL_NO_$ALGO\n";
+			print " OPENSSL_NO_$ALGO";
+
+			if (/^krb5$/)
+				{ $no_krb5 = 1; }
+			else
+				{
+				push @skip, $algo;
+				# fix-up crypto/directory name(s)
+				@skip[$#skip]="whrlpool" if $algo eq "whirlpool";
+				print " (skip dir)";
+
+				$depflags .= " -DOPENSSL_NO_$ALGO";
+				}
+			}
+		}
+
+	print "\n";
+	}
+
+my $exp_cflags = "";
+foreach (sort @experimental)
+	{
+	my $ALGO;
+	($ALGO = $_) =~ tr/[a-z]/[A-Z]/;
+
+	# opensslconf.h will set OPENSSL_NO_... unless OPENSSL_EXPERIMENTAL_... is defined
+	$openssl_experimental_defines .= "#define OPENSSL_NO_$ALGO\n";
+	$exp_cflags .= " -DOPENSSL_EXPERIMENTAL_$ALGO";
+	}
+
+my $IsMK1MF=scalar grep /^$target$/, at MK1MF_Builds;
+
+$exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target =~ /^mingw/);
+$exe_ext=".nlm" if ($target =~ /netware/);
+$exe_ext=".pm"  if ($target =~ /vos/);
+$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
+$prefix=$openssldir if $prefix eq "";
+
+$default_ranlib= &which("ranlib") or $default_ranlib="true";
+$perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
+  or $perl="perl";
+my $make = $ENV{'MAKE'} || "make";
+
+$cross_compile_prefix=$ENV{'CROSS_COMPILE'} if $cross_compile_prefix eq "";
+
+chop $openssldir if $openssldir =~ /\/$/;
+chop $prefix if $prefix =~ /.\/$/;
+
+$openssldir=$prefix . "/ssl" if $openssldir eq "";
+$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
+
+
+print "IsMK1MF=$IsMK1MF\n";
+
+my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
+my $cc = $fields[$idx_cc];
+# Allow environment CC to override compiler...
+if($ENV{CC}) {
+    $cc = $ENV{CC};
+}
+my $cflags = $fields[$idx_cflags];
+my $unistd = $fields[$idx_unistd];
+my $thread_cflag = $fields[$idx_thread_cflag];
+my $sys_id = $fields[$idx_sys_id];
+my $lflags = $fields[$idx_lflags];
+my $bn_ops = $fields[$idx_bn_ops];
+my $cpuid_obj = $fields[$idx_cpuid_obj];
+my $bn_obj = $fields[$idx_bn_obj];
+my $des_obj = $fields[$idx_des_obj];
+my $aes_obj = $fields[$idx_aes_obj];
+my $bf_obj = $fields[$idx_bf_obj];
+my $md5_obj = $fields[$idx_md5_obj];
+my $sha1_obj = $fields[$idx_sha1_obj];
+my $cast_obj = $fields[$idx_cast_obj];
+my $rc4_obj = $fields[$idx_rc4_obj];
+my $rmd160_obj = $fields[$idx_rmd160_obj];
+my $rc5_obj = $fields[$idx_rc5_obj];
+my $wp_obj = $fields[$idx_wp_obj];
+my $cmll_obj = $fields[$idx_cmll_obj];
+my $modes_obj = $fields[$idx_modes_obj];
+my $engines_obj = $fields[$idx_engines_obj];
+my $perlasm_scheme = $fields[$idx_perlasm_scheme];
+my $dso_scheme = $fields[$idx_dso_scheme];
+my $shared_target = $fields[$idx_shared_target];
+my $shared_cflag = $fields[$idx_shared_cflag];
+my $shared_ldflag = $fields[$idx_shared_ldflag];
+my $shared_extension = $fields[$idx_shared_extension];
+my $ranlib = $ENV{'RANLIB'} || $fields[$idx_ranlib];
+my $ar = $ENV{'AR'} || "ar";
+my $arflags = $fields[$idx_arflags];
+my $multilib = $fields[$idx_multilib];
+
+# if $prefix/lib$multilib is not an existing directory, then
+# assume that it's not searched by linker automatically, in
+# which case adding $multilib suffix causes more grief than
+# we're ready to tolerate, so don't...
+$multilib="" if !-d "$prefix/lib$multilib";
+
+$libdir="lib$multilib" if $libdir eq "";
+
+$cflags = "$cflags$exp_cflags";
+
+# '%' in $lflags is used to split flags to "pre-" and post-flags
+my ($prelflags,$postlflags)=split('%',$lflags);
+if (defined($postlflags))	{ $lflags=$postlflags;	}
+else				{ $lflags=$prelflags; undef $prelflags;	}
+
+if ($target =~ /^mingw/ && `$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m)
+	{
+	$cflags =~ s/\-mno\-cygwin\s*//;
+	$shared_ldflag =~ s/\-mno\-cygwin\s*//;
+	}
+
+my $no_shared_warn=0;
+my $no_user_cflags=0;
+
+if ($flags ne "")	{ $cflags="$flags$cflags"; }
+else			{ $no_user_cflags=1;       }
+
+# Kerberos settings.  The flavor must be provided from outside, either through
+# the script "config" or manually.
+if (!$no_krb5)
+	{
+	my ($lresolv, $lpath, $lext);
+	if ($withargs{"krb5-flavor"} =~ /^[Hh]eimdal$/)
+		{
+		die "Sorry, Heimdal is currently not supported\n";
+		}
+	##### HACK to force use of Heimdal.
+	##### WARNING: Since we don't really have adequate support for Heimdal,
+	#####          using this will break the build.  You'll have to make
+	#####          changes to the source, and if you do, please send
+	#####          patches to openssl-dev at openssl.org
+	if ($withargs{"krb5-flavor"} =~ /^force-[Hh]eimdal$/)
+		{
+		warn "Heimdal isn't really supported.  Your build WILL break\n";
+		warn "If you fix the problems, please send a patch to openssl-dev\@openssl.org\n";
+		$withargs{"krb5-dir"} = "/usr/heimdal"
+			if $withargs{"krb5-dir"} eq "";
+		$withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}.
+			"/lib -lgssapi -lkrb5 -lcom_err"
+			if $withargs{"krb5-lib"} eq "" && !$IsMK1MF;
+		$cflags="-DKRB5_HEIMDAL $cflags";
+		}
+	if ($withargs{"krb5-flavor"} =~ /^[Mm][Ii][Tt]/)
+		{
+		$withargs{"krb5-dir"} = "/usr/kerberos"
+			if $withargs{"krb5-dir"} eq "";
+		$withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}.
+			"/lib -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto"
+			if $withargs{"krb5-lib"} eq "" && !$IsMK1MF;
+		$cflags="-DKRB5_MIT $cflags";
+		$withargs{"krb5-flavor"} =~ s/^[Mm][Ii][Tt][._-]*//;
+		if ($withargs{"krb5-flavor"} =~ /^1[._-]*[01]/)
+			{
+			$cflags="-DKRB5_MIT_OLD11 $cflags";
+			}
+		}
+	LRESOLV:
+	foreach $lpath ("/lib", "/usr/lib")
+		{
+		foreach $lext ("a", "so")
+			{
+			$lresolv = "$lpath/libresolv.$lext";
+			last LRESOLV	if (-r "$lresolv");
+			$lresolv = "";
+			}
+		}
+	$withargs{"krb5-lib"} .= " -lresolv"
+		if ("$lresolv" ne "");
+	$withargs{"krb5-include"} = "-I".$withargs{"krb5-dir"}."/include"
+		if $withargs{"krb5-include"} eq "" &&
+		   $withargs{"krb5-dir"} ne "";
+	}
+
+# The DSO code currently always implements all functions so that no
+# applications will have to worry about that from a compilation point
+# of view. However, the "method"s may return zero unless that platform
+# has support compiled in for them. Currently each method is enabled
+# by a define "DSO_<name>" ... we translate the "dso_scheme" config
+# string entry into using the following logic;
+my $dso_cflags;
+if (!$no_dso && $dso_scheme ne "")
+	{
+	$dso_scheme =~ tr/[a-z]/[A-Z]/;
+	if ($dso_scheme eq "DLFCN")
+		{
+		$dso_cflags = "-DDSO_DLFCN -DHAVE_DLFCN_H";
+		}
+	elsif ($dso_scheme eq "DLFCN_NO_H")
+		{
+		$dso_cflags = "-DDSO_DLFCN";
+		}
+	else
+		{
+		$dso_cflags = "-DDSO_$dso_scheme";
+		}
+	$cflags = "$dso_cflags $cflags";
+	}
+
+my $thread_cflags;
+my $thread_defines;
+if ($thread_cflag ne "(unknown)" && !$no_threads)
+	{
+	# If we know how to do it, support threads by default.
+	$threads = 1;
+	}
+if ($thread_cflag eq "(unknown)" && $threads)
+	{
+	# If the user asked for "threads", [s]he is also expected to
+	# provide any system-dependent compiler options that are
+	# necessary.
+	if ($no_user_cflags)
+		{
+		print "You asked for multi-threading support, but didn't\n";
+		print "provide any system-specific compiler options\n";
+		exit(1);
+		}
+	$thread_cflags="-DOPENSSL_THREADS $cflags" ;
+	$thread_defines .= "#define OPENSSL_THREADS\n";
+	}
+else
+	{
+	$thread_cflags="-DOPENSSL_THREADS $thread_cflag $cflags";
+	$thread_defines .= "#define OPENSSL_THREADS\n";
+#	my $def;
+#	foreach $def (split ' ',$thread_cflag)
+#		{
+#		if ($def =~ s/^-D// && $def !~ /^_/)
+#			{
+#			$thread_defines .= "#define $def\n";
+#			}
+#		}
+	}	
+
+$lflags="$libs$lflags" if ($libs ne "");
+
+if ($no_asm)
+	{
+	$cpuid_obj=$bn_obj=
+	$des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=$cmll_obj=
+	$modes_obj=$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=$engines_obj="";
+	}
+
+if (!$no_shared)
+	{
+	$cast_obj="";	# CAST assembler is not PIC
+	}
+
+if ($threads)
+	{
+	$cflags=$thread_cflags;
+	$openssl_thread_defines .= $thread_defines;
+	}
+
+if ($zlib)
+	{
+	$cflags = "-DZLIB $cflags";
+	if (defined($disabled{"zlib-dynamic"}))
+		{
+		if (defined($withargs{"zlib-lib"}))
+			{
+			$lflags = "$lflags -L" . $withargs{"zlib-lib"} . " -lz";
+			}
+		else
+			{
+			$lflags = "$lflags -lz";
+			}
+		}
+	else
+		{
+		$cflags = "-DZLIB_SHARED $cflags";
+		}
+	}
+
+# You will find shlib_mark1 and shlib_mark2 explained in Makefile.org
+my $shared_mark = "";
+if ($shared_target eq "")
+	{
+	$no_shared_warn = 1 if !$no_shared;
+	$no_shared = 1;
+	}
+if (!$no_shared)
+	{
+	if ($shared_cflag ne "")
+		{
+		$cflags = "$shared_cflag -DOPENSSL_PIC $cflags";
+		}
+	}
+
+if (!$IsMK1MF)
+	{
+	# add {no-}static-engine to options to allow mkdef.pl to work without extra arguments
+	if ($no_shared)
+		{
+		$openssl_other_defines.="#define OPENSSL_NO_DYNAMIC_ENGINE\n";
+		$options.=" static-engine";
+		}
+	else
+		{
+		$openssl_other_defines.="#define OPENSSL_NO_STATIC_ENGINE\n";
+		$options.=" no-static-engine";
+		}
+	}
+
+$cpuid_obj.=" uplink.o uplink-x86.o" if ($cflags =~ /\-DOPENSSL_USE_APPLINK/);
+
+#
+# Platform fix-ups
+#
+if ($target =~ /\-icc$/)	# Intel C compiler
+	{
+	my $iccver=0;
+	if (open(FD,"$cc -V 2>&1 |"))
+		{
+		while(<FD>) { $iccver=$1 if (/Version ([0-9]+)\./); }
+		close(FD);
+		}
+	if ($iccver>=8)
+		{
+		# Eliminate unnecessary dependency from libirc.a. This is
+		# essential for shared library support, as otherwise
+		# apps/openssl can end up in endless loop upon startup...
+		$cflags.=" -Dmemcpy=__builtin_memcpy -Dmemset=__builtin_memset";
+		}
+	if ($iccver>=9)
+		{
+		$cflags.=" -i-static";
+		$cflags=~s/\-no_cpprt/-no-cpprt/;
+		}
+	if ($iccver>=10)
+		{
+		$cflags=~s/\-i\-static/-static-intel/;
+		}
+	}
+
+# Unlike other OSes (like Solaris, Linux, Tru64, IRIX) BSD run-time
+# linkers (tested OpenBSD, NetBSD and FreeBSD) "demand" RPATH set on
+# .so objects. Apparently application RPATH is not global and does
+# not apply to .so linked with other .so. Problem manifests itself
+# when libssl.so fails to load libcrypto.so. One can argue that we
+# should engrave this into Makefile.shared rules or into BSD-* config
+# lines above. Meanwhile let's try to be cautious and pass -rpath to
+# linker only when --prefix is not /usr.
+if ($target =~ /^BSD\-/)
+	{
+	$shared_ldflag.=" -Wl,-rpath,\$\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
+	}
+
+if ($sys_id ne "")
+	{
+	#$cflags="-DOPENSSL_SYSNAME_$sys_id $cflags";
+	$openssl_sys_defines="#define OPENSSL_SYSNAME_$sys_id\n";
+	}
+
+if ($ranlib eq "")
+	{
+	$ranlib = $default_ranlib;
+	}
+
+#my ($bn1)=split(/\s+/,$bn_obj);
+#$bn1 = "" unless defined $bn1;
+#$bn1=$bn_asm unless ($bn1 =~ /\.o$/);
+#$bn_obj="$bn1";
+
+$cpuid_obj="" if ($processor eq "386");
+
+$bn_obj = $bn_asm unless $bn_obj ne "";
+# bn-586 is the only one implementing bn_*_part_words
+$cflags.=" -DOPENSSL_BN_ASM_PART_WORDS" if ($bn_obj =~ /bn-586/);
+$cflags.=" -DOPENSSL_IA32_SSE2" if (!$no_sse2 && $bn_obj =~ /86/);
+
+$cflags.=" -DOPENSSL_BN_ASM_MONT" if ($bn_obj =~ /-mont/);
+$cflags.=" -DOPENSSL_BN_ASM_MONT5" if ($bn_obj =~ /-mont5/);
+$cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($bn_obj =~ /-gf2m/);
+
+if ($fips)
+	{
+	$openssl_other_defines.="#define OPENSSL_FIPS\n";
+	$cflags .= " -I\$(FIPSDIR)/include";
+	}
+
+$cpuid_obj="mem_clr.o"	unless ($cpuid_obj =~ /\.o$/);
+$des_obj=$des_enc	unless ($des_obj =~ /\.o$/);
+$bf_obj=$bf_enc		unless ($bf_obj =~ /\.o$/);
+$cast_obj=$cast_enc	unless ($cast_obj =~ /\.o$/);
+$rc4_obj=$rc4_enc	unless ($rc4_obj =~ /\.o$/);
+$rc5_obj=$rc5_enc	unless ($rc5_obj =~ /\.o$/);
+if ($sha1_obj =~ /\.o$/)
+	{
+#	$sha1_obj=$sha1_enc;
+	$cflags.=" -DSHA1_ASM"   if ($sha1_obj =~ /sx86/ || $sha1_obj =~ /sha1/);
+	$cflags.=" -DSHA256_ASM" if ($sha1_obj =~ /sha256/);
+	$cflags.=" -DSHA512_ASM" if ($sha1_obj =~ /sha512/);
+	if ($sha1_obj =~ /sse2/)
+	    {	if ($no_sse2)
+		{   $sha1_obj =~ s/\S*sse2\S+//;        }
+		elsif ($cflags !~ /OPENSSL_IA32_SSE2/)
+		{   $cflags.=" -DOPENSSL_IA32_SSE2";    }
+	    }
+	}
+if ($md5_obj =~ /\.o$/)
+	{
+#	$md5_obj=$md5_enc;
+	$cflags.=" -DMD5_ASM";
+	}
+if ($rmd160_obj =~ /\.o$/)
+	{
+#	$rmd160_obj=$rmd160_enc;
+	$cflags.=" -DRMD160_ASM";
+	}
+if ($aes_obj =~ /\.o$/)
+	{
+	$cflags.=" -DAES_ASM";
+	# aes-ctr.o is not a real file, only indication that assembler
+	# module implements AES_ctr32_encrypt...
+	$cflags.=" -DAES_CTR_ASM" if ($aes_obj =~ s/\s*aes\-ctr\.o//);
+	# aes-xts.o indicates presense of AES_xts_[en|de]crypt...
+	$cflags.=" -DAES_XTS_ASM" if ($aes_obj =~ s/\s*aes\-xts\.o//);
+	$aes_obj =~ s/\s*(vpaes|aesni)\-x86\.o//g if ($no_sse2);
+	$cflags.=" -DVPAES_ASM" if ($aes_obj =~ m/vpaes/);
+	$cflags.=" -DBSAES_ASM" if ($aes_obj =~ m/bsaes/);
+	}
+else	{
+	$aes_obj=$aes_enc;
+	}
+$wp_obj="" if ($wp_obj =~ /mmx/ && $processor eq "386");
+if ($wp_obj =~ /\.o$/ && !$disabled{"whirlpool"})
+	{
+	$cflags.=" -DWHIRLPOOL_ASM";
+	}
+else	{
+	$wp_obj="wp_block.o";
+	}
+$cmll_obj=$cmll_enc	unless ($cmll_obj =~ /.o$/);
+if ($modes_obj =~ /ghash/)
+	{
+	$cflags.=" -DGHASH_ASM";
+	}
+
+# "Stringify" the C flags string.  This permits it to be made part of a string
+# and works as well on command lines.
+$cflags =~ s/([\\\"])/\\\1/g;
+
+my $version = "unknown";
+my $version_num = "unknown";
+my $major = "unknown";
+my $minor = "unknown";
+my $shlib_version_number = "unknown";
+my $shlib_version_history = "unknown";
+my $shlib_major = "unknown";
+my $shlib_minor = "unknown";
+
+open(IN,'<crypto/opensslv.h') || die "unable to read opensslv.h:$!\n";
+while (<IN>)
+	{
+	$version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /;
+	$version_num=$1 if /OPENSSL.VERSION.NUMBER.*0x(\S+)/;
+	$shlib_version_number=$1 if /SHLIB_VERSION_NUMBER *"([^"]+)"/;
+	$shlib_version_history=$1 if /SHLIB_VERSION_HISTORY *"([^"]*)"/;
+	}
+close(IN);
+if ($shlib_version_history ne "") { $shlib_version_history .= ":"; }
+
+if ($version =~ /(^[0-9]*)\.([0-9\.]*)/)
+	{
+	$major=$1;
+	$minor=$2;
+	}
+
+if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
+	{
+	$shlib_major=$1;
+	$shlib_minor=$2;
+	}
+
+if ($strict_warnings)
+	{
+	my $ecc = $cc;
+	$ecc = "clang" if `$cc --version 2>&1` =~ /clang/;
+	my $wopt;
+	die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/);
+	foreach $wopt (split /\s+/, $gcc_devteam_warn)
+		{
+		$cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
+		}
+	if ($ecc eq "clang")
+		{
+		foreach $wopt (split /\s+/, $clang_devteam_warn)
+			{
+			$cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
+			}
+		}
+	}
+
+open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
+unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
+open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
+print OUT "### Generated automatically from Makefile.org by Configure.\n\n";
+my $sdirs=0;
+while (<IN>)
+	{
+	chomp;
+	$sdirs = 1 if /^SDIRS=/;
+	if ($sdirs) {
+		my $dir;
+		foreach $dir (@skip) {
+			s/(\s)$dir /$1/;
+			s/\s$dir$//;
+			}
+		}
+	$sdirs = 0 unless /\\$/;
+        s/engines // if (/^DIRS=/ && $disabled{"engine"});
+	s/ccgost// if (/^ENGDIRS=/ && $disabled{"gost"});
+	s/^VERSION=.*/VERSION=$version/;
+	s/^MAJOR=.*/MAJOR=$major/;
+	s/^MINOR=.*/MINOR=$minor/;
+	s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/;
+	s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
+	s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
+	s/^SHLIB_MINOR=.*/SHLIB_MINOR=$shlib_minor/;
+	s/^SHLIB_EXT=.*/SHLIB_EXT=$shared_extension/;
+	s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/;
+	s/^MULTILIB=.*$/MULTILIB=$multilib/;
+	s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/;
+	s/^LIBDIR=.*$/LIBDIR=$libdir/;
+	s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/;
+	s/^PLATFORM=.*$/PLATFORM=$target/;
+	s/^OPTIONS=.*$/OPTIONS=$options/;
+	s/^CONFIGURE_ARGS=.*$/CONFIGURE_ARGS=$argvstring/;
+	if ($cross_compile_prefix)
+		{
+		s/^CC=.*$/CROSS_COMPILE= $cross_compile_prefix\nCC= \$\(CROSS_COMPILE\)$cc/;
+		s/^AR=\s*/AR= \$\(CROSS_COMPILE\)/;
+		s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/;
+		s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
+		s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc eq "gcc";
+		}
+	else	{
+		s/^CC=.*$/CC= $cc/;
+		s/^AR=\s*ar/AR= $ar/;
+		s/^RANLIB=.*/RANLIB= $ranlib/;
+		s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
+		}
+	s/^CFLAG=.*$/CFLAG= $cflags/;
+	s/^DEPFLAG=.*$/DEPFLAG=$depflags/;
+	s/^PEX_LIBS=.*$/PEX_LIBS= $prelflags/;
+	s/^EX_LIBS=.*$/EX_LIBS= $lflags/;
+	s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/;
+	s/^CPUID_OBJ=.*$/CPUID_OBJ= $cpuid_obj/;
+	s/^BN_ASM=.*$/BN_ASM= $bn_obj/;
+	s/^DES_ENC=.*$/DES_ENC= $des_obj/;
+	s/^AES_ENC=.*$/AES_ENC= $aes_obj/;
+	s/^BF_ENC=.*$/BF_ENC= $bf_obj/;
+	s/^CAST_ENC=.*$/CAST_ENC= $cast_obj/;
+	s/^RC4_ENC=.*$/RC4_ENC= $rc4_obj/;
+	s/^RC5_ENC=.*$/RC5_ENC= $rc5_obj/;
+	s/^MD5_ASM_OBJ=.*$/MD5_ASM_OBJ= $md5_obj/;
+	s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/;
+	s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/;
+	s/^WP_ASM_OBJ=.*$/WP_ASM_OBJ= $wp_obj/;
+	s/^CMLL_ENC=.*$/CMLL_ENC= $cmll_obj/;
+	s/^MODES_ASM_OBJ.=*$/MODES_ASM_OBJ= $modes_obj/;
+	s/^ENGINES_ASM_OBJ.=*$/ENGINES_ASM_OBJ= $engines_obj/;
+	s/^PERLASM_SCHEME=.*$/PERLASM_SCHEME= $perlasm_scheme/;
+	s/^PROCESSOR=.*/PROCESSOR= $processor/;
+	s/^ARFLAGS=.*/ARFLAGS= $arflags/;
+	s/^PERL=.*/PERL= $perl/;
+	s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/;
+	s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/;
+	s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/;
+	s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/;
+
+	s/^FIPSDIR=.*/FIPSDIR=$fipsdir/;
+	s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/;
+	s/^FIPSCANLIB=.*/FIPSCANLIB=libcrypto/ if $fips;
+	s/^BASEADDR=.*/BASEADDR=$baseaddr/;
+
+	s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
+	s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
+	s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
+	if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/)
+		{
+		my $sotmp = $1;
+		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/;
+		}
+	elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.dylib$/)
+		{
+		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.dylib/;
+		}
+	elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
+		{
+		my $sotmp = $1;
+		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
+		}
+	elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
+		{
+		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.\$(SHLIB_MAJOR).dylib .dylib/;
+		}
+	s/^SHARED_LDFLAGS=.*/SHARED_LDFLAGS=$shared_ldflag/;
+	print OUT $_."\n";
+	}
+close(IN);
+close(OUT);
+rename($Makefile,"$Makefile.bak") || die "unable to rename $Makefile\n" if -e $Makefile;
+rename("$Makefile.new",$Makefile) || die "unable to rename $Makefile.new\n";
+
+print "CC            =$cc\n";
+print "CFLAG         =$cflags\n";
+print "EX_LIBS       =$lflags\n";
+print "CPUID_OBJ     =$cpuid_obj\n";
+print "BN_ASM        =$bn_obj\n";
+print "DES_ENC       =$des_obj\n";
+print "AES_ENC       =$aes_obj\n";
+print "BF_ENC        =$bf_obj\n";
+print "CAST_ENC      =$cast_obj\n";
+print "RC4_ENC       =$rc4_obj\n";
+print "RC5_ENC       =$rc5_obj\n";
+print "MD5_OBJ_ASM   =$md5_obj\n";
+print "SHA1_OBJ_ASM  =$sha1_obj\n";
+print "RMD160_OBJ_ASM=$rmd160_obj\n";
+print "CMLL_ENC      =$cmll_obj\n";
+print "MODES_OBJ     =$modes_obj\n";
+print "ENGINES_OBJ   =$engines_obj\n";
+print "PROCESSOR     =$processor\n";
+print "RANLIB        =$ranlib\n";
+print "ARFLAGS       =$arflags\n";
+print "PERL          =$perl\n";
+print "KRB5_INCLUDES =",$withargs{"krb5-include"},"\n"
+	if $withargs{"krb5-include"} ne "";
+
+my $des_ptr=0;
+my $des_risc1=0;
+my $des_risc2=0;
+my $des_unroll=0;
+my $bn_ll=0;
+my $def_int=2;
+my $rc4_int=$def_int;
+my $md2_int=$def_int;
+my $idea_int=$def_int;
+my $rc2_int=$def_int;
+my $rc4_idx=0;
+my $rc4_chunk=0;
+my $bf_ptr=0;
+my @type=("char","short","int","long");
+my ($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0);
+my $export_var_as_fn=0;
+
+my $des_int;
+
+foreach (sort split(/\s+/,$bn_ops))
+	{
+	$des_ptr=1 if /DES_PTR/;
+	$des_risc1=1 if /DES_RISC1/;
+	$des_risc2=1 if /DES_RISC2/;
+	$des_unroll=1 if /DES_UNROLL/;
+	$des_int=1 if /DES_INT/;
+	$bn_ll=1 if /BN_LLONG/;
+	$rc4_int=0 if /RC4_CHAR/;
+	$rc4_int=3 if /RC4_LONG/;
+	$rc4_idx=1 if /RC4_INDEX/;
+	$rc4_chunk=1 if /RC4_CHUNK/;
+	$rc4_chunk=2 if /RC4_CHUNK_LL/;
+	$md2_int=0 if /MD2_CHAR/;
+	$md2_int=3 if /MD2_LONG/;
+	$idea_int=1 if /IDEA_SHORT/;
+	$idea_int=3 if /IDEA_LONG/;
+	$rc2_int=1 if /RC2_SHORT/;
+	$rc2_int=3 if /RC2_LONG/;
+	$bf_ptr=1 if $_ eq "BF_PTR";
+	$bf_ptr=2 if $_ eq "BF_PTR2";
+	($b64l,$b64,$b32,$b16,$b8)=(0,1,0,0,0) if /SIXTY_FOUR_BIT/;
+	($b64l,$b64,$b32,$b16,$b8)=(1,0,0,0,0) if /SIXTY_FOUR_BIT_LONG/;
+	($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0) if /THIRTY_TWO_BIT/;
+	($b64l,$b64,$b32,$b16,$b8)=(0,0,0,1,0) if /SIXTEEN_BIT/;
+	($b64l,$b64,$b32,$b16,$b8)=(0,0,0,0,1) if /EIGHT_BIT/;
+	$export_var_as_fn=1 if /EXPORT_VAR_AS_FN/;
+	}
+
+open(IN,'<crypto/opensslconf.h.in') || die "unable to read crypto/opensslconf.h.in:$!\n";
+unlink("crypto/opensslconf.h.new") || die "unable to remove old crypto/opensslconf.h.new:$!\n" if -e "crypto/opensslconf.h.new";
+open(OUT,'>crypto/opensslconf.h.new') || die "unable to create crypto/opensslconf.h.new:$!\n";
+print OUT "/* opensslconf.h */\n";
+print OUT "/* WARNING: Generated automatically from opensslconf.h.in by Configure. */\n\n";
+
+print OUT "#ifdef  __cplusplus\n";
+print OUT "extern \"C\" {\n";
+print OUT "#endif\n";
+print OUT "/* OpenSSL was configured with the following options: */\n";
+my $openssl_algorithm_defines_trans = $openssl_algorithm_defines;
+$openssl_experimental_defines =~ s/^\s*#\s*define\s+OPENSSL_NO_(.*)/#ifndef OPENSSL_EXPERIMENTAL_$1\n# ifndef OPENSSL_NO_$1\n#  define OPENSSL_NO_$1\n# endif\n#endif/mg;
+$openssl_algorithm_defines_trans =~ s/^\s*#\s*define\s+OPENSSL_(.*)/# if defined(OPENSSL_$1) \&\& !defined($1)\n#  define $1\n# endif/mg;
+$openssl_algorithm_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
+$openssl_algorithm_defines = "   /* no ciphers excluded */\n" if $openssl_algorithm_defines eq "";
+$openssl_thread_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
+$openssl_sys_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
+$openssl_other_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
+print OUT $openssl_sys_defines;
+print OUT "#ifndef OPENSSL_DOING_MAKEDEPEND\n\n";
+print OUT $openssl_experimental_defines;
+print OUT "\n";
+print OUT $openssl_algorithm_defines;
+print OUT "\n#endif /* OPENSSL_DOING_MAKEDEPEND */\n\n";
+print OUT $openssl_thread_defines;
+print OUT $openssl_other_defines,"\n";
+
+print OUT "/* The OPENSSL_NO_* macros are also defined as NO_* if the application\n";
+print OUT "   asks for it.  This is a transient feature that is provided for those\n";
+print OUT "   who haven't had the time to do the appropriate changes in their\n";
+print OUT "   applications.  */\n";
+print OUT "#ifdef OPENSSL_ALGORITHM_DEFINES\n";
+print OUT $openssl_algorithm_defines_trans;
+print OUT "#endif\n\n";
+
+print OUT "#define OPENSSL_CPUID_OBJ\n\n" if ($cpuid_obj ne "mem_clr.o");
+
+while (<IN>)
+	{
+	if	(/^#define\s+OPENSSLDIR/)
+		{
+		my $foo = $openssldir;
+		$foo =~ s/\\/\\\\/g;
+		print OUT "#define OPENSSLDIR \"$foo\"\n";
+		}
+	elsif	(/^#define\s+ENGINESDIR/)
+		{
+		my $foo = "$prefix/$libdir/engines";
+		$foo =~ s/\\/\\\\/g;
+		print OUT "#define ENGINESDIR \"$foo\"\n";
+		}
+	elsif	(/^#((define)|(undef))\s+OPENSSL_EXPORT_VAR_AS_FUNCTION/)
+		{ printf OUT "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION\n"
+			if $export_var_as_fn;
+		  printf OUT "#%s OPENSSL_EXPORT_VAR_AS_FUNCTION\n",
+			($export_var_as_fn)?"define":"undef"; }
+	elsif	(/^#define\s+OPENSSL_UNISTD/)
+		{
+		$unistd = "<unistd.h>" if $unistd eq "";
+		print OUT "#define OPENSSL_UNISTD $unistd\n";
+		}
+	elsif	(/^#((define)|(undef))\s+SIXTY_FOUR_BIT_LONG/)
+		{ printf OUT "#%s SIXTY_FOUR_BIT_LONG\n",($b64l)?"define":"undef"; }
+	elsif	(/^#((define)|(undef))\s+SIXTY_FOUR_BIT/)
+		{ printf OUT "#%s SIXTY_FOUR_BIT\n",($b64)?"define":"undef"; }
+	elsif	(/^#((define)|(undef))\s+THIRTY_TWO_BIT/)
+		{ printf OUT "#%s THIRTY_TWO_BIT\n",($b32)?"define":"undef"; }
+	elsif	(/^#((define)|(undef))\s+SIXTEEN_BIT/)
+		{ printf OUT "#%s SIXTEEN_BIT\n",($b16)?"define":"undef"; }
+	elsif	(/^#((define)|(undef))\s+EIGHT_BIT/)
+		{ printf OUT "#%s EIGHT_BIT\n",($b8)?"define":"undef"; }
+	elsif	(/^#((define)|(undef))\s+BN_LLONG\s*$/)
+		{ printf OUT "#%s BN_LLONG\n",($bn_ll)?"define":"undef"; }
+	elsif	(/^\#define\s+DES_LONG\s+.*/)
+		{ printf OUT "#define DES_LONG unsigned %s\n",
+			($des_int)?'int':'long'; }
+	elsif	(/^\#(define|undef)\s+DES_PTR/)
+		{ printf OUT "#%s DES_PTR\n",($des_ptr)?'define':'undef'; }
+	elsif	(/^\#(define|undef)\s+DES_RISC1/)
+		{ printf OUT "#%s DES_RISC1\n",($des_risc1)?'define':'undef'; }
+	elsif	(/^\#(define|undef)\s+DES_RISC2/)
+		{ printf OUT "#%s DES_RISC2\n",($des_risc2)?'define':'undef'; }
+	elsif	(/^\#(define|undef)\s+DES_UNROLL/)
+		{ printf OUT "#%s DES_UNROLL\n",($des_unroll)?'define':'undef'; }
+	elsif	(/^#define\s+RC4_INT\s/)
+		{ printf OUT "#define RC4_INT unsigned %s\n",$type[$rc4_int]; }
+	elsif	(/^#undef\s+RC4_CHUNK/)
+		{
+		printf OUT "#undef RC4_CHUNK\n" if $rc4_chunk==0;
+		printf OUT "#define RC4_CHUNK unsigned long\n" if $rc4_chunk==1;
+		printf OUT "#define RC4_CHUNK unsigned long long\n" if $rc4_chunk==2;
+		}
+	elsif	(/^#((define)|(undef))\s+RC4_INDEX/)
+		{ printf OUT "#%s RC4_INDEX\n",($rc4_idx)?"define":"undef"; }
+	elsif (/^#(define|undef)\s+I386_ONLY/)
+		{ printf OUT "#%s I386_ONLY\n", ($processor eq "386")?
+			"define":"undef"; }
+	elsif	(/^#define\s+MD2_INT\s/)
+		{ printf OUT "#define MD2_INT unsigned %s\n",$type[$md2_int]; }
+	elsif	(/^#define\s+IDEA_INT\s/)
+		{printf OUT "#define IDEA_INT unsigned %s\n",$type[$idea_int];}
+	elsif	(/^#define\s+RC2_INT\s/)
+		{printf OUT "#define RC2_INT unsigned %s\n",$type[$rc2_int];}
+	elsif (/^#(define|undef)\s+BF_PTR/)
+		{
+		printf OUT "#undef BF_PTR\n" if $bf_ptr == 0;
+		printf OUT "#define BF_PTR\n" if $bf_ptr == 1;
+		printf OUT "#define BF_PTR2\n" if $bf_ptr == 2;
+	        }
+	else
+		{ print OUT $_; }
+	}
+close(IN);
+print OUT "#ifdef  __cplusplus\n";
+print OUT "}\n";
+print OUT "#endif\n";
+close(OUT);
+rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h";
+rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n";
+
+
+# Fix the date
+
+print "SIXTY_FOUR_BIT_LONG mode\n" if $b64l;
+print "SIXTY_FOUR_BIT mode\n" if $b64;
+print "THIRTY_TWO_BIT mode\n" if $b32;
+print "SIXTEEN_BIT mode\n" if $b16;
+print "EIGHT_BIT mode\n" if $b8;
+print "DES_PTR used\n" if $des_ptr;
+print "DES_RISC1 used\n" if $des_risc1;
+print "DES_RISC2 used\n" if $des_risc2;
+print "DES_UNROLL used\n" if $des_unroll;
+print "DES_INT used\n" if $des_int;
+print "BN_LLONG mode\n" if $bn_ll;
+print "RC4 uses u$type[$rc4_int]\n" if $rc4_int != $def_int;
+print "RC4_INDEX mode\n" if $rc4_idx;
+print "RC4_CHUNK is undefined\n" if $rc4_chunk==0;
+print "RC4_CHUNK is unsigned long\n" if $rc4_chunk==1;
+print "RC4_CHUNK is unsigned long long\n" if $rc4_chunk==2;
+print "MD2 uses u$type[$md2_int]\n" if $md2_int != $def_int;
+print "IDEA uses u$type[$idea_int]\n" if $idea_int != $def_int;
+print "RC2 uses u$type[$rc2_int]\n" if $rc2_int != $def_int;
+print "BF_PTR used\n" if $bf_ptr == 1; 
+print "BF_PTR2 used\n" if $bf_ptr == 2; 
+
+if($IsMK1MF) {
+	open (OUT,">crypto/buildinf.h") || die "Can't open buildinf.h";
+	printf OUT <<EOF;
+#ifndef MK1MF_BUILD
+  /* auto-generated by Configure for crypto/cversion.c:
+   * for Unix builds, crypto/Makefile.ssl generates functional definitions;
+   * Windows builds (and other mk1mf builds) compile cversion.c with
+   * -DMK1MF_BUILD and use definitions added to this file by util/mk1mf.pl. */
+  #error "Windows builds (PLATFORM=$target) use mk1mf.pl-created Makefiles"
+#endif
+EOF
+	close(OUT);
+} else {
+	my $make_command = "$make PERL=\'$perl\'";
+	my $make_targets = "";
+	$make_targets .= " links" if $symlink;
+	$make_targets .= " depend" if $depflags ne $default_depflags && $make_depend;
+	$make_targets .= " gentests" if $symlink;
+	(system $make_command.$make_targets) == 0 or exit $?
+		if $make_targets ne "";
+	if ( $perl =~ m@^/@) {
+	    &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
+	    &dofile("apps/CA.pl",$perl,'^#!/', '#!%s');
+	} else {
+	    # No path for Perl known ...
+	    &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";',  '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
+	    &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
+	}
+	if ($depflags ne $default_depflags && !$make_depend) {
+            $warn_make_depend++;
+        }
+}
+
+# create the ms/version32.rc file if needed
+if ($IsMK1MF && ($target !~ /^netware/)) {
+	my ($v1, $v2, $v3, $v4);
+	if ($version_num =~ /(^[0-9a-f]{1})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) {
+		$v1=hex $1;
+		$v2=hex $2;
+		$v3=hex $3;
+		$v4=hex $4;
+	}
+	open (OUT,">ms/version32.rc") || die "Can't open ms/version32.rc";
+	print OUT <<EOF;
+#include <winver.h>
+
+LANGUAGE 0x09,0x01
+
+1 VERSIONINFO
+  FILEVERSION $v1,$v2,$v3,$v4
+  PRODUCTVERSION $v1,$v2,$v3,$v4
+  FILEFLAGSMASK 0x3fL
+#ifdef _DEBUG
+  FILEFLAGS 0x01L
+#else
+  FILEFLAGS 0x00L
+#endif
+  FILEOS VOS__WINDOWS32
+  FILETYPE VFT_DLL
+  FILESUBTYPE 0x0L
+BEGIN
+    BLOCK "StringFileInfo"
+    BEGIN
+	BLOCK "040904b0"
+	BEGIN
+	    // Required:	    
+	    VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0"
+	    VALUE "FileDescription", "OpenSSL Shared Library\\0"
+	    VALUE "FileVersion", "$version\\0"
+#if defined(CRYPTO)
+	    VALUE "InternalName", "libeay32\\0"
+	    VALUE "OriginalFilename", "libeay32.dll\\0"
+#elif defined(SSL)
+	    VALUE "InternalName", "ssleay32\\0"
+	    VALUE "OriginalFilename", "ssleay32.dll\\0"
+#endif
+	    VALUE "ProductName", "The OpenSSL Toolkit\\0"
+	    VALUE "ProductVersion", "$version\\0"
+	    // Optional:
+	    //VALUE "Comments", "\\0"
+	    VALUE "LegalCopyright", "Copyright \xA9 1998-2005 The OpenSSL Project. Copyright \xA9 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0"
+	    //VALUE "LegalTrademarks", "\\0"
+	    //VALUE "PrivateBuild", "\\0"
+	    //VALUE "SpecialBuild", "\\0"
+	END
+    END
+    BLOCK "VarFileInfo"
+    BEGIN
+        VALUE "Translation", 0x409, 0x4b0
+    END
+END
+EOF
+	close(OUT);
+  }
+  
+print <<EOF;
+
+Configured for $target.
+EOF
+
+print <<\EOF if (!$no_threads && !$threads);
+
+The library could not be configured for supporting multi-threaded
+applications as the compiler options required on this system are not known.
+See file INSTALL for details if you need multi-threading.
+EOF
+
+print <<\EOF if ($no_shared_warn);
+
+You gave the option 'shared', which is not supported on this platform, so
+we will pretend you gave the option 'no-shared'.  If you know how to implement
+shared libraries, please let us know (but please first make sure you have
+tried with a current version of OpenSSL).
+EOF
+
+print <<EOF if ($warn_make_depend);
+
+*** Because of configuration changes, you MUST do the following before
+*** building:
+
+	make depend
+EOF
+
+exit(0);
+
+sub usage
+	{
+	print STDERR $usage;
+	print STDERR "\npick os/compiler from:\n";
+	my $j=0;
+	my $i;
+        my $k=0;
+	foreach $i (sort keys %table)
+		{
+		next if $i =~ /^debug/;
+		$k += length($i) + 1;
+		if ($k > 78)
+			{
+			print STDERR "\n";
+			$k=length($i);
+			}
+		print STDERR $i . " ";
+		}
+	foreach $i (sort keys %table)
+		{
+		next if $i !~ /^debug/;
+		$k += length($i) + 1;
+		if ($k > 78)
+			{
+			print STDERR "\n";
+			$k=length($i);
+			}
+		print STDERR $i . " ";
+		}
+	print STDERR "\n\nNOTE: If in doubt, on Unix-ish systems use './config'.\n";
+	exit(1);
+	}
+
+sub which
+	{
+	my($name)=@_;
+	my $path;
+	foreach $path (split /:/, $ENV{PATH})
+		{
+		if (-f "$path/$name$exe_ext" and -x _)
+			{
+			return "$path/$name$exe_ext" unless ($name eq "perl" and
+			 system("$path/$name$exe_ext -e " . '\'exit($]<5.0);\''));
+			}
+		}
+	}
+
+sub dofile
+	{
+	my $f; my $p; my %m; my @a; my $k; my $ff;
+	($f,$p,%m)=@_;
+
+	open(IN,"<$f.in") || open(IN,"<$f") || die "unable to open $f:$!\n";
+	@a=<IN>;
+	close(IN);
+	foreach $k (keys %m)
+		{
+		grep(/$k/ && ($_=sprintf($m{$k}."\n",$p)), at a);
+		}
+	open(OUT,">$f.new") || die "unable to open $f.new:$!\n";
+	print OUT @a;
+	close(OUT);
+	rename($f,"$f.bak") || die "unable to rename $f\n" if -e $f;
+	rename("$f.new",$f) || die "unable to rename $f.new\n";
+	}
+
+sub print_table_entry
+	{
+	my $target = shift;
+
+	(my $cc,my $cflags,my $unistd,my $thread_cflag,my $sys_id,my $lflags,
+	my $bn_ops,my $cpuid_obj,my $bn_obj,my $des_obj,my $aes_obj, my $bf_obj,
+	my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj,
+	my $rc5_obj,my $wp_obj,my $cmll_obj,my $modes_obj, my $engines_obj,
+	my $perlasm_scheme,my $dso_scheme,my $shared_target,my $shared_cflag,
+	my $shared_ldflag,my $shared_extension,my $ranlib,my $arflags,my $multilib)=
+	split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
+			
+	print <<EOF
+
+*** $target
+\$cc           = $cc
+\$cflags       = $cflags
+\$unistd       = $unistd
+\$thread_cflag = $thread_cflag
+\$sys_id       = $sys_id
+\$lflags       = $lflags
+\$bn_ops       = $bn_ops
+\$cpuid_obj    = $cpuid_obj
+\$bn_obj       = $bn_obj
+\$des_obj      = $des_obj
+\$aes_obj      = $aes_obj
+\$bf_obj       = $bf_obj
+\$md5_obj      = $md5_obj
+\$sha1_obj     = $sha1_obj
+\$cast_obj     = $cast_obj
+\$rc4_obj      = $rc4_obj
+\$rmd160_obj   = $rmd160_obj
+\$rc5_obj      = $rc5_obj
+\$wp_obj       = $wp_obj
+\$cmll_obj     = $cmll_obj
+\$modes_obj    = $modes_obj
+\$engines_obj  = $engines_obj
+\$perlasm_scheme = $perlasm_scheme
+\$dso_scheme   = $dso_scheme
+\$shared_target= $shared_target
+\$shared_cflag = $shared_cflag
+\$shared_ldflag = $shared_ldflag
+\$shared_extension = $shared_extension
+\$ranlib       = $ranlib
+\$arflags      = $arflags
+\$multilib     = $multilib
+EOF
+	}
+
+sub test_sanity
+	{
+	my $errorcnt = 0;
+
+	print STDERR "=" x 70, "\n";
+	print STDERR "=== SANITY TESTING!\n";
+	print STDERR "=== No configuration will be done, all other arguments will be ignored!\n";
+	print STDERR "=" x 70, "\n";
+
+	foreach $target (sort keys %table)
+		{
+		@fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
+
+		if ($fields[$idx_dso_scheme-1] =~ /^(beos|dl|dlfcn|win32|vms)$/)
+			{
+			$errorcnt++;
+			print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] values\n";
+			print STDERR "              in the previous field\n";
+			}
+		elsif ($fields[$idx_dso_scheme+1] =~ /^(beos|dl|dlfcn|win32|vms)$/)
+			{
+			$errorcnt++;
+			print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] values\n";
+			print STDERR "              in the following field\n";
+			}
+		elsif ($fields[$idx_dso_scheme] !~ /^(beos|dl|dlfcn|win32|vms|)$/)
+			{
+			$errorcnt++;
+			print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] field = ",$fields[$idx_dso_scheme],"\n";
+			print STDERR "              valid values are 'beos', 'dl', 'dlfcn', 'win32' and 'vms'\n";
+			}
+		}
+	print STDERR "No sanity errors detected!\n" if $errorcnt == 0;
+	return $errorcnt;
+	}

Deleted: vendor-crypto/openssl/1.0.1u/INSTALL
===================================================================
--- vendor-crypto/openssl/dist/INSTALL	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/INSTALL	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,360 +0,0 @@
-
- INSTALLATION ON THE UNIX PLATFORM
- ---------------------------------
-
- [Installation on DOS (with djgpp), Windows, OpenVMS, MacOS (before MacOS X)
-  and NetWare is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS,
-  INSTALL.MacOS and INSTALL.NW.
-  
-  This document describes installation on operating systems in the Unix
-  family.]
-
- To install OpenSSL, you will need:
-
-  * make
-  * Perl 5
-  * an ANSI C compiler
-  * a development environment in form of development libraries and C
-    header files
-  * a supported Unix operating system
-
- Quick Start
- -----------
-
- If you want to just get on with it, do:
-
-  $ ./config
-  $ make
-  $ make test
-  $ make install
-
- [If any of these steps fails, see section Installation in Detail below.]
-
- This will build and install OpenSSL in the default location, which is (for
- historical reasons) /usr/local/ssl. If you want to install it anywhere else,
- run config like this:
-
-  $ ./config --prefix=/usr/local --openssldir=/usr/local/openssl
-
-
- Configuration Options
- ---------------------
-
- There are several options to ./config (or ./Configure) to customize
- the build:
-
-  --prefix=DIR  Install in DIR/bin, DIR/lib, DIR/include/openssl.
-	        Configuration files used by OpenSSL will be in DIR/ssl
-                or the directory specified by --openssldir.
-
-  --openssldir=DIR Directory for OpenSSL files. If no prefix is specified,
-                the library files and binaries are also installed there.
-
-  no-threads    Don't try to build with support for multi-threaded
-                applications.
-
-  threads       Build with support for multi-threaded applications.
-                This will usually require additional system-dependent options!
-                See "Note on multi-threading" below.
-
-  no-zlib       Don't try to build with support for zlib compression and
-                decompression.
-
-  zlib          Build with support for zlib compression/decompression.
-
-  zlib-dynamic  Like "zlib", but has OpenSSL load the zlib library dynamically
-                when needed.  This is only supported on systems where loading
-                of shared libraries is supported.  This is the default choice.
-
-  no-shared     Don't try to create shared libraries.
-
-  shared        In addition to the usual static libraries, create shared
-                libraries on platforms where it's supported.  See "Note on
-                shared libraries" below.
-
-  no-asm        Do not use assembler code.
-
-  386           Use the 80386 instruction set only (the default x86 code is
-                more efficient, but requires at least a 486). Note: Use
-                compiler flags for any other CPU specific configuration,
-                e.g. "-m32" to build x86 code on an x64 system.
-
-  no-sse2	Exclude SSE2 code pathes. Normally SSE2 extention is
-		detected at run-time, but the decision whether or not the
-		machine code will be executed is taken solely on CPU
-		capability vector. This means that if you happen to run OS
-		kernel which does not support SSE2 extension on Intel P4
-		processor, then your application might be exposed to
-		"illegal instruction" exception. There might be a way
-		to enable support in kernel, e.g. FreeBSD kernel can be
-		compiled with CPU_ENABLE_SSE, and there is a way to
-		disengage SSE2 code pathes upon application start-up,
-		but if you aim for wider "audience" running such kernel,
-		consider no-sse2. Both 386 and no-asm options above imply
-		no-sse2.
-
-  no-<cipher>   Build without the specified cipher (bf, cast, des, dh, dsa,
-                hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha).
-                The crypto/<cipher> directory can be removed after running
-                "make depend".
-
-  -Dxxx, -lxxx, -Lxxx, -fxxx, -mXXX, -Kxxx These system specific options will
-                be passed through to the compiler to allow you to
-                define preprocessor symbols, specify additional libraries,
-                library directories or other compiler options.
-
-  -DHAVE_CRYPTODEV Enable the BSD cryptodev engine even if we are not using
-		BSD. Useful if you are running ocf-linux or something
-		similar. Once enabled you can also enable the use of
-		cryptodev digests, which is usually slower unless you have
-		large amounts data. Use -DUSE_CRYPTODEV_DIGESTS to force
-		it.
-
- Installation in Detail
- ----------------------
-
- 1a. Configure OpenSSL for your operation system automatically:
-
-       $ ./config [options]
-
-     This guesses at your operating system (and compiler, if necessary) and
-     configures OpenSSL based on this guess. Run ./config -t to see
-     if it guessed correctly. If you want to use a different compiler, you
-     are cross-compiling for another platform, or the ./config guess was
-     wrong for other reasons, go to step 1b. Otherwise go to step 2.
-
-     On some systems, you can include debugging information as follows:
-
-       $ ./config -d [options]
-
- 1b. Configure OpenSSL for your operating system manually
-
-     OpenSSL knows about a range of different operating system, hardware and
-     compiler combinations. To see the ones it knows about, run
-
-       $ ./Configure
-
-     Pick a suitable name from the list that matches your system. For most
-     operating systems there is a choice between using "cc" or "gcc".  When
-     you have identified your system (and if necessary compiler) use this name
-     as the argument to ./Configure. For example, a "linux-elf" user would
-     run:
-
-       $ ./Configure linux-elf [options]
-
-     If your system is not available, you will have to edit the Configure
-     program and add the correct configuration for your system. The
-     generic configurations "cc" or "gcc" should usually work on 32 bit
-     systems.
-
-     Configure creates the file Makefile.ssl from Makefile.org and
-     defines various macros in crypto/opensslconf.h (generated from
-     crypto/opensslconf.h.in).
-
-  2. Build OpenSSL by running:
-
-       $ make
-
-     This will build the OpenSSL libraries (libcrypto.a and libssl.a) and the
-     OpenSSL binary ("openssl"). The libraries will be built in the top-level
-     directory, and the binary will be in the "apps" directory.
-
-     If "make" fails, look at the output.  There may be reasons for
-     the failure that aren't problems in OpenSSL itself (like missing
-     standard headers).  If it is a problem with OpenSSL itself, please
-     report the problem to <openssl-bugs at openssl.org> (note that your
-     message will be recorded in the request tracker publicly readable
-     via http://www.openssl.org/support/rt.html and will be forwarded to a
-     public mailing list). Include the output of "make report" in your message.
-     Please check out the request tracker. Maybe the bug was already
-     reported or has already been fixed.
-
-     [If you encounter assembler error messages, try the "no-asm"
-     configuration option as an immediate fix.]
-
-     Compiling parts of OpenSSL with gcc and others with the system
-     compiler will result in unresolved symbols on some systems.
-
-  3. After a successful build, the libraries should be tested. Run:
-
-       $ make test
-
-     If a test fails, look at the output.  There may be reasons for
-     the failure that isn't a problem in OpenSSL itself (like a missing
-     or malfunctioning bc).  If it is a problem with OpenSSL itself,
-     try removing any compiler optimization flags from the CFLAG line
-     in Makefile.ssl and run "make clean; make". Please send a bug
-     report to <openssl-bugs at openssl.org>, including the output of
-     "make report" in order to be added to the request tracker at
-     http://www.openssl.org/support/rt.html.
-
-  4. If everything tests ok, install OpenSSL with
-
-       $ make install
-
-     This will create the installation directory (if it does not exist) and
-     then the following subdirectories:
-
-       certs           Initially empty, this is the default location
-                       for certificate files.
-       man/man1        Manual pages for the 'openssl' command line tool
-       man/man3        Manual pages for the libraries (very incomplete)
-       misc            Various scripts.
-       private         Initially empty, this is the default location
-                       for private key files.
-
-     If you didn't choose a different installation prefix, the
-     following additional subdirectories will be created:
-
-       bin             Contains the openssl binary and a few other 
-                       utility programs. 
-       include/openssl Contains the header files needed if you want to
-                       compile programs with libcrypto or libssl.
-       lib             Contains the OpenSSL library files themselves.
-
-     Use "make install_sw" to install the software without documentation,
-     and "install_docs_html" to install HTML renditions of the manual
-     pages.
-
-     Package builders who want to configure the library for standard
-     locations, but have the package installed somewhere else so that
-     it can easily be packaged, can use
-
-       $ make INSTALL_PREFIX=/tmp/package-root install
-
-     (or specify "--install_prefix=/tmp/package-root" as a configure
-     option).  The specified prefix will be prepended to all
-     installation target filenames.
-
-
-  NOTE: The header files used to reside directly in the include
-  directory, but have now been moved to include/openssl so that
-  OpenSSL can co-exist with other libraries which use some of the
-  same filenames.  This means that applications that use OpenSSL
-  should now use C preprocessor directives of the form
-
-       #include <openssl/ssl.h>
-
-  instead of "#include <ssl.h>", which was used with library versions
-  up to OpenSSL 0.9.2b.
-
-  If you install a new version of OpenSSL over an old library version,
-  you should delete the old header files in the include directory.
-
-  Compatibility issues:
-
-  *  COMPILING existing applications
-
-     To compile an application that uses old filenames -- e.g.
-     "#include <ssl.h>" --, it will usually be enough to find
-     the CFLAGS definition in the application's Makefile and
-     add a C option such as
-
-          -I/usr/local/ssl/include/openssl
-
-     to it.
-
-     But don't delete the existing -I option that points to
-     the ..../include directory!  Otherwise, OpenSSL header files
-     could not #include each other.
-
-  *  WRITING applications
-
-     To write an application that is able to handle both the new
-     and the old directory layout, so that it can still be compiled
-     with library versions up to OpenSSL 0.9.2b without bothering
-     the user, you can proceed as follows:
-
-     -  Always use the new filename of OpenSSL header files,
-        e.g. #include <openssl/ssl.h>.
-
-     -  Create a directory "incl" that contains only a symbolic
-        link named "openssl", which points to the "include" directory
-        of OpenSSL.
-        For example, your application's Makefile might contain the
-        following rule, if OPENSSLDIR is a pathname (absolute or
-        relative) of the directory where OpenSSL resides:
-
-        incl/openssl:
-        	-mkdir incl
-        	cd $(OPENSSLDIR) # Check whether the directory really exists
-        	-ln -s `cd $(OPENSSLDIR); pwd`/include incl/openssl
-
-        You will have to add "incl/openssl" to the dependencies
-        of those C files that include some OpenSSL header file.
-
-     -  Add "-Iincl" to your CFLAGS.
-
-     With these additions, the OpenSSL header files will be available
-     under both name variants if an old library version is used:
-     Your application can reach them under names like <openssl/foo.h>,
-     while the header files still are able to #include each other
-     with names of the form <foo.h>.
-
-
- Note on multi-threading
- -----------------------
-
- For some systems, the OpenSSL Configure script knows what compiler options
- are needed to generate a library that is suitable for multi-threaded
- applications.  On these systems, support for multi-threading is enabled
- by default; use the "no-threads" option to disable (this should never be
- necessary).
-
- On other systems, to enable support for multi-threading, you will have
- to specify at least two options: "threads", and a system-dependent option.
- (The latter is "-D_REENTRANT" on various systems.)  The default in this
- case, obviously, is not to include support for multi-threading (but
- you can still use "no-threads" to suppress an annoying warning message
- from the Configure script.)
-
-
- Note on shared libraries
- ------------------------
-
- Shared libraries have certain caveats.  Binary backward compatibility
- can't be guaranteed before OpenSSL version 1.0.  The only reason to
- use them would be to conserve memory on systems where several programs
- are using OpenSSL.
-
- For some systems, the OpenSSL Configure script knows what is needed to
- build shared libraries for libcrypto and libssl.  On these systems,
- the shared libraries are currently not created by default, but giving
- the option "shared" will get them created.  This method supports Makefile
- targets for shared library creation, like linux-shared.  Those targets
- can currently be used on their own just as well, but this is expected
- to change in future versions of OpenSSL.
-
- Note on random number generation
- --------------------------------
-
- Availability of cryptographically secure random numbers is required for
- secret key generation. OpenSSL provides several options to seed the
- internal PRNG. If not properly seeded, the internal PRNG will refuse
- to deliver random bytes and a "PRNG not seeded error" will occur.
- On systems without /dev/urandom (or similar) device, it may be necessary
- to install additional support software to obtain random seed.
- Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
- and the FAQ for more information.
-
- Note on support for multiple builds
- -----------------------------------
-
- OpenSSL is usually built in its source tree.  Unfortunately, this doesn't
- support building for multiple platforms from the same source tree very well.
- It is however possible to build in a separate tree through the use of lots
- of symbolic links, which should be prepared like this:
-
-	mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
-	cd objtree/"`uname -s`-`uname -r`-`uname -m`"
-	(cd $OPENSSL_SOURCE; find . -type f) | while read F; do
-		mkdir -p `dirname $F`
-		rm -f $F; ln -s $OPENSSL_SOURCE/$F $F
-		echo $F '->' $OPENSSL_SOURCE/$F
-	done
-	make -f Makefile.org clean
-
- OPENSSL_SOURCE is an environment variable that contains the absolute (this
- is important!) path to the OpenSSL source tree.
-
- Also, operations like 'make update' should still be made in the source tree.

Copied: vendor-crypto/openssl/1.0.1u/INSTALL (from rev 11605, vendor-crypto/openssl/dist/INSTALL)
===================================================================
--- vendor-crypto/openssl/1.0.1u/INSTALL	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/INSTALL	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,360 @@
+
+ INSTALLATION ON THE UNIX PLATFORM
+ ---------------------------------
+
+ [Installation on DOS (with djgpp), Windows, OpenVMS, MacOS (before MacOS X)
+  and NetWare is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS,
+  INSTALL.MacOS and INSTALL.NW.
+  
+  This document describes installation on operating systems in the Unix
+  family.]
+
+ To install OpenSSL, you will need:
+
+  * make
+  * Perl 5
+  * an ANSI C compiler
+  * a development environment in form of development libraries and C
+    header files
+  * a supported Unix operating system
+
+ Quick Start
+ -----------
+
+ If you want to just get on with it, do:
+
+  $ ./config
+  $ make
+  $ make test
+  $ make install
+
+ [If any of these steps fails, see section Installation in Detail below.]
+
+ This will build and install OpenSSL in the default location, which is (for
+ historical reasons) /usr/local/ssl. If you want to install it anywhere else,
+ run config like this:
+
+  $ ./config --prefix=/usr/local --openssldir=/usr/local/openssl
+
+
+ Configuration Options
+ ---------------------
+
+ There are several options to ./config (or ./Configure) to customize
+ the build:
+
+  --prefix=DIR  Install in DIR/bin, DIR/lib, DIR/include/openssl.
+	        Configuration files used by OpenSSL will be in DIR/ssl
+                or the directory specified by --openssldir.
+
+  --openssldir=DIR Directory for OpenSSL files. If no prefix is specified,
+                the library files and binaries are also installed there.
+
+  no-threads    Don't try to build with support for multi-threaded
+                applications.
+
+  threads       Build with support for multi-threaded applications.
+                This will usually require additional system-dependent options!
+                See "Note on multi-threading" below.
+
+  no-zlib       Don't try to build with support for zlib compression and
+                decompression.
+
+  zlib          Build with support for zlib compression/decompression.
+
+  zlib-dynamic  Like "zlib", but has OpenSSL load the zlib library dynamically
+                when needed.  This is only supported on systems where loading
+                of shared libraries is supported.  This is the default choice.
+
+  no-shared     Don't try to create shared libraries.
+
+  shared        In addition to the usual static libraries, create shared
+                libraries on platforms where it's supported.  See "Note on
+                shared libraries" below.
+
+  no-asm        Do not use assembler code.
+
+  386           Use the 80386 instruction set only (the default x86 code is
+                more efficient, but requires at least a 486). Note: Use
+                compiler flags for any other CPU specific configuration,
+                e.g. "-m32" to build x86 code on an x64 system.
+
+  no-sse2	Exclude SSE2 code pathes. Normally SSE2 extention is
+		detected at run-time, but the decision whether or not the
+		machine code will be executed is taken solely on CPU
+		capability vector. This means that if you happen to run OS
+		kernel which does not support SSE2 extension on Intel P4
+		processor, then your application might be exposed to
+		"illegal instruction" exception. There might be a way
+		to enable support in kernel, e.g. FreeBSD kernel can be
+		compiled with CPU_ENABLE_SSE, and there is a way to
+		disengage SSE2 code pathes upon application start-up,
+		but if you aim for wider "audience" running such kernel,
+		consider no-sse2. Both 386 and no-asm options above imply
+		no-sse2.
+
+  no-<cipher>   Build without the specified cipher (bf, cast, des, dh, dsa,
+                hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha).
+                The crypto/<cipher> directory can be removed after running
+                "make depend".
+
+  -Dxxx, -lxxx, -Lxxx, -fxxx, -mXXX, -Kxxx These system specific options will
+                be passed through to the compiler to allow you to
+                define preprocessor symbols, specify additional libraries,
+                library directories or other compiler options.
+
+  -DHAVE_CRYPTODEV Enable the BSD cryptodev engine even if we are not using
+		BSD. Useful if you are running ocf-linux or something
+		similar. Once enabled you can also enable the use of
+		cryptodev digests, which is usually slower unless you have
+		large amounts data. Use -DUSE_CRYPTODEV_DIGESTS to force
+		it.
+
+ Installation in Detail
+ ----------------------
+
+ 1a. Configure OpenSSL for your operation system automatically:
+
+       $ ./config [options]
+
+     This guesses at your operating system (and compiler, if necessary) and
+     configures OpenSSL based on this guess. Run ./config -t to see
+     if it guessed correctly. If you want to use a different compiler, you
+     are cross-compiling for another platform, or the ./config guess was
+     wrong for other reasons, go to step 1b. Otherwise go to step 2.
+
+     On some systems, you can include debugging information as follows:
+
+       $ ./config -d [options]
+
+ 1b. Configure OpenSSL for your operating system manually
+
+     OpenSSL knows about a range of different operating system, hardware and
+     compiler combinations. To see the ones it knows about, run
+
+       $ ./Configure
+
+     Pick a suitable name from the list that matches your system. For most
+     operating systems there is a choice between using "cc" or "gcc".  When
+     you have identified your system (and if necessary compiler) use this name
+     as the argument to ./Configure. For example, a "linux-elf" user would
+     run:
+
+       $ ./Configure linux-elf [options]
+
+     If your system is not available, you will have to edit the Configure
+     program and add the correct configuration for your system. The
+     generic configurations "cc" or "gcc" should usually work on 32 bit
+     systems.
+
+     Configure creates the file Makefile.ssl from Makefile.org and
+     defines various macros in crypto/opensslconf.h (generated from
+     crypto/opensslconf.h.in).
+
+  2. Build OpenSSL by running:
+
+       $ make
+
+     This will build the OpenSSL libraries (libcrypto.a and libssl.a) and the
+     OpenSSL binary ("openssl"). The libraries will be built in the top-level
+     directory, and the binary will be in the "apps" directory.
+
+     If "make" fails, look at the output.  There may be reasons for
+     the failure that aren't problems in OpenSSL itself (like missing
+     standard headers).  If it is a problem with OpenSSL itself, please
+     report the problem to <openssl-bugs at openssl.org> (note that your
+     message will be recorded in the request tracker publicly readable
+     at https://www.openssl.org/community/index.html#bugs and will be
+     forwarded to a public mailing list). Include the output of "make
+     report" in your message.  Please check out the request tracker. Maybe
+     the bug was already reported or has already been fixed.
+
+     [If you encounter assembler error messages, try the "no-asm"
+     configuration option as an immediate fix.]
+
+     Compiling parts of OpenSSL with gcc and others with the system
+     compiler will result in unresolved symbols on some systems.
+
+  3. After a successful build, the libraries should be tested. Run:
+
+       $ make test
+
+     If a test fails, look at the output.  There may be reasons for
+     the failure that isn't a problem in OpenSSL itself (like a missing
+     or malfunctioning bc).  If it is a problem with OpenSSL itself,
+     try removing any compiler optimization flags from the CFLAG line
+     in Makefile.ssl and run "make clean; make". Please send a bug
+     report to <openssl-bugs at openssl.org>, including the output of
+     "make report" in order to be added to the request tracker at
+     http://www.openssl.org/support/rt.html.
+
+  4. If everything tests ok, install OpenSSL with
+
+       $ make install
+
+     This will create the installation directory (if it does not exist) and
+     then the following subdirectories:
+
+       certs           Initially empty, this is the default location
+                       for certificate files.
+       man/man1        Manual pages for the 'openssl' command line tool
+       man/man3        Manual pages for the libraries (very incomplete)
+       misc            Various scripts.
+       private         Initially empty, this is the default location
+                       for private key files.
+
+     If you didn't choose a different installation prefix, the
+     following additional subdirectories will be created:
+
+       bin             Contains the openssl binary and a few other 
+                       utility programs. 
+       include/openssl Contains the header files needed if you want to
+                       compile programs with libcrypto or libssl.
+       lib             Contains the OpenSSL library files themselves.
+
+     Use "make install_sw" to install the software without documentation,
+     and "install_docs_html" to install HTML renditions of the manual
+     pages.
+
+     Package builders who want to configure the library for standard
+     locations, but have the package installed somewhere else so that
+     it can easily be packaged, can use
+
+       $ make INSTALL_PREFIX=/tmp/package-root install
+
+     (or specify "--install_prefix=/tmp/package-root" as a configure
+     option).  The specified prefix will be prepended to all
+     installation target filenames.
+
+
+  NOTE: The header files used to reside directly in the include
+  directory, but have now been moved to include/openssl so that
+  OpenSSL can co-exist with other libraries which use some of the
+  same filenames.  This means that applications that use OpenSSL
+  should now use C preprocessor directives of the form
+
+       #include <openssl/ssl.h>
+
+  instead of "#include <ssl.h>", which was used with library versions
+  up to OpenSSL 0.9.2b.
+
+  If you install a new version of OpenSSL over an old library version,
+  you should delete the old header files in the include directory.
+
+  Compatibility issues:
+
+  *  COMPILING existing applications
+
+     To compile an application that uses old filenames -- e.g.
+     "#include <ssl.h>" --, it will usually be enough to find
+     the CFLAGS definition in the application's Makefile and
+     add a C option such as
+
+          -I/usr/local/ssl/include/openssl
+
+     to it.
+
+     But don't delete the existing -I option that points to
+     the ..../include directory!  Otherwise, OpenSSL header files
+     could not #include each other.
+
+  *  WRITING applications
+
+     To write an application that is able to handle both the new
+     and the old directory layout, so that it can still be compiled
+     with library versions up to OpenSSL 0.9.2b without bothering
+     the user, you can proceed as follows:
+
+     -  Always use the new filename of OpenSSL header files,
+        e.g. #include <openssl/ssl.h>.
+
+     -  Create a directory "incl" that contains only a symbolic
+        link named "openssl", which points to the "include" directory
+        of OpenSSL.
+        For example, your application's Makefile might contain the
+        following rule, if OPENSSLDIR is a pathname (absolute or
+        relative) of the directory where OpenSSL resides:
+
+        incl/openssl:
+        	-mkdir incl
+        	cd $(OPENSSLDIR) # Check whether the directory really exists
+        	-ln -s `cd $(OPENSSLDIR); pwd`/include incl/openssl
+
+        You will have to add "incl/openssl" to the dependencies
+        of those C files that include some OpenSSL header file.
+
+     -  Add "-Iincl" to your CFLAGS.
+
+     With these additions, the OpenSSL header files will be available
+     under both name variants if an old library version is used:
+     Your application can reach them under names like <openssl/foo.h>,
+     while the header files still are able to #include each other
+     with names of the form <foo.h>.
+
+
+ Note on multi-threading
+ -----------------------
+
+ For some systems, the OpenSSL Configure script knows what compiler options
+ are needed to generate a library that is suitable for multi-threaded
+ applications.  On these systems, support for multi-threading is enabled
+ by default; use the "no-threads" option to disable (this should never be
+ necessary).
+
+ On other systems, to enable support for multi-threading, you will have
+ to specify at least two options: "threads", and a system-dependent option.
+ (The latter is "-D_REENTRANT" on various systems.)  The default in this
+ case, obviously, is not to include support for multi-threading (but
+ you can still use "no-threads" to suppress an annoying warning message
+ from the Configure script.)
+
+
+ Note on shared libraries
+ ------------------------
+
+ Shared libraries have certain caveats.  Binary backward compatibility
+ can't be guaranteed before OpenSSL version 1.0.  The only reason to
+ use them would be to conserve memory on systems where several programs
+ are using OpenSSL.
+
+ For some systems, the OpenSSL Configure script knows what is needed to
+ build shared libraries for libcrypto and libssl.  On these systems,
+ the shared libraries are currently not created by default, but giving
+ the option "shared" will get them created.  This method supports Makefile
+ targets for shared library creation, like linux-shared.  Those targets
+ can currently be used on their own just as well, but this is expected
+ to change in future versions of OpenSSL.
+
+ Note on random number generation
+ --------------------------------
+
+ Availability of cryptographically secure random numbers is required for
+ secret key generation. OpenSSL provides several options to seed the
+ internal PRNG. If not properly seeded, the internal PRNG will refuse
+ to deliver random bytes and a "PRNG not seeded error" will occur.
+ On systems without /dev/urandom (or similar) device, it may be necessary
+ to install additional support software to obtain random seed.
+ Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
+ and the FAQ for more information.
+
+ Note on support for multiple builds
+ -----------------------------------
+
+ OpenSSL is usually built in its source tree.  Unfortunately, this doesn't
+ support building for multiple platforms from the same source tree very well.
+ It is however possible to build in a separate tree through the use of lots
+ of symbolic links, which should be prepared like this:
+
+	mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
+	cd objtree/"`uname -s`-`uname -r`-`uname -m`"
+	(cd $OPENSSL_SOURCE; find . -type f) | while read F; do
+		mkdir -p `dirname $F`
+		rm -f $F; ln -s $OPENSSL_SOURCE/$F $F
+		echo $F '->' $OPENSSL_SOURCE/$F
+	done
+	make -f Makefile.org clean
+
+ OPENSSL_SOURCE is an environment variable that contains the absolute (this
+ is important!) path to the OpenSSL source tree.
+
+ Also, operations like 'make update' should still be made in the source tree.

Deleted: vendor-crypto/openssl/1.0.1u/LICENSE
===================================================================
--- vendor-crypto/openssl/dist/LICENSE	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/LICENSE	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,127 +0,0 @@
-
-  LICENSE ISSUES
-  ==============
-
-  The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
-  the OpenSSL License and the original SSLeay license apply to the toolkit.
-  See below for the actual license texts. Actually both licenses are BSD-style
-  Open Source licenses. In case of any license issues related to OpenSSL
-  please contact openssl-core at openssl.org.
-
-  OpenSSL License
-  ---------------
-
-/* ====================================================================
- * Copyright (c) 1998-2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
- Original SSLeay License
- -----------------------
-
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-

Copied: vendor-crypto/openssl/1.0.1u/LICENSE (from rev 11605, vendor-crypto/openssl/dist/LICENSE)
===================================================================
--- vendor-crypto/openssl/1.0.1u/LICENSE	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/LICENSE	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,127 @@
+
+  LICENSE ISSUES
+  ==============
+
+  The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
+  the OpenSSL License and the original SSLeay license apply to the toolkit.
+  See below for the actual license texts. Actually both licenses are BSD-style
+  Open Source licenses. In case of any license issues related to OpenSSL
+  please contact openssl-core at openssl.org.
+
+  OpenSSL License
+  ---------------
+
+/* ====================================================================
+ * Copyright (c) 1998-2016 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+ Original SSLeay License
+ -----------------------
+
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+

Deleted: vendor-crypto/openssl/1.0.1u/Makefile
===================================================================
--- vendor-crypto/openssl/dist/Makefile	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/Makefile	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,680 +0,0 @@
-### Generated automatically from Makefile.org by Configure.
-
-##
-## Makefile for OpenSSL
-##
-
-VERSION=1.0.1q
-MAJOR=1
-MINOR=0.1
-SHLIB_VERSION_NUMBER=1.0.0
-SHLIB_VERSION_HISTORY=
-SHLIB_MAJOR=1
-SHLIB_MINOR=0.0
-SHLIB_EXT=
-PLATFORM=dist
-OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-store no-unit-test no-zlib no-zlib-dynamic static-engine
-CONFIGURE_ARGS=dist
-SHLIB_TARGET=
-
-# HERE indicates where this Makefile lives.  This can be used to indicate
-# where sub-Makefiles are expected to be.  Currently has very limited usage,
-# and should probably not be bothered with at all.
-HERE=.
-
-# INSTALL_PREFIX is for package builders so that they can configure
-# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
-# Normally it is left empty.
-INSTALL_PREFIX=
-INSTALLTOP=/usr/local/ssl
-
-# Do not edit this manually. Use Configure --openssldir=DIR do change this!
-OPENSSLDIR=/usr/local/ssl
-
-# NO_IDEA - Define to build without the IDEA algorithm
-# NO_RC4  - Define to build without the RC4 algorithm
-# NO_RC2  - Define to build without the RC2 algorithm
-# THREADS - Define when building with threads, you will probably also need any
-#           system defines as well, i.e. _REENTERANT for Solaris 2.[34]
-# TERMIO  - Define the termio terminal subsystem, needed if sgtty is missing.
-# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
-# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
-# DEVRANDOM - Give this the value of the 'random device' if your OS supports
-#           one.  32 bytes will be read from this when the random
-#           number generator is initalised.
-# SSL_FORBID_ENULL - define if you want the server to be not able to use the
-#           NULL encryption ciphers.
-#
-# LOCK_DEBUG - turns on lots of lock debug output :-)
-# REF_CHECK - turn on some xyz_free() assertions.
-# REF_PRINT - prints some stuff on structure free.
-# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
-# MFUNC - Make all Malloc/Free/Realloc calls call
-#       CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
-#       call application defined callbacks via CRYPTO_set_mem_functions()
-# MD5_ASM needs to be defined to use the x86 assembler for MD5
-# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
-# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
-# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8.  It must
-# equal 4.
-# PKCS1_CHECK - pkcs1 tests.
-
-CC= cc
-CFLAG= -O
-DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST
-PEX_LIBS= 
-EX_LIBS= 
-EXE_EXT= 
-ARFLAGS= 
-AR= ar $(ARFLAGS) r
-RANLIB= /usr/bin/ranlib
-NM= nm
-PERL= /usr/bin/perl
-TAR= tar
-TARFLAGS= --no-recursion --record-size=10240
-MAKEDEPPROG=makedepend
-LIBDIR=lib
-
-# We let the C compiler driver to take care of .s files. This is done in
-# order to be excused from maintaining a separate set of architecture
-# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
-# gcc, then the driver will automatically translate it to -xarch=v8plus
-# and pass it down to assembler.
-AS=$(CC) -c
-ASFLAG=$(CFLAG)
-
-# For x86 assembler: Set PROCESSOR to 386 if you want to support
-# the 80386.
-PROCESSOR= 
-
-# CPUID module collects small commonly used assembler snippets
-CPUID_OBJ= mem_clr.o
-BN_ASM= bn_asm.o
-DES_ENC= des_enc.o fcrypt_b.o
-AES_ENC= aes_core.o aes_cbc.o
-BF_ENC= bf_enc.o
-CAST_ENC= c_enc.o
-RC4_ENC= rc4_enc.o rc4_skey.o
-RC5_ENC= rc5_enc.o
-MD5_ASM_OBJ= 
-SHA1_ASM_OBJ= 
-RMD160_ASM_OBJ= 
-WP_ASM_OBJ= wp_block.o
-CMLL_ENC= camellia.o cmll_misc.o cmll_cbc.o
-MODES_ASM_OBJ= 
-ENGINES_ASM_OBJ= 
-PERLASM_SCHEME= 
-
-# KRB5 stuff
-KRB5_INCLUDES=
-LIBKRB5=
-
-# Zlib stuff
-ZLIB_INCLUDE=
-LIBZLIB=
-
-# TOP level FIPS install directory.
-FIPSDIR=/usr/local/ssl/fips-2.0
-
-# This is the location of fipscanister.o and friends.
-# The FIPS module build will place it $(INSTALLTOP)/lib
-# but since $(INSTALLTOP) can only take the default value
-# when the module is built it will be in /usr/local/ssl/lib
-# $(INSTALLTOP) for this build may be different so hard
-# code the path.
-
-FIPSLIBDIR=
-
-# The location of the library which contains fipscanister.o
-# normally it will be libcrypto unless fipsdso is set in which
-# case it will be libfips. If not compiling in FIPS mode at all
-# this is empty making it a useful test for a FIPS compile.
-
-FIPSCANLIB=
-
-# Shared library base address. Currently only used on Windows.
-#
-
-BASEADDR=0xFB00000
-
-DIRS=   crypto ssl engines apps test tools
-ENGDIRS= ccgost
-SHLIBDIRS= crypto ssl
-
-# dirs in crypto to build
-SDIRS=  \
-	objects \
-	md4 md5 sha mdc2 hmac ripemd whrlpool \
-	des aes rc2 rc4 idea bf cast camellia seed modes \
-	bn ec rsa dsa ecdsa dh ecdh dso engine \
-	buffer bio stack lhash rand err \
-	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
-	cms pqueue ts srp cmac
-# keep in mind that the above list is adjusted by ./Configure
-# according to no-xxx arguments...
-
-# tests to perform.  "alltests" is a special word indicating that all tests
-# should be performed.
-TESTS = alltests
-
-MAKEFILE= Makefile
-
-MANDIR=$(OPENSSLDIR)/man
-MAN1=1
-MAN3=3
-MANSUFFIX=
-HTMLSUFFIX=html
-HTMLDIR=$(OPENSSLDIR)/html
-SHELL=/bin/sh
-
-TOP=    .
-ONEDIRS=out tmp
-EDIRS=  times doc bugs util include certs ms shlib mt demos perl sf dep VMS
-WDIRS=  windows
-LIBS=   libcrypto.a libssl.a
-SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
-SHARED_SSL=libssl$(SHLIB_EXT)
-SHARED_LIBS=
-SHARED_LIBS_LINK_EXTS=
-SHARED_LDFLAGS=
-
-GENERAL=        Makefile
-BASENAME=       openssl
-NAME=           $(BASENAME)-$(VERSION)
-TARFILE=        $(NAME).tar
-WTARFILE=       $(NAME)-win.tar
-EXHEADER=       e_os2.h
-HEADER=         e_os.h
-
-all: Makefile build_all
-
-# as we stick to -e, CLEARENV ensures that local variables in lower
-# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
-# shell, which [annoyingly enough] terminates unset with error if VAR
-# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
-# which terminates unset with error if no variable was present:-(
-CLEARENV=	TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS}	\
-		$${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES}	\
-		$${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC}		\
-		$${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL}	\
-		$${EXHEADER+EXHEADER} $${HEADER+HEADER}		\
-		$${GENERAL+GENERAL} $${CFLAGS+CFLAGS}		\
-		$${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS}		\
-		$${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} $${SCRIPTS+SCRIPTS}	\
-		$${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS}	\
-		$${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
-
-BUILDENV=	PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \
-		CC='$(CC)' CFLAG='$(CFLAG)' 			\
-		AS='$(CC)' ASFLAG='$(CFLAG) -c'			\
-		AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)'	\
-		CROSS_COMPILE='$(CROSS_COMPILE)'	\
-		PERL='$(PERL)' ENGDIRS='$(ENGDIRS)'		\
-		SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)'	\
-		INSTALL_PREFIX='$(INSTALL_PREFIX)'		\
-		INSTALLTOP='$(INSTALLTOP)' OPENSSLDIR='$(OPENSSLDIR)'	\
-		LIBDIR='$(LIBDIR)'				\
-		MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \
-		DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)'	\
-		MAKEDEPPROG='$(MAKEDEPPROG)'			\
-		SHARED_LDFLAGS='$(SHARED_LDFLAGS)'		\
-		KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)'	\
-		ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)'	\
-		EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)'	\
-		SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)'	\
-		PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)'	\
-		CPUID_OBJ='$(CPUID_OBJ)'			\
-		BN_ASM='$(BN_ASM)' DES_ENC='$(DES_ENC)' 	\
-		AES_ENC='$(AES_ENC)' CMLL_ENC='$(CMLL_ENC)'	\
-		BF_ENC='$(BF_ENC)' CAST_ENC='$(CAST_ENC)'	\
-		RC4_ENC='$(RC4_ENC)' RC5_ENC='$(RC5_ENC)'	\
-		SHA1_ASM_OBJ='$(SHA1_ASM_OBJ)'			\
-		MD5_ASM_OBJ='$(MD5_ASM_OBJ)'			\
-		RMD160_ASM_OBJ='$(RMD160_ASM_OBJ)'		\
-		WP_ASM_OBJ='$(WP_ASM_OBJ)'			\
-		MODES_ASM_OBJ='$(MODES_ASM_OBJ)'		\
-		ENGINES_ASM_OBJ='$(ENGINES_ASM_OBJ)'		\
-		PERLASM_SCHEME='$(PERLASM_SCHEME)'		\
-		FIPSLIBDIR='${FIPSLIBDIR}'			\
-		FIPSDIR='${FIPSDIR}'				\
-		FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}"	\
-		THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
-# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
-# which in turn eliminates ambiguities in variable treatment with -e.
-
-# BUILD_CMD is a generic macro to build a given target in a given
-# subdirectory.  The target must be given through the shell variable
-# `target' and the subdirectory to build in must be given through `dir'.
-# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
-# BUILD_ONE_CMD instead.
-#
-# BUILD_ONE_CMD is a macro to build a given target in a given
-# subdirectory if that subdirectory is part of $(DIRS).  It requires
-# exactly the same shell variables as BUILD_CMD.
-#
-# RECURSIVE_BUILD_CMD is a macro to build a given target in all
-# subdirectories defined in $(DIRS).  It requires that the target
-# is given through the shell variable `target'.
-BUILD_CMD=  if [ -d "$$dir" ]; then \
-	    (	cd $$dir && echo "making $$target in $$dir..." && \
-		$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
-	    ) || exit 1; \
-	    fi
-RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
-BUILD_ONE_CMD=\
-	if expr " $(DIRS) " : ".* $$dir " >/dev/null 2>&1; then \
-		$(BUILD_CMD); \
-	fi
-
-reflect:
-	@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
-
-sub_all: build_all
-
-build_all: build_libs build_apps build_tests build_tools
-
-build_libs: build_libcrypto build_libssl openssl.pc
-
-build_libcrypto: build_crypto build_engines libcrypto.pc
-build_libssl: build_ssl libssl.pc
-
-build_crypto:
-	@dir=crypto; target=all; $(BUILD_ONE_CMD)
-build_ssl: build_crypto
-	@dir=ssl; target=all; $(BUILD_ONE_CMD)
-build_engines: build_crypto
-	@dir=engines; target=all; $(BUILD_ONE_CMD)
-build_apps: build_libs
-	@dir=apps; target=all; $(BUILD_ONE_CMD)
-build_tests: build_libs
-	@dir=test; target=all; $(BUILD_ONE_CMD)
-build_tools: build_libs
-	@dir=tools; target=all; $(BUILD_ONE_CMD)
-
-all_testapps: build_libs build_testapps
-build_testapps:
-	@dir=crypto; target=testapps; $(BUILD_ONE_CMD)
-
-fips_premain_dso$(EXE_EXT): libcrypto.a
-	[ -z "$(FIPSCANLIB)" ] || $(CC) $(CFLAG) -Iinclude \
-		-DFINGERPRINT_PREMAIN_DSO_LOAD -o $@  \
-		$(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fipscanister.o \
-		libcrypto.a $(EX_LIBS)
-
-libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_dso$(EXE_EXT)
-	@if [ "$(SHLIB_TARGET)" != "" ]; then \
-		if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
-			FIPSLD_LIBCRYPTO=libcrypto.a ; \
-			FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
-			export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
-		fi; \
-		$(MAKE) -e SHLIBDIRS=crypto  CC="$${CC:-$(CC)}" build-shared && \
-		(touch -c fips_premain_dso$(EXE_EXT) || :); \
-	else \
-		echo "There's no support for shared libraries on this platform" >&2; \
-		exit 1; \
-	fi
-
-libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
-	@if [ "$(SHLIB_TARGET)" != "" ]; then \
-		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
-	else \
-		echo "There's no support for shared libraries on this platform" >&2; \
-		exit 1; \
-	fi
-
-clean-shared:
-	@set -e; for i in $(SHLIBDIRS); do \
-		if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
-			tmp="$(SHARED_LIBS_LINK_EXTS)"; \
-			for j in $${tmp:-x}; do \
-				( set -x; rm -f lib$$i$$j ); \
-			done; \
-		fi; \
-		( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
-		if [ "$(PLATFORM)" = "Cygwin" ]; then \
-			( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
-		fi; \
-	done
-
-link-shared:
-	@ set -e; for i in $(SHLIBDIRS); do \
-		$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
-			LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
-			LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
-			symlink.$(SHLIB_TARGET); \
-		libs="$$libs -l$$i"; \
-	done
-
-build-shared: do_$(SHLIB_TARGET) link-shared
-
-do_$(SHLIB_TARGET):
-	@ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
-		if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \
-			libs="$(LIBKRB5) $$libs"; \
-		fi; \
-		$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
-			LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
-			LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
-			LIBDEPS="$$libs $(EX_LIBS)" \
-			link_a.$(SHLIB_TARGET); \
-		libs="-l$$i $$libs"; \
-	done
-
-libcrypto.pc: Makefile
-	@ ( echo 'prefix=$(INSTALLTOP)'; \
-	    echo 'exec_prefix=$${prefix}'; \
-	    echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
-	    echo 'includedir=$${prefix}/include'; \
-	    echo ''; \
-	    echo 'Name: OpenSSL-libcrypto'; \
-	    echo 'Description: OpenSSL cryptography library'; \
-	    echo 'Version: '$(VERSION); \
-	    echo 'Requires: '; \
-	    echo 'Libs: -L$${libdir} -lcrypto'; \
-	    echo 'Libs.private: $(EX_LIBS)'; \
-	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
-
-libssl.pc: Makefile
-	@ ( echo 'prefix=$(INSTALLTOP)'; \
-	    echo 'exec_prefix=$${prefix}'; \
-	    echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
-	    echo 'includedir=$${prefix}/include'; \
-	    echo ''; \
-	    echo 'Name: OpenSSL'; \
-	    echo 'Description: Secure Sockets Layer and cryptography libraries'; \
-	    echo 'Version: '$(VERSION); \
-	    echo 'Requires: '; \
-	    echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
-	    echo 'Libs.private: $(EX_LIBS)'; \
-	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
-
-openssl.pc: Makefile
-	@ ( echo 'prefix=$(INSTALLTOP)'; \
-	    echo 'exec_prefix=$${prefix}'; \
-	    echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
-	    echo 'includedir=$${prefix}/include'; \
-	    echo ''; \
-	    echo 'Name: OpenSSL'; \
-	    echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
-	    echo 'Version: '$(VERSION); \
-	    echo 'Requires: '; \
-	    echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
-	    echo 'Libs.private: $(EX_LIBS)'; \
-	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
-
-Makefile: Makefile.org Configure config
-	@echo "Makefile is older than Makefile.org, Configure or config."
-	@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
-	@false
-
-libclean:
-	rm -f *.map *.so *.so.* *.dylib *.dll engines/*.so engines/*.dll engines/*.dylib *.a engines/*.a */lib */*/lib
-
-clean:	libclean
-	rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
-	@set -e; target=clean; $(RECURSIVE_BUILD_CMD)
-	rm -f $(LIBS)
-	rm -f openssl.pc libssl.pc libcrypto.pc
-	rm -f speed.* .pure
-	rm -f $(TARFILE)
-	@set -e; for i in $(ONEDIRS) ;\
-	do \
-	rm -fr $$i/*; \
-	done
-
-makefile.one: files
-	$(PERL) util/mk1mf.pl >makefile.one; \
-	sh util/do_ms.sh
-
-files:
-	$(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO
-	@set -e; target=files; $(RECURSIVE_BUILD_CMD)
-
-links:
-	@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
-	@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
-	@set -e; target=links; $(RECURSIVE_BUILD_CMD)
-
-gentests:
-	@(cd test && echo "generating dummy tests (if needed)..." && \
-	$(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on generate );
-
-dclean:
-	rm -rf *.bak include/openssl certs/.0
-	@set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
-
-rehash: rehash.time
-rehash.time: certs apps
-	@if [ -z "$(CROSS_COMPILE)" ]; then \
-		(OPENSSL="`pwd`/util/opensslwrap.sh"; \
-		[ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \
-		OPENSSL_DEBUG_MEMORY=on; \
-		export OPENSSL OPENSSL_DEBUG_MEMORY; \
-		$(PERL) tools/c_rehash certs/demo) && \
-		touch rehash.time; \
-	else :; fi
-
-test:   tests
-
-tests: rehash
-	@(cd test && echo "testing..." && \
-	$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests );
-	OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
-
-report:
-	@$(PERL) util/selftest.pl
-
-update: errors stacks util/libeay.num util/ssleay.num TABLE
-	@set -e; target=update; $(RECURSIVE_BUILD_CMD)
-
-depend:
-	@set -e; target=depend; $(RECURSIVE_BUILD_CMD)
-
-lint:
-	@set -e; target=lint; $(RECURSIVE_BUILD_CMD)
-
-tags:
-	rm -f TAGS
-	find . -name '[^.]*.[ch]' | xargs etags -a
-
-errors:
-	$(PERL) util/ck_errf.pl -strict */*.c */*/*.c
-	$(PERL) util/mkerr.pl -recurse -write
-	(cd engines; $(MAKE) PERL=$(PERL) errors)
-
-stacks:
-	$(PERL) util/mkstack.pl -write
-
-util/libeay.num::
-	$(PERL) util/mkdef.pl crypto update
-
-util/ssleay.num::
-	$(PERL) util/mkdef.pl ssl update
-
-TABLE: Configure
-	(echo 'Output of `Configure TABLE'"':"; \
-	$(PERL) Configure TABLE) > TABLE
-
-# Build distribution tar-file. As the list of files returned by "find" is
-# pretty long, on several platforms a "too many arguments" error or similar
-# would occur. Therefore the list of files is temporarily stored into a file
-# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
-# tar does not support the --files-from option.
-TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \
-	                       --owner openssl:0 --group openssl:0 \
-			       --transform 's|^|openssl-$(VERSION)/|' \
-			       -cvf -
-
-../$(TARFILE).list:
-	find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
-	       \! -name '*.so' \! -name '*.so.*'  \! -name 'openssl' \
-	       \! -name '*test' \! -name '.#*' \! -name '*~' \
-	    | sort > ../$(TARFILE).list
-
-tar: ../$(TARFILE).list
-	find . -type d -print | xargs chmod 755
-	find . -type f -print | xargs chmod a+r
-	find . -type f -perm -0100 -print | xargs chmod a+x
-	$(TAR_COMMAND) | gzip --best >../$(TARFILE).gz
-	rm -f ../$(TARFILE).list
-	ls -l ../$(TARFILE).gz
-
-tar-snap: ../$(TARFILE).list
-	$(TAR_COMMAND) > ../$(TARFILE)
-	rm -f ../$(TARFILE).list
-	ls -l ../$(TARFILE)
-
-dist:   
-	$(PERL) Configure dist
-	@$(MAKE) dist_pem_h
-	@$(MAKE) SDIRS='$(SDIRS)' clean
-	@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar
-
-dist_pem_h:
-	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
-
-install: all install_docs install_sw
-
-install_sw:
-	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
-		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
-		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
-		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
-		$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
-		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
-		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
-		$(INSTALL_PREFIX)$(OPENSSLDIR)/private
-	@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
-	do \
-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-	done;
-	@set -e; target=install; $(RECURSIVE_BUILD_CMD)
-	@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
-	do \
-		if [ -f "$$i" ]; then \
-		(       echo installing $$i; \
-			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-			mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
-		fi; \
-	done;
-	@set -e; if [ -n "$(SHARED_LIBS)" ]; then \
-		tmp="$(SHARED_LIBS)"; \
-		for i in $${tmp:-x}; \
-		do \
-			if [ -f "$$i" -o -f "$$i.a" ]; then \
-			(       echo installing $$i; \
-				if [ "$(PLATFORM)" != "Cygwin" ]; then \
-					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
-				else \
-					c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
-					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
-					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
-					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
-					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
-				fi ); \
-				if expr $(PLATFORM) : 'mingw' > /dev/null; then \
-				(	case $$i in \
-						*crypto*) i=libeay32.dll;; \
-						*ssl*)    i=ssleay32.dll;; \
-					esac; \
-					echo installing $$i; \
-	 				cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
-	 				chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
-	 				mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
-				fi; \
-			fi; \
-		done; \
-		(	here="`pwd`"; \
-			cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \
-			$(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
-		if [ "$(INSTALLTOP)" != "/usr" ]; then \
-			echo 'OpenSSL shared libraries have been installed in:'; \
-			echo '  $(INSTALLTOP)'; \
-			echo ''; \
-			sed -e '1,/^$$/d' doc/openssl-shared.txt; \
-		fi; \
-	fi
-	cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
-	cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
-	cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
-
-install_html_docs:
-	here="`pwd`"; \
-	for subdir in apps crypto ssl; do \
-		mkdir -p $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
-		for i in doc/$$subdir/*.pod; do \
-			fn=`basename $$i .pod`; \
-			echo "installing html/$$fn.$(HTMLSUFFIX)"; \
-			cat $$i \
-			| sed -r 's/L<([^)]*)(\([0-9]\))?\|([^)]*)(\([0-9]\))?>/L<\1|\3>/g' \
-			| pod2html --podroot=doc --htmlroot=.. --podpath=apps:crypto:ssl \
-			| sed -r 's/<!DOCTYPE.*//g' \
-			> $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir/$$fn.$(HTMLSUFFIX); \
-			$(PERL) util/extract-names.pl < $$i | \
-				grep -v $$filecase "^$$fn\$$" | \
-				(cd $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
-				 while read n; do \
-					PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$(HTMLSUFFIX) "$$n".$(HTMLSUFFIX); \
-				 done); \
-		done; \
-	done
-
-install_docs:
-	@$(PERL) $(TOP)/util/mkdir-p.pl \
-		$(INSTALL_PREFIX)$(MANDIR)/man1 \
-		$(INSTALL_PREFIX)$(MANDIR)/man3 \
-		$(INSTALL_PREFIX)$(MANDIR)/man5 \
-		$(INSTALL_PREFIX)$(MANDIR)/man7
-	@pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
-	here="`pwd`"; \
-	filecase=; \
-	if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \
-		filecase=-i; \
-	fi; \
-	set -e; for i in doc/apps/*.pod; do \
-		fn=`basename $$i .pod`; \
-		sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
-		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
-		(cd `$(PERL) util/dirname.pl $$i`; \
-		sh -c "$$pod2man \
-			--section=$$sec --center=OpenSSL \
-			--release=$(VERSION) `basename $$i`") \
-			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
-		$(PERL) util/extract-names.pl < $$i | \
-			(grep -v $$filecase "^$$fn\$$"; true) | \
-			(grep -v "[	]"; true) | \
-			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
-			 while read n; do \
-				PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
-			 done); \
-	done; \
-	set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
-		fn=`basename $$i .pod`; \
-		sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
-		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
-		(cd `$(PERL) util/dirname.pl $$i`; \
-		sh -c "$$pod2man \
-			--section=$$sec --center=OpenSSL \
-			--release=$(VERSION) `basename $$i`") \
-			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
-		$(PERL) util/extract-names.pl < $$i | \
-			(grep -v $$filecase "^$$fn\$$"; true) | \
-			(grep -v "[	]"; true) | \
-			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
-			 while read n; do \
-				PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
-			 done); \
-	done
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.

Copied: vendor-crypto/openssl/1.0.1u/Makefile (from rev 11605, vendor-crypto/openssl/dist/Makefile)
===================================================================
--- vendor-crypto/openssl/1.0.1u/Makefile	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/Makefile	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,676 @@
+### Generated automatically from Makefile.org by Configure.
+
+##
+## Makefile for OpenSSL
+##
+
+VERSION=1.0.1u
+MAJOR=1
+MINOR=0.1
+SHLIB_VERSION_NUMBER=1.0.0
+SHLIB_VERSION_HISTORY=
+SHLIB_MAJOR=1
+SHLIB_MINOR=0.0
+SHLIB_EXT=
+PLATFORM=dist
+OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl2 no-store no-unit-test no-weak-ssl-ciphers no-zlib no-zlib-dynamic static-engine
+CONFIGURE_ARGS=dist
+SHLIB_TARGET=
+
+# HERE indicates where this Makefile lives.  This can be used to indicate
+# where sub-Makefiles are expected to be.  Currently has very limited usage,
+# and should probably not be bothered with at all.
+HERE=.
+
+# INSTALL_PREFIX is for package builders so that they can configure
+# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
+# Normally it is left empty.
+INSTALL_PREFIX=
+INSTALLTOP=/usr/local/ssl
+
+# Do not edit this manually. Use Configure --openssldir=DIR do change this!
+OPENSSLDIR=/usr/local/ssl
+
+# NO_IDEA - Define to build without the IDEA algorithm
+# NO_RC4  - Define to build without the RC4 algorithm
+# NO_RC2  - Define to build without the RC2 algorithm
+# THREADS - Define when building with threads, you will probably also need any
+#           system defines as well, i.e. _REENTERANT for Solaris 2.[34]
+# TERMIO  - Define the termio terminal subsystem, needed if sgtty is missing.
+# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
+# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
+# DEVRANDOM - Give this the value of the 'random device' if your OS supports
+#           one.  32 bytes will be read from this when the random
+#           number generator is initalised.
+# SSL_FORBID_ENULL - define if you want the server to be not able to use the
+#           NULL encryption ciphers.
+#
+# LOCK_DEBUG - turns on lots of lock debug output :-)
+# REF_CHECK - turn on some xyz_free() assertions.
+# REF_PRINT - prints some stuff on structure free.
+# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
+# MFUNC - Make all Malloc/Free/Realloc calls call
+#       CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
+#       call application defined callbacks via CRYPTO_set_mem_functions()
+# MD5_ASM needs to be defined to use the x86 assembler for MD5
+# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
+# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
+# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8.  It must
+# equal 4.
+# PKCS1_CHECK - pkcs1 tests.
+
+CC= cc
+CFLAG= -O
+DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS
+PEX_LIBS= 
+EX_LIBS= 
+EXE_EXT= 
+ARFLAGS= 
+AR= ar $(ARFLAGS) r
+RANLIB= /usr/bin/ranlib
+NM= nm
+PERL= /usr/bin/perl
+TAR= tar
+TARFLAGS= --no-recursion --record-size=10240
+MAKEDEPPROG=makedepend
+LIBDIR=lib
+
+# We let the C compiler driver to take care of .s files. This is done in
+# order to be excused from maintaining a separate set of architecture
+# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
+# gcc, then the driver will automatically translate it to -xarch=v8plus
+# and pass it down to assembler.
+AS=$(CC) -c
+ASFLAG=$(CFLAG)
+
+# For x86 assembler: Set PROCESSOR to 386 if you want to support
+# the 80386.
+PROCESSOR= 
+
+# CPUID module collects small commonly used assembler snippets
+CPUID_OBJ= mem_clr.o
+BN_ASM= bn_asm.o
+DES_ENC= des_enc.o fcrypt_b.o
+AES_ENC= aes_core.o aes_cbc.o
+BF_ENC= bf_enc.o
+CAST_ENC= c_enc.o
+RC4_ENC= rc4_enc.o rc4_skey.o
+RC5_ENC= rc5_enc.o
+MD5_ASM_OBJ= 
+SHA1_ASM_OBJ= 
+RMD160_ASM_OBJ= 
+WP_ASM_OBJ= wp_block.o
+CMLL_ENC= camellia.o cmll_misc.o cmll_cbc.o
+MODES_ASM_OBJ= 
+ENGINES_ASM_OBJ= 
+PERLASM_SCHEME= 
+
+# KRB5 stuff
+KRB5_INCLUDES=
+LIBKRB5=
+
+# Zlib stuff
+ZLIB_INCLUDE=
+LIBZLIB=
+
+# TOP level FIPS install directory.
+FIPSDIR=/usr/local/ssl/fips-2.0
+
+# This is the location of fipscanister.o and friends.
+# The FIPS module build will place it $(INSTALLTOP)/lib
+# but since $(INSTALLTOP) can only take the default value
+# when the module is built it will be in /usr/local/ssl/lib
+# $(INSTALLTOP) for this build may be different so hard
+# code the path.
+
+FIPSLIBDIR=
+
+# The location of the library which contains fipscanister.o
+# normally it will be libcrypto unless fipsdso is set in which
+# case it will be libfips. If not compiling in FIPS mode at all
+# this is empty making it a useful test for a FIPS compile.
+
+FIPSCANLIB=
+
+# Shared library base address. Currently only used on Windows.
+#
+
+BASEADDR=0xFB00000
+
+DIRS=   crypto ssl engines apps test tools
+ENGDIRS= ccgost
+SHLIBDIRS= crypto ssl
+
+# dirs in crypto to build
+SDIRS=  \
+	objects \
+	md4 md5 sha mdc2 hmac ripemd whrlpool \
+	des aes rc2 rc4 idea bf cast camellia seed modes \
+	bn ec rsa dsa ecdsa dh ecdh dso engine \
+	buffer bio stack lhash rand err \
+	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
+	cms pqueue ts srp cmac
+# keep in mind that the above list is adjusted by ./Configure
+# according to no-xxx arguments...
+
+# tests to perform.  "alltests" is a special word indicating that all tests
+# should be performed.
+TESTS = alltests
+
+MAKEFILE= Makefile
+
+MANDIR=$(OPENSSLDIR)/man
+MAN1=1
+MAN3=3
+MANSUFFIX=
+HTMLSUFFIX=html
+HTMLDIR=$(OPENSSLDIR)/html
+SHELL=/bin/sh
+
+TOP=    .
+ONEDIRS=out tmp
+EDIRS=  times doc bugs util include certs ms shlib mt demos perl sf dep VMS
+WDIRS=  windows
+LIBS=   libcrypto.a libssl.a
+SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
+SHARED_SSL=libssl$(SHLIB_EXT)
+SHARED_LIBS=
+SHARED_LIBS_LINK_EXTS=
+SHARED_LDFLAGS=
+
+GENERAL=        Makefile
+BASENAME=       openssl
+NAME=           $(BASENAME)-$(VERSION)
+TARFILE=        ../$(NAME).tar
+EXHEADER=       e_os2.h
+HEADER=         e_os.h
+
+all: Makefile build_all
+
+# as we stick to -e, CLEARENV ensures that local variables in lower
+# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
+# shell, which [annoyingly enough] terminates unset with error if VAR
+# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
+# which terminates unset with error if no variable was present:-(
+CLEARENV=	TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS}	\
+		$${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES}	\
+		$${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC}		\
+		$${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL}	\
+		$${EXHEADER+EXHEADER} $${HEADER+HEADER}		\
+		$${GENERAL+GENERAL} $${CFLAGS+CFLAGS}		\
+		$${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS}		\
+		$${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} $${SCRIPTS+SCRIPTS}	\
+		$${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS}	\
+		$${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
+
+BUILDENV=	PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \
+		CC='$(CC)' CFLAG='$(CFLAG)' 			\
+		AS='$(CC)' ASFLAG='$(CFLAG) -c'			\
+		AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)'	\
+		CROSS_COMPILE='$(CROSS_COMPILE)'	\
+		PERL='$(PERL)' ENGDIRS='$(ENGDIRS)'		\
+		SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)'	\
+		INSTALL_PREFIX='$(INSTALL_PREFIX)'		\
+		INSTALLTOP='$(INSTALLTOP)' OPENSSLDIR='$(OPENSSLDIR)'	\
+		LIBDIR='$(LIBDIR)'				\
+		MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \
+		DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)'	\
+		MAKEDEPPROG='$(MAKEDEPPROG)'			\
+		SHARED_LDFLAGS='$(SHARED_LDFLAGS)'		\
+		KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)'	\
+		ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)'	\
+		EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)'	\
+		SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)'	\
+		PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)'	\
+		CPUID_OBJ='$(CPUID_OBJ)'			\
+		BN_ASM='$(BN_ASM)' DES_ENC='$(DES_ENC)' 	\
+		AES_ENC='$(AES_ENC)' CMLL_ENC='$(CMLL_ENC)'	\
+		BF_ENC='$(BF_ENC)' CAST_ENC='$(CAST_ENC)'	\
+		RC4_ENC='$(RC4_ENC)' RC5_ENC='$(RC5_ENC)'	\
+		SHA1_ASM_OBJ='$(SHA1_ASM_OBJ)'			\
+		MD5_ASM_OBJ='$(MD5_ASM_OBJ)'			\
+		RMD160_ASM_OBJ='$(RMD160_ASM_OBJ)'		\
+		WP_ASM_OBJ='$(WP_ASM_OBJ)'			\
+		MODES_ASM_OBJ='$(MODES_ASM_OBJ)'		\
+		ENGINES_ASM_OBJ='$(ENGINES_ASM_OBJ)'		\
+		PERLASM_SCHEME='$(PERLASM_SCHEME)'		\
+		FIPSLIBDIR='${FIPSLIBDIR}'			\
+		FIPSDIR='${FIPSDIR}'				\
+		FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}"	\
+		THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
+# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
+# which in turn eliminates ambiguities in variable treatment with -e.
+
+# BUILD_CMD is a generic macro to build a given target in a given
+# subdirectory.  The target must be given through the shell variable
+# `target' and the subdirectory to build in must be given through `dir'.
+# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
+# BUILD_ONE_CMD instead.
+#
+# BUILD_ONE_CMD is a macro to build a given target in a given
+# subdirectory if that subdirectory is part of $(DIRS).  It requires
+# exactly the same shell variables as BUILD_CMD.
+#
+# RECURSIVE_BUILD_CMD is a macro to build a given target in all
+# subdirectories defined in $(DIRS).  It requires that the target
+# is given through the shell variable `target'.
+BUILD_CMD=  if [ -d "$$dir" ]; then \
+	    (	cd $$dir && echo "making $$target in $$dir..." && \
+		$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
+	    ) || exit 1; \
+	    fi
+RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
+BUILD_ONE_CMD=\
+	if expr " $(DIRS) " : ".* $$dir " >/dev/null 2>&1; then \
+		$(BUILD_CMD); \
+	fi
+
+reflect:
+	@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
+
+sub_all: build_all
+
+build_all: build_libs build_apps build_tests build_tools
+
+build_libs: build_libcrypto build_libssl openssl.pc
+
+build_libcrypto: build_crypto build_engines libcrypto.pc
+build_libssl: build_ssl libssl.pc
+
+build_crypto:
+	@dir=crypto; target=all; $(BUILD_ONE_CMD)
+build_ssl: build_crypto
+	@dir=ssl; target=all; $(BUILD_ONE_CMD)
+build_engines: build_crypto
+	@dir=engines; target=all; $(BUILD_ONE_CMD)
+build_apps: build_libs
+	@dir=apps; target=all; $(BUILD_ONE_CMD)
+build_tests: build_libs
+	@dir=test; target=all; $(BUILD_ONE_CMD)
+build_tools: build_libs
+	@dir=tools; target=all; $(BUILD_ONE_CMD)
+
+all_testapps: build_libs build_testapps
+build_testapps:
+	@dir=crypto; target=testapps; $(BUILD_ONE_CMD)
+
+fips_premain_dso$(EXE_EXT): libcrypto.a
+	[ -z "$(FIPSCANLIB)" ] || $(CC) $(CFLAG) -Iinclude \
+		-DFINGERPRINT_PREMAIN_DSO_LOAD -o $@  \
+		$(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fipscanister.o \
+		libcrypto.a $(EX_LIBS)
+
+libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_dso$(EXE_EXT)
+	@if [ "$(SHLIB_TARGET)" != "" ]; then \
+		if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
+			FIPSLD_LIBCRYPTO=libcrypto.a ; \
+			FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
+			export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
+		fi; \
+		$(MAKE) -e SHLIBDIRS=crypto  CC="$${CC:-$(CC)}" build-shared && \
+		(touch -c fips_premain_dso$(EXE_EXT) || :); \
+	else \
+		echo "There's no support for shared libraries on this platform" >&2; \
+		exit 1; \
+	fi
+
+libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
+	@if [ "$(SHLIB_TARGET)" != "" ]; then \
+		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
+	else \
+		echo "There's no support for shared libraries on this platform" >&2; \
+		exit 1; \
+	fi
+
+clean-shared:
+	@set -e; for i in $(SHLIBDIRS); do \
+		if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
+			tmp="$(SHARED_LIBS_LINK_EXTS)"; \
+			for j in $${tmp:-x}; do \
+				( set -x; rm -f lib$$i$$j ); \
+			done; \
+		fi; \
+		( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
+		if [ "$(PLATFORM)" = "Cygwin" ]; then \
+			( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
+		fi; \
+	done
+
+link-shared:
+	@ set -e; for i in $(SHLIBDIRS); do \
+		$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
+			LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
+			LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
+			symlink.$(SHLIB_TARGET); \
+		libs="$$libs -l$$i"; \
+	done
+
+build-shared: do_$(SHLIB_TARGET) link-shared
+
+do_$(SHLIB_TARGET):
+	@ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
+		if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+			libs="$(LIBKRB5) $$libs"; \
+		fi; \
+		$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
+			LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
+			LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
+			LIBDEPS="$$libs $(EX_LIBS)" \
+			link_a.$(SHLIB_TARGET); \
+		libs="-l$$i $$libs"; \
+	done
+
+libcrypto.pc: Makefile
+	@ ( echo 'prefix=$(INSTALLTOP)'; \
+	    echo 'exec_prefix=$${prefix}'; \
+	    echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
+	    echo 'includedir=$${prefix}/include'; \
+	    echo ''; \
+	    echo 'Name: OpenSSL-libcrypto'; \
+	    echo 'Description: OpenSSL cryptography library'; \
+	    echo 'Version: '$(VERSION); \
+	    echo 'Requires: '; \
+	    echo 'Libs: -L$${libdir} -lcrypto'; \
+	    echo 'Libs.private: $(EX_LIBS)'; \
+	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
+
+libssl.pc: Makefile
+	@ ( echo 'prefix=$(INSTALLTOP)'; \
+	    echo 'exec_prefix=$${prefix}'; \
+	    echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
+	    echo 'includedir=$${prefix}/include'; \
+	    echo ''; \
+	    echo 'Name: OpenSSL'; \
+	    echo 'Description: Secure Sockets Layer and cryptography libraries'; \
+	    echo 'Version: '$(VERSION); \
+	    echo 'Requires: '; \
+	    echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
+	    echo 'Libs.private: $(EX_LIBS)'; \
+	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
+
+openssl.pc: Makefile
+	@ ( echo 'prefix=$(INSTALLTOP)'; \
+	    echo 'exec_prefix=$${prefix}'; \
+	    echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
+	    echo 'includedir=$${prefix}/include'; \
+	    echo ''; \
+	    echo 'Name: OpenSSL'; \
+	    echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
+	    echo 'Version: '$(VERSION); \
+	    echo 'Requires: '; \
+	    echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
+	    echo 'Libs.private: $(EX_LIBS)'; \
+	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
+
+Makefile: Makefile.org Configure config
+	@echo "Makefile is older than Makefile.org, Configure or config."
+	@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
+	@false
+
+libclean:
+	rm -f *.map *.so *.so.* *.dylib *.dll engines/*.so engines/*.dll engines/*.dylib *.a engines/*.a */lib */*/lib
+
+clean:	libclean
+	rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
+	@set -e; target=clean; $(RECURSIVE_BUILD_CMD)
+	rm -f $(LIBS)
+	rm -f openssl.pc libssl.pc libcrypto.pc
+	rm -f speed.* .pure
+	rm -f $(TARFILE)
+	@set -e; for i in $(ONEDIRS) ;\
+	do \
+	rm -fr $$i/*; \
+	done
+
+makefile.one: files
+	$(PERL) util/mk1mf.pl >makefile.one; \
+	sh util/do_ms.sh
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO
+	@set -e; target=files; $(RECURSIVE_BUILD_CMD)
+
+links:
+	@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
+	@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
+	@set -e; target=links; $(RECURSIVE_BUILD_CMD)
+
+gentests:
+	@(cd test && echo "generating dummy tests (if needed)..." && \
+	$(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on generate );
+
+dclean:
+	rm -rf *.bak include/openssl certs/.0
+	@set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
+
+rehash: rehash.time
+rehash.time: certs apps
+	@if [ -z "$(CROSS_COMPILE)" ]; then \
+		(OPENSSL="`pwd`/util/opensslwrap.sh"; \
+		[ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \
+		OPENSSL_DEBUG_MEMORY=on; \
+		export OPENSSL OPENSSL_DEBUG_MEMORY; \
+		$(PERL) tools/c_rehash certs/demo) && \
+		touch rehash.time; \
+	else :; fi
+
+test:   tests
+
+tests: rehash
+	@(cd test && echo "testing..." && \
+	$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests );
+	OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
+
+report:
+	@$(PERL) util/selftest.pl
+
+update: errors stacks util/libeay.num util/ssleay.num TABLE
+	@set -e; target=update; $(RECURSIVE_BUILD_CMD)
+
+depend:
+	@set -e; target=depend; $(RECURSIVE_BUILD_CMD)
+
+lint:
+	@set -e; target=lint; $(RECURSIVE_BUILD_CMD)
+
+tags:
+	rm -f TAGS
+	find . -name '[^.]*.[ch]' | xargs etags -a
+
+errors:
+	$(PERL) util/ck_errf.pl -strict */*.c */*/*.c
+	$(PERL) util/mkerr.pl -recurse -write
+	(cd engines; $(MAKE) PERL=$(PERL) errors)
+
+stacks:
+	$(PERL) util/mkstack.pl -write
+
+util/libeay.num::
+	$(PERL) util/mkdef.pl crypto update
+
+util/ssleay.num::
+	$(PERL) util/mkdef.pl ssl update
+
+TABLE: Configure
+	(echo 'Output of `Configure TABLE'"':"; \
+	$(PERL) Configure TABLE) > TABLE
+
+# Build distribution tar-file. As the list of files returned by "find" is
+# pretty long, on several platforms a "too many arguments" error or similar
+# would occur. Therefore the list of files is temporarily stored into a file
+# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
+# tar does not support the --files-from option.
+TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \
+	                       --owner 0 --group 0 \
+			       --transform 's|^|$(NAME)/|' \
+			       -cvf -
+
+$(TARFILE).list:
+	find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
+	       \! -name '*.so' \! -name '*.so.*'  \! -name 'openssl' \
+	       \( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
+	       \! -name '.#*' \! -name '*~' \! -type l \
+	    | sort > $(TARFILE).list
+
+tar: $(TARFILE).list
+	find . -type d -print | xargs chmod 755
+	find . -type f -print | xargs chmod a+r
+	find . -type f -perm -0100 -print | xargs chmod a+x
+	$(TAR_COMMAND) | gzip --best > $(TARFILE).gz
+	rm -f $(TARFILE).list
+	ls -l $(TARFILE).gz
+
+tar-snap: $(TARFILE).list
+	$(TAR_COMMAND) > $(TARFILE)
+	rm -f $(TARFILE).list
+	ls -l $(TARFILE)
+
+dist:   
+	$(PERL) Configure dist
+	@$(MAKE) SDIRS='$(SDIRS)' clean
+	@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
+
+install: all install_docs install_sw
+
+install_sw:
+	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
+		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
+		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
+		$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
+		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
+		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
+		$(INSTALL_PREFIX)$(OPENSSLDIR)/private
+	@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
+	do \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+	@set -e; target=install; $(RECURSIVE_BUILD_CMD)
+	@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
+	do \
+		if [ -f "$$i" ]; then \
+		(       echo installing $$i; \
+			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+			mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
+		fi; \
+	done;
+	@set -e; if [ -n "$(SHARED_LIBS)" ]; then \
+		tmp="$(SHARED_LIBS)"; \
+		for i in $${tmp:-x}; \
+		do \
+			if [ -f "$$i" -o -f "$$i.a" ]; then \
+			(       echo installing $$i; \
+				if [ "$(PLATFORM)" != "Cygwin" ]; then \
+					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
+				else \
+					c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
+					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
+				fi ); \
+				if expr $(PLATFORM) : 'mingw' > /dev/null; then \
+				(	case $$i in \
+						*crypto*) i=libeay32.dll;; \
+						*ssl*)    i=ssleay32.dll;; \
+					esac; \
+					echo installing $$i; \
+	 				cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
+	 				chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
+	 				mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
+				fi; \
+			fi; \
+		done; \
+		(	here="`pwd`"; \
+			cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \
+			$(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
+		if [ "$(INSTALLTOP)" != "/usr" ]; then \
+			echo 'OpenSSL shared libraries have been installed in:'; \
+			echo '  $(INSTALLTOP)'; \
+			echo ''; \
+			sed -e '1,/^$$/d' doc/openssl-shared.txt; \
+		fi; \
+	fi
+	cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
+	cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
+	cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
+
+install_html_docs:
+	here="`pwd`"; \
+	for subdir in apps crypto ssl; do \
+		mkdir -p $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
+		for i in doc/$$subdir/*.pod; do \
+			fn=`basename $$i .pod`; \
+			echo "installing html/$$fn.$(HTMLSUFFIX)"; \
+			cat $$i \
+			| sed -r 's/L<([^)]*)(\([0-9]\))?\|([^)]*)(\([0-9]\))?>/L<\1|\3>/g' \
+			| pod2html --podroot=doc --htmlroot=.. --podpath=apps:crypto:ssl \
+			| sed -r 's/<!DOCTYPE.*//g' \
+			> $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir/$$fn.$(HTMLSUFFIX); \
+			$(PERL) util/extract-names.pl < $$i | \
+				grep -v $$filecase "^$$fn\$$" | \
+				(cd $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
+				 while read n; do \
+					PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$(HTMLSUFFIX) "$$n".$(HTMLSUFFIX); \
+				 done); \
+		done; \
+	done
+
+install_docs:
+	@$(PERL) $(TOP)/util/mkdir-p.pl \
+		$(INSTALL_PREFIX)$(MANDIR)/man1 \
+		$(INSTALL_PREFIX)$(MANDIR)/man3 \
+		$(INSTALL_PREFIX)$(MANDIR)/man5 \
+		$(INSTALL_PREFIX)$(MANDIR)/man7
+	@pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
+	here="`pwd`"; \
+	filecase=; \
+	if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \
+		filecase=-i; \
+	fi; \
+	set -e; for i in doc/apps/*.pod; do \
+		fn=`basename $$i .pod`; \
+		sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
+		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+		(cd `$(PERL) util/dirname.pl $$i`; \
+		sh -c "$$pod2man \
+			--section=$$sec --center=OpenSSL \
+			--release=$(VERSION) `basename $$i`") \
+			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
+		$(PERL) util/extract-names.pl < $$i | \
+			(grep -v $$filecase "^$$fn\$$"; true) | \
+			(grep -v "[	]"; true) | \
+			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
+			 while read n; do \
+				PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
+			 done); \
+	done; \
+	set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
+		fn=`basename $$i .pod`; \
+		sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
+		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+		(cd `$(PERL) util/dirname.pl $$i`; \
+		sh -c "$$pod2man \
+			--section=$$sec --center=OpenSSL \
+			--release=$(VERSION) `basename $$i`") \
+			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
+		$(PERL) util/extract-names.pl < $$i | \
+			(grep -v $$filecase "^$$fn\$$"; true) | \
+			(grep -v "[	]"; true) | \
+			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
+			 while read n; do \
+				PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
+			 done); \
+	done
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.

Deleted: vendor-crypto/openssl/1.0.1u/Makefile.bak
===================================================================
--- vendor-crypto/openssl/dist/Makefile.bak	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/Makefile.bak	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,680 +0,0 @@
-### Generated automatically from Makefile.org by Configure.
-
-##
-## Makefile for OpenSSL
-##
-
-VERSION=1.0.1q-dev
-MAJOR=1
-MINOR=0.1
-SHLIB_VERSION_NUMBER=1.0.0
-SHLIB_VERSION_HISTORY=
-SHLIB_MAJOR=1
-SHLIB_MINOR=0.0
-SHLIB_EXT=
-PLATFORM=gcc
-OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-store no-unit-test no-zlib no-zlib-dynamic static-engine
-CONFIGURE_ARGS=gcc
-SHLIB_TARGET=
-
-# HERE indicates where this Makefile lives.  This can be used to indicate
-# where sub-Makefiles are expected to be.  Currently has very limited usage,
-# and should probably not be bothered with at all.
-HERE=.
-
-# INSTALL_PREFIX is for package builders so that they can configure
-# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
-# Normally it is left empty.
-INSTALL_PREFIX=
-INSTALLTOP=/usr/local/ssl
-
-# Do not edit this manually. Use Configure --openssldir=DIR do change this!
-OPENSSLDIR=/usr/local/ssl
-
-# NO_IDEA - Define to build without the IDEA algorithm
-# NO_RC4  - Define to build without the RC4 algorithm
-# NO_RC2  - Define to build without the RC2 algorithm
-# THREADS - Define when building with threads, you will probably also need any
-#           system defines as well, i.e. _REENTERANT for Solaris 2.[34]
-# TERMIO  - Define the termio terminal subsystem, needed if sgtty is missing.
-# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
-# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
-# DEVRANDOM - Give this the value of the 'random device' if your OS supports
-#           one.  32 bytes will be read from this when the random
-#           number generator is initalised.
-# SSL_FORBID_ENULL - define if you want the server to be not able to use the
-#           NULL encryption ciphers.
-#
-# LOCK_DEBUG - turns on lots of lock debug output :-)
-# REF_CHECK - turn on some xyz_free() assertions.
-# REF_PRINT - prints some stuff on structure free.
-# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
-# MFUNC - Make all Malloc/Free/Realloc calls call
-#       CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
-#       call application defined callbacks via CRYPTO_set_mem_functions()
-# MD5_ASM needs to be defined to use the x86 assembler for MD5
-# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
-# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
-# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8.  It must
-# equal 4.
-# PKCS1_CHECK - pkcs1 tests.
-
-CC= gcc
-CFLAG= -O3
-DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST
-PEX_LIBS= 
-EX_LIBS= 
-EXE_EXT= 
-ARFLAGS= 
-AR= ar $(ARFLAGS) r
-RANLIB= /usr/bin/ranlib
-NM= nm
-PERL= /usr/bin/perl
-TAR= tar
-TARFLAGS= --no-recursion --record-size=10240
-MAKEDEPPROG= gcc
-LIBDIR=lib
-
-# We let the C compiler driver to take care of .s files. This is done in
-# order to be excused from maintaining a separate set of architecture
-# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
-# gcc, then the driver will automatically translate it to -xarch=v8plus
-# and pass it down to assembler.
-AS=$(CC) -c
-ASFLAG=$(CFLAG)
-
-# For x86 assembler: Set PROCESSOR to 386 if you want to support
-# the 80386.
-PROCESSOR= 
-
-# CPUID module collects small commonly used assembler snippets
-CPUID_OBJ= mem_clr.o
-BN_ASM= bn_asm.o
-DES_ENC= des_enc.o fcrypt_b.o
-AES_ENC= aes_core.o aes_cbc.o
-BF_ENC= bf_enc.o
-CAST_ENC= c_enc.o
-RC4_ENC= rc4_enc.o rc4_skey.o
-RC5_ENC= rc5_enc.o
-MD5_ASM_OBJ= 
-SHA1_ASM_OBJ= 
-RMD160_ASM_OBJ= 
-WP_ASM_OBJ= wp_block.o
-CMLL_ENC= camellia.o cmll_misc.o cmll_cbc.o
-MODES_ASM_OBJ= 
-ENGINES_ASM_OBJ= 
-PERLASM_SCHEME= 
-
-# KRB5 stuff
-KRB5_INCLUDES=
-LIBKRB5=
-
-# Zlib stuff
-ZLIB_INCLUDE=
-LIBZLIB=
-
-# TOP level FIPS install directory.
-FIPSDIR=/usr/local/ssl/fips-2.0
-
-# This is the location of fipscanister.o and friends.
-# The FIPS module build will place it $(INSTALLTOP)/lib
-# but since $(INSTALLTOP) can only take the default value
-# when the module is built it will be in /usr/local/ssl/lib
-# $(INSTALLTOP) for this build may be different so hard
-# code the path.
-
-FIPSLIBDIR=
-
-# The location of the library which contains fipscanister.o
-# normally it will be libcrypto unless fipsdso is set in which
-# case it will be libfips. If not compiling in FIPS mode at all
-# this is empty making it a useful test for a FIPS compile.
-
-FIPSCANLIB=
-
-# Shared library base address. Currently only used on Windows.
-#
-
-BASEADDR=0xFB00000
-
-DIRS=   crypto ssl engines apps test tools
-ENGDIRS= ccgost
-SHLIBDIRS= crypto ssl
-
-# dirs in crypto to build
-SDIRS=  \
-	objects \
-	md4 md5 sha mdc2 hmac ripemd whrlpool \
-	des aes rc2 rc4 idea bf cast camellia seed modes \
-	bn ec rsa dsa ecdsa dh ecdh dso engine \
-	buffer bio stack lhash rand err \
-	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
-	cms pqueue ts srp cmac
-# keep in mind that the above list is adjusted by ./Configure
-# according to no-xxx arguments...
-
-# tests to perform.  "alltests" is a special word indicating that all tests
-# should be performed.
-TESTS = alltests
-
-MAKEFILE= Makefile
-
-MANDIR=$(OPENSSLDIR)/man
-MAN1=1
-MAN3=3
-MANSUFFIX=
-HTMLSUFFIX=html
-HTMLDIR=$(OPENSSLDIR)/html
-SHELL=/bin/sh
-
-TOP=    .
-ONEDIRS=out tmp
-EDIRS=  times doc bugs util include certs ms shlib mt demos perl sf dep VMS
-WDIRS=  windows
-LIBS=   libcrypto.a libssl.a
-SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
-SHARED_SSL=libssl$(SHLIB_EXT)
-SHARED_LIBS=
-SHARED_LIBS_LINK_EXTS=
-SHARED_LDFLAGS=
-
-GENERAL=        Makefile
-BASENAME=       openssl
-NAME=           $(BASENAME)-$(VERSION)
-TARFILE=        $(NAME).tar
-WTARFILE=       $(NAME)-win.tar
-EXHEADER=       e_os2.h
-HEADER=         e_os.h
-
-all: Makefile build_all
-
-# as we stick to -e, CLEARENV ensures that local variables in lower
-# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
-# shell, which [annoyingly enough] terminates unset with error if VAR
-# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
-# which terminates unset with error if no variable was present:-(
-CLEARENV=	TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS}	\
-		$${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES}	\
-		$${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC}		\
-		$${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL}	\
-		$${EXHEADER+EXHEADER} $${HEADER+HEADER}		\
-		$${GENERAL+GENERAL} $${CFLAGS+CFLAGS}		\
-		$${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS}		\
-		$${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} $${SCRIPTS+SCRIPTS}	\
-		$${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS}	\
-		$${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
-
-BUILDENV=	PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \
-		CC='$(CC)' CFLAG='$(CFLAG)' 			\
-		AS='$(CC)' ASFLAG='$(CFLAG) -c'			\
-		AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)'	\
-		CROSS_COMPILE='$(CROSS_COMPILE)'	\
-		PERL='$(PERL)' ENGDIRS='$(ENGDIRS)'		\
-		SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)'	\
-		INSTALL_PREFIX='$(INSTALL_PREFIX)'		\
-		INSTALLTOP='$(INSTALLTOP)' OPENSSLDIR='$(OPENSSLDIR)'	\
-		LIBDIR='$(LIBDIR)'				\
-		MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \
-		DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)'	\
-		MAKEDEPPROG='$(MAKEDEPPROG)'			\
-		SHARED_LDFLAGS='$(SHARED_LDFLAGS)'		\
-		KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)'	\
-		ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)'	\
-		EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)'	\
-		SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)'	\
-		PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)'	\
-		CPUID_OBJ='$(CPUID_OBJ)'			\
-		BN_ASM='$(BN_ASM)' DES_ENC='$(DES_ENC)' 	\
-		AES_ENC='$(AES_ENC)' CMLL_ENC='$(CMLL_ENC)'	\
-		BF_ENC='$(BF_ENC)' CAST_ENC='$(CAST_ENC)'	\
-		RC4_ENC='$(RC4_ENC)' RC5_ENC='$(RC5_ENC)'	\
-		SHA1_ASM_OBJ='$(SHA1_ASM_OBJ)'			\
-		MD5_ASM_OBJ='$(MD5_ASM_OBJ)'			\
-		RMD160_ASM_OBJ='$(RMD160_ASM_OBJ)'		\
-		WP_ASM_OBJ='$(WP_ASM_OBJ)'			\
-		MODES_ASM_OBJ='$(MODES_ASM_OBJ)'		\
-		ENGINES_ASM_OBJ='$(ENGINES_ASM_OBJ)'		\
-		PERLASM_SCHEME='$(PERLASM_SCHEME)'		\
-		FIPSLIBDIR='${FIPSLIBDIR}'			\
-		FIPSDIR='${FIPSDIR}'				\
-		FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}"	\
-		THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
-# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
-# which in turn eliminates ambiguities in variable treatment with -e.
-
-# BUILD_CMD is a generic macro to build a given target in a given
-# subdirectory.  The target must be given through the shell variable
-# `target' and the subdirectory to build in must be given through `dir'.
-# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
-# BUILD_ONE_CMD instead.
-#
-# BUILD_ONE_CMD is a macro to build a given target in a given
-# subdirectory if that subdirectory is part of $(DIRS).  It requires
-# exactly the same shell variables as BUILD_CMD.
-#
-# RECURSIVE_BUILD_CMD is a macro to build a given target in all
-# subdirectories defined in $(DIRS).  It requires that the target
-# is given through the shell variable `target'.
-BUILD_CMD=  if [ -d "$$dir" ]; then \
-	    (	cd $$dir && echo "making $$target in $$dir..." && \
-		$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
-	    ) || exit 1; \
-	    fi
-RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
-BUILD_ONE_CMD=\
-	if expr " $(DIRS) " : ".* $$dir " >/dev/null 2>&1; then \
-		$(BUILD_CMD); \
-	fi
-
-reflect:
-	@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
-
-sub_all: build_all
-
-build_all: build_libs build_apps build_tests build_tools
-
-build_libs: build_libcrypto build_libssl openssl.pc
-
-build_libcrypto: build_crypto build_engines libcrypto.pc
-build_libssl: build_ssl libssl.pc
-
-build_crypto:
-	@dir=crypto; target=all; $(BUILD_ONE_CMD)
-build_ssl: build_crypto
-	@dir=ssl; target=all; $(BUILD_ONE_CMD)
-build_engines: build_crypto
-	@dir=engines; target=all; $(BUILD_ONE_CMD)
-build_apps: build_libs
-	@dir=apps; target=all; $(BUILD_ONE_CMD)
-build_tests: build_libs
-	@dir=test; target=all; $(BUILD_ONE_CMD)
-build_tools: build_libs
-	@dir=tools; target=all; $(BUILD_ONE_CMD)
-
-all_testapps: build_libs build_testapps
-build_testapps:
-	@dir=crypto; target=testapps; $(BUILD_ONE_CMD)
-
-fips_premain_dso$(EXE_EXT): libcrypto.a
-	[ -z "$(FIPSCANLIB)" ] || $(CC) $(CFLAG) -Iinclude \
-		-DFINGERPRINT_PREMAIN_DSO_LOAD -o $@  \
-		$(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fipscanister.o \
-		libcrypto.a $(EX_LIBS)
-
-libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_dso$(EXE_EXT)
-	@if [ "$(SHLIB_TARGET)" != "" ]; then \
-		if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
-			FIPSLD_LIBCRYPTO=libcrypto.a ; \
-			FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
-			export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
-		fi; \
-		$(MAKE) -e SHLIBDIRS=crypto  CC="$${CC:-$(CC)}" build-shared && \
-		(touch -c fips_premain_dso$(EXE_EXT) || :); \
-	else \
-		echo "There's no support for shared libraries on this platform" >&2; \
-		exit 1; \
-	fi
-
-libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
-	@if [ "$(SHLIB_TARGET)" != "" ]; then \
-		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
-	else \
-		echo "There's no support for shared libraries on this platform" >&2; \
-		exit 1; \
-	fi
-
-clean-shared:
-	@set -e; for i in $(SHLIBDIRS); do \
-		if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
-			tmp="$(SHARED_LIBS_LINK_EXTS)"; \
-			for j in $${tmp:-x}; do \
-				( set -x; rm -f lib$$i$$j ); \
-			done; \
-		fi; \
-		( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
-		if [ "$(PLATFORM)" = "Cygwin" ]; then \
-			( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
-		fi; \
-	done
-
-link-shared:
-	@ set -e; for i in $(SHLIBDIRS); do \
-		$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
-			LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
-			LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
-			symlink.$(SHLIB_TARGET); \
-		libs="$$libs -l$$i"; \
-	done
-
-build-shared: do_$(SHLIB_TARGET) link-shared
-
-do_$(SHLIB_TARGET):
-	@ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
-		if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \
-			libs="$(LIBKRB5) $$libs"; \
-		fi; \
-		$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
-			LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
-			LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
-			LIBDEPS="$$libs $(EX_LIBS)" \
-			link_a.$(SHLIB_TARGET); \
-		libs="-l$$i $$libs"; \
-	done
-
-libcrypto.pc: Makefile
-	@ ( echo 'prefix=$(INSTALLTOP)'; \
-	    echo 'exec_prefix=$${prefix}'; \
-	    echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
-	    echo 'includedir=$${prefix}/include'; \
-	    echo ''; \
-	    echo 'Name: OpenSSL-libcrypto'; \
-	    echo 'Description: OpenSSL cryptography library'; \
-	    echo 'Version: '$(VERSION); \
-	    echo 'Requires: '; \
-	    echo 'Libs: -L$${libdir} -lcrypto'; \
-	    echo 'Libs.private: $(EX_LIBS)'; \
-	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
-
-libssl.pc: Makefile
-	@ ( echo 'prefix=$(INSTALLTOP)'; \
-	    echo 'exec_prefix=$${prefix}'; \
-	    echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
-	    echo 'includedir=$${prefix}/include'; \
-	    echo ''; \
-	    echo 'Name: OpenSSL'; \
-	    echo 'Description: Secure Sockets Layer and cryptography libraries'; \
-	    echo 'Version: '$(VERSION); \
-	    echo 'Requires: '; \
-	    echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
-	    echo 'Libs.private: $(EX_LIBS)'; \
-	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
-
-openssl.pc: Makefile
-	@ ( echo 'prefix=$(INSTALLTOP)'; \
-	    echo 'exec_prefix=$${prefix}'; \
-	    echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
-	    echo 'includedir=$${prefix}/include'; \
-	    echo ''; \
-	    echo 'Name: OpenSSL'; \
-	    echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
-	    echo 'Version: '$(VERSION); \
-	    echo 'Requires: '; \
-	    echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
-	    echo 'Libs.private: $(EX_LIBS)'; \
-	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
-
-Makefile: Makefile.org Configure config
-	@echo "Makefile is older than Makefile.org, Configure or config."
-	@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
-	@false
-
-libclean:
-	rm -f *.map *.so *.so.* *.dylib *.dll engines/*.so engines/*.dll engines/*.dylib *.a engines/*.a */lib */*/lib
-
-clean:	libclean
-	rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
-	@set -e; target=clean; $(RECURSIVE_BUILD_CMD)
-	rm -f $(LIBS)
-	rm -f openssl.pc libssl.pc libcrypto.pc
-	rm -f speed.* .pure
-	rm -f $(TARFILE)
-	@set -e; for i in $(ONEDIRS) ;\
-	do \
-	rm -fr $$i/*; \
-	done
-
-makefile.one: files
-	$(PERL) util/mk1mf.pl >makefile.one; \
-	sh util/do_ms.sh
-
-files:
-	$(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO
-	@set -e; target=files; $(RECURSIVE_BUILD_CMD)
-
-links:
-	@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
-	@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
-	@set -e; target=links; $(RECURSIVE_BUILD_CMD)
-
-gentests:
-	@(cd test && echo "generating dummy tests (if needed)..." && \
-	$(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on generate );
-
-dclean:
-	rm -rf *.bak include/openssl certs/.0
-	@set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
-
-rehash: rehash.time
-rehash.time: certs apps
-	@if [ -z "$(CROSS_COMPILE)" ]; then \
-		(OPENSSL="`pwd`/util/opensslwrap.sh"; \
-		[ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \
-		OPENSSL_DEBUG_MEMORY=on; \
-		export OPENSSL OPENSSL_DEBUG_MEMORY; \
-		$(PERL) tools/c_rehash certs/demo) && \
-		touch rehash.time; \
-	else :; fi
-
-test:   tests
-
-tests: rehash
-	@(cd test && echo "testing..." && \
-	$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests );
-	OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
-
-report:
-	@$(PERL) util/selftest.pl
-
-update: errors stacks util/libeay.num util/ssleay.num TABLE
-	@set -e; target=update; $(RECURSIVE_BUILD_CMD)
-
-depend:
-	@set -e; target=depend; $(RECURSIVE_BUILD_CMD)
-
-lint:
-	@set -e; target=lint; $(RECURSIVE_BUILD_CMD)
-
-tags:
-	rm -f TAGS
-	find . -name '[^.]*.[ch]' | xargs etags -a
-
-errors:
-	$(PERL) util/ck_errf.pl -strict */*.c */*/*.c
-	$(PERL) util/mkerr.pl -recurse -write
-	(cd engines; $(MAKE) PERL=$(PERL) errors)
-
-stacks:
-	$(PERL) util/mkstack.pl -write
-
-util/libeay.num::
-	$(PERL) util/mkdef.pl crypto update
-
-util/ssleay.num::
-	$(PERL) util/mkdef.pl ssl update
-
-TABLE: Configure
-	(echo 'Output of `Configure TABLE'"':"; \
-	$(PERL) Configure TABLE) > TABLE
-
-# Build distribution tar-file. As the list of files returned by "find" is
-# pretty long, on several platforms a "too many arguments" error or similar
-# would occur. Therefore the list of files is temporarily stored into a file
-# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
-# tar does not support the --files-from option.
-TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \
-	                       --owner openssl:0 --group openssl:0 \
-			       --transform 's|^|openssl-$(VERSION)/|' \
-			       -cvf -
-
-../$(TARFILE).list:
-	find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
-	       \! -name '*.so' \! -name '*.so.*'  \! -name 'openssl' \
-	       \! -name '*test' \! -name '.#*' \! -name '*~' \
-	    | sort > ../$(TARFILE).list
-
-tar: ../$(TARFILE).list
-	find . -type d -print | xargs chmod 755
-	find . -type f -print | xargs chmod a+r
-	find . -type f -perm -0100 -print | xargs chmod a+x
-	$(TAR_COMMAND) | gzip --best >../$(TARFILE).gz
-	rm -f ../$(TARFILE).list
-	ls -l ../$(TARFILE).gz
-
-tar-snap: ../$(TARFILE).list
-	$(TAR_COMMAND) > ../$(TARFILE)
-	rm -f ../$(TARFILE).list
-	ls -l ../$(TARFILE)
-
-dist:   
-	$(PERL) Configure dist
-	@$(MAKE) dist_pem_h
-	@$(MAKE) SDIRS='$(SDIRS)' clean
-	@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar
-
-dist_pem_h:
-	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
-
-install: all install_docs install_sw
-
-install_sw:
-	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
-		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
-		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
-		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
-		$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
-		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
-		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
-		$(INSTALL_PREFIX)$(OPENSSLDIR)/private
-	@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
-	do \
-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-	done;
-	@set -e; target=install; $(RECURSIVE_BUILD_CMD)
-	@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
-	do \
-		if [ -f "$$i" ]; then \
-		(       echo installing $$i; \
-			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-			mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
-		fi; \
-	done;
-	@set -e; if [ -n "$(SHARED_LIBS)" ]; then \
-		tmp="$(SHARED_LIBS)"; \
-		for i in $${tmp:-x}; \
-		do \
-			if [ -f "$$i" -o -f "$$i.a" ]; then \
-			(       echo installing $$i; \
-				if [ "$(PLATFORM)" != "Cygwin" ]; then \
-					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
-				else \
-					c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
-					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
-					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
-					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
-					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
-				fi ); \
-				if expr $(PLATFORM) : 'mingw' > /dev/null; then \
-				(	case $$i in \
-						*crypto*) i=libeay32.dll;; \
-						*ssl*)    i=ssleay32.dll;; \
-					esac; \
-					echo installing $$i; \
-	 				cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
-	 				chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
-	 				mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
-				fi; \
-			fi; \
-		done; \
-		(	here="`pwd`"; \
-			cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \
-			$(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
-		if [ "$(INSTALLTOP)" != "/usr" ]; then \
-			echo 'OpenSSL shared libraries have been installed in:'; \
-			echo '  $(INSTALLTOP)'; \
-			echo ''; \
-			sed -e '1,/^$$/d' doc/openssl-shared.txt; \
-		fi; \
-	fi
-	cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
-	cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
-	cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
-
-install_html_docs:
-	here="`pwd`"; \
-	for subdir in apps crypto ssl; do \
-		mkdir -p $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
-		for i in doc/$$subdir/*.pod; do \
-			fn=`basename $$i .pod`; \
-			echo "installing html/$$fn.$(HTMLSUFFIX)"; \
-			cat $$i \
-			| sed -r 's/L<([^)]*)(\([0-9]\))?\|([^)]*)(\([0-9]\))?>/L<\1|\3>/g' \
-			| pod2html --podroot=doc --htmlroot=.. --podpath=apps:crypto:ssl \
-			| sed -r 's/<!DOCTYPE.*//g' \
-			> $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir/$$fn.$(HTMLSUFFIX); \
-			$(PERL) util/extract-names.pl < $$i | \
-				grep -v $$filecase "^$$fn\$$" | \
-				(cd $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
-				 while read n; do \
-					PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$(HTMLSUFFIX) "$$n".$(HTMLSUFFIX); \
-				 done); \
-		done; \
-	done
-
-install_docs:
-	@$(PERL) $(TOP)/util/mkdir-p.pl \
-		$(INSTALL_PREFIX)$(MANDIR)/man1 \
-		$(INSTALL_PREFIX)$(MANDIR)/man3 \
-		$(INSTALL_PREFIX)$(MANDIR)/man5 \
-		$(INSTALL_PREFIX)$(MANDIR)/man7
-	@pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
-	here="`pwd`"; \
-	filecase=; \
-	if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \
-		filecase=-i; \
-	fi; \
-	set -e; for i in doc/apps/*.pod; do \
-		fn=`basename $$i .pod`; \
-		sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
-		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
-		(cd `$(PERL) util/dirname.pl $$i`; \
-		sh -c "$$pod2man \
-			--section=$$sec --center=OpenSSL \
-			--release=$(VERSION) `basename $$i`") \
-			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
-		$(PERL) util/extract-names.pl < $$i | \
-			(grep -v $$filecase "^$$fn\$$"; true) | \
-			(grep -v "[	]"; true) | \
-			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
-			 while read n; do \
-				PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
-			 done); \
-	done; \
-	set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
-		fn=`basename $$i .pod`; \
-		sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
-		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
-		(cd `$(PERL) util/dirname.pl $$i`; \
-		sh -c "$$pod2man \
-			--section=$$sec --center=OpenSSL \
-			--release=$(VERSION) `basename $$i`") \
-			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
-		$(PERL) util/extract-names.pl < $$i | \
-			(grep -v $$filecase "^$$fn\$$"; true) | \
-			(grep -v "[	]"; true) | \
-			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
-			 while read n; do \
-				PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
-			 done); \
-	done
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.

Copied: vendor-crypto/openssl/1.0.1u/Makefile.bak (from rev 11605, vendor-crypto/openssl/dist/Makefile.bak)
===================================================================
--- vendor-crypto/openssl/1.0.1u/Makefile.bak	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/Makefile.bak	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,676 @@
+### Generated automatically from Makefile.org by Configure.
+
+##
+## Makefile for OpenSSL
+##
+
+VERSION=1.0.1u
+MAJOR=1
+MINOR=0.1
+SHLIB_VERSION_NUMBER=1.0.0
+SHLIB_VERSION_HISTORY=
+SHLIB_MAJOR=1
+SHLIB_MINOR=0.0
+SHLIB_EXT=.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+PLATFORM=linux-x86_64
+OPTIONS=-Wa,--noexecstack no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl2 no-store no-unit-test no-weak-ssl-ciphers no-zlib no-zlib-dynamic static-engine
+CONFIGURE_ARGS=linux-x86_64 -Wa,--noexecstack
+SHLIB_TARGET=linux-shared
+
+# HERE indicates where this Makefile lives.  This can be used to indicate
+# where sub-Makefiles are expected to be.  Currently has very limited usage,
+# and should probably not be bothered with at all.
+HERE=.
+
+# INSTALL_PREFIX is for package builders so that they can configure
+# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
+# Normally it is left empty.
+INSTALL_PREFIX=
+INSTALLTOP=/usr/local/ssl
+
+# Do not edit this manually. Use Configure --openssldir=DIR do change this!
+OPENSSLDIR=/usr/local/ssl
+
+# NO_IDEA - Define to build without the IDEA algorithm
+# NO_RC4  - Define to build without the RC4 algorithm
+# NO_RC2  - Define to build without the RC2 algorithm
+# THREADS - Define when building with threads, you will probably also need any
+#           system defines as well, i.e. _REENTERANT for Solaris 2.[34]
+# TERMIO  - Define the termio terminal subsystem, needed if sgtty is missing.
+# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
+# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
+# DEVRANDOM - Give this the value of the 'random device' if your OS supports
+#           one.  32 bytes will be read from this when the random
+#           number generator is initalised.
+# SSL_FORBID_ENULL - define if you want the server to be not able to use the
+#           NULL encryption ciphers.
+#
+# LOCK_DEBUG - turns on lots of lock debug output :-)
+# REF_CHECK - turn on some xyz_free() assertions.
+# REF_PRINT - prints some stuff on structure free.
+# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
+# MFUNC - Make all Malloc/Free/Realloc calls call
+#       CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
+#       call application defined callbacks via CRYPTO_set_mem_functions()
+# MD5_ASM needs to be defined to use the x86 assembler for MD5
+# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
+# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
+# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8.  It must
+# equal 4.
+# PKCS1_CHECK - pkcs1 tests.
+
+CC= gcc
+CFLAG= -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
+DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS
+PEX_LIBS= 
+EX_LIBS= -ldl
+EXE_EXT= 
+ARFLAGS= 
+AR= ar $(ARFLAGS) r
+RANLIB= /usr/bin/ranlib
+NM= nm
+PERL= /usr/bin/perl
+TAR= tar
+TARFLAGS= --no-recursion --record-size=10240
+MAKEDEPPROG= gcc
+LIBDIR=lib
+
+# We let the C compiler driver to take care of .s files. This is done in
+# order to be excused from maintaining a separate set of architecture
+# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
+# gcc, then the driver will automatically translate it to -xarch=v8plus
+# and pass it down to assembler.
+AS=$(CC) -c
+ASFLAG=$(CFLAG)
+
+# For x86 assembler: Set PROCESSOR to 386 if you want to support
+# the 80386.
+PROCESSOR= 
+
+# CPUID module collects small commonly used assembler snippets
+CPUID_OBJ= x86_64cpuid.o
+BN_ASM= x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o modexp512-x86_64.o
+DES_ENC= des_enc.o fcrypt_b.o
+AES_ENC= aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o
+BF_ENC= bf_enc.o
+CAST_ENC= c_enc.o
+RC4_ENC= rc4-x86_64.o rc4-md5-x86_64.o
+RC5_ENC= rc5_enc.o
+MD5_ASM_OBJ= md5-x86_64.o
+SHA1_ASM_OBJ= sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o
+RMD160_ASM_OBJ= 
+WP_ASM_OBJ= wp-x86_64.o
+CMLL_ENC= cmll-x86_64.o cmll_misc.o
+MODES_ASM_OBJ= ghash-x86_64.o
+ENGINES_ASM_OBJ= 
+PERLASM_SCHEME= elf
+
+# KRB5 stuff
+KRB5_INCLUDES=
+LIBKRB5=
+
+# Zlib stuff
+ZLIB_INCLUDE=
+LIBZLIB=
+
+# TOP level FIPS install directory.
+FIPSDIR=/usr/local/ssl/fips-2.0
+
+# This is the location of fipscanister.o and friends.
+# The FIPS module build will place it $(INSTALLTOP)/lib
+# but since $(INSTALLTOP) can only take the default value
+# when the module is built it will be in /usr/local/ssl/lib
+# $(INSTALLTOP) for this build may be different so hard
+# code the path.
+
+FIPSLIBDIR=
+
+# The location of the library which contains fipscanister.o
+# normally it will be libcrypto unless fipsdso is set in which
+# case it will be libfips. If not compiling in FIPS mode at all
+# this is empty making it a useful test for a FIPS compile.
+
+FIPSCANLIB=
+
+# Shared library base address. Currently only used on Windows.
+#
+
+BASEADDR=0xFB00000
+
+DIRS=   crypto ssl engines apps test tools
+ENGDIRS= ccgost
+SHLIBDIRS= crypto ssl
+
+# dirs in crypto to build
+SDIRS=  \
+	objects \
+	md4 md5 sha mdc2 hmac ripemd whrlpool \
+	des aes rc2 rc4 idea bf cast camellia seed modes \
+	bn ec rsa dsa ecdsa dh ecdh dso engine \
+	buffer bio stack lhash rand err \
+	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
+	cms pqueue ts srp cmac
+# keep in mind that the above list is adjusted by ./Configure
+# according to no-xxx arguments...
+
+# tests to perform.  "alltests" is a special word indicating that all tests
+# should be performed.
+TESTS = alltests
+
+MAKEFILE= Makefile
+
+MANDIR=$(OPENSSLDIR)/man
+MAN1=1
+MAN3=3
+MANSUFFIX=
+HTMLSUFFIX=html
+HTMLDIR=$(OPENSSLDIR)/html
+SHELL=/bin/sh
+
+TOP=    .
+ONEDIRS=out tmp
+EDIRS=  times doc bugs util include certs ms shlib mt demos perl sf dep VMS
+WDIRS=  windows
+LIBS=   libcrypto.a libssl.a
+SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
+SHARED_SSL=libssl$(SHLIB_EXT)
+SHARED_LIBS=
+SHARED_LIBS_LINK_EXTS=.so.$(SHLIB_MAJOR) .so
+SHARED_LDFLAGS=-m64
+
+GENERAL=        Makefile
+BASENAME=       openssl
+NAME=           $(BASENAME)-$(VERSION)
+TARFILE=        ../$(NAME).tar
+EXHEADER=       e_os2.h
+HEADER=         e_os.h
+
+all: Makefile build_all
+
+# as we stick to -e, CLEARENV ensures that local variables in lower
+# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
+# shell, which [annoyingly enough] terminates unset with error if VAR
+# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
+# which terminates unset with error if no variable was present:-(
+CLEARENV=	TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS}	\
+		$${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES}	\
+		$${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC}		\
+		$${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL}	\
+		$${EXHEADER+EXHEADER} $${HEADER+HEADER}		\
+		$${GENERAL+GENERAL} $${CFLAGS+CFLAGS}		\
+		$${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS}		\
+		$${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} $${SCRIPTS+SCRIPTS}	\
+		$${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS}	\
+		$${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
+
+BUILDENV=	PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \
+		CC='$(CC)' CFLAG='$(CFLAG)' 			\
+		AS='$(CC)' ASFLAG='$(CFLAG) -c'			\
+		AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)'	\
+		CROSS_COMPILE='$(CROSS_COMPILE)'	\
+		PERL='$(PERL)' ENGDIRS='$(ENGDIRS)'		\
+		SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)'	\
+		INSTALL_PREFIX='$(INSTALL_PREFIX)'		\
+		INSTALLTOP='$(INSTALLTOP)' OPENSSLDIR='$(OPENSSLDIR)'	\
+		LIBDIR='$(LIBDIR)'				\
+		MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \
+		DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)'	\
+		MAKEDEPPROG='$(MAKEDEPPROG)'			\
+		SHARED_LDFLAGS='$(SHARED_LDFLAGS)'		\
+		KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)'	\
+		ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)'	\
+		EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)'	\
+		SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)'	\
+		PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)'	\
+		CPUID_OBJ='$(CPUID_OBJ)'			\
+		BN_ASM='$(BN_ASM)' DES_ENC='$(DES_ENC)' 	\
+		AES_ENC='$(AES_ENC)' CMLL_ENC='$(CMLL_ENC)'	\
+		BF_ENC='$(BF_ENC)' CAST_ENC='$(CAST_ENC)'	\
+		RC4_ENC='$(RC4_ENC)' RC5_ENC='$(RC5_ENC)'	\
+		SHA1_ASM_OBJ='$(SHA1_ASM_OBJ)'			\
+		MD5_ASM_OBJ='$(MD5_ASM_OBJ)'			\
+		RMD160_ASM_OBJ='$(RMD160_ASM_OBJ)'		\
+		WP_ASM_OBJ='$(WP_ASM_OBJ)'			\
+		MODES_ASM_OBJ='$(MODES_ASM_OBJ)'		\
+		ENGINES_ASM_OBJ='$(ENGINES_ASM_OBJ)'		\
+		PERLASM_SCHEME='$(PERLASM_SCHEME)'		\
+		FIPSLIBDIR='${FIPSLIBDIR}'			\
+		FIPSDIR='${FIPSDIR}'				\
+		FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}"	\
+		THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
+# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
+# which in turn eliminates ambiguities in variable treatment with -e.
+
+# BUILD_CMD is a generic macro to build a given target in a given
+# subdirectory.  The target must be given through the shell variable
+# `target' and the subdirectory to build in must be given through `dir'.
+# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
+# BUILD_ONE_CMD instead.
+#
+# BUILD_ONE_CMD is a macro to build a given target in a given
+# subdirectory if that subdirectory is part of $(DIRS).  It requires
+# exactly the same shell variables as BUILD_CMD.
+#
+# RECURSIVE_BUILD_CMD is a macro to build a given target in all
+# subdirectories defined in $(DIRS).  It requires that the target
+# is given through the shell variable `target'.
+BUILD_CMD=  if [ -d "$$dir" ]; then \
+	    (	cd $$dir && echo "making $$target in $$dir..." && \
+		$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
+	    ) || exit 1; \
+	    fi
+RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
+BUILD_ONE_CMD=\
+	if expr " $(DIRS) " : ".* $$dir " >/dev/null 2>&1; then \
+		$(BUILD_CMD); \
+	fi
+
+reflect:
+	@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
+
+sub_all: build_all
+
+build_all: build_libs build_apps build_tests build_tools
+
+build_libs: build_libcrypto build_libssl openssl.pc
+
+build_libcrypto: build_crypto build_engines libcrypto.pc
+build_libssl: build_ssl libssl.pc
+
+build_crypto:
+	@dir=crypto; target=all; $(BUILD_ONE_CMD)
+build_ssl: build_crypto
+	@dir=ssl; target=all; $(BUILD_ONE_CMD)
+build_engines: build_crypto
+	@dir=engines; target=all; $(BUILD_ONE_CMD)
+build_apps: build_libs
+	@dir=apps; target=all; $(BUILD_ONE_CMD)
+build_tests: build_libs
+	@dir=test; target=all; $(BUILD_ONE_CMD)
+build_tools: build_libs
+	@dir=tools; target=all; $(BUILD_ONE_CMD)
+
+all_testapps: build_libs build_testapps
+build_testapps:
+	@dir=crypto; target=testapps; $(BUILD_ONE_CMD)
+
+fips_premain_dso$(EXE_EXT): libcrypto.a
+	[ -z "$(FIPSCANLIB)" ] || $(CC) $(CFLAG) -Iinclude \
+		-DFINGERPRINT_PREMAIN_DSO_LOAD -o $@  \
+		$(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fipscanister.o \
+		libcrypto.a $(EX_LIBS)
+
+libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_dso$(EXE_EXT)
+	@if [ "$(SHLIB_TARGET)" != "" ]; then \
+		if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
+			FIPSLD_LIBCRYPTO=libcrypto.a ; \
+			FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
+			export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
+		fi; \
+		$(MAKE) -e SHLIBDIRS=crypto  CC="$${CC:-$(CC)}" build-shared && \
+		(touch -c fips_premain_dso$(EXE_EXT) || :); \
+	else \
+		echo "There's no support for shared libraries on this platform" >&2; \
+		exit 1; \
+	fi
+
+libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
+	@if [ "$(SHLIB_TARGET)" != "" ]; then \
+		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
+	else \
+		echo "There's no support for shared libraries on this platform" >&2; \
+		exit 1; \
+	fi
+
+clean-shared:
+	@set -e; for i in $(SHLIBDIRS); do \
+		if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
+			tmp="$(SHARED_LIBS_LINK_EXTS)"; \
+			for j in $${tmp:-x}; do \
+				( set -x; rm -f lib$$i$$j ); \
+			done; \
+		fi; \
+		( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
+		if [ "$(PLATFORM)" = "Cygwin" ]; then \
+			( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
+		fi; \
+	done
+
+link-shared:
+	@ set -e; for i in $(SHLIBDIRS); do \
+		$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
+			LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
+			LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
+			symlink.$(SHLIB_TARGET); \
+		libs="$$libs -l$$i"; \
+	done
+
+build-shared: do_$(SHLIB_TARGET) link-shared
+
+do_$(SHLIB_TARGET):
+	@ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
+		if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+			libs="$(LIBKRB5) $$libs"; \
+		fi; \
+		$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
+			LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
+			LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
+			LIBDEPS="$$libs $(EX_LIBS)" \
+			link_a.$(SHLIB_TARGET); \
+		libs="-l$$i $$libs"; \
+	done
+
+libcrypto.pc: Makefile
+	@ ( echo 'prefix=$(INSTALLTOP)'; \
+	    echo 'exec_prefix=$${prefix}'; \
+	    echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
+	    echo 'includedir=$${prefix}/include'; \
+	    echo ''; \
+	    echo 'Name: OpenSSL-libcrypto'; \
+	    echo 'Description: OpenSSL cryptography library'; \
+	    echo 'Version: '$(VERSION); \
+	    echo 'Requires: '; \
+	    echo 'Libs: -L$${libdir} -lcrypto'; \
+	    echo 'Libs.private: $(EX_LIBS)'; \
+	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
+
+libssl.pc: Makefile
+	@ ( echo 'prefix=$(INSTALLTOP)'; \
+	    echo 'exec_prefix=$${prefix}'; \
+	    echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
+	    echo 'includedir=$${prefix}/include'; \
+	    echo ''; \
+	    echo 'Name: OpenSSL'; \
+	    echo 'Description: Secure Sockets Layer and cryptography libraries'; \
+	    echo 'Version: '$(VERSION); \
+	    echo 'Requires: '; \
+	    echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
+	    echo 'Libs.private: $(EX_LIBS)'; \
+	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
+
+openssl.pc: Makefile
+	@ ( echo 'prefix=$(INSTALLTOP)'; \
+	    echo 'exec_prefix=$${prefix}'; \
+	    echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
+	    echo 'includedir=$${prefix}/include'; \
+	    echo ''; \
+	    echo 'Name: OpenSSL'; \
+	    echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
+	    echo 'Version: '$(VERSION); \
+	    echo 'Requires: '; \
+	    echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
+	    echo 'Libs.private: $(EX_LIBS)'; \
+	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
+
+Makefile: Makefile.org Configure config
+	@echo "Makefile is older than Makefile.org, Configure or config."
+	@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
+	@false
+
+libclean:
+	rm -f *.map *.so *.so.* *.dylib *.dll engines/*.so engines/*.dll engines/*.dylib *.a engines/*.a */lib */*/lib
+
+clean:	libclean
+	rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
+	@set -e; target=clean; $(RECURSIVE_BUILD_CMD)
+	rm -f $(LIBS)
+	rm -f openssl.pc libssl.pc libcrypto.pc
+	rm -f speed.* .pure
+	rm -f $(TARFILE)
+	@set -e; for i in $(ONEDIRS) ;\
+	do \
+	rm -fr $$i/*; \
+	done
+
+makefile.one: files
+	$(PERL) util/mk1mf.pl >makefile.one; \
+	sh util/do_ms.sh
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO
+	@set -e; target=files; $(RECURSIVE_BUILD_CMD)
+
+links:
+	@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
+	@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
+	@set -e; target=links; $(RECURSIVE_BUILD_CMD)
+
+gentests:
+	@(cd test && echo "generating dummy tests (if needed)..." && \
+	$(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on generate );
+
+dclean:
+	rm -rf *.bak include/openssl certs/.0
+	@set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
+
+rehash: rehash.time
+rehash.time: certs apps
+	@if [ -z "$(CROSS_COMPILE)" ]; then \
+		(OPENSSL="`pwd`/util/opensslwrap.sh"; \
+		[ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \
+		OPENSSL_DEBUG_MEMORY=on; \
+		export OPENSSL OPENSSL_DEBUG_MEMORY; \
+		$(PERL) tools/c_rehash certs/demo) && \
+		touch rehash.time; \
+	else :; fi
+
+test:   tests
+
+tests: rehash
+	@(cd test && echo "testing..." && \
+	$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests );
+	OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
+
+report:
+	@$(PERL) util/selftest.pl
+
+update: errors stacks util/libeay.num util/ssleay.num TABLE
+	@set -e; target=update; $(RECURSIVE_BUILD_CMD)
+
+depend:
+	@set -e; target=depend; $(RECURSIVE_BUILD_CMD)
+
+lint:
+	@set -e; target=lint; $(RECURSIVE_BUILD_CMD)
+
+tags:
+	rm -f TAGS
+	find . -name '[^.]*.[ch]' | xargs etags -a
+
+errors:
+	$(PERL) util/ck_errf.pl -strict */*.c */*/*.c
+	$(PERL) util/mkerr.pl -recurse -write
+	(cd engines; $(MAKE) PERL=$(PERL) errors)
+
+stacks:
+	$(PERL) util/mkstack.pl -write
+
+util/libeay.num::
+	$(PERL) util/mkdef.pl crypto update
+
+util/ssleay.num::
+	$(PERL) util/mkdef.pl ssl update
+
+TABLE: Configure
+	(echo 'Output of `Configure TABLE'"':"; \
+	$(PERL) Configure TABLE) > TABLE
+
+# Build distribution tar-file. As the list of files returned by "find" is
+# pretty long, on several platforms a "too many arguments" error or similar
+# would occur. Therefore the list of files is temporarily stored into a file
+# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
+# tar does not support the --files-from option.
+TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \
+	                       --owner 0 --group 0 \
+			       --transform 's|^|$(NAME)/|' \
+			       -cvf -
+
+$(TARFILE).list:
+	find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
+	       \! -name '*.so' \! -name '*.so.*'  \! -name 'openssl' \
+	       \( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
+	       \! -name '.#*' \! -name '*~' \! -type l \
+	    | sort > $(TARFILE).list
+
+tar: $(TARFILE).list
+	find . -type d -print | xargs chmod 755
+	find . -type f -print | xargs chmod a+r
+	find . -type f -perm -0100 -print | xargs chmod a+x
+	$(TAR_COMMAND) | gzip --best > $(TARFILE).gz
+	rm -f $(TARFILE).list
+	ls -l $(TARFILE).gz
+
+tar-snap: $(TARFILE).list
+	$(TAR_COMMAND) > $(TARFILE)
+	rm -f $(TARFILE).list
+	ls -l $(TARFILE)
+
+dist:   
+	$(PERL) Configure dist
+	@$(MAKE) SDIRS='$(SDIRS)' clean
+	@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
+
+install: all install_docs install_sw
+
+install_sw:
+	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
+		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
+		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
+		$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
+		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
+		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
+		$(INSTALL_PREFIX)$(OPENSSLDIR)/private
+	@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
+	do \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+	@set -e; target=install; $(RECURSIVE_BUILD_CMD)
+	@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
+	do \
+		if [ -f "$$i" ]; then \
+		(       echo installing $$i; \
+			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+			mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
+		fi; \
+	done;
+	@set -e; if [ -n "$(SHARED_LIBS)" ]; then \
+		tmp="$(SHARED_LIBS)"; \
+		for i in $${tmp:-x}; \
+		do \
+			if [ -f "$$i" -o -f "$$i.a" ]; then \
+			(       echo installing $$i; \
+				if [ "$(PLATFORM)" != "Cygwin" ]; then \
+					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
+				else \
+					c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
+					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
+				fi ); \
+				if expr $(PLATFORM) : 'mingw' > /dev/null; then \
+				(	case $$i in \
+						*crypto*) i=libeay32.dll;; \
+						*ssl*)    i=ssleay32.dll;; \
+					esac; \
+					echo installing $$i; \
+	 				cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
+	 				chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
+	 				mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
+				fi; \
+			fi; \
+		done; \
+		(	here="`pwd`"; \
+			cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \
+			$(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
+		if [ "$(INSTALLTOP)" != "/usr" ]; then \
+			echo 'OpenSSL shared libraries have been installed in:'; \
+			echo '  $(INSTALLTOP)'; \
+			echo ''; \
+			sed -e '1,/^$$/d' doc/openssl-shared.txt; \
+		fi; \
+	fi
+	cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
+	cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
+	cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
+
+install_html_docs:
+	here="`pwd`"; \
+	for subdir in apps crypto ssl; do \
+		mkdir -p $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
+		for i in doc/$$subdir/*.pod; do \
+			fn=`basename $$i .pod`; \
+			echo "installing html/$$fn.$(HTMLSUFFIX)"; \
+			cat $$i \
+			| sed -r 's/L<([^)]*)(\([0-9]\))?\|([^)]*)(\([0-9]\))?>/L<\1|\3>/g' \
+			| pod2html --podroot=doc --htmlroot=.. --podpath=apps:crypto:ssl \
+			| sed -r 's/<!DOCTYPE.*//g' \
+			> $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir/$$fn.$(HTMLSUFFIX); \
+			$(PERL) util/extract-names.pl < $$i | \
+				grep -v $$filecase "^$$fn\$$" | \
+				(cd $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
+				 while read n; do \
+					PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$(HTMLSUFFIX) "$$n".$(HTMLSUFFIX); \
+				 done); \
+		done; \
+	done
+
+install_docs:
+	@$(PERL) $(TOP)/util/mkdir-p.pl \
+		$(INSTALL_PREFIX)$(MANDIR)/man1 \
+		$(INSTALL_PREFIX)$(MANDIR)/man3 \
+		$(INSTALL_PREFIX)$(MANDIR)/man5 \
+		$(INSTALL_PREFIX)$(MANDIR)/man7
+	@pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
+	here="`pwd`"; \
+	filecase=; \
+	if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \
+		filecase=-i; \
+	fi; \
+	set -e; for i in doc/apps/*.pod; do \
+		fn=`basename $$i .pod`; \
+		sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
+		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+		(cd `$(PERL) util/dirname.pl $$i`; \
+		sh -c "$$pod2man \
+			--section=$$sec --center=OpenSSL \
+			--release=$(VERSION) `basename $$i`") \
+			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
+		$(PERL) util/extract-names.pl < $$i | \
+			(grep -v $$filecase "^$$fn\$$"; true) | \
+			(grep -v "[	]"; true) | \
+			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
+			 while read n; do \
+				PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
+			 done); \
+	done; \
+	set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
+		fn=`basename $$i .pod`; \
+		sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
+		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+		(cd `$(PERL) util/dirname.pl $$i`; \
+		sh -c "$$pod2man \
+			--section=$$sec --center=OpenSSL \
+			--release=$(VERSION) `basename $$i`") \
+			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
+		$(PERL) util/extract-names.pl < $$i | \
+			(grep -v $$filecase "^$$fn\$$"; true) | \
+			(grep -v "[	]"; true) | \
+			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
+			 while read n; do \
+				PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
+			 done); \
+	done
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.

Deleted: vendor-crypto/openssl/1.0.1u/Makefile.org
===================================================================
--- vendor-crypto/openssl/dist/Makefile.org	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/Makefile.org	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,678 +0,0 @@
-##
-## Makefile for OpenSSL
-##
-
-VERSION=
-MAJOR=
-MINOR=
-SHLIB_VERSION_NUMBER=
-SHLIB_VERSION_HISTORY=
-SHLIB_MAJOR=
-SHLIB_MINOR=
-SHLIB_EXT=
-PLATFORM=dist
-OPTIONS=
-CONFIGURE_ARGS=
-SHLIB_TARGET=
-
-# HERE indicates where this Makefile lives.  This can be used to indicate
-# where sub-Makefiles are expected to be.  Currently has very limited usage,
-# and should probably not be bothered with at all.
-HERE=.
-
-# INSTALL_PREFIX is for package builders so that they can configure
-# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
-# Normally it is left empty.
-INSTALL_PREFIX=
-INSTALLTOP=/usr/local/ssl
-
-# Do not edit this manually. Use Configure --openssldir=DIR do change this!
-OPENSSLDIR=/usr/local/ssl
-
-# NO_IDEA - Define to build without the IDEA algorithm
-# NO_RC4  - Define to build without the RC4 algorithm
-# NO_RC2  - Define to build without the RC2 algorithm
-# THREADS - Define when building with threads, you will probably also need any
-#           system defines as well, i.e. _REENTERANT for Solaris 2.[34]
-# TERMIO  - Define the termio terminal subsystem, needed if sgtty is missing.
-# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
-# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
-# DEVRANDOM - Give this the value of the 'random device' if your OS supports
-#           one.  32 bytes will be read from this when the random
-#           number generator is initalised.
-# SSL_FORBID_ENULL - define if you want the server to be not able to use the
-#           NULL encryption ciphers.
-#
-# LOCK_DEBUG - turns on lots of lock debug output :-)
-# REF_CHECK - turn on some xyz_free() assertions.
-# REF_PRINT - prints some stuff on structure free.
-# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
-# MFUNC - Make all Malloc/Free/Realloc calls call
-#       CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
-#       call application defined callbacks via CRYPTO_set_mem_functions()
-# MD5_ASM needs to be defined to use the x86 assembler for MD5
-# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
-# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
-# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8.  It must
-# equal 4.
-# PKCS1_CHECK - pkcs1 tests.
-
-CC= cc
-CFLAG= -O
-DEPFLAG= 
-PEX_LIBS= 
-EX_LIBS= 
-EXE_EXT= 
-ARFLAGS=
-AR=ar $(ARFLAGS) r
-RANLIB= ranlib
-NM= nm
-PERL= perl
-TAR= tar
-TARFLAGS= --no-recursion --record-size=10240
-MAKEDEPPROG=makedepend
-LIBDIR=lib
-
-# We let the C compiler driver to take care of .s files. This is done in
-# order to be excused from maintaining a separate set of architecture
-# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
-# gcc, then the driver will automatically translate it to -xarch=v8plus
-# and pass it down to assembler.
-AS=$(CC) -c
-ASFLAG=$(CFLAG)
-
-# For x86 assembler: Set PROCESSOR to 386 if you want to support
-# the 80386.
-PROCESSOR=
-
-# CPUID module collects small commonly used assembler snippets
-CPUID_OBJ= 
-BN_ASM= bn_asm.o
-DES_ENC= des_enc.o fcrypt_b.o
-AES_ENC= aes_core.o aes_cbc.o
-BF_ENC= bf_enc.o
-CAST_ENC= c_enc.o
-RC4_ENC= rc4_enc.o
-RC5_ENC= rc5_enc.o
-MD5_ASM_OBJ= 
-SHA1_ASM_OBJ= 
-RMD160_ASM_OBJ= 
-WP_ASM_OBJ=
-CMLL_ENC=
-MODES_ASM_OBJ=
-ENGINES_ASM_OBJ=
-PERLASM_SCHEME=
-
-# KRB5 stuff
-KRB5_INCLUDES=
-LIBKRB5=
-
-# Zlib stuff
-ZLIB_INCLUDE=
-LIBZLIB=
-
-# TOP level FIPS install directory.
-FIPSDIR=
-
-# This is the location of fipscanister.o and friends.
-# The FIPS module build will place it $(INSTALLTOP)/lib
-# but since $(INSTALLTOP) can only take the default value
-# when the module is built it will be in /usr/local/ssl/lib
-# $(INSTALLTOP) for this build may be different so hard
-# code the path.
-
-FIPSLIBDIR=
-
-# The location of the library which contains fipscanister.o
-# normally it will be libcrypto unless fipsdso is set in which
-# case it will be libfips. If not compiling in FIPS mode at all
-# this is empty making it a useful test for a FIPS compile.
-
-FIPSCANLIB=
-
-# Shared library base address. Currently only used on Windows.
-#
-
-BASEADDR=
-
-DIRS=   crypto ssl engines apps test tools
-ENGDIRS= ccgost
-SHLIBDIRS= crypto ssl
-
-# dirs in crypto to build
-SDIRS=  \
-	objects \
-	md2 md4 md5 sha mdc2 hmac ripemd whrlpool \
-	des aes rc2 rc4 rc5 idea bf cast camellia seed modes \
-	bn ec rsa dsa ecdsa dh ecdh dso engine \
-	buffer bio stack lhash rand err \
-	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
-	cms pqueue ts jpake srp store cmac
-# keep in mind that the above list is adjusted by ./Configure
-# according to no-xxx arguments...
-
-# tests to perform.  "alltests" is a special word indicating that all tests
-# should be performed.
-TESTS = alltests
-
-MAKEFILE= Makefile
-
-MANDIR=$(OPENSSLDIR)/man
-MAN1=1
-MAN3=3
-MANSUFFIX=
-HTMLSUFFIX=html
-HTMLDIR=$(OPENSSLDIR)/html
-SHELL=/bin/sh
-
-TOP=    .
-ONEDIRS=out tmp
-EDIRS=  times doc bugs util include certs ms shlib mt demos perl sf dep VMS
-WDIRS=  windows
-LIBS=   libcrypto.a libssl.a
-SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
-SHARED_SSL=libssl$(SHLIB_EXT)
-SHARED_LIBS=
-SHARED_LIBS_LINK_EXTS=
-SHARED_LDFLAGS=
-
-GENERAL=        Makefile
-BASENAME=       openssl
-NAME=           $(BASENAME)-$(VERSION)
-TARFILE=        $(NAME).tar
-WTARFILE=       $(NAME)-win.tar
-EXHEADER=       e_os2.h
-HEADER=         e_os.h
-
-all: Makefile build_all
-
-# as we stick to -e, CLEARENV ensures that local variables in lower
-# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
-# shell, which [annoyingly enough] terminates unset with error if VAR
-# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
-# which terminates unset with error if no variable was present:-(
-CLEARENV=	TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS}	\
-		$${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES}	\
-		$${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC}		\
-		$${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL}	\
-		$${EXHEADER+EXHEADER} $${HEADER+HEADER}		\
-		$${GENERAL+GENERAL} $${CFLAGS+CFLAGS}		\
-		$${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS}		\
-		$${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} $${SCRIPTS+SCRIPTS}	\
-		$${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS}	\
-		$${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
-
-BUILDENV=	PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \
-		CC='$(CC)' CFLAG='$(CFLAG)' 			\
-		AS='$(CC)' ASFLAG='$(CFLAG) -c'			\
-		AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)'	\
-		CROSS_COMPILE='$(CROSS_COMPILE)'	\
-		PERL='$(PERL)' ENGDIRS='$(ENGDIRS)'		\
-		SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)'	\
-		INSTALL_PREFIX='$(INSTALL_PREFIX)'		\
-		INSTALLTOP='$(INSTALLTOP)' OPENSSLDIR='$(OPENSSLDIR)'	\
-		LIBDIR='$(LIBDIR)'				\
-		MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \
-		DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)'	\
-		MAKEDEPPROG='$(MAKEDEPPROG)'			\
-		SHARED_LDFLAGS='$(SHARED_LDFLAGS)'		\
-		KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)'	\
-		ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)'	\
-		EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)'	\
-		SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)'	\
-		PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)'	\
-		CPUID_OBJ='$(CPUID_OBJ)'			\
-		BN_ASM='$(BN_ASM)' DES_ENC='$(DES_ENC)' 	\
-		AES_ENC='$(AES_ENC)' CMLL_ENC='$(CMLL_ENC)'	\
-		BF_ENC='$(BF_ENC)' CAST_ENC='$(CAST_ENC)'	\
-		RC4_ENC='$(RC4_ENC)' RC5_ENC='$(RC5_ENC)'	\
-		SHA1_ASM_OBJ='$(SHA1_ASM_OBJ)'			\
-		MD5_ASM_OBJ='$(MD5_ASM_OBJ)'			\
-		RMD160_ASM_OBJ='$(RMD160_ASM_OBJ)'		\
-		WP_ASM_OBJ='$(WP_ASM_OBJ)'			\
-		MODES_ASM_OBJ='$(MODES_ASM_OBJ)'		\
-		ENGINES_ASM_OBJ='$(ENGINES_ASM_OBJ)'		\
-		PERLASM_SCHEME='$(PERLASM_SCHEME)'		\
-		FIPSLIBDIR='${FIPSLIBDIR}'			\
-		FIPSDIR='${FIPSDIR}'				\
-		FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}"	\
-		THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
-# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
-# which in turn eliminates ambiguities in variable treatment with -e.
-
-# BUILD_CMD is a generic macro to build a given target in a given
-# subdirectory.  The target must be given through the shell variable
-# `target' and the subdirectory to build in must be given through `dir'.
-# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
-# BUILD_ONE_CMD instead.
-#
-# BUILD_ONE_CMD is a macro to build a given target in a given
-# subdirectory if that subdirectory is part of $(DIRS).  It requires
-# exactly the same shell variables as BUILD_CMD.
-#
-# RECURSIVE_BUILD_CMD is a macro to build a given target in all
-# subdirectories defined in $(DIRS).  It requires that the target
-# is given through the shell variable `target'.
-BUILD_CMD=  if [ -d "$$dir" ]; then \
-	    (	cd $$dir && echo "making $$target in $$dir..." && \
-		$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
-	    ) || exit 1; \
-	    fi
-RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
-BUILD_ONE_CMD=\
-	if expr " $(DIRS) " : ".* $$dir " >/dev/null 2>&1; then \
-		$(BUILD_CMD); \
-	fi
-
-reflect:
-	@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
-
-sub_all: build_all
-
-build_all: build_libs build_apps build_tests build_tools
-
-build_libs: build_libcrypto build_libssl openssl.pc
-
-build_libcrypto: build_crypto build_engines libcrypto.pc
-build_libssl: build_ssl libssl.pc
-
-build_crypto:
-	@dir=crypto; target=all; $(BUILD_ONE_CMD)
-build_ssl: build_crypto
-	@dir=ssl; target=all; $(BUILD_ONE_CMD)
-build_engines: build_crypto
-	@dir=engines; target=all; $(BUILD_ONE_CMD)
-build_apps: build_libs
-	@dir=apps; target=all; $(BUILD_ONE_CMD)
-build_tests: build_libs
-	@dir=test; target=all; $(BUILD_ONE_CMD)
-build_tools: build_libs
-	@dir=tools; target=all; $(BUILD_ONE_CMD)
-
-all_testapps: build_libs build_testapps
-build_testapps:
-	@dir=crypto; target=testapps; $(BUILD_ONE_CMD)
-
-fips_premain_dso$(EXE_EXT): libcrypto.a
-	[ -z "$(FIPSCANLIB)" ] || $(CC) $(CFLAG) -Iinclude \
-		-DFINGERPRINT_PREMAIN_DSO_LOAD -o $@  \
-		$(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fipscanister.o \
-		libcrypto.a $(EX_LIBS)
-
-libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_dso$(EXE_EXT)
-	@if [ "$(SHLIB_TARGET)" != "" ]; then \
-		if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
-			FIPSLD_LIBCRYPTO=libcrypto.a ; \
-			FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
-			export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
-		fi; \
-		$(MAKE) -e SHLIBDIRS=crypto  CC="$${CC:-$(CC)}" build-shared && \
-		(touch -c fips_premain_dso$(EXE_EXT) || :); \
-	else \
-		echo "There's no support for shared libraries on this platform" >&2; \
-		exit 1; \
-	fi
-
-libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
-	@if [ "$(SHLIB_TARGET)" != "" ]; then \
-		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
-	else \
-		echo "There's no support for shared libraries on this platform" >&2; \
-		exit 1; \
-	fi
-
-clean-shared:
-	@set -e; for i in $(SHLIBDIRS); do \
-		if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
-			tmp="$(SHARED_LIBS_LINK_EXTS)"; \
-			for j in $${tmp:-x}; do \
-				( set -x; rm -f lib$$i$$j ); \
-			done; \
-		fi; \
-		( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
-		if [ "$(PLATFORM)" = "Cygwin" ]; then \
-			( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
-		fi; \
-	done
-
-link-shared:
-	@ set -e; for i in $(SHLIBDIRS); do \
-		$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
-			LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
-			LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
-			symlink.$(SHLIB_TARGET); \
-		libs="$$libs -l$$i"; \
-	done
-
-build-shared: do_$(SHLIB_TARGET) link-shared
-
-do_$(SHLIB_TARGET):
-	@ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
-		if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \
-			libs="$(LIBKRB5) $$libs"; \
-		fi; \
-		$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
-			LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
-			LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
-			LIBDEPS="$$libs $(EX_LIBS)" \
-			link_a.$(SHLIB_TARGET); \
-		libs="-l$$i $$libs"; \
-	done
-
-libcrypto.pc: Makefile
-	@ ( echo 'prefix=$(INSTALLTOP)'; \
-	    echo 'exec_prefix=$${prefix}'; \
-	    echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
-	    echo 'includedir=$${prefix}/include'; \
-	    echo ''; \
-	    echo 'Name: OpenSSL-libcrypto'; \
-	    echo 'Description: OpenSSL cryptography library'; \
-	    echo 'Version: '$(VERSION); \
-	    echo 'Requires: '; \
-	    echo 'Libs: -L$${libdir} -lcrypto'; \
-	    echo 'Libs.private: $(EX_LIBS)'; \
-	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
-
-libssl.pc: Makefile
-	@ ( echo 'prefix=$(INSTALLTOP)'; \
-	    echo 'exec_prefix=$${prefix}'; \
-	    echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
-	    echo 'includedir=$${prefix}/include'; \
-	    echo ''; \
-	    echo 'Name: OpenSSL'; \
-	    echo 'Description: Secure Sockets Layer and cryptography libraries'; \
-	    echo 'Version: '$(VERSION); \
-	    echo 'Requires: '; \
-	    echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
-	    echo 'Libs.private: $(EX_LIBS)'; \
-	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
-
-openssl.pc: Makefile
-	@ ( echo 'prefix=$(INSTALLTOP)'; \
-	    echo 'exec_prefix=$${prefix}'; \
-	    echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
-	    echo 'includedir=$${prefix}/include'; \
-	    echo ''; \
-	    echo 'Name: OpenSSL'; \
-	    echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
-	    echo 'Version: '$(VERSION); \
-	    echo 'Requires: '; \
-	    echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
-	    echo 'Libs.private: $(EX_LIBS)'; \
-	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
-
-Makefile: Makefile.org Configure config
-	@echo "Makefile is older than Makefile.org, Configure or config."
-	@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
-	@false
-
-libclean:
-	rm -f *.map *.so *.so.* *.dylib *.dll engines/*.so engines/*.dll engines/*.dylib *.a engines/*.a */lib */*/lib
-
-clean:	libclean
-	rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
-	@set -e; target=clean; $(RECURSIVE_BUILD_CMD)
-	rm -f $(LIBS)
-	rm -f openssl.pc libssl.pc libcrypto.pc
-	rm -f speed.* .pure
-	rm -f $(TARFILE)
-	@set -e; for i in $(ONEDIRS) ;\
-	do \
-	rm -fr $$i/*; \
-	done
-
-makefile.one: files
-	$(PERL) util/mk1mf.pl >makefile.one; \
-	sh util/do_ms.sh
-
-files:
-	$(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO
-	@set -e; target=files; $(RECURSIVE_BUILD_CMD)
-
-links:
-	@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
-	@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
-	@set -e; target=links; $(RECURSIVE_BUILD_CMD)
-
-gentests:
-	@(cd test && echo "generating dummy tests (if needed)..." && \
-	$(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on generate );
-
-dclean:
-	rm -rf *.bak include/openssl certs/.0
-	@set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
-
-rehash: rehash.time
-rehash.time: certs apps
-	@if [ -z "$(CROSS_COMPILE)" ]; then \
-		(OPENSSL="`pwd`/util/opensslwrap.sh"; \
-		[ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \
-		OPENSSL_DEBUG_MEMORY=on; \
-		export OPENSSL OPENSSL_DEBUG_MEMORY; \
-		$(PERL) tools/c_rehash certs/demo) && \
-		touch rehash.time; \
-	else :; fi
-
-test:   tests
-
-tests: rehash
-	@(cd test && echo "testing..." && \
-	$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests );
-	OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
-
-report:
-	@$(PERL) util/selftest.pl
-
-update: errors stacks util/libeay.num util/ssleay.num TABLE
-	@set -e; target=update; $(RECURSIVE_BUILD_CMD)
-
-depend:
-	@set -e; target=depend; $(RECURSIVE_BUILD_CMD)
-
-lint:
-	@set -e; target=lint; $(RECURSIVE_BUILD_CMD)
-
-tags:
-	rm -f TAGS
-	find . -name '[^.]*.[ch]' | xargs etags -a
-
-errors:
-	$(PERL) util/ck_errf.pl -strict */*.c */*/*.c
-	$(PERL) util/mkerr.pl -recurse -write
-	(cd engines; $(MAKE) PERL=$(PERL) errors)
-
-stacks:
-	$(PERL) util/mkstack.pl -write
-
-util/libeay.num::
-	$(PERL) util/mkdef.pl crypto update
-
-util/ssleay.num::
-	$(PERL) util/mkdef.pl ssl update
-
-TABLE: Configure
-	(echo 'Output of `Configure TABLE'"':"; \
-	$(PERL) Configure TABLE) > TABLE
-
-# Build distribution tar-file. As the list of files returned by "find" is
-# pretty long, on several platforms a "too many arguments" error or similar
-# would occur. Therefore the list of files is temporarily stored into a file
-# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
-# tar does not support the --files-from option.
-TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \
-	                       --owner openssl:0 --group openssl:0 \
-			       --transform 's|^|openssl-$(VERSION)/|' \
-			       -cvf -
-
-../$(TARFILE).list:
-	find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
-	       \! -name '*.so' \! -name '*.so.*'  \! -name 'openssl' \
-	       \! -name '*test' \! -name '.#*' \! -name '*~' \
-	    | sort > ../$(TARFILE).list
-
-tar: ../$(TARFILE).list
-	find . -type d -print | xargs chmod 755
-	find . -type f -print | xargs chmod a+r
-	find . -type f -perm -0100 -print | xargs chmod a+x
-	$(TAR_COMMAND) | gzip --best >../$(TARFILE).gz
-	rm -f ../$(TARFILE).list
-	ls -l ../$(TARFILE).gz
-
-tar-snap: ../$(TARFILE).list
-	$(TAR_COMMAND) > ../$(TARFILE)
-	rm -f ../$(TARFILE).list
-	ls -l ../$(TARFILE)
-
-dist:   
-	$(PERL) Configure dist
-	@$(MAKE) dist_pem_h
-	@$(MAKE) SDIRS='$(SDIRS)' clean
-	@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar
-
-dist_pem_h:
-	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
-
-install: all install_docs install_sw
-
-install_sw:
-	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
-		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
-		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
-		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
-		$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
-		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
-		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
-		$(INSTALL_PREFIX)$(OPENSSLDIR)/private
-	@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
-	do \
-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-	done;
-	@set -e; target=install; $(RECURSIVE_BUILD_CMD)
-	@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
-	do \
-		if [ -f "$$i" ]; then \
-		(       echo installing $$i; \
-			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-			mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
-		fi; \
-	done;
-	@set -e; if [ -n "$(SHARED_LIBS)" ]; then \
-		tmp="$(SHARED_LIBS)"; \
-		for i in $${tmp:-x}; \
-		do \
-			if [ -f "$$i" -o -f "$$i.a" ]; then \
-			(       echo installing $$i; \
-				if [ "$(PLATFORM)" != "Cygwin" ]; then \
-					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
-				else \
-					c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
-					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
-					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
-					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
-					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
-				fi ); \
-				if expr $(PLATFORM) : 'mingw' > /dev/null; then \
-				(	case $$i in \
-						*crypto*) i=libeay32.dll;; \
-						*ssl*)    i=ssleay32.dll;; \
-					esac; \
-					echo installing $$i; \
-	 				cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
-	 				chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
-	 				mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
-				fi; \
-			fi; \
-		done; \
-		(	here="`pwd`"; \
-			cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \
-			$(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
-		if [ "$(INSTALLTOP)" != "/usr" ]; then \
-			echo 'OpenSSL shared libraries have been installed in:'; \
-			echo '  $(INSTALLTOP)'; \
-			echo ''; \
-			sed -e '1,/^$$/d' doc/openssl-shared.txt; \
-		fi; \
-	fi
-	cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
-	cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
-	cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
-
-install_html_docs:
-	here="`pwd`"; \
-	for subdir in apps crypto ssl; do \
-		mkdir -p $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
-		for i in doc/$$subdir/*.pod; do \
-			fn=`basename $$i .pod`; \
-			echo "installing html/$$fn.$(HTMLSUFFIX)"; \
-			cat $$i \
-			| sed -r 's/L<([^)]*)(\([0-9]\))?\|([^)]*)(\([0-9]\))?>/L<\1|\3>/g' \
-			| pod2html --podroot=doc --htmlroot=.. --podpath=apps:crypto:ssl \
-			| sed -r 's/<!DOCTYPE.*//g' \
-			> $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir/$$fn.$(HTMLSUFFIX); \
-			$(PERL) util/extract-names.pl < $$i | \
-				grep -v $$filecase "^$$fn\$$" | \
-				(cd $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
-				 while read n; do \
-					PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$(HTMLSUFFIX) "$$n".$(HTMLSUFFIX); \
-				 done); \
-		done; \
-	done
-
-install_docs:
-	@$(PERL) $(TOP)/util/mkdir-p.pl \
-		$(INSTALL_PREFIX)$(MANDIR)/man1 \
-		$(INSTALL_PREFIX)$(MANDIR)/man3 \
-		$(INSTALL_PREFIX)$(MANDIR)/man5 \
-		$(INSTALL_PREFIX)$(MANDIR)/man7
-	@pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
-	here="`pwd`"; \
-	filecase=; \
-	if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \
-		filecase=-i; \
-	fi; \
-	set -e; for i in doc/apps/*.pod; do \
-		fn=`basename $$i .pod`; \
-		sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
-		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
-		(cd `$(PERL) util/dirname.pl $$i`; \
-		sh -c "$$pod2man \
-			--section=$$sec --center=OpenSSL \
-			--release=$(VERSION) `basename $$i`") \
-			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
-		$(PERL) util/extract-names.pl < $$i | \
-			(grep -v $$filecase "^$$fn\$$"; true) | \
-			(grep -v "[	]"; true) | \
-			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
-			 while read n; do \
-				PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
-			 done); \
-	done; \
-	set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
-		fn=`basename $$i .pod`; \
-		sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
-		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
-		(cd `$(PERL) util/dirname.pl $$i`; \
-		sh -c "$$pod2man \
-			--section=$$sec --center=OpenSSL \
-			--release=$(VERSION) `basename $$i`") \
-			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
-		$(PERL) util/extract-names.pl < $$i | \
-			(grep -v $$filecase "^$$fn\$$"; true) | \
-			(grep -v "[	]"; true) | \
-			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
-			 while read n; do \
-				PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
-			 done); \
-	done
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.

Copied: vendor-crypto/openssl/1.0.1u/Makefile.org (from rev 11605, vendor-crypto/openssl/dist/Makefile.org)
===================================================================
--- vendor-crypto/openssl/1.0.1u/Makefile.org	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/Makefile.org	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,674 @@
+##
+## Makefile for OpenSSL
+##
+
+VERSION=
+MAJOR=
+MINOR=
+SHLIB_VERSION_NUMBER=
+SHLIB_VERSION_HISTORY=
+SHLIB_MAJOR=
+SHLIB_MINOR=
+SHLIB_EXT=
+PLATFORM=dist
+OPTIONS=
+CONFIGURE_ARGS=
+SHLIB_TARGET=
+
+# HERE indicates where this Makefile lives.  This can be used to indicate
+# where sub-Makefiles are expected to be.  Currently has very limited usage,
+# and should probably not be bothered with at all.
+HERE=.
+
+# INSTALL_PREFIX is for package builders so that they can configure
+# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
+# Normally it is left empty.
+INSTALL_PREFIX=
+INSTALLTOP=/usr/local/ssl
+
+# Do not edit this manually. Use Configure --openssldir=DIR do change this!
+OPENSSLDIR=/usr/local/ssl
+
+# NO_IDEA - Define to build without the IDEA algorithm
+# NO_RC4  - Define to build without the RC4 algorithm
+# NO_RC2  - Define to build without the RC2 algorithm
+# THREADS - Define when building with threads, you will probably also need any
+#           system defines as well, i.e. _REENTERANT for Solaris 2.[34]
+# TERMIO  - Define the termio terminal subsystem, needed if sgtty is missing.
+# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
+# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
+# DEVRANDOM - Give this the value of the 'random device' if your OS supports
+#           one.  32 bytes will be read from this when the random
+#           number generator is initalised.
+# SSL_FORBID_ENULL - define if you want the server to be not able to use the
+#           NULL encryption ciphers.
+#
+# LOCK_DEBUG - turns on lots of lock debug output :-)
+# REF_CHECK - turn on some xyz_free() assertions.
+# REF_PRINT - prints some stuff on structure free.
+# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
+# MFUNC - Make all Malloc/Free/Realloc calls call
+#       CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
+#       call application defined callbacks via CRYPTO_set_mem_functions()
+# MD5_ASM needs to be defined to use the x86 assembler for MD5
+# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
+# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
+# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8.  It must
+# equal 4.
+# PKCS1_CHECK - pkcs1 tests.
+
+CC= cc
+CFLAG= -O
+DEPFLAG= 
+PEX_LIBS= 
+EX_LIBS= 
+EXE_EXT= 
+ARFLAGS=
+AR=ar $(ARFLAGS) r
+RANLIB= ranlib
+NM= nm
+PERL= perl
+TAR= tar
+TARFLAGS= --no-recursion --record-size=10240
+MAKEDEPPROG=makedepend
+LIBDIR=lib
+
+# We let the C compiler driver to take care of .s files. This is done in
+# order to be excused from maintaining a separate set of architecture
+# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
+# gcc, then the driver will automatically translate it to -xarch=v8plus
+# and pass it down to assembler.
+AS=$(CC) -c
+ASFLAG=$(CFLAG)
+
+# For x86 assembler: Set PROCESSOR to 386 if you want to support
+# the 80386.
+PROCESSOR=
+
+# CPUID module collects small commonly used assembler snippets
+CPUID_OBJ= 
+BN_ASM= bn_asm.o
+DES_ENC= des_enc.o fcrypt_b.o
+AES_ENC= aes_core.o aes_cbc.o
+BF_ENC= bf_enc.o
+CAST_ENC= c_enc.o
+RC4_ENC= rc4_enc.o
+RC5_ENC= rc5_enc.o
+MD5_ASM_OBJ= 
+SHA1_ASM_OBJ= 
+RMD160_ASM_OBJ= 
+WP_ASM_OBJ=
+CMLL_ENC=
+MODES_ASM_OBJ=
+ENGINES_ASM_OBJ=
+PERLASM_SCHEME=
+
+# KRB5 stuff
+KRB5_INCLUDES=
+LIBKRB5=
+
+# Zlib stuff
+ZLIB_INCLUDE=
+LIBZLIB=
+
+# TOP level FIPS install directory.
+FIPSDIR=
+
+# This is the location of fipscanister.o and friends.
+# The FIPS module build will place it $(INSTALLTOP)/lib
+# but since $(INSTALLTOP) can only take the default value
+# when the module is built it will be in /usr/local/ssl/lib
+# $(INSTALLTOP) for this build may be different so hard
+# code the path.
+
+FIPSLIBDIR=
+
+# The location of the library which contains fipscanister.o
+# normally it will be libcrypto unless fipsdso is set in which
+# case it will be libfips. If not compiling in FIPS mode at all
+# this is empty making it a useful test for a FIPS compile.
+
+FIPSCANLIB=
+
+# Shared library base address. Currently only used on Windows.
+#
+
+BASEADDR=
+
+DIRS=   crypto ssl engines apps test tools
+ENGDIRS= ccgost
+SHLIBDIRS= crypto ssl
+
+# dirs in crypto to build
+SDIRS=  \
+	objects \
+	md2 md4 md5 sha mdc2 hmac ripemd whrlpool \
+	des aes rc2 rc4 rc5 idea bf cast camellia seed modes \
+	bn ec rsa dsa ecdsa dh ecdh dso engine \
+	buffer bio stack lhash rand err \
+	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
+	cms pqueue ts jpake srp store cmac
+# keep in mind that the above list is adjusted by ./Configure
+# according to no-xxx arguments...
+
+# tests to perform.  "alltests" is a special word indicating that all tests
+# should be performed.
+TESTS = alltests
+
+MAKEFILE= Makefile
+
+MANDIR=$(OPENSSLDIR)/man
+MAN1=1
+MAN3=3
+MANSUFFIX=
+HTMLSUFFIX=html
+HTMLDIR=$(OPENSSLDIR)/html
+SHELL=/bin/sh
+
+TOP=    .
+ONEDIRS=out tmp
+EDIRS=  times doc bugs util include certs ms shlib mt demos perl sf dep VMS
+WDIRS=  windows
+LIBS=   libcrypto.a libssl.a
+SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
+SHARED_SSL=libssl$(SHLIB_EXT)
+SHARED_LIBS=
+SHARED_LIBS_LINK_EXTS=
+SHARED_LDFLAGS=
+
+GENERAL=        Makefile
+BASENAME=       openssl
+NAME=           $(BASENAME)-$(VERSION)
+TARFILE=        ../$(NAME).tar
+EXHEADER=       e_os2.h
+HEADER=         e_os.h
+
+all: Makefile build_all
+
+# as we stick to -e, CLEARENV ensures that local variables in lower
+# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
+# shell, which [annoyingly enough] terminates unset with error if VAR
+# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
+# which terminates unset with error if no variable was present:-(
+CLEARENV=	TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS}	\
+		$${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES}	\
+		$${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC}		\
+		$${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL}	\
+		$${EXHEADER+EXHEADER} $${HEADER+HEADER}		\
+		$${GENERAL+GENERAL} $${CFLAGS+CFLAGS}		\
+		$${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS}		\
+		$${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} $${SCRIPTS+SCRIPTS}	\
+		$${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS}	\
+		$${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
+
+BUILDENV=	PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \
+		CC='$(CC)' CFLAG='$(CFLAG)' 			\
+		AS='$(CC)' ASFLAG='$(CFLAG) -c'			\
+		AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)'	\
+		CROSS_COMPILE='$(CROSS_COMPILE)'	\
+		PERL='$(PERL)' ENGDIRS='$(ENGDIRS)'		\
+		SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)'	\
+		INSTALL_PREFIX='$(INSTALL_PREFIX)'		\
+		INSTALLTOP='$(INSTALLTOP)' OPENSSLDIR='$(OPENSSLDIR)'	\
+		LIBDIR='$(LIBDIR)'				\
+		MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \
+		DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)'	\
+		MAKEDEPPROG='$(MAKEDEPPROG)'			\
+		SHARED_LDFLAGS='$(SHARED_LDFLAGS)'		\
+		KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)'	\
+		ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)'	\
+		EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)'	\
+		SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)'	\
+		PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)'	\
+		CPUID_OBJ='$(CPUID_OBJ)'			\
+		BN_ASM='$(BN_ASM)' DES_ENC='$(DES_ENC)' 	\
+		AES_ENC='$(AES_ENC)' CMLL_ENC='$(CMLL_ENC)'	\
+		BF_ENC='$(BF_ENC)' CAST_ENC='$(CAST_ENC)'	\
+		RC4_ENC='$(RC4_ENC)' RC5_ENC='$(RC5_ENC)'	\
+		SHA1_ASM_OBJ='$(SHA1_ASM_OBJ)'			\
+		MD5_ASM_OBJ='$(MD5_ASM_OBJ)'			\
+		RMD160_ASM_OBJ='$(RMD160_ASM_OBJ)'		\
+		WP_ASM_OBJ='$(WP_ASM_OBJ)'			\
+		MODES_ASM_OBJ='$(MODES_ASM_OBJ)'		\
+		ENGINES_ASM_OBJ='$(ENGINES_ASM_OBJ)'		\
+		PERLASM_SCHEME='$(PERLASM_SCHEME)'		\
+		FIPSLIBDIR='${FIPSLIBDIR}'			\
+		FIPSDIR='${FIPSDIR}'				\
+		FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}"	\
+		THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
+# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
+# which in turn eliminates ambiguities in variable treatment with -e.
+
+# BUILD_CMD is a generic macro to build a given target in a given
+# subdirectory.  The target must be given through the shell variable
+# `target' and the subdirectory to build in must be given through `dir'.
+# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
+# BUILD_ONE_CMD instead.
+#
+# BUILD_ONE_CMD is a macro to build a given target in a given
+# subdirectory if that subdirectory is part of $(DIRS).  It requires
+# exactly the same shell variables as BUILD_CMD.
+#
+# RECURSIVE_BUILD_CMD is a macro to build a given target in all
+# subdirectories defined in $(DIRS).  It requires that the target
+# is given through the shell variable `target'.
+BUILD_CMD=  if [ -d "$$dir" ]; then \
+	    (	cd $$dir && echo "making $$target in $$dir..." && \
+		$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
+	    ) || exit 1; \
+	    fi
+RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
+BUILD_ONE_CMD=\
+	if expr " $(DIRS) " : ".* $$dir " >/dev/null 2>&1; then \
+		$(BUILD_CMD); \
+	fi
+
+reflect:
+	@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
+
+sub_all: build_all
+
+build_all: build_libs build_apps build_tests build_tools
+
+build_libs: build_libcrypto build_libssl openssl.pc
+
+build_libcrypto: build_crypto build_engines libcrypto.pc
+build_libssl: build_ssl libssl.pc
+
+build_crypto:
+	@dir=crypto; target=all; $(BUILD_ONE_CMD)
+build_ssl: build_crypto
+	@dir=ssl; target=all; $(BUILD_ONE_CMD)
+build_engines: build_crypto
+	@dir=engines; target=all; $(BUILD_ONE_CMD)
+build_apps: build_libs
+	@dir=apps; target=all; $(BUILD_ONE_CMD)
+build_tests: build_libs
+	@dir=test; target=all; $(BUILD_ONE_CMD)
+build_tools: build_libs
+	@dir=tools; target=all; $(BUILD_ONE_CMD)
+
+all_testapps: build_libs build_testapps
+build_testapps:
+	@dir=crypto; target=testapps; $(BUILD_ONE_CMD)
+
+fips_premain_dso$(EXE_EXT): libcrypto.a
+	[ -z "$(FIPSCANLIB)" ] || $(CC) $(CFLAG) -Iinclude \
+		-DFINGERPRINT_PREMAIN_DSO_LOAD -o $@  \
+		$(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fipscanister.o \
+		libcrypto.a $(EX_LIBS)
+
+libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_dso$(EXE_EXT)
+	@if [ "$(SHLIB_TARGET)" != "" ]; then \
+		if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
+			FIPSLD_LIBCRYPTO=libcrypto.a ; \
+			FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
+			export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
+		fi; \
+		$(MAKE) -e SHLIBDIRS=crypto  CC="$${CC:-$(CC)}" build-shared && \
+		(touch -c fips_premain_dso$(EXE_EXT) || :); \
+	else \
+		echo "There's no support for shared libraries on this platform" >&2; \
+		exit 1; \
+	fi
+
+libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
+	@if [ "$(SHLIB_TARGET)" != "" ]; then \
+		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
+	else \
+		echo "There's no support for shared libraries on this platform" >&2; \
+		exit 1; \
+	fi
+
+clean-shared:
+	@set -e; for i in $(SHLIBDIRS); do \
+		if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
+			tmp="$(SHARED_LIBS_LINK_EXTS)"; \
+			for j in $${tmp:-x}; do \
+				( set -x; rm -f lib$$i$$j ); \
+			done; \
+		fi; \
+		( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
+		if [ "$(PLATFORM)" = "Cygwin" ]; then \
+			( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
+		fi; \
+	done
+
+link-shared:
+	@ set -e; for i in $(SHLIBDIRS); do \
+		$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
+			LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
+			LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
+			symlink.$(SHLIB_TARGET); \
+		libs="$$libs -l$$i"; \
+	done
+
+build-shared: do_$(SHLIB_TARGET) link-shared
+
+do_$(SHLIB_TARGET):
+	@ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
+		if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+			libs="$(LIBKRB5) $$libs"; \
+		fi; \
+		$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
+			LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
+			LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
+			LIBDEPS="$$libs $(EX_LIBS)" \
+			link_a.$(SHLIB_TARGET); \
+		libs="-l$$i $$libs"; \
+	done
+
+libcrypto.pc: Makefile
+	@ ( echo 'prefix=$(INSTALLTOP)'; \
+	    echo 'exec_prefix=$${prefix}'; \
+	    echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
+	    echo 'includedir=$${prefix}/include'; \
+	    echo ''; \
+	    echo 'Name: OpenSSL-libcrypto'; \
+	    echo 'Description: OpenSSL cryptography library'; \
+	    echo 'Version: '$(VERSION); \
+	    echo 'Requires: '; \
+	    echo 'Libs: -L$${libdir} -lcrypto'; \
+	    echo 'Libs.private: $(EX_LIBS)'; \
+	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
+
+libssl.pc: Makefile
+	@ ( echo 'prefix=$(INSTALLTOP)'; \
+	    echo 'exec_prefix=$${prefix}'; \
+	    echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
+	    echo 'includedir=$${prefix}/include'; \
+	    echo ''; \
+	    echo 'Name: OpenSSL'; \
+	    echo 'Description: Secure Sockets Layer and cryptography libraries'; \
+	    echo 'Version: '$(VERSION); \
+	    echo 'Requires: '; \
+	    echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
+	    echo 'Libs.private: $(EX_LIBS)'; \
+	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
+
+openssl.pc: Makefile
+	@ ( echo 'prefix=$(INSTALLTOP)'; \
+	    echo 'exec_prefix=$${prefix}'; \
+	    echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
+	    echo 'includedir=$${prefix}/include'; \
+	    echo ''; \
+	    echo 'Name: OpenSSL'; \
+	    echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
+	    echo 'Version: '$(VERSION); \
+	    echo 'Requires: '; \
+	    echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
+	    echo 'Libs.private: $(EX_LIBS)'; \
+	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
+
+Makefile: Makefile.org Configure config
+	@echo "Makefile is older than Makefile.org, Configure or config."
+	@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
+	@false
+
+libclean:
+	rm -f *.map *.so *.so.* *.dylib *.dll engines/*.so engines/*.dll engines/*.dylib *.a engines/*.a */lib */*/lib
+
+clean:	libclean
+	rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
+	@set -e; target=clean; $(RECURSIVE_BUILD_CMD)
+	rm -f $(LIBS)
+	rm -f openssl.pc libssl.pc libcrypto.pc
+	rm -f speed.* .pure
+	rm -f $(TARFILE)
+	@set -e; for i in $(ONEDIRS) ;\
+	do \
+	rm -fr $$i/*; \
+	done
+
+makefile.one: files
+	$(PERL) util/mk1mf.pl >makefile.one; \
+	sh util/do_ms.sh
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO
+	@set -e; target=files; $(RECURSIVE_BUILD_CMD)
+
+links:
+	@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
+	@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
+	@set -e; target=links; $(RECURSIVE_BUILD_CMD)
+
+gentests:
+	@(cd test && echo "generating dummy tests (if needed)..." && \
+	$(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on generate );
+
+dclean:
+	rm -rf *.bak include/openssl certs/.0
+	@set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
+
+rehash: rehash.time
+rehash.time: certs apps
+	@if [ -z "$(CROSS_COMPILE)" ]; then \
+		(OPENSSL="`pwd`/util/opensslwrap.sh"; \
+		[ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \
+		OPENSSL_DEBUG_MEMORY=on; \
+		export OPENSSL OPENSSL_DEBUG_MEMORY; \
+		$(PERL) tools/c_rehash certs/demo) && \
+		touch rehash.time; \
+	else :; fi
+
+test:   tests
+
+tests: rehash
+	@(cd test && echo "testing..." && \
+	$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests );
+	OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
+
+report:
+	@$(PERL) util/selftest.pl
+
+update: errors stacks util/libeay.num util/ssleay.num TABLE
+	@set -e; target=update; $(RECURSIVE_BUILD_CMD)
+
+depend:
+	@set -e; target=depend; $(RECURSIVE_BUILD_CMD)
+
+lint:
+	@set -e; target=lint; $(RECURSIVE_BUILD_CMD)
+
+tags:
+	rm -f TAGS
+	find . -name '[^.]*.[ch]' | xargs etags -a
+
+errors:
+	$(PERL) util/ck_errf.pl -strict */*.c */*/*.c
+	$(PERL) util/mkerr.pl -recurse -write
+	(cd engines; $(MAKE) PERL=$(PERL) errors)
+
+stacks:
+	$(PERL) util/mkstack.pl -write
+
+util/libeay.num::
+	$(PERL) util/mkdef.pl crypto update
+
+util/ssleay.num::
+	$(PERL) util/mkdef.pl ssl update
+
+TABLE: Configure
+	(echo 'Output of `Configure TABLE'"':"; \
+	$(PERL) Configure TABLE) > TABLE
+
+# Build distribution tar-file. As the list of files returned by "find" is
+# pretty long, on several platforms a "too many arguments" error or similar
+# would occur. Therefore the list of files is temporarily stored into a file
+# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
+# tar does not support the --files-from option.
+TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \
+	                       --owner 0 --group 0 \
+			       --transform 's|^|$(NAME)/|' \
+			       -cvf -
+
+$(TARFILE).list:
+	find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
+	       \! -name '*.so' \! -name '*.so.*'  \! -name 'openssl' \
+	       \( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
+	       \! -name '.#*' \! -name '*~' \! -type l \
+	    | sort > $(TARFILE).list
+
+tar: $(TARFILE).list
+	find . -type d -print | xargs chmod 755
+	find . -type f -print | xargs chmod a+r
+	find . -type f -perm -0100 -print | xargs chmod a+x
+	$(TAR_COMMAND) | gzip --best > $(TARFILE).gz
+	rm -f $(TARFILE).list
+	ls -l $(TARFILE).gz
+
+tar-snap: $(TARFILE).list
+	$(TAR_COMMAND) > $(TARFILE)
+	rm -f $(TARFILE).list
+	ls -l $(TARFILE)
+
+dist:   
+	$(PERL) Configure dist
+	@$(MAKE) SDIRS='$(SDIRS)' clean
+	@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
+
+install: all install_docs install_sw
+
+install_sw:
+	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
+		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
+		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
+		$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
+		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
+		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
+		$(INSTALL_PREFIX)$(OPENSSLDIR)/private
+	@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
+	do \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+	@set -e; target=install; $(RECURSIVE_BUILD_CMD)
+	@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
+	do \
+		if [ -f "$$i" ]; then \
+		(       echo installing $$i; \
+			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+			mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
+		fi; \
+	done;
+	@set -e; if [ -n "$(SHARED_LIBS)" ]; then \
+		tmp="$(SHARED_LIBS)"; \
+		for i in $${tmp:-x}; \
+		do \
+			if [ -f "$$i" -o -f "$$i.a" ]; then \
+			(       echo installing $$i; \
+				if [ "$(PLATFORM)" != "Cygwin" ]; then \
+					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
+				else \
+					c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
+					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
+				fi ); \
+				if expr $(PLATFORM) : 'mingw' > /dev/null; then \
+				(	case $$i in \
+						*crypto*) i=libeay32.dll;; \
+						*ssl*)    i=ssleay32.dll;; \
+					esac; \
+					echo installing $$i; \
+	 				cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
+	 				chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
+	 				mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
+				fi; \
+			fi; \
+		done; \
+		(	here="`pwd`"; \
+			cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \
+			$(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
+		if [ "$(INSTALLTOP)" != "/usr" ]; then \
+			echo 'OpenSSL shared libraries have been installed in:'; \
+			echo '  $(INSTALLTOP)'; \
+			echo ''; \
+			sed -e '1,/^$$/d' doc/openssl-shared.txt; \
+		fi; \
+	fi
+	cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
+	cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
+	cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
+
+install_html_docs:
+	here="`pwd`"; \
+	for subdir in apps crypto ssl; do \
+		mkdir -p $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
+		for i in doc/$$subdir/*.pod; do \
+			fn=`basename $$i .pod`; \
+			echo "installing html/$$fn.$(HTMLSUFFIX)"; \
+			cat $$i \
+			| sed -r 's/L<([^)]*)(\([0-9]\))?\|([^)]*)(\([0-9]\))?>/L<\1|\3>/g' \
+			| pod2html --podroot=doc --htmlroot=.. --podpath=apps:crypto:ssl \
+			| sed -r 's/<!DOCTYPE.*//g' \
+			> $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir/$$fn.$(HTMLSUFFIX); \
+			$(PERL) util/extract-names.pl < $$i | \
+				grep -v $$filecase "^$$fn\$$" | \
+				(cd $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
+				 while read n; do \
+					PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$(HTMLSUFFIX) "$$n".$(HTMLSUFFIX); \
+				 done); \
+		done; \
+	done
+
+install_docs:
+	@$(PERL) $(TOP)/util/mkdir-p.pl \
+		$(INSTALL_PREFIX)$(MANDIR)/man1 \
+		$(INSTALL_PREFIX)$(MANDIR)/man3 \
+		$(INSTALL_PREFIX)$(MANDIR)/man5 \
+		$(INSTALL_PREFIX)$(MANDIR)/man7
+	@pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
+	here="`pwd`"; \
+	filecase=; \
+	if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \
+		filecase=-i; \
+	fi; \
+	set -e; for i in doc/apps/*.pod; do \
+		fn=`basename $$i .pod`; \
+		sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
+		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+		(cd `$(PERL) util/dirname.pl $$i`; \
+		sh -c "$$pod2man \
+			--section=$$sec --center=OpenSSL \
+			--release=$(VERSION) `basename $$i`") \
+			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
+		$(PERL) util/extract-names.pl < $$i | \
+			(grep -v $$filecase "^$$fn\$$"; true) | \
+			(grep -v "[	]"; true) | \
+			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
+			 while read n; do \
+				PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
+			 done); \
+	done; \
+	set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
+		fn=`basename $$i .pod`; \
+		sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
+		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+		(cd `$(PERL) util/dirname.pl $$i`; \
+		sh -c "$$pod2man \
+			--section=$$sec --center=OpenSSL \
+			--release=$(VERSION) `basename $$i`") \
+			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
+		$(PERL) util/extract-names.pl < $$i | \
+			(grep -v $$filecase "^$$fn\$$"; true) | \
+			(grep -v "[	]"; true) | \
+			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
+			 while read n; do \
+				PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
+			 done); \
+	done
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.

Deleted: vendor-crypto/openssl/1.0.1u/NEWS
===================================================================
--- vendor-crypto/openssl/dist/NEWS	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/NEWS	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,726 +0,0 @@
-
-  NEWS
-  ====
-
-  This file gives a brief overview of the major changes between each OpenSSL
-  release. For more details please read the CHANGES file.
-
-  Major changes between OpenSSL 1.0.1p and OpenSSL 1.0.1q [3 Dec 2015]
-
-      o Certificate verify crash with missing PSS parameter (CVE-2015-3194)
-      o X509_ATTRIBUTE memory leak (CVE-2015-3195)
-      o Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs
-      o In DSA_generate_parameters_ex, if the provided seed is too short,
-        return an error
-
-  Major changes between OpenSSL 1.0.1o and OpenSSL 1.0.1p [9 Jul 2015]
-
-      o Alternate chains certificate forgery (CVE-2015-1793)
-      o Race condition handling PSK identify hint (CVE-2015-3196)
-
-  Major changes between OpenSSL 1.0.1n and OpenSSL 1.0.1o [12 Jun 2015]
-
-      o Fix HMAC ABI incompatibility
-
-  Major changes between OpenSSL 1.0.1m and OpenSSL 1.0.1n [11 Jun 2015]
-
-      o Malformed ECParameters causes infinite loop (CVE-2015-1788)
-      o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
-      o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
-      o CMS verify infinite loop with unknown hash function (CVE-2015-1792)
-      o Race condition handling NewSessionTicket (CVE-2015-1791)
-
-  Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.1m [19 Mar 2015]
-
-      o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
-      o ASN.1 structure reuse memory corruption fix (CVE-2015-0287)
-      o PKCS7 NULL pointer dereferences fix (CVE-2015-0289)
-      o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293)
-      o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209)
-      o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288)
-      o Removed the export ciphers from the DEFAULT ciphers
-
-  Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015]
-
-      o Build fixes for the Windows and OpenVMS platforms
-
-  Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015]
-
-      o Fix for CVE-2014-3571
-      o Fix for CVE-2015-0206
-      o Fix for CVE-2014-3569
-      o Fix for CVE-2014-3572
-      o Fix for CVE-2015-0204
-      o Fix for CVE-2015-0205
-      o Fix for CVE-2014-8275
-      o Fix for CVE-2014-3570
-
-  Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014]
-
-      o Fix for CVE-2014-3513
-      o Fix for CVE-2014-3567
-      o Mitigation for CVE-2014-3566 (SSL protocol vulnerability)
-      o Fix for CVE-2014-3568
-
-  Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014]
-
-      o Fix for CVE-2014-3512
-      o Fix for CVE-2014-3511
-      o Fix for CVE-2014-3510
-      o Fix for CVE-2014-3507
-      o Fix for CVE-2014-3506
-      o Fix for CVE-2014-3505
-      o Fix for CVE-2014-3509
-      o Fix for CVE-2014-5139
-      o Fix for CVE-2014-3508
-
-  Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014]
-
-      o Fix for CVE-2014-0224
-      o Fix for CVE-2014-0221
-      o Fix for CVE-2014-0198
-      o Fix for CVE-2014-0195
-      o Fix for CVE-2014-3470
-      o Fix for CVE-2010-5298
-
-  Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014]
-
-      o Fix for CVE-2014-0160
-      o Add TLS padding extension workaround for broken servers.
-      o Fix for CVE-2014-0076
-
-  Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014]
-
-      o Don't include gmt_unix_time in TLS server and client random values
-      o Fix for TLS record tampering bug CVE-2013-4353
-      o Fix for TLS version checking bug CVE-2013-6449
-      o Fix for DTLS retransmission bug CVE-2013-6450
-
-  Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013]:
-
-      o Corrected fix for CVE-2013-0169
-
-  Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013]:
-
-      o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version.
-      o Include the fips configuration module.
-      o Fix OCSP bad key DoS attack CVE-2013-0166
-      o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
-      o Fix for TLS AESNI record handling flaw CVE-2012-2686
-
-  Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c [10 May 2012]:
-
-      o Fix TLS/DTLS record length checking bug CVE-2012-2333
-      o Don't attempt to use non-FIPS composite ciphers in FIPS mode.
-
-  Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b [26 Apr 2012]:
-
-      o Fix compilation error on non-x86 platforms.
-      o Make FIPS capable OpenSSL ciphers work in non-FIPS mode.
-      o Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0
-
-  Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a [19 Apr 2012]:
-
-      o Fix for ASN1 overflow bug CVE-2012-2110
-      o Workarounds for some servers that hang on long client hellos.
-      o Fix SEGV in AES code.
-
-  Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012]:
-
-      o TLS/DTLS heartbeat support.
-      o SCTP support.
-      o RFC 5705 TLS key material exporter.
-      o RFC 5764 DTLS-SRTP negotiation.
-      o Next Protocol Negotiation.
-      o PSS signatures in certificates, requests and CRLs.
-      o Support for password based recipient info for CMS.
-      o Support TLS v1.2 and TLS v1.1.
-      o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
-      o SRP support.
-
-  Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]:
-
-      o Fix for CMS/PKCS#7 MMA CVE-2012-0884
-      o Corrected fix for CVE-2011-4619
-      o Various DTLS fixes.
-
-  Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g [18 Jan 2012]:
-
-      o Fix for DTLS DoS issue CVE-2012-0050
-
-  Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f [4 Jan 2012]:
-
-      o Fix for DTLS plaintext recovery attack CVE-2011-4108
-      o Clear block padding bytes of SSL 3.0 records CVE-2011-4576
-      o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619
-      o Check parameters are not NULL in GOST ENGINE CVE-2012-0027
-      o Check for malformed RFC3779 data CVE-2011-4577
-
-  Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e [6 Sep 2011]:
-
-      o Fix for CRL vulnerability issue CVE-2011-3207
-      o Fix for ECDH crashes CVE-2011-3210
-      o Protection against EC timing attacks.
-      o Support ECDH ciphersuites for certificates using SHA2 algorithms.
-      o Various DTLS fixes.
-
-  Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d [8 Feb 2011]:
-
-      o Fix for security issue CVE-2011-0014
-
-  Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c [2 Dec 2010]:
-
-      o Fix for security issue CVE-2010-4180
-      o Fix for CVE-2010-4252
-      o Fix mishandling of absent EC point format extension.
-      o Fix various platform compilation issues.
-      o Corrected fix for security issue CVE-2010-3864.
-
-  Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b [16 Nov 2010]:
-
-      o Fix for security issue CVE-2010-3864.
-      o Fix for CVE-2010-2939
-      o Fix WIN32 build system for GOST ENGINE.
-
-  Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a [1 Jun 2010]:
-
-      o Fix for security issue CVE-2010-1633.
-      o GOST MAC and CFB fixes.
-
-  Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0 [29 Mar 2010]:
-
-      o RFC3280 path validation: sufficient to process PKITS tests.
-      o Integrated support for PVK files and keyblobs.
-      o Change default private key format to PKCS#8.
-      o CMS support: able to process all examples in RFC4134
-      o Streaming ASN1 encode support for PKCS#7 and CMS.
-      o Multiple signer and signer add support for PKCS#7 and CMS.
-      o ASN1 printing support.
-      o Whirlpool hash algorithm added.
-      o RFC3161 time stamp support.
-      o New generalised public key API supporting ENGINE based algorithms.
-      o New generalised public key API utilities.
-      o New ENGINE supporting GOST algorithms.
-      o SSL/TLS GOST ciphersuite support.
-      o PKCS#7 and CMS GOST support.
-      o RFC4279 PSK ciphersuite support.
-      o Supported points format extension for ECC ciphersuites.
-      o ecdsa-with-SHA224/256/384/512 signature types.
-      o dsa-with-SHA224 and dsa-with-SHA256 signature types.
-      o Opaque PRF Input TLS extension support.
-      o Updated time routines to avoid OS limitations.
-
-  Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]:
-
-      o CFB cipher definition fixes.
-      o Fix security issues CVE-2010-0740 and CVE-2010-0433.
-
-  Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m [25 Feb 2010]:
-
-      o Cipher definition fixes.
-      o Workaround for slow RAND_poll() on some WIN32 versions.
-      o Remove MD2 from algorithm tables.
-      o SPKAC handling fixes.
-      o Support for RFC5746 TLS renegotiation extension.
-      o Compression memory leak fixed.
-      o Compression session resumption fixed.
-      o Ticket and SNI coexistence fixes.
-      o Many fixes to DTLS handling. 
-
-  Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l [5 Nov 2009]:
-
-      o Temporary work around for CVE-2009-3555: disable renegotiation.
-
-  Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k [25 Mar 2009]:
-
-      o Fix various build issues.
-      o Fix security issues (CVE-2009-0590, CVE-2009-0591, CVE-2009-0789)
-
-  Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j [7 Jan 2009]:
-
-      o Fix security issue (CVE-2008-5077)
-      o Merge FIPS 140-2 branch code.
-
-  Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h [28 May 2008]:
-
-      o CryptoAPI ENGINE support.
-      o Various precautionary measures.
-      o Fix for bugs affecting certificate request creation.
-      o Support for local machine keyset attribute in PKCS#12 files.
-
-  Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g [19 Oct 2007]:
-
-      o Backport of CMS functionality to 0.9.8.
-      o Fixes for bugs introduced with 0.9.8f.
-
-  Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f [11 Oct 2007]:
-
-      o Add gcc 4.2 support.
-      o Add support for AES and SSE2 assembly lanugauge optimization
-        for VC++ build.
-      o Support for RFC4507bis and server name extensions if explicitly 
-        selected at compile time.
-      o DTLS improvements.
-      o RFC4507bis support.
-      o TLS Extensions support.
-
-  Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e [23 Feb 2007]:
-
-      o Various ciphersuite selection fixes.
-      o RFC3779 support.
-
-  Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d [28 Sep 2006]:
-
-      o Introduce limits to prevent malicious key DoS  (CVE-2006-2940)
-      o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
-      o Changes to ciphersuite selection algorithm
-
-  Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c [5 Sep 2006]:
-
-      o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
-      o New cipher Camellia
-
-  Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b [4 May 2006]:
-
-      o Cipher string fixes.
-      o Fixes for VC++ 2005.
-      o Updated ECC cipher suite support.
-      o New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free().
-      o Zlib compression usage fixes.
-      o Built in dynamic engine compilation support on Win32.
-      o Fixes auto dynamic engine loading in Win32.
-
-  Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a [11 Oct 2005]:
-
-      o Fix potential SSL 2.0 rollback, CVE-2005-2969
-      o Extended Windows CE support
-
-  Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8 [5 Jul 2005]:
-
-      o Major work on the BIGNUM library for higher efficiency and to
-        make operations more streamlined and less contradictory.  This
-        is the result of a major audit of the BIGNUM library.
-      o Addition of BIGNUM functions for fields GF(2^m) and NIST
-        curves, to support the Elliptic Crypto functions.
-      o Major work on Elliptic Crypto; ECDH and ECDSA added, including
-        the use through EVP, X509 and ENGINE.
-      o New ASN.1 mini-compiler that's usable through the OpenSSL
-        configuration file.
-      o Added support for ASN.1 indefinite length constructed encoding.
-      o New PKCS#12 'medium level' API to manipulate PKCS#12 files.
-      o Complete rework of shared library construction and linking
-        programs with shared or static libraries, through a separate
-        Makefile.shared.
-      o Rework of the passing of parameters from one Makefile to another.
-      o Changed ENGINE framework to load dynamic engine modules
-        automatically from specifically given directories.
-      o New structure and ASN.1 functions for CertificatePair.
-      o Changed the ZLIB compression method to be stateful.
-      o Changed the key-generation and primality testing "progress"
-        mechanism to take a structure that contains the ticker
-        function and an argument.
-      o New engine module: GMP (performs private key exponentiation).
-      o New engine module: VIA PadLOck ACE extension in VIA C3
-        Nehemiah processors.
-      o Added support for IPv6 addresses in certificate extensions.
-        See RFC 1884, section 2.2.
-      o Added support for certificate policy mappings, policy
-        constraints and name constraints.
-      o Added support for multi-valued AVAs in the OpenSSL
-        configuration file.
-      o Added support for multiple certificates with the same subject
-        in the 'openssl ca' index file.
-      o Make it possible to create self-signed certificates using
-        'openssl ca -selfsign'.
-      o Make it possible to generate a serial number file with
-        'openssl ca -create_serial'.
-      o New binary search functions with extended functionality.
-      o New BUF functions.
-      o New STORE structure and library to provide an interface to all
-        sorts of data repositories.  Supports storage of public and
-        private keys, certificates, CRLs, numbers and arbitrary blobs.
-	This library is unfortunately unfinished and unused withing
-	OpenSSL.
-      o New control functions for the error stack.
-      o Changed the PKCS#7 library to support one-pass S/MIME
-        processing.
-      o Added the possibility to compile without old deprecated
-        functionality with the OPENSSL_NO_DEPRECATED macro or the
-        'no-deprecated' argument to the config and Configure scripts.
-      o Constification of all ASN.1 conversion functions, and other
-        affected functions.
-      o Improved platform support for PowerPC.
-      o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512).
-      o New X509_VERIFY_PARAM structure to support parametrisation
-        of X.509 path validation.
-      o Major overhaul of RC4 performance on Intel P4, IA-64 and
-        AMD64.
-      o Changed the Configure script to have some algorithms disabled
-        by default.  Those can be explicitely enabled with the new
-        argument form 'enable-xxx'.
-      o Change the default digest in 'openssl' commands from MD5 to
-        SHA-1.
-      o Added support for DTLS.
-      o New BIGNUM blinding.
-      o Added support for the RSA-PSS encryption scheme
-      o Added support for the RSA X.931 padding.
-      o Added support for BSD sockets on NetWare.
-      o Added support for files larger than 2GB.
-      o Added initial support for Win64.
-      o Added alternate pkg-config files.
-
-  Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m [23 Feb 2007]:
-
-      o FIPS 1.1.1 module linking.
-      o Various ciphersuite selection fixes.
-
-  Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l [28 Sep 2006]:
-
-      o Introduce limits to prevent malicious key DoS  (CVE-2006-2940)
-      o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
-
-  Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k [5 Sep 2006]:
-
-      o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
-
-  Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j [4 May 2006]:
-
-      o Visual C++ 2005 fixes.
-      o Update Windows build system for FIPS.
-
-  Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i [14 Oct 2005]:
-
-      o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build.
-
-  Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005]:
-
-      o Fix SSL 2.0 Rollback, CVE-2005-2969
-      o Allow use of fixed-length exponent on DSA signing
-      o Default fixed-window RSA, DSA, DH private-key operations
-
-  Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g [11 Apr 2005]:
-
-      o More compilation issues fixed.
-      o Adaptation to more modern Kerberos API.
-      o Enhanced or corrected configuration for Solaris64, Mingw and Cygwin.
-      o Enhanced x86_64 assembler BIGNUM module.
-      o More constification.
-      o Added processing of proxy certificates (RFC 3820).
-
-  Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f [22 Mar 2005]:
-
-      o Several compilation issues fixed.
-      o Many memory allocation failure checks added.
-      o Improved comparison of X509 Name type.
-      o Mandatory basic checks on certificates.
-      o Performance improvements.
-
-  Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e [25 Oct 2004]:
-
-      o Fix race condition in CRL checking code.
-      o Fixes to PKCS#7 (S/MIME) code.
-
-  Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d [17 Mar 2004]:
-
-      o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug
-      o Security: Fix null-pointer assignment in do_change_cipher_spec()
-      o Allow multiple active certificates with same subject in CA index
-      o Multiple X509 verification fixes
-      o Speed up HMAC and other operations
-
-  Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c [30 Sep 2003]:
-
-      o Security: fix various ASN1 parsing bugs.
-      o New -ignore_err option to OCSP utility.
-      o Various interop and bug fixes in S/MIME code.
-      o SSL/TLS protocol fix for unrequested client certificates.
-
-  Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b [10 Apr 2003]:
-
-      o Security: counter the Klima-Pokorny-Rosa extension of
-        Bleichbacher's attack 
-      o Security: make RSA blinding default.
-      o Configuration: Irix fixes, AIX fixes, better mingw support.
-      o Support for new platforms: linux-ia64-ecc.
-      o Build: shared library support fixes.
-      o ASN.1: treat domainComponent correctly.
-      o Documentation: fixes and additions.
-
-  Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a [19 Feb 2003]:
-
-      o Security: Important security related bugfixes.
-      o Enhanced compatibility with MIT Kerberos.
-      o Can be built without the ENGINE framework.
-      o IA32 assembler enhancements.
-      o Support for new platforms: FreeBSD/IA64 and FreeBSD/Sparc64.
-      o Configuration: the no-err option now works properly.
-      o SSL/TLS: now handles manual certificate chain building.
-      o SSL/TLS: certain session ID malfunctions corrected.
-
-  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7 [30 Dec 2002]:
-
-      o New library section OCSP.
-      o Complete rewrite of ASN1 code.
-      o CRL checking in verify code and openssl utility.
-      o Extension copying in 'ca' utility.
-      o Flexible display options in 'ca' utility.
-      o Provisional support for international characters with UTF8.
-      o Support for external crypto devices ('engine') is no longer
-        a separate distribution.
-      o New elliptic curve library section.
-      o New AES (Rijndael) library section.
-      o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit,
-        Linux x86_64, Linux 64-bit on Sparc v9
-      o Extended support for some platforms: VxWorks
-      o Enhanced support for shared libraries.
-      o Now only builds PIC code when shared library support is requested.
-      o Support for pkg-config.
-      o Lots of new manuals.
-      o Makes symbolic links to or copies of manuals to cover all described
-        functions.
-      o Change DES API to clean up the namespace (some applications link also
-        against libdes providing similar functions having the same name).
-        Provide macros for backward compatibility (will be removed in the
-        future).
-      o Unify handling of cryptographic algorithms (software and engine)
-        to be available via EVP routines for asymmetric and symmetric ciphers.
-      o NCONF: new configuration handling routines.
-      o Change API to use more 'const' modifiers to improve error checking
-        and help optimizers.
-      o Finally remove references to RSAref.
-      o Reworked parts of the BIGNUM code.
-      o Support for new engines: Broadcom ubsec, Accelerated Encryption
-        Processing, IBM 4758.
-      o A few new engines added in the demos area.
-      o Extended and corrected OID (object identifier) table.
-      o PRNG: query at more locations for a random device, automatic query for
-        EGD style random sources at several locations.
-      o SSL/TLS: allow optional cipher choice according to server's preference.
-      o SSL/TLS: allow server to explicitly set new session ids.
-      o SSL/TLS: support Kerberos cipher suites (RFC2712).
-	Only supports MIT Kerberos for now.
-      o SSL/TLS: allow more precise control of renegotiations and sessions.
-      o SSL/TLS: add callback to retrieve SSL/TLS messages.
-      o SSL/TLS: support AES cipher suites (RFC3268).
-
-  Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k [30 Sep 2003]:
-
-      o Security: fix various ASN1 parsing bugs.
-      o SSL/TLS protocol fix for unrequested client certificates.
-
-  Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j [10 Apr 2003]:
-
-      o Security: counter the Klima-Pokorny-Rosa extension of
-        Bleichbacher's attack 
-      o Security: make RSA blinding default.
-      o Build: shared library support fixes.
-
-  Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i [19 Feb 2003]:
-
-      o Important security related bugfixes.
-
-  Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h [5 Dec 2002]:
-
-      o New configuration targets for Tandem OSS and A/UX.
-      o New OIDs for Microsoft attributes.
-      o Better handling of SSL session caching.
-      o Better comparison of distinguished names.
-      o Better handling of shared libraries in a mixed GNU/non-GNU environment.
-      o Support assembler code with Borland C.
-      o Fixes for length problems.
-      o Fixes for uninitialised variables.
-      o Fixes for memory leaks, some unusual crashes and some race conditions.
-      o Fixes for smaller building problems.
-      o Updates of manuals, FAQ and other instructive documents.
-
-  Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g [9 Aug 2002]:
-
-      o Important building fixes on Unix.
-
-  Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f [8 Aug 2002]:
-
-      o Various important bugfixes.
-
-  Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e [30 Jul 2002]:
-
-      o Important security related bugfixes.
-      o Various SSL/TLS library bugfixes.
-
-  Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d [9 May 2002]:
-
-      o Various SSL/TLS library bugfixes.
-      o Fix DH parameter generation for 'non-standard' generators.
-
-  Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c [21 Dec 2001]:
-
-      o Various SSL/TLS library bugfixes.
-      o BIGNUM library fixes.
-      o RSA OAEP and random number generation fixes.
-      o Object identifiers corrected and added.
-      o Add assembler BN routines for IA64.
-      o Add support for OS/390 Unix, UnixWare with gcc, OpenUNIX 8,
-        MIPS Linux; shared library support for Irix, HP-UX.
-      o Add crypto accelerator support for AEP, Baltimore SureWare,
-        Broadcom and Cryptographic Appliance's keyserver
-        [in 0.9.6c-engine release].
-
-  Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b [9 Jul 2001]:
-
-      o Security fix: PRNG improvements.
-      o Security fix: RSA OAEP check.
-      o Security fix: Reinsert and fix countermeasure to Bleichbacher's
-        attack.
-      o MIPS bug fix in BIGNUM.
-      o Bug fix in "openssl enc".
-      o Bug fix in X.509 printing routine.
-      o Bug fix in DSA verification routine and DSA S/MIME verification.
-      o Bug fix to make PRNG thread-safe.
-      o Bug fix in RAND_file_name().
-      o Bug fix in compatibility mode trust settings.
-      o Bug fix in blowfish EVP.
-      o Increase default size for BIO buffering filter.
-      o Compatibility fixes in some scripts.
-
-  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a [5 Apr 2001]:
-
-      o Security fix: change behavior of OpenSSL to avoid using
-        environment variables when running as root.
-      o Security fix: check the result of RSA-CRT to reduce the
-        possibility of deducing the private key from an incorrectly
-        calculated signature.
-      o Security fix: prevent Bleichenbacher's DSA attack.
-      o Security fix: Zero the premaster secret after deriving the
-        master secret in DH ciphersuites.
-      o Reimplement SSL_peek(), which had various problems.
-      o Compatibility fix: the function des_encrypt() renamed to
-        des_encrypt1() to avoid clashes with some Unixen libc.
-      o Bug fixes for Win32, HP/UX and Irix.
-      o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
-        memory checking routines.
-      o Bug fixes for RSA operations in threaded environments.
-      o Bug fixes in misc. openssl applications.
-      o Remove a few potential memory leaks.
-      o Add tighter checks of BIGNUM routines.
-      o Shared library support has been reworked for generality.
-      o More documentation.
-      o New function BN_rand_range().
-      o Add "-rand" option to openssl s_client and s_server.
-
-  Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6 [10 Oct 2000]:
-
-      o Some documentation for BIO and SSL libraries.
-      o Enhanced chain verification using key identifiers.
-      o New sign and verify options to 'dgst' application.
-      o Support for DER and PEM encoded messages in 'smime' application.
-      o New 'rsautl' application, low level RSA utility.
-      o MD4 now included.
-      o Bugfix for SSL rollback padding check.
-      o Support for external crypto devices [1].
-      o Enhanced EVP interface.
-
-    [1] The support for external crypto devices is currently a separate
-        distribution.  See the file README.ENGINE.
-
-  Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a [1 Apr 2000]:
-
-      o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 
-      o Shared library support for HPUX and Solaris-gcc
-      o Support of Linux/IA64
-      o Assembler support for Mingw32
-      o New 'rand' application
-      o New way to check for existence of algorithms from scripts
-
-  Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5 [25 May 2000]:
-
-      o S/MIME support in new 'smime' command
-      o Documentation for the OpenSSL command line application
-      o Automation of 'req' application
-      o Fixes to make s_client, s_server work under Windows
-      o Support for multiple fieldnames in SPKACs
-      o New SPKAC command line utilty and associated library functions
-      o Options to allow passwords to be obtained from various sources
-      o New public key PEM format and options to handle it
-      o Many other fixes and enhancements to command line utilities
-      o Usable certificate chain verification
-      o Certificate purpose checking
-      o Certificate trust settings
-      o Support of authority information access extension
-      o Extensions in certificate requests
-      o Simplified X509 name and attribute routines
-      o Initial (incomplete) support for international character sets
-      o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD
-      o Read only memory BIOs and simplified creation function
-      o TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0
-        record; allow fragmentation and interleaving of handshake and other
-        data
-      o TLS/SSL code now "tolerates" MS SGC
-      o Work around for Netscape client certificate hang bug
-      o RSA_NULL option that removes RSA patent code but keeps other
-        RSA functionality
-      o Memory leak detection now allows applications to add extra information
-        via a per-thread stack
-      o PRNG robustness improved
-      o EGD support
-      o BIGNUM library bug fixes
-      o Faster DSA parameter generation
-      o Enhanced support for Alpha Linux
-      o Experimental MacOS support
-
-  Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4 [9 Aug 1999]:
-
-      o Transparent support for PKCS#8 format private keys: these are used
-        by several software packages and are more secure than the standard
-        form
-      o PKCS#5 v2.0 implementation
-      o Password callbacks have a new void * argument for application data
-      o Avoid various memory leaks
-      o New pipe-like BIO that allows using the SSL library when actual I/O
-        must be handled by the application (BIO pair)
-
-  Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3 [24 May 1999]:
-      o Lots of enhancements and cleanups to the Configuration mechanism
-      o RSA OEAP related fixes
-      o Added `openssl ca -revoke' option for revoking a certificate
-      o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs
-      o Source tree cleanups: removed lots of obsolete files
-      o Thawte SXNet, certificate policies and CRL distribution points
-        extension support
-      o Preliminary (experimental) S/MIME support
-      o Support for ASN.1 UTF8String and VisibleString
-      o Full integration of PKCS#12 code
-      o Sparc assembler bignum implementation, optimized hash functions
-      o Option to disable selected ciphers
-
-  Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b [22 Mar 1999]:
-      o Fixed a security hole related to session resumption
-      o Fixed RSA encryption routines for the p < q case
-      o "ALL" in cipher lists now means "everything except NULL ciphers"
-      o Support for Triple-DES CBCM cipher
-      o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA
-      o First support for new TLSv1 ciphers
-      o Added a few new BIOs (syslog BIO, reliable BIO)
-      o Extended support for DSA certificate/keys.
-      o Extended support for Certificate Signing Requests (CSR)
-      o Initial support for X.509v3 extensions
-      o Extended support for compression inside the SSL record layer
-      o Overhauled Win32 builds
-      o Cleanups and fixes to the Big Number (BN) library
-      o Support for ASN.1 GeneralizedTime
-      o Splitted ASN.1 SETs from SEQUENCEs
-      o ASN1 and PEM support for Netscape Certificate Sequences
-      o Overhauled Perl interface
-      o Lots of source tree cleanups.
-      o Lots of memory leak fixes.
-      o Lots of bug fixes.
-
-  Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c [23 Dec 1998]:
-      o Integration of the popular NO_RSA/NO_DSA patches
-      o Initial support for compression inside the SSL record layer
-      o Added BIO proxy and filtering functionality
-      o Extended Big Number (BN) library
-      o Added RIPE MD160 message digest
-      o Addeed support for RC2/64bit cipher
-      o Extended ASN.1 parser routines
-      o Adjustations of the source tree for CVS
-      o Support for various new platforms
-

Copied: vendor-crypto/openssl/1.0.1u/NEWS (from rev 11605, vendor-crypto/openssl/dist/NEWS)
===================================================================
--- vendor-crypto/openssl/1.0.1u/NEWS	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/NEWS	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,771 @@
+
+  NEWS
+  ====
+
+  This file gives a brief overview of the major changes between each OpenSSL
+  release. For more details please read the CHANGES file.
+
+  Major changes between OpenSSL 1.0.1t and OpenSSL 1.0.1u [22 Sep 2016]
+
+      o OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
+      o SWEET32 Mitigation (CVE-2016-2183)
+      o OOB write in MDC2_Update() (CVE-2016-6303)
+      o Malformed SHA512 ticket DoS (CVE-2016-6302)
+      o OOB write in BN_bn2dec() (CVE-2016-2182)
+      o OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
+      o Pointer arithmetic undefined behaviour (CVE-2016-2177)
+      o Constant time flag not preserved in DSA signing (CVE-2016-2178)
+      o DTLS buffered message DoS (CVE-2016-2179)
+      o DTLS replay protection DoS (CVE-2016-2181)
+      o Certificate message OOB reads (CVE-2016-6306)
+
+  Major changes between OpenSSL 1.0.1s and OpenSSL 1.0.1t [3 May 2016]
+
+      o Prevent padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
+      o Fix EVP_EncodeUpdate overflow (CVE-2016-2105)
+      o Fix EVP_EncryptUpdate overflow (CVE-2016-2106)
+      o Prevent ASN.1 BIO excessive memory allocation (CVE-2016-2109)
+      o EBCDIC overread (CVE-2016-2176)
+      o Modify behavior of ALPN to invoke callback after SNI/servername
+        callback, such that updates to the SSL_CTX affect ALPN.
+      o Remove LOW from the DEFAULT cipher list.  This removes singles DES from
+        the default.
+      o Only remove the SSLv2 methods with the no-ssl2-method option.
+
+  Major changes between OpenSSL 1.0.1r and OpenSSL 1.0.1s [1 Mar 2016]
+
+      o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
+      o Disable SSLv2 default build, default negotiation and weak ciphers
+        (CVE-2016-0800)
+      o Fix a double-free in DSA code (CVE-2016-0705)
+      o Disable SRP fake user seed to address a server memory leak
+        (CVE-2016-0798)
+      o Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
+        (CVE-2016-0797)
+      o Fix memory issues in BIO_*printf functions (CVE-2016-0799)
+      o Fix side channel attack on modular exponentiation (CVE-2016-0702)
+
+  Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [28 Jan 2016]
+
+      o Protection for DH small subgroup attacks
+      o SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
+
+  Major changes between OpenSSL 1.0.1p and OpenSSL 1.0.1q [3 Dec 2015]
+
+      o Certificate verify crash with missing PSS parameter (CVE-2015-3194)
+      o X509_ATTRIBUTE memory leak (CVE-2015-3195)
+      o Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs
+      o In DSA_generate_parameters_ex, if the provided seed is too short,
+        return an error
+
+  Major changes between OpenSSL 1.0.1o and OpenSSL 1.0.1p [9 Jul 2015]
+
+      o Alternate chains certificate forgery (CVE-2015-1793)
+      o Race condition handling PSK identify hint (CVE-2015-3196)
+
+  Major changes between OpenSSL 1.0.1n and OpenSSL 1.0.1o [12 Jun 2015]
+
+      o Fix HMAC ABI incompatibility
+
+  Major changes between OpenSSL 1.0.1m and OpenSSL 1.0.1n [11 Jun 2015]
+
+      o Malformed ECParameters causes infinite loop (CVE-2015-1788)
+      o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
+      o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
+      o CMS verify infinite loop with unknown hash function (CVE-2015-1792)
+      o Race condition handling NewSessionTicket (CVE-2015-1791)
+
+  Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.1m [19 Mar 2015]
+
+      o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
+      o ASN.1 structure reuse memory corruption fix (CVE-2015-0287)
+      o PKCS7 NULL pointer dereferences fix (CVE-2015-0289)
+      o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293)
+      o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209)
+      o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288)
+      o Removed the export ciphers from the DEFAULT ciphers
+
+  Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015]
+
+      o Build fixes for the Windows and OpenVMS platforms
+
+  Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015]
+
+      o Fix for CVE-2014-3571
+      o Fix for CVE-2015-0206
+      o Fix for CVE-2014-3569
+      o Fix for CVE-2014-3572
+      o Fix for CVE-2015-0204
+      o Fix for CVE-2015-0205
+      o Fix for CVE-2014-8275
+      o Fix for CVE-2014-3570
+
+  Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014]
+
+      o Fix for CVE-2014-3513
+      o Fix for CVE-2014-3567
+      o Mitigation for CVE-2014-3566 (SSL protocol vulnerability)
+      o Fix for CVE-2014-3568
+
+  Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014]
+
+      o Fix for CVE-2014-3512
+      o Fix for CVE-2014-3511
+      o Fix for CVE-2014-3510
+      o Fix for CVE-2014-3507
+      o Fix for CVE-2014-3506
+      o Fix for CVE-2014-3505
+      o Fix for CVE-2014-3509
+      o Fix for CVE-2014-5139
+      o Fix for CVE-2014-3508
+
+  Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014]
+
+      o Fix for CVE-2014-0224
+      o Fix for CVE-2014-0221
+      o Fix for CVE-2014-0198
+      o Fix for CVE-2014-0195
+      o Fix for CVE-2014-3470
+      o Fix for CVE-2010-5298
+
+  Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014]
+
+      o Fix for CVE-2014-0160
+      o Add TLS padding extension workaround for broken servers.
+      o Fix for CVE-2014-0076
+
+  Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014]
+
+      o Don't include gmt_unix_time in TLS server and client random values
+      o Fix for TLS record tampering bug CVE-2013-4353
+      o Fix for TLS version checking bug CVE-2013-6449
+      o Fix for DTLS retransmission bug CVE-2013-6450
+
+  Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013]:
+
+      o Corrected fix for CVE-2013-0169
+
+  Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013]:
+
+      o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version.
+      o Include the fips configuration module.
+      o Fix OCSP bad key DoS attack CVE-2013-0166
+      o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
+      o Fix for TLS AESNI record handling flaw CVE-2012-2686
+
+  Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c [10 May 2012]:
+
+      o Fix TLS/DTLS record length checking bug CVE-2012-2333
+      o Don't attempt to use non-FIPS composite ciphers in FIPS mode.
+
+  Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b [26 Apr 2012]:
+
+      o Fix compilation error on non-x86 platforms.
+      o Make FIPS capable OpenSSL ciphers work in non-FIPS mode.
+      o Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0
+
+  Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a [19 Apr 2012]:
+
+      o Fix for ASN1 overflow bug CVE-2012-2110
+      o Workarounds for some servers that hang on long client hellos.
+      o Fix SEGV in AES code.
+
+  Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012]:
+
+      o TLS/DTLS heartbeat support.
+      o SCTP support.
+      o RFC 5705 TLS key material exporter.
+      o RFC 5764 DTLS-SRTP negotiation.
+      o Next Protocol Negotiation.
+      o PSS signatures in certificates, requests and CRLs.
+      o Support for password based recipient info for CMS.
+      o Support TLS v1.2 and TLS v1.1.
+      o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
+      o SRP support.
+
+  Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]:
+
+      o Fix for CMS/PKCS#7 MMA CVE-2012-0884
+      o Corrected fix for CVE-2011-4619
+      o Various DTLS fixes.
+
+  Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g [18 Jan 2012]:
+
+      o Fix for DTLS DoS issue CVE-2012-0050
+
+  Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f [4 Jan 2012]:
+
+      o Fix for DTLS plaintext recovery attack CVE-2011-4108
+      o Clear block padding bytes of SSL 3.0 records CVE-2011-4576
+      o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619
+      o Check parameters are not NULL in GOST ENGINE CVE-2012-0027
+      o Check for malformed RFC3779 data CVE-2011-4577
+
+  Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e [6 Sep 2011]:
+
+      o Fix for CRL vulnerability issue CVE-2011-3207
+      o Fix for ECDH crashes CVE-2011-3210
+      o Protection against EC timing attacks.
+      o Support ECDH ciphersuites for certificates using SHA2 algorithms.
+      o Various DTLS fixes.
+
+  Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d [8 Feb 2011]:
+
+      o Fix for security issue CVE-2011-0014
+
+  Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c [2 Dec 2010]:
+
+      o Fix for security issue CVE-2010-4180
+      o Fix for CVE-2010-4252
+      o Fix mishandling of absent EC point format extension.
+      o Fix various platform compilation issues.
+      o Corrected fix for security issue CVE-2010-3864.
+
+  Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b [16 Nov 2010]:
+
+      o Fix for security issue CVE-2010-3864.
+      o Fix for CVE-2010-2939
+      o Fix WIN32 build system for GOST ENGINE.
+
+  Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a [1 Jun 2010]:
+
+      o Fix for security issue CVE-2010-1633.
+      o GOST MAC and CFB fixes.
+
+  Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0 [29 Mar 2010]:
+
+      o RFC3280 path validation: sufficient to process PKITS tests.
+      o Integrated support for PVK files and keyblobs.
+      o Change default private key format to PKCS#8.
+      o CMS support: able to process all examples in RFC4134
+      o Streaming ASN1 encode support for PKCS#7 and CMS.
+      o Multiple signer and signer add support for PKCS#7 and CMS.
+      o ASN1 printing support.
+      o Whirlpool hash algorithm added.
+      o RFC3161 time stamp support.
+      o New generalised public key API supporting ENGINE based algorithms.
+      o New generalised public key API utilities.
+      o New ENGINE supporting GOST algorithms.
+      o SSL/TLS GOST ciphersuite support.
+      o PKCS#7 and CMS GOST support.
+      o RFC4279 PSK ciphersuite support.
+      o Supported points format extension for ECC ciphersuites.
+      o ecdsa-with-SHA224/256/384/512 signature types.
+      o dsa-with-SHA224 and dsa-with-SHA256 signature types.
+      o Opaque PRF Input TLS extension support.
+      o Updated time routines to avoid OS limitations.
+
+  Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]:
+
+      o CFB cipher definition fixes.
+      o Fix security issues CVE-2010-0740 and CVE-2010-0433.
+
+  Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m [25 Feb 2010]:
+
+      o Cipher definition fixes.
+      o Workaround for slow RAND_poll() on some WIN32 versions.
+      o Remove MD2 from algorithm tables.
+      o SPKAC handling fixes.
+      o Support for RFC5746 TLS renegotiation extension.
+      o Compression memory leak fixed.
+      o Compression session resumption fixed.
+      o Ticket and SNI coexistence fixes.
+      o Many fixes to DTLS handling. 
+
+  Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l [5 Nov 2009]:
+
+      o Temporary work around for CVE-2009-3555: disable renegotiation.
+
+  Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k [25 Mar 2009]:
+
+      o Fix various build issues.
+      o Fix security issues (CVE-2009-0590, CVE-2009-0591, CVE-2009-0789)
+
+  Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j [7 Jan 2009]:
+
+      o Fix security issue (CVE-2008-5077)
+      o Merge FIPS 140-2 branch code.
+
+  Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h [28 May 2008]:
+
+      o CryptoAPI ENGINE support.
+      o Various precautionary measures.
+      o Fix for bugs affecting certificate request creation.
+      o Support for local machine keyset attribute in PKCS#12 files.
+
+  Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g [19 Oct 2007]:
+
+      o Backport of CMS functionality to 0.9.8.
+      o Fixes for bugs introduced with 0.9.8f.
+
+  Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f [11 Oct 2007]:
+
+      o Add gcc 4.2 support.
+      o Add support for AES and SSE2 assembly lanugauge optimization
+        for VC++ build.
+      o Support for RFC4507bis and server name extensions if explicitly 
+        selected at compile time.
+      o DTLS improvements.
+      o RFC4507bis support.
+      o TLS Extensions support.
+
+  Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e [23 Feb 2007]:
+
+      o Various ciphersuite selection fixes.
+      o RFC3779 support.
+
+  Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d [28 Sep 2006]:
+
+      o Introduce limits to prevent malicious key DoS  (CVE-2006-2940)
+      o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
+      o Changes to ciphersuite selection algorithm
+
+  Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c [5 Sep 2006]:
+
+      o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
+      o New cipher Camellia
+
+  Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b [4 May 2006]:
+
+      o Cipher string fixes.
+      o Fixes for VC++ 2005.
+      o Updated ECC cipher suite support.
+      o New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free().
+      o Zlib compression usage fixes.
+      o Built in dynamic engine compilation support on Win32.
+      o Fixes auto dynamic engine loading in Win32.
+
+  Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a [11 Oct 2005]:
+
+      o Fix potential SSL 2.0 rollback, CVE-2005-2969
+      o Extended Windows CE support
+
+  Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8 [5 Jul 2005]:
+
+      o Major work on the BIGNUM library for higher efficiency and to
+        make operations more streamlined and less contradictory.  This
+        is the result of a major audit of the BIGNUM library.
+      o Addition of BIGNUM functions for fields GF(2^m) and NIST
+        curves, to support the Elliptic Crypto functions.
+      o Major work on Elliptic Crypto; ECDH and ECDSA added, including
+        the use through EVP, X509 and ENGINE.
+      o New ASN.1 mini-compiler that's usable through the OpenSSL
+        configuration file.
+      o Added support for ASN.1 indefinite length constructed encoding.
+      o New PKCS#12 'medium level' API to manipulate PKCS#12 files.
+      o Complete rework of shared library construction and linking
+        programs with shared or static libraries, through a separate
+        Makefile.shared.
+      o Rework of the passing of parameters from one Makefile to another.
+      o Changed ENGINE framework to load dynamic engine modules
+        automatically from specifically given directories.
+      o New structure and ASN.1 functions for CertificatePair.
+      o Changed the ZLIB compression method to be stateful.
+      o Changed the key-generation and primality testing "progress"
+        mechanism to take a structure that contains the ticker
+        function and an argument.
+      o New engine module: GMP (performs private key exponentiation).
+      o New engine module: VIA PadLOck ACE extension in VIA C3
+        Nehemiah processors.
+      o Added support for IPv6 addresses in certificate extensions.
+        See RFC 1884, section 2.2.
+      o Added support for certificate policy mappings, policy
+        constraints and name constraints.
+      o Added support for multi-valued AVAs in the OpenSSL
+        configuration file.
+      o Added support for multiple certificates with the same subject
+        in the 'openssl ca' index file.
+      o Make it possible to create self-signed certificates using
+        'openssl ca -selfsign'.
+      o Make it possible to generate a serial number file with
+        'openssl ca -create_serial'.
+      o New binary search functions with extended functionality.
+      o New BUF functions.
+      o New STORE structure and library to provide an interface to all
+        sorts of data repositories.  Supports storage of public and
+        private keys, certificates, CRLs, numbers and arbitrary blobs.
+	This library is unfortunately unfinished and unused withing
+	OpenSSL.
+      o New control functions for the error stack.
+      o Changed the PKCS#7 library to support one-pass S/MIME
+        processing.
+      o Added the possibility to compile without old deprecated
+        functionality with the OPENSSL_NO_DEPRECATED macro or the
+        'no-deprecated' argument to the config and Configure scripts.
+      o Constification of all ASN.1 conversion functions, and other
+        affected functions.
+      o Improved platform support for PowerPC.
+      o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512).
+      o New X509_VERIFY_PARAM structure to support parametrisation
+        of X.509 path validation.
+      o Major overhaul of RC4 performance on Intel P4, IA-64 and
+        AMD64.
+      o Changed the Configure script to have some algorithms disabled
+        by default.  Those can be explicitely enabled with the new
+        argument form 'enable-xxx'.
+      o Change the default digest in 'openssl' commands from MD5 to
+        SHA-1.
+      o Added support for DTLS.
+      o New BIGNUM blinding.
+      o Added support for the RSA-PSS encryption scheme
+      o Added support for the RSA X.931 padding.
+      o Added support for BSD sockets on NetWare.
+      o Added support for files larger than 2GB.
+      o Added initial support for Win64.
+      o Added alternate pkg-config files.
+
+  Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m [23 Feb 2007]:
+
+      o FIPS 1.1.1 module linking.
+      o Various ciphersuite selection fixes.
+
+  Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l [28 Sep 2006]:
+
+      o Introduce limits to prevent malicious key DoS  (CVE-2006-2940)
+      o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
+
+  Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k [5 Sep 2006]:
+
+      o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
+
+  Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j [4 May 2006]:
+
+      o Visual C++ 2005 fixes.
+      o Update Windows build system for FIPS.
+
+  Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i [14 Oct 2005]:
+
+      o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build.
+
+  Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005]:
+
+      o Fix SSL 2.0 Rollback, CVE-2005-2969
+      o Allow use of fixed-length exponent on DSA signing
+      o Default fixed-window RSA, DSA, DH private-key operations
+
+  Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g [11 Apr 2005]:
+
+      o More compilation issues fixed.
+      o Adaptation to more modern Kerberos API.
+      o Enhanced or corrected configuration for Solaris64, Mingw and Cygwin.
+      o Enhanced x86_64 assembler BIGNUM module.
+      o More constification.
+      o Added processing of proxy certificates (RFC 3820).
+
+  Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f [22 Mar 2005]:
+
+      o Several compilation issues fixed.
+      o Many memory allocation failure checks added.
+      o Improved comparison of X509 Name type.
+      o Mandatory basic checks on certificates.
+      o Performance improvements.
+
+  Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e [25 Oct 2004]:
+
+      o Fix race condition in CRL checking code.
+      o Fixes to PKCS#7 (S/MIME) code.
+
+  Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d [17 Mar 2004]:
+
+      o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug
+      o Security: Fix null-pointer assignment in do_change_cipher_spec()
+      o Allow multiple active certificates with same subject in CA index
+      o Multiple X509 verification fixes
+      o Speed up HMAC and other operations
+
+  Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c [30 Sep 2003]:
+
+      o Security: fix various ASN1 parsing bugs.
+      o New -ignore_err option to OCSP utility.
+      o Various interop and bug fixes in S/MIME code.
+      o SSL/TLS protocol fix for unrequested client certificates.
+
+  Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b [10 Apr 2003]:
+
+      o Security: counter the Klima-Pokorny-Rosa extension of
+        Bleichbacher's attack 
+      o Security: make RSA blinding default.
+      o Configuration: Irix fixes, AIX fixes, better mingw support.
+      o Support for new platforms: linux-ia64-ecc.
+      o Build: shared library support fixes.
+      o ASN.1: treat domainComponent correctly.
+      o Documentation: fixes and additions.
+
+  Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a [19 Feb 2003]:
+
+      o Security: Important security related bugfixes.
+      o Enhanced compatibility with MIT Kerberos.
+      o Can be built without the ENGINE framework.
+      o IA32 assembler enhancements.
+      o Support for new platforms: FreeBSD/IA64 and FreeBSD/Sparc64.
+      o Configuration: the no-err option now works properly.
+      o SSL/TLS: now handles manual certificate chain building.
+      o SSL/TLS: certain session ID malfunctions corrected.
+
+  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7 [30 Dec 2002]:
+
+      o New library section OCSP.
+      o Complete rewrite of ASN1 code.
+      o CRL checking in verify code and openssl utility.
+      o Extension copying in 'ca' utility.
+      o Flexible display options in 'ca' utility.
+      o Provisional support for international characters with UTF8.
+      o Support for external crypto devices ('engine') is no longer
+        a separate distribution.
+      o New elliptic curve library section.
+      o New AES (Rijndael) library section.
+      o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit,
+        Linux x86_64, Linux 64-bit on Sparc v9
+      o Extended support for some platforms: VxWorks
+      o Enhanced support for shared libraries.
+      o Now only builds PIC code when shared library support is requested.
+      o Support for pkg-config.
+      o Lots of new manuals.
+      o Makes symbolic links to or copies of manuals to cover all described
+        functions.
+      o Change DES API to clean up the namespace (some applications link also
+        against libdes providing similar functions having the same name).
+        Provide macros for backward compatibility (will be removed in the
+        future).
+      o Unify handling of cryptographic algorithms (software and engine)
+        to be available via EVP routines for asymmetric and symmetric ciphers.
+      o NCONF: new configuration handling routines.
+      o Change API to use more 'const' modifiers to improve error checking
+        and help optimizers.
+      o Finally remove references to RSAref.
+      o Reworked parts of the BIGNUM code.
+      o Support for new engines: Broadcom ubsec, Accelerated Encryption
+        Processing, IBM 4758.
+      o A few new engines added in the demos area.
+      o Extended and corrected OID (object identifier) table.
+      o PRNG: query at more locations for a random device, automatic query for
+        EGD style random sources at several locations.
+      o SSL/TLS: allow optional cipher choice according to server's preference.
+      o SSL/TLS: allow server to explicitly set new session ids.
+      o SSL/TLS: support Kerberos cipher suites (RFC2712).
+	Only supports MIT Kerberos for now.
+      o SSL/TLS: allow more precise control of renegotiations and sessions.
+      o SSL/TLS: add callback to retrieve SSL/TLS messages.
+      o SSL/TLS: support AES cipher suites (RFC3268).
+
+  Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k [30 Sep 2003]:
+
+      o Security: fix various ASN1 parsing bugs.
+      o SSL/TLS protocol fix for unrequested client certificates.
+
+  Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j [10 Apr 2003]:
+
+      o Security: counter the Klima-Pokorny-Rosa extension of
+        Bleichbacher's attack 
+      o Security: make RSA blinding default.
+      o Build: shared library support fixes.
+
+  Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i [19 Feb 2003]:
+
+      o Important security related bugfixes.
+
+  Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h [5 Dec 2002]:
+
+      o New configuration targets for Tandem OSS and A/UX.
+      o New OIDs for Microsoft attributes.
+      o Better handling of SSL session caching.
+      o Better comparison of distinguished names.
+      o Better handling of shared libraries in a mixed GNU/non-GNU environment.
+      o Support assembler code with Borland C.
+      o Fixes for length problems.
+      o Fixes for uninitialised variables.
+      o Fixes for memory leaks, some unusual crashes and some race conditions.
+      o Fixes for smaller building problems.
+      o Updates of manuals, FAQ and other instructive documents.
+
+  Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g [9 Aug 2002]:
+
+      o Important building fixes on Unix.
+
+  Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f [8 Aug 2002]:
+
+      o Various important bugfixes.
+
+  Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e [30 Jul 2002]:
+
+      o Important security related bugfixes.
+      o Various SSL/TLS library bugfixes.
+
+  Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d [9 May 2002]:
+
+      o Various SSL/TLS library bugfixes.
+      o Fix DH parameter generation for 'non-standard' generators.
+
+  Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c [21 Dec 2001]:
+
+      o Various SSL/TLS library bugfixes.
+      o BIGNUM library fixes.
+      o RSA OAEP and random number generation fixes.
+      o Object identifiers corrected and added.
+      o Add assembler BN routines for IA64.
+      o Add support for OS/390 Unix, UnixWare with gcc, OpenUNIX 8,
+        MIPS Linux; shared library support for Irix, HP-UX.
+      o Add crypto accelerator support for AEP, Baltimore SureWare,
+        Broadcom and Cryptographic Appliance's keyserver
+        [in 0.9.6c-engine release].
+
+  Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b [9 Jul 2001]:
+
+      o Security fix: PRNG improvements.
+      o Security fix: RSA OAEP check.
+      o Security fix: Reinsert and fix countermeasure to Bleichbacher's
+        attack.
+      o MIPS bug fix in BIGNUM.
+      o Bug fix in "openssl enc".
+      o Bug fix in X.509 printing routine.
+      o Bug fix in DSA verification routine and DSA S/MIME verification.
+      o Bug fix to make PRNG thread-safe.
+      o Bug fix in RAND_file_name().
+      o Bug fix in compatibility mode trust settings.
+      o Bug fix in blowfish EVP.
+      o Increase default size for BIO buffering filter.
+      o Compatibility fixes in some scripts.
+
+  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a [5 Apr 2001]:
+
+      o Security fix: change behavior of OpenSSL to avoid using
+        environment variables when running as root.
+      o Security fix: check the result of RSA-CRT to reduce the
+        possibility of deducing the private key from an incorrectly
+        calculated signature.
+      o Security fix: prevent Bleichenbacher's DSA attack.
+      o Security fix: Zero the premaster secret after deriving the
+        master secret in DH ciphersuites.
+      o Reimplement SSL_peek(), which had various problems.
+      o Compatibility fix: the function des_encrypt() renamed to
+        des_encrypt1() to avoid clashes with some Unixen libc.
+      o Bug fixes for Win32, HP/UX and Irix.
+      o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
+        memory checking routines.
+      o Bug fixes for RSA operations in threaded environments.
+      o Bug fixes in misc. openssl applications.
+      o Remove a few potential memory leaks.
+      o Add tighter checks of BIGNUM routines.
+      o Shared library support has been reworked for generality.
+      o More documentation.
+      o New function BN_rand_range().
+      o Add "-rand" option to openssl s_client and s_server.
+
+  Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6 [10 Oct 2000]:
+
+      o Some documentation for BIO and SSL libraries.
+      o Enhanced chain verification using key identifiers.
+      o New sign and verify options to 'dgst' application.
+      o Support for DER and PEM encoded messages in 'smime' application.
+      o New 'rsautl' application, low level RSA utility.
+      o MD4 now included.
+      o Bugfix for SSL rollback padding check.
+      o Support for external crypto devices [1].
+      o Enhanced EVP interface.
+
+    [1] The support for external crypto devices is currently a separate
+        distribution.  See the file README.ENGINE.
+
+  Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a [1 Apr 2000]:
+
+      o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 
+      o Shared library support for HPUX and Solaris-gcc
+      o Support of Linux/IA64
+      o Assembler support for Mingw32
+      o New 'rand' application
+      o New way to check for existence of algorithms from scripts
+
+  Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5 [25 May 2000]:
+
+      o S/MIME support in new 'smime' command
+      o Documentation for the OpenSSL command line application
+      o Automation of 'req' application
+      o Fixes to make s_client, s_server work under Windows
+      o Support for multiple fieldnames in SPKACs
+      o New SPKAC command line utilty and associated library functions
+      o Options to allow passwords to be obtained from various sources
+      o New public key PEM format and options to handle it
+      o Many other fixes and enhancements to command line utilities
+      o Usable certificate chain verification
+      o Certificate purpose checking
+      o Certificate trust settings
+      o Support of authority information access extension
+      o Extensions in certificate requests
+      o Simplified X509 name and attribute routines
+      o Initial (incomplete) support for international character sets
+      o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD
+      o Read only memory BIOs and simplified creation function
+      o TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0
+        record; allow fragmentation and interleaving of handshake and other
+        data
+      o TLS/SSL code now "tolerates" MS SGC
+      o Work around for Netscape client certificate hang bug
+      o RSA_NULL option that removes RSA patent code but keeps other
+        RSA functionality
+      o Memory leak detection now allows applications to add extra information
+        via a per-thread stack
+      o PRNG robustness improved
+      o EGD support
+      o BIGNUM library bug fixes
+      o Faster DSA parameter generation
+      o Enhanced support for Alpha Linux
+      o Experimental MacOS support
+
+  Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4 [9 Aug 1999]:
+
+      o Transparent support for PKCS#8 format private keys: these are used
+        by several software packages and are more secure than the standard
+        form
+      o PKCS#5 v2.0 implementation
+      o Password callbacks have a new void * argument for application data
+      o Avoid various memory leaks
+      o New pipe-like BIO that allows using the SSL library when actual I/O
+        must be handled by the application (BIO pair)
+
+  Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3 [24 May 1999]:
+      o Lots of enhancements and cleanups to the Configuration mechanism
+      o RSA OEAP related fixes
+      o Added `openssl ca -revoke' option for revoking a certificate
+      o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs
+      o Source tree cleanups: removed lots of obsolete files
+      o Thawte SXNet, certificate policies and CRL distribution points
+        extension support
+      o Preliminary (experimental) S/MIME support
+      o Support for ASN.1 UTF8String and VisibleString
+      o Full integration of PKCS#12 code
+      o Sparc assembler bignum implementation, optimized hash functions
+      o Option to disable selected ciphers
+
+  Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b [22 Mar 1999]:
+      o Fixed a security hole related to session resumption
+      o Fixed RSA encryption routines for the p < q case
+      o "ALL" in cipher lists now means "everything except NULL ciphers"
+      o Support for Triple-DES CBCM cipher
+      o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA
+      o First support for new TLSv1 ciphers
+      o Added a few new BIOs (syslog BIO, reliable BIO)
+      o Extended support for DSA certificate/keys.
+      o Extended support for Certificate Signing Requests (CSR)
+      o Initial support for X.509v3 extensions
+      o Extended support for compression inside the SSL record layer
+      o Overhauled Win32 builds
+      o Cleanups and fixes to the Big Number (BN) library
+      o Support for ASN.1 GeneralizedTime
+      o Splitted ASN.1 SETs from SEQUENCEs
+      o ASN1 and PEM support for Netscape Certificate Sequences
+      o Overhauled Perl interface
+      o Lots of source tree cleanups.
+      o Lots of memory leak fixes.
+      o Lots of bug fixes.
+
+  Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c [23 Dec 1998]:
+      o Integration of the popular NO_RSA/NO_DSA patches
+      o Initial support for compression inside the SSL record layer
+      o Added BIO proxy and filtering functionality
+      o Extended Big Number (BN) library
+      o Added RIPE MD160 message digest
+      o Addeed support for RC2/64bit cipher
+      o Extended ASN.1 parser routines
+      o Adjustations of the source tree for CVS
+      o Support for various new platforms
+

Deleted: vendor-crypto/openssl/1.0.1u/README
===================================================================
--- vendor-crypto/openssl/dist/README	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/README	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,118 +0,0 @@
-
- OpenSSL 1.0.1q 3 Dec 2015
-
- Copyright (c) 1998-2015 The OpenSSL Project
- Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
- All rights reserved.
-
- DESCRIPTION
- -----------
-
- The OpenSSL Project is a collaborative effort to develop a robust,
- commercial-grade, fully featured, and Open Source toolkit implementing the
- Secure Sockets Layer (SSLv3) and Transport Layer Security (TLS) protocols as
- well as a full-strength general purpose cryptograpic library. The project is
- managed by a worldwide community of volunteers that use the Internet to
- communicate, plan, and develop the OpenSSL toolkit and its related
- documentation.
-
- OpenSSL is descended from the SSLeay library developed by Eric A. Young
- and Tim J. Hudson.  The OpenSSL toolkit is licensed under a dual-license (the
- OpenSSL license plus the SSLeay license), which means that you are free to
- get and use it for commercial and non-commercial purposes as long as you
- fulfill the conditions of both licenses.
-
- OVERVIEW
- --------
-
- The OpenSSL toolkit includes:
-
- libssl.a:
-     Provides the client and server-side implementations for SSLv3 and TLS.
-
- libcrypto.a:
-     Provides general cryptographic and X.509 support needed by SSL/TLS but
-     not logically part of it.
-
- openssl:
-     A command line tool that can be used for:
-        Creation of key parameters
-        Creation of X.509 certificates, CSRs and CRLs
-        Calculation of message digests
-        Encryption and decryption
-        SSL/TLS client and server tests
-        Handling of S/MIME signed or encrypted mail
-        And more...
-
- INSTALLATION
- ------------
-
- See the appropriate file:
-        INSTALL         Linux, Unix, etc.
-        INSTALL.DJGPP   DOS platform with DJGPP
-        INSTALL.NW      Netware
-        INSTALL.OS2     OS/2
-        INSTALL.VMS     VMS
-        INSTALL.W32     Windows (32bit)
-        INSTALL.W64     Windows (64bit)
-        INSTALL.WCE     Windows CE
-
- SUPPORT
- -------
-
- See the OpenSSL website www.openssl.org for details on how to obtain
- commercial technical support.
-
- If you have any problems with OpenSSL then please take the following steps
- first:
-
-    - Download the current snapshot from ftp://ftp.openssl.org/snapshot/
-      to see if the problem has already been addressed
-    - Remove ASM versions of libraries
-    - Remove compiler optimisation flags
-
- If you wish to report a bug then please include the following information in
- any bug report:
-
-    - On Unix systems:
-        Self-test report generated by 'make report'
-    - On other systems:
-        OpenSSL version: output of 'openssl version -a'
-        OS Name, Version, Hardware platform
-        Compiler Details (name, version)
-    - Application Details (name, version)
-    - Problem Description (steps that will reproduce the problem, if known)
-    - Stack Traceback (if the application dumps core)
-
- Email the report to:
-
-    rt at openssl.org
-
- In order to avoid spam, this is a moderated mailing list, and it might
- take a day for the ticket to show up.  (We also scan posts to make sure
- that security disclosures aren't publically posted by mistake.) Mail to
- this address is recorded in the public RT (request tracker) database (see
- https://www.openssl.org/support/rt.html for details) and also forwarded
- the public openssl-dev mailing list.  Confidential mail may be sent to
- openssl-security at openssl.org (PGP key available from the key servers).
-
- Please do NOT use this for general assistance or support queries.
- Just because something doesn't work the way you expect does not mean it
- is necessarily a bug in OpenSSL.
-
- You can also make GitHub pull requests. If you do this, please also send
- mail to rt at openssl.org with a link to the PR so that we can more easily
- keep track of it.
-
- HOW TO CONTRIBUTE TO OpenSSL
- ----------------------------
-
- See CONTRIBUTING
-
- LEGALITIES
- ----------
-
- A number of nations, in particular the U.S., restrict the use or export
- of cryptography. If you are potentially subject to such restrictions
- you should seek competent professional legal advice before attempting to
- develop or distribute cryptographic code.

Copied: vendor-crypto/openssl/1.0.1u/README (from rev 11605, vendor-crypto/openssl/dist/README)
===================================================================
--- vendor-crypto/openssl/1.0.1u/README	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/README	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,119 @@
+
+ OpenSSL 1.0.1u 22 Sep 2016
+
+ Copyright (c) 1998-2015 The OpenSSL Project
+ Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+ All rights reserved.
+
+ DESCRIPTION
+ -----------
+
+ The OpenSSL Project is a collaborative effort to develop a robust,
+ commercial-grade, fully featured, and Open Source toolkit implementing the
+ Secure Sockets Layer (SSLv3) and Transport Layer Security (TLS) protocols as
+ well as a full-strength general purpose cryptograpic library. The project is
+ managed by a worldwide community of volunteers that use the Internet to
+ communicate, plan, and develop the OpenSSL toolkit and its related
+ documentation.
+
+ OpenSSL is descended from the SSLeay library developed by Eric A. Young
+ and Tim J. Hudson.  The OpenSSL toolkit is licensed under a dual-license (the
+ OpenSSL license plus the SSLeay license), which means that you are free to
+ get and use it for commercial and non-commercial purposes as long as you
+ fulfill the conditions of both licenses.
+
+ OVERVIEW
+ --------
+
+ The OpenSSL toolkit includes:
+
+ libssl.a:
+     Provides the client and server-side implementations for SSLv3 and TLS.
+
+ libcrypto.a:
+     Provides general cryptographic and X.509 support needed by SSL/TLS but
+     not logically part of it.
+
+ openssl:
+     A command line tool that can be used for:
+        Creation of key parameters
+        Creation of X.509 certificates, CSRs and CRLs
+        Calculation of message digests
+        Encryption and decryption
+        SSL/TLS client and server tests
+        Handling of S/MIME signed or encrypted mail
+        And more...
+
+ INSTALLATION
+ ------------
+
+ See the appropriate file:
+        INSTALL         Linux, Unix, etc.
+        INSTALL.DJGPP   DOS platform with DJGPP
+        INSTALL.NW      Netware
+        INSTALL.OS2     OS/2
+        INSTALL.VMS     VMS
+        INSTALL.W32     Windows (32bit)
+        INSTALL.W64     Windows (64bit)
+        INSTALL.WCE     Windows CE
+
+ SUPPORT
+ -------
+
+ See the OpenSSL website www.openssl.org for details on how to obtain
+ commercial technical support.
+
+ If you have any problems with OpenSSL then please take the following steps
+ first:
+
+    - Download the current snapshot from ftp://ftp.openssl.org/snapshot/
+      to see if the problem has already been addressed
+    - Remove ASM versions of libraries
+    - Remove compiler optimisation flags
+
+ If you wish to report a bug then please include the following information in
+ any bug report:
+
+    - On Unix systems:
+        Self-test report generated by 'make report'
+    - On other systems:
+        OpenSSL version: output of 'openssl version -a'
+        OS Name, Version, Hardware platform
+        Compiler Details (name, version)
+    - Application Details (name, version)
+    - Problem Description (steps that will reproduce the problem, if known)
+    - Stack Traceback (if the application dumps core)
+
+ Email the report to:
+
+    rt at openssl.org
+
+ In order to avoid spam, this is a moderated mailing list, and it might
+ take a day for the ticket to show up.  (We also scan posts to make sure
+ that security disclosures aren't publically posted by mistake.) Mail
+ to this address is recorded in the public RT (request tracker) database
+ (see https://www.openssl.org/community/index.html#bugs for details) and
+ also forwarded the public openssl-dev mailing list.  Confidential mail
+ may be sent to openssl-security at openssl.org (PGP key available from the
+ key servers).
+
+ Please do NOT use this for general assistance or support queries.
+ Just because something doesn't work the way you expect does not mean it
+ is necessarily a bug in OpenSSL.
+
+ You can also make GitHub pull requests. If you do this, please also send
+ mail to rt at openssl.org with a link to the PR so that we can more easily
+ keep track of it.
+
+ HOW TO CONTRIBUTE TO OpenSSL
+ ----------------------------
+
+ See CONTRIBUTING
+
+ LEGALITIES
+ ----------
+
+ A number of nations, in particular the U.S., restrict the use or export
+ of cryptography. If you are potentially subject to such restrictions
+ you should seek competent professional legal advice before attempting to
+ develop or distribute cryptographic code.

Deleted: vendor-crypto/openssl/1.0.1u/apps/apps.c
===================================================================
--- vendor-crypto/openssl/dist/apps/apps.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/apps/apps.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,2978 +0,0 @@
-/* apps/apps.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
-/*
- * On VMS, you need to define this to get the declaration of fileno().  The
- * value 2 is to make sure no function defined in POSIX-2 is left undefined.
- */
-# define _POSIX_C_SOURCE 2
-#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <ctype.h>
-#include <errno.h>
-#include <assert.h>
-#include <openssl/err.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/pem.h>
-#include <openssl/pkcs12.h>
-#include <openssl/ui.h>
-#include <openssl/safestack.h>
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
-#ifndef OPENSSL_NO_RSA
-# include <openssl/rsa.h>
-#endif
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_JPAKE
-# include <openssl/jpake.h>
-#endif
-
-#define NON_MAIN
-#include "apps.h"
-#undef NON_MAIN
-
-#ifdef _WIN32
-static int WIN32_rename(const char *from, const char *to);
-# define rename(from,to) WIN32_rename((from),(to))
-#endif
-
-typedef struct {
-    const char *name;
-    unsigned long flag;
-    unsigned long mask;
-} NAME_EX_TBL;
-
-static UI_METHOD *ui_method = NULL;
-
-static int set_table_opts(unsigned long *flags, const char *arg,
-                          const NAME_EX_TBL * in_tbl);
-static int set_multi_opts(unsigned long *flags, const char *arg,
-                          const NAME_EX_TBL * in_tbl);
-
-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
-/* Looks like this stuff is worth moving into separate function */
-static EVP_PKEY *load_netscape_key(BIO *err, BIO *key, const char *file,
-                                   const char *key_descrip, int format);
-#endif
-
-int app_init(long mesgwin);
-#ifdef undef                    /* never finished - probably never will be
-                                 * :-) */
-int args_from_file(char *file, int *argc, char **argv[])
-{
-    FILE *fp;
-    int num, i;
-    unsigned int len;
-    static char *buf = NULL;
-    static char **arg = NULL;
-    char *p;
-
-    fp = fopen(file, "r");
-    if (fp == NULL)
-        return (0);
-
-    if (fseek(fp, 0, SEEK_END) == 0)
-        len = ftell(fp), rewind(fp);
-    else
-        len = -1;
-    if (len <= 0) {
-        fclose(fp);
-        return (0);
-    }
-
-    *argc = 0;
-    *argv = NULL;
-
-    if (buf != NULL)
-        OPENSSL_free(buf);
-    buf = (char *)OPENSSL_malloc(len + 1);
-    if (buf == NULL)
-        return (0);
-
-    len = fread(buf, 1, len, fp);
-    if (len <= 1)
-        return (0);
-    buf[len] = '\0';
-
-    i = 0;
-    for (p = buf; *p; p++)
-        if (*p == '\n')
-            i++;
-    if (arg != NULL)
-        OPENSSL_free(arg);
-    arg = (char **)OPENSSL_malloc(sizeof(char *) * (i * 2));
-
-    *argv = arg;
-    num = 0;
-    p = buf;
-    for (;;) {
-        if (!*p)
-            break;
-        if (*p == '#') {        /* comment line */
-            while (*p && (*p != '\n'))
-                p++;
-            continue;
-        }
-        /* else we have a line */
-        *(arg++) = p;
-        num++;
-        while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n')))
-            p++;
-        if (!*p)
-            break;
-        if (*p == '\n') {
-            *(p++) = '\0';
-            continue;
-        }
-        /* else it is a tab or space */
-        p++;
-        while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
-            p++;
-        if (!*p)
-            break;
-        if (*p == '\n') {
-            p++;
-            continue;
-        }
-        *(arg++) = p++;
-        num++;
-        while (*p && (*p != '\n'))
-            p++;
-        if (!*p)
-            break;
-        /* else *p == '\n' */
-        *(p++) = '\0';
-    }
-    *argc = num;
-    return (1);
-}
-#endif
-
-int str2fmt(char *s)
-{
-    if (s == NULL)
-        return FORMAT_UNDEF;
-    if ((*s == 'D') || (*s == 'd'))
-        return (FORMAT_ASN1);
-    else if ((*s == 'T') || (*s == 't'))
-        return (FORMAT_TEXT);
-    else if ((*s == 'N') || (*s == 'n'))
-        return (FORMAT_NETSCAPE);
-    else if ((*s == 'S') || (*s == 's'))
-        return (FORMAT_SMIME);
-    else if ((*s == 'M') || (*s == 'm'))
-        return (FORMAT_MSBLOB);
-    else if ((*s == '1')
-             || (strcmp(s, "PKCS12") == 0) || (strcmp(s, "pkcs12") == 0)
-             || (strcmp(s, "P12") == 0) || (strcmp(s, "p12") == 0))
-        return (FORMAT_PKCS12);
-    else if ((*s == 'E') || (*s == 'e'))
-        return (FORMAT_ENGINE);
-    else if ((*s == 'P') || (*s == 'p')) {
-        if (s[1] == 'V' || s[1] == 'v')
-            return FORMAT_PVK;
-        else
-            return (FORMAT_PEM);
-    } else
-        return (FORMAT_UNDEF);
-}
-
-#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_NETWARE)
-void program_name(char *in, char *out, int size)
-{
-    int i, n;
-    char *p = NULL;
-
-    n = strlen(in);
-    /* find the last '/', '\' or ':' */
-    for (i = n - 1; i > 0; i--) {
-        if ((in[i] == '/') || (in[i] == '\\') || (in[i] == ':')) {
-            p = &(in[i + 1]);
-            break;
-        }
-    }
-    if (p == NULL)
-        p = in;
-    n = strlen(p);
-
-# if defined(OPENSSL_SYS_NETWARE)
-    /* strip off trailing .nlm if present. */
-    if ((n > 4) && (p[n - 4] == '.') &&
-        ((p[n - 3] == 'n') || (p[n - 3] == 'N')) &&
-        ((p[n - 2] == 'l') || (p[n - 2] == 'L')) &&
-        ((p[n - 1] == 'm') || (p[n - 1] == 'M')))
-        n -= 4;
-# else
-    /* strip off trailing .exe if present. */
-    if ((n > 4) && (p[n - 4] == '.') &&
-        ((p[n - 3] == 'e') || (p[n - 3] == 'E')) &&
-        ((p[n - 2] == 'x') || (p[n - 2] == 'X')) &&
-        ((p[n - 1] == 'e') || (p[n - 1] == 'E')))
-        n -= 4;
-# endif
-
-    if (n > size - 1)
-        n = size - 1;
-
-    for (i = 0; i < n; i++) {
-        if ((p[i] >= 'A') && (p[i] <= 'Z'))
-            out[i] = p[i] - 'A' + 'a';
-        else
-            out[i] = p[i];
-    }
-    out[n] = '\0';
-}
-#else
-# ifdef OPENSSL_SYS_VMS
-void program_name(char *in, char *out, int size)
-{
-    char *p = in, *q;
-    char *chars = ":]>";
-
-    while (*chars != '\0') {
-        q = strrchr(p, *chars);
-        if (q > p)
-            p = q + 1;
-        chars++;
-    }
-
-    q = strrchr(p, '.');
-    if (q == NULL)
-        q = p + strlen(p);
-    strncpy(out, p, size - 1);
-    if (q - p >= size) {
-        out[size - 1] = '\0';
-    } else {
-        out[q - p] = '\0';
-    }
-}
-# else
-void program_name(char *in, char *out, int size)
-{
-    char *p;
-
-    p = strrchr(in, '/');
-    if (p != NULL)
-        p++;
-    else
-        p = in;
-    BUF_strlcpy(out, p, size);
-}
-# endif
-#endif
-
-int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
-{
-    int num, i;
-    char *p;
-
-    *argc = 0;
-    *argv = NULL;
-
-    i = 0;
-    if (arg->count == 0) {
-        arg->count = 20;
-        arg->data = (char **)OPENSSL_malloc(sizeof(char *) * arg->count);
-        if (arg->data == NULL)
-            return 0;
-    }
-    for (i = 0; i < arg->count; i++)
-        arg->data[i] = NULL;
-
-    num = 0;
-    p = buf;
-    for (;;) {
-        /* first scan over white space */
-        if (!*p)
-            break;
-        while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
-            p++;
-        if (!*p)
-            break;
-
-        /* The start of something good :-) */
-        if (num >= arg->count) {
-            char **tmp_p;
-            int tlen = arg->count + 20;
-            tmp_p = (char **)OPENSSL_realloc(arg->data,
-                                             sizeof(char *) * tlen);
-            if (tmp_p == NULL)
-                return 0;
-            arg->data = tmp_p;
-            arg->count = tlen;
-            /* initialize newly allocated data */
-            for (i = num; i < arg->count; i++)
-                arg->data[i] = NULL;
-        }
-        arg->data[num++] = p;
-
-        /* now look for the end of this */
-        if ((*p == '\'') || (*p == '\"')) { /* scan for closing quote */
-            i = *(p++);
-            arg->data[num - 1]++; /* jump over quote */
-            while (*p && (*p != i))
-                p++;
-            *p = '\0';
-        } else {
-            while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n')))
-                p++;
-
-            if (*p == '\0')
-                p--;
-            else
-                *p = '\0';
-        }
-        p++;
-    }
-    *argc = num;
-    *argv = arg->data;
-    return (1);
-}
-
-#ifndef APP_INIT
-int app_init(long mesgwin)
-{
-    return (1);
-}
-#endif
-
-int dump_cert_text(BIO *out, X509 *x)
-{
-    char *p;
-
-    p = X509_NAME_oneline(X509_get_subject_name(x), NULL, 0);
-    BIO_puts(out, "subject=");
-    BIO_puts(out, p);
-    OPENSSL_free(p);
-
-    p = X509_NAME_oneline(X509_get_issuer_name(x), NULL, 0);
-    BIO_puts(out, "\nissuer=");
-    BIO_puts(out, p);
-    BIO_puts(out, "\n");
-    OPENSSL_free(p);
-
-    return 0;
-}
-
-static int ui_open(UI *ui)
-{
-    return UI_method_get_opener(UI_OpenSSL())(ui);
-}
-
-static int ui_read(UI *ui, UI_STRING *uis)
-{
-    if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
-        && UI_get0_user_data(ui)) {
-        switch (UI_get_string_type(uis)) {
-        case UIT_PROMPT:
-        case UIT_VERIFY:
-            {
-                const char *password =
-                    ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
-                if (password && password[0] != '\0') {
-                    UI_set_result(ui, uis, password);
-                    return 1;
-                }
-            }
-        default:
-            break;
-        }
-    }
-    return UI_method_get_reader(UI_OpenSSL())(ui, uis);
-}
-
-static int ui_write(UI *ui, UI_STRING *uis)
-{
-    if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
-        && UI_get0_user_data(ui)) {
-        switch (UI_get_string_type(uis)) {
-        case UIT_PROMPT:
-        case UIT_VERIFY:
-            {
-                const char *password =
-                    ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
-                if (password && password[0] != '\0')
-                    return 1;
-            }
-        default:
-            break;
-        }
-    }
-    return UI_method_get_writer(UI_OpenSSL())(ui, uis);
-}
-
-static int ui_close(UI *ui)
-{
-    return UI_method_get_closer(UI_OpenSSL())(ui);
-}
-
-int setup_ui_method(void)
-{
-    ui_method = UI_create_method("OpenSSL application user interface");
-    UI_method_set_opener(ui_method, ui_open);
-    UI_method_set_reader(ui_method, ui_read);
-    UI_method_set_writer(ui_method, ui_write);
-    UI_method_set_closer(ui_method, ui_close);
-    return 0;
-}
-
-void destroy_ui_method(void)
-{
-    if (ui_method) {
-        UI_destroy_method(ui_method);
-        ui_method = NULL;
-    }
-}
-
-int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
-{
-    UI *ui = NULL;
-    int res = 0;
-    const char *prompt_info = NULL;
-    const char *password = NULL;
-    PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;
-
-    if (cb_data) {
-        if (cb_data->password)
-            password = cb_data->password;
-        if (cb_data->prompt_info)
-            prompt_info = cb_data->prompt_info;
-    }
-
-    if (password) {
-        res = strlen(password);
-        if (res > bufsiz)
-            res = bufsiz;
-        memcpy(buf, password, res);
-        return res;
-    }
-
-    ui = UI_new_method(ui_method);
-    if (ui) {
-        int ok = 0;
-        char *buff = NULL;
-        int ui_flags = 0;
-        char *prompt = NULL;
-
-        prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
-        if (!prompt) {
-            BIO_printf(bio_err, "Out of memory\n");
-            UI_free(ui);
-            return 0;
-        }
-
-        ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
-        UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
-
-        if (ok >= 0)
-            ok = UI_add_input_string(ui, prompt, ui_flags, buf,
-                                     PW_MIN_LENGTH, bufsiz - 1);
-        if (ok >= 0 && verify) {
-            buff = (char *)OPENSSL_malloc(bufsiz);
-            if (!buff) {
-                BIO_printf(bio_err, "Out of memory\n");
-                UI_free(ui);
-                OPENSSL_free(prompt);
-                return 0;
-            }
-            ok = UI_add_verify_string(ui, prompt, ui_flags, buff,
-                                      PW_MIN_LENGTH, bufsiz - 1, buf);
-        }
-        if (ok >= 0)
-            do {
-                ok = UI_process(ui);
-            }
-            while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
-
-        if (buff) {
-            OPENSSL_cleanse(buff, (unsigned int)bufsiz);
-            OPENSSL_free(buff);
-        }
-
-        if (ok >= 0)
-            res = strlen(buf);
-        if (ok == -1) {
-            BIO_printf(bio_err, "User interface error\n");
-            ERR_print_errors(bio_err);
-            OPENSSL_cleanse(buf, (unsigned int)bufsiz);
-            res = 0;
-        }
-        if (ok == -2) {
-            BIO_printf(bio_err, "aborted!\n");
-            OPENSSL_cleanse(buf, (unsigned int)bufsiz);
-            res = 0;
-        }
-        UI_free(ui);
-        OPENSSL_free(prompt);
-    }
-    return res;
-}
-
-static char *app_get_pass(BIO *err, char *arg, int keepbio);
-
-int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2)
-{
-    int same;
-    if (!arg2 || !arg1 || strcmp(arg1, arg2))
-        same = 0;
-    else
-        same = 1;
-    if (arg1) {
-        *pass1 = app_get_pass(err, arg1, same);
-        if (!*pass1)
-            return 0;
-    } else if (pass1)
-        *pass1 = NULL;
-    if (arg2) {
-        *pass2 = app_get_pass(err, arg2, same ? 2 : 0);
-        if (!*pass2)
-            return 0;
-    } else if (pass2)
-        *pass2 = NULL;
-    return 1;
-}
-
-static char *app_get_pass(BIO *err, char *arg, int keepbio)
-{
-    char *tmp, tpass[APP_PASS_LEN];
-    static BIO *pwdbio = NULL;
-    int i;
-    if (!strncmp(arg, "pass:", 5))
-        return BUF_strdup(arg + 5);
-    if (!strncmp(arg, "env:", 4)) {
-        tmp = getenv(arg + 4);
-        if (!tmp) {
-            BIO_printf(err, "Can't read environment variable %s\n", arg + 4);
-            return NULL;
-        }
-        return BUF_strdup(tmp);
-    }
-    if (!keepbio || !pwdbio) {
-        if (!strncmp(arg, "file:", 5)) {
-            pwdbio = BIO_new_file(arg + 5, "r");
-            if (!pwdbio) {
-                BIO_printf(err, "Can't open file %s\n", arg + 5);
-                return NULL;
-            }
-#if !defined(_WIN32)
-            /*
-             * Under _WIN32, which covers even Win64 and CE, file
-             * descriptors referenced by BIO_s_fd are not inherited
-             * by child process and therefore below is not an option.
-             * It could have been an option if bss_fd.c was operating
-             * on real Windows descriptors, such as those obtained
-             * with CreateFile.
-             */
-        } else if (!strncmp(arg, "fd:", 3)) {
-            BIO *btmp;
-            i = atoi(arg + 3);
-            if (i >= 0)
-                pwdbio = BIO_new_fd(i, BIO_NOCLOSE);
-            if ((i < 0) || !pwdbio) {
-                BIO_printf(err, "Can't access file descriptor %s\n", arg + 3);
-                return NULL;
-            }
-            /*
-             * Can't do BIO_gets on an fd BIO so add a buffering BIO
-             */
-            btmp = BIO_new(BIO_f_buffer());
-            pwdbio = BIO_push(btmp, pwdbio);
-#endif
-        } else if (!strcmp(arg, "stdin")) {
-            pwdbio = BIO_new_fp(stdin, BIO_NOCLOSE);
-            if (!pwdbio) {
-                BIO_printf(err, "Can't open BIO for stdin\n");
-                return NULL;
-            }
-        } else {
-            BIO_printf(err, "Invalid password argument \"%s\"\n", arg);
-            return NULL;
-        }
-    }
-    i = BIO_gets(pwdbio, tpass, APP_PASS_LEN);
-    if (keepbio != 1) {
-        BIO_free_all(pwdbio);
-        pwdbio = NULL;
-    }
-    if (i <= 0) {
-        BIO_printf(err, "Error reading password from BIO\n");
-        return NULL;
-    }
-    tmp = strchr(tpass, '\n');
-    if (tmp)
-        *tmp = 0;
-    return BUF_strdup(tpass);
-}
-
-int add_oid_section(BIO *err, CONF *conf)
-{
-    char *p;
-    STACK_OF(CONF_VALUE) *sktmp;
-    CONF_VALUE *cnf;
-    int i;
-    if (!(p = NCONF_get_string(conf, NULL, "oid_section"))) {
-        ERR_clear_error();
-        return 1;
-    }
-    if (!(sktmp = NCONF_get_section(conf, p))) {
-        BIO_printf(err, "problem loading oid section %s\n", p);
-        return 0;
-    }
-    for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
-        cnf = sk_CONF_VALUE_value(sktmp, i);
-        if (OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
-            BIO_printf(err, "problem creating object %s=%s\n",
-                       cnf->name, cnf->value);
-            return 0;
-        }
-    }
-    return 1;
-}
-
-static int load_pkcs12(BIO *err, BIO *in, const char *desc,
-                       pem_password_cb *pem_cb, void *cb_data,
-                       EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
-{
-    const char *pass;
-    char tpass[PEM_BUFSIZE];
-    int len, ret = 0;
-    PKCS12 *p12;
-    p12 = d2i_PKCS12_bio(in, NULL);
-    if (p12 == NULL) {
-        BIO_printf(err, "Error loading PKCS12 file for %s\n", desc);
-        goto die;
-    }
-    /* See if an empty password will do */
-    if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0))
-        pass = "";
-    else {
-        if (!pem_cb)
-            pem_cb = (pem_password_cb *)password_callback;
-        len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data);
-        if (len < 0) {
-            BIO_printf(err, "Passpharse callback error for %s\n", desc);
-            goto die;
-        }
-        if (len < PEM_BUFSIZE)
-            tpass[len] = 0;
-        if (!PKCS12_verify_mac(p12, tpass, len)) {
-            BIO_printf(err,
-                       "Mac verify error (wrong password?) in PKCS12 file for %s\n",
-                       desc);
-            goto die;
-        }
-        pass = tpass;
-    }
-    ret = PKCS12_parse(p12, pass, pkey, cert, ca);
- die:
-    if (p12)
-        PKCS12_free(p12);
-    return ret;
-}
-
-X509 *load_cert(BIO *err, const char *file, int format,
-                const char *pass, ENGINE *e, const char *cert_descrip)
-{
-    X509 *x = NULL;
-    BIO *cert;
-
-    if ((cert = BIO_new(BIO_s_file())) == NULL) {
-        ERR_print_errors(err);
-        goto end;
-    }
-
-    if (file == NULL) {
-#ifdef _IONBF
-# ifndef OPENSSL_NO_SETVBUF_IONBF
-        setvbuf(stdin, NULL, _IONBF, 0);
-# endif                         /* ndef OPENSSL_NO_SETVBUF_IONBF */
-#endif
-        BIO_set_fp(cert, stdin, BIO_NOCLOSE);
-    } else {
-        if (BIO_read_filename(cert, file) <= 0) {
-            BIO_printf(err, "Error opening %s %s\n", cert_descrip, file);
-            ERR_print_errors(err);
-            goto end;
-        }
-    }
-
-    if (format == FORMAT_ASN1)
-        x = d2i_X509_bio(cert, NULL);
-    else if (format == FORMAT_NETSCAPE) {
-        NETSCAPE_X509 *nx;
-        nx = ASN1_item_d2i_bio(ASN1_ITEM_rptr(NETSCAPE_X509), cert, NULL);
-        if (nx == NULL)
-            goto end;
-
-        if ((strncmp(NETSCAPE_CERT_HDR, (char *)nx->header->data,
-                     nx->header->length) != 0)) {
-            NETSCAPE_X509_free(nx);
-            BIO_printf(err, "Error reading header on certificate\n");
-            goto end;
-        }
-        x = nx->cert;
-        nx->cert = NULL;
-        NETSCAPE_X509_free(nx);
-    } else if (format == FORMAT_PEM)
-        x = PEM_read_bio_X509_AUX(cert, NULL,
-                                  (pem_password_cb *)password_callback, NULL);
-    else if (format == FORMAT_PKCS12) {
-        if (!load_pkcs12(err, cert, cert_descrip, NULL, NULL, NULL, &x, NULL))
-            goto end;
-    } else {
-        BIO_printf(err, "bad input format specified for %s\n", cert_descrip);
-        goto end;
-    }
- end:
-    if (x == NULL) {
-        BIO_printf(err, "unable to load certificate\n");
-        ERR_print_errors(err);
-    }
-    if (cert != NULL)
-        BIO_free(cert);
-    return (x);
-}
-
-EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
-                   const char *pass, ENGINE *e, const char *key_descrip)
-{
-    BIO *key = NULL;
-    EVP_PKEY *pkey = NULL;
-    PW_CB_DATA cb_data;
-
-    cb_data.password = pass;
-    cb_data.prompt_info = file;
-
-    if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE)) {
-        BIO_printf(err, "no keyfile specified\n");
-        goto end;
-    }
-#ifndef OPENSSL_NO_ENGINE
-    if (format == FORMAT_ENGINE) {
-        if (!e)
-            BIO_printf(err, "no engine specified\n");
-        else {
-            pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data);
-            if (!pkey) {
-                BIO_printf(err, "cannot load %s from engine\n", key_descrip);
-                ERR_print_errors(err);
-            }
-        }
-        goto end;
-    }
-#endif
-    key = BIO_new(BIO_s_file());
-    if (key == NULL) {
-        ERR_print_errors(err);
-        goto end;
-    }
-    if (file == NULL && maybe_stdin) {
-#ifdef _IONBF
-# ifndef OPENSSL_NO_SETVBUF_IONBF
-        setvbuf(stdin, NULL, _IONBF, 0);
-# endif                         /* ndef OPENSSL_NO_SETVBUF_IONBF */
-#endif
-        BIO_set_fp(key, stdin, BIO_NOCLOSE);
-    } else if (BIO_read_filename(key, file) <= 0) {
-        BIO_printf(err, "Error opening %s %s\n", key_descrip, file);
-        ERR_print_errors(err);
-        goto end;
-    }
-    if (format == FORMAT_ASN1) {
-        pkey = d2i_PrivateKey_bio(key, NULL);
-    } else if (format == FORMAT_PEM) {
-        pkey = PEM_read_bio_PrivateKey(key, NULL,
-                                       (pem_password_cb *)password_callback,
-                                       &cb_data);
-    }
-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
-    else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
-        pkey = load_netscape_key(err, key, file, key_descrip, format);
-#endif
-    else if (format == FORMAT_PKCS12) {
-        if (!load_pkcs12(err, key, key_descrip,
-                         (pem_password_cb *)password_callback, &cb_data,
-                         &pkey, NULL, NULL))
-            goto end;
-    }
-#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) && !defined (OPENSSL_NO_RC4)
-    else if (format == FORMAT_MSBLOB)
-        pkey = b2i_PrivateKey_bio(key);
-    else if (format == FORMAT_PVK)
-        pkey = b2i_PVK_bio(key, (pem_password_cb *)password_callback,
-                           &cb_data);
-#endif
-    else {
-        BIO_printf(err, "bad input format specified for key file\n");
-        goto end;
-    }
- end:
-    if (key != NULL)
-        BIO_free(key);
-    if (pkey == NULL) {
-        BIO_printf(err, "unable to load %s\n", key_descrip);
-        ERR_print_errors(err);
-    }
-    return (pkey);
-}
-
-EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
-                      const char *pass, ENGINE *e, const char *key_descrip)
-{
-    BIO *key = NULL;
-    EVP_PKEY *pkey = NULL;
-    PW_CB_DATA cb_data;
-
-    cb_data.password = pass;
-    cb_data.prompt_info = file;
-
-    if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE)) {
-        BIO_printf(err, "no keyfile specified\n");
-        goto end;
-    }
-#ifndef OPENSSL_NO_ENGINE
-    if (format == FORMAT_ENGINE) {
-        if (!e)
-            BIO_printf(bio_err, "no engine specified\n");
-        else
-            pkey = ENGINE_load_public_key(e, file, ui_method, &cb_data);
-        goto end;
-    }
-#endif
-    key = BIO_new(BIO_s_file());
-    if (key == NULL) {
-        ERR_print_errors(err);
-        goto end;
-    }
-    if (file == NULL && maybe_stdin) {
-#ifdef _IONBF
-# ifndef OPENSSL_NO_SETVBUF_IONBF
-        setvbuf(stdin, NULL, _IONBF, 0);
-# endif                         /* ndef OPENSSL_NO_SETVBUF_IONBF */
-#endif
-        BIO_set_fp(key, stdin, BIO_NOCLOSE);
-    } else if (BIO_read_filename(key, file) <= 0) {
-        BIO_printf(err, "Error opening %s %s\n", key_descrip, file);
-        ERR_print_errors(err);
-        goto end;
-    }
-    if (format == FORMAT_ASN1) {
-        pkey = d2i_PUBKEY_bio(key, NULL);
-    }
-#ifndef OPENSSL_NO_RSA
-    else if (format == FORMAT_ASN1RSA) {
-        RSA *rsa;
-        rsa = d2i_RSAPublicKey_bio(key, NULL);
-        if (rsa) {
-            pkey = EVP_PKEY_new();
-            if (pkey)
-                EVP_PKEY_set1_RSA(pkey, rsa);
-            RSA_free(rsa);
-        } else
-            pkey = NULL;
-    } else if (format == FORMAT_PEMRSA) {
-        RSA *rsa;
-        rsa = PEM_read_bio_RSAPublicKey(key, NULL,
-                                        (pem_password_cb *)password_callback,
-                                        &cb_data);
-        if (rsa) {
-            pkey = EVP_PKEY_new();
-            if (pkey)
-                EVP_PKEY_set1_RSA(pkey, rsa);
-            RSA_free(rsa);
-        } else
-            pkey = NULL;
-    }
-#endif
-    else if (format == FORMAT_PEM) {
-        pkey = PEM_read_bio_PUBKEY(key, NULL,
-                                   (pem_password_cb *)password_callback,
-                                   &cb_data);
-    }
-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
-    else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
-        pkey = load_netscape_key(err, key, file, key_descrip, format);
-#endif
-#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
-    else if (format == FORMAT_MSBLOB)
-        pkey = b2i_PublicKey_bio(key);
-#endif
-    else {
-        BIO_printf(err, "bad input format specified for key file\n");
-        goto end;
-    }
- end:
-    if (key != NULL)
-        BIO_free(key);
-    if (pkey == NULL)
-        BIO_printf(err, "unable to load %s\n", key_descrip);
-    return (pkey);
-}
-
-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
-static EVP_PKEY *load_netscape_key(BIO *err, BIO *key, const char *file,
-                                   const char *key_descrip, int format)
-{
-    EVP_PKEY *pkey;
-    BUF_MEM *buf;
-    RSA *rsa;
-    const unsigned char *p;
-    int size, i;
-
-    buf = BUF_MEM_new();
-    pkey = EVP_PKEY_new();
-    size = 0;
-    if (buf == NULL || pkey == NULL)
-        goto error;
-    for (;;) {
-        if (!BUF_MEM_grow_clean(buf, size + 1024 * 10))
-            goto error;
-        i = BIO_read(key, &(buf->data[size]), 1024 * 10);
-        size += i;
-        if (i == 0)
-            break;
-        if (i < 0) {
-            BIO_printf(err, "Error reading %s %s", key_descrip, file);
-            goto error;
-        }
-    }
-    p = (unsigned char *)buf->data;
-    rsa = d2i_RSA_NET(NULL, &p, (long)size, NULL,
-                      (format == FORMAT_IISSGC ? 1 : 0));
-    if (rsa == NULL)
-        goto error;
-    BUF_MEM_free(buf);
-    EVP_PKEY_set1_RSA(pkey, rsa);
-    return pkey;
- error:
-    BUF_MEM_free(buf);
-    EVP_PKEY_free(pkey);
-    return NULL;
-}
-#endif                          /* ndef OPENSSL_NO_RC4 */
-
-static int load_certs_crls(BIO *err, const char *file, int format,
-                           const char *pass, ENGINE *e, const char *desc,
-                           STACK_OF(X509) **pcerts,
-                           STACK_OF(X509_CRL) **pcrls)
-{
-    int i;
-    BIO *bio;
-    STACK_OF(X509_INFO) *xis = NULL;
-    X509_INFO *xi;
-    PW_CB_DATA cb_data;
-    int rv = 0;
-
-    cb_data.password = pass;
-    cb_data.prompt_info = file;
-
-    if (format != FORMAT_PEM) {
-        BIO_printf(err, "bad input format specified for %s\n", desc);
-        return 0;
-    }
-
-    if (file == NULL)
-        bio = BIO_new_fp(stdin, BIO_NOCLOSE);
-    else
-        bio = BIO_new_file(file, "r");
-
-    if (bio == NULL) {
-        BIO_printf(err, "Error opening %s %s\n", desc, file ? file : "stdin");
-        ERR_print_errors(err);
-        return 0;
-    }
-
-    xis = PEM_X509_INFO_read_bio(bio, NULL,
-                                 (pem_password_cb *)password_callback,
-                                 &cb_data);
-
-    BIO_free(bio);
-
-    if (pcerts) {
-        *pcerts = sk_X509_new_null();
-        if (!*pcerts)
-            goto end;
-    }
-
-    if (pcrls) {
-        *pcrls = sk_X509_CRL_new_null();
-        if (!*pcrls)
-            goto end;
-    }
-
-    for (i = 0; i < sk_X509_INFO_num(xis); i++) {
-        xi = sk_X509_INFO_value(xis, i);
-        if (xi->x509 && pcerts) {
-            if (!sk_X509_push(*pcerts, xi->x509))
-                goto end;
-            xi->x509 = NULL;
-        }
-        if (xi->crl && pcrls) {
-            if (!sk_X509_CRL_push(*pcrls, xi->crl))
-                goto end;
-            xi->crl = NULL;
-        }
-    }
-
-    if (pcerts && sk_X509_num(*pcerts) > 0)
-        rv = 1;
-
-    if (pcrls && sk_X509_CRL_num(*pcrls) > 0)
-        rv = 1;
-
- end:
-
-    if (xis)
-        sk_X509_INFO_pop_free(xis, X509_INFO_free);
-
-    if (rv == 0) {
-        if (pcerts) {
-            sk_X509_pop_free(*pcerts, X509_free);
-            *pcerts = NULL;
-        }
-        if (pcrls) {
-            sk_X509_CRL_pop_free(*pcrls, X509_CRL_free);
-            *pcrls = NULL;
-        }
-        BIO_printf(err, "unable to load %s\n",
-                   pcerts ? "certificates" : "CRLs");
-        ERR_print_errors(err);
-    }
-    return rv;
-}
-
-STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
-                           const char *pass, ENGINE *e, const char *desc)
-{
-    STACK_OF(X509) *certs;
-    if (!load_certs_crls(err, file, format, pass, e, desc, &certs, NULL))
-        return NULL;
-    return certs;
-}
-
-STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format,
-                              const char *pass, ENGINE *e, const char *desc)
-{
-    STACK_OF(X509_CRL) *crls;
-    if (!load_certs_crls(err, file, format, pass, e, desc, NULL, &crls))
-        return NULL;
-    return crls;
-}
-
-#define X509V3_EXT_UNKNOWN_MASK         (0xfL << 16)
-/* Return error for unknown extensions */
-#define X509V3_EXT_DEFAULT              0
-/* Print error for unknown extensions */
-#define X509V3_EXT_ERROR_UNKNOWN        (1L << 16)
-/* ASN1 parse unknown extensions */
-#define X509V3_EXT_PARSE_UNKNOWN        (2L << 16)
-/* BIO_dump unknown extensions */
-#define X509V3_EXT_DUMP_UNKNOWN         (3L << 16)
-
-#define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | \
-                         X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION)
-
-int set_cert_ex(unsigned long *flags, const char *arg)
-{
-    static const NAME_EX_TBL cert_tbl[] = {
-        {"compatible", X509_FLAG_COMPAT, 0xffffffffl},
-        {"ca_default", X509_FLAG_CA, 0xffffffffl},
-        {"no_header", X509_FLAG_NO_HEADER, 0},
-        {"no_version", X509_FLAG_NO_VERSION, 0},
-        {"no_serial", X509_FLAG_NO_SERIAL, 0},
-        {"no_signame", X509_FLAG_NO_SIGNAME, 0},
-        {"no_validity", X509_FLAG_NO_VALIDITY, 0},
-        {"no_subject", X509_FLAG_NO_SUBJECT, 0},
-        {"no_issuer", X509_FLAG_NO_ISSUER, 0},
-        {"no_pubkey", X509_FLAG_NO_PUBKEY, 0},
-        {"no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
-        {"no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
-        {"no_aux", X509_FLAG_NO_AUX, 0},
-        {"no_attributes", X509_FLAG_NO_ATTRIBUTES, 0},
-        {"ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
-        {"ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
-        {"ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
-        {"ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
-        {NULL, 0, 0}
-    };
-    return set_multi_opts(flags, arg, cert_tbl);
-}
-
-int set_name_ex(unsigned long *flags, const char *arg)
-{
-    static const NAME_EX_TBL ex_tbl[] = {
-        {"esc_2253", ASN1_STRFLGS_ESC_2253, 0},
-        {"esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
-        {"esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
-        {"use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
-        {"utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
-        {"ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
-        {"show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
-        {"dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
-        {"dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
-        {"dump_der", ASN1_STRFLGS_DUMP_DER, 0},
-        {"compat", XN_FLAG_COMPAT, 0xffffffffL},
-        {"sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
-        {"sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
-        {"sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
-        {"sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
-        {"dn_rev", XN_FLAG_DN_REV, 0},
-        {"nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
-        {"sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
-        {"lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
-        {"align", XN_FLAG_FN_ALIGN, 0},
-        {"oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
-        {"space_eq", XN_FLAG_SPC_EQ, 0},
-        {"dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
-        {"RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
-        {"oneline", XN_FLAG_ONELINE, 0xffffffffL},
-        {"multiline", XN_FLAG_MULTILINE, 0xffffffffL},
-        {"ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
-        {NULL, 0, 0}
-    };
-    if (set_multi_opts(flags, arg, ex_tbl) == 0)
-        return 0;
-    if ((*flags & XN_FLAG_SEP_MASK) == 0)
-        *flags |= XN_FLAG_SEP_CPLUS_SPC;
-    return 1;
-}
-
-int set_ext_copy(int *copy_type, const char *arg)
-{
-    if (!strcasecmp(arg, "none"))
-        *copy_type = EXT_COPY_NONE;
-    else if (!strcasecmp(arg, "copy"))
-        *copy_type = EXT_COPY_ADD;
-    else if (!strcasecmp(arg, "copyall"))
-        *copy_type = EXT_COPY_ALL;
-    else
-        return 0;
-    return 1;
-}
-
-int copy_extensions(X509 *x, X509_REQ *req, int copy_type)
-{
-    STACK_OF(X509_EXTENSION) *exts = NULL;
-    X509_EXTENSION *ext, *tmpext;
-    ASN1_OBJECT *obj;
-    int i, idx, ret = 0;
-    if (!x || !req || (copy_type == EXT_COPY_NONE))
-        return 1;
-    exts = X509_REQ_get_extensions(req);
-
-    for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
-        ext = sk_X509_EXTENSION_value(exts, i);
-        obj = X509_EXTENSION_get_object(ext);
-        idx = X509_get_ext_by_OBJ(x, obj, -1);
-        /* Does extension exist? */
-        if (idx != -1) {
-            /* If normal copy don't override existing extension */
-            if (copy_type == EXT_COPY_ADD)
-                continue;
-            /* Delete all extensions of same type */
-            do {
-                tmpext = X509_get_ext(x, idx);
-                X509_delete_ext(x, idx);
-                X509_EXTENSION_free(tmpext);
-                idx = X509_get_ext_by_OBJ(x, obj, -1);
-            } while (idx != -1);
-        }
-        if (!X509_add_ext(x, ext, -1))
-            goto end;
-    }
-
-    ret = 1;
-
- end:
-
-    sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
-
-    return ret;
-}
-
-static int set_multi_opts(unsigned long *flags, const char *arg,
-                          const NAME_EX_TBL * in_tbl)
-{
-    STACK_OF(CONF_VALUE) *vals;
-    CONF_VALUE *val;
-    int i, ret = 1;
-    if (!arg)
-        return 0;
-    vals = X509V3_parse_list(arg);
-    for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
-        val = sk_CONF_VALUE_value(vals, i);
-        if (!set_table_opts(flags, val->name, in_tbl))
-            ret = 0;
-    }
-    sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
-    return ret;
-}
-
-static int set_table_opts(unsigned long *flags, const char *arg,
-                          const NAME_EX_TBL * in_tbl)
-{
-    char c;
-    const NAME_EX_TBL *ptbl;
-    c = arg[0];
-
-    if (c == '-') {
-        c = 0;
-        arg++;
-    } else if (c == '+') {
-        c = 1;
-        arg++;
-    } else
-        c = 1;
-
-    for (ptbl = in_tbl; ptbl->name; ptbl++) {
-        if (!strcasecmp(arg, ptbl->name)) {
-            *flags &= ~ptbl->mask;
-            if (c)
-                *flags |= ptbl->flag;
-            else
-                *flags &= ~ptbl->flag;
-            return 1;
-        }
-    }
-    return 0;
-}
-
-void print_name(BIO *out, const char *title, X509_NAME *nm,
-                unsigned long lflags)
-{
-    char *buf;
-    char mline = 0;
-    int indent = 0;
-
-    if (title)
-        BIO_puts(out, title);
-    if ((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
-        mline = 1;
-        indent = 4;
-    }
-    if (lflags == XN_FLAG_COMPAT) {
-        buf = X509_NAME_oneline(nm, 0, 0);
-        BIO_puts(out, buf);
-        BIO_puts(out, "\n");
-        OPENSSL_free(buf);
-    } else {
-        if (mline)
-            BIO_puts(out, "\n");
-        X509_NAME_print_ex(out, nm, indent, lflags);
-        BIO_puts(out, "\n");
-    }
-}
-
-X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath)
-{
-    X509_STORE *store;
-    X509_LOOKUP *lookup;
-    if (!(store = X509_STORE_new()))
-        goto end;
-    lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
-    if (lookup == NULL)
-        goto end;
-    if (CAfile) {
-        if (!X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM)) {
-            BIO_printf(bp, "Error loading file %s\n", CAfile);
-            goto end;
-        }
-    } else
-        X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
-
-    lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
-    if (lookup == NULL)
-        goto end;
-    if (CApath) {
-        if (!X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM)) {
-            BIO_printf(bp, "Error loading directory %s\n", CApath);
-            goto end;
-        }
-    } else
-        X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
-
-    ERR_clear_error();
-    return store;
- end:
-    X509_STORE_free(store);
-    return NULL;
-}
-
-#ifndef OPENSSL_NO_ENGINE
-/* Try to load an engine in a shareable library */
-static ENGINE *try_load_engine(BIO *err, const char *engine, int debug)
-{
-    ENGINE *e = ENGINE_by_id("dynamic");
-    if (e) {
-        if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)
-            || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)) {
-            ENGINE_free(e);
-            e = NULL;
-        }
-    }
-    return e;
-}
-
-ENGINE *setup_engine(BIO *err, const char *engine, int debug)
-{
-    ENGINE *e = NULL;
-
-    if (engine) {
-        if (strcmp(engine, "auto") == 0) {
-            BIO_printf(err, "enabling auto ENGINE support\n");
-            ENGINE_register_all_complete();
-            return NULL;
-        }
-        if ((e = ENGINE_by_id(engine)) == NULL
-            && (e = try_load_engine(err, engine, debug)) == NULL) {
-            BIO_printf(err, "invalid engine \"%s\"\n", engine);
-            ERR_print_errors(err);
-            return NULL;
-        }
-        if (debug) {
-            ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, 0, err, 0);
-        }
-        ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
-        if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
-            BIO_printf(err, "can't use that engine\n");
-            ERR_print_errors(err);
-            ENGINE_free(e);
-            return NULL;
-        }
-
-        BIO_printf(err, "engine \"%s\" set.\n", ENGINE_get_id(e));
-
-        /* Free our "structural" reference. */
-        ENGINE_free(e);
-    }
-    return e;
-}
-#endif
-
-int load_config(BIO *err, CONF *cnf)
-{
-    static int load_config_called = 0;
-    if (load_config_called)
-        return 1;
-    load_config_called = 1;
-    if (!cnf)
-        cnf = config;
-    if (!cnf)
-        return 1;
-
-    OPENSSL_load_builtin_modules();
-
-    if (CONF_modules_load(cnf, NULL, 0) <= 0) {
-        BIO_printf(err, "Error configuring OpenSSL\n");
-        ERR_print_errors(err);
-        return 0;
-    }
-    return 1;
-}
-
-char *make_config_name()
-{
-    const char *t = X509_get_default_cert_area();
-    size_t len;
-    char *p;
-
-    len = strlen(t) + strlen(OPENSSL_CONF) + 2;
-    p = OPENSSL_malloc(len);
-    if (p == NULL)
-        return NULL;
-    BUF_strlcpy(p, t, len);
-#ifndef OPENSSL_SYS_VMS
-    BUF_strlcat(p, "/", len);
-#endif
-    BUF_strlcat(p, OPENSSL_CONF, len);
-
-    return p;
-}
-
-static unsigned long index_serial_hash(const OPENSSL_CSTRING *a)
-{
-    const char *n;
-
-    n = a[DB_serial];
-    while (*n == '0')
-        n++;
-    return (lh_strhash(n));
-}
-
-static int index_serial_cmp(const OPENSSL_CSTRING *a,
-                            const OPENSSL_CSTRING *b)
-{
-    const char *aa, *bb;
-
-    for (aa = a[DB_serial]; *aa == '0'; aa++) ;
-    for (bb = b[DB_serial]; *bb == '0'; bb++) ;
-    return (strcmp(aa, bb));
-}
-
-static int index_name_qual(char **a)
-{
-    return (a[0][0] == 'V');
-}
-
-static unsigned long index_name_hash(const OPENSSL_CSTRING *a)
-{
-    return (lh_strhash(a[DB_name]));
-}
-
-int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
-{
-    return (strcmp(a[DB_name], b[DB_name]));
-}
-
-static IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING)
-static IMPLEMENT_LHASH_COMP_FN(index_serial, OPENSSL_CSTRING)
-static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING)
-static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING)
-#undef BSIZE
-#define BSIZE 256
-BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
-{
-    BIO *in = NULL;
-    BIGNUM *ret = NULL;
-    MS_STATIC char buf[1024];
-    ASN1_INTEGER *ai = NULL;
-
-    ai = ASN1_INTEGER_new();
-    if (ai == NULL)
-        goto err;
-
-    if ((in = BIO_new(BIO_s_file())) == NULL) {
-        ERR_print_errors(bio_err);
-        goto err;
-    }
-
-    if (BIO_read_filename(in, serialfile) <= 0) {
-        if (!create) {
-            perror(serialfile);
-            goto err;
-        } else {
-            ret = BN_new();
-            if (ret == NULL || !rand_serial(ret, ai))
-                BIO_printf(bio_err, "Out of memory\n");
-        }
-    } else {
-        if (!a2i_ASN1_INTEGER(in, ai, buf, 1024)) {
-            BIO_printf(bio_err, "unable to load number from %s\n",
-                       serialfile);
-            goto err;
-        }
-        ret = ASN1_INTEGER_to_BN(ai, NULL);
-        if (ret == NULL) {
-            BIO_printf(bio_err,
-                       "error converting number from bin to BIGNUM\n");
-            goto err;
-        }
-    }
-
-    if (ret && retai) {
-        *retai = ai;
-        ai = NULL;
-    }
- err:
-    if (in != NULL)
-        BIO_free(in);
-    if (ai != NULL)
-        ASN1_INTEGER_free(ai);
-    return (ret);
-}
-
-int save_serial(char *serialfile, char *suffix, BIGNUM *serial,
-                ASN1_INTEGER **retai)
-{
-    char buf[1][BSIZE];
-    BIO *out = NULL;
-    int ret = 0;
-    ASN1_INTEGER *ai = NULL;
-    int j;
-
-    if (suffix == NULL)
-        j = strlen(serialfile);
-    else
-        j = strlen(serialfile) + strlen(suffix) + 1;
-    if (j >= BSIZE) {
-        BIO_printf(bio_err, "file name too long\n");
-        goto err;
-    }
-
-    if (suffix == NULL)
-        BUF_strlcpy(buf[0], serialfile, BSIZE);
-    else {
-#ifndef OPENSSL_SYS_VMS
-        j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);
-#else
-        j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
-#endif
-    }
-#ifdef RL_DEBUG
-    BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
-#endif
-    out = BIO_new(BIO_s_file());
-    if (out == NULL) {
-        ERR_print_errors(bio_err);
-        goto err;
-    }
-    if (BIO_write_filename(out, buf[0]) <= 0) {
-        perror(serialfile);
-        goto err;
-    }
-
-    if ((ai = BN_to_ASN1_INTEGER(serial, NULL)) == NULL) {
-        BIO_printf(bio_err, "error converting serial to ASN.1 format\n");
-        goto err;
-    }
-    i2a_ASN1_INTEGER(out, ai);
-    BIO_puts(out, "\n");
-    ret = 1;
-    if (retai) {
-        *retai = ai;
-        ai = NULL;
-    }
- err:
-    if (out != NULL)
-        BIO_free_all(out);
-    if (ai != NULL)
-        ASN1_INTEGER_free(ai);
-    return (ret);
-}
-
-int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
-{
-    char buf[5][BSIZE];
-    int i, j;
-
-    i = strlen(serialfile) + strlen(old_suffix);
-    j = strlen(serialfile) + strlen(new_suffix);
-    if (i > j)
-        j = i;
-    if (j + 1 >= BSIZE) {
-        BIO_printf(bio_err, "file name too long\n");
-        goto err;
-    }
-#ifndef OPENSSL_SYS_VMS
-    j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, new_suffix);
-#else
-    j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, new_suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
-    j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", serialfile, old_suffix);
-#else
-    j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", serialfile, old_suffix);
-#endif
-#ifdef RL_DEBUG
-    BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
-               serialfile, buf[1]);
-#endif
-    if (rename(serialfile, buf[1]) < 0 && errno != ENOENT
-#ifdef ENOTDIR
-        && errno != ENOTDIR
-#endif
-        ) {
-        BIO_printf(bio_err,
-                   "unable to rename %s to %s\n", serialfile, buf[1]);
-        perror("reason");
-        goto err;
-    }
-#ifdef RL_DEBUG
-    BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
-               buf[0], serialfile);
-#endif
-    if (rename(buf[0], serialfile) < 0) {
-        BIO_printf(bio_err,
-                   "unable to rename %s to %s\n", buf[0], serialfile);
-        perror("reason");
-        rename(buf[1], serialfile);
-        goto err;
-    }
-    return 1;
- err:
-    return 0;
-}
-
-int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)
-{
-    BIGNUM *btmp;
-    int ret = 0;
-    if (b)
-        btmp = b;
-    else
-        btmp = BN_new();
-
-    if (!btmp)
-        return 0;
-
-    if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0))
-        goto error;
-    if (ai && !BN_to_ASN1_INTEGER(btmp, ai))
-        goto error;
-
-    ret = 1;
-
- error:
-
-    if (!b)
-        BN_free(btmp);
-
-    return ret;
-}
-
-CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
-{
-    CA_DB *retdb = NULL;
-    TXT_DB *tmpdb = NULL;
-    BIO *in = BIO_new(BIO_s_file());
-    CONF *dbattr_conf = NULL;
-    char buf[1][BSIZE];
-    long errorline = -1;
-
-    if (in == NULL) {
-        ERR_print_errors(bio_err);
-        goto err;
-    }
-    if (BIO_read_filename(in, dbfile) <= 0) {
-        perror(dbfile);
-        BIO_printf(bio_err, "unable to open '%s'\n", dbfile);
-        goto err;
-    }
-    if ((tmpdb = TXT_DB_read(in, DB_NUMBER)) == NULL)
-        goto err;
-
-#ifndef OPENSSL_SYS_VMS
-    BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile);
-#else
-    BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile);
-#endif
-    dbattr_conf = NCONF_new(NULL);
-    if (NCONF_load(dbattr_conf, buf[0], &errorline) <= 0) {
-        if (errorline > 0) {
-            BIO_printf(bio_err,
-                       "error on line %ld of db attribute file '%s'\n",
-                       errorline, buf[0]);
-            goto err;
-        } else {
-            NCONF_free(dbattr_conf);
-            dbattr_conf = NULL;
-        }
-    }
-
-    if ((retdb = OPENSSL_malloc(sizeof(CA_DB))) == NULL) {
-        fprintf(stderr, "Out of memory\n");
-        goto err;
-    }
-
-    retdb->db = tmpdb;
-    tmpdb = NULL;
-    if (db_attr)
-        retdb->attributes = *db_attr;
-    else {
-        retdb->attributes.unique_subject = 1;
-    }
-
-    if (dbattr_conf) {
-        char *p = NCONF_get_string(dbattr_conf, NULL, "unique_subject");
-        if (p) {
-#ifdef RL_DEBUG
-            BIO_printf(bio_err,
-                       "DEBUG[load_index]: unique_subject = \"%s\"\n", p);
-#endif
-            retdb->attributes.unique_subject = parse_yesno(p, 1);
-        }
-    }
-
- err:
-    if (dbattr_conf)
-        NCONF_free(dbattr_conf);
-    if (tmpdb)
-        TXT_DB_free(tmpdb);
-    if (in)
-        BIO_free_all(in);
-    return retdb;
-}
-
-int index_index(CA_DB *db)
-{
-    if (!TXT_DB_create_index(db->db, DB_serial, NULL,
-                             LHASH_HASH_FN(index_serial),
-                             LHASH_COMP_FN(index_serial))) {
-        BIO_printf(bio_err,
-                   "error creating serial number index:(%ld,%ld,%ld)\n",
-                   db->db->error, db->db->arg1, db->db->arg2);
-        return 0;
-    }
-
-    if (db->attributes.unique_subject
-        && !TXT_DB_create_index(db->db, DB_name, index_name_qual,
-                                LHASH_HASH_FN(index_name),
-                                LHASH_COMP_FN(index_name))) {
-        BIO_printf(bio_err, "error creating name index:(%ld,%ld,%ld)\n",
-                   db->db->error, db->db->arg1, db->db->arg2);
-        return 0;
-    }
-    return 1;
-}
-
-int save_index(const char *dbfile, const char *suffix, CA_DB *db)
-{
-    char buf[3][BSIZE];
-    BIO *out = BIO_new(BIO_s_file());
-    int j;
-
-    if (out == NULL) {
-        ERR_print_errors(bio_err);
-        goto err;
-    }
-
-    j = strlen(dbfile) + strlen(suffix);
-    if (j + 6 >= BSIZE) {
-        BIO_printf(bio_err, "file name too long\n");
-        goto err;
-    }
-#ifndef OPENSSL_SYS_VMS
-    j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
-#else
-    j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
-#endif
-#ifndef OPENSSL_SYS_VMS
-    j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
-#else
-    j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
-    j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
-#else
-    j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
-#endif
-#ifdef RL_DEBUG
-    BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
-#endif
-    if (BIO_write_filename(out, buf[0]) <= 0) {
-        perror(dbfile);
-        BIO_printf(bio_err, "unable to open '%s'\n", dbfile);
-        goto err;
-    }
-    j = TXT_DB_write(out, db->db);
-    if (j <= 0)
-        goto err;
-
-    BIO_free(out);
-
-    out = BIO_new(BIO_s_file());
-#ifdef RL_DEBUG
-    BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[1]);
-#endif
-    if (BIO_write_filename(out, buf[1]) <= 0) {
-        perror(buf[2]);
-        BIO_printf(bio_err, "unable to open '%s'\n", buf[2]);
-        goto err;
-    }
-    BIO_printf(out, "unique_subject = %s\n",
-               db->attributes.unique_subject ? "yes" : "no");
-    BIO_free(out);
-
-    return 1;
- err:
-    return 0;
-}
-
-int rotate_index(const char *dbfile, const char *new_suffix,
-                 const char *old_suffix)
-{
-    char buf[5][BSIZE];
-    int i, j;
-
-    i = strlen(dbfile) + strlen(old_suffix);
-    j = strlen(dbfile) + strlen(new_suffix);
-    if (i > j)
-        j = i;
-    if (j + 6 >= BSIZE) {
-        BIO_printf(bio_err, "file name too long\n");
-        goto err;
-    }
-#ifndef OPENSSL_SYS_VMS
-    j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
-#else
-    j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
-#endif
-#ifndef OPENSSL_SYS_VMS
-    j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s", dbfile, new_suffix);
-#else
-    j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s", dbfile, new_suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
-    j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, new_suffix);
-#else
-    j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, new_suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
-    j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", dbfile, old_suffix);
-#else
-    j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", dbfile, old_suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
-    j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", dbfile, old_suffix);
-#else
-    j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s", dbfile, old_suffix);
-#endif
-#ifdef RL_DEBUG
-    BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", dbfile, buf[1]);
-#endif
-    if (rename(dbfile, buf[1]) < 0 && errno != ENOENT
-#ifdef ENOTDIR
-        && errno != ENOTDIR
-#endif
-        ) {
-        BIO_printf(bio_err, "unable to rename %s to %s\n", dbfile, buf[1]);
-        perror("reason");
-        goto err;
-    }
-#ifdef RL_DEBUG
-    BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[0], dbfile);
-#endif
-    if (rename(buf[0], dbfile) < 0) {
-        BIO_printf(bio_err, "unable to rename %s to %s\n", buf[0], dbfile);
-        perror("reason");
-        rename(buf[1], dbfile);
-        goto err;
-    }
-#ifdef RL_DEBUG
-    BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[4], buf[3]);
-#endif
-    if (rename(buf[4], buf[3]) < 0 && errno != ENOENT
-#ifdef ENOTDIR
-        && errno != ENOTDIR
-#endif
-        ) {
-        BIO_printf(bio_err, "unable to rename %s to %s\n", buf[4], buf[3]);
-        perror("reason");
-        rename(dbfile, buf[0]);
-        rename(buf[1], dbfile);
-        goto err;
-    }
-#ifdef RL_DEBUG
-    BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[2], buf[4]);
-#endif
-    if (rename(buf[2], buf[4]) < 0) {
-        BIO_printf(bio_err, "unable to rename %s to %s\n", buf[2], buf[4]);
-        perror("reason");
-        rename(buf[3], buf[4]);
-        rename(dbfile, buf[0]);
-        rename(buf[1], dbfile);
-        goto err;
-    }
-    return 1;
- err:
-    return 0;
-}
-
-void free_index(CA_DB *db)
-{
-    if (db) {
-        if (db->db)
-            TXT_DB_free(db->db);
-        OPENSSL_free(db);
-    }
-}
-
-int parse_yesno(const char *str, int def)
-{
-    int ret = def;
-    if (str) {
-        switch (*str) {
-        case 'f':              /* false */
-        case 'F':              /* FALSE */
-        case 'n':              /* no */
-        case 'N':              /* NO */
-        case '0':              /* 0 */
-            ret = 0;
-            break;
-        case 't':              /* true */
-        case 'T':              /* TRUE */
-        case 'y':              /* yes */
-        case 'Y':              /* YES */
-        case '1':              /* 1 */
-            ret = 1;
-            break;
-        default:
-            ret = def;
-            break;
-        }
-    }
-    return ret;
-}
-
-/*
- * subject is expected to be in the format /type0=value0/type1=value1/type2=...
- * where characters may be escaped by \
- */
-X509_NAME *parse_name(char *subject, long chtype, int multirdn)
-{
-    size_t buflen = strlen(subject) + 1; /* to copy the types and values
-                                          * into. due to escaping, the copy
-                                          * can only become shorter */
-    char *buf = OPENSSL_malloc(buflen);
-    size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */
-    char **ne_types = OPENSSL_malloc(max_ne * sizeof(char *));
-    char **ne_values = OPENSSL_malloc(max_ne * sizeof(char *));
-    int *mval = OPENSSL_malloc(max_ne * sizeof(int));
-
-    char *sp = subject, *bp = buf;
-    int i, ne_num = 0;
-
-    X509_NAME *n = NULL;
-    int nid;
-
-    if (!buf || !ne_types || !ne_values || !mval) {
-        BIO_printf(bio_err, "malloc error\n");
-        goto error;
-    }
-
-    if (*subject != '/') {
-        BIO_printf(bio_err, "Subject does not start with '/'.\n");
-        goto error;
-    }
-    sp++;                       /* skip leading / */
-
-    /* no multivalued RDN by default */
-    mval[ne_num] = 0;
-
-    while (*sp) {
-        /* collect type */
-        ne_types[ne_num] = bp;
-        while (*sp) {
-            if (*sp == '\\') {  /* is there anything to escape in the
-                                 * type...? */
-                if (*++sp)
-                    *bp++ = *sp++;
-                else {
-                    BIO_printf(bio_err,
-                               "escape character at end of string\n");
-                    goto error;
-                }
-            } else if (*sp == '=') {
-                sp++;
-                *bp++ = '\0';
-                break;
-            } else
-                *bp++ = *sp++;
-        }
-        if (!*sp) {
-            BIO_printf(bio_err,
-                       "end of string encountered while processing type of subject name element #%d\n",
-                       ne_num);
-            goto error;
-        }
-        ne_values[ne_num] = bp;
-        while (*sp) {
-            if (*sp == '\\') {
-                if (*++sp)
-                    *bp++ = *sp++;
-                else {
-                    BIO_printf(bio_err,
-                               "escape character at end of string\n");
-                    goto error;
-                }
-            } else if (*sp == '/') {
-                sp++;
-                /* no multivalued RDN by default */
-                mval[ne_num + 1] = 0;
-                break;
-            } else if (*sp == '+' && multirdn) {
-                /*
-                 * a not escaped + signals a mutlivalued RDN
-                 */
-                sp++;
-                mval[ne_num + 1] = -1;
-                break;
-            } else
-                *bp++ = *sp++;
-        }
-        *bp++ = '\0';
-        ne_num++;
-    }
-
-    if (!(n = X509_NAME_new()))
-        goto error;
-
-    for (i = 0; i < ne_num; i++) {
-        if ((nid = OBJ_txt2nid(ne_types[i])) == NID_undef) {
-            BIO_printf(bio_err,
-                       "Subject Attribute %s has no known NID, skipped\n",
-                       ne_types[i]);
-            continue;
-        }
-
-        if (!*ne_values[i]) {
-            BIO_printf(bio_err,
-                       "No value provided for Subject Attribute %s, skipped\n",
-                       ne_types[i]);
-            continue;
-        }
-
-        if (!X509_NAME_add_entry_by_NID
-            (n, nid, chtype, (unsigned char *)ne_values[i], -1, -1, mval[i]))
-            goto error;
-    }
-
-    OPENSSL_free(ne_values);
-    OPENSSL_free(ne_types);
-    OPENSSL_free(buf);
-    OPENSSL_free(mval);
-    return n;
-
- error:
-    X509_NAME_free(n);
-    if (ne_values)
-        OPENSSL_free(ne_values);
-    if (ne_types)
-        OPENSSL_free(ne_types);
-    if (mval)
-        OPENSSL_free(mval);
-    if (buf)
-        OPENSSL_free(buf);
-    return NULL;
-}
-
-int args_verify(char ***pargs, int *pargc,
-                int *badarg, BIO *err, X509_VERIFY_PARAM **pm)
-{
-    ASN1_OBJECT *otmp = NULL;
-    unsigned long flags = 0;
-    int i;
-    int purpose = 0, depth = -1;
-    char **oldargs = *pargs;
-    char *arg = **pargs, *argn = (*pargs)[1];
-    time_t at_time = 0;
-    if (!strcmp(arg, "-policy")) {
-        if (!argn)
-            *badarg = 1;
-        else {
-            otmp = OBJ_txt2obj(argn, 0);
-            if (!otmp) {
-                BIO_printf(err, "Invalid Policy \"%s\"\n", argn);
-                *badarg = 1;
-            }
-        }
-        (*pargs)++;
-    } else if (strcmp(arg, "-purpose") == 0) {
-        X509_PURPOSE *xptmp;
-        if (!argn)
-            *badarg = 1;
-        else {
-            i = X509_PURPOSE_get_by_sname(argn);
-            if (i < 0) {
-                BIO_printf(err, "unrecognized purpose\n");
-                *badarg = 1;
-            } else {
-                xptmp = X509_PURPOSE_get0(i);
-                purpose = X509_PURPOSE_get_id(xptmp);
-            }
-        }
-        (*pargs)++;
-    } else if (strcmp(arg, "-verify_depth") == 0) {
-        if (!argn)
-            *badarg = 1;
-        else {
-            depth = atoi(argn);
-            if (depth < 0) {
-                BIO_printf(err, "invalid depth\n");
-                *badarg = 1;
-            }
-        }
-        (*pargs)++;
-    } else if (strcmp(arg, "-attime") == 0) {
-        if (!argn)
-            *badarg = 1;
-        else {
-            long timestamp;
-            /*
-             * interpret the -attime argument as seconds since Epoch
-             */
-            if (sscanf(argn, "%li", &timestamp) != 1) {
-                BIO_printf(bio_err, "Error parsing timestamp %s\n", argn);
-                *badarg = 1;
-            }
-            /* on some platforms time_t may be a float */
-            at_time = (time_t)timestamp;
-        }
-        (*pargs)++;
-    } else if (!strcmp(arg, "-ignore_critical"))
-        flags |= X509_V_FLAG_IGNORE_CRITICAL;
-    else if (!strcmp(arg, "-issuer_checks"))
-        flags |= X509_V_FLAG_CB_ISSUER_CHECK;
-    else if (!strcmp(arg, "-crl_check"))
-        flags |= X509_V_FLAG_CRL_CHECK;
-    else if (!strcmp(arg, "-crl_check_all"))
-        flags |= X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL;
-    else if (!strcmp(arg, "-policy_check"))
-        flags |= X509_V_FLAG_POLICY_CHECK;
-    else if (!strcmp(arg, "-explicit_policy"))
-        flags |= X509_V_FLAG_EXPLICIT_POLICY;
-    else if (!strcmp(arg, "-inhibit_any"))
-        flags |= X509_V_FLAG_INHIBIT_ANY;
-    else if (!strcmp(arg, "-inhibit_map"))
-        flags |= X509_V_FLAG_INHIBIT_MAP;
-    else if (!strcmp(arg, "-x509_strict"))
-        flags |= X509_V_FLAG_X509_STRICT;
-    else if (!strcmp(arg, "-extended_crl"))
-        flags |= X509_V_FLAG_EXTENDED_CRL_SUPPORT;
-    else if (!strcmp(arg, "-use_deltas"))
-        flags |= X509_V_FLAG_USE_DELTAS;
-    else if (!strcmp(arg, "-policy_print"))
-        flags |= X509_V_FLAG_NOTIFY_POLICY;
-    else if (!strcmp(arg, "-check_ss_sig"))
-        flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
-    else if (!strcmp(arg, "-no_alt_chains"))
-        flags |= X509_V_FLAG_NO_ALT_CHAINS;
-    else
-        return 0;
-
-    if (*badarg) {
-        if (*pm)
-            X509_VERIFY_PARAM_free(*pm);
-        *pm = NULL;
-        goto end;
-    }
-
-    if (!*pm && !(*pm = X509_VERIFY_PARAM_new())) {
-        *badarg = 1;
-        goto end;
-    }
-
-    if (otmp)
-        X509_VERIFY_PARAM_add0_policy(*pm, otmp);
-    if (flags)
-        X509_VERIFY_PARAM_set_flags(*pm, flags);
-
-    if (purpose)
-        X509_VERIFY_PARAM_set_purpose(*pm, purpose);
-
-    if (depth >= 0)
-        X509_VERIFY_PARAM_set_depth(*pm, depth);
-
-    if (at_time)
-        X509_VERIFY_PARAM_set_time(*pm, at_time);
-
- end:
-
-    (*pargs)++;
-
-    if (pargc)
-        *pargc -= *pargs - oldargs;
-
-    return 1;
-
-}
-
-/*
- * Read whole contents of a BIO into an allocated memory buffer and return
- * it.
- */
-
-int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
-{
-    BIO *mem;
-    int len, ret;
-    unsigned char tbuf[1024];
-    mem = BIO_new(BIO_s_mem());
-    if (!mem)
-        return -1;
-    for (;;) {
-        if ((maxlen != -1) && maxlen < 1024)
-            len = maxlen;
-        else
-            len = 1024;
-        len = BIO_read(in, tbuf, len);
-        if (len <= 0)
-            break;
-        if (BIO_write(mem, tbuf, len) != len) {
-            BIO_free(mem);
-            return -1;
-        }
-        maxlen -= len;
-
-        if (maxlen == 0)
-            break;
-    }
-    ret = BIO_get_mem_data(mem, (char **)out);
-    BIO_set_flags(mem, BIO_FLAGS_MEM_RDONLY);
-    BIO_free(mem);
-    return ret;
-}
-
-int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value)
-{
-    int rv;
-    char *stmp, *vtmp = NULL;
-    stmp = BUF_strdup(value);
-    if (!stmp)
-        return -1;
-    vtmp = strchr(stmp, ':');
-    if (vtmp) {
-        *vtmp = 0;
-        vtmp++;
-    }
-    rv = EVP_PKEY_CTX_ctrl_str(ctx, stmp, vtmp);
-    OPENSSL_free(stmp);
-    return rv;
-}
-
-static void nodes_print(BIO *out, const char *name,
-                        STACK_OF(X509_POLICY_NODE) *nodes)
-{
-    X509_POLICY_NODE *node;
-    int i;
-    BIO_printf(out, "%s Policies:", name);
-    if (nodes) {
-        BIO_puts(out, "\n");
-        for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++) {
-            node = sk_X509_POLICY_NODE_value(nodes, i);
-            X509_POLICY_NODE_print(out, node, 2);
-        }
-    } else
-        BIO_puts(out, " <empty>\n");
-}
-
-void policies_print(BIO *out, X509_STORE_CTX *ctx)
-{
-    X509_POLICY_TREE *tree;
-    int explicit_policy;
-    int free_out = 0;
-    if (out == NULL) {
-        out = BIO_new_fp(stderr, BIO_NOCLOSE);
-        free_out = 1;
-    }
-    tree = X509_STORE_CTX_get0_policy_tree(ctx);
-    explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);
-
-    BIO_printf(out, "Require explicit Policy: %s\n",
-               explicit_policy ? "True" : "False");
-
-    nodes_print(out, "Authority", X509_policy_tree_get0_policies(tree));
-    nodes_print(out, "User", X509_policy_tree_get0_user_policies(tree));
-    if (free_out)
-        BIO_free(out);
-}
-
-#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
-
-static JPAKE_CTX *jpake_init(const char *us, const char *them,
-                             const char *secret)
-{
-    BIGNUM *p = NULL;
-    BIGNUM *g = NULL;
-    BIGNUM *q = NULL;
-    BIGNUM *bnsecret = BN_new();
-    JPAKE_CTX *ctx;
-
-    /* Use a safe prime for p (that we found earlier) */
-    BN_hex2bn(&p,
-              "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F");
-    g = BN_new();
-    BN_set_word(g, 2);
-    q = BN_new();
-    BN_rshift1(q, p);
-
-    BN_bin2bn((const unsigned char *)secret, strlen(secret), bnsecret);
-
-    ctx = JPAKE_CTX_new(us, them, p, g, q, bnsecret);
-    BN_free(bnsecret);
-    BN_free(q);
-    BN_free(g);
-    BN_free(p);
-
-    return ctx;
-}
-
-static void jpake_send_part(BIO *conn, const JPAKE_STEP_PART *p)
-{
-    BN_print(conn, p->gx);
-    BIO_puts(conn, "\n");
-    BN_print(conn, p->zkpx.gr);
-    BIO_puts(conn, "\n");
-    BN_print(conn, p->zkpx.b);
-    BIO_puts(conn, "\n");
-}
-
-static void jpake_send_step1(BIO *bconn, JPAKE_CTX *ctx)
-{
-    JPAKE_STEP1 s1;
-
-    JPAKE_STEP1_init(&s1);
-    JPAKE_STEP1_generate(&s1, ctx);
-    jpake_send_part(bconn, &s1.p1);
-    jpake_send_part(bconn, &s1.p2);
-    (void)BIO_flush(bconn);
-    JPAKE_STEP1_release(&s1);
-}
-
-static void jpake_send_step2(BIO *bconn, JPAKE_CTX *ctx)
-{
-    JPAKE_STEP2 s2;
-
-    JPAKE_STEP2_init(&s2);
-    JPAKE_STEP2_generate(&s2, ctx);
-    jpake_send_part(bconn, &s2);
-    (void)BIO_flush(bconn);
-    JPAKE_STEP2_release(&s2);
-}
-
-static void jpake_send_step3a(BIO *bconn, JPAKE_CTX *ctx)
-{
-    JPAKE_STEP3A s3a;
-
-    JPAKE_STEP3A_init(&s3a);
-    JPAKE_STEP3A_generate(&s3a, ctx);
-    BIO_write(bconn, s3a.hhk, sizeof s3a.hhk);
-    (void)BIO_flush(bconn);
-    JPAKE_STEP3A_release(&s3a);
-}
-
-static void jpake_send_step3b(BIO *bconn, JPAKE_CTX *ctx)
-{
-    JPAKE_STEP3B s3b;
-
-    JPAKE_STEP3B_init(&s3b);
-    JPAKE_STEP3B_generate(&s3b, ctx);
-    BIO_write(bconn, s3b.hk, sizeof s3b.hk);
-    (void)BIO_flush(bconn);
-    JPAKE_STEP3B_release(&s3b);
-}
-
-static void readbn(BIGNUM **bn, BIO *bconn)
-{
-    char buf[10240];
-    int l;
-
-    l = BIO_gets(bconn, buf, sizeof buf);
-    assert(l > 0);
-    assert(buf[l - 1] == '\n');
-    buf[l - 1] = '\0';
-    BN_hex2bn(bn, buf);
-}
-
-static void jpake_receive_part(JPAKE_STEP_PART *p, BIO *bconn)
-{
-    readbn(&p->gx, bconn);
-    readbn(&p->zkpx.gr, bconn);
-    readbn(&p->zkpx.b, bconn);
-}
-
-static void jpake_receive_step1(JPAKE_CTX *ctx, BIO *bconn)
-{
-    JPAKE_STEP1 s1;
-
-    JPAKE_STEP1_init(&s1);
-    jpake_receive_part(&s1.p1, bconn);
-    jpake_receive_part(&s1.p2, bconn);
-    if (!JPAKE_STEP1_process(ctx, &s1)) {
-        ERR_print_errors(bio_err);
-        exit(1);
-    }
-    JPAKE_STEP1_release(&s1);
-}
-
-static void jpake_receive_step2(JPAKE_CTX *ctx, BIO *bconn)
-{
-    JPAKE_STEP2 s2;
-
-    JPAKE_STEP2_init(&s2);
-    jpake_receive_part(&s2, bconn);
-    if (!JPAKE_STEP2_process(ctx, &s2)) {
-        ERR_print_errors(bio_err);
-        exit(1);
-    }
-    JPAKE_STEP2_release(&s2);
-}
-
-static void jpake_receive_step3a(JPAKE_CTX *ctx, BIO *bconn)
-{
-    JPAKE_STEP3A s3a;
-    int l;
-
-    JPAKE_STEP3A_init(&s3a);
-    l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk);
-    assert(l == sizeof s3a.hhk);
-    if (!JPAKE_STEP3A_process(ctx, &s3a)) {
-        ERR_print_errors(bio_err);
-        exit(1);
-    }
-    JPAKE_STEP3A_release(&s3a);
-}
-
-static void jpake_receive_step3b(JPAKE_CTX *ctx, BIO *bconn)
-{
-    JPAKE_STEP3B s3b;
-    int l;
-
-    JPAKE_STEP3B_init(&s3b);
-    l = BIO_read(bconn, s3b.hk, sizeof s3b.hk);
-    assert(l == sizeof s3b.hk);
-    if (!JPAKE_STEP3B_process(ctx, &s3b)) {
-        ERR_print_errors(bio_err);
-        exit(1);
-    }
-    JPAKE_STEP3B_release(&s3b);
-}
-
-void jpake_client_auth(BIO *out, BIO *conn, const char *secret)
-{
-    JPAKE_CTX *ctx;
-    BIO *bconn;
-
-    BIO_puts(out, "Authenticating with JPAKE\n");
-
-    ctx = jpake_init("client", "server", secret);
-
-    bconn = BIO_new(BIO_f_buffer());
-    BIO_push(bconn, conn);
-
-    jpake_send_step1(bconn, ctx);
-    jpake_receive_step1(ctx, bconn);
-    jpake_send_step2(bconn, ctx);
-    jpake_receive_step2(ctx, bconn);
-    jpake_send_step3a(bconn, ctx);
-    jpake_receive_step3b(ctx, bconn);
-
-    BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
-
-    psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
-
-    BIO_pop(bconn);
-    BIO_free(bconn);
-
-    JPAKE_CTX_free(ctx);
-}
-
-void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
-{
-    JPAKE_CTX *ctx;
-    BIO *bconn;
-
-    BIO_puts(out, "Authenticating with JPAKE\n");
-
-    ctx = jpake_init("server", "client", secret);
-
-    bconn = BIO_new(BIO_f_buffer());
-    BIO_push(bconn, conn);
-
-    jpake_receive_step1(ctx, bconn);
-    jpake_send_step1(bconn, ctx);
-    jpake_receive_step2(ctx, bconn);
-    jpake_send_step2(bconn, ctx);
-    jpake_receive_step3a(ctx, bconn);
-    jpake_send_step3b(bconn, ctx);
-
-    BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
-
-    psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
-
-    BIO_pop(bconn);
-    BIO_free(bconn);
-
-    JPAKE_CTX_free(ctx);
-}
-
-#endif
-
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
-/*-
- * next_protos_parse parses a comma separated list of strings into a string
- * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
- *   outlen: (output) set to the length of the resulting buffer on success.
- *   err: (maybe NULL) on failure, an error message line is written to this BIO.
- *   in: a NUL termianted string like "abc,def,ghi"
- *
- *   returns: a malloced buffer or NULL on failure.
- */
-unsigned char *next_protos_parse(unsigned short *outlen, const char *in)
-{
-    size_t len;
-    unsigned char *out;
-    size_t i, start = 0;
-
-    len = strlen(in);
-    if (len >= 65535)
-        return NULL;
-
-    out = OPENSSL_malloc(strlen(in) + 1);
-    if (!out)
-        return NULL;
-
-    for (i = 0; i <= len; ++i) {
-        if (i == len || in[i] == ',') {
-            if (i - start > 255) {
-                OPENSSL_free(out);
-                return NULL;
-            }
-            out[start] = i - start;
-            start = i + 1;
-        } else
-            out[i + 1] = in[i];
-    }
-
-    *outlen = len + 1;
-    return out;
-}
-#endif                          /* !OPENSSL_NO_TLSEXT &&
-                                 * !OPENSSL_NO_NEXTPROTONEG */
-
-/*
- * Platform-specific sections
- */
-#if defined(_WIN32)
-# ifdef fileno
-#  undef fileno
-#  define fileno(a) (int)_fileno(a)
-# endif
-
-# include <windows.h>
-# include <tchar.h>
-
-static int WIN32_rename(const char *from, const char *to)
-{
-    TCHAR *tfrom = NULL, *tto;
-    DWORD err;
-    int ret = 0;
-
-    if (sizeof(TCHAR) == 1) {
-        tfrom = (TCHAR *)from;
-        tto = (TCHAR *)to;
-    } else {                    /* UNICODE path */
-
-        size_t i, flen = strlen(from) + 1, tlen = strlen(to) + 1;
-        tfrom = (TCHAR *)malloc(sizeof(TCHAR) * (flen + tlen));
-        if (tfrom == NULL)
-            goto err;
-        tto = tfrom + flen;
-# if !defined(_WIN32_WCE) || _WIN32_WCE>=101
-        if (!MultiByteToWideChar(CP_ACP, 0, from, flen, (WCHAR *)tfrom, flen))
-# endif
-            for (i = 0; i < flen; i++)
-                tfrom[i] = (TCHAR)from[i];
-# if !defined(_WIN32_WCE) || _WIN32_WCE>=101
-        if (!MultiByteToWideChar(CP_ACP, 0, to, tlen, (WCHAR *)tto, tlen))
-# endif
-            for (i = 0; i < tlen; i++)
-                tto[i] = (TCHAR)to[i];
-    }
-
-    if (MoveFile(tfrom, tto))
-        goto ok;
-    err = GetLastError();
-    if (err == ERROR_ALREADY_EXISTS || err == ERROR_FILE_EXISTS) {
-        if (DeleteFile(tto) && MoveFile(tfrom, tto))
-            goto ok;
-        err = GetLastError();
-    }
-    if (err == ERROR_FILE_NOT_FOUND || err == ERROR_PATH_NOT_FOUND)
-        errno = ENOENT;
-    else if (err == ERROR_ACCESS_DENIED)
-        errno = EACCES;
-    else
-        errno = EINVAL;         /* we could map more codes... */
- err:
-    ret = -1;
- ok:
-    if (tfrom != NULL && tfrom != (TCHAR *)from)
-        free(tfrom);
-    return ret;
-}
-#endif
-
-/* app_tminterval section */
-#if defined(_WIN32)
-double app_tminterval(int stop, int usertime)
-{
-    FILETIME now;
-    double ret = 0;
-    static ULARGE_INTEGER tmstart;
-    static int warning = 1;
-# ifdef _WIN32_WINNT
-    static HANDLE proc = NULL;
-
-    if (proc == NULL) {
-        if (check_winnt())
-            proc = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE,
-                               GetCurrentProcessId());
-        if (proc == NULL)
-            proc = (HANDLE) - 1;
-    }
-
-    if (usertime && proc != (HANDLE) - 1) {
-        FILETIME junk;
-        GetProcessTimes(proc, &junk, &junk, &junk, &now);
-    } else
-# endif
-    {
-        SYSTEMTIME systime;
-
-        if (usertime && warning) {
-            BIO_printf(bio_err, "To get meaningful results, run "
-                       "this program on idle system.\n");
-            warning = 0;
-        }
-        GetSystemTime(&systime);
-        SystemTimeToFileTime(&systime, &now);
-    }
-
-    if (stop == TM_START) {
-        tmstart.u.LowPart = now.dwLowDateTime;
-        tmstart.u.HighPart = now.dwHighDateTime;
-    } else {
-        ULARGE_INTEGER tmstop;
-
-        tmstop.u.LowPart = now.dwLowDateTime;
-        tmstop.u.HighPart = now.dwHighDateTime;
-
-        ret = (__int64)(tmstop.QuadPart - tmstart.QuadPart) * 1e-7;
-    }
-
-    return (ret);
-}
-
-#elif defined(OPENSSL_SYS_NETWARE)
-# include <time.h>
-
-double app_tminterval(int stop, int usertime)
-{
-    double ret = 0;
-    static clock_t tmstart;
-    static int warning = 1;
-
-    if (usertime && warning) {
-        BIO_printf(bio_err, "To get meaningful results, run "
-                   "this program on idle system.\n");
-        warning = 0;
-    }
-
-    if (stop == TM_START)
-        tmstart = clock();
-    else
-        ret = (clock() - tmstart) / (double)CLOCKS_PER_SEC;
-
-    return (ret);
-}
-
-#elif defined(OPENSSL_SYSTEM_VXWORKS)
-# include <time.h>
-
-double app_tminterval(int stop, int usertime)
-{
-    double ret = 0;
-# ifdef CLOCK_REALTIME
-    static struct timespec tmstart;
-    struct timespec now;
-# else
-    static unsigned long tmstart;
-    unsigned long now;
-# endif
-    static int warning = 1;
-
-    if (usertime && warning) {
-        BIO_printf(bio_err, "To get meaningful results, run "
-                   "this program on idle system.\n");
-        warning = 0;
-    }
-# ifdef CLOCK_REALTIME
-    clock_gettime(CLOCK_REALTIME, &now);
-    if (stop == TM_START)
-        tmstart = now;
-    else
-        ret = ((now.tv_sec + now.tv_nsec * 1e-9)
-               - (tmstart.tv_sec + tmstart.tv_nsec * 1e-9));
-# else
-    now = tickGet();
-    if (stop == TM_START)
-        tmstart = now;
-    else
-        ret = (now - tmstart) / (double)sysClkRateGet();
-# endif
-    return (ret);
-}
-
-#elif defined(OPENSSL_SYSTEM_VMS)
-# include <time.h>
-# include <times.h>
-
-double app_tminterval(int stop, int usertime)
-{
-    static clock_t tmstart;
-    double ret = 0;
-    clock_t now;
-# ifdef __TMS
-    struct tms rus;
-
-    now = times(&rus);
-    if (usertime)
-        now = rus.tms_utime;
-# else
-    if (usertime)
-        now = clock();          /* sum of user and kernel times */
-    else {
-        struct timeval tv;
-        gettimeofday(&tv, NULL);
-        now = (clock_t)((unsigned long long)tv.tv_sec * CLK_TCK +
-                        (unsigned long long)tv.tv_usec * (1000000 / CLK_TCK)
-            );
-    }
-# endif
-    if (stop == TM_START)
-        tmstart = now;
-    else
-        ret = (now - tmstart) / (double)(CLK_TCK);
-
-    return (ret);
-}
-
-#elif defined(_SC_CLK_TCK)      /* by means of unistd.h */
-# include <sys/times.h>
-
-double app_tminterval(int stop, int usertime)
-{
-    double ret = 0;
-    struct tms rus;
-    clock_t now = times(&rus);
-    static clock_t tmstart;
-
-    if (usertime)
-        now = rus.tms_utime;
-
-    if (stop == TM_START)
-        tmstart = now;
-    else {
-        long int tck = sysconf(_SC_CLK_TCK);
-        ret = (now - tmstart) / (double)tck;
-    }
-
-    return (ret);
-}
-
-#else
-# include <sys/time.h>
-# include <sys/resource.h>
-
-double app_tminterval(int stop, int usertime)
-{
-    double ret = 0;
-    struct rusage rus;
-    struct timeval now;
-    static struct timeval tmstart;
-
-    if (usertime)
-        getrusage(RUSAGE_SELF, &rus), now = rus.ru_utime;
-    else
-        gettimeofday(&now, NULL);
-
-    if (stop == TM_START)
-        tmstart = now;
-    else
-        ret = ((now.tv_sec + now.tv_usec * 1e-6)
-               - (tmstart.tv_sec + tmstart.tv_usec * 1e-6));
-
-    return ret;
-}
-#endif
-
-/* app_isdir section */
-#ifdef _WIN32
-int app_isdir(const char *name)
-{
-    HANDLE hList;
-    WIN32_FIND_DATA FileData;
-# if defined(UNICODE) || defined(_UNICODE)
-    size_t i, len_0 = strlen(name) + 1;
-
-    if (len_0 > sizeof(FileData.cFileName) / sizeof(FileData.cFileName[0]))
-        return -1;
-
-#  if !defined(_WIN32_WCE) || _WIN32_WCE>=101
-    if (!MultiByteToWideChar
-        (CP_ACP, 0, name, len_0, FileData.cFileName, len_0))
-#  endif
-        for (i = 0; i < len_0; i++)
-            FileData.cFileName[i] = (WCHAR)name[i];
-
-    hList = FindFirstFile(FileData.cFileName, &FileData);
-# else
-    hList = FindFirstFile(name, &FileData);
-# endif
-    if (hList == INVALID_HANDLE_VALUE)
-        return -1;
-    FindClose(hList);
-    return ((FileData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) != 0);
-}
-#else
-# include <sys/stat.h>
-# ifndef S_ISDIR
-#  if defined(_S_IFMT) && defined(_S_IFDIR)
-#   define S_ISDIR(a)   (((a) & _S_IFMT) == _S_IFDIR)
-#  else
-#   define S_ISDIR(a)   (((a) & S_IFMT) == S_IFDIR)
-#  endif
-# endif
-
-int app_isdir(const char *name)
-{
-# if defined(S_ISDIR)
-    struct stat st;
-
-    if (stat(name, &st) == 0)
-        return S_ISDIR(st.st_mode);
-    else
-        return -1;
-# else
-    return -1;
-# endif
-}
-#endif
-
-/* raw_read|write section */
-#if defined(_WIN32) && defined(STD_INPUT_HANDLE)
-int raw_read_stdin(void *buf, int siz)
-{
-    DWORD n;
-    if (ReadFile(GetStdHandle(STD_INPUT_HANDLE), buf, siz, &n, NULL))
-        return (n);
-    else
-        return (-1);
-}
-#else
-int raw_read_stdin(void *buf, int siz)
-{
-    return read(fileno(stdin), buf, siz);
-}
-#endif
-
-#if defined(_WIN32) && defined(STD_OUTPUT_HANDLE)
-int raw_write_stdout(const void *buf, int siz)
-{
-    DWORD n;
-    if (WriteFile(GetStdHandle(STD_OUTPUT_HANDLE), buf, siz, &n, NULL))
-        return (n);
-    else
-        return (-1);
-}
-#else
-int raw_write_stdout(const void *buf, int siz)
-{
-    return write(fileno(stdout), buf, siz);
-}
-#endif

Copied: vendor-crypto/openssl/1.0.1u/apps/apps.c (from rev 11605, vendor-crypto/openssl/dist/apps/apps.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/apps/apps.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/apps/apps.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,2980 @@
+/* apps/apps.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
+/*
+ * On VMS, you need to define this to get the declaration of fileno().  The
+ * value 2 is to make sure no function defined in POSIX-2 is left undefined.
+ */
+# define _POSIX_C_SOURCE 2
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <ctype.h>
+#include <errno.h>
+#include <assert.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs12.h>
+#include <openssl/ui.h>
+#include <openssl/safestack.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_JPAKE
+# include <openssl/jpake.h>
+#endif
+
+#define NON_MAIN
+#include "apps.h"
+#undef NON_MAIN
+
+#ifdef _WIN32
+static int WIN32_rename(const char *from, const char *to);
+# define rename(from,to) WIN32_rename((from),(to))
+#endif
+
+typedef struct {
+    const char *name;
+    unsigned long flag;
+    unsigned long mask;
+} NAME_EX_TBL;
+
+static UI_METHOD *ui_method = NULL;
+
+static int set_table_opts(unsigned long *flags, const char *arg,
+                          const NAME_EX_TBL * in_tbl);
+static int set_multi_opts(unsigned long *flags, const char *arg,
+                          const NAME_EX_TBL * in_tbl);
+
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
+/* Looks like this stuff is worth moving into separate function */
+static EVP_PKEY *load_netscape_key(BIO *err, BIO *key, const char *file,
+                                   const char *key_descrip, int format);
+#endif
+
+int app_init(long mesgwin);
+#ifdef undef                    /* never finished - probably never will be
+                                 * :-) */
+int args_from_file(char *file, int *argc, char **argv[])
+{
+    FILE *fp;
+    int num, i;
+    unsigned int len;
+    static char *buf = NULL;
+    static char **arg = NULL;
+    char *p;
+
+    fp = fopen(file, "r");
+    if (fp == NULL)
+        return (0);
+
+    if (fseek(fp, 0, SEEK_END) == 0)
+        len = ftell(fp), rewind(fp);
+    else
+        len = -1;
+    if (len <= 0) {
+        fclose(fp);
+        return (0);
+    }
+
+    *argc = 0;
+    *argv = NULL;
+
+    if (buf != NULL)
+        OPENSSL_free(buf);
+    buf = (char *)OPENSSL_malloc(len + 1);
+    if (buf == NULL)
+        return (0);
+
+    len = fread(buf, 1, len, fp);
+    if (len <= 1)
+        return (0);
+    buf[len] = '\0';
+
+    i = 0;
+    for (p = buf; *p; p++)
+        if (*p == '\n')
+            i++;
+    if (arg != NULL)
+        OPENSSL_free(arg);
+    arg = (char **)OPENSSL_malloc(sizeof(char *) * (i * 2));
+
+    *argv = arg;
+    num = 0;
+    p = buf;
+    for (;;) {
+        if (!*p)
+            break;
+        if (*p == '#') {        /* comment line */
+            while (*p && (*p != '\n'))
+                p++;
+            continue;
+        }
+        /* else we have a line */
+        *(arg++) = p;
+        num++;
+        while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n')))
+            p++;
+        if (!*p)
+            break;
+        if (*p == '\n') {
+            *(p++) = '\0';
+            continue;
+        }
+        /* else it is a tab or space */
+        p++;
+        while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
+            p++;
+        if (!*p)
+            break;
+        if (*p == '\n') {
+            p++;
+            continue;
+        }
+        *(arg++) = p++;
+        num++;
+        while (*p && (*p != '\n'))
+            p++;
+        if (!*p)
+            break;
+        /* else *p == '\n' */
+        *(p++) = '\0';
+    }
+    *argc = num;
+    return (1);
+}
+#endif
+
+int str2fmt(char *s)
+{
+    if (s == NULL)
+        return FORMAT_UNDEF;
+    if ((*s == 'D') || (*s == 'd'))
+        return (FORMAT_ASN1);
+    else if ((*s == 'T') || (*s == 't'))
+        return (FORMAT_TEXT);
+    else if ((*s == 'N') || (*s == 'n'))
+        return (FORMAT_NETSCAPE);
+    else if ((*s == 'S') || (*s == 's'))
+        return (FORMAT_SMIME);
+    else if ((*s == 'M') || (*s == 'm'))
+        return (FORMAT_MSBLOB);
+    else if ((*s == '1')
+             || (strcmp(s, "PKCS12") == 0) || (strcmp(s, "pkcs12") == 0)
+             || (strcmp(s, "P12") == 0) || (strcmp(s, "p12") == 0))
+        return (FORMAT_PKCS12);
+    else if ((*s == 'E') || (*s == 'e'))
+        return (FORMAT_ENGINE);
+    else if ((*s == 'P') || (*s == 'p')) {
+        if (s[1] == 'V' || s[1] == 'v')
+            return FORMAT_PVK;
+        else
+            return (FORMAT_PEM);
+    } else
+        return (FORMAT_UNDEF);
+}
+
+#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_NETWARE)
+void program_name(char *in, char *out, int size)
+{
+    int i, n;
+    char *p = NULL;
+
+    n = strlen(in);
+    /* find the last '/', '\' or ':' */
+    for (i = n - 1; i > 0; i--) {
+        if ((in[i] == '/') || (in[i] == '\\') || (in[i] == ':')) {
+            p = &(in[i + 1]);
+            break;
+        }
+    }
+    if (p == NULL)
+        p = in;
+    n = strlen(p);
+
+# if defined(OPENSSL_SYS_NETWARE)
+    /* strip off trailing .nlm if present. */
+    if ((n > 4) && (p[n - 4] == '.') &&
+        ((p[n - 3] == 'n') || (p[n - 3] == 'N')) &&
+        ((p[n - 2] == 'l') || (p[n - 2] == 'L')) &&
+        ((p[n - 1] == 'm') || (p[n - 1] == 'M')))
+        n -= 4;
+# else
+    /* strip off trailing .exe if present. */
+    if ((n > 4) && (p[n - 4] == '.') &&
+        ((p[n - 3] == 'e') || (p[n - 3] == 'E')) &&
+        ((p[n - 2] == 'x') || (p[n - 2] == 'X')) &&
+        ((p[n - 1] == 'e') || (p[n - 1] == 'E')))
+        n -= 4;
+# endif
+
+    if (n > size - 1)
+        n = size - 1;
+
+    for (i = 0; i < n; i++) {
+        if ((p[i] >= 'A') && (p[i] <= 'Z'))
+            out[i] = p[i] - 'A' + 'a';
+        else
+            out[i] = p[i];
+    }
+    out[n] = '\0';
+}
+#else
+# ifdef OPENSSL_SYS_VMS
+void program_name(char *in, char *out, int size)
+{
+    char *p = in, *q;
+    char *chars = ":]>";
+
+    while (*chars != '\0') {
+        q = strrchr(p, *chars);
+        if (q > p)
+            p = q + 1;
+        chars++;
+    }
+
+    q = strrchr(p, '.');
+    if (q == NULL)
+        q = p + strlen(p);
+    strncpy(out, p, size - 1);
+    if (q - p >= size) {
+        out[size - 1] = '\0';
+    } else {
+        out[q - p] = '\0';
+    }
+}
+# else
+void program_name(char *in, char *out, int size)
+{
+    char *p;
+
+    p = strrchr(in, '/');
+    if (p != NULL)
+        p++;
+    else
+        p = in;
+    BUF_strlcpy(out, p, size);
+}
+# endif
+#endif
+
+int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
+{
+    int num, i;
+    char *p;
+
+    *argc = 0;
+    *argv = NULL;
+
+    i = 0;
+    if (arg->count == 0) {
+        arg->count = 20;
+        arg->data = (char **)OPENSSL_malloc(sizeof(char *) * arg->count);
+        if (arg->data == NULL)
+            return 0;
+    }
+    for (i = 0; i < arg->count; i++)
+        arg->data[i] = NULL;
+
+    num = 0;
+    p = buf;
+    for (;;) {
+        /* first scan over white space */
+        if (!*p)
+            break;
+        while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
+            p++;
+        if (!*p)
+            break;
+
+        /* The start of something good :-) */
+        if (num >= arg->count) {
+            char **tmp_p;
+            int tlen = arg->count + 20;
+            tmp_p = (char **)OPENSSL_realloc(arg->data,
+                                             sizeof(char *) * tlen);
+            if (tmp_p == NULL)
+                return 0;
+            arg->data = tmp_p;
+            arg->count = tlen;
+            /* initialize newly allocated data */
+            for (i = num; i < arg->count; i++)
+                arg->data[i] = NULL;
+        }
+        arg->data[num++] = p;
+
+        /* now look for the end of this */
+        if ((*p == '\'') || (*p == '\"')) { /* scan for closing quote */
+            i = *(p++);
+            arg->data[num - 1]++; /* jump over quote */
+            while (*p && (*p != i))
+                p++;
+            *p = '\0';
+        } else {
+            while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n')))
+                p++;
+
+            if (*p == '\0')
+                p--;
+            else
+                *p = '\0';
+        }
+        p++;
+    }
+    *argc = num;
+    *argv = arg->data;
+    return (1);
+}
+
+#ifndef APP_INIT
+int app_init(long mesgwin)
+{
+    return (1);
+}
+#endif
+
+int dump_cert_text(BIO *out, X509 *x)
+{
+    char *p;
+
+    p = X509_NAME_oneline(X509_get_subject_name(x), NULL, 0);
+    BIO_puts(out, "subject=");
+    BIO_puts(out, p);
+    OPENSSL_free(p);
+
+    p = X509_NAME_oneline(X509_get_issuer_name(x), NULL, 0);
+    BIO_puts(out, "\nissuer=");
+    BIO_puts(out, p);
+    BIO_puts(out, "\n");
+    OPENSSL_free(p);
+
+    return 0;
+}
+
+static int ui_open(UI *ui)
+{
+    return UI_method_get_opener(UI_OpenSSL())(ui);
+}
+
+static int ui_read(UI *ui, UI_STRING *uis)
+{
+    if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
+        && UI_get0_user_data(ui)) {
+        switch (UI_get_string_type(uis)) {
+        case UIT_PROMPT:
+        case UIT_VERIFY:
+            {
+                const char *password =
+                    ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
+                if (password && password[0] != '\0') {
+                    UI_set_result(ui, uis, password);
+                    return 1;
+                }
+            }
+        default:
+            break;
+        }
+    }
+    return UI_method_get_reader(UI_OpenSSL())(ui, uis);
+}
+
+static int ui_write(UI *ui, UI_STRING *uis)
+{
+    if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
+        && UI_get0_user_data(ui)) {
+        switch (UI_get_string_type(uis)) {
+        case UIT_PROMPT:
+        case UIT_VERIFY:
+            {
+                const char *password =
+                    ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
+                if (password && password[0] != '\0')
+                    return 1;
+            }
+        default:
+            break;
+        }
+    }
+    return UI_method_get_writer(UI_OpenSSL())(ui, uis);
+}
+
+static int ui_close(UI *ui)
+{
+    return UI_method_get_closer(UI_OpenSSL())(ui);
+}
+
+int setup_ui_method(void)
+{
+    ui_method = UI_create_method("OpenSSL application user interface");
+    UI_method_set_opener(ui_method, ui_open);
+    UI_method_set_reader(ui_method, ui_read);
+    UI_method_set_writer(ui_method, ui_write);
+    UI_method_set_closer(ui_method, ui_close);
+    return 0;
+}
+
+void destroy_ui_method(void)
+{
+    if (ui_method) {
+        UI_destroy_method(ui_method);
+        ui_method = NULL;
+    }
+}
+
+int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
+{
+    UI *ui = NULL;
+    int res = 0;
+    const char *prompt_info = NULL;
+    const char *password = NULL;
+    PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;
+
+    if (cb_data) {
+        if (cb_data->password)
+            password = cb_data->password;
+        if (cb_data->prompt_info)
+            prompt_info = cb_data->prompt_info;
+    }
+
+    if (password) {
+        res = strlen(password);
+        if (res > bufsiz)
+            res = bufsiz;
+        memcpy(buf, password, res);
+        return res;
+    }
+
+    ui = UI_new_method(ui_method);
+    if (ui) {
+        int ok = 0;
+        char *buff = NULL;
+        int ui_flags = 0;
+        char *prompt = NULL;
+
+        prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
+        if (!prompt) {
+            BIO_printf(bio_err, "Out of memory\n");
+            UI_free(ui);
+            return 0;
+        }
+
+        ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
+        UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
+
+        if (ok >= 0)
+            ok = UI_add_input_string(ui, prompt, ui_flags, buf,
+                                     PW_MIN_LENGTH, bufsiz - 1);
+        if (ok >= 0 && verify) {
+            buff = (char *)OPENSSL_malloc(bufsiz);
+            if (!buff) {
+                BIO_printf(bio_err, "Out of memory\n");
+                UI_free(ui);
+                OPENSSL_free(prompt);
+                return 0;
+            }
+            ok = UI_add_verify_string(ui, prompt, ui_flags, buff,
+                                      PW_MIN_LENGTH, bufsiz - 1, buf);
+        }
+        if (ok >= 0)
+            do {
+                ok = UI_process(ui);
+            }
+            while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
+
+        if (buff) {
+            OPENSSL_cleanse(buff, (unsigned int)bufsiz);
+            OPENSSL_free(buff);
+        }
+
+        if (ok >= 0)
+            res = strlen(buf);
+        if (ok == -1) {
+            BIO_printf(bio_err, "User interface error\n");
+            ERR_print_errors(bio_err);
+            OPENSSL_cleanse(buf, (unsigned int)bufsiz);
+            res = 0;
+        }
+        if (ok == -2) {
+            BIO_printf(bio_err, "aborted!\n");
+            OPENSSL_cleanse(buf, (unsigned int)bufsiz);
+            res = 0;
+        }
+        UI_free(ui);
+        OPENSSL_free(prompt);
+    }
+    return res;
+}
+
+static char *app_get_pass(BIO *err, char *arg, int keepbio);
+
+int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2)
+{
+    int same;
+    if (!arg2 || !arg1 || strcmp(arg1, arg2))
+        same = 0;
+    else
+        same = 1;
+    if (arg1) {
+        *pass1 = app_get_pass(err, arg1, same);
+        if (!*pass1)
+            return 0;
+    } else if (pass1)
+        *pass1 = NULL;
+    if (arg2) {
+        *pass2 = app_get_pass(err, arg2, same ? 2 : 0);
+        if (!*pass2)
+            return 0;
+    } else if (pass2)
+        *pass2 = NULL;
+    return 1;
+}
+
+static char *app_get_pass(BIO *err, char *arg, int keepbio)
+{
+    char *tmp, tpass[APP_PASS_LEN];
+    static BIO *pwdbio = NULL;
+    int i;
+    if (!strncmp(arg, "pass:", 5))
+        return BUF_strdup(arg + 5);
+    if (!strncmp(arg, "env:", 4)) {
+        tmp = getenv(arg + 4);
+        if (!tmp) {
+            BIO_printf(err, "Can't read environment variable %s\n", arg + 4);
+            return NULL;
+        }
+        return BUF_strdup(tmp);
+    }
+    if (!keepbio || !pwdbio) {
+        if (!strncmp(arg, "file:", 5)) {
+            pwdbio = BIO_new_file(arg + 5, "r");
+            if (!pwdbio) {
+                BIO_printf(err, "Can't open file %s\n", arg + 5);
+                return NULL;
+            }
+#if !defined(_WIN32)
+            /*
+             * Under _WIN32, which covers even Win64 and CE, file
+             * descriptors referenced by BIO_s_fd are not inherited
+             * by child process and therefore below is not an option.
+             * It could have been an option if bss_fd.c was operating
+             * on real Windows descriptors, such as those obtained
+             * with CreateFile.
+             */
+        } else if (!strncmp(arg, "fd:", 3)) {
+            BIO *btmp;
+            i = atoi(arg + 3);
+            if (i >= 0)
+                pwdbio = BIO_new_fd(i, BIO_NOCLOSE);
+            if ((i < 0) || !pwdbio) {
+                BIO_printf(err, "Can't access file descriptor %s\n", arg + 3);
+                return NULL;
+            }
+            /*
+             * Can't do BIO_gets on an fd BIO so add a buffering BIO
+             */
+            btmp = BIO_new(BIO_f_buffer());
+            pwdbio = BIO_push(btmp, pwdbio);
+#endif
+        } else if (!strcmp(arg, "stdin")) {
+            pwdbio = BIO_new_fp(stdin, BIO_NOCLOSE);
+            if (!pwdbio) {
+                BIO_printf(err, "Can't open BIO for stdin\n");
+                return NULL;
+            }
+        } else {
+            BIO_printf(err, "Invalid password argument \"%s\"\n", arg);
+            return NULL;
+        }
+    }
+    i = BIO_gets(pwdbio, tpass, APP_PASS_LEN);
+    if (keepbio != 1) {
+        BIO_free_all(pwdbio);
+        pwdbio = NULL;
+    }
+    if (i <= 0) {
+        BIO_printf(err, "Error reading password from BIO\n");
+        return NULL;
+    }
+    tmp = strchr(tpass, '\n');
+    if (tmp)
+        *tmp = 0;
+    return BUF_strdup(tpass);
+}
+
+int add_oid_section(BIO *err, CONF *conf)
+{
+    char *p;
+    STACK_OF(CONF_VALUE) *sktmp;
+    CONF_VALUE *cnf;
+    int i;
+    if (!(p = NCONF_get_string(conf, NULL, "oid_section"))) {
+        ERR_clear_error();
+        return 1;
+    }
+    if (!(sktmp = NCONF_get_section(conf, p))) {
+        BIO_printf(err, "problem loading oid section %s\n", p);
+        return 0;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
+        cnf = sk_CONF_VALUE_value(sktmp, i);
+        if (OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
+            BIO_printf(err, "problem creating object %s=%s\n",
+                       cnf->name, cnf->value);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+static int load_pkcs12(BIO *err, BIO *in, const char *desc,
+                       pem_password_cb *pem_cb, void *cb_data,
+                       EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
+{
+    const char *pass;
+    char tpass[PEM_BUFSIZE];
+    int len, ret = 0;
+    PKCS12 *p12;
+    p12 = d2i_PKCS12_bio(in, NULL);
+    if (p12 == NULL) {
+        BIO_printf(err, "Error loading PKCS12 file for %s\n", desc);
+        goto die;
+    }
+    /* See if an empty password will do */
+    if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0))
+        pass = "";
+    else {
+        if (!pem_cb)
+            pem_cb = (pem_password_cb *)password_callback;
+        len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data);
+        if (len < 0) {
+            BIO_printf(err, "Passpharse callback error for %s\n", desc);
+            goto die;
+        }
+        if (len < PEM_BUFSIZE)
+            tpass[len] = 0;
+        if (!PKCS12_verify_mac(p12, tpass, len)) {
+            BIO_printf(err,
+                       "Mac verify error (wrong password?) in PKCS12 file for %s\n",
+                       desc);
+            goto die;
+        }
+        pass = tpass;
+    }
+    ret = PKCS12_parse(p12, pass, pkey, cert, ca);
+ die:
+    if (p12)
+        PKCS12_free(p12);
+    return ret;
+}
+
+X509 *load_cert(BIO *err, const char *file, int format,
+                const char *pass, ENGINE *e, const char *cert_descrip)
+{
+    X509 *x = NULL;
+    BIO *cert;
+
+    if ((cert = BIO_new(BIO_s_file())) == NULL) {
+        ERR_print_errors(err);
+        goto end;
+    }
+
+    if (file == NULL) {
+#ifdef _IONBF
+# ifndef OPENSSL_NO_SETVBUF_IONBF
+        setvbuf(stdin, NULL, _IONBF, 0);
+# endif                         /* ndef OPENSSL_NO_SETVBUF_IONBF */
+#endif
+        BIO_set_fp(cert, stdin, BIO_NOCLOSE);
+    } else {
+        if (BIO_read_filename(cert, file) <= 0) {
+            BIO_printf(err, "Error opening %s %s\n", cert_descrip, file);
+            ERR_print_errors(err);
+            goto end;
+        }
+    }
+
+    if (format == FORMAT_ASN1)
+        x = d2i_X509_bio(cert, NULL);
+    else if (format == FORMAT_NETSCAPE) {
+        NETSCAPE_X509 *nx;
+        nx = ASN1_item_d2i_bio(ASN1_ITEM_rptr(NETSCAPE_X509), cert, NULL);
+        if (nx == NULL)
+            goto end;
+
+        if ((strncmp(NETSCAPE_CERT_HDR, (char *)nx->header->data,
+                     nx->header->length) != 0)) {
+            NETSCAPE_X509_free(nx);
+            BIO_printf(err, "Error reading header on certificate\n");
+            goto end;
+        }
+        x = nx->cert;
+        nx->cert = NULL;
+        NETSCAPE_X509_free(nx);
+    } else if (format == FORMAT_PEM)
+        x = PEM_read_bio_X509_AUX(cert, NULL,
+                                  (pem_password_cb *)password_callback, NULL);
+    else if (format == FORMAT_PKCS12) {
+        if (!load_pkcs12(err, cert, cert_descrip, NULL, NULL, NULL, &x, NULL))
+            goto end;
+    } else {
+        BIO_printf(err, "bad input format specified for %s\n", cert_descrip);
+        goto end;
+    }
+ end:
+    if (x == NULL) {
+        BIO_printf(err, "unable to load certificate\n");
+        ERR_print_errors(err);
+    }
+    if (cert != NULL)
+        BIO_free(cert);
+    return (x);
+}
+
+EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
+                   const char *pass, ENGINE *e, const char *key_descrip)
+{
+    BIO *key = NULL;
+    EVP_PKEY *pkey = NULL;
+    PW_CB_DATA cb_data;
+
+    cb_data.password = pass;
+    cb_data.prompt_info = file;
+
+    if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE)) {
+        BIO_printf(err, "no keyfile specified\n");
+        goto end;
+    }
+#ifndef OPENSSL_NO_ENGINE
+    if (format == FORMAT_ENGINE) {
+        if (!e)
+            BIO_printf(err, "no engine specified\n");
+        else {
+            pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data);
+            if (!pkey) {
+                BIO_printf(err, "cannot load %s from engine\n", key_descrip);
+                ERR_print_errors(err);
+            }
+        }
+        goto end;
+    }
+#endif
+    key = BIO_new(BIO_s_file());
+    if (key == NULL) {
+        ERR_print_errors(err);
+        goto end;
+    }
+    if (file == NULL && maybe_stdin) {
+#ifdef _IONBF
+# ifndef OPENSSL_NO_SETVBUF_IONBF
+        setvbuf(stdin, NULL, _IONBF, 0);
+# endif                         /* ndef OPENSSL_NO_SETVBUF_IONBF */
+#endif
+        BIO_set_fp(key, stdin, BIO_NOCLOSE);
+    } else if (BIO_read_filename(key, file) <= 0) {
+        BIO_printf(err, "Error opening %s %s\n", key_descrip, file);
+        ERR_print_errors(err);
+        goto end;
+    }
+    if (format == FORMAT_ASN1) {
+        pkey = d2i_PrivateKey_bio(key, NULL);
+    } else if (format == FORMAT_PEM) {
+        pkey = PEM_read_bio_PrivateKey(key, NULL,
+                                       (pem_password_cb *)password_callback,
+                                       &cb_data);
+    }
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
+    else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
+        pkey = load_netscape_key(err, key, file, key_descrip, format);
+#endif
+    else if (format == FORMAT_PKCS12) {
+        if (!load_pkcs12(err, key, key_descrip,
+                         (pem_password_cb *)password_callback, &cb_data,
+                         &pkey, NULL, NULL))
+            goto end;
+    }
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) && !defined (OPENSSL_NO_RC4)
+    else if (format == FORMAT_MSBLOB)
+        pkey = b2i_PrivateKey_bio(key);
+    else if (format == FORMAT_PVK)
+        pkey = b2i_PVK_bio(key, (pem_password_cb *)password_callback,
+                           &cb_data);
+#endif
+    else {
+        BIO_printf(err, "bad input format specified for key file\n");
+        goto end;
+    }
+ end:
+    if (key != NULL)
+        BIO_free(key);
+    if (pkey == NULL) {
+        BIO_printf(err, "unable to load %s\n", key_descrip);
+        ERR_print_errors(err);
+    }
+    return (pkey);
+}
+
+EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
+                      const char *pass, ENGINE *e, const char *key_descrip)
+{
+    BIO *key = NULL;
+    EVP_PKEY *pkey = NULL;
+    PW_CB_DATA cb_data;
+
+    cb_data.password = pass;
+    cb_data.prompt_info = file;
+
+    if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE)) {
+        BIO_printf(err, "no keyfile specified\n");
+        goto end;
+    }
+#ifndef OPENSSL_NO_ENGINE
+    if (format == FORMAT_ENGINE) {
+        if (!e)
+            BIO_printf(bio_err, "no engine specified\n");
+        else
+            pkey = ENGINE_load_public_key(e, file, ui_method, &cb_data);
+        goto end;
+    }
+#endif
+    key = BIO_new(BIO_s_file());
+    if (key == NULL) {
+        ERR_print_errors(err);
+        goto end;
+    }
+    if (file == NULL && maybe_stdin) {
+#ifdef _IONBF
+# ifndef OPENSSL_NO_SETVBUF_IONBF
+        setvbuf(stdin, NULL, _IONBF, 0);
+# endif                         /* ndef OPENSSL_NO_SETVBUF_IONBF */
+#endif
+        BIO_set_fp(key, stdin, BIO_NOCLOSE);
+    } else if (BIO_read_filename(key, file) <= 0) {
+        BIO_printf(err, "Error opening %s %s\n", key_descrip, file);
+        ERR_print_errors(err);
+        goto end;
+    }
+    if (format == FORMAT_ASN1) {
+        pkey = d2i_PUBKEY_bio(key, NULL);
+    }
+#ifndef OPENSSL_NO_RSA
+    else if (format == FORMAT_ASN1RSA) {
+        RSA *rsa;
+        rsa = d2i_RSAPublicKey_bio(key, NULL);
+        if (rsa) {
+            pkey = EVP_PKEY_new();
+            if (pkey)
+                EVP_PKEY_set1_RSA(pkey, rsa);
+            RSA_free(rsa);
+        } else
+            pkey = NULL;
+    } else if (format == FORMAT_PEMRSA) {
+        RSA *rsa;
+        rsa = PEM_read_bio_RSAPublicKey(key, NULL,
+                                        (pem_password_cb *)password_callback,
+                                        &cb_data);
+        if (rsa) {
+            pkey = EVP_PKEY_new();
+            if (pkey)
+                EVP_PKEY_set1_RSA(pkey, rsa);
+            RSA_free(rsa);
+        } else
+            pkey = NULL;
+    }
+#endif
+    else if (format == FORMAT_PEM) {
+        pkey = PEM_read_bio_PUBKEY(key, NULL,
+                                   (pem_password_cb *)password_callback,
+                                   &cb_data);
+    }
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
+    else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
+        pkey = load_netscape_key(err, key, file, key_descrip, format);
+#endif
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
+    else if (format == FORMAT_MSBLOB)
+        pkey = b2i_PublicKey_bio(key);
+#endif
+    else {
+        BIO_printf(err, "bad input format specified for key file\n");
+        goto end;
+    }
+ end:
+    if (key != NULL)
+        BIO_free(key);
+    if (pkey == NULL)
+        BIO_printf(err, "unable to load %s\n", key_descrip);
+    return (pkey);
+}
+
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
+static EVP_PKEY *load_netscape_key(BIO *err, BIO *key, const char *file,
+                                   const char *key_descrip, int format)
+{
+    EVP_PKEY *pkey;
+    BUF_MEM *buf;
+    RSA *rsa;
+    const unsigned char *p;
+    int size, i;
+
+    buf = BUF_MEM_new();
+    pkey = EVP_PKEY_new();
+    size = 0;
+    if (buf == NULL || pkey == NULL)
+        goto error;
+    for (;;) {
+        if (!BUF_MEM_grow_clean(buf, size + 1024 * 10))
+            goto error;
+        i = BIO_read(key, &(buf->data[size]), 1024 * 10);
+        size += i;
+        if (i == 0)
+            break;
+        if (i < 0) {
+            BIO_printf(err, "Error reading %s %s", key_descrip, file);
+            goto error;
+        }
+    }
+    p = (unsigned char *)buf->data;
+    rsa = d2i_RSA_NET(NULL, &p, (long)size, NULL,
+                      (format == FORMAT_IISSGC ? 1 : 0));
+    if (rsa == NULL)
+        goto error;
+    BUF_MEM_free(buf);
+    EVP_PKEY_set1_RSA(pkey, rsa);
+    return pkey;
+ error:
+    BUF_MEM_free(buf);
+    EVP_PKEY_free(pkey);
+    return NULL;
+}
+#endif                          /* ndef OPENSSL_NO_RC4 */
+
+static int load_certs_crls(BIO *err, const char *file, int format,
+                           const char *pass, ENGINE *e, const char *desc,
+                           STACK_OF(X509) **pcerts,
+                           STACK_OF(X509_CRL) **pcrls)
+{
+    int i;
+    BIO *bio;
+    STACK_OF(X509_INFO) *xis = NULL;
+    X509_INFO *xi;
+    PW_CB_DATA cb_data;
+    int rv = 0;
+
+    cb_data.password = pass;
+    cb_data.prompt_info = file;
+
+    if (format != FORMAT_PEM) {
+        BIO_printf(err, "bad input format specified for %s\n", desc);
+        return 0;
+    }
+
+    if (file == NULL)
+        bio = BIO_new_fp(stdin, BIO_NOCLOSE);
+    else
+        bio = BIO_new_file(file, "r");
+
+    if (bio == NULL) {
+        BIO_printf(err, "Error opening %s %s\n", desc, file ? file : "stdin");
+        ERR_print_errors(err);
+        return 0;
+    }
+
+    xis = PEM_X509_INFO_read_bio(bio, NULL,
+                                 (pem_password_cb *)password_callback,
+                                 &cb_data);
+
+    BIO_free(bio);
+
+    if (pcerts) {
+        *pcerts = sk_X509_new_null();
+        if (!*pcerts)
+            goto end;
+    }
+
+    if (pcrls) {
+        *pcrls = sk_X509_CRL_new_null();
+        if (!*pcrls)
+            goto end;
+    }
+
+    for (i = 0; i < sk_X509_INFO_num(xis); i++) {
+        xi = sk_X509_INFO_value(xis, i);
+        if (xi->x509 && pcerts) {
+            if (!sk_X509_push(*pcerts, xi->x509))
+                goto end;
+            xi->x509 = NULL;
+        }
+        if (xi->crl && pcrls) {
+            if (!sk_X509_CRL_push(*pcrls, xi->crl))
+                goto end;
+            xi->crl = NULL;
+        }
+    }
+
+    if (pcerts && sk_X509_num(*pcerts) > 0)
+        rv = 1;
+
+    if (pcrls && sk_X509_CRL_num(*pcrls) > 0)
+        rv = 1;
+
+ end:
+
+    if (xis)
+        sk_X509_INFO_pop_free(xis, X509_INFO_free);
+
+    if (rv == 0) {
+        if (pcerts) {
+            sk_X509_pop_free(*pcerts, X509_free);
+            *pcerts = NULL;
+        }
+        if (pcrls) {
+            sk_X509_CRL_pop_free(*pcrls, X509_CRL_free);
+            *pcrls = NULL;
+        }
+        BIO_printf(err, "unable to load %s\n",
+                   pcerts ? "certificates" : "CRLs");
+        ERR_print_errors(err);
+    }
+    return rv;
+}
+
+STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
+                           const char *pass, ENGINE *e, const char *desc)
+{
+    STACK_OF(X509) *certs;
+    if (!load_certs_crls(err, file, format, pass, e, desc, &certs, NULL))
+        return NULL;
+    return certs;
+}
+
+STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format,
+                              const char *pass, ENGINE *e, const char *desc)
+{
+    STACK_OF(X509_CRL) *crls;
+    if (!load_certs_crls(err, file, format, pass, e, desc, NULL, &crls))
+        return NULL;
+    return crls;
+}
+
+#define X509V3_EXT_UNKNOWN_MASK         (0xfL << 16)
+/* Return error for unknown extensions */
+#define X509V3_EXT_DEFAULT              0
+/* Print error for unknown extensions */
+#define X509V3_EXT_ERROR_UNKNOWN        (1L << 16)
+/* ASN1 parse unknown extensions */
+#define X509V3_EXT_PARSE_UNKNOWN        (2L << 16)
+/* BIO_dump unknown extensions */
+#define X509V3_EXT_DUMP_UNKNOWN         (3L << 16)
+
+#define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | \
+                         X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION)
+
+int set_cert_ex(unsigned long *flags, const char *arg)
+{
+    static const NAME_EX_TBL cert_tbl[] = {
+        {"compatible", X509_FLAG_COMPAT, 0xffffffffl},
+        {"ca_default", X509_FLAG_CA, 0xffffffffl},
+        {"no_header", X509_FLAG_NO_HEADER, 0},
+        {"no_version", X509_FLAG_NO_VERSION, 0},
+        {"no_serial", X509_FLAG_NO_SERIAL, 0},
+        {"no_signame", X509_FLAG_NO_SIGNAME, 0},
+        {"no_validity", X509_FLAG_NO_VALIDITY, 0},
+        {"no_subject", X509_FLAG_NO_SUBJECT, 0},
+        {"no_issuer", X509_FLAG_NO_ISSUER, 0},
+        {"no_pubkey", X509_FLAG_NO_PUBKEY, 0},
+        {"no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
+        {"no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
+        {"no_aux", X509_FLAG_NO_AUX, 0},
+        {"no_attributes", X509_FLAG_NO_ATTRIBUTES, 0},
+        {"ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
+        {"ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+        {"ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+        {"ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+        {NULL, 0, 0}
+    };
+    return set_multi_opts(flags, arg, cert_tbl);
+}
+
+int set_name_ex(unsigned long *flags, const char *arg)
+{
+    static const NAME_EX_TBL ex_tbl[] = {
+        {"esc_2253", ASN1_STRFLGS_ESC_2253, 0},
+        {"esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
+        {"esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
+        {"use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
+        {"utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
+        {"ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
+        {"show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
+        {"dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
+        {"dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
+        {"dump_der", ASN1_STRFLGS_DUMP_DER, 0},
+        {"compat", XN_FLAG_COMPAT, 0xffffffffL},
+        {"sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
+        {"sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
+        {"sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
+        {"sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
+        {"dn_rev", XN_FLAG_DN_REV, 0},
+        {"nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
+        {"sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
+        {"lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
+        {"align", XN_FLAG_FN_ALIGN, 0},
+        {"oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
+        {"space_eq", XN_FLAG_SPC_EQ, 0},
+        {"dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
+        {"RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
+        {"oneline", XN_FLAG_ONELINE, 0xffffffffL},
+        {"multiline", XN_FLAG_MULTILINE, 0xffffffffL},
+        {"ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
+        {NULL, 0, 0}
+    };
+    if (set_multi_opts(flags, arg, ex_tbl) == 0)
+        return 0;
+    if ((*flags & XN_FLAG_SEP_MASK) == 0)
+        *flags |= XN_FLAG_SEP_CPLUS_SPC;
+    return 1;
+}
+
+int set_ext_copy(int *copy_type, const char *arg)
+{
+    if (!strcasecmp(arg, "none"))
+        *copy_type = EXT_COPY_NONE;
+    else if (!strcasecmp(arg, "copy"))
+        *copy_type = EXT_COPY_ADD;
+    else if (!strcasecmp(arg, "copyall"))
+        *copy_type = EXT_COPY_ALL;
+    else
+        return 0;
+    return 1;
+}
+
+int copy_extensions(X509 *x, X509_REQ *req, int copy_type)
+{
+    STACK_OF(X509_EXTENSION) *exts = NULL;
+    X509_EXTENSION *ext, *tmpext;
+    ASN1_OBJECT *obj;
+    int i, idx, ret = 0;
+    if (!x || !req || (copy_type == EXT_COPY_NONE))
+        return 1;
+    exts = X509_REQ_get_extensions(req);
+
+    for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
+        ext = sk_X509_EXTENSION_value(exts, i);
+        obj = X509_EXTENSION_get_object(ext);
+        idx = X509_get_ext_by_OBJ(x, obj, -1);
+        /* Does extension exist? */
+        if (idx != -1) {
+            /* If normal copy don't override existing extension */
+            if (copy_type == EXT_COPY_ADD)
+                continue;
+            /* Delete all extensions of same type */
+            do {
+                tmpext = X509_get_ext(x, idx);
+                X509_delete_ext(x, idx);
+                X509_EXTENSION_free(tmpext);
+                idx = X509_get_ext_by_OBJ(x, obj, -1);
+            } while (idx != -1);
+        }
+        if (!X509_add_ext(x, ext, -1))
+            goto end;
+    }
+
+    ret = 1;
+
+ end:
+
+    sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+
+    return ret;
+}
+
+static int set_multi_opts(unsigned long *flags, const char *arg,
+                          const NAME_EX_TBL * in_tbl)
+{
+    STACK_OF(CONF_VALUE) *vals;
+    CONF_VALUE *val;
+    int i, ret = 1;
+    if (!arg)
+        return 0;
+    vals = X509V3_parse_list(arg);
+    for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
+        val = sk_CONF_VALUE_value(vals, i);
+        if (!set_table_opts(flags, val->name, in_tbl))
+            ret = 0;
+    }
+    sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
+    return ret;
+}
+
+static int set_table_opts(unsigned long *flags, const char *arg,
+                          const NAME_EX_TBL * in_tbl)
+{
+    char c;
+    const NAME_EX_TBL *ptbl;
+    c = arg[0];
+
+    if (c == '-') {
+        c = 0;
+        arg++;
+    } else if (c == '+') {
+        c = 1;
+        arg++;
+    } else
+        c = 1;
+
+    for (ptbl = in_tbl; ptbl->name; ptbl++) {
+        if (!strcasecmp(arg, ptbl->name)) {
+            *flags &= ~ptbl->mask;
+            if (c)
+                *flags |= ptbl->flag;
+            else
+                *flags &= ~ptbl->flag;
+            return 1;
+        }
+    }
+    return 0;
+}
+
+void print_name(BIO *out, const char *title, X509_NAME *nm,
+                unsigned long lflags)
+{
+    char *buf;
+    char mline = 0;
+    int indent = 0;
+
+    if (title)
+        BIO_puts(out, title);
+    if ((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+        mline = 1;
+        indent = 4;
+    }
+    if (lflags == XN_FLAG_COMPAT) {
+        buf = X509_NAME_oneline(nm, 0, 0);
+        BIO_puts(out, buf);
+        BIO_puts(out, "\n");
+        OPENSSL_free(buf);
+    } else {
+        if (mline)
+            BIO_puts(out, "\n");
+        X509_NAME_print_ex(out, nm, indent, lflags);
+        BIO_puts(out, "\n");
+    }
+}
+
+X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath)
+{
+    X509_STORE *store;
+    X509_LOOKUP *lookup;
+    if (!(store = X509_STORE_new()))
+        goto end;
+    lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
+    if (lookup == NULL)
+        goto end;
+    if (CAfile) {
+        if (!X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM)) {
+            BIO_printf(bp, "Error loading file %s\n", CAfile);
+            goto end;
+        }
+    } else
+        X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
+
+    lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
+    if (lookup == NULL)
+        goto end;
+    if (CApath) {
+        if (!X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM)) {
+            BIO_printf(bp, "Error loading directory %s\n", CApath);
+            goto end;
+        }
+    } else
+        X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
+
+    ERR_clear_error();
+    return store;
+ end:
+    X509_STORE_free(store);
+    return NULL;
+}
+
+#ifndef OPENSSL_NO_ENGINE
+/* Try to load an engine in a shareable library */
+static ENGINE *try_load_engine(BIO *err, const char *engine, int debug)
+{
+    ENGINE *e = ENGINE_by_id("dynamic");
+    if (e) {
+        if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)
+            || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)) {
+            ENGINE_free(e);
+            e = NULL;
+        }
+    }
+    return e;
+}
+
+ENGINE *setup_engine(BIO *err, const char *engine, int debug)
+{
+    ENGINE *e = NULL;
+
+    if (engine) {
+        if (strcmp(engine, "auto") == 0) {
+            BIO_printf(err, "enabling auto ENGINE support\n");
+            ENGINE_register_all_complete();
+            return NULL;
+        }
+        if ((e = ENGINE_by_id(engine)) == NULL
+            && (e = try_load_engine(err, engine, debug)) == NULL) {
+            BIO_printf(err, "invalid engine \"%s\"\n", engine);
+            ERR_print_errors(err);
+            return NULL;
+        }
+        if (debug) {
+            ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, 0, err, 0);
+        }
+        ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
+        if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
+            BIO_printf(err, "can't use that engine\n");
+            ERR_print_errors(err);
+            ENGINE_free(e);
+            return NULL;
+        }
+
+        BIO_printf(err, "engine \"%s\" set.\n", ENGINE_get_id(e));
+
+        /* Free our "structural" reference. */
+        ENGINE_free(e);
+    }
+    return e;
+}
+#endif
+
+int load_config(BIO *err, CONF *cnf)
+{
+    static int load_config_called = 0;
+    if (load_config_called)
+        return 1;
+    load_config_called = 1;
+    if (!cnf)
+        cnf = config;
+    if (!cnf)
+        return 1;
+
+    OPENSSL_load_builtin_modules();
+
+    if (CONF_modules_load(cnf, NULL, 0) <= 0) {
+        BIO_printf(err, "Error configuring OpenSSL\n");
+        ERR_print_errors(err);
+        return 0;
+    }
+    return 1;
+}
+
+char *make_config_name()
+{
+    const char *t = X509_get_default_cert_area();
+    size_t len;
+    char *p;
+
+    len = strlen(t) + strlen(OPENSSL_CONF) + 2;
+    p = OPENSSL_malloc(len);
+    if (p == NULL)
+        return NULL;
+    BUF_strlcpy(p, t, len);
+#ifndef OPENSSL_SYS_VMS
+    BUF_strlcat(p, "/", len);
+#endif
+    BUF_strlcat(p, OPENSSL_CONF, len);
+
+    return p;
+}
+
+static unsigned long index_serial_hash(const OPENSSL_CSTRING *a)
+{
+    const char *n;
+
+    n = a[DB_serial];
+    while (*n == '0')
+        n++;
+    return (lh_strhash(n));
+}
+
+static int index_serial_cmp(const OPENSSL_CSTRING *a,
+                            const OPENSSL_CSTRING *b)
+{
+    const char *aa, *bb;
+
+    for (aa = a[DB_serial]; *aa == '0'; aa++) ;
+    for (bb = b[DB_serial]; *bb == '0'; bb++) ;
+    return (strcmp(aa, bb));
+}
+
+static int index_name_qual(char **a)
+{
+    return (a[0][0] == 'V');
+}
+
+static unsigned long index_name_hash(const OPENSSL_CSTRING *a)
+{
+    return (lh_strhash(a[DB_name]));
+}
+
+int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
+{
+    return (strcmp(a[DB_name], b[DB_name]));
+}
+
+static IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING)
+static IMPLEMENT_LHASH_COMP_FN(index_serial, OPENSSL_CSTRING)
+static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING)
+static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING)
+#undef BSIZE
+#define BSIZE 256
+BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
+{
+    BIO *in = NULL;
+    BIGNUM *ret = NULL;
+    MS_STATIC char buf[1024];
+    ASN1_INTEGER *ai = NULL;
+
+    ai = ASN1_INTEGER_new();
+    if (ai == NULL)
+        goto err;
+
+    if ((in = BIO_new(BIO_s_file())) == NULL) {
+        ERR_print_errors(bio_err);
+        goto err;
+    }
+
+    if (BIO_read_filename(in, serialfile) <= 0) {
+        if (!create) {
+            perror(serialfile);
+            goto err;
+        } else {
+            ret = BN_new();
+            if (ret == NULL || !rand_serial(ret, ai))
+                BIO_printf(bio_err, "Out of memory\n");
+        }
+    } else {
+        if (!a2i_ASN1_INTEGER(in, ai, buf, 1024)) {
+            BIO_printf(bio_err, "unable to load number from %s\n",
+                       serialfile);
+            goto err;
+        }
+        ret = ASN1_INTEGER_to_BN(ai, NULL);
+        if (ret == NULL) {
+            BIO_printf(bio_err,
+                       "error converting number from bin to BIGNUM\n");
+            goto err;
+        }
+    }
+
+    if (ret && retai) {
+        *retai = ai;
+        ai = NULL;
+    }
+ err:
+    if (in != NULL)
+        BIO_free(in);
+    if (ai != NULL)
+        ASN1_INTEGER_free(ai);
+    return (ret);
+}
+
+int save_serial(char *serialfile, char *suffix, BIGNUM *serial,
+                ASN1_INTEGER **retai)
+{
+    char buf[1][BSIZE];
+    BIO *out = NULL;
+    int ret = 0;
+    ASN1_INTEGER *ai = NULL;
+    int j;
+
+    if (suffix == NULL)
+        j = strlen(serialfile);
+    else
+        j = strlen(serialfile) + strlen(suffix) + 1;
+    if (j >= BSIZE) {
+        BIO_printf(bio_err, "file name too long\n");
+        goto err;
+    }
+
+    if (suffix == NULL)
+        BUF_strlcpy(buf[0], serialfile, BSIZE);
+    else {
+#ifndef OPENSSL_SYS_VMS
+        j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);
+#else
+        j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
+#endif
+    }
+#ifdef RL_DEBUG
+    BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
+#endif
+    out = BIO_new(BIO_s_file());
+    if (out == NULL) {
+        ERR_print_errors(bio_err);
+        goto err;
+    }
+    if (BIO_write_filename(out, buf[0]) <= 0) {
+        perror(serialfile);
+        goto err;
+    }
+
+    if ((ai = BN_to_ASN1_INTEGER(serial, NULL)) == NULL) {
+        BIO_printf(bio_err, "error converting serial to ASN.1 format\n");
+        goto err;
+    }
+    i2a_ASN1_INTEGER(out, ai);
+    BIO_puts(out, "\n");
+    ret = 1;
+    if (retai) {
+        *retai = ai;
+        ai = NULL;
+    }
+ err:
+    if (out != NULL)
+        BIO_free_all(out);
+    if (ai != NULL)
+        ASN1_INTEGER_free(ai);
+    return (ret);
+}
+
+int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
+{
+    char buf[5][BSIZE];
+    int i, j;
+
+    i = strlen(serialfile) + strlen(old_suffix);
+    j = strlen(serialfile) + strlen(new_suffix);
+    if (i > j)
+        j = i;
+    if (j + 1 >= BSIZE) {
+        BIO_printf(bio_err, "file name too long\n");
+        goto err;
+    }
+#ifndef OPENSSL_SYS_VMS
+    j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, new_suffix);
+#else
+    j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, new_suffix);
+#endif
+#ifndef OPENSSL_SYS_VMS
+    j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", serialfile, old_suffix);
+#else
+    j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", serialfile, old_suffix);
+#endif
+#ifdef RL_DEBUG
+    BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
+               serialfile, buf[1]);
+#endif
+    if (rename(serialfile, buf[1]) < 0 && errno != ENOENT
+#ifdef ENOTDIR
+        && errno != ENOTDIR
+#endif
+        ) {
+        BIO_printf(bio_err,
+                   "unable to rename %s to %s\n", serialfile, buf[1]);
+        perror("reason");
+        goto err;
+    }
+#ifdef RL_DEBUG
+    BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
+               buf[0], serialfile);
+#endif
+    if (rename(buf[0], serialfile) < 0) {
+        BIO_printf(bio_err,
+                   "unable to rename %s to %s\n", buf[0], serialfile);
+        perror("reason");
+        rename(buf[1], serialfile);
+        goto err;
+    }
+    return 1;
+ err:
+    return 0;
+}
+
+int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)
+{
+    BIGNUM *btmp;
+    int ret = 0;
+    if (b)
+        btmp = b;
+    else
+        btmp = BN_new();
+
+    if (!btmp)
+        return 0;
+
+    if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0))
+        goto error;
+    if (ai && !BN_to_ASN1_INTEGER(btmp, ai))
+        goto error;
+
+    ret = 1;
+
+ error:
+
+    if (!b)
+        BN_free(btmp);
+
+    return ret;
+}
+
+CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
+{
+    CA_DB *retdb = NULL;
+    TXT_DB *tmpdb = NULL;
+    BIO *in = BIO_new(BIO_s_file());
+    CONF *dbattr_conf = NULL;
+    char buf[1][BSIZE];
+    long errorline = -1;
+
+    if (in == NULL) {
+        ERR_print_errors(bio_err);
+        goto err;
+    }
+    if (BIO_read_filename(in, dbfile) <= 0) {
+        perror(dbfile);
+        BIO_printf(bio_err, "unable to open '%s'\n", dbfile);
+        goto err;
+    }
+    if ((tmpdb = TXT_DB_read(in, DB_NUMBER)) == NULL)
+        goto err;
+
+#ifndef OPENSSL_SYS_VMS
+    BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile);
+#else
+    BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile);
+#endif
+    dbattr_conf = NCONF_new(NULL);
+    if (NCONF_load(dbattr_conf, buf[0], &errorline) <= 0) {
+        if (errorline > 0) {
+            BIO_printf(bio_err,
+                       "error on line %ld of db attribute file '%s'\n",
+                       errorline, buf[0]);
+            goto err;
+        } else {
+            NCONF_free(dbattr_conf);
+            dbattr_conf = NULL;
+        }
+    }
+
+    if ((retdb = OPENSSL_malloc(sizeof(CA_DB))) == NULL) {
+        fprintf(stderr, "Out of memory\n");
+        goto err;
+    }
+
+    retdb->db = tmpdb;
+    tmpdb = NULL;
+    if (db_attr)
+        retdb->attributes = *db_attr;
+    else {
+        retdb->attributes.unique_subject = 1;
+    }
+
+    if (dbattr_conf) {
+        char *p = NCONF_get_string(dbattr_conf, NULL, "unique_subject");
+        if (p) {
+#ifdef RL_DEBUG
+            BIO_printf(bio_err,
+                       "DEBUG[load_index]: unique_subject = \"%s\"\n", p);
+#endif
+            retdb->attributes.unique_subject = parse_yesno(p, 1);
+        }
+    }
+
+ err:
+    if (dbattr_conf)
+        NCONF_free(dbattr_conf);
+    if (tmpdb)
+        TXT_DB_free(tmpdb);
+    if (in)
+        BIO_free_all(in);
+    return retdb;
+}
+
+int index_index(CA_DB *db)
+{
+    if (!TXT_DB_create_index(db->db, DB_serial, NULL,
+                             LHASH_HASH_FN(index_serial),
+                             LHASH_COMP_FN(index_serial))) {
+        BIO_printf(bio_err,
+                   "error creating serial number index:(%ld,%ld,%ld)\n",
+                   db->db->error, db->db->arg1, db->db->arg2);
+        return 0;
+    }
+
+    if (db->attributes.unique_subject
+        && !TXT_DB_create_index(db->db, DB_name, index_name_qual,
+                                LHASH_HASH_FN(index_name),
+                                LHASH_COMP_FN(index_name))) {
+        BIO_printf(bio_err, "error creating name index:(%ld,%ld,%ld)\n",
+                   db->db->error, db->db->arg1, db->db->arg2);
+        return 0;
+    }
+    return 1;
+}
+
+int save_index(const char *dbfile, const char *suffix, CA_DB *db)
+{
+    char buf[3][BSIZE];
+    BIO *out = BIO_new(BIO_s_file());
+    int j;
+
+    if (out == NULL) {
+        ERR_print_errors(bio_err);
+        goto err;
+    }
+
+    j = strlen(dbfile) + strlen(suffix);
+    if (j + 6 >= BSIZE) {
+        BIO_printf(bio_err, "file name too long\n");
+        goto err;
+    }
+#ifndef OPENSSL_SYS_VMS
+    j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
+#else
+    j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
+#endif
+#ifndef OPENSSL_SYS_VMS
+    j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
+#else
+    j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
+#endif
+#ifndef OPENSSL_SYS_VMS
+    j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
+#else
+    j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
+#endif
+#ifdef RL_DEBUG
+    BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
+#endif
+    if (BIO_write_filename(out, buf[0]) <= 0) {
+        perror(dbfile);
+        BIO_printf(bio_err, "unable to open '%s'\n", dbfile);
+        goto err;
+    }
+    j = TXT_DB_write(out, db->db);
+    if (j <= 0)
+        goto err;
+
+    BIO_free(out);
+
+    out = BIO_new(BIO_s_file());
+#ifdef RL_DEBUG
+    BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[1]);
+#endif
+    if (BIO_write_filename(out, buf[1]) <= 0) {
+        perror(buf[2]);
+        BIO_printf(bio_err, "unable to open '%s'\n", buf[2]);
+        goto err;
+    }
+    BIO_printf(out, "unique_subject = %s\n",
+               db->attributes.unique_subject ? "yes" : "no");
+    BIO_free(out);
+
+    return 1;
+ err:
+    return 0;
+}
+
+int rotate_index(const char *dbfile, const char *new_suffix,
+                 const char *old_suffix)
+{
+    char buf[5][BSIZE];
+    int i, j;
+
+    i = strlen(dbfile) + strlen(old_suffix);
+    j = strlen(dbfile) + strlen(new_suffix);
+    if (i > j)
+        j = i;
+    if (j + 6 >= BSIZE) {
+        BIO_printf(bio_err, "file name too long\n");
+        goto err;
+    }
+#ifndef OPENSSL_SYS_VMS
+    j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
+#else
+    j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
+#endif
+#ifndef OPENSSL_SYS_VMS
+    j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s", dbfile, new_suffix);
+#else
+    j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s", dbfile, new_suffix);
+#endif
+#ifndef OPENSSL_SYS_VMS
+    j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, new_suffix);
+#else
+    j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, new_suffix);
+#endif
+#ifndef OPENSSL_SYS_VMS
+    j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", dbfile, old_suffix);
+#else
+    j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", dbfile, old_suffix);
+#endif
+#ifndef OPENSSL_SYS_VMS
+    j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", dbfile, old_suffix);
+#else
+    j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s", dbfile, old_suffix);
+#endif
+#ifdef RL_DEBUG
+    BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", dbfile, buf[1]);
+#endif
+    if (rename(dbfile, buf[1]) < 0 && errno != ENOENT
+#ifdef ENOTDIR
+        && errno != ENOTDIR
+#endif
+        ) {
+        BIO_printf(bio_err, "unable to rename %s to %s\n", dbfile, buf[1]);
+        perror("reason");
+        goto err;
+    }
+#ifdef RL_DEBUG
+    BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[0], dbfile);
+#endif
+    if (rename(buf[0], dbfile) < 0) {
+        BIO_printf(bio_err, "unable to rename %s to %s\n", buf[0], dbfile);
+        perror("reason");
+        rename(buf[1], dbfile);
+        goto err;
+    }
+#ifdef RL_DEBUG
+    BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[4], buf[3]);
+#endif
+    if (rename(buf[4], buf[3]) < 0 && errno != ENOENT
+#ifdef ENOTDIR
+        && errno != ENOTDIR
+#endif
+        ) {
+        BIO_printf(bio_err, "unable to rename %s to %s\n", buf[4], buf[3]);
+        perror("reason");
+        rename(dbfile, buf[0]);
+        rename(buf[1], dbfile);
+        goto err;
+    }
+#ifdef RL_DEBUG
+    BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[2], buf[4]);
+#endif
+    if (rename(buf[2], buf[4]) < 0) {
+        BIO_printf(bio_err, "unable to rename %s to %s\n", buf[2], buf[4]);
+        perror("reason");
+        rename(buf[3], buf[4]);
+        rename(dbfile, buf[0]);
+        rename(buf[1], dbfile);
+        goto err;
+    }
+    return 1;
+ err:
+    return 0;
+}
+
+void free_index(CA_DB *db)
+{
+    if (db) {
+        if (db->db)
+            TXT_DB_free(db->db);
+        OPENSSL_free(db);
+    }
+}
+
+int parse_yesno(const char *str, int def)
+{
+    int ret = def;
+    if (str) {
+        switch (*str) {
+        case 'f':              /* false */
+        case 'F':              /* FALSE */
+        case 'n':              /* no */
+        case 'N':              /* NO */
+        case '0':              /* 0 */
+            ret = 0;
+            break;
+        case 't':              /* true */
+        case 'T':              /* TRUE */
+        case 'y':              /* yes */
+        case 'Y':              /* YES */
+        case '1':              /* 1 */
+            ret = 1;
+            break;
+        default:
+            ret = def;
+            break;
+        }
+    }
+    return ret;
+}
+
+/*
+ * subject is expected to be in the format /type0=value0/type1=value1/type2=...
+ * where characters may be escaped by \
+ */
+X509_NAME *parse_name(char *subject, long chtype, int multirdn)
+{
+    size_t buflen = strlen(subject) + 1; /* to copy the types and values
+                                          * into. due to escaping, the copy
+                                          * can only become shorter */
+    char *buf = OPENSSL_malloc(buflen);
+    size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */
+    char **ne_types = OPENSSL_malloc(max_ne * sizeof(char *));
+    char **ne_values = OPENSSL_malloc(max_ne * sizeof(char *));
+    int *mval = OPENSSL_malloc(max_ne * sizeof(int));
+
+    char *sp = subject, *bp = buf;
+    int i, ne_num = 0;
+
+    X509_NAME *n = NULL;
+    int nid;
+
+    if (!buf || !ne_types || !ne_values || !mval) {
+        BIO_printf(bio_err, "malloc error\n");
+        goto error;
+    }
+
+    if (*subject != '/') {
+        BIO_printf(bio_err, "Subject does not start with '/'.\n");
+        goto error;
+    }
+    sp++;                       /* skip leading / */
+
+    /* no multivalued RDN by default */
+    mval[ne_num] = 0;
+
+    while (*sp) {
+        /* collect type */
+        ne_types[ne_num] = bp;
+        while (*sp) {
+            if (*sp == '\\') {  /* is there anything to escape in the
+                                 * type...? */
+                if (*++sp)
+                    *bp++ = *sp++;
+                else {
+                    BIO_printf(bio_err,
+                               "escape character at end of string\n");
+                    goto error;
+                }
+            } else if (*sp == '=') {
+                sp++;
+                *bp++ = '\0';
+                break;
+            } else
+                *bp++ = *sp++;
+        }
+        if (!*sp) {
+            BIO_printf(bio_err,
+                       "end of string encountered while processing type of subject name element #%d\n",
+                       ne_num);
+            goto error;
+        }
+        ne_values[ne_num] = bp;
+        while (*sp) {
+            if (*sp == '\\') {
+                if (*++sp)
+                    *bp++ = *sp++;
+                else {
+                    BIO_printf(bio_err,
+                               "escape character at end of string\n");
+                    goto error;
+                }
+            } else if (*sp == '/') {
+                sp++;
+                /* no multivalued RDN by default */
+                mval[ne_num + 1] = 0;
+                break;
+            } else if (*sp == '+' && multirdn) {
+                /*
+                 * a not escaped + signals a mutlivalued RDN
+                 */
+                sp++;
+                mval[ne_num + 1] = -1;
+                break;
+            } else
+                *bp++ = *sp++;
+        }
+        *bp++ = '\0';
+        ne_num++;
+    }
+
+    if (!(n = X509_NAME_new()))
+        goto error;
+
+    for (i = 0; i < ne_num; i++) {
+        if ((nid = OBJ_txt2nid(ne_types[i])) == NID_undef) {
+            BIO_printf(bio_err,
+                       "Subject Attribute %s has no known NID, skipped\n",
+                       ne_types[i]);
+            continue;
+        }
+
+        if (!*ne_values[i]) {
+            BIO_printf(bio_err,
+                       "No value provided for Subject Attribute %s, skipped\n",
+                       ne_types[i]);
+            continue;
+        }
+
+        if (!X509_NAME_add_entry_by_NID
+            (n, nid, chtype, (unsigned char *)ne_values[i], -1, -1, mval[i]))
+            goto error;
+    }
+
+    OPENSSL_free(ne_values);
+    OPENSSL_free(ne_types);
+    OPENSSL_free(buf);
+    OPENSSL_free(mval);
+    return n;
+
+ error:
+    X509_NAME_free(n);
+    if (ne_values)
+        OPENSSL_free(ne_values);
+    if (ne_types)
+        OPENSSL_free(ne_types);
+    if (mval)
+        OPENSSL_free(mval);
+    if (buf)
+        OPENSSL_free(buf);
+    return NULL;
+}
+
+int args_verify(char ***pargs, int *pargc,
+                int *badarg, BIO *err, X509_VERIFY_PARAM **pm)
+{
+    ASN1_OBJECT *otmp = NULL;
+    unsigned long flags = 0;
+    int i;
+    int purpose = 0, depth = -1;
+    char **oldargs = *pargs;
+    char *arg = **pargs, *argn = (*pargs)[1];
+    time_t at_time = 0;
+    if (!strcmp(arg, "-policy")) {
+        if (!argn)
+            *badarg = 1;
+        else {
+            otmp = OBJ_txt2obj(argn, 0);
+            if (!otmp) {
+                BIO_printf(err, "Invalid Policy \"%s\"\n", argn);
+                *badarg = 1;
+            }
+        }
+        (*pargs)++;
+    } else if (strcmp(arg, "-purpose") == 0) {
+        X509_PURPOSE *xptmp;
+        if (!argn)
+            *badarg = 1;
+        else {
+            i = X509_PURPOSE_get_by_sname(argn);
+            if (i < 0) {
+                BIO_printf(err, "unrecognized purpose\n");
+                *badarg = 1;
+            } else {
+                xptmp = X509_PURPOSE_get0(i);
+                purpose = X509_PURPOSE_get_id(xptmp);
+            }
+        }
+        (*pargs)++;
+    } else if (strcmp(arg, "-verify_depth") == 0) {
+        if (!argn)
+            *badarg = 1;
+        else {
+            depth = atoi(argn);
+            if (depth < 0) {
+                BIO_printf(err, "invalid depth\n");
+                *badarg = 1;
+            }
+        }
+        (*pargs)++;
+    } else if (strcmp(arg, "-attime") == 0) {
+        if (!argn)
+            *badarg = 1;
+        else {
+            long timestamp;
+            /*
+             * interpret the -attime argument as seconds since Epoch
+             */
+            if (sscanf(argn, "%li", &timestamp) != 1) {
+                BIO_printf(bio_err, "Error parsing timestamp %s\n", argn);
+                *badarg = 1;
+            }
+            /* on some platforms time_t may be a float */
+            at_time = (time_t)timestamp;
+        }
+        (*pargs)++;
+    } else if (!strcmp(arg, "-ignore_critical"))
+        flags |= X509_V_FLAG_IGNORE_CRITICAL;
+    else if (!strcmp(arg, "-issuer_checks"))
+        flags |= X509_V_FLAG_CB_ISSUER_CHECK;
+    else if (!strcmp(arg, "-crl_check"))
+        flags |= X509_V_FLAG_CRL_CHECK;
+    else if (!strcmp(arg, "-crl_check_all"))
+        flags |= X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL;
+    else if (!strcmp(arg, "-policy_check"))
+        flags |= X509_V_FLAG_POLICY_CHECK;
+    else if (!strcmp(arg, "-explicit_policy"))
+        flags |= X509_V_FLAG_EXPLICIT_POLICY;
+    else if (!strcmp(arg, "-inhibit_any"))
+        flags |= X509_V_FLAG_INHIBIT_ANY;
+    else if (!strcmp(arg, "-inhibit_map"))
+        flags |= X509_V_FLAG_INHIBIT_MAP;
+    else if (!strcmp(arg, "-x509_strict"))
+        flags |= X509_V_FLAG_X509_STRICT;
+    else if (!strcmp(arg, "-extended_crl"))
+        flags |= X509_V_FLAG_EXTENDED_CRL_SUPPORT;
+    else if (!strcmp(arg, "-use_deltas"))
+        flags |= X509_V_FLAG_USE_DELTAS;
+    else if (!strcmp(arg, "-policy_print"))
+        flags |= X509_V_FLAG_NOTIFY_POLICY;
+    else if (!strcmp(arg, "-check_ss_sig"))
+        flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
+    else if (!strcmp(arg, "-no_alt_chains"))
+        flags |= X509_V_FLAG_NO_ALT_CHAINS;
+    else if (!strcmp(arg, "-allow_proxy_certs"))
+        flags |= X509_V_FLAG_ALLOW_PROXY_CERTS;
+    else
+        return 0;
+
+    if (*badarg) {
+        if (*pm)
+            X509_VERIFY_PARAM_free(*pm);
+        *pm = NULL;
+        goto end;
+    }
+
+    if (!*pm && !(*pm = X509_VERIFY_PARAM_new())) {
+        *badarg = 1;
+        goto end;
+    }
+
+    if (otmp)
+        X509_VERIFY_PARAM_add0_policy(*pm, otmp);
+    if (flags)
+        X509_VERIFY_PARAM_set_flags(*pm, flags);
+
+    if (purpose)
+        X509_VERIFY_PARAM_set_purpose(*pm, purpose);
+
+    if (depth >= 0)
+        X509_VERIFY_PARAM_set_depth(*pm, depth);
+
+    if (at_time)
+        X509_VERIFY_PARAM_set_time(*pm, at_time);
+
+ end:
+
+    (*pargs)++;
+
+    if (pargc)
+        *pargc -= *pargs - oldargs;
+
+    return 1;
+
+}
+
+/*
+ * Read whole contents of a BIO into an allocated memory buffer and return
+ * it.
+ */
+
+int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
+{
+    BIO *mem;
+    int len, ret;
+    unsigned char tbuf[1024];
+    mem = BIO_new(BIO_s_mem());
+    if (!mem)
+        return -1;
+    for (;;) {
+        if ((maxlen != -1) && maxlen < 1024)
+            len = maxlen;
+        else
+            len = 1024;
+        len = BIO_read(in, tbuf, len);
+        if (len <= 0)
+            break;
+        if (BIO_write(mem, tbuf, len) != len) {
+            BIO_free(mem);
+            return -1;
+        }
+        maxlen -= len;
+
+        if (maxlen == 0)
+            break;
+    }
+    ret = BIO_get_mem_data(mem, (char **)out);
+    BIO_set_flags(mem, BIO_FLAGS_MEM_RDONLY);
+    BIO_free(mem);
+    return ret;
+}
+
+int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value)
+{
+    int rv;
+    char *stmp, *vtmp = NULL;
+    stmp = BUF_strdup(value);
+    if (!stmp)
+        return -1;
+    vtmp = strchr(stmp, ':');
+    if (vtmp) {
+        *vtmp = 0;
+        vtmp++;
+    }
+    rv = EVP_PKEY_CTX_ctrl_str(ctx, stmp, vtmp);
+    OPENSSL_free(stmp);
+    return rv;
+}
+
+static void nodes_print(BIO *out, const char *name,
+                        STACK_OF(X509_POLICY_NODE) *nodes)
+{
+    X509_POLICY_NODE *node;
+    int i;
+    BIO_printf(out, "%s Policies:", name);
+    if (nodes) {
+        BIO_puts(out, "\n");
+        for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++) {
+            node = sk_X509_POLICY_NODE_value(nodes, i);
+            X509_POLICY_NODE_print(out, node, 2);
+        }
+    } else
+        BIO_puts(out, " <empty>\n");
+}
+
+void policies_print(BIO *out, X509_STORE_CTX *ctx)
+{
+    X509_POLICY_TREE *tree;
+    int explicit_policy;
+    int free_out = 0;
+    if (out == NULL) {
+        out = BIO_new_fp(stderr, BIO_NOCLOSE);
+        free_out = 1;
+    }
+    tree = X509_STORE_CTX_get0_policy_tree(ctx);
+    explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);
+
+    BIO_printf(out, "Require explicit Policy: %s\n",
+               explicit_policy ? "True" : "False");
+
+    nodes_print(out, "Authority", X509_policy_tree_get0_policies(tree));
+    nodes_print(out, "User", X509_policy_tree_get0_user_policies(tree));
+    if (free_out)
+        BIO_free(out);
+}
+
+#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
+
+static JPAKE_CTX *jpake_init(const char *us, const char *them,
+                             const char *secret)
+{
+    BIGNUM *p = NULL;
+    BIGNUM *g = NULL;
+    BIGNUM *q = NULL;
+    BIGNUM *bnsecret = BN_new();
+    JPAKE_CTX *ctx;
+
+    /* Use a safe prime for p (that we found earlier) */
+    BN_hex2bn(&p,
+              "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F");
+    g = BN_new();
+    BN_set_word(g, 2);
+    q = BN_new();
+    BN_rshift1(q, p);
+
+    BN_bin2bn((const unsigned char *)secret, strlen(secret), bnsecret);
+
+    ctx = JPAKE_CTX_new(us, them, p, g, q, bnsecret);
+    BN_free(bnsecret);
+    BN_free(q);
+    BN_free(g);
+    BN_free(p);
+
+    return ctx;
+}
+
+static void jpake_send_part(BIO *conn, const JPAKE_STEP_PART *p)
+{
+    BN_print(conn, p->gx);
+    BIO_puts(conn, "\n");
+    BN_print(conn, p->zkpx.gr);
+    BIO_puts(conn, "\n");
+    BN_print(conn, p->zkpx.b);
+    BIO_puts(conn, "\n");
+}
+
+static void jpake_send_step1(BIO *bconn, JPAKE_CTX *ctx)
+{
+    JPAKE_STEP1 s1;
+
+    JPAKE_STEP1_init(&s1);
+    JPAKE_STEP1_generate(&s1, ctx);
+    jpake_send_part(bconn, &s1.p1);
+    jpake_send_part(bconn, &s1.p2);
+    (void)BIO_flush(bconn);
+    JPAKE_STEP1_release(&s1);
+}
+
+static void jpake_send_step2(BIO *bconn, JPAKE_CTX *ctx)
+{
+    JPAKE_STEP2 s2;
+
+    JPAKE_STEP2_init(&s2);
+    JPAKE_STEP2_generate(&s2, ctx);
+    jpake_send_part(bconn, &s2);
+    (void)BIO_flush(bconn);
+    JPAKE_STEP2_release(&s2);
+}
+
+static void jpake_send_step3a(BIO *bconn, JPAKE_CTX *ctx)
+{
+    JPAKE_STEP3A s3a;
+
+    JPAKE_STEP3A_init(&s3a);
+    JPAKE_STEP3A_generate(&s3a, ctx);
+    BIO_write(bconn, s3a.hhk, sizeof s3a.hhk);
+    (void)BIO_flush(bconn);
+    JPAKE_STEP3A_release(&s3a);
+}
+
+static void jpake_send_step3b(BIO *bconn, JPAKE_CTX *ctx)
+{
+    JPAKE_STEP3B s3b;
+
+    JPAKE_STEP3B_init(&s3b);
+    JPAKE_STEP3B_generate(&s3b, ctx);
+    BIO_write(bconn, s3b.hk, sizeof s3b.hk);
+    (void)BIO_flush(bconn);
+    JPAKE_STEP3B_release(&s3b);
+}
+
+static void readbn(BIGNUM **bn, BIO *bconn)
+{
+    char buf[10240];
+    int l;
+
+    l = BIO_gets(bconn, buf, sizeof buf);
+    assert(l > 0);
+    assert(buf[l - 1] == '\n');
+    buf[l - 1] = '\0';
+    BN_hex2bn(bn, buf);
+}
+
+static void jpake_receive_part(JPAKE_STEP_PART *p, BIO *bconn)
+{
+    readbn(&p->gx, bconn);
+    readbn(&p->zkpx.gr, bconn);
+    readbn(&p->zkpx.b, bconn);
+}
+
+static void jpake_receive_step1(JPAKE_CTX *ctx, BIO *bconn)
+{
+    JPAKE_STEP1 s1;
+
+    JPAKE_STEP1_init(&s1);
+    jpake_receive_part(&s1.p1, bconn);
+    jpake_receive_part(&s1.p2, bconn);
+    if (!JPAKE_STEP1_process(ctx, &s1)) {
+        ERR_print_errors(bio_err);
+        exit(1);
+    }
+    JPAKE_STEP1_release(&s1);
+}
+
+static void jpake_receive_step2(JPAKE_CTX *ctx, BIO *bconn)
+{
+    JPAKE_STEP2 s2;
+
+    JPAKE_STEP2_init(&s2);
+    jpake_receive_part(&s2, bconn);
+    if (!JPAKE_STEP2_process(ctx, &s2)) {
+        ERR_print_errors(bio_err);
+        exit(1);
+    }
+    JPAKE_STEP2_release(&s2);
+}
+
+static void jpake_receive_step3a(JPAKE_CTX *ctx, BIO *bconn)
+{
+    JPAKE_STEP3A s3a;
+    int l;
+
+    JPAKE_STEP3A_init(&s3a);
+    l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk);
+    assert(l == sizeof s3a.hhk);
+    if (!JPAKE_STEP3A_process(ctx, &s3a)) {
+        ERR_print_errors(bio_err);
+        exit(1);
+    }
+    JPAKE_STEP3A_release(&s3a);
+}
+
+static void jpake_receive_step3b(JPAKE_CTX *ctx, BIO *bconn)
+{
+    JPAKE_STEP3B s3b;
+    int l;
+
+    JPAKE_STEP3B_init(&s3b);
+    l = BIO_read(bconn, s3b.hk, sizeof s3b.hk);
+    assert(l == sizeof s3b.hk);
+    if (!JPAKE_STEP3B_process(ctx, &s3b)) {
+        ERR_print_errors(bio_err);
+        exit(1);
+    }
+    JPAKE_STEP3B_release(&s3b);
+}
+
+void jpake_client_auth(BIO *out, BIO *conn, const char *secret)
+{
+    JPAKE_CTX *ctx;
+    BIO *bconn;
+
+    BIO_puts(out, "Authenticating with JPAKE\n");
+
+    ctx = jpake_init("client", "server", secret);
+
+    bconn = BIO_new(BIO_f_buffer());
+    BIO_push(bconn, conn);
+
+    jpake_send_step1(bconn, ctx);
+    jpake_receive_step1(ctx, bconn);
+    jpake_send_step2(bconn, ctx);
+    jpake_receive_step2(ctx, bconn);
+    jpake_send_step3a(bconn, ctx);
+    jpake_receive_step3b(ctx, bconn);
+
+    BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
+
+    psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
+
+    BIO_pop(bconn);
+    BIO_free(bconn);
+
+    JPAKE_CTX_free(ctx);
+}
+
+void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
+{
+    JPAKE_CTX *ctx;
+    BIO *bconn;
+
+    BIO_puts(out, "Authenticating with JPAKE\n");
+
+    ctx = jpake_init("server", "client", secret);
+
+    bconn = BIO_new(BIO_f_buffer());
+    BIO_push(bconn, conn);
+
+    jpake_receive_step1(ctx, bconn);
+    jpake_send_step1(bconn, ctx);
+    jpake_receive_step2(ctx, bconn);
+    jpake_send_step2(bconn, ctx);
+    jpake_receive_step3a(ctx, bconn);
+    jpake_send_step3b(bconn, ctx);
+
+    BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
+
+    psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
+
+    BIO_pop(bconn);
+    BIO_free(bconn);
+
+    JPAKE_CTX_free(ctx);
+}
+
+#endif
+
+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
+/*-
+ * next_protos_parse parses a comma separated list of strings into a string
+ * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
+ *   outlen: (output) set to the length of the resulting buffer on success.
+ *   err: (maybe NULL) on failure, an error message line is written to this BIO.
+ *   in: a NUL termianted string like "abc,def,ghi"
+ *
+ *   returns: a malloced buffer or NULL on failure.
+ */
+unsigned char *next_protos_parse(unsigned short *outlen, const char *in)
+{
+    size_t len;
+    unsigned char *out;
+    size_t i, start = 0;
+
+    len = strlen(in);
+    if (len >= 65535)
+        return NULL;
+
+    out = OPENSSL_malloc(strlen(in) + 1);
+    if (!out)
+        return NULL;
+
+    for (i = 0; i <= len; ++i) {
+        if (i == len || in[i] == ',') {
+            if (i - start > 255) {
+                OPENSSL_free(out);
+                return NULL;
+            }
+            out[start] = i - start;
+            start = i + 1;
+        } else
+            out[i + 1] = in[i];
+    }
+
+    *outlen = len + 1;
+    return out;
+}
+#endif                          /* !OPENSSL_NO_TLSEXT &&
+                                 * !OPENSSL_NO_NEXTPROTONEG */
+
+/*
+ * Platform-specific sections
+ */
+#if defined(_WIN32)
+# ifdef fileno
+#  undef fileno
+#  define fileno(a) (int)_fileno(a)
+# endif
+
+# include <windows.h>
+# include <tchar.h>
+
+static int WIN32_rename(const char *from, const char *to)
+{
+    TCHAR *tfrom = NULL, *tto;
+    DWORD err;
+    int ret = 0;
+
+    if (sizeof(TCHAR) == 1) {
+        tfrom = (TCHAR *)from;
+        tto = (TCHAR *)to;
+    } else {                    /* UNICODE path */
+
+        size_t i, flen = strlen(from) + 1, tlen = strlen(to) + 1;
+        tfrom = (TCHAR *)malloc(sizeof(TCHAR) * (flen + tlen));
+        if (tfrom == NULL)
+            goto err;
+        tto = tfrom + flen;
+# if !defined(_WIN32_WCE) || _WIN32_WCE>=101
+        if (!MultiByteToWideChar(CP_ACP, 0, from, flen, (WCHAR *)tfrom, flen))
+# endif
+            for (i = 0; i < flen; i++)
+                tfrom[i] = (TCHAR)from[i];
+# if !defined(_WIN32_WCE) || _WIN32_WCE>=101
+        if (!MultiByteToWideChar(CP_ACP, 0, to, tlen, (WCHAR *)tto, tlen))
+# endif
+            for (i = 0; i < tlen; i++)
+                tto[i] = (TCHAR)to[i];
+    }
+
+    if (MoveFile(tfrom, tto))
+        goto ok;
+    err = GetLastError();
+    if (err == ERROR_ALREADY_EXISTS || err == ERROR_FILE_EXISTS) {
+        if (DeleteFile(tto) && MoveFile(tfrom, tto))
+            goto ok;
+        err = GetLastError();
+    }
+    if (err == ERROR_FILE_NOT_FOUND || err == ERROR_PATH_NOT_FOUND)
+        errno = ENOENT;
+    else if (err == ERROR_ACCESS_DENIED)
+        errno = EACCES;
+    else
+        errno = EINVAL;         /* we could map more codes... */
+ err:
+    ret = -1;
+ ok:
+    if (tfrom != NULL && tfrom != (TCHAR *)from)
+        free(tfrom);
+    return ret;
+}
+#endif
+
+/* app_tminterval section */
+#if defined(_WIN32)
+double app_tminterval(int stop, int usertime)
+{
+    FILETIME now;
+    double ret = 0;
+    static ULARGE_INTEGER tmstart;
+    static int warning = 1;
+# ifdef _WIN32_WINNT
+    static HANDLE proc = NULL;
+
+    if (proc == NULL) {
+        if (check_winnt())
+            proc = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE,
+                               GetCurrentProcessId());
+        if (proc == NULL)
+            proc = (HANDLE) - 1;
+    }
+
+    if (usertime && proc != (HANDLE) - 1) {
+        FILETIME junk;
+        GetProcessTimes(proc, &junk, &junk, &junk, &now);
+    } else
+# endif
+    {
+        SYSTEMTIME systime;
+
+        if (usertime && warning) {
+            BIO_printf(bio_err, "To get meaningful results, run "
+                       "this program on idle system.\n");
+            warning = 0;
+        }
+        GetSystemTime(&systime);
+        SystemTimeToFileTime(&systime, &now);
+    }
+
+    if (stop == TM_START) {
+        tmstart.u.LowPart = now.dwLowDateTime;
+        tmstart.u.HighPart = now.dwHighDateTime;
+    } else {
+        ULARGE_INTEGER tmstop;
+
+        tmstop.u.LowPart = now.dwLowDateTime;
+        tmstop.u.HighPart = now.dwHighDateTime;
+
+        ret = (__int64)(tmstop.QuadPart - tmstart.QuadPart) * 1e-7;
+    }
+
+    return (ret);
+}
+
+#elif defined(OPENSSL_SYS_NETWARE)
+# include <time.h>
+
+double app_tminterval(int stop, int usertime)
+{
+    double ret = 0;
+    static clock_t tmstart;
+    static int warning = 1;
+
+    if (usertime && warning) {
+        BIO_printf(bio_err, "To get meaningful results, run "
+                   "this program on idle system.\n");
+        warning = 0;
+    }
+
+    if (stop == TM_START)
+        tmstart = clock();
+    else
+        ret = (clock() - tmstart) / (double)CLOCKS_PER_SEC;
+
+    return (ret);
+}
+
+#elif defined(OPENSSL_SYSTEM_VXWORKS)
+# include <time.h>
+
+double app_tminterval(int stop, int usertime)
+{
+    double ret = 0;
+# ifdef CLOCK_REALTIME
+    static struct timespec tmstart;
+    struct timespec now;
+# else
+    static unsigned long tmstart;
+    unsigned long now;
+# endif
+    static int warning = 1;
+
+    if (usertime && warning) {
+        BIO_printf(bio_err, "To get meaningful results, run "
+                   "this program on idle system.\n");
+        warning = 0;
+    }
+# ifdef CLOCK_REALTIME
+    clock_gettime(CLOCK_REALTIME, &now);
+    if (stop == TM_START)
+        tmstart = now;
+    else
+        ret = ((now.tv_sec + now.tv_nsec * 1e-9)
+               - (tmstart.tv_sec + tmstart.tv_nsec * 1e-9));
+# else
+    now = tickGet();
+    if (stop == TM_START)
+        tmstart = now;
+    else
+        ret = (now - tmstart) / (double)sysClkRateGet();
+# endif
+    return (ret);
+}
+
+#elif defined(OPENSSL_SYSTEM_VMS)
+# include <time.h>
+# include <times.h>
+
+double app_tminterval(int stop, int usertime)
+{
+    static clock_t tmstart;
+    double ret = 0;
+    clock_t now;
+# ifdef __TMS
+    struct tms rus;
+
+    now = times(&rus);
+    if (usertime)
+        now = rus.tms_utime;
+# else
+    if (usertime)
+        now = clock();          /* sum of user and kernel times */
+    else {
+        struct timeval tv;
+        gettimeofday(&tv, NULL);
+        now = (clock_t)((unsigned long long)tv.tv_sec * CLK_TCK +
+                        (unsigned long long)tv.tv_usec * (1000000 / CLK_TCK)
+            );
+    }
+# endif
+    if (stop == TM_START)
+        tmstart = now;
+    else
+        ret = (now - tmstart) / (double)(CLK_TCK);
+
+    return (ret);
+}
+
+#elif defined(_SC_CLK_TCK)      /* by means of unistd.h */
+# include <sys/times.h>
+
+double app_tminterval(int stop, int usertime)
+{
+    double ret = 0;
+    struct tms rus;
+    clock_t now = times(&rus);
+    static clock_t tmstart;
+
+    if (usertime)
+        now = rus.tms_utime;
+
+    if (stop == TM_START)
+        tmstart = now;
+    else {
+        long int tck = sysconf(_SC_CLK_TCK);
+        ret = (now - tmstart) / (double)tck;
+    }
+
+    return (ret);
+}
+
+#else
+# include <sys/time.h>
+# include <sys/resource.h>
+
+double app_tminterval(int stop, int usertime)
+{
+    double ret = 0;
+    struct rusage rus;
+    struct timeval now;
+    static struct timeval tmstart;
+
+    if (usertime)
+        getrusage(RUSAGE_SELF, &rus), now = rus.ru_utime;
+    else
+        gettimeofday(&now, NULL);
+
+    if (stop == TM_START)
+        tmstart = now;
+    else
+        ret = ((now.tv_sec + now.tv_usec * 1e-6)
+               - (tmstart.tv_sec + tmstart.tv_usec * 1e-6));
+
+    return ret;
+}
+#endif
+
+/* app_isdir section */
+#ifdef _WIN32
+int app_isdir(const char *name)
+{
+    HANDLE hList;
+    WIN32_FIND_DATA FileData;
+# if defined(UNICODE) || defined(_UNICODE)
+    size_t i, len_0 = strlen(name) + 1;
+
+    if (len_0 > sizeof(FileData.cFileName) / sizeof(FileData.cFileName[0]))
+        return -1;
+
+#  if !defined(_WIN32_WCE) || _WIN32_WCE>=101
+    if (!MultiByteToWideChar
+        (CP_ACP, 0, name, len_0, FileData.cFileName, len_0))
+#  endif
+        for (i = 0; i < len_0; i++)
+            FileData.cFileName[i] = (WCHAR)name[i];
+
+    hList = FindFirstFile(FileData.cFileName, &FileData);
+# else
+    hList = FindFirstFile(name, &FileData);
+# endif
+    if (hList == INVALID_HANDLE_VALUE)
+        return -1;
+    FindClose(hList);
+    return ((FileData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) != 0);
+}
+#else
+# include <sys/stat.h>
+# ifndef S_ISDIR
+#  if defined(_S_IFMT) && defined(_S_IFDIR)
+#   define S_ISDIR(a)   (((a) & _S_IFMT) == _S_IFDIR)
+#  else
+#   define S_ISDIR(a)   (((a) & S_IFMT) == S_IFDIR)
+#  endif
+# endif
+
+int app_isdir(const char *name)
+{
+# if defined(S_ISDIR)
+    struct stat st;
+
+    if (stat(name, &st) == 0)
+        return S_ISDIR(st.st_mode);
+    else
+        return -1;
+# else
+    return -1;
+# endif
+}
+#endif
+
+/* raw_read|write section */
+#if defined(_WIN32) && defined(STD_INPUT_HANDLE)
+int raw_read_stdin(void *buf, int siz)
+{
+    DWORD n;
+    if (ReadFile(GetStdHandle(STD_INPUT_HANDLE), buf, siz, &n, NULL))
+        return (n);
+    else
+        return (-1);
+}
+#else
+int raw_read_stdin(void *buf, int siz)
+{
+    return read(fileno(stdin), buf, siz);
+}
+#endif
+
+#if defined(_WIN32) && defined(STD_OUTPUT_HANDLE)
+int raw_write_stdout(const void *buf, int siz)
+{
+    DWORD n;
+    if (WriteFile(GetStdHandle(STD_OUTPUT_HANDLE), buf, siz, &n, NULL))
+        return (n);
+    else
+        return (-1);
+}
+#else
+int raw_write_stdout(const void *buf, int siz)
+{
+    return write(fileno(stdout), buf, siz);
+}
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/apps/enc.c
===================================================================
--- vendor-crypto/openssl/dist/apps/enc.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/apps/enc.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,715 +0,0 @@
-/* apps/enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/rand.h>
-#include <openssl/pem.h>
-#ifndef OPENSSL_NO_COMP
-# include <openssl/comp.h>
-#endif
-#include <ctype.h>
-
-int set_hex(char *in, unsigned char *out, int size);
-#undef SIZE
-#undef BSIZE
-#undef PROG
-
-#define SIZE    (512)
-#define BSIZE   (8*1024)
-#define PROG    enc_main
-
-static void show_ciphers(const OBJ_NAME *name, void *bio_)
-{
-    BIO *bio = bio_;
-    static int n;
-
-    if (!islower((unsigned char)*name->name))
-        return;
-
-    BIO_printf(bio, "-%-25s", name->name);
-    if (++n == 3) {
-        BIO_printf(bio, "\n");
-        n = 0;
-    } else
-        BIO_printf(bio, " ");
-}
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-{
-    static const char magic[] = "Salted__";
-    char mbuf[sizeof magic - 1];
-    char *strbuf = NULL;
-    unsigned char *buff = NULL, *bufsize = NULL;
-    int bsize = BSIZE, verbose = 0;
-    int ret = 1, inl;
-    int nopad = 0;
-    unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
-    unsigned char salt[PKCS5_SALT_LEN];
-    char *str = NULL, *passarg = NULL, *pass = NULL;
-    char *hkey = NULL, *hiv = NULL, *hsalt = NULL;
-    char *md = NULL;
-    int enc = 1, printkey = 0, i, base64 = 0;
-#ifdef ZLIB
-    int do_zlib = 0;
-    BIO *bzl = NULL;
-#endif
-    int debug = 0, olb64 = 0, nosalt = 0;
-    const EVP_CIPHER *cipher = NULL, *c;
-    EVP_CIPHER_CTX *ctx = NULL;
-    char *inf = NULL, *outf = NULL;
-    BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL, *rbio =
-        NULL, *wbio = NULL;
-#define PROG_NAME_SIZE  39
-    char pname[PROG_NAME_SIZE + 1];
-#ifndef OPENSSL_NO_ENGINE
-    char *engine = NULL;
-#endif
-    const EVP_MD *dgst = NULL;
-    int non_fips_allow = 0;
-
-    apps_startup();
-
-    if (bio_err == NULL)
-        if ((bio_err = BIO_new(BIO_s_file())) != NULL)
-            BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
-
-    if (!load_config(bio_err, NULL))
-        goto end;
-
-    /* first check the program name */
-    program_name(argv[0], pname, sizeof pname);
-    if (strcmp(pname, "base64") == 0)
-        base64 = 1;
-#ifdef ZLIB
-    if (strcmp(pname, "zlib") == 0)
-        do_zlib = 1;
-#endif
-
-    cipher = EVP_get_cipherbyname(pname);
-#ifdef ZLIB
-    if (!do_zlib && !base64 && (cipher == NULL)
-        && (strcmp(pname, "enc") != 0))
-#else
-    if (!base64 && (cipher == NULL) && (strcmp(pname, "enc") != 0))
-#endif
-    {
-        BIO_printf(bio_err, "%s is an unknown cipher\n", pname);
-        goto bad;
-    }
-
-    argc--;
-    argv++;
-    while (argc >= 1) {
-        if (strcmp(*argv, "-e") == 0)
-            enc = 1;
-        else if (strcmp(*argv, "-in") == 0) {
-            if (--argc < 1)
-                goto bad;
-            inf = *(++argv);
-        } else if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
-            outf = *(++argv);
-        } else if (strcmp(*argv, "-pass") == 0) {
-            if (--argc < 1)
-                goto bad;
-            passarg = *(++argv);
-        }
-#ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*argv, "-engine") == 0) {
-            if (--argc < 1)
-                goto bad;
-            engine = *(++argv);
-        }
-#endif
-        else if (strcmp(*argv, "-d") == 0)
-            enc = 0;
-        else if (strcmp(*argv, "-p") == 0)
-            printkey = 1;
-        else if (strcmp(*argv, "-v") == 0)
-            verbose = 1;
-        else if (strcmp(*argv, "-nopad") == 0)
-            nopad = 1;
-        else if (strcmp(*argv, "-salt") == 0)
-            nosalt = 0;
-        else if (strcmp(*argv, "-nosalt") == 0)
-            nosalt = 1;
-        else if (strcmp(*argv, "-debug") == 0)
-            debug = 1;
-        else if (strcmp(*argv, "-P") == 0)
-            printkey = 2;
-        else if (strcmp(*argv, "-A") == 0)
-            olb64 = 1;
-        else if (strcmp(*argv, "-a") == 0)
-            base64 = 1;
-        else if (strcmp(*argv, "-base64") == 0)
-            base64 = 1;
-#ifdef ZLIB
-        else if (strcmp(*argv, "-z") == 0)
-            do_zlib = 1;
-#endif
-        else if (strcmp(*argv, "-bufsize") == 0) {
-            if (--argc < 1)
-                goto bad;
-            bufsize = (unsigned char *)*(++argv);
-        } else if (strcmp(*argv, "-k") == 0) {
-            if (--argc < 1)
-                goto bad;
-            str = *(++argv);
-        } else if (strcmp(*argv, "-kfile") == 0) {
-            static char buf[128];
-            FILE *infile;
-            char *file;
-
-            if (--argc < 1)
-                goto bad;
-            file = *(++argv);
-            infile = fopen(file, "r");
-            if (infile == NULL) {
-                BIO_printf(bio_err, "unable to read key from '%s'\n", file);
-                goto bad;
-            }
-            buf[0] = '\0';
-            if (!fgets(buf, sizeof buf, infile)) {
-                BIO_printf(bio_err, "unable to read key from '%s'\n", file);
-                goto bad;
-            }
-            fclose(infile);
-            i = strlen(buf);
-            if ((i > 0) && ((buf[i - 1] == '\n') || (buf[i - 1] == '\r')))
-                buf[--i] = '\0';
-            if ((i > 0) && ((buf[i - 1] == '\n') || (buf[i - 1] == '\r')))
-                buf[--i] = '\0';
-            if (i < 1) {
-                BIO_printf(bio_err, "zero length password\n");
-                goto bad;
-            }
-            str = buf;
-        } else if (strcmp(*argv, "-K") == 0) {
-            if (--argc < 1)
-                goto bad;
-            hkey = *(++argv);
-        } else if (strcmp(*argv, "-S") == 0) {
-            if (--argc < 1)
-                goto bad;
-            hsalt = *(++argv);
-        } else if (strcmp(*argv, "-iv") == 0) {
-            if (--argc < 1)
-                goto bad;
-            hiv = *(++argv);
-        } else if (strcmp(*argv, "-md") == 0) {
-            if (--argc < 1)
-                goto bad;
-            md = *(++argv);
-        } else if (strcmp(*argv, "-non-fips-allow") == 0)
-            non_fips_allow = 1;
-        else if ((argv[0][0] == '-') &&
-                 ((c = EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) {
-            cipher = c;
-        } else if (strcmp(*argv, "-none") == 0)
-            cipher = NULL;
-        else {
-            BIO_printf(bio_err, "unknown option '%s'\n", *argv);
- bad:
-            BIO_printf(bio_err, "options are\n");
-            BIO_printf(bio_err, "%-14s input file\n", "-in <file>");
-            BIO_printf(bio_err, "%-14s output file\n", "-out <file>");
-            BIO_printf(bio_err, "%-14s pass phrase source\n", "-pass <arg>");
-            BIO_printf(bio_err, "%-14s encrypt\n", "-e");
-            BIO_printf(bio_err, "%-14s decrypt\n", "-d");
-            BIO_printf(bio_err,
-                       "%-14s base64 encode/decode, depending on encryption flag\n",
-                       "-a/-base64");
-            BIO_printf(bio_err, "%-14s passphrase is the next argument\n",
-                       "-k");
-            BIO_printf(bio_err,
-                       "%-14s passphrase is the first line of the file argument\n",
-                       "-kfile");
-            BIO_printf(bio_err,
-                       "%-14s the next argument is the md to use to create a key\n",
-                       "-md");
-            BIO_printf(bio_err,
-                       "%-14s   from a passphrase.  One of md2, md5, sha or sha1\n",
-                       "");
-            BIO_printf(bio_err, "%-14s salt in hex is the next argument\n",
-                       "-S");
-            BIO_printf(bio_err, "%-14s key/iv in hex is the next argument\n",
-                       "-K/-iv");
-            BIO_printf(bio_err, "%-14s print the iv/key (then exit if -P)\n",
-                       "-[pP]");
-            BIO_printf(bio_err, "%-14s buffer size\n", "-bufsize <n>");
-            BIO_printf(bio_err, "%-14s disable standard block padding\n",
-                       "-nopad");
-#ifndef OPENSSL_NO_ENGINE
-            BIO_printf(bio_err,
-                       "%-14s use engine e, possibly a hardware device.\n",
-                       "-engine e");
-#endif
-
-            BIO_printf(bio_err, "Cipher Types\n");
-            OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
-                                   show_ciphers, bio_err);
-            BIO_printf(bio_err, "\n");
-
-            goto end;
-        }
-        argc--;
-        argv++;
-    }
-
-#ifndef OPENSSL_NO_ENGINE
-    setup_engine(bio_err, engine, 0);
-#endif
-
-    if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
-        BIO_printf(bio_err,
-                   "AEAD ciphers not supported by the enc utility\n");
-        goto end;
-    }
-
-    if (cipher && (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)) {
-        BIO_printf(bio_err,
-                   "Ciphers in XTS mode are not supported by the enc utility\n");
-        goto end;
-    }
-
-    if (md && (dgst = EVP_get_digestbyname(md)) == NULL) {
-        BIO_printf(bio_err, "%s is an unsupported message digest type\n", md);
-        goto end;
-    }
-
-    if (dgst == NULL) {
-        dgst = EVP_md5();
-    }
-
-    if (bufsize != NULL) {
-        unsigned long n;
-
-        for (n = 0; *bufsize; bufsize++) {
-            i = *bufsize;
-            if ((i <= '9') && (i >= '0'))
-                n = n * 10 + i - '0';
-            else if (i == 'k') {
-                n *= 1024;
-                bufsize++;
-                break;
-            }
-        }
-        if (*bufsize != '\0') {
-            BIO_printf(bio_err, "invalid 'bufsize' specified.\n");
-            goto end;
-        }
-
-        /* It must be large enough for a base64 encoded line */
-        if (base64 && n < 80)
-            n = 80;
-
-        bsize = (int)n;
-        if (verbose)
-            BIO_printf(bio_err, "bufsize=%d\n", bsize);
-    }
-
-    strbuf = OPENSSL_malloc(SIZE);
-    buff = (unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));
-    if ((buff == NULL) || (strbuf == NULL)) {
-        BIO_printf(bio_err, "OPENSSL_malloc failure %ld\n",
-                   (long)EVP_ENCODE_LENGTH(bsize));
-        goto end;
-    }
-
-    in = BIO_new(BIO_s_file());
-    out = BIO_new(BIO_s_file());
-    if ((in == NULL) || (out == NULL)) {
-        ERR_print_errors(bio_err);
-        goto end;
-    }
-    if (debug) {
-        BIO_set_callback(in, BIO_debug_callback);
-        BIO_set_callback(out, BIO_debug_callback);
-        BIO_set_callback_arg(in, (char *)bio_err);
-        BIO_set_callback_arg(out, (char *)bio_err);
-    }
-
-    if (inf == NULL) {
-#ifndef OPENSSL_NO_SETVBUF_IONBF
-        if (bufsize != NULL)
-            setvbuf(stdin, (char *)NULL, _IONBF, 0);
-#endif                          /* ndef OPENSSL_NO_SETVBUF_IONBF */
-        BIO_set_fp(in, stdin, BIO_NOCLOSE);
-    } else {
-        if (BIO_read_filename(in, inf) <= 0) {
-            perror(inf);
-            goto end;
-        }
-    }
-
-    if (!str && passarg) {
-        if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {
-            BIO_printf(bio_err, "Error getting password\n");
-            goto end;
-        }
-        str = pass;
-    }
-
-    if ((str == NULL) && (cipher != NULL) && (hkey == NULL)) {
-        for (;;) {
-            char buf[200];
-
-            BIO_snprintf(buf, sizeof buf, "enter %s %s password:",
-                         OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
-                         (enc) ? "encryption" : "decryption");
-            strbuf[0] = '\0';
-            i = EVP_read_pw_string((char *)strbuf, SIZE, buf, enc);
-            if (i == 0) {
-                if (strbuf[0] == '\0') {
-                    ret = 1;
-                    goto end;
-                }
-                str = strbuf;
-                break;
-            }
-            if (i < 0) {
-                BIO_printf(bio_err, "bad password read\n");
-                goto end;
-            }
-        }
-    }
-
-    if (outf == NULL) {
-        BIO_set_fp(out, stdout, BIO_NOCLOSE);
-#ifndef OPENSSL_NO_SETVBUF_IONBF
-        if (bufsize != NULL)
-            setvbuf(stdout, (char *)NULL, _IONBF, 0);
-#endif                          /* ndef OPENSSL_NO_SETVBUF_IONBF */
-#ifdef OPENSSL_SYS_VMS
-        {
-            BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-            out = BIO_push(tmpbio, out);
-        }
-#endif
-    } else {
-        if (BIO_write_filename(out, outf) <= 0) {
-            perror(outf);
-            goto end;
-        }
-    }
-
-    rbio = in;
-    wbio = out;
-
-#ifdef ZLIB
-
-    if (do_zlib) {
-        if ((bzl = BIO_new(BIO_f_zlib())) == NULL)
-            goto end;
-        if (enc)
-            wbio = BIO_push(bzl, wbio);
-        else
-            rbio = BIO_push(bzl, rbio);
-    }
-#endif
-
-    if (base64) {
-        if ((b64 = BIO_new(BIO_f_base64())) == NULL)
-            goto end;
-        if (debug) {
-            BIO_set_callback(b64, BIO_debug_callback);
-            BIO_set_callback_arg(b64, (char *)bio_err);
-        }
-        if (olb64)
-            BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
-        if (enc)
-            wbio = BIO_push(b64, wbio);
-        else
-            rbio = BIO_push(b64, rbio);
-    }
-
-    if (cipher != NULL) {
-        /*
-         * Note that str is NULL if a key was passed on the command line, so
-         * we get no salt in that case. Is this a bug?
-         */
-        if (str != NULL) {
-            /*
-             * Salt handling: if encrypting generate a salt and write to
-             * output BIO. If decrypting read salt from input BIO.
-             */
-            unsigned char *sptr;
-            if (nosalt)
-                sptr = NULL;
-            else {
-                if (enc) {
-                    if (hsalt) {
-                        if (!set_hex(hsalt, salt, sizeof salt)) {
-                            BIO_printf(bio_err, "invalid hex salt value\n");
-                            goto end;
-                        }
-                    } else if (RAND_pseudo_bytes(salt, sizeof salt) < 0)
-                        goto end;
-                    /*
-                     * If -P option then don't bother writing
-                     */
-                    if ((printkey != 2)
-                        && (BIO_write(wbio, magic,
-                                      sizeof magic - 1) != sizeof magic - 1
-                            || BIO_write(wbio,
-                                         (char *)salt,
-                                         sizeof salt) != sizeof salt)) {
-                        BIO_printf(bio_err, "error writing output file\n");
-                        goto end;
-                    }
-                } else if (BIO_read(rbio, mbuf, sizeof mbuf) != sizeof mbuf
-                           || BIO_read(rbio,
-                                       (unsigned char *)salt,
-                                       sizeof salt) != sizeof salt) {
-                    BIO_printf(bio_err, "error reading input file\n");
-                    goto end;
-                } else if (memcmp(mbuf, magic, sizeof magic - 1)) {
-                    BIO_printf(bio_err, "bad magic number\n");
-                    goto end;
-                }
-
-                sptr = salt;
-            }
-
-            EVP_BytesToKey(cipher, dgst, sptr,
-                           (unsigned char *)str, strlen(str), 1, key, iv);
-            /*
-             * zero the complete buffer or the string passed from the command
-             * line bug picked up by Larry J. Hughes Jr. <hughes at indiana.edu>
-             */
-            if (str == strbuf)
-                OPENSSL_cleanse(str, SIZE);
-            else
-                OPENSSL_cleanse(str, strlen(str));
-        }
-        if (hiv != NULL) {
-            int siz = EVP_CIPHER_iv_length(cipher);
-            if (siz == 0) {
-                BIO_printf(bio_err, "warning: iv not use by this cipher\n");
-            } else if (!set_hex(hiv, iv, sizeof iv)) {
-                BIO_printf(bio_err, "invalid hex iv value\n");
-                goto end;
-            }
-        }
-        if ((hiv == NULL) && (str == NULL)
-            && EVP_CIPHER_iv_length(cipher) != 0) {
-            /*
-             * No IV was explicitly set and no IV was generated during
-             * EVP_BytesToKey. Hence the IV is undefined, making correct
-             * decryption impossible.
-             */
-            BIO_printf(bio_err, "iv undefined\n");
-            goto end;
-        }
-        if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
-            BIO_printf(bio_err, "invalid hex key value\n");
-            goto end;
-        }
-
-        if ((benc = BIO_new(BIO_f_cipher())) == NULL)
-            goto end;
-
-        /*
-         * Since we may be changing parameters work on the encryption context
-         * rather than calling BIO_set_cipher().
-         */
-
-        BIO_get_cipher_ctx(benc, &ctx);
-
-        if (non_fips_allow)
-            EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW);
-
-        if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) {
-            BIO_printf(bio_err, "Error setting cipher %s\n",
-                       EVP_CIPHER_name(cipher));
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-
-        if (nopad)
-            EVP_CIPHER_CTX_set_padding(ctx, 0);
-
-        if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) {
-            BIO_printf(bio_err, "Error setting cipher %s\n",
-                       EVP_CIPHER_name(cipher));
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-
-        if (debug) {
-            BIO_set_callback(benc, BIO_debug_callback);
-            BIO_set_callback_arg(benc, (char *)bio_err);
-        }
-
-        if (printkey) {
-            if (!nosalt) {
-                printf("salt=");
-                for (i = 0; i < (int)sizeof(salt); i++)
-                    printf("%02X", salt[i]);
-                printf("\n");
-            }
-            if (cipher->key_len > 0) {
-                printf("key=");
-                for (i = 0; i < cipher->key_len; i++)
-                    printf("%02X", key[i]);
-                printf("\n");
-            }
-            if (cipher->iv_len > 0) {
-                printf("iv =");
-                for (i = 0; i < cipher->iv_len; i++)
-                    printf("%02X", iv[i]);
-                printf("\n");
-            }
-            if (printkey == 2) {
-                ret = 0;
-                goto end;
-            }
-        }
-    }
-
-    /* Only encrypt/decrypt as we write the file */
-    if (benc != NULL)
-        wbio = BIO_push(benc, wbio);
-
-    for (;;) {
-        inl = BIO_read(rbio, (char *)buff, bsize);
-        if (inl <= 0)
-            break;
-        if (BIO_write(wbio, (char *)buff, inl) != inl) {
-            BIO_printf(bio_err, "error writing output file\n");
-            goto end;
-        }
-    }
-    if (!BIO_flush(wbio)) {
-        BIO_printf(bio_err, "bad decrypt\n");
-        goto end;
-    }
-
-    ret = 0;
-    if (verbose) {
-        BIO_printf(bio_err, "bytes read   :%8ld\n", BIO_number_read(in));
-        BIO_printf(bio_err, "bytes written:%8ld\n", BIO_number_written(out));
-    }
- end:
-    ERR_print_errors(bio_err);
-    if (strbuf != NULL)
-        OPENSSL_free(strbuf);
-    if (buff != NULL)
-        OPENSSL_free(buff);
-    if (in != NULL)
-        BIO_free(in);
-    if (out != NULL)
-        BIO_free_all(out);
-    if (benc != NULL)
-        BIO_free(benc);
-    if (b64 != NULL)
-        BIO_free(b64);
-#ifdef ZLIB
-    if (bzl != NULL)
-        BIO_free(bzl);
-#endif
-    if (pass)
-        OPENSSL_free(pass);
-    apps_shutdown();
-    OPENSSL_EXIT(ret);
-}
-
-int set_hex(char *in, unsigned char *out, int size)
-{
-    int i, n;
-    unsigned char j;
-
-    n = strlen(in);
-    if (n > (size * 2)) {
-        BIO_printf(bio_err, "hex string is too long\n");
-        return (0);
-    }
-    memset(out, 0, size);
-    for (i = 0; i < n; i++) {
-        j = (unsigned char)*in;
-        *(in++) = '\0';
-        if (j == 0)
-            break;
-        if ((j >= '0') && (j <= '9'))
-            j -= '0';
-        else if ((j >= 'A') && (j <= 'F'))
-            j = j - 'A' + 10;
-        else if ((j >= 'a') && (j <= 'f'))
-            j = j - 'a' + 10;
-        else {
-            BIO_printf(bio_err, "non-hex digit\n");
-            return (0);
-        }
-        if (i & 1)
-            out[i / 2] |= j;
-        else
-            out[i / 2] = (j << 4);
-    }
-    return (1);
-}

Copied: vendor-crypto/openssl/1.0.1u/apps/enc.c (from rev 11605, vendor-crypto/openssl/dist/apps/enc.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/apps/enc.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/apps/enc.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,715 @@
+/* apps/enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+#include <openssl/pem.h>
+#ifndef OPENSSL_NO_COMP
+# include <openssl/comp.h>
+#endif
+#include <ctype.h>
+
+int set_hex(char *in, unsigned char *out, int size);
+#undef SIZE
+#undef BSIZE
+#undef PROG
+
+#define SIZE    (512)
+#define BSIZE   (8*1024)
+#define PROG    enc_main
+
+static void show_ciphers(const OBJ_NAME *name, void *bio_)
+{
+    BIO *bio = bio_;
+    static int n;
+
+    if (!islower((unsigned char)*name->name))
+        return;
+
+    BIO_printf(bio, "-%-25s", name->name);
+    if (++n == 3) {
+        BIO_printf(bio, "\n");
+        n = 0;
+    } else
+        BIO_printf(bio, " ");
+}
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+    static const char magic[] = "Salted__";
+    char mbuf[sizeof magic - 1];
+    char *strbuf = NULL;
+    unsigned char *buff = NULL, *bufsize = NULL;
+    int bsize = BSIZE, verbose = 0;
+    int ret = 1, inl;
+    int nopad = 0;
+    unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
+    unsigned char salt[PKCS5_SALT_LEN];
+    char *str = NULL, *passarg = NULL, *pass = NULL;
+    char *hkey = NULL, *hiv = NULL, *hsalt = NULL;
+    char *md = NULL;
+    int enc = 1, printkey = 0, i, base64 = 0;
+#ifdef ZLIB
+    int do_zlib = 0;
+    BIO *bzl = NULL;
+#endif
+    int debug = 0, olb64 = 0, nosalt = 0;
+    const EVP_CIPHER *cipher = NULL, *c;
+    EVP_CIPHER_CTX *ctx = NULL;
+    char *inf = NULL, *outf = NULL;
+    BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL, *rbio =
+        NULL, *wbio = NULL;
+#define PROG_NAME_SIZE  39
+    char pname[PROG_NAME_SIZE + 1];
+#ifndef OPENSSL_NO_ENGINE
+    char *engine = NULL;
+#endif
+    const EVP_MD *dgst = NULL;
+    int non_fips_allow = 0;
+
+    apps_startup();
+
+    if (bio_err == NULL)
+        if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+            BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+    if (!load_config(bio_err, NULL))
+        goto end;
+
+    /* first check the program name */
+    program_name(argv[0], pname, sizeof pname);
+    if (strcmp(pname, "base64") == 0)
+        base64 = 1;
+#ifdef ZLIB
+    if (strcmp(pname, "zlib") == 0)
+        do_zlib = 1;
+#endif
+
+    cipher = EVP_get_cipherbyname(pname);
+#ifdef ZLIB
+    if (!do_zlib && !base64 && (cipher == NULL)
+        && (strcmp(pname, "enc") != 0))
+#else
+    if (!base64 && (cipher == NULL) && (strcmp(pname, "enc") != 0))
+#endif
+    {
+        BIO_printf(bio_err, "%s is an unknown cipher\n", pname);
+        goto bad;
+    }
+
+    argc--;
+    argv++;
+    while (argc >= 1) {
+        if (strcmp(*argv, "-e") == 0)
+            enc = 1;
+        else if (strcmp(*argv, "-in") == 0) {
+            if (--argc < 1)
+                goto bad;
+            inf = *(++argv);
+        } else if (strcmp(*argv, "-out") == 0) {
+            if (--argc < 1)
+                goto bad;
+            outf = *(++argv);
+        } else if (strcmp(*argv, "-pass") == 0) {
+            if (--argc < 1)
+                goto bad;
+            passarg = *(++argv);
+        }
+#ifndef OPENSSL_NO_ENGINE
+        else if (strcmp(*argv, "-engine") == 0) {
+            if (--argc < 1)
+                goto bad;
+            engine = *(++argv);
+        }
+#endif
+        else if (strcmp(*argv, "-d") == 0)
+            enc = 0;
+        else if (strcmp(*argv, "-p") == 0)
+            printkey = 1;
+        else if (strcmp(*argv, "-v") == 0)
+            verbose = 1;
+        else if (strcmp(*argv, "-nopad") == 0)
+            nopad = 1;
+        else if (strcmp(*argv, "-salt") == 0)
+            nosalt = 0;
+        else if (strcmp(*argv, "-nosalt") == 0)
+            nosalt = 1;
+        else if (strcmp(*argv, "-debug") == 0)
+            debug = 1;
+        else if (strcmp(*argv, "-P") == 0)
+            printkey = 2;
+        else if (strcmp(*argv, "-A") == 0)
+            olb64 = 1;
+        else if (strcmp(*argv, "-a") == 0)
+            base64 = 1;
+        else if (strcmp(*argv, "-base64") == 0)
+            base64 = 1;
+#ifdef ZLIB
+        else if (strcmp(*argv, "-z") == 0)
+            do_zlib = 1;
+#endif
+        else if (strcmp(*argv, "-bufsize") == 0) {
+            if (--argc < 1)
+                goto bad;
+            bufsize = (unsigned char *)*(++argv);
+        } else if (strcmp(*argv, "-k") == 0) {
+            if (--argc < 1)
+                goto bad;
+            str = *(++argv);
+        } else if (strcmp(*argv, "-kfile") == 0) {
+            static char buf[128];
+            FILE *infile;
+            char *file;
+
+            if (--argc < 1)
+                goto bad;
+            file = *(++argv);
+            infile = fopen(file, "r");
+            if (infile == NULL) {
+                BIO_printf(bio_err, "unable to read key from '%s'\n", file);
+                goto bad;
+            }
+            buf[0] = '\0';
+            if (!fgets(buf, sizeof buf, infile)) {
+                BIO_printf(bio_err, "unable to read key from '%s'\n", file);
+                goto bad;
+            }
+            fclose(infile);
+            i = strlen(buf);
+            if ((i > 0) && ((buf[i - 1] == '\n') || (buf[i - 1] == '\r')))
+                buf[--i] = '\0';
+            if ((i > 0) && ((buf[i - 1] == '\n') || (buf[i - 1] == '\r')))
+                buf[--i] = '\0';
+            if (i < 1) {
+                BIO_printf(bio_err, "zero length password\n");
+                goto bad;
+            }
+            str = buf;
+        } else if (strcmp(*argv, "-K") == 0) {
+            if (--argc < 1)
+                goto bad;
+            hkey = *(++argv);
+        } else if (strcmp(*argv, "-S") == 0) {
+            if (--argc < 1)
+                goto bad;
+            hsalt = *(++argv);
+        } else if (strcmp(*argv, "-iv") == 0) {
+            if (--argc < 1)
+                goto bad;
+            hiv = *(++argv);
+        } else if (strcmp(*argv, "-md") == 0) {
+            if (--argc < 1)
+                goto bad;
+            md = *(++argv);
+        } else if (strcmp(*argv, "-non-fips-allow") == 0)
+            non_fips_allow = 1;
+        else if ((argv[0][0] == '-') &&
+                 ((c = EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) {
+            cipher = c;
+        } else if (strcmp(*argv, "-none") == 0)
+            cipher = NULL;
+        else {
+            BIO_printf(bio_err, "unknown option '%s'\n", *argv);
+ bad:
+            BIO_printf(bio_err, "options are\n");
+            BIO_printf(bio_err, "%-14s input file\n", "-in <file>");
+            BIO_printf(bio_err, "%-14s output file\n", "-out <file>");
+            BIO_printf(bio_err, "%-14s pass phrase source\n", "-pass <arg>");
+            BIO_printf(bio_err, "%-14s encrypt\n", "-e");
+            BIO_printf(bio_err, "%-14s decrypt\n", "-d");
+            BIO_printf(bio_err,
+                       "%-14s base64 encode/decode, depending on encryption flag\n",
+                       "-a/-base64");
+            BIO_printf(bio_err, "%-14s passphrase is the next argument\n",
+                       "-k");
+            BIO_printf(bio_err,
+                       "%-14s passphrase is the first line of the file argument\n",
+                       "-kfile");
+            BIO_printf(bio_err,
+                       "%-14s the next argument is the md to use to create a key\n",
+                       "-md");
+            BIO_printf(bio_err,
+                       "%-14s   from a passphrase.  One of md2, md5, sha or sha1\n",
+                       "");
+            BIO_printf(bio_err, "%-14s salt in hex is the next argument\n",
+                       "-S");
+            BIO_printf(bio_err, "%-14s key/iv in hex is the next argument\n",
+                       "-K/-iv");
+            BIO_printf(bio_err, "%-14s print the iv/key (then exit if -P)\n",
+                       "-[pP]");
+            BIO_printf(bio_err, "%-14s buffer size\n", "-bufsize <n>");
+            BIO_printf(bio_err, "%-14s disable standard block padding\n",
+                       "-nopad");
+#ifndef OPENSSL_NO_ENGINE
+            BIO_printf(bio_err,
+                       "%-14s use engine e, possibly a hardware device.\n",
+                       "-engine e");
+#endif
+
+            BIO_printf(bio_err, "Cipher Types\n");
+            OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
+                                   show_ciphers, bio_err);
+            BIO_printf(bio_err, "\n");
+
+            goto end;
+        }
+        argc--;
+        argv++;
+    }
+
+#ifndef OPENSSL_NO_ENGINE
+    setup_engine(bio_err, engine, 0);
+#endif
+
+    if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
+        BIO_printf(bio_err,
+                   "AEAD ciphers not supported by the enc utility\n");
+        goto end;
+    }
+
+    if (cipher && (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)) {
+        BIO_printf(bio_err,
+                   "Ciphers in XTS mode are not supported by the enc utility\n");
+        goto end;
+    }
+
+    if (md && (dgst = EVP_get_digestbyname(md)) == NULL) {
+        BIO_printf(bio_err, "%s is an unsupported message digest type\n", md);
+        goto end;
+    }
+
+    if (dgst == NULL) {
+        dgst = EVP_md5();
+    }
+
+    if (bufsize != NULL) {
+        unsigned long n;
+
+        for (n = 0; *bufsize; bufsize++) {
+            i = *bufsize;
+            if ((i <= '9') && (i >= '0'))
+                n = n * 10 + i - '0';
+            else if (i == 'k') {
+                n *= 1024;
+                bufsize++;
+                break;
+            }
+        }
+        if (*bufsize != '\0') {
+            BIO_printf(bio_err, "invalid 'bufsize' specified.\n");
+            goto end;
+        }
+
+        /* It must be large enough for a base64 encoded line */
+        if (base64 && n < 80)
+            n = 80;
+
+        bsize = (int)n;
+        if (verbose)
+            BIO_printf(bio_err, "bufsize=%d\n", bsize);
+    }
+
+    strbuf = OPENSSL_malloc(SIZE);
+    buff = (unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));
+    if ((buff == NULL) || (strbuf == NULL)) {
+        BIO_printf(bio_err, "OPENSSL_malloc failure %ld\n",
+                   (long)EVP_ENCODE_LENGTH(bsize));
+        goto end;
+    }
+
+    in = BIO_new(BIO_s_file());
+    out = BIO_new(BIO_s_file());
+    if ((in == NULL) || (out == NULL)) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    if (debug) {
+        BIO_set_callback(in, BIO_debug_callback);
+        BIO_set_callback(out, BIO_debug_callback);
+        BIO_set_callback_arg(in, (char *)bio_err);
+        BIO_set_callback_arg(out, (char *)bio_err);
+    }
+
+    if (inf == NULL) {
+#ifndef OPENSSL_NO_SETVBUF_IONBF
+        if (bufsize != NULL)
+            setvbuf(stdin, (char *)NULL, _IONBF, 0);
+#endif                          /* ndef OPENSSL_NO_SETVBUF_IONBF */
+        BIO_set_fp(in, stdin, BIO_NOCLOSE);
+    } else {
+        if (BIO_read_filename(in, inf) <= 0) {
+            perror(inf);
+            goto end;
+        }
+    }
+
+    if (!str && passarg) {
+        if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {
+            BIO_printf(bio_err, "Error getting password\n");
+            goto end;
+        }
+        str = pass;
+    }
+
+    if ((str == NULL) && (cipher != NULL) && (hkey == NULL)) {
+        for (;;) {
+            char buf[200];
+
+            BIO_snprintf(buf, sizeof buf, "enter %s %s password:",
+                         OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
+                         (enc) ? "encryption" : "decryption");
+            strbuf[0] = '\0';
+            i = EVP_read_pw_string((char *)strbuf, SIZE, buf, enc);
+            if (i == 0) {
+                if (strbuf[0] == '\0') {
+                    ret = 1;
+                    goto end;
+                }
+                str = strbuf;
+                break;
+            }
+            if (i < 0) {
+                BIO_printf(bio_err, "bad password read\n");
+                goto end;
+            }
+        }
+    }
+
+    if (outf == NULL) {
+        BIO_set_fp(out, stdout, BIO_NOCLOSE);
+#ifndef OPENSSL_NO_SETVBUF_IONBF
+        if (bufsize != NULL)
+            setvbuf(stdout, (char *)NULL, _IONBF, 0);
+#endif                          /* ndef OPENSSL_NO_SETVBUF_IONBF */
+#ifdef OPENSSL_SYS_VMS
+        {
+            BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+            out = BIO_push(tmpbio, out);
+        }
+#endif
+    } else {
+        if (BIO_write_filename(out, outf) <= 0) {
+            perror(outf);
+            goto end;
+        }
+    }
+
+    rbio = in;
+    wbio = out;
+
+#ifdef ZLIB
+
+    if (do_zlib) {
+        if ((bzl = BIO_new(BIO_f_zlib())) == NULL)
+            goto end;
+        if (enc)
+            wbio = BIO_push(bzl, wbio);
+        else
+            rbio = BIO_push(bzl, rbio);
+    }
+#endif
+
+    if (base64) {
+        if ((b64 = BIO_new(BIO_f_base64())) == NULL)
+            goto end;
+        if (debug) {
+            BIO_set_callback(b64, BIO_debug_callback);
+            BIO_set_callback_arg(b64, (char *)bio_err);
+        }
+        if (olb64)
+            BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
+        if (enc)
+            wbio = BIO_push(b64, wbio);
+        else
+            rbio = BIO_push(b64, rbio);
+    }
+
+    if (cipher != NULL) {
+        /*
+         * Note that str is NULL if a key was passed on the command line, so
+         * we get no salt in that case. Is this a bug?
+         */
+        if (str != NULL) {
+            /*
+             * Salt handling: if encrypting generate a salt and write to
+             * output BIO. If decrypting read salt from input BIO.
+             */
+            unsigned char *sptr;
+            if (nosalt)
+                sptr = NULL;
+            else {
+                if (enc) {
+                    if (hsalt) {
+                        if (!set_hex(hsalt, salt, sizeof salt)) {
+                            BIO_printf(bio_err, "invalid hex salt value\n");
+                            goto end;
+                        }
+                    } else if (RAND_bytes(salt, sizeof salt) <= 0)
+                        goto end;
+                    /*
+                     * If -P option then don't bother writing
+                     */
+                    if ((printkey != 2)
+                        && (BIO_write(wbio, magic,
+                                      sizeof magic - 1) != sizeof magic - 1
+                            || BIO_write(wbio,
+                                         (char *)salt,
+                                         sizeof salt) != sizeof salt)) {
+                        BIO_printf(bio_err, "error writing output file\n");
+                        goto end;
+                    }
+                } else if (BIO_read(rbio, mbuf, sizeof mbuf) != sizeof mbuf
+                           || BIO_read(rbio,
+                                       (unsigned char *)salt,
+                                       sizeof salt) != sizeof salt) {
+                    BIO_printf(bio_err, "error reading input file\n");
+                    goto end;
+                } else if (memcmp(mbuf, magic, sizeof magic - 1)) {
+                    BIO_printf(bio_err, "bad magic number\n");
+                    goto end;
+                }
+
+                sptr = salt;
+            }
+
+            EVP_BytesToKey(cipher, dgst, sptr,
+                           (unsigned char *)str, strlen(str), 1, key, iv);
+            /*
+             * zero the complete buffer or the string passed from the command
+             * line bug picked up by Larry J. Hughes Jr. <hughes at indiana.edu>
+             */
+            if (str == strbuf)
+                OPENSSL_cleanse(str, SIZE);
+            else
+                OPENSSL_cleanse(str, strlen(str));
+        }
+        if (hiv != NULL) {
+            int siz = EVP_CIPHER_iv_length(cipher);
+            if (siz == 0) {
+                BIO_printf(bio_err, "warning: iv not use by this cipher\n");
+            } else if (!set_hex(hiv, iv, sizeof iv)) {
+                BIO_printf(bio_err, "invalid hex iv value\n");
+                goto end;
+            }
+        }
+        if ((hiv == NULL) && (str == NULL)
+            && EVP_CIPHER_iv_length(cipher) != 0) {
+            /*
+             * No IV was explicitly set and no IV was generated during
+             * EVP_BytesToKey. Hence the IV is undefined, making correct
+             * decryption impossible.
+             */
+            BIO_printf(bio_err, "iv undefined\n");
+            goto end;
+        }
+        if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
+            BIO_printf(bio_err, "invalid hex key value\n");
+            goto end;
+        }
+
+        if ((benc = BIO_new(BIO_f_cipher())) == NULL)
+            goto end;
+
+        /*
+         * Since we may be changing parameters work on the encryption context
+         * rather than calling BIO_set_cipher().
+         */
+
+        BIO_get_cipher_ctx(benc, &ctx);
+
+        if (non_fips_allow)
+            EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW);
+
+        if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) {
+            BIO_printf(bio_err, "Error setting cipher %s\n",
+                       EVP_CIPHER_name(cipher));
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        if (nopad)
+            EVP_CIPHER_CTX_set_padding(ctx, 0);
+
+        if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) {
+            BIO_printf(bio_err, "Error setting cipher %s\n",
+                       EVP_CIPHER_name(cipher));
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        if (debug) {
+            BIO_set_callback(benc, BIO_debug_callback);
+            BIO_set_callback_arg(benc, (char *)bio_err);
+        }
+
+        if (printkey) {
+            if (!nosalt) {
+                printf("salt=");
+                for (i = 0; i < (int)sizeof(salt); i++)
+                    printf("%02X", salt[i]);
+                printf("\n");
+            }
+            if (cipher->key_len > 0) {
+                printf("key=");
+                for (i = 0; i < cipher->key_len; i++)
+                    printf("%02X", key[i]);
+                printf("\n");
+            }
+            if (cipher->iv_len > 0) {
+                printf("iv =");
+                for (i = 0; i < cipher->iv_len; i++)
+                    printf("%02X", iv[i]);
+                printf("\n");
+            }
+            if (printkey == 2) {
+                ret = 0;
+                goto end;
+            }
+        }
+    }
+
+    /* Only encrypt/decrypt as we write the file */
+    if (benc != NULL)
+        wbio = BIO_push(benc, wbio);
+
+    for (;;) {
+        inl = BIO_read(rbio, (char *)buff, bsize);
+        if (inl <= 0)
+            break;
+        if (BIO_write(wbio, (char *)buff, inl) != inl) {
+            BIO_printf(bio_err, "error writing output file\n");
+            goto end;
+        }
+    }
+    if (!BIO_flush(wbio)) {
+        BIO_printf(bio_err, "bad decrypt\n");
+        goto end;
+    }
+
+    ret = 0;
+    if (verbose) {
+        BIO_printf(bio_err, "bytes read   :%8ld\n", BIO_number_read(in));
+        BIO_printf(bio_err, "bytes written:%8ld\n", BIO_number_written(out));
+    }
+ end:
+    ERR_print_errors(bio_err);
+    if (strbuf != NULL)
+        OPENSSL_free(strbuf);
+    if (buff != NULL)
+        OPENSSL_free(buff);
+    if (in != NULL)
+        BIO_free(in);
+    if (out != NULL)
+        BIO_free_all(out);
+    if (benc != NULL)
+        BIO_free(benc);
+    if (b64 != NULL)
+        BIO_free(b64);
+#ifdef ZLIB
+    if (bzl != NULL)
+        BIO_free(bzl);
+#endif
+    if (pass)
+        OPENSSL_free(pass);
+    apps_shutdown();
+    OPENSSL_EXIT(ret);
+}
+
+int set_hex(char *in, unsigned char *out, int size)
+{
+    int i, n;
+    unsigned char j;
+
+    n = strlen(in);
+    if (n > (size * 2)) {
+        BIO_printf(bio_err, "hex string is too long\n");
+        return (0);
+    }
+    memset(out, 0, size);
+    for (i = 0; i < n; i++) {
+        j = (unsigned char)*in;
+        *(in++) = '\0';
+        if (j == 0)
+            break;
+        if ((j >= '0') && (j <= '9'))
+            j -= '0';
+        else if ((j >= 'A') && (j <= 'F'))
+            j = j - 'A' + 10;
+        else if ((j >= 'a') && (j <= 'f'))
+            j = j - 'a' + 10;
+        else {
+            BIO_printf(bio_err, "non-hex digit\n");
+            return (0);
+        }
+        if (i & 1)
+            out[i / 2] |= j;
+        else
+            out[i / 2] = (j << 4);
+    }
+    return (1);
+}

Deleted: vendor-crypto/openssl/1.0.1u/apps/engine.c
===================================================================
--- vendor-crypto/openssl/dist/apps/engine.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/apps/engine.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,512 +0,0 @@
-/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */
-/*
- * Written by Richard Levitte <richard at levitte.org> for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#ifdef OPENSSL_NO_STDIO
-# define APPS_WIN16
-#endif
-#include "apps.h"
-#include <openssl/err.h>
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-# include <openssl/ssl.h>
-
-# undef PROG
-# define PROG    engine_main
-
-static const char *engine_usage[] = {
-    "usage: engine opts [engine ...]\n",
-    " -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'\n",
-    "               -vv will additionally display each command's description\n",
-    "               -vvv will also add the input flags for each command\n",
-    "               -vvvv will also show internal input flags\n",
-    " -c          - for each engine, also list the capabilities\n",
-    " -t[t]       - for each engine, check that they are really available\n",
-    "               -tt will display error trace for unavailable engines\n",
-    " -pre <cmd>  - runs command 'cmd' against the ENGINE before any attempts\n",
-    "               to load it (if -t is used)\n",
-    " -post <cmd> - runs command 'cmd' against the ENGINE after loading it\n",
-    "               (only used if -t is also provided)\n",
-    " NB: -pre and -post will be applied to all ENGINEs supplied on the command\n",
-    " line, or all supported ENGINEs if none are specified.\n",
-    " Eg. '-pre \"SO_PATH:/lib/libdriver.so\"' calls command \"SO_PATH\" with\n",
-    " argument \"/lib/libdriver.so\".\n",
-    NULL
-};
-
-static void identity(char *ptr)
-{
-    return;
-}
-
-static int append_buf(char **buf, const char *s, int *size, int step)
-{
-    if (*buf == NULL) {
-        *size = step;
-        *buf = OPENSSL_malloc(*size);
-        if (*buf == NULL)
-            return 0;
-        **buf = '\0';
-    }
-
-    if (strlen(*buf) + strlen(s) >= (unsigned int)*size) {
-        *size += step;
-        *buf = OPENSSL_realloc(*buf, *size);
-    }
-
-    if (*buf == NULL)
-        return 0;
-
-    if (**buf != '\0')
-        BUF_strlcat(*buf, ", ", *size);
-    BUF_strlcat(*buf, s, *size);
-
-    return 1;
-}
-
-static int util_flags(BIO *bio_out, unsigned int flags, const char *indent)
-{
-    int started = 0, err = 0;
-    /* Indent before displaying input flags */
-    BIO_printf(bio_out, "%s%s(input flags): ", indent, indent);
-    if (flags == 0) {
-        BIO_printf(bio_out, "<no flags>\n");
-        return 1;
-    }
-    /*
-     * If the object is internal, mark it in a way that shows instead of
-     * having it part of all the other flags, even if it really is.
-     */
-    if (flags & ENGINE_CMD_FLAG_INTERNAL) {
-        BIO_printf(bio_out, "[Internal] ");
-    }
-
-    if (flags & ENGINE_CMD_FLAG_NUMERIC) {
-        BIO_printf(bio_out, "NUMERIC");
-        started = 1;
-    }
-    /*
-     * Now we check that no combinations of the mutually exclusive NUMERIC,
-     * STRING, and NO_INPUT flags have been used. Future flags that can be
-     * OR'd together with these would need to added after these to preserve
-     * the testing logic.
-     */
-    if (flags & ENGINE_CMD_FLAG_STRING) {
-        if (started) {
-            BIO_printf(bio_out, "|");
-            err = 1;
-        }
-        BIO_printf(bio_out, "STRING");
-        started = 1;
-    }
-    if (flags & ENGINE_CMD_FLAG_NO_INPUT) {
-        if (started) {
-            BIO_printf(bio_out, "|");
-            err = 1;
-        }
-        BIO_printf(bio_out, "NO_INPUT");
-        started = 1;
-    }
-    /* Check for unknown flags */
-    flags = flags & ~ENGINE_CMD_FLAG_NUMERIC &
-        ~ENGINE_CMD_FLAG_STRING &
-        ~ENGINE_CMD_FLAG_NO_INPUT & ~ENGINE_CMD_FLAG_INTERNAL;
-    if (flags) {
-        if (started)
-            BIO_printf(bio_out, "|");
-        BIO_printf(bio_out, "<0x%04X>", flags);
-    }
-    if (err)
-        BIO_printf(bio_out, "  <illegal flags!>");
-    BIO_printf(bio_out, "\n");
-    return 1;
-}
-
-static int util_verbose(ENGINE *e, int verbose, BIO *bio_out,
-                        const char *indent)
-{
-    static const int line_wrap = 78;
-    int num;
-    int ret = 0;
-    char *name = NULL;
-    char *desc = NULL;
-    int flags;
-    int xpos = 0;
-    STACK_OF(OPENSSL_STRING) *cmds = NULL;
-    if (!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
-        ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
-                            0, NULL, NULL)) <= 0)) {
-# if 0
-        BIO_printf(bio_out, "%s<no control commands>\n", indent);
-# endif
-        return 1;
-    }
-
-    cmds = sk_OPENSSL_STRING_new_null();
-
-    if (!cmds)
-        goto err;
-    do {
-        int len;
-        /* Get the command input flags */
-        if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
-                                 NULL, NULL)) < 0)
-            goto err;
-        if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4) {
-            /* Get the command name */
-            if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num,
-                                   NULL, NULL)) <= 0)
-                goto err;
-            if ((name = OPENSSL_malloc(len + 1)) == NULL)
-                goto err;
-            if (ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name,
-                            NULL) <= 0)
-                goto err;
-            /* Get the command description */
-            if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num,
-                                   NULL, NULL)) < 0)
-                goto err;
-            if (len > 0) {
-                if ((desc = OPENSSL_malloc(len + 1)) == NULL)
-                    goto err;
-                if (ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc,
-                                NULL) <= 0)
-                    goto err;
-            }
-            /* Now decide on the output */
-            if (xpos == 0)
-                /* Do an indent */
-                xpos = BIO_puts(bio_out, indent);
-            else
-                /* Otherwise prepend a ", " */
-                xpos += BIO_printf(bio_out, ", ");
-            if (verbose == 1) {
-                /*
-                 * We're just listing names, comma-delimited
-                 */
-                if ((xpos > (int)strlen(indent)) &&
-                    (xpos + (int)strlen(name) > line_wrap)) {
-                    BIO_printf(bio_out, "\n");
-                    xpos = BIO_puts(bio_out, indent);
-                }
-                xpos += BIO_printf(bio_out, "%s", name);
-            } else {
-                /* We're listing names plus descriptions */
-                BIO_printf(bio_out, "%s: %s\n", name,
-                           (desc == NULL) ? "<no description>" : desc);
-                /* ... and sometimes input flags */
-                if ((verbose >= 3) && !util_flags(bio_out, flags, indent))
-                    goto err;
-                xpos = 0;
-            }
-        }
-        OPENSSL_free(name);
-        name = NULL;
-        if (desc) {
-            OPENSSL_free(desc);
-            desc = NULL;
-        }
-        /* Move to the next command */
-        num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE, num, NULL, NULL);
-    } while (num > 0);
-    if (xpos > 0)
-        BIO_printf(bio_out, "\n");
-    ret = 1;
- err:
-    if (cmds)
-        sk_OPENSSL_STRING_pop_free(cmds, identity);
-    if (name)
-        OPENSSL_free(name);
-    if (desc)
-        OPENSSL_free(desc);
-    return ret;
-}
-
-static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds,
-                         BIO *bio_out, const char *indent)
-{
-    int loop, res, num = sk_OPENSSL_STRING_num(cmds);
-
-    if (num < 0) {
-        BIO_printf(bio_out, "[Error]: internal stack error\n");
-        return;
-    }
-    for (loop = 0; loop < num; loop++) {
-        char buf[256];
-        const char *cmd, *arg;
-        cmd = sk_OPENSSL_STRING_value(cmds, loop);
-        res = 1;                /* assume success */
-        /* Check if this command has no ":arg" */
-        if ((arg = strstr(cmd, ":")) == NULL) {
-            if (!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0))
-                res = 0;
-        } else {
-            if ((int)(arg - cmd) > 254) {
-                BIO_printf(bio_out, "[Error]: command name too long\n");
-                return;
-            }
-            memcpy(buf, cmd, (int)(arg - cmd));
-            buf[arg - cmd] = '\0';
-            arg++;              /* Move past the ":" */
-            /* Call the command with the argument */
-            if (!ENGINE_ctrl_cmd_string(e, buf, arg, 0))
-                res = 0;
-        }
-        if (res)
-            BIO_printf(bio_out, "[Success]: %s\n", cmd);
-        else {
-            BIO_printf(bio_out, "[Failure]: %s\n", cmd);
-            ERR_print_errors(bio_out);
-        }
-    }
-}
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-{
-    int ret = 1, i;
-    const char **pp;
-    int verbose = 0, list_cap = 0, test_avail = 0, test_avail_noise = 0;
-    ENGINE *e;
-    STACK_OF(OPENSSL_STRING) *engines = sk_OPENSSL_STRING_new_null();
-    STACK_OF(OPENSSL_STRING) *pre_cmds = sk_OPENSSL_STRING_new_null();
-    STACK_OF(OPENSSL_STRING) *post_cmds = sk_OPENSSL_STRING_new_null();
-    int badops = 1;
-    BIO *bio_out = NULL;
-    const char *indent = "     ";
-
-    apps_startup();
-    SSL_load_error_strings();
-
-    if (bio_err == NULL)
-        bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
-
-    if (!load_config(bio_err, NULL))
-        goto end;
-    bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
-# ifdef OPENSSL_SYS_VMS
-    {
-        BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-        bio_out = BIO_push(tmpbio, bio_out);
-    }
-# endif
-
-    argc--;
-    argv++;
-    while (argc >= 1) {
-        if (strncmp(*argv, "-v", 2) == 0) {
-            if (strspn(*argv + 1, "v") < strlen(*argv + 1))
-                goto skip_arg_loop;
-            if ((verbose = strlen(*argv + 1)) > 4)
-                goto skip_arg_loop;
-        } else if (strcmp(*argv, "-c") == 0)
-            list_cap = 1;
-        else if (strncmp(*argv, "-t", 2) == 0) {
-            test_avail = 1;
-            if (strspn(*argv + 1, "t") < strlen(*argv + 1))
-                goto skip_arg_loop;
-            if ((test_avail_noise = strlen(*argv + 1) - 1) > 1)
-                goto skip_arg_loop;
-        } else if (strcmp(*argv, "-pre") == 0) {
-            argc--;
-            argv++;
-            if (argc == 0)
-                goto skip_arg_loop;
-            sk_OPENSSL_STRING_push(pre_cmds, *argv);
-        } else if (strcmp(*argv, "-post") == 0) {
-            argc--;
-            argv++;
-            if (argc == 0)
-                goto skip_arg_loop;
-            sk_OPENSSL_STRING_push(post_cmds, *argv);
-        } else if ((strncmp(*argv, "-h", 2) == 0) ||
-                   (strcmp(*argv, "-?") == 0))
-            goto skip_arg_loop;
-        else
-            sk_OPENSSL_STRING_push(engines, *argv);
-        argc--;
-        argv++;
-    }
-    /* Looks like everything went OK */
-    badops = 0;
- skip_arg_loop:
-
-    if (badops) {
-        for (pp = engine_usage; (*pp != NULL); pp++)
-            BIO_printf(bio_err, "%s", *pp);
-        goto end;
-    }
-
-    if (sk_OPENSSL_STRING_num(engines) == 0) {
-        for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) {
-            sk_OPENSSL_STRING_push(engines, (char *)ENGINE_get_id(e));
-        }
-    }
-
-    for (i = 0; i < sk_OPENSSL_STRING_num(engines); i++) {
-        const char *id = sk_OPENSSL_STRING_value(engines, i);
-        if ((e = ENGINE_by_id(id)) != NULL) {
-            const char *name = ENGINE_get_name(e);
-            /*
-             * Do "id" first, then "name". Easier to auto-parse.
-             */
-            BIO_printf(bio_out, "(%s) %s\n", id, name);
-            util_do_cmds(e, pre_cmds, bio_out, indent);
-            if (strcmp(ENGINE_get_id(e), id) != 0) {
-                BIO_printf(bio_out, "Loaded: (%s) %s\n",
-                           ENGINE_get_id(e), ENGINE_get_name(e));
-            }
-            if (list_cap) {
-                int cap_size = 256;
-                char *cap_buf = NULL;
-                int k, n;
-                const int *nids;
-                ENGINE_CIPHERS_PTR fn_c;
-                ENGINE_DIGESTS_PTR fn_d;
-                ENGINE_PKEY_METHS_PTR fn_pk;
-
-                if (ENGINE_get_RSA(e) != NULL
-                    && !append_buf(&cap_buf, "RSA", &cap_size, 256))
-                    goto end;
-                if (ENGINE_get_DSA(e) != NULL
-                    && !append_buf(&cap_buf, "DSA", &cap_size, 256))
-                    goto end;
-                if (ENGINE_get_DH(e) != NULL
-                    && !append_buf(&cap_buf, "DH", &cap_size, 256))
-                    goto end;
-                if (ENGINE_get_RAND(e) != NULL
-                    && !append_buf(&cap_buf, "RAND", &cap_size, 256))
-                    goto end;
-
-                fn_c = ENGINE_get_ciphers(e);
-                if (!fn_c)
-                    goto skip_ciphers;
-                n = fn_c(e, NULL, &nids, 0);
-                for (k = 0; k < n; ++k)
-                    if (!append_buf(&cap_buf,
-                                    OBJ_nid2sn(nids[k]), &cap_size, 256))
-                        goto end;
-
- skip_ciphers:
-                fn_d = ENGINE_get_digests(e);
-                if (!fn_d)
-                    goto skip_digests;
-                n = fn_d(e, NULL, &nids, 0);
-                for (k = 0; k < n; ++k)
-                    if (!append_buf(&cap_buf,
-                                    OBJ_nid2sn(nids[k]), &cap_size, 256))
-                        goto end;
-
- skip_digests:
-                fn_pk = ENGINE_get_pkey_meths(e);
-                if (!fn_pk)
-                    goto skip_pmeths;
-                n = fn_pk(e, NULL, &nids, 0);
-                for (k = 0; k < n; ++k)
-                    if (!append_buf(&cap_buf,
-                                    OBJ_nid2sn(nids[k]), &cap_size, 256))
-                        goto end;
- skip_pmeths:
-                if (cap_buf && (*cap_buf != '\0'))
-                    BIO_printf(bio_out, " [%s]\n", cap_buf);
-
-                OPENSSL_free(cap_buf);
-            }
-            if (test_avail) {
-                BIO_printf(bio_out, "%s", indent);
-                if (ENGINE_init(e)) {
-                    BIO_printf(bio_out, "[ available ]\n");
-                    util_do_cmds(e, post_cmds, bio_out, indent);
-                    ENGINE_finish(e);
-                } else {
-                    BIO_printf(bio_out, "[ unavailable ]\n");
-                    if (test_avail_noise)
-                        ERR_print_errors_fp(stdout);
-                    ERR_clear_error();
-                }
-            }
-            if ((verbose > 0) && !util_verbose(e, verbose, bio_out, indent))
-                goto end;
-            ENGINE_free(e);
-        } else
-            ERR_print_errors(bio_err);
-    }
-
-    ret = 0;
- end:
-
-    ERR_print_errors(bio_err);
-    sk_OPENSSL_STRING_pop_free(engines, identity);
-    sk_OPENSSL_STRING_pop_free(pre_cmds, identity);
-    sk_OPENSSL_STRING_pop_free(post_cmds, identity);
-    if (bio_out != NULL)
-        BIO_free_all(bio_out);
-    apps_shutdown();
-    OPENSSL_EXIT(ret);
-}
-#else
-
-# if PEDANTIC
-static void *dummy = &dummy;
-# endif
-
-#endif

Copied: vendor-crypto/openssl/1.0.1u/apps/engine.c (from rev 11605, vendor-crypto/openssl/dist/apps/engine.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/apps/engine.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/apps/engine.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,512 @@
+/* apps/engine.c */
+/*
+ * Written by Richard Levitte <richard at levitte.org> for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef OPENSSL_NO_STDIO
+# define APPS_WIN16
+#endif
+#include "apps.h"
+#include <openssl/err.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+# include <openssl/ssl.h>
+
+# undef PROG
+# define PROG    engine_main
+
+static const char *engine_usage[] = {
+    "usage: engine opts [engine ...]\n",
+    " -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'\n",
+    "               -vv will additionally display each command's description\n",
+    "               -vvv will also add the input flags for each command\n",
+    "               -vvvv will also show internal input flags\n",
+    " -c          - for each engine, also list the capabilities\n",
+    " -t[t]       - for each engine, check that they are really available\n",
+    "               -tt will display error trace for unavailable engines\n",
+    " -pre <cmd>  - runs command 'cmd' against the ENGINE before any attempts\n",
+    "               to load it (if -t is used)\n",
+    " -post <cmd> - runs command 'cmd' against the ENGINE after loading it\n",
+    "               (only used if -t is also provided)\n",
+    " NB: -pre and -post will be applied to all ENGINEs supplied on the command\n",
+    " line, or all supported ENGINEs if none are specified.\n",
+    " Eg. '-pre \"SO_PATH:/lib/libdriver.so\"' calls command \"SO_PATH\" with\n",
+    " argument \"/lib/libdriver.so\".\n",
+    NULL
+};
+
+static void identity(char *ptr)
+{
+    return;
+}
+
+static int append_buf(char **buf, const char *s, int *size, int step)
+{
+    if (*buf == NULL) {
+        *size = step;
+        *buf = OPENSSL_malloc(*size);
+        if (*buf == NULL)
+            return 0;
+        **buf = '\0';
+    }
+
+    if (strlen(*buf) + strlen(s) >= (unsigned int)*size) {
+        *size += step;
+        *buf = OPENSSL_realloc(*buf, *size);
+    }
+
+    if (*buf == NULL)
+        return 0;
+
+    if (**buf != '\0')
+        BUF_strlcat(*buf, ", ", *size);
+    BUF_strlcat(*buf, s, *size);
+
+    return 1;
+}
+
+static int util_flags(BIO *bio_out, unsigned int flags, const char *indent)
+{
+    int started = 0, err = 0;
+    /* Indent before displaying input flags */
+    BIO_printf(bio_out, "%s%s(input flags): ", indent, indent);
+    if (flags == 0) {
+        BIO_printf(bio_out, "<no flags>\n");
+        return 1;
+    }
+    /*
+     * If the object is internal, mark it in a way that shows instead of
+     * having it part of all the other flags, even if it really is.
+     */
+    if (flags & ENGINE_CMD_FLAG_INTERNAL) {
+        BIO_printf(bio_out, "[Internal] ");
+    }
+
+    if (flags & ENGINE_CMD_FLAG_NUMERIC) {
+        BIO_printf(bio_out, "NUMERIC");
+        started = 1;
+    }
+    /*
+     * Now we check that no combinations of the mutually exclusive NUMERIC,
+     * STRING, and NO_INPUT flags have been used. Future flags that can be
+     * OR'd together with these would need to added after these to preserve
+     * the testing logic.
+     */
+    if (flags & ENGINE_CMD_FLAG_STRING) {
+        if (started) {
+            BIO_printf(bio_out, "|");
+            err = 1;
+        }
+        BIO_printf(bio_out, "STRING");
+        started = 1;
+    }
+    if (flags & ENGINE_CMD_FLAG_NO_INPUT) {
+        if (started) {
+            BIO_printf(bio_out, "|");
+            err = 1;
+        }
+        BIO_printf(bio_out, "NO_INPUT");
+        started = 1;
+    }
+    /* Check for unknown flags */
+    flags = flags & ~ENGINE_CMD_FLAG_NUMERIC &
+        ~ENGINE_CMD_FLAG_STRING &
+        ~ENGINE_CMD_FLAG_NO_INPUT & ~ENGINE_CMD_FLAG_INTERNAL;
+    if (flags) {
+        if (started)
+            BIO_printf(bio_out, "|");
+        BIO_printf(bio_out, "<0x%04X>", flags);
+    }
+    if (err)
+        BIO_printf(bio_out, "  <illegal flags!>");
+    BIO_printf(bio_out, "\n");
+    return 1;
+}
+
+static int util_verbose(ENGINE *e, int verbose, BIO *bio_out,
+                        const char *indent)
+{
+    static const int line_wrap = 78;
+    int num;
+    int ret = 0;
+    char *name = NULL;
+    char *desc = NULL;
+    int flags;
+    int xpos = 0;
+    STACK_OF(OPENSSL_STRING) *cmds = NULL;
+    if (!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
+        ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
+                            0, NULL, NULL)) <= 0)) {
+# if 0
+        BIO_printf(bio_out, "%s<no control commands>\n", indent);
+# endif
+        return 1;
+    }
+
+    cmds = sk_OPENSSL_STRING_new_null();
+
+    if (!cmds)
+        goto err;
+    do {
+        int len;
+        /* Get the command input flags */
+        if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
+                                 NULL, NULL)) < 0)
+            goto err;
+        if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4) {
+            /* Get the command name */
+            if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num,
+                                   NULL, NULL)) <= 0)
+                goto err;
+            if ((name = OPENSSL_malloc(len + 1)) == NULL)
+                goto err;
+            if (ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name,
+                            NULL) <= 0)
+                goto err;
+            /* Get the command description */
+            if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num,
+                                   NULL, NULL)) < 0)
+                goto err;
+            if (len > 0) {
+                if ((desc = OPENSSL_malloc(len + 1)) == NULL)
+                    goto err;
+                if (ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc,
+                                NULL) <= 0)
+                    goto err;
+            }
+            /* Now decide on the output */
+            if (xpos == 0)
+                /* Do an indent */
+                xpos = BIO_puts(bio_out, indent);
+            else
+                /* Otherwise prepend a ", " */
+                xpos += BIO_printf(bio_out, ", ");
+            if (verbose == 1) {
+                /*
+                 * We're just listing names, comma-delimited
+                 */
+                if ((xpos > (int)strlen(indent)) &&
+                    (xpos + (int)strlen(name) > line_wrap)) {
+                    BIO_printf(bio_out, "\n");
+                    xpos = BIO_puts(bio_out, indent);
+                }
+                xpos += BIO_printf(bio_out, "%s", name);
+            } else {
+                /* We're listing names plus descriptions */
+                BIO_printf(bio_out, "%s: %s\n", name,
+                           (desc == NULL) ? "<no description>" : desc);
+                /* ... and sometimes input flags */
+                if ((verbose >= 3) && !util_flags(bio_out, flags, indent))
+                    goto err;
+                xpos = 0;
+            }
+        }
+        OPENSSL_free(name);
+        name = NULL;
+        if (desc) {
+            OPENSSL_free(desc);
+            desc = NULL;
+        }
+        /* Move to the next command */
+        num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE, num, NULL, NULL);
+    } while (num > 0);
+    if (xpos > 0)
+        BIO_printf(bio_out, "\n");
+    ret = 1;
+ err:
+    if (cmds)
+        sk_OPENSSL_STRING_pop_free(cmds, identity);
+    if (name)
+        OPENSSL_free(name);
+    if (desc)
+        OPENSSL_free(desc);
+    return ret;
+}
+
+static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds,
+                         BIO *bio_out, const char *indent)
+{
+    int loop, res, num = sk_OPENSSL_STRING_num(cmds);
+
+    if (num < 0) {
+        BIO_printf(bio_out, "[Error]: internal stack error\n");
+        return;
+    }
+    for (loop = 0; loop < num; loop++) {
+        char buf[256];
+        const char *cmd, *arg;
+        cmd = sk_OPENSSL_STRING_value(cmds, loop);
+        res = 1;                /* assume success */
+        /* Check if this command has no ":arg" */
+        if ((arg = strstr(cmd, ":")) == NULL) {
+            if (!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0))
+                res = 0;
+        } else {
+            if ((int)(arg - cmd) > 254) {
+                BIO_printf(bio_out, "[Error]: command name too long\n");
+                return;
+            }
+            memcpy(buf, cmd, (int)(arg - cmd));
+            buf[arg - cmd] = '\0';
+            arg++;              /* Move past the ":" */
+            /* Call the command with the argument */
+            if (!ENGINE_ctrl_cmd_string(e, buf, arg, 0))
+                res = 0;
+        }
+        if (res)
+            BIO_printf(bio_out, "[Success]: %s\n", cmd);
+        else {
+            BIO_printf(bio_out, "[Failure]: %s\n", cmd);
+            ERR_print_errors(bio_out);
+        }
+    }
+}
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+    int ret = 1, i;
+    const char **pp;
+    int verbose = 0, list_cap = 0, test_avail = 0, test_avail_noise = 0;
+    ENGINE *e;
+    STACK_OF(OPENSSL_STRING) *engines = sk_OPENSSL_STRING_new_null();
+    STACK_OF(OPENSSL_STRING) *pre_cmds = sk_OPENSSL_STRING_new_null();
+    STACK_OF(OPENSSL_STRING) *post_cmds = sk_OPENSSL_STRING_new_null();
+    int badops = 1;
+    BIO *bio_out = NULL;
+    const char *indent = "     ";
+
+    apps_startup();
+    SSL_load_error_strings();
+
+    if (bio_err == NULL)
+        bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+    if (!load_config(bio_err, NULL))
+        goto end;
+    bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
+# ifdef OPENSSL_SYS_VMS
+    {
+        BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+        bio_out = BIO_push(tmpbio, bio_out);
+    }
+# endif
+
+    argc--;
+    argv++;
+    while (argc >= 1) {
+        if (strncmp(*argv, "-v", 2) == 0) {
+            if (strspn(*argv + 1, "v") < strlen(*argv + 1))
+                goto skip_arg_loop;
+            if ((verbose = strlen(*argv + 1)) > 4)
+                goto skip_arg_loop;
+        } else if (strcmp(*argv, "-c") == 0)
+            list_cap = 1;
+        else if (strncmp(*argv, "-t", 2) == 0) {
+            test_avail = 1;
+            if (strspn(*argv + 1, "t") < strlen(*argv + 1))
+                goto skip_arg_loop;
+            if ((test_avail_noise = strlen(*argv + 1) - 1) > 1)
+                goto skip_arg_loop;
+        } else if (strcmp(*argv, "-pre") == 0) {
+            argc--;
+            argv++;
+            if (argc == 0)
+                goto skip_arg_loop;
+            sk_OPENSSL_STRING_push(pre_cmds, *argv);
+        } else if (strcmp(*argv, "-post") == 0) {
+            argc--;
+            argv++;
+            if (argc == 0)
+                goto skip_arg_loop;
+            sk_OPENSSL_STRING_push(post_cmds, *argv);
+        } else if ((strncmp(*argv, "-h", 2) == 0) ||
+                   (strcmp(*argv, "-?") == 0))
+            goto skip_arg_loop;
+        else
+            sk_OPENSSL_STRING_push(engines, *argv);
+        argc--;
+        argv++;
+    }
+    /* Looks like everything went OK */
+    badops = 0;
+ skip_arg_loop:
+
+    if (badops) {
+        for (pp = engine_usage; (*pp != NULL); pp++)
+            BIO_printf(bio_err, "%s", *pp);
+        goto end;
+    }
+
+    if (sk_OPENSSL_STRING_num(engines) == 0) {
+        for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) {
+            sk_OPENSSL_STRING_push(engines, (char *)ENGINE_get_id(e));
+        }
+    }
+
+    for (i = 0; i < sk_OPENSSL_STRING_num(engines); i++) {
+        const char *id = sk_OPENSSL_STRING_value(engines, i);
+        if ((e = ENGINE_by_id(id)) != NULL) {
+            const char *name = ENGINE_get_name(e);
+            /*
+             * Do "id" first, then "name". Easier to auto-parse.
+             */
+            BIO_printf(bio_out, "(%s) %s\n", id, name);
+            util_do_cmds(e, pre_cmds, bio_out, indent);
+            if (strcmp(ENGINE_get_id(e), id) != 0) {
+                BIO_printf(bio_out, "Loaded: (%s) %s\n",
+                           ENGINE_get_id(e), ENGINE_get_name(e));
+            }
+            if (list_cap) {
+                int cap_size = 256;
+                char *cap_buf = NULL;
+                int k, n;
+                const int *nids;
+                ENGINE_CIPHERS_PTR fn_c;
+                ENGINE_DIGESTS_PTR fn_d;
+                ENGINE_PKEY_METHS_PTR fn_pk;
+
+                if (ENGINE_get_RSA(e) != NULL
+                    && !append_buf(&cap_buf, "RSA", &cap_size, 256))
+                    goto end;
+                if (ENGINE_get_DSA(e) != NULL
+                    && !append_buf(&cap_buf, "DSA", &cap_size, 256))
+                    goto end;
+                if (ENGINE_get_DH(e) != NULL
+                    && !append_buf(&cap_buf, "DH", &cap_size, 256))
+                    goto end;
+                if (ENGINE_get_RAND(e) != NULL
+                    && !append_buf(&cap_buf, "RAND", &cap_size, 256))
+                    goto end;
+
+                fn_c = ENGINE_get_ciphers(e);
+                if (!fn_c)
+                    goto skip_ciphers;
+                n = fn_c(e, NULL, &nids, 0);
+                for (k = 0; k < n; ++k)
+                    if (!append_buf(&cap_buf,
+                                    OBJ_nid2sn(nids[k]), &cap_size, 256))
+                        goto end;
+
+ skip_ciphers:
+                fn_d = ENGINE_get_digests(e);
+                if (!fn_d)
+                    goto skip_digests;
+                n = fn_d(e, NULL, &nids, 0);
+                for (k = 0; k < n; ++k)
+                    if (!append_buf(&cap_buf,
+                                    OBJ_nid2sn(nids[k]), &cap_size, 256))
+                        goto end;
+
+ skip_digests:
+                fn_pk = ENGINE_get_pkey_meths(e);
+                if (!fn_pk)
+                    goto skip_pmeths;
+                n = fn_pk(e, NULL, &nids, 0);
+                for (k = 0; k < n; ++k)
+                    if (!append_buf(&cap_buf,
+                                    OBJ_nid2sn(nids[k]), &cap_size, 256))
+                        goto end;
+ skip_pmeths:
+                if (cap_buf && (*cap_buf != '\0'))
+                    BIO_printf(bio_out, " [%s]\n", cap_buf);
+
+                OPENSSL_free(cap_buf);
+            }
+            if (test_avail) {
+                BIO_printf(bio_out, "%s", indent);
+                if (ENGINE_init(e)) {
+                    BIO_printf(bio_out, "[ available ]\n");
+                    util_do_cmds(e, post_cmds, bio_out, indent);
+                    ENGINE_finish(e);
+                } else {
+                    BIO_printf(bio_out, "[ unavailable ]\n");
+                    if (test_avail_noise)
+                        ERR_print_errors_fp(stdout);
+                    ERR_clear_error();
+                }
+            }
+            if ((verbose > 0) && !util_verbose(e, verbose, bio_out, indent))
+                goto end;
+            ENGINE_free(e);
+        } else
+            ERR_print_errors(bio_err);
+    }
+
+    ret = 0;
+ end:
+
+    ERR_print_errors(bio_err);
+    sk_OPENSSL_STRING_pop_free(engines, identity);
+    sk_OPENSSL_STRING_pop_free(pre_cmds, identity);
+    sk_OPENSSL_STRING_pop_free(post_cmds, identity);
+    if (bio_out != NULL)
+        BIO_free_all(bio_out);
+    apps_shutdown();
+    OPENSSL_EXIT(ret);
+}
+#else
+
+# if PEDANTIC
+static void *dummy = &dummy;
+# endif
+
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/apps/md4.c
===================================================================
--- vendor-crypto/openssl/dist/apps/md4.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/apps/md4.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/../crypto/md4/md4.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/apps/ocsp.c
===================================================================
--- vendor-crypto/openssl/dist/apps/ocsp.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/apps/ocsp.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,1325 +0,0 @@
-/* ocsp.c */
-/*
- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-#ifndef OPENSSL_NO_OCSP
-
-# ifdef OPENSSL_SYS_VMS
-#  define _XOPEN_SOURCE_EXTENDED/* So fd_set and friends get properly defined
-                                 * on OpenVMS */
-# endif
-
-# define USE_SOCKETS
-
-# include <stdio.h>
-# include <stdlib.h>
-# include <string.h>
-# include <time.h>
-# include "apps.h"              /* needs to be included before the openssl
-                                 * headers! */
-# include <openssl/e_os2.h>
-# include <openssl/crypto.h>
-# include <openssl/err.h>
-# include <openssl/ssl.h>
-# include <openssl/evp.h>
-# include <openssl/bn.h>
-# include <openssl/x509v3.h>
-
-# if defined(NETWARE_CLIB)
-#  ifdef NETWARE_BSDSOCK
-#   include <sys/socket.h>
-#   include <sys/bsdskt.h>
-#  else
-#   include <novsock2.h>
-#  endif
-# elif defined(NETWARE_LIBC)
-#  ifdef NETWARE_BSDSOCK
-#   include <sys/select.h>
-#  else
-#   include <novsock2.h>
-#  endif
-# endif
-
-/* Maximum leeway in validity period: default 5 minutes */
-# define MAX_VALIDITY_PERIOD     (5 * 60)
-
-static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert,
-                         const EVP_MD *cert_id_md, X509 *issuer,
-                         STACK_OF(OCSP_CERTID) *ids);
-static int add_ocsp_serial(OCSP_REQUEST **req, char *serial,
-                           const EVP_MD *cert_id_md, X509 *issuer,
-                           STACK_OF(OCSP_CERTID) *ids);
-static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
-                              STACK_OF(OPENSSL_STRING) *names,
-                              STACK_OF(OCSP_CERTID) *ids, long nsec,
-                              long maxage);
-
-static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req,
-                              CA_DB *db, X509 *ca, X509 *rcert,
-                              EVP_PKEY *rkey, STACK_OF(X509) *rother,
-                              unsigned long flags, int nmin, int ndays);
-
-static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
-static BIO *init_responder(char *port);
-static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
-                        char *port);
-static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
-static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
-                                      STACK_OF(CONF_VALUE) *headers,
-                                      OCSP_REQUEST *req, int req_timeout);
-
-# undef PROG
-# define PROG ocsp_main
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-{
-    ENGINE *e = NULL;
-    char **args;
-    char *host = NULL, *port = NULL, *path = "/";
-    char *thost = NULL, *tport = NULL, *tpath = NULL;
-    char *reqin = NULL, *respin = NULL;
-    char *reqout = NULL, *respout = NULL;
-    char *signfile = NULL, *keyfile = NULL;
-    char *rsignfile = NULL, *rkeyfile = NULL;
-    char *outfile = NULL;
-    int add_nonce = 1, noverify = 0, use_ssl = -1;
-    STACK_OF(CONF_VALUE) *headers = NULL;
-    OCSP_REQUEST *req = NULL;
-    OCSP_RESPONSE *resp = NULL;
-    OCSP_BASICRESP *bs = NULL;
-    X509 *issuer = NULL, *cert = NULL;
-    X509 *signer = NULL, *rsigner = NULL;
-    EVP_PKEY *key = NULL, *rkey = NULL;
-    BIO *acbio = NULL, *cbio = NULL;
-    BIO *derbio = NULL;
-    BIO *out = NULL;
-    int req_timeout = -1;
-    int req_text = 0, resp_text = 0;
-    long nsec = MAX_VALIDITY_PERIOD, maxage = -1;
-    char *CAfile = NULL, *CApath = NULL;
-    X509_STORE *store = NULL;
-    STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL;
-    char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL;
-    unsigned long sign_flags = 0, verify_flags = 0, rflags = 0;
-    int ret = 1;
-    int accept_count = -1;
-    int badarg = 0;
-    int i;
-    int ignore_err = 0;
-    STACK_OF(OPENSSL_STRING) *reqnames = NULL;
-    STACK_OF(OCSP_CERTID) *ids = NULL;
-
-    X509 *rca_cert = NULL;
-    char *ridx_filename = NULL;
-    char *rca_filename = NULL;
-    CA_DB *rdb = NULL;
-    int nmin = 0, ndays = -1;
-    const EVP_MD *cert_id_md = NULL;
-
-    if (bio_err == NULL)
-        bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
-
-    if (!load_config(bio_err, NULL))
-        goto end;
-    SSL_load_error_strings();
-    OpenSSL_add_ssl_algorithms();
-    args = argv + 1;
-    reqnames = sk_OPENSSL_STRING_new_null();
-    ids = sk_OCSP_CERTID_new_null();
-    while (!badarg && *args && *args[0] == '-') {
-        if (!strcmp(*args, "-out")) {
-            if (args[1]) {
-                args++;
-                outfile = *args;
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-timeout")) {
-            if (args[1]) {
-                args++;
-                req_timeout = atol(*args);
-                if (req_timeout < 0) {
-                    BIO_printf(bio_err, "Illegal timeout value %s\n", *args);
-                    badarg = 1;
-                }
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-url")) {
-            if (thost)
-                OPENSSL_free(thost);
-            if (tport)
-                OPENSSL_free(tport);
-            if (tpath)
-                OPENSSL_free(tpath);
-            if (args[1]) {
-                args++;
-                if (!OCSP_parse_url(*args, &host, &port, &path, &use_ssl)) {
-                    BIO_printf(bio_err, "Error parsing URL\n");
-                    badarg = 1;
-                }
-                thost = host;
-                tport = port;
-                tpath = path;
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-host")) {
-            if (args[1]) {
-                args++;
-                host = *args;
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-port")) {
-            if (args[1]) {
-                args++;
-                port = *args;
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-header")) {
-            if (args[1] && args[2]) {
-                if (!X509V3_add_value(args[1], args[2], &headers))
-                    goto end;
-                args += 2;
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-ignore_err"))
-            ignore_err = 1;
-        else if (!strcmp(*args, "-noverify"))
-            noverify = 1;
-        else if (!strcmp(*args, "-nonce"))
-            add_nonce = 2;
-        else if (!strcmp(*args, "-no_nonce"))
-            add_nonce = 0;
-        else if (!strcmp(*args, "-resp_no_certs"))
-            rflags |= OCSP_NOCERTS;
-        else if (!strcmp(*args, "-resp_key_id"))
-            rflags |= OCSP_RESPID_KEY;
-        else if (!strcmp(*args, "-no_certs"))
-            sign_flags |= OCSP_NOCERTS;
-        else if (!strcmp(*args, "-no_signature_verify"))
-            verify_flags |= OCSP_NOSIGS;
-        else if (!strcmp(*args, "-no_cert_verify"))
-            verify_flags |= OCSP_NOVERIFY;
-        else if (!strcmp(*args, "-no_chain"))
-            verify_flags |= OCSP_NOCHAIN;
-        else if (!strcmp(*args, "-no_cert_checks"))
-            verify_flags |= OCSP_NOCHECKS;
-        else if (!strcmp(*args, "-no_explicit"))
-            verify_flags |= OCSP_NOEXPLICIT;
-        else if (!strcmp(*args, "-trust_other"))
-            verify_flags |= OCSP_TRUSTOTHER;
-        else if (!strcmp(*args, "-no_intern"))
-            verify_flags |= OCSP_NOINTERN;
-        else if (!strcmp(*args, "-text")) {
-            req_text = 1;
-            resp_text = 1;
-        } else if (!strcmp(*args, "-req_text"))
-            req_text = 1;
-        else if (!strcmp(*args, "-resp_text"))
-            resp_text = 1;
-        else if (!strcmp(*args, "-reqin")) {
-            if (args[1]) {
-                args++;
-                reqin = *args;
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-respin")) {
-            if (args[1]) {
-                args++;
-                respin = *args;
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-signer")) {
-            if (args[1]) {
-                args++;
-                signfile = *args;
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-VAfile")) {
-            if (args[1]) {
-                args++;
-                verify_certfile = *args;
-                verify_flags |= OCSP_TRUSTOTHER;
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-sign_other")) {
-            if (args[1]) {
-                args++;
-                sign_certfile = *args;
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-verify_other")) {
-            if (args[1]) {
-                args++;
-                verify_certfile = *args;
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-CAfile")) {
-            if (args[1]) {
-                args++;
-                CAfile = *args;
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-CApath")) {
-            if (args[1]) {
-                args++;
-                CApath = *args;
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-validity_period")) {
-            if (args[1]) {
-                args++;
-                nsec = atol(*args);
-                if (nsec < 0) {
-                    BIO_printf(bio_err,
-                               "Illegal validity period %s\n", *args);
-                    badarg = 1;
-                }
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-status_age")) {
-            if (args[1]) {
-                args++;
-                maxage = atol(*args);
-                if (maxage < 0) {
-                    BIO_printf(bio_err, "Illegal validity age %s\n", *args);
-                    badarg = 1;
-                }
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-signkey")) {
-            if (args[1]) {
-                args++;
-                keyfile = *args;
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-reqout")) {
-            if (args[1]) {
-                args++;
-                reqout = *args;
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-respout")) {
-            if (args[1]) {
-                args++;
-                respout = *args;
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-path")) {
-            if (args[1]) {
-                args++;
-                path = *args;
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-issuer")) {
-            if (args[1]) {
-                args++;
-                X509_free(issuer);
-                issuer = load_cert(bio_err, *args, FORMAT_PEM,
-                                   NULL, e, "issuer certificate");
-                if (!issuer)
-                    goto end;
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-cert")) {
-            if (args[1]) {
-                args++;
-                X509_free(cert);
-                cert = load_cert(bio_err, *args, FORMAT_PEM,
-                                 NULL, e, "certificate");
-                if (!cert)
-                    goto end;
-                if (!cert_id_md)
-                    cert_id_md = EVP_sha1();
-                if (!add_ocsp_cert(&req, cert, cert_id_md, issuer, ids))
-                    goto end;
-                if (!sk_OPENSSL_STRING_push(reqnames, *args))
-                    goto end;
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-serial")) {
-            if (args[1]) {
-                args++;
-                if (!cert_id_md)
-                    cert_id_md = EVP_sha1();
-                if (!add_ocsp_serial(&req, *args, cert_id_md, issuer, ids))
-                    goto end;
-                if (!sk_OPENSSL_STRING_push(reqnames, *args))
-                    goto end;
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-index")) {
-            if (args[1]) {
-                args++;
-                ridx_filename = *args;
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-CA")) {
-            if (args[1]) {
-                args++;
-                rca_filename = *args;
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-nmin")) {
-            if (args[1]) {
-                args++;
-                nmin = atol(*args);
-                if (nmin < 0) {
-                    BIO_printf(bio_err, "Illegal update period %s\n", *args);
-                    badarg = 1;
-                }
-            }
-            if (ndays == -1)
-                ndays = 0;
-            else
-                badarg = 1;
-        } else if (!strcmp(*args, "-nrequest")) {
-            if (args[1]) {
-                args++;
-                accept_count = atol(*args);
-                if (accept_count < 0) {
-                    BIO_printf(bio_err, "Illegal accept count %s\n", *args);
-                    badarg = 1;
-                }
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-ndays")) {
-            if (args[1]) {
-                args++;
-                ndays = atol(*args);
-                if (ndays < 0) {
-                    BIO_printf(bio_err, "Illegal update period %s\n", *args);
-                    badarg = 1;
-                }
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-rsigner")) {
-            if (args[1]) {
-                args++;
-                rsignfile = *args;
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-rkey")) {
-            if (args[1]) {
-                args++;
-                rkeyfile = *args;
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-rother")) {
-            if (args[1]) {
-                args++;
-                rcertfile = *args;
-            } else
-                badarg = 1;
-        } else if ((cert_id_md = EVP_get_digestbyname((*args) + 1)) == NULL) {
-            badarg = 1;
-        }
-        args++;
-    }
-
-    /* Have we anything to do? */
-    if (!req && !reqin && !respin && !(port && ridx_filename))
-        badarg = 1;
-
-    if (badarg) {
-        BIO_printf(bio_err, "OCSP utility\n");
-        BIO_printf(bio_err, "Usage ocsp [options]\n");
-        BIO_printf(bio_err, "where options are\n");
-        BIO_printf(bio_err, "-out file            output filename\n");
-        BIO_printf(bio_err, "-issuer file         issuer certificate\n");
-        BIO_printf(bio_err, "-cert file           certificate to check\n");
-        BIO_printf(bio_err, "-serial n            serial number to check\n");
-        BIO_printf(bio_err,
-                   "-signer file         certificate to sign OCSP request with\n");
-        BIO_printf(bio_err,
-                   "-signkey file        private key to sign OCSP request with\n");
-        BIO_printf(bio_err,
-                   "-sign_other file     additional certificates to include in signed request\n");
-        BIO_printf(bio_err,
-                   "-no_certs            don't include any certificates in signed request\n");
-        BIO_printf(bio_err,
-                   "-req_text            print text form of request\n");
-        BIO_printf(bio_err,
-                   "-resp_text           print text form of response\n");
-        BIO_printf(bio_err,
-                   "-text                print text form of request and response\n");
-        BIO_printf(bio_err,
-                   "-reqout file         write DER encoded OCSP request to \"file\"\n");
-        BIO_printf(bio_err,
-                   "-respout file        write DER encoded OCSP reponse to \"file\"\n");
-        BIO_printf(bio_err,
-                   "-reqin file          read DER encoded OCSP request from \"file\"\n");
-        BIO_printf(bio_err,
-                   "-respin file         read DER encoded OCSP reponse from \"file\"\n");
-        BIO_printf(bio_err,
-                   "-nonce               add OCSP nonce to request\n");
-        BIO_printf(bio_err,
-                   "-no_nonce            don't add OCSP nonce to request\n");
-        BIO_printf(bio_err, "-url URL             OCSP responder URL\n");
-        BIO_printf(bio_err,
-                   "-host host:n         send OCSP request to host on port n\n");
-        BIO_printf(bio_err,
-                   "-path                path to use in OCSP request\n");
-        BIO_printf(bio_err,
-                   "-CApath dir          trusted certificates directory\n");
-        BIO_printf(bio_err,
-                   "-CAfile file         trusted certificates file\n");
-        BIO_printf(bio_err,
-                   "-no_alt_chains       only ever use the first certificate chain found\n");
-        BIO_printf(bio_err,
-                   "-VAfile file         validator certificates file\n");
-        BIO_printf(bio_err,
-                   "-validity_period n   maximum validity discrepancy in seconds\n");
-        BIO_printf(bio_err,
-                   "-status_age n        maximum status age in seconds\n");
-        BIO_printf(bio_err,
-                   "-noverify            don't verify response at all\n");
-        BIO_printf(bio_err,
-                   "-verify_other file   additional certificates to search for signer\n");
-        BIO_printf(bio_err,
-                   "-trust_other         don't verify additional certificates\n");
-        BIO_printf(bio_err,
-                   "-no_intern           don't search certificates contained in response for signer\n");
-        BIO_printf(bio_err,
-                   "-no_signature_verify don't check signature on response\n");
-        BIO_printf(bio_err,
-                   "-no_cert_verify      don't check signing certificate\n");
-        BIO_printf(bio_err,
-                   "-no_chain            don't chain verify response\n");
-        BIO_printf(bio_err,
-                   "-no_cert_checks      don't do additional checks on signing certificate\n");
-        BIO_printf(bio_err,
-                   "-port num            port to run responder on\n");
-        BIO_printf(bio_err,
-                   "-index file          certificate status index file\n");
-        BIO_printf(bio_err, "-CA file             CA certificate\n");
-        BIO_printf(bio_err,
-                   "-rsigner file        responder certificate to sign responses with\n");
-        BIO_printf(bio_err,
-                   "-rkey file           responder key to sign responses with\n");
-        BIO_printf(bio_err,
-                   "-rother file         other certificates to include in response\n");
-        BIO_printf(bio_err,
-                   "-resp_no_certs       don't include any certificates in response\n");
-        BIO_printf(bio_err,
-                   "-nmin n              number of minutes before next update\n");
-        BIO_printf(bio_err,
-                   "-ndays n             number of days before next update\n");
-        BIO_printf(bio_err,
-                   "-resp_key_id         identify reponse by signing certificate key ID\n");
-        BIO_printf(bio_err,
-                   "-nrequest n          number of requests to accept (default unlimited)\n");
-        BIO_printf(bio_err,
-                   "-<dgst alg>          use specified digest in the request\n");
-        BIO_printf(bio_err,
-                   "-timeout n           timeout connection to OCSP responder after n seconds\n");
-        goto end;
-    }
-
-    if (outfile)
-        out = BIO_new_file(outfile, "w");
-    else
-        out = BIO_new_fp(stdout, BIO_NOCLOSE);
-
-    if (!out) {
-        BIO_printf(bio_err, "Error opening output file\n");
-        goto end;
-    }
-
-    if (!req && (add_nonce != 2))
-        add_nonce = 0;
-
-    if (!req && reqin) {
-        derbio = BIO_new_file(reqin, "rb");
-        if (!derbio) {
-            BIO_printf(bio_err, "Error Opening OCSP request file\n");
-            goto end;
-        }
-        req = d2i_OCSP_REQUEST_bio(derbio, NULL);
-        BIO_free(derbio);
-        if (!req) {
-            BIO_printf(bio_err, "Error reading OCSP request\n");
-            goto end;
-        }
-    }
-
-    if (!req && port) {
-        acbio = init_responder(port);
-        if (!acbio)
-            goto end;
-    }
-
-    if (rsignfile && !rdb) {
-        if (!rkeyfile)
-            rkeyfile = rsignfile;
-        rsigner = load_cert(bio_err, rsignfile, FORMAT_PEM,
-                            NULL, e, "responder certificate");
-        if (!rsigner) {
-            BIO_printf(bio_err, "Error loading responder certificate\n");
-            goto end;
-        }
-        rca_cert = load_cert(bio_err, rca_filename, FORMAT_PEM,
-                             NULL, e, "CA certificate");
-        if (rcertfile) {
-            rother = load_certs(bio_err, rcertfile, FORMAT_PEM,
-                                NULL, e, "responder other certificates");
-            if (!rother)
-                goto end;
-        }
-        rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, 0, NULL, NULL,
-                        "responder private key");
-        if (!rkey)
-            goto end;
-    }
-    if (acbio)
-        BIO_printf(bio_err, "Waiting for OCSP client connections...\n");
-
- redo_accept:
-
-    if (acbio) {
-        if (!do_responder(&req, &cbio, acbio, port))
-            goto end;
-        if (!req) {
-            resp =
-                OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST,
-                                     NULL);
-            send_ocsp_response(cbio, resp);
-            goto done_resp;
-        }
-    }
-
-    if (!req && (signfile || reqout || host || add_nonce || ridx_filename)) {
-        BIO_printf(bio_err, "Need an OCSP request for this operation!\n");
-        goto end;
-    }
-
-    if (req && add_nonce)
-        OCSP_request_add1_nonce(req, NULL, -1);
-
-    if (signfile) {
-        if (!keyfile)
-            keyfile = signfile;
-        signer = load_cert(bio_err, signfile, FORMAT_PEM,
-                           NULL, e, "signer certificate");
-        if (!signer) {
-            BIO_printf(bio_err, "Error loading signer certificate\n");
-            goto end;
-        }
-        if (sign_certfile) {
-            sign_other = load_certs(bio_err, sign_certfile, FORMAT_PEM,
-                                    NULL, e, "signer certificates");
-            if (!sign_other)
-                goto end;
-        }
-        key = load_key(bio_err, keyfile, FORMAT_PEM, 0, NULL, NULL,
-                       "signer private key");
-        if (!key)
-            goto end;
-
-        if (!OCSP_request_sign
-            (req, signer, key, NULL, sign_other, sign_flags)) {
-            BIO_printf(bio_err, "Error signing OCSP request\n");
-            goto end;
-        }
-    }
-
-    if (req_text && req)
-        OCSP_REQUEST_print(out, req, 0);
-
-    if (reqout) {
-        derbio = BIO_new_file(reqout, "wb");
-        if (!derbio) {
-            BIO_printf(bio_err, "Error opening file %s\n", reqout);
-            goto end;
-        }
-        i2d_OCSP_REQUEST_bio(derbio, req);
-        BIO_free(derbio);
-    }
-
-    if (ridx_filename && (!rkey || !rsigner || !rca_cert)) {
-        BIO_printf(bio_err,
-                   "Need a responder certificate, key and CA for this operation!\n");
-        goto end;
-    }
-
-    if (ridx_filename && !rdb) {
-        rdb = load_index(ridx_filename, NULL);
-        if (!rdb)
-            goto end;
-        if (!index_index(rdb))
-            goto end;
-    }
-
-    if (rdb) {
-        i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey,
-                               rother, rflags, nmin, ndays);
-        if (cbio)
-            send_ocsp_response(cbio, resp);
-    } else if (host) {
-# ifndef OPENSSL_NO_SOCK
-        resp = process_responder(bio_err, req, host, path,
-                                 port, use_ssl, headers, req_timeout);
-        if (!resp)
-            goto end;
-# else
-        BIO_printf(bio_err,
-                   "Error creating connect BIO - sockets not supported.\n");
-        goto end;
-# endif
-    } else if (respin) {
-        derbio = BIO_new_file(respin, "rb");
-        if (!derbio) {
-            BIO_printf(bio_err, "Error Opening OCSP response file\n");
-            goto end;
-        }
-        resp = d2i_OCSP_RESPONSE_bio(derbio, NULL);
-        BIO_free(derbio);
-        if (!resp) {
-            BIO_printf(bio_err, "Error reading OCSP response\n");
-            goto end;
-        }
-
-    } else {
-        ret = 0;
-        goto end;
-    }
-
- done_resp:
-
-    if (respout) {
-        derbio = BIO_new_file(respout, "wb");
-        if (!derbio) {
-            BIO_printf(bio_err, "Error opening file %s\n", respout);
-            goto end;
-        }
-        i2d_OCSP_RESPONSE_bio(derbio, resp);
-        BIO_free(derbio);
-    }
-
-    i = OCSP_response_status(resp);
-
-    if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
-        BIO_printf(out, "Responder Error: %s (%d)\n",
-                   OCSP_response_status_str(i), i);
-        if (ignore_err)
-            goto redo_accept;
-        ret = 0;
-        goto end;
-    }
-
-    if (resp_text)
-        OCSP_RESPONSE_print(out, resp, 0);
-
-    /* If running as responder don't verify our own response */
-    if (cbio) {
-        if (accept_count > 0)
-            accept_count--;
-        /* Redo if more connections needed */
-        if (accept_count) {
-            BIO_free_all(cbio);
-            cbio = NULL;
-            OCSP_REQUEST_free(req);
-            req = NULL;
-            OCSP_RESPONSE_free(resp);
-            resp = NULL;
-            goto redo_accept;
-        }
-        goto end;
-    }
-
-    if (!store)
-        store = setup_verify(bio_err, CAfile, CApath);
-    if (!store)
-        goto end;
-    if (verify_certfile) {
-        verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM,
-                                  NULL, e, "validator certificate");
-        if (!verify_other)
-            goto end;
-    }
-
-    bs = OCSP_response_get1_basic(resp);
-
-    if (!bs) {
-        BIO_printf(bio_err, "Error parsing response\n");
-        goto end;
-    }
-
-    if (!noverify) {
-        if (req && ((i = OCSP_check_nonce(req, bs)) <= 0)) {
-            if (i == -1)
-                BIO_printf(bio_err, "WARNING: no nonce in response\n");
-            else {
-                BIO_printf(bio_err, "Nonce Verify error\n");
-                goto end;
-            }
-        }
-
-        i = OCSP_basic_verify(bs, verify_other, store, verify_flags);
-        if (i < 0)
-            i = OCSP_basic_verify(bs, NULL, store, 0);
-
-        if (i <= 0) {
-            BIO_printf(bio_err, "Response Verify Failure\n");
-            ERR_print_errors(bio_err);
-        } else
-            BIO_printf(bio_err, "Response verify OK\n");
-
-    }
-
-    if (!print_ocsp_summary(out, bs, req, reqnames, ids, nsec, maxage))
-        goto end;
-
-    ret = 0;
-
- end:
-    ERR_print_errors(bio_err);
-    X509_free(signer);
-    X509_STORE_free(store);
-    EVP_PKEY_free(key);
-    EVP_PKEY_free(rkey);
-    X509_free(issuer);
-    X509_free(cert);
-    X509_free(rsigner);
-    X509_free(rca_cert);
-    free_index(rdb);
-    BIO_free_all(cbio);
-    BIO_free_all(acbio);
-    BIO_free(out);
-    OCSP_REQUEST_free(req);
-    OCSP_RESPONSE_free(resp);
-    OCSP_BASICRESP_free(bs);
-    sk_OPENSSL_STRING_free(reqnames);
-    sk_OCSP_CERTID_free(ids);
-    sk_X509_pop_free(sign_other, X509_free);
-    sk_X509_pop_free(verify_other, X509_free);
-    sk_CONF_VALUE_pop_free(headers, X509V3_conf_free);
-
-    if (thost)
-        OPENSSL_free(thost);
-    if (tport)
-        OPENSSL_free(tport);
-    if (tpath)
-        OPENSSL_free(tpath);
-
-    OPENSSL_EXIT(ret);
-}
-
-static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert,
-                         const EVP_MD *cert_id_md, X509 *issuer,
-                         STACK_OF(OCSP_CERTID) *ids)
-{
-    OCSP_CERTID *id;
-    if (!issuer) {
-        BIO_printf(bio_err, "No issuer certificate specified\n");
-        return 0;
-    }
-    if (!*req)
-        *req = OCSP_REQUEST_new();
-    if (!*req)
-        goto err;
-    id = OCSP_cert_to_id(cert_id_md, cert, issuer);
-    if (!id || !sk_OCSP_CERTID_push(ids, id))
-        goto err;
-    if (!OCSP_request_add0_id(*req, id))
-        goto err;
-    return 1;
-
- err:
-    BIO_printf(bio_err, "Error Creating OCSP request\n");
-    return 0;
-}
-
-static int add_ocsp_serial(OCSP_REQUEST **req, char *serial,
-                           const EVP_MD *cert_id_md, X509 *issuer,
-                           STACK_OF(OCSP_CERTID) *ids)
-{
-    OCSP_CERTID *id;
-    X509_NAME *iname;
-    ASN1_BIT_STRING *ikey;
-    ASN1_INTEGER *sno;
-    if (!issuer) {
-        BIO_printf(bio_err, "No issuer certificate specified\n");
-        return 0;
-    }
-    if (!*req)
-        *req = OCSP_REQUEST_new();
-    if (!*req)
-        goto err;
-    iname = X509_get_subject_name(issuer);
-    ikey = X509_get0_pubkey_bitstr(issuer);
-    sno = s2i_ASN1_INTEGER(NULL, serial);
-    if (!sno) {
-        BIO_printf(bio_err, "Error converting serial number %s\n", serial);
-        return 0;
-    }
-    id = OCSP_cert_id_new(cert_id_md, iname, ikey, sno);
-    ASN1_INTEGER_free(sno);
-    if (!id || !sk_OCSP_CERTID_push(ids, id))
-        goto err;
-    if (!OCSP_request_add0_id(*req, id))
-        goto err;
-    return 1;
-
- err:
-    BIO_printf(bio_err, "Error Creating OCSP request\n");
-    return 0;
-}
-
-static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
-                              STACK_OF(OPENSSL_STRING) *names,
-                              STACK_OF(OCSP_CERTID) *ids, long nsec,
-                              long maxage)
-{
-    OCSP_CERTID *id;
-    char *name;
-    int i;
-
-    int status, reason;
-
-    ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
-
-    if (!bs || !req || !sk_OPENSSL_STRING_num(names)
-        || !sk_OCSP_CERTID_num(ids))
-        return 1;
-
-    for (i = 0; i < sk_OCSP_CERTID_num(ids); i++) {
-        id = sk_OCSP_CERTID_value(ids, i);
-        name = sk_OPENSSL_STRING_value(names, i);
-        BIO_printf(out, "%s: ", name);
-
-        if (!OCSP_resp_find_status(bs, id, &status, &reason,
-                                   &rev, &thisupd, &nextupd)) {
-            BIO_puts(out, "ERROR: No Status found.\n");
-            continue;
-        }
-
-        /*
-         * Check validity: if invalid write to output BIO so we know which
-         * response this refers to.
-         */
-        if (!OCSP_check_validity(thisupd, nextupd, nsec, maxage)) {
-            BIO_puts(out, "WARNING: Status times invalid.\n");
-            ERR_print_errors(out);
-        }
-        BIO_printf(out, "%s\n", OCSP_cert_status_str(status));
-
-        BIO_puts(out, "\tThis Update: ");
-        ASN1_GENERALIZEDTIME_print(out, thisupd);
-        BIO_puts(out, "\n");
-
-        if (nextupd) {
-            BIO_puts(out, "\tNext Update: ");
-            ASN1_GENERALIZEDTIME_print(out, nextupd);
-            BIO_puts(out, "\n");
-        }
-
-        if (status != V_OCSP_CERTSTATUS_REVOKED)
-            continue;
-
-        if (reason != -1)
-            BIO_printf(out, "\tReason: %s\n", OCSP_crl_reason_str(reason));
-
-        BIO_puts(out, "\tRevocation Time: ");
-        ASN1_GENERALIZEDTIME_print(out, rev);
-        BIO_puts(out, "\n");
-    }
-
-    return 1;
-}
-
-static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req,
-                              CA_DB *db, X509 *ca, X509 *rcert,
-                              EVP_PKEY *rkey, STACK_OF(X509) *rother,
-                              unsigned long flags, int nmin, int ndays)
-{
-    ASN1_TIME *thisupd = NULL, *nextupd = NULL;
-    OCSP_CERTID *cid, *ca_id = NULL;
-    OCSP_BASICRESP *bs = NULL;
-    int i, id_count, ret = 1;
-
-    id_count = OCSP_request_onereq_count(req);
-
-    if (id_count <= 0) {
-        *resp =
-            OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL);
-        goto end;
-    }
-
-    bs = OCSP_BASICRESP_new();
-    thisupd = X509_gmtime_adj(NULL, 0);
-    if (ndays != -1)
-        nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24);
-
-    /* Examine each certificate id in the request */
-    for (i = 0; i < id_count; i++) {
-        OCSP_ONEREQ *one;
-        ASN1_INTEGER *serial;
-        char **inf;
-        ASN1_OBJECT *cert_id_md_oid;
-        const EVP_MD *cert_id_md;
-        one = OCSP_request_onereq_get0(req, i);
-        cid = OCSP_onereq_get0_id(one);
-
-        OCSP_id_get0_info(NULL, &cert_id_md_oid, NULL, NULL, cid);
-
-        cert_id_md = EVP_get_digestbyobj(cert_id_md_oid);
-        if (!cert_id_md) {
-            *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR,
-                                         NULL);
-            goto end;
-        }
-        if (ca_id)
-            OCSP_CERTID_free(ca_id);
-        ca_id = OCSP_cert_to_id(cert_id_md, NULL, ca);
-
-        /* Is this request about our CA? */
-        if (OCSP_id_issuer_cmp(ca_id, cid)) {
-            OCSP_basic_add1_status(bs, cid,
-                                   V_OCSP_CERTSTATUS_UNKNOWN,
-                                   0, NULL, thisupd, nextupd);
-            continue;
-        }
-        OCSP_id_get0_info(NULL, NULL, NULL, &serial, cid);
-        inf = lookup_serial(db, serial);
-        if (!inf)
-            OCSP_basic_add1_status(bs, cid,
-                                   V_OCSP_CERTSTATUS_UNKNOWN,
-                                   0, NULL, thisupd, nextupd);
-        else if (inf[DB_type][0] == DB_TYPE_VAL)
-            OCSP_basic_add1_status(bs, cid,
-                                   V_OCSP_CERTSTATUS_GOOD,
-                                   0, NULL, thisupd, nextupd);
-        else if (inf[DB_type][0] == DB_TYPE_REV) {
-            ASN1_OBJECT *inst = NULL;
-            ASN1_TIME *revtm = NULL;
-            ASN1_GENERALIZEDTIME *invtm = NULL;
-            OCSP_SINGLERESP *single;
-            int reason = -1;
-            unpack_revinfo(&revtm, &reason, &inst, &invtm, inf[DB_rev_date]);
-            single = OCSP_basic_add1_status(bs, cid,
-                                            V_OCSP_CERTSTATUS_REVOKED,
-                                            reason, revtm, thisupd, nextupd);
-            if (invtm)
-                OCSP_SINGLERESP_add1_ext_i2d(single, NID_invalidity_date,
-                                             invtm, 0, 0);
-            else if (inst)
-                OCSP_SINGLERESP_add1_ext_i2d(single,
-                                             NID_hold_instruction_code, inst,
-                                             0, 0);
-            ASN1_OBJECT_free(inst);
-            ASN1_TIME_free(revtm);
-            ASN1_GENERALIZEDTIME_free(invtm);
-        }
-    }
-
-    OCSP_copy_nonce(bs, req);
-
-    OCSP_basic_sign(bs, rcert, rkey, NULL, rother, flags);
-
-    *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs);
-
- end:
-    ASN1_TIME_free(thisupd);
-    ASN1_TIME_free(nextupd);
-    OCSP_CERTID_free(ca_id);
-    OCSP_BASICRESP_free(bs);
-    return ret;
-
-}
-
-static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
-{
-    int i;
-    BIGNUM *bn = NULL;
-    char *itmp, *row[DB_NUMBER], **rrow;
-    for (i = 0; i < DB_NUMBER; i++)
-        row[i] = NULL;
-    bn = ASN1_INTEGER_to_BN(ser, NULL);
-    OPENSSL_assert(bn);         /* FIXME: should report an error at this
-                                 * point and abort */
-    if (BN_is_zero(bn))
-        itmp = BUF_strdup("00");
-    else
-        itmp = BN_bn2hex(bn);
-    row[DB_serial] = itmp;
-    BN_free(bn);
-    rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
-    OPENSSL_free(itmp);
-    return rrow;
-}
-
-/* Quick and dirty OCSP server: read in and parse input request */
-
-static BIO *init_responder(char *port)
-{
-    BIO *acbio = NULL, *bufbio = NULL;
-    bufbio = BIO_new(BIO_f_buffer());
-    if (!bufbio)
-        goto err;
-# ifndef OPENSSL_NO_SOCK
-    acbio = BIO_new_accept(port);
-# else
-    BIO_printf(bio_err,
-               "Error setting up accept BIO - sockets not supported.\n");
-# endif
-    if (!acbio)
-        goto err;
-    BIO_set_accept_bios(acbio, bufbio);
-    bufbio = NULL;
-
-    if (BIO_do_accept(acbio) <= 0) {
-        BIO_printf(bio_err, "Error setting up accept BIO\n");
-        ERR_print_errors(bio_err);
-        goto err;
-    }
-
-    return acbio;
-
- err:
-    BIO_free_all(acbio);
-    BIO_free(bufbio);
-    return NULL;
-}
-
-static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
-                        char *port)
-{
-    int have_post = 0, len;
-    OCSP_REQUEST *req = NULL;
-    char inbuf[1024];
-    BIO *cbio = NULL;
-
-    if (BIO_do_accept(acbio) <= 0) {
-        BIO_printf(bio_err, "Error accepting connection\n");
-        ERR_print_errors(bio_err);
-        return 0;
-    }
-
-    cbio = BIO_pop(acbio);
-    *pcbio = cbio;
-
-    for (;;) {
-        len = BIO_gets(cbio, inbuf, sizeof inbuf);
-        if (len <= 0)
-            return 1;
-        /* Look for "POST" signalling start of query */
-        if (!have_post) {
-            if (strncmp(inbuf, "POST", 4)) {
-                BIO_printf(bio_err, "Invalid request\n");
-                return 1;
-            }
-            have_post = 1;
-        }
-        /* Look for end of headers */
-        if ((inbuf[0] == '\r') || (inbuf[0] == '\n'))
-            break;
-    }
-
-    /* Try to read OCSP request */
-
-    req = d2i_OCSP_REQUEST_bio(cbio, NULL);
-
-    if (!req) {
-        BIO_printf(bio_err, "Error parsing OCSP request\n");
-        ERR_print_errors(bio_err);
-    }
-
-    *preq = req;
-
-    return 1;
-
-}
-
-static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
-{
-    char http_resp[] =
-        "HTTP/1.0 200 OK\r\nContent-type: application/ocsp-response\r\n"
-        "Content-Length: %d\r\n\r\n";
-    if (!cbio)
-        return 0;
-    BIO_printf(cbio, http_resp, i2d_OCSP_RESPONSE(resp, NULL));
-    i2d_OCSP_RESPONSE_bio(cbio, resp);
-    (void)BIO_flush(cbio);
-    return 1;
-}
-
-static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
-                                      STACK_OF(CONF_VALUE) *headers,
-                                      OCSP_REQUEST *req, int req_timeout)
-{
-    int fd;
-    int rv;
-    int i;
-    OCSP_REQ_CTX *ctx = NULL;
-    OCSP_RESPONSE *rsp = NULL;
-    fd_set confds;
-    struct timeval tv;
-
-    if (req_timeout != -1)
-        BIO_set_nbio(cbio, 1);
-
-    rv = BIO_do_connect(cbio);
-
-    if ((rv <= 0) && ((req_timeout == -1) || !BIO_should_retry(cbio))) {
-        BIO_puts(err, "Error connecting BIO\n");
-        return NULL;
-    }
-
-    if (BIO_get_fd(cbio, &fd) < 0) {
-        BIO_puts(bio_err, "Can't get connection fd\n");
-        goto err;
-    }
-
-    if (req_timeout != -1 && rv <= 0) {
-        FD_ZERO(&confds);
-        openssl_fdset(fd, &confds);
-        tv.tv_usec = 0;
-        tv.tv_sec = req_timeout;
-        rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv);
-        if (rv == 0) {
-            BIO_puts(err, "Timeout on connect\n");
-            return NULL;
-        }
-    }
-
-    ctx = OCSP_sendreq_new(cbio, path, NULL, -1);
-    if (!ctx)
-        return NULL;
-
-    for (i = 0; i < sk_CONF_VALUE_num(headers); i++) {
-        CONF_VALUE *hdr = sk_CONF_VALUE_value(headers, i);
-        if (!OCSP_REQ_CTX_add1_header(ctx, hdr->name, hdr->value))
-            goto err;
-    }
-
-    if (!OCSP_REQ_CTX_set1_req(ctx, req))
-        goto err;
-
-    for (;;) {
-        rv = OCSP_sendreq_nbio(&rsp, ctx);
-        if (rv != -1)
-            break;
-        if (req_timeout == -1)
-            continue;
-        FD_ZERO(&confds);
-        openssl_fdset(fd, &confds);
-        tv.tv_usec = 0;
-        tv.tv_sec = req_timeout;
-        if (BIO_should_read(cbio))
-            rv = select(fd + 1, (void *)&confds, NULL, NULL, &tv);
-        else if (BIO_should_write(cbio))
-            rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv);
-        else {
-            BIO_puts(err, "Unexpected retry condition\n");
-            goto err;
-        }
-        if (rv == 0) {
-            BIO_puts(err, "Timeout on request\n");
-            break;
-        }
-        if (rv == -1) {
-            BIO_puts(err, "Select error\n");
-            break;
-        }
-
-    }
- err:
-    if (ctx)
-        OCSP_REQ_CTX_free(ctx);
-
-    return rsp;
-}
-
-OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
-                                 char *host, char *path, char *port,
-                                 int use_ssl, STACK_OF(CONF_VALUE) *headers,
-                                 int req_timeout)
-{
-    BIO *cbio = NULL;
-    SSL_CTX *ctx = NULL;
-    OCSP_RESPONSE *resp = NULL;
-    cbio = BIO_new_connect(host);
-    if (!cbio) {
-        BIO_printf(err, "Error creating connect BIO\n");
-        goto end;
-    }
-    if (port)
-        BIO_set_conn_port(cbio, port);
-    if (use_ssl == 1) {
-        BIO *sbio;
-        ctx = SSL_CTX_new(SSLv23_client_method());
-        if (ctx == NULL) {
-            BIO_printf(err, "Error creating SSL context.\n");
-            goto end;
-        }
-        SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
-        sbio = BIO_new_ssl(ctx, 1);
-        cbio = BIO_push(sbio, cbio);
-    }
-    resp = query_responder(err, cbio, path, headers, req, req_timeout);
-    if (!resp)
-        BIO_printf(bio_err, "Error querying OCSP responder\n");
- end:
-    if (cbio)
-        BIO_free_all(cbio);
-    if (ctx)
-        SSL_CTX_free(ctx);
-    return resp;
-}
-
-#endif

Copied: vendor-crypto/openssl/1.0.1u/apps/ocsp.c (from rev 11605, vendor-crypto/openssl/dist/apps/ocsp.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/apps/ocsp.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/apps/ocsp.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,1325 @@
+/* ocsp.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+#ifndef OPENSSL_NO_OCSP
+
+# ifdef OPENSSL_SYS_VMS
+#  define _XOPEN_SOURCE_EXTENDED/* So fd_set and friends get properly defined
+                                 * on OpenVMS */
+# endif
+
+# define USE_SOCKETS
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+# include <time.h>
+# include "apps.h"              /* needs to be included before the openssl
+                                 * headers! */
+# include <openssl/e_os2.h>
+# include <openssl/crypto.h>
+# include <openssl/err.h>
+# include <openssl/ssl.h>
+# include <openssl/evp.h>
+# include <openssl/bn.h>
+# include <openssl/x509v3.h>
+
+# if defined(NETWARE_CLIB)
+#  ifdef NETWARE_BSDSOCK
+#   include <sys/socket.h>
+#   include <sys/bsdskt.h>
+#  else
+#   include <novsock2.h>
+#  endif
+# elif defined(NETWARE_LIBC)
+#  ifdef NETWARE_BSDSOCK
+#   include <sys/select.h>
+#  else
+#   include <novsock2.h>
+#  endif
+# endif
+
+/* Maximum leeway in validity period: default 5 minutes */
+# define MAX_VALIDITY_PERIOD     (5 * 60)
+
+static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert,
+                         const EVP_MD *cert_id_md, X509 *issuer,
+                         STACK_OF(OCSP_CERTID) *ids);
+static int add_ocsp_serial(OCSP_REQUEST **req, char *serial,
+                           const EVP_MD *cert_id_md, X509 *issuer,
+                           STACK_OF(OCSP_CERTID) *ids);
+static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
+                              STACK_OF(OPENSSL_STRING) *names,
+                              STACK_OF(OCSP_CERTID) *ids, long nsec,
+                              long maxage);
+
+static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req,
+                              CA_DB *db, X509 *ca, X509 *rcert,
+                              EVP_PKEY *rkey, STACK_OF(X509) *rother,
+                              unsigned long flags, int nmin, int ndays);
+
+static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
+static BIO *init_responder(char *port);
+static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
+                        char *port);
+static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
+static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
+                                      STACK_OF(CONF_VALUE) *headers,
+                                      OCSP_REQUEST *req, int req_timeout);
+
+# undef PROG
+# define PROG ocsp_main
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+    ENGINE *e = NULL;
+    char **args;
+    char *host = NULL, *port = NULL, *path = "/";
+    char *thost = NULL, *tport = NULL, *tpath = NULL;
+    char *reqin = NULL, *respin = NULL;
+    char *reqout = NULL, *respout = NULL;
+    char *signfile = NULL, *keyfile = NULL;
+    char *rsignfile = NULL, *rkeyfile = NULL;
+    char *outfile = NULL;
+    int add_nonce = 1, noverify = 0, use_ssl = -1;
+    STACK_OF(CONF_VALUE) *headers = NULL;
+    OCSP_REQUEST *req = NULL;
+    OCSP_RESPONSE *resp = NULL;
+    OCSP_BASICRESP *bs = NULL;
+    X509 *issuer = NULL, *cert = NULL;
+    X509 *signer = NULL, *rsigner = NULL;
+    EVP_PKEY *key = NULL, *rkey = NULL;
+    BIO *acbio = NULL, *cbio = NULL;
+    BIO *derbio = NULL;
+    BIO *out = NULL;
+    int req_timeout = -1;
+    int req_text = 0, resp_text = 0;
+    long nsec = MAX_VALIDITY_PERIOD, maxage = -1;
+    char *CAfile = NULL, *CApath = NULL;
+    X509_STORE *store = NULL;
+    STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL;
+    char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL;
+    unsigned long sign_flags = 0, verify_flags = 0, rflags = 0;
+    int ret = 1;
+    int accept_count = -1;
+    int badarg = 0;
+    int i;
+    int ignore_err = 0;
+    STACK_OF(OPENSSL_STRING) *reqnames = NULL;
+    STACK_OF(OCSP_CERTID) *ids = NULL;
+
+    X509 *rca_cert = NULL;
+    char *ridx_filename = NULL;
+    char *rca_filename = NULL;
+    CA_DB *rdb = NULL;
+    int nmin = 0, ndays = -1;
+    const EVP_MD *cert_id_md = NULL;
+
+    if (bio_err == NULL)
+        bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+    if (!load_config(bio_err, NULL))
+        goto end;
+    SSL_load_error_strings();
+    OpenSSL_add_ssl_algorithms();
+    args = argv + 1;
+    reqnames = sk_OPENSSL_STRING_new_null();
+    ids = sk_OCSP_CERTID_new_null();
+    while (!badarg && *args && *args[0] == '-') {
+        if (!strcmp(*args, "-out")) {
+            if (args[1]) {
+                args++;
+                outfile = *args;
+            } else
+                badarg = 1;
+        } else if (!strcmp(*args, "-timeout")) {
+            if (args[1]) {
+                args++;
+                req_timeout = atol(*args);
+                if (req_timeout < 0) {
+                    BIO_printf(bio_err, "Illegal timeout value %s\n", *args);
+                    badarg = 1;
+                }
+            } else
+                badarg = 1;
+        } else if (!strcmp(*args, "-url")) {
+            if (thost)
+                OPENSSL_free(thost);
+            if (tport)
+                OPENSSL_free(tport);
+            if (tpath)
+                OPENSSL_free(tpath);
+            if (args[1]) {
+                args++;
+                if (!OCSP_parse_url(*args, &host, &port, &path, &use_ssl)) {
+                    BIO_printf(bio_err, "Error parsing URL\n");
+                    badarg = 1;
+                }
+                thost = host;
+                tport = port;
+                tpath = path;
+            } else
+                badarg = 1;
+        } else if (!strcmp(*args, "-host")) {
+            if (args[1]) {
+                args++;
+                host = *args;
+            } else
+                badarg = 1;
+        } else if (!strcmp(*args, "-port")) {
+            if (args[1]) {
+                args++;
+                port = *args;
+            } else
+                badarg = 1;
+        } else if (!strcmp(*args, "-header")) {
+            if (args[1] && args[2]) {
+                if (!X509V3_add_value(args[1], args[2], &headers))
+                    goto end;
+                args += 2;
+            } else
+                badarg = 1;
+        } else if (!strcmp(*args, "-ignore_err"))
+            ignore_err = 1;
+        else if (!strcmp(*args, "-noverify"))
+            noverify = 1;
+        else if (!strcmp(*args, "-nonce"))
+            add_nonce = 2;
+        else if (!strcmp(*args, "-no_nonce"))
+            add_nonce = 0;
+        else if (!strcmp(*args, "-resp_no_certs"))
+            rflags |= OCSP_NOCERTS;
+        else if (!strcmp(*args, "-resp_key_id"))
+            rflags |= OCSP_RESPID_KEY;
+        else if (!strcmp(*args, "-no_certs"))
+            sign_flags |= OCSP_NOCERTS;
+        else if (!strcmp(*args, "-no_signature_verify"))
+            verify_flags |= OCSP_NOSIGS;
+        else if (!strcmp(*args, "-no_cert_verify"))
+            verify_flags |= OCSP_NOVERIFY;
+        else if (!strcmp(*args, "-no_chain"))
+            verify_flags |= OCSP_NOCHAIN;
+        else if (!strcmp(*args, "-no_cert_checks"))
+            verify_flags |= OCSP_NOCHECKS;
+        else if (!strcmp(*args, "-no_explicit"))
+            verify_flags |= OCSP_NOEXPLICIT;
+        else if (!strcmp(*args, "-trust_other"))
+            verify_flags |= OCSP_TRUSTOTHER;
+        else if (!strcmp(*args, "-no_intern"))
+            verify_flags |= OCSP_NOINTERN;
+        else if (!strcmp(*args, "-text")) {
+            req_text = 1;
+            resp_text = 1;
+        } else if (!strcmp(*args, "-req_text"))
+            req_text = 1;
+        else if (!strcmp(*args, "-resp_text"))
+            resp_text = 1;
+        else if (!strcmp(*args, "-reqin")) {
+            if (args[1]) {
+                args++;
+                reqin = *args;
+            } else
+                badarg = 1;
+        } else if (!strcmp(*args, "-respin")) {
+            if (args[1]) {
+                args++;
+                respin = *args;
+            } else
+                badarg = 1;
+        } else if (!strcmp(*args, "-signer")) {
+            if (args[1]) {
+                args++;
+                signfile = *args;
+            } else
+                badarg = 1;
+        } else if (!strcmp(*args, "-VAfile")) {
+            if (args[1]) {
+                args++;
+                verify_certfile = *args;
+                verify_flags |= OCSP_TRUSTOTHER;
+            } else
+                badarg = 1;
+        } else if (!strcmp(*args, "-sign_other")) {
+            if (args[1]) {
+                args++;
+                sign_certfile = *args;
+            } else
+                badarg = 1;
+        } else if (!strcmp(*args, "-verify_other")) {
+            if (args[1]) {
+                args++;
+                verify_certfile = *args;
+            } else
+                badarg = 1;
+        } else if (!strcmp(*args, "-CAfile")) {
+            if (args[1]) {
+                args++;
+                CAfile = *args;
+            } else
+                badarg = 1;
+        } else if (!strcmp(*args, "-CApath")) {
+            if (args[1]) {
+                args++;
+                CApath = *args;
+            } else
+                badarg = 1;
+        } else if (!strcmp(*args, "-validity_period")) {
+            if (args[1]) {
+                args++;
+                nsec = atol(*args);
+                if (nsec < 0) {
+                    BIO_printf(bio_err,
+                               "Illegal validity period %s\n", *args);
+                    badarg = 1;
+                }
+            } else
+                badarg = 1;
+        } else if (!strcmp(*args, "-status_age")) {
+            if (args[1]) {
+                args++;
+                maxage = atol(*args);
+                if (maxage < 0) {
+                    BIO_printf(bio_err, "Illegal validity age %s\n", *args);
+                    badarg = 1;
+                }
+            } else
+                badarg = 1;
+        } else if (!strcmp(*args, "-signkey")) {
+            if (args[1]) {
+                args++;
+                keyfile = *args;
+            } else
+                badarg = 1;
+        } else if (!strcmp(*args, "-reqout")) {
+            if (args[1]) {
+                args++;
+                reqout = *args;
+            } else
+                badarg = 1;
+        } else if (!strcmp(*args, "-respout")) {
+            if (args[1]) {
+                args++;
+                respout = *args;
+            } else
+                badarg = 1;
+        } else if (!strcmp(*args, "-path")) {
+            if (args[1]) {
+                args++;
+                path = *args;
+            } else
+                badarg = 1;
+        } else if (!strcmp(*args, "-issuer")) {
+            if (args[1]) {
+                args++;
+                X509_free(issuer);
+                issuer = load_cert(bio_err, *args, FORMAT_PEM,
+                                   NULL, e, "issuer certificate");
+                if (!issuer)
+                    goto end;
+            } else
+                badarg = 1;
+        } else if (!strcmp(*args, "-cert")) {
+            if (args[1]) {
+                args++;
+                X509_free(cert);
+                cert = load_cert(bio_err, *args, FORMAT_PEM,
+                                 NULL, e, "certificate");
+                if (!cert)
+                    goto end;
+                if (!cert_id_md)
+                    cert_id_md = EVP_sha1();
+                if (!add_ocsp_cert(&req, cert, cert_id_md, issuer, ids))
+                    goto end;
+                if (!sk_OPENSSL_STRING_push(reqnames, *args))
+                    goto end;
+            } else
+                badarg = 1;
+        } else if (!strcmp(*args, "-serial")) {
+            if (args[1]) {
+                args++;
+                if (!cert_id_md)
+                    cert_id_md = EVP_sha1();
+                if (!add_ocsp_serial(&req, *args, cert_id_md, issuer, ids))
+                    goto end;
+                if (!sk_OPENSSL_STRING_push(reqnames, *args))
+                    goto end;
+            } else
+                badarg = 1;
+        } else if (!strcmp(*args, "-index")) {
+            if (args[1]) {
+                args++;
+                ridx_filename = *args;
+            } else
+                badarg = 1;
+        } else if (!strcmp(*args, "-CA")) {
+            if (args[1]) {
+                args++;
+                rca_filename = *args;
+            } else
+                badarg = 1;
+        } else if (!strcmp(*args, "-nmin")) {
+            if (args[1]) {
+                args++;
+                nmin = atol(*args);
+                if (nmin < 0) {
+                    BIO_printf(bio_err, "Illegal update period %s\n", *args);
+                    badarg = 1;
+                }
+            }
+            if (ndays == -1)
+                ndays = 0;
+            else
+                badarg = 1;
+        } else if (!strcmp(*args, "-nrequest")) {
+            if (args[1]) {
+                args++;
+                accept_count = atol(*args);
+                if (accept_count < 0) {
+                    BIO_printf(bio_err, "Illegal accept count %s\n", *args);
+                    badarg = 1;
+                }
+            } else
+                badarg = 1;
+        } else if (!strcmp(*args, "-ndays")) {
+            if (args[1]) {
+                args++;
+                ndays = atol(*args);
+                if (ndays < 0) {
+                    BIO_printf(bio_err, "Illegal update period %s\n", *args);
+                    badarg = 1;
+                }
+            } else
+                badarg = 1;
+        } else if (!strcmp(*args, "-rsigner")) {
+            if (args[1]) {
+                args++;
+                rsignfile = *args;
+            } else
+                badarg = 1;
+        } else if (!strcmp(*args, "-rkey")) {
+            if (args[1]) {
+                args++;
+                rkeyfile = *args;
+            } else
+                badarg = 1;
+        } else if (!strcmp(*args, "-rother")) {
+            if (args[1]) {
+                args++;
+                rcertfile = *args;
+            } else
+                badarg = 1;
+        } else if ((cert_id_md = EVP_get_digestbyname((*args) + 1)) == NULL) {
+            badarg = 1;
+        }
+        args++;
+    }
+
+    /* Have we anything to do? */
+    if (!req && !reqin && !respin && !(port && ridx_filename))
+        badarg = 1;
+
+    if (badarg) {
+        BIO_printf(bio_err, "OCSP utility\n");
+        BIO_printf(bio_err, "Usage ocsp [options]\n");
+        BIO_printf(bio_err, "where options are\n");
+        BIO_printf(bio_err, "-out file            output filename\n");
+        BIO_printf(bio_err, "-issuer file         issuer certificate\n");
+        BIO_printf(bio_err, "-cert file           certificate to check\n");
+        BIO_printf(bio_err, "-serial n            serial number to check\n");
+        BIO_printf(bio_err,
+                   "-signer file         certificate to sign OCSP request with\n");
+        BIO_printf(bio_err,
+                   "-signkey file        private key to sign OCSP request with\n");
+        BIO_printf(bio_err,
+                   "-sign_other file     additional certificates to include in signed request\n");
+        BIO_printf(bio_err,
+                   "-no_certs            don't include any certificates in signed request\n");
+        BIO_printf(bio_err,
+                   "-req_text            print text form of request\n");
+        BIO_printf(bio_err,
+                   "-resp_text           print text form of response\n");
+        BIO_printf(bio_err,
+                   "-text                print text form of request and response\n");
+        BIO_printf(bio_err,
+                   "-reqout file         write DER encoded OCSP request to \"file\"\n");
+        BIO_printf(bio_err,
+                   "-respout file        write DER encoded OCSP reponse to \"file\"\n");
+        BIO_printf(bio_err,
+                   "-reqin file          read DER encoded OCSP request from \"file\"\n");
+        BIO_printf(bio_err,
+                   "-respin file         read DER encoded OCSP reponse from \"file\"\n");
+        BIO_printf(bio_err,
+                   "-nonce               add OCSP nonce to request\n");
+        BIO_printf(bio_err,
+                   "-no_nonce            don't add OCSP nonce to request\n");
+        BIO_printf(bio_err, "-url URL             OCSP responder URL\n");
+        BIO_printf(bio_err,
+                   "-host host:n         send OCSP request to host on port n\n");
+        BIO_printf(bio_err,
+                   "-path                path to use in OCSP request\n");
+        BIO_printf(bio_err,
+                   "-CApath dir          trusted certificates directory\n");
+        BIO_printf(bio_err,
+                   "-CAfile file         trusted certificates file\n");
+        BIO_printf(bio_err,
+                   "-no_alt_chains       only ever use the first certificate chain found\n");
+        BIO_printf(bio_err,
+                   "-VAfile file         validator certificates file\n");
+        BIO_printf(bio_err,
+                   "-validity_period n   maximum validity discrepancy in seconds\n");
+        BIO_printf(bio_err,
+                   "-status_age n        maximum status age in seconds\n");
+        BIO_printf(bio_err,
+                   "-noverify            don't verify response at all\n");
+        BIO_printf(bio_err,
+                   "-verify_other file   additional certificates to search for signer\n");
+        BIO_printf(bio_err,
+                   "-trust_other         don't verify additional certificates\n");
+        BIO_printf(bio_err,
+                   "-no_intern           don't search certificates contained in response for signer\n");
+        BIO_printf(bio_err,
+                   "-no_signature_verify don't check signature on response\n");
+        BIO_printf(bio_err,
+                   "-no_cert_verify      don't check signing certificate\n");
+        BIO_printf(bio_err,
+                   "-no_chain            don't chain verify response\n");
+        BIO_printf(bio_err,
+                   "-no_cert_checks      don't do additional checks on signing certificate\n");
+        BIO_printf(bio_err,
+                   "-port num            port to run responder on\n");
+        BIO_printf(bio_err,
+                   "-index file          certificate status index file\n");
+        BIO_printf(bio_err, "-CA file             CA certificate\n");
+        BIO_printf(bio_err,
+                   "-rsigner file        responder certificate to sign responses with\n");
+        BIO_printf(bio_err,
+                   "-rkey file           responder key to sign responses with\n");
+        BIO_printf(bio_err,
+                   "-rother file         other certificates to include in response\n");
+        BIO_printf(bio_err,
+                   "-resp_no_certs       don't include any certificates in response\n");
+        BIO_printf(bio_err,
+                   "-nmin n              number of minutes before next update\n");
+        BIO_printf(bio_err,
+                   "-ndays n             number of days before next update\n");
+        BIO_printf(bio_err,
+                   "-resp_key_id         identify reponse by signing certificate key ID\n");
+        BIO_printf(bio_err,
+                   "-nrequest n          number of requests to accept (default unlimited)\n");
+        BIO_printf(bio_err,
+                   "-<dgst alg>          use specified digest in the request\n");
+        BIO_printf(bio_err,
+                   "-timeout n           timeout connection to OCSP responder after n seconds\n");
+        goto end;
+    }
+
+    if (outfile)
+        out = BIO_new_file(outfile, "w");
+    else
+        out = BIO_new_fp(stdout, BIO_NOCLOSE);
+
+    if (!out) {
+        BIO_printf(bio_err, "Error opening output file\n");
+        goto end;
+    }
+
+    if (!req && (add_nonce != 2))
+        add_nonce = 0;
+
+    if (!req && reqin) {
+        derbio = BIO_new_file(reqin, "rb");
+        if (!derbio) {
+            BIO_printf(bio_err, "Error Opening OCSP request file\n");
+            goto end;
+        }
+        req = d2i_OCSP_REQUEST_bio(derbio, NULL);
+        BIO_free(derbio);
+        if (!req) {
+            BIO_printf(bio_err, "Error reading OCSP request\n");
+            goto end;
+        }
+    }
+
+    if (!req && port) {
+        acbio = init_responder(port);
+        if (!acbio)
+            goto end;
+    }
+
+    if (rsignfile && !rdb) {
+        if (!rkeyfile)
+            rkeyfile = rsignfile;
+        rsigner = load_cert(bio_err, rsignfile, FORMAT_PEM,
+                            NULL, e, "responder certificate");
+        if (!rsigner) {
+            BIO_printf(bio_err, "Error loading responder certificate\n");
+            goto end;
+        }
+        rca_cert = load_cert(bio_err, rca_filename, FORMAT_PEM,
+                             NULL, e, "CA certificate");
+        if (rcertfile) {
+            rother = load_certs(bio_err, rcertfile, FORMAT_PEM,
+                                NULL, e, "responder other certificates");
+            if (!rother)
+                goto end;
+        }
+        rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, 0, NULL, NULL,
+                        "responder private key");
+        if (!rkey)
+            goto end;
+    }
+    if (acbio)
+        BIO_printf(bio_err, "Waiting for OCSP client connections...\n");
+
+ redo_accept:
+
+    if (acbio) {
+        if (!do_responder(&req, &cbio, acbio, port))
+            goto end;
+        if (!req) {
+            resp =
+                OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST,
+                                     NULL);
+            send_ocsp_response(cbio, resp);
+            goto done_resp;
+        }
+    }
+
+    if (!req && (signfile || reqout || host || add_nonce || ridx_filename)) {
+        BIO_printf(bio_err, "Need an OCSP request for this operation!\n");
+        goto end;
+    }
+
+    if (req && add_nonce)
+        OCSP_request_add1_nonce(req, NULL, -1);
+
+    if (signfile) {
+        if (!keyfile)
+            keyfile = signfile;
+        signer = load_cert(bio_err, signfile, FORMAT_PEM,
+                           NULL, e, "signer certificate");
+        if (!signer) {
+            BIO_printf(bio_err, "Error loading signer certificate\n");
+            goto end;
+        }
+        if (sign_certfile) {
+            sign_other = load_certs(bio_err, sign_certfile, FORMAT_PEM,
+                                    NULL, e, "signer certificates");
+            if (!sign_other)
+                goto end;
+        }
+        key = load_key(bio_err, keyfile, FORMAT_PEM, 0, NULL, NULL,
+                       "signer private key");
+        if (!key)
+            goto end;
+
+        if (!OCSP_request_sign
+            (req, signer, key, NULL, sign_other, sign_flags)) {
+            BIO_printf(bio_err, "Error signing OCSP request\n");
+            goto end;
+        }
+    }
+
+    if (req_text && req)
+        OCSP_REQUEST_print(out, req, 0);
+
+    if (reqout) {
+        derbio = BIO_new_file(reqout, "wb");
+        if (!derbio) {
+            BIO_printf(bio_err, "Error opening file %s\n", reqout);
+            goto end;
+        }
+        i2d_OCSP_REQUEST_bio(derbio, req);
+        BIO_free(derbio);
+    }
+
+    if (ridx_filename && (!rkey || !rsigner || !rca_cert)) {
+        BIO_printf(bio_err,
+                   "Need a responder certificate, key and CA for this operation!\n");
+        goto end;
+    }
+
+    if (ridx_filename && !rdb) {
+        rdb = load_index(ridx_filename, NULL);
+        if (!rdb)
+            goto end;
+        if (!index_index(rdb))
+            goto end;
+    }
+
+    if (rdb) {
+        i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey,
+                               rother, rflags, nmin, ndays);
+        if (cbio)
+            send_ocsp_response(cbio, resp);
+    } else if (host) {
+# ifndef OPENSSL_NO_SOCK
+        resp = process_responder(bio_err, req, host, path,
+                                 port, use_ssl, headers, req_timeout);
+        if (!resp)
+            goto end;
+# else
+        BIO_printf(bio_err,
+                   "Error creating connect BIO - sockets not supported.\n");
+        goto end;
+# endif
+    } else if (respin) {
+        derbio = BIO_new_file(respin, "rb");
+        if (!derbio) {
+            BIO_printf(bio_err, "Error Opening OCSP response file\n");
+            goto end;
+        }
+        resp = d2i_OCSP_RESPONSE_bio(derbio, NULL);
+        BIO_free(derbio);
+        if (!resp) {
+            BIO_printf(bio_err, "Error reading OCSP response\n");
+            goto end;
+        }
+
+    } else {
+        ret = 0;
+        goto end;
+    }
+
+ done_resp:
+
+    if (respout) {
+        derbio = BIO_new_file(respout, "wb");
+        if (!derbio) {
+            BIO_printf(bio_err, "Error opening file %s\n", respout);
+            goto end;
+        }
+        i2d_OCSP_RESPONSE_bio(derbio, resp);
+        BIO_free(derbio);
+    }
+
+    i = OCSP_response_status(resp);
+
+    if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
+        BIO_printf(out, "Responder Error: %s (%d)\n",
+                   OCSP_response_status_str(i), i);
+        if (ignore_err)
+            goto redo_accept;
+        ret = 0;
+        goto end;
+    }
+
+    if (resp_text)
+        OCSP_RESPONSE_print(out, resp, 0);
+
+    /* If running as responder don't verify our own response */
+    if (cbio) {
+        if (accept_count > 0)
+            accept_count--;
+        /* Redo if more connections needed */
+        if (accept_count) {
+            BIO_free_all(cbio);
+            cbio = NULL;
+            OCSP_REQUEST_free(req);
+            req = NULL;
+            OCSP_RESPONSE_free(resp);
+            resp = NULL;
+            goto redo_accept;
+        }
+        goto end;
+    }
+
+    if (!store)
+        store = setup_verify(bio_err, CAfile, CApath);
+    if (!store)
+        goto end;
+    if (verify_certfile) {
+        verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM,
+                                  NULL, e, "validator certificate");
+        if (!verify_other)
+            goto end;
+    }
+
+    bs = OCSP_response_get1_basic(resp);
+
+    if (!bs) {
+        BIO_printf(bio_err, "Error parsing response\n");
+        goto end;
+    }
+
+    if (!noverify) {
+        if (req && ((i = OCSP_check_nonce(req, bs)) <= 0)) {
+            if (i == -1)
+                BIO_printf(bio_err, "WARNING: no nonce in response\n");
+            else {
+                BIO_printf(bio_err, "Nonce Verify error\n");
+                goto end;
+            }
+        }
+
+        i = OCSP_basic_verify(bs, verify_other, store, verify_flags);
+        if (i < 0)
+            i = OCSP_basic_verify(bs, NULL, store, 0);
+
+        if (i <= 0) {
+            BIO_printf(bio_err, "Response Verify Failure\n");
+            ERR_print_errors(bio_err);
+        } else
+            BIO_printf(bio_err, "Response verify OK\n");
+
+    }
+
+    if (!print_ocsp_summary(out, bs, req, reqnames, ids, nsec, maxage))
+        goto end;
+
+    ret = 0;
+
+ end:
+    ERR_print_errors(bio_err);
+    X509_free(signer);
+    X509_STORE_free(store);
+    EVP_PKEY_free(key);
+    EVP_PKEY_free(rkey);
+    X509_free(issuer);
+    X509_free(cert);
+    X509_free(rsigner);
+    X509_free(rca_cert);
+    free_index(rdb);
+    BIO_free_all(cbio);
+    BIO_free_all(acbio);
+    BIO_free(out);
+    OCSP_REQUEST_free(req);
+    OCSP_RESPONSE_free(resp);
+    OCSP_BASICRESP_free(bs);
+    sk_OPENSSL_STRING_free(reqnames);
+    sk_OCSP_CERTID_free(ids);
+    sk_X509_pop_free(sign_other, X509_free);
+    sk_X509_pop_free(verify_other, X509_free);
+    sk_CONF_VALUE_pop_free(headers, X509V3_conf_free);
+
+    if (thost)
+        OPENSSL_free(thost);
+    if (tport)
+        OPENSSL_free(tport);
+    if (tpath)
+        OPENSSL_free(tpath);
+
+    OPENSSL_EXIT(ret);
+}
+
+static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert,
+                         const EVP_MD *cert_id_md, X509 *issuer,
+                         STACK_OF(OCSP_CERTID) *ids)
+{
+    OCSP_CERTID *id;
+    if (!issuer) {
+        BIO_printf(bio_err, "No issuer certificate specified\n");
+        return 0;
+    }
+    if (!*req)
+        *req = OCSP_REQUEST_new();
+    if (!*req)
+        goto err;
+    id = OCSP_cert_to_id(cert_id_md, cert, issuer);
+    if (!id || !sk_OCSP_CERTID_push(ids, id))
+        goto err;
+    if (!OCSP_request_add0_id(*req, id))
+        goto err;
+    return 1;
+
+ err:
+    BIO_printf(bio_err, "Error Creating OCSP request\n");
+    return 0;
+}
+
+static int add_ocsp_serial(OCSP_REQUEST **req, char *serial,
+                           const EVP_MD *cert_id_md, X509 *issuer,
+                           STACK_OF(OCSP_CERTID) *ids)
+{
+    OCSP_CERTID *id;
+    X509_NAME *iname;
+    ASN1_BIT_STRING *ikey;
+    ASN1_INTEGER *sno;
+    if (!issuer) {
+        BIO_printf(bio_err, "No issuer certificate specified\n");
+        return 0;
+    }
+    if (!*req)
+        *req = OCSP_REQUEST_new();
+    if (!*req)
+        goto err;
+    iname = X509_get_subject_name(issuer);
+    ikey = X509_get0_pubkey_bitstr(issuer);
+    sno = s2i_ASN1_INTEGER(NULL, serial);
+    if (!sno) {
+        BIO_printf(bio_err, "Error converting serial number %s\n", serial);
+        return 0;
+    }
+    id = OCSP_cert_id_new(cert_id_md, iname, ikey, sno);
+    ASN1_INTEGER_free(sno);
+    if (!id || !sk_OCSP_CERTID_push(ids, id))
+        goto err;
+    if (!OCSP_request_add0_id(*req, id))
+        goto err;
+    return 1;
+
+ err:
+    BIO_printf(bio_err, "Error Creating OCSP request\n");
+    return 0;
+}
+
+static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
+                              STACK_OF(OPENSSL_STRING) *names,
+                              STACK_OF(OCSP_CERTID) *ids, long nsec,
+                              long maxage)
+{
+    OCSP_CERTID *id;
+    char *name;
+    int i;
+
+    int status, reason;
+
+    ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
+
+    if (!bs || !req || !sk_OPENSSL_STRING_num(names)
+        || !sk_OCSP_CERTID_num(ids))
+        return 1;
+
+    for (i = 0; i < sk_OCSP_CERTID_num(ids); i++) {
+        id = sk_OCSP_CERTID_value(ids, i);
+        name = sk_OPENSSL_STRING_value(names, i);
+        BIO_printf(out, "%s: ", name);
+
+        if (!OCSP_resp_find_status(bs, id, &status, &reason,
+                                   &rev, &thisupd, &nextupd)) {
+            BIO_puts(out, "ERROR: No Status found.\n");
+            continue;
+        }
+
+        /*
+         * Check validity: if invalid write to output BIO so we know which
+         * response this refers to.
+         */
+        if (!OCSP_check_validity(thisupd, nextupd, nsec, maxage)) {
+            BIO_puts(out, "WARNING: Status times invalid.\n");
+            ERR_print_errors(out);
+        }
+        BIO_printf(out, "%s\n", OCSP_cert_status_str(status));
+
+        BIO_puts(out, "\tThis Update: ");
+        ASN1_GENERALIZEDTIME_print(out, thisupd);
+        BIO_puts(out, "\n");
+
+        if (nextupd) {
+            BIO_puts(out, "\tNext Update: ");
+            ASN1_GENERALIZEDTIME_print(out, nextupd);
+            BIO_puts(out, "\n");
+        }
+
+        if (status != V_OCSP_CERTSTATUS_REVOKED)
+            continue;
+
+        if (reason != -1)
+            BIO_printf(out, "\tReason: %s\n", OCSP_crl_reason_str(reason));
+
+        BIO_puts(out, "\tRevocation Time: ");
+        ASN1_GENERALIZEDTIME_print(out, rev);
+        BIO_puts(out, "\n");
+    }
+
+    return 1;
+}
+
+static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req,
+                              CA_DB *db, X509 *ca, X509 *rcert,
+                              EVP_PKEY *rkey, STACK_OF(X509) *rother,
+                              unsigned long flags, int nmin, int ndays)
+{
+    ASN1_TIME *thisupd = NULL, *nextupd = NULL;
+    OCSP_CERTID *cid, *ca_id = NULL;
+    OCSP_BASICRESP *bs = NULL;
+    int i, id_count, ret = 1;
+
+    id_count = OCSP_request_onereq_count(req);
+
+    if (id_count <= 0) {
+        *resp =
+            OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL);
+        goto end;
+    }
+
+    bs = OCSP_BASICRESP_new();
+    thisupd = X509_gmtime_adj(NULL, 0);
+    if (ndays != -1)
+        nextupd = X509_time_adj_ex(NULL, ndays, nmin * 60, NULL);
+
+    /* Examine each certificate id in the request */
+    for (i = 0; i < id_count; i++) {
+        OCSP_ONEREQ *one;
+        ASN1_INTEGER *serial;
+        char **inf;
+        ASN1_OBJECT *cert_id_md_oid;
+        const EVP_MD *cert_id_md;
+        one = OCSP_request_onereq_get0(req, i);
+        cid = OCSP_onereq_get0_id(one);
+
+        OCSP_id_get0_info(NULL, &cert_id_md_oid, NULL, NULL, cid);
+
+        cert_id_md = EVP_get_digestbyobj(cert_id_md_oid);
+        if (!cert_id_md) {
+            *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR,
+                                         NULL);
+            goto end;
+        }
+        if (ca_id)
+            OCSP_CERTID_free(ca_id);
+        ca_id = OCSP_cert_to_id(cert_id_md, NULL, ca);
+
+        /* Is this request about our CA? */
+        if (OCSP_id_issuer_cmp(ca_id, cid)) {
+            OCSP_basic_add1_status(bs, cid,
+                                   V_OCSP_CERTSTATUS_UNKNOWN,
+                                   0, NULL, thisupd, nextupd);
+            continue;
+        }
+        OCSP_id_get0_info(NULL, NULL, NULL, &serial, cid);
+        inf = lookup_serial(db, serial);
+        if (!inf)
+            OCSP_basic_add1_status(bs, cid,
+                                   V_OCSP_CERTSTATUS_UNKNOWN,
+                                   0, NULL, thisupd, nextupd);
+        else if (inf[DB_type][0] == DB_TYPE_VAL)
+            OCSP_basic_add1_status(bs, cid,
+                                   V_OCSP_CERTSTATUS_GOOD,
+                                   0, NULL, thisupd, nextupd);
+        else if (inf[DB_type][0] == DB_TYPE_REV) {
+            ASN1_OBJECT *inst = NULL;
+            ASN1_TIME *revtm = NULL;
+            ASN1_GENERALIZEDTIME *invtm = NULL;
+            OCSP_SINGLERESP *single;
+            int reason = -1;
+            unpack_revinfo(&revtm, &reason, &inst, &invtm, inf[DB_rev_date]);
+            single = OCSP_basic_add1_status(bs, cid,
+                                            V_OCSP_CERTSTATUS_REVOKED,
+                                            reason, revtm, thisupd, nextupd);
+            if (invtm)
+                OCSP_SINGLERESP_add1_ext_i2d(single, NID_invalidity_date,
+                                             invtm, 0, 0);
+            else if (inst)
+                OCSP_SINGLERESP_add1_ext_i2d(single,
+                                             NID_hold_instruction_code, inst,
+                                             0, 0);
+            ASN1_OBJECT_free(inst);
+            ASN1_TIME_free(revtm);
+            ASN1_GENERALIZEDTIME_free(invtm);
+        }
+    }
+
+    OCSP_copy_nonce(bs, req);
+
+    OCSP_basic_sign(bs, rcert, rkey, NULL, rother, flags);
+
+    *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs);
+
+ end:
+    ASN1_TIME_free(thisupd);
+    ASN1_TIME_free(nextupd);
+    OCSP_CERTID_free(ca_id);
+    OCSP_BASICRESP_free(bs);
+    return ret;
+
+}
+
+static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
+{
+    int i;
+    BIGNUM *bn = NULL;
+    char *itmp, *row[DB_NUMBER], **rrow;
+    for (i = 0; i < DB_NUMBER; i++)
+        row[i] = NULL;
+    bn = ASN1_INTEGER_to_BN(ser, NULL);
+    OPENSSL_assert(bn);         /* FIXME: should report an error at this
+                                 * point and abort */
+    if (BN_is_zero(bn))
+        itmp = BUF_strdup("00");
+    else
+        itmp = BN_bn2hex(bn);
+    row[DB_serial] = itmp;
+    BN_free(bn);
+    rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
+    OPENSSL_free(itmp);
+    return rrow;
+}
+
+/* Quick and dirty OCSP server: read in and parse input request */
+
+static BIO *init_responder(char *port)
+{
+    BIO *acbio = NULL, *bufbio = NULL;
+    bufbio = BIO_new(BIO_f_buffer());
+    if (!bufbio)
+        goto err;
+# ifndef OPENSSL_NO_SOCK
+    acbio = BIO_new_accept(port);
+# else
+    BIO_printf(bio_err,
+               "Error setting up accept BIO - sockets not supported.\n");
+# endif
+    if (!acbio)
+        goto err;
+    BIO_set_accept_bios(acbio, bufbio);
+    bufbio = NULL;
+
+    if (BIO_do_accept(acbio) <= 0) {
+        BIO_printf(bio_err, "Error setting up accept BIO\n");
+        ERR_print_errors(bio_err);
+        goto err;
+    }
+
+    return acbio;
+
+ err:
+    BIO_free_all(acbio);
+    BIO_free(bufbio);
+    return NULL;
+}
+
+static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
+                        char *port)
+{
+    int have_post = 0, len;
+    OCSP_REQUEST *req = NULL;
+    char inbuf[1024];
+    BIO *cbio = NULL;
+
+    if (BIO_do_accept(acbio) <= 0) {
+        BIO_printf(bio_err, "Error accepting connection\n");
+        ERR_print_errors(bio_err);
+        return 0;
+    }
+
+    cbio = BIO_pop(acbio);
+    *pcbio = cbio;
+
+    for (;;) {
+        len = BIO_gets(cbio, inbuf, sizeof inbuf);
+        if (len <= 0)
+            return 1;
+        /* Look for "POST" signalling start of query */
+        if (!have_post) {
+            if (strncmp(inbuf, "POST", 4)) {
+                BIO_printf(bio_err, "Invalid request\n");
+                return 1;
+            }
+            have_post = 1;
+        }
+        /* Look for end of headers */
+        if ((inbuf[0] == '\r') || (inbuf[0] == '\n'))
+            break;
+    }
+
+    /* Try to read OCSP request */
+
+    req = d2i_OCSP_REQUEST_bio(cbio, NULL);
+
+    if (!req) {
+        BIO_printf(bio_err, "Error parsing OCSP request\n");
+        ERR_print_errors(bio_err);
+    }
+
+    *preq = req;
+
+    return 1;
+
+}
+
+static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
+{
+    char http_resp[] =
+        "HTTP/1.0 200 OK\r\nContent-type: application/ocsp-response\r\n"
+        "Content-Length: %d\r\n\r\n";
+    if (!cbio)
+        return 0;
+    BIO_printf(cbio, http_resp, i2d_OCSP_RESPONSE(resp, NULL));
+    i2d_OCSP_RESPONSE_bio(cbio, resp);
+    (void)BIO_flush(cbio);
+    return 1;
+}
+
+static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
+                                      STACK_OF(CONF_VALUE) *headers,
+                                      OCSP_REQUEST *req, int req_timeout)
+{
+    int fd;
+    int rv;
+    int i;
+    OCSP_REQ_CTX *ctx = NULL;
+    OCSP_RESPONSE *rsp = NULL;
+    fd_set confds;
+    struct timeval tv;
+
+    if (req_timeout != -1)
+        BIO_set_nbio(cbio, 1);
+
+    rv = BIO_do_connect(cbio);
+
+    if ((rv <= 0) && ((req_timeout == -1) || !BIO_should_retry(cbio))) {
+        BIO_puts(err, "Error connecting BIO\n");
+        return NULL;
+    }
+
+    if (BIO_get_fd(cbio, &fd) < 0) {
+        BIO_puts(bio_err, "Can't get connection fd\n");
+        goto err;
+    }
+
+    if (req_timeout != -1 && rv <= 0) {
+        FD_ZERO(&confds);
+        openssl_fdset(fd, &confds);
+        tv.tv_usec = 0;
+        tv.tv_sec = req_timeout;
+        rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv);
+        if (rv == 0) {
+            BIO_puts(err, "Timeout on connect\n");
+            return NULL;
+        }
+    }
+
+    ctx = OCSP_sendreq_new(cbio, path, NULL, -1);
+    if (!ctx)
+        return NULL;
+
+    for (i = 0; i < sk_CONF_VALUE_num(headers); i++) {
+        CONF_VALUE *hdr = sk_CONF_VALUE_value(headers, i);
+        if (!OCSP_REQ_CTX_add1_header(ctx, hdr->name, hdr->value))
+            goto err;
+    }
+
+    if (!OCSP_REQ_CTX_set1_req(ctx, req))
+        goto err;
+
+    for (;;) {
+        rv = OCSP_sendreq_nbio(&rsp, ctx);
+        if (rv != -1)
+            break;
+        if (req_timeout == -1)
+            continue;
+        FD_ZERO(&confds);
+        openssl_fdset(fd, &confds);
+        tv.tv_usec = 0;
+        tv.tv_sec = req_timeout;
+        if (BIO_should_read(cbio))
+            rv = select(fd + 1, (void *)&confds, NULL, NULL, &tv);
+        else if (BIO_should_write(cbio))
+            rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv);
+        else {
+            BIO_puts(err, "Unexpected retry condition\n");
+            goto err;
+        }
+        if (rv == 0) {
+            BIO_puts(err, "Timeout on request\n");
+            break;
+        }
+        if (rv == -1) {
+            BIO_puts(err, "Select error\n");
+            break;
+        }
+
+    }
+ err:
+    if (ctx)
+        OCSP_REQ_CTX_free(ctx);
+
+    return rsp;
+}
+
+OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
+                                 char *host, char *path, char *port,
+                                 int use_ssl, STACK_OF(CONF_VALUE) *headers,
+                                 int req_timeout)
+{
+    BIO *cbio = NULL;
+    SSL_CTX *ctx = NULL;
+    OCSP_RESPONSE *resp = NULL;
+    cbio = BIO_new_connect(host);
+    if (!cbio) {
+        BIO_printf(err, "Error creating connect BIO\n");
+        goto end;
+    }
+    if (port)
+        BIO_set_conn_port(cbio, port);
+    if (use_ssl == 1) {
+        BIO *sbio;
+        ctx = SSL_CTX_new(SSLv23_client_method());
+        if (ctx == NULL) {
+            BIO_printf(err, "Error creating SSL context.\n");
+            goto end;
+        }
+        SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
+        sbio = BIO_new_ssl(ctx, 1);
+        cbio = BIO_push(sbio, cbio);
+    }
+    resp = query_responder(err, cbio, path, headers, req, req_timeout);
+    if (!resp)
+        BIO_printf(bio_err, "Error querying OCSP responder\n");
+ end:
+    if (cbio)
+        BIO_free_all(cbio);
+    if (ctx)
+        SSL_CTX_free(ctx);
+    return resp;
+}
+
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/apps/passwd.c
===================================================================
--- vendor-crypto/openssl/dist/apps/passwd.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/apps/passwd.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,494 +0,0 @@
-/* apps/passwd.c */
-
-#if defined OPENSSL_NO_MD5 || defined CHARSET_EBCDIC
-# define NO_MD5CRYPT_1
-#endif
-
-#if !defined(OPENSSL_NO_DES) || !defined(NO_MD5CRYPT_1)
-
-# include <assert.h>
-# include <string.h>
-
-# include "apps.h"
-
-# include <openssl/bio.h>
-# include <openssl/err.h>
-# include <openssl/evp.h>
-# include <openssl/rand.h>
-# ifndef OPENSSL_NO_DES
-#  include <openssl/des.h>
-# endif
-# ifndef NO_MD5CRYPT_1
-#  include <openssl/md5.h>
-# endif
-
-# undef PROG
-# define PROG passwd_main
-
-static unsigned const char cov_2char[64] = {
-    /* from crypto/des/fcrypt.c */
-    0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
-    0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44,
-    0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C,
-    0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54,
-    0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62,
-    0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A,
-    0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72,
-    0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A
-};
-
-static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
-                     char *passwd, BIO *out, int quiet, int table,
-                     int reverse, size_t pw_maxlen, int usecrypt, int use1,
-                     int useapr1);
-
-/*-
- * -crypt        - standard Unix password algorithm (default)
- * -1            - MD5-based password algorithm
- * -apr1         - MD5-based password algorithm, Apache variant
- * -salt string  - salt
- * -in file      - read passwords from file
- * -stdin        - read passwords from stdin
- * -noverify     - never verify when reading password from terminal
- * -quiet        - no warnings
- * -table        - format output as table
- * -reverse      - switch table columns
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-{
-    int ret = 1;
-    char *infile = NULL;
-    int in_stdin = 0;
-    int in_noverify = 0;
-    char *salt = NULL, *passwd = NULL, **passwds = NULL;
-    char *salt_malloc = NULL, *passwd_malloc = NULL;
-    size_t passwd_malloc_size = 0;
-    int pw_source_defined = 0;
-    BIO *in = NULL, *out = NULL;
-    int i, badopt, opt_done;
-    int passed_salt = 0, quiet = 0, table = 0, reverse = 0;
-    int usecrypt = 0, use1 = 0, useapr1 = 0;
-    size_t pw_maxlen = 0;
-
-    apps_startup();
-
-    if (bio_err == NULL)
-        if ((bio_err = BIO_new(BIO_s_file())) != NULL)
-            BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
-
-    if (!load_config(bio_err, NULL))
-        goto err;
-    out = BIO_new(BIO_s_file());
-    if (out == NULL)
-        goto err;
-    BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
-# ifdef OPENSSL_SYS_VMS
-    {
-        BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-        out = BIO_push(tmpbio, out);
-    }
-# endif
-
-    badopt = 0, opt_done = 0;
-    i = 0;
-    while (!badopt && !opt_done && argv[++i] != NULL) {
-        if (strcmp(argv[i], "-crypt") == 0)
-            usecrypt = 1;
-        else if (strcmp(argv[i], "-1") == 0)
-            use1 = 1;
-        else if (strcmp(argv[i], "-apr1") == 0)
-            useapr1 = 1;
-        else if (strcmp(argv[i], "-salt") == 0) {
-            if ((argv[i + 1] != NULL) && (salt == NULL)) {
-                passed_salt = 1;
-                salt = argv[++i];
-            } else
-                badopt = 1;
-        } else if (strcmp(argv[i], "-in") == 0) {
-            if ((argv[i + 1] != NULL) && !pw_source_defined) {
-                pw_source_defined = 1;
-                infile = argv[++i];
-            } else
-                badopt = 1;
-        } else if (strcmp(argv[i], "-stdin") == 0) {
-            if (!pw_source_defined) {
-                pw_source_defined = 1;
-                in_stdin = 1;
-            } else
-                badopt = 1;
-        } else if (strcmp(argv[i], "-noverify") == 0)
-            in_noverify = 1;
-        else if (strcmp(argv[i], "-quiet") == 0)
-            quiet = 1;
-        else if (strcmp(argv[i], "-table") == 0)
-            table = 1;
-        else if (strcmp(argv[i], "-reverse") == 0)
-            reverse = 1;
-        else if (argv[i][0] == '-')
-            badopt = 1;
-        else if (!pw_source_defined)
-            /* non-option arguments, use as passwords */
-        {
-            pw_source_defined = 1;
-            passwds = &argv[i];
-            opt_done = 1;
-        } else
-            badopt = 1;
-    }
-
-    if (!usecrypt && !use1 && !useapr1) /* use default */
-        usecrypt = 1;
-    if (usecrypt + use1 + useapr1 > 1) /* conflict */
-        badopt = 1;
-
-    /* reject unsupported algorithms */
-# ifdef OPENSSL_NO_DES
-    if (usecrypt)
-        badopt = 1;
-# endif
-# ifdef NO_MD5CRYPT_1
-    if (use1 || useapr1)
-        badopt = 1;
-# endif
-
-    if (badopt) {
-        BIO_printf(bio_err, "Usage: passwd [options] [passwords]\n");
-        BIO_printf(bio_err, "where options are\n");
-# ifndef OPENSSL_NO_DES
-        BIO_printf(bio_err,
-                   "-crypt             standard Unix password algorithm (default)\n");
-# endif
-# ifndef NO_MD5CRYPT_1
-        BIO_printf(bio_err,
-                   "-1                 MD5-based password algorithm\n");
-        BIO_printf(bio_err,
-                   "-apr1              MD5-based password algorithm, Apache variant\n");
-# endif
-        BIO_printf(bio_err, "-salt string       use provided salt\n");
-        BIO_printf(bio_err, "-in file           read passwords from file\n");
-        BIO_printf(bio_err, "-stdin             read passwords from stdin\n");
-        BIO_printf(bio_err,
-                   "-noverify          never verify when reading password from terminal\n");
-        BIO_printf(bio_err, "-quiet             no warnings\n");
-        BIO_printf(bio_err, "-table             format output as table\n");
-        BIO_printf(bio_err, "-reverse           switch table columns\n");
-
-        goto err;
-    }
-
-    if ((infile != NULL) || in_stdin) {
-        in = BIO_new(BIO_s_file());
-        if (in == NULL)
-            goto err;
-        if (infile != NULL) {
-            assert(in_stdin == 0);
-            if (BIO_read_filename(in, infile) <= 0)
-                goto err;
-        } else {
-            assert(in_stdin);
-            BIO_set_fp(in, stdin, BIO_NOCLOSE);
-        }
-    }
-
-    if (usecrypt)
-        pw_maxlen = 8;
-    else if (use1 || useapr1)
-        pw_maxlen = 256;        /* arbitrary limit, should be enough for most
-                                 * passwords */
-
-    if (passwds == NULL) {
-        /* no passwords on the command line */
-
-        passwd_malloc_size = pw_maxlen + 2;
-        /*
-         * longer than necessary so that we can warn about truncation
-         */
-        passwd = passwd_malloc = OPENSSL_malloc(passwd_malloc_size);
-        if (passwd_malloc == NULL)
-            goto err;
-    }
-
-    if ((in == NULL) && (passwds == NULL)) {
-        /* build a null-terminated list */
-        static char *passwds_static[2] = { NULL, NULL };
-
-        passwds = passwds_static;
-        if (in == NULL)
-            if (EVP_read_pw_string
-                (passwd_malloc, passwd_malloc_size, "Password: ",
-                 !(passed_salt || in_noverify)) != 0)
-                goto err;
-        passwds[0] = passwd_malloc;
-    }
-
-    if (in == NULL) {
-        assert(passwds != NULL);
-        assert(*passwds != NULL);
-
-        do {                    /* loop over list of passwords */
-            passwd = *passwds++;
-            if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
-                           quiet, table, reverse, pw_maxlen, usecrypt, use1,
-                           useapr1))
-                goto err;
-        }
-        while (*passwds != NULL);
-    } else
-        /* in != NULL */
-    {
-        int done;
-
-        assert(passwd != NULL);
-        do {
-            int r = BIO_gets(in, passwd, pw_maxlen + 1);
-            if (r > 0) {
-                char *c = (strchr(passwd, '\n'));
-                if (c != NULL)
-                    *c = 0;     /* truncate at newline */
-                else {
-                    /* ignore rest of line */
-                    char trash[BUFSIZ];
-                    do
-                        r = BIO_gets(in, trash, sizeof trash);
-                    while ((r > 0) && (!strchr(trash, '\n')));
-                }
-
-                if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
-                               quiet, table, reverse, pw_maxlen, usecrypt,
-                               use1, useapr1))
-                    goto err;
-            }
-            done = (r <= 0);
-        }
-        while (!done);
-    }
-    ret = 0;
-
- err:
-    ERR_print_errors(bio_err);
-    if (salt_malloc)
-        OPENSSL_free(salt_malloc);
-    if (passwd_malloc)
-        OPENSSL_free(passwd_malloc);
-    if (in)
-        BIO_free(in);
-    if (out)
-        BIO_free_all(out);
-    apps_shutdown();
-    OPENSSL_EXIT(ret);
-}
-
-# ifndef NO_MD5CRYPT_1
-/*
- * MD5-based password algorithm (should probably be available as a library
- * function; then the static buffer would not be acceptable). For magic
- * string "1", this should be compatible to the MD5-based BSD password
- * algorithm. For 'magic' string "apr1", this is compatible to the MD5-based
- * Apache password algorithm. (Apparently, the Apache password algorithm is
- * identical except that the 'magic' string was changed -- the laziest
- * application of the NIH principle I've ever encountered.)
- */
-static char *md5crypt(const char *passwd, const char *magic, const char *salt)
-{
-    /* "$apr1$..salt..$.......md5hash..........\0" */
-    static char out_buf[6 + 9 + 24 + 2];
-    unsigned char buf[MD5_DIGEST_LENGTH];
-    char *salt_out;
-    int n;
-    unsigned int i;
-    EVP_MD_CTX md, md2;
-    size_t passwd_len, salt_len;
-
-    passwd_len = strlen(passwd);
-    out_buf[0] = '$';
-    out_buf[1] = 0;
-    assert(strlen(magic) <= 4); /* "1" or "apr1" */
-    strncat(out_buf, magic, 4);
-    strncat(out_buf, "$", 1);
-    strncat(out_buf, salt, 8);
-    assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
-    salt_out = out_buf + 2 + strlen(magic);
-    salt_len = strlen(salt_out);
-    assert(salt_len <= 8);
-
-    EVP_MD_CTX_init(&md);
-    EVP_DigestInit_ex(&md, EVP_md5(), NULL);
-    EVP_DigestUpdate(&md, passwd, passwd_len);
-    EVP_DigestUpdate(&md, "$", 1);
-    EVP_DigestUpdate(&md, magic, strlen(magic));
-    EVP_DigestUpdate(&md, "$", 1);
-    EVP_DigestUpdate(&md, salt_out, salt_len);
-
-    EVP_MD_CTX_init(&md2);
-    EVP_DigestInit_ex(&md2, EVP_md5(), NULL);
-    EVP_DigestUpdate(&md2, passwd, passwd_len);
-    EVP_DigestUpdate(&md2, salt_out, salt_len);
-    EVP_DigestUpdate(&md2, passwd, passwd_len);
-    EVP_DigestFinal_ex(&md2, buf, NULL);
-
-    for (i = passwd_len; i > sizeof buf; i -= sizeof buf)
-        EVP_DigestUpdate(&md, buf, sizeof buf);
-    EVP_DigestUpdate(&md, buf, i);
-
-    n = passwd_len;
-    while (n) {
-        EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1);
-        n >>= 1;
-    }
-    EVP_DigestFinal_ex(&md, buf, NULL);
-
-    for (i = 0; i < 1000; i++) {
-        EVP_DigestInit_ex(&md2, EVP_md5(), NULL);
-        EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *)passwd : buf,
-                         (i & 1) ? passwd_len : sizeof buf);
-        if (i % 3)
-            EVP_DigestUpdate(&md2, salt_out, salt_len);
-        if (i % 7)
-            EVP_DigestUpdate(&md2, passwd, passwd_len);
-        EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *)passwd,
-                         (i & 1) ? sizeof buf : passwd_len);
-        EVP_DigestFinal_ex(&md2, buf, NULL);
-    }
-    EVP_MD_CTX_cleanup(&md2);
-
-    {
-        /* transform buf into output string */
-
-        unsigned char buf_perm[sizeof buf];
-        int dest, source;
-        char *output;
-
-        /* silly output permutation */
-        for (dest = 0, source = 0; dest < 14;
-             dest++, source = (source + 6) % 17)
-            buf_perm[dest] = buf[source];
-        buf_perm[14] = buf[5];
-        buf_perm[15] = buf[11];
-#  ifndef PEDANTIC              /* Unfortunately, this generates a "no
-                                 * effect" warning */
-        assert(16 == sizeof buf_perm);
-#  endif
-
-        output = salt_out + salt_len;
-        assert(output == out_buf + strlen(out_buf));
-
-        *output++ = '$';
-
-        for (i = 0; i < 15; i += 3) {
-            *output++ = cov_2char[buf_perm[i + 2] & 0x3f];
-            *output++ = cov_2char[((buf_perm[i + 1] & 0xf) << 2) |
-                                  (buf_perm[i + 2] >> 6)];
-            *output++ = cov_2char[((buf_perm[i] & 3) << 4) |
-                                  (buf_perm[i + 1] >> 4)];
-            *output++ = cov_2char[buf_perm[i] >> 2];
-        }
-        assert(i == 15);
-        *output++ = cov_2char[buf_perm[i] & 0x3f];
-        *output++ = cov_2char[buf_perm[i] >> 6];
-        *output = 0;
-        assert(strlen(out_buf) < sizeof(out_buf));
-    }
-    EVP_MD_CTX_cleanup(&md);
-
-    return out_buf;
-}
-# endif
-
-static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
-                     char *passwd, BIO *out, int quiet, int table,
-                     int reverse, size_t pw_maxlen, int usecrypt, int use1,
-                     int useapr1)
-{
-    char *hash = NULL;
-
-    assert(salt_p != NULL);
-    assert(salt_malloc_p != NULL);
-
-    /* first make sure we have a salt */
-    if (!passed_salt) {
-# ifndef OPENSSL_NO_DES
-        if (usecrypt) {
-            if (*salt_malloc_p == NULL) {
-                *salt_p = *salt_malloc_p = OPENSSL_malloc(3);
-                if (*salt_malloc_p == NULL)
-                    goto err;
-            }
-            if (RAND_pseudo_bytes((unsigned char *)*salt_p, 2) < 0)
-                goto err;
-            (*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */
-            (*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */
-            (*salt_p)[2] = 0;
-#  ifdef CHARSET_EBCDIC
-            ascii2ebcdic(*salt_p, *salt_p, 2); /* des_crypt will convert back
-                                                * to ASCII */
-#  endif
-        }
-# endif                         /* !OPENSSL_NO_DES */
-
-# ifndef NO_MD5CRYPT_1
-        if (use1 || useapr1) {
-            int i;
-
-            if (*salt_malloc_p == NULL) {
-                *salt_p = *salt_malloc_p = OPENSSL_malloc(9);
-                if (*salt_malloc_p == NULL)
-                    goto err;
-            }
-            if (RAND_pseudo_bytes((unsigned char *)*salt_p, 8) < 0)
-                goto err;
-
-            for (i = 0; i < 8; i++)
-                (*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */
-            (*salt_p)[8] = 0;
-        }
-# endif                         /* !NO_MD5CRYPT_1 */
-    }
-
-    assert(*salt_p != NULL);
-
-    /* truncate password if necessary */
-    if ((strlen(passwd) > pw_maxlen)) {
-        if (!quiet)
-            /*
-             * XXX: really we should know how to print a size_t, not cast it
-             */
-            BIO_printf(bio_err,
-                       "Warning: truncating password to %u characters\n",
-                       (unsigned)pw_maxlen);
-        passwd[pw_maxlen] = 0;
-    }
-    assert(strlen(passwd) <= pw_maxlen);
-
-    /* now compute password hash */
-# ifndef OPENSSL_NO_DES
-    if (usecrypt)
-        hash = DES_crypt(passwd, *salt_p);
-# endif
-# ifndef NO_MD5CRYPT_1
-    if (use1 || useapr1)
-        hash = md5crypt(passwd, (use1 ? "1" : "apr1"), *salt_p);
-# endif
-    assert(hash != NULL);
-
-    if (table && !reverse)
-        BIO_printf(out, "%s\t%s\n", passwd, hash);
-    else if (table && reverse)
-        BIO_printf(out, "%s\t%s\n", hash, passwd);
-    else
-        BIO_printf(out, "%s\n", hash);
-    return 1;
-
- err:
-    return 0;
-}
-#else
-
-int MAIN(int argc, char **argv)
-{
-    fputs("Program not available.\n", stderr)
-        OPENSSL_EXIT(1);
-}
-#endif

Copied: vendor-crypto/openssl/1.0.1u/apps/passwd.c (from rev 11605, vendor-crypto/openssl/dist/apps/passwd.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/apps/passwd.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/apps/passwd.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,494 @@
+/* apps/passwd.c */
+
+#if defined OPENSSL_NO_MD5 || defined CHARSET_EBCDIC
+# define NO_MD5CRYPT_1
+#endif
+
+#if !defined(OPENSSL_NO_DES) || !defined(NO_MD5CRYPT_1)
+
+# include <assert.h>
+# include <string.h>
+
+# include "apps.h"
+
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/evp.h>
+# include <openssl/rand.h>
+# ifndef OPENSSL_NO_DES
+#  include <openssl/des.h>
+# endif
+# ifndef NO_MD5CRYPT_1
+#  include <openssl/md5.h>
+# endif
+
+# undef PROG
+# define PROG passwd_main
+
+static unsigned const char cov_2char[64] = {
+    /* from crypto/des/fcrypt.c */
+    0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
+    0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44,
+    0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C,
+    0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54,
+    0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62,
+    0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A,
+    0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72,
+    0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A
+};
+
+static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
+                     char *passwd, BIO *out, int quiet, int table,
+                     int reverse, size_t pw_maxlen, int usecrypt, int use1,
+                     int useapr1);
+
+/*-
+ * -crypt        - standard Unix password algorithm (default)
+ * -1            - MD5-based password algorithm
+ * -apr1         - MD5-based password algorithm, Apache variant
+ * -salt string  - salt
+ * -in file      - read passwords from file
+ * -stdin        - read passwords from stdin
+ * -noverify     - never verify when reading password from terminal
+ * -quiet        - no warnings
+ * -table        - format output as table
+ * -reverse      - switch table columns
+ */
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+    int ret = 1;
+    char *infile = NULL;
+    int in_stdin = 0;
+    int in_noverify = 0;
+    char *salt = NULL, *passwd = NULL, **passwds = NULL;
+    char *salt_malloc = NULL, *passwd_malloc = NULL;
+    size_t passwd_malloc_size = 0;
+    int pw_source_defined = 0;
+    BIO *in = NULL, *out = NULL;
+    int i, badopt, opt_done;
+    int passed_salt = 0, quiet = 0, table = 0, reverse = 0;
+    int usecrypt = 0, use1 = 0, useapr1 = 0;
+    size_t pw_maxlen = 0;
+
+    apps_startup();
+
+    if (bio_err == NULL)
+        if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+            BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+    if (!load_config(bio_err, NULL))
+        goto err;
+    out = BIO_new(BIO_s_file());
+    if (out == NULL)
+        goto err;
+    BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
+# ifdef OPENSSL_SYS_VMS
+    {
+        BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+        out = BIO_push(tmpbio, out);
+    }
+# endif
+
+    badopt = 0, opt_done = 0;
+    i = 0;
+    while (!badopt && !opt_done && argv[++i] != NULL) {
+        if (strcmp(argv[i], "-crypt") == 0)
+            usecrypt = 1;
+        else if (strcmp(argv[i], "-1") == 0)
+            use1 = 1;
+        else if (strcmp(argv[i], "-apr1") == 0)
+            useapr1 = 1;
+        else if (strcmp(argv[i], "-salt") == 0) {
+            if ((argv[i + 1] != NULL) && (salt == NULL)) {
+                passed_salt = 1;
+                salt = argv[++i];
+            } else
+                badopt = 1;
+        } else if (strcmp(argv[i], "-in") == 0) {
+            if ((argv[i + 1] != NULL) && !pw_source_defined) {
+                pw_source_defined = 1;
+                infile = argv[++i];
+            } else
+                badopt = 1;
+        } else if (strcmp(argv[i], "-stdin") == 0) {
+            if (!pw_source_defined) {
+                pw_source_defined = 1;
+                in_stdin = 1;
+            } else
+                badopt = 1;
+        } else if (strcmp(argv[i], "-noverify") == 0)
+            in_noverify = 1;
+        else if (strcmp(argv[i], "-quiet") == 0)
+            quiet = 1;
+        else if (strcmp(argv[i], "-table") == 0)
+            table = 1;
+        else if (strcmp(argv[i], "-reverse") == 0)
+            reverse = 1;
+        else if (argv[i][0] == '-')
+            badopt = 1;
+        else if (!pw_source_defined)
+            /* non-option arguments, use as passwords */
+        {
+            pw_source_defined = 1;
+            passwds = &argv[i];
+            opt_done = 1;
+        } else
+            badopt = 1;
+    }
+
+    if (!usecrypt && !use1 && !useapr1) /* use default */
+        usecrypt = 1;
+    if (usecrypt + use1 + useapr1 > 1) /* conflict */
+        badopt = 1;
+
+    /* reject unsupported algorithms */
+# ifdef OPENSSL_NO_DES
+    if (usecrypt)
+        badopt = 1;
+# endif
+# ifdef NO_MD5CRYPT_1
+    if (use1 || useapr1)
+        badopt = 1;
+# endif
+
+    if (badopt) {
+        BIO_printf(bio_err, "Usage: passwd [options] [passwords]\n");
+        BIO_printf(bio_err, "where options are\n");
+# ifndef OPENSSL_NO_DES
+        BIO_printf(bio_err,
+                   "-crypt             standard Unix password algorithm (default)\n");
+# endif
+# ifndef NO_MD5CRYPT_1
+        BIO_printf(bio_err,
+                   "-1                 MD5-based password algorithm\n");
+        BIO_printf(bio_err,
+                   "-apr1              MD5-based password algorithm, Apache variant\n");
+# endif
+        BIO_printf(bio_err, "-salt string       use provided salt\n");
+        BIO_printf(bio_err, "-in file           read passwords from file\n");
+        BIO_printf(bio_err, "-stdin             read passwords from stdin\n");
+        BIO_printf(bio_err,
+                   "-noverify          never verify when reading password from terminal\n");
+        BIO_printf(bio_err, "-quiet             no warnings\n");
+        BIO_printf(bio_err, "-table             format output as table\n");
+        BIO_printf(bio_err, "-reverse           switch table columns\n");
+
+        goto err;
+    }
+
+    if ((infile != NULL) || in_stdin) {
+        in = BIO_new(BIO_s_file());
+        if (in == NULL)
+            goto err;
+        if (infile != NULL) {
+            assert(in_stdin == 0);
+            if (BIO_read_filename(in, infile) <= 0)
+                goto err;
+        } else {
+            assert(in_stdin);
+            BIO_set_fp(in, stdin, BIO_NOCLOSE);
+        }
+    }
+
+    if (usecrypt)
+        pw_maxlen = 8;
+    else if (use1 || useapr1)
+        pw_maxlen = 256;        /* arbitrary limit, should be enough for most
+                                 * passwords */
+
+    if (passwds == NULL) {
+        /* no passwords on the command line */
+
+        passwd_malloc_size = pw_maxlen + 2;
+        /*
+         * longer than necessary so that we can warn about truncation
+         */
+        passwd = passwd_malloc = OPENSSL_malloc(passwd_malloc_size);
+        if (passwd_malloc == NULL)
+            goto err;
+    }
+
+    if ((in == NULL) && (passwds == NULL)) {
+        /* build a null-terminated list */
+        static char *passwds_static[2] = { NULL, NULL };
+
+        passwds = passwds_static;
+        if (in == NULL)
+            if (EVP_read_pw_string
+                (passwd_malloc, passwd_malloc_size, "Password: ",
+                 !(passed_salt || in_noverify)) != 0)
+                goto err;
+        passwds[0] = passwd_malloc;
+    }
+
+    if (in == NULL) {
+        assert(passwds != NULL);
+        assert(*passwds != NULL);
+
+        do {                    /* loop over list of passwords */
+            passwd = *passwds++;
+            if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
+                           quiet, table, reverse, pw_maxlen, usecrypt, use1,
+                           useapr1))
+                goto err;
+        }
+        while (*passwds != NULL);
+    } else
+        /* in != NULL */
+    {
+        int done;
+
+        assert(passwd != NULL);
+        do {
+            int r = BIO_gets(in, passwd, pw_maxlen + 1);
+            if (r > 0) {
+                char *c = (strchr(passwd, '\n'));
+                if (c != NULL)
+                    *c = 0;     /* truncate at newline */
+                else {
+                    /* ignore rest of line */
+                    char trash[BUFSIZ];
+                    do
+                        r = BIO_gets(in, trash, sizeof trash);
+                    while ((r > 0) && (!strchr(trash, '\n')));
+                }
+
+                if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
+                               quiet, table, reverse, pw_maxlen, usecrypt,
+                               use1, useapr1))
+                    goto err;
+            }
+            done = (r <= 0);
+        }
+        while (!done);
+    }
+    ret = 0;
+
+ err:
+    ERR_print_errors(bio_err);
+    if (salt_malloc)
+        OPENSSL_free(salt_malloc);
+    if (passwd_malloc)
+        OPENSSL_free(passwd_malloc);
+    if (in)
+        BIO_free(in);
+    if (out)
+        BIO_free_all(out);
+    apps_shutdown();
+    OPENSSL_EXIT(ret);
+}
+
+# ifndef NO_MD5CRYPT_1
+/*
+ * MD5-based password algorithm (should probably be available as a library
+ * function; then the static buffer would not be acceptable). For magic
+ * string "1", this should be compatible to the MD5-based BSD password
+ * algorithm. For 'magic' string "apr1", this is compatible to the MD5-based
+ * Apache password algorithm. (Apparently, the Apache password algorithm is
+ * identical except that the 'magic' string was changed -- the laziest
+ * application of the NIH principle I've ever encountered.)
+ */
+static char *md5crypt(const char *passwd, const char *magic, const char *salt)
+{
+    /* "$apr1$..salt..$.......md5hash..........\0" */
+    static char out_buf[6 + 9 + 24 + 2];
+    unsigned char buf[MD5_DIGEST_LENGTH];
+    char *salt_out;
+    int n;
+    unsigned int i;
+    EVP_MD_CTX md, md2;
+    size_t passwd_len, salt_len;
+
+    passwd_len = strlen(passwd);
+    out_buf[0] = '$';
+    out_buf[1] = 0;
+    assert(strlen(magic) <= 4); /* "1" or "apr1" */
+    strncat(out_buf, magic, 4);
+    strncat(out_buf, "$", 1);
+    strncat(out_buf, salt, 8);
+    assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
+    salt_out = out_buf + 2 + strlen(magic);
+    salt_len = strlen(salt_out);
+    assert(salt_len <= 8);
+
+    EVP_MD_CTX_init(&md);
+    EVP_DigestInit_ex(&md, EVP_md5(), NULL);
+    EVP_DigestUpdate(&md, passwd, passwd_len);
+    EVP_DigestUpdate(&md, "$", 1);
+    EVP_DigestUpdate(&md, magic, strlen(magic));
+    EVP_DigestUpdate(&md, "$", 1);
+    EVP_DigestUpdate(&md, salt_out, salt_len);
+
+    EVP_MD_CTX_init(&md2);
+    EVP_DigestInit_ex(&md2, EVP_md5(), NULL);
+    EVP_DigestUpdate(&md2, passwd, passwd_len);
+    EVP_DigestUpdate(&md2, salt_out, salt_len);
+    EVP_DigestUpdate(&md2, passwd, passwd_len);
+    EVP_DigestFinal_ex(&md2, buf, NULL);
+
+    for (i = passwd_len; i > sizeof buf; i -= sizeof buf)
+        EVP_DigestUpdate(&md, buf, sizeof buf);
+    EVP_DigestUpdate(&md, buf, i);
+
+    n = passwd_len;
+    while (n) {
+        EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1);
+        n >>= 1;
+    }
+    EVP_DigestFinal_ex(&md, buf, NULL);
+
+    for (i = 0; i < 1000; i++) {
+        EVP_DigestInit_ex(&md2, EVP_md5(), NULL);
+        EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *)passwd : buf,
+                         (i & 1) ? passwd_len : sizeof buf);
+        if (i % 3)
+            EVP_DigestUpdate(&md2, salt_out, salt_len);
+        if (i % 7)
+            EVP_DigestUpdate(&md2, passwd, passwd_len);
+        EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *)passwd,
+                         (i & 1) ? sizeof buf : passwd_len);
+        EVP_DigestFinal_ex(&md2, buf, NULL);
+    }
+    EVP_MD_CTX_cleanup(&md2);
+
+    {
+        /* transform buf into output string */
+
+        unsigned char buf_perm[sizeof buf];
+        int dest, source;
+        char *output;
+
+        /* silly output permutation */
+        for (dest = 0, source = 0; dest < 14;
+             dest++, source = (source + 6) % 17)
+            buf_perm[dest] = buf[source];
+        buf_perm[14] = buf[5];
+        buf_perm[15] = buf[11];
+#  ifndef PEDANTIC              /* Unfortunately, this generates a "no
+                                 * effect" warning */
+        assert(16 == sizeof buf_perm);
+#  endif
+
+        output = salt_out + salt_len;
+        assert(output == out_buf + strlen(out_buf));
+
+        *output++ = '$';
+
+        for (i = 0; i < 15; i += 3) {
+            *output++ = cov_2char[buf_perm[i + 2] & 0x3f];
+            *output++ = cov_2char[((buf_perm[i + 1] & 0xf) << 2) |
+                                  (buf_perm[i + 2] >> 6)];
+            *output++ = cov_2char[((buf_perm[i] & 3) << 4) |
+                                  (buf_perm[i + 1] >> 4)];
+            *output++ = cov_2char[buf_perm[i] >> 2];
+        }
+        assert(i == 15);
+        *output++ = cov_2char[buf_perm[i] & 0x3f];
+        *output++ = cov_2char[buf_perm[i] >> 6];
+        *output = 0;
+        assert(strlen(out_buf) < sizeof(out_buf));
+    }
+    EVP_MD_CTX_cleanup(&md);
+
+    return out_buf;
+}
+# endif
+
+static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
+                     char *passwd, BIO *out, int quiet, int table,
+                     int reverse, size_t pw_maxlen, int usecrypt, int use1,
+                     int useapr1)
+{
+    char *hash = NULL;
+
+    assert(salt_p != NULL);
+    assert(salt_malloc_p != NULL);
+
+    /* first make sure we have a salt */
+    if (!passed_salt) {
+# ifndef OPENSSL_NO_DES
+        if (usecrypt) {
+            if (*salt_malloc_p == NULL) {
+                *salt_p = *salt_malloc_p = OPENSSL_malloc(3);
+                if (*salt_malloc_p == NULL)
+                    goto err;
+            }
+            if (RAND_bytes((unsigned char *)*salt_p, 2) <= 0)
+                goto err;
+            (*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */
+            (*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */
+            (*salt_p)[2] = 0;
+#  ifdef CHARSET_EBCDIC
+            ascii2ebcdic(*salt_p, *salt_p, 2); /* des_crypt will convert back
+                                                * to ASCII */
+#  endif
+        }
+# endif                         /* !OPENSSL_NO_DES */
+
+# ifndef NO_MD5CRYPT_1
+        if (use1 || useapr1) {
+            int i;
+
+            if (*salt_malloc_p == NULL) {
+                *salt_p = *salt_malloc_p = OPENSSL_malloc(9);
+                if (*salt_malloc_p == NULL)
+                    goto err;
+            }
+            if (RAND_bytes((unsigned char *)*salt_p, 8) <= 0)
+                goto err;
+
+            for (i = 0; i < 8; i++)
+                (*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */
+            (*salt_p)[8] = 0;
+        }
+# endif                         /* !NO_MD5CRYPT_1 */
+    }
+
+    assert(*salt_p != NULL);
+
+    /* truncate password if necessary */
+    if ((strlen(passwd) > pw_maxlen)) {
+        if (!quiet)
+            /*
+             * XXX: really we should know how to print a size_t, not cast it
+             */
+            BIO_printf(bio_err,
+                       "Warning: truncating password to %u characters\n",
+                       (unsigned)pw_maxlen);
+        passwd[pw_maxlen] = 0;
+    }
+    assert(strlen(passwd) <= pw_maxlen);
+
+    /* now compute password hash */
+# ifndef OPENSSL_NO_DES
+    if (usecrypt)
+        hash = DES_crypt(passwd, *salt_p);
+# endif
+# ifndef NO_MD5CRYPT_1
+    if (use1 || useapr1)
+        hash = md5crypt(passwd, (use1 ? "1" : "apr1"), *salt_p);
+# endif
+    assert(hash != NULL);
+
+    if (table && !reverse)
+        BIO_printf(out, "%s\t%s\n", passwd, hash);
+    else if (table && reverse)
+        BIO_printf(out, "%s\t%s\n", hash, passwd);
+    else
+        BIO_printf(out, "%s\n", hash);
+    return 1;
+
+ err:
+    return 0;
+}
+#else
+
+int MAIN(int argc, char **argv)
+{
+    fputs("Program not available.\n", stderr)
+        OPENSSL_EXIT(1);
+}
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/apps/pkcs12.c
===================================================================
--- vendor-crypto/openssl/dist/apps/pkcs12.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/apps/pkcs12.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,1068 +0,0 @@
-/* pkcs12.c */
-/*
- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <openssl/opensslconf.h>
-#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
-
-# include <stdio.h>
-# include <stdlib.h>
-# include <string.h>
-# include "apps.h"
-# include <openssl/crypto.h>
-# include <openssl/err.h>
-# include <openssl/pem.h>
-# include <openssl/pkcs12.h>
-
-# define PROG pkcs12_main
-
-const EVP_CIPHER *enc;
-
-# define NOKEYS          0x1
-# define NOCERTS         0x2
-# define INFO            0x4
-# define CLCERTS         0x8
-# define CACERTS         0x10
-
-int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain);
-int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen,
-                        int options, char *pempass);
-int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
-                          char *pass, int passlen, int options,
-                          char *pempass);
-int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass,
-                         int passlen, int options, char *pempass);
-int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,
-                  const char *name);
-void hex_prin(BIO *out, unsigned char *buf, int len);
-int alg_print(BIO *x, X509_ALGOR *alg);
-int cert_load(BIO *in, STACK_OF(X509) *sk);
-static int set_pbe(BIO *err, int *ppbe, const char *str);
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-{
-    ENGINE *e = NULL;
-    char *infile = NULL, *outfile = NULL, *keyname = NULL;
-    char *certfile = NULL;
-    BIO *in = NULL, *out = NULL;
-    char **args;
-    char *name = NULL;
-    char *csp_name = NULL;
-    int add_lmk = 0;
-    PKCS12 *p12 = NULL;
-    char pass[50], macpass[50];
-    int export_cert = 0;
-    int options = 0;
-    int chain = 0;
-    int badarg = 0;
-    int iter = PKCS12_DEFAULT_ITER;
-    int maciter = PKCS12_DEFAULT_ITER;
-    int twopass = 0;
-    int keytype = 0;
-    int cert_pbe;
-    int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-    int ret = 1;
-    int macver = 1;
-    int noprompt = 0;
-    STACK_OF(OPENSSL_STRING) *canames = NULL;
-    char *cpass = NULL, *mpass = NULL;
-    char *passargin = NULL, *passargout = NULL, *passarg = NULL;
-    char *passin = NULL, *passout = NULL;
-    char *inrand = NULL;
-    char *macalg = NULL;
-    char *CApath = NULL, *CAfile = NULL;
-# ifndef OPENSSL_NO_ENGINE
-    char *engine = NULL;
-# endif
-
-    apps_startup();
-
-    enc = EVP_des_ede3_cbc();
-    if (bio_err == NULL)
-        bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
-
-    if (!load_config(bio_err, NULL))
-        goto end;
-
-# ifdef OPENSSL_FIPS
-    if (FIPS_mode())
-        cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-    else
-# endif
-        cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
-
-    args = argv + 1;
-
-    while (*args) {
-        if (*args[0] == '-') {
-            if (!strcmp(*args, "-nokeys"))
-                options |= NOKEYS;
-            else if (!strcmp(*args, "-keyex"))
-                keytype = KEY_EX;
-            else if (!strcmp(*args, "-keysig"))
-                keytype = KEY_SIG;
-            else if (!strcmp(*args, "-nocerts"))
-                options |= NOCERTS;
-            else if (!strcmp(*args, "-clcerts"))
-                options |= CLCERTS;
-            else if (!strcmp(*args, "-cacerts"))
-                options |= CACERTS;
-            else if (!strcmp(*args, "-noout"))
-                options |= (NOKEYS | NOCERTS);
-            else if (!strcmp(*args, "-info"))
-                options |= INFO;
-            else if (!strcmp(*args, "-chain"))
-                chain = 1;
-            else if (!strcmp(*args, "-twopass"))
-                twopass = 1;
-            else if (!strcmp(*args, "-nomacver"))
-                macver = 0;
-            else if (!strcmp(*args, "-descert"))
-                cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-            else if (!strcmp(*args, "-export"))
-                export_cert = 1;
-            else if (!strcmp(*args, "-des"))
-                enc = EVP_des_cbc();
-            else if (!strcmp(*args, "-des3"))
-                enc = EVP_des_ede3_cbc();
-# ifndef OPENSSL_NO_IDEA
-            else if (!strcmp(*args, "-idea"))
-                enc = EVP_idea_cbc();
-# endif
-# ifndef OPENSSL_NO_SEED
-            else if (!strcmp(*args, "-seed"))
-                enc = EVP_seed_cbc();
-# endif
-# ifndef OPENSSL_NO_AES
-            else if (!strcmp(*args, "-aes128"))
-                enc = EVP_aes_128_cbc();
-            else if (!strcmp(*args, "-aes192"))
-                enc = EVP_aes_192_cbc();
-            else if (!strcmp(*args, "-aes256"))
-                enc = EVP_aes_256_cbc();
-# endif
-# ifndef OPENSSL_NO_CAMELLIA
-            else if (!strcmp(*args, "-camellia128"))
-                enc = EVP_camellia_128_cbc();
-            else if (!strcmp(*args, "-camellia192"))
-                enc = EVP_camellia_192_cbc();
-            else if (!strcmp(*args, "-camellia256"))
-                enc = EVP_camellia_256_cbc();
-# endif
-            else if (!strcmp(*args, "-noiter"))
-                iter = 1;
-            else if (!strcmp(*args, "-maciter"))
-                maciter = PKCS12_DEFAULT_ITER;
-            else if (!strcmp(*args, "-nomaciter"))
-                maciter = 1;
-            else if (!strcmp(*args, "-nomac"))
-                maciter = -1;
-            else if (!strcmp(*args, "-macalg"))
-                if (args[1]) {
-                    args++;
-                    macalg = *args;
-                } else
-                    badarg = 1;
-            else if (!strcmp(*args, "-nodes"))
-                enc = NULL;
-            else if (!strcmp(*args, "-certpbe")) {
-                if (!set_pbe(bio_err, &cert_pbe, *++args))
-                    badarg = 1;
-            } else if (!strcmp(*args, "-keypbe")) {
-                if (!set_pbe(bio_err, &key_pbe, *++args))
-                    badarg = 1;
-            } else if (!strcmp(*args, "-rand")) {
-                if (args[1]) {
-                    args++;
-                    inrand = *args;
-                } else
-                    badarg = 1;
-            } else if (!strcmp(*args, "-inkey")) {
-                if (args[1]) {
-                    args++;
-                    keyname = *args;
-                } else
-                    badarg = 1;
-            } else if (!strcmp(*args, "-certfile")) {
-                if (args[1]) {
-                    args++;
-                    certfile = *args;
-                } else
-                    badarg = 1;
-            } else if (!strcmp(*args, "-name")) {
-                if (args[1]) {
-                    args++;
-                    name = *args;
-                } else
-                    badarg = 1;
-            } else if (!strcmp(*args, "-LMK"))
-                add_lmk = 1;
-            else if (!strcmp(*args, "-CSP")) {
-                if (args[1]) {
-                    args++;
-                    csp_name = *args;
-                } else
-                    badarg = 1;
-            } else if (!strcmp(*args, "-caname")) {
-                if (args[1]) {
-                    args++;
-                    if (!canames)
-                        canames = sk_OPENSSL_STRING_new_null();
-                    sk_OPENSSL_STRING_push(canames, *args);
-                } else
-                    badarg = 1;
-            } else if (!strcmp(*args, "-in")) {
-                if (args[1]) {
-                    args++;
-                    infile = *args;
-                } else
-                    badarg = 1;
-            } else if (!strcmp(*args, "-out")) {
-                if (args[1]) {
-                    args++;
-                    outfile = *args;
-                } else
-                    badarg = 1;
-            } else if (!strcmp(*args, "-passin")) {
-                if (args[1]) {
-                    args++;
-                    passargin = *args;
-                } else
-                    badarg = 1;
-            } else if (!strcmp(*args, "-passout")) {
-                if (args[1]) {
-                    args++;
-                    passargout = *args;
-                } else
-                    badarg = 1;
-            } else if (!strcmp(*args, "-password")) {
-                if (args[1]) {
-                    args++;
-                    passarg = *args;
-                    noprompt = 1;
-                } else
-                    badarg = 1;
-            } else if (!strcmp(*args, "-CApath")) {
-                if (args[1]) {
-                    args++;
-                    CApath = *args;
-                } else
-                    badarg = 1;
-            } else if (!strcmp(*args, "-CAfile")) {
-                if (args[1]) {
-                    args++;
-                    CAfile = *args;
-                } else
-                    badarg = 1;
-# ifndef OPENSSL_NO_ENGINE
-            } else if (!strcmp(*args, "-engine")) {
-                if (args[1]) {
-                    args++;
-                    engine = *args;
-                } else
-                    badarg = 1;
-# endif
-            } else
-                badarg = 1;
-
-        } else
-            badarg = 1;
-        args++;
-    }
-
-    if (badarg) {
-        BIO_printf(bio_err, "Usage: pkcs12 [options]\n");
-        BIO_printf(bio_err, "where options are\n");
-        BIO_printf(bio_err, "-export       output PKCS12 file\n");
-        BIO_printf(bio_err, "-chain        add certificate chain\n");
-        BIO_printf(bio_err, "-inkey file   private key if not infile\n");
-        BIO_printf(bio_err, "-certfile f   add all certs in f\n");
-        BIO_printf(bio_err, "-CApath arg   - PEM format directory of CA's\n");
-        BIO_printf(bio_err, "-CAfile arg   - PEM format file of CA's\n");
-        BIO_printf(bio_err, "-name \"name\"  use name as friendly name\n");
-        BIO_printf(bio_err,
-                   "-caname \"nm\"  use nm as CA friendly name (can be used more than once).\n");
-        BIO_printf(bio_err, "-in  infile   input filename\n");
-        BIO_printf(bio_err, "-out outfile  output filename\n");
-        BIO_printf(bio_err,
-                   "-noout        don't output anything, just verify.\n");
-        BIO_printf(bio_err, "-nomacver     don't verify MAC.\n");
-        BIO_printf(bio_err, "-nocerts      don't output certificates.\n");
-        BIO_printf(bio_err,
-                   "-clcerts      only output client certificates.\n");
-        BIO_printf(bio_err, "-cacerts      only output CA certificates.\n");
-        BIO_printf(bio_err, "-nokeys       don't output private keys.\n");
-        BIO_printf(bio_err,
-                   "-info         give info about PKCS#12 structure.\n");
-        BIO_printf(bio_err, "-des          encrypt private keys with DES\n");
-        BIO_printf(bio_err,
-                   "-des3         encrypt private keys with triple DES (default)\n");
-# ifndef OPENSSL_NO_IDEA
-        BIO_printf(bio_err, "-idea         encrypt private keys with idea\n");
-# endif
-# ifndef OPENSSL_NO_SEED
-        BIO_printf(bio_err, "-seed         encrypt private keys with seed\n");
-# endif
-# ifndef OPENSSL_NO_AES
-        BIO_printf(bio_err, "-aes128, -aes192, -aes256\n");
-        BIO_printf(bio_err,
-                   "              encrypt PEM output with cbc aes\n");
-# endif
-# ifndef OPENSSL_NO_CAMELLIA
-        BIO_printf(bio_err, "-camellia128, -camellia192, -camellia256\n");
-        BIO_printf(bio_err,
-                   "              encrypt PEM output with cbc camellia\n");
-# endif
-        BIO_printf(bio_err, "-nodes        don't encrypt private keys\n");
-        BIO_printf(bio_err, "-noiter       don't use encryption iteration\n");
-        BIO_printf(bio_err, "-nomaciter    don't use MAC iteration\n");
-        BIO_printf(bio_err, "-maciter      use MAC iteration\n");
-        BIO_printf(bio_err, "-nomac        don't generate MAC\n");
-        BIO_printf(bio_err,
-                   "-twopass      separate MAC, encryption passwords\n");
-        BIO_printf(bio_err,
-                   "-descert      encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
-        BIO_printf(bio_err,
-                   "-certpbe alg  specify certificate PBE algorithm (default RC2-40)\n");
-        BIO_printf(bio_err,
-                   "-keypbe alg   specify private key PBE algorithm (default 3DES)\n");
-        BIO_printf(bio_err,
-                   "-macalg alg   digest algorithm used in MAC (default SHA1)\n");
-        BIO_printf(bio_err, "-keyex        set MS key exchange type\n");
-        BIO_printf(bio_err, "-keysig       set MS key signature type\n");
-        BIO_printf(bio_err,
-                   "-password p   set import/export password source\n");
-        BIO_printf(bio_err, "-passin p     input file pass phrase source\n");
-        BIO_printf(bio_err, "-passout p    output file pass phrase source\n");
-# ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   "-engine e     use engine e, possibly a hardware device.\n");
-# endif
-        BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
-                   LIST_SEPARATOR_CHAR);
-        BIO_printf(bio_err,
-                   "              load the file (or the files in the directory) into\n");
-        BIO_printf(bio_err, "              the random number generator\n");
-        BIO_printf(bio_err, "-CSP name     Microsoft CSP name\n");
-        BIO_printf(bio_err,
-                   "-LMK          Add local machine keyset attribute to private key\n");
-        goto end;
-    }
-# ifndef OPENSSL_NO_ENGINE
-    e = setup_engine(bio_err, engine, 0);
-# endif
-
-    if (passarg) {
-        if (export_cert)
-            passargout = passarg;
-        else
-            passargin = passarg;
-    }
-
-    if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
-        BIO_printf(bio_err, "Error getting passwords\n");
-        goto end;
-    }
-
-    if (!cpass) {
-        if (export_cert)
-            cpass = passout;
-        else
-            cpass = passin;
-    }
-
-    if (cpass) {
-        mpass = cpass;
-        noprompt = 1;
-    } else {
-        cpass = pass;
-        mpass = macpass;
-    }
-
-    if (export_cert || inrand) {
-        app_RAND_load_file(NULL, bio_err, (inrand != NULL));
-        if (inrand != NULL)
-            BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
-                       app_RAND_load_files(inrand));
-    }
-    ERR_load_crypto_strings();
-
-# ifdef CRYPTO_MDEBUG
-    CRYPTO_push_info("read files");
-# endif
-
-    if (!infile)
-        in = BIO_new_fp(stdin, BIO_NOCLOSE);
-    else
-        in = BIO_new_file(infile, "rb");
-    if (!in) {
-        BIO_printf(bio_err, "Error opening input file %s\n",
-                   infile ? infile : "<stdin>");
-        perror(infile);
-        goto end;
-    }
-# ifdef CRYPTO_MDEBUG
-    CRYPTO_pop_info();
-    CRYPTO_push_info("write files");
-# endif
-
-    if (!outfile) {
-        out = BIO_new_fp(stdout, BIO_NOCLOSE);
-# ifdef OPENSSL_SYS_VMS
-        {
-            BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-            out = BIO_push(tmpbio, out);
-        }
-# endif
-    } else
-        out = BIO_new_file(outfile, "wb");
-    if (!out) {
-        BIO_printf(bio_err, "Error opening output file %s\n",
-                   outfile ? outfile : "<stdout>");
-        perror(outfile);
-        goto end;
-    }
-    if (twopass) {
-# ifdef CRYPTO_MDEBUG
-        CRYPTO_push_info("read MAC password");
-# endif
-        if (EVP_read_pw_string
-            (macpass, sizeof macpass, "Enter MAC Password:", export_cert)) {
-            BIO_printf(bio_err, "Can't read Password\n");
-            goto end;
-        }
-# ifdef CRYPTO_MDEBUG
-        CRYPTO_pop_info();
-# endif
-    }
-
-    if (export_cert) {
-        EVP_PKEY *key = NULL;
-        X509 *ucert = NULL, *x = NULL;
-        STACK_OF(X509) *certs = NULL;
-        const EVP_MD *macmd = NULL;
-        unsigned char *catmp = NULL;
-        int i;
-
-        if ((options & (NOCERTS | NOKEYS)) == (NOCERTS | NOKEYS)) {
-            BIO_printf(bio_err, "Nothing to do!\n");
-            goto export_end;
-        }
-
-        if (options & NOCERTS)
-            chain = 0;
-
-# ifdef CRYPTO_MDEBUG
-        CRYPTO_push_info("process -export_cert");
-        CRYPTO_push_info("reading private key");
-# endif
-        if (!(options & NOKEYS)) {
-            key = load_key(bio_err, keyname ? keyname : infile,
-                           FORMAT_PEM, 1, passin, e, "private key");
-            if (!key)
-                goto export_end;
-        }
-# ifdef CRYPTO_MDEBUG
-        CRYPTO_pop_info();
-        CRYPTO_push_info("reading certs from input");
-# endif
-
-        /* Load in all certs in input file */
-        if (!(options & NOCERTS)) {
-            certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e,
-                               "certificates");
-            if (!certs)
-                goto export_end;
-
-            if (key) {
-                /* Look for matching private key */
-                for (i = 0; i < sk_X509_num(certs); i++) {
-                    x = sk_X509_value(certs, i);
-                    if (X509_check_private_key(x, key)) {
-                        ucert = x;
-                        /* Zero keyid and alias */
-                        X509_keyid_set1(ucert, NULL, 0);
-                        X509_alias_set1(ucert, NULL, 0);
-                        /* Remove from list */
-                        (void)sk_X509_delete(certs, i);
-                        break;
-                    }
-                }
-                if (!ucert) {
-                    BIO_printf(bio_err,
-                               "No certificate matches private key\n");
-                    goto export_end;
-                }
-            }
-
-        }
-# ifdef CRYPTO_MDEBUG
-        CRYPTO_pop_info();
-        CRYPTO_push_info("reading certs from input 2");
-# endif
-
-        /* Add any more certificates asked for */
-        if (certfile) {
-            STACK_OF(X509) *morecerts = NULL;
-            if (!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM,
-                                         NULL, e,
-                                         "certificates from certfile")))
-                goto export_end;
-            while (sk_X509_num(morecerts) > 0)
-                sk_X509_push(certs, sk_X509_shift(morecerts));
-            sk_X509_free(morecerts);
-        }
-# ifdef CRYPTO_MDEBUG
-        CRYPTO_pop_info();
-        CRYPTO_push_info("reading certs from certfile");
-# endif
-
-# ifdef CRYPTO_MDEBUG
-        CRYPTO_pop_info();
-        CRYPTO_push_info("building chain");
-# endif
-
-        /* If chaining get chain from user cert */
-        if (chain) {
-            int vret;
-            STACK_OF(X509) *chain2;
-            X509_STORE *store = X509_STORE_new();
-            if (!store) {
-                BIO_printf(bio_err, "Memory allocation error\n");
-                goto export_end;
-            }
-            if (!X509_STORE_load_locations(store, CAfile, CApath))
-                X509_STORE_set_default_paths(store);
-
-            vret = get_cert_chain(ucert, store, &chain2);
-            X509_STORE_free(store);
-
-            if (!vret) {
-                /* Exclude verified certificate */
-                for (i = 1; i < sk_X509_num(chain2); i++)
-                    sk_X509_push(certs, sk_X509_value(chain2, i));
-                /* Free first certificate */
-                X509_free(sk_X509_value(chain2, 0));
-                sk_X509_free(chain2);
-            } else {
-                if (vret >= 0)
-                    BIO_printf(bio_err, "Error %s getting chain.\n",
-                               X509_verify_cert_error_string(vret));
-                else
-                    ERR_print_errors(bio_err);
-                goto export_end;
-            }
-        }
-
-        /* Add any CA names */
-
-        for (i = 0; i < sk_OPENSSL_STRING_num(canames); i++) {
-            catmp = (unsigned char *)sk_OPENSSL_STRING_value(canames, i);
-            X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
-        }
-
-        if (csp_name && key)
-            EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
-                                      MBSTRING_ASC, (unsigned char *)csp_name,
-                                      -1);
-
-        if (add_lmk && key)
-            EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1);
-
-# ifdef CRYPTO_MDEBUG
-        CRYPTO_pop_info();
-        CRYPTO_push_info("reading password");
-# endif
-
-        if (!noprompt &&
-            EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:",
-                               1)) {
-            BIO_printf(bio_err, "Can't read Password\n");
-            goto export_end;
-        }
-        if (!twopass)
-            BUF_strlcpy(macpass, pass, sizeof macpass);
-
-# ifdef CRYPTO_MDEBUG
-        CRYPTO_pop_info();
-        CRYPTO_push_info("creating PKCS#12 structure");
-# endif
-
-        p12 = PKCS12_create(cpass, name, key, ucert, certs,
-                            key_pbe, cert_pbe, iter, -1, keytype);
-
-        if (!p12) {
-            ERR_print_errors(bio_err);
-            goto export_end;
-        }
-
-        if (macalg) {
-            macmd = EVP_get_digestbyname(macalg);
-            if (!macmd) {
-                BIO_printf(bio_err, "Unknown digest algorithm %s\n", macalg);
-            }
-        }
-
-        if (maciter != -1)
-            PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, macmd);
-
-# ifdef CRYPTO_MDEBUG
-        CRYPTO_pop_info();
-        CRYPTO_push_info("writing pkcs12");
-# endif
-
-        i2d_PKCS12_bio(out, p12);
-
-        ret = 0;
-
- export_end:
-# ifdef CRYPTO_MDEBUG
-        CRYPTO_pop_info();
-        CRYPTO_pop_info();
-        CRYPTO_push_info("process -export_cert: freeing");
-# endif
-
-        if (key)
-            EVP_PKEY_free(key);
-        if (certs)
-            sk_X509_pop_free(certs, X509_free);
-        if (ucert)
-            X509_free(ucert);
-
-# ifdef CRYPTO_MDEBUG
-        CRYPTO_pop_info();
-# endif
-        goto end;
-
-    }
-
-    if (!(p12 = d2i_PKCS12_bio(in, NULL))) {
-        ERR_print_errors(bio_err);
-        goto end;
-    }
-# ifdef CRYPTO_MDEBUG
-    CRYPTO_push_info("read import password");
-# endif
-    if (!noprompt
-        && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:",
-                              0)) {
-        BIO_printf(bio_err, "Can't read Password\n");
-        goto end;
-    }
-# ifdef CRYPTO_MDEBUG
-    CRYPTO_pop_info();
-# endif
-
-    if (!twopass)
-        BUF_strlcpy(macpass, pass, sizeof macpass);
-
-    if ((options & INFO) && p12->mac)
-        BIO_printf(bio_err, "MAC Iteration %ld\n",
-                   p12->mac->iter ? ASN1_INTEGER_get(p12->mac->iter) : 1);
-    if (macver) {
-# ifdef CRYPTO_MDEBUG
-        CRYPTO_push_info("verify MAC");
-# endif
-        /* If we enter empty password try no password first */
-        if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
-            /* If mac and crypto pass the same set it to NULL too */
-            if (!twopass)
-                cpass = NULL;
-        } else if (!PKCS12_verify_mac(p12, mpass, -1)) {
-            BIO_printf(bio_err, "Mac verify error: invalid password?\n");
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-        BIO_printf(bio_err, "MAC verified OK\n");
-# ifdef CRYPTO_MDEBUG
-        CRYPTO_pop_info();
-# endif
-    }
-# ifdef CRYPTO_MDEBUG
-    CRYPTO_push_info("output keys and certificates");
-# endif
-    if (!dump_certs_keys_p12(out, p12, cpass, -1, options, passout)) {
-        BIO_printf(bio_err, "Error outputting keys and certificates\n");
-        ERR_print_errors(bio_err);
-        goto end;
-    }
-# ifdef CRYPTO_MDEBUG
-    CRYPTO_pop_info();
-# endif
-    ret = 0;
- end:
-    if (p12)
-        PKCS12_free(p12);
-    if (export_cert || inrand)
-        app_RAND_write_file(NULL, bio_err);
-# ifdef CRYPTO_MDEBUG
-    CRYPTO_remove_all_info();
-# endif
-    BIO_free(in);
-    BIO_free_all(out);
-    if (canames)
-        sk_OPENSSL_STRING_free(canames);
-    if (passin)
-        OPENSSL_free(passin);
-    if (passout)
-        OPENSSL_free(passout);
-    apps_shutdown();
-    OPENSSL_EXIT(ret);
-}
-
-int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass,
-                        int passlen, int options, char *pempass)
-{
-    STACK_OF(PKCS7) *asafes = NULL;
-    STACK_OF(PKCS12_SAFEBAG) *bags;
-    int i, bagnid;
-    int ret = 0;
-    PKCS7 *p7;
-
-    if (!(asafes = PKCS12_unpack_authsafes(p12)))
-        return 0;
-    for (i = 0; i < sk_PKCS7_num(asafes); i++) {
-        p7 = sk_PKCS7_value(asafes, i);
-        bagnid = OBJ_obj2nid(p7->type);
-        if (bagnid == NID_pkcs7_data) {
-            bags = PKCS12_unpack_p7data(p7);
-            if (options & INFO)
-                BIO_printf(bio_err, "PKCS7 Data\n");
-        } else if (bagnid == NID_pkcs7_encrypted) {
-            if (options & INFO) {
-                BIO_printf(bio_err, "PKCS7 Encrypted data: ");
-                alg_print(bio_err, p7->d.encrypted->enc_data->algorithm);
-            }
-            bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
-        } else
-            continue;
-        if (!bags)
-            goto err;
-        if (!dump_certs_pkeys_bags(out, bags, pass, passlen,
-                                   options, pempass)) {
-            sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-            goto err;
-        }
-        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-        bags = NULL;
-    }
-    ret = 1;
-
- err:
-
-    if (asafes)
-        sk_PKCS7_pop_free(asafes, PKCS7_free);
-    return ret;
-}
-
-int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
-                          char *pass, int passlen, int options, char *pempass)
-{
-    int i;
-    for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
-        if (!dump_certs_pkeys_bag(out,
-                                  sk_PKCS12_SAFEBAG_value(bags, i),
-                                  pass, passlen, options, pempass))
-            return 0;
-    }
-    return 1;
-}
-
-int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
-                         int passlen, int options, char *pempass)
-{
-    EVP_PKEY *pkey;
-    PKCS8_PRIV_KEY_INFO *p8;
-    X509 *x509;
-
-    switch (M_PKCS12_bag_type(bag)) {
-    case NID_keyBag:
-        if (options & INFO)
-            BIO_printf(bio_err, "Key bag\n");
-        if (options & NOKEYS)
-            return 1;
-        print_attribs(out, bag->attrib, "Bag Attributes");
-        p8 = bag->value.keybag;
-        if (!(pkey = EVP_PKCS82PKEY(p8)))
-            return 0;
-        print_attribs(out, p8->attributes, "Key Attributes");
-        PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
-        EVP_PKEY_free(pkey);
-        break;
-
-    case NID_pkcs8ShroudedKeyBag:
-        if (options & INFO) {
-            BIO_printf(bio_err, "Shrouded Keybag: ");
-            alg_print(bio_err, bag->value.shkeybag->algor);
-        }
-        if (options & NOKEYS)
-            return 1;
-        print_attribs(out, bag->attrib, "Bag Attributes");
-        if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
-            return 0;
-        if (!(pkey = EVP_PKCS82PKEY(p8))) {
-            PKCS8_PRIV_KEY_INFO_free(p8);
-            return 0;
-        }
-        print_attribs(out, p8->attributes, "Key Attributes");
-        PKCS8_PRIV_KEY_INFO_free(p8);
-        PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
-        EVP_PKEY_free(pkey);
-        break;
-
-    case NID_certBag:
-        if (options & INFO)
-            BIO_printf(bio_err, "Certificate bag\n");
-        if (options & NOCERTS)
-            return 1;
-        if (PKCS12_get_attr(bag, NID_localKeyID)) {
-            if (options & CACERTS)
-                return 1;
-        } else if (options & CLCERTS)
-            return 1;
-        print_attribs(out, bag->attrib, "Bag Attributes");
-        if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate)
-            return 1;
-        if (!(x509 = PKCS12_certbag2x509(bag)))
-            return 0;
-        dump_cert_text(out, x509);
-        PEM_write_bio_X509(out, x509);
-        X509_free(x509);
-        break;
-
-    case NID_safeContentsBag:
-        if (options & INFO)
-            BIO_printf(bio_err, "Safe Contents bag\n");
-        print_attribs(out, bag->attrib, "Bag Attributes");
-        return dump_certs_pkeys_bags(out, bag->value.safes, pass,
-                                     passlen, options, pempass);
-
-    default:
-        BIO_printf(bio_err, "Warning unsupported bag type: ");
-        i2a_ASN1_OBJECT(bio_err, bag->type);
-        BIO_printf(bio_err, "\n");
-        return 1;
-        break;
-    }
-    return 1;
-}
-
-/* Given a single certificate return a verified chain or NULL if error */
-
-/* Hope this is OK .... */
-
-int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
-{
-    X509_STORE_CTX store_ctx;
-    STACK_OF(X509) *chn;
-    int i = 0;
-
-    /*
-     * FIXME: Should really check the return status of X509_STORE_CTX_init
-     * for an error, but how that fits into the return value of this function
-     * is less obvious.
-     */
-    X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
-    if (X509_verify_cert(&store_ctx) <= 0) {
-        i = X509_STORE_CTX_get_error(&store_ctx);
-        if (i == 0)
-            /*
-             * avoid returning 0 if X509_verify_cert() did not set an
-             * appropriate error value in the context
-             */
-            i = -1;
-        chn = NULL;
-        goto err;
-    } else
-        chn = X509_STORE_CTX_get1_chain(&store_ctx);
- err:
-    X509_STORE_CTX_cleanup(&store_ctx);
-    *chain = chn;
-
-    return i;
-}
-
-int alg_print(BIO *x, X509_ALGOR *alg)
-{
-    PBEPARAM *pbe;
-    const unsigned char *p;
-    p = alg->parameter->value.sequence->data;
-    pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
-    if (!pbe)
-        return 1;
-    BIO_printf(bio_err, "%s, Iteration %ld\n",
-               OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)),
-               ASN1_INTEGER_get(pbe->iter));
-    PBEPARAM_free(pbe);
-    return 1;
-}
-
-/* Load all certificates from a given file */
-
-int cert_load(BIO *in, STACK_OF(X509) *sk)
-{
-    int ret;
-    X509 *cert;
-    ret = 0;
-# ifdef CRYPTO_MDEBUG
-    CRYPTO_push_info("cert_load(): reading one cert");
-# endif
-    while ((cert = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
-# ifdef CRYPTO_MDEBUG
-        CRYPTO_pop_info();
-# endif
-        ret = 1;
-        sk_X509_push(sk, cert);
-# ifdef CRYPTO_MDEBUG
-        CRYPTO_push_info("cert_load(): reading one cert");
-# endif
-    }
-# ifdef CRYPTO_MDEBUG
-    CRYPTO_pop_info();
-# endif
-    if (ret)
-        ERR_clear_error();
-    return ret;
-}
-
-/* Generalised attribute print: handle PKCS#8 and bag attributes */
-
-int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,
-                  const char *name)
-{
-    X509_ATTRIBUTE *attr;
-    ASN1_TYPE *av;
-    char *value;
-    int i, attr_nid;
-    if (!attrlst) {
-        BIO_printf(out, "%s: <No Attributes>\n", name);
-        return 1;
-    }
-    if (!sk_X509_ATTRIBUTE_num(attrlst)) {
-        BIO_printf(out, "%s: <Empty Attributes>\n", name);
-        return 1;
-    }
-    BIO_printf(out, "%s\n", name);
-    for (i = 0; i < sk_X509_ATTRIBUTE_num(attrlst); i++) {
-        attr = sk_X509_ATTRIBUTE_value(attrlst, i);
-        attr_nid = OBJ_obj2nid(attr->object);
-        BIO_printf(out, "    ");
-        if (attr_nid == NID_undef) {
-            i2a_ASN1_OBJECT(out, attr->object);
-            BIO_printf(out, ": ");
-        } else
-            BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid));
-
-        if (sk_ASN1_TYPE_num(attr->value.set)) {
-            av = sk_ASN1_TYPE_value(attr->value.set, 0);
-            switch (av->type) {
-            case V_ASN1_BMPSTRING:
-                value = OPENSSL_uni2asc(av->value.bmpstring->data,
-                                        av->value.bmpstring->length);
-                BIO_printf(out, "%s\n", value);
-                OPENSSL_free(value);
-                break;
-
-            case V_ASN1_OCTET_STRING:
-                hex_prin(out, av->value.octet_string->data,
-                         av->value.octet_string->length);
-                BIO_printf(out, "\n");
-                break;
-
-            case V_ASN1_BIT_STRING:
-                hex_prin(out, av->value.bit_string->data,
-                         av->value.bit_string->length);
-                BIO_printf(out, "\n");
-                break;
-
-            default:
-                BIO_printf(out, "<Unsupported tag %d>\n", av->type);
-                break;
-            }
-        } else
-            BIO_printf(out, "<No Values>\n");
-    }
-    return 1;
-}
-
-void hex_prin(BIO *out, unsigned char *buf, int len)
-{
-    int i;
-    for (i = 0; i < len; i++)
-        BIO_printf(out, "%02X ", buf[i]);
-}
-
-static int set_pbe(BIO *err, int *ppbe, const char *str)
-{
-    if (!str)
-        return 0;
-    if (!strcmp(str, "NONE")) {
-        *ppbe = -1;
-        return 1;
-    }
-    *ppbe = OBJ_txt2nid(str);
-    if (*ppbe == NID_undef) {
-        BIO_printf(bio_err, "Unknown PBE algorithm %s\n", str);
-        return 0;
-    }
-    return 1;
-}
-
-#endif

Copied: vendor-crypto/openssl/1.0.1u/apps/pkcs12.c (from rev 11605, vendor-crypto/openssl/dist/apps/pkcs12.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/apps/pkcs12.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/apps/pkcs12.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,1058 @@
+/* pkcs12.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <openssl/opensslconf.h>
+#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+# include "apps.h"
+# include <openssl/crypto.h>
+# include <openssl/err.h>
+# include <openssl/pem.h>
+# include <openssl/pkcs12.h>
+
+# define PROG pkcs12_main
+
+const EVP_CIPHER *enc;
+
+# define NOKEYS          0x1
+# define NOCERTS         0x2
+# define INFO            0x4
+# define CLCERTS         0x8
+# define CACERTS         0x10
+
+static int get_cert_chain(X509 *cert, X509_STORE *store,
+                          STACK_OF(X509) **chain);
+int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen,
+                        int options, char *pempass);
+int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
+                          char *pass, int passlen, int options,
+                          char *pempass);
+int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass,
+                         int passlen, int options, char *pempass);
+int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,
+                  const char *name);
+void hex_prin(BIO *out, unsigned char *buf, int len);
+int alg_print(BIO *x, X509_ALGOR *alg);
+int cert_load(BIO *in, STACK_OF(X509) *sk);
+static int set_pbe(BIO *err, int *ppbe, const char *str);
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+    ENGINE *e = NULL;
+    char *infile = NULL, *outfile = NULL, *keyname = NULL;
+    char *certfile = NULL;
+    BIO *in = NULL, *out = NULL;
+    char **args;
+    char *name = NULL;
+    char *csp_name = NULL;
+    int add_lmk = 0;
+    PKCS12 *p12 = NULL;
+    char pass[50], macpass[50];
+    int export_cert = 0;
+    int options = 0;
+    int chain = 0;
+    int badarg = 0;
+    int iter = PKCS12_DEFAULT_ITER;
+    int maciter = PKCS12_DEFAULT_ITER;
+    int twopass = 0;
+    int keytype = 0;
+    int cert_pbe;
+    int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+    int ret = 1;
+    int macver = 1;
+    int noprompt = 0;
+    STACK_OF(OPENSSL_STRING) *canames = NULL;
+    char *cpass = NULL, *mpass = NULL;
+    char *passargin = NULL, *passargout = NULL, *passarg = NULL;
+    char *passin = NULL, *passout = NULL;
+    char *inrand = NULL;
+    char *macalg = NULL;
+    char *CApath = NULL, *CAfile = NULL;
+# ifndef OPENSSL_NO_ENGINE
+    char *engine = NULL;
+# endif
+
+    apps_startup();
+
+    enc = EVP_des_ede3_cbc();
+    if (bio_err == NULL)
+        bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+    if (!load_config(bio_err, NULL))
+        goto end;
+
+# ifdef OPENSSL_FIPS
+    if (FIPS_mode())
+        cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+    else
+# endif
+        cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
+
+    args = argv + 1;
+
+    while (*args) {
+        if (*args[0] == '-') {
+            if (!strcmp(*args, "-nokeys"))
+                options |= NOKEYS;
+            else if (!strcmp(*args, "-keyex"))
+                keytype = KEY_EX;
+            else if (!strcmp(*args, "-keysig"))
+                keytype = KEY_SIG;
+            else if (!strcmp(*args, "-nocerts"))
+                options |= NOCERTS;
+            else if (!strcmp(*args, "-clcerts"))
+                options |= CLCERTS;
+            else if (!strcmp(*args, "-cacerts"))
+                options |= CACERTS;
+            else if (!strcmp(*args, "-noout"))
+                options |= (NOKEYS | NOCERTS);
+            else if (!strcmp(*args, "-info"))
+                options |= INFO;
+            else if (!strcmp(*args, "-chain"))
+                chain = 1;
+            else if (!strcmp(*args, "-twopass"))
+                twopass = 1;
+            else if (!strcmp(*args, "-nomacver"))
+                macver = 0;
+            else if (!strcmp(*args, "-descert"))
+                cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+            else if (!strcmp(*args, "-export"))
+                export_cert = 1;
+            else if (!strcmp(*args, "-des"))
+                enc = EVP_des_cbc();
+            else if (!strcmp(*args, "-des3"))
+                enc = EVP_des_ede3_cbc();
+# ifndef OPENSSL_NO_IDEA
+            else if (!strcmp(*args, "-idea"))
+                enc = EVP_idea_cbc();
+# endif
+# ifndef OPENSSL_NO_SEED
+            else if (!strcmp(*args, "-seed"))
+                enc = EVP_seed_cbc();
+# endif
+# ifndef OPENSSL_NO_AES
+            else if (!strcmp(*args, "-aes128"))
+                enc = EVP_aes_128_cbc();
+            else if (!strcmp(*args, "-aes192"))
+                enc = EVP_aes_192_cbc();
+            else if (!strcmp(*args, "-aes256"))
+                enc = EVP_aes_256_cbc();
+# endif
+# ifndef OPENSSL_NO_CAMELLIA
+            else if (!strcmp(*args, "-camellia128"))
+                enc = EVP_camellia_128_cbc();
+            else if (!strcmp(*args, "-camellia192"))
+                enc = EVP_camellia_192_cbc();
+            else if (!strcmp(*args, "-camellia256"))
+                enc = EVP_camellia_256_cbc();
+# endif
+            else if (!strcmp(*args, "-noiter"))
+                iter = 1;
+            else if (!strcmp(*args, "-maciter"))
+                maciter = PKCS12_DEFAULT_ITER;
+            else if (!strcmp(*args, "-nomaciter"))
+                maciter = 1;
+            else if (!strcmp(*args, "-nomac"))
+                maciter = -1;
+            else if (!strcmp(*args, "-macalg"))
+                if (args[1]) {
+                    args++;
+                    macalg = *args;
+                } else
+                    badarg = 1;
+            else if (!strcmp(*args, "-nodes"))
+                enc = NULL;
+            else if (!strcmp(*args, "-certpbe")) {
+                if (!set_pbe(bio_err, &cert_pbe, *++args))
+                    badarg = 1;
+            } else if (!strcmp(*args, "-keypbe")) {
+                if (!set_pbe(bio_err, &key_pbe, *++args))
+                    badarg = 1;
+            } else if (!strcmp(*args, "-rand")) {
+                if (args[1]) {
+                    args++;
+                    inrand = *args;
+                } else
+                    badarg = 1;
+            } else if (!strcmp(*args, "-inkey")) {
+                if (args[1]) {
+                    args++;
+                    keyname = *args;
+                } else
+                    badarg = 1;
+            } else if (!strcmp(*args, "-certfile")) {
+                if (args[1]) {
+                    args++;
+                    certfile = *args;
+                } else
+                    badarg = 1;
+            } else if (!strcmp(*args, "-name")) {
+                if (args[1]) {
+                    args++;
+                    name = *args;
+                } else
+                    badarg = 1;
+            } else if (!strcmp(*args, "-LMK"))
+                add_lmk = 1;
+            else if (!strcmp(*args, "-CSP")) {
+                if (args[1]) {
+                    args++;
+                    csp_name = *args;
+                } else
+                    badarg = 1;
+            } else if (!strcmp(*args, "-caname")) {
+                if (args[1]) {
+                    args++;
+                    if (!canames)
+                        canames = sk_OPENSSL_STRING_new_null();
+                    sk_OPENSSL_STRING_push(canames, *args);
+                } else
+                    badarg = 1;
+            } else if (!strcmp(*args, "-in")) {
+                if (args[1]) {
+                    args++;
+                    infile = *args;
+                } else
+                    badarg = 1;
+            } else if (!strcmp(*args, "-out")) {
+                if (args[1]) {
+                    args++;
+                    outfile = *args;
+                } else
+                    badarg = 1;
+            } else if (!strcmp(*args, "-passin")) {
+                if (args[1]) {
+                    args++;
+                    passargin = *args;
+                } else
+                    badarg = 1;
+            } else if (!strcmp(*args, "-passout")) {
+                if (args[1]) {
+                    args++;
+                    passargout = *args;
+                } else
+                    badarg = 1;
+            } else if (!strcmp(*args, "-password")) {
+                if (args[1]) {
+                    args++;
+                    passarg = *args;
+                    noprompt = 1;
+                } else
+                    badarg = 1;
+            } else if (!strcmp(*args, "-CApath")) {
+                if (args[1]) {
+                    args++;
+                    CApath = *args;
+                } else
+                    badarg = 1;
+            } else if (!strcmp(*args, "-CAfile")) {
+                if (args[1]) {
+                    args++;
+                    CAfile = *args;
+                } else
+                    badarg = 1;
+# ifndef OPENSSL_NO_ENGINE
+            } else if (!strcmp(*args, "-engine")) {
+                if (args[1]) {
+                    args++;
+                    engine = *args;
+                } else
+                    badarg = 1;
+# endif
+            } else
+                badarg = 1;
+
+        } else
+            badarg = 1;
+        args++;
+    }
+
+    if (badarg) {
+        BIO_printf(bio_err, "Usage: pkcs12 [options]\n");
+        BIO_printf(bio_err, "where options are\n");
+        BIO_printf(bio_err, "-export       output PKCS12 file\n");
+        BIO_printf(bio_err, "-chain        add certificate chain\n");
+        BIO_printf(bio_err, "-inkey file   private key if not infile\n");
+        BIO_printf(bio_err, "-certfile f   add all certs in f\n");
+        BIO_printf(bio_err, "-CApath arg   - PEM format directory of CA's\n");
+        BIO_printf(bio_err, "-CAfile arg   - PEM format file of CA's\n");
+        BIO_printf(bio_err, "-name \"name\"  use name as friendly name\n");
+        BIO_printf(bio_err,
+                   "-caname \"nm\"  use nm as CA friendly name (can be used more than once).\n");
+        BIO_printf(bio_err, "-in  infile   input filename\n");
+        BIO_printf(bio_err, "-out outfile  output filename\n");
+        BIO_printf(bio_err,
+                   "-noout        don't output anything, just verify.\n");
+        BIO_printf(bio_err, "-nomacver     don't verify MAC.\n");
+        BIO_printf(bio_err, "-nocerts      don't output certificates.\n");
+        BIO_printf(bio_err,
+                   "-clcerts      only output client certificates.\n");
+        BIO_printf(bio_err, "-cacerts      only output CA certificates.\n");
+        BIO_printf(bio_err, "-nokeys       don't output private keys.\n");
+        BIO_printf(bio_err,
+                   "-info         give info about PKCS#12 structure.\n");
+        BIO_printf(bio_err, "-des          encrypt private keys with DES\n");
+        BIO_printf(bio_err,
+                   "-des3         encrypt private keys with triple DES (default)\n");
+# ifndef OPENSSL_NO_IDEA
+        BIO_printf(bio_err, "-idea         encrypt private keys with idea\n");
+# endif
+# ifndef OPENSSL_NO_SEED
+        BIO_printf(bio_err, "-seed         encrypt private keys with seed\n");
+# endif
+# ifndef OPENSSL_NO_AES
+        BIO_printf(bio_err, "-aes128, -aes192, -aes256\n");
+        BIO_printf(bio_err,
+                   "              encrypt PEM output with cbc aes\n");
+# endif
+# ifndef OPENSSL_NO_CAMELLIA
+        BIO_printf(bio_err, "-camellia128, -camellia192, -camellia256\n");
+        BIO_printf(bio_err,
+                   "              encrypt PEM output with cbc camellia\n");
+# endif
+        BIO_printf(bio_err, "-nodes        don't encrypt private keys\n");
+        BIO_printf(bio_err, "-noiter       don't use encryption iteration\n");
+        BIO_printf(bio_err, "-nomaciter    don't use MAC iteration\n");
+        BIO_printf(bio_err, "-maciter      use MAC iteration\n");
+        BIO_printf(bio_err, "-nomac        don't generate MAC\n");
+        BIO_printf(bio_err,
+                   "-twopass      separate MAC, encryption passwords\n");
+        BIO_printf(bio_err,
+                   "-descert      encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
+        BIO_printf(bio_err,
+                   "-certpbe alg  specify certificate PBE algorithm (default RC2-40)\n");
+        BIO_printf(bio_err,
+                   "-keypbe alg   specify private key PBE algorithm (default 3DES)\n");
+        BIO_printf(bio_err,
+                   "-macalg alg   digest algorithm used in MAC (default SHA1)\n");
+        BIO_printf(bio_err, "-keyex        set MS key exchange type\n");
+        BIO_printf(bio_err, "-keysig       set MS key signature type\n");
+        BIO_printf(bio_err,
+                   "-password p   set import/export password source\n");
+        BIO_printf(bio_err, "-passin p     input file pass phrase source\n");
+        BIO_printf(bio_err, "-passout p    output file pass phrase source\n");
+# ifndef OPENSSL_NO_ENGINE
+        BIO_printf(bio_err,
+                   "-engine e     use engine e, possibly a hardware device.\n");
+# endif
+        BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
+                   LIST_SEPARATOR_CHAR);
+        BIO_printf(bio_err,
+                   "              load the file (or the files in the directory) into\n");
+        BIO_printf(bio_err, "              the random number generator\n");
+        BIO_printf(bio_err, "-CSP name     Microsoft CSP name\n");
+        BIO_printf(bio_err,
+                   "-LMK          Add local machine keyset attribute to private key\n");
+        goto end;
+    }
+# ifndef OPENSSL_NO_ENGINE
+    e = setup_engine(bio_err, engine, 0);
+# endif
+
+    if (passarg) {
+        if (export_cert)
+            passargout = passarg;
+        else
+            passargin = passarg;
+    }
+
+    if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+        BIO_printf(bio_err, "Error getting passwords\n");
+        goto end;
+    }
+
+    if (!cpass) {
+        if (export_cert)
+            cpass = passout;
+        else
+            cpass = passin;
+    }
+
+    if (cpass) {
+        mpass = cpass;
+        noprompt = 1;
+    } else {
+        cpass = pass;
+        mpass = macpass;
+    }
+
+    if (export_cert || inrand) {
+        app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+        if (inrand != NULL)
+            BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+                       app_RAND_load_files(inrand));
+    }
+    ERR_load_crypto_strings();
+
+# ifdef CRYPTO_MDEBUG
+    CRYPTO_push_info("read files");
+# endif
+
+    if (!infile)
+        in = BIO_new_fp(stdin, BIO_NOCLOSE);
+    else
+        in = BIO_new_file(infile, "rb");
+    if (!in) {
+        BIO_printf(bio_err, "Error opening input file %s\n",
+                   infile ? infile : "<stdin>");
+        perror(infile);
+        goto end;
+    }
+# ifdef CRYPTO_MDEBUG
+    CRYPTO_pop_info();
+    CRYPTO_push_info("write files");
+# endif
+
+    if (!outfile) {
+        out = BIO_new_fp(stdout, BIO_NOCLOSE);
+# ifdef OPENSSL_SYS_VMS
+        {
+            BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+            out = BIO_push(tmpbio, out);
+        }
+# endif
+    } else
+        out = BIO_new_file(outfile, "wb");
+    if (!out) {
+        BIO_printf(bio_err, "Error opening output file %s\n",
+                   outfile ? outfile : "<stdout>");
+        perror(outfile);
+        goto end;
+    }
+    if (twopass) {
+# ifdef CRYPTO_MDEBUG
+        CRYPTO_push_info("read MAC password");
+# endif
+        if (EVP_read_pw_string
+            (macpass, sizeof macpass, "Enter MAC Password:", export_cert)) {
+            BIO_printf(bio_err, "Can't read Password\n");
+            goto end;
+        }
+# ifdef CRYPTO_MDEBUG
+        CRYPTO_pop_info();
+# endif
+    }
+
+    if (export_cert) {
+        EVP_PKEY *key = NULL;
+        X509 *ucert = NULL, *x = NULL;
+        STACK_OF(X509) *certs = NULL;
+        const EVP_MD *macmd = NULL;
+        unsigned char *catmp = NULL;
+        int i;
+
+        if ((options & (NOCERTS | NOKEYS)) == (NOCERTS | NOKEYS)) {
+            BIO_printf(bio_err, "Nothing to do!\n");
+            goto export_end;
+        }
+
+        if (options & NOCERTS)
+            chain = 0;
+
+# ifdef CRYPTO_MDEBUG
+        CRYPTO_push_info("process -export_cert");
+        CRYPTO_push_info("reading private key");
+# endif
+        if (!(options & NOKEYS)) {
+            key = load_key(bio_err, keyname ? keyname : infile,
+                           FORMAT_PEM, 1, passin, e, "private key");
+            if (!key)
+                goto export_end;
+        }
+# ifdef CRYPTO_MDEBUG
+        CRYPTO_pop_info();
+        CRYPTO_push_info("reading certs from input");
+# endif
+
+        /* Load in all certs in input file */
+        if (!(options & NOCERTS)) {
+            certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e,
+                               "certificates");
+            if (!certs)
+                goto export_end;
+
+            if (key) {
+                /* Look for matching private key */
+                for (i = 0; i < sk_X509_num(certs); i++) {
+                    x = sk_X509_value(certs, i);
+                    if (X509_check_private_key(x, key)) {
+                        ucert = x;
+                        /* Zero keyid and alias */
+                        X509_keyid_set1(ucert, NULL, 0);
+                        X509_alias_set1(ucert, NULL, 0);
+                        /* Remove from list */
+                        (void)sk_X509_delete(certs, i);
+                        break;
+                    }
+                }
+                if (!ucert) {
+                    BIO_printf(bio_err,
+                               "No certificate matches private key\n");
+                    goto export_end;
+                }
+            }
+
+        }
+# ifdef CRYPTO_MDEBUG
+        CRYPTO_pop_info();
+        CRYPTO_push_info("reading certs from input 2");
+# endif
+
+        /* Add any more certificates asked for */
+        if (certfile) {
+            STACK_OF(X509) *morecerts = NULL;
+            if (!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM,
+                                         NULL, e,
+                                         "certificates from certfile")))
+                goto export_end;
+            while (sk_X509_num(morecerts) > 0)
+                sk_X509_push(certs, sk_X509_shift(morecerts));
+            sk_X509_free(morecerts);
+        }
+# ifdef CRYPTO_MDEBUG
+        CRYPTO_pop_info();
+        CRYPTO_push_info("reading certs from certfile");
+# endif
+
+# ifdef CRYPTO_MDEBUG
+        CRYPTO_pop_info();
+        CRYPTO_push_info("building chain");
+# endif
+
+        /* If chaining get chain from user cert */
+        if (chain) {
+            int vret;
+            STACK_OF(X509) *chain2;
+            X509_STORE *store = X509_STORE_new();
+            if (!store) {
+                BIO_printf(bio_err, "Memory allocation error\n");
+                goto export_end;
+            }
+            if (!X509_STORE_load_locations(store, CAfile, CApath))
+                X509_STORE_set_default_paths(store);
+
+            vret = get_cert_chain(ucert, store, &chain2);
+            X509_STORE_free(store);
+
+            if (vret == X509_V_OK) {
+                /* Exclude verified certificate */
+                for (i = 1; i < sk_X509_num(chain2); i++)
+                    sk_X509_push(certs, sk_X509_value(chain2, i));
+                /* Free first certificate */
+                X509_free(sk_X509_value(chain2, 0));
+                sk_X509_free(chain2);
+            } else {
+                if (vret != X509_V_ERR_UNSPECIFIED)
+                    BIO_printf(bio_err, "Error %s getting chain.\n",
+                               X509_verify_cert_error_string(vret));
+                else
+                    ERR_print_errors(bio_err);
+                goto export_end;
+            }
+        }
+
+        /* Add any CA names */
+
+        for (i = 0; i < sk_OPENSSL_STRING_num(canames); i++) {
+            catmp = (unsigned char *)sk_OPENSSL_STRING_value(canames, i);
+            X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
+        }
+
+        if (csp_name && key)
+            EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
+                                      MBSTRING_ASC, (unsigned char *)csp_name,
+                                      -1);
+
+        if (add_lmk && key)
+            EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1);
+
+# ifdef CRYPTO_MDEBUG
+        CRYPTO_pop_info();
+        CRYPTO_push_info("reading password");
+# endif
+
+        if (!noprompt &&
+            EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:",
+                               1)) {
+            BIO_printf(bio_err, "Can't read Password\n");
+            goto export_end;
+        }
+        if (!twopass)
+            BUF_strlcpy(macpass, pass, sizeof macpass);
+
+# ifdef CRYPTO_MDEBUG
+        CRYPTO_pop_info();
+        CRYPTO_push_info("creating PKCS#12 structure");
+# endif
+
+        p12 = PKCS12_create(cpass, name, key, ucert, certs,
+                            key_pbe, cert_pbe, iter, -1, keytype);
+
+        if (!p12) {
+            ERR_print_errors(bio_err);
+            goto export_end;
+        }
+
+        if (macalg) {
+            macmd = EVP_get_digestbyname(macalg);
+            if (!macmd) {
+                BIO_printf(bio_err, "Unknown digest algorithm %s\n", macalg);
+            }
+        }
+
+        if (maciter != -1)
+            PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, macmd);
+
+# ifdef CRYPTO_MDEBUG
+        CRYPTO_pop_info();
+        CRYPTO_push_info("writing pkcs12");
+# endif
+
+        i2d_PKCS12_bio(out, p12);
+
+        ret = 0;
+
+ export_end:
+# ifdef CRYPTO_MDEBUG
+        CRYPTO_pop_info();
+        CRYPTO_pop_info();
+        CRYPTO_push_info("process -export_cert: freeing");
+# endif
+
+        if (key)
+            EVP_PKEY_free(key);
+        if (certs)
+            sk_X509_pop_free(certs, X509_free);
+        if (ucert)
+            X509_free(ucert);
+
+# ifdef CRYPTO_MDEBUG
+        CRYPTO_pop_info();
+# endif
+        goto end;
+
+    }
+
+    if (!(p12 = d2i_PKCS12_bio(in, NULL))) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+# ifdef CRYPTO_MDEBUG
+    CRYPTO_push_info("read import password");
+# endif
+    if (!noprompt
+        && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:",
+                              0)) {
+        BIO_printf(bio_err, "Can't read Password\n");
+        goto end;
+    }
+# ifdef CRYPTO_MDEBUG
+    CRYPTO_pop_info();
+# endif
+
+    if (!twopass)
+        BUF_strlcpy(macpass, pass, sizeof macpass);
+
+    if ((options & INFO) && p12->mac)
+        BIO_printf(bio_err, "MAC Iteration %ld\n",
+                   p12->mac->iter ? ASN1_INTEGER_get(p12->mac->iter) : 1);
+    if (macver) {
+# ifdef CRYPTO_MDEBUG
+        CRYPTO_push_info("verify MAC");
+# endif
+        /* If we enter empty password try no password first */
+        if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
+            /* If mac and crypto pass the same set it to NULL too */
+            if (!twopass)
+                cpass = NULL;
+        } else if (!PKCS12_verify_mac(p12, mpass, -1)) {
+            BIO_printf(bio_err, "Mac verify error: invalid password?\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        BIO_printf(bio_err, "MAC verified OK\n");
+# ifdef CRYPTO_MDEBUG
+        CRYPTO_pop_info();
+# endif
+    }
+# ifdef CRYPTO_MDEBUG
+    CRYPTO_push_info("output keys and certificates");
+# endif
+    if (!dump_certs_keys_p12(out, p12, cpass, -1, options, passout)) {
+        BIO_printf(bio_err, "Error outputting keys and certificates\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+# ifdef CRYPTO_MDEBUG
+    CRYPTO_pop_info();
+# endif
+    ret = 0;
+ end:
+    if (p12)
+        PKCS12_free(p12);
+    if (export_cert || inrand)
+        app_RAND_write_file(NULL, bio_err);
+# ifdef CRYPTO_MDEBUG
+    CRYPTO_remove_all_info();
+# endif
+    BIO_free(in);
+    BIO_free_all(out);
+    if (canames)
+        sk_OPENSSL_STRING_free(canames);
+    if (passin)
+        OPENSSL_free(passin);
+    if (passout)
+        OPENSSL_free(passout);
+    apps_shutdown();
+    OPENSSL_EXIT(ret);
+}
+
+int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass,
+                        int passlen, int options, char *pempass)
+{
+    STACK_OF(PKCS7) *asafes = NULL;
+    STACK_OF(PKCS12_SAFEBAG) *bags;
+    int i, bagnid;
+    int ret = 0;
+    PKCS7 *p7;
+
+    if (!(asafes = PKCS12_unpack_authsafes(p12)))
+        return 0;
+    for (i = 0; i < sk_PKCS7_num(asafes); i++) {
+        p7 = sk_PKCS7_value(asafes, i);
+        bagnid = OBJ_obj2nid(p7->type);
+        if (bagnid == NID_pkcs7_data) {
+            bags = PKCS12_unpack_p7data(p7);
+            if (options & INFO)
+                BIO_printf(bio_err, "PKCS7 Data\n");
+        } else if (bagnid == NID_pkcs7_encrypted) {
+            if (options & INFO) {
+                BIO_printf(bio_err, "PKCS7 Encrypted data: ");
+                alg_print(bio_err, p7->d.encrypted->enc_data->algorithm);
+            }
+            bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
+        } else
+            continue;
+        if (!bags)
+            goto err;
+        if (!dump_certs_pkeys_bags(out, bags, pass, passlen,
+                                   options, pempass)) {
+            sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+            goto err;
+        }
+        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+        bags = NULL;
+    }
+    ret = 1;
+
+ err:
+
+    if (asafes)
+        sk_PKCS7_pop_free(asafes, PKCS7_free);
+    return ret;
+}
+
+int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
+                          char *pass, int passlen, int options, char *pempass)
+{
+    int i;
+    for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
+        if (!dump_certs_pkeys_bag(out,
+                                  sk_PKCS12_SAFEBAG_value(bags, i),
+                                  pass, passlen, options, pempass))
+            return 0;
+    }
+    return 1;
+}
+
+int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
+                         int passlen, int options, char *pempass)
+{
+    EVP_PKEY *pkey;
+    PKCS8_PRIV_KEY_INFO *p8;
+    X509 *x509;
+
+    switch (M_PKCS12_bag_type(bag)) {
+    case NID_keyBag:
+        if (options & INFO)
+            BIO_printf(bio_err, "Key bag\n");
+        if (options & NOKEYS)
+            return 1;
+        print_attribs(out, bag->attrib, "Bag Attributes");
+        p8 = bag->value.keybag;
+        if (!(pkey = EVP_PKCS82PKEY(p8)))
+            return 0;
+        print_attribs(out, p8->attributes, "Key Attributes");
+        PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
+        EVP_PKEY_free(pkey);
+        break;
+
+    case NID_pkcs8ShroudedKeyBag:
+        if (options & INFO) {
+            BIO_printf(bio_err, "Shrouded Keybag: ");
+            alg_print(bio_err, bag->value.shkeybag->algor);
+        }
+        if (options & NOKEYS)
+            return 1;
+        print_attribs(out, bag->attrib, "Bag Attributes");
+        if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
+            return 0;
+        if (!(pkey = EVP_PKCS82PKEY(p8))) {
+            PKCS8_PRIV_KEY_INFO_free(p8);
+            return 0;
+        }
+        print_attribs(out, p8->attributes, "Key Attributes");
+        PKCS8_PRIV_KEY_INFO_free(p8);
+        PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
+        EVP_PKEY_free(pkey);
+        break;
+
+    case NID_certBag:
+        if (options & INFO)
+            BIO_printf(bio_err, "Certificate bag\n");
+        if (options & NOCERTS)
+            return 1;
+        if (PKCS12_get_attr(bag, NID_localKeyID)) {
+            if (options & CACERTS)
+                return 1;
+        } else if (options & CLCERTS)
+            return 1;
+        print_attribs(out, bag->attrib, "Bag Attributes");
+        if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate)
+            return 1;
+        if (!(x509 = PKCS12_certbag2x509(bag)))
+            return 0;
+        dump_cert_text(out, x509);
+        PEM_write_bio_X509(out, x509);
+        X509_free(x509);
+        break;
+
+    case NID_safeContentsBag:
+        if (options & INFO)
+            BIO_printf(bio_err, "Safe Contents bag\n");
+        print_attribs(out, bag->attrib, "Bag Attributes");
+        return dump_certs_pkeys_bags(out, bag->value.safes, pass,
+                                     passlen, options, pempass);
+
+    default:
+        BIO_printf(bio_err, "Warning unsupported bag type: ");
+        i2a_ASN1_OBJECT(bio_err, bag->type);
+        BIO_printf(bio_err, "\n");
+        return 1;
+        break;
+    }
+    return 1;
+}
+
+/* Given a single certificate return a verified chain or NULL if error */
+
+static int get_cert_chain(X509 *cert, X509_STORE *store,
+                          STACK_OF(X509) **chain)
+{
+    X509_STORE_CTX store_ctx;
+    STACK_OF(X509) *chn = NULL;
+    int i = 0;
+
+    if (!X509_STORE_CTX_init(&store_ctx, store, cert, NULL)) {
+        *chain = NULL;
+        return X509_V_ERR_UNSPECIFIED;
+    }
+
+    if (X509_verify_cert(&store_ctx) > 0)
+        chn = X509_STORE_CTX_get1_chain(&store_ctx);
+    else if ((i = X509_STORE_CTX_get_error(&store_ctx)) == 0)
+        i = X509_V_ERR_UNSPECIFIED;
+
+    X509_STORE_CTX_cleanup(&store_ctx);
+    *chain = chn;
+    return i;
+}
+
+int alg_print(BIO *x, X509_ALGOR *alg)
+{
+    PBEPARAM *pbe;
+    const unsigned char *p;
+    p = alg->parameter->value.sequence->data;
+    pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
+    if (!pbe)
+        return 1;
+    BIO_printf(bio_err, "%s, Iteration %ld\n",
+               OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)),
+               ASN1_INTEGER_get(pbe->iter));
+    PBEPARAM_free(pbe);
+    return 1;
+}
+
+/* Load all certificates from a given file */
+
+int cert_load(BIO *in, STACK_OF(X509) *sk)
+{
+    int ret;
+    X509 *cert;
+    ret = 0;
+# ifdef CRYPTO_MDEBUG
+    CRYPTO_push_info("cert_load(): reading one cert");
+# endif
+    while ((cert = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
+# ifdef CRYPTO_MDEBUG
+        CRYPTO_pop_info();
+# endif
+        ret = 1;
+        sk_X509_push(sk, cert);
+# ifdef CRYPTO_MDEBUG
+        CRYPTO_push_info("cert_load(): reading one cert");
+# endif
+    }
+# ifdef CRYPTO_MDEBUG
+    CRYPTO_pop_info();
+# endif
+    if (ret)
+        ERR_clear_error();
+    return ret;
+}
+
+/* Generalised attribute print: handle PKCS#8 and bag attributes */
+
+int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,
+                  const char *name)
+{
+    X509_ATTRIBUTE *attr;
+    ASN1_TYPE *av;
+    char *value;
+    int i, attr_nid;
+    if (!attrlst) {
+        BIO_printf(out, "%s: <No Attributes>\n", name);
+        return 1;
+    }
+    if (!sk_X509_ATTRIBUTE_num(attrlst)) {
+        BIO_printf(out, "%s: <Empty Attributes>\n", name);
+        return 1;
+    }
+    BIO_printf(out, "%s\n", name);
+    for (i = 0; i < sk_X509_ATTRIBUTE_num(attrlst); i++) {
+        attr = sk_X509_ATTRIBUTE_value(attrlst, i);
+        attr_nid = OBJ_obj2nid(attr->object);
+        BIO_printf(out, "    ");
+        if (attr_nid == NID_undef) {
+            i2a_ASN1_OBJECT(out, attr->object);
+            BIO_printf(out, ": ");
+        } else
+            BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid));
+
+        if (sk_ASN1_TYPE_num(attr->value.set)) {
+            av = sk_ASN1_TYPE_value(attr->value.set, 0);
+            switch (av->type) {
+            case V_ASN1_BMPSTRING:
+                value = OPENSSL_uni2asc(av->value.bmpstring->data,
+                                        av->value.bmpstring->length);
+                BIO_printf(out, "%s\n", value);
+                OPENSSL_free(value);
+                break;
+
+            case V_ASN1_OCTET_STRING:
+                hex_prin(out, av->value.octet_string->data,
+                         av->value.octet_string->length);
+                BIO_printf(out, "\n");
+                break;
+
+            case V_ASN1_BIT_STRING:
+                hex_prin(out, av->value.bit_string->data,
+                         av->value.bit_string->length);
+                BIO_printf(out, "\n");
+                break;
+
+            default:
+                BIO_printf(out, "<Unsupported tag %d>\n", av->type);
+                break;
+            }
+        } else
+            BIO_printf(out, "<No Values>\n");
+    }
+    return 1;
+}
+
+void hex_prin(BIO *out, unsigned char *buf, int len)
+{
+    int i;
+    for (i = 0; i < len; i++)
+        BIO_printf(out, "%02X ", buf[i]);
+}
+
+static int set_pbe(BIO *err, int *ppbe, const char *str)
+{
+    if (!str)
+        return 0;
+    if (!strcmp(str, "NONE")) {
+        *ppbe = -1;
+        return 1;
+    }
+    *ppbe = OBJ_txt2nid(str);
+    if (*ppbe == NID_undef) {
+        BIO_printf(bio_err, "Unknown PBE algorithm %s\n", str);
+        return 0;
+    }
+    return 1;
+}
+
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/apps/pkcs7.c
===================================================================
--- vendor-crypto/openssl/dist/apps/pkcs7.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/apps/pkcs7.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,308 +0,0 @@
-/* apps/pkcs7.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "apps.h"
-#include <openssl/err.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pkcs7.h>
-#include <openssl/pem.h>
-
-#undef PROG
-#define PROG    pkcs7_main
-
-/*-
- * -inform arg  - input format - default PEM (DER or PEM)
- * -outform arg - output format - default PEM
- * -in arg      - input file - default stdin
- * -out arg     - output file - default stdout
- * -print_certs
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-{
-    PKCS7 *p7 = NULL;
-    int i, badops = 0;
-    BIO *in = NULL, *out = NULL;
-    int informat, outformat;
-    char *infile, *outfile, *prog;
-    int print_certs = 0, text = 0, noout = 0, p7_print = 0;
-    int ret = 1;
-#ifndef OPENSSL_NO_ENGINE
-    char *engine = NULL;
-#endif
-
-    apps_startup();
-
-    if (bio_err == NULL)
-        if ((bio_err = BIO_new(BIO_s_file())) != NULL)
-            BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
-
-    if (!load_config(bio_err, NULL))
-        goto end;
-
-    infile = NULL;
-    outfile = NULL;
-    informat = FORMAT_PEM;
-    outformat = FORMAT_PEM;
-
-    prog = argv[0];
-    argc--;
-    argv++;
-    while (argc >= 1) {
-        if (strcmp(*argv, "-inform") == 0) {
-            if (--argc < 1)
-                goto bad;
-            informat = str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-outform") == 0) {
-            if (--argc < 1)
-                goto bad;
-            outformat = str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-in") == 0) {
-            if (--argc < 1)
-                goto bad;
-            infile = *(++argv);
-        } else if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
-            outfile = *(++argv);
-        } else if (strcmp(*argv, "-noout") == 0)
-            noout = 1;
-        else if (strcmp(*argv, "-text") == 0)
-            text = 1;
-        else if (strcmp(*argv, "-print") == 0)
-            p7_print = 1;
-        else if (strcmp(*argv, "-print_certs") == 0)
-            print_certs = 1;
-#ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*argv, "-engine") == 0) {
-            if (--argc < 1)
-                goto bad;
-            engine = *(++argv);
-        }
-#endif
-        else {
-            BIO_printf(bio_err, "unknown option %s\n", *argv);
-            badops = 1;
-            break;
-        }
-        argc--;
-        argv++;
-    }
-
-    if (badops) {
- bad:
-        BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
-        BIO_printf(bio_err, "where options are\n");
-        BIO_printf(bio_err, " -inform arg   input format - DER or PEM\n");
-        BIO_printf(bio_err, " -outform arg  output format - DER or PEM\n");
-        BIO_printf(bio_err, " -in arg       input file\n");
-        BIO_printf(bio_err, " -out arg      output file\n");
-        BIO_printf(bio_err,
-                   " -print_certs  print any certs or crl in the input\n");
-        BIO_printf(bio_err,
-                   " -text         print full details of certificates\n");
-        BIO_printf(bio_err, " -noout        don't output encoded data\n");
-#ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   " -engine e     use engine e, possibly a hardware device.\n");
-#endif
-        ret = 1;
-        goto end;
-    }
-
-    ERR_load_crypto_strings();
-
-#ifndef OPENSSL_NO_ENGINE
-    setup_engine(bio_err, engine, 0);
-#endif
-
-    in = BIO_new(BIO_s_file());
-    out = BIO_new(BIO_s_file());
-    if ((in == NULL) || (out == NULL)) {
-        ERR_print_errors(bio_err);
-        goto end;
-    }
-
-    if (infile == NULL)
-        BIO_set_fp(in, stdin, BIO_NOCLOSE);
-    else {
-        if (BIO_read_filename(in, infile) <= 0) {
-            BIO_printf(bio_err, "unable to load input file\n");
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-    }
-
-    if (informat == FORMAT_ASN1)
-        p7 = d2i_PKCS7_bio(in, NULL);
-    else if (informat == FORMAT_PEM)
-        p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
-    else {
-        BIO_printf(bio_err, "bad input format specified for pkcs7 object\n");
-        goto end;
-    }
-    if (p7 == NULL) {
-        BIO_printf(bio_err, "unable to load PKCS7 object\n");
-        ERR_print_errors(bio_err);
-        goto end;
-    }
-
-    if (outfile == NULL) {
-        BIO_set_fp(out, stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-        {
-            BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-            out = BIO_push(tmpbio, out);
-        }
-#endif
-    } else {
-        if (BIO_write_filename(out, outfile) <= 0) {
-            perror(outfile);
-            goto end;
-        }
-    }
-
-    if (p7_print)
-        PKCS7_print_ctx(out, p7, 0, NULL);
-
-    if (print_certs) {
-        STACK_OF(X509) *certs = NULL;
-        STACK_OF(X509_CRL) *crls = NULL;
-
-        i = OBJ_obj2nid(p7->type);
-        switch (i) {
-        case NID_pkcs7_signed:
-            certs = p7->d.sign->cert;
-            crls = p7->d.sign->crl;
-            break;
-        case NID_pkcs7_signedAndEnveloped:
-            certs = p7->d.signed_and_enveloped->cert;
-            crls = p7->d.signed_and_enveloped->crl;
-            break;
-        default:
-            break;
-        }
-
-        if (certs != NULL) {
-            X509 *x;
-
-            for (i = 0; i < sk_X509_num(certs); i++) {
-                x = sk_X509_value(certs, i);
-                if (text)
-                    X509_print(out, x);
-                else
-                    dump_cert_text(out, x);
-
-                if (!noout)
-                    PEM_write_bio_X509(out, x);
-                BIO_puts(out, "\n");
-            }
-        }
-        if (crls != NULL) {
-            X509_CRL *crl;
-
-            for (i = 0; i < sk_X509_CRL_num(crls); i++) {
-                crl = sk_X509_CRL_value(crls, i);
-
-                X509_CRL_print(out, crl);
-
-                if (!noout)
-                    PEM_write_bio_X509_CRL(out, crl);
-                BIO_puts(out, "\n");
-            }
-        }
-
-        ret = 0;
-        goto end;
-    }
-
-    if (!noout) {
-        if (outformat == FORMAT_ASN1)
-            i = i2d_PKCS7_bio(out, p7);
-        else if (outformat == FORMAT_PEM)
-            i = PEM_write_bio_PKCS7(out, p7);
-        else {
-            BIO_printf(bio_err, "bad output format specified for outfile\n");
-            goto end;
-        }
-
-        if (!i) {
-            BIO_printf(bio_err, "unable to write pkcs7 object\n");
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-    }
-    ret = 0;
- end:
-    if (p7 != NULL)
-        PKCS7_free(p7);
-    if (in != NULL)
-        BIO_free(in);
-    if (out != NULL)
-        BIO_free_all(out);
-    apps_shutdown();
-    OPENSSL_EXIT(ret);
-}

Copied: vendor-crypto/openssl/1.0.1u/apps/pkcs7.c (from rev 11605, vendor-crypto/openssl/dist/apps/pkcs7.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/apps/pkcs7.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/apps/pkcs7.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,312 @@
+/* apps/pkcs7.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "apps.h"
+#include <openssl/err.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+
+#undef PROG
+#define PROG    pkcs7_main
+
+/*-
+ * -inform arg  - input format - default PEM (DER or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg      - input file - default stdin
+ * -out arg     - output file - default stdout
+ * -print_certs
+ */
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+    PKCS7 *p7 = NULL;
+    int i, badops = 0;
+    BIO *in = NULL, *out = NULL;
+    int informat, outformat;
+    char *infile, *outfile, *prog;
+    int print_certs = 0, text = 0, noout = 0, p7_print = 0;
+    int ret = 1;
+#ifndef OPENSSL_NO_ENGINE
+    char *engine = NULL;
+#endif
+
+    apps_startup();
+
+    if (bio_err == NULL)
+        if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+            BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+    if (!load_config(bio_err, NULL))
+        goto end;
+
+    infile = NULL;
+    outfile = NULL;
+    informat = FORMAT_PEM;
+    outformat = FORMAT_PEM;
+
+    prog = argv[0];
+    argc--;
+    argv++;
+    while (argc >= 1) {
+        if (strcmp(*argv, "-inform") == 0) {
+            if (--argc < 1)
+                goto bad;
+            informat = str2fmt(*(++argv));
+        } else if (strcmp(*argv, "-outform") == 0) {
+            if (--argc < 1)
+                goto bad;
+            outformat = str2fmt(*(++argv));
+        } else if (strcmp(*argv, "-in") == 0) {
+            if (--argc < 1)
+                goto bad;
+            infile = *(++argv);
+        } else if (strcmp(*argv, "-out") == 0) {
+            if (--argc < 1)
+                goto bad;
+            outfile = *(++argv);
+        } else if (strcmp(*argv, "-noout") == 0)
+            noout = 1;
+        else if (strcmp(*argv, "-text") == 0)
+            text = 1;
+        else if (strcmp(*argv, "-print") == 0)
+            p7_print = 1;
+        else if (strcmp(*argv, "-print_certs") == 0)
+            print_certs = 1;
+#ifndef OPENSSL_NO_ENGINE
+        else if (strcmp(*argv, "-engine") == 0) {
+            if (--argc < 1)
+                goto bad;
+            engine = *(++argv);
+        }
+#endif
+        else {
+            BIO_printf(bio_err, "unknown option %s\n", *argv);
+            badops = 1;
+            break;
+        }
+        argc--;
+        argv++;
+    }
+
+    if (badops) {
+ bad:
+        BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
+        BIO_printf(bio_err, "where options are\n");
+        BIO_printf(bio_err, " -inform arg   input format - DER or PEM\n");
+        BIO_printf(bio_err, " -outform arg  output format - DER or PEM\n");
+        BIO_printf(bio_err, " -in arg       input file\n");
+        BIO_printf(bio_err, " -out arg      output file\n");
+        BIO_printf(bio_err,
+                   " -print_certs  print any certs or crl in the input\n");
+        BIO_printf(bio_err,
+                   " -text         print full details of certificates\n");
+        BIO_printf(bio_err, " -noout        don't output encoded data\n");
+#ifndef OPENSSL_NO_ENGINE
+        BIO_printf(bio_err,
+                   " -engine e     use engine e, possibly a hardware device.\n");
+#endif
+        ret = 1;
+        goto end;
+    }
+
+    ERR_load_crypto_strings();
+
+#ifndef OPENSSL_NO_ENGINE
+    setup_engine(bio_err, engine, 0);
+#endif
+
+    in = BIO_new(BIO_s_file());
+    out = BIO_new(BIO_s_file());
+    if ((in == NULL) || (out == NULL)) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if (infile == NULL)
+        BIO_set_fp(in, stdin, BIO_NOCLOSE);
+    else {
+        if (BIO_read_filename(in, infile) <= 0) {
+            BIO_printf(bio_err, "unable to load input file\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (informat == FORMAT_ASN1)
+        p7 = d2i_PKCS7_bio(in, NULL);
+    else if (informat == FORMAT_PEM)
+        p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
+    else {
+        BIO_printf(bio_err, "bad input format specified for pkcs7 object\n");
+        goto end;
+    }
+    if (p7 == NULL) {
+        BIO_printf(bio_err, "unable to load PKCS7 object\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if (outfile == NULL) {
+        BIO_set_fp(out, stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+        {
+            BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+            out = BIO_push(tmpbio, out);
+        }
+#endif
+    } else {
+        if (BIO_write_filename(out, outfile) <= 0) {
+            perror(outfile);
+            goto end;
+        }
+    }
+
+    if (p7_print)
+        PKCS7_print_ctx(out, p7, 0, NULL);
+
+    if (print_certs) {
+        STACK_OF(X509) *certs = NULL;
+        STACK_OF(X509_CRL) *crls = NULL;
+
+        i = OBJ_obj2nid(p7->type);
+        switch (i) {
+        case NID_pkcs7_signed:
+            if (p7->d.sign != NULL) {
+                certs = p7->d.sign->cert;
+                crls = p7->d.sign->crl;
+            }
+            break;
+        case NID_pkcs7_signedAndEnveloped:
+            if (p7->d.signed_and_enveloped != NULL) {
+                certs = p7->d.signed_and_enveloped->cert;
+                crls = p7->d.signed_and_enveloped->crl;
+            }
+            break;
+        default:
+            break;
+        }
+
+        if (certs != NULL) {
+            X509 *x;
+
+            for (i = 0; i < sk_X509_num(certs); i++) {
+                x = sk_X509_value(certs, i);
+                if (text)
+                    X509_print(out, x);
+                else
+                    dump_cert_text(out, x);
+
+                if (!noout)
+                    PEM_write_bio_X509(out, x);
+                BIO_puts(out, "\n");
+            }
+        }
+        if (crls != NULL) {
+            X509_CRL *crl;
+
+            for (i = 0; i < sk_X509_CRL_num(crls); i++) {
+                crl = sk_X509_CRL_value(crls, i);
+
+                X509_CRL_print(out, crl);
+
+                if (!noout)
+                    PEM_write_bio_X509_CRL(out, crl);
+                BIO_puts(out, "\n");
+            }
+        }
+
+        ret = 0;
+        goto end;
+    }
+
+    if (!noout) {
+        if (outformat == FORMAT_ASN1)
+            i = i2d_PKCS7_bio(out, p7);
+        else if (outformat == FORMAT_PEM)
+            i = PEM_write_bio_PKCS7(out, p7);
+        else {
+            BIO_printf(bio_err, "bad output format specified for outfile\n");
+            goto end;
+        }
+
+        if (!i) {
+            BIO_printf(bio_err, "unable to write pkcs7 object\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+    ret = 0;
+ end:
+    if (p7 != NULL)
+        PKCS7_free(p7);
+    if (in != NULL)
+        BIO_free(in);
+    if (out != NULL)
+        BIO_free_all(out);
+    apps_shutdown();
+    OPENSSL_EXIT(ret);
+}

Deleted: vendor-crypto/openssl/1.0.1u/apps/s_server.c
===================================================================
--- vendor-crypto/openssl/dist/apps/s_server.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/apps/s_server.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,2978 +0,0 @@
-/* apps/s_server.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-/*
- * Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code
- */
-#ifdef OPENSSL_NO_DEPRECATED
-# undef OPENSSL_NO_DEPRECATED
-#endif
-
-#include <assert.h>
-#include <ctype.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <openssl/e_os2.h>
-#ifdef OPENSSL_NO_STDIO
-# define APPS_WIN16
-#endif
-
-/* conflicts with winsock2 stuff on netware */
-#if !defined(OPENSSL_SYS_NETWARE)
-# include <sys/types.h>
-#endif
-
-/*
- * With IPv6, it looks like Digital has mixed up the proper order of
- * recursive header file inclusion, resulting in the compiler complaining
- * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is
- * needed to have fileno() declared correctly...  So let's define u_int
- */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
-# define __U_INT
-typedef unsigned int u_int;
-#endif
-
-#include <openssl/lhash.h>
-#include <openssl/bn.h>
-#define USE_SOCKETS
-#include "apps.h"
-#include <openssl/err.h>
-#include <openssl/pem.h>
-#include <openssl/x509.h>
-#include <openssl/ssl.h>
-#include <openssl/rand.h>
-#include <openssl/ocsp.h>
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
-#ifndef OPENSSL_NO_RSA
-# include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_SRP
-# include <openssl/srp.h>
-#endif
-#include "s_apps.h"
-#include "timeouts.h"
-
-#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
-/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
-# undef FIONBIO
-#endif
-
-#if defined(OPENSSL_SYS_BEOS_R5)
-# include <fcntl.h>
-#endif
-
-#ifndef OPENSSL_NO_RSA
-static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
-#endif
-static int sv_body(char *hostname, int s, unsigned char *context);
-static int www_body(char *hostname, int s, unsigned char *context);
-static void close_accept_socket(void);
-static void sv_usage(void);
-static int init_ssl_connection(SSL *s);
-static void print_stats(BIO *bp, SSL_CTX *ctx);
-static int generate_session_id(const SSL *ssl, unsigned char *id,
-                               unsigned int *id_len);
-#ifndef OPENSSL_NO_DH
-static DH *load_dh_param(const char *dhfile);
-static DH *get_dh2048(void);
-#endif
-
-#ifdef MONOLITH
-static void s_server_init(void);
-#endif
-
-#ifndef OPENSSL_NO_DH
-static unsigned char dh2048_p[] = {
-    0xF6,0x42,0x57,0xB7,0x08,0x7F,0x08,0x17,0x72,0xA2,0xBA,0xD6,
-    0xA9,0x42,0xF3,0x05,0xE8,0xF9,0x53,0x11,0x39,0x4F,0xB6,0xF1,
-    0x6E,0xB9,0x4B,0x38,0x20,0xDA,0x01,0xA7,0x56,0xA3,0x14,0xE9,
-    0x8F,0x40,0x55,0xF3,0xD0,0x07,0xC6,0xCB,0x43,0xA9,0x94,0xAD,
-    0xF7,0x4C,0x64,0x86,0x49,0xF8,0x0C,0x83,0xBD,0x65,0xE9,0x17,
-    0xD4,0xA1,0xD3,0x50,0xF8,0xF5,0x59,0x5F,0xDC,0x76,0x52,0x4F,
-    0x3D,0x3D,0x8D,0xDB,0xCE,0x99,0xE1,0x57,0x92,0x59,0xCD,0xFD,
-    0xB8,0xAE,0x74,0x4F,0xC5,0xFC,0x76,0xBC,0x83,0xC5,0x47,0x30,
-    0x61,0xCE,0x7C,0xC9,0x66,0xFF,0x15,0xF9,0xBB,0xFD,0x91,0x5E,
-    0xC7,0x01,0xAA,0xD3,0x5B,0x9E,0x8D,0xA0,0xA5,0x72,0x3A,0xD4,
-    0x1A,0xF0,0xBF,0x46,0x00,0x58,0x2B,0xE5,0xF4,0x88,0xFD,0x58,
-    0x4E,0x49,0xDB,0xCD,0x20,0xB4,0x9D,0xE4,0x91,0x07,0x36,0x6B,
-    0x33,0x6C,0x38,0x0D,0x45,0x1D,0x0F,0x7C,0x88,0xB3,0x1C,0x7C,
-    0x5B,0x2D,0x8E,0xF6,0xF3,0xC9,0x23,0xC0,0x43,0xF0,0xA5,0x5B,
-    0x18,0x8D,0x8E,0xBB,0x55,0x8C,0xB8,0x5D,0x38,0xD3,0x34,0xFD,
-    0x7C,0x17,0x57,0x43,0xA3,0x1D,0x18,0x6C,0xDE,0x33,0x21,0x2C,
-    0xB5,0x2A,0xFF,0x3C,0xE1,0xB1,0x29,0x40,0x18,0x11,0x8D,0x7C,
-    0x84,0xA7,0x0A,0x72,0xD6,0x86,0xC4,0x03,0x19,0xC8,0x07,0x29,
-    0x7A,0xCA,0x95,0x0C,0xD9,0x96,0x9F,0xAB,0xD0,0x0A,0x50,0x9B,
-    0x02,0x46,0xD3,0x08,0x3D,0x66,0xA4,0x5D,0x41,0x9F,0x9C,0x7C,
-    0xBD,0x89,0x4B,0x22,0x19,0x26,0xBA,0xAB,0xA2,0x5E,0xC3,0x55,
-    0xE9,0x32,0x0B,0x3B,
-};
-
-static unsigned char dh2048_g[] = {
-    0x02,
-};
-
-DH *get_dh2048()
-{
-    DH *dh;
-
-    if ((dh = DH_new()) == NULL)
-        return NULL;
-    dh->p=BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
-    dh->g=BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
-    if (dh->p == NULL || dh->g == NULL) {
-        DH_free(dh);
-        return NULL;
-    }
-    return dh;
-}
-#endif
-
-/* static int load_CA(SSL_CTX *ctx, char *file);*/
-
-#undef BUFSIZZ
-#define BUFSIZZ 16*1024
-static int bufsize = BUFSIZZ;
-static int accept_socket = -1;
-
-#define TEST_CERT       "server.pem"
-#ifndef OPENSSL_NO_TLSEXT
-# define TEST_CERT2      "server2.pem"
-#endif
-#undef PROG
-#define PROG            s_server_main
-
-extern int verify_depth, verify_return_error;
-
-static char *cipher = NULL;
-static int s_server_verify = SSL_VERIFY_NONE;
-static int s_server_session_id_context = 1; /* anything will do */
-static const char *s_cert_file = TEST_CERT, *s_key_file = NULL;
-#ifndef OPENSSL_NO_TLSEXT
-static const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL;
-#endif
-static char *s_dcert_file = NULL, *s_dkey_file = NULL;
-#ifdef FIONBIO
-static int s_nbio = 0;
-#endif
-static int s_nbio_test = 0;
-int s_crlf = 0;
-static SSL_CTX *ctx = NULL;
-#ifndef OPENSSL_NO_TLSEXT
-static SSL_CTX *ctx2 = NULL;
-#endif
-static int www = 0;
-
-static BIO *bio_s_out = NULL;
-static int s_debug = 0;
-#ifndef OPENSSL_NO_TLSEXT
-static int s_tlsextdebug = 0;
-static int s_tlsextstatus = 0;
-static int cert_status_cb(SSL *s, void *arg);
-#endif
-static int s_msg = 0;
-static int s_quiet = 0;
-
-static char *keymatexportlabel = NULL;
-static int keymatexportlen = 20;
-
-static int hack = 0;
-#ifndef OPENSSL_NO_ENGINE
-static char *engine_id = NULL;
-#endif
-static const char *session_id_prefix = NULL;
-
-static int enable_timeouts = 0;
-static long socket_mtu;
-#ifndef OPENSSL_NO_DTLS1
-static int cert_chain = 0;
-#endif
-
-#ifndef OPENSSL_NO_PSK
-static char *psk_identity = "Client_identity";
-char *psk_key = NULL;           /* by default PSK is not used */
-
-static unsigned int psk_server_cb(SSL *ssl, const char *identity,
-                                  unsigned char *psk,
-                                  unsigned int max_psk_len)
-{
-    unsigned int psk_len = 0;
-    int ret;
-    BIGNUM *bn = NULL;
-
-    if (s_debug)
-        BIO_printf(bio_s_out, "psk_server_cb\n");
-    if (!identity) {
-        BIO_printf(bio_err, "Error: client did not send PSK identity\n");
-        goto out_err;
-    }
-    if (s_debug)
-        BIO_printf(bio_s_out, "identity_len=%d identity=%s\n",
-                   (int)strlen(identity), identity);
-
-    /* here we could lookup the given identity e.g. from a database */
-    if (strcmp(identity, psk_identity) != 0) {
-        BIO_printf(bio_s_out, "PSK error: client identity not found"
-                   " (got '%s' expected '%s')\n", identity, psk_identity);
-        goto out_err;
-    }
-    if (s_debug)
-        BIO_printf(bio_s_out, "PSK client identity found\n");
-
-    /* convert the PSK key to binary */
-    ret = BN_hex2bn(&bn, psk_key);
-    if (!ret) {
-        BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
-                   psk_key);
-        if (bn)
-            BN_free(bn);
-        return 0;
-    }
-    if (BN_num_bytes(bn) > (int)max_psk_len) {
-        BIO_printf(bio_err,
-                   "psk buffer of callback is too small (%d) for key (%d)\n",
-                   max_psk_len, BN_num_bytes(bn));
-        BN_free(bn);
-        return 0;
-    }
-
-    ret = BN_bn2bin(bn, psk);
-    BN_free(bn);
-
-    if (ret < 0)
-        goto out_err;
-    psk_len = (unsigned int)ret;
-
-    if (s_debug)
-        BIO_printf(bio_s_out, "fetched PSK len=%d\n", psk_len);
-    return psk_len;
- out_err:
-    if (s_debug)
-        BIO_printf(bio_err, "Error in PSK server callback\n");
-    return 0;
-}
-#endif
-
-#ifndef OPENSSL_NO_SRP
-/* This is a context that we pass to callbacks */
-typedef struct srpsrvparm_st {
-    char *login;
-    SRP_VBASE *vb;
-    SRP_user_pwd *user;
-} srpsrvparm;
-
-/*
- * This callback pretends to require some asynchronous logic in order to
- * obtain a verifier. When the callback is called for a new connection we
- * return with a negative value. This will provoke the accept etc to return
- * with an LOOKUP_X509. The main logic of the reinvokes the suspended call
- * (which would normally occur after a worker has finished) and we set the
- * user parameters.
- */
-static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
-{
-    srpsrvparm *p = (srpsrvparm *) arg;
-    if (p->login == NULL && p->user == NULL) {
-        p->login = SSL_get_srp_username(s);
-        BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login);
-        return (-1);
-    }
-
-    if (p->user == NULL) {
-        BIO_printf(bio_err, "User %s doesn't exist\n", p->login);
-        return SSL3_AL_FATAL;
-    }
-    if (SSL_set_srp_server_param
-        (s, p->user->N, p->user->g, p->user->s, p->user->v,
-         p->user->info) < 0) {
-        *ad = SSL_AD_INTERNAL_ERROR;
-        return SSL3_AL_FATAL;
-    }
-    BIO_printf(bio_err,
-               "SRP parameters set: username = \"%s\" info=\"%s\" \n",
-               p->login, p->user->info);
-    /* need to check whether there are memory leaks */
-    p->user = NULL;
-    p->login = NULL;
-    return SSL_ERROR_NONE;
-}
-
-#endif
-
-#ifdef MONOLITH
-static void s_server_init(void)
-{
-    accept_socket = -1;
-    cipher = NULL;
-    s_server_verify = SSL_VERIFY_NONE;
-    s_dcert_file = NULL;
-    s_dkey_file = NULL;
-    s_cert_file = TEST_CERT;
-    s_key_file = NULL;
-# ifndef OPENSSL_NO_TLSEXT
-    s_cert_file2 = TEST_CERT2;
-    s_key_file2 = NULL;
-    ctx2 = NULL;
-# endif
-# ifdef FIONBIO
-    s_nbio = 0;
-# endif
-    s_nbio_test = 0;
-    ctx = NULL;
-    www = 0;
-
-    bio_s_out = NULL;
-    s_debug = 0;
-    s_msg = 0;
-    s_quiet = 0;
-    hack = 0;
-# ifndef OPENSSL_NO_ENGINE
-    engine_id = NULL;
-# endif
-}
-#endif
-
-static void sv_usage(void)
-{
-    BIO_printf(bio_err, "usage: s_server [args ...]\n");
-    BIO_printf(bio_err, "\n");
-    BIO_printf(bio_err,
-               " -accept arg   - port to accept on (default is %d)\n", PORT);
-    BIO_printf(bio_err, " -context arg  - set session ID context\n");
-    BIO_printf(bio_err,
-               " -verify arg   - turn on peer certificate verification\n");
-    BIO_printf(bio_err,
-               " -Verify arg   - turn on peer certificate verification, must have a cert.\n");
-    BIO_printf(bio_err,
-               " -verify_return_error - return verification errors\n");
-    BIO_printf(bio_err, " -cert arg     - certificate file to use\n");
-    BIO_printf(bio_err, "                 (default is %s)\n", TEST_CERT);
-    BIO_printf(bio_err,
-               " -crl_check    - check the peer certificate has not been revoked by its CA.\n"
-               "                 The CRL(s) are appended to the certificate file\n");
-    BIO_printf(bio_err,
-               " -crl_check_all - check the peer certificate has not been revoked by its CA\n"
-               "                 or any other CRL in the CA chain. CRL(s) are appened to the\n"
-               "                 the certificate file.\n");
-    BIO_printf(bio_err,
-               " -certform arg - certificate format (PEM or DER) PEM default\n");
-    BIO_printf(bio_err,
-               " -key arg      - Private Key file to use, in cert file if\n");
-    BIO_printf(bio_err, "                 not specified (default is %s)\n",
-               TEST_CERT);
-    BIO_printf(bio_err,
-               " -keyform arg  - key format (PEM, DER or ENGINE) PEM default\n");
-    BIO_printf(bio_err,
-               " -pass arg     - private key file pass phrase source\n");
-    BIO_printf(bio_err,
-               " -dcert arg    - second certificate file to use (usually for DSA)\n");
-    BIO_printf(bio_err,
-               " -dcertform x  - second certificate format (PEM or DER) PEM default\n");
-    BIO_printf(bio_err,
-               " -dkey arg     - second private key file to use (usually for DSA)\n");
-    BIO_printf(bio_err,
-               " -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default\n");
-    BIO_printf(bio_err,
-               " -dpass arg    - second private key file pass phrase source\n");
-    BIO_printf(bio_err,
-               " -dhparam arg  - DH parameter file to use, in cert file if not specified\n");
-    BIO_printf(bio_err,
-               "                 or a default set of parameters is used\n");
-#ifndef OPENSSL_NO_ECDH
-    BIO_printf(bio_err,
-               " -named_curve arg  - Elliptic curve name to use for ephemeral ECDH keys.\n"
-               "                 Use \"openssl ecparam -list_curves\" for all names\n"
-               "                 (default is nistp256).\n");
-#endif
-#ifdef FIONBIO
-    BIO_printf(bio_err, " -nbio         - Run with non-blocking IO\n");
-#endif
-    BIO_printf(bio_err,
-               " -nbio_test    - test with the non-blocking test bio\n");
-    BIO_printf(bio_err,
-               " -crlf         - convert LF from terminal into CRLF\n");
-    BIO_printf(bio_err, " -debug        - Print more output\n");
-    BIO_printf(bio_err, " -msg          - Show protocol messages\n");
-    BIO_printf(bio_err, " -state        - Print the SSL states\n");
-    BIO_printf(bio_err, " -CApath arg   - PEM format directory of CA's\n");
-    BIO_printf(bio_err, " -CAfile arg   - PEM format file of CA's\n");
-    BIO_printf(bio_err,
-               " -no_alt_chains - only ever use the first certificate chain found\n");
-    BIO_printf(bio_err,
-               " -nocert       - Don't use any certificates (Anon-DH)\n");
-    BIO_printf(bio_err,
-               " -cipher arg   - play with 'openssl ciphers' to see what goes here\n");
-    BIO_printf(bio_err, " -serverpref   - Use server's cipher preferences\n");
-    BIO_printf(bio_err, " -quiet        - No server output\n");
-    BIO_printf(bio_err, " -no_tmp_rsa   - Do not generate a tmp RSA key\n");
-#ifndef OPENSSL_NO_PSK
-    BIO_printf(bio_err, " -psk_hint arg - PSK identity hint to use\n");
-    BIO_printf(bio_err, " -psk arg      - PSK in hex (without 0x)\n");
-# ifndef OPENSSL_NO_JPAKE
-    BIO_printf(bio_err, " -jpake arg    - JPAKE secret to use\n");
-# endif
-#endif
-#ifndef OPENSSL_NO_SRP
-    BIO_printf(bio_err, " -srpvfile file      - The verifier file for SRP\n");
-    BIO_printf(bio_err,
-               " -srpuserseed string - A seed string for a default user salt.\n");
-#endif
-    BIO_printf(bio_err, " -ssl2         - Just talk SSLv2\n");
-#ifndef OPENSSL_NO_SSL3_METHOD
-    BIO_printf(bio_err, " -ssl3         - Just talk SSLv3\n");
-#endif
-    BIO_printf(bio_err, " -tls1_2       - Just talk TLSv1.2\n");
-    BIO_printf(bio_err, " -tls1_1       - Just talk TLSv1.1\n");
-    BIO_printf(bio_err, " -tls1         - Just talk TLSv1\n");
-    BIO_printf(bio_err, " -dtls1        - Just talk DTLSv1\n");
-    BIO_printf(bio_err, " -timeout      - Enable timeouts\n");
-    BIO_printf(bio_err, " -mtu          - Set link layer MTU\n");
-    BIO_printf(bio_err, " -chain        - Read a certificate chain\n");
-    BIO_printf(bio_err, " -no_ssl2      - Just disable SSLv2\n");
-    BIO_printf(bio_err, " -no_ssl3      - Just disable SSLv3\n");
-    BIO_printf(bio_err, " -no_tls1      - Just disable TLSv1\n");
-    BIO_printf(bio_err, " -no_tls1_1    - Just disable TLSv1.1\n");
-    BIO_printf(bio_err, " -no_tls1_2    - Just disable TLSv1.2\n");
-#ifndef OPENSSL_NO_DH
-    BIO_printf(bio_err, " -no_dhe       - Disable ephemeral DH\n");
-#endif
-#ifndef OPENSSL_NO_ECDH
-    BIO_printf(bio_err, " -no_ecdhe     - Disable ephemeral ECDH\n");
-#endif
-    BIO_printf(bio_err, " -bugs         - Turn on SSL bug compatibility\n");
-    BIO_printf(bio_err,
-               " -hack         - workaround for early Netscape code\n");
-    BIO_printf(bio_err,
-               " -www          - Respond to a 'GET /' with a status page\n");
-    BIO_printf(bio_err,
-               " -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
-    BIO_printf(bio_err,
-               " -HTTP         - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
-    BIO_printf(bio_err,
-               "                 with the assumption it contains a complete HTTP response.\n");
-#ifndef OPENSSL_NO_ENGINE
-    BIO_printf(bio_err,
-               " -engine id    - Initialise and use the specified engine\n");
-#endif
-    BIO_printf(bio_err,
-               " -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
-    BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
-               LIST_SEPARATOR_CHAR);
-#ifndef OPENSSL_NO_TLSEXT
-    BIO_printf(bio_err,
-               " -servername host - servername for HostName TLS extension\n");
-    BIO_printf(bio_err,
-               " -servername_fatal - on mismatch send fatal alert (default warning alert)\n");
-    BIO_printf(bio_err,
-               " -cert2 arg    - certificate file to use for servername\n");
-    BIO_printf(bio_err, "                 (default is %s)\n", TEST_CERT2);
-    BIO_printf(bio_err,
-               " -key2 arg     - Private Key file to use for servername, in cert file if\n");
-    BIO_printf(bio_err, "                 not specified (default is %s)\n",
-               TEST_CERT2);
-    BIO_printf(bio_err,
-               " -tlsextdebug  - hex dump of all TLS extensions received\n");
-    BIO_printf(bio_err,
-               " -no_ticket    - disable use of RFC4507bis session tickets\n");
-    BIO_printf(bio_err,
-               " -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
-# ifndef OPENSSL_NO_NEXTPROTONEG
-    BIO_printf(bio_err,
-               " -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n");
-# endif
-# ifndef OPENSSL_NO_SRTP
-    BIO_printf(bio_err,
-               " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
-# endif
-#endif
-    BIO_printf(bio_err,
-               " -keymatexport label   - Export keying material using label\n");
-    BIO_printf(bio_err,
-               " -keymatexportlen len  - Export len bytes of keying material (default 20)\n");
-    BIO_printf(bio_err,
-               " -status           - respond to certificate status requests\n");
-    BIO_printf(bio_err,
-               " -status_verbose   - enable status request verbose printout\n");
-    BIO_printf(bio_err,
-               " -status_timeout n - status request responder timeout\n");
-    BIO_printf(bio_err, " -status_url URL   - status request fallback URL\n");
-}
-
-static int local_argc = 0;
-static char **local_argv;
-
-#ifdef CHARSET_EBCDIC
-static int ebcdic_new(BIO *bi);
-static int ebcdic_free(BIO *a);
-static int ebcdic_read(BIO *b, char *out, int outl);
-static int ebcdic_write(BIO *b, const char *in, int inl);
-static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr);
-static int ebcdic_gets(BIO *bp, char *buf, int size);
-static int ebcdic_puts(BIO *bp, const char *str);
-
-# define BIO_TYPE_EBCDIC_FILTER  (18|0x0200)
-static BIO_METHOD methods_ebcdic = {
-    BIO_TYPE_EBCDIC_FILTER,
-    "EBCDIC/ASCII filter",
-    ebcdic_write,
-    ebcdic_read,
-    ebcdic_puts,
-    ebcdic_gets,
-    ebcdic_ctrl,
-    ebcdic_new,
-    ebcdic_free,
-};
-
-typedef struct {
-    size_t alloced;
-    char buff[1];
-} EBCDIC_OUTBUFF;
-
-BIO_METHOD *BIO_f_ebcdic_filter()
-{
-    return (&methods_ebcdic);
-}
-
-static int ebcdic_new(BIO *bi)
-{
-    EBCDIC_OUTBUFF *wbuf;
-
-    wbuf = (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024);
-    if (!wbuf)
-        return 0;
-    wbuf->alloced = 1024;
-    wbuf->buff[0] = '\0';
-
-    bi->ptr = (char *)wbuf;
-    bi->init = 1;
-    bi->flags = 0;
-    return (1);
-}
-
-static int ebcdic_free(BIO *a)
-{
-    if (a == NULL)
-        return (0);
-    if (a->ptr != NULL)
-        OPENSSL_free(a->ptr);
-    a->ptr = NULL;
-    a->init = 0;
-    a->flags = 0;
-    return (1);
-}
-
-static int ebcdic_read(BIO *b, char *out, int outl)
-{
-    int ret = 0;
-
-    if (out == NULL || outl == 0)
-        return (0);
-    if (b->next_bio == NULL)
-        return (0);
-
-    ret = BIO_read(b->next_bio, out, outl);
-    if (ret > 0)
-        ascii2ebcdic(out, out, ret);
-    return (ret);
-}
-
-static int ebcdic_write(BIO *b, const char *in, int inl)
-{
-    EBCDIC_OUTBUFF *wbuf;
-    int ret = 0;
-    int num;
-    unsigned char n;
-
-    if ((in == NULL) || (inl <= 0))
-        return (0);
-    if (b->next_bio == NULL)
-        return (0);
-
-    wbuf = (EBCDIC_OUTBUFF *) b->ptr;
-
-    if (inl > (num = wbuf->alloced)) {
-        num = num + num;        /* double the size */
-        if (num < inl)
-            num = inl;
-        wbuf =
-            (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num);
-        if (!wbuf)
-            return 0;
-        OPENSSL_free(b->ptr);
-
-        wbuf->alloced = num;
-        wbuf->buff[0] = '\0';
-
-        b->ptr = (char *)wbuf;
-    }
-
-    ebcdic2ascii(wbuf->buff, in, inl);
-
-    ret = BIO_write(b->next_bio, wbuf->buff, inl);
-
-    return (ret);
-}
-
-static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
-{
-    long ret;
-
-    if (b->next_bio == NULL)
-        return (0);
-    switch (cmd) {
-    case BIO_CTRL_DUP:
-        ret = 0L;
-        break;
-    default:
-        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
-        break;
-    }
-    return (ret);
-}
-
-static int ebcdic_gets(BIO *bp, char *buf, int size)
-{
-    int i, ret = 0;
-    if (bp->next_bio == NULL)
-        return (0);
-/*      return(BIO_gets(bp->next_bio,buf,size));*/
-    for (i = 0; i < size - 1; ++i) {
-        ret = ebcdic_read(bp, &buf[i], 1);
-        if (ret <= 0)
-            break;
-        else if (buf[i] == '\n') {
-            ++i;
-            break;
-        }
-    }
-    if (i < size)
-        buf[i] = '\0';
-    return (ret < 0 && i == 0) ? ret : i;
-}
-
-static int ebcdic_puts(BIO *bp, const char *str)
-{
-    if (bp->next_bio == NULL)
-        return (0);
-    return ebcdic_write(bp, str, strlen(str));
-}
-#endif
-
-#ifndef OPENSSL_NO_TLSEXT
-
-/* This is a context that we pass to callbacks */
-typedef struct tlsextctx_st {
-    char *servername;
-    BIO *biodebug;
-    int extension_error;
-} tlsextctx;
-
-static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
-{
-    tlsextctx *p = (tlsextctx *) arg;
-    const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
-    if (servername && p->biodebug)
-        BIO_printf(p->biodebug, "Hostname in TLS extension: \"%s\"\n",
-                   servername);
-
-    if (!p->servername)
-        return SSL_TLSEXT_ERR_NOACK;
-
-    if (servername) {
-        if (strcasecmp(servername, p->servername))
-            return p->extension_error;
-        if (ctx2) {
-            BIO_printf(p->biodebug, "Switching server context.\n");
-            SSL_set_SSL_CTX(s, ctx2);
-        }
-    }
-    return SSL_TLSEXT_ERR_OK;
-}
-
-/* Structure passed to cert status callback */
-
-typedef struct tlsextstatusctx_st {
-    /* Default responder to use */
-    char *host, *path, *port;
-    int use_ssl;
-    int timeout;
-    BIO *err;
-    int verbose;
-} tlsextstatusctx;
-
-static tlsextstatusctx tlscstatp = { NULL, NULL, NULL, 0, -1, NULL, 0 };
-
-/*
- * Certificate Status callback. This is called when a client includes a
- * certificate status request extension. This is a simplified version. It
- * examines certificates each time and makes one OCSP responder query for
- * each request. A full version would store details such as the OCSP
- * certificate IDs and minimise the number of OCSP responses by caching them
- * until they were considered "expired".
- */
-
-static int cert_status_cb(SSL *s, void *arg)
-{
-    tlsextstatusctx *srctx = arg;
-    BIO *err = srctx->err;
-    char *host, *port, *path;
-    int use_ssl;
-    unsigned char *rspder = NULL;
-    int rspderlen;
-    STACK_OF(OPENSSL_STRING) *aia = NULL;
-    X509 *x = NULL;
-    X509_STORE_CTX inctx;
-    X509_OBJECT obj;
-    OCSP_REQUEST *req = NULL;
-    OCSP_RESPONSE *resp = NULL;
-    OCSP_CERTID *id = NULL;
-    STACK_OF(X509_EXTENSION) *exts;
-    int ret = SSL_TLSEXT_ERR_NOACK;
-    int i;
-# if 0
-    STACK_OF(OCSP_RESPID) *ids;
-    SSL_get_tlsext_status_ids(s, &ids);
-    BIO_printf(err, "cert_status: received %d ids\n",
-               sk_OCSP_RESPID_num(ids));
-# endif
-    if (srctx->verbose)
-        BIO_puts(err, "cert_status: callback called\n");
-    /* Build up OCSP query from server certificate */
-    x = SSL_get_certificate(s);
-    aia = X509_get1_ocsp(x);
-    if (aia) {
-        if (!OCSP_parse_url(sk_OPENSSL_STRING_value(aia, 0),
-                            &host, &port, &path, &use_ssl)) {
-            BIO_puts(err, "cert_status: can't parse AIA URL\n");
-            goto err;
-        }
-        if (srctx->verbose)
-            BIO_printf(err, "cert_status: AIA URL: %s\n",
-                       sk_OPENSSL_STRING_value(aia, 0));
-    } else {
-        if (!srctx->host) {
-            BIO_puts(srctx->err,
-                     "cert_status: no AIA and no default responder URL\n");
-            goto done;
-        }
-        host = srctx->host;
-        path = srctx->path;
-        port = srctx->port;
-        use_ssl = srctx->use_ssl;
-    }
-
-    if (!X509_STORE_CTX_init(&inctx,
-                             SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)),
-                             NULL, NULL))
-        goto err;
-    if (X509_STORE_get_by_subject(&inctx, X509_LU_X509,
-                                  X509_get_issuer_name(x), &obj) <= 0) {
-        BIO_puts(err, "cert_status: Can't retrieve issuer certificate.\n");
-        X509_STORE_CTX_cleanup(&inctx);
-        goto done;
-    }
-    req = OCSP_REQUEST_new();
-    if (!req)
-        goto err;
-    id = OCSP_cert_to_id(NULL, x, obj.data.x509);
-    X509_free(obj.data.x509);
-    X509_STORE_CTX_cleanup(&inctx);
-    if (!id)
-        goto err;
-    if (!OCSP_request_add0_id(req, id))
-        goto err;
-    id = NULL;
-    /* Add any extensions to the request */
-    SSL_get_tlsext_status_exts(s, &exts);
-    for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
-        X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
-        if (!OCSP_REQUEST_add_ext(req, ext, -1))
-            goto err;
-    }
-    resp = process_responder(err, req, host, path, port, use_ssl, NULL,
-                             srctx->timeout);
-    if (!resp) {
-        BIO_puts(err, "cert_status: error querying responder\n");
-        goto done;
-    }
-    rspderlen = i2d_OCSP_RESPONSE(resp, &rspder);
-    if (rspderlen <= 0)
-        goto err;
-    SSL_set_tlsext_status_ocsp_resp(s, rspder, rspderlen);
-    if (srctx->verbose) {
-        BIO_puts(err, "cert_status: ocsp response sent:\n");
-        OCSP_RESPONSE_print(err, resp, 2);
-    }
-    ret = SSL_TLSEXT_ERR_OK;
- done:
-    if (ret != SSL_TLSEXT_ERR_OK)
-        ERR_print_errors(err);
-    if (aia) {
-        OPENSSL_free(host);
-        OPENSSL_free(path);
-        OPENSSL_free(port);
-        X509_email_free(aia);
-    }
-    if (id)
-        OCSP_CERTID_free(id);
-    if (req)
-        OCSP_REQUEST_free(req);
-    if (resp)
-        OCSP_RESPONSE_free(resp);
-    return ret;
- err:
-    ret = SSL_TLSEXT_ERR_ALERT_FATAL;
-    goto done;
-}
-
-# ifndef OPENSSL_NO_NEXTPROTONEG
-/* This is the context that we pass to next_proto_cb */
-typedef struct tlsextnextprotoctx_st {
-    unsigned char *data;
-    unsigned int len;
-} tlsextnextprotoctx;
-
-static int next_proto_cb(SSL *s, const unsigned char **data,
-                         unsigned int *len, void *arg)
-{
-    tlsextnextprotoctx *next_proto = arg;
-
-    *data = next_proto->data;
-    *len = next_proto->len;
-
-    return SSL_TLSEXT_ERR_OK;
-}
-# endif                         /* ndef OPENSSL_NO_NEXTPROTONEG */
-
-#endif
-
-int MAIN(int, char **);
-
-#ifndef OPENSSL_NO_JPAKE
-static char *jpake_secret = NULL;
-#endif
-#ifndef OPENSSL_NO_SRP
-static srpsrvparm srp_callback_parm;
-#endif
-#ifndef OPENSSL_NO_SRTP
-static char *srtp_profiles = NULL;
-#endif
-
-int MAIN(int argc, char *argv[])
-{
-    X509_VERIFY_PARAM *vpm = NULL;
-    int badarg = 0;
-    short port = PORT;
-    char *CApath = NULL, *CAfile = NULL;
-    unsigned char *context = NULL;
-    char *dhfile = NULL;
-#ifndef OPENSSL_NO_ECDH
-    char *named_curve = NULL;
-#endif
-    int badop = 0, bugs = 0;
-    int ret = 1;
-    int off = 0;
-    int no_tmp_rsa = 0, no_dhe = 0, nocert = 0;
-#ifndef OPENSSL_NO_ECDH
-    int no_ecdhe = 0;
-#endif
-    int state = 0;
-    const SSL_METHOD *meth = NULL;
-    int socket_type = SOCK_STREAM;
-    ENGINE *e = NULL;
-    char *inrand = NULL;
-    int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
-    char *passarg = NULL, *pass = NULL;
-    char *dpassarg = NULL, *dpass = NULL;
-    int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
-    X509 *s_cert = NULL, *s_dcert = NULL;
-    EVP_PKEY *s_key = NULL, *s_dkey = NULL;
-    int no_cache = 0;
-#ifndef OPENSSL_NO_TLSEXT
-    EVP_PKEY *s_key2 = NULL;
-    X509 *s_cert2 = NULL;
-    tlsextctx tlsextcbp = { NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING };
-# ifndef OPENSSL_NO_NEXTPROTONEG
-    const char *next_proto_neg_in = NULL;
-    tlsextnextprotoctx next_proto;
-# endif
-#endif
-#ifndef OPENSSL_NO_PSK
-    /* by default do not send a PSK identity hint */
-    static char *psk_identity_hint = NULL;
-#endif
-#ifndef OPENSSL_NO_SRP
-    char *srpuserseed = NULL;
-    char *srp_verifier_file = NULL;
-#endif
-    meth = SSLv23_server_method();
-
-    local_argc = argc;
-    local_argv = argv;
-
-    apps_startup();
-#ifdef MONOLITH
-    s_server_init();
-#endif
-
-    if (bio_err == NULL)
-        bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
-
-    if (!load_config(bio_err, NULL))
-        goto end;
-
-    verify_depth = 0;
-#ifdef FIONBIO
-    s_nbio = 0;
-#endif
-    s_nbio_test = 0;
-
-    argc--;
-    argv++;
-
-    while (argc >= 1) {
-        if ((strcmp(*argv, "-port") == 0) || (strcmp(*argv, "-accept") == 0)) {
-            if (--argc < 1)
-                goto bad;
-            if (!extract_port(*(++argv), &port))
-                goto bad;
-        } else if (strcmp(*argv, "-verify") == 0) {
-            s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
-            if (--argc < 1)
-                goto bad;
-            verify_depth = atoi(*(++argv));
-            BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
-        } else if (strcmp(*argv, "-Verify") == 0) {
-            s_server_verify =
-                SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
-                SSL_VERIFY_CLIENT_ONCE;
-            if (--argc < 1)
-                goto bad;
-            verify_depth = atoi(*(++argv));
-            BIO_printf(bio_err,
-                       "verify depth is %d, must return a certificate\n",
-                       verify_depth);
-        } else if (strcmp(*argv, "-context") == 0) {
-            if (--argc < 1)
-                goto bad;
-            context = (unsigned char *)*(++argv);
-        } else if (strcmp(*argv, "-cert") == 0) {
-            if (--argc < 1)
-                goto bad;
-            s_cert_file = *(++argv);
-        } else if (strcmp(*argv, "-certform") == 0) {
-            if (--argc < 1)
-                goto bad;
-            s_cert_format = str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-key") == 0) {
-            if (--argc < 1)
-                goto bad;
-            s_key_file = *(++argv);
-        } else if (strcmp(*argv, "-keyform") == 0) {
-            if (--argc < 1)
-                goto bad;
-            s_key_format = str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-pass") == 0) {
-            if (--argc < 1)
-                goto bad;
-            passarg = *(++argv);
-        } else if (strcmp(*argv, "-dhparam") == 0) {
-            if (--argc < 1)
-                goto bad;
-            dhfile = *(++argv);
-        }
-#ifndef OPENSSL_NO_ECDH
-        else if (strcmp(*argv, "-named_curve") == 0) {
-            if (--argc < 1)
-                goto bad;
-            named_curve = *(++argv);
-        }
-#endif
-        else if (strcmp(*argv, "-dcertform") == 0) {
-            if (--argc < 1)
-                goto bad;
-            s_dcert_format = str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-dcert") == 0) {
-            if (--argc < 1)
-                goto bad;
-            s_dcert_file = *(++argv);
-        } else if (strcmp(*argv, "-dkeyform") == 0) {
-            if (--argc < 1)
-                goto bad;
-            s_dkey_format = str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-dpass") == 0) {
-            if (--argc < 1)
-                goto bad;
-            dpassarg = *(++argv);
-        } else if (strcmp(*argv, "-dkey") == 0) {
-            if (--argc < 1)
-                goto bad;
-            s_dkey_file = *(++argv);
-        } else if (strcmp(*argv, "-nocert") == 0) {
-            nocert = 1;
-        } else if (strcmp(*argv, "-CApath") == 0) {
-            if (--argc < 1)
-                goto bad;
-            CApath = *(++argv);
-        } else if (strcmp(*argv, "-no_cache") == 0)
-            no_cache = 1;
-        else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) {
-            if (badarg)
-                goto bad;
-            continue;
-        } else if (strcmp(*argv, "-verify_return_error") == 0)
-            verify_return_error = 1;
-        else if (strcmp(*argv, "-serverpref") == 0) {
-            off |= SSL_OP_CIPHER_SERVER_PREFERENCE;
-        } else if (strcmp(*argv, "-legacy_renegotiation") == 0)
-            off |= SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
-        else if (strcmp(*argv, "-cipher") == 0) {
-            if (--argc < 1)
-                goto bad;
-            cipher = *(++argv);
-        } else if (strcmp(*argv, "-CAfile") == 0) {
-            if (--argc < 1)
-                goto bad;
-            CAfile = *(++argv);
-        }
-#ifdef FIONBIO
-        else if (strcmp(*argv, "-nbio") == 0) {
-            s_nbio = 1;
-        }
-#endif
-        else if (strcmp(*argv, "-nbio_test") == 0) {
-#ifdef FIONBIO
-            s_nbio = 1;
-#endif
-            s_nbio_test = 1;
-        } else if (strcmp(*argv, "-debug") == 0) {
-            s_debug = 1;
-        }
-#ifndef OPENSSL_NO_TLSEXT
-        else if (strcmp(*argv, "-tlsextdebug") == 0)
-            s_tlsextdebug = 1;
-        else if (strcmp(*argv, "-status") == 0)
-            s_tlsextstatus = 1;
-        else if (strcmp(*argv, "-status_verbose") == 0) {
-            s_tlsextstatus = 1;
-            tlscstatp.verbose = 1;
-        } else if (!strcmp(*argv, "-status_timeout")) {
-            s_tlsextstatus = 1;
-            if (--argc < 1)
-                goto bad;
-            tlscstatp.timeout = atoi(*(++argv));
-        } else if (!strcmp(*argv, "-status_url")) {
-            s_tlsextstatus = 1;
-            if (--argc < 1)
-                goto bad;
-            if (!OCSP_parse_url(*(++argv),
-                                &tlscstatp.host,
-                                &tlscstatp.port,
-                                &tlscstatp.path, &tlscstatp.use_ssl)) {
-                BIO_printf(bio_err, "Error parsing URL\n");
-                goto bad;
-            }
-        }
-#endif
-        else if (strcmp(*argv, "-msg") == 0) {
-            s_msg = 1;
-        } else if (strcmp(*argv, "-hack") == 0) {
-            hack = 1;
-        } else if (strcmp(*argv, "-state") == 0) {
-            state = 1;
-        } else if (strcmp(*argv, "-crlf") == 0) {
-            s_crlf = 1;
-        } else if (strcmp(*argv, "-quiet") == 0) {
-            s_quiet = 1;
-        } else if (strcmp(*argv, "-bugs") == 0) {
-            bugs = 1;
-        } else if (strcmp(*argv, "-no_tmp_rsa") == 0) {
-            no_tmp_rsa = 1;
-        } else if (strcmp(*argv, "-no_dhe") == 0) {
-            no_dhe = 1;
-        }
-#ifndef OPENSSL_NO_ECDH
-        else if (strcmp(*argv, "-no_ecdhe") == 0) {
-            no_ecdhe = 1;
-        }
-#endif
-#ifndef OPENSSL_NO_PSK
-        else if (strcmp(*argv, "-psk_hint") == 0) {
-            if (--argc < 1)
-                goto bad;
-            psk_identity_hint = *(++argv);
-        } else if (strcmp(*argv, "-psk") == 0) {
-            size_t i;
-
-            if (--argc < 1)
-                goto bad;
-            psk_key = *(++argv);
-            for (i = 0; i < strlen(psk_key); i++) {
-                if (isxdigit((unsigned char)psk_key[i]))
-                    continue;
-                BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
-                goto bad;
-            }
-        }
-#endif
-#ifndef OPENSSL_NO_SRP
-        else if (strcmp(*argv, "-srpvfile") == 0) {
-            if (--argc < 1)
-                goto bad;
-            srp_verifier_file = *(++argv);
-            meth = TLSv1_server_method();
-        } else if (strcmp(*argv, "-srpuserseed") == 0) {
-            if (--argc < 1)
-                goto bad;
-            srpuserseed = *(++argv);
-            meth = TLSv1_server_method();
-        }
-#endif
-        else if (strcmp(*argv, "-www") == 0) {
-            www = 1;
-        } else if (strcmp(*argv, "-WWW") == 0) {
-            www = 2;
-        } else if (strcmp(*argv, "-HTTP") == 0) {
-            www = 3;
-        } else if (strcmp(*argv, "-no_ssl2") == 0) {
-            off |= SSL_OP_NO_SSLv2;
-        } else if (strcmp(*argv, "-no_ssl3") == 0) {
-            off |= SSL_OP_NO_SSLv3;
-        } else if (strcmp(*argv, "-no_tls1") == 0) {
-            off |= SSL_OP_NO_TLSv1;
-        } else if (strcmp(*argv, "-no_tls1_1") == 0) {
-            off |= SSL_OP_NO_TLSv1_1;
-        } else if (strcmp(*argv, "-no_tls1_2") == 0) {
-            off |= SSL_OP_NO_TLSv1_2;
-        } else if (strcmp(*argv, "-no_comp") == 0) {
-            off |= SSL_OP_NO_COMPRESSION;
-        }
-#ifndef OPENSSL_NO_TLSEXT
-        else if (strcmp(*argv, "-no_ticket") == 0) {
-            off |= SSL_OP_NO_TICKET;
-        }
-#endif
-#ifndef OPENSSL_NO_SSL2
-        else if (strcmp(*argv, "-ssl2") == 0) {
-            meth = SSLv2_server_method();
-        }
-#endif
-#ifndef OPENSSL_NO_SSL3_METHOD
-        else if (strcmp(*argv, "-ssl3") == 0) {
-            meth = SSLv3_server_method();
-        }
-#endif
-#ifndef OPENSSL_NO_TLS1
-        else if (strcmp(*argv, "-tls1") == 0) {
-            meth = TLSv1_server_method();
-        } else if (strcmp(*argv, "-tls1_1") == 0) {
-            meth = TLSv1_1_server_method();
-        } else if (strcmp(*argv, "-tls1_2") == 0) {
-            meth = TLSv1_2_server_method();
-        }
-#endif
-#ifndef OPENSSL_NO_DTLS1
-        else if (strcmp(*argv, "-dtls1") == 0) {
-            meth = DTLSv1_server_method();
-            socket_type = SOCK_DGRAM;
-        } else if (strcmp(*argv, "-timeout") == 0)
-            enable_timeouts = 1;
-        else if (strcmp(*argv, "-mtu") == 0) {
-            if (--argc < 1)
-                goto bad;
-            socket_mtu = atol(*(++argv));
-        } else if (strcmp(*argv, "-chain") == 0)
-            cert_chain = 1;
-#endif
-        else if (strcmp(*argv, "-id_prefix") == 0) {
-            if (--argc < 1)
-                goto bad;
-            session_id_prefix = *(++argv);
-        }
-#ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*argv, "-engine") == 0) {
-            if (--argc < 1)
-                goto bad;
-            engine_id = *(++argv);
-        }
-#endif
-        else if (strcmp(*argv, "-rand") == 0) {
-            if (--argc < 1)
-                goto bad;
-            inrand = *(++argv);
-        }
-#ifndef OPENSSL_NO_TLSEXT
-        else if (strcmp(*argv, "-servername") == 0) {
-            if (--argc < 1)
-                goto bad;
-            tlsextcbp.servername = *(++argv);
-        } else if (strcmp(*argv, "-servername_fatal") == 0) {
-            tlsextcbp.extension_error = SSL_TLSEXT_ERR_ALERT_FATAL;
-        } else if (strcmp(*argv, "-cert2") == 0) {
-            if (--argc < 1)
-                goto bad;
-            s_cert_file2 = *(++argv);
-        } else if (strcmp(*argv, "-key2") == 0) {
-            if (--argc < 1)
-                goto bad;
-            s_key_file2 = *(++argv);
-        }
-# ifndef OPENSSL_NO_NEXTPROTONEG
-        else if (strcmp(*argv, "-nextprotoneg") == 0) {
-            if (--argc < 1)
-                goto bad;
-            next_proto_neg_in = *(++argv);
-        }
-# endif
-#endif
-#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
-        else if (strcmp(*argv, "-jpake") == 0) {
-            if (--argc < 1)
-                goto bad;
-            jpake_secret = *(++argv);
-        }
-#endif
-#ifndef OPENSSL_NO_SRTP
-        else if (strcmp(*argv, "-use_srtp") == 0) {
-            if (--argc < 1)
-                goto bad;
-            srtp_profiles = *(++argv);
-        }
-#endif
-        else if (strcmp(*argv, "-keymatexport") == 0) {
-            if (--argc < 1)
-                goto bad;
-            keymatexportlabel = *(++argv);
-        } else if (strcmp(*argv, "-keymatexportlen") == 0) {
-            if (--argc < 1)
-                goto bad;
-            keymatexportlen = atoi(*(++argv));
-            if (keymatexportlen == 0)
-                goto bad;
-        } else {
-            BIO_printf(bio_err, "unknown option %s\n", *argv);
-            badop = 1;
-            break;
-        }
-        argc--;
-        argv++;
-    }
-    if (badop) {
- bad:
-        sv_usage();
-        goto end;
-    }
-#ifndef OPENSSL_NO_DTLS1
-    if (www && socket_type == SOCK_DGRAM) {
-        BIO_printf(bio_err, "Can't use -HTTP, -www or -WWW with DTLS\n");
-        goto end;
-    }
-#endif
-
-#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
-    if (jpake_secret) {
-        if (psk_key) {
-            BIO_printf(bio_err, "Can't use JPAKE and PSK together\n");
-            goto end;
-        }
-        psk_identity = "JPAKE";
-        if (cipher) {
-            BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
-            goto end;
-        }
-        cipher = "PSK";
-    }
-#endif
-
-    SSL_load_error_strings();
-    OpenSSL_add_ssl_algorithms();
-
-#ifndef OPENSSL_NO_ENGINE
-    e = setup_engine(bio_err, engine_id, 1);
-#endif
-
-    if (!app_passwd(bio_err, passarg, dpassarg, &pass, &dpass)) {
-        BIO_printf(bio_err, "Error getting password\n");
-        goto end;
-    }
-
-    if (s_key_file == NULL)
-        s_key_file = s_cert_file;
-#ifndef OPENSSL_NO_TLSEXT
-    if (s_key_file2 == NULL)
-        s_key_file2 = s_cert_file2;
-#endif
-
-    if (nocert == 0) {
-        s_key = load_key(bio_err, s_key_file, s_key_format, 0, pass, e,
-                         "server certificate private key file");
-        if (!s_key) {
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-
-        s_cert = load_cert(bio_err, s_cert_file, s_cert_format,
-                           NULL, e, "server certificate file");
-
-        if (!s_cert) {
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-#ifndef OPENSSL_NO_TLSEXT
-        if (tlsextcbp.servername) {
-            s_key2 = load_key(bio_err, s_key_file2, s_key_format, 0, pass, e,
-                              "second server certificate private key file");
-            if (!s_key2) {
-                ERR_print_errors(bio_err);
-                goto end;
-            }
-
-            s_cert2 = load_cert(bio_err, s_cert_file2, s_cert_format,
-                                NULL, e, "second server certificate file");
-
-            if (!s_cert2) {
-                ERR_print_errors(bio_err);
-                goto end;
-            }
-        }
-#endif
-    }
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
-    if (next_proto_neg_in) {
-        unsigned short len;
-        next_proto.data = next_protos_parse(&len, next_proto_neg_in);
-        if (next_proto.data == NULL)
-            goto end;
-        next_proto.len = len;
-    } else {
-        next_proto.data = NULL;
-    }
-#endif
-
-    if (s_dcert_file) {
-
-        if (s_dkey_file == NULL)
-            s_dkey_file = s_dcert_file;
-
-        s_dkey = load_key(bio_err, s_dkey_file, s_dkey_format,
-                          0, dpass, e, "second certificate private key file");
-        if (!s_dkey) {
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-
-        s_dcert = load_cert(bio_err, s_dcert_file, s_dcert_format,
-                            NULL, e, "second server certificate file");
-
-        if (!s_dcert) {
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-
-    }
-
-    if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
-        && !RAND_status()) {
-        BIO_printf(bio_err,
-                   "warning, not much extra random data, consider using the -rand option\n");
-    }
-    if (inrand != NULL)
-        BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
-                   app_RAND_load_files(inrand));
-
-    if (bio_s_out == NULL) {
-        if (s_quiet && !s_debug && !s_msg) {
-            bio_s_out = BIO_new(BIO_s_null());
-        } else {
-            if (bio_s_out == NULL)
-                bio_s_out = BIO_new_fp(stdout, BIO_NOCLOSE);
-        }
-    }
-#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
-    if (nocert)
-#endif
-    {
-        s_cert_file = NULL;
-        s_key_file = NULL;
-        s_dcert_file = NULL;
-        s_dkey_file = NULL;
-#ifndef OPENSSL_NO_TLSEXT
-        s_cert_file2 = NULL;
-        s_key_file2 = NULL;
-#endif
-    }
-
-    ctx = SSL_CTX_new(meth);
-    if (ctx == NULL) {
-        ERR_print_errors(bio_err);
-        goto end;
-    }
-    if (session_id_prefix) {
-        if (strlen(session_id_prefix) >= 32)
-            BIO_printf(bio_err,
-                       "warning: id_prefix is too long, only one new session will be possible\n");
-        else if (strlen(session_id_prefix) >= 16)
-            BIO_printf(bio_err,
-                       "warning: id_prefix is too long if you use SSLv2\n");
-        if (!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) {
-            BIO_printf(bio_err, "error setting 'id_prefix'\n");
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-        BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix);
-    }
-    SSL_CTX_set_quiet_shutdown(ctx, 1);
-    if (bugs)
-        SSL_CTX_set_options(ctx, SSL_OP_ALL);
-    if (hack)
-        SSL_CTX_set_options(ctx, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
-    SSL_CTX_set_options(ctx, off);
-
-    if (state)
-        SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
-    if (no_cache)
-        SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
-    else
-        SSL_CTX_sess_set_cache_size(ctx, 128);
-
-#ifndef OPENSSL_NO_SRTP
-    if (srtp_profiles != NULL)
-        SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
-#endif
-
-#if 0
-    if (cipher == NULL)
-        cipher = getenv("SSL_CIPHER");
-#endif
-
-#if 0
-    if (s_cert_file == NULL) {
-        BIO_printf(bio_err,
-                   "You must specify a certificate file for the server to use\n");
-        goto end;
-    }
-#endif
-
-    if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
-        (!SSL_CTX_set_default_verify_paths(ctx))) {
-        /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
-        ERR_print_errors(bio_err);
-        /* goto end; */
-    }
-    if (vpm)
-        SSL_CTX_set1_param(ctx, vpm);
-
-#ifndef OPENSSL_NO_TLSEXT
-    if (s_cert2) {
-        ctx2 = SSL_CTX_new(meth);
-        if (ctx2 == NULL) {
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-    }
-
-    if (ctx2) {
-        BIO_printf(bio_s_out, "Setting secondary ctx parameters\n");
-
-        if (session_id_prefix) {
-            if (strlen(session_id_prefix) >= 32)
-                BIO_printf(bio_err,
-                           "warning: id_prefix is too long, only one new session will be possible\n");
-            else if (strlen(session_id_prefix) >= 16)
-                BIO_printf(bio_err,
-                           "warning: id_prefix is too long if you use SSLv2\n");
-            if (!SSL_CTX_set_generate_session_id(ctx2, generate_session_id)) {
-                BIO_printf(bio_err, "error setting 'id_prefix'\n");
-                ERR_print_errors(bio_err);
-                goto end;
-            }
-            BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix);
-        }
-        SSL_CTX_set_quiet_shutdown(ctx2, 1);
-        if (bugs)
-            SSL_CTX_set_options(ctx2, SSL_OP_ALL);
-        if (hack)
-            SSL_CTX_set_options(ctx2, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
-        SSL_CTX_set_options(ctx2, off);
-
-        if (state)
-            SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback);
-
-        if (no_cache)
-            SSL_CTX_set_session_cache_mode(ctx2, SSL_SESS_CACHE_OFF);
-        else
-            SSL_CTX_sess_set_cache_size(ctx2, 128);
-
-        if ((!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) ||
-            (!SSL_CTX_set_default_verify_paths(ctx2))) {
-            ERR_print_errors(bio_err);
-        }
-        if (vpm)
-            SSL_CTX_set1_param(ctx2, vpm);
-    }
-# ifndef OPENSSL_NO_NEXTPROTONEG
-    if (next_proto.data)
-        SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb,
-                                              &next_proto);
-# endif
-#endif
-
-#ifndef OPENSSL_NO_DH
-    if (!no_dhe) {
-        DH *dh = NULL;
-
-        if (dhfile)
-            dh = load_dh_param(dhfile);
-        else if (s_cert_file)
-            dh = load_dh_param(s_cert_file);
-
-        if (dh != NULL) {
-            BIO_printf(bio_s_out, "Setting temp DH parameters\n");
-        } else {
-            BIO_printf(bio_s_out, "Using default temp DH parameters\n");
-            dh = get_dh2048();
-            if (dh == NULL) {
-                ERR_print_errors(bio_err);
-                goto end;
-            }
-        }
-        (void)BIO_flush(bio_s_out);
-
-        SSL_CTX_set_tmp_dh(ctx, dh);
-# ifndef OPENSSL_NO_TLSEXT
-        if (ctx2) {
-            if (!dhfile) {
-                DH *dh2 = load_dh_param(s_cert_file2);
-                if (dh2 != NULL) {
-                    BIO_printf(bio_s_out, "Setting temp DH parameters\n");
-                    (void)BIO_flush(bio_s_out);
-
-                    DH_free(dh);
-                    dh = dh2;
-                }
-            }
-            SSL_CTX_set_tmp_dh(ctx2, dh);
-        }
-# endif
-        DH_free(dh);
-    }
-#endif
-
-#ifndef OPENSSL_NO_ECDH
-    if (!no_ecdhe) {
-        EC_KEY *ecdh = NULL;
-
-        if (named_curve) {
-            int nid = OBJ_sn2nid(named_curve);
-
-            if (nid == 0) {
-                BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
-                goto end;
-            }
-            ecdh = EC_KEY_new_by_curve_name(nid);
-            if (ecdh == NULL) {
-                BIO_printf(bio_err, "unable to create curve (%s)\n",
-                           named_curve);
-                goto end;
-            }
-        }
-
-        if (ecdh != NULL) {
-            BIO_printf(bio_s_out, "Setting temp ECDH parameters\n");
-        } else {
-            BIO_printf(bio_s_out, "Using default temp ECDH parameters\n");
-            ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
-            if (ecdh == NULL) {
-                BIO_printf(bio_err, "unable to create curve (nistp256)\n");
-                goto end;
-            }
-        }
-        (void)BIO_flush(bio_s_out);
-
-        SSL_CTX_set_tmp_ecdh(ctx, ecdh);
-# ifndef OPENSSL_NO_TLSEXT
-        if (ctx2)
-            SSL_CTX_set_tmp_ecdh(ctx2, ecdh);
-# endif
-        EC_KEY_free(ecdh);
-    }
-#endif
-
-    if (!set_cert_key_stuff(ctx, s_cert, s_key))
-        goto end;
-#ifndef OPENSSL_NO_TLSEXT
-    if (ctx2 && !set_cert_key_stuff(ctx2, s_cert2, s_key2))
-        goto end;
-#endif
-    if (s_dcert != NULL) {
-        if (!set_cert_key_stuff(ctx, s_dcert, s_dkey))
-            goto end;
-    }
-#ifndef OPENSSL_NO_RSA
-# if 1
-    if (!no_tmp_rsa) {
-        SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb);
-#  ifndef OPENSSL_NO_TLSEXT
-        if (ctx2)
-            SSL_CTX_set_tmp_rsa_callback(ctx2, tmp_rsa_cb);
-#  endif
-    }
-# else
-    if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx)) {
-        RSA *rsa;
-
-        BIO_printf(bio_s_out, "Generating temp (512 bit) RSA key...");
-        BIO_flush(bio_s_out);
-
-        rsa = RSA_generate_key(512, RSA_F4, NULL);
-
-        if (!SSL_CTX_set_tmp_rsa(ctx, rsa)) {
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-#  ifndef OPENSSL_NO_TLSEXT
-        if (ctx2) {
-            if (!SSL_CTX_set_tmp_rsa(ctx2, rsa)) {
-                ERR_print_errors(bio_err);
-                goto end;
-            }
-        }
-#  endif
-        RSA_free(rsa);
-        BIO_printf(bio_s_out, "\n");
-    }
-# endif
-#endif
-
-#ifndef OPENSSL_NO_PSK
-# ifdef OPENSSL_NO_JPAKE
-    if (psk_key != NULL)
-# else
-    if (psk_key != NULL || jpake_secret)
-# endif
-    {
-        if (s_debug)
-            BIO_printf(bio_s_out,
-                       "PSK key given or JPAKE in use, setting server callback\n");
-        SSL_CTX_set_psk_server_callback(ctx, psk_server_cb);
-    }
-
-    if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint)) {
-        BIO_printf(bio_err, "error setting PSK identity hint to context\n");
-        ERR_print_errors(bio_err);
-        goto end;
-    }
-#endif
-
-    if (cipher != NULL) {
-        if (!SSL_CTX_set_cipher_list(ctx, cipher)) {
-            BIO_printf(bio_err, "error setting cipher list\n");
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-#ifndef OPENSSL_NO_TLSEXT
-        if (ctx2 && !SSL_CTX_set_cipher_list(ctx2, cipher)) {
-            BIO_printf(bio_err, "error setting cipher list\n");
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-#endif
-    }
-    SSL_CTX_set_verify(ctx, s_server_verify, verify_callback);
-    SSL_CTX_set_session_id_context(ctx, (void *)&s_server_session_id_context,
-                                   sizeof s_server_session_id_context);
-
-    /* Set DTLS cookie generation and verification callbacks */
-    SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback);
-    SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback);
-
-#ifndef OPENSSL_NO_TLSEXT
-    if (ctx2) {
-        SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback);
-        SSL_CTX_set_session_id_context(ctx2,
-                                       (void *)&s_server_session_id_context,
-                                       sizeof s_server_session_id_context);
-
-        tlsextcbp.biodebug = bio_s_out;
-        SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb);
-        SSL_CTX_set_tlsext_servername_arg(ctx2, &tlsextcbp);
-        SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
-        SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
-    }
-#endif
-
-#ifndef OPENSSL_NO_SRP
-    if (srp_verifier_file != NULL) {
-        srp_callback_parm.vb = SRP_VBASE_new(srpuserseed);
-        srp_callback_parm.user = NULL;
-        srp_callback_parm.login = NULL;
-        if ((ret =
-             SRP_VBASE_init(srp_callback_parm.vb,
-                            srp_verifier_file)) != SRP_NO_ERROR) {
-            BIO_printf(bio_err,
-                       "Cannot initialize SRP verifier file \"%s\":ret=%d\n",
-                       srp_verifier_file, ret);
-            goto end;
-        }
-        SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, verify_callback);
-        SSL_CTX_set_srp_cb_arg(ctx, &srp_callback_parm);
-        SSL_CTX_set_srp_username_callback(ctx, ssl_srp_server_param_cb);
-    } else
-#endif
-    if (CAfile != NULL) {
-        SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
-#ifndef OPENSSL_NO_TLSEXT
-        if (ctx2)
-            SSL_CTX_set_client_CA_list(ctx2, SSL_load_client_CA_file(CAfile));
-#endif
-    }
-
-    BIO_printf(bio_s_out, "ACCEPT\n");
-    (void)BIO_flush(bio_s_out);
-    if (www)
-        do_server(port, socket_type, &accept_socket, www_body, context);
-    else
-        do_server(port, socket_type, &accept_socket, sv_body, context);
-    print_stats(bio_s_out, ctx);
-    ret = 0;
- end:
-    if (ctx != NULL)
-        SSL_CTX_free(ctx);
-    if (s_cert)
-        X509_free(s_cert);
-    if (s_dcert)
-        X509_free(s_dcert);
-    if (s_key)
-        EVP_PKEY_free(s_key);
-    if (s_dkey)
-        EVP_PKEY_free(s_dkey);
-    if (pass)
-        OPENSSL_free(pass);
-    if (dpass)
-        OPENSSL_free(dpass);
-    if (vpm)
-        X509_VERIFY_PARAM_free(vpm);
-#ifndef OPENSSL_NO_TLSEXT
-    if (tlscstatp.host)
-        OPENSSL_free(tlscstatp.host);
-    if (tlscstatp.port)
-        OPENSSL_free(tlscstatp.port);
-    if (tlscstatp.path)
-        OPENSSL_free(tlscstatp.path);
-    if (ctx2 != NULL)
-        SSL_CTX_free(ctx2);
-    if (s_cert2)
-        X509_free(s_cert2);
-    if (s_key2)
-        EVP_PKEY_free(s_key2);
-#endif
-    if (bio_s_out != NULL) {
-        BIO_free(bio_s_out);
-        bio_s_out = NULL;
-    }
-    apps_shutdown();
-    OPENSSL_EXIT(ret);
-}
-
-static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
-{
-    BIO_printf(bio, "%4ld items in the session cache\n",
-               SSL_CTX_sess_number(ssl_ctx));
-    BIO_printf(bio, "%4ld client connects (SSL_connect())\n",
-               SSL_CTX_sess_connect(ssl_ctx));
-    BIO_printf(bio, "%4ld client renegotiates (SSL_connect())\n",
-               SSL_CTX_sess_connect_renegotiate(ssl_ctx));
-    BIO_printf(bio, "%4ld client connects that finished\n",
-               SSL_CTX_sess_connect_good(ssl_ctx));
-    BIO_printf(bio, "%4ld server accepts (SSL_accept())\n",
-               SSL_CTX_sess_accept(ssl_ctx));
-    BIO_printf(bio, "%4ld server renegotiates (SSL_accept())\n",
-               SSL_CTX_sess_accept_renegotiate(ssl_ctx));
-    BIO_printf(bio, "%4ld server accepts that finished\n",
-               SSL_CTX_sess_accept_good(ssl_ctx));
-    BIO_printf(bio, "%4ld session cache hits\n", SSL_CTX_sess_hits(ssl_ctx));
-    BIO_printf(bio, "%4ld session cache misses\n",
-               SSL_CTX_sess_misses(ssl_ctx));
-    BIO_printf(bio, "%4ld session cache timeouts\n",
-               SSL_CTX_sess_timeouts(ssl_ctx));
-    BIO_printf(bio, "%4ld callback cache hits\n",
-               SSL_CTX_sess_cb_hits(ssl_ctx));
-    BIO_printf(bio, "%4ld cache full overflows (%ld allowed)\n",
-               SSL_CTX_sess_cache_full(ssl_ctx),
-               SSL_CTX_sess_get_cache_size(ssl_ctx));
-}
-
-static int sv_body(char *hostname, int s, unsigned char *context)
-{
-    char *buf = NULL;
-    fd_set readfds;
-    int ret = 1, width;
-    int k, i;
-    unsigned long l;
-    SSL *con = NULL;
-    BIO *sbio;
-#ifndef OPENSSL_NO_KRB5
-    KSSL_CTX *kctx;
-#endif
-    struct timeval timeout;
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
-    struct timeval tv;
-#else
-    struct timeval *timeoutp;
-#endif
-
-    if ((buf = OPENSSL_malloc(bufsize)) == NULL) {
-        BIO_printf(bio_err, "out of memory\n");
-        goto err;
-    }
-#ifdef FIONBIO
-    if (s_nbio) {
-        unsigned long sl = 1;
-
-        if (!s_quiet)
-            BIO_printf(bio_err, "turning on non blocking io\n");
-        if (BIO_socket_ioctl(s, FIONBIO, &sl) < 0)
-            ERR_print_errors(bio_err);
-    }
-#endif
-
-    if (con == NULL) {
-        con = SSL_new(ctx);
-#ifndef OPENSSL_NO_TLSEXT
-        if (s_tlsextdebug) {
-            SSL_set_tlsext_debug_callback(con, tlsext_cb);
-            SSL_set_tlsext_debug_arg(con, bio_s_out);
-        }
-        if (s_tlsextstatus) {
-            SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb);
-            tlscstatp.err = bio_err;
-            SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp);
-        }
-#endif
-#ifndef OPENSSL_NO_KRB5
-        if ((kctx = kssl_ctx_new()) != NULL) {
-            SSL_set0_kssl_ctx(con, kctx);
-            kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC);
-            kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
-        }
-#endif                          /* OPENSSL_NO_KRB5 */
-        if (context)
-            SSL_set_session_id_context(con, context, strlen((char *)context));
-    }
-    SSL_clear(con);
-#if 0
-# ifdef TLSEXT_TYPE_opaque_prf_input
-    SSL_set_tlsext_opaque_prf_input(con, "Test server", 11);
-# endif
-#endif
-
-    if (SSL_version(con) == DTLS1_VERSION) {
-
-        sbio = BIO_new_dgram(s, BIO_NOCLOSE);
-
-        if (enable_timeouts) {
-            timeout.tv_sec = 0;
-            timeout.tv_usec = DGRAM_RCV_TIMEOUT;
-            BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
-
-            timeout.tv_sec = 0;
-            timeout.tv_usec = DGRAM_SND_TIMEOUT;
-            BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
-        }
-
-        if (socket_mtu) {
-            if (socket_mtu < DTLS_get_link_min_mtu(con)) {
-                BIO_printf(bio_err, "MTU too small. Must be at least %ld\n",
-                           DTLS_get_link_min_mtu(con));
-                ret = -1;
-                BIO_free(sbio);
-                goto err;
-            }
-            SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
-            if (!DTLS_set_link_mtu(con, socket_mtu)) {
-                BIO_printf(bio_err, "Failed to set MTU\n");
-                ret = -1;
-                BIO_free(sbio);
-                goto err;
-            }
-        } else
-            /* want to do MTU discovery */
-            BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
-
-        /* turn on cookie exchange */
-        SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE);
-    } else
-        sbio = BIO_new_socket(s, BIO_NOCLOSE);
-
-    if (s_nbio_test) {
-        BIO *test;
-
-        test = BIO_new(BIO_f_nbio_test());
-        sbio = BIO_push(test, sbio);
-    }
-#ifndef OPENSSL_NO_JPAKE
-    if (jpake_secret)
-        jpake_server_auth(bio_s_out, sbio, jpake_secret);
-#endif
-
-    SSL_set_bio(con, sbio, sbio);
-    SSL_set_accept_state(con);
-    /* SSL_set_fd(con,s); */
-
-    if (s_debug) {
-        SSL_set_debug(con, 1);
-        BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
-        BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out);
-    }
-    if (s_msg) {
-        SSL_set_msg_callback(con, msg_cb);
-        SSL_set_msg_callback_arg(con, bio_s_out);
-    }
-#ifndef OPENSSL_NO_TLSEXT
-    if (s_tlsextdebug) {
-        SSL_set_tlsext_debug_callback(con, tlsext_cb);
-        SSL_set_tlsext_debug_arg(con, bio_s_out);
-    }
-#endif
-
-    width = s + 1;
-    for (;;) {
-        int read_from_terminal;
-        int read_from_sslcon;
-
-        read_from_terminal = 0;
-        read_from_sslcon = SSL_pending(con);
-
-        if (!read_from_sslcon) {
-            FD_ZERO(&readfds);
-#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) && !defined(OPENSSL_SYS_BEOS_R5)
-            openssl_fdset(fileno(stdin), &readfds);
-#endif
-            openssl_fdset(s, &readfds);
-            /*
-             * Note: under VMS with SOCKETSHR the second parameter is
-             * currently of type (int *) whereas under other systems it is
-             * (void *) if you don't have a cast it will choke the compiler:
-             * if you do have a cast then you can either go for (int *) or
-             * (void *).
-             */
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
-            /*
-             * Under DOS (non-djgpp) and Windows we can't select on stdin:
-             * only on sockets. As a workaround we timeout the select every
-             * second and check for any keypress. In a proper Windows
-             * application we wouldn't do this because it is inefficient.
-             */
-            tv.tv_sec = 1;
-            tv.tv_usec = 0;
-            i = select(width, (void *)&readfds, NULL, NULL, &tv);
-            if ((i < 0) || (!i && !_kbhit()))
-                continue;
-            if (_kbhit())
-                read_from_terminal = 1;
-#elif defined(OPENSSL_SYS_BEOS_R5)
-            /* Under BeOS-R5 the situation is similar to DOS */
-            tv.tv_sec = 1;
-            tv.tv_usec = 0;
-            (void)fcntl(fileno(stdin), F_SETFL, O_NONBLOCK);
-            i = select(width, (void *)&readfds, NULL, NULL, &tv);
-            if ((i < 0) || (!i && read(fileno(stdin), buf, 0) < 0))
-                continue;
-            if (read(fileno(stdin), buf, 0) >= 0)
-                read_from_terminal = 1;
-            (void)fcntl(fileno(stdin), F_SETFL, 0);
-#else
-            if ((SSL_version(con) == DTLS1_VERSION) &&
-                DTLSv1_get_timeout(con, &timeout))
-                timeoutp = &timeout;
-            else
-                timeoutp = NULL;
-
-            i = select(width, (void *)&readfds, NULL, NULL, timeoutp);
-
-            if ((SSL_version(con) == DTLS1_VERSION)
-                && DTLSv1_handle_timeout(con) > 0) {
-                BIO_printf(bio_err, "TIMEOUT occured\n");
-            }
-
-            if (i <= 0)
-                continue;
-            if (FD_ISSET(fileno(stdin), &readfds))
-                read_from_terminal = 1;
-#endif
-            if (FD_ISSET(s, &readfds))
-                read_from_sslcon = 1;
-        }
-        if (read_from_terminal) {
-            if (s_crlf) {
-                int j, lf_num;
-
-                i = raw_read_stdin(buf, bufsize / 2);
-                lf_num = 0;
-                /* both loops are skipped when i <= 0 */
-                for (j = 0; j < i; j++)
-                    if (buf[j] == '\n')
-                        lf_num++;
-                for (j = i - 1; j >= 0; j--) {
-                    buf[j + lf_num] = buf[j];
-                    if (buf[j] == '\n') {
-                        lf_num--;
-                        i++;
-                        buf[j + lf_num] = '\r';
-                    }
-                }
-                assert(lf_num == 0);
-            } else
-                i = raw_read_stdin(buf, bufsize);
-            if (!s_quiet) {
-                if ((i <= 0) || (buf[0] == 'Q')) {
-                    BIO_printf(bio_s_out, "DONE\n");
-                    SHUTDOWN(s);
-                    close_accept_socket();
-                    ret = -11;
-                    goto err;
-                }
-                if ((i <= 0) || (buf[0] == 'q')) {
-                    BIO_printf(bio_s_out, "DONE\n");
-                    if (SSL_version(con) != DTLS1_VERSION)
-                        SHUTDOWN(s);
-                    /*
-                     * close_accept_socket(); ret= -11;
-                     */
-                    goto err;
-                }
-#ifndef OPENSSL_NO_HEARTBEATS
-                if ((buf[0] == 'B') && ((buf[1] == '\n') || (buf[1] == '\r'))) {
-                    BIO_printf(bio_err, "HEARTBEATING\n");
-                    SSL_heartbeat(con);
-                    i = 0;
-                    continue;
-                }
-#endif
-                if ((buf[0] == 'r') && ((buf[1] == '\n') || (buf[1] == '\r'))) {
-                    SSL_renegotiate(con);
-                    i = SSL_do_handshake(con);
-                    printf("SSL_do_handshake -> %d\n", i);
-                    i = 0;      /* 13; */
-                    continue;
-                    /*
-                     * strcpy(buf,"server side RE-NEGOTIATE\n");
-                     */
-                }
-                if ((buf[0] == 'R') && ((buf[1] == '\n') || (buf[1] == '\r'))) {
-                    SSL_set_verify(con,
-                                   SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE,
-                                   NULL);
-                    SSL_renegotiate(con);
-                    i = SSL_do_handshake(con);
-                    printf("SSL_do_handshake -> %d\n", i);
-                    i = 0;      /* 13; */
-                    continue;
-                    /*
-                     * strcpy(buf,"server side RE-NEGOTIATE asking for client
-                     * cert\n");
-                     */
-                }
-                if (buf[0] == 'P') {
-                    static const char *str = "Lets print some clear text\n";
-                    BIO_write(SSL_get_wbio(con), str, strlen(str));
-                }
-                if (buf[0] == 'S') {
-                    print_stats(bio_s_out, SSL_get_SSL_CTX(con));
-                }
-            }
-#ifdef CHARSET_EBCDIC
-            ebcdic2ascii(buf, buf, i);
-#endif
-            l = k = 0;
-            for (;;) {
-                /* should do a select for the write */
-#ifdef RENEG
-                {
-                    static count = 0;
-                    if (++count == 100) {
-                        count = 0;
-                        SSL_renegotiate(con);
-                    }
-                }
-#endif
-                k = SSL_write(con, &(buf[l]), (unsigned int)i);
-#ifndef OPENSSL_NO_SRP
-                while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) {
-                    BIO_printf(bio_s_out, "LOOKUP renego during write\n");
-                    srp_callback_parm.user =
-                        SRP_VBASE_get_by_user(srp_callback_parm.vb,
-                                              srp_callback_parm.login);
-                    if (srp_callback_parm.user)
-                        BIO_printf(bio_s_out, "LOOKUP done %s\n",
-                                   srp_callback_parm.user->info);
-                    else
-                        BIO_printf(bio_s_out, "LOOKUP not successful\n");
-                    k = SSL_write(con, &(buf[l]), (unsigned int)i);
-                }
-#endif
-                switch (SSL_get_error(con, k)) {
-                case SSL_ERROR_NONE:
-                    break;
-                case SSL_ERROR_WANT_WRITE:
-                case SSL_ERROR_WANT_READ:
-                case SSL_ERROR_WANT_X509_LOOKUP:
-                    BIO_printf(bio_s_out, "Write BLOCK\n");
-                    break;
-                case SSL_ERROR_SYSCALL:
-                case SSL_ERROR_SSL:
-                    BIO_printf(bio_s_out, "ERROR\n");
-                    ERR_print_errors(bio_err);
-                    ret = 1;
-                    goto err;
-                    /* break; */
-                case SSL_ERROR_ZERO_RETURN:
-                    BIO_printf(bio_s_out, "DONE\n");
-                    ret = 1;
-                    goto err;
-                }
-                if (k > 0) {
-                    l += k;
-                    i -= k;
-                }
-                if (i <= 0)
-                    break;
-            }
-        }
-        if (read_from_sslcon) {
-            if (!SSL_is_init_finished(con)) {
-                i = init_ssl_connection(con);
-
-                if (i < 0) {
-                    ret = 0;
-                    goto err;
-                } else if (i == 0) {
-                    ret = 1;
-                    goto err;
-                }
-            } else {
- again:
-                i = SSL_read(con, (char *)buf, bufsize);
-#ifndef OPENSSL_NO_SRP
-                while (SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
-                    BIO_printf(bio_s_out, "LOOKUP renego during read\n");
-                    srp_callback_parm.user =
-                        SRP_VBASE_get_by_user(srp_callback_parm.vb,
-                                              srp_callback_parm.login);
-                    if (srp_callback_parm.user)
-                        BIO_printf(bio_s_out, "LOOKUP done %s\n",
-                                   srp_callback_parm.user->info);
-                    else
-                        BIO_printf(bio_s_out, "LOOKUP not successful\n");
-                    i = SSL_read(con, (char *)buf, bufsize);
-                }
-#endif
-                switch (SSL_get_error(con, i)) {
-                case SSL_ERROR_NONE:
-#ifdef CHARSET_EBCDIC
-                    ascii2ebcdic(buf, buf, i);
-#endif
-                    raw_write_stdout(buf, (unsigned int)i);
-                    if (SSL_pending(con))
-                        goto again;
-                    break;
-                case SSL_ERROR_WANT_WRITE:
-                case SSL_ERROR_WANT_READ:
-                    BIO_printf(bio_s_out, "Read BLOCK\n");
-                    break;
-                case SSL_ERROR_SYSCALL:
-                case SSL_ERROR_SSL:
-                    BIO_printf(bio_s_out, "ERROR\n");
-                    ERR_print_errors(bio_err);
-                    ret = 1;
-                    goto err;
-                case SSL_ERROR_ZERO_RETURN:
-                    BIO_printf(bio_s_out, "DONE\n");
-                    ret = 1;
-                    goto err;
-                }
-            }
-        }
-    }
- err:
-    if (con != NULL) {
-        BIO_printf(bio_s_out, "shutting down SSL\n");
-#if 1
-        SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
-#else
-        SSL_shutdown(con);
-#endif
-        SSL_free(con);
-    }
-    BIO_printf(bio_s_out, "CONNECTION CLOSED\n");
-    if (buf != NULL) {
-        OPENSSL_cleanse(buf, bufsize);
-        OPENSSL_free(buf);
-    }
-    if (ret >= 0)
-        BIO_printf(bio_s_out, "ACCEPT\n");
-    return (ret);
-}
-
-static void close_accept_socket(void)
-{
-    BIO_printf(bio_err, "shutdown accept socket\n");
-    if (accept_socket >= 0) {
-        SHUTDOWN2(accept_socket);
-    }
-}
-
-static int init_ssl_connection(SSL *con)
-{
-    int i;
-    const char *str;
-    X509 *peer;
-    long verify_error;
-    MS_STATIC char buf[BUFSIZ];
-#ifndef OPENSSL_NO_KRB5
-    char *client_princ;
-#endif
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
-    const unsigned char *next_proto_neg;
-    unsigned next_proto_neg_len;
-#endif
-    unsigned char *exportedkeymat;
-
-    i = SSL_accept(con);
-#ifndef OPENSSL_NO_SRP
-    while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
-        BIO_printf(bio_s_out, "LOOKUP during accept %s\n",
-                   srp_callback_parm.login);
-        srp_callback_parm.user =
-            SRP_VBASE_get_by_user(srp_callback_parm.vb,
-                                  srp_callback_parm.login);
-        if (srp_callback_parm.user)
-            BIO_printf(bio_s_out, "LOOKUP done %s\n",
-                       srp_callback_parm.user->info);
-        else
-            BIO_printf(bio_s_out, "LOOKUP not successful\n");
-        i = SSL_accept(con);
-    }
-#endif
-    if (i <= 0) {
-        if (BIO_sock_should_retry(i)) {
-            BIO_printf(bio_s_out, "DELAY\n");
-            return (1);
-        }
-
-        BIO_printf(bio_err, "ERROR\n");
-        verify_error = SSL_get_verify_result(con);
-        if (verify_error != X509_V_OK) {
-            BIO_printf(bio_err, "verify error:%s\n",
-                       X509_verify_cert_error_string(verify_error));
-        } else
-            ERR_print_errors(bio_err);
-        return (0);
-    }
-
-    PEM_write_bio_SSL_SESSION(bio_s_out, SSL_get_session(con));
-
-    peer = SSL_get_peer_certificate(con);
-    if (peer != NULL) {
-        BIO_printf(bio_s_out, "Client certificate\n");
-        PEM_write_bio_X509(bio_s_out, peer);
-        X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf);
-        BIO_printf(bio_s_out, "subject=%s\n", buf);
-        X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf);
-        BIO_printf(bio_s_out, "issuer=%s\n", buf);
-        X509_free(peer);
-    }
-
-    if (SSL_get_shared_ciphers(con, buf, sizeof buf) != NULL)
-        BIO_printf(bio_s_out, "Shared ciphers:%s\n", buf);
-    str = SSL_CIPHER_get_name(SSL_get_current_cipher(con));
-    BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)");
-
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
-    SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len);
-    if (next_proto_neg) {
-        BIO_printf(bio_s_out, "NEXTPROTO is ");
-        BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len);
-        BIO_printf(bio_s_out, "\n");
-    }
-#endif
-#ifndef OPENSSL_NO_SRTP
-    {
-        SRTP_PROTECTION_PROFILE *srtp_profile
-            = SSL_get_selected_srtp_profile(con);
-
-        if (srtp_profile)
-            BIO_printf(bio_s_out, "SRTP Extension negotiated, profile=%s\n",
-                       srtp_profile->name);
-    }
-#endif
-    if (SSL_cache_hit(con))
-        BIO_printf(bio_s_out, "Reused session-id\n");
-    if (SSL_ctrl(con, SSL_CTRL_GET_FLAGS, 0, NULL) &
-        TLS1_FLAGS_TLS_PADDING_BUG)
-        BIO_printf(bio_s_out, "Peer has incorrect TLSv1 block padding\n");
-#ifndef OPENSSL_NO_KRB5
-    client_princ = kssl_ctx_get0_client_princ(SSL_get0_kssl_ctx(con));
-    if (client_princ != NULL) {
-        BIO_printf(bio_s_out, "Kerberos peer principal is %s\n",
-                   client_princ);
-    }
-#endif                          /* OPENSSL_NO_KRB5 */
-    BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
-               SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
-    if (keymatexportlabel != NULL) {
-        BIO_printf(bio_s_out, "Keying material exporter:\n");
-        BIO_printf(bio_s_out, "    Label: '%s'\n", keymatexportlabel);
-        BIO_printf(bio_s_out, "    Length: %i bytes\n", keymatexportlen);
-        exportedkeymat = OPENSSL_malloc(keymatexportlen);
-        if (exportedkeymat != NULL) {
-            if (!SSL_export_keying_material(con, exportedkeymat,
-                                            keymatexportlen,
-                                            keymatexportlabel,
-                                            strlen(keymatexportlabel),
-                                            NULL, 0, 0)) {
-                BIO_printf(bio_s_out, "    Error\n");
-            } else {
-                BIO_printf(bio_s_out, "    Keying material: ");
-                for (i = 0; i < keymatexportlen; i++)
-                    BIO_printf(bio_s_out, "%02X", exportedkeymat[i]);
-                BIO_printf(bio_s_out, "\n");
-            }
-            OPENSSL_free(exportedkeymat);
-        }
-    }
-
-    return (1);
-}
-
-#ifndef OPENSSL_NO_DH
-static DH *load_dh_param(const char *dhfile)
-{
-    DH *ret = NULL;
-    BIO *bio;
-
-    if ((bio = BIO_new_file(dhfile, "r")) == NULL)
-        goto err;
-    ret = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
- err:
-    if (bio != NULL)
-        BIO_free(bio);
-    return (ret);
-}
-#endif
-#ifndef OPENSSL_NO_KRB5
-char *client_princ;
-#endif
-
-#if 0
-static int load_CA(SSL_CTX *ctx, char *file)
-{
-    FILE *in;
-    X509 *x = NULL;
-
-    if ((in = fopen(file, "r")) == NULL)
-        return (0);
-
-    for (;;) {
-        if (PEM_read_X509(in, &x, NULL) == NULL)
-            break;
-        SSL_CTX_add_client_CA(ctx, x);
-    }
-    if (x != NULL)
-        X509_free(x);
-    fclose(in);
-    return (1);
-}
-#endif
-
-static int www_body(char *hostname, int s, unsigned char *context)
-{
-    char *buf = NULL;
-    int ret = 1;
-    int i, j, k, dot;
-    SSL *con;
-    const SSL_CIPHER *c;
-    BIO *io, *ssl_bio, *sbio;
-#ifndef OPENSSL_NO_KRB5
-    KSSL_CTX *kctx;
-#endif
-
-    buf = OPENSSL_malloc(bufsize);
-    if (buf == NULL)
-        return (0);
-    io = BIO_new(BIO_f_buffer());
-    ssl_bio = BIO_new(BIO_f_ssl());
-    if ((io == NULL) || (ssl_bio == NULL))
-        goto err;
-
-#ifdef FIONBIO
-    if (s_nbio) {
-        unsigned long sl = 1;
-
-        if (!s_quiet)
-            BIO_printf(bio_err, "turning on non blocking io\n");
-        if (BIO_socket_ioctl(s, FIONBIO, &sl) < 0)
-            ERR_print_errors(bio_err);
-    }
-#endif
-
-    /* lets make the output buffer a reasonable size */
-    if (!BIO_set_write_buffer_size(io, bufsize))
-        goto err;
-
-    if ((con = SSL_new(ctx)) == NULL)
-        goto err;
-#ifndef OPENSSL_NO_TLSEXT
-    if (s_tlsextdebug) {
-        SSL_set_tlsext_debug_callback(con, tlsext_cb);
-        SSL_set_tlsext_debug_arg(con, bio_s_out);
-    }
-#endif
-#ifndef OPENSSL_NO_KRB5
-    if ((kctx = kssl_ctx_new()) != NULL) {
-        kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC);
-        kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
-    }
-#endif                          /* OPENSSL_NO_KRB5 */
-    if (context)
-        SSL_set_session_id_context(con, context, strlen((char *)context));
-
-    sbio = BIO_new_socket(s, BIO_NOCLOSE);
-    if (s_nbio_test) {
-        BIO *test;
-
-        test = BIO_new(BIO_f_nbio_test());
-        sbio = BIO_push(test, sbio);
-    }
-    SSL_set_bio(con, sbio, sbio);
-    SSL_set_accept_state(con);
-
-    /* SSL_set_fd(con,s); */
-    BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
-    BIO_push(io, ssl_bio);
-#ifdef CHARSET_EBCDIC
-    io = BIO_push(BIO_new(BIO_f_ebcdic_filter()), io);
-#endif
-
-    if (s_debug) {
-        SSL_set_debug(con, 1);
-        BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
-        BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out);
-    }
-    if (s_msg) {
-        SSL_set_msg_callback(con, msg_cb);
-        SSL_set_msg_callback_arg(con, bio_s_out);
-    }
-
-    for (;;) {
-        if (hack) {
-            i = SSL_accept(con);
-#ifndef OPENSSL_NO_SRP
-            while (i <= 0
-                   && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
-                BIO_printf(bio_s_out, "LOOKUP during accept %s\n",
-                           srp_callback_parm.login);
-                srp_callback_parm.user =
-                    SRP_VBASE_get_by_user(srp_callback_parm.vb,
-                                          srp_callback_parm.login);
-                if (srp_callback_parm.user)
-                    BIO_printf(bio_s_out, "LOOKUP done %s\n",
-                               srp_callback_parm.user->info);
-                else
-                    BIO_printf(bio_s_out, "LOOKUP not successful\n");
-                i = SSL_accept(con);
-            }
-#endif
-            switch (SSL_get_error(con, i)) {
-            case SSL_ERROR_NONE:
-                break;
-            case SSL_ERROR_WANT_WRITE:
-            case SSL_ERROR_WANT_READ:
-            case SSL_ERROR_WANT_X509_LOOKUP:
-                continue;
-            case SSL_ERROR_SYSCALL:
-            case SSL_ERROR_SSL:
-            case SSL_ERROR_ZERO_RETURN:
-                ret = 1;
-                goto err;
-                /* break; */
-            }
-
-            SSL_renegotiate(con);
-            SSL_write(con, NULL, 0);
-        }
-
-        i = BIO_gets(io, buf, bufsize - 1);
-        if (i < 0) {            /* error */
-            if (!BIO_should_retry(io)) {
-                if (!s_quiet)
-                    ERR_print_errors(bio_err);
-                goto err;
-            } else {
-                BIO_printf(bio_s_out, "read R BLOCK\n");
-#ifndef OPENSSL_NO_SRP
-                if (BIO_should_io_special(io)
-                    && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
-                    BIO_printf(bio_s_out, "LOOKUP renego during read\n");
-                    srp_callback_parm.user =
-                        SRP_VBASE_get_by_user(srp_callback_parm.vb,
-                                              srp_callback_parm.login);
-                    if (srp_callback_parm.user)
-                        BIO_printf(bio_s_out, "LOOKUP done %s\n",
-                                   srp_callback_parm.user->info);
-                    else
-                        BIO_printf(bio_s_out, "LOOKUP not successful\n");
-                    continue;
-                }
-#endif
-#if defined(OPENSSL_SYS_NETWARE)
-                delay(1000);
-#elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
-                sleep(1);
-#endif
-                continue;
-            }
-        } else if (i == 0) {    /* end of input */
-            ret = 1;
-            goto end;
-        }
-
-        /* else we have data */
-        if (((www == 1) && (strncmp("GET ", buf, 4) == 0)) ||
-            ((www == 2) && (strncmp("GET /stats ", buf, 11) == 0))) {
-            char *p;
-            X509 *peer;
-            STACK_OF(SSL_CIPHER) *sk;
-            static const char *space = "                          ";
-
-            BIO_puts(io,
-                     "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
-            BIO_puts(io, "<HTML><BODY BGCOLOR=\"#ffffff\">\n");
-            BIO_puts(io, "<pre>\n");
-/*                      BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/
-            BIO_puts(io, "\n");
-            for (i = 0; i < local_argc; i++) {
-                BIO_puts(io, local_argv[i]);
-                BIO_write(io, " ", 1);
-            }
-            BIO_puts(io, "\n");
-
-            BIO_printf(io,
-                       "Secure Renegotiation IS%s supported\n",
-                       SSL_get_secure_renegotiation_support(con) ?
-                       "" : " NOT");
-
-            /*
-             * The following is evil and should not really be done
-             */
-            BIO_printf(io, "Ciphers supported in s_server binary\n");
-            sk = SSL_get_ciphers(con);
-            j = sk_SSL_CIPHER_num(sk);
-            for (i = 0; i < j; i++) {
-                c = sk_SSL_CIPHER_value(sk, i);
-                BIO_printf(io, "%-11s:%-25s",
-                           SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
-                if ((((i + 1) % 2) == 0) && (i + 1 != j))
-                    BIO_puts(io, "\n");
-            }
-            BIO_puts(io, "\n");
-            p = SSL_get_shared_ciphers(con, buf, bufsize);
-            if (p != NULL) {
-                BIO_printf(io,
-                           "---\nCiphers common between both SSL end points:\n");
-                j = i = 0;
-                while (*p) {
-                    if (*p == ':') {
-                        BIO_write(io, space, 26 - j);
-                        i++;
-                        j = 0;
-                        BIO_write(io, ((i % 3) ? " " : "\n"), 1);
-                    } else {
-                        BIO_write(io, p, 1);
-                        j++;
-                    }
-                    p++;
-                }
-                BIO_puts(io, "\n");
-            }
-            BIO_printf(io, (SSL_cache_hit(con)
-                            ? "---\nReused, " : "---\nNew, "));
-            c = SSL_get_current_cipher(con);
-            BIO_printf(io, "%s, Cipher is %s\n",
-                       SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
-            SSL_SESSION_print(io, SSL_get_session(con));
-            BIO_printf(io, "---\n");
-            print_stats(io, SSL_get_SSL_CTX(con));
-            BIO_printf(io, "---\n");
-            peer = SSL_get_peer_certificate(con);
-            if (peer != NULL) {
-                BIO_printf(io, "Client certificate\n");
-                X509_print(io, peer);
-                PEM_write_bio_X509(io, peer);
-            } else
-                BIO_puts(io, "no client certificate available\n");
-            BIO_puts(io, "</BODY></HTML>\r\n\r\n");
-            break;
-        } else if ((www == 2 || www == 3)
-                   && (strncmp("GET /", buf, 5) == 0)) {
-            BIO *file;
-            char *p, *e;
-            static const char *text =
-                "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
-
-            /* skip the '/' */
-            p = &(buf[5]);
-
-            dot = 1;
-            for (e = p; *e != '\0'; e++) {
-                if (e[0] == ' ')
-                    break;
-
-                switch (dot) {
-                case 1:
-                    dot = (e[0] == '.') ? 2 : 0;
-                    break;
-                case 2:
-                    dot = (e[0] == '.') ? 3 : 0;
-                    break;
-                case 3:
-                    dot = (e[0] == '/') ? -1 : 0;
-                    break;
-                }
-                if (dot == 0)
-                    dot = (e[0] == '/') ? 1 : 0;
-            }
-            dot = (dot == 3) || (dot == -1); /* filename contains ".."
-                                              * component */
-
-            if (*e == '\0') {
-                BIO_puts(io, text);
-                BIO_printf(io, "'%s' is an invalid file name\r\n", p);
-                break;
-            }
-            *e = '\0';
-
-            if (dot) {
-                BIO_puts(io, text);
-                BIO_printf(io, "'%s' contains '..' reference\r\n", p);
-                break;
-            }
-
-            if (*p == '/') {
-                BIO_puts(io, text);
-                BIO_printf(io, "'%s' is an invalid path\r\n", p);
-                break;
-            }
-#if 0
-            /* append if a directory lookup */
-            if (e[-1] == '/')
-                strcat(p, "index.html");
-#endif
-
-            /* if a directory, do the index thang */
-            if (app_isdir(p) > 0) {
-#if 0                           /* must check buffer size */
-                strcat(p, "/index.html");
-#else
-                BIO_puts(io, text);
-                BIO_printf(io, "'%s' is a directory\r\n", p);
-                break;
-#endif
-            }
-
-            if ((file = BIO_new_file(p, "r")) == NULL) {
-                BIO_puts(io, text);
-                BIO_printf(io, "Error opening '%s'\r\n", p);
-                ERR_print_errors(io);
-                break;
-            }
-
-            if (!s_quiet)
-                BIO_printf(bio_err, "FILE:%s\n", p);
-
-            if (www == 2) {
-                i = strlen(p);
-                if (((i > 5) && (strcmp(&(p[i - 5]), ".html") == 0)) ||
-                    ((i > 4) && (strcmp(&(p[i - 4]), ".php") == 0)) ||
-                    ((i > 4) && (strcmp(&(p[i - 4]), ".htm") == 0)))
-                    BIO_puts(io,
-                             "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
-                else
-                    BIO_puts(io,
-                             "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
-            }
-            /* send the file */
-            for (;;) {
-                i = BIO_read(file, buf, bufsize);
-                if (i <= 0)
-                    break;
-
-#ifdef RENEG
-                total_bytes += i;
-                fprintf(stderr, "%d\n", i);
-                if (total_bytes > 3 * 1024) {
-                    total_bytes = 0;
-                    fprintf(stderr, "RENEGOTIATE\n");
-                    SSL_renegotiate(con);
-                }
-#endif
-
-                for (j = 0; j < i;) {
-#ifdef RENEG
-                    {
-                        static count = 0;
-                        if (++count == 13) {
-                            SSL_renegotiate(con);
-                        }
-                    }
-#endif
-                    k = BIO_write(io, &(buf[j]), i - j);
-                    if (k <= 0) {
-                        if (!BIO_should_retry(io))
-                            goto write_error;
-                        else {
-                            BIO_printf(bio_s_out, "rwrite W BLOCK\n");
-                        }
-                    } else {
-                        j += k;
-                    }
-                }
-            }
- write_error:
-            BIO_free(file);
-            break;
-        }
-    }
-
-    for (;;) {
-        i = (int)BIO_flush(io);
-        if (i <= 0) {
-            if (!BIO_should_retry(io))
-                break;
-        } else
-            break;
-    }
- end:
-#if 1
-    /* make sure we re-use sessions */
-    SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
-#else
-    /* This kills performance */
-    /*
-     * SSL_shutdown(con); A shutdown gets sent in the BIO_free_all(io)
-     * procession
-     */
-#endif
-
- err:
-
-    if (ret >= 0)
-        BIO_printf(bio_s_out, "ACCEPT\n");
-
-    if (buf != NULL)
-        OPENSSL_free(buf);
-    if (io != NULL)
-        BIO_free_all(io);
-/*      if (ssl_bio != NULL) BIO_free(ssl_bio);*/
-    return (ret);
-}
-
-#ifndef OPENSSL_NO_RSA
-static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
-{
-    BIGNUM *bn = NULL;
-    static RSA *rsa_tmp = NULL;
-
-    if (!rsa_tmp && ((bn = BN_new()) == NULL))
-        BIO_printf(bio_err, "Allocation error in generating RSA key\n");
-    if (!rsa_tmp && bn) {
-        if (!s_quiet) {
-            BIO_printf(bio_err, "Generating temp (%d bit) RSA key...",
-                       keylength);
-            (void)BIO_flush(bio_err);
-        }
-        if (!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) ||
-            !RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) {
-            if (rsa_tmp)
-                RSA_free(rsa_tmp);
-            rsa_tmp = NULL;
-        }
-        if (!s_quiet) {
-            BIO_printf(bio_err, "\n");
-            (void)BIO_flush(bio_err);
-        }
-        BN_free(bn);
-    }
-    return (rsa_tmp);
-}
-#endif
-
-#define MAX_SESSION_ID_ATTEMPTS 10
-static int generate_session_id(const SSL *ssl, unsigned char *id,
-                               unsigned int *id_len)
-{
-    unsigned int count = 0;
-    do {
-        if (RAND_pseudo_bytes(id, *id_len) < 0)
-            return 0;
-        /*
-         * Prefix the session_id with the required prefix. NB: If our prefix
-         * is too long, clip it - but there will be worse effects anyway, eg.
-         * the server could only possibly create 1 session ID (ie. the
-         * prefix!) so all future session negotiations will fail due to
-         * conflicts.
-         */
-        memcpy(id, session_id_prefix,
-               (strlen(session_id_prefix) < *id_len) ?
-               strlen(session_id_prefix) : *id_len);
-    }
-    while (SSL_has_matching_session_id(ssl, id, *id_len) &&
-           (++count < MAX_SESSION_ID_ATTEMPTS));
-    if (count >= MAX_SESSION_ID_ATTEMPTS)
-        return 0;
-    return 1;
-}

Copied: vendor-crypto/openssl/1.0.1u/apps/s_server.c (from rev 11605, vendor-crypto/openssl/dist/apps/s_server.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/apps/s_server.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/apps/s_server.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,2989 @@
+/* apps/s_server.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
+
+/*
+ * Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code
+ */
+#ifdef OPENSSL_NO_DEPRECATED
+# undef OPENSSL_NO_DEPRECATED
+#endif
+
+#include <assert.h>
+#include <ctype.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/e_os2.h>
+#ifdef OPENSSL_NO_STDIO
+# define APPS_WIN16
+#endif
+
+/* conflicts with winsock2 stuff on netware */
+#if !defined(OPENSSL_SYS_NETWARE)
+# include <sys/types.h>
+#endif
+
+/*
+ * With IPv6, it looks like Digital has mixed up the proper order of
+ * recursive header file inclusion, resulting in the compiler complaining
+ * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is
+ * needed to have fileno() declared correctly...  So let's define u_int
+ */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
+# define __U_INT
+typedef unsigned int u_int;
+#endif
+
+#include <openssl/lhash.h>
+#include <openssl/bn.h>
+#define USE_SOCKETS
+#include "apps.h"
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/rand.h>
+#include <openssl/ocsp.h>
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_SRP
+# include <openssl/srp.h>
+#endif
+#include "s_apps.h"
+#include "timeouts.h"
+
+#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
+/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
+# undef FIONBIO
+#endif
+
+#if defined(OPENSSL_SYS_BEOS_R5)
+# include <fcntl.h>
+#endif
+
+#ifndef OPENSSL_NO_RSA
+static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
+#endif
+static int sv_body(char *hostname, int s, unsigned char *context);
+static int www_body(char *hostname, int s, unsigned char *context);
+static void close_accept_socket(void);
+static void sv_usage(void);
+static int init_ssl_connection(SSL *s);
+static void print_stats(BIO *bp, SSL_CTX *ctx);
+static int generate_session_id(const SSL *ssl, unsigned char *id,
+                               unsigned int *id_len);
+#ifndef OPENSSL_NO_DH
+static DH *load_dh_param(const char *dhfile);
+static DH *get_dh2048(void);
+#endif
+
+#ifdef MONOLITH
+static void s_server_init(void);
+#endif
+
+#ifndef OPENSSL_NO_DH
+static unsigned char dh2048_p[] = {
+    0xF6,0x42,0x57,0xB7,0x08,0x7F,0x08,0x17,0x72,0xA2,0xBA,0xD6,
+    0xA9,0x42,0xF3,0x05,0xE8,0xF9,0x53,0x11,0x39,0x4F,0xB6,0xF1,
+    0x6E,0xB9,0x4B,0x38,0x20,0xDA,0x01,0xA7,0x56,0xA3,0x14,0xE9,
+    0x8F,0x40,0x55,0xF3,0xD0,0x07,0xC6,0xCB,0x43,0xA9,0x94,0xAD,
+    0xF7,0x4C,0x64,0x86,0x49,0xF8,0x0C,0x83,0xBD,0x65,0xE9,0x17,
+    0xD4,0xA1,0xD3,0x50,0xF8,0xF5,0x59,0x5F,0xDC,0x76,0x52,0x4F,
+    0x3D,0x3D,0x8D,0xDB,0xCE,0x99,0xE1,0x57,0x92,0x59,0xCD,0xFD,
+    0xB8,0xAE,0x74,0x4F,0xC5,0xFC,0x76,0xBC,0x83,0xC5,0x47,0x30,
+    0x61,0xCE,0x7C,0xC9,0x66,0xFF,0x15,0xF9,0xBB,0xFD,0x91,0x5E,
+    0xC7,0x01,0xAA,0xD3,0x5B,0x9E,0x8D,0xA0,0xA5,0x72,0x3A,0xD4,
+    0x1A,0xF0,0xBF,0x46,0x00,0x58,0x2B,0xE5,0xF4,0x88,0xFD,0x58,
+    0x4E,0x49,0xDB,0xCD,0x20,0xB4,0x9D,0xE4,0x91,0x07,0x36,0x6B,
+    0x33,0x6C,0x38,0x0D,0x45,0x1D,0x0F,0x7C,0x88,0xB3,0x1C,0x7C,
+    0x5B,0x2D,0x8E,0xF6,0xF3,0xC9,0x23,0xC0,0x43,0xF0,0xA5,0x5B,
+    0x18,0x8D,0x8E,0xBB,0x55,0x8C,0xB8,0x5D,0x38,0xD3,0x34,0xFD,
+    0x7C,0x17,0x57,0x43,0xA3,0x1D,0x18,0x6C,0xDE,0x33,0x21,0x2C,
+    0xB5,0x2A,0xFF,0x3C,0xE1,0xB1,0x29,0x40,0x18,0x11,0x8D,0x7C,
+    0x84,0xA7,0x0A,0x72,0xD6,0x86,0xC4,0x03,0x19,0xC8,0x07,0x29,
+    0x7A,0xCA,0x95,0x0C,0xD9,0x96,0x9F,0xAB,0xD0,0x0A,0x50,0x9B,
+    0x02,0x46,0xD3,0x08,0x3D,0x66,0xA4,0x5D,0x41,0x9F,0x9C,0x7C,
+    0xBD,0x89,0x4B,0x22,0x19,0x26,0xBA,0xAB,0xA2,0x5E,0xC3,0x55,
+    0xE9,0x32,0x0B,0x3B,
+};
+
+static unsigned char dh2048_g[] = {
+    0x02,
+};
+
+DH *get_dh2048()
+{
+    DH *dh;
+
+    if ((dh = DH_new()) == NULL)
+        return NULL;
+    dh->p=BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
+    dh->g=BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
+    if (dh->p == NULL || dh->g == NULL) {
+        DH_free(dh);
+        return NULL;
+    }
+    return dh;
+}
+#endif
+
+/* static int load_CA(SSL_CTX *ctx, char *file);*/
+
+#undef BUFSIZZ
+#define BUFSIZZ 16*1024
+static int bufsize = BUFSIZZ;
+static int accept_socket = -1;
+
+#define TEST_CERT       "server.pem"
+#ifndef OPENSSL_NO_TLSEXT
+# define TEST_CERT2      "server2.pem"
+#endif
+#undef PROG
+#define PROG            s_server_main
+
+extern int verify_depth, verify_return_error;
+
+static char *cipher = NULL;
+static int s_server_verify = SSL_VERIFY_NONE;
+static int s_server_session_id_context = 1; /* anything will do */
+static const char *s_cert_file = TEST_CERT, *s_key_file = NULL;
+#ifndef OPENSSL_NO_TLSEXT
+static const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL;
+#endif
+static char *s_dcert_file = NULL, *s_dkey_file = NULL;
+#ifdef FIONBIO
+static int s_nbio = 0;
+#endif
+static int s_nbio_test = 0;
+int s_crlf = 0;
+static SSL_CTX *ctx = NULL;
+#ifndef OPENSSL_NO_TLSEXT
+static SSL_CTX *ctx2 = NULL;
+#endif
+static int www = 0;
+
+static BIO *bio_s_out = NULL;
+static int s_debug = 0;
+#ifndef OPENSSL_NO_TLSEXT
+static int s_tlsextdebug = 0;
+static int s_tlsextstatus = 0;
+static int cert_status_cb(SSL *s, void *arg);
+#endif
+static int s_msg = 0;
+static int s_quiet = 0;
+
+static char *keymatexportlabel = NULL;
+static int keymatexportlen = 20;
+
+static int hack = 0;
+#ifndef OPENSSL_NO_ENGINE
+static char *engine_id = NULL;
+#endif
+static const char *session_id_prefix = NULL;
+
+static int enable_timeouts = 0;
+static long socket_mtu;
+#ifndef OPENSSL_NO_DTLS1
+static int cert_chain = 0;
+#endif
+
+#ifndef OPENSSL_NO_PSK
+static char *psk_identity = "Client_identity";
+char *psk_key = NULL;           /* by default PSK is not used */
+
+static unsigned int psk_server_cb(SSL *ssl, const char *identity,
+                                  unsigned char *psk,
+                                  unsigned int max_psk_len)
+{
+    unsigned int psk_len = 0;
+    int ret;
+    BIGNUM *bn = NULL;
+
+    if (s_debug)
+        BIO_printf(bio_s_out, "psk_server_cb\n");
+    if (!identity) {
+        BIO_printf(bio_err, "Error: client did not send PSK identity\n");
+        goto out_err;
+    }
+    if (s_debug)
+        BIO_printf(bio_s_out, "identity_len=%d identity=%s\n",
+                   (int)strlen(identity), identity);
+
+    /* here we could lookup the given identity e.g. from a database */
+    if (strcmp(identity, psk_identity) != 0) {
+        BIO_printf(bio_s_out, "PSK error: client identity not found"
+                   " (got '%s' expected '%s')\n", identity, psk_identity);
+        goto out_err;
+    }
+    if (s_debug)
+        BIO_printf(bio_s_out, "PSK client identity found\n");
+
+    /* convert the PSK key to binary */
+    ret = BN_hex2bn(&bn, psk_key);
+    if (!ret) {
+        BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
+                   psk_key);
+        if (bn)
+            BN_free(bn);
+        return 0;
+    }
+    if (BN_num_bytes(bn) > (int)max_psk_len) {
+        BIO_printf(bio_err,
+                   "psk buffer of callback is too small (%d) for key (%d)\n",
+                   max_psk_len, BN_num_bytes(bn));
+        BN_free(bn);
+        return 0;
+    }
+
+    ret = BN_bn2bin(bn, psk);
+    BN_free(bn);
+
+    if (ret < 0)
+        goto out_err;
+    psk_len = (unsigned int)ret;
+
+    if (s_debug)
+        BIO_printf(bio_s_out, "fetched PSK len=%d\n", psk_len);
+    return psk_len;
+ out_err:
+    if (s_debug)
+        BIO_printf(bio_err, "Error in PSK server callback\n");
+    return 0;
+}
+#endif
+
+#ifndef OPENSSL_NO_SRP
+/* This is a context that we pass to callbacks */
+typedef struct srpsrvparm_st {
+    char *login;
+    SRP_VBASE *vb;
+    SRP_user_pwd *user;
+} srpsrvparm;
+
+/*
+ * This callback pretends to require some asynchronous logic in order to
+ * obtain a verifier. When the callback is called for a new connection we
+ * return with a negative value. This will provoke the accept etc to return
+ * with an LOOKUP_X509. The main logic of the reinvokes the suspended call
+ * (which would normally occur after a worker has finished) and we set the
+ * user parameters.
+ */
+static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
+{
+    srpsrvparm *p = (srpsrvparm *) arg;
+    int ret = SSL3_AL_FATAL;
+
+    if (p->login == NULL && p->user == NULL) {
+        p->login = SSL_get_srp_username(s);
+        BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login);
+        return (-1);
+    }
+
+    if (p->user == NULL) {
+        BIO_printf(bio_err, "User %s doesn't exist\n", p->login);
+        goto err;
+    }
+
+    if (SSL_set_srp_server_param
+        (s, p->user->N, p->user->g, p->user->s, p->user->v,
+         p->user->info) < 0) {
+        *ad = SSL_AD_INTERNAL_ERROR;
+        goto err;
+    }
+    BIO_printf(bio_err,
+               "SRP parameters set: username = \"%s\" info=\"%s\" \n",
+               p->login, p->user->info);
+    ret = SSL_ERROR_NONE;
+
+err:
+    SRP_user_pwd_free(p->user);
+    p->user = NULL;
+    p->login = NULL;
+    return ret;
+}
+
+#endif
+
+#ifdef MONOLITH
+static void s_server_init(void)
+{
+    accept_socket = -1;
+    cipher = NULL;
+    s_server_verify = SSL_VERIFY_NONE;
+    s_dcert_file = NULL;
+    s_dkey_file = NULL;
+    s_cert_file = TEST_CERT;
+    s_key_file = NULL;
+# ifndef OPENSSL_NO_TLSEXT
+    s_cert_file2 = TEST_CERT2;
+    s_key_file2 = NULL;
+    ctx2 = NULL;
+# endif
+# ifdef FIONBIO
+    s_nbio = 0;
+# endif
+    s_nbio_test = 0;
+    ctx = NULL;
+    www = 0;
+
+    bio_s_out = NULL;
+    s_debug = 0;
+    s_msg = 0;
+    s_quiet = 0;
+    hack = 0;
+# ifndef OPENSSL_NO_ENGINE
+    engine_id = NULL;
+# endif
+}
+#endif
+
+static void sv_usage(void)
+{
+    BIO_printf(bio_err, "usage: s_server [args ...]\n");
+    BIO_printf(bio_err, "\n");
+    BIO_printf(bio_err,
+               " -accept arg   - port to accept on (default is %d)\n", PORT);
+    BIO_printf(bio_err, " -context arg  - set session ID context\n");
+    BIO_printf(bio_err,
+               " -verify arg   - turn on peer certificate verification\n");
+    BIO_printf(bio_err,
+               " -Verify arg   - turn on peer certificate verification, must have a cert.\n");
+    BIO_printf(bio_err,
+               " -verify_return_error - return verification errors\n");
+    BIO_printf(bio_err, " -cert arg     - certificate file to use\n");
+    BIO_printf(bio_err, "                 (default is %s)\n", TEST_CERT);
+    BIO_printf(bio_err,
+               " -crl_check    - check the peer certificate has not been revoked by its CA.\n"
+               "                 The CRL(s) are appended to the certificate file\n");
+    BIO_printf(bio_err,
+               " -crl_check_all - check the peer certificate has not been revoked by its CA\n"
+               "                 or any other CRL in the CA chain. CRL(s) are appened to the\n"
+               "                 the certificate file.\n");
+    BIO_printf(bio_err,
+               " -certform arg - certificate format (PEM or DER) PEM default\n");
+    BIO_printf(bio_err,
+               " -key arg      - Private Key file to use, in cert file if\n");
+    BIO_printf(bio_err, "                 not specified (default is %s)\n",
+               TEST_CERT);
+    BIO_printf(bio_err,
+               " -keyform arg  - key format (PEM, DER or ENGINE) PEM default\n");
+    BIO_printf(bio_err,
+               " -pass arg     - private key file pass phrase source\n");
+    BIO_printf(bio_err,
+               " -dcert arg    - second certificate file to use (usually for DSA)\n");
+    BIO_printf(bio_err,
+               " -dcertform x  - second certificate format (PEM or DER) PEM default\n");
+    BIO_printf(bio_err,
+               " -dkey arg     - second private key file to use (usually for DSA)\n");
+    BIO_printf(bio_err,
+               " -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default\n");
+    BIO_printf(bio_err,
+               " -dpass arg    - second private key file pass phrase source\n");
+    BIO_printf(bio_err,
+               " -dhparam arg  - DH parameter file to use, in cert file if not specified\n");
+    BIO_printf(bio_err,
+               "                 or a default set of parameters is used\n");
+#ifndef OPENSSL_NO_ECDH
+    BIO_printf(bio_err,
+               " -named_curve arg  - Elliptic curve name to use for ephemeral ECDH keys.\n"
+               "                 Use \"openssl ecparam -list_curves\" for all names\n"
+               "                 (default is nistp256).\n");
+#endif
+#ifdef FIONBIO
+    BIO_printf(bio_err, " -nbio         - Run with non-blocking IO\n");
+#endif
+    BIO_printf(bio_err,
+               " -nbio_test    - test with the non-blocking test bio\n");
+    BIO_printf(bio_err,
+               " -crlf         - convert LF from terminal into CRLF\n");
+    BIO_printf(bio_err, " -debug        - Print more output\n");
+    BIO_printf(bio_err, " -msg          - Show protocol messages\n");
+    BIO_printf(bio_err, " -state        - Print the SSL states\n");
+    BIO_printf(bio_err, " -CApath arg   - PEM format directory of CA's\n");
+    BIO_printf(bio_err, " -CAfile arg   - PEM format file of CA's\n");
+    BIO_printf(bio_err,
+               " -no_alt_chains - only ever use the first certificate chain found\n");
+    BIO_printf(bio_err,
+               " -nocert       - Don't use any certificates (Anon-DH)\n");
+    BIO_printf(bio_err,
+               " -cipher arg   - play with 'openssl ciphers' to see what goes here\n");
+    BIO_printf(bio_err, " -serverpref   - Use server's cipher preferences\n");
+    BIO_printf(bio_err, " -quiet        - No server output\n");
+    BIO_printf(bio_err, " -no_tmp_rsa   - Do not generate a tmp RSA key\n");
+#ifndef OPENSSL_NO_PSK
+    BIO_printf(bio_err, " -psk_hint arg - PSK identity hint to use\n");
+    BIO_printf(bio_err, " -psk arg      - PSK in hex (without 0x)\n");
+# ifndef OPENSSL_NO_JPAKE
+    BIO_printf(bio_err, " -jpake arg    - JPAKE secret to use\n");
+# endif
+#endif
+#ifndef OPENSSL_NO_SRP
+    BIO_printf(bio_err, " -srpvfile file      - The verifier file for SRP\n");
+    BIO_printf(bio_err,
+               " -srpuserseed string - A seed string for a default user salt.\n");
+#endif
+    BIO_printf(bio_err, " -ssl2         - Just talk SSLv2\n");
+#ifndef OPENSSL_NO_SSL3_METHOD
+    BIO_printf(bio_err, " -ssl3         - Just talk SSLv3\n");
+#endif
+    BIO_printf(bio_err, " -tls1_2       - Just talk TLSv1.2\n");
+    BIO_printf(bio_err, " -tls1_1       - Just talk TLSv1.1\n");
+    BIO_printf(bio_err, " -tls1         - Just talk TLSv1\n");
+    BIO_printf(bio_err, " -dtls1        - Just talk DTLSv1\n");
+    BIO_printf(bio_err, " -timeout      - Enable timeouts\n");
+    BIO_printf(bio_err, " -mtu          - Set link layer MTU\n");
+    BIO_printf(bio_err, " -chain        - Read a certificate chain\n");
+    BIO_printf(bio_err, " -no_ssl2      - Just disable SSLv2\n");
+    BIO_printf(bio_err, " -no_ssl3      - Just disable SSLv3\n");
+    BIO_printf(bio_err, " -no_tls1      - Just disable TLSv1\n");
+    BIO_printf(bio_err, " -no_tls1_1    - Just disable TLSv1.1\n");
+    BIO_printf(bio_err, " -no_tls1_2    - Just disable TLSv1.2\n");
+#ifndef OPENSSL_NO_DH
+    BIO_printf(bio_err, " -no_dhe       - Disable ephemeral DH\n");
+#endif
+#ifndef OPENSSL_NO_ECDH
+    BIO_printf(bio_err, " -no_ecdhe     - Disable ephemeral ECDH\n");
+#endif
+    BIO_printf(bio_err, " -bugs         - Turn on SSL bug compatibility\n");
+    BIO_printf(bio_err,
+               " -hack         - workaround for early Netscape code\n");
+    BIO_printf(bio_err,
+               " -www          - Respond to a 'GET /' with a status page\n");
+    BIO_printf(bio_err,
+               " -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
+    BIO_printf(bio_err,
+               " -HTTP         - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
+    BIO_printf(bio_err,
+               "                 with the assumption it contains a complete HTTP response.\n");
+#ifndef OPENSSL_NO_ENGINE
+    BIO_printf(bio_err,
+               " -engine id    - Initialise and use the specified engine\n");
+#endif
+    BIO_printf(bio_err,
+               " -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
+    BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
+               LIST_SEPARATOR_CHAR);
+#ifndef OPENSSL_NO_TLSEXT
+    BIO_printf(bio_err,
+               " -servername host - servername for HostName TLS extension\n");
+    BIO_printf(bio_err,
+               " -servername_fatal - on mismatch send fatal alert (default warning alert)\n");
+    BIO_printf(bio_err,
+               " -cert2 arg    - certificate file to use for servername\n");
+    BIO_printf(bio_err, "                 (default is %s)\n", TEST_CERT2);
+    BIO_printf(bio_err,
+               " -key2 arg     - Private Key file to use for servername, in cert file if\n");
+    BIO_printf(bio_err, "                 not specified (default is %s)\n",
+               TEST_CERT2);
+    BIO_printf(bio_err,
+               " -tlsextdebug  - hex dump of all TLS extensions received\n");
+    BIO_printf(bio_err,
+               " -no_ticket    - disable use of RFC4507bis session tickets\n");
+    BIO_printf(bio_err,
+               " -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
+# ifndef OPENSSL_NO_NEXTPROTONEG
+    BIO_printf(bio_err,
+               " -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n");
+# endif
+# ifndef OPENSSL_NO_SRTP
+    BIO_printf(bio_err,
+               " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
+# endif
+#endif
+    BIO_printf(bio_err,
+               " -keymatexport label   - Export keying material using label\n");
+    BIO_printf(bio_err,
+               " -keymatexportlen len  - Export len bytes of keying material (default 20)\n");
+    BIO_printf(bio_err,
+               " -status           - respond to certificate status requests\n");
+    BIO_printf(bio_err,
+               " -status_verbose   - enable status request verbose printout\n");
+    BIO_printf(bio_err,
+               " -status_timeout n - status request responder timeout\n");
+    BIO_printf(bio_err, " -status_url URL   - status request fallback URL\n");
+}
+
+static int local_argc = 0;
+static char **local_argv;
+
+#ifdef CHARSET_EBCDIC
+static int ebcdic_new(BIO *bi);
+static int ebcdic_free(BIO *a);
+static int ebcdic_read(BIO *b, char *out, int outl);
+static int ebcdic_write(BIO *b, const char *in, int inl);
+static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr);
+static int ebcdic_gets(BIO *bp, char *buf, int size);
+static int ebcdic_puts(BIO *bp, const char *str);
+
+# define BIO_TYPE_EBCDIC_FILTER  (18|0x0200)
+static BIO_METHOD methods_ebcdic = {
+    BIO_TYPE_EBCDIC_FILTER,
+    "EBCDIC/ASCII filter",
+    ebcdic_write,
+    ebcdic_read,
+    ebcdic_puts,
+    ebcdic_gets,
+    ebcdic_ctrl,
+    ebcdic_new,
+    ebcdic_free,
+};
+
+typedef struct {
+    size_t alloced;
+    char buff[1];
+} EBCDIC_OUTBUFF;
+
+BIO_METHOD *BIO_f_ebcdic_filter()
+{
+    return (&methods_ebcdic);
+}
+
+static int ebcdic_new(BIO *bi)
+{
+    EBCDIC_OUTBUFF *wbuf;
+
+    wbuf = (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024);
+    if (!wbuf)
+        return 0;
+    wbuf->alloced = 1024;
+    wbuf->buff[0] = '\0';
+
+    bi->ptr = (char *)wbuf;
+    bi->init = 1;
+    bi->flags = 0;
+    return (1);
+}
+
+static int ebcdic_free(BIO *a)
+{
+    if (a == NULL)
+        return (0);
+    if (a->ptr != NULL)
+        OPENSSL_free(a->ptr);
+    a->ptr = NULL;
+    a->init = 0;
+    a->flags = 0;
+    return (1);
+}
+
+static int ebcdic_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+
+    if (out == NULL || outl == 0)
+        return (0);
+    if (b->next_bio == NULL)
+        return (0);
+
+    ret = BIO_read(b->next_bio, out, outl);
+    if (ret > 0)
+        ascii2ebcdic(out, out, ret);
+    return (ret);
+}
+
+static int ebcdic_write(BIO *b, const char *in, int inl)
+{
+    EBCDIC_OUTBUFF *wbuf;
+    int ret = 0;
+    int num;
+    unsigned char n;
+
+    if ((in == NULL) || (inl <= 0))
+        return (0);
+    if (b->next_bio == NULL)
+        return (0);
+
+    wbuf = (EBCDIC_OUTBUFF *) b->ptr;
+
+    if (inl > (num = wbuf->alloced)) {
+        num = num + num;        /* double the size */
+        if (num < inl)
+            num = inl;
+        wbuf =
+            (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num);
+        if (!wbuf)
+            return 0;
+        OPENSSL_free(b->ptr);
+
+        wbuf->alloced = num;
+        wbuf->buff[0] = '\0';
+
+        b->ptr = (char *)wbuf;
+    }
+
+    ebcdic2ascii(wbuf->buff, in, inl);
+
+    ret = BIO_write(b->next_bio, wbuf->buff, inl);
+
+    return (ret);
+}
+
+static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    long ret;
+
+    if (b->next_bio == NULL)
+        return (0);
+    switch (cmd) {
+    case BIO_CTRL_DUP:
+        ret = 0L;
+        break;
+    default:
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    }
+    return (ret);
+}
+
+static int ebcdic_gets(BIO *bp, char *buf, int size)
+{
+    int i, ret = 0;
+    if (bp->next_bio == NULL)
+        return (0);
+/*      return(BIO_gets(bp->next_bio,buf,size));*/
+    for (i = 0; i < size - 1; ++i) {
+        ret = ebcdic_read(bp, &buf[i], 1);
+        if (ret <= 0)
+            break;
+        else if (buf[i] == '\n') {
+            ++i;
+            break;
+        }
+    }
+    if (i < size)
+        buf[i] = '\0';
+    return (ret < 0 && i == 0) ? ret : i;
+}
+
+static int ebcdic_puts(BIO *bp, const char *str)
+{
+    if (bp->next_bio == NULL)
+        return (0);
+    return ebcdic_write(bp, str, strlen(str));
+}
+#endif
+
+#ifndef OPENSSL_NO_TLSEXT
+
+/* This is a context that we pass to callbacks */
+typedef struct tlsextctx_st {
+    char *servername;
+    BIO *biodebug;
+    int extension_error;
+} tlsextctx;
+
+static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
+{
+    tlsextctx *p = (tlsextctx *) arg;
+    const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
+    if (servername && p->biodebug)
+        BIO_printf(p->biodebug, "Hostname in TLS extension: \"%s\"\n",
+                   servername);
+
+    if (!p->servername)
+        return SSL_TLSEXT_ERR_NOACK;
+
+    if (servername) {
+        if (strcasecmp(servername, p->servername))
+            return p->extension_error;
+        if (ctx2) {
+            BIO_printf(p->biodebug, "Switching server context.\n");
+            SSL_set_SSL_CTX(s, ctx2);
+        }
+    }
+    return SSL_TLSEXT_ERR_OK;
+}
+
+/* Structure passed to cert status callback */
+
+typedef struct tlsextstatusctx_st {
+    /* Default responder to use */
+    char *host, *path, *port;
+    int use_ssl;
+    int timeout;
+    BIO *err;
+    int verbose;
+} tlsextstatusctx;
+
+static tlsextstatusctx tlscstatp = { NULL, NULL, NULL, 0, -1, NULL, 0 };
+
+/*
+ * Certificate Status callback. This is called when a client includes a
+ * certificate status request extension. This is a simplified version. It
+ * examines certificates each time and makes one OCSP responder query for
+ * each request. A full version would store details such as the OCSP
+ * certificate IDs and minimise the number of OCSP responses by caching them
+ * until they were considered "expired".
+ */
+
+static int cert_status_cb(SSL *s, void *arg)
+{
+    tlsextstatusctx *srctx = arg;
+    BIO *err = srctx->err;
+    char *host, *port, *path;
+    int use_ssl;
+    unsigned char *rspder = NULL;
+    int rspderlen;
+    STACK_OF(OPENSSL_STRING) *aia = NULL;
+    X509 *x = NULL;
+    X509_STORE_CTX inctx;
+    X509_OBJECT obj;
+    OCSP_REQUEST *req = NULL;
+    OCSP_RESPONSE *resp = NULL;
+    OCSP_CERTID *id = NULL;
+    STACK_OF(X509_EXTENSION) *exts;
+    int ret = SSL_TLSEXT_ERR_NOACK;
+    int i;
+# if 0
+    STACK_OF(OCSP_RESPID) *ids;
+    SSL_get_tlsext_status_ids(s, &ids);
+    BIO_printf(err, "cert_status: received %d ids\n",
+               sk_OCSP_RESPID_num(ids));
+# endif
+    if (srctx->verbose)
+        BIO_puts(err, "cert_status: callback called\n");
+    /* Build up OCSP query from server certificate */
+    x = SSL_get_certificate(s);
+    aia = X509_get1_ocsp(x);
+    if (aia) {
+        if (!OCSP_parse_url(sk_OPENSSL_STRING_value(aia, 0),
+                            &host, &port, &path, &use_ssl)) {
+            BIO_puts(err, "cert_status: can't parse AIA URL\n");
+            goto err;
+        }
+        if (srctx->verbose)
+            BIO_printf(err, "cert_status: AIA URL: %s\n",
+                       sk_OPENSSL_STRING_value(aia, 0));
+    } else {
+        if (!srctx->host) {
+            BIO_puts(srctx->err,
+                     "cert_status: no AIA and no default responder URL\n");
+            goto done;
+        }
+        host = srctx->host;
+        path = srctx->path;
+        port = srctx->port;
+        use_ssl = srctx->use_ssl;
+    }
+
+    if (!X509_STORE_CTX_init(&inctx,
+                             SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)),
+                             NULL, NULL))
+        goto err;
+    if (X509_STORE_get_by_subject(&inctx, X509_LU_X509,
+                                  X509_get_issuer_name(x), &obj) <= 0) {
+        BIO_puts(err, "cert_status: Can't retrieve issuer certificate.\n");
+        X509_STORE_CTX_cleanup(&inctx);
+        goto done;
+    }
+    req = OCSP_REQUEST_new();
+    if (!req)
+        goto err;
+    id = OCSP_cert_to_id(NULL, x, obj.data.x509);
+    X509_free(obj.data.x509);
+    X509_STORE_CTX_cleanup(&inctx);
+    if (!id)
+        goto err;
+    if (!OCSP_request_add0_id(req, id))
+        goto err;
+    id = NULL;
+    /* Add any extensions to the request */
+    SSL_get_tlsext_status_exts(s, &exts);
+    for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
+        X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
+        if (!OCSP_REQUEST_add_ext(req, ext, -1))
+            goto err;
+    }
+    resp = process_responder(err, req, host, path, port, use_ssl, NULL,
+                             srctx->timeout);
+    if (!resp) {
+        BIO_puts(err, "cert_status: error querying responder\n");
+        goto done;
+    }
+    rspderlen = i2d_OCSP_RESPONSE(resp, &rspder);
+    if (rspderlen <= 0)
+        goto err;
+    SSL_set_tlsext_status_ocsp_resp(s, rspder, rspderlen);
+    if (srctx->verbose) {
+        BIO_puts(err, "cert_status: ocsp response sent:\n");
+        OCSP_RESPONSE_print(err, resp, 2);
+    }
+    ret = SSL_TLSEXT_ERR_OK;
+ done:
+    if (ret != SSL_TLSEXT_ERR_OK)
+        ERR_print_errors(err);
+    if (aia) {
+        OPENSSL_free(host);
+        OPENSSL_free(path);
+        OPENSSL_free(port);
+        X509_email_free(aia);
+    }
+    if (id)
+        OCSP_CERTID_free(id);
+    if (req)
+        OCSP_REQUEST_free(req);
+    if (resp)
+        OCSP_RESPONSE_free(resp);
+    return ret;
+ err:
+    ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+    goto done;
+}
+
+# ifndef OPENSSL_NO_NEXTPROTONEG
+/* This is the context that we pass to next_proto_cb */
+typedef struct tlsextnextprotoctx_st {
+    unsigned char *data;
+    unsigned int len;
+} tlsextnextprotoctx;
+
+static int next_proto_cb(SSL *s, const unsigned char **data,
+                         unsigned int *len, void *arg)
+{
+    tlsextnextprotoctx *next_proto = arg;
+
+    *data = next_proto->data;
+    *len = next_proto->len;
+
+    return SSL_TLSEXT_ERR_OK;
+}
+# endif                         /* ndef OPENSSL_NO_NEXTPROTONEG */
+
+#endif
+
+int MAIN(int, char **);
+
+#ifndef OPENSSL_NO_JPAKE
+static char *jpake_secret = NULL;
+#endif
+#ifndef OPENSSL_NO_SRP
+static srpsrvparm srp_callback_parm;
+#endif
+#ifndef OPENSSL_NO_SRTP
+static char *srtp_profiles = NULL;
+#endif
+
+int MAIN(int argc, char *argv[])
+{
+    X509_VERIFY_PARAM *vpm = NULL;
+    int badarg = 0;
+    short port = PORT;
+    char *CApath = NULL, *CAfile = NULL;
+    unsigned char *context = NULL;
+    char *dhfile = NULL;
+#ifndef OPENSSL_NO_ECDH
+    char *named_curve = NULL;
+#endif
+    int badop = 0, bugs = 0;
+    int ret = 1;
+    int off = 0;
+    int no_tmp_rsa = 0, no_dhe = 0, nocert = 0;
+#ifndef OPENSSL_NO_ECDH
+    int no_ecdhe = 0;
+#endif
+    int state = 0;
+    const SSL_METHOD *meth = NULL;
+    int socket_type = SOCK_STREAM;
+    ENGINE *e = NULL;
+    char *inrand = NULL;
+    int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
+    char *passarg = NULL, *pass = NULL;
+    char *dpassarg = NULL, *dpass = NULL;
+    int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
+    X509 *s_cert = NULL, *s_dcert = NULL;
+    EVP_PKEY *s_key = NULL, *s_dkey = NULL;
+    int no_cache = 0;
+#ifndef OPENSSL_NO_TLSEXT
+    EVP_PKEY *s_key2 = NULL;
+    X509 *s_cert2 = NULL;
+    tlsextctx tlsextcbp = { NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING };
+# ifndef OPENSSL_NO_NEXTPROTONEG
+    const char *next_proto_neg_in = NULL;
+    tlsextnextprotoctx next_proto;
+# endif
+#endif
+#ifndef OPENSSL_NO_PSK
+    /* by default do not send a PSK identity hint */
+    static char *psk_identity_hint = NULL;
+#endif
+#ifndef OPENSSL_NO_SRP
+    char *srpuserseed = NULL;
+    char *srp_verifier_file = NULL;
+#endif
+    meth = SSLv23_server_method();
+
+    local_argc = argc;
+    local_argv = argv;
+
+    apps_startup();
+#ifdef MONOLITH
+    s_server_init();
+#endif
+
+    if (bio_err == NULL)
+        bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+    if (!load_config(bio_err, NULL))
+        goto end;
+
+    verify_depth = 0;
+#ifdef FIONBIO
+    s_nbio = 0;
+#endif
+    s_nbio_test = 0;
+
+    argc--;
+    argv++;
+
+    while (argc >= 1) {
+        if ((strcmp(*argv, "-port") == 0) || (strcmp(*argv, "-accept") == 0)) {
+            if (--argc < 1)
+                goto bad;
+            if (!extract_port(*(++argv), &port))
+                goto bad;
+        } else if (strcmp(*argv, "-verify") == 0) {
+            s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
+            if (--argc < 1)
+                goto bad;
+            verify_depth = atoi(*(++argv));
+            BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
+        } else if (strcmp(*argv, "-Verify") == 0) {
+            s_server_verify =
+                SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
+                SSL_VERIFY_CLIENT_ONCE;
+            if (--argc < 1)
+                goto bad;
+            verify_depth = atoi(*(++argv));
+            BIO_printf(bio_err,
+                       "verify depth is %d, must return a certificate\n",
+                       verify_depth);
+        } else if (strcmp(*argv, "-context") == 0) {
+            if (--argc < 1)
+                goto bad;
+            context = (unsigned char *)*(++argv);
+        } else if (strcmp(*argv, "-cert") == 0) {
+            if (--argc < 1)
+                goto bad;
+            s_cert_file = *(++argv);
+        } else if (strcmp(*argv, "-certform") == 0) {
+            if (--argc < 1)
+                goto bad;
+            s_cert_format = str2fmt(*(++argv));
+        } else if (strcmp(*argv, "-key") == 0) {
+            if (--argc < 1)
+                goto bad;
+            s_key_file = *(++argv);
+        } else if (strcmp(*argv, "-keyform") == 0) {
+            if (--argc < 1)
+                goto bad;
+            s_key_format = str2fmt(*(++argv));
+        } else if (strcmp(*argv, "-pass") == 0) {
+            if (--argc < 1)
+                goto bad;
+            passarg = *(++argv);
+        } else if (strcmp(*argv, "-dhparam") == 0) {
+            if (--argc < 1)
+                goto bad;
+            dhfile = *(++argv);
+        }
+#ifndef OPENSSL_NO_ECDH
+        else if (strcmp(*argv, "-named_curve") == 0) {
+            if (--argc < 1)
+                goto bad;
+            named_curve = *(++argv);
+        }
+#endif
+        else if (strcmp(*argv, "-dcertform") == 0) {
+            if (--argc < 1)
+                goto bad;
+            s_dcert_format = str2fmt(*(++argv));
+        } else if (strcmp(*argv, "-dcert") == 0) {
+            if (--argc < 1)
+                goto bad;
+            s_dcert_file = *(++argv);
+        } else if (strcmp(*argv, "-dkeyform") == 0) {
+            if (--argc < 1)
+                goto bad;
+            s_dkey_format = str2fmt(*(++argv));
+        } else if (strcmp(*argv, "-dpass") == 0) {
+            if (--argc < 1)
+                goto bad;
+            dpassarg = *(++argv);
+        } else if (strcmp(*argv, "-dkey") == 0) {
+            if (--argc < 1)
+                goto bad;
+            s_dkey_file = *(++argv);
+        } else if (strcmp(*argv, "-nocert") == 0) {
+            nocert = 1;
+        } else if (strcmp(*argv, "-CApath") == 0) {
+            if (--argc < 1)
+                goto bad;
+            CApath = *(++argv);
+        } else if (strcmp(*argv, "-no_cache") == 0)
+            no_cache = 1;
+        else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) {
+            if (badarg)
+                goto bad;
+            continue;
+        } else if (strcmp(*argv, "-verify_return_error") == 0)
+            verify_return_error = 1;
+        else if (strcmp(*argv, "-serverpref") == 0) {
+            off |= SSL_OP_CIPHER_SERVER_PREFERENCE;
+        } else if (strcmp(*argv, "-legacy_renegotiation") == 0)
+            off |= SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+        else if (strcmp(*argv, "-cipher") == 0) {
+            if (--argc < 1)
+                goto bad;
+            cipher = *(++argv);
+        } else if (strcmp(*argv, "-CAfile") == 0) {
+            if (--argc < 1)
+                goto bad;
+            CAfile = *(++argv);
+        }
+#ifdef FIONBIO
+        else if (strcmp(*argv, "-nbio") == 0) {
+            s_nbio = 1;
+        }
+#endif
+        else if (strcmp(*argv, "-nbio_test") == 0) {
+#ifdef FIONBIO
+            s_nbio = 1;
+#endif
+            s_nbio_test = 1;
+        } else if (strcmp(*argv, "-debug") == 0) {
+            s_debug = 1;
+        }
+#ifndef OPENSSL_NO_TLSEXT
+        else if (strcmp(*argv, "-tlsextdebug") == 0)
+            s_tlsextdebug = 1;
+        else if (strcmp(*argv, "-status") == 0)
+            s_tlsextstatus = 1;
+        else if (strcmp(*argv, "-status_verbose") == 0) {
+            s_tlsextstatus = 1;
+            tlscstatp.verbose = 1;
+        } else if (!strcmp(*argv, "-status_timeout")) {
+            s_tlsextstatus = 1;
+            if (--argc < 1)
+                goto bad;
+            tlscstatp.timeout = atoi(*(++argv));
+        } else if (!strcmp(*argv, "-status_url")) {
+            s_tlsextstatus = 1;
+            if (--argc < 1)
+                goto bad;
+            if (!OCSP_parse_url(*(++argv),
+                                &tlscstatp.host,
+                                &tlscstatp.port,
+                                &tlscstatp.path, &tlscstatp.use_ssl)) {
+                BIO_printf(bio_err, "Error parsing URL\n");
+                goto bad;
+            }
+        }
+#endif
+        else if (strcmp(*argv, "-msg") == 0) {
+            s_msg = 1;
+        } else if (strcmp(*argv, "-hack") == 0) {
+            hack = 1;
+        } else if (strcmp(*argv, "-state") == 0) {
+            state = 1;
+        } else if (strcmp(*argv, "-crlf") == 0) {
+            s_crlf = 1;
+        } else if (strcmp(*argv, "-quiet") == 0) {
+            s_quiet = 1;
+        } else if (strcmp(*argv, "-bugs") == 0) {
+            bugs = 1;
+        } else if (strcmp(*argv, "-no_tmp_rsa") == 0) {
+            no_tmp_rsa = 1;
+        } else if (strcmp(*argv, "-no_dhe") == 0) {
+            no_dhe = 1;
+        }
+#ifndef OPENSSL_NO_ECDH
+        else if (strcmp(*argv, "-no_ecdhe") == 0) {
+            no_ecdhe = 1;
+        }
+#endif
+#ifndef OPENSSL_NO_PSK
+        else if (strcmp(*argv, "-psk_hint") == 0) {
+            if (--argc < 1)
+                goto bad;
+            psk_identity_hint = *(++argv);
+        } else if (strcmp(*argv, "-psk") == 0) {
+            size_t i;
+
+            if (--argc < 1)
+                goto bad;
+            psk_key = *(++argv);
+            for (i = 0; i < strlen(psk_key); i++) {
+                if (isxdigit((unsigned char)psk_key[i]))
+                    continue;
+                BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
+                goto bad;
+            }
+        }
+#endif
+#ifndef OPENSSL_NO_SRP
+        else if (strcmp(*argv, "-srpvfile") == 0) {
+            if (--argc < 1)
+                goto bad;
+            srp_verifier_file = *(++argv);
+            meth = TLSv1_server_method();
+        } else if (strcmp(*argv, "-srpuserseed") == 0) {
+            if (--argc < 1)
+                goto bad;
+            srpuserseed = *(++argv);
+            meth = TLSv1_server_method();
+        }
+#endif
+        else if (strcmp(*argv, "-www") == 0) {
+            www = 1;
+        } else if (strcmp(*argv, "-WWW") == 0) {
+            www = 2;
+        } else if (strcmp(*argv, "-HTTP") == 0) {
+            www = 3;
+        } else if (strcmp(*argv, "-no_ssl2") == 0) {
+            off |= SSL_OP_NO_SSLv2;
+        } else if (strcmp(*argv, "-no_ssl3") == 0) {
+            off |= SSL_OP_NO_SSLv3;
+        } else if (strcmp(*argv, "-no_tls1") == 0) {
+            off |= SSL_OP_NO_TLSv1;
+        } else if (strcmp(*argv, "-no_tls1_1") == 0) {
+            off |= SSL_OP_NO_TLSv1_1;
+        } else if (strcmp(*argv, "-no_tls1_2") == 0) {
+            off |= SSL_OP_NO_TLSv1_2;
+        } else if (strcmp(*argv, "-no_comp") == 0) {
+            off |= SSL_OP_NO_COMPRESSION;
+        }
+#ifndef OPENSSL_NO_TLSEXT
+        else if (strcmp(*argv, "-no_ticket") == 0) {
+            off |= SSL_OP_NO_TICKET;
+        }
+#endif
+#ifndef OPENSSL_NO_SSL2
+        else if (strcmp(*argv, "-ssl2") == 0) {
+            meth = SSLv2_server_method();
+        }
+#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
+        else if (strcmp(*argv, "-ssl3") == 0) {
+            meth = SSLv3_server_method();
+        }
+#endif
+#ifndef OPENSSL_NO_TLS1
+        else if (strcmp(*argv, "-tls1") == 0) {
+            meth = TLSv1_server_method();
+        } else if (strcmp(*argv, "-tls1_1") == 0) {
+            meth = TLSv1_1_server_method();
+        } else if (strcmp(*argv, "-tls1_2") == 0) {
+            meth = TLSv1_2_server_method();
+        }
+#endif
+#ifndef OPENSSL_NO_DTLS1
+        else if (strcmp(*argv, "-dtls1") == 0) {
+            meth = DTLSv1_server_method();
+            socket_type = SOCK_DGRAM;
+        } else if (strcmp(*argv, "-timeout") == 0)
+            enable_timeouts = 1;
+        else if (strcmp(*argv, "-mtu") == 0) {
+            if (--argc < 1)
+                goto bad;
+            socket_mtu = atol(*(++argv));
+        } else if (strcmp(*argv, "-chain") == 0)
+            cert_chain = 1;
+#endif
+        else if (strcmp(*argv, "-id_prefix") == 0) {
+            if (--argc < 1)
+                goto bad;
+            session_id_prefix = *(++argv);
+        }
+#ifndef OPENSSL_NO_ENGINE
+        else if (strcmp(*argv, "-engine") == 0) {
+            if (--argc < 1)
+                goto bad;
+            engine_id = *(++argv);
+        }
+#endif
+        else if (strcmp(*argv, "-rand") == 0) {
+            if (--argc < 1)
+                goto bad;
+            inrand = *(++argv);
+        }
+#ifndef OPENSSL_NO_TLSEXT
+        else if (strcmp(*argv, "-servername") == 0) {
+            if (--argc < 1)
+                goto bad;
+            tlsextcbp.servername = *(++argv);
+        } else if (strcmp(*argv, "-servername_fatal") == 0) {
+            tlsextcbp.extension_error = SSL_TLSEXT_ERR_ALERT_FATAL;
+        } else if (strcmp(*argv, "-cert2") == 0) {
+            if (--argc < 1)
+                goto bad;
+            s_cert_file2 = *(++argv);
+        } else if (strcmp(*argv, "-key2") == 0) {
+            if (--argc < 1)
+                goto bad;
+            s_key_file2 = *(++argv);
+        }
+# ifndef OPENSSL_NO_NEXTPROTONEG
+        else if (strcmp(*argv, "-nextprotoneg") == 0) {
+            if (--argc < 1)
+                goto bad;
+            next_proto_neg_in = *(++argv);
+        }
+# endif
+#endif
+#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
+        else if (strcmp(*argv, "-jpake") == 0) {
+            if (--argc < 1)
+                goto bad;
+            jpake_secret = *(++argv);
+        }
+#endif
+#ifndef OPENSSL_NO_SRTP
+        else if (strcmp(*argv, "-use_srtp") == 0) {
+            if (--argc < 1)
+                goto bad;
+            srtp_profiles = *(++argv);
+        }
+#endif
+        else if (strcmp(*argv, "-keymatexport") == 0) {
+            if (--argc < 1)
+                goto bad;
+            keymatexportlabel = *(++argv);
+        } else if (strcmp(*argv, "-keymatexportlen") == 0) {
+            if (--argc < 1)
+                goto bad;
+            keymatexportlen = atoi(*(++argv));
+            if (keymatexportlen == 0)
+                goto bad;
+        } else {
+            BIO_printf(bio_err, "unknown option %s\n", *argv);
+            badop = 1;
+            break;
+        }
+        argc--;
+        argv++;
+    }
+    if (badop) {
+ bad:
+        sv_usage();
+        goto end;
+    }
+#ifndef OPENSSL_NO_DTLS1
+    if (www && socket_type == SOCK_DGRAM) {
+        BIO_printf(bio_err, "Can't use -HTTP, -www or -WWW with DTLS\n");
+        goto end;
+    }
+#endif
+
+#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
+    if (jpake_secret) {
+        if (psk_key) {
+            BIO_printf(bio_err, "Can't use JPAKE and PSK together\n");
+            goto end;
+        }
+        psk_identity = "JPAKE";
+        if (cipher) {
+            BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
+            goto end;
+        }
+        cipher = "PSK";
+    }
+#endif
+
+    SSL_load_error_strings();
+    OpenSSL_add_ssl_algorithms();
+
+#ifndef OPENSSL_NO_ENGINE
+    e = setup_engine(bio_err, engine_id, 1);
+#endif
+
+    if (!app_passwd(bio_err, passarg, dpassarg, &pass, &dpass)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+
+    if (s_key_file == NULL)
+        s_key_file = s_cert_file;
+#ifndef OPENSSL_NO_TLSEXT
+    if (s_key_file2 == NULL)
+        s_key_file2 = s_cert_file2;
+#endif
+
+    if (nocert == 0) {
+        s_key = load_key(bio_err, s_key_file, s_key_format, 0, pass, e,
+                         "server certificate private key file");
+        if (!s_key) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        s_cert = load_cert(bio_err, s_cert_file, s_cert_format,
+                           NULL, e, "server certificate file");
+
+        if (!s_cert) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+#ifndef OPENSSL_NO_TLSEXT
+        if (tlsextcbp.servername) {
+            s_key2 = load_key(bio_err, s_key_file2, s_key_format, 0, pass, e,
+                              "second server certificate private key file");
+            if (!s_key2) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+
+            s_cert2 = load_cert(bio_err, s_cert_file2, s_cert_format,
+                                NULL, e, "second server certificate file");
+
+            if (!s_cert2) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        }
+#endif
+    }
+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
+    if (next_proto_neg_in) {
+        unsigned short len;
+        next_proto.data = next_protos_parse(&len, next_proto_neg_in);
+        if (next_proto.data == NULL)
+            goto end;
+        next_proto.len = len;
+    } else {
+        next_proto.data = NULL;
+    }
+#endif
+
+    if (s_dcert_file) {
+
+        if (s_dkey_file == NULL)
+            s_dkey_file = s_dcert_file;
+
+        s_dkey = load_key(bio_err, s_dkey_file, s_dkey_format,
+                          0, dpass, e, "second certificate private key file");
+        if (!s_dkey) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        s_dcert = load_cert(bio_err, s_dcert_file, s_dcert_format,
+                            NULL, e, "second server certificate file");
+
+        if (!s_dcert) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+    }
+
+    if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+        && !RAND_status()) {
+        BIO_printf(bio_err,
+                   "warning, not much extra random data, consider using the -rand option\n");
+    }
+    if (inrand != NULL)
+        BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+                   app_RAND_load_files(inrand));
+
+    if (bio_s_out == NULL) {
+        if (s_quiet && !s_debug && !s_msg) {
+            bio_s_out = BIO_new(BIO_s_null());
+        } else {
+            if (bio_s_out == NULL)
+                bio_s_out = BIO_new_fp(stdout, BIO_NOCLOSE);
+        }
+    }
+#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
+    if (nocert)
+#endif
+    {
+        s_cert_file = NULL;
+        s_key_file = NULL;
+        s_dcert_file = NULL;
+        s_dkey_file = NULL;
+#ifndef OPENSSL_NO_TLSEXT
+        s_cert_file2 = NULL;
+        s_key_file2 = NULL;
+#endif
+    }
+
+    ctx = SSL_CTX_new(meth);
+    if (ctx == NULL) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    if (session_id_prefix) {
+        if (strlen(session_id_prefix) >= 32)
+            BIO_printf(bio_err,
+                       "warning: id_prefix is too long, only one new session will be possible\n");
+        else if (strlen(session_id_prefix) >= 16)
+            BIO_printf(bio_err,
+                       "warning: id_prefix is too long if you use SSLv2\n");
+        if (!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) {
+            BIO_printf(bio_err, "error setting 'id_prefix'\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix);
+    }
+    SSL_CTX_set_quiet_shutdown(ctx, 1);
+    if (bugs)
+        SSL_CTX_set_options(ctx, SSL_OP_ALL);
+    if (hack)
+        SSL_CTX_set_options(ctx, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
+    SSL_CTX_set_options(ctx, off);
+
+    if (state)
+        SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
+    if (no_cache)
+        SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
+    else
+        SSL_CTX_sess_set_cache_size(ctx, 128);
+
+#ifndef OPENSSL_NO_SRTP
+    if (srtp_profiles != NULL)
+        SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
+#endif
+
+#if 0
+    if (cipher == NULL)
+        cipher = getenv("SSL_CIPHER");
+#endif
+
+#if 0
+    if (s_cert_file == NULL) {
+        BIO_printf(bio_err,
+                   "You must specify a certificate file for the server to use\n");
+        goto end;
+    }
+#endif
+
+    if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
+        (!SSL_CTX_set_default_verify_paths(ctx))) {
+        /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
+        ERR_print_errors(bio_err);
+        /* goto end; */
+    }
+    if (vpm)
+        SSL_CTX_set1_param(ctx, vpm);
+
+#ifndef OPENSSL_NO_TLSEXT
+    if (s_cert2) {
+        ctx2 = SSL_CTX_new(meth);
+        if (ctx2 == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (ctx2) {
+        BIO_printf(bio_s_out, "Setting secondary ctx parameters\n");
+
+        if (session_id_prefix) {
+            if (strlen(session_id_prefix) >= 32)
+                BIO_printf(bio_err,
+                           "warning: id_prefix is too long, only one new session will be possible\n");
+            else if (strlen(session_id_prefix) >= 16)
+                BIO_printf(bio_err,
+                           "warning: id_prefix is too long if you use SSLv2\n");
+            if (!SSL_CTX_set_generate_session_id(ctx2, generate_session_id)) {
+                BIO_printf(bio_err, "error setting 'id_prefix'\n");
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+            BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix);
+        }
+        SSL_CTX_set_quiet_shutdown(ctx2, 1);
+        if (bugs)
+            SSL_CTX_set_options(ctx2, SSL_OP_ALL);
+        if (hack)
+            SSL_CTX_set_options(ctx2, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
+        SSL_CTX_set_options(ctx2, off);
+
+        if (state)
+            SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback);
+
+        if (no_cache)
+            SSL_CTX_set_session_cache_mode(ctx2, SSL_SESS_CACHE_OFF);
+        else
+            SSL_CTX_sess_set_cache_size(ctx2, 128);
+
+        if ((!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) ||
+            (!SSL_CTX_set_default_verify_paths(ctx2))) {
+            ERR_print_errors(bio_err);
+        }
+        if (vpm)
+            SSL_CTX_set1_param(ctx2, vpm);
+    }
+# ifndef OPENSSL_NO_NEXTPROTONEG
+    if (next_proto.data)
+        SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb,
+                                              &next_proto);
+# endif
+#endif
+
+#ifndef OPENSSL_NO_DH
+    if (!no_dhe) {
+        DH *dh = NULL;
+
+        if (dhfile)
+            dh = load_dh_param(dhfile);
+        else if (s_cert_file)
+            dh = load_dh_param(s_cert_file);
+
+        if (dh != NULL) {
+            BIO_printf(bio_s_out, "Setting temp DH parameters\n");
+        } else {
+            BIO_printf(bio_s_out, "Using default temp DH parameters\n");
+            dh = get_dh2048();
+            if (dh == NULL) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        }
+        (void)BIO_flush(bio_s_out);
+
+        SSL_CTX_set_tmp_dh(ctx, dh);
+# ifndef OPENSSL_NO_TLSEXT
+        if (ctx2) {
+            if (!dhfile) {
+                DH *dh2 = load_dh_param(s_cert_file2);
+                if (dh2 != NULL) {
+                    BIO_printf(bio_s_out, "Setting temp DH parameters\n");
+                    (void)BIO_flush(bio_s_out);
+
+                    DH_free(dh);
+                    dh = dh2;
+                }
+            }
+            SSL_CTX_set_tmp_dh(ctx2, dh);
+        }
+# endif
+        DH_free(dh);
+    }
+#endif
+
+#ifndef OPENSSL_NO_ECDH
+    if (!no_ecdhe) {
+        EC_KEY *ecdh = NULL;
+
+        if (named_curve) {
+            int nid = OBJ_sn2nid(named_curve);
+
+            if (nid == 0) {
+                BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
+                goto end;
+            }
+            ecdh = EC_KEY_new_by_curve_name(nid);
+            if (ecdh == NULL) {
+                BIO_printf(bio_err, "unable to create curve (%s)\n",
+                           named_curve);
+                goto end;
+            }
+        }
+
+        if (ecdh != NULL) {
+            BIO_printf(bio_s_out, "Setting temp ECDH parameters\n");
+        } else {
+            BIO_printf(bio_s_out, "Using default temp ECDH parameters\n");
+            ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+            if (ecdh == NULL) {
+                BIO_printf(bio_err, "unable to create curve (nistp256)\n");
+                goto end;
+            }
+        }
+        (void)BIO_flush(bio_s_out);
+
+        SSL_CTX_set_tmp_ecdh(ctx, ecdh);
+# ifndef OPENSSL_NO_TLSEXT
+        if (ctx2)
+            SSL_CTX_set_tmp_ecdh(ctx2, ecdh);
+# endif
+        EC_KEY_free(ecdh);
+    }
+#endif
+
+    if (!set_cert_key_stuff(ctx, s_cert, s_key))
+        goto end;
+#ifndef OPENSSL_NO_TLSEXT
+    if (ctx2 && !set_cert_key_stuff(ctx2, s_cert2, s_key2))
+        goto end;
+#endif
+    if (s_dcert != NULL) {
+        if (!set_cert_key_stuff(ctx, s_dcert, s_dkey))
+            goto end;
+    }
+#ifndef OPENSSL_NO_RSA
+# if 1
+    if (!no_tmp_rsa) {
+        SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb);
+#  ifndef OPENSSL_NO_TLSEXT
+        if (ctx2)
+            SSL_CTX_set_tmp_rsa_callback(ctx2, tmp_rsa_cb);
+#  endif
+    }
+# else
+    if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx)) {
+        RSA *rsa;
+
+        BIO_printf(bio_s_out, "Generating temp (512 bit) RSA key...");
+        BIO_flush(bio_s_out);
+
+        rsa = RSA_generate_key(512, RSA_F4, NULL);
+
+        if (!SSL_CTX_set_tmp_rsa(ctx, rsa)) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+#  ifndef OPENSSL_NO_TLSEXT
+        if (ctx2) {
+            if (!SSL_CTX_set_tmp_rsa(ctx2, rsa)) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        }
+#  endif
+        RSA_free(rsa);
+        BIO_printf(bio_s_out, "\n");
+    }
+# endif
+#endif
+
+#ifndef OPENSSL_NO_PSK
+# ifdef OPENSSL_NO_JPAKE
+    if (psk_key != NULL)
+# else
+    if (psk_key != NULL || jpake_secret)
+# endif
+    {
+        if (s_debug)
+            BIO_printf(bio_s_out,
+                       "PSK key given or JPAKE in use, setting server callback\n");
+        SSL_CTX_set_psk_server_callback(ctx, psk_server_cb);
+    }
+
+    if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint)) {
+        BIO_printf(bio_err, "error setting PSK identity hint to context\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+#endif
+
+    if (cipher != NULL) {
+        if (!SSL_CTX_set_cipher_list(ctx, cipher)) {
+            BIO_printf(bio_err, "error setting cipher list\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+#ifndef OPENSSL_NO_TLSEXT
+        if (ctx2 && !SSL_CTX_set_cipher_list(ctx2, cipher)) {
+            BIO_printf(bio_err, "error setting cipher list\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+#endif
+    }
+    SSL_CTX_set_verify(ctx, s_server_verify, verify_callback);
+    SSL_CTX_set_session_id_context(ctx, (void *)&s_server_session_id_context,
+                                   sizeof s_server_session_id_context);
+
+    /* Set DTLS cookie generation and verification callbacks */
+    SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback);
+    SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback);
+
+#ifndef OPENSSL_NO_TLSEXT
+    if (ctx2) {
+        SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback);
+        SSL_CTX_set_session_id_context(ctx2,
+                                       (void *)&s_server_session_id_context,
+                                       sizeof s_server_session_id_context);
+
+        tlsextcbp.biodebug = bio_s_out;
+        SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb);
+        SSL_CTX_set_tlsext_servername_arg(ctx2, &tlsextcbp);
+        SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
+        SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
+    }
+#endif
+
+#ifndef OPENSSL_NO_SRP
+    if (srp_verifier_file != NULL) {
+        srp_callback_parm.vb = SRP_VBASE_new(srpuserseed);
+        srp_callback_parm.user = NULL;
+        srp_callback_parm.login = NULL;
+        if ((ret =
+             SRP_VBASE_init(srp_callback_parm.vb,
+                            srp_verifier_file)) != SRP_NO_ERROR) {
+            BIO_printf(bio_err,
+                       "Cannot initialize SRP verifier file \"%s\":ret=%d\n",
+                       srp_verifier_file, ret);
+            goto end;
+        }
+        SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, verify_callback);
+        SSL_CTX_set_srp_cb_arg(ctx, &srp_callback_parm);
+        SSL_CTX_set_srp_username_callback(ctx, ssl_srp_server_param_cb);
+    } else
+#endif
+    if (CAfile != NULL) {
+        SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
+#ifndef OPENSSL_NO_TLSEXT
+        if (ctx2)
+            SSL_CTX_set_client_CA_list(ctx2, SSL_load_client_CA_file(CAfile));
+#endif
+    }
+
+    BIO_printf(bio_s_out, "ACCEPT\n");
+    (void)BIO_flush(bio_s_out);
+    if (www)
+        do_server(port, socket_type, &accept_socket, www_body, context);
+    else
+        do_server(port, socket_type, &accept_socket, sv_body, context);
+    print_stats(bio_s_out, ctx);
+    ret = 0;
+ end:
+    if (ctx != NULL)
+        SSL_CTX_free(ctx);
+    if (s_cert)
+        X509_free(s_cert);
+    if (s_dcert)
+        X509_free(s_dcert);
+    if (s_key)
+        EVP_PKEY_free(s_key);
+    if (s_dkey)
+        EVP_PKEY_free(s_dkey);
+    if (pass)
+        OPENSSL_free(pass);
+    if (dpass)
+        OPENSSL_free(dpass);
+    if (vpm)
+        X509_VERIFY_PARAM_free(vpm);
+#ifndef OPENSSL_NO_TLSEXT
+    if (tlscstatp.host)
+        OPENSSL_free(tlscstatp.host);
+    if (tlscstatp.port)
+        OPENSSL_free(tlscstatp.port);
+    if (tlscstatp.path)
+        OPENSSL_free(tlscstatp.path);
+    if (ctx2 != NULL)
+        SSL_CTX_free(ctx2);
+    if (s_cert2)
+        X509_free(s_cert2);
+    if (s_key2)
+        EVP_PKEY_free(s_key2);
+#endif
+    if (bio_s_out != NULL) {
+        BIO_free(bio_s_out);
+        bio_s_out = NULL;
+    }
+    apps_shutdown();
+    OPENSSL_EXIT(ret);
+}
+
+static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
+{
+    BIO_printf(bio, "%4ld items in the session cache\n",
+               SSL_CTX_sess_number(ssl_ctx));
+    BIO_printf(bio, "%4ld client connects (SSL_connect())\n",
+               SSL_CTX_sess_connect(ssl_ctx));
+    BIO_printf(bio, "%4ld client renegotiates (SSL_connect())\n",
+               SSL_CTX_sess_connect_renegotiate(ssl_ctx));
+    BIO_printf(bio, "%4ld client connects that finished\n",
+               SSL_CTX_sess_connect_good(ssl_ctx));
+    BIO_printf(bio, "%4ld server accepts (SSL_accept())\n",
+               SSL_CTX_sess_accept(ssl_ctx));
+    BIO_printf(bio, "%4ld server renegotiates (SSL_accept())\n",
+               SSL_CTX_sess_accept_renegotiate(ssl_ctx));
+    BIO_printf(bio, "%4ld server accepts that finished\n",
+               SSL_CTX_sess_accept_good(ssl_ctx));
+    BIO_printf(bio, "%4ld session cache hits\n", SSL_CTX_sess_hits(ssl_ctx));
+    BIO_printf(bio, "%4ld session cache misses\n",
+               SSL_CTX_sess_misses(ssl_ctx));
+    BIO_printf(bio, "%4ld session cache timeouts\n",
+               SSL_CTX_sess_timeouts(ssl_ctx));
+    BIO_printf(bio, "%4ld callback cache hits\n",
+               SSL_CTX_sess_cb_hits(ssl_ctx));
+    BIO_printf(bio, "%4ld cache full overflows (%ld allowed)\n",
+               SSL_CTX_sess_cache_full(ssl_ctx),
+               SSL_CTX_sess_get_cache_size(ssl_ctx));
+}
+
+static int sv_body(char *hostname, int s, unsigned char *context)
+{
+    char *buf = NULL;
+    fd_set readfds;
+    int ret = 1, width;
+    int k, i;
+    unsigned long l;
+    SSL *con = NULL;
+    BIO *sbio;
+#ifndef OPENSSL_NO_KRB5
+    KSSL_CTX *kctx;
+#endif
+    struct timeval timeout;
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
+    struct timeval tv;
+#else
+    struct timeval *timeoutp;
+#endif
+
+    if ((buf = OPENSSL_malloc(bufsize)) == NULL) {
+        BIO_printf(bio_err, "out of memory\n");
+        goto err;
+    }
+#ifdef FIONBIO
+    if (s_nbio) {
+        unsigned long sl = 1;
+
+        if (!s_quiet)
+            BIO_printf(bio_err, "turning on non blocking io\n");
+        if (BIO_socket_ioctl(s, FIONBIO, &sl) < 0)
+            ERR_print_errors(bio_err);
+    }
+#endif
+
+    if (con == NULL) {
+        con = SSL_new(ctx);
+#ifndef OPENSSL_NO_TLSEXT
+        if (s_tlsextdebug) {
+            SSL_set_tlsext_debug_callback(con, tlsext_cb);
+            SSL_set_tlsext_debug_arg(con, bio_s_out);
+        }
+        if (s_tlsextstatus) {
+            SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb);
+            tlscstatp.err = bio_err;
+            SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp);
+        }
+#endif
+#ifndef OPENSSL_NO_KRB5
+        if ((kctx = kssl_ctx_new()) != NULL) {
+            SSL_set0_kssl_ctx(con, kctx);
+            kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC);
+            kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
+        }
+#endif                          /* OPENSSL_NO_KRB5 */
+        if (context)
+            SSL_set_session_id_context(con, context, strlen((char *)context));
+    }
+    SSL_clear(con);
+#if 0
+# ifdef TLSEXT_TYPE_opaque_prf_input
+    SSL_set_tlsext_opaque_prf_input(con, "Test server", 11);
+# endif
+#endif
+
+    if (SSL_version(con) == DTLS1_VERSION) {
+
+        sbio = BIO_new_dgram(s, BIO_NOCLOSE);
+
+        if (enable_timeouts) {
+            timeout.tv_sec = 0;
+            timeout.tv_usec = DGRAM_RCV_TIMEOUT;
+            BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
+
+            timeout.tv_sec = 0;
+            timeout.tv_usec = DGRAM_SND_TIMEOUT;
+            BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
+        }
+
+        if (socket_mtu) {
+            if (socket_mtu < DTLS_get_link_min_mtu(con)) {
+                BIO_printf(bio_err, "MTU too small. Must be at least %ld\n",
+                           DTLS_get_link_min_mtu(con));
+                ret = -1;
+                BIO_free(sbio);
+                goto err;
+            }
+            SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
+            if (!DTLS_set_link_mtu(con, socket_mtu)) {
+                BIO_printf(bio_err, "Failed to set MTU\n");
+                ret = -1;
+                BIO_free(sbio);
+                goto err;
+            }
+        } else
+            /* want to do MTU discovery */
+            BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
+
+        /* turn on cookie exchange */
+        SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE);
+    } else
+        sbio = BIO_new_socket(s, BIO_NOCLOSE);
+
+    if (s_nbio_test) {
+        BIO *test;
+
+        test = BIO_new(BIO_f_nbio_test());
+        sbio = BIO_push(test, sbio);
+    }
+#ifndef OPENSSL_NO_JPAKE
+    if (jpake_secret)
+        jpake_server_auth(bio_s_out, sbio, jpake_secret);
+#endif
+
+    SSL_set_bio(con, sbio, sbio);
+    SSL_set_accept_state(con);
+    /* SSL_set_fd(con,s); */
+
+    if (s_debug) {
+        SSL_set_debug(con, 1);
+        BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
+        BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out);
+    }
+    if (s_msg) {
+        SSL_set_msg_callback(con, msg_cb);
+        SSL_set_msg_callback_arg(con, bio_s_out);
+    }
+#ifndef OPENSSL_NO_TLSEXT
+    if (s_tlsextdebug) {
+        SSL_set_tlsext_debug_callback(con, tlsext_cb);
+        SSL_set_tlsext_debug_arg(con, bio_s_out);
+    }
+#endif
+
+    width = s + 1;
+    for (;;) {
+        int read_from_terminal;
+        int read_from_sslcon;
+
+        read_from_terminal = 0;
+        read_from_sslcon = SSL_pending(con);
+
+        if (!read_from_sslcon) {
+            FD_ZERO(&readfds);
+#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) && !defined(OPENSSL_SYS_BEOS_R5)
+            openssl_fdset(fileno(stdin), &readfds);
+#endif
+            openssl_fdset(s, &readfds);
+            /*
+             * Note: under VMS with SOCKETSHR the second parameter is
+             * currently of type (int *) whereas under other systems it is
+             * (void *) if you don't have a cast it will choke the compiler:
+             * if you do have a cast then you can either go for (int *) or
+             * (void *).
+             */
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
+            /*
+             * Under DOS (non-djgpp) and Windows we can't select on stdin:
+             * only on sockets. As a workaround we timeout the select every
+             * second and check for any keypress. In a proper Windows
+             * application we wouldn't do this because it is inefficient.
+             */
+            tv.tv_sec = 1;
+            tv.tv_usec = 0;
+            i = select(width, (void *)&readfds, NULL, NULL, &tv);
+            if ((i < 0) || (!i && !_kbhit()))
+                continue;
+            if (_kbhit())
+                read_from_terminal = 1;
+#elif defined(OPENSSL_SYS_BEOS_R5)
+            /* Under BeOS-R5 the situation is similar to DOS */
+            tv.tv_sec = 1;
+            tv.tv_usec = 0;
+            (void)fcntl(fileno(stdin), F_SETFL, O_NONBLOCK);
+            i = select(width, (void *)&readfds, NULL, NULL, &tv);
+            if ((i < 0) || (!i && read(fileno(stdin), buf, 0) < 0))
+                continue;
+            if (read(fileno(stdin), buf, 0) >= 0)
+                read_from_terminal = 1;
+            (void)fcntl(fileno(stdin), F_SETFL, 0);
+#else
+            if ((SSL_version(con) == DTLS1_VERSION) &&
+                DTLSv1_get_timeout(con, &timeout))
+                timeoutp = &timeout;
+            else
+                timeoutp = NULL;
+
+            i = select(width, (void *)&readfds, NULL, NULL, timeoutp);
+
+            if ((SSL_version(con) == DTLS1_VERSION)
+                && DTLSv1_handle_timeout(con) > 0) {
+                BIO_printf(bio_err, "TIMEOUT occured\n");
+            }
+
+            if (i <= 0)
+                continue;
+            if (FD_ISSET(fileno(stdin), &readfds))
+                read_from_terminal = 1;
+#endif
+            if (FD_ISSET(s, &readfds))
+                read_from_sslcon = 1;
+        }
+        if (read_from_terminal) {
+            if (s_crlf) {
+                int j, lf_num;
+
+                i = raw_read_stdin(buf, bufsize / 2);
+                lf_num = 0;
+                /* both loops are skipped when i <= 0 */
+                for (j = 0; j < i; j++)
+                    if (buf[j] == '\n')
+                        lf_num++;
+                for (j = i - 1; j >= 0; j--) {
+                    buf[j + lf_num] = buf[j];
+                    if (buf[j] == '\n') {
+                        lf_num--;
+                        i++;
+                        buf[j + lf_num] = '\r';
+                    }
+                }
+                assert(lf_num == 0);
+            } else
+                i = raw_read_stdin(buf, bufsize);
+            if (!s_quiet) {
+                if ((i <= 0) || (buf[0] == 'Q')) {
+                    BIO_printf(bio_s_out, "DONE\n");
+                    SHUTDOWN(s);
+                    close_accept_socket();
+                    ret = -11;
+                    goto err;
+                }
+                if ((i <= 0) || (buf[0] == 'q')) {
+                    BIO_printf(bio_s_out, "DONE\n");
+                    if (SSL_version(con) != DTLS1_VERSION)
+                        SHUTDOWN(s);
+                    /*
+                     * close_accept_socket(); ret= -11;
+                     */
+                    goto err;
+                }
+#ifndef OPENSSL_NO_HEARTBEATS
+                if ((buf[0] == 'B') && ((buf[1] == '\n') || (buf[1] == '\r'))) {
+                    BIO_printf(bio_err, "HEARTBEATING\n");
+                    SSL_heartbeat(con);
+                    i = 0;
+                    continue;
+                }
+#endif
+                if ((buf[0] == 'r') && ((buf[1] == '\n') || (buf[1] == '\r'))) {
+                    SSL_renegotiate(con);
+                    i = SSL_do_handshake(con);
+                    printf("SSL_do_handshake -> %d\n", i);
+                    i = 0;      /* 13; */
+                    continue;
+                    /*
+                     * strcpy(buf,"server side RE-NEGOTIATE\n");
+                     */
+                }
+                if ((buf[0] == 'R') && ((buf[1] == '\n') || (buf[1] == '\r'))) {
+                    SSL_set_verify(con,
+                                   SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE,
+                                   NULL);
+                    SSL_renegotiate(con);
+                    i = SSL_do_handshake(con);
+                    printf("SSL_do_handshake -> %d\n", i);
+                    i = 0;      /* 13; */
+                    continue;
+                    /*
+                     * strcpy(buf,"server side RE-NEGOTIATE asking for client
+                     * cert\n");
+                     */
+                }
+                if (buf[0] == 'P') {
+                    static const char *str = "Lets print some clear text\n";
+                    BIO_write(SSL_get_wbio(con), str, strlen(str));
+                }
+                if (buf[0] == 'S') {
+                    print_stats(bio_s_out, SSL_get_SSL_CTX(con));
+                }
+            }
+#ifdef CHARSET_EBCDIC
+            ebcdic2ascii(buf, buf, i);
+#endif
+            l = k = 0;
+            for (;;) {
+                /* should do a select for the write */
+#ifdef RENEG
+                {
+                    static count = 0;
+                    if (++count == 100) {
+                        count = 0;
+                        SSL_renegotiate(con);
+                    }
+                }
+#endif
+                k = SSL_write(con, &(buf[l]), (unsigned int)i);
+#ifndef OPENSSL_NO_SRP
+                while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) {
+                    BIO_printf(bio_s_out, "LOOKUP renego during write\n");
+                    SRP_user_pwd_free(srp_callback_parm.user);
+                    srp_callback_parm.user =
+                        SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+                                               srp_callback_parm.login);
+                    if (srp_callback_parm.user)
+                        BIO_printf(bio_s_out, "LOOKUP done %s\n",
+                                   srp_callback_parm.user->info);
+                    else
+                        BIO_printf(bio_s_out, "LOOKUP not successful\n");
+                    k = SSL_write(con, &(buf[l]), (unsigned int)i);
+                }
+#endif
+                switch (SSL_get_error(con, k)) {
+                case SSL_ERROR_NONE:
+                    break;
+                case SSL_ERROR_WANT_WRITE:
+                case SSL_ERROR_WANT_READ:
+                case SSL_ERROR_WANT_X509_LOOKUP:
+                    BIO_printf(bio_s_out, "Write BLOCK\n");
+                    break;
+                case SSL_ERROR_SYSCALL:
+                case SSL_ERROR_SSL:
+                    BIO_printf(bio_s_out, "ERROR\n");
+                    ERR_print_errors(bio_err);
+                    ret = 1;
+                    goto err;
+                    /* break; */
+                case SSL_ERROR_ZERO_RETURN:
+                    BIO_printf(bio_s_out, "DONE\n");
+                    ret = 1;
+                    goto err;
+                }
+                if (k > 0) {
+                    l += k;
+                    i -= k;
+                }
+                if (i <= 0)
+                    break;
+            }
+        }
+        if (read_from_sslcon) {
+            if (!SSL_is_init_finished(con)) {
+                i = init_ssl_connection(con);
+
+                if (i < 0) {
+                    ret = 0;
+                    goto err;
+                } else if (i == 0) {
+                    ret = 1;
+                    goto err;
+                }
+            } else {
+ again:
+                i = SSL_read(con, (char *)buf, bufsize);
+#ifndef OPENSSL_NO_SRP
+                while (SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
+                    BIO_printf(bio_s_out, "LOOKUP renego during read\n");
+                    SRP_user_pwd_free(srp_callback_parm.user);
+                    srp_callback_parm.user =
+                        SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+                                               srp_callback_parm.login);
+                    if (srp_callback_parm.user)
+                        BIO_printf(bio_s_out, "LOOKUP done %s\n",
+                                   srp_callback_parm.user->info);
+                    else
+                        BIO_printf(bio_s_out, "LOOKUP not successful\n");
+                    i = SSL_read(con, (char *)buf, bufsize);
+                }
+#endif
+                switch (SSL_get_error(con, i)) {
+                case SSL_ERROR_NONE:
+#ifdef CHARSET_EBCDIC
+                    ascii2ebcdic(buf, buf, i);
+#endif
+                    raw_write_stdout(buf, (unsigned int)i);
+                    if (SSL_pending(con))
+                        goto again;
+                    break;
+                case SSL_ERROR_WANT_WRITE:
+                case SSL_ERROR_WANT_READ:
+                    BIO_printf(bio_s_out, "Read BLOCK\n");
+                    break;
+                case SSL_ERROR_SYSCALL:
+                case SSL_ERROR_SSL:
+                    BIO_printf(bio_s_out, "ERROR\n");
+                    ERR_print_errors(bio_err);
+                    ret = 1;
+                    goto err;
+                case SSL_ERROR_ZERO_RETURN:
+                    BIO_printf(bio_s_out, "DONE\n");
+                    ret = 1;
+                    goto err;
+                }
+            }
+        }
+    }
+ err:
+    if (con != NULL) {
+        BIO_printf(bio_s_out, "shutting down SSL\n");
+#if 1
+        SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+#else
+        SSL_shutdown(con);
+#endif
+        SSL_free(con);
+    }
+    BIO_printf(bio_s_out, "CONNECTION CLOSED\n");
+    if (buf != NULL) {
+        OPENSSL_cleanse(buf, bufsize);
+        OPENSSL_free(buf);
+    }
+    if (ret >= 0)
+        BIO_printf(bio_s_out, "ACCEPT\n");
+    return (ret);
+}
+
+static void close_accept_socket(void)
+{
+    BIO_printf(bio_err, "shutdown accept socket\n");
+    if (accept_socket >= 0) {
+        SHUTDOWN2(accept_socket);
+    }
+}
+
+static int init_ssl_connection(SSL *con)
+{
+    int i;
+    const char *str;
+    X509 *peer;
+    long verify_error;
+    MS_STATIC char buf[BUFSIZ];
+#ifndef OPENSSL_NO_KRB5
+    char *client_princ;
+#endif
+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
+    const unsigned char *next_proto_neg;
+    unsigned next_proto_neg_len;
+#endif
+    unsigned char *exportedkeymat;
+
+    i = SSL_accept(con);
+#ifndef OPENSSL_NO_SRP
+    while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
+        BIO_printf(bio_s_out, "LOOKUP during accept %s\n",
+                   srp_callback_parm.login);
+        SRP_user_pwd_free(srp_callback_parm.user);
+        srp_callback_parm.user =
+            SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+                                   srp_callback_parm.login);
+        if (srp_callback_parm.user)
+            BIO_printf(bio_s_out, "LOOKUP done %s\n",
+                       srp_callback_parm.user->info);
+        else
+            BIO_printf(bio_s_out, "LOOKUP not successful\n");
+        i = SSL_accept(con);
+    }
+#endif
+    if (i <= 0) {
+        if (BIO_sock_should_retry(i)) {
+            BIO_printf(bio_s_out, "DELAY\n");
+            return (1);
+        }
+
+        BIO_printf(bio_err, "ERROR\n");
+        verify_error = SSL_get_verify_result(con);
+        if (verify_error != X509_V_OK) {
+            BIO_printf(bio_err, "verify error:%s\n",
+                       X509_verify_cert_error_string(verify_error));
+        } else
+            ERR_print_errors(bio_err);
+        return (0);
+    }
+
+    PEM_write_bio_SSL_SESSION(bio_s_out, SSL_get_session(con));
+
+    peer = SSL_get_peer_certificate(con);
+    if (peer != NULL) {
+        BIO_printf(bio_s_out, "Client certificate\n");
+        PEM_write_bio_X509(bio_s_out, peer);
+        X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf);
+        BIO_printf(bio_s_out, "subject=%s\n", buf);
+        X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf);
+        BIO_printf(bio_s_out, "issuer=%s\n", buf);
+        X509_free(peer);
+    }
+
+    if (SSL_get_shared_ciphers(con, buf, sizeof buf) != NULL)
+        BIO_printf(bio_s_out, "Shared ciphers:%s\n", buf);
+    str = SSL_CIPHER_get_name(SSL_get_current_cipher(con));
+    BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)");
+
+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
+    SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len);
+    if (next_proto_neg) {
+        BIO_printf(bio_s_out, "NEXTPROTO is ");
+        BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len);
+        BIO_printf(bio_s_out, "\n");
+    }
+#endif
+#ifndef OPENSSL_NO_SRTP
+    {
+        SRTP_PROTECTION_PROFILE *srtp_profile
+            = SSL_get_selected_srtp_profile(con);
+
+        if (srtp_profile)
+            BIO_printf(bio_s_out, "SRTP Extension negotiated, profile=%s\n",
+                       srtp_profile->name);
+    }
+#endif
+    if (SSL_cache_hit(con))
+        BIO_printf(bio_s_out, "Reused session-id\n");
+    if (SSL_ctrl(con, SSL_CTRL_GET_FLAGS, 0, NULL) &
+        TLS1_FLAGS_TLS_PADDING_BUG)
+        BIO_printf(bio_s_out, "Peer has incorrect TLSv1 block padding\n");
+#ifndef OPENSSL_NO_KRB5
+    client_princ = kssl_ctx_get0_client_princ(SSL_get0_kssl_ctx(con));
+    if (client_princ != NULL) {
+        BIO_printf(bio_s_out, "Kerberos peer principal is %s\n",
+                   client_princ);
+    }
+#endif                          /* OPENSSL_NO_KRB5 */
+    BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
+               SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
+    if (keymatexportlabel != NULL) {
+        BIO_printf(bio_s_out, "Keying material exporter:\n");
+        BIO_printf(bio_s_out, "    Label: '%s'\n", keymatexportlabel);
+        BIO_printf(bio_s_out, "    Length: %i bytes\n", keymatexportlen);
+        exportedkeymat = OPENSSL_malloc(keymatexportlen);
+        if (exportedkeymat != NULL) {
+            if (!SSL_export_keying_material(con, exportedkeymat,
+                                            keymatexportlen,
+                                            keymatexportlabel,
+                                            strlen(keymatexportlabel),
+                                            NULL, 0, 0)) {
+                BIO_printf(bio_s_out, "    Error\n");
+            } else {
+                BIO_printf(bio_s_out, "    Keying material: ");
+                for (i = 0; i < keymatexportlen; i++)
+                    BIO_printf(bio_s_out, "%02X", exportedkeymat[i]);
+                BIO_printf(bio_s_out, "\n");
+            }
+            OPENSSL_free(exportedkeymat);
+        }
+    }
+
+    return (1);
+}
+
+#ifndef OPENSSL_NO_DH
+static DH *load_dh_param(const char *dhfile)
+{
+    DH *ret = NULL;
+    BIO *bio;
+
+    if ((bio = BIO_new_file(dhfile, "r")) == NULL)
+        goto err;
+    ret = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
+ err:
+    if (bio != NULL)
+        BIO_free(bio);
+    return (ret);
+}
+#endif
+#ifndef OPENSSL_NO_KRB5
+char *client_princ;
+#endif
+
+#if 0
+static int load_CA(SSL_CTX *ctx, char *file)
+{
+    FILE *in;
+    X509 *x = NULL;
+
+    if ((in = fopen(file, "r")) == NULL)
+        return (0);
+
+    for (;;) {
+        if (PEM_read_X509(in, &x, NULL) == NULL)
+            break;
+        SSL_CTX_add_client_CA(ctx, x);
+    }
+    if (x != NULL)
+        X509_free(x);
+    fclose(in);
+    return (1);
+}
+#endif
+
+static int www_body(char *hostname, int s, unsigned char *context)
+{
+    char *buf = NULL;
+    int ret = 1;
+    int i, j, k, dot;
+    SSL *con;
+    const SSL_CIPHER *c;
+    BIO *io, *ssl_bio, *sbio;
+#ifndef OPENSSL_NO_KRB5
+    KSSL_CTX *kctx;
+#endif
+
+    buf = OPENSSL_malloc(bufsize);
+    if (buf == NULL)
+        return (0);
+    io = BIO_new(BIO_f_buffer());
+    ssl_bio = BIO_new(BIO_f_ssl());
+    if ((io == NULL) || (ssl_bio == NULL))
+        goto err;
+
+#ifdef FIONBIO
+    if (s_nbio) {
+        unsigned long sl = 1;
+
+        if (!s_quiet)
+            BIO_printf(bio_err, "turning on non blocking io\n");
+        if (BIO_socket_ioctl(s, FIONBIO, &sl) < 0)
+            ERR_print_errors(bio_err);
+    }
+#endif
+
+    /* lets make the output buffer a reasonable size */
+    if (!BIO_set_write_buffer_size(io, bufsize))
+        goto err;
+
+    if ((con = SSL_new(ctx)) == NULL)
+        goto err;
+#ifndef OPENSSL_NO_TLSEXT
+    if (s_tlsextdebug) {
+        SSL_set_tlsext_debug_callback(con, tlsext_cb);
+        SSL_set_tlsext_debug_arg(con, bio_s_out);
+    }
+#endif
+#ifndef OPENSSL_NO_KRB5
+    if ((kctx = kssl_ctx_new()) != NULL) {
+        kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC);
+        kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
+    }
+#endif                          /* OPENSSL_NO_KRB5 */
+    if (context)
+        SSL_set_session_id_context(con, context, strlen((char *)context));
+
+    sbio = BIO_new_socket(s, BIO_NOCLOSE);
+    if (s_nbio_test) {
+        BIO *test;
+
+        test = BIO_new(BIO_f_nbio_test());
+        sbio = BIO_push(test, sbio);
+    }
+    SSL_set_bio(con, sbio, sbio);
+    SSL_set_accept_state(con);
+
+    /* SSL_set_fd(con,s); */
+    BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
+    BIO_push(io, ssl_bio);
+#ifdef CHARSET_EBCDIC
+    io = BIO_push(BIO_new(BIO_f_ebcdic_filter()), io);
+#endif
+
+    if (s_debug) {
+        SSL_set_debug(con, 1);
+        BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
+        BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out);
+    }
+    if (s_msg) {
+        SSL_set_msg_callback(con, msg_cb);
+        SSL_set_msg_callback_arg(con, bio_s_out);
+    }
+
+    for (;;) {
+        if (hack) {
+            i = SSL_accept(con);
+#ifndef OPENSSL_NO_SRP
+            while (i <= 0
+                   && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
+                BIO_printf(bio_s_out, "LOOKUP during accept %s\n",
+                           srp_callback_parm.login);
+                SRP_user_pwd_free(srp_callback_parm.user);
+                srp_callback_parm.user =
+                    SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+                                           srp_callback_parm.login);
+                if (srp_callback_parm.user)
+                    BIO_printf(bio_s_out, "LOOKUP done %s\n",
+                               srp_callback_parm.user->info);
+                else
+                    BIO_printf(bio_s_out, "LOOKUP not successful\n");
+                i = SSL_accept(con);
+            }
+#endif
+            switch (SSL_get_error(con, i)) {
+            case SSL_ERROR_NONE:
+                break;
+            case SSL_ERROR_WANT_WRITE:
+            case SSL_ERROR_WANT_READ:
+            case SSL_ERROR_WANT_X509_LOOKUP:
+                continue;
+            case SSL_ERROR_SYSCALL:
+            case SSL_ERROR_SSL:
+            case SSL_ERROR_ZERO_RETURN:
+                ret = 1;
+                goto err;
+                /* break; */
+            }
+
+            SSL_renegotiate(con);
+            SSL_write(con, NULL, 0);
+        }
+
+        i = BIO_gets(io, buf, bufsize - 1);
+        if (i < 0) {            /* error */
+            if (!BIO_should_retry(io)) {
+                if (!s_quiet)
+                    ERR_print_errors(bio_err);
+                goto err;
+            } else {
+                BIO_printf(bio_s_out, "read R BLOCK\n");
+#ifndef OPENSSL_NO_SRP
+                if (BIO_should_io_special(io)
+                    && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
+                    BIO_printf(bio_s_out, "LOOKUP renego during read\n");
+                    SRP_user_pwd_free(srp_callback_parm.user);
+                    srp_callback_parm.user =
+                        SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+                                               srp_callback_parm.login);
+                    if (srp_callback_parm.user)
+                        BIO_printf(bio_s_out, "LOOKUP done %s\n",
+                                   srp_callback_parm.user->info);
+                    else
+                        BIO_printf(bio_s_out, "LOOKUP not successful\n");
+                    continue;
+                }
+#endif
+#if defined(OPENSSL_SYS_NETWARE)
+                delay(1000);
+#elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
+                sleep(1);
+#endif
+                continue;
+            }
+        } else if (i == 0) {    /* end of input */
+            ret = 1;
+            goto end;
+        }
+
+        /* else we have data */
+        if (((www == 1) && (strncmp("GET ", buf, 4) == 0)) ||
+            ((www == 2) && (strncmp("GET /stats ", buf, 11) == 0))) {
+            char *p;
+            X509 *peer;
+            STACK_OF(SSL_CIPHER) *sk;
+            static const char *space = "                          ";
+
+            BIO_puts(io,
+                     "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
+            BIO_puts(io, "<HTML><BODY BGCOLOR=\"#ffffff\">\n");
+            BIO_puts(io, "<pre>\n");
+/*                      BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/
+            BIO_puts(io, "\n");
+            for (i = 0; i < local_argc; i++) {
+                BIO_puts(io, local_argv[i]);
+                BIO_write(io, " ", 1);
+            }
+            BIO_puts(io, "\n");
+
+            BIO_printf(io,
+                       "Secure Renegotiation IS%s supported\n",
+                       SSL_get_secure_renegotiation_support(con) ?
+                       "" : " NOT");
+
+            /*
+             * The following is evil and should not really be done
+             */
+            BIO_printf(io, "Ciphers supported in s_server binary\n");
+            sk = SSL_get_ciphers(con);
+            j = sk_SSL_CIPHER_num(sk);
+            for (i = 0; i < j; i++) {
+                c = sk_SSL_CIPHER_value(sk, i);
+                BIO_printf(io, "%-11s:%-25s",
+                           SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
+                if ((((i + 1) % 2) == 0) && (i + 1 != j))
+                    BIO_puts(io, "\n");
+            }
+            BIO_puts(io, "\n");
+            p = SSL_get_shared_ciphers(con, buf, bufsize);
+            if (p != NULL) {
+                BIO_printf(io,
+                           "---\nCiphers common between both SSL end points:\n");
+                j = i = 0;
+                while (*p) {
+                    if (*p == ':') {
+                        BIO_write(io, space, 26 - j);
+                        i++;
+                        j = 0;
+                        BIO_write(io, ((i % 3) ? " " : "\n"), 1);
+                    } else {
+                        BIO_write(io, p, 1);
+                        j++;
+                    }
+                    p++;
+                }
+                BIO_puts(io, "\n");
+            }
+            BIO_printf(io, (SSL_cache_hit(con)
+                            ? "---\nReused, " : "---\nNew, "));
+            c = SSL_get_current_cipher(con);
+            BIO_printf(io, "%s, Cipher is %s\n",
+                       SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
+            SSL_SESSION_print(io, SSL_get_session(con));
+            BIO_printf(io, "---\n");
+            print_stats(io, SSL_get_SSL_CTX(con));
+            BIO_printf(io, "---\n");
+            peer = SSL_get_peer_certificate(con);
+            if (peer != NULL) {
+                BIO_printf(io, "Client certificate\n");
+                X509_print(io, peer);
+                PEM_write_bio_X509(io, peer);
+            } else
+                BIO_puts(io, "no client certificate available\n");
+            BIO_puts(io, "</BODY></HTML>\r\n\r\n");
+            break;
+        } else if ((www == 2 || www == 3)
+                   && (strncmp("GET /", buf, 5) == 0)) {
+            BIO *file;
+            char *p, *e;
+            static const char *text =
+                "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
+
+            /* skip the '/' */
+            p = &(buf[5]);
+
+            dot = 1;
+            for (e = p; *e != '\0'; e++) {
+                if (e[0] == ' ')
+                    break;
+
+                switch (dot) {
+                case 1:
+                    dot = (e[0] == '.') ? 2 : 0;
+                    break;
+                case 2:
+                    dot = (e[0] == '.') ? 3 : 0;
+                    break;
+                case 3:
+                    dot = (e[0] == '/') ? -1 : 0;
+                    break;
+                }
+                if (dot == 0)
+                    dot = (e[0] == '/') ? 1 : 0;
+            }
+            dot = (dot == 3) || (dot == -1); /* filename contains ".."
+                                              * component */
+
+            if (*e == '\0') {
+                BIO_puts(io, text);
+                BIO_printf(io, "'%s' is an invalid file name\r\n", p);
+                break;
+            }
+            *e = '\0';
+
+            if (dot) {
+                BIO_puts(io, text);
+                BIO_printf(io, "'%s' contains '..' reference\r\n", p);
+                break;
+            }
+
+            if (*p == '/') {
+                BIO_puts(io, text);
+                BIO_printf(io, "'%s' is an invalid path\r\n", p);
+                break;
+            }
+#if 0
+            /* append if a directory lookup */
+            if (e[-1] == '/')
+                strcat(p, "index.html");
+#endif
+
+            /* if a directory, do the index thang */
+            if (app_isdir(p) > 0) {
+#if 0                           /* must check buffer size */
+                strcat(p, "/index.html");
+#else
+                BIO_puts(io, text);
+                BIO_printf(io, "'%s' is a directory\r\n", p);
+                break;
+#endif
+            }
+
+            if ((file = BIO_new_file(p, "r")) == NULL) {
+                BIO_puts(io, text);
+                BIO_printf(io, "Error opening '%s'\r\n", p);
+                ERR_print_errors(io);
+                break;
+            }
+
+            if (!s_quiet)
+                BIO_printf(bio_err, "FILE:%s\n", p);
+
+            if (www == 2) {
+                i = strlen(p);
+                if (((i > 5) && (strcmp(&(p[i - 5]), ".html") == 0)) ||
+                    ((i > 4) && (strcmp(&(p[i - 4]), ".php") == 0)) ||
+                    ((i > 4) && (strcmp(&(p[i - 4]), ".htm") == 0)))
+                    BIO_puts(io,
+                             "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
+                else
+                    BIO_puts(io,
+                             "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
+            }
+            /* send the file */
+            for (;;) {
+                i = BIO_read(file, buf, bufsize);
+                if (i <= 0)
+                    break;
+
+#ifdef RENEG
+                total_bytes += i;
+                fprintf(stderr, "%d\n", i);
+                if (total_bytes > 3 * 1024) {
+                    total_bytes = 0;
+                    fprintf(stderr, "RENEGOTIATE\n");
+                    SSL_renegotiate(con);
+                }
+#endif
+
+                for (j = 0; j < i;) {
+#ifdef RENEG
+                    {
+                        static count = 0;
+                        if (++count == 13) {
+                            SSL_renegotiate(con);
+                        }
+                    }
+#endif
+                    k = BIO_write(io, &(buf[j]), i - j);
+                    if (k <= 0) {
+                        if (!BIO_should_retry(io))
+                            goto write_error;
+                        else {
+                            BIO_printf(bio_s_out, "rwrite W BLOCK\n");
+                        }
+                    } else {
+                        j += k;
+                    }
+                }
+            }
+ write_error:
+            BIO_free(file);
+            break;
+        }
+    }
+
+    for (;;) {
+        i = (int)BIO_flush(io);
+        if (i <= 0) {
+            if (!BIO_should_retry(io))
+                break;
+        } else
+            break;
+    }
+ end:
+#if 1
+    /* make sure we re-use sessions */
+    SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+#else
+    /* This kills performance */
+    /*
+     * SSL_shutdown(con); A shutdown gets sent in the BIO_free_all(io)
+     * procession
+     */
+#endif
+
+ err:
+
+    if (ret >= 0)
+        BIO_printf(bio_s_out, "ACCEPT\n");
+
+    if (buf != NULL)
+        OPENSSL_free(buf);
+    if (io != NULL)
+        BIO_free_all(io);
+/*      if (ssl_bio != NULL) BIO_free(ssl_bio);*/
+    return (ret);
+}
+
+#ifndef OPENSSL_NO_RSA
+static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
+{
+    BIGNUM *bn = NULL;
+    static RSA *rsa_tmp = NULL;
+
+    if (!rsa_tmp && ((bn = BN_new()) == NULL))
+        BIO_printf(bio_err, "Allocation error in generating RSA key\n");
+    if (!rsa_tmp && bn) {
+        if (!s_quiet) {
+            BIO_printf(bio_err, "Generating temp (%d bit) RSA key...",
+                       keylength);
+            (void)BIO_flush(bio_err);
+        }
+        if (!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) ||
+            !RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) {
+            if (rsa_tmp)
+                RSA_free(rsa_tmp);
+            rsa_tmp = NULL;
+        }
+        if (!s_quiet) {
+            BIO_printf(bio_err, "\n");
+            (void)BIO_flush(bio_err);
+        }
+        BN_free(bn);
+    }
+    return (rsa_tmp);
+}
+#endif
+
+#define MAX_SESSION_ID_ATTEMPTS 10
+static int generate_session_id(const SSL *ssl, unsigned char *id,
+                               unsigned int *id_len)
+{
+    unsigned int count = 0;
+    do {
+        if (RAND_bytes(id, *id_len) <= 0)
+            return 0;
+        /*
+         * Prefix the session_id with the required prefix. NB: If our prefix
+         * is too long, clip it - but there will be worse effects anyway, eg.
+         * the server could only possibly create 1 session ID (ie. the
+         * prefix!) so all future session negotiations will fail due to
+         * conflicts.
+         */
+        memcpy(id, session_id_prefix,
+               (strlen(session_id_prefix) < *id_len) ?
+               strlen(session_id_prefix) : *id_len);
+    }
+    while (SSL_has_matching_session_id(ssl, id, *id_len) &&
+           (++count < MAX_SESSION_ID_ATTEMPTS));
+    if (count >= MAX_SESSION_ID_ATTEMPTS)
+        return 0;
+    return 1;
+}

Deleted: vendor-crypto/openssl/1.0.1u/apps/speed.c
===================================================================
--- vendor-crypto/openssl/dist/apps/speed.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/apps/speed.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,2745 +0,0 @@
-/* apps/speed.c -*- mode:C; c-file-style: "eay" -*- */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The ECDH and ECDSA speed test software is originally written by
- * Sumit Gupta of Sun Microsystems Laboratories.
- *
- */
-
-/* most of this code has been pilfered from my libdes speed.c program */
-
-#ifndef OPENSSL_NO_SPEED
-
-# undef SECONDS
-# define SECONDS         3
-# define RSA_SECONDS     10
-# define DSA_SECONDS     10
-# define ECDSA_SECONDS   10
-# define ECDH_SECONDS    10
-
-/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
-/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
-
-# undef PROG
-# define PROG speed_main
-
-# include <stdio.h>
-# include <stdlib.h>
-
-# include <string.h>
-# include <math.h>
-# include "apps.h"
-# ifdef OPENSSL_NO_STDIO
-#  define APPS_WIN16
-# endif
-# include <openssl/crypto.h>
-# include <openssl/rand.h>
-# include <openssl/err.h>
-# include <openssl/evp.h>
-# include <openssl/objects.h>
-# if !defined(OPENSSL_SYS_MSDOS)
-#  include OPENSSL_UNISTD
-# endif
-
-# ifndef OPENSSL_SYS_NETWARE
-#  include <signal.h>
-# endif
-
-# if defined(_WIN32) || defined(__CYGWIN__)
-#  include <windows.h>
-#  if defined(__CYGWIN__) && !defined(_WIN32)
-  /*
-   * <windows.h> should define _WIN32, which normally is mutually exclusive
-   * with __CYGWIN__, but if it didn't...
-   */
-#   define _WIN32
-  /* this is done because Cygwin alarm() fails sometimes. */
-#  endif
-# endif
-
-# include <openssl/bn.h>
-# ifndef OPENSSL_NO_DES
-#  include <openssl/des.h>
-# endif
-# ifndef OPENSSL_NO_AES
-#  include <openssl/aes.h>
-# endif
-# ifndef OPENSSL_NO_CAMELLIA
-#  include <openssl/camellia.h>
-# endif
-# ifndef OPENSSL_NO_MD2
-#  include <openssl/md2.h>
-# endif
-# ifndef OPENSSL_NO_MDC2
-#  include <openssl/mdc2.h>
-# endif
-# ifndef OPENSSL_NO_MD4
-#  include <openssl/md4.h>
-# endif
-# ifndef OPENSSL_NO_MD5
-#  include <openssl/md5.h>
-# endif
-# ifndef OPENSSL_NO_HMAC
-#  include <openssl/hmac.h>
-# endif
-# include <openssl/evp.h>
-# ifndef OPENSSL_NO_SHA
-#  include <openssl/sha.h>
-# endif
-# ifndef OPENSSL_NO_RIPEMD
-#  include <openssl/ripemd.h>
-# endif
-# ifndef OPENSSL_NO_WHIRLPOOL
-#  include <openssl/whrlpool.h>
-# endif
-# ifndef OPENSSL_NO_RC4
-#  include <openssl/rc4.h>
-# endif
-# ifndef OPENSSL_NO_RC5
-#  include <openssl/rc5.h>
-# endif
-# ifndef OPENSSL_NO_RC2
-#  include <openssl/rc2.h>
-# endif
-# ifndef OPENSSL_NO_IDEA
-#  include <openssl/idea.h>
-# endif
-# ifndef OPENSSL_NO_SEED
-#  include <openssl/seed.h>
-# endif
-# ifndef OPENSSL_NO_BF
-#  include <openssl/blowfish.h>
-# endif
-# ifndef OPENSSL_NO_CAST
-#  include <openssl/cast.h>
-# endif
-# ifndef OPENSSL_NO_RSA
-#  include <openssl/rsa.h>
-#  include "./testrsa.h"
-# endif
-# include <openssl/x509.h>
-# ifndef OPENSSL_NO_DSA
-#  include <openssl/dsa.h>
-#  include "./testdsa.h"
-# endif
-# ifndef OPENSSL_NO_ECDSA
-#  include <openssl/ecdsa.h>
-# endif
-# ifndef OPENSSL_NO_ECDH
-#  include <openssl/ecdh.h>
-# endif
-# include <openssl/modes.h>
-
-# ifdef OPENSSL_FIPS
-#  ifdef OPENSSL_DOING_MAKEDEPEND
-#   undef AES_set_encrypt_key
-#   undef AES_set_decrypt_key
-#   undef DES_set_key_unchecked
-#  endif
-#  define BF_set_key      private_BF_set_key
-#  define CAST_set_key    private_CAST_set_key
-#  define idea_set_encrypt_key    private_idea_set_encrypt_key
-#  define SEED_set_key    private_SEED_set_key
-#  define RC2_set_key     private_RC2_set_key
-#  define RC4_set_key     private_RC4_set_key
-#  define DES_set_key_unchecked   private_DES_set_key_unchecked
-#  define AES_set_encrypt_key     private_AES_set_encrypt_key
-#  define AES_set_decrypt_key     private_AES_set_decrypt_key
-#  define Camellia_set_key        private_Camellia_set_key
-# endif
-
-# ifndef HAVE_FORK
-#  if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_NETWARE)
-#   define HAVE_FORK 0
-#  else
-#   define HAVE_FORK 1
-#  endif
-# endif
-
-# if HAVE_FORK
-#  undef NO_FORK
-# else
-#  define NO_FORK
-# endif
-
-# undef BUFSIZE
-# define BUFSIZE ((long)1024*8+1)
-static volatile int run = 0;
-
-static int mr = 0;
-static int usertime = 1;
-
-static double Time_F(int s);
-static void print_message(const char *s, long num, int length);
-static void pkey_print_message(const char *str, const char *str2,
-                               long num, int bits, int sec);
-static void print_result(int alg, int run_no, int count, double time_used);
-# ifndef NO_FORK
-static int do_multi(int multi);
-# endif
-
-# define ALGOR_NUM       30
-# define SIZE_NUM        5
-# define RSA_NUM         4
-# define DSA_NUM         3
-
-# define EC_NUM       16
-# define MAX_ECDH_SIZE 256
-
-static const char *names[ALGOR_NUM] = {
-    "md2", "mdc2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", "rc4",
-    "des cbc", "des ede3", "idea cbc", "seed cbc",
-    "rc2 cbc", "rc5-32/12 cbc", "blowfish cbc", "cast cbc",
-    "aes-128 cbc", "aes-192 cbc", "aes-256 cbc",
-    "camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc",
-    "evp", "sha256", "sha512", "whirlpool",
-    "aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash"
-};
-
-static double results[ALGOR_NUM][SIZE_NUM];
-static int lengths[SIZE_NUM] = { 16, 64, 256, 1024, 8 * 1024 };
-
-# ifndef OPENSSL_NO_RSA
-static double rsa_results[RSA_NUM][2];
-# endif
-# ifndef OPENSSL_NO_DSA
-static double dsa_results[DSA_NUM][2];
-# endif
-# ifndef OPENSSL_NO_ECDSA
-static double ecdsa_results[EC_NUM][2];
-# endif
-# ifndef OPENSSL_NO_ECDH
-static double ecdh_results[EC_NUM][1];
-# endif
-
-# if defined(OPENSSL_NO_DSA) && !(defined(OPENSSL_NO_ECDSA) && defined(OPENSSL_NO_ECDH))
-static const char rnd_seed[] =
-    "string to make the random number generator think it has entropy";
-static int rnd_fake = 0;
-# endif
-
-# ifdef SIGALRM
-#  if defined(__STDC__) || defined(sgi) || defined(_AIX)
-#   define SIGRETTYPE void
-#  else
-#   define SIGRETTYPE int
-#  endif
-
-static SIGRETTYPE sig_done(int sig);
-static SIGRETTYPE sig_done(int sig)
-{
-    signal(SIGALRM, sig_done);
-    run = 0;
-#  ifdef LINT
-    sig = sig;
-#  endif
-}
-# endif
-
-# define START   0
-# define STOP    1
-
-# if defined(_WIN32)
-
-#  if !defined(SIGALRM)
-#   define SIGALRM
-#  endif
-static unsigned int lapse, schlock;
-static void alarm_win32(unsigned int secs)
-{
-    lapse = secs * 1000;
-}
-
-#  define alarm alarm_win32
-
-static DWORD WINAPI sleepy(VOID * arg)
-{
-    schlock = 1;
-    Sleep(lapse);
-    run = 0;
-    return 0;
-}
-
-static double Time_F(int s)
-{
-    if (s == START) {
-        HANDLE thr;
-        schlock = 0;
-        thr = CreateThread(NULL, 4096, sleepy, NULL, 0, NULL);
-        if (thr == NULL) {
-            DWORD ret = GetLastError();
-            BIO_printf(bio_err, "unable to CreateThread (%d)", ret);
-            ExitProcess(ret);
-        }
-        CloseHandle(thr);       /* detach the thread */
-        while (!schlock)
-            Sleep(0);           /* scheduler spinlock */
-    }
-
-    return app_tminterval(s, usertime);
-}
-# else
-
-static double Time_F(int s)
-{
-    return app_tminterval(s, usertime);
-}
-# endif
-
-# ifndef OPENSSL_NO_ECDH
-static const int KDF1_SHA1_len = 20;
-static void *KDF1_SHA1(const void *in, size_t inlen, void *out,
-                       size_t *outlen)
-{
-#  ifndef OPENSSL_NO_SHA
-    if (*outlen < SHA_DIGEST_LENGTH)
-        return NULL;
-    else
-        *outlen = SHA_DIGEST_LENGTH;
-    return SHA1(in, inlen, out);
-#  else
-    return NULL;
-#  endif                        /* OPENSSL_NO_SHA */
-}
-# endif                         /* OPENSSL_NO_ECDH */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-{
-    unsigned char *buf = NULL, *buf2 = NULL;
-    int mret = 1;
-    long count = 0, save_count = 0;
-    int i, j, k;
-# if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA)
-    long rsa_count;
-# endif
-# ifndef OPENSSL_NO_RSA
-    unsigned rsa_num;
-# endif
-    unsigned char md[EVP_MAX_MD_SIZE];
-# ifndef OPENSSL_NO_MD2
-    unsigned char md2[MD2_DIGEST_LENGTH];
-# endif
-# ifndef OPENSSL_NO_MDC2
-    unsigned char mdc2[MDC2_DIGEST_LENGTH];
-# endif
-# ifndef OPENSSL_NO_MD4
-    unsigned char md4[MD4_DIGEST_LENGTH];
-# endif
-# ifndef OPENSSL_NO_MD5
-    unsigned char md5[MD5_DIGEST_LENGTH];
-    unsigned char hmac[MD5_DIGEST_LENGTH];
-# endif
-# ifndef OPENSSL_NO_SHA
-    unsigned char sha[SHA_DIGEST_LENGTH];
-#  ifndef OPENSSL_NO_SHA256
-    unsigned char sha256[SHA256_DIGEST_LENGTH];
-#  endif
-#  ifndef OPENSSL_NO_SHA512
-    unsigned char sha512[SHA512_DIGEST_LENGTH];
-#  endif
-# endif
-# ifndef OPENSSL_NO_WHIRLPOOL
-    unsigned char whirlpool[WHIRLPOOL_DIGEST_LENGTH];
-# endif
-# ifndef OPENSSL_NO_RIPEMD
-    unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
-# endif
-# ifndef OPENSSL_NO_RC4
-    RC4_KEY rc4_ks;
-# endif
-# ifndef OPENSSL_NO_RC5
-    RC5_32_KEY rc5_ks;
-# endif
-# ifndef OPENSSL_NO_RC2
-    RC2_KEY rc2_ks;
-# endif
-# ifndef OPENSSL_NO_IDEA
-    IDEA_KEY_SCHEDULE idea_ks;
-# endif
-# ifndef OPENSSL_NO_SEED
-    SEED_KEY_SCHEDULE seed_ks;
-# endif
-# ifndef OPENSSL_NO_BF
-    BF_KEY bf_ks;
-# endif
-# ifndef OPENSSL_NO_CAST
-    CAST_KEY cast_ks;
-# endif
-    static const unsigned char key16[16] = {
-        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
-        0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12
-    };
-# ifndef OPENSSL_NO_AES
-    static const unsigned char key24[24] = {
-        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
-        0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
-        0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34
-    };
-    static const unsigned char key32[32] = {
-        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
-        0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
-        0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
-        0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56
-    };
-# endif
-# ifndef OPENSSL_NO_CAMELLIA
-    static const unsigned char ckey24[24] = {
-        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
-        0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
-        0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34
-    };
-    static const unsigned char ckey32[32] = {
-        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
-        0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
-        0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
-        0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56
-    };
-# endif
-# ifndef OPENSSL_NO_AES
-#  define MAX_BLOCK_SIZE 128
-# else
-#  define MAX_BLOCK_SIZE 64
-# endif
-    unsigned char DES_iv[8];
-    unsigned char iv[2 * MAX_BLOCK_SIZE / 8];
-# ifndef OPENSSL_NO_DES
-    static DES_cblock key =
-        { 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0 };
-    static DES_cblock key2 =
-        { 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12 };
-    static DES_cblock key3 =
-        { 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34 };
-    DES_key_schedule sch;
-    DES_key_schedule sch2;
-    DES_key_schedule sch3;
-# endif
-# ifndef OPENSSL_NO_AES
-    AES_KEY aes_ks1, aes_ks2, aes_ks3;
-# endif
-# ifndef OPENSSL_NO_CAMELLIA
-    CAMELLIA_KEY camellia_ks1, camellia_ks2, camellia_ks3;
-# endif
-# define D_MD2           0
-# define D_MDC2          1
-# define D_MD4           2
-# define D_MD5           3
-# define D_HMAC          4
-# define D_SHA1          5
-# define D_RMD160        6
-# define D_RC4           7
-# define D_CBC_DES       8
-# define D_EDE3_DES      9
-# define D_CBC_IDEA      10
-# define D_CBC_SEED      11
-# define D_CBC_RC2       12
-# define D_CBC_RC5       13
-# define D_CBC_BF        14
-# define D_CBC_CAST      15
-# define D_CBC_128_AES   16
-# define D_CBC_192_AES   17
-# define D_CBC_256_AES   18
-# define D_CBC_128_CML   19
-# define D_CBC_192_CML   20
-# define D_CBC_256_CML   21
-# define D_EVP           22
-# define D_SHA256        23
-# define D_SHA512        24
-# define D_WHIRLPOOL     25
-# define D_IGE_128_AES   26
-# define D_IGE_192_AES   27
-# define D_IGE_256_AES   28
-# define D_GHASH         29
-    double d = 0.0;
-    long c[ALGOR_NUM][SIZE_NUM];
-# define R_DSA_512       0
-# define R_DSA_1024      1
-# define R_DSA_2048      2
-# define R_RSA_512       0
-# define R_RSA_1024      1
-# define R_RSA_2048      2
-# define R_RSA_4096      3
-
-# define R_EC_P160    0
-# define R_EC_P192    1
-# define R_EC_P224    2
-# define R_EC_P256    3
-# define R_EC_P384    4
-# define R_EC_P521    5
-# define R_EC_K163    6
-# define R_EC_K233    7
-# define R_EC_K283    8
-# define R_EC_K409    9
-# define R_EC_K571    10
-# define R_EC_B163    11
-# define R_EC_B233    12
-# define R_EC_B283    13
-# define R_EC_B409    14
-# define R_EC_B571    15
-
-# ifndef OPENSSL_NO_RSA
-    RSA *rsa_key[RSA_NUM];
-    long rsa_c[RSA_NUM][2];
-    static unsigned int rsa_bits[RSA_NUM] = {
-        512, 1024, 2048, 4096
-    };
-    static unsigned char *rsa_data[RSA_NUM] = {
-        test512, test1024, test2048, test4096
-    };
-    static int rsa_data_length[RSA_NUM] = {
-        sizeof(test512), sizeof(test1024),
-        sizeof(test2048), sizeof(test4096)
-    };
-# endif
-# ifndef OPENSSL_NO_DSA
-    DSA *dsa_key[DSA_NUM];
-    long dsa_c[DSA_NUM][2];
-    static unsigned int dsa_bits[DSA_NUM] = { 512, 1024, 2048 };
-# endif
-# ifndef OPENSSL_NO_EC
-    /*
-     * We only test over the following curves as they are representative, To
-     * add tests over more curves, simply add the curve NID and curve name to
-     * the following arrays and increase the EC_NUM value accordingly.
-     */
-    static unsigned int test_curves[EC_NUM] = {
-        /* Prime Curves */
-        NID_secp160r1,
-        NID_X9_62_prime192v1,
-        NID_secp224r1,
-        NID_X9_62_prime256v1,
-        NID_secp384r1,
-        NID_secp521r1,
-        /* Binary Curves */
-        NID_sect163k1,
-        NID_sect233k1,
-        NID_sect283k1,
-        NID_sect409k1,
-        NID_sect571k1,
-        NID_sect163r2,
-        NID_sect233r1,
-        NID_sect283r1,
-        NID_sect409r1,
-        NID_sect571r1
-    };
-    static const char *test_curves_names[EC_NUM] = {
-        /* Prime Curves */
-        "secp160r1",
-        "nistp192",
-        "nistp224",
-        "nistp256",
-        "nistp384",
-        "nistp521",
-        /* Binary Curves */
-        "nistk163",
-        "nistk233",
-        "nistk283",
-        "nistk409",
-        "nistk571",
-        "nistb163",
-        "nistb233",
-        "nistb283",
-        "nistb409",
-        "nistb571"
-    };
-    static int test_curves_bits[EC_NUM] = {
-        160, 192, 224, 256, 384, 521,
-        163, 233, 283, 409, 571,
-        163, 233, 283, 409, 571
-    };
-
-# endif
-
-# ifndef OPENSSL_NO_ECDSA
-    unsigned char ecdsasig[256];
-    unsigned int ecdsasiglen;
-    EC_KEY *ecdsa[EC_NUM];
-    long ecdsa_c[EC_NUM][2];
-# endif
-
-# ifndef OPENSSL_NO_ECDH
-    EC_KEY *ecdh_a[EC_NUM], *ecdh_b[EC_NUM];
-    unsigned char secret_a[MAX_ECDH_SIZE], secret_b[MAX_ECDH_SIZE];
-    int secret_size_a, secret_size_b;
-    int ecdh_checks = 0;
-    int secret_idx = 0;
-    long ecdh_c[EC_NUM][2];
-# endif
-
-    int rsa_doit[RSA_NUM];
-    int dsa_doit[DSA_NUM];
-# ifndef OPENSSL_NO_ECDSA
-    int ecdsa_doit[EC_NUM];
-# endif
-# ifndef OPENSSL_NO_ECDH
-    int ecdh_doit[EC_NUM];
-# endif
-    int doit[ALGOR_NUM];
-    int pr_header = 0;
-    const EVP_CIPHER *evp_cipher = NULL;
-    const EVP_MD *evp_md = NULL;
-    int decrypt = 0;
-# ifndef NO_FORK
-    int multi = 0;
-# endif
-
-# ifndef TIMES
-    usertime = -1;
-# endif
-
-    apps_startup();
-    memset(results, 0, sizeof(results));
-# ifndef OPENSSL_NO_DSA
-    memset(dsa_key, 0, sizeof(dsa_key));
-# endif
-# ifndef OPENSSL_NO_ECDSA
-    for (i = 0; i < EC_NUM; i++)
-        ecdsa[i] = NULL;
-# endif
-# ifndef OPENSSL_NO_ECDH
-    for (i = 0; i < EC_NUM; i++) {
-        ecdh_a[i] = NULL;
-        ecdh_b[i] = NULL;
-    }
-# endif
-
-    if (bio_err == NULL)
-        if ((bio_err = BIO_new(BIO_s_file())) != NULL)
-            BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
-
-    if (!load_config(bio_err, NULL))
-        goto end;
-
-# ifndef OPENSSL_NO_RSA
-    memset(rsa_key, 0, sizeof(rsa_key));
-    for (i = 0; i < RSA_NUM; i++)
-        rsa_key[i] = NULL;
-# endif
-
-    if ((buf = (unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL) {
-        BIO_printf(bio_err, "out of memory\n");
-        goto end;
-    }
-    if ((buf2 = (unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL) {
-        BIO_printf(bio_err, "out of memory\n");
-        goto end;
-    }
-
-    memset(c, 0, sizeof(c));
-    memset(DES_iv, 0, sizeof(DES_iv));
-    memset(iv, 0, sizeof(iv));
-
-    for (i = 0; i < ALGOR_NUM; i++)
-        doit[i] = 0;
-    for (i = 0; i < RSA_NUM; i++)
-        rsa_doit[i] = 0;
-    for (i = 0; i < DSA_NUM; i++)
-        dsa_doit[i] = 0;
-# ifndef OPENSSL_NO_ECDSA
-    for (i = 0; i < EC_NUM; i++)
-        ecdsa_doit[i] = 0;
-# endif
-# ifndef OPENSSL_NO_ECDH
-    for (i = 0; i < EC_NUM; i++)
-        ecdh_doit[i] = 0;
-# endif
-
-    j = 0;
-    argc--;
-    argv++;
-    while (argc) {
-        if ((argc > 0) && (strcmp(*argv, "-elapsed") == 0)) {
-            usertime = 0;
-            j--;                /* Otherwise, -elapsed gets confused with an
-                                 * algorithm. */
-        } else if ((argc > 0) && (strcmp(*argv, "-evp") == 0)) {
-            argc--;
-            argv++;
-            if (argc == 0) {
-                BIO_printf(bio_err, "no EVP given\n");
-                goto end;
-            }
-            evp_cipher = EVP_get_cipherbyname(*argv);
-            if (!evp_cipher) {
-                evp_md = EVP_get_digestbyname(*argv);
-            }
-            if (!evp_cipher && !evp_md) {
-                BIO_printf(bio_err, "%s is an unknown cipher or digest\n",
-                           *argv);
-                goto end;
-            }
-            doit[D_EVP] = 1;
-        } else if (argc > 0 && !strcmp(*argv, "-decrypt")) {
-            decrypt = 1;
-            j--;                /* Otherwise, -elapsed gets confused with an
-                                 * algorithm. */
-        }
-# ifndef OPENSSL_NO_ENGINE
-        else if ((argc > 0) && (strcmp(*argv, "-engine") == 0)) {
-            argc--;
-            argv++;
-            if (argc == 0) {
-                BIO_printf(bio_err, "no engine given\n");
-                goto end;
-            }
-            setup_engine(bio_err, *argv, 0);
-            /*
-             * j will be increased again further down.  We just don't want
-             * speed to confuse an engine with an algorithm, especially when
-             * none is given (which means all of them should be run)
-             */
-            j--;
-        }
-# endif
-# ifndef NO_FORK
-        else if ((argc > 0) && (strcmp(*argv, "-multi") == 0)) {
-            argc--;
-            argv++;
-            if (argc == 0) {
-                BIO_printf(bio_err, "no multi count given\n");
-                goto end;
-            }
-            multi = atoi(argv[0]);
-            if (multi <= 0) {
-                BIO_printf(bio_err, "bad multi count\n");
-                goto end;
-            }
-            j--;                /* Otherwise, -mr gets confused with an
-                                 * algorithm. */
-        }
-# endif
-        else if (argc > 0 && !strcmp(*argv, "-mr")) {
-            mr = 1;
-            j--;                /* Otherwise, -mr gets confused with an
-                                 * algorithm. */
-        } else
-# ifndef OPENSSL_NO_MD2
-        if (strcmp(*argv, "md2") == 0)
-            doit[D_MD2] = 1;
-        else
-# endif
-# ifndef OPENSSL_NO_MDC2
-        if (strcmp(*argv, "mdc2") == 0)
-            doit[D_MDC2] = 1;
-        else
-# endif
-# ifndef OPENSSL_NO_MD4
-        if (strcmp(*argv, "md4") == 0)
-            doit[D_MD4] = 1;
-        else
-# endif
-# ifndef OPENSSL_NO_MD5
-        if (strcmp(*argv, "md5") == 0)
-            doit[D_MD5] = 1;
-        else
-# endif
-# ifndef OPENSSL_NO_MD5
-        if (strcmp(*argv, "hmac") == 0)
-            doit[D_HMAC] = 1;
-        else
-# endif
-# ifndef OPENSSL_NO_SHA
-        if (strcmp(*argv, "sha1") == 0)
-            doit[D_SHA1] = 1;
-        else if (strcmp(*argv, "sha") == 0)
-            doit[D_SHA1] = 1, doit[D_SHA256] = 1, doit[D_SHA512] = 1;
-        else
-#  ifndef OPENSSL_NO_SHA256
-        if (strcmp(*argv, "sha256") == 0)
-            doit[D_SHA256] = 1;
-        else
-#  endif
-#  ifndef OPENSSL_NO_SHA512
-        if (strcmp(*argv, "sha512") == 0)
-            doit[D_SHA512] = 1;
-        else
-#  endif
-# endif
-# ifndef OPENSSL_NO_WHIRLPOOL
-        if (strcmp(*argv, "whirlpool") == 0)
-            doit[D_WHIRLPOOL] = 1;
-        else
-# endif
-# ifndef OPENSSL_NO_RIPEMD
-        if (strcmp(*argv, "ripemd") == 0)
-            doit[D_RMD160] = 1;
-        else if (strcmp(*argv, "rmd160") == 0)
-            doit[D_RMD160] = 1;
-        else if (strcmp(*argv, "ripemd160") == 0)
-            doit[D_RMD160] = 1;
-        else
-# endif
-# ifndef OPENSSL_NO_RC4
-        if (strcmp(*argv, "rc4") == 0)
-            doit[D_RC4] = 1;
-        else
-# endif
-# ifndef OPENSSL_NO_DES
-        if (strcmp(*argv, "des-cbc") == 0)
-            doit[D_CBC_DES] = 1;
-        else if (strcmp(*argv, "des-ede3") == 0)
-            doit[D_EDE3_DES] = 1;
-        else
-# endif
-# ifndef OPENSSL_NO_AES
-        if (strcmp(*argv, "aes-128-cbc") == 0)
-            doit[D_CBC_128_AES] = 1;
-        else if (strcmp(*argv, "aes-192-cbc") == 0)
-            doit[D_CBC_192_AES] = 1;
-        else if (strcmp(*argv, "aes-256-cbc") == 0)
-            doit[D_CBC_256_AES] = 1;
-        else if (strcmp(*argv, "aes-128-ige") == 0)
-            doit[D_IGE_128_AES] = 1;
-        else if (strcmp(*argv, "aes-192-ige") == 0)
-            doit[D_IGE_192_AES] = 1;
-        else if (strcmp(*argv, "aes-256-ige") == 0)
-            doit[D_IGE_256_AES] = 1;
-        else
-# endif
-# ifndef OPENSSL_NO_CAMELLIA
-        if (strcmp(*argv, "camellia-128-cbc") == 0)
-            doit[D_CBC_128_CML] = 1;
-        else if (strcmp(*argv, "camellia-192-cbc") == 0)
-            doit[D_CBC_192_CML] = 1;
-        else if (strcmp(*argv, "camellia-256-cbc") == 0)
-            doit[D_CBC_256_CML] = 1;
-        else
-# endif
-# ifndef OPENSSL_NO_RSA
-#  if 0                         /* was: #ifdef RSAref */
-        if (strcmp(*argv, "rsaref") == 0) {
-            RSA_set_default_openssl_method(RSA_PKCS1_RSAref());
-            j--;
-        } else
-#  endif
-#  ifndef RSA_NULL
-        if (strcmp(*argv, "openssl") == 0) {
-            RSA_set_default_method(RSA_PKCS1_SSLeay());
-            j--;
-        } else
-#  endif
-# endif                         /* !OPENSSL_NO_RSA */
-        if (strcmp(*argv, "dsa512") == 0)
-            dsa_doit[R_DSA_512] = 2;
-        else if (strcmp(*argv, "dsa1024") == 0)
-            dsa_doit[R_DSA_1024] = 2;
-        else if (strcmp(*argv, "dsa2048") == 0)
-            dsa_doit[R_DSA_2048] = 2;
-        else if (strcmp(*argv, "rsa512") == 0)
-            rsa_doit[R_RSA_512] = 2;
-        else if (strcmp(*argv, "rsa1024") == 0)
-            rsa_doit[R_RSA_1024] = 2;
-        else if (strcmp(*argv, "rsa2048") == 0)
-            rsa_doit[R_RSA_2048] = 2;
-        else if (strcmp(*argv, "rsa4096") == 0)
-            rsa_doit[R_RSA_4096] = 2;
-        else
-# ifndef OPENSSL_NO_RC2
-        if (strcmp(*argv, "rc2-cbc") == 0)
-            doit[D_CBC_RC2] = 1;
-        else if (strcmp(*argv, "rc2") == 0)
-            doit[D_CBC_RC2] = 1;
-        else
-# endif
-# ifndef OPENSSL_NO_RC5
-        if (strcmp(*argv, "rc5-cbc") == 0)
-            doit[D_CBC_RC5] = 1;
-        else if (strcmp(*argv, "rc5") == 0)
-            doit[D_CBC_RC5] = 1;
-        else
-# endif
-# ifndef OPENSSL_NO_IDEA
-        if (strcmp(*argv, "idea-cbc") == 0)
-            doit[D_CBC_IDEA] = 1;
-        else if (strcmp(*argv, "idea") == 0)
-            doit[D_CBC_IDEA] = 1;
-        else
-# endif
-# ifndef OPENSSL_NO_SEED
-        if (strcmp(*argv, "seed-cbc") == 0)
-            doit[D_CBC_SEED] = 1;
-        else if (strcmp(*argv, "seed") == 0)
-            doit[D_CBC_SEED] = 1;
-        else
-# endif
-# ifndef OPENSSL_NO_BF
-        if (strcmp(*argv, "bf-cbc") == 0)
-            doit[D_CBC_BF] = 1;
-        else if (strcmp(*argv, "blowfish") == 0)
-            doit[D_CBC_BF] = 1;
-        else if (strcmp(*argv, "bf") == 0)
-            doit[D_CBC_BF] = 1;
-        else
-# endif
-# ifndef OPENSSL_NO_CAST
-        if (strcmp(*argv, "cast-cbc") == 0)
-            doit[D_CBC_CAST] = 1;
-        else if (strcmp(*argv, "cast") == 0)
-            doit[D_CBC_CAST] = 1;
-        else if (strcmp(*argv, "cast5") == 0)
-            doit[D_CBC_CAST] = 1;
-        else
-# endif
-# ifndef OPENSSL_NO_DES
-        if (strcmp(*argv, "des") == 0) {
-            doit[D_CBC_DES] = 1;
-            doit[D_EDE3_DES] = 1;
-        } else
-# endif
-# ifndef OPENSSL_NO_AES
-        if (strcmp(*argv, "aes") == 0) {
-            doit[D_CBC_128_AES] = 1;
-            doit[D_CBC_192_AES] = 1;
-            doit[D_CBC_256_AES] = 1;
-        } else if (strcmp(*argv, "ghash") == 0) {
-            doit[D_GHASH] = 1;
-        } else
-# endif
-# ifndef OPENSSL_NO_CAMELLIA
-        if (strcmp(*argv, "camellia") == 0) {
-            doit[D_CBC_128_CML] = 1;
-            doit[D_CBC_192_CML] = 1;
-            doit[D_CBC_256_CML] = 1;
-        } else
-# endif
-# ifndef OPENSSL_NO_RSA
-        if (strcmp(*argv, "rsa") == 0) {
-            rsa_doit[R_RSA_512] = 1;
-            rsa_doit[R_RSA_1024] = 1;
-            rsa_doit[R_RSA_2048] = 1;
-            rsa_doit[R_RSA_4096] = 1;
-        } else
-# endif
-# ifndef OPENSSL_NO_DSA
-        if (strcmp(*argv, "dsa") == 0) {
-            dsa_doit[R_DSA_512] = 1;
-            dsa_doit[R_DSA_1024] = 1;
-            dsa_doit[R_DSA_2048] = 1;
-        } else
-# endif
-# ifndef OPENSSL_NO_ECDSA
-        if (strcmp(*argv, "ecdsap160") == 0)
-            ecdsa_doit[R_EC_P160] = 2;
-        else if (strcmp(*argv, "ecdsap192") == 0)
-            ecdsa_doit[R_EC_P192] = 2;
-        else if (strcmp(*argv, "ecdsap224") == 0)
-            ecdsa_doit[R_EC_P224] = 2;
-        else if (strcmp(*argv, "ecdsap256") == 0)
-            ecdsa_doit[R_EC_P256] = 2;
-        else if (strcmp(*argv, "ecdsap384") == 0)
-            ecdsa_doit[R_EC_P384] = 2;
-        else if (strcmp(*argv, "ecdsap521") == 0)
-            ecdsa_doit[R_EC_P521] = 2;
-        else if (strcmp(*argv, "ecdsak163") == 0)
-            ecdsa_doit[R_EC_K163] = 2;
-        else if (strcmp(*argv, "ecdsak233") == 0)
-            ecdsa_doit[R_EC_K233] = 2;
-        else if (strcmp(*argv, "ecdsak283") == 0)
-            ecdsa_doit[R_EC_K283] = 2;
-        else if (strcmp(*argv, "ecdsak409") == 0)
-            ecdsa_doit[R_EC_K409] = 2;
-        else if (strcmp(*argv, "ecdsak571") == 0)
-            ecdsa_doit[R_EC_K571] = 2;
-        else if (strcmp(*argv, "ecdsab163") == 0)
-            ecdsa_doit[R_EC_B163] = 2;
-        else if (strcmp(*argv, "ecdsab233") == 0)
-            ecdsa_doit[R_EC_B233] = 2;
-        else if (strcmp(*argv, "ecdsab283") == 0)
-            ecdsa_doit[R_EC_B283] = 2;
-        else if (strcmp(*argv, "ecdsab409") == 0)
-            ecdsa_doit[R_EC_B409] = 2;
-        else if (strcmp(*argv, "ecdsab571") == 0)
-            ecdsa_doit[R_EC_B571] = 2;
-        else if (strcmp(*argv, "ecdsa") == 0) {
-            for (i = 0; i < EC_NUM; i++)
-                ecdsa_doit[i] = 1;
-        } else
-# endif
-# ifndef OPENSSL_NO_ECDH
-        if (strcmp(*argv, "ecdhp160") == 0)
-            ecdh_doit[R_EC_P160] = 2;
-        else if (strcmp(*argv, "ecdhp192") == 0)
-            ecdh_doit[R_EC_P192] = 2;
-        else if (strcmp(*argv, "ecdhp224") == 0)
-            ecdh_doit[R_EC_P224] = 2;
-        else if (strcmp(*argv, "ecdhp256") == 0)
-            ecdh_doit[R_EC_P256] = 2;
-        else if (strcmp(*argv, "ecdhp384") == 0)
-            ecdh_doit[R_EC_P384] = 2;
-        else if (strcmp(*argv, "ecdhp521") == 0)
-            ecdh_doit[R_EC_P521] = 2;
-        else if (strcmp(*argv, "ecdhk163") == 0)
-            ecdh_doit[R_EC_K163] = 2;
-        else if (strcmp(*argv, "ecdhk233") == 0)
-            ecdh_doit[R_EC_K233] = 2;
-        else if (strcmp(*argv, "ecdhk283") == 0)
-            ecdh_doit[R_EC_K283] = 2;
-        else if (strcmp(*argv, "ecdhk409") == 0)
-            ecdh_doit[R_EC_K409] = 2;
-        else if (strcmp(*argv, "ecdhk571") == 0)
-            ecdh_doit[R_EC_K571] = 2;
-        else if (strcmp(*argv, "ecdhb163") == 0)
-            ecdh_doit[R_EC_B163] = 2;
-        else if (strcmp(*argv, "ecdhb233") == 0)
-            ecdh_doit[R_EC_B233] = 2;
-        else if (strcmp(*argv, "ecdhb283") == 0)
-            ecdh_doit[R_EC_B283] = 2;
-        else if (strcmp(*argv, "ecdhb409") == 0)
-            ecdh_doit[R_EC_B409] = 2;
-        else if (strcmp(*argv, "ecdhb571") == 0)
-            ecdh_doit[R_EC_B571] = 2;
-        else if (strcmp(*argv, "ecdh") == 0) {
-            for (i = 0; i < EC_NUM; i++)
-                ecdh_doit[i] = 1;
-        } else
-# endif
-        {
-            BIO_printf(bio_err, "Error: bad option or value\n");
-            BIO_printf(bio_err, "\n");
-            BIO_printf(bio_err, "Available values:\n");
-# ifndef OPENSSL_NO_MD2
-            BIO_printf(bio_err, "md2      ");
-# endif
-# ifndef OPENSSL_NO_MDC2
-            BIO_printf(bio_err, "mdc2     ");
-# endif
-# ifndef OPENSSL_NO_MD4
-            BIO_printf(bio_err, "md4      ");
-# endif
-# ifndef OPENSSL_NO_MD5
-            BIO_printf(bio_err, "md5      ");
-#  ifndef OPENSSL_NO_HMAC
-            BIO_printf(bio_err, "hmac     ");
-#  endif
-# endif
-# ifndef OPENSSL_NO_SHA1
-            BIO_printf(bio_err, "sha1     ");
-# endif
-# ifndef OPENSSL_NO_SHA256
-            BIO_printf(bio_err, "sha256   ");
-# endif
-# ifndef OPENSSL_NO_SHA512
-            BIO_printf(bio_err, "sha512   ");
-# endif
-# ifndef OPENSSL_NO_WHIRLPOOL
-            BIO_printf(bio_err, "whirlpool");
-# endif
-# ifndef OPENSSL_NO_RIPEMD160
-            BIO_printf(bio_err, "rmd160");
-# endif
-# if !defined(OPENSSL_NO_MD2) || !defined(OPENSSL_NO_MDC2) || \
-    !defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \
-    !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RIPEMD160) || \
-    !defined(OPENSSL_NO_WHIRLPOOL)
-            BIO_printf(bio_err, "\n");
-# endif
-
-# ifndef OPENSSL_NO_IDEA
-            BIO_printf(bio_err, "idea-cbc ");
-# endif
-# ifndef OPENSSL_NO_SEED
-            BIO_printf(bio_err, "seed-cbc ");
-# endif
-# ifndef OPENSSL_NO_RC2
-            BIO_printf(bio_err, "rc2-cbc  ");
-# endif
-# ifndef OPENSSL_NO_RC5
-            BIO_printf(bio_err, "rc5-cbc  ");
-# endif
-# ifndef OPENSSL_NO_BF
-            BIO_printf(bio_err, "bf-cbc");
-# endif
-# if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || !defined(OPENSSL_NO_RC2) || \
-    !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_RC5)
-            BIO_printf(bio_err, "\n");
-# endif
-# ifndef OPENSSL_NO_DES
-            BIO_printf(bio_err, "des-cbc  des-ede3 ");
-# endif
-# ifndef OPENSSL_NO_AES
-            BIO_printf(bio_err, "aes-128-cbc aes-192-cbc aes-256-cbc ");
-            BIO_printf(bio_err, "aes-128-ige aes-192-ige aes-256-ige ");
-# endif
-# ifndef OPENSSL_NO_CAMELLIA
-            BIO_printf(bio_err, "\n");
-            BIO_printf(bio_err,
-                       "camellia-128-cbc camellia-192-cbc camellia-256-cbc ");
-# endif
-# ifndef OPENSSL_NO_RC4
-            BIO_printf(bio_err, "rc4");
-# endif
-            BIO_printf(bio_err, "\n");
-
-# ifndef OPENSSL_NO_RSA
-            BIO_printf(bio_err, "rsa512   rsa1024  rsa2048  rsa4096\n");
-# endif
-
-# ifndef OPENSSL_NO_DSA
-            BIO_printf(bio_err, "dsa512   dsa1024  dsa2048\n");
-# endif
-# ifndef OPENSSL_NO_ECDSA
-            BIO_printf(bio_err, "ecdsap160 ecdsap192 ecdsap224 "
-                       "ecdsap256 ecdsap384 ecdsap521\n");
-            BIO_printf(bio_err,
-                       "ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
-            BIO_printf(bio_err,
-                       "ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
-            BIO_printf(bio_err, "ecdsa\n");
-# endif
-# ifndef OPENSSL_NO_ECDH
-            BIO_printf(bio_err, "ecdhp160  ecdhp192  ecdhp224 "
-                       "ecdhp256  ecdhp384  ecdhp521\n");
-            BIO_printf(bio_err,
-                       "ecdhk163  ecdhk233  ecdhk283  ecdhk409  ecdhk571\n");
-            BIO_printf(bio_err,
-                       "ecdhb163  ecdhb233  ecdhb283  ecdhb409  ecdhb571\n");
-            BIO_printf(bio_err, "ecdh\n");
-# endif
-
-# ifndef OPENSSL_NO_IDEA
-            BIO_printf(bio_err, "idea     ");
-# endif
-# ifndef OPENSSL_NO_SEED
-            BIO_printf(bio_err, "seed     ");
-# endif
-# ifndef OPENSSL_NO_RC2
-            BIO_printf(bio_err, "rc2      ");
-# endif
-# ifndef OPENSSL_NO_DES
-            BIO_printf(bio_err, "des      ");
-# endif
-# ifndef OPENSSL_NO_AES
-            BIO_printf(bio_err, "aes      ");
-# endif
-# ifndef OPENSSL_NO_CAMELLIA
-            BIO_printf(bio_err, "camellia ");
-# endif
-# ifndef OPENSSL_NO_RSA
-            BIO_printf(bio_err, "rsa      ");
-# endif
-# ifndef OPENSSL_NO_BF
-            BIO_printf(bio_err, "blowfish");
-# endif
-# if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || \
-    !defined(OPENSSL_NO_RC2) || !defined(OPENSSL_NO_DES) || \
-    !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_BF) || \
-    !defined(OPENSSL_NO_AES) || !defined(OPENSSL_NO_CAMELLIA)
-            BIO_printf(bio_err, "\n");
-# endif
-
-            BIO_printf(bio_err, "\n");
-            BIO_printf(bio_err, "Available options:\n");
-# if defined(TIMES) || defined(USE_TOD)
-            BIO_printf(bio_err, "-elapsed        "
-                       "measure time in real time instead of CPU user time.\n");
-# endif
-# ifndef OPENSSL_NO_ENGINE
-            BIO_printf(bio_err,
-                       "-engine e       "
-                       "use engine e, possibly a hardware device.\n");
-# endif
-            BIO_printf(bio_err, "-evp e          " "use EVP e.\n");
-            BIO_printf(bio_err,
-                       "-decrypt        "
-                       "time decryption instead of encryption (only EVP).\n");
-            BIO_printf(bio_err,
-                       "-mr             "
-                       "produce machine readable output.\n");
-# ifndef NO_FORK
-            BIO_printf(bio_err,
-                       "-multi n        " "run n benchmarks in parallel.\n");
-# endif
-            goto end;
-        }
-        argc--;
-        argv++;
-        j++;
-    }
-
-# ifndef NO_FORK
-    if (multi && do_multi(multi))
-        goto show_res;
-# endif
-
-    if (j == 0) {
-        for (i = 0; i < ALGOR_NUM; i++) {
-            if (i != D_EVP)
-                doit[i] = 1;
-        }
-        for (i = 0; i < RSA_NUM; i++)
-            rsa_doit[i] = 1;
-        for (i = 0; i < DSA_NUM; i++)
-            dsa_doit[i] = 1;
-# ifndef OPENSSL_NO_ECDSA
-        for (i = 0; i < EC_NUM; i++)
-            ecdsa_doit[i] = 1;
-# endif
-# ifndef OPENSSL_NO_ECDH
-        for (i = 0; i < EC_NUM; i++)
-            ecdh_doit[i] = 1;
-# endif
-    }
-    for (i = 0; i < ALGOR_NUM; i++)
-        if (doit[i])
-            pr_header++;
-
-    if (usertime == 0 && !mr)
-        BIO_printf(bio_err,
-                   "You have chosen to measure elapsed time "
-                   "instead of user CPU time.\n");
-
-# ifndef OPENSSL_NO_RSA
-    for (i = 0; i < RSA_NUM; i++) {
-        const unsigned char *p;
-
-        p = rsa_data[i];
-        rsa_key[i] = d2i_RSAPrivateKey(NULL, &p, rsa_data_length[i]);
-        if (rsa_key[i] == NULL) {
-            BIO_printf(bio_err, "internal error loading RSA key number %d\n",
-                       i);
-            goto end;
-        }
-#  if 0
-        else {
-            BIO_printf(bio_err,
-                       mr ? "+RK:%d:"
-                       : "Loaded RSA key, %d bit modulus and e= 0x",
-                       BN_num_bits(rsa_key[i]->n));
-            BN_print(bio_err, rsa_key[i]->e);
-            BIO_printf(bio_err, "\n");
-        }
-#  endif
-    }
-# endif
-
-# ifndef OPENSSL_NO_DSA
-    dsa_key[0] = get_dsa512();
-    dsa_key[1] = get_dsa1024();
-    dsa_key[2] = get_dsa2048();
-# endif
-
-# ifndef OPENSSL_NO_DES
-    DES_set_key_unchecked(&key, &sch);
-    DES_set_key_unchecked(&key2, &sch2);
-    DES_set_key_unchecked(&key3, &sch3);
-# endif
-# ifndef OPENSSL_NO_AES
-    AES_set_encrypt_key(key16, 128, &aes_ks1);
-    AES_set_encrypt_key(key24, 192, &aes_ks2);
-    AES_set_encrypt_key(key32, 256, &aes_ks3);
-# endif
-# ifndef OPENSSL_NO_CAMELLIA
-    Camellia_set_key(key16, 128, &camellia_ks1);
-    Camellia_set_key(ckey24, 192, &camellia_ks2);
-    Camellia_set_key(ckey32, 256, &camellia_ks3);
-# endif
-# ifndef OPENSSL_NO_IDEA
-    idea_set_encrypt_key(key16, &idea_ks);
-# endif
-# ifndef OPENSSL_NO_SEED
-    SEED_set_key(key16, &seed_ks);
-# endif
-# ifndef OPENSSL_NO_RC4
-    RC4_set_key(&rc4_ks, 16, key16);
-# endif
-# ifndef OPENSSL_NO_RC2
-    RC2_set_key(&rc2_ks, 16, key16, 128);
-# endif
-# ifndef OPENSSL_NO_RC5
-    RC5_32_set_key(&rc5_ks, 16, key16, 12);
-# endif
-# ifndef OPENSSL_NO_BF
-    BF_set_key(&bf_ks, 16, key16);
-# endif
-# ifndef OPENSSL_NO_CAST
-    CAST_set_key(&cast_ks, 16, key16);
-# endif
-# ifndef OPENSSL_NO_RSA
-    memset(rsa_c, 0, sizeof(rsa_c));
-# endif
-# ifndef SIGALRM
-#  ifndef OPENSSL_NO_DES
-    BIO_printf(bio_err, "First we calculate the approximate speed ...\n");
-    count = 10;
-    do {
-        long it;
-        count *= 2;
-        Time_F(START);
-        for (it = count; it; it--)
-            DES_ecb_encrypt((DES_cblock *)buf,
-                            (DES_cblock *)buf, &sch, DES_ENCRYPT);
-        d = Time_F(STOP);
-    } while (d < 3);
-    save_count = count;
-    c[D_MD2][0] = count / 10;
-    c[D_MDC2][0] = count / 10;
-    c[D_MD4][0] = count;
-    c[D_MD5][0] = count;
-    c[D_HMAC][0] = count;
-    c[D_SHA1][0] = count;
-    c[D_RMD160][0] = count;
-    c[D_RC4][0] = count * 5;
-    c[D_CBC_DES][0] = count;
-    c[D_EDE3_DES][0] = count / 3;
-    c[D_CBC_IDEA][0] = count;
-    c[D_CBC_SEED][0] = count;
-    c[D_CBC_RC2][0] = count;
-    c[D_CBC_RC5][0] = count;
-    c[D_CBC_BF][0] = count;
-    c[D_CBC_CAST][0] = count;
-    c[D_CBC_128_AES][0] = count;
-    c[D_CBC_192_AES][0] = count;
-    c[D_CBC_256_AES][0] = count;
-    c[D_CBC_128_CML][0] = count;
-    c[D_CBC_192_CML][0] = count;
-    c[D_CBC_256_CML][0] = count;
-    c[D_SHA256][0] = count;
-    c[D_SHA512][0] = count;
-    c[D_WHIRLPOOL][0] = count;
-    c[D_IGE_128_AES][0] = count;
-    c[D_IGE_192_AES][0] = count;
-    c[D_IGE_256_AES][0] = count;
-    c[D_GHASH][0] = count;
-
-    for (i = 1; i < SIZE_NUM; i++) {
-        c[D_MD2][i] = c[D_MD2][0] * 4 * lengths[0] / lengths[i];
-        c[D_MDC2][i] = c[D_MDC2][0] * 4 * lengths[0] / lengths[i];
-        c[D_MD4][i] = c[D_MD4][0] * 4 * lengths[0] / lengths[i];
-        c[D_MD5][i] = c[D_MD5][0] * 4 * lengths[0] / lengths[i];
-        c[D_HMAC][i] = c[D_HMAC][0] * 4 * lengths[0] / lengths[i];
-        c[D_SHA1][i] = c[D_SHA1][0] * 4 * lengths[0] / lengths[i];
-        c[D_RMD160][i] = c[D_RMD160][0] * 4 * lengths[0] / lengths[i];
-        c[D_SHA256][i] = c[D_SHA256][0] * 4 * lengths[0] / lengths[i];
-        c[D_SHA512][i] = c[D_SHA512][0] * 4 * lengths[0] / lengths[i];
-        c[D_WHIRLPOOL][i] = c[D_WHIRLPOOL][0] * 4 * lengths[0] / lengths[i];
-    }
-    for (i = 1; i < SIZE_NUM; i++) {
-        long l0, l1;
-
-        l0 = (long)lengths[i - 1];
-        l1 = (long)lengths[i];
-        c[D_RC4][i] = c[D_RC4][i - 1] * l0 / l1;
-        c[D_CBC_DES][i] = c[D_CBC_DES][i - 1] * l0 / l1;
-        c[D_EDE3_DES][i] = c[D_EDE3_DES][i - 1] * l0 / l1;
-        c[D_CBC_IDEA][i] = c[D_CBC_IDEA][i - 1] * l0 / l1;
-        c[D_CBC_SEED][i] = c[D_CBC_SEED][i - 1] * l0 / l1;
-        c[D_CBC_RC2][i] = c[D_CBC_RC2][i - 1] * l0 / l1;
-        c[D_CBC_RC5][i] = c[D_CBC_RC5][i - 1] * l0 / l1;
-        c[D_CBC_BF][i] = c[D_CBC_BF][i - 1] * l0 / l1;
-        c[D_CBC_CAST][i] = c[D_CBC_CAST][i - 1] * l0 / l1;
-        c[D_CBC_128_AES][i] = c[D_CBC_128_AES][i - 1] * l0 / l1;
-        c[D_CBC_192_AES][i] = c[D_CBC_192_AES][i - 1] * l0 / l1;
-        c[D_CBC_256_AES][i] = c[D_CBC_256_AES][i - 1] * l0 / l1;
-        c[D_CBC_128_CML][i] = c[D_CBC_128_CML][i - 1] * l0 / l1;
-        c[D_CBC_192_CML][i] = c[D_CBC_192_CML][i - 1] * l0 / l1;
-        c[D_CBC_256_CML][i] = c[D_CBC_256_CML][i - 1] * l0 / l1;
-        c[D_IGE_128_AES][i] = c[D_IGE_128_AES][i - 1] * l0 / l1;
-        c[D_IGE_192_AES][i] = c[D_IGE_192_AES][i - 1] * l0 / l1;
-        c[D_IGE_256_AES][i] = c[D_IGE_256_AES][i - 1] * l0 / l1;
-    }
-#   ifndef OPENSSL_NO_RSA
-    rsa_c[R_RSA_512][0] = count / 2000;
-    rsa_c[R_RSA_512][1] = count / 400;
-    for (i = 1; i < RSA_NUM; i++) {
-        rsa_c[i][0] = rsa_c[i - 1][0] / 8;
-        rsa_c[i][1] = rsa_c[i - 1][1] / 4;
-        if ((rsa_doit[i] <= 1) && (rsa_c[i][0] == 0))
-            rsa_doit[i] = 0;
-        else {
-            if (rsa_c[i][0] == 0) {
-                rsa_c[i][0] = 1;
-                rsa_c[i][1] = 20;
-            }
-        }
-    }
-#   endif
-
-#   ifndef OPENSSL_NO_DSA
-    dsa_c[R_DSA_512][0] = count / 1000;
-    dsa_c[R_DSA_512][1] = count / 1000 / 2;
-    for (i = 1; i < DSA_NUM; i++) {
-        dsa_c[i][0] = dsa_c[i - 1][0] / 4;
-        dsa_c[i][1] = dsa_c[i - 1][1] / 4;
-        if ((dsa_doit[i] <= 1) && (dsa_c[i][0] == 0))
-            dsa_doit[i] = 0;
-        else {
-            if (dsa_c[i] == 0) {
-                dsa_c[i][0] = 1;
-                dsa_c[i][1] = 1;
-            }
-        }
-    }
-#   endif
-
-#   ifndef OPENSSL_NO_ECDSA
-    ecdsa_c[R_EC_P160][0] = count / 1000;
-    ecdsa_c[R_EC_P160][1] = count / 1000 / 2;
-    for (i = R_EC_P192; i <= R_EC_P521; i++) {
-        ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
-        ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
-        if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
-            ecdsa_doit[i] = 0;
-        else {
-            if (ecdsa_c[i] == 0) {
-                ecdsa_c[i][0] = 1;
-                ecdsa_c[i][1] = 1;
-            }
-        }
-    }
-    ecdsa_c[R_EC_K163][0] = count / 1000;
-    ecdsa_c[R_EC_K163][1] = count / 1000 / 2;
-    for (i = R_EC_K233; i <= R_EC_K571; i++) {
-        ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
-        ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
-        if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
-            ecdsa_doit[i] = 0;
-        else {
-            if (ecdsa_c[i] == 0) {
-                ecdsa_c[i][0] = 1;
-                ecdsa_c[i][1] = 1;
-            }
-        }
-    }
-    ecdsa_c[R_EC_B163][0] = count / 1000;
-    ecdsa_c[R_EC_B163][1] = count / 1000 / 2;
-    for (i = R_EC_B233; i <= R_EC_B571; i++) {
-        ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
-        ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
-        if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
-            ecdsa_doit[i] = 0;
-        else {
-            if (ecdsa_c[i] == 0) {
-                ecdsa_c[i][0] = 1;
-                ecdsa_c[i][1] = 1;
-            }
-        }
-    }
-#   endif
-
-#   ifndef OPENSSL_NO_ECDH
-    ecdh_c[R_EC_P160][0] = count / 1000;
-    ecdh_c[R_EC_P160][1] = count / 1000;
-    for (i = R_EC_P192; i <= R_EC_P521; i++) {
-        ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
-        ecdh_c[i][1] = ecdh_c[i - 1][1] / 2;
-        if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
-            ecdh_doit[i] = 0;
-        else {
-            if (ecdh_c[i] == 0) {
-                ecdh_c[i][0] = 1;
-                ecdh_c[i][1] = 1;
-            }
-        }
-    }
-    ecdh_c[R_EC_K163][0] = count / 1000;
-    ecdh_c[R_EC_K163][1] = count / 1000;
-    for (i = R_EC_K233; i <= R_EC_K571; i++) {
-        ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
-        ecdh_c[i][1] = ecdh_c[i - 1][1] / 2;
-        if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
-            ecdh_doit[i] = 0;
-        else {
-            if (ecdh_c[i] == 0) {
-                ecdh_c[i][0] = 1;
-                ecdh_c[i][1] = 1;
-            }
-        }
-    }
-    ecdh_c[R_EC_B163][0] = count / 1000;
-    ecdh_c[R_EC_B163][1] = count / 1000;
-    for (i = R_EC_B233; i <= R_EC_B571; i++) {
-        ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
-        ecdh_c[i][1] = ecdh_c[i - 1][1] / 2;
-        if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
-            ecdh_doit[i] = 0;
-        else {
-            if (ecdh_c[i] == 0) {
-                ecdh_c[i][0] = 1;
-                ecdh_c[i][1] = 1;
-            }
-        }
-    }
-#   endif
-
-#   define COND(d) (count < (d))
-#   define COUNT(d) (d)
-#  else
-/* not worth fixing */
-#   error "You cannot disable DES on systems without SIGALRM."
-#  endif                        /* OPENSSL_NO_DES */
-# else
-#  define COND(c) (run && count<0x7fffffff)
-#  define COUNT(d) (count)
-#  ifndef _WIN32
-    signal(SIGALRM, sig_done);
-#  endif
-# endif                         /* SIGALRM */
-
-# ifndef OPENSSL_NO_MD2
-    if (doit[D_MD2]) {
-        for (j = 0; j < SIZE_NUM; j++) {
-            print_message(names[D_MD2], c[D_MD2][j], lengths[j]);
-            Time_F(START);
-            for (count = 0, run = 1; COND(c[D_MD2][j]); count++)
-                EVP_Digest(buf, (unsigned long)lengths[j], &(md2[0]), NULL,
-                           EVP_md2(), NULL);
-            d = Time_F(STOP);
-            print_result(D_MD2, j, count, d);
-        }
-    }
-# endif
-# ifndef OPENSSL_NO_MDC2
-    if (doit[D_MDC2]) {
-        for (j = 0; j < SIZE_NUM; j++) {
-            print_message(names[D_MDC2], c[D_MDC2][j], lengths[j]);
-            Time_F(START);
-            for (count = 0, run = 1; COND(c[D_MDC2][j]); count++)
-                EVP_Digest(buf, (unsigned long)lengths[j], &(mdc2[0]), NULL,
-                           EVP_mdc2(), NULL);
-            d = Time_F(STOP);
-            print_result(D_MDC2, j, count, d);
-        }
-    }
-# endif
-
-# ifndef OPENSSL_NO_MD4
-    if (doit[D_MD4]) {
-        for (j = 0; j < SIZE_NUM; j++) {
-            print_message(names[D_MD4], c[D_MD4][j], lengths[j]);
-            Time_F(START);
-            for (count = 0, run = 1; COND(c[D_MD4][j]); count++)
-                EVP_Digest(&(buf[0]), (unsigned long)lengths[j], &(md4[0]),
-                           NULL, EVP_md4(), NULL);
-            d = Time_F(STOP);
-            print_result(D_MD4, j, count, d);
-        }
-    }
-# endif
-
-# ifndef OPENSSL_NO_MD5
-    if (doit[D_MD5]) {
-        for (j = 0; j < SIZE_NUM; j++) {
-            print_message(names[D_MD5], c[D_MD5][j], lengths[j]);
-            Time_F(START);
-            for (count = 0, run = 1; COND(c[D_MD5][j]); count++)
-                EVP_Digest(&(buf[0]), (unsigned long)lengths[j], &(md5[0]),
-                           NULL, EVP_get_digestbyname("md5"), NULL);
-            d = Time_F(STOP);
-            print_result(D_MD5, j, count, d);
-        }
-    }
-# endif
-
-# if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_HMAC)
-    if (doit[D_HMAC]) {
-        HMAC_CTX hctx;
-
-        HMAC_CTX_init(&hctx);
-        HMAC_Init_ex(&hctx, (unsigned char *)"This is a key...",
-                     16, EVP_md5(), NULL);
-
-        for (j = 0; j < SIZE_NUM; j++) {
-            print_message(names[D_HMAC], c[D_HMAC][j], lengths[j]);
-            Time_F(START);
-            for (count = 0, run = 1; COND(c[D_HMAC][j]); count++) {
-                HMAC_Init_ex(&hctx, NULL, 0, NULL, NULL);
-                HMAC_Update(&hctx, buf, lengths[j]);
-                HMAC_Final(&hctx, &(hmac[0]), NULL);
-            }
-            d = Time_F(STOP);
-            print_result(D_HMAC, j, count, d);
-        }
-        HMAC_CTX_cleanup(&hctx);
-    }
-# endif
-# ifndef OPENSSL_NO_SHA
-    if (doit[D_SHA1]) {
-        for (j = 0; j < SIZE_NUM; j++) {
-            print_message(names[D_SHA1], c[D_SHA1][j], lengths[j]);
-            Time_F(START);
-            for (count = 0, run = 1; COND(c[D_SHA1][j]); count++)
-                EVP_Digest(buf, (unsigned long)lengths[j], &(sha[0]), NULL,
-                           EVP_sha1(), NULL);
-            d = Time_F(STOP);
-            print_result(D_SHA1, j, count, d);
-        }
-    }
-#  ifndef OPENSSL_NO_SHA256
-    if (doit[D_SHA256]) {
-        for (j = 0; j < SIZE_NUM; j++) {
-            print_message(names[D_SHA256], c[D_SHA256][j], lengths[j]);
-            Time_F(START);
-            for (count = 0, run = 1; COND(c[D_SHA256][j]); count++)
-                SHA256(buf, lengths[j], sha256);
-            d = Time_F(STOP);
-            print_result(D_SHA256, j, count, d);
-        }
-    }
-#  endif
-
-#  ifndef OPENSSL_NO_SHA512
-    if (doit[D_SHA512]) {
-        for (j = 0; j < SIZE_NUM; j++) {
-            print_message(names[D_SHA512], c[D_SHA512][j], lengths[j]);
-            Time_F(START);
-            for (count = 0, run = 1; COND(c[D_SHA512][j]); count++)
-                SHA512(buf, lengths[j], sha512);
-            d = Time_F(STOP);
-            print_result(D_SHA512, j, count, d);
-        }
-    }
-#  endif
-# endif
-
-# ifndef OPENSSL_NO_WHIRLPOOL
-    if (doit[D_WHIRLPOOL]) {
-        for (j = 0; j < SIZE_NUM; j++) {
-            print_message(names[D_WHIRLPOOL], c[D_WHIRLPOOL][j], lengths[j]);
-            Time_F(START);
-            for (count = 0, run = 1; COND(c[D_WHIRLPOOL][j]); count++)
-                WHIRLPOOL(buf, lengths[j], whirlpool);
-            d = Time_F(STOP);
-            print_result(D_WHIRLPOOL, j, count, d);
-        }
-    }
-# endif
-
-# ifndef OPENSSL_NO_RIPEMD
-    if (doit[D_RMD160]) {
-        for (j = 0; j < SIZE_NUM; j++) {
-            print_message(names[D_RMD160], c[D_RMD160][j], lengths[j]);
-            Time_F(START);
-            for (count = 0, run = 1; COND(c[D_RMD160][j]); count++)
-                EVP_Digest(buf, (unsigned long)lengths[j], &(rmd160[0]), NULL,
-                           EVP_ripemd160(), NULL);
-            d = Time_F(STOP);
-            print_result(D_RMD160, j, count, d);
-        }
-    }
-# endif
-# ifndef OPENSSL_NO_RC4
-    if (doit[D_RC4]) {
-        for (j = 0; j < SIZE_NUM; j++) {
-            print_message(names[D_RC4], c[D_RC4][j], lengths[j]);
-            Time_F(START);
-            for (count = 0, run = 1; COND(c[D_RC4][j]); count++)
-                RC4(&rc4_ks, (unsigned int)lengths[j], buf, buf);
-            d = Time_F(STOP);
-            print_result(D_RC4, j, count, d);
-        }
-    }
-# endif
-# ifndef OPENSSL_NO_DES
-    if (doit[D_CBC_DES]) {
-        for (j = 0; j < SIZE_NUM; j++) {
-            print_message(names[D_CBC_DES], c[D_CBC_DES][j], lengths[j]);
-            Time_F(START);
-            for (count = 0, run = 1; COND(c[D_CBC_DES][j]); count++)
-                DES_ncbc_encrypt(buf, buf, lengths[j], &sch,
-                                 &DES_iv, DES_ENCRYPT);
-            d = Time_F(STOP);
-            print_result(D_CBC_DES, j, count, d);
-        }
-    }
-
-    if (doit[D_EDE3_DES]) {
-        for (j = 0; j < SIZE_NUM; j++) {
-            print_message(names[D_EDE3_DES], c[D_EDE3_DES][j], lengths[j]);
-            Time_F(START);
-            for (count = 0, run = 1; COND(c[D_EDE3_DES][j]); count++)
-                DES_ede3_cbc_encrypt(buf, buf, lengths[j],
-                                     &sch, &sch2, &sch3,
-                                     &DES_iv, DES_ENCRYPT);
-            d = Time_F(STOP);
-            print_result(D_EDE3_DES, j, count, d);
-        }
-    }
-# endif
-# ifndef OPENSSL_NO_AES
-    if (doit[D_CBC_128_AES]) {
-        for (j = 0; j < SIZE_NUM; j++) {
-            print_message(names[D_CBC_128_AES], c[D_CBC_128_AES][j],
-                          lengths[j]);
-            Time_F(START);
-            for (count = 0, run = 1; COND(c[D_CBC_128_AES][j]); count++)
-                AES_cbc_encrypt(buf, buf,
-                                (unsigned long)lengths[j], &aes_ks1,
-                                iv, AES_ENCRYPT);
-            d = Time_F(STOP);
-            print_result(D_CBC_128_AES, j, count, d);
-        }
-    }
-    if (doit[D_CBC_192_AES]) {
-        for (j = 0; j < SIZE_NUM; j++) {
-            print_message(names[D_CBC_192_AES], c[D_CBC_192_AES][j],
-                          lengths[j]);
-            Time_F(START);
-            for (count = 0, run = 1; COND(c[D_CBC_192_AES][j]); count++)
-                AES_cbc_encrypt(buf, buf,
-                                (unsigned long)lengths[j], &aes_ks2,
-                                iv, AES_ENCRYPT);
-            d = Time_F(STOP);
-            print_result(D_CBC_192_AES, j, count, d);
-        }
-    }
-    if (doit[D_CBC_256_AES]) {
-        for (j = 0; j < SIZE_NUM; j++) {
-            print_message(names[D_CBC_256_AES], c[D_CBC_256_AES][j],
-                          lengths[j]);
-            Time_F(START);
-            for (count = 0, run = 1; COND(c[D_CBC_256_AES][j]); count++)
-                AES_cbc_encrypt(buf, buf,
-                                (unsigned long)lengths[j], &aes_ks3,
-                                iv, AES_ENCRYPT);
-            d = Time_F(STOP);
-            print_result(D_CBC_256_AES, j, count, d);
-        }
-    }
-
-    if (doit[D_IGE_128_AES]) {
-        for (j = 0; j < SIZE_NUM; j++) {
-            print_message(names[D_IGE_128_AES], c[D_IGE_128_AES][j],
-                          lengths[j]);
-            Time_F(START);
-            for (count = 0, run = 1; COND(c[D_IGE_128_AES][j]); count++)
-                AES_ige_encrypt(buf, buf2,
-                                (unsigned long)lengths[j], &aes_ks1,
-                                iv, AES_ENCRYPT);
-            d = Time_F(STOP);
-            print_result(D_IGE_128_AES, j, count, d);
-        }
-    }
-    if (doit[D_IGE_192_AES]) {
-        for (j = 0; j < SIZE_NUM; j++) {
-            print_message(names[D_IGE_192_AES], c[D_IGE_192_AES][j],
-                          lengths[j]);
-            Time_F(START);
-            for (count = 0, run = 1; COND(c[D_IGE_192_AES][j]); count++)
-                AES_ige_encrypt(buf, buf2,
-                                (unsigned long)lengths[j], &aes_ks2,
-                                iv, AES_ENCRYPT);
-            d = Time_F(STOP);
-            print_result(D_IGE_192_AES, j, count, d);
-        }
-    }
-    if (doit[D_IGE_256_AES]) {
-        for (j = 0; j < SIZE_NUM; j++) {
-            print_message(names[D_IGE_256_AES], c[D_IGE_256_AES][j],
-                          lengths[j]);
-            Time_F(START);
-            for (count = 0, run = 1; COND(c[D_IGE_256_AES][j]); count++)
-                AES_ige_encrypt(buf, buf2,
-                                (unsigned long)lengths[j], &aes_ks3,
-                                iv, AES_ENCRYPT);
-            d = Time_F(STOP);
-            print_result(D_IGE_256_AES, j, count, d);
-        }
-    }
-    if (doit[D_GHASH]) {
-        GCM128_CONTEXT *ctx =
-            CRYPTO_gcm128_new(&aes_ks1, (block128_f) AES_encrypt);
-        CRYPTO_gcm128_setiv(ctx, (unsigned char *)"0123456789ab", 12);
-
-        for (j = 0; j < SIZE_NUM; j++) {
-            print_message(names[D_GHASH], c[D_GHASH][j], lengths[j]);
-            Time_F(START);
-            for (count = 0, run = 1; COND(c[D_GHASH][j]); count++)
-                CRYPTO_gcm128_aad(ctx, buf, lengths[j]);
-            d = Time_F(STOP);
-            print_result(D_GHASH, j, count, d);
-        }
-        CRYPTO_gcm128_release(ctx);
-    }
-# endif
-# ifndef OPENSSL_NO_CAMELLIA
-    if (doit[D_CBC_128_CML]) {
-        for (j = 0; j < SIZE_NUM; j++) {
-            print_message(names[D_CBC_128_CML], c[D_CBC_128_CML][j],
-                          lengths[j]);
-            Time_F(START);
-            for (count = 0, run = 1; COND(c[D_CBC_128_CML][j]); count++)
-                Camellia_cbc_encrypt(buf, buf,
-                                     (unsigned long)lengths[j], &camellia_ks1,
-                                     iv, CAMELLIA_ENCRYPT);
-            d = Time_F(STOP);
-            print_result(D_CBC_128_CML, j, count, d);
-        }
-    }
-    if (doit[D_CBC_192_CML]) {
-        for (j = 0; j < SIZE_NUM; j++) {
-            print_message(names[D_CBC_192_CML], c[D_CBC_192_CML][j],
-                          lengths[j]);
-            Time_F(START);
-            for (count = 0, run = 1; COND(c[D_CBC_192_CML][j]); count++)
-                Camellia_cbc_encrypt(buf, buf,
-                                     (unsigned long)lengths[j], &camellia_ks2,
-                                     iv, CAMELLIA_ENCRYPT);
-            d = Time_F(STOP);
-            print_result(D_CBC_192_CML, j, count, d);
-        }
-    }
-    if (doit[D_CBC_256_CML]) {
-        for (j = 0; j < SIZE_NUM; j++) {
-            print_message(names[D_CBC_256_CML], c[D_CBC_256_CML][j],
-                          lengths[j]);
-            Time_F(START);
-            for (count = 0, run = 1; COND(c[D_CBC_256_CML][j]); count++)
-                Camellia_cbc_encrypt(buf, buf,
-                                     (unsigned long)lengths[j], &camellia_ks3,
-                                     iv, CAMELLIA_ENCRYPT);
-            d = Time_F(STOP);
-            print_result(D_CBC_256_CML, j, count, d);
-        }
-    }
-# endif
-# ifndef OPENSSL_NO_IDEA
-    if (doit[D_CBC_IDEA]) {
-        for (j = 0; j < SIZE_NUM; j++) {
-            print_message(names[D_CBC_IDEA], c[D_CBC_IDEA][j], lengths[j]);
-            Time_F(START);
-            for (count = 0, run = 1; COND(c[D_CBC_IDEA][j]); count++)
-                idea_cbc_encrypt(buf, buf,
-                                 (unsigned long)lengths[j], &idea_ks,
-                                 iv, IDEA_ENCRYPT);
-            d = Time_F(STOP);
-            print_result(D_CBC_IDEA, j, count, d);
-        }
-    }
-# endif
-# ifndef OPENSSL_NO_SEED
-    if (doit[D_CBC_SEED]) {
-        for (j = 0; j < SIZE_NUM; j++) {
-            print_message(names[D_CBC_SEED], c[D_CBC_SEED][j], lengths[j]);
-            Time_F(START);
-            for (count = 0, run = 1; COND(c[D_CBC_SEED][j]); count++)
-                SEED_cbc_encrypt(buf, buf,
-                                 (unsigned long)lengths[j], &seed_ks, iv, 1);
-            d = Time_F(STOP);
-            print_result(D_CBC_SEED, j, count, d);
-        }
-    }
-# endif
-# ifndef OPENSSL_NO_RC2
-    if (doit[D_CBC_RC2]) {
-        for (j = 0; j < SIZE_NUM; j++) {
-            print_message(names[D_CBC_RC2], c[D_CBC_RC2][j], lengths[j]);
-            Time_F(START);
-            for (count = 0, run = 1; COND(c[D_CBC_RC2][j]); count++)
-                RC2_cbc_encrypt(buf, buf,
-                                (unsigned long)lengths[j], &rc2_ks,
-                                iv, RC2_ENCRYPT);
-            d = Time_F(STOP);
-            print_result(D_CBC_RC2, j, count, d);
-        }
-    }
-# endif
-# ifndef OPENSSL_NO_RC5
-    if (doit[D_CBC_RC5]) {
-        for (j = 0; j < SIZE_NUM; j++) {
-            print_message(names[D_CBC_RC5], c[D_CBC_RC5][j], lengths[j]);
-            Time_F(START);
-            for (count = 0, run = 1; COND(c[D_CBC_RC5][j]); count++)
-                RC5_32_cbc_encrypt(buf, buf,
-                                   (unsigned long)lengths[j], &rc5_ks,
-                                   iv, RC5_ENCRYPT);
-            d = Time_F(STOP);
-            print_result(D_CBC_RC5, j, count, d);
-        }
-    }
-# endif
-# ifndef OPENSSL_NO_BF
-    if (doit[D_CBC_BF]) {
-        for (j = 0; j < SIZE_NUM; j++) {
-            print_message(names[D_CBC_BF], c[D_CBC_BF][j], lengths[j]);
-            Time_F(START);
-            for (count = 0, run = 1; COND(c[D_CBC_BF][j]); count++)
-                BF_cbc_encrypt(buf, buf,
-                               (unsigned long)lengths[j], &bf_ks,
-                               iv, BF_ENCRYPT);
-            d = Time_F(STOP);
-            print_result(D_CBC_BF, j, count, d);
-        }
-    }
-# endif
-# ifndef OPENSSL_NO_CAST
-    if (doit[D_CBC_CAST]) {
-        for (j = 0; j < SIZE_NUM; j++) {
-            print_message(names[D_CBC_CAST], c[D_CBC_CAST][j], lengths[j]);
-            Time_F(START);
-            for (count = 0, run = 1; COND(c[D_CBC_CAST][j]); count++)
-                CAST_cbc_encrypt(buf, buf,
-                                 (unsigned long)lengths[j], &cast_ks,
-                                 iv, CAST_ENCRYPT);
-            d = Time_F(STOP);
-            print_result(D_CBC_CAST, j, count, d);
-        }
-    }
-# endif
-
-    if (doit[D_EVP]) {
-        for (j = 0; j < SIZE_NUM; j++) {
-            if (evp_cipher) {
-                EVP_CIPHER_CTX ctx;
-                int outl;
-
-                names[D_EVP] = OBJ_nid2ln(evp_cipher->nid);
-                /*
-                 * -O3 -fschedule-insns messes up an optimization here!
-                 * names[D_EVP] somehow becomes NULL
-                 */
-                print_message(names[D_EVP], save_count, lengths[j]);
-
-                EVP_CIPHER_CTX_init(&ctx);
-                if (decrypt)
-                    EVP_DecryptInit_ex(&ctx, evp_cipher, NULL, key16, iv);
-                else
-                    EVP_EncryptInit_ex(&ctx, evp_cipher, NULL, key16, iv);
-                EVP_CIPHER_CTX_set_padding(&ctx, 0);
-
-                Time_F(START);
-                if (decrypt)
-                    for (count = 0, run = 1;
-                         COND(save_count * 4 * lengths[0] / lengths[j]);
-                         count++)
-                        EVP_DecryptUpdate(&ctx, buf, &outl, buf, lengths[j]);
-                else
-                    for (count = 0, run = 1;
-                         COND(save_count * 4 * lengths[0] / lengths[j]);
-                         count++)
-                        EVP_EncryptUpdate(&ctx, buf, &outl, buf, lengths[j]);
-                if (decrypt)
-                    EVP_DecryptFinal_ex(&ctx, buf, &outl);
-                else
-                    EVP_EncryptFinal_ex(&ctx, buf, &outl);
-                d = Time_F(STOP);
-                EVP_CIPHER_CTX_cleanup(&ctx);
-            }
-            if (evp_md) {
-                names[D_EVP] = OBJ_nid2ln(evp_md->type);
-                print_message(names[D_EVP], save_count, lengths[j]);
-
-                Time_F(START);
-                for (count = 0, run = 1;
-                     COND(save_count * 4 * lengths[0] / lengths[j]); count++)
-                    EVP_Digest(buf, lengths[j], &(md[0]), NULL, evp_md, NULL);
-
-                d = Time_F(STOP);
-            }
-            print_result(D_EVP, j, count, d);
-        }
-    }
-
-    RAND_pseudo_bytes(buf, 36);
-# ifndef OPENSSL_NO_RSA
-    for (j = 0; j < RSA_NUM; j++) {
-        int ret;
-        if (!rsa_doit[j])
-            continue;
-        ret = RSA_sign(NID_md5_sha1, buf, 36, buf2, &rsa_num, rsa_key[j]);
-        if (ret == 0) {
-            BIO_printf(bio_err,
-                       "RSA sign failure.  No RSA sign will be done.\n");
-            ERR_print_errors(bio_err);
-            rsa_count = 1;
-        } else {
-            pkey_print_message("private", "rsa",
-                               rsa_c[j][0], rsa_bits[j], RSA_SECONDS);
-            /* RSA_blinding_on(rsa_key[j],NULL); */
-            Time_F(START);
-            for (count = 0, run = 1; COND(rsa_c[j][0]); count++) {
-                ret = RSA_sign(NID_md5_sha1, buf, 36, buf2,
-                               &rsa_num, rsa_key[j]);
-                if (ret == 0) {
-                    BIO_printf(bio_err, "RSA sign failure\n");
-                    ERR_print_errors(bio_err);
-                    count = 1;
-                    break;
-                }
-            }
-            d = Time_F(STOP);
-            BIO_printf(bio_err,
-                       mr ? "+R1:%ld:%d:%.2f\n"
-                       : "%ld %d bit private RSA's in %.2fs\n",
-                       count, rsa_bits[j], d);
-            rsa_results[j][0] = d / (double)count;
-            rsa_count = count;
-        }
-
-#  if 1
-        ret = RSA_verify(NID_md5_sha1, buf, 36, buf2, rsa_num, rsa_key[j]);
-        if (ret <= 0) {
-            BIO_printf(bio_err,
-                       "RSA verify failure.  No RSA verify will be done.\n");
-            ERR_print_errors(bio_err);
-            rsa_doit[j] = 0;
-        } else {
-            pkey_print_message("public", "rsa",
-                               rsa_c[j][1], rsa_bits[j], RSA_SECONDS);
-            Time_F(START);
-            for (count = 0, run = 1; COND(rsa_c[j][1]); count++) {
-                ret = RSA_verify(NID_md5_sha1, buf, 36, buf2,
-                                 rsa_num, rsa_key[j]);
-                if (ret <= 0) {
-                    BIO_printf(bio_err, "RSA verify failure\n");
-                    ERR_print_errors(bio_err);
-                    count = 1;
-                    break;
-                }
-            }
-            d = Time_F(STOP);
-            BIO_printf(bio_err,
-                       mr ? "+R2:%ld:%d:%.2f\n"
-                       : "%ld %d bit public RSA's in %.2fs\n",
-                       count, rsa_bits[j], d);
-            rsa_results[j][1] = d / (double)count;
-        }
-#  endif
-
-        if (rsa_count <= 1) {
-            /* if longer than 10s, don't do any more */
-            for (j++; j < RSA_NUM; j++)
-                rsa_doit[j] = 0;
-        }
-    }
-# endif
-
-    RAND_pseudo_bytes(buf, 20);
-# ifndef OPENSSL_NO_DSA
-    if (RAND_status() != 1) {
-        RAND_seed(rnd_seed, sizeof rnd_seed);
-        rnd_fake = 1;
-    }
-    for (j = 0; j < DSA_NUM; j++) {
-        unsigned int kk;
-        int ret;
-
-        if (!dsa_doit[j])
-            continue;
-
-        /* DSA_generate_key(dsa_key[j]); */
-        /* DSA_sign_setup(dsa_key[j],NULL); */
-        ret = DSA_sign(EVP_PKEY_DSA, buf, 20, buf2, &kk, dsa_key[j]);
-        if (ret == 0) {
-            BIO_printf(bio_err,
-                       "DSA sign failure.  No DSA sign will be done.\n");
-            ERR_print_errors(bio_err);
-            rsa_count = 1;
-        } else {
-            pkey_print_message("sign", "dsa",
-                               dsa_c[j][0], dsa_bits[j], DSA_SECONDS);
-            Time_F(START);
-            for (count = 0, run = 1; COND(dsa_c[j][0]); count++) {
-                ret = DSA_sign(EVP_PKEY_DSA, buf, 20, buf2, &kk, dsa_key[j]);
-                if (ret == 0) {
-                    BIO_printf(bio_err, "DSA sign failure\n");
-                    ERR_print_errors(bio_err);
-                    count = 1;
-                    break;
-                }
-            }
-            d = Time_F(STOP);
-            BIO_printf(bio_err,
-                       mr ? "+R3:%ld:%d:%.2f\n"
-                       : "%ld %d bit DSA signs in %.2fs\n",
-                       count, dsa_bits[j], d);
-            dsa_results[j][0] = d / (double)count;
-            rsa_count = count;
-        }
-
-        ret = DSA_verify(EVP_PKEY_DSA, buf, 20, buf2, kk, dsa_key[j]);
-        if (ret <= 0) {
-            BIO_printf(bio_err,
-                       "DSA verify failure.  No DSA verify will be done.\n");
-            ERR_print_errors(bio_err);
-            dsa_doit[j] = 0;
-        } else {
-            pkey_print_message("verify", "dsa",
-                               dsa_c[j][1], dsa_bits[j], DSA_SECONDS);
-            Time_F(START);
-            for (count = 0, run = 1; COND(dsa_c[j][1]); count++) {
-                ret = DSA_verify(EVP_PKEY_DSA, buf, 20, buf2, kk, dsa_key[j]);
-                if (ret <= 0) {
-                    BIO_printf(bio_err, "DSA verify failure\n");
-                    ERR_print_errors(bio_err);
-                    count = 1;
-                    break;
-                }
-            }
-            d = Time_F(STOP);
-            BIO_printf(bio_err,
-                       mr ? "+R4:%ld:%d:%.2f\n"
-                       : "%ld %d bit DSA verify in %.2fs\n",
-                       count, dsa_bits[j], d);
-            dsa_results[j][1] = d / (double)count;
-        }
-
-        if (rsa_count <= 1) {
-            /* if longer than 10s, don't do any more */
-            for (j++; j < DSA_NUM; j++)
-                dsa_doit[j] = 0;
-        }
-    }
-    if (rnd_fake)
-        RAND_cleanup();
-# endif
-
-# ifndef OPENSSL_NO_ECDSA
-    if (RAND_status() != 1) {
-        RAND_seed(rnd_seed, sizeof rnd_seed);
-        rnd_fake = 1;
-    }
-    for (j = 0; j < EC_NUM; j++) {
-        int ret;
-
-        if (!ecdsa_doit[j])
-            continue;           /* Ignore Curve */
-        ecdsa[j] = EC_KEY_new_by_curve_name(test_curves[j]);
-        if (ecdsa[j] == NULL) {
-            BIO_printf(bio_err, "ECDSA failure.\n");
-            ERR_print_errors(bio_err);
-            rsa_count = 1;
-        } else {
-#  if 1
-            EC_KEY_precompute_mult(ecdsa[j], NULL);
-#  endif
-            /* Perform ECDSA signature test */
-            EC_KEY_generate_key(ecdsa[j]);
-            ret = ECDSA_sign(0, buf, 20, ecdsasig, &ecdsasiglen, ecdsa[j]);
-            if (ret == 0) {
-                BIO_printf(bio_err,
-                           "ECDSA sign failure.  No ECDSA sign will be done.\n");
-                ERR_print_errors(bio_err);
-                rsa_count = 1;
-            } else {
-                pkey_print_message("sign", "ecdsa",
-                                   ecdsa_c[j][0],
-                                   test_curves_bits[j], ECDSA_SECONDS);
-
-                Time_F(START);
-                for (count = 0, run = 1; COND(ecdsa_c[j][0]); count++) {
-                    ret = ECDSA_sign(0, buf, 20,
-                                     ecdsasig, &ecdsasiglen, ecdsa[j]);
-                    if (ret == 0) {
-                        BIO_printf(bio_err, "ECDSA sign failure\n");
-                        ERR_print_errors(bio_err);
-                        count = 1;
-                        break;
-                    }
-                }
-                d = Time_F(STOP);
-
-                BIO_printf(bio_err,
-                           mr ? "+R5:%ld:%d:%.2f\n" :
-                           "%ld %d bit ECDSA signs in %.2fs \n",
-                           count, test_curves_bits[j], d);
-                ecdsa_results[j][0] = d / (double)count;
-                rsa_count = count;
-            }
-
-            /* Perform ECDSA verification test */
-            ret = ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[j]);
-            if (ret != 1) {
-                BIO_printf(bio_err,
-                           "ECDSA verify failure.  No ECDSA verify will be done.\n");
-                ERR_print_errors(bio_err);
-                ecdsa_doit[j] = 0;
-            } else {
-                pkey_print_message("verify", "ecdsa",
-                                   ecdsa_c[j][1],
-                                   test_curves_bits[j], ECDSA_SECONDS);
-                Time_F(START);
-                for (count = 0, run = 1; COND(ecdsa_c[j][1]); count++) {
-                    ret =
-                        ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen,
-                                     ecdsa[j]);
-                    if (ret != 1) {
-                        BIO_printf(bio_err, "ECDSA verify failure\n");
-                        ERR_print_errors(bio_err);
-                        count = 1;
-                        break;
-                    }
-                }
-                d = Time_F(STOP);
-                BIO_printf(bio_err,
-                           mr ? "+R6:%ld:%d:%.2f\n"
-                           : "%ld %d bit ECDSA verify in %.2fs\n",
-                           count, test_curves_bits[j], d);
-                ecdsa_results[j][1] = d / (double)count;
-            }
-
-            if (rsa_count <= 1) {
-                /* if longer than 10s, don't do any more */
-                for (j++; j < EC_NUM; j++)
-                    ecdsa_doit[j] = 0;
-            }
-        }
-    }
-    if (rnd_fake)
-        RAND_cleanup();
-# endif
-
-# ifndef OPENSSL_NO_ECDH
-    if (RAND_status() != 1) {
-        RAND_seed(rnd_seed, sizeof rnd_seed);
-        rnd_fake = 1;
-    }
-    for (j = 0; j < EC_NUM; j++) {
-        if (!ecdh_doit[j])
-            continue;
-        ecdh_a[j] = EC_KEY_new_by_curve_name(test_curves[j]);
-        ecdh_b[j] = EC_KEY_new_by_curve_name(test_curves[j]);
-        if ((ecdh_a[j] == NULL) || (ecdh_b[j] == NULL)) {
-            BIO_printf(bio_err, "ECDH failure.\n");
-            ERR_print_errors(bio_err);
-            rsa_count = 1;
-        } else {
-            /* generate two ECDH key pairs */
-            if (!EC_KEY_generate_key(ecdh_a[j]) ||
-                !EC_KEY_generate_key(ecdh_b[j])) {
-                BIO_printf(bio_err, "ECDH key generation failure.\n");
-                ERR_print_errors(bio_err);
-                rsa_count = 1;
-            } else {
-                /*
-                 * If field size is not more than 24 octets, then use SHA-1
-                 * hash of result; otherwise, use result (see section 4.8 of
-                 * draft-ietf-tls-ecc-03.txt).
-                 */
-                int field_size, outlen;
-                void *(*kdf) (const void *in, size_t inlen, void *out,
-                              size_t *xoutlen);
-                field_size =
-                    EC_GROUP_get_degree(EC_KEY_get0_group(ecdh_a[j]));
-                if (field_size <= 24 * 8) {
-                    outlen = KDF1_SHA1_len;
-                    kdf = KDF1_SHA1;
-                } else {
-                    outlen = (field_size + 7) / 8;
-                    kdf = NULL;
-                }
-                secret_size_a =
-                    ECDH_compute_key(secret_a, outlen,
-                                     EC_KEY_get0_public_key(ecdh_b[j]),
-                                     ecdh_a[j], kdf);
-                secret_size_b =
-                    ECDH_compute_key(secret_b, outlen,
-                                     EC_KEY_get0_public_key(ecdh_a[j]),
-                                     ecdh_b[j], kdf);
-                if (secret_size_a != secret_size_b)
-                    ecdh_checks = 0;
-                else
-                    ecdh_checks = 1;
-
-                for (secret_idx = 0; (secret_idx < secret_size_a)
-                     && (ecdh_checks == 1); secret_idx++) {
-                    if (secret_a[secret_idx] != secret_b[secret_idx])
-                        ecdh_checks = 0;
-                }
-
-                if (ecdh_checks == 0) {
-                    BIO_printf(bio_err, "ECDH computations don't match.\n");
-                    ERR_print_errors(bio_err);
-                    rsa_count = 1;
-                }
-
-                pkey_print_message("", "ecdh",
-                                   ecdh_c[j][0],
-                                   test_curves_bits[j], ECDH_SECONDS);
-                Time_F(START);
-                for (count = 0, run = 1; COND(ecdh_c[j][0]); count++) {
-                    ECDH_compute_key(secret_a, outlen,
-                                     EC_KEY_get0_public_key(ecdh_b[j]),
-                                     ecdh_a[j], kdf);
-                }
-                d = Time_F(STOP);
-                BIO_printf(bio_err,
-                           mr ? "+R7:%ld:%d:%.2f\n" :
-                           "%ld %d-bit ECDH ops in %.2fs\n", count,
-                           test_curves_bits[j], d);
-                ecdh_results[j][0] = d / (double)count;
-                rsa_count = count;
-            }
-        }
-
-        if (rsa_count <= 1) {
-            /* if longer than 10s, don't do any more */
-            for (j++; j < EC_NUM; j++)
-                ecdh_doit[j] = 0;
-        }
-    }
-    if (rnd_fake)
-        RAND_cleanup();
-# endif
-# ifndef NO_FORK
- show_res:
-# endif
-    if (!mr) {
-        fprintf(stdout, "%s\n", SSLeay_version(SSLEAY_VERSION));
-        fprintf(stdout, "%s\n", SSLeay_version(SSLEAY_BUILT_ON));
-        printf("options:");
-        printf("%s ", BN_options());
-# ifndef OPENSSL_NO_MD2
-        printf("%s ", MD2_options());
-# endif
-# ifndef OPENSSL_NO_RC4
-        printf("%s ", RC4_options());
-# endif
-# ifndef OPENSSL_NO_DES
-        printf("%s ", DES_options());
-# endif
-# ifndef OPENSSL_NO_AES
-        printf("%s ", AES_options());
-# endif
-# ifndef OPENSSL_NO_IDEA
-        printf("%s ", idea_options());
-# endif
-# ifndef OPENSSL_NO_BF
-        printf("%s ", BF_options());
-# endif
-        fprintf(stdout, "\n%s\n", SSLeay_version(SSLEAY_CFLAGS));
-    }
-
-    if (pr_header) {
-        if (mr)
-            fprintf(stdout, "+H");
-        else {
-            fprintf(stdout,
-                    "The 'numbers' are in 1000s of bytes per second processed.\n");
-            fprintf(stdout, "type        ");
-        }
-        for (j = 0; j < SIZE_NUM; j++)
-            fprintf(stdout, mr ? ":%d" : "%7d bytes", lengths[j]);
-        fprintf(stdout, "\n");
-    }
-
-    for (k = 0; k < ALGOR_NUM; k++) {
-        if (!doit[k])
-            continue;
-        if (mr)
-            fprintf(stdout, "+F:%d:%s", k, names[k]);
-        else
-            fprintf(stdout, "%-13s", names[k]);
-        for (j = 0; j < SIZE_NUM; j++) {
-            if (results[k][j] > 10000 && !mr)
-                fprintf(stdout, " %11.2fk", results[k][j] / 1e3);
-            else
-                fprintf(stdout, mr ? ":%.2f" : " %11.2f ", results[k][j]);
-        }
-        fprintf(stdout, "\n");
-    }
-# ifndef OPENSSL_NO_RSA
-    j = 1;
-    for (k = 0; k < RSA_NUM; k++) {
-        if (!rsa_doit[k])
-            continue;
-        if (j && !mr) {
-            printf("%18ssign    verify    sign/s verify/s\n", " ");
-            j = 0;
-        }
-        if (mr)
-            fprintf(stdout, "+F2:%u:%u:%f:%f\n",
-                    k, rsa_bits[k], rsa_results[k][0], rsa_results[k][1]);
-        else
-            fprintf(stdout, "rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
-                    rsa_bits[k], rsa_results[k][0], rsa_results[k][1],
-                    1.0 / rsa_results[k][0], 1.0 / rsa_results[k][1]);
-    }
-# endif
-# ifndef OPENSSL_NO_DSA
-    j = 1;
-    for (k = 0; k < DSA_NUM; k++) {
-        if (!dsa_doit[k])
-            continue;
-        if (j && !mr) {
-            printf("%18ssign    verify    sign/s verify/s\n", " ");
-            j = 0;
-        }
-        if (mr)
-            fprintf(stdout, "+F3:%u:%u:%f:%f\n",
-                    k, dsa_bits[k], dsa_results[k][0], dsa_results[k][1]);
-        else
-            fprintf(stdout, "dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
-                    dsa_bits[k], dsa_results[k][0], dsa_results[k][1],
-                    1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1]);
-    }
-# endif
-# ifndef OPENSSL_NO_ECDSA
-    j = 1;
-    for (k = 0; k < EC_NUM; k++) {
-        if (!ecdsa_doit[k])
-            continue;
-        if (j && !mr) {
-            printf("%30ssign    verify    sign/s verify/s\n", " ");
-            j = 0;
-        }
-
-        if (mr)
-            fprintf(stdout, "+F4:%u:%u:%f:%f\n",
-                    k, test_curves_bits[k],
-                    ecdsa_results[k][0], ecdsa_results[k][1]);
-        else
-            fprintf(stdout,
-                    "%4u bit ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
-                    test_curves_bits[k],
-                    test_curves_names[k],
-                    ecdsa_results[k][0], ecdsa_results[k][1],
-                    1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1]);
-    }
-# endif
-
-# ifndef OPENSSL_NO_ECDH
-    j = 1;
-    for (k = 0; k < EC_NUM; k++) {
-        if (!ecdh_doit[k])
-            continue;
-        if (j && !mr) {
-            printf("%30sop      op/s\n", " ");
-            j = 0;
-        }
-        if (mr)
-            fprintf(stdout, "+F5:%u:%u:%f:%f\n",
-                    k, test_curves_bits[k],
-                    ecdh_results[k][0], 1.0 / ecdh_results[k][0]);
-
-        else
-            fprintf(stdout, "%4u bit ecdh (%s) %8.4fs %8.1f\n",
-                    test_curves_bits[k],
-                    test_curves_names[k],
-                    ecdh_results[k][0], 1.0 / ecdh_results[k][0]);
-    }
-# endif
-
-    mret = 0;
-
- end:
-    ERR_print_errors(bio_err);
-    if (buf != NULL)
-        OPENSSL_free(buf);
-    if (buf2 != NULL)
-        OPENSSL_free(buf2);
-# ifndef OPENSSL_NO_RSA
-    for (i = 0; i < RSA_NUM; i++)
-        if (rsa_key[i] != NULL)
-            RSA_free(rsa_key[i]);
-# endif
-# ifndef OPENSSL_NO_DSA
-    for (i = 0; i < DSA_NUM; i++)
-        if (dsa_key[i] != NULL)
-            DSA_free(dsa_key[i]);
-# endif
-
-# ifndef OPENSSL_NO_ECDSA
-    for (i = 0; i < EC_NUM; i++)
-        if (ecdsa[i] != NULL)
-            EC_KEY_free(ecdsa[i]);
-# endif
-# ifndef OPENSSL_NO_ECDH
-    for (i = 0; i < EC_NUM; i++) {
-        if (ecdh_a[i] != NULL)
-            EC_KEY_free(ecdh_a[i]);
-        if (ecdh_b[i] != NULL)
-            EC_KEY_free(ecdh_b[i]);
-    }
-# endif
-
-    apps_shutdown();
-    OPENSSL_EXIT(mret);
-}
-
-static void print_message(const char *s, long num, int length)
-{
-# ifdef SIGALRM
-    BIO_printf(bio_err,
-               mr ? "+DT:%s:%d:%d\n"
-               : "Doing %s for %ds on %d size blocks: ", s, SECONDS, length);
-    (void)BIO_flush(bio_err);
-    alarm(SECONDS);
-# else
-    BIO_printf(bio_err,
-               mr ? "+DN:%s:%ld:%d\n"
-               : "Doing %s %ld times on %d size blocks: ", s, num, length);
-    (void)BIO_flush(bio_err);
-# endif
-# ifdef LINT
-    num = num;
-# endif
-}
-
-static void pkey_print_message(const char *str, const char *str2, long num,
-                               int bits, int tm)
-{
-# ifdef SIGALRM
-    BIO_printf(bio_err,
-               mr ? "+DTP:%d:%s:%s:%d\n"
-               : "Doing %d bit %s %s's for %ds: ", bits, str, str2, tm);
-    (void)BIO_flush(bio_err);
-    alarm(tm);
-# else
-    BIO_printf(bio_err,
-               mr ? "+DNP:%ld:%d:%s:%s\n"
-               : "Doing %ld %d bit %s %s's: ", num, bits, str, str2);
-    (void)BIO_flush(bio_err);
-# endif
-# ifdef LINT
-    num = num;
-# endif
-}
-
-static void print_result(int alg, int run_no, int count, double time_used)
-{
-    BIO_printf(bio_err,
-               mr ? "+R:%d:%s:%f\n"
-               : "%d %s's in %.2fs\n", count, names[alg], time_used);
-    results[alg][run_no] = ((double)count) / time_used * lengths[run_no];
-}
-
-# ifndef NO_FORK
-static char *sstrsep(char **string, const char *delim)
-{
-    char isdelim[256];
-    char *token = *string;
-
-    if (**string == 0)
-        return NULL;
-
-    memset(isdelim, 0, sizeof isdelim);
-    isdelim[0] = 1;
-
-    while (*delim) {
-        isdelim[(unsigned char)(*delim)] = 1;
-        delim++;
-    }
-
-    while (!isdelim[(unsigned char)(**string)]) {
-        (*string)++;
-    }
-
-    if (**string) {
-        **string = 0;
-        (*string)++;
-    }
-
-    return token;
-}
-
-static int do_multi(int multi)
-{
-    int n;
-    int fd[2];
-    int *fds;
-    static char sep[] = ":";
-
-    fds = malloc(multi * sizeof *fds);
-    for (n = 0; n < multi; ++n) {
-        if (pipe(fd) == -1) {
-            fprintf(stderr, "pipe failure\n");
-            exit(1);
-        }
-        fflush(stdout);
-        fflush(stderr);
-        if (fork()) {
-            close(fd[1]);
-            fds[n] = fd[0];
-        } else {
-            close(fd[0]);
-            close(1);
-            if (dup(fd[1]) == -1) {
-                fprintf(stderr, "dup failed\n");
-                exit(1);
-            }
-            close(fd[1]);
-            mr = 1;
-            usertime = 0;
-            free(fds);
-            return 0;
-        }
-        printf("Forked child %d\n", n);
-    }
-
-    /* for now, assume the pipe is long enough to take all the output */
-    for (n = 0; n < multi; ++n) {
-        FILE *f;
-        char buf[1024];
-        char *p;
-
-        f = fdopen(fds[n], "r");
-        while (fgets(buf, sizeof buf, f)) {
-            p = strchr(buf, '\n');
-            if (p)
-                *p = '\0';
-            if (buf[0] != '+') {
-                fprintf(stderr, "Don't understand line '%s' from child %d\n",
-                        buf, n);
-                continue;
-            }
-            printf("Got: %s from %d\n", buf, n);
-            if (!strncmp(buf, "+F:", 3)) {
-                int alg;
-                int j;
-
-                p = buf + 3;
-                alg = atoi(sstrsep(&p, sep));
-                sstrsep(&p, sep);
-                for (j = 0; j < SIZE_NUM; ++j)
-                    results[alg][j] += atof(sstrsep(&p, sep));
-            } else if (!strncmp(buf, "+F2:", 4)) {
-                int k;
-                double d;
-
-                p = buf + 4;
-                k = atoi(sstrsep(&p, sep));
-                sstrsep(&p, sep);
-
-                d = atof(sstrsep(&p, sep));
-                if (n)
-                    rsa_results[k][0] = 1 / (1 / rsa_results[k][0] + 1 / d);
-                else
-                    rsa_results[k][0] = d;
-
-                d = atof(sstrsep(&p, sep));
-                if (n)
-                    rsa_results[k][1] = 1 / (1 / rsa_results[k][1] + 1 / d);
-                else
-                    rsa_results[k][1] = d;
-            }
-#  ifndef OPENSSL_NO_DSA
-            else if (!strncmp(buf, "+F3:", 4)) {
-                int k;
-                double d;
-
-                p = buf + 4;
-                k = atoi(sstrsep(&p, sep));
-                sstrsep(&p, sep);
-
-                d = atof(sstrsep(&p, sep));
-                if (n)
-                    dsa_results[k][0] = 1 / (1 / dsa_results[k][0] + 1 / d);
-                else
-                    dsa_results[k][0] = d;
-
-                d = atof(sstrsep(&p, sep));
-                if (n)
-                    dsa_results[k][1] = 1 / (1 / dsa_results[k][1] + 1 / d);
-                else
-                    dsa_results[k][1] = d;
-            }
-#  endif
-#  ifndef OPENSSL_NO_ECDSA
-            else if (!strncmp(buf, "+F4:", 4)) {
-                int k;
-                double d;
-
-                p = buf + 4;
-                k = atoi(sstrsep(&p, sep));
-                sstrsep(&p, sep);
-
-                d = atof(sstrsep(&p, sep));
-                if (n)
-                    ecdsa_results[k][0] =
-                        1 / (1 / ecdsa_results[k][0] + 1 / d);
-                else
-                    ecdsa_results[k][0] = d;
-
-                d = atof(sstrsep(&p, sep));
-                if (n)
-                    ecdsa_results[k][1] =
-                        1 / (1 / ecdsa_results[k][1] + 1 / d);
-                else
-                    ecdsa_results[k][1] = d;
-            }
-#  endif
-
-#  ifndef OPENSSL_NO_ECDH
-            else if (!strncmp(buf, "+F5:", 4)) {
-                int k;
-                double d;
-
-                p = buf + 4;
-                k = atoi(sstrsep(&p, sep));
-                sstrsep(&p, sep);
-
-                d = atof(sstrsep(&p, sep));
-                if (n)
-                    ecdh_results[k][0] = 1 / (1 / ecdh_results[k][0] + 1 / d);
-                else
-                    ecdh_results[k][0] = d;
-
-            }
-#  endif
-
-            else if (!strncmp(buf, "+H:", 3)) {
-            } else
-                fprintf(stderr, "Unknown type '%s' from child %d\n", buf, n);
-        }
-
-        fclose(f);
-    }
-    free(fds);
-    return 1;
-}
-# endif
-#endif

Copied: vendor-crypto/openssl/1.0.1u/apps/speed.c (from rev 11605, vendor-crypto/openssl/dist/apps/speed.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/apps/speed.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/apps/speed.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,2745 @@
+/* apps/speed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The ECDH and ECDSA speed test software is originally written by
+ * Sumit Gupta of Sun Microsystems Laboratories.
+ *
+ */
+
+/* most of this code has been pilfered from my libdes speed.c program */
+
+#ifndef OPENSSL_NO_SPEED
+
+# undef SECONDS
+# define SECONDS         3
+# define RSA_SECONDS     10
+# define DSA_SECONDS     10
+# define ECDSA_SECONDS   10
+# define ECDH_SECONDS    10
+
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+
+# undef PROG
+# define PROG speed_main
+
+# include <stdio.h>
+# include <stdlib.h>
+
+# include <string.h>
+# include <math.h>
+# include "apps.h"
+# ifdef OPENSSL_NO_STDIO
+#  define APPS_WIN16
+# endif
+# include <openssl/crypto.h>
+# include <openssl/rand.h>
+# include <openssl/err.h>
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# if !defined(OPENSSL_SYS_MSDOS)
+#  include OPENSSL_UNISTD
+# endif
+
+# ifndef OPENSSL_SYS_NETWARE
+#  include <signal.h>
+# endif
+
+# if defined(_WIN32) || defined(__CYGWIN__)
+#  include <windows.h>
+#  if defined(__CYGWIN__) && !defined(_WIN32)
+  /*
+   * <windows.h> should define _WIN32, which normally is mutually exclusive
+   * with __CYGWIN__, but if it didn't...
+   */
+#   define _WIN32
+  /* this is done because Cygwin alarm() fails sometimes. */
+#  endif
+# endif
+
+# include <openssl/bn.h>
+# ifndef OPENSSL_NO_DES
+#  include <openssl/des.h>
+# endif
+# ifndef OPENSSL_NO_AES
+#  include <openssl/aes.h>
+# endif
+# ifndef OPENSSL_NO_CAMELLIA
+#  include <openssl/camellia.h>
+# endif
+# ifndef OPENSSL_NO_MD2
+#  include <openssl/md2.h>
+# endif
+# ifndef OPENSSL_NO_MDC2
+#  include <openssl/mdc2.h>
+# endif
+# ifndef OPENSSL_NO_MD4
+#  include <openssl/md4.h>
+# endif
+# ifndef OPENSSL_NO_MD5
+#  include <openssl/md5.h>
+# endif
+# ifndef OPENSSL_NO_HMAC
+#  include <openssl/hmac.h>
+# endif
+# include <openssl/evp.h>
+# ifndef OPENSSL_NO_SHA
+#  include <openssl/sha.h>
+# endif
+# ifndef OPENSSL_NO_RIPEMD
+#  include <openssl/ripemd.h>
+# endif
+# ifndef OPENSSL_NO_WHIRLPOOL
+#  include <openssl/whrlpool.h>
+# endif
+# ifndef OPENSSL_NO_RC4
+#  include <openssl/rc4.h>
+# endif
+# ifndef OPENSSL_NO_RC5
+#  include <openssl/rc5.h>
+# endif
+# ifndef OPENSSL_NO_RC2
+#  include <openssl/rc2.h>
+# endif
+# ifndef OPENSSL_NO_IDEA
+#  include <openssl/idea.h>
+# endif
+# ifndef OPENSSL_NO_SEED
+#  include <openssl/seed.h>
+# endif
+# ifndef OPENSSL_NO_BF
+#  include <openssl/blowfish.h>
+# endif
+# ifndef OPENSSL_NO_CAST
+#  include <openssl/cast.h>
+# endif
+# ifndef OPENSSL_NO_RSA
+#  include <openssl/rsa.h>
+#  include "./testrsa.h"
+# endif
+# include <openssl/x509.h>
+# ifndef OPENSSL_NO_DSA
+#  include <openssl/dsa.h>
+#  include "./testdsa.h"
+# endif
+# ifndef OPENSSL_NO_ECDSA
+#  include <openssl/ecdsa.h>
+# endif
+# ifndef OPENSSL_NO_ECDH
+#  include <openssl/ecdh.h>
+# endif
+# include <openssl/modes.h>
+
+# ifdef OPENSSL_FIPS
+#  ifdef OPENSSL_DOING_MAKEDEPEND
+#   undef AES_set_encrypt_key
+#   undef AES_set_decrypt_key
+#   undef DES_set_key_unchecked
+#  endif
+#  define BF_set_key      private_BF_set_key
+#  define CAST_set_key    private_CAST_set_key
+#  define idea_set_encrypt_key    private_idea_set_encrypt_key
+#  define SEED_set_key    private_SEED_set_key
+#  define RC2_set_key     private_RC2_set_key
+#  define RC4_set_key     private_RC4_set_key
+#  define DES_set_key_unchecked   private_DES_set_key_unchecked
+#  define AES_set_encrypt_key     private_AES_set_encrypt_key
+#  define AES_set_decrypt_key     private_AES_set_decrypt_key
+#  define Camellia_set_key        private_Camellia_set_key
+# endif
+
+# ifndef HAVE_FORK
+#  if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_NETWARE)
+#   define HAVE_FORK 0
+#  else
+#   define HAVE_FORK 1
+#  endif
+# endif
+
+# if HAVE_FORK
+#  undef NO_FORK
+# else
+#  define NO_FORK
+# endif
+
+# undef BUFSIZE
+# define BUFSIZE ((long)1024*8+1)
+static volatile int run = 0;
+
+static int mr = 0;
+static int usertime = 1;
+
+static double Time_F(int s);
+static void print_message(const char *s, long num, int length);
+static void pkey_print_message(const char *str, const char *str2,
+                               long num, int bits, int sec);
+static void print_result(int alg, int run_no, int count, double time_used);
+# ifndef NO_FORK
+static int do_multi(int multi);
+# endif
+
+# define ALGOR_NUM       30
+# define SIZE_NUM        5
+# define RSA_NUM         4
+# define DSA_NUM         3
+
+# define EC_NUM       16
+# define MAX_ECDH_SIZE 256
+
+static const char *names[ALGOR_NUM] = {
+    "md2", "mdc2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", "rc4",
+    "des cbc", "des ede3", "idea cbc", "seed cbc",
+    "rc2 cbc", "rc5-32/12 cbc", "blowfish cbc", "cast cbc",
+    "aes-128 cbc", "aes-192 cbc", "aes-256 cbc",
+    "camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc",
+    "evp", "sha256", "sha512", "whirlpool",
+    "aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash"
+};
+
+static double results[ALGOR_NUM][SIZE_NUM];
+static int lengths[SIZE_NUM] = { 16, 64, 256, 1024, 8 * 1024 };
+
+# ifndef OPENSSL_NO_RSA
+static double rsa_results[RSA_NUM][2];
+# endif
+# ifndef OPENSSL_NO_DSA
+static double dsa_results[DSA_NUM][2];
+# endif
+# ifndef OPENSSL_NO_ECDSA
+static double ecdsa_results[EC_NUM][2];
+# endif
+# ifndef OPENSSL_NO_ECDH
+static double ecdh_results[EC_NUM][1];
+# endif
+
+# if defined(OPENSSL_NO_DSA) && !(defined(OPENSSL_NO_ECDSA) && defined(OPENSSL_NO_ECDH))
+static const char rnd_seed[] =
+    "string to make the random number generator think it has entropy";
+static int rnd_fake = 0;
+# endif
+
+# ifdef SIGALRM
+#  if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#   define SIGRETTYPE void
+#  else
+#   define SIGRETTYPE int
+#  endif
+
+static SIGRETTYPE sig_done(int sig);
+static SIGRETTYPE sig_done(int sig)
+{
+    signal(SIGALRM, sig_done);
+    run = 0;
+#  ifdef LINT
+    sig = sig;
+#  endif
+}
+# endif
+
+# define START   0
+# define STOP    1
+
+# if defined(_WIN32)
+
+#  if !defined(SIGALRM)
+#   define SIGALRM
+#  endif
+static unsigned int lapse, schlock;
+static void alarm_win32(unsigned int secs)
+{
+    lapse = secs * 1000;
+}
+
+#  define alarm alarm_win32
+
+static DWORD WINAPI sleepy(VOID * arg)
+{
+    schlock = 1;
+    Sleep(lapse);
+    run = 0;
+    return 0;
+}
+
+static double Time_F(int s)
+{
+    if (s == START) {
+        HANDLE thr;
+        schlock = 0;
+        thr = CreateThread(NULL, 4096, sleepy, NULL, 0, NULL);
+        if (thr == NULL) {
+            DWORD ret = GetLastError();
+            BIO_printf(bio_err, "unable to CreateThread (%d)", ret);
+            ExitProcess(ret);
+        }
+        CloseHandle(thr);       /* detach the thread */
+        while (!schlock)
+            Sleep(0);           /* scheduler spinlock */
+    }
+
+    return app_tminterval(s, usertime);
+}
+# else
+
+static double Time_F(int s)
+{
+    return app_tminterval(s, usertime);
+}
+# endif
+
+# ifndef OPENSSL_NO_ECDH
+static const int KDF1_SHA1_len = 20;
+static void *KDF1_SHA1(const void *in, size_t inlen, void *out,
+                       size_t *outlen)
+{
+#  ifndef OPENSSL_NO_SHA
+    if (*outlen < SHA_DIGEST_LENGTH)
+        return NULL;
+    else
+        *outlen = SHA_DIGEST_LENGTH;
+    return SHA1(in, inlen, out);
+#  else
+    return NULL;
+#  endif                        /* OPENSSL_NO_SHA */
+}
+# endif                         /* OPENSSL_NO_ECDH */
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+    unsigned char *buf = NULL, *buf2 = NULL;
+    int mret = 1;
+    long count = 0, save_count = 0;
+    int i, j, k;
+# if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA)
+    long rsa_count;
+# endif
+# ifndef OPENSSL_NO_RSA
+    unsigned rsa_num;
+# endif
+    unsigned char md[EVP_MAX_MD_SIZE];
+# ifndef OPENSSL_NO_MD2
+    unsigned char md2[MD2_DIGEST_LENGTH];
+# endif
+# ifndef OPENSSL_NO_MDC2
+    unsigned char mdc2[MDC2_DIGEST_LENGTH];
+# endif
+# ifndef OPENSSL_NO_MD4
+    unsigned char md4[MD4_DIGEST_LENGTH];
+# endif
+# ifndef OPENSSL_NO_MD5
+    unsigned char md5[MD5_DIGEST_LENGTH];
+    unsigned char hmac[MD5_DIGEST_LENGTH];
+# endif
+# ifndef OPENSSL_NO_SHA
+    unsigned char sha[SHA_DIGEST_LENGTH];
+#  ifndef OPENSSL_NO_SHA256
+    unsigned char sha256[SHA256_DIGEST_LENGTH];
+#  endif
+#  ifndef OPENSSL_NO_SHA512
+    unsigned char sha512[SHA512_DIGEST_LENGTH];
+#  endif
+# endif
+# ifndef OPENSSL_NO_WHIRLPOOL
+    unsigned char whirlpool[WHIRLPOOL_DIGEST_LENGTH];
+# endif
+# ifndef OPENSSL_NO_RIPEMD
+    unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
+# endif
+# ifndef OPENSSL_NO_RC4
+    RC4_KEY rc4_ks;
+# endif
+# ifndef OPENSSL_NO_RC5
+    RC5_32_KEY rc5_ks;
+# endif
+# ifndef OPENSSL_NO_RC2
+    RC2_KEY rc2_ks;
+# endif
+# ifndef OPENSSL_NO_IDEA
+    IDEA_KEY_SCHEDULE idea_ks;
+# endif
+# ifndef OPENSSL_NO_SEED
+    SEED_KEY_SCHEDULE seed_ks;
+# endif
+# ifndef OPENSSL_NO_BF
+    BF_KEY bf_ks;
+# endif
+# ifndef OPENSSL_NO_CAST
+    CAST_KEY cast_ks;
+# endif
+    static const unsigned char key16[16] = {
+        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+        0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12
+    };
+# ifndef OPENSSL_NO_AES
+    static const unsigned char key24[24] = {
+        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+        0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
+        0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34
+    };
+    static const unsigned char key32[32] = {
+        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+        0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
+        0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
+        0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56
+    };
+# endif
+# ifndef OPENSSL_NO_CAMELLIA
+    static const unsigned char ckey24[24] = {
+        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+        0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
+        0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34
+    };
+    static const unsigned char ckey32[32] = {
+        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+        0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
+        0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
+        0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56
+    };
+# endif
+# ifndef OPENSSL_NO_AES
+#  define MAX_BLOCK_SIZE 128
+# else
+#  define MAX_BLOCK_SIZE 64
+# endif
+    unsigned char DES_iv[8];
+    unsigned char iv[2 * MAX_BLOCK_SIZE / 8];
+# ifndef OPENSSL_NO_DES
+    static DES_cblock key =
+        { 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0 };
+    static DES_cblock key2 =
+        { 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12 };
+    static DES_cblock key3 =
+        { 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34 };
+    DES_key_schedule sch;
+    DES_key_schedule sch2;
+    DES_key_schedule sch3;
+# endif
+# ifndef OPENSSL_NO_AES
+    AES_KEY aes_ks1, aes_ks2, aes_ks3;
+# endif
+# ifndef OPENSSL_NO_CAMELLIA
+    CAMELLIA_KEY camellia_ks1, camellia_ks2, camellia_ks3;
+# endif
+# define D_MD2           0
+# define D_MDC2          1
+# define D_MD4           2
+# define D_MD5           3
+# define D_HMAC          4
+# define D_SHA1          5
+# define D_RMD160        6
+# define D_RC4           7
+# define D_CBC_DES       8
+# define D_EDE3_DES      9
+# define D_CBC_IDEA      10
+# define D_CBC_SEED      11
+# define D_CBC_RC2       12
+# define D_CBC_RC5       13
+# define D_CBC_BF        14
+# define D_CBC_CAST      15
+# define D_CBC_128_AES   16
+# define D_CBC_192_AES   17
+# define D_CBC_256_AES   18
+# define D_CBC_128_CML   19
+# define D_CBC_192_CML   20
+# define D_CBC_256_CML   21
+# define D_EVP           22
+# define D_SHA256        23
+# define D_SHA512        24
+# define D_WHIRLPOOL     25
+# define D_IGE_128_AES   26
+# define D_IGE_192_AES   27
+# define D_IGE_256_AES   28
+# define D_GHASH         29
+    double d = 0.0;
+    long c[ALGOR_NUM][SIZE_NUM];
+# define R_DSA_512       0
+# define R_DSA_1024      1
+# define R_DSA_2048      2
+# define R_RSA_512       0
+# define R_RSA_1024      1
+# define R_RSA_2048      2
+# define R_RSA_4096      3
+
+# define R_EC_P160    0
+# define R_EC_P192    1
+# define R_EC_P224    2
+# define R_EC_P256    3
+# define R_EC_P384    4
+# define R_EC_P521    5
+# define R_EC_K163    6
+# define R_EC_K233    7
+# define R_EC_K283    8
+# define R_EC_K409    9
+# define R_EC_K571    10
+# define R_EC_B163    11
+# define R_EC_B233    12
+# define R_EC_B283    13
+# define R_EC_B409    14
+# define R_EC_B571    15
+
+# ifndef OPENSSL_NO_RSA
+    RSA *rsa_key[RSA_NUM];
+    long rsa_c[RSA_NUM][2];
+    static unsigned int rsa_bits[RSA_NUM] = {
+        512, 1024, 2048, 4096
+    };
+    static unsigned char *rsa_data[RSA_NUM] = {
+        test512, test1024, test2048, test4096
+    };
+    static int rsa_data_length[RSA_NUM] = {
+        sizeof(test512), sizeof(test1024),
+        sizeof(test2048), sizeof(test4096)
+    };
+# endif
+# ifndef OPENSSL_NO_DSA
+    DSA *dsa_key[DSA_NUM];
+    long dsa_c[DSA_NUM][2];
+    static unsigned int dsa_bits[DSA_NUM] = { 512, 1024, 2048 };
+# endif
+# ifndef OPENSSL_NO_EC
+    /*
+     * We only test over the following curves as they are representative, To
+     * add tests over more curves, simply add the curve NID and curve name to
+     * the following arrays and increase the EC_NUM value accordingly.
+     */
+    static unsigned int test_curves[EC_NUM] = {
+        /* Prime Curves */
+        NID_secp160r1,
+        NID_X9_62_prime192v1,
+        NID_secp224r1,
+        NID_X9_62_prime256v1,
+        NID_secp384r1,
+        NID_secp521r1,
+        /* Binary Curves */
+        NID_sect163k1,
+        NID_sect233k1,
+        NID_sect283k1,
+        NID_sect409k1,
+        NID_sect571k1,
+        NID_sect163r2,
+        NID_sect233r1,
+        NID_sect283r1,
+        NID_sect409r1,
+        NID_sect571r1
+    };
+    static const char *test_curves_names[EC_NUM] = {
+        /* Prime Curves */
+        "secp160r1",
+        "nistp192",
+        "nistp224",
+        "nistp256",
+        "nistp384",
+        "nistp521",
+        /* Binary Curves */
+        "nistk163",
+        "nistk233",
+        "nistk283",
+        "nistk409",
+        "nistk571",
+        "nistb163",
+        "nistb233",
+        "nistb283",
+        "nistb409",
+        "nistb571"
+    };
+    static int test_curves_bits[EC_NUM] = {
+        160, 192, 224, 256, 384, 521,
+        163, 233, 283, 409, 571,
+        163, 233, 283, 409, 571
+    };
+
+# endif
+
+# ifndef OPENSSL_NO_ECDSA
+    unsigned char ecdsasig[256];
+    unsigned int ecdsasiglen;
+    EC_KEY *ecdsa[EC_NUM];
+    long ecdsa_c[EC_NUM][2];
+# endif
+
+# ifndef OPENSSL_NO_ECDH
+    EC_KEY *ecdh_a[EC_NUM], *ecdh_b[EC_NUM];
+    unsigned char secret_a[MAX_ECDH_SIZE], secret_b[MAX_ECDH_SIZE];
+    int secret_size_a, secret_size_b;
+    int ecdh_checks = 0;
+    int secret_idx = 0;
+    long ecdh_c[EC_NUM][2];
+# endif
+
+    int rsa_doit[RSA_NUM];
+    int dsa_doit[DSA_NUM];
+# ifndef OPENSSL_NO_ECDSA
+    int ecdsa_doit[EC_NUM];
+# endif
+# ifndef OPENSSL_NO_ECDH
+    int ecdh_doit[EC_NUM];
+# endif
+    int doit[ALGOR_NUM];
+    int pr_header = 0;
+    const EVP_CIPHER *evp_cipher = NULL;
+    const EVP_MD *evp_md = NULL;
+    int decrypt = 0;
+# ifndef NO_FORK
+    int multi = 0;
+# endif
+
+# ifndef TIMES
+    usertime = -1;
+# endif
+
+    apps_startup();
+    memset(results, 0, sizeof(results));
+# ifndef OPENSSL_NO_DSA
+    memset(dsa_key, 0, sizeof(dsa_key));
+# endif
+# ifndef OPENSSL_NO_ECDSA
+    for (i = 0; i < EC_NUM; i++)
+        ecdsa[i] = NULL;
+# endif
+# ifndef OPENSSL_NO_ECDH
+    for (i = 0; i < EC_NUM; i++) {
+        ecdh_a[i] = NULL;
+        ecdh_b[i] = NULL;
+    }
+# endif
+
+    if (bio_err == NULL)
+        if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+            BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+    if (!load_config(bio_err, NULL))
+        goto end;
+
+# ifndef OPENSSL_NO_RSA
+    memset(rsa_key, 0, sizeof(rsa_key));
+    for (i = 0; i < RSA_NUM; i++)
+        rsa_key[i] = NULL;
+# endif
+
+    if ((buf = (unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL) {
+        BIO_printf(bio_err, "out of memory\n");
+        goto end;
+    }
+    if ((buf2 = (unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL) {
+        BIO_printf(bio_err, "out of memory\n");
+        goto end;
+    }
+
+    memset(c, 0, sizeof(c));
+    memset(DES_iv, 0, sizeof(DES_iv));
+    memset(iv, 0, sizeof(iv));
+
+    for (i = 0; i < ALGOR_NUM; i++)
+        doit[i] = 0;
+    for (i = 0; i < RSA_NUM; i++)
+        rsa_doit[i] = 0;
+    for (i = 0; i < DSA_NUM; i++)
+        dsa_doit[i] = 0;
+# ifndef OPENSSL_NO_ECDSA
+    for (i = 0; i < EC_NUM; i++)
+        ecdsa_doit[i] = 0;
+# endif
+# ifndef OPENSSL_NO_ECDH
+    for (i = 0; i < EC_NUM; i++)
+        ecdh_doit[i] = 0;
+# endif
+
+    j = 0;
+    argc--;
+    argv++;
+    while (argc) {
+        if ((argc > 0) && (strcmp(*argv, "-elapsed") == 0)) {
+            usertime = 0;
+            j--;                /* Otherwise, -elapsed gets confused with an
+                                 * algorithm. */
+        } else if ((argc > 0) && (strcmp(*argv, "-evp") == 0)) {
+            argc--;
+            argv++;
+            if (argc == 0) {
+                BIO_printf(bio_err, "no EVP given\n");
+                goto end;
+            }
+            evp_cipher = EVP_get_cipherbyname(*argv);
+            if (!evp_cipher) {
+                evp_md = EVP_get_digestbyname(*argv);
+            }
+            if (!evp_cipher && !evp_md) {
+                BIO_printf(bio_err, "%s is an unknown cipher or digest\n",
+                           *argv);
+                goto end;
+            }
+            doit[D_EVP] = 1;
+        } else if (argc > 0 && !strcmp(*argv, "-decrypt")) {
+            decrypt = 1;
+            j--;                /* Otherwise, -elapsed gets confused with an
+                                 * algorithm. */
+        }
+# ifndef OPENSSL_NO_ENGINE
+        else if ((argc > 0) && (strcmp(*argv, "-engine") == 0)) {
+            argc--;
+            argv++;
+            if (argc == 0) {
+                BIO_printf(bio_err, "no engine given\n");
+                goto end;
+            }
+            setup_engine(bio_err, *argv, 0);
+            /*
+             * j will be increased again further down.  We just don't want
+             * speed to confuse an engine with an algorithm, especially when
+             * none is given (which means all of them should be run)
+             */
+            j--;
+        }
+# endif
+# ifndef NO_FORK
+        else if ((argc > 0) && (strcmp(*argv, "-multi") == 0)) {
+            argc--;
+            argv++;
+            if (argc == 0) {
+                BIO_printf(bio_err, "no multi count given\n");
+                goto end;
+            }
+            multi = atoi(argv[0]);
+            if (multi <= 0) {
+                BIO_printf(bio_err, "bad multi count\n");
+                goto end;
+            }
+            j--;                /* Otherwise, -mr gets confused with an
+                                 * algorithm. */
+        }
+# endif
+        else if (argc > 0 && !strcmp(*argv, "-mr")) {
+            mr = 1;
+            j--;                /* Otherwise, -mr gets confused with an
+                                 * algorithm. */
+        } else
+# ifndef OPENSSL_NO_MD2
+        if (strcmp(*argv, "md2") == 0)
+            doit[D_MD2] = 1;
+        else
+# endif
+# ifndef OPENSSL_NO_MDC2
+        if (strcmp(*argv, "mdc2") == 0)
+            doit[D_MDC2] = 1;
+        else
+# endif
+# ifndef OPENSSL_NO_MD4
+        if (strcmp(*argv, "md4") == 0)
+            doit[D_MD4] = 1;
+        else
+# endif
+# ifndef OPENSSL_NO_MD5
+        if (strcmp(*argv, "md5") == 0)
+            doit[D_MD5] = 1;
+        else
+# endif
+# ifndef OPENSSL_NO_MD5
+        if (strcmp(*argv, "hmac") == 0)
+            doit[D_HMAC] = 1;
+        else
+# endif
+# ifndef OPENSSL_NO_SHA
+        if (strcmp(*argv, "sha1") == 0)
+            doit[D_SHA1] = 1;
+        else if (strcmp(*argv, "sha") == 0)
+            doit[D_SHA1] = 1, doit[D_SHA256] = 1, doit[D_SHA512] = 1;
+        else
+#  ifndef OPENSSL_NO_SHA256
+        if (strcmp(*argv, "sha256") == 0)
+            doit[D_SHA256] = 1;
+        else
+#  endif
+#  ifndef OPENSSL_NO_SHA512
+        if (strcmp(*argv, "sha512") == 0)
+            doit[D_SHA512] = 1;
+        else
+#  endif
+# endif
+# ifndef OPENSSL_NO_WHIRLPOOL
+        if (strcmp(*argv, "whirlpool") == 0)
+            doit[D_WHIRLPOOL] = 1;
+        else
+# endif
+# ifndef OPENSSL_NO_RIPEMD
+        if (strcmp(*argv, "ripemd") == 0)
+            doit[D_RMD160] = 1;
+        else if (strcmp(*argv, "rmd160") == 0)
+            doit[D_RMD160] = 1;
+        else if (strcmp(*argv, "ripemd160") == 0)
+            doit[D_RMD160] = 1;
+        else
+# endif
+# ifndef OPENSSL_NO_RC4
+        if (strcmp(*argv, "rc4") == 0)
+            doit[D_RC4] = 1;
+        else
+# endif
+# ifndef OPENSSL_NO_DES
+        if (strcmp(*argv, "des-cbc") == 0)
+            doit[D_CBC_DES] = 1;
+        else if (strcmp(*argv, "des-ede3") == 0)
+            doit[D_EDE3_DES] = 1;
+        else
+# endif
+# ifndef OPENSSL_NO_AES
+        if (strcmp(*argv, "aes-128-cbc") == 0)
+            doit[D_CBC_128_AES] = 1;
+        else if (strcmp(*argv, "aes-192-cbc") == 0)
+            doit[D_CBC_192_AES] = 1;
+        else if (strcmp(*argv, "aes-256-cbc") == 0)
+            doit[D_CBC_256_AES] = 1;
+        else if (strcmp(*argv, "aes-128-ige") == 0)
+            doit[D_IGE_128_AES] = 1;
+        else if (strcmp(*argv, "aes-192-ige") == 0)
+            doit[D_IGE_192_AES] = 1;
+        else if (strcmp(*argv, "aes-256-ige") == 0)
+            doit[D_IGE_256_AES] = 1;
+        else
+# endif
+# ifndef OPENSSL_NO_CAMELLIA
+        if (strcmp(*argv, "camellia-128-cbc") == 0)
+            doit[D_CBC_128_CML] = 1;
+        else if (strcmp(*argv, "camellia-192-cbc") == 0)
+            doit[D_CBC_192_CML] = 1;
+        else if (strcmp(*argv, "camellia-256-cbc") == 0)
+            doit[D_CBC_256_CML] = 1;
+        else
+# endif
+# ifndef OPENSSL_NO_RSA
+#  if 0                         /* was: #ifdef RSAref */
+        if (strcmp(*argv, "rsaref") == 0) {
+            RSA_set_default_openssl_method(RSA_PKCS1_RSAref());
+            j--;
+        } else
+#  endif
+#  ifndef RSA_NULL
+        if (strcmp(*argv, "openssl") == 0) {
+            RSA_set_default_method(RSA_PKCS1_SSLeay());
+            j--;
+        } else
+#  endif
+# endif                         /* !OPENSSL_NO_RSA */
+        if (strcmp(*argv, "dsa512") == 0)
+            dsa_doit[R_DSA_512] = 2;
+        else if (strcmp(*argv, "dsa1024") == 0)
+            dsa_doit[R_DSA_1024] = 2;
+        else if (strcmp(*argv, "dsa2048") == 0)
+            dsa_doit[R_DSA_2048] = 2;
+        else if (strcmp(*argv, "rsa512") == 0)
+            rsa_doit[R_RSA_512] = 2;
+        else if (strcmp(*argv, "rsa1024") == 0)
+            rsa_doit[R_RSA_1024] = 2;
+        else if (strcmp(*argv, "rsa2048") == 0)
+            rsa_doit[R_RSA_2048] = 2;
+        else if (strcmp(*argv, "rsa4096") == 0)
+            rsa_doit[R_RSA_4096] = 2;
+        else
+# ifndef OPENSSL_NO_RC2
+        if (strcmp(*argv, "rc2-cbc") == 0)
+            doit[D_CBC_RC2] = 1;
+        else if (strcmp(*argv, "rc2") == 0)
+            doit[D_CBC_RC2] = 1;
+        else
+# endif
+# ifndef OPENSSL_NO_RC5
+        if (strcmp(*argv, "rc5-cbc") == 0)
+            doit[D_CBC_RC5] = 1;
+        else if (strcmp(*argv, "rc5") == 0)
+            doit[D_CBC_RC5] = 1;
+        else
+# endif
+# ifndef OPENSSL_NO_IDEA
+        if (strcmp(*argv, "idea-cbc") == 0)
+            doit[D_CBC_IDEA] = 1;
+        else if (strcmp(*argv, "idea") == 0)
+            doit[D_CBC_IDEA] = 1;
+        else
+# endif
+# ifndef OPENSSL_NO_SEED
+        if (strcmp(*argv, "seed-cbc") == 0)
+            doit[D_CBC_SEED] = 1;
+        else if (strcmp(*argv, "seed") == 0)
+            doit[D_CBC_SEED] = 1;
+        else
+# endif
+# ifndef OPENSSL_NO_BF
+        if (strcmp(*argv, "bf-cbc") == 0)
+            doit[D_CBC_BF] = 1;
+        else if (strcmp(*argv, "blowfish") == 0)
+            doit[D_CBC_BF] = 1;
+        else if (strcmp(*argv, "bf") == 0)
+            doit[D_CBC_BF] = 1;
+        else
+# endif
+# ifndef OPENSSL_NO_CAST
+        if (strcmp(*argv, "cast-cbc") == 0)
+            doit[D_CBC_CAST] = 1;
+        else if (strcmp(*argv, "cast") == 0)
+            doit[D_CBC_CAST] = 1;
+        else if (strcmp(*argv, "cast5") == 0)
+            doit[D_CBC_CAST] = 1;
+        else
+# endif
+# ifndef OPENSSL_NO_DES
+        if (strcmp(*argv, "des") == 0) {
+            doit[D_CBC_DES] = 1;
+            doit[D_EDE3_DES] = 1;
+        } else
+# endif
+# ifndef OPENSSL_NO_AES
+        if (strcmp(*argv, "aes") == 0) {
+            doit[D_CBC_128_AES] = 1;
+            doit[D_CBC_192_AES] = 1;
+            doit[D_CBC_256_AES] = 1;
+        } else if (strcmp(*argv, "ghash") == 0) {
+            doit[D_GHASH] = 1;
+        } else
+# endif
+# ifndef OPENSSL_NO_CAMELLIA
+        if (strcmp(*argv, "camellia") == 0) {
+            doit[D_CBC_128_CML] = 1;
+            doit[D_CBC_192_CML] = 1;
+            doit[D_CBC_256_CML] = 1;
+        } else
+# endif
+# ifndef OPENSSL_NO_RSA
+        if (strcmp(*argv, "rsa") == 0) {
+            rsa_doit[R_RSA_512] = 1;
+            rsa_doit[R_RSA_1024] = 1;
+            rsa_doit[R_RSA_2048] = 1;
+            rsa_doit[R_RSA_4096] = 1;
+        } else
+# endif
+# ifndef OPENSSL_NO_DSA
+        if (strcmp(*argv, "dsa") == 0) {
+            dsa_doit[R_DSA_512] = 1;
+            dsa_doit[R_DSA_1024] = 1;
+            dsa_doit[R_DSA_2048] = 1;
+        } else
+# endif
+# ifndef OPENSSL_NO_ECDSA
+        if (strcmp(*argv, "ecdsap160") == 0)
+            ecdsa_doit[R_EC_P160] = 2;
+        else if (strcmp(*argv, "ecdsap192") == 0)
+            ecdsa_doit[R_EC_P192] = 2;
+        else if (strcmp(*argv, "ecdsap224") == 0)
+            ecdsa_doit[R_EC_P224] = 2;
+        else if (strcmp(*argv, "ecdsap256") == 0)
+            ecdsa_doit[R_EC_P256] = 2;
+        else if (strcmp(*argv, "ecdsap384") == 0)
+            ecdsa_doit[R_EC_P384] = 2;
+        else if (strcmp(*argv, "ecdsap521") == 0)
+            ecdsa_doit[R_EC_P521] = 2;
+        else if (strcmp(*argv, "ecdsak163") == 0)
+            ecdsa_doit[R_EC_K163] = 2;
+        else if (strcmp(*argv, "ecdsak233") == 0)
+            ecdsa_doit[R_EC_K233] = 2;
+        else if (strcmp(*argv, "ecdsak283") == 0)
+            ecdsa_doit[R_EC_K283] = 2;
+        else if (strcmp(*argv, "ecdsak409") == 0)
+            ecdsa_doit[R_EC_K409] = 2;
+        else if (strcmp(*argv, "ecdsak571") == 0)
+            ecdsa_doit[R_EC_K571] = 2;
+        else if (strcmp(*argv, "ecdsab163") == 0)
+            ecdsa_doit[R_EC_B163] = 2;
+        else if (strcmp(*argv, "ecdsab233") == 0)
+            ecdsa_doit[R_EC_B233] = 2;
+        else if (strcmp(*argv, "ecdsab283") == 0)
+            ecdsa_doit[R_EC_B283] = 2;
+        else if (strcmp(*argv, "ecdsab409") == 0)
+            ecdsa_doit[R_EC_B409] = 2;
+        else if (strcmp(*argv, "ecdsab571") == 0)
+            ecdsa_doit[R_EC_B571] = 2;
+        else if (strcmp(*argv, "ecdsa") == 0) {
+            for (i = 0; i < EC_NUM; i++)
+                ecdsa_doit[i] = 1;
+        } else
+# endif
+# ifndef OPENSSL_NO_ECDH
+        if (strcmp(*argv, "ecdhp160") == 0)
+            ecdh_doit[R_EC_P160] = 2;
+        else if (strcmp(*argv, "ecdhp192") == 0)
+            ecdh_doit[R_EC_P192] = 2;
+        else if (strcmp(*argv, "ecdhp224") == 0)
+            ecdh_doit[R_EC_P224] = 2;
+        else if (strcmp(*argv, "ecdhp256") == 0)
+            ecdh_doit[R_EC_P256] = 2;
+        else if (strcmp(*argv, "ecdhp384") == 0)
+            ecdh_doit[R_EC_P384] = 2;
+        else if (strcmp(*argv, "ecdhp521") == 0)
+            ecdh_doit[R_EC_P521] = 2;
+        else if (strcmp(*argv, "ecdhk163") == 0)
+            ecdh_doit[R_EC_K163] = 2;
+        else if (strcmp(*argv, "ecdhk233") == 0)
+            ecdh_doit[R_EC_K233] = 2;
+        else if (strcmp(*argv, "ecdhk283") == 0)
+            ecdh_doit[R_EC_K283] = 2;
+        else if (strcmp(*argv, "ecdhk409") == 0)
+            ecdh_doit[R_EC_K409] = 2;
+        else if (strcmp(*argv, "ecdhk571") == 0)
+            ecdh_doit[R_EC_K571] = 2;
+        else if (strcmp(*argv, "ecdhb163") == 0)
+            ecdh_doit[R_EC_B163] = 2;
+        else if (strcmp(*argv, "ecdhb233") == 0)
+            ecdh_doit[R_EC_B233] = 2;
+        else if (strcmp(*argv, "ecdhb283") == 0)
+            ecdh_doit[R_EC_B283] = 2;
+        else if (strcmp(*argv, "ecdhb409") == 0)
+            ecdh_doit[R_EC_B409] = 2;
+        else if (strcmp(*argv, "ecdhb571") == 0)
+            ecdh_doit[R_EC_B571] = 2;
+        else if (strcmp(*argv, "ecdh") == 0) {
+            for (i = 0; i < EC_NUM; i++)
+                ecdh_doit[i] = 1;
+        } else
+# endif
+        {
+            BIO_printf(bio_err, "Error: bad option or value\n");
+            BIO_printf(bio_err, "\n");
+            BIO_printf(bio_err, "Available values:\n");
+# ifndef OPENSSL_NO_MD2
+            BIO_printf(bio_err, "md2      ");
+# endif
+# ifndef OPENSSL_NO_MDC2
+            BIO_printf(bio_err, "mdc2     ");
+# endif
+# ifndef OPENSSL_NO_MD4
+            BIO_printf(bio_err, "md4      ");
+# endif
+# ifndef OPENSSL_NO_MD5
+            BIO_printf(bio_err, "md5      ");
+#  ifndef OPENSSL_NO_HMAC
+            BIO_printf(bio_err, "hmac     ");
+#  endif
+# endif
+# ifndef OPENSSL_NO_SHA1
+            BIO_printf(bio_err, "sha1     ");
+# endif
+# ifndef OPENSSL_NO_SHA256
+            BIO_printf(bio_err, "sha256   ");
+# endif
+# ifndef OPENSSL_NO_SHA512
+            BIO_printf(bio_err, "sha512   ");
+# endif
+# ifndef OPENSSL_NO_WHIRLPOOL
+            BIO_printf(bio_err, "whirlpool");
+# endif
+# ifndef OPENSSL_NO_RIPEMD160
+            BIO_printf(bio_err, "rmd160");
+# endif
+# if !defined(OPENSSL_NO_MD2) || !defined(OPENSSL_NO_MDC2) || \
+    !defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \
+    !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RIPEMD160) || \
+    !defined(OPENSSL_NO_WHIRLPOOL)
+            BIO_printf(bio_err, "\n");
+# endif
+
+# ifndef OPENSSL_NO_IDEA
+            BIO_printf(bio_err, "idea-cbc ");
+# endif
+# ifndef OPENSSL_NO_SEED
+            BIO_printf(bio_err, "seed-cbc ");
+# endif
+# ifndef OPENSSL_NO_RC2
+            BIO_printf(bio_err, "rc2-cbc  ");
+# endif
+# ifndef OPENSSL_NO_RC5
+            BIO_printf(bio_err, "rc5-cbc  ");
+# endif
+# ifndef OPENSSL_NO_BF
+            BIO_printf(bio_err, "bf-cbc");
+# endif
+# if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || !defined(OPENSSL_NO_RC2) || \
+    !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_RC5)
+            BIO_printf(bio_err, "\n");
+# endif
+# ifndef OPENSSL_NO_DES
+            BIO_printf(bio_err, "des-cbc  des-ede3 ");
+# endif
+# ifndef OPENSSL_NO_AES
+            BIO_printf(bio_err, "aes-128-cbc aes-192-cbc aes-256-cbc ");
+            BIO_printf(bio_err, "aes-128-ige aes-192-ige aes-256-ige ");
+# endif
+# ifndef OPENSSL_NO_CAMELLIA
+            BIO_printf(bio_err, "\n");
+            BIO_printf(bio_err,
+                       "camellia-128-cbc camellia-192-cbc camellia-256-cbc ");
+# endif
+# ifndef OPENSSL_NO_RC4
+            BIO_printf(bio_err, "rc4");
+# endif
+            BIO_printf(bio_err, "\n");
+
+# ifndef OPENSSL_NO_RSA
+            BIO_printf(bio_err, "rsa512   rsa1024  rsa2048  rsa4096\n");
+# endif
+
+# ifndef OPENSSL_NO_DSA
+            BIO_printf(bio_err, "dsa512   dsa1024  dsa2048\n");
+# endif
+# ifndef OPENSSL_NO_ECDSA
+            BIO_printf(bio_err, "ecdsap160 ecdsap192 ecdsap224 "
+                       "ecdsap256 ecdsap384 ecdsap521\n");
+            BIO_printf(bio_err,
+                       "ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
+            BIO_printf(bio_err,
+                       "ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
+            BIO_printf(bio_err, "ecdsa\n");
+# endif
+# ifndef OPENSSL_NO_ECDH
+            BIO_printf(bio_err, "ecdhp160  ecdhp192  ecdhp224 "
+                       "ecdhp256  ecdhp384  ecdhp521\n");
+            BIO_printf(bio_err,
+                       "ecdhk163  ecdhk233  ecdhk283  ecdhk409  ecdhk571\n");
+            BIO_printf(bio_err,
+                       "ecdhb163  ecdhb233  ecdhb283  ecdhb409  ecdhb571\n");
+            BIO_printf(bio_err, "ecdh\n");
+# endif
+
+# ifndef OPENSSL_NO_IDEA
+            BIO_printf(bio_err, "idea     ");
+# endif
+# ifndef OPENSSL_NO_SEED
+            BIO_printf(bio_err, "seed     ");
+# endif
+# ifndef OPENSSL_NO_RC2
+            BIO_printf(bio_err, "rc2      ");
+# endif
+# ifndef OPENSSL_NO_DES
+            BIO_printf(bio_err, "des      ");
+# endif
+# ifndef OPENSSL_NO_AES
+            BIO_printf(bio_err, "aes      ");
+# endif
+# ifndef OPENSSL_NO_CAMELLIA
+            BIO_printf(bio_err, "camellia ");
+# endif
+# ifndef OPENSSL_NO_RSA
+            BIO_printf(bio_err, "rsa      ");
+# endif
+# ifndef OPENSSL_NO_BF
+            BIO_printf(bio_err, "blowfish");
+# endif
+# if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || \
+    !defined(OPENSSL_NO_RC2) || !defined(OPENSSL_NO_DES) || \
+    !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_BF) || \
+    !defined(OPENSSL_NO_AES) || !defined(OPENSSL_NO_CAMELLIA)
+            BIO_printf(bio_err, "\n");
+# endif
+
+            BIO_printf(bio_err, "\n");
+            BIO_printf(bio_err, "Available options:\n");
+# if defined(TIMES) || defined(USE_TOD)
+            BIO_printf(bio_err, "-elapsed        "
+                       "measure time in real time instead of CPU user time.\n");
+# endif
+# ifndef OPENSSL_NO_ENGINE
+            BIO_printf(bio_err,
+                       "-engine e       "
+                       "use engine e, possibly a hardware device.\n");
+# endif
+            BIO_printf(bio_err, "-evp e          " "use EVP e.\n");
+            BIO_printf(bio_err,
+                       "-decrypt        "
+                       "time decryption instead of encryption (only EVP).\n");
+            BIO_printf(bio_err,
+                       "-mr             "
+                       "produce machine readable output.\n");
+# ifndef NO_FORK
+            BIO_printf(bio_err,
+                       "-multi n        " "run n benchmarks in parallel.\n");
+# endif
+            goto end;
+        }
+        argc--;
+        argv++;
+        j++;
+    }
+
+# ifndef NO_FORK
+    if (multi && do_multi(multi))
+        goto show_res;
+# endif
+
+    if (j == 0) {
+        for (i = 0; i < ALGOR_NUM; i++) {
+            if (i != D_EVP)
+                doit[i] = 1;
+        }
+        for (i = 0; i < RSA_NUM; i++)
+            rsa_doit[i] = 1;
+        for (i = 0; i < DSA_NUM; i++)
+            dsa_doit[i] = 1;
+# ifndef OPENSSL_NO_ECDSA
+        for (i = 0; i < EC_NUM; i++)
+            ecdsa_doit[i] = 1;
+# endif
+# ifndef OPENSSL_NO_ECDH
+        for (i = 0; i < EC_NUM; i++)
+            ecdh_doit[i] = 1;
+# endif
+    }
+    for (i = 0; i < ALGOR_NUM; i++)
+        if (doit[i])
+            pr_header++;
+
+    if (usertime == 0 && !mr)
+        BIO_printf(bio_err,
+                   "You have chosen to measure elapsed time "
+                   "instead of user CPU time.\n");
+
+# ifndef OPENSSL_NO_RSA
+    for (i = 0; i < RSA_NUM; i++) {
+        const unsigned char *p;
+
+        p = rsa_data[i];
+        rsa_key[i] = d2i_RSAPrivateKey(NULL, &p, rsa_data_length[i]);
+        if (rsa_key[i] == NULL) {
+            BIO_printf(bio_err, "internal error loading RSA key number %d\n",
+                       i);
+            goto end;
+        }
+#  if 0
+        else {
+            BIO_printf(bio_err,
+                       mr ? "+RK:%d:"
+                       : "Loaded RSA key, %d bit modulus and e= 0x",
+                       BN_num_bits(rsa_key[i]->n));
+            BN_print(bio_err, rsa_key[i]->e);
+            BIO_printf(bio_err, "\n");
+        }
+#  endif
+    }
+# endif
+
+# ifndef OPENSSL_NO_DSA
+    dsa_key[0] = get_dsa512();
+    dsa_key[1] = get_dsa1024();
+    dsa_key[2] = get_dsa2048();
+# endif
+
+# ifndef OPENSSL_NO_DES
+    DES_set_key_unchecked(&key, &sch);
+    DES_set_key_unchecked(&key2, &sch2);
+    DES_set_key_unchecked(&key3, &sch3);
+# endif
+# ifndef OPENSSL_NO_AES
+    AES_set_encrypt_key(key16, 128, &aes_ks1);
+    AES_set_encrypt_key(key24, 192, &aes_ks2);
+    AES_set_encrypt_key(key32, 256, &aes_ks3);
+# endif
+# ifndef OPENSSL_NO_CAMELLIA
+    Camellia_set_key(key16, 128, &camellia_ks1);
+    Camellia_set_key(ckey24, 192, &camellia_ks2);
+    Camellia_set_key(ckey32, 256, &camellia_ks3);
+# endif
+# ifndef OPENSSL_NO_IDEA
+    idea_set_encrypt_key(key16, &idea_ks);
+# endif
+# ifndef OPENSSL_NO_SEED
+    SEED_set_key(key16, &seed_ks);
+# endif
+# ifndef OPENSSL_NO_RC4
+    RC4_set_key(&rc4_ks, 16, key16);
+# endif
+# ifndef OPENSSL_NO_RC2
+    RC2_set_key(&rc2_ks, 16, key16, 128);
+# endif
+# ifndef OPENSSL_NO_RC5
+    RC5_32_set_key(&rc5_ks, 16, key16, 12);
+# endif
+# ifndef OPENSSL_NO_BF
+    BF_set_key(&bf_ks, 16, key16);
+# endif
+# ifndef OPENSSL_NO_CAST
+    CAST_set_key(&cast_ks, 16, key16);
+# endif
+# ifndef OPENSSL_NO_RSA
+    memset(rsa_c, 0, sizeof(rsa_c));
+# endif
+# ifndef SIGALRM
+#  ifndef OPENSSL_NO_DES
+    BIO_printf(bio_err, "First we calculate the approximate speed ...\n");
+    count = 10;
+    do {
+        long it;
+        count *= 2;
+        Time_F(START);
+        for (it = count; it; it--)
+            DES_ecb_encrypt((DES_cblock *)buf,
+                            (DES_cblock *)buf, &sch, DES_ENCRYPT);
+        d = Time_F(STOP);
+    } while (d < 3);
+    save_count = count;
+    c[D_MD2][0] = count / 10;
+    c[D_MDC2][0] = count / 10;
+    c[D_MD4][0] = count;
+    c[D_MD5][0] = count;
+    c[D_HMAC][0] = count;
+    c[D_SHA1][0] = count;
+    c[D_RMD160][0] = count;
+    c[D_RC4][0] = count * 5;
+    c[D_CBC_DES][0] = count;
+    c[D_EDE3_DES][0] = count / 3;
+    c[D_CBC_IDEA][0] = count;
+    c[D_CBC_SEED][0] = count;
+    c[D_CBC_RC2][0] = count;
+    c[D_CBC_RC5][0] = count;
+    c[D_CBC_BF][0] = count;
+    c[D_CBC_CAST][0] = count;
+    c[D_CBC_128_AES][0] = count;
+    c[D_CBC_192_AES][0] = count;
+    c[D_CBC_256_AES][0] = count;
+    c[D_CBC_128_CML][0] = count;
+    c[D_CBC_192_CML][0] = count;
+    c[D_CBC_256_CML][0] = count;
+    c[D_SHA256][0] = count;
+    c[D_SHA512][0] = count;
+    c[D_WHIRLPOOL][0] = count;
+    c[D_IGE_128_AES][0] = count;
+    c[D_IGE_192_AES][0] = count;
+    c[D_IGE_256_AES][0] = count;
+    c[D_GHASH][0] = count;
+
+    for (i = 1; i < SIZE_NUM; i++) {
+        c[D_MD2][i] = c[D_MD2][0] * 4 * lengths[0] / lengths[i];
+        c[D_MDC2][i] = c[D_MDC2][0] * 4 * lengths[0] / lengths[i];
+        c[D_MD4][i] = c[D_MD4][0] * 4 * lengths[0] / lengths[i];
+        c[D_MD5][i] = c[D_MD5][0] * 4 * lengths[0] / lengths[i];
+        c[D_HMAC][i] = c[D_HMAC][0] * 4 * lengths[0] / lengths[i];
+        c[D_SHA1][i] = c[D_SHA1][0] * 4 * lengths[0] / lengths[i];
+        c[D_RMD160][i] = c[D_RMD160][0] * 4 * lengths[0] / lengths[i];
+        c[D_SHA256][i] = c[D_SHA256][0] * 4 * lengths[0] / lengths[i];
+        c[D_SHA512][i] = c[D_SHA512][0] * 4 * lengths[0] / lengths[i];
+        c[D_WHIRLPOOL][i] = c[D_WHIRLPOOL][0] * 4 * lengths[0] / lengths[i];
+    }
+    for (i = 1; i < SIZE_NUM; i++) {
+        long l0, l1;
+
+        l0 = (long)lengths[i - 1];
+        l1 = (long)lengths[i];
+        c[D_RC4][i] = c[D_RC4][i - 1] * l0 / l1;
+        c[D_CBC_DES][i] = c[D_CBC_DES][i - 1] * l0 / l1;
+        c[D_EDE3_DES][i] = c[D_EDE3_DES][i - 1] * l0 / l1;
+        c[D_CBC_IDEA][i] = c[D_CBC_IDEA][i - 1] * l0 / l1;
+        c[D_CBC_SEED][i] = c[D_CBC_SEED][i - 1] * l0 / l1;
+        c[D_CBC_RC2][i] = c[D_CBC_RC2][i - 1] * l0 / l1;
+        c[D_CBC_RC5][i] = c[D_CBC_RC5][i - 1] * l0 / l1;
+        c[D_CBC_BF][i] = c[D_CBC_BF][i - 1] * l0 / l1;
+        c[D_CBC_CAST][i] = c[D_CBC_CAST][i - 1] * l0 / l1;
+        c[D_CBC_128_AES][i] = c[D_CBC_128_AES][i - 1] * l0 / l1;
+        c[D_CBC_192_AES][i] = c[D_CBC_192_AES][i - 1] * l0 / l1;
+        c[D_CBC_256_AES][i] = c[D_CBC_256_AES][i - 1] * l0 / l1;
+        c[D_CBC_128_CML][i] = c[D_CBC_128_CML][i - 1] * l0 / l1;
+        c[D_CBC_192_CML][i] = c[D_CBC_192_CML][i - 1] * l0 / l1;
+        c[D_CBC_256_CML][i] = c[D_CBC_256_CML][i - 1] * l0 / l1;
+        c[D_IGE_128_AES][i] = c[D_IGE_128_AES][i - 1] * l0 / l1;
+        c[D_IGE_192_AES][i] = c[D_IGE_192_AES][i - 1] * l0 / l1;
+        c[D_IGE_256_AES][i] = c[D_IGE_256_AES][i - 1] * l0 / l1;
+    }
+#   ifndef OPENSSL_NO_RSA
+    rsa_c[R_RSA_512][0] = count / 2000;
+    rsa_c[R_RSA_512][1] = count / 400;
+    for (i = 1; i < RSA_NUM; i++) {
+        rsa_c[i][0] = rsa_c[i - 1][0] / 8;
+        rsa_c[i][1] = rsa_c[i - 1][1] / 4;
+        if ((rsa_doit[i] <= 1) && (rsa_c[i][0] == 0))
+            rsa_doit[i] = 0;
+        else {
+            if (rsa_c[i][0] == 0) {
+                rsa_c[i][0] = 1;
+                rsa_c[i][1] = 20;
+            }
+        }
+    }
+#   endif
+
+#   ifndef OPENSSL_NO_DSA
+    dsa_c[R_DSA_512][0] = count / 1000;
+    dsa_c[R_DSA_512][1] = count / 1000 / 2;
+    for (i = 1; i < DSA_NUM; i++) {
+        dsa_c[i][0] = dsa_c[i - 1][0] / 4;
+        dsa_c[i][1] = dsa_c[i - 1][1] / 4;
+        if ((dsa_doit[i] <= 1) && (dsa_c[i][0] == 0))
+            dsa_doit[i] = 0;
+        else {
+            if (dsa_c[i] == 0) {
+                dsa_c[i][0] = 1;
+                dsa_c[i][1] = 1;
+            }
+        }
+    }
+#   endif
+
+#   ifndef OPENSSL_NO_ECDSA
+    ecdsa_c[R_EC_P160][0] = count / 1000;
+    ecdsa_c[R_EC_P160][1] = count / 1000 / 2;
+    for (i = R_EC_P192; i <= R_EC_P521; i++) {
+        ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
+        ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
+        if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
+            ecdsa_doit[i] = 0;
+        else {
+            if (ecdsa_c[i] == 0) {
+                ecdsa_c[i][0] = 1;
+                ecdsa_c[i][1] = 1;
+            }
+        }
+    }
+    ecdsa_c[R_EC_K163][0] = count / 1000;
+    ecdsa_c[R_EC_K163][1] = count / 1000 / 2;
+    for (i = R_EC_K233; i <= R_EC_K571; i++) {
+        ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
+        ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
+        if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
+            ecdsa_doit[i] = 0;
+        else {
+            if (ecdsa_c[i] == 0) {
+                ecdsa_c[i][0] = 1;
+                ecdsa_c[i][1] = 1;
+            }
+        }
+    }
+    ecdsa_c[R_EC_B163][0] = count / 1000;
+    ecdsa_c[R_EC_B163][1] = count / 1000 / 2;
+    for (i = R_EC_B233; i <= R_EC_B571; i++) {
+        ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
+        ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
+        if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
+            ecdsa_doit[i] = 0;
+        else {
+            if (ecdsa_c[i] == 0) {
+                ecdsa_c[i][0] = 1;
+                ecdsa_c[i][1] = 1;
+            }
+        }
+    }
+#   endif
+
+#   ifndef OPENSSL_NO_ECDH
+    ecdh_c[R_EC_P160][0] = count / 1000;
+    ecdh_c[R_EC_P160][1] = count / 1000;
+    for (i = R_EC_P192; i <= R_EC_P521; i++) {
+        ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
+        ecdh_c[i][1] = ecdh_c[i - 1][1] / 2;
+        if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
+            ecdh_doit[i] = 0;
+        else {
+            if (ecdh_c[i] == 0) {
+                ecdh_c[i][0] = 1;
+                ecdh_c[i][1] = 1;
+            }
+        }
+    }
+    ecdh_c[R_EC_K163][0] = count / 1000;
+    ecdh_c[R_EC_K163][1] = count / 1000;
+    for (i = R_EC_K233; i <= R_EC_K571; i++) {
+        ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
+        ecdh_c[i][1] = ecdh_c[i - 1][1] / 2;
+        if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
+            ecdh_doit[i] = 0;
+        else {
+            if (ecdh_c[i] == 0) {
+                ecdh_c[i][0] = 1;
+                ecdh_c[i][1] = 1;
+            }
+        }
+    }
+    ecdh_c[R_EC_B163][0] = count / 1000;
+    ecdh_c[R_EC_B163][1] = count / 1000;
+    for (i = R_EC_B233; i <= R_EC_B571; i++) {
+        ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
+        ecdh_c[i][1] = ecdh_c[i - 1][1] / 2;
+        if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
+            ecdh_doit[i] = 0;
+        else {
+            if (ecdh_c[i] == 0) {
+                ecdh_c[i][0] = 1;
+                ecdh_c[i][1] = 1;
+            }
+        }
+    }
+#   endif
+
+#   define COND(d) (count < (d))
+#   define COUNT(d) (d)
+#  else
+/* not worth fixing */
+#   error "You cannot disable DES on systems without SIGALRM."
+#  endif                        /* OPENSSL_NO_DES */
+# else
+#  define COND(c) (run && count<0x7fffffff)
+#  define COUNT(d) (count)
+#  ifndef _WIN32
+    signal(SIGALRM, sig_done);
+#  endif
+# endif                         /* SIGALRM */
+
+# ifndef OPENSSL_NO_MD2
+    if (doit[D_MD2]) {
+        for (j = 0; j < SIZE_NUM; j++) {
+            print_message(names[D_MD2], c[D_MD2][j], lengths[j]);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_MD2][j]); count++)
+                EVP_Digest(buf, (unsigned long)lengths[j], &(md2[0]), NULL,
+                           EVP_md2(), NULL);
+            d = Time_F(STOP);
+            print_result(D_MD2, j, count, d);
+        }
+    }
+# endif
+# ifndef OPENSSL_NO_MDC2
+    if (doit[D_MDC2]) {
+        for (j = 0; j < SIZE_NUM; j++) {
+            print_message(names[D_MDC2], c[D_MDC2][j], lengths[j]);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_MDC2][j]); count++)
+                EVP_Digest(buf, (unsigned long)lengths[j], &(mdc2[0]), NULL,
+                           EVP_mdc2(), NULL);
+            d = Time_F(STOP);
+            print_result(D_MDC2, j, count, d);
+        }
+    }
+# endif
+
+# ifndef OPENSSL_NO_MD4
+    if (doit[D_MD4]) {
+        for (j = 0; j < SIZE_NUM; j++) {
+            print_message(names[D_MD4], c[D_MD4][j], lengths[j]);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_MD4][j]); count++)
+                EVP_Digest(&(buf[0]), (unsigned long)lengths[j], &(md4[0]),
+                           NULL, EVP_md4(), NULL);
+            d = Time_F(STOP);
+            print_result(D_MD4, j, count, d);
+        }
+    }
+# endif
+
+# ifndef OPENSSL_NO_MD5
+    if (doit[D_MD5]) {
+        for (j = 0; j < SIZE_NUM; j++) {
+            print_message(names[D_MD5], c[D_MD5][j], lengths[j]);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_MD5][j]); count++)
+                EVP_Digest(&(buf[0]), (unsigned long)lengths[j], &(md5[0]),
+                           NULL, EVP_get_digestbyname("md5"), NULL);
+            d = Time_F(STOP);
+            print_result(D_MD5, j, count, d);
+        }
+    }
+# endif
+
+# if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_HMAC)
+    if (doit[D_HMAC]) {
+        HMAC_CTX hctx;
+
+        HMAC_CTX_init(&hctx);
+        HMAC_Init_ex(&hctx, (unsigned char *)"This is a key...",
+                     16, EVP_md5(), NULL);
+
+        for (j = 0; j < SIZE_NUM; j++) {
+            print_message(names[D_HMAC], c[D_HMAC][j], lengths[j]);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_HMAC][j]); count++) {
+                HMAC_Init_ex(&hctx, NULL, 0, NULL, NULL);
+                HMAC_Update(&hctx, buf, lengths[j]);
+                HMAC_Final(&hctx, &(hmac[0]), NULL);
+            }
+            d = Time_F(STOP);
+            print_result(D_HMAC, j, count, d);
+        }
+        HMAC_CTX_cleanup(&hctx);
+    }
+# endif
+# ifndef OPENSSL_NO_SHA
+    if (doit[D_SHA1]) {
+        for (j = 0; j < SIZE_NUM; j++) {
+            print_message(names[D_SHA1], c[D_SHA1][j], lengths[j]);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_SHA1][j]); count++)
+                EVP_Digest(buf, (unsigned long)lengths[j], &(sha[0]), NULL,
+                           EVP_sha1(), NULL);
+            d = Time_F(STOP);
+            print_result(D_SHA1, j, count, d);
+        }
+    }
+#  ifndef OPENSSL_NO_SHA256
+    if (doit[D_SHA256]) {
+        for (j = 0; j < SIZE_NUM; j++) {
+            print_message(names[D_SHA256], c[D_SHA256][j], lengths[j]);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_SHA256][j]); count++)
+                SHA256(buf, lengths[j], sha256);
+            d = Time_F(STOP);
+            print_result(D_SHA256, j, count, d);
+        }
+    }
+#  endif
+
+#  ifndef OPENSSL_NO_SHA512
+    if (doit[D_SHA512]) {
+        for (j = 0; j < SIZE_NUM; j++) {
+            print_message(names[D_SHA512], c[D_SHA512][j], lengths[j]);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_SHA512][j]); count++)
+                SHA512(buf, lengths[j], sha512);
+            d = Time_F(STOP);
+            print_result(D_SHA512, j, count, d);
+        }
+    }
+#  endif
+# endif
+
+# ifndef OPENSSL_NO_WHIRLPOOL
+    if (doit[D_WHIRLPOOL]) {
+        for (j = 0; j < SIZE_NUM; j++) {
+            print_message(names[D_WHIRLPOOL], c[D_WHIRLPOOL][j], lengths[j]);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_WHIRLPOOL][j]); count++)
+                WHIRLPOOL(buf, lengths[j], whirlpool);
+            d = Time_F(STOP);
+            print_result(D_WHIRLPOOL, j, count, d);
+        }
+    }
+# endif
+
+# ifndef OPENSSL_NO_RIPEMD
+    if (doit[D_RMD160]) {
+        for (j = 0; j < SIZE_NUM; j++) {
+            print_message(names[D_RMD160], c[D_RMD160][j], lengths[j]);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_RMD160][j]); count++)
+                EVP_Digest(buf, (unsigned long)lengths[j], &(rmd160[0]), NULL,
+                           EVP_ripemd160(), NULL);
+            d = Time_F(STOP);
+            print_result(D_RMD160, j, count, d);
+        }
+    }
+# endif
+# ifndef OPENSSL_NO_RC4
+    if (doit[D_RC4]) {
+        for (j = 0; j < SIZE_NUM; j++) {
+            print_message(names[D_RC4], c[D_RC4][j], lengths[j]);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_RC4][j]); count++)
+                RC4(&rc4_ks, (unsigned int)lengths[j], buf, buf);
+            d = Time_F(STOP);
+            print_result(D_RC4, j, count, d);
+        }
+    }
+# endif
+# ifndef OPENSSL_NO_DES
+    if (doit[D_CBC_DES]) {
+        for (j = 0; j < SIZE_NUM; j++) {
+            print_message(names[D_CBC_DES], c[D_CBC_DES][j], lengths[j]);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_CBC_DES][j]); count++)
+                DES_ncbc_encrypt(buf, buf, lengths[j], &sch,
+                                 &DES_iv, DES_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_CBC_DES, j, count, d);
+        }
+    }
+
+    if (doit[D_EDE3_DES]) {
+        for (j = 0; j < SIZE_NUM; j++) {
+            print_message(names[D_EDE3_DES], c[D_EDE3_DES][j], lengths[j]);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_EDE3_DES][j]); count++)
+                DES_ede3_cbc_encrypt(buf, buf, lengths[j],
+                                     &sch, &sch2, &sch3,
+                                     &DES_iv, DES_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_EDE3_DES, j, count, d);
+        }
+    }
+# endif
+# ifndef OPENSSL_NO_AES
+    if (doit[D_CBC_128_AES]) {
+        for (j = 0; j < SIZE_NUM; j++) {
+            print_message(names[D_CBC_128_AES], c[D_CBC_128_AES][j],
+                          lengths[j]);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_CBC_128_AES][j]); count++)
+                AES_cbc_encrypt(buf, buf,
+                                (unsigned long)lengths[j], &aes_ks1,
+                                iv, AES_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_CBC_128_AES, j, count, d);
+        }
+    }
+    if (doit[D_CBC_192_AES]) {
+        for (j = 0; j < SIZE_NUM; j++) {
+            print_message(names[D_CBC_192_AES], c[D_CBC_192_AES][j],
+                          lengths[j]);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_CBC_192_AES][j]); count++)
+                AES_cbc_encrypt(buf, buf,
+                                (unsigned long)lengths[j], &aes_ks2,
+                                iv, AES_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_CBC_192_AES, j, count, d);
+        }
+    }
+    if (doit[D_CBC_256_AES]) {
+        for (j = 0; j < SIZE_NUM; j++) {
+            print_message(names[D_CBC_256_AES], c[D_CBC_256_AES][j],
+                          lengths[j]);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_CBC_256_AES][j]); count++)
+                AES_cbc_encrypt(buf, buf,
+                                (unsigned long)lengths[j], &aes_ks3,
+                                iv, AES_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_CBC_256_AES, j, count, d);
+        }
+    }
+
+    if (doit[D_IGE_128_AES]) {
+        for (j = 0; j < SIZE_NUM; j++) {
+            print_message(names[D_IGE_128_AES], c[D_IGE_128_AES][j],
+                          lengths[j]);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_IGE_128_AES][j]); count++)
+                AES_ige_encrypt(buf, buf2,
+                                (unsigned long)lengths[j], &aes_ks1,
+                                iv, AES_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_IGE_128_AES, j, count, d);
+        }
+    }
+    if (doit[D_IGE_192_AES]) {
+        for (j = 0; j < SIZE_NUM; j++) {
+            print_message(names[D_IGE_192_AES], c[D_IGE_192_AES][j],
+                          lengths[j]);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_IGE_192_AES][j]); count++)
+                AES_ige_encrypt(buf, buf2,
+                                (unsigned long)lengths[j], &aes_ks2,
+                                iv, AES_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_IGE_192_AES, j, count, d);
+        }
+    }
+    if (doit[D_IGE_256_AES]) {
+        for (j = 0; j < SIZE_NUM; j++) {
+            print_message(names[D_IGE_256_AES], c[D_IGE_256_AES][j],
+                          lengths[j]);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_IGE_256_AES][j]); count++)
+                AES_ige_encrypt(buf, buf2,
+                                (unsigned long)lengths[j], &aes_ks3,
+                                iv, AES_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_IGE_256_AES, j, count, d);
+        }
+    }
+    if (doit[D_GHASH]) {
+        GCM128_CONTEXT *ctx =
+            CRYPTO_gcm128_new(&aes_ks1, (block128_f) AES_encrypt);
+        CRYPTO_gcm128_setiv(ctx, (unsigned char *)"0123456789ab", 12);
+
+        for (j = 0; j < SIZE_NUM; j++) {
+            print_message(names[D_GHASH], c[D_GHASH][j], lengths[j]);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_GHASH][j]); count++)
+                CRYPTO_gcm128_aad(ctx, buf, lengths[j]);
+            d = Time_F(STOP);
+            print_result(D_GHASH, j, count, d);
+        }
+        CRYPTO_gcm128_release(ctx);
+    }
+# endif
+# ifndef OPENSSL_NO_CAMELLIA
+    if (doit[D_CBC_128_CML]) {
+        for (j = 0; j < SIZE_NUM; j++) {
+            print_message(names[D_CBC_128_CML], c[D_CBC_128_CML][j],
+                          lengths[j]);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_CBC_128_CML][j]); count++)
+                Camellia_cbc_encrypt(buf, buf,
+                                     (unsigned long)lengths[j], &camellia_ks1,
+                                     iv, CAMELLIA_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_CBC_128_CML, j, count, d);
+        }
+    }
+    if (doit[D_CBC_192_CML]) {
+        for (j = 0; j < SIZE_NUM; j++) {
+            print_message(names[D_CBC_192_CML], c[D_CBC_192_CML][j],
+                          lengths[j]);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_CBC_192_CML][j]); count++)
+                Camellia_cbc_encrypt(buf, buf,
+                                     (unsigned long)lengths[j], &camellia_ks2,
+                                     iv, CAMELLIA_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_CBC_192_CML, j, count, d);
+        }
+    }
+    if (doit[D_CBC_256_CML]) {
+        for (j = 0; j < SIZE_NUM; j++) {
+            print_message(names[D_CBC_256_CML], c[D_CBC_256_CML][j],
+                          lengths[j]);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_CBC_256_CML][j]); count++)
+                Camellia_cbc_encrypt(buf, buf,
+                                     (unsigned long)lengths[j], &camellia_ks3,
+                                     iv, CAMELLIA_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_CBC_256_CML, j, count, d);
+        }
+    }
+# endif
+# ifndef OPENSSL_NO_IDEA
+    if (doit[D_CBC_IDEA]) {
+        for (j = 0; j < SIZE_NUM; j++) {
+            print_message(names[D_CBC_IDEA], c[D_CBC_IDEA][j], lengths[j]);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_CBC_IDEA][j]); count++)
+                idea_cbc_encrypt(buf, buf,
+                                 (unsigned long)lengths[j], &idea_ks,
+                                 iv, IDEA_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_CBC_IDEA, j, count, d);
+        }
+    }
+# endif
+# ifndef OPENSSL_NO_SEED
+    if (doit[D_CBC_SEED]) {
+        for (j = 0; j < SIZE_NUM; j++) {
+            print_message(names[D_CBC_SEED], c[D_CBC_SEED][j], lengths[j]);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_CBC_SEED][j]); count++)
+                SEED_cbc_encrypt(buf, buf,
+                                 (unsigned long)lengths[j], &seed_ks, iv, 1);
+            d = Time_F(STOP);
+            print_result(D_CBC_SEED, j, count, d);
+        }
+    }
+# endif
+# ifndef OPENSSL_NO_RC2
+    if (doit[D_CBC_RC2]) {
+        for (j = 0; j < SIZE_NUM; j++) {
+            print_message(names[D_CBC_RC2], c[D_CBC_RC2][j], lengths[j]);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_CBC_RC2][j]); count++)
+                RC2_cbc_encrypt(buf, buf,
+                                (unsigned long)lengths[j], &rc2_ks,
+                                iv, RC2_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_CBC_RC2, j, count, d);
+        }
+    }
+# endif
+# ifndef OPENSSL_NO_RC5
+    if (doit[D_CBC_RC5]) {
+        for (j = 0; j < SIZE_NUM; j++) {
+            print_message(names[D_CBC_RC5], c[D_CBC_RC5][j], lengths[j]);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_CBC_RC5][j]); count++)
+                RC5_32_cbc_encrypt(buf, buf,
+                                   (unsigned long)lengths[j], &rc5_ks,
+                                   iv, RC5_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_CBC_RC5, j, count, d);
+        }
+    }
+# endif
+# ifndef OPENSSL_NO_BF
+    if (doit[D_CBC_BF]) {
+        for (j = 0; j < SIZE_NUM; j++) {
+            print_message(names[D_CBC_BF], c[D_CBC_BF][j], lengths[j]);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_CBC_BF][j]); count++)
+                BF_cbc_encrypt(buf, buf,
+                               (unsigned long)lengths[j], &bf_ks,
+                               iv, BF_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_CBC_BF, j, count, d);
+        }
+    }
+# endif
+# ifndef OPENSSL_NO_CAST
+    if (doit[D_CBC_CAST]) {
+        for (j = 0; j < SIZE_NUM; j++) {
+            print_message(names[D_CBC_CAST], c[D_CBC_CAST][j], lengths[j]);
+            Time_F(START);
+            for (count = 0, run = 1; COND(c[D_CBC_CAST][j]); count++)
+                CAST_cbc_encrypt(buf, buf,
+                                 (unsigned long)lengths[j], &cast_ks,
+                                 iv, CAST_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_CBC_CAST, j, count, d);
+        }
+    }
+# endif
+
+    if (doit[D_EVP]) {
+        for (j = 0; j < SIZE_NUM; j++) {
+            if (evp_cipher) {
+                EVP_CIPHER_CTX ctx;
+                int outl;
+
+                names[D_EVP] = OBJ_nid2ln(evp_cipher->nid);
+                /*
+                 * -O3 -fschedule-insns messes up an optimization here!
+                 * names[D_EVP] somehow becomes NULL
+                 */
+                print_message(names[D_EVP], save_count, lengths[j]);
+
+                EVP_CIPHER_CTX_init(&ctx);
+                if (decrypt)
+                    EVP_DecryptInit_ex(&ctx, evp_cipher, NULL, key16, iv);
+                else
+                    EVP_EncryptInit_ex(&ctx, evp_cipher, NULL, key16, iv);
+                EVP_CIPHER_CTX_set_padding(&ctx, 0);
+
+                Time_F(START);
+                if (decrypt)
+                    for (count = 0, run = 1;
+                         COND(save_count * 4 * lengths[0] / lengths[j]);
+                         count++)
+                        EVP_DecryptUpdate(&ctx, buf, &outl, buf, lengths[j]);
+                else
+                    for (count = 0, run = 1;
+                         COND(save_count * 4 * lengths[0] / lengths[j]);
+                         count++)
+                        EVP_EncryptUpdate(&ctx, buf, &outl, buf, lengths[j]);
+                if (decrypt)
+                    EVP_DecryptFinal_ex(&ctx, buf, &outl);
+                else
+                    EVP_EncryptFinal_ex(&ctx, buf, &outl);
+                d = Time_F(STOP);
+                EVP_CIPHER_CTX_cleanup(&ctx);
+            }
+            if (evp_md) {
+                names[D_EVP] = OBJ_nid2ln(evp_md->type);
+                print_message(names[D_EVP], save_count, lengths[j]);
+
+                Time_F(START);
+                for (count = 0, run = 1;
+                     COND(save_count * 4 * lengths[0] / lengths[j]); count++)
+                    EVP_Digest(buf, lengths[j], &(md[0]), NULL, evp_md, NULL);
+
+                d = Time_F(STOP);
+            }
+            print_result(D_EVP, j, count, d);
+        }
+    }
+
+    RAND_pseudo_bytes(buf, 36);
+# ifndef OPENSSL_NO_RSA
+    for (j = 0; j < RSA_NUM; j++) {
+        int ret;
+        if (!rsa_doit[j])
+            continue;
+        ret = RSA_sign(NID_md5_sha1, buf, 36, buf2, &rsa_num, rsa_key[j]);
+        if (ret == 0) {
+            BIO_printf(bio_err,
+                       "RSA sign failure.  No RSA sign will be done.\n");
+            ERR_print_errors(bio_err);
+            rsa_count = 1;
+        } else {
+            pkey_print_message("private", "rsa",
+                               rsa_c[j][0], rsa_bits[j], RSA_SECONDS);
+            /* RSA_blinding_on(rsa_key[j],NULL); */
+            Time_F(START);
+            for (count = 0, run = 1; COND(rsa_c[j][0]); count++) {
+                ret = RSA_sign(NID_md5_sha1, buf, 36, buf2,
+                               &rsa_num, rsa_key[j]);
+                if (ret == 0) {
+                    BIO_printf(bio_err, "RSA sign failure\n");
+                    ERR_print_errors(bio_err);
+                    count = 1;
+                    break;
+                }
+            }
+            d = Time_F(STOP);
+            BIO_printf(bio_err,
+                       mr ? "+R1:%ld:%d:%.2f\n"
+                       : "%ld %d bit private RSA's in %.2fs\n",
+                       count, rsa_bits[j], d);
+            rsa_results[j][0] = d / (double)count;
+            rsa_count = count;
+        }
+
+#  if 1
+        ret = RSA_verify(NID_md5_sha1, buf, 36, buf2, rsa_num, rsa_key[j]);
+        if (ret <= 0) {
+            BIO_printf(bio_err,
+                       "RSA verify failure.  No RSA verify will be done.\n");
+            ERR_print_errors(bio_err);
+            rsa_doit[j] = 0;
+        } else {
+            pkey_print_message("public", "rsa",
+                               rsa_c[j][1], rsa_bits[j], RSA_SECONDS);
+            Time_F(START);
+            for (count = 0, run = 1; COND(rsa_c[j][1]); count++) {
+                ret = RSA_verify(NID_md5_sha1, buf, 36, buf2,
+                                 rsa_num, rsa_key[j]);
+                if (ret <= 0) {
+                    BIO_printf(bio_err, "RSA verify failure\n");
+                    ERR_print_errors(bio_err);
+                    count = 1;
+                    break;
+                }
+            }
+            d = Time_F(STOP);
+            BIO_printf(bio_err,
+                       mr ? "+R2:%ld:%d:%.2f\n"
+                       : "%ld %d bit public RSA's in %.2fs\n",
+                       count, rsa_bits[j], d);
+            rsa_results[j][1] = d / (double)count;
+        }
+#  endif
+
+        if (rsa_count <= 1) {
+            /* if longer than 10s, don't do any more */
+            for (j++; j < RSA_NUM; j++)
+                rsa_doit[j] = 0;
+        }
+    }
+# endif
+
+    RAND_pseudo_bytes(buf, 20);
+# ifndef OPENSSL_NO_DSA
+    if (RAND_status() != 1) {
+        RAND_seed(rnd_seed, sizeof rnd_seed);
+        rnd_fake = 1;
+    }
+    for (j = 0; j < DSA_NUM; j++) {
+        unsigned int kk;
+        int ret;
+
+        if (!dsa_doit[j])
+            continue;
+
+        /* DSA_generate_key(dsa_key[j]); */
+        /* DSA_sign_setup(dsa_key[j],NULL); */
+        ret = DSA_sign(EVP_PKEY_DSA, buf, 20, buf2, &kk, dsa_key[j]);
+        if (ret == 0) {
+            BIO_printf(bio_err,
+                       "DSA sign failure.  No DSA sign will be done.\n");
+            ERR_print_errors(bio_err);
+            rsa_count = 1;
+        } else {
+            pkey_print_message("sign", "dsa",
+                               dsa_c[j][0], dsa_bits[j], DSA_SECONDS);
+            Time_F(START);
+            for (count = 0, run = 1; COND(dsa_c[j][0]); count++) {
+                ret = DSA_sign(EVP_PKEY_DSA, buf, 20, buf2, &kk, dsa_key[j]);
+                if (ret == 0) {
+                    BIO_printf(bio_err, "DSA sign failure\n");
+                    ERR_print_errors(bio_err);
+                    count = 1;
+                    break;
+                }
+            }
+            d = Time_F(STOP);
+            BIO_printf(bio_err,
+                       mr ? "+R3:%ld:%d:%.2f\n"
+                       : "%ld %d bit DSA signs in %.2fs\n",
+                       count, dsa_bits[j], d);
+            dsa_results[j][0] = d / (double)count;
+            rsa_count = count;
+        }
+
+        ret = DSA_verify(EVP_PKEY_DSA, buf, 20, buf2, kk, dsa_key[j]);
+        if (ret <= 0) {
+            BIO_printf(bio_err,
+                       "DSA verify failure.  No DSA verify will be done.\n");
+            ERR_print_errors(bio_err);
+            dsa_doit[j] = 0;
+        } else {
+            pkey_print_message("verify", "dsa",
+                               dsa_c[j][1], dsa_bits[j], DSA_SECONDS);
+            Time_F(START);
+            for (count = 0, run = 1; COND(dsa_c[j][1]); count++) {
+                ret = DSA_verify(EVP_PKEY_DSA, buf, 20, buf2, kk, dsa_key[j]);
+                if (ret <= 0) {
+                    BIO_printf(bio_err, "DSA verify failure\n");
+                    ERR_print_errors(bio_err);
+                    count = 1;
+                    break;
+                }
+            }
+            d = Time_F(STOP);
+            BIO_printf(bio_err,
+                       mr ? "+R4:%ld:%d:%.2f\n"
+                       : "%ld %d bit DSA verify in %.2fs\n",
+                       count, dsa_bits[j], d);
+            dsa_results[j][1] = d / (double)count;
+        }
+
+        if (rsa_count <= 1) {
+            /* if longer than 10s, don't do any more */
+            for (j++; j < DSA_NUM; j++)
+                dsa_doit[j] = 0;
+        }
+    }
+    if (rnd_fake)
+        RAND_cleanup();
+# endif
+
+# ifndef OPENSSL_NO_ECDSA
+    if (RAND_status() != 1) {
+        RAND_seed(rnd_seed, sizeof rnd_seed);
+        rnd_fake = 1;
+    }
+    for (j = 0; j < EC_NUM; j++) {
+        int ret;
+
+        if (!ecdsa_doit[j])
+            continue;           /* Ignore Curve */
+        ecdsa[j] = EC_KEY_new_by_curve_name(test_curves[j]);
+        if (ecdsa[j] == NULL) {
+            BIO_printf(bio_err, "ECDSA failure.\n");
+            ERR_print_errors(bio_err);
+            rsa_count = 1;
+        } else {
+#  if 1
+            EC_KEY_precompute_mult(ecdsa[j], NULL);
+#  endif
+            /* Perform ECDSA signature test */
+            EC_KEY_generate_key(ecdsa[j]);
+            ret = ECDSA_sign(0, buf, 20, ecdsasig, &ecdsasiglen, ecdsa[j]);
+            if (ret == 0) {
+                BIO_printf(bio_err,
+                           "ECDSA sign failure.  No ECDSA sign will be done.\n");
+                ERR_print_errors(bio_err);
+                rsa_count = 1;
+            } else {
+                pkey_print_message("sign", "ecdsa",
+                                   ecdsa_c[j][0],
+                                   test_curves_bits[j], ECDSA_SECONDS);
+
+                Time_F(START);
+                for (count = 0, run = 1; COND(ecdsa_c[j][0]); count++) {
+                    ret = ECDSA_sign(0, buf, 20,
+                                     ecdsasig, &ecdsasiglen, ecdsa[j]);
+                    if (ret == 0) {
+                        BIO_printf(bio_err, "ECDSA sign failure\n");
+                        ERR_print_errors(bio_err);
+                        count = 1;
+                        break;
+                    }
+                }
+                d = Time_F(STOP);
+
+                BIO_printf(bio_err,
+                           mr ? "+R5:%ld:%d:%.2f\n" :
+                           "%ld %d bit ECDSA signs in %.2fs \n",
+                           count, test_curves_bits[j], d);
+                ecdsa_results[j][0] = d / (double)count;
+                rsa_count = count;
+            }
+
+            /* Perform ECDSA verification test */
+            ret = ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[j]);
+            if (ret != 1) {
+                BIO_printf(bio_err,
+                           "ECDSA verify failure.  No ECDSA verify will be done.\n");
+                ERR_print_errors(bio_err);
+                ecdsa_doit[j] = 0;
+            } else {
+                pkey_print_message("verify", "ecdsa",
+                                   ecdsa_c[j][1],
+                                   test_curves_bits[j], ECDSA_SECONDS);
+                Time_F(START);
+                for (count = 0, run = 1; COND(ecdsa_c[j][1]); count++) {
+                    ret =
+                        ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen,
+                                     ecdsa[j]);
+                    if (ret != 1) {
+                        BIO_printf(bio_err, "ECDSA verify failure\n");
+                        ERR_print_errors(bio_err);
+                        count = 1;
+                        break;
+                    }
+                }
+                d = Time_F(STOP);
+                BIO_printf(bio_err,
+                           mr ? "+R6:%ld:%d:%.2f\n"
+                           : "%ld %d bit ECDSA verify in %.2fs\n",
+                           count, test_curves_bits[j], d);
+                ecdsa_results[j][1] = d / (double)count;
+            }
+
+            if (rsa_count <= 1) {
+                /* if longer than 10s, don't do any more */
+                for (j++; j < EC_NUM; j++)
+                    ecdsa_doit[j] = 0;
+            }
+        }
+    }
+    if (rnd_fake)
+        RAND_cleanup();
+# endif
+
+# ifndef OPENSSL_NO_ECDH
+    if (RAND_status() != 1) {
+        RAND_seed(rnd_seed, sizeof rnd_seed);
+        rnd_fake = 1;
+    }
+    for (j = 0; j < EC_NUM; j++) {
+        if (!ecdh_doit[j])
+            continue;
+        ecdh_a[j] = EC_KEY_new_by_curve_name(test_curves[j]);
+        ecdh_b[j] = EC_KEY_new_by_curve_name(test_curves[j]);
+        if ((ecdh_a[j] == NULL) || (ecdh_b[j] == NULL)) {
+            BIO_printf(bio_err, "ECDH failure.\n");
+            ERR_print_errors(bio_err);
+            rsa_count = 1;
+        } else {
+            /* generate two ECDH key pairs */
+            if (!EC_KEY_generate_key(ecdh_a[j]) ||
+                !EC_KEY_generate_key(ecdh_b[j])) {
+                BIO_printf(bio_err, "ECDH key generation failure.\n");
+                ERR_print_errors(bio_err);
+                rsa_count = 1;
+            } else {
+                /*
+                 * If field size is not more than 24 octets, then use SHA-1
+                 * hash of result; otherwise, use result (see section 4.8 of
+                 * draft-ietf-tls-ecc-03.txt).
+                 */
+                int field_size, outlen;
+                void *(*kdf) (const void *in, size_t inlen, void *out,
+                              size_t *xoutlen);
+                field_size =
+                    EC_GROUP_get_degree(EC_KEY_get0_group(ecdh_a[j]));
+                if (field_size <= 24 * 8) {
+                    outlen = KDF1_SHA1_len;
+                    kdf = KDF1_SHA1;
+                } else {
+                    outlen = (field_size + 7) / 8;
+                    kdf = NULL;
+                }
+                secret_size_a =
+                    ECDH_compute_key(secret_a, outlen,
+                                     EC_KEY_get0_public_key(ecdh_b[j]),
+                                     ecdh_a[j], kdf);
+                secret_size_b =
+                    ECDH_compute_key(secret_b, outlen,
+                                     EC_KEY_get0_public_key(ecdh_a[j]),
+                                     ecdh_b[j], kdf);
+                if (secret_size_a != secret_size_b)
+                    ecdh_checks = 0;
+                else
+                    ecdh_checks = 1;
+
+                for (secret_idx = 0; (secret_idx < secret_size_a)
+                     && (ecdh_checks == 1); secret_idx++) {
+                    if (secret_a[secret_idx] != secret_b[secret_idx])
+                        ecdh_checks = 0;
+                }
+
+                if (ecdh_checks == 0) {
+                    BIO_printf(bio_err, "ECDH computations don't match.\n");
+                    ERR_print_errors(bio_err);
+                    rsa_count = 1;
+                }
+
+                pkey_print_message("", "ecdh",
+                                   ecdh_c[j][0],
+                                   test_curves_bits[j], ECDH_SECONDS);
+                Time_F(START);
+                for (count = 0, run = 1; COND(ecdh_c[j][0]); count++) {
+                    ECDH_compute_key(secret_a, outlen,
+                                     EC_KEY_get0_public_key(ecdh_b[j]),
+                                     ecdh_a[j], kdf);
+                }
+                d = Time_F(STOP);
+                BIO_printf(bio_err,
+                           mr ? "+R7:%ld:%d:%.2f\n" :
+                           "%ld %d-bit ECDH ops in %.2fs\n", count,
+                           test_curves_bits[j], d);
+                ecdh_results[j][0] = d / (double)count;
+                rsa_count = count;
+            }
+        }
+
+        if (rsa_count <= 1) {
+            /* if longer than 10s, don't do any more */
+            for (j++; j < EC_NUM; j++)
+                ecdh_doit[j] = 0;
+        }
+    }
+    if (rnd_fake)
+        RAND_cleanup();
+# endif
+# ifndef NO_FORK
+ show_res:
+# endif
+    if (!mr) {
+        fprintf(stdout, "%s\n", SSLeay_version(SSLEAY_VERSION));
+        fprintf(stdout, "%s\n", SSLeay_version(SSLEAY_BUILT_ON));
+        printf("options:");
+        printf("%s ", BN_options());
+# ifndef OPENSSL_NO_MD2
+        printf("%s ", MD2_options());
+# endif
+# ifndef OPENSSL_NO_RC4
+        printf("%s ", RC4_options());
+# endif
+# ifndef OPENSSL_NO_DES
+        printf("%s ", DES_options());
+# endif
+# ifndef OPENSSL_NO_AES
+        printf("%s ", AES_options());
+# endif
+# ifndef OPENSSL_NO_IDEA
+        printf("%s ", idea_options());
+# endif
+# ifndef OPENSSL_NO_BF
+        printf("%s ", BF_options());
+# endif
+        fprintf(stdout, "\n%s\n", SSLeay_version(SSLEAY_CFLAGS));
+    }
+
+    if (pr_header) {
+        if (mr)
+            fprintf(stdout, "+H");
+        else {
+            fprintf(stdout,
+                    "The 'numbers' are in 1000s of bytes per second processed.\n");
+            fprintf(stdout, "type        ");
+        }
+        for (j = 0; j < SIZE_NUM; j++)
+            fprintf(stdout, mr ? ":%d" : "%7d bytes", lengths[j]);
+        fprintf(stdout, "\n");
+    }
+
+    for (k = 0; k < ALGOR_NUM; k++) {
+        if (!doit[k])
+            continue;
+        if (mr)
+            fprintf(stdout, "+F:%d:%s", k, names[k]);
+        else
+            fprintf(stdout, "%-13s", names[k]);
+        for (j = 0; j < SIZE_NUM; j++) {
+            if (results[k][j] > 10000 && !mr)
+                fprintf(stdout, " %11.2fk", results[k][j] / 1e3);
+            else
+                fprintf(stdout, mr ? ":%.2f" : " %11.2f ", results[k][j]);
+        }
+        fprintf(stdout, "\n");
+    }
+# ifndef OPENSSL_NO_RSA
+    j = 1;
+    for (k = 0; k < RSA_NUM; k++) {
+        if (!rsa_doit[k])
+            continue;
+        if (j && !mr) {
+            printf("%18ssign    verify    sign/s verify/s\n", " ");
+            j = 0;
+        }
+        if (mr)
+            fprintf(stdout, "+F2:%u:%u:%f:%f\n",
+                    k, rsa_bits[k], rsa_results[k][0], rsa_results[k][1]);
+        else
+            fprintf(stdout, "rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
+                    rsa_bits[k], rsa_results[k][0], rsa_results[k][1],
+                    1.0 / rsa_results[k][0], 1.0 / rsa_results[k][1]);
+    }
+# endif
+# ifndef OPENSSL_NO_DSA
+    j = 1;
+    for (k = 0; k < DSA_NUM; k++) {
+        if (!dsa_doit[k])
+            continue;
+        if (j && !mr) {
+            printf("%18ssign    verify    sign/s verify/s\n", " ");
+            j = 0;
+        }
+        if (mr)
+            fprintf(stdout, "+F3:%u:%u:%f:%f\n",
+                    k, dsa_bits[k], dsa_results[k][0], dsa_results[k][1]);
+        else
+            fprintf(stdout, "dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
+                    dsa_bits[k], dsa_results[k][0], dsa_results[k][1],
+                    1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1]);
+    }
+# endif
+# ifndef OPENSSL_NO_ECDSA
+    j = 1;
+    for (k = 0; k < EC_NUM; k++) {
+        if (!ecdsa_doit[k])
+            continue;
+        if (j && !mr) {
+            printf("%30ssign    verify    sign/s verify/s\n", " ");
+            j = 0;
+        }
+
+        if (mr)
+            fprintf(stdout, "+F4:%u:%u:%f:%f\n",
+                    k, test_curves_bits[k],
+                    ecdsa_results[k][0], ecdsa_results[k][1]);
+        else
+            fprintf(stdout,
+                    "%4u bit ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
+                    test_curves_bits[k],
+                    test_curves_names[k],
+                    ecdsa_results[k][0], ecdsa_results[k][1],
+                    1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1]);
+    }
+# endif
+
+# ifndef OPENSSL_NO_ECDH
+    j = 1;
+    for (k = 0; k < EC_NUM; k++) {
+        if (!ecdh_doit[k])
+            continue;
+        if (j && !mr) {
+            printf("%30sop      op/s\n", " ");
+            j = 0;
+        }
+        if (mr)
+            fprintf(stdout, "+F5:%u:%u:%f:%f\n",
+                    k, test_curves_bits[k],
+                    ecdh_results[k][0], 1.0 / ecdh_results[k][0]);
+
+        else
+            fprintf(stdout, "%4u bit ecdh (%s) %8.4fs %8.1f\n",
+                    test_curves_bits[k],
+                    test_curves_names[k],
+                    ecdh_results[k][0], 1.0 / ecdh_results[k][0]);
+    }
+# endif
+
+    mret = 0;
+
+ end:
+    ERR_print_errors(bio_err);
+    if (buf != NULL)
+        OPENSSL_free(buf);
+    if (buf2 != NULL)
+        OPENSSL_free(buf2);
+# ifndef OPENSSL_NO_RSA
+    for (i = 0; i < RSA_NUM; i++)
+        if (rsa_key[i] != NULL)
+            RSA_free(rsa_key[i]);
+# endif
+# ifndef OPENSSL_NO_DSA
+    for (i = 0; i < DSA_NUM; i++)
+        if (dsa_key[i] != NULL)
+            DSA_free(dsa_key[i]);
+# endif
+
+# ifndef OPENSSL_NO_ECDSA
+    for (i = 0; i < EC_NUM; i++)
+        if (ecdsa[i] != NULL)
+            EC_KEY_free(ecdsa[i]);
+# endif
+# ifndef OPENSSL_NO_ECDH
+    for (i = 0; i < EC_NUM; i++) {
+        if (ecdh_a[i] != NULL)
+            EC_KEY_free(ecdh_a[i]);
+        if (ecdh_b[i] != NULL)
+            EC_KEY_free(ecdh_b[i]);
+    }
+# endif
+
+    apps_shutdown();
+    OPENSSL_EXIT(mret);
+}
+
+static void print_message(const char *s, long num, int length)
+{
+# ifdef SIGALRM
+    BIO_printf(bio_err,
+               mr ? "+DT:%s:%d:%d\n"
+               : "Doing %s for %ds on %d size blocks: ", s, SECONDS, length);
+    (void)BIO_flush(bio_err);
+    alarm(SECONDS);
+# else
+    BIO_printf(bio_err,
+               mr ? "+DN:%s:%ld:%d\n"
+               : "Doing %s %ld times on %d size blocks: ", s, num, length);
+    (void)BIO_flush(bio_err);
+# endif
+# ifdef LINT
+    num = num;
+# endif
+}
+
+static void pkey_print_message(const char *str, const char *str2, long num,
+                               int bits, int tm)
+{
+# ifdef SIGALRM
+    BIO_printf(bio_err,
+               mr ? "+DTP:%d:%s:%s:%d\n"
+               : "Doing %d bit %s %s's for %ds: ", bits, str, str2, tm);
+    (void)BIO_flush(bio_err);
+    alarm(tm);
+# else
+    BIO_printf(bio_err,
+               mr ? "+DNP:%ld:%d:%s:%s\n"
+               : "Doing %ld %d bit %s %s's: ", num, bits, str, str2);
+    (void)BIO_flush(bio_err);
+# endif
+# ifdef LINT
+    num = num;
+# endif
+}
+
+static void print_result(int alg, int run_no, int count, double time_used)
+{
+    BIO_printf(bio_err,
+               mr ? "+R:%d:%s:%f\n"
+               : "%d %s's in %.2fs\n", count, names[alg], time_used);
+    results[alg][run_no] = ((double)count) / time_used * lengths[run_no];
+}
+
+# ifndef NO_FORK
+static char *sstrsep(char **string, const char *delim)
+{
+    char isdelim[256];
+    char *token = *string;
+
+    if (**string == 0)
+        return NULL;
+
+    memset(isdelim, 0, sizeof isdelim);
+    isdelim[0] = 1;
+
+    while (*delim) {
+        isdelim[(unsigned char)(*delim)] = 1;
+        delim++;
+    }
+
+    while (!isdelim[(unsigned char)(**string)]) {
+        (*string)++;
+    }
+
+    if (**string) {
+        **string = 0;
+        (*string)++;
+    }
+
+    return token;
+}
+
+static int do_multi(int multi)
+{
+    int n;
+    int fd[2];
+    int *fds;
+    static char sep[] = ":";
+
+    fds = malloc(multi * sizeof *fds);
+    for (n = 0; n < multi; ++n) {
+        if (pipe(fd) == -1) {
+            fprintf(stderr, "pipe failure\n");
+            exit(1);
+        }
+        fflush(stdout);
+        fflush(stderr);
+        if (fork()) {
+            close(fd[1]);
+            fds[n] = fd[0];
+        } else {
+            close(fd[0]);
+            close(1);
+            if (dup(fd[1]) == -1) {
+                fprintf(stderr, "dup failed\n");
+                exit(1);
+            }
+            close(fd[1]);
+            mr = 1;
+            usertime = 0;
+            free(fds);
+            return 0;
+        }
+        printf("Forked child %d\n", n);
+    }
+
+    /* for now, assume the pipe is long enough to take all the output */
+    for (n = 0; n < multi; ++n) {
+        FILE *f;
+        char buf[1024];
+        char *p;
+
+        f = fdopen(fds[n], "r");
+        while (fgets(buf, sizeof buf, f)) {
+            p = strchr(buf, '\n');
+            if (p)
+                *p = '\0';
+            if (buf[0] != '+') {
+                fprintf(stderr, "Don't understand line '%s' from child %d\n",
+                        buf, n);
+                continue;
+            }
+            printf("Got: %s from %d\n", buf, n);
+            if (!strncmp(buf, "+F:", 3)) {
+                int alg;
+                int j;
+
+                p = buf + 3;
+                alg = atoi(sstrsep(&p, sep));
+                sstrsep(&p, sep);
+                for (j = 0; j < SIZE_NUM; ++j)
+                    results[alg][j] += atof(sstrsep(&p, sep));
+            } else if (!strncmp(buf, "+F2:", 4)) {
+                int k;
+                double d;
+
+                p = buf + 4;
+                k = atoi(sstrsep(&p, sep));
+                sstrsep(&p, sep);
+
+                d = atof(sstrsep(&p, sep));
+                if (n)
+                    rsa_results[k][0] = 1 / (1 / rsa_results[k][0] + 1 / d);
+                else
+                    rsa_results[k][0] = d;
+
+                d = atof(sstrsep(&p, sep));
+                if (n)
+                    rsa_results[k][1] = 1 / (1 / rsa_results[k][1] + 1 / d);
+                else
+                    rsa_results[k][1] = d;
+            }
+#  ifndef OPENSSL_NO_DSA
+            else if (!strncmp(buf, "+F3:", 4)) {
+                int k;
+                double d;
+
+                p = buf + 4;
+                k = atoi(sstrsep(&p, sep));
+                sstrsep(&p, sep);
+
+                d = atof(sstrsep(&p, sep));
+                if (n)
+                    dsa_results[k][0] = 1 / (1 / dsa_results[k][0] + 1 / d);
+                else
+                    dsa_results[k][0] = d;
+
+                d = atof(sstrsep(&p, sep));
+                if (n)
+                    dsa_results[k][1] = 1 / (1 / dsa_results[k][1] + 1 / d);
+                else
+                    dsa_results[k][1] = d;
+            }
+#  endif
+#  ifndef OPENSSL_NO_ECDSA
+            else if (!strncmp(buf, "+F4:", 4)) {
+                int k;
+                double d;
+
+                p = buf + 4;
+                k = atoi(sstrsep(&p, sep));
+                sstrsep(&p, sep);
+
+                d = atof(sstrsep(&p, sep));
+                if (n)
+                    ecdsa_results[k][0] =
+                        1 / (1 / ecdsa_results[k][0] + 1 / d);
+                else
+                    ecdsa_results[k][0] = d;
+
+                d = atof(sstrsep(&p, sep));
+                if (n)
+                    ecdsa_results[k][1] =
+                        1 / (1 / ecdsa_results[k][1] + 1 / d);
+                else
+                    ecdsa_results[k][1] = d;
+            }
+#  endif
+
+#  ifndef OPENSSL_NO_ECDH
+            else if (!strncmp(buf, "+F5:", 4)) {
+                int k;
+                double d;
+
+                p = buf + 4;
+                k = atoi(sstrsep(&p, sep));
+                sstrsep(&p, sep);
+
+                d = atof(sstrsep(&p, sep));
+                if (n)
+                    ecdh_results[k][0] = 1 / (1 / ecdh_results[k][0] + 1 / d);
+                else
+                    ecdh_results[k][0] = d;
+
+            }
+#  endif
+
+            else if (!strncmp(buf, "+H:", 3)) {
+            } else
+                fprintf(stderr, "Unknown type '%s' from child %d\n", buf, n);
+        }
+
+        fclose(f);
+    }
+    free(fds);
+    return 1;
+}
+# endif
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/apps/x509.c
===================================================================
--- vendor-crypto/openssl/dist/apps/x509.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/apps/x509.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,1220 +0,0 @@
-/* apps/x509.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#ifdef OPENSSL_NO_STDIO
-# define APPS_WIN16
-#endif
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/asn1.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/objects.h>
-#include <openssl/pem.h>
-#ifndef OPENSSL_NO_RSA
-# include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-# include <openssl/dsa.h>
-#endif
-
-#undef PROG
-#define PROG x509_main
-
-#undef POSTFIX
-#define POSTFIX ".srl"
-#define DEF_DAYS        30
-
-static const char *x509_usage[] = {
-    "usage: x509 args\n",
-    " -inform arg     - input format - default PEM (one of DER, NET or PEM)\n",
-    " -outform arg    - output format - default PEM (one of DER, NET or PEM)\n",
-    " -keyform arg    - private key format - default PEM\n",
-    " -CAform arg     - CA format - default PEM\n",
-    " -CAkeyform arg  - CA key format - default PEM\n",
-    " -in arg         - input file - default stdin\n",
-    " -out arg        - output file - default stdout\n",
-    " -passin arg     - private key password source\n",
-    " -serial         - print serial number value\n",
-    " -subject_hash   - print subject hash value\n",
-#ifndef OPENSSL_NO_MD5
-    " -subject_hash_old   - print old-style (MD5) subject hash value\n",
-#endif
-    " -issuer_hash    - print issuer hash value\n",
-#ifndef OPENSSL_NO_MD5
-    " -issuer_hash_old    - print old-style (MD5) issuer hash value\n",
-#endif
-    " -hash           - synonym for -subject_hash\n",
-    " -subject        - print subject DN\n",
-    " -issuer         - print issuer DN\n",
-    " -email          - print email address(es)\n",
-    " -startdate      - notBefore field\n",
-    " -enddate        - notAfter field\n",
-    " -purpose        - print out certificate purposes\n",
-    " -dates          - both Before and After dates\n",
-    " -modulus        - print the RSA key modulus\n",
-    " -pubkey         - output the public key\n",
-    " -fingerprint    - print the certificate fingerprint\n",
-    " -alias          - output certificate alias\n",
-    " -noout          - no certificate output\n",
-    " -ocspid         - print OCSP hash values for the subject name and public key\n",
-    " -ocsp_uri       - print OCSP Responder URL(s)\n",
-    " -trustout       - output a \"trusted\" certificate\n",
-    " -clrtrust       - clear all trusted purposes\n",
-    " -clrreject      - clear all rejected purposes\n",
-    " -addtrust arg   - trust certificate for a given purpose\n",
-    " -addreject arg  - reject certificate for a given purpose\n",
-    " -setalias arg   - set certificate alias\n",
-    " -days arg       - How long till expiry of a signed certificate - def 30 days\n",
-    " -checkend arg   - check whether the cert expires in the next arg seconds\n",
-    "                   exit 1 if so, 0 if not\n",
-    " -signkey arg    - self sign cert with arg\n",
-    " -x509toreq      - output a certification request object\n",
-    " -req            - input is a certificate request, sign and output.\n",
-    " -CA arg         - set the CA certificate, must be PEM format.\n",
-    " -CAkey arg      - set the CA key, must be PEM format\n",
-    "                   missing, it is assumed to be in the CA file.\n",
-    " -CAcreateserial - create serial number file if it does not exist\n",
-    " -CAserial arg   - serial file\n",
-    " -set_serial     - serial number to use\n",
-    " -text           - print the certificate in text form\n",
-    " -C              - print out C code forms\n",
-    " -md2/-md5/-sha1/-mdc2 - digest to use\n",
-    " -extfile        - configuration file with X509V3 extensions to add\n",
-    " -extensions     - section from config file with X509V3 extensions to add\n",
-    " -clrext         - delete extensions before signing and input certificate\n",
-    " -nameopt arg    - various certificate name options\n",
-#ifndef OPENSSL_NO_ENGINE
-    " -engine e       - use engine e, possibly a hardware device.\n",
-#endif
-    " -certopt arg    - various certificate text options\n",
-    NULL
-};
-
-static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
-static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
-                const EVP_MD *digest, CONF *conf, char *section);
-static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
-                        X509 *x, X509 *xca, EVP_PKEY *pkey,
-                        STACK_OF(OPENSSL_STRING) *sigopts, char *serial,
-                        int create, int days, int clrext, CONF *conf,
-                        char *section, ASN1_INTEGER *sno);
-static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
-static int reqfile = 0;
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-{
-    ENGINE *e = NULL;
-    int ret = 1;
-    X509_REQ *req = NULL;
-    X509 *x = NULL, *xca = NULL;
-    ASN1_OBJECT *objtmp;
-    STACK_OF(OPENSSL_STRING) *sigopts = NULL;
-    EVP_PKEY *Upkey = NULL, *CApkey = NULL;
-    ASN1_INTEGER *sno = NULL;
-    int i, num, badops = 0;
-    BIO *out = NULL;
-    BIO *STDout = NULL;
-    STACK_OF(ASN1_OBJECT) *trust = NULL, *reject = NULL;
-    int informat, outformat, keyformat, CAformat, CAkeyformat;
-    char *infile = NULL, *outfile = NULL, *keyfile = NULL, *CAfile = NULL;
-    char *CAkeyfile = NULL, *CAserial = NULL;
-    char *alias = NULL;
-    int text = 0, serial = 0, subject = 0, issuer = 0, startdate =
-        0, enddate = 0;
-    int next_serial = 0;
-    int subject_hash = 0, issuer_hash = 0, ocspid = 0;
-#ifndef OPENSSL_NO_MD5
-    int subject_hash_old = 0, issuer_hash_old = 0;
-#endif
-    int noout = 0, sign_flag = 0, CA_flag = 0, CA_createserial = 0, email = 0;
-    int ocsp_uri = 0;
-    int trustout = 0, clrtrust = 0, clrreject = 0, aliasout = 0, clrext = 0;
-    int C = 0;
-    int x509req = 0, days = DEF_DAYS, modulus = 0, pubkey = 0;
-    int pprint = 0;
-    const char **pp;
-    X509_STORE *ctx = NULL;
-    X509_REQ *rq = NULL;
-    int fingerprint = 0;
-    char buf[256];
-    const EVP_MD *md_alg, *digest = NULL;
-    CONF *extconf = NULL;
-    char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
-    int need_rand = 0;
-    int checkend = 0, checkoffset = 0;
-    unsigned long nmflag = 0, certflag = 0;
-#ifndef OPENSSL_NO_ENGINE
-    char *engine = NULL;
-#endif
-
-    reqfile = 0;
-
-    apps_startup();
-
-    if (bio_err == NULL)
-        bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
-
-    if (!load_config(bio_err, NULL))
-        goto end;
-    STDout = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-    {
-        BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-        STDout = BIO_push(tmpbio, STDout);
-    }
-#endif
-
-    informat = FORMAT_PEM;
-    outformat = FORMAT_PEM;
-    keyformat = FORMAT_PEM;
-    CAformat = FORMAT_PEM;
-    CAkeyformat = FORMAT_PEM;
-
-    ctx = X509_STORE_new();
-    if (ctx == NULL)
-        goto end;
-    X509_STORE_set_verify_cb(ctx, callb);
-
-    argc--;
-    argv++;
-    num = 0;
-    while (argc >= 1) {
-        if (strcmp(*argv, "-inform") == 0) {
-            if (--argc < 1)
-                goto bad;
-            informat = str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-outform") == 0) {
-            if (--argc < 1)
-                goto bad;
-            outformat = str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-keyform") == 0) {
-            if (--argc < 1)
-                goto bad;
-            keyformat = str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-req") == 0) {
-            reqfile = 1;
-            need_rand = 1;
-        } else if (strcmp(*argv, "-CAform") == 0) {
-            if (--argc < 1)
-                goto bad;
-            CAformat = str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-CAkeyform") == 0) {
-            if (--argc < 1)
-                goto bad;
-            CAkeyformat = str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-sigopt") == 0) {
-            if (--argc < 1)
-                goto bad;
-            if (!sigopts)
-                sigopts = sk_OPENSSL_STRING_new_null();
-            if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
-                goto bad;
-        } else if (strcmp(*argv, "-days") == 0) {
-            if (--argc < 1)
-                goto bad;
-            days = atoi(*(++argv));
-            if (days == 0) {
-                BIO_printf(bio_err, "bad number of days\n");
-                goto bad;
-            }
-        } else if (strcmp(*argv, "-passin") == 0) {
-            if (--argc < 1)
-                goto bad;
-            passargin = *(++argv);
-        } else if (strcmp(*argv, "-extfile") == 0) {
-            if (--argc < 1)
-                goto bad;
-            extfile = *(++argv);
-        } else if (strcmp(*argv, "-extensions") == 0) {
-            if (--argc < 1)
-                goto bad;
-            extsect = *(++argv);
-        } else if (strcmp(*argv, "-in") == 0) {
-            if (--argc < 1)
-                goto bad;
-            infile = *(++argv);
-        } else if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
-            outfile = *(++argv);
-        } else if (strcmp(*argv, "-signkey") == 0) {
-            if (--argc < 1)
-                goto bad;
-            keyfile = *(++argv);
-            sign_flag = ++num;
-            need_rand = 1;
-        } else if (strcmp(*argv, "-CA") == 0) {
-            if (--argc < 1)
-                goto bad;
-            CAfile = *(++argv);
-            CA_flag = ++num;
-            need_rand = 1;
-        } else if (strcmp(*argv, "-CAkey") == 0) {
-            if (--argc < 1)
-                goto bad;
-            CAkeyfile = *(++argv);
-        } else if (strcmp(*argv, "-CAserial") == 0) {
-            if (--argc < 1)
-                goto bad;
-            CAserial = *(++argv);
-        } else if (strcmp(*argv, "-set_serial") == 0) {
-            if (--argc < 1)
-                goto bad;
-            if (!(sno = s2i_ASN1_INTEGER(NULL, *(++argv))))
-                goto bad;
-        } else if (strcmp(*argv, "-addtrust") == 0) {
-            if (--argc < 1)
-                goto bad;
-            if (!(objtmp = OBJ_txt2obj(*(++argv), 0))) {
-                BIO_printf(bio_err, "Invalid trust object value %s\n", *argv);
-                goto bad;
-            }
-            if (!trust)
-                trust = sk_ASN1_OBJECT_new_null();
-            sk_ASN1_OBJECT_push(trust, objtmp);
-            trustout = 1;
-        } else if (strcmp(*argv, "-addreject") == 0) {
-            if (--argc < 1)
-                goto bad;
-            if (!(objtmp = OBJ_txt2obj(*(++argv), 0))) {
-                BIO_printf(bio_err,
-                           "Invalid reject object value %s\n", *argv);
-                goto bad;
-            }
-            if (!reject)
-                reject = sk_ASN1_OBJECT_new_null();
-            sk_ASN1_OBJECT_push(reject, objtmp);
-            trustout = 1;
-        } else if (strcmp(*argv, "-setalias") == 0) {
-            if (--argc < 1)
-                goto bad;
-            alias = *(++argv);
-            trustout = 1;
-        } else if (strcmp(*argv, "-certopt") == 0) {
-            if (--argc < 1)
-                goto bad;
-            if (!set_cert_ex(&certflag, *(++argv)))
-                goto bad;
-        } else if (strcmp(*argv, "-nameopt") == 0) {
-            if (--argc < 1)
-                goto bad;
-            if (!set_name_ex(&nmflag, *(++argv)))
-                goto bad;
-        }
-#ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*argv, "-engine") == 0) {
-            if (--argc < 1)
-                goto bad;
-            engine = *(++argv);
-        }
-#endif
-        else if (strcmp(*argv, "-C") == 0)
-            C = ++num;
-        else if (strcmp(*argv, "-email") == 0)
-            email = ++num;
-        else if (strcmp(*argv, "-ocsp_uri") == 0)
-            ocsp_uri = ++num;
-        else if (strcmp(*argv, "-serial") == 0)
-            serial = ++num;
-        else if (strcmp(*argv, "-next_serial") == 0)
-            next_serial = ++num;
-        else if (strcmp(*argv, "-modulus") == 0)
-            modulus = ++num;
-        else if (strcmp(*argv, "-pubkey") == 0)
-            pubkey = ++num;
-        else if (strcmp(*argv, "-x509toreq") == 0)
-            x509req = ++num;
-        else if (strcmp(*argv, "-text") == 0)
-            text = ++num;
-        else if (strcmp(*argv, "-hash") == 0
-                 || strcmp(*argv, "-subject_hash") == 0)
-            subject_hash = ++num;
-#ifndef OPENSSL_NO_MD5
-        else if (strcmp(*argv, "-subject_hash_old") == 0)
-            subject_hash_old = ++num;
-#endif
-        else if (strcmp(*argv, "-issuer_hash") == 0)
-            issuer_hash = ++num;
-#ifndef OPENSSL_NO_MD5
-        else if (strcmp(*argv, "-issuer_hash_old") == 0)
-            issuer_hash_old = ++num;
-#endif
-        else if (strcmp(*argv, "-subject") == 0)
-            subject = ++num;
-        else if (strcmp(*argv, "-issuer") == 0)
-            issuer = ++num;
-        else if (strcmp(*argv, "-fingerprint") == 0)
-            fingerprint = ++num;
-        else if (strcmp(*argv, "-dates") == 0) {
-            startdate = ++num;
-            enddate = ++num;
-        } else if (strcmp(*argv, "-purpose") == 0)
-            pprint = ++num;
-        else if (strcmp(*argv, "-startdate") == 0)
-            startdate = ++num;
-        else if (strcmp(*argv, "-enddate") == 0)
-            enddate = ++num;
-        else if (strcmp(*argv, "-checkend") == 0) {
-            if (--argc < 1)
-                goto bad;
-            checkoffset = atoi(*(++argv));
-            checkend = 1;
-        } else if (strcmp(*argv, "-noout") == 0)
-            noout = ++num;
-        else if (strcmp(*argv, "-trustout") == 0)
-            trustout = 1;
-        else if (strcmp(*argv, "-clrtrust") == 0)
-            clrtrust = ++num;
-        else if (strcmp(*argv, "-clrreject") == 0)
-            clrreject = ++num;
-        else if (strcmp(*argv, "-alias") == 0)
-            aliasout = ++num;
-        else if (strcmp(*argv, "-CAcreateserial") == 0)
-            CA_createserial = ++num;
-        else if (strcmp(*argv, "-clrext") == 0)
-            clrext = 1;
-#if 1                           /* stay backwards-compatible with 0.9.5; this
-                                 * should go away soon */
-        else if (strcmp(*argv, "-crlext") == 0) {
-            BIO_printf(bio_err, "use -clrext instead of -crlext\n");
-            clrext = 1;
-        }
-#endif
-        else if (strcmp(*argv, "-ocspid") == 0)
-            ocspid = ++num;
-        else if ((md_alg = EVP_get_digestbyname(*argv + 1))) {
-            /* ok */
-            digest = md_alg;
-        } else {
-            BIO_printf(bio_err, "unknown option %s\n", *argv);
-            badops = 1;
-            break;
-        }
-        argc--;
-        argv++;
-    }
-
-    if (badops) {
- bad:
-        for (pp = x509_usage; (*pp != NULL); pp++)
-            BIO_printf(bio_err, "%s", *pp);
-        goto end;
-    }
-#ifndef OPENSSL_NO_ENGINE
-    e = setup_engine(bio_err, engine, 0);
-#endif
-
-    if (need_rand)
-        app_RAND_load_file(NULL, bio_err, 0);
-
-    ERR_load_crypto_strings();
-
-    if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
-        BIO_printf(bio_err, "Error getting password\n");
-        goto end;
-    }
-
-    if (!X509_STORE_set_default_paths(ctx)) {
-        ERR_print_errors(bio_err);
-        goto end;
-    }
-
-    if ((CAkeyfile == NULL) && (CA_flag) && (CAformat == FORMAT_PEM)) {
-        CAkeyfile = CAfile;
-    } else if ((CA_flag) && (CAkeyfile == NULL)) {
-        BIO_printf(bio_err,
-                   "need to specify a CAkey if using the CA command\n");
-        goto end;
-    }
-
-    if (extfile) {
-        long errorline = -1;
-        X509V3_CTX ctx2;
-        extconf = NCONF_new(NULL);
-        if (!NCONF_load(extconf, extfile, &errorline)) {
-            if (errorline <= 0)
-                BIO_printf(bio_err,
-                           "error loading the config file '%s'\n", extfile);
-            else
-                BIO_printf(bio_err,
-                           "error on line %ld of config file '%s'\n",
-                           errorline, extfile);
-            goto end;
-        }
-        if (!extsect) {
-            extsect = NCONF_get_string(extconf, "default", "extensions");
-            if (!extsect) {
-                ERR_clear_error();
-                extsect = "default";
-            }
-        }
-        X509V3_set_ctx_test(&ctx2);
-        X509V3_set_nconf(&ctx2, extconf);
-        if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL)) {
-            BIO_printf(bio_err,
-                       "Error Loading extension section %s\n", extsect);
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-    }
-
-    if (reqfile) {
-        EVP_PKEY *pkey;
-        BIO *in;
-
-        if (!sign_flag && !CA_flag) {
-            BIO_printf(bio_err, "We need a private key to sign with\n");
-            goto end;
-        }
-        in = BIO_new(BIO_s_file());
-        if (in == NULL) {
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-
-        if (infile == NULL)
-            BIO_set_fp(in, stdin, BIO_NOCLOSE | BIO_FP_TEXT);
-        else {
-            if (BIO_read_filename(in, infile) <= 0) {
-                perror(infile);
-                BIO_free(in);
-                goto end;
-            }
-        }
-        req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL);
-        BIO_free(in);
-
-        if (req == NULL) {
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-
-        if ((req->req_info == NULL) ||
-            (req->req_info->pubkey == NULL) ||
-            (req->req_info->pubkey->public_key == NULL) ||
-            (req->req_info->pubkey->public_key->data == NULL)) {
-            BIO_printf(bio_err,
-                       "The certificate request appears to corrupted\n");
-            BIO_printf(bio_err, "It does not contain a public key\n");
-            goto end;
-        }
-        if ((pkey = X509_REQ_get_pubkey(req)) == NULL) {
-            BIO_printf(bio_err, "error unpacking public key\n");
-            goto end;
-        }
-        i = X509_REQ_verify(req, pkey);
-        EVP_PKEY_free(pkey);
-        if (i < 0) {
-            BIO_printf(bio_err, "Signature verification error\n");
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-        if (i == 0) {
-            BIO_printf(bio_err,
-                       "Signature did not match the certificate request\n");
-            goto end;
-        } else
-            BIO_printf(bio_err, "Signature ok\n");
-
-        print_name(bio_err, "subject=", X509_REQ_get_subject_name(req),
-                   nmflag);
-
-        if ((x = X509_new()) == NULL)
-            goto end;
-
-        if (sno == NULL) {
-            sno = ASN1_INTEGER_new();
-            if (!sno || !rand_serial(NULL, sno))
-                goto end;
-            if (!X509_set_serialNumber(x, sno))
-                goto end;
-            ASN1_INTEGER_free(sno);
-            sno = NULL;
-        } else if (!X509_set_serialNumber(x, sno))
-            goto end;
-
-        if (!X509_set_issuer_name(x, req->req_info->subject))
-            goto end;
-        if (!X509_set_subject_name(x, req->req_info->subject))
-            goto end;
-
-        X509_gmtime_adj(X509_get_notBefore(x), 0);
-        X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL);
-
-        pkey = X509_REQ_get_pubkey(req);
-        X509_set_pubkey(x, pkey);
-        EVP_PKEY_free(pkey);
-    } else
-        x = load_cert(bio_err, infile, informat, NULL, e, "Certificate");
-
-    if (x == NULL)
-        goto end;
-    if (CA_flag) {
-        xca = load_cert(bio_err, CAfile, CAformat, NULL, e, "CA Certificate");
-        if (xca == NULL)
-            goto end;
-    }
-
-    if (!noout || text || next_serial) {
-        OBJ_create("2.99999.3", "SET.ex3", "SET x509v3 extension 3");
-
-        out = BIO_new(BIO_s_file());
-        if (out == NULL) {
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-        if (outfile == NULL) {
-            BIO_set_fp(out, stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-            {
-                BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-                out = BIO_push(tmpbio, out);
-            }
-#endif
-        } else {
-            if (BIO_write_filename(out, outfile) <= 0) {
-                perror(outfile);
-                goto end;
-            }
-        }
-    }
-
-    if (alias)
-        X509_alias_set1(x, (unsigned char *)alias, -1);
-
-    if (clrtrust)
-        X509_trust_clear(x);
-    if (clrreject)
-        X509_reject_clear(x);
-
-    if (trust) {
-        for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++) {
-            objtmp = sk_ASN1_OBJECT_value(trust, i);
-            X509_add1_trust_object(x, objtmp);
-        }
-    }
-
-    if (reject) {
-        for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++) {
-            objtmp = sk_ASN1_OBJECT_value(reject, i);
-            X509_add1_reject_object(x, objtmp);
-        }
-    }
-
-    if (num) {
-        for (i = 1; i <= num; i++) {
-            if (issuer == i) {
-                print_name(STDout, "issuer= ",
-                           X509_get_issuer_name(x), nmflag);
-            } else if (subject == i) {
-                print_name(STDout, "subject= ",
-                           X509_get_subject_name(x), nmflag);
-            } else if (serial == i) {
-                BIO_printf(STDout, "serial=");
-                i2a_ASN1_INTEGER(STDout, X509_get_serialNumber(x));
-                BIO_printf(STDout, "\n");
-            } else if (next_serial == i) {
-                BIGNUM *bnser;
-                ASN1_INTEGER *ser;
-                ser = X509_get_serialNumber(x);
-                bnser = ASN1_INTEGER_to_BN(ser, NULL);
-                if (!bnser)
-                    goto end;
-                if (!BN_add_word(bnser, 1))
-                    goto end;
-                ser = BN_to_ASN1_INTEGER(bnser, NULL);
-                if (!ser)
-                    goto end;
-                BN_free(bnser);
-                i2a_ASN1_INTEGER(out, ser);
-                ASN1_INTEGER_free(ser);
-                BIO_puts(out, "\n");
-            } else if ((email == i) || (ocsp_uri == i)) {
-                int j;
-                STACK_OF(OPENSSL_STRING) *emlst;
-                if (email == i)
-                    emlst = X509_get1_email(x);
-                else
-                    emlst = X509_get1_ocsp(x);
-                for (j = 0; j < sk_OPENSSL_STRING_num(emlst); j++)
-                    BIO_printf(STDout, "%s\n",
-                               sk_OPENSSL_STRING_value(emlst, j));
-                X509_email_free(emlst);
-            } else if (aliasout == i) {
-                unsigned char *alstr;
-                alstr = X509_alias_get0(x, NULL);
-                if (alstr)
-                    BIO_printf(STDout, "%s\n", alstr);
-                else
-                    BIO_puts(STDout, "<No Alias>\n");
-            } else if (subject_hash == i) {
-                BIO_printf(STDout, "%08lx\n", X509_subject_name_hash(x));
-            }
-#ifndef OPENSSL_NO_MD5
-            else if (subject_hash_old == i) {
-                BIO_printf(STDout, "%08lx\n", X509_subject_name_hash_old(x));
-            }
-#endif
-            else if (issuer_hash == i) {
-                BIO_printf(STDout, "%08lx\n", X509_issuer_name_hash(x));
-            }
-#ifndef OPENSSL_NO_MD5
-            else if (issuer_hash_old == i) {
-                BIO_printf(STDout, "%08lx\n", X509_issuer_name_hash_old(x));
-            }
-#endif
-            else if (pprint == i) {
-                X509_PURPOSE *ptmp;
-                int j;
-                BIO_printf(STDout, "Certificate purposes:\n");
-                for (j = 0; j < X509_PURPOSE_get_count(); j++) {
-                    ptmp = X509_PURPOSE_get0(j);
-                    purpose_print(STDout, x, ptmp);
-                }
-            } else if (modulus == i) {
-                EVP_PKEY *pkey;
-
-                pkey = X509_get_pubkey(x);
-                if (pkey == NULL) {
-                    BIO_printf(bio_err, "Modulus=unavailable\n");
-                    ERR_print_errors(bio_err);
-                    goto end;
-                }
-                BIO_printf(STDout, "Modulus=");
-#ifndef OPENSSL_NO_RSA
-                if (pkey->type == EVP_PKEY_RSA)
-                    BN_print(STDout, pkey->pkey.rsa->n);
-                else
-#endif
-#ifndef OPENSSL_NO_DSA
-                if (pkey->type == EVP_PKEY_DSA)
-                    BN_print(STDout, pkey->pkey.dsa->pub_key);
-                else
-#endif
-                    BIO_printf(STDout, "Wrong Algorithm type");
-                BIO_printf(STDout, "\n");
-                EVP_PKEY_free(pkey);
-            } else if (pubkey == i) {
-                EVP_PKEY *pkey;
-
-                pkey = X509_get_pubkey(x);
-                if (pkey == NULL) {
-                    BIO_printf(bio_err, "Error getting public key\n");
-                    ERR_print_errors(bio_err);
-                    goto end;
-                }
-                PEM_write_bio_PUBKEY(STDout, pkey);
-                EVP_PKEY_free(pkey);
-            } else if (C == i) {
-                unsigned char *d;
-                char *m;
-                int y, z;
-
-                X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof buf);
-                BIO_printf(STDout, "/* subject:%s */\n", buf);
-                m = X509_NAME_oneline(X509_get_issuer_name(x), buf,
-                                      sizeof buf);
-                BIO_printf(STDout, "/* issuer :%s */\n", buf);
-
-                z = i2d_X509(x, NULL);
-                m = OPENSSL_malloc(z);
-                if (!m) {
-                    BIO_printf(bio_err, "Out of memory\n");
-                    ERR_print_errors(bio_err);
-                    goto end;
-                }
-
-                d = (unsigned char *)m;
-                z = i2d_X509_NAME(X509_get_subject_name(x), &d);
-                BIO_printf(STDout, "unsigned char XXX_subject_name[%d]={\n",
-                           z);
-                d = (unsigned char *)m;
-                for (y = 0; y < z; y++) {
-                    BIO_printf(STDout, "0x%02X,", d[y]);
-                    if ((y & 0x0f) == 0x0f)
-                        BIO_printf(STDout, "\n");
-                }
-                if (y % 16 != 0)
-                    BIO_printf(STDout, "\n");
-                BIO_printf(STDout, "};\n");
-
-                z = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &d);
-                BIO_printf(STDout, "unsigned char XXX_public_key[%d]={\n", z);
-                d = (unsigned char *)m;
-                for (y = 0; y < z; y++) {
-                    BIO_printf(STDout, "0x%02X,", d[y]);
-                    if ((y & 0x0f) == 0x0f)
-                        BIO_printf(STDout, "\n");
-                }
-                if (y % 16 != 0)
-                    BIO_printf(STDout, "\n");
-                BIO_printf(STDout, "};\n");
-
-                z = i2d_X509(x, &d);
-                BIO_printf(STDout, "unsigned char XXX_certificate[%d]={\n",
-                           z);
-                d = (unsigned char *)m;
-                for (y = 0; y < z; y++) {
-                    BIO_printf(STDout, "0x%02X,", d[y]);
-                    if ((y & 0x0f) == 0x0f)
-                        BIO_printf(STDout, "\n");
-                }
-                if (y % 16 != 0)
-                    BIO_printf(STDout, "\n");
-                BIO_printf(STDout, "};\n");
-
-                OPENSSL_free(m);
-            } else if (text == i) {
-                X509_print_ex(STDout, x, nmflag, certflag);
-            } else if (startdate == i) {
-                BIO_puts(STDout, "notBefore=");
-                ASN1_TIME_print(STDout, X509_get_notBefore(x));
-                BIO_puts(STDout, "\n");
-            } else if (enddate == i) {
-                BIO_puts(STDout, "notAfter=");
-                ASN1_TIME_print(STDout, X509_get_notAfter(x));
-                BIO_puts(STDout, "\n");
-            } else if (fingerprint == i) {
-                int j;
-                unsigned int n;
-                unsigned char md[EVP_MAX_MD_SIZE];
-                const EVP_MD *fdig = digest;
-
-                if (!fdig)
-                    fdig = EVP_sha1();
-
-                if (!X509_digest(x, fdig, md, &n)) {
-                    BIO_printf(bio_err, "out of memory\n");
-                    goto end;
-                }
-                BIO_printf(STDout, "%s Fingerprint=",
-                           OBJ_nid2sn(EVP_MD_type(fdig)));
-                for (j = 0; j < (int)n; j++) {
-                    BIO_printf(STDout, "%02X%c", md[j], (j + 1 == (int)n)
-                               ? '\n' : ':');
-                }
-            }
-
-            /* should be in the library */
-            else if ((sign_flag == i) && (x509req == 0)) {
-                BIO_printf(bio_err, "Getting Private key\n");
-                if (Upkey == NULL) {
-                    Upkey = load_key(bio_err,
-                                     keyfile, keyformat, 0,
-                                     passin, e, "Private key");
-                    if (Upkey == NULL)
-                        goto end;
-                }
-
-                assert(need_rand);
-                if (!sign(x, Upkey, days, clrext, digest, extconf, extsect))
-                    goto end;
-            } else if (CA_flag == i) {
-                BIO_printf(bio_err, "Getting CA Private Key\n");
-                if (CAkeyfile != NULL) {
-                    CApkey = load_key(bio_err,
-                                      CAkeyfile, CAkeyformat,
-                                      0, passin, e, "CA Private Key");
-                    if (CApkey == NULL)
-                        goto end;
-                }
-
-                assert(need_rand);
-                if (!x509_certify(ctx, CAfile, digest, x, xca,
-                                  CApkey, sigopts,
-                                  CAserial, CA_createserial, days, clrext,
-                                  extconf, extsect, sno))
-                    goto end;
-            } else if (x509req == i) {
-                EVP_PKEY *pk;
-
-                BIO_printf(bio_err, "Getting request Private Key\n");
-                if (keyfile == NULL) {
-                    BIO_printf(bio_err, "no request key file specified\n");
-                    goto end;
-                } else {
-                    pk = load_key(bio_err,
-                                  keyfile, keyformat, 0,
-                                  passin, e, "request key");
-                    if (pk == NULL)
-                        goto end;
-                }
-
-                BIO_printf(bio_err, "Generating certificate request\n");
-
-                rq = X509_to_X509_REQ(x, pk, digest);
-                EVP_PKEY_free(pk);
-                if (rq == NULL) {
-                    ERR_print_errors(bio_err);
-                    goto end;
-                }
-                if (!noout) {
-                    X509_REQ_print(out, rq);
-                    PEM_write_bio_X509_REQ(out, rq);
-                }
-                noout = 1;
-            } else if (ocspid == i) {
-                X509_ocspid_print(out, x);
-            }
-        }
-    }
-
-    if (checkend) {
-        time_t tcheck = time(NULL) + checkoffset;
-
-        if (X509_cmp_time(X509_get_notAfter(x), &tcheck) < 0) {
-            BIO_printf(out, "Certificate will expire\n");
-            ret = 1;
-        } else {
-            BIO_printf(out, "Certificate will not expire\n");
-            ret = 0;
-        }
-        goto end;
-    }
-
-    if (noout) {
-        ret = 0;
-        goto end;
-    }
-
-    if (outformat == FORMAT_ASN1)
-        i = i2d_X509_bio(out, x);
-    else if (outformat == FORMAT_PEM) {
-        if (trustout)
-            i = PEM_write_bio_X509_AUX(out, x);
-        else
-            i = PEM_write_bio_X509(out, x);
-    } else if (outformat == FORMAT_NETSCAPE) {
-        NETSCAPE_X509 nx;
-        ASN1_OCTET_STRING hdr;
-
-        hdr.data = (unsigned char *)NETSCAPE_CERT_HDR;
-        hdr.length = strlen(NETSCAPE_CERT_HDR);
-        nx.header = &hdr;
-        nx.cert = x;
-
-        i = ASN1_item_i2d_bio(ASN1_ITEM_rptr(NETSCAPE_X509), out, &nx);
-    } else {
-        BIO_printf(bio_err, "bad output format specified for outfile\n");
-        goto end;
-    }
-    if (!i) {
-        BIO_printf(bio_err, "unable to write certificate\n");
-        ERR_print_errors(bio_err);
-        goto end;
-    }
-    ret = 0;
- end:
-    if (need_rand)
-        app_RAND_write_file(NULL, bio_err);
-    OBJ_cleanup();
-    NCONF_free(extconf);
-    BIO_free_all(out);
-    BIO_free_all(STDout);
-    X509_STORE_free(ctx);
-    X509_REQ_free(req);
-    X509_free(x);
-    X509_free(xca);
-    EVP_PKEY_free(Upkey);
-    EVP_PKEY_free(CApkey);
-    if (sigopts)
-        sk_OPENSSL_STRING_free(sigopts);
-    X509_REQ_free(rq);
-    ASN1_INTEGER_free(sno);
-    sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
-    sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
-    if (passin)
-        OPENSSL_free(passin);
-    apps_shutdown();
-    OPENSSL_EXIT(ret);
-}
-
-static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile,
-                                      int create)
-{
-    char *buf = NULL, *p;
-    ASN1_INTEGER *bs = NULL;
-    BIGNUM *serial = NULL;
-    size_t len;
-
-    len = ((serialfile == NULL)
-           ? (strlen(CAfile) + strlen(POSTFIX) + 1)
-           : (strlen(serialfile))) + 1;
-    buf = OPENSSL_malloc(len);
-    if (buf == NULL) {
-        BIO_printf(bio_err, "out of mem\n");
-        goto end;
-    }
-    if (serialfile == NULL) {
-        BUF_strlcpy(buf, CAfile, len);
-        for (p = buf; *p; p++)
-            if (*p == '.') {
-                *p = '\0';
-                break;
-            }
-        BUF_strlcat(buf, POSTFIX, len);
-    } else
-        BUF_strlcpy(buf, serialfile, len);
-
-    serial = load_serial(buf, create, NULL);
-    if (serial == NULL)
-        goto end;
-
-    if (!BN_add_word(serial, 1)) {
-        BIO_printf(bio_err, "add_word failure\n");
-        goto end;
-    }
-
-    if (!save_serial(buf, NULL, serial, &bs))
-        goto end;
-
- end:
-    if (buf)
-        OPENSSL_free(buf);
-    BN_free(serial);
-    return bs;
-}
-
-static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
-                        X509 *x, X509 *xca, EVP_PKEY *pkey,
-                        STACK_OF(OPENSSL_STRING) *sigopts,
-                        char *serialfile, int create,
-                        int days, int clrext, CONF *conf, char *section,
-                        ASN1_INTEGER *sno)
-{
-    int ret = 0;
-    ASN1_INTEGER *bs = NULL;
-    X509_STORE_CTX xsc;
-    EVP_PKEY *upkey;
-
-    upkey = X509_get_pubkey(xca);
-    EVP_PKEY_copy_parameters(upkey, pkey);
-    EVP_PKEY_free(upkey);
-
-    if (!X509_STORE_CTX_init(&xsc, ctx, x, NULL)) {
-        BIO_printf(bio_err, "Error initialising X509 store\n");
-        goto end;
-    }
-    if (sno)
-        bs = sno;
-    else if (!(bs = x509_load_serial(CAfile, serialfile, create)))
-        goto end;
-
-/*      if (!X509_STORE_add_cert(ctx,x)) goto end;*/
-
-    /*
-     * NOTE: this certificate can/should be self signed, unless it was a
-     * certificate request in which case it is not.
-     */
-    X509_STORE_CTX_set_cert(&xsc, x);
-    X509_STORE_CTX_set_flags(&xsc, X509_V_FLAG_CHECK_SS_SIGNATURE);
-    if (!reqfile && X509_verify_cert(&xsc) <= 0)
-        goto end;
-
-    if (!X509_check_private_key(xca, pkey)) {
-        BIO_printf(bio_err,
-                   "CA certificate and CA private key do not match\n");
-        goto end;
-    }
-
-    if (!X509_set_issuer_name(x, X509_get_subject_name(xca)))
-        goto end;
-    if (!X509_set_serialNumber(x, bs))
-        goto end;
-
-    if (X509_gmtime_adj(X509_get_notBefore(x), 0L) == NULL)
-        goto end;
-
-    /* hardwired expired */
-    if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL)
-        goto end;
-
-    if (clrext) {
-        while (X509_get_ext_count(x) > 0)
-            X509_delete_ext(x, 0);
-    }
-
-    if (conf) {
-        X509V3_CTX ctx2;
-        X509_set_version(x, 2); /* version 3 certificate */
-        X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
-        X509V3_set_nconf(&ctx2, conf);
-        if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x))
-            goto end;
-    }
-
-    if (!do_X509_sign(bio_err, x, pkey, digest, sigopts))
-        goto end;
-    ret = 1;
- end:
-    X509_STORE_CTX_cleanup(&xsc);
-    if (!ret)
-        ERR_print_errors(bio_err);
-    if (!sno)
-        ASN1_INTEGER_free(bs);
-    return ret;
-}
-
-static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
-{
-    int err;
-    X509 *err_cert;
-
-    /*
-     * it is ok to use a self signed certificate This case will catch both
-     * the initial ok == 0 and the final ok == 1 calls to this function
-     */
-    err = X509_STORE_CTX_get_error(ctx);
-    if (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
-        return 1;
-
-    /*
-     * BAD we should have gotten an error.  Normally if everything worked
-     * X509_STORE_CTX_get_error(ctx) will still be set to
-     * DEPTH_ZERO_SELF_....
-     */
-    if (ok) {
-        BIO_printf(bio_err,
-                   "error with certificate to be certified - should be self signed\n");
-        return 0;
-    } else {
-        err_cert = X509_STORE_CTX_get_current_cert(ctx);
-        print_name(bio_err, NULL, X509_get_subject_name(err_cert), 0);
-        BIO_printf(bio_err,
-                   "error with certificate - error %d at depth %d\n%s\n", err,
-                   X509_STORE_CTX_get_error_depth(ctx),
-                   X509_verify_cert_error_string(err));
-        return 1;
-    }
-}
-
-/* self sign */
-static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
-                const EVP_MD *digest, CONF *conf, char *section)
-{
-
-    EVP_PKEY *pktmp;
-
-    pktmp = X509_get_pubkey(x);
-    EVP_PKEY_copy_parameters(pktmp, pkey);
-    EVP_PKEY_save_parameters(pktmp, 1);
-    EVP_PKEY_free(pktmp);
-
-    if (!X509_set_issuer_name(x, X509_get_subject_name(x)))
-        goto err;
-    if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL)
-        goto err;
-
-    /* Lets just make it 12:00am GMT, Jan 1 1970 */
-    /* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */
-    /* 28 days to be certified */
-
-    if (X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days) ==
-        NULL)
-        goto err;
-
-    if (!X509_set_pubkey(x, pkey))
-        goto err;
-    if (clrext) {
-        while (X509_get_ext_count(x) > 0)
-            X509_delete_ext(x, 0);
-    }
-    if (conf) {
-        X509V3_CTX ctx;
-        X509_set_version(x, 2); /* version 3 certificate */
-        X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
-        X509V3_set_nconf(&ctx, conf);
-        if (!X509V3_EXT_add_nconf(conf, &ctx, section, x))
-            goto err;
-    }
-    if (!X509_sign(x, pkey, digest))
-        goto err;
-    return 1;
- err:
-    ERR_print_errors(bio_err);
-    return 0;
-}
-
-static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
-{
-    int id, i, idret;
-    char *pname;
-    id = X509_PURPOSE_get_id(pt);
-    pname = X509_PURPOSE_get0_name(pt);
-    for (i = 0; i < 2; i++) {
-        idret = X509_check_purpose(cert, id, i);
-        BIO_printf(bio, "%s%s : ", pname, i ? " CA" : "");
-        if (idret == 1)
-            BIO_printf(bio, "Yes\n");
-        else if (idret == 0)
-            BIO_printf(bio, "No\n");
-        else
-            BIO_printf(bio, "Yes (WARNING code=%d)\n", idret);
-    }
-    return 1;
-}

Copied: vendor-crypto/openssl/1.0.1u/apps/x509.c (from rev 11605, vendor-crypto/openssl/dist/apps/x509.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/apps/x509.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/apps/x509.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,1221 @@
+/* apps/x509.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef OPENSSL_NO_STDIO
+# define APPS_WIN16
+#endif
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/asn1.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/objects.h>
+#include <openssl/pem.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+
+#undef PROG
+#define PROG x509_main
+
+#undef POSTFIX
+#define POSTFIX ".srl"
+#define DEF_DAYS        30
+
+static const char *x509_usage[] = {
+    "usage: x509 args\n",
+    " -inform arg     - input format - default PEM (one of DER, NET or PEM)\n",
+    " -outform arg    - output format - default PEM (one of DER, NET or PEM)\n",
+    " -keyform arg    - private key format - default PEM\n",
+    " -CAform arg     - CA format - default PEM\n",
+    " -CAkeyform arg  - CA key format - default PEM\n",
+    " -in arg         - input file - default stdin\n",
+    " -out arg        - output file - default stdout\n",
+    " -passin arg     - private key password source\n",
+    " -serial         - print serial number value\n",
+    " -subject_hash   - print subject hash value\n",
+#ifndef OPENSSL_NO_MD5
+    " -subject_hash_old   - print old-style (MD5) subject hash value\n",
+#endif
+    " -issuer_hash    - print issuer hash value\n",
+#ifndef OPENSSL_NO_MD5
+    " -issuer_hash_old    - print old-style (MD5) issuer hash value\n",
+#endif
+    " -hash           - synonym for -subject_hash\n",
+    " -subject        - print subject DN\n",
+    " -issuer         - print issuer DN\n",
+    " -email          - print email address(es)\n",
+    " -startdate      - notBefore field\n",
+    " -enddate        - notAfter field\n",
+    " -purpose        - print out certificate purposes\n",
+    " -dates          - both Before and After dates\n",
+    " -modulus        - print the RSA key modulus\n",
+    " -pubkey         - output the public key\n",
+    " -fingerprint    - print the certificate fingerprint\n",
+    " -alias          - output certificate alias\n",
+    " -noout          - no certificate output\n",
+    " -ocspid         - print OCSP hash values for the subject name and public key\n",
+    " -ocsp_uri       - print OCSP Responder URL(s)\n",
+    " -trustout       - output a \"trusted\" certificate\n",
+    " -clrtrust       - clear all trusted purposes\n",
+    " -clrreject      - clear all rejected purposes\n",
+    " -addtrust arg   - trust certificate for a given purpose\n",
+    " -addreject arg  - reject certificate for a given purpose\n",
+    " -setalias arg   - set certificate alias\n",
+    " -days arg       - How long till expiry of a signed certificate - def 30 days\n",
+    " -checkend arg   - check whether the cert expires in the next arg seconds\n",
+    "                   exit 1 if so, 0 if not\n",
+    " -signkey arg    - self sign cert with arg\n",
+    " -x509toreq      - output a certification request object\n",
+    " -req            - input is a certificate request, sign and output.\n",
+    " -CA arg         - set the CA certificate, must be PEM format.\n",
+    " -CAkey arg      - set the CA key, must be PEM format\n",
+    "                   missing, it is assumed to be in the CA file.\n",
+    " -CAcreateserial - create serial number file if it does not exist\n",
+    " -CAserial arg   - serial file\n",
+    " -set_serial     - serial number to use\n",
+    " -text           - print the certificate in text form\n",
+    " -C              - print out C code forms\n",
+    " -md2/-md5/-sha1/-mdc2 - digest to use\n",
+    " -extfile        - configuration file with X509V3 extensions to add\n",
+    " -extensions     - section from config file with X509V3 extensions to add\n",
+    " -clrext         - delete extensions before signing and input certificate\n",
+    " -nameopt arg    - various certificate name options\n",
+#ifndef OPENSSL_NO_ENGINE
+    " -engine e       - use engine e, possibly a hardware device.\n",
+#endif
+    " -certopt arg    - various certificate text options\n",
+    NULL
+};
+
+static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
+static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
+                const EVP_MD *digest, CONF *conf, char *section);
+static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
+                        X509 *x, X509 *xca, EVP_PKEY *pkey,
+                        STACK_OF(OPENSSL_STRING) *sigopts, char *serial,
+                        int create, int days, int clrext, CONF *conf,
+                        char *section, ASN1_INTEGER *sno);
+static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
+static int reqfile = 0;
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+    ENGINE *e = NULL;
+    int ret = 1;
+    X509_REQ *req = NULL;
+    X509 *x = NULL, *xca = NULL;
+    ASN1_OBJECT *objtmp;
+    STACK_OF(OPENSSL_STRING) *sigopts = NULL;
+    EVP_PKEY *Upkey = NULL, *CApkey = NULL;
+    ASN1_INTEGER *sno = NULL;
+    int i, num, badops = 0;
+    BIO *out = NULL;
+    BIO *STDout = NULL;
+    STACK_OF(ASN1_OBJECT) *trust = NULL, *reject = NULL;
+    int informat, outformat, keyformat, CAformat, CAkeyformat;
+    char *infile = NULL, *outfile = NULL, *keyfile = NULL, *CAfile = NULL;
+    char *CAkeyfile = NULL, *CAserial = NULL;
+    char *alias = NULL;
+    int text = 0, serial = 0, subject = 0, issuer = 0, startdate =
+        0, enddate = 0;
+    int next_serial = 0;
+    int subject_hash = 0, issuer_hash = 0, ocspid = 0;
+#ifndef OPENSSL_NO_MD5
+    int subject_hash_old = 0, issuer_hash_old = 0;
+#endif
+    int noout = 0, sign_flag = 0, CA_flag = 0, CA_createserial = 0, email = 0;
+    int ocsp_uri = 0;
+    int trustout = 0, clrtrust = 0, clrreject = 0, aliasout = 0, clrext = 0;
+    int C = 0;
+    int x509req = 0, days = DEF_DAYS, modulus = 0, pubkey = 0;
+    int pprint = 0;
+    const char **pp;
+    X509_STORE *ctx = NULL;
+    X509_REQ *rq = NULL;
+    int fingerprint = 0;
+    char buf[256];
+    const EVP_MD *md_alg, *digest = NULL;
+    CONF *extconf = NULL;
+    char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
+    int need_rand = 0;
+    int checkend = 0, checkoffset = 0;
+    unsigned long nmflag = 0, certflag = 0;
+#ifndef OPENSSL_NO_ENGINE
+    char *engine = NULL;
+#endif
+
+    reqfile = 0;
+
+    apps_startup();
+
+    if (bio_err == NULL)
+        bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+    if (!load_config(bio_err, NULL))
+        goto end;
+    STDout = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+    {
+        BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+        STDout = BIO_push(tmpbio, STDout);
+    }
+#endif
+
+    informat = FORMAT_PEM;
+    outformat = FORMAT_PEM;
+    keyformat = FORMAT_PEM;
+    CAformat = FORMAT_PEM;
+    CAkeyformat = FORMAT_PEM;
+
+    ctx = X509_STORE_new();
+    if (ctx == NULL)
+        goto end;
+    X509_STORE_set_verify_cb(ctx, callb);
+
+    argc--;
+    argv++;
+    num = 0;
+    while (argc >= 1) {
+        if (strcmp(*argv, "-inform") == 0) {
+            if (--argc < 1)
+                goto bad;
+            informat = str2fmt(*(++argv));
+        } else if (strcmp(*argv, "-outform") == 0) {
+            if (--argc < 1)
+                goto bad;
+            outformat = str2fmt(*(++argv));
+        } else if (strcmp(*argv, "-keyform") == 0) {
+            if (--argc < 1)
+                goto bad;
+            keyformat = str2fmt(*(++argv));
+        } else if (strcmp(*argv, "-req") == 0) {
+            reqfile = 1;
+            need_rand = 1;
+        } else if (strcmp(*argv, "-CAform") == 0) {
+            if (--argc < 1)
+                goto bad;
+            CAformat = str2fmt(*(++argv));
+        } else if (strcmp(*argv, "-CAkeyform") == 0) {
+            if (--argc < 1)
+                goto bad;
+            CAkeyformat = str2fmt(*(++argv));
+        } else if (strcmp(*argv, "-sigopt") == 0) {
+            if (--argc < 1)
+                goto bad;
+            if (!sigopts)
+                sigopts = sk_OPENSSL_STRING_new_null();
+            if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
+                goto bad;
+        } else if (strcmp(*argv, "-days") == 0) {
+            if (--argc < 1)
+                goto bad;
+            days = atoi(*(++argv));
+            if (days == 0) {
+                BIO_printf(bio_err, "bad number of days\n");
+                goto bad;
+            }
+        } else if (strcmp(*argv, "-passin") == 0) {
+            if (--argc < 1)
+                goto bad;
+            passargin = *(++argv);
+        } else if (strcmp(*argv, "-extfile") == 0) {
+            if (--argc < 1)
+                goto bad;
+            extfile = *(++argv);
+        } else if (strcmp(*argv, "-extensions") == 0) {
+            if (--argc < 1)
+                goto bad;
+            extsect = *(++argv);
+        } else if (strcmp(*argv, "-in") == 0) {
+            if (--argc < 1)
+                goto bad;
+            infile = *(++argv);
+        } else if (strcmp(*argv, "-out") == 0) {
+            if (--argc < 1)
+                goto bad;
+            outfile = *(++argv);
+        } else if (strcmp(*argv, "-signkey") == 0) {
+            if (--argc < 1)
+                goto bad;
+            keyfile = *(++argv);
+            sign_flag = ++num;
+            need_rand = 1;
+        } else if (strcmp(*argv, "-CA") == 0) {
+            if (--argc < 1)
+                goto bad;
+            CAfile = *(++argv);
+            CA_flag = ++num;
+            need_rand = 1;
+        } else if (strcmp(*argv, "-CAkey") == 0) {
+            if (--argc < 1)
+                goto bad;
+            CAkeyfile = *(++argv);
+        } else if (strcmp(*argv, "-CAserial") == 0) {
+            if (--argc < 1)
+                goto bad;
+            CAserial = *(++argv);
+        } else if (strcmp(*argv, "-set_serial") == 0) {
+            if (--argc < 1)
+                goto bad;
+            if (!(sno = s2i_ASN1_INTEGER(NULL, *(++argv))))
+                goto bad;
+        } else if (strcmp(*argv, "-addtrust") == 0) {
+            if (--argc < 1)
+                goto bad;
+            if (!(objtmp = OBJ_txt2obj(*(++argv), 0))) {
+                BIO_printf(bio_err, "Invalid trust object value %s\n", *argv);
+                goto bad;
+            }
+            if (!trust)
+                trust = sk_ASN1_OBJECT_new_null();
+            sk_ASN1_OBJECT_push(trust, objtmp);
+            trustout = 1;
+        } else if (strcmp(*argv, "-addreject") == 0) {
+            if (--argc < 1)
+                goto bad;
+            if (!(objtmp = OBJ_txt2obj(*(++argv), 0))) {
+                BIO_printf(bio_err,
+                           "Invalid reject object value %s\n", *argv);
+                goto bad;
+            }
+            if (!reject)
+                reject = sk_ASN1_OBJECT_new_null();
+            sk_ASN1_OBJECT_push(reject, objtmp);
+            trustout = 1;
+        } else if (strcmp(*argv, "-setalias") == 0) {
+            if (--argc < 1)
+                goto bad;
+            alias = *(++argv);
+            trustout = 1;
+        } else if (strcmp(*argv, "-certopt") == 0) {
+            if (--argc < 1)
+                goto bad;
+            if (!set_cert_ex(&certflag, *(++argv)))
+                goto bad;
+        } else if (strcmp(*argv, "-nameopt") == 0) {
+            if (--argc < 1)
+                goto bad;
+            if (!set_name_ex(&nmflag, *(++argv)))
+                goto bad;
+        }
+#ifndef OPENSSL_NO_ENGINE
+        else if (strcmp(*argv, "-engine") == 0) {
+            if (--argc < 1)
+                goto bad;
+            engine = *(++argv);
+        }
+#endif
+        else if (strcmp(*argv, "-C") == 0)
+            C = ++num;
+        else if (strcmp(*argv, "-email") == 0)
+            email = ++num;
+        else if (strcmp(*argv, "-ocsp_uri") == 0)
+            ocsp_uri = ++num;
+        else if (strcmp(*argv, "-serial") == 0)
+            serial = ++num;
+        else if (strcmp(*argv, "-next_serial") == 0)
+            next_serial = ++num;
+        else if (strcmp(*argv, "-modulus") == 0)
+            modulus = ++num;
+        else if (strcmp(*argv, "-pubkey") == 0)
+            pubkey = ++num;
+        else if (strcmp(*argv, "-x509toreq") == 0)
+            x509req = ++num;
+        else if (strcmp(*argv, "-text") == 0)
+            text = ++num;
+        else if (strcmp(*argv, "-hash") == 0
+                 || strcmp(*argv, "-subject_hash") == 0)
+            subject_hash = ++num;
+#ifndef OPENSSL_NO_MD5
+        else if (strcmp(*argv, "-subject_hash_old") == 0)
+            subject_hash_old = ++num;
+#endif
+        else if (strcmp(*argv, "-issuer_hash") == 0)
+            issuer_hash = ++num;
+#ifndef OPENSSL_NO_MD5
+        else if (strcmp(*argv, "-issuer_hash_old") == 0)
+            issuer_hash_old = ++num;
+#endif
+        else if (strcmp(*argv, "-subject") == 0)
+            subject = ++num;
+        else if (strcmp(*argv, "-issuer") == 0)
+            issuer = ++num;
+        else if (strcmp(*argv, "-fingerprint") == 0)
+            fingerprint = ++num;
+        else if (strcmp(*argv, "-dates") == 0) {
+            startdate = ++num;
+            enddate = ++num;
+        } else if (strcmp(*argv, "-purpose") == 0)
+            pprint = ++num;
+        else if (strcmp(*argv, "-startdate") == 0)
+            startdate = ++num;
+        else if (strcmp(*argv, "-enddate") == 0)
+            enddate = ++num;
+        else if (strcmp(*argv, "-checkend") == 0) {
+            if (--argc < 1)
+                goto bad;
+            checkoffset = atoi(*(++argv));
+            checkend = 1;
+        } else if (strcmp(*argv, "-noout") == 0)
+            noout = ++num;
+        else if (strcmp(*argv, "-trustout") == 0)
+            trustout = 1;
+        else if (strcmp(*argv, "-clrtrust") == 0)
+            clrtrust = ++num;
+        else if (strcmp(*argv, "-clrreject") == 0)
+            clrreject = ++num;
+        else if (strcmp(*argv, "-alias") == 0)
+            aliasout = ++num;
+        else if (strcmp(*argv, "-CAcreateserial") == 0)
+            CA_createserial = ++num;
+        else if (strcmp(*argv, "-clrext") == 0)
+            clrext = 1;
+#if 1                           /* stay backwards-compatible with 0.9.5; this
+                                 * should go away soon */
+        else if (strcmp(*argv, "-crlext") == 0) {
+            BIO_printf(bio_err, "use -clrext instead of -crlext\n");
+            clrext = 1;
+        }
+#endif
+        else if (strcmp(*argv, "-ocspid") == 0)
+            ocspid = ++num;
+        else if ((md_alg = EVP_get_digestbyname(*argv + 1))) {
+            /* ok */
+            digest = md_alg;
+        } else {
+            BIO_printf(bio_err, "unknown option %s\n", *argv);
+            badops = 1;
+            break;
+        }
+        argc--;
+        argv++;
+    }
+
+    if (badops) {
+ bad:
+        for (pp = x509_usage; (*pp != NULL); pp++)
+            BIO_printf(bio_err, "%s", *pp);
+        goto end;
+    }
+#ifndef OPENSSL_NO_ENGINE
+    e = setup_engine(bio_err, engine, 0);
+#endif
+
+    if (need_rand)
+        app_RAND_load_file(NULL, bio_err, 0);
+
+    ERR_load_crypto_strings();
+
+    if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+
+    if (!X509_STORE_set_default_paths(ctx)) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if ((CAkeyfile == NULL) && (CA_flag) && (CAformat == FORMAT_PEM)) {
+        CAkeyfile = CAfile;
+    } else if ((CA_flag) && (CAkeyfile == NULL)) {
+        BIO_printf(bio_err,
+                   "need to specify a CAkey if using the CA command\n");
+        goto end;
+    }
+
+    if (extfile) {
+        long errorline = -1;
+        X509V3_CTX ctx2;
+        extconf = NCONF_new(NULL);
+        if (!NCONF_load(extconf, extfile, &errorline)) {
+            if (errorline <= 0)
+                BIO_printf(bio_err,
+                           "error loading the config file '%s'\n", extfile);
+            else
+                BIO_printf(bio_err,
+                           "error on line %ld of config file '%s'\n",
+                           errorline, extfile);
+            goto end;
+        }
+        if (!extsect) {
+            extsect = NCONF_get_string(extconf, "default", "extensions");
+            if (!extsect) {
+                ERR_clear_error();
+                extsect = "default";
+            }
+        }
+        X509V3_set_ctx_test(&ctx2);
+        X509V3_set_nconf(&ctx2, extconf);
+        if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL)) {
+            BIO_printf(bio_err,
+                       "Error Loading extension section %s\n", extsect);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (reqfile) {
+        EVP_PKEY *pkey;
+        BIO *in;
+
+        if (!sign_flag && !CA_flag) {
+            BIO_printf(bio_err, "We need a private key to sign with\n");
+            goto end;
+        }
+        in = BIO_new(BIO_s_file());
+        if (in == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        if (infile == NULL)
+            BIO_set_fp(in, stdin, BIO_NOCLOSE | BIO_FP_TEXT);
+        else {
+            if (BIO_read_filename(in, infile) <= 0) {
+                perror(infile);
+                BIO_free(in);
+                goto end;
+            }
+        }
+        req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL);
+        BIO_free(in);
+
+        if (req == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        if ((req->req_info == NULL) ||
+            (req->req_info->pubkey == NULL) ||
+            (req->req_info->pubkey->public_key == NULL) ||
+            (req->req_info->pubkey->public_key->data == NULL)) {
+            BIO_printf(bio_err,
+                       "The certificate request appears to corrupted\n");
+            BIO_printf(bio_err, "It does not contain a public key\n");
+            goto end;
+        }
+        if ((pkey = X509_REQ_get_pubkey(req)) == NULL) {
+            BIO_printf(bio_err, "error unpacking public key\n");
+            goto end;
+        }
+        i = X509_REQ_verify(req, pkey);
+        EVP_PKEY_free(pkey);
+        if (i < 0) {
+            BIO_printf(bio_err, "Signature verification error\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (i == 0) {
+            BIO_printf(bio_err,
+                       "Signature did not match the certificate request\n");
+            goto end;
+        } else
+            BIO_printf(bio_err, "Signature ok\n");
+
+        print_name(bio_err, "subject=", X509_REQ_get_subject_name(req),
+                   nmflag);
+
+        if ((x = X509_new()) == NULL)
+            goto end;
+
+        if (sno == NULL) {
+            sno = ASN1_INTEGER_new();
+            if (!sno || !rand_serial(NULL, sno))
+                goto end;
+            if (!X509_set_serialNumber(x, sno))
+                goto end;
+            ASN1_INTEGER_free(sno);
+            sno = NULL;
+        } else if (!X509_set_serialNumber(x, sno))
+            goto end;
+
+        if (!X509_set_issuer_name(x, req->req_info->subject))
+            goto end;
+        if (!X509_set_subject_name(x, req->req_info->subject))
+            goto end;
+
+        X509_gmtime_adj(X509_get_notBefore(x), 0);
+        X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL);
+
+        pkey = X509_REQ_get_pubkey(req);
+        X509_set_pubkey(x, pkey);
+        EVP_PKEY_free(pkey);
+    } else
+        x = load_cert(bio_err, infile, informat, NULL, e, "Certificate");
+
+    if (x == NULL)
+        goto end;
+    if (CA_flag) {
+        xca = load_cert(bio_err, CAfile, CAformat, NULL, e, "CA Certificate");
+        if (xca == NULL)
+            goto end;
+    }
+
+    if (!noout || text || next_serial) {
+        OBJ_create("2.99999.3", "SET.ex3", "SET x509v3 extension 3");
+
+        out = BIO_new(BIO_s_file());
+        if (out == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (outfile == NULL) {
+            BIO_set_fp(out, stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+            {
+                BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+                out = BIO_push(tmpbio, out);
+            }
+#endif
+        } else {
+            if (BIO_write_filename(out, outfile) <= 0) {
+                perror(outfile);
+                goto end;
+            }
+        }
+    }
+
+    if (alias)
+        X509_alias_set1(x, (unsigned char *)alias, -1);
+
+    if (clrtrust)
+        X509_trust_clear(x);
+    if (clrreject)
+        X509_reject_clear(x);
+
+    if (trust) {
+        for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++) {
+            objtmp = sk_ASN1_OBJECT_value(trust, i);
+            X509_add1_trust_object(x, objtmp);
+        }
+    }
+
+    if (reject) {
+        for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++) {
+            objtmp = sk_ASN1_OBJECT_value(reject, i);
+            X509_add1_reject_object(x, objtmp);
+        }
+    }
+
+    if (num) {
+        for (i = 1; i <= num; i++) {
+            if (issuer == i) {
+                print_name(STDout, "issuer= ",
+                           X509_get_issuer_name(x), nmflag);
+            } else if (subject == i) {
+                print_name(STDout, "subject= ",
+                           X509_get_subject_name(x), nmflag);
+            } else if (serial == i) {
+                BIO_printf(STDout, "serial=");
+                i2a_ASN1_INTEGER(STDout, X509_get_serialNumber(x));
+                BIO_printf(STDout, "\n");
+            } else if (next_serial == i) {
+                BIGNUM *bnser;
+                ASN1_INTEGER *ser;
+                ser = X509_get_serialNumber(x);
+                bnser = ASN1_INTEGER_to_BN(ser, NULL);
+                if (!bnser)
+                    goto end;
+                if (!BN_add_word(bnser, 1))
+                    goto end;
+                ser = BN_to_ASN1_INTEGER(bnser, NULL);
+                if (!ser)
+                    goto end;
+                BN_free(bnser);
+                i2a_ASN1_INTEGER(out, ser);
+                ASN1_INTEGER_free(ser);
+                BIO_puts(out, "\n");
+            } else if ((email == i) || (ocsp_uri == i)) {
+                int j;
+                STACK_OF(OPENSSL_STRING) *emlst;
+                if (email == i)
+                    emlst = X509_get1_email(x);
+                else
+                    emlst = X509_get1_ocsp(x);
+                for (j = 0; j < sk_OPENSSL_STRING_num(emlst); j++)
+                    BIO_printf(STDout, "%s\n",
+                               sk_OPENSSL_STRING_value(emlst, j));
+                X509_email_free(emlst);
+            } else if (aliasout == i) {
+                unsigned char *alstr;
+                alstr = X509_alias_get0(x, NULL);
+                if (alstr)
+                    BIO_printf(STDout, "%s\n", alstr);
+                else
+                    BIO_puts(STDout, "<No Alias>\n");
+            } else if (subject_hash == i) {
+                BIO_printf(STDout, "%08lx\n", X509_subject_name_hash(x));
+            }
+#ifndef OPENSSL_NO_MD5
+            else if (subject_hash_old == i) {
+                BIO_printf(STDout, "%08lx\n", X509_subject_name_hash_old(x));
+            }
+#endif
+            else if (issuer_hash == i) {
+                BIO_printf(STDout, "%08lx\n", X509_issuer_name_hash(x));
+            }
+#ifndef OPENSSL_NO_MD5
+            else if (issuer_hash_old == i) {
+                BIO_printf(STDout, "%08lx\n", X509_issuer_name_hash_old(x));
+            }
+#endif
+            else if (pprint == i) {
+                X509_PURPOSE *ptmp;
+                int j;
+                BIO_printf(STDout, "Certificate purposes:\n");
+                for (j = 0; j < X509_PURPOSE_get_count(); j++) {
+                    ptmp = X509_PURPOSE_get0(j);
+                    purpose_print(STDout, x, ptmp);
+                }
+            } else if (modulus == i) {
+                EVP_PKEY *pkey;
+
+                pkey = X509_get_pubkey(x);
+                if (pkey == NULL) {
+                    BIO_printf(bio_err, "Modulus=unavailable\n");
+                    ERR_print_errors(bio_err);
+                    goto end;
+                }
+                BIO_printf(STDout, "Modulus=");
+#ifndef OPENSSL_NO_RSA
+                if (pkey->type == EVP_PKEY_RSA)
+                    BN_print(STDout, pkey->pkey.rsa->n);
+                else
+#endif
+#ifndef OPENSSL_NO_DSA
+                if (pkey->type == EVP_PKEY_DSA)
+                    BN_print(STDout, pkey->pkey.dsa->pub_key);
+                else
+#endif
+                    BIO_printf(STDout, "Wrong Algorithm type");
+                BIO_printf(STDout, "\n");
+                EVP_PKEY_free(pkey);
+            } else if (pubkey == i) {
+                EVP_PKEY *pkey;
+
+                pkey = X509_get_pubkey(x);
+                if (pkey == NULL) {
+                    BIO_printf(bio_err, "Error getting public key\n");
+                    ERR_print_errors(bio_err);
+                    goto end;
+                }
+                PEM_write_bio_PUBKEY(STDout, pkey);
+                EVP_PKEY_free(pkey);
+            } else if (C == i) {
+                unsigned char *d;
+                char *m;
+                int y, z;
+
+                X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof buf);
+                BIO_printf(STDout, "/* subject:%s */\n", buf);
+                m = X509_NAME_oneline(X509_get_issuer_name(x), buf,
+                                      sizeof buf);
+                BIO_printf(STDout, "/* issuer :%s */\n", buf);
+
+                z = i2d_X509(x, NULL);
+                m = OPENSSL_malloc(z);
+                if (!m) {
+                    BIO_printf(bio_err, "Out of memory\n");
+                    ERR_print_errors(bio_err);
+                    goto end;
+                }
+
+                d = (unsigned char *)m;
+                z = i2d_X509_NAME(X509_get_subject_name(x), &d);
+                BIO_printf(STDout, "unsigned char XXX_subject_name[%d]={\n",
+                           z);
+                d = (unsigned char *)m;
+                for (y = 0; y < z; y++) {
+                    BIO_printf(STDout, "0x%02X,", d[y]);
+                    if ((y & 0x0f) == 0x0f)
+                        BIO_printf(STDout, "\n");
+                }
+                if (y % 16 != 0)
+                    BIO_printf(STDout, "\n");
+                BIO_printf(STDout, "};\n");
+
+                z = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &d);
+                BIO_printf(STDout, "unsigned char XXX_public_key[%d]={\n", z);
+                d = (unsigned char *)m;
+                for (y = 0; y < z; y++) {
+                    BIO_printf(STDout, "0x%02X,", d[y]);
+                    if ((y & 0x0f) == 0x0f)
+                        BIO_printf(STDout, "\n");
+                }
+                if (y % 16 != 0)
+                    BIO_printf(STDout, "\n");
+                BIO_printf(STDout, "};\n");
+
+                z = i2d_X509(x, &d);
+                BIO_printf(STDout, "unsigned char XXX_certificate[%d]={\n",
+                           z);
+                d = (unsigned char *)m;
+                for (y = 0; y < z; y++) {
+                    BIO_printf(STDout, "0x%02X,", d[y]);
+                    if ((y & 0x0f) == 0x0f)
+                        BIO_printf(STDout, "\n");
+                }
+                if (y % 16 != 0)
+                    BIO_printf(STDout, "\n");
+                BIO_printf(STDout, "};\n");
+
+                OPENSSL_free(m);
+            } else if (text == i) {
+                X509_print_ex(STDout, x, nmflag, certflag);
+            } else if (startdate == i) {
+                BIO_puts(STDout, "notBefore=");
+                ASN1_TIME_print(STDout, X509_get_notBefore(x));
+                BIO_puts(STDout, "\n");
+            } else if (enddate == i) {
+                BIO_puts(STDout, "notAfter=");
+                ASN1_TIME_print(STDout, X509_get_notAfter(x));
+                BIO_puts(STDout, "\n");
+            } else if (fingerprint == i) {
+                int j;
+                unsigned int n;
+                unsigned char md[EVP_MAX_MD_SIZE];
+                const EVP_MD *fdig = digest;
+
+                if (!fdig)
+                    fdig = EVP_sha1();
+
+                if (!X509_digest(x, fdig, md, &n)) {
+                    BIO_printf(bio_err, "out of memory\n");
+                    goto end;
+                }
+                BIO_printf(STDout, "%s Fingerprint=",
+                           OBJ_nid2sn(EVP_MD_type(fdig)));
+                for (j = 0; j < (int)n; j++) {
+                    BIO_printf(STDout, "%02X%c", md[j], (j + 1 == (int)n)
+                               ? '\n' : ':');
+                }
+            }
+
+            /* should be in the library */
+            else if ((sign_flag == i) && (x509req == 0)) {
+                BIO_printf(bio_err, "Getting Private key\n");
+                if (Upkey == NULL) {
+                    Upkey = load_key(bio_err,
+                                     keyfile, keyformat, 0,
+                                     passin, e, "Private key");
+                    if (Upkey == NULL)
+                        goto end;
+                }
+
+                assert(need_rand);
+                if (!sign(x, Upkey, days, clrext, digest, extconf, extsect))
+                    goto end;
+            } else if (CA_flag == i) {
+                BIO_printf(bio_err, "Getting CA Private Key\n");
+                if (CAkeyfile != NULL) {
+                    CApkey = load_key(bio_err,
+                                      CAkeyfile, CAkeyformat,
+                                      0, passin, e, "CA Private Key");
+                    if (CApkey == NULL)
+                        goto end;
+                }
+
+                assert(need_rand);
+                if (!x509_certify(ctx, CAfile, digest, x, xca,
+                                  CApkey, sigopts,
+                                  CAserial, CA_createserial, days, clrext,
+                                  extconf, extsect, sno))
+                    goto end;
+            } else if (x509req == i) {
+                EVP_PKEY *pk;
+
+                BIO_printf(bio_err, "Getting request Private Key\n");
+                if (keyfile == NULL) {
+                    BIO_printf(bio_err, "no request key file specified\n");
+                    goto end;
+                } else {
+                    pk = load_key(bio_err,
+                                  keyfile, keyformat, 0,
+                                  passin, e, "request key");
+                    if (pk == NULL)
+                        goto end;
+                }
+
+                BIO_printf(bio_err, "Generating certificate request\n");
+
+                rq = X509_to_X509_REQ(x, pk, digest);
+                EVP_PKEY_free(pk);
+                if (rq == NULL) {
+                    ERR_print_errors(bio_err);
+                    goto end;
+                }
+                if (!noout) {
+                    X509_REQ_print(out, rq);
+                    PEM_write_bio_X509_REQ(out, rq);
+                }
+                noout = 1;
+            } else if (ocspid == i) {
+                X509_ocspid_print(out, x);
+            }
+        }
+    }
+
+    if (checkend) {
+        time_t tcheck = time(NULL) + checkoffset;
+
+        if (X509_cmp_time(X509_get_notAfter(x), &tcheck) < 0) {
+            BIO_printf(out, "Certificate will expire\n");
+            ret = 1;
+        } else {
+            BIO_printf(out, "Certificate will not expire\n");
+            ret = 0;
+        }
+        goto end;
+    }
+
+    if (noout) {
+        ret = 0;
+        goto end;
+    }
+
+    if (outformat == FORMAT_ASN1)
+        i = i2d_X509_bio(out, x);
+    else if (outformat == FORMAT_PEM) {
+        if (trustout)
+            i = PEM_write_bio_X509_AUX(out, x);
+        else
+            i = PEM_write_bio_X509(out, x);
+    } else if (outformat == FORMAT_NETSCAPE) {
+        NETSCAPE_X509 nx;
+        ASN1_OCTET_STRING hdr;
+
+        hdr.data = (unsigned char *)NETSCAPE_CERT_HDR;
+        hdr.length = strlen(NETSCAPE_CERT_HDR);
+        nx.header = &hdr;
+        nx.cert = x;
+
+        i = ASN1_item_i2d_bio(ASN1_ITEM_rptr(NETSCAPE_X509), out, &nx);
+    } else {
+        BIO_printf(bio_err, "bad output format specified for outfile\n");
+        goto end;
+    }
+    if (!i) {
+        BIO_printf(bio_err, "unable to write certificate\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    ret = 0;
+ end:
+    if (need_rand)
+        app_RAND_write_file(NULL, bio_err);
+    OBJ_cleanup();
+    NCONF_free(extconf);
+    BIO_free_all(out);
+    BIO_free_all(STDout);
+    X509_STORE_free(ctx);
+    X509_REQ_free(req);
+    X509_free(x);
+    X509_free(xca);
+    EVP_PKEY_free(Upkey);
+    EVP_PKEY_free(CApkey);
+    if (sigopts)
+        sk_OPENSSL_STRING_free(sigopts);
+    X509_REQ_free(rq);
+    ASN1_INTEGER_free(sno);
+    sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
+    sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
+    if (passin)
+        OPENSSL_free(passin);
+    apps_shutdown();
+    OPENSSL_EXIT(ret);
+}
+
+static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile,
+                                      int create)
+{
+    char *buf = NULL, *p;
+    ASN1_INTEGER *bs = NULL;
+    BIGNUM *serial = NULL;
+    size_t len;
+
+    len = ((serialfile == NULL)
+           ? (strlen(CAfile) + strlen(POSTFIX) + 1)
+           : (strlen(serialfile))) + 1;
+    buf = OPENSSL_malloc(len);
+    if (buf == NULL) {
+        BIO_printf(bio_err, "out of mem\n");
+        goto end;
+    }
+    if (serialfile == NULL) {
+        BUF_strlcpy(buf, CAfile, len);
+        for (p = buf; *p; p++)
+            if (*p == '.') {
+                *p = '\0';
+                break;
+            }
+        BUF_strlcat(buf, POSTFIX, len);
+    } else
+        BUF_strlcpy(buf, serialfile, len);
+
+    serial = load_serial(buf, create, NULL);
+    if (serial == NULL)
+        goto end;
+
+    if (!BN_add_word(serial, 1)) {
+        BIO_printf(bio_err, "add_word failure\n");
+        goto end;
+    }
+
+    if (!save_serial(buf, NULL, serial, &bs))
+        goto end;
+
+ end:
+    if (buf)
+        OPENSSL_free(buf);
+    BN_free(serial);
+    return bs;
+}
+
+static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
+                        X509 *x, X509 *xca, EVP_PKEY *pkey,
+                        STACK_OF(OPENSSL_STRING) *sigopts,
+                        char *serialfile, int create,
+                        int days, int clrext, CONF *conf, char *section,
+                        ASN1_INTEGER *sno)
+{
+    int ret = 0;
+    ASN1_INTEGER *bs = NULL;
+    X509_STORE_CTX xsc;
+    EVP_PKEY *upkey;
+
+    upkey = X509_get_pubkey(xca);
+    if (upkey == NULL)  {
+        BIO_printf(bio_err, "Error obtaining CA X509 public key\n");
+        goto end;
+    }
+    EVP_PKEY_copy_parameters(upkey, pkey);
+    EVP_PKEY_free(upkey);
+
+    if (!X509_STORE_CTX_init(&xsc, ctx, x, NULL)) {
+        BIO_printf(bio_err, "Error initialising X509 store\n");
+        goto end;
+    }
+    if (sno)
+        bs = sno;
+    else if (!(bs = x509_load_serial(CAfile, serialfile, create)))
+        goto end;
+
+/*      if (!X509_STORE_add_cert(ctx,x)) goto end;*/
+
+    /*
+     * NOTE: this certificate can/should be self signed, unless it was a
+     * certificate request in which case it is not.
+     */
+    X509_STORE_CTX_set_cert(&xsc, x);
+    X509_STORE_CTX_set_flags(&xsc, X509_V_FLAG_CHECK_SS_SIGNATURE);
+    if (!reqfile && X509_verify_cert(&xsc) <= 0)
+        goto end;
+
+    if (!X509_check_private_key(xca, pkey)) {
+        BIO_printf(bio_err,
+                   "CA certificate and CA private key do not match\n");
+        goto end;
+    }
+
+    if (!X509_set_issuer_name(x, X509_get_subject_name(xca)))
+        goto end;
+    if (!X509_set_serialNumber(x, bs))
+        goto end;
+
+    if (X509_gmtime_adj(X509_get_notBefore(x), 0L) == NULL)
+        goto end;
+
+    /* hardwired expired */
+    if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL)
+        goto end;
+
+    if (clrext) {
+        while (X509_get_ext_count(x) > 0)
+            X509_delete_ext(x, 0);
+    }
+
+    if (conf) {
+        X509V3_CTX ctx2;
+        X509_set_version(x, 2); /* version 3 certificate */
+        X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
+        X509V3_set_nconf(&ctx2, conf);
+        if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x))
+            goto end;
+    }
+
+    if (!do_X509_sign(bio_err, x, pkey, digest, sigopts))
+        goto end;
+    ret = 1;
+ end:
+    X509_STORE_CTX_cleanup(&xsc);
+    if (!ret)
+        ERR_print_errors(bio_err);
+    if (!sno)
+        ASN1_INTEGER_free(bs);
+    return ret;
+}
+
+static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
+{
+    int err;
+    X509 *err_cert;
+
+    /*
+     * it is ok to use a self signed certificate This case will catch both
+     * the initial ok == 0 and the final ok == 1 calls to this function
+     */
+    err = X509_STORE_CTX_get_error(ctx);
+    if (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
+        return 1;
+
+    /*
+     * BAD we should have gotten an error.  Normally if everything worked
+     * X509_STORE_CTX_get_error(ctx) will still be set to
+     * DEPTH_ZERO_SELF_....
+     */
+    if (ok) {
+        BIO_printf(bio_err,
+                   "error with certificate to be certified - should be self signed\n");
+        return 0;
+    } else {
+        err_cert = X509_STORE_CTX_get_current_cert(ctx);
+        print_name(bio_err, NULL, X509_get_subject_name(err_cert), 0);
+        BIO_printf(bio_err,
+                   "error with certificate - error %d at depth %d\n%s\n", err,
+                   X509_STORE_CTX_get_error_depth(ctx),
+                   X509_verify_cert_error_string(err));
+        return 1;
+    }
+}
+
+/* self sign */
+static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
+                const EVP_MD *digest, CONF *conf, char *section)
+{
+
+    EVP_PKEY *pktmp;
+
+    pktmp = X509_get_pubkey(x);
+    if (pktmp == NULL)
+        goto err;
+    EVP_PKEY_copy_parameters(pktmp, pkey);
+    EVP_PKEY_save_parameters(pktmp, 1);
+    EVP_PKEY_free(pktmp);
+
+    if (!X509_set_issuer_name(x, X509_get_subject_name(x)))
+        goto err;
+    if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL)
+        goto err;
+
+    if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL)
+        goto err;
+
+    if (!X509_set_pubkey(x, pkey))
+        goto err;
+    if (clrext) {
+        while (X509_get_ext_count(x) > 0)
+            X509_delete_ext(x, 0);
+    }
+    if (conf) {
+        X509V3_CTX ctx;
+        X509_set_version(x, 2); /* version 3 certificate */
+        X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
+        X509V3_set_nconf(&ctx, conf);
+        if (!X509V3_EXT_add_nconf(conf, &ctx, section, x))
+            goto err;
+    }
+    if (!X509_sign(x, pkey, digest))
+        goto err;
+    return 1;
+ err:
+    ERR_print_errors(bio_err);
+    return 0;
+}
+
+static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
+{
+    int id, i, idret;
+    char *pname;
+    id = X509_PURPOSE_get_id(pt);
+    pname = X509_PURPOSE_get0_name(pt);
+    for (i = 0; i < 2; i++) {
+        idret = X509_check_purpose(cert, id, i);
+        BIO_printf(bio, "%s%s : ", pname, i ? " CA" : "");
+        if (idret == 1)
+            BIO_printf(bio, "Yes\n");
+        else if (idret == 0)
+            BIO_printf(bio, "No\n");
+        else
+            BIO_printf(bio, "Yes (WARNING code=%d)\n", idret);
+    }
+    return 1;
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/aes/aes.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes.h	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/aes/aes.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,149 +0,0 @@
-/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#ifndef HEADER_AES_H
-# define HEADER_AES_H
-
-# include <openssl/opensslconf.h>
-
-# ifdef OPENSSL_NO_AES
-#  error AES is disabled.
-# endif
-
-# include <stddef.h>
-
-# define AES_ENCRYPT     1
-# define AES_DECRYPT     0
-
-/*
- * Because array size can't be a const in C, the following two are macros.
- * Both sizes are in bytes.
- */
-# define AES_MAXNR 14
-# define AES_BLOCK_SIZE 16
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* This should be a hidden type, but EVP requires that the size be known */
-struct aes_key_st {
-# ifdef AES_LONG
-    unsigned long rd_key[4 * (AES_MAXNR + 1)];
-# else
-    unsigned int rd_key[4 * (AES_MAXNR + 1)];
-# endif
-    int rounds;
-};
-typedef struct aes_key_st AES_KEY;
-
-const char *AES_options(void);
-
-int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-                        AES_KEY *key);
-int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-                        AES_KEY *key);
-
-int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-                                AES_KEY *key);
-int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-                                AES_KEY *key);
-
-void AES_encrypt(const unsigned char *in, unsigned char *out,
-                 const AES_KEY *key);
-void AES_decrypt(const unsigned char *in, unsigned char *out,
-                 const AES_KEY *key);
-
-void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
-                     const AES_KEY *key, const int enc);
-void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
-                     size_t length, const AES_KEY *key,
-                     unsigned char *ivec, const int enc);
-void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
-                        size_t length, const AES_KEY *key,
-                        unsigned char *ivec, int *num, const int enc);
-void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
-                      size_t length, const AES_KEY *key,
-                      unsigned char *ivec, int *num, const int enc);
-void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
-                      size_t length, const AES_KEY *key,
-                      unsigned char *ivec, int *num, const int enc);
-void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
-                        size_t length, const AES_KEY *key,
-                        unsigned char *ivec, int *num);
-void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
-                        size_t length, const AES_KEY *key,
-                        unsigned char ivec[AES_BLOCK_SIZE],
-                        unsigned char ecount_buf[AES_BLOCK_SIZE],
-                        unsigned int *num);
-/* NB: the IV is _two_ blocks long */
-void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
-                     size_t length, const AES_KEY *key,
-                     unsigned char *ivec, const int enc);
-/* NB: the IV is _four_ blocks long */
-void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
-                        size_t length, const AES_KEY *key,
-                        const AES_KEY *key2, const unsigned char *ivec,
-                        const int enc);
-
-int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
-                 unsigned char *out,
-                 const unsigned char *in, unsigned int inlen);
-int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
-                   unsigned char *out,
-                   const unsigned char *in, unsigned int inlen);
-
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif                          /* !HEADER_AES_H */

Copied: vendor-crypto/openssl/1.0.1u/crypto/aes/aes.h (from rev 11605, vendor-crypto/openssl/dist/crypto/aes/aes.h)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/aes/aes.h	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/aes/aes.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,149 @@
+/* crypto/aes/aes.h */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef HEADER_AES_H
+# define HEADER_AES_H
+
+# include <openssl/opensslconf.h>
+
+# ifdef OPENSSL_NO_AES
+#  error AES is disabled.
+# endif
+
+# include <stddef.h>
+
+# define AES_ENCRYPT     1
+# define AES_DECRYPT     0
+
+/*
+ * Because array size can't be a const in C, the following two are macros.
+ * Both sizes are in bytes.
+ */
+# define AES_MAXNR 14
+# define AES_BLOCK_SIZE 16
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* This should be a hidden type, but EVP requires that the size be known */
+struct aes_key_st {
+# ifdef AES_LONG
+    unsigned long rd_key[4 * (AES_MAXNR + 1)];
+# else
+    unsigned int rd_key[4 * (AES_MAXNR + 1)];
+# endif
+    int rounds;
+};
+typedef struct aes_key_st AES_KEY;
+
+const char *AES_options(void);
+
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key);
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key);
+
+int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                                AES_KEY *key);
+int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+                                AES_KEY *key);
+
+void AES_encrypt(const unsigned char *in, unsigned char *out,
+                 const AES_KEY *key);
+void AES_decrypt(const unsigned char *in, unsigned char *out,
+                 const AES_KEY *key);
+
+void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                     const AES_KEY *key, const int enc);
+void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                     size_t length, const AES_KEY *key,
+                     unsigned char *ivec, const int enc);
+void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t length, const AES_KEY *key,
+                        unsigned char *ivec, int *num, const int enc);
+void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+                      size_t length, const AES_KEY *key,
+                      unsigned char *ivec, int *num, const int enc);
+void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+                      size_t length, const AES_KEY *key,
+                      unsigned char *ivec, int *num, const int enc);
+void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t length, const AES_KEY *key,
+                        unsigned char *ivec, int *num);
+void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t length, const AES_KEY *key,
+                        unsigned char ivec[AES_BLOCK_SIZE],
+                        unsigned char ecount_buf[AES_BLOCK_SIZE],
+                        unsigned int *num);
+/* NB: the IV is _two_ blocks long */
+void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
+                     size_t length, const AES_KEY *key,
+                     unsigned char *ivec, const int enc);
+/* NB: the IV is _four_ blocks long */
+void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t length, const AES_KEY *key,
+                        const AES_KEY *key2, const unsigned char *ivec,
+                        const int enc);
+
+int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
+                 unsigned char *out,
+                 const unsigned char *in, unsigned int inlen);
+int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
+                   unsigned char *out,
+                   const unsigned char *in, unsigned int inlen);
+
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif                          /* !HEADER_AES_H */

Deleted: vendor-crypto/openssl/1.0.1u/crypto/aes/aes_cbc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_cbc.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/aes/aes_cbc.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,66 +0,0 @@
-/* crypto/aes/aes_cbc.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/aes.h>
-#include <openssl/modes.h>
-
-void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
-                     size_t len, const AES_KEY *key,
-                     unsigned char *ivec, const int enc)
-{
-
-    if (enc)
-        CRYPTO_cbc128_encrypt(in, out, len, key, ivec,
-                              (block128_f) AES_encrypt);
-    else
-        CRYPTO_cbc128_decrypt(in, out, len, key, ivec,
-                              (block128_f) AES_decrypt);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/aes/aes_cbc.c (from rev 11605, vendor-crypto/openssl/dist/crypto/aes/aes_cbc.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/aes/aes_cbc.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/aes/aes_cbc.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,66 @@
+/* crypto/aes/aes_cbc.c */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <openssl/aes.h>
+#include <openssl/modes.h>
+
+void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                     size_t len, const AES_KEY *key,
+                     unsigned char *ivec, const int enc)
+{
+
+    if (enc)
+        CRYPTO_cbc128_encrypt(in, out, len, key, ivec,
+                              (block128_f) AES_encrypt);
+    else
+        CRYPTO_cbc128_decrypt(in, out, len, key, ivec,
+                              (block128_f) AES_decrypt);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/aes/aes_cfb.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_cfb.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/aes/aes_cfb.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,85 +0,0 @@
-/* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/aes.h>
-#include <openssl/modes.h>
-
-/*
- * The input and output encrypted as though 128bit cfb mode is being used.
- * The extra state information to record how much of the 128bit block we have
- * used is contained in *num;
- */
-
-void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
-                        size_t length, const AES_KEY *key,
-                        unsigned char *ivec, int *num, const int enc)
-{
-
-    CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
-                          (block128_f) AES_encrypt);
-}
-
-/* N.B. This expects the input to be packed, MS bit first */
-void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
-                      size_t length, const AES_KEY *key,
-                      unsigned char *ivec, int *num, const int enc)
-{
-    CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc,
-                            (block128_f) AES_encrypt);
-}
-
-void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
-                      size_t length, const AES_KEY *key,
-                      unsigned char *ivec, int *num, const int enc)
-{
-    CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc,
-                            (block128_f) AES_encrypt);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/aes/aes_cfb.c (from rev 11605, vendor-crypto/openssl/dist/crypto/aes/aes_cfb.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/aes/aes_cfb.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/aes/aes_cfb.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,85 @@
+/* crypto/aes/aes_cfb.c */
+/* ====================================================================
+ * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <openssl/aes.h>
+#include <openssl/modes.h>
+
+/*
+ * The input and output encrypted as though 128bit cfb mode is being used.
+ * The extra state information to record how much of the 128bit block we have
+ * used is contained in *num;
+ */
+
+void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t length, const AES_KEY *key,
+                        unsigned char *ivec, int *num, const int enc)
+{
+
+    CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
+                          (block128_f) AES_encrypt);
+}
+
+/* N.B. This expects the input to be packed, MS bit first */
+void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+                      size_t length, const AES_KEY *key,
+                      unsigned char *ivec, int *num, const int enc)
+{
+    CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc,
+                            (block128_f) AES_encrypt);
+}
+
+void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+                      size_t length, const AES_KEY *key,
+                      unsigned char *ivec, int *num, const int enc)
+{
+    CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc,
+                            (block128_f) AES_encrypt);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/aes/aes_core.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_core.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/aes/aes_core.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,1363 +0,0 @@
-/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
-/**
- * rijndael-alg-fst.c
- *
- * @version 3.0 (December 2000)
- *
- * Optimised ANSI C code for the Rijndael cipher (now AES)
- *
- * @author Vincent Rijmen <vincent.rijmen at esat.kuleuven.ac.be>
- * @author Antoon Bosselaers <antoon.bosselaers at esat.kuleuven.ac.be>
- * @author Paulo Barreto <paulo.barreto at terra.com.br>
- *
- * This code is hereby placed in the public domain.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
- * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
- * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
- * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/* Note: rewritten a little bit to provide error control and an OpenSSL-
-   compatible API */
-
-#ifndef AES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
-#include <stdlib.h>
-#include <openssl/aes.h>
-#include "aes_locl.h"
-
-#ifndef AES_ASM
-/*-
-Te0[x] = S [x].[02, 01, 01, 03];
-Te1[x] = S [x].[03, 02, 01, 01];
-Te2[x] = S [x].[01, 03, 02, 01];
-Te3[x] = S [x].[01, 01, 03, 02];
-
-Td0[x] = Si[x].[0e, 09, 0d, 0b];
-Td1[x] = Si[x].[0b, 0e, 09, 0d];
-Td2[x] = Si[x].[0d, 0b, 0e, 09];
-Td3[x] = Si[x].[09, 0d, 0b, 0e];
-Td4[x] = Si[x].[01];
-*/
-
-static const u32 Te0[256] = {
-    0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
-    0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
-    0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
-    0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
-    0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
-    0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
-    0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
-    0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
-    0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
-    0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
-    0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
-    0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
-    0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
-    0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
-    0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
-    0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
-    0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
-    0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
-    0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
-    0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
-    0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
-    0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
-    0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
-    0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
-    0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
-    0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
-    0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
-    0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
-    0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
-    0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
-    0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
-    0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
-    0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
-    0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
-    0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
-    0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
-    0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
-    0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
-    0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
-    0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
-    0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
-    0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
-    0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
-    0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
-    0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
-    0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
-    0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
-    0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
-    0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
-    0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
-    0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
-    0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
-    0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
-    0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
-    0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
-    0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
-    0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
-    0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
-    0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
-    0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
-    0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
-    0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
-    0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
-    0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
-};
-static const u32 Te1[256] = {
-    0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
-    0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
-    0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
-    0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
-    0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
-    0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
-    0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
-    0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
-    0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
-    0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
-    0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
-    0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
-    0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
-    0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
-    0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
-    0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
-    0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
-    0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
-    0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
-    0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
-    0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
-    0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
-    0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
-    0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
-    0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
-    0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
-    0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
-    0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
-    0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
-    0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
-    0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
-    0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
-    0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
-    0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
-    0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
-    0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
-    0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
-    0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
-    0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
-    0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
-    0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
-    0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
-    0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
-    0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
-    0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
-    0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
-    0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
-    0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
-    0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
-    0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
-    0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
-    0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
-    0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
-    0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
-    0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
-    0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
-    0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
-    0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
-    0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
-    0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
-    0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
-    0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
-    0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
-    0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,
-};
-static const u32 Te2[256] = {
-    0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
-    0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
-    0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
-    0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
-    0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
-    0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
-    0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
-    0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
-    0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
-    0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
-    0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
-    0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
-    0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
-    0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
-    0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
-    0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
-    0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
-    0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
-    0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
-    0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
-    0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
-    0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
-    0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
-    0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
-    0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
-    0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
-    0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
-    0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
-    0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
-    0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
-    0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
-    0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
-    0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
-    0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
-    0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
-    0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
-    0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
-    0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
-    0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
-    0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
-    0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
-    0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
-    0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
-    0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
-    0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
-    0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
-    0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
-    0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
-    0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
-    0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
-    0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
-    0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
-    0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
-    0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
-    0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
-    0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
-    0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
-    0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
-    0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
-    0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
-    0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
-    0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
-    0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
-    0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
-};
-static const u32 Te3[256] = {
-    0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
-    0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
-    0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
-    0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
-    0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
-    0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
-    0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
-    0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
-    0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
-    0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
-    0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
-    0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
-    0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
-    0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
-    0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
-    0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
-    0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
-    0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
-    0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
-    0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
-    0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
-    0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
-    0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
-    0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
-    0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
-    0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
-    0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
-    0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
-    0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
-    0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
-    0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
-    0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
-    0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
-    0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
-    0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
-    0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
-    0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
-    0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
-    0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
-    0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
-    0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
-    0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
-    0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
-    0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
-    0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
-    0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
-    0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
-    0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
-    0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
-    0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
-    0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
-    0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
-    0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
-    0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
-    0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
-    0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
-    0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
-    0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
-    0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
-    0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
-    0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
-    0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
-    0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
-    0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
-};
-
-static const u32 Td0[256] = {
-    0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
-    0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
-    0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
-    0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
-    0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
-    0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
-    0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
-    0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
-    0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
-    0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
-    0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
-    0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
-    0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
-    0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
-    0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
-    0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
-    0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
-    0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
-    0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
-    0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
-    0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
-    0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
-    0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
-    0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
-    0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
-    0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
-    0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
-    0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
-    0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
-    0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
-    0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
-    0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
-    0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
-    0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
-    0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
-    0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
-    0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
-    0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
-    0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
-    0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
-    0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
-    0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
-    0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
-    0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
-    0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
-    0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
-    0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
-    0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
-    0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
-    0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
-    0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
-    0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
-    0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
-    0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
-    0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
-    0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
-    0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
-    0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
-    0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
-    0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
-    0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
-    0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
-    0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
-    0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
-};
-static const u32 Td1[256] = {
-    0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
-    0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
-    0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
-    0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
-    0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
-    0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
-    0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
-    0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
-    0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
-    0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
-    0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
-    0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
-    0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
-    0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
-    0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
-    0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
-    0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
-    0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
-    0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
-    0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
-    0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
-    0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
-    0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
-    0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
-    0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
-    0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
-    0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
-    0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
-    0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
-    0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
-    0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
-    0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
-    0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
-    0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
-    0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
-    0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
-    0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
-    0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
-    0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
-    0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
-    0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
-    0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
-    0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
-    0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
-    0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
-    0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
-    0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
-    0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
-    0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
-    0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
-    0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
-    0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
-    0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
-    0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
-    0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
-    0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
-    0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
-    0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
-    0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
-    0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
-    0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
-    0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
-    0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
-    0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U,
-};
-static const u32 Td2[256] = {
-    0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
-    0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
-    0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
-    0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
-    0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
-    0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
-    0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
-    0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
-    0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
-    0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
-    0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
-    0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
-    0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
-    0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
-    0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
-    0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
-    0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
-    0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
-    0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
-    0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
-    0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
-    0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
-    0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
-    0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
-    0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
-    0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
-    0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
-    0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
-    0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
-    0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
-    0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
-    0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
-    0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
-    0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
-    0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
-    0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
-    0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
-    0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
-    0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
-    0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
-    0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
-    0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
-    0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
-    0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
-    0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
-    0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
-    0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
-    0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
-    0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
-    0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
-    0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
-    0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
-    0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
-    0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
-    0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
-    0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
-    0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
-    0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
-    0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
-    0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
-    0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
-    0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
-    0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
-    0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U,
-};
-static const u32 Td3[256] = {
-    0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
-    0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
-    0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
-    0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
-    0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
-    0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
-    0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
-    0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
-    0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
-    0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
-    0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
-    0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
-    0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
-    0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
-    0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
-    0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
-    0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
-    0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
-    0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
-    0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
-    0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
-    0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
-    0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
-    0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
-    0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
-    0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
-    0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
-    0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
-    0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
-    0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
-    0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
-    0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
-    0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
-    0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
-    0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
-    0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
-    0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
-    0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
-    0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
-    0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
-    0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
-    0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
-    0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
-    0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
-    0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
-    0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
-    0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
-    0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
-    0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
-    0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
-    0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
-    0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
-    0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
-    0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
-    0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
-    0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
-    0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
-    0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
-    0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
-    0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
-    0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
-    0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
-    0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
-    0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
-};
-static const u8 Td4[256] = {
-    0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
-    0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
-    0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U,
-    0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU,
-    0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU,
-    0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU,
-    0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U,
-    0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U,
-    0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U,
-    0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U,
-    0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU,
-    0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U,
-    0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU,
-    0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U,
-    0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U,
-    0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU,
-    0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU,
-    0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U,
-    0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U,
-    0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU,
-    0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U,
-    0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU,
-    0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U,
-    0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U,
-    0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U,
-    0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU,
-    0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU,
-    0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU,
-    0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U,
-    0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U,
-    0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U,
-    0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU,
-};
-static const u32 rcon[] = {
-    0x01000000, 0x02000000, 0x04000000, 0x08000000,
-    0x10000000, 0x20000000, 0x40000000, 0x80000000,
-    0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
-};
-
-/**
- * Expand the cipher key into the encryption key schedule.
- */
-int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-                                AES_KEY *key)
-{
-
-    u32 *rk;
-    int i = 0;
-    u32 temp;
-
-    if (!userKey || !key)
-        return -1;
-    if (bits != 128 && bits != 192 && bits != 256)
-        return -2;
-
-    rk = key->rd_key;
-
-    if (bits==128)
-        key->rounds = 10;
-    else if (bits==192)
-        key->rounds = 12;
-    else
-        key->rounds = 14;
-
-    rk[0] = GETU32(userKey     );
-    rk[1] = GETU32(userKey +  4);
-    rk[2] = GETU32(userKey +  8);
-    rk[3] = GETU32(userKey + 12);
-    if (bits == 128) {
-        while (1) {
-            temp  = rk[3];
-            rk[4] = rk[0] ^
-                (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
-                (Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
-                (Te0[(temp      ) & 0xff] & 0x0000ff00) ^
-                (Te1[(temp >> 24)       ] & 0x000000ff) ^
-                rcon[i];
-            rk[5] = rk[1] ^ rk[4];
-            rk[6] = rk[2] ^ rk[5];
-            rk[7] = rk[3] ^ rk[6];
-            if (++i == 10) {
-                return 0;
-            }
-            rk += 4;
-        }
-    }
-    rk[4] = GETU32(userKey + 16);
-    rk[5] = GETU32(userKey + 20);
-    if (bits == 192) {
-        while (1) {
-            temp = rk[ 5];
-            rk[ 6] = rk[ 0] ^
-                (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
-                (Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
-                (Te0[(temp      ) & 0xff] & 0x0000ff00) ^
-                (Te1[(temp >> 24)       ] & 0x000000ff) ^
-                rcon[i];
-            rk[ 7] = rk[ 1] ^ rk[ 6];
-            rk[ 8] = rk[ 2] ^ rk[ 7];
-            rk[ 9] = rk[ 3] ^ rk[ 8];
-            if (++i == 8) {
-                return 0;
-            }
-            rk[10] = rk[ 4] ^ rk[ 9];
-            rk[11] = rk[ 5] ^ rk[10];
-            rk += 6;
-        }
-    }
-    rk[6] = GETU32(userKey + 24);
-    rk[7] = GETU32(userKey + 28);
-    if (bits == 256) {
-        while (1) {
-            temp = rk[ 7];
-            rk[ 8] = rk[ 0] ^
-                (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
-                (Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
-                (Te0[(temp      ) & 0xff] & 0x0000ff00) ^
-                (Te1[(temp >> 24)       ] & 0x000000ff) ^
-                rcon[i];
-            rk[ 9] = rk[ 1] ^ rk[ 8];
-            rk[10] = rk[ 2] ^ rk[ 9];
-            rk[11] = rk[ 3] ^ rk[10];
-            if (++i == 7) {
-                return 0;
-            }
-            temp = rk[11];
-            rk[12] = rk[ 4] ^
-                (Te2[(temp >> 24)       ] & 0xff000000) ^
-                (Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^
-                (Te0[(temp >>  8) & 0xff] & 0x0000ff00) ^
-                (Te1[(temp      ) & 0xff] & 0x000000ff);
-            rk[13] = rk[ 5] ^ rk[12];
-            rk[14] = rk[ 6] ^ rk[13];
-            rk[15] = rk[ 7] ^ rk[14];
-
-            rk += 8;
-            }
-    }
-    return 0;
-}
-
-/**
- * Expand the cipher key into the decryption key schedule.
- */
-int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-                                AES_KEY *key)
-{
-
-    u32 *rk;
-    int i, j, status;
-    u32 temp;
-
-    /* first, start with an encryption schedule */
-    status = private_AES_set_encrypt_key(userKey, bits, key);
-    if (status < 0)
-        return status;
-
-    rk = key->rd_key;
-
-    /* invert the order of the round keys: */
-    for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
-        temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
-        temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
-        temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
-        temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
-    }
-    /* apply the inverse MixColumn transform to all round keys but the first and the last: */
-    for (i = 1; i < (key->rounds); i++) {
-        rk += 4;
-        rk[0] =
-            Td0[Te1[(rk[0] >> 24)       ] & 0xff] ^
-            Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^
-            Td2[Te1[(rk[0] >>  8) & 0xff] & 0xff] ^
-            Td3[Te1[(rk[0]      ) & 0xff] & 0xff];
-        rk[1] =
-            Td0[Te1[(rk[1] >> 24)       ] & 0xff] ^
-            Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^
-            Td2[Te1[(rk[1] >>  8) & 0xff] & 0xff] ^
-            Td3[Te1[(rk[1]      ) & 0xff] & 0xff];
-        rk[2] =
-            Td0[Te1[(rk[2] >> 24)       ] & 0xff] ^
-            Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^
-            Td2[Te1[(rk[2] >>  8) & 0xff] & 0xff] ^
-            Td3[Te1[(rk[2]      ) & 0xff] & 0xff];
-        rk[3] =
-            Td0[Te1[(rk[3] >> 24)       ] & 0xff] ^
-            Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^
-            Td2[Te1[(rk[3] >>  8) & 0xff] & 0xff] ^
-            Td3[Te1[(rk[3]      ) & 0xff] & 0xff];
-    }
-    return 0;
-}
-
-/*
- * Encrypt a single block
- * in and out can overlap
- */
-void AES_encrypt(const unsigned char *in, unsigned char *out,
-                 const AES_KEY *key) {
-
-    const u32 *rk;
-    u32 s0, s1, s2, s3, t0, t1, t2, t3;
-#ifndef FULL_UNROLL
-    int r;
-#endif /* ?FULL_UNROLL */
-
-    assert(in && out && key);
-    rk = key->rd_key;
-
-    /*
-     * map byte array block to cipher state
-     * and add initial round key:
-     */
-    s0 = GETU32(in     ) ^ rk[0];
-    s1 = GETU32(in +  4) ^ rk[1];
-    s2 = GETU32(in +  8) ^ rk[2];
-    s3 = GETU32(in + 12) ^ rk[3];
-#ifdef FULL_UNROLL
-    /* round 1: */
-    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];
-    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5];
-    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6];
-    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];
-    /* round 2: */
-    s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8];
-    s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9];
-    s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10];
-    s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11];
-    /* round 3: */
-    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12];
-    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13];
-    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14];
-    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15];
-    /* round 4: */
-    s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16];
-    s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17];
-    s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18];
-    s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19];
-    /* round 5: */
-    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20];
-    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21];
-    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22];
-    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23];
-    /* round 6: */
-    s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24];
-    s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25];
-    s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26];
-    s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27];
-    /* round 7: */
-    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28];
-    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29];
-    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30];
-    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31];
-    /* round 8: */
-    s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32];
-    s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33];
-    s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34];
-    s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35];
-    /* round 9: */
-    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36];
-    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37];
-    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
-    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
-    if (key->rounds > 10) {
-        /* round 10: */
-        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
-        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41];
-        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42];
-        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43];
-        /* round 11: */
-        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44];
-        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45];
-        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46];
-        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47];
-        if (key->rounds > 12) {
-            /* round 12: */
-            s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48];
-            s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49];
-            s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50];
-            s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51];
-            /* round 13: */
-            t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52];
-            t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53];
-            t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54];
-            t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55];
-        }
-    }
-    rk += key->rounds << 2;
-#else  /* !FULL_UNROLL */
-    /*
-     * Nr - 1 full rounds:
-     */
-    r = key->rounds >> 1;
-    for (;;) {
-        t0 =
-            Te0[(s0 >> 24)       ] ^
-            Te1[(s1 >> 16) & 0xff] ^
-            Te2[(s2 >>  8) & 0xff] ^
-            Te3[(s3      ) & 0xff] ^
-            rk[4];
-        t1 =
-            Te0[(s1 >> 24)       ] ^
-            Te1[(s2 >> 16) & 0xff] ^
-            Te2[(s3 >>  8) & 0xff] ^
-            Te3[(s0      ) & 0xff] ^
-            rk[5];
-        t2 =
-            Te0[(s2 >> 24)       ] ^
-            Te1[(s3 >> 16) & 0xff] ^
-            Te2[(s0 >>  8) & 0xff] ^
-            Te3[(s1      ) & 0xff] ^
-            rk[6];
-        t3 =
-            Te0[(s3 >> 24)       ] ^
-            Te1[(s0 >> 16) & 0xff] ^
-            Te2[(s1 >>  8) & 0xff] ^
-            Te3[(s2      ) & 0xff] ^
-            rk[7];
-
-        rk += 8;
-        if (--r == 0) {
-            break;
-        }
-
-        s0 =
-            Te0[(t0 >> 24)       ] ^
-            Te1[(t1 >> 16) & 0xff] ^
-            Te2[(t2 >>  8) & 0xff] ^
-            Te3[(t3      ) & 0xff] ^
-            rk[0];
-        s1 =
-            Te0[(t1 >> 24)       ] ^
-            Te1[(t2 >> 16) & 0xff] ^
-            Te2[(t3 >>  8) & 0xff] ^
-            Te3[(t0      ) & 0xff] ^
-            rk[1];
-        s2 =
-            Te0[(t2 >> 24)       ] ^
-            Te1[(t3 >> 16) & 0xff] ^
-            Te2[(t0 >>  8) & 0xff] ^
-            Te3[(t1      ) & 0xff] ^
-            rk[2];
-        s3 =
-            Te0[(t3 >> 24)       ] ^
-            Te1[(t0 >> 16) & 0xff] ^
-            Te2[(t1 >>  8) & 0xff] ^
-            Te3[(t2      ) & 0xff] ^
-            rk[3];
-    }
-#endif /* ?FULL_UNROLL */
-    /*
-     * apply last round and
-     * map cipher state to byte array block:
-     */
-    s0 =
-        (Te2[(t0 >> 24)       ] & 0xff000000) ^
-        (Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^
-        (Te0[(t2 >>  8) & 0xff] & 0x0000ff00) ^
-        (Te1[(t3      ) & 0xff] & 0x000000ff) ^
-        rk[0];
-    PUTU32(out     , s0);
-    s1 =
-        (Te2[(t1 >> 24)       ] & 0xff000000) ^
-        (Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^
-        (Te0[(t3 >>  8) & 0xff] & 0x0000ff00) ^
-        (Te1[(t0      ) & 0xff] & 0x000000ff) ^
-        rk[1];
-    PUTU32(out +  4, s1);
-    s2 =
-        (Te2[(t2 >> 24)       ] & 0xff000000) ^
-        (Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^
-        (Te0[(t0 >>  8) & 0xff] & 0x0000ff00) ^
-        (Te1[(t1      ) & 0xff] & 0x000000ff) ^
-        rk[2];
-    PUTU32(out +  8, s2);
-    s3 =
-        (Te2[(t3 >> 24)       ] & 0xff000000) ^
-        (Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^
-        (Te0[(t1 >>  8) & 0xff] & 0x0000ff00) ^
-        (Te1[(t2      ) & 0xff] & 0x000000ff) ^
-        rk[3];
-    PUTU32(out + 12, s3);
-}
-
-/*
- * Decrypt a single block
- * in and out can overlap
- */
-void AES_decrypt(const unsigned char *in, unsigned char *out,
-                 const AES_KEY *key)
-{
-
-    const u32 *rk;
-    u32 s0, s1, s2, s3, t0, t1, t2, t3;
-#ifndef FULL_UNROLL
-    int r;
-#endif /* ?FULL_UNROLL */
-
-    assert(in && out && key);
-    rk = key->rd_key;
-
-    /*
-     * map byte array block to cipher state
-     * and add initial round key:
-     */
-    s0 = GETU32(in     ) ^ rk[0];
-    s1 = GETU32(in +  4) ^ rk[1];
-    s2 = GETU32(in +  8) ^ rk[2];
-    s3 = GETU32(in + 12) ^ rk[3];
-#ifdef FULL_UNROLL
-    /* round 1: */
-    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4];
-    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5];
-    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6];
-    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7];
-    /* round 2: */
-    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8];
-    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9];
-    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10];
-    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11];
-    /* round 3: */
-    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12];
-    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13];
-    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14];
-    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15];
-    /* round 4: */
-    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16];
-    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17];
-    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18];
-    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19];
-    /* round 5: */
-    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20];
-    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21];
-    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22];
-    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23];
-    /* round 6: */
-    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24];
-    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25];
-    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26];
-    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27];
-    /* round 7: */
-    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28];
-    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29];
-    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30];
-    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31];
-    /* round 8: */
-    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32];
-    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33];
-    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34];
-    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35];
-    /* round 9: */
-    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36];
-    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37];
-    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38];
-    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39];
-    if (key->rounds > 10) {
-        /* round 10: */
-        s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40];
-        s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41];
-        s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42];
-        s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43];
-        /* round 11: */
-        t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44];
-        t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45];
-        t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46];
-        t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47];
-        if (key->rounds > 12) {
-            /* round 12: */
-            s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48];
-            s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49];
-            s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50];
-            s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51];
-            /* round 13: */
-            t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52];
-            t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53];
-            t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54];
-            t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];
-        }
-    }
-    rk += key->rounds << 2;
-#else  /* !FULL_UNROLL */
-    /*
-     * Nr - 1 full rounds:
-     */
-    r = key->rounds >> 1;
-    for (;;) {
-        t0 =
-            Td0[(s0 >> 24)       ] ^
-            Td1[(s3 >> 16) & 0xff] ^
-            Td2[(s2 >>  8) & 0xff] ^
-            Td3[(s1      ) & 0xff] ^
-            rk[4];
-        t1 =
-            Td0[(s1 >> 24)       ] ^
-            Td1[(s0 >> 16) & 0xff] ^
-            Td2[(s3 >>  8) & 0xff] ^
-            Td3[(s2      ) & 0xff] ^
-            rk[5];
-        t2 =
-            Td0[(s2 >> 24)       ] ^
-            Td1[(s1 >> 16) & 0xff] ^
-            Td2[(s0 >>  8) & 0xff] ^
-            Td3[(s3      ) & 0xff] ^
-            rk[6];
-        t3 =
-            Td0[(s3 >> 24)       ] ^
-            Td1[(s2 >> 16) & 0xff] ^
-            Td2[(s1 >>  8) & 0xff] ^
-            Td3[(s0      ) & 0xff] ^
-            rk[7];
-
-        rk += 8;
-        if (--r == 0) {
-            break;
-        }
-
-        s0 =
-            Td0[(t0 >> 24)       ] ^
-            Td1[(t3 >> 16) & 0xff] ^
-            Td2[(t2 >>  8) & 0xff] ^
-            Td3[(t1      ) & 0xff] ^
-            rk[0];
-        s1 =
-            Td0[(t1 >> 24)       ] ^
-            Td1[(t0 >> 16) & 0xff] ^
-            Td2[(t3 >>  8) & 0xff] ^
-            Td3[(t2      ) & 0xff] ^
-            rk[1];
-        s2 =
-            Td0[(t2 >> 24)       ] ^
-            Td1[(t1 >> 16) & 0xff] ^
-            Td2[(t0 >>  8) & 0xff] ^
-            Td3[(t3      ) & 0xff] ^
-            rk[2];
-        s3 =
-            Td0[(t3 >> 24)       ] ^
-            Td1[(t2 >> 16) & 0xff] ^
-            Td2[(t1 >>  8) & 0xff] ^
-            Td3[(t0      ) & 0xff] ^
-            rk[3];
-    }
-#endif /* ?FULL_UNROLL */
-    /*
-     * apply last round and
-     * map cipher state to byte array block:
-     */
-    s0 =
-        ((u32)Td4[(t0 >> 24)       ] << 24) ^
-        ((u32)Td4[(t3 >> 16) & 0xff] << 16) ^
-        ((u32)Td4[(t2 >>  8) & 0xff] <<  8) ^
-        ((u32)Td4[(t1      ) & 0xff])       ^
-        rk[0];
-    PUTU32(out     , s0);
-    s1 =
-        ((u32)Td4[(t1 >> 24)       ] << 24) ^
-        ((u32)Td4[(t0 >> 16) & 0xff] << 16) ^
-        ((u32)Td4[(t3 >>  8) & 0xff] <<  8) ^
-        ((u32)Td4[(t2      ) & 0xff])       ^
-        rk[1];
-    PUTU32(out +  4, s1);
-    s2 =
-        ((u32)Td4[(t2 >> 24)       ] << 24) ^
-        ((u32)Td4[(t1 >> 16) & 0xff] << 16) ^
-        ((u32)Td4[(t0 >>  8) & 0xff] <<  8) ^
-        ((u32)Td4[(t3      ) & 0xff])       ^
-        rk[2];
-    PUTU32(out +  8, s2);
-    s3 =
-        ((u32)Td4[(t3 >> 24)       ] << 24) ^
-        ((u32)Td4[(t2 >> 16) & 0xff] << 16) ^
-        ((u32)Td4[(t1 >>  8) & 0xff] <<  8) ^
-        ((u32)Td4[(t0      ) & 0xff])       ^
-        rk[3];
-    PUTU32(out + 12, s3);
-}
-
-#else /* AES_ASM */
-
-static const u8 Te4[256] = {
-    0x63U, 0x7cU, 0x77U, 0x7bU, 0xf2U, 0x6bU, 0x6fU, 0xc5U,
-    0x30U, 0x01U, 0x67U, 0x2bU, 0xfeU, 0xd7U, 0xabU, 0x76U,
-    0xcaU, 0x82U, 0xc9U, 0x7dU, 0xfaU, 0x59U, 0x47U, 0xf0U,
-    0xadU, 0xd4U, 0xa2U, 0xafU, 0x9cU, 0xa4U, 0x72U, 0xc0U,
-    0xb7U, 0xfdU, 0x93U, 0x26U, 0x36U, 0x3fU, 0xf7U, 0xccU,
-    0x34U, 0xa5U, 0xe5U, 0xf1U, 0x71U, 0xd8U, 0x31U, 0x15U,
-    0x04U, 0xc7U, 0x23U, 0xc3U, 0x18U, 0x96U, 0x05U, 0x9aU,
-    0x07U, 0x12U, 0x80U, 0xe2U, 0xebU, 0x27U, 0xb2U, 0x75U,
-    0x09U, 0x83U, 0x2cU, 0x1aU, 0x1bU, 0x6eU, 0x5aU, 0xa0U,
-    0x52U, 0x3bU, 0xd6U, 0xb3U, 0x29U, 0xe3U, 0x2fU, 0x84U,
-    0x53U, 0xd1U, 0x00U, 0xedU, 0x20U, 0xfcU, 0xb1U, 0x5bU,
-    0x6aU, 0xcbU, 0xbeU, 0x39U, 0x4aU, 0x4cU, 0x58U, 0xcfU,
-    0xd0U, 0xefU, 0xaaU, 0xfbU, 0x43U, 0x4dU, 0x33U, 0x85U,
-    0x45U, 0xf9U, 0x02U, 0x7fU, 0x50U, 0x3cU, 0x9fU, 0xa8U,
-    0x51U, 0xa3U, 0x40U, 0x8fU, 0x92U, 0x9dU, 0x38U, 0xf5U,
-    0xbcU, 0xb6U, 0xdaU, 0x21U, 0x10U, 0xffU, 0xf3U, 0xd2U,
-    0xcdU, 0x0cU, 0x13U, 0xecU, 0x5fU, 0x97U, 0x44U, 0x17U,
-    0xc4U, 0xa7U, 0x7eU, 0x3dU, 0x64U, 0x5dU, 0x19U, 0x73U,
-    0x60U, 0x81U, 0x4fU, 0xdcU, 0x22U, 0x2aU, 0x90U, 0x88U,
-    0x46U, 0xeeU, 0xb8U, 0x14U, 0xdeU, 0x5eU, 0x0bU, 0xdbU,
-    0xe0U, 0x32U, 0x3aU, 0x0aU, 0x49U, 0x06U, 0x24U, 0x5cU,
-    0xc2U, 0xd3U, 0xacU, 0x62U, 0x91U, 0x95U, 0xe4U, 0x79U,
-    0xe7U, 0xc8U, 0x37U, 0x6dU, 0x8dU, 0xd5U, 0x4eU, 0xa9U,
-    0x6cU, 0x56U, 0xf4U, 0xeaU, 0x65U, 0x7aU, 0xaeU, 0x08U,
-    0xbaU, 0x78U, 0x25U, 0x2eU, 0x1cU, 0xa6U, 0xb4U, 0xc6U,
-    0xe8U, 0xddU, 0x74U, 0x1fU, 0x4bU, 0xbdU, 0x8bU, 0x8aU,
-    0x70U, 0x3eU, 0xb5U, 0x66U, 0x48U, 0x03U, 0xf6U, 0x0eU,
-    0x61U, 0x35U, 0x57U, 0xb9U, 0x86U, 0xc1U, 0x1dU, 0x9eU,
-    0xe1U, 0xf8U, 0x98U, 0x11U, 0x69U, 0xd9U, 0x8eU, 0x94U,
-    0x9bU, 0x1eU, 0x87U, 0xe9U, 0xceU, 0x55U, 0x28U, 0xdfU,
-    0x8cU, 0xa1U, 0x89U, 0x0dU, 0xbfU, 0xe6U, 0x42U, 0x68U,
-    0x41U, 0x99U, 0x2dU, 0x0fU, 0xb0U, 0x54U, 0xbbU, 0x16U
-};
-static const u32 rcon[] = {
-    0x01000000, 0x02000000, 0x04000000, 0x08000000,
-    0x10000000, 0x20000000, 0x40000000, 0x80000000,
-    0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
-};
-
-/**
- * Expand the cipher key into the encryption key schedule.
- */
-int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-                                AES_KEY *key)
-{
-    u32 *rk;
-   	int i = 0;
-    u32 temp;
-
-    if (!userKey || !key)
-        return -1;
-    if (bits != 128 && bits != 192 && bits != 256)
-        return -2;
-
-    rk = key->rd_key;
-
-    if (bits==128)
-        key->rounds = 10;
-    else if (bits==192)
-        key->rounds = 12;
-    else
-        key->rounds = 14;
-
-    rk[0] = GETU32(userKey     );
-    rk[1] = GETU32(userKey +  4);
-    rk[2] = GETU32(userKey +  8);
-    rk[3] = GETU32(userKey + 12);
-    if (bits == 128) {
-        while (1) {
-            temp  = rk[3];
-            rk[4] = rk[0] ^
-                ((u32)Te4[(temp >> 16) & 0xff] << 24) ^
-                ((u32)Te4[(temp >>  8) & 0xff] << 16) ^
-                ((u32)Te4[(temp      ) & 0xff] << 8) ^
-                ((u32)Te4[(temp >> 24)       ]) ^
-                rcon[i];
-            rk[5] = rk[1] ^ rk[4];
-            rk[6] = rk[2] ^ rk[5];
-            rk[7] = rk[3] ^ rk[6];
-            if (++i == 10) {
-                return 0;
-            }
-            rk += 4;
-        }
-    }
-    rk[4] = GETU32(userKey + 16);
-    rk[5] = GETU32(userKey + 20);
-    if (bits == 192) {
-        while (1) {
-            temp = rk[ 5];
-            rk[ 6] = rk[ 0] ^
-                ((u32)Te4[(temp >> 16) & 0xff] << 24) ^
-                ((u32)Te4[(temp >>  8) & 0xff] << 16) ^
-                ((u32)Te4[(temp      ) & 0xff] << 8) ^
-                ((u32)Te4[(temp >> 24)       ]) ^
-                rcon[i];
-            rk[ 7] = rk[ 1] ^ rk[ 6];
-            rk[ 8] = rk[ 2] ^ rk[ 7];
-            rk[ 9] = rk[ 3] ^ rk[ 8];
-            if (++i == 8) {
-                return 0;
-            }
-            rk[10] = rk[ 4] ^ rk[ 9];
-            rk[11] = rk[ 5] ^ rk[10];
-            rk += 6;
-        }
-    }
-    rk[6] = GETU32(userKey + 24);
-    rk[7] = GETU32(userKey + 28);
-    if (bits == 256) {
-        while (1) {
-            temp = rk[ 7];
-            rk[ 8] = rk[ 0] ^
-                ((u32)Te4[(temp >> 16) & 0xff] << 24) ^
-                ((u32)Te4[(temp >>  8) & 0xff] << 16) ^
-                ((u32)Te4[(temp      ) & 0xff] << 8) ^
-                ((u32)Te4[(temp >> 24)       ]) ^
-                rcon[i];
-            rk[ 9] = rk[ 1] ^ rk[ 8];
-            rk[10] = rk[ 2] ^ rk[ 9];
-            rk[11] = rk[ 3] ^ rk[10];
-            if (++i == 7) {
-                return 0;
-            }
-            temp = rk[11];
-            rk[12] = rk[ 4] ^
-                ((u32)Te4[(temp >> 24)       ] << 24) ^
-                ((u32)Te4[(temp >> 16) & 0xff] << 16) ^
-                ((u32)Te4[(temp >>  8) & 0xff] << 8) ^
-                ((u32)Te4[(temp      ) & 0xff]);
-            rk[13] = rk[ 5] ^ rk[12];
-            rk[14] = rk[ 6] ^ rk[13];
-            rk[15] = rk[ 7] ^ rk[14];
-
-            rk += 8;
-        }
-    }
-    return 0;
-}
-
-/**
- * Expand the cipher key into the decryption key schedule.
- */
-int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-                                AES_KEY *key)
-{
-
-    u32 *rk;
-    int i, j, status;
-    u32 temp;
-
-    /* first, start with an encryption schedule */
-    status = private_AES_set_encrypt_key(userKey, bits, key);
-    if (status < 0)
-        return status;
-
-    rk = key->rd_key;
-
-    /* invert the order of the round keys: */
-    for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
-        temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
-        temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
-        temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
-        temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
-    }
-    /* apply the inverse MixColumn transform to all round keys but the first and the last: */
-    for (i = 1; i < (key->rounds); i++) {
-        rk += 4;
-        for (j = 0; j < 4; j++) {
-            u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m;
-
-            tp1 = rk[j];
-            m = tp1 & 0x80808080;
-            tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^
-                ((m - (m >> 7)) & 0x1b1b1b1b);
-            m = tp2 & 0x80808080;
-            tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^
-                ((m - (m >> 7)) & 0x1b1b1b1b);
-            m = tp4 & 0x80808080;
-            tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^
-                ((m - (m >> 7)) & 0x1b1b1b1b);
-            tp9 = tp8 ^ tp1;
-            tpb = tp9 ^ tp2;
-            tpd = tp9 ^ tp4;
-            tpe = tp8 ^ tp4 ^ tp2;
-#if defined(ROTATE)
-            rk[j] = tpe ^ ROTATE(tpd,16) ^
-                ROTATE(tp9,24) ^ ROTATE(tpb,8);
-#else
-            rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ 
-                (tp9 >> 8) ^ (tp9 << 24) ^
-                (tpb >> 24) ^ (tpb << 8);
-#endif
-        }
-    }
-    return 0;
-}
-
-#endif /* AES_ASM */

Copied: vendor-crypto/openssl/1.0.1u/crypto/aes/aes_core.c (from rev 11605, vendor-crypto/openssl/dist/crypto/aes/aes_core.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/aes/aes_core.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/aes/aes_core.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,1363 @@
+/* crypto/aes/aes_core.c */
+/**
+ * rijndael-alg-fst.c
+ *
+ * @version 3.0 (December 2000)
+ *
+ * Optimised ANSI C code for the Rijndael cipher (now AES)
+ *
+ * @author Vincent Rijmen <vincent.rijmen at esat.kuleuven.ac.be>
+ * @author Antoon Bosselaers <antoon.bosselaers at esat.kuleuven.ac.be>
+ * @author Paulo Barreto <paulo.barreto at terra.com.br>
+ *
+ * This code is hereby placed in the public domain.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* Note: rewritten a little bit to provide error control and an OpenSSL-
+   compatible API */
+
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <stdlib.h>
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+#ifndef AES_ASM
+/*-
+Te0[x] = S [x].[02, 01, 01, 03];
+Te1[x] = S [x].[03, 02, 01, 01];
+Te2[x] = S [x].[01, 03, 02, 01];
+Te3[x] = S [x].[01, 01, 03, 02];
+
+Td0[x] = Si[x].[0e, 09, 0d, 0b];
+Td1[x] = Si[x].[0b, 0e, 09, 0d];
+Td2[x] = Si[x].[0d, 0b, 0e, 09];
+Td3[x] = Si[x].[09, 0d, 0b, 0e];
+Td4[x] = Si[x].[01];
+*/
+
+static const u32 Te0[256] = {
+    0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
+    0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
+    0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
+    0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
+    0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
+    0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
+    0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
+    0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
+    0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
+    0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
+    0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
+    0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
+    0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
+    0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
+    0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
+    0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
+    0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
+    0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
+    0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
+    0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
+    0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
+    0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
+    0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
+    0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
+    0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
+    0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
+    0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
+    0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
+    0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
+    0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
+    0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
+    0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
+    0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
+    0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
+    0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
+    0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
+    0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
+    0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
+    0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
+    0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
+    0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
+    0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
+    0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
+    0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
+    0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
+    0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
+    0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
+    0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
+    0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
+    0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
+    0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
+    0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
+    0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
+    0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
+    0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
+    0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
+    0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
+    0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
+    0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
+    0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
+    0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
+    0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
+    0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
+    0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
+};
+static const u32 Te1[256] = {
+    0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
+    0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
+    0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
+    0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
+    0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
+    0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
+    0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
+    0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
+    0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
+    0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
+    0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
+    0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
+    0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
+    0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
+    0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
+    0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
+    0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
+    0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
+    0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
+    0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
+    0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
+    0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
+    0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
+    0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
+    0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
+    0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
+    0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
+    0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
+    0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
+    0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
+    0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
+    0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
+    0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
+    0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
+    0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
+    0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
+    0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
+    0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
+    0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
+    0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
+    0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
+    0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
+    0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
+    0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
+    0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
+    0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
+    0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
+    0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
+    0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
+    0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
+    0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
+    0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
+    0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
+    0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
+    0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
+    0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
+    0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
+    0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
+    0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
+    0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
+    0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
+    0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
+    0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
+    0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,
+};
+static const u32 Te2[256] = {
+    0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
+    0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
+    0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
+    0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
+    0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
+    0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
+    0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
+    0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
+    0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
+    0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
+    0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
+    0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
+    0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
+    0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
+    0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
+    0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
+    0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
+    0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
+    0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
+    0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
+    0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
+    0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
+    0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
+    0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
+    0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
+    0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
+    0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
+    0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
+    0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
+    0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
+    0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
+    0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
+    0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
+    0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
+    0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
+    0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
+    0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
+    0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
+    0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
+    0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
+    0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
+    0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
+    0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
+    0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
+    0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
+    0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
+    0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
+    0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
+    0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
+    0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
+    0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
+    0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
+    0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
+    0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
+    0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
+    0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
+    0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
+    0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
+    0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
+    0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
+    0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
+    0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
+    0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
+    0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
+};
+static const u32 Te3[256] = {
+    0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
+    0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
+    0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
+    0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
+    0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
+    0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
+    0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
+    0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
+    0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
+    0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
+    0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
+    0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
+    0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
+    0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
+    0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
+    0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
+    0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
+    0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
+    0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
+    0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
+    0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
+    0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
+    0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
+    0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
+    0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
+    0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
+    0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
+    0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
+    0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
+    0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
+    0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
+    0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
+    0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
+    0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
+    0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
+    0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
+    0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
+    0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
+    0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
+    0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
+    0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
+    0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
+    0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
+    0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
+    0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
+    0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
+    0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
+    0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
+    0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
+    0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
+    0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
+    0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
+    0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
+    0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
+    0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
+    0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
+    0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
+    0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
+    0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
+    0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
+    0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
+    0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
+    0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
+    0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
+};
+
+static const u32 Td0[256] = {
+    0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
+    0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
+    0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
+    0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
+    0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
+    0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
+    0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
+    0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
+    0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
+    0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
+    0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
+    0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
+    0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
+    0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
+    0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
+    0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
+    0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
+    0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
+    0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
+    0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
+    0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
+    0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
+    0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
+    0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
+    0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
+    0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
+    0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
+    0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
+    0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
+    0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
+    0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
+    0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
+    0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
+    0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
+    0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
+    0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
+    0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
+    0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
+    0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
+    0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
+    0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
+    0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
+    0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
+    0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
+    0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
+    0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
+    0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
+    0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
+    0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
+    0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
+    0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
+    0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
+    0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
+    0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
+    0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
+    0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
+    0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
+    0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
+    0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
+    0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
+    0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
+    0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
+    0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
+    0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
+};
+static const u32 Td1[256] = {
+    0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
+    0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
+    0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
+    0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
+    0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
+    0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
+    0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
+    0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
+    0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
+    0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
+    0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
+    0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
+    0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
+    0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
+    0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
+    0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
+    0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
+    0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
+    0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
+    0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
+    0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
+    0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
+    0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
+    0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
+    0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
+    0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
+    0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
+    0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
+    0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
+    0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
+    0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
+    0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
+    0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
+    0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
+    0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
+    0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
+    0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
+    0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
+    0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
+    0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
+    0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
+    0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
+    0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
+    0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
+    0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
+    0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
+    0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
+    0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
+    0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
+    0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
+    0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
+    0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
+    0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
+    0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
+    0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
+    0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
+    0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
+    0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
+    0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
+    0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
+    0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
+    0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
+    0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
+    0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U,
+};
+static const u32 Td2[256] = {
+    0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
+    0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
+    0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
+    0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
+    0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
+    0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
+    0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
+    0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
+    0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
+    0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
+    0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
+    0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
+    0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
+    0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
+    0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
+    0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
+    0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
+    0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
+    0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
+    0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
+    0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
+    0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
+    0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
+    0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
+    0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
+    0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
+    0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
+    0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
+    0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
+    0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
+    0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
+    0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
+    0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
+    0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
+    0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
+    0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
+    0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
+    0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
+    0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
+    0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
+    0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
+    0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
+    0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
+    0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
+    0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
+    0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
+    0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
+    0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
+    0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
+    0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
+    0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
+    0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
+    0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
+    0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
+    0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
+    0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
+    0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
+    0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
+    0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
+    0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
+    0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
+    0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
+    0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
+    0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U,
+};
+static const u32 Td3[256] = {
+    0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
+    0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
+    0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
+    0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
+    0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
+    0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
+    0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
+    0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
+    0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
+    0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
+    0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
+    0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
+    0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
+    0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
+    0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
+    0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
+    0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
+    0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
+    0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
+    0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
+    0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
+    0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
+    0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
+    0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
+    0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
+    0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
+    0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
+    0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
+    0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
+    0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
+    0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
+    0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
+    0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
+    0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
+    0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
+    0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
+    0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
+    0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
+    0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
+    0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
+    0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
+    0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
+    0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
+    0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
+    0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
+    0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
+    0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
+    0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
+    0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
+    0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
+    0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
+    0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
+    0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
+    0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
+    0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
+    0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
+    0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
+    0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
+    0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
+    0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
+    0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
+    0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
+    0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
+    0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
+};
+static const u8 Td4[256] = {
+    0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
+    0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
+    0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U,
+    0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU,
+    0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU,
+    0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU,
+    0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U,
+    0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U,
+    0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U,
+    0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U,
+    0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU,
+    0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U,
+    0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU,
+    0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U,
+    0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U,
+    0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU,
+    0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU,
+    0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U,
+    0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U,
+    0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU,
+    0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U,
+    0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU,
+    0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U,
+    0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U,
+    0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U,
+    0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU,
+    0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU,
+    0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU,
+    0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U,
+    0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U,
+    0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U,
+    0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU,
+};
+static const u32 rcon[] = {
+    0x01000000, 0x02000000, 0x04000000, 0x08000000,
+    0x10000000, 0x20000000, 0x40000000, 0x80000000,
+    0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
+};
+
+/**
+ * Expand the cipher key into the encryption key schedule.
+ */
+int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                                AES_KEY *key)
+{
+
+    u32 *rk;
+    int i = 0;
+    u32 temp;
+
+    if (!userKey || !key)
+        return -1;
+    if (bits != 128 && bits != 192 && bits != 256)
+        return -2;
+
+    rk = key->rd_key;
+
+    if (bits==128)
+        key->rounds = 10;
+    else if (bits==192)
+        key->rounds = 12;
+    else
+        key->rounds = 14;
+
+    rk[0] = GETU32(userKey     );
+    rk[1] = GETU32(userKey +  4);
+    rk[2] = GETU32(userKey +  8);
+    rk[3] = GETU32(userKey + 12);
+    if (bits == 128) {
+        while (1) {
+            temp  = rk[3];
+            rk[4] = rk[0] ^
+                (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+                (Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                (Te0[(temp      ) & 0xff] & 0x0000ff00) ^
+                (Te1[(temp >> 24)       ] & 0x000000ff) ^
+                rcon[i];
+            rk[5] = rk[1] ^ rk[4];
+            rk[6] = rk[2] ^ rk[5];
+            rk[7] = rk[3] ^ rk[6];
+            if (++i == 10) {
+                return 0;
+            }
+            rk += 4;
+        }
+    }
+    rk[4] = GETU32(userKey + 16);
+    rk[5] = GETU32(userKey + 20);
+    if (bits == 192) {
+        while (1) {
+            temp = rk[ 5];
+            rk[ 6] = rk[ 0] ^
+                (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+                (Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                (Te0[(temp      ) & 0xff] & 0x0000ff00) ^
+                (Te1[(temp >> 24)       ] & 0x000000ff) ^
+                rcon[i];
+            rk[ 7] = rk[ 1] ^ rk[ 6];
+            rk[ 8] = rk[ 2] ^ rk[ 7];
+            rk[ 9] = rk[ 3] ^ rk[ 8];
+            if (++i == 8) {
+                return 0;
+            }
+            rk[10] = rk[ 4] ^ rk[ 9];
+            rk[11] = rk[ 5] ^ rk[10];
+            rk += 6;
+        }
+    }
+    rk[6] = GETU32(userKey + 24);
+    rk[7] = GETU32(userKey + 28);
+    if (bits == 256) {
+        while (1) {
+            temp = rk[ 7];
+            rk[ 8] = rk[ 0] ^
+                (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+                (Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                (Te0[(temp      ) & 0xff] & 0x0000ff00) ^
+                (Te1[(temp >> 24)       ] & 0x000000ff) ^
+                rcon[i];
+            rk[ 9] = rk[ 1] ^ rk[ 8];
+            rk[10] = rk[ 2] ^ rk[ 9];
+            rk[11] = rk[ 3] ^ rk[10];
+            if (++i == 7) {
+                return 0;
+            }
+            temp = rk[11];
+            rk[12] = rk[ 4] ^
+                (Te2[(temp >> 24)       ] & 0xff000000) ^
+                (Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^
+                (Te0[(temp >>  8) & 0xff] & 0x0000ff00) ^
+                (Te1[(temp      ) & 0xff] & 0x000000ff);
+            rk[13] = rk[ 5] ^ rk[12];
+            rk[14] = rk[ 6] ^ rk[13];
+            rk[15] = rk[ 7] ^ rk[14];
+
+            rk += 8;
+            }
+    }
+    return 0;
+}
+
+/**
+ * Expand the cipher key into the decryption key schedule.
+ */
+int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+                                AES_KEY *key)
+{
+
+    u32 *rk;
+    int i, j, status;
+    u32 temp;
+
+    /* first, start with an encryption schedule */
+    status = private_AES_set_encrypt_key(userKey, bits, key);
+    if (status < 0)
+        return status;
+
+    rk = key->rd_key;
+
+    /* invert the order of the round keys: */
+    for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
+        temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
+        temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
+        temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
+        temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
+    }
+    /* apply the inverse MixColumn transform to all round keys but the first and the last: */
+    for (i = 1; i < (key->rounds); i++) {
+        rk += 4;
+        rk[0] =
+            Td0[Te1[(rk[0] >> 24)       ] & 0xff] ^
+            Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^
+            Td2[Te1[(rk[0] >>  8) & 0xff] & 0xff] ^
+            Td3[Te1[(rk[0]      ) & 0xff] & 0xff];
+        rk[1] =
+            Td0[Te1[(rk[1] >> 24)       ] & 0xff] ^
+            Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^
+            Td2[Te1[(rk[1] >>  8) & 0xff] & 0xff] ^
+            Td3[Te1[(rk[1]      ) & 0xff] & 0xff];
+        rk[2] =
+            Td0[Te1[(rk[2] >> 24)       ] & 0xff] ^
+            Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^
+            Td2[Te1[(rk[2] >>  8) & 0xff] & 0xff] ^
+            Td3[Te1[(rk[2]      ) & 0xff] & 0xff];
+        rk[3] =
+            Td0[Te1[(rk[3] >> 24)       ] & 0xff] ^
+            Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^
+            Td2[Te1[(rk[3] >>  8) & 0xff] & 0xff] ^
+            Td3[Te1[(rk[3]      ) & 0xff] & 0xff];
+    }
+    return 0;
+}
+
+/*
+ * Encrypt a single block
+ * in and out can overlap
+ */
+void AES_encrypt(const unsigned char *in, unsigned char *out,
+                 const AES_KEY *key) {
+
+    const u32 *rk;
+    u32 s0, s1, s2, s3, t0, t1, t2, t3;
+#ifndef FULL_UNROLL
+    int r;
+#endif /* ?FULL_UNROLL */
+
+    assert(in && out && key);
+    rk = key->rd_key;
+
+    /*
+     * map byte array block to cipher state
+     * and add initial round key:
+     */
+    s0 = GETU32(in     ) ^ rk[0];
+    s1 = GETU32(in +  4) ^ rk[1];
+    s2 = GETU32(in +  8) ^ rk[2];
+    s3 = GETU32(in + 12) ^ rk[3];
+#ifdef FULL_UNROLL
+    /* round 1: */
+    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];
+    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5];
+    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6];
+    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];
+    /* round 2: */
+    s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8];
+    s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9];
+    s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10];
+    s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11];
+    /* round 3: */
+    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12];
+    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13];
+    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14];
+    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15];
+    /* round 4: */
+    s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16];
+    s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17];
+    s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18];
+    s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19];
+    /* round 5: */
+    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20];
+    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21];
+    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22];
+    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23];
+    /* round 6: */
+    s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24];
+    s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25];
+    s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26];
+    s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27];
+    /* round 7: */
+    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28];
+    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29];
+    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30];
+    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31];
+    /* round 8: */
+    s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32];
+    s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33];
+    s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34];
+    s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35];
+    /* round 9: */
+    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36];
+    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37];
+    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
+    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
+    if (key->rounds > 10) {
+        /* round 10: */
+        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
+        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41];
+        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42];
+        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43];
+        /* round 11: */
+        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44];
+        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45];
+        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46];
+        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47];
+        if (key->rounds > 12) {
+            /* round 12: */
+            s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48];
+            s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49];
+            s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50];
+            s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51];
+            /* round 13: */
+            t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52];
+            t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53];
+            t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54];
+            t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55];
+        }
+    }
+    rk += key->rounds << 2;
+#else  /* !FULL_UNROLL */
+    /*
+     * Nr - 1 full rounds:
+     */
+    r = key->rounds >> 1;
+    for (;;) {
+        t0 =
+            Te0[(s0 >> 24)       ] ^
+            Te1[(s1 >> 16) & 0xff] ^
+            Te2[(s2 >>  8) & 0xff] ^
+            Te3[(s3      ) & 0xff] ^
+            rk[4];
+        t1 =
+            Te0[(s1 >> 24)       ] ^
+            Te1[(s2 >> 16) & 0xff] ^
+            Te2[(s3 >>  8) & 0xff] ^
+            Te3[(s0      ) & 0xff] ^
+            rk[5];
+        t2 =
+            Te0[(s2 >> 24)       ] ^
+            Te1[(s3 >> 16) & 0xff] ^
+            Te2[(s0 >>  8) & 0xff] ^
+            Te3[(s1      ) & 0xff] ^
+            rk[6];
+        t3 =
+            Te0[(s3 >> 24)       ] ^
+            Te1[(s0 >> 16) & 0xff] ^
+            Te2[(s1 >>  8) & 0xff] ^
+            Te3[(s2      ) & 0xff] ^
+            rk[7];
+
+        rk += 8;
+        if (--r == 0) {
+            break;
+        }
+
+        s0 =
+            Te0[(t0 >> 24)       ] ^
+            Te1[(t1 >> 16) & 0xff] ^
+            Te2[(t2 >>  8) & 0xff] ^
+            Te3[(t3      ) & 0xff] ^
+            rk[0];
+        s1 =
+            Te0[(t1 >> 24)       ] ^
+            Te1[(t2 >> 16) & 0xff] ^
+            Te2[(t3 >>  8) & 0xff] ^
+            Te3[(t0      ) & 0xff] ^
+            rk[1];
+        s2 =
+            Te0[(t2 >> 24)       ] ^
+            Te1[(t3 >> 16) & 0xff] ^
+            Te2[(t0 >>  8) & 0xff] ^
+            Te3[(t1      ) & 0xff] ^
+            rk[2];
+        s3 =
+            Te0[(t3 >> 24)       ] ^
+            Te1[(t0 >> 16) & 0xff] ^
+            Te2[(t1 >>  8) & 0xff] ^
+            Te3[(t2      ) & 0xff] ^
+            rk[3];
+    }
+#endif /* ?FULL_UNROLL */
+    /*
+     * apply last round and
+     * map cipher state to byte array block:
+     */
+    s0 =
+        (Te2[(t0 >> 24)       ] & 0xff000000) ^
+        (Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^
+        (Te0[(t2 >>  8) & 0xff] & 0x0000ff00) ^
+        (Te1[(t3      ) & 0xff] & 0x000000ff) ^
+        rk[0];
+    PUTU32(out     , s0);
+    s1 =
+        (Te2[(t1 >> 24)       ] & 0xff000000) ^
+        (Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^
+        (Te0[(t3 >>  8) & 0xff] & 0x0000ff00) ^
+        (Te1[(t0      ) & 0xff] & 0x000000ff) ^
+        rk[1];
+    PUTU32(out +  4, s1);
+    s2 =
+        (Te2[(t2 >> 24)       ] & 0xff000000) ^
+        (Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^
+        (Te0[(t0 >>  8) & 0xff] & 0x0000ff00) ^
+        (Te1[(t1      ) & 0xff] & 0x000000ff) ^
+        rk[2];
+    PUTU32(out +  8, s2);
+    s3 =
+        (Te2[(t3 >> 24)       ] & 0xff000000) ^
+        (Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^
+        (Te0[(t1 >>  8) & 0xff] & 0x0000ff00) ^
+        (Te1[(t2      ) & 0xff] & 0x000000ff) ^
+        rk[3];
+    PUTU32(out + 12, s3);
+}
+
+/*
+ * Decrypt a single block
+ * in and out can overlap
+ */
+void AES_decrypt(const unsigned char *in, unsigned char *out,
+                 const AES_KEY *key)
+{
+
+    const u32 *rk;
+    u32 s0, s1, s2, s3, t0, t1, t2, t3;
+#ifndef FULL_UNROLL
+    int r;
+#endif /* ?FULL_UNROLL */
+
+    assert(in && out && key);
+    rk = key->rd_key;
+
+    /*
+     * map byte array block to cipher state
+     * and add initial round key:
+     */
+    s0 = GETU32(in     ) ^ rk[0];
+    s1 = GETU32(in +  4) ^ rk[1];
+    s2 = GETU32(in +  8) ^ rk[2];
+    s3 = GETU32(in + 12) ^ rk[3];
+#ifdef FULL_UNROLL
+    /* round 1: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7];
+    /* round 2: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11];
+    /* round 3: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15];
+    /* round 4: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19];
+    /* round 5: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23];
+    /* round 6: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27];
+    /* round 7: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31];
+    /* round 8: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35];
+    /* round 9: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39];
+    if (key->rounds > 10) {
+        /* round 10: */
+        s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40];
+        s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41];
+        s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42];
+        s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43];
+        /* round 11: */
+        t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44];
+        t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45];
+        t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46];
+        t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47];
+        if (key->rounds > 12) {
+            /* round 12: */
+            s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48];
+            s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49];
+            s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50];
+            s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51];
+            /* round 13: */
+            t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52];
+            t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53];
+            t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54];
+            t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];
+        }
+    }
+    rk += key->rounds << 2;
+#else  /* !FULL_UNROLL */
+    /*
+     * Nr - 1 full rounds:
+     */
+    r = key->rounds >> 1;
+    for (;;) {
+        t0 =
+            Td0[(s0 >> 24)       ] ^
+            Td1[(s3 >> 16) & 0xff] ^
+            Td2[(s2 >>  8) & 0xff] ^
+            Td3[(s1      ) & 0xff] ^
+            rk[4];
+        t1 =
+            Td0[(s1 >> 24)       ] ^
+            Td1[(s0 >> 16) & 0xff] ^
+            Td2[(s3 >>  8) & 0xff] ^
+            Td3[(s2      ) & 0xff] ^
+            rk[5];
+        t2 =
+            Td0[(s2 >> 24)       ] ^
+            Td1[(s1 >> 16) & 0xff] ^
+            Td2[(s0 >>  8) & 0xff] ^
+            Td3[(s3      ) & 0xff] ^
+            rk[6];
+        t3 =
+            Td0[(s3 >> 24)       ] ^
+            Td1[(s2 >> 16) & 0xff] ^
+            Td2[(s1 >>  8) & 0xff] ^
+            Td3[(s0      ) & 0xff] ^
+            rk[7];
+
+        rk += 8;
+        if (--r == 0) {
+            break;
+        }
+
+        s0 =
+            Td0[(t0 >> 24)       ] ^
+            Td1[(t3 >> 16) & 0xff] ^
+            Td2[(t2 >>  8) & 0xff] ^
+            Td3[(t1      ) & 0xff] ^
+            rk[0];
+        s1 =
+            Td0[(t1 >> 24)       ] ^
+            Td1[(t0 >> 16) & 0xff] ^
+            Td2[(t3 >>  8) & 0xff] ^
+            Td3[(t2      ) & 0xff] ^
+            rk[1];
+        s2 =
+            Td0[(t2 >> 24)       ] ^
+            Td1[(t1 >> 16) & 0xff] ^
+            Td2[(t0 >>  8) & 0xff] ^
+            Td3[(t3      ) & 0xff] ^
+            rk[2];
+        s3 =
+            Td0[(t3 >> 24)       ] ^
+            Td1[(t2 >> 16) & 0xff] ^
+            Td2[(t1 >>  8) & 0xff] ^
+            Td3[(t0      ) & 0xff] ^
+            rk[3];
+    }
+#endif /* ?FULL_UNROLL */
+    /*
+     * apply last round and
+     * map cipher state to byte array block:
+     */
+    s0 =
+        ((u32)Td4[(t0 >> 24)       ] << 24) ^
+        ((u32)Td4[(t3 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(t2 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(t1      ) & 0xff])       ^
+        rk[0];
+    PUTU32(out     , s0);
+    s1 =
+        ((u32)Td4[(t1 >> 24)       ] << 24) ^
+        ((u32)Td4[(t0 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(t3 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(t2      ) & 0xff])       ^
+        rk[1];
+    PUTU32(out +  4, s1);
+    s2 =
+        ((u32)Td4[(t2 >> 24)       ] << 24) ^
+        ((u32)Td4[(t1 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(t0 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(t3      ) & 0xff])       ^
+        rk[2];
+    PUTU32(out +  8, s2);
+    s3 =
+        ((u32)Td4[(t3 >> 24)       ] << 24) ^
+        ((u32)Td4[(t2 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(t1 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(t0      ) & 0xff])       ^
+        rk[3];
+    PUTU32(out + 12, s3);
+}
+
+#else /* AES_ASM */
+
+static const u8 Te4[256] = {
+    0x63U, 0x7cU, 0x77U, 0x7bU, 0xf2U, 0x6bU, 0x6fU, 0xc5U,
+    0x30U, 0x01U, 0x67U, 0x2bU, 0xfeU, 0xd7U, 0xabU, 0x76U,
+    0xcaU, 0x82U, 0xc9U, 0x7dU, 0xfaU, 0x59U, 0x47U, 0xf0U,
+    0xadU, 0xd4U, 0xa2U, 0xafU, 0x9cU, 0xa4U, 0x72U, 0xc0U,
+    0xb7U, 0xfdU, 0x93U, 0x26U, 0x36U, 0x3fU, 0xf7U, 0xccU,
+    0x34U, 0xa5U, 0xe5U, 0xf1U, 0x71U, 0xd8U, 0x31U, 0x15U,
+    0x04U, 0xc7U, 0x23U, 0xc3U, 0x18U, 0x96U, 0x05U, 0x9aU,
+    0x07U, 0x12U, 0x80U, 0xe2U, 0xebU, 0x27U, 0xb2U, 0x75U,
+    0x09U, 0x83U, 0x2cU, 0x1aU, 0x1bU, 0x6eU, 0x5aU, 0xa0U,
+    0x52U, 0x3bU, 0xd6U, 0xb3U, 0x29U, 0xe3U, 0x2fU, 0x84U,
+    0x53U, 0xd1U, 0x00U, 0xedU, 0x20U, 0xfcU, 0xb1U, 0x5bU,
+    0x6aU, 0xcbU, 0xbeU, 0x39U, 0x4aU, 0x4cU, 0x58U, 0xcfU,
+    0xd0U, 0xefU, 0xaaU, 0xfbU, 0x43U, 0x4dU, 0x33U, 0x85U,
+    0x45U, 0xf9U, 0x02U, 0x7fU, 0x50U, 0x3cU, 0x9fU, 0xa8U,
+    0x51U, 0xa3U, 0x40U, 0x8fU, 0x92U, 0x9dU, 0x38U, 0xf5U,
+    0xbcU, 0xb6U, 0xdaU, 0x21U, 0x10U, 0xffU, 0xf3U, 0xd2U,
+    0xcdU, 0x0cU, 0x13U, 0xecU, 0x5fU, 0x97U, 0x44U, 0x17U,
+    0xc4U, 0xa7U, 0x7eU, 0x3dU, 0x64U, 0x5dU, 0x19U, 0x73U,
+    0x60U, 0x81U, 0x4fU, 0xdcU, 0x22U, 0x2aU, 0x90U, 0x88U,
+    0x46U, 0xeeU, 0xb8U, 0x14U, 0xdeU, 0x5eU, 0x0bU, 0xdbU,
+    0xe0U, 0x32U, 0x3aU, 0x0aU, 0x49U, 0x06U, 0x24U, 0x5cU,
+    0xc2U, 0xd3U, 0xacU, 0x62U, 0x91U, 0x95U, 0xe4U, 0x79U,
+    0xe7U, 0xc8U, 0x37U, 0x6dU, 0x8dU, 0xd5U, 0x4eU, 0xa9U,
+    0x6cU, 0x56U, 0xf4U, 0xeaU, 0x65U, 0x7aU, 0xaeU, 0x08U,
+    0xbaU, 0x78U, 0x25U, 0x2eU, 0x1cU, 0xa6U, 0xb4U, 0xc6U,
+    0xe8U, 0xddU, 0x74U, 0x1fU, 0x4bU, 0xbdU, 0x8bU, 0x8aU,
+    0x70U, 0x3eU, 0xb5U, 0x66U, 0x48U, 0x03U, 0xf6U, 0x0eU,
+    0x61U, 0x35U, 0x57U, 0xb9U, 0x86U, 0xc1U, 0x1dU, 0x9eU,
+    0xe1U, 0xf8U, 0x98U, 0x11U, 0x69U, 0xd9U, 0x8eU, 0x94U,
+    0x9bU, 0x1eU, 0x87U, 0xe9U, 0xceU, 0x55U, 0x28U, 0xdfU,
+    0x8cU, 0xa1U, 0x89U, 0x0dU, 0xbfU, 0xe6U, 0x42U, 0x68U,
+    0x41U, 0x99U, 0x2dU, 0x0fU, 0xb0U, 0x54U, 0xbbU, 0x16U
+};
+static const u32 rcon[] = {
+    0x01000000, 0x02000000, 0x04000000, 0x08000000,
+    0x10000000, 0x20000000, 0x40000000, 0x80000000,
+    0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
+};
+
+/**
+ * Expand the cipher key into the encryption key schedule.
+ */
+int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                                AES_KEY *key)
+{
+    u32 *rk;
+   	int i = 0;
+    u32 temp;
+
+    if (!userKey || !key)
+        return -1;
+    if (bits != 128 && bits != 192 && bits != 256)
+        return -2;
+
+    rk = key->rd_key;
+
+    if (bits==128)
+        key->rounds = 10;
+    else if (bits==192)
+        key->rounds = 12;
+    else
+        key->rounds = 14;
+
+    rk[0] = GETU32(userKey     );
+    rk[1] = GETU32(userKey +  4);
+    rk[2] = GETU32(userKey +  8);
+    rk[3] = GETU32(userKey + 12);
+    if (bits == 128) {
+        while (1) {
+            temp  = rk[3];
+            rk[4] = rk[0] ^
+                ((u32)Te4[(temp >> 16) & 0xff] << 24) ^
+                ((u32)Te4[(temp >>  8) & 0xff] << 16) ^
+                ((u32)Te4[(temp      ) & 0xff] << 8) ^
+                ((u32)Te4[(temp >> 24)       ]) ^
+                rcon[i];
+            rk[5] = rk[1] ^ rk[4];
+            rk[6] = rk[2] ^ rk[5];
+            rk[7] = rk[3] ^ rk[6];
+            if (++i == 10) {
+                return 0;
+            }
+            rk += 4;
+        }
+    }
+    rk[4] = GETU32(userKey + 16);
+    rk[5] = GETU32(userKey + 20);
+    if (bits == 192) {
+        while (1) {
+            temp = rk[ 5];
+            rk[ 6] = rk[ 0] ^
+                ((u32)Te4[(temp >> 16) & 0xff] << 24) ^
+                ((u32)Te4[(temp >>  8) & 0xff] << 16) ^
+                ((u32)Te4[(temp      ) & 0xff] << 8) ^
+                ((u32)Te4[(temp >> 24)       ]) ^
+                rcon[i];
+            rk[ 7] = rk[ 1] ^ rk[ 6];
+            rk[ 8] = rk[ 2] ^ rk[ 7];
+            rk[ 9] = rk[ 3] ^ rk[ 8];
+            if (++i == 8) {
+                return 0;
+            }
+            rk[10] = rk[ 4] ^ rk[ 9];
+            rk[11] = rk[ 5] ^ rk[10];
+            rk += 6;
+        }
+    }
+    rk[6] = GETU32(userKey + 24);
+    rk[7] = GETU32(userKey + 28);
+    if (bits == 256) {
+        while (1) {
+            temp = rk[ 7];
+            rk[ 8] = rk[ 0] ^
+                ((u32)Te4[(temp >> 16) & 0xff] << 24) ^
+                ((u32)Te4[(temp >>  8) & 0xff] << 16) ^
+                ((u32)Te4[(temp      ) & 0xff] << 8) ^
+                ((u32)Te4[(temp >> 24)       ]) ^
+                rcon[i];
+            rk[ 9] = rk[ 1] ^ rk[ 8];
+            rk[10] = rk[ 2] ^ rk[ 9];
+            rk[11] = rk[ 3] ^ rk[10];
+            if (++i == 7) {
+                return 0;
+            }
+            temp = rk[11];
+            rk[12] = rk[ 4] ^
+                ((u32)Te4[(temp >> 24)       ] << 24) ^
+                ((u32)Te4[(temp >> 16) & 0xff] << 16) ^
+                ((u32)Te4[(temp >>  8) & 0xff] << 8) ^
+                ((u32)Te4[(temp      ) & 0xff]);
+            rk[13] = rk[ 5] ^ rk[12];
+            rk[14] = rk[ 6] ^ rk[13];
+            rk[15] = rk[ 7] ^ rk[14];
+
+            rk += 8;
+        }
+    }
+    return 0;
+}
+
+/**
+ * Expand the cipher key into the decryption key schedule.
+ */
+int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+                                AES_KEY *key)
+{
+
+    u32 *rk;
+    int i, j, status;
+    u32 temp;
+
+    /* first, start with an encryption schedule */
+    status = private_AES_set_encrypt_key(userKey, bits, key);
+    if (status < 0)
+        return status;
+
+    rk = key->rd_key;
+
+    /* invert the order of the round keys: */
+    for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
+        temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
+        temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
+        temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
+        temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
+    }
+    /* apply the inverse MixColumn transform to all round keys but the first and the last: */
+    for (i = 1; i < (key->rounds); i++) {
+        rk += 4;
+        for (j = 0; j < 4; j++) {
+            u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m;
+
+            tp1 = rk[j];
+            m = tp1 & 0x80808080;
+            tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            m = tp2 & 0x80808080;
+            tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            m = tp4 & 0x80808080;
+            tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            tp9 = tp8 ^ tp1;
+            tpb = tp9 ^ tp2;
+            tpd = tp9 ^ tp4;
+            tpe = tp8 ^ tp4 ^ tp2;
+#if defined(ROTATE)
+            rk[j] = tpe ^ ROTATE(tpd,16) ^
+                ROTATE(tp9,24) ^ ROTATE(tpb,8);
+#else
+            rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ 
+                (tp9 >> 8) ^ (tp9 << 24) ^
+                (tpb >> 24) ^ (tpb << 8);
+#endif
+        }
+    }
+    return 0;
+}
+
+#endif /* AES_ASM */

Deleted: vendor-crypto/openssl/1.0.1u/crypto/aes/aes_ctr.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_ctr.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/aes/aes_ctr.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,63 +0,0 @@
-/* crypto/aes/aes_ctr.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/aes.h>
-#include <openssl/modes.h>
-
-void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
-                        size_t length, const AES_KEY *key,
-                        unsigned char ivec[AES_BLOCK_SIZE],
-                        unsigned char ecount_buf[AES_BLOCK_SIZE],
-                        unsigned int *num)
-{
-    CRYPTO_ctr128_encrypt(in, out, length, key, ivec, ecount_buf, num,
-                          (block128_f) AES_encrypt);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/aes/aes_ctr.c (from rev 11605, vendor-crypto/openssl/dist/crypto/aes/aes_ctr.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/aes/aes_ctr.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/aes/aes_ctr.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,63 @@
+/* crypto/aes/aes_ctr.c */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <openssl/aes.h>
+#include <openssl/modes.h>
+
+void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t length, const AES_KEY *key,
+                        unsigned char ivec[AES_BLOCK_SIZE],
+                        unsigned char ecount_buf[AES_BLOCK_SIZE],
+                        unsigned int *num)
+{
+    CRYPTO_ctr128_encrypt(in, out, length, key, ivec, ecount_buf, num,
+                          (block128_f) AES_encrypt);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/aes/aes_ecb.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_ecb.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/aes/aes_ecb.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,73 +0,0 @@
-/* crypto/aes/aes_ecb.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#ifndef AES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
-#include <openssl/aes.h>
-#include "aes_locl.h"
-
-void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
-                     const AES_KEY *key, const int enc)
-{
-
-    assert(in && out && key);
-    assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
-
-    if (AES_ENCRYPT == enc)
-        AES_encrypt(in, out, key);
-    else
-        AES_decrypt(in, out, key);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/aes/aes_ecb.c (from rev 11605, vendor-crypto/openssl/dist/crypto/aes/aes_ecb.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/aes/aes_ecb.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/aes/aes_ecb.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,73 @@
+/* crypto/aes/aes_ecb.c */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                     const AES_KEY *key, const int enc)
+{
+
+    assert(in && out && key);
+    assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
+
+    if (AES_ENCRYPT == enc)
+        AES_encrypt(in, out, key);
+    else
+        AES_decrypt(in, out, key);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/aes/aes_ige.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_ige.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/aes/aes_ige.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,323 +0,0 @@
-/* crypto/aes/aes_ige.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include "cryptlib.h"
-
-#include <openssl/aes.h>
-#include "aes_locl.h"
-
-#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long))
-typedef struct {
-    unsigned long data[N_WORDS];
-} aes_block_t;
-
-/* XXX: probably some better way to do this */
-#if defined(__i386__) || defined(__x86_64__)
-# define UNALIGNED_MEMOPS_ARE_FAST 1
-#else
-# define UNALIGNED_MEMOPS_ARE_FAST 0
-#endif
-
-#if UNALIGNED_MEMOPS_ARE_FAST
-# define load_block(d, s)        (d) = *(const aes_block_t *)(s)
-# define store_block(d, s)       *(aes_block_t *)(d) = (s)
-#else
-# define load_block(d, s)        memcpy((d).data, (s), AES_BLOCK_SIZE)
-# define store_block(d, s)       memcpy((d), (s).data, AES_BLOCK_SIZE)
-#endif
-
-/* N.B. The IV for this mode is _twice_ the block size */
-
-void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
-                     size_t length, const AES_KEY *key,
-                     unsigned char *ivec, const int enc)
-{
-    size_t n;
-    size_t len = length;
-
-    OPENSSL_assert(in && out && key && ivec);
-    OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
-    OPENSSL_assert((length % AES_BLOCK_SIZE) == 0);
-
-    len = length / AES_BLOCK_SIZE;
-
-    if (AES_ENCRYPT == enc) {
-        if (in != out &&
-            (UNALIGNED_MEMOPS_ARE_FAST
-             || ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(long) ==
-             0)) {
-            aes_block_t *ivp = (aes_block_t *) ivec;
-            aes_block_t *iv2p = (aes_block_t *) (ivec + AES_BLOCK_SIZE);
-
-            while (len) {
-                aes_block_t *inp = (aes_block_t *) in;
-                aes_block_t *outp = (aes_block_t *) out;
-
-                for (n = 0; n < N_WORDS; ++n)
-                    outp->data[n] = inp->data[n] ^ ivp->data[n];
-                AES_encrypt((unsigned char *)outp->data,
-                            (unsigned char *)outp->data, key);
-                for (n = 0; n < N_WORDS; ++n)
-                    outp->data[n] ^= iv2p->data[n];
-                ivp = outp;
-                iv2p = inp;
-                --len;
-                in += AES_BLOCK_SIZE;
-                out += AES_BLOCK_SIZE;
-            }
-            memcpy(ivec, ivp->data, AES_BLOCK_SIZE);
-            memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
-        } else {
-            aes_block_t tmp, tmp2;
-            aes_block_t iv;
-            aes_block_t iv2;
-
-            load_block(iv, ivec);
-            load_block(iv2, ivec + AES_BLOCK_SIZE);
-
-            while (len) {
-                load_block(tmp, in);
-                for (n = 0; n < N_WORDS; ++n)
-                    tmp2.data[n] = tmp.data[n] ^ iv.data[n];
-                AES_encrypt((unsigned char *)tmp2.data,
-                            (unsigned char *)tmp2.data, key);
-                for (n = 0; n < N_WORDS; ++n)
-                    tmp2.data[n] ^= iv2.data[n];
-                store_block(out, tmp2);
-                iv = tmp2;
-                iv2 = tmp;
-                --len;
-                in += AES_BLOCK_SIZE;
-                out += AES_BLOCK_SIZE;
-            }
-            memcpy(ivec, iv.data, AES_BLOCK_SIZE);
-            memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);
-        }
-    } else {
-        if (in != out &&
-            (UNALIGNED_MEMOPS_ARE_FAST
-             || ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(long) ==
-             0)) {
-            aes_block_t *ivp = (aes_block_t *) ivec;
-            aes_block_t *iv2p = (aes_block_t *) (ivec + AES_BLOCK_SIZE);
-
-            while (len) {
-                aes_block_t tmp;
-                aes_block_t *inp = (aes_block_t *) in;
-                aes_block_t *outp = (aes_block_t *) out;
-
-                for (n = 0; n < N_WORDS; ++n)
-                    tmp.data[n] = inp->data[n] ^ iv2p->data[n];
-                AES_decrypt((unsigned char *)tmp.data,
-                            (unsigned char *)outp->data, key);
-                for (n = 0; n < N_WORDS; ++n)
-                    outp->data[n] ^= ivp->data[n];
-                ivp = inp;
-                iv2p = outp;
-                --len;
-                in += AES_BLOCK_SIZE;
-                out += AES_BLOCK_SIZE;
-            }
-            memcpy(ivec, ivp->data, AES_BLOCK_SIZE);
-            memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
-        } else {
-            aes_block_t tmp, tmp2;
-            aes_block_t iv;
-            aes_block_t iv2;
-
-            load_block(iv, ivec);
-            load_block(iv2, ivec + AES_BLOCK_SIZE);
-
-            while (len) {
-                load_block(tmp, in);
-                tmp2 = tmp;
-                for (n = 0; n < N_WORDS; ++n)
-                    tmp.data[n] ^= iv2.data[n];
-                AES_decrypt((unsigned char *)tmp.data,
-                            (unsigned char *)tmp.data, key);
-                for (n = 0; n < N_WORDS; ++n)
-                    tmp.data[n] ^= iv.data[n];
-                store_block(out, tmp);
-                iv = tmp2;
-                iv2 = tmp;
-                --len;
-                in += AES_BLOCK_SIZE;
-                out += AES_BLOCK_SIZE;
-            }
-            memcpy(ivec, iv.data, AES_BLOCK_SIZE);
-            memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);
-        }
-    }
-}
-
-/*
- * Note that its effectively impossible to do biIGE in anything other
- * than a single pass, so no provision is made for chaining.
- */
-
-/* N.B. The IV for this mode is _four times_ the block size */
-
-void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
-                        size_t length, const AES_KEY *key,
-                        const AES_KEY *key2, const unsigned char *ivec,
-                        const int enc)
-{
-    size_t n;
-    size_t len = length;
-    unsigned char tmp[AES_BLOCK_SIZE];
-    unsigned char tmp2[AES_BLOCK_SIZE];
-    unsigned char tmp3[AES_BLOCK_SIZE];
-    unsigned char prev[AES_BLOCK_SIZE];
-    const unsigned char *iv;
-    const unsigned char *iv2;
-
-    OPENSSL_assert(in && out && key && ivec);
-    OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
-    OPENSSL_assert((length % AES_BLOCK_SIZE) == 0);
-
-    if (AES_ENCRYPT == enc) {
-        /*
-         * XXX: Do a separate case for when in != out (strictly should check
-         * for overlap, too)
-         */
-
-        /* First the forward pass */
-        iv = ivec;
-        iv2 = ivec + AES_BLOCK_SIZE;
-        while (len >= AES_BLOCK_SIZE) {
-            for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                out[n] = in[n] ^ iv[n];
-            AES_encrypt(out, out, key);
-            for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                out[n] ^= iv2[n];
-            iv = out;
-            memcpy(prev, in, AES_BLOCK_SIZE);
-            iv2 = prev;
-            len -= AES_BLOCK_SIZE;
-            in += AES_BLOCK_SIZE;
-            out += AES_BLOCK_SIZE;
-        }
-
-        /* And now backwards */
-        iv = ivec + AES_BLOCK_SIZE * 2;
-        iv2 = ivec + AES_BLOCK_SIZE * 3;
-        len = length;
-        while (len >= AES_BLOCK_SIZE) {
-            out -= AES_BLOCK_SIZE;
-            /*
-             * XXX: reduce copies by alternating between buffers
-             */
-            memcpy(tmp, out, AES_BLOCK_SIZE);
-            for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                out[n] ^= iv[n];
-            /*
-             * hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE);
-             */
-            AES_encrypt(out, out, key);
-            /*
-             * hexdump(stdout,"enc", out, AES_BLOCK_SIZE);
-             */
-            /*
-             * hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE);
-             */
-            for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                out[n] ^= iv2[n];
-            /*
-             * hexdump(stdout,"out", out, AES_BLOCK_SIZE);
-             */
-            iv = out;
-            memcpy(prev, tmp, AES_BLOCK_SIZE);
-            iv2 = prev;
-            len -= AES_BLOCK_SIZE;
-        }
-    } else {
-        /* First backwards */
-        iv = ivec + AES_BLOCK_SIZE * 2;
-        iv2 = ivec + AES_BLOCK_SIZE * 3;
-        in += length;
-        out += length;
-        while (len >= AES_BLOCK_SIZE) {
-            in -= AES_BLOCK_SIZE;
-            out -= AES_BLOCK_SIZE;
-            memcpy(tmp, in, AES_BLOCK_SIZE);
-            memcpy(tmp2, in, AES_BLOCK_SIZE);
-            for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                tmp[n] ^= iv2[n];
-            AES_decrypt(tmp, out, key);
-            for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                out[n] ^= iv[n];
-            memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
-            iv = tmp3;
-            iv2 = out;
-            len -= AES_BLOCK_SIZE;
-        }
-
-        /* And now forwards */
-        iv = ivec;
-        iv2 = ivec + AES_BLOCK_SIZE;
-        len = length;
-        while (len >= AES_BLOCK_SIZE) {
-            memcpy(tmp, out, AES_BLOCK_SIZE);
-            memcpy(tmp2, out, AES_BLOCK_SIZE);
-            for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                tmp[n] ^= iv2[n];
-            AES_decrypt(tmp, out, key);
-            for (n = 0; n < AES_BLOCK_SIZE; ++n)
-                out[n] ^= iv[n];
-            memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
-            iv = tmp3;
-            iv2 = out;
-            len -= AES_BLOCK_SIZE;
-            in += AES_BLOCK_SIZE;
-            out += AES_BLOCK_SIZE;
-        }
-    }
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/aes/aes_ige.c (from rev 11605, vendor-crypto/openssl/dist/crypto/aes/aes_ige.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/aes/aes_ige.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/aes/aes_ige.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,323 @@
+/* crypto/aes/aes_ige.c */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include "cryptlib.h"
+
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long))
+typedef struct {
+    unsigned long data[N_WORDS];
+} aes_block_t;
+
+/* XXX: probably some better way to do this */
+#if defined(__i386__) || defined(__x86_64__)
+# define UNALIGNED_MEMOPS_ARE_FAST 1
+#else
+# define UNALIGNED_MEMOPS_ARE_FAST 0
+#endif
+
+#if UNALIGNED_MEMOPS_ARE_FAST
+# define load_block(d, s)        (d) = *(const aes_block_t *)(s)
+# define store_block(d, s)       *(aes_block_t *)(d) = (s)
+#else
+# define load_block(d, s)        memcpy((d).data, (s), AES_BLOCK_SIZE)
+# define store_block(d, s)       memcpy((d), (s).data, AES_BLOCK_SIZE)
+#endif
+
+/* N.B. The IV for this mode is _twice_ the block size */
+
+void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
+                     size_t length, const AES_KEY *key,
+                     unsigned char *ivec, const int enc)
+{
+    size_t n;
+    size_t len = length;
+
+    OPENSSL_assert(in && out && key && ivec);
+    OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
+    OPENSSL_assert((length % AES_BLOCK_SIZE) == 0);
+
+    len = length / AES_BLOCK_SIZE;
+
+    if (AES_ENCRYPT == enc) {
+        if (in != out &&
+            (UNALIGNED_MEMOPS_ARE_FAST
+             || ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(long) ==
+             0)) {
+            aes_block_t *ivp = (aes_block_t *) ivec;
+            aes_block_t *iv2p = (aes_block_t *) (ivec + AES_BLOCK_SIZE);
+
+            while (len) {
+                aes_block_t *inp = (aes_block_t *) in;
+                aes_block_t *outp = (aes_block_t *) out;
+
+                for (n = 0; n < N_WORDS; ++n)
+                    outp->data[n] = inp->data[n] ^ ivp->data[n];
+                AES_encrypt((unsigned char *)outp->data,
+                            (unsigned char *)outp->data, key);
+                for (n = 0; n < N_WORDS; ++n)
+                    outp->data[n] ^= iv2p->data[n];
+                ivp = outp;
+                iv2p = inp;
+                --len;
+                in += AES_BLOCK_SIZE;
+                out += AES_BLOCK_SIZE;
+            }
+            memcpy(ivec, ivp->data, AES_BLOCK_SIZE);
+            memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
+        } else {
+            aes_block_t tmp, tmp2;
+            aes_block_t iv;
+            aes_block_t iv2;
+
+            load_block(iv, ivec);
+            load_block(iv2, ivec + AES_BLOCK_SIZE);
+
+            while (len) {
+                load_block(tmp, in);
+                for (n = 0; n < N_WORDS; ++n)
+                    tmp2.data[n] = tmp.data[n] ^ iv.data[n];
+                AES_encrypt((unsigned char *)tmp2.data,
+                            (unsigned char *)tmp2.data, key);
+                for (n = 0; n < N_WORDS; ++n)
+                    tmp2.data[n] ^= iv2.data[n];
+                store_block(out, tmp2);
+                iv = tmp2;
+                iv2 = tmp;
+                --len;
+                in += AES_BLOCK_SIZE;
+                out += AES_BLOCK_SIZE;
+            }
+            memcpy(ivec, iv.data, AES_BLOCK_SIZE);
+            memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);
+        }
+    } else {
+        if (in != out &&
+            (UNALIGNED_MEMOPS_ARE_FAST
+             || ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(long) ==
+             0)) {
+            aes_block_t *ivp = (aes_block_t *) ivec;
+            aes_block_t *iv2p = (aes_block_t *) (ivec + AES_BLOCK_SIZE);
+
+            while (len) {
+                aes_block_t tmp;
+                aes_block_t *inp = (aes_block_t *) in;
+                aes_block_t *outp = (aes_block_t *) out;
+
+                for (n = 0; n < N_WORDS; ++n)
+                    tmp.data[n] = inp->data[n] ^ iv2p->data[n];
+                AES_decrypt((unsigned char *)tmp.data,
+                            (unsigned char *)outp->data, key);
+                for (n = 0; n < N_WORDS; ++n)
+                    outp->data[n] ^= ivp->data[n];
+                ivp = inp;
+                iv2p = outp;
+                --len;
+                in += AES_BLOCK_SIZE;
+                out += AES_BLOCK_SIZE;
+            }
+            memcpy(ivec, ivp->data, AES_BLOCK_SIZE);
+            memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
+        } else {
+            aes_block_t tmp, tmp2;
+            aes_block_t iv;
+            aes_block_t iv2;
+
+            load_block(iv, ivec);
+            load_block(iv2, ivec + AES_BLOCK_SIZE);
+
+            while (len) {
+                load_block(tmp, in);
+                tmp2 = tmp;
+                for (n = 0; n < N_WORDS; ++n)
+                    tmp.data[n] ^= iv2.data[n];
+                AES_decrypt((unsigned char *)tmp.data,
+                            (unsigned char *)tmp.data, key);
+                for (n = 0; n < N_WORDS; ++n)
+                    tmp.data[n] ^= iv.data[n];
+                store_block(out, tmp);
+                iv = tmp2;
+                iv2 = tmp;
+                --len;
+                in += AES_BLOCK_SIZE;
+                out += AES_BLOCK_SIZE;
+            }
+            memcpy(ivec, iv.data, AES_BLOCK_SIZE);
+            memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);
+        }
+    }
+}
+
+/*
+ * Note that its effectively impossible to do biIGE in anything other
+ * than a single pass, so no provision is made for chaining.
+ */
+
+/* N.B. The IV for this mode is _four times_ the block size */
+
+void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t length, const AES_KEY *key,
+                        const AES_KEY *key2, const unsigned char *ivec,
+                        const int enc)
+{
+    size_t n;
+    size_t len = length;
+    unsigned char tmp[AES_BLOCK_SIZE];
+    unsigned char tmp2[AES_BLOCK_SIZE];
+    unsigned char tmp3[AES_BLOCK_SIZE];
+    unsigned char prev[AES_BLOCK_SIZE];
+    const unsigned char *iv;
+    const unsigned char *iv2;
+
+    OPENSSL_assert(in && out && key && ivec);
+    OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
+    OPENSSL_assert((length % AES_BLOCK_SIZE) == 0);
+
+    if (AES_ENCRYPT == enc) {
+        /*
+         * XXX: Do a separate case for when in != out (strictly should check
+         * for overlap, too)
+         */
+
+        /* First the forward pass */
+        iv = ivec;
+        iv2 = ivec + AES_BLOCK_SIZE;
+        while (len >= AES_BLOCK_SIZE) {
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                out[n] = in[n] ^ iv[n];
+            AES_encrypt(out, out, key);
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                out[n] ^= iv2[n];
+            iv = out;
+            memcpy(prev, in, AES_BLOCK_SIZE);
+            iv2 = prev;
+            len -= AES_BLOCK_SIZE;
+            in += AES_BLOCK_SIZE;
+            out += AES_BLOCK_SIZE;
+        }
+
+        /* And now backwards */
+        iv = ivec + AES_BLOCK_SIZE * 2;
+        iv2 = ivec + AES_BLOCK_SIZE * 3;
+        len = length;
+        while (len >= AES_BLOCK_SIZE) {
+            out -= AES_BLOCK_SIZE;
+            /*
+             * XXX: reduce copies by alternating between buffers
+             */
+            memcpy(tmp, out, AES_BLOCK_SIZE);
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                out[n] ^= iv[n];
+            /*
+             * hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE);
+             */
+            AES_encrypt(out, out, key);
+            /*
+             * hexdump(stdout,"enc", out, AES_BLOCK_SIZE);
+             */
+            /*
+             * hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE);
+             */
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                out[n] ^= iv2[n];
+            /*
+             * hexdump(stdout,"out", out, AES_BLOCK_SIZE);
+             */
+            iv = out;
+            memcpy(prev, tmp, AES_BLOCK_SIZE);
+            iv2 = prev;
+            len -= AES_BLOCK_SIZE;
+        }
+    } else {
+        /* First backwards */
+        iv = ivec + AES_BLOCK_SIZE * 2;
+        iv2 = ivec + AES_BLOCK_SIZE * 3;
+        in += length;
+        out += length;
+        while (len >= AES_BLOCK_SIZE) {
+            in -= AES_BLOCK_SIZE;
+            out -= AES_BLOCK_SIZE;
+            memcpy(tmp, in, AES_BLOCK_SIZE);
+            memcpy(tmp2, in, AES_BLOCK_SIZE);
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                tmp[n] ^= iv2[n];
+            AES_decrypt(tmp, out, key);
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                out[n] ^= iv[n];
+            memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
+            iv = tmp3;
+            iv2 = out;
+            len -= AES_BLOCK_SIZE;
+        }
+
+        /* And now forwards */
+        iv = ivec;
+        iv2 = ivec + AES_BLOCK_SIZE;
+        len = length;
+        while (len >= AES_BLOCK_SIZE) {
+            memcpy(tmp, out, AES_BLOCK_SIZE);
+            memcpy(tmp2, out, AES_BLOCK_SIZE);
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                tmp[n] ^= iv2[n];
+            AES_decrypt(tmp, out, key);
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                out[n] ^= iv[n];
+            memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
+            iv = tmp3;
+            iv2 = out;
+            len -= AES_BLOCK_SIZE;
+            in += AES_BLOCK_SIZE;
+            out += AES_BLOCK_SIZE;
+        }
+    }
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/aes/aes_locl.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_locl.h	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/aes/aes_locl.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,89 +0,0 @@
-/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#ifndef HEADER_AES_LOCL_H
-# define HEADER_AES_LOCL_H
-
-# include <openssl/e_os2.h>
-
-# ifdef OPENSSL_NO_AES
-#  error AES is disabled.
-# endif
-
-# include <stdio.h>
-# include <stdlib.h>
-# include <string.h>
-
-# if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))
-#  define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
-#  define GETU32(p) SWAP(*((u32 *)(p)))
-#  define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }
-# else
-#  define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] <<  8) ^ ((u32)(pt)[3]))
-#  define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >>  8); (ct)[3] = (u8)(st); }
-# endif
-
-# ifdef AES_LONG
-typedef unsigned long u32;
-# else
-typedef unsigned int u32;
-# endif
-typedef unsigned short u16;
-typedef unsigned char u8;
-
-# define MAXKC   (256/32)
-# define MAXKB   (256/8)
-# define MAXNR   14
-
-/* This controls loop-unrolling in aes_core.c */
-# undef FULL_UNROLL
-
-#endif                          /* !HEADER_AES_LOCL_H */

Copied: vendor-crypto/openssl/1.0.1u/crypto/aes/aes_locl.h (from rev 11605, vendor-crypto/openssl/dist/crypto/aes/aes_locl.h)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/aes/aes_locl.h	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/aes/aes_locl.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,89 @@
+/* crypto/aes/aes.h */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef HEADER_AES_LOCL_H
+# define HEADER_AES_LOCL_H
+
+# include <openssl/e_os2.h>
+
+# ifdef OPENSSL_NO_AES
+#  error AES is disabled.
+# endif
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+
+# if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))
+#  define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
+#  define GETU32(p) SWAP(*((u32 *)(p)))
+#  define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }
+# else
+#  define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] <<  8) ^ ((u32)(pt)[3]))
+#  define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >>  8); (ct)[3] = (u8)(st); }
+# endif
+
+# ifdef AES_LONG
+typedef unsigned long u32;
+# else
+typedef unsigned int u32;
+# endif
+typedef unsigned short u16;
+typedef unsigned char u8;
+
+# define MAXKC   (256/32)
+# define MAXKB   (256/8)
+# define MAXNR   14
+
+/* This controls loop-unrolling in aes_core.c */
+# undef FULL_UNROLL
+
+#endif                          /* !HEADER_AES_LOCL_H */

Deleted: vendor-crypto/openssl/1.0.1u/crypto/aes/aes_misc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_misc.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/aes/aes_misc.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,86 +0,0 @@
-/* crypto/aes/aes_misc.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/opensslv.h>
-#include <openssl/crypto.h>
-#include <openssl/aes.h>
-#include "aes_locl.h"
-
-const char AES_version[] = "AES" OPENSSL_VERSION_PTEXT;
-
-const char *AES_options(void)
-{
-#ifdef FULL_UNROLL
-    return "aes(full)";
-#else
-    return "aes(partial)";
-#endif
-}
-
-/* FIPS wrapper functions to block low level AES calls in FIPS mode */
-
-int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-                        AES_KEY *key)
-{
-#ifdef OPENSSL_FIPS
-    fips_cipher_abort(AES);
-#endif
-    return private_AES_set_encrypt_key(userKey, bits, key);
-}
-
-int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-                        AES_KEY *key)
-{
-#ifdef OPENSSL_FIPS
-    fips_cipher_abort(AES);
-#endif
-    return private_AES_set_decrypt_key(userKey, bits, key);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/aes/aes_misc.c (from rev 11605, vendor-crypto/openssl/dist/crypto/aes/aes_misc.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/aes/aes_misc.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/aes/aes_misc.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,86 @@
+/* crypto/aes/aes_misc.c */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <openssl/opensslv.h>
+#include <openssl/crypto.h>
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+const char AES_version[] = "AES" OPENSSL_VERSION_PTEXT;
+
+const char *AES_options(void)
+{
+#ifdef FULL_UNROLL
+    return "aes(full)";
+#else
+    return "aes(partial)";
+#endif
+}
+
+/* FIPS wrapper functions to block low level AES calls in FIPS mode */
+
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key)
+{
+#ifdef OPENSSL_FIPS
+    fips_cipher_abort(AES);
+#endif
+    return private_AES_set_encrypt_key(userKey, bits, key);
+}
+
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key)
+{
+#ifdef OPENSSL_FIPS
+    fips_cipher_abort(AES);
+#endif
+    return private_AES_set_decrypt_key(userKey, bits, key);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/aes/aes_ofb.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_ofb.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/aes/aes_ofb.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,61 +0,0 @@
-/* crypto/aes/aes_ofb.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/aes.h>
-#include <openssl/modes.h>
-
-void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
-                        size_t length, const AES_KEY *key,
-                        unsigned char *ivec, int *num)
-{
-    CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num,
-                          (block128_f) AES_encrypt);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/aes/aes_ofb.c (from rev 11605, vendor-crypto/openssl/dist/crypto/aes/aes_ofb.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/aes/aes_ofb.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/aes/aes_ofb.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,61 @@
+/* crypto/aes/aes_ofb.c */
+/* ====================================================================
+ * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <openssl/aes.h>
+#include <openssl/modes.h>
+
+void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t length, const AES_KEY *key,
+                        unsigned char *ivec, int *num)
+{
+    CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num,
+                          (block128_f) AES_encrypt);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/aes/aes_x86core.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_x86core.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/aes/aes_x86core.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,1070 +0,0 @@
-/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
-/**
- * rijndael-alg-fst.c
- *
- * @version 3.0 (December 2000)
- *
- * Optimised ANSI C code for the Rijndael cipher (now AES)
- *
- * @author Vincent Rijmen <vincent.rijmen at esat.kuleuven.ac.be>
- * @author Antoon Bosselaers <antoon.bosselaers at esat.kuleuven.ac.be>
- * @author Paulo Barreto <paulo.barreto at terra.com.br>
- *
- * This code is hereby placed in the public domain.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
- * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
- * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
- * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * This is experimental x86[_64] derivative. It assumes little-endian
- * byte order and expects CPU to sustain unaligned memory references.
- * It is used as playground for cache-time attack mitigations and
- * serves as reference C implementation for x86[_64] assembler.
- *
- *                  <appro at fy.chalmers.se>
- */
-
-
-#ifndef AES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
-#include <stdlib.h>
-#include <openssl/aes.h>
-#include "aes_locl.h"
-
-/*
- * These two parameters control which table, 256-byte or 2KB, is
- * referenced in outer and respectively inner rounds.
- */
-#define AES_COMPACT_IN_OUTER_ROUNDS
-#ifdef  AES_COMPACT_IN_OUTER_ROUNDS
-/* AES_COMPACT_IN_OUTER_ROUNDS costs ~30% in performance, while
- * adding AES_COMPACT_IN_INNER_ROUNDS reduces benchmark *further*
- * by factor of ~2. */
-# undef  AES_COMPACT_IN_INNER_ROUNDS
-#endif
-
-#if 1
-static void prefetch256(const void *table)
-{
-    volatile unsigned long *t=(void *)table,ret;
-    unsigned long sum;
-    int i;
-
-    /* 32 is common least cache-line size */
-    for (sum=0,i=0;i<256/sizeof(t[0]);i+=32/sizeof(t[0]))   sum ^= t[i];
-
-    ret = sum;
-}
-#else
-# define prefetch256(t)
-#endif
-
-#undef GETU32
-#define GETU32(p) (*((u32*)(p)))
-
-#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
-typedef unsigned __int64 u64;
-#define U64(C)  C##UI64
-#elif defined(__arch64__)
-typedef unsigned long u64;
-#define U64(C)  C##UL
-#else
-typedef unsigned long long u64;
-#define U64(C)  C##ULL
-#endif
-
-#undef ROTATE
-#if defined(_MSC_VER) || defined(__ICC)
-# define ROTATE(a,n)	_lrotl(a,n)
-#elif defined(__GNUC__) && __GNUC__>=2
-# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
-#   define ROTATE(a,n)  ({ register unsigned int ret;   \
-                asm (           \
-                "roll %1,%0"        \
-                : "=r"(ret)     \
-                : "I"(n), "0"(a)    \
-                : "cc");        \
-               ret;             \
-            })
-# endif
-#endif
-/*-
-Te [x] = S [x].[02, 01, 01, 03, 02, 01, 01, 03];
-Te0[x] = S [x].[02, 01, 01, 03];
-Te1[x] = S [x].[03, 02, 01, 01];
-Te2[x] = S [x].[01, 03, 02, 01];
-Te3[x] = S [x].[01, 01, 03, 02];
-*/
-#define Te0 (u32)((u64*)((u8*)Te+0))
-#define Te1 (u32)((u64*)((u8*)Te+3))
-#define Te2 (u32)((u64*)((u8*)Te+2))
-#define Te3 (u32)((u64*)((u8*)Te+1))
-/*-
-Td [x] = Si[x].[0e, 09, 0d, 0b, 0e, 09, 0d, 0b];
-Td0[x] = Si[x].[0e, 09, 0d, 0b];
-Td1[x] = Si[x].[0b, 0e, 09, 0d];
-Td2[x] = Si[x].[0d, 0b, 0e, 09];
-Td3[x] = Si[x].[09, 0d, 0b, 0e];
-Td4[x] = Si[x].[01];
-*/
-#define Td0 (u32)((u64*)((u8*)Td+0))
-#define Td1 (u32)((u64*)((u8*)Td+3))
-#define Td2 (u32)((u64*)((u8*)Td+2))
-#define Td3 (u32)((u64*)((u8*)Td+1))
-
-static const u64 Te[256] = {
-    U64(0xa56363c6a56363c6), U64(0x847c7cf8847c7cf8),
-    U64(0x997777ee997777ee), U64(0x8d7b7bf68d7b7bf6),
-    U64(0x0df2f2ff0df2f2ff), U64(0xbd6b6bd6bd6b6bd6),
-    U64(0xb16f6fdeb16f6fde), U64(0x54c5c59154c5c591),
-    U64(0x5030306050303060), U64(0x0301010203010102),
-    U64(0xa96767cea96767ce), U64(0x7d2b2b567d2b2b56),
-    U64(0x19fefee719fefee7), U64(0x62d7d7b562d7d7b5),
-    U64(0xe6abab4de6abab4d), U64(0x9a7676ec9a7676ec),
-    U64(0x45caca8f45caca8f), U64(0x9d82821f9d82821f),
-    U64(0x40c9c98940c9c989), U64(0x877d7dfa877d7dfa),
-    U64(0x15fafaef15fafaef), U64(0xeb5959b2eb5959b2),
-    U64(0xc947478ec947478e), U64(0x0bf0f0fb0bf0f0fb),
-    U64(0xecadad41ecadad41), U64(0x67d4d4b367d4d4b3),
-    U64(0xfda2a25ffda2a25f), U64(0xeaafaf45eaafaf45),
-    U64(0xbf9c9c23bf9c9c23), U64(0xf7a4a453f7a4a453),
-    U64(0x967272e4967272e4), U64(0x5bc0c09b5bc0c09b),
-    U64(0xc2b7b775c2b7b775), U64(0x1cfdfde11cfdfde1),
-    U64(0xae93933dae93933d), U64(0x6a26264c6a26264c),
-    U64(0x5a36366c5a36366c), U64(0x413f3f7e413f3f7e),
-    U64(0x02f7f7f502f7f7f5), U64(0x4fcccc834fcccc83),
-    U64(0x5c3434685c343468), U64(0xf4a5a551f4a5a551),
-    U64(0x34e5e5d134e5e5d1), U64(0x08f1f1f908f1f1f9),
-    U64(0x937171e2937171e2), U64(0x73d8d8ab73d8d8ab),
-    U64(0x5331316253313162), U64(0x3f15152a3f15152a),
-    U64(0x0c0404080c040408), U64(0x52c7c79552c7c795),
-    U64(0x6523234665232346), U64(0x5ec3c39d5ec3c39d),
-    U64(0x2818183028181830), U64(0xa1969637a1969637),
-    U64(0x0f05050a0f05050a), U64(0xb59a9a2fb59a9a2f),
-    U64(0x0907070e0907070e), U64(0x3612122436121224),
-    U64(0x9b80801b9b80801b), U64(0x3de2e2df3de2e2df),
-    U64(0x26ebebcd26ebebcd), U64(0x6927274e6927274e),
-    U64(0xcdb2b27fcdb2b27f), U64(0x9f7575ea9f7575ea),
-    U64(0x1b0909121b090912), U64(0x9e83831d9e83831d),
-    U64(0x742c2c58742c2c58), U64(0x2e1a1a342e1a1a34),
-    U64(0x2d1b1b362d1b1b36), U64(0xb26e6edcb26e6edc),
-    U64(0xee5a5ab4ee5a5ab4), U64(0xfba0a05bfba0a05b),
-    U64(0xf65252a4f65252a4), U64(0x4d3b3b764d3b3b76),
-    U64(0x61d6d6b761d6d6b7), U64(0xceb3b37dceb3b37d),
-    U64(0x7b2929527b292952), U64(0x3ee3e3dd3ee3e3dd),
-    U64(0x712f2f5e712f2f5e), U64(0x9784841397848413),
-    U64(0xf55353a6f55353a6), U64(0x68d1d1b968d1d1b9),
-    U64(0x0000000000000000), U64(0x2cededc12cededc1),
-    U64(0x6020204060202040), U64(0x1ffcfce31ffcfce3),
-    U64(0xc8b1b179c8b1b179), U64(0xed5b5bb6ed5b5bb6),
-    U64(0xbe6a6ad4be6a6ad4), U64(0x46cbcb8d46cbcb8d),
-    U64(0xd9bebe67d9bebe67), U64(0x4b3939724b393972),
-    U64(0xde4a4a94de4a4a94), U64(0xd44c4c98d44c4c98),
-    U64(0xe85858b0e85858b0), U64(0x4acfcf854acfcf85),
-    U64(0x6bd0d0bb6bd0d0bb), U64(0x2aefefc52aefefc5),
-    U64(0xe5aaaa4fe5aaaa4f), U64(0x16fbfbed16fbfbed),
-    U64(0xc5434386c5434386), U64(0xd74d4d9ad74d4d9a),
-    U64(0x5533336655333366), U64(0x9485851194858511),
-    U64(0xcf45458acf45458a), U64(0x10f9f9e910f9f9e9),
-    U64(0x0602020406020204), U64(0x817f7ffe817f7ffe),
-    U64(0xf05050a0f05050a0), U64(0x443c3c78443c3c78),
-    U64(0xba9f9f25ba9f9f25), U64(0xe3a8a84be3a8a84b),
-    U64(0xf35151a2f35151a2), U64(0xfea3a35dfea3a35d),
-    U64(0xc0404080c0404080), U64(0x8a8f8f058a8f8f05),
-    U64(0xad92923fad92923f), U64(0xbc9d9d21bc9d9d21),
-    U64(0x4838387048383870), U64(0x04f5f5f104f5f5f1),
-    U64(0xdfbcbc63dfbcbc63), U64(0xc1b6b677c1b6b677),
-    U64(0x75dadaaf75dadaaf), U64(0x6321214263212142),
-    U64(0x3010102030101020), U64(0x1affffe51affffe5),
-    U64(0x0ef3f3fd0ef3f3fd), U64(0x6dd2d2bf6dd2d2bf),
-    U64(0x4ccdcd814ccdcd81), U64(0x140c0c18140c0c18),
-    U64(0x3513132635131326), U64(0x2fececc32fececc3),
-    U64(0xe15f5fbee15f5fbe), U64(0xa2979735a2979735),
-    U64(0xcc444488cc444488), U64(0x3917172e3917172e),
-    U64(0x57c4c49357c4c493), U64(0xf2a7a755f2a7a755),
-    U64(0x827e7efc827e7efc), U64(0x473d3d7a473d3d7a),
-    U64(0xac6464c8ac6464c8), U64(0xe75d5dbae75d5dba),
-    U64(0x2b1919322b191932), U64(0x957373e6957373e6),
-    U64(0xa06060c0a06060c0), U64(0x9881811998818119),
-    U64(0xd14f4f9ed14f4f9e), U64(0x7fdcdca37fdcdca3),
-    U64(0x6622224466222244), U64(0x7e2a2a547e2a2a54),
-    U64(0xab90903bab90903b), U64(0x8388880b8388880b),
-    U64(0xca46468cca46468c), U64(0x29eeeec729eeeec7),
-    U64(0xd3b8b86bd3b8b86b), U64(0x3c1414283c141428),
-    U64(0x79dedea779dedea7), U64(0xe25e5ebce25e5ebc),
-    U64(0x1d0b0b161d0b0b16), U64(0x76dbdbad76dbdbad),
-    U64(0x3be0e0db3be0e0db), U64(0x5632326456323264),
-    U64(0x4e3a3a744e3a3a74), U64(0x1e0a0a141e0a0a14),
-    U64(0xdb494992db494992), U64(0x0a06060c0a06060c),
-    U64(0x6c2424486c242448), U64(0xe45c5cb8e45c5cb8),
-    U64(0x5dc2c29f5dc2c29f), U64(0x6ed3d3bd6ed3d3bd),
-    U64(0xefacac43efacac43), U64(0xa66262c4a66262c4),
-    U64(0xa8919139a8919139), U64(0xa4959531a4959531),
-    U64(0x37e4e4d337e4e4d3), U64(0x8b7979f28b7979f2),
-    U64(0x32e7e7d532e7e7d5), U64(0x43c8c88b43c8c88b),
-    U64(0x5937376e5937376e), U64(0xb76d6ddab76d6dda),
-    U64(0x8c8d8d018c8d8d01), U64(0x64d5d5b164d5d5b1),
-    U64(0xd24e4e9cd24e4e9c), U64(0xe0a9a949e0a9a949),
-    U64(0xb46c6cd8b46c6cd8), U64(0xfa5656acfa5656ac),
-    U64(0x07f4f4f307f4f4f3), U64(0x25eaeacf25eaeacf),
-    U64(0xaf6565caaf6565ca), U64(0x8e7a7af48e7a7af4),
-    U64(0xe9aeae47e9aeae47), U64(0x1808081018080810),
-    U64(0xd5baba6fd5baba6f), U64(0x887878f0887878f0),
-    U64(0x6f25254a6f25254a), U64(0x722e2e5c722e2e5c),
-    U64(0x241c1c38241c1c38), U64(0xf1a6a657f1a6a657),
-    U64(0xc7b4b473c7b4b473), U64(0x51c6c69751c6c697),
-    U64(0x23e8e8cb23e8e8cb), U64(0x7cdddda17cdddda1),
-    U64(0x9c7474e89c7474e8), U64(0x211f1f3e211f1f3e),
-    U64(0xdd4b4b96dd4b4b96), U64(0xdcbdbd61dcbdbd61),
-    U64(0x868b8b0d868b8b0d), U64(0x858a8a0f858a8a0f),
-    U64(0x907070e0907070e0), U64(0x423e3e7c423e3e7c),
-    U64(0xc4b5b571c4b5b571), U64(0xaa6666ccaa6666cc),
-    U64(0xd8484890d8484890), U64(0x0503030605030306),
-    U64(0x01f6f6f701f6f6f7), U64(0x120e0e1c120e0e1c),
-    U64(0xa36161c2a36161c2), U64(0x5f35356a5f35356a),
-    U64(0xf95757aef95757ae), U64(0xd0b9b969d0b9b969),
-    U64(0x9186861791868617), U64(0x58c1c19958c1c199),
-    U64(0x271d1d3a271d1d3a), U64(0xb99e9e27b99e9e27),
-    U64(0x38e1e1d938e1e1d9), U64(0x13f8f8eb13f8f8eb),
-    U64(0xb398982bb398982b), U64(0x3311112233111122),
-    U64(0xbb6969d2bb6969d2), U64(0x70d9d9a970d9d9a9),
-    U64(0x898e8e07898e8e07), U64(0xa7949433a7949433),
-    U64(0xb69b9b2db69b9b2d), U64(0x221e1e3c221e1e3c),
-    U64(0x9287871592878715), U64(0x20e9e9c920e9e9c9),
-    U64(0x49cece8749cece87), U64(0xff5555aaff5555aa),
-    U64(0x7828285078282850), U64(0x7adfdfa57adfdfa5),
-    U64(0x8f8c8c038f8c8c03), U64(0xf8a1a159f8a1a159),
-    U64(0x8089890980898909), U64(0x170d0d1a170d0d1a),
-    U64(0xdabfbf65dabfbf65), U64(0x31e6e6d731e6e6d7),
-    U64(0xc6424284c6424284), U64(0xb86868d0b86868d0),
-    U64(0xc3414182c3414182), U64(0xb0999929b0999929),
-    U64(0x772d2d5a772d2d5a), U64(0x110f0f1e110f0f1e),
-    U64(0xcbb0b07bcbb0b07b), U64(0xfc5454a8fc5454a8),
-    U64(0xd6bbbb6dd6bbbb6d), U64(0x3a16162c3a16162c)
-};
-
-static const u8 Te4[256] = {
-    0x63U, 0x7cU, 0x77U, 0x7bU, 0xf2U, 0x6bU, 0x6fU, 0xc5U,
-    0x30U, 0x01U, 0x67U, 0x2bU, 0xfeU, 0xd7U, 0xabU, 0x76U,
-    0xcaU, 0x82U, 0xc9U, 0x7dU, 0xfaU, 0x59U, 0x47U, 0xf0U,
-    0xadU, 0xd4U, 0xa2U, 0xafU, 0x9cU, 0xa4U, 0x72U, 0xc0U,
-    0xb7U, 0xfdU, 0x93U, 0x26U, 0x36U, 0x3fU, 0xf7U, 0xccU,
-    0x34U, 0xa5U, 0xe5U, 0xf1U, 0x71U, 0xd8U, 0x31U, 0x15U,
-    0x04U, 0xc7U, 0x23U, 0xc3U, 0x18U, 0x96U, 0x05U, 0x9aU,
-    0x07U, 0x12U, 0x80U, 0xe2U, 0xebU, 0x27U, 0xb2U, 0x75U,
-    0x09U, 0x83U, 0x2cU, 0x1aU, 0x1bU, 0x6eU, 0x5aU, 0xa0U,
-    0x52U, 0x3bU, 0xd6U, 0xb3U, 0x29U, 0xe3U, 0x2fU, 0x84U,
-    0x53U, 0xd1U, 0x00U, 0xedU, 0x20U, 0xfcU, 0xb1U, 0x5bU,
-    0x6aU, 0xcbU, 0xbeU, 0x39U, 0x4aU, 0x4cU, 0x58U, 0xcfU,
-    0xd0U, 0xefU, 0xaaU, 0xfbU, 0x43U, 0x4dU, 0x33U, 0x85U,
-    0x45U, 0xf9U, 0x02U, 0x7fU, 0x50U, 0x3cU, 0x9fU, 0xa8U,
-    0x51U, 0xa3U, 0x40U, 0x8fU, 0x92U, 0x9dU, 0x38U, 0xf5U,
-    0xbcU, 0xb6U, 0xdaU, 0x21U, 0x10U, 0xffU, 0xf3U, 0xd2U,
-    0xcdU, 0x0cU, 0x13U, 0xecU, 0x5fU, 0x97U, 0x44U, 0x17U,
-    0xc4U, 0xa7U, 0x7eU, 0x3dU, 0x64U, 0x5dU, 0x19U, 0x73U,
-    0x60U, 0x81U, 0x4fU, 0xdcU, 0x22U, 0x2aU, 0x90U, 0x88U,
-    0x46U, 0xeeU, 0xb8U, 0x14U, 0xdeU, 0x5eU, 0x0bU, 0xdbU,
-    0xe0U, 0x32U, 0x3aU, 0x0aU, 0x49U, 0x06U, 0x24U, 0x5cU,
-    0xc2U, 0xd3U, 0xacU, 0x62U, 0x91U, 0x95U, 0xe4U, 0x79U,
-    0xe7U, 0xc8U, 0x37U, 0x6dU, 0x8dU, 0xd5U, 0x4eU, 0xa9U,
-    0x6cU, 0x56U, 0xf4U, 0xeaU, 0x65U, 0x7aU, 0xaeU, 0x08U,
-    0xbaU, 0x78U, 0x25U, 0x2eU, 0x1cU, 0xa6U, 0xb4U, 0xc6U,
-    0xe8U, 0xddU, 0x74U, 0x1fU, 0x4bU, 0xbdU, 0x8bU, 0x8aU,
-    0x70U, 0x3eU, 0xb5U, 0x66U, 0x48U, 0x03U, 0xf6U, 0x0eU,
-    0x61U, 0x35U, 0x57U, 0xb9U, 0x86U, 0xc1U, 0x1dU, 0x9eU,
-    0xe1U, 0xf8U, 0x98U, 0x11U, 0x69U, 0xd9U, 0x8eU, 0x94U,
-    0x9bU, 0x1eU, 0x87U, 0xe9U, 0xceU, 0x55U, 0x28U, 0xdfU,
-    0x8cU, 0xa1U, 0x89U, 0x0dU, 0xbfU, 0xe6U, 0x42U, 0x68U,
-    0x41U, 0x99U, 0x2dU, 0x0fU, 0xb0U, 0x54U, 0xbbU, 0x16U
-};
-
-static const u64 Td[256] = {
-    U64(0x50a7f45150a7f451), U64(0x5365417e5365417e),
-    U64(0xc3a4171ac3a4171a), U64(0x965e273a965e273a),
-    U64(0xcb6bab3bcb6bab3b), U64(0xf1459d1ff1459d1f),
-    U64(0xab58faacab58faac), U64(0x9303e34b9303e34b),
-    U64(0x55fa302055fa3020), U64(0xf66d76adf66d76ad),
-    U64(0x9176cc889176cc88), U64(0x254c02f5254c02f5),
-    U64(0xfcd7e54ffcd7e54f), U64(0xd7cb2ac5d7cb2ac5),
-    U64(0x8044352680443526), U64(0x8fa362b58fa362b5),
-    U64(0x495ab1de495ab1de), U64(0x671bba25671bba25),
-    U64(0x980eea45980eea45), U64(0xe1c0fe5de1c0fe5d),
-    U64(0x02752fc302752fc3), U64(0x12f04c8112f04c81),
-    U64(0xa397468da397468d), U64(0xc6f9d36bc6f9d36b),
-    U64(0xe75f8f03e75f8f03), U64(0x959c9215959c9215),
-    U64(0xeb7a6dbfeb7a6dbf), U64(0xda595295da595295),
-    U64(0x2d83bed42d83bed4), U64(0xd3217458d3217458),
-    U64(0x2969e0492969e049), U64(0x44c8c98e44c8c98e),
-    U64(0x6a89c2756a89c275), U64(0x78798ef478798ef4),
-    U64(0x6b3e58996b3e5899), U64(0xdd71b927dd71b927),
-    U64(0xb64fe1beb64fe1be), U64(0x17ad88f017ad88f0),
-    U64(0x66ac20c966ac20c9), U64(0xb43ace7db43ace7d),
-    U64(0x184adf63184adf63), U64(0x82311ae582311ae5),
-    U64(0x6033519760335197), U64(0x457f5362457f5362),
-    U64(0xe07764b1e07764b1), U64(0x84ae6bbb84ae6bbb),
-    U64(0x1ca081fe1ca081fe), U64(0x942b08f9942b08f9),
-    U64(0x5868487058684870), U64(0x19fd458f19fd458f),
-    U64(0x876cde94876cde94), U64(0xb7f87b52b7f87b52),
-    U64(0x23d373ab23d373ab), U64(0xe2024b72e2024b72),
-    U64(0x578f1fe3578f1fe3), U64(0x2aab55662aab5566),
-    U64(0x0728ebb20728ebb2), U64(0x03c2b52f03c2b52f),
-    U64(0x9a7bc5869a7bc586), U64(0xa50837d3a50837d3),
-    U64(0xf2872830f2872830), U64(0xb2a5bf23b2a5bf23),
-    U64(0xba6a0302ba6a0302), U64(0x5c8216ed5c8216ed),
-    U64(0x2b1ccf8a2b1ccf8a), U64(0x92b479a792b479a7),
-    U64(0xf0f207f3f0f207f3), U64(0xa1e2694ea1e2694e),
-    U64(0xcdf4da65cdf4da65), U64(0xd5be0506d5be0506),
-    U64(0x1f6234d11f6234d1), U64(0x8afea6c48afea6c4),
-    U64(0x9d532e349d532e34), U64(0xa055f3a2a055f3a2),
-    U64(0x32e18a0532e18a05), U64(0x75ebf6a475ebf6a4),
-    U64(0x39ec830b39ec830b), U64(0xaaef6040aaef6040),
-    U64(0x069f715e069f715e), U64(0x51106ebd51106ebd),
-    U64(0xf98a213ef98a213e), U64(0x3d06dd963d06dd96),
-    U64(0xae053eddae053edd), U64(0x46bde64d46bde64d),
-    U64(0xb58d5491b58d5491), U64(0x055dc471055dc471),
-    U64(0x6fd406046fd40604), U64(0xff155060ff155060),
-    U64(0x24fb981924fb9819), U64(0x97e9bdd697e9bdd6),
-    U64(0xcc434089cc434089), U64(0x779ed967779ed967),
-    U64(0xbd42e8b0bd42e8b0), U64(0x888b8907888b8907),
-    U64(0x385b19e7385b19e7), U64(0xdbeec879dbeec879),
-    U64(0x470a7ca1470a7ca1), U64(0xe90f427ce90f427c),
-    U64(0xc91e84f8c91e84f8), U64(0x0000000000000000),
-    U64(0x8386800983868009), U64(0x48ed2b3248ed2b32),
-    U64(0xac70111eac70111e), U64(0x4e725a6c4e725a6c),
-    U64(0xfbff0efdfbff0efd), U64(0x5638850f5638850f),
-    U64(0x1ed5ae3d1ed5ae3d), U64(0x27392d3627392d36),
-    U64(0x64d90f0a64d90f0a), U64(0x21a65c6821a65c68),
-    U64(0xd1545b9bd1545b9b), U64(0x3a2e36243a2e3624),
-    U64(0xb1670a0cb1670a0c), U64(0x0fe757930fe75793),
-    U64(0xd296eeb4d296eeb4), U64(0x9e919b1b9e919b1b),
-    U64(0x4fc5c0804fc5c080), U64(0xa220dc61a220dc61),
-    U64(0x694b775a694b775a), U64(0x161a121c161a121c),
-    U64(0x0aba93e20aba93e2), U64(0xe52aa0c0e52aa0c0),
-    U64(0x43e0223c43e0223c), U64(0x1d171b121d171b12),
-    U64(0x0b0d090e0b0d090e), U64(0xadc78bf2adc78bf2),
-    U64(0xb9a8b62db9a8b62d), U64(0xc8a91e14c8a91e14),
-    U64(0x8519f1578519f157), U64(0x4c0775af4c0775af),
-    U64(0xbbdd99eebbdd99ee), U64(0xfd607fa3fd607fa3),
-    U64(0x9f2601f79f2601f7), U64(0xbcf5725cbcf5725c),
-    U64(0xc53b6644c53b6644), U64(0x347efb5b347efb5b),
-    U64(0x7629438b7629438b), U64(0xdcc623cbdcc623cb),
-    U64(0x68fcedb668fcedb6), U64(0x63f1e4b863f1e4b8),
-    U64(0xcadc31d7cadc31d7), U64(0x1085634210856342),
-    U64(0x4022971340229713), U64(0x2011c6842011c684),
-    U64(0x7d244a857d244a85), U64(0xf83dbbd2f83dbbd2),
-    U64(0x1132f9ae1132f9ae), U64(0x6da129c76da129c7),
-    U64(0x4b2f9e1d4b2f9e1d), U64(0xf330b2dcf330b2dc),
-    U64(0xec52860dec52860d), U64(0xd0e3c177d0e3c177),
-    U64(0x6c16b32b6c16b32b), U64(0x99b970a999b970a9),
-    U64(0xfa489411fa489411), U64(0x2264e9472264e947),
-    U64(0xc48cfca8c48cfca8), U64(0x1a3ff0a01a3ff0a0),
-    U64(0xd82c7d56d82c7d56), U64(0xef903322ef903322),
-    U64(0xc74e4987c74e4987), U64(0xc1d138d9c1d138d9),
-    U64(0xfea2ca8cfea2ca8c), U64(0x360bd498360bd498),
-    U64(0xcf81f5a6cf81f5a6), U64(0x28de7aa528de7aa5),
-    U64(0x268eb7da268eb7da), U64(0xa4bfad3fa4bfad3f),
-    U64(0xe49d3a2ce49d3a2c), U64(0x0d9278500d927850),
-    U64(0x9bcc5f6a9bcc5f6a), U64(0x62467e5462467e54),
-    U64(0xc2138df6c2138df6), U64(0xe8b8d890e8b8d890),
-    U64(0x5ef7392e5ef7392e), U64(0xf5afc382f5afc382),
-    U64(0xbe805d9fbe805d9f), U64(0x7c93d0697c93d069),
-    U64(0xa92dd56fa92dd56f), U64(0xb31225cfb31225cf),
-    U64(0x3b99acc83b99acc8), U64(0xa77d1810a77d1810),
-    U64(0x6e639ce86e639ce8), U64(0x7bbb3bdb7bbb3bdb),
-    U64(0x097826cd097826cd), U64(0xf418596ef418596e),
-    U64(0x01b79aec01b79aec), U64(0xa89a4f83a89a4f83),
-    U64(0x656e95e6656e95e6), U64(0x7ee6ffaa7ee6ffaa),
-    U64(0x08cfbc2108cfbc21), U64(0xe6e815efe6e815ef),
-    U64(0xd99be7bad99be7ba), U64(0xce366f4ace366f4a),
-    U64(0xd4099fead4099fea), U64(0xd67cb029d67cb029),
-    U64(0xafb2a431afb2a431), U64(0x31233f2a31233f2a),
-    U64(0x3094a5c63094a5c6), U64(0xc066a235c066a235),
-    U64(0x37bc4e7437bc4e74), U64(0xa6ca82fca6ca82fc),
-    U64(0xb0d090e0b0d090e0), U64(0x15d8a73315d8a733),
-    U64(0x4a9804f14a9804f1), U64(0xf7daec41f7daec41),
-    U64(0x0e50cd7f0e50cd7f), U64(0x2ff691172ff69117),
-    U64(0x8dd64d768dd64d76), U64(0x4db0ef434db0ef43),
-    U64(0x544daacc544daacc), U64(0xdf0496e4df0496e4),
-    U64(0xe3b5d19ee3b5d19e), U64(0x1b886a4c1b886a4c),
-    U64(0xb81f2cc1b81f2cc1), U64(0x7f5165467f516546),
-    U64(0x04ea5e9d04ea5e9d), U64(0x5d358c015d358c01),
-    U64(0x737487fa737487fa), U64(0x2e410bfb2e410bfb),
-    U64(0x5a1d67b35a1d67b3), U64(0x52d2db9252d2db92),
-    U64(0x335610e9335610e9), U64(0x1347d66d1347d66d),
-    U64(0x8c61d79a8c61d79a), U64(0x7a0ca1377a0ca137),
-    U64(0x8e14f8598e14f859), U64(0x893c13eb893c13eb),
-    U64(0xee27a9ceee27a9ce), U64(0x35c961b735c961b7),
-    U64(0xede51ce1ede51ce1), U64(0x3cb1477a3cb1477a),
-    U64(0x59dfd29c59dfd29c), U64(0x3f73f2553f73f255),
-    U64(0x79ce141879ce1418), U64(0xbf37c773bf37c773),
-    U64(0xeacdf753eacdf753), U64(0x5baafd5f5baafd5f),
-    U64(0x146f3ddf146f3ddf), U64(0x86db447886db4478),
-    U64(0x81f3afca81f3afca), U64(0x3ec468b93ec468b9),
-    U64(0x2c3424382c342438), U64(0x5f40a3c25f40a3c2),
-    U64(0x72c31d1672c31d16), U64(0x0c25e2bc0c25e2bc),
-    U64(0x8b493c288b493c28), U64(0x41950dff41950dff),
-    U64(0x7101a8397101a839), U64(0xdeb30c08deb30c08),
-    U64(0x9ce4b4d89ce4b4d8), U64(0x90c1566490c15664),
-    U64(0x6184cb7b6184cb7b), U64(0x70b632d570b632d5),
-    U64(0x745c6c48745c6c48), U64(0x4257b8d04257b8d0)
-};
-static const u8 Td4[256] = {
-    0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
-    0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
-    0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U,
-    0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU,
-    0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU,
-    0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU,
-    0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U,
-    0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U,
-    0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U,
-    0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U,
-    0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU,
-    0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U,
-    0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU,
-    0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U,
-    0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U,
-    0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU,
-    0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU,
-    0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U,
-    0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U,
-    0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU,
-    0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U,
-    0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU,
-    0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U,
-    0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U,
-    0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U,
-    0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU,
-    0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU,
-    0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU,
-    0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U,
-    0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U,
-    0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U,
-    0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU
-};
-
-static const u32 rcon[] = {
-    0x00000001U, 0x00000002U, 0x00000004U, 0x00000008U,
-    0x00000010U, 0x00000020U, 0x00000040U, 0x00000080U,
-    0x0000001bU, 0x00000036U, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
-};
-
-/**
- * Expand the cipher key into the encryption key schedule.
- */
-int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-                        AES_KEY *key)
-{
-
-    u32 *rk;
-    int i = 0;
-    u32 temp;
-
-    if (!userKey || !key)
-        return -1;
-    if (bits != 128 && bits != 192 && bits != 256)
-        return -2;
-
-    rk = key->rd_key;
-
-    if (bits==128)
-        key->rounds = 10;
-    else if (bits==192)
-        key->rounds = 12;
-    else
-        key->rounds = 14;
-
-    rk[0] = GETU32(userKey     );
-    rk[1] = GETU32(userKey +  4);
-    rk[2] = GETU32(userKey +  8);
-    rk[3] = GETU32(userKey + 12);
-    if (bits == 128) {
-        while (1) {
-            temp  = rk[3];
-            rk[4] = rk[0] ^
-                ((u32)Te4[(temp >>  8) & 0xff]      ) ^
-                ((u32)Te4[(temp >> 16) & 0xff] <<  8) ^
-                ((u32)Te4[(temp >> 24)       ] << 16) ^
-                ((u32)Te4[(temp      ) & 0xff] << 24) ^
-                rcon[i];
-            rk[5] = rk[1] ^ rk[4];
-            rk[6] = rk[2] ^ rk[5];
-            rk[7] = rk[3] ^ rk[6];
-            if (++i == 10) {
-                return 0;
-            }
-            rk += 4;
-        }
-    }
-    rk[4] = GETU32(userKey + 16);
-    rk[5] = GETU32(userKey + 20);
-    if (bits == 192) {
-        while (1) {
-            temp = rk[ 5];
-            rk[ 6] = rk[ 0] ^
-                ((u32)Te4[(temp >>  8) & 0xff]      ) ^
-                ((u32)Te4[(temp >> 16) & 0xff] <<  8) ^
-                ((u32)Te4[(temp >> 24)       ] << 16) ^
-                ((u32)Te4[(temp      ) & 0xff] << 24) ^
-                rcon[i];
-            rk[ 7] = rk[ 1] ^ rk[ 6];
-            rk[ 8] = rk[ 2] ^ rk[ 7];
-            rk[ 9] = rk[ 3] ^ rk[ 8];
-            if (++i == 8) {
-                return 0;
-            }
-            rk[10] = rk[ 4] ^ rk[ 9];
-            rk[11] = rk[ 5] ^ rk[10];
-            rk += 6;
-        }
-    }
-    rk[6] = GETU32(userKey + 24);
-    rk[7] = GETU32(userKey + 28);
-    if (bits == 256) {
-        while (1) {
-            temp = rk[ 7];
-            rk[ 8] = rk[ 0] ^
-                ((u32)Te4[(temp >>  8) & 0xff]      ) ^
-                ((u32)Te4[(temp >> 16) & 0xff] <<  8) ^
-                ((u32)Te4[(temp >> 24)       ] << 16) ^
-                ((u32)Te4[(temp      ) & 0xff] << 24) ^
-                rcon[i];
-            rk[ 9] = rk[ 1] ^ rk[ 8];
-            rk[10] = rk[ 2] ^ rk[ 9];
-            rk[11] = rk[ 3] ^ rk[10];
-            if (++i == 7) {
-                return 0;
-            }
-            temp = rk[11];
-            rk[12] = rk[ 4] ^
-                ((u32)Te4[(temp      ) & 0xff]      ) ^
-                ((u32)Te4[(temp >>  8) & 0xff] <<  8) ^
-                ((u32)Te4[(temp >> 16) & 0xff] << 16) ^
-                ((u32)Te4[(temp >> 24)       ] << 24);
-            rk[13] = rk[ 5] ^ rk[12];
-            rk[14] = rk[ 6] ^ rk[13];
-            rk[15] = rk[ 7] ^ rk[14];
-
-            rk += 8;
-            }
-    }
-    return 0;
-}
-
-/**
- * Expand the cipher key into the decryption key schedule.
- */
-int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-                        AES_KEY *key)
-{
-
-    u32 *rk;
-    int i, j, status;
-    u32 temp;
-
-    /* first, start with an encryption schedule */
-    status = AES_set_encrypt_key(userKey, bits, key);
-    if (status < 0)
-        return status;
-
-    rk = key->rd_key;
-
-    /* invert the order of the round keys: */
-    for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
-        temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
-        temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
-        temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
-        temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
-    }
-    /* apply the inverse MixColumn transform to all round keys but the first and the last: */
-    for (i = 1; i < (key->rounds); i++) {
-        rk += 4;
-#if 1
-        for (j = 0; j < 4; j++) {
-            u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m;
-
-            tp1 = rk[j];
-            m = tp1 & 0x80808080;
-            tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^
-                ((m - (m >> 7)) & 0x1b1b1b1b);
-            m = tp2 & 0x80808080;
-            tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^
-                ((m - (m >> 7)) & 0x1b1b1b1b);
-            m = tp4 & 0x80808080;
-            tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^
-                ((m - (m >> 7)) & 0x1b1b1b1b);
-            tp9 = tp8 ^ tp1;
-            tpb = tp9 ^ tp2;
-            tpd = tp9 ^ tp4;
-            tpe = tp8 ^ tp4 ^ tp2;
-#if defined(ROTATE)
-            rk[j] = tpe ^ ROTATE(tpd,16) ^
-                ROTATE(tp9,8) ^ ROTATE(tpb,24);
-#else
-            rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ 
-                (tp9 >> 24) ^ (tp9 << 8) ^
-                (tpb >> 8) ^ (tpb << 24);
-#endif
-        }
-#else
-        rk[0] =
-            Td0[Te2[(rk[0]      ) & 0xff] & 0xff] ^
-            Td1[Te2[(rk[0] >>  8) & 0xff] & 0xff] ^
-            Td2[Te2[(rk[0] >> 16) & 0xff] & 0xff] ^
-            Td3[Te2[(rk[0] >> 24)       ] & 0xff];
-        rk[1] =
-            Td0[Te2[(rk[1]      ) & 0xff] & 0xff] ^
-            Td1[Te2[(rk[1] >>  8) & 0xff] & 0xff] ^
-            Td2[Te2[(rk[1] >> 16) & 0xff] & 0xff] ^
-            Td3[Te2[(rk[1] >> 24)       ] & 0xff];
-        rk[2] =
-            Td0[Te2[(rk[2]      ) & 0xff] & 0xff] ^
-            Td1[Te2[(rk[2] >>  8) & 0xff] & 0xff] ^
-            Td2[Te2[(rk[2] >> 16) & 0xff] & 0xff] ^
-            Td3[Te2[(rk[2] >> 24)       ] & 0xff];
-        rk[3] =
-            Td0[Te2[(rk[3]      ) & 0xff] & 0xff] ^
-            Td1[Te2[(rk[3] >>  8) & 0xff] & 0xff] ^
-            Td2[Te2[(rk[3] >> 16) & 0xff] & 0xff] ^
-            Td3[Te2[(rk[3] >> 24)       ] & 0xff];
-#endif
-    }
-    return 0;
-}
-
-/*
- * Encrypt a single block
- * in and out can overlap
- */
-void AES_encrypt(const unsigned char *in, unsigned char *out,
-                 const AES_KEY *key)
-{
-
-    const u32 *rk;
-    u32 s0, s1, s2, s3, t[4];
-    int r;
-
-    assert(in && out && key);
-    rk = key->rd_key;
-
-    /*
-     * map byte array block to cipher state
-     * and add initial round key:
-     */
-    s0 = GETU32(in     ) ^ rk[0];
-    s1 = GETU32(in +  4) ^ rk[1];
-    s2 = GETU32(in +  8) ^ rk[2];
-    s3 = GETU32(in + 12) ^ rk[3];
-
-#if defined(AES_COMPACT_IN_OUTER_ROUNDS)
-    prefetch256(Te4);
-
-    t[0] = (u32)Te4[(s0      ) & 0xff]       ^
-           (u32)Te4[(s1 >>  8) & 0xff] <<  8 ^
-           (u32)Te4[(s2 >> 16) & 0xff] << 16 ^
-           (u32)Te4[(s3 >> 24)       ] << 24;
-    t[1] = (u32)Te4[(s1      ) & 0xff]       ^
-           (u32)Te4[(s2 >>  8) & 0xff] <<  8 ^
-           (u32)Te4[(s3 >> 16) & 0xff] << 16 ^
-           (u32)Te4[(s0 >> 24)       ] << 24;
-    t[2] = (u32)Te4[(s2      ) & 0xff]       ^
-           (u32)Te4[(s3 >>  8) & 0xff] <<  8 ^
-           (u32)Te4[(s0 >> 16) & 0xff] << 16 ^
-           (u32)Te4[(s1 >> 24)       ] << 24;
-    t[3] = (u32)Te4[(s3      ) & 0xff]       ^
-           (u32)Te4[(s0 >>  8) & 0xff] <<  8 ^
-           (u32)Te4[(s1 >> 16) & 0xff] << 16 ^
-           (u32)Te4[(s2 >> 24)       ] << 24;
-
-    /* now do the linear transform using words */
-    {   int i;
-        u32 r0, r1, r2;
-
-        for (i = 0; i < 4; i++) {
-            r0 = t[i];
-            r1 = r0 & 0x80808080;
-            r2 = ((r0 & 0x7f7f7f7f) << 1) ^
-                ((r1 - (r1 >> 7)) & 0x1b1b1b1b);
-#if defined(ROTATE)
-            t[i] = r2 ^ ROTATE(r2,24) ^ ROTATE(r0,24) ^
-                ROTATE(r0,16) ^ ROTATE(r0,8);
-#else
-            t[i] = r2 ^ ((r2 ^ r0) << 24) ^ ((r2 ^ r0) >> 8) ^
-                (r0 << 16) ^ (r0 >> 16) ^
-                (r0 << 8) ^ (r0 >> 24);
-#endif
-            t[i] ^= rk[4+i];
-        }
-    }
-#else
-    t[0] =  Te0[(s0      ) & 0xff] ^
-        Te1[(s1 >>  8) & 0xff] ^
-        Te2[(s2 >> 16) & 0xff] ^
-        Te3[(s3 >> 24)       ] ^
-        rk[4];
-    t[1] =  Te0[(s1      ) & 0xff] ^
-        Te1[(s2 >>  8) & 0xff] ^
-        Te2[(s3 >> 16) & 0xff] ^
-        Te3[(s0 >> 24)       ] ^
-        rk[5];
-    t[2] =  Te0[(s2      ) & 0xff] ^
-        Te1[(s3 >>  8) & 0xff] ^
-        Te2[(s0 >> 16) & 0xff] ^
-        Te3[(s1 >> 24)       ] ^
-        rk[6];
-    t[3] =  Te0[(s3      ) & 0xff] ^
-        Te1[(s0 >>  8) & 0xff] ^
-        Te2[(s1 >> 16) & 0xff] ^
-        Te3[(s2 >> 24)       ] ^
-        rk[7];
-#endif
-    s0 = t[0]; s1 = t[1]; s2 = t[2]; s3 = t[3];
-
-    /*
-     * Nr - 2 full rounds:
-     */
-    for (rk+=8,r=key->rounds-2; r>0; rk+=4,r--) {
-#if defined(AES_COMPACT_IN_INNER_ROUNDS)
-        t[0] = (u32)Te4[(s0      ) & 0xff]       ^
-               (u32)Te4[(s1 >>  8) & 0xff] <<  8 ^
-               (u32)Te4[(s2 >> 16) & 0xff] << 16 ^
-               (u32)Te4[(s3 >> 24)       ] << 24;
-        t[1] = (u32)Te4[(s1      ) & 0xff]       ^
-               (u32)Te4[(s2 >>  8) & 0xff] <<  8 ^
-               (u32)Te4[(s3 >> 16) & 0xff] << 16 ^
-               (u32)Te4[(s0 >> 24)       ] << 24;
-        t[2] = (u32)Te4[(s2      ) & 0xff]       ^
-               (u32)Te4[(s3 >>  8) & 0xff] <<  8 ^
-               (u32)Te4[(s0 >> 16) & 0xff] << 16 ^
-               (u32)Te4[(s1 >> 24)       ] << 24;
-        t[3] = (u32)Te4[(s3      ) & 0xff]       ^
-               (u32)Te4[(s0 >>  8) & 0xff] <<  8 ^
-               (u32)Te4[(s1 >> 16) & 0xff] << 16 ^
-               (u32)Te4[(s2 >> 24)       ] << 24;
-
-        /* now do the linear transform using words */
-        {
-            int i;
-            u32 r0, r1, r2;
-
-            for (i = 0; i < 4; i++) {
-                r0 = t[i];
-                r1 = r0 & 0x80808080;
-                r2 = ((r0 & 0x7f7f7f7f) << 1) ^
-                    ((r1 - (r1 >> 7)) & 0x1b1b1b1b);
-#if defined(ROTATE)
-                t[i] = r2 ^ ROTATE(r2,24) ^ ROTATE(r0,24) ^
-                    ROTATE(r0,16) ^ ROTATE(r0,8);
-#else
-                t[i] = r2 ^ ((r2 ^ r0) << 24) ^ ((r2 ^ r0) >> 8) ^
-                    (r0 << 16) ^ (r0 >> 16) ^
-                    (r0 << 8) ^ (r0 >> 24);
-#endif
-                t[i] ^= rk[i];
-            }
-        }
-#else
-        t[0] =  Te0[(s0      ) & 0xff] ^
-            Te1[(s1 >>  8) & 0xff] ^
-            Te2[(s2 >> 16) & 0xff] ^
-            Te3[(s3 >> 24)       ] ^
-            rk[0];
-        t[1] =  Te0[(s1      ) & 0xff] ^
-            Te1[(s2 >>  8) & 0xff] ^
-            Te2[(s3 >> 16) & 0xff] ^
-            Te3[(s0 >> 24)       ] ^
-            rk[1];
-        t[2] =  Te0[(s2      ) & 0xff] ^
-            Te1[(s3 >>  8) & 0xff] ^
-            Te2[(s0 >> 16) & 0xff] ^
-            Te3[(s1 >> 24)       ] ^
-            rk[2];
-        t[3] =  Te0[(s3      ) & 0xff] ^
-            Te1[(s0 >>  8) & 0xff] ^
-            Te2[(s1 >> 16) & 0xff] ^
-            Te3[(s2 >> 24)       ] ^
-            rk[3];
-#endif
-        s0 = t[0]; s1 = t[1]; s2 = t[2]; s3 = t[3];
-    }
-    /*
-     * apply last round and
-     * map cipher state to byte array block:
-     */
-#if defined(AES_COMPACT_IN_OUTER_ROUNDS)
-    prefetch256(Te4);
-
-    *(u32*)(out+0) =
-           (u32)Te4[(s0      ) & 0xff]       ^
-           (u32)Te4[(s1 >>  8) & 0xff] <<  8 ^
-           (u32)Te4[(s2 >> 16) & 0xff] << 16 ^
-           (u32)Te4[(s3 >> 24)       ] << 24 ^
-        rk[0];
-    *(u32*)(out+4) =
-           (u32)Te4[(s1      ) & 0xff]       ^
-           (u32)Te4[(s2 >>  8) & 0xff] <<  8 ^
-           (u32)Te4[(s3 >> 16) & 0xff] << 16 ^
-           (u32)Te4[(s0 >> 24)       ] << 24 ^
-        rk[1];
-    *(u32*)(out+8) =
-           (u32)Te4[(s2      ) & 0xff]       ^
-           (u32)Te4[(s3 >>  8) & 0xff] <<  8 ^
-           (u32)Te4[(s0 >> 16) & 0xff] << 16 ^
-           (u32)Te4[(s1 >> 24)       ] << 24 ^
-        rk[2];
-    *(u32*)(out+12) =
-           (u32)Te4[(s3      ) & 0xff]       ^
-           (u32)Te4[(s0 >>  8) & 0xff] <<  8 ^
-           (u32)Te4[(s1 >> 16) & 0xff] << 16 ^
-           (u32)Te4[(s2 >> 24)       ] << 24 ^
-        rk[3];
-#else
-    *(u32*)(out+0) =
-        (Te2[(s0      ) & 0xff] & 0x000000ffU) ^
-        (Te3[(s1 >>  8) & 0xff] & 0x0000ff00U) ^
-        (Te0[(s2 >> 16) & 0xff] & 0x00ff0000U) ^
-        (Te1[(s3 >> 24)       ] & 0xff000000U) ^
-        rk[0];
-    *(u32*)(out+4) =
-        (Te2[(s1      ) & 0xff] & 0x000000ffU) ^
-        (Te3[(s2 >>  8) & 0xff] & 0x0000ff00U) ^
-        (Te0[(s3 >> 16) & 0xff] & 0x00ff0000U) ^
-        (Te1[(s0 >> 24)       ] & 0xff000000U) ^
-        rk[1];
-    *(u32*)(out+8) =
-        (Te2[(s2      ) & 0xff] & 0x000000ffU) ^
-        (Te3[(s3 >>  8) & 0xff] & 0x0000ff00U) ^
-        (Te0[(s0 >> 16) & 0xff] & 0x00ff0000U) ^
-        (Te1[(s1 >> 24)       ] & 0xff000000U) ^
-        rk[2];
-    *(u32*)(out+12) =
-        (Te2[(s3      ) & 0xff] & 0x000000ffU) ^
-        (Te3[(s0 >>  8) & 0xff] & 0x0000ff00U) ^
-        (Te0[(s1 >> 16) & 0xff] & 0x00ff0000U) ^
-        (Te1[(s2 >> 24)       ] & 0xff000000U) ^
-        rk[3];
-#endif
-}
-
-/*
- * Decrypt a single block
- * in and out can overlap
- */
-void AES_decrypt(const unsigned char *in, unsigned char *out,
-                 const AES_KEY *key)
-{
-
-    const u32 *rk;
-    u32 s0, s1, s2, s3, t[4];
-    int r;
-
-    assert(in && out && key);
-    rk = key->rd_key;
-
-    /*
-     * map byte array block to cipher state
-     * and add initial round key:
-     */
-    s0 = GETU32(in     ) ^ rk[0];
-    s1 = GETU32(in +  4) ^ rk[1];
-    s2 = GETU32(in +  8) ^ rk[2];
-    s3 = GETU32(in + 12) ^ rk[3];
-
-#if defined(AES_COMPACT_IN_OUTER_ROUNDS)
-    prefetch256(Td4);
-
-    t[0] = (u32)Td4[(s0      ) & 0xff]       ^
-           (u32)Td4[(s3 >>  8) & 0xff] <<  8 ^
-           (u32)Td4[(s2 >> 16) & 0xff] << 16 ^
-           (u32)Td4[(s1 >> 24)       ] << 24;
-    t[1] = (u32)Td4[(s1      ) & 0xff]       ^
-           (u32)Td4[(s0 >>  8) & 0xff] <<  8 ^
-           (u32)Td4[(s3 >> 16) & 0xff] << 16 ^
-           (u32)Td4[(s2 >> 24)       ] << 24;
-    t[2] = (u32)Td4[(s2      ) & 0xff]       ^
-           (u32)Td4[(s1 >>  8) & 0xff] <<  8 ^
-           (u32)Td4[(s0 >> 16) & 0xff] << 16 ^
-           (u32)Td4[(s3 >> 24)       ] << 24;
-    t[3] = (u32)Td4[(s3      ) & 0xff]       ^
-           (u32)Td4[(s2 >>  8) & 0xff] <<  8 ^
-           (u32)Td4[(s1 >> 16) & 0xff] << 16 ^
-           (u32)Td4[(s0 >> 24)       ] << 24;
-
-    /* now do the linear transform using words */ 
-    {
-        int i;
-        u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m;
-
-        for (i = 0; i < 4; i++) {
-            tp1 = t[i];
-            m = tp1 & 0x80808080;
-            tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^
-                ((m - (m >> 7)) & 0x1b1b1b1b);
-            m = tp2 & 0x80808080;
-            tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^
-                ((m - (m >> 7)) & 0x1b1b1b1b);
-            m = tp4 & 0x80808080;
-            tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^
-                ((m - (m >> 7)) & 0x1b1b1b1b);
-            tp9 = tp8 ^ tp1;
-            tpb = tp9 ^ tp2;
-            tpd = tp9 ^ tp4;
-            tpe = tp8 ^ tp4 ^ tp2;
-#if defined(ROTATE)
-            t[i] = tpe ^ ROTATE(tpd,16) ^
-                ROTATE(tp9,8) ^ ROTATE(tpb,24);
-#else
-            t[i] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ 
-                (tp9 >> 24) ^ (tp9 << 8) ^
-                (tpb >> 8) ^ (tpb << 24);
-#endif
-            t[i] ^= rk[4+i];
-        }
-    }
-#else
-    t[0] =  Td0[(s0      ) & 0xff] ^
-        Td1[(s3 >>  8) & 0xff] ^
-        Td2[(s2 >> 16) & 0xff] ^
-        Td3[(s1 >> 24)       ] ^
-        rk[4];
-    t[1] =  Td0[(s1      ) & 0xff] ^
-        Td1[(s0 >>  8) & 0xff] ^
-        Td2[(s3 >> 16) & 0xff] ^
-        Td3[(s2 >> 24)       ] ^
-        rk[5];
-    t[2] =  Td0[(s2      ) & 0xff] ^
-        Td1[(s1 >>  8) & 0xff] ^
-        Td2[(s0 >> 16) & 0xff] ^
-        Td3[(s3 >> 24)       ] ^
-        rk[6];
-    t[3] =  Td0[(s3      ) & 0xff] ^
-        Td1[(s2 >>  8) & 0xff] ^
-        Td2[(s1 >> 16) & 0xff] ^
-        Td3[(s0 >> 24)       ] ^
-        rk[7];
-#endif
-    s0 = t[0]; s1 = t[1]; s2 = t[2]; s3 = t[3];
-
-    /*
-     * Nr - 2 full rounds:
-     */
-    for (rk+=8,r=key->rounds-2; r>0; rk+=4,r--) {
-#if defined(AES_COMPACT_IN_INNER_ROUNDS)
-        t[0] = (u32)Td4[(s0      ) & 0xff]       ^
-               (u32)Td4[(s3 >>  8) & 0xff] <<  8 ^
-               (u32)Td4[(s2 >> 16) & 0xff] << 16 ^
-               (u32)Td4[(s1 >> 24)       ] << 24;
-        t[1] = (u32)Td4[(s1      ) & 0xff]       ^
-               (u32)Td4[(s0 >>  8) & 0xff] <<  8 ^
-               (u32)Td4[(s3 >> 16) & 0xff] << 16 ^
-               (u32)Td4[(s2 >> 24)       ] << 24;
-        t[2] = (u32)Td4[(s2      ) & 0xff]       ^
-               (u32)Td4[(s1 >>  8) & 0xff] <<  8 ^
-               (u32)Td4[(s0 >> 16) & 0xff] << 16 ^
-               (u32)Td4[(s3 >> 24)       ] << 24;
-        t[3] = (u32)Td4[(s3      ) & 0xff]       ^
-               (u32)Td4[(s2 >>  8) & 0xff] <<  8 ^
-               (u32)Td4[(s1 >> 16) & 0xff] << 16 ^
-               (u32)Td4[(s0 >> 24)       ] << 24;
-
-    /* now do the linear transform using words */ 
-    {
-        int i;
-        u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m;
-
-        for (i = 0; i < 4; i++) {
-            tp1 = t[i];
-            m = tp1 & 0x80808080;
-            tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^
-                ((m - (m >> 7)) & 0x1b1b1b1b);
-            m = tp2 & 0x80808080;
-            tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^
-                ((m - (m >> 7)) & 0x1b1b1b1b);
-            m = tp4 & 0x80808080;
-            tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^
-                ((m - (m >> 7)) & 0x1b1b1b1b);
-            tp9 = tp8 ^ tp1;
-            tpb = tp9 ^ tp2;
-            tpd = tp9 ^ tp4;
-            tpe = tp8 ^ tp4 ^ tp2;
-#if defined(ROTATE)
-            t[i] = tpe ^ ROTATE(tpd,16) ^
-                ROTATE(tp9,8) ^ ROTATE(tpb,24);
-#else
-            t[i] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ 
-                (tp9 >> 24) ^ (tp9 << 8) ^
-                (tpb >> 8) ^ (tpb << 24);
-#endif
-            t[i] ^= rk[i];
-        }
-    }
-#else
-    t[0] =  Td0[(s0      ) & 0xff] ^
-        Td1[(s3 >>  8) & 0xff] ^
-        Td2[(s2 >> 16) & 0xff] ^
-        Td3[(s1 >> 24)       ] ^
-        rk[0];
-    t[1] =  Td0[(s1      ) & 0xff] ^
-        Td1[(s0 >>  8) & 0xff] ^
-        Td2[(s3 >> 16) & 0xff] ^
-        Td3[(s2 >> 24)       ] ^
-        rk[1];
-    t[2] =  Td0[(s2      ) & 0xff] ^
-        Td1[(s1 >>  8) & 0xff] ^
-        Td2[(s0 >> 16) & 0xff] ^
-        Td3[(s3 >> 24)       ] ^
-        rk[2];
-    t[3] =  Td0[(s3      ) & 0xff] ^
-        Td1[(s2 >>  8) & 0xff] ^
-        Td2[(s1 >> 16) & 0xff] ^
-        Td3[(s0 >> 24)       ] ^
-        rk[3];
-#endif
-    s0 = t[0]; s1 = t[1]; s2 = t[2]; s3 = t[3];
-    }
-    /*
-     * apply last round and
-     * map cipher state to byte array block:
-     */
-    prefetch256(Td4);
-
-    *(u32*)(out+0) =
-        ((u32)Td4[(s0      ) & 0xff])    ^
-        ((u32)Td4[(s3 >>  8) & 0xff] <<  8) ^
-        ((u32)Td4[(s2 >> 16) & 0xff] << 16) ^
-        ((u32)Td4[(s1 >> 24)       ] << 24) ^
-        rk[0];
-    *(u32*)(out+4) =
-        ((u32)Td4[(s1      ) & 0xff])     ^
-        ((u32)Td4[(s0 >>  8) & 0xff] <<  8) ^
-        ((u32)Td4[(s3 >> 16) & 0xff] << 16) ^
-        ((u32)Td4[(s2 >> 24)       ] << 24) ^
-        rk[1];
-    *(u32*)(out+8) =
-        ((u32)Td4[(s2      ) & 0xff])     ^
-        ((u32)Td4[(s1 >>  8) & 0xff] <<  8) ^
-        ((u32)Td4[(s0 >> 16) & 0xff] << 16) ^
-        ((u32)Td4[(s3 >> 24)       ] << 24) ^
-        rk[2];
-    *(u32*)(out+12) =
-        ((u32)Td4[(s3      ) & 0xff])     ^
-        ((u32)Td4[(s2 >>  8) & 0xff] <<  8) ^
-        ((u32)Td4[(s1 >> 16) & 0xff] << 16) ^
-        ((u32)Td4[(s0 >> 24)       ] << 24) ^
-        rk[3];
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/aes/aes_x86core.c (from rev 11605, vendor-crypto/openssl/dist/crypto/aes/aes_x86core.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/aes/aes_x86core.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/aes/aes_x86core.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,1070 @@
+/* crypto/aes/aes_core.c */
+/**
+ * rijndael-alg-fst.c
+ *
+ * @version 3.0 (December 2000)
+ *
+ * Optimised ANSI C code for the Rijndael cipher (now AES)
+ *
+ * @author Vincent Rijmen <vincent.rijmen at esat.kuleuven.ac.be>
+ * @author Antoon Bosselaers <antoon.bosselaers at esat.kuleuven.ac.be>
+ * @author Paulo Barreto <paulo.barreto at terra.com.br>
+ *
+ * This code is hereby placed in the public domain.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This is experimental x86[_64] derivative. It assumes little-endian
+ * byte order and expects CPU to sustain unaligned memory references.
+ * It is used as playground for cache-time attack mitigations and
+ * serves as reference C implementation for x86[_64] assembler.
+ *
+ *                  <appro at fy.chalmers.se>
+ */
+
+
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <stdlib.h>
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+/*
+ * These two parameters control which table, 256-byte or 2KB, is
+ * referenced in outer and respectively inner rounds.
+ */
+#define AES_COMPACT_IN_OUTER_ROUNDS
+#ifdef  AES_COMPACT_IN_OUTER_ROUNDS
+/* AES_COMPACT_IN_OUTER_ROUNDS costs ~30% in performance, while
+ * adding AES_COMPACT_IN_INNER_ROUNDS reduces benchmark *further*
+ * by factor of ~2. */
+# undef  AES_COMPACT_IN_INNER_ROUNDS
+#endif
+
+#if 1
+static void prefetch256(const void *table)
+{
+    volatile unsigned long *t=(void *)table,ret;
+    unsigned long sum;
+    int i;
+
+    /* 32 is common least cache-line size */
+    for (sum=0,i=0;i<256/sizeof(t[0]);i+=32/sizeof(t[0]))   sum ^= t[i];
+
+    ret = sum;
+}
+#else
+# define prefetch256(t)
+#endif
+
+#undef GETU32
+#define GETU32(p) (*((u32*)(p)))
+
+#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
+typedef unsigned __int64 u64;
+#define U64(C)  C##UI64
+#elif defined(__arch64__)
+typedef unsigned long u64;
+#define U64(C)  C##UL
+#else
+typedef unsigned long long u64;
+#define U64(C)  C##ULL
+#endif
+
+#undef ROTATE
+#if defined(_MSC_VER) || defined(__ICC)
+# define ROTATE(a,n)	_lrotl(a,n)
+#elif defined(__GNUC__) && __GNUC__>=2
+# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+#   define ROTATE(a,n)  ({ register unsigned int ret;   \
+                asm (           \
+                "roll %1,%0"        \
+                : "=r"(ret)     \
+                : "I"(n), "0"(a)    \
+                : "cc");        \
+               ret;             \
+            })
+# endif
+#endif
+/*-
+Te [x] = S [x].[02, 01, 01, 03, 02, 01, 01, 03];
+Te0[x] = S [x].[02, 01, 01, 03];
+Te1[x] = S [x].[03, 02, 01, 01];
+Te2[x] = S [x].[01, 03, 02, 01];
+Te3[x] = S [x].[01, 01, 03, 02];
+*/
+#define Te0 (u32)((u64*)((u8*)Te+0))
+#define Te1 (u32)((u64*)((u8*)Te+3))
+#define Te2 (u32)((u64*)((u8*)Te+2))
+#define Te3 (u32)((u64*)((u8*)Te+1))
+/*-
+Td [x] = Si[x].[0e, 09, 0d, 0b, 0e, 09, 0d, 0b];
+Td0[x] = Si[x].[0e, 09, 0d, 0b];
+Td1[x] = Si[x].[0b, 0e, 09, 0d];
+Td2[x] = Si[x].[0d, 0b, 0e, 09];
+Td3[x] = Si[x].[09, 0d, 0b, 0e];
+Td4[x] = Si[x].[01];
+*/
+#define Td0 (u32)((u64*)((u8*)Td+0))
+#define Td1 (u32)((u64*)((u8*)Td+3))
+#define Td2 (u32)((u64*)((u8*)Td+2))
+#define Td3 (u32)((u64*)((u8*)Td+1))
+
+static const u64 Te[256] = {
+    U64(0xa56363c6a56363c6), U64(0x847c7cf8847c7cf8),
+    U64(0x997777ee997777ee), U64(0x8d7b7bf68d7b7bf6),
+    U64(0x0df2f2ff0df2f2ff), U64(0xbd6b6bd6bd6b6bd6),
+    U64(0xb16f6fdeb16f6fde), U64(0x54c5c59154c5c591),
+    U64(0x5030306050303060), U64(0x0301010203010102),
+    U64(0xa96767cea96767ce), U64(0x7d2b2b567d2b2b56),
+    U64(0x19fefee719fefee7), U64(0x62d7d7b562d7d7b5),
+    U64(0xe6abab4de6abab4d), U64(0x9a7676ec9a7676ec),
+    U64(0x45caca8f45caca8f), U64(0x9d82821f9d82821f),
+    U64(0x40c9c98940c9c989), U64(0x877d7dfa877d7dfa),
+    U64(0x15fafaef15fafaef), U64(0xeb5959b2eb5959b2),
+    U64(0xc947478ec947478e), U64(0x0bf0f0fb0bf0f0fb),
+    U64(0xecadad41ecadad41), U64(0x67d4d4b367d4d4b3),
+    U64(0xfda2a25ffda2a25f), U64(0xeaafaf45eaafaf45),
+    U64(0xbf9c9c23bf9c9c23), U64(0xf7a4a453f7a4a453),
+    U64(0x967272e4967272e4), U64(0x5bc0c09b5bc0c09b),
+    U64(0xc2b7b775c2b7b775), U64(0x1cfdfde11cfdfde1),
+    U64(0xae93933dae93933d), U64(0x6a26264c6a26264c),
+    U64(0x5a36366c5a36366c), U64(0x413f3f7e413f3f7e),
+    U64(0x02f7f7f502f7f7f5), U64(0x4fcccc834fcccc83),
+    U64(0x5c3434685c343468), U64(0xf4a5a551f4a5a551),
+    U64(0x34e5e5d134e5e5d1), U64(0x08f1f1f908f1f1f9),
+    U64(0x937171e2937171e2), U64(0x73d8d8ab73d8d8ab),
+    U64(0x5331316253313162), U64(0x3f15152a3f15152a),
+    U64(0x0c0404080c040408), U64(0x52c7c79552c7c795),
+    U64(0x6523234665232346), U64(0x5ec3c39d5ec3c39d),
+    U64(0x2818183028181830), U64(0xa1969637a1969637),
+    U64(0x0f05050a0f05050a), U64(0xb59a9a2fb59a9a2f),
+    U64(0x0907070e0907070e), U64(0x3612122436121224),
+    U64(0x9b80801b9b80801b), U64(0x3de2e2df3de2e2df),
+    U64(0x26ebebcd26ebebcd), U64(0x6927274e6927274e),
+    U64(0xcdb2b27fcdb2b27f), U64(0x9f7575ea9f7575ea),
+    U64(0x1b0909121b090912), U64(0x9e83831d9e83831d),
+    U64(0x742c2c58742c2c58), U64(0x2e1a1a342e1a1a34),
+    U64(0x2d1b1b362d1b1b36), U64(0xb26e6edcb26e6edc),
+    U64(0xee5a5ab4ee5a5ab4), U64(0xfba0a05bfba0a05b),
+    U64(0xf65252a4f65252a4), U64(0x4d3b3b764d3b3b76),
+    U64(0x61d6d6b761d6d6b7), U64(0xceb3b37dceb3b37d),
+    U64(0x7b2929527b292952), U64(0x3ee3e3dd3ee3e3dd),
+    U64(0x712f2f5e712f2f5e), U64(0x9784841397848413),
+    U64(0xf55353a6f55353a6), U64(0x68d1d1b968d1d1b9),
+    U64(0x0000000000000000), U64(0x2cededc12cededc1),
+    U64(0x6020204060202040), U64(0x1ffcfce31ffcfce3),
+    U64(0xc8b1b179c8b1b179), U64(0xed5b5bb6ed5b5bb6),
+    U64(0xbe6a6ad4be6a6ad4), U64(0x46cbcb8d46cbcb8d),
+    U64(0xd9bebe67d9bebe67), U64(0x4b3939724b393972),
+    U64(0xde4a4a94de4a4a94), U64(0xd44c4c98d44c4c98),
+    U64(0xe85858b0e85858b0), U64(0x4acfcf854acfcf85),
+    U64(0x6bd0d0bb6bd0d0bb), U64(0x2aefefc52aefefc5),
+    U64(0xe5aaaa4fe5aaaa4f), U64(0x16fbfbed16fbfbed),
+    U64(0xc5434386c5434386), U64(0xd74d4d9ad74d4d9a),
+    U64(0x5533336655333366), U64(0x9485851194858511),
+    U64(0xcf45458acf45458a), U64(0x10f9f9e910f9f9e9),
+    U64(0x0602020406020204), U64(0x817f7ffe817f7ffe),
+    U64(0xf05050a0f05050a0), U64(0x443c3c78443c3c78),
+    U64(0xba9f9f25ba9f9f25), U64(0xe3a8a84be3a8a84b),
+    U64(0xf35151a2f35151a2), U64(0xfea3a35dfea3a35d),
+    U64(0xc0404080c0404080), U64(0x8a8f8f058a8f8f05),
+    U64(0xad92923fad92923f), U64(0xbc9d9d21bc9d9d21),
+    U64(0x4838387048383870), U64(0x04f5f5f104f5f5f1),
+    U64(0xdfbcbc63dfbcbc63), U64(0xc1b6b677c1b6b677),
+    U64(0x75dadaaf75dadaaf), U64(0x6321214263212142),
+    U64(0x3010102030101020), U64(0x1affffe51affffe5),
+    U64(0x0ef3f3fd0ef3f3fd), U64(0x6dd2d2bf6dd2d2bf),
+    U64(0x4ccdcd814ccdcd81), U64(0x140c0c18140c0c18),
+    U64(0x3513132635131326), U64(0x2fececc32fececc3),
+    U64(0xe15f5fbee15f5fbe), U64(0xa2979735a2979735),
+    U64(0xcc444488cc444488), U64(0x3917172e3917172e),
+    U64(0x57c4c49357c4c493), U64(0xf2a7a755f2a7a755),
+    U64(0x827e7efc827e7efc), U64(0x473d3d7a473d3d7a),
+    U64(0xac6464c8ac6464c8), U64(0xe75d5dbae75d5dba),
+    U64(0x2b1919322b191932), U64(0x957373e6957373e6),
+    U64(0xa06060c0a06060c0), U64(0x9881811998818119),
+    U64(0xd14f4f9ed14f4f9e), U64(0x7fdcdca37fdcdca3),
+    U64(0x6622224466222244), U64(0x7e2a2a547e2a2a54),
+    U64(0xab90903bab90903b), U64(0x8388880b8388880b),
+    U64(0xca46468cca46468c), U64(0x29eeeec729eeeec7),
+    U64(0xd3b8b86bd3b8b86b), U64(0x3c1414283c141428),
+    U64(0x79dedea779dedea7), U64(0xe25e5ebce25e5ebc),
+    U64(0x1d0b0b161d0b0b16), U64(0x76dbdbad76dbdbad),
+    U64(0x3be0e0db3be0e0db), U64(0x5632326456323264),
+    U64(0x4e3a3a744e3a3a74), U64(0x1e0a0a141e0a0a14),
+    U64(0xdb494992db494992), U64(0x0a06060c0a06060c),
+    U64(0x6c2424486c242448), U64(0xe45c5cb8e45c5cb8),
+    U64(0x5dc2c29f5dc2c29f), U64(0x6ed3d3bd6ed3d3bd),
+    U64(0xefacac43efacac43), U64(0xa66262c4a66262c4),
+    U64(0xa8919139a8919139), U64(0xa4959531a4959531),
+    U64(0x37e4e4d337e4e4d3), U64(0x8b7979f28b7979f2),
+    U64(0x32e7e7d532e7e7d5), U64(0x43c8c88b43c8c88b),
+    U64(0x5937376e5937376e), U64(0xb76d6ddab76d6dda),
+    U64(0x8c8d8d018c8d8d01), U64(0x64d5d5b164d5d5b1),
+    U64(0xd24e4e9cd24e4e9c), U64(0xe0a9a949e0a9a949),
+    U64(0xb46c6cd8b46c6cd8), U64(0xfa5656acfa5656ac),
+    U64(0x07f4f4f307f4f4f3), U64(0x25eaeacf25eaeacf),
+    U64(0xaf6565caaf6565ca), U64(0x8e7a7af48e7a7af4),
+    U64(0xe9aeae47e9aeae47), U64(0x1808081018080810),
+    U64(0xd5baba6fd5baba6f), U64(0x887878f0887878f0),
+    U64(0x6f25254a6f25254a), U64(0x722e2e5c722e2e5c),
+    U64(0x241c1c38241c1c38), U64(0xf1a6a657f1a6a657),
+    U64(0xc7b4b473c7b4b473), U64(0x51c6c69751c6c697),
+    U64(0x23e8e8cb23e8e8cb), U64(0x7cdddda17cdddda1),
+    U64(0x9c7474e89c7474e8), U64(0x211f1f3e211f1f3e),
+    U64(0xdd4b4b96dd4b4b96), U64(0xdcbdbd61dcbdbd61),
+    U64(0x868b8b0d868b8b0d), U64(0x858a8a0f858a8a0f),
+    U64(0x907070e0907070e0), U64(0x423e3e7c423e3e7c),
+    U64(0xc4b5b571c4b5b571), U64(0xaa6666ccaa6666cc),
+    U64(0xd8484890d8484890), U64(0x0503030605030306),
+    U64(0x01f6f6f701f6f6f7), U64(0x120e0e1c120e0e1c),
+    U64(0xa36161c2a36161c2), U64(0x5f35356a5f35356a),
+    U64(0xf95757aef95757ae), U64(0xd0b9b969d0b9b969),
+    U64(0x9186861791868617), U64(0x58c1c19958c1c199),
+    U64(0x271d1d3a271d1d3a), U64(0xb99e9e27b99e9e27),
+    U64(0x38e1e1d938e1e1d9), U64(0x13f8f8eb13f8f8eb),
+    U64(0xb398982bb398982b), U64(0x3311112233111122),
+    U64(0xbb6969d2bb6969d2), U64(0x70d9d9a970d9d9a9),
+    U64(0x898e8e07898e8e07), U64(0xa7949433a7949433),
+    U64(0xb69b9b2db69b9b2d), U64(0x221e1e3c221e1e3c),
+    U64(0x9287871592878715), U64(0x20e9e9c920e9e9c9),
+    U64(0x49cece8749cece87), U64(0xff5555aaff5555aa),
+    U64(0x7828285078282850), U64(0x7adfdfa57adfdfa5),
+    U64(0x8f8c8c038f8c8c03), U64(0xf8a1a159f8a1a159),
+    U64(0x8089890980898909), U64(0x170d0d1a170d0d1a),
+    U64(0xdabfbf65dabfbf65), U64(0x31e6e6d731e6e6d7),
+    U64(0xc6424284c6424284), U64(0xb86868d0b86868d0),
+    U64(0xc3414182c3414182), U64(0xb0999929b0999929),
+    U64(0x772d2d5a772d2d5a), U64(0x110f0f1e110f0f1e),
+    U64(0xcbb0b07bcbb0b07b), U64(0xfc5454a8fc5454a8),
+    U64(0xd6bbbb6dd6bbbb6d), U64(0x3a16162c3a16162c)
+};
+
+static const u8 Te4[256] = {
+    0x63U, 0x7cU, 0x77U, 0x7bU, 0xf2U, 0x6bU, 0x6fU, 0xc5U,
+    0x30U, 0x01U, 0x67U, 0x2bU, 0xfeU, 0xd7U, 0xabU, 0x76U,
+    0xcaU, 0x82U, 0xc9U, 0x7dU, 0xfaU, 0x59U, 0x47U, 0xf0U,
+    0xadU, 0xd4U, 0xa2U, 0xafU, 0x9cU, 0xa4U, 0x72U, 0xc0U,
+    0xb7U, 0xfdU, 0x93U, 0x26U, 0x36U, 0x3fU, 0xf7U, 0xccU,
+    0x34U, 0xa5U, 0xe5U, 0xf1U, 0x71U, 0xd8U, 0x31U, 0x15U,
+    0x04U, 0xc7U, 0x23U, 0xc3U, 0x18U, 0x96U, 0x05U, 0x9aU,
+    0x07U, 0x12U, 0x80U, 0xe2U, 0xebU, 0x27U, 0xb2U, 0x75U,
+    0x09U, 0x83U, 0x2cU, 0x1aU, 0x1bU, 0x6eU, 0x5aU, 0xa0U,
+    0x52U, 0x3bU, 0xd6U, 0xb3U, 0x29U, 0xe3U, 0x2fU, 0x84U,
+    0x53U, 0xd1U, 0x00U, 0xedU, 0x20U, 0xfcU, 0xb1U, 0x5bU,
+    0x6aU, 0xcbU, 0xbeU, 0x39U, 0x4aU, 0x4cU, 0x58U, 0xcfU,
+    0xd0U, 0xefU, 0xaaU, 0xfbU, 0x43U, 0x4dU, 0x33U, 0x85U,
+    0x45U, 0xf9U, 0x02U, 0x7fU, 0x50U, 0x3cU, 0x9fU, 0xa8U,
+    0x51U, 0xa3U, 0x40U, 0x8fU, 0x92U, 0x9dU, 0x38U, 0xf5U,
+    0xbcU, 0xb6U, 0xdaU, 0x21U, 0x10U, 0xffU, 0xf3U, 0xd2U,
+    0xcdU, 0x0cU, 0x13U, 0xecU, 0x5fU, 0x97U, 0x44U, 0x17U,
+    0xc4U, 0xa7U, 0x7eU, 0x3dU, 0x64U, 0x5dU, 0x19U, 0x73U,
+    0x60U, 0x81U, 0x4fU, 0xdcU, 0x22U, 0x2aU, 0x90U, 0x88U,
+    0x46U, 0xeeU, 0xb8U, 0x14U, 0xdeU, 0x5eU, 0x0bU, 0xdbU,
+    0xe0U, 0x32U, 0x3aU, 0x0aU, 0x49U, 0x06U, 0x24U, 0x5cU,
+    0xc2U, 0xd3U, 0xacU, 0x62U, 0x91U, 0x95U, 0xe4U, 0x79U,
+    0xe7U, 0xc8U, 0x37U, 0x6dU, 0x8dU, 0xd5U, 0x4eU, 0xa9U,
+    0x6cU, 0x56U, 0xf4U, 0xeaU, 0x65U, 0x7aU, 0xaeU, 0x08U,
+    0xbaU, 0x78U, 0x25U, 0x2eU, 0x1cU, 0xa6U, 0xb4U, 0xc6U,
+    0xe8U, 0xddU, 0x74U, 0x1fU, 0x4bU, 0xbdU, 0x8bU, 0x8aU,
+    0x70U, 0x3eU, 0xb5U, 0x66U, 0x48U, 0x03U, 0xf6U, 0x0eU,
+    0x61U, 0x35U, 0x57U, 0xb9U, 0x86U, 0xc1U, 0x1dU, 0x9eU,
+    0xe1U, 0xf8U, 0x98U, 0x11U, 0x69U, 0xd9U, 0x8eU, 0x94U,
+    0x9bU, 0x1eU, 0x87U, 0xe9U, 0xceU, 0x55U, 0x28U, 0xdfU,
+    0x8cU, 0xa1U, 0x89U, 0x0dU, 0xbfU, 0xe6U, 0x42U, 0x68U,
+    0x41U, 0x99U, 0x2dU, 0x0fU, 0xb0U, 0x54U, 0xbbU, 0x16U
+};
+
+static const u64 Td[256] = {
+    U64(0x50a7f45150a7f451), U64(0x5365417e5365417e),
+    U64(0xc3a4171ac3a4171a), U64(0x965e273a965e273a),
+    U64(0xcb6bab3bcb6bab3b), U64(0xf1459d1ff1459d1f),
+    U64(0xab58faacab58faac), U64(0x9303e34b9303e34b),
+    U64(0x55fa302055fa3020), U64(0xf66d76adf66d76ad),
+    U64(0x9176cc889176cc88), U64(0x254c02f5254c02f5),
+    U64(0xfcd7e54ffcd7e54f), U64(0xd7cb2ac5d7cb2ac5),
+    U64(0x8044352680443526), U64(0x8fa362b58fa362b5),
+    U64(0x495ab1de495ab1de), U64(0x671bba25671bba25),
+    U64(0x980eea45980eea45), U64(0xe1c0fe5de1c0fe5d),
+    U64(0x02752fc302752fc3), U64(0x12f04c8112f04c81),
+    U64(0xa397468da397468d), U64(0xc6f9d36bc6f9d36b),
+    U64(0xe75f8f03e75f8f03), U64(0x959c9215959c9215),
+    U64(0xeb7a6dbfeb7a6dbf), U64(0xda595295da595295),
+    U64(0x2d83bed42d83bed4), U64(0xd3217458d3217458),
+    U64(0x2969e0492969e049), U64(0x44c8c98e44c8c98e),
+    U64(0x6a89c2756a89c275), U64(0x78798ef478798ef4),
+    U64(0x6b3e58996b3e5899), U64(0xdd71b927dd71b927),
+    U64(0xb64fe1beb64fe1be), U64(0x17ad88f017ad88f0),
+    U64(0x66ac20c966ac20c9), U64(0xb43ace7db43ace7d),
+    U64(0x184adf63184adf63), U64(0x82311ae582311ae5),
+    U64(0x6033519760335197), U64(0x457f5362457f5362),
+    U64(0xe07764b1e07764b1), U64(0x84ae6bbb84ae6bbb),
+    U64(0x1ca081fe1ca081fe), U64(0x942b08f9942b08f9),
+    U64(0x5868487058684870), U64(0x19fd458f19fd458f),
+    U64(0x876cde94876cde94), U64(0xb7f87b52b7f87b52),
+    U64(0x23d373ab23d373ab), U64(0xe2024b72e2024b72),
+    U64(0x578f1fe3578f1fe3), U64(0x2aab55662aab5566),
+    U64(0x0728ebb20728ebb2), U64(0x03c2b52f03c2b52f),
+    U64(0x9a7bc5869a7bc586), U64(0xa50837d3a50837d3),
+    U64(0xf2872830f2872830), U64(0xb2a5bf23b2a5bf23),
+    U64(0xba6a0302ba6a0302), U64(0x5c8216ed5c8216ed),
+    U64(0x2b1ccf8a2b1ccf8a), U64(0x92b479a792b479a7),
+    U64(0xf0f207f3f0f207f3), U64(0xa1e2694ea1e2694e),
+    U64(0xcdf4da65cdf4da65), U64(0xd5be0506d5be0506),
+    U64(0x1f6234d11f6234d1), U64(0x8afea6c48afea6c4),
+    U64(0x9d532e349d532e34), U64(0xa055f3a2a055f3a2),
+    U64(0x32e18a0532e18a05), U64(0x75ebf6a475ebf6a4),
+    U64(0x39ec830b39ec830b), U64(0xaaef6040aaef6040),
+    U64(0x069f715e069f715e), U64(0x51106ebd51106ebd),
+    U64(0xf98a213ef98a213e), U64(0x3d06dd963d06dd96),
+    U64(0xae053eddae053edd), U64(0x46bde64d46bde64d),
+    U64(0xb58d5491b58d5491), U64(0x055dc471055dc471),
+    U64(0x6fd406046fd40604), U64(0xff155060ff155060),
+    U64(0x24fb981924fb9819), U64(0x97e9bdd697e9bdd6),
+    U64(0xcc434089cc434089), U64(0x779ed967779ed967),
+    U64(0xbd42e8b0bd42e8b0), U64(0x888b8907888b8907),
+    U64(0x385b19e7385b19e7), U64(0xdbeec879dbeec879),
+    U64(0x470a7ca1470a7ca1), U64(0xe90f427ce90f427c),
+    U64(0xc91e84f8c91e84f8), U64(0x0000000000000000),
+    U64(0x8386800983868009), U64(0x48ed2b3248ed2b32),
+    U64(0xac70111eac70111e), U64(0x4e725a6c4e725a6c),
+    U64(0xfbff0efdfbff0efd), U64(0x5638850f5638850f),
+    U64(0x1ed5ae3d1ed5ae3d), U64(0x27392d3627392d36),
+    U64(0x64d90f0a64d90f0a), U64(0x21a65c6821a65c68),
+    U64(0xd1545b9bd1545b9b), U64(0x3a2e36243a2e3624),
+    U64(0xb1670a0cb1670a0c), U64(0x0fe757930fe75793),
+    U64(0xd296eeb4d296eeb4), U64(0x9e919b1b9e919b1b),
+    U64(0x4fc5c0804fc5c080), U64(0xa220dc61a220dc61),
+    U64(0x694b775a694b775a), U64(0x161a121c161a121c),
+    U64(0x0aba93e20aba93e2), U64(0xe52aa0c0e52aa0c0),
+    U64(0x43e0223c43e0223c), U64(0x1d171b121d171b12),
+    U64(0x0b0d090e0b0d090e), U64(0xadc78bf2adc78bf2),
+    U64(0xb9a8b62db9a8b62d), U64(0xc8a91e14c8a91e14),
+    U64(0x8519f1578519f157), U64(0x4c0775af4c0775af),
+    U64(0xbbdd99eebbdd99ee), U64(0xfd607fa3fd607fa3),
+    U64(0x9f2601f79f2601f7), U64(0xbcf5725cbcf5725c),
+    U64(0xc53b6644c53b6644), U64(0x347efb5b347efb5b),
+    U64(0x7629438b7629438b), U64(0xdcc623cbdcc623cb),
+    U64(0x68fcedb668fcedb6), U64(0x63f1e4b863f1e4b8),
+    U64(0xcadc31d7cadc31d7), U64(0x1085634210856342),
+    U64(0x4022971340229713), U64(0x2011c6842011c684),
+    U64(0x7d244a857d244a85), U64(0xf83dbbd2f83dbbd2),
+    U64(0x1132f9ae1132f9ae), U64(0x6da129c76da129c7),
+    U64(0x4b2f9e1d4b2f9e1d), U64(0xf330b2dcf330b2dc),
+    U64(0xec52860dec52860d), U64(0xd0e3c177d0e3c177),
+    U64(0x6c16b32b6c16b32b), U64(0x99b970a999b970a9),
+    U64(0xfa489411fa489411), U64(0x2264e9472264e947),
+    U64(0xc48cfca8c48cfca8), U64(0x1a3ff0a01a3ff0a0),
+    U64(0xd82c7d56d82c7d56), U64(0xef903322ef903322),
+    U64(0xc74e4987c74e4987), U64(0xc1d138d9c1d138d9),
+    U64(0xfea2ca8cfea2ca8c), U64(0x360bd498360bd498),
+    U64(0xcf81f5a6cf81f5a6), U64(0x28de7aa528de7aa5),
+    U64(0x268eb7da268eb7da), U64(0xa4bfad3fa4bfad3f),
+    U64(0xe49d3a2ce49d3a2c), U64(0x0d9278500d927850),
+    U64(0x9bcc5f6a9bcc5f6a), U64(0x62467e5462467e54),
+    U64(0xc2138df6c2138df6), U64(0xe8b8d890e8b8d890),
+    U64(0x5ef7392e5ef7392e), U64(0xf5afc382f5afc382),
+    U64(0xbe805d9fbe805d9f), U64(0x7c93d0697c93d069),
+    U64(0xa92dd56fa92dd56f), U64(0xb31225cfb31225cf),
+    U64(0x3b99acc83b99acc8), U64(0xa77d1810a77d1810),
+    U64(0x6e639ce86e639ce8), U64(0x7bbb3bdb7bbb3bdb),
+    U64(0x097826cd097826cd), U64(0xf418596ef418596e),
+    U64(0x01b79aec01b79aec), U64(0xa89a4f83a89a4f83),
+    U64(0x656e95e6656e95e6), U64(0x7ee6ffaa7ee6ffaa),
+    U64(0x08cfbc2108cfbc21), U64(0xe6e815efe6e815ef),
+    U64(0xd99be7bad99be7ba), U64(0xce366f4ace366f4a),
+    U64(0xd4099fead4099fea), U64(0xd67cb029d67cb029),
+    U64(0xafb2a431afb2a431), U64(0x31233f2a31233f2a),
+    U64(0x3094a5c63094a5c6), U64(0xc066a235c066a235),
+    U64(0x37bc4e7437bc4e74), U64(0xa6ca82fca6ca82fc),
+    U64(0xb0d090e0b0d090e0), U64(0x15d8a73315d8a733),
+    U64(0x4a9804f14a9804f1), U64(0xf7daec41f7daec41),
+    U64(0x0e50cd7f0e50cd7f), U64(0x2ff691172ff69117),
+    U64(0x8dd64d768dd64d76), U64(0x4db0ef434db0ef43),
+    U64(0x544daacc544daacc), U64(0xdf0496e4df0496e4),
+    U64(0xe3b5d19ee3b5d19e), U64(0x1b886a4c1b886a4c),
+    U64(0xb81f2cc1b81f2cc1), U64(0x7f5165467f516546),
+    U64(0x04ea5e9d04ea5e9d), U64(0x5d358c015d358c01),
+    U64(0x737487fa737487fa), U64(0x2e410bfb2e410bfb),
+    U64(0x5a1d67b35a1d67b3), U64(0x52d2db9252d2db92),
+    U64(0x335610e9335610e9), U64(0x1347d66d1347d66d),
+    U64(0x8c61d79a8c61d79a), U64(0x7a0ca1377a0ca137),
+    U64(0x8e14f8598e14f859), U64(0x893c13eb893c13eb),
+    U64(0xee27a9ceee27a9ce), U64(0x35c961b735c961b7),
+    U64(0xede51ce1ede51ce1), U64(0x3cb1477a3cb1477a),
+    U64(0x59dfd29c59dfd29c), U64(0x3f73f2553f73f255),
+    U64(0x79ce141879ce1418), U64(0xbf37c773bf37c773),
+    U64(0xeacdf753eacdf753), U64(0x5baafd5f5baafd5f),
+    U64(0x146f3ddf146f3ddf), U64(0x86db447886db4478),
+    U64(0x81f3afca81f3afca), U64(0x3ec468b93ec468b9),
+    U64(0x2c3424382c342438), U64(0x5f40a3c25f40a3c2),
+    U64(0x72c31d1672c31d16), U64(0x0c25e2bc0c25e2bc),
+    U64(0x8b493c288b493c28), U64(0x41950dff41950dff),
+    U64(0x7101a8397101a839), U64(0xdeb30c08deb30c08),
+    U64(0x9ce4b4d89ce4b4d8), U64(0x90c1566490c15664),
+    U64(0x6184cb7b6184cb7b), U64(0x70b632d570b632d5),
+    U64(0x745c6c48745c6c48), U64(0x4257b8d04257b8d0)
+};
+static const u8 Td4[256] = {
+    0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
+    0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
+    0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U,
+    0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU,
+    0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU,
+    0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU,
+    0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U,
+    0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U,
+    0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U,
+    0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U,
+    0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU,
+    0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U,
+    0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU,
+    0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U,
+    0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U,
+    0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU,
+    0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU,
+    0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U,
+    0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U,
+    0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU,
+    0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U,
+    0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU,
+    0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U,
+    0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U,
+    0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U,
+    0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU,
+    0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU,
+    0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU,
+    0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U,
+    0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U,
+    0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U,
+    0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU
+};
+
+static const u32 rcon[] = {
+    0x00000001U, 0x00000002U, 0x00000004U, 0x00000008U,
+    0x00000010U, 0x00000020U, 0x00000040U, 0x00000080U,
+    0x0000001bU, 0x00000036U, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
+};
+
+/**
+ * Expand the cipher key into the encryption key schedule.
+ */
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key)
+{
+
+    u32 *rk;
+    int i = 0;
+    u32 temp;
+
+    if (!userKey || !key)
+        return -1;
+    if (bits != 128 && bits != 192 && bits != 256)
+        return -2;
+
+    rk = key->rd_key;
+
+    if (bits==128)
+        key->rounds = 10;
+    else if (bits==192)
+        key->rounds = 12;
+    else
+        key->rounds = 14;
+
+    rk[0] = GETU32(userKey     );
+    rk[1] = GETU32(userKey +  4);
+    rk[2] = GETU32(userKey +  8);
+    rk[3] = GETU32(userKey + 12);
+    if (bits == 128) {
+        while (1) {
+            temp  = rk[3];
+            rk[4] = rk[0] ^
+                ((u32)Te4[(temp >>  8) & 0xff]      ) ^
+                ((u32)Te4[(temp >> 16) & 0xff] <<  8) ^
+                ((u32)Te4[(temp >> 24)       ] << 16) ^
+                ((u32)Te4[(temp      ) & 0xff] << 24) ^
+                rcon[i];
+            rk[5] = rk[1] ^ rk[4];
+            rk[6] = rk[2] ^ rk[5];
+            rk[7] = rk[3] ^ rk[6];
+            if (++i == 10) {
+                return 0;
+            }
+            rk += 4;
+        }
+    }
+    rk[4] = GETU32(userKey + 16);
+    rk[5] = GETU32(userKey + 20);
+    if (bits == 192) {
+        while (1) {
+            temp = rk[ 5];
+            rk[ 6] = rk[ 0] ^
+                ((u32)Te4[(temp >>  8) & 0xff]      ) ^
+                ((u32)Te4[(temp >> 16) & 0xff] <<  8) ^
+                ((u32)Te4[(temp >> 24)       ] << 16) ^
+                ((u32)Te4[(temp      ) & 0xff] << 24) ^
+                rcon[i];
+            rk[ 7] = rk[ 1] ^ rk[ 6];
+            rk[ 8] = rk[ 2] ^ rk[ 7];
+            rk[ 9] = rk[ 3] ^ rk[ 8];
+            if (++i == 8) {
+                return 0;
+            }
+            rk[10] = rk[ 4] ^ rk[ 9];
+            rk[11] = rk[ 5] ^ rk[10];
+            rk += 6;
+        }
+    }
+    rk[6] = GETU32(userKey + 24);
+    rk[7] = GETU32(userKey + 28);
+    if (bits == 256) {
+        while (1) {
+            temp = rk[ 7];
+            rk[ 8] = rk[ 0] ^
+                ((u32)Te4[(temp >>  8) & 0xff]      ) ^
+                ((u32)Te4[(temp >> 16) & 0xff] <<  8) ^
+                ((u32)Te4[(temp >> 24)       ] << 16) ^
+                ((u32)Te4[(temp      ) & 0xff] << 24) ^
+                rcon[i];
+            rk[ 9] = rk[ 1] ^ rk[ 8];
+            rk[10] = rk[ 2] ^ rk[ 9];
+            rk[11] = rk[ 3] ^ rk[10];
+            if (++i == 7) {
+                return 0;
+            }
+            temp = rk[11];
+            rk[12] = rk[ 4] ^
+                ((u32)Te4[(temp      ) & 0xff]      ) ^
+                ((u32)Te4[(temp >>  8) & 0xff] <<  8) ^
+                ((u32)Te4[(temp >> 16) & 0xff] << 16) ^
+                ((u32)Te4[(temp >> 24)       ] << 24);
+            rk[13] = rk[ 5] ^ rk[12];
+            rk[14] = rk[ 6] ^ rk[13];
+            rk[15] = rk[ 7] ^ rk[14];
+
+            rk += 8;
+            }
+    }
+    return 0;
+}
+
+/**
+ * Expand the cipher key into the decryption key schedule.
+ */
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key)
+{
+
+    u32 *rk;
+    int i, j, status;
+    u32 temp;
+
+    /* first, start with an encryption schedule */
+    status = AES_set_encrypt_key(userKey, bits, key);
+    if (status < 0)
+        return status;
+
+    rk = key->rd_key;
+
+    /* invert the order of the round keys: */
+    for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
+        temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
+        temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
+        temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
+        temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
+    }
+    /* apply the inverse MixColumn transform to all round keys but the first and the last: */
+    for (i = 1; i < (key->rounds); i++) {
+        rk += 4;
+#if 1
+        for (j = 0; j < 4; j++) {
+            u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m;
+
+            tp1 = rk[j];
+            m = tp1 & 0x80808080;
+            tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            m = tp2 & 0x80808080;
+            tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            m = tp4 & 0x80808080;
+            tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            tp9 = tp8 ^ tp1;
+            tpb = tp9 ^ tp2;
+            tpd = tp9 ^ tp4;
+            tpe = tp8 ^ tp4 ^ tp2;
+#if defined(ROTATE)
+            rk[j] = tpe ^ ROTATE(tpd,16) ^
+                ROTATE(tp9,8) ^ ROTATE(tpb,24);
+#else
+            rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ 
+                (tp9 >> 24) ^ (tp9 << 8) ^
+                (tpb >> 8) ^ (tpb << 24);
+#endif
+        }
+#else
+        rk[0] =
+            Td0[Te2[(rk[0]      ) & 0xff] & 0xff] ^
+            Td1[Te2[(rk[0] >>  8) & 0xff] & 0xff] ^
+            Td2[Te2[(rk[0] >> 16) & 0xff] & 0xff] ^
+            Td3[Te2[(rk[0] >> 24)       ] & 0xff];
+        rk[1] =
+            Td0[Te2[(rk[1]      ) & 0xff] & 0xff] ^
+            Td1[Te2[(rk[1] >>  8) & 0xff] & 0xff] ^
+            Td2[Te2[(rk[1] >> 16) & 0xff] & 0xff] ^
+            Td3[Te2[(rk[1] >> 24)       ] & 0xff];
+        rk[2] =
+            Td0[Te2[(rk[2]      ) & 0xff] & 0xff] ^
+            Td1[Te2[(rk[2] >>  8) & 0xff] & 0xff] ^
+            Td2[Te2[(rk[2] >> 16) & 0xff] & 0xff] ^
+            Td3[Te2[(rk[2] >> 24)       ] & 0xff];
+        rk[3] =
+            Td0[Te2[(rk[3]      ) & 0xff] & 0xff] ^
+            Td1[Te2[(rk[3] >>  8) & 0xff] & 0xff] ^
+            Td2[Te2[(rk[3] >> 16) & 0xff] & 0xff] ^
+            Td3[Te2[(rk[3] >> 24)       ] & 0xff];
+#endif
+    }
+    return 0;
+}
+
+/*
+ * Encrypt a single block
+ * in and out can overlap
+ */
+void AES_encrypt(const unsigned char *in, unsigned char *out,
+                 const AES_KEY *key)
+{
+
+    const u32 *rk;
+    u32 s0, s1, s2, s3, t[4];
+    int r;
+
+    assert(in && out && key);
+    rk = key->rd_key;
+
+    /*
+     * map byte array block to cipher state
+     * and add initial round key:
+     */
+    s0 = GETU32(in     ) ^ rk[0];
+    s1 = GETU32(in +  4) ^ rk[1];
+    s2 = GETU32(in +  8) ^ rk[2];
+    s3 = GETU32(in + 12) ^ rk[3];
+
+#if defined(AES_COMPACT_IN_OUTER_ROUNDS)
+    prefetch256(Te4);
+
+    t[0] = (u32)Te4[(s0      ) & 0xff]       ^
+           (u32)Te4[(s1 >>  8) & 0xff] <<  8 ^
+           (u32)Te4[(s2 >> 16) & 0xff] << 16 ^
+           (u32)Te4[(s3 >> 24)       ] << 24;
+    t[1] = (u32)Te4[(s1      ) & 0xff]       ^
+           (u32)Te4[(s2 >>  8) & 0xff] <<  8 ^
+           (u32)Te4[(s3 >> 16) & 0xff] << 16 ^
+           (u32)Te4[(s0 >> 24)       ] << 24;
+    t[2] = (u32)Te4[(s2      ) & 0xff]       ^
+           (u32)Te4[(s3 >>  8) & 0xff] <<  8 ^
+           (u32)Te4[(s0 >> 16) & 0xff] << 16 ^
+           (u32)Te4[(s1 >> 24)       ] << 24;
+    t[3] = (u32)Te4[(s3      ) & 0xff]       ^
+           (u32)Te4[(s0 >>  8) & 0xff] <<  8 ^
+           (u32)Te4[(s1 >> 16) & 0xff] << 16 ^
+           (u32)Te4[(s2 >> 24)       ] << 24;
+
+    /* now do the linear transform using words */
+    {   int i;
+        u32 r0, r1, r2;
+
+        for (i = 0; i < 4; i++) {
+            r0 = t[i];
+            r1 = r0 & 0x80808080;
+            r2 = ((r0 & 0x7f7f7f7f) << 1) ^
+                ((r1 - (r1 >> 7)) & 0x1b1b1b1b);
+#if defined(ROTATE)
+            t[i] = r2 ^ ROTATE(r2,24) ^ ROTATE(r0,24) ^
+                ROTATE(r0,16) ^ ROTATE(r0,8);
+#else
+            t[i] = r2 ^ ((r2 ^ r0) << 24) ^ ((r2 ^ r0) >> 8) ^
+                (r0 << 16) ^ (r0 >> 16) ^
+                (r0 << 8) ^ (r0 >> 24);
+#endif
+            t[i] ^= rk[4+i];
+        }
+    }
+#else
+    t[0] =  Te0[(s0      ) & 0xff] ^
+        Te1[(s1 >>  8) & 0xff] ^
+        Te2[(s2 >> 16) & 0xff] ^
+        Te3[(s3 >> 24)       ] ^
+        rk[4];
+    t[1] =  Te0[(s1      ) & 0xff] ^
+        Te1[(s2 >>  8) & 0xff] ^
+        Te2[(s3 >> 16) & 0xff] ^
+        Te3[(s0 >> 24)       ] ^
+        rk[5];
+    t[2] =  Te0[(s2      ) & 0xff] ^
+        Te1[(s3 >>  8) & 0xff] ^
+        Te2[(s0 >> 16) & 0xff] ^
+        Te3[(s1 >> 24)       ] ^
+        rk[6];
+    t[3] =  Te0[(s3      ) & 0xff] ^
+        Te1[(s0 >>  8) & 0xff] ^
+        Te2[(s1 >> 16) & 0xff] ^
+        Te3[(s2 >> 24)       ] ^
+        rk[7];
+#endif
+    s0 = t[0]; s1 = t[1]; s2 = t[2]; s3 = t[3];
+
+    /*
+     * Nr - 2 full rounds:
+     */
+    for (rk+=8,r=key->rounds-2; r>0; rk+=4,r--) {
+#if defined(AES_COMPACT_IN_INNER_ROUNDS)
+        t[0] = (u32)Te4[(s0      ) & 0xff]       ^
+               (u32)Te4[(s1 >>  8) & 0xff] <<  8 ^
+               (u32)Te4[(s2 >> 16) & 0xff] << 16 ^
+               (u32)Te4[(s3 >> 24)       ] << 24;
+        t[1] = (u32)Te4[(s1      ) & 0xff]       ^
+               (u32)Te4[(s2 >>  8) & 0xff] <<  8 ^
+               (u32)Te4[(s3 >> 16) & 0xff] << 16 ^
+               (u32)Te4[(s0 >> 24)       ] << 24;
+        t[2] = (u32)Te4[(s2      ) & 0xff]       ^
+               (u32)Te4[(s3 >>  8) & 0xff] <<  8 ^
+               (u32)Te4[(s0 >> 16) & 0xff] << 16 ^
+               (u32)Te4[(s1 >> 24)       ] << 24;
+        t[3] = (u32)Te4[(s3      ) & 0xff]       ^
+               (u32)Te4[(s0 >>  8) & 0xff] <<  8 ^
+               (u32)Te4[(s1 >> 16) & 0xff] << 16 ^
+               (u32)Te4[(s2 >> 24)       ] << 24;
+
+        /* now do the linear transform using words */
+        {
+            int i;
+            u32 r0, r1, r2;
+
+            for (i = 0; i < 4; i++) {
+                r0 = t[i];
+                r1 = r0 & 0x80808080;
+                r2 = ((r0 & 0x7f7f7f7f) << 1) ^
+                    ((r1 - (r1 >> 7)) & 0x1b1b1b1b);
+#if defined(ROTATE)
+                t[i] = r2 ^ ROTATE(r2,24) ^ ROTATE(r0,24) ^
+                    ROTATE(r0,16) ^ ROTATE(r0,8);
+#else
+                t[i] = r2 ^ ((r2 ^ r0) << 24) ^ ((r2 ^ r0) >> 8) ^
+                    (r0 << 16) ^ (r0 >> 16) ^
+                    (r0 << 8) ^ (r0 >> 24);
+#endif
+                t[i] ^= rk[i];
+            }
+        }
+#else
+        t[0] =  Te0[(s0      ) & 0xff] ^
+            Te1[(s1 >>  8) & 0xff] ^
+            Te2[(s2 >> 16) & 0xff] ^
+            Te3[(s3 >> 24)       ] ^
+            rk[0];
+        t[1] =  Te0[(s1      ) & 0xff] ^
+            Te1[(s2 >>  8) & 0xff] ^
+            Te2[(s3 >> 16) & 0xff] ^
+            Te3[(s0 >> 24)       ] ^
+            rk[1];
+        t[2] =  Te0[(s2      ) & 0xff] ^
+            Te1[(s3 >>  8) & 0xff] ^
+            Te2[(s0 >> 16) & 0xff] ^
+            Te3[(s1 >> 24)       ] ^
+            rk[2];
+        t[3] =  Te0[(s3      ) & 0xff] ^
+            Te1[(s0 >>  8) & 0xff] ^
+            Te2[(s1 >> 16) & 0xff] ^
+            Te3[(s2 >> 24)       ] ^
+            rk[3];
+#endif
+        s0 = t[0]; s1 = t[1]; s2 = t[2]; s3 = t[3];
+    }
+    /*
+     * apply last round and
+     * map cipher state to byte array block:
+     */
+#if defined(AES_COMPACT_IN_OUTER_ROUNDS)
+    prefetch256(Te4);
+
+    *(u32*)(out+0) =
+           (u32)Te4[(s0      ) & 0xff]       ^
+           (u32)Te4[(s1 >>  8) & 0xff] <<  8 ^
+           (u32)Te4[(s2 >> 16) & 0xff] << 16 ^
+           (u32)Te4[(s3 >> 24)       ] << 24 ^
+        rk[0];
+    *(u32*)(out+4) =
+           (u32)Te4[(s1      ) & 0xff]       ^
+           (u32)Te4[(s2 >>  8) & 0xff] <<  8 ^
+           (u32)Te4[(s3 >> 16) & 0xff] << 16 ^
+           (u32)Te4[(s0 >> 24)       ] << 24 ^
+        rk[1];
+    *(u32*)(out+8) =
+           (u32)Te4[(s2      ) & 0xff]       ^
+           (u32)Te4[(s3 >>  8) & 0xff] <<  8 ^
+           (u32)Te4[(s0 >> 16) & 0xff] << 16 ^
+           (u32)Te4[(s1 >> 24)       ] << 24 ^
+        rk[2];
+    *(u32*)(out+12) =
+           (u32)Te4[(s3      ) & 0xff]       ^
+           (u32)Te4[(s0 >>  8) & 0xff] <<  8 ^
+           (u32)Te4[(s1 >> 16) & 0xff] << 16 ^
+           (u32)Te4[(s2 >> 24)       ] << 24 ^
+        rk[3];
+#else
+    *(u32*)(out+0) =
+        (Te2[(s0      ) & 0xff] & 0x000000ffU) ^
+        (Te3[(s1 >>  8) & 0xff] & 0x0000ff00U) ^
+        (Te0[(s2 >> 16) & 0xff] & 0x00ff0000U) ^
+        (Te1[(s3 >> 24)       ] & 0xff000000U) ^
+        rk[0];
+    *(u32*)(out+4) =
+        (Te2[(s1      ) & 0xff] & 0x000000ffU) ^
+        (Te3[(s2 >>  8) & 0xff] & 0x0000ff00U) ^
+        (Te0[(s3 >> 16) & 0xff] & 0x00ff0000U) ^
+        (Te1[(s0 >> 24)       ] & 0xff000000U) ^
+        rk[1];
+    *(u32*)(out+8) =
+        (Te2[(s2      ) & 0xff] & 0x000000ffU) ^
+        (Te3[(s3 >>  8) & 0xff] & 0x0000ff00U) ^
+        (Te0[(s0 >> 16) & 0xff] & 0x00ff0000U) ^
+        (Te1[(s1 >> 24)       ] & 0xff000000U) ^
+        rk[2];
+    *(u32*)(out+12) =
+        (Te2[(s3      ) & 0xff] & 0x000000ffU) ^
+        (Te3[(s0 >>  8) & 0xff] & 0x0000ff00U) ^
+        (Te0[(s1 >> 16) & 0xff] & 0x00ff0000U) ^
+        (Te1[(s2 >> 24)       ] & 0xff000000U) ^
+        rk[3];
+#endif
+}
+
+/*
+ * Decrypt a single block
+ * in and out can overlap
+ */
+void AES_decrypt(const unsigned char *in, unsigned char *out,
+                 const AES_KEY *key)
+{
+
+    const u32 *rk;
+    u32 s0, s1, s2, s3, t[4];
+    int r;
+
+    assert(in && out && key);
+    rk = key->rd_key;
+
+    /*
+     * map byte array block to cipher state
+     * and add initial round key:
+     */
+    s0 = GETU32(in     ) ^ rk[0];
+    s1 = GETU32(in +  4) ^ rk[1];
+    s2 = GETU32(in +  8) ^ rk[2];
+    s3 = GETU32(in + 12) ^ rk[3];
+
+#if defined(AES_COMPACT_IN_OUTER_ROUNDS)
+    prefetch256(Td4);
+
+    t[0] = (u32)Td4[(s0      ) & 0xff]       ^
+           (u32)Td4[(s3 >>  8) & 0xff] <<  8 ^
+           (u32)Td4[(s2 >> 16) & 0xff] << 16 ^
+           (u32)Td4[(s1 >> 24)       ] << 24;
+    t[1] = (u32)Td4[(s1      ) & 0xff]       ^
+           (u32)Td4[(s0 >>  8) & 0xff] <<  8 ^
+           (u32)Td4[(s3 >> 16) & 0xff] << 16 ^
+           (u32)Td4[(s2 >> 24)       ] << 24;
+    t[2] = (u32)Td4[(s2      ) & 0xff]       ^
+           (u32)Td4[(s1 >>  8) & 0xff] <<  8 ^
+           (u32)Td4[(s0 >> 16) & 0xff] << 16 ^
+           (u32)Td4[(s3 >> 24)       ] << 24;
+    t[3] = (u32)Td4[(s3      ) & 0xff]       ^
+           (u32)Td4[(s2 >>  8) & 0xff] <<  8 ^
+           (u32)Td4[(s1 >> 16) & 0xff] << 16 ^
+           (u32)Td4[(s0 >> 24)       ] << 24;
+
+    /* now do the linear transform using words */ 
+    {
+        int i;
+        u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m;
+
+        for (i = 0; i < 4; i++) {
+            tp1 = t[i];
+            m = tp1 & 0x80808080;
+            tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            m = tp2 & 0x80808080;
+            tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            m = tp4 & 0x80808080;
+            tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            tp9 = tp8 ^ tp1;
+            tpb = tp9 ^ tp2;
+            tpd = tp9 ^ tp4;
+            tpe = tp8 ^ tp4 ^ tp2;
+#if defined(ROTATE)
+            t[i] = tpe ^ ROTATE(tpd,16) ^
+                ROTATE(tp9,8) ^ ROTATE(tpb,24);
+#else
+            t[i] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ 
+                (tp9 >> 24) ^ (tp9 << 8) ^
+                (tpb >> 8) ^ (tpb << 24);
+#endif
+            t[i] ^= rk[4+i];
+        }
+    }
+#else
+    t[0] =  Td0[(s0      ) & 0xff] ^
+        Td1[(s3 >>  8) & 0xff] ^
+        Td2[(s2 >> 16) & 0xff] ^
+        Td3[(s1 >> 24)       ] ^
+        rk[4];
+    t[1] =  Td0[(s1      ) & 0xff] ^
+        Td1[(s0 >>  8) & 0xff] ^
+        Td2[(s3 >> 16) & 0xff] ^
+        Td3[(s2 >> 24)       ] ^
+        rk[5];
+    t[2] =  Td0[(s2      ) & 0xff] ^
+        Td1[(s1 >>  8) & 0xff] ^
+        Td2[(s0 >> 16) & 0xff] ^
+        Td3[(s3 >> 24)       ] ^
+        rk[6];
+    t[3] =  Td0[(s3      ) & 0xff] ^
+        Td1[(s2 >>  8) & 0xff] ^
+        Td2[(s1 >> 16) & 0xff] ^
+        Td3[(s0 >> 24)       ] ^
+        rk[7];
+#endif
+    s0 = t[0]; s1 = t[1]; s2 = t[2]; s3 = t[3];
+
+    /*
+     * Nr - 2 full rounds:
+     */
+    for (rk+=8,r=key->rounds-2; r>0; rk+=4,r--) {
+#if defined(AES_COMPACT_IN_INNER_ROUNDS)
+        t[0] = (u32)Td4[(s0      ) & 0xff]       ^
+               (u32)Td4[(s3 >>  8) & 0xff] <<  8 ^
+               (u32)Td4[(s2 >> 16) & 0xff] << 16 ^
+               (u32)Td4[(s1 >> 24)       ] << 24;
+        t[1] = (u32)Td4[(s1      ) & 0xff]       ^
+               (u32)Td4[(s0 >>  8) & 0xff] <<  8 ^
+               (u32)Td4[(s3 >> 16) & 0xff] << 16 ^
+               (u32)Td4[(s2 >> 24)       ] << 24;
+        t[2] = (u32)Td4[(s2      ) & 0xff]       ^
+               (u32)Td4[(s1 >>  8) & 0xff] <<  8 ^
+               (u32)Td4[(s0 >> 16) & 0xff] << 16 ^
+               (u32)Td4[(s3 >> 24)       ] << 24;
+        t[3] = (u32)Td4[(s3      ) & 0xff]       ^
+               (u32)Td4[(s2 >>  8) & 0xff] <<  8 ^
+               (u32)Td4[(s1 >> 16) & 0xff] << 16 ^
+               (u32)Td4[(s0 >> 24)       ] << 24;
+
+    /* now do the linear transform using words */ 
+    {
+        int i;
+        u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m;
+
+        for (i = 0; i < 4; i++) {
+            tp1 = t[i];
+            m = tp1 & 0x80808080;
+            tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            m = tp2 & 0x80808080;
+            tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            m = tp4 & 0x80808080;
+            tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            tp9 = tp8 ^ tp1;
+            tpb = tp9 ^ tp2;
+            tpd = tp9 ^ tp4;
+            tpe = tp8 ^ tp4 ^ tp2;
+#if defined(ROTATE)
+            t[i] = tpe ^ ROTATE(tpd,16) ^
+                ROTATE(tp9,8) ^ ROTATE(tpb,24);
+#else
+            t[i] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ 
+                (tp9 >> 24) ^ (tp9 << 8) ^
+                (tpb >> 8) ^ (tpb << 24);
+#endif
+            t[i] ^= rk[i];
+        }
+    }
+#else
+    t[0] =  Td0[(s0      ) & 0xff] ^
+        Td1[(s3 >>  8) & 0xff] ^
+        Td2[(s2 >> 16) & 0xff] ^
+        Td3[(s1 >> 24)       ] ^
+        rk[0];
+    t[1] =  Td0[(s1      ) & 0xff] ^
+        Td1[(s0 >>  8) & 0xff] ^
+        Td2[(s3 >> 16) & 0xff] ^
+        Td3[(s2 >> 24)       ] ^
+        rk[1];
+    t[2] =  Td0[(s2      ) & 0xff] ^
+        Td1[(s1 >>  8) & 0xff] ^
+        Td2[(s0 >> 16) & 0xff] ^
+        Td3[(s3 >> 24)       ] ^
+        rk[2];
+    t[3] =  Td0[(s3      ) & 0xff] ^
+        Td1[(s2 >>  8) & 0xff] ^
+        Td2[(s1 >> 16) & 0xff] ^
+        Td3[(s0 >> 24)       ] ^
+        rk[3];
+#endif
+    s0 = t[0]; s1 = t[1]; s2 = t[2]; s3 = t[3];
+    }
+    /*
+     * apply last round and
+     * map cipher state to byte array block:
+     */
+    prefetch256(Td4);
+
+    *(u32*)(out+0) =
+        ((u32)Td4[(s0      ) & 0xff])    ^
+        ((u32)Td4[(s3 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(s2 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(s1 >> 24)       ] << 24) ^
+        rk[0];
+    *(u32*)(out+4) =
+        ((u32)Td4[(s1      ) & 0xff])     ^
+        ((u32)Td4[(s0 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(s3 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(s2 >> 24)       ] << 24) ^
+        rk[1];
+    *(u32*)(out+8) =
+        ((u32)Td4[(s2      ) & 0xff])     ^
+        ((u32)Td4[(s1 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(s0 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(s3 >> 24)       ] << 24) ^
+        rk[2];
+    *(u32*)(out+12) =
+        ((u32)Td4[(s3      ) & 0xff])     ^
+        ((u32)Td4[(s2 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(s1 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(s0 >> 24)       ] << 24) ^
+        rk[3];
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/asn1/a_bytes.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_bytes.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/a_bytes.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,306 +0,0 @@
-/* crypto/asn1/a_bytes.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-
-static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c);
-/*
- * type is a 'bitmap' of acceptable string types.
- */
-ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp,
-                                 long length, int type)
-{
-    ASN1_STRING *ret = NULL;
-    const unsigned char *p;
-    unsigned char *s;
-    long len;
-    int inf, tag, xclass;
-    int i = 0;
-
-    p = *pp;
-    inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
-    if (inf & 0x80)
-        goto err;
-
-    if (tag >= 32) {
-        i = ASN1_R_TAG_VALUE_TOO_HIGH;
-        goto err;
-    }
-    if (!(ASN1_tag2bit(tag) & type)) {
-        i = ASN1_R_WRONG_TYPE;
-        goto err;
-    }
-
-    /* If a bit-string, exit early */
-    if (tag == V_ASN1_BIT_STRING)
-        return (d2i_ASN1_BIT_STRING(a, pp, length));
-
-    if ((a == NULL) || ((*a) == NULL)) {
-        if ((ret = ASN1_STRING_new()) == NULL)
-            return (NULL);
-    } else
-        ret = (*a);
-
-    if (len != 0) {
-        s = (unsigned char *)OPENSSL_malloc((int)len + 1);
-        if (s == NULL) {
-            i = ERR_R_MALLOC_FAILURE;
-            goto err;
-        }
-        memcpy(s, p, (int)len);
-        s[len] = '\0';
-        p += len;
-    } else
-        s = NULL;
-
-    if (ret->data != NULL)
-        OPENSSL_free(ret->data);
-    ret->length = (int)len;
-    ret->data = s;
-    ret->type = tag;
-    if (a != NULL)
-        (*a) = ret;
-    *pp = p;
-    return (ret);
- err:
-    ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES, i);
-    if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-        ASN1_STRING_free(ret);
-    return (NULL);
-}
-
-int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass)
-{
-    int ret, r, constructed;
-    unsigned char *p;
-
-    if (a == NULL)
-        return (0);
-
-    if (tag == V_ASN1_BIT_STRING)
-        return (i2d_ASN1_BIT_STRING(a, pp));
-
-    ret = a->length;
-    r = ASN1_object_size(0, ret, tag);
-    if (pp == NULL)
-        return (r);
-    p = *pp;
-
-    if ((tag == V_ASN1_SEQUENCE) || (tag == V_ASN1_SET))
-        constructed = 1;
-    else
-        constructed = 0;
-    ASN1_put_object(&p, constructed, ret, tag, xclass);
-    memcpy(p, a->data, a->length);
-    p += a->length;
-    *pp = p;
-    return (r);
-}
-
-ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
-                            long length, int Ptag, int Pclass)
-{
-    ASN1_STRING *ret = NULL;
-    const unsigned char *p;
-    unsigned char *s;
-    long len;
-    int inf, tag, xclass;
-    int i = 0;
-
-    if ((a == NULL) || ((*a) == NULL)) {
-        if ((ret = ASN1_STRING_new()) == NULL)
-            return (NULL);
-    } else
-        ret = (*a);
-
-    p = *pp;
-    inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
-    if (inf & 0x80) {
-        i = ASN1_R_BAD_OBJECT_HEADER;
-        goto err;
-    }
-
-    if (tag != Ptag) {
-        i = ASN1_R_WRONG_TAG;
-        goto err;
-    }
-
-    if (inf & V_ASN1_CONSTRUCTED) {
-        ASN1_const_CTX c;
-
-        c.pp = pp;
-        c.p = p;
-        c.inf = inf;
-        c.slen = len;
-        c.tag = Ptag;
-        c.xclass = Pclass;
-        c.max = (length == 0) ? 0 : (p + length);
-        if (!asn1_collate_primitive(ret, &c))
-            goto err;
-        else {
-            p = c.p;
-        }
-    } else {
-        if (len != 0) {
-            if ((ret->length < len) || (ret->data == NULL)) {
-                if (ret->data != NULL)
-                    OPENSSL_free(ret->data);
-                s = (unsigned char *)OPENSSL_malloc((int)len + 1);
-                if (s == NULL) {
-                    i = ERR_R_MALLOC_FAILURE;
-                    goto err;
-                }
-            } else
-                s = ret->data;
-            memcpy(s, p, (int)len);
-            s[len] = '\0';
-            p += len;
-        } else {
-            s = NULL;
-            if (ret->data != NULL)
-                OPENSSL_free(ret->data);
-        }
-
-        ret->length = (int)len;
-        ret->data = s;
-        ret->type = Ptag;
-    }
-
-    if (a != NULL)
-        (*a) = ret;
-    *pp = p;
-    return (ret);
- err:
-    if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-        ASN1_STRING_free(ret);
-    ASN1err(ASN1_F_D2I_ASN1_BYTES, i);
-    return (NULL);
-}
-
-/*
- * We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapse them
- * into the one structure that is then returned
- */
-/*
- * There have been a few bug fixes for this function from Paul Keogh
- * <paul.keogh at sse.ie>, many thanks to him
- */
-static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c)
-{
-    ASN1_STRING *os = NULL;
-    BUF_MEM b;
-    int num;
-
-    b.length = 0;
-    b.max = 0;
-    b.data = NULL;
-
-    if (a == NULL) {
-        c->error = ERR_R_PASSED_NULL_PARAMETER;
-        goto err;
-    }
-
-    num = 0;
-    for (;;) {
-        if (c->inf & 1) {
-            c->eos = ASN1_const_check_infinite_end(&c->p,
-                                                   (long)(c->max - c->p));
-            if (c->eos)
-                break;
-        } else {
-            if (c->slen <= 0)
-                break;
-        }
-
-        c->q = c->p;
-        if (d2i_ASN1_bytes(&os, &c->p, c->max - c->p, c->tag, c->xclass)
-            == NULL) {
-            c->error = ERR_R_ASN1_LIB;
-            goto err;
-        }
-
-        if (!BUF_MEM_grow_clean(&b, num + os->length)) {
-            c->error = ERR_R_BUF_LIB;
-            goto err;
-        }
-        memcpy(&(b.data[num]), os->data, os->length);
-        if (!(c->inf & 1))
-            c->slen -= (c->p - c->q);
-        num += os->length;
-    }
-
-    if (!asn1_const_Finish(c))
-        goto err;
-
-    a->length = num;
-    if (a->data != NULL)
-        OPENSSL_free(a->data);
-    a->data = (unsigned char *)b.data;
-    if (os != NULL)
-        ASN1_STRING_free(os);
-    return (1);
- err:
-    ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE, c->error);
-    if (os != NULL)
-        ASN1_STRING_free(os);
-    if (b.data != NULL)
-        OPENSSL_free(b.data);
-    return (0);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/asn1/a_bytes.c (from rev 11605, vendor-crypto/openssl/dist/crypto/asn1/a_bytes.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/asn1/a_bytes.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/a_bytes.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,334 @@
+/* crypto/asn1/a_bytes.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c,
+                                  int depth);
+static ASN1_STRING *int_d2i_ASN1_bytes(ASN1_STRING **a,
+                                       const unsigned char **pp, long length,
+                                       int Ptag, int Pclass, int depth,
+                                       int *perr);
+/*
+ * type is a 'bitmap' of acceptable string types.
+ */
+ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp,
+                                 long length, int type)
+{
+    ASN1_STRING *ret = NULL;
+    const unsigned char *p;
+    unsigned char *s;
+    long len;
+    int inf, tag, xclass;
+    int i = 0;
+
+    p = *pp;
+    inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
+    if (inf & 0x80)
+        goto err;
+
+    if (tag >= 32) {
+        i = ASN1_R_TAG_VALUE_TOO_HIGH;
+        goto err;
+    }
+    if (!(ASN1_tag2bit(tag) & type)) {
+        i = ASN1_R_WRONG_TYPE;
+        goto err;
+    }
+
+    /* If a bit-string, exit early */
+    if (tag == V_ASN1_BIT_STRING)
+        return (d2i_ASN1_BIT_STRING(a, pp, length));
+
+    if ((a == NULL) || ((*a) == NULL)) {
+        if ((ret = ASN1_STRING_new()) == NULL)
+            return (NULL);
+    } else
+        ret = (*a);
+
+    if (len != 0) {
+        s = OPENSSL_malloc((int)len + 1);
+        if (s == NULL) {
+            i = ERR_R_MALLOC_FAILURE;
+            goto err;
+        }
+        memcpy(s, p, (int)len);
+        s[len] = '\0';
+        p += len;
+    } else
+        s = NULL;
+
+    if (ret->data != NULL)
+        OPENSSL_free(ret->data);
+    ret->length = (int)len;
+    ret->data = s;
+    ret->type = tag;
+    if (a != NULL)
+        (*a) = ret;
+    *pp = p;
+    return (ret);
+ err:
+    ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES, i);
+    if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+        ASN1_STRING_free(ret);
+    return (NULL);
+}
+
+int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass)
+{
+    int ret, r, constructed;
+    unsigned char *p;
+
+    if (a == NULL)
+        return (0);
+
+    if (tag == V_ASN1_BIT_STRING)
+        return (i2d_ASN1_BIT_STRING(a, pp));
+
+    ret = a->length;
+    r = ASN1_object_size(0, ret, tag);
+    if (pp == NULL)
+        return (r);
+    p = *pp;
+
+    if ((tag == V_ASN1_SEQUENCE) || (tag == V_ASN1_SET))
+        constructed = 1;
+    else
+        constructed = 0;
+    ASN1_put_object(&p, constructed, ret, tag, xclass);
+    memcpy(p, a->data, a->length);
+    p += a->length;
+    *pp = p;
+    return (r);
+}
+
+/*
+ * Maximum recursion depth of d2i_ASN1_bytes(): much more than should be
+ * encountered in pratice.
+ */
+
+#define ASN1_BYTES_MAXDEPTH 20
+
+ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
+                            long length, int Ptag, int Pclass)
+{
+    int err = 0;
+    ASN1_STRING *s = int_d2i_ASN1_bytes(a, pp, length, Ptag, Pclass, 0, &err);
+    if (err != 0)
+        ASN1err(ASN1_F_D2I_ASN1_BYTES, err);
+    return s;
+}
+
+static ASN1_STRING *int_d2i_ASN1_bytes(ASN1_STRING **a,
+                                       const unsigned char **pp, long length,
+                                       int Ptag, int Pclass,
+                                       int depth, int *perr)
+{
+    ASN1_STRING *ret = NULL;
+    const unsigned char *p;
+    unsigned char *s;
+    long len;
+    int inf, tag, xclass;
+
+    if (depth > ASN1_BYTES_MAXDEPTH) {
+        *perr = ASN1_R_NESTED_ASN1_STRING;
+        return NULL;
+    }
+
+    if ((a == NULL) || ((*a) == NULL)) {
+        if ((ret = ASN1_STRING_new()) == NULL)
+            return (NULL);
+    } else
+        ret = (*a);
+
+    p = *pp;
+    inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
+    if (inf & 0x80) {
+        *perr = ASN1_R_BAD_OBJECT_HEADER;
+        goto err;
+    }
+
+    if (tag != Ptag) {
+        *perr = ASN1_R_WRONG_TAG;
+        goto err;
+    }
+
+    if (inf & V_ASN1_CONSTRUCTED) {
+        ASN1_const_CTX c;
+
+        c.error = 0;
+        c.pp = pp;
+        c.p = p;
+        c.inf = inf;
+        c.slen = len;
+        c.tag = Ptag;
+        c.xclass = Pclass;
+        c.max = (length == 0) ? 0 : (p + length);
+        if (!asn1_collate_primitive(ret, &c, depth)) {
+            *perr = c.error;
+            goto err;
+        } else {
+            p = c.p;
+        }
+    } else {
+        if (len != 0) {
+            if ((ret->length < len) || (ret->data == NULL)) {
+                s = OPENSSL_malloc((int)len + 1);
+                if (s == NULL) {
+                    *perr = ERR_R_MALLOC_FAILURE;
+                    goto err;
+                }
+                if (ret->data != NULL)
+                    OPENSSL_free(ret->data);
+            } else
+                s = ret->data;
+            memcpy(s, p, (int)len);
+            s[len] = '\0';
+            p += len;
+        } else {
+            s = NULL;
+            if (ret->data != NULL)
+                OPENSSL_free(ret->data);
+        }
+
+        ret->length = (int)len;
+        ret->data = s;
+        ret->type = Ptag;
+    }
+
+    if (a != NULL)
+        (*a) = ret;
+    *pp = p;
+    return (ret);
+ err:
+    if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+        ASN1_STRING_free(ret);
+    return (NULL);
+}
+
+/*
+ * We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapse them
+ * into the one structure that is then returned
+ */
+/*
+ * There have been a few bug fixes for this function from Paul Keogh
+ * <paul.keogh at sse.ie>, many thanks to him
+ */
+static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c,
+                                  int depth)
+{
+    ASN1_STRING *os = NULL;
+    BUF_MEM b;
+    int num;
+
+    b.length = 0;
+    b.max = 0;
+    b.data = NULL;
+
+    if (a == NULL) {
+        c->error = ERR_R_PASSED_NULL_PARAMETER;
+        goto err;
+    }
+
+    num = 0;
+    for (;;) {
+        if (c->inf & 1) {
+            c->eos = ASN1_const_check_infinite_end(&c->p,
+                                                   (long)(c->max - c->p));
+            if (c->eos)
+                break;
+        } else {
+            if (c->slen <= 0)
+                break;
+        }
+
+        c->q = c->p;
+        if (int_d2i_ASN1_bytes(&os, &c->p, c->max - c->p, c->tag, c->xclass,
+                               depth + 1, &c->error) == NULL) {
+            goto err;
+        }
+
+        if (!BUF_MEM_grow_clean(&b, num + os->length)) {
+            c->error = ERR_R_BUF_LIB;
+            goto err;
+        }
+        memcpy(&(b.data[num]), os->data, os->length);
+        if (!(c->inf & 1))
+            c->slen -= (c->p - c->q);
+        num += os->length;
+    }
+
+    if (!asn1_const_Finish(c))
+        goto err;
+
+    a->length = num;
+    if (a->data != NULL)
+        OPENSSL_free(a->data);
+    a->data = (unsigned char *)b.data;
+    if (os != NULL)
+        ASN1_STRING_free(os);
+    return (1);
+ err:
+    if (os != NULL)
+        ASN1_STRING_free(os);
+    if (b.data != NULL)
+        OPENSSL_free(b.data);
+    return (0);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/asn1/a_d2i_fp.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_d2i_fp.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/a_d2i_fp.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,268 +0,0 @@
-/* crypto/asn1/a_d2i_fp.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <limits.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/asn1_mac.h>
-
-static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
-
-#ifndef NO_OLD_ASN1
-# ifndef OPENSSL_NO_FP_API
-
-void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x)
-{
-    BIO *b;
-    void *ret;
-
-    if ((b = BIO_new(BIO_s_file())) == NULL) {
-        ASN1err(ASN1_F_ASN1_D2I_FP, ERR_R_BUF_LIB);
-        return (NULL);
-    }
-    BIO_set_fp(b, in, BIO_NOCLOSE);
-    ret = ASN1_d2i_bio(xnew, d2i, b, x);
-    BIO_free(b);
-    return (ret);
-}
-# endif
-
-void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x)
-{
-    BUF_MEM *b = NULL;
-    const unsigned char *p;
-    void *ret = NULL;
-    int len;
-
-    len = asn1_d2i_read_bio(in, &b);
-    if (len < 0)
-        goto err;
-
-    p = (unsigned char *)b->data;
-    ret = d2i(x, &p, len);
- err:
-    if (b != NULL)
-        BUF_MEM_free(b);
-    return (ret);
-}
-
-#endif
-
-void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
-{
-    BUF_MEM *b = NULL;
-    const unsigned char *p;
-    void *ret = NULL;
-    int len;
-
-    len = asn1_d2i_read_bio(in, &b);
-    if (len < 0)
-        goto err;
-
-    p = (const unsigned char *)b->data;
-    ret = ASN1_item_d2i(x, &p, len, it);
- err:
-    if (b != NULL)
-        BUF_MEM_free(b);
-    return (ret);
-}
-
-#ifndef OPENSSL_NO_FP_API
-void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
-{
-    BIO *b;
-    char *ret;
-
-    if ((b = BIO_new(BIO_s_file())) == NULL) {
-        ASN1err(ASN1_F_ASN1_ITEM_D2I_FP, ERR_R_BUF_LIB);
-        return (NULL);
-    }
-    BIO_set_fp(b, in, BIO_NOCLOSE);
-    ret = ASN1_item_d2i_bio(it, b, x);
-    BIO_free(b);
-    return (ret);
-}
-#endif
-
-#define HEADER_SIZE   8
-static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
-{
-    BUF_MEM *b;
-    unsigned char *p;
-    int i;
-    ASN1_const_CTX c;
-    size_t want = HEADER_SIZE;
-    int eos = 0;
-    size_t off = 0;
-    size_t len = 0;
-
-    b = BUF_MEM_new();
-    if (b == NULL) {
-        ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
-        return -1;
-    }
-
-    ERR_clear_error();
-    for (;;) {
-        if (want >= (len - off)) {
-            want -= (len - off);
-
-            if (len + want < len || !BUF_MEM_grow_clean(b, len + want)) {
-                ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
-                goto err;
-            }
-            i = BIO_read(in, &(b->data[len]), want);
-            if ((i < 0) && ((len - off) == 0)) {
-                ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_NOT_ENOUGH_DATA);
-                goto err;
-            }
-            if (i > 0) {
-                if (len + i < len) {
-                    ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
-                    goto err;
-                }
-                len += i;
-            }
-        }
-        /* else data already loaded */
-
-        p = (unsigned char *)&(b->data[off]);
-        c.p = p;
-        c.inf = ASN1_get_object(&(c.p), &(c.slen), &(c.tag), &(c.xclass),
-                                len - off);
-        if (c.inf & 0x80) {
-            unsigned long e;
-
-            e = ERR_GET_REASON(ERR_peek_error());
-            if (e != ASN1_R_TOO_LONG)
-                goto err;
-            else
-                ERR_clear_error(); /* clear error */
-        }
-        i = c.p - p;            /* header length */
-        off += i;               /* end of data */
-
-        if (c.inf & 1) {
-            /* no data body so go round again */
-            eos++;
-            if (eos < 0) {
-                ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_HEADER_TOO_LONG);
-                goto err;
-            }
-            want = HEADER_SIZE;
-        } else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC)) {
-            /* eos value, so go back and read another header */
-            eos--;
-            if (eos <= 0)
-                break;
-            else
-                want = HEADER_SIZE;
-        } else {
-            /* suck in c.slen bytes of data */
-            want = c.slen;
-            if (want > (len - off)) {
-                want -= (len - off);
-                if (want > INT_MAX /* BIO_read takes an int length */  ||
-                    len + want < len) {
-                    ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
-                    goto err;
-                }
-                if (!BUF_MEM_grow_clean(b, len + want)) {
-                    ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
-                    goto err;
-                }
-                while (want > 0) {
-                    i = BIO_read(in, &(b->data[len]), want);
-                    if (i <= 0) {
-                        ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
-                                ASN1_R_NOT_ENOUGH_DATA);
-                        goto err;
-                    }
-                    /*
-                     * This can't overflow because |len+want| didn't
-                     * overflow.
-                     */
-                    len += i;
-                    want -= i;
-                }
-            }
-            if (off + c.slen < off) {
-                ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
-                goto err;
-            }
-            off += c.slen;
-            if (eos <= 0) {
-                break;
-            } else
-                want = HEADER_SIZE;
-        }
-    }
-
-    if (off > INT_MAX) {
-        ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
-        goto err;
-    }
-
-    *pb = b;
-    return off;
- err:
-    if (b != NULL)
-        BUF_MEM_free(b);
-    return -1;
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/asn1/a_d2i_fp.c (from rev 11605, vendor-crypto/openssl/dist/crypto/asn1/a_d2i_fp.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/asn1/a_d2i_fp.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/a_d2i_fp.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,284 @@
+/* crypto/asn1/a_d2i_fp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <limits.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1_mac.h>
+
+static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
+
+#ifndef NO_OLD_ASN1
+# ifndef OPENSSL_NO_FP_API
+
+void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x)
+{
+    BIO *b;
+    void *ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        ASN1err(ASN1_F_ASN1_D2I_FP, ERR_R_BUF_LIB);
+        return (NULL);
+    }
+    BIO_set_fp(b, in, BIO_NOCLOSE);
+    ret = ASN1_d2i_bio(xnew, d2i, b, x);
+    BIO_free(b);
+    return (ret);
+}
+# endif
+
+void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x)
+{
+    BUF_MEM *b = NULL;
+    const unsigned char *p;
+    void *ret = NULL;
+    int len;
+
+    len = asn1_d2i_read_bio(in, &b);
+    if (len < 0)
+        goto err;
+
+    p = (unsigned char *)b->data;
+    ret = d2i(x, &p, len);
+ err:
+    if (b != NULL)
+        BUF_MEM_free(b);
+    return (ret);
+}
+
+#endif
+
+void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
+{
+    BUF_MEM *b = NULL;
+    const unsigned char *p;
+    void *ret = NULL;
+    int len;
+
+    len = asn1_d2i_read_bio(in, &b);
+    if (len < 0)
+        goto err;
+
+    p = (const unsigned char *)b->data;
+    ret = ASN1_item_d2i(x, &p, len, it);
+ err:
+    if (b != NULL)
+        BUF_MEM_free(b);
+    return (ret);
+}
+
+#ifndef OPENSSL_NO_FP_API
+void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
+{
+    BIO *b;
+    char *ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_D2I_FP, ERR_R_BUF_LIB);
+        return (NULL);
+    }
+    BIO_set_fp(b, in, BIO_NOCLOSE);
+    ret = ASN1_item_d2i_bio(it, b, x);
+    BIO_free(b);
+    return (ret);
+}
+#endif
+
+#define HEADER_SIZE   8
+#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
+static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
+{
+    BUF_MEM *b;
+    unsigned char *p;
+    int i;
+    ASN1_const_CTX c;
+    size_t want = HEADER_SIZE;
+    int eos = 0;
+    size_t off = 0;
+    size_t len = 0;
+
+    b = BUF_MEM_new();
+    if (b == NULL) {
+        ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+
+    ERR_clear_error();
+    for (;;) {
+        if (want >= (len - off)) {
+            want -= (len - off);
+
+            if (len + want < len || !BUF_MEM_grow_clean(b, len + want)) {
+                ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            i = BIO_read(in, &(b->data[len]), want);
+            if ((i < 0) && ((len - off) == 0)) {
+                ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_NOT_ENOUGH_DATA);
+                goto err;
+            }
+            if (i > 0) {
+                if (len + i < len) {
+                    ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
+                    goto err;
+                }
+                len += i;
+            }
+        }
+        /* else data already loaded */
+
+        p = (unsigned char *)&(b->data[off]);
+        c.p = p;
+        c.inf = ASN1_get_object(&(c.p), &(c.slen), &(c.tag), &(c.xclass),
+                                len - off);
+        if (c.inf & 0x80) {
+            unsigned long e;
+
+            e = ERR_GET_REASON(ERR_peek_error());
+            if (e != ASN1_R_TOO_LONG)
+                goto err;
+            else
+                ERR_clear_error(); /* clear error */
+        }
+        i = c.p - p;            /* header length */
+        off += i;               /* end of data */
+
+        if (c.inf & 1) {
+            /* no data body so go round again */
+            eos++;
+            if (eos < 0) {
+                ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_HEADER_TOO_LONG);
+                goto err;
+            }
+            want = HEADER_SIZE;
+        } else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC)) {
+            /* eos value, so go back and read another header */
+            eos--;
+            if (eos <= 0)
+                break;
+            else
+                want = HEADER_SIZE;
+        } else {
+            /* suck in c.slen bytes of data */
+            want = c.slen;
+            if (want > (len - off)) {
+                size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
+
+                want -= (len - off);
+                if (want > INT_MAX /* BIO_read takes an int length */  ||
+                    len + want < len) {
+                    ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
+                    goto err;
+                }
+                while (want > 0) {
+                    /*
+                     * Read content in chunks of increasing size
+                     * so we can return an error for EOF without
+                     * having to allocate the entire content length
+                     * in one go.
+                     */
+                    size_t chunk = want > chunk_max ? chunk_max : want;
+
+                    if (!BUF_MEM_grow_clean(b, len + chunk)) {
+                        ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
+                        goto err;
+                    }
+                    want -= chunk;
+                    while (chunk > 0) {
+                        i = BIO_read(in, &(b->data[len]), chunk);
+                        if (i <= 0) {
+                            ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
+                                    ASN1_R_NOT_ENOUGH_DATA);
+                            goto err;
+                        }
+                    /*
+                     * This can't overflow because |len+want| didn't
+                     * overflow.
+                     */
+                        len += i;
+                        chunk -= i;
+                    }
+                    if (chunk_max < INT_MAX/2)
+                        chunk_max *= 2;
+                }
+            }
+            if (off + c.slen < off) {
+                ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
+                goto err;
+            }
+            off += c.slen;
+            if (eos <= 0) {
+                break;
+            } else
+                want = HEADER_SIZE;
+        }
+    }
+
+    if (off > INT_MAX) {
+        ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
+        goto err;
+    }
+
+    *pb = b;
+    return off;
+ err:
+    if (b != NULL)
+        BUF_MEM_free(b);
+    return -1;
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/asn1/a_object.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_object.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/a_object.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,402 +0,0 @@
-/* crypto/asn1/a_object.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <limits.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/bn.h>
-
-int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
-{
-    unsigned char *p;
-    int objsize;
-
-    if ((a == NULL) || (a->data == NULL))
-        return (0);
-
-    objsize = ASN1_object_size(0, a->length, V_ASN1_OBJECT);
-    if (pp == NULL)
-        return objsize;
-
-    p = *pp;
-    ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL);
-    memcpy(p, a->data, a->length);
-    p += a->length;
-
-    *pp = p;
-    return (objsize);
-}
-
-int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
-{
-    int i, first, len = 0, c, use_bn;
-    char ftmp[24], *tmp = ftmp;
-    int tmpsize = sizeof ftmp;
-    const char *p;
-    unsigned long l;
-    BIGNUM *bl = NULL;
-
-    if (num == 0)
-        return (0);
-    else if (num == -1)
-        num = strlen(buf);
-
-    p = buf;
-    c = *(p++);
-    num--;
-    if ((c >= '0') && (c <= '2')) {
-        first = c - '0';
-    } else {
-        ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_FIRST_NUM_TOO_LARGE);
-        goto err;
-    }
-
-    if (num <= 0) {
-        ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_MISSING_SECOND_NUMBER);
-        goto err;
-    }
-    c = *(p++);
-    num--;
-    for (;;) {
-        if (num <= 0)
-            break;
-        if ((c != '.') && (c != ' ')) {
-            ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_INVALID_SEPARATOR);
-            goto err;
-        }
-        l = 0;
-        use_bn = 0;
-        for (;;) {
-            if (num <= 0)
-                break;
-            num--;
-            c = *(p++);
-            if ((c == ' ') || (c == '.'))
-                break;
-            if ((c < '0') || (c > '9')) {
-                ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_INVALID_DIGIT);
-                goto err;
-            }
-            if (!use_bn && l >= ((ULONG_MAX - 80) / 10L)) {
-                use_bn = 1;
-                if (!bl)
-                    bl = BN_new();
-                if (!bl || !BN_set_word(bl, l))
-                    goto err;
-            }
-            if (use_bn) {
-                if (!BN_mul_word(bl, 10L)
-                    || !BN_add_word(bl, c - '0'))
-                    goto err;
-            } else
-                l = l * 10L + (long)(c - '0');
-        }
-        if (len == 0) {
-            if ((first < 2) && (l >= 40)) {
-                ASN1err(ASN1_F_A2D_ASN1_OBJECT,
-                        ASN1_R_SECOND_NUMBER_TOO_LARGE);
-                goto err;
-            }
-            if (use_bn) {
-                if (!BN_add_word(bl, first * 40))
-                    goto err;
-            } else
-                l += (long)first *40;
-        }
-        i = 0;
-        if (use_bn) {
-            int blsize;
-            blsize = BN_num_bits(bl);
-            blsize = (blsize + 6) / 7;
-            if (blsize > tmpsize) {
-                if (tmp != ftmp)
-                    OPENSSL_free(tmp);
-                tmpsize = blsize + 32;
-                tmp = OPENSSL_malloc(tmpsize);
-                if (!tmp)
-                    goto err;
-            }
-            while (blsize--)
-                tmp[i++] = (unsigned char)BN_div_word(bl, 0x80L);
-        } else {
-
-            for (;;) {
-                tmp[i++] = (unsigned char)l & 0x7f;
-                l >>= 7L;
-                if (l == 0L)
-                    break;
-            }
-
-        }
-        if (out != NULL) {
-            if (len + i > olen) {
-                ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_BUFFER_TOO_SMALL);
-                goto err;
-            }
-            while (--i > 0)
-                out[len++] = tmp[i] | 0x80;
-            out[len++] = tmp[0];
-        } else
-            len += i;
-    }
-    if (tmp != ftmp)
-        OPENSSL_free(tmp);
-    if (bl)
-        BN_free(bl);
-    return (len);
- err:
-    if (tmp != ftmp)
-        OPENSSL_free(tmp);
-    if (bl)
-        BN_free(bl);
-    return (0);
-}
-
-int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a)
-{
-    return OBJ_obj2txt(buf, buf_len, a, 0);
-}
-
-int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
-{
-    char buf[80], *p = buf;
-    int i;
-
-    if ((a == NULL) || (a->data == NULL))
-        return (BIO_write(bp, "NULL", 4));
-    i = i2t_ASN1_OBJECT(buf, sizeof buf, a);
-    if (i > (int)(sizeof(buf) - 1)) {
-        p = OPENSSL_malloc(i + 1);
-        if (!p)
-            return -1;
-        i2t_ASN1_OBJECT(p, i + 1, a);
-    }
-    if (i <= 0)
-        return BIO_write(bp, "<INVALID>", 9);
-    BIO_write(bp, p, i);
-    if (p != buf)
-        OPENSSL_free(p);
-    return (i);
-}
-
-ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
-                             long length)
-{
-    const unsigned char *p;
-    long len;
-    int tag, xclass;
-    int inf, i;
-    ASN1_OBJECT *ret = NULL;
-    p = *pp;
-    inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
-    if (inf & 0x80) {
-        i = ASN1_R_BAD_OBJECT_HEADER;
-        goto err;
-    }
-
-    if (tag != V_ASN1_OBJECT) {
-        i = ASN1_R_EXPECTING_AN_OBJECT;
-        goto err;
-    }
-    ret = c2i_ASN1_OBJECT(a, &p, len);
-    if (ret)
-        *pp = p;
-    return ret;
- err:
-    ASN1err(ASN1_F_D2I_ASN1_OBJECT, i);
-    return (NULL);
-}
-
-ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
-                             long len)
-{
-    ASN1_OBJECT *ret = NULL;
-    const unsigned char *p;
-    unsigned char *data;
-    int i, length;
-
-    /*
-     * Sanity check OID encoding. Need at least one content octet. MSB must
-     * be clear in the last octet. can't have leading 0x80 in subidentifiers,
-     * see: X.690 8.19.2
-     */
-    if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL ||
-        p[len - 1] & 0x80) {
-        ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING);
-        return NULL;
-    }
-    /* Now 0 < len <= INT_MAX, so the cast is safe. */
-    length = (int)len;
-    for (i = 0; i < length; i++, p++) {
-        if (*p == 0x80 && (!i || !(p[-1] & 0x80))) {
-            ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING);
-            return NULL;
-        }
-    }
-
-    /*
-     * only the ASN1_OBJECTs from the 'table' will have values for ->sn or
-     * ->ln
-     */
-    if ((a == NULL) || ((*a) == NULL) ||
-        !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) {
-        if ((ret = ASN1_OBJECT_new()) == NULL)
-            return (NULL);
-    } else
-        ret = (*a);
-
-    p = *pp;
-    /* detach data from object */
-    data = (unsigned char *)ret->data;
-    ret->data = NULL;
-    /* once detached we can change it */
-    if ((data == NULL) || (ret->length < length)) {
-        ret->length = 0;
-        if (data != NULL)
-            OPENSSL_free(data);
-        data = (unsigned char *)OPENSSL_malloc(length);
-        if (data == NULL) {
-            i = ERR_R_MALLOC_FAILURE;
-            goto err;
-        }
-        ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA;
-    }
-    memcpy(data, p, length);
-    /* reattach data to object, after which it remains const */
-    ret->data = data;
-    ret->length = length;
-    ret->sn = NULL;
-    ret->ln = NULL;
-    /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */
-    p += length;
-
-    if (a != NULL)
-        (*a) = ret;
-    *pp = p;
-    return (ret);
- err:
-    ASN1err(ASN1_F_C2I_ASN1_OBJECT, i);
-    if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-        ASN1_OBJECT_free(ret);
-    return (NULL);
-}
-
-ASN1_OBJECT *ASN1_OBJECT_new(void)
-{
-    ASN1_OBJECT *ret;
-
-    ret = (ASN1_OBJECT *)OPENSSL_malloc(sizeof(ASN1_OBJECT));
-    if (ret == NULL) {
-        ASN1err(ASN1_F_ASN1_OBJECT_NEW, ERR_R_MALLOC_FAILURE);
-        return (NULL);
-    }
-    ret->length = 0;
-    ret->data = NULL;
-    ret->nid = 0;
-    ret->sn = NULL;
-    ret->ln = NULL;
-    ret->flags = ASN1_OBJECT_FLAG_DYNAMIC;
-    return (ret);
-}
-
-void ASN1_OBJECT_free(ASN1_OBJECT *a)
-{
-    if (a == NULL)
-        return;
-    if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) {
-#ifndef CONST_STRICT            /* disable purely for compile-time strict
-                                 * const checking. Doing this on a "real"
-                                 * compile will cause memory leaks */
-        if (a->sn != NULL)
-            OPENSSL_free((void *)a->sn);
-        if (a->ln != NULL)
-            OPENSSL_free((void *)a->ln);
-#endif
-        a->sn = a->ln = NULL;
-    }
-    if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) {
-        if (a->data != NULL)
-            OPENSSL_free((void *)a->data);
-        a->data = NULL;
-        a->length = 0;
-    }
-    if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC)
-        OPENSSL_free(a);
-}
-
-ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
-                                const char *sn, const char *ln)
-{
-    ASN1_OBJECT o;
-
-    o.sn = sn;
-    o.ln = ln;
-    o.data = data;
-    o.nid = nid;
-    o.length = len;
-    o.flags = ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS |
-        ASN1_OBJECT_FLAG_DYNAMIC_DATA;
-    return (OBJ_dup(&o));
-}
-
-IMPLEMENT_STACK_OF(ASN1_OBJECT)
-
-IMPLEMENT_ASN1_SET_OF(ASN1_OBJECT)

Copied: vendor-crypto/openssl/1.0.1u/crypto/asn1/a_object.c (from rev 11605, vendor-crypto/openssl/dist/crypto/asn1/a_object.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/asn1/a_object.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/a_object.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,406 @@
+/* crypto/asn1/a_object.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <limits.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/bn.h>
+
+int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
+{
+    unsigned char *p;
+    int objsize;
+
+    if ((a == NULL) || (a->data == NULL))
+        return (0);
+
+    objsize = ASN1_object_size(0, a->length, V_ASN1_OBJECT);
+    if (pp == NULL || objsize == -1)
+        return objsize;
+
+    p = *pp;
+    ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL);
+    memcpy(p, a->data, a->length);
+    p += a->length;
+
+    *pp = p;
+    return (objsize);
+}
+
+int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
+{
+    int i, first, len = 0, c, use_bn;
+    char ftmp[24], *tmp = ftmp;
+    int tmpsize = sizeof ftmp;
+    const char *p;
+    unsigned long l;
+    BIGNUM *bl = NULL;
+
+    if (num == 0)
+        return (0);
+    else if (num == -1)
+        num = strlen(buf);
+
+    p = buf;
+    c = *(p++);
+    num--;
+    if ((c >= '0') && (c <= '2')) {
+        first = c - '0';
+    } else {
+        ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_FIRST_NUM_TOO_LARGE);
+        goto err;
+    }
+
+    if (num <= 0) {
+        ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_MISSING_SECOND_NUMBER);
+        goto err;
+    }
+    c = *(p++);
+    num--;
+    for (;;) {
+        if (num <= 0)
+            break;
+        if ((c != '.') && (c != ' ')) {
+            ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_INVALID_SEPARATOR);
+            goto err;
+        }
+        l = 0;
+        use_bn = 0;
+        for (;;) {
+            if (num <= 0)
+                break;
+            num--;
+            c = *(p++);
+            if ((c == ' ') || (c == '.'))
+                break;
+            if ((c < '0') || (c > '9')) {
+                ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_INVALID_DIGIT);
+                goto err;
+            }
+            if (!use_bn && l >= ((ULONG_MAX - 80) / 10L)) {
+                use_bn = 1;
+                if (!bl)
+                    bl = BN_new();
+                if (!bl || !BN_set_word(bl, l))
+                    goto err;
+            }
+            if (use_bn) {
+                if (!BN_mul_word(bl, 10L)
+                    || !BN_add_word(bl, c - '0'))
+                    goto err;
+            } else
+                l = l * 10L + (long)(c - '0');
+        }
+        if (len == 0) {
+            if ((first < 2) && (l >= 40)) {
+                ASN1err(ASN1_F_A2D_ASN1_OBJECT,
+                        ASN1_R_SECOND_NUMBER_TOO_LARGE);
+                goto err;
+            }
+            if (use_bn) {
+                if (!BN_add_word(bl, first * 40))
+                    goto err;
+            } else
+                l += (long)first *40;
+        }
+        i = 0;
+        if (use_bn) {
+            int blsize;
+            blsize = BN_num_bits(bl);
+            blsize = (blsize + 6) / 7;
+            if (blsize > tmpsize) {
+                if (tmp != ftmp)
+                    OPENSSL_free(tmp);
+                tmpsize = blsize + 32;
+                tmp = OPENSSL_malloc(tmpsize);
+                if (!tmp)
+                    goto err;
+            }
+            while (blsize--) {
+                BN_ULONG t = BN_div_word(bl, 0x80L);
+                if (t == (BN_ULONG)-1)
+                    goto err;
+                tmp[i++] = (unsigned char)t;
+            }
+        } else {
+
+            for (;;) {
+                tmp[i++] = (unsigned char)l & 0x7f;
+                l >>= 7L;
+                if (l == 0L)
+                    break;
+            }
+
+        }
+        if (out != NULL) {
+            if (len + i > olen) {
+                ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_BUFFER_TOO_SMALL);
+                goto err;
+            }
+            while (--i > 0)
+                out[len++] = tmp[i] | 0x80;
+            out[len++] = tmp[0];
+        } else
+            len += i;
+    }
+    if (tmp != ftmp)
+        OPENSSL_free(tmp);
+    if (bl)
+        BN_free(bl);
+    return (len);
+ err:
+    if (tmp != ftmp)
+        OPENSSL_free(tmp);
+    if (bl)
+        BN_free(bl);
+    return (0);
+}
+
+int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a)
+{
+    return OBJ_obj2txt(buf, buf_len, a, 0);
+}
+
+int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
+{
+    char buf[80], *p = buf;
+    int i;
+
+    if ((a == NULL) || (a->data == NULL))
+        return (BIO_write(bp, "NULL", 4));
+    i = i2t_ASN1_OBJECT(buf, sizeof buf, a);
+    if (i > (int)(sizeof(buf) - 1)) {
+        p = OPENSSL_malloc(i + 1);
+        if (!p)
+            return -1;
+        i2t_ASN1_OBJECT(p, i + 1, a);
+    }
+    if (i <= 0)
+        return BIO_write(bp, "<INVALID>", 9);
+    BIO_write(bp, p, i);
+    if (p != buf)
+        OPENSSL_free(p);
+    return (i);
+}
+
+ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
+                             long length)
+{
+    const unsigned char *p;
+    long len;
+    int tag, xclass;
+    int inf, i;
+    ASN1_OBJECT *ret = NULL;
+    p = *pp;
+    inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
+    if (inf & 0x80) {
+        i = ASN1_R_BAD_OBJECT_HEADER;
+        goto err;
+    }
+
+    if (tag != V_ASN1_OBJECT) {
+        i = ASN1_R_EXPECTING_AN_OBJECT;
+        goto err;
+    }
+    ret = c2i_ASN1_OBJECT(a, &p, len);
+    if (ret)
+        *pp = p;
+    return ret;
+ err:
+    ASN1err(ASN1_F_D2I_ASN1_OBJECT, i);
+    return (NULL);
+}
+
+ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
+                             long len)
+{
+    ASN1_OBJECT *ret = NULL;
+    const unsigned char *p;
+    unsigned char *data;
+    int i, length;
+
+    /*
+     * Sanity check OID encoding. Need at least one content octet. MSB must
+     * be clear in the last octet. can't have leading 0x80 in subidentifiers,
+     * see: X.690 8.19.2
+     */
+    if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL ||
+        p[len - 1] & 0x80) {
+        ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING);
+        return NULL;
+    }
+    /* Now 0 < len <= INT_MAX, so the cast is safe. */
+    length = (int)len;
+    for (i = 0; i < length; i++, p++) {
+        if (*p == 0x80 && (!i || !(p[-1] & 0x80))) {
+            ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING);
+            return NULL;
+        }
+    }
+
+    /*
+     * only the ASN1_OBJECTs from the 'table' will have values for ->sn or
+     * ->ln
+     */
+    if ((a == NULL) || ((*a) == NULL) ||
+        !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) {
+        if ((ret = ASN1_OBJECT_new()) == NULL)
+            return (NULL);
+    } else
+        ret = (*a);
+
+    p = *pp;
+    /* detach data from object */
+    data = (unsigned char *)ret->data;
+    ret->data = NULL;
+    /* once detached we can change it */
+    if ((data == NULL) || (ret->length < length)) {
+        ret->length = 0;
+        if (data != NULL)
+            OPENSSL_free(data);
+        data = (unsigned char *)OPENSSL_malloc(length);
+        if (data == NULL) {
+            i = ERR_R_MALLOC_FAILURE;
+            goto err;
+        }
+        ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+    }
+    memcpy(data, p, length);
+    /* reattach data to object, after which it remains const */
+    ret->data = data;
+    ret->length = length;
+    ret->sn = NULL;
+    ret->ln = NULL;
+    /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */
+    p += length;
+
+    if (a != NULL)
+        (*a) = ret;
+    *pp = p;
+    return (ret);
+ err:
+    ASN1err(ASN1_F_C2I_ASN1_OBJECT, i);
+    if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+        ASN1_OBJECT_free(ret);
+    return (NULL);
+}
+
+ASN1_OBJECT *ASN1_OBJECT_new(void)
+{
+    ASN1_OBJECT *ret;
+
+    ret = (ASN1_OBJECT *)OPENSSL_malloc(sizeof(ASN1_OBJECT));
+    if (ret == NULL) {
+        ASN1err(ASN1_F_ASN1_OBJECT_NEW, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
+    ret->length = 0;
+    ret->data = NULL;
+    ret->nid = 0;
+    ret->sn = NULL;
+    ret->ln = NULL;
+    ret->flags = ASN1_OBJECT_FLAG_DYNAMIC;
+    return (ret);
+}
+
+void ASN1_OBJECT_free(ASN1_OBJECT *a)
+{
+    if (a == NULL)
+        return;
+    if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) {
+#ifndef CONST_STRICT            /* disable purely for compile-time strict
+                                 * const checking. Doing this on a "real"
+                                 * compile will cause memory leaks */
+        if (a->sn != NULL)
+            OPENSSL_free((void *)a->sn);
+        if (a->ln != NULL)
+            OPENSSL_free((void *)a->ln);
+#endif
+        a->sn = a->ln = NULL;
+    }
+    if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) {
+        if (a->data != NULL)
+            OPENSSL_free((void *)a->data);
+        a->data = NULL;
+        a->length = 0;
+    }
+    if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC)
+        OPENSSL_free(a);
+}
+
+ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
+                                const char *sn, const char *ln)
+{
+    ASN1_OBJECT o;
+
+    o.sn = sn;
+    o.ln = ln;
+    o.data = data;
+    o.nid = nid;
+    o.length = len;
+    o.flags = ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS |
+        ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+    return (OBJ_dup(&o));
+}
+
+IMPLEMENT_STACK_OF(ASN1_OBJECT)
+
+IMPLEMENT_ASN1_SET_OF(ASN1_OBJECT)

Deleted: vendor-crypto/openssl/1.0.1u/crypto/asn1/a_set.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_set.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/a_set.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,238 +0,0 @@
-/* crypto/asn1/a_set.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1_mac.h>
-
-#ifndef NO_ASN1_OLD
-
-typedef struct {
-    unsigned char *pbData;
-    int cbData;
-} MYBLOB;
-
-/*
- * SetBlobCmp This function compares two elements of SET_OF block
- */
-static int SetBlobCmp(const void *elem1, const void *elem2)
-{
-    const MYBLOB *b1 = (const MYBLOB *)elem1;
-    const MYBLOB *b2 = (const MYBLOB *)elem2;
-    int r;
-
-    r = memcmp(b1->pbData, b2->pbData,
-               b1->cbData < b2->cbData ? b1->cbData : b2->cbData);
-    if (r != 0)
-        return r;
-    return b1->cbData - b2->cbData;
-}
-
-/*
- * int is_set: if TRUE, then sort the contents (i.e. it isn't a SEQUENCE)
- */
-int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp,
-                 i2d_of_void *i2d, int ex_tag, int ex_class, int is_set)
-{
-    int ret = 0, r;
-    int i;
-    unsigned char *p;
-    unsigned char *pStart, *pTempMem;
-    MYBLOB *rgSetBlob;
-    int totSize;
-
-    if (a == NULL)
-        return (0);
-    for (i = sk_OPENSSL_BLOCK_num(a) - 1; i >= 0; i--)
-        ret += i2d(sk_OPENSSL_BLOCK_value(a, i), NULL);
-    r = ASN1_object_size(1, ret, ex_tag);
-    if (pp == NULL)
-        return (r);
-
-    p = *pp;
-    ASN1_put_object(&p, 1, ret, ex_tag, ex_class);
-
-/* Modified by gp at nsj.co.jp */
-    /* And then again by Ben */
-    /* And again by Steve */
-
-    if (!is_set || (sk_OPENSSL_BLOCK_num(a) < 2)) {
-        for (i = 0; i < sk_OPENSSL_BLOCK_num(a); i++)
-            i2d(sk_OPENSSL_BLOCK_value(a, i), &p);
-
-        *pp = p;
-        return (r);
-    }
-
-    pStart = p;                 /* Catch the beg of Setblobs */
-    /* In this array we will store the SET blobs */
-    rgSetBlob = OPENSSL_malloc(sk_OPENSSL_BLOCK_num(a) * sizeof(MYBLOB));
-    if (rgSetBlob == NULL) {
-        ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE);
-        return (0);
-    }
-
-    for (i = 0; i < sk_OPENSSL_BLOCK_num(a); i++) {
-        rgSetBlob[i].pbData = p; /* catch each set encode blob */
-        i2d(sk_OPENSSL_BLOCK_value(a, i), &p);
-        rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this
-                                                        * SetBlob */
-    }
-    *pp = p;
-    totSize = p - pStart;       /* This is the total size of all set blobs */
-
-    /*
-     * Now we have to sort the blobs. I am using a simple algo. *Sort ptrs
-     * *Copy to temp-mem *Copy from temp-mem to user-mem
-     */
-    qsort(rgSetBlob, sk_OPENSSL_BLOCK_num(a), sizeof(MYBLOB), SetBlobCmp);
-    if (!(pTempMem = OPENSSL_malloc(totSize))) {
-        ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE);
-        return (0);
-    }
-
-/* Copy to temp mem */
-    p = pTempMem;
-    for (i = 0; i < sk_OPENSSL_BLOCK_num(a); ++i) {
-        memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData);
-        p += rgSetBlob[i].cbData;
-    }
-
-/* Copy back to user mem*/
-    memcpy(pStart, pTempMem, totSize);
-    OPENSSL_free(pTempMem);
-    OPENSSL_free(rgSetBlob);
-
-    return (r);
-}
-
-STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a,
-                                      const unsigned char **pp,
-                                      long length, d2i_of_void *d2i,
-                                      void (*free_func) (OPENSSL_BLOCK),
-                                      int ex_tag, int ex_class)
-{
-    ASN1_const_CTX c;
-    STACK_OF(OPENSSL_BLOCK) *ret = NULL;
-
-    if ((a == NULL) || ((*a) == NULL)) {
-        if ((ret = sk_OPENSSL_BLOCK_new_null()) == NULL) {
-            ASN1err(ASN1_F_D2I_ASN1_SET, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-    } else
-        ret = (*a);
-
-    c.p = *pp;
-    c.max = (length == 0) ? 0 : (c.p + length);
-
-    c.inf = ASN1_get_object(&c.p, &c.slen, &c.tag, &c.xclass, c.max - c.p);
-    if (c.inf & 0x80)
-        goto err;
-    if (ex_class != c.xclass) {
-        ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_BAD_CLASS);
-        goto err;
-    }
-    if (ex_tag != c.tag) {
-        ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_BAD_TAG);
-        goto err;
-    }
-    if ((c.slen + c.p) > c.max) {
-        ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_LENGTH_ERROR);
-        goto err;
-    }
-    /*
-     * check for infinite constructed - it can be as long as the amount of
-     * data passed to us
-     */
-    if (c.inf == (V_ASN1_CONSTRUCTED + 1))
-        c.slen = length + *pp - c.p;
-    c.max = c.p + c.slen;
-
-    while (c.p < c.max) {
-        char *s;
-
-        if (M_ASN1_D2I_end_sequence())
-            break;
-        /*
-         * XXX: This was called with 4 arguments, incorrectly, it seems if
-         * ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL)
-         */
-        if ((s = d2i(NULL, &c.p, c.slen)) == NULL) {
-            ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_ERROR_PARSING_SET_ELEMENT);
-            asn1_add_error(*pp, (int)(c.p - *pp));
-            goto err;
-        }
-        if (!sk_OPENSSL_BLOCK_push(ret, s))
-            goto err;
-    }
-    if (a != NULL)
-        (*a) = ret;
-    *pp = c.p;
-    return (ret);
- err:
-    if ((ret != NULL) && ((a == NULL) || (*a != ret))) {
-        if (free_func != NULL)
-            sk_OPENSSL_BLOCK_pop_free(ret, free_func);
-        else
-            sk_OPENSSL_BLOCK_free(ret);
-    }
-    return (NULL);
-}
-
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/asn1/a_set.c (from rev 11605, vendor-crypto/openssl/dist/crypto/asn1/a_set.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/asn1/a_set.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/a_set.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,243 @@
+/* crypto/asn1/a_set.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <limits.h>
+#include "cryptlib.h"
+#include <openssl/asn1_mac.h>
+
+#ifndef NO_ASN1_OLD
+
+typedef struct {
+    unsigned char *pbData;
+    int cbData;
+} MYBLOB;
+
+/*
+ * SetBlobCmp This function compares two elements of SET_OF block
+ */
+static int SetBlobCmp(const void *elem1, const void *elem2)
+{
+    const MYBLOB *b1 = (const MYBLOB *)elem1;
+    const MYBLOB *b2 = (const MYBLOB *)elem2;
+    int r;
+
+    r = memcmp(b1->pbData, b2->pbData,
+               b1->cbData < b2->cbData ? b1->cbData : b2->cbData);
+    if (r != 0)
+        return r;
+    return b1->cbData - b2->cbData;
+}
+
+/*
+ * int is_set: if TRUE, then sort the contents (i.e. it isn't a SEQUENCE)
+ */
+int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp,
+                 i2d_of_void *i2d, int ex_tag, int ex_class, int is_set)
+{
+    int ret = 0, r;
+    int i;
+    unsigned char *p;
+    unsigned char *pStart, *pTempMem;
+    MYBLOB *rgSetBlob;
+    int totSize;
+
+    if (a == NULL)
+        return (0);
+    for (i = sk_OPENSSL_BLOCK_num(a) - 1; i >= 0; i--) {
+        int tmplen = i2d(sk_OPENSSL_BLOCK_value(a, i), NULL);
+        if (tmplen > INT_MAX - ret)
+            return -1;
+        ret += i2d(sk_OPENSSL_BLOCK_value(a, i), NULL);
+    }
+    r = ASN1_object_size(1, ret, ex_tag);
+    if (pp == NULL || r == -1)
+        return (r);
+
+    p = *pp;
+    ASN1_put_object(&p, 1, ret, ex_tag, ex_class);
+
+/* Modified by gp at nsj.co.jp */
+    /* And then again by Ben */
+    /* And again by Steve */
+
+    if (!is_set || (sk_OPENSSL_BLOCK_num(a) < 2)) {
+        for (i = 0; i < sk_OPENSSL_BLOCK_num(a); i++)
+            i2d(sk_OPENSSL_BLOCK_value(a, i), &p);
+
+        *pp = p;
+        return (r);
+    }
+
+    pStart = p;                 /* Catch the beg of Setblobs */
+    /* In this array we will store the SET blobs */
+    rgSetBlob = OPENSSL_malloc(sk_OPENSSL_BLOCK_num(a) * sizeof(MYBLOB));
+    if (rgSetBlob == NULL) {
+        ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE);
+        return (0);
+    }
+
+    for (i = 0; i < sk_OPENSSL_BLOCK_num(a); i++) {
+        rgSetBlob[i].pbData = p; /* catch each set encode blob */
+        i2d(sk_OPENSSL_BLOCK_value(a, i), &p);
+        rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this
+                                                        * SetBlob */
+    }
+    *pp = p;
+    totSize = p - pStart;       /* This is the total size of all set blobs */
+
+    /*
+     * Now we have to sort the blobs. I am using a simple algo. *Sort ptrs
+     * *Copy to temp-mem *Copy from temp-mem to user-mem
+     */
+    qsort(rgSetBlob, sk_OPENSSL_BLOCK_num(a), sizeof(MYBLOB), SetBlobCmp);
+    if (!(pTempMem = OPENSSL_malloc(totSize))) {
+        ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE);
+        return (0);
+    }
+
+/* Copy to temp mem */
+    p = pTempMem;
+    for (i = 0; i < sk_OPENSSL_BLOCK_num(a); ++i) {
+        memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData);
+        p += rgSetBlob[i].cbData;
+    }
+
+/* Copy back to user mem*/
+    memcpy(pStart, pTempMem, totSize);
+    OPENSSL_free(pTempMem);
+    OPENSSL_free(rgSetBlob);
+
+    return (r);
+}
+
+STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a,
+                                      const unsigned char **pp,
+                                      long length, d2i_of_void *d2i,
+                                      void (*free_func) (OPENSSL_BLOCK),
+                                      int ex_tag, int ex_class)
+{
+    ASN1_const_CTX c;
+    STACK_OF(OPENSSL_BLOCK) *ret = NULL;
+
+    if ((a == NULL) || ((*a) == NULL)) {
+        if ((ret = sk_OPENSSL_BLOCK_new_null()) == NULL) {
+            ASN1err(ASN1_F_D2I_ASN1_SET, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    } else
+        ret = (*a);
+
+    c.p = *pp;
+    c.max = (length == 0) ? 0 : (c.p + length);
+
+    c.inf = ASN1_get_object(&c.p, &c.slen, &c.tag, &c.xclass, c.max - c.p);
+    if (c.inf & 0x80)
+        goto err;
+    if (ex_class != c.xclass) {
+        ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_BAD_CLASS);
+        goto err;
+    }
+    if (ex_tag != c.tag) {
+        ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_BAD_TAG);
+        goto err;
+    }
+    if ((c.slen + c.p) > c.max) {
+        ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_LENGTH_ERROR);
+        goto err;
+    }
+    /*
+     * check for infinite constructed - it can be as long as the amount of
+     * data passed to us
+     */
+    if (c.inf == (V_ASN1_CONSTRUCTED + 1))
+        c.slen = length + *pp - c.p;
+    c.max = c.p + c.slen;
+
+    while (c.p < c.max) {
+        char *s;
+
+        if (M_ASN1_D2I_end_sequence())
+            break;
+        /*
+         * XXX: This was called with 4 arguments, incorrectly, it seems if
+         * ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL)
+         */
+        if ((s = d2i(NULL, &c.p, c.slen)) == NULL) {
+            ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_ERROR_PARSING_SET_ELEMENT);
+            asn1_add_error(*pp, (int)(c.p - *pp));
+            goto err;
+        }
+        if (!sk_OPENSSL_BLOCK_push(ret, s))
+            goto err;
+    }
+    if (a != NULL)
+        (*a) = ret;
+    *pp = c.p;
+    return (ret);
+ err:
+    if ((ret != NULL) && ((a == NULL) || (*a != ret))) {
+        if (free_func != NULL)
+            sk_OPENSSL_BLOCK_pop_free(ret, free_func);
+        else
+            sk_OPENSSL_BLOCK_free(ret);
+    }
+    return (NULL);
+}
+
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/asn1/a_type.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_type.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/a_type.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,157 +0,0 @@
-/* crypto/asn1/a_type.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/objects.h>
-
-int ASN1_TYPE_get(ASN1_TYPE *a)
-{
-    if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL))
-        return (a->type);
-    else
-        return (0);
-}
-
-void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
-{
-    if (a->value.ptr != NULL) {
-        ASN1_TYPE **tmp_a = &a;
-        ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL);
-    }
-    a->type = type;
-    if (type == V_ASN1_BOOLEAN)
-        a->value.boolean = value ? 0xff : 0;
-    else
-        a->value.ptr = value;
-}
-
-int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value)
-{
-    if (!value || (type == V_ASN1_BOOLEAN)) {
-        void *p = (void *)value;
-        ASN1_TYPE_set(a, type, p);
-    } else if (type == V_ASN1_OBJECT) {
-        ASN1_OBJECT *odup;
-        odup = OBJ_dup(value);
-        if (!odup)
-            return 0;
-        ASN1_TYPE_set(a, type, odup);
-    } else {
-        ASN1_STRING *sdup;
-        sdup = ASN1_STRING_dup(value);
-        if (!sdup)
-            return 0;
-        ASN1_TYPE_set(a, type, sdup);
-    }
-    return 1;
-}
-
-IMPLEMENT_STACK_OF(ASN1_TYPE)
-
-IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)
-
-/* Returns 0 if they are equal, != 0 otherwise. */
-int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b)
-{
-    int result = -1;
-
-    if (!a || !b || a->type != b->type)
-        return -1;
-
-    switch (a->type) {
-    case V_ASN1_OBJECT:
-        result = OBJ_cmp(a->value.object, b->value.object);
-        break;
-    case V_ASN1_BOOLEAN:
-        result = a->value.boolean - b->value.boolean;
-        break;
-    case V_ASN1_NULL:
-        result = 0;             /* They do not have content. */
-        break;
-    case V_ASN1_INTEGER:
-    case V_ASN1_NEG_INTEGER:
-    case V_ASN1_ENUMERATED:
-    case V_ASN1_NEG_ENUMERATED:
-    case V_ASN1_BIT_STRING:
-    case V_ASN1_OCTET_STRING:
-    case V_ASN1_SEQUENCE:
-    case V_ASN1_SET:
-    case V_ASN1_NUMERICSTRING:
-    case V_ASN1_PRINTABLESTRING:
-    case V_ASN1_T61STRING:
-    case V_ASN1_VIDEOTEXSTRING:
-    case V_ASN1_IA5STRING:
-    case V_ASN1_UTCTIME:
-    case V_ASN1_GENERALIZEDTIME:
-    case V_ASN1_GRAPHICSTRING:
-    case V_ASN1_VISIBLESTRING:
-    case V_ASN1_GENERALSTRING:
-    case V_ASN1_UNIVERSALSTRING:
-    case V_ASN1_BMPSTRING:
-    case V_ASN1_UTF8STRING:
-    case V_ASN1_OTHER:
-    default:
-        result = ASN1_STRING_cmp((ASN1_STRING *)a->value.ptr,
-                                 (ASN1_STRING *)b->value.ptr);
-        break;
-    }
-
-    return result;
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/asn1/a_type.c (from rev 11605, vendor-crypto/openssl/dist/crypto/asn1/a_type.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/asn1/a_type.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/a_type.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,155 @@
+/* crypto/asn1/a_type.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+
+int ASN1_TYPE_get(ASN1_TYPE *a)
+{
+    if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL))
+        return (a->type);
+    else
+        return (0);
+}
+
+void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
+{
+    if (a->value.ptr != NULL) {
+        ASN1_TYPE **tmp_a = &a;
+        ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL);
+    }
+    a->type = type;
+    if (type == V_ASN1_BOOLEAN)
+        a->value.boolean = value ? 0xff : 0;
+    else
+        a->value.ptr = value;
+}
+
+int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value)
+{
+    if (!value || (type == V_ASN1_BOOLEAN)) {
+        void *p = (void *)value;
+        ASN1_TYPE_set(a, type, p);
+    } else if (type == V_ASN1_OBJECT) {
+        ASN1_OBJECT *odup;
+        odup = OBJ_dup(value);
+        if (!odup)
+            return 0;
+        ASN1_TYPE_set(a, type, odup);
+    } else {
+        ASN1_STRING *sdup;
+        sdup = ASN1_STRING_dup(value);
+        if (!sdup)
+            return 0;
+        ASN1_TYPE_set(a, type, sdup);
+    }
+    return 1;
+}
+
+IMPLEMENT_STACK_OF(ASN1_TYPE)
+
+IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)
+
+/* Returns 0 if they are equal, != 0 otherwise. */
+int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b)
+{
+    int result = -1;
+
+    if (!a || !b || a->type != b->type)
+        return -1;
+
+    switch (a->type) {
+    case V_ASN1_OBJECT:
+        result = OBJ_cmp(a->value.object, b->value.object);
+        break;
+    case V_ASN1_BOOLEAN:
+        result = a->value.boolean - b->value.boolean;
+        break;
+    case V_ASN1_NULL:
+        result = 0;             /* They do not have content. */
+        break;
+    case V_ASN1_INTEGER:
+    case V_ASN1_ENUMERATED:
+    case V_ASN1_BIT_STRING:
+    case V_ASN1_OCTET_STRING:
+    case V_ASN1_SEQUENCE:
+    case V_ASN1_SET:
+    case V_ASN1_NUMERICSTRING:
+    case V_ASN1_PRINTABLESTRING:
+    case V_ASN1_T61STRING:
+    case V_ASN1_VIDEOTEXSTRING:
+    case V_ASN1_IA5STRING:
+    case V_ASN1_UTCTIME:
+    case V_ASN1_GENERALIZEDTIME:
+    case V_ASN1_GRAPHICSTRING:
+    case V_ASN1_VISIBLESTRING:
+    case V_ASN1_GENERALSTRING:
+    case V_ASN1_UNIVERSALSTRING:
+    case V_ASN1_BMPSTRING:
+    case V_ASN1_UTF8STRING:
+    case V_ASN1_OTHER:
+    default:
+        result = ASN1_STRING_cmp((ASN1_STRING *)a->value.ptr,
+                                 (ASN1_STRING *)b->value.ptr);
+        break;
+    }
+
+    return result;
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/asn1/asn1_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/asn1_lib.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/asn1_lib.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,483 +0,0 @@
-/* crypto/asn1/asn1_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <limits.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/asn1_mac.h>
-
-static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
-                           int max);
-static void asn1_put_length(unsigned char **pp, int length);
-const char ASN1_version[] = "ASN.1" OPENSSL_VERSION_PTEXT;
-
-static int _asn1_check_infinite_end(const unsigned char **p, long len)
-{
-    /*
-     * If there is 0 or 1 byte left, the length check should pick things up
-     */
-    if (len <= 0)
-        return (1);
-    else if ((len >= 2) && ((*p)[0] == 0) && ((*p)[1] == 0)) {
-        (*p) += 2;
-        return (1);
-    }
-    return (0);
-}
-
-int ASN1_check_infinite_end(unsigned char **p, long len)
-{
-    return _asn1_check_infinite_end((const unsigned char **)p, len);
-}
-
-int ASN1_const_check_infinite_end(const unsigned char **p, long len)
-{
-    return _asn1_check_infinite_end(p, len);
-}
-
-int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
-                    int *pclass, long omax)
-{
-    int i, ret;
-    long l;
-    const unsigned char *p = *pp;
-    int tag, xclass, inf;
-    long max = omax;
-
-    if (!max)
-        goto err;
-    ret = (*p & V_ASN1_CONSTRUCTED);
-    xclass = (*p & V_ASN1_PRIVATE);
-    i = *p & V_ASN1_PRIMITIVE_TAG;
-    if (i == V_ASN1_PRIMITIVE_TAG) { /* high-tag */
-        p++;
-        if (--max == 0)
-            goto err;
-        l = 0;
-        while (*p & 0x80) {
-            l <<= 7L;
-            l |= *(p++) & 0x7f;
-            if (--max == 0)
-                goto err;
-            if (l > (INT_MAX >> 7L))
-                goto err;
-        }
-        l <<= 7L;
-        l |= *(p++) & 0x7f;
-        tag = (int)l;
-        if (--max == 0)
-            goto err;
-    } else {
-        tag = i;
-        p++;
-        if (--max == 0)
-            goto err;
-    }
-    *ptag = tag;
-    *pclass = xclass;
-    if (!asn1_get_length(&p, &inf, plength, (int)max))
-        goto err;
-
-    if (inf && !(ret & V_ASN1_CONSTRUCTED))
-        goto err;
-
-#if 0
-    fprintf(stderr, "p=%d + *plength=%ld > omax=%ld + *pp=%d  (%d > %d)\n",
-            (int)p, *plength, omax, (int)*pp, (int)(p + *plength),
-            (int)(omax + *pp));
-
-#endif
-    if (*plength > (omax - (p - *pp))) {
-        ASN1err(ASN1_F_ASN1_GET_OBJECT, ASN1_R_TOO_LONG);
-        /*
-         * Set this so that even if things are not long enough the values are
-         * set correctly
-         */
-        ret |= 0x80;
-    }
-    *pp = p;
-    return (ret | inf);
- err:
-    ASN1err(ASN1_F_ASN1_GET_OBJECT, ASN1_R_HEADER_TOO_LONG);
-    return (0x80);
-}
-
-static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
-                           int max)
-{
-    const unsigned char *p = *pp;
-    unsigned long ret = 0;
-    unsigned int i;
-
-    if (max-- < 1)
-        return (0);
-    if (*p == 0x80) {
-        *inf = 1;
-        ret = 0;
-        p++;
-    } else {
-        *inf = 0;
-        i = *p & 0x7f;
-        if (*(p++) & 0x80) {
-            if (i > sizeof(long))
-                return 0;
-            if (max-- == 0)
-                return (0);
-            while (i-- > 0) {
-                ret <<= 8L;
-                ret |= *(p++);
-                if (max-- == 0)
-                    return (0);
-            }
-        } else
-            ret = i;
-    }
-    if (ret > LONG_MAX)
-        return 0;
-    *pp = p;
-    *rl = (long)ret;
-    return (1);
-}
-
-/*
- * class 0 is constructed constructed == 2 for indefinite length constructed
- */
-void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag,
-                     int xclass)
-{
-    unsigned char *p = *pp;
-    int i, ttag;
-
-    i = (constructed) ? V_ASN1_CONSTRUCTED : 0;
-    i |= (xclass & V_ASN1_PRIVATE);
-    if (tag < 31)
-        *(p++) = i | (tag & V_ASN1_PRIMITIVE_TAG);
-    else {
-        *(p++) = i | V_ASN1_PRIMITIVE_TAG;
-        for (i = 0, ttag = tag; ttag > 0; i++)
-            ttag >>= 7;
-        ttag = i;
-        while (i-- > 0) {
-            p[i] = tag & 0x7f;
-            if (i != (ttag - 1))
-                p[i] |= 0x80;
-            tag >>= 7;
-        }
-        p += ttag;
-    }
-    if (constructed == 2)
-        *(p++) = 0x80;
-    else
-        asn1_put_length(&p, length);
-    *pp = p;
-}
-
-int ASN1_put_eoc(unsigned char **pp)
-{
-    unsigned char *p = *pp;
-    *p++ = 0;
-    *p++ = 0;
-    *pp = p;
-    return 2;
-}
-
-static void asn1_put_length(unsigned char **pp, int length)
-{
-    unsigned char *p = *pp;
-    int i, l;
-    if (length <= 127)
-        *(p++) = (unsigned char)length;
-    else {
-        l = length;
-        for (i = 0; l > 0; i++)
-            l >>= 8;
-        *(p++) = i | 0x80;
-        l = i;
-        while (i-- > 0) {
-            p[i] = length & 0xff;
-            length >>= 8;
-        }
-        p += l;
-    }
-    *pp = p;
-}
-
-int ASN1_object_size(int constructed, int length, int tag)
-{
-    int ret;
-
-    ret = length;
-    ret++;
-    if (tag >= 31) {
-        while (tag > 0) {
-            tag >>= 7;
-            ret++;
-        }
-    }
-    if (constructed == 2)
-        return ret + 3;
-    ret++;
-    if (length > 127) {
-        while (length > 0) {
-            length >>= 8;
-            ret++;
-        }
-    }
-    return (ret);
-}
-
-static int _asn1_Finish(ASN1_const_CTX *c)
-{
-    if ((c->inf == (1 | V_ASN1_CONSTRUCTED)) && (!c->eos)) {
-        if (!ASN1_const_check_infinite_end(&c->p, c->slen)) {
-            c->error = ERR_R_MISSING_ASN1_EOS;
-            return (0);
-        }
-    }
-    if (((c->slen != 0) && !(c->inf & 1)) || ((c->slen < 0) && (c->inf & 1))) {
-        c->error = ERR_R_ASN1_LENGTH_MISMATCH;
-        return (0);
-    }
-    return (1);
-}
-
-int asn1_Finish(ASN1_CTX *c)
-{
-    return _asn1_Finish((ASN1_const_CTX *)c);
-}
-
-int asn1_const_Finish(ASN1_const_CTX *c)
-{
-    return _asn1_Finish(c);
-}
-
-int asn1_GetSequence(ASN1_const_CTX *c, long *length)
-{
-    const unsigned char *q;
-
-    q = c->p;
-    c->inf = ASN1_get_object(&(c->p), &(c->slen), &(c->tag), &(c->xclass),
-                             *length);
-    if (c->inf & 0x80) {
-        c->error = ERR_R_BAD_GET_ASN1_OBJECT_CALL;
-        return (0);
-    }
-    if (c->tag != V_ASN1_SEQUENCE) {
-        c->error = ERR_R_EXPECTING_AN_ASN1_SEQUENCE;
-        return (0);
-    }
-    (*length) -= (c->p - q);
-    if (c->max && (*length < 0)) {
-        c->error = ERR_R_ASN1_LENGTH_MISMATCH;
-        return (0);
-    }
-    if (c->inf == (1 | V_ASN1_CONSTRUCTED))
-        c->slen = *length + *(c->pp) - c->p;
-    c->eos = 0;
-    return (1);
-}
-
-int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str)
-{
-    if (str == NULL)
-        return 0;
-    dst->type = str->type;
-    if (!ASN1_STRING_set(dst, str->data, str->length))
-        return 0;
-    dst->flags = str->flags;
-    return 1;
-}
-
-ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *str)
-{
-    ASN1_STRING *ret;
-    if (!str)
-        return NULL;
-    ret = ASN1_STRING_new();
-    if (!ret)
-        return NULL;
-    if (!ASN1_STRING_copy(ret, str)) {
-        ASN1_STRING_free(ret);
-        return NULL;
-    }
-    return ret;
-}
-
-int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
-{
-    unsigned char *c;
-    const char *data = _data;
-
-    if (len < 0) {
-        if (data == NULL)
-            return (0);
-        else
-            len = strlen(data);
-    }
-    if ((str->length < len) || (str->data == NULL)) {
-        c = str->data;
-        if (c == NULL)
-            str->data = OPENSSL_malloc(len + 1);
-        else
-            str->data = OPENSSL_realloc(c, len + 1);
-
-        if (str->data == NULL) {
-            ASN1err(ASN1_F_ASN1_STRING_SET, ERR_R_MALLOC_FAILURE);
-            str->data = c;
-            return (0);
-        }
-    }
-    str->length = len;
-    if (data != NULL) {
-        memcpy(str->data, data, len);
-        /* an allowance for strings :-) */
-        str->data[len] = '\0';
-    }
-    return (1);
-}
-
-void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len)
-{
-    if (str->data)
-        OPENSSL_free(str->data);
-    str->data = data;
-    str->length = len;
-}
-
-ASN1_STRING *ASN1_STRING_new(void)
-{
-    return (ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
-}
-
-ASN1_STRING *ASN1_STRING_type_new(int type)
-{
-    ASN1_STRING *ret;
-
-    ret = (ASN1_STRING *)OPENSSL_malloc(sizeof(ASN1_STRING));
-    if (ret == NULL) {
-        ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW, ERR_R_MALLOC_FAILURE);
-        return (NULL);
-    }
-    ret->length = 0;
-    ret->type = type;
-    ret->data = NULL;
-    ret->flags = 0;
-    return (ret);
-}
-
-void ASN1_STRING_free(ASN1_STRING *a)
-{
-    if (a == NULL)
-        return;
-    if (a->data && !(a->flags & ASN1_STRING_FLAG_NDEF))
-        OPENSSL_free(a->data);
-    OPENSSL_free(a);
-}
-
-void ASN1_STRING_clear_free(ASN1_STRING *a)
-{
-    if (a && a->data && !(a->flags & ASN1_STRING_FLAG_NDEF))
-        OPENSSL_cleanse(a->data, a->length);
-    ASN1_STRING_free(a);
-}
-
-int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
-{
-    int i;
-
-    i = (a->length - b->length);
-    if (i == 0) {
-        i = memcmp(a->data, b->data, a->length);
-        if (i == 0)
-            return (a->type - b->type);
-        else
-            return (i);
-    } else
-        return (i);
-}
-
-void asn1_add_error(const unsigned char *address, int offset)
-{
-    char buf1[DECIMAL_SIZE(address) + 1], buf2[DECIMAL_SIZE(offset) + 1];
-
-    BIO_snprintf(buf1, sizeof buf1, "%lu", (unsigned long)address);
-    BIO_snprintf(buf2, sizeof buf2, "%d", offset);
-    ERR_add_error_data(4, "address=", buf1, " offset=", buf2);
-}
-
-int ASN1_STRING_length(const ASN1_STRING *x)
-{
-    return M_ASN1_STRING_length(x);
-}
-
-void ASN1_STRING_length_set(ASN1_STRING *x, int len)
-{
-    M_ASN1_STRING_length_set(x, len);
-    return;
-}
-
-int ASN1_STRING_type(ASN1_STRING *x)
-{
-    return M_ASN1_STRING_type(x);
-}
-
-unsigned char *ASN1_STRING_data(ASN1_STRING *x)
-{
-    return M_ASN1_STRING_data(x);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/asn1/asn1_lib.c (from rev 11605, vendor-crypto/openssl/dist/crypto/asn1/asn1_lib.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/asn1/asn1_lib.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/asn1_lib.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,483 @@
+/* crypto/asn1/asn1_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <limits.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>
+
+static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
+                           long max);
+static void asn1_put_length(unsigned char **pp, int length);
+const char ASN1_version[] = "ASN.1" OPENSSL_VERSION_PTEXT;
+
+static int _asn1_check_infinite_end(const unsigned char **p, long len)
+{
+    /*
+     * If there is 0 or 1 byte left, the length check should pick things up
+     */
+    if (len <= 0)
+        return (1);
+    else if ((len >= 2) && ((*p)[0] == 0) && ((*p)[1] == 0)) {
+        (*p) += 2;
+        return (1);
+    }
+    return (0);
+}
+
+int ASN1_check_infinite_end(unsigned char **p, long len)
+{
+    return _asn1_check_infinite_end((const unsigned char **)p, len);
+}
+
+int ASN1_const_check_infinite_end(const unsigned char **p, long len)
+{
+    return _asn1_check_infinite_end(p, len);
+}
+
+int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
+                    int *pclass, long omax)
+{
+    int i, ret;
+    long l;
+    const unsigned char *p = *pp;
+    int tag, xclass, inf;
+    long max = omax;
+
+    if (!max)
+        goto err;
+    ret = (*p & V_ASN1_CONSTRUCTED);
+    xclass = (*p & V_ASN1_PRIVATE);
+    i = *p & V_ASN1_PRIMITIVE_TAG;
+    if (i == V_ASN1_PRIMITIVE_TAG) { /* high-tag */
+        p++;
+        if (--max == 0)
+            goto err;
+        l = 0;
+        while (*p & 0x80) {
+            l <<= 7L;
+            l |= *(p++) & 0x7f;
+            if (--max == 0)
+                goto err;
+            if (l > (INT_MAX >> 7L))
+                goto err;
+        }
+        l <<= 7L;
+        l |= *(p++) & 0x7f;
+        tag = (int)l;
+        if (--max == 0)
+            goto err;
+    } else {
+        tag = i;
+        p++;
+        if (--max == 0)
+            goto err;
+    }
+    *ptag = tag;
+    *pclass = xclass;
+    if (!asn1_get_length(&p, &inf, plength, max))
+        goto err;
+
+    if (inf && !(ret & V_ASN1_CONSTRUCTED))
+        goto err;
+
+#if 0
+    fprintf(stderr, "p=%d + *plength=%ld > omax=%ld + *pp=%d  (%d > %d)\n",
+            (int)p, *plength, omax, (int)*pp, (int)(p + *plength),
+            (int)(omax + *pp));
+
+#endif
+    if (*plength > (omax - (p - *pp))) {
+        ASN1err(ASN1_F_ASN1_GET_OBJECT, ASN1_R_TOO_LONG);
+        /*
+         * Set this so that even if things are not long enough the values are
+         * set correctly
+         */
+        ret |= 0x80;
+    }
+    *pp = p;
+    return (ret | inf);
+ err:
+    ASN1err(ASN1_F_ASN1_GET_OBJECT, ASN1_R_HEADER_TOO_LONG);
+    return (0x80);
+}
+
+static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
+                           long max)
+{
+    const unsigned char *p = *pp;
+    unsigned long ret = 0;
+    unsigned long i;
+
+    if (max-- < 1)
+        return 0;
+    if (*p == 0x80) {
+        *inf = 1;
+        ret = 0;
+        p++;
+    } else {
+        *inf = 0;
+        i = *p & 0x7f;
+        if (*(p++) & 0x80) {
+            if (i > sizeof(ret) || max < (long)i)
+                return 0;
+            while (i-- > 0) {
+                ret <<= 8L;
+                ret |= *(p++);
+            }
+        } else
+            ret = i;
+    }
+    if (ret > LONG_MAX)
+        return 0;
+    *pp = p;
+    *rl = (long)ret;
+    return 1;
+}
+
+/*
+ * class 0 is constructed constructed == 2 for indefinite length constructed
+ */
+void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag,
+                     int xclass)
+{
+    unsigned char *p = *pp;
+    int i, ttag;
+
+    i = (constructed) ? V_ASN1_CONSTRUCTED : 0;
+    i |= (xclass & V_ASN1_PRIVATE);
+    if (tag < 31)
+        *(p++) = i | (tag & V_ASN1_PRIMITIVE_TAG);
+    else {
+        *(p++) = i | V_ASN1_PRIMITIVE_TAG;
+        for (i = 0, ttag = tag; ttag > 0; i++)
+            ttag >>= 7;
+        ttag = i;
+        while (i-- > 0) {
+            p[i] = tag & 0x7f;
+            if (i != (ttag - 1))
+                p[i] |= 0x80;
+            tag >>= 7;
+        }
+        p += ttag;
+    }
+    if (constructed == 2)
+        *(p++) = 0x80;
+    else
+        asn1_put_length(&p, length);
+    *pp = p;
+}
+
+int ASN1_put_eoc(unsigned char **pp)
+{
+    unsigned char *p = *pp;
+    *p++ = 0;
+    *p++ = 0;
+    *pp = p;
+    return 2;
+}
+
+static void asn1_put_length(unsigned char **pp, int length)
+{
+    unsigned char *p = *pp;
+    int i, l;
+    if (length <= 127)
+        *(p++) = (unsigned char)length;
+    else {
+        l = length;
+        for (i = 0; l > 0; i++)
+            l >>= 8;
+        *(p++) = i | 0x80;
+        l = i;
+        while (i-- > 0) {
+            p[i] = length & 0xff;
+            length >>= 8;
+        }
+        p += l;
+    }
+    *pp = p;
+}
+
+int ASN1_object_size(int constructed, int length, int tag)
+{
+    int ret = 1;
+    if (length < 0)
+        return -1;
+    if (tag >= 31) {
+        while (tag > 0) {
+            tag >>= 7;
+            ret++;
+        }
+    }
+    if (constructed == 2) {
+        ret += 3;
+    } else {
+        ret++;
+        if (length > 127) {
+            int tmplen = length;
+            while (tmplen > 0) {
+                tmplen >>= 8;
+                ret++;
+            }
+        }
+    }
+    if (ret >= INT_MAX - length)
+        return -1;
+    return ret + length;
+}
+
+static int _asn1_Finish(ASN1_const_CTX *c)
+{
+    if ((c->inf == (1 | V_ASN1_CONSTRUCTED)) && (!c->eos)) {
+        if (!ASN1_const_check_infinite_end(&c->p, c->slen)) {
+            c->error = ERR_R_MISSING_ASN1_EOS;
+            return (0);
+        }
+    }
+    if (((c->slen != 0) && !(c->inf & 1)) || ((c->slen < 0) && (c->inf & 1))) {
+        c->error = ERR_R_ASN1_LENGTH_MISMATCH;
+        return (0);
+    }
+    return (1);
+}
+
+int asn1_Finish(ASN1_CTX *c)
+{
+    return _asn1_Finish((ASN1_const_CTX *)c);
+}
+
+int asn1_const_Finish(ASN1_const_CTX *c)
+{
+    return _asn1_Finish(c);
+}
+
+int asn1_GetSequence(ASN1_const_CTX *c, long *length)
+{
+    const unsigned char *q;
+
+    q = c->p;
+    c->inf = ASN1_get_object(&(c->p), &(c->slen), &(c->tag), &(c->xclass),
+                             *length);
+    if (c->inf & 0x80) {
+        c->error = ERR_R_BAD_GET_ASN1_OBJECT_CALL;
+        return (0);
+    }
+    if (c->tag != V_ASN1_SEQUENCE) {
+        c->error = ERR_R_EXPECTING_AN_ASN1_SEQUENCE;
+        return (0);
+    }
+    (*length) -= (c->p - q);
+    if (c->max && (*length < 0)) {
+        c->error = ERR_R_ASN1_LENGTH_MISMATCH;
+        return (0);
+    }
+    if (c->inf == (1 | V_ASN1_CONSTRUCTED))
+        c->slen = *length;
+    c->eos = 0;
+    return (1);
+}
+
+int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str)
+{
+    if (str == NULL)
+        return 0;
+    dst->type = str->type;
+    if (!ASN1_STRING_set(dst, str->data, str->length))
+        return 0;
+    dst->flags = str->flags;
+    return 1;
+}
+
+ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *str)
+{
+    ASN1_STRING *ret;
+    if (!str)
+        return NULL;
+    ret = ASN1_STRING_new();
+    if (!ret)
+        return NULL;
+    if (!ASN1_STRING_copy(ret, str)) {
+        ASN1_STRING_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
+{
+    unsigned char *c;
+    const char *data = _data;
+
+    if (len < 0) {
+        if (data == NULL)
+            return (0);
+        else
+            len = strlen(data);
+    }
+    if ((str->length <= len) || (str->data == NULL)) {
+        c = str->data;
+        if (c == NULL)
+            str->data = OPENSSL_malloc(len + 1);
+        else
+            str->data = OPENSSL_realloc(c, len + 1);
+
+        if (str->data == NULL) {
+            ASN1err(ASN1_F_ASN1_STRING_SET, ERR_R_MALLOC_FAILURE);
+            str->data = c;
+            return (0);
+        }
+    }
+    str->length = len;
+    if (data != NULL) {
+        memcpy(str->data, data, len);
+        /* an allowance for strings :-) */
+        str->data[len] = '\0';
+    }
+    return (1);
+}
+
+void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len)
+{
+    if (str->data)
+        OPENSSL_free(str->data);
+    str->data = data;
+    str->length = len;
+}
+
+ASN1_STRING *ASN1_STRING_new(void)
+{
+    return (ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
+}
+
+ASN1_STRING *ASN1_STRING_type_new(int type)
+{
+    ASN1_STRING *ret;
+
+    ret = (ASN1_STRING *)OPENSSL_malloc(sizeof(ASN1_STRING));
+    if (ret == NULL) {
+        ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
+    ret->length = 0;
+    ret->type = type;
+    ret->data = NULL;
+    ret->flags = 0;
+    return (ret);
+}
+
+void ASN1_STRING_free(ASN1_STRING *a)
+{
+    if (a == NULL)
+        return;
+    if (a->data && !(a->flags & ASN1_STRING_FLAG_NDEF))
+        OPENSSL_free(a->data);
+    OPENSSL_free(a);
+}
+
+void ASN1_STRING_clear_free(ASN1_STRING *a)
+{
+    if (a && a->data && !(a->flags & ASN1_STRING_FLAG_NDEF))
+        OPENSSL_cleanse(a->data, a->length);
+    ASN1_STRING_free(a);
+}
+
+int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
+{
+    int i;
+
+    i = (a->length - b->length);
+    if (i == 0) {
+        i = memcmp(a->data, b->data, a->length);
+        if (i == 0)
+            return (a->type - b->type);
+        else
+            return (i);
+    } else
+        return (i);
+}
+
+void asn1_add_error(const unsigned char *address, int offset)
+{
+    char buf1[DECIMAL_SIZE(address) + 1], buf2[DECIMAL_SIZE(offset) + 1];
+
+    BIO_snprintf(buf1, sizeof buf1, "%lu", (unsigned long)address);
+    BIO_snprintf(buf2, sizeof buf2, "%d", offset);
+    ERR_add_error_data(4, "address=", buf1, " offset=", buf2);
+}
+
+int ASN1_STRING_length(const ASN1_STRING *x)
+{
+    return M_ASN1_STRING_length(x);
+}
+
+void ASN1_STRING_length_set(ASN1_STRING *x, int len)
+{
+    M_ASN1_STRING_length_set(x, len);
+    return;
+}
+
+int ASN1_STRING_type(ASN1_STRING *x)
+{
+    return M_ASN1_STRING_type(x);
+}
+
+unsigned char *ASN1_STRING_data(ASN1_STRING *x)
+{
+    return M_ASN1_STRING_data(x);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/asn1/asn1_par.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/asn1_par.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/asn1_par.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,415 +0,0 @@
-/* crypto/asn1/asn1_par.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/objects.h>
-#include <openssl/asn1.h>
-
-#ifndef ASN1_PARSE_MAXDEPTH
-#define ASN1_PARSE_MAXDEPTH 128
-#endif
-
-static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
-                           int indent);
-static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
-                       int offset, int depth, int indent, int dump);
-static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
-                           int indent)
-{
-    static const char fmt[] = "%-18s";
-    char str[128];
-    const char *p;
-
-    if (constructed & V_ASN1_CONSTRUCTED)
-        p = "cons: ";
-    else
-        p = "prim: ";
-    if (BIO_write(bp, p, 6) < 6)
-        goto err;
-    BIO_indent(bp, indent, 128);
-
-    p = str;
-    if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
-        BIO_snprintf(str, sizeof str, "priv [ %d ] ", tag);
-    else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
-        BIO_snprintf(str, sizeof str, "cont [ %d ]", tag);
-    else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
-        BIO_snprintf(str, sizeof str, "appl [ %d ]", tag);
-    else if (tag > 30)
-        BIO_snprintf(str, sizeof str, "<ASN1 %d>", tag);
-    else
-        p = ASN1_tag2str(tag);
-
-    if (BIO_printf(bp, fmt, p) <= 0)
-        goto err;
-    return (1);
- err:
-    return (0);
-}
-
-int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent)
-{
-    return (asn1_parse2(bp, &pp, len, 0, 0, indent, 0));
-}
-
-int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent,
-                    int dump)
-{
-    return (asn1_parse2(bp, &pp, len, 0, 0, indent, dump));
-}
-
-static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
-                       int offset, int depth, int indent, int dump)
-{
-    const unsigned char *p, *ep, *tot, *op, *opp;
-    long len;
-    int tag, xclass, ret = 0;
-    int nl, hl, j, r;
-    ASN1_OBJECT *o = NULL;
-    ASN1_OCTET_STRING *os = NULL;
-    /* ASN1_BMPSTRING *bmp=NULL; */
-    int dump_indent;
-
-#if 0
-    dump_indent = indent;
-#else
-    dump_indent = 6;            /* Because we know BIO_dump_indent() */
-#endif
-
-    if (depth > ASN1_PARSE_MAXDEPTH) {
-            BIO_puts(bp, "BAD RECURSION DEPTH\n");
-            return 0;
-    }
-
-    p = *pp;
-    tot = p + length;
-    op = p - 1;
-    while ((p < tot) && (op < p)) {
-        op = p;
-        j = ASN1_get_object(&p, &len, &tag, &xclass, length);
-#ifdef LINT
-        j = j;
-#endif
-        if (j & 0x80) {
-            if (BIO_write(bp, "Error in encoding\n", 18) <= 0)
-                goto end;
-            ret = 0;
-            goto end;
-        }
-        hl = (p - op);
-        length -= hl;
-        /*
-         * if j == 0x21 it is a constructed indefinite length object
-         */
-        if (BIO_printf(bp, "%5ld:", (long)offset + (long)(op - *pp))
-            <= 0)
-            goto end;
-
-        if (j != (V_ASN1_CONSTRUCTED | 1)) {
-            if (BIO_printf(bp, "d=%-2d hl=%ld l=%4ld ",
-                           depth, (long)hl, len) <= 0)
-                goto end;
-        } else {
-            if (BIO_printf(bp, "d=%-2d hl=%ld l=inf  ", depth, (long)hl) <= 0)
-                goto end;
-        }
-        if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0))
-            goto end;
-        if (j & V_ASN1_CONSTRUCTED) {
-            ep = p + len;
-            if (BIO_write(bp, "\n", 1) <= 0)
-                goto end;
-            if (len > length) {
-                BIO_printf(bp, "length is greater than %ld\n", length);
-                ret = 0;
-                goto end;
-            }
-            if ((j == 0x21) && (len == 0)) {
-                for (;;) {
-                    r = asn1_parse2(bp, &p, (long)(tot - p),
-                                    offset + (p - *pp), depth + 1,
-                                    indent, dump);
-                    if (r == 0) {
-                        ret = 0;
-                        goto end;
-                    }
-                    if ((r == 2) || (p >= tot))
-                        break;
-                }
-            } else
-                while (p < ep) {
-                    r = asn1_parse2(bp, &p, (long)len,
-                                    offset + (p - *pp), depth + 1,
-                                    indent, dump);
-                    if (r == 0) {
-                        ret = 0;
-                        goto end;
-                    }
-                }
-        } else if (xclass != 0) {
-            p += len;
-            if (BIO_write(bp, "\n", 1) <= 0)
-                goto end;
-        } else {
-            nl = 0;
-            if ((tag == V_ASN1_PRINTABLESTRING) ||
-                (tag == V_ASN1_T61STRING) ||
-                (tag == V_ASN1_IA5STRING) ||
-                (tag == V_ASN1_VISIBLESTRING) ||
-                (tag == V_ASN1_NUMERICSTRING) ||
-                (tag == V_ASN1_UTF8STRING) ||
-                (tag == V_ASN1_UTCTIME) || (tag == V_ASN1_GENERALIZEDTIME)) {
-                if (BIO_write(bp, ":", 1) <= 0)
-                    goto end;
-                if ((len > 0) && BIO_write(bp, (const char *)p, (int)len)
-                    != (int)len)
-                    goto end;
-            } else if (tag == V_ASN1_OBJECT) {
-                opp = op;
-                if (d2i_ASN1_OBJECT(&o, &opp, len + hl) != NULL) {
-                    if (BIO_write(bp, ":", 1) <= 0)
-                        goto end;
-                    i2a_ASN1_OBJECT(bp, o);
-                } else {
-                    if (BIO_write(bp, ":BAD OBJECT", 11) <= 0)
-                        goto end;
-                }
-            } else if (tag == V_ASN1_BOOLEAN) {
-                int ii;
-
-                opp = op;
-                ii = d2i_ASN1_BOOLEAN(NULL, &opp, len + hl);
-                if (ii < 0) {
-                    if (BIO_write(bp, "Bad boolean\n", 12) <= 0)
-                        goto end;
-                }
-                BIO_printf(bp, ":%d", ii);
-            } else if (tag == V_ASN1_BMPSTRING) {
-                /* do the BMP thang */
-            } else if (tag == V_ASN1_OCTET_STRING) {
-                int i, printable = 1;
-
-                opp = op;
-                os = d2i_ASN1_OCTET_STRING(NULL, &opp, len + hl);
-                if (os != NULL && os->length > 0) {
-                    opp = os->data;
-                    /*
-                     * testing whether the octet string is printable
-                     */
-                    for (i = 0; i < os->length; i++) {
-                        if (((opp[i] < ' ') &&
-                             (opp[i] != '\n') &&
-                             (opp[i] != '\r') &&
-                             (opp[i] != '\t')) || (opp[i] > '~')) {
-                            printable = 0;
-                            break;
-                        }
-                    }
-                    if (printable)
-                        /* printable string */
-                    {
-                        if (BIO_write(bp, ":", 1) <= 0)
-                            goto end;
-                        if (BIO_write(bp, (const char *)opp, os->length) <= 0)
-                            goto end;
-                    } else if (!dump)
-                        /*
-                         * not printable => print octet string as hex dump
-                         */
-                    {
-                        if (BIO_write(bp, "[HEX DUMP]:", 11) <= 0)
-                            goto end;
-                        for (i = 0; i < os->length; i++) {
-                            if (BIO_printf(bp, "%02X", opp[i]) <= 0)
-                                goto end;
-                        }
-                    } else
-                        /* print the normal dump */
-                    {
-                        if (!nl) {
-                            if (BIO_write(bp, "\n", 1) <= 0)
-                                goto end;
-                        }
-                        if (BIO_dump_indent(bp,
-                                            (const char *)opp,
-                                            ((dump == -1 || dump >
-                                              os->
-                                              length) ? os->length : dump),
-                                            dump_indent) <= 0)
-                            goto end;
-                        nl = 1;
-                    }
-                }
-                if (os != NULL) {
-                    M_ASN1_OCTET_STRING_free(os);
-                    os = NULL;
-                }
-            } else if (tag == V_ASN1_INTEGER) {
-                ASN1_INTEGER *bs;
-                int i;
-
-                opp = op;
-                bs = d2i_ASN1_INTEGER(NULL, &opp, len + hl);
-                if (bs != NULL) {
-                    if (BIO_write(bp, ":", 1) <= 0)
-                        goto end;
-                    if (bs->type == V_ASN1_NEG_INTEGER)
-                        if (BIO_write(bp, "-", 1) <= 0)
-                            goto end;
-                    for (i = 0; i < bs->length; i++) {
-                        if (BIO_printf(bp, "%02X", bs->data[i]) <= 0)
-                            goto end;
-                    }
-                    if (bs->length == 0) {
-                        if (BIO_write(bp, "00", 2) <= 0)
-                            goto end;
-                    }
-                } else {
-                    if (BIO_write(bp, "BAD INTEGER", 11) <= 0)
-                        goto end;
-                }
-                M_ASN1_INTEGER_free(bs);
-            } else if (tag == V_ASN1_ENUMERATED) {
-                ASN1_ENUMERATED *bs;
-                int i;
-
-                opp = op;
-                bs = d2i_ASN1_ENUMERATED(NULL, &opp, len + hl);
-                if (bs != NULL) {
-                    if (BIO_write(bp, ":", 1) <= 0)
-                        goto end;
-                    if (bs->type == V_ASN1_NEG_ENUMERATED)
-                        if (BIO_write(bp, "-", 1) <= 0)
-                            goto end;
-                    for (i = 0; i < bs->length; i++) {
-                        if (BIO_printf(bp, "%02X", bs->data[i]) <= 0)
-                            goto end;
-                    }
-                    if (bs->length == 0) {
-                        if (BIO_write(bp, "00", 2) <= 0)
-                            goto end;
-                    }
-                } else {
-                    if (BIO_write(bp, "BAD ENUMERATED", 14) <= 0)
-                        goto end;
-                }
-                M_ASN1_ENUMERATED_free(bs);
-            } else if (len > 0 && dump) {
-                if (!nl) {
-                    if (BIO_write(bp, "\n", 1) <= 0)
-                        goto end;
-                }
-                if (BIO_dump_indent(bp, (const char *)p,
-                                    ((dump == -1 || dump > len) ? len : dump),
-                                    dump_indent) <= 0)
-                    goto end;
-                nl = 1;
-            }
-
-            if (!nl) {
-                if (BIO_write(bp, "\n", 1) <= 0)
-                    goto end;
-            }
-            p += len;
-            if ((tag == V_ASN1_EOC) && (xclass == 0)) {
-                ret = 2;        /* End of sequence */
-                goto end;
-            }
-        }
-        length -= len;
-    }
-    ret = 1;
- end:
-    if (o != NULL)
-        ASN1_OBJECT_free(o);
-    if (os != NULL)
-        M_ASN1_OCTET_STRING_free(os);
-    *pp = p;
-    return (ret);
-}
-
-const char *ASN1_tag2str(int tag)
-{
-    static const char *const tag2str[] = {
-        /* 0-4 */
-        "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING",
-        /* 5-9 */
-        "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL",
-        /* 10-13 */
-        "ENUMERATED", "<ASN1 11>", "UTF8STRING", "<ASN1 13>",
-        /* 15-17 */
-        "<ASN1 14>", "<ASN1 15>", "SEQUENCE", "SET",
-        /* 18-20 */
-        "NUMERICSTRING", "PRINTABLESTRING", "T61STRING",
-        /* 21-24 */
-        "VIDEOTEXSTRING", "IA5STRING", "UTCTIME", "GENERALIZEDTIME",
-        /* 25-27 */
-        "GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING",
-        /* 28-30 */
-        "UNIVERSALSTRING", "<ASN1 29>", "BMPSTRING"
-    };
-
-    if ((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED))
-        tag &= ~0x100;
-
-    if (tag < 0 || tag > 30)
-        return "(unknown)";
-    return tag2str[tag];
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/asn1/asn1_par.c (from rev 11605, vendor-crypto/openssl/dist/crypto/asn1/asn1_par.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/asn1/asn1_par.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/asn1_par.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,424 @@
+/* crypto/asn1/asn1_par.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/asn1.h>
+
+#ifndef ASN1_PARSE_MAXDEPTH
+#define ASN1_PARSE_MAXDEPTH 128
+#endif
+
+static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
+                           int indent);
+static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
+                       int offset, int depth, int indent, int dump);
+static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
+                           int indent)
+{
+    static const char fmt[] = "%-18s";
+    char str[128];
+    const char *p;
+
+    if (constructed & V_ASN1_CONSTRUCTED)
+        p = "cons: ";
+    else
+        p = "prim: ";
+    if (BIO_write(bp, p, 6) < 6)
+        goto err;
+    BIO_indent(bp, indent, 128);
+
+    p = str;
+    if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
+        BIO_snprintf(str, sizeof str, "priv [ %d ] ", tag);
+    else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
+        BIO_snprintf(str, sizeof str, "cont [ %d ]", tag);
+    else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
+        BIO_snprintf(str, sizeof str, "appl [ %d ]", tag);
+    else if (tag > 30)
+        BIO_snprintf(str, sizeof str, "<ASN1 %d>", tag);
+    else
+        p = ASN1_tag2str(tag);
+
+    if (BIO_printf(bp, fmt, p) <= 0)
+        goto err;
+    return (1);
+ err:
+    return (0);
+}
+
+int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent)
+{
+    return (asn1_parse2(bp, &pp, len, 0, 0, indent, 0));
+}
+
+int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent,
+                    int dump)
+{
+    return (asn1_parse2(bp, &pp, len, 0, 0, indent, dump));
+}
+
+static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
+                       int offset, int depth, int indent, int dump)
+{
+    const unsigned char *p, *ep, *tot, *op, *opp;
+    long len;
+    int tag, xclass, ret = 0;
+    int nl, hl, j, r;
+    ASN1_OBJECT *o = NULL;
+    ASN1_OCTET_STRING *os = NULL;
+    /* ASN1_BMPSTRING *bmp=NULL; */
+    int dump_indent;
+
+#if 0
+    dump_indent = indent;
+#else
+    dump_indent = 6;            /* Because we know BIO_dump_indent() */
+#endif
+
+    if (depth > ASN1_PARSE_MAXDEPTH) {
+            BIO_puts(bp, "BAD RECURSION DEPTH\n");
+            return 0;
+    }
+
+    p = *pp;
+    tot = p + length;
+    op = p - 1;
+    while ((p < tot) && (op < p)) {
+        op = p;
+        j = ASN1_get_object(&p, &len, &tag, &xclass, length);
+#ifdef LINT
+        j = j;
+#endif
+        if (j & 0x80) {
+            if (BIO_write(bp, "Error in encoding\n", 18) <= 0)
+                goto end;
+            ret = 0;
+            goto end;
+        }
+        hl = (p - op);
+        length -= hl;
+        /*
+         * if j == 0x21 it is a constructed indefinite length object
+         */
+        if (BIO_printf(bp, "%5ld:", (long)offset + (long)(op - *pp))
+            <= 0)
+            goto end;
+
+        if (j != (V_ASN1_CONSTRUCTED | 1)) {
+            if (BIO_printf(bp, "d=%-2d hl=%ld l=%4ld ",
+                           depth, (long)hl, len) <= 0)
+                goto end;
+        } else {
+            if (BIO_printf(bp, "d=%-2d hl=%ld l=inf  ", depth, (long)hl) <= 0)
+                goto end;
+        }
+        if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0))
+            goto end;
+        if (j & V_ASN1_CONSTRUCTED) {
+            const unsigned char *sp;
+
+            ep = p + len;
+            if (BIO_write(bp, "\n", 1) <= 0)
+                goto end;
+            if (len > length) {
+                BIO_printf(bp, "length is greater than %ld\n", length);
+                ret = 0;
+                goto end;
+            }
+            if ((j == 0x21) && (len == 0)) {
+                sp = p;
+                for (;;) {
+                    r = asn1_parse2(bp, &p, (long)(tot - p),
+                                    offset + (p - *pp), depth + 1,
+                                    indent, dump);
+                    if (r == 0) {
+                        ret = 0;
+                        goto end;
+                    }
+                    if ((r == 2) || (p >= tot)) {
+                        len = p - sp;
+                        break;
+                    }
+                }
+            } else {
+                long tmp = len;
+
+                while (p < ep) {
+                    sp = p;
+                    r = asn1_parse2(bp, &p, tmp, offset + (p - *pp), depth + 1,
+                                    indent, dump);
+                    if (r == 0) {
+                        ret = 0;
+                        goto end;
+                    }
+                    tmp -= p - sp;
+                }
+            }
+        } else if (xclass != 0) {
+            p += len;
+            if (BIO_write(bp, "\n", 1) <= 0)
+                goto end;
+        } else {
+            nl = 0;
+            if ((tag == V_ASN1_PRINTABLESTRING) ||
+                (tag == V_ASN1_T61STRING) ||
+                (tag == V_ASN1_IA5STRING) ||
+                (tag == V_ASN1_VISIBLESTRING) ||
+                (tag == V_ASN1_NUMERICSTRING) ||
+                (tag == V_ASN1_UTF8STRING) ||
+                (tag == V_ASN1_UTCTIME) || (tag == V_ASN1_GENERALIZEDTIME)) {
+                if (BIO_write(bp, ":", 1) <= 0)
+                    goto end;
+                if ((len > 0) && BIO_write(bp, (const char *)p, (int)len)
+                    != (int)len)
+                    goto end;
+            } else if (tag == V_ASN1_OBJECT) {
+                opp = op;
+                if (d2i_ASN1_OBJECT(&o, &opp, len + hl) != NULL) {
+                    if (BIO_write(bp, ":", 1) <= 0)
+                        goto end;
+                    i2a_ASN1_OBJECT(bp, o);
+                } else {
+                    if (BIO_write(bp, ":BAD OBJECT", 11) <= 0)
+                        goto end;
+                }
+            } else if (tag == V_ASN1_BOOLEAN) {
+                int ii;
+
+                opp = op;
+                ii = d2i_ASN1_BOOLEAN(NULL, &opp, len + hl);
+                if (ii < 0) {
+                    if (BIO_write(bp, "Bad boolean\n", 12) <= 0)
+                        goto end;
+                }
+                BIO_printf(bp, ":%d", ii);
+            } else if (tag == V_ASN1_BMPSTRING) {
+                /* do the BMP thang */
+            } else if (tag == V_ASN1_OCTET_STRING) {
+                int i, printable = 1;
+
+                opp = op;
+                os = d2i_ASN1_OCTET_STRING(NULL, &opp, len + hl);
+                if (os != NULL && os->length > 0) {
+                    opp = os->data;
+                    /*
+                     * testing whether the octet string is printable
+                     */
+                    for (i = 0; i < os->length; i++) {
+                        if (((opp[i] < ' ') &&
+                             (opp[i] != '\n') &&
+                             (opp[i] != '\r') &&
+                             (opp[i] != '\t')) || (opp[i] > '~')) {
+                            printable = 0;
+                            break;
+                        }
+                    }
+                    if (printable)
+                        /* printable string */
+                    {
+                        if (BIO_write(bp, ":", 1) <= 0)
+                            goto end;
+                        if (BIO_write(bp, (const char *)opp, os->length) <= 0)
+                            goto end;
+                    } else if (!dump)
+                        /*
+                         * not printable => print octet string as hex dump
+                         */
+                    {
+                        if (BIO_write(bp, "[HEX DUMP]:", 11) <= 0)
+                            goto end;
+                        for (i = 0; i < os->length; i++) {
+                            if (BIO_printf(bp, "%02X", opp[i]) <= 0)
+                                goto end;
+                        }
+                    } else
+                        /* print the normal dump */
+                    {
+                        if (!nl) {
+                            if (BIO_write(bp, "\n", 1) <= 0)
+                                goto end;
+                        }
+                        if (BIO_dump_indent(bp,
+                                            (const char *)opp,
+                                            ((dump == -1 || dump >
+                                              os->
+                                              length) ? os->length : dump),
+                                            dump_indent) <= 0)
+                            goto end;
+                        nl = 1;
+                    }
+                }
+                if (os != NULL) {
+                    M_ASN1_OCTET_STRING_free(os);
+                    os = NULL;
+                }
+            } else if (tag == V_ASN1_INTEGER) {
+                ASN1_INTEGER *bs;
+                int i;
+
+                opp = op;
+                bs = d2i_ASN1_INTEGER(NULL, &opp, len + hl);
+                if (bs != NULL) {
+                    if (BIO_write(bp, ":", 1) <= 0)
+                        goto end;
+                    if (bs->type == V_ASN1_NEG_INTEGER)
+                        if (BIO_write(bp, "-", 1) <= 0)
+                            goto end;
+                    for (i = 0; i < bs->length; i++) {
+                        if (BIO_printf(bp, "%02X", bs->data[i]) <= 0)
+                            goto end;
+                    }
+                    if (bs->length == 0) {
+                        if (BIO_write(bp, "00", 2) <= 0)
+                            goto end;
+                    }
+                } else {
+                    if (BIO_write(bp, "BAD INTEGER", 11) <= 0)
+                        goto end;
+                }
+                M_ASN1_INTEGER_free(bs);
+            } else if (tag == V_ASN1_ENUMERATED) {
+                ASN1_ENUMERATED *bs;
+                int i;
+
+                opp = op;
+                bs = d2i_ASN1_ENUMERATED(NULL, &opp, len + hl);
+                if (bs != NULL) {
+                    if (BIO_write(bp, ":", 1) <= 0)
+                        goto end;
+                    if (bs->type == V_ASN1_NEG_ENUMERATED)
+                        if (BIO_write(bp, "-", 1) <= 0)
+                            goto end;
+                    for (i = 0; i < bs->length; i++) {
+                        if (BIO_printf(bp, "%02X", bs->data[i]) <= 0)
+                            goto end;
+                    }
+                    if (bs->length == 0) {
+                        if (BIO_write(bp, "00", 2) <= 0)
+                            goto end;
+                    }
+                } else {
+                    if (BIO_write(bp, "BAD ENUMERATED", 14) <= 0)
+                        goto end;
+                }
+                M_ASN1_ENUMERATED_free(bs);
+            } else if (len > 0 && dump) {
+                if (!nl) {
+                    if (BIO_write(bp, "\n", 1) <= 0)
+                        goto end;
+                }
+                if (BIO_dump_indent(bp, (const char *)p,
+                                    ((dump == -1 || dump > len) ? len : dump),
+                                    dump_indent) <= 0)
+                    goto end;
+                nl = 1;
+            }
+
+            if (!nl) {
+                if (BIO_write(bp, "\n", 1) <= 0)
+                    goto end;
+            }
+            p += len;
+            if ((tag == V_ASN1_EOC) && (xclass == 0)) {
+                ret = 2;        /* End of sequence */
+                goto end;
+            }
+        }
+        length -= len;
+    }
+    ret = 1;
+ end:
+    if (o != NULL)
+        ASN1_OBJECT_free(o);
+    if (os != NULL)
+        M_ASN1_OCTET_STRING_free(os);
+    *pp = p;
+    return (ret);
+}
+
+const char *ASN1_tag2str(int tag)
+{
+    static const char *const tag2str[] = {
+        /* 0-4 */
+        "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING",
+        /* 5-9 */
+        "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL",
+        /* 10-13 */
+        "ENUMERATED", "<ASN1 11>", "UTF8STRING", "<ASN1 13>",
+        /* 15-17 */
+        "<ASN1 14>", "<ASN1 15>", "SEQUENCE", "SET",
+        /* 18-20 */
+        "NUMERICSTRING", "PRINTABLESTRING", "T61STRING",
+        /* 21-24 */
+        "VIDEOTEXSTRING", "IA5STRING", "UTCTIME", "GENERALIZEDTIME",
+        /* 25-27 */
+        "GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING",
+        /* 28-30 */
+        "UNIVERSALSTRING", "<ASN1 29>", "BMPSTRING"
+    };
+
+    if ((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED))
+        tag &= ~0x100;
+
+    if (tag < 0 || tag > 30)
+        return "(unknown)";
+    return tag2str[tag];
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/asn1/asn_mime.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/asn_mime.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/asn_mime.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,974 +0,0 @@
-/* asn_mime.c */
-/*
- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include "asn1_locl.h"
-
-/*
- * Generalised MIME like utilities for streaming ASN1. Although many have a
- * PKCS7/CMS like flavour others are more general purpose.
- */
-
-/*
- * MIME format structures Note that all are translated to lower case apart
- * from parameter values. Quotes are stripped off
- */
-
-typedef struct {
-    char *param_name;           /* Param name e.g. "micalg" */
-    char *param_value;          /* Param value e.g. "sha1" */
-} MIME_PARAM;
-
-DECLARE_STACK_OF(MIME_PARAM)
-IMPLEMENT_STACK_OF(MIME_PARAM)
-
-typedef struct {
-    char *name;                 /* Name of line e.g. "content-type" */
-    char *value;                /* Value of line e.g. "text/plain" */
-    STACK_OF(MIME_PARAM) *params; /* Zero or more parameters */
-} MIME_HEADER;
-
-DECLARE_STACK_OF(MIME_HEADER)
-IMPLEMENT_STACK_OF(MIME_HEADER)
-
-static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
-                            const ASN1_ITEM *it);
-static char *strip_ends(char *name);
-static char *strip_start(char *name);
-static char *strip_end(char *name);
-static MIME_HEADER *mime_hdr_new(char *name, char *value);
-static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value);
-static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio);
-static int mime_hdr_cmp(const MIME_HEADER *const *a,
-                        const MIME_HEADER *const *b);
-static int mime_param_cmp(const MIME_PARAM *const *a,
-                          const MIME_PARAM *const *b);
-static void mime_param_free(MIME_PARAM *param);
-static int mime_bound_check(char *line, int linelen, char *bound, int blen);
-static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret);
-static int strip_eol(char *linebuf, int *plen);
-static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name);
-static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
-static void mime_hdr_free(MIME_HEADER *hdr);
-
-#define MAX_SMLEN 1024
-#define mime_debug(x)           /* x */
-
-/* Output an ASN1 structure in BER format streaming if necessary */
-
-int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
-                        const ASN1_ITEM *it)
-{
-    /* If streaming create stream BIO and copy all content through it */
-    if (flags & SMIME_STREAM) {
-        BIO *bio, *tbio;
-        bio = BIO_new_NDEF(out, val, it);
-        if (!bio) {
-            ASN1err(ASN1_F_I2D_ASN1_BIO_STREAM, ERR_R_MALLOC_FAILURE);
-            return 0;
-        }
-        SMIME_crlf_copy(in, bio, flags);
-        (void)BIO_flush(bio);
-        /* Free up successive BIOs until we hit the old output BIO */
-        do {
-            tbio = BIO_pop(bio);
-            BIO_free(bio);
-            bio = tbio;
-        } while (bio != out);
-    }
-    /*
-     * else just write out ASN1 structure which will have all content stored
-     * internally
-     */
-    else
-        ASN1_item_i2d_bio(it, out, val);
-    return 1;
-}
-
-/* Base 64 read and write of ASN1 structure */
-
-static int B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
-                          const ASN1_ITEM *it)
-{
-    BIO *b64;
-    int r;
-    b64 = BIO_new(BIO_f_base64());
-    if (!b64) {
-        ASN1err(ASN1_F_B64_WRITE_ASN1, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-    /*
-     * prepend the b64 BIO so all data is base64 encoded.
-     */
-    out = BIO_push(b64, out);
-    r = i2d_ASN1_bio_stream(out, val, in, flags, it);
-    (void)BIO_flush(out);
-    BIO_pop(out);
-    BIO_free(b64);
-    return r;
-}
-
-/* Streaming ASN1 PEM write */
-
-int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
-                              const char *hdr, const ASN1_ITEM *it)
-{
-    int r;
-    BIO_printf(out, "-----BEGIN %s-----\n", hdr);
-    r = B64_write_ASN1(out, val, in, flags, it);
-    BIO_printf(out, "-----END %s-----\n", hdr);
-    return r;
-}
-
-static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it)
-{
-    BIO *b64;
-    ASN1_VALUE *val;
-    if (!(b64 = BIO_new(BIO_f_base64()))) {
-        ASN1err(ASN1_F_B64_READ_ASN1, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-    bio = BIO_push(b64, bio);
-    val = ASN1_item_d2i_bio(it, bio, NULL);
-    if (!val)
-        ASN1err(ASN1_F_B64_READ_ASN1, ASN1_R_DECODE_ERROR);
-    (void)BIO_flush(bio);
-    bio = BIO_pop(bio);
-    BIO_free(b64);
-    return val;
-}
-
-/* Generate the MIME "micalg" parameter from RFC3851, RFC4490 */
-
-static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
-{
-    const EVP_MD *md;
-    int i, have_unknown = 0, write_comma, ret = 0, md_nid;
-    have_unknown = 0;
-    write_comma = 0;
-    for (i = 0; i < sk_X509_ALGOR_num(mdalgs); i++) {
-        if (write_comma)
-            BIO_write(out, ",", 1);
-        write_comma = 1;
-        md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm);
-        md = EVP_get_digestbynid(md_nid);
-        if (md && md->md_ctrl) {
-            int rv;
-            char *micstr;
-            rv = md->md_ctrl(NULL, EVP_MD_CTRL_MICALG, 0, &micstr);
-            if (rv > 0) {
-                BIO_puts(out, micstr);
-                OPENSSL_free(micstr);
-                continue;
-            }
-            if (rv != -2)
-                goto err;
-        }
-        switch (md_nid) {
-        case NID_sha1:
-            BIO_puts(out, "sha1");
-            break;
-
-        case NID_md5:
-            BIO_puts(out, "md5");
-            break;
-
-        case NID_sha256:
-            BIO_puts(out, "sha-256");
-            break;
-
-        case NID_sha384:
-            BIO_puts(out, "sha-384");
-            break;
-
-        case NID_sha512:
-            BIO_puts(out, "sha-512");
-            break;
-
-        case NID_id_GostR3411_94:
-            BIO_puts(out, "gostr3411-94");
-            goto err;
-            break;
-
-        default:
-            if (have_unknown)
-                write_comma = 0;
-            else {
-                BIO_puts(out, "unknown");
-                have_unknown = 1;
-            }
-            break;
-
-        }
-    }
-
-    ret = 1;
- err:
-
-    return ret;
-
-}
-
-/* SMIME sender */
-
-int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
-                     int ctype_nid, int econt_nid,
-                     STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it)
-{
-    char bound[33], c;
-    int i;
-    const char *mime_prefix, *mime_eol, *cname = "smime.p7m";
-    const char *msg_type = NULL;
-    if (flags & SMIME_OLDMIME)
-        mime_prefix = "application/x-pkcs7-";
-    else
-        mime_prefix = "application/pkcs7-";
-
-    if (flags & SMIME_CRLFEOL)
-        mime_eol = "\r\n";
-    else
-        mime_eol = "\n";
-    if ((flags & SMIME_DETACHED) && data) {
-        /* We want multipart/signed */
-        /* Generate a random boundary */
-        if (RAND_pseudo_bytes((unsigned char *)bound, 32) < 0)
-            return 0;
-        for (i = 0; i < 32; i++) {
-            c = bound[i] & 0xf;
-            if (c < 10)
-                c += '0';
-            else
-                c += 'A' - 10;
-            bound[i] = c;
-        }
-        bound[32] = 0;
-        BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
-        BIO_printf(bio, "Content-Type: multipart/signed;");
-        BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);
-        BIO_puts(bio, " micalg=\"");
-        asn1_write_micalg(bio, mdalgs);
-        BIO_printf(bio, "\"; boundary=\"----%s\"%s%s",
-                   bound, mime_eol, mime_eol);
-        BIO_printf(bio, "This is an S/MIME signed message%s%s",
-                   mime_eol, mime_eol);
-        /* Now write out the first part */
-        BIO_printf(bio, "------%s%s", bound, mime_eol);
-        if (!asn1_output_data(bio, data, val, flags, it))
-            return 0;
-        BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);
-
-        /* Headers for signature */
-
-        BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix);
-        BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol);
-        BIO_printf(bio, "Content-Transfer-Encoding: base64%s", mime_eol);
-        BIO_printf(bio, "Content-Disposition: attachment;");
-        BIO_printf(bio, " filename=\"smime.p7s\"%s%s", mime_eol, mime_eol);
-        B64_write_ASN1(bio, val, NULL, 0, it);
-        BIO_printf(bio, "%s------%s--%s%s", mime_eol, bound,
-                   mime_eol, mime_eol);
-        return 1;
-    }
-
-    /* Determine smime-type header */
-
-    if (ctype_nid == NID_pkcs7_enveloped)
-        msg_type = "enveloped-data";
-    else if (ctype_nid == NID_pkcs7_signed) {
-        if (econt_nid == NID_id_smime_ct_receipt)
-            msg_type = "signed-receipt";
-        else if (sk_X509_ALGOR_num(mdalgs) >= 0)
-            msg_type = "signed-data";
-        else
-            msg_type = "certs-only";
-    } else if (ctype_nid == NID_id_smime_ct_compressedData) {
-        msg_type = "compressed-data";
-        cname = "smime.p7z";
-    }
-    /* MIME headers */
-    BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
-    BIO_printf(bio, "Content-Disposition: attachment;");
-    BIO_printf(bio, " filename=\"%s\"%s", cname, mime_eol);
-    BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
-    if (msg_type)
-        BIO_printf(bio, " smime-type=%s;", msg_type);
-    BIO_printf(bio, " name=\"%s\"%s", cname, mime_eol);
-    BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
-               mime_eol, mime_eol);
-    if (!B64_write_ASN1(bio, val, data, flags, it))
-        return 0;
-    BIO_printf(bio, "%s", mime_eol);
-    return 1;
-}
-
-/* Handle output of ASN1 data */
-
-static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
-                            const ASN1_ITEM *it)
-{
-    BIO *tmpbio;
-    const ASN1_AUX *aux = it->funcs;
-    ASN1_STREAM_ARG sarg;
-    int rv = 1;
-
-    /*
-     * If data is not deteched or resigning then the output BIO is already
-     * set up to finalise when it is written through.
-     */
-    if (!(flags & SMIME_DETACHED) || (flags & PKCS7_REUSE_DIGEST)) {
-        SMIME_crlf_copy(data, out, flags);
-        return 1;
-    }
-
-    if (!aux || !aux->asn1_cb) {
-        ASN1err(ASN1_F_ASN1_OUTPUT_DATA, ASN1_R_STREAMING_NOT_SUPPORTED);
-        return 0;
-    }
-
-    sarg.out = out;
-    sarg.ndef_bio = NULL;
-    sarg.boundary = NULL;
-
-    /* Let ASN1 code prepend any needed BIOs */
-
-    if (aux->asn1_cb(ASN1_OP_DETACHED_PRE, &val, it, &sarg) <= 0)
-        return 0;
-
-    /* Copy data across, passing through filter BIOs for processing */
-    SMIME_crlf_copy(data, sarg.ndef_bio, flags);
-
-    /* Finalize structure */
-    if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0)
-        rv = 0;
-
-    /* Now remove any digests prepended to the BIO */
-
-    while (sarg.ndef_bio != out) {
-        tmpbio = BIO_pop(sarg.ndef_bio);
-        BIO_free(sarg.ndef_bio);
-        sarg.ndef_bio = tmpbio;
-    }
-
-    return rv;
-
-}
-
-/*
- * SMIME reader: handle multipart/signed and opaque signing. in multipart
- * case the content is placed in a memory BIO pointed to by "bcont". In
- * opaque this is set to NULL
- */
-
-ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
-{
-    BIO *asnin;
-    STACK_OF(MIME_HEADER) *headers = NULL;
-    STACK_OF(BIO) *parts = NULL;
-    MIME_HEADER *hdr;
-    MIME_PARAM *prm;
-    ASN1_VALUE *val;
-    int ret;
-
-    if (bcont)
-        *bcont = NULL;
-
-    if (!(headers = mime_parse_hdr(bio))) {
-        ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_MIME_PARSE_ERROR);
-        return NULL;
-    }
-
-    if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
-        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-        ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_CONTENT_TYPE);
-        return NULL;
-    }
-
-    /* Handle multipart/signed */
-
-    if (!strcmp(hdr->value, "multipart/signed")) {
-        /* Split into two parts */
-        prm = mime_param_find(hdr, "boundary");
-        if (!prm || !prm->param_value) {
-            sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-            ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BOUNDARY);
-            return NULL;
-        }
-        ret = multi_split(bio, prm->param_value, &parts);
-        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-        if (!ret || (sk_BIO_num(parts) != 2)) {
-            ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BODY_FAILURE);
-            sk_BIO_pop_free(parts, BIO_vfree);
-            return NULL;
-        }
-
-        /* Parse the signature piece */
-        asnin = sk_BIO_value(parts, 1);
-
-        if (!(headers = mime_parse_hdr(asnin))) {
-            ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_MIME_SIG_PARSE_ERROR);
-            sk_BIO_pop_free(parts, BIO_vfree);
-            return NULL;
-        }
-
-        /* Get content type */
-
-        if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
-            sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-            ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE);
-            return NULL;
-        }
-
-        if (strcmp(hdr->value, "application/x-pkcs7-signature") &&
-            strcmp(hdr->value, "application/pkcs7-signature")) {
-            ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_SIG_INVALID_MIME_TYPE);
-            ERR_add_error_data(2, "type: ", hdr->value);
-            sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-            sk_BIO_pop_free(parts, BIO_vfree);
-            return NULL;
-        }
-        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-        /* Read in ASN1 */
-        if (!(val = b64_read_asn1(asnin, it))) {
-            ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_SIG_PARSE_ERROR);
-            sk_BIO_pop_free(parts, BIO_vfree);
-            return NULL;
-        }
-
-        if (bcont) {
-            *bcont = sk_BIO_value(parts, 0);
-            BIO_free(asnin);
-            sk_BIO_free(parts);
-        } else
-            sk_BIO_pop_free(parts, BIO_vfree);
-        return val;
-    }
-
-    /* OK, if not multipart/signed try opaque signature */
-
-    if (strcmp(hdr->value, "application/x-pkcs7-mime") &&
-        strcmp(hdr->value, "application/pkcs7-mime")) {
-        ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_INVALID_MIME_TYPE);
-        ERR_add_error_data(2, "type: ", hdr->value);
-        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-        return NULL;
-    }
-
-    sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-
-    if (!(val = b64_read_asn1(bio, it))) {
-        ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_PARSE_ERROR);
-        return NULL;
-    }
-    return val;
-
-}
-
-/* Copy text from one BIO to another making the output CRLF at EOL */
-int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
-{
-    BIO *bf;
-    char eol;
-    int len;
-    char linebuf[MAX_SMLEN];
-    /*
-     * Buffer output so we don't write one line at a time. This is useful
-     * when streaming as we don't end up with one OCTET STRING per line.
-     */
-    bf = BIO_new(BIO_f_buffer());
-    if (!bf)
-        return 0;
-    out = BIO_push(bf, out);
-    if (flags & SMIME_BINARY) {
-        while ((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0)
-            BIO_write(out, linebuf, len);
-    } else {
-        if (flags & SMIME_TEXT)
-            BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
-        while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) {
-            eol = strip_eol(linebuf, &len);
-            if (len)
-                BIO_write(out, linebuf, len);
-            if (eol)
-                BIO_write(out, "\r\n", 2);
-        }
-    }
-    (void)BIO_flush(out);
-    BIO_pop(out);
-    BIO_free(bf);
-    return 1;
-}
-
-/* Strip off headers if they are text/plain */
-int SMIME_text(BIO *in, BIO *out)
-{
-    char iobuf[4096];
-    int len;
-    STACK_OF(MIME_HEADER) *headers;
-    MIME_HEADER *hdr;
-
-    if (!(headers = mime_parse_hdr(in))) {
-        ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_MIME_PARSE_ERROR);
-        return 0;
-    }
-    if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
-        ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_MIME_NO_CONTENT_TYPE);
-        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-        return 0;
-    }
-    if (strcmp(hdr->value, "text/plain")) {
-        ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_INVALID_MIME_TYPE);
-        ERR_add_error_data(2, "type: ", hdr->value);
-        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-        return 0;
-    }
-    sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-    while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
-        BIO_write(out, iobuf, len);
-    if (len < 0)
-        return 0;
-    return 1;
-}
-
-/*
- * Split a multipart/XXX message body into component parts: result is
- * canonical parts in a STACK of bios
- */
-
-static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
-{
-    char linebuf[MAX_SMLEN];
-    int len, blen;
-    int eol = 0, next_eol = 0;
-    BIO *bpart = NULL;
-    STACK_OF(BIO) *parts;
-    char state, part, first;
-
-    blen = strlen(bound);
-    part = 0;
-    state = 0;
-    first = 1;
-    parts = sk_BIO_new_null();
-    *ret = parts;
-    while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
-        state = mime_bound_check(linebuf, len, bound, blen);
-        if (state == 1) {
-            first = 1;
-            part++;
-        } else if (state == 2) {
-            sk_BIO_push(parts, bpart);
-            return 1;
-        } else if (part) {
-            /* Strip CR+LF from linebuf */
-            next_eol = strip_eol(linebuf, &len);
-            if (first) {
-                first = 0;
-                if (bpart)
-                    sk_BIO_push(parts, bpart);
-                bpart = BIO_new(BIO_s_mem());
-                BIO_set_mem_eof_return(bpart, 0);
-            } else if (eol)
-                BIO_write(bpart, "\r\n", 2);
-            eol = next_eol;
-            if (len)
-                BIO_write(bpart, linebuf, len);
-        }
-    }
-    return 0;
-}
-
-/* This is the big one: parse MIME header lines up to message body */
-
-#define MIME_INVALID    0
-#define MIME_START      1
-#define MIME_TYPE       2
-#define MIME_NAME       3
-#define MIME_VALUE      4
-#define MIME_QUOTE      5
-#define MIME_COMMENT    6
-
-static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
-{
-    char *p, *q, c;
-    char *ntmp;
-    char linebuf[MAX_SMLEN];
-    MIME_HEADER *mhdr = NULL;
-    STACK_OF(MIME_HEADER) *headers;
-    int len, state, save_state = 0;
-
-    headers = sk_MIME_HEADER_new(mime_hdr_cmp);
-    if (!headers)
-        return NULL;
-    while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
-        /* If whitespace at line start then continuation line */
-        if (mhdr && isspace((unsigned char)linebuf[0]))
-            state = MIME_NAME;
-        else
-            state = MIME_START;
-        ntmp = NULL;
-        /* Go through all characters */
-        for (p = linebuf, q = linebuf; (c = *p) && (c != '\r') && (c != '\n');
-             p++) {
-
-            /*
-             * State machine to handle MIME headers if this looks horrible
-             * that's because it *is*
-             */
-
-            switch (state) {
-            case MIME_START:
-                if (c == ':') {
-                    state = MIME_TYPE;
-                    *p = 0;
-                    ntmp = strip_ends(q);
-                    q = p + 1;
-                }
-                break;
-
-            case MIME_TYPE:
-                if (c == ';') {
-                    mime_debug("Found End Value\n");
-                    *p = 0;
-                    mhdr = mime_hdr_new(ntmp, strip_ends(q));
-                    sk_MIME_HEADER_push(headers, mhdr);
-                    ntmp = NULL;
-                    q = p + 1;
-                    state = MIME_NAME;
-                } else if (c == '(') {
-                    save_state = state;
-                    state = MIME_COMMENT;
-                }
-                break;
-
-            case MIME_COMMENT:
-                if (c == ')') {
-                    state = save_state;
-                }
-                break;
-
-            case MIME_NAME:
-                if (c == '=') {
-                    state = MIME_VALUE;
-                    *p = 0;
-                    ntmp = strip_ends(q);
-                    q = p + 1;
-                }
-                break;
-
-            case MIME_VALUE:
-                if (c == ';') {
-                    state = MIME_NAME;
-                    *p = 0;
-                    mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
-                    ntmp = NULL;
-                    q = p + 1;
-                } else if (c == '"') {
-                    mime_debug("Found Quote\n");
-                    state = MIME_QUOTE;
-                } else if (c == '(') {
-                    save_state = state;
-                    state = MIME_COMMENT;
-                }
-                break;
-
-            case MIME_QUOTE:
-                if (c == '"') {
-                    mime_debug("Found Match Quote\n");
-                    state = MIME_VALUE;
-                }
-                break;
-            }
-        }
-
-        if (state == MIME_TYPE) {
-            mhdr = mime_hdr_new(ntmp, strip_ends(q));
-            sk_MIME_HEADER_push(headers, mhdr);
-        } else if (state == MIME_VALUE)
-            mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
-        if (p == linebuf)
-            break;              /* Blank line means end of headers */
-    }
-
-    return headers;
-
-}
-
-static char *strip_ends(char *name)
-{
-    return strip_end(strip_start(name));
-}
-
-/* Strip a parameter of whitespace from start of param */
-static char *strip_start(char *name)
-{
-    char *p, c;
-    /* Look for first non white space or quote */
-    for (p = name; (c = *p); p++) {
-        if (c == '"') {
-            /* Next char is start of string if non null */
-            if (p[1])
-                return p + 1;
-            /* Else null string */
-            return NULL;
-        }
-        if (!isspace((unsigned char)c))
-            return p;
-    }
-    return NULL;
-}
-
-/* As above but strip from end of string : maybe should handle brackets? */
-static char *strip_end(char *name)
-{
-    char *p, c;
-    if (!name)
-        return NULL;
-    /* Look for first non white space or quote */
-    for (p = name + strlen(name) - 1; p >= name; p--) {
-        c = *p;
-        if (c == '"') {
-            if (p - 1 == name)
-                return NULL;
-            *p = 0;
-            return name;
-        }
-        if (isspace((unsigned char)c))
-            *p = 0;
-        else
-            return name;
-    }
-    return NULL;
-}
-
-static MIME_HEADER *mime_hdr_new(char *name, char *value)
-{
-    MIME_HEADER *mhdr;
-    char *tmpname, *tmpval, *p;
-    int c;
-    if (name) {
-        if (!(tmpname = BUF_strdup(name)))
-            return NULL;
-        for (p = tmpname; *p; p++) {
-            c = (unsigned char)*p;
-            if (isupper(c)) {
-                c = tolower(c);
-                *p = c;
-            }
-        }
-    } else
-        tmpname = NULL;
-    if (value) {
-        if (!(tmpval = BUF_strdup(value)))
-            return NULL;
-        for (p = tmpval; *p; p++) {
-            c = (unsigned char)*p;
-            if (isupper(c)) {
-                c = tolower(c);
-                *p = c;
-            }
-        }
-    } else
-        tmpval = NULL;
-    mhdr = (MIME_HEADER *)OPENSSL_malloc(sizeof(MIME_HEADER));
-    if (!mhdr)
-        return NULL;
-    mhdr->name = tmpname;
-    mhdr->value = tmpval;
-    if (!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp)))
-        return NULL;
-    return mhdr;
-}
-
-static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
-{
-    char *tmpname, *tmpval, *p;
-    int c;
-    MIME_PARAM *mparam;
-    if (name) {
-        tmpname = BUF_strdup(name);
-        if (!tmpname)
-            return 0;
-        for (p = tmpname; *p; p++) {
-            c = (unsigned char)*p;
-            if (isupper(c)) {
-                c = tolower(c);
-                *p = c;
-            }
-        }
-    } else
-        tmpname = NULL;
-    if (value) {
-        tmpval = BUF_strdup(value);
-        if (!tmpval)
-            return 0;
-    } else
-        tmpval = NULL;
-    /* Parameter values are case sensitive so leave as is */
-    mparam = (MIME_PARAM *)OPENSSL_malloc(sizeof(MIME_PARAM));
-    if (!mparam)
-        return 0;
-    mparam->param_name = tmpname;
-    mparam->param_value = tmpval;
-    sk_MIME_PARAM_push(mhdr->params, mparam);
-    return 1;
-}
-
-static int mime_hdr_cmp(const MIME_HEADER *const *a,
-                        const MIME_HEADER *const *b)
-{
-    if (!(*a)->name || !(*b)->name)
-        return ! !(*a)->name - ! !(*b)->name;
-
-    return (strcmp((*a)->name, (*b)->name));
-}
-
-static int mime_param_cmp(const MIME_PARAM *const *a,
-                          const MIME_PARAM *const *b)
-{
-    if (!(*a)->param_name || !(*b)->param_name)
-        return ! !(*a)->param_name - ! !(*b)->param_name;
-    return (strcmp((*a)->param_name, (*b)->param_name));
-}
-
-/* Find a header with a given name (if possible) */
-
-static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name)
-{
-    MIME_HEADER htmp;
-    int idx;
-    htmp.name = name;
-    idx = sk_MIME_HEADER_find(hdrs, &htmp);
-    if (idx < 0)
-        return NULL;
-    return sk_MIME_HEADER_value(hdrs, idx);
-}
-
-static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name)
-{
-    MIME_PARAM param;
-    int idx;
-    param.param_name = name;
-    idx = sk_MIME_PARAM_find(hdr->params, &param);
-    if (idx < 0)
-        return NULL;
-    return sk_MIME_PARAM_value(hdr->params, idx);
-}
-
-static void mime_hdr_free(MIME_HEADER *hdr)
-{
-    if (hdr->name)
-        OPENSSL_free(hdr->name);
-    if (hdr->value)
-        OPENSSL_free(hdr->value);
-    if (hdr->params)
-        sk_MIME_PARAM_pop_free(hdr->params, mime_param_free);
-    OPENSSL_free(hdr);
-}
-
-static void mime_param_free(MIME_PARAM *param)
-{
-    if (param->param_name)
-        OPENSSL_free(param->param_name);
-    if (param->param_value)
-        OPENSSL_free(param->param_value);
-    OPENSSL_free(param);
-}
-
-/*-
- * Check for a multipart boundary. Returns:
- * 0 : no boundary
- * 1 : part boundary
- * 2 : final boundary
- */
-static int mime_bound_check(char *line, int linelen, char *bound, int blen)
-{
-    if (linelen == -1)
-        linelen = strlen(line);
-    if (blen == -1)
-        blen = strlen(bound);
-    /* Quickly eliminate if line length too short */
-    if (blen + 2 > linelen)
-        return 0;
-    /* Check for part boundary */
-    if (!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) {
-        if (!strncmp(line + blen + 2, "--", 2))
-            return 2;
-        else
-            return 1;
-    }
-    return 0;
-}
-
-static int strip_eol(char *linebuf, int *plen)
-{
-    int len = *plen;
-    char *p, c;
-    int is_eol = 0;
-    p = linebuf + len - 1;
-    for (p = linebuf + len - 1; len > 0; len--, p--) {
-        c = *p;
-        if (c == '\n')
-            is_eol = 1;
-        else if (c != '\r')
-            break;
-    }
-    *plen = len;
-    return is_eol;
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/asn1/asn_mime.c (from rev 11605, vendor-crypto/openssl/dist/crypto/asn1/asn_mime.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/asn1/asn_mime.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/asn_mime.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,974 @@
+/* asn_mime.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include "asn1_locl.h"
+
+/*
+ * Generalised MIME like utilities for streaming ASN1. Although many have a
+ * PKCS7/CMS like flavour others are more general purpose.
+ */
+
+/*
+ * MIME format structures Note that all are translated to lower case apart
+ * from parameter values. Quotes are stripped off
+ */
+
+typedef struct {
+    char *param_name;           /* Param name e.g. "micalg" */
+    char *param_value;          /* Param value e.g. "sha1" */
+} MIME_PARAM;
+
+DECLARE_STACK_OF(MIME_PARAM)
+IMPLEMENT_STACK_OF(MIME_PARAM)
+
+typedef struct {
+    char *name;                 /* Name of line e.g. "content-type" */
+    char *value;                /* Value of line e.g. "text/plain" */
+    STACK_OF(MIME_PARAM) *params; /* Zero or more parameters */
+} MIME_HEADER;
+
+DECLARE_STACK_OF(MIME_HEADER)
+IMPLEMENT_STACK_OF(MIME_HEADER)
+
+static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
+                            const ASN1_ITEM *it);
+static char *strip_ends(char *name);
+static char *strip_start(char *name);
+static char *strip_end(char *name);
+static MIME_HEADER *mime_hdr_new(char *name, char *value);
+static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value);
+static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio);
+static int mime_hdr_cmp(const MIME_HEADER *const *a,
+                        const MIME_HEADER *const *b);
+static int mime_param_cmp(const MIME_PARAM *const *a,
+                          const MIME_PARAM *const *b);
+static void mime_param_free(MIME_PARAM *param);
+static int mime_bound_check(char *line, int linelen, char *bound, int blen);
+static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret);
+static int strip_eol(char *linebuf, int *plen);
+static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name);
+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
+static void mime_hdr_free(MIME_HEADER *hdr);
+
+#define MAX_SMLEN 1024
+#define mime_debug(x)           /* x */
+
+/* Output an ASN1 structure in BER format streaming if necessary */
+
+int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                        const ASN1_ITEM *it)
+{
+    /* If streaming create stream BIO and copy all content through it */
+    if (flags & SMIME_STREAM) {
+        BIO *bio, *tbio;
+        bio = BIO_new_NDEF(out, val, it);
+        if (!bio) {
+            ASN1err(ASN1_F_I2D_ASN1_BIO_STREAM, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        SMIME_crlf_copy(in, bio, flags);
+        (void)BIO_flush(bio);
+        /* Free up successive BIOs until we hit the old output BIO */
+        do {
+            tbio = BIO_pop(bio);
+            BIO_free(bio);
+            bio = tbio;
+        } while (bio != out);
+    }
+    /*
+     * else just write out ASN1 structure which will have all content stored
+     * internally
+     */
+    else
+        ASN1_item_i2d_bio(it, out, val);
+    return 1;
+}
+
+/* Base 64 read and write of ASN1 structure */
+
+static int B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                          const ASN1_ITEM *it)
+{
+    BIO *b64;
+    int r;
+    b64 = BIO_new(BIO_f_base64());
+    if (!b64) {
+        ASN1err(ASN1_F_B64_WRITE_ASN1, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    /*
+     * prepend the b64 BIO so all data is base64 encoded.
+     */
+    out = BIO_push(b64, out);
+    r = i2d_ASN1_bio_stream(out, val, in, flags, it);
+    (void)BIO_flush(out);
+    BIO_pop(out);
+    BIO_free(b64);
+    return r;
+}
+
+/* Streaming ASN1 PEM write */
+
+int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                              const char *hdr, const ASN1_ITEM *it)
+{
+    int r;
+    BIO_printf(out, "-----BEGIN %s-----\n", hdr);
+    r = B64_write_ASN1(out, val, in, flags, it);
+    BIO_printf(out, "-----END %s-----\n", hdr);
+    return r;
+}
+
+static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it)
+{
+    BIO *b64;
+    ASN1_VALUE *val;
+    if (!(b64 = BIO_new(BIO_f_base64()))) {
+        ASN1err(ASN1_F_B64_READ_ASN1, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    bio = BIO_push(b64, bio);
+    val = ASN1_item_d2i_bio(it, bio, NULL);
+    if (!val)
+        ASN1err(ASN1_F_B64_READ_ASN1, ASN1_R_DECODE_ERROR);
+    (void)BIO_flush(bio);
+    bio = BIO_pop(bio);
+    BIO_free(b64);
+    return val;
+}
+
+/* Generate the MIME "micalg" parameter from RFC3851, RFC4490 */
+
+static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
+{
+    const EVP_MD *md;
+    int i, have_unknown = 0, write_comma, ret = 0, md_nid;
+    have_unknown = 0;
+    write_comma = 0;
+    for (i = 0; i < sk_X509_ALGOR_num(mdalgs); i++) {
+        if (write_comma)
+            BIO_write(out, ",", 1);
+        write_comma = 1;
+        md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm);
+        md = EVP_get_digestbynid(md_nid);
+        if (md && md->md_ctrl) {
+            int rv;
+            char *micstr;
+            rv = md->md_ctrl(NULL, EVP_MD_CTRL_MICALG, 0, &micstr);
+            if (rv > 0) {
+                BIO_puts(out, micstr);
+                OPENSSL_free(micstr);
+                continue;
+            }
+            if (rv != -2)
+                goto err;
+        }
+        switch (md_nid) {
+        case NID_sha1:
+            BIO_puts(out, "sha1");
+            break;
+
+        case NID_md5:
+            BIO_puts(out, "md5");
+            break;
+
+        case NID_sha256:
+            BIO_puts(out, "sha-256");
+            break;
+
+        case NID_sha384:
+            BIO_puts(out, "sha-384");
+            break;
+
+        case NID_sha512:
+            BIO_puts(out, "sha-512");
+            break;
+
+        case NID_id_GostR3411_94:
+            BIO_puts(out, "gostr3411-94");
+            goto err;
+            break;
+
+        default:
+            if (have_unknown)
+                write_comma = 0;
+            else {
+                BIO_puts(out, "unknown");
+                have_unknown = 1;
+            }
+            break;
+
+        }
+    }
+
+    ret = 1;
+ err:
+
+    return ret;
+
+}
+
+/* SMIME sender */
+
+int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
+                     int ctype_nid, int econt_nid,
+                     STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it)
+{
+    char bound[33], c;
+    int i;
+    const char *mime_prefix, *mime_eol, *cname = "smime.p7m";
+    const char *msg_type = NULL;
+    if (flags & SMIME_OLDMIME)
+        mime_prefix = "application/x-pkcs7-";
+    else
+        mime_prefix = "application/pkcs7-";
+
+    if (flags & SMIME_CRLFEOL)
+        mime_eol = "\r\n";
+    else
+        mime_eol = "\n";
+    if ((flags & SMIME_DETACHED) && data) {
+        /* We want multipart/signed */
+        /* Generate a random boundary */
+        if (RAND_bytes((unsigned char *)bound, 32) <= 0)
+            return 0;
+        for (i = 0; i < 32; i++) {
+            c = bound[i] & 0xf;
+            if (c < 10)
+                c += '0';
+            else
+                c += 'A' - 10;
+            bound[i] = c;
+        }
+        bound[32] = 0;
+        BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
+        BIO_printf(bio, "Content-Type: multipart/signed;");
+        BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);
+        BIO_puts(bio, " micalg=\"");
+        asn1_write_micalg(bio, mdalgs);
+        BIO_printf(bio, "\"; boundary=\"----%s\"%s%s",
+                   bound, mime_eol, mime_eol);
+        BIO_printf(bio, "This is an S/MIME signed message%s%s",
+                   mime_eol, mime_eol);
+        /* Now write out the first part */
+        BIO_printf(bio, "------%s%s", bound, mime_eol);
+        if (!asn1_output_data(bio, data, val, flags, it))
+            return 0;
+        BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);
+
+        /* Headers for signature */
+
+        BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix);
+        BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol);
+        BIO_printf(bio, "Content-Transfer-Encoding: base64%s", mime_eol);
+        BIO_printf(bio, "Content-Disposition: attachment;");
+        BIO_printf(bio, " filename=\"smime.p7s\"%s%s", mime_eol, mime_eol);
+        B64_write_ASN1(bio, val, NULL, 0, it);
+        BIO_printf(bio, "%s------%s--%s%s", mime_eol, bound,
+                   mime_eol, mime_eol);
+        return 1;
+    }
+
+    /* Determine smime-type header */
+
+    if (ctype_nid == NID_pkcs7_enveloped)
+        msg_type = "enveloped-data";
+    else if (ctype_nid == NID_pkcs7_signed) {
+        if (econt_nid == NID_id_smime_ct_receipt)
+            msg_type = "signed-receipt";
+        else if (sk_X509_ALGOR_num(mdalgs) >= 0)
+            msg_type = "signed-data";
+        else
+            msg_type = "certs-only";
+    } else if (ctype_nid == NID_id_smime_ct_compressedData) {
+        msg_type = "compressed-data";
+        cname = "smime.p7z";
+    }
+    /* MIME headers */
+    BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
+    BIO_printf(bio, "Content-Disposition: attachment;");
+    BIO_printf(bio, " filename=\"%s\"%s", cname, mime_eol);
+    BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
+    if (msg_type)
+        BIO_printf(bio, " smime-type=%s;", msg_type);
+    BIO_printf(bio, " name=\"%s\"%s", cname, mime_eol);
+    BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
+               mime_eol, mime_eol);
+    if (!B64_write_ASN1(bio, val, data, flags, it))
+        return 0;
+    BIO_printf(bio, "%s", mime_eol);
+    return 1;
+}
+
+/* Handle output of ASN1 data */
+
+static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
+                            const ASN1_ITEM *it)
+{
+    BIO *tmpbio;
+    const ASN1_AUX *aux = it->funcs;
+    ASN1_STREAM_ARG sarg;
+    int rv = 1;
+
+    /*
+     * If data is not deteched or resigning then the output BIO is already
+     * set up to finalise when it is written through.
+     */
+    if (!(flags & SMIME_DETACHED) || (flags & PKCS7_REUSE_DIGEST)) {
+        SMIME_crlf_copy(data, out, flags);
+        return 1;
+    }
+
+    if (!aux || !aux->asn1_cb) {
+        ASN1err(ASN1_F_ASN1_OUTPUT_DATA, ASN1_R_STREAMING_NOT_SUPPORTED);
+        return 0;
+    }
+
+    sarg.out = out;
+    sarg.ndef_bio = NULL;
+    sarg.boundary = NULL;
+
+    /* Let ASN1 code prepend any needed BIOs */
+
+    if (aux->asn1_cb(ASN1_OP_DETACHED_PRE, &val, it, &sarg) <= 0)
+        return 0;
+
+    /* Copy data across, passing through filter BIOs for processing */
+    SMIME_crlf_copy(data, sarg.ndef_bio, flags);
+
+    /* Finalize structure */
+    if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0)
+        rv = 0;
+
+    /* Now remove any digests prepended to the BIO */
+
+    while (sarg.ndef_bio != out) {
+        tmpbio = BIO_pop(sarg.ndef_bio);
+        BIO_free(sarg.ndef_bio);
+        sarg.ndef_bio = tmpbio;
+    }
+
+    return rv;
+
+}
+
+/*
+ * SMIME reader: handle multipart/signed and opaque signing. in multipart
+ * case the content is placed in a memory BIO pointed to by "bcont". In
+ * opaque this is set to NULL
+ */
+
+ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
+{
+    BIO *asnin;
+    STACK_OF(MIME_HEADER) *headers = NULL;
+    STACK_OF(BIO) *parts = NULL;
+    MIME_HEADER *hdr;
+    MIME_PARAM *prm;
+    ASN1_VALUE *val;
+    int ret;
+
+    if (bcont)
+        *bcont = NULL;
+
+    if (!(headers = mime_parse_hdr(bio))) {
+        ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_MIME_PARSE_ERROR);
+        return NULL;
+    }
+
+    if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+        ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_CONTENT_TYPE);
+        return NULL;
+    }
+
+    /* Handle multipart/signed */
+
+    if (!strcmp(hdr->value, "multipart/signed")) {
+        /* Split into two parts */
+        prm = mime_param_find(hdr, "boundary");
+        if (!prm || !prm->param_value) {
+            sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+            ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BOUNDARY);
+            return NULL;
+        }
+        ret = multi_split(bio, prm->param_value, &parts);
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+        if (!ret || (sk_BIO_num(parts) != 2)) {
+            ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BODY_FAILURE);
+            sk_BIO_pop_free(parts, BIO_vfree);
+            return NULL;
+        }
+
+        /* Parse the signature piece */
+        asnin = sk_BIO_value(parts, 1);
+
+        if (!(headers = mime_parse_hdr(asnin))) {
+            ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_MIME_SIG_PARSE_ERROR);
+            sk_BIO_pop_free(parts, BIO_vfree);
+            return NULL;
+        }
+
+        /* Get content type */
+
+        if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
+            sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+            ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE);
+            return NULL;
+        }
+
+        if (strcmp(hdr->value, "application/x-pkcs7-signature") &&
+            strcmp(hdr->value, "application/pkcs7-signature")) {
+            ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_SIG_INVALID_MIME_TYPE);
+            ERR_add_error_data(2, "type: ", hdr->value);
+            sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+            sk_BIO_pop_free(parts, BIO_vfree);
+            return NULL;
+        }
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+        /* Read in ASN1 */
+        if (!(val = b64_read_asn1(asnin, it))) {
+            ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_SIG_PARSE_ERROR);
+            sk_BIO_pop_free(parts, BIO_vfree);
+            return NULL;
+        }
+
+        if (bcont) {
+            *bcont = sk_BIO_value(parts, 0);
+            BIO_free(asnin);
+            sk_BIO_free(parts);
+        } else
+            sk_BIO_pop_free(parts, BIO_vfree);
+        return val;
+    }
+
+    /* OK, if not multipart/signed try opaque signature */
+
+    if (strcmp(hdr->value, "application/x-pkcs7-mime") &&
+        strcmp(hdr->value, "application/pkcs7-mime")) {
+        ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_INVALID_MIME_TYPE);
+        ERR_add_error_data(2, "type: ", hdr->value);
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+        return NULL;
+    }
+
+    sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+
+    if (!(val = b64_read_asn1(bio, it))) {
+        ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_PARSE_ERROR);
+        return NULL;
+    }
+    return val;
+
+}
+
+/* Copy text from one BIO to another making the output CRLF at EOL */
+int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
+{
+    BIO *bf;
+    char eol;
+    int len;
+    char linebuf[MAX_SMLEN];
+    /*
+     * Buffer output so we don't write one line at a time. This is useful
+     * when streaming as we don't end up with one OCTET STRING per line.
+     */
+    bf = BIO_new(BIO_f_buffer());
+    if (!bf)
+        return 0;
+    out = BIO_push(bf, out);
+    if (flags & SMIME_BINARY) {
+        while ((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0)
+            BIO_write(out, linebuf, len);
+    } else {
+        if (flags & SMIME_TEXT)
+            BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
+        while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) {
+            eol = strip_eol(linebuf, &len);
+            if (len)
+                BIO_write(out, linebuf, len);
+            if (eol)
+                BIO_write(out, "\r\n", 2);
+        }
+    }
+    (void)BIO_flush(out);
+    BIO_pop(out);
+    BIO_free(bf);
+    return 1;
+}
+
+/* Strip off headers if they are text/plain */
+int SMIME_text(BIO *in, BIO *out)
+{
+    char iobuf[4096];
+    int len;
+    STACK_OF(MIME_HEADER) *headers;
+    MIME_HEADER *hdr;
+
+    if (!(headers = mime_parse_hdr(in))) {
+        ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_MIME_PARSE_ERROR);
+        return 0;
+    }
+    if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
+        ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_MIME_NO_CONTENT_TYPE);
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+        return 0;
+    }
+    if (strcmp(hdr->value, "text/plain")) {
+        ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_INVALID_MIME_TYPE);
+        ERR_add_error_data(2, "type: ", hdr->value);
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+        return 0;
+    }
+    sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+    while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
+        BIO_write(out, iobuf, len);
+    if (len < 0)
+        return 0;
+    return 1;
+}
+
+/*
+ * Split a multipart/XXX message body into component parts: result is
+ * canonical parts in a STACK of bios
+ */
+
+static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
+{
+    char linebuf[MAX_SMLEN];
+    int len, blen;
+    int eol = 0, next_eol = 0;
+    BIO *bpart = NULL;
+    STACK_OF(BIO) *parts;
+    char state, part, first;
+
+    blen = strlen(bound);
+    part = 0;
+    state = 0;
+    first = 1;
+    parts = sk_BIO_new_null();
+    *ret = parts;
+    while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
+        state = mime_bound_check(linebuf, len, bound, blen);
+        if (state == 1) {
+            first = 1;
+            part++;
+        } else if (state == 2) {
+            sk_BIO_push(parts, bpart);
+            return 1;
+        } else if (part) {
+            /* Strip CR+LF from linebuf */
+            next_eol = strip_eol(linebuf, &len);
+            if (first) {
+                first = 0;
+                if (bpart)
+                    sk_BIO_push(parts, bpart);
+                bpart = BIO_new(BIO_s_mem());
+                BIO_set_mem_eof_return(bpart, 0);
+            } else if (eol)
+                BIO_write(bpart, "\r\n", 2);
+            eol = next_eol;
+            if (len)
+                BIO_write(bpart, linebuf, len);
+        }
+    }
+    return 0;
+}
+
+/* This is the big one: parse MIME header lines up to message body */
+
+#define MIME_INVALID    0
+#define MIME_START      1
+#define MIME_TYPE       2
+#define MIME_NAME       3
+#define MIME_VALUE      4
+#define MIME_QUOTE      5
+#define MIME_COMMENT    6
+
+static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
+{
+    char *p, *q, c;
+    char *ntmp;
+    char linebuf[MAX_SMLEN];
+    MIME_HEADER *mhdr = NULL;
+    STACK_OF(MIME_HEADER) *headers;
+    int len, state, save_state = 0;
+
+    headers = sk_MIME_HEADER_new(mime_hdr_cmp);
+    if (!headers)
+        return NULL;
+    while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
+        /* If whitespace at line start then continuation line */
+        if (mhdr && isspace((unsigned char)linebuf[0]))
+            state = MIME_NAME;
+        else
+            state = MIME_START;
+        ntmp = NULL;
+        /* Go through all characters */
+        for (p = linebuf, q = linebuf; (c = *p) && (c != '\r') && (c != '\n');
+             p++) {
+
+            /*
+             * State machine to handle MIME headers if this looks horrible
+             * that's because it *is*
+             */
+
+            switch (state) {
+            case MIME_START:
+                if (c == ':') {
+                    state = MIME_TYPE;
+                    *p = 0;
+                    ntmp = strip_ends(q);
+                    q = p + 1;
+                }
+                break;
+
+            case MIME_TYPE:
+                if (c == ';') {
+                    mime_debug("Found End Value\n");
+                    *p = 0;
+                    mhdr = mime_hdr_new(ntmp, strip_ends(q));
+                    sk_MIME_HEADER_push(headers, mhdr);
+                    ntmp = NULL;
+                    q = p + 1;
+                    state = MIME_NAME;
+                } else if (c == '(') {
+                    save_state = state;
+                    state = MIME_COMMENT;
+                }
+                break;
+
+            case MIME_COMMENT:
+                if (c == ')') {
+                    state = save_state;
+                }
+                break;
+
+            case MIME_NAME:
+                if (c == '=') {
+                    state = MIME_VALUE;
+                    *p = 0;
+                    ntmp = strip_ends(q);
+                    q = p + 1;
+                }
+                break;
+
+            case MIME_VALUE:
+                if (c == ';') {
+                    state = MIME_NAME;
+                    *p = 0;
+                    mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
+                    ntmp = NULL;
+                    q = p + 1;
+                } else if (c == '"') {
+                    mime_debug("Found Quote\n");
+                    state = MIME_QUOTE;
+                } else if (c == '(') {
+                    save_state = state;
+                    state = MIME_COMMENT;
+                }
+                break;
+
+            case MIME_QUOTE:
+                if (c == '"') {
+                    mime_debug("Found Match Quote\n");
+                    state = MIME_VALUE;
+                }
+                break;
+            }
+        }
+
+        if (state == MIME_TYPE) {
+            mhdr = mime_hdr_new(ntmp, strip_ends(q));
+            sk_MIME_HEADER_push(headers, mhdr);
+        } else if (state == MIME_VALUE)
+            mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
+        if (p == linebuf)
+            break;              /* Blank line means end of headers */
+    }
+
+    return headers;
+
+}
+
+static char *strip_ends(char *name)
+{
+    return strip_end(strip_start(name));
+}
+
+/* Strip a parameter of whitespace from start of param */
+static char *strip_start(char *name)
+{
+    char *p, c;
+    /* Look for first non white space or quote */
+    for (p = name; (c = *p); p++) {
+        if (c == '"') {
+            /* Next char is start of string if non null */
+            if (p[1])
+                return p + 1;
+            /* Else null string */
+            return NULL;
+        }
+        if (!isspace((unsigned char)c))
+            return p;
+    }
+    return NULL;
+}
+
+/* As above but strip from end of string : maybe should handle brackets? */
+static char *strip_end(char *name)
+{
+    char *p, c;
+    if (!name)
+        return NULL;
+    /* Look for first non white space or quote */
+    for (p = name + strlen(name) - 1; p >= name; p--) {
+        c = *p;
+        if (c == '"') {
+            if (p - 1 == name)
+                return NULL;
+            *p = 0;
+            return name;
+        }
+        if (isspace((unsigned char)c))
+            *p = 0;
+        else
+            return name;
+    }
+    return NULL;
+}
+
+static MIME_HEADER *mime_hdr_new(char *name, char *value)
+{
+    MIME_HEADER *mhdr;
+    char *tmpname, *tmpval, *p;
+    int c;
+    if (name) {
+        if (!(tmpname = BUF_strdup(name)))
+            return NULL;
+        for (p = tmpname; *p; p++) {
+            c = (unsigned char)*p;
+            if (isupper(c)) {
+                c = tolower(c);
+                *p = c;
+            }
+        }
+    } else
+        tmpname = NULL;
+    if (value) {
+        if (!(tmpval = BUF_strdup(value)))
+            return NULL;
+        for (p = tmpval; *p; p++) {
+            c = (unsigned char)*p;
+            if (isupper(c)) {
+                c = tolower(c);
+                *p = c;
+            }
+        }
+    } else
+        tmpval = NULL;
+    mhdr = (MIME_HEADER *)OPENSSL_malloc(sizeof(MIME_HEADER));
+    if (!mhdr)
+        return NULL;
+    mhdr->name = tmpname;
+    mhdr->value = tmpval;
+    if (!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp)))
+        return NULL;
+    return mhdr;
+}
+
+static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
+{
+    char *tmpname, *tmpval, *p;
+    int c;
+    MIME_PARAM *mparam;
+    if (name) {
+        tmpname = BUF_strdup(name);
+        if (!tmpname)
+            return 0;
+        for (p = tmpname; *p; p++) {
+            c = (unsigned char)*p;
+            if (isupper(c)) {
+                c = tolower(c);
+                *p = c;
+            }
+        }
+    } else
+        tmpname = NULL;
+    if (value) {
+        tmpval = BUF_strdup(value);
+        if (!tmpval)
+            return 0;
+    } else
+        tmpval = NULL;
+    /* Parameter values are case sensitive so leave as is */
+    mparam = (MIME_PARAM *)OPENSSL_malloc(sizeof(MIME_PARAM));
+    if (!mparam)
+        return 0;
+    mparam->param_name = tmpname;
+    mparam->param_value = tmpval;
+    sk_MIME_PARAM_push(mhdr->params, mparam);
+    return 1;
+}
+
+static int mime_hdr_cmp(const MIME_HEADER *const *a,
+                        const MIME_HEADER *const *b)
+{
+    if (!(*a)->name || !(*b)->name)
+        return ! !(*a)->name - ! !(*b)->name;
+
+    return (strcmp((*a)->name, (*b)->name));
+}
+
+static int mime_param_cmp(const MIME_PARAM *const *a,
+                          const MIME_PARAM *const *b)
+{
+    if (!(*a)->param_name || !(*b)->param_name)
+        return ! !(*a)->param_name - ! !(*b)->param_name;
+    return (strcmp((*a)->param_name, (*b)->param_name));
+}
+
+/* Find a header with a given name (if possible) */
+
+static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name)
+{
+    MIME_HEADER htmp;
+    int idx;
+    htmp.name = name;
+    idx = sk_MIME_HEADER_find(hdrs, &htmp);
+    if (idx < 0)
+        return NULL;
+    return sk_MIME_HEADER_value(hdrs, idx);
+}
+
+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name)
+{
+    MIME_PARAM param;
+    int idx;
+    param.param_name = name;
+    idx = sk_MIME_PARAM_find(hdr->params, &param);
+    if (idx < 0)
+        return NULL;
+    return sk_MIME_PARAM_value(hdr->params, idx);
+}
+
+static void mime_hdr_free(MIME_HEADER *hdr)
+{
+    if (hdr->name)
+        OPENSSL_free(hdr->name);
+    if (hdr->value)
+        OPENSSL_free(hdr->value);
+    if (hdr->params)
+        sk_MIME_PARAM_pop_free(hdr->params, mime_param_free);
+    OPENSSL_free(hdr);
+}
+
+static void mime_param_free(MIME_PARAM *param)
+{
+    if (param->param_name)
+        OPENSSL_free(param->param_name);
+    if (param->param_value)
+        OPENSSL_free(param->param_value);
+    OPENSSL_free(param);
+}
+
+/*-
+ * Check for a multipart boundary. Returns:
+ * 0 : no boundary
+ * 1 : part boundary
+ * 2 : final boundary
+ */
+static int mime_bound_check(char *line, int linelen, char *bound, int blen)
+{
+    if (linelen == -1)
+        linelen = strlen(line);
+    if (blen == -1)
+        blen = strlen(bound);
+    /* Quickly eliminate if line length too short */
+    if (blen + 2 > linelen)
+        return 0;
+    /* Check for part boundary */
+    if (!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) {
+        if (!strncmp(line + blen + 2, "--", 2))
+            return 2;
+        else
+            return 1;
+    }
+    return 0;
+}
+
+static int strip_eol(char *linebuf, int *plen)
+{
+    int len = *plen;
+    char *p, c;
+    int is_eol = 0;
+    p = linebuf + len - 1;
+    for (p = linebuf + len - 1; len > 0; len--, p--) {
+        c = *p;
+        if (c == '\n')
+            is_eol = 1;
+        else if (c != '\r')
+            break;
+    }
+    *plen = len;
+    return is_eol;
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/asn1/d2i_pr.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/d2i_pr.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/d2i_pr.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,175 +0,0 @@
-/* crypto/asn1/d2i_pr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-#include "asn1_locl.h"
-
-EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
-                         long length)
-{
-    EVP_PKEY *ret;
-    const unsigned char *p = *pp;
-
-    if ((a == NULL) || (*a == NULL)) {
-        if ((ret = EVP_PKEY_new()) == NULL) {
-            ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_EVP_LIB);
-            return (NULL);
-        }
-    } else {
-        ret = *a;
-#ifndef OPENSSL_NO_ENGINE
-        if (ret->engine) {
-            ENGINE_finish(ret->engine);
-            ret->engine = NULL;
-        }
-#endif
-    }
-
-    if (!EVP_PKEY_set_type(ret, type)) {
-        ASN1err(ASN1_F_D2I_PRIVATEKEY, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
-        goto err;
-    }
-
-    if (!ret->ameth->old_priv_decode ||
-        !ret->ameth->old_priv_decode(ret, &p, length)) {
-        if (ret->ameth->priv_decode) {
-            PKCS8_PRIV_KEY_INFO *p8 = NULL;
-            p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
-            if (!p8)
-                goto err;
-            EVP_PKEY_free(ret);
-            ret = EVP_PKCS82PKEY(p8);
-            PKCS8_PRIV_KEY_INFO_free(p8);
-            if (ret == NULL)
-                goto err;
-        } else {
-            ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
-            goto err;
-        }
-    }
-    *pp = p;
-    if (a != NULL)
-        (*a) = ret;
-    return (ret);
- err:
-    if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-        EVP_PKEY_free(ret);
-    return (NULL);
-}
-
-/*
- * This works like d2i_PrivateKey() except it automatically works out the
- * type
- */
-
-EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
-                             long length)
-{
-    STACK_OF(ASN1_TYPE) *inkey;
-    const unsigned char *p;
-    int keytype;
-    p = *pp;
-    /*
-     * Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): by
-     * analyzing it we can determine the passed structure: this assumes the
-     * input is surrounded by an ASN1 SEQUENCE.
-     */
-    inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length);
-    p = *pp;
-    /*
-     * Since we only need to discern "traditional format" RSA and DSA keys we
-     * can just count the elements.
-     */
-    if (sk_ASN1_TYPE_num(inkey) == 6)
-        keytype = EVP_PKEY_DSA;
-    else if (sk_ASN1_TYPE_num(inkey) == 4)
-        keytype = EVP_PKEY_EC;
-    else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not
-                                              * traditional format */
-        PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
-        EVP_PKEY *ret;
-
-        sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
-        if (!p8) {
-            ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY,
-                    ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
-            return NULL;
-        }
-        ret = EVP_PKCS82PKEY(p8);
-        PKCS8_PRIV_KEY_INFO_free(p8);
-        if (ret == NULL)
-            return NULL;
-        *pp = p;
-        if (a) {
-            *a = ret;
-        }
-        return ret;
-    } else
-        keytype = EVP_PKEY_RSA;
-    sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
-    return d2i_PrivateKey(keytype, a, pp, length);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/asn1/d2i_pr.c (from rev 11605, vendor-crypto/openssl/dist/crypto/asn1/d2i_pr.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/asn1/d2i_pr.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/d2i_pr.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,177 @@
+/* crypto/asn1/d2i_pr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include "asn1_locl.h"
+
+EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
+                         long length)
+{
+    EVP_PKEY *ret;
+    const unsigned char *p = *pp;
+
+    if ((a == NULL) || (*a == NULL)) {
+        if ((ret = EVP_PKEY_new()) == NULL) {
+            ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_EVP_LIB);
+            return (NULL);
+        }
+    } else {
+        ret = *a;
+#ifndef OPENSSL_NO_ENGINE
+        if (ret->engine) {
+            ENGINE_finish(ret->engine);
+            ret->engine = NULL;
+        }
+#endif
+    }
+
+    if (!EVP_PKEY_set_type(ret, type)) {
+        ASN1err(ASN1_F_D2I_PRIVATEKEY, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
+        goto err;
+    }
+
+    if (!ret->ameth->old_priv_decode ||
+        !ret->ameth->old_priv_decode(ret, &p, length)) {
+        if (ret->ameth->priv_decode) {
+            EVP_PKEY *tmp;
+            PKCS8_PRIV_KEY_INFO *p8 = NULL;
+            p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
+            if (!p8)
+                goto err;
+            tmp = EVP_PKCS82PKEY(p8);
+            PKCS8_PRIV_KEY_INFO_free(p8);
+            if (tmp == NULL)
+                goto err;
+            EVP_PKEY_free(ret);
+            ret = tmp;
+        } else {
+            ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
+            goto err;
+        }
+    }
+    *pp = p;
+    if (a != NULL)
+        (*a) = ret;
+    return (ret);
+ err:
+    if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+        EVP_PKEY_free(ret);
+    return (NULL);
+}
+
+/*
+ * This works like d2i_PrivateKey() except it automatically works out the
+ * type
+ */
+
+EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
+                             long length)
+{
+    STACK_OF(ASN1_TYPE) *inkey;
+    const unsigned char *p;
+    int keytype;
+    p = *pp;
+    /*
+     * Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): by
+     * analyzing it we can determine the passed structure: this assumes the
+     * input is surrounded by an ASN1 SEQUENCE.
+     */
+    inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length);
+    p = *pp;
+    /*
+     * Since we only need to discern "traditional format" RSA and DSA keys we
+     * can just count the elements.
+     */
+    if (sk_ASN1_TYPE_num(inkey) == 6)
+        keytype = EVP_PKEY_DSA;
+    else if (sk_ASN1_TYPE_num(inkey) == 4)
+        keytype = EVP_PKEY_EC;
+    else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not
+                                              * traditional format */
+        PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
+        EVP_PKEY *ret;
+
+        sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
+        if (!p8) {
+            ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY,
+                    ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+            return NULL;
+        }
+        ret = EVP_PKCS82PKEY(p8);
+        PKCS8_PRIV_KEY_INFO_free(p8);
+        if (ret == NULL)
+            return NULL;
+        *pp = p;
+        if (a) {
+            *a = ret;
+        }
+        return ret;
+    } else
+        keytype = EVP_PKEY_RSA;
+    sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
+    return d2i_PrivateKey(keytype, a, pp, length);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/asn1/f_enum.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/f_enum.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/f_enum.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,203 +0,0 @@
-/* crypto/asn1/f_enum.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/asn1.h>
-
-/* Based on a_int.c: equivalent ENUMERATED functions */
-
-int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a)
-{
-    int i, n = 0;
-    static const char *h = "0123456789ABCDEF";
-    char buf[2];
-
-    if (a == NULL)
-        return (0);
-
-    if (a->length == 0) {
-        if (BIO_write(bp, "00", 2) != 2)
-            goto err;
-        n = 2;
-    } else {
-        for (i = 0; i < a->length; i++) {
-            if ((i != 0) && (i % 35 == 0)) {
-                if (BIO_write(bp, "\\\n", 2) != 2)
-                    goto err;
-                n += 2;
-            }
-            buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f];
-            buf[1] = h[((unsigned char)a->data[i]) & 0x0f];
-            if (BIO_write(bp, buf, 2) != 2)
-                goto err;
-            n += 2;
-        }
-    }
-    return (n);
- err:
-    return (-1);
-}
-
-int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
-{
-    int ret = 0;
-    int i, j, k, m, n, again, bufsize;
-    unsigned char *s = NULL, *sp;
-    unsigned char *bufp;
-    int num = 0, slen = 0, first = 1;
-
-    bs->type = V_ASN1_ENUMERATED;
-
-    bufsize = BIO_gets(bp, buf, size);
-    for (;;) {
-        if (bufsize < 1)
-            goto err_sl;
-        i = bufsize;
-        if (buf[i - 1] == '\n')
-            buf[--i] = '\0';
-        if (i == 0)
-            goto err_sl;
-        if (buf[i - 1] == '\r')
-            buf[--i] = '\0';
-        if (i == 0)
-            goto err_sl;
-        again = (buf[i - 1] == '\\');
-
-        for (j = 0; j < i; j++) {
-            if (!(((buf[j] >= '0') && (buf[j] <= '9')) ||
-                  ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
-                  ((buf[j] >= 'A') && (buf[j] <= 'F')))) {
-                i = j;
-                break;
-            }
-        }
-        buf[i] = '\0';
-        /*
-         * We have now cleared all the crap off the end of the line
-         */
-        if (i < 2)
-            goto err_sl;
-
-        bufp = (unsigned char *)buf;
-        if (first) {
-            first = 0;
-            if ((bufp[0] == '0') && (buf[1] == '0')) {
-                bufp += 2;
-                i -= 2;
-            }
-        }
-        k = 0;
-        i -= again;
-        if (i % 2 != 0) {
-            ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ASN1_R_ODD_NUMBER_OF_CHARS);
-            goto err;
-        }
-        i /= 2;
-        if (num + i > slen) {
-            if (s == NULL)
-                sp = (unsigned char *)OPENSSL_malloc((unsigned int)num +
-                                                     i * 2);
-            else
-                sp = (unsigned char *)OPENSSL_realloc(s,
-                                                      (unsigned int)num +
-                                                      i * 2);
-            if (sp == NULL) {
-                ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE);
-                if (s != NULL)
-                    OPENSSL_free(s);
-                goto err;
-            }
-            s = sp;
-            slen = num + i * 2;
-        }
-        for (j = 0; j < i; j++, k += 2) {
-            for (n = 0; n < 2; n++) {
-                m = bufp[k + n];
-                if ((m >= '0') && (m <= '9'))
-                    m -= '0';
-                else if ((m >= 'a') && (m <= 'f'))
-                    m = m - 'a' + 10;
-                else if ((m >= 'A') && (m <= 'F'))
-                    m = m - 'A' + 10;
-                else {
-                    ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,
-                            ASN1_R_NON_HEX_CHARACTERS);
-                    goto err;
-                }
-                s[num + j] <<= 4;
-                s[num + j] |= m;
-            }
-        }
-        num += i;
-        if (again)
-            bufsize = BIO_gets(bp, buf, size);
-        else
-            break;
-    }
-    bs->length = num;
-    bs->data = s;
-    ret = 1;
- err:
-    if (0) {
- err_sl:
-        ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ASN1_R_SHORT_LINE);
-    }
-    return (ret);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/asn1/f_enum.c (from rev 11605, vendor-crypto/openssl/dist/crypto/asn1/f_enum.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/asn1/f_enum.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/f_enum.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,203 @@
+/* crypto/asn1/f_enum.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+
+/* Based on a_int.c: equivalent ENUMERATED functions */
+
+int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a)
+{
+    int i, n = 0;
+    static const char *h = "0123456789ABCDEF";
+    char buf[2];
+
+    if (a == NULL)
+        return (0);
+
+    if (a->length == 0) {
+        if (BIO_write(bp, "00", 2) != 2)
+            goto err;
+        n = 2;
+    } else {
+        for (i = 0; i < a->length; i++) {
+            if ((i != 0) && (i % 35 == 0)) {
+                if (BIO_write(bp, "\\\n", 2) != 2)
+                    goto err;
+                n += 2;
+            }
+            buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f];
+            buf[1] = h[((unsigned char)a->data[i]) & 0x0f];
+            if (BIO_write(bp, buf, 2) != 2)
+                goto err;
+            n += 2;
+        }
+    }
+    return (n);
+ err:
+    return (-1);
+}
+
+int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
+{
+    int ret = 0;
+    int i, j, k, m, n, again, bufsize;
+    unsigned char *s = NULL, *sp;
+    unsigned char *bufp;
+    int num = 0, slen = 0, first = 1;
+
+    bs->type = V_ASN1_ENUMERATED;
+
+    bufsize = BIO_gets(bp, buf, size);
+    for (;;) {
+        if (bufsize < 1)
+            goto err_sl;
+        i = bufsize;
+        if (buf[i - 1] == '\n')
+            buf[--i] = '\0';
+        if (i == 0)
+            goto err_sl;
+        if (buf[i - 1] == '\r')
+            buf[--i] = '\0';
+        if (i == 0)
+            goto err_sl;
+        again = (buf[i - 1] == '\\');
+
+        for (j = 0; j < i; j++) {
+            if (!(((buf[j] >= '0') && (buf[j] <= '9')) ||
+                  ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
+                  ((buf[j] >= 'A') && (buf[j] <= 'F')))) {
+                i = j;
+                break;
+            }
+        }
+        buf[i] = '\0';
+        /*
+         * We have now cleared all the crap off the end of the line
+         */
+        if (i < 2)
+            goto err_sl;
+
+        bufp = (unsigned char *)buf;
+        if (first) {
+            first = 0;
+            if ((bufp[0] == '0') && (buf[1] == '0')) {
+                bufp += 2;
+                i -= 2;
+            }
+        }
+        k = 0;
+        i -= again;
+        if (i % 2 != 0) {
+            ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ASN1_R_ODD_NUMBER_OF_CHARS);
+            goto err;
+        }
+        i /= 2;
+        if (num + i > slen) {
+            if (s == NULL)
+                sp = (unsigned char *)OPENSSL_malloc((unsigned int)num +
+                                                     i * 2);
+            else
+                sp = (unsigned char *)OPENSSL_realloc(s,
+                                                      (unsigned int)num +
+                                                      i * 2);
+            if (sp == NULL) {
+                ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            s = sp;
+            slen = num + i * 2;
+        }
+        for (j = 0; j < i; j++, k += 2) {
+            for (n = 0; n < 2; n++) {
+                m = bufp[k + n];
+                if ((m >= '0') && (m <= '9'))
+                    m -= '0';
+                else if ((m >= 'a') && (m <= 'f'))
+                    m = m - 'a' + 10;
+                else if ((m >= 'A') && (m <= 'F'))
+                    m = m - 'A' + 10;
+                else {
+                    ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,
+                            ASN1_R_NON_HEX_CHARACTERS);
+                    goto err;
+                }
+                s[num + j] <<= 4;
+                s[num + j] |= m;
+            }
+        }
+        num += i;
+        if (again)
+            bufsize = BIO_gets(bp, buf, size);
+        else
+            break;
+    }
+    bs->length = num;
+    bs->data = s;
+    ret = 1;
+ err:
+    if (0) {
+ err_sl:
+        ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ASN1_R_SHORT_LINE);
+    }
+    if (ret != 1)
+        OPENSSL_free(s);
+    return (ret);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/asn1/f_int.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/f_int.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/f_int.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,215 +0,0 @@
-/* crypto/asn1/f_int.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/asn1.h>
-
-int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a)
-{
-    int i, n = 0;
-    static const char *h = "0123456789ABCDEF";
-    char buf[2];
-
-    if (a == NULL)
-        return (0);
-
-    if (a->type & V_ASN1_NEG) {
-        if (BIO_write(bp, "-", 1) != 1)
-            goto err;
-        n = 1;
-    }
-
-    if (a->length == 0) {
-        if (BIO_write(bp, "00", 2) != 2)
-            goto err;
-        n += 2;
-    } else {
-        for (i = 0; i < a->length; i++) {
-            if ((i != 0) && (i % 35 == 0)) {
-                if (BIO_write(bp, "\\\n", 2) != 2)
-                    goto err;
-                n += 2;
-            }
-            buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f];
-            buf[1] = h[((unsigned char)a->data[i]) & 0x0f];
-            if (BIO_write(bp, buf, 2) != 2)
-                goto err;
-            n += 2;
-        }
-    }
-    return (n);
- err:
-    return (-1);
-}
-
-int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
-{
-    int ret = 0;
-    int i, j, k, m, n, again, bufsize;
-    unsigned char *s = NULL, *sp;
-    unsigned char *bufp;
-    int num = 0, slen = 0, first = 1;
-
-    bs->type = V_ASN1_INTEGER;
-
-    bufsize = BIO_gets(bp, buf, size);
-    for (;;) {
-        if (bufsize < 1)
-            goto err_sl;
-        i = bufsize;
-        if (buf[i - 1] == '\n')
-            buf[--i] = '\0';
-        if (i == 0)
-            goto err_sl;
-        if (buf[i - 1] == '\r')
-            buf[--i] = '\0';
-        if (i == 0)
-            goto err_sl;
-        again = (buf[i - 1] == '\\');
-
-        for (j = 0; j < i; j++) {
-#ifndef CHARSET_EBCDIC
-            if (!(((buf[j] >= '0') && (buf[j] <= '9')) ||
-                  ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
-                  ((buf[j] >= 'A') && (buf[j] <= 'F'))))
-#else
-            /*
-             * This #ifdef is not strictly necessary, since the characters
-             * A...F a...f 0...9 are contiguous (yes, even in EBCDIC - but
-             * not the whole alphabet). Nevertheless, isxdigit() is faster.
-             */
-            if (!isxdigit(buf[j]))
-#endif
-            {
-                i = j;
-                break;
-            }
-        }
-        buf[i] = '\0';
-        /*
-         * We have now cleared all the crap off the end of the line
-         */
-        if (i < 2)
-            goto err_sl;
-
-        bufp = (unsigned char *)buf;
-        if (first) {
-            first = 0;
-            if ((bufp[0] == '0') && (buf[1] == '0')) {
-                bufp += 2;
-                i -= 2;
-            }
-        }
-        k = 0;
-        i -= again;
-        if (i % 2 != 0) {
-            ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_ODD_NUMBER_OF_CHARS);
-            goto err;
-        }
-        i /= 2;
-        if (num + i > slen) {
-            if (s == NULL)
-                sp = (unsigned char *)OPENSSL_malloc((unsigned int)num +
-                                                     i * 2);
-            else
-                sp = OPENSSL_realloc_clean(s, slen, num + i * 2);
-            if (sp == NULL) {
-                ASN1err(ASN1_F_A2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
-                if (s != NULL)
-                    OPENSSL_free(s);
-                goto err;
-            }
-            s = sp;
-            slen = num + i * 2;
-        }
-        for (j = 0; j < i; j++, k += 2) {
-            for (n = 0; n < 2; n++) {
-                m = bufp[k + n];
-                if ((m >= '0') && (m <= '9'))
-                    m -= '0';
-                else if ((m >= 'a') && (m <= 'f'))
-                    m = m - 'a' + 10;
-                else if ((m >= 'A') && (m <= 'F'))
-                    m = m - 'A' + 10;
-                else {
-                    ASN1err(ASN1_F_A2I_ASN1_INTEGER,
-                            ASN1_R_NON_HEX_CHARACTERS);
-                    goto err;
-                }
-                s[num + j] <<= 4;
-                s[num + j] |= m;
-            }
-        }
-        num += i;
-        if (again)
-            bufsize = BIO_gets(bp, buf, size);
-        else
-            break;
-    }
-    bs->length = num;
-    bs->data = s;
-    ret = 1;
- err:
-    if (0) {
- err_sl:
-        ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_SHORT_LINE);
-    }
-    return (ret);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/asn1/f_int.c (from rev 11605, vendor-crypto/openssl/dist/crypto/asn1/f_int.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/asn1/f_int.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/f_int.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,215 @@
+/* crypto/asn1/f_int.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+
+int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a)
+{
+    int i, n = 0;
+    static const char *h = "0123456789ABCDEF";
+    char buf[2];
+
+    if (a == NULL)
+        return (0);
+
+    if (a->type & V_ASN1_NEG) {
+        if (BIO_write(bp, "-", 1) != 1)
+            goto err;
+        n = 1;
+    }
+
+    if (a->length == 0) {
+        if (BIO_write(bp, "00", 2) != 2)
+            goto err;
+        n += 2;
+    } else {
+        for (i = 0; i < a->length; i++) {
+            if ((i != 0) && (i % 35 == 0)) {
+                if (BIO_write(bp, "\\\n", 2) != 2)
+                    goto err;
+                n += 2;
+            }
+            buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f];
+            buf[1] = h[((unsigned char)a->data[i]) & 0x0f];
+            if (BIO_write(bp, buf, 2) != 2)
+                goto err;
+            n += 2;
+        }
+    }
+    return (n);
+ err:
+    return (-1);
+}
+
+int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
+{
+    int ret = 0;
+    int i, j, k, m, n, again, bufsize;
+    unsigned char *s = NULL, *sp;
+    unsigned char *bufp;
+    int num = 0, slen = 0, first = 1;
+
+    bs->type = V_ASN1_INTEGER;
+
+    bufsize = BIO_gets(bp, buf, size);
+    for (;;) {
+        if (bufsize < 1)
+            goto err_sl;
+        i = bufsize;
+        if (buf[i - 1] == '\n')
+            buf[--i] = '\0';
+        if (i == 0)
+            goto err_sl;
+        if (buf[i - 1] == '\r')
+            buf[--i] = '\0';
+        if (i == 0)
+            goto err_sl;
+        again = (buf[i - 1] == '\\');
+
+        for (j = 0; j < i; j++) {
+#ifndef CHARSET_EBCDIC
+            if (!(((buf[j] >= '0') && (buf[j] <= '9')) ||
+                  ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
+                  ((buf[j] >= 'A') && (buf[j] <= 'F'))))
+#else
+            /*
+             * This #ifdef is not strictly necessary, since the characters
+             * A...F a...f 0...9 are contiguous (yes, even in EBCDIC - but
+             * not the whole alphabet). Nevertheless, isxdigit() is faster.
+             */
+            if (!isxdigit(buf[j]))
+#endif
+            {
+                i = j;
+                break;
+            }
+        }
+        buf[i] = '\0';
+        /*
+         * We have now cleared all the crap off the end of the line
+         */
+        if (i < 2)
+            goto err_sl;
+
+        bufp = (unsigned char *)buf;
+        if (first) {
+            first = 0;
+            if ((bufp[0] == '0') && (buf[1] == '0')) {
+                bufp += 2;
+                i -= 2;
+            }
+        }
+        k = 0;
+        i -= again;
+        if (i % 2 != 0) {
+            ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_ODD_NUMBER_OF_CHARS);
+            goto err;
+        }
+        i /= 2;
+        if (num + i > slen) {
+            if (s == NULL)
+                sp = (unsigned char *)OPENSSL_malloc((unsigned int)num +
+                                                     i * 2);
+            else
+                sp = OPENSSL_realloc_clean(s, slen, num + i * 2);
+            if (sp == NULL) {
+                ASN1err(ASN1_F_A2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            s = sp;
+            slen = num + i * 2;
+        }
+        for (j = 0; j < i; j++, k += 2) {
+            for (n = 0; n < 2; n++) {
+                m = bufp[k + n];
+                if ((m >= '0') && (m <= '9'))
+                    m -= '0';
+                else if ((m >= 'a') && (m <= 'f'))
+                    m = m - 'a' + 10;
+                else if ((m >= 'A') && (m <= 'F'))
+                    m = m - 'A' + 10;
+                else {
+                    ASN1err(ASN1_F_A2I_ASN1_INTEGER,
+                            ASN1_R_NON_HEX_CHARACTERS);
+                    goto err;
+                }
+                s[num + j] <<= 4;
+                s[num + j] |= m;
+            }
+        }
+        num += i;
+        if (again)
+            bufsize = BIO_gets(bp, buf, size);
+        else
+            break;
+    }
+    bs->length = num;
+    bs->data = s;
+    ret = 1;
+ err:
+    if (0) {
+ err_sl:
+        ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_SHORT_LINE);
+    }
+    if (ret != 1)
+        OPENSSL_free(s);
+    return (ret);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/asn1/f_string.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/f_string.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/f_string.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,209 +0,0 @@
-/* crypto/asn1/f_string.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/asn1.h>
-
-int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type)
-{
-    int i, n = 0;
-    static const char *h = "0123456789ABCDEF";
-    char buf[2];
-
-    if (a == NULL)
-        return (0);
-
-    if (a->length == 0) {
-        if (BIO_write(bp, "0", 1) != 1)
-            goto err;
-        n = 1;
-    } else {
-        for (i = 0; i < a->length; i++) {
-            if ((i != 0) && (i % 35 == 0)) {
-                if (BIO_write(bp, "\\\n", 2) != 2)
-                    goto err;
-                n += 2;
-            }
-            buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f];
-            buf[1] = h[((unsigned char)a->data[i]) & 0x0f];
-            if (BIO_write(bp, buf, 2) != 2)
-                goto err;
-            n += 2;
-        }
-    }
-    return (n);
- err:
-    return (-1);
-}
-
-int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
-{
-    int ret = 0;
-    int i, j, k, m, n, again, bufsize;
-    unsigned char *s = NULL, *sp;
-    unsigned char *bufp;
-    int num = 0, slen = 0, first = 1;
-
-    bufsize = BIO_gets(bp, buf, size);
-    for (;;) {
-        if (bufsize < 1) {
-            if (first)
-                break;
-            else
-                goto err_sl;
-        }
-        first = 0;
-
-        i = bufsize;
-        if (buf[i - 1] == '\n')
-            buf[--i] = '\0';
-        if (i == 0)
-            goto err_sl;
-        if (buf[i - 1] == '\r')
-            buf[--i] = '\0';
-        if (i == 0)
-            goto err_sl;
-        again = (buf[i - 1] == '\\');
-
-        for (j = i - 1; j > 0; j--) {
-#ifndef CHARSET_EBCDIC
-            if (!(((buf[j] >= '0') && (buf[j] <= '9')) ||
-                  ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
-                  ((buf[j] >= 'A') && (buf[j] <= 'F'))))
-#else
-            /*
-             * This #ifdef is not strictly necessary, since the characters
-             * A...F a...f 0...9 are contiguous (yes, even in EBCDIC - but
-             * not the whole alphabet). Nevertheless, isxdigit() is faster.
-             */
-            if (!isxdigit(buf[j]))
-#endif
-            {
-                i = j;
-                break;
-            }
-        }
-        buf[i] = '\0';
-        /*
-         * We have now cleared all the crap off the end of the line
-         */
-        if (i < 2)
-            goto err_sl;
-
-        bufp = (unsigned char *)buf;
-
-        k = 0;
-        i -= again;
-        if (i % 2 != 0) {
-            ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_ODD_NUMBER_OF_CHARS);
-            goto err;
-        }
-        i /= 2;
-        if (num + i > slen) {
-            if (s == NULL)
-                sp = (unsigned char *)OPENSSL_malloc((unsigned int)num +
-                                                     i * 2);
-            else
-                sp = (unsigned char *)OPENSSL_realloc(s,
-                                                      (unsigned int)num +
-                                                      i * 2);
-            if (sp == NULL) {
-                ASN1err(ASN1_F_A2I_ASN1_STRING, ERR_R_MALLOC_FAILURE);
-                if (s != NULL)
-                    OPENSSL_free(s);
-                goto err;
-            }
-            s = sp;
-            slen = num + i * 2;
-        }
-        for (j = 0; j < i; j++, k += 2) {
-            for (n = 0; n < 2; n++) {
-                m = bufp[k + n];
-                if ((m >= '0') && (m <= '9'))
-                    m -= '0';
-                else if ((m >= 'a') && (m <= 'f'))
-                    m = m - 'a' + 10;
-                else if ((m >= 'A') && (m <= 'F'))
-                    m = m - 'A' + 10;
-                else {
-                    ASN1err(ASN1_F_A2I_ASN1_STRING,
-                            ASN1_R_NON_HEX_CHARACTERS);
-                    goto err;
-                }
-                s[num + j] <<= 4;
-                s[num + j] |= m;
-            }
-        }
-        num += i;
-        if (again)
-            bufsize = BIO_gets(bp, buf, size);
-        else
-            break;
-    }
-    bs->length = num;
-    bs->data = s;
-    ret = 1;
- err:
-    if (0) {
- err_sl:
-        ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_SHORT_LINE);
-    }
-    return (ret);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/asn1/f_string.c (from rev 11605, vendor-crypto/openssl/dist/crypto/asn1/f_string.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/asn1/f_string.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/f_string.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,209 @@
+/* crypto/asn1/f_string.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+
+int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type)
+{
+    int i, n = 0;
+    static const char *h = "0123456789ABCDEF";
+    char buf[2];
+
+    if (a == NULL)
+        return (0);
+
+    if (a->length == 0) {
+        if (BIO_write(bp, "0", 1) != 1)
+            goto err;
+        n = 1;
+    } else {
+        for (i = 0; i < a->length; i++) {
+            if ((i != 0) && (i % 35 == 0)) {
+                if (BIO_write(bp, "\\\n", 2) != 2)
+                    goto err;
+                n += 2;
+            }
+            buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f];
+            buf[1] = h[((unsigned char)a->data[i]) & 0x0f];
+            if (BIO_write(bp, buf, 2) != 2)
+                goto err;
+            n += 2;
+        }
+    }
+    return (n);
+ err:
+    return (-1);
+}
+
+int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
+{
+    int ret = 0;
+    int i, j, k, m, n, again, bufsize;
+    unsigned char *s = NULL, *sp;
+    unsigned char *bufp;
+    int num = 0, slen = 0, first = 1;
+
+    bufsize = BIO_gets(bp, buf, size);
+    for (;;) {
+        if (bufsize < 1) {
+            if (first)
+                break;
+            else
+                goto err_sl;
+        }
+        first = 0;
+
+        i = bufsize;
+        if (buf[i - 1] == '\n')
+            buf[--i] = '\0';
+        if (i == 0)
+            goto err_sl;
+        if (buf[i - 1] == '\r')
+            buf[--i] = '\0';
+        if (i == 0)
+            goto err_sl;
+        again = (buf[i - 1] == '\\');
+
+        for (j = i - 1; j > 0; j--) {
+#ifndef CHARSET_EBCDIC
+            if (!(((buf[j] >= '0') && (buf[j] <= '9')) ||
+                  ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
+                  ((buf[j] >= 'A') && (buf[j] <= 'F'))))
+#else
+            /*
+             * This #ifdef is not strictly necessary, since the characters
+             * A...F a...f 0...9 are contiguous (yes, even in EBCDIC - but
+             * not the whole alphabet). Nevertheless, isxdigit() is faster.
+             */
+            if (!isxdigit(buf[j]))
+#endif
+            {
+                i = j;
+                break;
+            }
+        }
+        buf[i] = '\0';
+        /*
+         * We have now cleared all the crap off the end of the line
+         */
+        if (i < 2)
+            goto err_sl;
+
+        bufp = (unsigned char *)buf;
+
+        k = 0;
+        i -= again;
+        if (i % 2 != 0) {
+            ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_ODD_NUMBER_OF_CHARS);
+            goto err;
+        }
+        i /= 2;
+        if (num + i > slen) {
+            if (s == NULL)
+                sp = (unsigned char *)OPENSSL_malloc((unsigned int)num +
+                                                     i * 2);
+            else
+                sp = (unsigned char *)OPENSSL_realloc(s,
+                                                      (unsigned int)num +
+                                                      i * 2);
+            if (sp == NULL) {
+                ASN1err(ASN1_F_A2I_ASN1_STRING, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            s = sp;
+            slen = num + i * 2;
+        }
+        for (j = 0; j < i; j++, k += 2) {
+            for (n = 0; n < 2; n++) {
+                m = bufp[k + n];
+                if ((m >= '0') && (m <= '9'))
+                    m -= '0';
+                else if ((m >= 'a') && (m <= 'f'))
+                    m = m - 'a' + 10;
+                else if ((m >= 'A') && (m <= 'F'))
+                    m = m - 'A' + 10;
+                else {
+                    ASN1err(ASN1_F_A2I_ASN1_STRING,
+                            ASN1_R_NON_HEX_CHARACTERS);
+                    goto err;
+                }
+                s[num + j] <<= 4;
+                s[num + j] |= m;
+            }
+        }
+        num += i;
+        if (again)
+            bufsize = BIO_gets(bp, buf, size);
+        else
+            break;
+    }
+    bs->length = num;
+    bs->data = s;
+    ret = 1;
+ err:
+    if (0) {
+ err_sl:
+        ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_SHORT_LINE);
+    }
+    if (ret != 1)
+        OPENSSL_free(s);
+    return (ret);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/asn1/p5_pbe.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/p5_pbe.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/p5_pbe.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,143 +0,0 @@
-/* p5_pbe.c */
-/*
- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#include <openssl/rand.h>
-
-/* PKCS#5 password based encryption structure */
-
-ASN1_SEQUENCE(PBEPARAM) = {
-        ASN1_SIMPLE(PBEPARAM, salt, ASN1_OCTET_STRING),
-        ASN1_SIMPLE(PBEPARAM, iter, ASN1_INTEGER)
-} ASN1_SEQUENCE_END(PBEPARAM)
-
-IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM)
-
-/* Set an algorithm identifier for a PKCS#5 PBE algorithm */
-
-int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
-                         const unsigned char *salt, int saltlen)
-{
-    PBEPARAM *pbe = NULL;
-    ASN1_STRING *pbe_str = NULL;
-    unsigned char *sstr;
-
-    pbe = PBEPARAM_new();
-    if (!pbe) {
-        ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    if (iter <= 0)
-        iter = PKCS5_DEFAULT_ITER;
-    if (!ASN1_INTEGER_set(pbe->iter, iter)) {
-        ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    if (!saltlen)
-        saltlen = PKCS5_SALT_LEN;
-    if (!ASN1_STRING_set(pbe->salt, NULL, saltlen)) {
-        ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    sstr = ASN1_STRING_data(pbe->salt);
-    if (salt)
-        memcpy(sstr, salt, saltlen);
-    else if (RAND_pseudo_bytes(sstr, saltlen) < 0)
-        goto err;
-
-    if (!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) {
-        ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    PBEPARAM_free(pbe);
-    pbe = NULL;
-
-    if (X509_ALGOR_set0(algor, OBJ_nid2obj(alg), V_ASN1_SEQUENCE, pbe_str))
-        return 1;
-
- err:
-    if (pbe != NULL)
-        PBEPARAM_free(pbe);
-    if (pbe_str != NULL)
-        ASN1_STRING_free(pbe_str);
-    return 0;
-}
-
-/* Return an algorithm identifier for a PKCS#5 PBE algorithm */
-
-X509_ALGOR *PKCS5_pbe_set(int alg, int iter,
-                          const unsigned char *salt, int saltlen)
-{
-    X509_ALGOR *ret;
-    ret = X509_ALGOR_new();
-    if (!ret) {
-        ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE);
-        return NULL;
-    }
-
-    if (PKCS5_pbe_set0_algor(ret, alg, iter, salt, saltlen))
-        return ret;
-
-    X509_ALGOR_free(ret);
-    return NULL;
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/asn1/p5_pbe.c (from rev 11605, vendor-crypto/openssl/dist/crypto/asn1/p5_pbe.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/asn1/p5_pbe.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/p5_pbe.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,143 @@
+/* p5_pbe.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+
+/* PKCS#5 password based encryption structure */
+
+ASN1_SEQUENCE(PBEPARAM) = {
+        ASN1_SIMPLE(PBEPARAM, salt, ASN1_OCTET_STRING),
+        ASN1_SIMPLE(PBEPARAM, iter, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(PBEPARAM)
+
+IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM)
+
+/* Set an algorithm identifier for a PKCS#5 PBE algorithm */
+
+int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
+                         const unsigned char *salt, int saltlen)
+{
+    PBEPARAM *pbe = NULL;
+    ASN1_STRING *pbe_str = NULL;
+    unsigned char *sstr;
+
+    pbe = PBEPARAM_new();
+    if (!pbe) {
+        ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (iter <= 0)
+        iter = PKCS5_DEFAULT_ITER;
+    if (!ASN1_INTEGER_set(pbe->iter, iter)) {
+        ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!saltlen)
+        saltlen = PKCS5_SALT_LEN;
+    if (!ASN1_STRING_set(pbe->salt, NULL, saltlen)) {
+        ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    sstr = ASN1_STRING_data(pbe->salt);
+    if (salt)
+        memcpy(sstr, salt, saltlen);
+    else if (RAND_bytes(sstr, saltlen) <= 0)
+        goto err;
+
+    if (!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) {
+        ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    PBEPARAM_free(pbe);
+    pbe = NULL;
+
+    if (X509_ALGOR_set0(algor, OBJ_nid2obj(alg), V_ASN1_SEQUENCE, pbe_str))
+        return 1;
+
+ err:
+    if (pbe != NULL)
+        PBEPARAM_free(pbe);
+    if (pbe_str != NULL)
+        ASN1_STRING_free(pbe_str);
+    return 0;
+}
+
+/* Return an algorithm identifier for a PKCS#5 PBE algorithm */
+
+X509_ALGOR *PKCS5_pbe_set(int alg, int iter,
+                          const unsigned char *salt, int saltlen)
+{
+    X509_ALGOR *ret;
+    ret = X509_ALGOR_new();
+    if (!ret) {
+        ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (PKCS5_pbe_set0_algor(ret, alg, iter, salt, saltlen))
+        return ret;
+
+    X509_ALGOR_free(ret);
+    return NULL;
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/asn1/p5_pbev2.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/p5_pbev2.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/p5_pbev2.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,280 +0,0 @@
-/* p5_pbev2.c */
-/*
- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
- * 1999-2004.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#include <openssl/rand.h>
-
-/* PKCS#5 v2.0 password based encryption structures */
-
-ASN1_SEQUENCE(PBE2PARAM) = {
-        ASN1_SIMPLE(PBE2PARAM, keyfunc, X509_ALGOR),
-        ASN1_SIMPLE(PBE2PARAM, encryption, X509_ALGOR)
-} ASN1_SEQUENCE_END(PBE2PARAM)
-
-IMPLEMENT_ASN1_FUNCTIONS(PBE2PARAM)
-
-ASN1_SEQUENCE(PBKDF2PARAM) = {
-        ASN1_SIMPLE(PBKDF2PARAM, salt, ASN1_ANY),
-        ASN1_SIMPLE(PBKDF2PARAM, iter, ASN1_INTEGER),
-        ASN1_OPT(PBKDF2PARAM, keylength, ASN1_INTEGER),
-        ASN1_OPT(PBKDF2PARAM, prf, X509_ALGOR)
-} ASN1_SEQUENCE_END(PBKDF2PARAM)
-
-IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM)
-
-/*
- * Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm: yes I know
- * this is horrible! Extended version to allow application supplied PRF NID
- * and IV.
- */
-
-X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
-                              unsigned char *salt, int saltlen,
-                              unsigned char *aiv, int prf_nid)
-{
-    X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
-    int alg_nid, keylen;
-    EVP_CIPHER_CTX ctx;
-    unsigned char iv[EVP_MAX_IV_LENGTH];
-    PBE2PARAM *pbe2 = NULL;
-    ASN1_OBJECT *obj;
-
-    alg_nid = EVP_CIPHER_type(cipher);
-    if (alg_nid == NID_undef) {
-        ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
-                ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
-        goto err;
-    }
-    obj = OBJ_nid2obj(alg_nid);
-
-    if (!(pbe2 = PBE2PARAM_new()))
-        goto merr;
-
-    /* Setup the AlgorithmIdentifier for the encryption scheme */
-    scheme = pbe2->encryption;
-
-    scheme->algorithm = obj;
-    if (!(scheme->parameter = ASN1_TYPE_new()))
-        goto merr;
-
-    /* Create random IV */
-    if (EVP_CIPHER_iv_length(cipher)) {
-        if (aiv)
-            memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
-        else if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
-            goto err;
-    }
-
-    EVP_CIPHER_CTX_init(&ctx);
-
-    /* Dummy cipherinit to just setup the IV, and PRF */
-    if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0))
-        goto err;
-    if (EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
-        ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
-        EVP_CIPHER_CTX_cleanup(&ctx);
-        goto err;
-    }
-    /*
-     * If prf NID unspecified see if cipher has a preference. An error is OK
-     * here: just means use default PRF.
-     */
-    if ((prf_nid == -1) &&
-        EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) {
-        ERR_clear_error();
-        prf_nid = NID_hmacWithSHA1;
-    }
-    EVP_CIPHER_CTX_cleanup(&ctx);
-
-    /* If its RC2 then we'd better setup the key length */
-
-    if (alg_nid == NID_rc2_cbc)
-        keylen = EVP_CIPHER_key_length(cipher);
-    else
-        keylen = -1;
-
-    /* Setup keyfunc */
-
-    X509_ALGOR_free(pbe2->keyfunc);
-
-    pbe2->keyfunc = PKCS5_pbkdf2_set(iter, salt, saltlen, prf_nid, keylen);
-
-    if (!pbe2->keyfunc)
-        goto merr;
-
-    /* Now set up top level AlgorithmIdentifier */
-
-    if (!(ret = X509_ALGOR_new()))
-        goto merr;
-    if (!(ret->parameter = ASN1_TYPE_new()))
-        goto merr;
-
-    ret->algorithm = OBJ_nid2obj(NID_pbes2);
-
-    /* Encode PBE2PARAM into parameter */
-
-    if (!ASN1_item_pack(pbe2, ASN1_ITEM_rptr(PBE2PARAM),
-                        &ret->parameter->value.sequence))
-         goto merr;
-    ret->parameter->type = V_ASN1_SEQUENCE;
-
-    PBE2PARAM_free(pbe2);
-    pbe2 = NULL;
-
-    return ret;
-
- merr:
-    ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ERR_R_MALLOC_FAILURE);
-
- err:
-    PBE2PARAM_free(pbe2);
-    /* Note 'scheme' is freed as part of pbe2 */
-    X509_ALGOR_free(kalg);
-    X509_ALGOR_free(ret);
-
-    return NULL;
-
-}
-
-X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
-                           unsigned char *salt, int saltlen)
-{
-    return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1);
-}
-
-X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
-                             int prf_nid, int keylen)
-{
-    X509_ALGOR *keyfunc = NULL;
-    PBKDF2PARAM *kdf = NULL;
-    ASN1_OCTET_STRING *osalt = NULL;
-
-    if (!(kdf = PBKDF2PARAM_new()))
-        goto merr;
-    if (!(osalt = M_ASN1_OCTET_STRING_new()))
-        goto merr;
-
-    kdf->salt->value.octet_string = osalt;
-    kdf->salt->type = V_ASN1_OCTET_STRING;
-
-    if (!saltlen)
-        saltlen = PKCS5_SALT_LEN;
-    if (!(osalt->data = OPENSSL_malloc(saltlen)))
-        goto merr;
-
-    osalt->length = saltlen;
-
-    if (salt)
-        memcpy(osalt->data, salt, saltlen);
-    else if (RAND_pseudo_bytes(osalt->data, saltlen) < 0)
-        goto merr;
-
-    if (iter <= 0)
-        iter = PKCS5_DEFAULT_ITER;
-
-    if (!ASN1_INTEGER_set(kdf->iter, iter))
-        goto merr;
-
-    /* If have a key len set it up */
-
-    if (keylen > 0) {
-        if (!(kdf->keylength = M_ASN1_INTEGER_new()))
-            goto merr;
-        if (!ASN1_INTEGER_set(kdf->keylength, keylen))
-            goto merr;
-    }
-
-    /* prf can stay NULL if we are using hmacWithSHA1 */
-    if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1) {
-        kdf->prf = X509_ALGOR_new();
-        if (!kdf->prf)
-            goto merr;
-        X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid), V_ASN1_NULL, NULL);
-    }
-
-    /* Finally setup the keyfunc structure */
-
-    keyfunc = X509_ALGOR_new();
-    if (!keyfunc)
-        goto merr;
-
-    keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);
-
-    /* Encode PBKDF2PARAM into parameter of pbe2 */
-
-    if (!(keyfunc->parameter = ASN1_TYPE_new()))
-        goto merr;
-
-    if (!ASN1_item_pack(kdf, ASN1_ITEM_rptr(PBKDF2PARAM),
-                        &keyfunc->parameter->value.sequence))
-         goto merr;
-    keyfunc->parameter->type = V_ASN1_SEQUENCE;
-
-    PBKDF2PARAM_free(kdf);
-    return keyfunc;
-
- merr:
-    ASN1err(ASN1_F_PKCS5_PBKDF2_SET, ERR_R_MALLOC_FAILURE);
-    PBKDF2PARAM_free(kdf);
-    X509_ALGOR_free(keyfunc);
-    return NULL;
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/asn1/p5_pbev2.c (from rev 11605, vendor-crypto/openssl/dist/crypto/asn1/p5_pbev2.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/asn1/p5_pbev2.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/p5_pbev2.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,280 @@
+/* p5_pbev2.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999-2004.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+
+/* PKCS#5 v2.0 password based encryption structures */
+
+ASN1_SEQUENCE(PBE2PARAM) = {
+        ASN1_SIMPLE(PBE2PARAM, keyfunc, X509_ALGOR),
+        ASN1_SIMPLE(PBE2PARAM, encryption, X509_ALGOR)
+} ASN1_SEQUENCE_END(PBE2PARAM)
+
+IMPLEMENT_ASN1_FUNCTIONS(PBE2PARAM)
+
+ASN1_SEQUENCE(PBKDF2PARAM) = {
+        ASN1_SIMPLE(PBKDF2PARAM, salt, ASN1_ANY),
+        ASN1_SIMPLE(PBKDF2PARAM, iter, ASN1_INTEGER),
+        ASN1_OPT(PBKDF2PARAM, keylength, ASN1_INTEGER),
+        ASN1_OPT(PBKDF2PARAM, prf, X509_ALGOR)
+} ASN1_SEQUENCE_END(PBKDF2PARAM)
+
+IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM)
+
+/*
+ * Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm: yes I know
+ * this is horrible! Extended version to allow application supplied PRF NID
+ * and IV.
+ */
+
+X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
+                              unsigned char *salt, int saltlen,
+                              unsigned char *aiv, int prf_nid)
+{
+    X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
+    int alg_nid, keylen;
+    EVP_CIPHER_CTX ctx;
+    unsigned char iv[EVP_MAX_IV_LENGTH];
+    PBE2PARAM *pbe2 = NULL;
+    ASN1_OBJECT *obj;
+
+    alg_nid = EVP_CIPHER_type(cipher);
+    if (alg_nid == NID_undef) {
+        ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
+                ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
+        goto err;
+    }
+    obj = OBJ_nid2obj(alg_nid);
+
+    if (!(pbe2 = PBE2PARAM_new()))
+        goto merr;
+
+    /* Setup the AlgorithmIdentifier for the encryption scheme */
+    scheme = pbe2->encryption;
+
+    scheme->algorithm = obj;
+    if (!(scheme->parameter = ASN1_TYPE_new()))
+        goto merr;
+
+    /* Create random IV */
+    if (EVP_CIPHER_iv_length(cipher)) {
+        if (aiv)
+            memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
+        else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) <= 0)
+            goto err;
+    }
+
+    EVP_CIPHER_CTX_init(&ctx);
+
+    /* Dummy cipherinit to just setup the IV, and PRF */
+    if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0))
+        goto err;
+    if (EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
+        ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
+        EVP_CIPHER_CTX_cleanup(&ctx);
+        goto err;
+    }
+    /*
+     * If prf NID unspecified see if cipher has a preference. An error is OK
+     * here: just means use default PRF.
+     */
+    if ((prf_nid == -1) &&
+        EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) {
+        ERR_clear_error();
+        prf_nid = NID_hmacWithSHA1;
+    }
+    EVP_CIPHER_CTX_cleanup(&ctx);
+
+    /* If its RC2 then we'd better setup the key length */
+
+    if (alg_nid == NID_rc2_cbc)
+        keylen = EVP_CIPHER_key_length(cipher);
+    else
+        keylen = -1;
+
+    /* Setup keyfunc */
+
+    X509_ALGOR_free(pbe2->keyfunc);
+
+    pbe2->keyfunc = PKCS5_pbkdf2_set(iter, salt, saltlen, prf_nid, keylen);
+
+    if (!pbe2->keyfunc)
+        goto merr;
+
+    /* Now set up top level AlgorithmIdentifier */
+
+    if (!(ret = X509_ALGOR_new()))
+        goto merr;
+    if (!(ret->parameter = ASN1_TYPE_new()))
+        goto merr;
+
+    ret->algorithm = OBJ_nid2obj(NID_pbes2);
+
+    /* Encode PBE2PARAM into parameter */
+
+    if (!ASN1_item_pack(pbe2, ASN1_ITEM_rptr(PBE2PARAM),
+                        &ret->parameter->value.sequence))
+         goto merr;
+    ret->parameter->type = V_ASN1_SEQUENCE;
+
+    PBE2PARAM_free(pbe2);
+    pbe2 = NULL;
+
+    return ret;
+
+ merr:
+    ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ERR_R_MALLOC_FAILURE);
+
+ err:
+    PBE2PARAM_free(pbe2);
+    /* Note 'scheme' is freed as part of pbe2 */
+    X509_ALGOR_free(kalg);
+    X509_ALGOR_free(ret);
+
+    return NULL;
+
+}
+
+X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
+                           unsigned char *salt, int saltlen)
+{
+    return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1);
+}
+
+X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
+                             int prf_nid, int keylen)
+{
+    X509_ALGOR *keyfunc = NULL;
+    PBKDF2PARAM *kdf = NULL;
+    ASN1_OCTET_STRING *osalt = NULL;
+
+    if (!(kdf = PBKDF2PARAM_new()))
+        goto merr;
+    if (!(osalt = M_ASN1_OCTET_STRING_new()))
+        goto merr;
+
+    kdf->salt->value.octet_string = osalt;
+    kdf->salt->type = V_ASN1_OCTET_STRING;
+
+    if (!saltlen)
+        saltlen = PKCS5_SALT_LEN;
+    if (!(osalt->data = OPENSSL_malloc(saltlen)))
+        goto merr;
+
+    osalt->length = saltlen;
+
+    if (salt)
+        memcpy(osalt->data, salt, saltlen);
+    else if (RAND_bytes(osalt->data, saltlen) <= 0)
+        goto merr;
+
+    if (iter <= 0)
+        iter = PKCS5_DEFAULT_ITER;
+
+    if (!ASN1_INTEGER_set(kdf->iter, iter))
+        goto merr;
+
+    /* If have a key len set it up */
+
+    if (keylen > 0) {
+        if (!(kdf->keylength = M_ASN1_INTEGER_new()))
+            goto merr;
+        if (!ASN1_INTEGER_set(kdf->keylength, keylen))
+            goto merr;
+    }
+
+    /* prf can stay NULL if we are using hmacWithSHA1 */
+    if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1) {
+        kdf->prf = X509_ALGOR_new();
+        if (!kdf->prf)
+            goto merr;
+        X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid), V_ASN1_NULL, NULL);
+    }
+
+    /* Finally setup the keyfunc structure */
+
+    keyfunc = X509_ALGOR_new();
+    if (!keyfunc)
+        goto merr;
+
+    keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);
+
+    /* Encode PBKDF2PARAM into parameter of pbe2 */
+
+    if (!(keyfunc->parameter = ASN1_TYPE_new()))
+        goto merr;
+
+    if (!ASN1_item_pack(kdf, ASN1_ITEM_rptr(PBKDF2PARAM),
+                        &keyfunc->parameter->value.sequence))
+         goto merr;
+    keyfunc->parameter->type = V_ASN1_SEQUENCE;
+
+    PBKDF2PARAM_free(kdf);
+    return keyfunc;
+
+ merr:
+    ASN1err(ASN1_F_PKCS5_PBKDF2_SET, ERR_R_MALLOC_FAILURE);
+    PBKDF2PARAM_free(kdf);
+    X509_ALGOR_free(keyfunc);
+    return NULL;
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/asn1/t_x509.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/t_x509.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/t_x509.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,540 +0,0 @@
-/* crypto/asn1/t_x509.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_RSA
-# include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-# include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_EC
-# include <openssl/ec.h>
-#endif
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include "asn1_locl.h"
-
-#ifndef OPENSSL_NO_FP_API
-int X509_print_fp(FILE *fp, X509 *x)
-{
-    return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
-}
-
-int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag,
-                     unsigned long cflag)
-{
-    BIO *b;
-    int ret;
-
-    if ((b = BIO_new(BIO_s_file())) == NULL) {
-        X509err(X509_F_X509_PRINT_EX_FP, ERR_R_BUF_LIB);
-        return (0);
-    }
-    BIO_set_fp(b, fp, BIO_NOCLOSE);
-    ret = X509_print_ex(b, x, nmflag, cflag);
-    BIO_free(b);
-    return (ret);
-}
-#endif
-
-int X509_print(BIO *bp, X509 *x)
-{
-    return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
-}
-
-int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
-                  unsigned long cflag)
-{
-    long l;
-    int ret = 0, i;
-    char *m = NULL, mlch = ' ';
-    int nmindent = 0;
-    X509_CINF *ci;
-    ASN1_INTEGER *bs;
-    EVP_PKEY *pkey = NULL;
-    const char *neg;
-
-    if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
-        mlch = '\n';
-        nmindent = 12;
-    }
-
-    if (nmflags == X509_FLAG_COMPAT)
-        nmindent = 16;
-
-    ci = x->cert_info;
-    if (!(cflag & X509_FLAG_NO_HEADER)) {
-        if (BIO_write(bp, "Certificate:\n", 13) <= 0)
-            goto err;
-        if (BIO_write(bp, "    Data:\n", 10) <= 0)
-            goto err;
-    }
-    if (!(cflag & X509_FLAG_NO_VERSION)) {
-        l = X509_get_version(x);
-        if (BIO_printf(bp, "%8sVersion: %lu (0x%lx)\n", "", l + 1, l) <= 0)
-            goto err;
-    }
-    if (!(cflag & X509_FLAG_NO_SERIAL)) {
-
-        if (BIO_write(bp, "        Serial Number:", 22) <= 0)
-            goto err;
-
-        bs = X509_get_serialNumber(x);
-        if (bs->length <= (int)sizeof(long)) {
-            l = ASN1_INTEGER_get(bs);
-            if (bs->type == V_ASN1_NEG_INTEGER) {
-                l = -l;
-                neg = "-";
-            } else
-                neg = "";
-            if (BIO_printf(bp, " %s%lu (%s0x%lx)\n", neg, l, neg, l) <= 0)
-                goto err;
-        } else {
-            neg = (bs->type == V_ASN1_NEG_INTEGER) ? " (Negative)" : "";
-            if (BIO_printf(bp, "\n%12s%s", "", neg) <= 0)
-                goto err;
-
-            for (i = 0; i < bs->length; i++) {
-                if (BIO_printf(bp, "%02x%c", bs->data[i],
-                               ((i + 1 == bs->length) ? '\n' : ':')) <= 0)
-                    goto err;
-            }
-        }
-
-    }
-
-    if (!(cflag & X509_FLAG_NO_SIGNAME)) {
-        if (X509_signature_print(bp, ci->signature, NULL) <= 0)
-            goto err;
-#if 0
-        if (BIO_printf(bp, "%8sSignature Algorithm: ", "") <= 0)
-            goto err;
-        if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0)
-            goto err;
-        if (BIO_puts(bp, "\n") <= 0)
-            goto err;
-#endif
-    }
-
-    if (!(cflag & X509_FLAG_NO_ISSUER)) {
-        if (BIO_printf(bp, "        Issuer:%c", mlch) <= 0)
-            goto err;
-        if (X509_NAME_print_ex(bp, X509_get_issuer_name(x), nmindent, nmflags)
-            < 0)
-            goto err;
-        if (BIO_write(bp, "\n", 1) <= 0)
-            goto err;
-    }
-    if (!(cflag & X509_FLAG_NO_VALIDITY)) {
-        if (BIO_write(bp, "        Validity\n", 17) <= 0)
-            goto err;
-        if (BIO_write(bp, "            Not Before: ", 24) <= 0)
-            goto err;
-        if (!ASN1_TIME_print(bp, X509_get_notBefore(x)))
-            goto err;
-        if (BIO_write(bp, "\n            Not After : ", 25) <= 0)
-            goto err;
-        if (!ASN1_TIME_print(bp, X509_get_notAfter(x)))
-            goto err;
-        if (BIO_write(bp, "\n", 1) <= 0)
-            goto err;
-    }
-    if (!(cflag & X509_FLAG_NO_SUBJECT)) {
-        if (BIO_printf(bp, "        Subject:%c", mlch) <= 0)
-            goto err;
-        if (X509_NAME_print_ex
-            (bp, X509_get_subject_name(x), nmindent, nmflags) < 0)
-            goto err;
-        if (BIO_write(bp, "\n", 1) <= 0)
-            goto err;
-    }
-    if (!(cflag & X509_FLAG_NO_PUBKEY)) {
-        if (BIO_write(bp, "        Subject Public Key Info:\n", 33) <= 0)
-            goto err;
-        if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0)
-            goto err;
-        if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0)
-            goto err;
-        if (BIO_puts(bp, "\n") <= 0)
-            goto err;
-
-        pkey = X509_get_pubkey(x);
-        if (pkey == NULL) {
-            BIO_printf(bp, "%12sUnable to load Public Key\n", "");
-            ERR_print_errors(bp);
-        } else {
-            EVP_PKEY_print_public(bp, pkey, 16, NULL);
-            EVP_PKEY_free(pkey);
-        }
-    }
-
-    if (!(cflag & X509_FLAG_NO_EXTENSIONS))
-        X509V3_extensions_print(bp, "X509v3 extensions",
-                                ci->extensions, cflag, 8);
-
-    if (!(cflag & X509_FLAG_NO_SIGDUMP)) {
-        if (X509_signature_print(bp, x->sig_alg, x->signature) <= 0)
-            goto err;
-    }
-    if (!(cflag & X509_FLAG_NO_AUX)) {
-        if (!X509_CERT_AUX_print(bp, x->aux, 0))
-            goto err;
-    }
-    ret = 1;
- err:
-    if (m != NULL)
-        OPENSSL_free(m);
-    return (ret);
-}
-
-int X509_ocspid_print(BIO *bp, X509 *x)
-{
-    unsigned char *der = NULL;
-    unsigned char *dertmp;
-    int derlen;
-    int i;
-    unsigned char SHA1md[SHA_DIGEST_LENGTH];
-
-    /*
-     * display the hash of the subject as it would appear in OCSP requests
-     */
-    if (BIO_printf(bp, "        Subject OCSP hash: ") <= 0)
-        goto err;
-    derlen = i2d_X509_NAME(x->cert_info->subject, NULL);
-    if ((der = dertmp = (unsigned char *)OPENSSL_malloc(derlen)) == NULL)
-        goto err;
-    i2d_X509_NAME(x->cert_info->subject, &dertmp);
-
-    if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL))
-        goto err;
-    for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
-        if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)
-            goto err;
-    }
-    OPENSSL_free(der);
-    der = NULL;
-
-    /*
-     * display the hash of the public key as it would appear in OCSP requests
-     */
-    if (BIO_printf(bp, "\n        Public key OCSP hash: ") <= 0)
-        goto err;
-
-    if (!EVP_Digest(x->cert_info->key->public_key->data,
-                    x->cert_info->key->public_key->length,
-                    SHA1md, NULL, EVP_sha1(), NULL))
-        goto err;
-    for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
-        if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)
-            goto err;
-    }
-    BIO_printf(bp, "\n");
-
-    return (1);
- err:
-    if (der != NULL)
-        OPENSSL_free(der);
-    return (0);
-}
-
-int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent)
-{
-    const unsigned char *s;
-    int i, n;
-
-    n = sig->length;
-    s = sig->data;
-    for (i = 0; i < n; i++) {
-        if ((i % 18) == 0) {
-            if (BIO_write(bp, "\n", 1) <= 0)
-                return 0;
-            if (BIO_indent(bp, indent, indent) <= 0)
-                return 0;
-        }
-        if (BIO_printf(bp, "%02x%s", s[i], ((i + 1) == n) ? "" : ":") <= 0)
-            return 0;
-    }
-    if (BIO_write(bp, "\n", 1) != 1)
-        return 0;
-
-    return 1;
-}
-
-int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig)
-{
-    int sig_nid;
-    if (BIO_puts(bp, "    Signature Algorithm: ") <= 0)
-        return 0;
-    if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0)
-        return 0;
-
-    sig_nid = OBJ_obj2nid(sigalg->algorithm);
-    if (sig_nid != NID_undef) {
-        int pkey_nid, dig_nid;
-        const EVP_PKEY_ASN1_METHOD *ameth;
-        if (OBJ_find_sigid_algs(sig_nid, &dig_nid, &pkey_nid)) {
-            ameth = EVP_PKEY_asn1_find(NULL, pkey_nid);
-            if (ameth && ameth->sig_print)
-                return ameth->sig_print(bp, sigalg, sig, 9, 0);
-        }
-    }
-    if (sig)
-        return X509_signature_dump(bp, sig, 9);
-    else if (BIO_puts(bp, "\n") <= 0)
-        return 0;
-    return 1;
-}
-
-int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v)
-{
-    int i, n;
-    char buf[80];
-    const char *p;
-
-    if (v == NULL)
-        return (0);
-    n = 0;
-    p = (const char *)v->data;
-    for (i = 0; i < v->length; i++) {
-        if ((p[i] > '~') || ((p[i] < ' ') &&
-                             (p[i] != '\n') && (p[i] != '\r')))
-            buf[n] = '.';
-        else
-            buf[n] = p[i];
-        n++;
-        if (n >= 80) {
-            if (BIO_write(bp, buf, n) <= 0)
-                return (0);
-            n = 0;
-        }
-    }
-    if (n > 0)
-        if (BIO_write(bp, buf, n) <= 0)
-            return (0);
-    return (1);
-}
-
-int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
-{
-    if (tm->type == V_ASN1_UTCTIME)
-        return ASN1_UTCTIME_print(bp, tm);
-    if (tm->type == V_ASN1_GENERALIZEDTIME)
-        return ASN1_GENERALIZEDTIME_print(bp, tm);
-    BIO_write(bp, "Bad time value", 14);
-    return (0);
-}
-
-static const char *mon[12] = {
-    "Jan", "Feb", "Mar", "Apr", "May", "Jun",
-    "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
-};
-
-int ASN1_GENERALIZEDTIME_print(BIO *bp, const ASN1_GENERALIZEDTIME *tm)
-{
-    char *v;
-    int gmt = 0;
-    int i;
-    int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0;
-    char *f = NULL;
-    int f_len = 0;
-
-    i = tm->length;
-    v = (char *)tm->data;
-
-    if (i < 12)
-        goto err;
-    if (v[i - 1] == 'Z')
-        gmt = 1;
-    for (i = 0; i < 12; i++)
-        if ((v[i] > '9') || (v[i] < '0'))
-            goto err;
-    y = (v[0] - '0') * 1000 + (v[1] - '0') * 100
-        + (v[2] - '0') * 10 + (v[3] - '0');
-    M = (v[4] - '0') * 10 + (v[5] - '0');
-    if ((M > 12) || (M < 1))
-        goto err;
-    d = (v[6] - '0') * 10 + (v[7] - '0');
-    h = (v[8] - '0') * 10 + (v[9] - '0');
-    m = (v[10] - '0') * 10 + (v[11] - '0');
-    if (tm->length >= 14 &&
-        (v[12] >= '0') && (v[12] <= '9') &&
-        (v[13] >= '0') && (v[13] <= '9')) {
-        s = (v[12] - '0') * 10 + (v[13] - '0');
-        /* Check for fractions of seconds. */
-        if (tm->length >= 15 && v[14] == '.') {
-            int l = tm->length;
-            f = &v[14];         /* The decimal point. */
-            f_len = 1;
-            while (14 + f_len < l && f[f_len] >= '0' && f[f_len] <= '9')
-                ++f_len;
-        }
-    }
-
-    if (BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s",
-                   mon[M - 1], d, h, m, s, f_len, f, y,
-                   (gmt) ? " GMT" : "") <= 0)
-        return (0);
-    else
-        return (1);
- err:
-    BIO_write(bp, "Bad time value", 14);
-    return (0);
-}
-
-int ASN1_UTCTIME_print(BIO *bp, const ASN1_UTCTIME *tm)
-{
-    const char *v;
-    int gmt = 0;
-    int i;
-    int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0;
-
-    i = tm->length;
-    v = (const char *)tm->data;
-
-    if (i < 10)
-        goto err;
-    if (v[i - 1] == 'Z')
-        gmt = 1;
-    for (i = 0; i < 10; i++)
-        if ((v[i] > '9') || (v[i] < '0'))
-            goto err;
-    y = (v[0] - '0') * 10 + (v[1] - '0');
-    if (y < 50)
-        y += 100;
-    M = (v[2] - '0') * 10 + (v[3] - '0');
-    if ((M > 12) || (M < 1))
-        goto err;
-    d = (v[4] - '0') * 10 + (v[5] - '0');
-    h = (v[6] - '0') * 10 + (v[7] - '0');
-    m = (v[8] - '0') * 10 + (v[9] - '0');
-    if (tm->length >= 12 &&
-        (v[10] >= '0') && (v[10] <= '9') && (v[11] >= '0') && (v[11] <= '9'))
-        s = (v[10] - '0') * 10 + (v[11] - '0');
-
-    if (BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s",
-                   mon[M - 1], d, h, m, s, y + 1900,
-                   (gmt) ? " GMT" : "") <= 0)
-        return (0);
-    else
-        return (1);
- err:
-    BIO_write(bp, "Bad time value", 14);
-    return (0);
-}
-
-int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
-{
-    char *s, *c, *b;
-    int ret = 0, l, i;
-
-    l = 80 - 2 - obase;
-
-    b = X509_NAME_oneline(name, NULL, 0);
-    if (!b)
-        return 0;
-    if (!*b) {
-        OPENSSL_free(b);
-        return 1;
-    }
-    s = b + 1;                  /* skip the first slash */
-
-    c = s;
-    for (;;) {
-#ifndef CHARSET_EBCDIC
-        if (((*s == '/') &&
-             ((s[1] >= 'A') && (s[1] <= 'Z') && ((s[2] == '=') ||
-                                                 ((s[2] >= 'A')
-                                                  && (s[2] <= 'Z')
-                                                  && (s[3] == '='))
-              ))) || (*s == '\0'))
-#else
-        if (((*s == '/') &&
-             (isupper(s[1]) && ((s[2] == '=') ||
-                                (isupper(s[2]) && (s[3] == '='))
-              ))) || (*s == '\0'))
-#endif
-        {
-            i = s - c;
-            if (BIO_write(bp, c, i) != i)
-                goto err;
-            c = s + 1;          /* skip following slash */
-            if (*s != '\0') {
-                if (BIO_write(bp, ", ", 2) != 2)
-                    goto err;
-            }
-            l--;
-        }
-        if (*s == '\0')
-            break;
-        s++;
-        l--;
-    }
-
-    ret = 1;
-    if (0) {
- err:
-        X509err(X509_F_X509_NAME_PRINT, ERR_R_BUF_LIB);
-    }
-    OPENSSL_free(b);
-    return (ret);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/asn1/t_x509.c (from rev 11605, vendor-crypto/openssl/dist/crypto/asn1/t_x509.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/asn1/t_x509.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/t_x509.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,541 @@
+/* crypto/asn1/t_x509.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_EC
+# include <openssl/ec.h>
+#endif
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include "asn1_locl.h"
+
+#ifndef OPENSSL_NO_FP_API
+int X509_print_fp(FILE *fp, X509 *x)
+{
+    return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+}
+
+int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag,
+                     unsigned long cflag)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        X509err(X509_F_X509_PRINT_EX_FP, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = X509_print_ex(b, x, nmflag, cflag);
+    BIO_free(b);
+    return (ret);
+}
+#endif
+
+int X509_print(BIO *bp, X509 *x)
+{
+    return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+}
+
+int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
+                  unsigned long cflag)
+{
+    long l;
+    int ret = 0, i;
+    char *m = NULL, mlch = ' ';
+    int nmindent = 0;
+    X509_CINF *ci;
+    ASN1_INTEGER *bs;
+    EVP_PKEY *pkey = NULL;
+    const char *neg;
+
+    if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+        mlch = '\n';
+        nmindent = 12;
+    }
+
+    if (nmflags == X509_FLAG_COMPAT)
+        nmindent = 16;
+
+    ci = x->cert_info;
+    if (!(cflag & X509_FLAG_NO_HEADER)) {
+        if (BIO_write(bp, "Certificate:\n", 13) <= 0)
+            goto err;
+        if (BIO_write(bp, "    Data:\n", 10) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_VERSION)) {
+        l = X509_get_version(x);
+        if (BIO_printf(bp, "%8sVersion: %lu (0x%lx)\n", "", l + 1, l) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_SERIAL)) {
+
+        if (BIO_write(bp, "        Serial Number:", 22) <= 0)
+            goto err;
+
+        bs = X509_get_serialNumber(x);
+        if (bs->length < (int)sizeof(long)
+            || (bs->length == sizeof(long) && (bs->data[0] & 0x80) == 0)) {
+            l = ASN1_INTEGER_get(bs);
+            if (bs->type == V_ASN1_NEG_INTEGER) {
+                l = -l;
+                neg = "-";
+            } else
+                neg = "";
+            if (BIO_printf(bp, " %s%lu (%s0x%lx)\n", neg, l, neg, l) <= 0)
+                goto err;
+        } else {
+            neg = (bs->type == V_ASN1_NEG_INTEGER) ? " (Negative)" : "";
+            if (BIO_printf(bp, "\n%12s%s", "", neg) <= 0)
+                goto err;
+
+            for (i = 0; i < bs->length; i++) {
+                if (BIO_printf(bp, "%02x%c", bs->data[i],
+                               ((i + 1 == bs->length) ? '\n' : ':')) <= 0)
+                    goto err;
+            }
+        }
+
+    }
+
+    if (!(cflag & X509_FLAG_NO_SIGNAME)) {
+        if (X509_signature_print(bp, ci->signature, NULL) <= 0)
+            goto err;
+#if 0
+        if (BIO_printf(bp, "%8sSignature Algorithm: ", "") <= 0)
+            goto err;
+        if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0)
+            goto err;
+        if (BIO_puts(bp, "\n") <= 0)
+            goto err;
+#endif
+    }
+
+    if (!(cflag & X509_FLAG_NO_ISSUER)) {
+        if (BIO_printf(bp, "        Issuer:%c", mlch) <= 0)
+            goto err;
+        if (X509_NAME_print_ex(bp, X509_get_issuer_name(x), nmindent, nmflags)
+            < 0)
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_VALIDITY)) {
+        if (BIO_write(bp, "        Validity\n", 17) <= 0)
+            goto err;
+        if (BIO_write(bp, "            Not Before: ", 24) <= 0)
+            goto err;
+        if (!ASN1_TIME_print(bp, X509_get_notBefore(x)))
+            goto err;
+        if (BIO_write(bp, "\n            Not After : ", 25) <= 0)
+            goto err;
+        if (!ASN1_TIME_print(bp, X509_get_notAfter(x)))
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_SUBJECT)) {
+        if (BIO_printf(bp, "        Subject:%c", mlch) <= 0)
+            goto err;
+        if (X509_NAME_print_ex
+            (bp, X509_get_subject_name(x), nmindent, nmflags) < 0)
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_PUBKEY)) {
+        if (BIO_write(bp, "        Subject Public Key Info:\n", 33) <= 0)
+            goto err;
+        if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0)
+            goto err;
+        if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0)
+            goto err;
+        if (BIO_puts(bp, "\n") <= 0)
+            goto err;
+
+        pkey = X509_get_pubkey(x);
+        if (pkey == NULL) {
+            BIO_printf(bp, "%12sUnable to load Public Key\n", "");
+            ERR_print_errors(bp);
+        } else {
+            EVP_PKEY_print_public(bp, pkey, 16, NULL);
+            EVP_PKEY_free(pkey);
+        }
+    }
+
+    if (!(cflag & X509_FLAG_NO_EXTENSIONS))
+        X509V3_extensions_print(bp, "X509v3 extensions",
+                                ci->extensions, cflag, 8);
+
+    if (!(cflag & X509_FLAG_NO_SIGDUMP)) {
+        if (X509_signature_print(bp, x->sig_alg, x->signature) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_AUX)) {
+        if (!X509_CERT_AUX_print(bp, x->aux, 0))
+            goto err;
+    }
+    ret = 1;
+ err:
+    if (m != NULL)
+        OPENSSL_free(m);
+    return (ret);
+}
+
+int X509_ocspid_print(BIO *bp, X509 *x)
+{
+    unsigned char *der = NULL;
+    unsigned char *dertmp;
+    int derlen;
+    int i;
+    unsigned char SHA1md[SHA_DIGEST_LENGTH];
+
+    /*
+     * display the hash of the subject as it would appear in OCSP requests
+     */
+    if (BIO_printf(bp, "        Subject OCSP hash: ") <= 0)
+        goto err;
+    derlen = i2d_X509_NAME(x->cert_info->subject, NULL);
+    if ((der = dertmp = (unsigned char *)OPENSSL_malloc(derlen)) == NULL)
+        goto err;
+    i2d_X509_NAME(x->cert_info->subject, &dertmp);
+
+    if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL))
+        goto err;
+    for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
+        if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)
+            goto err;
+    }
+    OPENSSL_free(der);
+    der = NULL;
+
+    /*
+     * display the hash of the public key as it would appear in OCSP requests
+     */
+    if (BIO_printf(bp, "\n        Public key OCSP hash: ") <= 0)
+        goto err;
+
+    if (!EVP_Digest(x->cert_info->key->public_key->data,
+                    x->cert_info->key->public_key->length,
+                    SHA1md, NULL, EVP_sha1(), NULL))
+        goto err;
+    for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
+        if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)
+            goto err;
+    }
+    BIO_printf(bp, "\n");
+
+    return (1);
+ err:
+    if (der != NULL)
+        OPENSSL_free(der);
+    return (0);
+}
+
+int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent)
+{
+    const unsigned char *s;
+    int i, n;
+
+    n = sig->length;
+    s = sig->data;
+    for (i = 0; i < n; i++) {
+        if ((i % 18) == 0) {
+            if (BIO_write(bp, "\n", 1) <= 0)
+                return 0;
+            if (BIO_indent(bp, indent, indent) <= 0)
+                return 0;
+        }
+        if (BIO_printf(bp, "%02x%s", s[i], ((i + 1) == n) ? "" : ":") <= 0)
+            return 0;
+    }
+    if (BIO_write(bp, "\n", 1) != 1)
+        return 0;
+
+    return 1;
+}
+
+int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig)
+{
+    int sig_nid;
+    if (BIO_puts(bp, "    Signature Algorithm: ") <= 0)
+        return 0;
+    if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0)
+        return 0;
+
+    sig_nid = OBJ_obj2nid(sigalg->algorithm);
+    if (sig_nid != NID_undef) {
+        int pkey_nid, dig_nid;
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        if (OBJ_find_sigid_algs(sig_nid, &dig_nid, &pkey_nid)) {
+            ameth = EVP_PKEY_asn1_find(NULL, pkey_nid);
+            if (ameth && ameth->sig_print)
+                return ameth->sig_print(bp, sigalg, sig, 9, 0);
+        }
+    }
+    if (sig)
+        return X509_signature_dump(bp, sig, 9);
+    else if (BIO_puts(bp, "\n") <= 0)
+        return 0;
+    return 1;
+}
+
+int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v)
+{
+    int i, n;
+    char buf[80];
+    const char *p;
+
+    if (v == NULL)
+        return (0);
+    n = 0;
+    p = (const char *)v->data;
+    for (i = 0; i < v->length; i++) {
+        if ((p[i] > '~') || ((p[i] < ' ') &&
+                             (p[i] != '\n') && (p[i] != '\r')))
+            buf[n] = '.';
+        else
+            buf[n] = p[i];
+        n++;
+        if (n >= 80) {
+            if (BIO_write(bp, buf, n) <= 0)
+                return (0);
+            n = 0;
+        }
+    }
+    if (n > 0)
+        if (BIO_write(bp, buf, n) <= 0)
+            return (0);
+    return (1);
+}
+
+int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
+{
+    if (tm->type == V_ASN1_UTCTIME)
+        return ASN1_UTCTIME_print(bp, tm);
+    if (tm->type == V_ASN1_GENERALIZEDTIME)
+        return ASN1_GENERALIZEDTIME_print(bp, tm);
+    BIO_write(bp, "Bad time value", 14);
+    return (0);
+}
+
+static const char *mon[12] = {
+    "Jan", "Feb", "Mar", "Apr", "May", "Jun",
+    "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
+};
+
+int ASN1_GENERALIZEDTIME_print(BIO *bp, const ASN1_GENERALIZEDTIME *tm)
+{
+    char *v;
+    int gmt = 0;
+    int i;
+    int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0;
+    char *f = NULL;
+    int f_len = 0;
+
+    i = tm->length;
+    v = (char *)tm->data;
+
+    if (i < 12)
+        goto err;
+    if (v[i - 1] == 'Z')
+        gmt = 1;
+    for (i = 0; i < 12; i++)
+        if ((v[i] > '9') || (v[i] < '0'))
+            goto err;
+    y = (v[0] - '0') * 1000 + (v[1] - '0') * 100
+        + (v[2] - '0') * 10 + (v[3] - '0');
+    M = (v[4] - '0') * 10 + (v[5] - '0');
+    if ((M > 12) || (M < 1))
+        goto err;
+    d = (v[6] - '0') * 10 + (v[7] - '0');
+    h = (v[8] - '0') * 10 + (v[9] - '0');
+    m = (v[10] - '0') * 10 + (v[11] - '0');
+    if (tm->length >= 14 &&
+        (v[12] >= '0') && (v[12] <= '9') &&
+        (v[13] >= '0') && (v[13] <= '9')) {
+        s = (v[12] - '0') * 10 + (v[13] - '0');
+        /* Check for fractions of seconds. */
+        if (tm->length >= 15 && v[14] == '.') {
+            int l = tm->length;
+            f = &v[14];         /* The decimal point. */
+            f_len = 1;
+            while (14 + f_len < l && f[f_len] >= '0' && f[f_len] <= '9')
+                ++f_len;
+        }
+    }
+
+    if (BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s",
+                   mon[M - 1], d, h, m, s, f_len, f, y,
+                   (gmt) ? " GMT" : "") <= 0)
+        return (0);
+    else
+        return (1);
+ err:
+    BIO_write(bp, "Bad time value", 14);
+    return (0);
+}
+
+int ASN1_UTCTIME_print(BIO *bp, const ASN1_UTCTIME *tm)
+{
+    const char *v;
+    int gmt = 0;
+    int i;
+    int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0;
+
+    i = tm->length;
+    v = (const char *)tm->data;
+
+    if (i < 10)
+        goto err;
+    if (v[i - 1] == 'Z')
+        gmt = 1;
+    for (i = 0; i < 10; i++)
+        if ((v[i] > '9') || (v[i] < '0'))
+            goto err;
+    y = (v[0] - '0') * 10 + (v[1] - '0');
+    if (y < 50)
+        y += 100;
+    M = (v[2] - '0') * 10 + (v[3] - '0');
+    if ((M > 12) || (M < 1))
+        goto err;
+    d = (v[4] - '0') * 10 + (v[5] - '0');
+    h = (v[6] - '0') * 10 + (v[7] - '0');
+    m = (v[8] - '0') * 10 + (v[9] - '0');
+    if (tm->length >= 12 &&
+        (v[10] >= '0') && (v[10] <= '9') && (v[11] >= '0') && (v[11] <= '9'))
+        s = (v[10] - '0') * 10 + (v[11] - '0');
+
+    if (BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s",
+                   mon[M - 1], d, h, m, s, y + 1900,
+                   (gmt) ? " GMT" : "") <= 0)
+        return (0);
+    else
+        return (1);
+ err:
+    BIO_write(bp, "Bad time value", 14);
+    return (0);
+}
+
+int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
+{
+    char *s, *c, *b;
+    int ret = 0, l, i;
+
+    l = 80 - 2 - obase;
+
+    b = X509_NAME_oneline(name, NULL, 0);
+    if (!b)
+        return 0;
+    if (!*b) {
+        OPENSSL_free(b);
+        return 1;
+    }
+    s = b + 1;                  /* skip the first slash */
+
+    c = s;
+    for (;;) {
+#ifndef CHARSET_EBCDIC
+        if (((*s == '/') &&
+             ((s[1] >= 'A') && (s[1] <= 'Z') && ((s[2] == '=') ||
+                                                 ((s[2] >= 'A')
+                                                  && (s[2] <= 'Z')
+                                                  && (s[3] == '='))
+              ))) || (*s == '\0'))
+#else
+        if (((*s == '/') &&
+             (isupper(s[1]) && ((s[2] == '=') ||
+                                (isupper(s[2]) && (s[3] == '='))
+              ))) || (*s == '\0'))
+#endif
+        {
+            i = s - c;
+            if (BIO_write(bp, c, i) != i)
+                goto err;
+            c = s + 1;          /* skip following slash */
+            if (*s != '\0') {
+                if (BIO_write(bp, ", ", 2) != 2)
+                    goto err;
+            }
+            l--;
+        }
+        if (*s == '\0')
+            break;
+        s++;
+        l--;
+    }
+
+    ret = 1;
+    if (0) {
+ err:
+        X509err(X509_F_X509_NAME_PRINT, ERR_R_BUF_LIB);
+    }
+    OPENSSL_free(b);
+    return (ret);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/asn1/tasn_dec.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/tasn_dec.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/tasn_dec.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,1231 +0,0 @@
-/* tasn_dec.c */
-/*
- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stddef.h>
-#include <string.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/objects.h>
-#include <openssl/buffer.h>
-#include <openssl/err.h>
-
-static int asn1_check_eoc(const unsigned char **in, long len);
-static int asn1_find_end(const unsigned char **in, long len, char inf);
-
-static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
-                        char inf, int tag, int aclass, int depth);
-
-static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen);
-
-static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
-                           char *inf, char *cst,
-                           const unsigned char **in, long len,
-                           int exptag, int expclass, char opt, ASN1_TLC *ctx);
-
-static int asn1_template_ex_d2i(ASN1_VALUE **pval,
-                                const unsigned char **in, long len,
-                                const ASN1_TEMPLATE *tt, char opt,
-                                ASN1_TLC *ctx);
-static int asn1_template_noexp_d2i(ASN1_VALUE **val,
-                                   const unsigned char **in, long len,
-                                   const ASN1_TEMPLATE *tt, char opt,
-                                   ASN1_TLC *ctx);
-static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
-                                 const unsigned char **in, long len,
-                                 const ASN1_ITEM *it,
-                                 int tag, int aclass, char opt,
-                                 ASN1_TLC *ctx);
-
-/* Table to convert tags to bit values, used for MSTRING type */
-static const unsigned long tag2bit[32] = {
-    /* tags  0 -  3 */
-    0, 0, 0, B_ASN1_BIT_STRING,
-    /* tags  4- 7 */
-    B_ASN1_OCTET_STRING, 0, 0, B_ASN1_UNKNOWN,
-    /* tags  8-11 */
-    B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,
-    /* tags 12-15 */
-    B_ASN1_UTF8STRING, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,
-    /* tags 16-19 */
-    B_ASN1_SEQUENCE, 0, B_ASN1_NUMERICSTRING, B_ASN1_PRINTABLESTRING,
-    /* tags 20-22 */
-    B_ASN1_T61STRING, B_ASN1_VIDEOTEXSTRING, B_ASN1_IA5STRING,
-    /* tags 23-24 */
-    B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME,
-    /* tags 25-27 */
-    B_ASN1_GRAPHICSTRING, B_ASN1_ISO64STRING, B_ASN1_GENERALSTRING,
-    /* tags 28-31 */
-    B_ASN1_UNIVERSALSTRING, B_ASN1_UNKNOWN, B_ASN1_BMPSTRING, B_ASN1_UNKNOWN,
-};
-
-unsigned long ASN1_tag2bit(int tag)
-{
-    if ((tag < 0) || (tag > 30))
-        return 0;
-    return tag2bit[tag];
-}
-
-/* Macro to initialize and invalidate the cache */
-
-#define asn1_tlc_clear(c)       if (c) (c)->valid = 0
-/* Version to avoid compiler warning about 'c' always non-NULL */
-#define asn1_tlc_clear_nc(c)    (c)->valid = 0
-
-/*
- * Decode an ASN1 item, this currently behaves just like a standard 'd2i'
- * function. 'in' points to a buffer to read the data from, in future we
- * will have more advanced versions that can input data a piece at a time and
- * this will simply be a special case.
- */
-
-ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
-                          const unsigned char **in, long len,
-                          const ASN1_ITEM *it)
-{
-    ASN1_TLC c;
-    ASN1_VALUE *ptmpval = NULL;
-    if (!pval)
-        pval = &ptmpval;
-    asn1_tlc_clear_nc(&c);
-    if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
-        return *pval;
-    return NULL;
-}
-
-int ASN1_template_d2i(ASN1_VALUE **pval,
-                      const unsigned char **in, long len,
-                      const ASN1_TEMPLATE *tt)
-{
-    ASN1_TLC c;
-    asn1_tlc_clear_nc(&c);
-    return asn1_template_ex_d2i(pval, in, len, tt, 0, &c);
-}
-
-/*
- * Decode an item, taking care of IMPLICIT tagging, if any. If 'opt' set and
- * tag mismatch return -1 to handle OPTIONAL
- */
-
-int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
-                     const ASN1_ITEM *it,
-                     int tag, int aclass, char opt, ASN1_TLC *ctx)
-{
-    const ASN1_TEMPLATE *tt, *errtt = NULL;
-    const ASN1_COMPAT_FUNCS *cf;
-    const ASN1_EXTERN_FUNCS *ef;
-    const ASN1_AUX *aux = it->funcs;
-    ASN1_aux_cb *asn1_cb;
-    const unsigned char *p = NULL, *q;
-    unsigned char *wp = NULL;   /* BIG FAT WARNING! BREAKS CONST WHERE USED */
-    unsigned char imphack = 0, oclass;
-    char seq_eoc, seq_nolen, cst, isopt;
-    long tmplen;
-    int i;
-    int otag;
-    int ret = 0;
-    ASN1_VALUE **pchptr, *ptmpval;
-    int combine = aclass & ASN1_TFLG_COMBINE;
-    aclass &= ~ASN1_TFLG_COMBINE;
-    if (!pval)
-        return 0;
-    if (aux && aux->asn1_cb)
-        asn1_cb = aux->asn1_cb;
-    else
-        asn1_cb = 0;
-
-    switch (it->itype) {
-    case ASN1_ITYPE_PRIMITIVE:
-        if (it->templates) {
-            /*
-             * tagging or OPTIONAL is currently illegal on an item template
-             * because the flags can't get passed down. In practice this
-             * isn't a problem: we include the relevant flags from the item
-             * template in the template itself.
-             */
-            if ((tag != -1) || opt) {
-                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-                        ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE);
-                goto err;
-            }
-            return asn1_template_ex_d2i(pval, in, len,
-                                        it->templates, opt, ctx);
-        }
-        return asn1_d2i_ex_primitive(pval, in, len, it,
-                                     tag, aclass, opt, ctx);
-        break;
-
-    case ASN1_ITYPE_MSTRING:
-        p = *in;
-        /* Just read in tag and class */
-        ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL,
-                              &p, len, -1, 0, 1, ctx);
-        if (!ret) {
-            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-            goto err;
-        }
-
-        /* Must be UNIVERSAL class */
-        if (oclass != V_ASN1_UNIVERSAL) {
-            /* If OPTIONAL, assume this is OK */
-            if (opt)
-                return -1;
-            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL);
-            goto err;
-        }
-        /* Check tag matches bit map */
-        if (!(ASN1_tag2bit(otag) & it->utype)) {
-            /* If OPTIONAL, assume this is OK */
-            if (opt)
-                return -1;
-            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_WRONG_TAG);
-            goto err;
-        }
-        return asn1_d2i_ex_primitive(pval, in, len, it, otag, 0, 0, ctx);
-
-    case ASN1_ITYPE_EXTERN:
-        /* Use new style d2i */
-        ef = it->funcs;
-        return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx);
-
-    case ASN1_ITYPE_COMPAT:
-        /* we must resort to old style evil hackery */
-        cf = it->funcs;
-
-        /* If OPTIONAL see if it is there */
-        if (opt) {
-            int exptag;
-            p = *in;
-            if (tag == -1)
-                exptag = it->utype;
-            else
-                exptag = tag;
-            /*
-             * Don't care about anything other than presence of expected tag
-             */
-
-            ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL,
-                                  &p, len, exptag, aclass, 1, ctx);
-            if (!ret) {
-                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-                goto err;
-            }
-            if (ret == -1)
-                return -1;
-        }
-
-        /*
-         * This is the old style evil hack IMPLICIT handling: since the
-         * underlying code is expecting a tag and class other than the one
-         * present we change the buffer temporarily then change it back
-         * afterwards. This doesn't and never did work for tags > 30. Yes
-         * this is *horrible* but it is only needed for old style d2i which
-         * will hopefully not be around for much longer. FIXME: should copy
-         * the buffer then modify it so the input buffer can be const: we
-         * should *always* copy because the old style d2i might modify the
-         * buffer.
-         */
-
-        if (tag != -1) {
-            wp = *(unsigned char **)in;
-            imphack = *wp;
-            if (p == NULL) {
-                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-                goto err;
-            }
-            *wp = (unsigned char)((*p & V_ASN1_CONSTRUCTED)
-                                  | it->utype);
-        }
-
-        ptmpval = cf->asn1_d2i(pval, in, len);
-
-        if (tag != -1)
-            *wp = imphack;
-
-        if (ptmpval)
-            return 1;
-
-        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-        goto err;
-
-    case ASN1_ITYPE_CHOICE:
-        if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
-            goto auxerr;
-        if (*pval) {
-            /* Free up and zero CHOICE value if initialised */
-            i = asn1_get_choice_selector(pval, it);
-            if ((i >= 0) && (i < it->tcount)) {
-                tt = it->templates + i;
-                pchptr = asn1_get_field_ptr(pval, tt);
-                ASN1_template_free(pchptr, tt);
-                asn1_set_choice_selector(pval, -1, it);
-            }
-        } else if (!ASN1_item_ex_new(pval, it)) {
-            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-            goto err;
-        }
-        /* CHOICE type, try each possibility in turn */
-        p = *in;
-        for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
-            pchptr = asn1_get_field_ptr(pval, tt);
-            /*
-             * We mark field as OPTIONAL so its absence can be recognised.
-             */
-            ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx);
-            /* If field not present, try the next one */
-            if (ret == -1)
-                continue;
-            /* If positive return, read OK, break loop */
-            if (ret > 0)
-                break;
-            /* Otherwise must be an ASN1 parsing error */
-            errtt = tt;
-            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-            goto err;
-        }
-
-        /* Did we fall off the end without reading anything? */
-        if (i == it->tcount) {
-            /* If OPTIONAL, this is OK */
-            if (opt) {
-                /* Free and zero it */
-                ASN1_item_ex_free(pval, it);
-                return -1;
-            }
-            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_NO_MATCHING_CHOICE_TYPE);
-            goto err;
-        }
-
-        asn1_set_choice_selector(pval, i, it);
-        if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
-            goto auxerr;
-        *in = p;
-        return 1;
-
-    case ASN1_ITYPE_NDEF_SEQUENCE:
-    case ASN1_ITYPE_SEQUENCE:
-        p = *in;
-        tmplen = len;
-
-        /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
-        if (tag == -1) {
-            tag = V_ASN1_SEQUENCE;
-            aclass = V_ASN1_UNIVERSAL;
-        }
-        /* Get SEQUENCE length and update len, p */
-        ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst,
-                              &p, len, tag, aclass, opt, ctx);
-        if (!ret) {
-            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-            goto err;
-        } else if (ret == -1)
-            return -1;
-        if (aux && (aux->flags & ASN1_AFLG_BROKEN)) {
-            len = tmplen - (p - *in);
-            seq_nolen = 1;
-        }
-        /* If indefinite we don't do a length check */
-        else
-            seq_nolen = seq_eoc;
-        if (!cst) {
-            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_NOT_CONSTRUCTED);
-            goto err;
-        }
-
-        if (!*pval && !ASN1_item_ex_new(pval, it)) {
-            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-            goto err;
-        }
-
-        if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
-            goto auxerr;
-
-        /* Free up and zero any ADB found */
-        for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
-            if (tt->flags & ASN1_TFLG_ADB_MASK) {
-                const ASN1_TEMPLATE *seqtt;
-                ASN1_VALUE **pseqval;
-                seqtt = asn1_do_adb(pval, tt, 1);
-                pseqval = asn1_get_field_ptr(pval, seqtt);
-                ASN1_template_free(pseqval, seqtt);
-            }
-        }
-
-        /* Get each field entry */
-        for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
-            const ASN1_TEMPLATE *seqtt;
-            ASN1_VALUE **pseqval;
-            seqtt = asn1_do_adb(pval, tt, 1);
-            if (!seqtt)
-                goto err;
-            pseqval = asn1_get_field_ptr(pval, seqtt);
-            /* Have we ran out of data? */
-            if (!len)
-                break;
-            q = p;
-            if (asn1_check_eoc(&p, len)) {
-                if (!seq_eoc) {
-                    ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_UNEXPECTED_EOC);
-                    goto err;
-                }
-                len -= p - q;
-                seq_eoc = 0;
-                q = p;
-                break;
-            }
-            /*
-             * This determines the OPTIONAL flag value. The field cannot be
-             * omitted if it is the last of a SEQUENCE and there is still
-             * data to be read. This isn't strictly necessary but it
-             * increases efficiency in some cases.
-             */
-            if (i == (it->tcount - 1))
-                isopt = 0;
-            else
-                isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL);
-            /*
-             * attempt to read in field, allowing each to be OPTIONAL
-             */
-
-            ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx);
-            if (!ret) {
-                errtt = seqtt;
-                goto err;
-            } else if (ret == -1) {
-                /*
-                 * OPTIONAL component absent. Free and zero the field.
-                 */
-                ASN1_template_free(pseqval, seqtt);
-                continue;
-            }
-            /* Update length */
-            len -= p - q;
-        }
-
-        /* Check for EOC if expecting one */
-        if (seq_eoc && !asn1_check_eoc(&p, len)) {
-            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MISSING_EOC);
-            goto err;
-        }
-        /* Check all data read */
-        if (!seq_nolen && len) {
-            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_LENGTH_MISMATCH);
-            goto err;
-        }
-
-        /*
-         * If we get here we've got no more data in the SEQUENCE, however we
-         * may not have read all fields so check all remaining are OPTIONAL
-         * and clear any that are.
-         */
-        for (; i < it->tcount; tt++, i++) {
-            const ASN1_TEMPLATE *seqtt;
-            seqtt = asn1_do_adb(pval, tt, 1);
-            if (!seqtt)
-                goto err;
-            if (seqtt->flags & ASN1_TFLG_OPTIONAL) {
-                ASN1_VALUE **pseqval;
-                pseqval = asn1_get_field_ptr(pval, seqtt);
-                ASN1_template_free(pseqval, seqtt);
-            } else {
-                errtt = seqtt;
-                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_FIELD_MISSING);
-                goto err;
-            }
-        }
-        /* Save encoding */
-        if (!asn1_enc_save(pval, *in, p - *in, it))
-            goto auxerr;
-        if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
-            goto auxerr;
-        *in = p;
-        return 1;
-
-    default:
-        return 0;
-    }
- auxerr:
-    ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
- err:
-    if (combine == 0)
-        ASN1_item_ex_free(pval, it);
-    if (errtt)
-        ERR_add_error_data(4, "Field=", errtt->field_name,
-                           ", Type=", it->sname);
-    else
-        ERR_add_error_data(2, "Type=", it->sname);
-    return 0;
-}
-
-/*
- * Templates are handled with two separate functions. One handles any
- * EXPLICIT tag and the other handles the rest.
- */
-
-static int asn1_template_ex_d2i(ASN1_VALUE **val,
-                                const unsigned char **in, long inlen,
-                                const ASN1_TEMPLATE *tt, char opt,
-                                ASN1_TLC *ctx)
-{
-    int flags, aclass;
-    int ret;
-    long len;
-    const unsigned char *p, *q;
-    char exp_eoc;
-    if (!val)
-        return 0;
-    flags = tt->flags;
-    aclass = flags & ASN1_TFLG_TAG_CLASS;
-
-    p = *in;
-
-    /* Check if EXPLICIT tag expected */
-    if (flags & ASN1_TFLG_EXPTAG) {
-        char cst;
-        /*
-         * Need to work out amount of data available to the inner content and
-         * where it starts: so read in EXPLICIT header to get the info.
-         */
-        ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst,
-                              &p, inlen, tt->tag, aclass, opt, ctx);
-        q = p;
-        if (!ret) {
-            ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-            return 0;
-        } else if (ret == -1)
-            return -1;
-        if (!cst) {
-            ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
-                    ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED);
-            return 0;
-        }
-        /* We've found the field so it can't be OPTIONAL now */
-        ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx);
-        if (!ret) {
-            ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-            return 0;
-        }
-        /* We read the field in OK so update length */
-        len -= p - q;
-        if (exp_eoc) {
-            /* If NDEF we must have an EOC here */
-            if (!asn1_check_eoc(&p, len)) {
-                ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ASN1_R_MISSING_EOC);
-                goto err;
-            }
-        } else {
-            /*
-             * Otherwise we must hit the EXPLICIT tag end or its an error
-             */
-            if (len) {
-                ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
-                        ASN1_R_EXPLICIT_LENGTH_MISMATCH);
-                goto err;
-            }
-        }
-    } else
-        return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx);
-
-    *in = p;
-    return 1;
-
- err:
-    ASN1_template_free(val, tt);
-    return 0;
-}
-
-static int asn1_template_noexp_d2i(ASN1_VALUE **val,
-                                   const unsigned char **in, long len,
-                                   const ASN1_TEMPLATE *tt, char opt,
-                                   ASN1_TLC *ctx)
-{
-    int flags, aclass;
-    int ret;
-    const unsigned char *p, *q;
-    if (!val)
-        return 0;
-    flags = tt->flags;
-    aclass = flags & ASN1_TFLG_TAG_CLASS;
-
-    p = *in;
-    q = p;
-
-    if (flags & ASN1_TFLG_SK_MASK) {
-        /* SET OF, SEQUENCE OF */
-        int sktag, skaclass;
-        char sk_eoc;
-        /* First work out expected inner tag value */
-        if (flags & ASN1_TFLG_IMPTAG) {
-            sktag = tt->tag;
-            skaclass = aclass;
-        } else {
-            skaclass = V_ASN1_UNIVERSAL;
-            if (flags & ASN1_TFLG_SET_OF)
-                sktag = V_ASN1_SET;
-            else
-                sktag = V_ASN1_SEQUENCE;
-        }
-        /* Get the tag */
-        ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL,
-                              &p, len, sktag, skaclass, opt, ctx);
-        if (!ret) {
-            ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
-            return 0;
-        } else if (ret == -1)
-            return -1;
-        if (!*val)
-            *val = (ASN1_VALUE *)sk_new_null();
-        else {
-            /*
-             * We've got a valid STACK: free up any items present
-             */
-            STACK_OF(ASN1_VALUE) *sktmp = (STACK_OF(ASN1_VALUE) *)*val;
-            ASN1_VALUE *vtmp;
-            while (sk_ASN1_VALUE_num(sktmp) > 0) {
-                vtmp = sk_ASN1_VALUE_pop(sktmp);
-                ASN1_item_ex_free(&vtmp, ASN1_ITEM_ptr(tt->item));
-            }
-        }
-
-        if (!*val) {
-            ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-
-        /* Read as many items as we can */
-        while (len > 0) {
-            ASN1_VALUE *skfield;
-            q = p;
-            /* See if EOC found */
-            if (asn1_check_eoc(&p, len)) {
-                if (!sk_eoc) {
-                    ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
-                            ASN1_R_UNEXPECTED_EOC);
-                    goto err;
-                }
-                len -= p - q;
-                sk_eoc = 0;
-                break;
-            }
-            skfield = NULL;
-            if (!ASN1_item_ex_d2i(&skfield, &p, len,
-                                  ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) {
-                ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
-                        ERR_R_NESTED_ASN1_ERROR);
-                goto err;
-            }
-            len -= p - q;
-            if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val, skfield)) {
-                ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE);
-                goto err;
-            }
-        }
-        if (sk_eoc) {
-            ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ASN1_R_MISSING_EOC);
-            goto err;
-        }
-    } else if (flags & ASN1_TFLG_IMPTAG) {
-        /* IMPLICIT tagging */
-        ret = ASN1_item_ex_d2i(val, &p, len,
-                               ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt,
-                               ctx);
-        if (!ret) {
-            ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
-            goto err;
-        } else if (ret == -1)
-            return -1;
-    } else {
-        /* Nothing special */
-        ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
-                               -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx);
-        if (!ret) {
-            ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
-            goto err;
-        } else if (ret == -1)
-            return -1;
-    }
-
-    *in = p;
-    return 1;
-
- err:
-    ASN1_template_free(val, tt);
-    return 0;
-}
-
-static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
-                                 const unsigned char **in, long inlen,
-                                 const ASN1_ITEM *it,
-                                 int tag, int aclass, char opt, ASN1_TLC *ctx)
-{
-    int ret = 0, utype;
-    long plen;
-    char cst, inf, free_cont = 0;
-    const unsigned char *p;
-    BUF_MEM buf;
-    const unsigned char *cont = NULL;
-    long len;
-    if (!pval) {
-        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_NULL);
-        return 0;               /* Should never happen */
-    }
-
-    if (it->itype == ASN1_ITYPE_MSTRING) {
-        utype = tag;
-        tag = -1;
-    } else
-        utype = it->utype;
-
-    if (utype == V_ASN1_ANY) {
-        /* If type is ANY need to figure out type from tag */
-        unsigned char oclass;
-        if (tag >= 0) {
-            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_TAGGED_ANY);
-            return 0;
-        }
-        if (opt) {
-            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
-                    ASN1_R_ILLEGAL_OPTIONAL_ANY);
-            return 0;
-        }
-        p = *in;
-        ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL,
-                              &p, inlen, -1, 0, 0, ctx);
-        if (!ret) {
-            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
-            return 0;
-        }
-        if (oclass != V_ASN1_UNIVERSAL)
-            utype = V_ASN1_OTHER;
-    }
-    if (tag == -1) {
-        tag = utype;
-        aclass = V_ASN1_UNIVERSAL;
-    }
-    p = *in;
-    /* Check header */
-    ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst,
-                          &p, inlen, tag, aclass, opt, ctx);
-    if (!ret) {
-        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
-        return 0;
-    } else if (ret == -1)
-        return -1;
-    ret = 0;
-    /* SEQUENCE, SET and "OTHER" are left in encoded form */
-    if ((utype == V_ASN1_SEQUENCE)
-        || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) {
-        /*
-         * Clear context cache for type OTHER because the auto clear when we
-         * have a exact match wont work
-         */
-        if (utype == V_ASN1_OTHER) {
-            asn1_tlc_clear(ctx);
-        }
-        /* SEQUENCE and SET must be constructed */
-        else if (!cst) {
-            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
-                    ASN1_R_TYPE_NOT_CONSTRUCTED);
-            return 0;
-        }
-
-        cont = *in;
-        /* If indefinite length constructed find the real end */
-        if (inf) {
-            if (!asn1_find_end(&p, plen, inf))
-                goto err;
-            len = p - cont;
-        } else {
-            len = p - cont + plen;
-            p += plen;
-            buf.data = NULL;
-        }
-    } else if (cst) {
-        if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN
-            || utype == V_ASN1_OBJECT || utype == V_ASN1_INTEGER
-            || utype == V_ASN1_ENUMERATED) {
-            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_TYPE_NOT_PRIMITIVE);
-            return 0;
-        }
-        buf.length = 0;
-        buf.max = 0;
-        buf.data = NULL;
-        /*
-         * Should really check the internal tags are correct but some things
-         * may get this wrong. The relevant specs say that constructed string
-         * types should be OCTET STRINGs internally irrespective of the type.
-         * So instead just check for UNIVERSAL class and ignore the tag.
-         */
-        if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0)) {
-            free_cont = 1;
-            goto err;
-        }
-        len = buf.length;
-        /* Append a final null to string */
-        if (!BUF_MEM_grow_clean(&buf, len + 1)) {
-            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE);
-            return 0;
-        }
-        buf.data[len] = 0;
-        cont = (const unsigned char *)buf.data;
-        free_cont = 1;
-    } else {
-        cont = p;
-        len = plen;
-        p += plen;
-    }
-
-    /* We now have content length and type: translate into a structure */
-    if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it))
-        goto err;
-
-    *in = p;
-    ret = 1;
- err:
-    if (free_cont && buf.data)
-        OPENSSL_free(buf.data);
-    return ret;
-}
-
-/* Translate ASN1 content octets into a structure */
-
-int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
-                int utype, char *free_cont, const ASN1_ITEM *it)
-{
-    ASN1_VALUE **opval = NULL;
-    ASN1_STRING *stmp;
-    ASN1_TYPE *typ = NULL;
-    int ret = 0;
-    const ASN1_PRIMITIVE_FUNCS *pf;
-    ASN1_INTEGER **tint;
-    pf = it->funcs;
-
-    if (pf && pf->prim_c2i)
-        return pf->prim_c2i(pval, cont, len, utype, free_cont, it);
-    /* If ANY type clear type and set pointer to internal value */
-    if (it->utype == V_ASN1_ANY) {
-        if (!*pval) {
-            typ = ASN1_TYPE_new();
-            if (typ == NULL)
-                goto err;
-            *pval = (ASN1_VALUE *)typ;
-        } else
-            typ = (ASN1_TYPE *)*pval;
-
-        if (utype != typ->type)
-            ASN1_TYPE_set(typ, utype, NULL);
-        opval = pval;
-        pval = &typ->value.asn1_value;
-    }
-    switch (utype) {
-    case V_ASN1_OBJECT:
-        if (!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len))
-            goto err;
-        break;
-
-    case V_ASN1_NULL:
-        if (len) {
-            ASN1err(ASN1_F_ASN1_EX_C2I, ASN1_R_NULL_IS_WRONG_LENGTH);
-            goto err;
-        }
-        *pval = (ASN1_VALUE *)1;
-        break;
-
-    case V_ASN1_BOOLEAN:
-        if (len != 1) {
-            ASN1err(ASN1_F_ASN1_EX_C2I, ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
-            goto err;
-        } else {
-            ASN1_BOOLEAN *tbool;
-            tbool = (ASN1_BOOLEAN *)pval;
-            *tbool = *cont;
-        }
-        break;
-
-    case V_ASN1_BIT_STRING:
-        if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len))
-            goto err;
-        break;
-
-    case V_ASN1_INTEGER:
-    case V_ASN1_NEG_INTEGER:
-    case V_ASN1_ENUMERATED:
-    case V_ASN1_NEG_ENUMERATED:
-        tint = (ASN1_INTEGER **)pval;
-        if (!c2i_ASN1_INTEGER(tint, &cont, len))
-            goto err;
-        /* Fixup type to match the expected form */
-        (*tint)->type = utype | ((*tint)->type & V_ASN1_NEG);
-        break;
-
-    case V_ASN1_OCTET_STRING:
-    case V_ASN1_NUMERICSTRING:
-    case V_ASN1_PRINTABLESTRING:
-    case V_ASN1_T61STRING:
-    case V_ASN1_VIDEOTEXSTRING:
-    case V_ASN1_IA5STRING:
-    case V_ASN1_UTCTIME:
-    case V_ASN1_GENERALIZEDTIME:
-    case V_ASN1_GRAPHICSTRING:
-    case V_ASN1_VISIBLESTRING:
-    case V_ASN1_GENERALSTRING:
-    case V_ASN1_UNIVERSALSTRING:
-    case V_ASN1_BMPSTRING:
-    case V_ASN1_UTF8STRING:
-    case V_ASN1_OTHER:
-    case V_ASN1_SET:
-    case V_ASN1_SEQUENCE:
-    default:
-        if (utype == V_ASN1_BMPSTRING && (len & 1)) {
-            ASN1err(ASN1_F_ASN1_EX_C2I, ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
-            goto err;
-        }
-        if (utype == V_ASN1_UNIVERSALSTRING && (len & 3)) {
-            ASN1err(ASN1_F_ASN1_EX_C2I,
-                    ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
-            goto err;
-        }
-        /* All based on ASN1_STRING and handled the same */
-        if (!*pval) {
-            stmp = ASN1_STRING_type_new(utype);
-            if (!stmp) {
-                ASN1err(ASN1_F_ASN1_EX_C2I, ERR_R_MALLOC_FAILURE);
-                goto err;
-            }
-            *pval = (ASN1_VALUE *)stmp;
-        } else {
-            stmp = (ASN1_STRING *)*pval;
-            stmp->type = utype;
-        }
-        /* If we've already allocated a buffer use it */
-        if (*free_cont) {
-            if (stmp->data)
-                OPENSSL_free(stmp->data);
-            stmp->data = (unsigned char *)cont; /* UGLY CAST! RL */
-            stmp->length = len;
-            *free_cont = 0;
-        } else {
-            if (!ASN1_STRING_set(stmp, cont, len)) {
-                ASN1err(ASN1_F_ASN1_EX_C2I, ERR_R_MALLOC_FAILURE);
-                ASN1_STRING_free(stmp);
-                *pval = NULL;
-                goto err;
-            }
-        }
-        break;
-    }
-    /* If ASN1_ANY and NULL type fix up value */
-    if (typ && (utype == V_ASN1_NULL))
-        typ->value.ptr = NULL;
-
-    ret = 1;
- err:
-    if (!ret) {
-        ASN1_TYPE_free(typ);
-        if (opval)
-            *opval = NULL;
-    }
-    return ret;
-}
-
-/*
- * This function finds the end of an ASN1 structure when passed its maximum
- * length, whether it is indefinite length and a pointer to the content. This
- * is more efficient than calling asn1_collect because it does not recurse on
- * each indefinite length header.
- */
-
-static int asn1_find_end(const unsigned char **in, long len, char inf)
-{
-    int expected_eoc;
-    long plen;
-    const unsigned char *p = *in, *q;
-    /* If not indefinite length constructed just add length */
-    if (inf == 0) {
-        *in += len;
-        return 1;
-    }
-    expected_eoc = 1;
-    /*
-     * Indefinite length constructed form. Find the end when enough EOCs are
-     * found. If more indefinite length constructed headers are encountered
-     * increment the expected eoc count otherwise just skip to the end of the
-     * data.
-     */
-    while (len > 0) {
-        if (asn1_check_eoc(&p, len)) {
-            expected_eoc--;
-            if (expected_eoc == 0)
-                break;
-            len -= 2;
-            continue;
-        }
-        q = p;
-        /* Just read in a header: only care about the length */
-        if (!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len,
-                             -1, 0, 0, NULL)) {
-            ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR);
-            return 0;
-        }
-        if (inf)
-            expected_eoc++;
-        else
-            p += plen;
-        len -= p - q;
-    }
-    if (expected_eoc) {
-        ASN1err(ASN1_F_ASN1_FIND_END, ASN1_R_MISSING_EOC);
-        return 0;
-    }
-    *in = p;
-    return 1;
-}
-
-/*
- * This function collects the asn1 data from a constructred string type into
- * a buffer. The values of 'in' and 'len' should refer to the contents of the
- * constructed type and 'inf' should be set if it is indefinite length.
- */
-
-#ifndef ASN1_MAX_STRING_NEST
-/*
- * This determines how many levels of recursion are permitted in ASN1 string
- * types. If it is not limited stack overflows can occur. If set to zero no
- * recursion is allowed at all. Although zero should be adequate examples
- * exist that require a value of 1. So 5 should be more than enough.
- */
-# define ASN1_MAX_STRING_NEST 5
-#endif
-
-static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
-                        char inf, int tag, int aclass, int depth)
-{
-    const unsigned char *p, *q;
-    long plen;
-    char cst, ininf;
-    p = *in;
-    inf &= 1;
-    /*
-     * If no buffer and not indefinite length constructed just pass over the
-     * encoded data
-     */
-    if (!buf && !inf) {
-        *in += len;
-        return 1;
-    }
-    while (len > 0) {
-        q = p;
-        /* Check for EOC */
-        if (asn1_check_eoc(&p, len)) {
-            /*
-             * EOC is illegal outside indefinite length constructed form
-             */
-            if (!inf) {
-                ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_UNEXPECTED_EOC);
-                return 0;
-            }
-            inf = 0;
-            break;
-        }
-
-        if (!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p,
-                             len, tag, aclass, 0, NULL)) {
-            ASN1err(ASN1_F_ASN1_COLLECT, ERR_R_NESTED_ASN1_ERROR);
-            return 0;
-        }
-
-        /* If indefinite length constructed update max length */
-        if (cst) {
-            if (depth >= ASN1_MAX_STRING_NEST) {
-                ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_NESTED_ASN1_STRING);
-                return 0;
-            }
-            if (!asn1_collect(buf, &p, plen, ininf, tag, aclass, depth + 1))
-                return 0;
-        } else if (plen && !collect_data(buf, &p, plen))
-            return 0;
-        len -= p - q;
-    }
-    if (inf) {
-        ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_MISSING_EOC);
-        return 0;
-    }
-    *in = p;
-    return 1;
-}
-
-static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen)
-{
-    int len;
-    if (buf) {
-        len = buf->length;
-        if (!BUF_MEM_grow_clean(buf, len + plen)) {
-            ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE);
-            return 0;
-        }
-        memcpy(buf->data + len, *p, plen);
-    }
-    *p += plen;
-    return 1;
-}
-
-/* Check for ASN1 EOC and swallow it if found */
-
-static int asn1_check_eoc(const unsigned char **in, long len)
-{
-    const unsigned char *p;
-    if (len < 2)
-        return 0;
-    p = *in;
-    if (!p[0] && !p[1]) {
-        *in += 2;
-        return 1;
-    }
-    return 0;
-}
-
-/*
- * Check an ASN1 tag and length: a bit like ASN1_get_object but it sets the
- * length for indefinite length constructed form, we don't know the exact
- * length but we can set an upper bound to the amount of data available minus
- * the header length just read.
- */
-
-static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
-                           char *inf, char *cst,
-                           const unsigned char **in, long len,
-                           int exptag, int expclass, char opt, ASN1_TLC *ctx)
-{
-    int i;
-    int ptag, pclass;
-    long plen;
-    const unsigned char *p, *q;
-    p = *in;
-    q = p;
-
-    if (ctx && ctx->valid) {
-        i = ctx->ret;
-        plen = ctx->plen;
-        pclass = ctx->pclass;
-        ptag = ctx->ptag;
-        p += ctx->hdrlen;
-    } else {
-        i = ASN1_get_object(&p, &plen, &ptag, &pclass, len);
-        if (ctx) {
-            ctx->ret = i;
-            ctx->plen = plen;
-            ctx->pclass = pclass;
-            ctx->ptag = ptag;
-            ctx->hdrlen = p - q;
-            ctx->valid = 1;
-            /*
-             * If definite length, and no error, length + header can't exceed
-             * total amount of data available.
-             */
-            if (!(i & 0x81) && ((plen + ctx->hdrlen) > len)) {
-                ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_TOO_LONG);
-                asn1_tlc_clear(ctx);
-                return 0;
-            }
-        }
-    }
-
-    if (i & 0x80) {
-        ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER);
-        asn1_tlc_clear(ctx);
-        return 0;
-    }
-    if (exptag >= 0) {
-        if ((exptag != ptag) || (expclass != pclass)) {
-            /*
-             * If type is OPTIONAL, not an error: indicate missing type.
-             */
-            if (opt)
-                return -1;
-            asn1_tlc_clear(ctx);
-            ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG);
-            return 0;
-        }
-        /*
-         * We have a tag and class match: assume we are going to do something
-         * with it
-         */
-        asn1_tlc_clear(ctx);
-    }
-
-    if (i & 1)
-        plen = len - (p - q);
-
-    if (inf)
-        *inf = i & 1;
-
-    if (cst)
-        *cst = i & V_ASN1_CONSTRUCTED;
-
-    if (olen)
-        *olen = plen;
-
-    if (oclass)
-        *oclass = pclass;
-
-    if (otag)
-        *otag = ptag;
-
-    *in = p;
-    return 1;
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/asn1/tasn_dec.c (from rev 11605, vendor-crypto/openssl/dist/crypto/asn1/tasn_dec.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/asn1/tasn_dec.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/tasn_dec.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,1229 @@
+/* tasn_dec.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stddef.h>
+#include <string.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+
+static int asn1_check_eoc(const unsigned char **in, long len);
+static int asn1_find_end(const unsigned char **in, long len, char inf);
+
+static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
+                        char inf, int tag, int aclass, int depth);
+
+static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen);
+
+static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
+                           char *inf, char *cst,
+                           const unsigned char **in, long len,
+                           int exptag, int expclass, char opt, ASN1_TLC *ctx);
+
+static int asn1_template_ex_d2i(ASN1_VALUE **pval,
+                                const unsigned char **in, long len,
+                                const ASN1_TEMPLATE *tt, char opt,
+                                ASN1_TLC *ctx);
+static int asn1_template_noexp_d2i(ASN1_VALUE **val,
+                                   const unsigned char **in, long len,
+                                   const ASN1_TEMPLATE *tt, char opt,
+                                   ASN1_TLC *ctx);
+static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
+                                 const unsigned char **in, long len,
+                                 const ASN1_ITEM *it,
+                                 int tag, int aclass, char opt,
+                                 ASN1_TLC *ctx);
+
+/* Table to convert tags to bit values, used for MSTRING type */
+static const unsigned long tag2bit[32] = {
+    /* tags  0 -  3 */
+    0, 0, 0, B_ASN1_BIT_STRING,
+    /* tags  4- 7 */
+    B_ASN1_OCTET_STRING, 0, 0, B_ASN1_UNKNOWN,
+    /* tags  8-11 */
+    B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,
+    /* tags 12-15 */
+    B_ASN1_UTF8STRING, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,
+    /* tags 16-19 */
+    B_ASN1_SEQUENCE, 0, B_ASN1_NUMERICSTRING, B_ASN1_PRINTABLESTRING,
+    /* tags 20-22 */
+    B_ASN1_T61STRING, B_ASN1_VIDEOTEXSTRING, B_ASN1_IA5STRING,
+    /* tags 23-24 */
+    B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME,
+    /* tags 25-27 */
+    B_ASN1_GRAPHICSTRING, B_ASN1_ISO64STRING, B_ASN1_GENERALSTRING,
+    /* tags 28-31 */
+    B_ASN1_UNIVERSALSTRING, B_ASN1_UNKNOWN, B_ASN1_BMPSTRING, B_ASN1_UNKNOWN,
+};
+
+unsigned long ASN1_tag2bit(int tag)
+{
+    if ((tag < 0) || (tag > 30))
+        return 0;
+    return tag2bit[tag];
+}
+
+/* Macro to initialize and invalidate the cache */
+
+#define asn1_tlc_clear(c)       if (c) (c)->valid = 0
+/* Version to avoid compiler warning about 'c' always non-NULL */
+#define asn1_tlc_clear_nc(c)    (c)->valid = 0
+
+/*
+ * Decode an ASN1 item, this currently behaves just like a standard 'd2i'
+ * function. 'in' points to a buffer to read the data from, in future we
+ * will have more advanced versions that can input data a piece at a time and
+ * this will simply be a special case.
+ */
+
+ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
+                          const unsigned char **in, long len,
+                          const ASN1_ITEM *it)
+{
+    ASN1_TLC c;
+    ASN1_VALUE *ptmpval = NULL;
+    if (!pval)
+        pval = &ptmpval;
+    asn1_tlc_clear_nc(&c);
+    if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
+        return *pval;
+    return NULL;
+}
+
+int ASN1_template_d2i(ASN1_VALUE **pval,
+                      const unsigned char **in, long len,
+                      const ASN1_TEMPLATE *tt)
+{
+    ASN1_TLC c;
+    asn1_tlc_clear_nc(&c);
+    return asn1_template_ex_d2i(pval, in, len, tt, 0, &c);
+}
+
+/*
+ * Decode an item, taking care of IMPLICIT tagging, if any. If 'opt' set and
+ * tag mismatch return -1 to handle OPTIONAL
+ */
+
+int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+                     const ASN1_ITEM *it,
+                     int tag, int aclass, char opt, ASN1_TLC *ctx)
+{
+    const ASN1_TEMPLATE *tt, *errtt = NULL;
+    const ASN1_COMPAT_FUNCS *cf;
+    const ASN1_EXTERN_FUNCS *ef;
+    const ASN1_AUX *aux = it->funcs;
+    ASN1_aux_cb *asn1_cb;
+    const unsigned char *p = NULL, *q;
+    unsigned char *wp = NULL;   /* BIG FAT WARNING! BREAKS CONST WHERE USED */
+    unsigned char imphack = 0, oclass;
+    char seq_eoc, seq_nolen, cst, isopt;
+    long tmplen;
+    int i;
+    int otag;
+    int ret = 0;
+    ASN1_VALUE **pchptr, *ptmpval;
+    int combine = aclass & ASN1_TFLG_COMBINE;
+    aclass &= ~ASN1_TFLG_COMBINE;
+    if (!pval)
+        return 0;
+    if (aux && aux->asn1_cb)
+        asn1_cb = aux->asn1_cb;
+    else
+        asn1_cb = 0;
+
+    switch (it->itype) {
+    case ASN1_ITYPE_PRIMITIVE:
+        if (it->templates) {
+            /*
+             * tagging or OPTIONAL is currently illegal on an item template
+             * because the flags can't get passed down. In practice this
+             * isn't a problem: we include the relevant flags from the item
+             * template in the template itself.
+             */
+            if ((tag != -1) || opt) {
+                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+                        ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE);
+                goto err;
+            }
+            return asn1_template_ex_d2i(pval, in, len,
+                                        it->templates, opt, ctx);
+        }
+        return asn1_d2i_ex_primitive(pval, in, len, it,
+                                     tag, aclass, opt, ctx);
+        break;
+
+    case ASN1_ITYPE_MSTRING:
+        p = *in;
+        /* Just read in tag and class */
+        ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL,
+                              &p, len, -1, 0, 1, ctx);
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+            goto err;
+        }
+
+        /* Must be UNIVERSAL class */
+        if (oclass != V_ASN1_UNIVERSAL) {
+            /* If OPTIONAL, assume this is OK */
+            if (opt)
+                return -1;
+            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL);
+            goto err;
+        }
+        /* Check tag matches bit map */
+        if (!(ASN1_tag2bit(otag) & it->utype)) {
+            /* If OPTIONAL, assume this is OK */
+            if (opt)
+                return -1;
+            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_WRONG_TAG);
+            goto err;
+        }
+        return asn1_d2i_ex_primitive(pval, in, len, it, otag, 0, 0, ctx);
+
+    case ASN1_ITYPE_EXTERN:
+        /* Use new style d2i */
+        ef = it->funcs;
+        return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx);
+
+    case ASN1_ITYPE_COMPAT:
+        /* we must resort to old style evil hackery */
+        cf = it->funcs;
+
+        /* If OPTIONAL see if it is there */
+        if (opt) {
+            int exptag;
+            p = *in;
+            if (tag == -1)
+                exptag = it->utype;
+            else
+                exptag = tag;
+            /*
+             * Don't care about anything other than presence of expected tag
+             */
+
+            ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL,
+                                  &p, len, exptag, aclass, 1, ctx);
+            if (!ret) {
+                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+                goto err;
+            }
+            if (ret == -1)
+                return -1;
+        }
+
+        /*
+         * This is the old style evil hack IMPLICIT handling: since the
+         * underlying code is expecting a tag and class other than the one
+         * present we change the buffer temporarily then change it back
+         * afterwards. This doesn't and never did work for tags > 30. Yes
+         * this is *horrible* but it is only needed for old style d2i which
+         * will hopefully not be around for much longer. FIXME: should copy
+         * the buffer then modify it so the input buffer can be const: we
+         * should *always* copy because the old style d2i might modify the
+         * buffer.
+         */
+
+        if (tag != -1) {
+            wp = *(unsigned char **)in;
+            imphack = *wp;
+            if (p == NULL) {
+                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+                goto err;
+            }
+            *wp = (unsigned char)((*p & V_ASN1_CONSTRUCTED)
+                                  | it->utype);
+        }
+
+        ptmpval = cf->asn1_d2i(pval, in, len);
+
+        if (tag != -1)
+            *wp = imphack;
+
+        if (ptmpval)
+            return 1;
+
+        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+        goto err;
+
+    case ASN1_ITYPE_CHOICE:
+        if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
+            goto auxerr;
+        if (*pval) {
+            /* Free up and zero CHOICE value if initialised */
+            i = asn1_get_choice_selector(pval, it);
+            if ((i >= 0) && (i < it->tcount)) {
+                tt = it->templates + i;
+                pchptr = asn1_get_field_ptr(pval, tt);
+                ASN1_template_free(pchptr, tt);
+                asn1_set_choice_selector(pval, -1, it);
+            }
+        } else if (!ASN1_item_ex_new(pval, it)) {
+            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+            goto err;
+        }
+        /* CHOICE type, try each possibility in turn */
+        p = *in;
+        for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+            pchptr = asn1_get_field_ptr(pval, tt);
+            /*
+             * We mark field as OPTIONAL so its absence can be recognised.
+             */
+            ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx);
+            /* If field not present, try the next one */
+            if (ret == -1)
+                continue;
+            /* If positive return, read OK, break loop */
+            if (ret > 0)
+                break;
+            /* Otherwise must be an ASN1 parsing error */
+            errtt = tt;
+            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+            goto err;
+        }
+
+        /* Did we fall off the end without reading anything? */
+        if (i == it->tcount) {
+            /* If OPTIONAL, this is OK */
+            if (opt) {
+                /* Free and zero it */
+                ASN1_item_ex_free(pval, it);
+                return -1;
+            }
+            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_NO_MATCHING_CHOICE_TYPE);
+            goto err;
+        }
+
+        asn1_set_choice_selector(pval, i, it);
+        if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
+            goto auxerr;
+        *in = p;
+        return 1;
+
+    case ASN1_ITYPE_NDEF_SEQUENCE:
+    case ASN1_ITYPE_SEQUENCE:
+        p = *in;
+        tmplen = len;
+
+        /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
+        if (tag == -1) {
+            tag = V_ASN1_SEQUENCE;
+            aclass = V_ASN1_UNIVERSAL;
+        }
+        /* Get SEQUENCE length and update len, p */
+        ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst,
+                              &p, len, tag, aclass, opt, ctx);
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+            goto err;
+        } else if (ret == -1)
+            return -1;
+        if (aux && (aux->flags & ASN1_AFLG_BROKEN)) {
+            len = tmplen - (p - *in);
+            seq_nolen = 1;
+        }
+        /* If indefinite we don't do a length check */
+        else
+            seq_nolen = seq_eoc;
+        if (!cst) {
+            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_NOT_CONSTRUCTED);
+            goto err;
+        }
+
+        if (!*pval && !ASN1_item_ex_new(pval, it)) {
+            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+            goto err;
+        }
+
+        if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
+            goto auxerr;
+
+        /* Free up and zero any ADB found */
+        for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+            if (tt->flags & ASN1_TFLG_ADB_MASK) {
+                const ASN1_TEMPLATE *seqtt;
+                ASN1_VALUE **pseqval;
+                seqtt = asn1_do_adb(pval, tt, 1);
+                pseqval = asn1_get_field_ptr(pval, seqtt);
+                ASN1_template_free(pseqval, seqtt);
+            }
+        }
+
+        /* Get each field entry */
+        for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+            const ASN1_TEMPLATE *seqtt;
+            ASN1_VALUE **pseqval;
+            seqtt = asn1_do_adb(pval, tt, 1);
+            if (!seqtt)
+                goto err;
+            pseqval = asn1_get_field_ptr(pval, seqtt);
+            /* Have we ran out of data? */
+            if (!len)
+                break;
+            q = p;
+            if (asn1_check_eoc(&p, len)) {
+                if (!seq_eoc) {
+                    ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_UNEXPECTED_EOC);
+                    goto err;
+                }
+                len -= p - q;
+                seq_eoc = 0;
+                q = p;
+                break;
+            }
+            /*
+             * This determines the OPTIONAL flag value. The field cannot be
+             * omitted if it is the last of a SEQUENCE and there is still
+             * data to be read. This isn't strictly necessary but it
+             * increases efficiency in some cases.
+             */
+            if (i == (it->tcount - 1))
+                isopt = 0;
+            else
+                isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL);
+            /*
+             * attempt to read in field, allowing each to be OPTIONAL
+             */
+
+            ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx);
+            if (!ret) {
+                errtt = seqtt;
+                goto err;
+            } else if (ret == -1) {
+                /*
+                 * OPTIONAL component absent. Free and zero the field.
+                 */
+                ASN1_template_free(pseqval, seqtt);
+                continue;
+            }
+            /* Update length */
+            len -= p - q;
+        }
+
+        /* Check for EOC if expecting one */
+        if (seq_eoc && !asn1_check_eoc(&p, len)) {
+            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MISSING_EOC);
+            goto err;
+        }
+        /* Check all data read */
+        if (!seq_nolen && len) {
+            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        /*
+         * If we get here we've got no more data in the SEQUENCE, however we
+         * may not have read all fields so check all remaining are OPTIONAL
+         * and clear any that are.
+         */
+        for (; i < it->tcount; tt++, i++) {
+            const ASN1_TEMPLATE *seqtt;
+            seqtt = asn1_do_adb(pval, tt, 1);
+            if (!seqtt)
+                goto err;
+            if (seqtt->flags & ASN1_TFLG_OPTIONAL) {
+                ASN1_VALUE **pseqval;
+                pseqval = asn1_get_field_ptr(pval, seqtt);
+                ASN1_template_free(pseqval, seqtt);
+            } else {
+                errtt = seqtt;
+                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_FIELD_MISSING);
+                goto err;
+            }
+        }
+        /* Save encoding */
+        if (!asn1_enc_save(pval, *in, p - *in, it))
+            goto auxerr;
+        if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
+            goto auxerr;
+        *in = p;
+        return 1;
+
+    default:
+        return 0;
+    }
+ auxerr:
+    ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
+ err:
+    if (combine == 0)
+        ASN1_item_ex_free(pval, it);
+    if (errtt)
+        ERR_add_error_data(4, "Field=", errtt->field_name,
+                           ", Type=", it->sname);
+    else
+        ERR_add_error_data(2, "Type=", it->sname);
+    return 0;
+}
+
+/*
+ * Templates are handled with two separate functions. One handles any
+ * EXPLICIT tag and the other handles the rest.
+ */
+
+static int asn1_template_ex_d2i(ASN1_VALUE **val,
+                                const unsigned char **in, long inlen,
+                                const ASN1_TEMPLATE *tt, char opt,
+                                ASN1_TLC *ctx)
+{
+    int flags, aclass;
+    int ret;
+    long len;
+    const unsigned char *p, *q;
+    char exp_eoc;
+    if (!val)
+        return 0;
+    flags = tt->flags;
+    aclass = flags & ASN1_TFLG_TAG_CLASS;
+
+    p = *in;
+
+    /* Check if EXPLICIT tag expected */
+    if (flags & ASN1_TFLG_EXPTAG) {
+        char cst;
+        /*
+         * Need to work out amount of data available to the inner content and
+         * where it starts: so read in EXPLICIT header to get the info.
+         */
+        ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst,
+                              &p, inlen, tt->tag, aclass, opt, ctx);
+        q = p;
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+            return 0;
+        } else if (ret == -1)
+            return -1;
+        if (!cst) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
+                    ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED);
+            return 0;
+        }
+        /* We've found the field so it can't be OPTIONAL now */
+        ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx);
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+            return 0;
+        }
+        /* We read the field in OK so update length */
+        len -= p - q;
+        if (exp_eoc) {
+            /* If NDEF we must have an EOC here */
+            if (!asn1_check_eoc(&p, len)) {
+                ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ASN1_R_MISSING_EOC);
+                goto err;
+            }
+        } else {
+            /*
+             * Otherwise we must hit the EXPLICIT tag end or its an error
+             */
+            if (len) {
+                ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
+                        ASN1_R_EXPLICIT_LENGTH_MISMATCH);
+                goto err;
+            }
+        }
+    } else
+        return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx);
+
+    *in = p;
+    return 1;
+
+ err:
+    ASN1_template_free(val, tt);
+    return 0;
+}
+
+static int asn1_template_noexp_d2i(ASN1_VALUE **val,
+                                   const unsigned char **in, long len,
+                                   const ASN1_TEMPLATE *tt, char opt,
+                                   ASN1_TLC *ctx)
+{
+    int flags, aclass;
+    int ret;
+    const unsigned char *p, *q;
+    if (!val)
+        return 0;
+    flags = tt->flags;
+    aclass = flags & ASN1_TFLG_TAG_CLASS;
+
+    p = *in;
+    q = p;
+
+    if (flags & ASN1_TFLG_SK_MASK) {
+        /* SET OF, SEQUENCE OF */
+        int sktag, skaclass;
+        char sk_eoc;
+        /* First work out expected inner tag value */
+        if (flags & ASN1_TFLG_IMPTAG) {
+            sktag = tt->tag;
+            skaclass = aclass;
+        } else {
+            skaclass = V_ASN1_UNIVERSAL;
+            if (flags & ASN1_TFLG_SET_OF)
+                sktag = V_ASN1_SET;
+            else
+                sktag = V_ASN1_SEQUENCE;
+        }
+        /* Get the tag */
+        ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL,
+                              &p, len, sktag, skaclass, opt, ctx);
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
+            return 0;
+        } else if (ret == -1)
+            return -1;
+        if (!*val)
+            *val = (ASN1_VALUE *)sk_new_null();
+        else {
+            /*
+             * We've got a valid STACK: free up any items present
+             */
+            STACK_OF(ASN1_VALUE) *sktmp = (STACK_OF(ASN1_VALUE) *)*val;
+            ASN1_VALUE *vtmp;
+            while (sk_ASN1_VALUE_num(sktmp) > 0) {
+                vtmp = sk_ASN1_VALUE_pop(sktmp);
+                ASN1_item_ex_free(&vtmp, ASN1_ITEM_ptr(tt->item));
+            }
+        }
+
+        if (!*val) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        /* Read as many items as we can */
+        while (len > 0) {
+            ASN1_VALUE *skfield;
+            q = p;
+            /* See if EOC found */
+            if (asn1_check_eoc(&p, len)) {
+                if (!sk_eoc) {
+                    ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
+                            ASN1_R_UNEXPECTED_EOC);
+                    goto err;
+                }
+                len -= p - q;
+                sk_eoc = 0;
+                break;
+            }
+            skfield = NULL;
+            if (!ASN1_item_ex_d2i(&skfield, &p, len,
+                                  ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) {
+                ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
+                        ERR_R_NESTED_ASN1_ERROR);
+                goto err;
+            }
+            len -= p - q;
+            if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val, skfield)) {
+                ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        }
+        if (sk_eoc) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ASN1_R_MISSING_EOC);
+            goto err;
+        }
+    } else if (flags & ASN1_TFLG_IMPTAG) {
+        /* IMPLICIT tagging */
+        ret = ASN1_item_ex_d2i(val, &p, len,
+                               ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt,
+                               ctx);
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
+            goto err;
+        } else if (ret == -1)
+            return -1;
+    } else {
+        /* Nothing special */
+        ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
+                               -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx);
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
+            goto err;
+        } else if (ret == -1)
+            return -1;
+    }
+
+    *in = p;
+    return 1;
+
+ err:
+    ASN1_template_free(val, tt);
+    return 0;
+}
+
+static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
+                                 const unsigned char **in, long inlen,
+                                 const ASN1_ITEM *it,
+                                 int tag, int aclass, char opt, ASN1_TLC *ctx)
+{
+    int ret = 0, utype;
+    long plen;
+    char cst, inf, free_cont = 0;
+    const unsigned char *p;
+    BUF_MEM buf;
+    const unsigned char *cont = NULL;
+    long len;
+    if (!pval) {
+        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_NULL);
+        return 0;               /* Should never happen */
+    }
+
+    if (it->itype == ASN1_ITYPE_MSTRING) {
+        utype = tag;
+        tag = -1;
+    } else
+        utype = it->utype;
+
+    if (utype == V_ASN1_ANY) {
+        /* If type is ANY need to figure out type from tag */
+        unsigned char oclass;
+        if (tag >= 0) {
+            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_TAGGED_ANY);
+            return 0;
+        }
+        if (opt) {
+            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
+                    ASN1_R_ILLEGAL_OPTIONAL_ANY);
+            return 0;
+        }
+        p = *in;
+        ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL,
+                              &p, inlen, -1, 0, 0, ctx);
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
+            return 0;
+        }
+        if (oclass != V_ASN1_UNIVERSAL)
+            utype = V_ASN1_OTHER;
+    }
+    if (tag == -1) {
+        tag = utype;
+        aclass = V_ASN1_UNIVERSAL;
+    }
+    p = *in;
+    /* Check header */
+    ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst,
+                          &p, inlen, tag, aclass, opt, ctx);
+    if (!ret) {
+        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
+        return 0;
+    } else if (ret == -1)
+        return -1;
+    ret = 0;
+    /* SEQUENCE, SET and "OTHER" are left in encoded form */
+    if ((utype == V_ASN1_SEQUENCE)
+        || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) {
+        /*
+         * Clear context cache for type OTHER because the auto clear when we
+         * have a exact match wont work
+         */
+        if (utype == V_ASN1_OTHER) {
+            asn1_tlc_clear(ctx);
+        }
+        /* SEQUENCE and SET must be constructed */
+        else if (!cst) {
+            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
+                    ASN1_R_TYPE_NOT_CONSTRUCTED);
+            return 0;
+        }
+
+        cont = *in;
+        /* If indefinite length constructed find the real end */
+        if (inf) {
+            if (!asn1_find_end(&p, plen, inf))
+                goto err;
+            len = p - cont;
+        } else {
+            len = p - cont + plen;
+            p += plen;
+            buf.data = NULL;
+        }
+    } else if (cst) {
+        if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN
+            || utype == V_ASN1_OBJECT || utype == V_ASN1_INTEGER
+            || utype == V_ASN1_ENUMERATED) {
+            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_TYPE_NOT_PRIMITIVE);
+            return 0;
+        }
+        buf.length = 0;
+        buf.max = 0;
+        buf.data = NULL;
+        /*
+         * Should really check the internal tags are correct but some things
+         * may get this wrong. The relevant specs say that constructed string
+         * types should be OCTET STRINGs internally irrespective of the type.
+         * So instead just check for UNIVERSAL class and ignore the tag.
+         */
+        if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0)) {
+            free_cont = 1;
+            goto err;
+        }
+        len = buf.length;
+        /* Append a final null to string */
+        if (!BUF_MEM_grow_clean(&buf, len + 1)) {
+            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        buf.data[len] = 0;
+        cont = (const unsigned char *)buf.data;
+        free_cont = 1;
+    } else {
+        cont = p;
+        len = plen;
+        p += plen;
+    }
+
+    /* We now have content length and type: translate into a structure */
+    if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it))
+        goto err;
+
+    *in = p;
+    ret = 1;
+ err:
+    if (free_cont && buf.data)
+        OPENSSL_free(buf.data);
+    return ret;
+}
+
+/* Translate ASN1 content octets into a structure */
+
+int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                int utype, char *free_cont, const ASN1_ITEM *it)
+{
+    ASN1_VALUE **opval = NULL;
+    ASN1_STRING *stmp;
+    ASN1_TYPE *typ = NULL;
+    int ret = 0;
+    const ASN1_PRIMITIVE_FUNCS *pf;
+    ASN1_INTEGER **tint;
+    pf = it->funcs;
+
+    if (pf && pf->prim_c2i)
+        return pf->prim_c2i(pval, cont, len, utype, free_cont, it);
+    /* If ANY type clear type and set pointer to internal value */
+    if (it->utype == V_ASN1_ANY) {
+        if (!*pval) {
+            typ = ASN1_TYPE_new();
+            if (typ == NULL)
+                goto err;
+            *pval = (ASN1_VALUE *)typ;
+        } else
+            typ = (ASN1_TYPE *)*pval;
+
+        if (utype != typ->type)
+            ASN1_TYPE_set(typ, utype, NULL);
+        opval = pval;
+        pval = &typ->value.asn1_value;
+    }
+    switch (utype) {
+    case V_ASN1_OBJECT:
+        if (!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len))
+            goto err;
+        break;
+
+    case V_ASN1_NULL:
+        if (len) {
+            ASN1err(ASN1_F_ASN1_EX_C2I, ASN1_R_NULL_IS_WRONG_LENGTH);
+            goto err;
+        }
+        *pval = (ASN1_VALUE *)1;
+        break;
+
+    case V_ASN1_BOOLEAN:
+        if (len != 1) {
+            ASN1err(ASN1_F_ASN1_EX_C2I, ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
+            goto err;
+        } else {
+            ASN1_BOOLEAN *tbool;
+            tbool = (ASN1_BOOLEAN *)pval;
+            *tbool = *cont;
+        }
+        break;
+
+    case V_ASN1_BIT_STRING:
+        if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len))
+            goto err;
+        break;
+
+    case V_ASN1_INTEGER:
+    case V_ASN1_ENUMERATED:
+        tint = (ASN1_INTEGER **)pval;
+        if (!c2i_ASN1_INTEGER(tint, &cont, len))
+            goto err;
+        /* Fixup type to match the expected form */
+        (*tint)->type = utype | ((*tint)->type & V_ASN1_NEG);
+        break;
+
+    case V_ASN1_OCTET_STRING:
+    case V_ASN1_NUMERICSTRING:
+    case V_ASN1_PRINTABLESTRING:
+    case V_ASN1_T61STRING:
+    case V_ASN1_VIDEOTEXSTRING:
+    case V_ASN1_IA5STRING:
+    case V_ASN1_UTCTIME:
+    case V_ASN1_GENERALIZEDTIME:
+    case V_ASN1_GRAPHICSTRING:
+    case V_ASN1_VISIBLESTRING:
+    case V_ASN1_GENERALSTRING:
+    case V_ASN1_UNIVERSALSTRING:
+    case V_ASN1_BMPSTRING:
+    case V_ASN1_UTF8STRING:
+    case V_ASN1_OTHER:
+    case V_ASN1_SET:
+    case V_ASN1_SEQUENCE:
+    default:
+        if (utype == V_ASN1_BMPSTRING && (len & 1)) {
+            ASN1err(ASN1_F_ASN1_EX_C2I, ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
+            goto err;
+        }
+        if (utype == V_ASN1_UNIVERSALSTRING && (len & 3)) {
+            ASN1err(ASN1_F_ASN1_EX_C2I,
+                    ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
+            goto err;
+        }
+        /* All based on ASN1_STRING and handled the same */
+        if (!*pval) {
+            stmp = ASN1_STRING_type_new(utype);
+            if (!stmp) {
+                ASN1err(ASN1_F_ASN1_EX_C2I, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            *pval = (ASN1_VALUE *)stmp;
+        } else {
+            stmp = (ASN1_STRING *)*pval;
+            stmp->type = utype;
+        }
+        /* If we've already allocated a buffer use it */
+        if (*free_cont) {
+            if (stmp->data)
+                OPENSSL_free(stmp->data);
+            stmp->data = (unsigned char *)cont; /* UGLY CAST! RL */
+            stmp->length = len;
+            *free_cont = 0;
+        } else {
+            if (!ASN1_STRING_set(stmp, cont, len)) {
+                ASN1err(ASN1_F_ASN1_EX_C2I, ERR_R_MALLOC_FAILURE);
+                ASN1_STRING_free(stmp);
+                *pval = NULL;
+                goto err;
+            }
+        }
+        break;
+    }
+    /* If ASN1_ANY and NULL type fix up value */
+    if (typ && (utype == V_ASN1_NULL))
+        typ->value.ptr = NULL;
+
+    ret = 1;
+ err:
+    if (!ret) {
+        ASN1_TYPE_free(typ);
+        if (opval)
+            *opval = NULL;
+    }
+    return ret;
+}
+
+/*
+ * This function finds the end of an ASN1 structure when passed its maximum
+ * length, whether it is indefinite length and a pointer to the content. This
+ * is more efficient than calling asn1_collect because it does not recurse on
+ * each indefinite length header.
+ */
+
+static int asn1_find_end(const unsigned char **in, long len, char inf)
+{
+    int expected_eoc;
+    long plen;
+    const unsigned char *p = *in, *q;
+    /* If not indefinite length constructed just add length */
+    if (inf == 0) {
+        *in += len;
+        return 1;
+    }
+    expected_eoc = 1;
+    /*
+     * Indefinite length constructed form. Find the end when enough EOCs are
+     * found. If more indefinite length constructed headers are encountered
+     * increment the expected eoc count otherwise just skip to the end of the
+     * data.
+     */
+    while (len > 0) {
+        if (asn1_check_eoc(&p, len)) {
+            expected_eoc--;
+            if (expected_eoc == 0)
+                break;
+            len -= 2;
+            continue;
+        }
+        q = p;
+        /* Just read in a header: only care about the length */
+        if (!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len,
+                             -1, 0, 0, NULL)) {
+            ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR);
+            return 0;
+        }
+        if (inf)
+            expected_eoc++;
+        else
+            p += plen;
+        len -= p - q;
+    }
+    if (expected_eoc) {
+        ASN1err(ASN1_F_ASN1_FIND_END, ASN1_R_MISSING_EOC);
+        return 0;
+    }
+    *in = p;
+    return 1;
+}
+
+/*
+ * This function collects the asn1 data from a constructred string type into
+ * a buffer. The values of 'in' and 'len' should refer to the contents of the
+ * constructed type and 'inf' should be set if it is indefinite length.
+ */
+
+#ifndef ASN1_MAX_STRING_NEST
+/*
+ * This determines how many levels of recursion are permitted in ASN1 string
+ * types. If it is not limited stack overflows can occur. If set to zero no
+ * recursion is allowed at all. Although zero should be adequate examples
+ * exist that require a value of 1. So 5 should be more than enough.
+ */
+# define ASN1_MAX_STRING_NEST 5
+#endif
+
+static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
+                        char inf, int tag, int aclass, int depth)
+{
+    const unsigned char *p, *q;
+    long plen;
+    char cst, ininf;
+    p = *in;
+    inf &= 1;
+    /*
+     * If no buffer and not indefinite length constructed just pass over the
+     * encoded data
+     */
+    if (!buf && !inf) {
+        *in += len;
+        return 1;
+    }
+    while (len > 0) {
+        q = p;
+        /* Check for EOC */
+        if (asn1_check_eoc(&p, len)) {
+            /*
+             * EOC is illegal outside indefinite length constructed form
+             */
+            if (!inf) {
+                ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_UNEXPECTED_EOC);
+                return 0;
+            }
+            inf = 0;
+            break;
+        }
+
+        if (!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p,
+                             len, tag, aclass, 0, NULL)) {
+            ASN1err(ASN1_F_ASN1_COLLECT, ERR_R_NESTED_ASN1_ERROR);
+            return 0;
+        }
+
+        /* If indefinite length constructed update max length */
+        if (cst) {
+            if (depth >= ASN1_MAX_STRING_NEST) {
+                ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_NESTED_ASN1_STRING);
+                return 0;
+            }
+            if (!asn1_collect(buf, &p, plen, ininf, tag, aclass, depth + 1))
+                return 0;
+        } else if (plen && !collect_data(buf, &p, plen))
+            return 0;
+        len -= p - q;
+    }
+    if (inf) {
+        ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_MISSING_EOC);
+        return 0;
+    }
+    *in = p;
+    return 1;
+}
+
+static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen)
+{
+    int len;
+    if (buf) {
+        len = buf->length;
+        if (!BUF_MEM_grow_clean(buf, len + plen)) {
+            ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        memcpy(buf->data + len, *p, plen);
+    }
+    *p += plen;
+    return 1;
+}
+
+/* Check for ASN1 EOC and swallow it if found */
+
+static int asn1_check_eoc(const unsigned char **in, long len)
+{
+    const unsigned char *p;
+    if (len < 2)
+        return 0;
+    p = *in;
+    if (!p[0] && !p[1]) {
+        *in += 2;
+        return 1;
+    }
+    return 0;
+}
+
+/*
+ * Check an ASN1 tag and length: a bit like ASN1_get_object but it sets the
+ * length for indefinite length constructed form, we don't know the exact
+ * length but we can set an upper bound to the amount of data available minus
+ * the header length just read.
+ */
+
+static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
+                           char *inf, char *cst,
+                           const unsigned char **in, long len,
+                           int exptag, int expclass, char opt, ASN1_TLC *ctx)
+{
+    int i;
+    int ptag, pclass;
+    long plen;
+    const unsigned char *p, *q;
+    p = *in;
+    q = p;
+
+    if (ctx && ctx->valid) {
+        i = ctx->ret;
+        plen = ctx->plen;
+        pclass = ctx->pclass;
+        ptag = ctx->ptag;
+        p += ctx->hdrlen;
+    } else {
+        i = ASN1_get_object(&p, &plen, &ptag, &pclass, len);
+        if (ctx) {
+            ctx->ret = i;
+            ctx->plen = plen;
+            ctx->pclass = pclass;
+            ctx->ptag = ptag;
+            ctx->hdrlen = p - q;
+            ctx->valid = 1;
+            /*
+             * If definite length, and no error, length + header can't exceed
+             * total amount of data available.
+             */
+            if (!(i & 0x81) && ((plen + ctx->hdrlen) > len)) {
+                ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_TOO_LONG);
+                asn1_tlc_clear(ctx);
+                return 0;
+            }
+        }
+    }
+
+    if (i & 0x80) {
+        ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER);
+        asn1_tlc_clear(ctx);
+        return 0;
+    }
+    if (exptag >= 0) {
+        if ((exptag != ptag) || (expclass != pclass)) {
+            /*
+             * If type is OPTIONAL, not an error: indicate missing type.
+             */
+            if (opt)
+                return -1;
+            asn1_tlc_clear(ctx);
+            ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG);
+            return 0;
+        }
+        /*
+         * We have a tag and class match: assume we are going to do something
+         * with it
+         */
+        asn1_tlc_clear(ctx);
+    }
+
+    if (i & 1)
+        plen = len - (p - q);
+
+    if (inf)
+        *inf = i & 1;
+
+    if (cst)
+        *cst = i & V_ASN1_CONSTRUCTED;
+
+    if (olen)
+        *olen = plen;
+
+    if (oclass)
+        *oclass = pclass;
+
+    if (otag)
+        *otag = ptag;
+
+    *in = p;
+    return 1;
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/asn1/tasn_enc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/tasn_enc.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/tasn_enc.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,661 +0,0 @@
-/* tasn_enc.c */
-/*
- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stddef.h>
-#include <string.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/objects.h>
-
-static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
-                                 const ASN1_ITEM *it, int tag, int aclass);
-static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
-                            int skcontlen, const ASN1_ITEM *item,
-                            int do_sort, int iclass);
-static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
-                                const ASN1_TEMPLATE *tt, int tag, int aclass);
-static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,
-                               const ASN1_ITEM *it, int flags);
-
-/*
- * Top level i2d equivalents: the 'ndef' variant instructs the encoder to use
- * indefinite length constructed encoding, where appropriate
- */
-
-int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out,
-                       const ASN1_ITEM *it)
-{
-    return asn1_item_flags_i2d(val, out, it, ASN1_TFLG_NDEF);
-}
-
-int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it)
-{
-    return asn1_item_flags_i2d(val, out, it, 0);
-}
-
-/*
- * Encode an ASN1 item, this is use by the standard 'i2d' function. 'out'
- * points to a buffer to output the data to. The new i2d has one additional
- * feature. If the output buffer is NULL (i.e. *out == NULL) then a buffer is
- * allocated and populated with the encoding.
- */
-
-static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,
-                               const ASN1_ITEM *it, int flags)
-{
-    if (out && !*out) {
-        unsigned char *p, *buf;
-        int len;
-        len = ASN1_item_ex_i2d(&val, NULL, it, -1, flags);
-        if (len <= 0)
-            return len;
-        buf = OPENSSL_malloc(len);
-        if (!buf)
-            return -1;
-        p = buf;
-        ASN1_item_ex_i2d(&val, &p, it, -1, flags);
-        *out = buf;
-        return len;
-    }
-
-    return ASN1_item_ex_i2d(&val, out, it, -1, flags);
-}
-
-/*
- * Encode an item, taking care of IMPLICIT tagging (if any). This function
- * performs the normal item handling: it can be used in external types.
- */
-
-int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
-                     const ASN1_ITEM *it, int tag, int aclass)
-{
-    const ASN1_TEMPLATE *tt = NULL;
-    unsigned char *p = NULL;
-    int i, seqcontlen, seqlen, ndef = 1;
-    const ASN1_COMPAT_FUNCS *cf;
-    const ASN1_EXTERN_FUNCS *ef;
-    const ASN1_AUX *aux = it->funcs;
-    ASN1_aux_cb *asn1_cb = 0;
-
-    if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval)
-        return 0;
-
-    if (aux && aux->asn1_cb)
-        asn1_cb = aux->asn1_cb;
-
-    switch (it->itype) {
-
-    case ASN1_ITYPE_PRIMITIVE:
-        if (it->templates)
-            return asn1_template_ex_i2d(pval, out, it->templates,
-                                        tag, aclass);
-        return asn1_i2d_ex_primitive(pval, out, it, tag, aclass);
-        break;
-
-    case ASN1_ITYPE_MSTRING:
-        return asn1_i2d_ex_primitive(pval, out, it, -1, aclass);
-
-    case ASN1_ITYPE_CHOICE:
-        if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL))
-            return 0;
-        i = asn1_get_choice_selector(pval, it);
-        if ((i >= 0) && (i < it->tcount)) {
-            ASN1_VALUE **pchval;
-            const ASN1_TEMPLATE *chtt;
-            chtt = it->templates + i;
-            pchval = asn1_get_field_ptr(pval, chtt);
-            return asn1_template_ex_i2d(pchval, out, chtt, -1, aclass);
-        }
-        /* Fixme: error condition if selector out of range */
-        if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it, NULL))
-            return 0;
-        break;
-
-    case ASN1_ITYPE_EXTERN:
-        /* If new style i2d it does all the work */
-        ef = it->funcs;
-        return ef->asn1_ex_i2d(pval, out, it, tag, aclass);
-
-    case ASN1_ITYPE_COMPAT:
-        /* old style hackery... */
-        cf = it->funcs;
-        if (out)
-            p = *out;
-        i = cf->asn1_i2d(*pval, out);
-        /*
-         * Fixup for IMPLICIT tag: note this messes up for tags > 30, but so
-         * did the old code. Tags > 30 are very rare anyway.
-         */
-        if (out && (tag != -1))
-            *p = aclass | tag | (*p & V_ASN1_CONSTRUCTED);
-        return i;
-
-    case ASN1_ITYPE_NDEF_SEQUENCE:
-        /* Use indefinite length constructed if requested */
-        if (aclass & ASN1_TFLG_NDEF)
-            ndef = 2;
-        /* fall through */
-
-    case ASN1_ITYPE_SEQUENCE:
-        i = asn1_enc_restore(&seqcontlen, out, pval, it);
-        /* An error occurred */
-        if (i < 0)
-            return 0;
-        /* We have a valid cached encoding... */
-        if (i > 0)
-            return seqcontlen;
-        /* Otherwise carry on */
-        seqcontlen = 0;
-        /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
-        if (tag == -1) {
-            tag = V_ASN1_SEQUENCE;
-            /* Retain any other flags in aclass */
-            aclass = (aclass & ~ASN1_TFLG_TAG_CLASS)
-                | V_ASN1_UNIVERSAL;
-        }
-        if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL))
-            return 0;
-        /* First work out sequence content length */
-        for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
-            const ASN1_TEMPLATE *seqtt;
-            ASN1_VALUE **pseqval;
-            seqtt = asn1_do_adb(pval, tt, 1);
-            if (!seqtt)
-                return 0;
-            pseqval = asn1_get_field_ptr(pval, seqtt);
-            /* FIXME: check for errors in enhanced version */
-            seqcontlen += asn1_template_ex_i2d(pseqval, NULL, seqtt,
-                                               -1, aclass);
-        }
-
-        seqlen = ASN1_object_size(ndef, seqcontlen, tag);
-        if (!out)
-            return seqlen;
-        /* Output SEQUENCE header */
-        ASN1_put_object(out, ndef, seqcontlen, tag, aclass);
-        for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
-            const ASN1_TEMPLATE *seqtt;
-            ASN1_VALUE **pseqval;
-            seqtt = asn1_do_adb(pval, tt, 1);
-            if (!seqtt)
-                return 0;
-            pseqval = asn1_get_field_ptr(pval, seqtt);
-            /* FIXME: check for errors in enhanced version */
-            asn1_template_ex_i2d(pseqval, out, seqtt, -1, aclass);
-        }
-        if (ndef == 2)
-            ASN1_put_eoc(out);
-        if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it, NULL))
-            return 0;
-        return seqlen;
-
-    default:
-        return 0;
-
-    }
-    return 0;
-}
-
-int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out,
-                      const ASN1_TEMPLATE *tt)
-{
-    return asn1_template_ex_i2d(pval, out, tt, -1, 0);
-}
-
-static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
-                                const ASN1_TEMPLATE *tt, int tag, int iclass)
-{
-    int i, ret, flags, ttag, tclass, ndef;
-    flags = tt->flags;
-    /*
-     * Work out tag and class to use: tagging may come either from the
-     * template or the arguments, not both because this would create
-     * ambiguity. Additionally the iclass argument may contain some
-     * additional flags which should be noted and passed down to other
-     * levels.
-     */
-    if (flags & ASN1_TFLG_TAG_MASK) {
-        /* Error if argument and template tagging */
-        if (tag != -1)
-            /* FIXME: error code here */
-            return -1;
-        /* Get tagging from template */
-        ttag = tt->tag;
-        tclass = flags & ASN1_TFLG_TAG_CLASS;
-    } else if (tag != -1) {
-        /* No template tagging, get from arguments */
-        ttag = tag;
-        tclass = iclass & ASN1_TFLG_TAG_CLASS;
-    } else {
-        ttag = -1;
-        tclass = 0;
-    }
-    /*
-     * Remove any class mask from iflag.
-     */
-    iclass &= ~ASN1_TFLG_TAG_CLASS;
-
-    /*
-     * At this point 'ttag' contains the outer tag to use, 'tclass' is the
-     * class and iclass is any flags passed to this function.
-     */
-
-    /* if template and arguments require ndef, use it */
-    if ((flags & ASN1_TFLG_NDEF) && (iclass & ASN1_TFLG_NDEF))
-        ndef = 2;
-    else
-        ndef = 1;
-
-    if (flags & ASN1_TFLG_SK_MASK) {
-        /* SET OF, SEQUENCE OF */
-        STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
-        int isset, sktag, skaclass;
-        int skcontlen, sklen;
-        ASN1_VALUE *skitem;
-
-        if (!*pval)
-            return 0;
-
-        if (flags & ASN1_TFLG_SET_OF) {
-            isset = 1;
-            /* 2 means we reorder */
-            if (flags & ASN1_TFLG_SEQUENCE_OF)
-                isset = 2;
-        } else
-            isset = 0;
-
-        /*
-         * Work out inner tag value: if EXPLICIT or no tagging use underlying
-         * type.
-         */
-        if ((ttag != -1) && !(flags & ASN1_TFLG_EXPTAG)) {
-            sktag = ttag;
-            skaclass = tclass;
-        } else {
-            skaclass = V_ASN1_UNIVERSAL;
-            if (isset)
-                sktag = V_ASN1_SET;
-            else
-                sktag = V_ASN1_SEQUENCE;
-        }
-
-        /* Determine total length of items */
-        skcontlen = 0;
-        for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
-            skitem = sk_ASN1_VALUE_value(sk, i);
-            skcontlen += ASN1_item_ex_i2d(&skitem, NULL,
-                                          ASN1_ITEM_ptr(tt->item),
-                                          -1, iclass);
-        }
-        sklen = ASN1_object_size(ndef, skcontlen, sktag);
-        /* If EXPLICIT need length of surrounding tag */
-        if (flags & ASN1_TFLG_EXPTAG)
-            ret = ASN1_object_size(ndef, sklen, ttag);
-        else
-            ret = sklen;
-
-        if (!out)
-            return ret;
-
-        /* Now encode this lot... */
-        /* EXPLICIT tag */
-        if (flags & ASN1_TFLG_EXPTAG)
-            ASN1_put_object(out, ndef, sklen, ttag, tclass);
-        /* SET or SEQUENCE and IMPLICIT tag */
-        ASN1_put_object(out, ndef, skcontlen, sktag, skaclass);
-        /* And the stuff itself */
-        asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item),
-                         isset, iclass);
-        if (ndef == 2) {
-            ASN1_put_eoc(out);
-            if (flags & ASN1_TFLG_EXPTAG)
-                ASN1_put_eoc(out);
-        }
-
-        return ret;
-    }
-
-    if (flags & ASN1_TFLG_EXPTAG) {
-        /* EXPLICIT tagging */
-        /* Find length of tagged item */
-        i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item), -1, iclass);
-        if (!i)
-            return 0;
-        /* Find length of EXPLICIT tag */
-        ret = ASN1_object_size(ndef, i, ttag);
-        if (out) {
-            /* Output tag and item */
-            ASN1_put_object(out, ndef, i, ttag, tclass);
-            ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, iclass);
-            if (ndef == 2)
-                ASN1_put_eoc(out);
-        }
-        return ret;
-    }
-
-    /* Either normal or IMPLICIT tagging: combine class and flags */
-    return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item),
-                            ttag, tclass | iclass);
-
-}
-
-/* Temporary structure used to hold DER encoding of items for SET OF */
-
-typedef struct {
-    unsigned char *data;
-    int length;
-    ASN1_VALUE *field;
-} DER_ENC;
-
-static int der_cmp(const void *a, const void *b)
-{
-    const DER_ENC *d1 = a, *d2 = b;
-    int cmplen, i;
-    cmplen = (d1->length < d2->length) ? d1->length : d2->length;
-    i = memcmp(d1->data, d2->data, cmplen);
-    if (i)
-        return i;
-    return d1->length - d2->length;
-}
-
-/* Output the content octets of SET OF or SEQUENCE OF */
-
-static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
-                            int skcontlen, const ASN1_ITEM *item,
-                            int do_sort, int iclass)
-{
-    int i;
-    ASN1_VALUE *skitem;
-    unsigned char *tmpdat = NULL, *p = NULL;
-    DER_ENC *derlst = NULL, *tder;
-    if (do_sort) {
-        /* Don't need to sort less than 2 items */
-        if (sk_ASN1_VALUE_num(sk) < 2)
-            do_sort = 0;
-        else {
-            derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk)
-                                    * sizeof(*derlst));
-            if (!derlst)
-                return 0;
-            tmpdat = OPENSSL_malloc(skcontlen);
-            if (!tmpdat) {
-                OPENSSL_free(derlst);
-                return 0;
-            }
-        }
-    }
-    /* If not sorting just output each item */
-    if (!do_sort) {
-        for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
-            skitem = sk_ASN1_VALUE_value(sk, i);
-            ASN1_item_ex_i2d(&skitem, out, item, -1, iclass);
-        }
-        return 1;
-    }
-    p = tmpdat;
-
-    /* Doing sort: build up a list of each member's DER encoding */
-    for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) {
-        skitem = sk_ASN1_VALUE_value(sk, i);
-        tder->data = p;
-        tder->length = ASN1_item_ex_i2d(&skitem, &p, item, -1, iclass);
-        tder->field = skitem;
-    }
-
-    /* Now sort them */
-    qsort(derlst, sk_ASN1_VALUE_num(sk), sizeof(*derlst), der_cmp);
-    /* Output sorted DER encoding */
-    p = *out;
-    for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) {
-        memcpy(p, tder->data, tder->length);
-        p += tder->length;
-    }
-    *out = p;
-    /* If do_sort is 2 then reorder the STACK */
-    if (do_sort == 2) {
-        for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++)
-            (void)sk_ASN1_VALUE_set(sk, i, tder->field);
-    }
-    OPENSSL_free(derlst);
-    OPENSSL_free(tmpdat);
-    return 1;
-}
-
-static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
-                                 const ASN1_ITEM *it, int tag, int aclass)
-{
-    int len;
-    int utype;
-    int usetag;
-    int ndef = 0;
-
-    utype = it->utype;
-
-    /*
-     * Get length of content octets and maybe find out the underlying type.
-     */
-
-    len = asn1_ex_i2c(pval, NULL, &utype, it);
-
-    /*
-     * If SEQUENCE, SET or OTHER then header is included in pseudo content
-     * octets so don't include tag+length. We need to check here because the
-     * call to asn1_ex_i2c() could change utype.
-     */
-    if ((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) ||
-        (utype == V_ASN1_OTHER))
-        usetag = 0;
-    else
-        usetag = 1;
-
-    /* -1 means omit type */
-
-    if (len == -1)
-        return 0;
-
-    /* -2 return is special meaning use ndef */
-    if (len == -2) {
-        ndef = 2;
-        len = 0;
-    }
-
-    /* If not implicitly tagged get tag from underlying type */
-    if (tag == -1)
-        tag = utype;
-
-    /* Output tag+length followed by content octets */
-    if (out) {
-        if (usetag)
-            ASN1_put_object(out, ndef, len, tag, aclass);
-        asn1_ex_i2c(pval, *out, &utype, it);
-        if (ndef)
-            ASN1_put_eoc(out);
-        else
-            *out += len;
-    }
-
-    if (usetag)
-        return ASN1_object_size(ndef, len, tag);
-    return len;
-}
-
-/* Produce content octets from a structure */
-
-int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
-                const ASN1_ITEM *it)
-{
-    ASN1_BOOLEAN *tbool = NULL;
-    ASN1_STRING *strtmp;
-    ASN1_OBJECT *otmp;
-    int utype;
-    const unsigned char *cont;
-    unsigned char c;
-    int len;
-    const ASN1_PRIMITIVE_FUNCS *pf;
-    pf = it->funcs;
-    if (pf && pf->prim_i2c)
-        return pf->prim_i2c(pval, cout, putype, it);
-
-    /* Should type be omitted? */
-    if ((it->itype != ASN1_ITYPE_PRIMITIVE)
-        || (it->utype != V_ASN1_BOOLEAN)) {
-        if (!*pval)
-            return -1;
-    }
-
-    if (it->itype == ASN1_ITYPE_MSTRING) {
-        /* If MSTRING type set the underlying type */
-        strtmp = (ASN1_STRING *)*pval;
-        utype = strtmp->type;
-        *putype = utype;
-    } else if (it->utype == V_ASN1_ANY) {
-        /* If ANY set type and pointer to value */
-        ASN1_TYPE *typ;
-        typ = (ASN1_TYPE *)*pval;
-        utype = typ->type;
-        *putype = utype;
-        pval = &typ->value.asn1_value;
-    } else
-        utype = *putype;
-
-    switch (utype) {
-    case V_ASN1_OBJECT:
-        otmp = (ASN1_OBJECT *)*pval;
-        cont = otmp->data;
-        len = otmp->length;
-        break;
-
-    case V_ASN1_NULL:
-        cont = NULL;
-        len = 0;
-        break;
-
-    case V_ASN1_BOOLEAN:
-        tbool = (ASN1_BOOLEAN *)pval;
-        if (*tbool == -1)
-            return -1;
-        if (it->utype != V_ASN1_ANY) {
-            /*
-             * Default handling if value == size field then omit
-             */
-            if (*tbool && (it->size > 0))
-                return -1;
-            if (!*tbool && !it->size)
-                return -1;
-        }
-        c = (unsigned char)*tbool;
-        cont = &c;
-        len = 1;
-        break;
-
-    case V_ASN1_BIT_STRING:
-        return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval,
-                                   cout ? &cout : NULL);
-        break;
-
-    case V_ASN1_INTEGER:
-    case V_ASN1_NEG_INTEGER:
-    case V_ASN1_ENUMERATED:
-    case V_ASN1_NEG_ENUMERATED:
-        /*
-         * These are all have the same content format as ASN1_INTEGER
-         */
-        return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, cout ? &cout : NULL);
-        break;
-
-    case V_ASN1_OCTET_STRING:
-    case V_ASN1_NUMERICSTRING:
-    case V_ASN1_PRINTABLESTRING:
-    case V_ASN1_T61STRING:
-    case V_ASN1_VIDEOTEXSTRING:
-    case V_ASN1_IA5STRING:
-    case V_ASN1_UTCTIME:
-    case V_ASN1_GENERALIZEDTIME:
-    case V_ASN1_GRAPHICSTRING:
-    case V_ASN1_VISIBLESTRING:
-    case V_ASN1_GENERALSTRING:
-    case V_ASN1_UNIVERSALSTRING:
-    case V_ASN1_BMPSTRING:
-    case V_ASN1_UTF8STRING:
-    case V_ASN1_SEQUENCE:
-    case V_ASN1_SET:
-    default:
-        /* All based on ASN1_STRING and handled the same */
-        strtmp = (ASN1_STRING *)*pval;
-        /* Special handling for NDEF */
-        if ((it->size == ASN1_TFLG_NDEF)
-            && (strtmp->flags & ASN1_STRING_FLAG_NDEF)) {
-            if (cout) {
-                strtmp->data = cout;
-                strtmp->length = 0;
-            }
-            /* Special return code */
-            return -2;
-        }
-        cont = strtmp->data;
-        len = strtmp->length;
-
-        break;
-
-    }
-    if (cout && len)
-        memcpy(cout, cont, len);
-    return len;
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/asn1/tasn_enc.c (from rev 11605, vendor-crypto/openssl/dist/crypto/asn1/tasn_enc.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/asn1/tasn_enc.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/tasn_enc.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,667 @@
+/* tasn_enc.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stddef.h>
+#include <string.h>
+#include <limits.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+
+static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
+                                 const ASN1_ITEM *it, int tag, int aclass);
+static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
+                            int skcontlen, const ASN1_ITEM *item,
+                            int do_sort, int iclass);
+static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+                                const ASN1_TEMPLATE *tt, int tag, int aclass);
+static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,
+                               const ASN1_ITEM *it, int flags);
+
+/*
+ * Top level i2d equivalents: the 'ndef' variant instructs the encoder to use
+ * indefinite length constructed encoding, where appropriate
+ */
+
+int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out,
+                       const ASN1_ITEM *it)
+{
+    return asn1_item_flags_i2d(val, out, it, ASN1_TFLG_NDEF);
+}
+
+int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it)
+{
+    return asn1_item_flags_i2d(val, out, it, 0);
+}
+
+/*
+ * Encode an ASN1 item, this is use by the standard 'i2d' function. 'out'
+ * points to a buffer to output the data to. The new i2d has one additional
+ * feature. If the output buffer is NULL (i.e. *out == NULL) then a buffer is
+ * allocated and populated with the encoding.
+ */
+
+static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,
+                               const ASN1_ITEM *it, int flags)
+{
+    if (out && !*out) {
+        unsigned char *p, *buf;
+        int len;
+        len = ASN1_item_ex_i2d(&val, NULL, it, -1, flags);
+        if (len <= 0)
+            return len;
+        buf = OPENSSL_malloc(len);
+        if (!buf)
+            return -1;
+        p = buf;
+        ASN1_item_ex_i2d(&val, &p, it, -1, flags);
+        *out = buf;
+        return len;
+    }
+
+    return ASN1_item_ex_i2d(&val, out, it, -1, flags);
+}
+
+/*
+ * Encode an item, taking care of IMPLICIT tagging (if any). This function
+ * performs the normal item handling: it can be used in external types.
+ */
+
+int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+                     const ASN1_ITEM *it, int tag, int aclass)
+{
+    const ASN1_TEMPLATE *tt = NULL;
+    unsigned char *p = NULL;
+    int i, seqcontlen, seqlen, ndef = 1;
+    const ASN1_COMPAT_FUNCS *cf;
+    const ASN1_EXTERN_FUNCS *ef;
+    const ASN1_AUX *aux = it->funcs;
+    ASN1_aux_cb *asn1_cb = 0;
+
+    if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval)
+        return 0;
+
+    if (aux && aux->asn1_cb)
+        asn1_cb = aux->asn1_cb;
+
+    switch (it->itype) {
+
+    case ASN1_ITYPE_PRIMITIVE:
+        if (it->templates)
+            return asn1_template_ex_i2d(pval, out, it->templates,
+                                        tag, aclass);
+        return asn1_i2d_ex_primitive(pval, out, it, tag, aclass);
+        break;
+
+    case ASN1_ITYPE_MSTRING:
+        return asn1_i2d_ex_primitive(pval, out, it, -1, aclass);
+
+    case ASN1_ITYPE_CHOICE:
+        if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL))
+            return 0;
+        i = asn1_get_choice_selector(pval, it);
+        if ((i >= 0) && (i < it->tcount)) {
+            ASN1_VALUE **pchval;
+            const ASN1_TEMPLATE *chtt;
+            chtt = it->templates + i;
+            pchval = asn1_get_field_ptr(pval, chtt);
+            return asn1_template_ex_i2d(pchval, out, chtt, -1, aclass);
+        }
+        /* Fixme: error condition if selector out of range */
+        if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it, NULL))
+            return 0;
+        break;
+
+    case ASN1_ITYPE_EXTERN:
+        /* If new style i2d it does all the work */
+        ef = it->funcs;
+        return ef->asn1_ex_i2d(pval, out, it, tag, aclass);
+
+    case ASN1_ITYPE_COMPAT:
+        /* old style hackery... */
+        cf = it->funcs;
+        if (out)
+            p = *out;
+        i = cf->asn1_i2d(*pval, out);
+        /*
+         * Fixup for IMPLICIT tag: note this messes up for tags > 30, but so
+         * did the old code. Tags > 30 are very rare anyway.
+         */
+        if (out && (tag != -1))
+            *p = aclass | tag | (*p & V_ASN1_CONSTRUCTED);
+        return i;
+
+    case ASN1_ITYPE_NDEF_SEQUENCE:
+        /* Use indefinite length constructed if requested */
+        if (aclass & ASN1_TFLG_NDEF)
+            ndef = 2;
+        /* fall through */
+
+    case ASN1_ITYPE_SEQUENCE:
+        i = asn1_enc_restore(&seqcontlen, out, pval, it);
+        /* An error occurred */
+        if (i < 0)
+            return 0;
+        /* We have a valid cached encoding... */
+        if (i > 0)
+            return seqcontlen;
+        /* Otherwise carry on */
+        seqcontlen = 0;
+        /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
+        if (tag == -1) {
+            tag = V_ASN1_SEQUENCE;
+            /* Retain any other flags in aclass */
+            aclass = (aclass & ~ASN1_TFLG_TAG_CLASS)
+                | V_ASN1_UNIVERSAL;
+        }
+        if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL))
+            return 0;
+        /* First work out sequence content length */
+        for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
+            const ASN1_TEMPLATE *seqtt;
+            ASN1_VALUE **pseqval;
+            int tmplen;
+            seqtt = asn1_do_adb(pval, tt, 1);
+            if (!seqtt)
+                return 0;
+            pseqval = asn1_get_field_ptr(pval, seqtt);
+            tmplen = asn1_template_ex_i2d(pseqval, NULL, seqtt, -1, aclass);
+            if (tmplen == -1 || (tmplen > INT_MAX - seqcontlen))
+                return -1;
+            seqcontlen += tmplen;
+        }
+
+        seqlen = ASN1_object_size(ndef, seqcontlen, tag);
+        if (!out || seqlen == -1)
+            return seqlen;
+        /* Output SEQUENCE header */
+        ASN1_put_object(out, ndef, seqcontlen, tag, aclass);
+        for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
+            const ASN1_TEMPLATE *seqtt;
+            ASN1_VALUE **pseqval;
+            seqtt = asn1_do_adb(pval, tt, 1);
+            if (!seqtt)
+                return 0;
+            pseqval = asn1_get_field_ptr(pval, seqtt);
+            /* FIXME: check for errors in enhanced version */
+            asn1_template_ex_i2d(pseqval, out, seqtt, -1, aclass);
+        }
+        if (ndef == 2)
+            ASN1_put_eoc(out);
+        if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it, NULL))
+            return 0;
+        return seqlen;
+
+    default:
+        return 0;
+
+    }
+    return 0;
+}
+
+int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out,
+                      const ASN1_TEMPLATE *tt)
+{
+    return asn1_template_ex_i2d(pval, out, tt, -1, 0);
+}
+
+static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+                                const ASN1_TEMPLATE *tt, int tag, int iclass)
+{
+    int i, ret, flags, ttag, tclass, ndef;
+    flags = tt->flags;
+    /*
+     * Work out tag and class to use: tagging may come either from the
+     * template or the arguments, not both because this would create
+     * ambiguity. Additionally the iclass argument may contain some
+     * additional flags which should be noted and passed down to other
+     * levels.
+     */
+    if (flags & ASN1_TFLG_TAG_MASK) {
+        /* Error if argument and template tagging */
+        if (tag != -1)
+            /* FIXME: error code here */
+            return -1;
+        /* Get tagging from template */
+        ttag = tt->tag;
+        tclass = flags & ASN1_TFLG_TAG_CLASS;
+    } else if (tag != -1) {
+        /* No template tagging, get from arguments */
+        ttag = tag;
+        tclass = iclass & ASN1_TFLG_TAG_CLASS;
+    } else {
+        ttag = -1;
+        tclass = 0;
+    }
+    /*
+     * Remove any class mask from iflag.
+     */
+    iclass &= ~ASN1_TFLG_TAG_CLASS;
+
+    /*
+     * At this point 'ttag' contains the outer tag to use, 'tclass' is the
+     * class and iclass is any flags passed to this function.
+     */
+
+    /* if template and arguments require ndef, use it */
+    if ((flags & ASN1_TFLG_NDEF) && (iclass & ASN1_TFLG_NDEF))
+        ndef = 2;
+    else
+        ndef = 1;
+
+    if (flags & ASN1_TFLG_SK_MASK) {
+        /* SET OF, SEQUENCE OF */
+        STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
+        int isset, sktag, skaclass;
+        int skcontlen, sklen;
+        ASN1_VALUE *skitem;
+
+        if (!*pval)
+            return 0;
+
+        if (flags & ASN1_TFLG_SET_OF) {
+            isset = 1;
+            /* 2 means we reorder */
+            if (flags & ASN1_TFLG_SEQUENCE_OF)
+                isset = 2;
+        } else
+            isset = 0;
+
+        /*
+         * Work out inner tag value: if EXPLICIT or no tagging use underlying
+         * type.
+         */
+        if ((ttag != -1) && !(flags & ASN1_TFLG_EXPTAG)) {
+            sktag = ttag;
+            skaclass = tclass;
+        } else {
+            skaclass = V_ASN1_UNIVERSAL;
+            if (isset)
+                sktag = V_ASN1_SET;
+            else
+                sktag = V_ASN1_SEQUENCE;
+        }
+
+        /* Determine total length of items */
+        skcontlen = 0;
+        for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+            int tmplen;
+            skitem = sk_ASN1_VALUE_value(sk, i);
+            tmplen = ASN1_item_ex_i2d(&skitem, NULL, ASN1_ITEM_ptr(tt->item),
+                                      -1, iclass);
+            if (tmplen == -1 || (skcontlen > INT_MAX - tmplen))
+                return -1;
+            skcontlen += tmplen;
+        }
+        sklen = ASN1_object_size(ndef, skcontlen, sktag);
+        if (sklen == -1)
+            return -1;
+        /* If EXPLICIT need length of surrounding tag */
+        if (flags & ASN1_TFLG_EXPTAG)
+            ret = ASN1_object_size(ndef, sklen, ttag);
+        else
+            ret = sklen;
+
+        if (!out || ret == -1)
+            return ret;
+
+        /* Now encode this lot... */
+        /* EXPLICIT tag */
+        if (flags & ASN1_TFLG_EXPTAG)
+            ASN1_put_object(out, ndef, sklen, ttag, tclass);
+        /* SET or SEQUENCE and IMPLICIT tag */
+        ASN1_put_object(out, ndef, skcontlen, sktag, skaclass);
+        /* And the stuff itself */
+        asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item),
+                         isset, iclass);
+        if (ndef == 2) {
+            ASN1_put_eoc(out);
+            if (flags & ASN1_TFLG_EXPTAG)
+                ASN1_put_eoc(out);
+        }
+
+        return ret;
+    }
+
+    if (flags & ASN1_TFLG_EXPTAG) {
+        /* EXPLICIT tagging */
+        /* Find length of tagged item */
+        i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item), -1, iclass);
+        if (!i)
+            return 0;
+        /* Find length of EXPLICIT tag */
+        ret = ASN1_object_size(ndef, i, ttag);
+        if (out && ret != -1) {
+            /* Output tag and item */
+            ASN1_put_object(out, ndef, i, ttag, tclass);
+            ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, iclass);
+            if (ndef == 2)
+                ASN1_put_eoc(out);
+        }
+        return ret;
+    }
+
+    /* Either normal or IMPLICIT tagging: combine class and flags */
+    return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item),
+                            ttag, tclass | iclass);
+
+}
+
+/* Temporary structure used to hold DER encoding of items for SET OF */
+
+typedef struct {
+    unsigned char *data;
+    int length;
+    ASN1_VALUE *field;
+} DER_ENC;
+
+static int der_cmp(const void *a, const void *b)
+{
+    const DER_ENC *d1 = a, *d2 = b;
+    int cmplen, i;
+    cmplen = (d1->length < d2->length) ? d1->length : d2->length;
+    i = memcmp(d1->data, d2->data, cmplen);
+    if (i)
+        return i;
+    return d1->length - d2->length;
+}
+
+/* Output the content octets of SET OF or SEQUENCE OF */
+
+static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
+                            int skcontlen, const ASN1_ITEM *item,
+                            int do_sort, int iclass)
+{
+    int i;
+    ASN1_VALUE *skitem;
+    unsigned char *tmpdat = NULL, *p = NULL;
+    DER_ENC *derlst = NULL, *tder;
+    if (do_sort) {
+        /* Don't need to sort less than 2 items */
+        if (sk_ASN1_VALUE_num(sk) < 2)
+            do_sort = 0;
+        else {
+            derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk)
+                                    * sizeof(*derlst));
+            if (!derlst)
+                return 0;
+            tmpdat = OPENSSL_malloc(skcontlen);
+            if (!tmpdat) {
+                OPENSSL_free(derlst);
+                return 0;
+            }
+        }
+    }
+    /* If not sorting just output each item */
+    if (!do_sort) {
+        for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+            skitem = sk_ASN1_VALUE_value(sk, i);
+            ASN1_item_ex_i2d(&skitem, out, item, -1, iclass);
+        }
+        return 1;
+    }
+    p = tmpdat;
+
+    /* Doing sort: build up a list of each member's DER encoding */
+    for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) {
+        skitem = sk_ASN1_VALUE_value(sk, i);
+        tder->data = p;
+        tder->length = ASN1_item_ex_i2d(&skitem, &p, item, -1, iclass);
+        tder->field = skitem;
+    }
+
+    /* Now sort them */
+    qsort(derlst, sk_ASN1_VALUE_num(sk), sizeof(*derlst), der_cmp);
+    /* Output sorted DER encoding */
+    p = *out;
+    for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) {
+        memcpy(p, tder->data, tder->length);
+        p += tder->length;
+    }
+    *out = p;
+    /* If do_sort is 2 then reorder the STACK */
+    if (do_sort == 2) {
+        for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++)
+            (void)sk_ASN1_VALUE_set(sk, i, tder->field);
+    }
+    OPENSSL_free(derlst);
+    OPENSSL_free(tmpdat);
+    return 1;
+}
+
+static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
+                                 const ASN1_ITEM *it, int tag, int aclass)
+{
+    int len;
+    int utype;
+    int usetag;
+    int ndef = 0;
+
+    utype = it->utype;
+
+    /*
+     * Get length of content octets and maybe find out the underlying type.
+     */
+
+    len = asn1_ex_i2c(pval, NULL, &utype, it);
+
+    /*
+     * If SEQUENCE, SET or OTHER then header is included in pseudo content
+     * octets so don't include tag+length. We need to check here because the
+     * call to asn1_ex_i2c() could change utype.
+     */
+    if ((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) ||
+        (utype == V_ASN1_OTHER))
+        usetag = 0;
+    else
+        usetag = 1;
+
+    /* -1 means omit type */
+
+    if (len == -1)
+        return 0;
+
+    /* -2 return is special meaning use ndef */
+    if (len == -2) {
+        ndef = 2;
+        len = 0;
+    }
+
+    /* If not implicitly tagged get tag from underlying type */
+    if (tag == -1)
+        tag = utype;
+
+    /* Output tag+length followed by content octets */
+    if (out) {
+        if (usetag)
+            ASN1_put_object(out, ndef, len, tag, aclass);
+        asn1_ex_i2c(pval, *out, &utype, it);
+        if (ndef)
+            ASN1_put_eoc(out);
+        else
+            *out += len;
+    }
+
+    if (usetag)
+        return ASN1_object_size(ndef, len, tag);
+    return len;
+}
+
+/* Produce content octets from a structure */
+
+int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
+                const ASN1_ITEM *it)
+{
+    ASN1_BOOLEAN *tbool = NULL;
+    ASN1_STRING *strtmp;
+    ASN1_OBJECT *otmp;
+    int utype;
+    const unsigned char *cont;
+    unsigned char c;
+    int len;
+    const ASN1_PRIMITIVE_FUNCS *pf;
+    pf = it->funcs;
+    if (pf && pf->prim_i2c)
+        return pf->prim_i2c(pval, cout, putype, it);
+
+    /* Should type be omitted? */
+    if ((it->itype != ASN1_ITYPE_PRIMITIVE)
+        || (it->utype != V_ASN1_BOOLEAN)) {
+        if (!*pval)
+            return -1;
+    }
+
+    if (it->itype == ASN1_ITYPE_MSTRING) {
+        /* If MSTRING type set the underlying type */
+        strtmp = (ASN1_STRING *)*pval;
+        utype = strtmp->type;
+        *putype = utype;
+    } else if (it->utype == V_ASN1_ANY) {
+        /* If ANY set type and pointer to value */
+        ASN1_TYPE *typ;
+        typ = (ASN1_TYPE *)*pval;
+        utype = typ->type;
+        *putype = utype;
+        pval = &typ->value.asn1_value;
+    } else
+        utype = *putype;
+
+    switch (utype) {
+    case V_ASN1_OBJECT:
+        otmp = (ASN1_OBJECT *)*pval;
+        cont = otmp->data;
+        len = otmp->length;
+        break;
+
+    case V_ASN1_NULL:
+        cont = NULL;
+        len = 0;
+        break;
+
+    case V_ASN1_BOOLEAN:
+        tbool = (ASN1_BOOLEAN *)pval;
+        if (*tbool == -1)
+            return -1;
+        if (it->utype != V_ASN1_ANY) {
+            /*
+             * Default handling if value == size field then omit
+             */
+            if (*tbool && (it->size > 0))
+                return -1;
+            if (!*tbool && !it->size)
+                return -1;
+        }
+        c = (unsigned char)*tbool;
+        cont = &c;
+        len = 1;
+        break;
+
+    case V_ASN1_BIT_STRING:
+        return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval,
+                                   cout ? &cout : NULL);
+        break;
+
+    case V_ASN1_INTEGER:
+    case V_ASN1_ENUMERATED:
+        /*
+         * These are all have the same content format as ASN1_INTEGER
+         */
+        return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, cout ? &cout : NULL);
+        break;
+
+    case V_ASN1_OCTET_STRING:
+    case V_ASN1_NUMERICSTRING:
+    case V_ASN1_PRINTABLESTRING:
+    case V_ASN1_T61STRING:
+    case V_ASN1_VIDEOTEXSTRING:
+    case V_ASN1_IA5STRING:
+    case V_ASN1_UTCTIME:
+    case V_ASN1_GENERALIZEDTIME:
+    case V_ASN1_GRAPHICSTRING:
+    case V_ASN1_VISIBLESTRING:
+    case V_ASN1_GENERALSTRING:
+    case V_ASN1_UNIVERSALSTRING:
+    case V_ASN1_BMPSTRING:
+    case V_ASN1_UTF8STRING:
+    case V_ASN1_SEQUENCE:
+    case V_ASN1_SET:
+    default:
+        /* All based on ASN1_STRING and handled the same */
+        strtmp = (ASN1_STRING *)*pval;
+        /* Special handling for NDEF */
+        if ((it->size == ASN1_TFLG_NDEF)
+            && (strtmp->flags & ASN1_STRING_FLAG_NDEF)) {
+            if (cout) {
+                strtmp->data = cout;
+                strtmp->length = 0;
+            }
+            /* Special return code */
+            return -2;
+        }
+        cont = strtmp->data;
+        len = strtmp->length;
+
+        break;
+
+    }
+    if (cout && len)
+        memcpy(cout, cont, len);
+    return len;
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/asn1/tasn_prn.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/tasn_prn.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/tasn_prn.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,585 +0,0 @@
-/* tasn_prn.c */
-/*
- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000,2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stddef.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/objects.h>
-#include <openssl/buffer.h>
-#include <openssl/err.h>
-#include <openssl/x509v3.h>
-#include "asn1_locl.h"
-
-/*
- * Print routines.
- */
-
-/* ASN1_PCTX routines */
-
-ASN1_PCTX default_pctx = {
-    ASN1_PCTX_FLAGS_SHOW_ABSENT, /* flags */
-    0,                          /* nm_flags */
-    0,                          /* cert_flags */
-    0,                          /* oid_flags */
-    0                           /* str_flags */
-};
-
-ASN1_PCTX *ASN1_PCTX_new(void)
-{
-    ASN1_PCTX *ret;
-    ret = OPENSSL_malloc(sizeof(ASN1_PCTX));
-    if (ret == NULL) {
-        ASN1err(ASN1_F_ASN1_PCTX_NEW, ERR_R_MALLOC_FAILURE);
-        return NULL;
-    }
-    ret->flags = 0;
-    ret->nm_flags = 0;
-    ret->cert_flags = 0;
-    ret->oid_flags = 0;
-    ret->str_flags = 0;
-    return ret;
-}
-
-void ASN1_PCTX_free(ASN1_PCTX *p)
-{
-    OPENSSL_free(p);
-}
-
-unsigned long ASN1_PCTX_get_flags(ASN1_PCTX *p)
-{
-    return p->flags;
-}
-
-void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags)
-{
-    p->flags = flags;
-}
-
-unsigned long ASN1_PCTX_get_nm_flags(ASN1_PCTX *p)
-{
-    return p->nm_flags;
-}
-
-void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags)
-{
-    p->nm_flags = flags;
-}
-
-unsigned long ASN1_PCTX_get_cert_flags(ASN1_PCTX *p)
-{
-    return p->cert_flags;
-}
-
-void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags)
-{
-    p->cert_flags = flags;
-}
-
-unsigned long ASN1_PCTX_get_oid_flags(ASN1_PCTX *p)
-{
-    return p->oid_flags;
-}
-
-void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags)
-{
-    p->oid_flags = flags;
-}
-
-unsigned long ASN1_PCTX_get_str_flags(ASN1_PCTX *p)
-{
-    return p->str_flags;
-}
-
-void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags)
-{
-    p->str_flags = flags;
-}
-
-/* Main print routines */
-
-static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
-                               const ASN1_ITEM *it,
-                               const char *fname, const char *sname,
-                               int nohdr, const ASN1_PCTX *pctx);
-
-int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
-                            const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx);
-
-static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld,
-                                const ASN1_ITEM *it, int indent,
-                                const char *fname, const char *sname,
-                                const ASN1_PCTX *pctx);
-
-static int asn1_print_fsname(BIO *out, int indent,
-                             const char *fname, const char *sname,
-                             const ASN1_PCTX *pctx);
-
-int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent,
-                    const ASN1_ITEM *it, const ASN1_PCTX *pctx)
-{
-    const char *sname;
-    if (pctx == NULL)
-        pctx = &default_pctx;
-    if (pctx->flags & ASN1_PCTX_FLAGS_NO_STRUCT_NAME)
-        sname = NULL;
-    else
-        sname = it->sname;
-    return asn1_item_print_ctx(out, &ifld, indent, it, NULL, sname, 0, pctx);
-}
-
-static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
-                               const ASN1_ITEM *it,
-                               const char *fname, const char *sname,
-                               int nohdr, const ASN1_PCTX *pctx)
-{
-    const ASN1_TEMPLATE *tt;
-    const ASN1_EXTERN_FUNCS *ef;
-    ASN1_VALUE **tmpfld;
-    const ASN1_AUX *aux = it->funcs;
-    ASN1_aux_cb *asn1_cb;
-    ASN1_PRINT_ARG parg;
-    int i;
-    if (aux && aux->asn1_cb) {
-        parg.out = out;
-        parg.indent = indent;
-        parg.pctx = pctx;
-        asn1_cb = aux->asn1_cb;
-    } else
-        asn1_cb = 0;
-
-    if (*fld == NULL) {
-        if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_ABSENT) {
-            if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx))
-                return 0;
-            if (BIO_puts(out, "<ABSENT>\n") <= 0)
-                return 0;
-        }
-        return 1;
-    }
-
-    switch (it->itype) {
-    case ASN1_ITYPE_PRIMITIVE:
-        if (it->templates) {
-            if (!asn1_template_print_ctx(out, fld, indent,
-                                         it->templates, pctx))
-                return 0;
-            break;
-        }
-        /* fall thru */
-    case ASN1_ITYPE_MSTRING:
-        if (!asn1_primitive_print(out, fld, it, indent, fname, sname, pctx))
-            return 0;
-        break;
-
-    case ASN1_ITYPE_EXTERN:
-        if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx))
-            return 0;
-        /* Use new style print routine if possible */
-        ef = it->funcs;
-        if (ef && ef->asn1_ex_print) {
-            i = ef->asn1_ex_print(out, fld, indent, "", pctx);
-            if (!i)
-                return 0;
-            if ((i == 2) && (BIO_puts(out, "\n") <= 0))
-                return 0;
-            return 1;
-        } else if (sname &&
-                   BIO_printf(out, ":EXTERNAL TYPE %s\n", sname) <= 0)
-            return 0;
-        break;
-
-    case ASN1_ITYPE_CHOICE:
-#if 0
-        if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx))
-            return 0;
-#endif
-        /* CHOICE type, get selector */
-        i = asn1_get_choice_selector(fld, it);
-        /* This should never happen... */
-        if ((i < 0) || (i >= it->tcount)) {
-            if (BIO_printf(out, "ERROR: selector [%d] invalid\n", i) <= 0)
-                return 0;
-            return 1;
-        }
-        tt = it->templates + i;
-        tmpfld = asn1_get_field_ptr(fld, tt);
-        if (!asn1_template_print_ctx(out, tmpfld, indent, tt, pctx))
-            return 0;
-        break;
-
-    case ASN1_ITYPE_SEQUENCE:
-    case ASN1_ITYPE_NDEF_SEQUENCE:
-        if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx))
-            return 0;
-        if (fname || sname) {
-            if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) {
-                if (BIO_puts(out, " {\n") <= 0)
-                    return 0;
-            } else {
-                if (BIO_puts(out, "\n") <= 0)
-                    return 0;
-            }
-        }
-
-        if (asn1_cb) {
-            i = asn1_cb(ASN1_OP_PRINT_PRE, fld, it, &parg);
-            if (i == 0)
-                return 0;
-            if (i == 2)
-                return 1;
-        }
-
-        /* Print each field entry */
-        for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
-            const ASN1_TEMPLATE *seqtt;
-            seqtt = asn1_do_adb(fld, tt, 1);
-            if (!seqtt)
-                return 0;
-            tmpfld = asn1_get_field_ptr(fld, seqtt);
-            if (!asn1_template_print_ctx(out, tmpfld,
-                                         indent + 2, seqtt, pctx))
-                return 0;
-        }
-        if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) {
-            if (BIO_printf(out, "%*s}\n", indent, "") < 0)
-                return 0;
-        }
-
-        if (asn1_cb) {
-            i = asn1_cb(ASN1_OP_PRINT_POST, fld, it, &parg);
-            if (i == 0)
-                return 0;
-        }
-        break;
-
-    default:
-        BIO_printf(out, "Unprocessed type %d\n", it->itype);
-        return 0;
-    }
-
-    return 1;
-}
-
-int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
-                            const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx)
-{
-    int i, flags;
-    const char *sname, *fname;
-    flags = tt->flags;
-    if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME)
-        sname = ASN1_ITEM_ptr(tt->item)->sname;
-    else
-        sname = NULL;
-    if (pctx->flags & ASN1_PCTX_FLAGS_NO_FIELD_NAME)
-        fname = NULL;
-    else
-        fname = tt->field_name;
-    if (flags & ASN1_TFLG_SK_MASK) {
-        char *tname;
-        ASN1_VALUE *skitem;
-        STACK_OF(ASN1_VALUE) *stack;
-
-        /* SET OF, SEQUENCE OF */
-        if (fname) {
-            if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SSOF) {
-                if (flags & ASN1_TFLG_SET_OF)
-                    tname = "SET";
-                else
-                    tname = "SEQUENCE";
-                if (BIO_printf(out, "%*s%s OF %s {\n",
-                               indent, "", tname, tt->field_name) <= 0)
-                    return 0;
-            } else if (BIO_printf(out, "%*s%s:\n", indent, "", fname) <= 0)
-                return 0;
-        }
-        stack = (STACK_OF(ASN1_VALUE) *)*fld;
-        for (i = 0; i < sk_ASN1_VALUE_num(stack); i++) {
-            if ((i > 0) && (BIO_puts(out, "\n") <= 0))
-                return 0;
-
-            skitem = sk_ASN1_VALUE_value(stack, i);
-            if (!asn1_item_print_ctx(out, &skitem, indent + 2,
-                                     ASN1_ITEM_ptr(tt->item), NULL, NULL, 1,
-                                     pctx))
-                return 0;
-        }
-        if (!i && BIO_printf(out, "%*s<EMPTY>\n", indent + 2, "") <= 0)
-            return 0;
-        if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) {
-            if (BIO_printf(out, "%*s}\n", indent, "") <= 0)
-                return 0;
-        }
-        return 1;
-    }
-    return asn1_item_print_ctx(out, fld, indent, ASN1_ITEM_ptr(tt->item),
-                               fname, sname, 0, pctx);
-}
-
-static int asn1_print_fsname(BIO *out, int indent,
-                             const char *fname, const char *sname,
-                             const ASN1_PCTX *pctx)
-{
-    static char spaces[] = "                    ";
-    const int nspaces = sizeof(spaces) - 1;
-
-#if 0
-    if (!sname && !fname)
-        return 1;
-#endif
-
-    while (indent > nspaces) {
-        if (BIO_write(out, spaces, nspaces) != nspaces)
-            return 0;
-        indent -= nspaces;
-    }
-    if (BIO_write(out, spaces, indent) != indent)
-        return 0;
-    if (pctx->flags & ASN1_PCTX_FLAGS_NO_STRUCT_NAME)
-        sname = NULL;
-    if (pctx->flags & ASN1_PCTX_FLAGS_NO_FIELD_NAME)
-        fname = NULL;
-    if (!sname && !fname)
-        return 1;
-    if (fname) {
-        if (BIO_puts(out, fname) <= 0)
-            return 0;
-    }
-    if (sname) {
-        if (fname) {
-            if (BIO_printf(out, " (%s)", sname) <= 0)
-                return 0;
-        } else {
-            if (BIO_puts(out, sname) <= 0)
-                return 0;
-        }
-    }
-    if (BIO_write(out, ": ", 2) != 2)
-        return 0;
-    return 1;
-}
-
-static int asn1_print_boolean_ctx(BIO *out, int boolval,
-                                  const ASN1_PCTX *pctx)
-{
-    const char *str;
-    switch (boolval) {
-    case -1:
-        str = "BOOL ABSENT";
-        break;
-
-    case 0:
-        str = "FALSE";
-        break;
-
-    default:
-        str = "TRUE";
-        break;
-
-    }
-
-    if (BIO_puts(out, str) <= 0)
-        return 0;
-    return 1;
-
-}
-
-static int asn1_print_integer_ctx(BIO *out, ASN1_INTEGER *str,
-                                  const ASN1_PCTX *pctx)
-{
-    char *s;
-    int ret = 1;
-    s = i2s_ASN1_INTEGER(NULL, str);
-    if (BIO_puts(out, s) <= 0)
-        ret = 0;
-    OPENSSL_free(s);
-    return ret;
-}
-
-static int asn1_print_oid_ctx(BIO *out, const ASN1_OBJECT *oid,
-                              const ASN1_PCTX *pctx)
-{
-    char objbuf[80];
-    const char *ln;
-    ln = OBJ_nid2ln(OBJ_obj2nid(oid));
-    if (!ln)
-        ln = "";
-    OBJ_obj2txt(objbuf, sizeof objbuf, oid, 1);
-    if (BIO_printf(out, "%s (%s)", ln, objbuf) <= 0)
-        return 0;
-    return 1;
-}
-
-static int asn1_print_obstring_ctx(BIO *out, ASN1_STRING *str, int indent,
-                                   const ASN1_PCTX *pctx)
-{
-    if (str->type == V_ASN1_BIT_STRING) {
-        if (BIO_printf(out, " (%ld unused bits)\n", str->flags & 0x7) <= 0)
-            return 0;
-    } else if (BIO_puts(out, "\n") <= 0)
-        return 0;
-    if ((str->length > 0)
-        && BIO_dump_indent(out, (char *)str->data, str->length,
-                           indent + 2) <= 0)
-        return 0;
-    return 1;
-}
-
-static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld,
-                                const ASN1_ITEM *it, int indent,
-                                const char *fname, const char *sname,
-                                const ASN1_PCTX *pctx)
-{
-    long utype;
-    ASN1_STRING *str;
-    int ret = 1, needlf = 1;
-    const char *pname;
-    const ASN1_PRIMITIVE_FUNCS *pf;
-    pf = it->funcs;
-    if (!asn1_print_fsname(out, indent, fname, sname, pctx))
-        return 0;
-    if (pf && pf->prim_print)
-        return pf->prim_print(out, fld, it, indent, pctx);
-    str = (ASN1_STRING *)*fld;
-    if (it->itype == ASN1_ITYPE_MSTRING)
-        utype = str->type & ~V_ASN1_NEG;
-    else
-        utype = it->utype;
-    if (utype == V_ASN1_ANY) {
-        ASN1_TYPE *atype = (ASN1_TYPE *)*fld;
-        utype = atype->type;
-        fld = &atype->value.asn1_value;
-        str = (ASN1_STRING *)*fld;
-        if (pctx->flags & ASN1_PCTX_FLAGS_NO_ANY_TYPE)
-            pname = NULL;
-        else
-            pname = ASN1_tag2str(utype);
-    } else {
-        if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_TYPE)
-            pname = ASN1_tag2str(utype);
-        else
-            pname = NULL;
-    }
-
-    if (utype == V_ASN1_NULL) {
-        if (BIO_puts(out, "NULL\n") <= 0)
-            return 0;
-        return 1;
-    }
-
-    if (pname) {
-        if (BIO_puts(out, pname) <= 0)
-            return 0;
-        if (BIO_puts(out, ":") <= 0)
-            return 0;
-    }
-
-    switch (utype) {
-    case V_ASN1_BOOLEAN:
-        {
-            int boolval = *(int *)fld;
-            if (boolval == -1)
-                boolval = it->size;
-            ret = asn1_print_boolean_ctx(out, boolval, pctx);
-        }
-        break;
-
-    case V_ASN1_INTEGER:
-    case V_ASN1_ENUMERATED:
-        ret = asn1_print_integer_ctx(out, str, pctx);
-        break;
-
-    case V_ASN1_UTCTIME:
-        ret = ASN1_UTCTIME_print(out, str);
-        break;
-
-    case V_ASN1_GENERALIZEDTIME:
-        ret = ASN1_GENERALIZEDTIME_print(out, str);
-        break;
-
-    case V_ASN1_OBJECT:
-        ret = asn1_print_oid_ctx(out, (const ASN1_OBJECT *)*fld, pctx);
-        break;
-
-    case V_ASN1_OCTET_STRING:
-    case V_ASN1_BIT_STRING:
-        ret = asn1_print_obstring_ctx(out, str, indent, pctx);
-        needlf = 0;
-        break;
-
-    case V_ASN1_SEQUENCE:
-    case V_ASN1_SET:
-    case V_ASN1_OTHER:
-        if (BIO_puts(out, "\n") <= 0)
-            return 0;
-        if (ASN1_parse_dump(out, str->data, str->length, indent, 0) <= 0)
-            ret = 0;
-        needlf = 0;
-        break;
-
-    default:
-        ret = ASN1_STRING_print_ex(out, str, pctx->str_flags);
-
-    }
-    if (!ret)
-        return 0;
-    if (needlf && BIO_puts(out, "\n") <= 0)
-        return 0;
-    return 1;
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/asn1/tasn_prn.c (from rev 11605, vendor-crypto/openssl/dist/crypto/asn1/tasn_prn.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/asn1/tasn_prn.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/tasn_prn.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,587 @@
+/* tasn_prn.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000,2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stddef.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+#include <openssl/x509v3.h>
+#include "asn1_locl.h"
+
+/*
+ * Print routines.
+ */
+
+/* ASN1_PCTX routines */
+
+ASN1_PCTX default_pctx = {
+    ASN1_PCTX_FLAGS_SHOW_ABSENT, /* flags */
+    0,                          /* nm_flags */
+    0,                          /* cert_flags */
+    0,                          /* oid_flags */
+    0                           /* str_flags */
+};
+
+ASN1_PCTX *ASN1_PCTX_new(void)
+{
+    ASN1_PCTX *ret;
+    ret = OPENSSL_malloc(sizeof(ASN1_PCTX));
+    if (ret == NULL) {
+        ASN1err(ASN1_F_ASN1_PCTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->flags = 0;
+    ret->nm_flags = 0;
+    ret->cert_flags = 0;
+    ret->oid_flags = 0;
+    ret->str_flags = 0;
+    return ret;
+}
+
+void ASN1_PCTX_free(ASN1_PCTX *p)
+{
+    OPENSSL_free(p);
+}
+
+unsigned long ASN1_PCTX_get_flags(ASN1_PCTX *p)
+{
+    return p->flags;
+}
+
+void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags)
+{
+    p->flags = flags;
+}
+
+unsigned long ASN1_PCTX_get_nm_flags(ASN1_PCTX *p)
+{
+    return p->nm_flags;
+}
+
+void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags)
+{
+    p->nm_flags = flags;
+}
+
+unsigned long ASN1_PCTX_get_cert_flags(ASN1_PCTX *p)
+{
+    return p->cert_flags;
+}
+
+void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags)
+{
+    p->cert_flags = flags;
+}
+
+unsigned long ASN1_PCTX_get_oid_flags(ASN1_PCTX *p)
+{
+    return p->oid_flags;
+}
+
+void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags)
+{
+    p->oid_flags = flags;
+}
+
+unsigned long ASN1_PCTX_get_str_flags(ASN1_PCTX *p)
+{
+    return p->str_flags;
+}
+
+void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags)
+{
+    p->str_flags = flags;
+}
+
+/* Main print routines */
+
+static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
+                               const ASN1_ITEM *it,
+                               const char *fname, const char *sname,
+                               int nohdr, const ASN1_PCTX *pctx);
+
+int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
+                            const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx);
+
+static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld,
+                                const ASN1_ITEM *it, int indent,
+                                const char *fname, const char *sname,
+                                const ASN1_PCTX *pctx);
+
+static int asn1_print_fsname(BIO *out, int indent,
+                             const char *fname, const char *sname,
+                             const ASN1_PCTX *pctx);
+
+int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent,
+                    const ASN1_ITEM *it, const ASN1_PCTX *pctx)
+{
+    const char *sname;
+    if (pctx == NULL)
+        pctx = &default_pctx;
+    if (pctx->flags & ASN1_PCTX_FLAGS_NO_STRUCT_NAME)
+        sname = NULL;
+    else
+        sname = it->sname;
+    return asn1_item_print_ctx(out, &ifld, indent, it, NULL, sname, 0, pctx);
+}
+
+static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
+                               const ASN1_ITEM *it,
+                               const char *fname, const char *sname,
+                               int nohdr, const ASN1_PCTX *pctx)
+{
+    const ASN1_TEMPLATE *tt;
+    const ASN1_EXTERN_FUNCS *ef;
+    ASN1_VALUE **tmpfld;
+    const ASN1_AUX *aux = it->funcs;
+    ASN1_aux_cb *asn1_cb;
+    ASN1_PRINT_ARG parg;
+    int i;
+    if (aux && aux->asn1_cb) {
+        parg.out = out;
+        parg.indent = indent;
+        parg.pctx = pctx;
+        asn1_cb = aux->asn1_cb;
+    } else
+        asn1_cb = 0;
+
+    if (*fld == NULL) {
+        if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_ABSENT) {
+            if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx))
+                return 0;
+            if (BIO_puts(out, "<ABSENT>\n") <= 0)
+                return 0;
+        }
+        return 1;
+    }
+
+    switch (it->itype) {
+    case ASN1_ITYPE_PRIMITIVE:
+        if (it->templates) {
+            if (!asn1_template_print_ctx(out, fld, indent,
+                                         it->templates, pctx))
+                return 0;
+            break;
+        }
+        /* fall thru */
+    case ASN1_ITYPE_MSTRING:
+        if (!asn1_primitive_print(out, fld, it, indent, fname, sname, pctx))
+            return 0;
+        break;
+
+    case ASN1_ITYPE_EXTERN:
+        if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx))
+            return 0;
+        /* Use new style print routine if possible */
+        ef = it->funcs;
+        if (ef && ef->asn1_ex_print) {
+            i = ef->asn1_ex_print(out, fld, indent, "", pctx);
+            if (!i)
+                return 0;
+            if ((i == 2) && (BIO_puts(out, "\n") <= 0))
+                return 0;
+            return 1;
+        } else if (sname &&
+                   BIO_printf(out, ":EXTERNAL TYPE %s\n", sname) <= 0)
+            return 0;
+        break;
+
+    case ASN1_ITYPE_CHOICE:
+#if 0
+        if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx))
+            return 0;
+#endif
+        /* CHOICE type, get selector */
+        i = asn1_get_choice_selector(fld, it);
+        /* This should never happen... */
+        if ((i < 0) || (i >= it->tcount)) {
+            if (BIO_printf(out, "ERROR: selector [%d] invalid\n", i) <= 0)
+                return 0;
+            return 1;
+        }
+        tt = it->templates + i;
+        tmpfld = asn1_get_field_ptr(fld, tt);
+        if (!asn1_template_print_ctx(out, tmpfld, indent, tt, pctx))
+            return 0;
+        break;
+
+    case ASN1_ITYPE_SEQUENCE:
+    case ASN1_ITYPE_NDEF_SEQUENCE:
+        if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx))
+            return 0;
+        if (fname || sname) {
+            if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) {
+                if (BIO_puts(out, " {\n") <= 0)
+                    return 0;
+            } else {
+                if (BIO_puts(out, "\n") <= 0)
+                    return 0;
+            }
+        }
+
+        if (asn1_cb) {
+            i = asn1_cb(ASN1_OP_PRINT_PRE, fld, it, &parg);
+            if (i == 0)
+                return 0;
+            if (i == 2)
+                return 1;
+        }
+
+        /* Print each field entry */
+        for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+            const ASN1_TEMPLATE *seqtt;
+            seqtt = asn1_do_adb(fld, tt, 1);
+            if (!seqtt)
+                return 0;
+            tmpfld = asn1_get_field_ptr(fld, seqtt);
+            if (!asn1_template_print_ctx(out, tmpfld,
+                                         indent + 2, seqtt, pctx))
+                return 0;
+        }
+        if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) {
+            if (BIO_printf(out, "%*s}\n", indent, "") < 0)
+                return 0;
+        }
+
+        if (asn1_cb) {
+            i = asn1_cb(ASN1_OP_PRINT_POST, fld, it, &parg);
+            if (i == 0)
+                return 0;
+        }
+        break;
+
+    default:
+        BIO_printf(out, "Unprocessed type %d\n", it->itype);
+        return 0;
+    }
+
+    return 1;
+}
+
+int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
+                            const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx)
+{
+    int i, flags;
+    const char *sname, *fname;
+    flags = tt->flags;
+    if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME)
+        sname = ASN1_ITEM_ptr(tt->item)->sname;
+    else
+        sname = NULL;
+    if (pctx->flags & ASN1_PCTX_FLAGS_NO_FIELD_NAME)
+        fname = NULL;
+    else
+        fname = tt->field_name;
+    if (flags & ASN1_TFLG_SK_MASK) {
+        char *tname;
+        ASN1_VALUE *skitem;
+        STACK_OF(ASN1_VALUE) *stack;
+
+        /* SET OF, SEQUENCE OF */
+        if (fname) {
+            if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SSOF) {
+                if (flags & ASN1_TFLG_SET_OF)
+                    tname = "SET";
+                else
+                    tname = "SEQUENCE";
+                if (BIO_printf(out, "%*s%s OF %s {\n",
+                               indent, "", tname, tt->field_name) <= 0)
+                    return 0;
+            } else if (BIO_printf(out, "%*s%s:\n", indent, "", fname) <= 0)
+                return 0;
+        }
+        stack = (STACK_OF(ASN1_VALUE) *)*fld;
+        for (i = 0; i < sk_ASN1_VALUE_num(stack); i++) {
+            if ((i > 0) && (BIO_puts(out, "\n") <= 0))
+                return 0;
+
+            skitem = sk_ASN1_VALUE_value(stack, i);
+            if (!asn1_item_print_ctx(out, &skitem, indent + 2,
+                                     ASN1_ITEM_ptr(tt->item), NULL, NULL, 1,
+                                     pctx))
+                return 0;
+        }
+        if (!i && BIO_printf(out, "%*s<EMPTY>\n", indent + 2, "") <= 0)
+            return 0;
+        if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) {
+            if (BIO_printf(out, "%*s}\n", indent, "") <= 0)
+                return 0;
+        }
+        return 1;
+    }
+    return asn1_item_print_ctx(out, fld, indent, ASN1_ITEM_ptr(tt->item),
+                               fname, sname, 0, pctx);
+}
+
+static int asn1_print_fsname(BIO *out, int indent,
+                             const char *fname, const char *sname,
+                             const ASN1_PCTX *pctx)
+{
+    static char spaces[] = "                    ";
+    const int nspaces = sizeof(spaces) - 1;
+
+#if 0
+    if (!sname && !fname)
+        return 1;
+#endif
+
+    while (indent > nspaces) {
+        if (BIO_write(out, spaces, nspaces) != nspaces)
+            return 0;
+        indent -= nspaces;
+    }
+    if (BIO_write(out, spaces, indent) != indent)
+        return 0;
+    if (pctx->flags & ASN1_PCTX_FLAGS_NO_STRUCT_NAME)
+        sname = NULL;
+    if (pctx->flags & ASN1_PCTX_FLAGS_NO_FIELD_NAME)
+        fname = NULL;
+    if (!sname && !fname)
+        return 1;
+    if (fname) {
+        if (BIO_puts(out, fname) <= 0)
+            return 0;
+    }
+    if (sname) {
+        if (fname) {
+            if (BIO_printf(out, " (%s)", sname) <= 0)
+                return 0;
+        } else {
+            if (BIO_puts(out, sname) <= 0)
+                return 0;
+        }
+    }
+    if (BIO_write(out, ": ", 2) != 2)
+        return 0;
+    return 1;
+}
+
+static int asn1_print_boolean_ctx(BIO *out, int boolval,
+                                  const ASN1_PCTX *pctx)
+{
+    const char *str;
+    switch (boolval) {
+    case -1:
+        str = "BOOL ABSENT";
+        break;
+
+    case 0:
+        str = "FALSE";
+        break;
+
+    default:
+        str = "TRUE";
+        break;
+
+    }
+
+    if (BIO_puts(out, str) <= 0)
+        return 0;
+    return 1;
+
+}
+
+static int asn1_print_integer_ctx(BIO *out, ASN1_INTEGER *str,
+                                  const ASN1_PCTX *pctx)
+{
+    char *s;
+    int ret = 1;
+    s = i2s_ASN1_INTEGER(NULL, str);
+    if (s == NULL)
+        return 0;
+    if (BIO_puts(out, s) <= 0)
+        ret = 0;
+    OPENSSL_free(s);
+    return ret;
+}
+
+static int asn1_print_oid_ctx(BIO *out, const ASN1_OBJECT *oid,
+                              const ASN1_PCTX *pctx)
+{
+    char objbuf[80];
+    const char *ln;
+    ln = OBJ_nid2ln(OBJ_obj2nid(oid));
+    if (!ln)
+        ln = "";
+    OBJ_obj2txt(objbuf, sizeof objbuf, oid, 1);
+    if (BIO_printf(out, "%s (%s)", ln, objbuf) <= 0)
+        return 0;
+    return 1;
+}
+
+static int asn1_print_obstring_ctx(BIO *out, ASN1_STRING *str, int indent,
+                                   const ASN1_PCTX *pctx)
+{
+    if (str->type == V_ASN1_BIT_STRING) {
+        if (BIO_printf(out, " (%ld unused bits)\n", str->flags & 0x7) <= 0)
+            return 0;
+    } else if (BIO_puts(out, "\n") <= 0)
+        return 0;
+    if ((str->length > 0)
+        && BIO_dump_indent(out, (char *)str->data, str->length,
+                           indent + 2) <= 0)
+        return 0;
+    return 1;
+}
+
+static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld,
+                                const ASN1_ITEM *it, int indent,
+                                const char *fname, const char *sname,
+                                const ASN1_PCTX *pctx)
+{
+    long utype;
+    ASN1_STRING *str;
+    int ret = 1, needlf = 1;
+    const char *pname;
+    const ASN1_PRIMITIVE_FUNCS *pf;
+    pf = it->funcs;
+    if (!asn1_print_fsname(out, indent, fname, sname, pctx))
+        return 0;
+    if (pf && pf->prim_print)
+        return pf->prim_print(out, fld, it, indent, pctx);
+    str = (ASN1_STRING *)*fld;
+    if (it->itype == ASN1_ITYPE_MSTRING)
+        utype = str->type & ~V_ASN1_NEG;
+    else
+        utype = it->utype;
+    if (utype == V_ASN1_ANY) {
+        ASN1_TYPE *atype = (ASN1_TYPE *)*fld;
+        utype = atype->type;
+        fld = &atype->value.asn1_value;
+        str = (ASN1_STRING *)*fld;
+        if (pctx->flags & ASN1_PCTX_FLAGS_NO_ANY_TYPE)
+            pname = NULL;
+        else
+            pname = ASN1_tag2str(utype);
+    } else {
+        if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_TYPE)
+            pname = ASN1_tag2str(utype);
+        else
+            pname = NULL;
+    }
+
+    if (utype == V_ASN1_NULL) {
+        if (BIO_puts(out, "NULL\n") <= 0)
+            return 0;
+        return 1;
+    }
+
+    if (pname) {
+        if (BIO_puts(out, pname) <= 0)
+            return 0;
+        if (BIO_puts(out, ":") <= 0)
+            return 0;
+    }
+
+    switch (utype) {
+    case V_ASN1_BOOLEAN:
+        {
+            int boolval = *(int *)fld;
+            if (boolval == -1)
+                boolval = it->size;
+            ret = asn1_print_boolean_ctx(out, boolval, pctx);
+        }
+        break;
+
+    case V_ASN1_INTEGER:
+    case V_ASN1_ENUMERATED:
+        ret = asn1_print_integer_ctx(out, str, pctx);
+        break;
+
+    case V_ASN1_UTCTIME:
+        ret = ASN1_UTCTIME_print(out, str);
+        break;
+
+    case V_ASN1_GENERALIZEDTIME:
+        ret = ASN1_GENERALIZEDTIME_print(out, str);
+        break;
+
+    case V_ASN1_OBJECT:
+        ret = asn1_print_oid_ctx(out, (const ASN1_OBJECT *)*fld, pctx);
+        break;
+
+    case V_ASN1_OCTET_STRING:
+    case V_ASN1_BIT_STRING:
+        ret = asn1_print_obstring_ctx(out, str, indent, pctx);
+        needlf = 0;
+        break;
+
+    case V_ASN1_SEQUENCE:
+    case V_ASN1_SET:
+    case V_ASN1_OTHER:
+        if (BIO_puts(out, "\n") <= 0)
+            return 0;
+        if (ASN1_parse_dump(out, str->data, str->length, indent, 0) <= 0)
+            ret = 0;
+        needlf = 0;
+        break;
+
+    default:
+        ret = ASN1_STRING_print_ex(out, str, pctx->str_flags);
+
+    }
+    if (!ret)
+        return 0;
+    if (needlf && BIO_puts(out, "\n") <= 0)
+        return 0;
+    return 1;
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/asn1/x_name.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/x_name.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/x_name.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,527 +0,0 @@
-/* crypto/asn1/x_name.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#include "asn1_locl.h"
-
-typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
-DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
-
-static int x509_name_ex_d2i(ASN1_VALUE **val,
-                            const unsigned char **in, long len,
-                            const ASN1_ITEM *it,
-                            int tag, int aclass, char opt, ASN1_TLC *ctx);
-
-static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out,
-                            const ASN1_ITEM *it, int tag, int aclass);
-static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it);
-static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it);
-
-static int x509_name_encode(X509_NAME *a);
-static int x509_name_canon(X509_NAME *a);
-static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in);
-static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * intname,
-                          unsigned char **in);
-
-static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
-                              int indent,
-                              const char *fname, const ASN1_PCTX *pctx);
-
-ASN1_SEQUENCE(X509_NAME_ENTRY) = {
-        ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT),
-        ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE)
-} ASN1_SEQUENCE_END(X509_NAME_ENTRY)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_NAME_ENTRY)
-IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME_ENTRY)
-
-/*
- * For the "Name" type we need a SEQUENCE OF { SET OF X509_NAME_ENTRY } so
- * declare two template wrappers for this
- */
-
-ASN1_ITEM_TEMPLATE(X509_NAME_ENTRIES) =
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY)
-ASN1_ITEM_TEMPLATE_END(X509_NAME_ENTRIES)
-
-ASN1_ITEM_TEMPLATE(X509_NAME_INTERNAL) =
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES)
-ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL)
-
-/*
- * Normally that's where it would end: we'd have two nested STACK structures
- * representing the ASN1. Unfortunately X509_NAME uses a completely different
- * form and caches encodings so we have to process the internal form and
- * convert to the external form.
- */
-
-const ASN1_EXTERN_FUNCS x509_name_ff = {
-    NULL,
-    x509_name_ex_new,
-    x509_name_ex_free,
-    0,                          /* Default clear behaviour is OK */
-    x509_name_ex_d2i,
-    x509_name_ex_i2d,
-    x509_name_ex_print
-};
-
-IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_NAME)
-
-IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME)
-
-static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
-{
-    X509_NAME *ret = NULL;
-    ret = OPENSSL_malloc(sizeof(X509_NAME));
-    if (!ret)
-        goto memerr;
-    if ((ret->entries = sk_X509_NAME_ENTRY_new_null()) == NULL)
-        goto memerr;
-    if ((ret->bytes = BUF_MEM_new()) == NULL)
-        goto memerr;
-    ret->canon_enc = NULL;
-    ret->canon_enclen = 0;
-    ret->modified = 1;
-    *val = (ASN1_VALUE *)ret;
-    return 1;
-
- memerr:
-    ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE);
-    if (ret) {
-        if (ret->entries)
-            sk_X509_NAME_ENTRY_free(ret->entries);
-        OPENSSL_free(ret);
-    }
-    return 0;
-}
-
-static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
-    X509_NAME *a;
-    if (!pval || !*pval)
-        return;
-    a = (X509_NAME *)*pval;
-
-    BUF_MEM_free(a->bytes);
-    sk_X509_NAME_ENTRY_pop_free(a->entries, X509_NAME_ENTRY_free);
-    if (a->canon_enc)
-        OPENSSL_free(a->canon_enc);
-    OPENSSL_free(a);
-    *pval = NULL;
-}
-
-static int x509_name_ex_d2i(ASN1_VALUE **val,
-                            const unsigned char **in, long len,
-                            const ASN1_ITEM *it, int tag, int aclass,
-                            char opt, ASN1_TLC *ctx)
-{
-    const unsigned char *p = *in, *q;
-    union {
-        STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
-        ASN1_VALUE *a;
-    } intname = {
-        NULL
-    };
-    union {
-        X509_NAME *x;
-        ASN1_VALUE *a;
-    } nm = {
-        NULL
-    };
-    int i, j, ret;
-    STACK_OF(X509_NAME_ENTRY) *entries;
-    X509_NAME_ENTRY *entry;
-    q = p;
-
-    /* Get internal representation of Name */
-    ret = ASN1_item_ex_d2i(&intname.a,
-                           &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
-                           tag, aclass, opt, ctx);
-
-    if (ret <= 0)
-        return ret;
-
-    if (*val)
-        x509_name_ex_free(val, NULL);
-    if (!x509_name_ex_new(&nm.a, NULL))
-        goto err;
-    /* We've decoded it: now cache encoding */
-    if (!BUF_MEM_grow(nm.x->bytes, p - q))
-        goto err;
-    memcpy(nm.x->bytes->data, q, p - q);
-
-    /* Convert internal representation to X509_NAME structure */
-    for (i = 0; i < sk_STACK_OF_X509_NAME_ENTRY_num(intname.s); i++) {
-        entries = sk_STACK_OF_X509_NAME_ENTRY_value(intname.s, i);
-        for (j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
-            entry = sk_X509_NAME_ENTRY_value(entries, j);
-            entry->set = i;
-            if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry))
-                goto err;
-        }
-        sk_X509_NAME_ENTRY_free(entries);
-    }
-    sk_STACK_OF_X509_NAME_ENTRY_free(intname.s);
-    ret = x509_name_canon(nm.x);
-    if (!ret)
-        goto err;
-    nm.x->modified = 0;
-    *val = nm.a;
-    *in = p;
-    return ret;
- err:
-    if (nm.x != NULL)
-        X509_NAME_free(nm.x);
-    ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-    return 0;
-}
-
-static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out,
-                            const ASN1_ITEM *it, int tag, int aclass)
-{
-    int ret;
-    X509_NAME *a = (X509_NAME *)*val;
-    if (a->modified) {
-        ret = x509_name_encode(a);
-        if (ret < 0)
-            return ret;
-        ret = x509_name_canon(a);
-        if (ret < 0)
-            return ret;
-    }
-    ret = a->bytes->length;
-    if (out != NULL) {
-        memcpy(*out, a->bytes->data, ret);
-        *out += ret;
-    }
-    return ret;
-}
-
-static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne)
-{
-    sk_X509_NAME_ENTRY_free(ne);
-}
-
-static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne)
-{
-    sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free);
-}
-
-static int x509_name_encode(X509_NAME *a)
-{
-    union {
-        STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
-        ASN1_VALUE *a;
-    } intname = {
-        NULL
-    };
-    int len;
-    unsigned char *p;
-    STACK_OF(X509_NAME_ENTRY) *entries = NULL;
-    X509_NAME_ENTRY *entry;
-    int i, set = -1;
-    intname.s = sk_STACK_OF_X509_NAME_ENTRY_new_null();
-    if (!intname.s)
-        goto memerr;
-    for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
-        entry = sk_X509_NAME_ENTRY_value(a->entries, i);
-        if (entry->set != set) {
-            entries = sk_X509_NAME_ENTRY_new_null();
-            if (!entries)
-                goto memerr;
-            if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s, entries))
-                goto memerr;
-            set = entry->set;
-        }
-        if (!sk_X509_NAME_ENTRY_push(entries, entry))
-            goto memerr;
-    }
-    len = ASN1_item_ex_i2d(&intname.a, NULL,
-                           ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
-    if (!BUF_MEM_grow(a->bytes, len))
-        goto memerr;
-    p = (unsigned char *)a->bytes->data;
-    ASN1_item_ex_i2d(&intname.a,
-                     &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
-    sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
-                                         local_sk_X509_NAME_ENTRY_free);
-    a->modified = 0;
-    return len;
- memerr:
-    sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
-                                         local_sk_X509_NAME_ENTRY_free);
-    ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE);
-    return -1;
-}
-
-static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
-                              int indent,
-                              const char *fname, const ASN1_PCTX *pctx)
-{
-    if (X509_NAME_print_ex(out, (X509_NAME *)*pval,
-                           indent, pctx->nm_flags) <= 0)
-        return 0;
-    return 2;
-}
-
-/*
- * This function generates the canonical encoding of the Name structure. In
- * it all strings are converted to UTF8, leading, trailing and multiple
- * spaces collapsed, converted to lower case and the leading SEQUENCE header
- * removed. In future we could also normalize the UTF8 too. By doing this
- * comparison of Name structures can be rapidly perfomed by just using
- * memcmp() of the canonical encoding. By omitting the leading SEQUENCE name
- * constraints of type dirName can also be checked with a simple memcmp().
- */
-
-static int x509_name_canon(X509_NAME *a)
-{
-    unsigned char *p;
-    STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname = NULL;
-    STACK_OF(X509_NAME_ENTRY) *entries = NULL;
-    X509_NAME_ENTRY *entry, *tmpentry = NULL;
-    int i, set = -1, ret = 0;
-
-    if (a->canon_enc) {
-        OPENSSL_free(a->canon_enc);
-        a->canon_enc = NULL;
-    }
-    /* Special case: empty X509_NAME => null encoding */
-    if (sk_X509_NAME_ENTRY_num(a->entries) == 0) {
-        a->canon_enclen = 0;
-        return 1;
-    }
-    intname = sk_STACK_OF_X509_NAME_ENTRY_new_null();
-    if (!intname)
-        goto err;
-    for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
-        entry = sk_X509_NAME_ENTRY_value(a->entries, i);
-        if (entry->set != set) {
-            entries = sk_X509_NAME_ENTRY_new_null();
-            if (!entries)
-                goto err;
-            if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries))
-                goto err;
-            set = entry->set;
-        }
-        tmpentry = X509_NAME_ENTRY_new();
-        if (!tmpentry)
-            goto err;
-        tmpentry->object = OBJ_dup(entry->object);
-        if (!asn1_string_canon(tmpentry->value, entry->value))
-            goto err;
-        if (!sk_X509_NAME_ENTRY_push(entries, tmpentry))
-            goto err;
-        tmpentry = NULL;
-    }
-
-    /* Finally generate encoding */
-
-    a->canon_enclen = i2d_name_canon(intname, NULL);
-
-    p = OPENSSL_malloc(a->canon_enclen);
-
-    if (!p)
-        goto err;
-
-    a->canon_enc = p;
-
-    i2d_name_canon(intname, &p);
-
-    ret = 1;
-
- err:
-
-    if (tmpentry)
-        X509_NAME_ENTRY_free(tmpentry);
-    if (intname)
-        sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname,
-                                             local_sk_X509_NAME_ENTRY_pop_free);
-    return ret;
-}
-
-/* Bitmap of all the types of string that will be canonicalized. */
-
-#define ASN1_MASK_CANON \
-        (B_ASN1_UTF8STRING | B_ASN1_BMPSTRING | B_ASN1_UNIVERSALSTRING \
-        | B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_IA5STRING \
-        | B_ASN1_VISIBLESTRING)
-
-static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
-{
-    unsigned char *to, *from;
-    int len, i;
-
-    /* If type not in bitmask just copy string across */
-    if (!(ASN1_tag2bit(in->type) & ASN1_MASK_CANON)) {
-        if (!ASN1_STRING_copy(out, in))
-            return 0;
-        return 1;
-    }
-
-    out->type = V_ASN1_UTF8STRING;
-    out->length = ASN1_STRING_to_UTF8(&out->data, in);
-    if (out->length == -1)
-        return 0;
-
-    to = out->data;
-    from = to;
-
-    len = out->length;
-
-    /*
-     * Convert string in place to canonical form. Ultimately we may need to
-     * handle a wider range of characters but for now ignore anything with
-     * MSB set and rely on the isspace() and tolower() functions.
-     */
-
-    /* Ignore leading spaces */
-    while ((len > 0) && !(*from & 0x80) && isspace(*from)) {
-        from++;
-        len--;
-    }
-
-    to = from + len - 1;
-
-    /* Ignore trailing spaces */
-    while ((len > 0) && !(*to & 0x80) && isspace(*to)) {
-        to--;
-        len--;
-    }
-
-    to = out->data;
-
-    i = 0;
-    while (i < len) {
-        /* If MSB set just copy across */
-        if (*from & 0x80) {
-            *to++ = *from++;
-            i++;
-        }
-        /* Collapse multiple spaces */
-        else if (isspace(*from)) {
-            /* Copy one space across */
-            *to++ = ' ';
-            /*
-             * Ignore subsequent spaces. Note: don't need to check len here
-             * because we know the last character is a non-space so we can't
-             * overflow.
-             */
-            do {
-                from++;
-                i++;
-            }
-            while (!(*from & 0x80) && isspace(*from));
-        } else {
-            *to++ = tolower(*from);
-            from++;
-            i++;
-        }
-    }
-
-    out->length = to - out->data;
-
-    return 1;
-
-}
-
-static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * _intname,
-                          unsigned char **in)
-{
-    int i, len, ltmp;
-    ASN1_VALUE *v;
-    STACK_OF(ASN1_VALUE) *intname = (STACK_OF(ASN1_VALUE) *)_intname;
-
-    len = 0;
-    for (i = 0; i < sk_ASN1_VALUE_num(intname); i++) {
-        v = sk_ASN1_VALUE_value(intname, i);
-        ltmp = ASN1_item_ex_i2d(&v, in,
-                                ASN1_ITEM_rptr(X509_NAME_ENTRIES), -1, -1);
-        if (ltmp < 0)
-            return ltmp;
-        len += ltmp;
-    }
-    return len;
-}
-
-int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
-{
-    X509_NAME *in;
-
-    if (!xn || !name)
-        return (0);
-
-    if (*xn != name) {
-        in = X509_NAME_dup(name);
-        if (in != NULL) {
-            X509_NAME_free(*xn);
-            *xn = in;
-        }
-    }
-    return (*xn != NULL);
-}
-
-IMPLEMENT_STACK_OF(X509_NAME_ENTRY)
-
-IMPLEMENT_ASN1_SET_OF(X509_NAME_ENTRY)

Copied: vendor-crypto/openssl/1.0.1u/crypto/asn1/x_name.c (from rev 11605, vendor-crypto/openssl/dist/crypto/asn1/x_name.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/asn1/x_name.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/x_name.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,536 @@
+/* crypto/asn1/x_name.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include "asn1_locl.h"
+
+typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
+DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
+
+/*
+ * Maximum length of X509_NAME: much larger than anything we should
+ * ever see in practice.
+ */
+
+#define X509_NAME_MAX (1024 * 1024)
+
+static int x509_name_ex_d2i(ASN1_VALUE **val,
+                            const unsigned char **in, long len,
+                            const ASN1_ITEM *it,
+                            int tag, int aclass, char opt, ASN1_TLC *ctx);
+
+static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out,
+                            const ASN1_ITEM *it, int tag, int aclass);
+static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it);
+static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it);
+
+static int x509_name_encode(X509_NAME *a);
+static int x509_name_canon(X509_NAME *a);
+static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in);
+static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * intname,
+                          unsigned char **in);
+
+static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
+                              int indent,
+                              const char *fname, const ASN1_PCTX *pctx);
+
+ASN1_SEQUENCE(X509_NAME_ENTRY) = {
+        ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT),
+        ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE)
+} ASN1_SEQUENCE_END(X509_NAME_ENTRY)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_NAME_ENTRY)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME_ENTRY)
+
+/*
+ * For the "Name" type we need a SEQUENCE OF { SET OF X509_NAME_ENTRY } so
+ * declare two template wrappers for this
+ */
+
+ASN1_ITEM_TEMPLATE(X509_NAME_ENTRIES) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY)
+ASN1_ITEM_TEMPLATE_END(X509_NAME_ENTRIES)
+
+ASN1_ITEM_TEMPLATE(X509_NAME_INTERNAL) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES)
+ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL)
+
+/*
+ * Normally that's where it would end: we'd have two nested STACK structures
+ * representing the ASN1. Unfortunately X509_NAME uses a completely different
+ * form and caches encodings so we have to process the internal form and
+ * convert to the external form.
+ */
+
+const ASN1_EXTERN_FUNCS x509_name_ff = {
+    NULL,
+    x509_name_ex_new,
+    x509_name_ex_free,
+    0,                          /* Default clear behaviour is OK */
+    x509_name_ex_d2i,
+    x509_name_ex_i2d,
+    x509_name_ex_print
+};
+
+IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_NAME)
+
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME)
+
+static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
+{
+    X509_NAME *ret = NULL;
+    ret = OPENSSL_malloc(sizeof(X509_NAME));
+    if (!ret)
+        goto memerr;
+    if ((ret->entries = sk_X509_NAME_ENTRY_new_null()) == NULL)
+        goto memerr;
+    if ((ret->bytes = BUF_MEM_new()) == NULL)
+        goto memerr;
+    ret->canon_enc = NULL;
+    ret->canon_enclen = 0;
+    ret->modified = 1;
+    *val = (ASN1_VALUE *)ret;
+    return 1;
+
+ memerr:
+    ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE);
+    if (ret) {
+        if (ret->entries)
+            sk_X509_NAME_ENTRY_free(ret->entries);
+        OPENSSL_free(ret);
+    }
+    return 0;
+}
+
+static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    X509_NAME *a;
+    if (!pval || !*pval)
+        return;
+    a = (X509_NAME *)*pval;
+
+    BUF_MEM_free(a->bytes);
+    sk_X509_NAME_ENTRY_pop_free(a->entries, X509_NAME_ENTRY_free);
+    if (a->canon_enc)
+        OPENSSL_free(a->canon_enc);
+    OPENSSL_free(a);
+    *pval = NULL;
+}
+
+static int x509_name_ex_d2i(ASN1_VALUE **val,
+                            const unsigned char **in, long len,
+                            const ASN1_ITEM *it, int tag, int aclass,
+                            char opt, ASN1_TLC *ctx)
+{
+    const unsigned char *p = *in, *q;
+    union {
+        STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
+        ASN1_VALUE *a;
+    } intname = {
+        NULL
+    };
+    union {
+        X509_NAME *x;
+        ASN1_VALUE *a;
+    } nm = {
+        NULL
+    };
+    int i, j, ret;
+    STACK_OF(X509_NAME_ENTRY) *entries;
+    X509_NAME_ENTRY *entry;
+    if (len > X509_NAME_MAX)
+        len = X509_NAME_MAX;
+    q = p;
+
+    /* Get internal representation of Name */
+    ret = ASN1_item_ex_d2i(&intname.a,
+                           &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
+                           tag, aclass, opt, ctx);
+
+    if (ret <= 0)
+        return ret;
+
+    if (*val)
+        x509_name_ex_free(val, NULL);
+    if (!x509_name_ex_new(&nm.a, NULL))
+        goto err;
+    /* We've decoded it: now cache encoding */
+    if (!BUF_MEM_grow(nm.x->bytes, p - q))
+        goto err;
+    memcpy(nm.x->bytes->data, q, p - q);
+
+    /* Convert internal representation to X509_NAME structure */
+    for (i = 0; i < sk_STACK_OF_X509_NAME_ENTRY_num(intname.s); i++) {
+        entries = sk_STACK_OF_X509_NAME_ENTRY_value(intname.s, i);
+        for (j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
+            entry = sk_X509_NAME_ENTRY_value(entries, j);
+            entry->set = i;
+            if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry))
+                goto err;
+        }
+        sk_X509_NAME_ENTRY_free(entries);
+    }
+    sk_STACK_OF_X509_NAME_ENTRY_free(intname.s);
+    ret = x509_name_canon(nm.x);
+    if (!ret)
+        goto err;
+    nm.x->modified = 0;
+    *val = nm.a;
+    *in = p;
+    return ret;
+ err:
+    if (nm.x != NULL)
+        X509_NAME_free(nm.x);
+    ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+    return 0;
+}
+
+static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out,
+                            const ASN1_ITEM *it, int tag, int aclass)
+{
+    int ret;
+    X509_NAME *a = (X509_NAME *)*val;
+    if (a->modified) {
+        ret = x509_name_encode(a);
+        if (ret < 0)
+            return ret;
+        ret = x509_name_canon(a);
+        if (ret < 0)
+            return ret;
+    }
+    ret = a->bytes->length;
+    if (out != NULL) {
+        memcpy(*out, a->bytes->data, ret);
+        *out += ret;
+    }
+    return ret;
+}
+
+static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne)
+{
+    sk_X509_NAME_ENTRY_free(ne);
+}
+
+static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne)
+{
+    sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free);
+}
+
+static int x509_name_encode(X509_NAME *a)
+{
+    union {
+        STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
+        ASN1_VALUE *a;
+    } intname = {
+        NULL
+    };
+    int len;
+    unsigned char *p;
+    STACK_OF(X509_NAME_ENTRY) *entries = NULL;
+    X509_NAME_ENTRY *entry;
+    int i, set = -1;
+    intname.s = sk_STACK_OF_X509_NAME_ENTRY_new_null();
+    if (!intname.s)
+        goto memerr;
+    for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
+        entry = sk_X509_NAME_ENTRY_value(a->entries, i);
+        if (entry->set != set) {
+            entries = sk_X509_NAME_ENTRY_new_null();
+            if (!entries)
+                goto memerr;
+            if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s, entries))
+                goto memerr;
+            set = entry->set;
+        }
+        if (!sk_X509_NAME_ENTRY_push(entries, entry))
+            goto memerr;
+    }
+    len = ASN1_item_ex_i2d(&intname.a, NULL,
+                           ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+    if (!BUF_MEM_grow(a->bytes, len))
+        goto memerr;
+    p = (unsigned char *)a->bytes->data;
+    ASN1_item_ex_i2d(&intname.a,
+                     &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+    sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
+                                         local_sk_X509_NAME_ENTRY_free);
+    a->modified = 0;
+    return len;
+ memerr:
+    sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
+                                         local_sk_X509_NAME_ENTRY_free);
+    ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE);
+    return -1;
+}
+
+static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
+                              int indent,
+                              const char *fname, const ASN1_PCTX *pctx)
+{
+    if (X509_NAME_print_ex(out, (X509_NAME *)*pval,
+                           indent, pctx->nm_flags) <= 0)
+        return 0;
+    return 2;
+}
+
+/*
+ * This function generates the canonical encoding of the Name structure. In
+ * it all strings are converted to UTF8, leading, trailing and multiple
+ * spaces collapsed, converted to lower case and the leading SEQUENCE header
+ * removed. In future we could also normalize the UTF8 too. By doing this
+ * comparison of Name structures can be rapidly perfomed by just using
+ * memcmp() of the canonical encoding. By omitting the leading SEQUENCE name
+ * constraints of type dirName can also be checked with a simple memcmp().
+ */
+
+static int x509_name_canon(X509_NAME *a)
+{
+    unsigned char *p;
+    STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname = NULL;
+    STACK_OF(X509_NAME_ENTRY) *entries = NULL;
+    X509_NAME_ENTRY *entry, *tmpentry = NULL;
+    int i, set = -1, ret = 0;
+
+    if (a->canon_enc) {
+        OPENSSL_free(a->canon_enc);
+        a->canon_enc = NULL;
+    }
+    /* Special case: empty X509_NAME => null encoding */
+    if (sk_X509_NAME_ENTRY_num(a->entries) == 0) {
+        a->canon_enclen = 0;
+        return 1;
+    }
+    intname = sk_STACK_OF_X509_NAME_ENTRY_new_null();
+    if (!intname)
+        goto err;
+    for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
+        entry = sk_X509_NAME_ENTRY_value(a->entries, i);
+        if (entry->set != set) {
+            entries = sk_X509_NAME_ENTRY_new_null();
+            if (!entries)
+                goto err;
+            if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries))
+                goto err;
+            set = entry->set;
+        }
+        tmpentry = X509_NAME_ENTRY_new();
+        if (!tmpentry)
+            goto err;
+        tmpentry->object = OBJ_dup(entry->object);
+        if (!asn1_string_canon(tmpentry->value, entry->value))
+            goto err;
+        if (!sk_X509_NAME_ENTRY_push(entries, tmpentry))
+            goto err;
+        tmpentry = NULL;
+    }
+
+    /* Finally generate encoding */
+
+    a->canon_enclen = i2d_name_canon(intname, NULL);
+
+    p = OPENSSL_malloc(a->canon_enclen);
+
+    if (!p)
+        goto err;
+
+    a->canon_enc = p;
+
+    i2d_name_canon(intname, &p);
+
+    ret = 1;
+
+ err:
+
+    if (tmpentry)
+        X509_NAME_ENTRY_free(tmpentry);
+    if (intname)
+        sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname,
+                                             local_sk_X509_NAME_ENTRY_pop_free);
+    return ret;
+}
+
+/* Bitmap of all the types of string that will be canonicalized. */
+
+#define ASN1_MASK_CANON \
+        (B_ASN1_UTF8STRING | B_ASN1_BMPSTRING | B_ASN1_UNIVERSALSTRING \
+        | B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_IA5STRING \
+        | B_ASN1_VISIBLESTRING)
+
+static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
+{
+    unsigned char *to, *from;
+    int len, i;
+
+    /* If type not in bitmask just copy string across */
+    if (!(ASN1_tag2bit(in->type) & ASN1_MASK_CANON)) {
+        if (!ASN1_STRING_copy(out, in))
+            return 0;
+        return 1;
+    }
+
+    out->type = V_ASN1_UTF8STRING;
+    out->length = ASN1_STRING_to_UTF8(&out->data, in);
+    if (out->length == -1)
+        return 0;
+
+    to = out->data;
+    from = to;
+
+    len = out->length;
+
+    /*
+     * Convert string in place to canonical form. Ultimately we may need to
+     * handle a wider range of characters but for now ignore anything with
+     * MSB set and rely on the isspace() and tolower() functions.
+     */
+
+    /* Ignore leading spaces */
+    while ((len > 0) && !(*from & 0x80) && isspace(*from)) {
+        from++;
+        len--;
+    }
+
+    to = from + len - 1;
+
+    /* Ignore trailing spaces */
+    while ((len > 0) && !(*to & 0x80) && isspace(*to)) {
+        to--;
+        len--;
+    }
+
+    to = out->data;
+
+    i = 0;
+    while (i < len) {
+        /* If MSB set just copy across */
+        if (*from & 0x80) {
+            *to++ = *from++;
+            i++;
+        }
+        /* Collapse multiple spaces */
+        else if (isspace(*from)) {
+            /* Copy one space across */
+            *to++ = ' ';
+            /*
+             * Ignore subsequent spaces. Note: don't need to check len here
+             * because we know the last character is a non-space so we can't
+             * overflow.
+             */
+            do {
+                from++;
+                i++;
+            }
+            while (!(*from & 0x80) && isspace(*from));
+        } else {
+            *to++ = tolower(*from);
+            from++;
+            i++;
+        }
+    }
+
+    out->length = to - out->data;
+
+    return 1;
+
+}
+
+static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * _intname,
+                          unsigned char **in)
+{
+    int i, len, ltmp;
+    ASN1_VALUE *v;
+    STACK_OF(ASN1_VALUE) *intname = (STACK_OF(ASN1_VALUE) *)_intname;
+
+    len = 0;
+    for (i = 0; i < sk_ASN1_VALUE_num(intname); i++) {
+        v = sk_ASN1_VALUE_value(intname, i);
+        ltmp = ASN1_item_ex_i2d(&v, in,
+                                ASN1_ITEM_rptr(X509_NAME_ENTRIES), -1, -1);
+        if (ltmp < 0)
+            return ltmp;
+        len += ltmp;
+    }
+    return len;
+}
+
+int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
+{
+    X509_NAME *in;
+
+    if (!xn || !name)
+        return (0);
+
+    if (*xn != name) {
+        in = X509_NAME_dup(name);
+        if (in != NULL) {
+            X509_NAME_free(*xn);
+            *xn = in;
+        }
+    }
+    return (*xn != NULL);
+}
+
+IMPLEMENT_STACK_OF(X509_NAME_ENTRY)
+
+IMPLEMENT_ASN1_SET_OF(X509_NAME_ENTRY)

Deleted: vendor-crypto/openssl/1.0.1u/crypto/asn1/x_x509.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/x_x509.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/x_x509.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,209 +0,0 @@
-/* crypto/asn1/x_x509.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = {
-        ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
-        ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER),
-        ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR),
-        ASN1_SIMPLE(X509_CINF, issuer, X509_NAME),
-        ASN1_SIMPLE(X509_CINF, validity, X509_VAL),
-        ASN1_SIMPLE(X509_CINF, subject, X509_NAME),
-        ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY),
-        ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1),
-        ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2),
-        ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3)
-} ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
-/* X509 top level structure needs a bit of customisation */
-
-extern void policy_cache_free(X509_POLICY_CACHE *cache);
-
-static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-                   void *exarg)
-{
-    X509 *ret = (X509 *)*pval;
-
-    switch (operation) {
-
-    case ASN1_OP_NEW_POST:
-        ret->valid = 0;
-        ret->name = NULL;
-        ret->ex_flags = 0;
-        ret->ex_pathlen = -1;
-        ret->skid = NULL;
-        ret->akid = NULL;
-#ifndef OPENSSL_NO_RFC3779
-        ret->rfc3779_addr = NULL;
-        ret->rfc3779_asid = NULL;
-#endif
-        ret->aux = NULL;
-        ret->crldp = NULL;
-        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
-        break;
-
-    case ASN1_OP_D2I_POST:
-        if (ret->name != NULL)
-            OPENSSL_free(ret->name);
-        ret->name = X509_NAME_oneline(ret->cert_info->subject, NULL, 0);
-        break;
-
-    case ASN1_OP_FREE_POST:
-        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
-        X509_CERT_AUX_free(ret->aux);
-        ASN1_OCTET_STRING_free(ret->skid);
-        AUTHORITY_KEYID_free(ret->akid);
-        CRL_DIST_POINTS_free(ret->crldp);
-        policy_cache_free(ret->policy_cache);
-        GENERAL_NAMES_free(ret->altname);
-        NAME_CONSTRAINTS_free(ret->nc);
-#ifndef OPENSSL_NO_RFC3779
-        sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
-        ASIdentifiers_free(ret->rfc3779_asid);
-#endif
-
-        if (ret->name != NULL)
-            OPENSSL_free(ret->name);
-        break;
-
-    }
-
-    return 1;
-
-}
-
-ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = {
-        ASN1_SIMPLE(X509, cert_info, X509_CINF),
-        ASN1_SIMPLE(X509, sig_alg, X509_ALGOR),
-        ASN1_SIMPLE(X509, signature, ASN1_BIT_STRING)
-} ASN1_SEQUENCE_END_ref(X509, X509)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509)
-
-IMPLEMENT_ASN1_DUP_FUNCTION(X509)
-
-int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-                          CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-{
-    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp,
-                                   new_func, dup_func, free_func);
-}
-
-int X509_set_ex_data(X509 *r, int idx, void *arg)
-{
-    return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
-}
-
-void *X509_get_ex_data(X509 *r, int idx)
-{
-    return (CRYPTO_get_ex_data(&r->ex_data, idx));
-}
-
-/*
- * X509_AUX ASN1 routines. X509_AUX is the name given to a certificate with
- * extra info tagged on the end. Since these functions set how a certificate
- * is trusted they should only be used when the certificate comes from a
- * reliable source such as local storage.
- */
-
-X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
-{
-    const unsigned char *q;
-    X509 *ret;
-    int freeret = 0;
-
-    /* Save start position */
-    q = *pp;
-
-    if (!a || *a == NULL) {
-        freeret = 1;
-    }
-    ret = d2i_X509(a, &q, length);
-    /* If certificate unreadable then forget it */
-    if (!ret)
-        return NULL;
-    /* update length */
-    length -= q - *pp;
-    if (length > 0 && !d2i_X509_CERT_AUX(&ret->aux, &q, length))
-        goto err;
-    *pp = q;
-    return ret;
- err:
-    if (freeret) {
-        X509_free(ret);
-        if (a)
-            *a = NULL;
-    }
-    return NULL;
-}
-
-int i2d_X509_AUX(X509 *a, unsigned char **pp)
-{
-    int length;
-    length = i2d_X509(a, pp);
-    if (a)
-        length += i2d_X509_CERT_AUX(a->aux, pp);
-    return length;
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/asn1/x_x509.c (from rev 11605, vendor-crypto/openssl/dist/crypto/asn1/x_x509.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/asn1/x_x509.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/asn1/x_x509.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,219 @@
+/* crypto/asn1/x_x509.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = {
+        ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
+        ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER),
+        ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR),
+        ASN1_SIMPLE(X509_CINF, issuer, X509_NAME),
+        ASN1_SIMPLE(X509_CINF, validity, X509_VAL),
+        ASN1_SIMPLE(X509_CINF, subject, X509_NAME),
+        ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY),
+        ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1),
+        ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2),
+        ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3)
+} ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
+/* X509 top level structure needs a bit of customisation */
+
+extern void policy_cache_free(X509_POLICY_CACHE *cache);
+
+static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                   void *exarg)
+{
+    X509 *ret = (X509 *)*pval;
+
+    switch (operation) {
+
+    case ASN1_OP_NEW_POST:
+        ret->valid = 0;
+        ret->name = NULL;
+        ret->ex_flags = 0;
+        ret->ex_pathlen = -1;
+        ret->skid = NULL;
+        ret->akid = NULL;
+#ifndef OPENSSL_NO_RFC3779
+        ret->rfc3779_addr = NULL;
+        ret->rfc3779_asid = NULL;
+#endif
+        ret->aux = NULL;
+        ret->crldp = NULL;
+        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
+        break;
+
+    case ASN1_OP_D2I_POST:
+        if (ret->name != NULL)
+            OPENSSL_free(ret->name);
+        ret->name = X509_NAME_oneline(ret->cert_info->subject, NULL, 0);
+        break;
+
+    case ASN1_OP_FREE_POST:
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
+        X509_CERT_AUX_free(ret->aux);
+        ASN1_OCTET_STRING_free(ret->skid);
+        AUTHORITY_KEYID_free(ret->akid);
+        CRL_DIST_POINTS_free(ret->crldp);
+        policy_cache_free(ret->policy_cache);
+        GENERAL_NAMES_free(ret->altname);
+        NAME_CONSTRAINTS_free(ret->nc);
+#ifndef OPENSSL_NO_RFC3779
+        sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
+        ASIdentifiers_free(ret->rfc3779_asid);
+#endif
+
+        if (ret->name != NULL)
+            OPENSSL_free(ret->name);
+        break;
+
+    }
+
+    return 1;
+
+}
+
+ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = {
+        ASN1_SIMPLE(X509, cert_info, X509_CINF),
+        ASN1_SIMPLE(X509, sig_alg, X509_ALGOR),
+        ASN1_SIMPLE(X509, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_ref(X509, X509)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509)
+
+IMPLEMENT_ASN1_DUP_FUNCTION(X509)
+
+int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+                          CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+{
+    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp,
+                                   new_func, dup_func, free_func);
+}
+
+int X509_set_ex_data(X509 *r, int idx, void *arg)
+{
+    return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
+}
+
+void *X509_get_ex_data(X509 *r, int idx)
+{
+    return (CRYPTO_get_ex_data(&r->ex_data, idx));
+}
+
+/*
+ * X509_AUX ASN1 routines. X509_AUX is the name given to a certificate with
+ * extra info tagged on the end. Since these functions set how a certificate
+ * is trusted they should only be used when the certificate comes from a
+ * reliable source such as local storage.
+ */
+
+X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
+{
+    const unsigned char *q;
+    X509 *ret;
+    int freeret = 0;
+
+    /* Save start position */
+    q = *pp;
+
+    if (!a || *a == NULL) {
+        freeret = 1;
+    }
+    ret = d2i_X509(a, &q, length);
+    /* If certificate unreadable then forget it */
+    if (!ret)
+        return NULL;
+    /* update length */
+    length -= q - *pp;
+    if (length > 0 && !d2i_X509_CERT_AUX(&ret->aux, &q, length))
+        goto err;
+    *pp = q;
+    return ret;
+ err:
+    if (freeret) {
+        X509_free(ret);
+        if (a)
+            *a = NULL;
+    }
+    return NULL;
+}
+
+int i2d_X509_AUX(X509 *a, unsigned char **pp)
+{
+    int length, tmplen;
+    unsigned char *start = pp != NULL ? *pp : NULL;
+    length = i2d_X509(a, pp);
+    if (length < 0 || a == NULL)
+        return length;
+
+    tmplen = i2d_X509_CERT_AUX(a->aux, pp);
+    if (tmplen < 0) {
+        if (start != NULL)
+            *pp = start;
+        return tmplen;
+    }
+    length += tmplen;
+
+    return length;
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/bio/b_print.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/b_print.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/bio/b_print.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,818 +0,0 @@
-/* crypto/bio/b_print.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* disable assert() unless BIO_DEBUG has been defined */
-#ifndef BIO_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-
-/*
- * Stolen from tjh's ssl/ssl_trc.c stuff.
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <ctype.h>
-#include <assert.h>
-#include <limits.h>
-#include "cryptlib.h"
-#ifndef NO_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#include <openssl/bn.h>         /* To get BN_LLONG properly defined */
-#include <openssl/bio.h>
-
-#if defined(BN_LLONG) || defined(SIXTY_FOUR_BIT)
-# ifndef HAVE_LONG_LONG
-#  define HAVE_LONG_LONG 1
-# endif
-#endif
-
-/***************************************************************************/
-
-/*
- * Copyright Patrick Powell 1995
- * This code is based on code written by Patrick Powell <papowell at astart.com>
- * It may be used for any purpose as long as this notice remains intact
- * on all source code distributions.
- */
-
-/*-
- * This code contains numerious changes and enhancements which were
- * made by lots of contributors over the last years to Patrick Powell's
- * original code:
- *
- * o Patrick Powell <papowell at astart.com>      (1995)
- * o Brandon Long <blong at fiction.net>          (1996, for Mutt)
- * o Thomas Roessler <roessler at guug.de>        (1998, for Mutt)
- * o Michael Elkins <me at cs.hmc.edu>            (1998, for Mutt)
- * o Andrew Tridgell <tridge at samba.org>        (1998, for Samba)
- * o Luke Mewburn <lukem at netbsd.org>           (1999, for LukemFTP)
- * o Ralf S. Engelschall <rse at engelschall.com> (1999, for Pth)
- * o ...                                       (for OpenSSL)
- */
-
-#ifdef HAVE_LONG_DOUBLE
-# define LDOUBLE long double
-#else
-# define LDOUBLE double
-#endif
-
-#ifdef HAVE_LONG_LONG
-# if defined(_WIN32) && !defined(__GNUC__)
-#  define LLONG __int64
-# else
-#  define LLONG long long
-# endif
-#else
-# define LLONG long
-#endif
-
-static void fmtstr(char **, char **, size_t *, size_t *,
-                   const char *, int, int, int);
-static void fmtint(char **, char **, size_t *, size_t *,
-                   LLONG, int, int, int, int);
-static void fmtfp(char **, char **, size_t *, size_t *,
-                  LDOUBLE, int, int, int);
-static void doapr_outch(char **, char **, size_t *, size_t *, int);
-static void _dopr(char **sbuffer, char **buffer,
-                  size_t *maxlen, size_t *retlen, int *truncated,
-                  const char *format, va_list args);
-
-/* format read states */
-#define DP_S_DEFAULT    0
-#define DP_S_FLAGS      1
-#define DP_S_MIN        2
-#define DP_S_DOT        3
-#define DP_S_MAX        4
-#define DP_S_MOD        5
-#define DP_S_CONV       6
-#define DP_S_DONE       7
-
-/* format flags - Bits */
-#define DP_F_MINUS      (1 << 0)
-#define DP_F_PLUS       (1 << 1)
-#define DP_F_SPACE      (1 << 2)
-#define DP_F_NUM        (1 << 3)
-#define DP_F_ZERO       (1 << 4)
-#define DP_F_UP         (1 << 5)
-#define DP_F_UNSIGNED   (1 << 6)
-
-/* conversion flags */
-#define DP_C_SHORT      1
-#define DP_C_LONG       2
-#define DP_C_LDOUBLE    3
-#define DP_C_LLONG      4
-
-/* some handy macros */
-#define char_to_int(p) (p - '0')
-#define OSSL_MAX(p,q) ((p >= q) ? p : q)
-
-static void
-_dopr(char **sbuffer,
-      char **buffer,
-      size_t *maxlen,
-      size_t *retlen, int *truncated, const char *format, va_list args)
-{
-    char ch;
-    LLONG value;
-    LDOUBLE fvalue;
-    char *strvalue;
-    int min;
-    int max;
-    int state;
-    int flags;
-    int cflags;
-    size_t currlen;
-
-    state = DP_S_DEFAULT;
-    flags = currlen = cflags = min = 0;
-    max = -1;
-    ch = *format++;
-
-    while (state != DP_S_DONE) {
-        if (ch == '\0' || (buffer == NULL && currlen >= *maxlen))
-            state = DP_S_DONE;
-
-        switch (state) {
-        case DP_S_DEFAULT:
-            if (ch == '%')
-                state = DP_S_FLAGS;
-            else
-                doapr_outch(sbuffer, buffer, &currlen, maxlen, ch);
-            ch = *format++;
-            break;
-        case DP_S_FLAGS:
-            switch (ch) {
-            case '-':
-                flags |= DP_F_MINUS;
-                ch = *format++;
-                break;
-            case '+':
-                flags |= DP_F_PLUS;
-                ch = *format++;
-                break;
-            case ' ':
-                flags |= DP_F_SPACE;
-                ch = *format++;
-                break;
-            case '#':
-                flags |= DP_F_NUM;
-                ch = *format++;
-                break;
-            case '0':
-                flags |= DP_F_ZERO;
-                ch = *format++;
-                break;
-            default:
-                state = DP_S_MIN;
-                break;
-            }
-            break;
-        case DP_S_MIN:
-            if (isdigit((unsigned char)ch)) {
-                min = 10 * min + char_to_int(ch);
-                ch = *format++;
-            } else if (ch == '*') {
-                min = va_arg(args, int);
-                ch = *format++;
-                state = DP_S_DOT;
-            } else
-                state = DP_S_DOT;
-            break;
-        case DP_S_DOT:
-            if (ch == '.') {
-                state = DP_S_MAX;
-                ch = *format++;
-            } else
-                state = DP_S_MOD;
-            break;
-        case DP_S_MAX:
-            if (isdigit((unsigned char)ch)) {
-                if (max < 0)
-                    max = 0;
-                max = 10 * max + char_to_int(ch);
-                ch = *format++;
-            } else if (ch == '*') {
-                max = va_arg(args, int);
-                ch = *format++;
-                state = DP_S_MOD;
-            } else
-                state = DP_S_MOD;
-            break;
-        case DP_S_MOD:
-            switch (ch) {
-            case 'h':
-                cflags = DP_C_SHORT;
-                ch = *format++;
-                break;
-            case 'l':
-                if (*format == 'l') {
-                    cflags = DP_C_LLONG;
-                    format++;
-                } else
-                    cflags = DP_C_LONG;
-                ch = *format++;
-                break;
-            case 'q':
-                cflags = DP_C_LLONG;
-                ch = *format++;
-                break;
-            case 'L':
-                cflags = DP_C_LDOUBLE;
-                ch = *format++;
-                break;
-            default:
-                break;
-            }
-            state = DP_S_CONV;
-            break;
-        case DP_S_CONV:
-            switch (ch) {
-            case 'd':
-            case 'i':
-                switch (cflags) {
-                case DP_C_SHORT:
-                    value = (short int)va_arg(args, int);
-                    break;
-                case DP_C_LONG:
-                    value = va_arg(args, long int);
-                    break;
-                case DP_C_LLONG:
-                    value = va_arg(args, LLONG);
-                    break;
-                default:
-                    value = va_arg(args, int);
-                    break;
-                }
-                fmtint(sbuffer, buffer, &currlen, maxlen,
-                       value, 10, min, max, flags);
-                break;
-            case 'X':
-                flags |= DP_F_UP;
-                /* FALLTHROUGH */
-            case 'x':
-            case 'o':
-            case 'u':
-                flags |= DP_F_UNSIGNED;
-                switch (cflags) {
-                case DP_C_SHORT:
-                    value = (unsigned short int)va_arg(args, unsigned int);
-                    break;
-                case DP_C_LONG:
-                    value = (LLONG) va_arg(args, unsigned long int);
-                    break;
-                case DP_C_LLONG:
-                    value = va_arg(args, unsigned LLONG);
-                    break;
-                default:
-                    value = (LLONG) va_arg(args, unsigned int);
-                    break;
-                }
-                fmtint(sbuffer, buffer, &currlen, maxlen, value,
-                       ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
-                       min, max, flags);
-                break;
-            case 'f':
-                if (cflags == DP_C_LDOUBLE)
-                    fvalue = va_arg(args, LDOUBLE);
-                else
-                    fvalue = va_arg(args, double);
-                fmtfp(sbuffer, buffer, &currlen, maxlen,
-                      fvalue, min, max, flags);
-                break;
-            case 'E':
-                flags |= DP_F_UP;
-            case 'e':
-                if (cflags == DP_C_LDOUBLE)
-                    fvalue = va_arg(args, LDOUBLE);
-                else
-                    fvalue = va_arg(args, double);
-                break;
-            case 'G':
-                flags |= DP_F_UP;
-            case 'g':
-                if (cflags == DP_C_LDOUBLE)
-                    fvalue = va_arg(args, LDOUBLE);
-                else
-                    fvalue = va_arg(args, double);
-                break;
-            case 'c':
-                doapr_outch(sbuffer, buffer, &currlen, maxlen,
-                            va_arg(args, int));
-                break;
-            case 's':
-                strvalue = va_arg(args, char *);
-                if (max < 0) {
-                    if (buffer)
-                        max = INT_MAX;
-                    else
-                        max = *maxlen;
-                }
-                fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
-                       flags, min, max);
-                break;
-            case 'p':
-                value = (long)va_arg(args, void *);
-                fmtint(sbuffer, buffer, &currlen, maxlen,
-                       value, 16, min, max, flags | DP_F_NUM);
-                break;
-            case 'n':          /* XXX */
-                if (cflags == DP_C_SHORT) {
-                    short int *num;
-                    num = va_arg(args, short int *);
-                    *num = currlen;
-                } else if (cflags == DP_C_LONG) { /* XXX */
-                    long int *num;
-                    num = va_arg(args, long int *);
-                    *num = (long int)currlen;
-                } else if (cflags == DP_C_LLONG) { /* XXX */
-                    LLONG *num;
-                    num = va_arg(args, LLONG *);
-                    *num = (LLONG) currlen;
-                } else {
-                    int *num;
-                    num = va_arg(args, int *);
-                    *num = currlen;
-                }
-                break;
-            case '%':
-                doapr_outch(sbuffer, buffer, &currlen, maxlen, ch);
-                break;
-            case 'w':
-                /* not supported yet, treat as next char */
-                ch = *format++;
-                break;
-            default:
-                /* unknown, skip */
-                break;
-            }
-            ch = *format++;
-            state = DP_S_DEFAULT;
-            flags = cflags = min = 0;
-            max = -1;
-            break;
-        case DP_S_DONE:
-            break;
-        default:
-            break;
-        }
-    }
-    *truncated = (currlen > *maxlen - 1);
-    if (*truncated)
-        currlen = *maxlen - 1;
-    doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0');
-    *retlen = currlen - 1;
-    return;
-}
-
-static void
-fmtstr(char **sbuffer,
-       char **buffer,
-       size_t *currlen,
-       size_t *maxlen, const char *value, int flags, int min, int max)
-{
-    int padlen, strln;
-    int cnt = 0;
-
-    if (value == 0)
-        value = "<NULL>";
-    for (strln = 0; value[strln]; ++strln) ;
-    padlen = min - strln;
-    if (padlen < 0)
-        padlen = 0;
-    if (flags & DP_F_MINUS)
-        padlen = -padlen;
-
-    while ((padlen > 0) && (cnt < max)) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
-        --padlen;
-        ++cnt;
-    }
-    while (*value && (cnt < max)) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, *value++);
-        ++cnt;
-    }
-    while ((padlen < 0) && (cnt < max)) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
-        ++padlen;
-        ++cnt;
-    }
-}
-
-static void
-fmtint(char **sbuffer,
-       char **buffer,
-       size_t *currlen,
-       size_t *maxlen, LLONG value, int base, int min, int max, int flags)
-{
-    int signvalue = 0;
-    const char *prefix = "";
-    unsigned LLONG uvalue;
-    char convert[DECIMAL_SIZE(value) + 3];
-    int place = 0;
-    int spadlen = 0;
-    int zpadlen = 0;
-    int caps = 0;
-
-    if (max < 0)
-        max = 0;
-    uvalue = value;
-    if (!(flags & DP_F_UNSIGNED)) {
-        if (value < 0) {
-            signvalue = '-';
-            uvalue = -value;
-        } else if (flags & DP_F_PLUS)
-            signvalue = '+';
-        else if (flags & DP_F_SPACE)
-            signvalue = ' ';
-    }
-    if (flags & DP_F_NUM) {
-        if (base == 8)
-            prefix = "0";
-        if (base == 16)
-            prefix = "0x";
-    }
-    if (flags & DP_F_UP)
-        caps = 1;
-    do {
-        convert[place++] = (caps ? "0123456789ABCDEF" : "0123456789abcdef")
-            [uvalue % (unsigned)base];
-        uvalue = (uvalue / (unsigned)base);
-    } while (uvalue && (place < (int)sizeof(convert)));
-    if (place == sizeof(convert))
-        place--;
-    convert[place] = 0;
-
-    zpadlen = max - place;
-    spadlen =
-        min - OSSL_MAX(max, place) - (signvalue ? 1 : 0) - strlen(prefix);
-    if (zpadlen < 0)
-        zpadlen = 0;
-    if (spadlen < 0)
-        spadlen = 0;
-    if (flags & DP_F_ZERO) {
-        zpadlen = OSSL_MAX(zpadlen, spadlen);
-        spadlen = 0;
-    }
-    if (flags & DP_F_MINUS)
-        spadlen = -spadlen;
-
-    /* spaces */
-    while (spadlen > 0) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
-        --spadlen;
-    }
-
-    /* sign */
-    if (signvalue)
-        doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
-
-    /* prefix */
-    while (*prefix) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix);
-        prefix++;
-    }
-
-    /* zeros */
-    if (zpadlen > 0) {
-        while (zpadlen > 0) {
-            doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
-            --zpadlen;
-        }
-    }
-    /* digits */
-    while (place > 0)
-        doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]);
-
-    /* left justified spaces */
-    while (spadlen < 0) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
-        ++spadlen;
-    }
-    return;
-}
-
-static LDOUBLE abs_val(LDOUBLE value)
-{
-    LDOUBLE result = value;
-    if (value < 0)
-        result = -value;
-    return result;
-}
-
-static LDOUBLE pow_10(int in_exp)
-{
-    LDOUBLE result = 1;
-    while (in_exp) {
-        result *= 10;
-        in_exp--;
-    }
-    return result;
-}
-
-static long roundv(LDOUBLE value)
-{
-    long intpart;
-    intpart = (long)value;
-    value = value - intpart;
-    if (value >= 0.5)
-        intpart++;
-    return intpart;
-}
-
-static void
-fmtfp(char **sbuffer,
-      char **buffer,
-      size_t *currlen,
-      size_t *maxlen, LDOUBLE fvalue, int min, int max, int flags)
-{
-    int signvalue = 0;
-    LDOUBLE ufvalue;
-    char iconvert[20];
-    char fconvert[20];
-    int iplace = 0;
-    int fplace = 0;
-    int padlen = 0;
-    int zpadlen = 0;
-    long intpart;
-    long fracpart;
-    long max10;
-
-    if (max < 0)
-        max = 6;
-    ufvalue = abs_val(fvalue);
-    if (fvalue < 0)
-        signvalue = '-';
-    else if (flags & DP_F_PLUS)
-        signvalue = '+';
-    else if (flags & DP_F_SPACE)
-        signvalue = ' ';
-
-    intpart = (long)ufvalue;
-
-    /*
-     * sorry, we only support 9 digits past the decimal because of our
-     * conversion method
-     */
-    if (max > 9)
-        max = 9;
-
-    /*
-     * we "cheat" by converting the fractional part to integer by multiplying
-     * by a factor of 10
-     */
-    max10 = roundv(pow_10(max));
-    fracpart = roundv(pow_10(max) * (ufvalue - intpart));
-
-    if (fracpart >= max10) {
-        intpart++;
-        fracpart -= max10;
-    }
-
-    /* convert integer part */
-    do {
-        iconvert[iplace++] = "0123456789"[intpart % 10];
-        intpart = (intpart / 10);
-    } while (intpart && (iplace < (int)sizeof(iconvert)));
-    if (iplace == sizeof iconvert)
-        iplace--;
-    iconvert[iplace] = 0;
-
-    /* convert fractional part */
-    do {
-        fconvert[fplace++] = "0123456789"[fracpart % 10];
-        fracpart = (fracpart / 10);
-    } while (fplace < max);
-    if (fplace == sizeof fconvert)
-        fplace--;
-    fconvert[fplace] = 0;
-
-    /* -1 for decimal point, another -1 if we are printing a sign */
-    padlen = min - iplace - max - 1 - ((signvalue) ? 1 : 0);
-    zpadlen = max - fplace;
-    if (zpadlen < 0)
-        zpadlen = 0;
-    if (padlen < 0)
-        padlen = 0;
-    if (flags & DP_F_MINUS)
-        padlen = -padlen;
-
-    if ((flags & DP_F_ZERO) && (padlen > 0)) {
-        if (signvalue) {
-            doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
-            --padlen;
-            signvalue = 0;
-        }
-        while (padlen > 0) {
-            doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
-            --padlen;
-        }
-    }
-    while (padlen > 0) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
-        --padlen;
-    }
-    if (signvalue)
-        doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
-
-    while (iplace > 0)
-        doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]);
-
-    /*
-     * Decimal point. This should probably use locale to find the correct
-     * char to print out.
-     */
-    if (max > 0 || (flags & DP_F_NUM)) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, '.');
-
-        while (fplace > 0)
-            doapr_outch(sbuffer, buffer, currlen, maxlen, fconvert[--fplace]);
-    }
-    while (zpadlen > 0) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
-        --zpadlen;
-    }
-
-    while (padlen < 0) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
-        ++padlen;
-    }
-}
-
-static void
-doapr_outch(char **sbuffer,
-            char **buffer, size_t *currlen, size_t *maxlen, int c)
-{
-    /* If we haven't at least one buffer, someone has doe a big booboo */
-    assert(*sbuffer != NULL || buffer != NULL);
-
-    /* |currlen| must always be <= |*maxlen| */
-    assert(*currlen <= *maxlen);
-
-    if (buffer && *currlen == *maxlen) {
-        *maxlen += 1024;
-        if (*buffer == NULL) {
-            *buffer = OPENSSL_malloc(*maxlen);
-            if (!*buffer) {
-                /* Panic! Can't really do anything sensible. Just return */
-                return;
-            }
-            if (*currlen > 0) {
-                assert(*sbuffer != NULL);
-                memcpy(*buffer, *sbuffer, *currlen);
-            }
-            *sbuffer = NULL;
-        } else {
-            *buffer = OPENSSL_realloc(*buffer, *maxlen);
-            if (!*buffer) {
-                /* Panic! Can't really do anything sensible. Just return */
-                return;
-            }
-        }
-    }
-
-    if (*currlen < *maxlen) {
-        if (*sbuffer)
-            (*sbuffer)[(*currlen)++] = (char)c;
-        else
-            (*buffer)[(*currlen)++] = (char)c;
-    }
-
-    return;
-}
-
-/***************************************************************************/
-
-int BIO_printf(BIO *bio, const char *format, ...)
-{
-    va_list args;
-    int ret;
-
-    va_start(args, format);
-
-    ret = BIO_vprintf(bio, format, args);
-
-    va_end(args);
-    return (ret);
-}
-
-int BIO_vprintf(BIO *bio, const char *format, va_list args)
-{
-    int ret;
-    size_t retlen;
-    char hugebuf[1024 * 2];     /* Was previously 10k, which is unreasonable
-                                 * in small-stack environments, like threads
-                                 * or DOS programs. */
-    char *hugebufp = hugebuf;
-    size_t hugebufsize = sizeof(hugebuf);
-    char *dynbuf = NULL;
-    int ignored;
-
-    dynbuf = NULL;
-    CRYPTO_push_info("doapr()");
-    _dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format, args);
-    if (dynbuf) {
-        ret = BIO_write(bio, dynbuf, (int)retlen);
-        OPENSSL_free(dynbuf);
-    } else {
-        ret = BIO_write(bio, hugebuf, (int)retlen);
-    }
-    CRYPTO_pop_info();
-    return (ret);
-}
-
-/*
- * As snprintf is not available everywhere, we provide our own
- * implementation. This function has nothing to do with BIOs, but it's
- * closely related to BIO_printf, and we need *some* name prefix ... (XXX the
- * function should be renamed, but to what?)
- */
-int BIO_snprintf(char *buf, size_t n, const char *format, ...)
-{
-    va_list args;
-    int ret;
-
-    va_start(args, format);
-
-    ret = BIO_vsnprintf(buf, n, format, args);
-
-    va_end(args);
-    return (ret);
-}
-
-int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
-{
-    size_t retlen;
-    int truncated;
-
-    _dopr(&buf, NULL, &n, &retlen, &truncated, format, args);
-
-    if (truncated)
-        /*
-         * In case of truncation, return -1 like traditional snprintf.
-         * (Current drafts for ISO/IEC 9899 say snprintf should return the
-         * number of characters that would have been written, had the buffer
-         * been large enough.)
-         */
-        return -1;
-    else
-        return (retlen <= INT_MAX) ? (int)retlen : -1;
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/bio/b_print.c (from rev 11605, vendor-crypto/openssl/dist/crypto/bio/b_print.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/bio/b_print.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/bio/b_print.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,863 @@
+/* crypto/bio/b_print.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* disable assert() unless BIO_DEBUG has been defined */
+#ifndef BIO_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+
+/*
+ * Stolen from tjh's ssl/ssl_trc.c stuff.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include <assert.h>
+#include <limits.h>
+#include "cryptlib.h"
+#ifndef NO_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#include <openssl/bn.h>         /* To get BN_LLONG properly defined */
+#include <openssl/bio.h>
+
+#if defined(BN_LLONG) || defined(SIXTY_FOUR_BIT)
+# ifndef HAVE_LONG_LONG
+#  define HAVE_LONG_LONG 1
+# endif
+#endif
+
+/***************************************************************************/
+
+/*
+ * Copyright Patrick Powell 1995
+ * This code is based on code written by Patrick Powell <papowell at astart.com>
+ * It may be used for any purpose as long as this notice remains intact
+ * on all source code distributions.
+ */
+
+/*-
+ * This code contains numerious changes and enhancements which were
+ * made by lots of contributors over the last years to Patrick Powell's
+ * original code:
+ *
+ * o Patrick Powell <papowell at astart.com>      (1995)
+ * o Brandon Long <blong at fiction.net>          (1996, for Mutt)
+ * o Thomas Roessler <roessler at guug.de>        (1998, for Mutt)
+ * o Michael Elkins <me at cs.hmc.edu>            (1998, for Mutt)
+ * o Andrew Tridgell <tridge at samba.org>        (1998, for Samba)
+ * o Luke Mewburn <lukem at netbsd.org>           (1999, for LukemFTP)
+ * o Ralf S. Engelschall <rse at engelschall.com> (1999, for Pth)
+ * o ...                                       (for OpenSSL)
+ */
+
+#ifdef HAVE_LONG_DOUBLE
+# define LDOUBLE long double
+#else
+# define LDOUBLE double
+#endif
+
+#ifdef HAVE_LONG_LONG
+# if defined(_WIN32) && !defined(__GNUC__)
+#  define LLONG __int64
+# else
+#  define LLONG long long
+# endif
+#else
+# define LLONG long
+#endif
+
+static int fmtstr(char **, char **, size_t *, size_t *,
+                  const char *, int, int, int);
+static int fmtint(char **, char **, size_t *, size_t *,
+                  LLONG, int, int, int, int);
+static int fmtfp(char **, char **, size_t *, size_t *,
+                 LDOUBLE, int, int, int);
+static int doapr_outch(char **, char **, size_t *, size_t *, int);
+static int _dopr(char **sbuffer, char **buffer,
+                 size_t *maxlen, size_t *retlen, int *truncated,
+                 const char *format, va_list args);
+
+/* format read states */
+#define DP_S_DEFAULT    0
+#define DP_S_FLAGS      1
+#define DP_S_MIN        2
+#define DP_S_DOT        3
+#define DP_S_MAX        4
+#define DP_S_MOD        5
+#define DP_S_CONV       6
+#define DP_S_DONE       7
+
+/* format flags - Bits */
+#define DP_F_MINUS      (1 << 0)
+#define DP_F_PLUS       (1 << 1)
+#define DP_F_SPACE      (1 << 2)
+#define DP_F_NUM        (1 << 3)
+#define DP_F_ZERO       (1 << 4)
+#define DP_F_UP         (1 << 5)
+#define DP_F_UNSIGNED   (1 << 6)
+
+/* conversion flags */
+#define DP_C_SHORT      1
+#define DP_C_LONG       2
+#define DP_C_LDOUBLE    3
+#define DP_C_LLONG      4
+
+/* some handy macros */
+#define char_to_int(p) (p - '0')
+#define OSSL_MAX(p,q) ((p >= q) ? p : q)
+
+static int
+_dopr(char **sbuffer,
+      char **buffer,
+      size_t *maxlen,
+      size_t *retlen, int *truncated, const char *format, va_list args)
+{
+    char ch;
+    LLONG value;
+    LDOUBLE fvalue;
+    char *strvalue;
+    int min;
+    int max;
+    int state;
+    int flags;
+    int cflags;
+    size_t currlen;
+
+    state = DP_S_DEFAULT;
+    flags = currlen = cflags = min = 0;
+    max = -1;
+    ch = *format++;
+
+    while (state != DP_S_DONE) {
+        if (ch == '\0' || (buffer == NULL && currlen >= *maxlen))
+            state = DP_S_DONE;
+
+        switch (state) {
+        case DP_S_DEFAULT:
+            if (ch == '%')
+                state = DP_S_FLAGS;
+            else
+                if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
+                    return 0;
+            ch = *format++;
+            break;
+        case DP_S_FLAGS:
+            switch (ch) {
+            case '-':
+                flags |= DP_F_MINUS;
+                ch = *format++;
+                break;
+            case '+':
+                flags |= DP_F_PLUS;
+                ch = *format++;
+                break;
+            case ' ':
+                flags |= DP_F_SPACE;
+                ch = *format++;
+                break;
+            case '#':
+                flags |= DP_F_NUM;
+                ch = *format++;
+                break;
+            case '0':
+                flags |= DP_F_ZERO;
+                ch = *format++;
+                break;
+            default:
+                state = DP_S_MIN;
+                break;
+            }
+            break;
+        case DP_S_MIN:
+            if (isdigit((unsigned char)ch)) {
+                min = 10 * min + char_to_int(ch);
+                ch = *format++;
+            } else if (ch == '*') {
+                min = va_arg(args, int);
+                ch = *format++;
+                state = DP_S_DOT;
+            } else
+                state = DP_S_DOT;
+            break;
+        case DP_S_DOT:
+            if (ch == '.') {
+                state = DP_S_MAX;
+                ch = *format++;
+            } else
+                state = DP_S_MOD;
+            break;
+        case DP_S_MAX:
+            if (isdigit((unsigned char)ch)) {
+                if (max < 0)
+                    max = 0;
+                max = 10 * max + char_to_int(ch);
+                ch = *format++;
+            } else if (ch == '*') {
+                max = va_arg(args, int);
+                ch = *format++;
+                state = DP_S_MOD;
+            } else
+                state = DP_S_MOD;
+            break;
+        case DP_S_MOD:
+            switch (ch) {
+            case 'h':
+                cflags = DP_C_SHORT;
+                ch = *format++;
+                break;
+            case 'l':
+                if (*format == 'l') {
+                    cflags = DP_C_LLONG;
+                    format++;
+                } else
+                    cflags = DP_C_LONG;
+                ch = *format++;
+                break;
+            case 'q':
+                cflags = DP_C_LLONG;
+                ch = *format++;
+                break;
+            case 'L':
+                cflags = DP_C_LDOUBLE;
+                ch = *format++;
+                break;
+            default:
+                break;
+            }
+            state = DP_S_CONV;
+            break;
+        case DP_S_CONV:
+            switch (ch) {
+            case 'd':
+            case 'i':
+                switch (cflags) {
+                case DP_C_SHORT:
+                    value = (short int)va_arg(args, int);
+                    break;
+                case DP_C_LONG:
+                    value = va_arg(args, long int);
+                    break;
+                case DP_C_LLONG:
+                    value = va_arg(args, LLONG);
+                    break;
+                default:
+                    value = va_arg(args, int);
+                    break;
+                }
+                if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, 10, min,
+                            max, flags))
+                    return 0;
+                break;
+            case 'X':
+                flags |= DP_F_UP;
+                /* FALLTHROUGH */
+            case 'x':
+            case 'o':
+            case 'u':
+                flags |= DP_F_UNSIGNED;
+                switch (cflags) {
+                case DP_C_SHORT:
+                    value = (unsigned short int)va_arg(args, unsigned int);
+                    break;
+                case DP_C_LONG:
+                    value = (LLONG) va_arg(args, unsigned long int);
+                    break;
+                case DP_C_LLONG:
+                    value = va_arg(args, unsigned LLONG);
+                    break;
+                default:
+                    value = (LLONG) va_arg(args, unsigned int);
+                    break;
+                }
+                if (!fmtint(sbuffer, buffer, &currlen, maxlen, value,
+                            ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
+                            min, max, flags))
+                    return 0;
+                break;
+            case 'f':
+                if (cflags == DP_C_LDOUBLE)
+                    fvalue = va_arg(args, LDOUBLE);
+                else
+                    fvalue = va_arg(args, double);
+                if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
+                           flags))
+                    return 0;
+                break;
+            case 'E':
+                flags |= DP_F_UP;
+            case 'e':
+                if (cflags == DP_C_LDOUBLE)
+                    fvalue = va_arg(args, LDOUBLE);
+                else
+                    fvalue = va_arg(args, double);
+                break;
+            case 'G':
+                flags |= DP_F_UP;
+            case 'g':
+                if (cflags == DP_C_LDOUBLE)
+                    fvalue = va_arg(args, LDOUBLE);
+                else
+                    fvalue = va_arg(args, double);
+                break;
+            case 'c':
+                if(!doapr_outch(sbuffer, buffer, &currlen, maxlen,
+                            va_arg(args, int)))
+                    return 0;
+                break;
+            case 's':
+                strvalue = va_arg(args, char *);
+                if (max < 0) {
+                    if (buffer)
+                        max = INT_MAX;
+                    else
+                        max = *maxlen;
+                }
+                if (!fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
+                            flags, min, max))
+                    return 0;
+                break;
+            case 'p':
+                value = (long)va_arg(args, void *);
+                if (!fmtint(sbuffer, buffer, &currlen, maxlen,
+                            value, 16, min, max, flags | DP_F_NUM))
+                    return 0;
+                break;
+            case 'n':          /* XXX */
+                if (cflags == DP_C_SHORT) {
+                    short int *num;
+                    num = va_arg(args, short int *);
+                    *num = currlen;
+                } else if (cflags == DP_C_LONG) { /* XXX */
+                    long int *num;
+                    num = va_arg(args, long int *);
+                    *num = (long int)currlen;
+                } else if (cflags == DP_C_LLONG) { /* XXX */
+                    LLONG *num;
+                    num = va_arg(args, LLONG *);
+                    *num = (LLONG) currlen;
+                } else {
+                    int *num;
+                    num = va_arg(args, int *);
+                    *num = currlen;
+                }
+                break;
+            case '%':
+                if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
+                    return 0;
+                break;
+            case 'w':
+                /* not supported yet, treat as next char */
+                ch = *format++;
+                break;
+            default:
+                /* unknown, skip */
+                break;
+            }
+            ch = *format++;
+            state = DP_S_DEFAULT;
+            flags = cflags = min = 0;
+            max = -1;
+            break;
+        case DP_S_DONE:
+            break;
+        default:
+            break;
+        }
+    }
+    *truncated = (currlen > *maxlen - 1);
+    if (*truncated)
+        currlen = *maxlen - 1;
+    if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'))
+        return 0;
+    *retlen = currlen - 1;
+    return 1;
+}
+
+static int
+fmtstr(char **sbuffer,
+       char **buffer,
+       size_t *currlen,
+       size_t *maxlen, const char *value, int flags, int min, int max)
+{
+    int padlen;
+    size_t strln;
+    int cnt = 0;
+
+    if (value == 0)
+        value = "<NULL>";
+
+    strln = strlen(value);
+    if (strln > INT_MAX)
+        strln = INT_MAX;
+
+    padlen = min - strln;
+    if (min < 0 || padlen < 0)
+        padlen = 0;
+    if (flags & DP_F_MINUS)
+        padlen = -padlen;
+
+    while ((padlen > 0) && (cnt < max)) {
+        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+            return 0;
+        --padlen;
+        ++cnt;
+    }
+    while (*value && (cnt < max)) {
+        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *value++))
+            return 0;
+        ++cnt;
+    }
+    while ((padlen < 0) && (cnt < max)) {
+        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+            return 0;
+        ++padlen;
+        ++cnt;
+    }
+    return 1;
+}
+
+static int
+fmtint(char **sbuffer,
+       char **buffer,
+       size_t *currlen,
+       size_t *maxlen, LLONG value, int base, int min, int max, int flags)
+{
+    int signvalue = 0;
+    const char *prefix = "";
+    unsigned LLONG uvalue;
+    char convert[DECIMAL_SIZE(value) + 3];
+    int place = 0;
+    int spadlen = 0;
+    int zpadlen = 0;
+    int caps = 0;
+
+    if (max < 0)
+        max = 0;
+    uvalue = value;
+    if (!(flags & DP_F_UNSIGNED)) {
+        if (value < 0) {
+            signvalue = '-';
+            uvalue = -value;
+        } else if (flags & DP_F_PLUS)
+            signvalue = '+';
+        else if (flags & DP_F_SPACE)
+            signvalue = ' ';
+    }
+    if (flags & DP_F_NUM) {
+        if (base == 8)
+            prefix = "0";
+        if (base == 16)
+            prefix = "0x";
+    }
+    if (flags & DP_F_UP)
+        caps = 1;
+    do {
+        convert[place++] = (caps ? "0123456789ABCDEF" : "0123456789abcdef")
+            [uvalue % (unsigned)base];
+        uvalue = (uvalue / (unsigned)base);
+    } while (uvalue && (place < (int)sizeof(convert)));
+    if (place == sizeof(convert))
+        place--;
+    convert[place] = 0;
+
+    zpadlen = max - place;
+    spadlen =
+        min - OSSL_MAX(max, place) - (signvalue ? 1 : 0) - strlen(prefix);
+    if (zpadlen < 0)
+        zpadlen = 0;
+    if (spadlen < 0)
+        spadlen = 0;
+    if (flags & DP_F_ZERO) {
+        zpadlen = OSSL_MAX(zpadlen, spadlen);
+        spadlen = 0;
+    }
+    if (flags & DP_F_MINUS)
+        spadlen = -spadlen;
+
+    /* spaces */
+    while (spadlen > 0) {
+        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+            return 0;
+        --spadlen;
+    }
+
+    /* sign */
+    if (signvalue)
+        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
+            return 0;
+
+    /* prefix */
+    while (*prefix) {
+        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix))
+            return 0;
+        prefix++;
+    }
+
+    /* zeros */
+    if (zpadlen > 0) {
+        while (zpadlen > 0) {
+            if(!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
+                return 0;
+            --zpadlen;
+        }
+    }
+    /* digits */
+    while (place > 0) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]))
+            return 0;
+    }
+
+    /* left justified spaces */
+    while (spadlen < 0) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+            return 0;
+        ++spadlen;
+    }
+    return 1;
+}
+
+static LDOUBLE abs_val(LDOUBLE value)
+{
+    LDOUBLE result = value;
+    if (value < 0)
+        result = -value;
+    return result;
+}
+
+static LDOUBLE pow_10(int in_exp)
+{
+    LDOUBLE result = 1;
+    while (in_exp) {
+        result *= 10;
+        in_exp--;
+    }
+    return result;
+}
+
+static long roundv(LDOUBLE value)
+{
+    long intpart;
+    intpart = (long)value;
+    value = value - intpart;
+    if (value >= 0.5)
+        intpart++;
+    return intpart;
+}
+
+static int
+fmtfp(char **sbuffer,
+      char **buffer,
+      size_t *currlen,
+      size_t *maxlen, LDOUBLE fvalue, int min, int max, int flags)
+{
+    int signvalue = 0;
+    LDOUBLE ufvalue;
+    char iconvert[20];
+    char fconvert[20];
+    int iplace = 0;
+    int fplace = 0;
+    int padlen = 0;
+    int zpadlen = 0;
+    long intpart;
+    long fracpart;
+    long max10;
+
+    if (max < 0)
+        max = 6;
+    ufvalue = abs_val(fvalue);
+    if (fvalue < 0)
+        signvalue = '-';
+    else if (flags & DP_F_PLUS)
+        signvalue = '+';
+    else if (flags & DP_F_SPACE)
+        signvalue = ' ';
+
+    intpart = (long)ufvalue;
+
+    /*
+     * sorry, we only support 9 digits past the decimal because of our
+     * conversion method
+     */
+    if (max > 9)
+        max = 9;
+
+    /*
+     * we "cheat" by converting the fractional part to integer by multiplying
+     * by a factor of 10
+     */
+    max10 = roundv(pow_10(max));
+    fracpart = roundv(pow_10(max) * (ufvalue - intpart));
+
+    if (fracpart >= max10) {
+        intpart++;
+        fracpart -= max10;
+    }
+
+    /* convert integer part */
+    do {
+        iconvert[iplace++] = "0123456789"[intpart % 10];
+        intpart = (intpart / 10);
+    } while (intpart && (iplace < (int)sizeof(iconvert)));
+    if (iplace == sizeof iconvert)
+        iplace--;
+    iconvert[iplace] = 0;
+
+    /* convert fractional part */
+    do {
+        fconvert[fplace++] = "0123456789"[fracpart % 10];
+        fracpart = (fracpart / 10);
+    } while (fplace < max);
+    if (fplace == sizeof fconvert)
+        fplace--;
+    fconvert[fplace] = 0;
+
+    /* -1 for decimal point, another -1 if we are printing a sign */
+    padlen = min - iplace - max - 1 - ((signvalue) ? 1 : 0);
+    zpadlen = max - fplace;
+    if (zpadlen < 0)
+        zpadlen = 0;
+    if (padlen < 0)
+        padlen = 0;
+    if (flags & DP_F_MINUS)
+        padlen = -padlen;
+
+    if ((flags & DP_F_ZERO) && (padlen > 0)) {
+        if (signvalue) {
+            if (!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
+                return 0;
+            --padlen;
+            signvalue = 0;
+        }
+        while (padlen > 0) {
+            if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
+                return 0;
+            --padlen;
+        }
+    }
+    while (padlen > 0) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+            return 0;
+        --padlen;
+    }
+    if (signvalue && !doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
+        return 0;
+
+    while (iplace > 0) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]))
+            return 0;
+    }
+
+    /*
+     * Decimal point. This should probably use locale to find the correct
+     * char to print out.
+     */
+    if (max > 0 || (flags & DP_F_NUM)) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '.'))
+            return 0;
+
+        while (fplace > 0) {
+            if(!doapr_outch(sbuffer, buffer, currlen, maxlen,
+                            fconvert[--fplace]))
+                return 0;
+        }
+    }
+    while (zpadlen > 0) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
+            return 0;
+        --zpadlen;
+    }
+
+    while (padlen < 0) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+            return 0;
+        ++padlen;
+    }
+    return 1;
+}
+
+#define BUFFER_INC  1024
+
+static int
+doapr_outch(char **sbuffer,
+            char **buffer, size_t *currlen, size_t *maxlen, int c)
+{
+    /* If we haven't at least one buffer, someone has doe a big booboo */
+    assert(*sbuffer != NULL || buffer != NULL);
+
+    /* |currlen| must always be <= |*maxlen| */
+    assert(*currlen <= *maxlen);
+
+    if (buffer && *currlen == *maxlen) {
+        if (*maxlen > INT_MAX - BUFFER_INC)
+            return 0;
+
+        *maxlen += BUFFER_INC;
+        if (*buffer == NULL) {
+            *buffer = OPENSSL_malloc(*maxlen);
+            if (*buffer == NULL)
+                return 0;
+            if (*currlen > 0) {
+                assert(*sbuffer != NULL);
+                memcpy(*buffer, *sbuffer, *currlen);
+            }
+            *sbuffer = NULL;
+        } else {
+            char *tmpbuf;
+            tmpbuf = OPENSSL_realloc(*buffer, *maxlen);
+            if (tmpbuf == NULL)
+                return 0;
+            *buffer = tmpbuf;
+        }
+    }
+
+    if (*currlen < *maxlen) {
+        if (*sbuffer)
+            (*sbuffer)[(*currlen)++] = (char)c;
+        else
+            (*buffer)[(*currlen)++] = (char)c;
+    }
+
+    return 1;
+}
+
+/***************************************************************************/
+
+int BIO_printf(BIO *bio, const char *format, ...)
+{
+    va_list args;
+    int ret;
+
+    va_start(args, format);
+
+    ret = BIO_vprintf(bio, format, args);
+
+    va_end(args);
+    return (ret);
+}
+
+int BIO_vprintf(BIO *bio, const char *format, va_list args)
+{
+    int ret;
+    size_t retlen;
+    char hugebuf[1024 * 2];     /* Was previously 10k, which is unreasonable
+                                 * in small-stack environments, like threads
+                                 * or DOS programs. */
+    char *hugebufp = hugebuf;
+    size_t hugebufsize = sizeof(hugebuf);
+    char *dynbuf = NULL;
+    int ignored;
+
+    dynbuf = NULL;
+    CRYPTO_push_info("doapr()");
+    if (!_dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format,
+                args)) {
+        OPENSSL_free(dynbuf);
+        return -1;
+    }
+    if (dynbuf) {
+        ret = BIO_write(bio, dynbuf, (int)retlen);
+        OPENSSL_free(dynbuf);
+    } else {
+        ret = BIO_write(bio, hugebuf, (int)retlen);
+    }
+    CRYPTO_pop_info();
+    return (ret);
+}
+
+/*
+ * As snprintf is not available everywhere, we provide our own
+ * implementation. This function has nothing to do with BIOs, but it's
+ * closely related to BIO_printf, and we need *some* name prefix ... (XXX the
+ * function should be renamed, but to what?)
+ */
+int BIO_snprintf(char *buf, size_t n, const char *format, ...)
+{
+    va_list args;
+    int ret;
+
+    va_start(args, format);
+
+    ret = BIO_vsnprintf(buf, n, format, args);
+
+    va_end(args);
+    return (ret);
+}
+
+int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
+{
+    size_t retlen;
+    int truncated;
+
+    if(!_dopr(&buf, NULL, &n, &retlen, &truncated, format, args))
+        return -1;
+
+    if (truncated)
+        /*
+         * In case of truncation, return -1 like traditional snprintf.
+         * (Current drafts for ISO/IEC 9899 say snprintf should return the
+         * number of characters that would have been written, had the buffer
+         * been large enough.)
+         */
+        return -1;
+    else
+        return (retlen <= INT_MAX) ? (int)retlen : -1;
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/bio/bf_nbio.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bf_nbio.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/bio/bf_nbio.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,253 +0,0 @@
-/* crypto/bio/bf_nbio.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#include <openssl/bio.h>
-
-/*
- * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest
- */
-
-static int nbiof_write(BIO *h, const char *buf, int num);
-static int nbiof_read(BIO *h, char *buf, int size);
-static int nbiof_puts(BIO *h, const char *str);
-static int nbiof_gets(BIO *h, char *str, int size);
-static long nbiof_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int nbiof_new(BIO *h);
-static int nbiof_free(BIO *data);
-static long nbiof_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
-typedef struct nbio_test_st {
-    /* only set if we sent a 'should retry' error */
-    int lrn;
-    int lwn;
-} NBIO_TEST;
-
-static BIO_METHOD methods_nbiof = {
-    BIO_TYPE_NBIO_TEST,
-    "non-blocking IO test filter",
-    nbiof_write,
-    nbiof_read,
-    nbiof_puts,
-    nbiof_gets,
-    nbiof_ctrl,
-    nbiof_new,
-    nbiof_free,
-    nbiof_callback_ctrl,
-};
-
-BIO_METHOD *BIO_f_nbio_test(void)
-{
-    return (&methods_nbiof);
-}
-
-static int nbiof_new(BIO *bi)
-{
-    NBIO_TEST *nt;
-
-    if (!(nt = (NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST))))
-        return (0);
-    nt->lrn = -1;
-    nt->lwn = -1;
-    bi->ptr = (char *)nt;
-    bi->init = 1;
-    bi->flags = 0;
-    return (1);
-}
-
-static int nbiof_free(BIO *a)
-{
-    if (a == NULL)
-        return (0);
-    if (a->ptr != NULL)
-        OPENSSL_free(a->ptr);
-    a->ptr = NULL;
-    a->init = 0;
-    a->flags = 0;
-    return (1);
-}
-
-static int nbiof_read(BIO *b, char *out, int outl)
-{
-    int ret = 0;
-#if 1
-    int num;
-    unsigned char n;
-#endif
-
-    if (out == NULL)
-        return (0);
-    if (b->next_bio == NULL)
-        return (0);
-
-    BIO_clear_retry_flags(b);
-#if 1
-    if (RAND_pseudo_bytes(&n, 1) < 0)
-        return -1;
-    num = (n & 0x07);
-
-    if (outl > num)
-        outl = num;
-
-    if (num == 0) {
-        ret = -1;
-        BIO_set_retry_read(b);
-    } else
-#endif
-    {
-        ret = BIO_read(b->next_bio, out, outl);
-        if (ret < 0)
-            BIO_copy_next_retry(b);
-    }
-    return (ret);
-}
-
-static int nbiof_write(BIO *b, const char *in, int inl)
-{
-    NBIO_TEST *nt;
-    int ret = 0;
-    int num;
-    unsigned char n;
-
-    if ((in == NULL) || (inl <= 0))
-        return (0);
-    if (b->next_bio == NULL)
-        return (0);
-    nt = (NBIO_TEST *)b->ptr;
-
-    BIO_clear_retry_flags(b);
-
-#if 1
-    if (nt->lwn > 0) {
-        num = nt->lwn;
-        nt->lwn = 0;
-    } else {
-        if (RAND_pseudo_bytes(&n, 1) < 0)
-            return -1;
-        num = (n & 7);
-    }
-
-    if (inl > num)
-        inl = num;
-
-    if (num == 0) {
-        ret = -1;
-        BIO_set_retry_write(b);
-    } else
-#endif
-    {
-        ret = BIO_write(b->next_bio, in, inl);
-        if (ret < 0) {
-            BIO_copy_next_retry(b);
-            nt->lwn = inl;
-        }
-    }
-    return (ret);
-}
-
-static long nbiof_ctrl(BIO *b, int cmd, long num, void *ptr)
-{
-    long ret;
-
-    if (b->next_bio == NULL)
-        return (0);
-    switch (cmd) {
-    case BIO_C_DO_STATE_MACHINE:
-        BIO_clear_retry_flags(b);
-        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
-        BIO_copy_next_retry(b);
-        break;
-    case BIO_CTRL_DUP:
-        ret = 0L;
-        break;
-    default:
-        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
-        break;
-    }
-    return (ret);
-}
-
-static long nbiof_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
-{
-    long ret = 1;
-
-    if (b->next_bio == NULL)
-        return (0);
-    switch (cmd) {
-    default:
-        ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
-        break;
-    }
-    return (ret);
-}
-
-static int nbiof_gets(BIO *bp, char *buf, int size)
-{
-    if (bp->next_bio == NULL)
-        return (0);
-    return (BIO_gets(bp->next_bio, buf, size));
-}
-
-static int nbiof_puts(BIO *bp, const char *str)
-{
-    if (bp->next_bio == NULL)
-        return (0);
-    return (BIO_puts(bp->next_bio, str));
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/bio/bf_nbio.c (from rev 11605, vendor-crypto/openssl/dist/crypto/bio/bf_nbio.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/bio/bf_nbio.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/bio/bf_nbio.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,253 @@
+/* crypto/bio/bf_nbio.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include <openssl/bio.h>
+
+/*
+ * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest
+ */
+
+static int nbiof_write(BIO *h, const char *buf, int num);
+static int nbiof_read(BIO *h, char *buf, int size);
+static int nbiof_puts(BIO *h, const char *str);
+static int nbiof_gets(BIO *h, char *str, int size);
+static long nbiof_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int nbiof_new(BIO *h);
+static int nbiof_free(BIO *data);
+static long nbiof_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+typedef struct nbio_test_st {
+    /* only set if we sent a 'should retry' error */
+    int lrn;
+    int lwn;
+} NBIO_TEST;
+
+static BIO_METHOD methods_nbiof = {
+    BIO_TYPE_NBIO_TEST,
+    "non-blocking IO test filter",
+    nbiof_write,
+    nbiof_read,
+    nbiof_puts,
+    nbiof_gets,
+    nbiof_ctrl,
+    nbiof_new,
+    nbiof_free,
+    nbiof_callback_ctrl,
+};
+
+BIO_METHOD *BIO_f_nbio_test(void)
+{
+    return (&methods_nbiof);
+}
+
+static int nbiof_new(BIO *bi)
+{
+    NBIO_TEST *nt;
+
+    if (!(nt = (NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST))))
+        return (0);
+    nt->lrn = -1;
+    nt->lwn = -1;
+    bi->ptr = (char *)nt;
+    bi->init = 1;
+    bi->flags = 0;
+    return (1);
+}
+
+static int nbiof_free(BIO *a)
+{
+    if (a == NULL)
+        return (0);
+    if (a->ptr != NULL)
+        OPENSSL_free(a->ptr);
+    a->ptr = NULL;
+    a->init = 0;
+    a->flags = 0;
+    return (1);
+}
+
+static int nbiof_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+#if 1
+    int num;
+    unsigned char n;
+#endif
+
+    if (out == NULL)
+        return (0);
+    if (b->next_bio == NULL)
+        return (0);
+
+    BIO_clear_retry_flags(b);
+#if 1
+    if (RAND_bytes(&n, 1) <= 0)
+        return -1;
+    num = (n & 0x07);
+
+    if (outl > num)
+        outl = num;
+
+    if (num == 0) {
+        ret = -1;
+        BIO_set_retry_read(b);
+    } else
+#endif
+    {
+        ret = BIO_read(b->next_bio, out, outl);
+        if (ret < 0)
+            BIO_copy_next_retry(b);
+    }
+    return (ret);
+}
+
+static int nbiof_write(BIO *b, const char *in, int inl)
+{
+    NBIO_TEST *nt;
+    int ret = 0;
+    int num;
+    unsigned char n;
+
+    if ((in == NULL) || (inl <= 0))
+        return (0);
+    if (b->next_bio == NULL)
+        return (0);
+    nt = (NBIO_TEST *)b->ptr;
+
+    BIO_clear_retry_flags(b);
+
+#if 1
+    if (nt->lwn > 0) {
+        num = nt->lwn;
+        nt->lwn = 0;
+    } else {
+        if (RAND_bytes(&n, 1) <= 0)
+            return -1;
+        num = (n & 7);
+    }
+
+    if (inl > num)
+        inl = num;
+
+    if (num == 0) {
+        ret = -1;
+        BIO_set_retry_write(b);
+    } else
+#endif
+    {
+        ret = BIO_write(b->next_bio, in, inl);
+        if (ret < 0) {
+            BIO_copy_next_retry(b);
+            nt->lwn = inl;
+        }
+    }
+    return (ret);
+}
+
+static long nbiof_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    long ret;
+
+    if (b->next_bio == NULL)
+        return (0);
+    switch (cmd) {
+    case BIO_C_DO_STATE_MACHINE:
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+    case BIO_CTRL_DUP:
+        ret = 0L;
+        break;
+    default:
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    }
+    return (ret);
+}
+
+static long nbiof_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+{
+    long ret = 1;
+
+    if (b->next_bio == NULL)
+        return (0);
+    switch (cmd) {
+    default:
+        ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+        break;
+    }
+    return (ret);
+}
+
+static int nbiof_gets(BIO *bp, char *buf, int size)
+{
+    if (bp->next_bio == NULL)
+        return (0);
+    return (BIO_gets(bp->next_bio, buf, size));
+}
+
+static int nbiof_puts(BIO *bp, const char *str)
+{
+    if (bp->next_bio == NULL)
+        return (0);
+    return (BIO_puts(bp->next_bio, str));
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/bio/bio.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bio.h	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/bio/bio.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,875 +0,0 @@
-/* crypto/bio/bio.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_BIO_H
-# define HEADER_BIO_H
-
-# include <openssl/e_os2.h>
-
-# ifndef OPENSSL_NO_FP_API
-#  include <stdio.h>
-# endif
-# include <stdarg.h>
-
-# include <openssl/crypto.h>
-
-# ifndef OPENSSL_NO_SCTP
-#  ifndef OPENSSL_SYS_VMS
-#   include <stdint.h>
-#  else
-#   include <inttypes.h>
-#  endif
-# endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* These are the 'types' of BIOs */
-# define BIO_TYPE_NONE           0
-# define BIO_TYPE_MEM            (1|0x0400)
-# define BIO_TYPE_FILE           (2|0x0400)
-
-# define BIO_TYPE_FD             (4|0x0400|0x0100)
-# define BIO_TYPE_SOCKET         (5|0x0400|0x0100)
-# define BIO_TYPE_NULL           (6|0x0400)
-# define BIO_TYPE_SSL            (7|0x0200)
-# define BIO_TYPE_MD             (8|0x0200)/* passive filter */
-# define BIO_TYPE_BUFFER         (9|0x0200)/* filter */
-# define BIO_TYPE_CIPHER         (10|0x0200)/* filter */
-# define BIO_TYPE_BASE64         (11|0x0200)/* filter */
-# define BIO_TYPE_CONNECT        (12|0x0400|0x0100)/* socket - connect */
-# define BIO_TYPE_ACCEPT         (13|0x0400|0x0100)/* socket for accept */
-# define BIO_TYPE_PROXY_CLIENT   (14|0x0200)/* client proxy BIO */
-# define BIO_TYPE_PROXY_SERVER   (15|0x0200)/* server proxy BIO */
-# define BIO_TYPE_NBIO_TEST      (16|0x0200)/* server proxy BIO */
-# define BIO_TYPE_NULL_FILTER    (17|0x0200)
-# define BIO_TYPE_BER            (18|0x0200)/* BER -> bin filter */
-# define BIO_TYPE_BIO            (19|0x0400)/* (half a) BIO pair */
-# define BIO_TYPE_LINEBUFFER     (20|0x0200)/* filter */
-# define BIO_TYPE_DGRAM          (21|0x0400|0x0100)
-# ifndef OPENSSL_NO_SCTP
-#  define BIO_TYPE_DGRAM_SCTP     (24|0x0400|0x0100)
-# endif
-# define BIO_TYPE_ASN1           (22|0x0200)/* filter */
-# define BIO_TYPE_COMP           (23|0x0200)/* filter */
-
-# define BIO_TYPE_DESCRIPTOR     0x0100/* socket, fd, connect or accept */
-# define BIO_TYPE_FILTER         0x0200
-# define BIO_TYPE_SOURCE_SINK    0x0400
-
-/*
- * BIO_FILENAME_READ|BIO_CLOSE to open or close on free.
- * BIO_set_fp(in,stdin,BIO_NOCLOSE);
- */
-# define BIO_NOCLOSE             0x00
-# define BIO_CLOSE               0x01
-
-/*
- * These are used in the following macros and are passed to BIO_ctrl()
- */
-# define BIO_CTRL_RESET          1/* opt - rewind/zero etc */
-# define BIO_CTRL_EOF            2/* opt - are we at the eof */
-# define BIO_CTRL_INFO           3/* opt - extra tit-bits */
-# define BIO_CTRL_SET            4/* man - set the 'IO' type */
-# define BIO_CTRL_GET            5/* man - get the 'IO' type */
-# define BIO_CTRL_PUSH           6/* opt - internal, used to signify change */
-# define BIO_CTRL_POP            7/* opt - internal, used to signify change */
-# define BIO_CTRL_GET_CLOSE      8/* man - set the 'close' on free */
-# define BIO_CTRL_SET_CLOSE      9/* man - set the 'close' on free */
-# define BIO_CTRL_PENDING        10/* opt - is their more data buffered */
-# define BIO_CTRL_FLUSH          11/* opt - 'flush' buffered output */
-# define BIO_CTRL_DUP            12/* man - extra stuff for 'duped' BIO */
-# define BIO_CTRL_WPENDING       13/* opt - number of bytes still to write */
-/* callback is int cb(BIO *bio,state,ret); */
-# define BIO_CTRL_SET_CALLBACK   14/* opt - set callback function */
-# define BIO_CTRL_GET_CALLBACK   15/* opt - set callback function */
-
-# define BIO_CTRL_SET_FILENAME   30/* BIO_s_file special */
-
-/* dgram BIO stuff */
-# define BIO_CTRL_DGRAM_CONNECT       31/* BIO dgram special */
-# define BIO_CTRL_DGRAM_SET_CONNECTED 32/* allow for an externally connected
-                                         * socket to be passed in */
-# define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33/* setsockopt, essentially */
-# define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34/* getsockopt, essentially */
-# define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35/* setsockopt, essentially */
-# define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36/* getsockopt, essentially */
-
-# define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37/* flag whether the last */
-# define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38/* I/O operation tiemd out */
-
-/* #ifdef IP_MTU_DISCOVER */
-# define BIO_CTRL_DGRAM_MTU_DISCOVER       39/* set DF bit on egress packets */
-/* #endif */
-
-# define BIO_CTRL_DGRAM_QUERY_MTU          40/* as kernel for current MTU */
-# define BIO_CTRL_DGRAM_GET_FALLBACK_MTU   47
-# define BIO_CTRL_DGRAM_GET_MTU            41/* get cached value for MTU */
-# define BIO_CTRL_DGRAM_SET_MTU            42/* set cached value for MTU.
-                                              * want to use this if asking
-                                              * the kernel fails */
-
-# define BIO_CTRL_DGRAM_MTU_EXCEEDED       43/* check whether the MTU was
-                                              * exceed in the previous write
-                                              * operation */
-
-# define BIO_CTRL_DGRAM_GET_PEER           46
-# define BIO_CTRL_DGRAM_SET_PEER           44/* Destination for the data */
-
-# define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT   45/* Next DTLS handshake timeout
-                                              * to adjust socket timeouts */
-
-# define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD   49
-
-# ifndef OPENSSL_NO_SCTP
-/* SCTP stuff */
-#  define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE    50
-#  define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY                51
-#  define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY               52
-#  define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD               53
-#  define BIO_CTRL_DGRAM_SCTP_GET_SNDINFO         60
-#  define BIO_CTRL_DGRAM_SCTP_SET_SNDINFO         61
-#  define BIO_CTRL_DGRAM_SCTP_GET_RCVINFO         62
-#  define BIO_CTRL_DGRAM_SCTP_SET_RCVINFO         63
-#  define BIO_CTRL_DGRAM_SCTP_GET_PRINFO                  64
-#  define BIO_CTRL_DGRAM_SCTP_SET_PRINFO                  65
-#  define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN               70
-# endif
-
-/* modifiers */
-# define BIO_FP_READ             0x02
-# define BIO_FP_WRITE            0x04
-# define BIO_FP_APPEND           0x08
-# define BIO_FP_TEXT             0x10
-
-# define BIO_FLAGS_READ          0x01
-# define BIO_FLAGS_WRITE         0x02
-# define BIO_FLAGS_IO_SPECIAL    0x04
-# define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL)
-# define BIO_FLAGS_SHOULD_RETRY  0x08
-# ifndef BIO_FLAGS_UPLINK
-/*
- * "UPLINK" flag denotes file descriptors provided by application. It
- * defaults to 0, as most platforms don't require UPLINK interface.
- */
-#  define BIO_FLAGS_UPLINK        0
-# endif
-
-/* Used in BIO_gethostbyname() */
-# define BIO_GHBN_CTRL_HITS              1
-# define BIO_GHBN_CTRL_MISSES            2
-# define BIO_GHBN_CTRL_CACHE_SIZE        3
-# define BIO_GHBN_CTRL_GET_ENTRY         4
-# define BIO_GHBN_CTRL_FLUSH             5
-
-/* Mostly used in the SSL BIO */
-/*-
- * Not used anymore
- * #define BIO_FLAGS_PROTOCOL_DELAYED_READ 0x10
- * #define BIO_FLAGS_PROTOCOL_DELAYED_WRITE 0x20
- * #define BIO_FLAGS_PROTOCOL_STARTUP   0x40
- */
-
-# define BIO_FLAGS_BASE64_NO_NL  0x100
-
-/*
- * This is used with memory BIOs: it means we shouldn't free up or change the
- * data in any way.
- */
-# define BIO_FLAGS_MEM_RDONLY    0x200
-
-typedef struct bio_st BIO;
-
-void BIO_set_flags(BIO *b, int flags);
-int BIO_test_flags(const BIO *b, int flags);
-void BIO_clear_flags(BIO *b, int flags);
-
-# define BIO_get_flags(b) BIO_test_flags(b, ~(0x0))
-# define BIO_set_retry_special(b) \
-                BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY))
-# define BIO_set_retry_read(b) \
-                BIO_set_flags(b, (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY))
-# define BIO_set_retry_write(b) \
-                BIO_set_flags(b, (BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY))
-
-/* These are normally used internally in BIOs */
-# define BIO_clear_retry_flags(b) \
-                BIO_clear_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
-# define BIO_get_retry_flags(b) \
-                BIO_test_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
-
-/* These should be used by the application to tell why we should retry */
-# define BIO_should_read(a)              BIO_test_flags(a, BIO_FLAGS_READ)
-# define BIO_should_write(a)             BIO_test_flags(a, BIO_FLAGS_WRITE)
-# define BIO_should_io_special(a)        BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL)
-# define BIO_retry_type(a)               BIO_test_flags(a, BIO_FLAGS_RWS)
-# define BIO_should_retry(a)             BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY)
-
-/*
- * The next three are used in conjunction with the BIO_should_io_special()
- * condition.  After this returns true, BIO *BIO_get_retry_BIO(BIO *bio, int
- * *reason); will walk the BIO stack and return the 'reason' for the special
- * and the offending BIO. Given a BIO, BIO_get_retry_reason(bio) will return
- * the code.
- */
-/*
- * Returned from the SSL bio when the certificate retrieval code had an error
- */
-# define BIO_RR_SSL_X509_LOOKUP          0x01
-/* Returned from the connect BIO when a connect would have blocked */
-# define BIO_RR_CONNECT                  0x02
-/* Returned from the accept BIO when an accept would have blocked */
-# define BIO_RR_ACCEPT                   0x03
-
-/* These are passed by the BIO callback */
-# define BIO_CB_FREE     0x01
-# define BIO_CB_READ     0x02
-# define BIO_CB_WRITE    0x03
-# define BIO_CB_PUTS     0x04
-# define BIO_CB_GETS     0x05
-# define BIO_CB_CTRL     0x06
-
-/*
- * The callback is called before and after the underling operation, The
- * BIO_CB_RETURN flag indicates if it is after the call
- */
-# define BIO_CB_RETURN   0x80
-# define BIO_CB_return(a) ((a)|BIO_CB_RETURN)
-# define BIO_cb_pre(a)   (!((a)&BIO_CB_RETURN))
-# define BIO_cb_post(a)  ((a)&BIO_CB_RETURN)
-
-long (*BIO_get_callback(const BIO *b)) (struct bio_st *, int, const char *,
-                                        int, long, long);
-void BIO_set_callback(BIO *b,
-                      long (*callback) (struct bio_st *, int, const char *,
-                                        int, long, long));
-char *BIO_get_callback_arg(const BIO *b);
-void BIO_set_callback_arg(BIO *b, char *arg);
-
-const char *BIO_method_name(const BIO *b);
-int BIO_method_type(const BIO *b);
-
-typedef void bio_info_cb (struct bio_st *, int, const char *, int, long,
-                          long);
-
-typedef struct bio_method_st {
-    int type;
-    const char *name;
-    int (*bwrite) (BIO *, const char *, int);
-    int (*bread) (BIO *, char *, int);
-    int (*bputs) (BIO *, const char *);
-    int (*bgets) (BIO *, char *, int);
-    long (*ctrl) (BIO *, int, long, void *);
-    int (*create) (BIO *);
-    int (*destroy) (BIO *);
-    long (*callback_ctrl) (BIO *, int, bio_info_cb *);
-} BIO_METHOD;
-
-struct bio_st {
-    BIO_METHOD *method;
-    /* bio, mode, argp, argi, argl, ret */
-    long (*callback) (struct bio_st *, int, const char *, int, long, long);
-    char *cb_arg;               /* first argument for the callback */
-    int init;
-    int shutdown;
-    int flags;                  /* extra storage */
-    int retry_reason;
-    int num;
-    void *ptr;
-    struct bio_st *next_bio;    /* used by filter BIOs */
-    struct bio_st *prev_bio;    /* used by filter BIOs */
-    int references;
-    unsigned long num_read;
-    unsigned long num_write;
-    CRYPTO_EX_DATA ex_data;
-};
-
-DECLARE_STACK_OF(BIO)
-
-typedef struct bio_f_buffer_ctx_struct {
-    /*-
-     * Buffers are setup like this:
-     *
-     * <---------------------- size ----------------------->
-     * +---------------------------------------------------+
-     * | consumed | remaining          | free space        |
-     * +---------------------------------------------------+
-     * <-- off --><------- len ------->
-     */
-    /*- BIO *bio; *//*
-     * this is now in the BIO struct
-     */
-    int ibuf_size;              /* how big is the input buffer */
-    int obuf_size;              /* how big is the output buffer */
-    char *ibuf;                 /* the char array */
-    int ibuf_len;               /* how many bytes are in it */
-    int ibuf_off;               /* write/read offset */
-    char *obuf;                 /* the char array */
-    int obuf_len;               /* how many bytes are in it */
-    int obuf_off;               /* write/read offset */
-} BIO_F_BUFFER_CTX;
-
-/* Prefix and suffix callback in ASN1 BIO */
-typedef int asn1_ps_func (BIO *b, unsigned char **pbuf, int *plen,
-                          void *parg);
-
-# ifndef OPENSSL_NO_SCTP
-/* SCTP parameter structs */
-struct bio_dgram_sctp_sndinfo {
-    uint16_t snd_sid;
-    uint16_t snd_flags;
-    uint32_t snd_ppid;
-    uint32_t snd_context;
-};
-
-struct bio_dgram_sctp_rcvinfo {
-    uint16_t rcv_sid;
-    uint16_t rcv_ssn;
-    uint16_t rcv_flags;
-    uint32_t rcv_ppid;
-    uint32_t rcv_tsn;
-    uint32_t rcv_cumtsn;
-    uint32_t rcv_context;
-};
-
-struct bio_dgram_sctp_prinfo {
-    uint16_t pr_policy;
-    uint32_t pr_value;
-};
-# endif
-
-/* connect BIO stuff */
-# define BIO_CONN_S_BEFORE               1
-# define BIO_CONN_S_GET_IP               2
-# define BIO_CONN_S_GET_PORT             3
-# define BIO_CONN_S_CREATE_SOCKET        4
-# define BIO_CONN_S_CONNECT              5
-# define BIO_CONN_S_OK                   6
-# define BIO_CONN_S_BLOCKED_CONNECT      7
-# define BIO_CONN_S_NBIO                 8
-/*
- * #define BIO_CONN_get_param_hostname BIO_ctrl
- */
-
-# define BIO_C_SET_CONNECT                       100
-# define BIO_C_DO_STATE_MACHINE                  101
-# define BIO_C_SET_NBIO                          102
-# define BIO_C_SET_PROXY_PARAM                   103
-# define BIO_C_SET_FD                            104
-# define BIO_C_GET_FD                            105
-# define BIO_C_SET_FILE_PTR                      106
-# define BIO_C_GET_FILE_PTR                      107
-# define BIO_C_SET_FILENAME                      108
-# define BIO_C_SET_SSL                           109
-# define BIO_C_GET_SSL                           110
-# define BIO_C_SET_MD                            111
-# define BIO_C_GET_MD                            112
-# define BIO_C_GET_CIPHER_STATUS                 113
-# define BIO_C_SET_BUF_MEM                       114
-# define BIO_C_GET_BUF_MEM_PTR                   115
-# define BIO_C_GET_BUFF_NUM_LINES                116
-# define BIO_C_SET_BUFF_SIZE                     117
-# define BIO_C_SET_ACCEPT                        118
-# define BIO_C_SSL_MODE                          119
-# define BIO_C_GET_MD_CTX                        120
-# define BIO_C_GET_PROXY_PARAM                   121
-# define BIO_C_SET_BUFF_READ_DATA                122/* data to read first */
-# define BIO_C_GET_CONNECT                       123
-# define BIO_C_GET_ACCEPT                        124
-# define BIO_C_SET_SSL_RENEGOTIATE_BYTES         125
-# define BIO_C_GET_SSL_NUM_RENEGOTIATES          126
-# define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT       127
-# define BIO_C_FILE_SEEK                         128
-# define BIO_C_GET_CIPHER_CTX                    129
-# define BIO_C_SET_BUF_MEM_EOF_RETURN            130/* return end of input
-                                                     * value */
-# define BIO_C_SET_BIND_MODE                     131
-# define BIO_C_GET_BIND_MODE                     132
-# define BIO_C_FILE_TELL                         133
-# define BIO_C_GET_SOCKS                         134
-# define BIO_C_SET_SOCKS                         135
-
-# define BIO_C_SET_WRITE_BUF_SIZE                136/* for BIO_s_bio */
-# define BIO_C_GET_WRITE_BUF_SIZE                137
-# define BIO_C_MAKE_BIO_PAIR                     138
-# define BIO_C_DESTROY_BIO_PAIR                  139
-# define BIO_C_GET_WRITE_GUARANTEE               140
-# define BIO_C_GET_READ_REQUEST                  141
-# define BIO_C_SHUTDOWN_WR                       142
-# define BIO_C_NREAD0                            143
-# define BIO_C_NREAD                             144
-# define BIO_C_NWRITE0                           145
-# define BIO_C_NWRITE                            146
-# define BIO_C_RESET_READ_REQUEST                147
-# define BIO_C_SET_MD_CTX                        148
-
-# define BIO_C_SET_PREFIX                        149
-# define BIO_C_GET_PREFIX                        150
-# define BIO_C_SET_SUFFIX                        151
-# define BIO_C_GET_SUFFIX                        152
-
-# define BIO_C_SET_EX_ARG                        153
-# define BIO_C_GET_EX_ARG                        154
-
-# define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
-# define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
-
-/* BIO_s_connect() and BIO_s_socks4a_connect() */
-# define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name)
-# define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port)
-# define BIO_set_conn_ip(b,ip)     BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip)
-# define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port)
-# define BIO_get_conn_hostname(b)  BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
-# define BIO_get_conn_port(b)      BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
-# define BIO_get_conn_ip(b)               BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
-# define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0)
-
-# define BIO_set_nbio(b,n)       BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
-
-/* BIO_s_accept_socket() */
-# define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
-# define BIO_get_accept_port(b)  BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)
-/* #define BIO_set_nbio(b,n)    BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
-# define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?(void *)"a":NULL)
-# define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio)
-
-# define BIO_BIND_NORMAL                 0
-# define BIO_BIND_REUSEADDR_IF_UNUSED    1
-# define BIO_BIND_REUSEADDR              2
-# define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
-# define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
-
-# define BIO_do_connect(b)       BIO_do_handshake(b)
-# define BIO_do_accept(b)        BIO_do_handshake(b)
-# define BIO_do_handshake(b)     BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
-
-/* BIO_s_proxy_client() */
-# define BIO_set_url(b,url)      BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,0,(char *)(url))
-# define BIO_set_proxies(b,p)    BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,1,(char *)(p))
-/* BIO_set_nbio(b,n) */
-# define BIO_set_filter_bio(b,s) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,2,(char *)(s))
-/* BIO *BIO_get_filter_bio(BIO *bio); */
-# define BIO_set_proxy_cb(b,cb) BIO_callback_ctrl(b,BIO_C_SET_PROXY_PARAM,3,(void *(*cb)()))
-# define BIO_set_proxy_header(b,sk) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,4,(char *)sk)
-# define BIO_set_no_connect_return(b,bool) BIO_int_ctrl(b,BIO_C_SET_PROXY_PARAM,5,bool)
-
-# define BIO_get_proxy_header(b,skp) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,0,(char *)skp)
-# define BIO_get_proxies(b,pxy_p) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,1,(char *)(pxy_p))
-# define BIO_get_url(b,url)      BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url))
-# define BIO_get_no_connect_return(b)    BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL)
-
-# define BIO_set_fd(b,fd,c)      BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
-# define BIO_get_fd(b,c)         BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
-
-# define BIO_set_fp(b,fp,c)      BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp)
-# define BIO_get_fp(b,fpp)       BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp)
-
-# define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL)
-# define BIO_tell(b)     (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)
-
-/*
- * name is cast to lose const, but might be better to route through a
- * function so we can do it safely
- */
-# ifdef CONST_STRICT
-/*
- * If you are wondering why this isn't defined, its because CONST_STRICT is
- * purely a compile-time kludge to allow const to be checked.
- */
-int BIO_read_filename(BIO *b, const char *name);
-# else
-#  define BIO_read_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
-                BIO_CLOSE|BIO_FP_READ,(char *)name)
-# endif
-# define BIO_write_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
-                BIO_CLOSE|BIO_FP_WRITE,name)
-# define BIO_append_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
-                BIO_CLOSE|BIO_FP_APPEND,name)
-# define BIO_rw_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
-                BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name)
-
-/*
- * WARNING WARNING, this ups the reference count on the read bio of the SSL
- * structure.  This is because the ssl read BIO is now pointed to by the
- * next_bio field in the bio.  So when you free the BIO, make sure you are
- * doing a BIO_free_all() to catch the underlying BIO.
- */
-# define BIO_set_ssl(b,ssl,c)    BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl)
-# define BIO_get_ssl(b,sslp)     BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
-# define BIO_set_ssl_mode(b,client)      BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
-# define BIO_set_ssl_renegotiate_bytes(b,num) \
-        BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
-# define BIO_get_num_renegotiates(b) \
-        BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL);
-# define BIO_set_ssl_renegotiate_timeout(b,seconds) \
-        BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
-
-/* defined in evp.h */
-/* #define BIO_set_md(b,md)     BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */
-
-# define BIO_get_mem_data(b,pp)  BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp)
-# define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)bm)
-# define BIO_get_mem_ptr(b,pp)   BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0,(char *)pp)
-# define BIO_set_mem_eof_return(b,v) \
-                                BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL)
-
-/* For the BIO_f_buffer() type */
-# define BIO_get_buffer_num_lines(b)     BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL)
-# define BIO_set_buffer_size(b,size)     BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL)
-# define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0)
-# define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1)
-# define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf)
-
-/* Don't use the next one unless you know what you are doing :-) */
-# define BIO_dup_state(b,ret)    BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)(ret))
-
-# define BIO_reset(b)            (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL)
-# define BIO_eof(b)              (int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL)
-# define BIO_set_close(b,c)      (int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL)
-# define BIO_get_close(b)        (int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL)
-# define BIO_pending(b)          (int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL)
-# define BIO_wpending(b)         (int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL)
-/* ...pending macros have inappropriate return type */
-size_t BIO_ctrl_pending(BIO *b);
-size_t BIO_ctrl_wpending(BIO *b);
-# define BIO_flush(b)            (int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL)
-# define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0, \
-                                                   cbp)
-# define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,cb)
-
-/* For the BIO_f_buffer() type */
-# define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL)
-
-/* For BIO_s_bio() */
-# define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL)
-# define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL)
-# define BIO_make_bio_pair(b1,b2)   (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2)
-# define BIO_destroy_bio_pair(b)    (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL)
-# define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL)
-/* macros with inappropriate type -- but ...pending macros use int too: */
-# define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL)
-# define BIO_get_read_request(b)    (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL)
-size_t BIO_ctrl_get_write_guarantee(BIO *b);
-size_t BIO_ctrl_get_read_request(BIO *b);
-int BIO_ctrl_reset_read_request(BIO *b);
-
-/* ctrl macros for dgram */
-# define BIO_ctrl_dgram_connect(b,peer)  \
-                     (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)peer)
-# define BIO_ctrl_set_connected(b, state, peer) \
-         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, state, (char *)peer)
-# define BIO_dgram_recv_timedout(b) \
-         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL)
-# define BIO_dgram_send_timedout(b) \
-         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL)
-# define BIO_dgram_get_peer(b,peer) \
-         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)peer)
-# define BIO_dgram_set_peer(b,peer) \
-         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer)
-# define BIO_dgram_get_mtu_overhead(b) \
-         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
-
-/* These two aren't currently implemented */
-/* int BIO_get_ex_num(BIO *bio); */
-/* void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)()); */
-int BIO_set_ex_data(BIO *bio, int idx, void *data);
-void *BIO_get_ex_data(BIO *bio, int idx);
-int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-                         CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-unsigned long BIO_number_read(BIO *bio);
-unsigned long BIO_number_written(BIO *bio);
-
-/* For BIO_f_asn1() */
-int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix,
-                        asn1_ps_func *prefix_free);
-int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix,
-                        asn1_ps_func **pprefix_free);
-int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix,
-                        asn1_ps_func *suffix_free);
-int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix,
-                        asn1_ps_func **psuffix_free);
-
-# ifndef OPENSSL_NO_FP_API
-BIO_METHOD *BIO_s_file(void);
-BIO *BIO_new_file(const char *filename, const char *mode);
-BIO *BIO_new_fp(FILE *stream, int close_flag);
-#  define BIO_s_file_internal    BIO_s_file
-# endif
-BIO *BIO_new(BIO_METHOD *type);
-int BIO_set(BIO *a, BIO_METHOD *type);
-int BIO_free(BIO *a);
-void BIO_vfree(BIO *a);
-int BIO_read(BIO *b, void *data, int len);
-int BIO_gets(BIO *bp, char *buf, int size);
-int BIO_write(BIO *b, const void *data, int len);
-int BIO_puts(BIO *bp, const char *buf);
-int BIO_indent(BIO *b, int indent, int max);
-long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
-long BIO_callback_ctrl(BIO *b, int cmd,
-                       void (*fp) (struct bio_st *, int, const char *, int,
-                                   long, long));
-char *BIO_ptr_ctrl(BIO *bp, int cmd, long larg);
-long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg);
-BIO *BIO_push(BIO *b, BIO *append);
-BIO *BIO_pop(BIO *b);
-void BIO_free_all(BIO *a);
-BIO *BIO_find_type(BIO *b, int bio_type);
-BIO *BIO_next(BIO *b);
-BIO *BIO_get_retry_BIO(BIO *bio, int *reason);
-int BIO_get_retry_reason(BIO *bio);
-BIO *BIO_dup_chain(BIO *in);
-
-int BIO_nread0(BIO *bio, char **buf);
-int BIO_nread(BIO *bio, char **buf, int num);
-int BIO_nwrite0(BIO *bio, char **buf);
-int BIO_nwrite(BIO *bio, char **buf, int num);
-
-long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi,
-                        long argl, long ret);
-
-BIO_METHOD *BIO_s_mem(void);
-BIO *BIO_new_mem_buf(void *buf, int len);
-BIO_METHOD *BIO_s_socket(void);
-BIO_METHOD *BIO_s_connect(void);
-BIO_METHOD *BIO_s_accept(void);
-BIO_METHOD *BIO_s_fd(void);
-# ifndef OPENSSL_SYS_OS2
-BIO_METHOD *BIO_s_log(void);
-# endif
-BIO_METHOD *BIO_s_bio(void);
-BIO_METHOD *BIO_s_null(void);
-BIO_METHOD *BIO_f_null(void);
-BIO_METHOD *BIO_f_buffer(void);
-# ifdef OPENSSL_SYS_VMS
-BIO_METHOD *BIO_f_linebuffer(void);
-# endif
-BIO_METHOD *BIO_f_nbio_test(void);
-# ifndef OPENSSL_NO_DGRAM
-BIO_METHOD *BIO_s_datagram(void);
-#  ifndef OPENSSL_NO_SCTP
-BIO_METHOD *BIO_s_datagram_sctp(void);
-#  endif
-# endif
-
-/* BIO_METHOD *BIO_f_ber(void); */
-
-int BIO_sock_should_retry(int i);
-int BIO_sock_non_fatal_error(int error);
-int BIO_dgram_non_fatal_error(int error);
-
-int BIO_fd_should_retry(int i);
-int BIO_fd_non_fatal_error(int error);
-int BIO_dump_cb(int (*cb) (const void *data, size_t len, void *u),
-                void *u, const char *s, int len);
-int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u),
-                       void *u, const char *s, int len, int indent);
-int BIO_dump(BIO *b, const char *bytes, int len);
-int BIO_dump_indent(BIO *b, const char *bytes, int len, int indent);
-# ifndef OPENSSL_NO_FP_API
-int BIO_dump_fp(FILE *fp, const char *s, int len);
-int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent);
-# endif
-struct hostent *BIO_gethostbyname(const char *name);
-/*-
- * We might want a thread-safe interface too:
- * struct hostent *BIO_gethostbyname_r(const char *name,
- *     struct hostent *result, void *buffer, size_t buflen);
- * or something similar (caller allocates a struct hostent,
- * pointed to by "result", and additional buffer space for the various
- * substructures; if the buffer does not suffice, NULL is returned
- * and an appropriate error code is set).
- */
-int BIO_sock_error(int sock);
-int BIO_socket_ioctl(int fd, long type, void *arg);
-int BIO_socket_nbio(int fd, int mode);
-int BIO_get_port(const char *str, unsigned short *port_ptr);
-int BIO_get_host_ip(const char *str, unsigned char *ip);
-int BIO_get_accept_socket(char *host_port, int mode);
-int BIO_accept(int sock, char **ip_port);
-int BIO_sock_init(void);
-void BIO_sock_cleanup(void);
-int BIO_set_tcp_ndelay(int sock, int turn_on);
-
-BIO *BIO_new_socket(int sock, int close_flag);
-BIO *BIO_new_dgram(int fd, int close_flag);
-# ifndef OPENSSL_NO_SCTP
-BIO *BIO_new_dgram_sctp(int fd, int close_flag);
-int BIO_dgram_is_sctp(BIO *bio);
-int BIO_dgram_sctp_notification_cb(BIO *b,
-                                   void (*handle_notifications) (BIO *bio,
-                                                                 void
-                                                                 *context,
-                                                                 void *buf),
-                                   void *context);
-int BIO_dgram_sctp_wait_for_dry(BIO *b);
-int BIO_dgram_sctp_msg_waiting(BIO *b);
-# endif
-BIO *BIO_new_fd(int fd, int close_flag);
-BIO *BIO_new_connect(char *host_port);
-BIO *BIO_new_accept(char *host_port);
-
-int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
-                     BIO **bio2, size_t writebuf2);
-/*
- * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
- * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
- * value.
- */
-
-void BIO_copy_next_retry(BIO *b);
-
-/*
- * long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);
- */
-
-# ifdef __GNUC__
-#  define __bio_h__attr__ __attribute__
-# else
-#  define __bio_h__attr__(x)
-# endif
-int BIO_printf(BIO *bio, const char *format, ...)
-__bio_h__attr__((__format__(__printf__, 2, 3)));
-int BIO_vprintf(BIO *bio, const char *format, va_list args)
-__bio_h__attr__((__format__(__printf__, 2, 0)));
-int BIO_snprintf(char *buf, size_t n, const char *format, ...)
-__bio_h__attr__((__format__(__printf__, 3, 4)));
-int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
-__bio_h__attr__((__format__(__printf__, 3, 0)));
-# undef __bio_h__attr__
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_BIO_strings(void);
-
-/* Error codes for the BIO functions. */
-
-/* Function codes. */
-# define BIO_F_ACPT_STATE                                 100
-# define BIO_F_BIO_ACCEPT                                 101
-# define BIO_F_BIO_BER_GET_HEADER                         102
-# define BIO_F_BIO_CALLBACK_CTRL                          131
-# define BIO_F_BIO_CTRL                                   103
-# define BIO_F_BIO_GETHOSTBYNAME                          120
-# define BIO_F_BIO_GETS                                   104
-# define BIO_F_BIO_GET_ACCEPT_SOCKET                      105
-# define BIO_F_BIO_GET_HOST_IP                            106
-# define BIO_F_BIO_GET_PORT                               107
-# define BIO_F_BIO_MAKE_PAIR                              121
-# define BIO_F_BIO_NEW                                    108
-# define BIO_F_BIO_NEW_FILE                               109
-# define BIO_F_BIO_NEW_MEM_BUF                            126
-# define BIO_F_BIO_NREAD                                  123
-# define BIO_F_BIO_NREAD0                                 124
-# define BIO_F_BIO_NWRITE                                 125
-# define BIO_F_BIO_NWRITE0                                122
-# define BIO_F_BIO_PUTS                                   110
-# define BIO_F_BIO_READ                                   111
-# define BIO_F_BIO_SOCK_INIT                              112
-# define BIO_F_BIO_WRITE                                  113
-# define BIO_F_BUFFER_CTRL                                114
-# define BIO_F_CONN_CTRL                                  127
-# define BIO_F_CONN_STATE                                 115
-# define BIO_F_DGRAM_SCTP_READ                            132
-# define BIO_F_DGRAM_SCTP_WRITE                           133
-# define BIO_F_FILE_CTRL                                  116
-# define BIO_F_FILE_READ                                  130
-# define BIO_F_LINEBUFFER_CTRL                            129
-# define BIO_F_MEM_READ                                   128
-# define BIO_F_MEM_WRITE                                  117
-# define BIO_F_SSL_NEW                                    118
-# define BIO_F_WSASTARTUP                                 119
-
-/* Reason codes. */
-# define BIO_R_ACCEPT_ERROR                               100
-# define BIO_R_BAD_FOPEN_MODE                             101
-# define BIO_R_BAD_HOSTNAME_LOOKUP                        102
-# define BIO_R_BROKEN_PIPE                                124
-# define BIO_R_CONNECT_ERROR                              103
-# define BIO_R_EOF_ON_MEMORY_BIO                          127
-# define BIO_R_ERROR_SETTING_NBIO                         104
-# define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET      105
-# define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET        106
-# define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET          107
-# define BIO_R_INVALID_ARGUMENT                           125
-# define BIO_R_INVALID_IP_ADDRESS                         108
-# define BIO_R_IN_USE                                     123
-# define BIO_R_KEEPALIVE                                  109
-# define BIO_R_NBIO_CONNECT_ERROR                         110
-# define BIO_R_NO_ACCEPT_PORT_SPECIFIED                   111
-# define BIO_R_NO_HOSTNAME_SPECIFIED                      112
-# define BIO_R_NO_PORT_DEFINED                            113
-# define BIO_R_NO_PORT_SPECIFIED                          114
-# define BIO_R_NO_SUCH_FILE                               128
-# define BIO_R_NULL_PARAMETER                             115
-# define BIO_R_TAG_MISMATCH                               116
-# define BIO_R_UNABLE_TO_BIND_SOCKET                      117
-# define BIO_R_UNABLE_TO_CREATE_SOCKET                    118
-# define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
-# define BIO_R_UNINITIALIZED                              120
-# define BIO_R_UNSUPPORTED_METHOD                         121
-# define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
-# define BIO_R_WSASTARTUP                                 122
-
-#ifdef  __cplusplus
-}
-#endif
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/bio/bio.h (from rev 11605, vendor-crypto/openssl/dist/crypto/bio/bio.h)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/bio/bio.h	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/bio/bio.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,879 @@
+/* crypto/bio/bio.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_BIO_H
+# define HEADER_BIO_H
+
+# include <openssl/e_os2.h>
+
+# ifndef OPENSSL_NO_FP_API
+#  include <stdio.h>
+# endif
+# include <stdarg.h>
+
+# include <openssl/crypto.h>
+
+# ifndef OPENSSL_NO_SCTP
+#  ifndef OPENSSL_SYS_VMS
+#   include <stdint.h>
+#  else
+#   include <inttypes.h>
+#  endif
+# endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* These are the 'types' of BIOs */
+# define BIO_TYPE_NONE           0
+# define BIO_TYPE_MEM            (1|0x0400)
+# define BIO_TYPE_FILE           (2|0x0400)
+
+# define BIO_TYPE_FD             (4|0x0400|0x0100)
+# define BIO_TYPE_SOCKET         (5|0x0400|0x0100)
+# define BIO_TYPE_NULL           (6|0x0400)
+# define BIO_TYPE_SSL            (7|0x0200)
+# define BIO_TYPE_MD             (8|0x0200)/* passive filter */
+# define BIO_TYPE_BUFFER         (9|0x0200)/* filter */
+# define BIO_TYPE_CIPHER         (10|0x0200)/* filter */
+# define BIO_TYPE_BASE64         (11|0x0200)/* filter */
+# define BIO_TYPE_CONNECT        (12|0x0400|0x0100)/* socket - connect */
+# define BIO_TYPE_ACCEPT         (13|0x0400|0x0100)/* socket for accept */
+# define BIO_TYPE_PROXY_CLIENT   (14|0x0200)/* client proxy BIO */
+# define BIO_TYPE_PROXY_SERVER   (15|0x0200)/* server proxy BIO */
+# define BIO_TYPE_NBIO_TEST      (16|0x0200)/* server proxy BIO */
+# define BIO_TYPE_NULL_FILTER    (17|0x0200)
+# define BIO_TYPE_BER            (18|0x0200)/* BER -> bin filter */
+# define BIO_TYPE_BIO            (19|0x0400)/* (half a) BIO pair */
+# define BIO_TYPE_LINEBUFFER     (20|0x0200)/* filter */
+# define BIO_TYPE_DGRAM          (21|0x0400|0x0100)
+# ifndef OPENSSL_NO_SCTP
+#  define BIO_TYPE_DGRAM_SCTP     (24|0x0400|0x0100)
+# endif
+# define BIO_TYPE_ASN1           (22|0x0200)/* filter */
+# define BIO_TYPE_COMP           (23|0x0200)/* filter */
+
+# define BIO_TYPE_DESCRIPTOR     0x0100/* socket, fd, connect or accept */
+# define BIO_TYPE_FILTER         0x0200
+# define BIO_TYPE_SOURCE_SINK    0x0400
+
+/*
+ * BIO_FILENAME_READ|BIO_CLOSE to open or close on free.
+ * BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ */
+# define BIO_NOCLOSE             0x00
+# define BIO_CLOSE               0x01
+
+/*
+ * These are used in the following macros and are passed to BIO_ctrl()
+ */
+# define BIO_CTRL_RESET          1/* opt - rewind/zero etc */
+# define BIO_CTRL_EOF            2/* opt - are we at the eof */
+# define BIO_CTRL_INFO           3/* opt - extra tit-bits */
+# define BIO_CTRL_SET            4/* man - set the 'IO' type */
+# define BIO_CTRL_GET            5/* man - get the 'IO' type */
+# define BIO_CTRL_PUSH           6/* opt - internal, used to signify change */
+# define BIO_CTRL_POP            7/* opt - internal, used to signify change */
+# define BIO_CTRL_GET_CLOSE      8/* man - set the 'close' on free */
+# define BIO_CTRL_SET_CLOSE      9/* man - set the 'close' on free */
+# define BIO_CTRL_PENDING        10/* opt - is their more data buffered */
+# define BIO_CTRL_FLUSH          11/* opt - 'flush' buffered output */
+# define BIO_CTRL_DUP            12/* man - extra stuff for 'duped' BIO */
+# define BIO_CTRL_WPENDING       13/* opt - number of bytes still to write */
+/* callback is int cb(BIO *bio,state,ret); */
+# define BIO_CTRL_SET_CALLBACK   14/* opt - set callback function */
+# define BIO_CTRL_GET_CALLBACK   15/* opt - set callback function */
+
+# define BIO_CTRL_SET_FILENAME   30/* BIO_s_file special */
+
+/* dgram BIO stuff */
+# define BIO_CTRL_DGRAM_CONNECT       31/* BIO dgram special */
+# define BIO_CTRL_DGRAM_SET_CONNECTED 32/* allow for an externally connected
+                                         * socket to be passed in */
+# define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33/* setsockopt, essentially */
+# define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34/* getsockopt, essentially */
+# define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35/* setsockopt, essentially */
+# define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36/* getsockopt, essentially */
+
+# define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37/* flag whether the last */
+# define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38/* I/O operation tiemd out */
+
+/* #ifdef IP_MTU_DISCOVER */
+# define BIO_CTRL_DGRAM_MTU_DISCOVER       39/* set DF bit on egress packets */
+/* #endif */
+
+# define BIO_CTRL_DGRAM_QUERY_MTU          40/* as kernel for current MTU */
+# define BIO_CTRL_DGRAM_GET_FALLBACK_MTU   47
+# define BIO_CTRL_DGRAM_GET_MTU            41/* get cached value for MTU */
+# define BIO_CTRL_DGRAM_SET_MTU            42/* set cached value for MTU.
+                                              * want to use this if asking
+                                              * the kernel fails */
+
+# define BIO_CTRL_DGRAM_MTU_EXCEEDED       43/* check whether the MTU was
+                                              * exceed in the previous write
+                                              * operation */
+
+# define BIO_CTRL_DGRAM_GET_PEER           46
+# define BIO_CTRL_DGRAM_SET_PEER           44/* Destination for the data */
+
+# define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT   45/* Next DTLS handshake timeout
+                                              * to adjust socket timeouts */
+
+# define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD   49
+
+# ifndef OPENSSL_NO_SCTP
+/* SCTP stuff */
+#  define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE    50
+#  define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY                51
+#  define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY               52
+#  define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD               53
+#  define BIO_CTRL_DGRAM_SCTP_GET_SNDINFO         60
+#  define BIO_CTRL_DGRAM_SCTP_SET_SNDINFO         61
+#  define BIO_CTRL_DGRAM_SCTP_GET_RCVINFO         62
+#  define BIO_CTRL_DGRAM_SCTP_SET_RCVINFO         63
+#  define BIO_CTRL_DGRAM_SCTP_GET_PRINFO                  64
+#  define BIO_CTRL_DGRAM_SCTP_SET_PRINFO                  65
+#  define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN               70
+# endif
+
+/* modifiers */
+# define BIO_FP_READ             0x02
+# define BIO_FP_WRITE            0x04
+# define BIO_FP_APPEND           0x08
+# define BIO_FP_TEXT             0x10
+
+# define BIO_FLAGS_READ          0x01
+# define BIO_FLAGS_WRITE         0x02
+# define BIO_FLAGS_IO_SPECIAL    0x04
+# define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL)
+# define BIO_FLAGS_SHOULD_RETRY  0x08
+# ifndef BIO_FLAGS_UPLINK
+/*
+ * "UPLINK" flag denotes file descriptors provided by application. It
+ * defaults to 0, as most platforms don't require UPLINK interface.
+ */
+#  define BIO_FLAGS_UPLINK        0
+# endif
+
+/* Used in BIO_gethostbyname() */
+# define BIO_GHBN_CTRL_HITS              1
+# define BIO_GHBN_CTRL_MISSES            2
+# define BIO_GHBN_CTRL_CACHE_SIZE        3
+# define BIO_GHBN_CTRL_GET_ENTRY         4
+# define BIO_GHBN_CTRL_FLUSH             5
+
+/* Mostly used in the SSL BIO */
+/*-
+ * Not used anymore
+ * #define BIO_FLAGS_PROTOCOL_DELAYED_READ 0x10
+ * #define BIO_FLAGS_PROTOCOL_DELAYED_WRITE 0x20
+ * #define BIO_FLAGS_PROTOCOL_STARTUP   0x40
+ */
+
+# define BIO_FLAGS_BASE64_NO_NL  0x100
+
+/*
+ * This is used with memory BIOs: it means we shouldn't free up or change the
+ * data in any way.
+ */
+# define BIO_FLAGS_MEM_RDONLY    0x200
+
+typedef struct bio_st BIO;
+
+void BIO_set_flags(BIO *b, int flags);
+int BIO_test_flags(const BIO *b, int flags);
+void BIO_clear_flags(BIO *b, int flags);
+
+# define BIO_get_flags(b) BIO_test_flags(b, ~(0x0))
+# define BIO_set_retry_special(b) \
+                BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY))
+# define BIO_set_retry_read(b) \
+                BIO_set_flags(b, (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY))
+# define BIO_set_retry_write(b) \
+                BIO_set_flags(b, (BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY))
+
+/* These are normally used internally in BIOs */
+# define BIO_clear_retry_flags(b) \
+                BIO_clear_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
+# define BIO_get_retry_flags(b) \
+                BIO_test_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
+
+/* These should be used by the application to tell why we should retry */
+# define BIO_should_read(a)              BIO_test_flags(a, BIO_FLAGS_READ)
+# define BIO_should_write(a)             BIO_test_flags(a, BIO_FLAGS_WRITE)
+# define BIO_should_io_special(a)        BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL)
+# define BIO_retry_type(a)               BIO_test_flags(a, BIO_FLAGS_RWS)
+# define BIO_should_retry(a)             BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY)
+
+/*
+ * The next three are used in conjunction with the BIO_should_io_special()
+ * condition.  After this returns true, BIO *BIO_get_retry_BIO(BIO *bio, int
+ * *reason); will walk the BIO stack and return the 'reason' for the special
+ * and the offending BIO. Given a BIO, BIO_get_retry_reason(bio) will return
+ * the code.
+ */
+/*
+ * Returned from the SSL bio when the certificate retrieval code had an error
+ */
+# define BIO_RR_SSL_X509_LOOKUP          0x01
+/* Returned from the connect BIO when a connect would have blocked */
+# define BIO_RR_CONNECT                  0x02
+/* Returned from the accept BIO when an accept would have blocked */
+# define BIO_RR_ACCEPT                   0x03
+
+/* These are passed by the BIO callback */
+# define BIO_CB_FREE     0x01
+# define BIO_CB_READ     0x02
+# define BIO_CB_WRITE    0x03
+# define BIO_CB_PUTS     0x04
+# define BIO_CB_GETS     0x05
+# define BIO_CB_CTRL     0x06
+
+/*
+ * The callback is called before and after the underling operation, The
+ * BIO_CB_RETURN flag indicates if it is after the call
+ */
+# define BIO_CB_RETURN   0x80
+# define BIO_CB_return(a) ((a)|BIO_CB_RETURN)
+# define BIO_cb_pre(a)   (!((a)&BIO_CB_RETURN))
+# define BIO_cb_post(a)  ((a)&BIO_CB_RETURN)
+
+long (*BIO_get_callback(const BIO *b)) (struct bio_st *, int, const char *,
+                                        int, long, long);
+void BIO_set_callback(BIO *b,
+                      long (*callback) (struct bio_st *, int, const char *,
+                                        int, long, long));
+char *BIO_get_callback_arg(const BIO *b);
+void BIO_set_callback_arg(BIO *b, char *arg);
+
+const char *BIO_method_name(const BIO *b);
+int BIO_method_type(const BIO *b);
+
+typedef void bio_info_cb (struct bio_st *, int, const char *, int, long,
+                          long);
+
+typedef struct bio_method_st {
+    int type;
+    const char *name;
+    int (*bwrite) (BIO *, const char *, int);
+    int (*bread) (BIO *, char *, int);
+    int (*bputs) (BIO *, const char *);
+    int (*bgets) (BIO *, char *, int);
+    long (*ctrl) (BIO *, int, long, void *);
+    int (*create) (BIO *);
+    int (*destroy) (BIO *);
+    long (*callback_ctrl) (BIO *, int, bio_info_cb *);
+} BIO_METHOD;
+
+struct bio_st {
+    BIO_METHOD *method;
+    /* bio, mode, argp, argi, argl, ret */
+    long (*callback) (struct bio_st *, int, const char *, int, long, long);
+    char *cb_arg;               /* first argument for the callback */
+    int init;
+    int shutdown;
+    int flags;                  /* extra storage */
+    int retry_reason;
+    int num;
+    void *ptr;
+    struct bio_st *next_bio;    /* used by filter BIOs */
+    struct bio_st *prev_bio;    /* used by filter BIOs */
+    int references;
+    unsigned long num_read;
+    unsigned long num_write;
+    CRYPTO_EX_DATA ex_data;
+};
+
+DECLARE_STACK_OF(BIO)
+
+typedef struct bio_f_buffer_ctx_struct {
+    /*-
+     * Buffers are setup like this:
+     *
+     * <---------------------- size ----------------------->
+     * +---------------------------------------------------+
+     * | consumed | remaining          | free space        |
+     * +---------------------------------------------------+
+     * <-- off --><------- len ------->
+     */
+    /*- BIO *bio; *//*
+     * this is now in the BIO struct
+     */
+    int ibuf_size;              /* how big is the input buffer */
+    int obuf_size;              /* how big is the output buffer */
+    char *ibuf;                 /* the char array */
+    int ibuf_len;               /* how many bytes are in it */
+    int ibuf_off;               /* write/read offset */
+    char *obuf;                 /* the char array */
+    int obuf_len;               /* how many bytes are in it */
+    int obuf_off;               /* write/read offset */
+} BIO_F_BUFFER_CTX;
+
+/* Prefix and suffix callback in ASN1 BIO */
+typedef int asn1_ps_func (BIO *b, unsigned char **pbuf, int *plen,
+                          void *parg);
+
+# ifndef OPENSSL_NO_SCTP
+/* SCTP parameter structs */
+struct bio_dgram_sctp_sndinfo {
+    uint16_t snd_sid;
+    uint16_t snd_flags;
+    uint32_t snd_ppid;
+    uint32_t snd_context;
+};
+
+struct bio_dgram_sctp_rcvinfo {
+    uint16_t rcv_sid;
+    uint16_t rcv_ssn;
+    uint16_t rcv_flags;
+    uint32_t rcv_ppid;
+    uint32_t rcv_tsn;
+    uint32_t rcv_cumtsn;
+    uint32_t rcv_context;
+};
+
+struct bio_dgram_sctp_prinfo {
+    uint16_t pr_policy;
+    uint32_t pr_value;
+};
+# endif
+
+/* connect BIO stuff */
+# define BIO_CONN_S_BEFORE               1
+# define BIO_CONN_S_GET_IP               2
+# define BIO_CONN_S_GET_PORT             3
+# define BIO_CONN_S_CREATE_SOCKET        4
+# define BIO_CONN_S_CONNECT              5
+# define BIO_CONN_S_OK                   6
+# define BIO_CONN_S_BLOCKED_CONNECT      7
+# define BIO_CONN_S_NBIO                 8
+/*
+ * #define BIO_CONN_get_param_hostname BIO_ctrl
+ */
+
+# define BIO_C_SET_CONNECT                       100
+# define BIO_C_DO_STATE_MACHINE                  101
+# define BIO_C_SET_NBIO                          102
+# define BIO_C_SET_PROXY_PARAM                   103
+# define BIO_C_SET_FD                            104
+# define BIO_C_GET_FD                            105
+# define BIO_C_SET_FILE_PTR                      106
+# define BIO_C_GET_FILE_PTR                      107
+# define BIO_C_SET_FILENAME                      108
+# define BIO_C_SET_SSL                           109
+# define BIO_C_GET_SSL                           110
+# define BIO_C_SET_MD                            111
+# define BIO_C_GET_MD                            112
+# define BIO_C_GET_CIPHER_STATUS                 113
+# define BIO_C_SET_BUF_MEM                       114
+# define BIO_C_GET_BUF_MEM_PTR                   115
+# define BIO_C_GET_BUFF_NUM_LINES                116
+# define BIO_C_SET_BUFF_SIZE                     117
+# define BIO_C_SET_ACCEPT                        118
+# define BIO_C_SSL_MODE                          119
+# define BIO_C_GET_MD_CTX                        120
+# define BIO_C_GET_PROXY_PARAM                   121
+# define BIO_C_SET_BUFF_READ_DATA                122/* data to read first */
+# define BIO_C_GET_CONNECT                       123
+# define BIO_C_GET_ACCEPT                        124
+# define BIO_C_SET_SSL_RENEGOTIATE_BYTES         125
+# define BIO_C_GET_SSL_NUM_RENEGOTIATES          126
+# define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT       127
+# define BIO_C_FILE_SEEK                         128
+# define BIO_C_GET_CIPHER_CTX                    129
+# define BIO_C_SET_BUF_MEM_EOF_RETURN            130/* return end of input
+                                                     * value */
+# define BIO_C_SET_BIND_MODE                     131
+# define BIO_C_GET_BIND_MODE                     132
+# define BIO_C_FILE_TELL                         133
+# define BIO_C_GET_SOCKS                         134
+# define BIO_C_SET_SOCKS                         135
+
+# define BIO_C_SET_WRITE_BUF_SIZE                136/* for BIO_s_bio */
+# define BIO_C_GET_WRITE_BUF_SIZE                137
+# define BIO_C_MAKE_BIO_PAIR                     138
+# define BIO_C_DESTROY_BIO_PAIR                  139
+# define BIO_C_GET_WRITE_GUARANTEE               140
+# define BIO_C_GET_READ_REQUEST                  141
+# define BIO_C_SHUTDOWN_WR                       142
+# define BIO_C_NREAD0                            143
+# define BIO_C_NREAD                             144
+# define BIO_C_NWRITE0                           145
+# define BIO_C_NWRITE                            146
+# define BIO_C_RESET_READ_REQUEST                147
+# define BIO_C_SET_MD_CTX                        148
+
+# define BIO_C_SET_PREFIX                        149
+# define BIO_C_GET_PREFIX                        150
+# define BIO_C_SET_SUFFIX                        151
+# define BIO_C_GET_SUFFIX                        152
+
+# define BIO_C_SET_EX_ARG                        153
+# define BIO_C_GET_EX_ARG                        154
+
+# define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
+# define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
+
+/* BIO_s_connect() and BIO_s_socks4a_connect() */
+# define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name)
+# define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port)
+# define BIO_set_conn_ip(b,ip)     BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip)
+# define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port)
+# define BIO_get_conn_hostname(b)  BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
+# define BIO_get_conn_port(b)      BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
+# define BIO_get_conn_ip(b)               BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
+# define BIO_get_conn_int_port(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+
+# define BIO_set_nbio(b,n)       BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+
+/* BIO_s_accept() */
+# define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
+# define BIO_get_accept_port(b)  BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)
+/* #define BIO_set_nbio(b,n)    BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
+# define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?(void *)"a":NULL)
+# define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio)
+
+# define BIO_BIND_NORMAL                 0
+# define BIO_BIND_REUSEADDR_IF_UNUSED    1
+# define BIO_BIND_REUSEADDR              2
+# define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
+# define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
+
+/* BIO_s_accept() and BIO_s_connect() */
+# define BIO_do_connect(b)       BIO_do_handshake(b)
+# define BIO_do_accept(b)        BIO_do_handshake(b)
+# define BIO_do_handshake(b)     BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
+
+/* BIO_s_proxy_client() */
+# define BIO_set_url(b,url)      BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,0,(char *)(url))
+# define BIO_set_proxies(b,p)    BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,1,(char *)(p))
+/* BIO_set_nbio(b,n) */
+# define BIO_set_filter_bio(b,s) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,2,(char *)(s))
+/* BIO *BIO_get_filter_bio(BIO *bio); */
+# define BIO_set_proxy_cb(b,cb) BIO_callback_ctrl(b,BIO_C_SET_PROXY_PARAM,3,(void *(*cb)()))
+# define BIO_set_proxy_header(b,sk) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,4,(char *)sk)
+# define BIO_set_no_connect_return(b,bool) BIO_int_ctrl(b,BIO_C_SET_PROXY_PARAM,5,bool)
+
+# define BIO_get_proxy_header(b,skp) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,0,(char *)skp)
+# define BIO_get_proxies(b,pxy_p) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,1,(char *)(pxy_p))
+# define BIO_get_url(b,url)      BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url))
+# define BIO_get_no_connect_return(b)    BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL)
+
+/* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */
+# define BIO_set_fd(b,fd,c)      BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
+# define BIO_get_fd(b,c)         BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
+
+/* BIO_s_file() */
+# define BIO_set_fp(b,fp,c)      BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp)
+# define BIO_get_fp(b,fpp)       BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp)
+
+/* BIO_s_fd() and BIO_s_file() */
+# define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL)
+# define BIO_tell(b)     (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)
+
+/*
+ * name is cast to lose const, but might be better to route through a
+ * function so we can do it safely
+ */
+# ifdef CONST_STRICT
+/*
+ * If you are wondering why this isn't defined, its because CONST_STRICT is
+ * purely a compile-time kludge to allow const to be checked.
+ */
+int BIO_read_filename(BIO *b, const char *name);
+# else
+#  define BIO_read_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
+                BIO_CLOSE|BIO_FP_READ,(char *)name)
+# endif
+# define BIO_write_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
+                BIO_CLOSE|BIO_FP_WRITE,name)
+# define BIO_append_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
+                BIO_CLOSE|BIO_FP_APPEND,name)
+# define BIO_rw_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
+                BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name)
+
+/*
+ * WARNING WARNING, this ups the reference count on the read bio of the SSL
+ * structure.  This is because the ssl read BIO is now pointed to by the
+ * next_bio field in the bio.  So when you free the BIO, make sure you are
+ * doing a BIO_free_all() to catch the underlying BIO.
+ */
+# define BIO_set_ssl(b,ssl,c)    BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl)
+# define BIO_get_ssl(b,sslp)     BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
+# define BIO_set_ssl_mode(b,client)      BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
+# define BIO_set_ssl_renegotiate_bytes(b,num) \
+        BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
+# define BIO_get_num_renegotiates(b) \
+        BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL);
+# define BIO_set_ssl_renegotiate_timeout(b,seconds) \
+        BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
+
+/* defined in evp.h */
+/* #define BIO_set_md(b,md)     BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */
+
+# define BIO_get_mem_data(b,pp)  BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp)
+# define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)bm)
+# define BIO_get_mem_ptr(b,pp)   BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0,(char *)pp)
+# define BIO_set_mem_eof_return(b,v) \
+                                BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL)
+
+/* For the BIO_f_buffer() type */
+# define BIO_get_buffer_num_lines(b)     BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL)
+# define BIO_set_buffer_size(b,size)     BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL)
+# define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0)
+# define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1)
+# define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf)
+
+/* Don't use the next one unless you know what you are doing :-) */
+# define BIO_dup_state(b,ret)    BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)(ret))
+
+# define BIO_reset(b)            (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL)
+# define BIO_eof(b)              (int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL)
+# define BIO_set_close(b,c)      (int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL)
+# define BIO_get_close(b)        (int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL)
+# define BIO_pending(b)          (int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL)
+# define BIO_wpending(b)         (int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL)
+/* ...pending macros have inappropriate return type */
+size_t BIO_ctrl_pending(BIO *b);
+size_t BIO_ctrl_wpending(BIO *b);
+# define BIO_flush(b)            (int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL)
+# define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0, \
+                                                   cbp)
+# define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,cb)
+
+/* For the BIO_f_buffer() type */
+# define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL)
+
+/* For BIO_s_bio() */
+# define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL)
+# define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL)
+# define BIO_make_bio_pair(b1,b2)   (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2)
+# define BIO_destroy_bio_pair(b)    (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL)
+# define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL)
+/* macros with inappropriate type -- but ...pending macros use int too: */
+# define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL)
+# define BIO_get_read_request(b)    (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL)
+size_t BIO_ctrl_get_write_guarantee(BIO *b);
+size_t BIO_ctrl_get_read_request(BIO *b);
+int BIO_ctrl_reset_read_request(BIO *b);
+
+/* ctrl macros for dgram */
+# define BIO_ctrl_dgram_connect(b,peer)  \
+                     (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)peer)
+# define BIO_ctrl_set_connected(b, state, peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, state, (char *)peer)
+# define BIO_dgram_recv_timedout(b) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL)
+# define BIO_dgram_send_timedout(b) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL)
+# define BIO_dgram_get_peer(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)peer)
+# define BIO_dgram_set_peer(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer)
+# define BIO_dgram_get_mtu_overhead(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
+
+/* These two aren't currently implemented */
+/* int BIO_get_ex_num(BIO *bio); */
+/* void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)()); */
+int BIO_set_ex_data(BIO *bio, int idx, void *data);
+void *BIO_get_ex_data(BIO *bio, int idx);
+int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+                         CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+unsigned long BIO_number_read(BIO *bio);
+unsigned long BIO_number_written(BIO *bio);
+
+/* For BIO_f_asn1() */
+int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix,
+                        asn1_ps_func *prefix_free);
+int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix,
+                        asn1_ps_func **pprefix_free);
+int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix,
+                        asn1_ps_func *suffix_free);
+int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix,
+                        asn1_ps_func **psuffix_free);
+
+# ifndef OPENSSL_NO_FP_API
+BIO_METHOD *BIO_s_file(void);
+BIO *BIO_new_file(const char *filename, const char *mode);
+BIO *BIO_new_fp(FILE *stream, int close_flag);
+#  define BIO_s_file_internal    BIO_s_file
+# endif
+BIO *BIO_new(BIO_METHOD *type);
+int BIO_set(BIO *a, BIO_METHOD *type);
+int BIO_free(BIO *a);
+void BIO_vfree(BIO *a);
+int BIO_read(BIO *b, void *data, int len);
+int BIO_gets(BIO *bp, char *buf, int size);
+int BIO_write(BIO *b, const void *data, int len);
+int BIO_puts(BIO *bp, const char *buf);
+int BIO_indent(BIO *b, int indent, int max);
+long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
+long BIO_callback_ctrl(BIO *b, int cmd,
+                       void (*fp) (struct bio_st *, int, const char *, int,
+                                   long, long));
+char *BIO_ptr_ctrl(BIO *bp, int cmd, long larg);
+long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg);
+BIO *BIO_push(BIO *b, BIO *append);
+BIO *BIO_pop(BIO *b);
+void BIO_free_all(BIO *a);
+BIO *BIO_find_type(BIO *b, int bio_type);
+BIO *BIO_next(BIO *b);
+BIO *BIO_get_retry_BIO(BIO *bio, int *reason);
+int BIO_get_retry_reason(BIO *bio);
+BIO *BIO_dup_chain(BIO *in);
+
+int BIO_nread0(BIO *bio, char **buf);
+int BIO_nread(BIO *bio, char **buf, int num);
+int BIO_nwrite0(BIO *bio, char **buf);
+int BIO_nwrite(BIO *bio, char **buf, int num);
+
+long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi,
+                        long argl, long ret);
+
+BIO_METHOD *BIO_s_mem(void);
+BIO *BIO_new_mem_buf(void *buf, int len);
+BIO_METHOD *BIO_s_socket(void);
+BIO_METHOD *BIO_s_connect(void);
+BIO_METHOD *BIO_s_accept(void);
+BIO_METHOD *BIO_s_fd(void);
+# ifndef OPENSSL_SYS_OS2
+BIO_METHOD *BIO_s_log(void);
+# endif
+BIO_METHOD *BIO_s_bio(void);
+BIO_METHOD *BIO_s_null(void);
+BIO_METHOD *BIO_f_null(void);
+BIO_METHOD *BIO_f_buffer(void);
+# ifdef OPENSSL_SYS_VMS
+BIO_METHOD *BIO_f_linebuffer(void);
+# endif
+BIO_METHOD *BIO_f_nbio_test(void);
+# ifndef OPENSSL_NO_DGRAM
+BIO_METHOD *BIO_s_datagram(void);
+#  ifndef OPENSSL_NO_SCTP
+BIO_METHOD *BIO_s_datagram_sctp(void);
+#  endif
+# endif
+
+/* BIO_METHOD *BIO_f_ber(void); */
+
+int BIO_sock_should_retry(int i);
+int BIO_sock_non_fatal_error(int error);
+int BIO_dgram_non_fatal_error(int error);
+
+int BIO_fd_should_retry(int i);
+int BIO_fd_non_fatal_error(int error);
+int BIO_dump_cb(int (*cb) (const void *data, size_t len, void *u),
+                void *u, const char *s, int len);
+int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u),
+                       void *u, const char *s, int len, int indent);
+int BIO_dump(BIO *b, const char *bytes, int len);
+int BIO_dump_indent(BIO *b, const char *bytes, int len, int indent);
+# ifndef OPENSSL_NO_FP_API
+int BIO_dump_fp(FILE *fp, const char *s, int len);
+int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent);
+# endif
+struct hostent *BIO_gethostbyname(const char *name);
+/*-
+ * We might want a thread-safe interface too:
+ * struct hostent *BIO_gethostbyname_r(const char *name,
+ *     struct hostent *result, void *buffer, size_t buflen);
+ * or something similar (caller allocates a struct hostent,
+ * pointed to by "result", and additional buffer space for the various
+ * substructures; if the buffer does not suffice, NULL is returned
+ * and an appropriate error code is set).
+ */
+int BIO_sock_error(int sock);
+int BIO_socket_ioctl(int fd, long type, void *arg);
+int BIO_socket_nbio(int fd, int mode);
+int BIO_get_port(const char *str, unsigned short *port_ptr);
+int BIO_get_host_ip(const char *str, unsigned char *ip);
+int BIO_get_accept_socket(char *host_port, int mode);
+int BIO_accept(int sock, char **ip_port);
+int BIO_sock_init(void);
+void BIO_sock_cleanup(void);
+int BIO_set_tcp_ndelay(int sock, int turn_on);
+
+BIO *BIO_new_socket(int sock, int close_flag);
+BIO *BIO_new_dgram(int fd, int close_flag);
+# ifndef OPENSSL_NO_SCTP
+BIO *BIO_new_dgram_sctp(int fd, int close_flag);
+int BIO_dgram_is_sctp(BIO *bio);
+int BIO_dgram_sctp_notification_cb(BIO *b,
+                                   void (*handle_notifications) (BIO *bio,
+                                                                 void
+                                                                 *context,
+                                                                 void *buf),
+                                   void *context);
+int BIO_dgram_sctp_wait_for_dry(BIO *b);
+int BIO_dgram_sctp_msg_waiting(BIO *b);
+# endif
+BIO *BIO_new_fd(int fd, int close_flag);
+BIO *BIO_new_connect(char *host_port);
+BIO *BIO_new_accept(char *host_port);
+
+int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
+                     BIO **bio2, size_t writebuf2);
+/*
+ * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
+ * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
+ * value.
+ */
+
+void BIO_copy_next_retry(BIO *b);
+
+/*
+ * long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);
+ */
+
+# ifdef __GNUC__
+#  define __bio_h__attr__ __attribute__
+# else
+#  define __bio_h__attr__(x)
+# endif
+int BIO_printf(BIO *bio, const char *format, ...)
+__bio_h__attr__((__format__(__printf__, 2, 3)));
+int BIO_vprintf(BIO *bio, const char *format, va_list args)
+__bio_h__attr__((__format__(__printf__, 2, 0)));
+int BIO_snprintf(char *buf, size_t n, const char *format, ...)
+__bio_h__attr__((__format__(__printf__, 3, 4)));
+int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
+__bio_h__attr__((__format__(__printf__, 3, 0)));
+# undef __bio_h__attr__
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_BIO_strings(void);
+
+/* Error codes for the BIO functions. */
+
+/* Function codes. */
+# define BIO_F_ACPT_STATE                                 100
+# define BIO_F_BIO_ACCEPT                                 101
+# define BIO_F_BIO_BER_GET_HEADER                         102
+# define BIO_F_BIO_CALLBACK_CTRL                          131
+# define BIO_F_BIO_CTRL                                   103
+# define BIO_F_BIO_GETHOSTBYNAME                          120
+# define BIO_F_BIO_GETS                                   104
+# define BIO_F_BIO_GET_ACCEPT_SOCKET                      105
+# define BIO_F_BIO_GET_HOST_IP                            106
+# define BIO_F_BIO_GET_PORT                               107
+# define BIO_F_BIO_MAKE_PAIR                              121
+# define BIO_F_BIO_NEW                                    108
+# define BIO_F_BIO_NEW_FILE                               109
+# define BIO_F_BIO_NEW_MEM_BUF                            126
+# define BIO_F_BIO_NREAD                                  123
+# define BIO_F_BIO_NREAD0                                 124
+# define BIO_F_BIO_NWRITE                                 125
+# define BIO_F_BIO_NWRITE0                                122
+# define BIO_F_BIO_PUTS                                   110
+# define BIO_F_BIO_READ                                   111
+# define BIO_F_BIO_SOCK_INIT                              112
+# define BIO_F_BIO_WRITE                                  113
+# define BIO_F_BUFFER_CTRL                                114
+# define BIO_F_CONN_CTRL                                  127
+# define BIO_F_CONN_STATE                                 115
+# define BIO_F_DGRAM_SCTP_READ                            132
+# define BIO_F_DGRAM_SCTP_WRITE                           133
+# define BIO_F_FILE_CTRL                                  116
+# define BIO_F_FILE_READ                                  130
+# define BIO_F_LINEBUFFER_CTRL                            129
+# define BIO_F_MEM_READ                                   128
+# define BIO_F_MEM_WRITE                                  117
+# define BIO_F_SSL_NEW                                    118
+# define BIO_F_WSASTARTUP                                 119
+
+/* Reason codes. */
+# define BIO_R_ACCEPT_ERROR                               100
+# define BIO_R_BAD_FOPEN_MODE                             101
+# define BIO_R_BAD_HOSTNAME_LOOKUP                        102
+# define BIO_R_BROKEN_PIPE                                124
+# define BIO_R_CONNECT_ERROR                              103
+# define BIO_R_EOF_ON_MEMORY_BIO                          127
+# define BIO_R_ERROR_SETTING_NBIO                         104
+# define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET      105
+# define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET        106
+# define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET          107
+# define BIO_R_INVALID_ARGUMENT                           125
+# define BIO_R_INVALID_IP_ADDRESS                         108
+# define BIO_R_IN_USE                                     123
+# define BIO_R_KEEPALIVE                                  109
+# define BIO_R_NBIO_CONNECT_ERROR                         110
+# define BIO_R_NO_ACCEPT_PORT_SPECIFIED                   111
+# define BIO_R_NO_HOSTNAME_SPECIFIED                      112
+# define BIO_R_NO_PORT_DEFINED                            113
+# define BIO_R_NO_PORT_SPECIFIED                          114
+# define BIO_R_NO_SUCH_FILE                               128
+# define BIO_R_NULL_PARAMETER                             115
+# define BIO_R_TAG_MISMATCH                               116
+# define BIO_R_UNABLE_TO_BIND_SOCKET                      117
+# define BIO_R_UNABLE_TO_CREATE_SOCKET                    118
+# define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
+# define BIO_R_UNINITIALIZED                              120
+# define BIO_R_UNSUPPORTED_METHOD                         121
+# define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
+# define BIO_R_WSASTARTUP                                 122
+
+#ifdef  __cplusplus
+}
+#endif
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/bio/bss_bio.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bss_bio.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/bio/bss_bio.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,886 +0,0 @@
-/* crypto/bio/bss_bio.c  -*- Mode: C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/*
- * Special method for a BIO where the other endpoint is also a BIO of this
- * kind, handled by the same thread (i.e. the "peer" is actually ourselves,
- * wearing a different hat). Such "BIO pairs" are mainly for using the SSL
- * library with I/O interfaces for which no specific BIO method is available.
- * See ssl/ssltest.c for some hints on how this can be used.
- */
-
-/* BIO_DEBUG implies BIO_PAIR_DEBUG */
-#ifdef BIO_DEBUG
-# ifndef BIO_PAIR_DEBUG
-#  define BIO_PAIR_DEBUG
-# endif
-#endif
-
-/* disable assert() unless BIO_PAIR_DEBUG has been defined */
-#ifndef BIO_PAIR_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-
-#include <assert.h>
-#include <limits.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/crypto.h>
-
-#include "e_os.h"
-
-/* VxWorks defines SSIZE_MAX with an empty value causing compile errors */
-#if defined(OPENSSL_SYS_VXWORKS)
-# undef SSIZE_MAX
-#endif
-#ifndef SSIZE_MAX
-# define SSIZE_MAX INT_MAX
-#endif
-
-static int bio_new(BIO *bio);
-static int bio_free(BIO *bio);
-static int bio_read(BIO *bio, char *buf, int size);
-static int bio_write(BIO *bio, const char *buf, int num);
-static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr);
-static int bio_puts(BIO *bio, const char *str);
-
-static int bio_make_pair(BIO *bio1, BIO *bio2);
-static void bio_destroy_pair(BIO *bio);
-
-static BIO_METHOD methods_biop = {
-    BIO_TYPE_BIO,
-    "BIO pair",
-    bio_write,
-    bio_read,
-    bio_puts,
-    NULL /* no bio_gets */ ,
-    bio_ctrl,
-    bio_new,
-    bio_free,
-    NULL                        /* no bio_callback_ctrl */
-};
-
-BIO_METHOD *BIO_s_bio(void)
-{
-    return &methods_biop;
-}
-
-struct bio_bio_st {
-    BIO *peer;                  /* NULL if buf == NULL. If peer != NULL, then
-                                 * peer->ptr is also a bio_bio_st, and its
-                                 * "peer" member points back to us. peer !=
-                                 * NULL iff init != 0 in the BIO. */
-    /* This is for what we write (i.e. reading uses peer's struct): */
-    int closed;                 /* valid iff peer != NULL */
-    size_t len;                 /* valid iff buf != NULL; 0 if peer == NULL */
-    size_t offset;              /* valid iff buf != NULL; 0 if len == 0 */
-    size_t size;
-    char *buf;                  /* "size" elements (if != NULL) */
-    size_t request;             /* valid iff peer != NULL; 0 if len != 0,
-                                 * otherwise set by peer to number of bytes
-                                 * it (unsuccessfully) tried to read, never
-                                 * more than buffer space (size-len)
-                                 * warrants. */
-};
-
-static int bio_new(BIO *bio)
-{
-    struct bio_bio_st *b;
-
-    b = OPENSSL_malloc(sizeof *b);
-    if (b == NULL)
-        return 0;
-
-    b->peer = NULL;
-    /* enough for one TLS record (just a default) */
-    b->size = 17 * 1024;
-    b->buf = NULL;
-
-    bio->ptr = b;
-    return 1;
-}
-
-static int bio_free(BIO *bio)
-{
-    struct bio_bio_st *b;
-
-    if (bio == NULL)
-        return 0;
-    b = bio->ptr;
-
-    assert(b != NULL);
-
-    if (b->peer)
-        bio_destroy_pair(bio);
-
-    if (b->buf != NULL) {
-        OPENSSL_free(b->buf);
-    }
-
-    OPENSSL_free(b);
-
-    return 1;
-}
-
-static int bio_read(BIO *bio, char *buf, int size_)
-{
-    size_t size = size_;
-    size_t rest;
-    struct bio_bio_st *b, *peer_b;
-
-    BIO_clear_retry_flags(bio);
-
-    if (!bio->init)
-        return 0;
-
-    b = bio->ptr;
-    assert(b != NULL);
-    assert(b->peer != NULL);
-    peer_b = b->peer->ptr;
-    assert(peer_b != NULL);
-    assert(peer_b->buf != NULL);
-
-    peer_b->request = 0;        /* will be set in "retry_read" situation */
-
-    if (buf == NULL || size == 0)
-        return 0;
-
-    if (peer_b->len == 0) {
-        if (peer_b->closed)
-            return 0;           /* writer has closed, and no data is left */
-        else {
-            BIO_set_retry_read(bio); /* buffer is empty */
-            if (size <= peer_b->size)
-                peer_b->request = size;
-            else
-                /*
-                 * don't ask for more than the peer can deliver in one write
-                 */
-                peer_b->request = peer_b->size;
-            return -1;
-        }
-    }
-
-    /* we can read */
-    if (peer_b->len < size)
-        size = peer_b->len;
-
-    /* now read "size" bytes */
-
-    rest = size;
-
-    assert(rest > 0);
-    do {                        /* one or two iterations */
-        size_t chunk;
-
-        assert(rest <= peer_b->len);
-        if (peer_b->offset + rest <= peer_b->size)
-            chunk = rest;
-        else
-            /* wrap around ring buffer */
-            chunk = peer_b->size - peer_b->offset;
-        assert(peer_b->offset + chunk <= peer_b->size);
-
-        memcpy(buf, peer_b->buf + peer_b->offset, chunk);
-
-        peer_b->len -= chunk;
-        if (peer_b->len) {
-            peer_b->offset += chunk;
-            assert(peer_b->offset <= peer_b->size);
-            if (peer_b->offset == peer_b->size)
-                peer_b->offset = 0;
-            buf += chunk;
-        } else {
-            /* buffer now empty, no need to advance "buf" */
-            assert(chunk == rest);
-            peer_b->offset = 0;
-        }
-        rest -= chunk;
-    }
-    while (rest);
-
-    return size;
-}
-
-/*-
- * non-copying interface: provide pointer to available data in buffer
- *    bio_nread0:  return number of available bytes
- *    bio_nread:   also advance index
- * (example usage:  bio_nread0(), read from buffer, bio_nread()
- *  or just         bio_nread(), read from buffer)
- */
-/*
- * WARNING: The non-copying interface is largely untested as of yet and may
- * contain bugs.
- */
-static ossl_ssize_t bio_nread0(BIO *bio, char **buf)
-{
-    struct bio_bio_st *b, *peer_b;
-    ossl_ssize_t num;
-
-    BIO_clear_retry_flags(bio);
-
-    if (!bio->init)
-        return 0;
-
-    b = bio->ptr;
-    assert(b != NULL);
-    assert(b->peer != NULL);
-    peer_b = b->peer->ptr;
-    assert(peer_b != NULL);
-    assert(peer_b->buf != NULL);
-
-    peer_b->request = 0;
-
-    if (peer_b->len == 0) {
-        char dummy;
-
-        /* avoid code duplication -- nothing available for reading */
-        return bio_read(bio, &dummy, 1); /* returns 0 or -1 */
-    }
-
-    num = peer_b->len;
-    if (peer_b->size < peer_b->offset + num)
-        /* no ring buffer wrap-around for non-copying interface */
-        num = peer_b->size - peer_b->offset;
-    assert(num > 0);
-
-    if (buf != NULL)
-        *buf = peer_b->buf + peer_b->offset;
-    return num;
-}
-
-static ossl_ssize_t bio_nread(BIO *bio, char **buf, size_t num_)
-{
-    struct bio_bio_st *b, *peer_b;
-    ossl_ssize_t num, available;
-
-    if (num_ > SSIZE_MAX)
-        num = SSIZE_MAX;
-    else
-        num = (ossl_ssize_t) num_;
-
-    available = bio_nread0(bio, buf);
-    if (num > available)
-        num = available;
-    if (num <= 0)
-        return num;
-
-    b = bio->ptr;
-    peer_b = b->peer->ptr;
-
-    peer_b->len -= num;
-    if (peer_b->len) {
-        peer_b->offset += num;
-        assert(peer_b->offset <= peer_b->size);
-        if (peer_b->offset == peer_b->size)
-            peer_b->offset = 0;
-    } else
-        peer_b->offset = 0;
-
-    return num;
-}
-
-static int bio_write(BIO *bio, const char *buf, int num_)
-{
-    size_t num = num_;
-    size_t rest;
-    struct bio_bio_st *b;
-
-    BIO_clear_retry_flags(bio);
-
-    if (!bio->init || buf == NULL || num == 0)
-        return 0;
-
-    b = bio->ptr;
-    assert(b != NULL);
-    assert(b->peer != NULL);
-    assert(b->buf != NULL);
-
-    b->request = 0;
-    if (b->closed) {
-        /* we already closed */
-        BIOerr(BIO_F_BIO_WRITE, BIO_R_BROKEN_PIPE);
-        return -1;
-    }
-
-    assert(b->len <= b->size);
-
-    if (b->len == b->size) {
-        BIO_set_retry_write(bio); /* buffer is full */
-        return -1;
-    }
-
-    /* we can write */
-    if (num > b->size - b->len)
-        num = b->size - b->len;
-
-    /* now write "num" bytes */
-
-    rest = num;
-
-    assert(rest > 0);
-    do {                        /* one or two iterations */
-        size_t write_offset;
-        size_t chunk;
-
-        assert(b->len + rest <= b->size);
-
-        write_offset = b->offset + b->len;
-        if (write_offset >= b->size)
-            write_offset -= b->size;
-        /* b->buf[write_offset] is the first byte we can write to. */
-
-        if (write_offset + rest <= b->size)
-            chunk = rest;
-        else
-            /* wrap around ring buffer */
-            chunk = b->size - write_offset;
-
-        memcpy(b->buf + write_offset, buf, chunk);
-
-        b->len += chunk;
-
-        assert(b->len <= b->size);
-
-        rest -= chunk;
-        buf += chunk;
-    }
-    while (rest);
-
-    return num;
-}
-
-/*-
- * non-copying interface: provide pointer to region to write to
- *   bio_nwrite0:  check how much space is available
- *   bio_nwrite:   also increase length
- * (example usage:  bio_nwrite0(), write to buffer, bio_nwrite()
- *  or just         bio_nwrite(), write to buffer)
- */
-static ossl_ssize_t bio_nwrite0(BIO *bio, char **buf)
-{
-    struct bio_bio_st *b;
-    size_t num;
-    size_t write_offset;
-
-    BIO_clear_retry_flags(bio);
-
-    if (!bio->init)
-        return 0;
-
-    b = bio->ptr;
-    assert(b != NULL);
-    assert(b->peer != NULL);
-    assert(b->buf != NULL);
-
-    b->request = 0;
-    if (b->closed) {
-        BIOerr(BIO_F_BIO_NWRITE0, BIO_R_BROKEN_PIPE);
-        return -1;
-    }
-
-    assert(b->len <= b->size);
-
-    if (b->len == b->size) {
-        BIO_set_retry_write(bio);
-        return -1;
-    }
-
-    num = b->size - b->len;
-    write_offset = b->offset + b->len;
-    if (write_offset >= b->size)
-        write_offset -= b->size;
-    if (write_offset + num > b->size)
-        /*
-         * no ring buffer wrap-around for non-copying interface (to fulfil
-         * the promise by BIO_ctrl_get_write_guarantee, BIO_nwrite may have
-         * to be called twice)
-         */
-        num = b->size - write_offset;
-
-    if (buf != NULL)
-        *buf = b->buf + write_offset;
-    assert(write_offset + num <= b->size);
-
-    return num;
-}
-
-static ossl_ssize_t bio_nwrite(BIO *bio, char **buf, size_t num_)
-{
-    struct bio_bio_st *b;
-    ossl_ssize_t num, space;
-
-    if (num_ > SSIZE_MAX)
-        num = SSIZE_MAX;
-    else
-        num = (ossl_ssize_t) num_;
-
-    space = bio_nwrite0(bio, buf);
-    if (num > space)
-        num = space;
-    if (num <= 0)
-        return num;
-    b = bio->ptr;
-    assert(b != NULL);
-    b->len += num;
-    assert(b->len <= b->size);
-
-    return num;
-}
-
-static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
-{
-    long ret;
-    struct bio_bio_st *b = bio->ptr;
-
-    assert(b != NULL);
-
-    switch (cmd) {
-        /* specific CTRL codes */
-
-    case BIO_C_SET_WRITE_BUF_SIZE:
-        if (b->peer) {
-            BIOerr(BIO_F_BIO_CTRL, BIO_R_IN_USE);
-            ret = 0;
-        } else if (num == 0) {
-            BIOerr(BIO_F_BIO_CTRL, BIO_R_INVALID_ARGUMENT);
-            ret = 0;
-        } else {
-            size_t new_size = num;
-
-            if (b->size != new_size) {
-                if (b->buf) {
-                    OPENSSL_free(b->buf);
-                    b->buf = NULL;
-                }
-                b->size = new_size;
-            }
-            ret = 1;
-        }
-        break;
-
-    case BIO_C_GET_WRITE_BUF_SIZE:
-        ret = (long)b->size;
-        break;
-
-    case BIO_C_MAKE_BIO_PAIR:
-        {
-            BIO *other_bio = ptr;
-
-            if (bio_make_pair(bio, other_bio))
-                ret = 1;
-            else
-                ret = 0;
-        }
-        break;
-
-    case BIO_C_DESTROY_BIO_PAIR:
-        /*
-         * Affects both BIOs in the pair -- call just once! Or let
-         * BIO_free(bio1); BIO_free(bio2); do the job.
-         */
-        bio_destroy_pair(bio);
-        ret = 1;
-        break;
-
-    case BIO_C_GET_WRITE_GUARANTEE:
-        /*
-         * How many bytes can the caller feed to the next write without
-         * having to keep any?
-         */
-        if (b->peer == NULL || b->closed)
-            ret = 0;
-        else
-            ret = (long)b->size - b->len;
-        break;
-
-    case BIO_C_GET_READ_REQUEST:
-        /*
-         * If the peer unsuccessfully tried to read, how many bytes were
-         * requested? (As with BIO_CTRL_PENDING, that number can usually be
-         * treated as boolean.)
-         */
-        ret = (long)b->request;
-        break;
-
-    case BIO_C_RESET_READ_REQUEST:
-        /*
-         * Reset request.  (Can be useful after read attempts at the other
-         * side that are meant to be non-blocking, e.g. when probing SSL_read
-         * to see if any data is available.)
-         */
-        b->request = 0;
-        ret = 1;
-        break;
-
-    case BIO_C_SHUTDOWN_WR:
-        /* similar to shutdown(..., SHUT_WR) */
-        b->closed = 1;
-        ret = 1;
-        break;
-
-    case BIO_C_NREAD0:
-        /* prepare for non-copying read */
-        ret = (long)bio_nread0(bio, ptr);
-        break;
-
-    case BIO_C_NREAD:
-        /* non-copying read */
-        ret = (long)bio_nread(bio, ptr, (size_t)num);
-        break;
-
-    case BIO_C_NWRITE0:
-        /* prepare for non-copying write */
-        ret = (long)bio_nwrite0(bio, ptr);
-        break;
-
-    case BIO_C_NWRITE:
-        /* non-copying write */
-        ret = (long)bio_nwrite(bio, ptr, (size_t)num);
-        break;
-
-        /* standard CTRL codes follow */
-
-    case BIO_CTRL_RESET:
-        if (b->buf != NULL) {
-            b->len = 0;
-            b->offset = 0;
-        }
-        ret = 0;
-        break;
-
-    case BIO_CTRL_GET_CLOSE:
-        ret = bio->shutdown;
-        break;
-
-    case BIO_CTRL_SET_CLOSE:
-        bio->shutdown = (int)num;
-        ret = 1;
-        break;
-
-    case BIO_CTRL_PENDING:
-        if (b->peer != NULL) {
-            struct bio_bio_st *peer_b = b->peer->ptr;
-
-            ret = (long)peer_b->len;
-        } else
-            ret = 0;
-        break;
-
-    case BIO_CTRL_WPENDING:
-        if (b->buf != NULL)
-            ret = (long)b->len;
-        else
-            ret = 0;
-        break;
-
-    case BIO_CTRL_DUP:
-        /* See BIO_dup_chain for circumstances we have to expect. */
-        {
-            BIO *other_bio = ptr;
-            struct bio_bio_st *other_b;
-
-            assert(other_bio != NULL);
-            other_b = other_bio->ptr;
-            assert(other_b != NULL);
-
-            assert(other_b->buf == NULL); /* other_bio is always fresh */
-
-            other_b->size = b->size;
-        }
-
-        ret = 1;
-        break;
-
-    case BIO_CTRL_FLUSH:
-        ret = 1;
-        break;
-
-    case BIO_CTRL_EOF:
-        {
-            BIO *other_bio = ptr;
-
-            if (other_bio) {
-                struct bio_bio_st *other_b = other_bio->ptr;
-
-                assert(other_b != NULL);
-                ret = other_b->len == 0 && other_b->closed;
-            } else
-                ret = 1;
-        }
-        break;
-
-    default:
-        ret = 0;
-    }
-    return ret;
-}
-
-static int bio_puts(BIO *bio, const char *str)
-{
-    return bio_write(bio, str, strlen(str));
-}
-
-static int bio_make_pair(BIO *bio1, BIO *bio2)
-{
-    struct bio_bio_st *b1, *b2;
-
-    assert(bio1 != NULL);
-    assert(bio2 != NULL);
-
-    b1 = bio1->ptr;
-    b2 = bio2->ptr;
-
-    if (b1->peer != NULL || b2->peer != NULL) {
-        BIOerr(BIO_F_BIO_MAKE_PAIR, BIO_R_IN_USE);
-        return 0;
-    }
-
-    if (b1->buf == NULL) {
-        b1->buf = OPENSSL_malloc(b1->size);
-        if (b1->buf == NULL) {
-            BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
-            return 0;
-        }
-        b1->len = 0;
-        b1->offset = 0;
-    }
-
-    if (b2->buf == NULL) {
-        b2->buf = OPENSSL_malloc(b2->size);
-        if (b2->buf == NULL) {
-            BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
-            return 0;
-        }
-        b2->len = 0;
-        b2->offset = 0;
-    }
-
-    b1->peer = bio2;
-    b1->closed = 0;
-    b1->request = 0;
-    b2->peer = bio1;
-    b2->closed = 0;
-    b2->request = 0;
-
-    bio1->init = 1;
-    bio2->init = 1;
-
-    return 1;
-}
-
-static void bio_destroy_pair(BIO *bio)
-{
-    struct bio_bio_st *b = bio->ptr;
-
-    if (b != NULL) {
-        BIO *peer_bio = b->peer;
-
-        if (peer_bio != NULL) {
-            struct bio_bio_st *peer_b = peer_bio->ptr;
-
-            assert(peer_b != NULL);
-            assert(peer_b->peer == bio);
-
-            peer_b->peer = NULL;
-            peer_bio->init = 0;
-            assert(peer_b->buf != NULL);
-            peer_b->len = 0;
-            peer_b->offset = 0;
-
-            b->peer = NULL;
-            bio->init = 0;
-            assert(b->buf != NULL);
-            b->len = 0;
-            b->offset = 0;
-        }
-    }
-}
-
-/* Exported convenience functions */
-int BIO_new_bio_pair(BIO **bio1_p, size_t writebuf1,
-                     BIO **bio2_p, size_t writebuf2)
-{
-    BIO *bio1 = NULL, *bio2 = NULL;
-    long r;
-    int ret = 0;
-
-    bio1 = BIO_new(BIO_s_bio());
-    if (bio1 == NULL)
-        goto err;
-    bio2 = BIO_new(BIO_s_bio());
-    if (bio2 == NULL)
-        goto err;
-
-    if (writebuf1) {
-        r = BIO_set_write_buf_size(bio1, writebuf1);
-        if (!r)
-            goto err;
-    }
-    if (writebuf2) {
-        r = BIO_set_write_buf_size(bio2, writebuf2);
-        if (!r)
-            goto err;
-    }
-
-    r = BIO_make_bio_pair(bio1, bio2);
-    if (!r)
-        goto err;
-    ret = 1;
-
- err:
-    if (ret == 0) {
-        if (bio1) {
-            BIO_free(bio1);
-            bio1 = NULL;
-        }
-        if (bio2) {
-            BIO_free(bio2);
-            bio2 = NULL;
-        }
-    }
-
-    *bio1_p = bio1;
-    *bio2_p = bio2;
-    return ret;
-}
-
-size_t BIO_ctrl_get_write_guarantee(BIO *bio)
-{
-    return BIO_ctrl(bio, BIO_C_GET_WRITE_GUARANTEE, 0, NULL);
-}
-
-size_t BIO_ctrl_get_read_request(BIO *bio)
-{
-    return BIO_ctrl(bio, BIO_C_GET_READ_REQUEST, 0, NULL);
-}
-
-int BIO_ctrl_reset_read_request(BIO *bio)
-{
-    return (BIO_ctrl(bio, BIO_C_RESET_READ_REQUEST, 0, NULL) != 0);
-}
-
-/*
- * BIO_nread0/nread/nwrite0/nwrite are available only for BIO pairs for now
- * (conceivably some other BIOs could allow non-copying reads and writes
- * too.)
- */
-int BIO_nread0(BIO *bio, char **buf)
-{
-    long ret;
-
-    if (!bio->init) {
-        BIOerr(BIO_F_BIO_NREAD0, BIO_R_UNINITIALIZED);
-        return -2;
-    }
-
-    ret = BIO_ctrl(bio, BIO_C_NREAD0, 0, buf);
-    if (ret > INT_MAX)
-        return INT_MAX;
-    else
-        return (int)ret;
-}
-
-int BIO_nread(BIO *bio, char **buf, int num)
-{
-    int ret;
-
-    if (!bio->init) {
-        BIOerr(BIO_F_BIO_NREAD, BIO_R_UNINITIALIZED);
-        return -2;
-    }
-
-    ret = (int)BIO_ctrl(bio, BIO_C_NREAD, num, buf);
-    if (ret > 0)
-        bio->num_read += ret;
-    return ret;
-}
-
-int BIO_nwrite0(BIO *bio, char **buf)
-{
-    long ret;
-
-    if (!bio->init) {
-        BIOerr(BIO_F_BIO_NWRITE0, BIO_R_UNINITIALIZED);
-        return -2;
-    }
-
-    ret = BIO_ctrl(bio, BIO_C_NWRITE0, 0, buf);
-    if (ret > INT_MAX)
-        return INT_MAX;
-    else
-        return (int)ret;
-}
-
-int BIO_nwrite(BIO *bio, char **buf, int num)
-{
-    int ret;
-
-    if (!bio->init) {
-        BIOerr(BIO_F_BIO_NWRITE, BIO_R_UNINITIALIZED);
-        return -2;
-    }
-
-    ret = BIO_ctrl(bio, BIO_C_NWRITE, num, buf);
-    if (ret > 0)
-        bio->num_write += ret;
-    return ret;
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/bio/bss_bio.c (from rev 11605, vendor-crypto/openssl/dist/crypto/bio/bss_bio.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/bio/bss_bio.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/bio/bss_bio.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,886 @@
+/* crypto/bio/bss_bio.c  */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * Special method for a BIO where the other endpoint is also a BIO of this
+ * kind, handled by the same thread (i.e. the "peer" is actually ourselves,
+ * wearing a different hat). Such "BIO pairs" are mainly for using the SSL
+ * library with I/O interfaces for which no specific BIO method is available.
+ * See ssl/ssltest.c for some hints on how this can be used.
+ */
+
+/* BIO_DEBUG implies BIO_PAIR_DEBUG */
+#ifdef BIO_DEBUG
+# ifndef BIO_PAIR_DEBUG
+#  define BIO_PAIR_DEBUG
+# endif
+#endif
+
+/* disable assert() unless BIO_PAIR_DEBUG has been defined */
+#ifndef BIO_PAIR_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+
+#include <assert.h>
+#include <limits.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/crypto.h>
+
+#include "e_os.h"
+
+/* VxWorks defines SSIZE_MAX with an empty value causing compile errors */
+#if defined(OPENSSL_SYS_VXWORKS)
+# undef SSIZE_MAX
+#endif
+#ifndef SSIZE_MAX
+# define SSIZE_MAX INT_MAX
+#endif
+
+static int bio_new(BIO *bio);
+static int bio_free(BIO *bio);
+static int bio_read(BIO *bio, char *buf, int size);
+static int bio_write(BIO *bio, const char *buf, int num);
+static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr);
+static int bio_puts(BIO *bio, const char *str);
+
+static int bio_make_pair(BIO *bio1, BIO *bio2);
+static void bio_destroy_pair(BIO *bio);
+
+static BIO_METHOD methods_biop = {
+    BIO_TYPE_BIO,
+    "BIO pair",
+    bio_write,
+    bio_read,
+    bio_puts,
+    NULL /* no bio_gets */ ,
+    bio_ctrl,
+    bio_new,
+    bio_free,
+    NULL                        /* no bio_callback_ctrl */
+};
+
+BIO_METHOD *BIO_s_bio(void)
+{
+    return &methods_biop;
+}
+
+struct bio_bio_st {
+    BIO *peer;                  /* NULL if buf == NULL. If peer != NULL, then
+                                 * peer->ptr is also a bio_bio_st, and its
+                                 * "peer" member points back to us. peer !=
+                                 * NULL iff init != 0 in the BIO. */
+    /* This is for what we write (i.e. reading uses peer's struct): */
+    int closed;                 /* valid iff peer != NULL */
+    size_t len;                 /* valid iff buf != NULL; 0 if peer == NULL */
+    size_t offset;              /* valid iff buf != NULL; 0 if len == 0 */
+    size_t size;
+    char *buf;                  /* "size" elements (if != NULL) */
+    size_t request;             /* valid iff peer != NULL; 0 if len != 0,
+                                 * otherwise set by peer to number of bytes
+                                 * it (unsuccessfully) tried to read, never
+                                 * more than buffer space (size-len)
+                                 * warrants. */
+};
+
+static int bio_new(BIO *bio)
+{
+    struct bio_bio_st *b;
+
+    b = OPENSSL_malloc(sizeof *b);
+    if (b == NULL)
+        return 0;
+
+    b->peer = NULL;
+    /* enough for one TLS record (just a default) */
+    b->size = 17 * 1024;
+    b->buf = NULL;
+
+    bio->ptr = b;
+    return 1;
+}
+
+static int bio_free(BIO *bio)
+{
+    struct bio_bio_st *b;
+
+    if (bio == NULL)
+        return 0;
+    b = bio->ptr;
+
+    assert(b != NULL);
+
+    if (b->peer)
+        bio_destroy_pair(bio);
+
+    if (b->buf != NULL) {
+        OPENSSL_free(b->buf);
+    }
+
+    OPENSSL_free(b);
+
+    return 1;
+}
+
+static int bio_read(BIO *bio, char *buf, int size_)
+{
+    size_t size = size_;
+    size_t rest;
+    struct bio_bio_st *b, *peer_b;
+
+    BIO_clear_retry_flags(bio);
+
+    if (!bio->init)
+        return 0;
+
+    b = bio->ptr;
+    assert(b != NULL);
+    assert(b->peer != NULL);
+    peer_b = b->peer->ptr;
+    assert(peer_b != NULL);
+    assert(peer_b->buf != NULL);
+
+    peer_b->request = 0;        /* will be set in "retry_read" situation */
+
+    if (buf == NULL || size == 0)
+        return 0;
+
+    if (peer_b->len == 0) {
+        if (peer_b->closed)
+            return 0;           /* writer has closed, and no data is left */
+        else {
+            BIO_set_retry_read(bio); /* buffer is empty */
+            if (size <= peer_b->size)
+                peer_b->request = size;
+            else
+                /*
+                 * don't ask for more than the peer can deliver in one write
+                 */
+                peer_b->request = peer_b->size;
+            return -1;
+        }
+    }
+
+    /* we can read */
+    if (peer_b->len < size)
+        size = peer_b->len;
+
+    /* now read "size" bytes */
+
+    rest = size;
+
+    assert(rest > 0);
+    do {                        /* one or two iterations */
+        size_t chunk;
+
+        assert(rest <= peer_b->len);
+        if (peer_b->offset + rest <= peer_b->size)
+            chunk = rest;
+        else
+            /* wrap around ring buffer */
+            chunk = peer_b->size - peer_b->offset;
+        assert(peer_b->offset + chunk <= peer_b->size);
+
+        memcpy(buf, peer_b->buf + peer_b->offset, chunk);
+
+        peer_b->len -= chunk;
+        if (peer_b->len) {
+            peer_b->offset += chunk;
+            assert(peer_b->offset <= peer_b->size);
+            if (peer_b->offset == peer_b->size)
+                peer_b->offset = 0;
+            buf += chunk;
+        } else {
+            /* buffer now empty, no need to advance "buf" */
+            assert(chunk == rest);
+            peer_b->offset = 0;
+        }
+        rest -= chunk;
+    }
+    while (rest);
+
+    return size;
+}
+
+/*-
+ * non-copying interface: provide pointer to available data in buffer
+ *    bio_nread0:  return number of available bytes
+ *    bio_nread:   also advance index
+ * (example usage:  bio_nread0(), read from buffer, bio_nread()
+ *  or just         bio_nread(), read from buffer)
+ */
+/*
+ * WARNING: The non-copying interface is largely untested as of yet and may
+ * contain bugs.
+ */
+static ossl_ssize_t bio_nread0(BIO *bio, char **buf)
+{
+    struct bio_bio_st *b, *peer_b;
+    ossl_ssize_t num;
+
+    BIO_clear_retry_flags(bio);
+
+    if (!bio->init)
+        return 0;
+
+    b = bio->ptr;
+    assert(b != NULL);
+    assert(b->peer != NULL);
+    peer_b = b->peer->ptr;
+    assert(peer_b != NULL);
+    assert(peer_b->buf != NULL);
+
+    peer_b->request = 0;
+
+    if (peer_b->len == 0) {
+        char dummy;
+
+        /* avoid code duplication -- nothing available for reading */
+        return bio_read(bio, &dummy, 1); /* returns 0 or -1 */
+    }
+
+    num = peer_b->len;
+    if (peer_b->size < peer_b->offset + num)
+        /* no ring buffer wrap-around for non-copying interface */
+        num = peer_b->size - peer_b->offset;
+    assert(num > 0);
+
+    if (buf != NULL)
+        *buf = peer_b->buf + peer_b->offset;
+    return num;
+}
+
+static ossl_ssize_t bio_nread(BIO *bio, char **buf, size_t num_)
+{
+    struct bio_bio_st *b, *peer_b;
+    ossl_ssize_t num, available;
+
+    if (num_ > SSIZE_MAX)
+        num = SSIZE_MAX;
+    else
+        num = (ossl_ssize_t) num_;
+
+    available = bio_nread0(bio, buf);
+    if (num > available)
+        num = available;
+    if (num <= 0)
+        return num;
+
+    b = bio->ptr;
+    peer_b = b->peer->ptr;
+
+    peer_b->len -= num;
+    if (peer_b->len) {
+        peer_b->offset += num;
+        assert(peer_b->offset <= peer_b->size);
+        if (peer_b->offset == peer_b->size)
+            peer_b->offset = 0;
+    } else
+        peer_b->offset = 0;
+
+    return num;
+}
+
+static int bio_write(BIO *bio, const char *buf, int num_)
+{
+    size_t num = num_;
+    size_t rest;
+    struct bio_bio_st *b;
+
+    BIO_clear_retry_flags(bio);
+
+    if (!bio->init || buf == NULL || num == 0)
+        return 0;
+
+    b = bio->ptr;
+    assert(b != NULL);
+    assert(b->peer != NULL);
+    assert(b->buf != NULL);
+
+    b->request = 0;
+    if (b->closed) {
+        /* we already closed */
+        BIOerr(BIO_F_BIO_WRITE, BIO_R_BROKEN_PIPE);
+        return -1;
+    }
+
+    assert(b->len <= b->size);
+
+    if (b->len == b->size) {
+        BIO_set_retry_write(bio); /* buffer is full */
+        return -1;
+    }
+
+    /* we can write */
+    if (num > b->size - b->len)
+        num = b->size - b->len;
+
+    /* now write "num" bytes */
+
+    rest = num;
+
+    assert(rest > 0);
+    do {                        /* one or two iterations */
+        size_t write_offset;
+        size_t chunk;
+
+        assert(b->len + rest <= b->size);
+
+        write_offset = b->offset + b->len;
+        if (write_offset >= b->size)
+            write_offset -= b->size;
+        /* b->buf[write_offset] is the first byte we can write to. */
+
+        if (write_offset + rest <= b->size)
+            chunk = rest;
+        else
+            /* wrap around ring buffer */
+            chunk = b->size - write_offset;
+
+        memcpy(b->buf + write_offset, buf, chunk);
+
+        b->len += chunk;
+
+        assert(b->len <= b->size);
+
+        rest -= chunk;
+        buf += chunk;
+    }
+    while (rest);
+
+    return num;
+}
+
+/*-
+ * non-copying interface: provide pointer to region to write to
+ *   bio_nwrite0:  check how much space is available
+ *   bio_nwrite:   also increase length
+ * (example usage:  bio_nwrite0(), write to buffer, bio_nwrite()
+ *  or just         bio_nwrite(), write to buffer)
+ */
+static ossl_ssize_t bio_nwrite0(BIO *bio, char **buf)
+{
+    struct bio_bio_st *b;
+    size_t num;
+    size_t write_offset;
+
+    BIO_clear_retry_flags(bio);
+
+    if (!bio->init)
+        return 0;
+
+    b = bio->ptr;
+    assert(b != NULL);
+    assert(b->peer != NULL);
+    assert(b->buf != NULL);
+
+    b->request = 0;
+    if (b->closed) {
+        BIOerr(BIO_F_BIO_NWRITE0, BIO_R_BROKEN_PIPE);
+        return -1;
+    }
+
+    assert(b->len <= b->size);
+
+    if (b->len == b->size) {
+        BIO_set_retry_write(bio);
+        return -1;
+    }
+
+    num = b->size - b->len;
+    write_offset = b->offset + b->len;
+    if (write_offset >= b->size)
+        write_offset -= b->size;
+    if (write_offset + num > b->size)
+        /*
+         * no ring buffer wrap-around for non-copying interface (to fulfil
+         * the promise by BIO_ctrl_get_write_guarantee, BIO_nwrite may have
+         * to be called twice)
+         */
+        num = b->size - write_offset;
+
+    if (buf != NULL)
+        *buf = b->buf + write_offset;
+    assert(write_offset + num <= b->size);
+
+    return num;
+}
+
+static ossl_ssize_t bio_nwrite(BIO *bio, char **buf, size_t num_)
+{
+    struct bio_bio_st *b;
+    ossl_ssize_t num, space;
+
+    if (num_ > SSIZE_MAX)
+        num = SSIZE_MAX;
+    else
+        num = (ossl_ssize_t) num_;
+
+    space = bio_nwrite0(bio, buf);
+    if (num > space)
+        num = space;
+    if (num <= 0)
+        return num;
+    b = bio->ptr;
+    assert(b != NULL);
+    b->len += num;
+    assert(b->len <= b->size);
+
+    return num;
+}
+
+static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
+{
+    long ret;
+    struct bio_bio_st *b = bio->ptr;
+
+    assert(b != NULL);
+
+    switch (cmd) {
+        /* specific CTRL codes */
+
+    case BIO_C_SET_WRITE_BUF_SIZE:
+        if (b->peer) {
+            BIOerr(BIO_F_BIO_CTRL, BIO_R_IN_USE);
+            ret = 0;
+        } else if (num == 0) {
+            BIOerr(BIO_F_BIO_CTRL, BIO_R_INVALID_ARGUMENT);
+            ret = 0;
+        } else {
+            size_t new_size = num;
+
+            if (b->size != new_size) {
+                if (b->buf) {
+                    OPENSSL_free(b->buf);
+                    b->buf = NULL;
+                }
+                b->size = new_size;
+            }
+            ret = 1;
+        }
+        break;
+
+    case BIO_C_GET_WRITE_BUF_SIZE:
+        ret = (long)b->size;
+        break;
+
+    case BIO_C_MAKE_BIO_PAIR:
+        {
+            BIO *other_bio = ptr;
+
+            if (bio_make_pair(bio, other_bio))
+                ret = 1;
+            else
+                ret = 0;
+        }
+        break;
+
+    case BIO_C_DESTROY_BIO_PAIR:
+        /*
+         * Affects both BIOs in the pair -- call just once! Or let
+         * BIO_free(bio1); BIO_free(bio2); do the job.
+         */
+        bio_destroy_pair(bio);
+        ret = 1;
+        break;
+
+    case BIO_C_GET_WRITE_GUARANTEE:
+        /*
+         * How many bytes can the caller feed to the next write without
+         * having to keep any?
+         */
+        if (b->peer == NULL || b->closed)
+            ret = 0;
+        else
+            ret = (long)b->size - b->len;
+        break;
+
+    case BIO_C_GET_READ_REQUEST:
+        /*
+         * If the peer unsuccessfully tried to read, how many bytes were
+         * requested? (As with BIO_CTRL_PENDING, that number can usually be
+         * treated as boolean.)
+         */
+        ret = (long)b->request;
+        break;
+
+    case BIO_C_RESET_READ_REQUEST:
+        /*
+         * Reset request.  (Can be useful after read attempts at the other
+         * side that are meant to be non-blocking, e.g. when probing SSL_read
+         * to see if any data is available.)
+         */
+        b->request = 0;
+        ret = 1;
+        break;
+
+    case BIO_C_SHUTDOWN_WR:
+        /* similar to shutdown(..., SHUT_WR) */
+        b->closed = 1;
+        ret = 1;
+        break;
+
+    case BIO_C_NREAD0:
+        /* prepare for non-copying read */
+        ret = (long)bio_nread0(bio, ptr);
+        break;
+
+    case BIO_C_NREAD:
+        /* non-copying read */
+        ret = (long)bio_nread(bio, ptr, (size_t)num);
+        break;
+
+    case BIO_C_NWRITE0:
+        /* prepare for non-copying write */
+        ret = (long)bio_nwrite0(bio, ptr);
+        break;
+
+    case BIO_C_NWRITE:
+        /* non-copying write */
+        ret = (long)bio_nwrite(bio, ptr, (size_t)num);
+        break;
+
+        /* standard CTRL codes follow */
+
+    case BIO_CTRL_RESET:
+        if (b->buf != NULL) {
+            b->len = 0;
+            b->offset = 0;
+        }
+        ret = 0;
+        break;
+
+    case BIO_CTRL_GET_CLOSE:
+        ret = bio->shutdown;
+        break;
+
+    case BIO_CTRL_SET_CLOSE:
+        bio->shutdown = (int)num;
+        ret = 1;
+        break;
+
+    case BIO_CTRL_PENDING:
+        if (b->peer != NULL) {
+            struct bio_bio_st *peer_b = b->peer->ptr;
+
+            ret = (long)peer_b->len;
+        } else
+            ret = 0;
+        break;
+
+    case BIO_CTRL_WPENDING:
+        if (b->buf != NULL)
+            ret = (long)b->len;
+        else
+            ret = 0;
+        break;
+
+    case BIO_CTRL_DUP:
+        /* See BIO_dup_chain for circumstances we have to expect. */
+        {
+            BIO *other_bio = ptr;
+            struct bio_bio_st *other_b;
+
+            assert(other_bio != NULL);
+            other_b = other_bio->ptr;
+            assert(other_b != NULL);
+
+            assert(other_b->buf == NULL); /* other_bio is always fresh */
+
+            other_b->size = b->size;
+        }
+
+        ret = 1;
+        break;
+
+    case BIO_CTRL_FLUSH:
+        ret = 1;
+        break;
+
+    case BIO_CTRL_EOF:
+        {
+            BIO *other_bio = ptr;
+
+            if (other_bio) {
+                struct bio_bio_st *other_b = other_bio->ptr;
+
+                assert(other_b != NULL);
+                ret = other_b->len == 0 && other_b->closed;
+            } else
+                ret = 1;
+        }
+        break;
+
+    default:
+        ret = 0;
+    }
+    return ret;
+}
+
+static int bio_puts(BIO *bio, const char *str)
+{
+    return bio_write(bio, str, strlen(str));
+}
+
+static int bio_make_pair(BIO *bio1, BIO *bio2)
+{
+    struct bio_bio_st *b1, *b2;
+
+    assert(bio1 != NULL);
+    assert(bio2 != NULL);
+
+    b1 = bio1->ptr;
+    b2 = bio2->ptr;
+
+    if (b1->peer != NULL || b2->peer != NULL) {
+        BIOerr(BIO_F_BIO_MAKE_PAIR, BIO_R_IN_USE);
+        return 0;
+    }
+
+    if (b1->buf == NULL) {
+        b1->buf = OPENSSL_malloc(b1->size);
+        if (b1->buf == NULL) {
+            BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        b1->len = 0;
+        b1->offset = 0;
+    }
+
+    if (b2->buf == NULL) {
+        b2->buf = OPENSSL_malloc(b2->size);
+        if (b2->buf == NULL) {
+            BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        b2->len = 0;
+        b2->offset = 0;
+    }
+
+    b1->peer = bio2;
+    b1->closed = 0;
+    b1->request = 0;
+    b2->peer = bio1;
+    b2->closed = 0;
+    b2->request = 0;
+
+    bio1->init = 1;
+    bio2->init = 1;
+
+    return 1;
+}
+
+static void bio_destroy_pair(BIO *bio)
+{
+    struct bio_bio_st *b = bio->ptr;
+
+    if (b != NULL) {
+        BIO *peer_bio = b->peer;
+
+        if (peer_bio != NULL) {
+            struct bio_bio_st *peer_b = peer_bio->ptr;
+
+            assert(peer_b != NULL);
+            assert(peer_b->peer == bio);
+
+            peer_b->peer = NULL;
+            peer_bio->init = 0;
+            assert(peer_b->buf != NULL);
+            peer_b->len = 0;
+            peer_b->offset = 0;
+
+            b->peer = NULL;
+            bio->init = 0;
+            assert(b->buf != NULL);
+            b->len = 0;
+            b->offset = 0;
+        }
+    }
+}
+
+/* Exported convenience functions */
+int BIO_new_bio_pair(BIO **bio1_p, size_t writebuf1,
+                     BIO **bio2_p, size_t writebuf2)
+{
+    BIO *bio1 = NULL, *bio2 = NULL;
+    long r;
+    int ret = 0;
+
+    bio1 = BIO_new(BIO_s_bio());
+    if (bio1 == NULL)
+        goto err;
+    bio2 = BIO_new(BIO_s_bio());
+    if (bio2 == NULL)
+        goto err;
+
+    if (writebuf1) {
+        r = BIO_set_write_buf_size(bio1, writebuf1);
+        if (!r)
+            goto err;
+    }
+    if (writebuf2) {
+        r = BIO_set_write_buf_size(bio2, writebuf2);
+        if (!r)
+            goto err;
+    }
+
+    r = BIO_make_bio_pair(bio1, bio2);
+    if (!r)
+        goto err;
+    ret = 1;
+
+ err:
+    if (ret == 0) {
+        if (bio1) {
+            BIO_free(bio1);
+            bio1 = NULL;
+        }
+        if (bio2) {
+            BIO_free(bio2);
+            bio2 = NULL;
+        }
+    }
+
+    *bio1_p = bio1;
+    *bio2_p = bio2;
+    return ret;
+}
+
+size_t BIO_ctrl_get_write_guarantee(BIO *bio)
+{
+    return BIO_ctrl(bio, BIO_C_GET_WRITE_GUARANTEE, 0, NULL);
+}
+
+size_t BIO_ctrl_get_read_request(BIO *bio)
+{
+    return BIO_ctrl(bio, BIO_C_GET_READ_REQUEST, 0, NULL);
+}
+
+int BIO_ctrl_reset_read_request(BIO *bio)
+{
+    return (BIO_ctrl(bio, BIO_C_RESET_READ_REQUEST, 0, NULL) != 0);
+}
+
+/*
+ * BIO_nread0/nread/nwrite0/nwrite are available only for BIO pairs for now
+ * (conceivably some other BIOs could allow non-copying reads and writes
+ * too.)
+ */
+int BIO_nread0(BIO *bio, char **buf)
+{
+    long ret;
+
+    if (!bio->init) {
+        BIOerr(BIO_F_BIO_NREAD0, BIO_R_UNINITIALIZED);
+        return -2;
+    }
+
+    ret = BIO_ctrl(bio, BIO_C_NREAD0, 0, buf);
+    if (ret > INT_MAX)
+        return INT_MAX;
+    else
+        return (int)ret;
+}
+
+int BIO_nread(BIO *bio, char **buf, int num)
+{
+    int ret;
+
+    if (!bio->init) {
+        BIOerr(BIO_F_BIO_NREAD, BIO_R_UNINITIALIZED);
+        return -2;
+    }
+
+    ret = (int)BIO_ctrl(bio, BIO_C_NREAD, num, buf);
+    if (ret > 0)
+        bio->num_read += ret;
+    return ret;
+}
+
+int BIO_nwrite0(BIO *bio, char **buf)
+{
+    long ret;
+
+    if (!bio->init) {
+        BIOerr(BIO_F_BIO_NWRITE0, BIO_R_UNINITIALIZED);
+        return -2;
+    }
+
+    ret = BIO_ctrl(bio, BIO_C_NWRITE0, 0, buf);
+    if (ret > INT_MAX)
+        return INT_MAX;
+    else
+        return (int)ret;
+}
+
+int BIO_nwrite(BIO *bio, char **buf, int num)
+{
+    int ret;
+
+    if (!bio->init) {
+        BIOerr(BIO_F_BIO_NWRITE, BIO_R_UNINITIALIZED);
+        return -2;
+    }
+
+    ret = BIO_ctrl(bio, BIO_C_NWRITE, num, buf);
+    if (ret > 0)
+        bio->num_write += ret;
+    return ret;
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/bio/bss_conn.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bss_conn.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/bio/bss_conn.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,603 +0,0 @@
-/* crypto/bio/bss_conn.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#define USE_SOCKETS
-#include "cryptlib.h"
-#include <openssl/bio.h>
-
-#ifndef OPENSSL_NO_SOCK
-
-# ifdef OPENSSL_SYS_WIN16
-#  define SOCKET_PROTOCOL 0     /* more microsoft stupidity */
-# else
-#  define SOCKET_PROTOCOL IPPROTO_TCP
-# endif
-
-# if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
-/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
-#  undef FIONBIO
-# endif
-
-typedef struct bio_connect_st {
-    int state;
-    char *param_hostname;
-    char *param_port;
-    int nbio;
-    unsigned char ip[4];
-    unsigned short port;
-    struct sockaddr_in them;
-    /*
-     * int socket; this will be kept in bio->num so that it is compatible
-     * with the bss_sock bio
-     */
-    /*
-     * called when the connection is initially made callback(BIO,state,ret);
-     * The callback should return 'ret'.  state is for compatibility with the
-     * ssl info_callback
-     */
-    int (*info_callback) (const BIO *bio, int state, int ret);
-} BIO_CONNECT;
-
-static int conn_write(BIO *h, const char *buf, int num);
-static int conn_read(BIO *h, char *buf, int size);
-static int conn_puts(BIO *h, const char *str);
-static long conn_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int conn_new(BIO *h);
-static int conn_free(BIO *data);
-static long conn_callback_ctrl(BIO *h, int cmd, bio_info_cb *);
-
-static int conn_state(BIO *b, BIO_CONNECT *c);
-static void conn_close_socket(BIO *data);
-BIO_CONNECT *BIO_CONNECT_new(void);
-void BIO_CONNECT_free(BIO_CONNECT *a);
-
-static BIO_METHOD methods_connectp = {
-    BIO_TYPE_CONNECT,
-    "socket connect",
-    conn_write,
-    conn_read,
-    conn_puts,
-    NULL,                       /* connect_gets, */
-    conn_ctrl,
-    conn_new,
-    conn_free,
-    conn_callback_ctrl,
-};
-
-static int conn_state(BIO *b, BIO_CONNECT *c)
-{
-    int ret = -1, i;
-    unsigned long l;
-    char *p, *q;
-    int (*cb) (const BIO *, int, int) = NULL;
-
-    if (c->info_callback != NULL)
-        cb = c->info_callback;
-
-    for (;;) {
-        switch (c->state) {
-        case BIO_CONN_S_BEFORE:
-            p = c->param_hostname;
-            if (p == NULL) {
-                BIOerr(BIO_F_CONN_STATE, BIO_R_NO_HOSTNAME_SPECIFIED);
-                goto exit_loop;
-            }
-            for (; *p != '\0'; p++) {
-                if ((*p == ':') || (*p == '/'))
-                    break;
-            }
-
-            i = *p;
-            if ((i == ':') || (i == '/')) {
-
-                *(p++) = '\0';
-                if (i == ':') {
-                    for (q = p; *q; q++)
-                        if (*q == '/') {
-                            *q = '\0';
-                            break;
-                        }
-                    if (c->param_port != NULL)
-                        OPENSSL_free(c->param_port);
-                    c->param_port = BUF_strdup(p);
-                }
-            }
-
-            if (c->param_port == NULL) {
-                BIOerr(BIO_F_CONN_STATE, BIO_R_NO_PORT_SPECIFIED);
-                ERR_add_error_data(2, "host=", c->param_hostname);
-                goto exit_loop;
-            }
-            c->state = BIO_CONN_S_GET_IP;
-            break;
-
-        case BIO_CONN_S_GET_IP:
-            if (BIO_get_host_ip(c->param_hostname, &(c->ip[0])) <= 0)
-                goto exit_loop;
-            c->state = BIO_CONN_S_GET_PORT;
-            break;
-
-        case BIO_CONN_S_GET_PORT:
-            if (c->param_port == NULL) {
-                /* abort(); */
-                goto exit_loop;
-            } else if (BIO_get_port(c->param_port, &c->port) <= 0)
-                goto exit_loop;
-            c->state = BIO_CONN_S_CREATE_SOCKET;
-            break;
-
-        case BIO_CONN_S_CREATE_SOCKET:
-            /* now setup address */
-            memset((char *)&c->them, 0, sizeof(c->them));
-            c->them.sin_family = AF_INET;
-            c->them.sin_port = htons((unsigned short)c->port);
-            l = (unsigned long)
-                ((unsigned long)c->ip[0] << 24L) |
-                ((unsigned long)c->ip[1] << 16L) |
-                ((unsigned long)c->ip[2] << 8L) | ((unsigned long)c->ip[3]);
-            c->them.sin_addr.s_addr = htonl(l);
-            c->state = BIO_CONN_S_CREATE_SOCKET;
-
-            ret = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
-            if (ret == INVALID_SOCKET) {
-                SYSerr(SYS_F_SOCKET, get_last_socket_error());
-                ERR_add_error_data(4, "host=", c->param_hostname,
-                                   ":", c->param_port);
-                BIOerr(BIO_F_CONN_STATE, BIO_R_UNABLE_TO_CREATE_SOCKET);
-                goto exit_loop;
-            }
-            b->num = ret;
-            c->state = BIO_CONN_S_NBIO;
-            break;
-
-        case BIO_CONN_S_NBIO:
-            if (c->nbio) {
-                if (!BIO_socket_nbio(b->num, 1)) {
-                    BIOerr(BIO_F_CONN_STATE, BIO_R_ERROR_SETTING_NBIO);
-                    ERR_add_error_data(4, "host=",
-                                       c->param_hostname, ":", c->param_port);
-                    goto exit_loop;
-                }
-            }
-            c->state = BIO_CONN_S_CONNECT;
-
-# if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE)
-            i = 1;
-            i = setsockopt(b->num, SOL_SOCKET, SO_KEEPALIVE, (char *)&i,
-                           sizeof(i));
-            if (i < 0) {
-                SYSerr(SYS_F_SOCKET, get_last_socket_error());
-                ERR_add_error_data(4, "host=", c->param_hostname,
-                                   ":", c->param_port);
-                BIOerr(BIO_F_CONN_STATE, BIO_R_KEEPALIVE);
-                goto exit_loop;
-            }
-# endif
-            break;
-
-        case BIO_CONN_S_CONNECT:
-            BIO_clear_retry_flags(b);
-            ret = connect(b->num,
-                          (struct sockaddr *)&c->them, sizeof(c->them));
-            b->retry_reason = 0;
-            if (ret < 0) {
-                if (BIO_sock_should_retry(ret)) {
-                    BIO_set_retry_special(b);
-                    c->state = BIO_CONN_S_BLOCKED_CONNECT;
-                    b->retry_reason = BIO_RR_CONNECT;
-                } else {
-                    SYSerr(SYS_F_CONNECT, get_last_socket_error());
-                    ERR_add_error_data(4, "host=",
-                                       c->param_hostname, ":", c->param_port);
-                    BIOerr(BIO_F_CONN_STATE, BIO_R_CONNECT_ERROR);
-                }
-                goto exit_loop;
-            } else
-                c->state = BIO_CONN_S_OK;
-            break;
-
-        case BIO_CONN_S_BLOCKED_CONNECT:
-            i = BIO_sock_error(b->num);
-            if (i) {
-                BIO_clear_retry_flags(b);
-                SYSerr(SYS_F_CONNECT, i);
-                ERR_add_error_data(4, "host=",
-                                   c->param_hostname, ":", c->param_port);
-                BIOerr(BIO_F_CONN_STATE, BIO_R_NBIO_CONNECT_ERROR);
-                ret = 0;
-                goto exit_loop;
-            } else
-                c->state = BIO_CONN_S_OK;
-            break;
-
-        case BIO_CONN_S_OK:
-            ret = 1;
-            goto exit_loop;
-        default:
-            /* abort(); */
-            goto exit_loop;
-        }
-
-        if (cb != NULL) {
-            if (!(ret = cb((BIO *)b, c->state, ret)))
-                goto end;
-        }
-    }
-
-    /* Loop does not exit */
- exit_loop:
-    if (cb != NULL)
-        ret = cb((BIO *)b, c->state, ret);
- end:
-    return (ret);
-}
-
-BIO_CONNECT *BIO_CONNECT_new(void)
-{
-    BIO_CONNECT *ret;
-
-    if ((ret = (BIO_CONNECT *)OPENSSL_malloc(sizeof(BIO_CONNECT))) == NULL)
-        return (NULL);
-    ret->state = BIO_CONN_S_BEFORE;
-    ret->param_hostname = NULL;
-    ret->param_port = NULL;
-    ret->info_callback = NULL;
-    ret->nbio = 0;
-    ret->ip[0] = 0;
-    ret->ip[1] = 0;
-    ret->ip[2] = 0;
-    ret->ip[3] = 0;
-    ret->port = 0;
-    memset((char *)&ret->them, 0, sizeof(ret->them));
-    return (ret);
-}
-
-void BIO_CONNECT_free(BIO_CONNECT *a)
-{
-    if (a == NULL)
-        return;
-
-    if (a->param_hostname != NULL)
-        OPENSSL_free(a->param_hostname);
-    if (a->param_port != NULL)
-        OPENSSL_free(a->param_port);
-    OPENSSL_free(a);
-}
-
-BIO_METHOD *BIO_s_connect(void)
-{
-    return (&methods_connectp);
-}
-
-static int conn_new(BIO *bi)
-{
-    bi->init = 0;
-    bi->num = INVALID_SOCKET;
-    bi->flags = 0;
-    if ((bi->ptr = (char *)BIO_CONNECT_new()) == NULL)
-        return (0);
-    else
-        return (1);
-}
-
-static void conn_close_socket(BIO *bio)
-{
-    BIO_CONNECT *c;
-
-    c = (BIO_CONNECT *)bio->ptr;
-    if (bio->num != INVALID_SOCKET) {
-        /* Only do a shutdown if things were established */
-        if (c->state == BIO_CONN_S_OK)
-            shutdown(bio->num, 2);
-        closesocket(bio->num);
-        bio->num = INVALID_SOCKET;
-    }
-}
-
-static int conn_free(BIO *a)
-{
-    BIO_CONNECT *data;
-
-    if (a == NULL)
-        return (0);
-    data = (BIO_CONNECT *)a->ptr;
-
-    if (a->shutdown) {
-        conn_close_socket(a);
-        BIO_CONNECT_free(data);
-        a->ptr = NULL;
-        a->flags = 0;
-        a->init = 0;
-    }
-    return (1);
-}
-
-static int conn_read(BIO *b, char *out, int outl)
-{
-    int ret = 0;
-    BIO_CONNECT *data;
-
-    data = (BIO_CONNECT *)b->ptr;
-    if (data->state != BIO_CONN_S_OK) {
-        ret = conn_state(b, data);
-        if (ret <= 0)
-            return (ret);
-    }
-
-    if (out != NULL) {
-        clear_socket_error();
-        ret = readsocket(b->num, out, outl);
-        BIO_clear_retry_flags(b);
-        if (ret <= 0) {
-            if (BIO_sock_should_retry(ret))
-                BIO_set_retry_read(b);
-        }
-    }
-    return (ret);
-}
-
-static int conn_write(BIO *b, const char *in, int inl)
-{
-    int ret;
-    BIO_CONNECT *data;
-
-    data = (BIO_CONNECT *)b->ptr;
-    if (data->state != BIO_CONN_S_OK) {
-        ret = conn_state(b, data);
-        if (ret <= 0)
-            return (ret);
-    }
-
-    clear_socket_error();
-    ret = writesocket(b->num, in, inl);
-    BIO_clear_retry_flags(b);
-    if (ret <= 0) {
-        if (BIO_sock_should_retry(ret))
-            BIO_set_retry_write(b);
-    }
-    return (ret);
-}
-
-static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
-{
-    BIO *dbio;
-    int *ip;
-    const char **pptr;
-    long ret = 1;
-    BIO_CONNECT *data;
-
-    data = (BIO_CONNECT *)b->ptr;
-
-    switch (cmd) {
-    case BIO_CTRL_RESET:
-        ret = 0;
-        data->state = BIO_CONN_S_BEFORE;
-        conn_close_socket(b);
-        b->flags = 0;
-        break;
-    case BIO_C_DO_STATE_MACHINE:
-        /* use this one to start the connection */
-        if (data->state != BIO_CONN_S_OK)
-            ret = (long)conn_state(b, data);
-        else
-            ret = 1;
-        break;
-    case BIO_C_GET_CONNECT:
-        if (ptr != NULL) {
-            pptr = (const char **)ptr;
-            if (num == 0) {
-                *pptr = data->param_hostname;
-
-            } else if (num == 1) {
-                *pptr = data->param_port;
-            } else if (num == 2) {
-                *pptr = (char *)&(data->ip[0]);
-            } else if (num == 3) {
-                *((int *)ptr) = data->port;
-            }
-            if ((!b->init) || (ptr == NULL))
-                *pptr = "not initialized";
-            ret = 1;
-        }
-        break;
-    case BIO_C_SET_CONNECT:
-        if (ptr != NULL) {
-            b->init = 1;
-            if (num == 0) {
-                if (data->param_hostname != NULL)
-                    OPENSSL_free(data->param_hostname);
-                data->param_hostname = BUF_strdup(ptr);
-            } else if (num == 1) {
-                if (data->param_port != NULL)
-                    OPENSSL_free(data->param_port);
-                data->param_port = BUF_strdup(ptr);
-            } else if (num == 2) {
-                char buf[16];
-                unsigned char *p = ptr;
-
-                BIO_snprintf(buf, sizeof buf, "%d.%d.%d.%d",
-                             p[0], p[1], p[2], p[3]);
-                if (data->param_hostname != NULL)
-                    OPENSSL_free(data->param_hostname);
-                data->param_hostname = BUF_strdup(buf);
-                memcpy(&(data->ip[0]), ptr, 4);
-            } else if (num == 3) {
-                char buf[DECIMAL_SIZE(int) + 1];
-
-                BIO_snprintf(buf, sizeof buf, "%d", *(int *)ptr);
-                if (data->param_port != NULL)
-                    OPENSSL_free(data->param_port);
-                data->param_port = BUF_strdup(buf);
-                data->port = *(int *)ptr;
-            }
-        }
-        break;
-    case BIO_C_SET_NBIO:
-        data->nbio = (int)num;
-        break;
-    case BIO_C_GET_FD:
-        if (b->init) {
-            ip = (int *)ptr;
-            if (ip != NULL)
-                *ip = b->num;
-            ret = b->num;
-        } else
-            ret = -1;
-        break;
-    case BIO_CTRL_GET_CLOSE:
-        ret = b->shutdown;
-        break;
-    case BIO_CTRL_SET_CLOSE:
-        b->shutdown = (int)num;
-        break;
-    case BIO_CTRL_PENDING:
-    case BIO_CTRL_WPENDING:
-        ret = 0;
-        break;
-    case BIO_CTRL_FLUSH:
-        break;
-    case BIO_CTRL_DUP:
-        {
-            dbio = (BIO *)ptr;
-            if (data->param_port)
-                BIO_set_conn_port(dbio, data->param_port);
-            if (data->param_hostname)
-                BIO_set_conn_hostname(dbio, data->param_hostname);
-            BIO_set_nbio(dbio, data->nbio);
-            /*
-             * FIXME: the cast of the function seems unlikely to be a good
-             * idea
-             */
-            (void)BIO_set_info_callback(dbio,
-                                        (bio_info_cb *)data->info_callback);
-        }
-        break;
-    case BIO_CTRL_SET_CALLBACK:
-        {
-# if 0                          /* FIXME: Should this be used? -- Richard
-                                 * Levitte */
-            BIOerr(BIO_F_CONN_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-            ret = -1;
-# else
-            ret = 0;
-# endif
-        }
-        break;
-    case BIO_CTRL_GET_CALLBACK:
-        {
-            int (**fptr) (const BIO *bio, int state, int xret);
-
-            fptr = (int (**)(const BIO *bio, int state, int xret))ptr;
-            *fptr = data->info_callback;
-        }
-        break;
-    default:
-        ret = 0;
-        break;
-    }
-    return (ret);
-}
-
-static long conn_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
-{
-    long ret = 1;
-    BIO_CONNECT *data;
-
-    data = (BIO_CONNECT *)b->ptr;
-
-    switch (cmd) {
-    case BIO_CTRL_SET_CALLBACK:
-        {
-            data->info_callback =
-                (int (*)(const struct bio_st *, int, int))fp;
-        }
-        break;
-    default:
-        ret = 0;
-        break;
-    }
-    return (ret);
-}
-
-static int conn_puts(BIO *bp, const char *str)
-{
-    int n, ret;
-
-    n = strlen(str);
-    ret = conn_write(bp, str, n);
-    return (ret);
-}
-
-BIO *BIO_new_connect(char *str)
-{
-    BIO *ret;
-
-    ret = BIO_new(BIO_s_connect());
-    if (ret == NULL)
-        return (NULL);
-    if (BIO_set_conn_hostname(ret, str))
-        return (ret);
-    else {
-        BIO_free(ret);
-        return (NULL);
-    }
-}
-
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/bio/bss_conn.c (from rev 11605, vendor-crypto/openssl/dist/crypto/bio/bss_conn.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/bio/bss_conn.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/bio/bss_conn.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,612 @@
+/* crypto/bio/bss_conn.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "cryptlib.h"
+#include <openssl/bio.h>
+
+#ifndef OPENSSL_NO_SOCK
+
+# ifdef OPENSSL_SYS_WIN16
+#  define SOCKET_PROTOCOL 0     /* more microsoft stupidity */
+# else
+#  define SOCKET_PROTOCOL IPPROTO_TCP
+# endif
+
+# if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
+/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
+#  undef FIONBIO
+# endif
+
+typedef struct bio_connect_st {
+    int state;
+    char *param_hostname;
+    char *param_port;
+    int nbio;
+    unsigned char ip[4];
+    unsigned short port;
+    struct sockaddr_in them;
+    /*
+     * int socket; this will be kept in bio->num so that it is compatible
+     * with the bss_sock bio
+     */
+    /*
+     * called when the connection is initially made callback(BIO,state,ret);
+     * The callback should return 'ret'.  state is for compatibility with the
+     * ssl info_callback
+     */
+    int (*info_callback) (const BIO *bio, int state, int ret);
+} BIO_CONNECT;
+
+static int conn_write(BIO *h, const char *buf, int num);
+static int conn_read(BIO *h, char *buf, int size);
+static int conn_puts(BIO *h, const char *str);
+static long conn_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int conn_new(BIO *h);
+static int conn_free(BIO *data);
+static long conn_callback_ctrl(BIO *h, int cmd, bio_info_cb *);
+
+static int conn_state(BIO *b, BIO_CONNECT *c);
+static void conn_close_socket(BIO *data);
+BIO_CONNECT *BIO_CONNECT_new(void);
+void BIO_CONNECT_free(BIO_CONNECT *a);
+
+static BIO_METHOD methods_connectp = {
+    BIO_TYPE_CONNECT,
+    "socket connect",
+    conn_write,
+    conn_read,
+    conn_puts,
+    NULL,                       /* connect_gets, */
+    conn_ctrl,
+    conn_new,
+    conn_free,
+    conn_callback_ctrl,
+};
+
+static int conn_state(BIO *b, BIO_CONNECT *c)
+{
+    int ret = -1, i;
+    unsigned long l;
+    char *p, *q;
+    int (*cb) (const BIO *, int, int) = NULL;
+
+    if (c->info_callback != NULL)
+        cb = c->info_callback;
+
+    for (;;) {
+        switch (c->state) {
+        case BIO_CONN_S_BEFORE:
+            p = c->param_hostname;
+            if (p == NULL) {
+                BIOerr(BIO_F_CONN_STATE, BIO_R_NO_HOSTNAME_SPECIFIED);
+                goto exit_loop;
+            }
+            for (; *p != '\0'; p++) {
+                if ((*p == ':') || (*p == '/'))
+                    break;
+            }
+
+            i = *p;
+            if ((i == ':') || (i == '/')) {
+
+                *(p++) = '\0';
+                if (i == ':') {
+                    for (q = p; *q; q++)
+                        if (*q == '/') {
+                            *q = '\0';
+                            break;
+                        }
+                    if (c->param_port != NULL)
+                        OPENSSL_free(c->param_port);
+                    c->param_port = BUF_strdup(p);
+                }
+            }
+
+            if (c->param_port == NULL) {
+                BIOerr(BIO_F_CONN_STATE, BIO_R_NO_PORT_SPECIFIED);
+                ERR_add_error_data(2, "host=", c->param_hostname);
+                goto exit_loop;
+            }
+            c->state = BIO_CONN_S_GET_IP;
+            break;
+
+        case BIO_CONN_S_GET_IP:
+            if (BIO_get_host_ip(c->param_hostname, &(c->ip[0])) <= 0)
+                goto exit_loop;
+            c->state = BIO_CONN_S_GET_PORT;
+            break;
+
+        case BIO_CONN_S_GET_PORT:
+            if (c->param_port == NULL) {
+                /* abort(); */
+                goto exit_loop;
+            } else if (BIO_get_port(c->param_port, &c->port) <= 0)
+                goto exit_loop;
+            c->state = BIO_CONN_S_CREATE_SOCKET;
+            break;
+
+        case BIO_CONN_S_CREATE_SOCKET:
+            /* now setup address */
+            memset((char *)&c->them, 0, sizeof(c->them));
+            c->them.sin_family = AF_INET;
+            c->them.sin_port = htons((unsigned short)c->port);
+            l = (unsigned long)
+                ((unsigned long)c->ip[0] << 24L) |
+                ((unsigned long)c->ip[1] << 16L) |
+                ((unsigned long)c->ip[2] << 8L) | ((unsigned long)c->ip[3]);
+            c->them.sin_addr.s_addr = htonl(l);
+            c->state = BIO_CONN_S_CREATE_SOCKET;
+
+            ret = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
+            if (ret == INVALID_SOCKET) {
+                SYSerr(SYS_F_SOCKET, get_last_socket_error());
+                ERR_add_error_data(4, "host=", c->param_hostname,
+                                   ":", c->param_port);
+                BIOerr(BIO_F_CONN_STATE, BIO_R_UNABLE_TO_CREATE_SOCKET);
+                goto exit_loop;
+            }
+            b->num = ret;
+            c->state = BIO_CONN_S_NBIO;
+            break;
+
+        case BIO_CONN_S_NBIO:
+            if (c->nbio) {
+                if (!BIO_socket_nbio(b->num, 1)) {
+                    BIOerr(BIO_F_CONN_STATE, BIO_R_ERROR_SETTING_NBIO);
+                    ERR_add_error_data(4, "host=",
+                                       c->param_hostname, ":", c->param_port);
+                    goto exit_loop;
+                }
+            }
+            c->state = BIO_CONN_S_CONNECT;
+
+# if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE)
+            i = 1;
+            i = setsockopt(b->num, SOL_SOCKET, SO_KEEPALIVE, (char *)&i,
+                           sizeof(i));
+            if (i < 0) {
+                SYSerr(SYS_F_SOCKET, get_last_socket_error());
+                ERR_add_error_data(4, "host=", c->param_hostname,
+                                   ":", c->param_port);
+                BIOerr(BIO_F_CONN_STATE, BIO_R_KEEPALIVE);
+                goto exit_loop;
+            }
+# endif
+            break;
+
+        case BIO_CONN_S_CONNECT:
+            BIO_clear_retry_flags(b);
+            ret = connect(b->num,
+                          (struct sockaddr *)&c->them, sizeof(c->them));
+            b->retry_reason = 0;
+            if (ret < 0) {
+                if (BIO_sock_should_retry(ret)) {
+                    BIO_set_retry_special(b);
+                    c->state = BIO_CONN_S_BLOCKED_CONNECT;
+                    b->retry_reason = BIO_RR_CONNECT;
+                } else {
+                    SYSerr(SYS_F_CONNECT, get_last_socket_error());
+                    ERR_add_error_data(4, "host=",
+                                       c->param_hostname, ":", c->param_port);
+                    BIOerr(BIO_F_CONN_STATE, BIO_R_CONNECT_ERROR);
+                }
+                goto exit_loop;
+            } else
+                c->state = BIO_CONN_S_OK;
+            break;
+
+        case BIO_CONN_S_BLOCKED_CONNECT:
+            i = BIO_sock_error(b->num);
+            if (i) {
+                BIO_clear_retry_flags(b);
+                SYSerr(SYS_F_CONNECT, i);
+                ERR_add_error_data(4, "host=",
+                                   c->param_hostname, ":", c->param_port);
+                BIOerr(BIO_F_CONN_STATE, BIO_R_NBIO_CONNECT_ERROR);
+                ret = 0;
+                goto exit_loop;
+            } else
+                c->state = BIO_CONN_S_OK;
+            break;
+
+        case BIO_CONN_S_OK:
+            ret = 1;
+            goto exit_loop;
+        default:
+            /* abort(); */
+            goto exit_loop;
+        }
+
+        if (cb != NULL) {
+            if (!(ret = cb((BIO *)b, c->state, ret)))
+                goto end;
+        }
+    }
+
+    /* Loop does not exit */
+ exit_loop:
+    if (cb != NULL)
+        ret = cb((BIO *)b, c->state, ret);
+ end:
+    return (ret);
+}
+
+BIO_CONNECT *BIO_CONNECT_new(void)
+{
+    BIO_CONNECT *ret;
+
+    if ((ret = (BIO_CONNECT *)OPENSSL_malloc(sizeof(BIO_CONNECT))) == NULL)
+        return (NULL);
+    ret->state = BIO_CONN_S_BEFORE;
+    ret->param_hostname = NULL;
+    ret->param_port = NULL;
+    ret->info_callback = NULL;
+    ret->nbio = 0;
+    ret->ip[0] = 0;
+    ret->ip[1] = 0;
+    ret->ip[2] = 0;
+    ret->ip[3] = 0;
+    ret->port = 0;
+    memset((char *)&ret->them, 0, sizeof(ret->them));
+    return (ret);
+}
+
+void BIO_CONNECT_free(BIO_CONNECT *a)
+{
+    if (a == NULL)
+        return;
+
+    if (a->param_hostname != NULL)
+        OPENSSL_free(a->param_hostname);
+    if (a->param_port != NULL)
+        OPENSSL_free(a->param_port);
+    OPENSSL_free(a);
+}
+
+BIO_METHOD *BIO_s_connect(void)
+{
+    return (&methods_connectp);
+}
+
+static int conn_new(BIO *bi)
+{
+    bi->init = 0;
+    bi->num = INVALID_SOCKET;
+    bi->flags = 0;
+    if ((bi->ptr = (char *)BIO_CONNECT_new()) == NULL)
+        return (0);
+    else
+        return (1);
+}
+
+static void conn_close_socket(BIO *bio)
+{
+    BIO_CONNECT *c;
+
+    c = (BIO_CONNECT *)bio->ptr;
+    if (bio->num != INVALID_SOCKET) {
+        /* Only do a shutdown if things were established */
+        if (c->state == BIO_CONN_S_OK)
+            shutdown(bio->num, 2);
+        closesocket(bio->num);
+        bio->num = INVALID_SOCKET;
+    }
+}
+
+static int conn_free(BIO *a)
+{
+    BIO_CONNECT *data;
+
+    if (a == NULL)
+        return (0);
+    data = (BIO_CONNECT *)a->ptr;
+
+    if (a->shutdown) {
+        conn_close_socket(a);
+        BIO_CONNECT_free(data);
+        a->ptr = NULL;
+        a->flags = 0;
+        a->init = 0;
+    }
+    return (1);
+}
+
+static int conn_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+    BIO_CONNECT *data;
+
+    data = (BIO_CONNECT *)b->ptr;
+    if (data->state != BIO_CONN_S_OK) {
+        ret = conn_state(b, data);
+        if (ret <= 0)
+            return (ret);
+    }
+
+    if (out != NULL) {
+        clear_socket_error();
+        ret = readsocket(b->num, out, outl);
+        BIO_clear_retry_flags(b);
+        if (ret <= 0) {
+            if (BIO_sock_should_retry(ret))
+                BIO_set_retry_read(b);
+        }
+    }
+    return (ret);
+}
+
+static int conn_write(BIO *b, const char *in, int inl)
+{
+    int ret;
+    BIO_CONNECT *data;
+
+    data = (BIO_CONNECT *)b->ptr;
+    if (data->state != BIO_CONN_S_OK) {
+        ret = conn_state(b, data);
+        if (ret <= 0)
+            return (ret);
+    }
+
+    clear_socket_error();
+    ret = writesocket(b->num, in, inl);
+    BIO_clear_retry_flags(b);
+    if (ret <= 0) {
+        if (BIO_sock_should_retry(ret))
+            BIO_set_retry_write(b);
+    }
+    return (ret);
+}
+
+static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    BIO *dbio;
+    int *ip;
+    const char **pptr = NULL;
+    long ret = 1;
+    BIO_CONNECT *data;
+
+    data = (BIO_CONNECT *)b->ptr;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        ret = 0;
+        data->state = BIO_CONN_S_BEFORE;
+        conn_close_socket(b);
+        b->flags = 0;
+        break;
+    case BIO_C_DO_STATE_MACHINE:
+        /* use this one to start the connection */
+        if (data->state != BIO_CONN_S_OK)
+            ret = (long)conn_state(b, data);
+        else
+            ret = 1;
+        break;
+    case BIO_C_GET_CONNECT:
+        if (ptr != NULL) {
+            pptr = (const char **)ptr;
+        }
+
+        if (b->init) {
+            if (pptr != NULL) {
+                ret = 1;
+                if (num == 0) {
+                    *pptr = data->param_hostname;
+                } else if (num == 1) {
+                    *pptr = data->param_port;
+                } else if (num == 2) {
+                    *pptr = (char *)&(data->ip[0]);
+                } else {
+                    ret = 0;
+                }
+            }
+            if (num == 3) {
+                ret = data->port;
+            }
+        } else {
+            if (pptr != NULL)
+                *pptr = "not initialized";
+            ret = 0;
+        }
+        break;
+    case BIO_C_SET_CONNECT:
+        if (ptr != NULL) {
+            b->init = 1;
+            if (num == 0) {
+                if (data->param_hostname != NULL)
+                    OPENSSL_free(data->param_hostname);
+                data->param_hostname = BUF_strdup(ptr);
+            } else if (num == 1) {
+                if (data->param_port != NULL)
+                    OPENSSL_free(data->param_port);
+                data->param_port = BUF_strdup(ptr);
+            } else if (num == 2) {
+                char buf[16];
+                unsigned char *p = ptr;
+
+                BIO_snprintf(buf, sizeof buf, "%d.%d.%d.%d",
+                             p[0], p[1], p[2], p[3]);
+                if (data->param_hostname != NULL)
+                    OPENSSL_free(data->param_hostname);
+                data->param_hostname = BUF_strdup(buf);
+                memcpy(&(data->ip[0]), ptr, 4);
+            } else if (num == 3) {
+                char buf[DECIMAL_SIZE(int) + 1];
+
+                BIO_snprintf(buf, sizeof buf, "%d", *(int *)ptr);
+                if (data->param_port != NULL)
+                    OPENSSL_free(data->param_port);
+                data->param_port = BUF_strdup(buf);
+                data->port = *(int *)ptr;
+            }
+        }
+        break;
+    case BIO_C_SET_NBIO:
+        data->nbio = (int)num;
+        break;
+    case BIO_C_GET_FD:
+        if (b->init) {
+            ip = (int *)ptr;
+            if (ip != NULL)
+                *ip = b->num;
+            ret = b->num;
+        } else
+            ret = -1;
+        break;
+    case BIO_CTRL_GET_CLOSE:
+        ret = b->shutdown;
+        break;
+    case BIO_CTRL_SET_CLOSE:
+        b->shutdown = (int)num;
+        break;
+    case BIO_CTRL_PENDING:
+    case BIO_CTRL_WPENDING:
+        ret = 0;
+        break;
+    case BIO_CTRL_FLUSH:
+        break;
+    case BIO_CTRL_DUP:
+        {
+            dbio = (BIO *)ptr;
+            if (data->param_port)
+                BIO_set_conn_port(dbio, data->param_port);
+            if (data->param_hostname)
+                BIO_set_conn_hostname(dbio, data->param_hostname);
+            BIO_set_nbio(dbio, data->nbio);
+            /*
+             * FIXME: the cast of the function seems unlikely to be a good
+             * idea
+             */
+            (void)BIO_set_info_callback(dbio,
+                                        (bio_info_cb *)data->info_callback);
+        }
+        break;
+    case BIO_CTRL_SET_CALLBACK:
+        {
+# if 0                          /* FIXME: Should this be used? -- Richard
+                                 * Levitte */
+            BIOerr(BIO_F_CONN_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+            ret = -1;
+# else
+            ret = 0;
+# endif
+        }
+        break;
+    case BIO_CTRL_GET_CALLBACK:
+        {
+            int (**fptr) (const BIO *bio, int state, int xret);
+
+            fptr = (int (**)(const BIO *bio, int state, int xret))ptr;
+            *fptr = data->info_callback;
+        }
+        break;
+    default:
+        ret = 0;
+        break;
+    }
+    return (ret);
+}
+
+static long conn_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+{
+    long ret = 1;
+    BIO_CONNECT *data;
+
+    data = (BIO_CONNECT *)b->ptr;
+
+    switch (cmd) {
+    case BIO_CTRL_SET_CALLBACK:
+        {
+            data->info_callback =
+                (int (*)(const struct bio_st *, int, int))fp;
+        }
+        break;
+    default:
+        ret = 0;
+        break;
+    }
+    return (ret);
+}
+
+static int conn_puts(BIO *bp, const char *str)
+{
+    int n, ret;
+
+    n = strlen(str);
+    ret = conn_write(bp, str, n);
+    return (ret);
+}
+
+BIO *BIO_new_connect(char *str)
+{
+    BIO *ret;
+
+    ret = BIO_new(BIO_s_connect());
+    if (ret == NULL)
+        return (NULL);
+    if (BIO_set_conn_hostname(ret, str))
+        return (ret);
+    else {
+        BIO_free(ret);
+        return (NULL);
+    }
+}
+
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/bio/bss_dgram.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bss_dgram.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/bio/bss_dgram.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,2013 +0,0 @@
-/* crypto/bio/bio_dgram.c */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <errno.h>
-#define USE_SOCKETS
-#include "cryptlib.h"
-
-#include <openssl/bio.h>
-#ifndef OPENSSL_NO_DGRAM
-
-# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS)
-#  include <sys/timeb.h>
-# endif
-
-# ifndef OPENSSL_NO_SCTP
-#  include <netinet/sctp.h>
-#  include <fcntl.h>
-#  define OPENSSL_SCTP_DATA_CHUNK_TYPE            0x00
-#  define OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE 0xc0
-# endif
-
-# if defined(OPENSSL_SYS_LINUX) && !defined(IP_MTU)
-#  define IP_MTU      14        /* linux is lame */
-# endif
-
-# if defined(__FreeBSD__) && defined(IN6_IS_ADDR_V4MAPPED)
-/* Standard definition causes type-punning problems. */
-#  undef IN6_IS_ADDR_V4MAPPED
-#  define s6_addr32 __u6_addr.__u6_addr32
-#  define IN6_IS_ADDR_V4MAPPED(a)               \
-        (((a)->s6_addr32[0] == 0) &&          \
-         ((a)->s6_addr32[1] == 0) &&          \
-         ((a)->s6_addr32[2] == htonl(0x0000ffff)))
-# endif
-
-# ifdef WATT32
-#  define sock_write SockWrite  /* Watt-32 uses same names */
-#  define sock_read  SockRead
-#  define sock_puts  SockPuts
-# endif
-
-static int dgram_write(BIO *h, const char *buf, int num);
-static int dgram_read(BIO *h, char *buf, int size);
-static int dgram_puts(BIO *h, const char *str);
-static long dgram_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int dgram_new(BIO *h);
-static int dgram_free(BIO *data);
-static int dgram_clear(BIO *bio);
-
-# ifndef OPENSSL_NO_SCTP
-static int dgram_sctp_write(BIO *h, const char *buf, int num);
-static int dgram_sctp_read(BIO *h, char *buf, int size);
-static int dgram_sctp_puts(BIO *h, const char *str);
-static long dgram_sctp_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int dgram_sctp_new(BIO *h);
-static int dgram_sctp_free(BIO *data);
-#  ifdef SCTP_AUTHENTICATION_EVENT
-static void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification
-                                                  *snp);
-#  endif
-# endif
-
-static int BIO_dgram_should_retry(int s);
-
-static void get_current_time(struct timeval *t);
-
-static BIO_METHOD methods_dgramp = {
-    BIO_TYPE_DGRAM,
-    "datagram socket",
-    dgram_write,
-    dgram_read,
-    dgram_puts,
-    NULL,                       /* dgram_gets, */
-    dgram_ctrl,
-    dgram_new,
-    dgram_free,
-    NULL,
-};
-
-# ifndef OPENSSL_NO_SCTP
-static BIO_METHOD methods_dgramp_sctp = {
-    BIO_TYPE_DGRAM_SCTP,
-    "datagram sctp socket",
-    dgram_sctp_write,
-    dgram_sctp_read,
-    dgram_sctp_puts,
-    NULL,                       /* dgram_gets, */
-    dgram_sctp_ctrl,
-    dgram_sctp_new,
-    dgram_sctp_free,
-    NULL,
-};
-# endif
-
-typedef struct bio_dgram_data_st {
-    union {
-        struct sockaddr sa;
-        struct sockaddr_in sa_in;
-# if OPENSSL_USE_IPV6
-        struct sockaddr_in6 sa_in6;
-# endif
-    } peer;
-    unsigned int connected;
-    unsigned int _errno;
-    unsigned int mtu;
-    struct timeval next_timeout;
-    struct timeval socket_timeout;
-} bio_dgram_data;
-
-# ifndef OPENSSL_NO_SCTP
-typedef struct bio_dgram_sctp_save_message_st {
-    BIO *bio;
-    char *data;
-    int length;
-} bio_dgram_sctp_save_message;
-
-typedef struct bio_dgram_sctp_data_st {
-    union {
-        struct sockaddr sa;
-        struct sockaddr_in sa_in;
-#  if OPENSSL_USE_IPV6
-        struct sockaddr_in6 sa_in6;
-#  endif
-    } peer;
-    unsigned int connected;
-    unsigned int _errno;
-    unsigned int mtu;
-    struct bio_dgram_sctp_sndinfo sndinfo;
-    struct bio_dgram_sctp_rcvinfo rcvinfo;
-    struct bio_dgram_sctp_prinfo prinfo;
-    void (*handle_notifications) (BIO *bio, void *context, void *buf);
-    void *notification_context;
-    int in_handshake;
-    int ccs_rcvd;
-    int ccs_sent;
-    int save_shutdown;
-    int peer_auth_tested;
-    bio_dgram_sctp_save_message saved_message;
-} bio_dgram_sctp_data;
-# endif
-
-BIO_METHOD *BIO_s_datagram(void)
-{
-    return (&methods_dgramp);
-}
-
-BIO *BIO_new_dgram(int fd, int close_flag)
-{
-    BIO *ret;
-
-    ret = BIO_new(BIO_s_datagram());
-    if (ret == NULL)
-        return (NULL);
-    BIO_set_fd(ret, fd, close_flag);
-    return (ret);
-}
-
-static int dgram_new(BIO *bi)
-{
-    bio_dgram_data *data = NULL;
-
-    bi->init = 0;
-    bi->num = 0;
-    data = OPENSSL_malloc(sizeof(bio_dgram_data));
-    if (data == NULL)
-        return 0;
-    memset(data, 0x00, sizeof(bio_dgram_data));
-    bi->ptr = data;
-
-    bi->flags = 0;
-    return (1);
-}
-
-static int dgram_free(BIO *a)
-{
-    bio_dgram_data *data;
-
-    if (a == NULL)
-        return (0);
-    if (!dgram_clear(a))
-        return 0;
-
-    data = (bio_dgram_data *)a->ptr;
-    if (data != NULL)
-        OPENSSL_free(data);
-
-    return (1);
-}
-
-static int dgram_clear(BIO *a)
-{
-    if (a == NULL)
-        return (0);
-    if (a->shutdown) {
-        if (a->init) {
-            SHUTDOWN2(a->num);
-        }
-        a->init = 0;
-        a->flags = 0;
-    }
-    return (1);
-}
-
-static void dgram_adjust_rcv_timeout(BIO *b)
-{
-# if defined(SO_RCVTIMEO)
-    bio_dgram_data *data = (bio_dgram_data *)b->ptr;
-    union {
-        size_t s;
-        int i;
-    } sz = {
-        0
-    };
-
-    /* Is a timer active? */
-    if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) {
-        struct timeval timenow, timeleft;
-
-        /* Read current socket timeout */
-#  ifdef OPENSSL_SYS_WINDOWS
-        int timeout;
-
-        sz.i = sizeof(timeout);
-        if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
-                       (void *)&timeout, &sz.i) < 0) {
-            perror("getsockopt");
-        } else {
-            data->socket_timeout.tv_sec = timeout / 1000;
-            data->socket_timeout.tv_usec = (timeout % 1000) * 1000;
-        }
-#  else
-        sz.i = sizeof(data->socket_timeout);
-        if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
-                       &(data->socket_timeout), (void *)&sz) < 0) {
-            perror("getsockopt");
-        } else if (sizeof(sz.s) != sizeof(sz.i) && sz.i == 0)
-            OPENSSL_assert(sz.s <= sizeof(data->socket_timeout));
-#  endif
-
-        /* Get current time */
-        get_current_time(&timenow);
-
-        /* Calculate time left until timer expires */
-        memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval));
-        if (timeleft.tv_usec < timenow.tv_usec) {
-            timeleft.tv_usec = 1000000 - timenow.tv_usec + timeleft.tv_usec;
-            timeleft.tv_sec--;
-        } else {
-            timeleft.tv_usec -= timenow.tv_usec;
-        }
-        if (timeleft.tv_sec < timenow.tv_sec) {
-            timeleft.tv_sec = 0;
-            timeleft.tv_usec = 1;
-        } else {
-            timeleft.tv_sec -= timenow.tv_sec;
-        }
-
-        /*
-         * Adjust socket timeout if next handhake message timer will expire
-         * earlier.
-         */
-        if ((data->socket_timeout.tv_sec == 0
-             && data->socket_timeout.tv_usec == 0)
-            || (data->socket_timeout.tv_sec > timeleft.tv_sec)
-            || (data->socket_timeout.tv_sec == timeleft.tv_sec
-                && data->socket_timeout.tv_usec >= timeleft.tv_usec)) {
-#  ifdef OPENSSL_SYS_WINDOWS
-            timeout = timeleft.tv_sec * 1000 + timeleft.tv_usec / 1000;
-            if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
-                           (void *)&timeout, sizeof(timeout)) < 0) {
-                perror("setsockopt");
-            }
-#  else
-            if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &timeleft,
-                           sizeof(struct timeval)) < 0) {
-                perror("setsockopt");
-            }
-#  endif
-        }
-    }
-# endif
-}
-
-static void dgram_reset_rcv_timeout(BIO *b)
-{
-# if defined(SO_RCVTIMEO)
-    bio_dgram_data *data = (bio_dgram_data *)b->ptr;
-
-    /* Is a timer active? */
-    if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) {
-#  ifdef OPENSSL_SYS_WINDOWS
-        int timeout = data->socket_timeout.tv_sec * 1000 +
-            data->socket_timeout.tv_usec / 1000;
-        if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
-                       (void *)&timeout, sizeof(timeout)) < 0) {
-            perror("setsockopt");
-        }
-#  else
-        if (setsockopt
-            (b->num, SOL_SOCKET, SO_RCVTIMEO, &(data->socket_timeout),
-             sizeof(struct timeval)) < 0) {
-            perror("setsockopt");
-        }
-#  endif
-    }
-# endif
-}
-
-static int dgram_read(BIO *b, char *out, int outl)
-{
-    int ret = 0;
-    bio_dgram_data *data = (bio_dgram_data *)b->ptr;
-
-    struct {
-        /*
-         * See commentary in b_sock.c. <appro>
-         */
-        union {
-            size_t s;
-            int i;
-        } len;
-        union {
-            struct sockaddr sa;
-            struct sockaddr_in sa_in;
-# if OPENSSL_USE_IPV6
-            struct sockaddr_in6 sa_in6;
-# endif
-        } peer;
-    } sa;
-
-    sa.len.s = 0;
-    sa.len.i = sizeof(sa.peer);
-
-    if (out != NULL) {
-        clear_socket_error();
-        memset(&sa.peer, 0x00, sizeof(sa.peer));
-        dgram_adjust_rcv_timeout(b);
-        ret = recvfrom(b->num, out, outl, 0, &sa.peer.sa, (void *)&sa.len);
-        if (sizeof(sa.len.i) != sizeof(sa.len.s) && sa.len.i == 0) {
-            OPENSSL_assert(sa.len.s <= sizeof(sa.peer));
-            sa.len.i = (int)sa.len.s;
-        }
-
-        if (!data->connected && ret >= 0)
-            BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &sa.peer);
-
-        BIO_clear_retry_flags(b);
-        if (ret < 0) {
-            if (BIO_dgram_should_retry(ret)) {
-                BIO_set_retry_read(b);
-                data->_errno = get_last_socket_error();
-            }
-        }
-
-        dgram_reset_rcv_timeout(b);
-    }
-    return (ret);
-}
-
-static int dgram_write(BIO *b, const char *in, int inl)
-{
-    int ret;
-    bio_dgram_data *data = (bio_dgram_data *)b->ptr;
-    clear_socket_error();
-
-    if (data->connected)
-        ret = writesocket(b->num, in, inl);
-    else {
-        int peerlen = sizeof(data->peer);
-
-        if (data->peer.sa.sa_family == AF_INET)
-            peerlen = sizeof(data->peer.sa_in);
-# if OPENSSL_USE_IPV6
-        else if (data->peer.sa.sa_family == AF_INET6)
-            peerlen = sizeof(data->peer.sa_in6);
-# endif
-# if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
-        ret = sendto(b->num, (char *)in, inl, 0, &data->peer.sa, peerlen);
-# else
-        ret = sendto(b->num, in, inl, 0, &data->peer.sa, peerlen);
-# endif
-    }
-
-    BIO_clear_retry_flags(b);
-    if (ret <= 0) {
-        if (BIO_dgram_should_retry(ret)) {
-            BIO_set_retry_write(b);
-            data->_errno = get_last_socket_error();
-
-# if 0                          /* higher layers are responsible for querying
-                                 * MTU, if necessary */
-            if (data->_errno == EMSGSIZE)
-                /* retrieve the new MTU */
-                BIO_ctrl(b, BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
-# endif
-        }
-    }
-    return (ret);
-}
-
-static long dgram_get_mtu_overhead(bio_dgram_data *data)
-{
-    long ret;
-
-    switch (data->peer.sa.sa_family) {
-    case AF_INET:
-        /*
-         * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP
-         */
-        ret = 28;
-        break;
-# if OPENSSL_USE_IPV6
-    case AF_INET6:
-#  ifdef IN6_IS_ADDR_V4MAPPED
-        if (IN6_IS_ADDR_V4MAPPED(&data->peer.sa_in6.sin6_addr))
-            /*
-             * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP
-             */
-            ret = 28;
-        else
-#  endif
-            /*
-             * Assume this is UDP - 40 bytes for IP, 8 bytes for UDP
-             */
-            ret = 48;
-        break;
-# endif
-    default:
-        /* We don't know. Go with the historical default */
-        ret = 28;
-        break;
-    }
-    return ret;
-}
-
-static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
-{
-    long ret = 1;
-    int *ip;
-    struct sockaddr *to = NULL;
-    bio_dgram_data *data = NULL;
-# if defined(OPENSSL_SYS_LINUX) && (defined(IP_MTU_DISCOVER) || defined(IP_MTU))
-    int sockopt_val = 0;
-    socklen_t sockopt_len;      /* assume that system supporting IP_MTU is
-                                 * modern enough to define socklen_t */
-    socklen_t addr_len;
-    union {
-        struct sockaddr sa;
-        struct sockaddr_in s4;
-#  if OPENSSL_USE_IPV6
-        struct sockaddr_in6 s6;
-#  endif
-    } addr;
-# endif
-
-    data = (bio_dgram_data *)b->ptr;
-
-    switch (cmd) {
-    case BIO_CTRL_RESET:
-        num = 0;
-    case BIO_C_FILE_SEEK:
-        ret = 0;
-        break;
-    case BIO_C_FILE_TELL:
-    case BIO_CTRL_INFO:
-        ret = 0;
-        break;
-    case BIO_C_SET_FD:
-        dgram_clear(b);
-        b->num = *((int *)ptr);
-        b->shutdown = (int)num;
-        b->init = 1;
-        break;
-    case BIO_C_GET_FD:
-        if (b->init) {
-            ip = (int *)ptr;
-            if (ip != NULL)
-                *ip = b->num;
-            ret = b->num;
-        } else
-            ret = -1;
-        break;
-    case BIO_CTRL_GET_CLOSE:
-        ret = b->shutdown;
-        break;
-    case BIO_CTRL_SET_CLOSE:
-        b->shutdown = (int)num;
-        break;
-    case BIO_CTRL_PENDING:
-    case BIO_CTRL_WPENDING:
-        ret = 0;
-        break;
-    case BIO_CTRL_DUP:
-    case BIO_CTRL_FLUSH:
-        ret = 1;
-        break;
-    case BIO_CTRL_DGRAM_CONNECT:
-        to = (struct sockaddr *)ptr;
-# if 0
-        if (connect(b->num, to, sizeof(struct sockaddr)) < 0) {
-            perror("connect");
-            ret = 0;
-        } else {
-# endif
-            switch (to->sa_family) {
-            case AF_INET:
-                memcpy(&data->peer, to, sizeof(data->peer.sa_in));
-                break;
-# if OPENSSL_USE_IPV6
-            case AF_INET6:
-                memcpy(&data->peer, to, sizeof(data->peer.sa_in6));
-                break;
-# endif
-            default:
-                memcpy(&data->peer, to, sizeof(data->peer.sa));
-                break;
-            }
-# if 0
-        }
-# endif
-        break;
-        /* (Linux)kernel sets DF bit on outgoing IP packets */
-    case BIO_CTRL_DGRAM_MTU_DISCOVER:
-# if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
-        addr_len = (socklen_t) sizeof(addr);
-        memset((void *)&addr, 0, sizeof(addr));
-        if (getsockname(b->num, &addr.sa, &addr_len) < 0) {
-            ret = 0;
-            break;
-        }
-        switch (addr.sa.sa_family) {
-        case AF_INET:
-            sockopt_val = IP_PMTUDISC_DO;
-            if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
-                                  &sockopt_val, sizeof(sockopt_val))) < 0)
-                perror("setsockopt");
-            break;
-#  if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
-        case AF_INET6:
-            sockopt_val = IPV6_PMTUDISC_DO;
-            if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
-                                  &sockopt_val, sizeof(sockopt_val))) < 0)
-                perror("setsockopt");
-            break;
-#  endif
-        default:
-            ret = -1;
-            break;
-        }
-        ret = -1;
-# else
-        break;
-# endif
-    case BIO_CTRL_DGRAM_QUERY_MTU:
-# if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU)
-        addr_len = (socklen_t) sizeof(addr);
-        memset((void *)&addr, 0, sizeof(addr));
-        if (getsockname(b->num, &addr.sa, &addr_len) < 0) {
-            ret = 0;
-            break;
-        }
-        sockopt_len = sizeof(sockopt_val);
-        switch (addr.sa.sa_family) {
-        case AF_INET:
-            if ((ret =
-                 getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val,
-                            &sockopt_len)) < 0 || sockopt_val < 0) {
-                ret = 0;
-            } else {
-                /*
-                 * we assume that the transport protocol is UDP and no IP
-                 * options are used.
-                 */
-                data->mtu = sockopt_val - 8 - 20;
-                ret = data->mtu;
-            }
-            break;
-#  if OPENSSL_USE_IPV6 && defined(IPV6_MTU)
-        case AF_INET6:
-            if ((ret =
-                 getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU,
-                            (void *)&sockopt_val, &sockopt_len)) < 0
-                || sockopt_val < 0) {
-                ret = 0;
-            } else {
-                /*
-                 * we assume that the transport protocol is UDP and no IPV6
-                 * options are used.
-                 */
-                data->mtu = sockopt_val - 8 - 40;
-                ret = data->mtu;
-            }
-            break;
-#  endif
-        default:
-            ret = 0;
-            break;
-        }
-# else
-        ret = 0;
-# endif
-        break;
-    case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
-        ret = -dgram_get_mtu_overhead(data);
-        switch (data->peer.sa.sa_family) {
-        case AF_INET:
-            ret += 576;
-            break;
-# if OPENSSL_USE_IPV6
-        case AF_INET6:
-#  ifdef IN6_IS_ADDR_V4MAPPED
-            if (IN6_IS_ADDR_V4MAPPED(&data->peer.sa_in6.sin6_addr))
-                ret += 576;
-            else
-#  endif
-                ret += 1280;
-            break;
-# endif
-        default:
-            ret += 576;
-            break;
-        }
-        break;
-    case BIO_CTRL_DGRAM_GET_MTU:
-        return data->mtu;
-        break;
-    case BIO_CTRL_DGRAM_SET_MTU:
-        data->mtu = num;
-        ret = num;
-        break;
-    case BIO_CTRL_DGRAM_SET_CONNECTED:
-        to = (struct sockaddr *)ptr;
-
-        if (to != NULL) {
-            data->connected = 1;
-            switch (to->sa_family) {
-            case AF_INET:
-                memcpy(&data->peer, to, sizeof(data->peer.sa_in));
-                break;
-# if OPENSSL_USE_IPV6
-            case AF_INET6:
-                memcpy(&data->peer, to, sizeof(data->peer.sa_in6));
-                break;
-# endif
-            default:
-                memcpy(&data->peer, to, sizeof(data->peer.sa));
-                break;
-            }
-        } else {
-            data->connected = 0;
-            memset(&(data->peer), 0x00, sizeof(data->peer));
-        }
-        break;
-    case BIO_CTRL_DGRAM_GET_PEER:
-        switch (data->peer.sa.sa_family) {
-        case AF_INET:
-            ret = sizeof(data->peer.sa_in);
-            break;
-# if OPENSSL_USE_IPV6
-        case AF_INET6:
-            ret = sizeof(data->peer.sa_in6);
-            break;
-# endif
-        default:
-            ret = sizeof(data->peer.sa);
-            break;
-        }
-        if (num == 0 || num > ret)
-            num = ret;
-        memcpy(ptr, &data->peer, (ret = num));
-        break;
-    case BIO_CTRL_DGRAM_SET_PEER:
-        to = (struct sockaddr *)ptr;
-        switch (to->sa_family) {
-        case AF_INET:
-            memcpy(&data->peer, to, sizeof(data->peer.sa_in));
-            break;
-# if OPENSSL_USE_IPV6
-        case AF_INET6:
-            memcpy(&data->peer, to, sizeof(data->peer.sa_in6));
-            break;
-# endif
-        default:
-            memcpy(&data->peer, to, sizeof(data->peer.sa));
-            break;
-        }
-        break;
-    case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
-        memcpy(&(data->next_timeout), ptr, sizeof(struct timeval));
-        break;
-# if defined(SO_RCVTIMEO)
-    case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT:
-#  ifdef OPENSSL_SYS_WINDOWS
-        {
-            struct timeval *tv = (struct timeval *)ptr;
-            int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000;
-            if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
-                           (void *)&timeout, sizeof(timeout)) < 0) {
-                perror("setsockopt");
-                ret = -1;
-            }
-        }
-#  else
-        if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr,
-                       sizeof(struct timeval)) < 0) {
-            perror("setsockopt");
-            ret = -1;
-        }
-#  endif
-        break;
-    case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:
-        {
-            union {
-                size_t s;
-                int i;
-            } sz = {
-                0
-            };
-#  ifdef OPENSSL_SYS_WINDOWS
-            int timeout;
-            struct timeval *tv = (struct timeval *)ptr;
-
-            sz.i = sizeof(timeout);
-            if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
-                           (void *)&timeout, &sz.i) < 0) {
-                perror("getsockopt");
-                ret = -1;
-            } else {
-                tv->tv_sec = timeout / 1000;
-                tv->tv_usec = (timeout % 1000) * 1000;
-                ret = sizeof(*tv);
-            }
-#  else
-            sz.i = sizeof(struct timeval);
-            if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
-                           ptr, (void *)&sz) < 0) {
-                perror("getsockopt");
-                ret = -1;
-            } else if (sizeof(sz.s) != sizeof(sz.i) && sz.i == 0) {
-                OPENSSL_assert(sz.s <= sizeof(struct timeval));
-                ret = (int)sz.s;
-            } else
-                ret = sz.i;
-#  endif
-        }
-        break;
-# endif
-# if defined(SO_SNDTIMEO)
-    case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT:
-#  ifdef OPENSSL_SYS_WINDOWS
-        {
-            struct timeval *tv = (struct timeval *)ptr;
-            int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000;
-            if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
-                           (void *)&timeout, sizeof(timeout)) < 0) {
-                perror("setsockopt");
-                ret = -1;
-            }
-        }
-#  else
-        if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr,
-                       sizeof(struct timeval)) < 0) {
-            perror("setsockopt");
-            ret = -1;
-        }
-#  endif
-        break;
-    case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT:
-        {
-            union {
-                size_t s;
-                int i;
-            } sz = {
-                0
-            };
-#  ifdef OPENSSL_SYS_WINDOWS
-            int timeout;
-            struct timeval *tv = (struct timeval *)ptr;
-
-            sz.i = sizeof(timeout);
-            if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
-                           (void *)&timeout, &sz.i) < 0) {
-                perror("getsockopt");
-                ret = -1;
-            } else {
-                tv->tv_sec = timeout / 1000;
-                tv->tv_usec = (timeout % 1000) * 1000;
-                ret = sizeof(*tv);
-            }
-#  else
-            sz.i = sizeof(struct timeval);
-            if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
-                           ptr, (void *)&sz) < 0) {
-                perror("getsockopt");
-                ret = -1;
-            } else if (sizeof(sz.s) != sizeof(sz.i) && sz.i == 0) {
-                OPENSSL_assert(sz.s <= sizeof(struct timeval));
-                ret = (int)sz.s;
-            } else
-                ret = sz.i;
-#  endif
-        }
-        break;
-# endif
-    case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP:
-        /* fall-through */
-    case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP:
-# ifdef OPENSSL_SYS_WINDOWS
-        if (data->_errno == WSAETIMEDOUT)
-# else
-        if (data->_errno == EAGAIN)
-# endif
-        {
-            ret = 1;
-            data->_errno = 0;
-        } else
-            ret = 0;
-        break;
-# ifdef EMSGSIZE
-    case BIO_CTRL_DGRAM_MTU_EXCEEDED:
-        if (data->_errno == EMSGSIZE) {
-            ret = 1;
-            data->_errno = 0;
-        } else
-            ret = 0;
-        break;
-# endif
-    case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
-        ret = dgram_get_mtu_overhead(data);
-        break;
-    default:
-        ret = 0;
-        break;
-    }
-    return (ret);
-}
-
-static int dgram_puts(BIO *bp, const char *str)
-{
-    int n, ret;
-
-    n = strlen(str);
-    ret = dgram_write(bp, str, n);
-    return (ret);
-}
-
-# ifndef OPENSSL_NO_SCTP
-BIO_METHOD *BIO_s_datagram_sctp(void)
-{
-    return (&methods_dgramp_sctp);
-}
-
-BIO *BIO_new_dgram_sctp(int fd, int close_flag)
-{
-    BIO *bio;
-    int ret, optval = 20000;
-    int auth_data = 0, auth_forward = 0;
-    unsigned char *p;
-    struct sctp_authchunk auth;
-    struct sctp_authchunks *authchunks;
-    socklen_t sockopt_len;
-#  ifdef SCTP_AUTHENTICATION_EVENT
-#   ifdef SCTP_EVENT
-    struct sctp_event event;
-#   else
-    struct sctp_event_subscribe event;
-#   endif
-#  endif
-
-    bio = BIO_new(BIO_s_datagram_sctp());
-    if (bio == NULL)
-        return (NULL);
-    BIO_set_fd(bio, fd, close_flag);
-
-    /* Activate SCTP-AUTH for DATA and FORWARD-TSN chunks */
-    auth.sauth_chunk = OPENSSL_SCTP_DATA_CHUNK_TYPE;
-    ret =
-        setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth,
-                   sizeof(struct sctp_authchunk));
-    if (ret < 0) {
-        BIO_vfree(bio);
-        return (NULL);
-    }
-    auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE;
-    ret =
-        setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth,
-                   sizeof(struct sctp_authchunk));
-    if (ret < 0) {
-        BIO_vfree(bio);
-        return (NULL);
-    }
-
-    /*
-     * Test if activation was successful. When using accept(), SCTP-AUTH has
-     * to be activated for the listening socket already, otherwise the
-     * connected socket won't use it.
-     */
-    sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
-    authchunks = OPENSSL_malloc(sockopt_len);
-    if (!authchunks) {
-        BIO_vfree(bio);
-        return (NULL);
-    }
-    memset(authchunks, 0, sizeof(sockopt_len));
-    ret =
-        getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks,
-                   &sockopt_len);
-
-    if (ret < 0) {
-        OPENSSL_free(authchunks);
-        BIO_vfree(bio);
-        return (NULL);
-    }
-
-    for (p = (unsigned char *)authchunks->gauth_chunks;
-         p < (unsigned char *)authchunks + sockopt_len;
-         p += sizeof(uint8_t)) {
-        if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE)
-            auth_data = 1;
-        if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE)
-            auth_forward = 1;
-    }
-
-    OPENSSL_free(authchunks);
-
-    OPENSSL_assert(auth_data);
-    OPENSSL_assert(auth_forward);
-
-#  ifdef SCTP_AUTHENTICATION_EVENT
-#   ifdef SCTP_EVENT
-    memset(&event, 0, sizeof(struct sctp_event));
-    event.se_assoc_id = 0;
-    event.se_type = SCTP_AUTHENTICATION_EVENT;
-    event.se_on = 1;
-    ret =
-        setsockopt(fd, IPPROTO_SCTP, SCTP_EVENT, &event,
-                   sizeof(struct sctp_event));
-    if (ret < 0) {
-        BIO_vfree(bio);
-        return (NULL);
-    }
-#   else
-    sockopt_len = (socklen_t) sizeof(struct sctp_event_subscribe);
-    ret = getsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, &sockopt_len);
-    if (ret < 0) {
-        BIO_vfree(bio);
-        return (NULL);
-    }
-
-    event.sctp_authentication_event = 1;
-
-    ret =
-        setsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event,
-                   sizeof(struct sctp_event_subscribe));
-    if (ret < 0) {
-        BIO_vfree(bio);
-        return (NULL);
-    }
-#   endif
-#  endif
-
-    /*
-     * Disable partial delivery by setting the min size larger than the max
-     * record size of 2^14 + 2048 + 13
-     */
-    ret =
-        setsockopt(fd, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, &optval,
-                   sizeof(optval));
-    if (ret < 0) {
-        BIO_vfree(bio);
-        return (NULL);
-    }
-
-    return (bio);
-}
-
-int BIO_dgram_is_sctp(BIO *bio)
-{
-    return (BIO_method_type(bio) == BIO_TYPE_DGRAM_SCTP);
-}
-
-static int dgram_sctp_new(BIO *bi)
-{
-    bio_dgram_sctp_data *data = NULL;
-
-    bi->init = 0;
-    bi->num = 0;
-    data = OPENSSL_malloc(sizeof(bio_dgram_sctp_data));
-    if (data == NULL)
-        return 0;
-    memset(data, 0x00, sizeof(bio_dgram_sctp_data));
-#  ifdef SCTP_PR_SCTP_NONE
-    data->prinfo.pr_policy = SCTP_PR_SCTP_NONE;
-#  endif
-    bi->ptr = data;
-
-    bi->flags = 0;
-    return (1);
-}
-
-static int dgram_sctp_free(BIO *a)
-{
-    bio_dgram_sctp_data *data;
-
-    if (a == NULL)
-        return (0);
-    if (!dgram_clear(a))
-        return 0;
-
-    data = (bio_dgram_sctp_data *) a->ptr;
-    if (data != NULL) {
-        if (data->saved_message.data != NULL)
-            OPENSSL_free(data->saved_message.data);
-        OPENSSL_free(data);
-    }
-
-    return (1);
-}
-
-#  ifdef SCTP_AUTHENTICATION_EVENT
-void dgram_sctp_handle_auth_free_key_event(BIO *b,
-                                           union sctp_notification *snp)
-{
-    int ret;
-    struct sctp_authkey_event *authkeyevent = &snp->sn_auth_event;
-
-    if (authkeyevent->auth_indication == SCTP_AUTH_FREE_KEY) {
-        struct sctp_authkeyid authkeyid;
-
-        /* delete key */
-        authkeyid.scact_keynumber = authkeyevent->auth_keynumber;
-        ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY,
-                         &authkeyid, sizeof(struct sctp_authkeyid));
-    }
-}
-#  endif
-
-static int dgram_sctp_read(BIO *b, char *out, int outl)
-{
-    int ret = 0, n = 0, i, optval;
-    socklen_t optlen;
-    bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
-    union sctp_notification *snp;
-    struct msghdr msg;
-    struct iovec iov;
-    struct cmsghdr *cmsg;
-    char cmsgbuf[512];
-
-    if (out != NULL) {
-        clear_socket_error();
-
-        do {
-            memset(&data->rcvinfo, 0x00,
-                   sizeof(struct bio_dgram_sctp_rcvinfo));
-            iov.iov_base = out;
-            iov.iov_len = outl;
-            msg.msg_name = NULL;
-            msg.msg_namelen = 0;
-            msg.msg_iov = &iov;
-            msg.msg_iovlen = 1;
-            msg.msg_control = cmsgbuf;
-            msg.msg_controllen = 512;
-            msg.msg_flags = 0;
-            n = recvmsg(b->num, &msg, 0);
-
-            if (n <= 0) {
-                if (n < 0)
-                    ret = n;
-                break;
-            }
-
-            if (msg.msg_controllen > 0) {
-                for (cmsg = CMSG_FIRSTHDR(&msg); cmsg;
-                     cmsg = CMSG_NXTHDR(&msg, cmsg)) {
-                    if (cmsg->cmsg_level != IPPROTO_SCTP)
-                        continue;
-#  ifdef SCTP_RCVINFO
-                    if (cmsg->cmsg_type == SCTP_RCVINFO) {
-                        struct sctp_rcvinfo *rcvinfo;
-
-                        rcvinfo = (struct sctp_rcvinfo *)CMSG_DATA(cmsg);
-                        data->rcvinfo.rcv_sid = rcvinfo->rcv_sid;
-                        data->rcvinfo.rcv_ssn = rcvinfo->rcv_ssn;
-                        data->rcvinfo.rcv_flags = rcvinfo->rcv_flags;
-                        data->rcvinfo.rcv_ppid = rcvinfo->rcv_ppid;
-                        data->rcvinfo.rcv_tsn = rcvinfo->rcv_tsn;
-                        data->rcvinfo.rcv_cumtsn = rcvinfo->rcv_cumtsn;
-                        data->rcvinfo.rcv_context = rcvinfo->rcv_context;
-                    }
-#  endif
-#  ifdef SCTP_SNDRCV
-                    if (cmsg->cmsg_type == SCTP_SNDRCV) {
-                        struct sctp_sndrcvinfo *sndrcvinfo;
-
-                        sndrcvinfo =
-                            (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg);
-                        data->rcvinfo.rcv_sid = sndrcvinfo->sinfo_stream;
-                        data->rcvinfo.rcv_ssn = sndrcvinfo->sinfo_ssn;
-                        data->rcvinfo.rcv_flags = sndrcvinfo->sinfo_flags;
-                        data->rcvinfo.rcv_ppid = sndrcvinfo->sinfo_ppid;
-                        data->rcvinfo.rcv_tsn = sndrcvinfo->sinfo_tsn;
-                        data->rcvinfo.rcv_cumtsn = sndrcvinfo->sinfo_cumtsn;
-                        data->rcvinfo.rcv_context = sndrcvinfo->sinfo_context;
-                    }
-#  endif
-                }
-            }
-
-            if (msg.msg_flags & MSG_NOTIFICATION) {
-                snp = (union sctp_notification *)out;
-                if (snp->sn_header.sn_type == SCTP_SENDER_DRY_EVENT) {
-#  ifdef SCTP_EVENT
-                    struct sctp_event event;
-#  else
-                    struct sctp_event_subscribe event;
-                    socklen_t eventsize;
-#  endif
-                    /*
-                     * If a message has been delayed until the socket is dry,
-                     * it can be sent now.
-                     */
-                    if (data->saved_message.length > 0) {
-                        dgram_sctp_write(data->saved_message.bio,
-                                         data->saved_message.data,
-                                         data->saved_message.length);
-                        OPENSSL_free(data->saved_message.data);
-                        data->saved_message.data = NULL;
-                        data->saved_message.length = 0;
-                    }
-
-                    /* disable sender dry event */
-#  ifdef SCTP_EVENT
-                    memset(&event, 0, sizeof(struct sctp_event));
-                    event.se_assoc_id = 0;
-                    event.se_type = SCTP_SENDER_DRY_EVENT;
-                    event.se_on = 0;
-                    i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
-                                   sizeof(struct sctp_event));
-                    if (i < 0) {
-                        ret = i;
-                        break;
-                    }
-#  else
-                    eventsize = sizeof(struct sctp_event_subscribe);
-                    i = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
-                                   &eventsize);
-                    if (i < 0) {
-                        ret = i;
-                        break;
-                    }
-
-                    event.sctp_sender_dry_event = 0;
-
-                    i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
-                                   sizeof(struct sctp_event_subscribe));
-                    if (i < 0) {
-                        ret = i;
-                        break;
-                    }
-#  endif
-                }
-#  ifdef SCTP_AUTHENTICATION_EVENT
-                if (snp->sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
-                    dgram_sctp_handle_auth_free_key_event(b, snp);
-#  endif
-
-                if (data->handle_notifications != NULL)
-                    data->handle_notifications(b, data->notification_context,
-                                               (void *)out);
-
-                memset(out, 0, outl);
-            } else
-                ret += n;
-        }
-        while ((msg.msg_flags & MSG_NOTIFICATION) && (msg.msg_flags & MSG_EOR)
-               && (ret < outl));
-
-        if (ret > 0 && !(msg.msg_flags & MSG_EOR)) {
-            /* Partial message read, this should never happen! */
-
-            /*
-             * The buffer was too small, this means the peer sent a message
-             * that was larger than allowed.
-             */
-            if (ret == outl)
-                return -1;
-
-            /*
-             * Test if socket buffer can handle max record size (2^14 + 2048
-             * + 13)
-             */
-            optlen = (socklen_t) sizeof(int);
-            ret = getsockopt(b->num, SOL_SOCKET, SO_RCVBUF, &optval, &optlen);
-            if (ret >= 0)
-                OPENSSL_assert(optval >= 18445);
-
-            /*
-             * Test if SCTP doesn't partially deliver below max record size
-             * (2^14 + 2048 + 13)
-             */
-            optlen = (socklen_t) sizeof(int);
-            ret =
-                getsockopt(b->num, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT,
-                           &optval, &optlen);
-            if (ret >= 0)
-                OPENSSL_assert(optval >= 18445);
-
-            /*
-             * Partially delivered notification??? Probably a bug....
-             */
-            OPENSSL_assert(!(msg.msg_flags & MSG_NOTIFICATION));
-
-            /*
-             * Everything seems ok till now, so it's most likely a message
-             * dropped by PR-SCTP.
-             */
-            memset(out, 0, outl);
-            BIO_set_retry_read(b);
-            return -1;
-        }
-
-        BIO_clear_retry_flags(b);
-        if (ret < 0) {
-            if (BIO_dgram_should_retry(ret)) {
-                BIO_set_retry_read(b);
-                data->_errno = get_last_socket_error();
-            }
-        }
-
-        /* Test if peer uses SCTP-AUTH before continuing */
-        if (!data->peer_auth_tested) {
-            int ii, auth_data = 0, auth_forward = 0;
-            unsigned char *p;
-            struct sctp_authchunks *authchunks;
-
-            optlen =
-                (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
-            authchunks = OPENSSL_malloc(optlen);
-            if (!authchunks) {
-                BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_FAILURE);
-                return -1;
-            }
-            memset(authchunks, 0, sizeof(optlen));
-            ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS,
-                            authchunks, &optlen);
-
-            if (ii >= 0)
-                for (p = (unsigned char *)authchunks->gauth_chunks;
-                     p < (unsigned char *)authchunks + optlen;
-                     p += sizeof(uint8_t)) {
-                    if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE)
-                        auth_data = 1;
-                    if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE)
-                        auth_forward = 1;
-                }
-
-            OPENSSL_free(authchunks);
-
-            if (!auth_data || !auth_forward) {
-                BIOerr(BIO_F_DGRAM_SCTP_READ, BIO_R_CONNECT_ERROR);
-                return -1;
-            }
-
-            data->peer_auth_tested = 1;
-        }
-    }
-    return (ret);
-}
-
-static int dgram_sctp_write(BIO *b, const char *in, int inl)
-{
-    int ret;
-    bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
-    struct bio_dgram_sctp_sndinfo *sinfo = &(data->sndinfo);
-    struct bio_dgram_sctp_prinfo *pinfo = &(data->prinfo);
-    struct bio_dgram_sctp_sndinfo handshake_sinfo;
-    struct iovec iov[1];
-    struct msghdr msg;
-    struct cmsghdr *cmsg;
-#  if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO)
-    char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo)) +
-                 CMSG_SPACE(sizeof(struct sctp_prinfo))];
-    struct sctp_sndinfo *sndinfo;
-    struct sctp_prinfo *prinfo;
-#  else
-    char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndrcvinfo))];
-    struct sctp_sndrcvinfo *sndrcvinfo;
-#  endif
-
-    clear_socket_error();
-
-    /*
-     * If we're send anything else than application data, disable all user
-     * parameters and flags.
-     */
-    if (in[0] != 23) {
-        memset(&handshake_sinfo, 0x00, sizeof(struct bio_dgram_sctp_sndinfo));
-#  ifdef SCTP_SACK_IMMEDIATELY
-        handshake_sinfo.snd_flags = SCTP_SACK_IMMEDIATELY;
-#  endif
-        sinfo = &handshake_sinfo;
-    }
-
-    /*
-     * If we have to send a shutdown alert message and the socket is not dry
-     * yet, we have to save it and send it as soon as the socket gets dry.
-     */
-    if (data->save_shutdown && !BIO_dgram_sctp_wait_for_dry(b)) {
-        char *tmp;
-        data->saved_message.bio = b;
-        if (!(tmp = OPENSSL_malloc(inl))) {
-            BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_FAILURE);
-            return -1;
-        }
-        if (data->saved_message.data)
-            OPENSSL_free(data->saved_message.data);
-        data->saved_message.data = tmp;
-        memcpy(data->saved_message.data, in, inl);
-        data->saved_message.length = inl;
-        return inl;
-    }
-
-    iov[0].iov_base = (char *)in;
-    iov[0].iov_len = inl;
-    msg.msg_name = NULL;
-    msg.msg_namelen = 0;
-    msg.msg_iov = iov;
-    msg.msg_iovlen = 1;
-    msg.msg_control = (caddr_t) cmsgbuf;
-    msg.msg_controllen = 0;
-    msg.msg_flags = 0;
-#  if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO)
-    cmsg = (struct cmsghdr *)cmsgbuf;
-    cmsg->cmsg_level = IPPROTO_SCTP;
-    cmsg->cmsg_type = SCTP_SNDINFO;
-    cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndinfo));
-    sndinfo = (struct sctp_sndinfo *)CMSG_DATA(cmsg);
-    memset(sndinfo, 0, sizeof(struct sctp_sndinfo));
-    sndinfo->snd_sid = sinfo->snd_sid;
-    sndinfo->snd_flags = sinfo->snd_flags;
-    sndinfo->snd_ppid = sinfo->snd_ppid;
-    sndinfo->snd_context = sinfo->snd_context;
-    msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndinfo));
-
-    cmsg =
-        (struct cmsghdr *)&cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo))];
-    cmsg->cmsg_level = IPPROTO_SCTP;
-    cmsg->cmsg_type = SCTP_PRINFO;
-    cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_prinfo));
-    prinfo = (struct sctp_prinfo *)CMSG_DATA(cmsg);
-    memset(prinfo, 0, sizeof(struct sctp_prinfo));
-    prinfo->pr_policy = pinfo->pr_policy;
-    prinfo->pr_value = pinfo->pr_value;
-    msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_prinfo));
-#  else
-    cmsg = (struct cmsghdr *)cmsgbuf;
-    cmsg->cmsg_level = IPPROTO_SCTP;
-    cmsg->cmsg_type = SCTP_SNDRCV;
-    cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndrcvinfo));
-    sndrcvinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg);
-    memset(sndrcvinfo, 0, sizeof(struct sctp_sndrcvinfo));
-    sndrcvinfo->sinfo_stream = sinfo->snd_sid;
-    sndrcvinfo->sinfo_flags = sinfo->snd_flags;
-#   ifdef __FreeBSD__
-    sndrcvinfo->sinfo_flags |= pinfo->pr_policy;
-#   endif
-    sndrcvinfo->sinfo_ppid = sinfo->snd_ppid;
-    sndrcvinfo->sinfo_context = sinfo->snd_context;
-    sndrcvinfo->sinfo_timetolive = pinfo->pr_value;
-    msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndrcvinfo));
-#  endif
-
-    ret = sendmsg(b->num, &msg, 0);
-
-    BIO_clear_retry_flags(b);
-    if (ret <= 0) {
-        if (BIO_dgram_should_retry(ret)) {
-            BIO_set_retry_write(b);
-            data->_errno = get_last_socket_error();
-        }
-    }
-    return (ret);
-}
-
-static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
-{
-    long ret = 1;
-    bio_dgram_sctp_data *data = NULL;
-    socklen_t sockopt_len = 0;
-    struct sctp_authkeyid authkeyid;
-    struct sctp_authkey *authkey = NULL;
-
-    data = (bio_dgram_sctp_data *) b->ptr;
-
-    switch (cmd) {
-    case BIO_CTRL_DGRAM_QUERY_MTU:
-        /*
-         * Set to maximum (2^14) and ignore user input to enable transport
-         * protocol fragmentation. Returns always 2^14.
-         */
-        data->mtu = 16384;
-        ret = data->mtu;
-        break;
-    case BIO_CTRL_DGRAM_SET_MTU:
-        /*
-         * Set to maximum (2^14) and ignore input to enable transport
-         * protocol fragmentation. Returns always 2^14.
-         */
-        data->mtu = 16384;
-        ret = data->mtu;
-        break;
-    case BIO_CTRL_DGRAM_SET_CONNECTED:
-    case BIO_CTRL_DGRAM_CONNECT:
-        /* Returns always -1. */
-        ret = -1;
-        break;
-    case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
-        /*
-         * SCTP doesn't need the DTLS timer Returns always 1.
-         */
-        break;
-    case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
-        /*
-         * We allow transport protocol fragmentation so this is irrelevant
-         */
-        ret = 0;
-        break;
-    case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
-        if (num > 0)
-            data->in_handshake = 1;
-        else
-            data->in_handshake = 0;
-
-        ret =
-            setsockopt(b->num, IPPROTO_SCTP, SCTP_NODELAY,
-                       &data->in_handshake, sizeof(int));
-        break;
-    case BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY:
-        /*
-         * New shared key for SCTP AUTH. Returns 0 on success, -1 otherwise.
-         */
-
-        /* Get active key */
-        sockopt_len = sizeof(struct sctp_authkeyid);
-        ret =
-            getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid,
-                       &sockopt_len);
-        if (ret < 0)
-            break;
-
-        /* Add new key */
-        sockopt_len = sizeof(struct sctp_authkey) + 64 * sizeof(uint8_t);
-        authkey = OPENSSL_malloc(sockopt_len);
-        if (authkey == NULL) {
-            ret = -1;
-            break;
-        }
-        memset(authkey, 0x00, sockopt_len);
-        authkey->sca_keynumber = authkeyid.scact_keynumber + 1;
-#  ifndef __FreeBSD__
-        /*
-         * This field is missing in FreeBSD 8.2 and earlier, and FreeBSD 8.3
-         * and higher work without it.
-         */
-        authkey->sca_keylength = 64;
-#  endif
-        memcpy(&authkey->sca_key[0], ptr, 64 * sizeof(uint8_t));
-
-        ret =
-            setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_KEY, authkey,
-                       sockopt_len);
-        OPENSSL_free(authkey);
-        authkey = NULL;
-        if (ret < 0)
-            break;
-
-        /* Reset active key */
-        ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
-                         &authkeyid, sizeof(struct sctp_authkeyid));
-        if (ret < 0)
-            break;
-
-        break;
-    case BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY:
-        /* Returns 0 on success, -1 otherwise. */
-
-        /* Get active key */
-        sockopt_len = sizeof(struct sctp_authkeyid);
-        ret =
-            getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid,
-                       &sockopt_len);
-        if (ret < 0)
-            break;
-
-        /* Set active key */
-        authkeyid.scact_keynumber = authkeyid.scact_keynumber + 1;
-        ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
-                         &authkeyid, sizeof(struct sctp_authkeyid));
-        if (ret < 0)
-            break;
-
-        /*
-         * CCS has been sent, so remember that and fall through to check if
-         * we need to deactivate an old key
-         */
-        data->ccs_sent = 1;
-
-    case BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD:
-        /* Returns 0 on success, -1 otherwise. */
-
-        /*
-         * Has this command really been called or is this just a
-         * fall-through?
-         */
-        if (cmd == BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD)
-            data->ccs_rcvd = 1;
-
-        /*
-         * CSS has been both, received and sent, so deactivate an old key
-         */
-        if (data->ccs_rcvd == 1 && data->ccs_sent == 1) {
-            /* Get active key */
-            sockopt_len = sizeof(struct sctp_authkeyid);
-            ret =
-                getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
-                           &authkeyid, &sockopt_len);
-            if (ret < 0)
-                break;
-
-            /*
-             * Deactivate key or delete second last key if
-             * SCTP_AUTHENTICATION_EVENT is not available.
-             */
-            authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1;
-#  ifdef SCTP_AUTH_DEACTIVATE_KEY
-            sockopt_len = sizeof(struct sctp_authkeyid);
-            ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DEACTIVATE_KEY,
-                             &authkeyid, sockopt_len);
-            if (ret < 0)
-                break;
-#  endif
-#  ifndef SCTP_AUTHENTICATION_EVENT
-            if (authkeyid.scact_keynumber > 0) {
-                authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1;
-                ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY,
-                                 &authkeyid, sizeof(struct sctp_authkeyid));
-                if (ret < 0)
-                    break;
-            }
-#  endif
-
-            data->ccs_rcvd = 0;
-            data->ccs_sent = 0;
-        }
-        break;
-    case BIO_CTRL_DGRAM_SCTP_GET_SNDINFO:
-        /* Returns the size of the copied struct. */
-        if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo))
-            num = sizeof(struct bio_dgram_sctp_sndinfo);
-
-        memcpy(ptr, &(data->sndinfo), num);
-        ret = num;
-        break;
-    case BIO_CTRL_DGRAM_SCTP_SET_SNDINFO:
-        /* Returns the size of the copied struct. */
-        if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo))
-            num = sizeof(struct bio_dgram_sctp_sndinfo);
-
-        memcpy(&(data->sndinfo), ptr, num);
-        break;
-    case BIO_CTRL_DGRAM_SCTP_GET_RCVINFO:
-        /* Returns the size of the copied struct. */
-        if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo))
-            num = sizeof(struct bio_dgram_sctp_rcvinfo);
-
-        memcpy(ptr, &data->rcvinfo, num);
-
-        ret = num;
-        break;
-    case BIO_CTRL_DGRAM_SCTP_SET_RCVINFO:
-        /* Returns the size of the copied struct. */
-        if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo))
-            num = sizeof(struct bio_dgram_sctp_rcvinfo);
-
-        memcpy(&(data->rcvinfo), ptr, num);
-        break;
-    case BIO_CTRL_DGRAM_SCTP_GET_PRINFO:
-        /* Returns the size of the copied struct. */
-        if (num > (long)sizeof(struct bio_dgram_sctp_prinfo))
-            num = sizeof(struct bio_dgram_sctp_prinfo);
-
-        memcpy(ptr, &(data->prinfo), num);
-        ret = num;
-        break;
-    case BIO_CTRL_DGRAM_SCTP_SET_PRINFO:
-        /* Returns the size of the copied struct. */
-        if (num > (long)sizeof(struct bio_dgram_sctp_prinfo))
-            num = sizeof(struct bio_dgram_sctp_prinfo);
-
-        memcpy(&(data->prinfo), ptr, num);
-        break;
-    case BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN:
-        /* Returns always 1. */
-        if (num > 0)
-            data->save_shutdown = 1;
-        else
-            data->save_shutdown = 0;
-        break;
-
-    default:
-        /*
-         * Pass to default ctrl function to process SCTP unspecific commands
-         */
-        ret = dgram_ctrl(b, cmd, num, ptr);
-        break;
-    }
-    return (ret);
-}
-
-int BIO_dgram_sctp_notification_cb(BIO *b,
-                                   void (*handle_notifications) (BIO *bio,
-                                                                 void
-                                                                 *context,
-                                                                 void *buf),
-                                   void *context)
-{
-    bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
-
-    if (handle_notifications != NULL) {
-        data->handle_notifications = handle_notifications;
-        data->notification_context = context;
-    } else
-        return -1;
-
-    return 0;
-}
-
-int BIO_dgram_sctp_wait_for_dry(BIO *b)
-{
-    int is_dry = 0;
-    int n, sockflags, ret;
-    union sctp_notification snp;
-    struct msghdr msg;
-    struct iovec iov;
-#  ifdef SCTP_EVENT
-    struct sctp_event event;
-#  else
-    struct sctp_event_subscribe event;
-    socklen_t eventsize;
-#  endif
-    bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
-
-    /* set sender dry event */
-#  ifdef SCTP_EVENT
-    memset(&event, 0, sizeof(struct sctp_event));
-    event.se_assoc_id = 0;
-    event.se_type = SCTP_SENDER_DRY_EVENT;
-    event.se_on = 1;
-    ret =
-        setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
-                   sizeof(struct sctp_event));
-#  else
-    eventsize = sizeof(struct sctp_event_subscribe);
-    ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, &eventsize);
-    if (ret < 0)
-        return -1;
-
-    event.sctp_sender_dry_event = 1;
-
-    ret =
-        setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
-                   sizeof(struct sctp_event_subscribe));
-#  endif
-    if (ret < 0)
-        return -1;
-
-    /* peek for notification */
-    memset(&snp, 0x00, sizeof(union sctp_notification));
-    iov.iov_base = (char *)&snp;
-    iov.iov_len = sizeof(union sctp_notification);
-    msg.msg_name = NULL;
-    msg.msg_namelen = 0;
-    msg.msg_iov = &iov;
-    msg.msg_iovlen = 1;
-    msg.msg_control = NULL;
-    msg.msg_controllen = 0;
-    msg.msg_flags = 0;
-
-    n = recvmsg(b->num, &msg, MSG_PEEK);
-    if (n <= 0) {
-        if ((n < 0) && (get_last_socket_error() != EAGAIN)
-            && (get_last_socket_error() != EWOULDBLOCK))
-            return -1;
-        else
-            return 0;
-    }
-
-    /* if we find a notification, process it and try again if necessary */
-    while (msg.msg_flags & MSG_NOTIFICATION) {
-        memset(&snp, 0x00, sizeof(union sctp_notification));
-        iov.iov_base = (char *)&snp;
-        iov.iov_len = sizeof(union sctp_notification);
-        msg.msg_name = NULL;
-        msg.msg_namelen = 0;
-        msg.msg_iov = &iov;
-        msg.msg_iovlen = 1;
-        msg.msg_control = NULL;
-        msg.msg_controllen = 0;
-        msg.msg_flags = 0;
-
-        n = recvmsg(b->num, &msg, 0);
-        if (n <= 0) {
-            if ((n < 0) && (get_last_socket_error() != EAGAIN)
-                && (get_last_socket_error() != EWOULDBLOCK))
-                return -1;
-            else
-                return is_dry;
-        }
-
-        if (snp.sn_header.sn_type == SCTP_SENDER_DRY_EVENT) {
-            is_dry = 1;
-
-            /* disable sender dry event */
-#  ifdef SCTP_EVENT
-            memset(&event, 0, sizeof(struct sctp_event));
-            event.se_assoc_id = 0;
-            event.se_type = SCTP_SENDER_DRY_EVENT;
-            event.se_on = 0;
-            ret =
-                setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
-                           sizeof(struct sctp_event));
-#  else
-            eventsize = (socklen_t) sizeof(struct sctp_event_subscribe);
-            ret =
-                getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
-                           &eventsize);
-            if (ret < 0)
-                return -1;
-
-            event.sctp_sender_dry_event = 0;
-
-            ret =
-                setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
-                           sizeof(struct sctp_event_subscribe));
-#  endif
-            if (ret < 0)
-                return -1;
-        }
-#  ifdef SCTP_AUTHENTICATION_EVENT
-        if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
-            dgram_sctp_handle_auth_free_key_event(b, &snp);
-#  endif
-
-        if (data->handle_notifications != NULL)
-            data->handle_notifications(b, data->notification_context,
-                                       (void *)&snp);
-
-        /* found notification, peek again */
-        memset(&snp, 0x00, sizeof(union sctp_notification));
-        iov.iov_base = (char *)&snp;
-        iov.iov_len = sizeof(union sctp_notification);
-        msg.msg_name = NULL;
-        msg.msg_namelen = 0;
-        msg.msg_iov = &iov;
-        msg.msg_iovlen = 1;
-        msg.msg_control = NULL;
-        msg.msg_controllen = 0;
-        msg.msg_flags = 0;
-
-        /* if we have seen the dry already, don't wait */
-        if (is_dry) {
-            sockflags = fcntl(b->num, F_GETFL, 0);
-            fcntl(b->num, F_SETFL, O_NONBLOCK);
-        }
-
-        n = recvmsg(b->num, &msg, MSG_PEEK);
-
-        if (is_dry) {
-            fcntl(b->num, F_SETFL, sockflags);
-        }
-
-        if (n <= 0) {
-            if ((n < 0) && (get_last_socket_error() != EAGAIN)
-                && (get_last_socket_error() != EWOULDBLOCK))
-                return -1;
-            else
-                return is_dry;
-        }
-    }
-
-    /* read anything else */
-    return is_dry;
-}
-
-int BIO_dgram_sctp_msg_waiting(BIO *b)
-{
-    int n, sockflags;
-    union sctp_notification snp;
-    struct msghdr msg;
-    struct iovec iov;
-    bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
-
-    /* Check if there are any messages waiting to be read */
-    do {
-        memset(&snp, 0x00, sizeof(union sctp_notification));
-        iov.iov_base = (char *)&snp;
-        iov.iov_len = sizeof(union sctp_notification);
-        msg.msg_name = NULL;
-        msg.msg_namelen = 0;
-        msg.msg_iov = &iov;
-        msg.msg_iovlen = 1;
-        msg.msg_control = NULL;
-        msg.msg_controllen = 0;
-        msg.msg_flags = 0;
-
-        sockflags = fcntl(b->num, F_GETFL, 0);
-        fcntl(b->num, F_SETFL, O_NONBLOCK);
-        n = recvmsg(b->num, &msg, MSG_PEEK);
-        fcntl(b->num, F_SETFL, sockflags);
-
-        /* if notification, process and try again */
-        if (n > 0 && (msg.msg_flags & MSG_NOTIFICATION)) {
-#  ifdef SCTP_AUTHENTICATION_EVENT
-            if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
-                dgram_sctp_handle_auth_free_key_event(b, &snp);
-#  endif
-
-            memset(&snp, 0x00, sizeof(union sctp_notification));
-            iov.iov_base = (char *)&snp;
-            iov.iov_len = sizeof(union sctp_notification);
-            msg.msg_name = NULL;
-            msg.msg_namelen = 0;
-            msg.msg_iov = &iov;
-            msg.msg_iovlen = 1;
-            msg.msg_control = NULL;
-            msg.msg_controllen = 0;
-            msg.msg_flags = 0;
-            n = recvmsg(b->num, &msg, 0);
-
-            if (data->handle_notifications != NULL)
-                data->handle_notifications(b, data->notification_context,
-                                           (void *)&snp);
-        }
-
-    } while (n > 0 && (msg.msg_flags & MSG_NOTIFICATION));
-
-    /* Return 1 if there is a message to be read, return 0 otherwise. */
-    if (n > 0)
-        return 1;
-    else
-        return 0;
-}
-
-static int dgram_sctp_puts(BIO *bp, const char *str)
-{
-    int n, ret;
-
-    n = strlen(str);
-    ret = dgram_sctp_write(bp, str, n);
-    return (ret);
-}
-# endif
-
-static int BIO_dgram_should_retry(int i)
-{
-    int err;
-
-    if ((i == 0) || (i == -1)) {
-        err = get_last_socket_error();
-
-# if defined(OPENSSL_SYS_WINDOWS)
-        /*
-         * If the socket return value (i) is -1 and err is unexpectedly 0 at
-         * this point, the error code was overwritten by another system call
-         * before this error handling is called.
-         */
-# endif
-
-        return (BIO_dgram_non_fatal_error(err));
-    }
-    return (0);
-}
-
-int BIO_dgram_non_fatal_error(int err)
-{
-    switch (err) {
-# if defined(OPENSSL_SYS_WINDOWS)
-#  if defined(WSAEWOULDBLOCK)
-    case WSAEWOULDBLOCK:
-#  endif
-
-#  if 0                         /* This appears to always be an error */
-#   if defined(WSAENOTCONN)
-    case WSAENOTCONN:
-#   endif
-#  endif
-# endif
-
-# ifdef EWOULDBLOCK
-#  ifdef WSAEWOULDBLOCK
-#   if WSAEWOULDBLOCK != EWOULDBLOCK
-    case EWOULDBLOCK:
-#   endif
-#  else
-    case EWOULDBLOCK:
-#  endif
-# endif
-
-# ifdef EINTR
-    case EINTR:
-# endif
-
-# ifdef EAGAIN
-#  if EWOULDBLOCK != EAGAIN
-    case EAGAIN:
-#  endif
-# endif
-
-# ifdef EPROTO
-    case EPROTO:
-# endif
-
-# ifdef EINPROGRESS
-    case EINPROGRESS:
-# endif
-
-# ifdef EALREADY
-    case EALREADY:
-# endif
-
-        return (1);
-        /* break; */
-    default:
-        break;
-    }
-    return (0);
-}
-
-static void get_current_time(struct timeval *t)
-{
-# ifdef OPENSSL_SYS_WIN32
-    struct _timeb tb;
-    _ftime(&tb);
-    t->tv_sec = (long)tb.time;
-    t->tv_usec = (long)tb.millitm * 1000;
-# elif defined(OPENSSL_SYS_VMS)
-    struct timeb tb;
-    ftime(&tb);
-    t->tv_sec = (long)tb.time;
-    t->tv_usec = (long)tb.millitm * 1000;
-# else
-    gettimeofday(t, NULL);
-# endif
-}
-
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/bio/bss_dgram.c (from rev 11605, vendor-crypto/openssl/dist/crypto/bio/bss_dgram.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/bio/bss_dgram.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/bio/bss_dgram.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,2011 @@
+/* crypto/bio/bio_dgram.c */
+/*
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "cryptlib.h"
+
+#include <openssl/bio.h>
+#ifndef OPENSSL_NO_DGRAM
+
+# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS)
+#  include <sys/timeb.h>
+# endif
+
+# ifndef OPENSSL_NO_SCTP
+#  include <netinet/sctp.h>
+#  include <fcntl.h>
+#  define OPENSSL_SCTP_DATA_CHUNK_TYPE            0x00
+#  define OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE 0xc0
+# endif
+
+# if defined(OPENSSL_SYS_LINUX) && !defined(IP_MTU)
+#  define IP_MTU      14        /* linux is lame */
+# endif
+
+# if defined(__FreeBSD__) && defined(IN6_IS_ADDR_V4MAPPED)
+/* Standard definition causes type-punning problems. */
+#  undef IN6_IS_ADDR_V4MAPPED
+#  define s6_addr32 __u6_addr.__u6_addr32
+#  define IN6_IS_ADDR_V4MAPPED(a)               \
+        (((a)->s6_addr32[0] == 0) &&          \
+         ((a)->s6_addr32[1] == 0) &&          \
+         ((a)->s6_addr32[2] == htonl(0x0000ffff)))
+# endif
+
+# ifdef WATT32
+#  define sock_write SockWrite  /* Watt-32 uses same names */
+#  define sock_read  SockRead
+#  define sock_puts  SockPuts
+# endif
+
+static int dgram_write(BIO *h, const char *buf, int num);
+static int dgram_read(BIO *h, char *buf, int size);
+static int dgram_puts(BIO *h, const char *str);
+static long dgram_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int dgram_new(BIO *h);
+static int dgram_free(BIO *data);
+static int dgram_clear(BIO *bio);
+
+# ifndef OPENSSL_NO_SCTP
+static int dgram_sctp_write(BIO *h, const char *buf, int num);
+static int dgram_sctp_read(BIO *h, char *buf, int size);
+static int dgram_sctp_puts(BIO *h, const char *str);
+static long dgram_sctp_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int dgram_sctp_new(BIO *h);
+static int dgram_sctp_free(BIO *data);
+#  ifdef SCTP_AUTHENTICATION_EVENT
+static void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification
+                                                  *snp);
+#  endif
+# endif
+
+static int BIO_dgram_should_retry(int s);
+
+static void get_current_time(struct timeval *t);
+
+static BIO_METHOD methods_dgramp = {
+    BIO_TYPE_DGRAM,
+    "datagram socket",
+    dgram_write,
+    dgram_read,
+    dgram_puts,
+    NULL,                       /* dgram_gets, */
+    dgram_ctrl,
+    dgram_new,
+    dgram_free,
+    NULL,
+};
+
+# ifndef OPENSSL_NO_SCTP
+static BIO_METHOD methods_dgramp_sctp = {
+    BIO_TYPE_DGRAM_SCTP,
+    "datagram sctp socket",
+    dgram_sctp_write,
+    dgram_sctp_read,
+    dgram_sctp_puts,
+    NULL,                       /* dgram_gets, */
+    dgram_sctp_ctrl,
+    dgram_sctp_new,
+    dgram_sctp_free,
+    NULL,
+};
+# endif
+
+typedef struct bio_dgram_data_st {
+    union {
+        struct sockaddr sa;
+        struct sockaddr_in sa_in;
+# if OPENSSL_USE_IPV6
+        struct sockaddr_in6 sa_in6;
+# endif
+    } peer;
+    unsigned int connected;
+    unsigned int _errno;
+    unsigned int mtu;
+    struct timeval next_timeout;
+    struct timeval socket_timeout;
+} bio_dgram_data;
+
+# ifndef OPENSSL_NO_SCTP
+typedef struct bio_dgram_sctp_save_message_st {
+    BIO *bio;
+    char *data;
+    int length;
+} bio_dgram_sctp_save_message;
+
+typedef struct bio_dgram_sctp_data_st {
+    union {
+        struct sockaddr sa;
+        struct sockaddr_in sa_in;
+#  if OPENSSL_USE_IPV6
+        struct sockaddr_in6 sa_in6;
+#  endif
+    } peer;
+    unsigned int connected;
+    unsigned int _errno;
+    unsigned int mtu;
+    struct bio_dgram_sctp_sndinfo sndinfo;
+    struct bio_dgram_sctp_rcvinfo rcvinfo;
+    struct bio_dgram_sctp_prinfo prinfo;
+    void (*handle_notifications) (BIO *bio, void *context, void *buf);
+    void *notification_context;
+    int in_handshake;
+    int ccs_rcvd;
+    int ccs_sent;
+    int save_shutdown;
+    int peer_auth_tested;
+    bio_dgram_sctp_save_message saved_message;
+} bio_dgram_sctp_data;
+# endif
+
+BIO_METHOD *BIO_s_datagram(void)
+{
+    return (&methods_dgramp);
+}
+
+BIO *BIO_new_dgram(int fd, int close_flag)
+{
+    BIO *ret;
+
+    ret = BIO_new(BIO_s_datagram());
+    if (ret == NULL)
+        return (NULL);
+    BIO_set_fd(ret, fd, close_flag);
+    return (ret);
+}
+
+static int dgram_new(BIO *bi)
+{
+    bio_dgram_data *data = NULL;
+
+    bi->init = 0;
+    bi->num = 0;
+    data = OPENSSL_malloc(sizeof(bio_dgram_data));
+    if (data == NULL)
+        return 0;
+    memset(data, 0x00, sizeof(bio_dgram_data));
+    bi->ptr = data;
+
+    bi->flags = 0;
+    return (1);
+}
+
+static int dgram_free(BIO *a)
+{
+    bio_dgram_data *data;
+
+    if (a == NULL)
+        return (0);
+    if (!dgram_clear(a))
+        return 0;
+
+    data = (bio_dgram_data *)a->ptr;
+    if (data != NULL)
+        OPENSSL_free(data);
+
+    return (1);
+}
+
+static int dgram_clear(BIO *a)
+{
+    if (a == NULL)
+        return (0);
+    if (a->shutdown) {
+        if (a->init) {
+            SHUTDOWN2(a->num);
+        }
+        a->init = 0;
+        a->flags = 0;
+    }
+    return (1);
+}
+
+static void dgram_adjust_rcv_timeout(BIO *b)
+{
+# if defined(SO_RCVTIMEO)
+    bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+    union {
+        size_t s;
+        int i;
+    } sz = {
+        0
+    };
+
+    /* Is a timer active? */
+    if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) {
+        struct timeval timenow, timeleft;
+
+        /* Read current socket timeout */
+#  ifdef OPENSSL_SYS_WINDOWS
+        int timeout;
+
+        sz.i = sizeof(timeout);
+        if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                       (void *)&timeout, &sz.i) < 0) {
+            perror("getsockopt");
+        } else {
+            data->socket_timeout.tv_sec = timeout / 1000;
+            data->socket_timeout.tv_usec = (timeout % 1000) * 1000;
+        }
+#  else
+        sz.i = sizeof(data->socket_timeout);
+        if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                       &(data->socket_timeout), (void *)&sz) < 0) {
+            perror("getsockopt");
+        } else if (sizeof(sz.s) != sizeof(sz.i) && sz.i == 0)
+            OPENSSL_assert(sz.s <= sizeof(data->socket_timeout));
+#  endif
+
+        /* Get current time */
+        get_current_time(&timenow);
+
+        /* Calculate time left until timer expires */
+        memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval));
+        if (timeleft.tv_usec < timenow.tv_usec) {
+            timeleft.tv_usec = 1000000 - timenow.tv_usec + timeleft.tv_usec;
+            timeleft.tv_sec--;
+        } else {
+            timeleft.tv_usec -= timenow.tv_usec;
+        }
+        if (timeleft.tv_sec < timenow.tv_sec) {
+            timeleft.tv_sec = 0;
+            timeleft.tv_usec = 1;
+        } else {
+            timeleft.tv_sec -= timenow.tv_sec;
+        }
+
+        /*
+         * Adjust socket timeout if next handhake message timer will expire
+         * earlier.
+         */
+        if ((data->socket_timeout.tv_sec == 0
+             && data->socket_timeout.tv_usec == 0)
+            || (data->socket_timeout.tv_sec > timeleft.tv_sec)
+            || (data->socket_timeout.tv_sec == timeleft.tv_sec
+                && data->socket_timeout.tv_usec >= timeleft.tv_usec)) {
+#  ifdef OPENSSL_SYS_WINDOWS
+            timeout = timeleft.tv_sec * 1000 + timeleft.tv_usec / 1000;
+            if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                           (void *)&timeout, sizeof(timeout)) < 0) {
+                perror("setsockopt");
+            }
+#  else
+            if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &timeleft,
+                           sizeof(struct timeval)) < 0) {
+                perror("setsockopt");
+            }
+#  endif
+        }
+    }
+# endif
+}
+
+static void dgram_reset_rcv_timeout(BIO *b)
+{
+# if defined(SO_RCVTIMEO)
+    bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+
+    /* Is a timer active? */
+    if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) {
+#  ifdef OPENSSL_SYS_WINDOWS
+        int timeout = data->socket_timeout.tv_sec * 1000 +
+            data->socket_timeout.tv_usec / 1000;
+        if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                       (void *)&timeout, sizeof(timeout)) < 0) {
+            perror("setsockopt");
+        }
+#  else
+        if (setsockopt
+            (b->num, SOL_SOCKET, SO_RCVTIMEO, &(data->socket_timeout),
+             sizeof(struct timeval)) < 0) {
+            perror("setsockopt");
+        }
+#  endif
+    }
+# endif
+}
+
+static int dgram_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+    bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+
+    struct {
+        /*
+         * See commentary in b_sock.c. <appro>
+         */
+        union {
+            size_t s;
+            int i;
+        } len;
+        union {
+            struct sockaddr sa;
+            struct sockaddr_in sa_in;
+# if OPENSSL_USE_IPV6
+            struct sockaddr_in6 sa_in6;
+# endif
+        } peer;
+    } sa;
+
+    sa.len.s = 0;
+    sa.len.i = sizeof(sa.peer);
+
+    if (out != NULL) {
+        clear_socket_error();
+        memset(&sa.peer, 0x00, sizeof(sa.peer));
+        dgram_adjust_rcv_timeout(b);
+        ret = recvfrom(b->num, out, outl, 0, &sa.peer.sa, (void *)&sa.len);
+        if (sizeof(sa.len.i) != sizeof(sa.len.s) && sa.len.i == 0) {
+            OPENSSL_assert(sa.len.s <= sizeof(sa.peer));
+            sa.len.i = (int)sa.len.s;
+        }
+
+        if (!data->connected && ret >= 0)
+            BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &sa.peer);
+
+        BIO_clear_retry_flags(b);
+        if (ret < 0) {
+            if (BIO_dgram_should_retry(ret)) {
+                BIO_set_retry_read(b);
+                data->_errno = get_last_socket_error();
+            }
+        }
+
+        dgram_reset_rcv_timeout(b);
+    }
+    return (ret);
+}
+
+static int dgram_write(BIO *b, const char *in, int inl)
+{
+    int ret;
+    bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+    clear_socket_error();
+
+    if (data->connected)
+        ret = writesocket(b->num, in, inl);
+    else {
+        int peerlen = sizeof(data->peer);
+
+        if (data->peer.sa.sa_family == AF_INET)
+            peerlen = sizeof(data->peer.sa_in);
+# if OPENSSL_USE_IPV6
+        else if (data->peer.sa.sa_family == AF_INET6)
+            peerlen = sizeof(data->peer.sa_in6);
+# endif
+# if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
+        ret = sendto(b->num, (char *)in, inl, 0, &data->peer.sa, peerlen);
+# else
+        ret = sendto(b->num, in, inl, 0, &data->peer.sa, peerlen);
+# endif
+    }
+
+    BIO_clear_retry_flags(b);
+    if (ret <= 0) {
+        if (BIO_dgram_should_retry(ret)) {
+            BIO_set_retry_write(b);
+            data->_errno = get_last_socket_error();
+
+# if 0                          /* higher layers are responsible for querying
+                                 * MTU, if necessary */
+            if (data->_errno == EMSGSIZE)
+                /* retrieve the new MTU */
+                BIO_ctrl(b, BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
+# endif
+        }
+    }
+    return (ret);
+}
+
+static long dgram_get_mtu_overhead(bio_dgram_data *data)
+{
+    long ret;
+
+    switch (data->peer.sa.sa_family) {
+    case AF_INET:
+        /*
+         * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP
+         */
+        ret = 28;
+        break;
+# if OPENSSL_USE_IPV6
+    case AF_INET6:
+#  ifdef IN6_IS_ADDR_V4MAPPED
+        if (IN6_IS_ADDR_V4MAPPED(&data->peer.sa_in6.sin6_addr))
+            /*
+             * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP
+             */
+            ret = 28;
+        else
+#  endif
+            /*
+             * Assume this is UDP - 40 bytes for IP, 8 bytes for UDP
+             */
+            ret = 48;
+        break;
+# endif
+    default:
+        /* We don't know. Go with the historical default */
+        ret = 28;
+        break;
+    }
+    return ret;
+}
+
+static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    long ret = 1;
+    int *ip;
+    struct sockaddr *to = NULL;
+    bio_dgram_data *data = NULL;
+# if defined(OPENSSL_SYS_LINUX) && (defined(IP_MTU_DISCOVER) || defined(IP_MTU))
+    int sockopt_val = 0;
+    socklen_t sockopt_len;      /* assume that system supporting IP_MTU is
+                                 * modern enough to define socklen_t */
+    socklen_t addr_len;
+    union {
+        struct sockaddr sa;
+        struct sockaddr_in s4;
+#  if OPENSSL_USE_IPV6
+        struct sockaddr_in6 s6;
+#  endif
+    } addr;
+# endif
+
+    data = (bio_dgram_data *)b->ptr;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        num = 0;
+        ret = 0;
+        break;
+    case BIO_CTRL_INFO:
+        ret = 0;
+        break;
+    case BIO_C_SET_FD:
+        dgram_clear(b);
+        b->num = *((int *)ptr);
+        b->shutdown = (int)num;
+        b->init = 1;
+        break;
+    case BIO_C_GET_FD:
+        if (b->init) {
+            ip = (int *)ptr;
+            if (ip != NULL)
+                *ip = b->num;
+            ret = b->num;
+        } else
+            ret = -1;
+        break;
+    case BIO_CTRL_GET_CLOSE:
+        ret = b->shutdown;
+        break;
+    case BIO_CTRL_SET_CLOSE:
+        b->shutdown = (int)num;
+        break;
+    case BIO_CTRL_PENDING:
+    case BIO_CTRL_WPENDING:
+        ret = 0;
+        break;
+    case BIO_CTRL_DUP:
+    case BIO_CTRL_FLUSH:
+        ret = 1;
+        break;
+    case BIO_CTRL_DGRAM_CONNECT:
+        to = (struct sockaddr *)ptr;
+# if 0
+        if (connect(b->num, to, sizeof(struct sockaddr)) < 0) {
+            perror("connect");
+            ret = 0;
+        } else {
+# endif
+            switch (to->sa_family) {
+            case AF_INET:
+                memcpy(&data->peer, to, sizeof(data->peer.sa_in));
+                break;
+# if OPENSSL_USE_IPV6
+            case AF_INET6:
+                memcpy(&data->peer, to, sizeof(data->peer.sa_in6));
+                break;
+# endif
+            default:
+                memcpy(&data->peer, to, sizeof(data->peer.sa));
+                break;
+            }
+# if 0
+        }
+# endif
+        break;
+        /* (Linux)kernel sets DF bit on outgoing IP packets */
+    case BIO_CTRL_DGRAM_MTU_DISCOVER:
+# if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
+        addr_len = (socklen_t) sizeof(addr);
+        memset((void *)&addr, 0, sizeof(addr));
+        if (getsockname(b->num, &addr.sa, &addr_len) < 0) {
+            ret = 0;
+            break;
+        }
+        switch (addr.sa.sa_family) {
+        case AF_INET:
+            sockopt_val = IP_PMTUDISC_DO;
+            if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
+                                  &sockopt_val, sizeof(sockopt_val))) < 0)
+                perror("setsockopt");
+            break;
+#  if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
+        case AF_INET6:
+            sockopt_val = IPV6_PMTUDISC_DO;
+            if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
+                                  &sockopt_val, sizeof(sockopt_val))) < 0)
+                perror("setsockopt");
+            break;
+#  endif
+        default:
+            ret = -1;
+            break;
+        }
+        ret = -1;
+# else
+        break;
+# endif
+    case BIO_CTRL_DGRAM_QUERY_MTU:
+# if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU)
+        addr_len = (socklen_t) sizeof(addr);
+        memset((void *)&addr, 0, sizeof(addr));
+        if (getsockname(b->num, &addr.sa, &addr_len) < 0) {
+            ret = 0;
+            break;
+        }
+        sockopt_len = sizeof(sockopt_val);
+        switch (addr.sa.sa_family) {
+        case AF_INET:
+            if ((ret =
+                 getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val,
+                            &sockopt_len)) < 0 || sockopt_val < 0) {
+                ret = 0;
+            } else {
+                /*
+                 * we assume that the transport protocol is UDP and no IP
+                 * options are used.
+                 */
+                data->mtu = sockopt_val - 8 - 20;
+                ret = data->mtu;
+            }
+            break;
+#  if OPENSSL_USE_IPV6 && defined(IPV6_MTU)
+        case AF_INET6:
+            if ((ret =
+                 getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU,
+                            (void *)&sockopt_val, &sockopt_len)) < 0
+                || sockopt_val < 0) {
+                ret = 0;
+            } else {
+                /*
+                 * we assume that the transport protocol is UDP and no IPV6
+                 * options are used.
+                 */
+                data->mtu = sockopt_val - 8 - 40;
+                ret = data->mtu;
+            }
+            break;
+#  endif
+        default:
+            ret = 0;
+            break;
+        }
+# else
+        ret = 0;
+# endif
+        break;
+    case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
+        ret = -dgram_get_mtu_overhead(data);
+        switch (data->peer.sa.sa_family) {
+        case AF_INET:
+            ret += 576;
+            break;
+# if OPENSSL_USE_IPV6
+        case AF_INET6:
+#  ifdef IN6_IS_ADDR_V4MAPPED
+            if (IN6_IS_ADDR_V4MAPPED(&data->peer.sa_in6.sin6_addr))
+                ret += 576;
+            else
+#  endif
+                ret += 1280;
+            break;
+# endif
+        default:
+            ret += 576;
+            break;
+        }
+        break;
+    case BIO_CTRL_DGRAM_GET_MTU:
+        return data->mtu;
+        break;
+    case BIO_CTRL_DGRAM_SET_MTU:
+        data->mtu = num;
+        ret = num;
+        break;
+    case BIO_CTRL_DGRAM_SET_CONNECTED:
+        to = (struct sockaddr *)ptr;
+
+        if (to != NULL) {
+            data->connected = 1;
+            switch (to->sa_family) {
+            case AF_INET:
+                memcpy(&data->peer, to, sizeof(data->peer.sa_in));
+                break;
+# if OPENSSL_USE_IPV6
+            case AF_INET6:
+                memcpy(&data->peer, to, sizeof(data->peer.sa_in6));
+                break;
+# endif
+            default:
+                memcpy(&data->peer, to, sizeof(data->peer.sa));
+                break;
+            }
+        } else {
+            data->connected = 0;
+            memset(&(data->peer), 0x00, sizeof(data->peer));
+        }
+        break;
+    case BIO_CTRL_DGRAM_GET_PEER:
+        switch (data->peer.sa.sa_family) {
+        case AF_INET:
+            ret = sizeof(data->peer.sa_in);
+            break;
+# if OPENSSL_USE_IPV6
+        case AF_INET6:
+            ret = sizeof(data->peer.sa_in6);
+            break;
+# endif
+        default:
+            ret = sizeof(data->peer.sa);
+            break;
+        }
+        if (num == 0 || num > ret)
+            num = ret;
+        memcpy(ptr, &data->peer, (ret = num));
+        break;
+    case BIO_CTRL_DGRAM_SET_PEER:
+        to = (struct sockaddr *)ptr;
+        switch (to->sa_family) {
+        case AF_INET:
+            memcpy(&data->peer, to, sizeof(data->peer.sa_in));
+            break;
+# if OPENSSL_USE_IPV6
+        case AF_INET6:
+            memcpy(&data->peer, to, sizeof(data->peer.sa_in6));
+            break;
+# endif
+        default:
+            memcpy(&data->peer, to, sizeof(data->peer.sa));
+            break;
+        }
+        break;
+    case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
+        memcpy(&(data->next_timeout), ptr, sizeof(struct timeval));
+        break;
+# if defined(SO_RCVTIMEO)
+    case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT:
+#  ifdef OPENSSL_SYS_WINDOWS
+        {
+            struct timeval *tv = (struct timeval *)ptr;
+            int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000;
+            if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                           (void *)&timeout, sizeof(timeout)) < 0) {
+                perror("setsockopt");
+                ret = -1;
+            }
+        }
+#  else
+        if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr,
+                       sizeof(struct timeval)) < 0) {
+            perror("setsockopt");
+            ret = -1;
+        }
+#  endif
+        break;
+    case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:
+        {
+            union {
+                size_t s;
+                int i;
+            } sz = {
+                0
+            };
+#  ifdef OPENSSL_SYS_WINDOWS
+            int timeout;
+            struct timeval *tv = (struct timeval *)ptr;
+
+            sz.i = sizeof(timeout);
+            if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                           (void *)&timeout, &sz.i) < 0) {
+                perror("getsockopt");
+                ret = -1;
+            } else {
+                tv->tv_sec = timeout / 1000;
+                tv->tv_usec = (timeout % 1000) * 1000;
+                ret = sizeof(*tv);
+            }
+#  else
+            sz.i = sizeof(struct timeval);
+            if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                           ptr, (void *)&sz) < 0) {
+                perror("getsockopt");
+                ret = -1;
+            } else if (sizeof(sz.s) != sizeof(sz.i) && sz.i == 0) {
+                OPENSSL_assert(sz.s <= sizeof(struct timeval));
+                ret = (int)sz.s;
+            } else
+                ret = sz.i;
+#  endif
+        }
+        break;
+# endif
+# if defined(SO_SNDTIMEO)
+    case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT:
+#  ifdef OPENSSL_SYS_WINDOWS
+        {
+            struct timeval *tv = (struct timeval *)ptr;
+            int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000;
+            if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
+                           (void *)&timeout, sizeof(timeout)) < 0) {
+                perror("setsockopt");
+                ret = -1;
+            }
+        }
+#  else
+        if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr,
+                       sizeof(struct timeval)) < 0) {
+            perror("setsockopt");
+            ret = -1;
+        }
+#  endif
+        break;
+    case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT:
+        {
+            union {
+                size_t s;
+                int i;
+            } sz = {
+                0
+            };
+#  ifdef OPENSSL_SYS_WINDOWS
+            int timeout;
+            struct timeval *tv = (struct timeval *)ptr;
+
+            sz.i = sizeof(timeout);
+            if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
+                           (void *)&timeout, &sz.i) < 0) {
+                perror("getsockopt");
+                ret = -1;
+            } else {
+                tv->tv_sec = timeout / 1000;
+                tv->tv_usec = (timeout % 1000) * 1000;
+                ret = sizeof(*tv);
+            }
+#  else
+            sz.i = sizeof(struct timeval);
+            if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
+                           ptr, (void *)&sz) < 0) {
+                perror("getsockopt");
+                ret = -1;
+            } else if (sizeof(sz.s) != sizeof(sz.i) && sz.i == 0) {
+                OPENSSL_assert(sz.s <= sizeof(struct timeval));
+                ret = (int)sz.s;
+            } else
+                ret = sz.i;
+#  endif
+        }
+        break;
+# endif
+    case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP:
+        /* fall-through */
+    case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP:
+# ifdef OPENSSL_SYS_WINDOWS
+        if (data->_errno == WSAETIMEDOUT)
+# else
+        if (data->_errno == EAGAIN)
+# endif
+        {
+            ret = 1;
+            data->_errno = 0;
+        } else
+            ret = 0;
+        break;
+# ifdef EMSGSIZE
+    case BIO_CTRL_DGRAM_MTU_EXCEEDED:
+        if (data->_errno == EMSGSIZE) {
+            ret = 1;
+            data->_errno = 0;
+        } else
+            ret = 0;
+        break;
+# endif
+    case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
+        ret = dgram_get_mtu_overhead(data);
+        break;
+    default:
+        ret = 0;
+        break;
+    }
+    return (ret);
+}
+
+static int dgram_puts(BIO *bp, const char *str)
+{
+    int n, ret;
+
+    n = strlen(str);
+    ret = dgram_write(bp, str, n);
+    return (ret);
+}
+
+# ifndef OPENSSL_NO_SCTP
+BIO_METHOD *BIO_s_datagram_sctp(void)
+{
+    return (&methods_dgramp_sctp);
+}
+
+BIO *BIO_new_dgram_sctp(int fd, int close_flag)
+{
+    BIO *bio;
+    int ret, optval = 20000;
+    int auth_data = 0, auth_forward = 0;
+    unsigned char *p;
+    struct sctp_authchunk auth;
+    struct sctp_authchunks *authchunks;
+    socklen_t sockopt_len;
+#  ifdef SCTP_AUTHENTICATION_EVENT
+#   ifdef SCTP_EVENT
+    struct sctp_event event;
+#   else
+    struct sctp_event_subscribe event;
+#   endif
+#  endif
+
+    bio = BIO_new(BIO_s_datagram_sctp());
+    if (bio == NULL)
+        return (NULL);
+    BIO_set_fd(bio, fd, close_flag);
+
+    /* Activate SCTP-AUTH for DATA and FORWARD-TSN chunks */
+    auth.sauth_chunk = OPENSSL_SCTP_DATA_CHUNK_TYPE;
+    ret =
+        setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth,
+                   sizeof(struct sctp_authchunk));
+    if (ret < 0) {
+        BIO_vfree(bio);
+        return (NULL);
+    }
+    auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE;
+    ret =
+        setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth,
+                   sizeof(struct sctp_authchunk));
+    if (ret < 0) {
+        BIO_vfree(bio);
+        return (NULL);
+    }
+
+    /*
+     * Test if activation was successful. When using accept(), SCTP-AUTH has
+     * to be activated for the listening socket already, otherwise the
+     * connected socket won't use it.
+     */
+    sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
+    authchunks = OPENSSL_malloc(sockopt_len);
+    if (!authchunks) {
+        BIO_vfree(bio);
+        return (NULL);
+    }
+    memset(authchunks, 0, sizeof(sockopt_len));
+    ret =
+        getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks,
+                   &sockopt_len);
+
+    if (ret < 0) {
+        OPENSSL_free(authchunks);
+        BIO_vfree(bio);
+        return (NULL);
+    }
+
+    for (p = (unsigned char *)authchunks->gauth_chunks;
+         p < (unsigned char *)authchunks + sockopt_len;
+         p += sizeof(uint8_t)) {
+        if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE)
+            auth_data = 1;
+        if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE)
+            auth_forward = 1;
+    }
+
+    OPENSSL_free(authchunks);
+
+    OPENSSL_assert(auth_data);
+    OPENSSL_assert(auth_forward);
+
+#  ifdef SCTP_AUTHENTICATION_EVENT
+#   ifdef SCTP_EVENT
+    memset(&event, 0, sizeof(struct sctp_event));
+    event.se_assoc_id = 0;
+    event.se_type = SCTP_AUTHENTICATION_EVENT;
+    event.se_on = 1;
+    ret =
+        setsockopt(fd, IPPROTO_SCTP, SCTP_EVENT, &event,
+                   sizeof(struct sctp_event));
+    if (ret < 0) {
+        BIO_vfree(bio);
+        return (NULL);
+    }
+#   else
+    sockopt_len = (socklen_t) sizeof(struct sctp_event_subscribe);
+    ret = getsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, &sockopt_len);
+    if (ret < 0) {
+        BIO_vfree(bio);
+        return (NULL);
+    }
+
+    event.sctp_authentication_event = 1;
+
+    ret =
+        setsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event,
+                   sizeof(struct sctp_event_subscribe));
+    if (ret < 0) {
+        BIO_vfree(bio);
+        return (NULL);
+    }
+#   endif
+#  endif
+
+    /*
+     * Disable partial delivery by setting the min size larger than the max
+     * record size of 2^14 + 2048 + 13
+     */
+    ret =
+        setsockopt(fd, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, &optval,
+                   sizeof(optval));
+    if (ret < 0) {
+        BIO_vfree(bio);
+        return (NULL);
+    }
+
+    return (bio);
+}
+
+int BIO_dgram_is_sctp(BIO *bio)
+{
+    return (BIO_method_type(bio) == BIO_TYPE_DGRAM_SCTP);
+}
+
+static int dgram_sctp_new(BIO *bi)
+{
+    bio_dgram_sctp_data *data = NULL;
+
+    bi->init = 0;
+    bi->num = 0;
+    data = OPENSSL_malloc(sizeof(bio_dgram_sctp_data));
+    if (data == NULL)
+        return 0;
+    memset(data, 0x00, sizeof(bio_dgram_sctp_data));
+#  ifdef SCTP_PR_SCTP_NONE
+    data->prinfo.pr_policy = SCTP_PR_SCTP_NONE;
+#  endif
+    bi->ptr = data;
+
+    bi->flags = 0;
+    return (1);
+}
+
+static int dgram_sctp_free(BIO *a)
+{
+    bio_dgram_sctp_data *data;
+
+    if (a == NULL)
+        return (0);
+    if (!dgram_clear(a))
+        return 0;
+
+    data = (bio_dgram_sctp_data *) a->ptr;
+    if (data != NULL) {
+        if (data->saved_message.data != NULL)
+            OPENSSL_free(data->saved_message.data);
+        OPENSSL_free(data);
+    }
+
+    return (1);
+}
+
+#  ifdef SCTP_AUTHENTICATION_EVENT
+void dgram_sctp_handle_auth_free_key_event(BIO *b,
+                                           union sctp_notification *snp)
+{
+    int ret;
+    struct sctp_authkey_event *authkeyevent = &snp->sn_auth_event;
+
+    if (authkeyevent->auth_indication == SCTP_AUTH_FREE_KEY) {
+        struct sctp_authkeyid authkeyid;
+
+        /* delete key */
+        authkeyid.scact_keynumber = authkeyevent->auth_keynumber;
+        ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY,
+                         &authkeyid, sizeof(struct sctp_authkeyid));
+    }
+}
+#  endif
+
+static int dgram_sctp_read(BIO *b, char *out, int outl)
+{
+    int ret = 0, n = 0, i, optval;
+    socklen_t optlen;
+    bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
+    union sctp_notification *snp;
+    struct msghdr msg;
+    struct iovec iov;
+    struct cmsghdr *cmsg;
+    char cmsgbuf[512];
+
+    if (out != NULL) {
+        clear_socket_error();
+
+        do {
+            memset(&data->rcvinfo, 0x00,
+                   sizeof(struct bio_dgram_sctp_rcvinfo));
+            iov.iov_base = out;
+            iov.iov_len = outl;
+            msg.msg_name = NULL;
+            msg.msg_namelen = 0;
+            msg.msg_iov = &iov;
+            msg.msg_iovlen = 1;
+            msg.msg_control = cmsgbuf;
+            msg.msg_controllen = 512;
+            msg.msg_flags = 0;
+            n = recvmsg(b->num, &msg, 0);
+
+            if (n <= 0) {
+                if (n < 0)
+                    ret = n;
+                break;
+            }
+
+            if (msg.msg_controllen > 0) {
+                for (cmsg = CMSG_FIRSTHDR(&msg); cmsg;
+                     cmsg = CMSG_NXTHDR(&msg, cmsg)) {
+                    if (cmsg->cmsg_level != IPPROTO_SCTP)
+                        continue;
+#  ifdef SCTP_RCVINFO
+                    if (cmsg->cmsg_type == SCTP_RCVINFO) {
+                        struct sctp_rcvinfo *rcvinfo;
+
+                        rcvinfo = (struct sctp_rcvinfo *)CMSG_DATA(cmsg);
+                        data->rcvinfo.rcv_sid = rcvinfo->rcv_sid;
+                        data->rcvinfo.rcv_ssn = rcvinfo->rcv_ssn;
+                        data->rcvinfo.rcv_flags = rcvinfo->rcv_flags;
+                        data->rcvinfo.rcv_ppid = rcvinfo->rcv_ppid;
+                        data->rcvinfo.rcv_tsn = rcvinfo->rcv_tsn;
+                        data->rcvinfo.rcv_cumtsn = rcvinfo->rcv_cumtsn;
+                        data->rcvinfo.rcv_context = rcvinfo->rcv_context;
+                    }
+#  endif
+#  ifdef SCTP_SNDRCV
+                    if (cmsg->cmsg_type == SCTP_SNDRCV) {
+                        struct sctp_sndrcvinfo *sndrcvinfo;
+
+                        sndrcvinfo =
+                            (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg);
+                        data->rcvinfo.rcv_sid = sndrcvinfo->sinfo_stream;
+                        data->rcvinfo.rcv_ssn = sndrcvinfo->sinfo_ssn;
+                        data->rcvinfo.rcv_flags = sndrcvinfo->sinfo_flags;
+                        data->rcvinfo.rcv_ppid = sndrcvinfo->sinfo_ppid;
+                        data->rcvinfo.rcv_tsn = sndrcvinfo->sinfo_tsn;
+                        data->rcvinfo.rcv_cumtsn = sndrcvinfo->sinfo_cumtsn;
+                        data->rcvinfo.rcv_context = sndrcvinfo->sinfo_context;
+                    }
+#  endif
+                }
+            }
+
+            if (msg.msg_flags & MSG_NOTIFICATION) {
+                snp = (union sctp_notification *)out;
+                if (snp->sn_header.sn_type == SCTP_SENDER_DRY_EVENT) {
+#  ifdef SCTP_EVENT
+                    struct sctp_event event;
+#  else
+                    struct sctp_event_subscribe event;
+                    socklen_t eventsize;
+#  endif
+                    /*
+                     * If a message has been delayed until the socket is dry,
+                     * it can be sent now.
+                     */
+                    if (data->saved_message.length > 0) {
+                        dgram_sctp_write(data->saved_message.bio,
+                                         data->saved_message.data,
+                                         data->saved_message.length);
+                        OPENSSL_free(data->saved_message.data);
+                        data->saved_message.data = NULL;
+                        data->saved_message.length = 0;
+                    }
+
+                    /* disable sender dry event */
+#  ifdef SCTP_EVENT
+                    memset(&event, 0, sizeof(struct sctp_event));
+                    event.se_assoc_id = 0;
+                    event.se_type = SCTP_SENDER_DRY_EVENT;
+                    event.se_on = 0;
+                    i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
+                                   sizeof(struct sctp_event));
+                    if (i < 0) {
+                        ret = i;
+                        break;
+                    }
+#  else
+                    eventsize = sizeof(struct sctp_event_subscribe);
+                    i = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
+                                   &eventsize);
+                    if (i < 0) {
+                        ret = i;
+                        break;
+                    }
+
+                    event.sctp_sender_dry_event = 0;
+
+                    i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
+                                   sizeof(struct sctp_event_subscribe));
+                    if (i < 0) {
+                        ret = i;
+                        break;
+                    }
+#  endif
+                }
+#  ifdef SCTP_AUTHENTICATION_EVENT
+                if (snp->sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
+                    dgram_sctp_handle_auth_free_key_event(b, snp);
+#  endif
+
+                if (data->handle_notifications != NULL)
+                    data->handle_notifications(b, data->notification_context,
+                                               (void *)out);
+
+                memset(out, 0, outl);
+            } else
+                ret += n;
+        }
+        while ((msg.msg_flags & MSG_NOTIFICATION) && (msg.msg_flags & MSG_EOR)
+               && (ret < outl));
+
+        if (ret > 0 && !(msg.msg_flags & MSG_EOR)) {
+            /* Partial message read, this should never happen! */
+
+            /*
+             * The buffer was too small, this means the peer sent a message
+             * that was larger than allowed.
+             */
+            if (ret == outl)
+                return -1;
+
+            /*
+             * Test if socket buffer can handle max record size (2^14 + 2048
+             * + 13)
+             */
+            optlen = (socklen_t) sizeof(int);
+            ret = getsockopt(b->num, SOL_SOCKET, SO_RCVBUF, &optval, &optlen);
+            if (ret >= 0)
+                OPENSSL_assert(optval >= 18445);
+
+            /*
+             * Test if SCTP doesn't partially deliver below max record size
+             * (2^14 + 2048 + 13)
+             */
+            optlen = (socklen_t) sizeof(int);
+            ret =
+                getsockopt(b->num, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT,
+                           &optval, &optlen);
+            if (ret >= 0)
+                OPENSSL_assert(optval >= 18445);
+
+            /*
+             * Partially delivered notification??? Probably a bug....
+             */
+            OPENSSL_assert(!(msg.msg_flags & MSG_NOTIFICATION));
+
+            /*
+             * Everything seems ok till now, so it's most likely a message
+             * dropped by PR-SCTP.
+             */
+            memset(out, 0, outl);
+            BIO_set_retry_read(b);
+            return -1;
+        }
+
+        BIO_clear_retry_flags(b);
+        if (ret < 0) {
+            if (BIO_dgram_should_retry(ret)) {
+                BIO_set_retry_read(b);
+                data->_errno = get_last_socket_error();
+            }
+        }
+
+        /* Test if peer uses SCTP-AUTH before continuing */
+        if (!data->peer_auth_tested) {
+            int ii, auth_data = 0, auth_forward = 0;
+            unsigned char *p;
+            struct sctp_authchunks *authchunks;
+
+            optlen =
+                (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
+            authchunks = OPENSSL_malloc(optlen);
+            if (!authchunks) {
+                BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_FAILURE);
+                return -1;
+            }
+            memset(authchunks, 0, sizeof(optlen));
+            ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS,
+                            authchunks, &optlen);
+
+            if (ii >= 0)
+                for (p = (unsigned char *)authchunks->gauth_chunks;
+                     p < (unsigned char *)authchunks + optlen;
+                     p += sizeof(uint8_t)) {
+                    if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE)
+                        auth_data = 1;
+                    if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE)
+                        auth_forward = 1;
+                }
+
+            OPENSSL_free(authchunks);
+
+            if (!auth_data || !auth_forward) {
+                BIOerr(BIO_F_DGRAM_SCTP_READ, BIO_R_CONNECT_ERROR);
+                return -1;
+            }
+
+            data->peer_auth_tested = 1;
+        }
+    }
+    return (ret);
+}
+
+static int dgram_sctp_write(BIO *b, const char *in, int inl)
+{
+    int ret;
+    bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
+    struct bio_dgram_sctp_sndinfo *sinfo = &(data->sndinfo);
+    struct bio_dgram_sctp_prinfo *pinfo = &(data->prinfo);
+    struct bio_dgram_sctp_sndinfo handshake_sinfo;
+    struct iovec iov[1];
+    struct msghdr msg;
+    struct cmsghdr *cmsg;
+#  if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO)
+    char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo)) +
+                 CMSG_SPACE(sizeof(struct sctp_prinfo))];
+    struct sctp_sndinfo *sndinfo;
+    struct sctp_prinfo *prinfo;
+#  else
+    char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndrcvinfo))];
+    struct sctp_sndrcvinfo *sndrcvinfo;
+#  endif
+
+    clear_socket_error();
+
+    /*
+     * If we're send anything else than application data, disable all user
+     * parameters and flags.
+     */
+    if (in[0] != 23) {
+        memset(&handshake_sinfo, 0x00, sizeof(struct bio_dgram_sctp_sndinfo));
+#  ifdef SCTP_SACK_IMMEDIATELY
+        handshake_sinfo.snd_flags = SCTP_SACK_IMMEDIATELY;
+#  endif
+        sinfo = &handshake_sinfo;
+    }
+
+    /*
+     * If we have to send a shutdown alert message and the socket is not dry
+     * yet, we have to save it and send it as soon as the socket gets dry.
+     */
+    if (data->save_shutdown && !BIO_dgram_sctp_wait_for_dry(b)) {
+        char *tmp;
+        data->saved_message.bio = b;
+        if (!(tmp = OPENSSL_malloc(inl))) {
+            BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+        if (data->saved_message.data)
+            OPENSSL_free(data->saved_message.data);
+        data->saved_message.data = tmp;
+        memcpy(data->saved_message.data, in, inl);
+        data->saved_message.length = inl;
+        return inl;
+    }
+
+    iov[0].iov_base = (char *)in;
+    iov[0].iov_len = inl;
+    msg.msg_name = NULL;
+    msg.msg_namelen = 0;
+    msg.msg_iov = iov;
+    msg.msg_iovlen = 1;
+    msg.msg_control = (caddr_t) cmsgbuf;
+    msg.msg_controllen = 0;
+    msg.msg_flags = 0;
+#  if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO)
+    cmsg = (struct cmsghdr *)cmsgbuf;
+    cmsg->cmsg_level = IPPROTO_SCTP;
+    cmsg->cmsg_type = SCTP_SNDINFO;
+    cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndinfo));
+    sndinfo = (struct sctp_sndinfo *)CMSG_DATA(cmsg);
+    memset(sndinfo, 0, sizeof(struct sctp_sndinfo));
+    sndinfo->snd_sid = sinfo->snd_sid;
+    sndinfo->snd_flags = sinfo->snd_flags;
+    sndinfo->snd_ppid = sinfo->snd_ppid;
+    sndinfo->snd_context = sinfo->snd_context;
+    msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndinfo));
+
+    cmsg =
+        (struct cmsghdr *)&cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo))];
+    cmsg->cmsg_level = IPPROTO_SCTP;
+    cmsg->cmsg_type = SCTP_PRINFO;
+    cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_prinfo));
+    prinfo = (struct sctp_prinfo *)CMSG_DATA(cmsg);
+    memset(prinfo, 0, sizeof(struct sctp_prinfo));
+    prinfo->pr_policy = pinfo->pr_policy;
+    prinfo->pr_value = pinfo->pr_value;
+    msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_prinfo));
+#  else
+    cmsg = (struct cmsghdr *)cmsgbuf;
+    cmsg->cmsg_level = IPPROTO_SCTP;
+    cmsg->cmsg_type = SCTP_SNDRCV;
+    cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndrcvinfo));
+    sndrcvinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg);
+    memset(sndrcvinfo, 0, sizeof(struct sctp_sndrcvinfo));
+    sndrcvinfo->sinfo_stream = sinfo->snd_sid;
+    sndrcvinfo->sinfo_flags = sinfo->snd_flags;
+#   ifdef __FreeBSD__
+    sndrcvinfo->sinfo_flags |= pinfo->pr_policy;
+#   endif
+    sndrcvinfo->sinfo_ppid = sinfo->snd_ppid;
+    sndrcvinfo->sinfo_context = sinfo->snd_context;
+    sndrcvinfo->sinfo_timetolive = pinfo->pr_value;
+    msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndrcvinfo));
+#  endif
+
+    ret = sendmsg(b->num, &msg, 0);
+
+    BIO_clear_retry_flags(b);
+    if (ret <= 0) {
+        if (BIO_dgram_should_retry(ret)) {
+            BIO_set_retry_write(b);
+            data->_errno = get_last_socket_error();
+        }
+    }
+    return (ret);
+}
+
+static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    long ret = 1;
+    bio_dgram_sctp_data *data = NULL;
+    socklen_t sockopt_len = 0;
+    struct sctp_authkeyid authkeyid;
+    struct sctp_authkey *authkey = NULL;
+
+    data = (bio_dgram_sctp_data *) b->ptr;
+
+    switch (cmd) {
+    case BIO_CTRL_DGRAM_QUERY_MTU:
+        /*
+         * Set to maximum (2^14) and ignore user input to enable transport
+         * protocol fragmentation. Returns always 2^14.
+         */
+        data->mtu = 16384;
+        ret = data->mtu;
+        break;
+    case BIO_CTRL_DGRAM_SET_MTU:
+        /*
+         * Set to maximum (2^14) and ignore input to enable transport
+         * protocol fragmentation. Returns always 2^14.
+         */
+        data->mtu = 16384;
+        ret = data->mtu;
+        break;
+    case BIO_CTRL_DGRAM_SET_CONNECTED:
+    case BIO_CTRL_DGRAM_CONNECT:
+        /* Returns always -1. */
+        ret = -1;
+        break;
+    case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
+        /*
+         * SCTP doesn't need the DTLS timer Returns always 1.
+         */
+        break;
+    case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
+        /*
+         * We allow transport protocol fragmentation so this is irrelevant
+         */
+        ret = 0;
+        break;
+    case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
+        if (num > 0)
+            data->in_handshake = 1;
+        else
+            data->in_handshake = 0;
+
+        ret =
+            setsockopt(b->num, IPPROTO_SCTP, SCTP_NODELAY,
+                       &data->in_handshake, sizeof(int));
+        break;
+    case BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY:
+        /*
+         * New shared key for SCTP AUTH. Returns 0 on success, -1 otherwise.
+         */
+
+        /* Get active key */
+        sockopt_len = sizeof(struct sctp_authkeyid);
+        ret =
+            getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid,
+                       &sockopt_len);
+        if (ret < 0)
+            break;
+
+        /* Add new key */
+        sockopt_len = sizeof(struct sctp_authkey) + 64 * sizeof(uint8_t);
+        authkey = OPENSSL_malloc(sockopt_len);
+        if (authkey == NULL) {
+            ret = -1;
+            break;
+        }
+        memset(authkey, 0x00, sockopt_len);
+        authkey->sca_keynumber = authkeyid.scact_keynumber + 1;
+#  ifndef __FreeBSD__
+        /*
+         * This field is missing in FreeBSD 8.2 and earlier, and FreeBSD 8.3
+         * and higher work without it.
+         */
+        authkey->sca_keylength = 64;
+#  endif
+        memcpy(&authkey->sca_key[0], ptr, 64 * sizeof(uint8_t));
+
+        ret =
+            setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_KEY, authkey,
+                       sockopt_len);
+        OPENSSL_free(authkey);
+        authkey = NULL;
+        if (ret < 0)
+            break;
+
+        /* Reset active key */
+        ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
+                         &authkeyid, sizeof(struct sctp_authkeyid));
+        if (ret < 0)
+            break;
+
+        break;
+    case BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY:
+        /* Returns 0 on success, -1 otherwise. */
+
+        /* Get active key */
+        sockopt_len = sizeof(struct sctp_authkeyid);
+        ret =
+            getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid,
+                       &sockopt_len);
+        if (ret < 0)
+            break;
+
+        /* Set active key */
+        authkeyid.scact_keynumber = authkeyid.scact_keynumber + 1;
+        ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
+                         &authkeyid, sizeof(struct sctp_authkeyid));
+        if (ret < 0)
+            break;
+
+        /*
+         * CCS has been sent, so remember that and fall through to check if
+         * we need to deactivate an old key
+         */
+        data->ccs_sent = 1;
+
+    case BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD:
+        /* Returns 0 on success, -1 otherwise. */
+
+        /*
+         * Has this command really been called or is this just a
+         * fall-through?
+         */
+        if (cmd == BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD)
+            data->ccs_rcvd = 1;
+
+        /*
+         * CSS has been both, received and sent, so deactivate an old key
+         */
+        if (data->ccs_rcvd == 1 && data->ccs_sent == 1) {
+            /* Get active key */
+            sockopt_len = sizeof(struct sctp_authkeyid);
+            ret =
+                getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
+                           &authkeyid, &sockopt_len);
+            if (ret < 0)
+                break;
+
+            /*
+             * Deactivate key or delete second last key if
+             * SCTP_AUTHENTICATION_EVENT is not available.
+             */
+            authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1;
+#  ifdef SCTP_AUTH_DEACTIVATE_KEY
+            sockopt_len = sizeof(struct sctp_authkeyid);
+            ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DEACTIVATE_KEY,
+                             &authkeyid, sockopt_len);
+            if (ret < 0)
+                break;
+#  endif
+#  ifndef SCTP_AUTHENTICATION_EVENT
+            if (authkeyid.scact_keynumber > 0) {
+                authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1;
+                ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY,
+                                 &authkeyid, sizeof(struct sctp_authkeyid));
+                if (ret < 0)
+                    break;
+            }
+#  endif
+
+            data->ccs_rcvd = 0;
+            data->ccs_sent = 0;
+        }
+        break;
+    case BIO_CTRL_DGRAM_SCTP_GET_SNDINFO:
+        /* Returns the size of the copied struct. */
+        if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo))
+            num = sizeof(struct bio_dgram_sctp_sndinfo);
+
+        memcpy(ptr, &(data->sndinfo), num);
+        ret = num;
+        break;
+    case BIO_CTRL_DGRAM_SCTP_SET_SNDINFO:
+        /* Returns the size of the copied struct. */
+        if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo))
+            num = sizeof(struct bio_dgram_sctp_sndinfo);
+
+        memcpy(&(data->sndinfo), ptr, num);
+        break;
+    case BIO_CTRL_DGRAM_SCTP_GET_RCVINFO:
+        /* Returns the size of the copied struct. */
+        if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo))
+            num = sizeof(struct bio_dgram_sctp_rcvinfo);
+
+        memcpy(ptr, &data->rcvinfo, num);
+
+        ret = num;
+        break;
+    case BIO_CTRL_DGRAM_SCTP_SET_RCVINFO:
+        /* Returns the size of the copied struct. */
+        if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo))
+            num = sizeof(struct bio_dgram_sctp_rcvinfo);
+
+        memcpy(&(data->rcvinfo), ptr, num);
+        break;
+    case BIO_CTRL_DGRAM_SCTP_GET_PRINFO:
+        /* Returns the size of the copied struct. */
+        if (num > (long)sizeof(struct bio_dgram_sctp_prinfo))
+            num = sizeof(struct bio_dgram_sctp_prinfo);
+
+        memcpy(ptr, &(data->prinfo), num);
+        ret = num;
+        break;
+    case BIO_CTRL_DGRAM_SCTP_SET_PRINFO:
+        /* Returns the size of the copied struct. */
+        if (num > (long)sizeof(struct bio_dgram_sctp_prinfo))
+            num = sizeof(struct bio_dgram_sctp_prinfo);
+
+        memcpy(&(data->prinfo), ptr, num);
+        break;
+    case BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN:
+        /* Returns always 1. */
+        if (num > 0)
+            data->save_shutdown = 1;
+        else
+            data->save_shutdown = 0;
+        break;
+
+    default:
+        /*
+         * Pass to default ctrl function to process SCTP unspecific commands
+         */
+        ret = dgram_ctrl(b, cmd, num, ptr);
+        break;
+    }
+    return (ret);
+}
+
+int BIO_dgram_sctp_notification_cb(BIO *b,
+                                   void (*handle_notifications) (BIO *bio,
+                                                                 void
+                                                                 *context,
+                                                                 void *buf),
+                                   void *context)
+{
+    bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
+
+    if (handle_notifications != NULL) {
+        data->handle_notifications = handle_notifications;
+        data->notification_context = context;
+    } else
+        return -1;
+
+    return 0;
+}
+
+int BIO_dgram_sctp_wait_for_dry(BIO *b)
+{
+    int is_dry = 0;
+    int n, sockflags, ret;
+    union sctp_notification snp;
+    struct msghdr msg;
+    struct iovec iov;
+#  ifdef SCTP_EVENT
+    struct sctp_event event;
+#  else
+    struct sctp_event_subscribe event;
+    socklen_t eventsize;
+#  endif
+    bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
+
+    /* set sender dry event */
+#  ifdef SCTP_EVENT
+    memset(&event, 0, sizeof(struct sctp_event));
+    event.se_assoc_id = 0;
+    event.se_type = SCTP_SENDER_DRY_EVENT;
+    event.se_on = 1;
+    ret =
+        setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
+                   sizeof(struct sctp_event));
+#  else
+    eventsize = sizeof(struct sctp_event_subscribe);
+    ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, &eventsize);
+    if (ret < 0)
+        return -1;
+
+    event.sctp_sender_dry_event = 1;
+
+    ret =
+        setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
+                   sizeof(struct sctp_event_subscribe));
+#  endif
+    if (ret < 0)
+        return -1;
+
+    /* peek for notification */
+    memset(&snp, 0x00, sizeof(union sctp_notification));
+    iov.iov_base = (char *)&snp;
+    iov.iov_len = sizeof(union sctp_notification);
+    msg.msg_name = NULL;
+    msg.msg_namelen = 0;
+    msg.msg_iov = &iov;
+    msg.msg_iovlen = 1;
+    msg.msg_control = NULL;
+    msg.msg_controllen = 0;
+    msg.msg_flags = 0;
+
+    n = recvmsg(b->num, &msg, MSG_PEEK);
+    if (n <= 0) {
+        if ((n < 0) && (get_last_socket_error() != EAGAIN)
+            && (get_last_socket_error() != EWOULDBLOCK))
+            return -1;
+        else
+            return 0;
+    }
+
+    /* if we find a notification, process it and try again if necessary */
+    while (msg.msg_flags & MSG_NOTIFICATION) {
+        memset(&snp, 0x00, sizeof(union sctp_notification));
+        iov.iov_base = (char *)&snp;
+        iov.iov_len = sizeof(union sctp_notification);
+        msg.msg_name = NULL;
+        msg.msg_namelen = 0;
+        msg.msg_iov = &iov;
+        msg.msg_iovlen = 1;
+        msg.msg_control = NULL;
+        msg.msg_controllen = 0;
+        msg.msg_flags = 0;
+
+        n = recvmsg(b->num, &msg, 0);
+        if (n <= 0) {
+            if ((n < 0) && (get_last_socket_error() != EAGAIN)
+                && (get_last_socket_error() != EWOULDBLOCK))
+                return -1;
+            else
+                return is_dry;
+        }
+
+        if (snp.sn_header.sn_type == SCTP_SENDER_DRY_EVENT) {
+            is_dry = 1;
+
+            /* disable sender dry event */
+#  ifdef SCTP_EVENT
+            memset(&event, 0, sizeof(struct sctp_event));
+            event.se_assoc_id = 0;
+            event.se_type = SCTP_SENDER_DRY_EVENT;
+            event.se_on = 0;
+            ret =
+                setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
+                           sizeof(struct sctp_event));
+#  else
+            eventsize = (socklen_t) sizeof(struct sctp_event_subscribe);
+            ret =
+                getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
+                           &eventsize);
+            if (ret < 0)
+                return -1;
+
+            event.sctp_sender_dry_event = 0;
+
+            ret =
+                setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
+                           sizeof(struct sctp_event_subscribe));
+#  endif
+            if (ret < 0)
+                return -1;
+        }
+#  ifdef SCTP_AUTHENTICATION_EVENT
+        if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
+            dgram_sctp_handle_auth_free_key_event(b, &snp);
+#  endif
+
+        if (data->handle_notifications != NULL)
+            data->handle_notifications(b, data->notification_context,
+                                       (void *)&snp);
+
+        /* found notification, peek again */
+        memset(&snp, 0x00, sizeof(union sctp_notification));
+        iov.iov_base = (char *)&snp;
+        iov.iov_len = sizeof(union sctp_notification);
+        msg.msg_name = NULL;
+        msg.msg_namelen = 0;
+        msg.msg_iov = &iov;
+        msg.msg_iovlen = 1;
+        msg.msg_control = NULL;
+        msg.msg_controllen = 0;
+        msg.msg_flags = 0;
+
+        /* if we have seen the dry already, don't wait */
+        if (is_dry) {
+            sockflags = fcntl(b->num, F_GETFL, 0);
+            fcntl(b->num, F_SETFL, O_NONBLOCK);
+        }
+
+        n = recvmsg(b->num, &msg, MSG_PEEK);
+
+        if (is_dry) {
+            fcntl(b->num, F_SETFL, sockflags);
+        }
+
+        if (n <= 0) {
+            if ((n < 0) && (get_last_socket_error() != EAGAIN)
+                && (get_last_socket_error() != EWOULDBLOCK))
+                return -1;
+            else
+                return is_dry;
+        }
+    }
+
+    /* read anything else */
+    return is_dry;
+}
+
+int BIO_dgram_sctp_msg_waiting(BIO *b)
+{
+    int n, sockflags;
+    union sctp_notification snp;
+    struct msghdr msg;
+    struct iovec iov;
+    bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
+
+    /* Check if there are any messages waiting to be read */
+    do {
+        memset(&snp, 0x00, sizeof(union sctp_notification));
+        iov.iov_base = (char *)&snp;
+        iov.iov_len = sizeof(union sctp_notification);
+        msg.msg_name = NULL;
+        msg.msg_namelen = 0;
+        msg.msg_iov = &iov;
+        msg.msg_iovlen = 1;
+        msg.msg_control = NULL;
+        msg.msg_controllen = 0;
+        msg.msg_flags = 0;
+
+        sockflags = fcntl(b->num, F_GETFL, 0);
+        fcntl(b->num, F_SETFL, O_NONBLOCK);
+        n = recvmsg(b->num, &msg, MSG_PEEK);
+        fcntl(b->num, F_SETFL, sockflags);
+
+        /* if notification, process and try again */
+        if (n > 0 && (msg.msg_flags & MSG_NOTIFICATION)) {
+#  ifdef SCTP_AUTHENTICATION_EVENT
+            if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
+                dgram_sctp_handle_auth_free_key_event(b, &snp);
+#  endif
+
+            memset(&snp, 0x00, sizeof(union sctp_notification));
+            iov.iov_base = (char *)&snp;
+            iov.iov_len = sizeof(union sctp_notification);
+            msg.msg_name = NULL;
+            msg.msg_namelen = 0;
+            msg.msg_iov = &iov;
+            msg.msg_iovlen = 1;
+            msg.msg_control = NULL;
+            msg.msg_controllen = 0;
+            msg.msg_flags = 0;
+            n = recvmsg(b->num, &msg, 0);
+
+            if (data->handle_notifications != NULL)
+                data->handle_notifications(b, data->notification_context,
+                                           (void *)&snp);
+        }
+
+    } while (n > 0 && (msg.msg_flags & MSG_NOTIFICATION));
+
+    /* Return 1 if there is a message to be read, return 0 otherwise. */
+    if (n > 0)
+        return 1;
+    else
+        return 0;
+}
+
+static int dgram_sctp_puts(BIO *bp, const char *str)
+{
+    int n, ret;
+
+    n = strlen(str);
+    ret = dgram_sctp_write(bp, str, n);
+    return (ret);
+}
+# endif
+
+static int BIO_dgram_should_retry(int i)
+{
+    int err;
+
+    if ((i == 0) || (i == -1)) {
+        err = get_last_socket_error();
+
+# if defined(OPENSSL_SYS_WINDOWS)
+        /*
+         * If the socket return value (i) is -1 and err is unexpectedly 0 at
+         * this point, the error code was overwritten by another system call
+         * before this error handling is called.
+         */
+# endif
+
+        return (BIO_dgram_non_fatal_error(err));
+    }
+    return (0);
+}
+
+int BIO_dgram_non_fatal_error(int err)
+{
+    switch (err) {
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if defined(WSAEWOULDBLOCK)
+    case WSAEWOULDBLOCK:
+#  endif
+
+#  if 0                         /* This appears to always be an error */
+#   if defined(WSAENOTCONN)
+    case WSAENOTCONN:
+#   endif
+#  endif
+# endif
+
+# ifdef EWOULDBLOCK
+#  ifdef WSAEWOULDBLOCK
+#   if WSAEWOULDBLOCK != EWOULDBLOCK
+    case EWOULDBLOCK:
+#   endif
+#  else
+    case EWOULDBLOCK:
+#  endif
+# endif
+
+# ifdef EINTR
+    case EINTR:
+# endif
+
+# ifdef EAGAIN
+#  if EWOULDBLOCK != EAGAIN
+    case EAGAIN:
+#  endif
+# endif
+
+# ifdef EPROTO
+    case EPROTO:
+# endif
+
+# ifdef EINPROGRESS
+    case EINPROGRESS:
+# endif
+
+# ifdef EALREADY
+    case EALREADY:
+# endif
+
+        return (1);
+        /* break; */
+    default:
+        break;
+    }
+    return (0);
+}
+
+static void get_current_time(struct timeval *t)
+{
+# ifdef OPENSSL_SYS_WIN32
+    struct _timeb tb;
+    _ftime(&tb);
+    t->tv_sec = (long)tb.time;
+    t->tv_usec = (long)tb.millitm * 1000;
+# elif defined(OPENSSL_SYS_VMS)
+    struct timeb tb;
+    ftime(&tb);
+    t->tv_sec = (long)tb.time;
+    t->tv_usec = (long)tb.millitm * 1000;
+# else
+    gettimeofday(t, NULL);
+# endif
+}
+
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/bn/Makefile
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/Makefile	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/bn/Makefile	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,379 +0,0 @@
-#
-# OpenSSL/crypto/bn/Makefile
-#
-
-DIR=	bn
-TOP=	../..
-CC=	cc
-CPP=    $(CC) -E
-INCLUDES= -I.. -I$(TOP) -I../../include
-CFLAG=-g
-MAKEFILE=	Makefile
-AR=		ar r
-
-BN_ASM=		bn_asm.o
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-ASFLAGS= $(INCLUDES) $(ASFLAG)
-AFLAGS= $(ASFLAGS)
-
-GENERAL=Makefile
-TEST=bntest.c exptest.c
-APPS=
-
-LIB=$(TOP)/libcrypto.a
-LIBSRC=	bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \
-	bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
-	bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \
-	bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
-	bn_depr.c bn_const.c bn_x931p.c
-
-LIBOBJ=	bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \
-	bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \
-	bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \
-	bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_gf2m.o bn_nist.o \
-	bn_depr.o bn_const.o bn_x931p.o
-
-SRC= $(LIBSRC)
-
-EXHEADER= bn.h
-HEADER=	bn_lcl.h bn_prime.h $(EXHEADER)
-
-ALL=    $(GENERAL) $(SRC) $(HEADER)
-
-top:
-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
-
-all:	lib
-
-bn_prime.h: bn_prime.pl
-	$(PERL) bn_prime.pl >bn_prime.h
-
-divtest: divtest.c ../../libcrypto.a
-	cc -I../../include divtest.c -o divtest ../../libcrypto.a
-
-bnbug: bnbug.c ../../libcrypto.a top
-	cc -g -I../../include bnbug.c -o bnbug ../../libcrypto.a
-
-lib:	$(LIBOBJ)
-	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB) || echo Never mind.
-	@touch lib
-
-bn-586.s:	asm/bn-586.pl ../perlasm/x86asm.pl
-	$(PERL) asm/bn-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
-co-586.s:	asm/co-586.pl ../perlasm/x86asm.pl
-	$(PERL) asm/co-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
-x86-mont.s:	asm/x86-mont.pl ../perlasm/x86asm.pl
-	$(PERL) asm/x86-mont.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
-x86-gf2m.s:	asm/x86-gf2m.pl ../perlasm/x86asm.pl
-	$(PERL) asm/x86-gf2m.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
-
-sparcv8.o:	asm/sparcv8.S
-	$(CC) $(CFLAGS) -c asm/sparcv8.S
-bn-sparcv9.o:	asm/sparcv8plus.S
-	$(CC) $(CFLAGS) -c -o $@ asm/sparcv8plus.S
-sparcv9a-mont.s:	asm/sparcv9a-mont.pl
-	$(PERL) asm/sparcv9a-mont.pl $(CFLAGS) > $@
-sparcv9-mont.s:		asm/sparcv9-mont.pl
-	$(PERL) asm/sparcv9-mont.pl $(CFLAGS) > $@
-
-bn-mips3.o:	asm/mips3.s
-	@if [ "$(CC)" = "gcc" ]; then \
-		ABI=`expr "$(CFLAGS)" : ".*-mabi=\([n3264]*\)"` && \
-		as -$$ABI -O -o $@ asm/mips3.s; \
-	else	$(CC) -c $(CFLAGS) -o $@ asm/mips3.s; fi
-
-bn-mips.s:	asm/mips.pl
-	$(PERL) asm/mips.pl $(PERLASM_SCHEME) $@
-mips-mont.s:	asm/mips-mont.pl
-	$(PERL)	asm/mips-mont.pl $(PERLASM_SCHEME) $@
-
-bn-s390x.o:	asm/s390x.S
-	$(CC) $(CFLAGS) -c -o $@ asm/s390x.S
-s390x-gf2m.s:	asm/s390x-gf2m.pl
-	$(PERL) asm/s390x-gf2m.pl $(PERLASM_SCHEME) $@
-
-x86_64-gcc.o:	asm/x86_64-gcc.c
-	$(CC) $(CFLAGS) -c -o $@ asm/x86_64-gcc.c
-x86_64-mont.s:	asm/x86_64-mont.pl
-	$(PERL) asm/x86_64-mont.pl $(PERLASM_SCHEME) > $@
-x86_64-mont5.s:	asm/x86_64-mont5.pl
-	$(PERL) asm/x86_64-mont5.pl $(PERLASM_SCHEME) > $@
-x86_64-gf2m.s:	asm/x86_64-gf2m.pl
-	$(PERL) asm/x86_64-gf2m.pl $(PERLASM_SCHEME) > $@
-modexp512-x86_64.s:	asm/modexp512-x86_64.pl
-	$(PERL) asm/modexp512-x86_64.pl $(PERLASM_SCHEME) > $@
-
-bn-ia64.s:	asm/ia64.S
-	$(CC) $(CFLAGS) -E asm/ia64.S > $@
-ia64-mont.s:	asm/ia64-mont.pl
-	$(PERL) asm/ia64-mont.pl $@ $(CFLAGS)
-
-# GNU assembler fails to compile PA-RISC2 modules, insist on calling
-# vendor assembler...
-pa-risc2W.o: asm/pa-risc2W.s
-	/usr/ccs/bin/as -o pa-risc2W.o asm/pa-risc2W.s
-pa-risc2.o: asm/pa-risc2.s
-	/usr/ccs/bin/as -o pa-risc2.o asm/pa-risc2.s
-parisc-mont.s:	asm/parisc-mont.pl
-	$(PERL) asm/parisc-mont.pl $(PERLASM_SCHEME) $@
-
-# ppc - AIX, Linux, MacOS X...
-bn-ppc.s:	asm/ppc.pl;	$(PERL) asm/ppc.pl $(PERLASM_SCHEME) $@
-ppc-mont.s:	asm/ppc-mont.pl;$(PERL) asm/ppc-mont.pl $(PERLASM_SCHEME) $@
-ppc64-mont.s:	asm/ppc64-mont.pl;$(PERL) asm/ppc64-mont.pl $(PERLASM_SCHEME) $@
-
-alpha-mont.s:	asm/alpha-mont.pl
-	(preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \
-	$(PERL) asm/alpha-mont.pl > $$preproc && \
-	$(CC) -E $$preproc > $@ && rm $$preproc)
-
-# GNU make "catch all"
-%-mont.s:	asm/%-mont.pl;	$(PERL) $< $(PERLASM_SCHEME) $@
-%-gf2m.S:	asm/%-gf2m.pl;	$(PERL) $< $(PERLASM_SCHEME) $@
-
-armv4-gf2m.o:	armv4-gf2m.S
-
-files:
-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-
-links:
-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
-
-install:
-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
-	do  \
-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-	done;
-
-exptest:
-	rm -f exptest
-	gcc -I../../include -g2 -ggdb -o exptest exptest.c ../../libcrypto.a
-
-div:
-	rm -f a.out
-	gcc -I.. -g div.c ../../libcrypto.a
-
-tags:
-	ctags $(SRC)
-
-tests:
-
-lint:
-	lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-update: bn_prime.h depend
-
-depend:
-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
-
-dclean:
-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
-	mv -f Makefile.new $(MAKEFILE)
-
-clean:
-	rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-bn_add.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
-bn_add.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_add.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bn_add.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-bn_add.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bn_add.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_add.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_add.c bn_lcl.h
-bn_asm.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
-bn_asm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_asm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bn_asm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-bn_asm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bn_asm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_asm.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_asm.c bn_lcl.h
-bn_blind.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
-bn_blind.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_blind.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bn_blind.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bn_blind.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_blind.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_blind.c bn_lcl.h
-bn_const.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-bn_const.o: ../../include/openssl/opensslconf.h
-bn_const.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bn_const.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_const.o: ../../include/openssl/symhacks.h bn.h bn_const.c
-bn_ctx.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
-bn_ctx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_ctx.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bn_ctx.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-bn_ctx.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bn_ctx.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_ctx.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_ctx.c bn_lcl.h
-bn_depr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
-bn_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_depr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bn_depr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-bn_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bn_depr.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-bn_depr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bn_depr.o: ../cryptlib.h bn_depr.c bn_lcl.h
-bn_div.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
-bn_div.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_div.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bn_div.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-bn_div.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bn_div.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_div.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_div.c bn_lcl.h
-bn_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-bn_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-bn_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-bn_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bn_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-bn_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bn_err.o: bn_err.c
-bn_exp.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
-bn_exp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_exp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bn_exp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bn_exp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_exp.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_exp.c bn_lcl.h
-bn_exp2.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
-bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_exp2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bn_exp2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-bn_exp2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bn_exp2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_exp2.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_exp2.c bn_lcl.h
-bn_gcd.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
-bn_gcd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_gcd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bn_gcd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-bn_gcd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bn_gcd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_gcd.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_gcd.c bn_lcl.h
-bn_gf2m.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
-bn_gf2m.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_gf2m.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bn_gf2m.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-bn_gf2m.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bn_gf2m.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_gf2m.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_gf2m.c bn_lcl.h
-bn_kron.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
-bn_kron.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_kron.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bn_kron.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-bn_kron.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bn_kron.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_kron.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_kron.c bn_lcl.h
-bn_lib.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
-bn_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bn_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-bn_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bn_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_lib.c
-bn_mod.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
-bn_mod.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_mod.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bn_mod.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-bn_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bn_mod.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_mod.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mod.c
-bn_mont.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
-bn_mont.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_mont.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bn_mont.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-bn_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bn_mont.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_mont.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mont.c
-bn_mpi.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
-bn_mpi.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_mpi.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bn_mpi.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-bn_mpi.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bn_mpi.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_mpi.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mpi.c
-bn_mul.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
-bn_mul.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_mul.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bn_mul.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-bn_mul.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bn_mul.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_mul.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mul.c
-bn_nist.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
-bn_nist.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_nist.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bn_nist.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-bn_nist.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bn_nist.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_nist.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_nist.c
-bn_prime.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
-bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_prime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bn_prime.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-bn_prime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bn_prime.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-bn_prime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bn_prime.o: ../cryptlib.h bn_lcl.h bn_prime.c bn_prime.h
-bn_print.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
-bn_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bn_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-bn_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bn_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_print.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_print.c
-bn_rand.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
-bn_rand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bn_rand.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-bn_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bn_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-bn_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bn_rand.o: ../cryptlib.h bn_lcl.h bn_rand.c
-bn_recp.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
-bn_recp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_recp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bn_recp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-bn_recp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bn_recp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_recp.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_recp.c
-bn_shift.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
-bn_shift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_shift.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bn_shift.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-bn_shift.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bn_shift.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_shift.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_shift.c
-bn_sqr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
-bn_sqr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_sqr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bn_sqr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-bn_sqr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bn_sqr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_sqr.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_sqr.c
-bn_sqrt.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
-bn_sqrt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_sqrt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bn_sqrt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-bn_sqrt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bn_sqrt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_sqrt.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_sqrt.c
-bn_word.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
-bn_word.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bn_word.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bn_word.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bn_word.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_word.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_word.c
-bn_x931p.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-bn_x931p.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-bn_x931p.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bn_x931p.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_x931p.o: ../../include/openssl/symhacks.h bn_x931p.c

Copied: vendor-crypto/openssl/1.0.1u/crypto/bn/Makefile (from rev 11605, vendor-crypto/openssl/dist/crypto/bn/Makefile)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/bn/Makefile	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/bn/Makefile	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,380 @@
+#
+# OpenSSL/crypto/bn/Makefile
+#
+
+DIR=	bn
+TOP=	../..
+CC=	cc
+CPP=    $(CC) -E
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=	Makefile
+AR=		ar r
+
+BN_ASM=		bn_asm.o
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+
+GENERAL=Makefile
+TEST=bntest.c exptest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=	bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \
+	bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
+	bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \
+	bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
+	bn_depr.c bn_const.c bn_x931p.c
+
+LIBOBJ=	bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \
+	bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \
+	bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \
+	bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_gf2m.o bn_nist.o \
+	bn_depr.o bn_const.o bn_x931p.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= bn.h
+HEADER=	bn_lcl.h bn_prime.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+bn_prime.h: bn_prime.pl
+	$(PERL) bn_prime.pl >bn_prime.h
+
+divtest: divtest.c ../../libcrypto.a
+	cc -I../../include divtest.c -o divtest ../../libcrypto.a
+
+bnbug: bnbug.c ../../libcrypto.a top
+	cc -g -I../../include bnbug.c -o bnbug ../../libcrypto.a
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB) || echo Never mind.
+	@touch lib
+
+bn-586.s:	asm/bn-586.pl ../perlasm/x86asm.pl
+	$(PERL) asm/bn-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
+co-586.s:	asm/co-586.pl ../perlasm/x86asm.pl
+	$(PERL) asm/co-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
+x86-mont.s:	asm/x86-mont.pl ../perlasm/x86asm.pl
+	$(PERL) asm/x86-mont.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
+x86-gf2m.s:	asm/x86-gf2m.pl ../perlasm/x86asm.pl
+	$(PERL) asm/x86-gf2m.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
+
+sparcv8.o:	asm/sparcv8.S
+	$(CC) $(CFLAGS) -c asm/sparcv8.S
+bn-sparcv9.o:	asm/sparcv8plus.S
+	$(CC) $(CFLAGS) -c -o $@ asm/sparcv8plus.S
+sparcv9a-mont.s:	asm/sparcv9a-mont.pl
+	$(PERL) asm/sparcv9a-mont.pl $(CFLAGS) > $@
+sparcv9-mont.s:		asm/sparcv9-mont.pl
+	$(PERL) asm/sparcv9-mont.pl $(CFLAGS) > $@
+
+bn-mips3.o:	asm/mips3.s
+	@if [ "$(CC)" = "gcc" ]; then \
+		ABI=`expr "$(CFLAGS)" : ".*-mabi=\([n3264]*\)"` && \
+		as -$$ABI -O -o $@ asm/mips3.s; \
+	else	$(CC) -c $(CFLAGS) -o $@ asm/mips3.s; fi
+
+bn-mips.s:	asm/mips.pl
+	$(PERL) asm/mips.pl $(PERLASM_SCHEME) $@
+mips-mont.s:	asm/mips-mont.pl
+	$(PERL)	asm/mips-mont.pl $(PERLASM_SCHEME) $@
+
+bn-s390x.o:	asm/s390x.S
+	$(CC) $(CFLAGS) -c -o $@ asm/s390x.S
+s390x-gf2m.s:	asm/s390x-gf2m.pl
+	$(PERL) asm/s390x-gf2m.pl $(PERLASM_SCHEME) $@
+
+x86_64-gcc.o:	asm/x86_64-gcc.c
+	$(CC) $(CFLAGS) -c -o $@ asm/x86_64-gcc.c
+x86_64-mont.s:	asm/x86_64-mont.pl
+	$(PERL) asm/x86_64-mont.pl $(PERLASM_SCHEME) > $@
+x86_64-mont5.s:	asm/x86_64-mont5.pl
+	$(PERL) asm/x86_64-mont5.pl $(PERLASM_SCHEME) > $@
+x86_64-gf2m.s:	asm/x86_64-gf2m.pl
+	$(PERL) asm/x86_64-gf2m.pl $(PERLASM_SCHEME) > $@
+modexp512-x86_64.s:	asm/modexp512-x86_64.pl
+	$(PERL) asm/modexp512-x86_64.pl $(PERLASM_SCHEME) > $@
+
+bn-ia64.s:	asm/ia64.S
+	$(CC) $(CFLAGS) -E asm/ia64.S > $@
+ia64-mont.s:	asm/ia64-mont.pl
+	$(PERL) asm/ia64-mont.pl $@ $(CFLAGS)
+
+# GNU assembler fails to compile PA-RISC2 modules, insist on calling
+# vendor assembler...
+pa-risc2W.o: asm/pa-risc2W.s
+	/usr/ccs/bin/as -o pa-risc2W.o asm/pa-risc2W.s
+pa-risc2.o: asm/pa-risc2.s
+	/usr/ccs/bin/as -o pa-risc2.o asm/pa-risc2.s
+parisc-mont.s:	asm/parisc-mont.pl
+	$(PERL) asm/parisc-mont.pl $(PERLASM_SCHEME) $@
+
+# ppc - AIX, Linux, MacOS X...
+bn-ppc.s:	asm/ppc.pl;	$(PERL) asm/ppc.pl $(PERLASM_SCHEME) $@
+ppc-mont.s:	asm/ppc-mont.pl;$(PERL) asm/ppc-mont.pl $(PERLASM_SCHEME) $@
+ppc64-mont.s:	asm/ppc64-mont.pl;$(PERL) asm/ppc64-mont.pl $(PERLASM_SCHEME) $@
+
+alpha-mont.s:	asm/alpha-mont.pl
+	(preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \
+	$(PERL) asm/alpha-mont.pl > $$preproc && \
+	$(CC) -E $$preproc > $@ && rm $$preproc)
+
+# GNU make "catch all"
+%-mont.s:	asm/%-mont.pl;	$(PERL) $< $(PERLASM_SCHEME) $@
+%-gf2m.S:	asm/%-gf2m.pl;	$(PERL) $< $(PERLASM_SCHEME) $@
+
+armv4-gf2m.o:	armv4-gf2m.S
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+exptest:
+	rm -f exptest
+	gcc -I../../include -g2 -ggdb -o exptest exptest.c ../../libcrypto.a
+
+div:
+	rm -f a.out
+	gcc -I.. -g div.c ../../libcrypto.a
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+update: bn_prime.h depend
+
+depend:
+	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+bn_add.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_add.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_add.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_add.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_add.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_add.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_add.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_add.c bn_lcl.h
+bn_asm.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_asm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_asm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_asm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_asm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_asm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_asm.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_asm.c bn_lcl.h
+bn_blind.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_blind.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_blind.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_blind.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_blind.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_blind.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_blind.c bn_lcl.h
+bn_const.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+bn_const.o: ../../include/openssl/opensslconf.h
+bn_const.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_const.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_const.o: ../../include/openssl/symhacks.h bn.h bn_const.c
+bn_ctx.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_ctx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_ctx.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_ctx.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_ctx.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_ctx.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_ctx.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_ctx.c bn_lcl.h
+bn_depr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_depr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_depr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_depr.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+bn_depr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_depr.o: ../cryptlib.h bn_depr.c bn_lcl.h
+bn_div.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_div.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_div.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_div.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_div.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_div.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_div.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_div.c bn_lcl.h
+bn_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+bn_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bn_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bn_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+bn_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_err.o: bn_err.c
+bn_exp.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_exp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_exp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_exp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_exp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_exp.o: ../../include/openssl/symhacks.h ../constant_time_locl.h
+bn_exp.o: ../cryptlib.h bn_exp.c bn_lcl.h
+bn_exp2.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_exp2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_exp2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_exp2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_exp2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_exp2.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_exp2.c bn_lcl.h
+bn_gcd.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_gcd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_gcd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_gcd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_gcd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_gcd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_gcd.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_gcd.c bn_lcl.h
+bn_gf2m.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_gf2m.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_gf2m.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_gf2m.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_gf2m.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_gf2m.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_gf2m.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_gf2m.c bn_lcl.h
+bn_kron.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_kron.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_kron.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_kron.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_kron.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_kron.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_kron.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_kron.c bn_lcl.h
+bn_lib.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_lib.c
+bn_mod.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mod.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mod.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_mod.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_mod.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_mod.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mod.c
+bn_mont.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mont.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mont.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_mont.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_mont.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_mont.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mont.c
+bn_mpi.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mpi.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mpi.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_mpi.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_mpi.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_mpi.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_mpi.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mpi.c
+bn_mul.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mul.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mul.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_mul.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_mul.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_mul.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_mul.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mul.c
+bn_nist.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_nist.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_nist.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_nist.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_nist.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_nist.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_nist.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_nist.c
+bn_prime.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_prime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_prime.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_prime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_prime.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+bn_prime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_prime.o: ../cryptlib.h bn_lcl.h bn_prime.c bn_prime.h
+bn_print.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_print.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_print.c
+bn_rand.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_rand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_rand.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+bn_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_rand.o: ../cryptlib.h bn_lcl.h bn_rand.c
+bn_recp.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_recp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_recp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_recp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_recp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_recp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_recp.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_recp.c
+bn_shift.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_shift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_shift.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_shift.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_shift.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_shift.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_shift.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_shift.c
+bn_sqr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_sqr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_sqr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_sqr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_sqr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_sqr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_sqr.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_sqr.c
+bn_sqrt.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_sqrt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_sqrt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_sqrt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_sqrt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_sqrt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_sqrt.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_sqrt.c
+bn_word.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_word.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_word.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_word.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_word.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_word.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_word.c
+bn_x931p.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+bn_x931p.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+bn_x931p.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_x931p.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_x931p.o: ../../include/openssl/symhacks.h bn_x931p.c

Deleted: vendor-crypto/openssl/1.0.1u/crypto/bn/asm/x86-mont.pl
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/asm/x86-mont.pl	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/bn/asm/x86-mont.pl	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,593 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# October 2005
-#
-# This is a "teaser" code, as it can be improved in several ways...
-# First of all non-SSE2 path should be implemented (yes, for now it
-# performs Montgomery multiplication/convolution only on SSE2-capable
-# CPUs such as P4, others fall down to original code). Then inner loop
-# can be unrolled and modulo-scheduled to improve ILP and possibly
-# moved to 128-bit XMM register bank (though it would require input
-# rearrangement and/or increase bus bandwidth utilization). Dedicated
-# squaring procedure should give further performance improvement...
-# Yet, for being draft, the code improves rsa512 *sign* benchmark by
-# 110%(!), rsa1024 one - by 70% and rsa4096 - by 20%:-)
-
-# December 2006
-#
-# Modulo-scheduling SSE2 loops results in further 15-20% improvement.
-# Integer-only code [being equipped with dedicated squaring procedure]
-# gives ~40% on rsa512 sign benchmark...
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-push(@INC,"${dir}","${dir}../../perlasm");
-require "x86asm.pl";
-
-&asm_init($ARGV[0],$0);
-
-$sse2=0;
-for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
-
-&external_label("OPENSSL_ia32cap_P") if ($sse2);
-
-&function_begin("bn_mul_mont");
-
-$i="edx";
-$j="ecx";
-$ap="esi";	$tp="esi";		# overlapping variables!!!
-$rp="edi";	$bp="edi";		# overlapping variables!!!
-$np="ebp";
-$num="ebx";
-
-$_num=&DWP(4*0,"esp");			# stack top layout
-$_rp=&DWP(4*1,"esp");
-$_ap=&DWP(4*2,"esp");
-$_bp=&DWP(4*3,"esp");
-$_np=&DWP(4*4,"esp");
-$_n0=&DWP(4*5,"esp");	$_n0q=&QWP(4*5,"esp");
-$_sp=&DWP(4*6,"esp");
-$_bpend=&DWP(4*7,"esp");
-$frame=32;				# size of above frame rounded up to 16n
-
-	&xor	("eax","eax");
-	&mov	("edi",&wparam(5));	# int num
-	&cmp	("edi",4);
-	&jl	(&label("just_leave"));
-
-	&lea	("esi",&wparam(0));	# put aside pointer to argument block
-	&lea	("edx",&wparam(1));	# load ap
-	&mov	("ebp","esp");		# saved stack pointer!
-	&add	("edi",2);		# extra two words on top of tp
-	&neg	("edi");
-	&lea	("esp",&DWP(-$frame,"esp","edi",4));	# alloca($frame+4*(num+2))
-	&neg	("edi");
-
-	# minimize cache contention by arraning 2K window between stack
-	# pointer and ap argument [np is also position sensitive vector,
-	# but it's assumed to be near ap, as it's allocated at ~same
-	# time].
-	&mov	("eax","esp");
-	&sub	("eax","edx");
-	&and	("eax",2047);
-	&sub	("esp","eax");		# this aligns sp and ap modulo 2048
-
-	&xor	("edx","esp");
-	&and	("edx",2048);
-	&xor	("edx",2048);
-	&sub	("esp","edx");		# this splits them apart modulo 4096
-
-	&and	("esp",-64);		# align to cache line
-
-	################################# load argument block...
-	&mov	("eax",&DWP(0*4,"esi"));# BN_ULONG *rp
-	&mov	("ebx",&DWP(1*4,"esi"));# const BN_ULONG *ap
-	&mov	("ecx",&DWP(2*4,"esi"));# const BN_ULONG *bp
-	&mov	("edx",&DWP(3*4,"esi"));# const BN_ULONG *np
-	&mov	("esi",&DWP(4*4,"esi"));# const BN_ULONG *n0
-	#&mov	("edi",&DWP(5*4,"esi"));# int num
-
-	&mov	("esi",&DWP(0,"esi"));	# pull n0[0]
-	&mov	($_rp,"eax");		# ... save a copy of argument block
-	&mov	($_ap,"ebx");
-	&mov	($_bp,"ecx");
-	&mov	($_np,"edx");
-	&mov	($_n0,"esi");
-	&lea	($num,&DWP(-3,"edi"));	# num=num-1 to assist modulo-scheduling
-	#&mov	($_num,$num);		# redundant as $num is not reused
-	&mov	($_sp,"ebp");		# saved stack pointer!
-

-if($sse2) {
-$acc0="mm0";	# mmx register bank layout
-$acc1="mm1";
-$car0="mm2";
-$car1="mm3";
-$mul0="mm4";
-$mul1="mm5";
-$temp="mm6";
-$mask="mm7";
-
-	&picmeup("eax","OPENSSL_ia32cap_P");
-	&bt	(&DWP(0,"eax"),26);
-	&jnc	(&label("non_sse2"));
-
-	&mov	("eax",-1);
-	&movd	($mask,"eax");		# mask 32 lower bits
-
-	&mov	($ap,$_ap);		# load input pointers
-	&mov	($bp,$_bp);
-	&mov	($np,$_np);
-
-	&xor	($i,$i);		# i=0
-	&xor	($j,$j);		# j=0
-
-	&movd	($mul0,&DWP(0,$bp));		# bp[0]
-	&movd	($mul1,&DWP(0,$ap));		# ap[0]
-	&movd	($car1,&DWP(0,$np));		# np[0]
-
-	&pmuludq($mul1,$mul0);			# ap[0]*bp[0]
-	&movq	($car0,$mul1);
-	&movq	($acc0,$mul1);			# I wish movd worked for
-	&pand	($acc0,$mask);			# inter-register transfers
-
-	&pmuludq($mul1,$_n0q);			# *=n0
-
-	&pmuludq($car1,$mul1);			# "t[0]"*np[0]*n0
-	&paddq	($car1,$acc0);
-
-	&movd	($acc1,&DWP(4,$np));		# np[1]
-	&movd	($acc0,&DWP(4,$ap));		# ap[1]
-
-	&psrlq	($car0,32);
-	&psrlq	($car1,32);
-
-	&inc	($j);				# j++
-&set_label("1st",16);
-	&pmuludq($acc0,$mul0);			# ap[j]*bp[0]
-	&pmuludq($acc1,$mul1);			# np[j]*m1
-	&paddq	($car0,$acc0);			# +=c0
-	&paddq	($car1,$acc1);			# +=c1
-
-	&movq	($acc0,$car0);
-	&pand	($acc0,$mask);
-	&movd	($acc1,&DWP(4,$np,$j,4));	# np[j+1]
-	&paddq	($car1,$acc0);			# +=ap[j]*bp[0];
-	&movd	($acc0,&DWP(4,$ap,$j,4));	# ap[j+1]
-	&psrlq	($car0,32);
-	&movd	(&DWP($frame-4,"esp",$j,4),$car1);	# tp[j-1]=
-	&psrlq	($car1,32);
-
-	&lea	($j,&DWP(1,$j));
-	&cmp	($j,$num);
-	&jl	(&label("1st"));
-
-	&pmuludq($acc0,$mul0);			# ap[num-1]*bp[0]
-	&pmuludq($acc1,$mul1);			# np[num-1]*m1
-	&paddq	($car0,$acc0);			# +=c0
-	&paddq	($car1,$acc1);			# +=c1
-
-	&movq	($acc0,$car0);
-	&pand	($acc0,$mask);
-	&paddq	($car1,$acc0);			# +=ap[num-1]*bp[0];
-	&movd	(&DWP($frame-4,"esp",$j,4),$car1);	# tp[num-2]=
-
-	&psrlq	($car0,32);
-	&psrlq	($car1,32);
-
-	&paddq	($car1,$car0);
-	&movq	(&QWP($frame,"esp",$num,4),$car1);	# tp[num].tp[num-1]
-

-	&inc	($i);				# i++
-&set_label("outer");
-	&xor	($j,$j);			# j=0
-
-	&movd	($mul0,&DWP(0,$bp,$i,4));	# bp[i]
-	&movd	($mul1,&DWP(0,$ap));		# ap[0]
-	&movd	($temp,&DWP($frame,"esp"));	# tp[0]
-	&movd	($car1,&DWP(0,$np));		# np[0]
-	&pmuludq($mul1,$mul0);			# ap[0]*bp[i]
-
-	&paddq	($mul1,$temp);			# +=tp[0]
-	&movq	($acc0,$mul1);
-	&movq	($car0,$mul1);
-	&pand	($acc0,$mask);
-
-	&pmuludq($mul1,$_n0q);			# *=n0
-
-	&pmuludq($car1,$mul1);
-	&paddq	($car1,$acc0);
-
-	&movd	($temp,&DWP($frame+4,"esp"));	# tp[1]
-	&movd	($acc1,&DWP(4,$np));		# np[1]
-	&movd	($acc0,&DWP(4,$ap));		# ap[1]
-
-	&psrlq	($car0,32);
-	&psrlq	($car1,32);
-	&paddq	($car0,$temp);			# +=tp[1]
-
-	&inc	($j);				# j++
-	&dec	($num);
-&set_label("inner");
-	&pmuludq($acc0,$mul0);			# ap[j]*bp[i]
-	&pmuludq($acc1,$mul1);			# np[j]*m1
-	&paddq	($car0,$acc0);			# +=c0
-	&paddq	($car1,$acc1);			# +=c1
-
-	&movq	($acc0,$car0);
-	&movd	($temp,&DWP($frame+4,"esp",$j,4));# tp[j+1]
-	&pand	($acc0,$mask);
-	&movd	($acc1,&DWP(4,$np,$j,4));	# np[j+1]
-	&paddq	($car1,$acc0);			# +=ap[j]*bp[i]+tp[j]
-	&movd	($acc0,&DWP(4,$ap,$j,4));	# ap[j+1]
-	&psrlq	($car0,32);
-	&movd	(&DWP($frame-4,"esp",$j,4),$car1);# tp[j-1]=
-	&psrlq	($car1,32);
-	&paddq	($car0,$temp);			# +=tp[j+1]
-
-	&dec	($num);
-	&lea	($j,&DWP(1,$j));		# j++
-	&jnz	(&label("inner"));
-
-	&mov	($num,$j);
-	&pmuludq($acc0,$mul0);			# ap[num-1]*bp[i]
-	&pmuludq($acc1,$mul1);			# np[num-1]*m1
-	&paddq	($car0,$acc0);			# +=c0
-	&paddq	($car1,$acc1);			# +=c1
-
-	&movq	($acc0,$car0);
-	&pand	($acc0,$mask);
-	&paddq	($car1,$acc0);			# +=ap[num-1]*bp[i]+tp[num-1]
-	&movd	(&DWP($frame-4,"esp",$j,4),$car1);	# tp[num-2]=
-	&psrlq	($car0,32);
-	&psrlq	($car1,32);
-
-	&movd	($temp,&DWP($frame+4,"esp",$num,4));	# += tp[num]
-	&paddq	($car1,$car0);
-	&paddq	($car1,$temp);
-	&movq	(&QWP($frame,"esp",$num,4),$car1);	# tp[num].tp[num-1]
-
-	&lea	($i,&DWP(1,$i));		# i++
-	&cmp	($i,$num);
-	&jle	(&label("outer"));
-
-	&emms	();				# done with mmx bank
-	&jmp	(&label("common_tail"));
-
-&set_label("non_sse2",16);
-}
-

-if (0) {
-	&mov	("esp",$_sp);
-	&xor	("eax","eax");	# signal "not fast enough [yet]"
-	&jmp	(&label("just_leave"));
-	# While the below code provides competitive performance for
-	# all key lengthes on modern Intel cores, it's still more
-	# than 10% slower for 4096-bit key elsewhere:-( "Competitive"
-	# means compared to the original integer-only assembler.
-	# 512-bit RSA sign is better by ~40%, but that's about all
-	# one can say about all CPUs...
-} else {
-$inp="esi";	# integer path uses these registers differently
-$word="edi";
-$carry="ebp";
-
-	&mov	($inp,$_ap);
-	&lea	($carry,&DWP(1,$num));
-	&mov	($word,$_bp);
-	&xor	($j,$j);				# j=0
-	&mov	("edx",$inp);
-	&and	($carry,1);				# see if num is even
-	&sub	("edx",$word);				# see if ap==bp
-	&lea	("eax",&DWP(4,$word,$num,4));		# &bp[num]
-	&or	($carry,"edx");
-	&mov	($word,&DWP(0,$word));			# bp[0]
-	&jz	(&label("bn_sqr_mont"));
-	&mov	($_bpend,"eax");
-	&mov	("eax",&DWP(0,$inp));
-	&xor	("edx","edx");
-
-&set_label("mull",16);
-	&mov	($carry,"edx");
-	&mul	($word);				# ap[j]*bp[0]
-	&add	($carry,"eax");
-	&lea	($j,&DWP(1,$j));
-	&adc	("edx",0);
-	&mov	("eax",&DWP(0,$inp,$j,4));		# ap[j+1]
-	&cmp	($j,$num);
-	&mov	(&DWP($frame-4,"esp",$j,4),$carry);	# tp[j]=
-	&jl	(&label("mull"));
-
-	&mov	($carry,"edx");
-	&mul	($word);				# ap[num-1]*bp[0]
-	 &mov	($word,$_n0);
-	&add	("eax",$carry);
-	 &mov	($inp,$_np);
-	&adc	("edx",0);
-	 &imul	($word,&DWP($frame,"esp"));		# n0*tp[0]
-
-	&mov	(&DWP($frame,"esp",$num,4),"eax");	# tp[num-1]=
-	&xor	($j,$j);
-	&mov	(&DWP($frame+4,"esp",$num,4),"edx");	# tp[num]=
-	&mov	(&DWP($frame+8,"esp",$num,4),$j);	# tp[num+1]=
-
-	&mov	("eax",&DWP(0,$inp));			# np[0]
-	&mul	($word);				# np[0]*m
-	&add	("eax",&DWP($frame,"esp"));		# +=tp[0]
-	&mov	("eax",&DWP(4,$inp));			# np[1]
-	&adc	("edx",0);
-	&inc	($j);
-
-	&jmp	(&label("2ndmadd"));
-


-&set_label("1stmadd",16);
-	&mov	($carry,"edx");
-	&mul	($word);				# ap[j]*bp[i]
-	&add	($carry,&DWP($frame,"esp",$j,4));	# +=tp[j]
-	&lea	($j,&DWP(1,$j));
-	&adc	("edx",0);
-	&add	($carry,"eax");
-	&mov	("eax",&DWP(0,$inp,$j,4));		# ap[j+1]
-	&adc	("edx",0);
-	&cmp	($j,$num);
-	&mov	(&DWP($frame-4,"esp",$j,4),$carry);	# tp[j]=
-	&jl	(&label("1stmadd"));
-
-	&mov	($carry,"edx");
-	&mul	($word);				# ap[num-1]*bp[i]
-	&add	("eax",&DWP($frame,"esp",$num,4));	# +=tp[num-1]
-	 &mov	($word,$_n0);
-	&adc	("edx",0);
-	 &mov	($inp,$_np);
-	&add	($carry,"eax");
-	&adc	("edx",0);
-	 &imul	($word,&DWP($frame,"esp"));		# n0*tp[0]
-
-	&xor	($j,$j);
-	&add	("edx",&DWP($frame+4,"esp",$num,4));	# carry+=tp[num]
-	&mov	(&DWP($frame,"esp",$num,4),$carry);	# tp[num-1]=
-	&adc	($j,0);
-	 &mov	("eax",&DWP(0,$inp));			# np[0]
-	&mov	(&DWP($frame+4,"esp",$num,4),"edx");	# tp[num]=
-	&mov	(&DWP($frame+8,"esp",$num,4),$j);	# tp[num+1]=
-
-	&mul	($word);				# np[0]*m
-	&add	("eax",&DWP($frame,"esp"));		# +=tp[0]
-	&mov	("eax",&DWP(4,$inp));			# np[1]
-	&adc	("edx",0);
-	&mov	($j,1);
-

-&set_label("2ndmadd",16);
-	&mov	($carry,"edx");
-	&mul	($word);				# np[j]*m
-	&add	($carry,&DWP($frame,"esp",$j,4));	# +=tp[j]
-	&lea	($j,&DWP(1,$j));
-	&adc	("edx",0);
-	&add	($carry,"eax");
-	&mov	("eax",&DWP(0,$inp,$j,4));		# np[j+1]
-	&adc	("edx",0);
-	&cmp	($j,$num);
-	&mov	(&DWP($frame-8,"esp",$j,4),$carry);	# tp[j-1]=
-	&jl	(&label("2ndmadd"));
-
-	&mov	($carry,"edx");
-	&mul	($word);				# np[j]*m
-	&add	($carry,&DWP($frame,"esp",$num,4));	# +=tp[num-1]
-	&adc	("edx",0);
-	&add	($carry,"eax");
-	&adc	("edx",0);
-	&mov	(&DWP($frame-4,"esp",$num,4),$carry);	# tp[num-2]=
-
-	&xor	("eax","eax");
-	 &mov	($j,$_bp);				# &bp[i]
-	&add	("edx",&DWP($frame+4,"esp",$num,4));	# carry+=tp[num]
-	&adc	("eax",&DWP($frame+8,"esp",$num,4));	# +=tp[num+1]
-	 &lea	($j,&DWP(4,$j));
-	&mov	(&DWP($frame,"esp",$num,4),"edx");	# tp[num-1]=
-	 &cmp	($j,$_bpend);
-	&mov	(&DWP($frame+4,"esp",$num,4),"eax");	# tp[num]=
-	&je	(&label("common_tail"));
-
-	&mov	($word,&DWP(0,$j));			# bp[i+1]
-	&mov	($inp,$_ap);
-	&mov	($_bp,$j);				# &bp[++i]
-	&xor	($j,$j);
-	&xor	("edx","edx");
-	&mov	("eax",&DWP(0,$inp));
-	&jmp	(&label("1stmadd"));
-

-&set_label("bn_sqr_mont",16);
-$sbit=$num;
-	&mov	($_num,$num);
-	&mov	($_bp,$j);				# i=0
-
-	&mov	("eax",$word);				# ap[0]
-	&mul	($word);				# ap[0]*ap[0]
-	&mov	(&DWP($frame,"esp"),"eax");		# tp[0]=
-	&mov	($sbit,"edx");
-	&shr	("edx",1);
-	&and	($sbit,1);
-	&inc	($j);
-&set_label("sqr",16);
-	&mov	("eax",&DWP(0,$inp,$j,4));		# ap[j]
-	&mov	($carry,"edx");
-	&mul	($word);				# ap[j]*ap[0]
-	&add	("eax",$carry);
-	&lea	($j,&DWP(1,$j));
-	&adc	("edx",0);
-	&lea	($carry,&DWP(0,$sbit,"eax",2));
-	&shr	("eax",31);
-	&cmp	($j,$_num);
-	&mov	($sbit,"eax");
-	&mov	(&DWP($frame-4,"esp",$j,4),$carry);	# tp[j]=
-	&jl	(&label("sqr"));
-
-	&mov	("eax",&DWP(0,$inp,$j,4));		# ap[num-1]
-	&mov	($carry,"edx");
-	&mul	($word);				# ap[num-1]*ap[0]
-	&add	("eax",$carry);
-	 &mov	($word,$_n0);
-	&adc	("edx",0);
-	 &mov	($inp,$_np);
-	&lea	($carry,&DWP(0,$sbit,"eax",2));
-	 &imul	($word,&DWP($frame,"esp"));		# n0*tp[0]
-	&shr	("eax",31);
-	&mov	(&DWP($frame,"esp",$j,4),$carry);	# tp[num-1]=
-
-	&lea	($carry,&DWP(0,"eax","edx",2));
-	 &mov	("eax",&DWP(0,$inp));			# np[0]
-	&shr	("edx",31);
-	&mov	(&DWP($frame+4,"esp",$j,4),$carry);	# tp[num]=
-	&mov	(&DWP($frame+8,"esp",$j,4),"edx");	# tp[num+1]=
-
-	&mul	($word);				# np[0]*m
-	&add	("eax",&DWP($frame,"esp"));		# +=tp[0]
-	&mov	($num,$j);
-	&adc	("edx",0);
-	&mov	("eax",&DWP(4,$inp));			# np[1]
-	&mov	($j,1);
-


-&set_label("3rdmadd",16);
-	&mov	($carry,"edx");
-	&mul	($word);				# np[j]*m
-	&add	($carry,&DWP($frame,"esp",$j,4));	# +=tp[j]
-	&adc	("edx",0);
-	&add	($carry,"eax");
-	&mov	("eax",&DWP(4,$inp,$j,4));		# np[j+1]
-	&adc	("edx",0);
-	&mov	(&DWP($frame-4,"esp",$j,4),$carry);	# tp[j-1]=
-
-	&mov	($carry,"edx");
-	&mul	($word);				# np[j+1]*m
-	&add	($carry,&DWP($frame+4,"esp",$j,4));	# +=tp[j+1]
-	&lea	($j,&DWP(2,$j));
-	&adc	("edx",0);
-	&add	($carry,"eax");
-	&mov	("eax",&DWP(0,$inp,$j,4));		# np[j+2]
-	&adc	("edx",0);
-	&cmp	($j,$num);
-	&mov	(&DWP($frame-8,"esp",$j,4),$carry);	# tp[j]=
-	&jl	(&label("3rdmadd"));
-
-	&mov	($carry,"edx");
-	&mul	($word);				# np[j]*m
-	&add	($carry,&DWP($frame,"esp",$num,4));	# +=tp[num-1]
-	&adc	("edx",0);
-	&add	($carry,"eax");
-	&adc	("edx",0);
-	&mov	(&DWP($frame-4,"esp",$num,4),$carry);	# tp[num-2]=
-
-	&mov	($j,$_bp);				# i
-	&xor	("eax","eax");
-	&mov	($inp,$_ap);
-	&add	("edx",&DWP($frame+4,"esp",$num,4));	# carry+=tp[num]
-	&adc	("eax",&DWP($frame+8,"esp",$num,4));	# +=tp[num+1]
-	&mov	(&DWP($frame,"esp",$num,4),"edx");	# tp[num-1]=
-	&cmp	($j,$num);
-	&mov	(&DWP($frame+4,"esp",$num,4),"eax");	# tp[num]=
-	&je	(&label("common_tail"));
-

-	&mov	($word,&DWP(4,$inp,$j,4));		# ap[i]
-	&lea	($j,&DWP(1,$j));
-	&mov	("eax",$word);
-	&mov	($_bp,$j);				# ++i
-	&mul	($word);				# ap[i]*ap[i]
-	&add	("eax",&DWP($frame,"esp",$j,4));	# +=tp[i]
-	&adc	("edx",0);
-	&mov	(&DWP($frame,"esp",$j,4),"eax");	# tp[i]=
-	&xor	($carry,$carry);
-	&cmp	($j,$num);
-	&lea	($j,&DWP(1,$j));
-	&je	(&label("sqrlast"));
-
-	&mov	($sbit,"edx");				# zaps $num
-	&shr	("edx",1);
-	&and	($sbit,1);
-&set_label("sqradd",16);
-	&mov	("eax",&DWP(0,$inp,$j,4));		# ap[j]
-	&mov	($carry,"edx");
-	&mul	($word);				# ap[j]*ap[i]
-	&add	("eax",$carry);
-	&lea	($carry,&DWP(0,"eax","eax"));
-	&adc	("edx",0);
-	&shr	("eax",31);
-	&add	($carry,&DWP($frame,"esp",$j,4));	# +=tp[j]
-	&lea	($j,&DWP(1,$j));
-	&adc	("eax",0);
-	&add	($carry,$sbit);
-	&adc	("eax",0);
-	&cmp	($j,$_num);
-	&mov	(&DWP($frame-4,"esp",$j,4),$carry);	# tp[j]=
-	&mov	($sbit,"eax");
-	&jle	(&label("sqradd"));
-
-	&mov	($carry,"edx");
-	&add	("edx","edx");
-	&shr	($carry,31);
-	&add	("edx",$sbit);
-	&adc	($carry,0);
-&set_label("sqrlast");
-	&mov	($word,$_n0);
-	&mov	($inp,$_np);
-	&imul	($word,&DWP($frame,"esp"));		# n0*tp[0]
-
-	&add	("edx",&DWP($frame,"esp",$j,4));	# +=tp[num]
-	&mov	("eax",&DWP(0,$inp));			# np[0]
-	&adc	($carry,0);
-	&mov	(&DWP($frame,"esp",$j,4),"edx");	# tp[num]=
-	&mov	(&DWP($frame+4,"esp",$j,4),$carry);	# tp[num+1]=
-
-	&mul	($word);				# np[0]*m
-	&add	("eax",&DWP($frame,"esp"));		# +=tp[0]
-	&lea	($num,&DWP(-1,$j));
-	&adc	("edx",0);
-	&mov	($j,1);
-	&mov	("eax",&DWP(4,$inp));			# np[1]
-
-	&jmp	(&label("3rdmadd"));
-}
-

-&set_label("common_tail",16);
-	&mov	($np,$_np);			# load modulus pointer
-	&mov	($rp,$_rp);			# load result pointer
-	&lea	($tp,&DWP($frame,"esp"));	# [$ap and $bp are zapped]
-
-	&mov	("eax",&DWP(0,$tp));		# tp[0]
-	&mov	($j,$num);			# j=num-1
-	&xor	($i,$i);			# i=0 and clear CF!
-
-&set_label("sub",16);
-	&sbb	("eax",&DWP(0,$np,$i,4));
-	&mov	(&DWP(0,$rp,$i,4),"eax");	# rp[i]=tp[i]-np[i]
-	&dec	($j);				# doesn't affect CF!
-	&mov	("eax",&DWP(4,$tp,$i,4));	# tp[i+1]
-	&lea	($i,&DWP(1,$i));		# i++
-	&jge	(&label("sub"));
-
-	&sbb	("eax",0);			# handle upmost overflow bit
-	&and	($tp,"eax");
-	&not	("eax");
-	&mov	($np,$rp);
-	&and	($np,"eax");
-	&or	($tp,$np);			# tp=carry?tp:rp
-
-&set_label("copy",16);				# copy or in-place refresh
-	&mov	("eax",&DWP(0,$tp,$num,4));
-	&mov	(&DWP(0,$rp,$num,4),"eax");	# rp[i]=tp[i]
-	&mov	(&DWP($frame,"esp",$num,4),$j);	# zap temporary vector
-	&dec	($num);
-	&jge	(&label("copy"));
-
-	&mov	("esp",$_sp);		# pull saved stack pointer
-	&mov	("eax",1);
-&set_label("just_leave");
-&function_end("bn_mul_mont");
-
-&asciz("Montgomery Multiplication for x86, CRYPTOGAMS by <appro\@openssl.org>");
-
-&asm_finish();

Copied: vendor-crypto/openssl/1.0.1u/crypto/bn/asm/x86-mont.pl (from rev 11605, vendor-crypto/openssl/dist/crypto/bn/asm/x86-mont.pl)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/bn/asm/x86-mont.pl	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/bn/asm/x86-mont.pl	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,608 @@
+#!/usr/bin/env perl
+
+# ====================================================================
+# Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# October 2005
+#
+# This is a "teaser" code, as it can be improved in several ways...
+# First of all non-SSE2 path should be implemented (yes, for now it
+# performs Montgomery multiplication/convolution only on SSE2-capable
+# CPUs such as P4, others fall down to original code). Then inner loop
+# can be unrolled and modulo-scheduled to improve ILP and possibly
+# moved to 128-bit XMM register bank (though it would require input
+# rearrangement and/or increase bus bandwidth utilization). Dedicated
+# squaring procedure should give further performance improvement...
+# Yet, for being draft, the code improves rsa512 *sign* benchmark by
+# 110%(!), rsa1024 one - by 70% and rsa4096 - by 20%:-)
+
+# December 2006
+#
+# Modulo-scheduling SSE2 loops results in further 15-20% improvement.
+# Integer-only code [being equipped with dedicated squaring procedure]
+# gives ~40% on rsa512 sign benchmark...
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+&asm_init($ARGV[0],$0);
+
+$sse2=0;
+for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+
+&external_label("OPENSSL_ia32cap_P") if ($sse2);
+
+&function_begin("bn_mul_mont");
+
+$i="edx";
+$j="ecx";
+$ap="esi";	$tp="esi";		# overlapping variables!!!
+$rp="edi";	$bp="edi";		# overlapping variables!!!
+$np="ebp";
+$num="ebx";
+
+$_num=&DWP(4*0,"esp");			# stack top layout
+$_rp=&DWP(4*1,"esp");
+$_ap=&DWP(4*2,"esp");
+$_bp=&DWP(4*3,"esp");
+$_np=&DWP(4*4,"esp");
+$_n0=&DWP(4*5,"esp");	$_n0q=&QWP(4*5,"esp");
+$_sp=&DWP(4*6,"esp");
+$_bpend=&DWP(4*7,"esp");
+$frame=32;				# size of above frame rounded up to 16n
+
+	&xor	("eax","eax");
+	&mov	("edi",&wparam(5));	# int num
+	&cmp	("edi",4);
+	&jl	(&label("just_leave"));
+
+	&lea	("esi",&wparam(0));	# put aside pointer to argument block
+	&lea	("edx",&wparam(1));	# load ap
+	&mov	("ebp","esp");		# saved stack pointer!
+	&add	("edi",2);		# extra two words on top of tp
+	&neg	("edi");
+	&lea	("esp",&DWP(-$frame,"esp","edi",4));	# alloca($frame+4*(num+2))
+	&neg	("edi");
+
+	# minimize cache contention by arraning 2K window between stack
+	# pointer and ap argument [np is also position sensitive vector,
+	# but it's assumed to be near ap, as it's allocated at ~same
+	# time].
+	&mov	("eax","esp");
+	&sub	("eax","edx");
+	&and	("eax",2047);
+	&sub	("esp","eax");		# this aligns sp and ap modulo 2048
+
+	&xor	("edx","esp");
+	&and	("edx",2048);
+	&xor	("edx",2048);
+	&sub	("esp","edx");		# this splits them apart modulo 4096
+
+	&and	("esp",-64);		# align to cache line
+
+	# Some OSes, *cough*-dows, insist on stack being "wired" to
+	# physical memory in strictly sequential manner, i.e. if stack
+	# allocation spans two pages, then reference to farmost one can
+	# be punishable by SEGV. But page walking can do good even on
+	# other OSes, because it guarantees that villain thread hits
+	# the guard page before it can make damage to innocent one...
+	&mov	("eax","ebp");
+	&sub	("eax","esp");
+	&and	("eax",-4096);
+&set_label("page_walk");
+	&mov	("edx",&DWP(0,"esp","eax"));
+	&sub	("eax",4096);
+	&data_byte(0x2e);
+	&jnc	(&label("page_walk"));
+
+	################################# load argument block...
+	&mov	("eax",&DWP(0*4,"esi"));# BN_ULONG *rp
+	&mov	("ebx",&DWP(1*4,"esi"));# const BN_ULONG *ap
+	&mov	("ecx",&DWP(2*4,"esi"));# const BN_ULONG *bp
+	&mov	("edx",&DWP(3*4,"esi"));# const BN_ULONG *np
+	&mov	("esi",&DWP(4*4,"esi"));# const BN_ULONG *n0
+	#&mov	("edi",&DWP(5*4,"esi"));# int num
+
+	&mov	("esi",&DWP(0,"esi"));	# pull n0[0]
+	&mov	($_rp,"eax");		# ... save a copy of argument block
+	&mov	($_ap,"ebx");
+	&mov	($_bp,"ecx");
+	&mov	($_np,"edx");
+	&mov	($_n0,"esi");
+	&lea	($num,&DWP(-3,"edi"));	# num=num-1 to assist modulo-scheduling
+	#&mov	($_num,$num);		# redundant as $num is not reused
+	&mov	($_sp,"ebp");		# saved stack pointer!
+

+if($sse2) {
+$acc0="mm0";	# mmx register bank layout
+$acc1="mm1";
+$car0="mm2";
+$car1="mm3";
+$mul0="mm4";
+$mul1="mm5";
+$temp="mm6";
+$mask="mm7";
+
+	&picmeup("eax","OPENSSL_ia32cap_P");
+	&bt	(&DWP(0,"eax"),26);
+	&jnc	(&label("non_sse2"));
+
+	&mov	("eax",-1);
+	&movd	($mask,"eax");		# mask 32 lower bits
+
+	&mov	($ap,$_ap);		# load input pointers
+	&mov	($bp,$_bp);
+	&mov	($np,$_np);
+
+	&xor	($i,$i);		# i=0
+	&xor	($j,$j);		# j=0
+
+	&movd	($mul0,&DWP(0,$bp));		# bp[0]
+	&movd	($mul1,&DWP(0,$ap));		# ap[0]
+	&movd	($car1,&DWP(0,$np));		# np[0]
+
+	&pmuludq($mul1,$mul0);			# ap[0]*bp[0]
+	&movq	($car0,$mul1);
+	&movq	($acc0,$mul1);			# I wish movd worked for
+	&pand	($acc0,$mask);			# inter-register transfers
+
+	&pmuludq($mul1,$_n0q);			# *=n0
+
+	&pmuludq($car1,$mul1);			# "t[0]"*np[0]*n0
+	&paddq	($car1,$acc0);
+
+	&movd	($acc1,&DWP(4,$np));		# np[1]
+	&movd	($acc0,&DWP(4,$ap));		# ap[1]
+
+	&psrlq	($car0,32);
+	&psrlq	($car1,32);
+
+	&inc	($j);				# j++
+&set_label("1st",16);
+	&pmuludq($acc0,$mul0);			# ap[j]*bp[0]
+	&pmuludq($acc1,$mul1);			# np[j]*m1
+	&paddq	($car0,$acc0);			# +=c0
+	&paddq	($car1,$acc1);			# +=c1
+
+	&movq	($acc0,$car0);
+	&pand	($acc0,$mask);
+	&movd	($acc1,&DWP(4,$np,$j,4));	# np[j+1]
+	&paddq	($car1,$acc0);			# +=ap[j]*bp[0];
+	&movd	($acc0,&DWP(4,$ap,$j,4));	# ap[j+1]
+	&psrlq	($car0,32);
+	&movd	(&DWP($frame-4,"esp",$j,4),$car1);	# tp[j-1]=
+	&psrlq	($car1,32);
+
+	&lea	($j,&DWP(1,$j));
+	&cmp	($j,$num);
+	&jl	(&label("1st"));
+
+	&pmuludq($acc0,$mul0);			# ap[num-1]*bp[0]
+	&pmuludq($acc1,$mul1);			# np[num-1]*m1
+	&paddq	($car0,$acc0);			# +=c0
+	&paddq	($car1,$acc1);			# +=c1
+
+	&movq	($acc0,$car0);
+	&pand	($acc0,$mask);
+	&paddq	($car1,$acc0);			# +=ap[num-1]*bp[0];
+	&movd	(&DWP($frame-4,"esp",$j,4),$car1);	# tp[num-2]=
+
+	&psrlq	($car0,32);
+	&psrlq	($car1,32);
+
+	&paddq	($car1,$car0);
+	&movq	(&QWP($frame,"esp",$num,4),$car1);	# tp[num].tp[num-1]
+

+	&inc	($i);				# i++
+&set_label("outer");
+	&xor	($j,$j);			# j=0
+
+	&movd	($mul0,&DWP(0,$bp,$i,4));	# bp[i]
+	&movd	($mul1,&DWP(0,$ap));		# ap[0]
+	&movd	($temp,&DWP($frame,"esp"));	# tp[0]
+	&movd	($car1,&DWP(0,$np));		# np[0]
+	&pmuludq($mul1,$mul0);			# ap[0]*bp[i]
+
+	&paddq	($mul1,$temp);			# +=tp[0]
+	&movq	($acc0,$mul1);
+	&movq	($car0,$mul1);
+	&pand	($acc0,$mask);
+
+	&pmuludq($mul1,$_n0q);			# *=n0
+
+	&pmuludq($car1,$mul1);
+	&paddq	($car1,$acc0);
+
+	&movd	($temp,&DWP($frame+4,"esp"));	# tp[1]
+	&movd	($acc1,&DWP(4,$np));		# np[1]
+	&movd	($acc0,&DWP(4,$ap));		# ap[1]
+
+	&psrlq	($car0,32);
+	&psrlq	($car1,32);
+	&paddq	($car0,$temp);			# +=tp[1]
+
+	&inc	($j);				# j++
+	&dec	($num);
+&set_label("inner");
+	&pmuludq($acc0,$mul0);			# ap[j]*bp[i]
+	&pmuludq($acc1,$mul1);			# np[j]*m1
+	&paddq	($car0,$acc0);			# +=c0
+	&paddq	($car1,$acc1);			# +=c1
+
+	&movq	($acc0,$car0);
+	&movd	($temp,&DWP($frame+4,"esp",$j,4));# tp[j+1]
+	&pand	($acc0,$mask);
+	&movd	($acc1,&DWP(4,$np,$j,4));	# np[j+1]
+	&paddq	($car1,$acc0);			# +=ap[j]*bp[i]+tp[j]
+	&movd	($acc0,&DWP(4,$ap,$j,4));	# ap[j+1]
+	&psrlq	($car0,32);
+	&movd	(&DWP($frame-4,"esp",$j,4),$car1);# tp[j-1]=
+	&psrlq	($car1,32);
+	&paddq	($car0,$temp);			# +=tp[j+1]
+
+	&dec	($num);
+	&lea	($j,&DWP(1,$j));		# j++
+	&jnz	(&label("inner"));
+
+	&mov	($num,$j);
+	&pmuludq($acc0,$mul0);			# ap[num-1]*bp[i]
+	&pmuludq($acc1,$mul1);			# np[num-1]*m1
+	&paddq	($car0,$acc0);			# +=c0
+	&paddq	($car1,$acc1);			# +=c1
+
+	&movq	($acc0,$car0);
+	&pand	($acc0,$mask);
+	&paddq	($car1,$acc0);			# +=ap[num-1]*bp[i]+tp[num-1]
+	&movd	(&DWP($frame-4,"esp",$j,4),$car1);	# tp[num-2]=
+	&psrlq	($car0,32);
+	&psrlq	($car1,32);
+
+	&movd	($temp,&DWP($frame+4,"esp",$num,4));	# += tp[num]
+	&paddq	($car1,$car0);
+	&paddq	($car1,$temp);
+	&movq	(&QWP($frame,"esp",$num,4),$car1);	# tp[num].tp[num-1]
+
+	&lea	($i,&DWP(1,$i));		# i++
+	&cmp	($i,$num);
+	&jle	(&label("outer"));
+
+	&emms	();				# done with mmx bank
+	&jmp	(&label("common_tail"));
+
+&set_label("non_sse2",16);
+}
+

+if (0) {
+	&mov	("esp",$_sp);
+	&xor	("eax","eax");	# signal "not fast enough [yet]"
+	&jmp	(&label("just_leave"));
+	# While the below code provides competitive performance for
+	# all key lengthes on modern Intel cores, it's still more
+	# than 10% slower for 4096-bit key elsewhere:-( "Competitive"
+	# means compared to the original integer-only assembler.
+	# 512-bit RSA sign is better by ~40%, but that's about all
+	# one can say about all CPUs...
+} else {
+$inp="esi";	# integer path uses these registers differently
+$word="edi";
+$carry="ebp";
+
+	&mov	($inp,$_ap);
+	&lea	($carry,&DWP(1,$num));
+	&mov	($word,$_bp);
+	&xor	($j,$j);				# j=0
+	&mov	("edx",$inp);
+	&and	($carry,1);				# see if num is even
+	&sub	("edx",$word);				# see if ap==bp
+	&lea	("eax",&DWP(4,$word,$num,4));		# &bp[num]
+	&or	($carry,"edx");
+	&mov	($word,&DWP(0,$word));			# bp[0]
+	&jz	(&label("bn_sqr_mont"));
+	&mov	($_bpend,"eax");
+	&mov	("eax",&DWP(0,$inp));
+	&xor	("edx","edx");
+
+&set_label("mull",16);
+	&mov	($carry,"edx");
+	&mul	($word);				# ap[j]*bp[0]
+	&add	($carry,"eax");
+	&lea	($j,&DWP(1,$j));
+	&adc	("edx",0);
+	&mov	("eax",&DWP(0,$inp,$j,4));		# ap[j+1]
+	&cmp	($j,$num);
+	&mov	(&DWP($frame-4,"esp",$j,4),$carry);	# tp[j]=
+	&jl	(&label("mull"));
+
+	&mov	($carry,"edx");
+	&mul	($word);				# ap[num-1]*bp[0]
+	 &mov	($word,$_n0);
+	&add	("eax",$carry);
+	 &mov	($inp,$_np);
+	&adc	("edx",0);
+	 &imul	($word,&DWP($frame,"esp"));		# n0*tp[0]
+
+	&mov	(&DWP($frame,"esp",$num,4),"eax");	# tp[num-1]=
+	&xor	($j,$j);
+	&mov	(&DWP($frame+4,"esp",$num,4),"edx");	# tp[num]=
+	&mov	(&DWP($frame+8,"esp",$num,4),$j);	# tp[num+1]=
+
+	&mov	("eax",&DWP(0,$inp));			# np[0]
+	&mul	($word);				# np[0]*m
+	&add	("eax",&DWP($frame,"esp"));		# +=tp[0]
+	&mov	("eax",&DWP(4,$inp));			# np[1]
+	&adc	("edx",0);
+	&inc	($j);
+
+	&jmp	(&label("2ndmadd"));
+


+&set_label("1stmadd",16);
+	&mov	($carry,"edx");
+	&mul	($word);				# ap[j]*bp[i]
+	&add	($carry,&DWP($frame,"esp",$j,4));	# +=tp[j]
+	&lea	($j,&DWP(1,$j));
+	&adc	("edx",0);
+	&add	($carry,"eax");
+	&mov	("eax",&DWP(0,$inp,$j,4));		# ap[j+1]
+	&adc	("edx",0);
+	&cmp	($j,$num);
+	&mov	(&DWP($frame-4,"esp",$j,4),$carry);	# tp[j]=
+	&jl	(&label("1stmadd"));
+
+	&mov	($carry,"edx");
+	&mul	($word);				# ap[num-1]*bp[i]
+	&add	("eax",&DWP($frame,"esp",$num,4));	# +=tp[num-1]
+	 &mov	($word,$_n0);
+	&adc	("edx",0);
+	 &mov	($inp,$_np);
+	&add	($carry,"eax");
+	&adc	("edx",0);
+	 &imul	($word,&DWP($frame,"esp"));		# n0*tp[0]
+
+	&xor	($j,$j);
+	&add	("edx",&DWP($frame+4,"esp",$num,4));	# carry+=tp[num]
+	&mov	(&DWP($frame,"esp",$num,4),$carry);	# tp[num-1]=
+	&adc	($j,0);
+	 &mov	("eax",&DWP(0,$inp));			# np[0]
+	&mov	(&DWP($frame+4,"esp",$num,4),"edx");	# tp[num]=
+	&mov	(&DWP($frame+8,"esp",$num,4),$j);	# tp[num+1]=
+
+	&mul	($word);				# np[0]*m
+	&add	("eax",&DWP($frame,"esp"));		# +=tp[0]
+	&mov	("eax",&DWP(4,$inp));			# np[1]
+	&adc	("edx",0);
+	&mov	($j,1);
+

+&set_label("2ndmadd",16);
+	&mov	($carry,"edx");
+	&mul	($word);				# np[j]*m
+	&add	($carry,&DWP($frame,"esp",$j,4));	# +=tp[j]
+	&lea	($j,&DWP(1,$j));
+	&adc	("edx",0);
+	&add	($carry,"eax");
+	&mov	("eax",&DWP(0,$inp,$j,4));		# np[j+1]
+	&adc	("edx",0);
+	&cmp	($j,$num);
+	&mov	(&DWP($frame-8,"esp",$j,4),$carry);	# tp[j-1]=
+	&jl	(&label("2ndmadd"));
+
+	&mov	($carry,"edx");
+	&mul	($word);				# np[j]*m
+	&add	($carry,&DWP($frame,"esp",$num,4));	# +=tp[num-1]
+	&adc	("edx",0);
+	&add	($carry,"eax");
+	&adc	("edx",0);
+	&mov	(&DWP($frame-4,"esp",$num,4),$carry);	# tp[num-2]=
+
+	&xor	("eax","eax");
+	 &mov	($j,$_bp);				# &bp[i]
+	&add	("edx",&DWP($frame+4,"esp",$num,4));	# carry+=tp[num]
+	&adc	("eax",&DWP($frame+8,"esp",$num,4));	# +=tp[num+1]
+	 &lea	($j,&DWP(4,$j));
+	&mov	(&DWP($frame,"esp",$num,4),"edx");	# tp[num-1]=
+	 &cmp	($j,$_bpend);
+	&mov	(&DWP($frame+4,"esp",$num,4),"eax");	# tp[num]=
+	&je	(&label("common_tail"));
+
+	&mov	($word,&DWP(0,$j));			# bp[i+1]
+	&mov	($inp,$_ap);
+	&mov	($_bp,$j);				# &bp[++i]
+	&xor	($j,$j);
+	&xor	("edx","edx");
+	&mov	("eax",&DWP(0,$inp));
+	&jmp	(&label("1stmadd"));
+

+&set_label("bn_sqr_mont",16);
+$sbit=$num;
+	&mov	($_num,$num);
+	&mov	($_bp,$j);				# i=0
+
+	&mov	("eax",$word);				# ap[0]
+	&mul	($word);				# ap[0]*ap[0]
+	&mov	(&DWP($frame,"esp"),"eax");		# tp[0]=
+	&mov	($sbit,"edx");
+	&shr	("edx",1);
+	&and	($sbit,1);
+	&inc	($j);
+&set_label("sqr",16);
+	&mov	("eax",&DWP(0,$inp,$j,4));		# ap[j]
+	&mov	($carry,"edx");
+	&mul	($word);				# ap[j]*ap[0]
+	&add	("eax",$carry);
+	&lea	($j,&DWP(1,$j));
+	&adc	("edx",0);
+	&lea	($carry,&DWP(0,$sbit,"eax",2));
+	&shr	("eax",31);
+	&cmp	($j,$_num);
+	&mov	($sbit,"eax");
+	&mov	(&DWP($frame-4,"esp",$j,4),$carry);	# tp[j]=
+	&jl	(&label("sqr"));
+
+	&mov	("eax",&DWP(0,$inp,$j,4));		# ap[num-1]
+	&mov	($carry,"edx");
+	&mul	($word);				# ap[num-1]*ap[0]
+	&add	("eax",$carry);
+	 &mov	($word,$_n0);
+	&adc	("edx",0);
+	 &mov	($inp,$_np);
+	&lea	($carry,&DWP(0,$sbit,"eax",2));
+	 &imul	($word,&DWP($frame,"esp"));		# n0*tp[0]
+	&shr	("eax",31);
+	&mov	(&DWP($frame,"esp",$j,4),$carry);	# tp[num-1]=
+
+	&lea	($carry,&DWP(0,"eax","edx",2));
+	 &mov	("eax",&DWP(0,$inp));			# np[0]
+	&shr	("edx",31);
+	&mov	(&DWP($frame+4,"esp",$j,4),$carry);	# tp[num]=
+	&mov	(&DWP($frame+8,"esp",$j,4),"edx");	# tp[num+1]=
+
+	&mul	($word);				# np[0]*m
+	&add	("eax",&DWP($frame,"esp"));		# +=tp[0]
+	&mov	($num,$j);
+	&adc	("edx",0);
+	&mov	("eax",&DWP(4,$inp));			# np[1]
+	&mov	($j,1);
+


+&set_label("3rdmadd",16);
+	&mov	($carry,"edx");
+	&mul	($word);				# np[j]*m
+	&add	($carry,&DWP($frame,"esp",$j,4));	# +=tp[j]
+	&adc	("edx",0);
+	&add	($carry,"eax");
+	&mov	("eax",&DWP(4,$inp,$j,4));		# np[j+1]
+	&adc	("edx",0);
+	&mov	(&DWP($frame-4,"esp",$j,4),$carry);	# tp[j-1]=
+
+	&mov	($carry,"edx");
+	&mul	($word);				# np[j+1]*m
+	&add	($carry,&DWP($frame+4,"esp",$j,4));	# +=tp[j+1]
+	&lea	($j,&DWP(2,$j));
+	&adc	("edx",0);
+	&add	($carry,"eax");
+	&mov	("eax",&DWP(0,$inp,$j,4));		# np[j+2]
+	&adc	("edx",0);
+	&cmp	($j,$num);
+	&mov	(&DWP($frame-8,"esp",$j,4),$carry);	# tp[j]=
+	&jl	(&label("3rdmadd"));
+
+	&mov	($carry,"edx");
+	&mul	($word);				# np[j]*m
+	&add	($carry,&DWP($frame,"esp",$num,4));	# +=tp[num-1]
+	&adc	("edx",0);
+	&add	($carry,"eax");
+	&adc	("edx",0);
+	&mov	(&DWP($frame-4,"esp",$num,4),$carry);	# tp[num-2]=
+
+	&mov	($j,$_bp);				# i
+	&xor	("eax","eax");
+	&mov	($inp,$_ap);
+	&add	("edx",&DWP($frame+4,"esp",$num,4));	# carry+=tp[num]
+	&adc	("eax",&DWP($frame+8,"esp",$num,4));	# +=tp[num+1]
+	&mov	(&DWP($frame,"esp",$num,4),"edx");	# tp[num-1]=
+	&cmp	($j,$num);
+	&mov	(&DWP($frame+4,"esp",$num,4),"eax");	# tp[num]=
+	&je	(&label("common_tail"));
+

+	&mov	($word,&DWP(4,$inp,$j,4));		# ap[i]
+	&lea	($j,&DWP(1,$j));
+	&mov	("eax",$word);
+	&mov	($_bp,$j);				# ++i
+	&mul	($word);				# ap[i]*ap[i]
+	&add	("eax",&DWP($frame,"esp",$j,4));	# +=tp[i]
+	&adc	("edx",0);
+	&mov	(&DWP($frame,"esp",$j,4),"eax");	# tp[i]=
+	&xor	($carry,$carry);
+	&cmp	($j,$num);
+	&lea	($j,&DWP(1,$j));
+	&je	(&label("sqrlast"));
+
+	&mov	($sbit,"edx");				# zaps $num
+	&shr	("edx",1);
+	&and	($sbit,1);
+&set_label("sqradd",16);
+	&mov	("eax",&DWP(0,$inp,$j,4));		# ap[j]
+	&mov	($carry,"edx");
+	&mul	($word);				# ap[j]*ap[i]
+	&add	("eax",$carry);
+	&lea	($carry,&DWP(0,"eax","eax"));
+	&adc	("edx",0);
+	&shr	("eax",31);
+	&add	($carry,&DWP($frame,"esp",$j,4));	# +=tp[j]
+	&lea	($j,&DWP(1,$j));
+	&adc	("eax",0);
+	&add	($carry,$sbit);
+	&adc	("eax",0);
+	&cmp	($j,$_num);
+	&mov	(&DWP($frame-4,"esp",$j,4),$carry);	# tp[j]=
+	&mov	($sbit,"eax");
+	&jle	(&label("sqradd"));
+
+	&mov	($carry,"edx");
+	&add	("edx","edx");
+	&shr	($carry,31);
+	&add	("edx",$sbit);
+	&adc	($carry,0);
+&set_label("sqrlast");
+	&mov	($word,$_n0);
+	&mov	($inp,$_np);
+	&imul	($word,&DWP($frame,"esp"));		# n0*tp[0]
+
+	&add	("edx",&DWP($frame,"esp",$j,4));	# +=tp[num]
+	&mov	("eax",&DWP(0,$inp));			# np[0]
+	&adc	($carry,0);
+	&mov	(&DWP($frame,"esp",$j,4),"edx");	# tp[num]=
+	&mov	(&DWP($frame+4,"esp",$j,4),$carry);	# tp[num+1]=
+
+	&mul	($word);				# np[0]*m
+	&add	("eax",&DWP($frame,"esp"));		# +=tp[0]
+	&lea	($num,&DWP(-1,$j));
+	&adc	("edx",0);
+	&mov	($j,1);
+	&mov	("eax",&DWP(4,$inp));			# np[1]
+
+	&jmp	(&label("3rdmadd"));
+}
+

+&set_label("common_tail",16);
+	&mov	($np,$_np);			# load modulus pointer
+	&mov	($rp,$_rp);			# load result pointer
+	&lea	($tp,&DWP($frame,"esp"));	# [$ap and $bp are zapped]
+
+	&mov	("eax",&DWP(0,$tp));		# tp[0]
+	&mov	($j,$num);			# j=num-1
+	&xor	($i,$i);			# i=0 and clear CF!
+
+&set_label("sub",16);
+	&sbb	("eax",&DWP(0,$np,$i,4));
+	&mov	(&DWP(0,$rp,$i,4),"eax");	# rp[i]=tp[i]-np[i]
+	&dec	($j);				# doesn't affect CF!
+	&mov	("eax",&DWP(4,$tp,$i,4));	# tp[i+1]
+	&lea	($i,&DWP(1,$i));		# i++
+	&jge	(&label("sub"));
+
+	&sbb	("eax",0);			# handle upmost overflow bit
+	&and	($tp,"eax");
+	&not	("eax");
+	&mov	($np,$rp);
+	&and	($np,"eax");
+	&or	($tp,$np);			# tp=carry?tp:rp
+
+&set_label("copy",16);				# copy or in-place refresh
+	&mov	("eax",&DWP(0,$tp,$num,4));
+	&mov	(&DWP(0,$rp,$num,4),"eax");	# rp[i]=tp[i]
+	&mov	(&DWP($frame,"esp",$num,4),$j);	# zap temporary vector
+	&dec	($num);
+	&jge	(&label("copy"));
+
+	&mov	("esp",$_sp);		# pull saved stack pointer
+	&mov	("eax",1);
+&set_label("just_leave");
+&function_end("bn_mul_mont");
+
+&asciz("Montgomery Multiplication for x86, CRYPTOGAMS by <appro\@openssl.org>");
+
+&asm_finish();

Deleted: vendor-crypto/openssl/1.0.1u/crypto/bn/asm/x86_64-mont.pl
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont.pl	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/bn/asm/x86_64-mont.pl	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,1681 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# October 2005.
-#
-# Montgomery multiplication routine for x86_64. While it gives modest
-# 9% improvement of rsa4096 sign on Opteron, rsa512 sign runs more
-# than twice, >2x, as fast. Most common rsa1024 sign is improved by
-# respectful 50%. It remains to be seen if loop unrolling and
-# dedicated squaring routine can provide further improvement...
-
-# July 2011.
-#
-# Add dedicated squaring procedure. Performance improvement varies
-# from platform to platform, but in average it's ~5%/15%/25%/33%
-# for 512-/1024-/2048-/4096-bit RSA *sign* benchmarks respectively.
-
-# August 2011.
-#
-# Unroll and modulo-schedule inner loops in such manner that they
-# are "fallen through" for input lengths of 8, which is critical for
-# 1024-bit RSA *sign*. Average performance improvement in comparison
-# to *initial* version of this module from 2005 is ~0%/30%/40%/45%
-# for 512-/1024-/2048-/4096-bit RSA *sign* benchmarks respectively.
-
-$flavour = shift;
-$output  = shift;
-if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
-
-$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
-( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
-die "can't locate x86_64-xlate.pl";
-
-open OUT,"| \"$^X\" $xlate $flavour $output";
-*STDOUT=*OUT;
-
-# int bn_mul_mont(
-$rp="%rdi";	# BN_ULONG *rp,
-$ap="%rsi";	# const BN_ULONG *ap,
-$bp="%rdx";	# const BN_ULONG *bp,
-$np="%rcx";	# const BN_ULONG *np,
-$n0="%r8";	# const BN_ULONG *n0,
-$num="%r9";	# int num);
-$lo0="%r10";
-$hi0="%r11";
-$hi1="%r13";
-$i="%r14";
-$j="%r15";
-$m0="%rbx";
-$m1="%rbp";
-
-$code=<<___;
-.text
-
-.globl	bn_mul_mont
-.type	bn_mul_mont,\@function,6
-.align	16
-bn_mul_mont:
-	test	\$3,${num}d
-	jnz	.Lmul_enter
-	cmp	\$8,${num}d
-	jb	.Lmul_enter
-	cmp	$ap,$bp
-	jne	.Lmul4x_enter
-	jmp	.Lsqr4x_enter
-
-.align	16
-.Lmul_enter:
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-
-	mov	${num}d,${num}d
-	lea	2($num),%r10
-	mov	%rsp,%r11
-	neg	%r10
-	lea	(%rsp,%r10,8),%rsp	# tp=alloca(8*(num+2))
-	and	\$-1024,%rsp		# minimize TLB usage
-
-	mov	%r11,8(%rsp,$num,8)	# tp[num+1]=%rsp
-.Lmul_body:
-	mov	$bp,%r12		# reassign $bp
-___
-		$bp="%r12";
-$code.=<<___;
-	mov	($n0),$n0		# pull n0[0] value
-	mov	($bp),$m0		# m0=bp[0]
-	mov	($ap),%rax
-
-	xor	$i,$i			# i=0
-	xor	$j,$j			# j=0
-
-	mov	$n0,$m1
-	mulq	$m0			# ap[0]*bp[0]
-	mov	%rax,$lo0
-	mov	($np),%rax
-
-	imulq	$lo0,$m1		# "tp[0]"*n0
-	mov	%rdx,$hi0
-
-	mulq	$m1			# np[0]*m1
-	add	%rax,$lo0		# discarded
-	mov	8($ap),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$hi1
-
-	lea	1($j),$j		# j++
-	jmp	.L1st_enter
-
-.align	16
-.L1st:
-	add	%rax,$hi1
-	mov	($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$hi0,$hi1		# np[j]*m1+ap[j]*bp[0]
-	mov	$lo0,$hi0
-	adc	\$0,%rdx
-	mov	$hi1,-16(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$hi1
-
-.L1st_enter:
-	mulq	$m0			# ap[j]*bp[0]
-	add	%rax,$hi0
-	mov	($np,$j,8),%rax
-	adc	\$0,%rdx
-	lea	1($j),$j		# j++
-	mov	%rdx,$lo0
-
-	mulq	$m1			# np[j]*m1
-	cmp	$num,$j
-	jne	.L1st
-
-	add	%rax,$hi1
-	mov	($ap),%rax		# ap[0]
-	adc	\$0,%rdx
-	add	$hi0,$hi1		# np[j]*m1+ap[j]*bp[0]
-	adc	\$0,%rdx
-	mov	$hi1,-16(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$hi1
-	mov	$lo0,$hi0
-
-	xor	%rdx,%rdx
-	add	$hi0,$hi1
-	adc	\$0,%rdx
-	mov	$hi1,-8(%rsp,$num,8)
-	mov	%rdx,(%rsp,$num,8)	# store upmost overflow bit
-
-	lea	1($i),$i		# i++
-	jmp	.Louter
-.align	16
-.Louter:
-	mov	($bp,$i,8),$m0		# m0=bp[i]
-	xor	$j,$j			# j=0
-	mov	$n0,$m1
-	mov	(%rsp),$lo0
-	mulq	$m0			# ap[0]*bp[i]
-	add	%rax,$lo0		# ap[0]*bp[i]+tp[0]
-	mov	($np),%rax
-	adc	\$0,%rdx
-
-	imulq	$lo0,$m1		# tp[0]*n0
-	mov	%rdx,$hi0
-
-	mulq	$m1			# np[0]*m1
-	add	%rax,$lo0		# discarded
-	mov	8($ap),%rax
-	adc	\$0,%rdx
-	mov	8(%rsp),$lo0		# tp[1]
-	mov	%rdx,$hi1
-
-	lea	1($j),$j		# j++
-	jmp	.Linner_enter
-
-.align	16
-.Linner:
-	add	%rax,$hi1
-	mov	($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$lo0,$hi1		# np[j]*m1+ap[j]*bp[i]+tp[j]
-	mov	(%rsp,$j,8),$lo0
-	adc	\$0,%rdx
-	mov	$hi1,-16(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$hi1
-
-.Linner_enter:
-	mulq	$m0			# ap[j]*bp[i]
-	add	%rax,$hi0
-	mov	($np,$j,8),%rax
-	adc	\$0,%rdx
-	add	$hi0,$lo0		# ap[j]*bp[i]+tp[j]
-	mov	%rdx,$hi0
-	adc	\$0,$hi0
-	lea	1($j),$j		# j++
-
-	mulq	$m1			# np[j]*m1
-	cmp	$num,$j
-	jne	.Linner
-
-	add	%rax,$hi1
-	mov	($ap),%rax		# ap[0]
-	adc	\$0,%rdx
-	add	$lo0,$hi1		# np[j]*m1+ap[j]*bp[i]+tp[j]
-	mov	(%rsp,$j,8),$lo0
-	adc	\$0,%rdx
-	mov	$hi1,-16(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$hi1
-
-	xor	%rdx,%rdx
-	add	$hi0,$hi1
-	adc	\$0,%rdx
-	add	$lo0,$hi1		# pull upmost overflow bit
-	adc	\$0,%rdx
-	mov	$hi1,-8(%rsp,$num,8)
-	mov	%rdx,(%rsp,$num,8)	# store upmost overflow bit
-
-	lea	1($i),$i		# i++
-	cmp	$num,$i
-	jl	.Louter
-
-	xor	$i,$i			# i=0 and clear CF!
-	mov	(%rsp),%rax		# tp[0]
-	lea	(%rsp),$ap		# borrow ap for tp
-	mov	$num,$j			# j=num
-	jmp	.Lsub
-.align	16
-.Lsub:	sbb	($np,$i,8),%rax
-	mov	%rax,($rp,$i,8)		# rp[i]=tp[i]-np[i]
-	mov	8($ap,$i,8),%rax	# tp[i+1]
-	lea	1($i),$i		# i++
-	dec	$j			# doesnn't affect CF!
-	jnz	.Lsub
-
-	sbb	\$0,%rax		# handle upmost overflow bit
-	xor	$i,$i
-	and	%rax,$ap
-	not	%rax
-	mov	$rp,$np
-	and	%rax,$np
-	mov	$num,$j			# j=num
-	or	$np,$ap			# ap=borrow?tp:rp
-.align	16
-.Lcopy:					# copy or in-place refresh
-	mov	($ap,$i,8),%rax
-	mov	$i,(%rsp,$i,8)		# zap temporary vector
-	mov	%rax,($rp,$i,8)		# rp[i]=tp[i]
-	lea	1($i),$i
-	sub	\$1,$j
-	jnz	.Lcopy
-
-	mov	8(%rsp,$num,8),%rsi	# restore %rsp
-	mov	\$1,%rax
-	mov	(%rsi),%r15
-	mov	8(%rsi),%r14
-	mov	16(%rsi),%r13
-	mov	24(%rsi),%r12
-	mov	32(%rsi),%rbp
-	mov	40(%rsi),%rbx
-	lea	48(%rsi),%rsp
-.Lmul_epilogue:
-	ret
-.size	bn_mul_mont,.-bn_mul_mont
-___
-{{{
-my @A=("%r10","%r11");
-my @N=("%r13","%rdi");
-$code.=<<___;
-.type	bn_mul4x_mont,\@function,6
-.align	16
-bn_mul4x_mont:
-.Lmul4x_enter:
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-
-	mov	${num}d,${num}d
-	lea	4($num),%r10
-	mov	%rsp,%r11
-	neg	%r10
-	lea	(%rsp,%r10,8),%rsp	# tp=alloca(8*(num+4))
-	and	\$-1024,%rsp		# minimize TLB usage
-
-	mov	%r11,8(%rsp,$num,8)	# tp[num+1]=%rsp
-.Lmul4x_body:
-	mov	$rp,16(%rsp,$num,8)	# tp[num+2]=$rp
-	mov	%rdx,%r12		# reassign $bp
-___
-		$bp="%r12";
-$code.=<<___;
-	mov	($n0),$n0		# pull n0[0] value
-	mov	($bp),$m0		# m0=bp[0]
-	mov	($ap),%rax
-
-	xor	$i,$i			# i=0
-	xor	$j,$j			# j=0
-
-	mov	$n0,$m1
-	mulq	$m0			# ap[0]*bp[0]
-	mov	%rax,$A[0]
-	mov	($np),%rax
-
-	imulq	$A[0],$m1		# "tp[0]"*n0
-	mov	%rdx,$A[1]
-
-	mulq	$m1			# np[0]*m1
-	add	%rax,$A[0]		# discarded
-	mov	8($ap),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$N[1]
-
-	mulq	$m0
-	add	%rax,$A[1]
-	mov	8($np),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$A[0]
-
-	mulq	$m1
-	add	%rax,$N[1]
-	mov	16($ap),%rax
-	adc	\$0,%rdx
-	add	$A[1],$N[1]
-	lea	4($j),$j		# j++
-	adc	\$0,%rdx
-	mov	$N[1],(%rsp)
-	mov	%rdx,$N[0]
-	jmp	.L1st4x
-.align	16
-.L1st4x:
-	mulq	$m0			# ap[j]*bp[0]
-	add	%rax,$A[0]
-	mov	-16($np,$j,8),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$A[1]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[0]
-	mov	-8($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[0],$N[0]		# np[j]*m1+ap[j]*bp[0]
-	adc	\$0,%rdx
-	mov	$N[0],-24(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[1]
-
-	mulq	$m0			# ap[j]*bp[0]
-	add	%rax,$A[1]
-	mov	-8($np,$j,8),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$A[0]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[1]
-	mov	($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[0]
-	adc	\$0,%rdx
-	mov	$N[1],-16(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[0]
-
-	mulq	$m0			# ap[j]*bp[0]
-	add	%rax,$A[0]
-	mov	($np,$j,8),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$A[1]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[0]
-	mov	8($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[0],$N[0]		# np[j]*m1+ap[j]*bp[0]
-	adc	\$0,%rdx
-	mov	$N[0],-8(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[1]
-
-	mulq	$m0			# ap[j]*bp[0]
-	add	%rax,$A[1]
-	mov	8($np,$j,8),%rax
-	adc	\$0,%rdx
-	lea	4($j),$j		# j++
-	mov	%rdx,$A[0]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[1]
-	mov	-16($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[0]
-	adc	\$0,%rdx
-	mov	$N[1],-32(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[0]
-	cmp	$num,$j
-	jl	.L1st4x
-
-	mulq	$m0			# ap[j]*bp[0]
-	add	%rax,$A[0]
-	mov	-16($np,$j,8),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$A[1]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[0]
-	mov	-8($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[0],$N[0]		# np[j]*m1+ap[j]*bp[0]
-	adc	\$0,%rdx
-	mov	$N[0],-24(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[1]
-
-	mulq	$m0			# ap[j]*bp[0]
-	add	%rax,$A[1]
-	mov	-8($np,$j,8),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$A[0]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[1]
-	mov	($ap),%rax		# ap[0]
-	adc	\$0,%rdx
-	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[0]
-	adc	\$0,%rdx
-	mov	$N[1],-16(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[0]
-
-	xor	$N[1],$N[1]
-	add	$A[0],$N[0]
-	adc	\$0,$N[1]
-	mov	$N[0],-8(%rsp,$j,8)
-	mov	$N[1],(%rsp,$j,8)	# store upmost overflow bit
-
-	lea	1($i),$i		# i++
-.align	4
-.Louter4x:
-	mov	($bp,$i,8),$m0		# m0=bp[i]
-	xor	$j,$j			# j=0
-	mov	(%rsp),$A[0]
-	mov	$n0,$m1
-	mulq	$m0			# ap[0]*bp[i]
-	add	%rax,$A[0]		# ap[0]*bp[i]+tp[0]
-	mov	($np),%rax
-	adc	\$0,%rdx
-
-	imulq	$A[0],$m1		# tp[0]*n0
-	mov	%rdx,$A[1]
-
-	mulq	$m1			# np[0]*m1
-	add	%rax,$A[0]		# "$N[0]", discarded
-	mov	8($ap),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$N[1]
-
-	mulq	$m0			# ap[j]*bp[i]
-	add	%rax,$A[1]
-	mov	8($np),%rax
-	adc	\$0,%rdx
-	add	8(%rsp),$A[1]		# +tp[1]
-	adc	\$0,%rdx
-	mov	%rdx,$A[0]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[1]
-	mov	16($ap),%rax
-	adc	\$0,%rdx
-	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[i]+tp[j]
-	lea	4($j),$j		# j+=2
-	adc	\$0,%rdx
-	mov	$N[1],(%rsp)		# tp[j-1]
-	mov	%rdx,$N[0]
-	jmp	.Linner4x
-.align	16
-.Linner4x:
-	mulq	$m0			# ap[j]*bp[i]
-	add	%rax,$A[0]
-	mov	-16($np,$j,8),%rax
-	adc	\$0,%rdx
-	add	-16(%rsp,$j,8),$A[0]	# ap[j]*bp[i]+tp[j]
-	adc	\$0,%rdx
-	mov	%rdx,$A[1]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[0]
-	mov	-8($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[0],$N[0]
-	adc	\$0,%rdx
-	mov	$N[0],-24(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[1]
-
-	mulq	$m0			# ap[j]*bp[i]
-	add	%rax,$A[1]
-	mov	-8($np,$j,8),%rax
-	adc	\$0,%rdx
-	add	-8(%rsp,$j,8),$A[1]
-	adc	\$0,%rdx
-	mov	%rdx,$A[0]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[1]
-	mov	($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[1],$N[1]
-	adc	\$0,%rdx
-	mov	$N[1],-16(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[0]
-
-	mulq	$m0			# ap[j]*bp[i]
-	add	%rax,$A[0]
-	mov	($np,$j,8),%rax
-	adc	\$0,%rdx
-	add	(%rsp,$j,8),$A[0]	# ap[j]*bp[i]+tp[j]
-	adc	\$0,%rdx
-	mov	%rdx,$A[1]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[0]
-	mov	8($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[0],$N[0]
-	adc	\$0,%rdx
-	mov	$N[0],-8(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[1]
-
-	mulq	$m0			# ap[j]*bp[i]
-	add	%rax,$A[1]
-	mov	8($np,$j,8),%rax
-	adc	\$0,%rdx
-	add	8(%rsp,$j,8),$A[1]
-	adc	\$0,%rdx
-	lea	4($j),$j		# j++
-	mov	%rdx,$A[0]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[1]
-	mov	-16($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[1],$N[1]
-	adc	\$0,%rdx
-	mov	$N[1],-32(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[0]
-	cmp	$num,$j
-	jl	.Linner4x
-
-	mulq	$m0			# ap[j]*bp[i]
-	add	%rax,$A[0]
-	mov	-16($np,$j,8),%rax
-	adc	\$0,%rdx
-	add	-16(%rsp,$j,8),$A[0]	# ap[j]*bp[i]+tp[j]
-	adc	\$0,%rdx
-	mov	%rdx,$A[1]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[0]
-	mov	-8($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[0],$N[0]
-	adc	\$0,%rdx
-	mov	$N[0],-24(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[1]
-
-	mulq	$m0			# ap[j]*bp[i]
-	add	%rax,$A[1]
-	mov	-8($np,$j,8),%rax
-	adc	\$0,%rdx
-	add	-8(%rsp,$j,8),$A[1]
-	adc	\$0,%rdx
-	lea	1($i),$i		# i++
-	mov	%rdx,$A[0]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[1]
-	mov	($ap),%rax		# ap[0]
-	adc	\$0,%rdx
-	add	$A[1],$N[1]
-	adc	\$0,%rdx
-	mov	$N[1],-16(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[0]
-
-	xor	$N[1],$N[1]
-	add	$A[0],$N[0]
-	adc	\$0,$N[1]
-	add	(%rsp,$num,8),$N[0]	# pull upmost overflow bit
-	adc	\$0,$N[1]
-	mov	$N[0],-8(%rsp,$j,8)
-	mov	$N[1],(%rsp,$j,8)	# store upmost overflow bit
-
-	cmp	$num,$i
-	jl	.Louter4x
-___
-{
-my @ri=("%rax","%rdx",$m0,$m1);
-$code.=<<___;
-	mov	16(%rsp,$num,8),$rp	# restore $rp
-	mov	0(%rsp), at ri[0]		# tp[0]
-	pxor	%xmm0,%xmm0
-	mov	8(%rsp), at ri[1]		# tp[1]
-	shr	\$2,$num		# num/=4
-	lea	(%rsp),$ap		# borrow ap for tp
-	xor	$i,$i			# i=0 and clear CF!
-
-	sub	0($np), at ri[0]
-	mov	16($ap), at ri[2]		# tp[2]
-	mov	24($ap), at ri[3]		# tp[3]
-	sbb	8($np), at ri[1]
-	lea	-1($num),$j		# j=num/4-1
-	jmp	.Lsub4x
-.align	16
-.Lsub4x:
-	mov	@ri[0],0($rp,$i,8)	# rp[i]=tp[i]-np[i]
-	mov	@ri[1],8($rp,$i,8)	# rp[i]=tp[i]-np[i]
-	sbb	16($np,$i,8), at ri[2]
-	mov	32($ap,$i,8), at ri[0]	# tp[i+1]
-	mov	40($ap,$i,8), at ri[1]
-	sbb	24($np,$i,8), at ri[3]
-	mov	@ri[2],16($rp,$i,8)	# rp[i]=tp[i]-np[i]
-	mov	@ri[3],24($rp,$i,8)	# rp[i]=tp[i]-np[i]
-	sbb	32($np,$i,8), at ri[0]
-	mov	48($ap,$i,8), at ri[2]
-	mov	56($ap,$i,8), at ri[3]
-	sbb	40($np,$i,8), at ri[1]
-	lea	4($i),$i		# i++
-	dec	$j			# doesnn't affect CF!
-	jnz	.Lsub4x
-
-	mov	@ri[0],0($rp,$i,8)	# rp[i]=tp[i]-np[i]
-	mov	32($ap,$i,8), at ri[0]	# load overflow bit
-	sbb	16($np,$i,8), at ri[2]
-	mov	@ri[1],8($rp,$i,8)	# rp[i]=tp[i]-np[i]
-	sbb	24($np,$i,8), at ri[3]
-	mov	@ri[2],16($rp,$i,8)	# rp[i]=tp[i]-np[i]
-
-	sbb	\$0, at ri[0]		# handle upmost overflow bit
-	mov	@ri[3],24($rp,$i,8)	# rp[i]=tp[i]-np[i]
-	xor	$i,$i			# i=0
-	and	@ri[0],$ap
-	not	@ri[0]
-	mov	$rp,$np
-	and	@ri[0],$np
-	lea	-1($num),$j
-	or	$np,$ap			# ap=borrow?tp:rp
-
-	movdqu	($ap),%xmm1
-	movdqa	%xmm0,(%rsp)
-	movdqu	%xmm1,($rp)
-	jmp	.Lcopy4x
-.align	16
-.Lcopy4x:					# copy or in-place refresh
-	movdqu	16($ap,$i),%xmm2
-	movdqu	32($ap,$i),%xmm1
-	movdqa	%xmm0,16(%rsp,$i)
-	movdqu	%xmm2,16($rp,$i)
-	movdqa	%xmm0,32(%rsp,$i)
-	movdqu	%xmm1,32($rp,$i)
-	lea	32($i),$i
-	dec	$j
-	jnz	.Lcopy4x
-
-	shl	\$2,$num
-	movdqu	16($ap,$i),%xmm2
-	movdqa	%xmm0,16(%rsp,$i)
-	movdqu	%xmm2,16($rp,$i)
-___
-}
-$code.=<<___;
-	mov	8(%rsp,$num,8),%rsi	# restore %rsp
-	mov	\$1,%rax
-	mov	(%rsi),%r15
-	mov	8(%rsi),%r14
-	mov	16(%rsi),%r13
-	mov	24(%rsi),%r12
-	mov	32(%rsi),%rbp
-	mov	40(%rsi),%rbx
-	lea	48(%rsi),%rsp
-.Lmul4x_epilogue:
-	ret
-.size	bn_mul4x_mont,.-bn_mul4x_mont
-___
-}}}
-
{{{
-######################################################################
-# void bn_sqr4x_mont(
-my $rptr="%rdi";	# const BN_ULONG *rptr,
-my $aptr="%rsi";	# const BN_ULONG *aptr,
-my $bptr="%rdx";	# not used
-my $nptr="%rcx";	# const BN_ULONG *nptr,
-my $n0  ="%r8";		# const BN_ULONG *n0);
-my $num ="%r9";		# int num, has to be divisible by 4 and
-			# not less than 8
-
-my ($i,$j,$tptr)=("%rbp","%rcx",$rptr);
-my @A0=("%r10","%r11");
-my @A1=("%r12","%r13");
-my ($a0,$a1,$ai)=("%r14","%r15","%rbx");
-
-$code.=<<___;
-.type	bn_sqr4x_mont,\@function,6
-.align	16
-bn_sqr4x_mont:
-.Lsqr4x_enter:
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-
-	shl	\$3,${num}d		# convert $num to bytes
-	xor	%r10,%r10
-	mov	%rsp,%r11		# put aside %rsp
-	sub	$num,%r10		# -$num
-	mov	($n0),$n0		# *n0
-	lea	-72(%rsp,%r10,2),%rsp	# alloca(frame+2*$num)
-	and	\$-1024,%rsp		# minimize TLB usage
-	##############################################################
-	# Stack layout
-	#
-	# +0	saved $num, used in reduction section
-	# +8	&t[2*$num], used in reduction section
-	# +32	saved $rptr
-	# +40	saved $nptr
-	# +48	saved *n0
-	# +56	saved %rsp
-	# +64	t[2*$num]
-	#
-	mov	$rptr,32(%rsp)		# save $rptr
-	mov	$nptr,40(%rsp)
-	mov	$n0,  48(%rsp)
-	mov	%r11, 56(%rsp)		# save original %rsp
-.Lsqr4x_body:
-	##############################################################
-	# Squaring part:
-	#
-	# a) multiply-n-add everything but a[i]*a[i];
-	# b) shift result of a) by 1 to the left and accumulate
-	#    a[i]*a[i] products;
-	#
-	lea	32(%r10),$i		# $i=-($num-32)
-	lea	($aptr,$num),$aptr	# end of a[] buffer, ($aptr,$i)=&ap[2]
-
-	mov	$num,$j			# $j=$num
-
-					# comments apply to $num==8 case
-	mov	-32($aptr,$i),$a0	# a[0]
-	lea	64(%rsp,$num,2),$tptr	# end of tp[] buffer, &tp[2*$num]
-	mov	-24($aptr,$i),%rax	# a[1]
-	lea	-32($tptr,$i),$tptr	# end of tp[] window, &tp[2*$num-"$i"]
-	mov	-16($aptr,$i),$ai	# a[2]
-	mov	%rax,$a1
-
-	mul	$a0			# a[1]*a[0]
-	mov	%rax,$A0[0]		# a[1]*a[0]
-	 mov	$ai,%rax		# a[2]
-	mov	%rdx,$A0[1]
-	mov	$A0[0],-24($tptr,$i)	# t[1]
-
-	xor	$A0[0],$A0[0]
-	mul	$a0			# a[2]*a[0]
-	add	%rax,$A0[1]
-	 mov	$ai,%rax
-	adc	%rdx,$A0[0]
-	mov	$A0[1],-16($tptr,$i)	# t[2]
-
-	lea	-16($i),$j		# j=-16
-
-
-	 mov	8($aptr,$j),$ai		# a[3]
-	mul	$a1			# a[2]*a[1]
-	mov	%rax,$A1[0]		# a[2]*a[1]+t[3]
-	 mov	$ai,%rax
-	mov	%rdx,$A1[1]
-
-	xor	$A0[1],$A0[1]
-	add	$A1[0],$A0[0]
-	 lea	16($j),$j
-	adc	\$0,$A0[1]
-	mul	$a0			# a[3]*a[0]
-	add	%rax,$A0[0]		# a[3]*a[0]+a[2]*a[1]+t[3]
-	 mov	$ai,%rax
-	adc	%rdx,$A0[1]
-	mov	$A0[0],-8($tptr,$j)	# t[3]
-	jmp	.Lsqr4x_1st
-
-.align	16
-.Lsqr4x_1st:
-	 mov	($aptr,$j),$ai		# a[4]
-	xor	$A1[0],$A1[0]
-	mul	$a1			# a[3]*a[1]
-	add	%rax,$A1[1]		# a[3]*a[1]+t[4]
-	 mov	$ai,%rax
-	adc	%rdx,$A1[0]
-
-	xor	$A0[0],$A0[0]
-	add	$A1[1],$A0[1]
-	adc	\$0,$A0[0]
-	mul	$a0			# a[4]*a[0]
-	add	%rax,$A0[1]		# a[4]*a[0]+a[3]*a[1]+t[4]
-	 mov	$ai,%rax		# a[3]
-	adc	%rdx,$A0[0]
-	mov	$A0[1],($tptr,$j)	# t[4]
-
-
-	 mov	8($aptr,$j),$ai		# a[5]
-	xor	$A1[1],$A1[1]
-	mul	$a1			# a[4]*a[3]
-	add	%rax,$A1[0]		# a[4]*a[3]+t[5]
-	 mov	$ai,%rax
-	adc	%rdx,$A1[1]
-
-	xor	$A0[1],$A0[1]
-	add	$A1[0],$A0[0]
-	adc	\$0,$A0[1]
-	mul	$a0			# a[5]*a[2]
-	add	%rax,$A0[0]		# a[5]*a[2]+a[4]*a[3]+t[5]
-	 mov	$ai,%rax
-	adc	%rdx,$A0[1]
-	mov	$A0[0],8($tptr,$j)	# t[5]
-
-	 mov	16($aptr,$j),$ai	# a[6]
-	xor	$A1[0],$A1[0]
-	mul	$a1			# a[5]*a[3]
-	add	%rax,$A1[1]		# a[5]*a[3]+t[6]
-	 mov	$ai,%rax
-	adc	%rdx,$A1[0]
-
-	xor	$A0[0],$A0[0]
-	add	$A1[1],$A0[1]
-	adc	\$0,$A0[0]
-	mul	$a0			# a[6]*a[2]
-	add	%rax,$A0[1]		# a[6]*a[2]+a[5]*a[3]+t[6]
-	 mov	$ai,%rax		# a[3]
-	adc	%rdx,$A0[0]
-	mov	$A0[1],16($tptr,$j)	# t[6]
-
-
-	 mov	24($aptr,$j),$ai	# a[7]
-	xor	$A1[1],$A1[1]
-	mul	$a1			# a[6]*a[5]
-	add	%rax,$A1[0]		# a[6]*a[5]+t[7]
-	 mov	$ai,%rax
-	adc	%rdx,$A1[1]
-
-	xor	$A0[1],$A0[1]
-	add	$A1[0],$A0[0]
-	 lea	32($j),$j
-	adc	\$0,$A0[1]
-	mul	$a0			# a[7]*a[4]
-	add	%rax,$A0[0]		# a[7]*a[4]+a[6]*a[5]+t[6]
-	 mov	$ai,%rax
-	adc	%rdx,$A0[1]
-	mov	$A0[0],-8($tptr,$j)	# t[7]
-
-	cmp	\$0,$j
-	jne	.Lsqr4x_1st
-
-	xor	$A1[0],$A1[0]
-	add	$A0[1],$A1[1]
-	adc	\$0,$A1[0]
-	mul	$a1			# a[7]*a[5]
-	add	%rax,$A1[1]
-	adc	%rdx,$A1[0]
-
-	mov	$A1[1],($tptr)		# t[8]
-	lea	16($i),$i
-	mov	$A1[0],8($tptr)		# t[9]
-	jmp	.Lsqr4x_outer
-
-.align	16
-.Lsqr4x_outer:				# comments apply to $num==6 case
-	mov	-32($aptr,$i),$a0	# a[0]
-	lea	64(%rsp,$num,2),$tptr	# end of tp[] buffer, &tp[2*$num]
-	mov	-24($aptr,$i),%rax	# a[1]
-	lea	-32($tptr,$i),$tptr	# end of tp[] window, &tp[2*$num-"$i"]
-	mov	-16($aptr,$i),$ai	# a[2]
-	mov	%rax,$a1
-
-	mov	-24($tptr,$i),$A0[0]	# t[1]
-	xor	$A0[1],$A0[1]
-	mul	$a0			# a[1]*a[0]
-	add	%rax,$A0[0]		# a[1]*a[0]+t[1]
-	 mov	$ai,%rax		# a[2]
-	adc	%rdx,$A0[1]
-	mov	$A0[0],-24($tptr,$i)	# t[1]
-
-	xor	$A0[0],$A0[0]
-	add	-16($tptr,$i),$A0[1]	# a[2]*a[0]+t[2]
-	adc	\$0,$A0[0]
-	mul	$a0			# a[2]*a[0]
-	add	%rax,$A0[1]
-	 mov	$ai,%rax
-	adc	%rdx,$A0[0]
-	mov	$A0[1],-16($tptr,$i)	# t[2]
-
-	lea	-16($i),$j		# j=-16
-	xor	$A1[0],$A1[0]
-
-
-	 mov	8($aptr,$j),$ai		# a[3]
-	xor	$A1[1],$A1[1]
-	add	8($tptr,$j),$A1[0]
-	adc	\$0,$A1[1]
-	mul	$a1			# a[2]*a[1]
-	add	%rax,$A1[0]		# a[2]*a[1]+t[3]
-	 mov	$ai,%rax
-	adc	%rdx,$A1[1]
-
-	xor	$A0[1],$A0[1]
-	add	$A1[0],$A0[0]
-	adc	\$0,$A0[1]
-	mul	$a0			# a[3]*a[0]
-	add	%rax,$A0[0]		# a[3]*a[0]+a[2]*a[1]+t[3]
-	 mov	$ai,%rax
-	adc	%rdx,$A0[1]
-	mov	$A0[0],8($tptr,$j)	# t[3]
-
-	lea	16($j),$j
-	jmp	.Lsqr4x_inner
-
-.align	16
-.Lsqr4x_inner:
-	 mov	($aptr,$j),$ai		# a[4]
-	xor	$A1[0],$A1[0]
-	add	($tptr,$j),$A1[1]
-	adc	\$0,$A1[0]
-	mul	$a1			# a[3]*a[1]
-	add	%rax,$A1[1]		# a[3]*a[1]+t[4]
-	 mov	$ai,%rax
-	adc	%rdx,$A1[0]
-
-	xor	$A0[0],$A0[0]
-	add	$A1[1],$A0[1]
-	adc	\$0,$A0[0]
-	mul	$a0			# a[4]*a[0]
-	add	%rax,$A0[1]		# a[4]*a[0]+a[3]*a[1]+t[4]
-	 mov	$ai,%rax		# a[3]
-	adc	%rdx,$A0[0]
-	mov	$A0[1],($tptr,$j)	# t[4]
-
-	 mov	8($aptr,$j),$ai		# a[5]
-	xor	$A1[1],$A1[1]
-	add	8($tptr,$j),$A1[0]
-	adc	\$0,$A1[1]
-	mul	$a1			# a[4]*a[3]
-	add	%rax,$A1[0]		# a[4]*a[3]+t[5]
-	 mov	$ai,%rax
-	adc	%rdx,$A1[1]
-
-	xor	$A0[1],$A0[1]
-	add	$A1[0],$A0[0]
-	lea	16($j),$j		# j++
-	adc	\$0,$A0[1]
-	mul	$a0			# a[5]*a[2]
-	add	%rax,$A0[0]		# a[5]*a[2]+a[4]*a[3]+t[5]
-	 mov	$ai,%rax
-	adc	%rdx,$A0[1]
-	mov	$A0[0],-8($tptr,$j)	# t[5], "preloaded t[1]" below
-
-	cmp	\$0,$j
-	jne	.Lsqr4x_inner
-
-	xor	$A1[0],$A1[0]
-	add	$A0[1],$A1[1]
-	adc	\$0,$A1[0]
-	mul	$a1			# a[5]*a[3]
-	add	%rax,$A1[1]
-	adc	%rdx,$A1[0]
-
-	mov	$A1[1],($tptr)		# t[6], "preloaded t[2]" below
-	mov	$A1[0],8($tptr)		# t[7], "preloaded t[3]" below
-
-	add	\$16,$i
-	jnz	.Lsqr4x_outer
-
-					# comments apply to $num==4 case
-	mov	-32($aptr),$a0		# a[0]
-	lea	64(%rsp,$num,2),$tptr	# end of tp[] buffer, &tp[2*$num]
-	mov	-24($aptr),%rax		# a[1]
-	lea	-32($tptr,$i),$tptr	# end of tp[] window, &tp[2*$num-"$i"]
-	mov	-16($aptr),$ai		# a[2]
-	mov	%rax,$a1
-
-	xor	$A0[1],$A0[1]
-	mul	$a0			# a[1]*a[0]
-	add	%rax,$A0[0]		# a[1]*a[0]+t[1], preloaded t[1]
-	 mov	$ai,%rax		# a[2]
-	adc	%rdx,$A0[1]
-	mov	$A0[0],-24($tptr)	# t[1]
-
-	xor	$A0[0],$A0[0]
-	add	$A1[1],$A0[1]		# a[2]*a[0]+t[2], preloaded t[2]
-	adc	\$0,$A0[0]
-	mul	$a0			# a[2]*a[0]
-	add	%rax,$A0[1]
-	 mov	$ai,%rax
-	adc	%rdx,$A0[0]
-	mov	$A0[1],-16($tptr)	# t[2]
-
-	 mov	-8($aptr),$ai		# a[3]
-	mul	$a1			# a[2]*a[1]
-	add	%rax,$A1[0]		# a[2]*a[1]+t[3], preloaded t[3]
-	 mov	$ai,%rax
-	adc	\$0,%rdx
-
-	xor	$A0[1],$A0[1]
-	add	$A1[0],$A0[0]
-	 mov	%rdx,$A1[1]
-	adc	\$0,$A0[1]
-	mul	$a0			# a[3]*a[0]
-	add	%rax,$A0[0]		# a[3]*a[0]+a[2]*a[1]+t[3]
-	 mov	$ai,%rax
-	adc	%rdx,$A0[1]
-	mov	$A0[0],-8($tptr)	# t[3]
-
-	xor	$A1[0],$A1[0]
-	add	$A0[1],$A1[1]
-	adc	\$0,$A1[0]
-	mul	$a1			# a[3]*a[1]
-	add	%rax,$A1[1]
-	 mov	-16($aptr),%rax		# a[2]
-	adc	%rdx,$A1[0]
-
-	mov	$A1[1],($tptr)		# t[4]
-	mov	$A1[0],8($tptr)		# t[5]
-
-	mul	$ai			# a[2]*a[3]
-___
-{
-my ($shift,$carry)=($a0,$a1);
-my @S=(@A1,$ai,$n0);
-$code.=<<___;
-	 add	\$16,$i
-	 xor	$shift,$shift
-	 sub	$num,$i			# $i=16-$num
-	 xor	$carry,$carry
-
-	add	$A1[0],%rax		# t[5]
-	adc	\$0,%rdx
-	mov	%rax,8($tptr)		# t[5]
-	mov	%rdx,16($tptr)		# t[6]
-	mov	$carry,24($tptr)	# t[7]
-
-	 mov	-16($aptr,$i),%rax	# a[0]
-	lea	64(%rsp,$num,2),$tptr
-	 xor	$A0[0],$A0[0]		# t[0]
-	 mov	-24($tptr,$i,2),$A0[1]	# t[1]
-
-	lea	($shift,$A0[0],2),$S[0]	# t[2*i]<<1 | shift
-	shr	\$63,$A0[0]
-	lea	($j,$A0[1],2),$S[1]	# t[2*i+1]<<1 |
-	shr	\$63,$A0[1]
-	or	$A0[0],$S[1]		# | t[2*i]>>63
-	 mov	-16($tptr,$i,2),$A0[0]	# t[2*i+2]	# prefetch
-	mov	$A0[1],$shift		# shift=t[2*i+1]>>63
-	mul	%rax			# a[i]*a[i]
-	neg	$carry			# mov $carry,cf
-	 mov	-8($tptr,$i,2),$A0[1]	# t[2*i+2+1]	# prefetch
-	adc	%rax,$S[0]
-	 mov	-8($aptr,$i),%rax	# a[i+1]	# prefetch
-	mov	$S[0],-32($tptr,$i,2)
-	adc	%rdx,$S[1]
-
-	lea	($shift,$A0[0],2),$S[2]	# t[2*i]<<1 | shift
-	 mov	$S[1],-24($tptr,$i,2)
-	 sbb	$carry,$carry		# mov cf,$carry
-	shr	\$63,$A0[0]
-	lea	($j,$A0[1],2),$S[3]	# t[2*i+1]<<1 |
-	shr	\$63,$A0[1]
-	or	$A0[0],$S[3]		# | t[2*i]>>63
-	 mov	0($tptr,$i,2),$A0[0]	# t[2*i+2]	# prefetch
-	mov	$A0[1],$shift		# shift=t[2*i+1]>>63
-	mul	%rax			# a[i]*a[i]
-	neg	$carry			# mov $carry,cf
-	 mov	8($tptr,$i,2),$A0[1]	# t[2*i+2+1]	# prefetch
-	adc	%rax,$S[2]
-	 mov	0($aptr,$i),%rax	# a[i+1]	# prefetch
-	mov	$S[2],-16($tptr,$i,2)
-	adc	%rdx,$S[3]
-	lea	16($i),$i
-	mov	$S[3],-40($tptr,$i,2)
-	sbb	$carry,$carry		# mov cf,$carry
-	jmp	.Lsqr4x_shift_n_add
-
-.align	16
-.Lsqr4x_shift_n_add:
-	lea	($shift,$A0[0],2),$S[0]	# t[2*i]<<1 | shift
-	shr	\$63,$A0[0]
-	lea	($j,$A0[1],2),$S[1]	# t[2*i+1]<<1 |
-	shr	\$63,$A0[1]
-	or	$A0[0],$S[1]		# | t[2*i]>>63
-	 mov	-16($tptr,$i,2),$A0[0]	# t[2*i+2]	# prefetch
-	mov	$A0[1],$shift		# shift=t[2*i+1]>>63
-	mul	%rax			# a[i]*a[i]
-	neg	$carry			# mov $carry,cf
-	 mov	-8($tptr,$i,2),$A0[1]	# t[2*i+2+1]	# prefetch
-	adc	%rax,$S[0]
-	 mov	-8($aptr,$i),%rax	# a[i+1]	# prefetch
-	mov	$S[0],-32($tptr,$i,2)
-	adc	%rdx,$S[1]
-
-	lea	($shift,$A0[0],2),$S[2]	# t[2*i]<<1 | shift
-	 mov	$S[1],-24($tptr,$i,2)
-	 sbb	$carry,$carry		# mov cf,$carry
-	shr	\$63,$A0[0]
-	lea	($j,$A0[1],2),$S[3]	# t[2*i+1]<<1 |
-	shr	\$63,$A0[1]
-	or	$A0[0],$S[3]		# | t[2*i]>>63
-	 mov	0($tptr,$i,2),$A0[0]	# t[2*i+2]	# prefetch
-	mov	$A0[1],$shift		# shift=t[2*i+1]>>63
-	mul	%rax			# a[i]*a[i]
-	neg	$carry			# mov $carry,cf
-	 mov	8($tptr,$i,2),$A0[1]	# t[2*i+2+1]	# prefetch
-	adc	%rax,$S[2]
-	 mov	0($aptr,$i),%rax	# a[i+1]	# prefetch
-	mov	$S[2],-16($tptr,$i,2)
-	adc	%rdx,$S[3]
-
-	lea	($shift,$A0[0],2),$S[0]	# t[2*i]<<1 | shift
-	 mov	$S[3],-8($tptr,$i,2)
-	 sbb	$carry,$carry		# mov cf,$carry
-	shr	\$63,$A0[0]
-	lea	($j,$A0[1],2),$S[1]	# t[2*i+1]<<1 |
-	shr	\$63,$A0[1]
-	or	$A0[0],$S[1]		# | t[2*i]>>63
-	 mov	16($tptr,$i,2),$A0[0]	# t[2*i+2]	# prefetch
-	mov	$A0[1],$shift		# shift=t[2*i+1]>>63
-	mul	%rax			# a[i]*a[i]
-	neg	$carry			# mov $carry,cf
-	 mov	24($tptr,$i,2),$A0[1]	# t[2*i+2+1]	# prefetch
-	adc	%rax,$S[0]
-	 mov	8($aptr,$i),%rax	# a[i+1]	# prefetch
-	mov	$S[0],0($tptr,$i,2)
-	adc	%rdx,$S[1]
-
-	lea	($shift,$A0[0],2),$S[2]	# t[2*i]<<1 | shift
-	 mov	$S[1],8($tptr,$i,2)
-	 sbb	$carry,$carry		# mov cf,$carry
-	shr	\$63,$A0[0]
-	lea	($j,$A0[1],2),$S[3]	# t[2*i+1]<<1 |
-	shr	\$63,$A0[1]
-	or	$A0[0],$S[3]		# | t[2*i]>>63
-	 mov	32($tptr,$i,2),$A0[0]	# t[2*i+2]	# prefetch
-	mov	$A0[1],$shift		# shift=t[2*i+1]>>63
-	mul	%rax			# a[i]*a[i]
-	neg	$carry			# mov $carry,cf
-	 mov	40($tptr,$i,2),$A0[1]	# t[2*i+2+1]	# prefetch
-	adc	%rax,$S[2]
-	 mov	16($aptr,$i),%rax	# a[i+1]	# prefetch
-	mov	$S[2],16($tptr,$i,2)
-	adc	%rdx,$S[3]
-	mov	$S[3],24($tptr,$i,2)
-	sbb	$carry,$carry		# mov cf,$carry
-	add	\$32,$i
-	jnz	.Lsqr4x_shift_n_add
-
-	lea	($shift,$A0[0],2),$S[0]	# t[2*i]<<1 | shift
-	shr	\$63,$A0[0]
-	lea	($j,$A0[1],2),$S[1]	# t[2*i+1]<<1 |
-	shr	\$63,$A0[1]
-	or	$A0[0],$S[1]		# | t[2*i]>>63
-	 mov	-16($tptr),$A0[0]	# t[2*i+2]	# prefetch
-	mov	$A0[1],$shift		# shift=t[2*i+1]>>63
-	mul	%rax			# a[i]*a[i]
-	neg	$carry			# mov $carry,cf
-	 mov	-8($tptr),$A0[1]	# t[2*i+2+1]	# prefetch
-	adc	%rax,$S[0]
-	 mov	-8($aptr),%rax		# a[i+1]	# prefetch
-	mov	$S[0],-32($tptr)
-	adc	%rdx,$S[1]
-
-	lea	($shift,$A0[0],2),$S[2]	# t[2*i]<<1|shift
-	 mov	$S[1],-24($tptr)
-	 sbb	$carry,$carry		# mov cf,$carry
-	shr	\$63,$A0[0]
-	lea	($j,$A0[1],2),$S[3]	# t[2*i+1]<<1 |
-	shr	\$63,$A0[1]
-	or	$A0[0],$S[3]		# | t[2*i]>>63
-	mul	%rax			# a[i]*a[i]
-	neg	$carry			# mov $carry,cf
-	adc	%rax,$S[2]
-	adc	%rdx,$S[3]
-	mov	$S[2],-16($tptr)
-	mov	$S[3],-8($tptr)
-___
-}

-##############################################################
-# Montgomery reduction part, "word-by-word" algorithm.
-#
-{
-my ($topbit,$nptr)=("%rbp",$aptr);
-my ($m0,$m1)=($a0,$a1);
-my @Ni=("%rbx","%r9");
-$code.=<<___;
-	mov	40(%rsp),$nptr		# restore $nptr
-	mov	48(%rsp),$n0		# restore *n0
-	xor	$j,$j
-	mov	$num,0(%rsp)		# save $num
-	sub	$num,$j			# $j=-$num
-	 mov	64(%rsp),$A0[0]		# t[0]		# modsched #
-	 mov	$n0,$m0			#		# modsched #
-	lea	64(%rsp,$num,2),%rax	# end of t[] buffer
-	lea	64(%rsp,$num),$tptr	# end of t[] window
-	mov	%rax,8(%rsp)		# save end of t[] buffer
-	lea	($nptr,$num),$nptr	# end of n[] buffer
-	xor	$topbit,$topbit		# $topbit=0
-
-	mov	0($nptr,$j),%rax	# n[0]		# modsched #
-	mov	8($nptr,$j),$Ni[1]	# n[1]		# modsched #
-	 imulq	$A0[0],$m0		# m0=t[0]*n0	# modsched #
-	 mov	%rax,$Ni[0]		#		# modsched #
-	jmp	.Lsqr4x_mont_outer
-
-.align	16
-.Lsqr4x_mont_outer:
-	xor	$A0[1],$A0[1]
-	mul	$m0			# n[0]*m0
-	add	%rax,$A0[0]		# n[0]*m0+t[0]
-	 mov	$Ni[1],%rax
-	adc	%rdx,$A0[1]
-	mov	$n0,$m1
-
-	xor	$A0[0],$A0[0]
-	add	8($tptr,$j),$A0[1]
-	adc	\$0,$A0[0]
-	mul	$m0			# n[1]*m0
-	add	%rax,$A0[1]		# n[1]*m0+t[1]
-	 mov	$Ni[0],%rax
-	adc	%rdx,$A0[0]
-
-	imulq	$A0[1],$m1
-
-	mov	16($nptr,$j),$Ni[0]	# n[2]
-	xor	$A1[1],$A1[1]
-	add	$A0[1],$A1[0]
-	adc	\$0,$A1[1]
-	mul	$m1			# n[0]*m1
-	add	%rax,$A1[0]		# n[0]*m1+"t[1]"
-	 mov	$Ni[0],%rax
-	adc	%rdx,$A1[1]
-	mov	$A1[0],8($tptr,$j)	# "t[1]"
-
-	xor	$A0[1],$A0[1]
-	add	16($tptr,$j),$A0[0]
-	adc	\$0,$A0[1]
-	mul	$m0			# n[2]*m0
-	add	%rax,$A0[0]		# n[2]*m0+t[2]
-	 mov	$Ni[1],%rax
-	adc	%rdx,$A0[1]
-
-	mov	24($nptr,$j),$Ni[1]	# n[3]
-	xor	$A1[0],$A1[0]
-	add	$A0[0],$A1[1]
-	adc	\$0,$A1[0]
-	mul	$m1			# n[1]*m1
-	add	%rax,$A1[1]		# n[1]*m1+"t[2]"
-	 mov	$Ni[1],%rax
-	adc	%rdx,$A1[0]
-	mov	$A1[1],16($tptr,$j)	# "t[2]"
-
-	xor	$A0[0],$A0[0]
-	add	24($tptr,$j),$A0[1]
-	lea	32($j),$j
-	adc	\$0,$A0[0]
-	mul	$m0			# n[3]*m0
-	add	%rax,$A0[1]		# n[3]*m0+t[3]
-	 mov	$Ni[0],%rax
-	adc	%rdx,$A0[0]
-	jmp	.Lsqr4x_mont_inner
-
-.align	16
-.Lsqr4x_mont_inner:
-	mov	($nptr,$j),$Ni[0]	# n[4]
-	xor	$A1[1],$A1[1]
-	add	$A0[1],$A1[0]
-	adc	\$0,$A1[1]
-	mul	$m1			# n[2]*m1
-	add	%rax,$A1[0]		# n[2]*m1+"t[3]"
-	 mov	$Ni[0],%rax
-	adc	%rdx,$A1[1]
-	mov	$A1[0],-8($tptr,$j)	# "t[3]"
-
-	xor	$A0[1],$A0[1]
-	add	($tptr,$j),$A0[0]
-	adc	\$0,$A0[1]
-	mul	$m0			# n[4]*m0
-	add	%rax,$A0[0]		# n[4]*m0+t[4]
-	 mov	$Ni[1],%rax
-	adc	%rdx,$A0[1]
-
-	mov	8($nptr,$j),$Ni[1]	# n[5]
-	xor	$A1[0],$A1[0]
-	add	$A0[0],$A1[1]
-	adc	\$0,$A1[0]
-	mul	$m1			# n[3]*m1
-	add	%rax,$A1[1]		# n[3]*m1+"t[4]"
-	 mov	$Ni[1],%rax
-	adc	%rdx,$A1[0]
-	mov	$A1[1],($tptr,$j)	# "t[4]"
-
-	xor	$A0[0],$A0[0]
-	add	8($tptr,$j),$A0[1]
-	adc	\$0,$A0[0]
-	mul	$m0			# n[5]*m0
-	add	%rax,$A0[1]		# n[5]*m0+t[5]
-	 mov	$Ni[0],%rax
-	adc	%rdx,$A0[0]
-
-
-	mov	16($nptr,$j),$Ni[0]	# n[6]
-	xor	$A1[1],$A1[1]
-	add	$A0[1],$A1[0]
-	adc	\$0,$A1[1]
-	mul	$m1			# n[4]*m1
-	add	%rax,$A1[0]		# n[4]*m1+"t[5]"
-	 mov	$Ni[0],%rax
-	adc	%rdx,$A1[1]
-	mov	$A1[0],8($tptr,$j)	# "t[5]"
-
-	xor	$A0[1],$A0[1]
-	add	16($tptr,$j),$A0[0]
-	adc	\$0,$A0[1]
-	mul	$m0			# n[6]*m0
-	add	%rax,$A0[0]		# n[6]*m0+t[6]
-	 mov	$Ni[1],%rax
-	adc	%rdx,$A0[1]
-
-	mov	24($nptr,$j),$Ni[1]	# n[7]
-	xor	$A1[0],$A1[0]
-	add	$A0[0],$A1[1]
-	adc	\$0,$A1[0]
-	mul	$m1			# n[5]*m1
-	add	%rax,$A1[1]		# n[5]*m1+"t[6]"
-	 mov	$Ni[1],%rax
-	adc	%rdx,$A1[0]
-	mov	$A1[1],16($tptr,$j)	# "t[6]"
-
-	xor	$A0[0],$A0[0]
-	add	24($tptr,$j),$A0[1]
-	lea	32($j),$j
-	adc	\$0,$A0[0]
-	mul	$m0			# n[7]*m0
-	add	%rax,$A0[1]		# n[7]*m0+t[7]
-	 mov	$Ni[0],%rax
-	adc	%rdx,$A0[0]
-	cmp	\$0,$j
-	jne	.Lsqr4x_mont_inner
-
-	 sub	0(%rsp),$j		# $j=-$num	# modsched #
-	 mov	$n0,$m0			#		# modsched #
-
-	xor	$A1[1],$A1[1]
-	add	$A0[1],$A1[0]
-	adc	\$0,$A1[1]
-	mul	$m1			# n[6]*m1
-	add	%rax,$A1[0]		# n[6]*m1+"t[7]"
-	mov	$Ni[1],%rax
-	adc	%rdx,$A1[1]
-	mov	$A1[0],-8($tptr)	# "t[7]"
-
-	xor	$A0[1],$A0[1]
-	add	($tptr),$A0[0]		# +t[8]
-	adc	\$0,$A0[1]
-	 mov	0($nptr,$j),$Ni[0]	# n[0]		# modsched #
-	add	$topbit,$A0[0]
-	adc	\$0,$A0[1]
-
-	 imulq	16($tptr,$j),$m0	# m0=t[0]*n0	# modsched #
-	xor	$A1[0],$A1[0]
-	 mov	8($nptr,$j),$Ni[1]	# n[1]		# modsched #
-	add	$A0[0],$A1[1]
-	 mov	16($tptr,$j),$A0[0]	# t[0]		# modsched #
-	adc	\$0,$A1[0]
-	mul	$m1			# n[7]*m1
-	add	%rax,$A1[1]		# n[7]*m1+"t[8]"
-	 mov	$Ni[0],%rax		#		# modsched #
-	adc	%rdx,$A1[0]
-	mov	$A1[1],($tptr)		# "t[8]"
-
-	xor	$topbit,$topbit
-	add	8($tptr),$A1[0]		# +t[9]
-	adc	$topbit,$topbit
-	add	$A0[1],$A1[0]
-	lea	16($tptr),$tptr		# "t[$num]>>128"
-	adc	\$0,$topbit
-	mov	$A1[0],-8($tptr)	# "t[9]"
-	cmp	8(%rsp),$tptr		# are we done?
-	jb	.Lsqr4x_mont_outer
-
-	mov	0(%rsp),$num		# restore $num
-	mov	$topbit,($tptr)		# save $topbit
-___
-}

-##############################################################
-# Post-condition, 4x unrolled copy from bn_mul_mont
-#
-{
-my ($tptr,$nptr)=("%rbx",$aptr);
-my @ri=("%rax","%rdx","%r10","%r11");
-$code.=<<___;
-	mov	64(%rsp,$num), at ri[0]	# tp[0]
-	lea	64(%rsp,$num),$tptr	# upper half of t[2*$num] holds result
-	mov	40(%rsp),$nptr		# restore $nptr
-	shr	\$5,$num		# num/4
-	mov	8($tptr), at ri[1]		# t[1]
-	xor	$i,$i			# i=0 and clear CF!
-
-	mov	32(%rsp),$rptr		# restore $rptr
-	sub	0($nptr), at ri[0]
-	mov	16($tptr), at ri[2]	# t[2]
-	mov	24($tptr), at ri[3]	# t[3]
-	sbb	8($nptr), at ri[1]
-	lea	-1($num),$j		# j=num/4-1
-	jmp	.Lsqr4x_sub
-.align	16
-.Lsqr4x_sub:
-	mov	@ri[0],0($rptr,$i,8)	# rp[i]=tp[i]-np[i]
-	mov	@ri[1],8($rptr,$i,8)	# rp[i]=tp[i]-np[i]
-	sbb	16($nptr,$i,8), at ri[2]
-	mov	32($tptr,$i,8), at ri[0]	# tp[i+1]
-	mov	40($tptr,$i,8), at ri[1]
-	sbb	24($nptr,$i,8), at ri[3]
-	mov	@ri[2],16($rptr,$i,8)	# rp[i]=tp[i]-np[i]
-	mov	@ri[3],24($rptr,$i,8)	# rp[i]=tp[i]-np[i]
-	sbb	32($nptr,$i,8), at ri[0]
-	mov	48($tptr,$i,8), at ri[2]
-	mov	56($tptr,$i,8), at ri[3]
-	sbb	40($nptr,$i,8), at ri[1]
-	lea	4($i),$i		# i++
-	dec	$j			# doesn't affect CF!
-	jnz	.Lsqr4x_sub
-
-	mov	@ri[0],0($rptr,$i,8)	# rp[i]=tp[i]-np[i]
-	mov	32($tptr,$i,8), at ri[0]	# load overflow bit
-	sbb	16($nptr,$i,8), at ri[2]
-	mov	@ri[1],8($rptr,$i,8)	# rp[i]=tp[i]-np[i]
-	sbb	24($nptr,$i,8), at ri[3]
-	mov	@ri[2],16($rptr,$i,8)	# rp[i]=tp[i]-np[i]
-
-	sbb	\$0, at ri[0]		# handle upmost overflow bit
-	mov	@ri[3],24($rptr,$i,8)	# rp[i]=tp[i]-np[i]
-	xor	$i,$i			# i=0
-	and	@ri[0],$tptr
-	not	@ri[0]
-	mov	$rptr,$nptr
-	and	@ri[0],$nptr
-	lea	-1($num),$j
-	or	$nptr,$tptr		# tp=borrow?tp:rp
-
-	pxor	%xmm0,%xmm0
-	lea	64(%rsp,$num,8),$nptr
-	movdqu	($tptr),%xmm1
-	lea	($nptr,$num,8),$nptr
-	movdqa	%xmm0,64(%rsp)		# zap lower half of temporary vector
-	movdqa	%xmm0,($nptr)		# zap upper half of temporary vector
-	movdqu	%xmm1,($rptr)
-	jmp	.Lsqr4x_copy
-.align	16
-.Lsqr4x_copy:				# copy or in-place refresh
-	movdqu	16($tptr,$i),%xmm2
-	movdqu	32($tptr,$i),%xmm1
-	movdqa	%xmm0,80(%rsp,$i)	# zap lower half of temporary vector
-	movdqa	%xmm0,96(%rsp,$i)	# zap lower half of temporary vector
-	movdqa	%xmm0,16($nptr,$i)	# zap upper half of temporary vector
-	movdqa	%xmm0,32($nptr,$i)	# zap upper half of temporary vector
-	movdqu	%xmm2,16($rptr,$i)
-	movdqu	%xmm1,32($rptr,$i)
-	lea	32($i),$i
-	dec	$j
-	jnz	.Lsqr4x_copy
-
-	movdqu	16($tptr,$i),%xmm2
-	movdqa	%xmm0,80(%rsp,$i)	# zap lower half of temporary vector
-	movdqa	%xmm0,16($nptr,$i)	# zap upper half of temporary vector
-	movdqu	%xmm2,16($rptr,$i)
-___
-}
-$code.=<<___;
-	mov	56(%rsp),%rsi		# restore %rsp
-	mov	\$1,%rax
-	mov	0(%rsi),%r15
-	mov	8(%rsi),%r14
-	mov	16(%rsi),%r13
-	mov	24(%rsi),%r12
-	mov	32(%rsi),%rbp
-	mov	40(%rsi),%rbx
-	lea	48(%rsi),%rsp
-.Lsqr4x_epilogue:
-	ret
-.size	bn_sqr4x_mont,.-bn_sqr4x_mont
-___
-}}}
-$code.=<<___;
-.asciz	"Montgomery Multiplication for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
-.align	16
-___
-
-# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
-#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
-if ($win64) {
-$rec="%rcx";
-$frame="%rdx";
-$context="%r8";
-$disp="%r9";
-
-$code.=<<___;
-.extern	__imp_RtlVirtualUnwind
-.type	mul_handler,\@abi-omnipotent
-.align	16
-mul_handler:
-	push	%rsi
-	push	%rdi
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	pushfq
-	sub	\$64,%rsp
-
-	mov	120($context),%rax	# pull context->Rax
-	mov	248($context),%rbx	# pull context->Rip
-
-	mov	8($disp),%rsi		# disp->ImageBase
-	mov	56($disp),%r11		# disp->HandlerData
-
-	mov	0(%r11),%r10d		# HandlerData[0]
-	lea	(%rsi,%r10),%r10	# end of prologue label
-	cmp	%r10,%rbx		# context->Rip<end of prologue label
-	jb	.Lcommon_seh_tail
-
-	mov	152($context),%rax	# pull context->Rsp
-
-	mov	4(%r11),%r10d		# HandlerData[1]
-	lea	(%rsi,%r10),%r10	# epilogue label
-	cmp	%r10,%rbx		# context->Rip>=epilogue label
-	jae	.Lcommon_seh_tail
-
-	mov	192($context),%r10	# pull $num
-	mov	8(%rax,%r10,8),%rax	# pull saved stack pointer
-	lea	48(%rax),%rax
-
-	mov	-8(%rax),%rbx
-	mov	-16(%rax),%rbp
-	mov	-24(%rax),%r12
-	mov	-32(%rax),%r13
-	mov	-40(%rax),%r14
-	mov	-48(%rax),%r15
-	mov	%rbx,144($context)	# restore context->Rbx
-	mov	%rbp,160($context)	# restore context->Rbp
-	mov	%r12,216($context)	# restore context->R12
-	mov	%r13,224($context)	# restore context->R13
-	mov	%r14,232($context)	# restore context->R14
-	mov	%r15,240($context)	# restore context->R15
-
-	jmp	.Lcommon_seh_tail
-.size	mul_handler,.-mul_handler
-
-.type	sqr_handler,\@abi-omnipotent
-.align	16
-sqr_handler:
-	push	%rsi
-	push	%rdi
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	pushfq
-	sub	\$64,%rsp
-
-	mov	120($context),%rax	# pull context->Rax
-	mov	248($context),%rbx	# pull context->Rip
-
-	lea	.Lsqr4x_body(%rip),%r10
-	cmp	%r10,%rbx		# context->Rip<.Lsqr_body
-	jb	.Lcommon_seh_tail
-
-	mov	152($context),%rax	# pull context->Rsp
-
-	lea	.Lsqr4x_epilogue(%rip),%r10
-	cmp	%r10,%rbx		# context->Rip>=.Lsqr_epilogue
-	jae	.Lcommon_seh_tail
-
-	mov	56(%rax),%rax		# pull saved stack pointer
-	lea	48(%rax),%rax
-
-	mov	-8(%rax),%rbx
-	mov	-16(%rax),%rbp
-	mov	-24(%rax),%r12
-	mov	-32(%rax),%r13
-	mov	-40(%rax),%r14
-	mov	-48(%rax),%r15
-	mov	%rbx,144($context)	# restore context->Rbx
-	mov	%rbp,160($context)	# restore context->Rbp
-	mov	%r12,216($context)	# restore context->R12
-	mov	%r13,224($context)	# restore context->R13
-	mov	%r14,232($context)	# restore context->R14
-	mov	%r15,240($context)	# restore context->R15
-
-.Lcommon_seh_tail:
-	mov	8(%rax),%rdi
-	mov	16(%rax),%rsi
-	mov	%rax,152($context)	# restore context->Rsp
-	mov	%rsi,168($context)	# restore context->Rsi
-	mov	%rdi,176($context)	# restore context->Rdi
-
-	mov	40($disp),%rdi		# disp->ContextRecord
-	mov	$context,%rsi		# context
-	mov	\$154,%ecx		# sizeof(CONTEXT)
-	.long	0xa548f3fc		# cld; rep movsq
-
-	mov	$disp,%rsi
-	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
-	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
-	mov	0(%rsi),%r8		# arg3, disp->ControlPc
-	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
-	mov	40(%rsi),%r10		# disp->ContextRecord
-	lea	56(%rsi),%r11		# &disp->HandlerData
-	lea	24(%rsi),%r12		# &disp->EstablisherFrame
-	mov	%r10,32(%rsp)		# arg5
-	mov	%r11,40(%rsp)		# arg6
-	mov	%r12,48(%rsp)		# arg7
-	mov	%rcx,56(%rsp)		# arg8, (NULL)
-	call	*__imp_RtlVirtualUnwind(%rip)
-
-	mov	\$1,%eax		# ExceptionContinueSearch
-	add	\$64,%rsp
-	popfq
-	pop	%r15
-	pop	%r14
-	pop	%r13
-	pop	%r12
-	pop	%rbp
-	pop	%rbx
-	pop	%rdi
-	pop	%rsi
-	ret
-.size	sqr_handler,.-sqr_handler
-
-.section	.pdata
-.align	4
-	.rva	.LSEH_begin_bn_mul_mont
-	.rva	.LSEH_end_bn_mul_mont
-	.rva	.LSEH_info_bn_mul_mont
-
-	.rva	.LSEH_begin_bn_mul4x_mont
-	.rva	.LSEH_end_bn_mul4x_mont
-	.rva	.LSEH_info_bn_mul4x_mont
-
-	.rva	.LSEH_begin_bn_sqr4x_mont
-	.rva	.LSEH_end_bn_sqr4x_mont
-	.rva	.LSEH_info_bn_sqr4x_mont
-
-.section	.xdata
-.align	8
-.LSEH_info_bn_mul_mont:
-	.byte	9,0,0,0
-	.rva	mul_handler
-	.rva	.Lmul_body,.Lmul_epilogue	# HandlerData[]
-.LSEH_info_bn_mul4x_mont:
-	.byte	9,0,0,0
-	.rva	mul_handler
-	.rva	.Lmul4x_body,.Lmul4x_epilogue	# HandlerData[]
-.LSEH_info_bn_sqr4x_mont:
-	.byte	9,0,0,0
-	.rva	sqr_handler
-___
-}
-
-print $code;
-close STDOUT;

Copied: vendor-crypto/openssl/1.0.1u/crypto/bn/asm/x86_64-mont.pl (from rev 11605, vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont.pl)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/bn/asm/x86_64-mont.pl	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/bn/asm/x86_64-mont.pl	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,1715 @@
+#!/usr/bin/env perl
+
+# ====================================================================
+# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# October 2005.
+#
+# Montgomery multiplication routine for x86_64. While it gives modest
+# 9% improvement of rsa4096 sign on Opteron, rsa512 sign runs more
+# than twice, >2x, as fast. Most common rsa1024 sign is improved by
+# respectful 50%. It remains to be seen if loop unrolling and
+# dedicated squaring routine can provide further improvement...
+
+# July 2011.
+#
+# Add dedicated squaring procedure. Performance improvement varies
+# from platform to platform, but in average it's ~5%/15%/25%/33%
+# for 512-/1024-/2048-/4096-bit RSA *sign* benchmarks respectively.
+
+# August 2011.
+#
+# Unroll and modulo-schedule inner loops in such manner that they
+# are "fallen through" for input lengths of 8, which is critical for
+# 1024-bit RSA *sign*. Average performance improvement in comparison
+# to *initial* version of this module from 2005 is ~0%/30%/40%/45%
+# for 512-/1024-/2048-/4096-bit RSA *sign* benchmarks respectively.
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
+
+# int bn_mul_mont(
+$rp="%rdi";	# BN_ULONG *rp,
+$ap="%rsi";	# const BN_ULONG *ap,
+$bp="%rdx";	# const BN_ULONG *bp,
+$np="%rcx";	# const BN_ULONG *np,
+$n0="%r8";	# const BN_ULONG *n0,
+$num="%r9";	# int num);
+$lo0="%r10";
+$hi0="%r11";
+$hi1="%r13";
+$i="%r14";
+$j="%r15";
+$m0="%rbx";
+$m1="%rbp";
+
+$code=<<___;
+.text
+
+.globl	bn_mul_mont
+.type	bn_mul_mont,\@function,6
+.align	16
+bn_mul_mont:
+	test	\$3,${num}d
+	jnz	.Lmul_enter
+	cmp	\$8,${num}d
+	jb	.Lmul_enter
+	cmp	$ap,$bp
+	jne	.Lmul4x_enter
+	jmp	.Lsqr4x_enter
+
+.align	16
+.Lmul_enter:
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+
+	mov	${num}d,${num}d
+	lea	2($num),%r10
+	mov	%rsp,%r11
+	neg	%r10
+	lea	(%rsp,%r10,8),%rsp	# tp=alloca(8*(num+2))
+	and	\$-1024,%rsp		# minimize TLB usage
+
+	mov	%r11,8(%rsp,$num,8)	# tp[num+1]=%rsp
+.Lmul_body:
+	# Some OSes, *cough*-dows, insist on stack being "wired" to
+	# physical memory in strictly sequential manner, i.e. if stack
+	# allocation spans two pages, then reference to farmost one can
+	# be punishable by SEGV. But page walking can do good even on
+	# other OSes, because it guarantees that villain thread hits
+	# the guard page before it can make damage to innocent one...
+	sub	%rsp,%r11
+	and	\$-4096,%r11
+.Lmul_page_walk:
+	mov	(%rsp,%r11),%r10
+	sub	\$4096,%r11
+	.byte	0x66,0x2e		# predict non-taken
+	jnc	.Lmul_page_walk
+
+	mov	$bp,%r12		# reassign $bp
+___
+		$bp="%r12";
+$code.=<<___;
+	mov	($n0),$n0		# pull n0[0] value
+	mov	($bp),$m0		# m0=bp[0]
+	mov	($ap),%rax
+
+	xor	$i,$i			# i=0
+	xor	$j,$j			# j=0
+
+	mov	$n0,$m1
+	mulq	$m0			# ap[0]*bp[0]
+	mov	%rax,$lo0
+	mov	($np),%rax
+
+	imulq	$lo0,$m1		# "tp[0]"*n0
+	mov	%rdx,$hi0
+
+	mulq	$m1			# np[0]*m1
+	add	%rax,$lo0		# discarded
+	mov	8($ap),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$hi1
+
+	lea	1($j),$j		# j++
+	jmp	.L1st_enter
+
+.align	16
+.L1st:
+	add	%rax,$hi1
+	mov	($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$hi0,$hi1		# np[j]*m1+ap[j]*bp[0]
+	mov	$lo0,$hi0
+	adc	\$0,%rdx
+	mov	$hi1,-16(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$hi1
+
+.L1st_enter:
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$hi0
+	mov	($np,$j,8),%rax
+	adc	\$0,%rdx
+	lea	1($j),$j		# j++
+	mov	%rdx,$lo0
+
+	mulq	$m1			# np[j]*m1
+	cmp	$num,$j
+	jne	.L1st
+
+	add	%rax,$hi1
+	mov	($ap),%rax		# ap[0]
+	adc	\$0,%rdx
+	add	$hi0,$hi1		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$hi1,-16(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$hi1
+	mov	$lo0,$hi0
+
+	xor	%rdx,%rdx
+	add	$hi0,$hi1
+	adc	\$0,%rdx
+	mov	$hi1,-8(%rsp,$num,8)
+	mov	%rdx,(%rsp,$num,8)	# store upmost overflow bit
+
+	lea	1($i),$i		# i++
+	jmp	.Louter
+.align	16
+.Louter:
+	mov	($bp,$i,8),$m0		# m0=bp[i]
+	xor	$j,$j			# j=0
+	mov	$n0,$m1
+	mov	(%rsp),$lo0
+	mulq	$m0			# ap[0]*bp[i]
+	add	%rax,$lo0		# ap[0]*bp[i]+tp[0]
+	mov	($np),%rax
+	adc	\$0,%rdx
+
+	imulq	$lo0,$m1		# tp[0]*n0
+	mov	%rdx,$hi0
+
+	mulq	$m1			# np[0]*m1
+	add	%rax,$lo0		# discarded
+	mov	8($ap),%rax
+	adc	\$0,%rdx
+	mov	8(%rsp),$lo0		# tp[1]
+	mov	%rdx,$hi1
+
+	lea	1($j),$j		# j++
+	jmp	.Linner_enter
+
+.align	16
+.Linner:
+	add	%rax,$hi1
+	mov	($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$lo0,$hi1		# np[j]*m1+ap[j]*bp[i]+tp[j]
+	mov	(%rsp,$j,8),$lo0
+	adc	\$0,%rdx
+	mov	$hi1,-16(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$hi1
+
+.Linner_enter:
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$hi0
+	mov	($np,$j,8),%rax
+	adc	\$0,%rdx
+	add	$hi0,$lo0		# ap[j]*bp[i]+tp[j]
+	mov	%rdx,$hi0
+	adc	\$0,$hi0
+	lea	1($j),$j		# j++
+
+	mulq	$m1			# np[j]*m1
+	cmp	$num,$j
+	jne	.Linner
+
+	add	%rax,$hi1
+	mov	($ap),%rax		# ap[0]
+	adc	\$0,%rdx
+	add	$lo0,$hi1		# np[j]*m1+ap[j]*bp[i]+tp[j]
+	mov	(%rsp,$j,8),$lo0
+	adc	\$0,%rdx
+	mov	$hi1,-16(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$hi1
+
+	xor	%rdx,%rdx
+	add	$hi0,$hi1
+	adc	\$0,%rdx
+	add	$lo0,$hi1		# pull upmost overflow bit
+	adc	\$0,%rdx
+	mov	$hi1,-8(%rsp,$num,8)
+	mov	%rdx,(%rsp,$num,8)	# store upmost overflow bit
+
+	lea	1($i),$i		# i++
+	cmp	$num,$i
+	jl	.Louter
+
+	xor	$i,$i			# i=0 and clear CF!
+	mov	(%rsp),%rax		# tp[0]
+	lea	(%rsp),$ap		# borrow ap for tp
+	mov	$num,$j			# j=num
+	jmp	.Lsub
+.align	16
+.Lsub:	sbb	($np,$i,8),%rax
+	mov	%rax,($rp,$i,8)		# rp[i]=tp[i]-np[i]
+	mov	8($ap,$i,8),%rax	# tp[i+1]
+	lea	1($i),$i		# i++
+	dec	$j			# doesnn't affect CF!
+	jnz	.Lsub
+
+	sbb	\$0,%rax		# handle upmost overflow bit
+	xor	$i,$i
+	and	%rax,$ap
+	not	%rax
+	mov	$rp,$np
+	and	%rax,$np
+	mov	$num,$j			# j=num
+	or	$np,$ap			# ap=borrow?tp:rp
+.align	16
+.Lcopy:					# copy or in-place refresh
+	mov	($ap,$i,8),%rax
+	mov	$i,(%rsp,$i,8)		# zap temporary vector
+	mov	%rax,($rp,$i,8)		# rp[i]=tp[i]
+	lea	1($i),$i
+	sub	\$1,$j
+	jnz	.Lcopy
+
+	mov	8(%rsp,$num,8),%rsi	# restore %rsp
+	mov	\$1,%rax
+	mov	(%rsi),%r15
+	mov	8(%rsi),%r14
+	mov	16(%rsi),%r13
+	mov	24(%rsi),%r12
+	mov	32(%rsi),%rbp
+	mov	40(%rsi),%rbx
+	lea	48(%rsi),%rsp
+.Lmul_epilogue:
+	ret
+.size	bn_mul_mont,.-bn_mul_mont
+___
+{{{
+my @A=("%r10","%r11");
+my @N=("%r13","%rdi");
+$code.=<<___;
+.type	bn_mul4x_mont,\@function,6
+.align	16
+bn_mul4x_mont:
+.Lmul4x_enter:
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+
+	mov	${num}d,${num}d
+	lea	4($num),%r10
+	mov	%rsp,%r11
+	neg	%r10
+	lea	(%rsp,%r10,8),%rsp	# tp=alloca(8*(num+4))
+	and	\$-1024,%rsp		# minimize TLB usage
+
+	mov	%r11,8(%rsp,$num,8)	# tp[num+1]=%rsp
+.Lmul4x_body:
+	sub	%rsp,%r11
+	and	\$-4096,%r11
+.Lmul4x_page_walk:
+	mov	(%rsp,%r11),%r10
+	sub	\$4096,%r11
+	.byte	0x2e			# predict non-taken
+	jnc	.Lmul4x_page_walk
+
+	mov	$rp,16(%rsp,$num,8)	# tp[num+2]=$rp
+	mov	%rdx,%r12		# reassign $bp
+___
+		$bp="%r12";
+$code.=<<___;
+	mov	($n0),$n0		# pull n0[0] value
+	mov	($bp),$m0		# m0=bp[0]
+	mov	($ap),%rax
+
+	xor	$i,$i			# i=0
+	xor	$j,$j			# j=0
+
+	mov	$n0,$m1
+	mulq	$m0			# ap[0]*bp[0]
+	mov	%rax,$A[0]
+	mov	($np),%rax
+
+	imulq	$A[0],$m1		# "tp[0]"*n0
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[0]*m1
+	add	%rax,$A[0]		# discarded
+	mov	8($ap),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$N[1]
+
+	mulq	$m0
+	add	%rax,$A[1]
+	mov	8($np),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$A[0]
+
+	mulq	$m1
+	add	%rax,$N[1]
+	mov	16($ap),%rax
+	adc	\$0,%rdx
+	add	$A[1],$N[1]
+	lea	4($j),$j		# j++
+	adc	\$0,%rdx
+	mov	$N[1],(%rsp)
+	mov	%rdx,$N[0]
+	jmp	.L1st4x
+.align	16
+.L1st4x:
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$A[0]
+	mov	-16($np,$j,8),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[0]
+	mov	-8($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[0],$N[0]		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$N[0],-24(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$A[1]
+	mov	-8($np,$j,8),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$N[1],-16(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[0]
+
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$A[0]
+	mov	($np,$j,8),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[0]
+	mov	8($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[0],$N[0]		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$N[0],-8(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$A[1]
+	mov	8($np,$j,8),%rax
+	adc	\$0,%rdx
+	lea	4($j),$j		# j++
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	-16($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$N[1],-32(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[0]
+	cmp	$num,$j
+	jl	.L1st4x
+
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$A[0]
+	mov	-16($np,$j,8),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[0]
+	mov	-8($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[0],$N[0]		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$N[0],-24(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$A[1]
+	mov	-8($np,$j,8),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	($ap),%rax		# ap[0]
+	adc	\$0,%rdx
+	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$N[1],-16(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[0]
+
+	xor	$N[1],$N[1]
+	add	$A[0],$N[0]
+	adc	\$0,$N[1]
+	mov	$N[0],-8(%rsp,$j,8)
+	mov	$N[1],(%rsp,$j,8)	# store upmost overflow bit
+
+	lea	1($i),$i		# i++
+.align	4
+.Louter4x:
+	mov	($bp,$i,8),$m0		# m0=bp[i]
+	xor	$j,$j			# j=0
+	mov	(%rsp),$A[0]
+	mov	$n0,$m1
+	mulq	$m0			# ap[0]*bp[i]
+	add	%rax,$A[0]		# ap[0]*bp[i]+tp[0]
+	mov	($np),%rax
+	adc	\$0,%rdx
+
+	imulq	$A[0],$m1		# tp[0]*n0
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[0]*m1
+	add	%rax,$A[0]		# "$N[0]", discarded
+	mov	8($ap),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[1]
+	mov	8($np),%rax
+	adc	\$0,%rdx
+	add	8(%rsp),$A[1]		# +tp[1]
+	adc	\$0,%rdx
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	16($ap),%rax
+	adc	\$0,%rdx
+	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[i]+tp[j]
+	lea	4($j),$j		# j+=2
+	adc	\$0,%rdx
+	mov	$N[1],(%rsp)		# tp[j-1]
+	mov	%rdx,$N[0]
+	jmp	.Linner4x
+.align	16
+.Linner4x:
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[0]
+	mov	-16($np,$j,8),%rax
+	adc	\$0,%rdx
+	add	-16(%rsp,$j,8),$A[0]	# ap[j]*bp[i]+tp[j]
+	adc	\$0,%rdx
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[0]
+	mov	-8($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[0],$N[0]
+	adc	\$0,%rdx
+	mov	$N[0],-24(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[1]
+	mov	-8($np,$j,8),%rax
+	adc	\$0,%rdx
+	add	-8(%rsp,$j,8),$A[1]
+	adc	\$0,%rdx
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[1],$N[1]
+	adc	\$0,%rdx
+	mov	$N[1],-16(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[0]
+
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[0]
+	mov	($np,$j,8),%rax
+	adc	\$0,%rdx
+	add	(%rsp,$j,8),$A[0]	# ap[j]*bp[i]+tp[j]
+	adc	\$0,%rdx
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[0]
+	mov	8($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[0],$N[0]
+	adc	\$0,%rdx
+	mov	$N[0],-8(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[1]
+	mov	8($np,$j,8),%rax
+	adc	\$0,%rdx
+	add	8(%rsp,$j,8),$A[1]
+	adc	\$0,%rdx
+	lea	4($j),$j		# j++
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	-16($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[1],$N[1]
+	adc	\$0,%rdx
+	mov	$N[1],-32(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[0]
+	cmp	$num,$j
+	jl	.Linner4x
+
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[0]
+	mov	-16($np,$j,8),%rax
+	adc	\$0,%rdx
+	add	-16(%rsp,$j,8),$A[0]	# ap[j]*bp[i]+tp[j]
+	adc	\$0,%rdx
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[0]
+	mov	-8($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[0],$N[0]
+	adc	\$0,%rdx
+	mov	$N[0],-24(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[1]
+	mov	-8($np,$j,8),%rax
+	adc	\$0,%rdx
+	add	-8(%rsp,$j,8),$A[1]
+	adc	\$0,%rdx
+	lea	1($i),$i		# i++
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	($ap),%rax		# ap[0]
+	adc	\$0,%rdx
+	add	$A[1],$N[1]
+	adc	\$0,%rdx
+	mov	$N[1],-16(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[0]
+
+	xor	$N[1],$N[1]
+	add	$A[0],$N[0]
+	adc	\$0,$N[1]
+	add	(%rsp,$num,8),$N[0]	# pull upmost overflow bit
+	adc	\$0,$N[1]
+	mov	$N[0],-8(%rsp,$j,8)
+	mov	$N[1],(%rsp,$j,8)	# store upmost overflow bit
+
+	cmp	$num,$i
+	jl	.Louter4x
+___
+{
+my @ri=("%rax","%rdx",$m0,$m1);
+$code.=<<___;
+	mov	16(%rsp,$num,8),$rp	# restore $rp
+	mov	0(%rsp), at ri[0]		# tp[0]
+	pxor	%xmm0,%xmm0
+	mov	8(%rsp), at ri[1]		# tp[1]
+	shr	\$2,$num		# num/=4
+	lea	(%rsp),$ap		# borrow ap for tp
+	xor	$i,$i			# i=0 and clear CF!
+
+	sub	0($np), at ri[0]
+	mov	16($ap), at ri[2]		# tp[2]
+	mov	24($ap), at ri[3]		# tp[3]
+	sbb	8($np), at ri[1]
+	lea	-1($num),$j		# j=num/4-1
+	jmp	.Lsub4x
+.align	16
+.Lsub4x:
+	mov	@ri[0],0($rp,$i,8)	# rp[i]=tp[i]-np[i]
+	mov	@ri[1],8($rp,$i,8)	# rp[i]=tp[i]-np[i]
+	sbb	16($np,$i,8), at ri[2]
+	mov	32($ap,$i,8), at ri[0]	# tp[i+1]
+	mov	40($ap,$i,8), at ri[1]
+	sbb	24($np,$i,8), at ri[3]
+	mov	@ri[2],16($rp,$i,8)	# rp[i]=tp[i]-np[i]
+	mov	@ri[3],24($rp,$i,8)	# rp[i]=tp[i]-np[i]
+	sbb	32($np,$i,8), at ri[0]
+	mov	48($ap,$i,8), at ri[2]
+	mov	56($ap,$i,8), at ri[3]
+	sbb	40($np,$i,8), at ri[1]
+	lea	4($i),$i		# i++
+	dec	$j			# doesnn't affect CF!
+	jnz	.Lsub4x
+
+	mov	@ri[0],0($rp,$i,8)	# rp[i]=tp[i]-np[i]
+	mov	32($ap,$i,8), at ri[0]	# load overflow bit
+	sbb	16($np,$i,8), at ri[2]
+	mov	@ri[1],8($rp,$i,8)	# rp[i]=tp[i]-np[i]
+	sbb	24($np,$i,8), at ri[3]
+	mov	@ri[2],16($rp,$i,8)	# rp[i]=tp[i]-np[i]
+
+	sbb	\$0, at ri[0]		# handle upmost overflow bit
+	mov	@ri[3],24($rp,$i,8)	# rp[i]=tp[i]-np[i]
+	xor	$i,$i			# i=0
+	and	@ri[0],$ap
+	not	@ri[0]
+	mov	$rp,$np
+	and	@ri[0],$np
+	lea	-1($num),$j
+	or	$np,$ap			# ap=borrow?tp:rp
+
+	movdqu	($ap),%xmm1
+	movdqa	%xmm0,(%rsp)
+	movdqu	%xmm1,($rp)
+	jmp	.Lcopy4x
+.align	16
+.Lcopy4x:					# copy or in-place refresh
+	movdqu	16($ap,$i),%xmm2
+	movdqu	32($ap,$i),%xmm1
+	movdqa	%xmm0,16(%rsp,$i)
+	movdqu	%xmm2,16($rp,$i)
+	movdqa	%xmm0,32(%rsp,$i)
+	movdqu	%xmm1,32($rp,$i)
+	lea	32($i),$i
+	dec	$j
+	jnz	.Lcopy4x
+
+	shl	\$2,$num
+	movdqu	16($ap,$i),%xmm2
+	movdqa	%xmm0,16(%rsp,$i)
+	movdqu	%xmm2,16($rp,$i)
+___
+}
+$code.=<<___;
+	mov	8(%rsp,$num,8),%rsi	# restore %rsp
+	mov	\$1,%rax
+	mov	(%rsi),%r15
+	mov	8(%rsi),%r14
+	mov	16(%rsi),%r13
+	mov	24(%rsi),%r12
+	mov	32(%rsi),%rbp
+	mov	40(%rsi),%rbx
+	lea	48(%rsi),%rsp
+.Lmul4x_epilogue:
+	ret
+.size	bn_mul4x_mont,.-bn_mul4x_mont
+___
+}}}
+
{{{
+######################################################################
+# void bn_sqr4x_mont(
+my $rptr="%rdi";	# const BN_ULONG *rptr,
+my $aptr="%rsi";	# const BN_ULONG *aptr,
+my $bptr="%rdx";	# not used
+my $nptr="%rcx";	# const BN_ULONG *nptr,
+my $n0  ="%r8";		# const BN_ULONG *n0);
+my $num ="%r9";		# int num, has to be divisible by 4 and
+			# not less than 8
+
+my ($i,$j,$tptr)=("%rbp","%rcx",$rptr);
+my @A0=("%r10","%r11");
+my @A1=("%r12","%r13");
+my ($a0,$a1,$ai)=("%r14","%r15","%rbx");
+
+$code.=<<___;
+.type	bn_sqr4x_mont,\@function,6
+.align	16
+bn_sqr4x_mont:
+.Lsqr4x_enter:
+	mov	%rsp,%rax
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+
+	shl	\$3,${num}d		# convert $num to bytes
+	mov	%rsp,%r11		# put aside %rsp
+	neg	$num			# -$num
+	mov	($n0),$n0		# *n0
+	lea	-72(%rsp,$num,2),%rsp	# alloca(frame+2*$num)
+	and	\$-1024,%rsp		# minimize TLB usage
+
+	sub	%rsp,%r11
+	and	\$-4096,%r11
+.Lsqr4x_page_walk:
+	mov	(%rsp,%r11),%r10
+	sub	\$4096,%r11
+	.byte	0x2e			# predict non-taken
+	jnc	.Lsqr4x_page_walk
+
+	mov	$num,%r10
+	neg	$num			# restore $num
+	lea	-48(%rax),%r11		# restore saved %rsp
+	##############################################################
+	# Stack layout
+	#
+	# +0	saved $num, used in reduction section
+	# +8	&t[2*$num], used in reduction section
+	# +32	saved $rptr
+	# +40	saved $nptr
+	# +48	saved *n0
+	# +56	saved %rsp
+	# +64	t[2*$num]
+	#
+	mov	$rptr,32(%rsp)		# save $rptr
+	mov	$nptr,40(%rsp)
+	mov	$n0,  48(%rsp)
+	mov	%r11, 56(%rsp)		# save original %rsp
+.Lsqr4x_body:
+	##############################################################
+	# Squaring part:
+	#
+	# a) multiply-n-add everything but a[i]*a[i];
+	# b) shift result of a) by 1 to the left and accumulate
+	#    a[i]*a[i] products;
+	#
+	lea	32(%r10),$i		# $i=-($num-32)
+	lea	($aptr,$num),$aptr	# end of a[] buffer, ($aptr,$i)=&ap[2]
+
+	mov	$num,$j			# $j=$num
+
+					# comments apply to $num==8 case
+	mov	-32($aptr,$i),$a0	# a[0]
+	lea	64(%rsp,$num,2),$tptr	# end of tp[] buffer, &tp[2*$num]
+	mov	-24($aptr,$i),%rax	# a[1]
+	lea	-32($tptr,$i),$tptr	# end of tp[] window, &tp[2*$num-"$i"]
+	mov	-16($aptr,$i),$ai	# a[2]
+	mov	%rax,$a1
+
+	mul	$a0			# a[1]*a[0]
+	mov	%rax,$A0[0]		# a[1]*a[0]
+	 mov	$ai,%rax		# a[2]
+	mov	%rdx,$A0[1]
+	mov	$A0[0],-24($tptr,$i)	# t[1]
+
+	xor	$A0[0],$A0[0]
+	mul	$a0			# a[2]*a[0]
+	add	%rax,$A0[1]
+	 mov	$ai,%rax
+	adc	%rdx,$A0[0]
+	mov	$A0[1],-16($tptr,$i)	# t[2]
+
+	lea	-16($i),$j		# j=-16
+
+
+	 mov	8($aptr,$j),$ai		# a[3]
+	mul	$a1			# a[2]*a[1]
+	mov	%rax,$A1[0]		# a[2]*a[1]+t[3]
+	 mov	$ai,%rax
+	mov	%rdx,$A1[1]
+
+	xor	$A0[1],$A0[1]
+	add	$A1[0],$A0[0]
+	 lea	16($j),$j
+	adc	\$0,$A0[1]
+	mul	$a0			# a[3]*a[0]
+	add	%rax,$A0[0]		# a[3]*a[0]+a[2]*a[1]+t[3]
+	 mov	$ai,%rax
+	adc	%rdx,$A0[1]
+	mov	$A0[0],-8($tptr,$j)	# t[3]
+	jmp	.Lsqr4x_1st
+
+.align	16
+.Lsqr4x_1st:
+	 mov	($aptr,$j),$ai		# a[4]
+	xor	$A1[0],$A1[0]
+	mul	$a1			# a[3]*a[1]
+	add	%rax,$A1[1]		# a[3]*a[1]+t[4]
+	 mov	$ai,%rax
+	adc	%rdx,$A1[0]
+
+	xor	$A0[0],$A0[0]
+	add	$A1[1],$A0[1]
+	adc	\$0,$A0[0]
+	mul	$a0			# a[4]*a[0]
+	add	%rax,$A0[1]		# a[4]*a[0]+a[3]*a[1]+t[4]
+	 mov	$ai,%rax		# a[3]
+	adc	%rdx,$A0[0]
+	mov	$A0[1],($tptr,$j)	# t[4]
+
+
+	 mov	8($aptr,$j),$ai		# a[5]
+	xor	$A1[1],$A1[1]
+	mul	$a1			# a[4]*a[3]
+	add	%rax,$A1[0]		# a[4]*a[3]+t[5]
+	 mov	$ai,%rax
+	adc	%rdx,$A1[1]
+
+	xor	$A0[1],$A0[1]
+	add	$A1[0],$A0[0]
+	adc	\$0,$A0[1]
+	mul	$a0			# a[5]*a[2]
+	add	%rax,$A0[0]		# a[5]*a[2]+a[4]*a[3]+t[5]
+	 mov	$ai,%rax
+	adc	%rdx,$A0[1]
+	mov	$A0[0],8($tptr,$j)	# t[5]
+
+	 mov	16($aptr,$j),$ai	# a[6]
+	xor	$A1[0],$A1[0]
+	mul	$a1			# a[5]*a[3]
+	add	%rax,$A1[1]		# a[5]*a[3]+t[6]
+	 mov	$ai,%rax
+	adc	%rdx,$A1[0]
+
+	xor	$A0[0],$A0[0]
+	add	$A1[1],$A0[1]
+	adc	\$0,$A0[0]
+	mul	$a0			# a[6]*a[2]
+	add	%rax,$A0[1]		# a[6]*a[2]+a[5]*a[3]+t[6]
+	 mov	$ai,%rax		# a[3]
+	adc	%rdx,$A0[0]
+	mov	$A0[1],16($tptr,$j)	# t[6]
+
+
+	 mov	24($aptr,$j),$ai	# a[7]
+	xor	$A1[1],$A1[1]
+	mul	$a1			# a[6]*a[5]
+	add	%rax,$A1[0]		# a[6]*a[5]+t[7]
+	 mov	$ai,%rax
+	adc	%rdx,$A1[1]
+
+	xor	$A0[1],$A0[1]
+	add	$A1[0],$A0[0]
+	 lea	32($j),$j
+	adc	\$0,$A0[1]
+	mul	$a0			# a[7]*a[4]
+	add	%rax,$A0[0]		# a[7]*a[4]+a[6]*a[5]+t[6]
+	 mov	$ai,%rax
+	adc	%rdx,$A0[1]
+	mov	$A0[0],-8($tptr,$j)	# t[7]
+
+	cmp	\$0,$j
+	jne	.Lsqr4x_1st
+
+	xor	$A1[0],$A1[0]
+	add	$A0[1],$A1[1]
+	adc	\$0,$A1[0]
+	mul	$a1			# a[7]*a[5]
+	add	%rax,$A1[1]
+	adc	%rdx,$A1[0]
+
+	mov	$A1[1],($tptr)		# t[8]
+	lea	16($i),$i
+	mov	$A1[0],8($tptr)		# t[9]
+	jmp	.Lsqr4x_outer
+
+.align	16
+.Lsqr4x_outer:				# comments apply to $num==6 case
+	mov	-32($aptr,$i),$a0	# a[0]
+	lea	64(%rsp,$num,2),$tptr	# end of tp[] buffer, &tp[2*$num]
+	mov	-24($aptr,$i),%rax	# a[1]
+	lea	-32($tptr,$i),$tptr	# end of tp[] window, &tp[2*$num-"$i"]
+	mov	-16($aptr,$i),$ai	# a[2]
+	mov	%rax,$a1
+
+	mov	-24($tptr,$i),$A0[0]	# t[1]
+	xor	$A0[1],$A0[1]
+	mul	$a0			# a[1]*a[0]
+	add	%rax,$A0[0]		# a[1]*a[0]+t[1]
+	 mov	$ai,%rax		# a[2]
+	adc	%rdx,$A0[1]
+	mov	$A0[0],-24($tptr,$i)	# t[1]
+
+	xor	$A0[0],$A0[0]
+	add	-16($tptr,$i),$A0[1]	# a[2]*a[0]+t[2]
+	adc	\$0,$A0[0]
+	mul	$a0			# a[2]*a[0]
+	add	%rax,$A0[1]
+	 mov	$ai,%rax
+	adc	%rdx,$A0[0]
+	mov	$A0[1],-16($tptr,$i)	# t[2]
+
+	lea	-16($i),$j		# j=-16
+	xor	$A1[0],$A1[0]
+
+
+	 mov	8($aptr,$j),$ai		# a[3]
+	xor	$A1[1],$A1[1]
+	add	8($tptr,$j),$A1[0]
+	adc	\$0,$A1[1]
+	mul	$a1			# a[2]*a[1]
+	add	%rax,$A1[0]		# a[2]*a[1]+t[3]
+	 mov	$ai,%rax
+	adc	%rdx,$A1[1]
+
+	xor	$A0[1],$A0[1]
+	add	$A1[0],$A0[0]
+	adc	\$0,$A0[1]
+	mul	$a0			# a[3]*a[0]
+	add	%rax,$A0[0]		# a[3]*a[0]+a[2]*a[1]+t[3]
+	 mov	$ai,%rax
+	adc	%rdx,$A0[1]
+	mov	$A0[0],8($tptr,$j)	# t[3]
+
+	lea	16($j),$j
+	jmp	.Lsqr4x_inner
+
+.align	16
+.Lsqr4x_inner:
+	 mov	($aptr,$j),$ai		# a[4]
+	xor	$A1[0],$A1[0]
+	add	($tptr,$j),$A1[1]
+	adc	\$0,$A1[0]
+	mul	$a1			# a[3]*a[1]
+	add	%rax,$A1[1]		# a[3]*a[1]+t[4]
+	 mov	$ai,%rax
+	adc	%rdx,$A1[0]
+
+	xor	$A0[0],$A0[0]
+	add	$A1[1],$A0[1]
+	adc	\$0,$A0[0]
+	mul	$a0			# a[4]*a[0]
+	add	%rax,$A0[1]		# a[4]*a[0]+a[3]*a[1]+t[4]
+	 mov	$ai,%rax		# a[3]
+	adc	%rdx,$A0[0]
+	mov	$A0[1],($tptr,$j)	# t[4]
+
+	 mov	8($aptr,$j),$ai		# a[5]
+	xor	$A1[1],$A1[1]
+	add	8($tptr,$j),$A1[0]
+	adc	\$0,$A1[1]
+	mul	$a1			# a[4]*a[3]
+	add	%rax,$A1[0]		# a[4]*a[3]+t[5]
+	 mov	$ai,%rax
+	adc	%rdx,$A1[1]
+
+	xor	$A0[1],$A0[1]
+	add	$A1[0],$A0[0]
+	lea	16($j),$j		# j++
+	adc	\$0,$A0[1]
+	mul	$a0			# a[5]*a[2]
+	add	%rax,$A0[0]		# a[5]*a[2]+a[4]*a[3]+t[5]
+	 mov	$ai,%rax
+	adc	%rdx,$A0[1]
+	mov	$A0[0],-8($tptr,$j)	# t[5], "preloaded t[1]" below
+
+	cmp	\$0,$j
+	jne	.Lsqr4x_inner
+
+	xor	$A1[0],$A1[0]
+	add	$A0[1],$A1[1]
+	adc	\$0,$A1[0]
+	mul	$a1			# a[5]*a[3]
+	add	%rax,$A1[1]
+	adc	%rdx,$A1[0]
+
+	mov	$A1[1],($tptr)		# t[6], "preloaded t[2]" below
+	mov	$A1[0],8($tptr)		# t[7], "preloaded t[3]" below
+
+	add	\$16,$i
+	jnz	.Lsqr4x_outer
+
+					# comments apply to $num==4 case
+	mov	-32($aptr),$a0		# a[0]
+	lea	64(%rsp,$num,2),$tptr	# end of tp[] buffer, &tp[2*$num]
+	mov	-24($aptr),%rax		# a[1]
+	lea	-32($tptr,$i),$tptr	# end of tp[] window, &tp[2*$num-"$i"]
+	mov	-16($aptr),$ai		# a[2]
+	mov	%rax,$a1
+
+	xor	$A0[1],$A0[1]
+	mul	$a0			# a[1]*a[0]
+	add	%rax,$A0[0]		# a[1]*a[0]+t[1], preloaded t[1]
+	 mov	$ai,%rax		# a[2]
+	adc	%rdx,$A0[1]
+	mov	$A0[0],-24($tptr)	# t[1]
+
+	xor	$A0[0],$A0[0]
+	add	$A1[1],$A0[1]		# a[2]*a[0]+t[2], preloaded t[2]
+	adc	\$0,$A0[0]
+	mul	$a0			# a[2]*a[0]
+	add	%rax,$A0[1]
+	 mov	$ai,%rax
+	adc	%rdx,$A0[0]
+	mov	$A0[1],-16($tptr)	# t[2]
+
+	 mov	-8($aptr),$ai		# a[3]
+	mul	$a1			# a[2]*a[1]
+	add	%rax,$A1[0]		# a[2]*a[1]+t[3], preloaded t[3]
+	 mov	$ai,%rax
+	adc	\$0,%rdx
+
+	xor	$A0[1],$A0[1]
+	add	$A1[0],$A0[0]
+	 mov	%rdx,$A1[1]
+	adc	\$0,$A0[1]
+	mul	$a0			# a[3]*a[0]
+	add	%rax,$A0[0]		# a[3]*a[0]+a[2]*a[1]+t[3]
+	 mov	$ai,%rax
+	adc	%rdx,$A0[1]
+	mov	$A0[0],-8($tptr)	# t[3]
+
+	xor	$A1[0],$A1[0]
+	add	$A0[1],$A1[1]
+	adc	\$0,$A1[0]
+	mul	$a1			# a[3]*a[1]
+	add	%rax,$A1[1]
+	 mov	-16($aptr),%rax		# a[2]
+	adc	%rdx,$A1[0]
+
+	mov	$A1[1],($tptr)		# t[4]
+	mov	$A1[0],8($tptr)		# t[5]
+
+	mul	$ai			# a[2]*a[3]
+___
+{
+my ($shift,$carry)=($a0,$a1);
+my @S=(@A1,$ai,$n0);
+$code.=<<___;
+	 add	\$16,$i
+	 xor	$shift,$shift
+	 sub	$num,$i			# $i=16-$num
+	 xor	$carry,$carry
+
+	add	$A1[0],%rax		# t[5]
+	adc	\$0,%rdx
+	mov	%rax,8($tptr)		# t[5]
+	mov	%rdx,16($tptr)		# t[6]
+	mov	$carry,24($tptr)	# t[7]
+
+	 mov	-16($aptr,$i),%rax	# a[0]
+	lea	64(%rsp,$num,2),$tptr
+	 xor	$A0[0],$A0[0]		# t[0]
+	 mov	-24($tptr,$i,2),$A0[1]	# t[1]
+
+	lea	($shift,$A0[0],2),$S[0]	# t[2*i]<<1 | shift
+	shr	\$63,$A0[0]
+	lea	($j,$A0[1],2),$S[1]	# t[2*i+1]<<1 |
+	shr	\$63,$A0[1]
+	or	$A0[0],$S[1]		# | t[2*i]>>63
+	 mov	-16($tptr,$i,2),$A0[0]	# t[2*i+2]	# prefetch
+	mov	$A0[1],$shift		# shift=t[2*i+1]>>63
+	mul	%rax			# a[i]*a[i]
+	neg	$carry			# mov $carry,cf
+	 mov	-8($tptr,$i,2),$A0[1]	# t[2*i+2+1]	# prefetch
+	adc	%rax,$S[0]
+	 mov	-8($aptr,$i),%rax	# a[i+1]	# prefetch
+	mov	$S[0],-32($tptr,$i,2)
+	adc	%rdx,$S[1]
+
+	lea	($shift,$A0[0],2),$S[2]	# t[2*i]<<1 | shift
+	 mov	$S[1],-24($tptr,$i,2)
+	 sbb	$carry,$carry		# mov cf,$carry
+	shr	\$63,$A0[0]
+	lea	($j,$A0[1],2),$S[3]	# t[2*i+1]<<1 |
+	shr	\$63,$A0[1]
+	or	$A0[0],$S[3]		# | t[2*i]>>63
+	 mov	0($tptr,$i,2),$A0[0]	# t[2*i+2]	# prefetch
+	mov	$A0[1],$shift		# shift=t[2*i+1]>>63
+	mul	%rax			# a[i]*a[i]
+	neg	$carry			# mov $carry,cf
+	 mov	8($tptr,$i,2),$A0[1]	# t[2*i+2+1]	# prefetch
+	adc	%rax,$S[2]
+	 mov	0($aptr,$i),%rax	# a[i+1]	# prefetch
+	mov	$S[2],-16($tptr,$i,2)
+	adc	%rdx,$S[3]
+	lea	16($i),$i
+	mov	$S[3],-40($tptr,$i,2)
+	sbb	$carry,$carry		# mov cf,$carry
+	jmp	.Lsqr4x_shift_n_add
+
+.align	16
+.Lsqr4x_shift_n_add:
+	lea	($shift,$A0[0],2),$S[0]	# t[2*i]<<1 | shift
+	shr	\$63,$A0[0]
+	lea	($j,$A0[1],2),$S[1]	# t[2*i+1]<<1 |
+	shr	\$63,$A0[1]
+	or	$A0[0],$S[1]		# | t[2*i]>>63
+	 mov	-16($tptr,$i,2),$A0[0]	# t[2*i+2]	# prefetch
+	mov	$A0[1],$shift		# shift=t[2*i+1]>>63
+	mul	%rax			# a[i]*a[i]
+	neg	$carry			# mov $carry,cf
+	 mov	-8($tptr,$i,2),$A0[1]	# t[2*i+2+1]	# prefetch
+	adc	%rax,$S[0]
+	 mov	-8($aptr,$i),%rax	# a[i+1]	# prefetch
+	mov	$S[0],-32($tptr,$i,2)
+	adc	%rdx,$S[1]
+
+	lea	($shift,$A0[0],2),$S[2]	# t[2*i]<<1 | shift
+	 mov	$S[1],-24($tptr,$i,2)
+	 sbb	$carry,$carry		# mov cf,$carry
+	shr	\$63,$A0[0]
+	lea	($j,$A0[1],2),$S[3]	# t[2*i+1]<<1 |
+	shr	\$63,$A0[1]
+	or	$A0[0],$S[3]		# | t[2*i]>>63
+	 mov	0($tptr,$i,2),$A0[0]	# t[2*i+2]	# prefetch
+	mov	$A0[1],$shift		# shift=t[2*i+1]>>63
+	mul	%rax			# a[i]*a[i]
+	neg	$carry			# mov $carry,cf
+	 mov	8($tptr,$i,2),$A0[1]	# t[2*i+2+1]	# prefetch
+	adc	%rax,$S[2]
+	 mov	0($aptr,$i),%rax	# a[i+1]	# prefetch
+	mov	$S[2],-16($tptr,$i,2)
+	adc	%rdx,$S[3]
+
+	lea	($shift,$A0[0],2),$S[0]	# t[2*i]<<1 | shift
+	 mov	$S[3],-8($tptr,$i,2)
+	 sbb	$carry,$carry		# mov cf,$carry
+	shr	\$63,$A0[0]
+	lea	($j,$A0[1],2),$S[1]	# t[2*i+1]<<1 |
+	shr	\$63,$A0[1]
+	or	$A0[0],$S[1]		# | t[2*i]>>63
+	 mov	16($tptr,$i,2),$A0[0]	# t[2*i+2]	# prefetch
+	mov	$A0[1],$shift		# shift=t[2*i+1]>>63
+	mul	%rax			# a[i]*a[i]
+	neg	$carry			# mov $carry,cf
+	 mov	24($tptr,$i,2),$A0[1]	# t[2*i+2+1]	# prefetch
+	adc	%rax,$S[0]
+	 mov	8($aptr,$i),%rax	# a[i+1]	# prefetch
+	mov	$S[0],0($tptr,$i,2)
+	adc	%rdx,$S[1]
+
+	lea	($shift,$A0[0],2),$S[2]	# t[2*i]<<1 | shift
+	 mov	$S[1],8($tptr,$i,2)
+	 sbb	$carry,$carry		# mov cf,$carry
+	shr	\$63,$A0[0]
+	lea	($j,$A0[1],2),$S[3]	# t[2*i+1]<<1 |
+	shr	\$63,$A0[1]
+	or	$A0[0],$S[3]		# | t[2*i]>>63
+	 mov	32($tptr,$i,2),$A0[0]	# t[2*i+2]	# prefetch
+	mov	$A0[1],$shift		# shift=t[2*i+1]>>63
+	mul	%rax			# a[i]*a[i]
+	neg	$carry			# mov $carry,cf
+	 mov	40($tptr,$i,2),$A0[1]	# t[2*i+2+1]	# prefetch
+	adc	%rax,$S[2]
+	 mov	16($aptr,$i),%rax	# a[i+1]	# prefetch
+	mov	$S[2],16($tptr,$i,2)
+	adc	%rdx,$S[3]
+	mov	$S[3],24($tptr,$i,2)
+	sbb	$carry,$carry		# mov cf,$carry
+	add	\$32,$i
+	jnz	.Lsqr4x_shift_n_add
+
+	lea	($shift,$A0[0],2),$S[0]	# t[2*i]<<1 | shift
+	shr	\$63,$A0[0]
+	lea	($j,$A0[1],2),$S[1]	# t[2*i+1]<<1 |
+	shr	\$63,$A0[1]
+	or	$A0[0],$S[1]		# | t[2*i]>>63
+	 mov	-16($tptr),$A0[0]	# t[2*i+2]	# prefetch
+	mov	$A0[1],$shift		# shift=t[2*i+1]>>63
+	mul	%rax			# a[i]*a[i]
+	neg	$carry			# mov $carry,cf
+	 mov	-8($tptr),$A0[1]	# t[2*i+2+1]	# prefetch
+	adc	%rax,$S[0]
+	 mov	-8($aptr),%rax		# a[i+1]	# prefetch
+	mov	$S[0],-32($tptr)
+	adc	%rdx,$S[1]
+
+	lea	($shift,$A0[0],2),$S[2]	# t[2*i]<<1|shift
+	 mov	$S[1],-24($tptr)
+	 sbb	$carry,$carry		# mov cf,$carry
+	shr	\$63,$A0[0]
+	lea	($j,$A0[1],2),$S[3]	# t[2*i+1]<<1 |
+	shr	\$63,$A0[1]
+	or	$A0[0],$S[3]		# | t[2*i]>>63
+	mul	%rax			# a[i]*a[i]
+	neg	$carry			# mov $carry,cf
+	adc	%rax,$S[2]
+	adc	%rdx,$S[3]
+	mov	$S[2],-16($tptr)
+	mov	$S[3],-8($tptr)
+___
+}

+##############################################################
+# Montgomery reduction part, "word-by-word" algorithm.
+#
+{
+my ($topbit,$nptr)=("%rbp",$aptr);
+my ($m0,$m1)=($a0,$a1);
+my @Ni=("%rbx","%r9");
+$code.=<<___;
+	mov	40(%rsp),$nptr		# restore $nptr
+	mov	48(%rsp),$n0		# restore *n0
+	xor	$j,$j
+	mov	$num,0(%rsp)		# save $num
+	sub	$num,$j			# $j=-$num
+	 mov	64(%rsp),$A0[0]		# t[0]		# modsched #
+	 mov	$n0,$m0			#		# modsched #
+	lea	64(%rsp,$num,2),%rax	# end of t[] buffer
+	lea	64(%rsp,$num),$tptr	# end of t[] window
+	mov	%rax,8(%rsp)		# save end of t[] buffer
+	lea	($nptr,$num),$nptr	# end of n[] buffer
+	xor	$topbit,$topbit		# $topbit=0
+
+	mov	0($nptr,$j),%rax	# n[0]		# modsched #
+	mov	8($nptr,$j),$Ni[1]	# n[1]		# modsched #
+	 imulq	$A0[0],$m0		# m0=t[0]*n0	# modsched #
+	 mov	%rax,$Ni[0]		#		# modsched #
+	jmp	.Lsqr4x_mont_outer
+
+.align	16
+.Lsqr4x_mont_outer:
+	xor	$A0[1],$A0[1]
+	mul	$m0			# n[0]*m0
+	add	%rax,$A0[0]		# n[0]*m0+t[0]
+	 mov	$Ni[1],%rax
+	adc	%rdx,$A0[1]
+	mov	$n0,$m1
+
+	xor	$A0[0],$A0[0]
+	add	8($tptr,$j),$A0[1]
+	adc	\$0,$A0[0]
+	mul	$m0			# n[1]*m0
+	add	%rax,$A0[1]		# n[1]*m0+t[1]
+	 mov	$Ni[0],%rax
+	adc	%rdx,$A0[0]
+
+	imulq	$A0[1],$m1
+
+	mov	16($nptr,$j),$Ni[0]	# n[2]
+	xor	$A1[1],$A1[1]
+	add	$A0[1],$A1[0]
+	adc	\$0,$A1[1]
+	mul	$m1			# n[0]*m1
+	add	%rax,$A1[0]		# n[0]*m1+"t[1]"
+	 mov	$Ni[0],%rax
+	adc	%rdx,$A1[1]
+	mov	$A1[0],8($tptr,$j)	# "t[1]"
+
+	xor	$A0[1],$A0[1]
+	add	16($tptr,$j),$A0[0]
+	adc	\$0,$A0[1]
+	mul	$m0			# n[2]*m0
+	add	%rax,$A0[0]		# n[2]*m0+t[2]
+	 mov	$Ni[1],%rax
+	adc	%rdx,$A0[1]
+
+	mov	24($nptr,$j),$Ni[1]	# n[3]
+	xor	$A1[0],$A1[0]
+	add	$A0[0],$A1[1]
+	adc	\$0,$A1[0]
+	mul	$m1			# n[1]*m1
+	add	%rax,$A1[1]		# n[1]*m1+"t[2]"
+	 mov	$Ni[1],%rax
+	adc	%rdx,$A1[0]
+	mov	$A1[1],16($tptr,$j)	# "t[2]"
+
+	xor	$A0[0],$A0[0]
+	add	24($tptr,$j),$A0[1]
+	lea	32($j),$j
+	adc	\$0,$A0[0]
+	mul	$m0			# n[3]*m0
+	add	%rax,$A0[1]		# n[3]*m0+t[3]
+	 mov	$Ni[0],%rax
+	adc	%rdx,$A0[0]
+	jmp	.Lsqr4x_mont_inner
+
+.align	16
+.Lsqr4x_mont_inner:
+	mov	($nptr,$j),$Ni[0]	# n[4]
+	xor	$A1[1],$A1[1]
+	add	$A0[1],$A1[0]
+	adc	\$0,$A1[1]
+	mul	$m1			# n[2]*m1
+	add	%rax,$A1[0]		# n[2]*m1+"t[3]"
+	 mov	$Ni[0],%rax
+	adc	%rdx,$A1[1]
+	mov	$A1[0],-8($tptr,$j)	# "t[3]"
+
+	xor	$A0[1],$A0[1]
+	add	($tptr,$j),$A0[0]
+	adc	\$0,$A0[1]
+	mul	$m0			# n[4]*m0
+	add	%rax,$A0[0]		# n[4]*m0+t[4]
+	 mov	$Ni[1],%rax
+	adc	%rdx,$A0[1]
+
+	mov	8($nptr,$j),$Ni[1]	# n[5]
+	xor	$A1[0],$A1[0]
+	add	$A0[0],$A1[1]
+	adc	\$0,$A1[0]
+	mul	$m1			# n[3]*m1
+	add	%rax,$A1[1]		# n[3]*m1+"t[4]"
+	 mov	$Ni[1],%rax
+	adc	%rdx,$A1[0]
+	mov	$A1[1],($tptr,$j)	# "t[4]"
+
+	xor	$A0[0],$A0[0]
+	add	8($tptr,$j),$A0[1]
+	adc	\$0,$A0[0]
+	mul	$m0			# n[5]*m0
+	add	%rax,$A0[1]		# n[5]*m0+t[5]
+	 mov	$Ni[0],%rax
+	adc	%rdx,$A0[0]
+
+
+	mov	16($nptr,$j),$Ni[0]	# n[6]
+	xor	$A1[1],$A1[1]
+	add	$A0[1],$A1[0]
+	adc	\$0,$A1[1]
+	mul	$m1			# n[4]*m1
+	add	%rax,$A1[0]		# n[4]*m1+"t[5]"
+	 mov	$Ni[0],%rax
+	adc	%rdx,$A1[1]
+	mov	$A1[0],8($tptr,$j)	# "t[5]"
+
+	xor	$A0[1],$A0[1]
+	add	16($tptr,$j),$A0[0]
+	adc	\$0,$A0[1]
+	mul	$m0			# n[6]*m0
+	add	%rax,$A0[0]		# n[6]*m0+t[6]
+	 mov	$Ni[1],%rax
+	adc	%rdx,$A0[1]
+
+	mov	24($nptr,$j),$Ni[1]	# n[7]
+	xor	$A1[0],$A1[0]
+	add	$A0[0],$A1[1]
+	adc	\$0,$A1[0]
+	mul	$m1			# n[5]*m1
+	add	%rax,$A1[1]		# n[5]*m1+"t[6]"
+	 mov	$Ni[1],%rax
+	adc	%rdx,$A1[0]
+	mov	$A1[1],16($tptr,$j)	# "t[6]"
+
+	xor	$A0[0],$A0[0]
+	add	24($tptr,$j),$A0[1]
+	lea	32($j),$j
+	adc	\$0,$A0[0]
+	mul	$m0			# n[7]*m0
+	add	%rax,$A0[1]		# n[7]*m0+t[7]
+	 mov	$Ni[0],%rax
+	adc	%rdx,$A0[0]
+	cmp	\$0,$j
+	jne	.Lsqr4x_mont_inner
+
+	 sub	0(%rsp),$j		# $j=-$num	# modsched #
+	 mov	$n0,$m0			#		# modsched #
+
+	xor	$A1[1],$A1[1]
+	add	$A0[1],$A1[0]
+	adc	\$0,$A1[1]
+	mul	$m1			# n[6]*m1
+	add	%rax,$A1[0]		# n[6]*m1+"t[7]"
+	mov	$Ni[1],%rax
+	adc	%rdx,$A1[1]
+	mov	$A1[0],-8($tptr)	# "t[7]"
+
+	xor	$A0[1],$A0[1]
+	add	($tptr),$A0[0]		# +t[8]
+	adc	\$0,$A0[1]
+	 mov	0($nptr,$j),$Ni[0]	# n[0]		# modsched #
+	add	$topbit,$A0[0]
+	adc	\$0,$A0[1]
+
+	 imulq	16($tptr,$j),$m0	# m0=t[0]*n0	# modsched #
+	xor	$A1[0],$A1[0]
+	 mov	8($nptr,$j),$Ni[1]	# n[1]		# modsched #
+	add	$A0[0],$A1[1]
+	 mov	16($tptr,$j),$A0[0]	# t[0]		# modsched #
+	adc	\$0,$A1[0]
+	mul	$m1			# n[7]*m1
+	add	%rax,$A1[1]		# n[7]*m1+"t[8]"
+	 mov	$Ni[0],%rax		#		# modsched #
+	adc	%rdx,$A1[0]
+	mov	$A1[1],($tptr)		# "t[8]"
+
+	xor	$topbit,$topbit
+	add	8($tptr),$A1[0]		# +t[9]
+	adc	$topbit,$topbit
+	add	$A0[1],$A1[0]
+	lea	16($tptr),$tptr		# "t[$num]>>128"
+	adc	\$0,$topbit
+	mov	$A1[0],-8($tptr)	# "t[9]"
+	cmp	8(%rsp),$tptr		# are we done?
+	jb	.Lsqr4x_mont_outer
+
+	mov	0(%rsp),$num		# restore $num
+	mov	$topbit,($tptr)		# save $topbit
+___
+}

+##############################################################
+# Post-condition, 4x unrolled copy from bn_mul_mont
+#
+{
+my ($tptr,$nptr)=("%rbx",$aptr);
+my @ri=("%rax","%rdx","%r10","%r11");
+$code.=<<___;
+	mov	64(%rsp,$num), at ri[0]	# tp[0]
+	lea	64(%rsp,$num),$tptr	# upper half of t[2*$num] holds result
+	mov	40(%rsp),$nptr		# restore $nptr
+	shr	\$5,$num		# num/4
+	mov	8($tptr), at ri[1]		# t[1]
+	xor	$i,$i			# i=0 and clear CF!
+
+	mov	32(%rsp),$rptr		# restore $rptr
+	sub	0($nptr), at ri[0]
+	mov	16($tptr), at ri[2]	# t[2]
+	mov	24($tptr), at ri[3]	# t[3]
+	sbb	8($nptr), at ri[1]
+	lea	-1($num),$j		# j=num/4-1
+	jmp	.Lsqr4x_sub
+.align	16
+.Lsqr4x_sub:
+	mov	@ri[0],0($rptr,$i,8)	# rp[i]=tp[i]-np[i]
+	mov	@ri[1],8($rptr,$i,8)	# rp[i]=tp[i]-np[i]
+	sbb	16($nptr,$i,8), at ri[2]
+	mov	32($tptr,$i,8), at ri[0]	# tp[i+1]
+	mov	40($tptr,$i,8), at ri[1]
+	sbb	24($nptr,$i,8), at ri[3]
+	mov	@ri[2],16($rptr,$i,8)	# rp[i]=tp[i]-np[i]
+	mov	@ri[3],24($rptr,$i,8)	# rp[i]=tp[i]-np[i]
+	sbb	32($nptr,$i,8), at ri[0]
+	mov	48($tptr,$i,8), at ri[2]
+	mov	56($tptr,$i,8), at ri[3]
+	sbb	40($nptr,$i,8), at ri[1]
+	lea	4($i),$i		# i++
+	dec	$j			# doesn't affect CF!
+	jnz	.Lsqr4x_sub
+
+	mov	@ri[0],0($rptr,$i,8)	# rp[i]=tp[i]-np[i]
+	mov	32($tptr,$i,8), at ri[0]	# load overflow bit
+	sbb	16($nptr,$i,8), at ri[2]
+	mov	@ri[1],8($rptr,$i,8)	# rp[i]=tp[i]-np[i]
+	sbb	24($nptr,$i,8), at ri[3]
+	mov	@ri[2],16($rptr,$i,8)	# rp[i]=tp[i]-np[i]
+
+	sbb	\$0, at ri[0]		# handle upmost overflow bit
+	mov	@ri[3],24($rptr,$i,8)	# rp[i]=tp[i]-np[i]
+	xor	$i,$i			# i=0
+	and	@ri[0],$tptr
+	not	@ri[0]
+	mov	$rptr,$nptr
+	and	@ri[0],$nptr
+	lea	-1($num),$j
+	or	$nptr,$tptr		# tp=borrow?tp:rp
+
+	pxor	%xmm0,%xmm0
+	lea	64(%rsp,$num,8),$nptr
+	movdqu	($tptr),%xmm1
+	lea	($nptr,$num,8),$nptr
+	movdqa	%xmm0,64(%rsp)		# zap lower half of temporary vector
+	movdqa	%xmm0,($nptr)		# zap upper half of temporary vector
+	movdqu	%xmm1,($rptr)
+	jmp	.Lsqr4x_copy
+.align	16
+.Lsqr4x_copy:				# copy or in-place refresh
+	movdqu	16($tptr,$i),%xmm2
+	movdqu	32($tptr,$i),%xmm1
+	movdqa	%xmm0,80(%rsp,$i)	# zap lower half of temporary vector
+	movdqa	%xmm0,96(%rsp,$i)	# zap lower half of temporary vector
+	movdqa	%xmm0,16($nptr,$i)	# zap upper half of temporary vector
+	movdqa	%xmm0,32($nptr,$i)	# zap upper half of temporary vector
+	movdqu	%xmm2,16($rptr,$i)
+	movdqu	%xmm1,32($rptr,$i)
+	lea	32($i),$i
+	dec	$j
+	jnz	.Lsqr4x_copy
+
+	movdqu	16($tptr,$i),%xmm2
+	movdqa	%xmm0,80(%rsp,$i)	# zap lower half of temporary vector
+	movdqa	%xmm0,16($nptr,$i)	# zap upper half of temporary vector
+	movdqu	%xmm2,16($rptr,$i)
+___
+}
+$code.=<<___;
+	mov	56(%rsp),%rsi		# restore %rsp
+	mov	\$1,%rax
+	mov	0(%rsi),%r15
+	mov	8(%rsi),%r14
+	mov	16(%rsi),%r13
+	mov	24(%rsi),%r12
+	mov	32(%rsi),%rbp
+	mov	40(%rsi),%rbx
+	lea	48(%rsi),%rsp
+.Lsqr4x_epilogue:
+	ret
+.size	bn_sqr4x_mont,.-bn_sqr4x_mont
+___
+}}}
+$code.=<<___;
+.asciz	"Montgomery Multiplication for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+.align	16
+___
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	mul_handler,\@abi-omnipotent
+.align	16
+mul_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# end of prologue label
+	cmp	%r10,%rbx		# context->Rip<end of prologue label
+	jb	.Lcommon_seh_tail
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lcommon_seh_tail
+
+	mov	192($context),%r10	# pull $num
+	mov	8(%rax,%r10,8),%rax	# pull saved stack pointer
+	lea	48(%rax),%rax
+
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+	jmp	.Lcommon_seh_tail
+.size	mul_handler,.-mul_handler
+
+.type	sqr_handler,\@abi-omnipotent
+.align	16
+sqr_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	lea	.Lsqr4x_body(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip<.Lsqr_body
+	jb	.Lcommon_seh_tail
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	lea	.Lsqr4x_epilogue(%rip),%r10
+	cmp	%r10,%rbx		# context->Rip>=.Lsqr_epilogue
+	jae	.Lcommon_seh_tail
+
+	mov	56(%rax),%rax		# pull saved stack pointer
+	lea	48(%rax),%rax
+
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+.Lcommon_seh_tail:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	sqr_handler,.-sqr_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_bn_mul_mont
+	.rva	.LSEH_end_bn_mul_mont
+	.rva	.LSEH_info_bn_mul_mont
+
+	.rva	.LSEH_begin_bn_mul4x_mont
+	.rva	.LSEH_end_bn_mul4x_mont
+	.rva	.LSEH_info_bn_mul4x_mont
+
+	.rva	.LSEH_begin_bn_sqr4x_mont
+	.rva	.LSEH_end_bn_sqr4x_mont
+	.rva	.LSEH_info_bn_sqr4x_mont
+
+.section	.xdata
+.align	8
+.LSEH_info_bn_mul_mont:
+	.byte	9,0,0,0
+	.rva	mul_handler
+	.rva	.Lmul_body,.Lmul_epilogue	# HandlerData[]
+.LSEH_info_bn_mul4x_mont:
+	.byte	9,0,0,0
+	.rva	mul_handler
+	.rva	.Lmul4x_body,.Lmul4x_epilogue	# HandlerData[]
+.LSEH_info_bn_sqr4x_mont:
+	.byte	9,0,0,0
+	.rva	sqr_handler
+___
+}
+
+print $code;
+close STDOUT;

Deleted: vendor-crypto/openssl/1.0.1u/crypto/bn/asm/x86_64-mont5.pl
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont5.pl	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/bn/asm/x86_64-mont5.pl	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,1071 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# August 2011.
-#
-# Companion to x86_64-mont.pl that optimizes cache-timing attack
-# countermeasures. The subroutines are produced by replacing bp[i]
-# references in their x86_64-mont.pl counterparts with cache-neutral
-# references to powers table computed in BN_mod_exp_mont_consttime.
-# In addition subroutine that scatters elements of the powers table
-# is implemented, so that scatter-/gathering can be tuned without
-# bn_exp.c modifications.
-
-$flavour = shift;
-$output  = shift;
-if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
-
-$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
-( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
-die "can't locate x86_64-xlate.pl";
-
-open OUT,"| \"$^X\" $xlate $flavour $output";
-*STDOUT=*OUT;
-
-# int bn_mul_mont_gather5(
-$rp="%rdi";	# BN_ULONG *rp,
-$ap="%rsi";	# const BN_ULONG *ap,
-$bp="%rdx";	# const BN_ULONG *bp,
-$np="%rcx";	# const BN_ULONG *np,
-$n0="%r8";	# const BN_ULONG *n0,
-$num="%r9";	# int num,
-		# int idx);	# 0 to 2^5-1, "index" in $bp holding
-				# pre-computed powers of a', interlaced
-				# in such manner that b[0] is $bp[idx],
-				# b[1] is [2^5+idx], etc.
-$lo0="%r10";
-$hi0="%r11";
-$hi1="%r13";
-$i="%r14";
-$j="%r15";
-$m0="%rbx";
-$m1="%rbp";
-
-$code=<<___;
-.text
-
-.globl	bn_mul_mont_gather5
-.type	bn_mul_mont_gather5,\@function,6
-.align	64
-bn_mul_mont_gather5:
-	test	\$3,${num}d
-	jnz	.Lmul_enter
-	cmp	\$8,${num}d
-	jb	.Lmul_enter
-	jmp	.Lmul4x_enter
-
-.align	16
-.Lmul_enter:
-	mov	${num}d,${num}d
-	mov	`($win64?56:8)`(%rsp),%r10d	# load 7th argument
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-___
-$code.=<<___ if ($win64);
-	lea	-0x28(%rsp),%rsp
-	movaps	%xmm6,(%rsp)
-	movaps	%xmm7,0x10(%rsp)
-.Lmul_alloca:
-___
-$code.=<<___;
-	mov	%rsp,%rax
-	lea	2($num),%r11
-	neg	%r11
-	lea	(%rsp,%r11,8),%rsp	# tp=alloca(8*(num+2))
-	and	\$-1024,%rsp		# minimize TLB usage
-
-	mov	%rax,8(%rsp,$num,8)	# tp[num+1]=%rsp
-.Lmul_body:
-	mov	$bp,%r12		# reassign $bp
-___
-		$bp="%r12";
-		$STRIDE=2**5*8;		# 5 is "window size"
-		$N=$STRIDE/4;		# should match cache line size
-$code.=<<___;
-	mov	%r10,%r11
-	shr	\$`log($N/8)/log(2)`,%r10
-	and	\$`$N/8-1`,%r11
-	not	%r10
-	lea	.Lmagic_masks(%rip),%rax
-	and	\$`2**5/($N/8)-1`,%r10	# 5 is "window size"
-	lea	96($bp,%r11,8),$bp	# pointer within 1st cache line
-	movq	0(%rax,%r10,8),%xmm4	# set of masks denoting which
-	movq	8(%rax,%r10,8),%xmm5	# cache line contains element
-	movq	16(%rax,%r10,8),%xmm6	# denoted by 7th argument
-	movq	24(%rax,%r10,8),%xmm7
-
-	movq	`0*$STRIDE/4-96`($bp),%xmm0
-	movq	`1*$STRIDE/4-96`($bp),%xmm1
-	pand	%xmm4,%xmm0
-	movq	`2*$STRIDE/4-96`($bp),%xmm2
-	pand	%xmm5,%xmm1
-	movq	`3*$STRIDE/4-96`($bp),%xmm3
-	pand	%xmm6,%xmm2
-	por	%xmm1,%xmm0
-	pand	%xmm7,%xmm3
-	por	%xmm2,%xmm0
-	lea	$STRIDE($bp),$bp
-	por	%xmm3,%xmm0
-
-	movq	%xmm0,$m0		# m0=bp[0]
-
-	mov	($n0),$n0		# pull n0[0] value
-	mov	($ap),%rax
-
-	xor	$i,$i			# i=0
-	xor	$j,$j			# j=0
-
-	movq	`0*$STRIDE/4-96`($bp),%xmm0
-	movq	`1*$STRIDE/4-96`($bp),%xmm1
-	pand	%xmm4,%xmm0
-	movq	`2*$STRIDE/4-96`($bp),%xmm2
-	pand	%xmm5,%xmm1
-
-	mov	$n0,$m1
-	mulq	$m0			# ap[0]*bp[0]
-	mov	%rax,$lo0
-	mov	($np),%rax
-
-	movq	`3*$STRIDE/4-96`($bp),%xmm3
-	pand	%xmm6,%xmm2
-	por	%xmm1,%xmm0
-	pand	%xmm7,%xmm3
-
-	imulq	$lo0,$m1		# "tp[0]"*n0
-	mov	%rdx,$hi0
-
-	por	%xmm2,%xmm0
-	lea	$STRIDE($bp),$bp
-	por	%xmm3,%xmm0
-
-	mulq	$m1			# np[0]*m1
-	add	%rax,$lo0		# discarded
-	mov	8($ap),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$hi1
-
-	lea	1($j),$j		# j++
-	jmp	.L1st_enter
-
-.align	16
-.L1st:
-	add	%rax,$hi1
-	mov	($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$hi0,$hi1		# np[j]*m1+ap[j]*bp[0]
-	mov	$lo0,$hi0
-	adc	\$0,%rdx
-	mov	$hi1,-16(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$hi1
-
-.L1st_enter:
-	mulq	$m0			# ap[j]*bp[0]
-	add	%rax,$hi0
-	mov	($np,$j,8),%rax
-	adc	\$0,%rdx
-	lea	1($j),$j		# j++
-	mov	%rdx,$lo0
-
-	mulq	$m1			# np[j]*m1
-	cmp	$num,$j
-	jne	.L1st
-
-	movq	%xmm0,$m0		# bp[1]
-
-	add	%rax,$hi1
-	mov	($ap),%rax		# ap[0]
-	adc	\$0,%rdx
-	add	$hi0,$hi1		# np[j]*m1+ap[j]*bp[0]
-	adc	\$0,%rdx
-	mov	$hi1,-16(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$hi1
-	mov	$lo0,$hi0
-
-	xor	%rdx,%rdx
-	add	$hi0,$hi1
-	adc	\$0,%rdx
-	mov	$hi1,-8(%rsp,$num,8)
-	mov	%rdx,(%rsp,$num,8)	# store upmost overflow bit
-
-	lea	1($i),$i		# i++
-	jmp	.Louter
-.align	16
-.Louter:
-	xor	$j,$j			# j=0
-	mov	$n0,$m1
-	mov	(%rsp),$lo0
-
-	movq	`0*$STRIDE/4-96`($bp),%xmm0
-	movq	`1*$STRIDE/4-96`($bp),%xmm1
-	pand	%xmm4,%xmm0
-	movq	`2*$STRIDE/4-96`($bp),%xmm2
-	pand	%xmm5,%xmm1
-
-	mulq	$m0			# ap[0]*bp[i]
-	add	%rax,$lo0		# ap[0]*bp[i]+tp[0]
-	mov	($np),%rax
-	adc	\$0,%rdx
-
-	movq	`3*$STRIDE/4-96`($bp),%xmm3
-	pand	%xmm6,%xmm2
-	por	%xmm1,%xmm0
-	pand	%xmm7,%xmm3
-
-	imulq	$lo0,$m1		# tp[0]*n0
-	mov	%rdx,$hi0
-
-	por	%xmm2,%xmm0
-	lea	$STRIDE($bp),$bp
-	por	%xmm3,%xmm0
-
-	mulq	$m1			# np[0]*m1
-	add	%rax,$lo0		# discarded
-	mov	8($ap),%rax
-	adc	\$0,%rdx
-	mov	8(%rsp),$lo0		# tp[1]
-	mov	%rdx,$hi1
-
-	lea	1($j),$j		# j++
-	jmp	.Linner_enter
-
-.align	16
-.Linner:
-	add	%rax,$hi1
-	mov	($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$lo0,$hi1		# np[j]*m1+ap[j]*bp[i]+tp[j]
-	mov	(%rsp,$j,8),$lo0
-	adc	\$0,%rdx
-	mov	$hi1,-16(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$hi1
-
-.Linner_enter:
-	mulq	$m0			# ap[j]*bp[i]
-	add	%rax,$hi0
-	mov	($np,$j,8),%rax
-	adc	\$0,%rdx
-	add	$hi0,$lo0		# ap[j]*bp[i]+tp[j]
-	mov	%rdx,$hi0
-	adc	\$0,$hi0
-	lea	1($j),$j		# j++
-
-	mulq	$m1			# np[j]*m1
-	cmp	$num,$j
-	jne	.Linner
-
-	movq	%xmm0,$m0		# bp[i+1]
-
-	add	%rax,$hi1
-	mov	($ap),%rax		# ap[0]
-	adc	\$0,%rdx
-	add	$lo0,$hi1		# np[j]*m1+ap[j]*bp[i]+tp[j]
-	mov	(%rsp,$j,8),$lo0
-	adc	\$0,%rdx
-	mov	$hi1,-16(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$hi1
-
-	xor	%rdx,%rdx
-	add	$hi0,$hi1
-	adc	\$0,%rdx
-	add	$lo0,$hi1		# pull upmost overflow bit
-	adc	\$0,%rdx
-	mov	$hi1,-8(%rsp,$num,8)
-	mov	%rdx,(%rsp,$num,8)	# store upmost overflow bit
-
-	lea	1($i),$i		# i++
-	cmp	$num,$i
-	jl	.Louter
-
-	xor	$i,$i			# i=0 and clear CF!
-	mov	(%rsp),%rax		# tp[0]
-	lea	(%rsp),$ap		# borrow ap for tp
-	mov	$num,$j			# j=num
-	jmp	.Lsub
-.align	16
-.Lsub:	sbb	($np,$i,8),%rax
-	mov	%rax,($rp,$i,8)		# rp[i]=tp[i]-np[i]
-	mov	8($ap,$i,8),%rax	# tp[i+1]
-	lea	1($i),$i		# i++
-	dec	$j			# doesnn't affect CF!
-	jnz	.Lsub
-
-	sbb	\$0,%rax		# handle upmost overflow bit
-	xor	$i,$i
-	and	%rax,$ap
-	not	%rax
-	mov	$rp,$np
-	and	%rax,$np
-	mov	$num,$j			# j=num
-	or	$np,$ap			# ap=borrow?tp:rp
-.align	16
-.Lcopy:					# copy or in-place refresh
-	mov	($ap,$i,8),%rax
-	mov	$i,(%rsp,$i,8)		# zap temporary vector
-	mov	%rax,($rp,$i,8)		# rp[i]=tp[i]
-	lea	1($i),$i
-	sub	\$1,$j
-	jnz	.Lcopy
-
-	mov	8(%rsp,$num,8),%rsi	# restore %rsp
-	mov	\$1,%rax
-___
-$code.=<<___ if ($win64);
-	movaps	(%rsi),%xmm6
-	movaps	0x10(%rsi),%xmm7
-	lea	0x28(%rsi),%rsi
-___
-$code.=<<___;
-	mov	(%rsi),%r15
-	mov	8(%rsi),%r14
-	mov	16(%rsi),%r13
-	mov	24(%rsi),%r12
-	mov	32(%rsi),%rbp
-	mov	40(%rsi),%rbx
-	lea	48(%rsi),%rsp
-.Lmul_epilogue:
-	ret
-.size	bn_mul_mont_gather5,.-bn_mul_mont_gather5
-___
-{{{
-my @A=("%r10","%r11");
-my @N=("%r13","%rdi");
-$code.=<<___;
-.type	bn_mul4x_mont_gather5,\@function,6
-.align	16
-bn_mul4x_mont_gather5:
-.Lmul4x_enter:
-	mov	${num}d,${num}d
-	mov	`($win64?56:8)`(%rsp),%r10d	# load 7th argument
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-___
-$code.=<<___ if ($win64);
-	lea	-0x28(%rsp),%rsp
-	movaps	%xmm6,(%rsp)
-	movaps	%xmm7,0x10(%rsp)
-.Lmul4x_alloca:
-___
-$code.=<<___;
-	mov	%rsp,%rax
-	lea	4($num),%r11
-	neg	%r11
-	lea	(%rsp,%r11,8),%rsp	# tp=alloca(8*(num+4))
-	and	\$-1024,%rsp		# minimize TLB usage
-
-	mov	%rax,8(%rsp,$num,8)	# tp[num+1]=%rsp
-.Lmul4x_body:
-	mov	$rp,16(%rsp,$num,8)	# tp[num+2]=$rp
-	mov	%rdx,%r12		# reassign $bp
-___
-		$bp="%r12";
-		$STRIDE=2**5*8;		# 5 is "window size"
-		$N=$STRIDE/4;		# should match cache line size
-$code.=<<___;
-	mov	%r10,%r11
-	shr	\$`log($N/8)/log(2)`,%r10
-	and	\$`$N/8-1`,%r11
-	not	%r10
-	lea	.Lmagic_masks(%rip),%rax
-	and	\$`2**5/($N/8)-1`,%r10	# 5 is "window size"
-	lea	96($bp,%r11,8),$bp	# pointer within 1st cache line
-	movq	0(%rax,%r10,8),%xmm4	# set of masks denoting which
-	movq	8(%rax,%r10,8),%xmm5	# cache line contains element
-	movq	16(%rax,%r10,8),%xmm6	# denoted by 7th argument
-	movq	24(%rax,%r10,8),%xmm7
-
-	movq	`0*$STRIDE/4-96`($bp),%xmm0
-	movq	`1*$STRIDE/4-96`($bp),%xmm1
-	pand	%xmm4,%xmm0
-	movq	`2*$STRIDE/4-96`($bp),%xmm2
-	pand	%xmm5,%xmm1
-	movq	`3*$STRIDE/4-96`($bp),%xmm3
-	pand	%xmm6,%xmm2
-	por	%xmm1,%xmm0
-	pand	%xmm7,%xmm3
-	por	%xmm2,%xmm0
-	lea	$STRIDE($bp),$bp
-	por	%xmm3,%xmm0
-
-	movq	%xmm0,$m0		# m0=bp[0]
-	mov	($n0),$n0		# pull n0[0] value
-	mov	($ap),%rax
-
-	xor	$i,$i			# i=0
-	xor	$j,$j			# j=0
-
-	movq	`0*$STRIDE/4-96`($bp),%xmm0
-	movq	`1*$STRIDE/4-96`($bp),%xmm1
-	pand	%xmm4,%xmm0
-	movq	`2*$STRIDE/4-96`($bp),%xmm2
-	pand	%xmm5,%xmm1
-
-	mov	$n0,$m1
-	mulq	$m0			# ap[0]*bp[0]
-	mov	%rax,$A[0]
-	mov	($np),%rax
-
-	movq	`3*$STRIDE/4-96`($bp),%xmm3
-	pand	%xmm6,%xmm2
-	por	%xmm1,%xmm0
-	pand	%xmm7,%xmm3
-
-	imulq	$A[0],$m1		# "tp[0]"*n0
-	mov	%rdx,$A[1]
-
-	por	%xmm2,%xmm0
-	lea	$STRIDE($bp),$bp
-	por	%xmm3,%xmm0
-
-	mulq	$m1			# np[0]*m1
-	add	%rax,$A[0]		# discarded
-	mov	8($ap),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$N[1]
-
-	mulq	$m0
-	add	%rax,$A[1]
-	mov	8($np),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$A[0]
-
-	mulq	$m1
-	add	%rax,$N[1]
-	mov	16($ap),%rax
-	adc	\$0,%rdx
-	add	$A[1],$N[1]
-	lea	4($j),$j		# j++
-	adc	\$0,%rdx
-	mov	$N[1],(%rsp)
-	mov	%rdx,$N[0]
-	jmp	.L1st4x
-.align	16
-.L1st4x:
-	mulq	$m0			# ap[j]*bp[0]
-	add	%rax,$A[0]
-	mov	-16($np,$j,8),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$A[1]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[0]
-	mov	-8($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[0],$N[0]		# np[j]*m1+ap[j]*bp[0]
-	adc	\$0,%rdx
-	mov	$N[0],-24(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[1]
-
-	mulq	$m0			# ap[j]*bp[0]
-	add	%rax,$A[1]
-	mov	-8($np,$j,8),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$A[0]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[1]
-	mov	($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[0]
-	adc	\$0,%rdx
-	mov	$N[1],-16(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[0]
-
-	mulq	$m0			# ap[j]*bp[0]
-	add	%rax,$A[0]
-	mov	($np,$j,8),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$A[1]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[0]
-	mov	8($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[0],$N[0]		# np[j]*m1+ap[j]*bp[0]
-	adc	\$0,%rdx
-	mov	$N[0],-8(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[1]
-
-	mulq	$m0			# ap[j]*bp[0]
-	add	%rax,$A[1]
-	mov	8($np,$j,8),%rax
-	adc	\$0,%rdx
-	lea	4($j),$j		# j++
-	mov	%rdx,$A[0]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[1]
-	mov	-16($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[0]
-	adc	\$0,%rdx
-	mov	$N[1],-32(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[0]
-	cmp	$num,$j
-	jl	.L1st4x
-
-	mulq	$m0			# ap[j]*bp[0]
-	add	%rax,$A[0]
-	mov	-16($np,$j,8),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$A[1]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[0]
-	mov	-8($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[0],$N[0]		# np[j]*m1+ap[j]*bp[0]
-	adc	\$0,%rdx
-	mov	$N[0],-24(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[1]
-
-	mulq	$m0			# ap[j]*bp[0]
-	add	%rax,$A[1]
-	mov	-8($np,$j,8),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$A[0]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[1]
-	mov	($ap),%rax		# ap[0]
-	adc	\$0,%rdx
-	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[0]
-	adc	\$0,%rdx
-	mov	$N[1],-16(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[0]
-
-	movq	%xmm0,$m0		# bp[1]
-
-	xor	$N[1],$N[1]
-	add	$A[0],$N[0]
-	adc	\$0,$N[1]
-	mov	$N[0],-8(%rsp,$j,8)
-	mov	$N[1],(%rsp,$j,8)	# store upmost overflow bit
-
-	lea	1($i),$i		# i++
-.align	4
-.Louter4x:
-	xor	$j,$j			# j=0
-	movq	`0*$STRIDE/4-96`($bp),%xmm0
-	movq	`1*$STRIDE/4-96`($bp),%xmm1
-	pand	%xmm4,%xmm0
-	movq	`2*$STRIDE/4-96`($bp),%xmm2
-	pand	%xmm5,%xmm1
-
-	mov	(%rsp),$A[0]
-	mov	$n0,$m1
-	mulq	$m0			# ap[0]*bp[i]
-	add	%rax,$A[0]		# ap[0]*bp[i]+tp[0]
-	mov	($np),%rax
-	adc	\$0,%rdx
-
-	movq	`3*$STRIDE/4-96`($bp),%xmm3
-	pand	%xmm6,%xmm2
-	por	%xmm1,%xmm0
-	pand	%xmm7,%xmm3
-
-	imulq	$A[0],$m1		# tp[0]*n0
-	mov	%rdx,$A[1]
-
-	por	%xmm2,%xmm0
-	lea	$STRIDE($bp),$bp
-	por	%xmm3,%xmm0
-
-	mulq	$m1			# np[0]*m1
-	add	%rax,$A[0]		# "$N[0]", discarded
-	mov	8($ap),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$N[1]
-
-	mulq	$m0			# ap[j]*bp[i]
-	add	%rax,$A[1]
-	mov	8($np),%rax
-	adc	\$0,%rdx
-	add	8(%rsp),$A[1]		# +tp[1]
-	adc	\$0,%rdx
-	mov	%rdx,$A[0]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[1]
-	mov	16($ap),%rax
-	adc	\$0,%rdx
-	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[i]+tp[j]
-	lea	4($j),$j		# j+=2
-	adc	\$0,%rdx
-	mov	%rdx,$N[0]
-	jmp	.Linner4x
-.align	16
-.Linner4x:
-	mulq	$m0			# ap[j]*bp[i]
-	add	%rax,$A[0]
-	mov	-16($np,$j,8),%rax
-	adc	\$0,%rdx
-	add	-16(%rsp,$j,8),$A[0]	# ap[j]*bp[i]+tp[j]
-	adc	\$0,%rdx
-	mov	%rdx,$A[1]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[0]
-	mov	-8($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[0],$N[0]
-	adc	\$0,%rdx
-	mov	$N[1],-32(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[1]
-
-	mulq	$m0			# ap[j]*bp[i]
-	add	%rax,$A[1]
-	mov	-8($np,$j,8),%rax
-	adc	\$0,%rdx
-	add	-8(%rsp,$j,8),$A[1]
-	adc	\$0,%rdx
-	mov	%rdx,$A[0]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[1]
-	mov	($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[1],$N[1]
-	adc	\$0,%rdx
-	mov	$N[0],-24(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[0]
-
-	mulq	$m0			# ap[j]*bp[i]
-	add	%rax,$A[0]
-	mov	($np,$j,8),%rax
-	adc	\$0,%rdx
-	add	(%rsp,$j,8),$A[0]	# ap[j]*bp[i]+tp[j]
-	adc	\$0,%rdx
-	mov	%rdx,$A[1]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[0]
-	mov	8($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[0],$N[0]
-	adc	\$0,%rdx
-	mov	$N[1],-16(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[1]
-
-	mulq	$m0			# ap[j]*bp[i]
-	add	%rax,$A[1]
-	mov	8($np,$j,8),%rax
-	adc	\$0,%rdx
-	add	8(%rsp,$j,8),$A[1]
-	adc	\$0,%rdx
-	lea	4($j),$j		# j++
-	mov	%rdx,$A[0]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[1]
-	mov	-16($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[1],$N[1]
-	adc	\$0,%rdx
-	mov	$N[0],-40(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[0]
-	cmp	$num,$j
-	jl	.Linner4x
-
-	mulq	$m0			# ap[j]*bp[i]
-	add	%rax,$A[0]
-	mov	-16($np,$j,8),%rax
-	adc	\$0,%rdx
-	add	-16(%rsp,$j,8),$A[0]	# ap[j]*bp[i]+tp[j]
-	adc	\$0,%rdx
-	mov	%rdx,$A[1]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[0]
-	mov	-8($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[0],$N[0]
-	adc	\$0,%rdx
-	mov	$N[1],-32(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[1]
-
-	mulq	$m0			# ap[j]*bp[i]
-	add	%rax,$A[1]
-	mov	-8($np,$j,8),%rax
-	adc	\$0,%rdx
-	add	-8(%rsp,$j,8),$A[1]
-	adc	\$0,%rdx
-	lea	1($i),$i		# i++
-	mov	%rdx,$A[0]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[1]
-	mov	($ap),%rax		# ap[0]
-	adc	\$0,%rdx
-	add	$A[1],$N[1]
-	adc	\$0,%rdx
-	mov	$N[0],-24(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[0]
-
-	movq	%xmm0,$m0		# bp[i+1]
-	mov	$N[1],-16(%rsp,$j,8)	# tp[j-1]
-
-	xor	$N[1],$N[1]
-	add	$A[0],$N[0]
-	adc	\$0,$N[1]
-	add	(%rsp,$num,8),$N[0]	# pull upmost overflow bit
-	adc	\$0,$N[1]
-	mov	$N[0],-8(%rsp,$j,8)
-	mov	$N[1],(%rsp,$j,8)	# store upmost overflow bit
-
-	cmp	$num,$i
-	jl	.Louter4x
-___
-{
-my @ri=("%rax","%rdx",$m0,$m1);
-$code.=<<___;
-	mov	16(%rsp,$num,8),$rp	# restore $rp
-	mov	0(%rsp), at ri[0]		# tp[0]
-	pxor	%xmm0,%xmm0
-	mov	8(%rsp), at ri[1]		# tp[1]
-	shr	\$2,$num		# num/=4
-	lea	(%rsp),$ap		# borrow ap for tp
-	xor	$i,$i			# i=0 and clear CF!
-
-	sub	0($np), at ri[0]
-	mov	16($ap), at ri[2]		# tp[2]
-	mov	24($ap), at ri[3]		# tp[3]
-	sbb	8($np), at ri[1]
-	lea	-1($num),$j		# j=num/4-1
-	jmp	.Lsub4x
-.align	16
-.Lsub4x:
-	mov	@ri[0],0($rp,$i,8)	# rp[i]=tp[i]-np[i]
-	mov	@ri[1],8($rp,$i,8)	# rp[i]=tp[i]-np[i]
-	sbb	16($np,$i,8), at ri[2]
-	mov	32($ap,$i,8), at ri[0]	# tp[i+1]
-	mov	40($ap,$i,8), at ri[1]
-	sbb	24($np,$i,8), at ri[3]
-	mov	@ri[2],16($rp,$i,8)	# rp[i]=tp[i]-np[i]
-	mov	@ri[3],24($rp,$i,8)	# rp[i]=tp[i]-np[i]
-	sbb	32($np,$i,8), at ri[0]
-	mov	48($ap,$i,8), at ri[2]
-	mov	56($ap,$i,8), at ri[3]
-	sbb	40($np,$i,8), at ri[1]
-	lea	4($i),$i		# i++
-	dec	$j			# doesnn't affect CF!
-	jnz	.Lsub4x
-
-	mov	@ri[0],0($rp,$i,8)	# rp[i]=tp[i]-np[i]
-	mov	32($ap,$i,8), at ri[0]	# load overflow bit
-	sbb	16($np,$i,8), at ri[2]
-	mov	@ri[1],8($rp,$i,8)	# rp[i]=tp[i]-np[i]
-	sbb	24($np,$i,8), at ri[3]
-	mov	@ri[2],16($rp,$i,8)	# rp[i]=tp[i]-np[i]
-
-	sbb	\$0, at ri[0]		# handle upmost overflow bit
-	mov	@ri[3],24($rp,$i,8)	# rp[i]=tp[i]-np[i]
-	xor	$i,$i			# i=0
-	and	@ri[0],$ap
-	not	@ri[0]
-	mov	$rp,$np
-	and	@ri[0],$np
-	lea	-1($num),$j
-	or	$np,$ap			# ap=borrow?tp:rp
-
-	movdqu	($ap),%xmm1
-	movdqa	%xmm0,(%rsp)
-	movdqu	%xmm1,($rp)
-	jmp	.Lcopy4x
-.align	16
-.Lcopy4x:					# copy or in-place refresh
-	movdqu	16($ap,$i),%xmm2
-	movdqu	32($ap,$i),%xmm1
-	movdqa	%xmm0,16(%rsp,$i)
-	movdqu	%xmm2,16($rp,$i)
-	movdqa	%xmm0,32(%rsp,$i)
-	movdqu	%xmm1,32($rp,$i)
-	lea	32($i),$i
-	dec	$j
-	jnz	.Lcopy4x
-
-	shl	\$2,$num
-	movdqu	16($ap,$i),%xmm2
-	movdqa	%xmm0,16(%rsp,$i)
-	movdqu	%xmm2,16($rp,$i)
-___
-}
-$code.=<<___;
-	mov	8(%rsp,$num,8),%rsi	# restore %rsp
-	mov	\$1,%rax
-___
-$code.=<<___ if ($win64);
-	movaps	(%rsi),%xmm6
-	movaps	0x10(%rsi),%xmm7
-	lea	0x28(%rsi),%rsi
-___
-$code.=<<___;
-	mov	(%rsi),%r15
-	mov	8(%rsi),%r14
-	mov	16(%rsi),%r13
-	mov	24(%rsi),%r12
-	mov	32(%rsi),%rbp
-	mov	40(%rsi),%rbx
-	lea	48(%rsi),%rsp
-.Lmul4x_epilogue:
-	ret
-.size	bn_mul4x_mont_gather5,.-bn_mul4x_mont_gather5
-___
-}}}
-
-{
-my ($inp,$num,$tbl,$idx)=$win64?("%rcx","%rdx","%r8", "%r9") : # Win64 order
-				("%rdi","%rsi","%rdx","%rcx"); # Unix order
-my $out=$inp;
-my $STRIDE=2**5*8;
-my $N=$STRIDE/4;
-
-$code.=<<___;
-.globl	bn_scatter5
-.type	bn_scatter5,\@abi-omnipotent
-.align	16
-bn_scatter5:
-	cmp	\$0, $num
-	jz	.Lscatter_epilogue
-	lea	($tbl,$idx,8),$tbl
-.Lscatter:
-	mov	($inp),%rax
-	lea	8($inp),$inp
-	mov	%rax,($tbl)
-	lea	32*8($tbl),$tbl
-	sub	\$1,$num
-	jnz	.Lscatter
-.Lscatter_epilogue:
-	ret
-.size	bn_scatter5,.-bn_scatter5
-
-.globl	bn_gather5
-.type	bn_gather5,\@abi-omnipotent
-.align	16
-bn_gather5:
-___
-$code.=<<___ if ($win64);
-.LSEH_begin_bn_gather5:
-	# I can't trust assembler to use specific encoding:-(
-	.byte	0x48,0x83,0xec,0x28		#sub	\$0x28,%rsp
-	.byte	0x0f,0x29,0x34,0x24		#movaps	%xmm6,(%rsp)
-	.byte	0x0f,0x29,0x7c,0x24,0x10	#movdqa	%xmm7,0x10(%rsp)
-___
-$code.=<<___;
-	mov	$idx,%r11
-	shr	\$`log($N/8)/log(2)`,$idx
-	and	\$`$N/8-1`,%r11
-	not	$idx
-	lea	.Lmagic_masks(%rip),%rax
-	and	\$`2**5/($N/8)-1`,$idx	# 5 is "window size"
-	lea	96($tbl,%r11,8),$tbl	# pointer within 1st cache line
-	movq	0(%rax,$idx,8),%xmm4	# set of masks denoting which
-	movq	8(%rax,$idx,8),%xmm5	# cache line contains element
-	movq	16(%rax,$idx,8),%xmm6	# denoted by 7th argument
-	movq	24(%rax,$idx,8),%xmm7
-	jmp	.Lgather
-.align	16
-.Lgather:
-	movq	`0*$STRIDE/4-96`($tbl),%xmm0
-	movq	`1*$STRIDE/4-96`($tbl),%xmm1
-	pand	%xmm4,%xmm0
-	movq	`2*$STRIDE/4-96`($tbl),%xmm2
-	pand	%xmm5,%xmm1
-	movq	`3*$STRIDE/4-96`($tbl),%xmm3
-	pand	%xmm6,%xmm2
-	por	%xmm1,%xmm0
-	pand	%xmm7,%xmm3
-	por	%xmm2,%xmm0
-	lea	$STRIDE($tbl),$tbl
-	por	%xmm3,%xmm0
-
-	movq	%xmm0,($out)		# m0=bp[0]
-	lea	8($out),$out
-	sub	\$1,$num
-	jnz	.Lgather
-___
-$code.=<<___ if ($win64);
-	movaps	(%rsp),%xmm6
-	movaps	0x10(%rsp),%xmm7
-	lea	0x28(%rsp),%rsp
-___
-$code.=<<___;
-	ret
-.LSEH_end_bn_gather5:
-.size	bn_gather5,.-bn_gather5
-___
-}
-$code.=<<___;
-.align	64
-.Lmagic_masks:
-	.long	0,0, 0,0, 0,0, -1,-1
-	.long	0,0, 0,0, 0,0,  0,0
-.asciz	"Montgomery Multiplication with scatter/gather for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
-___
-
-# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
-#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
-if ($win64) {
-$rec="%rcx";
-$frame="%rdx";
-$context="%r8";
-$disp="%r9";
-
-$code.=<<___;
-.extern	__imp_RtlVirtualUnwind
-.type	mul_handler,\@abi-omnipotent
-.align	16
-mul_handler:
-	push	%rsi
-	push	%rdi
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	pushfq
-	sub	\$64,%rsp
-
-	mov	120($context),%rax	# pull context->Rax
-	mov	248($context),%rbx	# pull context->Rip
-
-	mov	8($disp),%rsi		# disp->ImageBase
-	mov	56($disp),%r11		# disp->HandlerData
-
-	mov	0(%r11),%r10d		# HandlerData[0]
-	lea	(%rsi,%r10),%r10	# end of prologue label
-	cmp	%r10,%rbx		# context->Rip<end of prologue label
-	jb	.Lcommon_seh_tail
-
-	lea	`40+48`(%rax),%rax
-
-	mov	4(%r11),%r10d		# HandlerData[1]
-	lea	(%rsi,%r10),%r10	# end of alloca label
-	cmp	%r10,%rbx		# context->Rip<end of alloca label
-	jb	.Lcommon_seh_tail
-
-	mov	152($context),%rax	# pull context->Rsp
-
-	mov	8(%r11),%r10d		# HandlerData[2]
-	lea	(%rsi,%r10),%r10	# epilogue label
-	cmp	%r10,%rbx		# context->Rip>=epilogue label
-	jae	.Lcommon_seh_tail
-
-	mov	192($context),%r10	# pull $num
-	mov	8(%rax,%r10,8),%rax	# pull saved stack pointer
-
-	movaps	(%rax),%xmm0
-	movaps	16(%rax),%xmm1
-	lea	`40+48`(%rax),%rax
-
-	mov	-8(%rax),%rbx
-	mov	-16(%rax),%rbp
-	mov	-24(%rax),%r12
-	mov	-32(%rax),%r13
-	mov	-40(%rax),%r14
-	mov	-48(%rax),%r15
-	mov	%rbx,144($context)	# restore context->Rbx
-	mov	%rbp,160($context)	# restore context->Rbp
-	mov	%r12,216($context)	# restore context->R12
-	mov	%r13,224($context)	# restore context->R13
-	mov	%r14,232($context)	# restore context->R14
-	mov	%r15,240($context)	# restore context->R15
-	movups	%xmm0,512($context)	# restore context->Xmm6
-	movups	%xmm1,528($context)	# restore context->Xmm7
-
-.Lcommon_seh_tail:
-	mov	8(%rax),%rdi
-	mov	16(%rax),%rsi
-	mov	%rax,152($context)	# restore context->Rsp
-	mov	%rsi,168($context)	# restore context->Rsi
-	mov	%rdi,176($context)	# restore context->Rdi
-
-	mov	40($disp),%rdi		# disp->ContextRecord
-	mov	$context,%rsi		# context
-	mov	\$154,%ecx		# sizeof(CONTEXT)
-	.long	0xa548f3fc		# cld; rep movsq
-
-	mov	$disp,%rsi
-	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
-	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
-	mov	0(%rsi),%r8		# arg3, disp->ControlPc
-	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
-	mov	40(%rsi),%r10		# disp->ContextRecord
-	lea	56(%rsi),%r11		# &disp->HandlerData
-	lea	24(%rsi),%r12		# &disp->EstablisherFrame
-	mov	%r10,32(%rsp)		# arg5
-	mov	%r11,40(%rsp)		# arg6
-	mov	%r12,48(%rsp)		# arg7
-	mov	%rcx,56(%rsp)		# arg8, (NULL)
-	call	*__imp_RtlVirtualUnwind(%rip)
-
-	mov	\$1,%eax		# ExceptionContinueSearch
-	add	\$64,%rsp
-	popfq
-	pop	%r15
-	pop	%r14
-	pop	%r13
-	pop	%r12
-	pop	%rbp
-	pop	%rbx
-	pop	%rdi
-	pop	%rsi
-	ret
-.size	mul_handler,.-mul_handler
-
-.section	.pdata
-.align	4
-	.rva	.LSEH_begin_bn_mul_mont_gather5
-	.rva	.LSEH_end_bn_mul_mont_gather5
-	.rva	.LSEH_info_bn_mul_mont_gather5
-
-	.rva	.LSEH_begin_bn_mul4x_mont_gather5
-	.rva	.LSEH_end_bn_mul4x_mont_gather5
-	.rva	.LSEH_info_bn_mul4x_mont_gather5
-
-	.rva	.LSEH_begin_bn_gather5
-	.rva	.LSEH_end_bn_gather5
-	.rva	.LSEH_info_bn_gather5
-
-.section	.xdata
-.align	8
-.LSEH_info_bn_mul_mont_gather5:
-	.byte	9,0,0,0
-	.rva	mul_handler
-	.rva	.Lmul_alloca,.Lmul_body,.Lmul_epilogue		# HandlerData[]
-.align	8
-.LSEH_info_bn_mul4x_mont_gather5:
-	.byte	9,0,0,0
-	.rva	mul_handler
-	.rva	.Lmul4x_alloca,.Lmul4x_body,.Lmul4x_epilogue	# HandlerData[]
-.align	8
-.LSEH_info_bn_gather5:
-        .byte   0x01,0x0d,0x05,0x00
-        .byte   0x0d,0x78,0x01,0x00	#movaps	0x10(rsp),xmm7
-        .byte   0x08,0x68,0x00,0x00	#movaps	(rsp),xmm6
-        .byte   0x04,0x42,0x00,0x00	#sub	rsp,0x28
-.align	8
-___
-}
-
-$code =~ s/\`([^\`]*)\`/eval($1)/gem;
-
-print $code;
-close STDOUT;

Copied: vendor-crypto/openssl/1.0.1u/crypto/bn/asm/x86_64-mont5.pl (from rev 11605, vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont5.pl)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/bn/asm/x86_64-mont5.pl	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/bn/asm/x86_64-mont5.pl	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,1208 @@
+#!/usr/bin/env perl
+
+# ====================================================================
+# Written by Andy Polyakov <appro at openssl.org> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# August 2011.
+#
+# Companion to x86_64-mont.pl that optimizes cache-timing attack
+# countermeasures. The subroutines are produced by replacing bp[i]
+# references in their x86_64-mont.pl counterparts with cache-neutral
+# references to powers table computed in BN_mod_exp_mont_consttime.
+# In addition subroutine that scatters elements of the powers table
+# is implemented, so that scatter-/gathering can be tuned without
+# bn_exp.c modifications.
+
+$flavour = shift;
+$output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
+
+# int bn_mul_mont_gather5(
+$rp="%rdi";	# BN_ULONG *rp,
+$ap="%rsi";	# const BN_ULONG *ap,
+$bp="%rdx";	# const BN_ULONG *bp,
+$np="%rcx";	# const BN_ULONG *np,
+$n0="%r8";	# const BN_ULONG *n0,
+$num="%r9";	# int num,
+		# int idx);	# 0 to 2^5-1, "index" in $bp holding
+				# pre-computed powers of a', interlaced
+				# in such manner that b[0] is $bp[idx],
+				# b[1] is [2^5+idx], etc.
+$lo0="%r10";
+$hi0="%r11";
+$hi1="%r13";
+$i="%r14";
+$j="%r15";
+$m0="%rbx";
+$m1="%rbp";
+
+$code=<<___;
+.text
+
+.globl	bn_mul_mont_gather5
+.type	bn_mul_mont_gather5,\@function,6
+.align	64
+bn_mul_mont_gather5:
+	test	\$3,${num}d
+	jnz	.Lmul_enter
+	cmp	\$8,${num}d
+	jb	.Lmul_enter
+	jmp	.Lmul4x_enter
+
+.align	16
+.Lmul_enter:
+	mov	${num}d,${num}d
+	movd	`($win64?56:8)`(%rsp),%xmm5	# load 7th argument
+	lea	.Linc(%rip),%r10
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+
+.Lmul_alloca:
+	mov	%rsp,%rax
+	lea	2($num),%r11
+	neg	%r11
+	lea	-264(%rsp,%r11,8),%rsp	# tp=alloca(8*(num+2)+256+8)
+	and	\$-1024,%rsp		# minimize TLB usage
+
+	mov	%rax,8(%rsp,$num,8)	# tp[num+1]=%rsp
+.Lmul_body:
+	# Some OSes, *cough*-dows, insist on stack being "wired" to
+	# physical memory in strictly sequential manner, i.e. if stack
+	# allocation spans two pages, then reference to farmost one can
+	# be punishable by SEGV. But page walking can do good even on
+	# other OSes, because it guarantees that villain thread hits
+	# the guard page before it can make damage to innocent one...
+	sub	%rsp,%rax
+	and	\$-4096,%rax
+.Lmul_page_walk:
+	mov	(%rsp,%rax),%r11
+	sub	\$4096,%rax
+	.byte	0x2e			# predict non-taken
+	jnc	.Lmul_page_walk
+
+	lea	128($bp),%r12		# reassign $bp (+size optimization)
+___
+		$bp="%r12";
+		$STRIDE=2**5*8;		# 5 is "window size"
+		$N=$STRIDE/4;		# should match cache line size
+$code.=<<___;
+	movdqa	0(%r10),%xmm0		# 00000001000000010000000000000000
+	movdqa	16(%r10),%xmm1		# 00000002000000020000000200000002
+	lea	24-112(%rsp,$num,8),%r10# place the mask after tp[num+3] (+ICache optimization)
+	and	\$-16,%r10
+
+	pshufd	\$0,%xmm5,%xmm5		# broadcast index
+	movdqa	%xmm1,%xmm4
+	movdqa	%xmm1,%xmm2
+___
+########################################################################
+# calculate mask by comparing 0..31 to index and save result to stack
+#
+$code.=<<___;
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0		# compare to 1,0
+	.byte	0x67
+	movdqa	%xmm4,%xmm3
+___
+for($k=0;$k<$STRIDE/16-4;$k+=4) {
+$code.=<<___;
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1		# compare to 3,2
+	movdqa	%xmm0,`16*($k+0)+112`(%r10)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2		# compare to 5,4
+	movdqa	%xmm1,`16*($k+1)+112`(%r10)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3		# compare to 7,6
+	movdqa	%xmm2,`16*($k+2)+112`(%r10)
+	movdqa	%xmm4,%xmm2
+
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+	movdqa	%xmm3,`16*($k+3)+112`(%r10)
+	movdqa	%xmm4,%xmm3
+___
+}
+$code.=<<___;				# last iteration can be optimized
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,`16*($k+0)+112`(%r10)
+
+	paddd	%xmm2,%xmm3
+	.byte	0x67
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,`16*($k+1)+112`(%r10)
+
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,`16*($k+2)+112`(%r10)
+	pand	`16*($k+0)-128`($bp),%xmm0	# while it's still in register
+
+	pand	`16*($k+1)-128`($bp),%xmm1
+	pand	`16*($k+2)-128`($bp),%xmm2
+	movdqa	%xmm3,`16*($k+3)+112`(%r10)
+	pand	`16*($k+3)-128`($bp),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+___
+for($k=0;$k<$STRIDE/16-4;$k+=4) {
+$code.=<<___;
+	movdqa	`16*($k+0)-128`($bp),%xmm4
+	movdqa	`16*($k+1)-128`($bp),%xmm5
+	movdqa	`16*($k+2)-128`($bp),%xmm2
+	pand	`16*($k+0)+112`(%r10),%xmm4
+	movdqa	`16*($k+3)-128`($bp),%xmm3
+	pand	`16*($k+1)+112`(%r10),%xmm5
+	por	%xmm4,%xmm0
+	pand	`16*($k+2)+112`(%r10),%xmm2
+	por	%xmm5,%xmm1
+	pand	`16*($k+3)+112`(%r10),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+___
+}
+$code.=<<___;
+	por	%xmm1,%xmm0
+	pshufd	\$0x4e,%xmm0,%xmm1
+	por	%xmm1,%xmm0
+	lea	$STRIDE($bp),$bp
+	movq	%xmm0,$m0		# m0=bp[0]
+
+	mov	($n0),$n0		# pull n0[0] value
+	mov	($ap),%rax
+
+	xor	$i,$i			# i=0
+	xor	$j,$j			# j=0
+
+	mov	$n0,$m1
+	mulq	$m0			# ap[0]*bp[0]
+	mov	%rax,$lo0
+	mov	($np),%rax
+
+	imulq	$lo0,$m1		# "tp[0]"*n0
+	mov	%rdx,$hi0
+
+	mulq	$m1			# np[0]*m1
+	add	%rax,$lo0		# discarded
+	mov	8($ap),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$hi1
+
+	lea	1($j),$j		# j++
+	jmp	.L1st_enter
+
+.align	16
+.L1st:
+	add	%rax,$hi1
+	mov	($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$hi0,$hi1		# np[j]*m1+ap[j]*bp[0]
+	mov	$lo0,$hi0
+	adc	\$0,%rdx
+	mov	$hi1,-16(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$hi1
+
+.L1st_enter:
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$hi0
+	mov	($np,$j,8),%rax
+	adc	\$0,%rdx
+	lea	1($j),$j		# j++
+	mov	%rdx,$lo0
+
+	mulq	$m1			# np[j]*m1
+	cmp	$num,$j
+	jne	.L1st
+
+	add	%rax,$hi1
+	mov	($ap),%rax		# ap[0]
+	adc	\$0,%rdx
+	add	$hi0,$hi1		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$hi1,-16(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$hi1
+	mov	$lo0,$hi0
+
+	xor	%rdx,%rdx
+	add	$hi0,$hi1
+	adc	\$0,%rdx
+	mov	$hi1,-8(%rsp,$num,8)
+	mov	%rdx,(%rsp,$num,8)	# store upmost overflow bit
+
+	lea	1($i),$i		# i++
+	jmp	.Louter
+.align	16
+.Louter:
+	lea	24+128(%rsp,$num,8),%rdx	# where 256-byte mask is (+size optimization)
+	and	\$-16,%rdx
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+___
+for($k=0;$k<$STRIDE/16;$k+=4) {
+$code.=<<___;
+	movdqa	`16*($k+0)-128`($bp),%xmm0
+	movdqa	`16*($k+1)-128`($bp),%xmm1
+	movdqa	`16*($k+2)-128`($bp),%xmm2
+	movdqa	`16*($k+3)-128`($bp),%xmm3
+	pand	`16*($k+0)-128`(%rdx),%xmm0
+	pand	`16*($k+1)-128`(%rdx),%xmm1
+	por	%xmm0,%xmm4
+	pand	`16*($k+2)-128`(%rdx),%xmm2
+	por	%xmm1,%xmm5
+	pand	`16*($k+3)-128`(%rdx),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+___
+}
+$code.=<<___;
+	por	%xmm5,%xmm4
+	pshufd	\$0x4e,%xmm4,%xmm0
+	por	%xmm4,%xmm0
+	lea	$STRIDE($bp),$bp
+	movq	%xmm0,$m0		# m0=bp[i]
+
+	xor	$j,$j			# j=0
+	mov	$n0,$m1
+	mov	(%rsp),$lo0
+
+	mulq	$m0			# ap[0]*bp[i]
+	add	%rax,$lo0		# ap[0]*bp[i]+tp[0]
+	mov	($np),%rax
+	adc	\$0,%rdx
+
+	imulq	$lo0,$m1		# tp[0]*n0
+	mov	%rdx,$hi0
+
+	mulq	$m1			# np[0]*m1
+	add	%rax,$lo0		# discarded
+	mov	8($ap),%rax
+	adc	\$0,%rdx
+	mov	8(%rsp),$lo0		# tp[1]
+	mov	%rdx,$hi1
+
+	lea	1($j),$j		# j++
+	jmp	.Linner_enter
+
+.align	16
+.Linner:
+	add	%rax,$hi1
+	mov	($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$lo0,$hi1		# np[j]*m1+ap[j]*bp[i]+tp[j]
+	mov	(%rsp,$j,8),$lo0
+	adc	\$0,%rdx
+	mov	$hi1,-16(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$hi1
+
+.Linner_enter:
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$hi0
+	mov	($np,$j,8),%rax
+	adc	\$0,%rdx
+	add	$hi0,$lo0		# ap[j]*bp[i]+tp[j]
+	mov	%rdx,$hi0
+	adc	\$0,$hi0
+	lea	1($j),$j		# j++
+
+	mulq	$m1			# np[j]*m1
+	cmp	$num,$j
+	jne	.Linner
+
+	add	%rax,$hi1
+	mov	($ap),%rax		# ap[0]
+	adc	\$0,%rdx
+	add	$lo0,$hi1		# np[j]*m1+ap[j]*bp[i]+tp[j]
+	mov	(%rsp,$j,8),$lo0
+	adc	\$0,%rdx
+	mov	$hi1,-16(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$hi1
+
+	xor	%rdx,%rdx
+	add	$hi0,$hi1
+	adc	\$0,%rdx
+	add	$lo0,$hi1		# pull upmost overflow bit
+	adc	\$0,%rdx
+	mov	$hi1,-8(%rsp,$num,8)
+	mov	%rdx,(%rsp,$num,8)	# store upmost overflow bit
+
+	lea	1($i),$i		# i++
+	cmp	$num,$i
+	jl	.Louter
+
+	xor	$i,$i			# i=0 and clear CF!
+	mov	(%rsp),%rax		# tp[0]
+	lea	(%rsp),$ap		# borrow ap for tp
+	mov	$num,$j			# j=num
+	jmp	.Lsub
+.align	16
+.Lsub:	sbb	($np,$i,8),%rax
+	mov	%rax,($rp,$i,8)		# rp[i]=tp[i]-np[i]
+	mov	8($ap,$i,8),%rax	# tp[i+1]
+	lea	1($i),$i		# i++
+	dec	$j			# doesnn't affect CF!
+	jnz	.Lsub
+
+	sbb	\$0,%rax		# handle upmost overflow bit
+	xor	$i,$i
+	and	%rax,$ap
+	not	%rax
+	mov	$rp,$np
+	and	%rax,$np
+	mov	$num,$j			# j=num
+	or	$np,$ap			# ap=borrow?tp:rp
+.align	16
+.Lcopy:					# copy or in-place refresh
+	mov	($ap,$i,8),%rax
+	mov	$i,(%rsp,$i,8)		# zap temporary vector
+	mov	%rax,($rp,$i,8)		# rp[i]=tp[i]
+	lea	1($i),$i
+	sub	\$1,$j
+	jnz	.Lcopy
+
+	mov	8(%rsp,$num,8),%rsi	# restore %rsp
+	mov	\$1,%rax
+
+	mov	(%rsi),%r15
+	mov	8(%rsi),%r14
+	mov	16(%rsi),%r13
+	mov	24(%rsi),%r12
+	mov	32(%rsi),%rbp
+	mov	40(%rsi),%rbx
+	lea	48(%rsi),%rsp
+.Lmul_epilogue:
+	ret
+.size	bn_mul_mont_gather5,.-bn_mul_mont_gather5
+___
+{{{
+my @A=("%r10","%r11");
+my @N=("%r13","%rdi");
+$code.=<<___;
+.type	bn_mul4x_mont_gather5,\@function,6
+.align	16
+bn_mul4x_mont_gather5:
+.Lmul4x_enter:
+	mov	${num}d,${num}d
+	movd	`($win64?56:8)`(%rsp),%xmm5	# load 7th argument
+	lea	.Linc(%rip),%r10
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+
+.Lmul4x_alloca:
+	mov	%rsp,%rax
+	lea	4($num),%r11
+	neg	%r11
+	lea	-256(%rsp,%r11,8),%rsp	# tp=alloca(8*(num+4)+256)
+	and	\$-1024,%rsp		# minimize TLB usage
+
+	mov	%rax,8(%rsp,$num,8)	# tp[num+1]=%rsp
+.Lmul4x_body:
+	sub	%rsp,%rax
+	and	\$-4096,%rax
+.Lmul4x_page_walk:
+	mov	(%rsp,%rax),%r11
+	sub	\$4096,%rax
+	.byte	0x2e			# predict non-taken
+	jnc	.Lmul4x_page_walk
+
+	mov	$rp,16(%rsp,$num,8)	# tp[num+2]=$rp
+	lea	128(%rdx),%r12		# reassign $bp (+size optimization)
+___
+		$bp="%r12";
+		$STRIDE=2**5*8;		# 5 is "window size"
+		$N=$STRIDE/4;		# should match cache line size
+$code.=<<___;
+	movdqa	0(%r10),%xmm0		# 00000001000000010000000000000000
+	movdqa	16(%r10),%xmm1		# 00000002000000020000000200000002
+	lea	32-112(%rsp,$num,8),%r10# place the mask after tp[num+4] (+ICache optimization)
+
+	pshufd	\$0,%xmm5,%xmm5		# broadcast index
+	movdqa	%xmm1,%xmm4
+	.byte	0x67,0x67
+	movdqa	%xmm1,%xmm2
+___
+########################################################################
+# calculate mask by comparing 0..31 to index and save result to stack
+#
+$code.=<<___;
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0		# compare to 1,0
+	.byte	0x67
+	movdqa	%xmm4,%xmm3
+___
+for($k=0;$k<$STRIDE/16-4;$k+=4) {
+$code.=<<___;
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1		# compare to 3,2
+	movdqa	%xmm0,`16*($k+0)+112`(%r10)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2		# compare to 5,4
+	movdqa	%xmm1,`16*($k+1)+112`(%r10)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3		# compare to 7,6
+	movdqa	%xmm2,`16*($k+2)+112`(%r10)
+	movdqa	%xmm4,%xmm2
+
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+	movdqa	%xmm3,`16*($k+3)+112`(%r10)
+	movdqa	%xmm4,%xmm3
+___
+}
+$code.=<<___;				# last iteration can be optimized
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,`16*($k+0)+112`(%r10)
+
+	paddd	%xmm2,%xmm3
+	.byte	0x67
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,`16*($k+1)+112`(%r10)
+
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,`16*($k+2)+112`(%r10)
+	pand	`16*($k+0)-128`($bp),%xmm0	# while it's still in register
+
+	pand	`16*($k+1)-128`($bp),%xmm1
+	pand	`16*($k+2)-128`($bp),%xmm2
+	movdqa	%xmm3,`16*($k+3)+112`(%r10)
+	pand	`16*($k+3)-128`($bp),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+___
+for($k=0;$k<$STRIDE/16-4;$k+=4) {
+$code.=<<___;
+	movdqa	`16*($k+0)-128`($bp),%xmm4
+	movdqa	`16*($k+1)-128`($bp),%xmm5
+	movdqa	`16*($k+2)-128`($bp),%xmm2
+	pand	`16*($k+0)+112`(%r10),%xmm4
+	movdqa	`16*($k+3)-128`($bp),%xmm3
+	pand	`16*($k+1)+112`(%r10),%xmm5
+	por	%xmm4,%xmm0
+	pand	`16*($k+2)+112`(%r10),%xmm2
+	por	%xmm5,%xmm1
+	pand	`16*($k+3)+112`(%r10),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+___
+}
+$code.=<<___;
+	por	%xmm1,%xmm0
+	pshufd	\$0x4e,%xmm0,%xmm1
+	por	%xmm1,%xmm0
+	lea	$STRIDE($bp),$bp
+	movq	%xmm0,$m0		# m0=bp[0]
+
+	mov	($n0),$n0		# pull n0[0] value
+	mov	($ap),%rax
+
+	xor	$i,$i			# i=0
+	xor	$j,$j			# j=0
+
+	mov	$n0,$m1
+	mulq	$m0			# ap[0]*bp[0]
+	mov	%rax,$A[0]
+	mov	($np),%rax
+
+	imulq	$A[0],$m1		# "tp[0]"*n0
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[0]*m1
+	add	%rax,$A[0]		# discarded
+	mov	8($ap),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$N[1]
+
+	mulq	$m0
+	add	%rax,$A[1]
+	mov	8($np),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$A[0]
+
+	mulq	$m1
+	add	%rax,$N[1]
+	mov	16($ap),%rax
+	adc	\$0,%rdx
+	add	$A[1],$N[1]
+	lea	4($j),$j		# j++
+	adc	\$0,%rdx
+	mov	$N[1],(%rsp)
+	mov	%rdx,$N[0]
+	jmp	.L1st4x
+.align	16
+.L1st4x:
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$A[0]
+	mov	-16($np,$j,8),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[0]
+	mov	-8($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[0],$N[0]		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$N[0],-24(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$A[1]
+	mov	-8($np,$j,8),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$N[1],-16(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[0]
+
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$A[0]
+	mov	($np,$j,8),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[0]
+	mov	8($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[0],$N[0]		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$N[0],-8(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$A[1]
+	mov	8($np,$j,8),%rax
+	adc	\$0,%rdx
+	lea	4($j),$j		# j++
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	-16($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$N[1],-32(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[0]
+	cmp	$num,$j
+	jl	.L1st4x
+
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$A[0]
+	mov	-16($np,$j,8),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[0]
+	mov	-8($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[0],$N[0]		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$N[0],-24(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[0]
+	add	%rax,$A[1]
+	mov	-8($np,$j,8),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	($ap),%rax		# ap[0]
+	adc	\$0,%rdx
+	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[0]
+	adc	\$0,%rdx
+	mov	$N[1],-16(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[0]
+
+	xor	$N[1],$N[1]
+	add	$A[0],$N[0]
+	adc	\$0,$N[1]
+	mov	$N[0],-8(%rsp,$j,8)
+	mov	$N[1],(%rsp,$j,8)	# store upmost overflow bit
+
+	lea	1($i),$i		# i++
+.align	4
+.Louter4x:
+	lea	32+128(%rsp,$num,8),%rdx	# where 256-byte mask is (+size optimization)
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+___
+for($k=0;$k<$STRIDE/16;$k+=4) {
+$code.=<<___;
+	movdqa	`16*($k+0)-128`($bp),%xmm0
+	movdqa	`16*($k+1)-128`($bp),%xmm1
+	movdqa	`16*($k+2)-128`($bp),%xmm2
+	movdqa	`16*($k+3)-128`($bp),%xmm3
+	pand	`16*($k+0)-128`(%rdx),%xmm0
+	pand	`16*($k+1)-128`(%rdx),%xmm1
+	por	%xmm0,%xmm4
+	pand	`16*($k+2)-128`(%rdx),%xmm2
+	por	%xmm1,%xmm5
+	pand	`16*($k+3)-128`(%rdx),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+___
+}
+$code.=<<___;
+	por	%xmm5,%xmm4
+	pshufd	\$0x4e,%xmm4,%xmm0
+	por	%xmm4,%xmm0
+	lea	$STRIDE($bp),$bp
+	movq	%xmm0,$m0		# m0=bp[i]
+
+	xor	$j,$j			# j=0
+
+	mov	(%rsp),$A[0]
+	mov	$n0,$m1
+	mulq	$m0			# ap[0]*bp[i]
+	add	%rax,$A[0]		# ap[0]*bp[i]+tp[0]
+	mov	($np),%rax
+	adc	\$0,%rdx
+
+	imulq	$A[0],$m1		# tp[0]*n0
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[0]*m1
+	add	%rax,$A[0]		# "$N[0]", discarded
+	mov	8($ap),%rax
+	adc	\$0,%rdx
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[1]
+	mov	8($np),%rax
+	adc	\$0,%rdx
+	add	8(%rsp),$A[1]		# +tp[1]
+	adc	\$0,%rdx
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	16($ap),%rax
+	adc	\$0,%rdx
+	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[i]+tp[j]
+	lea	4($j),$j		# j+=2
+	adc	\$0,%rdx
+	mov	%rdx,$N[0]
+	jmp	.Linner4x
+.align	16
+.Linner4x:
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[0]
+	mov	-16($np,$j,8),%rax
+	adc	\$0,%rdx
+	add	-16(%rsp,$j,8),$A[0]	# ap[j]*bp[i]+tp[j]
+	adc	\$0,%rdx
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[0]
+	mov	-8($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[0],$N[0]
+	adc	\$0,%rdx
+	mov	$N[1],-32(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[1]
+	mov	-8($np,$j,8),%rax
+	adc	\$0,%rdx
+	add	-8(%rsp,$j,8),$A[1]
+	adc	\$0,%rdx
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[1],$N[1]
+	adc	\$0,%rdx
+	mov	$N[0],-24(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[0]
+
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[0]
+	mov	($np,$j,8),%rax
+	adc	\$0,%rdx
+	add	(%rsp,$j,8),$A[0]	# ap[j]*bp[i]+tp[j]
+	adc	\$0,%rdx
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[0]
+	mov	8($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[0],$N[0]
+	adc	\$0,%rdx
+	mov	$N[1],-16(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[1]
+	mov	8($np,$j,8),%rax
+	adc	\$0,%rdx
+	add	8(%rsp,$j,8),$A[1]
+	adc	\$0,%rdx
+	lea	4($j),$j		# j++
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	-16($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[1],$N[1]
+	adc	\$0,%rdx
+	mov	$N[0],-40(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[0]
+	cmp	$num,$j
+	jl	.Linner4x
+
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[0]
+	mov	-16($np,$j,8),%rax
+	adc	\$0,%rdx
+	add	-16(%rsp,$j,8),$A[0]	# ap[j]*bp[i]+tp[j]
+	adc	\$0,%rdx
+	mov	%rdx,$A[1]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[0]
+	mov	-8($ap,$j,8),%rax
+	adc	\$0,%rdx
+	add	$A[0],$N[0]
+	adc	\$0,%rdx
+	mov	$N[1],-32(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[1]
+
+	mulq	$m0			# ap[j]*bp[i]
+	add	%rax,$A[1]
+	mov	-8($np,$j,8),%rax
+	adc	\$0,%rdx
+	add	-8(%rsp,$j,8),$A[1]
+	adc	\$0,%rdx
+	lea	1($i),$i		# i++
+	mov	%rdx,$A[0]
+
+	mulq	$m1			# np[j]*m1
+	add	%rax,$N[1]
+	mov	($ap),%rax		# ap[0]
+	adc	\$0,%rdx
+	add	$A[1],$N[1]
+	adc	\$0,%rdx
+	mov	$N[0],-24(%rsp,$j,8)	# tp[j-1]
+	mov	%rdx,$N[0]
+
+	mov	$N[1],-16(%rsp,$j,8)	# tp[j-1]
+
+	xor	$N[1],$N[1]
+	add	$A[0],$N[0]
+	adc	\$0,$N[1]
+	add	(%rsp,$num,8),$N[0]	# pull upmost overflow bit
+	adc	\$0,$N[1]
+	mov	$N[0],-8(%rsp,$j,8)
+	mov	$N[1],(%rsp,$j,8)	# store upmost overflow bit
+
+	cmp	$num,$i
+	jl	.Louter4x
+___
+{
+my @ri=("%rax","%rdx",$m0,$m1);
+$code.=<<___;
+	mov	16(%rsp,$num,8),$rp	# restore $rp
+	mov	0(%rsp), at ri[0]		# tp[0]
+	pxor	%xmm0,%xmm0
+	mov	8(%rsp), at ri[1]		# tp[1]
+	shr	\$2,$num		# num/=4
+	lea	(%rsp),$ap		# borrow ap for tp
+	xor	$i,$i			# i=0 and clear CF!
+
+	sub	0($np), at ri[0]
+	mov	16($ap), at ri[2]		# tp[2]
+	mov	24($ap), at ri[3]		# tp[3]
+	sbb	8($np), at ri[1]
+	lea	-1($num),$j		# j=num/4-1
+	jmp	.Lsub4x
+.align	16
+.Lsub4x:
+	mov	@ri[0],0($rp,$i,8)	# rp[i]=tp[i]-np[i]
+	mov	@ri[1],8($rp,$i,8)	# rp[i]=tp[i]-np[i]
+	sbb	16($np,$i,8), at ri[2]
+	mov	32($ap,$i,8), at ri[0]	# tp[i+1]
+	mov	40($ap,$i,8), at ri[1]
+	sbb	24($np,$i,8), at ri[3]
+	mov	@ri[2],16($rp,$i,8)	# rp[i]=tp[i]-np[i]
+	mov	@ri[3],24($rp,$i,8)	# rp[i]=tp[i]-np[i]
+	sbb	32($np,$i,8), at ri[0]
+	mov	48($ap,$i,8), at ri[2]
+	mov	56($ap,$i,8), at ri[3]
+	sbb	40($np,$i,8), at ri[1]
+	lea	4($i),$i		# i++
+	dec	$j			# doesnn't affect CF!
+	jnz	.Lsub4x
+
+	mov	@ri[0],0($rp,$i,8)	# rp[i]=tp[i]-np[i]
+	mov	32($ap,$i,8), at ri[0]	# load overflow bit
+	sbb	16($np,$i,8), at ri[2]
+	mov	@ri[1],8($rp,$i,8)	# rp[i]=tp[i]-np[i]
+	sbb	24($np,$i,8), at ri[3]
+	mov	@ri[2],16($rp,$i,8)	# rp[i]=tp[i]-np[i]
+
+	sbb	\$0, at ri[0]		# handle upmost overflow bit
+	mov	@ri[3],24($rp,$i,8)	# rp[i]=tp[i]-np[i]
+	xor	$i,$i			# i=0
+	and	@ri[0],$ap
+	not	@ri[0]
+	mov	$rp,$np
+	and	@ri[0],$np
+	lea	-1($num),$j
+	or	$np,$ap			# ap=borrow?tp:rp
+
+	movdqu	($ap),%xmm1
+	movdqa	%xmm0,(%rsp)
+	movdqu	%xmm1,($rp)
+	jmp	.Lcopy4x
+.align	16
+.Lcopy4x:					# copy or in-place refresh
+	movdqu	16($ap,$i),%xmm2
+	movdqu	32($ap,$i),%xmm1
+	movdqa	%xmm0,16(%rsp,$i)
+	movdqu	%xmm2,16($rp,$i)
+	movdqa	%xmm0,32(%rsp,$i)
+	movdqu	%xmm1,32($rp,$i)
+	lea	32($i),$i
+	dec	$j
+	jnz	.Lcopy4x
+
+	shl	\$2,$num
+	movdqu	16($ap,$i),%xmm2
+	movdqa	%xmm0,16(%rsp,$i)
+	movdqu	%xmm2,16($rp,$i)
+___
+}
+$code.=<<___;
+	mov	8(%rsp,$num,8),%rsi	# restore %rsp
+	mov	\$1,%rax
+
+	mov	(%rsi),%r15
+	mov	8(%rsi),%r14
+	mov	16(%rsi),%r13
+	mov	24(%rsi),%r12
+	mov	32(%rsi),%rbp
+	mov	40(%rsi),%rbx
+	lea	48(%rsi),%rsp
+.Lmul4x_epilogue:
+	ret
+.size	bn_mul4x_mont_gather5,.-bn_mul4x_mont_gather5
+___
+}}}
+
+{
+my ($inp,$num,$tbl,$idx)=$win64?("%rcx","%rdx","%r8", "%r9d") : # Win64 order
+				("%rdi","%rsi","%rdx","%ecx"); # Unix order
+my $out=$inp;
+my $STRIDE=2**5*8;
+my $N=$STRIDE/4;
+
+$code.=<<___;
+.globl	bn_scatter5
+.type	bn_scatter5,\@abi-omnipotent
+.align	16
+bn_scatter5:
+	cmp	\$0, $num
+	jz	.Lscatter_epilogue
+	lea	($tbl,$idx,8),$tbl
+.Lscatter:
+	mov	($inp),%rax
+	lea	8($inp),$inp
+	mov	%rax,($tbl)
+	lea	32*8($tbl),$tbl
+	sub	\$1,$num
+	jnz	.Lscatter
+.Lscatter_epilogue:
+	ret
+.size	bn_scatter5,.-bn_scatter5
+
+.globl	bn_gather5
+.type	bn_gather5,\@abi-omnipotent
+.align	16
+bn_gather5:
+.LSEH_begin_bn_gather5:			# Win64 thing, but harmless in other cases
+	# I can't trust assembler to use specific encoding:-(
+	.byte	0x4c,0x8d,0x14,0x24			# lea    (%rsp),%r10
+	.byte	0x48,0x81,0xec,0x08,0x01,0x00,0x00	# sub	$0x108,%rsp
+	lea	.Linc(%rip),%rax
+	and	\$-16,%rsp		# shouldn't be formally required
+
+	movd	$idx,%xmm5
+	movdqa	0(%rax),%xmm0		# 00000001000000010000000000000000
+	movdqa	16(%rax),%xmm1		# 00000002000000020000000200000002
+	lea	128($tbl),%r11		# size optimization
+	lea	128(%rsp),%rax		# size optimization
+
+	pshufd	\$0,%xmm5,%xmm5		# broadcast $idx
+	movdqa	%xmm1,%xmm4
+	movdqa	%xmm1,%xmm2
+___
+########################################################################
+# calculate mask by comparing 0..31 to $idx and save result to stack
+#
+for($i=0;$i<$STRIDE/16;$i+=4) {
+$code.=<<___;
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0		# compare to 1,0
+___
+$code.=<<___	if ($i);
+	movdqa	%xmm3,`16*($i-1)-128`(%rax)
+___
+$code.=<<___;
+	movdqa	%xmm4,%xmm3
+
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1		# compare to 3,2
+	movdqa	%xmm0,`16*($i+0)-128`(%rax)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2		# compare to 5,4
+	movdqa	%xmm1,`16*($i+1)-128`(%rax)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3		# compare to 7,6
+	movdqa	%xmm2,`16*($i+2)-128`(%rax)
+	movdqa	%xmm4,%xmm2
+___
+}
+$code.=<<___;
+	movdqa	%xmm3,`16*($i-1)-128`(%rax)
+	jmp	.Lgather
+
+.align	32
+.Lgather:
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+___
+for($i=0;$i<$STRIDE/16;$i+=4) {
+$code.=<<___;
+	movdqa	`16*($i+0)-128`(%r11),%xmm0
+	movdqa	`16*($i+1)-128`(%r11),%xmm1
+	movdqa	`16*($i+2)-128`(%r11),%xmm2
+	pand	`16*($i+0)-128`(%rax),%xmm0
+	movdqa	`16*($i+3)-128`(%r11),%xmm3
+	pand	`16*($i+1)-128`(%rax),%xmm1
+	por	%xmm0,%xmm4
+	pand	`16*($i+2)-128`(%rax),%xmm2
+	por	%xmm1,%xmm5
+	pand	`16*($i+3)-128`(%rax),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+___
+}
+$code.=<<___;
+	por	%xmm5,%xmm4
+	lea	$STRIDE(%r11),%r11
+	pshufd	\$0x4e,%xmm4,%xmm0
+	por	%xmm4,%xmm0
+	movq	%xmm0,($out)		# m0=bp[0]
+	lea	8($out),$out
+	sub	\$1,$num
+	jnz	.Lgather
+
+	lea	(%r10),%rsp
+	ret
+.LSEH_end_bn_gather5:
+.size	bn_gather5,.-bn_gather5
+___
+}
+$code.=<<___;
+.align	64
+.Linc:
+	.long	0,0, 1,1
+	.long	2,2, 2,2
+.asciz	"Montgomery Multiplication with scatter/gather for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern	__imp_RtlVirtualUnwind
+.type	mul_handler,\@abi-omnipotent
+.align	16
+mul_handler:
+	push	%rsi
+	push	%rdi
+	push	%rbx
+	push	%rbp
+	push	%r12
+	push	%r13
+	push	%r14
+	push	%r15
+	pushfq
+	sub	\$64,%rsp
+
+	mov	120($context),%rax	# pull context->Rax
+	mov	248($context),%rbx	# pull context->Rip
+
+	mov	8($disp),%rsi		# disp->ImageBase
+	mov	56($disp),%r11		# disp->HandlerData
+
+	mov	0(%r11),%r10d		# HandlerData[0]
+	lea	(%rsi,%r10),%r10	# end of prologue label
+	cmp	%r10,%rbx		# context->Rip<end of prologue label
+	jb	.Lcommon_seh_tail
+
+	lea	48(%rax),%rax
+
+	mov	4(%r11),%r10d		# HandlerData[1]
+	lea	(%rsi,%r10),%r10	# end of alloca label
+	cmp	%r10,%rbx		# context->Rip<end of alloca label
+	jb	.Lcommon_seh_tail
+
+	mov	152($context),%rax	# pull context->Rsp
+
+	mov	8(%r11),%r10d		# HandlerData[2]
+	lea	(%rsi,%r10),%r10	# epilogue label
+	cmp	%r10,%rbx		# context->Rip>=epilogue label
+	jae	.Lcommon_seh_tail
+
+	mov	192($context),%r10	# pull $num
+	mov	8(%rax,%r10,8),%rax	# pull saved stack pointer
+
+	lea	48(%rax),%rax
+
+	mov	-8(%rax),%rbx
+	mov	-16(%rax),%rbp
+	mov	-24(%rax),%r12
+	mov	-32(%rax),%r13
+	mov	-40(%rax),%r14
+	mov	-48(%rax),%r15
+	mov	%rbx,144($context)	# restore context->Rbx
+	mov	%rbp,160($context)	# restore context->Rbp
+	mov	%r12,216($context)	# restore context->R12
+	mov	%r13,224($context)	# restore context->R13
+	mov	%r14,232($context)	# restore context->R14
+	mov	%r15,240($context)	# restore context->R15
+
+.Lcommon_seh_tail:
+	mov	8(%rax),%rdi
+	mov	16(%rax),%rsi
+	mov	%rax,152($context)	# restore context->Rsp
+	mov	%rsi,168($context)	# restore context->Rsi
+	mov	%rdi,176($context)	# restore context->Rdi
+
+	mov	40($disp),%rdi		# disp->ContextRecord
+	mov	$context,%rsi		# context
+	mov	\$154,%ecx		# sizeof(CONTEXT)
+	.long	0xa548f3fc		# cld; rep movsq
+
+	mov	$disp,%rsi
+	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
+	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
+	mov	0(%rsi),%r8		# arg3, disp->ControlPc
+	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
+	mov	40(%rsi),%r10		# disp->ContextRecord
+	lea	56(%rsi),%r11		# &disp->HandlerData
+	lea	24(%rsi),%r12		# &disp->EstablisherFrame
+	mov	%r10,32(%rsp)		# arg5
+	mov	%r11,40(%rsp)		# arg6
+	mov	%r12,48(%rsp)		# arg7
+	mov	%rcx,56(%rsp)		# arg8, (NULL)
+	call	*__imp_RtlVirtualUnwind(%rip)
+
+	mov	\$1,%eax		# ExceptionContinueSearch
+	add	\$64,%rsp
+	popfq
+	pop	%r15
+	pop	%r14
+	pop	%r13
+	pop	%r12
+	pop	%rbp
+	pop	%rbx
+	pop	%rdi
+	pop	%rsi
+	ret
+.size	mul_handler,.-mul_handler
+
+.section	.pdata
+.align	4
+	.rva	.LSEH_begin_bn_mul_mont_gather5
+	.rva	.LSEH_end_bn_mul_mont_gather5
+	.rva	.LSEH_info_bn_mul_mont_gather5
+
+	.rva	.LSEH_begin_bn_mul4x_mont_gather5
+	.rva	.LSEH_end_bn_mul4x_mont_gather5
+	.rva	.LSEH_info_bn_mul4x_mont_gather5
+
+	.rva	.LSEH_begin_bn_gather5
+	.rva	.LSEH_end_bn_gather5
+	.rva	.LSEH_info_bn_gather5
+
+.section	.xdata
+.align	8
+.LSEH_info_bn_mul_mont_gather5:
+	.byte	9,0,0,0
+	.rva	mul_handler
+	.rva	.Lmul_alloca,.Lmul_body,.Lmul_epilogue		# HandlerData[]
+.align	8
+.LSEH_info_bn_mul4x_mont_gather5:
+	.byte	9,0,0,0
+	.rva	mul_handler
+	.rva	.Lmul4x_alloca,.Lmul4x_body,.Lmul4x_epilogue	# HandlerData[]
+.align	8
+.LSEH_info_bn_gather5:
+	.byte	0x01,0x0b,0x03,0x0a
+	.byte	0x0b,0x01,0x21,0x00	# sub	rsp,0x108
+	.byte	0x04,0xa3,0x00,0x00	# lea	r10,(rsp), set_frame r10
+.align	8
+___
+}
+
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+
+print $code;
+close STDOUT;

Deleted: vendor-crypto/openssl/1.0.1u/crypto/bn/bn.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn.h	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/bn/bn.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,957 +0,0 @@
-/* crypto/bn/bn.h */
-/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the Eric Young open source
- * license provided above.
- *
- * The binary polynomial arithmetic software is originally written by
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
-#ifndef HEADER_BN_H
-# define HEADER_BN_H
-
-# include <openssl/e_os2.h>
-# ifndef OPENSSL_NO_FP_API
-#  include <stdio.h>            /* FILE */
-# endif
-# include <openssl/ossl_typ.h>
-# include <openssl/crypto.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/*
- * These preprocessor symbols control various aspects of the bignum headers
- * and library code. They're not defined by any "normal" configuration, as
- * they are intended for development and testing purposes. NB: defining all
- * three can be useful for debugging application code as well as openssl
- * itself. BN_DEBUG - turn on various debugging alterations to the bignum
- * code BN_DEBUG_RAND - uses random poisoning of unused words to trip up
- * mismanagement of bignum internals. You must also define BN_DEBUG.
- */
-/* #define BN_DEBUG */
-/* #define BN_DEBUG_RAND */
-
-# ifndef OPENSSL_SMALL_FOOTPRINT
-#  define BN_MUL_COMBA
-#  define BN_SQR_COMBA
-#  define BN_RECURSION
-# endif
-
-/*
- * This next option uses the C libraries (2 word)/(1 word) function. If it is
- * not defined, I use my C version (which is slower). The reason for this
- * flag is that when the particular C compiler library routine is used, and
- * the library is linked with a different compiler, the library is missing.
- * This mostly happens when the library is built with gcc and then linked
- * using normal cc.  This would be a common occurrence because gcc normally
- * produces code that is 2 times faster than system compilers for the big
- * number stuff. For machines with only one compiler (or shared libraries),
- * this should be on.  Again this in only really a problem on machines using
- * "long long's", are 32bit, and are not using my assembler code.
- */
-# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \
-    defined(OPENSSL_SYS_WIN32) || defined(linux)
-#  ifndef BN_DIV2W
-#   define BN_DIV2W
-#  endif
-# endif
-
-/*
- * assuming long is 64bit - this is the DEC Alpha unsigned long long is only
- * 64 bits :-(, don't define BN_LLONG for the DEC Alpha
- */
-# ifdef SIXTY_FOUR_BIT_LONG
-#  define BN_ULLONG       unsigned long long
-#  define BN_ULONG        unsigned long
-#  define BN_LONG         long
-#  define BN_BITS         128
-#  define BN_BYTES        8
-#  define BN_BITS2        64
-#  define BN_BITS4        32
-#  define BN_MASK         (0xffffffffffffffffffffffffffffffffLL)
-#  define BN_MASK2        (0xffffffffffffffffL)
-#  define BN_MASK2l       (0xffffffffL)
-#  define BN_MASK2h       (0xffffffff00000000L)
-#  define BN_MASK2h1      (0xffffffff80000000L)
-#  define BN_TBIT         (0x8000000000000000L)
-#  define BN_DEC_CONV     (10000000000000000000UL)
-#  define BN_DEC_FMT1     "%lu"
-#  define BN_DEC_FMT2     "%019lu"
-#  define BN_DEC_NUM      19
-#  define BN_HEX_FMT1     "%lX"
-#  define BN_HEX_FMT2     "%016lX"
-# endif
-
-/*
- * This is where the long long data type is 64 bits, but long is 32. For
- * machines where there are 64bit registers, this is the mode to use. IRIX,
- * on R4000 and above should use this mode, along with the relevant assembler
- * code :-).  Do NOT define BN_LLONG.
- */
-# ifdef SIXTY_FOUR_BIT
-#  undef BN_LLONG
-#  undef BN_ULLONG
-#  define BN_ULONG        unsigned long long
-#  define BN_LONG         long long
-#  define BN_BITS         128
-#  define BN_BYTES        8
-#  define BN_BITS2        64
-#  define BN_BITS4        32
-#  define BN_MASK2        (0xffffffffffffffffLL)
-#  define BN_MASK2l       (0xffffffffL)
-#  define BN_MASK2h       (0xffffffff00000000LL)
-#  define BN_MASK2h1      (0xffffffff80000000LL)
-#  define BN_TBIT         (0x8000000000000000LL)
-#  define BN_DEC_CONV     (10000000000000000000ULL)
-#  define BN_DEC_FMT1     "%llu"
-#  define BN_DEC_FMT2     "%019llu"
-#  define BN_DEC_NUM      19
-#  define BN_HEX_FMT1     "%llX"
-#  define BN_HEX_FMT2     "%016llX"
-# endif
-
-# ifdef THIRTY_TWO_BIT
-#  ifdef BN_LLONG
-#   if defined(_WIN32) && !defined(__GNUC__)
-#    define BN_ULLONG     unsigned __int64
-#    define BN_MASK       (0xffffffffffffffffI64)
-#   else
-#    define BN_ULLONG     unsigned long long
-#    define BN_MASK       (0xffffffffffffffffLL)
-#   endif
-#  endif
-#  define BN_ULONG        unsigned int
-#  define BN_LONG         int
-#  define BN_BITS         64
-#  define BN_BYTES        4
-#  define BN_BITS2        32
-#  define BN_BITS4        16
-#  define BN_MASK2        (0xffffffffL)
-#  define BN_MASK2l       (0xffff)
-#  define BN_MASK2h1      (0xffff8000L)
-#  define BN_MASK2h       (0xffff0000L)
-#  define BN_TBIT         (0x80000000L)
-#  define BN_DEC_CONV     (1000000000L)
-#  define BN_DEC_FMT1     "%u"
-#  define BN_DEC_FMT2     "%09u"
-#  define BN_DEC_NUM      9
-#  define BN_HEX_FMT1     "%X"
-#  define BN_HEX_FMT2     "%08X"
-# endif
-
-/*
- * 2011-02-22 SMS. In various places, a size_t variable or a type cast to
- * size_t was used to perform integer-only operations on pointers.  This
- * failed on VMS with 64-bit pointers (CC /POINTER_SIZE = 64) because size_t
- * is still only 32 bits.  What's needed in these cases is an integer type
- * with the same size as a pointer, which size_t is not certain to be. The
- * only fix here is VMS-specific.
- */
-# if defined(OPENSSL_SYS_VMS)
-#  if __INITIAL_POINTER_SIZE == 64
-#   define PTR_SIZE_INT long long
-#  else                         /* __INITIAL_POINTER_SIZE == 64 */
-#   define PTR_SIZE_INT int
-#  endif                        /* __INITIAL_POINTER_SIZE == 64 [else] */
-# else                          /* defined(OPENSSL_SYS_VMS) */
-#  define PTR_SIZE_INT size_t
-# endif                         /* defined(OPENSSL_SYS_VMS) [else] */
-
-# define BN_DEFAULT_BITS 1280
-
-# define BN_FLG_MALLOCED         0x01
-# define BN_FLG_STATIC_DATA      0x02
-
-/*
- * avoid leaking exponent information through timing,
- * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime,
- * BN_div() will call BN_div_no_branch,
- * BN_mod_inverse() will call BN_mod_inverse_no_branch.
- */
-# define BN_FLG_CONSTTIME        0x04
-
-# ifdef OPENSSL_NO_DEPRECATED
-/* deprecated name for the flag */
-#  define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME
-/*
- * avoid leaking exponent information through timings
- * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime)
- */
-# endif
-
-# ifndef OPENSSL_NO_DEPRECATED
-#  define BN_FLG_FREE             0x8000
-                                       /* used for debuging */
-# endif
-# define BN_set_flags(b,n)       ((b)->flags|=(n))
-# define BN_get_flags(b,n)       ((b)->flags&(n))
-
-/*
- * get a clone of a BIGNUM with changed flags, for *temporary* use only (the
- * two BIGNUMs cannot not be used in parallel!)
- */
-# define BN_with_flags(dest,b,n)  ((dest)->d=(b)->d, \
-                                  (dest)->top=(b)->top, \
-                                  (dest)->dmax=(b)->dmax, \
-                                  (dest)->neg=(b)->neg, \
-                                  (dest)->flags=(((dest)->flags & BN_FLG_MALLOCED) \
-                                                 |  ((b)->flags & ~BN_FLG_MALLOCED) \
-                                                 |  BN_FLG_STATIC_DATA \
-                                                 |  (n)))
-
-/* Already declared in ossl_typ.h */
-# if 0
-typedef struct bignum_st BIGNUM;
-/* Used for temp variables (declaration hidden in bn_lcl.h) */
-typedef struct bignum_ctx BN_CTX;
-typedef struct bn_blinding_st BN_BLINDING;
-typedef struct bn_mont_ctx_st BN_MONT_CTX;
-typedef struct bn_recp_ctx_st BN_RECP_CTX;
-typedef struct bn_gencb_st BN_GENCB;
-# endif
-
-struct bignum_st {
-    BN_ULONG *d;                /* Pointer to an array of 'BN_BITS2' bit
-                                 * chunks. */
-    int top;                    /* Index of last used d +1. */
-    /* The next are internal book keeping for bn_expand. */
-    int dmax;                   /* Size of the d array. */
-    int neg;                    /* one if the number is negative */
-    int flags;
-};
-
-/* Used for montgomery multiplication */
-struct bn_mont_ctx_st {
-    int ri;                     /* number of bits in R */
-    BIGNUM RR;                  /* used to convert to montgomery form */
-    BIGNUM N;                   /* The modulus */
-    BIGNUM Ni;                  /* R*(1/R mod N) - N*Ni = 1 (Ni is only
-                                 * stored for bignum algorithm) */
-    BN_ULONG n0[2];             /* least significant word(s) of Ni; (type
-                                 * changed with 0.9.9, was "BN_ULONG n0;"
-                                 * before) */
-    int flags;
-};
-
-/*
- * Used for reciprocal division/mod functions It cannot be shared between
- * threads
- */
-struct bn_recp_ctx_st {
-    BIGNUM N;                   /* the divisor */
-    BIGNUM Nr;                  /* the reciprocal */
-    int num_bits;
-    int shift;
-    int flags;
-};
-
-/* Used for slow "generation" functions. */
-struct bn_gencb_st {
-    unsigned int ver;           /* To handle binary (in)compatibility */
-    void *arg;                  /* callback-specific data */
-    union {
-        /* if(ver==1) - handles old style callbacks */
-        void (*cb_1) (int, int, void *);
-        /* if(ver==2) - new callback style */
-        int (*cb_2) (int, int, BN_GENCB *);
-    } cb;
-};
-/* Wrapper function to make using BN_GENCB easier,  */
-int BN_GENCB_call(BN_GENCB *cb, int a, int b);
-/* Macro to populate a BN_GENCB structure with an "old"-style callback */
-# define BN_GENCB_set_old(gencb, callback, cb_arg) { \
-                BN_GENCB *tmp_gencb = (gencb); \
-                tmp_gencb->ver = 1; \
-                tmp_gencb->arg = (cb_arg); \
-                tmp_gencb->cb.cb_1 = (callback); }
-/* Macro to populate a BN_GENCB structure with a "new"-style callback */
-# define BN_GENCB_set(gencb, callback, cb_arg) { \
-                BN_GENCB *tmp_gencb = (gencb); \
-                tmp_gencb->ver = 2; \
-                tmp_gencb->arg = (cb_arg); \
-                tmp_gencb->cb.cb_2 = (callback); }
-
-# define BN_prime_checks 0      /* default: select number of iterations based
-                                 * on the size of the number */
-
-/*
- * number of Miller-Rabin iterations for an error rate of less than 2^-80 for
- * random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook of
- * Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996];
- * original paper: Damgaard, Landrock, Pomerance: Average case error
- * estimates for the strong probable prime test. -- Math. Comp. 61 (1993)
- * 177-194)
- */
-# define BN_prime_checks_for_size(b) ((b) >= 1300 ?  2 : \
-                                (b) >=  850 ?  3 : \
-                                (b) >=  650 ?  4 : \
-                                (b) >=  550 ?  5 : \
-                                (b) >=  450 ?  6 : \
-                                (b) >=  400 ?  7 : \
-                                (b) >=  350 ?  8 : \
-                                (b) >=  300 ?  9 : \
-                                (b) >=  250 ? 12 : \
-                                (b) >=  200 ? 15 : \
-                                (b) >=  150 ? 18 : \
-                                /* b >= 100 */ 27)
-
-# define BN_num_bytes(a) ((BN_num_bits(a)+7)/8)
-
-/* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */
-# define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \
-                                (((w) == 0) && ((a)->top == 0)))
-# define BN_is_zero(a)       ((a)->top == 0)
-# define BN_is_one(a)        (BN_abs_is_word((a),1) && !(a)->neg)
-# define BN_is_word(a,w)     (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg))
-# define BN_is_odd(a)        (((a)->top > 0) && ((a)->d[0] & 1))
-
-# define BN_one(a)       (BN_set_word((a),1))
-# define BN_zero_ex(a) \
-        do { \
-                BIGNUM *_tmp_bn = (a); \
-                _tmp_bn->top = 0; \
-                _tmp_bn->neg = 0; \
-        } while(0)
-# ifdef OPENSSL_NO_DEPRECATED
-#  define BN_zero(a)      BN_zero_ex(a)
-# else
-#  define BN_zero(a)      (BN_set_word((a),0))
-# endif
-
-const BIGNUM *BN_value_one(void);
-char *BN_options(void);
-BN_CTX *BN_CTX_new(void);
-# ifndef OPENSSL_NO_DEPRECATED
-void BN_CTX_init(BN_CTX *c);
-# endif
-void BN_CTX_free(BN_CTX *c);
-void BN_CTX_start(BN_CTX *ctx);
-BIGNUM *BN_CTX_get(BN_CTX *ctx);
-void BN_CTX_end(BN_CTX *ctx);
-int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
-int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
-int BN_rand_range(BIGNUM *rnd, const BIGNUM *range);
-int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range);
-int BN_num_bits(const BIGNUM *a);
-int BN_num_bits_word(BN_ULONG);
-BIGNUM *BN_new(void);
-void BN_init(BIGNUM *);
-void BN_clear_free(BIGNUM *a);
-BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
-void BN_swap(BIGNUM *a, BIGNUM *b);
-BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
-int BN_bn2bin(const BIGNUM *a, unsigned char *to);
-BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
-int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
-int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
-int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
-int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
-int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
-int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
-int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx);
-/** BN_set_negative sets sign of a BIGNUM
- * \param  b  pointer to the BIGNUM object
- * \param  n  0 if the BIGNUM b should be positive and a value != 0 otherwise
- */
-void BN_set_negative(BIGNUM *b, int n);
-/** BN_is_negative returns 1 if the BIGNUM is negative
- * \param  a  pointer to the BIGNUM object
- * \return 1 if a < 0 and 0 otherwise
- */
-# define BN_is_negative(a) ((a)->neg != 0)
-
-int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
-           BN_CTX *ctx);
-# define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx))
-int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);
-int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
-               BN_CTX *ctx);
-int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-                     const BIGNUM *m);
-int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
-               BN_CTX *ctx);
-int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-                     const BIGNUM *m);
-int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
-               BN_CTX *ctx);
-int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
-int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
-int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m);
-int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m,
-                  BN_CTX *ctx);
-int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m);
-
-BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
-BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
-int BN_mul_word(BIGNUM *a, BN_ULONG w);
-int BN_add_word(BIGNUM *a, BN_ULONG w);
-int BN_sub_word(BIGNUM *a, BN_ULONG w);
-int BN_set_word(BIGNUM *a, BN_ULONG w);
-BN_ULONG BN_get_word(const BIGNUM *a);
-
-int BN_cmp(const BIGNUM *a, const BIGNUM *b);
-void BN_free(BIGNUM *a);
-int BN_is_bit_set(const BIGNUM *a, int n);
-int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
-int BN_lshift1(BIGNUM *r, const BIGNUM *a);
-int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-
-int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-               const BIGNUM *m, BN_CTX *ctx);
-int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
-                              const BIGNUM *m, BN_CTX *ctx,
-                              BN_MONT_CTX *in_mont);
-int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
-                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1,
-                     const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
-                     BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                      const BIGNUM *m, BN_CTX *ctx);
-
-int BN_mask_bits(BIGNUM *a, int n);
-# ifndef OPENSSL_NO_FP_API
-int BN_print_fp(FILE *fp, const BIGNUM *a);
-# endif
-# ifdef HEADER_BIO_H
-int BN_print(BIO *fp, const BIGNUM *a);
-# else
-int BN_print(void *fp, const BIGNUM *a);
-# endif
-int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx);
-int BN_rshift(BIGNUM *r, const BIGNUM *a, int n);
-int BN_rshift1(BIGNUM *r, const BIGNUM *a);
-void BN_clear(BIGNUM *a);
-BIGNUM *BN_dup(const BIGNUM *a);
-int BN_ucmp(const BIGNUM *a, const BIGNUM *b);
-int BN_set_bit(BIGNUM *a, int n);
-int BN_clear_bit(BIGNUM *a, int n);
-char *BN_bn2hex(const BIGNUM *a);
-char *BN_bn2dec(const BIGNUM *a);
-int BN_hex2bn(BIGNUM **a, const char *str);
-int BN_dec2bn(BIGNUM **a, const char *str);
-int BN_asc2bn(BIGNUM **a, const char *str);
-int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
-int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); /* returns
-                                                                  * -2 for
-                                                                  * error */
-BIGNUM *BN_mod_inverse(BIGNUM *ret,
-                       const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
-BIGNUM *BN_mod_sqrt(BIGNUM *ret,
-                    const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
-
-void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
-
-/* Deprecated versions */
-# ifndef OPENSSL_NO_DEPRECATED
-BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
-                          const BIGNUM *add, const BIGNUM *rem,
-                          void (*callback) (int, int, void *), void *cb_arg);
-int BN_is_prime(const BIGNUM *p, int nchecks,
-                void (*callback) (int, int, void *),
-                BN_CTX *ctx, void *cb_arg);
-int BN_is_prime_fasttest(const BIGNUM *p, int nchecks,
-                         void (*callback) (int, int, void *), BN_CTX *ctx,
-                         void *cb_arg, int do_trial_division);
-# endif                         /* !defined(OPENSSL_NO_DEPRECATED) */
-
-/* Newer versions */
-int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
-                         const BIGNUM *rem, BN_GENCB *cb);
-int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb);
-int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx,
-                            int do_trial_division, BN_GENCB *cb);
-
-int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);
-
-int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
-                            const BIGNUM *Xp, const BIGNUM *Xp1,
-                            const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx,
-                            BN_GENCB *cb);
-int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1,
-                              BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e,
-                              BN_CTX *ctx, BN_GENCB *cb);
-
-BN_MONT_CTX *BN_MONT_CTX_new(void);
-void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
-int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-                          BN_MONT_CTX *mont, BN_CTX *ctx);
-# define BN_to_montgomery(r,a,mont,ctx)  BN_mod_mul_montgomery(\
-        (r),(a),&((mont)->RR),(mont),(ctx))
-int BN_from_montgomery(BIGNUM *r, const BIGNUM *a,
-                       BN_MONT_CTX *mont, BN_CTX *ctx);
-void BN_MONT_CTX_free(BN_MONT_CTX *mont);
-int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx);
-BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
-BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
-                                    const BIGNUM *mod, BN_CTX *ctx);
-
-/* BN_BLINDING flags */
-# define BN_BLINDING_NO_UPDATE   0x00000001
-# define BN_BLINDING_NO_RECREATE 0x00000002
-
-BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod);
-void BN_BLINDING_free(BN_BLINDING *b);
-int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx);
-int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
-int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
-int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *);
-int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
-                          BN_CTX *);
-# ifndef OPENSSL_NO_DEPRECATED
-unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
-void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
-# endif
-CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *);
-unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
-void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
-BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
-                                      const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
-                                      int (*bn_mod_exp) (BIGNUM *r,
-                                                         const BIGNUM *a,
-                                                         const BIGNUM *p,
-                                                         const BIGNUM *m,
-                                                         BN_CTX *ctx,
-                                                         BN_MONT_CTX *m_ctx),
-                                      BN_MONT_CTX *m_ctx);
-
-# ifndef OPENSSL_NO_DEPRECATED
-void BN_set_params(int mul, int high, int low, int mont);
-int BN_get_params(int which);   /* 0, mul, 1 high, 2 low, 3 mont */
-# endif
-
-void BN_RECP_CTX_init(BN_RECP_CTX *recp);
-BN_RECP_CTX *BN_RECP_CTX_new(void);
-void BN_RECP_CTX_free(BN_RECP_CTX *recp);
-int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx);
-int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
-                          BN_RECP_CTX *recp, BN_CTX *ctx);
-int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                    const BIGNUM *m, BN_CTX *ctx);
-int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
-                BN_RECP_CTX *recp, BN_CTX *ctx);
-
-# ifndef OPENSSL_NO_EC2M
-
-/*
- * Functions for arithmetic over binary polynomials represented by BIGNUMs.
- * The BIGNUM::neg property of BIGNUMs representing binary polynomials is
- * ignored. Note that input arguments are not const so that their bit arrays
- * can be expanded to the appropriate size if needed.
- */
-
-/*
- * r = a + b
- */
-int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
-#  define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b)
-/*
- * r=a mod p
- */
-int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p);
-/* r = (a * b) mod p */
-int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-                    const BIGNUM *p, BN_CTX *ctx);
-/* r = (a * a) mod p */
-int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-/* r = (1 / b) mod p */
-int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx);
-/* r = (a / b) mod p */
-int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-                    const BIGNUM *p, BN_CTX *ctx);
-/* r = (a ^ b) mod p */
-int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-                    const BIGNUM *p, BN_CTX *ctx);
-/* r = sqrt(a) mod p */
-int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                     BN_CTX *ctx);
-/* r^2 + r = a mod p */
-int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                           BN_CTX *ctx);
-#  define BN_GF2m_cmp(a, b) BN_ucmp((a), (b))
-/*-
- * Some functions allow for representation of the irreducible polynomials
- * as an unsigned int[], say p.  The irreducible f(t) is then of the form:
- *     t^p[0] + t^p[1] + ... + t^p[k]
- * where m = p[0] > p[1] > ... > p[k] = 0.
- */
-/* r = a mod p */
-int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]);
-/* r = (a * b) mod p */
-int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-                        const int p[], BN_CTX *ctx);
-/* r = (a * a) mod p */
-int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[],
-                        BN_CTX *ctx);
-/* r = (1 / b) mod p */
-int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[],
-                        BN_CTX *ctx);
-/* r = (a / b) mod p */
-int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-                        const int p[], BN_CTX *ctx);
-/* r = (a ^ b) mod p */
-int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-                        const int p[], BN_CTX *ctx);
-/* r = sqrt(a) mod p */
-int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a,
-                         const int p[], BN_CTX *ctx);
-/* r^2 + r = a mod p */
-int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a,
-                               const int p[], BN_CTX *ctx);
-int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max);
-int BN_GF2m_arr2poly(const int p[], BIGNUM *a);
-
-# endif
-
-/*
- * faster mod functions for the 'NIST primes' 0 <= a < p^2
- */
-int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-
-const BIGNUM *BN_get0_nist_prime_192(void);
-const BIGNUM *BN_get0_nist_prime_224(void);
-const BIGNUM *BN_get0_nist_prime_256(void);
-const BIGNUM *BN_get0_nist_prime_384(void);
-const BIGNUM *BN_get0_nist_prime_521(void);
-
-/* library internal functions */
-
-# define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
-        (a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2))
-# define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
-BIGNUM *bn_expand2(BIGNUM *a, int words);
-# ifndef OPENSSL_NO_DEPRECATED
-BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */
-# endif
-
-/*-
- * Bignum consistency macros
- * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from
- * bignum data after direct manipulations on the data. There is also an
- * "internal" macro, bn_check_top(), for verifying that there are no leading
- * zeroes. Unfortunately, some auditing is required due to the fact that
- * bn_fix_top() has become an overabused duct-tape because bignum data is
- * occasionally passed around in an inconsistent state. So the following
- * changes have been made to sort this out;
- * - bn_fix_top()s implementation has been moved to bn_correct_top()
- * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and
- *   bn_check_top() is as before.
- * - if BN_DEBUG *is* defined;
- *   - bn_check_top() tries to pollute unused words even if the bignum 'top' is
- *     consistent. (ed: only if BN_DEBUG_RAND is defined)
- *   - bn_fix_top() maps to bn_check_top() rather than "fixing" anything.
- * The idea is to have debug builds flag up inconsistent bignums when they
- * occur. If that occurs in a bn_fix_top(), we examine the code in question; if
- * the use of bn_fix_top() was appropriate (ie. it follows directly after code
- * that manipulates the bignum) it is converted to bn_correct_top(), and if it
- * was not appropriate, we convert it permanently to bn_check_top() and track
- * down the cause of the bug. Eventually, no internal code should be using the
- * bn_fix_top() macro. External applications and libraries should try this with
- * their own code too, both in terms of building against the openssl headers
- * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it
- * defined. This not only improves external code, it provides more test
- * coverage for openssl's own code.
- */
-
-# ifdef BN_DEBUG
-
-/* We only need assert() when debugging */
-#  include <assert.h>
-
-#  ifdef BN_DEBUG_RAND
-/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */
-#   ifndef RAND_pseudo_bytes
-int RAND_pseudo_bytes(unsigned char *buf, int num);
-#    define BN_DEBUG_TRIX
-#   endif
-#   define bn_pollute(a) \
-        do { \
-                const BIGNUM *_bnum1 = (a); \
-                if(_bnum1->top < _bnum1->dmax) { \
-                        unsigned char _tmp_char; \
-                        /* We cast away const without the compiler knowing, any \
-                         * *genuinely* constant variables that aren't mutable \
-                         * wouldn't be constructed with top!=dmax. */ \
-                        BN_ULONG *_not_const; \
-                        memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \
-                        /* Debug only - safe to ignore error return */ \
-                        RAND_pseudo_bytes(&_tmp_char, 1); \
-                        memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \
-                                (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \
-                } \
-        } while(0)
-#   ifdef BN_DEBUG_TRIX
-#    undef RAND_pseudo_bytes
-#   endif
-#  else
-#   define bn_pollute(a)
-#  endif
-#  define bn_check_top(a) \
-        do { \
-                const BIGNUM *_bnum2 = (a); \
-                if (_bnum2 != NULL) { \
-                        assert((_bnum2->top == 0) || \
-                                (_bnum2->d[_bnum2->top - 1] != 0)); \
-                        bn_pollute(_bnum2); \
-                } \
-        } while(0)
-
-#  define bn_fix_top(a)           bn_check_top(a)
-
-#  define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
-#  define bn_wcheck_size(bn, words) \
-        do { \
-                const BIGNUM *_bnum2 = (bn); \
-                assert((words) <= (_bnum2)->dmax && (words) >= (_bnum2)->top); \
-                /* avoid unused variable warning with NDEBUG */ \
-                (void)(_bnum2); \
-        } while(0)
-
-# else                          /* !BN_DEBUG */
-
-#  define bn_pollute(a)
-#  define bn_check_top(a)
-#  define bn_fix_top(a)           bn_correct_top(a)
-#  define bn_check_size(bn, bits)
-#  define bn_wcheck_size(bn, words)
-
-# endif
-
-# define bn_correct_top(a) \
-        { \
-        BN_ULONG *ftl; \
-        int tmp_top = (a)->top; \
-        if (tmp_top > 0) \
-                { \
-                for (ftl= &((a)->d[tmp_top-1]); tmp_top > 0; tmp_top--) \
-                        if (*(ftl--)) break; \
-                (a)->top = tmp_top; \
-                } \
-        bn_pollute(a); \
-        }
-
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
-                          BN_ULONG w);
-BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
-void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num);
-BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
-BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
-                      int num);
-BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
-                      int num);
-
-/* Primes from RFC 2409 */
-BIGNUM *get_rfc2409_prime_768(BIGNUM *bn);
-BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn);
-
-/* Primes from RFC 3526 */
-BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn);
-BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn);
-BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn);
-BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn);
-BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn);
-BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn);
-
-int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom);
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_BN_strings(void);
-
-/* Error codes for the BN functions. */
-
-/* Function codes. */
-# define BN_F_BNRAND                                      127
-# define BN_F_BN_BLINDING_CONVERT_EX                      100
-# define BN_F_BN_BLINDING_CREATE_PARAM                    128
-# define BN_F_BN_BLINDING_INVERT_EX                       101
-# define BN_F_BN_BLINDING_NEW                             102
-# define BN_F_BN_BLINDING_UPDATE                          103
-# define BN_F_BN_BN2DEC                                   104
-# define BN_F_BN_BN2HEX                                   105
-# define BN_F_BN_CTX_GET                                  116
-# define BN_F_BN_CTX_NEW                                  106
-# define BN_F_BN_CTX_START                                129
-# define BN_F_BN_DIV                                      107
-# define BN_F_BN_DIV_NO_BRANCH                            138
-# define BN_F_BN_DIV_RECP                                 130
-# define BN_F_BN_EXP                                      123
-# define BN_F_BN_EXPAND2                                  108
-# define BN_F_BN_EXPAND_INTERNAL                          120
-# define BN_F_BN_GF2M_MOD                                 131
-# define BN_F_BN_GF2M_MOD_EXP                             132
-# define BN_F_BN_GF2M_MOD_MUL                             133
-# define BN_F_BN_GF2M_MOD_SOLVE_QUAD                      134
-# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR                  135
-# define BN_F_BN_GF2M_MOD_SQR                             136
-# define BN_F_BN_GF2M_MOD_SQRT                            137
-# define BN_F_BN_LSHIFT                                   145
-# define BN_F_BN_MOD_EXP2_MONT                            118
-# define BN_F_BN_MOD_EXP_MONT                             109
-# define BN_F_BN_MOD_EXP_MONT_CONSTTIME                   124
-# define BN_F_BN_MOD_EXP_MONT_WORD                        117
-# define BN_F_BN_MOD_EXP_RECP                             125
-# define BN_F_BN_MOD_EXP_SIMPLE                           126
-# define BN_F_BN_MOD_INVERSE                              110
-# define BN_F_BN_MOD_INVERSE_NO_BRANCH                    139
-# define BN_F_BN_MOD_LSHIFT_QUICK                         119
-# define BN_F_BN_MOD_MUL_RECIPROCAL                       111
-# define BN_F_BN_MOD_SQRT                                 121
-# define BN_F_BN_MPI2BN                                   112
-# define BN_F_BN_NEW                                      113
-# define BN_F_BN_RAND                                     114
-# define BN_F_BN_RAND_RANGE                               122
-# define BN_F_BN_RSHIFT                                   146
-# define BN_F_BN_USUB                                     115
-
-/* Reason codes. */
-# define BN_R_ARG2_LT_ARG3                                100
-# define BN_R_BAD_RECIPROCAL                              101
-# define BN_R_BIGNUM_TOO_LONG                             114
-# define BN_R_BITS_TOO_SMALL                              118
-# define BN_R_CALLED_WITH_EVEN_MODULUS                    102
-# define BN_R_DIV_BY_ZERO                                 103
-# define BN_R_ENCODING_ERROR                              104
-# define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA                105
-# define BN_R_INPUT_NOT_REDUCED                           110
-# define BN_R_INVALID_LENGTH                              106
-# define BN_R_INVALID_RANGE                               115
-# define BN_R_INVALID_SHIFT                               119
-# define BN_R_NOT_A_SQUARE                                111
-# define BN_R_NOT_INITIALIZED                             107
-# define BN_R_NO_INVERSE                                  108
-# define BN_R_NO_SOLUTION                                 116
-# define BN_R_P_IS_NOT_PRIME                              112
-# define BN_R_TOO_MANY_ITERATIONS                         113
-# define BN_R_TOO_MANY_TEMPORARY_VARIABLES                109
-
-#ifdef  __cplusplus
-}
-#endif
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/bn/bn.h (from rev 11605, vendor-crypto/openssl/dist/crypto/bn/bn.h)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/bn/bn.h	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/bn/bn.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,967 @@
+/* crypto/bn/bn.h */
+/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the Eric Young open source
+ * license provided above.
+ *
+ * The binary polynomial arithmetic software is originally written by
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#ifndef HEADER_BN_H
+# define HEADER_BN_H
+
+# include <limits.h>
+# include <openssl/e_os2.h>
+# ifndef OPENSSL_NO_FP_API
+#  include <stdio.h>            /* FILE */
+# endif
+# include <openssl/ossl_typ.h>
+# include <openssl/crypto.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*
+ * These preprocessor symbols control various aspects of the bignum headers
+ * and library code. They're not defined by any "normal" configuration, as
+ * they are intended for development and testing purposes. NB: defining all
+ * three can be useful for debugging application code as well as openssl
+ * itself. BN_DEBUG - turn on various debugging alterations to the bignum
+ * code BN_DEBUG_RAND - uses random poisoning of unused words to trip up
+ * mismanagement of bignum internals. You must also define BN_DEBUG.
+ */
+/* #define BN_DEBUG */
+/* #define BN_DEBUG_RAND */
+
+# ifndef OPENSSL_SMALL_FOOTPRINT
+#  define BN_MUL_COMBA
+#  define BN_SQR_COMBA
+#  define BN_RECURSION
+# endif
+
+/*
+ * This next option uses the C libraries (2 word)/(1 word) function. If it is
+ * not defined, I use my C version (which is slower). The reason for this
+ * flag is that when the particular C compiler library routine is used, and
+ * the library is linked with a different compiler, the library is missing.
+ * This mostly happens when the library is built with gcc and then linked
+ * using normal cc.  This would be a common occurrence because gcc normally
+ * produces code that is 2 times faster than system compilers for the big
+ * number stuff. For machines with only one compiler (or shared libraries),
+ * this should be on.  Again this in only really a problem on machines using
+ * "long long's", are 32bit, and are not using my assembler code.
+ */
+# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \
+    defined(OPENSSL_SYS_WIN32) || defined(linux)
+#  ifndef BN_DIV2W
+#   define BN_DIV2W
+#  endif
+# endif
+
+/*
+ * assuming long is 64bit - this is the DEC Alpha unsigned long long is only
+ * 64 bits :-(, don't define BN_LLONG for the DEC Alpha
+ */
+# ifdef SIXTY_FOUR_BIT_LONG
+#  define BN_ULLONG       unsigned long long
+#  define BN_ULONG        unsigned long
+#  define BN_LONG         long
+#  define BN_BITS         128
+#  define BN_BYTES        8
+#  define BN_BITS2        64
+#  define BN_BITS4        32
+#  define BN_MASK         (0xffffffffffffffffffffffffffffffffLL)
+#  define BN_MASK2        (0xffffffffffffffffL)
+#  define BN_MASK2l       (0xffffffffL)
+#  define BN_MASK2h       (0xffffffff00000000L)
+#  define BN_MASK2h1      (0xffffffff80000000L)
+#  define BN_TBIT         (0x8000000000000000L)
+#  define BN_DEC_CONV     (10000000000000000000UL)
+#  define BN_DEC_FMT1     "%lu"
+#  define BN_DEC_FMT2     "%019lu"
+#  define BN_DEC_NUM      19
+#  define BN_HEX_FMT1     "%lX"
+#  define BN_HEX_FMT2     "%016lX"
+# endif
+
+/*
+ * This is where the long long data type is 64 bits, but long is 32. For
+ * machines where there are 64bit registers, this is the mode to use. IRIX,
+ * on R4000 and above should use this mode, along with the relevant assembler
+ * code :-).  Do NOT define BN_LLONG.
+ */
+# ifdef SIXTY_FOUR_BIT
+#  undef BN_LLONG
+#  undef BN_ULLONG
+#  define BN_ULONG        unsigned long long
+#  define BN_LONG         long long
+#  define BN_BITS         128
+#  define BN_BYTES        8
+#  define BN_BITS2        64
+#  define BN_BITS4        32
+#  define BN_MASK2        (0xffffffffffffffffLL)
+#  define BN_MASK2l       (0xffffffffL)
+#  define BN_MASK2h       (0xffffffff00000000LL)
+#  define BN_MASK2h1      (0xffffffff80000000LL)
+#  define BN_TBIT         (0x8000000000000000LL)
+#  define BN_DEC_CONV     (10000000000000000000ULL)
+#  define BN_DEC_FMT1     "%llu"
+#  define BN_DEC_FMT2     "%019llu"
+#  define BN_DEC_NUM      19
+#  define BN_HEX_FMT1     "%llX"
+#  define BN_HEX_FMT2     "%016llX"
+# endif
+
+# ifdef THIRTY_TWO_BIT
+#  ifdef BN_LLONG
+#   if defined(_WIN32) && !defined(__GNUC__)
+#    define BN_ULLONG     unsigned __int64
+#    define BN_MASK       (0xffffffffffffffffI64)
+#   else
+#    define BN_ULLONG     unsigned long long
+#    define BN_MASK       (0xffffffffffffffffLL)
+#   endif
+#  endif
+#  define BN_ULONG        unsigned int
+#  define BN_LONG         int
+#  define BN_BITS         64
+#  define BN_BYTES        4
+#  define BN_BITS2        32
+#  define BN_BITS4        16
+#  define BN_MASK2        (0xffffffffL)
+#  define BN_MASK2l       (0xffff)
+#  define BN_MASK2h1      (0xffff8000L)
+#  define BN_MASK2h       (0xffff0000L)
+#  define BN_TBIT         (0x80000000L)
+#  define BN_DEC_CONV     (1000000000L)
+#  define BN_DEC_FMT1     "%u"
+#  define BN_DEC_FMT2     "%09u"
+#  define BN_DEC_NUM      9
+#  define BN_HEX_FMT1     "%X"
+#  define BN_HEX_FMT2     "%08X"
+# endif
+
+/*
+ * 2011-02-22 SMS. In various places, a size_t variable or a type cast to
+ * size_t was used to perform integer-only operations on pointers.  This
+ * failed on VMS with 64-bit pointers (CC /POINTER_SIZE = 64) because size_t
+ * is still only 32 bits.  What's needed in these cases is an integer type
+ * with the same size as a pointer, which size_t is not certain to be. The
+ * only fix here is VMS-specific.
+ */
+# if defined(OPENSSL_SYS_VMS)
+#  if __INITIAL_POINTER_SIZE == 64
+#   define PTR_SIZE_INT long long
+#  else                         /* __INITIAL_POINTER_SIZE == 64 */
+#   define PTR_SIZE_INT int
+#  endif                        /* __INITIAL_POINTER_SIZE == 64 [else] */
+# else                          /* defined(OPENSSL_SYS_VMS) */
+#  define PTR_SIZE_INT size_t
+# endif                         /* defined(OPENSSL_SYS_VMS) [else] */
+
+# define BN_DEFAULT_BITS 1280
+
+# define BN_FLG_MALLOCED         0x01
+# define BN_FLG_STATIC_DATA      0x02
+
+/*
+ * avoid leaking exponent information through timing,
+ * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime,
+ * BN_div() will call BN_div_no_branch,
+ * BN_mod_inverse() will call BN_mod_inverse_no_branch.
+ */
+# define BN_FLG_CONSTTIME        0x04
+
+# ifdef OPENSSL_NO_DEPRECATED
+/* deprecated name for the flag */
+#  define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME
+/*
+ * avoid leaking exponent information through timings
+ * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime)
+ */
+# endif
+
+# ifndef OPENSSL_NO_DEPRECATED
+#  define BN_FLG_FREE             0x8000
+                                       /* used for debuging */
+# endif
+# define BN_set_flags(b,n)       ((b)->flags|=(n))
+# define BN_get_flags(b,n)       ((b)->flags&(n))
+
+/*
+ * get a clone of a BIGNUM with changed flags, for *temporary* use only (the
+ * two BIGNUMs cannot not be used in parallel!)
+ */
+# define BN_with_flags(dest,b,n)  ((dest)->d=(b)->d, \
+                                  (dest)->top=(b)->top, \
+                                  (dest)->dmax=(b)->dmax, \
+                                  (dest)->neg=(b)->neg, \
+                                  (dest)->flags=(((dest)->flags & BN_FLG_MALLOCED) \
+                                                 |  ((b)->flags & ~BN_FLG_MALLOCED) \
+                                                 |  BN_FLG_STATIC_DATA \
+                                                 |  (n)))
+
+/* Already declared in ossl_typ.h */
+# if 0
+typedef struct bignum_st BIGNUM;
+/* Used for temp variables (declaration hidden in bn_lcl.h) */
+typedef struct bignum_ctx BN_CTX;
+typedef struct bn_blinding_st BN_BLINDING;
+typedef struct bn_mont_ctx_st BN_MONT_CTX;
+typedef struct bn_recp_ctx_st BN_RECP_CTX;
+typedef struct bn_gencb_st BN_GENCB;
+# endif
+
+struct bignum_st {
+    BN_ULONG *d;                /* Pointer to an array of 'BN_BITS2' bit
+                                 * chunks. */
+    int top;                    /* Index of last used d +1. */
+    /* The next are internal book keeping for bn_expand. */
+    int dmax;                   /* Size of the d array. */
+    int neg;                    /* one if the number is negative */
+    int flags;
+};
+
+/* Used for montgomery multiplication */
+struct bn_mont_ctx_st {
+    int ri;                     /* number of bits in R */
+    BIGNUM RR;                  /* used to convert to montgomery form */
+    BIGNUM N;                   /* The modulus */
+    BIGNUM Ni;                  /* R*(1/R mod N) - N*Ni = 1 (Ni is only
+                                 * stored for bignum algorithm) */
+    BN_ULONG n0[2];             /* least significant word(s) of Ni; (type
+                                 * changed with 0.9.9, was "BN_ULONG n0;"
+                                 * before) */
+    int flags;
+};
+
+/*
+ * Used for reciprocal division/mod functions It cannot be shared between
+ * threads
+ */
+struct bn_recp_ctx_st {
+    BIGNUM N;                   /* the divisor */
+    BIGNUM Nr;                  /* the reciprocal */
+    int num_bits;
+    int shift;
+    int flags;
+};
+
+/* Used for slow "generation" functions. */
+struct bn_gencb_st {
+    unsigned int ver;           /* To handle binary (in)compatibility */
+    void *arg;                  /* callback-specific data */
+    union {
+        /* if(ver==1) - handles old style callbacks */
+        void (*cb_1) (int, int, void *);
+        /* if(ver==2) - new callback style */
+        int (*cb_2) (int, int, BN_GENCB *);
+    } cb;
+};
+/* Wrapper function to make using BN_GENCB easier,  */
+int BN_GENCB_call(BN_GENCB *cb, int a, int b);
+/* Macro to populate a BN_GENCB structure with an "old"-style callback */
+# define BN_GENCB_set_old(gencb, callback, cb_arg) { \
+                BN_GENCB *tmp_gencb = (gencb); \
+                tmp_gencb->ver = 1; \
+                tmp_gencb->arg = (cb_arg); \
+                tmp_gencb->cb.cb_1 = (callback); }
+/* Macro to populate a BN_GENCB structure with a "new"-style callback */
+# define BN_GENCB_set(gencb, callback, cb_arg) { \
+                BN_GENCB *tmp_gencb = (gencb); \
+                tmp_gencb->ver = 2; \
+                tmp_gencb->arg = (cb_arg); \
+                tmp_gencb->cb.cb_2 = (callback); }
+
+# define BN_prime_checks 0      /* default: select number of iterations based
+                                 * on the size of the number */
+
+/*
+ * number of Miller-Rabin iterations for an error rate of less than 2^-80 for
+ * random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook of
+ * Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996];
+ * original paper: Damgaard, Landrock, Pomerance: Average case error
+ * estimates for the strong probable prime test. -- Math. Comp. 61 (1993)
+ * 177-194)
+ */
+# define BN_prime_checks_for_size(b) ((b) >= 1300 ?  2 : \
+                                (b) >=  850 ?  3 : \
+                                (b) >=  650 ?  4 : \
+                                (b) >=  550 ?  5 : \
+                                (b) >=  450 ?  6 : \
+                                (b) >=  400 ?  7 : \
+                                (b) >=  350 ?  8 : \
+                                (b) >=  300 ?  9 : \
+                                (b) >=  250 ? 12 : \
+                                (b) >=  200 ? 15 : \
+                                (b) >=  150 ? 18 : \
+                                /* b >= 100 */ 27)
+
+# define BN_num_bytes(a) ((BN_num_bits(a)+7)/8)
+
+/* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */
+# define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \
+                                (((w) == 0) && ((a)->top == 0)))
+# define BN_is_zero(a)       ((a)->top == 0)
+# define BN_is_one(a)        (BN_abs_is_word((a),1) && !(a)->neg)
+# define BN_is_word(a,w)     (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg))
+# define BN_is_odd(a)        (((a)->top > 0) && ((a)->d[0] & 1))
+
+# define BN_one(a)       (BN_set_word((a),1))
+# define BN_zero_ex(a) \
+        do { \
+                BIGNUM *_tmp_bn = (a); \
+                _tmp_bn->top = 0; \
+                _tmp_bn->neg = 0; \
+        } while(0)
+# ifdef OPENSSL_NO_DEPRECATED
+#  define BN_zero(a)      BN_zero_ex(a)
+# else
+#  define BN_zero(a)      (BN_set_word((a),0))
+# endif
+
+const BIGNUM *BN_value_one(void);
+char *BN_options(void);
+BN_CTX *BN_CTX_new(void);
+# ifndef OPENSSL_NO_DEPRECATED
+void BN_CTX_init(BN_CTX *c);
+# endif
+void BN_CTX_free(BN_CTX *c);
+void BN_CTX_start(BN_CTX *ctx);
+BIGNUM *BN_CTX_get(BN_CTX *ctx);
+void BN_CTX_end(BN_CTX *ctx);
+int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
+int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
+int BN_rand_range(BIGNUM *rnd, const BIGNUM *range);
+int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range);
+int BN_num_bits(const BIGNUM *a);
+int BN_num_bits_word(BN_ULONG);
+BIGNUM *BN_new(void);
+void BN_init(BIGNUM *);
+void BN_clear_free(BIGNUM *a);
+BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
+void BN_swap(BIGNUM *a, BIGNUM *b);
+BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+int BN_bn2bin(const BIGNUM *a, unsigned char *to);
+BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
+int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
+int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx);
+/** BN_set_negative sets sign of a BIGNUM
+ * \param  b  pointer to the BIGNUM object
+ * \param  n  0 if the BIGNUM b should be positive and a value != 0 otherwise
+ */
+void BN_set_negative(BIGNUM *b, int n);
+/** BN_is_negative returns 1 if the BIGNUM is negative
+ * \param  a  pointer to the BIGNUM object
+ * \return 1 if a < 0 and 0 otherwise
+ */
+# define BN_is_negative(a) ((a)->neg != 0)
+
+int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
+           BN_CTX *ctx);
+# define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx))
+int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);
+int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+               BN_CTX *ctx);
+int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                     const BIGNUM *m);
+int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+               BN_CTX *ctx);
+int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                     const BIGNUM *m);
+int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+               BN_CTX *ctx);
+int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m);
+int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m,
+                  BN_CTX *ctx);
+int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m);
+
+BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
+BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
+int BN_mul_word(BIGNUM *a, BN_ULONG w);
+int BN_add_word(BIGNUM *a, BN_ULONG w);
+int BN_sub_word(BIGNUM *a, BN_ULONG w);
+int BN_set_word(BIGNUM *a, BN_ULONG w);
+BN_ULONG BN_get_word(const BIGNUM *a);
+
+int BN_cmp(const BIGNUM *a, const BIGNUM *b);
+void BN_free(BIGNUM *a);
+int BN_is_bit_set(const BIGNUM *a, int n);
+int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
+int BN_lshift1(BIGNUM *r, const BIGNUM *a);
+int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+
+int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+               const BIGNUM *m, BN_CTX *ctx);
+int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+                              const BIGNUM *m, BN_CTX *ctx,
+                              BN_MONT_CTX *in_mont);
+int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
+                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1,
+                     const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
+                     BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                      const BIGNUM *m, BN_CTX *ctx);
+
+int BN_mask_bits(BIGNUM *a, int n);
+# ifndef OPENSSL_NO_FP_API
+int BN_print_fp(FILE *fp, const BIGNUM *a);
+# endif
+# ifdef HEADER_BIO_H
+int BN_print(BIO *fp, const BIGNUM *a);
+# else
+int BN_print(void *fp, const BIGNUM *a);
+# endif
+int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx);
+int BN_rshift(BIGNUM *r, const BIGNUM *a, int n);
+int BN_rshift1(BIGNUM *r, const BIGNUM *a);
+void BN_clear(BIGNUM *a);
+BIGNUM *BN_dup(const BIGNUM *a);
+int BN_ucmp(const BIGNUM *a, const BIGNUM *b);
+int BN_set_bit(BIGNUM *a, int n);
+int BN_clear_bit(BIGNUM *a, int n);
+char *BN_bn2hex(const BIGNUM *a);
+char *BN_bn2dec(const BIGNUM *a);
+int BN_hex2bn(BIGNUM **a, const char *str);
+int BN_dec2bn(BIGNUM **a, const char *str);
+int BN_asc2bn(BIGNUM **a, const char *str);
+int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); /* returns
+                                                                  * -2 for
+                                                                  * error */
+BIGNUM *BN_mod_inverse(BIGNUM *ret,
+                       const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
+BIGNUM *BN_mod_sqrt(BIGNUM *ret,
+                    const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
+
+void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
+
+/* Deprecated versions */
+# ifndef OPENSSL_NO_DEPRECATED
+BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
+                          const BIGNUM *add, const BIGNUM *rem,
+                          void (*callback) (int, int, void *), void *cb_arg);
+int BN_is_prime(const BIGNUM *p, int nchecks,
+                void (*callback) (int, int, void *),
+                BN_CTX *ctx, void *cb_arg);
+int BN_is_prime_fasttest(const BIGNUM *p, int nchecks,
+                         void (*callback) (int, int, void *), BN_CTX *ctx,
+                         void *cb_arg, int do_trial_division);
+# endif                         /* !defined(OPENSSL_NO_DEPRECATED) */
+
+/* Newer versions */
+int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
+                         const BIGNUM *rem, BN_GENCB *cb);
+int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb);
+int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx,
+                            int do_trial_division, BN_GENCB *cb);
+
+int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);
+
+int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+                            const BIGNUM *Xp, const BIGNUM *Xp1,
+                            const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx,
+                            BN_GENCB *cb);
+int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1,
+                              BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e,
+                              BN_CTX *ctx, BN_GENCB *cb);
+
+BN_MONT_CTX *BN_MONT_CTX_new(void);
+void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
+int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                          BN_MONT_CTX *mont, BN_CTX *ctx);
+# define BN_to_montgomery(r,a,mont,ctx)  BN_mod_mul_montgomery(\
+        (r),(a),&((mont)->RR),(mont),(ctx))
+int BN_from_montgomery(BIGNUM *r, const BIGNUM *a,
+                       BN_MONT_CTX *mont, BN_CTX *ctx);
+void BN_MONT_CTX_free(BN_MONT_CTX *mont);
+int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx);
+BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
+BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
+                                    const BIGNUM *mod, BN_CTX *ctx);
+
+/* BN_BLINDING flags */
+# define BN_BLINDING_NO_UPDATE   0x00000001
+# define BN_BLINDING_NO_RECREATE 0x00000002
+
+BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod);
+void BN_BLINDING_free(BN_BLINDING *b);
+int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx);
+int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *);
+int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
+                          BN_CTX *);
+# ifndef OPENSSL_NO_DEPRECATED
+unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
+void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
+# endif
+CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *);
+unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
+void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
+BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
+                                      const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
+                                      int (*bn_mod_exp) (BIGNUM *r,
+                                                         const BIGNUM *a,
+                                                         const BIGNUM *p,
+                                                         const BIGNUM *m,
+                                                         BN_CTX *ctx,
+                                                         BN_MONT_CTX *m_ctx),
+                                      BN_MONT_CTX *m_ctx);
+
+# ifndef OPENSSL_NO_DEPRECATED
+void BN_set_params(int mul, int high, int low, int mont);
+int BN_get_params(int which);   /* 0, mul, 1 high, 2 low, 3 mont */
+# endif
+
+void BN_RECP_CTX_init(BN_RECP_CTX *recp);
+BN_RECP_CTX *BN_RECP_CTX_new(void);
+void BN_RECP_CTX_free(BN_RECP_CTX *recp);
+int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx);
+int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
+                          BN_RECP_CTX *recp, BN_CTX *ctx);
+int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                    const BIGNUM *m, BN_CTX *ctx);
+int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
+                BN_RECP_CTX *recp, BN_CTX *ctx);
+
+# ifndef OPENSSL_NO_EC2M
+
+/*
+ * Functions for arithmetic over binary polynomials represented by BIGNUMs.
+ * The BIGNUM::neg property of BIGNUMs representing binary polynomials is
+ * ignored. Note that input arguments are not const so that their bit arrays
+ * can be expanded to the appropriate size if needed.
+ */
+
+/*
+ * r = a + b
+ */
+int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+#  define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b)
+/*
+ * r=a mod p
+ */
+int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p);
+/* r = (a * b) mod p */
+int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                    const BIGNUM *p, BN_CTX *ctx);
+/* r = (a * a) mod p */
+int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+/* r = (1 / b) mod p */
+int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx);
+/* r = (a / b) mod p */
+int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                    const BIGNUM *p, BN_CTX *ctx);
+/* r = (a ^ b) mod p */
+int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                    const BIGNUM *p, BN_CTX *ctx);
+/* r = sqrt(a) mod p */
+int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                     BN_CTX *ctx);
+/* r^2 + r = a mod p */
+int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                           BN_CTX *ctx);
+#  define BN_GF2m_cmp(a, b) BN_ucmp((a), (b))
+/*-
+ * Some functions allow for representation of the irreducible polynomials
+ * as an unsigned int[], say p.  The irreducible f(t) is then of the form:
+ *     t^p[0] + t^p[1] + ... + t^p[k]
+ * where m = p[0] > p[1] > ... > p[k] = 0.
+ */
+/* r = a mod p */
+int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]);
+/* r = (a * b) mod p */
+int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                        const int p[], BN_CTX *ctx);
+/* r = (a * a) mod p */
+int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[],
+                        BN_CTX *ctx);
+/* r = (1 / b) mod p */
+int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[],
+                        BN_CTX *ctx);
+/* r = (a / b) mod p */
+int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                        const int p[], BN_CTX *ctx);
+/* r = (a ^ b) mod p */
+int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                        const int p[], BN_CTX *ctx);
+/* r = sqrt(a) mod p */
+int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a,
+                         const int p[], BN_CTX *ctx);
+/* r^2 + r = a mod p */
+int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a,
+                               const int p[], BN_CTX *ctx);
+int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max);
+int BN_GF2m_arr2poly(const int p[], BIGNUM *a);
+
+# endif
+
+/*
+ * faster mod functions for the 'NIST primes' 0 <= a < p^2
+ */
+int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+
+const BIGNUM *BN_get0_nist_prime_192(void);
+const BIGNUM *BN_get0_nist_prime_224(void);
+const BIGNUM *BN_get0_nist_prime_256(void);
+const BIGNUM *BN_get0_nist_prime_384(void);
+const BIGNUM *BN_get0_nist_prime_521(void);
+
+/* library internal functions */
+
+# define bn_expand(a,bits) \
+    ( \
+        bits > (INT_MAX - BN_BITS2 + 1) ? \
+            NULL \
+        : \
+            (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) ? \
+                (a) \
+            : \
+                bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2) \
+    )
+
+# define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
+BIGNUM *bn_expand2(BIGNUM *a, int words);
+# ifndef OPENSSL_NO_DEPRECATED
+BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */
+# endif
+
+/*-
+ * Bignum consistency macros
+ * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from
+ * bignum data after direct manipulations on the data. There is also an
+ * "internal" macro, bn_check_top(), for verifying that there are no leading
+ * zeroes. Unfortunately, some auditing is required due to the fact that
+ * bn_fix_top() has become an overabused duct-tape because bignum data is
+ * occasionally passed around in an inconsistent state. So the following
+ * changes have been made to sort this out;
+ * - bn_fix_top()s implementation has been moved to bn_correct_top()
+ * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and
+ *   bn_check_top() is as before.
+ * - if BN_DEBUG *is* defined;
+ *   - bn_check_top() tries to pollute unused words even if the bignum 'top' is
+ *     consistent. (ed: only if BN_DEBUG_RAND is defined)
+ *   - bn_fix_top() maps to bn_check_top() rather than "fixing" anything.
+ * The idea is to have debug builds flag up inconsistent bignums when they
+ * occur. If that occurs in a bn_fix_top(), we examine the code in question; if
+ * the use of bn_fix_top() was appropriate (ie. it follows directly after code
+ * that manipulates the bignum) it is converted to bn_correct_top(), and if it
+ * was not appropriate, we convert it permanently to bn_check_top() and track
+ * down the cause of the bug. Eventually, no internal code should be using the
+ * bn_fix_top() macro. External applications and libraries should try this with
+ * their own code too, both in terms of building against the openssl headers
+ * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it
+ * defined. This not only improves external code, it provides more test
+ * coverage for openssl's own code.
+ */
+
+# ifdef BN_DEBUG
+
+/* We only need assert() when debugging */
+#  include <assert.h>
+
+#  ifdef BN_DEBUG_RAND
+/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */
+#   ifndef RAND_pseudo_bytes
+int RAND_pseudo_bytes(unsigned char *buf, int num);
+#    define BN_DEBUG_TRIX
+#   endif
+#   define bn_pollute(a) \
+        do { \
+                const BIGNUM *_bnum1 = (a); \
+                if(_bnum1->top < _bnum1->dmax) { \
+                        unsigned char _tmp_char; \
+                        /* We cast away const without the compiler knowing, any \
+                         * *genuinely* constant variables that aren't mutable \
+                         * wouldn't be constructed with top!=dmax. */ \
+                        BN_ULONG *_not_const; \
+                        memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \
+                        /* Debug only - safe to ignore error return */ \
+                        RAND_pseudo_bytes(&_tmp_char, 1); \
+                        memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \
+                                (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \
+                } \
+        } while(0)
+#   ifdef BN_DEBUG_TRIX
+#    undef RAND_pseudo_bytes
+#   endif
+#  else
+#   define bn_pollute(a)
+#  endif
+#  define bn_check_top(a) \
+        do { \
+                const BIGNUM *_bnum2 = (a); \
+                if (_bnum2 != NULL) { \
+                        assert((_bnum2->top == 0) || \
+                                (_bnum2->d[_bnum2->top - 1] != 0)); \
+                        bn_pollute(_bnum2); \
+                } \
+        } while(0)
+
+#  define bn_fix_top(a)           bn_check_top(a)
+
+#  define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
+#  define bn_wcheck_size(bn, words) \
+        do { \
+                const BIGNUM *_bnum2 = (bn); \
+                assert((words) <= (_bnum2)->dmax && (words) >= (_bnum2)->top); \
+                /* avoid unused variable warning with NDEBUG */ \
+                (void)(_bnum2); \
+        } while(0)
+
+# else                          /* !BN_DEBUG */
+
+#  define bn_pollute(a)
+#  define bn_check_top(a)
+#  define bn_fix_top(a)           bn_correct_top(a)
+#  define bn_check_size(bn, bits)
+#  define bn_wcheck_size(bn, words)
+
+# endif
+
+# define bn_correct_top(a) \
+        { \
+        BN_ULONG *ftl; \
+        int tmp_top = (a)->top; \
+        if (tmp_top > 0) \
+                { \
+                for (ftl= &((a)->d[tmp_top-1]); tmp_top > 0; tmp_top--) \
+                        if (*(ftl--)) break; \
+                (a)->top = tmp_top; \
+                } \
+        bn_pollute(a); \
+        }
+
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
+                          BN_ULONG w);
+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
+void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num);
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
+BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                      int num);
+BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                      int num);
+
+/* Primes from RFC 2409 */
+BIGNUM *get_rfc2409_prime_768(BIGNUM *bn);
+BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn);
+
+/* Primes from RFC 3526 */
+BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn);
+BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn);
+BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn);
+BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn);
+BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn);
+BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn);
+
+int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_BN_strings(void);
+
+/* Error codes for the BN functions. */
+
+/* Function codes. */
+# define BN_F_BNRAND                                      127
+# define BN_F_BN_BLINDING_CONVERT_EX                      100
+# define BN_F_BN_BLINDING_CREATE_PARAM                    128
+# define BN_F_BN_BLINDING_INVERT_EX                       101
+# define BN_F_BN_BLINDING_NEW                             102
+# define BN_F_BN_BLINDING_UPDATE                          103
+# define BN_F_BN_BN2DEC                                   104
+# define BN_F_BN_BN2HEX                                   105
+# define BN_F_BN_CTX_GET                                  116
+# define BN_F_BN_CTX_NEW                                  106
+# define BN_F_BN_CTX_START                                129
+# define BN_F_BN_DIV                                      107
+# define BN_F_BN_DIV_NO_BRANCH                            138
+# define BN_F_BN_DIV_RECP                                 130
+# define BN_F_BN_EXP                                      123
+# define BN_F_BN_EXPAND2                                  108
+# define BN_F_BN_EXPAND_INTERNAL                          120
+# define BN_F_BN_GF2M_MOD                                 131
+# define BN_F_BN_GF2M_MOD_EXP                             132
+# define BN_F_BN_GF2M_MOD_MUL                             133
+# define BN_F_BN_GF2M_MOD_SOLVE_QUAD                      134
+# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR                  135
+# define BN_F_BN_GF2M_MOD_SQR                             136
+# define BN_F_BN_GF2M_MOD_SQRT                            137
+# define BN_F_BN_LSHIFT                                   145
+# define BN_F_BN_MOD_EXP2_MONT                            118
+# define BN_F_BN_MOD_EXP_MONT                             109
+# define BN_F_BN_MOD_EXP_MONT_CONSTTIME                   124
+# define BN_F_BN_MOD_EXP_MONT_WORD                        117
+# define BN_F_BN_MOD_EXP_RECP                             125
+# define BN_F_BN_MOD_EXP_SIMPLE                           126
+# define BN_F_BN_MOD_INVERSE                              110
+# define BN_F_BN_MOD_INVERSE_NO_BRANCH                    139
+# define BN_F_BN_MOD_LSHIFT_QUICK                         119
+# define BN_F_BN_MOD_MUL_RECIPROCAL                       111
+# define BN_F_BN_MOD_SQRT                                 121
+# define BN_F_BN_MPI2BN                                   112
+# define BN_F_BN_NEW                                      113
+# define BN_F_BN_RAND                                     114
+# define BN_F_BN_RAND_RANGE                               122
+# define BN_F_BN_RSHIFT                                   146
+# define BN_F_BN_USUB                                     115
+
+/* Reason codes. */
+# define BN_R_ARG2_LT_ARG3                                100
+# define BN_R_BAD_RECIPROCAL                              101
+# define BN_R_BIGNUM_TOO_LONG                             114
+# define BN_R_BITS_TOO_SMALL                              118
+# define BN_R_CALLED_WITH_EVEN_MODULUS                    102
+# define BN_R_DIV_BY_ZERO                                 103
+# define BN_R_ENCODING_ERROR                              104
+# define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA                105
+# define BN_R_INPUT_NOT_REDUCED                           110
+# define BN_R_INVALID_LENGTH                              106
+# define BN_R_INVALID_RANGE                               115
+# define BN_R_INVALID_SHIFT                               119
+# define BN_R_NOT_A_SQUARE                                111
+# define BN_R_NOT_INITIALIZED                             107
+# define BN_R_NO_INVERSE                                  108
+# define BN_R_NO_SOLUTION                                 116
+# define BN_R_P_IS_NOT_PRIME                              112
+# define BN_R_TOO_MANY_ITERATIONS                         113
+# define BN_R_TOO_MANY_TEMPORARY_VARIABLES                109
+
+#ifdef  __cplusplus
+}
+#endif
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/bn/bn_exp.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_exp.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/bn/bn_exp.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,1121 +0,0 @@
-/* crypto/bn/bn_exp.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-#include <stdlib.h>
-#ifdef _WIN32
-# include <malloc.h>
-# ifndef alloca
-#  define alloca _alloca
-# endif
-#elif defined(__GNUC__)
-# ifndef alloca
-#  define alloca(s) __builtin_alloca((s))
-# endif
-#endif
-
-/* maximum precomputation table size for *variable* sliding windows */
-#define TABLE_SIZE      32
-
-/* this one works - simple but works */
-int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
-{
-    int i, bits, ret = 0;
-    BIGNUM *v, *rr;
-
-    if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
-        /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
-        BNerr(BN_F_BN_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-        return -1;
-    }
-
-    BN_CTX_start(ctx);
-    if ((r == a) || (r == p))
-        rr = BN_CTX_get(ctx);
-    else
-        rr = r;
-    v = BN_CTX_get(ctx);
-    if (rr == NULL || v == NULL)
-        goto err;
-
-    if (BN_copy(v, a) == NULL)
-        goto err;
-    bits = BN_num_bits(p);
-
-    if (BN_is_odd(p)) {
-        if (BN_copy(rr, a) == NULL)
-            goto err;
-    } else {
-        if (!BN_one(rr))
-            goto err;
-    }
-
-    for (i = 1; i < bits; i++) {
-        if (!BN_sqr(v, v, ctx))
-            goto err;
-        if (BN_is_bit_set(p, i)) {
-            if (!BN_mul(rr, rr, v, ctx))
-                goto err;
-        }
-    }
-    if (r != rr)
-        BN_copy(r, rr);
-    ret = 1;
- err:
-    BN_CTX_end(ctx);
-    bn_check_top(r);
-    return (ret);
-}
-
-int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
-               BN_CTX *ctx)
-{
-    int ret;
-
-    bn_check_top(a);
-    bn_check_top(p);
-    bn_check_top(m);
-
-    /*-
-     * For even modulus  m = 2^k*m_odd,  it might make sense to compute
-     * a^p mod m_odd  and  a^p mod 2^k  separately (with Montgomery
-     * exponentiation for the odd part), using appropriate exponent
-     * reductions, and combine the results using the CRT.
-     *
-     * For now, we use Montgomery only if the modulus is odd; otherwise,
-     * exponentiation using the reciprocal-based quick remaindering
-     * algorithm is used.
-     *
-     * (Timing obtained with expspeed.c [computations  a^p mod m
-     * where  a, p, m  are of the same length: 256, 512, 1024, 2048,
-     * 4096, 8192 bits], compared to the running time of the
-     * standard algorithm:
-     *
-     *   BN_mod_exp_mont   33 .. 40 %  [AMD K6-2, Linux, debug configuration]
-     *                     55 .. 77 %  [UltraSparc processor, but
-     *                                  debug-solaris-sparcv8-gcc conf.]
-     *
-     *   BN_mod_exp_recp   50 .. 70 %  [AMD K6-2, Linux, debug configuration]
-     *                     62 .. 118 % [UltraSparc, debug-solaris-sparcv8-gcc]
-     *
-     * On the Sparc, BN_mod_exp_recp was faster than BN_mod_exp_mont
-     * at 2048 and more bits, but at 512 and 1024 bits, it was
-     * slower even than the standard algorithm!
-     *
-     * "Real" timings [linux-elf, solaris-sparcv9-gcc configurations]
-     * should be obtained when the new Montgomery reduction code
-     * has been integrated into OpenSSL.)
-     */
-
-#define MONT_MUL_MOD
-#define MONT_EXP_WORD
-#define RECP_MUL_MOD
-
-#ifdef MONT_MUL_MOD
-    /*
-     * I have finally been able to take out this pre-condition of the top bit
-     * being set.  It was caused by an error in BN_div with negatives.  There
-     * was also another problem when for a^b%m a >= m.  eay 07-May-97
-     */
-    /* if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */
-
-    if (BN_is_odd(m)) {
-# ifdef MONT_EXP_WORD
-        if (a->top == 1 && !a->neg
-            && (BN_get_flags(p, BN_FLG_CONSTTIME) == 0)) {
-            BN_ULONG A = a->d[0];
-            ret = BN_mod_exp_mont_word(r, A, p, m, ctx, NULL);
-        } else
-# endif
-            ret = BN_mod_exp_mont(r, a, p, m, ctx, NULL);
-    } else
-#endif
-#ifdef RECP_MUL_MOD
-    {
-        ret = BN_mod_exp_recp(r, a, p, m, ctx);
-    }
-#else
-    {
-        ret = BN_mod_exp_simple(r, a, p, m, ctx);
-    }
-#endif
-
-    bn_check_top(r);
-    return (ret);
-}
-
-int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                    const BIGNUM *m, BN_CTX *ctx)
-{
-    int i, j, bits, ret = 0, wstart, wend, window, wvalue;
-    int start = 1;
-    BIGNUM *aa;
-    /* Table of variables obtained from 'ctx' */
-    BIGNUM *val[TABLE_SIZE];
-    BN_RECP_CTX recp;
-
-    if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
-        /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
-        BNerr(BN_F_BN_MOD_EXP_RECP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-        return -1;
-    }
-
-    bits = BN_num_bits(p);
-
-    if (bits == 0) {
-        ret = BN_one(r);
-        return ret;
-    }
-
-    BN_CTX_start(ctx);
-    aa = BN_CTX_get(ctx);
-    val[0] = BN_CTX_get(ctx);
-    if (!aa || !val[0])
-        goto err;
-
-    BN_RECP_CTX_init(&recp);
-    if (m->neg) {
-        /* ignore sign of 'm' */
-        if (!BN_copy(aa, m))
-            goto err;
-        aa->neg = 0;
-        if (BN_RECP_CTX_set(&recp, aa, ctx) <= 0)
-            goto err;
-    } else {
-        if (BN_RECP_CTX_set(&recp, m, ctx) <= 0)
-            goto err;
-    }
-
-    if (!BN_nnmod(val[0], a, m, ctx))
-        goto err;               /* 1 */
-    if (BN_is_zero(val[0])) {
-        BN_zero(r);
-        ret = 1;
-        goto err;
-    }
-
-    window = BN_window_bits_for_exponent_size(bits);
-    if (window > 1) {
-        if (!BN_mod_mul_reciprocal(aa, val[0], val[0], &recp, ctx))
-            goto err;           /* 2 */
-        j = 1 << (window - 1);
-        for (i = 1; i < j; i++) {
-            if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
-                !BN_mod_mul_reciprocal(val[i], val[i - 1], aa, &recp, ctx))
-                goto err;
-        }
-    }
-
-    start = 1;                  /* This is used to avoid multiplication etc
-                                 * when there is only the value '1' in the
-                                 * buffer. */
-    wvalue = 0;                 /* The 'value' of the window */
-    wstart = bits - 1;          /* The top bit of the window */
-    wend = 0;                   /* The bottom bit of the window */
-
-    if (!BN_one(r))
-        goto err;
-
-    for (;;) {
-        if (BN_is_bit_set(p, wstart) == 0) {
-            if (!start)
-                if (!BN_mod_mul_reciprocal(r, r, r, &recp, ctx))
-                    goto err;
-            if (wstart == 0)
-                break;
-            wstart--;
-            continue;
-        }
-        /*
-         * We now have wstart on a 'set' bit, we now need to work out how bit
-         * a window to do.  To do this we need to scan forward until the last
-         * set bit before the end of the window
-         */
-        j = wstart;
-        wvalue = 1;
-        wend = 0;
-        for (i = 1; i < window; i++) {
-            if (wstart - i < 0)
-                break;
-            if (BN_is_bit_set(p, wstart - i)) {
-                wvalue <<= (i - wend);
-                wvalue |= 1;
-                wend = i;
-            }
-        }
-
-        /* wend is the size of the current window */
-        j = wend + 1;
-        /* add the 'bytes above' */
-        if (!start)
-            for (i = 0; i < j; i++) {
-                if (!BN_mod_mul_reciprocal(r, r, r, &recp, ctx))
-                    goto err;
-            }
-
-        /* wvalue will be an odd number < 2^window */
-        if (!BN_mod_mul_reciprocal(r, r, val[wvalue >> 1], &recp, ctx))
-            goto err;
-
-        /* move the 'window' down further */
-        wstart -= wend + 1;
-        wvalue = 0;
-        start = 0;
-        if (wstart < 0)
-            break;
-    }
-    ret = 1;
- err:
-    BN_CTX_end(ctx);
-    BN_RECP_CTX_free(&recp);
-    bn_check_top(r);
-    return (ret);
-}
-
-int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
-                    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
-{
-    int i, j, bits, ret = 0, wstart, wend, window, wvalue;
-    int start = 1;
-    BIGNUM *d, *r;
-    const BIGNUM *aa;
-    /* Table of variables obtained from 'ctx' */
-    BIGNUM *val[TABLE_SIZE];
-    BN_MONT_CTX *mont = NULL;
-
-    if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
-        return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
-    }
-
-    bn_check_top(a);
-    bn_check_top(p);
-    bn_check_top(m);
-
-    if (!BN_is_odd(m)) {
-        BNerr(BN_F_BN_MOD_EXP_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);
-        return (0);
-    }
-    bits = BN_num_bits(p);
-    if (bits == 0) {
-        ret = BN_one(rr);
-        return ret;
-    }
-
-    BN_CTX_start(ctx);
-    d = BN_CTX_get(ctx);
-    r = BN_CTX_get(ctx);
-    val[0] = BN_CTX_get(ctx);
-    if (!d || !r || !val[0])
-        goto err;
-
-    /*
-     * If this is not done, things will break in the montgomery part
-     */
-
-    if (in_mont != NULL)
-        mont = in_mont;
-    else {
-        if ((mont = BN_MONT_CTX_new()) == NULL)
-            goto err;
-        if (!BN_MONT_CTX_set(mont, m, ctx))
-            goto err;
-    }
-
-    if (a->neg || BN_ucmp(a, m) >= 0) {
-        if (!BN_nnmod(val[0], a, m, ctx))
-            goto err;
-        aa = val[0];
-    } else
-        aa = a;
-    if (BN_is_zero(aa)) {
-        BN_zero(rr);
-        ret = 1;
-        goto err;
-    }
-    if (!BN_to_montgomery(val[0], aa, mont, ctx))
-        goto err;               /* 1 */
-
-    window = BN_window_bits_for_exponent_size(bits);
-    if (window > 1) {
-        if (!BN_mod_mul_montgomery(d, val[0], val[0], mont, ctx))
-            goto err;           /* 2 */
-        j = 1 << (window - 1);
-        for (i = 1; i < j; i++) {
-            if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
-                !BN_mod_mul_montgomery(val[i], val[i - 1], d, mont, ctx))
-                goto err;
-        }
-    }
-
-    start = 1;                  /* This is used to avoid multiplication etc
-                                 * when there is only the value '1' in the
-                                 * buffer. */
-    wvalue = 0;                 /* The 'value' of the window */
-    wstart = bits - 1;          /* The top bit of the window */
-    wend = 0;                   /* The bottom bit of the window */
-
-    if (!BN_to_montgomery(r, BN_value_one(), mont, ctx))
-        goto err;
-    for (;;) {
-        if (BN_is_bit_set(p, wstart) == 0) {
-            if (!start) {
-                if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
-                    goto err;
-            }
-            if (wstart == 0)
-                break;
-            wstart--;
-            continue;
-        }
-        /*
-         * We now have wstart on a 'set' bit, we now need to work out how bit
-         * a window to do.  To do this we need to scan forward until the last
-         * set bit before the end of the window
-         */
-        j = wstart;
-        wvalue = 1;
-        wend = 0;
-        for (i = 1; i < window; i++) {
-            if (wstart - i < 0)
-                break;
-            if (BN_is_bit_set(p, wstart - i)) {
-                wvalue <<= (i - wend);
-                wvalue |= 1;
-                wend = i;
-            }
-        }
-
-        /* wend is the size of the current window */
-        j = wend + 1;
-        /* add the 'bytes above' */
-        if (!start)
-            for (i = 0; i < j; i++) {
-                if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
-                    goto err;
-            }
-
-        /* wvalue will be an odd number < 2^window */
-        if (!BN_mod_mul_montgomery(r, r, val[wvalue >> 1], mont, ctx))
-            goto err;
-
-        /* move the 'window' down further */
-        wstart -= wend + 1;
-        wvalue = 0;
-        start = 0;
-        if (wstart < 0)
-            break;
-    }
-    if (!BN_from_montgomery(rr, r, mont, ctx))
-        goto err;
-    ret = 1;
- err:
-    if ((in_mont == NULL) && (mont != NULL))
-        BN_MONT_CTX_free(mont);
-    BN_CTX_end(ctx);
-    bn_check_top(rr);
-    return (ret);
-}
-
-/*
- * BN_mod_exp_mont_consttime() stores the precomputed powers in a specific
- * layout so that accessing any of these table values shows the same access
- * pattern as far as cache lines are concerned.  The following functions are
- * used to transfer a BIGNUM from/to that table.
- */
-
-static int MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top,
-                                        unsigned char *buf, int idx,
-                                        int width)
-{
-    size_t i, j;
-
-    if (top > b->top)
-        top = b->top;           /* this works because 'buf' is explicitly
-                                 * zeroed */
-    for (i = 0, j = idx; i < top * sizeof b->d[0]; i++, j += width) {
-        buf[j] = ((unsigned char *)b->d)[i];
-    }
-
-    return 1;
-}
-
-static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
-                                          unsigned char *buf, int idx,
-                                          int width)
-{
-    size_t i, j;
-
-    if (bn_wexpand(b, top) == NULL)
-        return 0;
-
-    for (i = 0, j = idx; i < top * sizeof b->d[0]; i++, j += width) {
-        ((unsigned char *)b->d)[i] = buf[j];
-    }
-
-    b->top = top;
-    bn_correct_top(b);
-    return 1;
-}
-
-/*
- * Given a pointer value, compute the next address that is a cache line
- * multiple.
- */
-#define MOD_EXP_CTIME_ALIGN(x_) \
-        ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
-
-/*
- * This variant of BN_mod_exp_mont() uses fixed windows and the special
- * precomputation memory layout to limit data-dependency to a minimum to
- * protect secret exponents (cf. the hyper-threading timing attacks pointed
- * out by Colin Percival,
- * http://www.daemong-consideredperthreading-considered-harmful/)
- */
-int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
-                              const BIGNUM *m, BN_CTX *ctx,
-                              BN_MONT_CTX *in_mont)
-{
-    int i, bits, ret = 0, window, wvalue;
-    int top;
-    BN_MONT_CTX *mont = NULL;
-
-    int numPowers;
-    unsigned char *powerbufFree = NULL;
-    int powerbufLen = 0;
-    unsigned char *powerbuf = NULL;
-    BIGNUM tmp, am;
-
-    bn_check_top(a);
-    bn_check_top(p);
-    bn_check_top(m);
-
-    if (!BN_is_odd(m)) {
-        BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME, BN_R_CALLED_WITH_EVEN_MODULUS);
-        return (0);
-    }
-
-    top = m->top;
-
-    bits = BN_num_bits(p);
-    if (bits == 0) {
-        ret = BN_one(rr);
-        return ret;
-    }
-
-    BN_CTX_start(ctx);
-
-    /*
-     * Allocate a montgomery context if it was not supplied by the caller. If
-     * this is not done, things will break in the montgomery part.
-     */
-    if (in_mont != NULL)
-        mont = in_mont;
-    else {
-        if ((mont = BN_MONT_CTX_new()) == NULL)
-            goto err;
-        if (!BN_MONT_CTX_set(mont, m, ctx))
-            goto err;
-    }
-
-    /* Get the window size to use with size of p. */
-    window = BN_window_bits_for_ctime_exponent_size(bits);
-#if defined(OPENSSL_BN_ASM_MONT5)
-    if (window == 6 && bits <= 1024)
-        window = 5;             /* ~5% improvement of 2048-bit RSA sign */
-#endif
-
-    /*
-     * Allocate a buffer large enough to hold all of the pre-computed powers
-     * of am, am itself and tmp.
-     */
-    numPowers = 1 << window;
-    powerbufLen = sizeof(m->d[0]) * (top * numPowers +
-                                     ((2 * top) >
-                                      numPowers ? (2 * top) : numPowers));
-#ifdef alloca
-    if (powerbufLen < 3072)
-        powerbufFree =
-            alloca(powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH);
-    else
-#endif
-        if ((powerbufFree =
-             (unsigned char *)OPENSSL_malloc(powerbufLen +
-                                             MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH))
-            == NULL)
-        goto err;
-
-    powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree);
-    memset(powerbuf, 0, powerbufLen);
-
-#ifdef alloca
-    if (powerbufLen < 3072)
-        powerbufFree = NULL;
-#endif
-
-    /* lay down tmp and am right after powers table */
-    tmp.d = (BN_ULONG *)(powerbuf + sizeof(m->d[0]) * top * numPowers);
-    am.d = tmp.d + top;
-    tmp.top = am.top = 0;
-    tmp.dmax = am.dmax = top;
-    tmp.neg = am.neg = 0;
-    tmp.flags = am.flags = BN_FLG_STATIC_DATA;
-
-    /* prepare a^0 in Montgomery domain */
-#if 1
-    if (!BN_to_montgomery(&tmp, BN_value_one(), mont, ctx))
-        goto err;
-#else
-    tmp.d[0] = (0 - m->d[0]) & BN_MASK2; /* 2^(top*BN_BITS2) - m */
-    for (i = 1; i < top; i++)
-        tmp.d[i] = (~m->d[i]) & BN_MASK2;
-    tmp.top = top;
-#endif
-
-    /* prepare a^1 in Montgomery domain */
-    if (a->neg || BN_ucmp(a, m) >= 0) {
-        if (!BN_mod(&am, a, m, ctx))
-            goto err;
-        if (!BN_to_montgomery(&am, &am, mont, ctx))
-            goto err;
-    } else if (!BN_to_montgomery(&am, a, mont, ctx))
-        goto err;
-
-#if defined(OPENSSL_BN_ASM_MONT5)
-    if (window == 5 && top > 1) {
-        /*
-         * This optimization uses ideas from http://eprint.iacr.org/2011/239,
-         * specifically optimization of cache-timing attack countermeasures
-         * and pre-computation optimization.
-         */
-
-        /*
-         * Dedicated window==4 case improves 512-bit RSA sign by ~15%, but as
-         * 512-bit RSA is hardly relevant, we omit it to spare size...
-         */
-        void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap,
-                                 const void *table, const BN_ULONG *np,
-                                 const BN_ULONG *n0, int num, int power);
-        void bn_scatter5(const BN_ULONG *inp, size_t num,
-                         void *table, size_t power);
-        void bn_gather5(BN_ULONG *out, size_t num, void *table, size_t power);
-
-        BN_ULONG *np = mont->N.d, *n0 = mont->n0;
-
-        /*
-         * BN_to_montgomery can contaminate words above .top [in
-         * BN_DEBUG[_DEBUG] build]...
-         */
-        for (i = am.top; i < top; i++)
-            am.d[i] = 0;
-        for (i = tmp.top; i < top; i++)
-            tmp.d[i] = 0;
-
-        bn_scatter5(tmp.d, top, powerbuf, 0);
-        bn_scatter5(am.d, am.top, powerbuf, 1);
-        bn_mul_mont(tmp.d, am.d, am.d, np, n0, top);
-        bn_scatter5(tmp.d, top, powerbuf, 2);
-
-# if 0
-        for (i = 3; i < 32; i++) {
-            /* Calculate a^i = a^(i-1) * a */
-            bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
-            bn_scatter5(tmp.d, top, powerbuf, i);
-        }
-# else
-        /* same as above, but uses squaring for 1/2 of operations */
-        for (i = 4; i < 32; i *= 2) {
-            bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
-            bn_scatter5(tmp.d, top, powerbuf, i);
-        }
-        for (i = 3; i < 8; i += 2) {
-            int j;
-            bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
-            bn_scatter5(tmp.d, top, powerbuf, i);
-            for (j = 2 * i; j < 32; j *= 2) {
-                bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
-                bn_scatter5(tmp.d, top, powerbuf, j);
-            }
-        }
-        for (; i < 16; i += 2) {
-            bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
-            bn_scatter5(tmp.d, top, powerbuf, i);
-            bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
-            bn_scatter5(tmp.d, top, powerbuf, 2 * i);
-        }
-        for (; i < 32; i += 2) {
-            bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
-            bn_scatter5(tmp.d, top, powerbuf, i);
-        }
-# endif
-        bits--;
-        for (wvalue = 0, i = bits % 5; i >= 0; i--, bits--)
-            wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
-        bn_gather5(tmp.d, top, powerbuf, wvalue);
-
-        /*
-         * Scan the exponent one window at a time starting from the most
-         * significant bits.
-         */
-        while (bits >= 0) {
-            for (wvalue = 0, i = 0; i < 5; i++, bits--)
-                wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
-
-            bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
-            bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
-            bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
-            bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
-            bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
-            bn_mul_mont_gather5(tmp.d, tmp.d, powerbuf, np, n0, top, wvalue);
-        }
-
-        tmp.top = top;
-        bn_correct_top(&tmp);
-    } else
-#endif
-    {
-        if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, numPowers))
-            goto err;
-        if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, numPowers))
-            goto err;
-
-        /*
-         * If the window size is greater than 1, then calculate
-         * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1) (even
-         * powers could instead be computed as (a^(i/2))^2 to use the slight
-         * performance advantage of sqr over mul).
-         */
-        if (window > 1) {
-            if (!BN_mod_mul_montgomery(&tmp, &am, &am, mont, ctx))
-                goto err;
-            if (!MOD_EXP_CTIME_COPY_TO_PREBUF
-                (&tmp, top, powerbuf, 2, numPowers))
-                goto err;
-            for (i = 3; i < numPowers; i++) {
-                /* Calculate a^i = a^(i-1) * a */
-                if (!BN_mod_mul_montgomery(&tmp, &am, &tmp, mont, ctx))
-                    goto err;
-                if (!MOD_EXP_CTIME_COPY_TO_PREBUF
-                    (&tmp, top, powerbuf, i, numPowers))
-                    goto err;
-            }
-        }
-
-        bits--;
-        for (wvalue = 0, i = bits % window; i >= 0; i--, bits--)
-            wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
-        if (!MOD_EXP_CTIME_COPY_FROM_PREBUF
-            (&tmp, top, powerbuf, wvalue, numPowers))
-            goto err;
-
-        /*
-         * Scan the exponent one window at a time starting from the most
-         * significant bits.
-         */
-        while (bits >= 0) {
-            wvalue = 0;         /* The 'value' of the window */
-
-            /* Scan the window, squaring the result as we go */
-            for (i = 0; i < window; i++, bits--) {
-                if (!BN_mod_mul_montgomery(&tmp, &tmp, &tmp, mont, ctx))
-                    goto err;
-                wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
-            }
-
-            /*
-             * Fetch the appropriate pre-computed value from the pre-buf
-             */
-            if (!MOD_EXP_CTIME_COPY_FROM_PREBUF
-                (&am, top, powerbuf, wvalue, numPowers))
-                goto err;
-
-            /* Multiply the result into the intermediate result */
-            if (!BN_mod_mul_montgomery(&tmp, &tmp, &am, mont, ctx))
-                goto err;
-        }
-    }
-
-    /* Convert the final result from montgomery to standard format */
-    if (!BN_from_montgomery(rr, &tmp, mont, ctx))
-        goto err;
-    ret = 1;
- err:
-    if ((in_mont == NULL) && (mont != NULL))
-        BN_MONT_CTX_free(mont);
-    if (powerbuf != NULL) {
-        OPENSSL_cleanse(powerbuf, powerbufLen);
-        if (powerbufFree)
-            OPENSSL_free(powerbufFree);
-    }
-    BN_CTX_end(ctx);
-    return (ret);
-}
-
-int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
-                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
-{
-    BN_MONT_CTX *mont = NULL;
-    int b, bits, ret = 0;
-    int r_is_one;
-    BN_ULONG w, next_w;
-    BIGNUM *d, *r, *t;
-    BIGNUM *swap_tmp;
-#define BN_MOD_MUL_WORD(r, w, m) \
-                (BN_mul_word(r, (w)) && \
-                (/* BN_ucmp(r, (m)) < 0 ? 1 :*/  \
-                        (BN_mod(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1))))
-    /*
-     * BN_MOD_MUL_WORD is only used with 'w' large, so the BN_ucmp test is
-     * probably more overhead than always using BN_mod (which uses BN_copy if
-     * a similar test returns true).
-     */
-    /*
-     * We can use BN_mod and do not need BN_nnmod because our accumulator is
-     * never negative (the result of BN_mod does not depend on the sign of
-     * the modulus).
-     */
-#define BN_TO_MONTGOMERY_WORD(r, w, mont) \
-                (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx))
-
-    if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
-        /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
-        BNerr(BN_F_BN_MOD_EXP_MONT_WORD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-        return -1;
-    }
-
-    bn_check_top(p);
-    bn_check_top(m);
-
-    if (!BN_is_odd(m)) {
-        BNerr(BN_F_BN_MOD_EXP_MONT_WORD, BN_R_CALLED_WITH_EVEN_MODULUS);
-        return (0);
-    }
-    if (m->top == 1)
-        a %= m->d[0];           /* make sure that 'a' is reduced */
-
-    bits = BN_num_bits(p);
-    if (bits == 0) {
-        /* x**0 mod 1 is still zero. */
-        if (BN_is_one(m)) {
-            ret = 1;
-            BN_zero(rr);
-        } else
-            ret = BN_one(rr);
-        return ret;
-    }
-    if (a == 0) {
-        BN_zero(rr);
-        ret = 1;
-        return ret;
-    }
-
-    BN_CTX_start(ctx);
-    d = BN_CTX_get(ctx);
-    r = BN_CTX_get(ctx);
-    t = BN_CTX_get(ctx);
-    if (d == NULL || r == NULL || t == NULL)
-        goto err;
-
-    if (in_mont != NULL)
-        mont = in_mont;
-    else {
-        if ((mont = BN_MONT_CTX_new()) == NULL)
-            goto err;
-        if (!BN_MONT_CTX_set(mont, m, ctx))
-            goto err;
-    }
-
-    r_is_one = 1;               /* except for Montgomery factor */
-
-    /* bits-1 >= 0 */
-
-    /* The result is accumulated in the product r*w. */
-    w = a;                      /* bit 'bits-1' of 'p' is always set */
-    for (b = bits - 2; b >= 0; b--) {
-        /* First, square r*w. */
-        next_w = w * w;
-        if ((next_w / w) != w) { /* overflow */
-            if (r_is_one) {
-                if (!BN_TO_MONTGOMERY_WORD(r, w, mont))
-                    goto err;
-                r_is_one = 0;
-            } else {
-                if (!BN_MOD_MUL_WORD(r, w, m))
-                    goto err;
-            }
-            next_w = 1;
-        }
-        w = next_w;
-        if (!r_is_one) {
-            if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
-                goto err;
-        }
-
-        /* Second, multiply r*w by 'a' if exponent bit is set. */
-        if (BN_is_bit_set(p, b)) {
-            next_w = w * a;
-            if ((next_w / a) != w) { /* overflow */
-                if (r_is_one) {
-                    if (!BN_TO_MONTGOMERY_WORD(r, w, mont))
-                        goto err;
-                    r_is_one = 0;
-                } else {
-                    if (!BN_MOD_MUL_WORD(r, w, m))
-                        goto err;
-                }
-                next_w = a;
-            }
-            w = next_w;
-        }
-    }
-
-    /* Finally, set r:=r*w. */
-    if (w != 1) {
-        if (r_is_one) {
-            if (!BN_TO_MONTGOMERY_WORD(r, w, mont))
-                goto err;
-            r_is_one = 0;
-        } else {
-            if (!BN_MOD_MUL_WORD(r, w, m))
-                goto err;
-        }
-    }
-
-    if (r_is_one) {             /* can happen only if a == 1 */
-        if (!BN_one(rr))
-            goto err;
-    } else {
-        if (!BN_from_montgomery(rr, r, mont, ctx))
-            goto err;
-    }
-    ret = 1;
- err:
-    if ((in_mont == NULL) && (mont != NULL))
-        BN_MONT_CTX_free(mont);
-    BN_CTX_end(ctx);
-    bn_check_top(rr);
-    return (ret);
-}
-
-/* The old fallback, simple version :-) */
-int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                      const BIGNUM *m, BN_CTX *ctx)
-{
-    int i, j, bits, ret = 0, wstart, wend, window, wvalue;
-    int start = 1;
-    BIGNUM *d;
-    /* Table of variables obtained from 'ctx' */
-    BIGNUM *val[TABLE_SIZE];
-
-    if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
-        /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
-        BNerr(BN_F_BN_MOD_EXP_SIMPLE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-        return -1;
-    }
-
-    bits = BN_num_bits(p);
-
-    if (bits == 0) {
-        ret = BN_one(r);
-        return ret;
-    }
-
-    BN_CTX_start(ctx);
-    d = BN_CTX_get(ctx);
-    val[0] = BN_CTX_get(ctx);
-    if (!d || !val[0])
-        goto err;
-
-    if (!BN_nnmod(val[0], a, m, ctx))
-        goto err;               /* 1 */
-    if (BN_is_zero(val[0])) {
-        BN_zero(r);
-        ret = 1;
-        goto err;
-    }
-
-    window = BN_window_bits_for_exponent_size(bits);
-    if (window > 1) {
-        if (!BN_mod_mul(d, val[0], val[0], m, ctx))
-            goto err;           /* 2 */
-        j = 1 << (window - 1);
-        for (i = 1; i < j; i++) {
-            if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
-                !BN_mod_mul(val[i], val[i - 1], d, m, ctx))
-                goto err;
-        }
-    }
-
-    start = 1;                  /* This is used to avoid multiplication etc
-                                 * when there is only the value '1' in the
-                                 * buffer. */
-    wvalue = 0;                 /* The 'value' of the window */
-    wstart = bits - 1;          /* The top bit of the window */
-    wend = 0;                   /* The bottom bit of the window */
-
-    if (!BN_one(r))
-        goto err;
-
-    for (;;) {
-        if (BN_is_bit_set(p, wstart) == 0) {
-            if (!start)
-                if (!BN_mod_mul(r, r, r, m, ctx))
-                    goto err;
-            if (wstart == 0)
-                break;
-            wstart--;
-            continue;
-        }
-        /*
-         * We now have wstart on a 'set' bit, we now need to work out how bit
-         * a window to do.  To do this we need to scan forward until the last
-         * set bit before the end of the window
-         */
-        j = wstart;
-        wvalue = 1;
-        wend = 0;
-        for (i = 1; i < window; i++) {
-            if (wstart - i < 0)
-                break;
-            if (BN_is_bit_set(p, wstart - i)) {
-                wvalue <<= (i - wend);
-                wvalue |= 1;
-                wend = i;
-            }
-        }
-
-        /* wend is the size of the current window */
-        j = wend + 1;
-        /* add the 'bytes above' */
-        if (!start)
-            for (i = 0; i < j; i++) {
-                if (!BN_mod_mul(r, r, r, m, ctx))
-                    goto err;
-            }
-
-        /* wvalue will be an odd number < 2^window */
-        if (!BN_mod_mul(r, r, val[wvalue >> 1], m, ctx))
-            goto err;
-
-        /* move the 'window' down further */
-        wstart -= wend + 1;
-        wvalue = 0;
-        start = 0;
-        if (wstart < 0)
-            break;
-    }
-    ret = 1;
- err:
-    BN_CTX_end(ctx);
-    bn_check_top(r);
-    return (ret);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/bn/bn_exp.c (from rev 11605, vendor-crypto/openssl/dist/crypto/bn/bn_exp.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/bn/bn_exp.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/bn/bn_exp.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,1183 @@
+/* crypto/bn/bn_exp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include "constant_time_locl.h"
+#include "bn_lcl.h"
+
+#include <stdlib.h>
+#ifdef _WIN32
+# include <malloc.h>
+# ifndef alloca
+#  define alloca _alloca
+# endif
+#elif defined(__GNUC__)
+# ifndef alloca
+#  define alloca(s) __builtin_alloca((s))
+# endif
+#endif
+
+/* maximum precomputation table size for *variable* sliding windows */
+#define TABLE_SIZE      32
+
+/* this one works - simple but works */
+int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+{
+    int i, bits, ret = 0;
+    BIGNUM *v, *rr;
+
+    if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
+        /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
+        BNerr(BN_F_BN_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return -1;
+    }
+
+    BN_CTX_start(ctx);
+    if ((r == a) || (r == p))
+        rr = BN_CTX_get(ctx);
+    else
+        rr = r;
+    v = BN_CTX_get(ctx);
+    if (rr == NULL || v == NULL)
+        goto err;
+
+    if (BN_copy(v, a) == NULL)
+        goto err;
+    bits = BN_num_bits(p);
+
+    if (BN_is_odd(p)) {
+        if (BN_copy(rr, a) == NULL)
+            goto err;
+    } else {
+        if (!BN_one(rr))
+            goto err;
+    }
+
+    for (i = 1; i < bits; i++) {
+        if (!BN_sqr(v, v, ctx))
+            goto err;
+        if (BN_is_bit_set(p, i)) {
+            if (!BN_mul(rr, rr, v, ctx))
+                goto err;
+        }
+    }
+    if (r != rr)
+        BN_copy(r, rr);
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    bn_check_top(r);
+    return (ret);
+}
+
+int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
+               BN_CTX *ctx)
+{
+    int ret;
+
+    bn_check_top(a);
+    bn_check_top(p);
+    bn_check_top(m);
+
+    /*-
+     * For even modulus  m = 2^k*m_odd,  it might make sense to compute
+     * a^p mod m_odd  and  a^p mod 2^k  separately (with Montgomery
+     * exponentiation for the odd part), using appropriate exponent
+     * reductions, and combine the results using the CRT.
+     *
+     * For now, we use Montgomery only if the modulus is odd; otherwise,
+     * exponentiation using the reciprocal-based quick remaindering
+     * algorithm is used.
+     *
+     * (Timing obtained with expspeed.c [computations  a^p mod m
+     * where  a, p, m  are of the same length: 256, 512, 1024, 2048,
+     * 4096, 8192 bits], compared to the running time of the
+     * standard algorithm:
+     *
+     *   BN_mod_exp_mont   33 .. 40 %  [AMD K6-2, Linux, debug configuration]
+     *                     55 .. 77 %  [UltraSparc processor, but
+     *                                  debug-solaris-sparcv8-gcc conf.]
+     *
+     *   BN_mod_exp_recp   50 .. 70 %  [AMD K6-2, Linux, debug configuration]
+     *                     62 .. 118 % [UltraSparc, debug-solaris-sparcv8-gcc]
+     *
+     * On the Sparc, BN_mod_exp_recp was faster than BN_mod_exp_mont
+     * at 2048 and more bits, but at 512 and 1024 bits, it was
+     * slower even than the standard algorithm!
+     *
+     * "Real" timings [linux-elf, solaris-sparcv9-gcc configurations]
+     * should be obtained when the new Montgomery reduction code
+     * has been integrated into OpenSSL.)
+     */
+
+#define MONT_MUL_MOD
+#define MONT_EXP_WORD
+#define RECP_MUL_MOD
+
+#ifdef MONT_MUL_MOD
+    /*
+     * I have finally been able to take out this pre-condition of the top bit
+     * being set.  It was caused by an error in BN_div with negatives.  There
+     * was also another problem when for a^b%m a >= m.  eay 07-May-97
+     */
+    /* if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */
+
+    if (BN_is_odd(m)) {
+# ifdef MONT_EXP_WORD
+        if (a->top == 1 && !a->neg
+            && (BN_get_flags(p, BN_FLG_CONSTTIME) == 0)) {
+            BN_ULONG A = a->d[0];
+            ret = BN_mod_exp_mont_word(r, A, p, m, ctx, NULL);
+        } else
+# endif
+            ret = BN_mod_exp_mont(r, a, p, m, ctx, NULL);
+    } else
+#endif
+#ifdef RECP_MUL_MOD
+    {
+        ret = BN_mod_exp_recp(r, a, p, m, ctx);
+    }
+#else
+    {
+        ret = BN_mod_exp_simple(r, a, p, m, ctx);
+    }
+#endif
+
+    bn_check_top(r);
+    return (ret);
+}
+
+int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                    const BIGNUM *m, BN_CTX *ctx)
+{
+    int i, j, bits, ret = 0, wstart, wend, window, wvalue;
+    int start = 1;
+    BIGNUM *aa;
+    /* Table of variables obtained from 'ctx' */
+    BIGNUM *val[TABLE_SIZE];
+    BN_RECP_CTX recp;
+
+    if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
+        /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
+        BNerr(BN_F_BN_MOD_EXP_RECP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return -1;
+    }
+
+    bits = BN_num_bits(p);
+    if (bits == 0) {
+        /* x**0 mod 1 is still zero. */
+        if (BN_is_one(m)) {
+            ret = 1;
+            BN_zero(r);
+        } else {
+            ret = BN_one(r);
+        }
+        return ret;
+    }
+
+    BN_CTX_start(ctx);
+    aa = BN_CTX_get(ctx);
+    val[0] = BN_CTX_get(ctx);
+    if (!aa || !val[0])
+        goto err;
+
+    BN_RECP_CTX_init(&recp);
+    if (m->neg) {
+        /* ignore sign of 'm' */
+        if (!BN_copy(aa, m))
+            goto err;
+        aa->neg = 0;
+        if (BN_RECP_CTX_set(&recp, aa, ctx) <= 0)
+            goto err;
+    } else {
+        if (BN_RECP_CTX_set(&recp, m, ctx) <= 0)
+            goto err;
+    }
+
+    if (!BN_nnmod(val[0], a, m, ctx))
+        goto err;               /* 1 */
+    if (BN_is_zero(val[0])) {
+        BN_zero(r);
+        ret = 1;
+        goto err;
+    }
+
+    window = BN_window_bits_for_exponent_size(bits);
+    if (window > 1) {
+        if (!BN_mod_mul_reciprocal(aa, val[0], val[0], &recp, ctx))
+            goto err;           /* 2 */
+        j = 1 << (window - 1);
+        for (i = 1; i < j; i++) {
+            if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
+                !BN_mod_mul_reciprocal(val[i], val[i - 1], aa, &recp, ctx))
+                goto err;
+        }
+    }
+
+    start = 1;                  /* This is used to avoid multiplication etc
+                                 * when there is only the value '1' in the
+                                 * buffer. */
+    wvalue = 0;                 /* The 'value' of the window */
+    wstart = bits - 1;          /* The top bit of the window */
+    wend = 0;                   /* The bottom bit of the window */
+
+    if (!BN_one(r))
+        goto err;
+
+    for (;;) {
+        if (BN_is_bit_set(p, wstart) == 0) {
+            if (!start)
+                if (!BN_mod_mul_reciprocal(r, r, r, &recp, ctx))
+                    goto err;
+            if (wstart == 0)
+                break;
+            wstart--;
+            continue;
+        }
+        /*
+         * We now have wstart on a 'set' bit, we now need to work out how bit
+         * a window to do.  To do this we need to scan forward until the last
+         * set bit before the end of the window
+         */
+        j = wstart;
+        wvalue = 1;
+        wend = 0;
+        for (i = 1; i < window; i++) {
+            if (wstart - i < 0)
+                break;
+            if (BN_is_bit_set(p, wstart - i)) {
+                wvalue <<= (i - wend);
+                wvalue |= 1;
+                wend = i;
+            }
+        }
+
+        /* wend is the size of the current window */
+        j = wend + 1;
+        /* add the 'bytes above' */
+        if (!start)
+            for (i = 0; i < j; i++) {
+                if (!BN_mod_mul_reciprocal(r, r, r, &recp, ctx))
+                    goto err;
+            }
+
+        /* wvalue will be an odd number < 2^window */
+        if (!BN_mod_mul_reciprocal(r, r, val[wvalue >> 1], &recp, ctx))
+            goto err;
+
+        /* move the 'window' down further */
+        wstart -= wend + 1;
+        wvalue = 0;
+        start = 0;
+        if (wstart < 0)
+            break;
+    }
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    BN_RECP_CTX_free(&recp);
+    bn_check_top(r);
+    return (ret);
+}
+
+int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+                    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+    int i, j, bits, ret = 0, wstart, wend, window, wvalue;
+    int start = 1;
+    BIGNUM *d, *r;
+    const BIGNUM *aa;
+    /* Table of variables obtained from 'ctx' */
+    BIGNUM *val[TABLE_SIZE];
+    BN_MONT_CTX *mont = NULL;
+
+    if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
+        return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
+    }
+
+    bn_check_top(a);
+    bn_check_top(p);
+    bn_check_top(m);
+
+    if (!BN_is_odd(m)) {
+        BNerr(BN_F_BN_MOD_EXP_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);
+        return (0);
+    }
+    bits = BN_num_bits(p);
+    if (bits == 0) {
+        /* x**0 mod 1 is still zero. */
+        if (BN_is_one(m)) {
+            ret = 1;
+            BN_zero(rr);
+        } else {
+            ret = BN_one(rr);
+        }
+        return ret;
+    }
+
+    BN_CTX_start(ctx);
+    d = BN_CTX_get(ctx);
+    r = BN_CTX_get(ctx);
+    val[0] = BN_CTX_get(ctx);
+    if (!d || !r || !val[0])
+        goto err;
+
+    /*
+     * If this is not done, things will break in the montgomery part
+     */
+
+    if (in_mont != NULL)
+        mont = in_mont;
+    else {
+        if ((mont = BN_MONT_CTX_new()) == NULL)
+            goto err;
+        if (!BN_MONT_CTX_set(mont, m, ctx))
+            goto err;
+    }
+
+    if (a->neg || BN_ucmp(a, m) >= 0) {
+        if (!BN_nnmod(val[0], a, m, ctx))
+            goto err;
+        aa = val[0];
+    } else
+        aa = a;
+    if (BN_is_zero(aa)) {
+        BN_zero(rr);
+        ret = 1;
+        goto err;
+    }
+    if (!BN_to_montgomery(val[0], aa, mont, ctx))
+        goto err;               /* 1 */
+
+    window = BN_window_bits_for_exponent_size(bits);
+    if (window > 1) {
+        if (!BN_mod_mul_montgomery(d, val[0], val[0], mont, ctx))
+            goto err;           /* 2 */
+        j = 1 << (window - 1);
+        for (i = 1; i < j; i++) {
+            if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
+                !BN_mod_mul_montgomery(val[i], val[i - 1], d, mont, ctx))
+                goto err;
+        }
+    }
+
+    start = 1;                  /* This is used to avoid multiplication etc
+                                 * when there is only the value '1' in the
+                                 * buffer. */
+    wvalue = 0;                 /* The 'value' of the window */
+    wstart = bits - 1;          /* The top bit of the window */
+    wend = 0;                   /* The bottom bit of the window */
+
+    if (!BN_to_montgomery(r, BN_value_one(), mont, ctx))
+        goto err;
+    for (;;) {
+        if (BN_is_bit_set(p, wstart) == 0) {
+            if (!start) {
+                if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
+                    goto err;
+            }
+            if (wstart == 0)
+                break;
+            wstart--;
+            continue;
+        }
+        /*
+         * We now have wstart on a 'set' bit, we now need to work out how bit
+         * a window to do.  To do this we need to scan forward until the last
+         * set bit before the end of the window
+         */
+        j = wstart;
+        wvalue = 1;
+        wend = 0;
+        for (i = 1; i < window; i++) {
+            if (wstart - i < 0)
+                break;
+            if (BN_is_bit_set(p, wstart - i)) {
+                wvalue <<= (i - wend);
+                wvalue |= 1;
+                wend = i;
+            }
+        }
+
+        /* wend is the size of the current window */
+        j = wend + 1;
+        /* add the 'bytes above' */
+        if (!start)
+            for (i = 0; i < j; i++) {
+                if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
+                    goto err;
+            }
+
+        /* wvalue will be an odd number < 2^window */
+        if (!BN_mod_mul_montgomery(r, r, val[wvalue >> 1], mont, ctx))
+            goto err;
+
+        /* move the 'window' down further */
+        wstart -= wend + 1;
+        wvalue = 0;
+        start = 0;
+        if (wstart < 0)
+            break;
+    }
+    if (!BN_from_montgomery(rr, r, mont, ctx))
+        goto err;
+    ret = 1;
+ err:
+    if ((in_mont == NULL) && (mont != NULL))
+        BN_MONT_CTX_free(mont);
+    BN_CTX_end(ctx);
+    bn_check_top(rr);
+    return (ret);
+}
+
+/*
+ * BN_mod_exp_mont_consttime() stores the precomputed powers in a specific
+ * layout so that accessing any of these table values shows the same access
+ * pattern as far as cache lines are concerned.  The following functions are
+ * used to transfer a BIGNUM from/to that table.
+ */
+
+static int MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top,
+                                        unsigned char *buf, int idx,
+                                        int window)
+{
+    int i, j;
+    int width = 1 << window;
+    BN_ULONG *table = (BN_ULONG *)buf;
+
+    if (top > b->top)
+        top = b->top;           /* this works because 'buf' is explicitly
+                                 * zeroed */
+    for (i = 0, j = idx; i < top; i++, j += width) {
+        table[j] = b->d[i];
+    }
+
+    return 1;
+}
+
+static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
+                                          unsigned char *buf, int idx,
+                                          int window)
+{
+    int i, j;
+    int width = 1 << window;
+    volatile BN_ULONG *table = (volatile BN_ULONG *)buf;
+
+    if (bn_wexpand(b, top) == NULL)
+        return 0;
+
+    if (window <= 3) {
+        for (i = 0; i < top; i++, table += width) {
+            BN_ULONG acc = 0;
+
+            for (j = 0; j < width; j++) {
+                acc |= table[j] &
+                       ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
+            }
+
+            b->d[i] = acc;
+        }
+    } else {
+        int xstride = 1 << (window - 2);
+        BN_ULONG y0, y1, y2, y3;
+
+        i = idx >> (window - 2);        /* equivalent of idx / xstride */
+        idx &= xstride - 1;             /* equivalent of idx % xstride */
+
+        y0 = (BN_ULONG)0 - (constant_time_eq_int(i,0)&1);
+        y1 = (BN_ULONG)0 - (constant_time_eq_int(i,1)&1);
+        y2 = (BN_ULONG)0 - (constant_time_eq_int(i,2)&1);
+        y3 = (BN_ULONG)0 - (constant_time_eq_int(i,3)&1);
+
+        for (i = 0; i < top; i++, table += width) {
+            BN_ULONG acc = 0;
+
+            for (j = 0; j < xstride; j++) {
+                acc |= ( (table[j + 0 * xstride] & y0) |
+                         (table[j + 1 * xstride] & y1) |
+                         (table[j + 2 * xstride] & y2) |
+                         (table[j + 3 * xstride] & y3) )
+                       & ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
+            }
+
+            b->d[i] = acc;
+        }
+    }
+
+    b->top = top;
+    bn_correct_top(b);
+    return 1;
+}
+
+/*
+ * Given a pointer value, compute the next address that is a cache line
+ * multiple.
+ */
+#define MOD_EXP_CTIME_ALIGN(x_) \
+        ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
+
+/*
+ * This variant of BN_mod_exp_mont() uses fixed windows and the special
+ * precomputation memory layout to limit data-dependency to a minimum to
+ * protect secret exponents (cf. the hyper-threading timing attacks pointed
+ * out by Colin Percival,
+ * http://www.daemonology.net/hyperthreading-considered-harmful/)
+ */
+int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+                              const BIGNUM *m, BN_CTX *ctx,
+                              BN_MONT_CTX *in_mont)
+{
+    int i, bits, ret = 0, window, wvalue;
+    int top;
+    BN_MONT_CTX *mont = NULL;
+
+    int numPowers;
+    unsigned char *powerbufFree = NULL;
+    int powerbufLen = 0;
+    unsigned char *powerbuf = NULL;
+    BIGNUM tmp, am;
+
+    bn_check_top(a);
+    bn_check_top(p);
+    bn_check_top(m);
+
+    if (!BN_is_odd(m)) {
+        BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME, BN_R_CALLED_WITH_EVEN_MODULUS);
+        return (0);
+    }
+
+    top = m->top;
+
+    bits = BN_num_bits(p);
+    if (bits == 0) {
+        /* x**0 mod 1 is still zero. */
+        if (BN_is_one(m)) {
+            ret = 1;
+            BN_zero(rr);
+        } else {
+            ret = BN_one(rr);
+        }
+        return ret;
+    }
+
+    BN_CTX_start(ctx);
+
+    /*
+     * Allocate a montgomery context if it was not supplied by the caller. If
+     * this is not done, things will break in the montgomery part.
+     */
+    if (in_mont != NULL)
+        mont = in_mont;
+    else {
+        if ((mont = BN_MONT_CTX_new()) == NULL)
+            goto err;
+        if (!BN_MONT_CTX_set(mont, m, ctx))
+            goto err;
+    }
+
+    /* Get the window size to use with size of p. */
+    window = BN_window_bits_for_ctime_exponent_size(bits);
+#if defined(OPENSSL_BN_ASM_MONT5)
+    if (window == 6 && bits <= 1024)
+        window = 5;             /* ~5% improvement of 2048-bit RSA sign */
+#endif
+
+    /*
+     * Allocate a buffer large enough to hold all of the pre-computed powers
+     * of am, am itself and tmp.
+     */
+    numPowers = 1 << window;
+    powerbufLen = sizeof(m->d[0]) * (top * numPowers +
+                                     ((2 * top) >
+                                      numPowers ? (2 * top) : numPowers));
+#ifdef alloca
+    if (powerbufLen < 3072)
+        powerbufFree =
+            alloca(powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH);
+    else
+#endif
+        if ((powerbufFree =
+             (unsigned char *)OPENSSL_malloc(powerbufLen +
+                                             MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH))
+            == NULL)
+        goto err;
+
+    powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree);
+    memset(powerbuf, 0, powerbufLen);
+
+#ifdef alloca
+    if (powerbufLen < 3072)
+        powerbufFree = NULL;
+#endif
+
+    /* lay down tmp and am right after powers table */
+    tmp.d = (BN_ULONG *)(powerbuf + sizeof(m->d[0]) * top * numPowers);
+    am.d = tmp.d + top;
+    tmp.top = am.top = 0;
+    tmp.dmax = am.dmax = top;
+    tmp.neg = am.neg = 0;
+    tmp.flags = am.flags = BN_FLG_STATIC_DATA;
+
+    /* prepare a^0 in Montgomery domain */
+#if 1
+    if (!BN_to_montgomery(&tmp, BN_value_one(), mont, ctx))
+        goto err;
+#else
+    tmp.d[0] = (0 - m->d[0]) & BN_MASK2; /* 2^(top*BN_BITS2) - m */
+    for (i = 1; i < top; i++)
+        tmp.d[i] = (~m->d[i]) & BN_MASK2;
+    tmp.top = top;
+#endif
+
+    /* prepare a^1 in Montgomery domain */
+    if (a->neg || BN_ucmp(a, m) >= 0) {
+        if (!BN_mod(&am, a, m, ctx))
+            goto err;
+        if (!BN_to_montgomery(&am, &am, mont, ctx))
+            goto err;
+    } else if (!BN_to_montgomery(&am, a, mont, ctx))
+        goto err;
+
+#if defined(OPENSSL_BN_ASM_MONT5)
+    if (window == 5 && top > 1) {
+        /*
+         * This optimization uses ideas from http://eprint.iacr.org/2011/239,
+         * specifically optimization of cache-timing attack countermeasures
+         * and pre-computation optimization.
+         */
+
+        /*
+         * Dedicated window==4 case improves 512-bit RSA sign by ~15%, but as
+         * 512-bit RSA is hardly relevant, we omit it to spare size...
+         */
+        void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap,
+                                 const void *table, const BN_ULONG *np,
+                                 const BN_ULONG *n0, int num, int power);
+        void bn_scatter5(const BN_ULONG *inp, size_t num,
+                         void *table, size_t power);
+        void bn_gather5(BN_ULONG *out, size_t num, void *table, size_t power);
+
+        BN_ULONG *np = mont->N.d, *n0 = mont->n0;
+
+        /*
+         * BN_to_montgomery can contaminate words above .top [in
+         * BN_DEBUG[_DEBUG] build]...
+         */
+        for (i = am.top; i < top; i++)
+            am.d[i] = 0;
+        for (i = tmp.top; i < top; i++)
+            tmp.d[i] = 0;
+
+        bn_scatter5(tmp.d, top, powerbuf, 0);
+        bn_scatter5(am.d, am.top, powerbuf, 1);
+        bn_mul_mont(tmp.d, am.d, am.d, np, n0, top);
+        bn_scatter5(tmp.d, top, powerbuf, 2);
+
+# if 0
+        for (i = 3; i < 32; i++) {
+            /* Calculate a^i = a^(i-1) * a */
+            bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
+            bn_scatter5(tmp.d, top, powerbuf, i);
+        }
+# else
+        /* same as above, but uses squaring for 1/2 of operations */
+        for (i = 4; i < 32; i *= 2) {
+            bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+            bn_scatter5(tmp.d, top, powerbuf, i);
+        }
+        for (i = 3; i < 8; i += 2) {
+            int j;
+            bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
+            bn_scatter5(tmp.d, top, powerbuf, i);
+            for (j = 2 * i; j < 32; j *= 2) {
+                bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+                bn_scatter5(tmp.d, top, powerbuf, j);
+            }
+        }
+        for (; i < 16; i += 2) {
+            bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
+            bn_scatter5(tmp.d, top, powerbuf, i);
+            bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+            bn_scatter5(tmp.d, top, powerbuf, 2 * i);
+        }
+        for (; i < 32; i += 2) {
+            bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
+            bn_scatter5(tmp.d, top, powerbuf, i);
+        }
+# endif
+        bits--;
+        for (wvalue = 0, i = bits % 5; i >= 0; i--, bits--)
+            wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
+        bn_gather5(tmp.d, top, powerbuf, wvalue);
+
+        /*
+         * Scan the exponent one window at a time starting from the most
+         * significant bits.
+         */
+        while (bits >= 0) {
+            for (wvalue = 0, i = 0; i < 5; i++, bits--)
+                wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
+
+            bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+            bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+            bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+            bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+            bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+            bn_mul_mont_gather5(tmp.d, tmp.d, powerbuf, np, n0, top, wvalue);
+        }
+
+        tmp.top = top;
+        bn_correct_top(&tmp);
+    } else
+#endif
+    {
+        if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, window))
+            goto err;
+        if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, window))
+            goto err;
+
+        /*
+         * If the window size is greater than 1, then calculate
+         * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1) (even
+         * powers could instead be computed as (a^(i/2))^2 to use the slight
+         * performance advantage of sqr over mul).
+         */
+        if (window > 1) {
+            if (!BN_mod_mul_montgomery(&tmp, &am, &am, mont, ctx))
+                goto err;
+            if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 2,
+                                              window))
+                goto err;
+            for (i = 3; i < numPowers; i++) {
+                /* Calculate a^i = a^(i-1) * a */
+                if (!BN_mod_mul_montgomery(&tmp, &am, &tmp, mont, ctx))
+                    goto err;
+                if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, i,
+                                                  window))
+                    goto err;
+            }
+        }
+
+        bits--;
+        for (wvalue = 0, i = bits % window; i >= 0; i--, bits--)
+            wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
+        if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&tmp, top, powerbuf, wvalue,
+                                            window))
+            goto err;
+
+        /*
+         * Scan the exponent one window at a time starting from the most
+         * significant bits.
+         */
+        while (bits >= 0) {
+            wvalue = 0;         /* The 'value' of the window */
+
+            /* Scan the window, squaring the result as we go */
+            for (i = 0; i < window; i++, bits--) {
+                if (!BN_mod_mul_montgomery(&tmp, &tmp, &tmp, mont, ctx))
+                    goto err;
+                wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
+            }
+
+            /*
+             * Fetch the appropriate pre-computed value from the pre-buf
+             */
+            if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&am, top, powerbuf, wvalue,
+                                                window))
+                goto err;
+
+            /* Multiply the result into the intermediate result */
+            if (!BN_mod_mul_montgomery(&tmp, &tmp, &am, mont, ctx))
+                goto err;
+        }
+    }
+
+    /* Convert the final result from montgomery to standard format */
+    if (!BN_from_montgomery(rr, &tmp, mont, ctx))
+        goto err;
+    ret = 1;
+ err:
+    if ((in_mont == NULL) && (mont != NULL))
+        BN_MONT_CTX_free(mont);
+    if (powerbuf != NULL) {
+        OPENSSL_cleanse(powerbuf, powerbufLen);
+        if (powerbufFree)
+            OPENSSL_free(powerbufFree);
+    }
+    BN_CTX_end(ctx);
+    return (ret);
+}
+
+int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
+                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+    BN_MONT_CTX *mont = NULL;
+    int b, bits, ret = 0;
+    int r_is_one;
+    BN_ULONG w, next_w;
+    BIGNUM *d, *r, *t;
+    BIGNUM *swap_tmp;
+#define BN_MOD_MUL_WORD(r, w, m) \
+                (BN_mul_word(r, (w)) && \
+                (/* BN_ucmp(r, (m)) < 0 ? 1 :*/  \
+                        (BN_mod(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1))))
+    /*
+     * BN_MOD_MUL_WORD is only used with 'w' large, so the BN_ucmp test is
+     * probably more overhead than always using BN_mod (which uses BN_copy if
+     * a similar test returns true).
+     */
+    /*
+     * We can use BN_mod and do not need BN_nnmod because our accumulator is
+     * never negative (the result of BN_mod does not depend on the sign of
+     * the modulus).
+     */
+#define BN_TO_MONTGOMERY_WORD(r, w, mont) \
+                (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx))
+
+    if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
+        /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
+        BNerr(BN_F_BN_MOD_EXP_MONT_WORD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return -1;
+    }
+
+    bn_check_top(p);
+    bn_check_top(m);
+
+    if (!BN_is_odd(m)) {
+        BNerr(BN_F_BN_MOD_EXP_MONT_WORD, BN_R_CALLED_WITH_EVEN_MODULUS);
+        return (0);
+    }
+    if (m->top == 1)
+        a %= m->d[0];           /* make sure that 'a' is reduced */
+
+    bits = BN_num_bits(p);
+    if (bits == 0) {
+        /* x**0 mod 1 is still zero. */
+        if (BN_is_one(m)) {
+            ret = 1;
+            BN_zero(rr);
+        } else {
+            ret = BN_one(rr);
+        }
+        return ret;
+    }
+    if (a == 0) {
+        BN_zero(rr);
+        ret = 1;
+        return ret;
+    }
+
+    BN_CTX_start(ctx);
+    d = BN_CTX_get(ctx);
+    r = BN_CTX_get(ctx);
+    t = BN_CTX_get(ctx);
+    if (d == NULL || r == NULL || t == NULL)
+        goto err;
+
+    if (in_mont != NULL)
+        mont = in_mont;
+    else {
+        if ((mont = BN_MONT_CTX_new()) == NULL)
+            goto err;
+        if (!BN_MONT_CTX_set(mont, m, ctx))
+            goto err;
+    }
+
+    r_is_one = 1;               /* except for Montgomery factor */
+
+    /* bits-1 >= 0 */
+
+    /* The result is accumulated in the product r*w. */
+    w = a;                      /* bit 'bits-1' of 'p' is always set */
+    for (b = bits - 2; b >= 0; b--) {
+        /* First, square r*w. */
+        next_w = w * w;
+        if ((next_w / w) != w) { /* overflow */
+            if (r_is_one) {
+                if (!BN_TO_MONTGOMERY_WORD(r, w, mont))
+                    goto err;
+                r_is_one = 0;
+            } else {
+                if (!BN_MOD_MUL_WORD(r, w, m))
+                    goto err;
+            }
+            next_w = 1;
+        }
+        w = next_w;
+        if (!r_is_one) {
+            if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
+                goto err;
+        }
+
+        /* Second, multiply r*w by 'a' if exponent bit is set. */
+        if (BN_is_bit_set(p, b)) {
+            next_w = w * a;
+            if ((next_w / a) != w) { /* overflow */
+                if (r_is_one) {
+                    if (!BN_TO_MONTGOMERY_WORD(r, w, mont))
+                        goto err;
+                    r_is_one = 0;
+                } else {
+                    if (!BN_MOD_MUL_WORD(r, w, m))
+                        goto err;
+                }
+                next_w = a;
+            }
+            w = next_w;
+        }
+    }
+
+    /* Finally, set r:=r*w. */
+    if (w != 1) {
+        if (r_is_one) {
+            if (!BN_TO_MONTGOMERY_WORD(r, w, mont))
+                goto err;
+            r_is_one = 0;
+        } else {
+            if (!BN_MOD_MUL_WORD(r, w, m))
+                goto err;
+        }
+    }
+
+    if (r_is_one) {             /* can happen only if a == 1 */
+        if (!BN_one(rr))
+            goto err;
+    } else {
+        if (!BN_from_montgomery(rr, r, mont, ctx))
+            goto err;
+    }
+    ret = 1;
+ err:
+    if ((in_mont == NULL) && (mont != NULL))
+        BN_MONT_CTX_free(mont);
+    BN_CTX_end(ctx);
+    bn_check_top(rr);
+    return (ret);
+}
+
+/* The old fallback, simple version :-) */
+int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                      const BIGNUM *m, BN_CTX *ctx)
+{
+    int i, j, bits, ret = 0, wstart, wend, window, wvalue;
+    int start = 1;
+    BIGNUM *d;
+    /* Table of variables obtained from 'ctx' */
+    BIGNUM *val[TABLE_SIZE];
+
+    if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
+        /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
+        BNerr(BN_F_BN_MOD_EXP_SIMPLE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return -1;
+    }
+
+    bits = BN_num_bits(p);
+   if (bits == 0) {
+        /* x**0 mod 1 is still zero. */
+        if (BN_is_one(m)) {
+            ret = 1;
+            BN_zero(r);
+        } else {
+            ret = BN_one(r);
+        }
+        return ret;
+    }
+
+    BN_CTX_start(ctx);
+    d = BN_CTX_get(ctx);
+    val[0] = BN_CTX_get(ctx);
+    if (!d || !val[0])
+        goto err;
+
+    if (!BN_nnmod(val[0], a, m, ctx))
+        goto err;               /* 1 */
+    if (BN_is_zero(val[0])) {
+        BN_zero(r);
+        ret = 1;
+        goto err;
+    }
+
+    window = BN_window_bits_for_exponent_size(bits);
+    if (window > 1) {
+        if (!BN_mod_mul(d, val[0], val[0], m, ctx))
+            goto err;           /* 2 */
+        j = 1 << (window - 1);
+        for (i = 1; i < j; i++) {
+            if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
+                !BN_mod_mul(val[i], val[i - 1], d, m, ctx))
+                goto err;
+        }
+    }
+
+    start = 1;                  /* This is used to avoid multiplication etc
+                                 * when there is only the value '1' in the
+                                 * buffer. */
+    wvalue = 0;                 /* The 'value' of the window */
+    wstart = bits - 1;          /* The top bit of the window */
+    wend = 0;                   /* The bottom bit of the window */
+
+    if (!BN_one(r))
+        goto err;
+
+    for (;;) {
+        if (BN_is_bit_set(p, wstart) == 0) {
+            if (!start)
+                if (!BN_mod_mul(r, r, r, m, ctx))
+                    goto err;
+            if (wstart == 0)
+                break;
+            wstart--;
+            continue;
+        }
+        /*
+         * We now have wstart on a 'set' bit, we now need to work out how bit
+         * a window to do.  To do this we need to scan forward until the last
+         * set bit before the end of the window
+         */
+        j = wstart;
+        wvalue = 1;
+        wend = 0;
+        for (i = 1; i < window; i++) {
+            if (wstart - i < 0)
+                break;
+            if (BN_is_bit_set(p, wstart - i)) {
+                wvalue <<= (i - wend);
+                wvalue |= 1;
+                wend = i;
+            }
+        }
+
+        /* wend is the size of the current window */
+        j = wend + 1;
+        /* add the 'bytes above' */
+        if (!start)
+            for (i = 0; i < j; i++) {
+                if (!BN_mod_mul(r, r, r, m, ctx))
+                    goto err;
+            }
+
+        /* wvalue will be an odd number < 2^window */
+        if (!BN_mod_mul(r, r, val[wvalue >> 1], m, ctx))
+            goto err;
+
+        /* move the 'window' down further */
+        wstart -= wend + 1;
+        wvalue = 0;
+        start = 0;
+        if (wstart < 0)
+            break;
+    }
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    bn_check_top(r);
+    return (ret);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/bn/bn_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_lib.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/bn/bn_lib.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,916 +0,0 @@
-/* crypto/bn/bn_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef BN_DEBUG
-# undef NDEBUG                  /* avoid conflicting definitions */
-# define NDEBUG
-#endif
-
-#include <assert.h>
-#include <limits.h>
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-const char BN_version[] = "Big Number" OPENSSL_VERSION_PTEXT;
-
-/* This stuff appears to be completely unused, so is deprecated */
-#ifndef OPENSSL_NO_DEPRECATED
-/*-
- * For a 32 bit machine
- * 2 -   4 ==  128
- * 3 -   8 ==  256
- * 4 -  16 ==  512
- * 5 -  32 == 1024
- * 6 -  64 == 2048
- * 7 - 128 == 4096
- * 8 - 256 == 8192
- */
-static int bn_limit_bits = 0;
-static int bn_limit_num = 8;    /* (1<<bn_limit_bits) */
-static int bn_limit_bits_low = 0;
-static int bn_limit_num_low = 8; /* (1<<bn_limit_bits_low) */
-static int bn_limit_bits_high = 0;
-static int bn_limit_num_high = 8; /* (1<<bn_limit_bits_high) */
-static int bn_limit_bits_mont = 0;
-static int bn_limit_num_mont = 8; /* (1<<bn_limit_bits_mont) */
-
-void BN_set_params(int mult, int high, int low, int mont)
-{
-    if (mult >= 0) {
-        if (mult > (int)(sizeof(int) * 8) - 1)
-            mult = sizeof(int) * 8 - 1;
-        bn_limit_bits = mult;
-        bn_limit_num = 1 << mult;
-    }
-    if (high >= 0) {
-        if (high > (int)(sizeof(int) * 8) - 1)
-            high = sizeof(int) * 8 - 1;
-        bn_limit_bits_high = high;
-        bn_limit_num_high = 1 << high;
-    }
-    if (low >= 0) {
-        if (low > (int)(sizeof(int) * 8) - 1)
-            low = sizeof(int) * 8 - 1;
-        bn_limit_bits_low = low;
-        bn_limit_num_low = 1 << low;
-    }
-    if (mont >= 0) {
-        if (mont > (int)(sizeof(int) * 8) - 1)
-            mont = sizeof(int) * 8 - 1;
-        bn_limit_bits_mont = mont;
-        bn_limit_num_mont = 1 << mont;
-    }
-}
-
-int BN_get_params(int which)
-{
-    if (which == 0)
-        return (bn_limit_bits);
-    else if (which == 1)
-        return (bn_limit_bits_high);
-    else if (which == 2)
-        return (bn_limit_bits_low);
-    else if (which == 3)
-        return (bn_limit_bits_mont);
-    else
-        return (0);
-}
-#endif
-
-const BIGNUM *BN_value_one(void)
-{
-    static const BN_ULONG data_one = 1L;
-    static const BIGNUM const_one =
-        { (BN_ULONG *)&data_one, 1, 1, 0, BN_FLG_STATIC_DATA };
-
-    return (&const_one);
-}
-
-int BN_num_bits_word(BN_ULONG l)
-{
-    static const unsigned char bits[256] = {
-        0, 1, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 4, 4, 4, 4,
-        5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5,
-        6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6,
-        6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6,
-        7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
-        7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
-        7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
-        7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
-        8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
-        8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
-        8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
-        8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
-        8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
-        8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
-        8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
-        8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
-    };
-
-#if defined(SIXTY_FOUR_BIT_LONG)
-    if (l & 0xffffffff00000000L) {
-        if (l & 0xffff000000000000L) {
-            if (l & 0xff00000000000000L) {
-                return (bits[(int)(l >> 56)] + 56);
-            } else
-                return (bits[(int)(l >> 48)] + 48);
-        } else {
-            if (l & 0x0000ff0000000000L) {
-                return (bits[(int)(l >> 40)] + 40);
-            } else
-                return (bits[(int)(l >> 32)] + 32);
-        }
-    } else
-#else
-# ifdef SIXTY_FOUR_BIT
-    if (l & 0xffffffff00000000LL) {
-        if (l & 0xffff000000000000LL) {
-            if (l & 0xff00000000000000LL) {
-                return (bits[(int)(l >> 56)] + 56);
-            } else
-                return (bits[(int)(l >> 48)] + 48);
-        } else {
-            if (l & 0x0000ff0000000000LL) {
-                return (bits[(int)(l >> 40)] + 40);
-            } else
-                return (bits[(int)(l >> 32)] + 32);
-        }
-    } else
-# endif
-#endif
-    {
-#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
-        if (l & 0xffff0000L) {
-            if (l & 0xff000000L)
-                return (bits[(int)(l >> 24L)] + 24);
-            else
-                return (bits[(int)(l >> 16L)] + 16);
-        } else
-#endif
-        {
-#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
-            if (l & 0xff00L)
-                return (bits[(int)(l >> 8)] + 8);
-            else
-#endif
-                return (bits[(int)(l)]);
-        }
-    }
-}
-
-int BN_num_bits(const BIGNUM *a)
-{
-    int i = a->top - 1;
-    bn_check_top(a);
-
-    if (BN_is_zero(a))
-        return 0;
-    return ((i * BN_BITS2) + BN_num_bits_word(a->d[i]));
-}
-
-void BN_clear_free(BIGNUM *a)
-{
-    int i;
-
-    if (a == NULL)
-        return;
-    bn_check_top(a);
-    if (a->d != NULL) {
-        OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
-        if (!(BN_get_flags(a, BN_FLG_STATIC_DATA)))
-            OPENSSL_free(a->d);
-    }
-    i = BN_get_flags(a, BN_FLG_MALLOCED);
-    OPENSSL_cleanse(a, sizeof(BIGNUM));
-    if (i)
-        OPENSSL_free(a);
-}
-
-void BN_free(BIGNUM *a)
-{
-    if (a == NULL)
-        return;
-    bn_check_top(a);
-    if ((a->d != NULL) && !(BN_get_flags(a, BN_FLG_STATIC_DATA)))
-        OPENSSL_free(a->d);
-    if (a->flags & BN_FLG_MALLOCED)
-        OPENSSL_free(a);
-    else {
-#ifndef OPENSSL_NO_DEPRECATED
-        a->flags |= BN_FLG_FREE;
-#endif
-        a->d = NULL;
-    }
-}
-
-void BN_init(BIGNUM *a)
-{
-    memset(a, 0, sizeof(BIGNUM));
-    bn_check_top(a);
-}
-
-BIGNUM *BN_new(void)
-{
-    BIGNUM *ret;
-
-    if ((ret = (BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL) {
-        BNerr(BN_F_BN_NEW, ERR_R_MALLOC_FAILURE);
-        return (NULL);
-    }
-    ret->flags = BN_FLG_MALLOCED;
-    ret->top = 0;
-    ret->neg = 0;
-    ret->dmax = 0;
-    ret->d = NULL;
-    bn_check_top(ret);
-    return (ret);
-}
-
-/* This is used both by bn_expand2() and bn_dup_expand() */
-/* The caller MUST check that words > b->dmax before calling this */
-static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
-{
-    BN_ULONG *A, *a = NULL;
-    const BN_ULONG *B;
-    int i;
-
-    bn_check_top(b);
-
-    if (words > (INT_MAX / (4 * BN_BITS2))) {
-        BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_BIGNUM_TOO_LONG);
-        return NULL;
-    }
-    if (BN_get_flags(b, BN_FLG_STATIC_DATA)) {
-        BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
-        return (NULL);
-    }
-    a = A = (BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG) * words);
-    if (A == NULL) {
-        BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE);
-        return (NULL);
-    }
-#ifdef PURIFY
-    /*
-     * Valgrind complains in BN_consttime_swap because we process the whole
-     * array even if it's not initialised yet. This doesn't matter in that
-     * function - what's important is constant time operation (we're not
-     * actually going to use the data)
-     */
-    memset(a, 0, sizeof(BN_ULONG) * words);
-#endif
-
-#if 1
-    B = b->d;
-    /* Check if the previous number needs to be copied */
-    if (B != NULL) {
-        for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) {
-            /*
-             * The fact that the loop is unrolled
-             * 4-wise is a tribute to Intel. It's
-             * the one that doesn't have enough
-             * registers to accomodate more data.
-             * I'd unroll it 8-wise otherwise:-)
-             *
-             *              <appro at fy.chalmers.se>
-             */
-            BN_ULONG a0, a1, a2, a3;
-            a0 = B[0];
-            a1 = B[1];
-            a2 = B[2];
-            a3 = B[3];
-            A[0] = a0;
-            A[1] = a1;
-            A[2] = a2;
-            A[3] = a3;
-        }
-        /*
-         * workaround for ultrix cc: without 'case 0', the optimizer does
-         * the switch table by doing a=top&3; a--; goto jump_table[a];
-         * which fails for top== 0
-         */
-        switch (b->top & 3) {
-        case 3:
-            A[2] = B[2];
-        case 2:
-            A[1] = B[1];
-        case 1:
-            A[0] = B[0];
-        case 0:
-            ;
-        }
-    }
-#else
-    memset(A, 0, sizeof(BN_ULONG) * words);
-    memcpy(A, b->d, sizeof(b->d[0]) * b->top);
-#endif
-
-    return (a);
-}
-
-/*
- * This is an internal function that can be used instead of bn_expand2() when
- * there is a need to copy BIGNUMs instead of only expanding the data part,
- * while still expanding them. Especially useful when needing to expand
- * BIGNUMs that are declared 'const' and should therefore not be changed. The
- * reason to use this instead of a BN_dup() followed by a bn_expand2() is
- * memory allocation overhead.  A BN_dup() followed by a bn_expand2() will
- * allocate new memory for the BIGNUM data twice, and free it once, while
- * bn_dup_expand() makes sure allocation is made only once.
- */
-
-#ifndef OPENSSL_NO_DEPRECATED
-BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
-{
-    BIGNUM *r = NULL;
-
-    bn_check_top(b);
-
-    /*
-     * This function does not work if words <= b->dmax && top < words because
-     * BN_dup() does not preserve 'dmax'! (But bn_dup_expand() is not used
-     * anywhere yet.)
-     */
-
-    if (words > b->dmax) {
-        BN_ULONG *a = bn_expand_internal(b, words);
-
-        if (a) {
-            r = BN_new();
-            if (r) {
-                r->top = b->top;
-                r->dmax = words;
-                r->neg = b->neg;
-                r->d = a;
-            } else {
-                /* r == NULL, BN_new failure */
-                OPENSSL_free(a);
-            }
-        }
-        /*
-         * If a == NULL, there was an error in allocation in
-         * bn_expand_internal(), and NULL should be returned
-         */
-    } else {
-        r = BN_dup(b);
-    }
-
-    bn_check_top(r);
-    return r;
-}
-#endif
-
-/*
- * This is an internal function that should not be used in applications. It
- * ensures that 'b' has enough room for a 'words' word number and initialises
- * any unused part of b->d with leading zeros. It is mostly used by the
- * various BIGNUM routines. If there is an error, NULL is returned. If not,
- * 'b' is returned.
- */
-
-BIGNUM *bn_expand2(BIGNUM *b, int words)
-{
-    bn_check_top(b);
-
-    if (words > b->dmax) {
-        BN_ULONG *a = bn_expand_internal(b, words);
-        if (!a)
-            return NULL;
-        if (b->d)
-            OPENSSL_free(b->d);
-        b->d = a;
-        b->dmax = words;
-    }
-
-/* None of this should be necessary because of what b->top means! */
-#if 0
-    /*
-     * NB: bn_wexpand() calls this only if the BIGNUM really has to grow
-     */
-    if (b->top < b->dmax) {
-        int i;
-        BN_ULONG *A = &(b->d[b->top]);
-        for (i = (b->dmax - b->top) >> 3; i > 0; i--, A += 8) {
-            A[0] = 0;
-            A[1] = 0;
-            A[2] = 0;
-            A[3] = 0;
-            A[4] = 0;
-            A[5] = 0;
-            A[6] = 0;
-            A[7] = 0;
-        }
-        for (i = (b->dmax - b->top) & 7; i > 0; i--, A++)
-            A[0] = 0;
-        assert(A == &(b->d[b->dmax]));
-    }
-#endif
-    bn_check_top(b);
-    return b;
-}
-
-BIGNUM *BN_dup(const BIGNUM *a)
-{
-    BIGNUM *t;
-
-    if (a == NULL)
-        return NULL;
-    bn_check_top(a);
-
-    t = BN_new();
-    if (t == NULL)
-        return NULL;
-    if (!BN_copy(t, a)) {
-        BN_free(t);
-        return NULL;
-    }
-    bn_check_top(t);
-    return t;
-}
-
-BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
-{
-    int i;
-    BN_ULONG *A;
-    const BN_ULONG *B;
-
-    bn_check_top(b);
-
-    if (a == b)
-        return (a);
-    if (bn_wexpand(a, b->top) == NULL)
-        return (NULL);
-
-#if 1
-    A = a->d;
-    B = b->d;
-    for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) {
-        BN_ULONG a0, a1, a2, a3;
-        a0 = B[0];
-        a1 = B[1];
-        a2 = B[2];
-        a3 = B[3];
-        A[0] = a0;
-        A[1] = a1;
-        A[2] = a2;
-        A[3] = a3;
-    }
-    /* ultrix cc workaround, see comments in bn_expand_internal */
-    switch (b->top & 3) {
-    case 3:
-        A[2] = B[2];
-    case 2:
-        A[1] = B[1];
-    case 1:
-        A[0] = B[0];
-    case 0:;
-    }
-#else
-    memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
-#endif
-
-    a->top = b->top;
-    a->neg = b->neg;
-    bn_check_top(a);
-    return (a);
-}
-
-void BN_swap(BIGNUM *a, BIGNUM *b)
-{
-    int flags_old_a, flags_old_b;
-    BN_ULONG *tmp_d;
-    int tmp_top, tmp_dmax, tmp_neg;
-
-    bn_check_top(a);
-    bn_check_top(b);
-
-    flags_old_a = a->flags;
-    flags_old_b = b->flags;
-
-    tmp_d = a->d;
-    tmp_top = a->top;
-    tmp_dmax = a->dmax;
-    tmp_neg = a->neg;
-
-    a->d = b->d;
-    a->top = b->top;
-    a->dmax = b->dmax;
-    a->neg = b->neg;
-
-    b->d = tmp_d;
-    b->top = tmp_top;
-    b->dmax = tmp_dmax;
-    b->neg = tmp_neg;
-
-    a->flags =
-        (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA);
-    b->flags =
-        (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA);
-    bn_check_top(a);
-    bn_check_top(b);
-}
-
-void BN_clear(BIGNUM *a)
-{
-    bn_check_top(a);
-    if (a->d != NULL)
-        memset(a->d, 0, a->dmax * sizeof(a->d[0]));
-    a->top = 0;
-    a->neg = 0;
-}
-
-BN_ULONG BN_get_word(const BIGNUM *a)
-{
-    if (a->top > 1)
-        return BN_MASK2;
-    else if (a->top == 1)
-        return a->d[0];
-    /* a->top == 0 */
-    return 0;
-}
-
-int BN_set_word(BIGNUM *a, BN_ULONG w)
-{
-    bn_check_top(a);
-    if (bn_expand(a, (int)sizeof(BN_ULONG) * 8) == NULL)
-        return (0);
-    a->neg = 0;
-    a->d[0] = w;
-    a->top = (w ? 1 : 0);
-    bn_check_top(a);
-    return (1);
-}
-
-BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
-{
-    unsigned int i, m;
-    unsigned int n;
-    BN_ULONG l;
-    BIGNUM *bn = NULL;
-
-    if (ret == NULL)
-        ret = bn = BN_new();
-    if (ret == NULL)
-        return (NULL);
-    bn_check_top(ret);
-    l = 0;
-    n = len;
-    if (n == 0) {
-        ret->top = 0;
-        return (ret);
-    }
-    i = ((n - 1) / BN_BYTES) + 1;
-    m = ((n - 1) % (BN_BYTES));
-    if (bn_wexpand(ret, (int)i) == NULL) {
-        if (bn)
-            BN_free(bn);
-        return NULL;
-    }
-    ret->top = i;
-    ret->neg = 0;
-    while (n--) {
-        l = (l << 8L) | *(s++);
-        if (m-- == 0) {
-            ret->d[--i] = l;
-            l = 0;
-            m = BN_BYTES - 1;
-        }
-    }
-    /*
-     * need to call this due to clear byte at top if avoiding having the top
-     * bit set (-ve number)
-     */
-    bn_correct_top(ret);
-    return (ret);
-}
-
-/* ignore negative */
-int BN_bn2bin(const BIGNUM *a, unsigned char *to)
-{
-    int n, i;
-    BN_ULONG l;
-
-    bn_check_top(a);
-    n = i = BN_num_bytes(a);
-    while (i--) {
-        l = a->d[i / BN_BYTES];
-        *(to++) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff;
-    }
-    return (n);
-}
-
-int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
-{
-    int i;
-    BN_ULONG t1, t2, *ap, *bp;
-
-    bn_check_top(a);
-    bn_check_top(b);
-
-    i = a->top - b->top;
-    if (i != 0)
-        return (i);
-    ap = a->d;
-    bp = b->d;
-    for (i = a->top - 1; i >= 0; i--) {
-        t1 = ap[i];
-        t2 = bp[i];
-        if (t1 != t2)
-            return ((t1 > t2) ? 1 : -1);
-    }
-    return (0);
-}
-
-int BN_cmp(const BIGNUM *a, const BIGNUM *b)
-{
-    int i;
-    int gt, lt;
-    BN_ULONG t1, t2;
-
-    if ((a == NULL) || (b == NULL)) {
-        if (a != NULL)
-            return (-1);
-        else if (b != NULL)
-            return (1);
-        else
-            return (0);
-    }
-
-    bn_check_top(a);
-    bn_check_top(b);
-
-    if (a->neg != b->neg) {
-        if (a->neg)
-            return (-1);
-        else
-            return (1);
-    }
-    if (a->neg == 0) {
-        gt = 1;
-        lt = -1;
-    } else {
-        gt = -1;
-        lt = 1;
-    }
-
-    if (a->top > b->top)
-        return (gt);
-    if (a->top < b->top)
-        return (lt);
-    for (i = a->top - 1; i >= 0; i--) {
-        t1 = a->d[i];
-        t2 = b->d[i];
-        if (t1 > t2)
-            return (gt);
-        if (t1 < t2)
-            return (lt);
-    }
-    return (0);
-}
-
-int BN_set_bit(BIGNUM *a, int n)
-{
-    int i, j, k;
-
-    if (n < 0)
-        return 0;
-
-    i = n / BN_BITS2;
-    j = n % BN_BITS2;
-    if (a->top <= i) {
-        if (bn_wexpand(a, i + 1) == NULL)
-            return (0);
-        for (k = a->top; k < i + 1; k++)
-            a->d[k] = 0;
-        a->top = i + 1;
-    }
-
-    a->d[i] |= (((BN_ULONG)1) << j);
-    bn_check_top(a);
-    return (1);
-}
-
-int BN_clear_bit(BIGNUM *a, int n)
-{
-    int i, j;
-
-    bn_check_top(a);
-    if (n < 0)
-        return 0;
-
-    i = n / BN_BITS2;
-    j = n % BN_BITS2;
-    if (a->top <= i)
-        return (0);
-
-    a->d[i] &= (~(((BN_ULONG)1) << j));
-    bn_correct_top(a);
-    return (1);
-}
-
-int BN_is_bit_set(const BIGNUM *a, int n)
-{
-    int i, j;
-
-    bn_check_top(a);
-    if (n < 0)
-        return 0;
-    i = n / BN_BITS2;
-    j = n % BN_BITS2;
-    if (a->top <= i)
-        return 0;
-    return (int)(((a->d[i]) >> j) & ((BN_ULONG)1));
-}
-
-int BN_mask_bits(BIGNUM *a, int n)
-{
-    int b, w;
-
-    bn_check_top(a);
-    if (n < 0)
-        return 0;
-
-    w = n / BN_BITS2;
-    b = n % BN_BITS2;
-    if (w >= a->top)
-        return 0;
-    if (b == 0)
-        a->top = w;
-    else {
-        a->top = w + 1;
-        a->d[w] &= ~(BN_MASK2 << b);
-    }
-    bn_correct_top(a);
-    return (1);
-}
-
-void BN_set_negative(BIGNUM *a, int b)
-{
-    if (b && !BN_is_zero(a))
-        a->neg = 1;
-    else
-        a->neg = 0;
-}
-
-int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
-{
-    int i;
-    BN_ULONG aa, bb;
-
-    aa = a[n - 1];
-    bb = b[n - 1];
-    if (aa != bb)
-        return ((aa > bb) ? 1 : -1);
-    for (i = n - 2; i >= 0; i--) {
-        aa = a[i];
-        bb = b[i];
-        if (aa != bb)
-            return ((aa > bb) ? 1 : -1);
-    }
-    return (0);
-}
-
-/*
- * Here follows a specialised variants of bn_cmp_words().  It has the
- * property of performing the operation on arrays of different sizes. The
- * sizes of those arrays is expressed through cl, which is the common length
- * ( basicall, min(len(a),len(b)) ), and dl, which is the delta between the
- * two lengths, calculated as len(a)-len(b). All lengths are the number of
- * BN_ULONGs...
- */
-
-int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, int cl, int dl)
-{
-    int n, i;
-    n = cl - 1;
-
-    if (dl < 0) {
-        for (i = dl; i < 0; i++) {
-            if (b[n - i] != 0)
-                return -1;      /* a < b */
-        }
-    }
-    if (dl > 0) {
-        for (i = dl; i > 0; i--) {
-            if (a[n + i] != 0)
-                return 1;       /* a > b */
-        }
-    }
-    return bn_cmp_words(a, b, cl);
-}
-
-/*
- * Constant-time conditional swap of a and b.
- * a and b are swapped if condition is not 0.  The code assumes that at most one bit of condition is set.
- * nwords is the number of words to swap.  The code assumes that at least nwords are allocated in both a and b,
- * and that no more than nwords are used by either a or b.
- * a and b cannot be the same number
- */
-void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
-{
-    BN_ULONG t;
-    int i;
-
-    bn_wcheck_size(a, nwords);
-    bn_wcheck_size(b, nwords);
-
-    assert(a != b);
-    assert((condition & (condition - 1)) == 0);
-    assert(sizeof(BN_ULONG) >= sizeof(int));
-
-    condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
-
-    t = (a->top ^ b->top) & condition;
-    a->top ^= t;
-    b->top ^= t;
-
-#define BN_CONSTTIME_SWAP(ind) \
-        do { \
-                t = (a->d[ind] ^ b->d[ind]) & condition; \
-                a->d[ind] ^= t; \
-                b->d[ind] ^= t; \
-        } while (0)
-
-    switch (nwords) {
-    default:
-        for (i = 10; i < nwords; i++)
-            BN_CONSTTIME_SWAP(i);
-        /* Fallthrough */
-    case 10:
-        BN_CONSTTIME_SWAP(9);   /* Fallthrough */
-    case 9:
-        BN_CONSTTIME_SWAP(8);   /* Fallthrough */
-    case 8:
-        BN_CONSTTIME_SWAP(7);   /* Fallthrough */
-    case 7:
-        BN_CONSTTIME_SWAP(6);   /* Fallthrough */
-    case 6:
-        BN_CONSTTIME_SWAP(5);   /* Fallthrough */
-    case 5:
-        BN_CONSTTIME_SWAP(4);   /* Fallthrough */
-    case 4:
-        BN_CONSTTIME_SWAP(3);   /* Fallthrough */
-    case 3:
-        BN_CONSTTIME_SWAP(2);   /* Fallthrough */
-    case 2:
-        BN_CONSTTIME_SWAP(1);   /* Fallthrough */
-    case 1:
-        BN_CONSTTIME_SWAP(0);
-    }
-#undef BN_CONSTTIME_SWAP
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/bn/bn_lib.c (from rev 11605, vendor-crypto/openssl/dist/crypto/bn/bn_lib.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/bn/bn_lib.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/bn/bn_lib.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,916 @@
+/* crypto/bn/bn_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef BN_DEBUG
+# undef NDEBUG                  /* avoid conflicting definitions */
+# define NDEBUG
+#endif
+
+#include <assert.h>
+#include <limits.h>
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+const char BN_version[] = "Big Number" OPENSSL_VERSION_PTEXT;
+
+/* This stuff appears to be completely unused, so is deprecated */
+#ifndef OPENSSL_NO_DEPRECATED
+/*-
+ * For a 32 bit machine
+ * 2 -   4 ==  128
+ * 3 -   8 ==  256
+ * 4 -  16 ==  512
+ * 5 -  32 == 1024
+ * 6 -  64 == 2048
+ * 7 - 128 == 4096
+ * 8 - 256 == 8192
+ */
+static int bn_limit_bits = 0;
+static int bn_limit_num = 8;    /* (1<<bn_limit_bits) */
+static int bn_limit_bits_low = 0;
+static int bn_limit_num_low = 8; /* (1<<bn_limit_bits_low) */
+static int bn_limit_bits_high = 0;
+static int bn_limit_num_high = 8; /* (1<<bn_limit_bits_high) */
+static int bn_limit_bits_mont = 0;
+static int bn_limit_num_mont = 8; /* (1<<bn_limit_bits_mont) */
+
+void BN_set_params(int mult, int high, int low, int mont)
+{
+    if (mult >= 0) {
+        if (mult > (int)(sizeof(int) * 8) - 1)
+            mult = sizeof(int) * 8 - 1;
+        bn_limit_bits = mult;
+        bn_limit_num = 1 << mult;
+    }
+    if (high >= 0) {
+        if (high > (int)(sizeof(int) * 8) - 1)
+            high = sizeof(int) * 8 - 1;
+        bn_limit_bits_high = high;
+        bn_limit_num_high = 1 << high;
+    }
+    if (low >= 0) {
+        if (low > (int)(sizeof(int) * 8) - 1)
+            low = sizeof(int) * 8 - 1;
+        bn_limit_bits_low = low;
+        bn_limit_num_low = 1 << low;
+    }
+    if (mont >= 0) {
+        if (mont > (int)(sizeof(int) * 8) - 1)
+            mont = sizeof(int) * 8 - 1;
+        bn_limit_bits_mont = mont;
+        bn_limit_num_mont = 1 << mont;
+    }
+}
+
+int BN_get_params(int which)
+{
+    if (which == 0)
+        return (bn_limit_bits);
+    else if (which == 1)
+        return (bn_limit_bits_high);
+    else if (which == 2)
+        return (bn_limit_bits_low);
+    else if (which == 3)
+        return (bn_limit_bits_mont);
+    else
+        return (0);
+}
+#endif
+
+const BIGNUM *BN_value_one(void)
+{
+    static const BN_ULONG data_one = 1L;
+    static const BIGNUM const_one =
+        { (BN_ULONG *)&data_one, 1, 1, 0, BN_FLG_STATIC_DATA };
+
+    return (&const_one);
+}
+
+int BN_num_bits_word(BN_ULONG l)
+{
+    static const unsigned char bits[256] = {
+        0, 1, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 4, 4, 4, 4,
+        5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5,
+        6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6,
+        6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6,
+        7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
+        7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
+        7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
+        7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
+        8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+        8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+        8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+        8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+        8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+        8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+        8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+        8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+    };
+
+#if defined(SIXTY_FOUR_BIT_LONG)
+    if (l & 0xffffffff00000000L) {
+        if (l & 0xffff000000000000L) {
+            if (l & 0xff00000000000000L) {
+                return (bits[(int)(l >> 56)] + 56);
+            } else
+                return (bits[(int)(l >> 48)] + 48);
+        } else {
+            if (l & 0x0000ff0000000000L) {
+                return (bits[(int)(l >> 40)] + 40);
+            } else
+                return (bits[(int)(l >> 32)] + 32);
+        }
+    } else
+#else
+# ifdef SIXTY_FOUR_BIT
+    if (l & 0xffffffff00000000LL) {
+        if (l & 0xffff000000000000LL) {
+            if (l & 0xff00000000000000LL) {
+                return (bits[(int)(l >> 56)] + 56);
+            } else
+                return (bits[(int)(l >> 48)] + 48);
+        } else {
+            if (l & 0x0000ff0000000000LL) {
+                return (bits[(int)(l >> 40)] + 40);
+            } else
+                return (bits[(int)(l >> 32)] + 32);
+        }
+    } else
+# endif
+#endif
+    {
+#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
+        if (l & 0xffff0000L) {
+            if (l & 0xff000000L)
+                return (bits[(int)(l >> 24L)] + 24);
+            else
+                return (bits[(int)(l >> 16L)] + 16);
+        } else
+#endif
+        {
+#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
+            if (l & 0xff00L)
+                return (bits[(int)(l >> 8)] + 8);
+            else
+#endif
+                return (bits[(int)(l)]);
+        }
+    }
+}
+
+int BN_num_bits(const BIGNUM *a)
+{
+    int i = a->top - 1;
+    bn_check_top(a);
+
+    if (BN_is_zero(a))
+        return 0;
+    return ((i * BN_BITS2) + BN_num_bits_word(a->d[i]));
+}
+
+void BN_clear_free(BIGNUM *a)
+{
+    int i;
+
+    if (a == NULL)
+        return;
+    bn_check_top(a);
+    if (a->d != NULL) {
+        OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
+        if (!(BN_get_flags(a, BN_FLG_STATIC_DATA)))
+            OPENSSL_free(a->d);
+    }
+    i = BN_get_flags(a, BN_FLG_MALLOCED);
+    OPENSSL_cleanse(a, sizeof(BIGNUM));
+    if (i)
+        OPENSSL_free(a);
+}
+
+void BN_free(BIGNUM *a)
+{
+    if (a == NULL)
+        return;
+    bn_check_top(a);
+    if ((a->d != NULL) && !(BN_get_flags(a, BN_FLG_STATIC_DATA)))
+        OPENSSL_free(a->d);
+    if (a->flags & BN_FLG_MALLOCED)
+        OPENSSL_free(a);
+    else {
+#ifndef OPENSSL_NO_DEPRECATED
+        a->flags |= BN_FLG_FREE;
+#endif
+        a->d = NULL;
+    }
+}
+
+void BN_init(BIGNUM *a)
+{
+    memset(a, 0, sizeof(BIGNUM));
+    bn_check_top(a);
+}
+
+BIGNUM *BN_new(void)
+{
+    BIGNUM *ret;
+
+    if ((ret = (BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL) {
+        BNerr(BN_F_BN_NEW, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
+    ret->flags = BN_FLG_MALLOCED;
+    ret->top = 0;
+    ret->neg = 0;
+    ret->dmax = 0;
+    ret->d = NULL;
+    bn_check_top(ret);
+    return (ret);
+}
+
+/* This is used both by bn_expand2() and bn_dup_expand() */
+/* The caller MUST check that words > b->dmax before calling this */
+static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
+{
+    BN_ULONG *A, *a = NULL;
+    const BN_ULONG *B;
+    int i;
+
+    bn_check_top(b);
+
+    if (words > (INT_MAX / (4 * BN_BITS2))) {
+        BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_BIGNUM_TOO_LONG);
+        return NULL;
+    }
+    if (BN_get_flags(b, BN_FLG_STATIC_DATA)) {
+        BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
+        return (NULL);
+    }
+    a = A = (BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG) * words);
+    if (A == NULL) {
+        BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
+#ifdef PURIFY
+    /*
+     * Valgrind complains in BN_consttime_swap because we process the whole
+     * array even if it's not initialised yet. This doesn't matter in that
+     * function - what's important is constant time operation (we're not
+     * actually going to use the data)
+     */
+    memset(a, 0, sizeof(BN_ULONG) * words);
+#endif
+
+#if 1
+    B = b->d;
+    /* Check if the previous number needs to be copied */
+    if (B != NULL) {
+        for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) {
+            /*
+             * The fact that the loop is unrolled
+             * 4-wise is a tribute to Intel. It's
+             * the one that doesn't have enough
+             * registers to accomodate more data.
+             * I'd unroll it 8-wise otherwise:-)
+             *
+             *              <appro at fy.chalmers.se>
+             */
+            BN_ULONG a0, a1, a2, a3;
+            a0 = B[0];
+            a1 = B[1];
+            a2 = B[2];
+            a3 = B[3];
+            A[0] = a0;
+            A[1] = a1;
+            A[2] = a2;
+            A[3] = a3;
+        }
+        /*
+         * workaround for ultrix cc: without 'case 0', the optimizer does
+         * the switch table by doing a=top&3; a--; goto jump_table[a];
+         * which fails for top== 0
+         */
+        switch (b->top & 3) {
+        case 3:
+            A[2] = B[2];
+        case 2:
+            A[1] = B[1];
+        case 1:
+            A[0] = B[0];
+        case 0:
+            ;
+        }
+    }
+#else
+    memset(A, 0, sizeof(BN_ULONG) * words);
+    memcpy(A, b->d, sizeof(b->d[0]) * b->top);
+#endif
+
+    return (a);
+}
+
+/*
+ * This is an internal function that can be used instead of bn_expand2() when
+ * there is a need to copy BIGNUMs instead of only expanding the data part,
+ * while still expanding them. Especially useful when needing to expand
+ * BIGNUMs that are declared 'const' and should therefore not be changed. The
+ * reason to use this instead of a BN_dup() followed by a bn_expand2() is
+ * memory allocation overhead.  A BN_dup() followed by a bn_expand2() will
+ * allocate new memory for the BIGNUM data twice, and free it once, while
+ * bn_dup_expand() makes sure allocation is made only once.
+ */
+
+#ifndef OPENSSL_NO_DEPRECATED
+BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
+{
+    BIGNUM *r = NULL;
+
+    bn_check_top(b);
+
+    /*
+     * This function does not work if words <= b->dmax && top < words because
+     * BN_dup() does not preserve 'dmax'! (But bn_dup_expand() is not used
+     * anywhere yet.)
+     */
+
+    if (words > b->dmax) {
+        BN_ULONG *a = bn_expand_internal(b, words);
+
+        if (a) {
+            r = BN_new();
+            if (r) {
+                r->top = b->top;
+                r->dmax = words;
+                r->neg = b->neg;
+                r->d = a;
+            } else {
+                /* r == NULL, BN_new failure */
+                OPENSSL_free(a);
+            }
+        }
+        /*
+         * If a == NULL, there was an error in allocation in
+         * bn_expand_internal(), and NULL should be returned
+         */
+    } else {
+        r = BN_dup(b);
+    }
+
+    bn_check_top(r);
+    return r;
+}
+#endif
+
+/*
+ * This is an internal function that should not be used in applications. It
+ * ensures that 'b' has enough room for a 'words' word number and initialises
+ * any unused part of b->d with leading zeros. It is mostly used by the
+ * various BIGNUM routines. If there is an error, NULL is returned. If not,
+ * 'b' is returned.
+ */
+
+BIGNUM *bn_expand2(BIGNUM *b, int words)
+{
+    bn_check_top(b);
+
+    if (words > b->dmax) {
+        BN_ULONG *a = bn_expand_internal(b, words);
+        if (!a)
+            return NULL;
+        if (b->d)
+            OPENSSL_free(b->d);
+        b->d = a;
+        b->dmax = words;
+    }
+
+/* None of this should be necessary because of what b->top means! */
+#if 0
+    /*
+     * NB: bn_wexpand() calls this only if the BIGNUM really has to grow
+     */
+    if (b->top < b->dmax) {
+        int i;
+        BN_ULONG *A = &(b->d[b->top]);
+        for (i = (b->dmax - b->top) >> 3; i > 0; i--, A += 8) {
+            A[0] = 0;
+            A[1] = 0;
+            A[2] = 0;
+            A[3] = 0;
+            A[4] = 0;
+            A[5] = 0;
+            A[6] = 0;
+            A[7] = 0;
+        }
+        for (i = (b->dmax - b->top) & 7; i > 0; i--, A++)
+            A[0] = 0;
+        assert(A == &(b->d[b->dmax]));
+    }
+#endif
+    bn_check_top(b);
+    return b;
+}
+
+BIGNUM *BN_dup(const BIGNUM *a)
+{
+    BIGNUM *t;
+
+    if (a == NULL)
+        return NULL;
+    bn_check_top(a);
+
+    t = BN_new();
+    if (t == NULL)
+        return NULL;
+    if (!BN_copy(t, a)) {
+        BN_free(t);
+        return NULL;
+    }
+    bn_check_top(t);
+    return t;
+}
+
+BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
+{
+    int i;
+    BN_ULONG *A;
+    const BN_ULONG *B;
+
+    bn_check_top(b);
+
+    if (a == b)
+        return (a);
+    if (bn_wexpand(a, b->top) == NULL)
+        return (NULL);
+
+#if 1
+    A = a->d;
+    B = b->d;
+    for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) {
+        BN_ULONG a0, a1, a2, a3;
+        a0 = B[0];
+        a1 = B[1];
+        a2 = B[2];
+        a3 = B[3];
+        A[0] = a0;
+        A[1] = a1;
+        A[2] = a2;
+        A[3] = a3;
+    }
+    /* ultrix cc workaround, see comments in bn_expand_internal */
+    switch (b->top & 3) {
+    case 3:
+        A[2] = B[2];
+    case 2:
+        A[1] = B[1];
+    case 1:
+        A[0] = B[0];
+    case 0:;
+    }
+#else
+    memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
+#endif
+
+    a->top = b->top;
+    a->neg = b->neg;
+    bn_check_top(a);
+    return (a);
+}
+
+void BN_swap(BIGNUM *a, BIGNUM *b)
+{
+    int flags_old_a, flags_old_b;
+    BN_ULONG *tmp_d;
+    int tmp_top, tmp_dmax, tmp_neg;
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    flags_old_a = a->flags;
+    flags_old_b = b->flags;
+
+    tmp_d = a->d;
+    tmp_top = a->top;
+    tmp_dmax = a->dmax;
+    tmp_neg = a->neg;
+
+    a->d = b->d;
+    a->top = b->top;
+    a->dmax = b->dmax;
+    a->neg = b->neg;
+
+    b->d = tmp_d;
+    b->top = tmp_top;
+    b->dmax = tmp_dmax;
+    b->neg = tmp_neg;
+
+    a->flags =
+        (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA);
+    b->flags =
+        (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA);
+    bn_check_top(a);
+    bn_check_top(b);
+}
+
+void BN_clear(BIGNUM *a)
+{
+    bn_check_top(a);
+    if (a->d != NULL)
+        OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
+    a->top = 0;
+    a->neg = 0;
+}
+
+BN_ULONG BN_get_word(const BIGNUM *a)
+{
+    if (a->top > 1)
+        return BN_MASK2;
+    else if (a->top == 1)
+        return a->d[0];
+    /* a->top == 0 */
+    return 0;
+}
+
+int BN_set_word(BIGNUM *a, BN_ULONG w)
+{
+    bn_check_top(a);
+    if (bn_expand(a, (int)sizeof(BN_ULONG) * 8) == NULL)
+        return (0);
+    a->neg = 0;
+    a->d[0] = w;
+    a->top = (w ? 1 : 0);
+    bn_check_top(a);
+    return (1);
+}
+
+BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
+{
+    unsigned int i, m;
+    unsigned int n;
+    BN_ULONG l;
+    BIGNUM *bn = NULL;
+
+    if (ret == NULL)
+        ret = bn = BN_new();
+    if (ret == NULL)
+        return (NULL);
+    bn_check_top(ret);
+    l = 0;
+    n = len;
+    if (n == 0) {
+        ret->top = 0;
+        return (ret);
+    }
+    i = ((n - 1) / BN_BYTES) + 1;
+    m = ((n - 1) % (BN_BYTES));
+    if (bn_wexpand(ret, (int)i) == NULL) {
+        if (bn)
+            BN_free(bn);
+        return NULL;
+    }
+    ret->top = i;
+    ret->neg = 0;
+    while (n--) {
+        l = (l << 8L) | *(s++);
+        if (m-- == 0) {
+            ret->d[--i] = l;
+            l = 0;
+            m = BN_BYTES - 1;
+        }
+    }
+    /*
+     * need to call this due to clear byte at top if avoiding having the top
+     * bit set (-ve number)
+     */
+    bn_correct_top(ret);
+    return (ret);
+}
+
+/* ignore negative */
+int BN_bn2bin(const BIGNUM *a, unsigned char *to)
+{
+    int n, i;
+    BN_ULONG l;
+
+    bn_check_top(a);
+    n = i = BN_num_bytes(a);
+    while (i--) {
+        l = a->d[i / BN_BYTES];
+        *(to++) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff;
+    }
+    return (n);
+}
+
+int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
+{
+    int i;
+    BN_ULONG t1, t2, *ap, *bp;
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    i = a->top - b->top;
+    if (i != 0)
+        return (i);
+    ap = a->d;
+    bp = b->d;
+    for (i = a->top - 1; i >= 0; i--) {
+        t1 = ap[i];
+        t2 = bp[i];
+        if (t1 != t2)
+            return ((t1 > t2) ? 1 : -1);
+    }
+    return (0);
+}
+
+int BN_cmp(const BIGNUM *a, const BIGNUM *b)
+{
+    int i;
+    int gt, lt;
+    BN_ULONG t1, t2;
+
+    if ((a == NULL) || (b == NULL)) {
+        if (a != NULL)
+            return (-1);
+        else if (b != NULL)
+            return (1);
+        else
+            return (0);
+    }
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    if (a->neg != b->neg) {
+        if (a->neg)
+            return (-1);
+        else
+            return (1);
+    }
+    if (a->neg == 0) {
+        gt = 1;
+        lt = -1;
+    } else {
+        gt = -1;
+        lt = 1;
+    }
+
+    if (a->top > b->top)
+        return (gt);
+    if (a->top < b->top)
+        return (lt);
+    for (i = a->top - 1; i >= 0; i--) {
+        t1 = a->d[i];
+        t2 = b->d[i];
+        if (t1 > t2)
+            return (gt);
+        if (t1 < t2)
+            return (lt);
+    }
+    return (0);
+}
+
+int BN_set_bit(BIGNUM *a, int n)
+{
+    int i, j, k;
+
+    if (n < 0)
+        return 0;
+
+    i = n / BN_BITS2;
+    j = n % BN_BITS2;
+    if (a->top <= i) {
+        if (bn_wexpand(a, i + 1) == NULL)
+            return (0);
+        for (k = a->top; k < i + 1; k++)
+            a->d[k] = 0;
+        a->top = i + 1;
+    }
+
+    a->d[i] |= (((BN_ULONG)1) << j);
+    bn_check_top(a);
+    return (1);
+}
+
+int BN_clear_bit(BIGNUM *a, int n)
+{
+    int i, j;
+
+    bn_check_top(a);
+    if (n < 0)
+        return 0;
+
+    i = n / BN_BITS2;
+    j = n % BN_BITS2;
+    if (a->top <= i)
+        return (0);
+
+    a->d[i] &= (~(((BN_ULONG)1) << j));
+    bn_correct_top(a);
+    return (1);
+}
+
+int BN_is_bit_set(const BIGNUM *a, int n)
+{
+    int i, j;
+
+    bn_check_top(a);
+    if (n < 0)
+        return 0;
+    i = n / BN_BITS2;
+    j = n % BN_BITS2;
+    if (a->top <= i)
+        return 0;
+    return (int)(((a->d[i]) >> j) & ((BN_ULONG)1));
+}
+
+int BN_mask_bits(BIGNUM *a, int n)
+{
+    int b, w;
+
+    bn_check_top(a);
+    if (n < 0)
+        return 0;
+
+    w = n / BN_BITS2;
+    b = n % BN_BITS2;
+    if (w >= a->top)
+        return 0;
+    if (b == 0)
+        a->top = w;
+    else {
+        a->top = w + 1;
+        a->d[w] &= ~(BN_MASK2 << b);
+    }
+    bn_correct_top(a);
+    return (1);
+}
+
+void BN_set_negative(BIGNUM *a, int b)
+{
+    if (b && !BN_is_zero(a))
+        a->neg = 1;
+    else
+        a->neg = 0;
+}
+
+int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
+{
+    int i;
+    BN_ULONG aa, bb;
+
+    aa = a[n - 1];
+    bb = b[n - 1];
+    if (aa != bb)
+        return ((aa > bb) ? 1 : -1);
+    for (i = n - 2; i >= 0; i--) {
+        aa = a[i];
+        bb = b[i];
+        if (aa != bb)
+            return ((aa > bb) ? 1 : -1);
+    }
+    return (0);
+}
+
+/*
+ * Here follows a specialised variants of bn_cmp_words().  It has the
+ * property of performing the operation on arrays of different sizes. The
+ * sizes of those arrays is expressed through cl, which is the common length
+ * ( basicall, min(len(a),len(b)) ), and dl, which is the delta between the
+ * two lengths, calculated as len(a)-len(b). All lengths are the number of
+ * BN_ULONGs...
+ */
+
+int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, int cl, int dl)
+{
+    int n, i;
+    n = cl - 1;
+
+    if (dl < 0) {
+        for (i = dl; i < 0; i++) {
+            if (b[n - i] != 0)
+                return -1;      /* a < b */
+        }
+    }
+    if (dl > 0) {
+        for (i = dl; i > 0; i--) {
+            if (a[n + i] != 0)
+                return 1;       /* a > b */
+        }
+    }
+    return bn_cmp_words(a, b, cl);
+}
+
+/*
+ * Constant-time conditional swap of a and b.
+ * a and b are swapped if condition is not 0.  The code assumes that at most one bit of condition is set.
+ * nwords is the number of words to swap.  The code assumes that at least nwords are allocated in both a and b,
+ * and that no more than nwords are used by either a or b.
+ * a and b cannot be the same number
+ */
+void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
+{
+    BN_ULONG t;
+    int i;
+
+    bn_wcheck_size(a, nwords);
+    bn_wcheck_size(b, nwords);
+
+    assert(a != b);
+    assert((condition & (condition - 1)) == 0);
+    assert(sizeof(BN_ULONG) >= sizeof(int));
+
+    condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
+
+    t = (a->top ^ b->top) & condition;
+    a->top ^= t;
+    b->top ^= t;
+
+#define BN_CONSTTIME_SWAP(ind) \
+        do { \
+                t = (a->d[ind] ^ b->d[ind]) & condition; \
+                a->d[ind] ^= t; \
+                b->d[ind] ^= t; \
+        } while (0)
+
+    switch (nwords) {
+    default:
+        for (i = 10; i < nwords; i++)
+            BN_CONSTTIME_SWAP(i);
+        /* Fallthrough */
+    case 10:
+        BN_CONSTTIME_SWAP(9);   /* Fallthrough */
+    case 9:
+        BN_CONSTTIME_SWAP(8);   /* Fallthrough */
+    case 8:
+        BN_CONSTTIME_SWAP(7);   /* Fallthrough */
+    case 7:
+        BN_CONSTTIME_SWAP(6);   /* Fallthrough */
+    case 6:
+        BN_CONSTTIME_SWAP(5);   /* Fallthrough */
+    case 5:
+        BN_CONSTTIME_SWAP(4);   /* Fallthrough */
+    case 4:
+        BN_CONSTTIME_SWAP(3);   /* Fallthrough */
+    case 3:
+        BN_CONSTTIME_SWAP(2);   /* Fallthrough */
+    case 2:
+        BN_CONSTTIME_SWAP(1);   /* Fallthrough */
+    case 1:
+        BN_CONSTTIME_SWAP(0);
+    }
+#undef BN_CONSTTIME_SWAP
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/bn/bn_print.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_print.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/bn/bn_print.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,388 +0,0 @@
-/* crypto/bn/bn_print.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include "bn_lcl.h"
-
-static const char Hex[] = "0123456789ABCDEF";
-
-/* Must 'OPENSSL_free' the returned data */
-char *BN_bn2hex(const BIGNUM *a)
-{
-    int i, j, v, z = 0;
-    char *buf;
-    char *p;
-
-    if (a->neg && BN_is_zero(a)) {
-        /* "-0" == 3 bytes including NULL terminator */
-        buf = OPENSSL_malloc(3);
-    } else {
-        buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2);
-    }
-    if (buf == NULL) {
-        BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    p = buf;
-    if (a->neg)
-        *(p++) = '-';
-    if (BN_is_zero(a))
-        *(p++) = '0';
-    for (i = a->top - 1; i >= 0; i--) {
-        for (j = BN_BITS2 - 8; j >= 0; j -= 8) {
-            /* strip leading zeros */
-            v = ((int)(a->d[i] >> (long)j)) & 0xff;
-            if (z || (v != 0)) {
-                *(p++) = Hex[v >> 4];
-                *(p++) = Hex[v & 0x0f];
-                z = 1;
-            }
-        }
-    }
-    *p = '\0';
- err:
-    return (buf);
-}
-
-/* Must 'OPENSSL_free' the returned data */
-char *BN_bn2dec(const BIGNUM *a)
-{
-    int i = 0, num, ok = 0;
-    char *buf = NULL;
-    char *p;
-    BIGNUM *t = NULL;
-    BN_ULONG *bn_data = NULL, *lp;
-
-    /*-
-     * get an upper bound for the length of the decimal integer
-     * num <= (BN_num_bits(a) + 1) * log(2)
-     *     <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1     (rounding error)
-     *     <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1
-     */
-    i = BN_num_bits(a) * 3;
-    num = (i / 10 + i / 1000 + 1) + 1;
-    bn_data =
-        (BN_ULONG *)OPENSSL_malloc((num / BN_DEC_NUM + 1) * sizeof(BN_ULONG));
-    buf = (char *)OPENSSL_malloc(num + 3);
-    if ((buf == NULL) || (bn_data == NULL)) {
-        BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    if ((t = BN_dup(a)) == NULL)
-        goto err;
-
-#define BUF_REMAIN (num+3 - (size_t)(p - buf))
-    p = buf;
-    lp = bn_data;
-    if (BN_is_zero(t)) {
-        *(p++) = '0';
-        *(p++) = '\0';
-    } else {
-        if (BN_is_negative(t))
-            *p++ = '-';
-
-        i = 0;
-        while (!BN_is_zero(t)) {
-            *lp = BN_div_word(t, BN_DEC_CONV);
-            lp++;
-        }
-        lp--;
-        /*
-         * We now have a series of blocks, BN_DEC_NUM chars in length, where
-         * the last one needs truncation. The blocks need to be reversed in
-         * order.
-         */
-        BIO_snprintf(p, BUF_REMAIN, BN_DEC_FMT1, *lp);
-        while (*p)
-            p++;
-        while (lp != bn_data) {
-            lp--;
-            BIO_snprintf(p, BUF_REMAIN, BN_DEC_FMT2, *lp);
-            while (*p)
-                p++;
-        }
-    }
-    ok = 1;
- err:
-    if (bn_data != NULL)
-        OPENSSL_free(bn_data);
-    if (t != NULL)
-        BN_free(t);
-    if (!ok && buf) {
-        OPENSSL_free(buf);
-        buf = NULL;
-    }
-
-    return (buf);
-}
-
-int BN_hex2bn(BIGNUM **bn, const char *a)
-{
-    BIGNUM *ret = NULL;
-    BN_ULONG l = 0;
-    int neg = 0, h, m, i, j, k, c;
-    int num;
-
-    if ((a == NULL) || (*a == '\0'))
-        return (0);
-
-    if (*a == '-') {
-        neg = 1;
-        a++;
-    }
-
-    for (i = 0; isxdigit((unsigned char)a[i]); i++) ;
-
-    num = i + neg;
-    if (bn == NULL)
-        return (num);
-
-    /* a is the start of the hex digits, and it is 'i' long */
-    if (*bn == NULL) {
-        if ((ret = BN_new()) == NULL)
-            return (0);
-    } else {
-        ret = *bn;
-        BN_zero(ret);
-    }
-
-    /* i is the number of hex digests; */
-    if (bn_expand(ret, i * 4) == NULL)
-        goto err;
-
-    j = i;                      /* least significant 'hex' */
-    m = 0;
-    h = 0;
-    while (j > 0) {
-        m = ((BN_BYTES * 2) <= j) ? (BN_BYTES * 2) : j;
-        l = 0;
-        for (;;) {
-            c = a[j - m];
-            if ((c >= '0') && (c <= '9'))
-                k = c - '0';
-            else if ((c >= 'a') && (c <= 'f'))
-                k = c - 'a' + 10;
-            else if ((c >= 'A') && (c <= 'F'))
-                k = c - 'A' + 10;
-            else
-                k = 0;          /* paranoia */
-            l = (l << 4) | k;
-
-            if (--m <= 0) {
-                ret->d[h++] = l;
-                break;
-            }
-        }
-        j -= (BN_BYTES * 2);
-    }
-    ret->top = h;
-    bn_correct_top(ret);
-    ret->neg = neg;
-
-    *bn = ret;
-    bn_check_top(ret);
-    return (num);
- err:
-    if (*bn == NULL)
-        BN_free(ret);
-    return (0);
-}
-
-int BN_dec2bn(BIGNUM **bn, const char *a)
-{
-    BIGNUM *ret = NULL;
-    BN_ULONG l = 0;
-    int neg = 0, i, j;
-    int num;
-
-    if ((a == NULL) || (*a == '\0'))
-        return (0);
-    if (*a == '-') {
-        neg = 1;
-        a++;
-    }
-
-    for (i = 0; isdigit((unsigned char)a[i]); i++) ;
-
-    num = i + neg;
-    if (bn == NULL)
-        return (num);
-
-    /*
-     * a is the start of the digits, and it is 'i' long. We chop it into
-     * BN_DEC_NUM digits at a time
-     */
-    if (*bn == NULL) {
-        if ((ret = BN_new()) == NULL)
-            return (0);
-    } else {
-        ret = *bn;
-        BN_zero(ret);
-    }
-
-    /* i is the number of digests, a bit of an over expand; */
-    if (bn_expand(ret, i * 4) == NULL)
-        goto err;
-
-    j = BN_DEC_NUM - (i % BN_DEC_NUM);
-    if (j == BN_DEC_NUM)
-        j = 0;
-    l = 0;
-    while (*a) {
-        l *= 10;
-        l += *a - '0';
-        a++;
-        if (++j == BN_DEC_NUM) {
-            BN_mul_word(ret, BN_DEC_CONV);
-            BN_add_word(ret, l);
-            l = 0;
-            j = 0;
-        }
-    }
-    ret->neg = neg;
-
-    bn_correct_top(ret);
-    *bn = ret;
-    bn_check_top(ret);
-    return (num);
- err:
-    if (*bn == NULL)
-        BN_free(ret);
-    return (0);
-}
-
-int BN_asc2bn(BIGNUM **bn, const char *a)
-{
-    const char *p = a;
-    if (*p == '-')
-        p++;
-
-    if (p[0] == '0' && (p[1] == 'X' || p[1] == 'x')) {
-        if (!BN_hex2bn(bn, p + 2))
-            return 0;
-    } else {
-        if (!BN_dec2bn(bn, p))
-            return 0;
-    }
-    if (*a == '-')
-        (*bn)->neg = 1;
-    return 1;
-}
-
-#ifndef OPENSSL_NO_BIO
-# ifndef OPENSSL_NO_FP_API
-int BN_print_fp(FILE *fp, const BIGNUM *a)
-{
-    BIO *b;
-    int ret;
-
-    if ((b = BIO_new(BIO_s_file())) == NULL)
-        return (0);
-    BIO_set_fp(b, fp, BIO_NOCLOSE);
-    ret = BN_print(b, a);
-    BIO_free(b);
-    return (ret);
-}
-# endif
-
-int BN_print(BIO *bp, const BIGNUM *a)
-{
-    int i, j, v, z = 0;
-    int ret = 0;
-
-    if ((a->neg) && (BIO_write(bp, "-", 1) != 1))
-        goto end;
-    if (BN_is_zero(a) && (BIO_write(bp, "0", 1) != 1))
-        goto end;
-    for (i = a->top - 1; i >= 0; i--) {
-        for (j = BN_BITS2 - 4; j >= 0; j -= 4) {
-            /* strip leading zeros */
-            v = ((int)(a->d[i] >> (long)j)) & 0x0f;
-            if (z || (v != 0)) {
-                if (BIO_write(bp, &(Hex[v]), 1) != 1)
-                    goto end;
-                z = 1;
-            }
-        }
-    }
-    ret = 1;
- end:
-    return (ret);
-}
-#endif
-
-char *BN_options(void)
-{
-    static int init = 0;
-    static char data[16];
-
-    if (!init) {
-        init++;
-#ifdef BN_LLONG
-        BIO_snprintf(data, sizeof data, "bn(%d,%d)",
-                     (int)sizeof(BN_ULLONG) * 8, (int)sizeof(BN_ULONG) * 8);
-#else
-        BIO_snprintf(data, sizeof data, "bn(%d,%d)",
-                     (int)sizeof(BN_ULONG) * 8, (int)sizeof(BN_ULONG) * 8);
-#endif
-    }
-    return (data);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/bn/bn_print.c (from rev 11605, vendor-crypto/openssl/dist/crypto/bn/bn_print.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/bn/bn_print.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/bn/bn_print.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,401 @@
+/* crypto/bn/bn_print.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <limits.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include "bn_lcl.h"
+
+static const char Hex[] = "0123456789ABCDEF";
+
+/* Must 'OPENSSL_free' the returned data */
+char *BN_bn2hex(const BIGNUM *a)
+{
+    int i, j, v, z = 0;
+    char *buf;
+    char *p;
+
+    if (a->neg && BN_is_zero(a)) {
+        /* "-0" == 3 bytes including NULL terminator */
+        buf = OPENSSL_malloc(3);
+    } else {
+        buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2);
+    }
+    if (buf == NULL) {
+        BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    p = buf;
+    if (a->neg)
+        *(p++) = '-';
+    if (BN_is_zero(a))
+        *(p++) = '0';
+    for (i = a->top - 1; i >= 0; i--) {
+        for (j = BN_BITS2 - 8; j >= 0; j -= 8) {
+            /* strip leading zeros */
+            v = ((int)(a->d[i] >> (long)j)) & 0xff;
+            if (z || (v != 0)) {
+                *(p++) = Hex[v >> 4];
+                *(p++) = Hex[v & 0x0f];
+                z = 1;
+            }
+        }
+    }
+    *p = '\0';
+ err:
+    return (buf);
+}
+
+/* Must 'OPENSSL_free' the returned data */
+char *BN_bn2dec(const BIGNUM *a)
+{
+    int i = 0, num, ok = 0;
+    char *buf = NULL;
+    char *p;
+    BIGNUM *t = NULL;
+    BN_ULONG *bn_data = NULL, *lp;
+    int bn_data_num;
+
+    /*-
+     * get an upper bound for the length of the decimal integer
+     * num <= (BN_num_bits(a) + 1) * log(2)
+     *     <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1     (rounding error)
+     *     <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1
+     */
+    i = BN_num_bits(a) * 3;
+    num = (i / 10 + i / 1000 + 1) + 1;
+    bn_data_num = num / BN_DEC_NUM + 1;
+    bn_data = OPENSSL_malloc(bn_data_num * sizeof(BN_ULONG));
+    buf = OPENSSL_malloc(num + 3);
+    if ((buf == NULL) || (bn_data == NULL)) {
+        BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if ((t = BN_dup(a)) == NULL)
+        goto err;
+
+#define BUF_REMAIN (num+3 - (size_t)(p - buf))
+    p = buf;
+    lp = bn_data;
+    if (BN_is_zero(t)) {
+        *(p++) = '0';
+        *(p++) = '\0';
+    } else {
+        if (BN_is_negative(t))
+            *p++ = '-';
+
+        while (!BN_is_zero(t)) {
+            if (lp - bn_data >= bn_data_num)
+                goto err;
+            *lp = BN_div_word(t, BN_DEC_CONV);
+            if (*lp == (BN_ULONG)-1)
+                goto err;
+            lp++;
+        }
+        lp--;
+        /*
+         * We now have a series of blocks, BN_DEC_NUM chars in length, where
+         * the last one needs truncation. The blocks need to be reversed in
+         * order.
+         */
+        BIO_snprintf(p, BUF_REMAIN, BN_DEC_FMT1, *lp);
+        while (*p)
+            p++;
+        while (lp != bn_data) {
+            lp--;
+            BIO_snprintf(p, BUF_REMAIN, BN_DEC_FMT2, *lp);
+            while (*p)
+                p++;
+        }
+    }
+    ok = 1;
+ err:
+    if (bn_data != NULL)
+        OPENSSL_free(bn_data);
+    if (t != NULL)
+        BN_free(t);
+    if (!ok && buf) {
+        OPENSSL_free(buf);
+        buf = NULL;
+    }
+
+    return (buf);
+}
+
+int BN_hex2bn(BIGNUM **bn, const char *a)
+{
+    BIGNUM *ret = NULL;
+    BN_ULONG l = 0;
+    int neg = 0, h, m, i, j, k, c;
+    int num;
+
+    if ((a == NULL) || (*a == '\0'))
+        return (0);
+
+    if (*a == '-') {
+        neg = 1;
+        a++;
+    }
+
+    for (i = 0; i <= (INT_MAX/4) && isxdigit((unsigned char)a[i]); i++)
+        continue;
+
+    if (i > INT_MAX/4)
+        goto err;
+
+    num = i + neg;
+    if (bn == NULL)
+        return (num);
+
+    /* a is the start of the hex digits, and it is 'i' long */
+    if (*bn == NULL) {
+        if ((ret = BN_new()) == NULL)
+            return (0);
+    } else {
+        ret = *bn;
+        BN_zero(ret);
+    }
+
+    /* i is the number of hex digits */
+    if (bn_expand(ret, i * 4) == NULL)
+        goto err;
+
+    j = i;                      /* least significant 'hex' */
+    m = 0;
+    h = 0;
+    while (j > 0) {
+        m = ((BN_BYTES * 2) <= j) ? (BN_BYTES * 2) : j;
+        l = 0;
+        for (;;) {
+            c = a[j - m];
+            if ((c >= '0') && (c <= '9'))
+                k = c - '0';
+            else if ((c >= 'a') && (c <= 'f'))
+                k = c - 'a' + 10;
+            else if ((c >= 'A') && (c <= 'F'))
+                k = c - 'A' + 10;
+            else
+                k = 0;          /* paranoia */
+            l = (l << 4) | k;
+
+            if (--m <= 0) {
+                ret->d[h++] = l;
+                break;
+            }
+        }
+        j -= (BN_BYTES * 2);
+    }
+    ret->top = h;
+    bn_correct_top(ret);
+    ret->neg = neg;
+
+    *bn = ret;
+    bn_check_top(ret);
+    return (num);
+ err:
+    if (*bn == NULL)
+        BN_free(ret);
+    return (0);
+}
+
+int BN_dec2bn(BIGNUM **bn, const char *a)
+{
+    BIGNUM *ret = NULL;
+    BN_ULONG l = 0;
+    int neg = 0, i, j;
+    int num;
+
+    if ((a == NULL) || (*a == '\0'))
+        return (0);
+    if (*a == '-') {
+        neg = 1;
+        a++;
+    }
+
+    for (i = 0; i <= (INT_MAX/4) && isdigit((unsigned char)a[i]); i++)
+        continue;
+
+    if (i > INT_MAX/4)
+        goto err;
+
+    num = i + neg;
+    if (bn == NULL)
+        return (num);
+
+    /*
+     * a is the start of the digits, and it is 'i' long. We chop it into
+     * BN_DEC_NUM digits at a time
+     */
+    if (*bn == NULL) {
+        if ((ret = BN_new()) == NULL)
+            return (0);
+    } else {
+        ret = *bn;
+        BN_zero(ret);
+    }
+
+    /* i is the number of digits, a bit of an over expand */
+    if (bn_expand(ret, i * 4) == NULL)
+        goto err;
+
+    j = BN_DEC_NUM - (i % BN_DEC_NUM);
+    if (j == BN_DEC_NUM)
+        j = 0;
+    l = 0;
+    while (*a) {
+        l *= 10;
+        l += *a - '0';
+        a++;
+        if (++j == BN_DEC_NUM) {
+            BN_mul_word(ret, BN_DEC_CONV);
+            BN_add_word(ret, l);
+            l = 0;
+            j = 0;
+        }
+    }
+    ret->neg = neg;
+
+    bn_correct_top(ret);
+    *bn = ret;
+    bn_check_top(ret);
+    return (num);
+ err:
+    if (*bn == NULL)
+        BN_free(ret);
+    return (0);
+}
+
+int BN_asc2bn(BIGNUM **bn, const char *a)
+{
+    const char *p = a;
+    if (*p == '-')
+        p++;
+
+    if (p[0] == '0' && (p[1] == 'X' || p[1] == 'x')) {
+        if (!BN_hex2bn(bn, p + 2))
+            return 0;
+    } else {
+        if (!BN_dec2bn(bn, p))
+            return 0;
+    }
+    if (*a == '-')
+        (*bn)->neg = 1;
+    return 1;
+}
+
+#ifndef OPENSSL_NO_BIO
+# ifndef OPENSSL_NO_FP_API
+int BN_print_fp(FILE *fp, const BIGNUM *a)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL)
+        return (0);
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = BN_print(b, a);
+    BIO_free(b);
+    return (ret);
+}
+# endif
+
+int BN_print(BIO *bp, const BIGNUM *a)
+{
+    int i, j, v, z = 0;
+    int ret = 0;
+
+    if ((a->neg) && (BIO_write(bp, "-", 1) != 1))
+        goto end;
+    if (BN_is_zero(a) && (BIO_write(bp, "0", 1) != 1))
+        goto end;
+    for (i = a->top - 1; i >= 0; i--) {
+        for (j = BN_BITS2 - 4; j >= 0; j -= 4) {
+            /* strip leading zeros */
+            v = ((int)(a->d[i] >> (long)j)) & 0x0f;
+            if (z || (v != 0)) {
+                if (BIO_write(bp, &(Hex[v]), 1) != 1)
+                    goto end;
+                z = 1;
+            }
+        }
+    }
+    ret = 1;
+ end:
+    return (ret);
+}
+#endif
+
+char *BN_options(void)
+{
+    static int init = 0;
+    static char data[16];
+
+    if (!init) {
+        init++;
+#ifdef BN_LLONG
+        BIO_snprintf(data, sizeof data, "bn(%d,%d)",
+                     (int)sizeof(BN_ULLONG) * 8, (int)sizeof(BN_ULONG) * 8);
+#else
+        BIO_snprintf(data, sizeof data, "bn(%d,%d)",
+                     (int)sizeof(BN_ULONG) * 8, (int)sizeof(BN_ULONG) * 8);
+#endif
+    }
+    return (data);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/bn/bn_rand.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_rand.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/bn/bn_rand.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,295 +0,0 @@
-/* crypto/bn/bn_rand.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-#include <openssl/rand.h>
-
-static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
-{
-    unsigned char *buf = NULL;
-    int ret = 0, bit, bytes, mask;
-    time_t tim;
-
-    if (bits < 0 || (bits == 1 && top > 0)) {
-        BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL);
-        return 0;
-    }
-
-    if (bits == 0) {
-        BN_zero(rnd);
-        return 1;
-    }
-
-    bytes = (bits + 7) / 8;
-    bit = (bits - 1) % 8;
-    mask = 0xff << (bit + 1);
-
-    buf = (unsigned char *)OPENSSL_malloc(bytes);
-    if (buf == NULL) {
-        BNerr(BN_F_BNRAND, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    /* make a random number and set the top and bottom bits */
-    time(&tim);
-    RAND_add(&tim, sizeof(tim), 0.0);
-
-    if (pseudorand) {
-        if (RAND_pseudo_bytes(buf, bytes) == -1)
-            goto err;
-    } else {
-        if (RAND_bytes(buf, bytes) <= 0)
-            goto err;
-    }
-
-#if 1
-    if (pseudorand == 2) {
-        /*
-         * generate patterns that are more likely to trigger BN library bugs
-         */
-        int i;
-        unsigned char c;
-
-        for (i = 0; i < bytes; i++) {
-            if (RAND_pseudo_bytes(&c, 1) < 0)
-                goto err;
-            if (c >= 128 && i > 0)
-                buf[i] = buf[i - 1];
-            else if (c < 42)
-                buf[i] = 0;
-            else if (c < 84)
-                buf[i] = 255;
-        }
-    }
-#endif
-
-    if (top >= 0) {
-        if (top) {
-            if (bit == 0) {
-                buf[0] = 1;
-                buf[1] |= 0x80;
-            } else {
-                buf[0] |= (3 << (bit - 1));
-            }
-        } else {
-            buf[0] |= (1 << bit);
-        }
-    }
-    buf[0] &= ~mask;
-    if (bottom)                 /* set bottom bit if requested */
-        buf[bytes - 1] |= 1;
-    if (!BN_bin2bn(buf, bytes, rnd))
-        goto err;
-    ret = 1;
- err:
-    if (buf != NULL) {
-        OPENSSL_cleanse(buf, bytes);
-        OPENSSL_free(buf);
-    }
-    bn_check_top(rnd);
-    return (ret);
-}
-
-int BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
-{
-    return bnrand(0, rnd, bits, top, bottom);
-}
-
-int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
-{
-    return bnrand(1, rnd, bits, top, bottom);
-}
-
-#if 1
-int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
-{
-    return bnrand(2, rnd, bits, top, bottom);
-}
-#endif
-
-/* random number r:  0 <= r < range */
-static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
-{
-    int (*bn_rand) (BIGNUM *, int, int, int) =
-        pseudo ? BN_pseudo_rand : BN_rand;
-    int n;
-    int count = 100;
-
-    if (range->neg || BN_is_zero(range)) {
-        BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE);
-        return 0;
-    }
-
-    n = BN_num_bits(range);     /* n > 0 */
-
-    /* BN_is_bit_set(range, n - 1) always holds */
-
-    if (n == 1)
-        BN_zero(r);
-    else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) {
-        /*
-         * range = 100..._2, so 3*range (= 11..._2) is exactly one bit longer
-         * than range
-         */
-        do {
-            if (!bn_rand(r, n + 1, -1, 0))
-                return 0;
-            /*
-             * If r < 3*range, use r := r MOD range (which is either r, r -
-             * range, or r - 2*range). Otherwise, iterate once more. Since
-             * 3*range = 11..._2, each iteration succeeds with probability >=
-             * .75.
-             */
-            if (BN_cmp(r, range) >= 0) {
-                if (!BN_sub(r, r, range))
-                    return 0;
-                if (BN_cmp(r, range) >= 0)
-                    if (!BN_sub(r, r, range))
-                        return 0;
-            }
-
-            if (!--count) {
-                BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
-                return 0;
-            }
-
-        }
-        while (BN_cmp(r, range) >= 0);
-    } else {
-        do {
-            /* range = 11..._2  or  range = 101..._2 */
-            if (!bn_rand(r, n, -1, 0))
-                return 0;
-
-            if (!--count) {
-                BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
-                return 0;
-            }
-        }
-        while (BN_cmp(r, range) >= 0);
-    }
-
-    bn_check_top(r);
-    return 1;
-}
-
-int BN_rand_range(BIGNUM *r, const BIGNUM *range)
-{
-    return bn_rand_range(0, r, range);
-}
-
-int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
-{
-    return bn_rand_range(1, r, range);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/bn/bn_rand.c (from rev 11605, vendor-crypto/openssl/dist/crypto/bn/bn_rand.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/bn/bn_rand.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/bn/bn_rand.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,291 @@
+/* crypto/bn/bn_rand.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+#include <openssl/rand.h>
+
+static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
+{
+    unsigned char *buf = NULL;
+    int ret = 0, bit, bytes, mask;
+    time_t tim;
+
+    if (bits < 0 || (bits == 1 && top > 0)) {
+        BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL);
+        return 0;
+    }
+
+    if (bits == 0) {
+        BN_zero(rnd);
+        return 1;
+    }
+
+    bytes = (bits + 7) / 8;
+    bit = (bits - 1) % 8;
+    mask = 0xff << (bit + 1);
+
+    buf = (unsigned char *)OPENSSL_malloc(bytes);
+    if (buf == NULL) {
+        BNerr(BN_F_BNRAND, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* make a random number and set the top and bottom bits */
+    time(&tim);
+    RAND_add(&tim, sizeof(tim), 0.0);
+
+    /* We ignore the value of pseudorand and always call RAND_bytes */
+    if (RAND_bytes(buf, bytes) <= 0)
+        goto err;
+
+#if 1
+    if (pseudorand == 2) {
+        /*
+         * generate patterns that are more likely to trigger BN library bugs
+         */
+        int i;
+        unsigned char c;
+
+        for (i = 0; i < bytes; i++) {
+            if (RAND_pseudo_bytes(&c, 1) < 0)
+                goto err;
+            if (c >= 128 && i > 0)
+                buf[i] = buf[i - 1];
+            else if (c < 42)
+                buf[i] = 0;
+            else if (c < 84)
+                buf[i] = 255;
+        }
+    }
+#endif
+
+    if (top >= 0) {
+        if (top) {
+            if (bit == 0) {
+                buf[0] = 1;
+                buf[1] |= 0x80;
+            } else {
+                buf[0] |= (3 << (bit - 1));
+            }
+        } else {
+            buf[0] |= (1 << bit);
+        }
+    }
+    buf[0] &= ~mask;
+    if (bottom)                 /* set bottom bit if requested */
+        buf[bytes - 1] |= 1;
+    if (!BN_bin2bn(buf, bytes, rnd))
+        goto err;
+    ret = 1;
+ err:
+    if (buf != NULL) {
+        OPENSSL_cleanse(buf, bytes);
+        OPENSSL_free(buf);
+    }
+    bn_check_top(rnd);
+    return (ret);
+}
+
+int BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
+{
+    return bnrand(0, rnd, bits, top, bottom);
+}
+
+int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
+{
+    return bnrand(1, rnd, bits, top, bottom);
+}
+
+#if 1
+int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
+{
+    return bnrand(2, rnd, bits, top, bottom);
+}
+#endif
+
+/* random number r:  0 <= r < range */
+static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
+{
+    int (*bn_rand) (BIGNUM *, int, int, int) =
+        pseudo ? BN_pseudo_rand : BN_rand;
+    int n;
+    int count = 100;
+
+    if (range->neg || BN_is_zero(range)) {
+        BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE);
+        return 0;
+    }
+
+    n = BN_num_bits(range);     /* n > 0 */
+
+    /* BN_is_bit_set(range, n - 1) always holds */
+
+    if (n == 1)
+        BN_zero(r);
+    else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) {
+        /*
+         * range = 100..._2, so 3*range (= 11..._2) is exactly one bit longer
+         * than range
+         */
+        do {
+            if (!bn_rand(r, n + 1, -1, 0))
+                return 0;
+            /*
+             * If r < 3*range, use r := r MOD range (which is either r, r -
+             * range, or r - 2*range). Otherwise, iterate once more. Since
+             * 3*range = 11..._2, each iteration succeeds with probability >=
+             * .75.
+             */
+            if (BN_cmp(r, range) >= 0) {
+                if (!BN_sub(r, r, range))
+                    return 0;
+                if (BN_cmp(r, range) >= 0)
+                    if (!BN_sub(r, r, range))
+                        return 0;
+            }
+
+            if (!--count) {
+                BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
+                return 0;
+            }
+
+        }
+        while (BN_cmp(r, range) >= 0);
+    } else {
+        do {
+            /* range = 11..._2  or  range = 101..._2 */
+            if (!bn_rand(r, n, -1, 0))
+                return 0;
+
+            if (!--count) {
+                BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
+                return 0;
+            }
+        }
+        while (BN_cmp(r, range) >= 0);
+    }
+
+    bn_check_top(r);
+    return 1;
+}
+
+int BN_rand_range(BIGNUM *r, const BIGNUM *range)
+{
+    return bn_rand_range(0, r, range);
+}
+
+int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
+{
+    return bn_rand_range(1, r, range);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/bn/bn_recp.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_recp.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/bn/bn_recp.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,251 +0,0 @@
-/* crypto/bn/bn_recp.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-void BN_RECP_CTX_init(BN_RECP_CTX *recp)
-{
-    BN_init(&(recp->N));
-    BN_init(&(recp->Nr));
-    recp->num_bits = 0;
-    recp->flags = 0;
-}
-
-BN_RECP_CTX *BN_RECP_CTX_new(void)
-{
-    BN_RECP_CTX *ret;
-
-    if ((ret = (BN_RECP_CTX *)OPENSSL_malloc(sizeof(BN_RECP_CTX))) == NULL)
-        return (NULL);
-
-    BN_RECP_CTX_init(ret);
-    ret->flags = BN_FLG_MALLOCED;
-    return (ret);
-}
-
-void BN_RECP_CTX_free(BN_RECP_CTX *recp)
-{
-    if (recp == NULL)
-        return;
-
-    BN_free(&(recp->N));
-    BN_free(&(recp->Nr));
-    if (recp->flags & BN_FLG_MALLOCED)
-        OPENSSL_free(recp);
-}
-
-int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
-{
-    if (!BN_copy(&(recp->N), d))
-        return 0;
-    BN_zero(&(recp->Nr));
-    recp->num_bits = BN_num_bits(d);
-    recp->shift = 0;
-    return (1);
-}
-
-int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
-                          BN_RECP_CTX *recp, BN_CTX *ctx)
-{
-    int ret = 0;
-    BIGNUM *a;
-    const BIGNUM *ca;
-
-    BN_CTX_start(ctx);
-    if ((a = BN_CTX_get(ctx)) == NULL)
-        goto err;
-    if (y != NULL) {
-        if (x == y) {
-            if (!BN_sqr(a, x, ctx))
-                goto err;
-        } else {
-            if (!BN_mul(a, x, y, ctx))
-                goto err;
-        }
-        ca = a;
-    } else
-        ca = x;                 /* Just do the mod */
-
-    ret = BN_div_recp(NULL, r, ca, recp, ctx);
- err:
-    BN_CTX_end(ctx);
-    bn_check_top(r);
-    return (ret);
-}
-
-int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
-                BN_RECP_CTX *recp, BN_CTX *ctx)
-{
-    int i, j, ret = 0;
-    BIGNUM *a, *b, *d, *r;
-
-    BN_CTX_start(ctx);
-    a = BN_CTX_get(ctx);
-    b = BN_CTX_get(ctx);
-    if (dv != NULL)
-        d = dv;
-    else
-        d = BN_CTX_get(ctx);
-    if (rem != NULL)
-        r = rem;
-    else
-        r = BN_CTX_get(ctx);
-    if (a == NULL || b == NULL || d == NULL || r == NULL)
-        goto err;
-
-    if (BN_ucmp(m, &(recp->N)) < 0) {
-        BN_zero(d);
-        if (!BN_copy(r, m)) {
-            BN_CTX_end(ctx);
-            return 0;
-        }
-        BN_CTX_end(ctx);
-        return (1);
-    }
-
-    /*
-     * We want the remainder Given input of ABCDEF / ab we need multiply
-     * ABCDEF by 3 digests of the reciprocal of ab
-     */
-
-    /* i := max(BN_num_bits(m), 2*BN_num_bits(N)) */
-    i = BN_num_bits(m);
-    j = recp->num_bits << 1;
-    if (j > i)
-        i = j;
-
-    /* Nr := round(2^i / N) */
-    if (i != recp->shift)
-        recp->shift = BN_reciprocal(&(recp->Nr), &(recp->N), i, ctx);
-    /* BN_reciprocal could have returned -1 for an error */
-    if (recp->shift == -1)
-        goto err;
-
-    /*-
-     * d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))|
-     *    = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))|
-     *   <= |(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)|
-     *    = |m/N|
-     */
-    if (!BN_rshift(a, m, recp->num_bits))
-        goto err;
-    if (!BN_mul(b, a, &(recp->Nr), ctx))
-        goto err;
-    if (!BN_rshift(d, b, i - recp->num_bits))
-        goto err;
-    d->neg = 0;
-
-    if (!BN_mul(b, &(recp->N), d, ctx))
-        goto err;
-    if (!BN_usub(r, m, b))
-        goto err;
-    r->neg = 0;
-
-#if 1
-    j = 0;
-    while (BN_ucmp(r, &(recp->N)) >= 0) {
-        if (j++ > 2) {
-            BNerr(BN_F_BN_DIV_RECP, BN_R_BAD_RECIPROCAL);
-            goto err;
-        }
-        if (!BN_usub(r, r, &(recp->N)))
-            goto err;
-        if (!BN_add_word(d, 1))
-            goto err;
-    }
-#endif
-
-    r->neg = BN_is_zero(r) ? 0 : m->neg;
-    d->neg = m->neg ^ recp->N.neg;
-    ret = 1;
- err:
-    BN_CTX_end(ctx);
-    bn_check_top(dv);
-    bn_check_top(rem);
-    return (ret);
-}
-
-/*
- * len is the expected size of the result We actually calculate with an extra
- * word of precision, so we can do faster division if the remainder is not
- * required.
- */
-/* r := 2^len / m */
-int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx)
-{
-    int ret = -1;
-    BIGNUM *t;
-
-    BN_CTX_start(ctx);
-    if ((t = BN_CTX_get(ctx)) == NULL)
-        goto err;
-
-    if (!BN_set_bit(t, len))
-        goto err;
-
-    if (!BN_div(r, NULL, t, m, ctx))
-        goto err;
-
-    ret = len;
- err:
-    bn_check_top(r);
-    BN_CTX_end(ctx);
-    return (ret);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/bn/bn_recp.c (from rev 11605, vendor-crypto/openssl/dist/crypto/bn/bn_recp.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/bn/bn_recp.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/bn/bn_recp.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,252 @@
+/* crypto/bn/bn_recp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+void BN_RECP_CTX_init(BN_RECP_CTX *recp)
+{
+    BN_init(&(recp->N));
+    BN_init(&(recp->Nr));
+    recp->num_bits = 0;
+    recp->shift = 0;
+    recp->flags = 0;
+}
+
+BN_RECP_CTX *BN_RECP_CTX_new(void)
+{
+    BN_RECP_CTX *ret;
+
+    if ((ret = (BN_RECP_CTX *)OPENSSL_malloc(sizeof(BN_RECP_CTX))) == NULL)
+        return (NULL);
+
+    BN_RECP_CTX_init(ret);
+    ret->flags = BN_FLG_MALLOCED;
+    return (ret);
+}
+
+void BN_RECP_CTX_free(BN_RECP_CTX *recp)
+{
+    if (recp == NULL)
+        return;
+
+    BN_free(&(recp->N));
+    BN_free(&(recp->Nr));
+    if (recp->flags & BN_FLG_MALLOCED)
+        OPENSSL_free(recp);
+}
+
+int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
+{
+    if (!BN_copy(&(recp->N), d))
+        return 0;
+    BN_zero(&(recp->Nr));
+    recp->num_bits = BN_num_bits(d);
+    recp->shift = 0;
+    return (1);
+}
+
+int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
+                          BN_RECP_CTX *recp, BN_CTX *ctx)
+{
+    int ret = 0;
+    BIGNUM *a;
+    const BIGNUM *ca;
+
+    BN_CTX_start(ctx);
+    if ((a = BN_CTX_get(ctx)) == NULL)
+        goto err;
+    if (y != NULL) {
+        if (x == y) {
+            if (!BN_sqr(a, x, ctx))
+                goto err;
+        } else {
+            if (!BN_mul(a, x, y, ctx))
+                goto err;
+        }
+        ca = a;
+    } else
+        ca = x;                 /* Just do the mod */
+
+    ret = BN_div_recp(NULL, r, ca, recp, ctx);
+ err:
+    BN_CTX_end(ctx);
+    bn_check_top(r);
+    return (ret);
+}
+
+int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
+                BN_RECP_CTX *recp, BN_CTX *ctx)
+{
+    int i, j, ret = 0;
+    BIGNUM *a, *b, *d, *r;
+
+    BN_CTX_start(ctx);
+    a = BN_CTX_get(ctx);
+    b = BN_CTX_get(ctx);
+    if (dv != NULL)
+        d = dv;
+    else
+        d = BN_CTX_get(ctx);
+    if (rem != NULL)
+        r = rem;
+    else
+        r = BN_CTX_get(ctx);
+    if (a == NULL || b == NULL || d == NULL || r == NULL)
+        goto err;
+
+    if (BN_ucmp(m, &(recp->N)) < 0) {
+        BN_zero(d);
+        if (!BN_copy(r, m)) {
+            BN_CTX_end(ctx);
+            return 0;
+        }
+        BN_CTX_end(ctx);
+        return (1);
+    }
+
+    /*
+     * We want the remainder Given input of ABCDEF / ab we need multiply
+     * ABCDEF by 3 digests of the reciprocal of ab
+     */
+
+    /* i := max(BN_num_bits(m), 2*BN_num_bits(N)) */
+    i = BN_num_bits(m);
+    j = recp->num_bits << 1;
+    if (j > i)
+        i = j;
+
+    /* Nr := round(2^i / N) */
+    if (i != recp->shift)
+        recp->shift = BN_reciprocal(&(recp->Nr), &(recp->N), i, ctx);
+    /* BN_reciprocal could have returned -1 for an error */
+    if (recp->shift == -1)
+        goto err;
+
+    /*-
+     * d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))|
+     *    = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))|
+     *   <= |(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)|
+     *    = |m/N|
+     */
+    if (!BN_rshift(a, m, recp->num_bits))
+        goto err;
+    if (!BN_mul(b, a, &(recp->Nr), ctx))
+        goto err;
+    if (!BN_rshift(d, b, i - recp->num_bits))
+        goto err;
+    d->neg = 0;
+
+    if (!BN_mul(b, &(recp->N), d, ctx))
+        goto err;
+    if (!BN_usub(r, m, b))
+        goto err;
+    r->neg = 0;
+
+#if 1
+    j = 0;
+    while (BN_ucmp(r, &(recp->N)) >= 0) {
+        if (j++ > 2) {
+            BNerr(BN_F_BN_DIV_RECP, BN_R_BAD_RECIPROCAL);
+            goto err;
+        }
+        if (!BN_usub(r, r, &(recp->N)))
+            goto err;
+        if (!BN_add_word(d, 1))
+            goto err;
+    }
+#endif
+
+    r->neg = BN_is_zero(r) ? 0 : m->neg;
+    d->neg = m->neg ^ recp->N.neg;
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    bn_check_top(dv);
+    bn_check_top(rem);
+    return (ret);
+}
+
+/*
+ * len is the expected size of the result We actually calculate with an extra
+ * word of precision, so we can do faster division if the remainder is not
+ * required.
+ */
+/* r := 2^len / m */
+int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx)
+{
+    int ret = -1;
+    BIGNUM *t;
+
+    BN_CTX_start(ctx);
+    if ((t = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    if (!BN_set_bit(t, len))
+        goto err;
+
+    if (!BN_div(r, NULL, t, m, ctx))
+        goto err;
+
+    ret = len;
+ err:
+    bn_check_top(r);
+    BN_CTX_end(ctx);
+    return (ret);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/bn/exptest.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/exptest.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/bn/exptest.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,249 +0,0 @@
-/* crypto/bn/exptest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "../e_os.h"
-
-#include <openssl/bio.h>
-#include <openssl/bn.h>
-#include <openssl/rand.h>
-#include <openssl/err.h>
-
-#define NUM_BITS        (BN_BITS*2)
-
-static const char rnd_seed[] =
-    "string to make the random number generator think it has entropy";
-
-/*
- * test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success.
- */
-static int test_exp_mod_zero()
-{
-    BIGNUM a, p, m;
-    BIGNUM r;
-    BN_CTX *ctx = BN_CTX_new();
-    int ret = 1;
-
-    BN_init(&m);
-    BN_one(&m);
-
-    BN_init(&a);
-    BN_one(&a);
-
-    BN_init(&p);
-    BN_zero(&p);
-
-    BN_init(&r);
-    BN_mod_exp(&r, &a, &p, &m, ctx);
-    BN_CTX_free(ctx);
-
-    if (BN_is_zero(&r))
-        ret = 0;
-    else {
-        printf("1**0 mod 1 = ");
-        BN_print_fp(stdout, &r);
-        printf(", should be 0\n");
-    }
-
-    BN_free(&r);
-    BN_free(&a);
-    BN_free(&p);
-    BN_free(&m);
-
-    return ret;
-}
-
-int main(int argc, char *argv[])
-{
-    BN_CTX *ctx;
-    BIO *out = NULL;
-    int i, ret;
-    unsigned char c;
-    BIGNUM *r_mont, *r_mont_const, *r_recp, *r_simple, *a, *b, *m;
-
-    RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we
-                                           * don't even check its return
-                                           * value (which we should) */
-
-    ERR_load_BN_strings();
-
-    ctx = BN_CTX_new();
-    if (ctx == NULL)
-        EXIT(1);
-    r_mont = BN_new();
-    r_mont_const = BN_new();
-    r_recp = BN_new();
-    r_simple = BN_new();
-    a = BN_new();
-    b = BN_new();
-    m = BN_new();
-    if ((r_mont == NULL) || (r_recp == NULL) || (a == NULL) || (b == NULL))
-        goto err;
-
-    out = BIO_new(BIO_s_file());
-
-    if (out == NULL)
-        EXIT(1);
-    BIO_set_fp(out, stdout, BIO_NOCLOSE);
-
-    for (i = 0; i < 200; i++) {
-        RAND_bytes(&c, 1);
-        c = (c % BN_BITS) - BN_BITS2;
-        BN_rand(a, NUM_BITS + c, 0, 0);
-
-        RAND_bytes(&c, 1);
-        c = (c % BN_BITS) - BN_BITS2;
-        BN_rand(b, NUM_BITS + c, 0, 0);
-
-        RAND_bytes(&c, 1);
-        c = (c % BN_BITS) - BN_BITS2;
-        BN_rand(m, NUM_BITS + c, 0, 1);
-
-        BN_mod(a, a, m, ctx);
-        BN_mod(b, b, m, ctx);
-
-        ret = BN_mod_exp_mont(r_mont, a, b, m, ctx, NULL);
-        if (ret <= 0) {
-            printf("BN_mod_exp_mont() problems\n");
-            ERR_print_errors(out);
-            EXIT(1);
-        }
-
-        ret = BN_mod_exp_recp(r_recp, a, b, m, ctx);
-        if (ret <= 0) {
-            printf("BN_mod_exp_recp() problems\n");
-            ERR_print_errors(out);
-            EXIT(1);
-        }
-
-        ret = BN_mod_exp_simple(r_simple, a, b, m, ctx);
-        if (ret <= 0) {
-            printf("BN_mod_exp_simple() problems\n");
-            ERR_print_errors(out);
-            EXIT(1);
-        }
-
-        ret = BN_mod_exp_mont_consttime(r_mont_const, a, b, m, ctx, NULL);
-        if (ret <= 0) {
-            printf("BN_mod_exp_mont_consttime() problems\n");
-            ERR_print_errors(out);
-            EXIT(1);
-        }
-
-        if (BN_cmp(r_simple, r_mont) == 0
-            && BN_cmp(r_simple, r_recp) == 0
-            && BN_cmp(r_simple, r_mont_const) == 0) {
-            printf(".");
-            fflush(stdout);
-        } else {
-            if (BN_cmp(r_simple, r_mont) != 0)
-                printf("\nsimple and mont results differ\n");
-            if (BN_cmp(r_simple, r_mont_const) != 0)
-                printf("\nsimple and mont const time results differ\n");
-            if (BN_cmp(r_simple, r_recp) != 0)
-                printf("\nsimple and recp results differ\n");
-
-            printf("a (%3d) = ", BN_num_bits(a));
-            BN_print(out, a);
-            printf("\nb (%3d) = ", BN_num_bits(b));
-            BN_print(out, b);
-            printf("\nm (%3d) = ", BN_num_bits(m));
-            BN_print(out, m);
-            printf("\nsimple   =");
-            BN_print(out, r_simple);
-            printf("\nrecp     =");
-            BN_print(out, r_recp);
-            printf("\nmont     =");
-            BN_print(out, r_mont);
-            printf("\nmont_ct  =");
-            BN_print(out, r_mont_const);
-            printf("\n");
-            EXIT(1);
-        }
-    }
-    BN_free(r_mont);
-    BN_free(r_mont_const);
-    BN_free(r_recp);
-    BN_free(r_simple);
-    BN_free(a);
-    BN_free(b);
-    BN_free(m);
-    BN_CTX_free(ctx);
-    ERR_remove_thread_state(NULL);
-    CRYPTO_mem_leaks(out);
-    BIO_free(out);
-    printf("\n");
-
-    if (test_exp_mod_zero() != 0)
-        goto err;
-
-    printf("done\n");
-
-    EXIT(0);
- err:
-    ERR_load_crypto_strings();
-    ERR_print_errors(out);
-#ifdef OPENSSL_SYS_NETWARE
-    printf("ERROR\n");
-#endif
-    EXIT(1);
-    return (1);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/bn/exptest.c (from rev 11605, vendor-crypto/openssl/dist/crypto/bn/exptest.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/bn/exptest.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/bn/exptest.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,313 @@
+/* crypto/bn/exptest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "../e_os.h"
+
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+
+#define NUM_BITS        (BN_BITS*2)
+
+static const char rnd_seed[] =
+    "string to make the random number generator think it has entropy";
+
+/*
+ * Test that r == 0 in test_exp_mod_zero(). Returns one on success,
+ * returns zero and prints debug output otherwise.
+ */
+static int a_is_zero_mod_one(const char *method, const BIGNUM *r,
+                             const BIGNUM *a) {
+    if (!BN_is_zero(r)) {
+        fprintf(stderr, "%s failed:\n", method);
+        fprintf(stderr, "a ** 0 mod 1 = r (should be 0)\n");
+        fprintf(stderr, "a = ");
+        BN_print_fp(stderr, a);
+        fprintf(stderr, "\nr = ");
+        BN_print_fp(stderr, r);
+        fprintf(stderr, "\n");
+        return 0;
+    }
+    return 1;
+}
+
+/*
+ * test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success.
+ */
+static int test_exp_mod_zero()
+{
+    BIGNUM a, p, m;
+    BIGNUM r;
+    BN_ULONG one_word = 1;
+    BN_CTX *ctx = BN_CTX_new();
+    int ret = 1, failed = 0;
+
+    BN_init(&m);
+    BN_one(&m);
+
+    BN_init(&a);
+    BN_one(&a);
+
+    BN_init(&p);
+    BN_zero(&p);
+
+    BN_init(&r);
+
+    if (!BN_rand(&a, 1024, 0, 0))
+        goto err;
+
+    if (!BN_mod_exp(&r, &a, &p, &m, ctx))
+        goto err;
+
+    if (!a_is_zero_mod_one("BN_mod_exp", &r, &a))
+        failed = 1;
+
+    if (!BN_mod_exp_recp(&r, &a, &p, &m, ctx))
+        goto err;
+
+    if (!a_is_zero_mod_one("BN_mod_exp_recp", &r, &a))
+        failed = 1;
+
+    if (!BN_mod_exp_simple(&r, &a, &p, &m, ctx))
+        goto err;
+
+    if (!a_is_zero_mod_one("BN_mod_exp_simple", &r, &a))
+        failed = 1;
+
+    if (!BN_mod_exp_mont(&r, &a, &p, &m, ctx, NULL))
+        goto err;
+
+    if (!a_is_zero_mod_one("BN_mod_exp_mont", &r, &a))
+        failed = 1;
+
+    if (!BN_mod_exp_mont_consttime(&r, &a, &p, &m, ctx, NULL)) {
+        goto err;
+    }
+
+    if (!a_is_zero_mod_one("BN_mod_exp_mont_consttime", &r, &a))
+        failed = 1;
+
+    /*
+     * A different codepath exists for single word multiplication
+     * in non-constant-time only.
+     */
+    if (!BN_mod_exp_mont_word(&r, one_word, &p, &m, ctx, NULL))
+        goto err;
+
+    if (!BN_is_zero(&r)) {
+        fprintf(stderr, "BN_mod_exp_mont_word failed:\n");
+        fprintf(stderr, "1 ** 0 mod 1 = r (should be 0)\n");
+        fprintf(stderr, "r = ");
+        BN_print_fp(stderr, &r);
+        fprintf(stderr, "\n");
+        return 0;
+    }
+
+    ret = failed;
+
+ err:
+    BN_free(&r);
+    BN_free(&a);
+    BN_free(&p);
+    BN_free(&m);
+    BN_CTX_free(ctx);
+
+    return ret;
+}
+
+int main(int argc, char *argv[])
+{
+    BN_CTX *ctx;
+    BIO *out = NULL;
+    int i, ret;
+    unsigned char c;
+    BIGNUM *r_mont, *r_mont_const, *r_recp, *r_simple, *a, *b, *m;
+
+    RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we
+                                           * don't even check its return
+                                           * value (which we should) */
+
+    ERR_load_BN_strings();
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        EXIT(1);
+    r_mont = BN_new();
+    r_mont_const = BN_new();
+    r_recp = BN_new();
+    r_simple = BN_new();
+    a = BN_new();
+    b = BN_new();
+    m = BN_new();
+    if ((r_mont == NULL) || (r_recp == NULL) || (a == NULL) || (b == NULL))
+        goto err;
+
+    out = BIO_new(BIO_s_file());
+
+    if (out == NULL)
+        EXIT(1);
+    BIO_set_fp(out, stdout, BIO_NOCLOSE);
+
+    for (i = 0; i < 200; i++) {
+        RAND_bytes(&c, 1);
+        c = (c % BN_BITS) - BN_BITS2;
+        BN_rand(a, NUM_BITS + c, 0, 0);
+
+        RAND_bytes(&c, 1);
+        c = (c % BN_BITS) - BN_BITS2;
+        BN_rand(b, NUM_BITS + c, 0, 0);
+
+        RAND_bytes(&c, 1);
+        c = (c % BN_BITS) - BN_BITS2;
+        BN_rand(m, NUM_BITS + c, 0, 1);
+
+        BN_mod(a, a, m, ctx);
+        BN_mod(b, b, m, ctx);
+
+        ret = BN_mod_exp_mont(r_mont, a, b, m, ctx, NULL);
+        if (ret <= 0) {
+            printf("BN_mod_exp_mont() problems\n");
+            ERR_print_errors(out);
+            EXIT(1);
+        }
+
+        ret = BN_mod_exp_recp(r_recp, a, b, m, ctx);
+        if (ret <= 0) {
+            printf("BN_mod_exp_recp() problems\n");
+            ERR_print_errors(out);
+            EXIT(1);
+        }
+
+        ret = BN_mod_exp_simple(r_simple, a, b, m, ctx);
+        if (ret <= 0) {
+            printf("BN_mod_exp_simple() problems\n");
+            ERR_print_errors(out);
+            EXIT(1);
+        }
+
+        ret = BN_mod_exp_mont_consttime(r_mont_const, a, b, m, ctx, NULL);
+        if (ret <= 0) {
+            printf("BN_mod_exp_mont_consttime() problems\n");
+            ERR_print_errors(out);
+            EXIT(1);
+        }
+
+        if (BN_cmp(r_simple, r_mont) == 0
+            && BN_cmp(r_simple, r_recp) == 0
+            && BN_cmp(r_simple, r_mont_const) == 0) {
+            printf(".");
+            fflush(stdout);
+        } else {
+            if (BN_cmp(r_simple, r_mont) != 0)
+                printf("\nsimple and mont results differ\n");
+            if (BN_cmp(r_simple, r_mont_const) != 0)
+                printf("\nsimple and mont const time results differ\n");
+            if (BN_cmp(r_simple, r_recp) != 0)
+                printf("\nsimple and recp results differ\n");
+
+            printf("a (%3d) = ", BN_num_bits(a));
+            BN_print(out, a);
+            printf("\nb (%3d) = ", BN_num_bits(b));
+            BN_print(out, b);
+            printf("\nm (%3d) = ", BN_num_bits(m));
+            BN_print(out, m);
+            printf("\nsimple   =");
+            BN_print(out, r_simple);
+            printf("\nrecp     =");
+            BN_print(out, r_recp);
+            printf("\nmont     =");
+            BN_print(out, r_mont);
+            printf("\nmont_ct  =");
+            BN_print(out, r_mont_const);
+            printf("\n");
+            EXIT(1);
+        }
+    }
+    BN_free(r_mont);
+    BN_free(r_mont_const);
+    BN_free(r_recp);
+    BN_free(r_simple);
+    BN_free(a);
+    BN_free(b);
+    BN_free(m);
+    BN_CTX_free(ctx);
+    ERR_remove_thread_state(NULL);
+    CRYPTO_mem_leaks(out);
+    BIO_free(out);
+    printf("\n");
+
+    if (test_exp_mod_zero() != 0)
+        goto err;
+
+    printf("done\n");
+
+    EXIT(0);
+ err:
+    ERR_load_crypto_strings();
+    ERR_print_errors(out);
+#ifdef OPENSSL_SYS_NETWARE
+    printf("ERROR\n");
+#endif
+    EXIT(1);
+    return (1);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/camellia/camellia.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/camellia/camellia.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/camellia/camellia.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,584 +0,0 @@
-/* crypto/camellia/camellia.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
- * ALL RIGHTS RESERVED.
- *
- * Intellectual Property information for Camellia:
- *     http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
- *
- * News Release for Announcement of Camellia open source:
- *     http://www.ntt.co.jp/news/news06e/0604/060413a.html
- *
- * The Camellia Code included herein is developed by
- * NTT (Nippon Telegraph and Telephone Corporation), and is contributed
- * to the OpenSSL project.
- *
- * The Camellia Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-/*
- * Algorithm Specification
- * http://info.isl.llia/specicrypt/eng/camellia/specifications.html
- */
-
-/*
- * This release balances code size and performance. In particular key
- * schedule setup is fully unrolled, because doing so *significantly*
- * reduces amount of instructions per setup round and code increase is
- * justifiable. In block functions on the other hand only inner loops
- * are unrolled, as full unroll gives only nominal performance boost,
- * while code size grows 4 or 7 times. Also, unlike previous versions
- * this one "encourages" compiler to keep intermediate variables in
- * registers, which should give better "all round" results, in other
- * words reasonable performance even with not so modern compilers.
- */
-
-#include "camellia.h"
-#include "cmll_locl.h"
-#include <string.h>
-#include <stdlib.h>
-
-/* 32-bit rotations */
-#if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-# if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))
-#  define RightRotate(x, s) _lrotr(x, s)
-#  define LeftRotate(x, s)  _lrotl(x, s)
-#  if _MSC_VER >= 1400
-#   define SWAP(x) _byteswap_ulong(x)
-#  else
-#   define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
-#  endif
-#  define GETU32(p)   SWAP(*((u32 *)(p)))
-#  define PUTU32(p,v) (*((u32 *)(p)) = SWAP((v)))
-# elif defined(__GNUC__) && __GNUC__>=2
-#  if defined(__i386) || defined(__x86_64)
-#   define RightRotate(x,s) ({u32 ret; asm ("rorl %1,%0":"=r"(ret):"I"(s),"0"(x):"cc"); ret; })
-#   define LeftRotate(x,s)  ({u32 ret; asm ("roll %1,%0":"=r"(ret):"I"(s),"0"(x):"cc"); ret; })
-#   if defined(B_ENDIAN)        /* stratus.com does it */
-#    define GETU32(p)   (*(u32 *)(p))
-#    define PUTU32(p,v) (*(u32 *)(p)=(v))
-#   else
-#    define GETU32(p)   ({u32 r=*(const u32 *)(p); asm("bswapl %0":"=r"(r):"0"(r)); r; })
-#    define PUTU32(p,v) ({u32 r=(v); asm("bswapl %0":"=r"(r):"0"(r)); *(u32 *)(p)=r; })
-#   endif
-#  elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \
-        defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__)
-#   define LeftRotate(x,s)  ({u32 ret; asm ("rlwinm %0,%1,%2,0,31":"=r"(ret):"r"(x),"I"(s)); ret; })
-#   define RightRotate(x,s) LeftRotate(x,(32-s))
-#  elif defined(__s390x__)
-#   define LeftRotate(x,s)  ({u32 ret; asm ("rll %0,%1,%2":"=r"(ret):"r"(x),"I"(s)); ret; })
-#   define RightRotate(x,s) LeftRotate(x,(32-s))
-#   define GETU32(p)   (*(u32 *)(p))
-#   define PUTU32(p,v) (*(u32 *)(p)=(v))
-#  endif
-# endif
-#endif
-
-#if !defined(RightRotate) && !defined(LeftRotate)
-# define RightRotate(x, s) ( ((x) >> (s)) + ((x) << (32 - s)) )
-# define LeftRotate(x, s)  ( ((x) << (s)) + ((x) >> (32 - s)) )
-#endif
-
-#if !defined(GETU32) && !defined(PUTU32)
-# define GETU32(p)   (((u32)(p)[0] << 24) ^ ((u32)(p)[1] << 16) ^ ((u32)(p)[2] <<  8) ^ ((u32)(p)[3]))
-# define PUTU32(p,v) ((p)[0] = (u8)((v) >> 24), (p)[1] = (u8)((v) >> 16), (p)[2] = (u8)((v) >>  8), (p)[3] = (u8)(v))
-#endif
-
-/* S-box data */
-#define SBOX1_1110 Camellia_SBOX[0]
-#define SBOX4_4404 Camellia_SBOX[1]
-#define SBOX2_0222 Camellia_SBOX[2]
-#define SBOX3_3033 Camellia_SBOX[3]
-static const u32 Camellia_SBOX[][256] = {
-    {0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00, 0xb3b3b300, 0x27272700,
-     0xc0c0c000, 0xe5e5e500, 0xe4e4e400, 0x85858500, 0x57575700, 0x35353500,
-     0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100, 0x23232300, 0xefefef00,
-     0x6b6b6b00, 0x93939300, 0x45454500, 0x19191900, 0xa5a5a500, 0x21212100,
-     0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00, 0x1d1d1d00, 0x65656500,
-     0x92929200, 0xbdbdbd00, 0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00,
-     0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00, 0x3e3e3e00, 0x30303000,
-     0xdcdcdc00, 0x5f5f5f00, 0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00,
-     0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00, 0xd5d5d500, 0x47474700,
-     0x5d5d5d00, 0x3d3d3d00, 0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600,
-     0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00, 0x8b8b8b00, 0x0d0d0d00,
-     0x9a9a9a00, 0x66666600, 0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00,
-     0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000, 0xf0f0f000, 0xb1b1b100,
-     0x84848400, 0x99999900, 0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200,
-     0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500, 0x6d6d6d00, 0xb7b7b700,
-     0xa9a9a900, 0x31313100, 0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700,
-     0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100, 0xdedede00, 0x1b1b1b00,
-     0x11111100, 0x1c1c1c00, 0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600,
-     0x53535300, 0x18181800, 0xf2f2f200, 0x22222200, 0xfefefe00, 0x44444400,
-     0xcfcfcf00, 0xb2b2b200, 0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100,
-     0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800, 0x60606000, 0xfcfcfc00,
-     0x69696900, 0x50505000, 0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00,
-     0xa1a1a100, 0x89898900, 0x62626200, 0x97979700, 0x54545400, 0x5b5b5b00,
-     0x1e1e1e00, 0x95959500, 0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200,
-     0x10101000, 0xc4c4c400, 0x00000000, 0x48484800, 0xa3a3a300, 0xf7f7f700,
-     0x75757500, 0xdbdbdb00, 0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00,
-     0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400, 0x87878700, 0x5c5c5c00,
-     0x83838300, 0x02020200, 0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300,
-     0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300, 0x9d9d9d00, 0x7f7f7f00,
-     0xbfbfbf00, 0xe2e2e200, 0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600,
-     0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00, 0x81818100, 0x96969600,
-     0x6f6f6f00, 0x4b4b4b00, 0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00,
-     0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00, 0x9f9f9f00, 0x6e6e6e00,
-     0xbcbcbc00, 0x8e8e8e00, 0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600,
-     0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900, 0x78787800, 0x98989800,
-     0x06060600, 0x6a6a6a00, 0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00,
-     0xd4d4d400, 0x25252500, 0xababab00, 0x42424200, 0x88888800, 0xa2a2a200,
-     0x8d8d8d00, 0xfafafa00, 0x72727200, 0x07070700, 0xb9b9b900, 0x55555500,
-     0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00, 0x36363600, 0x49494900,
-     0x2a2a2a00, 0x68686800, 0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400,
-     0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00, 0xbbbbbb00, 0xc9c9c900,
-     0x43434300, 0xc1c1c100, 0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400,
-     0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00},
-    {0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0, 0xe4e400e4, 0x57570057,
-     0xeaea00ea, 0xaeae00ae, 0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5,
-     0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092, 0x86860086, 0xafaf00af,
-     0x7c7c007c, 0x1f1f001f, 0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b,
-     0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d, 0xd9d900d9, 0x5a5a005a,
-     0x51510051, 0x6c6c006c, 0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0,
-     0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084, 0xdfdf00df, 0xcbcb00cb,
-     0x34340034, 0x76760076, 0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004,
-     0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011, 0x32320032, 0x9c9c009c,
-     0x53530053, 0xf2f200f2, 0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a,
-     0x24240024, 0xe8e800e8, 0x60600060, 0x69690069, 0xaaaa00aa, 0xa0a000a0,
-     0xa1a100a1, 0x62620062, 0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064,
-     0x10100010, 0x00000000, 0xa3a300a3, 0x75750075, 0x8a8a008a, 0xe6e600e6,
-     0x09090009, 0xdddd00dd, 0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090,
-     0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf, 0x52520052, 0xd8d800d8,
-     0xc8c800c8, 0xc6c600c6, 0x81810081, 0x6f6f006f, 0x13130013, 0x63630063,
-     0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc, 0x29290029, 0xf9f900f9,
-     0x2f2f002f, 0xb4b400b4, 0x78780078, 0x06060006, 0xe7e700e7, 0x71710071,
-     0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d, 0x72720072, 0xb9b900b9,
-     0xf8f800f8, 0xacac00ac, 0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1,
-     0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043, 0x15150015, 0xadad00ad,
-     0x77770077, 0x80800080, 0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5,
-     0x85850085, 0x35350035, 0x0c0c000c, 0x41410041, 0xefef00ef, 0x93930093,
-     0x19190019, 0x21210021, 0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd,
-     0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce, 0x30300030, 0x5f5f005f,
-     0xc5c500c5, 0x1a1a001a, 0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d,
-     0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d, 0x0d0d000d, 0x66660066,
-     0xcccc00cc, 0x2d2d002d, 0x12120012, 0x20200020, 0xb1b100b1, 0x99990099,
-     0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005, 0xb7b700b7, 0x31310031,
-     0x17170017, 0xd7d700d7, 0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c,
-     0x0f0f000f, 0x16160016, 0x18180018, 0x22220022, 0x44440044, 0xb2b200b2,
-     0xb5b500b5, 0x91910091, 0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050,
-     0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097, 0x5b5b005b, 0x95950095,
-     0xffff00ff, 0xd2d200d2, 0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db,
-     0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094, 0x5c5c005c, 0x02020002,
-     0x4a4a004a, 0x33330033, 0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2,
-     0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b, 0x96960096, 0x4b4b004b,
-     0xbebe00be, 0x2e2e002e, 0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e,
-     0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059, 0x98980098, 0x6a6a006a,
-     0x46460046, 0xbaba00ba, 0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa,
-     0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a, 0x49490049, 0x68680068,
-     0x38380038, 0xa4a400a4, 0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1,
-     0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e},
-    {0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9, 0x00676767, 0x004e4e4e,
-     0x00818181, 0x00cbcbcb, 0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a,
-     0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282, 0x00464646, 0x00dfdfdf,
-     0x00d6d6d6, 0x00272727, 0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242,
-     0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c, 0x003a3a3a, 0x00cacaca,
-     0x00252525, 0x007b7b7b, 0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f,
-     0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d, 0x007c7c7c, 0x00606060,
-     0x00b9b9b9, 0x00bebebe, 0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434,
-     0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595, 0x00ababab, 0x008e8e8e,
-     0x00bababa, 0x007a7a7a, 0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad,
-     0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a, 0x00171717, 0x001a1a1a,
-     0x00353535, 0x00cccccc, 0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a,
-     0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040, 0x00e1e1e1, 0x00636363,
-     0x00090909, 0x00333333, 0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585,
-     0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a, 0x00dadada, 0x006f6f6f,
-     0x00535353, 0x00626262, 0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf,
-     0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2, 0x00bdbdbd, 0x00363636,
-     0x00222222, 0x00383838, 0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c,
-     0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444, 0x00fdfdfd, 0x00888888,
-     0x009f9f9f, 0x00656565, 0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323,
-     0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151, 0x00c0c0c0, 0x00f9f9f9,
-     0x00d2d2d2, 0x00a0a0a0, 0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa,
-     0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f, 0x00a8a8a8, 0x00b6b6b6,
-     0x003c3c3c, 0x002b2b2b, 0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5,
-     0x00202020, 0x00898989, 0x00000000, 0x00909090, 0x00474747, 0x00efefef,
-     0x00eaeaea, 0x00b7b7b7, 0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5,
-     0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929, 0x000f0f0f, 0x00b8b8b8,
-     0x00070707, 0x00040404, 0x009b9b9b, 0x00949494, 0x00212121, 0x00666666,
-     0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7, 0x003b3b3b, 0x00fefefe,
-     0x007f7f7f, 0x00c5c5c5, 0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c,
-     0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676, 0x00030303, 0x002d2d2d,
-     0x00dedede, 0x00969696, 0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c,
-     0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919, 0x003f3f3f, 0x00dcdcdc,
-     0x00797979, 0x001d1d1d, 0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d,
-     0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2, 0x00f0f0f0, 0x00313131,
-     0x000c0c0c, 0x00d4d4d4, 0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575,
-     0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484, 0x00111111, 0x00454545,
-     0x001b1b1b, 0x00f5f5f5, 0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa,
-     0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414, 0x006c6c6c, 0x00929292,
-     0x00545454, 0x00d0d0d0, 0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949,
-     0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6, 0x00777777, 0x00939393,
-     0x00868686, 0x00838383, 0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9,
-     0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d},
-    {0x38003838, 0x41004141, 0x16001616, 0x76007676, 0xd900d9d9, 0x93009393,
-     0x60006060, 0xf200f2f2, 0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a,
-     0x75007575, 0x06000606, 0x57005757, 0xa000a0a0, 0x91009191, 0xf700f7f7,
-     0xb500b5b5, 0xc900c9c9, 0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090,
-     0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727, 0x8e008e8e, 0xb200b2b2,
-     0x49004949, 0xde00dede, 0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7,
-     0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767, 0x1f001f1f, 0x18001818,
-     0x6e006e6e, 0xaf00afaf, 0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d,
-     0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565, 0xea00eaea, 0xa300a3a3,
-     0xae00aeae, 0x9e009e9e, 0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b,
-     0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6, 0xc500c5c5, 0x86008686,
-     0x4d004d4d, 0x33003333, 0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696,
-     0x3a003a3a, 0x09000909, 0x95009595, 0x10001010, 0x78007878, 0xd800d8d8,
-     0x42004242, 0xcc00cccc, 0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161,
-     0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282, 0xb600b6b6, 0xdb00dbdb,
-     0xd400d4d4, 0x98009898, 0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb,
-     0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0, 0x6f006f6f, 0x8d008d8d,
-     0x88008888, 0x0e000e0e, 0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b,
-     0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111, 0x7f007f7f, 0x22002222,
-     0xe700e7e7, 0x59005959, 0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8,
-     0x12001212, 0x04000404, 0x74007474, 0x54005454, 0x30003030, 0x7e007e7e,
-     0xb400b4b4, 0x28002828, 0x55005555, 0x68006868, 0x50005050, 0xbe00bebe,
-     0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb, 0x2a002a2a, 0xad00adad,
-     0x0f000f0f, 0xca00caca, 0x70007070, 0xff00ffff, 0x32003232, 0x69006969,
-     0x08000808, 0x62006262, 0x00000000, 0x24002424, 0xd100d1d1, 0xfb00fbfb,
-     0xba00baba, 0xed00eded, 0x45004545, 0x81008181, 0x73007373, 0x6d006d6d,
-     0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a, 0xc300c3c3, 0x2e002e2e,
-     0xc100c1c1, 0x01000101, 0xe600e6e6, 0x25002525, 0x48004848, 0x99009999,
-     0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9, 0xce00cece, 0xbf00bfbf,
-     0xdf00dfdf, 0x71007171, 0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313,
-     0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d, 0xc000c0c0, 0x4b004b4b,
-     0xb700b7b7, 0xa500a5a5, 0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717,
-     0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646, 0xcf00cfcf, 0x37003737,
-     0x5e005e5e, 0x47004747, 0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b,
-     0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac, 0x3c003c3c, 0x4c004c4c,
-     0x03000303, 0x35003535, 0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d,
-     0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121, 0x44004444, 0x51005151,
-     0xc600c6c6, 0x7d007d7d, 0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa,
-     0x7c007c7c, 0x77007777, 0x56005656, 0x05000505, 0x1b001b1b, 0xa400a4a4,
-     0x15001515, 0x34003434, 0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252,
-     0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd, 0xdd00dddd, 0xe400e4e4,
-     0xa100a1a1, 0xe000e0e0, 0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a,
-     0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f}
-};
-
-/* Key generation constants */
-static const u32 SIGMA[] = {
-    0xa09e667f, 0x3bcc908b, 0xb67ae858, 0x4caa73b2, 0xc6ef372f, 0xe94f82be,
-    0x54ff53a5, 0xf1d36f1c, 0x10e527fa, 0xde682d1d, 0xb05688c2, 0xb3e6c1fd
-};
-
-/* The phi algorithm given in C.2.7 of the Camellia spec document. */
-/*
- * This version does not attempt to minimize amount of temporary
- * variables, but instead explicitly exposes algorithm's parallelism.
- * It is therefore most appropriate for platforms with not less than
- * ~16 registers. For platforms with less registers [well, x86 to be
- * specific] assembler version should be/is provided anyway...
- */
-#define Camellia_Feistel(_s0,_s1,_s2,_s3,_key) do {\
-        register u32 _t0,_t1,_t2,_t3;\
-\
-        _t0  = _s0 ^ (_key)[0];\
-        _t3  = SBOX4_4404[_t0&0xff];\
-        _t1  = _s1 ^ (_key)[1];\
-        _t3 ^= SBOX3_3033[(_t0 >> 8)&0xff];\
-        _t2  = SBOX1_1110[_t1&0xff];\
-        _t3 ^= SBOX2_0222[(_t0 >> 16)&0xff];\
-        _t2 ^= SBOX4_4404[(_t1 >> 8)&0xff];\
-        _t3 ^= SBOX1_1110[(_t0 >> 24)];\
-        _t2 ^= _t3;\
-        _t3  = RightRotate(_t3,8);\
-        _t2 ^= SBOX3_3033[(_t1 >> 16)&0xff];\
-        _s3 ^= _t3;\
-        _t2 ^= SBOX2_0222[(_t1 >> 24)];\
-        _s2 ^= _t2; \
-        _s3 ^= _t2;\
-} while(0)
-
-/*
- * Note that n has to be less than 32. Rotations for larger amount
- * of bits are achieved by "rotating" order of s-elements and
- * adjusting n accordingly, e.g. RotLeft128(s1,s2,s3,s0,n-32).
- */
-#define RotLeft128(_s0,_s1,_s2,_s3,_n) do {\
-        u32 _t0=_s0>>(32-_n);\
-        _s0 = (_s0<<_n) | (_s1>>(32-_n));\
-        _s1 = (_s1<<_n) | (_s2>>(32-_n));\
-        _s2 = (_s2<<_n) | (_s3>>(32-_n));\
-        _s3 = (_s3<<_n) | _t0;\
-} while (0)
-
-int Camellia_Ekeygen(int keyBitLength, const u8 *rawKey, KEY_TABLE_TYPE k)
-{
-    register u32 s0, s1, s2, s3;
-
-    k[0] = s0 = GETU32(rawKey);
-    k[1] = s1 = GETU32(rawKey + 4);
-    k[2] = s2 = GETU32(rawKey + 8);
-    k[3] = s3 = GETU32(rawKey + 12);
-
-    if (keyBitLength != 128) {
-        k[8] = s0 = GETU32(rawKey + 16);
-        k[9] = s1 = GETU32(rawKey + 20);
-        if (keyBitLength == 192) {
-            k[10] = s2 = ~s0;
-            k[11] = s3 = ~s1;
-        } else {
-            k[10] = s2 = GETU32(rawKey + 24);
-            k[11] = s3 = GETU32(rawKey + 28);
-        }
-        s0 ^= k[0], s1 ^= k[1], s2 ^= k[2], s3 ^= k[3];
-    }
-
-    /* Use the Feistel routine to scramble the key material */
-    Camellia_Feistel(s0, s1, s2, s3, SIGMA + 0);
-    Camellia_Feistel(s2, s3, s0, s1, SIGMA + 2);
-
-    s0 ^= k[0], s1 ^= k[1], s2 ^= k[2], s3 ^= k[3];
-    Camellia_Feistel(s0, s1, s2, s3, SIGMA + 4);
-    Camellia_Feistel(s2, s3, s0, s1, SIGMA + 6);
-
-    /* Fill the keyTable. Requires many block rotations. */
-    if (keyBitLength == 128) {
-        k[4] = s0, k[5] = s1, k[6] = s2, k[7] = s3;
-        RotLeft128(s0, s1, s2, s3, 15); /* KA <<< 15 */
-        k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3;
-        RotLeft128(s0, s1, s2, s3, 15); /* KA <<< 30 */
-        k[16] = s0, k[17] = s1, k[18] = s2, k[19] = s3;
-        RotLeft128(s0, s1, s2, s3, 15); /* KA <<< 45 */
-        k[24] = s0, k[25] = s1;
-        RotLeft128(s0, s1, s2, s3, 15); /* KA <<< 60 */
-        k[28] = s0, k[29] = s1, k[30] = s2, k[31] = s3;
-        RotLeft128(s1, s2, s3, s0, 2); /* KA <<< 94 */
-        k[40] = s1, k[41] = s2, k[42] = s3, k[43] = s0;
-        RotLeft128(s1, s2, s3, s0, 17); /* KA <<<111 */
-        k[48] = s1, k[49] = s2, k[50] = s3, k[51] = s0;
-
-        s0 = k[0], s1 = k[1], s2 = k[2], s3 = k[3];
-        RotLeft128(s0, s1, s2, s3, 15); /* KL <<< 15 */
-        k[8] = s0, k[9] = s1, k[10] = s2, k[11] = s3;
-        RotLeft128(s0, s1, s2, s3, 30); /* KL <<< 45 */
-        k[20] = s0, k[21] = s1, k[22] = s2, k[23] = s3;
-        RotLeft128(s0, s1, s2, s3, 15); /* KL <<< 60 */
-        k[26] = s2, k[27] = s3;
-        RotLeft128(s0, s1, s2, s3, 17); /* KL <<< 77 */
-        k[32] = s0, k[33] = s1, k[34] = s2, k[35] = s3;
-        RotLeft128(s0, s1, s2, s3, 17); /* KL <<< 94 */
-        k[36] = s0, k[37] = s1, k[38] = s2, k[39] = s3;
-        RotLeft128(s0, s1, s2, s3, 17); /* KL <<<111 */
-        k[44] = s0, k[45] = s1, k[46] = s2, k[47] = s3;
-
-        return 3;               /* grand rounds */
-    } else {
-        k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3;
-        s0 ^= k[8], s1 ^= k[9], s2 ^= k[10], s3 ^= k[11];
-        Camellia_Feistel(s0, s1, s2, s3, (SIGMA + 8));
-        Camellia_Feistel(s2, s3, s0, s1, (SIGMA + 10));
-
-        k[4] = s0, k[5] = s1, k[6] = s2, k[7] = s3;
-        RotLeft128(s0, s1, s2, s3, 30); /* KB <<< 30 */
-        k[20] = s0, k[21] = s1, k[22] = s2, k[23] = s3;
-        RotLeft128(s0, s1, s2, s3, 30); /* KB <<< 60 */
-        k[40] = s0, k[41] = s1, k[42] = s2, k[43] = s3;
-        RotLeft128(s1, s2, s3, s0, 19); /* KB <<<111 */
-        k[64] = s1, k[65] = s2, k[66] = s3, k[67] = s0;
-
-        s0 = k[8], s1 = k[9], s2 = k[10], s3 = k[11];
-        RotLeft128(s0, s1, s2, s3, 15); /* KR <<< 15 */
-        k[8] = s0, k[9] = s1, k[10] = s2, k[11] = s3;
-        RotLeft128(s0, s1, s2, s3, 15); /* KR <<< 30 */
-        k[16] = s0, k[17] = s1, k[18] = s2, k[19] = s3;
-        RotLeft128(s0, s1, s2, s3, 30); /* KR <<< 60 */
-        k[36] = s0, k[37] = s1, k[38] = s2, k[39] = s3;
-        RotLeft128(s1, s2, s3, s0, 2); /* KR <<< 94 */
-        k[52] = s1, k[53] = s2, k[54] = s3, k[55] = s0;
-
-        s0 = k[12], s1 = k[13], s2 = k[14], s3 = k[15];
-        RotLeft128(s0, s1, s2, s3, 15); /* KA <<< 15 */
-        k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3;
-        RotLeft128(s0, s1, s2, s3, 30); /* KA <<< 45 */
-        k[28] = s0, k[29] = s1, k[30] = s2, k[31] = s3;
-        /* KA <<< 77 */
-        k[48] = s1, k[49] = s2, k[50] = s3, k[51] = s0;
-        RotLeft128(s1, s2, s3, s0, 17); /* KA <<< 94 */
-        k[56] = s1, k[57] = s2, k[58] = s3, k[59] = s0;
-
-        s0 = k[0], s1 = k[1], s2 = k[2], s3 = k[3];
-        RotLeft128(s1, s2, s3, s0, 13); /* KL <<< 45 */
-        k[24] = s1, k[25] = s2, k[26] = s3, k[27] = s0;
-        RotLeft128(s1, s2, s3, s0, 15); /* KL <<< 60 */
-        k[32] = s1, k[33] = s2, k[34] = s3, k[35] = s0;
-        RotLeft128(s1, s2, s3, s0, 17); /* KL <<< 77 */
-        k[44] = s1, k[45] = s2, k[46] = s3, k[47] = s0;
-        RotLeft128(s2, s3, s0, s1, 2); /* KL <<<111 */
-        k[60] = s2, k[61] = s3, k[62] = s0, k[63] = s1;
-
-        return 4;               /* grand rounds */
-    }
-    /*
-     * It is possible to perform certain precalculations, which
-     * would spare few cycles in block procedure. It's not done,
-     * because it upsets the performance balance between key
-     * setup and block procedures, negatively affecting overall
-     * throughput in applications operating on short messages
-     * and volatile keys.
-     */
-}
-
-void Camellia_EncryptBlock_Rounds(int grandRounds, const u8 plaintext[],
-                                  const KEY_TABLE_TYPE keyTable,
-                                  u8 ciphertext[])
-{
-    register u32 s0, s1, s2, s3;
-    const u32 *k = keyTable, *kend = keyTable + grandRounds * 16;
-
-    s0 = GETU32(plaintext) ^ k[0];
-    s1 = GETU32(plaintext + 4) ^ k[1];
-    s2 = GETU32(plaintext + 8) ^ k[2];
-    s3 = GETU32(plaintext + 12) ^ k[3];
-    k += 4;
-
-    while (1) {
-        /* Camellia makes 6 Feistel rounds */
-        Camellia_Feistel(s0, s1, s2, s3, k + 0);
-        Camellia_Feistel(s2, s3, s0, s1, k + 2);
-        Camellia_Feistel(s0, s1, s2, s3, k + 4);
-        Camellia_Feistel(s2, s3, s0, s1, k + 6);
-        Camellia_Feistel(s0, s1, s2, s3, k + 8);
-        Camellia_Feistel(s2, s3, s0, s1, k + 10);
-        k += 12;
-
-        if (k == kend)
-            break;
-
-        /*
-         * This is the same function as the diffusion function D of the
-         * accompanying documentation. See section 3.2 for properties of the
-         * FLlayer function.
-         */
-        s1 ^= LeftRotate(s0 & k[0], 1);
-        s2 ^= s3 | k[3];
-        s0 ^= s1 | k[1];
-        s3 ^= LeftRotate(s2 & k[2], 1);
-        k += 4;
-    }
-
-    s2 ^= k[0], s3 ^= k[1], s0 ^= k[2], s1 ^= k[3];
-
-    PUTU32(ciphertext, s2);
-    PUTU32(ciphertext + 4, s3);
-    PUTU32(ciphertext + 8, s0);
-    PUTU32(ciphertext + 12, s1);
-}
-
-void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[],
-                           const KEY_TABLE_TYPE keyTable, u8 ciphertext[])
-{
-    Camellia_EncryptBlock_Rounds(keyBitLength == 128 ? 3 : 4,
-                                 plaintext, keyTable, ciphertext);
-}
-
-void Camellia_DecryptBlock_Rounds(int grandRounds, const u8 ciphertext[],
-                                  const KEY_TABLE_TYPE keyTable,
-                                  u8 plaintext[])
-{
-    u32 s0, s1, s2, s3;
-    const u32 *k = keyTable + grandRounds * 16, *kend = keyTable + 4;
-
-    s0 = GETU32(ciphertext) ^ k[0];
-    s1 = GETU32(ciphertext + 4) ^ k[1];
-    s2 = GETU32(ciphertext + 8) ^ k[2];
-    s3 = GETU32(ciphertext + 12) ^ k[3];
-
-    while (1) {
-        /* Camellia makes 6 Feistel rounds */
-        k -= 12;
-        Camellia_Feistel(s0, s1, s2, s3, k + 10);
-        Camellia_Feistel(s2, s3, s0, s1, k + 8);
-        Camellia_Feistel(s0, s1, s2, s3, k + 6);
-        Camellia_Feistel(s2, s3, s0, s1, k + 4);
-        Camellia_Feistel(s0, s1, s2, s3, k + 2);
-        Camellia_Feistel(s2, s3, s0, s1, k + 0);
-
-        if (k == kend)
-            break;
-
-        /*
-         * This is the same function as the diffusion function D of the
-         * accompanying documentation. See section 3.2 for properties of the
-         * FLlayer function.
-         */
-        k -= 4;
-        s1 ^= LeftRotate(s0 & k[2], 1);
-        s2 ^= s3 | k[1];
-        s0 ^= s1 | k[3];
-        s3 ^= LeftRotate(s2 & k[0], 1);
-    }
-
-    k -= 4;
-    s2 ^= k[0], s3 ^= k[1], s0 ^= k[2], s1 ^= k[3];
-
-    PUTU32(plaintext, s2);
-    PUTU32(plaintext + 4, s3);
-    PUTU32(plaintext + 8, s0);
-    PUTU32(plaintext + 12, s1);
-}
-
-void Camellia_DecryptBlock(int keyBitLength, const u8 plaintext[],
-                           const KEY_TABLE_TYPE keyTable, u8 ciphertext[])
-{
-    Camellia_DecryptBlock_Rounds(keyBitLength == 128 ? 3 : 4,
-                                 plaintext, keyTable, ciphertext);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/camellia/camellia.c (from rev 11605, vendor-crypto/openssl/dist/crypto/camellia/camellia.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/camellia/camellia.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/camellia/camellia.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,584 @@
+/* crypto/camellia/camellia.c */
+/* ====================================================================
+ * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
+ * ALL RIGHTS RESERVED.
+ *
+ * Intellectual Property information for Camellia:
+ *     http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
+ *
+ * News Release for Announcement of Camellia open source:
+ *     http://www.ntt.co.jp/news/news06e/0604/060413a.html
+ *
+ * The Camellia Code included herein is developed by
+ * NTT (Nippon Telegraph and Telephone Corporation), and is contributed
+ * to the OpenSSL project.
+ *
+ * The Camellia Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+/*
+ * Algorithm Specification
+ * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
+ */
+
+/*
+ * This release balances code size and performance. In particular key
+ * schedule setup is fully unrolled, because doing so *significantly*
+ * reduces amount of instructions per setup round and code increase is
+ * justifiable. In block functions on the other hand only inner loops
+ * are unrolled, as full unroll gives only nominal performance boost,
+ * while code size grows 4 or 7 times. Also, unlike previous versions
+ * this one "encourages" compiler to keep intermediate variables in
+ * registers, which should give better "all round" results, in other
+ * words reasonable performance even with not so modern compilers.
+ */
+
+#include "camellia.h"
+#include "cmll_locl.h"
+#include <string.h>
+#include <stdlib.h>
+
+/* 32-bit rotations */
+#if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+# if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))
+#  define RightRotate(x, s) _lrotr(x, s)
+#  define LeftRotate(x, s)  _lrotl(x, s)
+#  if _MSC_VER >= 1400
+#   define SWAP(x) _byteswap_ulong(x)
+#  else
+#   define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
+#  endif
+#  define GETU32(p)   SWAP(*((u32 *)(p)))
+#  define PUTU32(p,v) (*((u32 *)(p)) = SWAP((v)))
+# elif defined(__GNUC__) && __GNUC__>=2
+#  if defined(__i386) || defined(__x86_64)
+#   define RightRotate(x,s) ({u32 ret; asm ("rorl %1,%0":"=r"(ret):"I"(s),"0"(x):"cc"); ret; })
+#   define LeftRotate(x,s)  ({u32 ret; asm ("roll %1,%0":"=r"(ret):"I"(s),"0"(x):"cc"); ret; })
+#   if defined(B_ENDIAN)        /* stratus.com does it */
+#    define GETU32(p)   (*(u32 *)(p))
+#    define PUTU32(p,v) (*(u32 *)(p)=(v))
+#   else
+#    define GETU32(p)   ({u32 r=*(const u32 *)(p); asm("bswapl %0":"=r"(r):"0"(r)); r; })
+#    define PUTU32(p,v) ({u32 r=(v); asm("bswapl %0":"=r"(r):"0"(r)); *(u32 *)(p)=r; })
+#   endif
+#  elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \
+        defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__)
+#   define LeftRotate(x,s)  ({u32 ret; asm ("rlwinm %0,%1,%2,0,31":"=r"(ret):"r"(x),"I"(s)); ret; })
+#   define RightRotate(x,s) LeftRotate(x,(32-s))
+#  elif defined(__s390x__)
+#   define LeftRotate(x,s)  ({u32 ret; asm ("rll %0,%1,%2":"=r"(ret):"r"(x),"I"(s)); ret; })
+#   define RightRotate(x,s) LeftRotate(x,(32-s))
+#   define GETU32(p)   (*(u32 *)(p))
+#   define PUTU32(p,v) (*(u32 *)(p)=(v))
+#  endif
+# endif
+#endif
+
+#if !defined(RightRotate) && !defined(LeftRotate)
+# define RightRotate(x, s) ( ((x) >> (s)) + ((x) << (32 - s)) )
+# define LeftRotate(x, s)  ( ((x) << (s)) + ((x) >> (32 - s)) )
+#endif
+
+#if !defined(GETU32) && !defined(PUTU32)
+# define GETU32(p)   (((u32)(p)[0] << 24) ^ ((u32)(p)[1] << 16) ^ ((u32)(p)[2] <<  8) ^ ((u32)(p)[3]))
+# define PUTU32(p,v) ((p)[0] = (u8)((v) >> 24), (p)[1] = (u8)((v) >> 16), (p)[2] = (u8)((v) >>  8), (p)[3] = (u8)(v))
+#endif
+
+/* S-box data */
+#define SBOX1_1110 Camellia_SBOX[0]
+#define SBOX4_4404 Camellia_SBOX[1]
+#define SBOX2_0222 Camellia_SBOX[2]
+#define SBOX3_3033 Camellia_SBOX[3]
+static const u32 Camellia_SBOX[][256] = {
+    {0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00, 0xb3b3b300, 0x27272700,
+     0xc0c0c000, 0xe5e5e500, 0xe4e4e400, 0x85858500, 0x57575700, 0x35353500,
+     0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100, 0x23232300, 0xefefef00,
+     0x6b6b6b00, 0x93939300, 0x45454500, 0x19191900, 0xa5a5a500, 0x21212100,
+     0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00, 0x1d1d1d00, 0x65656500,
+     0x92929200, 0xbdbdbd00, 0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00,
+     0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00, 0x3e3e3e00, 0x30303000,
+     0xdcdcdc00, 0x5f5f5f00, 0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00,
+     0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00, 0xd5d5d500, 0x47474700,
+     0x5d5d5d00, 0x3d3d3d00, 0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600,
+     0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00, 0x8b8b8b00, 0x0d0d0d00,
+     0x9a9a9a00, 0x66666600, 0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00,
+     0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000, 0xf0f0f000, 0xb1b1b100,
+     0x84848400, 0x99999900, 0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200,
+     0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500, 0x6d6d6d00, 0xb7b7b700,
+     0xa9a9a900, 0x31313100, 0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700,
+     0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100, 0xdedede00, 0x1b1b1b00,
+     0x11111100, 0x1c1c1c00, 0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600,
+     0x53535300, 0x18181800, 0xf2f2f200, 0x22222200, 0xfefefe00, 0x44444400,
+     0xcfcfcf00, 0xb2b2b200, 0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100,
+     0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800, 0x60606000, 0xfcfcfc00,
+     0x69696900, 0x50505000, 0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00,
+     0xa1a1a100, 0x89898900, 0x62626200, 0x97979700, 0x54545400, 0x5b5b5b00,
+     0x1e1e1e00, 0x95959500, 0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200,
+     0x10101000, 0xc4c4c400, 0x00000000, 0x48484800, 0xa3a3a300, 0xf7f7f700,
+     0x75757500, 0xdbdbdb00, 0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00,
+     0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400, 0x87878700, 0x5c5c5c00,
+     0x83838300, 0x02020200, 0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300,
+     0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300, 0x9d9d9d00, 0x7f7f7f00,
+     0xbfbfbf00, 0xe2e2e200, 0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600,
+     0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00, 0x81818100, 0x96969600,
+     0x6f6f6f00, 0x4b4b4b00, 0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00,
+     0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00, 0x9f9f9f00, 0x6e6e6e00,
+     0xbcbcbc00, 0x8e8e8e00, 0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600,
+     0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900, 0x78787800, 0x98989800,
+     0x06060600, 0x6a6a6a00, 0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00,
+     0xd4d4d400, 0x25252500, 0xababab00, 0x42424200, 0x88888800, 0xa2a2a200,
+     0x8d8d8d00, 0xfafafa00, 0x72727200, 0x07070700, 0xb9b9b900, 0x55555500,
+     0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00, 0x36363600, 0x49494900,
+     0x2a2a2a00, 0x68686800, 0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400,
+     0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00, 0xbbbbbb00, 0xc9c9c900,
+     0x43434300, 0xc1c1c100, 0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400,
+     0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00},
+    {0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0, 0xe4e400e4, 0x57570057,
+     0xeaea00ea, 0xaeae00ae, 0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5,
+     0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092, 0x86860086, 0xafaf00af,
+     0x7c7c007c, 0x1f1f001f, 0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b,
+     0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d, 0xd9d900d9, 0x5a5a005a,
+     0x51510051, 0x6c6c006c, 0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0,
+     0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084, 0xdfdf00df, 0xcbcb00cb,
+     0x34340034, 0x76760076, 0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004,
+     0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011, 0x32320032, 0x9c9c009c,
+     0x53530053, 0xf2f200f2, 0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a,
+     0x24240024, 0xe8e800e8, 0x60600060, 0x69690069, 0xaaaa00aa, 0xa0a000a0,
+     0xa1a100a1, 0x62620062, 0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064,
+     0x10100010, 0x00000000, 0xa3a300a3, 0x75750075, 0x8a8a008a, 0xe6e600e6,
+     0x09090009, 0xdddd00dd, 0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090,
+     0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf, 0x52520052, 0xd8d800d8,
+     0xc8c800c8, 0xc6c600c6, 0x81810081, 0x6f6f006f, 0x13130013, 0x63630063,
+     0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc, 0x29290029, 0xf9f900f9,
+     0x2f2f002f, 0xb4b400b4, 0x78780078, 0x06060006, 0xe7e700e7, 0x71710071,
+     0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d, 0x72720072, 0xb9b900b9,
+     0xf8f800f8, 0xacac00ac, 0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1,
+     0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043, 0x15150015, 0xadad00ad,
+     0x77770077, 0x80800080, 0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5,
+     0x85850085, 0x35350035, 0x0c0c000c, 0x41410041, 0xefef00ef, 0x93930093,
+     0x19190019, 0x21210021, 0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd,
+     0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce, 0x30300030, 0x5f5f005f,
+     0xc5c500c5, 0x1a1a001a, 0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d,
+     0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d, 0x0d0d000d, 0x66660066,
+     0xcccc00cc, 0x2d2d002d, 0x12120012, 0x20200020, 0xb1b100b1, 0x99990099,
+     0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005, 0xb7b700b7, 0x31310031,
+     0x17170017, 0xd7d700d7, 0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c,
+     0x0f0f000f, 0x16160016, 0x18180018, 0x22220022, 0x44440044, 0xb2b200b2,
+     0xb5b500b5, 0x91910091, 0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050,
+     0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097, 0x5b5b005b, 0x95950095,
+     0xffff00ff, 0xd2d200d2, 0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db,
+     0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094, 0x5c5c005c, 0x02020002,
+     0x4a4a004a, 0x33330033, 0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2,
+     0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b, 0x96960096, 0x4b4b004b,
+     0xbebe00be, 0x2e2e002e, 0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e,
+     0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059, 0x98980098, 0x6a6a006a,
+     0x46460046, 0xbaba00ba, 0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa,
+     0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a, 0x49490049, 0x68680068,
+     0x38380038, 0xa4a400a4, 0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1,
+     0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e},
+    {0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9, 0x00676767, 0x004e4e4e,
+     0x00818181, 0x00cbcbcb, 0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a,
+     0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282, 0x00464646, 0x00dfdfdf,
+     0x00d6d6d6, 0x00272727, 0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242,
+     0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c, 0x003a3a3a, 0x00cacaca,
+     0x00252525, 0x007b7b7b, 0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f,
+     0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d, 0x007c7c7c, 0x00606060,
+     0x00b9b9b9, 0x00bebebe, 0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434,
+     0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595, 0x00ababab, 0x008e8e8e,
+     0x00bababa, 0x007a7a7a, 0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad,
+     0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a, 0x00171717, 0x001a1a1a,
+     0x00353535, 0x00cccccc, 0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a,
+     0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040, 0x00e1e1e1, 0x00636363,
+     0x00090909, 0x00333333, 0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585,
+     0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a, 0x00dadada, 0x006f6f6f,
+     0x00535353, 0x00626262, 0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf,
+     0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2, 0x00bdbdbd, 0x00363636,
+     0x00222222, 0x00383838, 0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c,
+     0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444, 0x00fdfdfd, 0x00888888,
+     0x009f9f9f, 0x00656565, 0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323,
+     0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151, 0x00c0c0c0, 0x00f9f9f9,
+     0x00d2d2d2, 0x00a0a0a0, 0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa,
+     0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f, 0x00a8a8a8, 0x00b6b6b6,
+     0x003c3c3c, 0x002b2b2b, 0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5,
+     0x00202020, 0x00898989, 0x00000000, 0x00909090, 0x00474747, 0x00efefef,
+     0x00eaeaea, 0x00b7b7b7, 0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5,
+     0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929, 0x000f0f0f, 0x00b8b8b8,
+     0x00070707, 0x00040404, 0x009b9b9b, 0x00949494, 0x00212121, 0x00666666,
+     0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7, 0x003b3b3b, 0x00fefefe,
+     0x007f7f7f, 0x00c5c5c5, 0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c,
+     0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676, 0x00030303, 0x002d2d2d,
+     0x00dedede, 0x00969696, 0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c,
+     0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919, 0x003f3f3f, 0x00dcdcdc,
+     0x00797979, 0x001d1d1d, 0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d,
+     0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2, 0x00f0f0f0, 0x00313131,
+     0x000c0c0c, 0x00d4d4d4, 0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575,
+     0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484, 0x00111111, 0x00454545,
+     0x001b1b1b, 0x00f5f5f5, 0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa,
+     0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414, 0x006c6c6c, 0x00929292,
+     0x00545454, 0x00d0d0d0, 0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949,
+     0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6, 0x00777777, 0x00939393,
+     0x00868686, 0x00838383, 0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9,
+     0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d},
+    {0x38003838, 0x41004141, 0x16001616, 0x76007676, 0xd900d9d9, 0x93009393,
+     0x60006060, 0xf200f2f2, 0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a,
+     0x75007575, 0x06000606, 0x57005757, 0xa000a0a0, 0x91009191, 0xf700f7f7,
+     0xb500b5b5, 0xc900c9c9, 0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090,
+     0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727, 0x8e008e8e, 0xb200b2b2,
+     0x49004949, 0xde00dede, 0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7,
+     0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767, 0x1f001f1f, 0x18001818,
+     0x6e006e6e, 0xaf00afaf, 0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d,
+     0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565, 0xea00eaea, 0xa300a3a3,
+     0xae00aeae, 0x9e009e9e, 0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b,
+     0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6, 0xc500c5c5, 0x86008686,
+     0x4d004d4d, 0x33003333, 0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696,
+     0x3a003a3a, 0x09000909, 0x95009595, 0x10001010, 0x78007878, 0xd800d8d8,
+     0x42004242, 0xcc00cccc, 0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161,
+     0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282, 0xb600b6b6, 0xdb00dbdb,
+     0xd400d4d4, 0x98009898, 0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb,
+     0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0, 0x6f006f6f, 0x8d008d8d,
+     0x88008888, 0x0e000e0e, 0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b,
+     0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111, 0x7f007f7f, 0x22002222,
+     0xe700e7e7, 0x59005959, 0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8,
+     0x12001212, 0x04000404, 0x74007474, 0x54005454, 0x30003030, 0x7e007e7e,
+     0xb400b4b4, 0x28002828, 0x55005555, 0x68006868, 0x50005050, 0xbe00bebe,
+     0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb, 0x2a002a2a, 0xad00adad,
+     0x0f000f0f, 0xca00caca, 0x70007070, 0xff00ffff, 0x32003232, 0x69006969,
+     0x08000808, 0x62006262, 0x00000000, 0x24002424, 0xd100d1d1, 0xfb00fbfb,
+     0xba00baba, 0xed00eded, 0x45004545, 0x81008181, 0x73007373, 0x6d006d6d,
+     0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a, 0xc300c3c3, 0x2e002e2e,
+     0xc100c1c1, 0x01000101, 0xe600e6e6, 0x25002525, 0x48004848, 0x99009999,
+     0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9, 0xce00cece, 0xbf00bfbf,
+     0xdf00dfdf, 0x71007171, 0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313,
+     0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d, 0xc000c0c0, 0x4b004b4b,
+     0xb700b7b7, 0xa500a5a5, 0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717,
+     0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646, 0xcf00cfcf, 0x37003737,
+     0x5e005e5e, 0x47004747, 0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b,
+     0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac, 0x3c003c3c, 0x4c004c4c,
+     0x03000303, 0x35003535, 0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d,
+     0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121, 0x44004444, 0x51005151,
+     0xc600c6c6, 0x7d007d7d, 0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa,
+     0x7c007c7c, 0x77007777, 0x56005656, 0x05000505, 0x1b001b1b, 0xa400a4a4,
+     0x15001515, 0x34003434, 0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252,
+     0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd, 0xdd00dddd, 0xe400e4e4,
+     0xa100a1a1, 0xe000e0e0, 0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a,
+     0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f}
+};
+
+/* Key generation constants */
+static const u32 SIGMA[] = {
+    0xa09e667f, 0x3bcc908b, 0xb67ae858, 0x4caa73b2, 0xc6ef372f, 0xe94f82be,
+    0x54ff53a5, 0xf1d36f1c, 0x10e527fa, 0xde682d1d, 0xb05688c2, 0xb3e6c1fd
+};
+
+/* The phi algorithm given in C.2.7 of the Camellia spec document. */
+/*
+ * This version does not attempt to minimize amount of temporary
+ * variables, but instead explicitly exposes algorithm's parallelism.
+ * It is therefore most appropriate for platforms with not less than
+ * ~16 registers. For platforms with less registers [well, x86 to be
+ * specific] assembler version should be/is provided anyway...
+ */
+#define Camellia_Feistel(_s0,_s1,_s2,_s3,_key) do {\
+        register u32 _t0,_t1,_t2,_t3;\
+\
+        _t0  = _s0 ^ (_key)[0];\
+        _t3  = SBOX4_4404[_t0&0xff];\
+        _t1  = _s1 ^ (_key)[1];\
+        _t3 ^= SBOX3_3033[(_t0 >> 8)&0xff];\
+        _t2  = SBOX1_1110[_t1&0xff];\
+        _t3 ^= SBOX2_0222[(_t0 >> 16)&0xff];\
+        _t2 ^= SBOX4_4404[(_t1 >> 8)&0xff];\
+        _t3 ^= SBOX1_1110[(_t0 >> 24)];\
+        _t2 ^= _t3;\
+        _t3  = RightRotate(_t3,8);\
+        _t2 ^= SBOX3_3033[(_t1 >> 16)&0xff];\
+        _s3 ^= _t3;\
+        _t2 ^= SBOX2_0222[(_t1 >> 24)];\
+        _s2 ^= _t2; \
+        _s3 ^= _t2;\
+} while(0)
+
+/*
+ * Note that n has to be less than 32. Rotations for larger amount
+ * of bits are achieved by "rotating" order of s-elements and
+ * adjusting n accordingly, e.g. RotLeft128(s1,s2,s3,s0,n-32).
+ */
+#define RotLeft128(_s0,_s1,_s2,_s3,_n) do {\
+        u32 _t0=_s0>>(32-_n);\
+        _s0 = (_s0<<_n) | (_s1>>(32-_n));\
+        _s1 = (_s1<<_n) | (_s2>>(32-_n));\
+        _s2 = (_s2<<_n) | (_s3>>(32-_n));\
+        _s3 = (_s3<<_n) | _t0;\
+} while (0)
+
+int Camellia_Ekeygen(int keyBitLength, const u8 *rawKey, KEY_TABLE_TYPE k)
+{
+    register u32 s0, s1, s2, s3;
+
+    k[0] = s0 = GETU32(rawKey);
+    k[1] = s1 = GETU32(rawKey + 4);
+    k[2] = s2 = GETU32(rawKey + 8);
+    k[3] = s3 = GETU32(rawKey + 12);
+
+    if (keyBitLength != 128) {
+        k[8] = s0 = GETU32(rawKey + 16);
+        k[9] = s1 = GETU32(rawKey + 20);
+        if (keyBitLength == 192) {
+            k[10] = s2 = ~s0;
+            k[11] = s3 = ~s1;
+        } else {
+            k[10] = s2 = GETU32(rawKey + 24);
+            k[11] = s3 = GETU32(rawKey + 28);
+        }
+        s0 ^= k[0], s1 ^= k[1], s2 ^= k[2], s3 ^= k[3];
+    }
+
+    /* Use the Feistel routine to scramble the key material */
+    Camellia_Feistel(s0, s1, s2, s3, SIGMA + 0);
+    Camellia_Feistel(s2, s3, s0, s1, SIGMA + 2);
+
+    s0 ^= k[0], s1 ^= k[1], s2 ^= k[2], s3 ^= k[3];
+    Camellia_Feistel(s0, s1, s2, s3, SIGMA + 4);
+    Camellia_Feistel(s2, s3, s0, s1, SIGMA + 6);
+
+    /* Fill the keyTable. Requires many block rotations. */
+    if (keyBitLength == 128) {
+        k[4] = s0, k[5] = s1, k[6] = s2, k[7] = s3;
+        RotLeft128(s0, s1, s2, s3, 15); /* KA <<< 15 */
+        k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3;
+        RotLeft128(s0, s1, s2, s3, 15); /* KA <<< 30 */
+        k[16] = s0, k[17] = s1, k[18] = s2, k[19] = s3;
+        RotLeft128(s0, s1, s2, s3, 15); /* KA <<< 45 */
+        k[24] = s0, k[25] = s1;
+        RotLeft128(s0, s1, s2, s3, 15); /* KA <<< 60 */
+        k[28] = s0, k[29] = s1, k[30] = s2, k[31] = s3;
+        RotLeft128(s1, s2, s3, s0, 2); /* KA <<< 94 */
+        k[40] = s1, k[41] = s2, k[42] = s3, k[43] = s0;
+        RotLeft128(s1, s2, s3, s0, 17); /* KA <<<111 */
+        k[48] = s1, k[49] = s2, k[50] = s3, k[51] = s0;
+
+        s0 = k[0], s1 = k[1], s2 = k[2], s3 = k[3];
+        RotLeft128(s0, s1, s2, s3, 15); /* KL <<< 15 */
+        k[8] = s0, k[9] = s1, k[10] = s2, k[11] = s3;
+        RotLeft128(s0, s1, s2, s3, 30); /* KL <<< 45 */
+        k[20] = s0, k[21] = s1, k[22] = s2, k[23] = s3;
+        RotLeft128(s0, s1, s2, s3, 15); /* KL <<< 60 */
+        k[26] = s2, k[27] = s3;
+        RotLeft128(s0, s1, s2, s3, 17); /* KL <<< 77 */
+        k[32] = s0, k[33] = s1, k[34] = s2, k[35] = s3;
+        RotLeft128(s0, s1, s2, s3, 17); /* KL <<< 94 */
+        k[36] = s0, k[37] = s1, k[38] = s2, k[39] = s3;
+        RotLeft128(s0, s1, s2, s3, 17); /* KL <<<111 */
+        k[44] = s0, k[45] = s1, k[46] = s2, k[47] = s3;
+
+        return 3;               /* grand rounds */
+    } else {
+        k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3;
+        s0 ^= k[8], s1 ^= k[9], s2 ^= k[10], s3 ^= k[11];
+        Camellia_Feistel(s0, s1, s2, s3, (SIGMA + 8));
+        Camellia_Feistel(s2, s3, s0, s1, (SIGMA + 10));
+
+        k[4] = s0, k[5] = s1, k[6] = s2, k[7] = s3;
+        RotLeft128(s0, s1, s2, s3, 30); /* KB <<< 30 */
+        k[20] = s0, k[21] = s1, k[22] = s2, k[23] = s3;
+        RotLeft128(s0, s1, s2, s3, 30); /* KB <<< 60 */
+        k[40] = s0, k[41] = s1, k[42] = s2, k[43] = s3;
+        RotLeft128(s1, s2, s3, s0, 19); /* KB <<<111 */
+        k[64] = s1, k[65] = s2, k[66] = s3, k[67] = s0;
+
+        s0 = k[8], s1 = k[9], s2 = k[10], s3 = k[11];
+        RotLeft128(s0, s1, s2, s3, 15); /* KR <<< 15 */
+        k[8] = s0, k[9] = s1, k[10] = s2, k[11] = s3;
+        RotLeft128(s0, s1, s2, s3, 15); /* KR <<< 30 */
+        k[16] = s0, k[17] = s1, k[18] = s2, k[19] = s3;
+        RotLeft128(s0, s1, s2, s3, 30); /* KR <<< 60 */
+        k[36] = s0, k[37] = s1, k[38] = s2, k[39] = s3;
+        RotLeft128(s1, s2, s3, s0, 2); /* KR <<< 94 */
+        k[52] = s1, k[53] = s2, k[54] = s3, k[55] = s0;
+
+        s0 = k[12], s1 = k[13], s2 = k[14], s3 = k[15];
+        RotLeft128(s0, s1, s2, s3, 15); /* KA <<< 15 */
+        k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3;
+        RotLeft128(s0, s1, s2, s3, 30); /* KA <<< 45 */
+        k[28] = s0, k[29] = s1, k[30] = s2, k[31] = s3;
+        /* KA <<< 77 */
+        k[48] = s1, k[49] = s2, k[50] = s3, k[51] = s0;
+        RotLeft128(s1, s2, s3, s0, 17); /* KA <<< 94 */
+        k[56] = s1, k[57] = s2, k[58] = s3, k[59] = s0;
+
+        s0 = k[0], s1 = k[1], s2 = k[2], s3 = k[3];
+        RotLeft128(s1, s2, s3, s0, 13); /* KL <<< 45 */
+        k[24] = s1, k[25] = s2, k[26] = s3, k[27] = s0;
+        RotLeft128(s1, s2, s3, s0, 15); /* KL <<< 60 */
+        k[32] = s1, k[33] = s2, k[34] = s3, k[35] = s0;
+        RotLeft128(s1, s2, s3, s0, 17); /* KL <<< 77 */
+        k[44] = s1, k[45] = s2, k[46] = s3, k[47] = s0;
+        RotLeft128(s2, s3, s0, s1, 2); /* KL <<<111 */
+        k[60] = s2, k[61] = s3, k[62] = s0, k[63] = s1;
+
+        return 4;               /* grand rounds */
+    }
+    /*
+     * It is possible to perform certain precalculations, which
+     * would spare few cycles in block procedure. It's not done,
+     * because it upsets the performance balance between key
+     * setup and block procedures, negatively affecting overall
+     * throughput in applications operating on short messages
+     * and volatile keys.
+     */
+}
+
+void Camellia_EncryptBlock_Rounds(int grandRounds, const u8 plaintext[],
+                                  const KEY_TABLE_TYPE keyTable,
+                                  u8 ciphertext[])
+{
+    register u32 s0, s1, s2, s3;
+    const u32 *k = keyTable, *kend = keyTable + grandRounds * 16;
+
+    s0 = GETU32(plaintext) ^ k[0];
+    s1 = GETU32(plaintext + 4) ^ k[1];
+    s2 = GETU32(plaintext + 8) ^ k[2];
+    s3 = GETU32(plaintext + 12) ^ k[3];
+    k += 4;
+
+    while (1) {
+        /* Camellia makes 6 Feistel rounds */
+        Camellia_Feistel(s0, s1, s2, s3, k + 0);
+        Camellia_Feistel(s2, s3, s0, s1, k + 2);
+        Camellia_Feistel(s0, s1, s2, s3, k + 4);
+        Camellia_Feistel(s2, s3, s0, s1, k + 6);
+        Camellia_Feistel(s0, s1, s2, s3, k + 8);
+        Camellia_Feistel(s2, s3, s0, s1, k + 10);
+        k += 12;
+
+        if (k == kend)
+            break;
+
+        /*
+         * This is the same function as the diffusion function D of the
+         * accompanying documentation. See section 3.2 for properties of the
+         * FLlayer function.
+         */
+        s1 ^= LeftRotate(s0 & k[0], 1);
+        s2 ^= s3 | k[3];
+        s0 ^= s1 | k[1];
+        s3 ^= LeftRotate(s2 & k[2], 1);
+        k += 4;
+    }
+
+    s2 ^= k[0], s3 ^= k[1], s0 ^= k[2], s1 ^= k[3];
+
+    PUTU32(ciphertext, s2);
+    PUTU32(ciphertext + 4, s3);
+    PUTU32(ciphertext + 8, s0);
+    PUTU32(ciphertext + 12, s1);
+}
+
+void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[],
+                           const KEY_TABLE_TYPE keyTable, u8 ciphertext[])
+{
+    Camellia_EncryptBlock_Rounds(keyBitLength == 128 ? 3 : 4,
+                                 plaintext, keyTable, ciphertext);
+}
+
+void Camellia_DecryptBlock_Rounds(int grandRounds, const u8 ciphertext[],
+                                  const KEY_TABLE_TYPE keyTable,
+                                  u8 plaintext[])
+{
+    u32 s0, s1, s2, s3;
+    const u32 *k = keyTable + grandRounds * 16, *kend = keyTable + 4;
+
+    s0 = GETU32(ciphertext) ^ k[0];
+    s1 = GETU32(ciphertext + 4) ^ k[1];
+    s2 = GETU32(ciphertext + 8) ^ k[2];
+    s3 = GETU32(ciphertext + 12) ^ k[3];
+
+    while (1) {
+        /* Camellia makes 6 Feistel rounds */
+        k -= 12;
+        Camellia_Feistel(s0, s1, s2, s3, k + 10);
+        Camellia_Feistel(s2, s3, s0, s1, k + 8);
+        Camellia_Feistel(s0, s1, s2, s3, k + 6);
+        Camellia_Feistel(s2, s3, s0, s1, k + 4);
+        Camellia_Feistel(s0, s1, s2, s3, k + 2);
+        Camellia_Feistel(s2, s3, s0, s1, k + 0);
+
+        if (k == kend)
+            break;
+
+        /*
+         * This is the same function as the diffusion function D of the
+         * accompanying documentation. See section 3.2 for properties of the
+         * FLlayer function.
+         */
+        k -= 4;
+        s1 ^= LeftRotate(s0 & k[2], 1);
+        s2 ^= s3 | k[1];
+        s0 ^= s1 | k[3];
+        s3 ^= LeftRotate(s2 & k[0], 1);
+    }
+
+    k -= 4;
+    s2 ^= k[0], s3 ^= k[1], s0 ^= k[2], s1 ^= k[3];
+
+    PUTU32(plaintext, s2);
+    PUTU32(plaintext + 4, s3);
+    PUTU32(plaintext + 8, s0);
+    PUTU32(plaintext + 12, s1);
+}
+
+void Camellia_DecryptBlock(int keyBitLength, const u8 plaintext[],
+                           const KEY_TABLE_TYPE keyTable, u8 ciphertext[])
+{
+    Camellia_DecryptBlock_Rounds(keyBitLength == 128 ? 3 : 4,
+                                 plaintext, keyTable, ciphertext);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/camellia/camellia.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/camellia/camellia.h	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/camellia/camellia.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,132 +0,0 @@
-/* crypto/camellia/camellia.h -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#ifndef HEADER_CAMELLIA_H
-# define HEADER_CAMELLIA_H
-
-# include <openssl/opensslconf.h>
-
-# ifdef OPENSSL_NO_CAMELLIA
-#  error CAMELLIA is disabled.
-# endif
-
-# include <stddef.h>
-
-# define CAMELLIA_ENCRYPT        1
-# define CAMELLIA_DECRYPT        0
-
-/*
- * Because array size can't be a const in C, the following two are macros.
- * Both sizes are in bytes.
- */
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* This should be a hidden type, but EVP requires that the size be known */
-
-# define CAMELLIA_BLOCK_SIZE 16
-# define CAMELLIA_TABLE_BYTE_LEN 272
-# define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4)
-
-typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; /* to match
-                                                               * with WORD */
-
-struct camellia_key_st {
-    union {
-        double d;               /* ensures 64-bit align */
-        KEY_TABLE_TYPE rd_key;
-    } u;
-    int grand_rounds;
-};
-typedef struct camellia_key_st CAMELLIA_KEY;
-
-# ifdef OPENSSL_FIPS
-int private_Camellia_set_key(const unsigned char *userKey, const int bits,
-                             CAMELLIA_KEY *key);
-# endif
-int Camellia_set_key(const unsigned char *userKey, const int bits,
-                     CAMELLIA_KEY *key);
-
-void Camellia_encrypt(const unsigned char *in, unsigned char *out,
-                      const CAMELLIA_KEY *key);
-void Camellia_decrypt(const unsigned char *in, unsigned char *out,
-                      const CAMELLIA_KEY *key);
-
-void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
-                          const CAMELLIA_KEY *key, const int enc);
-void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
-                          size_t length, const CAMELLIA_KEY *key,
-                          unsigned char *ivec, const int enc);
-void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out,
-                             size_t length, const CAMELLIA_KEY *key,
-                             unsigned char *ivec, int *num, const int enc);
-void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out,
-                           size_t length, const CAMELLIA_KEY *key,
-                           unsigned char *ivec, int *num, const int enc);
-void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out,
-                           size_t length, const CAMELLIA_KEY *key,
-                           unsigned char *ivec, int *num, const int enc);
-void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out,
-                             size_t length, const CAMELLIA_KEY *key,
-                             unsigned char *ivec, int *num);
-void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,
-                             size_t length, const CAMELLIA_KEY *key,
-                             unsigned char ivec[CAMELLIA_BLOCK_SIZE],
-                             unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE],
-                             unsigned int *num);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif                          /* !HEADER_Camellia_H */

Copied: vendor-crypto/openssl/1.0.1u/crypto/camellia/camellia.h (from rev 11605, vendor-crypto/openssl/dist/crypto/camellia/camellia.h)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/camellia/camellia.h	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/camellia/camellia.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,132 @@
+/* crypto/camellia/camellia.h */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef HEADER_CAMELLIA_H
+# define HEADER_CAMELLIA_H
+
+# include <openssl/opensslconf.h>
+
+# ifdef OPENSSL_NO_CAMELLIA
+#  error CAMELLIA is disabled.
+# endif
+
+# include <stddef.h>
+
+# define CAMELLIA_ENCRYPT        1
+# define CAMELLIA_DECRYPT        0
+
+/*
+ * Because array size can't be a const in C, the following two are macros.
+ * Both sizes are in bytes.
+ */
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* This should be a hidden type, but EVP requires that the size be known */
+
+# define CAMELLIA_BLOCK_SIZE 16
+# define CAMELLIA_TABLE_BYTE_LEN 272
+# define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4)
+
+typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; /* to match
+                                                               * with WORD */
+
+struct camellia_key_st {
+    union {
+        double d;               /* ensures 64-bit align */
+        KEY_TABLE_TYPE rd_key;
+    } u;
+    int grand_rounds;
+};
+typedef struct camellia_key_st CAMELLIA_KEY;
+
+# ifdef OPENSSL_FIPS
+int private_Camellia_set_key(const unsigned char *userKey, const int bits,
+                             CAMELLIA_KEY *key);
+# endif
+int Camellia_set_key(const unsigned char *userKey, const int bits,
+                     CAMELLIA_KEY *key);
+
+void Camellia_encrypt(const unsigned char *in, unsigned char *out,
+                      const CAMELLIA_KEY *key);
+void Camellia_decrypt(const unsigned char *in, unsigned char *out,
+                      const CAMELLIA_KEY *key);
+
+void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                          const CAMELLIA_KEY *key, const int enc);
+void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                          size_t length, const CAMELLIA_KEY *key,
+                          unsigned char *ivec, const int enc);
+void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t length, const CAMELLIA_KEY *key,
+                             unsigned char *ivec, int *num, const int enc);
+void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t length, const CAMELLIA_KEY *key,
+                           unsigned char *ivec, int *num, const int enc);
+void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t length, const CAMELLIA_KEY *key,
+                           unsigned char *ivec, int *num, const int enc);
+void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t length, const CAMELLIA_KEY *key,
+                             unsigned char *ivec, int *num);
+void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t length, const CAMELLIA_KEY *key,
+                             unsigned char ivec[CAMELLIA_BLOCK_SIZE],
+                             unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE],
+                             unsigned int *num);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif                          /* !HEADER_Camellia_H */

Deleted: vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_cbc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/camellia/cmll_cbc.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_cbc.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,66 +0,0 @@
-/* crypto/camellia/camellia_cbc.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/camellia.h>
-#include <openssl/modes.h>
-
-void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
-                          size_t len, const CAMELLIA_KEY *key,
-                          unsigned char *ivec, const int enc)
-{
-
-    if (enc)
-        CRYPTO_cbc128_encrypt(in, out, len, key, ivec,
-                              (block128_f) Camellia_encrypt);
-    else
-        CRYPTO_cbc128_decrypt(in, out, len, key, ivec,
-                              (block128_f) Camellia_decrypt);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_cbc.c (from rev 11605, vendor-crypto/openssl/dist/crypto/camellia/cmll_cbc.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_cbc.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_cbc.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,66 @@
+/* crypto/camellia/camellia_cbc.c */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <openssl/camellia.h>
+#include <openssl/modes.h>
+
+void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                          size_t len, const CAMELLIA_KEY *key,
+                          unsigned char *ivec, const int enc)
+{
+
+    if (enc)
+        CRYPTO_cbc128_encrypt(in, out, len, key, ivec,
+                              (block128_f) Camellia_encrypt);
+    else
+        CRYPTO_cbc128_decrypt(in, out, len, key, ivec,
+                              (block128_f) Camellia_decrypt);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_cfb.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/camellia/cmll_cfb.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_cfb.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,141 +0,0 @@
-/* crypto/camellia/camellia_cfb.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/camellia.h>
-#include <openssl/modes.h>
-
-/*
- * The input and output encrypted as though 128bit cfb mode is being used.
- * The extra state information to record how much of the 128bit block we have
- * used is contained in *num;
- */
-
-void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out,
-                             size_t length, const CAMELLIA_KEY *key,
-                             unsigned char *ivec, int *num, const int enc)
-{
-
-    CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
-                          (block128_f) Camellia_encrypt);
-}
-
-/* N.B. This expects the input to be packed, MS bit first */
-void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out,
-                           size_t length, const CAMELLIA_KEY *key,
-                           unsigned char *ivec, int *num, const int enc)
-{
-    CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc,
-                            (block128_f) Camellia_encrypt);
-}
-
-void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out,
-                           size_t length, const CAMELLIA_KEY *key,
-                           unsigned char *ivec, int *num, const int enc)
-{
-    CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc,
-                            (block128_f) Camellia_encrypt);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_cfb.c (from rev 11605, vendor-crypto/openssl/dist/crypto/camellia/cmll_cfb.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_cfb.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_cfb.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,141 @@
+/* crypto/camellia/camellia_cfb.c */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/camellia.h>
+#include <openssl/modes.h>
+
+/*
+ * The input and output encrypted as though 128bit cfb mode is being used.
+ * The extra state information to record how much of the 128bit block we have
+ * used is contained in *num;
+ */
+
+void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t length, const CAMELLIA_KEY *key,
+                             unsigned char *ivec, int *num, const int enc)
+{
+
+    CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
+                          (block128_f) Camellia_encrypt);
+}
+
+/* N.B. This expects the input to be packed, MS bit first */
+void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t length, const CAMELLIA_KEY *key,
+                           unsigned char *ivec, int *num, const int enc)
+{
+    CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc,
+                            (block128_f) Camellia_encrypt);
+}
+
+void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t length, const CAMELLIA_KEY *key,
+                           unsigned char *ivec, int *num, const int enc)
+{
+    CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc,
+                            (block128_f) Camellia_encrypt);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_ctr.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/camellia/cmll_ctr.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_ctr.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,64 +0,0 @@
-/* crypto/camellia/camellia_ctr.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/camellia.h>
-#include <openssl/modes.h>
-
-void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,
-                             size_t length, const CAMELLIA_KEY *key,
-                             unsigned char ivec[CAMELLIA_BLOCK_SIZE],
-                             unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE],
-                             unsigned int *num)
-{
-
-    CRYPTO_ctr128_encrypt(in, out, length, key, ivec, ecount_buf, num,
-                          (block128_f) Camellia_encrypt);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_ctr.c (from rev 11605, vendor-crypto/openssl/dist/crypto/camellia/cmll_ctr.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_ctr.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_ctr.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,64 @@
+/* crypto/camellia/camellia_ctr.c */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <openssl/camellia.h>
+#include <openssl/modes.h>
+
+void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t length, const CAMELLIA_KEY *key,
+                             unsigned char ivec[CAMELLIA_BLOCK_SIZE],
+                             unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE],
+                             unsigned int *num)
+{
+
+    CRYPTO_ctr128_encrypt(in, out, length, key, ivec, ecount_buf, num,
+                          (block128_f) Camellia_encrypt);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_ecb.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/camellia/cmll_ecb.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_ecb.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,73 +0,0 @@
-/* crypto/camellia/camellia_ecb.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#ifndef CAMELLIA_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
-#include <openssl/camellia.h>
-#include "cmll_locl.h"
-
-void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
-                          const CAMELLIA_KEY *key, const int enc)
-{
-
-    assert(in && out && key);
-    assert((CAMELLIA_ENCRYPT == enc) || (CAMELLIA_DECRYPT == enc));
-
-    if (CAMELLIA_ENCRYPT == enc)
-        Camellia_encrypt(in, out, key);
-    else
-        Camellia_decrypt(in, out, key);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_ecb.c (from rev 11605, vendor-crypto/openssl/dist/crypto/camellia/cmll_ecb.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_ecb.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_ecb.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,73 @@
+/* crypto/camellia/camellia_ecb.c */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef CAMELLIA_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <openssl/camellia.h>
+#include "cmll_locl.h"
+
+void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                          const CAMELLIA_KEY *key, const int enc)
+{
+
+    assert(in && out && key);
+    assert((CAMELLIA_ENCRYPT == enc) || (CAMELLIA_DECRYPT == enc));
+
+    if (CAMELLIA_ENCRYPT == enc)
+        Camellia_encrypt(in, out, key);
+    else
+        Camellia_decrypt(in, out, key);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_locl.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/camellia/cmll_locl.h	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_locl.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,88 +0,0 @@
-/* crypto/camellia/camellia_locl.h -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
- * ALL RIGHTS RESERVED.
- *
- * Intellectual Property information for Camellia:
- *     http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
- *
- * News Release for Announcement of Camellia open source:
- *     http://www.ntt.co.jp/news/news06e/0604/060413a.html
- *
- * The Camellia Code included herein is developed by
- * NTT (Nippon Telegraph and Telephone Corporation), and is contributed
- * to the OpenSSL project.
- *
- * The Camellia Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#ifndef HEADER_CAMELLIA_LOCL_H
-# define HEADER_CAMELLIA_LOCL_H
-
-typedef unsigned int u32;
-typedef unsigned char u8;
-
-int Camellia_Ekeygen(int keyBitLength, const u8 *rawKey,
-                     KEY_TABLE_TYPE keyTable);
-void Camellia_EncryptBlock_Rounds(int grandRounds, const u8 plaintext[],
-                                  const KEY_TABLE_TYPE keyTable,
-                                  u8 ciphertext[]);
-void Camellia_DecryptBlock_Rounds(int grandRounds, const u8 ciphertext[],
-                                  const KEY_TABLE_TYPE keyTable,
-                                  u8 plaintext[]);
-void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[],
-                           const KEY_TABLE_TYPE keyTable, u8 ciphertext[]);
-void Camellia_DecryptBlock(int keyBitLength, const u8 ciphertext[],
-                           const KEY_TABLE_TYPE keyTable, u8 plaintext[]);
-int private_Camellia_set_key(const unsigned char *userKey, const int bits,
-                             CAMELLIA_KEY *key);
-#endif                          /* #ifndef HEADER_CAMELLIA_LOCL_H */

Copied: vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_locl.h (from rev 11605, vendor-crypto/openssl/dist/crypto/camellia/cmll_locl.h)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_locl.h	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_locl.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,88 @@
+/* crypto/camellia/camellia_locl.h */
+/* ====================================================================
+ * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
+ * ALL RIGHTS RESERVED.
+ *
+ * Intellectual Property information for Camellia:
+ *     http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
+ *
+ * News Release for Announcement of Camellia open source:
+ *     http://www.ntt.co.jp/news/news06e/0604/060413a.html
+ *
+ * The Camellia Code included herein is developed by
+ * NTT (Nippon Telegraph and Telephone Corporation), and is contributed
+ * to the OpenSSL project.
+ *
+ * The Camellia Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#ifndef HEADER_CAMELLIA_LOCL_H
+# define HEADER_CAMELLIA_LOCL_H
+
+typedef unsigned int u32;
+typedef unsigned char u8;
+
+int Camellia_Ekeygen(int keyBitLength, const u8 *rawKey,
+                     KEY_TABLE_TYPE keyTable);
+void Camellia_EncryptBlock_Rounds(int grandRounds, const u8 plaintext[],
+                                  const KEY_TABLE_TYPE keyTable,
+                                  u8 ciphertext[]);
+void Camellia_DecryptBlock_Rounds(int grandRounds, const u8 ciphertext[],
+                                  const KEY_TABLE_TYPE keyTable,
+                                  u8 plaintext[]);
+void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[],
+                           const KEY_TABLE_TYPE keyTable, u8 ciphertext[]);
+void Camellia_DecryptBlock(int keyBitLength, const u8 ciphertext[],
+                           const KEY_TABLE_TYPE keyTable, u8 plaintext[]);
+int private_Camellia_set_key(const unsigned char *userKey, const int bits,
+                             CAMELLIA_KEY *key);
+#endif                          /* #ifndef HEADER_CAMELLIA_LOCL_H */

Deleted: vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_misc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/camellia/cmll_misc.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_misc.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,80 +0,0 @@
-/* crypto/camellia/camellia_misc.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/opensslv.h>
-#include <openssl/crypto.h>
-#include <openssl/camellia.h>
-#include "cmll_locl.h"
-
-const char CAMELLIA_version[] = "CAMELLIA" OPENSSL_VERSION_PTEXT;
-
-int private_Camellia_set_key(const unsigned char *userKey, const int bits,
-                             CAMELLIA_KEY *key)
-{
-    if (!userKey || !key)
-        return -1;
-    if (bits != 128 && bits != 192 && bits != 256)
-        return -2;
-    key->grand_rounds = Camellia_Ekeygen(bits, userKey, key->u.rd_key);
-    return 0;
-}
-
-void Camellia_encrypt(const unsigned char *in, unsigned char *out,
-                      const CAMELLIA_KEY *key)
-{
-    Camellia_EncryptBlock_Rounds(key->grand_rounds, in, key->u.rd_key, out);
-}
-
-void Camellia_decrypt(const unsigned char *in, unsigned char *out,
-                      const CAMELLIA_KEY *key)
-{
-    Camellia_DecryptBlock_Rounds(key->grand_rounds, in, key->u.rd_key, out);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_misc.c (from rev 11605, vendor-crypto/openssl/dist/crypto/camellia/cmll_misc.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_misc.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_misc.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,80 @@
+/* crypto/camellia/camellia_misc.c */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <openssl/opensslv.h>
+#include <openssl/crypto.h>
+#include <openssl/camellia.h>
+#include "cmll_locl.h"
+
+const char CAMELLIA_version[] = "CAMELLIA" OPENSSL_VERSION_PTEXT;
+
+int private_Camellia_set_key(const unsigned char *userKey, const int bits,
+                             CAMELLIA_KEY *key)
+{
+    if (!userKey || !key)
+        return -1;
+    if (bits != 128 && bits != 192 && bits != 256)
+        return -2;
+    key->grand_rounds = Camellia_Ekeygen(bits, userKey, key->u.rd_key);
+    return 0;
+}
+
+void Camellia_encrypt(const unsigned char *in, unsigned char *out,
+                      const CAMELLIA_KEY *key)
+{
+    Camellia_EncryptBlock_Rounds(key->grand_rounds, in, key->u.rd_key, out);
+}
+
+void Camellia_decrypt(const unsigned char *in, unsigned char *out,
+                      const CAMELLIA_KEY *key)
+{
+    Camellia_DecryptBlock_Rounds(key->grand_rounds, in, key->u.rd_key, out);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_ofb.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/camellia/cmll_ofb.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_ofb.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,122 +0,0 @@
-/* crypto/camellia/camellia_ofb.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/camellia.h>
-#include <openssl/modes.h>
-
-/*
- * The input and output encrypted as though 128bit ofb mode is being used.
- * The extra state information to record how much of the 128bit block we have
- * used is contained in *num;
- */
-void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out,
-                             size_t length, const CAMELLIA_KEY *key,
-                             unsigned char *ivec, int *num)
-{
-    CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num,
-                          (block128_f) Camellia_encrypt);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_ofb.c (from rev 11605, vendor-crypto/openssl/dist/crypto/camellia/cmll_ofb.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_ofb.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_ofb.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,122 @@
+/* crypto/camellia/camellia_ofb.c */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/camellia.h>
+#include <openssl/modes.h>
+
+/*
+ * The input and output encrypted as though 128bit ofb mode is being used.
+ * The extra state information to record how much of the 128bit block we have
+ * used is contained in *num;
+ */
+void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t length, const CAMELLIA_KEY *key,
+                             unsigned char *ivec, int *num)
+{
+    CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num,
+                          (block128_f) Camellia_encrypt);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_utl.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/camellia/cmll_utl.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_utl.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,64 +0,0 @@
-/* crypto/camellia/cmll_utl.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/opensslv.h>
-#include <openssl/crypto.h>
-#include <openssl/camellia.h>
-#include "cmll_locl.h"
-
-int Camellia_set_key(const unsigned char *userKey, const int bits,
-                     CAMELLIA_KEY *key)
-{
-#ifdef OPENSSL_FIPS
-    fips_cipher_abort(Camellia);
-#endif
-    return private_Camellia_set_key(userKey, bits, key);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_utl.c (from rev 11605, vendor-crypto/openssl/dist/crypto/camellia/cmll_utl.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_utl.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/camellia/cmll_utl.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,64 @@
+/* crypto/camellia/cmll_utl.c */
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <openssl/opensslv.h>
+#include <openssl/crypto.h>
+#include <openssl/camellia.h>
+#include "cmll_locl.h"
+
+int Camellia_set_key(const unsigned char *userKey, const int bits,
+                     CAMELLIA_KEY *key)
+{
+#ifdef OPENSSL_FIPS
+    fips_cipher_abort(Camellia);
+#endif
+    return private_Camellia_set_key(userKey, bits, key);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/cms/cms_enc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/cms/cms_enc.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/cms/cms_enc.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,260 +0,0 @@
-/* crypto/cms/cms_enc.c */
-/*
- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-#include <openssl/err.h>
-#include <openssl/cms.h>
-#include <openssl/rand.h>
-#include "cms_lcl.h"
-
-/* CMS EncryptedData Utilities */
-
-DECLARE_ASN1_ITEM(CMS_EncryptedData)
-
-/* Return BIO based on EncryptedContentInfo and key */
-
-BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
-{
-    BIO *b;
-    EVP_CIPHER_CTX *ctx;
-    const EVP_CIPHER *ciph;
-    X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
-    unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
-    unsigned char *tkey = NULL;
-    size_t tkeylen = 0;
-
-    int ok = 0;
-
-    int enc, keep_key = 0;
-
-    enc = ec->cipher ? 1 : 0;
-
-    b = BIO_new(BIO_f_cipher());
-    if (!b) {
-        CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
-        return NULL;
-    }
-
-    BIO_get_cipher_ctx(b, &ctx);
-
-    if (enc) {
-        ciph = ec->cipher;
-        /*
-         * If not keeping key set cipher to NULL so subsequent calls decrypt.
-         */
-        if (ec->key)
-            ec->cipher = NULL;
-    } else {
-        ciph = EVP_get_cipherbyobj(calg->algorithm);
-
-        if (!ciph) {
-            CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, CMS_R_UNKNOWN_CIPHER);
-            goto err;
-        }
-    }
-
-    if (EVP_CipherInit_ex(ctx, ciph, NULL, NULL, NULL, enc) <= 0) {
-        CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
-               CMS_R_CIPHER_INITIALISATION_ERROR);
-        goto err;
-    }
-
-    if (enc) {
-        int ivlen;
-        calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
-        /* Generate a random IV if we need one */
-        ivlen = EVP_CIPHER_CTX_iv_length(ctx);
-        if (ivlen > 0) {
-            if (RAND_pseudo_bytes(iv, ivlen) <= 0)
-                goto err;
-            piv = iv;
-        }
-    } else if (EVP_CIPHER_asn1_to_param(ctx, calg->parameter) <= 0) {
-        CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
-               CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
-        goto err;
-    }
-    tkeylen = EVP_CIPHER_CTX_key_length(ctx);
-    /* Generate random session key */
-    if (!enc || !ec->key) {
-        tkey = OPENSSL_malloc(tkeylen);
-        if (!tkey) {
-            CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-        if (EVP_CIPHER_CTX_rand_key(ctx, tkey) <= 0)
-            goto err;
-    }
-
-    if (!ec->key) {
-        ec->key = tkey;
-        ec->keylen = tkeylen;
-        tkey = NULL;
-        if (enc)
-            keep_key = 1;
-        else
-            ERR_clear_error();
-
-    }
-
-    if (ec->keylen != tkeylen) {
-        /* If necessary set key length */
-        if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0) {
-            /*
-             * Only reveal failure if debugging so we don't leak information
-             * which may be useful in MMA.
-             */
-            if (enc || ec->debug) {
-                CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
-                       CMS_R_INVALID_KEY_LENGTH);
-                goto err;
-            } else {
-                /* Use random key */
-                OPENSSL_cleanse(ec->key, ec->keylen);
-                OPENSSL_free(ec->key);
-                ec->key = tkey;
-                ec->keylen = tkeylen;
-                tkey = NULL;
-                ERR_clear_error();
-            }
-        }
-    }
-
-    if (EVP_CipherInit_ex(ctx, NULL, NULL, ec->key, piv, enc) <= 0) {
-        CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
-               CMS_R_CIPHER_INITIALISATION_ERROR);
-        goto err;
-    }
-
-    if (piv) {
-        calg->parameter = ASN1_TYPE_new();
-        if (!calg->parameter) {
-            CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-        if (EVP_CIPHER_param_to_asn1(ctx, calg->parameter) <= 0) {
-            CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
-                   CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
-            goto err;
-        }
-    }
-    ok = 1;
-
- err:
-    if (ec->key && (!keep_key || !ok)) {
-        OPENSSL_cleanse(ec->key, ec->keylen);
-        OPENSSL_free(ec->key);
-        ec->key = NULL;
-    }
-    if (tkey) {
-        OPENSSL_cleanse(tkey, tkeylen);
-        OPENSSL_free(tkey);
-    }
-    if (ok)
-        return b;
-    BIO_free(b);
-    return NULL;
-}
-
-int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
-                              const EVP_CIPHER *cipher,
-                              const unsigned char *key, size_t keylen)
-{
-    ec->cipher = cipher;
-    if (key) {
-        ec->key = OPENSSL_malloc(keylen);
-        if (!ec->key)
-            return 0;
-        memcpy(ec->key, key, keylen);
-    }
-    ec->keylen = keylen;
-    if (cipher)
-        ec->contentType = OBJ_nid2obj(NID_pkcs7_data);
-    return 1;
-}
-
-int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
-                               const unsigned char *key, size_t keylen)
-{
-    CMS_EncryptedContentInfo *ec;
-    if (!key || !keylen) {
-        CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, CMS_R_NO_KEY);
-        return 0;
-    }
-    if (ciph) {
-        cms->d.encryptedData = M_ASN1_new_of(CMS_EncryptedData);
-        if (!cms->d.encryptedData) {
-            CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, ERR_R_MALLOC_FAILURE);
-            return 0;
-        }
-        cms->contentType = OBJ_nid2obj(NID_pkcs7_encrypted);
-        cms->d.encryptedData->version = 0;
-    } else if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_encrypted) {
-        CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, CMS_R_NOT_ENCRYPTED_DATA);
-        return 0;
-    }
-    ec = cms->d.encryptedData->encryptedContentInfo;
-    return cms_EncryptedContent_init(ec, ciph, key, keylen);
-}
-
-BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms)
-{
-    CMS_EncryptedData *enc = cms->d.encryptedData;
-    if (enc->encryptedContentInfo->cipher && enc->unprotectedAttrs)
-        enc->version = 2;
-    return cms_EncryptedContent_init_bio(enc->encryptedContentInfo);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/cms/cms_enc.c (from rev 11605, vendor-crypto/openssl/dist/crypto/cms/cms_enc.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/cms/cms_enc.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/cms/cms_enc.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,264 @@
+/* crypto/cms/cms_enc.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include <openssl/rand.h>
+#include "cms_lcl.h"
+
+/* CMS EncryptedData Utilities */
+
+DECLARE_ASN1_ITEM(CMS_EncryptedData)
+
+/* Return BIO based on EncryptedContentInfo and key */
+
+BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
+{
+    BIO *b;
+    EVP_CIPHER_CTX *ctx;
+    const EVP_CIPHER *ciph;
+    X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
+    unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
+    unsigned char *tkey = NULL;
+    size_t tkeylen = 0;
+
+    int ok = 0;
+
+    int enc, keep_key = 0;
+
+    enc = ec->cipher ? 1 : 0;
+
+    b = BIO_new(BIO_f_cipher());
+    if (!b) {
+        CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    BIO_get_cipher_ctx(b, &ctx);
+
+    if (enc) {
+        ciph = ec->cipher;
+        /*
+         * If not keeping key set cipher to NULL so subsequent calls decrypt.
+         */
+        if (ec->key)
+            ec->cipher = NULL;
+    } else {
+        ciph = EVP_get_cipherbyobj(calg->algorithm);
+
+        if (!ciph) {
+            CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, CMS_R_UNKNOWN_CIPHER);
+            goto err;
+        }
+    }
+
+    if (EVP_CipherInit_ex(ctx, ciph, NULL, NULL, NULL, enc) <= 0) {
+        CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+               CMS_R_CIPHER_INITIALISATION_ERROR);
+        goto err;
+    }
+
+    if (enc) {
+        int ivlen;
+        calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
+        /* Generate a random IV if we need one */
+        ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+        if (ivlen > 0) {
+            if (RAND_bytes(iv, ivlen) <= 0)
+                goto err;
+            piv = iv;
+        }
+    } else if (EVP_CIPHER_asn1_to_param(ctx, calg->parameter) <= 0) {
+        CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+               CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
+        goto err;
+    }
+    tkeylen = EVP_CIPHER_CTX_key_length(ctx);
+    /* Generate random session key */
+    if (!enc || !ec->key) {
+        tkey = OPENSSL_malloc(tkeylen);
+        if (!tkey) {
+            CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (EVP_CIPHER_CTX_rand_key(ctx, tkey) <= 0)
+            goto err;
+    }
+
+    if (!ec->key) {
+        ec->key = tkey;
+        ec->keylen = tkeylen;
+        tkey = NULL;
+        if (enc)
+            keep_key = 1;
+        else
+            ERR_clear_error();
+
+    }
+
+    if (ec->keylen != tkeylen) {
+        /* If necessary set key length */
+        if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0) {
+            /*
+             * Only reveal failure if debugging so we don't leak information
+             * which may be useful in MMA.
+             */
+            if (enc || ec->debug) {
+                CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+                       CMS_R_INVALID_KEY_LENGTH);
+                goto err;
+            } else {
+                /* Use random key */
+                OPENSSL_cleanse(ec->key, ec->keylen);
+                OPENSSL_free(ec->key);
+                ec->key = tkey;
+                ec->keylen = tkeylen;
+                tkey = NULL;
+                ERR_clear_error();
+            }
+        }
+    }
+
+    if (EVP_CipherInit_ex(ctx, NULL, NULL, ec->key, piv, enc) <= 0) {
+        CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+               CMS_R_CIPHER_INITIALISATION_ERROR);
+        goto err;
+    }
+    if (enc) {
+        calg->parameter = ASN1_TYPE_new();
+        if (calg->parameter == NULL) {
+            CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (EVP_CIPHER_param_to_asn1(ctx, calg->parameter) <= 0) {
+            CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+                   CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
+            goto err;
+        }
+        /* If parameter type not set omit parameter */
+        if (calg->parameter->type == V_ASN1_UNDEF) {
+            ASN1_TYPE_free(calg->parameter);
+            calg->parameter = NULL;
+        }
+    }
+    ok = 1;
+
+ err:
+    if (ec->key && (!keep_key || !ok)) {
+        OPENSSL_cleanse(ec->key, ec->keylen);
+        OPENSSL_free(ec->key);
+        ec->key = NULL;
+    }
+    if (tkey) {
+        OPENSSL_cleanse(tkey, tkeylen);
+        OPENSSL_free(tkey);
+    }
+    if (ok)
+        return b;
+    BIO_free(b);
+    return NULL;
+}
+
+int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
+                              const EVP_CIPHER *cipher,
+                              const unsigned char *key, size_t keylen)
+{
+    ec->cipher = cipher;
+    if (key) {
+        ec->key = OPENSSL_malloc(keylen);
+        if (!ec->key)
+            return 0;
+        memcpy(ec->key, key, keylen);
+    }
+    ec->keylen = keylen;
+    if (cipher)
+        ec->contentType = OBJ_nid2obj(NID_pkcs7_data);
+    return 1;
+}
+
+int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
+                               const unsigned char *key, size_t keylen)
+{
+    CMS_EncryptedContentInfo *ec;
+    if (!key || !keylen) {
+        CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, CMS_R_NO_KEY);
+        return 0;
+    }
+    if (ciph) {
+        cms->d.encryptedData = M_ASN1_new_of(CMS_EncryptedData);
+        if (!cms->d.encryptedData) {
+            CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        cms->contentType = OBJ_nid2obj(NID_pkcs7_encrypted);
+        cms->d.encryptedData->version = 0;
+    } else if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_encrypted) {
+        CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, CMS_R_NOT_ENCRYPTED_DATA);
+        return 0;
+    }
+    ec = cms->d.encryptedData->encryptedContentInfo;
+    return cms_EncryptedContent_init(ec, ciph, key, keylen);
+}
+
+BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms)
+{
+    CMS_EncryptedData *enc = cms->d.encryptedData;
+    if (enc->encryptedContentInfo->cipher && enc->unprotectedAttrs)
+        enc->version = 2;
+    return cms_EncryptedContent_init_bio(enc->encryptedContentInfo);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/cms/cms_ess.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/cms/cms_ess.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/cms/cms_ess.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,395 +0,0 @@
-/* crypto/cms/cms_ess.c */
-/*
- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/pem.h>
-#include <openssl/rand.h>
-#include <openssl/x509v3.h>
-#include <openssl/err.h>
-#include <openssl/cms.h>
-#include "cms_lcl.h"
-
-DECLARE_ASN1_ITEM(CMS_ReceiptRequest)
-DECLARE_ASN1_ITEM(CMS_Receipt)
-
-IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest)
-
-/* ESS services: for now just Signed Receipt related */
-
-int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr)
-{
-    ASN1_STRING *str;
-    CMS_ReceiptRequest *rr = NULL;
-    if (prr)
-        *prr = NULL;
-    str = CMS_signed_get0_data_by_OBJ(si,
-                                      OBJ_nid2obj
-                                      (NID_id_smime_aa_receiptRequest), -3,
-                                      V_ASN1_SEQUENCE);
-    if (!str)
-        return 0;
-
-    rr = ASN1_item_unpack(str, ASN1_ITEM_rptr(CMS_ReceiptRequest));
-    if (!rr)
-        return -1;
-    if (prr)
-        *prr = rr;
-    else
-        CMS_ReceiptRequest_free(rr);
-    return 1;
-}
-
-CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
-                                               int allorfirst,
-                                               STACK_OF(GENERAL_NAMES)
-                                               *receiptList, STACK_OF(GENERAL_NAMES)
-                                               *receiptsTo)
-{
-    CMS_ReceiptRequest *rr = NULL;
-
-    rr = CMS_ReceiptRequest_new();
-    if (!rr)
-        goto merr;
-    if (id)
-        ASN1_STRING_set0(rr->signedContentIdentifier, id, idlen);
-    else {
-        if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32))
-            goto merr;
-        if (RAND_pseudo_bytes(rr->signedContentIdentifier->data, 32)
-            <= 0)
-            goto err;
-    }
-
-    sk_GENERAL_NAMES_pop_free(rr->receiptsTo, GENERAL_NAMES_free);
-    rr->receiptsTo = receiptsTo;
-
-    if (receiptList) {
-        rr->receiptsFrom->type = 1;
-        rr->receiptsFrom->d.receiptList = receiptList;
-    } else {
-        rr->receiptsFrom->type = 0;
-        rr->receiptsFrom->d.allOrFirstTier = allorfirst;
-    }
-
-    return rr;
-
- merr:
-    CMSerr(CMS_F_CMS_RECEIPTREQUEST_CREATE0, ERR_R_MALLOC_FAILURE);
-
- err:
-    if (rr)
-        CMS_ReceiptRequest_free(rr);
-
-    return NULL;
-
-}
-
-int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
-{
-    unsigned char *rrder = NULL;
-    int rrderlen, r = 0;
-
-    rrderlen = i2d_CMS_ReceiptRequest(rr, &rrder);
-    if (rrderlen < 0)
-        goto merr;
-
-    if (!CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_receiptRequest,
-                                     V_ASN1_SEQUENCE, rrder, rrderlen))
-        goto merr;
-
-    r = 1;
-
- merr:
-    if (!r)
-        CMSerr(CMS_F_CMS_ADD1_RECEIPTREQUEST, ERR_R_MALLOC_FAILURE);
-
-    if (rrder)
-        OPENSSL_free(rrder);
-
-    return r;
-
-}
-
-void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
-                                    ASN1_STRING **pcid,
-                                    int *pallorfirst,
-                                    STACK_OF(GENERAL_NAMES) **plist,
-                                    STACK_OF(GENERAL_NAMES) **prto)
-{
-    if (pcid)
-        *pcid = rr->signedContentIdentifier;
-    if (rr->receiptsFrom->type == 0) {
-        if (pallorfirst)
-            *pallorfirst = (int)rr->receiptsFrom->d.allOrFirstTier;
-        if (plist)
-            *plist = NULL;
-    } else {
-        if (pallorfirst)
-            *pallorfirst = -1;
-        if (plist)
-            *plist = rr->receiptsFrom->d.receiptList;
-    }
-    if (prto)
-        *prto = rr->receiptsTo;
-}
-
-/* Digest a SignerInfo structure for msgSigDigest attribute processing */
-
-static int cms_msgSigDigest(CMS_SignerInfo *si,
-                            unsigned char *dig, unsigned int *diglen)
-{
-    const EVP_MD *md;
-    md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
-    if (md == NULL)
-        return 0;
-    if (!ASN1_item_digest(ASN1_ITEM_rptr(CMS_Attributes_Verify), md,
-                          si->signedAttrs, dig, diglen))
-        return 0;
-    return 1;
-}
-
-/* Add a msgSigDigest attribute to a SignerInfo */
-
-int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src)
-{
-    unsigned char dig[EVP_MAX_MD_SIZE];
-    unsigned int diglen;
-    if (!cms_msgSigDigest(src, dig, &diglen)) {
-        CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, CMS_R_MSGSIGDIGEST_ERROR);
-        return 0;
-    }
-    if (!CMS_signed_add1_attr_by_NID(dest, NID_id_smime_aa_msgSigDigest,
-                                     V_ASN1_OCTET_STRING, dig, diglen)) {
-        CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-    return 1;
-}
-
-/* Verify signed receipt after it has already passed normal CMS verify */
-
-int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
-{
-    int r = 0, i;
-    CMS_ReceiptRequest *rr = NULL;
-    CMS_Receipt *rct = NULL;
-    STACK_OF(CMS_SignerInfo) *sis, *osis;
-    CMS_SignerInfo *si, *osi = NULL;
-    ASN1_OCTET_STRING *msig, **pcont;
-    ASN1_OBJECT *octype;
-    unsigned char dig[EVP_MAX_MD_SIZE];
-    unsigned int diglen;
-
-    /* Get SignerInfos, also checks SignedData content type */
-    osis = CMS_get0_SignerInfos(req_cms);
-    sis = CMS_get0_SignerInfos(cms);
-    if (!osis || !sis)
-        goto err;
-
-    if (sk_CMS_SignerInfo_num(sis) != 1) {
-        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NEED_ONE_SIGNER);
-        goto err;
-    }
-
-    /* Check receipt content type */
-    if (OBJ_obj2nid(CMS_get0_eContentType(cms)) != NID_id_smime_ct_receipt) {
-        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NOT_A_SIGNED_RECEIPT);
-        goto err;
-    }
-
-    /* Extract and decode receipt content */
-    pcont = CMS_get0_content(cms);
-    if (!pcont || !*pcont) {
-        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT);
-        goto err;
-    }
-
-    rct = ASN1_item_unpack(*pcont, ASN1_ITEM_rptr(CMS_Receipt));
-
-    if (!rct) {
-        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_RECEIPT_DECODE_ERROR);
-        goto err;
-    }
-
-    /* Locate original request */
-
-    for (i = 0; i < sk_CMS_SignerInfo_num(osis); i++) {
-        osi = sk_CMS_SignerInfo_value(osis, i);
-        if (!ASN1_STRING_cmp(osi->signature, rct->originatorSignatureValue))
-            break;
-    }
-
-    if (i == sk_CMS_SignerInfo_num(osis)) {
-        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MATCHING_SIGNATURE);
-        goto err;
-    }
-
-    si = sk_CMS_SignerInfo_value(sis, 0);
-
-    /* Get msgSigDigest value and compare */
-
-    msig = CMS_signed_get0_data_by_OBJ(si,
-                                       OBJ_nid2obj
-                                       (NID_id_smime_aa_msgSigDigest), -3,
-                                       V_ASN1_OCTET_STRING);
-
-    if (!msig) {
-        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MSGSIGDIGEST);
-        goto err;
-    }
-
-    if (!cms_msgSigDigest(osi, dig, &diglen)) {
-        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_MSGSIGDIGEST_ERROR);
-        goto err;
-    }
-
-    if (diglen != (unsigned int)msig->length) {
-        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_MSGSIGDIGEST_WRONG_LENGTH);
-        goto err;
-    }
-
-    if (memcmp(dig, msig->data, diglen)) {
-        CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
-               CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE);
-        goto err;
-    }
-
-    /* Compare content types */
-
-    octype = CMS_signed_get0_data_by_OBJ(osi,
-                                         OBJ_nid2obj(NID_pkcs9_contentType),
-                                         -3, V_ASN1_OBJECT);
-    if (!octype) {
-        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT_TYPE);
-        goto err;
-    }
-
-    /* Compare details in receipt request */
-
-    if (OBJ_cmp(octype, rct->contentType)) {
-        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_CONTENT_TYPE_MISMATCH);
-        goto err;
-    }
-
-    /* Get original receipt request details */
-
-    if (CMS_get1_ReceiptRequest(osi, &rr) <= 0) {
-        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST);
-        goto err;
-    }
-
-    if (ASN1_STRING_cmp(rr->signedContentIdentifier,
-                        rct->signedContentIdentifier)) {
-        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_CONTENTIDENTIFIER_MISMATCH);
-        goto err;
-    }
-
-    r = 1;
-
- err:
-    if (rr)
-        CMS_ReceiptRequest_free(rr);
-    if (rct)
-        M_ASN1_free_of(rct, CMS_Receipt);
-
-    return r;
-
-}
-
-/*
- * Encode a Receipt into an OCTET STRING read for including into content of a
- * SignedData ContentInfo.
- */
-
-ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
-{
-    CMS_Receipt rct;
-    CMS_ReceiptRequest *rr = NULL;
-    ASN1_OBJECT *ctype;
-    ASN1_OCTET_STRING *os = NULL;
-
-    /* Get original receipt request */
-
-    /* Get original receipt request details */
-
-    if (CMS_get1_ReceiptRequest(si, &rr) <= 0) {
-        CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST);
-        goto err;
-    }
-
-    /* Get original content type */
-
-    ctype = CMS_signed_get0_data_by_OBJ(si,
-                                        OBJ_nid2obj(NID_pkcs9_contentType),
-                                        -3, V_ASN1_OBJECT);
-    if (!ctype) {
-        CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_CONTENT_TYPE);
-        goto err;
-    }
-
-    rct.version = 1;
-    rct.contentType = ctype;
-    rct.signedContentIdentifier = rr->signedContentIdentifier;
-    rct.originatorSignatureValue = si->signature;
-
-    os = ASN1_item_pack(&rct, ASN1_ITEM_rptr(CMS_Receipt), NULL);
-
- err:
-    if (rr)
-        CMS_ReceiptRequest_free(rr);
-
-    return os;
-
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/cms/cms_ess.c (from rev 11605, vendor-crypto/openssl/dist/crypto/cms/cms_ess.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/cms/cms_ess.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/cms/cms_ess.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,394 @@
+/* crypto/cms/cms_ess.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/rand.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include "cms_lcl.h"
+
+DECLARE_ASN1_ITEM(CMS_ReceiptRequest)
+DECLARE_ASN1_ITEM(CMS_Receipt)
+
+IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest)
+
+/* ESS services: for now just Signed Receipt related */
+
+int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr)
+{
+    ASN1_STRING *str;
+    CMS_ReceiptRequest *rr = NULL;
+    if (prr)
+        *prr = NULL;
+    str = CMS_signed_get0_data_by_OBJ(si,
+                                      OBJ_nid2obj
+                                      (NID_id_smime_aa_receiptRequest), -3,
+                                      V_ASN1_SEQUENCE);
+    if (!str)
+        return 0;
+
+    rr = ASN1_item_unpack(str, ASN1_ITEM_rptr(CMS_ReceiptRequest));
+    if (!rr)
+        return -1;
+    if (prr)
+        *prr = rr;
+    else
+        CMS_ReceiptRequest_free(rr);
+    return 1;
+}
+
+CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
+                                               int allorfirst,
+                                               STACK_OF(GENERAL_NAMES)
+                                               *receiptList, STACK_OF(GENERAL_NAMES)
+                                               *receiptsTo)
+{
+    CMS_ReceiptRequest *rr = NULL;
+
+    rr = CMS_ReceiptRequest_new();
+    if (!rr)
+        goto merr;
+    if (id)
+        ASN1_STRING_set0(rr->signedContentIdentifier, id, idlen);
+    else {
+        if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32))
+            goto merr;
+        if (RAND_bytes(rr->signedContentIdentifier->data, 32) <= 0)
+            goto err;
+    }
+
+    sk_GENERAL_NAMES_pop_free(rr->receiptsTo, GENERAL_NAMES_free);
+    rr->receiptsTo = receiptsTo;
+
+    if (receiptList) {
+        rr->receiptsFrom->type = 1;
+        rr->receiptsFrom->d.receiptList = receiptList;
+    } else {
+        rr->receiptsFrom->type = 0;
+        rr->receiptsFrom->d.allOrFirstTier = allorfirst;
+    }
+
+    return rr;
+
+ merr:
+    CMSerr(CMS_F_CMS_RECEIPTREQUEST_CREATE0, ERR_R_MALLOC_FAILURE);
+
+ err:
+    if (rr)
+        CMS_ReceiptRequest_free(rr);
+
+    return NULL;
+
+}
+
+int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
+{
+    unsigned char *rrder = NULL;
+    int rrderlen, r = 0;
+
+    rrderlen = i2d_CMS_ReceiptRequest(rr, &rrder);
+    if (rrderlen < 0)
+        goto merr;
+
+    if (!CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_receiptRequest,
+                                     V_ASN1_SEQUENCE, rrder, rrderlen))
+        goto merr;
+
+    r = 1;
+
+ merr:
+    if (!r)
+        CMSerr(CMS_F_CMS_ADD1_RECEIPTREQUEST, ERR_R_MALLOC_FAILURE);
+
+    if (rrder)
+        OPENSSL_free(rrder);
+
+    return r;
+
+}
+
+void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
+                                    ASN1_STRING **pcid,
+                                    int *pallorfirst,
+                                    STACK_OF(GENERAL_NAMES) **plist,
+                                    STACK_OF(GENERAL_NAMES) **prto)
+{
+    if (pcid)
+        *pcid = rr->signedContentIdentifier;
+    if (rr->receiptsFrom->type == 0) {
+        if (pallorfirst)
+            *pallorfirst = (int)rr->receiptsFrom->d.allOrFirstTier;
+        if (plist)
+            *plist = NULL;
+    } else {
+        if (pallorfirst)
+            *pallorfirst = -1;
+        if (plist)
+            *plist = rr->receiptsFrom->d.receiptList;
+    }
+    if (prto)
+        *prto = rr->receiptsTo;
+}
+
+/* Digest a SignerInfo structure for msgSigDigest attribute processing */
+
+static int cms_msgSigDigest(CMS_SignerInfo *si,
+                            unsigned char *dig, unsigned int *diglen)
+{
+    const EVP_MD *md;
+    md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
+    if (md == NULL)
+        return 0;
+    if (!ASN1_item_digest(ASN1_ITEM_rptr(CMS_Attributes_Verify), md,
+                          si->signedAttrs, dig, diglen))
+        return 0;
+    return 1;
+}
+
+/* Add a msgSigDigest attribute to a SignerInfo */
+
+int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src)
+{
+    unsigned char dig[EVP_MAX_MD_SIZE];
+    unsigned int diglen;
+    if (!cms_msgSigDigest(src, dig, &diglen)) {
+        CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, CMS_R_MSGSIGDIGEST_ERROR);
+        return 0;
+    }
+    if (!CMS_signed_add1_attr_by_NID(dest, NID_id_smime_aa_msgSigDigest,
+                                     V_ASN1_OCTET_STRING, dig, diglen)) {
+        CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+/* Verify signed receipt after it has already passed normal CMS verify */
+
+int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
+{
+    int r = 0, i;
+    CMS_ReceiptRequest *rr = NULL;
+    CMS_Receipt *rct = NULL;
+    STACK_OF(CMS_SignerInfo) *sis, *osis;
+    CMS_SignerInfo *si, *osi = NULL;
+    ASN1_OCTET_STRING *msig, **pcont;
+    ASN1_OBJECT *octype;
+    unsigned char dig[EVP_MAX_MD_SIZE];
+    unsigned int diglen;
+
+    /* Get SignerInfos, also checks SignedData content type */
+    osis = CMS_get0_SignerInfos(req_cms);
+    sis = CMS_get0_SignerInfos(cms);
+    if (!osis || !sis)
+        goto err;
+
+    if (sk_CMS_SignerInfo_num(sis) != 1) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NEED_ONE_SIGNER);
+        goto err;
+    }
+
+    /* Check receipt content type */
+    if (OBJ_obj2nid(CMS_get0_eContentType(cms)) != NID_id_smime_ct_receipt) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NOT_A_SIGNED_RECEIPT);
+        goto err;
+    }
+
+    /* Extract and decode receipt content */
+    pcont = CMS_get0_content(cms);
+    if (!pcont || !*pcont) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT);
+        goto err;
+    }
+
+    rct = ASN1_item_unpack(*pcont, ASN1_ITEM_rptr(CMS_Receipt));
+
+    if (!rct) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_RECEIPT_DECODE_ERROR);
+        goto err;
+    }
+
+    /* Locate original request */
+
+    for (i = 0; i < sk_CMS_SignerInfo_num(osis); i++) {
+        osi = sk_CMS_SignerInfo_value(osis, i);
+        if (!ASN1_STRING_cmp(osi->signature, rct->originatorSignatureValue))
+            break;
+    }
+
+    if (i == sk_CMS_SignerInfo_num(osis)) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MATCHING_SIGNATURE);
+        goto err;
+    }
+
+    si = sk_CMS_SignerInfo_value(sis, 0);
+
+    /* Get msgSigDigest value and compare */
+
+    msig = CMS_signed_get0_data_by_OBJ(si,
+                                       OBJ_nid2obj
+                                       (NID_id_smime_aa_msgSigDigest), -3,
+                                       V_ASN1_OCTET_STRING);
+
+    if (!msig) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MSGSIGDIGEST);
+        goto err;
+    }
+
+    if (!cms_msgSigDigest(osi, dig, &diglen)) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_MSGSIGDIGEST_ERROR);
+        goto err;
+    }
+
+    if (diglen != (unsigned int)msig->length) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_MSGSIGDIGEST_WRONG_LENGTH);
+        goto err;
+    }
+
+    if (memcmp(dig, msig->data, diglen)) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
+               CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE);
+        goto err;
+    }
+
+    /* Compare content types */
+
+    octype = CMS_signed_get0_data_by_OBJ(osi,
+                                         OBJ_nid2obj(NID_pkcs9_contentType),
+                                         -3, V_ASN1_OBJECT);
+    if (!octype) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT_TYPE);
+        goto err;
+    }
+
+    /* Compare details in receipt request */
+
+    if (OBJ_cmp(octype, rct->contentType)) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_CONTENT_TYPE_MISMATCH);
+        goto err;
+    }
+
+    /* Get original receipt request details */
+
+    if (CMS_get1_ReceiptRequest(osi, &rr) <= 0) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST);
+        goto err;
+    }
+
+    if (ASN1_STRING_cmp(rr->signedContentIdentifier,
+                        rct->signedContentIdentifier)) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_CONTENTIDENTIFIER_MISMATCH);
+        goto err;
+    }
+
+    r = 1;
+
+ err:
+    if (rr)
+        CMS_ReceiptRequest_free(rr);
+    if (rct)
+        M_ASN1_free_of(rct, CMS_Receipt);
+
+    return r;
+
+}
+
+/*
+ * Encode a Receipt into an OCTET STRING read for including into content of a
+ * SignedData ContentInfo.
+ */
+
+ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
+{
+    CMS_Receipt rct;
+    CMS_ReceiptRequest *rr = NULL;
+    ASN1_OBJECT *ctype;
+    ASN1_OCTET_STRING *os = NULL;
+
+    /* Get original receipt request */
+
+    /* Get original receipt request details */
+
+    if (CMS_get1_ReceiptRequest(si, &rr) <= 0) {
+        CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST);
+        goto err;
+    }
+
+    /* Get original content type */
+
+    ctype = CMS_signed_get0_data_by_OBJ(si,
+                                        OBJ_nid2obj(NID_pkcs9_contentType),
+                                        -3, V_ASN1_OBJECT);
+    if (!ctype) {
+        CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_CONTENT_TYPE);
+        goto err;
+    }
+
+    rct.version = 1;
+    rct.contentType = ctype;
+    rct.signedContentIdentifier = rr->signedContentIdentifier;
+    rct.originatorSignatureValue = si->signature;
+
+    os = ASN1_item_pack(&rct, ASN1_ITEM_rptr(CMS_Receipt), NULL);
+
+ err:
+    if (rr)
+        CMS_ReceiptRequest_free(rr);
+
+    return os;
+
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/cms/cms_pwri.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/cms/cms_pwri.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/cms/cms_pwri.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,435 +0,0 @@
-/* crypto/cms/cms_pwri.c */
-/*
- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2009 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-#include <openssl/err.h>
-#include <openssl/cms.h>
-#include <openssl/rand.h>
-#include <openssl/aes.h>
-#include "cms_lcl.h"
-#include "asn1_locl.h"
-
-int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
-                                    unsigned char *pass, ossl_ssize_t passlen)
-{
-    CMS_PasswordRecipientInfo *pwri;
-    if (ri->type != CMS_RECIPINFO_PASS) {
-        CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD, CMS_R_NOT_PWRI);
-        return 0;
-    }
-
-    pwri = ri->d.pwri;
-    pwri->pass = pass;
-    if (pass && passlen < 0)
-        passlen = strlen((char *)pass);
-    pwri->passlen = passlen;
-    return 1;
-}
-
-CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
-                                               int iter, int wrap_nid,
-                                               int pbe_nid,
-                                               unsigned char *pass,
-                                               ossl_ssize_t passlen,
-                                               const EVP_CIPHER *kekciph)
-{
-    CMS_RecipientInfo *ri = NULL;
-    CMS_EnvelopedData *env;
-    CMS_PasswordRecipientInfo *pwri;
-    EVP_CIPHER_CTX ctx;
-    X509_ALGOR *encalg = NULL;
-    unsigned char iv[EVP_MAX_IV_LENGTH];
-    int ivlen;
-
-    env = cms_get0_enveloped(cms);
-    if (!env)
-        return NULL;
-
-    if (wrap_nid <= 0)
-        wrap_nid = NID_id_alg_PWRI_KEK;
-
-    if (pbe_nid <= 0)
-        pbe_nid = NID_id_pbkdf2;
-
-    /* Get from enveloped data */
-    if (kekciph == NULL)
-        kekciph = env->encryptedContentInfo->cipher;
-
-    if (kekciph == NULL) {
-        CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, CMS_R_NO_CIPHER);
-        return NULL;
-    }
-    if (wrap_nid != NID_id_alg_PWRI_KEK) {
-        CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
-               CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
-        return NULL;
-    }
-
-    /* Setup algorithm identifier for cipher */
-    encalg = X509_ALGOR_new();
-    if (encalg == NULL) {
-        goto merr;
-    }
-    EVP_CIPHER_CTX_init(&ctx);
-
-    if (EVP_EncryptInit_ex(&ctx, kekciph, NULL, NULL, NULL) <= 0) {
-        CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB);
-        goto err;
-    }
-
-    ivlen = EVP_CIPHER_CTX_iv_length(&ctx);
-
-    if (ivlen > 0) {
-        if (RAND_pseudo_bytes(iv, ivlen) <= 0)
-            goto err;
-        if (EVP_EncryptInit_ex(&ctx, NULL, NULL, NULL, iv) <= 0) {
-            CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB);
-            goto err;
-        }
-        encalg->parameter = ASN1_TYPE_new();
-        if (!encalg->parameter) {
-            CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-        if (EVP_CIPHER_param_to_asn1(&ctx, encalg->parameter) <= 0) {
-            CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
-                   CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
-            goto err;
-        }
-    }
-
-    encalg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(&ctx));
-
-    EVP_CIPHER_CTX_cleanup(&ctx);
-
-    /* Initialize recipient info */
-    ri = M_ASN1_new_of(CMS_RecipientInfo);
-    if (!ri)
-        goto merr;
-
-    ri->d.pwri = M_ASN1_new_of(CMS_PasswordRecipientInfo);
-    if (!ri->d.pwri)
-        goto merr;
-    ri->type = CMS_RECIPINFO_PASS;
-
-    pwri = ri->d.pwri;
-    /* Since this is overwritten, free up empty structure already there */
-    X509_ALGOR_free(pwri->keyEncryptionAlgorithm);
-    pwri->keyEncryptionAlgorithm = X509_ALGOR_new();
-    if (!pwri->keyEncryptionAlgorithm)
-        goto merr;
-    pwri->keyEncryptionAlgorithm->algorithm = OBJ_nid2obj(wrap_nid);
-    pwri->keyEncryptionAlgorithm->parameter = ASN1_TYPE_new();
-    if (!pwri->keyEncryptionAlgorithm->parameter)
-        goto merr;
-
-    if (!ASN1_item_pack(encalg, ASN1_ITEM_rptr(X509_ALGOR),
-                        &pwri->keyEncryptionAlgorithm->parameter->
-                        value.sequence))
-         goto merr;
-    pwri->keyEncryptionAlgorithm->parameter->type = V_ASN1_SEQUENCE;
-
-    X509_ALGOR_free(encalg);
-    encalg = NULL;
-
-    /* Setup PBE algorithm */
-
-    pwri->keyDerivationAlgorithm = PKCS5_pbkdf2_set(iter, NULL, 0, -1, -1);
-
-    if (!pwri->keyDerivationAlgorithm)
-        goto err;
-
-    CMS_RecipientInfo_set0_password(ri, pass, passlen);
-    pwri->version = 0;
-
-    if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
-        goto merr;
-
-    return ri;
-
- merr:
-    CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_MALLOC_FAILURE);
- err:
-    EVP_CIPHER_CTX_cleanup(&ctx);
-    if (ri)
-        M_ASN1_free_of(ri, CMS_RecipientInfo);
-    if (encalg)
-        X509_ALGOR_free(encalg);
-    return NULL;
-
-}
-
-/*
- * This is an implementation of the key wrapping mechanism in RFC3211, at
- * some point this should go into EVP.
- */
-
-static int kek_unwrap_key(unsigned char *out, size_t *outlen,
-                          const unsigned char *in, size_t inlen,
-                          EVP_CIPHER_CTX *ctx)
-{
-    size_t blocklen = EVP_CIPHER_CTX_block_size(ctx);
-    unsigned char *tmp;
-    int outl, rv = 0;
-    if (inlen < 2 * blocklen) {
-        /* too small */
-        return 0;
-    }
-    if (inlen % blocklen) {
-        /* Invalid size */
-        return 0;
-    }
-    tmp = OPENSSL_malloc(inlen);
-    if (!tmp)
-        return 0;
-    /* setup IV by decrypting last two blocks */
-    EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl,
-                      in + inlen - 2 * blocklen, blocklen * 2);
-    /*
-     * Do a decrypt of last decrypted block to set IV to correct value output
-     * it to start of buffer so we don't corrupt decrypted block this works
-     * because buffer is at least two block lengths long.
-     */
-    EVP_DecryptUpdate(ctx, tmp, &outl, tmp + inlen - blocklen, blocklen);
-    /* Can now decrypt first n - 1 blocks */
-    EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen);
-
-    /* Reset IV to original value */
-    EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL);
-    /* Decrypt again */
-    EVP_DecryptUpdate(ctx, tmp, &outl, tmp, inlen);
-    /* Check check bytes */
-    if (((tmp[1] ^ tmp[4]) & (tmp[2] ^ tmp[5]) & (tmp[3] ^ tmp[6])) != 0xff) {
-        /* Check byte failure */
-        goto err;
-    }
-    if (inlen < (size_t)(tmp[0] - 4)) {
-        /* Invalid length value */
-        goto err;
-    }
-    *outlen = (size_t)tmp[0];
-    memcpy(out, tmp + 4, *outlen);
-    rv = 1;
- err:
-    OPENSSL_cleanse(tmp, inlen);
-    OPENSSL_free(tmp);
-    return rv;
-
-}
-
-static int kek_wrap_key(unsigned char *out, size_t *outlen,
-                        const unsigned char *in, size_t inlen,
-                        EVP_CIPHER_CTX *ctx)
-{
-    size_t blocklen = EVP_CIPHER_CTX_block_size(ctx);
-    size_t olen;
-    int dummy;
-    /*
-     * First decide length of output buffer: need header and round up to
-     * multiple of block length.
-     */
-    olen = (inlen + 4 + blocklen - 1) / blocklen;
-    olen *= blocklen;
-    if (olen < 2 * blocklen) {
-        /* Key too small */
-        return 0;
-    }
-    if (inlen > 0xFF) {
-        /* Key too large */
-        return 0;
-    }
-    if (out) {
-        /* Set header */
-        out[0] = (unsigned char)inlen;
-        out[1] = in[0] ^ 0xFF;
-        out[2] = in[1] ^ 0xFF;
-        out[3] = in[2] ^ 0xFF;
-        memcpy(out + 4, in, inlen);
-        /* Add random padding to end */
-        if (olen > inlen + 4
-            && RAND_pseudo_bytes(out + 4 + inlen, olen - 4 - inlen) < 0)
-            return 0;
-        /* Encrypt twice */
-        EVP_EncryptUpdate(ctx, out, &dummy, out, olen);
-        EVP_EncryptUpdate(ctx, out, &dummy, out, olen);
-    }
-
-    *outlen = olen;
-
-    return 1;
-}
-
-/* Encrypt/Decrypt content key in PWRI recipient info */
-
-int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
-                                 int en_de)
-{
-    CMS_EncryptedContentInfo *ec;
-    CMS_PasswordRecipientInfo *pwri;
-    const unsigned char *p = NULL;
-    int plen;
-    int r = 0;
-    X509_ALGOR *algtmp, *kekalg = NULL;
-    EVP_CIPHER_CTX kekctx;
-    const EVP_CIPHER *kekcipher;
-    unsigned char *key = NULL;
-    size_t keylen;
-
-    ec = cms->d.envelopedData->encryptedContentInfo;
-
-    pwri = ri->d.pwri;
-    EVP_CIPHER_CTX_init(&kekctx);
-
-    if (!pwri->pass) {
-        CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_NO_PASSWORD);
-        return 0;
-    }
-    algtmp = pwri->keyEncryptionAlgorithm;
-
-    if (!algtmp || OBJ_obj2nid(algtmp->algorithm) != NID_id_alg_PWRI_KEK) {
-        CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
-               CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
-        return 0;
-    }
-
-    if (algtmp->parameter->type == V_ASN1_SEQUENCE) {
-        p = algtmp->parameter->value.sequence->data;
-        plen = algtmp->parameter->value.sequence->length;
-        kekalg = d2i_X509_ALGOR(NULL, &p, plen);
-    }
-    if (kekalg == NULL) {
-        CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
-               CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER);
-        return 0;
-    }
-
-    kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);
-
-    if (!kekcipher) {
-        CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNKNOWN_CIPHER);
-        goto err;
-    }
-
-    /* Fixup cipher based on AlgorithmIdentifier to set IV etc */
-    if (!EVP_CipherInit_ex(&kekctx, kekcipher, NULL, NULL, NULL, en_de))
-        goto err;
-    EVP_CIPHER_CTX_set_padding(&kekctx, 0);
-    if (EVP_CIPHER_asn1_to_param(&kekctx, kekalg->parameter) < 0) {
-        CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
-               CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
-        goto err;
-    }
-
-    algtmp = pwri->keyDerivationAlgorithm;
-
-    /* Finish password based key derivation to setup key in "ctx" */
-
-    if (EVP_PBE_CipherInit(algtmp->algorithm,
-                           (char *)pwri->pass, pwri->passlen,
-                           algtmp->parameter, &kekctx, en_de) < 0) {
-        CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_EVP_LIB);
-        goto err;
-    }
-
-    /* Finally wrap/unwrap the key */
-
-    if (en_de) {
-
-        if (!kek_wrap_key(NULL, &keylen, ec->key, ec->keylen, &kekctx))
-            goto err;
-
-        key = OPENSSL_malloc(keylen);
-
-        if (!key)
-            goto err;
-
-        if (!kek_wrap_key(key, &keylen, ec->key, ec->keylen, &kekctx))
-            goto err;
-        pwri->encryptedKey->data = key;
-        pwri->encryptedKey->length = keylen;
-    } else {
-        key = OPENSSL_malloc(pwri->encryptedKey->length);
-
-        if (!key) {
-            CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-        if (!kek_unwrap_key(key, &keylen,
-                            pwri->encryptedKey->data,
-                            pwri->encryptedKey->length, &kekctx)) {
-            CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNWRAP_FAILURE);
-            goto err;
-        }
-
-        ec->key = key;
-        ec->keylen = keylen;
-
-    }
-
-    r = 1;
-
- err:
-
-    EVP_CIPHER_CTX_cleanup(&kekctx);
-
-    if (!r && key)
-        OPENSSL_free(key);
-    X509_ALGOR_free(kekalg);
-
-    return r;
-
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/cms/cms_pwri.c (from rev 11605, vendor-crypto/openssl/dist/crypto/cms/cms_pwri.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/cms/cms_pwri.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/cms/cms_pwri.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,435 @@
+/* crypto/cms/cms_pwri.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2009 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include <openssl/rand.h>
+#include <openssl/aes.h>
+#include "cms_lcl.h"
+#include "asn1_locl.h"
+
+int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
+                                    unsigned char *pass, ossl_ssize_t passlen)
+{
+    CMS_PasswordRecipientInfo *pwri;
+    if (ri->type != CMS_RECIPINFO_PASS) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD, CMS_R_NOT_PWRI);
+        return 0;
+    }
+
+    pwri = ri->d.pwri;
+    pwri->pass = pass;
+    if (pass && passlen < 0)
+        passlen = strlen((char *)pass);
+    pwri->passlen = passlen;
+    return 1;
+}
+
+CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
+                                               int iter, int wrap_nid,
+                                               int pbe_nid,
+                                               unsigned char *pass,
+                                               ossl_ssize_t passlen,
+                                               const EVP_CIPHER *kekciph)
+{
+    CMS_RecipientInfo *ri = NULL;
+    CMS_EnvelopedData *env;
+    CMS_PasswordRecipientInfo *pwri;
+    EVP_CIPHER_CTX ctx;
+    X509_ALGOR *encalg = NULL;
+    unsigned char iv[EVP_MAX_IV_LENGTH];
+    int ivlen;
+
+    env = cms_get0_enveloped(cms);
+    if (!env)
+        return NULL;
+
+    if (wrap_nid <= 0)
+        wrap_nid = NID_id_alg_PWRI_KEK;
+
+    if (pbe_nid <= 0)
+        pbe_nid = NID_id_pbkdf2;
+
+    /* Get from enveloped data */
+    if (kekciph == NULL)
+        kekciph = env->encryptedContentInfo->cipher;
+
+    if (kekciph == NULL) {
+        CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, CMS_R_NO_CIPHER);
+        return NULL;
+    }
+    if (wrap_nid != NID_id_alg_PWRI_KEK) {
+        CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
+               CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
+        return NULL;
+    }
+
+    /* Setup algorithm identifier for cipher */
+    encalg = X509_ALGOR_new();
+    if (encalg == NULL) {
+        goto merr;
+    }
+    EVP_CIPHER_CTX_init(&ctx);
+
+    if (EVP_EncryptInit_ex(&ctx, kekciph, NULL, NULL, NULL) <= 0) {
+        CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB);
+        goto err;
+    }
+
+    ivlen = EVP_CIPHER_CTX_iv_length(&ctx);
+
+    if (ivlen > 0) {
+        if (RAND_bytes(iv, ivlen) <= 0)
+            goto err;
+        if (EVP_EncryptInit_ex(&ctx, NULL, NULL, NULL, iv) <= 0) {
+            CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB);
+            goto err;
+        }
+        encalg->parameter = ASN1_TYPE_new();
+        if (!encalg->parameter) {
+            CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (EVP_CIPHER_param_to_asn1(&ctx, encalg->parameter) <= 0) {
+            CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
+                   CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
+            goto err;
+        }
+    }
+
+    encalg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(&ctx));
+
+    EVP_CIPHER_CTX_cleanup(&ctx);
+
+    /* Initialize recipient info */
+    ri = M_ASN1_new_of(CMS_RecipientInfo);
+    if (!ri)
+        goto merr;
+
+    ri->d.pwri = M_ASN1_new_of(CMS_PasswordRecipientInfo);
+    if (!ri->d.pwri)
+        goto merr;
+    ri->type = CMS_RECIPINFO_PASS;
+
+    pwri = ri->d.pwri;
+    /* Since this is overwritten, free up empty structure already there */
+    X509_ALGOR_free(pwri->keyEncryptionAlgorithm);
+    pwri->keyEncryptionAlgorithm = X509_ALGOR_new();
+    if (!pwri->keyEncryptionAlgorithm)
+        goto merr;
+    pwri->keyEncryptionAlgorithm->algorithm = OBJ_nid2obj(wrap_nid);
+    pwri->keyEncryptionAlgorithm->parameter = ASN1_TYPE_new();
+    if (!pwri->keyEncryptionAlgorithm->parameter)
+        goto merr;
+
+    if (!ASN1_item_pack(encalg, ASN1_ITEM_rptr(X509_ALGOR),
+                        &pwri->keyEncryptionAlgorithm->parameter->
+                        value.sequence))
+         goto merr;
+    pwri->keyEncryptionAlgorithm->parameter->type = V_ASN1_SEQUENCE;
+
+    X509_ALGOR_free(encalg);
+    encalg = NULL;
+
+    /* Setup PBE algorithm */
+
+    pwri->keyDerivationAlgorithm = PKCS5_pbkdf2_set(iter, NULL, 0, -1, -1);
+
+    if (!pwri->keyDerivationAlgorithm)
+        goto err;
+
+    CMS_RecipientInfo_set0_password(ri, pass, passlen);
+    pwri->version = 0;
+
+    if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
+        goto merr;
+
+    return ri;
+
+ merr:
+    CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_MALLOC_FAILURE);
+ err:
+    EVP_CIPHER_CTX_cleanup(&ctx);
+    if (ri)
+        M_ASN1_free_of(ri, CMS_RecipientInfo);
+    if (encalg)
+        X509_ALGOR_free(encalg);
+    return NULL;
+
+}
+
+/*
+ * This is an implementation of the key wrapping mechanism in RFC3211, at
+ * some point this should go into EVP.
+ */
+
+static int kek_unwrap_key(unsigned char *out, size_t *outlen,
+                          const unsigned char *in, size_t inlen,
+                          EVP_CIPHER_CTX *ctx)
+{
+    size_t blocklen = EVP_CIPHER_CTX_block_size(ctx);
+    unsigned char *tmp;
+    int outl, rv = 0;
+    if (inlen < 2 * blocklen) {
+        /* too small */
+        return 0;
+    }
+    if (inlen % blocklen) {
+        /* Invalid size */
+        return 0;
+    }
+    tmp = OPENSSL_malloc(inlen);
+    if (!tmp)
+        return 0;
+    /* setup IV by decrypting last two blocks */
+    EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl,
+                      in + inlen - 2 * blocklen, blocklen * 2);
+    /*
+     * Do a decrypt of last decrypted block to set IV to correct value output
+     * it to start of buffer so we don't corrupt decrypted block this works
+     * because buffer is at least two block lengths long.
+     */
+    EVP_DecryptUpdate(ctx, tmp, &outl, tmp + inlen - blocklen, blocklen);
+    /* Can now decrypt first n - 1 blocks */
+    EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen);
+
+    /* Reset IV to original value */
+    EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL);
+    /* Decrypt again */
+    EVP_DecryptUpdate(ctx, tmp, &outl, tmp, inlen);
+    /* Check check bytes */
+    if (((tmp[1] ^ tmp[4]) & (tmp[2] ^ tmp[5]) & (tmp[3] ^ tmp[6])) != 0xff) {
+        /* Check byte failure */
+        goto err;
+    }
+    if (inlen < (size_t)(tmp[0] - 4)) {
+        /* Invalid length value */
+        goto err;
+    }
+    *outlen = (size_t)tmp[0];
+    memcpy(out, tmp + 4, *outlen);
+    rv = 1;
+ err:
+    OPENSSL_cleanse(tmp, inlen);
+    OPENSSL_free(tmp);
+    return rv;
+
+}
+
+static int kek_wrap_key(unsigned char *out, size_t *outlen,
+                        const unsigned char *in, size_t inlen,
+                        EVP_CIPHER_CTX *ctx)
+{
+    size_t blocklen = EVP_CIPHER_CTX_block_size(ctx);
+    size_t olen;
+    int dummy;
+    /*
+     * First decide length of output buffer: need header and round up to
+     * multiple of block length.
+     */
+    olen = (inlen + 4 + blocklen - 1) / blocklen;
+    olen *= blocklen;
+    if (olen < 2 * blocklen) {
+        /* Key too small */
+        return 0;
+    }
+    if (inlen > 0xFF) {
+        /* Key too large */
+        return 0;
+    }
+    if (out) {
+        /* Set header */
+        out[0] = (unsigned char)inlen;
+        out[1] = in[0] ^ 0xFF;
+        out[2] = in[1] ^ 0xFF;
+        out[3] = in[2] ^ 0xFF;
+        memcpy(out + 4, in, inlen);
+        /* Add random padding to end */
+        if (olen > inlen + 4
+            && RAND_bytes(out + 4 + inlen, olen - 4 - inlen) <= 0)
+            return 0;
+        /* Encrypt twice */
+        EVP_EncryptUpdate(ctx, out, &dummy, out, olen);
+        EVP_EncryptUpdate(ctx, out, &dummy, out, olen);
+    }
+
+    *outlen = olen;
+
+    return 1;
+}
+
+/* Encrypt/Decrypt content key in PWRI recipient info */
+
+int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
+                                 int en_de)
+{
+    CMS_EncryptedContentInfo *ec;
+    CMS_PasswordRecipientInfo *pwri;
+    const unsigned char *p = NULL;
+    int plen;
+    int r = 0;
+    X509_ALGOR *algtmp, *kekalg = NULL;
+    EVP_CIPHER_CTX kekctx;
+    const EVP_CIPHER *kekcipher;
+    unsigned char *key = NULL;
+    size_t keylen;
+
+    ec = cms->d.envelopedData->encryptedContentInfo;
+
+    pwri = ri->d.pwri;
+    EVP_CIPHER_CTX_init(&kekctx);
+
+    if (!pwri->pass) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_NO_PASSWORD);
+        return 0;
+    }
+    algtmp = pwri->keyEncryptionAlgorithm;
+
+    if (!algtmp || OBJ_obj2nid(algtmp->algorithm) != NID_id_alg_PWRI_KEK) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
+               CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
+        return 0;
+    }
+
+    if (algtmp->parameter->type == V_ASN1_SEQUENCE) {
+        p = algtmp->parameter->value.sequence->data;
+        plen = algtmp->parameter->value.sequence->length;
+        kekalg = d2i_X509_ALGOR(NULL, &p, plen);
+    }
+    if (kekalg == NULL) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
+               CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER);
+        return 0;
+    }
+
+    kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);
+
+    if (!kekcipher) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNKNOWN_CIPHER);
+        goto err;
+    }
+
+    /* Fixup cipher based on AlgorithmIdentifier to set IV etc */
+    if (!EVP_CipherInit_ex(&kekctx, kekcipher, NULL, NULL, NULL, en_de))
+        goto err;
+    EVP_CIPHER_CTX_set_padding(&kekctx, 0);
+    if (EVP_CIPHER_asn1_to_param(&kekctx, kekalg->parameter) < 0) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
+               CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
+        goto err;
+    }
+
+    algtmp = pwri->keyDerivationAlgorithm;
+
+    /* Finish password based key derivation to setup key in "ctx" */
+
+    if (EVP_PBE_CipherInit(algtmp->algorithm,
+                           (char *)pwri->pass, pwri->passlen,
+                           algtmp->parameter, &kekctx, en_de) < 0) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_EVP_LIB);
+        goto err;
+    }
+
+    /* Finally wrap/unwrap the key */
+
+    if (en_de) {
+
+        if (!kek_wrap_key(NULL, &keylen, ec->key, ec->keylen, &kekctx))
+            goto err;
+
+        key = OPENSSL_malloc(keylen);
+
+        if (!key)
+            goto err;
+
+        if (!kek_wrap_key(key, &keylen, ec->key, ec->keylen, &kekctx))
+            goto err;
+        pwri->encryptedKey->data = key;
+        pwri->encryptedKey->length = keylen;
+    } else {
+        key = OPENSSL_malloc(pwri->encryptedKey->length);
+
+        if (!key) {
+            CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (!kek_unwrap_key(key, &keylen,
+                            pwri->encryptedKey->data,
+                            pwri->encryptedKey->length, &kekctx)) {
+            CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNWRAP_FAILURE);
+            goto err;
+        }
+
+        ec->key = key;
+        ec->keylen = keylen;
+
+    }
+
+    r = 1;
+
+ err:
+
+    EVP_CIPHER_CTX_cleanup(&kekctx);
+
+    if (!r && key)
+        OPENSSL_free(key);
+    X509_ALGOR_free(kekalg);
+
+    return r;
+
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/comp/comp.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/comp/comp.h	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/comp/comp.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,79 +0,0 @@
-
-#ifndef HEADER_COMP_H
-# define HEADER_COMP_H
-
-# include <openssl/crypto.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct comp_ctx_st COMP_CTX;
-
-typedef struct comp_method_st {
-    int type;                   /* NID for compression library */
-    const char *name;           /* A text string to identify the library */
-    int (*init) (COMP_CTX *ctx);
-    void (*finish) (COMP_CTX *ctx);
-    int (*compress) (COMP_CTX *ctx,
-                     unsigned char *out, unsigned int olen,
-                     unsigned char *in, unsigned int ilen);
-    int (*expand) (COMP_CTX *ctx,
-                   unsigned char *out, unsigned int olen,
-                   unsigned char *in, unsigned int ilen);
-    /*
-     * The following two do NOTHING, but are kept for backward compatibility
-     */
-    long (*ctrl) (void);
-    long (*callback_ctrl) (void);
-} COMP_METHOD;
-
-struct comp_ctx_st {
-    COMP_METHOD *meth;
-    unsigned long compress_in;
-    unsigned long compress_out;
-    unsigned long expand_in;
-    unsigned long expand_out;
-    CRYPTO_EX_DATA ex_data;
-};
-
-COMP_CTX *COMP_CTX_new(COMP_METHOD *meth);
-void COMP_CTX_free(COMP_CTX *ctx);
-int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,
-                        unsigned char *in, int ilen);
-int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
-                      unsigned char *in, int ilen);
-COMP_METHOD *COMP_rle(void);
-COMP_METHOD *COMP_zlib(void);
-void COMP_zlib_cleanup(void);
-
-# ifdef HEADER_BIO_H
-#  ifdef ZLIB
-BIO_METHOD *BIO_f_zlib(void);
-#  endif
-# endif
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_COMP_strings(void);
-
-/* Error codes for the COMP functions. */
-
-/* Function codes. */
-# define COMP_F_BIO_ZLIB_FLUSH                            99
-# define COMP_F_BIO_ZLIB_NEW                              100
-# define COMP_F_BIO_ZLIB_READ                             101
-# define COMP_F_BIO_ZLIB_WRITE                            102
-
-/* Reason codes. */
-# define COMP_R_ZLIB_DEFLATE_ERROR                        99
-# define COMP_R_ZLIB_INFLATE_ERROR                        100
-# define COMP_R_ZLIB_NOT_SUPPORTED                        101
-
-#ifdef  __cplusplus
-}
-#endif
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/comp/comp.h (from rev 11605, vendor-crypto/openssl/dist/crypto/comp/comp.h)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/comp/comp.h	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/comp/comp.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,83 @@
+
+#ifndef HEADER_COMP_H
+# define HEADER_COMP_H
+
+# include <openssl/crypto.h>
+
+# ifdef OPENSSL_NO_COMP
+#  error COMP is disabled.
+# endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct comp_ctx_st COMP_CTX;
+
+typedef struct comp_method_st {
+    int type;                   /* NID for compression library */
+    const char *name;           /* A text string to identify the library */
+    int (*init) (COMP_CTX *ctx);
+    void (*finish) (COMP_CTX *ctx);
+    int (*compress) (COMP_CTX *ctx,
+                     unsigned char *out, unsigned int olen,
+                     unsigned char *in, unsigned int ilen);
+    int (*expand) (COMP_CTX *ctx,
+                   unsigned char *out, unsigned int olen,
+                   unsigned char *in, unsigned int ilen);
+    /*
+     * The following two do NOTHING, but are kept for backward compatibility
+     */
+    long (*ctrl) (void);
+    long (*callback_ctrl) (void);
+} COMP_METHOD;
+
+struct comp_ctx_st {
+    COMP_METHOD *meth;
+    unsigned long compress_in;
+    unsigned long compress_out;
+    unsigned long expand_in;
+    unsigned long expand_out;
+    CRYPTO_EX_DATA ex_data;
+};
+
+COMP_CTX *COMP_CTX_new(COMP_METHOD *meth);
+void COMP_CTX_free(COMP_CTX *ctx);
+int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,
+                        unsigned char *in, int ilen);
+int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
+                      unsigned char *in, int ilen);
+COMP_METHOD *COMP_rle(void);
+COMP_METHOD *COMP_zlib(void);
+void COMP_zlib_cleanup(void);
+
+# ifdef HEADER_BIO_H
+#  ifdef ZLIB
+BIO_METHOD *BIO_f_zlib(void);
+#  endif
+# endif
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_COMP_strings(void);
+
+/* Error codes for the COMP functions. */
+
+/* Function codes. */
+# define COMP_F_BIO_ZLIB_FLUSH                            99
+# define COMP_F_BIO_ZLIB_NEW                              100
+# define COMP_F_BIO_ZLIB_READ                             101
+# define COMP_F_BIO_ZLIB_WRITE                            102
+
+/* Reason codes. */
+# define COMP_R_ZLIB_DEFLATE_ERROR                        99
+# define COMP_R_ZLIB_INFLATE_ERROR                        100
+# define COMP_R_ZLIB_NOT_SUPPORTED                        101
+
+#ifdef  __cplusplus
+}
+#endif
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/des/des.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/des.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/des/des.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,868 +0,0 @@
-/* crypto/des/des.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/opensslconf.h>
-#ifndef OPENSSL_SYS_MSDOS
-# ifndef OPENSSL_SYS_VMS
-#  include OPENSSL_UNISTD
-# else                          /* OPENSSL_SYS_VMS */
-#  ifdef __DECC
-#   include <unistd.h>
-#  else                         /* not __DECC */
-#   include <math.h>
-#  endif                        /* __DECC */
-# endif                         /* OPENSSL_SYS_VMS */
-#else                           /* OPENSSL_SYS_MSDOS */
-# include <io.h>
-#endif
-
-#include <time.h>
-#include "des_ver.h"
-
-#ifdef OPENSSL_SYS_VMS
-# include <types.h>
-# include <stat.h>
-#else
-# ifndef _IRIX
-#  include <sys/types.h>
-# endif
-# include <sys/stat.h>
-#endif
-#include <openssl/des.h>
-#include <openssl/rand.h>
-#include <openssl/ui_compat.h>
-
-void usage(void);
-void doencryption(void);
-int uufwrite(unsigned char *data, int size, unsigned int num, FILE *fp);
-void uufwriteEnd(FILE *fp);
-int uufread(unsigned char *out, int size, unsigned int num, FILE *fp);
-int uuencode(unsigned char *in, int num, unsigned char *out);
-int uudecode(unsigned char *in, int num, unsigned char *out);
-void DES_3cbc_encrypt(DES_cblock *input, DES_cblock *output, long length,
-                      DES_key_schedule sk1, DES_key_schedule sk2,
-                      DES_cblock *ivec1, DES_cblock *ivec2, int enc);
-#ifdef OPENSSL_SYS_VMS
-# define EXIT(a) exit(a&0x10000000L)
-#else
-# define EXIT(a) exit(a)
-#endif
-
-#define BUFSIZE (8*1024)
-#define VERIFY  1
-#define KEYSIZ  8
-#define KEYSIZB 1024            /* should hit tty line limit first :-) */
-char key[KEYSIZB + 1];
-int do_encrypt, longk = 0;
-FILE *DES_IN, *DES_OUT, *CKSUM_OUT;
-char uuname[200];
-unsigned char uubuf[50];
-int uubufnum = 0;
-#define INUUBUFN        (45*100)
-#define OUTUUBUF        (65*100)
-unsigned char b[OUTUUBUF];
-unsigned char bb[300];
-DES_cblock cksum = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
-
-char cksumname[200] = "";
-
-int vflag, cflag, eflag, dflag, kflag, bflag, fflag, sflag, uflag, flag3,
-    hflag, error;
-
-int main(int argc, char **argv)
-{
-    int i;
-    struct stat ins, outs;
-    char *p;
-    char *in = NULL, *out = NULL;
-
-    vflag = cflag = eflag = dflag = kflag = hflag = bflag = fflag = sflag =
-        uflag = flag3 = 0;
-    error = 0;
-    memset(key, 0, sizeof(key));
-
-    for (i = 1; i < argc; i++) {
-        p = argv[i];
-        if ((p[0] == '-') && (p[1] != '\0')) {
-            p++;
-            while (*p) {
-                switch (*(p++)) {
-                case '3':
-                    flag3 = 1;
-                    longk = 1;
-                    break;
-                case 'c':
-                    cflag = 1;
-                    strncpy(cksumname, p, 200);
-                    cksumname[sizeof(cksumname) - 1] = '\0';
-                    p += strlen(cksumname);
-                    break;
-                case 'C':
-                    cflag = 1;
-                    longk = 1;
-                    strncpy(cksumname, p, 200);
-                    cksumname[sizeof(cksumname) - 1] = '\0';
-                    p += strlen(cksumname);
-                    break;
-                case 'e':
-                    eflag = 1;
-                    break;
-                case 'v':
-                    vflag = 1;
-                    break;
-                case 'E':
-                    eflag = 1;
-                    longk = 1;
-                    break;
-                case 'd':
-                    dflag = 1;
-                    break;
-                case 'D':
-                    dflag = 1;
-                    longk = 1;
-                    break;
-                case 'b':
-                    bflag = 1;
-                    break;
-                case 'f':
-                    fflag = 1;
-                    break;
-                case 's':
-                    sflag = 1;
-                    break;
-                case 'u':
-                    uflag = 1;
-                    strncpy(uuname, p, 200);
-                    uuname[sizeof(uuname) - 1] = '\0';
-                    p += strlen(uuname);
-                    break;
-                case 'h':
-                    hflag = 1;
-                    break;
-                case 'k':
-                    kflag = 1;
-                    if ((i + 1) == argc) {
-                        fputs("must have a key with the -k option\n", stderr);
-                        error = 1;
-                    } else {
-                        int j;
-
-                        i++;
-                        strncpy(key, argv[i], KEYSIZB);
-                        for (j = strlen(argv[i]) - 1; j >= 0; j--)
-                            argv[i][j] = '\0';
-                    }
-                    break;
-                default:
-                    fprintf(stderr, "'%c' unknown flag\n", p[-1]);
-                    error = 1;
-                    break;
-                }
-            }
-        } else {
-            if (in == NULL)
-                in = argv[i];
-            else if (out == NULL)
-                out = argv[i];
-            else
-                error = 1;
-        }
-    }
-    if (error)
-        usage();
-    /*-
-     * We either
-     * do checksum or
-     * do encrypt or
-     * do decrypt or
-     * do decrypt then ckecksum or
-     * do checksum then encrypt
-     */
-    if (((eflag + dflag) == 1) || cflag) {
-        if (eflag)
-            do_encrypt = DES_ENCRYPT;
-        if (dflag)
-            do_encrypt = DES_DECRYPT;
-    } else {
-        if (vflag) {
-#ifndef _Windows
-            fprintf(stderr, "des(1) built with %s\n", libdes_version);
-#endif
-            EXIT(1);
-        } else
-            usage();
-    }
-
-#ifndef _Windows
-    if (vflag)
-        fprintf(stderr, "des(1) built with %s\n", libdes_version);
-#endif
-    if ((in != NULL) && (out != NULL) &&
-#ifndef OPENSSL_SYS_MSDOS
-        (stat(in, &ins) != -1) &&
-        (stat(out, &outs) != -1) &&
-        (ins.st_dev == outs.st_dev) && (ins.st_ino == outs.st_ino))
-#else                           /* OPENSSL_SYS_MSDOS */
-        (strcmp(in, out) == 0))
-#endif
-    {
-        fputs("input and output file are the same\n", stderr);
-        EXIT(3);
-    }
-
-    if (!kflag)
-        if (des_read_pw_string
-            (key, KEYSIZB + 1, "Enter key:", eflag ? VERIFY : 0)) {
-            fputs("password error\n", stderr);
-            EXIT(2);
-        }
-
-    if (in == NULL)
-        DES_IN = stdin;
-    else if ((DES_IN = fopen(in, "r")) == NULL) {
-        perror("opening input file");
-        EXIT(4);
-    }
-
-    CKSUM_OUT = stdout;
-    if (out == NULL) {
-        DES_OUT = stdout;
-        CKSUM_OUT = stderr;
-    } else if ((DES_OUT = fopen(out, "w")) == NULL) {
-        perror("opening output file");
-        EXIT(5);
-    }
-#ifdef OPENSSL_SYS_MSDOS
-    /* This should set the file to binary mode. */
-    {
-# include <fcntl.h>
-        if (!(uflag && dflag))
-            setmode(fileno(DES_IN), O_BINARY);
-        if (!(uflag && eflag))
-            setmode(fileno(DES_OUT), O_BINARY);
-    }
-#endif
-
-    doencryption();
-    fclose(DES_IN);
-    fclose(DES_OUT);
-    EXIT(0);
-}
-
-void usage(void)
-{
-    char **u;
-    static const char *Usage[] = {
-        "des <options> [input-file [output-file]]",
-        "options:",
-        "-v         : des(1) version number",
-        "-e         : encrypt using SunOS compatible user key to DES key conversion.",
-        "-E         : encrypt ",
-        "-d         : decrypt using SunOS compatible user key to DES key conversion.",
-        "-D         : decrypt ",
-        "-c[ckname] : generate a cbc_cksum using SunOS compatible user key to",
-        "             DES key conversion and output to ckname (stdout default,",
-        "             stderr if data being output on stdout).  The checksum is",
-        "             generated before encryption and after decryption if used",
-        "             in conjunction with -[eEdD].",
-        "-C[ckname] : generate a cbc_cksum as for -c but compatible with -[ED].",
-        "-k key     : use key 'key'",
-        "-h         : the key that is entered will be a hexadecimal number",
-        "             that is used directly as the des key",
-        "-u[uuname] : input file is uudecoded if -[dD] or output uuencoded data if -[eE]",
-        "             (uuname is the filename to put in the uuencode header).",
-        "-b         : encrypt using DES in ecb encryption mode, the default is cbc mode.",
-        "-3         : encrypt using triple DES encryption.  This uses 2 keys",
-        "             generated from the input key.  If the input key is less",
-        "             than 8 characters long, this is equivalent to normal",
-        "             encryption.  Default is triple cbc, -b makes it triple ecb.",
-        NULL
-    };
-    for (u = (char **)Usage; *u; u++) {
-        fputs(*u, stderr);
-        fputc('\n', stderr);
-    }
-
-    EXIT(1);
-}
-
-void doencryption(void)
-{
-#ifdef _LIBC
-    extern unsigned long time();
-#endif
-
-    register int i;
-    DES_key_schedule ks, ks2;
-    DES_cblock iv, iv2;
-    char *p;
-    int num = 0, j, k, l, rem, ll, len, last, ex = 0;
-    DES_cblock kk, k2;
-    FILE *O;
-    int Exit = 0;
-#ifndef OPENSSL_SYS_MSDOS
-    static unsigned char buf[BUFSIZE + 8], obuf[BUFSIZE + 8];
-#else
-    static unsigned char *buf = NULL, *obuf = NULL;
-
-    if (buf == NULL) {
-        if (((buf = OPENSSL_malloc(BUFSIZE + 8)) == NULL) ||
-            ((obuf = OPENSSL_malloc(BUFSIZE + 8)) == NULL)) {
-            fputs("Not enough memory\n", stderr);
-            Exit = 10;
-            goto problems;
-        }
-    }
-#endif
-
-    if (hflag) {
-        j = (flag3 ? 16 : 8);
-        p = key;
-        for (i = 0; i < j; i++) {
-            k = 0;
-            if ((*p <= '9') && (*p >= '0'))
-                k = (*p - '0') << 4;
-            else if ((*p <= 'f') && (*p >= 'a'))
-                k = (*p - 'a' + 10) << 4;
-            else if ((*p <= 'F') && (*p >= 'A'))
-                k = (*p - 'A' + 10) << 4;
-            else {
-                fputs("Bad hex key\n", stderr);
-                Exit = 9;
-                goto problems;
-            }
-            p++;
-            if ((*p <= '9') && (*p >= '0'))
-                k |= (*p - '0');
-            else if ((*p <= 'f') && (*p >= 'a'))
-                k |= (*p - 'a' + 10);
-            else if ((*p <= 'F') && (*p >= 'A'))
-                k |= (*p - 'A' + 10);
-            else {
-                fputs("Bad hex key\n", stderr);
-                Exit = 9;
-                goto problems;
-            }
-            p++;
-            if (i < 8)
-                kk[i] = k;
-            else
-                k2[i - 8] = k;
-        }
-        DES_set_key_unchecked(&k2, &ks2);
-        OPENSSL_cleanse(k2, sizeof(k2));
-    } else if (longk || flag3) {
-        if (flag3) {
-            DES_string_to_2keys(key, &kk, &k2);
-            DES_set_key_unchecked(&k2, &ks2);
-            OPENSSL_cleanse(k2, sizeof(k2));
-        } else
-            DES_string_to_key(key, &kk);
-    } else
-        for (i = 0; i < KEYSIZ; i++) {
-            l = 0;
-            k = key[i];
-            for (j = 0; j < 8; j++) {
-                if (k & 1)
-                    l++;
-                k >>= 1;
-            }
-            if (l & 1)
-                kk[i] = key[i] & 0x7f;
-            else
-                kk[i] = key[i] | 0x80;
-        }
-
-    DES_set_key_unchecked(&kk, &ks);
-    OPENSSL_cleanse(key, sizeof(key));
-    OPENSSL_cleanse(kk, sizeof(kk));
-    /* woops - A bug that does not showup under unix :-( */
-    memset(iv, 0, sizeof(iv));
-    memset(iv2, 0, sizeof(iv2));
-
-    l = 1;
-    rem = 0;
-    /* first read */
-    if (eflag || (!dflag && cflag)) {
-        for (;;) {
-            num = l = fread(&(buf[rem]), 1, BUFSIZE, DES_IN);
-            l += rem;
-            num += rem;
-            if (l < 0) {
-                perror("read error");
-                Exit = 6;
-                goto problems;
-            }
-
-            rem = l % 8;
-            len = l - rem;
-            if (feof(DES_IN)) {
-                for (i = 7 - rem; i > 0; i--) {
-                    if (RAND_pseudo_bytes(buf + l++, 1) < 0)
-                        goto problems;
-                }
-                buf[l++] = rem;
-                ex = 1;
-                len += rem;
-            } else
-                l -= rem;
-
-            if (cflag) {
-                DES_cbc_cksum(buf, &cksum, (long)len, &ks, &cksum);
-                if (!eflag) {
-                    if (feof(DES_IN))
-                        break;
-                    else
-                        continue;
-                }
-            }
-
-            if (bflag && !flag3)
-                for (i = 0; i < l; i += 8)
-                    DES_ecb_encrypt((DES_cblock *)&(buf[i]),
-                                    (DES_cblock *)&(obuf[i]),
-                                    &ks, do_encrypt);
-            else if (flag3 && bflag)
-                for (i = 0; i < l; i += 8)
-                    DES_ecb2_encrypt((DES_cblock *)&(buf[i]),
-                                     (DES_cblock *)&(obuf[i]),
-                                     &ks, &ks2, do_encrypt);
-            else if (flag3 && !bflag) {
-                char tmpbuf[8];
-
-                if (rem)
-                    memcpy(tmpbuf, &(buf[l]), (unsigned int)rem);
-                DES_3cbc_encrypt((DES_cblock *)buf, (DES_cblock *)obuf,
-                                 (long)l, ks, ks2, &iv, &iv2, do_encrypt);
-                if (rem)
-                    memcpy(&(buf[l]), tmpbuf, (unsigned int)rem);
-            } else {
-                DES_cbc_encrypt(buf, obuf, (long)l, &ks, &iv, do_encrypt);
-                if (l >= 8)
-                    memcpy(iv, &(obuf[l - 8]), 8);
-            }
-            if (rem)
-                memcpy(buf, &(buf[l]), (unsigned int)rem);
-
-            i = 0;
-            while (i < l) {
-                if (uflag)
-                    j = uufwrite(obuf, 1, (unsigned int)l - i, DES_OUT);
-                else
-                    j = fwrite(obuf, 1, (unsigned int)l - i, DES_OUT);
-                if (j == -1) {
-                    perror("Write error");
-                    Exit = 7;
-                    goto problems;
-                }
-                i += j;
-            }
-            if (feof(DES_IN)) {
-                if (uflag)
-                    uufwriteEnd(DES_OUT);
-                break;
-            }
-        }
-    } else {                    /* decrypt */
-
-        ex = 1;
-        for (;;) {
-            if (ex) {
-                if (uflag)
-                    l = uufread(buf, 1, BUFSIZE, DES_IN);
-                else
-                    l = fread(buf, 1, BUFSIZE, DES_IN);
-                ex = 0;
-                rem = l % 8;
-                l -= rem;
-            }
-            if (l < 0) {
-                perror("read error");
-                Exit = 6;
-                goto problems;
-            }
-
-            if (bflag && !flag3)
-                for (i = 0; i < l; i += 8)
-                    DES_ecb_encrypt((DES_cblock *)&(buf[i]),
-                                    (DES_cblock *)&(obuf[i]),
-                                    &ks, do_encrypt);
-            else if (flag3 && bflag)
-                for (i = 0; i < l; i += 8)
-                    DES_ecb2_encrypt((DES_cblock *)&(buf[i]),
-                                     (DES_cblock *)&(obuf[i]),
-                                     &ks, &ks2, do_encrypt);
-            else if (flag3 && !bflag) {
-                DES_3cbc_encrypt((DES_cblock *)buf, (DES_cblock *)obuf,
-                                 (long)l, ks, ks2, &iv, &iv2, do_encrypt);
-            } else {
-                DES_cbc_encrypt(buf, obuf, (long)l, &ks, &iv, do_encrypt);
-                if (l >= 8)
-                    memcpy(iv, &(buf[l - 8]), 8);
-            }
-
-            if (uflag)
-                ll = uufread(&(buf[rem]), 1, BUFSIZE, DES_IN);
-            else
-                ll = fread(&(buf[rem]), 1, BUFSIZE, DES_IN);
-            ll += rem;
-            rem = ll % 8;
-            ll -= rem;
-            if (feof(DES_IN) && (ll == 0)) {
-                last = obuf[l - 1];
-
-                if ((last > 7) || (last < 0)) {
-                    fputs("The file was not decrypted correctly.\n", stderr);
-                    Exit = 8;
-                    last = 0;
-                }
-                l = l - 8 + last;
-            }
-            i = 0;
-            if (cflag)
-                DES_cbc_cksum(obuf,
-                              (DES_cblock *)cksum, (long)l / 8 * 8, &ks,
-                              (DES_cblock *)cksum);
-            while (i != l) {
-                j = fwrite(obuf, 1, (unsigned int)l - i, DES_OUT);
-                if (j == -1) {
-                    perror("Write error");
-                    Exit = 7;
-                    goto problems;
-                }
-                i += j;
-            }
-            l = ll;
-            if ((l == 0) && feof(DES_IN))
-                break;
-        }
-    }
-    if (cflag) {
-        l = 0;
-        if (cksumname[0] != '\0') {
-            if ((O = fopen(cksumname, "w")) != NULL) {
-                CKSUM_OUT = O;
-                l = 1;
-            }
-        }
-        for (i = 0; i < 8; i++)
-            fprintf(CKSUM_OUT, "%02X", cksum[i]);
-        fprintf(CKSUM_OUT, "\n");
-        if (l)
-            fclose(CKSUM_OUT);
-    }
- problems:
-    OPENSSL_cleanse(buf, sizeof(buf));
-    OPENSSL_cleanse(obuf, sizeof(obuf));
-    OPENSSL_cleanse(&ks, sizeof(ks));
-    OPENSSL_cleanse(&ks2, sizeof(ks2));
-    OPENSSL_cleanse(iv, sizeof(iv));
-    OPENSSL_cleanse(iv2, sizeof(iv2));
-    OPENSSL_cleanse(kk, sizeof(kk));
-    OPENSSL_cleanse(k2, sizeof(k2));
-    OPENSSL_cleanse(uubuf, sizeof(uubuf));
-    OPENSSL_cleanse(b, sizeof(b));
-    OPENSSL_cleanse(bb, sizeof(bb));
-    OPENSSL_cleanse(cksum, sizeof(cksum));
-    if (Exit)
-        EXIT(Exit);
-}
-
-/*    We ignore this parameter but it should be > ~50 I believe    */
-int uufwrite(unsigned char *data, int size, unsigned int num, FILE *fp)
-{
-    int i, j, left, rem, ret = num;
-    static int start = 1;
-
-    if (start) {
-        fprintf(fp, "begin 600 %s\n",
-                (uuname[0] == '\0') ? "text.d" : uuname);
-        start = 0;
-    }
-
-    if (uubufnum) {
-        if (uubufnum + num < 45) {
-            memcpy(&(uubuf[uubufnum]), data, (unsigned int)num);
-            uubufnum += num;
-            return (num);
-        } else {
-            i = 45 - uubufnum;
-            memcpy(&(uubuf[uubufnum]), data, (unsigned int)i);
-            j = uuencode((unsigned char *)uubuf, 45, b);
-            fwrite(b, 1, (unsigned int)j, fp);
-            uubufnum = 0;
-            data += i;
-            num -= i;
-        }
-    }
-
-    for (i = 0; i < (((int)num) - INUUBUFN); i += INUUBUFN) {
-        j = uuencode(&(data[i]), INUUBUFN, b);
-        fwrite(b, 1, (unsigned int)j, fp);
-    }
-    rem = (num - i) % 45;
-    left = (num - i - rem);
-    if (left) {
-        j = uuencode(&(data[i]), left, b);
-        fwrite(b, 1, (unsigned int)j, fp);
-        i += left;
-    }
-    if (i != num) {
-        memcpy(uubuf, &(data[i]), (unsigned int)rem);
-        uubufnum = rem;
-    }
-    return (ret);
-}
-
-void uufwriteEnd(FILE *fp)
-{
-    int j;
-    static const char *end = " \nend\n";
-
-    if (uubufnum != 0) {
-        uubuf[uubufnum] = '\0';
-        uubuf[uubufnum + 1] = '\0';
-        uubuf[uubufnum + 2] = '\0';
-        j = uuencode(uubuf, uubufnum, b);
-        fwrite(b, 1, (unsigned int)j, fp);
-    }
-    fwrite(end, 1, strlen(end), fp);
-}
-
-/*
- * int size: should always be > ~ 60; I actually ignore this parameter :-)
- */
-int uufread(unsigned char *out, int size, unsigned int num, FILE *fp)
-{
-    int i, j, tot;
-    static int done = 0;
-    static int valid = 0;
-    static int start = 1;
-
-    if (start) {
-        for (;;) {
-            b[0] = '\0';
-            fgets((char *)b, 300, fp);
-            if (b[0] == '\0') {
-                fprintf(stderr, "no 'begin' found in uuencoded input\n");
-                return (-1);
-            }
-            if (strncmp((char *)b, "begin ", 6) == 0)
-                break;
-        }
-        start = 0;
-    }
-    if (done)
-        return (0);
-    tot = 0;
-    if (valid) {
-        memcpy(out, bb, (unsigned int)valid);
-        tot = valid;
-        valid = 0;
-    }
-    for (;;) {
-        b[0] = '\0';
-        fgets((char *)b, 300, fp);
-        if (b[0] == '\0')
-            break;
-        i = strlen((char *)b);
-        if ((b[0] == 'e') && (b[1] == 'n') && (b[2] == 'd')) {
-            done = 1;
-            while (!feof(fp)) {
-                fgets((char *)b, 300, fp);
-            }
-            break;
-        }
-        i = uudecode(b, i, bb);
-        if (i < 0)
-            break;
-        if ((i + tot + 8) > num) {
-            /* num to copy to make it a multiple of 8 */
-            j = (num / 8 * 8) - tot - 8;
-            memcpy(&(out[tot]), bb, (unsigned int)j);
-            tot += j;
-            memcpy(bb, &(bb[j]), (unsigned int)i - j);
-            valid = i - j;
-            break;
-        }
-        memcpy(&(out[tot]), bb, (unsigned int)i);
-        tot += i;
-    }
-    return (tot);
-}
-
-#define ccc2l(c,l)      (l =((DES_LONG)(*((c)++)))<<16, \
-                         l|=((DES_LONG)(*((c)++)))<< 8, \
-                         l|=((DES_LONG)(*((c)++))))
-
-#define l2ccc(l,c)      (*((c)++)=(unsigned char)(((l)>>16)&0xff), \
-                    *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
-                    *((c)++)=(unsigned char)(((l)    )&0xff))
-
-int uuencode(unsigned char *in, int num, unsigned char *out)
-{
-    int j, i, n, tot = 0;
-    DES_LONG l;
-    register unsigned char *p;
-    p = out;
-
-    for (j = 0; j < num; j += 45) {
-        if (j + 45 > num)
-            i = (num - j);
-        else
-            i = 45;
-        *(p++) = i + ' ';
-        for (n = 0; n < i; n += 3) {
-            ccc2l(in, l);
-            *(p++) = ((l >> 18) & 0x3f) + ' ';
-            *(p++) = ((l >> 12) & 0x3f) + ' ';
-            *(p++) = ((l >> 6) & 0x3f) + ' ';
-            *(p++) = ((l) & 0x3f) + ' ';
-            tot += 4;
-        }
-        *(p++) = '\n';
-        tot += 2;
-    }
-    *p = '\0';
-    l = 0;
-    return (tot);
-}
-
-int uudecode(unsigned char *in, int num, unsigned char *out)
-{
-    int j, i, k;
-    unsigned int n = 0, space = 0;
-    DES_LONG l;
-    DES_LONG w, x, y, z;
-    unsigned int blank = (unsigned int)'\n' - ' ';
-
-    for (j = 0; j < num;) {
-        n = *(in++) - ' ';
-        if (n == blank) {
-            n = 0;
-            in--;
-        }
-        if (n > 60) {
-            fprintf(stderr, "uuencoded line length too long\n");
-            return (-1);
-        }
-        j++;
-
-        for (i = 0; i < n; j += 4, i += 3) {
-            /*
-             * the following is for cases where spaces are removed from
-             * lines.
-             */
-            if (space) {
-                w = x = y = z = 0;
-            } else {
-                w = *(in++) - ' ';
-                x = *(in++) - ' ';
-                y = *(in++) - ' ';
-                z = *(in++) - ' ';
-            }
-            if ((w > 63) || (x > 63) || (y > 63) || (z > 63)) {
-                k = 0;
-                if (w == blank)
-                    k = 1;
-                if (x == blank)
-                    k = 2;
-                if (y == blank)
-                    k = 3;
-                if (z == blank)
-                    k = 4;
-                space = 1;
-                switch (k) {
-                case 1:
-                    w = 0;
-                    in--;
-                case 2:
-                    x = 0;
-                    in--;
-                case 3:
-                    y = 0;
-                    in--;
-                case 4:
-                    z = 0;
-                    in--;
-                    break;
-                case 0:
-                    space = 0;
-                    fprintf(stderr, "bad uuencoded data values\n");
-                    w = x = y = z = 0;
-                    return (-1);
-                    break;
-                }
-            }
-            l = (w << 18) | (x << 12) | (y << 6) | (z);
-            l2ccc(l, out);
-        }
-        if (*(in++) != '\n') {
-            fprintf(stderr, "missing nl in uuencoded line\n");
-            w = x = y = z = 0;
-            return (-1);
-        }
-        j++;
-    }
-    *out = '\0';
-    w = x = y = z = 0;
-    return (n);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/des/des.c (from rev 11605, vendor-crypto/openssl/dist/crypto/des/des.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/des/des.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/des/des.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,868 @@
+/* crypto/des/des.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_SYS_MSDOS
+# ifndef OPENSSL_SYS_VMS
+#  include OPENSSL_UNISTD
+# else                          /* OPENSSL_SYS_VMS */
+#  ifdef __DECC
+#   include <unistd.h>
+#  else                         /* not __DECC */
+#   include <math.h>
+#  endif                        /* __DECC */
+# endif                         /* OPENSSL_SYS_VMS */
+#else                           /* OPENSSL_SYS_MSDOS */
+# include <io.h>
+#endif
+
+#include <time.h>
+#include "des_ver.h"
+
+#ifdef OPENSSL_SYS_VMS
+# include <types.h>
+# include <stat.h>
+#else
+# ifndef _IRIX
+#  include <sys/types.h>
+# endif
+# include <sys/stat.h>
+#endif
+#include <openssl/des.h>
+#include <openssl/rand.h>
+#include <openssl/ui_compat.h>
+
+void usage(void);
+void doencryption(void);
+int uufwrite(unsigned char *data, int size, unsigned int num, FILE *fp);
+void uufwriteEnd(FILE *fp);
+int uufread(unsigned char *out, int size, unsigned int num, FILE *fp);
+int uuencode(unsigned char *in, int num, unsigned char *out);
+int uudecode(unsigned char *in, int num, unsigned char *out);
+void DES_3cbc_encrypt(DES_cblock *input, DES_cblock *output, long length,
+                      DES_key_schedule sk1, DES_key_schedule sk2,
+                      DES_cblock *ivec1, DES_cblock *ivec2, int enc);
+#ifdef OPENSSL_SYS_VMS
+# define EXIT(a) exit(a&0x10000000L)
+#else
+# define EXIT(a) exit(a)
+#endif
+
+#define BUFSIZE (8*1024)
+#define VERIFY  1
+#define KEYSIZ  8
+#define KEYSIZB 1024            /* should hit tty line limit first :-) */
+char key[KEYSIZB + 1];
+int do_encrypt, longk = 0;
+FILE *DES_IN, *DES_OUT, *CKSUM_OUT;
+char uuname[200];
+unsigned char uubuf[50];
+int uubufnum = 0;
+#define INUUBUFN        (45*100)
+#define OUTUUBUF        (65*100)
+unsigned char b[OUTUUBUF];
+unsigned char bb[300];
+DES_cblock cksum = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+
+char cksumname[200] = "";
+
+int vflag, cflag, eflag, dflag, kflag, bflag, fflag, sflag, uflag, flag3,
+    hflag, error;
+
+int main(int argc, char **argv)
+{
+    int i;
+    struct stat ins, outs;
+    char *p;
+    char *in = NULL, *out = NULL;
+
+    vflag = cflag = eflag = dflag = kflag = hflag = bflag = fflag = sflag =
+        uflag = flag3 = 0;
+    error = 0;
+    memset(key, 0, sizeof(key));
+
+    for (i = 1; i < argc; i++) {
+        p = argv[i];
+        if ((p[0] == '-') && (p[1] != '\0')) {
+            p++;
+            while (*p) {
+                switch (*(p++)) {
+                case '3':
+                    flag3 = 1;
+                    longk = 1;
+                    break;
+                case 'c':
+                    cflag = 1;
+                    strncpy(cksumname, p, 200);
+                    cksumname[sizeof(cksumname) - 1] = '\0';
+                    p += strlen(cksumname);
+                    break;
+                case 'C':
+                    cflag = 1;
+                    longk = 1;
+                    strncpy(cksumname, p, 200);
+                    cksumname[sizeof(cksumname) - 1] = '\0';
+                    p += strlen(cksumname);
+                    break;
+                case 'e':
+                    eflag = 1;
+                    break;
+                case 'v':
+                    vflag = 1;
+                    break;
+                case 'E':
+                    eflag = 1;
+                    longk = 1;
+                    break;
+                case 'd':
+                    dflag = 1;
+                    break;
+                case 'D':
+                    dflag = 1;
+                    longk = 1;
+                    break;
+                case 'b':
+                    bflag = 1;
+                    break;
+                case 'f':
+                    fflag = 1;
+                    break;
+                case 's':
+                    sflag = 1;
+                    break;
+                case 'u':
+                    uflag = 1;
+                    strncpy(uuname, p, 200);
+                    uuname[sizeof(uuname) - 1] = '\0';
+                    p += strlen(uuname);
+                    break;
+                case 'h':
+                    hflag = 1;
+                    break;
+                case 'k':
+                    kflag = 1;
+                    if ((i + 1) == argc) {
+                        fputs("must have a key with the -k option\n", stderr);
+                        error = 1;
+                    } else {
+                        int j;
+
+                        i++;
+                        strncpy(key, argv[i], KEYSIZB);
+                        for (j = strlen(argv[i]) - 1; j >= 0; j--)
+                            argv[i][j] = '\0';
+                    }
+                    break;
+                default:
+                    fprintf(stderr, "'%c' unknown flag\n", p[-1]);
+                    error = 1;
+                    break;
+                }
+            }
+        } else {
+            if (in == NULL)
+                in = argv[i];
+            else if (out == NULL)
+                out = argv[i];
+            else
+                error = 1;
+        }
+    }
+    if (error)
+        usage();
+    /*-
+     * We either
+     * do checksum or
+     * do encrypt or
+     * do decrypt or
+     * do decrypt then ckecksum or
+     * do checksum then encrypt
+     */
+    if (((eflag + dflag) == 1) || cflag) {
+        if (eflag)
+            do_encrypt = DES_ENCRYPT;
+        if (dflag)
+            do_encrypt = DES_DECRYPT;
+    } else {
+        if (vflag) {
+#ifndef _Windows
+            fprintf(stderr, "des(1) built with %s\n", libdes_version);
+#endif
+            EXIT(1);
+        } else
+            usage();
+    }
+
+#ifndef _Windows
+    if (vflag)
+        fprintf(stderr, "des(1) built with %s\n", libdes_version);
+#endif
+    if ((in != NULL) && (out != NULL) &&
+#ifndef OPENSSL_SYS_MSDOS
+        (stat(in, &ins) != -1) &&
+        (stat(out, &outs) != -1) &&
+        (ins.st_dev == outs.st_dev) && (ins.st_ino == outs.st_ino))
+#else                           /* OPENSSL_SYS_MSDOS */
+        (strcmp(in, out) == 0))
+#endif
+    {
+        fputs("input and output file are the same\n", stderr);
+        EXIT(3);
+    }
+
+    if (!kflag)
+        if (des_read_pw_string
+            (key, KEYSIZB + 1, "Enter key:", eflag ? VERIFY : 0)) {
+            fputs("password error\n", stderr);
+            EXIT(2);
+        }
+
+    if (in == NULL)
+        DES_IN = stdin;
+    else if ((DES_IN = fopen(in, "r")) == NULL) {
+        perror("opening input file");
+        EXIT(4);
+    }
+
+    CKSUM_OUT = stdout;
+    if (out == NULL) {
+        DES_OUT = stdout;
+        CKSUM_OUT = stderr;
+    } else if ((DES_OUT = fopen(out, "w")) == NULL) {
+        perror("opening output file");
+        EXIT(5);
+    }
+#ifdef OPENSSL_SYS_MSDOS
+    /* This should set the file to binary mode. */
+    {
+# include <fcntl.h>
+        if (!(uflag && dflag))
+            setmode(fileno(DES_IN), O_BINARY);
+        if (!(uflag && eflag))
+            setmode(fileno(DES_OUT), O_BINARY);
+    }
+#endif
+
+    doencryption();
+    fclose(DES_IN);
+    fclose(DES_OUT);
+    EXIT(0);
+}
+
+void usage(void)
+{
+    char **u;
+    static const char *Usage[] = {
+        "des <options> [input-file [output-file]]",
+        "options:",
+        "-v         : des(1) version number",
+        "-e         : encrypt using SunOS compatible user key to DES key conversion.",
+        "-E         : encrypt ",
+        "-d         : decrypt using SunOS compatible user key to DES key conversion.",
+        "-D         : decrypt ",
+        "-c[ckname] : generate a cbc_cksum using SunOS compatible user key to",
+        "             DES key conversion and output to ckname (stdout default,",
+        "             stderr if data being output on stdout).  The checksum is",
+        "             generated before encryption and after decryption if used",
+        "             in conjunction with -[eEdD].",
+        "-C[ckname] : generate a cbc_cksum as for -c but compatible with -[ED].",
+        "-k key     : use key 'key'",
+        "-h         : the key that is entered will be a hexadecimal number",
+        "             that is used directly as the des key",
+        "-u[uuname] : input file is uudecoded if -[dD] or output uuencoded data if -[eE]",
+        "             (uuname is the filename to put in the uuencode header).",
+        "-b         : encrypt using DES in ecb encryption mode, the default is cbc mode.",
+        "-3         : encrypt using triple DES encryption.  This uses 2 keys",
+        "             generated from the input key.  If the input key is less",
+        "             than 8 characters long, this is equivalent to normal",
+        "             encryption.  Default is triple cbc, -b makes it triple ecb.",
+        NULL
+    };
+    for (u = (char **)Usage; *u; u++) {
+        fputs(*u, stderr);
+        fputc('\n', stderr);
+    }
+
+    EXIT(1);
+}
+
+void doencryption(void)
+{
+#ifdef _LIBC
+    extern unsigned long time();
+#endif
+
+    register int i;
+    DES_key_schedule ks, ks2;
+    DES_cblock iv, iv2;
+    char *p;
+    int num = 0, j, k, l, rem, ll, len, last, ex = 0;
+    DES_cblock kk, k2;
+    FILE *O;
+    int Exit = 0;
+#ifndef OPENSSL_SYS_MSDOS
+    static unsigned char buf[BUFSIZE + 8], obuf[BUFSIZE + 8];
+#else
+    static unsigned char *buf = NULL, *obuf = NULL;
+
+    if (buf == NULL) {
+        if (((buf = OPENSSL_malloc(BUFSIZE + 8)) == NULL) ||
+            ((obuf = OPENSSL_malloc(BUFSIZE + 8)) == NULL)) {
+            fputs("Not enough memory\n", stderr);
+            Exit = 10;
+            goto problems;
+        }
+    }
+#endif
+
+    if (hflag) {
+        j = (flag3 ? 16 : 8);
+        p = key;
+        for (i = 0; i < j; i++) {
+            k = 0;
+            if ((*p <= '9') && (*p >= '0'))
+                k = (*p - '0') << 4;
+            else if ((*p <= 'f') && (*p >= 'a'))
+                k = (*p - 'a' + 10) << 4;
+            else if ((*p <= 'F') && (*p >= 'A'))
+                k = (*p - 'A' + 10) << 4;
+            else {
+                fputs("Bad hex key\n", stderr);
+                Exit = 9;
+                goto problems;
+            }
+            p++;
+            if ((*p <= '9') && (*p >= '0'))
+                k |= (*p - '0');
+            else if ((*p <= 'f') && (*p >= 'a'))
+                k |= (*p - 'a' + 10);
+            else if ((*p <= 'F') && (*p >= 'A'))
+                k |= (*p - 'A' + 10);
+            else {
+                fputs("Bad hex key\n", stderr);
+                Exit = 9;
+                goto problems;
+            }
+            p++;
+            if (i < 8)
+                kk[i] = k;
+            else
+                k2[i - 8] = k;
+        }
+        DES_set_key_unchecked(&k2, &ks2);
+        OPENSSL_cleanse(k2, sizeof(k2));
+    } else if (longk || flag3) {
+        if (flag3) {
+            DES_string_to_2keys(key, &kk, &k2);
+            DES_set_key_unchecked(&k2, &ks2);
+            OPENSSL_cleanse(k2, sizeof(k2));
+        } else
+            DES_string_to_key(key, &kk);
+    } else
+        for (i = 0; i < KEYSIZ; i++) {
+            l = 0;
+            k = key[i];
+            for (j = 0; j < 8; j++) {
+                if (k & 1)
+                    l++;
+                k >>= 1;
+            }
+            if (l & 1)
+                kk[i] = key[i] & 0x7f;
+            else
+                kk[i] = key[i] | 0x80;
+        }
+
+    DES_set_key_unchecked(&kk, &ks);
+    OPENSSL_cleanse(key, sizeof(key));
+    OPENSSL_cleanse(kk, sizeof(kk));
+    /* woops - A bug that does not showup under unix :-( */
+    memset(iv, 0, sizeof(iv));
+    memset(iv2, 0, sizeof(iv2));
+
+    l = 1;
+    rem = 0;
+    /* first read */
+    if (eflag || (!dflag && cflag)) {
+        for (;;) {
+            num = l = fread(&(buf[rem]), 1, BUFSIZE, DES_IN);
+            l += rem;
+            num += rem;
+            if (l < 0) {
+                perror("read error");
+                Exit = 6;
+                goto problems;
+            }
+
+            rem = l % 8;
+            len = l - rem;
+            if (feof(DES_IN)) {
+                for (i = 7 - rem; i > 0; i--) {
+                    if (RAND_bytes(buf + l++, 1) <= 0)
+                        goto problems;
+                }
+                buf[l++] = rem;
+                ex = 1;
+                len += rem;
+            } else
+                l -= rem;
+
+            if (cflag) {
+                DES_cbc_cksum(buf, &cksum, (long)len, &ks, &cksum);
+                if (!eflag) {
+                    if (feof(DES_IN))
+                        break;
+                    else
+                        continue;
+                }
+            }
+
+            if (bflag && !flag3)
+                for (i = 0; i < l; i += 8)
+                    DES_ecb_encrypt((DES_cblock *)&(buf[i]),
+                                    (DES_cblock *)&(obuf[i]),
+                                    &ks, do_encrypt);
+            else if (flag3 && bflag)
+                for (i = 0; i < l; i += 8)
+                    DES_ecb2_encrypt((DES_cblock *)&(buf[i]),
+                                     (DES_cblock *)&(obuf[i]),
+                                     &ks, &ks2, do_encrypt);
+            else if (flag3 && !bflag) {
+                char tmpbuf[8];
+
+                if (rem)
+                    memcpy(tmpbuf, &(buf[l]), (unsigned int)rem);
+                DES_3cbc_encrypt((DES_cblock *)buf, (DES_cblock *)obuf,
+                                 (long)l, ks, ks2, &iv, &iv2, do_encrypt);
+                if (rem)
+                    memcpy(&(buf[l]), tmpbuf, (unsigned int)rem);
+            } else {
+                DES_cbc_encrypt(buf, obuf, (long)l, &ks, &iv, do_encrypt);
+                if (l >= 8)
+                    memcpy(iv, &(obuf[l - 8]), 8);
+            }
+            if (rem)
+                memcpy(buf, &(buf[l]), (unsigned int)rem);
+
+            i = 0;
+            while (i < l) {
+                if (uflag)
+                    j = uufwrite(obuf, 1, (unsigned int)l - i, DES_OUT);
+                else
+                    j = fwrite(obuf, 1, (unsigned int)l - i, DES_OUT);
+                if (j == -1) {
+                    perror("Write error");
+                    Exit = 7;
+                    goto problems;
+                }
+                i += j;
+            }
+            if (feof(DES_IN)) {
+                if (uflag)
+                    uufwriteEnd(DES_OUT);
+                break;
+            }
+        }
+    } else {                    /* decrypt */
+
+        ex = 1;
+        for (;;) {
+            if (ex) {
+                if (uflag)
+                    l = uufread(buf, 1, BUFSIZE, DES_IN);
+                else
+                    l = fread(buf, 1, BUFSIZE, DES_IN);
+                ex = 0;
+                rem = l % 8;
+                l -= rem;
+            }
+            if (l < 0) {
+                perror("read error");
+                Exit = 6;
+                goto problems;
+            }
+
+            if (bflag && !flag3)
+                for (i = 0; i < l; i += 8)
+                    DES_ecb_encrypt((DES_cblock *)&(buf[i]),
+                                    (DES_cblock *)&(obuf[i]),
+                                    &ks, do_encrypt);
+            else if (flag3 && bflag)
+                for (i = 0; i < l; i += 8)
+                    DES_ecb2_encrypt((DES_cblock *)&(buf[i]),
+                                     (DES_cblock *)&(obuf[i]),
+                                     &ks, &ks2, do_encrypt);
+            else if (flag3 && !bflag) {
+                DES_3cbc_encrypt((DES_cblock *)buf, (DES_cblock *)obuf,
+                                 (long)l, ks, ks2, &iv, &iv2, do_encrypt);
+            } else {
+                DES_cbc_encrypt(buf, obuf, (long)l, &ks, &iv, do_encrypt);
+                if (l >= 8)
+                    memcpy(iv, &(buf[l - 8]), 8);
+            }
+
+            if (uflag)
+                ll = uufread(&(buf[rem]), 1, BUFSIZE, DES_IN);
+            else
+                ll = fread(&(buf[rem]), 1, BUFSIZE, DES_IN);
+            ll += rem;
+            rem = ll % 8;
+            ll -= rem;
+            if (feof(DES_IN) && (ll == 0)) {
+                last = obuf[l - 1];
+
+                if ((last > 7) || (last < 0)) {
+                    fputs("The file was not decrypted correctly.\n", stderr);
+                    Exit = 8;
+                    last = 0;
+                }
+                l = l - 8 + last;
+            }
+            i = 0;
+            if (cflag)
+                DES_cbc_cksum(obuf,
+                              (DES_cblock *)cksum, (long)l / 8 * 8, &ks,
+                              (DES_cblock *)cksum);
+            while (i != l) {
+                j = fwrite(obuf, 1, (unsigned int)l - i, DES_OUT);
+                if (j == -1) {
+                    perror("Write error");
+                    Exit = 7;
+                    goto problems;
+                }
+                i += j;
+            }
+            l = ll;
+            if ((l == 0) && feof(DES_IN))
+                break;
+        }
+    }
+    if (cflag) {
+        l = 0;
+        if (cksumname[0] != '\0') {
+            if ((O = fopen(cksumname, "w")) != NULL) {
+                CKSUM_OUT = O;
+                l = 1;
+            }
+        }
+        for (i = 0; i < 8; i++)
+            fprintf(CKSUM_OUT, "%02X", cksum[i]);
+        fprintf(CKSUM_OUT, "\n");
+        if (l)
+            fclose(CKSUM_OUT);
+    }
+ problems:
+    OPENSSL_cleanse(buf, sizeof(buf));
+    OPENSSL_cleanse(obuf, sizeof(obuf));
+    OPENSSL_cleanse(&ks, sizeof(ks));
+    OPENSSL_cleanse(&ks2, sizeof(ks2));
+    OPENSSL_cleanse(iv, sizeof(iv));
+    OPENSSL_cleanse(iv2, sizeof(iv2));
+    OPENSSL_cleanse(kk, sizeof(kk));
+    OPENSSL_cleanse(k2, sizeof(k2));
+    OPENSSL_cleanse(uubuf, sizeof(uubuf));
+    OPENSSL_cleanse(b, sizeof(b));
+    OPENSSL_cleanse(bb, sizeof(bb));
+    OPENSSL_cleanse(cksum, sizeof(cksum));
+    if (Exit)
+        EXIT(Exit);
+}
+
+/*    We ignore this parameter but it should be > ~50 I believe    */
+int uufwrite(unsigned char *data, int size, unsigned int num, FILE *fp)
+{
+    int i, j, left, rem, ret = num;
+    static int start = 1;
+
+    if (start) {
+        fprintf(fp, "begin 600 %s\n",
+                (uuname[0] == '\0') ? "text.d" : uuname);
+        start = 0;
+    }
+
+    if (uubufnum) {
+        if (uubufnum + num < 45) {
+            memcpy(&(uubuf[uubufnum]), data, (unsigned int)num);
+            uubufnum += num;
+            return (num);
+        } else {
+            i = 45 - uubufnum;
+            memcpy(&(uubuf[uubufnum]), data, (unsigned int)i);
+            j = uuencode((unsigned char *)uubuf, 45, b);
+            fwrite(b, 1, (unsigned int)j, fp);
+            uubufnum = 0;
+            data += i;
+            num -= i;
+        }
+    }
+
+    for (i = 0; i < (((int)num) - INUUBUFN); i += INUUBUFN) {
+        j = uuencode(&(data[i]), INUUBUFN, b);
+        fwrite(b, 1, (unsigned int)j, fp);
+    }
+    rem = (num - i) % 45;
+    left = (num - i - rem);
+    if (left) {
+        j = uuencode(&(data[i]), left, b);
+        fwrite(b, 1, (unsigned int)j, fp);
+        i += left;
+    }
+    if (i != num) {
+        memcpy(uubuf, &(data[i]), (unsigned int)rem);
+        uubufnum = rem;
+    }
+    return (ret);
+}
+
+void uufwriteEnd(FILE *fp)
+{
+    int j;
+    static const char *end = " \nend\n";
+
+    if (uubufnum != 0) {
+        uubuf[uubufnum] = '\0';
+        uubuf[uubufnum + 1] = '\0';
+        uubuf[uubufnum + 2] = '\0';
+        j = uuencode(uubuf, uubufnum, b);
+        fwrite(b, 1, (unsigned int)j, fp);
+    }
+    fwrite(end, 1, strlen(end), fp);
+}
+
+/*
+ * int size: should always be > ~ 60; I actually ignore this parameter :-)
+ */
+int uufread(unsigned char *out, int size, unsigned int num, FILE *fp)
+{
+    int i, j, tot;
+    static int done = 0;
+    static int valid = 0;
+    static int start = 1;
+
+    if (start) {
+        for (;;) {
+            b[0] = '\0';
+            fgets((char *)b, 300, fp);
+            if (b[0] == '\0') {
+                fprintf(stderr, "no 'begin' found in uuencoded input\n");
+                return (-1);
+            }
+            if (strncmp((char *)b, "begin ", 6) == 0)
+                break;
+        }
+        start = 0;
+    }
+    if (done)
+        return (0);
+    tot = 0;
+    if (valid) {
+        memcpy(out, bb, (unsigned int)valid);
+        tot = valid;
+        valid = 0;
+    }
+    for (;;) {
+        b[0] = '\0';
+        fgets((char *)b, 300, fp);
+        if (b[0] == '\0')
+            break;
+        i = strlen((char *)b);
+        if ((b[0] == 'e') && (b[1] == 'n') && (b[2] == 'd')) {
+            done = 1;
+            while (!feof(fp)) {
+                fgets((char *)b, 300, fp);
+            }
+            break;
+        }
+        i = uudecode(b, i, bb);
+        if (i < 0)
+            break;
+        if ((i + tot + 8) > num) {
+            /* num to copy to make it a multiple of 8 */
+            j = (num / 8 * 8) - tot - 8;
+            memcpy(&(out[tot]), bb, (unsigned int)j);
+            tot += j;
+            memcpy(bb, &(bb[j]), (unsigned int)i - j);
+            valid = i - j;
+            break;
+        }
+        memcpy(&(out[tot]), bb, (unsigned int)i);
+        tot += i;
+    }
+    return (tot);
+}
+
+#define ccc2l(c,l)      (l =((DES_LONG)(*((c)++)))<<16, \
+                         l|=((DES_LONG)(*((c)++)))<< 8, \
+                         l|=((DES_LONG)(*((c)++))))
+
+#define l2ccc(l,c)      (*((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                    *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                    *((c)++)=(unsigned char)(((l)    )&0xff))
+
+int uuencode(unsigned char *in, int num, unsigned char *out)
+{
+    int j, i, n, tot = 0;
+    DES_LONG l;
+    register unsigned char *p;
+    p = out;
+
+    for (j = 0; j < num; j += 45) {
+        if (j + 45 > num)
+            i = (num - j);
+        else
+            i = 45;
+        *(p++) = i + ' ';
+        for (n = 0; n < i; n += 3) {
+            ccc2l(in, l);
+            *(p++) = ((l >> 18) & 0x3f) + ' ';
+            *(p++) = ((l >> 12) & 0x3f) + ' ';
+            *(p++) = ((l >> 6) & 0x3f) + ' ';
+            *(p++) = ((l) & 0x3f) + ' ';
+            tot += 4;
+        }
+        *(p++) = '\n';
+        tot += 2;
+    }
+    *p = '\0';
+    l = 0;
+    return (tot);
+}
+
+int uudecode(unsigned char *in, int num, unsigned char *out)
+{
+    int j, i, k;
+    unsigned int n = 0, space = 0;
+    DES_LONG l;
+    DES_LONG w, x, y, z;
+    unsigned int blank = (unsigned int)'\n' - ' ';
+
+    for (j = 0; j < num;) {
+        n = *(in++) - ' ';
+        if (n == blank) {
+            n = 0;
+            in--;
+        }
+        if (n > 60) {
+            fprintf(stderr, "uuencoded line length too long\n");
+            return (-1);
+        }
+        j++;
+
+        for (i = 0; i < n; j += 4, i += 3) {
+            /*
+             * the following is for cases where spaces are removed from
+             * lines.
+             */
+            if (space) {
+                w = x = y = z = 0;
+            } else {
+                w = *(in++) - ' ';
+                x = *(in++) - ' ';
+                y = *(in++) - ' ';
+                z = *(in++) - ' ';
+            }
+            if ((w > 63) || (x > 63) || (y > 63) || (z > 63)) {
+                k = 0;
+                if (w == blank)
+                    k = 1;
+                if (x == blank)
+                    k = 2;
+                if (y == blank)
+                    k = 3;
+                if (z == blank)
+                    k = 4;
+                space = 1;
+                switch (k) {
+                case 1:
+                    w = 0;
+                    in--;
+                case 2:
+                    x = 0;
+                    in--;
+                case 3:
+                    y = 0;
+                    in--;
+                case 4:
+                    z = 0;
+                    in--;
+                    break;
+                case 0:
+                    space = 0;
+                    fprintf(stderr, "bad uuencoded data values\n");
+                    w = x = y = z = 0;
+                    return (-1);
+                    break;
+                }
+            }
+            l = (w << 18) | (x << 12) | (y << 6) | (z);
+            l2ccc(l, out);
+        }
+        if (*(in++) != '\n') {
+            fprintf(stderr, "missing nl in uuencoded line\n");
+            w = x = y = z = 0;
+            return (-1);
+        }
+        j++;
+    }
+    *out = '\0';
+    w = x = y = z = 0;
+    return (n);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/des/des_old.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/des_old.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/des/des_old.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,345 +0,0 @@
-/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */
-
-/*-
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- *
- * The function names in here are deprecated and are only present to
- * provide an interface compatible with libdes.  OpenSSL now provides
- * functions where "des_" has been replaced with "DES_" in the names,
- * to make it possible to make incompatible changes that are needed
- * for C type security and other stuff.
- *
- * Please consider starting to use the DES_ functions rather than the
- * des_ ones.  The des_ functions will dissapear completely before
- * OpenSSL 1.0!
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
-/*
- * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
- * 2001.
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#define OPENSSL_DES_LIBDES_COMPATIBILITY
-#include <openssl/des.h>
-#include <openssl/rand.h>
-
-const char *_ossl_old_des_options(void)
-{
-    return DES_options();
-}
-
-void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,
-                                _ossl_old_des_cblock *output,
-                                des_key_schedule ks1, des_key_schedule ks2,
-                                des_key_schedule ks3, int enc)
-{
-    DES_ecb3_encrypt((const_DES_cblock *)input, output,
-                     (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
-                     (DES_key_schedule *)ks3, enc);
-}
-
-DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,
-                                 _ossl_old_des_cblock *output, long length,
-                                 des_key_schedule schedule,
-                                 _ossl_old_des_cblock *ivec)
-{
-    return DES_cbc_cksum((unsigned char *)input, output, length,
-                         (DES_key_schedule *)schedule, ivec);
-}
-
-void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,
-                               _ossl_old_des_cblock *output, long length,
-                               des_key_schedule schedule,
-                               _ossl_old_des_cblock *ivec, int enc)
-{
-    DES_cbc_encrypt((unsigned char *)input, (unsigned char *)output,
-                    length, (DES_key_schedule *)schedule, ivec, enc);
-}
-
-void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,
-                                _ossl_old_des_cblock *output, long length,
-                                des_key_schedule schedule,
-                                _ossl_old_des_cblock *ivec, int enc)
-{
-    DES_ncbc_encrypt((unsigned char *)input, (unsigned char *)output,
-                     length, (DES_key_schedule *)schedule, ivec, enc);
-}
-
-void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,
-                                _ossl_old_des_cblock *output, long length,
-                                des_key_schedule schedule,
-                                _ossl_old_des_cblock *ivec,
-                                _ossl_old_des_cblock *inw,
-                                _ossl_old_des_cblock *outw, int enc)
-{
-    DES_xcbc_encrypt((unsigned char *)input, (unsigned char *)output,
-                     length, (DES_key_schedule *)schedule, ivec, inw, outw,
-                     enc);
-}
-
-void _ossl_old_des_cfb_encrypt(unsigned char *in, unsigned char *out,
-                               int numbits, long length,
-                               des_key_schedule schedule,
-                               _ossl_old_des_cblock *ivec, int enc)
-{
-    DES_cfb_encrypt(in, out, numbits, length,
-                    (DES_key_schedule *)schedule, ivec, enc);
-}
-
-void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,
-                               _ossl_old_des_cblock *output,
-                               des_key_schedule ks, int enc)
-{
-    DES_ecb_encrypt(input, output, (DES_key_schedule *)ks, enc);
-}
-
-void _ossl_old_des_encrypt(DES_LONG *data, des_key_schedule ks, int enc)
-{
-    DES_encrypt1(data, (DES_key_schedule *)ks, enc);
-}
-
-void _ossl_old_des_encrypt2(DES_LONG *data, des_key_schedule ks, int enc)
-{
-    DES_encrypt2(data, (DES_key_schedule *)ks, enc);
-}
-
-void _ossl_old_des_encrypt3(DES_LONG *data, des_key_schedule ks1,
-                            des_key_schedule ks2, des_key_schedule ks3)
-{
-    DES_encrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
-                 (DES_key_schedule *)ks3);
-}
-
-void _ossl_old_des_decrypt3(DES_LONG *data, des_key_schedule ks1,
-                            des_key_schedule ks2, des_key_schedule ks3)
-{
-    DES_decrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
-                 (DES_key_schedule *)ks3);
-}
-
-void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input,
-                                    _ossl_old_des_cblock *output, long length,
-                                    des_key_schedule ks1,
-                                    des_key_schedule ks2,
-                                    des_key_schedule ks3,
-                                    _ossl_old_des_cblock *ivec, int enc)
-{
-    DES_ede3_cbc_encrypt((unsigned char *)input, (unsigned char *)output,
-                         length, (DES_key_schedule *)ks1,
-                         (DES_key_schedule *)ks2, (DES_key_schedule *)ks3,
-                         ivec, enc);
-}
-
-void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
-                                      long length, des_key_schedule ks1,
-                                      des_key_schedule ks2,
-                                      des_key_schedule ks3,
-                                      _ossl_old_des_cblock *ivec, int *num,
-                                      int enc)
-{
-    DES_ede3_cfb64_encrypt(in, out, length,
-                           (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
-                           (DES_key_schedule *)ks3, ivec, num, enc);
-}
-
-void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
-                                      long length, des_key_schedule ks1,
-                                      des_key_schedule ks2,
-                                      des_key_schedule ks3,
-                                      _ossl_old_des_cblock *ivec, int *num)
-{
-    DES_ede3_ofb64_encrypt(in, out, length,
-                           (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
-                           (DES_key_schedule *)ks3, ivec, num);
-}
-
-#if 0                           /* broken code, preserved just in case anyone
-                                 * specifically looks for this */
-void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key),
-                                 _ossl_old_des_cblock (*in_white),
-                                 _ossl_old_des_cblock (*out_white))
-{
-    DES_xwhite_in2out(des_key, in_white, out_white);
-}
-#endif
-
-int _ossl_old_des_enc_read(int fd, char *buf, int len, des_key_schedule sched,
-                           _ossl_old_des_cblock *iv)
-{
-    return DES_enc_read(fd, buf, len, (DES_key_schedule *)sched, iv);
-}
-
-int _ossl_old_des_enc_write(int fd, char *buf, int len,
-                            des_key_schedule sched, _ossl_old_des_cblock *iv)
-{
-    return DES_enc_write(fd, buf, len, (DES_key_schedule *)sched, iv);
-}
-
-char *_ossl_old_des_fcrypt(const char *buf, const char *salt, char *ret)
-{
-    return DES_fcrypt(buf, salt, ret);
-}
-
-char *_ossl_old_des_crypt(const char *buf, const char *salt)
-{
-    return DES_crypt(buf, salt);
-}
-
-char *_ossl_old_crypt(const char *buf, const char *salt)
-{
-    return DES_crypt(buf, salt);
-}
-
-void _ossl_old_des_ofb_encrypt(unsigned char *in, unsigned char *out,
-                               int numbits, long length,
-                               des_key_schedule schedule,
-                               _ossl_old_des_cblock *ivec)
-{
-    DES_ofb_encrypt(in, out, numbits, length, (DES_key_schedule *)schedule,
-                    ivec);
-}
-
-void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,
-                                _ossl_old_des_cblock *output, long length,
-                                des_key_schedule schedule,
-                                _ossl_old_des_cblock *ivec, int enc)
-{
-    DES_pcbc_encrypt((unsigned char *)input, (unsigned char *)output,
-                     length, (DES_key_schedule *)schedule, ivec, enc);
-}
-
-DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,
-                                  _ossl_old_des_cblock *output, long length,
-                                  int out_count, _ossl_old_des_cblock *seed)
-{
-    return DES_quad_cksum((unsigned char *)input, output, length,
-                          out_count, seed);
-}
-
-void _ossl_old_des_random_seed(_ossl_old_des_cblock key)
-{
-    RAND_seed(key, sizeof(_ossl_old_des_cblock));
-}
-
-void _ossl_old_des_random_key(_ossl_old_des_cblock ret)
-{
-    DES_random_key((DES_cblock *)ret);
-}
-
-int _ossl_old_des_read_password(_ossl_old_des_cblock *key, const char *prompt,
-                                int verify)
-{
-    return DES_read_password(key, prompt, verify);
-}
-
-int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1,
-                                  _ossl_old_des_cblock *key2,
-                                  const char *prompt, int verify)
-{
-    return DES_read_2passwords(key1, key2, prompt, verify);
-}
-
-void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key)
-{
-    DES_set_odd_parity(key);
-}
-
-int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key)
-{
-    return DES_is_weak_key(key);
-}
-
-int _ossl_old_des_set_key(_ossl_old_des_cblock *key,
-                          des_key_schedule schedule)
-{
-    return DES_set_key(key, (DES_key_schedule *)schedule);
-}
-
-int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,
-                            des_key_schedule schedule)
-{
-    return DES_key_sched(key, (DES_key_schedule *)schedule);
-}
-
-void _ossl_old_des_string_to_key(char *str, _ossl_old_des_cblock *key)
-{
-    DES_string_to_key(str, key);
-}
-
-void _ossl_old_des_string_to_2keys(char *str, _ossl_old_des_cblock *key1,
-                                   _ossl_old_des_cblock *key2)
-{
-    DES_string_to_2keys(str, key1, key2);
-}
-
-void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out,
-                                 long length, des_key_schedule schedule,
-                                 _ossl_old_des_cblock *ivec, int *num,
-                                 int enc)
-{
-    DES_cfb64_encrypt(in, out, length, (DES_key_schedule *)schedule,
-                      ivec, num, enc);
-}
-
-void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out,
-                                 long length, des_key_schedule schedule,
-                                 _ossl_old_des_cblock *ivec, int *num)
-{
-    DES_ofb64_encrypt(in, out, length, (DES_key_schedule *)schedule,
-                      ivec, num);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/des/des_old.c (from rev 11605, vendor-crypto/openssl/dist/crypto/des/des_old.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/des/des_old.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/des/des_old.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,345 @@
+/* crypto/des/des_old.c */
+
+/*-
+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ *
+ * The function names in here are deprecated and are only present to
+ * provide an interface compatible with libdes.  OpenSSL now provides
+ * functions where "des_" has been replaced with "DES_" in the names,
+ * to make it possible to make incompatible changes that are needed
+ * for C type security and other stuff.
+ *
+ * Please consider starting to use the DES_ functions rather than the
+ * des_ ones.  The des_ functions will dissapear completely before
+ * OpenSSL 1.0!
+ *
+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ */
+
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#define OPENSSL_DES_LIBDES_COMPATIBILITY
+#include <openssl/des.h>
+#include <openssl/rand.h>
+
+const char *_ossl_old_des_options(void)
+{
+    return DES_options();
+}
+
+void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,
+                                _ossl_old_des_cblock *output,
+                                des_key_schedule ks1, des_key_schedule ks2,
+                                des_key_schedule ks3, int enc)
+{
+    DES_ecb3_encrypt((const_DES_cblock *)input, output,
+                     (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+                     (DES_key_schedule *)ks3, enc);
+}
+
+DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,
+                                 _ossl_old_des_cblock *output, long length,
+                                 des_key_schedule schedule,
+                                 _ossl_old_des_cblock *ivec)
+{
+    return DES_cbc_cksum((unsigned char *)input, output, length,
+                         (DES_key_schedule *)schedule, ivec);
+}
+
+void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,
+                               _ossl_old_des_cblock *output, long length,
+                               des_key_schedule schedule,
+                               _ossl_old_des_cblock *ivec, int enc)
+{
+    DES_cbc_encrypt((unsigned char *)input, (unsigned char *)output,
+                    length, (DES_key_schedule *)schedule, ivec, enc);
+}
+
+void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,
+                                _ossl_old_des_cblock *output, long length,
+                                des_key_schedule schedule,
+                                _ossl_old_des_cblock *ivec, int enc)
+{
+    DES_ncbc_encrypt((unsigned char *)input, (unsigned char *)output,
+                     length, (DES_key_schedule *)schedule, ivec, enc);
+}
+
+void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,
+                                _ossl_old_des_cblock *output, long length,
+                                des_key_schedule schedule,
+                                _ossl_old_des_cblock *ivec,
+                                _ossl_old_des_cblock *inw,
+                                _ossl_old_des_cblock *outw, int enc)
+{
+    DES_xcbc_encrypt((unsigned char *)input, (unsigned char *)output,
+                     length, (DES_key_schedule *)schedule, ivec, inw, outw,
+                     enc);
+}
+
+void _ossl_old_des_cfb_encrypt(unsigned char *in, unsigned char *out,
+                               int numbits, long length,
+                               des_key_schedule schedule,
+                               _ossl_old_des_cblock *ivec, int enc)
+{
+    DES_cfb_encrypt(in, out, numbits, length,
+                    (DES_key_schedule *)schedule, ivec, enc);
+}
+
+void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,
+                               _ossl_old_des_cblock *output,
+                               des_key_schedule ks, int enc)
+{
+    DES_ecb_encrypt(input, output, (DES_key_schedule *)ks, enc);
+}
+
+void _ossl_old_des_encrypt(DES_LONG *data, des_key_schedule ks, int enc)
+{
+    DES_encrypt1(data, (DES_key_schedule *)ks, enc);
+}
+
+void _ossl_old_des_encrypt2(DES_LONG *data, des_key_schedule ks, int enc)
+{
+    DES_encrypt2(data, (DES_key_schedule *)ks, enc);
+}
+
+void _ossl_old_des_encrypt3(DES_LONG *data, des_key_schedule ks1,
+                            des_key_schedule ks2, des_key_schedule ks3)
+{
+    DES_encrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+                 (DES_key_schedule *)ks3);
+}
+
+void _ossl_old_des_decrypt3(DES_LONG *data, des_key_schedule ks1,
+                            des_key_schedule ks2, des_key_schedule ks3)
+{
+    DES_decrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+                 (DES_key_schedule *)ks3);
+}
+
+void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input,
+                                    _ossl_old_des_cblock *output, long length,
+                                    des_key_schedule ks1,
+                                    des_key_schedule ks2,
+                                    des_key_schedule ks3,
+                                    _ossl_old_des_cblock *ivec, int enc)
+{
+    DES_ede3_cbc_encrypt((unsigned char *)input, (unsigned char *)output,
+                         length, (DES_key_schedule *)ks1,
+                         (DES_key_schedule *)ks2, (DES_key_schedule *)ks3,
+                         ivec, enc);
+}
+
+void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
+                                      long length, des_key_schedule ks1,
+                                      des_key_schedule ks2,
+                                      des_key_schedule ks3,
+                                      _ossl_old_des_cblock *ivec, int *num,
+                                      int enc)
+{
+    DES_ede3_cfb64_encrypt(in, out, length,
+                           (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+                           (DES_key_schedule *)ks3, ivec, num, enc);
+}
+
+void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
+                                      long length, des_key_schedule ks1,
+                                      des_key_schedule ks2,
+                                      des_key_schedule ks3,
+                                      _ossl_old_des_cblock *ivec, int *num)
+{
+    DES_ede3_ofb64_encrypt(in, out, length,
+                           (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+                           (DES_key_schedule *)ks3, ivec, num);
+}
+
+#if 0                           /* broken code, preserved just in case anyone
+                                 * specifically looks for this */
+void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key),
+                                 _ossl_old_des_cblock (*in_white),
+                                 _ossl_old_des_cblock (*out_white))
+{
+    DES_xwhite_in2out(des_key, in_white, out_white);
+}
+#endif
+
+int _ossl_old_des_enc_read(int fd, char *buf, int len, des_key_schedule sched,
+                           _ossl_old_des_cblock *iv)
+{
+    return DES_enc_read(fd, buf, len, (DES_key_schedule *)sched, iv);
+}
+
+int _ossl_old_des_enc_write(int fd, char *buf, int len,
+                            des_key_schedule sched, _ossl_old_des_cblock *iv)
+{
+    return DES_enc_write(fd, buf, len, (DES_key_schedule *)sched, iv);
+}
+
+char *_ossl_old_des_fcrypt(const char *buf, const char *salt, char *ret)
+{
+    return DES_fcrypt(buf, salt, ret);
+}
+
+char *_ossl_old_des_crypt(const char *buf, const char *salt)
+{
+    return DES_crypt(buf, salt);
+}
+
+char *_ossl_old_crypt(const char *buf, const char *salt)
+{
+    return DES_crypt(buf, salt);
+}
+
+void _ossl_old_des_ofb_encrypt(unsigned char *in, unsigned char *out,
+                               int numbits, long length,
+                               des_key_schedule schedule,
+                               _ossl_old_des_cblock *ivec)
+{
+    DES_ofb_encrypt(in, out, numbits, length, (DES_key_schedule *)schedule,
+                    ivec);
+}
+
+void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,
+                                _ossl_old_des_cblock *output, long length,
+                                des_key_schedule schedule,
+                                _ossl_old_des_cblock *ivec, int enc)
+{
+    DES_pcbc_encrypt((unsigned char *)input, (unsigned char *)output,
+                     length, (DES_key_schedule *)schedule, ivec, enc);
+}
+
+DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,
+                                  _ossl_old_des_cblock *output, long length,
+                                  int out_count, _ossl_old_des_cblock *seed)
+{
+    return DES_quad_cksum((unsigned char *)input, output, length,
+                          out_count, seed);
+}
+
+void _ossl_old_des_random_seed(_ossl_old_des_cblock key)
+{
+    RAND_seed(key, sizeof(_ossl_old_des_cblock));
+}
+
+void _ossl_old_des_random_key(_ossl_old_des_cblock ret)
+{
+    DES_random_key((DES_cblock *)ret);
+}
+
+int _ossl_old_des_read_password(_ossl_old_des_cblock *key, const char *prompt,
+                                int verify)
+{
+    return DES_read_password(key, prompt, verify);
+}
+
+int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1,
+                                  _ossl_old_des_cblock *key2,
+                                  const char *prompt, int verify)
+{
+    return DES_read_2passwords(key1, key2, prompt, verify);
+}
+
+void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key)
+{
+    DES_set_odd_parity(key);
+}
+
+int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key)
+{
+    return DES_is_weak_key(key);
+}
+
+int _ossl_old_des_set_key(_ossl_old_des_cblock *key,
+                          des_key_schedule schedule)
+{
+    return DES_set_key(key, (DES_key_schedule *)schedule);
+}
+
+int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,
+                            des_key_schedule schedule)
+{
+    return DES_key_sched(key, (DES_key_schedule *)schedule);
+}
+
+void _ossl_old_des_string_to_key(char *str, _ossl_old_des_cblock *key)
+{
+    DES_string_to_key(str, key);
+}
+
+void _ossl_old_des_string_to_2keys(char *str, _ossl_old_des_cblock *key1,
+                                   _ossl_old_des_cblock *key2)
+{
+    DES_string_to_2keys(str, key1, key2);
+}
+
+void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out,
+                                 long length, des_key_schedule schedule,
+                                 _ossl_old_des_cblock *ivec, int *num,
+                                 int enc)
+{
+    DES_cfb64_encrypt(in, out, length, (DES_key_schedule *)schedule,
+                      ivec, num, enc);
+}
+
+void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out,
+                                 long length, des_key_schedule schedule,
+                                 _ossl_old_des_cblock *ivec, int *num)
+{
+    DES_ofb64_encrypt(in, out, length, (DES_key_schedule *)schedule,
+                      ivec, num);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/des/des_old.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/des_old.h	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/des/des_old.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,497 +0,0 @@
-/* crypto/des/des_old.h -*- mode:C; c-file-style: "eay" -*- */
-
-/*-
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- *
- * The function names in here are deprecated and are only present to
- * provide an interface compatible with openssl 0.9.6 and older as
- * well as libdes.  OpenSSL now provides functions where "des_" has
- * been replaced with "DES_" in the names, to make it possible to
- * make incompatible changes that are needed for C type security and
- * other stuff.
- *
- * This include files has two compatibility modes:
- *
- *   - If OPENSSL_DES_LIBDES_COMPATIBILITY is defined, you get an API
- *     that is compatible with libdes and SSLeay.
- *   - If OPENSSL_DES_LIBDES_COMPATIBILITY isn't defined, you get an
- *     API that is compatible with OpenSSL 0.9.5x to 0.9.6x.
- *
- * Note that these modes break earlier snapshots of OpenSSL, where
- * libdes compatibility was the only available mode or (later on) the
- * prefered compatibility mode.  However, after much consideration
- * (and more or less violent discussions with external parties), it
- * was concluded that OpenSSL should be compatible with earlier versions
- * of itself before anything else.  Also, in all honesty, libdes is
- * an old beast that shouldn't really be used any more.
- *
- * Please consider starting to use the DES_ functions rather than the
- * des_ ones.  The des_ functions will disappear completely before
- * OpenSSL 1.0!
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
-/*
- * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
- * 2001.
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_DES_H
-# define HEADER_DES_H
-
-# include <openssl/e_os2.h>     /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG */
-
-# ifdef OPENSSL_NO_DES
-#  error DES is disabled.
-# endif
-
-# ifndef HEADER_NEW_DES_H
-#  error You must include des.h, not des_old.h directly.
-# endif
-
-# ifdef _KERBEROS_DES_H
-#  error <openssl/des_old.h> replaces <kerberos/des.h>.
-# endif
-
-# include <openssl/symhacks.h>
-
-# ifdef OPENSSL_BUILD_SHLIBCRYPTO
-#  undef OPENSSL_EXTERN
-#  define OPENSSL_EXTERN OPENSSL_EXPORT
-# endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-# ifdef _
-#  undef _
-# endif
-
-typedef unsigned char _ossl_old_des_cblock[8];
-typedef struct _ossl_old_des_ks_struct {
-    union {
-        _ossl_old_des_cblock _;
-        /*
-         * make sure things are correct size on machines with 8 byte longs
-         */
-        DES_LONG pad[2];
-    } ks;
-} _ossl_old_des_key_schedule[16];
-
-# ifndef OPENSSL_DES_LIBDES_COMPATIBILITY
-#  define des_cblock DES_cblock
-#  define const_des_cblock const_DES_cblock
-#  define des_key_schedule DES_key_schedule
-#  define des_ecb3_encrypt(i,o,k1,k2,k3,e)\
-        DES_ecb3_encrypt((i),(o),&(k1),&(k2),&(k3),(e))
-#  define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\
-        DES_ede3_cbc_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(e))
-#  define des_ede3_cbcm_encrypt(i,o,l,k1,k2,k3,iv1,iv2,e)\
-        DES_ede3_cbcm_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv1),(iv2),(e))
-#  define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\
-        DES_ede3_cfb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n),(e))
-#  define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\
-        DES_ede3_ofb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n))
-#  define des_options()\
-        DES_options()
-#  define des_cbc_cksum(i,o,l,k,iv)\
-        DES_cbc_cksum((i),(o),(l),&(k),(iv))
-#  define des_cbc_encrypt(i,o,l,k,iv,e)\
-        DES_cbc_encrypt((i),(o),(l),&(k),(iv),(e))
-#  define des_ncbc_encrypt(i,o,l,k,iv,e)\
-        DES_ncbc_encrypt((i),(o),(l),&(k),(iv),(e))
-#  define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\
-        DES_xcbc_encrypt((i),(o),(l),&(k),(iv),(inw),(outw),(e))
-#  define des_cfb_encrypt(i,o,n,l,k,iv,e)\
-        DES_cfb_encrypt((i),(o),(n),(l),&(k),(iv),(e))
-#  define des_ecb_encrypt(i,o,k,e)\
-        DES_ecb_encrypt((i),(o),&(k),(e))
-#  define des_encrypt1(d,k,e)\
-        DES_encrypt1((d),&(k),(e))
-#  define des_encrypt2(d,k,e)\
-        DES_encrypt2((d),&(k),(e))
-#  define des_encrypt3(d,k1,k2,k3)\
-        DES_encrypt3((d),&(k1),&(k2),&(k3))
-#  define des_decrypt3(d,k1,k2,k3)\
-        DES_decrypt3((d),&(k1),&(k2),&(k3))
-#  define des_xwhite_in2out(k,i,o)\
-        DES_xwhite_in2out((k),(i),(o))
-#  define des_enc_read(f,b,l,k,iv)\
-        DES_enc_read((f),(b),(l),&(k),(iv))
-#  define des_enc_write(f,b,l,k,iv)\
-        DES_enc_write((f),(b),(l),&(k),(iv))
-#  define des_fcrypt(b,s,r)\
-        DES_fcrypt((b),(s),(r))
-#  if 0
-#   define des_crypt(b,s)\
-        DES_crypt((b),(s))
-#   if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(__OpenBSD__)
-#    define crypt(b,s)\
-        DES_crypt((b),(s))
-#   endif
-#  endif
-#  define des_ofb_encrypt(i,o,n,l,k,iv)\
-        DES_ofb_encrypt((i),(o),(n),(l),&(k),(iv))
-#  define des_pcbc_encrypt(i,o,l,k,iv,e)\
-        DES_pcbc_encrypt((i),(o),(l),&(k),(iv),(e))
-#  define des_quad_cksum(i,o,l,c,s)\
-        DES_quad_cksum((i),(o),(l),(c),(s))
-#  define des_random_seed(k)\
-        _ossl_096_des_random_seed((k))
-#  define des_random_key(r)\
-        DES_random_key((r))
-#  define des_read_password(k,p,v) \
-        DES_read_password((k),(p),(v))
-#  define des_read_2passwords(k1,k2,p,v) \
-        DES_read_2passwords((k1),(k2),(p),(v))
-#  define des_set_odd_parity(k)\
-        DES_set_odd_parity((k))
-#  define des_check_key_parity(k)\
-        DES_check_key_parity((k))
-#  define des_is_weak_key(k)\
-        DES_is_weak_key((k))
-#  define des_set_key(k,ks)\
-        DES_set_key((k),&(ks))
-#  define des_key_sched(k,ks)\
-        DES_key_sched((k),&(ks))
-#  define des_set_key_checked(k,ks)\
-        DES_set_key_checked((k),&(ks))
-#  define des_set_key_unchecked(k,ks)\
-        DES_set_key_unchecked((k),&(ks))
-#  define des_string_to_key(s,k)\
-        DES_string_to_key((s),(k))
-#  define des_string_to_2keys(s,k1,k2)\
-        DES_string_to_2keys((s),(k1),(k2))
-#  define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\
-        DES_cfb64_encrypt((i),(o),(l),&(ks),(iv),(n),(e))
-#  define des_ofb64_encrypt(i,o,l,ks,iv,n)\
-        DES_ofb64_encrypt((i),(o),(l),&(ks),(iv),(n))
-
-#  define des_ecb2_encrypt(i,o,k1,k2,e) \
-        des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
-
-#  define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
-        des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
-
-#  define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
-        des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
-
-#  define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
-        des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
-
-#  define des_check_key DES_check_key
-#  define des_rw_mode DES_rw_mode
-# else                          /* libdes compatibility */
-/*
- * Map all symbol names to _ossl_old_des_* form, so we avoid all clashes with
- * libdes
- */
-#  define des_cblock _ossl_old_des_cblock
-#  define des_key_schedule _ossl_old_des_key_schedule
-#  define des_ecb3_encrypt(i,o,k1,k2,k3,e)\
-        _ossl_old_des_ecb3_encrypt((i),(o),(k1),(k2),(k3),(e))
-#  define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\
-        _ossl_old_des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(e))
-#  define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\
-        _ossl_old_des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n),(e))
-#  define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\
-        _ossl_old_des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n))
-#  define des_options()\
-        _ossl_old_des_options()
-#  define des_cbc_cksum(i,o,l,k,iv)\
-        _ossl_old_des_cbc_cksum((i),(o),(l),(k),(iv))
-#  define des_cbc_encrypt(i,o,l,k,iv,e)\
-        _ossl_old_des_cbc_encrypt((i),(o),(l),(k),(iv),(e))
-#  define des_ncbc_encrypt(i,o,l,k,iv,e)\
-        _ossl_old_des_ncbc_encrypt((i),(o),(l),(k),(iv),(e))
-#  define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\
-        _ossl_old_des_xcbc_encrypt((i),(o),(l),(k),(iv),(inw),(outw),(e))
-#  define des_cfb_encrypt(i,o,n,l,k,iv,e)\
-        _ossl_old_des_cfb_encrypt((i),(o),(n),(l),(k),(iv),(e))
-#  define des_ecb_encrypt(i,o,k,e)\
-        _ossl_old_des_ecb_encrypt((i),(o),(k),(e))
-#  define des_encrypt(d,k,e)\
-        _ossl_old_des_encrypt((d),(k),(e))
-#  define des_encrypt2(d,k,e)\
-        _ossl_old_des_encrypt2((d),(k),(e))
-#  define des_encrypt3(d,k1,k2,k3)\
-        _ossl_old_des_encrypt3((d),(k1),(k2),(k3))
-#  define des_decrypt3(d,k1,k2,k3)\
-        _ossl_old_des_decrypt3((d),(k1),(k2),(k3))
-#  define des_xwhite_in2out(k,i,o)\
-        _ossl_old_des_xwhite_in2out((k),(i),(o))
-#  define des_enc_read(f,b,l,k,iv)\
-        _ossl_old_des_enc_read((f),(b),(l),(k),(iv))
-#  define des_enc_write(f,b,l,k,iv)\
-        _ossl_old_des_enc_write((f),(b),(l),(k),(iv))
-#  define des_fcrypt(b,s,r)\
-        _ossl_old_des_fcrypt((b),(s),(r))
-#  define des_crypt(b,s)\
-        _ossl_old_des_crypt((b),(s))
-#  if 0
-#   define crypt(b,s)\
-        _ossl_old_crypt((b),(s))
-#  endif
-#  define des_ofb_encrypt(i,o,n,l,k,iv)\
-        _ossl_old_des_ofb_encrypt((i),(o),(n),(l),(k),(iv))
-#  define des_pcbc_encrypt(i,o,l,k,iv,e)\
-        _ossl_old_des_pcbc_encrypt((i),(o),(l),(k),(iv),(e))
-#  define des_quad_cksum(i,o,l,c,s)\
-        _ossl_old_des_quad_cksum((i),(o),(l),(c),(s))
-#  define des_random_seed(k)\
-        _ossl_old_des_random_seed((k))
-#  define des_random_key(r)\
-        _ossl_old_des_random_key((r))
-#  define des_read_password(k,p,v) \
-        _ossl_old_des_read_password((k),(p),(v))
-#  define des_read_2passwords(k1,k2,p,v) \
-        _ossl_old_des_read_2passwords((k1),(k2),(p),(v))
-#  define des_set_odd_parity(k)\
-        _ossl_old_des_set_odd_parity((k))
-#  define des_is_weak_key(k)\
-        _ossl_old_des_is_weak_key((k))
-#  define des_set_key(k,ks)\
-        _ossl_old_des_set_key((k),(ks))
-#  define des_key_sched(k,ks)\
-        _ossl_old_des_key_sched((k),(ks))
-#  define des_string_to_key(s,k)\
-        _ossl_old_des_string_to_key((s),(k))
-#  define des_string_to_2keys(s,k1,k2)\
-        _ossl_old_des_string_to_2keys((s),(k1),(k2))
-#  define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\
-        _ossl_old_des_cfb64_encrypt((i),(o),(l),(ks),(iv),(n),(e))
-#  define des_ofb64_encrypt(i,o,l,ks,iv,n)\
-        _ossl_old_des_ofb64_encrypt((i),(o),(l),(ks),(iv),(n))
-
-#  define des_ecb2_encrypt(i,o,k1,k2,e) \
-        des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
-
-#  define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
-        des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
-
-#  define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
-        des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
-
-#  define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
-        des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
-
-#  define des_check_key DES_check_key
-#  define des_rw_mode DES_rw_mode
-# endif
-
-const char *_ossl_old_des_options(void);
-void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,
-                                _ossl_old_des_cblock *output,
-                                _ossl_old_des_key_schedule ks1,
-                                _ossl_old_des_key_schedule ks2,
-                                _ossl_old_des_key_schedule ks3, int enc);
-DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,
-                                 _ossl_old_des_cblock *output, long length,
-                                 _ossl_old_des_key_schedule schedule,
-                                 _ossl_old_des_cblock *ivec);
-void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,
-                               _ossl_old_des_cblock *output, long length,
-                               _ossl_old_des_key_schedule schedule,
-                               _ossl_old_des_cblock *ivec, int enc);
-void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,
-                                _ossl_old_des_cblock *output, long length,
-                                _ossl_old_des_key_schedule schedule,
-                                _ossl_old_des_cblock *ivec, int enc);
-void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,
-                                _ossl_old_des_cblock *output, long length,
-                                _ossl_old_des_key_schedule schedule,
-                                _ossl_old_des_cblock *ivec,
-                                _ossl_old_des_cblock *inw,
-                                _ossl_old_des_cblock *outw, int enc);
-void _ossl_old_des_cfb_encrypt(unsigned char *in, unsigned char *out,
-                               int numbits, long length,
-                               _ossl_old_des_key_schedule schedule,
-                               _ossl_old_des_cblock *ivec, int enc);
-void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,
-                               _ossl_old_des_cblock *output,
-                               _ossl_old_des_key_schedule ks, int enc);
-void _ossl_old_des_encrypt(DES_LONG *data, _ossl_old_des_key_schedule ks,
-                           int enc);
-void _ossl_old_des_encrypt2(DES_LONG *data, _ossl_old_des_key_schedule ks,
-                            int enc);
-void _ossl_old_des_encrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1,
-                            _ossl_old_des_key_schedule ks2,
-                            _ossl_old_des_key_schedule ks3);
-void _ossl_old_des_decrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1,
-                            _ossl_old_des_key_schedule ks2,
-                            _ossl_old_des_key_schedule ks3);
-void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input,
-                                    _ossl_old_des_cblock *output, long length,
-                                    _ossl_old_des_key_schedule ks1,
-                                    _ossl_old_des_key_schedule ks2,
-                                    _ossl_old_des_key_schedule ks3,
-                                    _ossl_old_des_cblock *ivec, int enc);
-void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
-                                      long length,
-                                      _ossl_old_des_key_schedule ks1,
-                                      _ossl_old_des_key_schedule ks2,
-                                      _ossl_old_des_key_schedule ks3,
-                                      _ossl_old_des_cblock *ivec, int *num,
-                                      int enc);
-void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
-                                      long length,
-                                      _ossl_old_des_key_schedule ks1,
-                                      _ossl_old_des_key_schedule ks2,
-                                      _ossl_old_des_key_schedule ks3,
-                                      _ossl_old_des_cblock *ivec, int *num);
-# if 0
-void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key),
-                                 _ossl_old_des_cblock (*in_white),
-                                 _ossl_old_des_cblock (*out_white));
-# endif
-
-int _ossl_old_des_enc_read(int fd, char *buf, int len,
-                           _ossl_old_des_key_schedule sched,
-                           _ossl_old_des_cblock *iv);
-int _ossl_old_des_enc_write(int fd, char *buf, int len,
-                            _ossl_old_des_key_schedule sched,
-                            _ossl_old_des_cblock *iv);
-char *_ossl_old_des_fcrypt(const char *buf, const char *salt, char *ret);
-char *_ossl_old_des_crypt(const char *buf, const char *salt);
-# if !defined(PERL5) && !defined(NeXT)
-char *_ossl_old_crypt(const char *buf, const char *salt);
-# endif
-void _ossl_old_des_ofb_encrypt(unsigned char *in, unsigned char *out,
-                               int numbits, long length,
-                               _ossl_old_des_key_schedule schedule,
-                               _ossl_old_des_cblock *ivec);
-void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,
-                                _ossl_old_des_cblock *output, long length,
-                                _ossl_old_des_key_schedule schedule,
-                                _ossl_old_des_cblock *ivec, int enc);
-DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,
-                                  _ossl_old_des_cblock *output, long length,
-                                  int out_count, _ossl_old_des_cblock *seed);
-void _ossl_old_des_random_seed(_ossl_old_des_cblock key);
-void _ossl_old_des_random_key(_ossl_old_des_cblock ret);
-int _ossl_old_des_read_password(_ossl_old_des_cblock *key, const char *prompt,
-                                int verify);
-int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1,
-                                  _ossl_old_des_cblock *key2,
-                                  const char *prompt, int verify);
-void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key);
-int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key);
-int _ossl_old_des_set_key(_ossl_old_des_cblock *key,
-                          _ossl_old_des_key_schedule schedule);
-int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,
-                            _ossl_old_des_key_schedule schedule);
-void _ossl_old_des_string_to_key(char *str, _ossl_old_des_cblock *key);
-void _ossl_old_des_string_to_2keys(char *str, _ossl_old_des_cblock *key1,
-                                   _ossl_old_des_cblock *key2);
-void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out,
-                                 long length,
-                                 _ossl_old_des_key_schedule schedule,
-                                 _ossl_old_des_cblock *ivec, int *num,
-                                 int enc);
-void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out,
-                                 long length,
-                                 _ossl_old_des_key_schedule schedule,
-                                 _ossl_old_des_cblock *ivec, int *num);
-
-void _ossl_096_des_random_seed(des_cblock *key);
-
-/*
- * The following definitions provide compatibility with the MIT Kerberos
- * library. The _ossl_old_des_key_schedule structure is not binary
- * compatible.
- */
-
-# define _KERBEROS_DES_H
-
-# define KRBDES_ENCRYPT DES_ENCRYPT
-# define KRBDES_DECRYPT DES_DECRYPT
-
-# ifdef KERBEROS
-#  define ENCRYPT DES_ENCRYPT
-#  define DECRYPT DES_DECRYPT
-# endif
-
-# ifndef NCOMPAT
-#  define C_Block des_cblock
-#  define Key_schedule des_key_schedule
-#  define KEY_SZ DES_KEY_SZ
-#  define string_to_key des_string_to_key
-#  define read_pw_string des_read_pw_string
-#  define random_key des_random_key
-#  define pcbc_encrypt des_pcbc_encrypt
-#  define set_key des_set_key
-#  define key_sched des_key_sched
-#  define ecb_encrypt des_ecb_encrypt
-#  define cbc_encrypt des_cbc_encrypt
-#  define ncbc_encrypt des_ncbc_encrypt
-#  define xcbc_encrypt des_xcbc_encrypt
-#  define cbc_cksum des_cbc_cksum
-#  define quad_cksum des_quad_cksum
-#  define check_parity des_check_key_parity
-# endif
-
-# define des_fixup_key_parity DES_fixup_key_parity
-
-#ifdef  __cplusplus
-}
-#endif
-
-/* for DES_read_pw_string et al */
-# include <openssl/ui_compat.h>
-
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/des/des_old.h (from rev 11605, vendor-crypto/openssl/dist/crypto/des/des_old.h)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/des/des_old.h	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/des/des_old.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,497 @@
+/* crypto/des/des_old.h */
+
+/*-
+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ *
+ * The function names in here are deprecated and are only present to
+ * provide an interface compatible with openssl 0.9.6 and older as
+ * well as libdes.  OpenSSL now provides functions where "des_" has
+ * been replaced with "DES_" in the names, to make it possible to
+ * make incompatible changes that are needed for C type security and
+ * other stuff.
+ *
+ * This include files has two compatibility modes:
+ *
+ *   - If OPENSSL_DES_LIBDES_COMPATIBILITY is defined, you get an API
+ *     that is compatible with libdes and SSLeay.
+ *   - If OPENSSL_DES_LIBDES_COMPATIBILITY isn't defined, you get an
+ *     API that is compatible with OpenSSL 0.9.5x to 0.9.6x.
+ *
+ * Note that these modes break earlier snapshots of OpenSSL, where
+ * libdes compatibility was the only available mode or (later on) the
+ * prefered compatibility mode.  However, after much consideration
+ * (and more or less violent discussions with external parties), it
+ * was concluded that OpenSSL should be compatible with earlier versions
+ * of itself before anything else.  Also, in all honesty, libdes is
+ * an old beast that shouldn't really be used any more.
+ *
+ * Please consider starting to use the DES_ functions rather than the
+ * des_ ones.  The des_ functions will disappear completely before
+ * OpenSSL 1.0!
+ *
+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ */
+
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_DES_H
+# define HEADER_DES_H
+
+# include <openssl/e_os2.h>     /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG */
+
+# ifdef OPENSSL_NO_DES
+#  error DES is disabled.
+# endif
+
+# ifndef HEADER_NEW_DES_H
+#  error You must include des.h, not des_old.h directly.
+# endif
+
+# ifdef _KERBEROS_DES_H
+#  error <openssl/des_old.h> replaces <kerberos/des.h>.
+# endif
+
+# include <openssl/symhacks.h>
+
+# ifdef OPENSSL_BUILD_SHLIBCRYPTO
+#  undef OPENSSL_EXTERN
+#  define OPENSSL_EXTERN OPENSSL_EXPORT
+# endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# ifdef _
+#  undef _
+# endif
+
+typedef unsigned char _ossl_old_des_cblock[8];
+typedef struct _ossl_old_des_ks_struct {
+    union {
+        _ossl_old_des_cblock _;
+        /*
+         * make sure things are correct size on machines with 8 byte longs
+         */
+        DES_LONG pad[2];
+    } ks;
+} _ossl_old_des_key_schedule[16];
+
+# ifndef OPENSSL_DES_LIBDES_COMPATIBILITY
+#  define des_cblock DES_cblock
+#  define const_des_cblock const_DES_cblock
+#  define des_key_schedule DES_key_schedule
+#  define des_ecb3_encrypt(i,o,k1,k2,k3,e)\
+        DES_ecb3_encrypt((i),(o),&(k1),&(k2),&(k3),(e))
+#  define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\
+        DES_ede3_cbc_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(e))
+#  define des_ede3_cbcm_encrypt(i,o,l,k1,k2,k3,iv1,iv2,e)\
+        DES_ede3_cbcm_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv1),(iv2),(e))
+#  define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\
+        DES_ede3_cfb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n),(e))
+#  define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\
+        DES_ede3_ofb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n))
+#  define des_options()\
+        DES_options()
+#  define des_cbc_cksum(i,o,l,k,iv)\
+        DES_cbc_cksum((i),(o),(l),&(k),(iv))
+#  define des_cbc_encrypt(i,o,l,k,iv,e)\
+        DES_cbc_encrypt((i),(o),(l),&(k),(iv),(e))
+#  define des_ncbc_encrypt(i,o,l,k,iv,e)\
+        DES_ncbc_encrypt((i),(o),(l),&(k),(iv),(e))
+#  define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\
+        DES_xcbc_encrypt((i),(o),(l),&(k),(iv),(inw),(outw),(e))
+#  define des_cfb_encrypt(i,o,n,l,k,iv,e)\
+        DES_cfb_encrypt((i),(o),(n),(l),&(k),(iv),(e))
+#  define des_ecb_encrypt(i,o,k,e)\
+        DES_ecb_encrypt((i),(o),&(k),(e))
+#  define des_encrypt1(d,k,e)\
+        DES_encrypt1((d),&(k),(e))
+#  define des_encrypt2(d,k,e)\
+        DES_encrypt2((d),&(k),(e))
+#  define des_encrypt3(d,k1,k2,k3)\
+        DES_encrypt3((d),&(k1),&(k2),&(k3))
+#  define des_decrypt3(d,k1,k2,k3)\
+        DES_decrypt3((d),&(k1),&(k2),&(k3))
+#  define des_xwhite_in2out(k,i,o)\
+        DES_xwhite_in2out((k),(i),(o))
+#  define des_enc_read(f,b,l,k,iv)\
+        DES_enc_read((f),(b),(l),&(k),(iv))
+#  define des_enc_write(f,b,l,k,iv)\
+        DES_enc_write((f),(b),(l),&(k),(iv))
+#  define des_fcrypt(b,s,r)\
+        DES_fcrypt((b),(s),(r))
+#  if 0
+#   define des_crypt(b,s)\
+        DES_crypt((b),(s))
+#   if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(__OpenBSD__)
+#    define crypt(b,s)\
+        DES_crypt((b),(s))
+#   endif
+#  endif
+#  define des_ofb_encrypt(i,o,n,l,k,iv)\
+        DES_ofb_encrypt((i),(o),(n),(l),&(k),(iv))
+#  define des_pcbc_encrypt(i,o,l,k,iv,e)\
+        DES_pcbc_encrypt((i),(o),(l),&(k),(iv),(e))
+#  define des_quad_cksum(i,o,l,c,s)\
+        DES_quad_cksum((i),(o),(l),(c),(s))
+#  define des_random_seed(k)\
+        _ossl_096_des_random_seed((k))
+#  define des_random_key(r)\
+        DES_random_key((r))
+#  define des_read_password(k,p,v) \
+        DES_read_password((k),(p),(v))
+#  define des_read_2passwords(k1,k2,p,v) \
+        DES_read_2passwords((k1),(k2),(p),(v))
+#  define des_set_odd_parity(k)\
+        DES_set_odd_parity((k))
+#  define des_check_key_parity(k)\
+        DES_check_key_parity((k))
+#  define des_is_weak_key(k)\
+        DES_is_weak_key((k))
+#  define des_set_key(k,ks)\
+        DES_set_key((k),&(ks))
+#  define des_key_sched(k,ks)\
+        DES_key_sched((k),&(ks))
+#  define des_set_key_checked(k,ks)\
+        DES_set_key_checked((k),&(ks))
+#  define des_set_key_unchecked(k,ks)\
+        DES_set_key_unchecked((k),&(ks))
+#  define des_string_to_key(s,k)\
+        DES_string_to_key((s),(k))
+#  define des_string_to_2keys(s,k1,k2)\
+        DES_string_to_2keys((s),(k1),(k2))
+#  define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\
+        DES_cfb64_encrypt((i),(o),(l),&(ks),(iv),(n),(e))
+#  define des_ofb64_encrypt(i,o,l,ks,iv,n)\
+        DES_ofb64_encrypt((i),(o),(l),&(ks),(iv),(n))
+
+#  define des_ecb2_encrypt(i,o,k1,k2,e) \
+        des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
+
+#  define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
+        des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
+
+#  define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
+        des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
+
+#  define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
+        des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
+
+#  define des_check_key DES_check_key
+#  define des_rw_mode DES_rw_mode
+# else                          /* libdes compatibility */
+/*
+ * Map all symbol names to _ossl_old_des_* form, so we avoid all clashes with
+ * libdes
+ */
+#  define des_cblock _ossl_old_des_cblock
+#  define des_key_schedule _ossl_old_des_key_schedule
+#  define des_ecb3_encrypt(i,o,k1,k2,k3,e)\
+        _ossl_old_des_ecb3_encrypt((i),(o),(k1),(k2),(k3),(e))
+#  define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\
+        _ossl_old_des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(e))
+#  define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\
+        _ossl_old_des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n),(e))
+#  define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\
+        _ossl_old_des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n))
+#  define des_options()\
+        _ossl_old_des_options()
+#  define des_cbc_cksum(i,o,l,k,iv)\
+        _ossl_old_des_cbc_cksum((i),(o),(l),(k),(iv))
+#  define des_cbc_encrypt(i,o,l,k,iv,e)\
+        _ossl_old_des_cbc_encrypt((i),(o),(l),(k),(iv),(e))
+#  define des_ncbc_encrypt(i,o,l,k,iv,e)\
+        _ossl_old_des_ncbc_encrypt((i),(o),(l),(k),(iv),(e))
+#  define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\
+        _ossl_old_des_xcbc_encrypt((i),(o),(l),(k),(iv),(inw),(outw),(e))
+#  define des_cfb_encrypt(i,o,n,l,k,iv,e)\
+        _ossl_old_des_cfb_encrypt((i),(o),(n),(l),(k),(iv),(e))
+#  define des_ecb_encrypt(i,o,k,e)\
+        _ossl_old_des_ecb_encrypt((i),(o),(k),(e))
+#  define des_encrypt(d,k,e)\
+        _ossl_old_des_encrypt((d),(k),(e))
+#  define des_encrypt2(d,k,e)\
+        _ossl_old_des_encrypt2((d),(k),(e))
+#  define des_encrypt3(d,k1,k2,k3)\
+        _ossl_old_des_encrypt3((d),(k1),(k2),(k3))
+#  define des_decrypt3(d,k1,k2,k3)\
+        _ossl_old_des_decrypt3((d),(k1),(k2),(k3))
+#  define des_xwhite_in2out(k,i,o)\
+        _ossl_old_des_xwhite_in2out((k),(i),(o))
+#  define des_enc_read(f,b,l,k,iv)\
+        _ossl_old_des_enc_read((f),(b),(l),(k),(iv))
+#  define des_enc_write(f,b,l,k,iv)\
+        _ossl_old_des_enc_write((f),(b),(l),(k),(iv))
+#  define des_fcrypt(b,s,r)\
+        _ossl_old_des_fcrypt((b),(s),(r))
+#  define des_crypt(b,s)\
+        _ossl_old_des_crypt((b),(s))
+#  if 0
+#   define crypt(b,s)\
+        _ossl_old_crypt((b),(s))
+#  endif
+#  define des_ofb_encrypt(i,o,n,l,k,iv)\
+        _ossl_old_des_ofb_encrypt((i),(o),(n),(l),(k),(iv))
+#  define des_pcbc_encrypt(i,o,l,k,iv,e)\
+        _ossl_old_des_pcbc_encrypt((i),(o),(l),(k),(iv),(e))
+#  define des_quad_cksum(i,o,l,c,s)\
+        _ossl_old_des_quad_cksum((i),(o),(l),(c),(s))
+#  define des_random_seed(k)\
+        _ossl_old_des_random_seed((k))
+#  define des_random_key(r)\
+        _ossl_old_des_random_key((r))
+#  define des_read_password(k,p,v) \
+        _ossl_old_des_read_password((k),(p),(v))
+#  define des_read_2passwords(k1,k2,p,v) \
+        _ossl_old_des_read_2passwords((k1),(k2),(p),(v))
+#  define des_set_odd_parity(k)\
+        _ossl_old_des_set_odd_parity((k))
+#  define des_is_weak_key(k)\
+        _ossl_old_des_is_weak_key((k))
+#  define des_set_key(k,ks)\
+        _ossl_old_des_set_key((k),(ks))
+#  define des_key_sched(k,ks)\
+        _ossl_old_des_key_sched((k),(ks))
+#  define des_string_to_key(s,k)\
+        _ossl_old_des_string_to_key((s),(k))
+#  define des_string_to_2keys(s,k1,k2)\
+        _ossl_old_des_string_to_2keys((s),(k1),(k2))
+#  define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\
+        _ossl_old_des_cfb64_encrypt((i),(o),(l),(ks),(iv),(n),(e))
+#  define des_ofb64_encrypt(i,o,l,ks,iv,n)\
+        _ossl_old_des_ofb64_encrypt((i),(o),(l),(ks),(iv),(n))
+
+#  define des_ecb2_encrypt(i,o,k1,k2,e) \
+        des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
+
+#  define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
+        des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
+
+#  define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
+        des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
+
+#  define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
+        des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
+
+#  define des_check_key DES_check_key
+#  define des_rw_mode DES_rw_mode
+# endif
+
+const char *_ossl_old_des_options(void);
+void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,
+                                _ossl_old_des_cblock *output,
+                                _ossl_old_des_key_schedule ks1,
+                                _ossl_old_des_key_schedule ks2,
+                                _ossl_old_des_key_schedule ks3, int enc);
+DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,
+                                 _ossl_old_des_cblock *output, long length,
+                                 _ossl_old_des_key_schedule schedule,
+                                 _ossl_old_des_cblock *ivec);
+void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,
+                               _ossl_old_des_cblock *output, long length,
+                               _ossl_old_des_key_schedule schedule,
+                               _ossl_old_des_cblock *ivec, int enc);
+void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,
+                                _ossl_old_des_cblock *output, long length,
+                                _ossl_old_des_key_schedule schedule,
+                                _ossl_old_des_cblock *ivec, int enc);
+void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,
+                                _ossl_old_des_cblock *output, long length,
+                                _ossl_old_des_key_schedule schedule,
+                                _ossl_old_des_cblock *ivec,
+                                _ossl_old_des_cblock *inw,
+                                _ossl_old_des_cblock *outw, int enc);
+void _ossl_old_des_cfb_encrypt(unsigned char *in, unsigned char *out,
+                               int numbits, long length,
+                               _ossl_old_des_key_schedule schedule,
+                               _ossl_old_des_cblock *ivec, int enc);
+void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,
+                               _ossl_old_des_cblock *output,
+                               _ossl_old_des_key_schedule ks, int enc);
+void _ossl_old_des_encrypt(DES_LONG *data, _ossl_old_des_key_schedule ks,
+                           int enc);
+void _ossl_old_des_encrypt2(DES_LONG *data, _ossl_old_des_key_schedule ks,
+                            int enc);
+void _ossl_old_des_encrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1,
+                            _ossl_old_des_key_schedule ks2,
+                            _ossl_old_des_key_schedule ks3);
+void _ossl_old_des_decrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1,
+                            _ossl_old_des_key_schedule ks2,
+                            _ossl_old_des_key_schedule ks3);
+void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input,
+                                    _ossl_old_des_cblock *output, long length,
+                                    _ossl_old_des_key_schedule ks1,
+                                    _ossl_old_des_key_schedule ks2,
+                                    _ossl_old_des_key_schedule ks3,
+                                    _ossl_old_des_cblock *ivec, int enc);
+void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
+                                      long length,
+                                      _ossl_old_des_key_schedule ks1,
+                                      _ossl_old_des_key_schedule ks2,
+                                      _ossl_old_des_key_schedule ks3,
+                                      _ossl_old_des_cblock *ivec, int *num,
+                                      int enc);
+void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
+                                      long length,
+                                      _ossl_old_des_key_schedule ks1,
+                                      _ossl_old_des_key_schedule ks2,
+                                      _ossl_old_des_key_schedule ks3,
+                                      _ossl_old_des_cblock *ivec, int *num);
+# if 0
+void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key),
+                                 _ossl_old_des_cblock (*in_white),
+                                 _ossl_old_des_cblock (*out_white));
+# endif
+
+int _ossl_old_des_enc_read(int fd, char *buf, int len,
+                           _ossl_old_des_key_schedule sched,
+                           _ossl_old_des_cblock *iv);
+int _ossl_old_des_enc_write(int fd, char *buf, int len,
+                            _ossl_old_des_key_schedule sched,
+                            _ossl_old_des_cblock *iv);
+char *_ossl_old_des_fcrypt(const char *buf, const char *salt, char *ret);
+char *_ossl_old_des_crypt(const char *buf, const char *salt);
+# if !defined(PERL5) && !defined(NeXT)
+char *_ossl_old_crypt(const char *buf, const char *salt);
+# endif
+void _ossl_old_des_ofb_encrypt(unsigned char *in, unsigned char *out,
+                               int numbits, long length,
+                               _ossl_old_des_key_schedule schedule,
+                               _ossl_old_des_cblock *ivec);
+void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,
+                                _ossl_old_des_cblock *output, long length,
+                                _ossl_old_des_key_schedule schedule,
+                                _ossl_old_des_cblock *ivec, int enc);
+DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,
+                                  _ossl_old_des_cblock *output, long length,
+                                  int out_count, _ossl_old_des_cblock *seed);
+void _ossl_old_des_random_seed(_ossl_old_des_cblock key);
+void _ossl_old_des_random_key(_ossl_old_des_cblock ret);
+int _ossl_old_des_read_password(_ossl_old_des_cblock *key, const char *prompt,
+                                int verify);
+int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1,
+                                  _ossl_old_des_cblock *key2,
+                                  const char *prompt, int verify);
+void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key);
+int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key);
+int _ossl_old_des_set_key(_ossl_old_des_cblock *key,
+                          _ossl_old_des_key_schedule schedule);
+int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,
+                            _ossl_old_des_key_schedule schedule);
+void _ossl_old_des_string_to_key(char *str, _ossl_old_des_cblock *key);
+void _ossl_old_des_string_to_2keys(char *str, _ossl_old_des_cblock *key1,
+                                   _ossl_old_des_cblock *key2);
+void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out,
+                                 long length,
+                                 _ossl_old_des_key_schedule schedule,
+                                 _ossl_old_des_cblock *ivec, int *num,
+                                 int enc);
+void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out,
+                                 long length,
+                                 _ossl_old_des_key_schedule schedule,
+                                 _ossl_old_des_cblock *ivec, int *num);
+
+void _ossl_096_des_random_seed(des_cblock *key);
+
+/*
+ * The following definitions provide compatibility with the MIT Kerberos
+ * library. The _ossl_old_des_key_schedule structure is not binary
+ * compatible.
+ */
+
+# define _KERBEROS_DES_H
+
+# define KRBDES_ENCRYPT DES_ENCRYPT
+# define KRBDES_DECRYPT DES_DECRYPT
+
+# ifdef KERBEROS
+#  define ENCRYPT DES_ENCRYPT
+#  define DECRYPT DES_DECRYPT
+# endif
+
+# ifndef NCOMPAT
+#  define C_Block des_cblock
+#  define Key_schedule des_key_schedule
+#  define KEY_SZ DES_KEY_SZ
+#  define string_to_key des_string_to_key
+#  define read_pw_string des_read_pw_string
+#  define random_key des_random_key
+#  define pcbc_encrypt des_pcbc_encrypt
+#  define set_key des_set_key
+#  define key_sched des_key_sched
+#  define ecb_encrypt des_ecb_encrypt
+#  define cbc_encrypt des_cbc_encrypt
+#  define ncbc_encrypt des_ncbc_encrypt
+#  define xcbc_encrypt des_xcbc_encrypt
+#  define cbc_cksum des_cbc_cksum
+#  define quad_cksum des_quad_cksum
+#  define check_parity des_check_key_parity
+# endif
+
+# define des_fixup_key_parity DES_fixup_key_parity
+
+#ifdef  __cplusplus
+}
+#endif
+
+/* for DES_read_pw_string et al */
+# include <openssl/ui_compat.h>
+
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/des/des_old2.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/des_old2.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/des/des_old2.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,80 +0,0 @@
-/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */
-
-/*
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING The
- * function names in here are deprecated and are only present to provide an
- * interface compatible with OpenSSL 0.9.6c.  OpenSSL now provides functions
- * where "des_" has been replaced with "DES_" in the names, to make it
- * possible to make incompatible changes that are needed for C type security
- * and other stuff. Please consider starting to use the DES_ functions
- * rather than the des_ ones.  The des_ functions will dissapear completely
- * before OpenSSL 1.0! WARNING WARNING WARNING WARNING WARNING WARNING
- * WARNING WARNING
- */
-
-/*
- * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
- * 2001.
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#undef OPENSSL_DES_LIBDES_COMPATIBILITY
-#include <openssl/des.h>
-#include <openssl/rand.h>
-
-void _ossl_096_des_random_seed(DES_cblock *key)
-{
-    RAND_seed(key, sizeof(DES_cblock));
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/des/des_old2.c (from rev 11605, vendor-crypto/openssl/dist/crypto/des/des_old2.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/des/des_old2.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/des/des_old2.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,80 @@
+/* crypto/des/des_old.c */
+
+/*
+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING The
+ * function names in here are deprecated and are only present to provide an
+ * interface compatible with OpenSSL 0.9.6c.  OpenSSL now provides functions
+ * where "des_" has been replaced with "DES_" in the names, to make it
+ * possible to make incompatible changes that are needed for C type security
+ * and other stuff. Please consider starting to use the DES_ functions
+ * rather than the des_ ones.  The des_ functions will dissapear completely
+ * before OpenSSL 1.0! WARNING WARNING WARNING WARNING WARNING WARNING
+ * WARNING WARNING
+ */
+
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#undef OPENSSL_DES_LIBDES_COMPATIBILITY
+#include <openssl/des.h>
+#include <openssl/rand.h>
+
+void _ossl_096_des_random_seed(DES_cblock *key)
+{
+    RAND_seed(key, sizeof(DES_cblock));
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/des/enc_writ.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/enc_writ.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/des/enc_writ.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,182 +0,0 @@
-/* crypto/des/enc_writ.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <errno.h>
-#include <time.h>
-#include <stdio.h>
-#include "cryptlib.h"
-#include "des_locl.h"
-#include <openssl/rand.h>
-
-/*-
- * WARNINGS:
- *
- *  -  The data format used by DES_enc_write() and DES_enc_read()
- *     has a cryptographic weakness: When asked to write more
- *     than MAXWRITE bytes, DES_enc_write will split the data
- *     into several chunks that are all encrypted
- *     using the same IV.  So don't use these functions unless you
- *     are sure you know what you do (in which case you might
- *     not want to use them anyway).
- *
- *  -  This code cannot handle non-blocking sockets.
- */
-
-int DES_enc_write(int fd, const void *_buf, int len,
-                  DES_key_schedule *sched, DES_cblock *iv)
-{
-#if defined(OPENSSL_NO_POSIX_IO)
-    return (-1);
-#else
-# ifdef _LIBC
-    extern unsigned long time();
-    extern int write();
-# endif
-    const unsigned char *buf = _buf;
-    long rnum;
-    int i, j, k, outnum;
-    static unsigned char *outbuf = NULL;
-    unsigned char shortbuf[8];
-    unsigned char *p;
-    const unsigned char *cp;
-    static int start = 1;
-
-    if (len < 0)
-        return -1;
-
-    if (outbuf == NULL) {
-        outbuf = OPENSSL_malloc(BSIZE + HDRSIZE);
-        if (outbuf == NULL)
-            return (-1);
-    }
-    /*
-     * If we are sending less than 8 bytes, the same char will look the same
-     * if we don't pad it out with random bytes
-     */
-    if (start) {
-        start = 0;
-    }
-
-    /* lets recurse if we want to send the data in small chunks */
-    if (len > MAXWRITE) {
-        j = 0;
-        for (i = 0; i < len; i += k) {
-            k = DES_enc_write(fd, &(buf[i]),
-                              ((len - i) > MAXWRITE) ? MAXWRITE : (len - i),
-                              sched, iv);
-            if (k < 0)
-                return (k);
-            else
-                j += k;
-        }
-        return (j);
-    }
-
-    /* write length first */
-    p = outbuf;
-    l2n(len, p);
-
-    /* pad short strings */
-    if (len < 8) {
-        cp = shortbuf;
-        memcpy(shortbuf, buf, len);
-        if (RAND_pseudo_bytes(shortbuf + len, 8 - len) < 0) {
-            return -1;
-        }
-        rnum = 8;
-    } else {
-        cp = buf;
-        rnum = ((len + 7) / 8 * 8); /* round up to nearest eight */
-    }
-
-    if (DES_rw_mode & DES_PCBC_MODE)
-        DES_pcbc_encrypt(cp, &(outbuf[HDRSIZE]), (len < 8) ? 8 : len, sched,
-                         iv, DES_ENCRYPT);
-    else
-        DES_cbc_encrypt(cp, &(outbuf[HDRSIZE]), (len < 8) ? 8 : len, sched,
-                        iv, DES_ENCRYPT);
-
-    /* output */
-    outnum = rnum + HDRSIZE;
-
-    for (j = 0; j < outnum; j += i) {
-        /*
-         * eay 26/08/92 I was not doing writing from where we got up to.
-         */
-# ifndef _WIN32
-        i = write(fd, (void *)&(outbuf[j]), outnum - j);
-# else
-        i = _write(fd, (void *)&(outbuf[j]), outnum - j);
-# endif
-        if (i == -1) {
-# ifdef EINTR
-            if (errno == EINTR)
-                i = 0;
-            else
-# endif
-                /*
-                 * This is really a bad error - very bad It will stuff-up
-                 * both ends.
-                 */
-                return (-1);
-        }
-    }
-
-    return (len);
-#endif                          /* OPENSSL_NO_POSIX_IO */
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/des/enc_writ.c (from rev 11605, vendor-crypto/openssl/dist/crypto/des/enc_writ.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/des/enc_writ.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/des/enc_writ.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,182 @@
+/* crypto/des/enc_writ.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <errno.h>
+#include <time.h>
+#include <stdio.h>
+#include "cryptlib.h"
+#include "des_locl.h"
+#include <openssl/rand.h>
+
+/*-
+ * WARNINGS:
+ *
+ *  -  The data format used by DES_enc_write() and DES_enc_read()
+ *     has a cryptographic weakness: When asked to write more
+ *     than MAXWRITE bytes, DES_enc_write will split the data
+ *     into several chunks that are all encrypted
+ *     using the same IV.  So don't use these functions unless you
+ *     are sure you know what you do (in which case you might
+ *     not want to use them anyway).
+ *
+ *  -  This code cannot handle non-blocking sockets.
+ */
+
+int DES_enc_write(int fd, const void *_buf, int len,
+                  DES_key_schedule *sched, DES_cblock *iv)
+{
+#if defined(OPENSSL_NO_POSIX_IO)
+    return (-1);
+#else
+# ifdef _LIBC
+    extern unsigned long time();
+    extern int write();
+# endif
+    const unsigned char *buf = _buf;
+    long rnum;
+    int i, j, k, outnum;
+    static unsigned char *outbuf = NULL;
+    unsigned char shortbuf[8];
+    unsigned char *p;
+    const unsigned char *cp;
+    static int start = 1;
+
+    if (len < 0)
+        return -1;
+
+    if (outbuf == NULL) {
+        outbuf = OPENSSL_malloc(BSIZE + HDRSIZE);
+        if (outbuf == NULL)
+            return (-1);
+    }
+    /*
+     * If we are sending less than 8 bytes, the same char will look the same
+     * if we don't pad it out with random bytes
+     */
+    if (start) {
+        start = 0;
+    }
+
+    /* lets recurse if we want to send the data in small chunks */
+    if (len > MAXWRITE) {
+        j = 0;
+        for (i = 0; i < len; i += k) {
+            k = DES_enc_write(fd, &(buf[i]),
+                              ((len - i) > MAXWRITE) ? MAXWRITE : (len - i),
+                              sched, iv);
+            if (k < 0)
+                return (k);
+            else
+                j += k;
+        }
+        return (j);
+    }
+
+    /* write length first */
+    p = outbuf;
+    l2n(len, p);
+
+    /* pad short strings */
+    if (len < 8) {
+        cp = shortbuf;
+        memcpy(shortbuf, buf, len);
+        if (RAND_bytes(shortbuf + len, 8 - len) <= 0) {
+            return -1;
+        }
+        rnum = 8;
+    } else {
+        cp = buf;
+        rnum = ((len + 7) / 8 * 8); /* round up to nearest eight */
+    }
+
+    if (DES_rw_mode & DES_PCBC_MODE)
+        DES_pcbc_encrypt(cp, &(outbuf[HDRSIZE]), (len < 8) ? 8 : len, sched,
+                         iv, DES_ENCRYPT);
+    else
+        DES_cbc_encrypt(cp, &(outbuf[HDRSIZE]), (len < 8) ? 8 : len, sched,
+                        iv, DES_ENCRYPT);
+
+    /* output */
+    outnum = rnum + HDRSIZE;
+
+    for (j = 0; j < outnum; j += i) {
+        /*
+         * eay 26/08/92 I was not doing writing from where we got up to.
+         */
+# ifndef _WIN32
+        i = write(fd, (void *)&(outbuf[j]), outnum - j);
+# else
+        i = _write(fd, (void *)&(outbuf[j]), outnum - j);
+# endif
+        if (i == -1) {
+# ifdef EINTR
+            if (errno == EINTR)
+                i = 0;
+            else
+# endif
+                /*
+                 * This is really a bad error - very bad It will stuff-up
+                 * both ends.
+                 */
+                return (-1);
+        }
+    }
+
+    return (len);
+#endif                          /* OPENSSL_NO_POSIX_IO */
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/dsa/dsa_ameth.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dsa/dsa_ameth.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/dsa/dsa_ameth.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,674 +0,0 @@
-/*
- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
- * 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-#include <openssl/dsa.h>
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_CMS
-# include <openssl/cms.h>
-#endif
-#include "asn1_locl.h"
-
-static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
-{
-    const unsigned char *p, *pm;
-    int pklen, pmlen;
-    int ptype;
-    void *pval;
-    ASN1_STRING *pstr;
-    X509_ALGOR *palg;
-    ASN1_INTEGER *public_key = NULL;
-
-    DSA *dsa = NULL;
-
-    if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
-        return 0;
-    X509_ALGOR_get0(NULL, &ptype, &pval, palg);
-
-    if (ptype == V_ASN1_SEQUENCE) {
-        pstr = pval;
-        pm = pstr->data;
-        pmlen = pstr->length;
-
-        if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen))) {
-            DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
-            goto err;
-        }
-
-    } else if ((ptype == V_ASN1_NULL) || (ptype == V_ASN1_UNDEF)) {
-        if (!(dsa = DSA_new())) {
-            DSAerr(DSA_F_DSA_PUB_DECODE, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-    } else {
-        DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_PARAMETER_ENCODING_ERROR);
-        goto err;
-    }
-
-    if (!(public_key = d2i_ASN1_INTEGER(NULL, &p, pklen))) {
-        DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
-        goto err;
-    }
-
-    if (!(dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) {
-        DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_BN_DECODE_ERROR);
-        goto err;
-    }
-
-    ASN1_INTEGER_free(public_key);
-    EVP_PKEY_assign_DSA(pkey, dsa);
-    return 1;
-
- err:
-    if (public_key)
-        ASN1_INTEGER_free(public_key);
-    if (dsa)
-        DSA_free(dsa);
-    return 0;
-
-}
-
-static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
-{
-    DSA *dsa;
-    int ptype;
-    unsigned char *penc = NULL;
-    int penclen;
-    ASN1_STRING *str = NULL;
-
-    dsa = pkey->pkey.dsa;
-    if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) {
-        str = ASN1_STRING_new();
-        if (!str) {
-            DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-        str->length = i2d_DSAparams(dsa, &str->data);
-        if (str->length <= 0) {
-            DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-        ptype = V_ASN1_SEQUENCE;
-    } else
-        ptype = V_ASN1_UNDEF;
-
-    dsa->write_params = 0;
-
-    penclen = i2d_DSAPublicKey(dsa, &penc);
-
-    if (penclen <= 0) {
-        DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA),
-                               ptype, str, penc, penclen))
-        return 1;
-
- err:
-    if (penc)
-        OPENSSL_free(penc);
-    if (str)
-        ASN1_STRING_free(str);
-
-    return 0;
-}
-
-/*
- * In PKCS#8 DSA: you just get a private key integer and parameters in the
- * AlgorithmIdentifier the pubkey must be recalculated.
- */
-
-static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
-{
-    const unsigned char *p, *pm;
-    int pklen, pmlen;
-    int ptype;
-    void *pval;
-    ASN1_STRING *pstr;
-    X509_ALGOR *palg;
-    ASN1_INTEGER *privkey = NULL;
-    BN_CTX *ctx = NULL;
-
-    STACK_OF(ASN1_TYPE) *ndsa = NULL;
-    DSA *dsa = NULL;
-
-    if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
-        return 0;
-    X509_ALGOR_get0(NULL, &ptype, &pval, palg);
-
-    /* Check for broken DSA PKCS#8, UGH! */
-    if (*p == (V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)) {
-        ASN1_TYPE *t1, *t2;
-        if (!(ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen)))
-            goto decerr;
-        if (sk_ASN1_TYPE_num(ndsa) != 2)
-            goto decerr;
-        /*-
-         * Handle Two broken types:
-         * SEQUENCE {parameters, priv_key}
-         * SEQUENCE {pub_key, priv_key}
-         */
-
-        t1 = sk_ASN1_TYPE_value(ndsa, 0);
-        t2 = sk_ASN1_TYPE_value(ndsa, 1);
-        if (t1->type == V_ASN1_SEQUENCE) {
-            p8->broken = PKCS8_EMBEDDED_PARAM;
-            pval = t1->value.ptr;
-        } else if (ptype == V_ASN1_SEQUENCE)
-            p8->broken = PKCS8_NS_DB;
-        else
-            goto decerr;
-
-        if (t2->type != V_ASN1_INTEGER)
-            goto decerr;
-
-        privkey = t2->value.integer;
-    } else {
-        const unsigned char *q = p;
-        if (!(privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)))
-            goto decerr;
-        if (privkey->type == V_ASN1_NEG_INTEGER) {
-            p8->broken = PKCS8_NEG_PRIVKEY;
-            ASN1_STRING_clear_free(privkey);
-            if (!(privkey = d2i_ASN1_UINTEGER(NULL, &q, pklen)))
-                goto decerr;
-        }
-        if (ptype != V_ASN1_SEQUENCE)
-            goto decerr;
-    }
-
-    pstr = pval;
-    pm = pstr->data;
-    pmlen = pstr->length;
-    if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen)))
-        goto decerr;
-    /* We have parameters now set private key */
-    if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
-        DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR);
-        goto dsaerr;
-    }
-    /* Calculate public key */
-    if (!(dsa->pub_key = BN_new())) {
-        DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
-        goto dsaerr;
-    }
-    if (!(ctx = BN_CTX_new())) {
-        DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
-        goto dsaerr;
-    }
-
-    if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
-        DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR);
-        goto dsaerr;
-    }
-
-    EVP_PKEY_assign_DSA(pkey, dsa);
-    BN_CTX_free(ctx);
-    if (ndsa)
-        sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
-    else
-        ASN1_STRING_clear_free(privkey);
-
-    return 1;
-
- decerr:
-    DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR);
- dsaerr:
-    BN_CTX_free(ctx);
-    if (privkey)
-        ASN1_STRING_clear_free(privkey);
-    sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
-    DSA_free(dsa);
-    return 0;
-}
-
-static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
-{
-    ASN1_STRING *params = NULL;
-    ASN1_INTEGER *prkey = NULL;
-    unsigned char *dp = NULL;
-    int dplen;
-
-    if (!pkey->pkey.dsa || !pkey->pkey.dsa->priv_key) {
-        DSAerr(DSA_F_DSA_PRIV_ENCODE, DSA_R_MISSING_PARAMETERS);
-        goto err;
-    }
-
-    params = ASN1_STRING_new();
-
-    if (!params) {
-        DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    params->length = i2d_DSAparams(pkey->pkey.dsa, &params->data);
-    if (params->length <= 0) {
-        DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    params->type = V_ASN1_SEQUENCE;
-
-    /* Get private key into integer */
-    prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL);
-
-    if (!prkey) {
-        DSAerr(DSA_F_DSA_PRIV_ENCODE, DSA_R_BN_ERROR);
-        goto err;
-    }
-
-    dplen = i2d_ASN1_INTEGER(prkey, &dp);
-
-    ASN1_STRING_clear_free(prkey);
-    prkey = NULL;
-
-    if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0,
-                         V_ASN1_SEQUENCE, params, dp, dplen))
-        goto err;
-
-    return 1;
-
- err:
-    if (dp != NULL)
-        OPENSSL_free(dp);
-    if (params != NULL)
-        ASN1_STRING_free(params);
-    if (prkey != NULL)
-        ASN1_STRING_clear_free(prkey);
-    return 0;
-}
-
-static int int_dsa_size(const EVP_PKEY *pkey)
-{
-    return (DSA_size(pkey->pkey.dsa));
-}
-
-static int dsa_bits(const EVP_PKEY *pkey)
-{
-    return BN_num_bits(pkey->pkey.dsa->p);
-}
-
-static int dsa_missing_parameters(const EVP_PKEY *pkey)
-{
-    DSA *dsa;
-    dsa = pkey->pkey.dsa;
-    if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
-        return 1;
-    return 0;
-}
-
-static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
-{
-    BIGNUM *a;
-
-    if ((a = BN_dup(from->pkey.dsa->p)) == NULL)
-        return 0;
-    if (to->pkey.dsa->p != NULL)
-        BN_free(to->pkey.dsa->p);
-    to->pkey.dsa->p = a;
-
-    if ((a = BN_dup(from->pkey.dsa->q)) == NULL)
-        return 0;
-    if (to->pkey.dsa->q != NULL)
-        BN_free(to->pkey.dsa->q);
-    to->pkey.dsa->q = a;
-
-    if ((a = BN_dup(from->pkey.dsa->g)) == NULL)
-        return 0;
-    if (to->pkey.dsa->g != NULL)
-        BN_free(to->pkey.dsa->g);
-    to->pkey.dsa->g = a;
-    return 1;
-}
-
-static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
-{
-    if (BN_cmp(a->pkey.dsa->p, b->pkey.dsa->p) ||
-        BN_cmp(a->pkey.dsa->q, b->pkey.dsa->q) ||
-        BN_cmp(a->pkey.dsa->g, b->pkey.dsa->g))
-        return 0;
-    else
-        return 1;
-}
-
-static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
-{
-    if (BN_cmp(b->pkey.dsa->pub_key, a->pkey.dsa->pub_key) != 0)
-        return 0;
-    else
-        return 1;
-}
-
-static void int_dsa_free(EVP_PKEY *pkey)
-{
-    DSA_free(pkey->pkey.dsa);
-}
-
-static void update_buflen(const BIGNUM *b, size_t *pbuflen)
-{
-    size_t i;
-    if (!b)
-        return;
-    if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
-        *pbuflen = i;
-}
-
-static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype)
-{
-    unsigned char *m = NULL;
-    int ret = 0;
-    size_t buf_len = 0;
-    const char *ktype = NULL;
-
-    const BIGNUM *priv_key, *pub_key;
-
-    if (ptype == 2)
-        priv_key = x->priv_key;
-    else
-        priv_key = NULL;
-
-    if (ptype > 0)
-        pub_key = x->pub_key;
-    else
-        pub_key = NULL;
-
-    if (ptype == 2)
-        ktype = "Private-Key";
-    else if (ptype == 1)
-        ktype = "Public-Key";
-    else
-        ktype = "DSA-Parameters";
-
-    update_buflen(x->p, &buf_len);
-    update_buflen(x->q, &buf_len);
-    update_buflen(x->g, &buf_len);
-    update_buflen(priv_key, &buf_len);
-    update_buflen(pub_key, &buf_len);
-
-    m = (unsigned char *)OPENSSL_malloc(buf_len + 10);
-    if (m == NULL) {
-        DSAerr(DSA_F_DO_DSA_PRINT, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    if (priv_key) {
-        if (!BIO_indent(bp, off, 128))
-            goto err;
-        if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p))
-            <= 0)
-            goto err;
-    }
-
-    if (!ASN1_bn_print(bp, "priv:", priv_key, m, off))
-        goto err;
-    if (!ASN1_bn_print(bp, "pub: ", pub_key, m, off))
-        goto err;
-    if (!ASN1_bn_print(bp, "P:   ", x->p, m, off))
-        goto err;
-    if (!ASN1_bn_print(bp, "Q:   ", x->q, m, off))
-        goto err;
-    if (!ASN1_bn_print(bp, "G:   ", x->g, m, off))
-        goto err;
-    ret = 1;
- err:
-    if (m != NULL)
-        OPENSSL_free(m);
-    return (ret);
-}
-
-static int dsa_param_decode(EVP_PKEY *pkey,
-                            const unsigned char **pder, int derlen)
-{
-    DSA *dsa;
-    if (!(dsa = d2i_DSAparams(NULL, pder, derlen))) {
-        DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB);
-        return 0;
-    }
-    EVP_PKEY_assign_DSA(pkey, dsa);
-    return 1;
-}
-
-static int dsa_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
-{
-    return i2d_DSAparams(pkey->pkey.dsa, pder);
-}
-
-static int dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
-                           ASN1_PCTX *ctx)
-{
-    return do_dsa_print(bp, pkey->pkey.dsa, indent, 0);
-}
-
-static int dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
-                         ASN1_PCTX *ctx)
-{
-    return do_dsa_print(bp, pkey->pkey.dsa, indent, 1);
-}
-
-static int dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
-                          ASN1_PCTX *ctx)
-{
-    return do_dsa_print(bp, pkey->pkey.dsa, indent, 2);
-}
-
-static int old_dsa_priv_decode(EVP_PKEY *pkey,
-                               const unsigned char **pder, int derlen)
-{
-    DSA *dsa;
-    if (!(dsa = d2i_DSAPrivateKey(NULL, pder, derlen))) {
-        DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB);
-        return 0;
-    }
-    EVP_PKEY_assign_DSA(pkey, dsa);
-    return 1;
-}
-
-static int old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
-{
-    return i2d_DSAPrivateKey(pkey->pkey.dsa, pder);
-}
-
-static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
-                         const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx)
-{
-    DSA_SIG *dsa_sig;
-    const unsigned char *p;
-    if (!sig) {
-        if (BIO_puts(bp, "\n") <= 0)
-            return 0;
-        else
-            return 1;
-    }
-    p = sig->data;
-    dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);
-    if (dsa_sig) {
-        int rv = 0;
-        size_t buf_len = 0;
-        unsigned char *m = NULL;
-        update_buflen(dsa_sig->r, &buf_len);
-        update_buflen(dsa_sig->s, &buf_len);
-        m = OPENSSL_malloc(buf_len + 10);
-        if (m == NULL) {
-            DSAerr(DSA_F_DSA_SIG_PRINT, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-
-        if (BIO_write(bp, "\n", 1) != 1)
-            goto err;
-
-        if (!ASN1_bn_print(bp, "r:   ", dsa_sig->r, m, indent))
-            goto err;
-        if (!ASN1_bn_print(bp, "s:   ", dsa_sig->s, m, indent))
-            goto err;
-        rv = 1;
- err:
-        if (m)
-            OPENSSL_free(m);
-        DSA_SIG_free(dsa_sig);
-        return rv;
-    }
-    return X509_signature_dump(bp, sig, indent);
-}
-
-static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
-{
-    switch (op) {
-    case ASN1_PKEY_CTRL_PKCS7_SIGN:
-        if (arg1 == 0) {
-            int snid, hnid;
-            X509_ALGOR *alg1, *alg2;
-            PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
-            if (alg1 == NULL || alg1->algorithm == NULL)
-                return -1;
-            hnid = OBJ_obj2nid(alg1->algorithm);
-            if (hnid == NID_undef)
-                return -1;
-            if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
-                return -1;
-            X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
-        }
-        return 1;
-#ifndef OPENSSL_NO_CMS
-    case ASN1_PKEY_CTRL_CMS_SIGN:
-        if (arg1 == 0) {
-            int snid, hnid;
-            X509_ALGOR *alg1, *alg2;
-            CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);
-            if (alg1 == NULL || alg1->algorithm == NULL)
-                return -1;
-            hnid = OBJ_obj2nid(alg1->algorithm);
-            if (hnid == NID_undef)
-                return -1;
-            if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
-                return -1;
-            X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
-        }
-        return 1;
-#endif
-
-    case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
-        *(int *)arg2 = NID_sha1;
-        return 2;
-
-    default:
-        return -2;
-
-    }
-
-}
-
-/* NB these are sorted in pkey_id order, lowest first */
-
-const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = {
-
-    {
-     EVP_PKEY_DSA2,
-     EVP_PKEY_DSA,
-     ASN1_PKEY_ALIAS},
-
-    {
-     EVP_PKEY_DSA1,
-     EVP_PKEY_DSA,
-     ASN1_PKEY_ALIAS},
-
-    {
-     EVP_PKEY_DSA4,
-     EVP_PKEY_DSA,
-     ASN1_PKEY_ALIAS},
-
-    {
-     EVP_PKEY_DSA3,
-     EVP_PKEY_DSA,
-     ASN1_PKEY_ALIAS},
-
-    {
-     EVP_PKEY_DSA,
-     EVP_PKEY_DSA,
-     0,
-
-     "DSA",
-     "OpenSSL DSA method",
-
-     dsa_pub_decode,
-     dsa_pub_encode,
-     dsa_pub_cmp,
-     dsa_pub_print,
-
-     dsa_priv_decode,
-     dsa_priv_encode,
-     dsa_priv_print,
-
-     int_dsa_size,
-     dsa_bits,
-
-     dsa_param_decode,
-     dsa_param_encode,
-     dsa_missing_parameters,
-     dsa_copy_parameters,
-     dsa_cmp_parameters,
-     dsa_param_print,
-     dsa_sig_print,
-
-     int_dsa_free,
-     dsa_pkey_ctrl,
-     old_dsa_priv_decode,
-     old_dsa_priv_encode}
-};

Copied: vendor-crypto/openssl/1.0.1u/crypto/dsa/dsa_ameth.c (from rev 11605, vendor-crypto/openssl/dist/crypto/dsa/dsa_ameth.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/dsa/dsa_ameth.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/dsa/dsa_ameth.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,674 @@
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/dsa.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_CMS
+# include <openssl/cms.h>
+#endif
+#include "asn1_locl.h"
+
+static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
+{
+    const unsigned char *p, *pm;
+    int pklen, pmlen;
+    int ptype;
+    void *pval;
+    ASN1_STRING *pstr;
+    X509_ALGOR *palg;
+    ASN1_INTEGER *public_key = NULL;
+
+    DSA *dsa = NULL;
+
+    if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
+        return 0;
+    X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+
+    if (ptype == V_ASN1_SEQUENCE) {
+        pstr = pval;
+        pm = pstr->data;
+        pmlen = pstr->length;
+
+        if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen))) {
+            DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
+            goto err;
+        }
+
+    } else if ((ptype == V_ASN1_NULL) || (ptype == V_ASN1_UNDEF)) {
+        if (!(dsa = DSA_new())) {
+            DSAerr(DSA_F_DSA_PUB_DECODE, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    } else {
+        DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_PARAMETER_ENCODING_ERROR);
+        goto err;
+    }
+
+    if (!(public_key = d2i_ASN1_INTEGER(NULL, &p, pklen))) {
+        DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
+        goto err;
+    }
+
+    if (!(dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) {
+        DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_BN_DECODE_ERROR);
+        goto err;
+    }
+
+    ASN1_INTEGER_free(public_key);
+    EVP_PKEY_assign_DSA(pkey, dsa);
+    return 1;
+
+ err:
+    if (public_key)
+        ASN1_INTEGER_free(public_key);
+    if (dsa)
+        DSA_free(dsa);
+    return 0;
+
+}
+
+static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
+{
+    DSA *dsa;
+    int ptype;
+    unsigned char *penc = NULL;
+    int penclen;
+    ASN1_STRING *str = NULL;
+
+    dsa = pkey->pkey.dsa;
+    if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) {
+        str = ASN1_STRING_new();
+        if (!str) {
+            DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        str->length = i2d_DSAparams(dsa, &str->data);
+        if (str->length <= 0) {
+            DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        ptype = V_ASN1_SEQUENCE;
+    } else
+        ptype = V_ASN1_UNDEF;
+
+    dsa->write_params = 0;
+
+    penclen = i2d_DSAPublicKey(dsa, &penc);
+
+    if (penclen <= 0) {
+        DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA),
+                               ptype, str, penc, penclen))
+        return 1;
+
+ err:
+    if (penc)
+        OPENSSL_free(penc);
+    if (str)
+        ASN1_STRING_free(str);
+
+    return 0;
+}
+
+/*
+ * In PKCS#8 DSA: you just get a private key integer and parameters in the
+ * AlgorithmIdentifier the pubkey must be recalculated.
+ */
+
+static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
+{
+    const unsigned char *p, *pm;
+    int pklen, pmlen;
+    int ptype;
+    void *pval;
+    ASN1_STRING *pstr;
+    X509_ALGOR *palg;
+    ASN1_INTEGER *privkey = NULL;
+    BN_CTX *ctx = NULL;
+
+    STACK_OF(ASN1_TYPE) *ndsa = NULL;
+    DSA *dsa = NULL;
+
+    int ret = 0;
+
+    if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
+        return 0;
+    X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+
+    /* Check for broken DSA PKCS#8, UGH! */
+    if (*p == (V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)) {
+        ASN1_TYPE *t1, *t2;
+        if (!(ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen)))
+            goto decerr;
+        if (sk_ASN1_TYPE_num(ndsa) != 2)
+            goto decerr;
+        /*-
+         * Handle Two broken types:
+         * SEQUENCE {parameters, priv_key}
+         * SEQUENCE {pub_key, priv_key}
+         */
+
+        t1 = sk_ASN1_TYPE_value(ndsa, 0);
+        t2 = sk_ASN1_TYPE_value(ndsa, 1);
+        if (t1->type == V_ASN1_SEQUENCE) {
+            p8->broken = PKCS8_EMBEDDED_PARAM;
+            pval = t1->value.ptr;
+        } else if (ptype == V_ASN1_SEQUENCE)
+            p8->broken = PKCS8_NS_DB;
+        else
+            goto decerr;
+
+        if (t2->type != V_ASN1_INTEGER)
+            goto decerr;
+
+        privkey = t2->value.integer;
+    } else {
+        const unsigned char *q = p;
+        if (!(privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)))
+            goto decerr;
+        if (privkey->type == V_ASN1_NEG_INTEGER) {
+            p8->broken = PKCS8_NEG_PRIVKEY;
+            ASN1_STRING_clear_free(privkey);
+            if (!(privkey = d2i_ASN1_UINTEGER(NULL, &q, pklen)))
+                goto decerr;
+        }
+        if (ptype != V_ASN1_SEQUENCE)
+            goto decerr;
+    }
+
+    pstr = pval;
+    pm = pstr->data;
+    pmlen = pstr->length;
+    if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen)))
+        goto decerr;
+    /* We have parameters now set private key */
+    if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
+        DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR);
+        goto dsaerr;
+    }
+    /* Calculate public key */
+    if (!(dsa->pub_key = BN_new())) {
+        DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
+        goto dsaerr;
+    }
+    if (!(ctx = BN_CTX_new())) {
+        DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
+        goto dsaerr;
+    }
+
+    if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
+        DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR);
+        goto dsaerr;
+    }
+
+    EVP_PKEY_assign_DSA(pkey, dsa);
+
+    ret = 1;
+    goto done;
+
+ decerr:
+    DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR);
+ dsaerr:
+    DSA_free(dsa);
+ done:
+    BN_CTX_free(ctx);
+    if (ndsa)
+        sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+    else
+        ASN1_STRING_clear_free(privkey);
+    return ret;
+}
+
+static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
+{
+    ASN1_STRING *params = NULL;
+    ASN1_INTEGER *prkey = NULL;
+    unsigned char *dp = NULL;
+    int dplen;
+
+    if (!pkey->pkey.dsa || !pkey->pkey.dsa->priv_key) {
+        DSAerr(DSA_F_DSA_PRIV_ENCODE, DSA_R_MISSING_PARAMETERS);
+        goto err;
+    }
+
+    params = ASN1_STRING_new();
+
+    if (!params) {
+        DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    params->length = i2d_DSAparams(pkey->pkey.dsa, &params->data);
+    if (params->length <= 0) {
+        DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    params->type = V_ASN1_SEQUENCE;
+
+    /* Get private key into integer */
+    prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL);
+
+    if (!prkey) {
+        DSAerr(DSA_F_DSA_PRIV_ENCODE, DSA_R_BN_ERROR);
+        goto err;
+    }
+
+    dplen = i2d_ASN1_INTEGER(prkey, &dp);
+
+    ASN1_STRING_clear_free(prkey);
+    prkey = NULL;
+
+    if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0,
+                         V_ASN1_SEQUENCE, params, dp, dplen))
+        goto err;
+
+    return 1;
+
+ err:
+    if (dp != NULL)
+        OPENSSL_free(dp);
+    if (params != NULL)
+        ASN1_STRING_free(params);
+    if (prkey != NULL)
+        ASN1_STRING_clear_free(prkey);
+    return 0;
+}
+
+static int int_dsa_size(const EVP_PKEY *pkey)
+{
+    return (DSA_size(pkey->pkey.dsa));
+}
+
+static int dsa_bits(const EVP_PKEY *pkey)
+{
+    return BN_num_bits(pkey->pkey.dsa->p);
+}
+
+static int dsa_missing_parameters(const EVP_PKEY *pkey)
+{
+    DSA *dsa;
+    dsa = pkey->pkey.dsa;
+    if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
+        return 1;
+    return 0;
+}
+
+static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
+{
+    BIGNUM *a;
+
+    if ((a = BN_dup(from->pkey.dsa->p)) == NULL)
+        return 0;
+    if (to->pkey.dsa->p != NULL)
+        BN_free(to->pkey.dsa->p);
+    to->pkey.dsa->p = a;
+
+    if ((a = BN_dup(from->pkey.dsa->q)) == NULL)
+        return 0;
+    if (to->pkey.dsa->q != NULL)
+        BN_free(to->pkey.dsa->q);
+    to->pkey.dsa->q = a;
+
+    if ((a = BN_dup(from->pkey.dsa->g)) == NULL)
+        return 0;
+    if (to->pkey.dsa->g != NULL)
+        BN_free(to->pkey.dsa->g);
+    to->pkey.dsa->g = a;
+    return 1;
+}
+
+static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    if (BN_cmp(a->pkey.dsa->p, b->pkey.dsa->p) ||
+        BN_cmp(a->pkey.dsa->q, b->pkey.dsa->q) ||
+        BN_cmp(a->pkey.dsa->g, b->pkey.dsa->g))
+        return 0;
+    else
+        return 1;
+}
+
+static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    if (BN_cmp(b->pkey.dsa->pub_key, a->pkey.dsa->pub_key) != 0)
+        return 0;
+    else
+        return 1;
+}
+
+static void int_dsa_free(EVP_PKEY *pkey)
+{
+    DSA_free(pkey->pkey.dsa);
+}
+
+static void update_buflen(const BIGNUM *b, size_t *pbuflen)
+{
+    size_t i;
+    if (!b)
+        return;
+    if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
+        *pbuflen = i;
+}
+
+static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype)
+{
+    unsigned char *m = NULL;
+    int ret = 0;
+    size_t buf_len = 0;
+    const char *ktype = NULL;
+
+    const BIGNUM *priv_key, *pub_key;
+
+    if (ptype == 2)
+        priv_key = x->priv_key;
+    else
+        priv_key = NULL;
+
+    if (ptype > 0)
+        pub_key = x->pub_key;
+    else
+        pub_key = NULL;
+
+    if (ptype == 2)
+        ktype = "Private-Key";
+    else if (ptype == 1)
+        ktype = "Public-Key";
+    else
+        ktype = "DSA-Parameters";
+
+    update_buflen(x->p, &buf_len);
+    update_buflen(x->q, &buf_len);
+    update_buflen(x->g, &buf_len);
+    update_buflen(priv_key, &buf_len);
+    update_buflen(pub_key, &buf_len);
+
+    m = (unsigned char *)OPENSSL_malloc(buf_len + 10);
+    if (m == NULL) {
+        DSAerr(DSA_F_DO_DSA_PRINT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (priv_key) {
+        if (!BIO_indent(bp, off, 128))
+            goto err;
+        if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p))
+            <= 0)
+            goto err;
+    }
+
+    if (!ASN1_bn_print(bp, "priv:", priv_key, m, off))
+        goto err;
+    if (!ASN1_bn_print(bp, "pub: ", pub_key, m, off))
+        goto err;
+    if (!ASN1_bn_print(bp, "P:   ", x->p, m, off))
+        goto err;
+    if (!ASN1_bn_print(bp, "Q:   ", x->q, m, off))
+        goto err;
+    if (!ASN1_bn_print(bp, "G:   ", x->g, m, off))
+        goto err;
+    ret = 1;
+ err:
+    if (m != NULL)
+        OPENSSL_free(m);
+    return (ret);
+}
+
+static int dsa_param_decode(EVP_PKEY *pkey,
+                            const unsigned char **pder, int derlen)
+{
+    DSA *dsa;
+    if (!(dsa = d2i_DSAparams(NULL, pder, derlen))) {
+        DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB);
+        return 0;
+    }
+    EVP_PKEY_assign_DSA(pkey, dsa);
+    return 1;
+}
+
+static int dsa_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
+{
+    return i2d_DSAparams(pkey->pkey.dsa, pder);
+}
+
+static int dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                           ASN1_PCTX *ctx)
+{
+    return do_dsa_print(bp, pkey->pkey.dsa, indent, 0);
+}
+
+static int dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                         ASN1_PCTX *ctx)
+{
+    return do_dsa_print(bp, pkey->pkey.dsa, indent, 1);
+}
+
+static int dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                          ASN1_PCTX *ctx)
+{
+    return do_dsa_print(bp, pkey->pkey.dsa, indent, 2);
+}
+
+static int old_dsa_priv_decode(EVP_PKEY *pkey,
+                               const unsigned char **pder, int derlen)
+{
+    DSA *dsa;
+    if (!(dsa = d2i_DSAPrivateKey(NULL, pder, derlen))) {
+        DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB);
+        return 0;
+    }
+    EVP_PKEY_assign_DSA(pkey, dsa);
+    return 1;
+}
+
+static int old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
+{
+    return i2d_DSAPrivateKey(pkey->pkey.dsa, pder);
+}
+
+static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
+                         const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx)
+{
+    DSA_SIG *dsa_sig;
+    const unsigned char *p;
+    if (!sig) {
+        if (BIO_puts(bp, "\n") <= 0)
+            return 0;
+        else
+            return 1;
+    }
+    p = sig->data;
+    dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);
+    if (dsa_sig) {
+        int rv = 0;
+        size_t buf_len = 0;
+        unsigned char *m = NULL;
+        update_buflen(dsa_sig->r, &buf_len);
+        update_buflen(dsa_sig->s, &buf_len);
+        m = OPENSSL_malloc(buf_len + 10);
+        if (m == NULL) {
+            DSAerr(DSA_F_DSA_SIG_PRINT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        if (BIO_write(bp, "\n", 1) != 1)
+            goto err;
+
+        if (!ASN1_bn_print(bp, "r:   ", dsa_sig->r, m, indent))
+            goto err;
+        if (!ASN1_bn_print(bp, "s:   ", dsa_sig->s, m, indent))
+            goto err;
+        rv = 1;
+ err:
+        if (m)
+            OPENSSL_free(m);
+        DSA_SIG_free(dsa_sig);
+        return rv;
+    }
+    return X509_signature_dump(bp, sig, indent);
+}
+
+static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+    switch (op) {
+    case ASN1_PKEY_CTRL_PKCS7_SIGN:
+        if (arg1 == 0) {
+            int snid, hnid;
+            X509_ALGOR *alg1, *alg2;
+            PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
+            if (alg1 == NULL || alg1->algorithm == NULL)
+                return -1;
+            hnid = OBJ_obj2nid(alg1->algorithm);
+            if (hnid == NID_undef)
+                return -1;
+            if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
+                return -1;
+            X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
+        }
+        return 1;
+#ifndef OPENSSL_NO_CMS
+    case ASN1_PKEY_CTRL_CMS_SIGN:
+        if (arg1 == 0) {
+            int snid, hnid;
+            X509_ALGOR *alg1, *alg2;
+            CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);
+            if (alg1 == NULL || alg1->algorithm == NULL)
+                return -1;
+            hnid = OBJ_obj2nid(alg1->algorithm);
+            if (hnid == NID_undef)
+                return -1;
+            if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
+                return -1;
+            X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
+        }
+        return 1;
+#endif
+
+    case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+        *(int *)arg2 = NID_sha1;
+        return 2;
+
+    default:
+        return -2;
+
+    }
+
+}
+
+/* NB these are sorted in pkey_id order, lowest first */
+
+const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = {
+
+    {
+     EVP_PKEY_DSA2,
+     EVP_PKEY_DSA,
+     ASN1_PKEY_ALIAS},
+
+    {
+     EVP_PKEY_DSA1,
+     EVP_PKEY_DSA,
+     ASN1_PKEY_ALIAS},
+
+    {
+     EVP_PKEY_DSA4,
+     EVP_PKEY_DSA,
+     ASN1_PKEY_ALIAS},
+
+    {
+     EVP_PKEY_DSA3,
+     EVP_PKEY_DSA,
+     ASN1_PKEY_ALIAS},
+
+    {
+     EVP_PKEY_DSA,
+     EVP_PKEY_DSA,
+     0,
+
+     "DSA",
+     "OpenSSL DSA method",
+
+     dsa_pub_decode,
+     dsa_pub_encode,
+     dsa_pub_cmp,
+     dsa_pub_print,
+
+     dsa_priv_decode,
+     dsa_priv_encode,
+     dsa_priv_print,
+
+     int_dsa_size,
+     dsa_bits,
+
+     dsa_param_decode,
+     dsa_param_encode,
+     dsa_missing_parameters,
+     dsa_copy_parameters,
+     dsa_cmp_parameters,
+     dsa_param_print,
+     dsa_sig_print,
+
+     int_dsa_free,
+     dsa_pkey_ctrl,
+     old_dsa_priv_decode,
+     old_dsa_priv_encode}
+};

Deleted: vendor-crypto/openssl/1.0.1u/crypto/dsa/dsa_gen.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dsa/dsa_gen.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/dsa/dsa_gen.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,379 +0,0 @@
-/* crypto/dsa/dsa_gen.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#undef GENUINE_DSA
-
-#ifdef GENUINE_DSA
-/*
- * Parameter generation follows the original release of FIPS PUB 186,
- * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180)
- */
-# define HASH    EVP_sha()
-#else
-/*
- * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
- * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB
- * 180-1)
- */
-# define HASH    EVP_sha1()
-#endif
-
-#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_SHA is defined */
-
-#ifndef OPENSSL_NO_SHA
-
-# include <stdio.h>
-# include "cryptlib.h"
-# include <openssl/evp.h>
-# include <openssl/bn.h>
-# include <openssl/rand.h>
-# include <openssl/sha.h>
-# include "dsa_locl.h"
-
-# ifdef OPENSSL_FIPS
-#  include <openssl/fips.h>
-# endif
-
-int DSA_generate_parameters_ex(DSA *ret, int bits,
-                               const unsigned char *seed_in, int seed_len,
-                               int *counter_ret, unsigned long *h_ret,
-                               BN_GENCB *cb)
-{
-# ifdef OPENSSL_FIPS
-    if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD)
-        && !(ret->flags & DSA_FLAG_NON_FIPS_ALLOW)) {
-        DSAerr(DSA_F_DSA_GENERATE_PARAMETERS_EX, DSA_R_NON_FIPS_DSA_METHOD);
-        return 0;
-    }
-# endif
-    if (ret->meth->dsa_paramgen)
-        return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
-                                       counter_ret, h_ret, cb);
-# ifdef OPENSSL_FIPS
-    else if (FIPS_mode()) {
-        return FIPS_dsa_generate_parameters_ex(ret, bits,
-                                               seed_in, seed_len,
-                                               counter_ret, h_ret, cb);
-    }
-# endif
-    else {
-        const EVP_MD *evpmd = bits >= 2048 ? EVP_sha256() : EVP_sha1();
-        size_t qbits = EVP_MD_size(evpmd) * 8;
-
-        return dsa_builtin_paramgen(ret, bits, qbits, evpmd,
-                                    seed_in, seed_len, NULL, counter_ret,
-                                    h_ret, cb);
-    }
-}
-
-int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
-                         const EVP_MD *evpmd, const unsigned char *seed_in,
-                         size_t seed_len, unsigned char *seed_out,
-                         int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
-{
-    int ok = 0;
-    unsigned char seed[SHA256_DIGEST_LENGTH];
-    unsigned char md[SHA256_DIGEST_LENGTH];
-    unsigned char buf[SHA256_DIGEST_LENGTH], buf2[SHA256_DIGEST_LENGTH];
-    BIGNUM *r0, *W, *X, *c, *test;
-    BIGNUM *g = NULL, *q = NULL, *p = NULL;
-    BN_MONT_CTX *mont = NULL;
-    int i, k, n = 0, m = 0, qsize = qbits >> 3;
-    int counter = 0;
-    int r = 0;
-    BN_CTX *ctx = NULL;
-    unsigned int h = 2;
-
-    if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH &&
-        qsize != SHA256_DIGEST_LENGTH)
-        /* invalid q size */
-        return 0;
-
-    if (evpmd == NULL)
-        /* use SHA1 as default */
-        evpmd = EVP_sha1();
-
-    if (bits < 512)
-        bits = 512;
-
-    bits = (bits + 63) / 64 * 64;
-
-    /*
-     * NB: seed_len == 0 is special case: copy generated seed to seed_in if
-     * it is not NULL.
-     */
-    if (seed_len && (seed_len < (size_t)qsize))
-        seed_in = NULL;         /* seed buffer too small -- ignore */
-    if (seed_len > (size_t)qsize)
-        seed_len = qsize;       /* App. 2.2 of FIPS PUB 186 allows larger
-                                 * SEED, but our internal buffers are
-                                 * restricted to 160 bits */
-    if (seed_in != NULL)
-        memcpy(seed, seed_in, seed_len);
-
-    if ((mont = BN_MONT_CTX_new()) == NULL)
-        goto err;
-
-    if ((ctx = BN_CTX_new()) == NULL)
-        goto err;
-
-    BN_CTX_start(ctx);
-
-    r0 = BN_CTX_get(ctx);
-    g = BN_CTX_get(ctx);
-    W = BN_CTX_get(ctx);
-    q = BN_CTX_get(ctx);
-    X = BN_CTX_get(ctx);
-    c = BN_CTX_get(ctx);
-    p = BN_CTX_get(ctx);
-    test = BN_CTX_get(ctx);
-
-    if (!BN_lshift(test, BN_value_one(), bits - 1))
-        goto err;
-
-    for (;;) {
-        for (;;) {              /* find q */
-            int seed_is_random;
-
-            /* step 1 */
-            if (!BN_GENCB_call(cb, 0, m++))
-                goto err;
-
-            if (!seed_len || !seed_in) {
-                if (RAND_pseudo_bytes(seed, qsize) < 0)
-                    goto err;
-                seed_is_random = 1;
-            } else {
-                seed_is_random = 0;
-                seed_len = 0;   /* use random seed if 'seed_in' turns out to
-                                 * be bad */
-            }
-            memcpy(buf, seed, qsize);
-            memcpy(buf2, seed, qsize);
-            /* precompute "SEED + 1" for step 7: */
-            for (i = qsize - 1; i >= 0; i--) {
-                buf[i]++;
-                if (buf[i] != 0)
-                    break;
-            }
-
-            /* step 2 */
-            if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL))
-                goto err;
-            if (!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL))
-                goto err;
-            for (i = 0; i < qsize; i++)
-                md[i] ^= buf2[i];
-
-            /* step 3 */
-            md[0] |= 0x80;
-            md[qsize - 1] |= 0x01;
-            if (!BN_bin2bn(md, qsize, q))
-                goto err;
-
-            /* step 4 */
-            r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
-                                        seed_is_random, cb);
-            if (r > 0)
-                break;
-            if (r != 0)
-                goto err;
-
-            /* do a callback call */
-            /* step 5 */
-        }
-
-        if (!BN_GENCB_call(cb, 2, 0))
-            goto err;
-        if (!BN_GENCB_call(cb, 3, 0))
-            goto err;
-
-        /* step 6 */
-        counter = 0;
-        /* "offset = 2" */
-
-        n = (bits - 1) / 160;
-
-        for (;;) {
-            if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
-                goto err;
-
-            /* step 7 */
-            BN_zero(W);
-            /* now 'buf' contains "SEED + offset - 1" */
-            for (k = 0; k <= n; k++) {
-                /*
-                 * obtain "SEED + offset + k" by incrementing:
-                 */
-                for (i = qsize - 1; i >= 0; i--) {
-                    buf[i]++;
-                    if (buf[i] != 0)
-                        break;
-                }
-
-                if (!EVP_Digest(buf, qsize, md, NULL, evpmd, NULL))
-                    goto err;
-
-                /* step 8 */
-                if (!BN_bin2bn(md, qsize, r0))
-                    goto err;
-                if (!BN_lshift(r0, r0, (qsize << 3) * k))
-                    goto err;
-                if (!BN_add(W, W, r0))
-                    goto err;
-            }
-
-            /* more of step 8 */
-            if (!BN_mask_bits(W, bits - 1))
-                goto err;
-            if (!BN_copy(X, W))
-                goto err;
-            if (!BN_add(X, X, test))
-                goto err;
-
-            /* step 9 */
-            if (!BN_lshift1(r0, q))
-                goto err;
-            if (!BN_mod(c, X, r0, ctx))
-                goto err;
-            if (!BN_sub(r0, c, BN_value_one()))
-                goto err;
-            if (!BN_sub(p, X, r0))
-                goto err;
-
-            /* step 10 */
-            if (BN_cmp(p, test) >= 0) {
-                /* step 11 */
-                r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, ctx, 1, cb);
-                if (r > 0)
-                    goto end;   /* found it */
-                if (r != 0)
-                    goto err;
-            }
-
-            /* step 13 */
-            counter++;
-            /* "offset = offset + n + 1" */
-
-            /* step 14 */
-            if (counter >= 4096)
-                break;
-        }
-    }
- end:
-    if (!BN_GENCB_call(cb, 2, 1))
-        goto err;
-
-    /* We now need to generate g */
-    /* Set r0=(p-1)/q */
-    if (!BN_sub(test, p, BN_value_one()))
-        goto err;
-    if (!BN_div(r0, NULL, test, q, ctx))
-        goto err;
-
-    if (!BN_set_word(test, h))
-        goto err;
-    if (!BN_MONT_CTX_set(mont, p, ctx))
-        goto err;
-
-    for (;;) {
-        /* g=test^r0%p */
-        if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont))
-            goto err;
-        if (!BN_is_one(g))
-            break;
-        if (!BN_add(test, test, BN_value_one()))
-            goto err;
-        h++;
-    }
-
-    if (!BN_GENCB_call(cb, 3, 1))
-        goto err;
-
-    ok = 1;
- err:
-    if (ok) {
-        if (ret->p)
-            BN_free(ret->p);
-        if (ret->q)
-            BN_free(ret->q);
-        if (ret->g)
-            BN_free(ret->g);
-        ret->p = BN_dup(p);
-        ret->q = BN_dup(q);
-        ret->g = BN_dup(g);
-        if (ret->p == NULL || ret->q == NULL || ret->g == NULL) {
-            ok = 0;
-            goto err;
-        }
-        if (counter_ret != NULL)
-            *counter_ret = counter;
-        if (h_ret != NULL)
-            *h_ret = h;
-        if (seed_out)
-            memcpy(seed_out, seed, qsize);
-    }
-    if (ctx) {
-        BN_CTX_end(ctx);
-        BN_CTX_free(ctx);
-    }
-    if (mont != NULL)
-        BN_MONT_CTX_free(mont);
-    return ok;
-}
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/dsa/dsa_gen.c (from rev 11605, vendor-crypto/openssl/dist/crypto/dsa/dsa_gen.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/dsa/dsa_gen.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/dsa/dsa_gen.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,379 @@
+/* crypto/dsa/dsa_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#undef GENUINE_DSA
+
+#ifdef GENUINE_DSA
+/*
+ * Parameter generation follows the original release of FIPS PUB 186,
+ * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180)
+ */
+# define HASH    EVP_sha()
+#else
+/*
+ * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
+ * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB
+ * 180-1)
+ */
+# define HASH    EVP_sha1()
+#endif
+
+#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_SHA is defined */
+
+#ifndef OPENSSL_NO_SHA
+
+# include <stdio.h>
+# include "cryptlib.h"
+# include <openssl/evp.h>
+# include <openssl/bn.h>
+# include <openssl/rand.h>
+# include <openssl/sha.h>
+# include "dsa_locl.h"
+
+# ifdef OPENSSL_FIPS
+#  include <openssl/fips.h>
+# endif
+
+int DSA_generate_parameters_ex(DSA *ret, int bits,
+                               const unsigned char *seed_in, int seed_len,
+                               int *counter_ret, unsigned long *h_ret,
+                               BN_GENCB *cb)
+{
+# ifdef OPENSSL_FIPS
+    if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD)
+        && !(ret->flags & DSA_FLAG_NON_FIPS_ALLOW)) {
+        DSAerr(DSA_F_DSA_GENERATE_PARAMETERS_EX, DSA_R_NON_FIPS_DSA_METHOD);
+        return 0;
+    }
+# endif
+    if (ret->meth->dsa_paramgen)
+        return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
+                                       counter_ret, h_ret, cb);
+# ifdef OPENSSL_FIPS
+    else if (FIPS_mode()) {
+        return FIPS_dsa_generate_parameters_ex(ret, bits,
+                                               seed_in, seed_len,
+                                               counter_ret, h_ret, cb);
+    }
+# endif
+    else {
+        const EVP_MD *evpmd = bits >= 2048 ? EVP_sha256() : EVP_sha1();
+        size_t qbits = EVP_MD_size(evpmd) * 8;
+
+        return dsa_builtin_paramgen(ret, bits, qbits, evpmd,
+                                    seed_in, seed_len, NULL, counter_ret,
+                                    h_ret, cb);
+    }
+}
+
+int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
+                         const EVP_MD *evpmd, const unsigned char *seed_in,
+                         size_t seed_len, unsigned char *seed_out,
+                         int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
+{
+    int ok = 0;
+    unsigned char seed[SHA256_DIGEST_LENGTH];
+    unsigned char md[SHA256_DIGEST_LENGTH];
+    unsigned char buf[SHA256_DIGEST_LENGTH], buf2[SHA256_DIGEST_LENGTH];
+    BIGNUM *r0, *W, *X, *c, *test;
+    BIGNUM *g = NULL, *q = NULL, *p = NULL;
+    BN_MONT_CTX *mont = NULL;
+    int i, k, n = 0, m = 0, qsize = qbits >> 3;
+    int counter = 0;
+    int r = 0;
+    BN_CTX *ctx = NULL;
+    unsigned int h = 2;
+
+    if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH &&
+        qsize != SHA256_DIGEST_LENGTH)
+        /* invalid q size */
+        return 0;
+
+    if (evpmd == NULL)
+        /* use SHA1 as default */
+        evpmd = EVP_sha1();
+
+    if (bits < 512)
+        bits = 512;
+
+    bits = (bits + 63) / 64 * 64;
+
+    /*
+     * NB: seed_len == 0 is special case: copy generated seed to seed_in if
+     * it is not NULL.
+     */
+    if (seed_len && (seed_len < (size_t)qsize))
+        seed_in = NULL;         /* seed buffer too small -- ignore */
+    if (seed_len > (size_t)qsize)
+        seed_len = qsize;       /* App. 2.2 of FIPS PUB 186 allows larger
+                                 * SEED, but our internal buffers are
+                                 * restricted to 160 bits */
+    if (seed_in != NULL)
+        memcpy(seed, seed_in, seed_len);
+
+    if ((mont = BN_MONT_CTX_new()) == NULL)
+        goto err;
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+
+    BN_CTX_start(ctx);
+
+    r0 = BN_CTX_get(ctx);
+    g = BN_CTX_get(ctx);
+    W = BN_CTX_get(ctx);
+    q = BN_CTX_get(ctx);
+    X = BN_CTX_get(ctx);
+    c = BN_CTX_get(ctx);
+    p = BN_CTX_get(ctx);
+    test = BN_CTX_get(ctx);
+
+    if (!BN_lshift(test, BN_value_one(), bits - 1))
+        goto err;
+
+    for (;;) {
+        for (;;) {              /* find q */
+            int seed_is_random;
+
+            /* step 1 */
+            if (!BN_GENCB_call(cb, 0, m++))
+                goto err;
+
+            if (!seed_len || !seed_in) {
+                if (RAND_bytes(seed, qsize) <= 0)
+                    goto err;
+                seed_is_random = 1;
+            } else {
+                seed_is_random = 0;
+                seed_len = 0;   /* use random seed if 'seed_in' turns out to
+                                 * be bad */
+            }
+            memcpy(buf, seed, qsize);
+            memcpy(buf2, seed, qsize);
+            /* precompute "SEED + 1" for step 7: */
+            for (i = qsize - 1; i >= 0; i--) {
+                buf[i]++;
+                if (buf[i] != 0)
+                    break;
+            }
+
+            /* step 2 */
+            if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL))
+                goto err;
+            if (!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL))
+                goto err;
+            for (i = 0; i < qsize; i++)
+                md[i] ^= buf2[i];
+
+            /* step 3 */
+            md[0] |= 0x80;
+            md[qsize - 1] |= 0x01;
+            if (!BN_bin2bn(md, qsize, q))
+                goto err;
+
+            /* step 4 */
+            r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
+                                        seed_is_random, cb);
+            if (r > 0)
+                break;
+            if (r != 0)
+                goto err;
+
+            /* do a callback call */
+            /* step 5 */
+        }
+
+        if (!BN_GENCB_call(cb, 2, 0))
+            goto err;
+        if (!BN_GENCB_call(cb, 3, 0))
+            goto err;
+
+        /* step 6 */
+        counter = 0;
+        /* "offset = 2" */
+
+        n = (bits - 1) / 160;
+
+        for (;;) {
+            if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
+                goto err;
+
+            /* step 7 */
+            BN_zero(W);
+            /* now 'buf' contains "SEED + offset - 1" */
+            for (k = 0; k <= n; k++) {
+                /*
+                 * obtain "SEED + offset + k" by incrementing:
+                 */
+                for (i = qsize - 1; i >= 0; i--) {
+                    buf[i]++;
+                    if (buf[i] != 0)
+                        break;
+                }
+
+                if (!EVP_Digest(buf, qsize, md, NULL, evpmd, NULL))
+                    goto err;
+
+                /* step 8 */
+                if (!BN_bin2bn(md, qsize, r0))
+                    goto err;
+                if (!BN_lshift(r0, r0, (qsize << 3) * k))
+                    goto err;
+                if (!BN_add(W, W, r0))
+                    goto err;
+            }
+
+            /* more of step 8 */
+            if (!BN_mask_bits(W, bits - 1))
+                goto err;
+            if (!BN_copy(X, W))
+                goto err;
+            if (!BN_add(X, X, test))
+                goto err;
+
+            /* step 9 */
+            if (!BN_lshift1(r0, q))
+                goto err;
+            if (!BN_mod(c, X, r0, ctx))
+                goto err;
+            if (!BN_sub(r0, c, BN_value_one()))
+                goto err;
+            if (!BN_sub(p, X, r0))
+                goto err;
+
+            /* step 10 */
+            if (BN_cmp(p, test) >= 0) {
+                /* step 11 */
+                r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, ctx, 1, cb);
+                if (r > 0)
+                    goto end;   /* found it */
+                if (r != 0)
+                    goto err;
+            }
+
+            /* step 13 */
+            counter++;
+            /* "offset = offset + n + 1" */
+
+            /* step 14 */
+            if (counter >= 4096)
+                break;
+        }
+    }
+ end:
+    if (!BN_GENCB_call(cb, 2, 1))
+        goto err;
+
+    /* We now need to generate g */
+    /* Set r0=(p-1)/q */
+    if (!BN_sub(test, p, BN_value_one()))
+        goto err;
+    if (!BN_div(r0, NULL, test, q, ctx))
+        goto err;
+
+    if (!BN_set_word(test, h))
+        goto err;
+    if (!BN_MONT_CTX_set(mont, p, ctx))
+        goto err;
+
+    for (;;) {
+        /* g=test^r0%p */
+        if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont))
+            goto err;
+        if (!BN_is_one(g))
+            break;
+        if (!BN_add(test, test, BN_value_one()))
+            goto err;
+        h++;
+    }
+
+    if (!BN_GENCB_call(cb, 3, 1))
+        goto err;
+
+    ok = 1;
+ err:
+    if (ok) {
+        if (ret->p)
+            BN_free(ret->p);
+        if (ret->q)
+            BN_free(ret->q);
+        if (ret->g)
+            BN_free(ret->g);
+        ret->p = BN_dup(p);
+        ret->q = BN_dup(q);
+        ret->g = BN_dup(g);
+        if (ret->p == NULL || ret->q == NULL || ret->g == NULL) {
+            ok = 0;
+            goto err;
+        }
+        if (counter_ret != NULL)
+            *counter_ret = counter;
+        if (h_ret != NULL)
+            *h_ret = h;
+        if (seed_out)
+            memcpy(seed_out, seed, qsize);
+    }
+    if (ctx) {
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+    }
+    if (mont != NULL)
+        BN_MONT_CTX_free(mont);
+    return ok;
+}
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/dsa/dsa_ossl.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dsa/dsa_ossl.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/dsa/dsa_ossl.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,426 +0,0 @@
-/* crypto/dsa/dsa_ossl.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Original version from Steven Schoch <schoch at sheba.arc.nasa.gov> */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/sha.h>
-#include <openssl/dsa.h>
-#include <openssl/rand.h>
-#include <openssl/asn1.h>
-
-static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
-static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
-                          BIGNUM **rp);
-static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
-                         DSA_SIG *sig, DSA *dsa);
-static int dsa_init(DSA *dsa);
-static int dsa_finish(DSA *dsa);
-
-static DSA_METHOD openssl_dsa_meth = {
-    "OpenSSL DSA method",
-    dsa_do_sign,
-    dsa_sign_setup,
-    dsa_do_verify,
-    NULL,                       /* dsa_mod_exp, */
-    NULL,                       /* dsa_bn_mod_exp, */
-    dsa_init,
-    dsa_finish,
-    0,
-    NULL,
-    NULL,
-    NULL
-};
-
-/*-
- * These macro wrappers replace attempts to use the dsa_mod_exp() and
- * bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of
- * having a the macro work as an expression by bundling an "err_instr". So;
- *
- *     if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
- *                 dsa->method_mont_p)) goto err;
- *
- * can be replaced by;
- *
- *     DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, &k, dsa->p, ctx,
- *                 dsa->method_mont_p);
- */
-
-#define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \
-        do { \
-        int _tmp_res53; \
-        if ((dsa)->meth->dsa_mod_exp) \
-                _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \
-                                (a2), (p2), (m), (ctx), (in_mont)); \
-        else \
-                _tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \
-                                (m), (ctx), (in_mont)); \
-        if (!_tmp_res53) err_instr; \
-        } while(0)
-#define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \
-        do { \
-        int _tmp_res53; \
-        if ((dsa)->meth->bn_mod_exp) \
-                _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \
-                                (m), (ctx), (m_ctx)); \
-        else \
-                _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \
-        if (!_tmp_res53) err_instr; \
-        } while(0)
-
-const DSA_METHOD *DSA_OpenSSL(void)
-{
-    return &openssl_dsa_meth;
-}
-
-static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
-{
-    BIGNUM *kinv = NULL, *r = NULL, *s = NULL;
-    BIGNUM m;
-    BIGNUM xr;
-    BN_CTX *ctx = NULL;
-    int reason = ERR_R_BN_LIB;
-    DSA_SIG *ret = NULL;
-    int noredo = 0;
-
-    BN_init(&m);
-    BN_init(&xr);
-
-    if (!dsa->p || !dsa->q || !dsa->g) {
-        reason = DSA_R_MISSING_PARAMETERS;
-        goto err;
-    }
-
-    s = BN_new();
-    if (s == NULL)
-        goto err;
-    ctx = BN_CTX_new();
-    if (ctx == NULL)
-        goto err;
- redo:
-    if ((dsa->kinv == NULL) || (dsa->r == NULL)) {
-        if (!DSA_sign_setup(dsa, ctx, &kinv, &r))
-            goto err;
-    } else {
-        kinv = dsa->kinv;
-        dsa->kinv = NULL;
-        r = dsa->r;
-        dsa->r = NULL;
-        noredo = 1;
-    }
-
-    if (dlen > BN_num_bytes(dsa->q))
-        /*
-         * if the digest length is greater than the size of q use the
-         * BN_num_bits(dsa->q) leftmost bits of the digest, see fips 186-3,
-         * 4.2
-         */
-        dlen = BN_num_bytes(dsa->q);
-    if (BN_bin2bn(dgst, dlen, &m) == NULL)
-        goto err;
-
-    /* Compute  s = inv(k) (m + xr) mod q */
-    if (!BN_mod_mul(&xr, dsa->priv_key, r, dsa->q, ctx))
-        goto err;               /* s = xr */
-    if (!BN_add(s, &xr, &m))
-        goto err;               /* s = m + xr */
-    if (BN_cmp(s, dsa->q) > 0)
-        if (!BN_sub(s, s, dsa->q))
-            goto err;
-    if (!BN_mod_mul(s, s, kinv, dsa->q, ctx))
-        goto err;
-
-    ret = DSA_SIG_new();
-    if (ret == NULL)
-        goto err;
-    /*
-     * Redo if r or s is zero as required by FIPS 186-3: this is very
-     * unlikely.
-     */
-    if (BN_is_zero(r) || BN_is_zero(s)) {
-        if (noredo) {
-            reason = DSA_R_NEED_NEW_SETUP_VALUES;
-            goto err;
-        }
-        goto redo;
-    }
-    ret->r = r;
-    ret->s = s;
-
- err:
-    if (!ret) {
-        DSAerr(DSA_F_DSA_DO_SIGN, reason);
-        BN_free(r);
-        BN_free(s);
-    }
-    if (ctx != NULL)
-        BN_CTX_free(ctx);
-    BN_clear_free(&m);
-    BN_clear_free(&xr);
-    if (kinv != NULL)           /* dsa->kinv is NULL now if we used it */
-        BN_clear_free(kinv);
-    return (ret);
-}
-
-static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
-                          BIGNUM **rp)
-{
-    BN_CTX *ctx;
-    BIGNUM k, kq, *K, *kinv = NULL, *r = NULL;
-    int ret = 0;
-
-    if (!dsa->p || !dsa->q || !dsa->g) {
-        DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS);
-        return 0;
-    }
-
-    BN_init(&k);
-    BN_init(&kq);
-
-    if (ctx_in == NULL) {
-        if ((ctx = BN_CTX_new()) == NULL)
-            goto err;
-    } else
-        ctx = ctx_in;
-
-    if ((r = BN_new()) == NULL)
-        goto err;
-
-    /* Get random k */
-    do
-        if (!BN_rand_range(&k, dsa->q))
-            goto err;
-    while (BN_is_zero(&k)) ;
-    if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
-        BN_set_flags(&k, BN_FLG_CONSTTIME);
-    }
-
-    if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
-        if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
-                                    CRYPTO_LOCK_DSA, dsa->p, ctx))
-            goto err;
-    }
-
-    /* Compute r = (g^k mod p) mod q */
-
-    if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
-        if (!BN_copy(&kq, &k))
-            goto err;
-
-        /*
-         * We do not want timing information to leak the length of k, so we
-         * compute g^k using an equivalent exponent of fixed length. (This
-         * is a kludge that we need because the BN_mod_exp_mont() does not
-         * let us specify the desired timing behaviour.)
-         */
-
-        if (!BN_add(&kq, &kq, dsa->q))
-            goto err;
-        if (BN_num_bits(&kq) <= BN_num_bits(dsa->q)) {
-            if (!BN_add(&kq, &kq, dsa->q))
-                goto err;
-        }
-
-        K = &kq;
-    } else {
-        K = &k;
-    }
-    DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
-                   dsa->method_mont_p);
-    if (!BN_mod(r, r, dsa->q, ctx))
-        goto err;
-
-    /* Compute  part of 's = inv(k) (m + xr) mod q' */
-    if ((kinv = BN_mod_inverse(NULL, &k, dsa->q, ctx)) == NULL)
-        goto err;
-
-    if (*kinvp != NULL)
-        BN_clear_free(*kinvp);
-    *kinvp = kinv;
-    kinv = NULL;
-    if (*rp != NULL)
-        BN_clear_free(*rp);
-    *rp = r;
-    ret = 1;
- err:
-    if (!ret) {
-        DSAerr(DSA_F_DSA_SIGN_SETUP, ERR_R_BN_LIB);
-        if (r != NULL)
-            BN_clear_free(r);
-    }
-    if (ctx_in == NULL)
-        BN_CTX_free(ctx);
-    BN_clear_free(&k);
-    BN_clear_free(&kq);
-    return (ret);
-}
-
-static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
-                         DSA_SIG *sig, DSA *dsa)
-{
-    BN_CTX *ctx;
-    BIGNUM u1, u2, t1;
-    BN_MONT_CTX *mont = NULL;
-    int ret = -1, i;
-    if (!dsa->p || !dsa->q || !dsa->g) {
-        DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MISSING_PARAMETERS);
-        return -1;
-    }
-
-    i = BN_num_bits(dsa->q);
-    /* fips 186-3 allows only different sizes for q */
-    if (i != 160 && i != 224 && i != 256) {
-        DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_BAD_Q_VALUE);
-        return -1;
-    }
-
-    if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) {
-        DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MODULUS_TOO_LARGE);
-        return -1;
-    }
-    BN_init(&u1);
-    BN_init(&u2);
-    BN_init(&t1);
-
-    if ((ctx = BN_CTX_new()) == NULL)
-        goto err;
-
-    if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
-        BN_ucmp(sig->r, dsa->q) >= 0) {
-        ret = 0;
-        goto err;
-    }
-    if (BN_is_zero(sig->s) || BN_is_negative(sig->s) ||
-        BN_ucmp(sig->s, dsa->q) >= 0) {
-        ret = 0;
-        goto err;
-    }
-
-    /*
-     * Calculate W = inv(S) mod Q save W in u2
-     */
-    if ((BN_mod_inverse(&u2, sig->s, dsa->q, ctx)) == NULL)
-        goto err;
-
-    /* save M in u1 */
-    if (dgst_len > (i >> 3))
-        /*
-         * if the digest length is greater than the size of q use the
-         * BN_num_bits(dsa->q) leftmost bits of the digest, see fips 186-3,
-         * 4.2
-         */
-        dgst_len = (i >> 3);
-    if (BN_bin2bn(dgst, dgst_len, &u1) == NULL)
-        goto err;
-
-    /* u1 = M * w mod q */
-    if (!BN_mod_mul(&u1, &u1, &u2, dsa->q, ctx))
-        goto err;
-
-    /* u2 = r * w mod q */
-    if (!BN_mod_mul(&u2, sig->r, &u2, dsa->q, ctx))
-        goto err;
-
-    if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
-        mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p,
-                                      CRYPTO_LOCK_DSA, dsa->p, ctx);
-        if (!mont)
-            goto err;
-    }
-
-    DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p,
-                ctx, mont);
-    /* BN_copy(&u1,&t1); */
-    /* let u1 = u1 mod q */
-    if (!BN_mod(&u1, &t1, dsa->q, ctx))
-        goto err;
-
-    /*
-     * V is now in u1.  If the signature is correct, it will be equal to R.
-     */
-    ret = (BN_ucmp(&u1, sig->r) == 0);
-
- err:
-    /*
-     * XXX: surely this is wrong - if ret is 0, it just didn't verify; there
-     * is no error in BN. Test should be ret == -1 (Ben)
-     */
-    if (ret != 1)
-        DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_BN_LIB);
-    if (ctx != NULL)
-        BN_CTX_free(ctx);
-    BN_free(&u1);
-    BN_free(&u2);
-    BN_free(&t1);
-    return (ret);
-}
-
-static int dsa_init(DSA *dsa)
-{
-    dsa->flags |= DSA_FLAG_CACHE_MONT_P;
-    return (1);
-}
-
-static int dsa_finish(DSA *dsa)
-{
-    if (dsa->method_mont_p)
-        BN_MONT_CTX_free(dsa->method_mont_p);
-    return (1);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/dsa/dsa_ossl.c (from rev 11605, vendor-crypto/openssl/dist/crypto/dsa/dsa_ossl.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/dsa/dsa_ossl.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/dsa/dsa_ossl.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,431 @@
+/* crypto/dsa/dsa_ossl.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Original version from Steven Schoch <schoch at sheba.arc.nasa.gov> */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/sha.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
+#include <openssl/asn1.h>
+
+static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
+                          BIGNUM **rp);
+static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
+                         DSA_SIG *sig, DSA *dsa);
+static int dsa_init(DSA *dsa);
+static int dsa_finish(DSA *dsa);
+
+static DSA_METHOD openssl_dsa_meth = {
+    "OpenSSL DSA method",
+    dsa_do_sign,
+    dsa_sign_setup,
+    dsa_do_verify,
+    NULL,                       /* dsa_mod_exp, */
+    NULL,                       /* dsa_bn_mod_exp, */
+    dsa_init,
+    dsa_finish,
+    0,
+    NULL,
+    NULL,
+    NULL
+};
+
+/*-
+ * These macro wrappers replace attempts to use the dsa_mod_exp() and
+ * bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of
+ * having a the macro work as an expression by bundling an "err_instr". So;
+ *
+ *     if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
+ *                 dsa->method_mont_p)) goto err;
+ *
+ * can be replaced by;
+ *
+ *     DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, &k, dsa->p, ctx,
+ *                 dsa->method_mont_p);
+ */
+
+#define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \
+        do { \
+        int _tmp_res53; \
+        if ((dsa)->meth->dsa_mod_exp) \
+                _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \
+                                (a2), (p2), (m), (ctx), (in_mont)); \
+        else \
+                _tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \
+                                (m), (ctx), (in_mont)); \
+        if (!_tmp_res53) err_instr; \
+        } while(0)
+#define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \
+        do { \
+        int _tmp_res53; \
+        if ((dsa)->meth->bn_mod_exp) \
+                _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \
+                                (m), (ctx), (m_ctx)); \
+        else \
+                _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \
+        if (!_tmp_res53) err_instr; \
+        } while(0)
+
+const DSA_METHOD *DSA_OpenSSL(void)
+{
+    return &openssl_dsa_meth;
+}
+
+static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+{
+    BIGNUM *kinv = NULL, *r = NULL, *s = NULL;
+    BIGNUM m;
+    BIGNUM xr;
+    BN_CTX *ctx = NULL;
+    int reason = ERR_R_BN_LIB;
+    DSA_SIG *ret = NULL;
+    int noredo = 0;
+
+    BN_init(&m);
+    BN_init(&xr);
+
+    if (!dsa->p || !dsa->q || !dsa->g) {
+        reason = DSA_R_MISSING_PARAMETERS;
+        goto err;
+    }
+
+    s = BN_new();
+    if (s == NULL)
+        goto err;
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+ redo:
+    if ((dsa->kinv == NULL) || (dsa->r == NULL)) {
+        if (!DSA_sign_setup(dsa, ctx, &kinv, &r))
+            goto err;
+    } else {
+        kinv = dsa->kinv;
+        dsa->kinv = NULL;
+        r = dsa->r;
+        dsa->r = NULL;
+        noredo = 1;
+    }
+
+    if (dlen > BN_num_bytes(dsa->q))
+        /*
+         * if the digest length is greater than the size of q use the
+         * BN_num_bits(dsa->q) leftmost bits of the digest, see fips 186-3,
+         * 4.2
+         */
+        dlen = BN_num_bytes(dsa->q);
+    if (BN_bin2bn(dgst, dlen, &m) == NULL)
+        goto err;
+
+    /* Compute  s = inv(k) (m + xr) mod q */
+    if (!BN_mod_mul(&xr, dsa->priv_key, r, dsa->q, ctx))
+        goto err;               /* s = xr */
+    if (!BN_add(s, &xr, &m))
+        goto err;               /* s = m + xr */
+    if (BN_cmp(s, dsa->q) > 0)
+        if (!BN_sub(s, s, dsa->q))
+            goto err;
+    if (!BN_mod_mul(s, s, kinv, dsa->q, ctx))
+        goto err;
+
+    /*
+     * Redo if r or s is zero as required by FIPS 186-3: this is very
+     * unlikely.
+     */
+    if (BN_is_zero(r) || BN_is_zero(s)) {
+        if (noredo) {
+            reason = DSA_R_NEED_NEW_SETUP_VALUES;
+            goto err;
+        }
+        goto redo;
+    }
+    ret = DSA_SIG_new();
+    if (ret == NULL)
+        goto err;
+    ret->r = r;
+    ret->s = s;
+
+ err:
+    if (ret == NULL) {
+        DSAerr(DSA_F_DSA_DO_SIGN, reason);
+        BN_free(r);
+        BN_free(s);
+    }
+    if (ctx != NULL)
+        BN_CTX_free(ctx);
+    BN_clear_free(&m);
+    BN_clear_free(&xr);
+    if (kinv != NULL)           /* dsa->kinv is NULL now if we used it */
+        BN_clear_free(kinv);
+    return (ret);
+}
+
+static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
+                          BIGNUM **rp)
+{
+    BN_CTX *ctx;
+    BIGNUM k, kq, *K, *kinv = NULL, *r = NULL;
+    int ret = 0;
+
+    if (!dsa->p || !dsa->q || !dsa->g) {
+        DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS);
+        return 0;
+    }
+
+    BN_init(&k);
+    BN_init(&kq);
+
+    if (ctx_in == NULL) {
+        if ((ctx = BN_CTX_new()) == NULL)
+            goto err;
+    } else
+        ctx = ctx_in;
+
+    if ((r = BN_new()) == NULL)
+        goto err;
+
+    /* Get random k */
+    do
+        if (!BN_rand_range(&k, dsa->q))
+            goto err;
+    while (BN_is_zero(&k));
+
+    if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
+        BN_set_flags(&k, BN_FLG_CONSTTIME);
+    }
+
+
+    if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
+        if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
+                                    CRYPTO_LOCK_DSA, dsa->p, ctx))
+            goto err;
+    }
+
+    /* Compute r = (g^k mod p) mod q */
+
+    if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
+        if (!BN_copy(&kq, &k))
+            goto err;
+
+        BN_set_flags(&kq, BN_FLG_CONSTTIME);
+
+        /*
+         * We do not want timing information to leak the length of k, so we
+         * compute g^k using an equivalent exponent of fixed length. (This
+         * is a kludge that we need because the BN_mod_exp_mont() does not
+         * let us specify the desired timing behaviour.)
+         */
+
+        if (!BN_add(&kq, &kq, dsa->q))
+            goto err;
+        if (BN_num_bits(&kq) <= BN_num_bits(dsa->q)) {
+            if (!BN_add(&kq, &kq, dsa->q))
+                goto err;
+        }
+
+        K = &kq;
+    } else {
+        K = &k;
+    }
+
+    DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
+                   dsa->method_mont_p);
+    if (!BN_mod(r, r, dsa->q, ctx))
+        goto err;
+
+    /* Compute  part of 's = inv(k) (m + xr) mod q' */
+    if ((kinv = BN_mod_inverse(NULL, &k, dsa->q, ctx)) == NULL)
+        goto err;
+
+    if (*kinvp != NULL)
+        BN_clear_free(*kinvp);
+    *kinvp = kinv;
+    kinv = NULL;
+    if (*rp != NULL)
+        BN_clear_free(*rp);
+    *rp = r;
+    ret = 1;
+ err:
+    if (!ret) {
+        DSAerr(DSA_F_DSA_SIGN_SETUP, ERR_R_BN_LIB);
+        if (r != NULL)
+            BN_clear_free(r);
+    }
+    if (ctx_in == NULL)
+        BN_CTX_free(ctx);
+    BN_clear_free(&k);
+    BN_clear_free(&kq);
+    return (ret);
+}
+
+static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
+                         DSA_SIG *sig, DSA *dsa)
+{
+    BN_CTX *ctx;
+    BIGNUM u1, u2, t1;
+    BN_MONT_CTX *mont = NULL;
+    int ret = -1, i;
+    if (!dsa->p || !dsa->q || !dsa->g) {
+        DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MISSING_PARAMETERS);
+        return -1;
+    }
+
+    i = BN_num_bits(dsa->q);
+    /* fips 186-3 allows only different sizes for q */
+    if (i != 160 && i != 224 && i != 256) {
+        DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_BAD_Q_VALUE);
+        return -1;
+    }
+
+    if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) {
+        DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MODULUS_TOO_LARGE);
+        return -1;
+    }
+    BN_init(&u1);
+    BN_init(&u2);
+    BN_init(&t1);
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+
+    if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
+        BN_ucmp(sig->r, dsa->q) >= 0) {
+        ret = 0;
+        goto err;
+    }
+    if (BN_is_zero(sig->s) || BN_is_negative(sig->s) ||
+        BN_ucmp(sig->s, dsa->q) >= 0) {
+        ret = 0;
+        goto err;
+    }
+
+    /*
+     * Calculate W = inv(S) mod Q save W in u2
+     */
+    if ((BN_mod_inverse(&u2, sig->s, dsa->q, ctx)) == NULL)
+        goto err;
+
+    /* save M in u1 */
+    if (dgst_len > (i >> 3))
+        /*
+         * if the digest length is greater than the size of q use the
+         * BN_num_bits(dsa->q) leftmost bits of the digest, see fips 186-3,
+         * 4.2
+         */
+        dgst_len = (i >> 3);
+    if (BN_bin2bn(dgst, dgst_len, &u1) == NULL)
+        goto err;
+
+    /* u1 = M * w mod q */
+    if (!BN_mod_mul(&u1, &u1, &u2, dsa->q, ctx))
+        goto err;
+
+    /* u2 = r * w mod q */
+    if (!BN_mod_mul(&u2, sig->r, &u2, dsa->q, ctx))
+        goto err;
+
+    if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
+        mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p,
+                                      CRYPTO_LOCK_DSA, dsa->p, ctx);
+        if (!mont)
+            goto err;
+    }
+
+    DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p,
+                ctx, mont);
+    /* BN_copy(&u1,&t1); */
+    /* let u1 = u1 mod q */
+    if (!BN_mod(&u1, &t1, dsa->q, ctx))
+        goto err;
+
+    /*
+     * V is now in u1.  If the signature is correct, it will be equal to R.
+     */
+    ret = (BN_ucmp(&u1, sig->r) == 0);
+
+ err:
+    /*
+     * XXX: surely this is wrong - if ret is 0, it just didn't verify; there
+     * is no error in BN. Test should be ret == -1 (Ben)
+     */
+    if (ret != 1)
+        DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_BN_LIB);
+    if (ctx != NULL)
+        BN_CTX_free(ctx);
+    BN_free(&u1);
+    BN_free(&u2);
+    BN_free(&t1);
+    return (ret);
+}
+
+static int dsa_init(DSA *dsa)
+{
+    dsa->flags |= DSA_FLAG_CACHE_MONT_P;
+    return (1);
+}
+
+static int dsa_finish(DSA *dsa)
+{
+    if (dsa->method_mont_p)
+        BN_MONT_CTX_free(dsa->method_mont_p);
+    return (1);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/dso/dso.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/dso/dso.h	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/dso/dso.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,451 +0,0 @@
-/* dso.h -*- mode:C; c-file-style: "eay" -*- */
-/*
- * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_DSO_H
-# define HEADER_DSO_H
-
-# include <openssl/crypto.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* These values are used as commands to DSO_ctrl() */
-# define DSO_CTRL_GET_FLAGS      1
-# define DSO_CTRL_SET_FLAGS      2
-# define DSO_CTRL_OR_FLAGS       3
-
-/*
- * By default, DSO_load() will translate the provided filename into a form
- * typical for the platform (more specifically the DSO_METHOD) using the
- * dso_name_converter function of the method. Eg. win32 will transform "blah"
- * into "blah.dll", and dlfcn will transform it into "libblah.so". The
- * behaviour can be overriden by setting the name_converter callback in the
- * DSO object (using DSO_set_name_converter()). This callback could even
- * utilise the DSO_METHOD's converter too if it only wants to override
- * behaviour for one or two possible DSO methods. However, the following flag
- * can be set in a DSO to prevent *any* native name-translation at all - eg.
- * if the caller has prompted the user for a path to a driver library so the
- * filename should be interpreted as-is.
- */
-# define DSO_FLAG_NO_NAME_TRANSLATION            0x01
-/*
- * An extra flag to give if only the extension should be added as
- * translation.  This is obviously only of importance on Unix and other
- * operating systems where the translation also may prefix the name with
- * something, like 'lib', and ignored everywhere else. This flag is also
- * ignored if DSO_FLAG_NO_NAME_TRANSLATION is used at the same time.
- */
-# define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY      0x02
-
-/*
- * The following flag controls the translation of symbol names to upper case.
- * This is currently only being implemented for OpenVMS.
- */
-# define DSO_FLAG_UPCASE_SYMBOL                  0x10
-
-/*
- * This flag loads the library with public symbols. Meaning: The exported
- * symbols of this library are public to all libraries loaded after this
- * library. At the moment only implemented in unix.
- */
-# define DSO_FLAG_GLOBAL_SYMBOLS                 0x20
-
-typedef void (*DSO_FUNC_TYPE) (void);
-
-typedef struct dso_st DSO;
-
-/*
- * The function prototype used for method functions (or caller-provided
- * callbacks) that transform filenames. They are passed a DSO structure
- * pointer (or NULL if they are to be used independantly of a DSO object) and
- * a filename to transform. They should either return NULL (if there is an
- * error condition) or a newly allocated string containing the transformed
- * form that the caller will need to free with OPENSSL_free() when done.
- */
-typedef char *(*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *);
-/*
- * The function prototype used for method functions (or caller-provided
- * callbacks) that merge two file specifications. They are passed a DSO
- * structure pointer (or NULL if they are to be used independantly of a DSO
- * object) and two file specifications to merge. They should either return
- * NULL (if there is an error condition) or a newly allocated string
- * containing the result of merging that the caller will need to free with
- * OPENSSL_free() when done. Here, merging means that bits and pieces are
- * taken from each of the file specifications and added together in whatever
- * fashion that is sensible for the DSO method in question.  The only rule
- * that really applies is that if the two specification contain pieces of the
- * same type, the copy from the first string takes priority.  One could see
- * it as the first specification is the one given by the user and the second
- * being a bunch of defaults to add on if they're missing in the first.
- */
-typedef char *(*DSO_MERGER_FUNC)(DSO *, const char *, const char *);
-
-typedef struct dso_meth_st {
-    const char *name;
-    /*
-     * Loads a shared library, NB: new DSO_METHODs must ensure that a
-     * successful load populates the loaded_filename field, and likewise a
-     * successful unload OPENSSL_frees and NULLs it out.
-     */
-    int (*dso_load) (DSO *dso);
-    /* Unloads a shared library */
-    int (*dso_unload) (DSO *dso);
-    /* Binds a variable */
-    void *(*dso_bind_var) (DSO *dso, const char *symname);
-    /*
-     * Binds a function - assumes a return type of DSO_FUNC_TYPE. This should
-     * be cast to the real function prototype by the caller. Platforms that
-     * don't have compatible representations for different prototypes (this
-     * is possible within ANSI C) are highly unlikely to have shared
-     * libraries at all, let alone a DSO_METHOD implemented for them.
-     */
-    DSO_FUNC_TYPE (*dso_bind_func) (DSO *dso, const char *symname);
-/* I don't think this would actually be used in any circumstances. */
-# if 0
-    /* Unbinds a variable */
-    int (*dso_unbind_var) (DSO *dso, char *symname, void *symptr);
-    /* Unbinds a function */
-    int (*dso_unbind_func) (DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
-# endif
-    /*
-     * The generic (yuck) "ctrl()" function. NB: Negative return values
-     * (rather than zero) indicate errors.
-     */
-    long (*dso_ctrl) (DSO *dso, int cmd, long larg, void *parg);
-    /*
-     * The default DSO_METHOD-specific function for converting filenames to a
-     * canonical native form.
-     */
-    DSO_NAME_CONVERTER_FUNC dso_name_converter;
-    /*
-     * The default DSO_METHOD-specific function for converting filenames to a
-     * canonical native form.
-     */
-    DSO_MERGER_FUNC dso_merger;
-    /* [De]Initialisation handlers. */
-    int (*init) (DSO *dso);
-    int (*finish) (DSO *dso);
-    /* Return pathname of the module containing location */
-    int (*pathbyaddr) (void *addr, char *path, int sz);
-    /* Perform global symbol lookup, i.e. among *all* modules */
-    void *(*globallookup) (const char *symname);
-} DSO_METHOD;
-
-/**********************************************************************/
-/* The low-level handle type used to refer to a loaded shared library */
-
-struct dso_st {
-    DSO_METHOD *meth;
-    /*
-     * Standard dlopen uses a (void *). Win32 uses a HANDLE. VMS doesn't use
-     * anything but will need to cache the filename for use in the dso_bind
-     * handler. All in all, let each method control its own destiny.
-     * "Handles" and such go in a STACK.
-     */
-    STACK_OF(void) *meth_data;
-    int references;
-    int flags;
-    /*
-     * For use by applications etc ... use this for your bits'n'pieces, don't
-     * touch meth_data!
-     */
-    CRYPTO_EX_DATA ex_data;
-    /*
-     * If this callback function pointer is set to non-NULL, then it will be
-     * used in DSO_load() in place of meth->dso_name_converter. NB: This
-     * should normally set using DSO_set_name_converter().
-     */
-    DSO_NAME_CONVERTER_FUNC name_converter;
-    /*
-     * If this callback function pointer is set to non-NULL, then it will be
-     * used in DSO_load() in place of meth->dso_merger. NB: This should
-     * normally set using DSO_set_merger().
-     */
-    DSO_MERGER_FUNC merger;
-    /*
-     * This is populated with (a copy of) the platform-independant filename
-     * used for this DSO.
-     */
-    char *filename;
-    /*
-     * This is populated with (a copy of) the translated filename by which
-     * the DSO was actually loaded. It is NULL iff the DSO is not currently
-     * loaded. NB: This is here because the filename translation process may
-     * involve a callback being invoked more than once not only to convert to
-     * a platform-specific form, but also to try different filenames in the
-     * process of trying to perform a load. As such, this variable can be
-     * used to indicate (a) whether this DSO structure corresponds to a
-     * loaded library or not, and (b) the filename with which it was actually
-     * loaded.
-     */
-    char *loaded_filename;
-};
-
-DSO *DSO_new(void);
-DSO *DSO_new_method(DSO_METHOD *method);
-int DSO_free(DSO *dso);
-int DSO_flags(DSO *dso);
-int DSO_up_ref(DSO *dso);
-long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg);
-
-/*
- * This function sets the DSO's name_converter callback. If it is non-NULL,
- * then it will be used instead of the associated DSO_METHOD's function. If
- * oldcb is non-NULL then it is set to the function pointer value being
- * replaced. Return value is non-zero for success.
- */
-int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb,
-                           DSO_NAME_CONVERTER_FUNC *oldcb);
-/*
- * These functions can be used to get/set the platform-independant filename
- * used for a DSO. NB: set will fail if the DSO is already loaded.
- */
-const char *DSO_get_filename(DSO *dso);
-int DSO_set_filename(DSO *dso, const char *filename);
-/*
- * This function will invoke the DSO's name_converter callback to translate a
- * filename, or if the callback isn't set it will instead use the DSO_METHOD's
- * converter. If "filename" is NULL, the "filename" in the DSO itself will be
- * used. If the DSO_FLAG_NO_NAME_TRANSLATION flag is set, then the filename is
- * simply duplicated. NB: This function is usually called from within a
- * DSO_METHOD during the processing of a DSO_load() call, and is exposed so
- * that caller-created DSO_METHODs can do the same thing. A non-NULL return
- * value will need to be OPENSSL_free()'d.
- */
-char *DSO_convert_filename(DSO *dso, const char *filename);
-/*
- * This function will invoke the DSO's merger callback to merge two file
- * specifications, or if the callback isn't set it will instead use the
- * DSO_METHOD's merger.  A non-NULL return value will need to be
- * OPENSSL_free()'d.
- */
-char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2);
-/*
- * If the DSO is currently loaded, this returns the filename that it was
- * loaded under, otherwise it returns NULL. So it is also useful as a test as
- * to whether the DSO is currently loaded. NB: This will not necessarily
- * return the same value as DSO_convert_filename(dso, dso->filename), because
- * the DSO_METHOD's load function may have tried a variety of filenames (with
- * and/or without the aid of the converters) before settling on the one it
- * actually loaded.
- */
-const char *DSO_get_loaded_filename(DSO *dso);
-
-void DSO_set_default_method(DSO_METHOD *meth);
-DSO_METHOD *DSO_get_default_method(void);
-DSO_METHOD *DSO_get_method(DSO *dso);
-DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth);
-
-/*
- * The all-singing all-dancing load function, you normally pass NULL for the
- * first and third parameters. Use DSO_up and DSO_free for subsequent
- * reference count handling. Any flags passed in will be set in the
- * constructed DSO after its init() function but before the load operation.
- * If 'dso' is non-NULL, 'flags' is ignored.
- */
-DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags);
-
-/* This function binds to a variable inside a shared library. */
-void *DSO_bind_var(DSO *dso, const char *symname);
-
-/* This function binds to a function inside a shared library. */
-DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname);
-
-/*
- * This method is the default, but will beg, borrow, or steal whatever method
- * should be the default on any particular platform (including
- * DSO_METH_null() if necessary).
- */
-DSO_METHOD *DSO_METHOD_openssl(void);
-
-/*
- * This method is defined for all platforms - if a platform has no DSO
- * support then this will be the only method!
- */
-DSO_METHOD *DSO_METHOD_null(void);
-
-/*
- * If DSO_DLFCN is defined, the standard dlfcn.h-style functions (dlopen,
- * dlclose, dlsym, etc) will be used and incorporated into this method. If
- * not, this method will return NULL.
- */
-DSO_METHOD *DSO_METHOD_dlfcn(void);
-
-/*
- * If DSO_DL is defined, the standard dl.h-style functions (shl_load,
- * shl_unload, shl_findsym, etc) will be used and incorporated into this
- * method. If not, this method will return NULL.
- */
-DSO_METHOD *DSO_METHOD_dl(void);
-
-/* If WIN32 is defined, use DLLs. If not, return NULL. */
-DSO_METHOD *DSO_METHOD_win32(void);
-
-/* If VMS is defined, use shared images. If not, return NULL. */
-DSO_METHOD *DSO_METHOD_vms(void);
-
-/*
- * This function writes null-terminated pathname of DSO module containing
- * 'addr' into 'sz' large caller-provided 'path' and returns the number of
- * characters [including trailing zero] written to it. If 'sz' is 0 or
- * negative, 'path' is ignored and required amount of charachers [including
- * trailing zero] to accomodate pathname is returned. If 'addr' is NULL, then
- * pathname of cryptolib itself is returned. Negative or zero return value
- * denotes error.
- */
-int DSO_pathbyaddr(void *addr, char *path, int sz);
-
-/*
- * This function should be used with caution! It looks up symbols in *all*
- * loaded modules and if module gets unloaded by somebody else attempt to
- * dereference the pointer is doomed to have fatal consequences. Primary
- * usage for this function is to probe *core* system functionality, e.g.
- * check if getnameinfo(3) is available at run-time without bothering about
- * OS-specific details such as libc.so.versioning or where does it actually
- * reside: in libc itself or libsocket.
- */
-void *DSO_global_lookup(const char *name);
-
-/* If BeOS is defined, use shared images. If not, return NULL. */
-DSO_METHOD *DSO_METHOD_beos(void);
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_DSO_strings(void);
-
-/* Error codes for the DSO functions. */
-
-/* Function codes. */
-# define DSO_F_BEOS_BIND_FUNC                             144
-# define DSO_F_BEOS_BIND_VAR                              145
-# define DSO_F_BEOS_LOAD                                  146
-# define DSO_F_BEOS_NAME_CONVERTER                        147
-# define DSO_F_BEOS_UNLOAD                                148
-# define DSO_F_DLFCN_BIND_FUNC                            100
-# define DSO_F_DLFCN_BIND_VAR                             101
-# define DSO_F_DLFCN_LOAD                                 102
-# define DSO_F_DLFCN_MERGER                               130
-# define DSO_F_DLFCN_NAME_CONVERTER                       123
-# define DSO_F_DLFCN_UNLOAD                               103
-# define DSO_F_DL_BIND_FUNC                               104
-# define DSO_F_DL_BIND_VAR                                105
-# define DSO_F_DL_LOAD                                    106
-# define DSO_F_DL_MERGER                                  131
-# define DSO_F_DL_NAME_CONVERTER                          124
-# define DSO_F_DL_UNLOAD                                  107
-# define DSO_F_DSO_BIND_FUNC                              108
-# define DSO_F_DSO_BIND_VAR                               109
-# define DSO_F_DSO_CONVERT_FILENAME                       126
-# define DSO_F_DSO_CTRL                                   110
-# define DSO_F_DSO_FREE                                   111
-# define DSO_F_DSO_GET_FILENAME                           127
-# define DSO_F_DSO_GET_LOADED_FILENAME                    128
-# define DSO_F_DSO_GLOBAL_LOOKUP                          139
-# define DSO_F_DSO_LOAD                                   112
-# define DSO_F_DSO_MERGE                                  132
-# define DSO_F_DSO_NEW_METHOD                             113
-# define DSO_F_DSO_PATHBYADDR                             140
-# define DSO_F_DSO_SET_FILENAME                           129
-# define DSO_F_DSO_SET_NAME_CONVERTER                     122
-# define DSO_F_DSO_UP_REF                                 114
-# define DSO_F_GLOBAL_LOOKUP_FUNC                         138
-# define DSO_F_PATHBYADDR                                 137
-# define DSO_F_VMS_BIND_SYM                               115
-# define DSO_F_VMS_LOAD                                   116
-# define DSO_F_VMS_MERGER                                 133
-# define DSO_F_VMS_UNLOAD                                 117
-# define DSO_F_WIN32_BIND_FUNC                            118
-# define DSO_F_WIN32_BIND_VAR                             119
-# define DSO_F_WIN32_GLOBALLOOKUP                         142
-# define DSO_F_WIN32_GLOBALLOOKUP_FUNC                    143
-# define DSO_F_WIN32_JOINER                               135
-# define DSO_F_WIN32_LOAD                                 120
-# define DSO_F_WIN32_MERGER                               134
-# define DSO_F_WIN32_NAME_CONVERTER                       125
-# define DSO_F_WIN32_PATHBYADDR                           141
-# define DSO_F_WIN32_SPLITTER                             136
-# define DSO_F_WIN32_UNLOAD                               121
-
-/* Reason codes. */
-# define DSO_R_CTRL_FAILED                                100
-# define DSO_R_DSO_ALREADY_LOADED                         110
-# define DSO_R_EMPTY_FILE_STRUCTURE                       113
-# define DSO_R_FAILURE                                    114
-# define DSO_R_FILENAME_TOO_BIG                           101
-# define DSO_R_FINISH_FAILED                              102
-# define DSO_R_INCORRECT_FILE_SYNTAX                      115
-# define DSO_R_LOAD_FAILED                                103
-# define DSO_R_NAME_TRANSLATION_FAILED                    109
-# define DSO_R_NO_FILENAME                                111
-# define DSO_R_NO_FILE_SPECIFICATION                      116
-# define DSO_R_NULL_HANDLE                                104
-# define DSO_R_SET_FILENAME_FAILED                        112
-# define DSO_R_STACK_ERROR                                105
-# define DSO_R_SYM_FAILURE                                106
-# define DSO_R_UNLOAD_FAILED                              107
-# define DSO_R_UNSUPPORTED                                108
-
-#ifdef  __cplusplus
-}
-#endif
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/dso/dso.h (from rev 11605, vendor-crypto/openssl/dist/crypto/dso/dso.h)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/dso/dso.h	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/dso/dso.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,451 @@
+/* dso.h */
+/*
+ * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_DSO_H
+# define HEADER_DSO_H
+
+# include <openssl/crypto.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* These values are used as commands to DSO_ctrl() */
+# define DSO_CTRL_GET_FLAGS      1
+# define DSO_CTRL_SET_FLAGS      2
+# define DSO_CTRL_OR_FLAGS       3
+
+/*
+ * By default, DSO_load() will translate the provided filename into a form
+ * typical for the platform (more specifically the DSO_METHOD) using the
+ * dso_name_converter function of the method. Eg. win32 will transform "blah"
+ * into "blah.dll", and dlfcn will transform it into "libblah.so". The
+ * behaviour can be overriden by setting the name_converter callback in the
+ * DSO object (using DSO_set_name_converter()). This callback could even
+ * utilise the DSO_METHOD's converter too if it only wants to override
+ * behaviour for one or two possible DSO methods. However, the following flag
+ * can be set in a DSO to prevent *any* native name-translation at all - eg.
+ * if the caller has prompted the user for a path to a driver library so the
+ * filename should be interpreted as-is.
+ */
+# define DSO_FLAG_NO_NAME_TRANSLATION            0x01
+/*
+ * An extra flag to give if only the extension should be added as
+ * translation.  This is obviously only of importance on Unix and other
+ * operating systems where the translation also may prefix the name with
+ * something, like 'lib', and ignored everywhere else. This flag is also
+ * ignored if DSO_FLAG_NO_NAME_TRANSLATION is used at the same time.
+ */
+# define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY      0x02
+
+/*
+ * The following flag controls the translation of symbol names to upper case.
+ * This is currently only being implemented for OpenVMS.
+ */
+# define DSO_FLAG_UPCASE_SYMBOL                  0x10
+
+/*
+ * This flag loads the library with public symbols. Meaning: The exported
+ * symbols of this library are public to all libraries loaded after this
+ * library. At the moment only implemented in unix.
+ */
+# define DSO_FLAG_GLOBAL_SYMBOLS                 0x20
+
+typedef void (*DSO_FUNC_TYPE) (void);
+
+typedef struct dso_st DSO;
+
+/*
+ * The function prototype used for method functions (or caller-provided
+ * callbacks) that transform filenames. They are passed a DSO structure
+ * pointer (or NULL if they are to be used independantly of a DSO object) and
+ * a filename to transform. They should either return NULL (if there is an
+ * error condition) or a newly allocated string containing the transformed
+ * form that the caller will need to free with OPENSSL_free() when done.
+ */
+typedef char *(*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *);
+/*
+ * The function prototype used for method functions (or caller-provided
+ * callbacks) that merge two file specifications. They are passed a DSO
+ * structure pointer (or NULL if they are to be used independantly of a DSO
+ * object) and two file specifications to merge. They should either return
+ * NULL (if there is an error condition) or a newly allocated string
+ * containing the result of merging that the caller will need to free with
+ * OPENSSL_free() when done. Here, merging means that bits and pieces are
+ * taken from each of the file specifications and added together in whatever
+ * fashion that is sensible for the DSO method in question.  The only rule
+ * that really applies is that if the two specification contain pieces of the
+ * same type, the copy from the first string takes priority.  One could see
+ * it as the first specification is the one given by the user and the second
+ * being a bunch of defaults to add on if they're missing in the first.
+ */
+typedef char *(*DSO_MERGER_FUNC)(DSO *, const char *, const char *);
+
+typedef struct dso_meth_st {
+    const char *name;
+    /*
+     * Loads a shared library, NB: new DSO_METHODs must ensure that a
+     * successful load populates the loaded_filename field, and likewise a
+     * successful unload OPENSSL_frees and NULLs it out.
+     */
+    int (*dso_load) (DSO *dso);
+    /* Unloads a shared library */
+    int (*dso_unload) (DSO *dso);
+    /* Binds a variable */
+    void *(*dso_bind_var) (DSO *dso, const char *symname);
+    /*
+     * Binds a function - assumes a return type of DSO_FUNC_TYPE. This should
+     * be cast to the real function prototype by the caller. Platforms that
+     * don't have compatible representations for different prototypes (this
+     * is possible within ANSI C) are highly unlikely to have shared
+     * libraries at all, let alone a DSO_METHOD implemented for them.
+     */
+    DSO_FUNC_TYPE (*dso_bind_func) (DSO *dso, const char *symname);
+/* I don't think this would actually be used in any circumstances. */
+# if 0
+    /* Unbinds a variable */
+    int (*dso_unbind_var) (DSO *dso, char *symname, void *symptr);
+    /* Unbinds a function */
+    int (*dso_unbind_func) (DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
+# endif
+    /*
+     * The generic (yuck) "ctrl()" function. NB: Negative return values
+     * (rather than zero) indicate errors.
+     */
+    long (*dso_ctrl) (DSO *dso, int cmd, long larg, void *parg);
+    /*
+     * The default DSO_METHOD-specific function for converting filenames to a
+     * canonical native form.
+     */
+    DSO_NAME_CONVERTER_FUNC dso_name_converter;
+    /*
+     * The default DSO_METHOD-specific function for converting filenames to a
+     * canonical native form.
+     */
+    DSO_MERGER_FUNC dso_merger;
+    /* [De]Initialisation handlers. */
+    int (*init) (DSO *dso);
+    int (*finish) (DSO *dso);
+    /* Return pathname of the module containing location */
+    int (*pathbyaddr) (void *addr, char *path, int sz);
+    /* Perform global symbol lookup, i.e. among *all* modules */
+    void *(*globallookup) (const char *symname);
+} DSO_METHOD;
+
+/**********************************************************************/
+/* The low-level handle type used to refer to a loaded shared library */
+
+struct dso_st {
+    DSO_METHOD *meth;
+    /*
+     * Standard dlopen uses a (void *). Win32 uses a HANDLE. VMS doesn't use
+     * anything but will need to cache the filename for use in the dso_bind
+     * handler. All in all, let each method control its own destiny.
+     * "Handles" and such go in a STACK.
+     */
+    STACK_OF(void) *meth_data;
+    int references;
+    int flags;
+    /*
+     * For use by applications etc ... use this for your bits'n'pieces, don't
+     * touch meth_data!
+     */
+    CRYPTO_EX_DATA ex_data;
+    /*
+     * If this callback function pointer is set to non-NULL, then it will be
+     * used in DSO_load() in place of meth->dso_name_converter. NB: This
+     * should normally set using DSO_set_name_converter().
+     */
+    DSO_NAME_CONVERTER_FUNC name_converter;
+    /*
+     * If this callback function pointer is set to non-NULL, then it will be
+     * used in DSO_load() in place of meth->dso_merger. NB: This should
+     * normally set using DSO_set_merger().
+     */
+    DSO_MERGER_FUNC merger;
+    /*
+     * This is populated with (a copy of) the platform-independant filename
+     * used for this DSO.
+     */
+    char *filename;
+    /*
+     * This is populated with (a copy of) the translated filename by which
+     * the DSO was actually loaded. It is NULL iff the DSO is not currently
+     * loaded. NB: This is here because the filename translation process may
+     * involve a callback being invoked more than once not only to convert to
+     * a platform-specific form, but also to try different filenames in the
+     * process of trying to perform a load. As such, this variable can be
+     * used to indicate (a) whether this DSO structure corresponds to a
+     * loaded library or not, and (b) the filename with which it was actually
+     * loaded.
+     */
+    char *loaded_filename;
+};
+
+DSO *DSO_new(void);
+DSO *DSO_new_method(DSO_METHOD *method);
+int DSO_free(DSO *dso);
+int DSO_flags(DSO *dso);
+int DSO_up_ref(DSO *dso);
+long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg);
+
+/*
+ * This function sets the DSO's name_converter callback. If it is non-NULL,
+ * then it will be used instead of the associated DSO_METHOD's function. If
+ * oldcb is non-NULL then it is set to the function pointer value being
+ * replaced. Return value is non-zero for success.
+ */
+int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb,
+                           DSO_NAME_CONVERTER_FUNC *oldcb);
+/*
+ * These functions can be used to get/set the platform-independant filename
+ * used for a DSO. NB: set will fail if the DSO is already loaded.
+ */
+const char *DSO_get_filename(DSO *dso);
+int DSO_set_filename(DSO *dso, const char *filename);
+/*
+ * This function will invoke the DSO's name_converter callback to translate a
+ * filename, or if the callback isn't set it will instead use the DSO_METHOD's
+ * converter. If "filename" is NULL, the "filename" in the DSO itself will be
+ * used. If the DSO_FLAG_NO_NAME_TRANSLATION flag is set, then the filename is
+ * simply duplicated. NB: This function is usually called from within a
+ * DSO_METHOD during the processing of a DSO_load() call, and is exposed so
+ * that caller-created DSO_METHODs can do the same thing. A non-NULL return
+ * value will need to be OPENSSL_free()'d.
+ */
+char *DSO_convert_filename(DSO *dso, const char *filename);
+/*
+ * This function will invoke the DSO's merger callback to merge two file
+ * specifications, or if the callback isn't set it will instead use the
+ * DSO_METHOD's merger.  A non-NULL return value will need to be
+ * OPENSSL_free()'d.
+ */
+char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2);
+/*
+ * If the DSO is currently loaded, this returns the filename that it was
+ * loaded under, otherwise it returns NULL. So it is also useful as a test as
+ * to whether the DSO is currently loaded. NB: This will not necessarily
+ * return the same value as DSO_convert_filename(dso, dso->filename), because
+ * the DSO_METHOD's load function may have tried a variety of filenames (with
+ * and/or without the aid of the converters) before settling on the one it
+ * actually loaded.
+ */
+const char *DSO_get_loaded_filename(DSO *dso);
+
+void DSO_set_default_method(DSO_METHOD *meth);
+DSO_METHOD *DSO_get_default_method(void);
+DSO_METHOD *DSO_get_method(DSO *dso);
+DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth);
+
+/*
+ * The all-singing all-dancing load function, you normally pass NULL for the
+ * first and third parameters. Use DSO_up and DSO_free for subsequent
+ * reference count handling. Any flags passed in will be set in the
+ * constructed DSO after its init() function but before the load operation.
+ * If 'dso' is non-NULL, 'flags' is ignored.
+ */
+DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags);
+
+/* This function binds to a variable inside a shared library. */
+void *DSO_bind_var(DSO *dso, const char *symname);
+
+/* This function binds to a function inside a shared library. */
+DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname);
+
+/*
+ * This method is the default, but will beg, borrow, or steal whatever method
+ * should be the default on any particular platform (including
+ * DSO_METH_null() if necessary).
+ */
+DSO_METHOD *DSO_METHOD_openssl(void);
+
+/*
+ * This method is defined for all platforms - if a platform has no DSO
+ * support then this will be the only method!
+ */
+DSO_METHOD *DSO_METHOD_null(void);
+
+/*
+ * If DSO_DLFCN is defined, the standard dlfcn.h-style functions (dlopen,
+ * dlclose, dlsym, etc) will be used and incorporated into this method. If
+ * not, this method will return NULL.
+ */
+DSO_METHOD *DSO_METHOD_dlfcn(void);
+
+/*
+ * If DSO_DL is defined, the standard dl.h-style functions (shl_load,
+ * shl_unload, shl_findsym, etc) will be used and incorporated into this
+ * method. If not, this method will return NULL.
+ */
+DSO_METHOD *DSO_METHOD_dl(void);
+
+/* If WIN32 is defined, use DLLs. If not, return NULL. */
+DSO_METHOD *DSO_METHOD_win32(void);
+
+/* If VMS is defined, use shared images. If not, return NULL. */
+DSO_METHOD *DSO_METHOD_vms(void);
+
+/*
+ * This function writes null-terminated pathname of DSO module containing
+ * 'addr' into 'sz' large caller-provided 'path' and returns the number of
+ * characters [including trailing zero] written to it. If 'sz' is 0 or
+ * negative, 'path' is ignored and required amount of charachers [including
+ * trailing zero] to accomodate pathname is returned. If 'addr' is NULL, then
+ * pathname of cryptolib itself is returned. Negative or zero return value
+ * denotes error.
+ */
+int DSO_pathbyaddr(void *addr, char *path, int sz);
+
+/*
+ * This function should be used with caution! It looks up symbols in *all*
+ * loaded modules and if module gets unloaded by somebody else attempt to
+ * dereference the pointer is doomed to have fatal consequences. Primary
+ * usage for this function is to probe *core* system functionality, e.g.
+ * check if getnameinfo(3) is available at run-time without bothering about
+ * OS-specific details such as libc.so.versioning or where does it actually
+ * reside: in libc itself or libsocket.
+ */
+void *DSO_global_lookup(const char *name);
+
+/* If BeOS is defined, use shared images. If not, return NULL. */
+DSO_METHOD *DSO_METHOD_beos(void);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_DSO_strings(void);
+
+/* Error codes for the DSO functions. */
+
+/* Function codes. */
+# define DSO_F_BEOS_BIND_FUNC                             144
+# define DSO_F_BEOS_BIND_VAR                              145
+# define DSO_F_BEOS_LOAD                                  146
+# define DSO_F_BEOS_NAME_CONVERTER                        147
+# define DSO_F_BEOS_UNLOAD                                148
+# define DSO_F_DLFCN_BIND_FUNC                            100
+# define DSO_F_DLFCN_BIND_VAR                             101
+# define DSO_F_DLFCN_LOAD                                 102
+# define DSO_F_DLFCN_MERGER                               130
+# define DSO_F_DLFCN_NAME_CONVERTER                       123
+# define DSO_F_DLFCN_UNLOAD                               103
+# define DSO_F_DL_BIND_FUNC                               104
+# define DSO_F_DL_BIND_VAR                                105
+# define DSO_F_DL_LOAD                                    106
+# define DSO_F_DL_MERGER                                  131
+# define DSO_F_DL_NAME_CONVERTER                          124
+# define DSO_F_DL_UNLOAD                                  107
+# define DSO_F_DSO_BIND_FUNC                              108
+# define DSO_F_DSO_BIND_VAR                               109
+# define DSO_F_DSO_CONVERT_FILENAME                       126
+# define DSO_F_DSO_CTRL                                   110
+# define DSO_F_DSO_FREE                                   111
+# define DSO_F_DSO_GET_FILENAME                           127
+# define DSO_F_DSO_GET_LOADED_FILENAME                    128
+# define DSO_F_DSO_GLOBAL_LOOKUP                          139
+# define DSO_F_DSO_LOAD                                   112
+# define DSO_F_DSO_MERGE                                  132
+# define DSO_F_DSO_NEW_METHOD                             113
+# define DSO_F_DSO_PATHBYADDR                             140
+# define DSO_F_DSO_SET_FILENAME                           129
+# define DSO_F_DSO_SET_NAME_CONVERTER                     122
+# define DSO_F_DSO_UP_REF                                 114
+# define DSO_F_GLOBAL_LOOKUP_FUNC                         138
+# define DSO_F_PATHBYADDR                                 137
+# define DSO_F_VMS_BIND_SYM                               115
+# define DSO_F_VMS_LOAD                                   116
+# define DSO_F_VMS_MERGER                                 133
+# define DSO_F_VMS_UNLOAD                                 117
+# define DSO_F_WIN32_BIND_FUNC                            118
+# define DSO_F_WIN32_BIND_VAR                             119
+# define DSO_F_WIN32_GLOBALLOOKUP                         142
+# define DSO_F_WIN32_GLOBALLOOKUP_FUNC                    143
+# define DSO_F_WIN32_JOINER                               135
+# define DSO_F_WIN32_LOAD                                 120
+# define DSO_F_WIN32_MERGER                               134
+# define DSO_F_WIN32_NAME_CONVERTER                       125
+# define DSO_F_WIN32_PATHBYADDR                           141
+# define DSO_F_WIN32_SPLITTER                             136
+# define DSO_F_WIN32_UNLOAD                               121
+
+/* Reason codes. */
+# define DSO_R_CTRL_FAILED                                100
+# define DSO_R_DSO_ALREADY_LOADED                         110
+# define DSO_R_EMPTY_FILE_STRUCTURE                       113
+# define DSO_R_FAILURE                                    114
+# define DSO_R_FILENAME_TOO_BIG                           101
+# define DSO_R_FINISH_FAILED                              102
+# define DSO_R_INCORRECT_FILE_SYNTAX                      115
+# define DSO_R_LOAD_FAILED                                103
+# define DSO_R_NAME_TRANSLATION_FAILED                    109
+# define DSO_R_NO_FILENAME                                111
+# define DSO_R_NO_FILE_SPECIFICATION                      116
+# define DSO_R_NULL_HANDLE                                104
+# define DSO_R_SET_FILENAME_FAILED                        112
+# define DSO_R_STACK_ERROR                                105
+# define DSO_R_SYM_FAILURE                                106
+# define DSO_R_UNLOAD_FAILED                              107
+# define DSO_R_UNSUPPORTED                                108
+
+#ifdef  __cplusplus
+}
+#endif
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/dso/dso_dl.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dso/dso_dl.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/dso/dso_dl.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,380 +0,0 @@
-/* dso_dl.c -*- mode:C; c-file-style: "eay" -*- */
-/*
- * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/dso.h>
-
-#ifndef DSO_DL
-DSO_METHOD *DSO_METHOD_dl(void)
-{
-    return NULL;
-}
-#else
-
-# include <dl.h>
-
-/* Part of the hack in "dl_load" ... */
-# define DSO_MAX_TRANSLATED_SIZE 256
-
-static int dl_load(DSO *dso);
-static int dl_unload(DSO *dso);
-static void *dl_bind_var(DSO *dso, const char *symname);
-static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname);
-# if 0
-static int dl_unbind_var(DSO *dso, char *symname, void *symptr);
-static int dl_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
-static int dl_init(DSO *dso);
-static int dl_finish(DSO *dso);
-static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg);
-# endif
-static char *dl_name_converter(DSO *dso, const char *filename);
-static char *dl_merger(DSO *dso, const char *filespec1,
-                       const char *filespec2);
-static int dl_pathbyaddr(void *addr, char *path, int sz);
-static void *dl_globallookup(const char *name);
-
-static DSO_METHOD dso_meth_dl = {
-    "OpenSSL 'dl' shared library method",
-    dl_load,
-    dl_unload,
-    dl_bind_var,
-    dl_bind_func,
-/* For now, "unbind" doesn't exist */
-# if 0
-    NULL,                       /* unbind_var */
-    NULL,                       /* unbind_func */
-# endif
-    NULL,                       /* ctrl */
-    dl_name_converter,
-    dl_merger,
-    NULL,                       /* init */
-    NULL,                       /* finish */
-    dl_pathbyaddr,
-    dl_globallookup
-};
-
-DSO_METHOD *DSO_METHOD_dl(void)
-{
-    return (&dso_meth_dl);
-}
-
-/*
- * For this DSO_METHOD, our meth_data STACK will contain; (i) the handle
- * (shl_t) returned from shl_load(). NB: I checked on HPUX11 and shl_t is
- * itself a pointer type so the cast is safe.
- */
-
-static int dl_load(DSO *dso)
-{
-    shl_t ptr = NULL;
-    /*
-     * We don't do any fancy retries or anything, just take the method's (or
-     * DSO's if it has the callback set) best translation of the
-     * platform-independant filename and try once with that.
-     */
-    char *filename = DSO_convert_filename(dso, NULL);
-
-    if (filename == NULL) {
-        DSOerr(DSO_F_DL_LOAD, DSO_R_NO_FILENAME);
-        goto err;
-    }
-    ptr = shl_load(filename, BIND_IMMEDIATE |
-                   (dso->flags & DSO_FLAG_NO_NAME_TRANSLATION ? 0 :
-                    DYNAMIC_PATH), 0L);
-    if (ptr == NULL) {
-        DSOerr(DSO_F_DL_LOAD, DSO_R_LOAD_FAILED);
-        ERR_add_error_data(4, "filename(", filename, "): ", strerror(errno));
-        goto err;
-    }
-    if (!sk_push(dso->meth_data, (char *)ptr)) {
-        DSOerr(DSO_F_DL_LOAD, DSO_R_STACK_ERROR);
-        goto err;
-    }
-    /*
-     * Success, stick the converted filename we've loaded under into the DSO
-     * (it also serves as the indicator that we are currently loaded).
-     */
-    dso->loaded_filename = filename;
-    return (1);
- err:
-    /* Cleanup! */
-    if (filename != NULL)
-        OPENSSL_free(filename);
-    if (ptr != NULL)
-        shl_unload(ptr);
-    return (0);
-}
-
-static int dl_unload(DSO *dso)
-{
-    shl_t ptr;
-    if (dso == NULL) {
-        DSOerr(DSO_F_DL_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
-        return (0);
-    }
-    if (sk_num(dso->meth_data) < 1)
-        return (1);
-    /* Is this statement legal? */
-    ptr = (shl_t) sk_pop(dso->meth_data);
-    if (ptr == NULL) {
-        DSOerr(DSO_F_DL_UNLOAD, DSO_R_NULL_HANDLE);
-        /*
-         * Should push the value back onto the stack in case of a retry.
-         */
-        sk_push(dso->meth_data, (char *)ptr);
-        return (0);
-    }
-    shl_unload(ptr);
-    return (1);
-}
-
-static void *dl_bind_var(DSO *dso, const char *symname)
-{
-    shl_t ptr;
-    void *sym;
-
-    if ((dso == NULL) || (symname == NULL)) {
-        DSOerr(DSO_F_DL_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
-    }
-    if (sk_num(dso->meth_data) < 1) {
-        DSOerr(DSO_F_DL_BIND_VAR, DSO_R_STACK_ERROR);
-        return (NULL);
-    }
-    ptr = (shl_t) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
-    if (ptr == NULL) {
-        DSOerr(DSO_F_DL_BIND_VAR, DSO_R_NULL_HANDLE);
-        return (NULL);
-    }
-    if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) {
-        DSOerr(DSO_F_DL_BIND_VAR, DSO_R_SYM_FAILURE);
-        ERR_add_error_data(4, "symname(", symname, "): ", strerror(errno));
-        return (NULL);
-    }
-    return (sym);
-}
-
-static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname)
-{
-    shl_t ptr;
-    void *sym;
-
-    if ((dso == NULL) || (symname == NULL)) {
-        DSOerr(DSO_F_DL_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
-    }
-    if (sk_num(dso->meth_data) < 1) {
-        DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_STACK_ERROR);
-        return (NULL);
-    }
-    ptr = (shl_t) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
-    if (ptr == NULL) {
-        DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_NULL_HANDLE);
-        return (NULL);
-    }
-    if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) {
-        DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_SYM_FAILURE);
-        ERR_add_error_data(4, "symname(", symname, "): ", strerror(errno));
-        return (NULL);
-    }
-    return ((DSO_FUNC_TYPE)sym);
-}
-
-static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2)
-{
-    char *merged;
-
-    if (!filespec1 && !filespec2) {
-        DSOerr(DSO_F_DL_MERGER, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
-    }
-    /*
-     * If the first file specification is a rooted path, it rules. same goes
-     * if the second file specification is missing.
-     */
-    if (!filespec2 || filespec1[0] == '/') {
-        merged = OPENSSL_malloc(strlen(filespec1) + 1);
-        if (!merged) {
-            DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE);
-            return (NULL);
-        }
-        strcpy(merged, filespec1);
-    }
-    /*
-     * If the first file specification is missing, the second one rules.
-     */
-    else if (!filespec1) {
-        merged = OPENSSL_malloc(strlen(filespec2) + 1);
-        if (!merged) {
-            DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE);
-            return (NULL);
-        }
-        strcpy(merged, filespec2);
-    } else
-        /*
-         * This part isn't as trivial as it looks.  It assumes that the
-         * second file specification really is a directory, and makes no
-         * checks whatsoever.  Therefore, the result becomes the
-         * concatenation of filespec2 followed by a slash followed by
-         * filespec1.
-         */
-    {
-        int spec2len, len;
-
-        spec2len = (filespec2 ? strlen(filespec2) : 0);
-        len = spec2len + (filespec1 ? strlen(filespec1) : 0);
-
-        if (filespec2 && filespec2[spec2len - 1] == '/') {
-            spec2len--;
-            len--;
-        }
-        merged = OPENSSL_malloc(len + 2);
-        if (!merged) {
-            DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE);
-            return (NULL);
-        }
-        strcpy(merged, filespec2);
-        merged[spec2len] = '/';
-        strcpy(&merged[spec2len + 1], filespec1);
-    }
-    return (merged);
-}
-
-/*
- * This function is identical to the one in dso_dlfcn.c, but as it is highly
- * unlikely that both the "dl" *and* "dlfcn" variants are being compiled at
- * the same time, there's no great duplicating the code. Figuring out an
- * elegant way to share one copy of the code would be more difficult and
- * would not leave the implementations independant.
- */
-# if defined(__hpux)
-static const char extension[] = ".sl";
-# else
-static const char extension[] = ".so";
-# endif
-static char *dl_name_converter(DSO *dso, const char *filename)
-{
-    char *translated;
-    int len, rsize, transform;
-
-    len = strlen(filename);
-    rsize = len + 1;
-    transform = (strstr(filename, "/") == NULL);
-    {
-        /* We will convert this to "%s.s?" or "lib%s.s?" */
-        rsize += strlen(extension); /* The length of ".s?" */
-        if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
-            rsize += 3;         /* The length of "lib" */
-    }
-    translated = OPENSSL_malloc(rsize);
-    if (translated == NULL) {
-        DSOerr(DSO_F_DL_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED);
-        return (NULL);
-    }
-    if (transform) {
-        if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
-            sprintf(translated, "lib%s%s", filename, extension);
-        else
-            sprintf(translated, "%s%s", filename, extension);
-    } else
-        sprintf(translated, "%s", filename);
-    return (translated);
-}
-
-static int dl_pathbyaddr(void *addr, char *path, int sz)
-{
-    struct shl_descriptor inf;
-    int i, len;
-
-    if (addr == NULL) {
-        union {
-            int (*f) (void *, char *, int);
-            void *p;
-        } t = {
-            dl_pathbyaddr
-        };
-        addr = t.p;
-    }
-
-    for (i = -1; shl_get_r(i, &inf) == 0; i++) {
-        if (((size_t)addr >= inf.tstart && (size_t)addr < inf.tend) ||
-            ((size_t)addr >= inf.dstart && (size_t)addr < inf.dend)) {
-            len = (int)strlen(inf.filename);
-            if (sz <= 0)
-                return len + 1;
-            if (len >= sz)
-                len = sz - 1;
-            memcpy(path, inf.filename, len);
-            path[len++] = 0;
-            return len;
-        }
-    }
-
-    return -1;
-}
-
-static void *dl_globallookup(const char *name)
-{
-    void *ret;
-    shl_t h = NULL;
-
-    return shl_findsym(&h, name, TYPE_UNDEFINED, &ret) ? NULL : ret;
-}
-#endif                          /* DSO_DL */

Copied: vendor-crypto/openssl/1.0.1u/crypto/dso/dso_dl.c (from rev 11605, vendor-crypto/openssl/dist/crypto/dso/dso_dl.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/dso/dso_dl.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/dso/dso_dl.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,380 @@
+/* dso_dl.c */
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+
+#ifndef DSO_DL
+DSO_METHOD *DSO_METHOD_dl(void)
+{
+    return NULL;
+}
+#else
+
+# include <dl.h>
+
+/* Part of the hack in "dl_load" ... */
+# define DSO_MAX_TRANSLATED_SIZE 256
+
+static int dl_load(DSO *dso);
+static int dl_unload(DSO *dso);
+static void *dl_bind_var(DSO *dso, const char *symname);
+static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname);
+# if 0
+static int dl_unbind_var(DSO *dso, char *symname, void *symptr);
+static int dl_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
+static int dl_init(DSO *dso);
+static int dl_finish(DSO *dso);
+static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg);
+# endif
+static char *dl_name_converter(DSO *dso, const char *filename);
+static char *dl_merger(DSO *dso, const char *filespec1,
+                       const char *filespec2);
+static int dl_pathbyaddr(void *addr, char *path, int sz);
+static void *dl_globallookup(const char *name);
+
+static DSO_METHOD dso_meth_dl = {
+    "OpenSSL 'dl' shared library method",
+    dl_load,
+    dl_unload,
+    dl_bind_var,
+    dl_bind_func,
+/* For now, "unbind" doesn't exist */
+# if 0
+    NULL,                       /* unbind_var */
+    NULL,                       /* unbind_func */
+# endif
+    NULL,                       /* ctrl */
+    dl_name_converter,
+    dl_merger,
+    NULL,                       /* init */
+    NULL,                       /* finish */
+    dl_pathbyaddr,
+    dl_globallookup
+};
+
+DSO_METHOD *DSO_METHOD_dl(void)
+{
+    return (&dso_meth_dl);
+}
+
+/*
+ * For this DSO_METHOD, our meth_data STACK will contain; (i) the handle
+ * (shl_t) returned from shl_load(). NB: I checked on HPUX11 and shl_t is
+ * itself a pointer type so the cast is safe.
+ */
+
+static int dl_load(DSO *dso)
+{
+    shl_t ptr = NULL;
+    /*
+     * We don't do any fancy retries or anything, just take the method's (or
+     * DSO's if it has the callback set) best translation of the
+     * platform-independant filename and try once with that.
+     */
+    char *filename = DSO_convert_filename(dso, NULL);
+
+    if (filename == NULL) {
+        DSOerr(DSO_F_DL_LOAD, DSO_R_NO_FILENAME);
+        goto err;
+    }
+    ptr = shl_load(filename, BIND_IMMEDIATE |
+                   (dso->flags & DSO_FLAG_NO_NAME_TRANSLATION ? 0 :
+                    DYNAMIC_PATH), 0L);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_DL_LOAD, DSO_R_LOAD_FAILED);
+        ERR_add_error_data(4, "filename(", filename, "): ", strerror(errno));
+        goto err;
+    }
+    if (!sk_push(dso->meth_data, (char *)ptr)) {
+        DSOerr(DSO_F_DL_LOAD, DSO_R_STACK_ERROR);
+        goto err;
+    }
+    /*
+     * Success, stick the converted filename we've loaded under into the DSO
+     * (it also serves as the indicator that we are currently loaded).
+     */
+    dso->loaded_filename = filename;
+    return (1);
+ err:
+    /* Cleanup! */
+    if (filename != NULL)
+        OPENSSL_free(filename);
+    if (ptr != NULL)
+        shl_unload(ptr);
+    return (0);
+}
+
+static int dl_unload(DSO *dso)
+{
+    shl_t ptr;
+    if (dso == NULL) {
+        DSOerr(DSO_F_DL_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
+        return (0);
+    }
+    if (sk_num(dso->meth_data) < 1)
+        return (1);
+    /* Is this statement legal? */
+    ptr = (shl_t) sk_pop(dso->meth_data);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_DL_UNLOAD, DSO_R_NULL_HANDLE);
+        /*
+         * Should push the value back onto the stack in case of a retry.
+         */
+        sk_push(dso->meth_data, (char *)ptr);
+        return (0);
+    }
+    shl_unload(ptr);
+    return (1);
+}
+
+static void *dl_bind_var(DSO *dso, const char *symname)
+{
+    shl_t ptr;
+    void *sym;
+
+    if ((dso == NULL) || (symname == NULL)) {
+        DSOerr(DSO_F_DL_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    if (sk_num(dso->meth_data) < 1) {
+        DSOerr(DSO_F_DL_BIND_VAR, DSO_R_STACK_ERROR);
+        return (NULL);
+    }
+    ptr = (shl_t) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_DL_BIND_VAR, DSO_R_NULL_HANDLE);
+        return (NULL);
+    }
+    if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) {
+        DSOerr(DSO_F_DL_BIND_VAR, DSO_R_SYM_FAILURE);
+        ERR_add_error_data(4, "symname(", symname, "): ", strerror(errno));
+        return (NULL);
+    }
+    return (sym);
+}
+
+static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname)
+{
+    shl_t ptr;
+    void *sym;
+
+    if ((dso == NULL) || (symname == NULL)) {
+        DSOerr(DSO_F_DL_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    if (sk_num(dso->meth_data) < 1) {
+        DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_STACK_ERROR);
+        return (NULL);
+    }
+    ptr = (shl_t) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_NULL_HANDLE);
+        return (NULL);
+    }
+    if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) {
+        DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_SYM_FAILURE);
+        ERR_add_error_data(4, "symname(", symname, "): ", strerror(errno));
+        return (NULL);
+    }
+    return ((DSO_FUNC_TYPE)sym);
+}
+
+static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2)
+{
+    char *merged;
+
+    if (!filespec1 && !filespec2) {
+        DSOerr(DSO_F_DL_MERGER, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    /*
+     * If the first file specification is a rooted path, it rules. same goes
+     * if the second file specification is missing.
+     */
+    if (!filespec2 || filespec1[0] == '/') {
+        merged = OPENSSL_malloc(strlen(filespec1) + 1);
+        if (!merged) {
+            DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE);
+            return (NULL);
+        }
+        strcpy(merged, filespec1);
+    }
+    /*
+     * If the first file specification is missing, the second one rules.
+     */
+    else if (!filespec1) {
+        merged = OPENSSL_malloc(strlen(filespec2) + 1);
+        if (!merged) {
+            DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE);
+            return (NULL);
+        }
+        strcpy(merged, filespec2);
+    } else
+        /*
+         * This part isn't as trivial as it looks.  It assumes that the
+         * second file specification really is a directory, and makes no
+         * checks whatsoever.  Therefore, the result becomes the
+         * concatenation of filespec2 followed by a slash followed by
+         * filespec1.
+         */
+    {
+        int spec2len, len;
+
+        spec2len = (filespec2 ? strlen(filespec2) : 0);
+        len = spec2len + (filespec1 ? strlen(filespec1) : 0);
+
+        if (filespec2 && filespec2[spec2len - 1] == '/') {
+            spec2len--;
+            len--;
+        }
+        merged = OPENSSL_malloc(len + 2);
+        if (!merged) {
+            DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE);
+            return (NULL);
+        }
+        strcpy(merged, filespec2);
+        merged[spec2len] = '/';
+        strcpy(&merged[spec2len + 1], filespec1);
+    }
+    return (merged);
+}
+
+/*
+ * This function is identical to the one in dso_dlfcn.c, but as it is highly
+ * unlikely that both the "dl" *and* "dlfcn" variants are being compiled at
+ * the same time, there's no great duplicating the code. Figuring out an
+ * elegant way to share one copy of the code would be more difficult and
+ * would not leave the implementations independant.
+ */
+# if defined(__hpux)
+static const char extension[] = ".sl";
+# else
+static const char extension[] = ".so";
+# endif
+static char *dl_name_converter(DSO *dso, const char *filename)
+{
+    char *translated;
+    int len, rsize, transform;
+
+    len = strlen(filename);
+    rsize = len + 1;
+    transform = (strstr(filename, "/") == NULL);
+    {
+        /* We will convert this to "%s.s?" or "lib%s.s?" */
+        rsize += strlen(extension); /* The length of ".s?" */
+        if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+            rsize += 3;         /* The length of "lib" */
+    }
+    translated = OPENSSL_malloc(rsize);
+    if (translated == NULL) {
+        DSOerr(DSO_F_DL_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED);
+        return (NULL);
+    }
+    if (transform) {
+        if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+            sprintf(translated, "lib%s%s", filename, extension);
+        else
+            sprintf(translated, "%s%s", filename, extension);
+    } else
+        sprintf(translated, "%s", filename);
+    return (translated);
+}
+
+static int dl_pathbyaddr(void *addr, char *path, int sz)
+{
+    struct shl_descriptor inf;
+    int i, len;
+
+    if (addr == NULL) {
+        union {
+            int (*f) (void *, char *, int);
+            void *p;
+        } t = {
+            dl_pathbyaddr
+        };
+        addr = t.p;
+    }
+
+    for (i = -1; shl_get_r(i, &inf) == 0; i++) {
+        if (((size_t)addr >= inf.tstart && (size_t)addr < inf.tend) ||
+            ((size_t)addr >= inf.dstart && (size_t)addr < inf.dend)) {
+            len = (int)strlen(inf.filename);
+            if (sz <= 0)
+                return len + 1;
+            if (len >= sz)
+                len = sz - 1;
+            memcpy(path, inf.filename, len);
+            path[len++] = 0;
+            return len;
+        }
+    }
+
+    return -1;
+}
+
+static void *dl_globallookup(const char *name)
+{
+    void *ret;
+    shl_t h = NULL;
+
+    return shl_findsym(&h, name, TYPE_UNDEFINED, &ret) ? NULL : ret;
+}
+#endif                          /* DSO_DL */

Deleted: vendor-crypto/openssl/1.0.1u/crypto/dso/dso_dlfcn.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dso/dso_dlfcn.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/dso/dso_dlfcn.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,465 +0,0 @@
-/* dso_dlfcn.c -*- mode:C; c-file-style: "eay" -*- */
-/*
- * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/*
- * We need to do this early, because stdio.h includes the header files that
- * handle _GNU_SOURCE and other similar macros.  Defining it later is simply
- * too late, because those headers are protected from re- inclusion.
- */
-#ifndef _GNU_SOURCE
-# define _GNU_SOURCE            /* make sure dladdr is declared */
-#endif
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/dso.h>
-
-#ifndef DSO_DLFCN
-DSO_METHOD *DSO_METHOD_dlfcn(void)
-{
-    return NULL;
-}
-#else
-
-# ifdef HAVE_DLFCN_H
-#  ifdef __osf__
-#   define __EXTENSIONS__
-#  endif
-#  include <dlfcn.h>
-#  define HAVE_DLINFO 1
-#  if defined(_AIX) || defined(__CYGWIN__) || \
-     defined(__SCO_VERSION__) || defined(_SCO_ELF) || \
-     (defined(__osf__) && !defined(RTLD_NEXT))     || \
-     (defined(__OpenBSD__) && !defined(RTLD_SELF)) || \
-        defined(__ANDROID__)
-#   undef HAVE_DLINFO
-#  endif
-# endif
-
-/* Part of the hack in "dlfcn_load" ... */
-# define DSO_MAX_TRANSLATED_SIZE 256
-
-static int dlfcn_load(DSO *dso);
-static int dlfcn_unload(DSO *dso);
-static void *dlfcn_bind_var(DSO *dso, const char *symname);
-static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname);
-# if 0
-static int dlfcn_unbind(DSO *dso, char *symname, void *symptr);
-static int dlfcn_init(DSO *dso);
-static int dlfcn_finish(DSO *dso);
-static long dlfcn_ctrl(DSO *dso, int cmd, long larg, void *parg);
-# endif
-static char *dlfcn_name_converter(DSO *dso, const char *filename);
-static char *dlfcn_merger(DSO *dso, const char *filespec1,
-                          const char *filespec2);
-static int dlfcn_pathbyaddr(void *addr, char *path, int sz);
-static void *dlfcn_globallookup(const char *name);
-
-static DSO_METHOD dso_meth_dlfcn = {
-    "OpenSSL 'dlfcn' shared library method",
-    dlfcn_load,
-    dlfcn_unload,
-    dlfcn_bind_var,
-    dlfcn_bind_func,
-/* For now, "unbind" doesn't exist */
-# if 0
-    NULL,                       /* unbind_var */
-    NULL,                       /* unbind_func */
-# endif
-    NULL,                       /* ctrl */
-    dlfcn_name_converter,
-    dlfcn_merger,
-    NULL,                       /* init */
-    NULL,                       /* finish */
-    dlfcn_pathbyaddr,
-    dlfcn_globallookup
-};
-
-DSO_METHOD *DSO_METHOD_dlfcn(void)
-{
-    return (&dso_meth_dlfcn);
-}
-
-/*
- * Prior to using the dlopen() function, we should decide on the flag we
- * send. There's a few different ways of doing this and it's a messy
- * venn-diagram to match up which platforms support what. So as we don't have
- * autoconf yet, I'm implementing a hack that could be hacked further
- * relatively easily to deal with cases as we find them. Initially this is to
- * cope with OpenBSD.
- */
-# if defined(__OpenBSD__) || defined(__NetBSD__)
-#  ifdef DL_LAZY
-#   define DLOPEN_FLAG DL_LAZY
-#  else
-#   ifdef RTLD_NOW
-#    define DLOPEN_FLAG RTLD_NOW
-#   else
-#    define DLOPEN_FLAG 0
-#   endif
-#  endif
-# else
-#  ifdef OPENSSL_SYS_SUNOS
-#   define DLOPEN_FLAG 1
-#  else
-#   define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */
-#  endif
-# endif
-
-/*
- * For this DSO_METHOD, our meth_data STACK will contain; (i) the handle
- * (void*) returned from dlopen().
- */
-
-static int dlfcn_load(DSO *dso)
-{
-    void *ptr = NULL;
-    /* See applicable comments in dso_dl.c */
-    char *filename = DSO_convert_filename(dso, NULL);
-    int flags = DLOPEN_FLAG;
-
-    if (filename == NULL) {
-        DSOerr(DSO_F_DLFCN_LOAD, DSO_R_NO_FILENAME);
-        goto err;
-    }
-# ifdef RTLD_GLOBAL
-    if (dso->flags & DSO_FLAG_GLOBAL_SYMBOLS)
-        flags |= RTLD_GLOBAL;
-# endif
-    ptr = dlopen(filename, flags);
-    if (ptr == NULL) {
-        DSOerr(DSO_F_DLFCN_LOAD, DSO_R_LOAD_FAILED);
-        ERR_add_error_data(4, "filename(", filename, "): ", dlerror());
-        goto err;
-    }
-    if (!sk_void_push(dso->meth_data, (char *)ptr)) {
-        DSOerr(DSO_F_DLFCN_LOAD, DSO_R_STACK_ERROR);
-        goto err;
-    }
-    /* Success */
-    dso->loaded_filename = filename;
-    return (1);
- err:
-    /* Cleanup! */
-    if (filename != NULL)
-        OPENSSL_free(filename);
-    if (ptr != NULL)
-        dlclose(ptr);
-    return (0);
-}
-
-static int dlfcn_unload(DSO *dso)
-{
-    void *ptr;
-    if (dso == NULL) {
-        DSOerr(DSO_F_DLFCN_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
-        return (0);
-    }
-    if (sk_void_num(dso->meth_data) < 1)
-        return (1);
-    ptr = sk_void_pop(dso->meth_data);
-    if (ptr == NULL) {
-        DSOerr(DSO_F_DLFCN_UNLOAD, DSO_R_NULL_HANDLE);
-        /*
-         * Should push the value back onto the stack in case of a retry.
-         */
-        sk_void_push(dso->meth_data, ptr);
-        return (0);
-    }
-    /* For now I'm not aware of any errors associated with dlclose() */
-    dlclose(ptr);
-    return (1);
-}
-
-static void *dlfcn_bind_var(DSO *dso, const char *symname)
-{
-    void *ptr, *sym;
-
-    if ((dso == NULL) || (symname == NULL)) {
-        DSOerr(DSO_F_DLFCN_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
-    }
-    if (sk_void_num(dso->meth_data) < 1) {
-        DSOerr(DSO_F_DLFCN_BIND_VAR, DSO_R_STACK_ERROR);
-        return (NULL);
-    }
-    ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
-    if (ptr == NULL) {
-        DSOerr(DSO_F_DLFCN_BIND_VAR, DSO_R_NULL_HANDLE);
-        return (NULL);
-    }
-    sym = dlsym(ptr, symname);
-    if (sym == NULL) {
-        DSOerr(DSO_F_DLFCN_BIND_VAR, DSO_R_SYM_FAILURE);
-        ERR_add_error_data(4, "symname(", symname, "): ", dlerror());
-        return (NULL);
-    }
-    return (sym);
-}
-
-static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
-{
-    void *ptr;
-    union {
-        DSO_FUNC_TYPE sym;
-        void *dlret;
-    } u;
-
-    if ((dso == NULL) || (symname == NULL)) {
-        DSOerr(DSO_F_DLFCN_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
-    }
-    if (sk_void_num(dso->meth_data) < 1) {
-        DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_STACK_ERROR);
-        return (NULL);
-    }
-    ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
-    if (ptr == NULL) {
-        DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_NULL_HANDLE);
-        return (NULL);
-    }
-    u.dlret = dlsym(ptr, symname);
-    if (u.dlret == NULL) {
-        DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_SYM_FAILURE);
-        ERR_add_error_data(4, "symname(", symname, "): ", dlerror());
-        return (NULL);
-    }
-    return u.sym;
-}
-
-static char *dlfcn_merger(DSO *dso, const char *filespec1,
-                          const char *filespec2)
-{
-    char *merged;
-
-    if (!filespec1 && !filespec2) {
-        DSOerr(DSO_F_DLFCN_MERGER, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
-    }
-    /*
-     * If the first file specification is a rooted path, it rules. same goes
-     * if the second file specification is missing.
-     */
-    if (!filespec2 || (filespec1 != NULL && filespec1[0] == '/')) {
-        merged = OPENSSL_malloc(strlen(filespec1) + 1);
-        if (!merged) {
-            DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE);
-            return (NULL);
-        }
-        strcpy(merged, filespec1);
-    }
-    /*
-     * If the first file specification is missing, the second one rules.
-     */
-    else if (!filespec1) {
-        merged = OPENSSL_malloc(strlen(filespec2) + 1);
-        if (!merged) {
-            DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE);
-            return (NULL);
-        }
-        strcpy(merged, filespec2);
-    } else {
-        /*
-         * This part isn't as trivial as it looks.  It assumes that the
-         * second file specification really is a directory, and makes no
-         * checks whatsoever.  Therefore, the result becomes the
-         * concatenation of filespec2 followed by a slash followed by
-         * filespec1.
-         */
-        int spec2len, len;
-
-        spec2len = strlen(filespec2);
-        len = spec2len + strlen(filespec1);
-
-        if (spec2len && filespec2[spec2len - 1] == '/') {
-            spec2len--;
-            len--;
-        }
-        merged = OPENSSL_malloc(len + 2);
-        if (!merged) {
-            DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE);
-            return (NULL);
-        }
-        strcpy(merged, filespec2);
-        merged[spec2len] = '/';
-        strcpy(&merged[spec2len + 1], filespec1);
-    }
-    return (merged);
-}
-
-# ifdef OPENSSL_SYS_MACOSX
-#  define DSO_ext ".dylib"
-#  define DSO_extlen 6
-# else
-#  define DSO_ext ".so"
-#  define DSO_extlen 3
-# endif
-
-static char *dlfcn_name_converter(DSO *dso, const char *filename)
-{
-    char *translated;
-    int len, rsize, transform;
-
-    len = strlen(filename);
-    rsize = len + 1;
-    transform = (strstr(filename, "/") == NULL);
-    if (transform) {
-        /* We will convert this to "%s.so" or "lib%s.so" etc */
-        rsize += DSO_extlen;    /* The length of ".so" */
-        if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
-            rsize += 3;         /* The length of "lib" */
-    }
-    translated = OPENSSL_malloc(rsize);
-    if (translated == NULL) {
-        DSOerr(DSO_F_DLFCN_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED);
-        return (NULL);
-    }
-    if (transform) {
-        if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
-            sprintf(translated, "lib%s" DSO_ext, filename);
-        else
-            sprintf(translated, "%s" DSO_ext, filename);
-    } else
-        sprintf(translated, "%s", filename);
-    return (translated);
-}
-
-# ifdef __sgi
-/*-
-This is a quote from IRIX manual for dladdr(3c):
-
-     <dlfcn.h> does not contain a prototype for dladdr or definition of
-     Dl_info.  The #include <dlfcn.h>  in the SYNOPSIS line is traditional,
-     but contains no dladdr prototype and no IRIX library contains an
-     implementation.  Write your own declaration based on the code below.
-
-     The following code is dependent on internal interfaces that are not
-     part of the IRIX compatibility guarantee; however, there is no future
-     intention to change this interface, so on a practical level, the code
-     below is safe to use on IRIX.
-*/
-#  include <rld_interface.h>
-#  ifndef _RLD_INTERFACE_DLFCN_H_DLADDR
-#   define _RLD_INTERFACE_DLFCN_H_DLADDR
-typedef struct Dl_info {
-    const char *dli_fname;
-    void *dli_fbase;
-    const char *dli_sname;
-    void *dli_saddr;
-    int dli_version;
-    int dli_reserved1;
-    long dli_reserved[4];
-} Dl_info;
-#  else
-typedef struct Dl_info Dl_info;
-#  endif
-#  define _RLD_DLADDR             14
-
-static int dladdr(void *address, Dl_info *dl)
-{
-    void *v;
-    v = _rld_new_interface(_RLD_DLADDR, address, dl);
-    return (int)v;
-}
-# endif                         /* __sgi */
-
-static int dlfcn_pathbyaddr(void *addr, char *path, int sz)
-{
-# ifdef HAVE_DLINFO
-    Dl_info dli;
-    int len;
-
-    if (addr == NULL) {
-        union {
-            int (*f) (void *, char *, int);
-            void *p;
-        } t = {
-            dlfcn_pathbyaddr
-        };
-        addr = t.p;
-    }
-
-    if (dladdr(addr, &dli)) {
-        len = (int)strlen(dli.dli_fname);
-        if (sz <= 0)
-            return len + 1;
-        if (len >= sz)
-            len = sz - 1;
-        memcpy(path, dli.dli_fname, len);
-        path[len++] = 0;
-        return len;
-    }
-
-    ERR_add_error_data(2, "dlfcn_pathbyaddr(): ", dlerror());
-# endif
-    return -1;
-}
-
-static void *dlfcn_globallookup(const char *name)
-{
-    void *ret = NULL, *handle = dlopen(NULL, RTLD_LAZY);
-
-    if (handle) {
-        ret = dlsym(handle, name);
-        dlclose(handle);
-    }
-
-    return ret;
-}
-#endif                          /* DSO_DLFCN */

Copied: vendor-crypto/openssl/1.0.1u/crypto/dso/dso_dlfcn.c (from rev 11605, vendor-crypto/openssl/dist/crypto/dso/dso_dlfcn.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/dso/dso_dlfcn.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/dso/dso_dlfcn.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,465 @@
+/* dso_dlfcn.c */
+/*
+ * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * We need to do this early, because stdio.h includes the header files that
+ * handle _GNU_SOURCE and other similar macros.  Defining it later is simply
+ * too late, because those headers are protected from re- inclusion.
+ */
+#ifndef _GNU_SOURCE
+# define _GNU_SOURCE            /* make sure dladdr is declared */
+#endif
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+
+#ifndef DSO_DLFCN
+DSO_METHOD *DSO_METHOD_dlfcn(void)
+{
+    return NULL;
+}
+#else
+
+# ifdef HAVE_DLFCN_H
+#  ifdef __osf__
+#   define __EXTENSIONS__
+#  endif
+#  include <dlfcn.h>
+#  define HAVE_DLINFO 1
+#  if defined(_AIX) || defined(__CYGWIN__) || \
+     defined(__SCO_VERSION__) || defined(_SCO_ELF) || \
+     (defined(__osf__) && !defined(RTLD_NEXT))     || \
+     (defined(__OpenBSD__) && !defined(RTLD_SELF)) || \
+        defined(__ANDROID__)
+#   undef HAVE_DLINFO
+#  endif
+# endif
+
+/* Part of the hack in "dlfcn_load" ... */
+# define DSO_MAX_TRANSLATED_SIZE 256
+
+static int dlfcn_load(DSO *dso);
+static int dlfcn_unload(DSO *dso);
+static void *dlfcn_bind_var(DSO *dso, const char *symname);
+static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname);
+# if 0
+static int dlfcn_unbind(DSO *dso, char *symname, void *symptr);
+static int dlfcn_init(DSO *dso);
+static int dlfcn_finish(DSO *dso);
+static long dlfcn_ctrl(DSO *dso, int cmd, long larg, void *parg);
+# endif
+static char *dlfcn_name_converter(DSO *dso, const char *filename);
+static char *dlfcn_merger(DSO *dso, const char *filespec1,
+                          const char *filespec2);
+static int dlfcn_pathbyaddr(void *addr, char *path, int sz);
+static void *dlfcn_globallookup(const char *name);
+
+static DSO_METHOD dso_meth_dlfcn = {
+    "OpenSSL 'dlfcn' shared library method",
+    dlfcn_load,
+    dlfcn_unload,
+    dlfcn_bind_var,
+    dlfcn_bind_func,
+/* For now, "unbind" doesn't exist */
+# if 0
+    NULL,                       /* unbind_var */
+    NULL,                       /* unbind_func */
+# endif
+    NULL,                       /* ctrl */
+    dlfcn_name_converter,
+    dlfcn_merger,
+    NULL,                       /* init */
+    NULL,                       /* finish */
+    dlfcn_pathbyaddr,
+    dlfcn_globallookup
+};
+
+DSO_METHOD *DSO_METHOD_dlfcn(void)
+{
+    return (&dso_meth_dlfcn);
+}
+
+/*
+ * Prior to using the dlopen() function, we should decide on the flag we
+ * send. There's a few different ways of doing this and it's a messy
+ * venn-diagram to match up which platforms support what. So as we don't have
+ * autoconf yet, I'm implementing a hack that could be hacked further
+ * relatively easily to deal with cases as we find them. Initially this is to
+ * cope with OpenBSD.
+ */
+# if defined(__OpenBSD__) || defined(__NetBSD__)
+#  ifdef DL_LAZY
+#   define DLOPEN_FLAG DL_LAZY
+#  else
+#   ifdef RTLD_NOW
+#    define DLOPEN_FLAG RTLD_NOW
+#   else
+#    define DLOPEN_FLAG 0
+#   endif
+#  endif
+# else
+#  ifdef OPENSSL_SYS_SUNOS
+#   define DLOPEN_FLAG 1
+#  else
+#   define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */
+#  endif
+# endif
+
+/*
+ * For this DSO_METHOD, our meth_data STACK will contain; (i) the handle
+ * (void*) returned from dlopen().
+ */
+
+static int dlfcn_load(DSO *dso)
+{
+    void *ptr = NULL;
+    /* See applicable comments in dso_dl.c */
+    char *filename = DSO_convert_filename(dso, NULL);
+    int flags = DLOPEN_FLAG;
+
+    if (filename == NULL) {
+        DSOerr(DSO_F_DLFCN_LOAD, DSO_R_NO_FILENAME);
+        goto err;
+    }
+# ifdef RTLD_GLOBAL
+    if (dso->flags & DSO_FLAG_GLOBAL_SYMBOLS)
+        flags |= RTLD_GLOBAL;
+# endif
+    ptr = dlopen(filename, flags);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_DLFCN_LOAD, DSO_R_LOAD_FAILED);
+        ERR_add_error_data(4, "filename(", filename, "): ", dlerror());
+        goto err;
+    }
+    if (!sk_void_push(dso->meth_data, (char *)ptr)) {
+        DSOerr(DSO_F_DLFCN_LOAD, DSO_R_STACK_ERROR);
+        goto err;
+    }
+    /* Success */
+    dso->loaded_filename = filename;
+    return (1);
+ err:
+    /* Cleanup! */
+    if (filename != NULL)
+        OPENSSL_free(filename);
+    if (ptr != NULL)
+        dlclose(ptr);
+    return (0);
+}
+
+static int dlfcn_unload(DSO *dso)
+{
+    void *ptr;
+    if (dso == NULL) {
+        DSOerr(DSO_F_DLFCN_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
+        return (0);
+    }
+    if (sk_void_num(dso->meth_data) < 1)
+        return (1);
+    ptr = sk_void_pop(dso->meth_data);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_DLFCN_UNLOAD, DSO_R_NULL_HANDLE);
+        /*
+         * Should push the value back onto the stack in case of a retry.
+         */
+        sk_void_push(dso->meth_data, ptr);
+        return (0);
+    }
+    /* For now I'm not aware of any errors associated with dlclose() */
+    dlclose(ptr);
+    return (1);
+}
+
+static void *dlfcn_bind_var(DSO *dso, const char *symname)
+{
+    void *ptr, *sym;
+
+    if ((dso == NULL) || (symname == NULL)) {
+        DSOerr(DSO_F_DLFCN_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    if (sk_void_num(dso->meth_data) < 1) {
+        DSOerr(DSO_F_DLFCN_BIND_VAR, DSO_R_STACK_ERROR);
+        return (NULL);
+    }
+    ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_DLFCN_BIND_VAR, DSO_R_NULL_HANDLE);
+        return (NULL);
+    }
+    sym = dlsym(ptr, symname);
+    if (sym == NULL) {
+        DSOerr(DSO_F_DLFCN_BIND_VAR, DSO_R_SYM_FAILURE);
+        ERR_add_error_data(4, "symname(", symname, "): ", dlerror());
+        return (NULL);
+    }
+    return (sym);
+}
+
+static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
+{
+    void *ptr;
+    union {
+        DSO_FUNC_TYPE sym;
+        void *dlret;
+    } u;
+
+    if ((dso == NULL) || (symname == NULL)) {
+        DSOerr(DSO_F_DLFCN_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    if (sk_void_num(dso->meth_data) < 1) {
+        DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_STACK_ERROR);
+        return (NULL);
+    }
+    ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_NULL_HANDLE);
+        return (NULL);
+    }
+    u.dlret = dlsym(ptr, symname);
+    if (u.dlret == NULL) {
+        DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_SYM_FAILURE);
+        ERR_add_error_data(4, "symname(", symname, "): ", dlerror());
+        return (NULL);
+    }
+    return u.sym;
+}
+
+static char *dlfcn_merger(DSO *dso, const char *filespec1,
+                          const char *filespec2)
+{
+    char *merged;
+
+    if (!filespec1 && !filespec2) {
+        DSOerr(DSO_F_DLFCN_MERGER, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    /*
+     * If the first file specification is a rooted path, it rules. same goes
+     * if the second file specification is missing.
+     */
+    if (!filespec2 || (filespec1 != NULL && filespec1[0] == '/')) {
+        merged = OPENSSL_malloc(strlen(filespec1) + 1);
+        if (!merged) {
+            DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE);
+            return (NULL);
+        }
+        strcpy(merged, filespec1);
+    }
+    /*
+     * If the first file specification is missing, the second one rules.
+     */
+    else if (!filespec1) {
+        merged = OPENSSL_malloc(strlen(filespec2) + 1);
+        if (!merged) {
+            DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE);
+            return (NULL);
+        }
+        strcpy(merged, filespec2);
+    } else {
+        /*
+         * This part isn't as trivial as it looks.  It assumes that the
+         * second file specification really is a directory, and makes no
+         * checks whatsoever.  Therefore, the result becomes the
+         * concatenation of filespec2 followed by a slash followed by
+         * filespec1.
+         */
+        int spec2len, len;
+
+        spec2len = strlen(filespec2);
+        len = spec2len + strlen(filespec1);
+
+        if (spec2len && filespec2[spec2len - 1] == '/') {
+            spec2len--;
+            len--;
+        }
+        merged = OPENSSL_malloc(len + 2);
+        if (!merged) {
+            DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE);
+            return (NULL);
+        }
+        strcpy(merged, filespec2);
+        merged[spec2len] = '/';
+        strcpy(&merged[spec2len + 1], filespec1);
+    }
+    return (merged);
+}
+
+# ifdef OPENSSL_SYS_MACOSX
+#  define DSO_ext ".dylib"
+#  define DSO_extlen 6
+# else
+#  define DSO_ext ".so"
+#  define DSO_extlen 3
+# endif
+
+static char *dlfcn_name_converter(DSO *dso, const char *filename)
+{
+    char *translated;
+    int len, rsize, transform;
+
+    len = strlen(filename);
+    rsize = len + 1;
+    transform = (strstr(filename, "/") == NULL);
+    if (transform) {
+        /* We will convert this to "%s.so" or "lib%s.so" etc */
+        rsize += DSO_extlen;    /* The length of ".so" */
+        if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+            rsize += 3;         /* The length of "lib" */
+    }
+    translated = OPENSSL_malloc(rsize);
+    if (translated == NULL) {
+        DSOerr(DSO_F_DLFCN_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED);
+        return (NULL);
+    }
+    if (transform) {
+        if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+            sprintf(translated, "lib%s" DSO_ext, filename);
+        else
+            sprintf(translated, "%s" DSO_ext, filename);
+    } else
+        sprintf(translated, "%s", filename);
+    return (translated);
+}
+
+# ifdef __sgi
+/*-
+This is a quote from IRIX manual for dladdr(3c):
+
+     <dlfcn.h> does not contain a prototype for dladdr or definition of
+     Dl_info.  The #include <dlfcn.h>  in the SYNOPSIS line is traditional,
+     but contains no dladdr prototype and no IRIX library contains an
+     implementation.  Write your own declaration based on the code below.
+
+     The following code is dependent on internal interfaces that are not
+     part of the IRIX compatibility guarantee; however, there is no future
+     intention to change this interface, so on a practical level, the code
+     below is safe to use on IRIX.
+*/
+#  include <rld_interface.h>
+#  ifndef _RLD_INTERFACE_DLFCN_H_DLADDR
+#   define _RLD_INTERFACE_DLFCN_H_DLADDR
+typedef struct Dl_info {
+    const char *dli_fname;
+    void *dli_fbase;
+    const char *dli_sname;
+    void *dli_saddr;
+    int dli_version;
+    int dli_reserved1;
+    long dli_reserved[4];
+} Dl_info;
+#  else
+typedef struct Dl_info Dl_info;
+#  endif
+#  define _RLD_DLADDR             14
+
+static int dladdr(void *address, Dl_info *dl)
+{
+    void *v;
+    v = _rld_new_interface(_RLD_DLADDR, address, dl);
+    return (int)v;
+}
+# endif                         /* __sgi */
+
+static int dlfcn_pathbyaddr(void *addr, char *path, int sz)
+{
+# ifdef HAVE_DLINFO
+    Dl_info dli;
+    int len;
+
+    if (addr == NULL) {
+        union {
+            int (*f) (void *, char *, int);
+            void *p;
+        } t = {
+            dlfcn_pathbyaddr
+        };
+        addr = t.p;
+    }
+
+    if (dladdr(addr, &dli)) {
+        len = (int)strlen(dli.dli_fname);
+        if (sz <= 0)
+            return len + 1;
+        if (len >= sz)
+            len = sz - 1;
+        memcpy(path, dli.dli_fname, len);
+        path[len++] = 0;
+        return len;
+    }
+
+    ERR_add_error_data(2, "dlfcn_pathbyaddr(): ", dlerror());
+# endif
+    return -1;
+}
+
+static void *dlfcn_globallookup(const char *name)
+{
+    void *ret = NULL, *handle = dlopen(NULL, RTLD_LAZY);
+
+    if (handle) {
+        ret = dlsym(handle, name);
+        dlclose(handle);
+    }
+
+    return ret;
+}
+#endif                          /* DSO_DLFCN */

Deleted: vendor-crypto/openssl/1.0.1u/crypto/dso/dso_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dso/dso_lib.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/dso/dso_lib.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,447 +0,0 @@
-/* dso_lib.c -*- mode:C; c-file-style: "eay" -*- */
-/*
- * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/dso.h>
-
-static DSO_METHOD *default_DSO_meth = NULL;
-
-DSO *DSO_new(void)
-{
-    return (DSO_new_method(NULL));
-}
-
-void DSO_set_default_method(DSO_METHOD *meth)
-{
-    default_DSO_meth = meth;
-}
-
-DSO_METHOD *DSO_get_default_method(void)
-{
-    return (default_DSO_meth);
-}
-
-DSO_METHOD *DSO_get_method(DSO *dso)
-{
-    return (dso->meth);
-}
-
-DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth)
-{
-    DSO_METHOD *mtmp;
-    mtmp = dso->meth;
-    dso->meth = meth;
-    return (mtmp);
-}
-
-DSO *DSO_new_method(DSO_METHOD *meth)
-{
-    DSO *ret;
-
-    if (default_DSO_meth == NULL)
-        /*
-         * We default to DSO_METH_openssl() which in turn defaults to
-         * stealing the "best available" method. Will fallback to
-         * DSO_METH_null() in the worst case.
-         */
-        default_DSO_meth = DSO_METHOD_openssl();
-    ret = (DSO *)OPENSSL_malloc(sizeof(DSO));
-    if (ret == NULL) {
-        DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE);
-        return (NULL);
-    }
-    memset(ret, 0, sizeof(DSO));
-    ret->meth_data = sk_void_new_null();
-    if (ret->meth_data == NULL) {
-        /* sk_new doesn't generate any errors so we do */
-        DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE);
-        OPENSSL_free(ret);
-        return (NULL);
-    }
-    if (meth == NULL)
-        ret->meth = default_DSO_meth;
-    else
-        ret->meth = meth;
-    ret->references = 1;
-    if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
-        OPENSSL_free(ret);
-        ret = NULL;
-    }
-    return (ret);
-}
-
-int DSO_free(DSO *dso)
-{
-    int i;
-
-    if (dso == NULL) {
-        DSOerr(DSO_F_DSO_FREE, ERR_R_PASSED_NULL_PARAMETER);
-        return (0);
-    }
-
-    i = CRYPTO_add(&dso->references, -1, CRYPTO_LOCK_DSO);
-#ifdef REF_PRINT
-    REF_PRINT("DSO", dso);
-#endif
-    if (i > 0)
-        return (1);
-#ifdef REF_CHECK
-    if (i < 0) {
-        fprintf(stderr, "DSO_free, bad reference count\n");
-        abort();
-    }
-#endif
-
-    if ((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso)) {
-        DSOerr(DSO_F_DSO_FREE, DSO_R_UNLOAD_FAILED);
-        return (0);
-    }
-
-    if ((dso->meth->finish != NULL) && !dso->meth->finish(dso)) {
-        DSOerr(DSO_F_DSO_FREE, DSO_R_FINISH_FAILED);
-        return (0);
-    }
-
-    sk_void_free(dso->meth_data);
-    if (dso->filename != NULL)
-        OPENSSL_free(dso->filename);
-    if (dso->loaded_filename != NULL)
-        OPENSSL_free(dso->loaded_filename);
-
-    OPENSSL_free(dso);
-    return (1);
-}
-
-int DSO_flags(DSO *dso)
-{
-    return ((dso == NULL) ? 0 : dso->flags);
-}
-
-int DSO_up_ref(DSO *dso)
-{
-    if (dso == NULL) {
-        DSOerr(DSO_F_DSO_UP_REF, ERR_R_PASSED_NULL_PARAMETER);
-        return (0);
-    }
-
-    CRYPTO_add(&dso->references, 1, CRYPTO_LOCK_DSO);
-    return (1);
-}
-
-DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags)
-{
-    DSO *ret;
-    int allocated = 0;
-
-    if (dso == NULL) {
-        ret = DSO_new_method(meth);
-        if (ret == NULL) {
-            DSOerr(DSO_F_DSO_LOAD, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-        allocated = 1;
-        /* Pass the provided flags to the new DSO object */
-        if (DSO_ctrl(ret, DSO_CTRL_SET_FLAGS, flags, NULL) < 0) {
-            DSOerr(DSO_F_DSO_LOAD, DSO_R_CTRL_FAILED);
-            goto err;
-        }
-    } else
-        ret = dso;
-    /* Don't load if we're currently already loaded */
-    if (ret->filename != NULL) {
-        DSOerr(DSO_F_DSO_LOAD, DSO_R_DSO_ALREADY_LOADED);
-        goto err;
-    }
-    /*
-     * filename can only be NULL if we were passed a dso that already has one
-     * set.
-     */
-    if (filename != NULL)
-        if (!DSO_set_filename(ret, filename)) {
-            DSOerr(DSO_F_DSO_LOAD, DSO_R_SET_FILENAME_FAILED);
-            goto err;
-        }
-    filename = ret->filename;
-    if (filename == NULL) {
-        DSOerr(DSO_F_DSO_LOAD, DSO_R_NO_FILENAME);
-        goto err;
-    }
-    if (ret->meth->dso_load == NULL) {
-        DSOerr(DSO_F_DSO_LOAD, DSO_R_UNSUPPORTED);
-        goto err;
-    }
-    if (!ret->meth->dso_load(ret)) {
-        DSOerr(DSO_F_DSO_LOAD, DSO_R_LOAD_FAILED);
-        goto err;
-    }
-    /* Load succeeded */
-    return (ret);
- err:
-    if (allocated)
-        DSO_free(ret);
-    return (NULL);
-}
-
-void *DSO_bind_var(DSO *dso, const char *symname)
-{
-    void *ret = NULL;
-
-    if ((dso == NULL) || (symname == NULL)) {
-        DSOerr(DSO_F_DSO_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
-    }
-    if (dso->meth->dso_bind_var == NULL) {
-        DSOerr(DSO_F_DSO_BIND_VAR, DSO_R_UNSUPPORTED);
-        return (NULL);
-    }
-    if ((ret = dso->meth->dso_bind_var(dso, symname)) == NULL) {
-        DSOerr(DSO_F_DSO_BIND_VAR, DSO_R_SYM_FAILURE);
-        return (NULL);
-    }
-    /* Success */
-    return (ret);
-}
-
-DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname)
-{
-    DSO_FUNC_TYPE ret = NULL;
-
-    if ((dso == NULL) || (symname == NULL)) {
-        DSOerr(DSO_F_DSO_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
-    }
-    if (dso->meth->dso_bind_func == NULL) {
-        DSOerr(DSO_F_DSO_BIND_FUNC, DSO_R_UNSUPPORTED);
-        return (NULL);
-    }
-    if ((ret = dso->meth->dso_bind_func(dso, symname)) == NULL) {
-        DSOerr(DSO_F_DSO_BIND_FUNC, DSO_R_SYM_FAILURE);
-        return (NULL);
-    }
-    /* Success */
-    return (ret);
-}
-
-/*
- * I don't really like these *_ctrl functions very much to be perfectly
- * honest. For one thing, I think I have to return a negative value for any
- * error because possible DSO_ctrl() commands may return values such as
- * "size"s that can legitimately be zero (making the standard
- * "if (DSO_cmd(...))" form that works almost everywhere else fail at odd
- * times. I'd prefer "output" values to be passed by reference and the return
- * value as success/failure like usual ... but we conform when we must... :-)
- */
-long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg)
-{
-    if (dso == NULL) {
-        DSOerr(DSO_F_DSO_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-        return (-1);
-    }
-    /*
-     * We should intercept certain generic commands and only pass control to
-     * the method-specific ctrl() function if it's something we don't handle.
-     */
-    switch (cmd) {
-    case DSO_CTRL_GET_FLAGS:
-        return dso->flags;
-    case DSO_CTRL_SET_FLAGS:
-        dso->flags = (int)larg;
-        return (0);
-    case DSO_CTRL_OR_FLAGS:
-        dso->flags |= (int)larg;
-        return (0);
-    default:
-        break;
-    }
-    if ((dso->meth == NULL) || (dso->meth->dso_ctrl == NULL)) {
-        DSOerr(DSO_F_DSO_CTRL, DSO_R_UNSUPPORTED);
-        return (-1);
-    }
-    return (dso->meth->dso_ctrl(dso, cmd, larg, parg));
-}
-
-int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb,
-                           DSO_NAME_CONVERTER_FUNC *oldcb)
-{
-    if (dso == NULL) {
-        DSOerr(DSO_F_DSO_SET_NAME_CONVERTER, ERR_R_PASSED_NULL_PARAMETER);
-        return (0);
-    }
-    if (oldcb)
-        *oldcb = dso->name_converter;
-    dso->name_converter = cb;
-    return (1);
-}
-
-const char *DSO_get_filename(DSO *dso)
-{
-    if (dso == NULL) {
-        DSOerr(DSO_F_DSO_GET_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
-    }
-    return (dso->filename);
-}
-
-int DSO_set_filename(DSO *dso, const char *filename)
-{
-    char *copied;
-
-    if ((dso == NULL) || (filename == NULL)) {
-        DSOerr(DSO_F_DSO_SET_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
-        return (0);
-    }
-    if (dso->loaded_filename) {
-        DSOerr(DSO_F_DSO_SET_FILENAME, DSO_R_DSO_ALREADY_LOADED);
-        return (0);
-    }
-    /* We'll duplicate filename */
-    copied = OPENSSL_malloc(strlen(filename) + 1);
-    if (copied == NULL) {
-        DSOerr(DSO_F_DSO_SET_FILENAME, ERR_R_MALLOC_FAILURE);
-        return (0);
-    }
-    BUF_strlcpy(copied, filename, strlen(filename) + 1);
-    if (dso->filename)
-        OPENSSL_free(dso->filename);
-    dso->filename = copied;
-    return (1);
-}
-
-char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2)
-{
-    char *result = NULL;
-
-    if (dso == NULL || filespec1 == NULL) {
-        DSOerr(DSO_F_DSO_MERGE, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
-    }
-    if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) {
-        if (dso->merger != NULL)
-            result = dso->merger(dso, filespec1, filespec2);
-        else if (dso->meth->dso_merger != NULL)
-            result = dso->meth->dso_merger(dso, filespec1, filespec2);
-    }
-    return (result);
-}
-
-char *DSO_convert_filename(DSO *dso, const char *filename)
-{
-    char *result = NULL;
-
-    if (dso == NULL) {
-        DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
-    }
-    if (filename == NULL)
-        filename = dso->filename;
-    if (filename == NULL) {
-        DSOerr(DSO_F_DSO_CONVERT_FILENAME, DSO_R_NO_FILENAME);
-        return (NULL);
-    }
-    if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) {
-        if (dso->name_converter != NULL)
-            result = dso->name_converter(dso, filename);
-        else if (dso->meth->dso_name_converter != NULL)
-            result = dso->meth->dso_name_converter(dso, filename);
-    }
-    if (result == NULL) {
-        result = OPENSSL_malloc(strlen(filename) + 1);
-        if (result == NULL) {
-            DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_MALLOC_FAILURE);
-            return (NULL);
-        }
-        BUF_strlcpy(result, filename, strlen(filename) + 1);
-    }
-    return (result);
-}
-
-const char *DSO_get_loaded_filename(DSO *dso)
-{
-    if (dso == NULL) {
-        DSOerr(DSO_F_DSO_GET_LOADED_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
-    }
-    return (dso->loaded_filename);
-}
-
-int DSO_pathbyaddr(void *addr, char *path, int sz)
-{
-    DSO_METHOD *meth = default_DSO_meth;
-    if (meth == NULL)
-        meth = DSO_METHOD_openssl();
-    if (meth->pathbyaddr == NULL) {
-        DSOerr(DSO_F_DSO_PATHBYADDR, DSO_R_UNSUPPORTED);
-        return -1;
-    }
-    return (*meth->pathbyaddr) (addr, path, sz);
-}
-
-void *DSO_global_lookup(const char *name)
-{
-    DSO_METHOD *meth = default_DSO_meth;
-    if (meth == NULL)
-        meth = DSO_METHOD_openssl();
-    if (meth->globallookup == NULL) {
-        DSOerr(DSO_F_DSO_GLOBAL_LOOKUP, DSO_R_UNSUPPORTED);
-        return NULL;
-    }
-    return (*meth->globallookup) (name);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/dso/dso_lib.c (from rev 11605, vendor-crypto/openssl/dist/crypto/dso/dso_lib.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/dso/dso_lib.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/dso/dso_lib.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,447 @@
+/* dso_lib.c */
+/*
+ * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+
+static DSO_METHOD *default_DSO_meth = NULL;
+
+DSO *DSO_new(void)
+{
+    return (DSO_new_method(NULL));
+}
+
+void DSO_set_default_method(DSO_METHOD *meth)
+{
+    default_DSO_meth = meth;
+}
+
+DSO_METHOD *DSO_get_default_method(void)
+{
+    return (default_DSO_meth);
+}
+
+DSO_METHOD *DSO_get_method(DSO *dso)
+{
+    return (dso->meth);
+}
+
+DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth)
+{
+    DSO_METHOD *mtmp;
+    mtmp = dso->meth;
+    dso->meth = meth;
+    return (mtmp);
+}
+
+DSO *DSO_new_method(DSO_METHOD *meth)
+{
+    DSO *ret;
+
+    if (default_DSO_meth == NULL)
+        /*
+         * We default to DSO_METH_openssl() which in turn defaults to
+         * stealing the "best available" method. Will fallback to
+         * DSO_METH_null() in the worst case.
+         */
+        default_DSO_meth = DSO_METHOD_openssl();
+    ret = (DSO *)OPENSSL_malloc(sizeof(DSO));
+    if (ret == NULL) {
+        DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
+    memset(ret, 0, sizeof(DSO));
+    ret->meth_data = sk_void_new_null();
+    if (ret->meth_data == NULL) {
+        /* sk_new doesn't generate any errors so we do */
+        DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return (NULL);
+    }
+    if (meth == NULL)
+        ret->meth = default_DSO_meth;
+    else
+        ret->meth = meth;
+    ret->references = 1;
+    if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
+        OPENSSL_free(ret);
+        ret = NULL;
+    }
+    return (ret);
+}
+
+int DSO_free(DSO *dso)
+{
+    int i;
+
+    if (dso == NULL) {
+        DSOerr(DSO_F_DSO_FREE, ERR_R_PASSED_NULL_PARAMETER);
+        return (0);
+    }
+
+    i = CRYPTO_add(&dso->references, -1, CRYPTO_LOCK_DSO);
+#ifdef REF_PRINT
+    REF_PRINT("DSO", dso);
+#endif
+    if (i > 0)
+        return (1);
+#ifdef REF_CHECK
+    if (i < 0) {
+        fprintf(stderr, "DSO_free, bad reference count\n");
+        abort();
+    }
+#endif
+
+    if ((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso)) {
+        DSOerr(DSO_F_DSO_FREE, DSO_R_UNLOAD_FAILED);
+        return (0);
+    }
+
+    if ((dso->meth->finish != NULL) && !dso->meth->finish(dso)) {
+        DSOerr(DSO_F_DSO_FREE, DSO_R_FINISH_FAILED);
+        return (0);
+    }
+
+    sk_void_free(dso->meth_data);
+    if (dso->filename != NULL)
+        OPENSSL_free(dso->filename);
+    if (dso->loaded_filename != NULL)
+        OPENSSL_free(dso->loaded_filename);
+
+    OPENSSL_free(dso);
+    return (1);
+}
+
+int DSO_flags(DSO *dso)
+{
+    return ((dso == NULL) ? 0 : dso->flags);
+}
+
+int DSO_up_ref(DSO *dso)
+{
+    if (dso == NULL) {
+        DSOerr(DSO_F_DSO_UP_REF, ERR_R_PASSED_NULL_PARAMETER);
+        return (0);
+    }
+
+    CRYPTO_add(&dso->references, 1, CRYPTO_LOCK_DSO);
+    return (1);
+}
+
+DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags)
+{
+    DSO *ret;
+    int allocated = 0;
+
+    if (dso == NULL) {
+        ret = DSO_new_method(meth);
+        if (ret == NULL) {
+            DSOerr(DSO_F_DSO_LOAD, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        allocated = 1;
+        /* Pass the provided flags to the new DSO object */
+        if (DSO_ctrl(ret, DSO_CTRL_SET_FLAGS, flags, NULL) < 0) {
+            DSOerr(DSO_F_DSO_LOAD, DSO_R_CTRL_FAILED);
+            goto err;
+        }
+    } else
+        ret = dso;
+    /* Don't load if we're currently already loaded */
+    if (ret->filename != NULL) {
+        DSOerr(DSO_F_DSO_LOAD, DSO_R_DSO_ALREADY_LOADED);
+        goto err;
+    }
+    /*
+     * filename can only be NULL if we were passed a dso that already has one
+     * set.
+     */
+    if (filename != NULL)
+        if (!DSO_set_filename(ret, filename)) {
+            DSOerr(DSO_F_DSO_LOAD, DSO_R_SET_FILENAME_FAILED);
+            goto err;
+        }
+    filename = ret->filename;
+    if (filename == NULL) {
+        DSOerr(DSO_F_DSO_LOAD, DSO_R_NO_FILENAME);
+        goto err;
+    }
+    if (ret->meth->dso_load == NULL) {
+        DSOerr(DSO_F_DSO_LOAD, DSO_R_UNSUPPORTED);
+        goto err;
+    }
+    if (!ret->meth->dso_load(ret)) {
+        DSOerr(DSO_F_DSO_LOAD, DSO_R_LOAD_FAILED);
+        goto err;
+    }
+    /* Load succeeded */
+    return (ret);
+ err:
+    if (allocated)
+        DSO_free(ret);
+    return (NULL);
+}
+
+void *DSO_bind_var(DSO *dso, const char *symname)
+{
+    void *ret = NULL;
+
+    if ((dso == NULL) || (symname == NULL)) {
+        DSOerr(DSO_F_DSO_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    if (dso->meth->dso_bind_var == NULL) {
+        DSOerr(DSO_F_DSO_BIND_VAR, DSO_R_UNSUPPORTED);
+        return (NULL);
+    }
+    if ((ret = dso->meth->dso_bind_var(dso, symname)) == NULL) {
+        DSOerr(DSO_F_DSO_BIND_VAR, DSO_R_SYM_FAILURE);
+        return (NULL);
+    }
+    /* Success */
+    return (ret);
+}
+
+DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname)
+{
+    DSO_FUNC_TYPE ret = NULL;
+
+    if ((dso == NULL) || (symname == NULL)) {
+        DSOerr(DSO_F_DSO_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    if (dso->meth->dso_bind_func == NULL) {
+        DSOerr(DSO_F_DSO_BIND_FUNC, DSO_R_UNSUPPORTED);
+        return (NULL);
+    }
+    if ((ret = dso->meth->dso_bind_func(dso, symname)) == NULL) {
+        DSOerr(DSO_F_DSO_BIND_FUNC, DSO_R_SYM_FAILURE);
+        return (NULL);
+    }
+    /* Success */
+    return (ret);
+}
+
+/*
+ * I don't really like these *_ctrl functions very much to be perfectly
+ * honest. For one thing, I think I have to return a negative value for any
+ * error because possible DSO_ctrl() commands may return values such as
+ * "size"s that can legitimately be zero (making the standard
+ * "if (DSO_cmd(...))" form that works almost everywhere else fail at odd
+ * times. I'd prefer "output" values to be passed by reference and the return
+ * value as success/failure like usual ... but we conform when we must... :-)
+ */
+long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg)
+{
+    if (dso == NULL) {
+        DSOerr(DSO_F_DSO_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+        return (-1);
+    }
+    /*
+     * We should intercept certain generic commands and only pass control to
+     * the method-specific ctrl() function if it's something we don't handle.
+     */
+    switch (cmd) {
+    case DSO_CTRL_GET_FLAGS:
+        return dso->flags;
+    case DSO_CTRL_SET_FLAGS:
+        dso->flags = (int)larg;
+        return (0);
+    case DSO_CTRL_OR_FLAGS:
+        dso->flags |= (int)larg;
+        return (0);
+    default:
+        break;
+    }
+    if ((dso->meth == NULL) || (dso->meth->dso_ctrl == NULL)) {
+        DSOerr(DSO_F_DSO_CTRL, DSO_R_UNSUPPORTED);
+        return (-1);
+    }
+    return (dso->meth->dso_ctrl(dso, cmd, larg, parg));
+}
+
+int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb,
+                           DSO_NAME_CONVERTER_FUNC *oldcb)
+{
+    if (dso == NULL) {
+        DSOerr(DSO_F_DSO_SET_NAME_CONVERTER, ERR_R_PASSED_NULL_PARAMETER);
+        return (0);
+    }
+    if (oldcb)
+        *oldcb = dso->name_converter;
+    dso->name_converter = cb;
+    return (1);
+}
+
+const char *DSO_get_filename(DSO *dso)
+{
+    if (dso == NULL) {
+        DSOerr(DSO_F_DSO_GET_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    return (dso->filename);
+}
+
+int DSO_set_filename(DSO *dso, const char *filename)
+{
+    char *copied;
+
+    if ((dso == NULL) || (filename == NULL)) {
+        DSOerr(DSO_F_DSO_SET_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
+        return (0);
+    }
+    if (dso->loaded_filename) {
+        DSOerr(DSO_F_DSO_SET_FILENAME, DSO_R_DSO_ALREADY_LOADED);
+        return (0);
+    }
+    /* We'll duplicate filename */
+    copied = OPENSSL_malloc(strlen(filename) + 1);
+    if (copied == NULL) {
+        DSOerr(DSO_F_DSO_SET_FILENAME, ERR_R_MALLOC_FAILURE);
+        return (0);
+    }
+    BUF_strlcpy(copied, filename, strlen(filename) + 1);
+    if (dso->filename)
+        OPENSSL_free(dso->filename);
+    dso->filename = copied;
+    return (1);
+}
+
+char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2)
+{
+    char *result = NULL;
+
+    if (dso == NULL || filespec1 == NULL) {
+        DSOerr(DSO_F_DSO_MERGE, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) {
+        if (dso->merger != NULL)
+            result = dso->merger(dso, filespec1, filespec2);
+        else if (dso->meth->dso_merger != NULL)
+            result = dso->meth->dso_merger(dso, filespec1, filespec2);
+    }
+    return (result);
+}
+
+char *DSO_convert_filename(DSO *dso, const char *filename)
+{
+    char *result = NULL;
+
+    if (dso == NULL) {
+        DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    if (filename == NULL)
+        filename = dso->filename;
+    if (filename == NULL) {
+        DSOerr(DSO_F_DSO_CONVERT_FILENAME, DSO_R_NO_FILENAME);
+        return (NULL);
+    }
+    if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) {
+        if (dso->name_converter != NULL)
+            result = dso->name_converter(dso, filename);
+        else if (dso->meth->dso_name_converter != NULL)
+            result = dso->meth->dso_name_converter(dso, filename);
+    }
+    if (result == NULL) {
+        result = OPENSSL_malloc(strlen(filename) + 1);
+        if (result == NULL) {
+            DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_MALLOC_FAILURE);
+            return (NULL);
+        }
+        BUF_strlcpy(result, filename, strlen(filename) + 1);
+    }
+    return (result);
+}
+
+const char *DSO_get_loaded_filename(DSO *dso)
+{
+    if (dso == NULL) {
+        DSOerr(DSO_F_DSO_GET_LOADED_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    return (dso->loaded_filename);
+}
+
+int DSO_pathbyaddr(void *addr, char *path, int sz)
+{
+    DSO_METHOD *meth = default_DSO_meth;
+    if (meth == NULL)
+        meth = DSO_METHOD_openssl();
+    if (meth->pathbyaddr == NULL) {
+        DSOerr(DSO_F_DSO_PATHBYADDR, DSO_R_UNSUPPORTED);
+        return -1;
+    }
+    return (*meth->pathbyaddr) (addr, path, sz);
+}
+
+void *DSO_global_lookup(const char *name)
+{
+    DSO_METHOD *meth = default_DSO_meth;
+    if (meth == NULL)
+        meth = DSO_METHOD_openssl();
+    if (meth->globallookup == NULL) {
+        DSOerr(DSO_F_DSO_GLOBAL_LOOKUP, DSO_R_UNSUPPORTED);
+        return NULL;
+    }
+    return (*meth->globallookup) (name);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/dso/dso_vms.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dso/dso_vms.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/dso/dso_vms.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,547 +0,0 @@
-/* dso_vms.c -*- mode:C; c-file-style: "eay" -*- */
-/*
- * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include <openssl/dso.h>
-
-#ifndef OPENSSL_SYS_VMS
-DSO_METHOD *DSO_METHOD_vms(void)
-{
-    return NULL;
-}
-#else
-
-# pragma message disable DOLLARID
-# include <rms.h>
-# include <lib$routines.h>
-# include <stsdef.h>
-# include <descrip.h>
-# include <starlet.h>
-# include "vms_rms.h"
-
-/* Some compiler options may mask the declaration of "_malloc32". */
-# if __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE
-#  if __INITIAL_POINTER_SIZE == 64
-#   pragma pointer_size save
-#   pragma pointer_size 32
-void *_malloc32(__size_t);
-#   pragma pointer_size restore
-#  endif                        /* __INITIAL_POINTER_SIZE == 64 */
-# endif                         /* __INITIAL_POINTER_SIZE && defined
-                                 * _ANSI_C_SOURCE */
-
-# pragma message disable DOLLARID
-
-static int vms_load(DSO *dso);
-static int vms_unload(DSO *dso);
-static void *vms_bind_var(DSO *dso, const char *symname);
-static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname);
-# if 0
-static int vms_unbind_var(DSO *dso, char *symname, void *symptr);
-static int vms_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
-static int vms_init(DSO *dso);
-static int vms_finish(DSO *dso);
-static long vms_ctrl(DSO *dso, int cmd, long larg, void *parg);
-# endif
-static char *vms_name_converter(DSO *dso, const char *filename);
-static char *vms_merger(DSO *dso, const char *filespec1,
-                        const char *filespec2);
-
-static DSO_METHOD dso_meth_vms = {
-    "OpenSSL 'VMS' shared library method",
-    vms_load,
-    NULL,                       /* unload */
-    vms_bind_var,
-    vms_bind_func,
-/* For now, "unbind" doesn't exist */
-# if 0
-    NULL,                       /* unbind_var */
-    NULL,                       /* unbind_func */
-# endif
-    NULL,                       /* ctrl */
-    vms_name_converter,
-    vms_merger,
-    NULL,                       /* init */
-    NULL                        /* finish */
-};
-
-/*
- * On VMS, the only "handle" is the file name.  LIB$FIND_IMAGE_SYMBOL depends
- * on the reference to the file name being the same for all calls regarding
- * one shared image, so we'll just store it in an instance of the following
- * structure and put a pointer to that instance in the meth_data stack.
- */
-typedef struct dso_internal_st {
-    /*
-     * This should contain the name only, no directory, no extension, nothing
-     * but a name.
-     */
-    struct dsc$descriptor_s filename_dsc;
-    char filename[NAMX_MAXRSS + 1];
-    /*
-     * This contains whatever is not in filename, if needed. Normally not
-     * defined.
-     */
-    struct dsc$descriptor_s imagename_dsc;
-    char imagename[NAMX_MAXRSS + 1];
-} DSO_VMS_INTERNAL;
-
-DSO_METHOD *DSO_METHOD_vms(void)
-{
-    return (&dso_meth_vms);
-}
-
-static int vms_load(DSO *dso)
-{
-    void *ptr = NULL;
-    /* See applicable comments in dso_dl.c */
-    char *filename = DSO_convert_filename(dso, NULL);
-
-/* Ensure 32-bit pointer for "p", and appropriate malloc() function. */
-# if __INITIAL_POINTER_SIZE == 64
-#  define DSO_MALLOC _malloc32
-#  pragma pointer_size save
-#  pragma pointer_size 32
-# else                          /* __INITIAL_POINTER_SIZE == 64 */
-#  define DSO_MALLOC OPENSSL_malloc
-# endif                         /* __INITIAL_POINTER_SIZE == 64 [else] */
-
-    DSO_VMS_INTERNAL *p = NULL;
-
-# if __INITIAL_POINTER_SIZE == 64
-#  pragma pointer_size restore
-# endif                         /* __INITIAL_POINTER_SIZE == 64 */
-
-    const char *sp1, *sp2;      /* Search result */
-    const char *ext = NULL;	/* possible extension to add */
-
-    if (filename == NULL) {
-        DSOerr(DSO_F_VMS_LOAD, DSO_R_NO_FILENAME);
-        goto err;
-    }
-
-    /*-
-     * A file specification may look like this:
-     *
-     *      node::dev:[dir-spec]name.type;ver
-     *
-     * or (for compatibility with TOPS-20):
-     *
-     *      node::dev:<dir-spec>name.type;ver
-     *
-     * and the dir-spec uses '.' as separator.  Also, a dir-spec
-     * may consist of several parts, with mixed use of [] and <>:
-     *
-     *      [dir1.]<dir2>
-     *
-     * We need to split the file specification into the name and
-     * the rest (both before and after the name itself).
-     */
-    /*
-     * Start with trying to find the end of a dir-spec, and save the position
-     * of the byte after in sp1
-     */
-    sp1 = strrchr(filename, ']');
-    sp2 = strrchr(filename, '>');
-    if (sp1 == NULL)
-        sp1 = sp2;
-    if (sp2 != NULL && sp2 > sp1)
-        sp1 = sp2;
-    if (sp1 == NULL)
-        sp1 = strrchr(filename, ':');
-    if (sp1 == NULL)
-        sp1 = filename;
-    else
-        sp1++;                  /* The byte after the found character */
-    /* Now, let's see if there's a type, and save the position in sp2 */
-    sp2 = strchr(sp1, '.');
-    /*
-     * If there is a period and the next character is a semi-colon,
-     * we need to add an extension
-     */
-    if (sp2 != NULL && sp2[1] == ';')
-        ext = ".EXE";
-    /*
-     * If we found it, that's where we'll cut.  Otherwise, look for a version
-     * number and save the position in sp2
-     */
-    if (sp2 == NULL) {
-        sp2 = strchr(sp1, ';');
-        ext = ".EXE";
-    }
-    /*
-     * If there was still nothing to find, set sp2 to point at the end of the
-     * string
-     */
-    if (sp2 == NULL)
-        sp2 = sp1 + strlen(sp1);
-
-    /* Check that we won't get buffer overflows */
-    if (sp2 - sp1 > FILENAME_MAX
-        || (sp1 - filename) + strlen(sp2) > FILENAME_MAX) {
-        DSOerr(DSO_F_VMS_LOAD, DSO_R_FILENAME_TOO_BIG);
-        goto err;
-    }
-
-    p = DSO_MALLOC(sizeof(DSO_VMS_INTERNAL));
-    if (p == NULL) {
-        DSOerr(DSO_F_VMS_LOAD, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    strncpy(p->filename, sp1, sp2 - sp1);
-    p->filename[sp2 - sp1] = '\0';
-
-    strncpy(p->imagename, filename, sp1 - filename);
-    p->imagename[sp1 - filename] = '\0';
-    if (ext) {
-        strcat(p->imagename, ext);
-        if (*sp2 == '.')
-            sp2++;
-    }
-    strcat(p->imagename, sp2);
-
-    p->filename_dsc.dsc$w_length = strlen(p->filename);
-    p->filename_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
-    p->filename_dsc.dsc$b_class = DSC$K_CLASS_S;
-    p->filename_dsc.dsc$a_pointer = p->filename;
-    p->imagename_dsc.dsc$w_length = strlen(p->imagename);
-    p->imagename_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
-    p->imagename_dsc.dsc$b_class = DSC$K_CLASS_S;
-    p->imagename_dsc.dsc$a_pointer = p->imagename;
-
-    if (!sk_void_push(dso->meth_data, (char *)p)) {
-        DSOerr(DSO_F_VMS_LOAD, DSO_R_STACK_ERROR);
-        goto err;
-    }
-
-    /* Success (for now, we lie.  We actually do not know...) */
-    dso->loaded_filename = filename;
-    return (1);
- err:
-    /* Cleanup! */
-    if (p != NULL)
-        OPENSSL_free(p);
-    if (filename != NULL)
-        OPENSSL_free(filename);
-    return (0);
-}
-
-/*
- * Note that this doesn't actually unload the shared image, as there is no
- * such thing in VMS.  Next time it get loaded again, a new copy will
- * actually be loaded.
- */
-static int vms_unload(DSO *dso)
-{
-    DSO_VMS_INTERNAL *p;
-    if (dso == NULL) {
-        DSOerr(DSO_F_VMS_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
-        return (0);
-    }
-    if (sk_void_num(dso->meth_data) < 1)
-        return (1);
-    p = (DSO_VMS_INTERNAL *)sk_void_pop(dso->meth_data);
-    if (p == NULL) {
-        DSOerr(DSO_F_VMS_UNLOAD, DSO_R_NULL_HANDLE);
-        return (0);
-    }
-    /* Cleanup */
-    OPENSSL_free(p);
-    return (1);
-}
-
-/*
- * We must do this in a separate function because of the way the exception
- * handler works (it makes this function return
- */
-static int do_find_symbol(DSO_VMS_INTERNAL *ptr,
-                          struct dsc$descriptor_s *symname_dsc, void **sym,
-                          unsigned long flags)
-{
-    /*
-     * Make sure that signals are caught and returned instead of aborting the
-     * program.  The exception handler gets unestablished automatically on
-     * return from this function.
-     */
-    lib$establish(lib$sig_to_ret);
-
-    if (ptr->imagename_dsc.dsc$w_length)
-        return lib$find_image_symbol(&ptr->filename_dsc,
-                                     symname_dsc, sym,
-                                     &ptr->imagename_dsc, flags);
-    else
-        return lib$find_image_symbol(&ptr->filename_dsc,
-                                     symname_dsc, sym, 0, flags);
-}
-
-void vms_bind_sym(DSO *dso, const char *symname, void **sym)
-{
-    DSO_VMS_INTERNAL *ptr;
-    int status;
-# if 0
-    int flags = (1 << 4);       /* LIB$M_FIS_MIXEDCASE, but this symbol isn't
-                                 * defined in VMS older than 7.0 or so */
-# else
-    int flags = 0;
-# endif
-    struct dsc$descriptor_s symname_dsc;
-
-/* Arrange 32-bit pointer to (copied) string storage, if needed. */
-# if __INITIAL_POINTER_SIZE == 64
-#  define SYMNAME symname_32p
-#  pragma pointer_size save
-#  pragma pointer_size 32
-    char *symname_32p;
-#  pragma pointer_size restore
-    char symname_32[NAMX_MAXRSS + 1];
-# else                          /* __INITIAL_POINTER_SIZE == 64 */
-#  define SYMNAME ((char *) symname)
-# endif                         /* __INITIAL_POINTER_SIZE == 64 [else] */
-
-    *sym = NULL;
-
-    if ((dso == NULL) || (symname == NULL)) {
-        DSOerr(DSO_F_VMS_BIND_SYM, ERR_R_PASSED_NULL_PARAMETER);
-        return;
-    }
-# if __INITIAL_POINTER_SIZE == 64
-    /* Copy the symbol name to storage with a 32-bit pointer. */
-    symname_32p = symname_32;
-    strcpy(symname_32p, symname);
-# endif                         /* __INITIAL_POINTER_SIZE == 64 [else] */
-
-    symname_dsc.dsc$w_length = strlen(SYMNAME);
-    symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
-    symname_dsc.dsc$b_class = DSC$K_CLASS_S;
-    symname_dsc.dsc$a_pointer = SYMNAME;
-
-    if (sk_void_num(dso->meth_data) < 1) {
-        DSOerr(DSO_F_VMS_BIND_SYM, DSO_R_STACK_ERROR);
-        return;
-    }
-    ptr = (DSO_VMS_INTERNAL *)sk_void_value(dso->meth_data,
-                                            sk_void_num(dso->meth_data) - 1);
-    if (ptr == NULL) {
-        DSOerr(DSO_F_VMS_BIND_SYM, DSO_R_NULL_HANDLE);
-        return;
-    }
-
-    if (dso->flags & DSO_FLAG_UPCASE_SYMBOL)
-        flags = 0;
-
-    status = do_find_symbol(ptr, &symname_dsc, sym, flags);
-
-    if (!$VMS_STATUS_SUCCESS(status)) {
-        unsigned short length;
-        char errstring[257];
-        struct dsc$descriptor_s errstring_dsc;
-
-        errstring_dsc.dsc$w_length = sizeof(errstring);
-        errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
-        errstring_dsc.dsc$b_class = DSC$K_CLASS_S;
-        errstring_dsc.dsc$a_pointer = errstring;
-
-        *sym = NULL;
-
-        status = sys$getmsg(status, &length, &errstring_dsc, 1, 0);
-
-        if (!$VMS_STATUS_SUCCESS(status))
-            lib$signal(status); /* This is really bad.  Abort! */
-        else {
-            errstring[length] = '\0';
-
-            DSOerr(DSO_F_VMS_BIND_SYM, DSO_R_SYM_FAILURE);
-            if (ptr->imagename_dsc.dsc$w_length)
-                ERR_add_error_data(9,
-                                   "Symbol ", symname,
-                                   " in ", ptr->filename,
-                                   " (", ptr->imagename, ")",
-                                   ": ", errstring);
-            else
-                ERR_add_error_data(6,
-                                   "Symbol ", symname,
-                                   " in ", ptr->filename, ": ", errstring);
-        }
-        return;
-    }
-    return;
-}
-
-static void *vms_bind_var(DSO *dso, const char *symname)
-{
-    void *sym = 0;
-    vms_bind_sym(dso, symname, &sym);
-    return sym;
-}
-
-static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname)
-{
-    DSO_FUNC_TYPE sym = 0;
-    vms_bind_sym(dso, symname, (void **)&sym);
-    return sym;
-}
-
-static char *vms_merger(DSO *dso, const char *filespec1,
-                        const char *filespec2)
-{
-    int status;
-    int filespec1len, filespec2len;
-    struct FAB fab;
-    struct NAMX_STRUCT nam;
-    char esa[NAMX_MAXRSS + 1];
-    char *merged;
-
-/* Arrange 32-bit pointer to (copied) string storage, if needed. */
-# if __INITIAL_POINTER_SIZE == 64
-#  define FILESPEC1 filespec1_32p;
-#  define FILESPEC2 filespec2_32p;
-#  pragma pointer_size save
-#  pragma pointer_size 32
-    char *filespec1_32p;
-    char *filespec2_32p;
-#  pragma pointer_size restore
-    char filespec1_32[NAMX_MAXRSS + 1];
-    char filespec2_32[NAMX_MAXRSS + 1];
-# else                          /* __INITIAL_POINTER_SIZE == 64 */
-#  define FILESPEC1 ((char *) filespec1)
-#  define FILESPEC2 ((char *) filespec2)
-# endif                         /* __INITIAL_POINTER_SIZE == 64 [else] */
-
-    if (!filespec1)
-        filespec1 = "";
-    if (!filespec2)
-        filespec2 = "";
-    filespec1len = strlen(filespec1);
-    filespec2len = strlen(filespec2);
-
-# if __INITIAL_POINTER_SIZE == 64
-    /* Copy the file names to storage with a 32-bit pointer. */
-    filespec1_32p = filespec1_32;
-    filespec2_32p = filespec2_32;
-    strcpy(filespec1_32p, filespec1);
-    strcpy(filespec2_32p, filespec2);
-# endif                         /* __INITIAL_POINTER_SIZE == 64 [else] */
-
-    fab = cc$rms_fab;
-    nam = CC_RMS_NAMX;
-
-    FAB_OR_NAML(fab, nam).FAB_OR_NAML_FNA = FILESPEC1;
-    FAB_OR_NAML(fab, nam).FAB_OR_NAML_FNS = filespec1len;
-    FAB_OR_NAML(fab, nam).FAB_OR_NAML_DNA = FILESPEC2;
-    FAB_OR_NAML(fab, nam).FAB_OR_NAML_DNS = filespec2len;
-    NAMX_DNA_FNA_SET(fab)
-
-        nam.NAMX_ESA = esa;
-    nam.NAMX_ESS = NAMX_MAXRSS;
-    nam.NAMX_NOP = NAM$M_SYNCHK | NAM$M_PWD;
-    SET_NAMX_NO_SHORT_UPCASE(nam);
-
-    fab.FAB_NAMX = &nam;
-
-    status = sys$parse(&fab, 0, 0);
-
-    if (!$VMS_STATUS_SUCCESS(status)) {
-        unsigned short length;
-        char errstring[257];
-        struct dsc$descriptor_s errstring_dsc;
-
-        errstring_dsc.dsc$w_length = sizeof(errstring);
-        errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
-        errstring_dsc.dsc$b_class = DSC$K_CLASS_S;
-        errstring_dsc.dsc$a_pointer = errstring;
-
-        status = sys$getmsg(status, &length, &errstring_dsc, 1, 0);
-
-        if (!$VMS_STATUS_SUCCESS(status))
-            lib$signal(status); /* This is really bad.  Abort! */
-        else {
-            errstring[length] = '\0';
-
-            DSOerr(DSO_F_VMS_MERGER, DSO_R_FAILURE);
-            ERR_add_error_data(7,
-                               "filespec \"", filespec1, "\", ",
-                               "defaults \"", filespec2, "\": ", errstring);
-        }
-        return (NULL);
-    }
-
-    merged = OPENSSL_malloc(nam.NAMX_ESL + 1);
-    if (!merged)
-        goto malloc_err;
-    strncpy(merged, nam.NAMX_ESA, nam.NAMX_ESL);
-    merged[nam.NAMX_ESL] = '\0';
-    return (merged);
- malloc_err:
-    DSOerr(DSO_F_VMS_MERGER, ERR_R_MALLOC_FAILURE);
-}
-
-static char *vms_name_converter(DSO *dso, const char *filename)
-{
-    int len = strlen(filename);
-    char *not_translated = OPENSSL_malloc(len + 1);
-    if (not_translated)
-        strcpy(not_translated, filename);
-    return (not_translated);
-}
-
-#endif                          /* OPENSSL_SYS_VMS */

Copied: vendor-crypto/openssl/1.0.1u/crypto/dso/dso_vms.c (from rev 11605, vendor-crypto/openssl/dist/crypto/dso/dso_vms.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/dso/dso_vms.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/dso/dso_vms.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,547 @@
+/* dso_vms.c */
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+
+#ifndef OPENSSL_SYS_VMS
+DSO_METHOD *DSO_METHOD_vms(void)
+{
+    return NULL;
+}
+#else
+
+# pragma message disable DOLLARID
+# include <rms.h>
+# include <lib$routines.h>
+# include <stsdef.h>
+# include <descrip.h>
+# include <starlet.h>
+# include "vms_rms.h"
+
+/* Some compiler options may mask the declaration of "_malloc32". */
+# if __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE
+#  if __INITIAL_POINTER_SIZE == 64
+#   pragma pointer_size save
+#   pragma pointer_size 32
+void *_malloc32(__size_t);
+#   pragma pointer_size restore
+#  endif                        /* __INITIAL_POINTER_SIZE == 64 */
+# endif                         /* __INITIAL_POINTER_SIZE && defined
+                                 * _ANSI_C_SOURCE */
+
+# pragma message disable DOLLARID
+
+static int vms_load(DSO *dso);
+static int vms_unload(DSO *dso);
+static void *vms_bind_var(DSO *dso, const char *symname);
+static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname);
+# if 0
+static int vms_unbind_var(DSO *dso, char *symname, void *symptr);
+static int vms_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
+static int vms_init(DSO *dso);
+static int vms_finish(DSO *dso);
+static long vms_ctrl(DSO *dso, int cmd, long larg, void *parg);
+# endif
+static char *vms_name_converter(DSO *dso, const char *filename);
+static char *vms_merger(DSO *dso, const char *filespec1,
+                        const char *filespec2);
+
+static DSO_METHOD dso_meth_vms = {
+    "OpenSSL 'VMS' shared library method",
+    vms_load,
+    NULL,                       /* unload */
+    vms_bind_var,
+    vms_bind_func,
+/* For now, "unbind" doesn't exist */
+# if 0
+    NULL,                       /* unbind_var */
+    NULL,                       /* unbind_func */
+# endif
+    NULL,                       /* ctrl */
+    vms_name_converter,
+    vms_merger,
+    NULL,                       /* init */
+    NULL                        /* finish */
+};
+
+/*
+ * On VMS, the only "handle" is the file name.  LIB$FIND_IMAGE_SYMBOL depends
+ * on the reference to the file name being the same for all calls regarding
+ * one shared image, so we'll just store it in an instance of the following
+ * structure and put a pointer to that instance in the meth_data stack.
+ */
+typedef struct dso_internal_st {
+    /*
+     * This should contain the name only, no directory, no extension, nothing
+     * but a name.
+     */
+    struct dsc$descriptor_s filename_dsc;
+    char filename[NAMX_MAXRSS + 1];
+    /*
+     * This contains whatever is not in filename, if needed. Normally not
+     * defined.
+     */
+    struct dsc$descriptor_s imagename_dsc;
+    char imagename[NAMX_MAXRSS + 1];
+} DSO_VMS_INTERNAL;
+
+DSO_METHOD *DSO_METHOD_vms(void)
+{
+    return (&dso_meth_vms);
+}
+
+static int vms_load(DSO *dso)
+{
+    void *ptr = NULL;
+    /* See applicable comments in dso_dl.c */
+    char *filename = DSO_convert_filename(dso, NULL);
+
+/* Ensure 32-bit pointer for "p", and appropriate malloc() function. */
+# if __INITIAL_POINTER_SIZE == 64
+#  define DSO_MALLOC _malloc32
+#  pragma pointer_size save
+#  pragma pointer_size 32
+# else                          /* __INITIAL_POINTER_SIZE == 64 */
+#  define DSO_MALLOC OPENSSL_malloc
+# endif                         /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+    DSO_VMS_INTERNAL *p = NULL;
+
+# if __INITIAL_POINTER_SIZE == 64
+#  pragma pointer_size restore
+# endif                         /* __INITIAL_POINTER_SIZE == 64 */
+
+    const char *sp1, *sp2;      /* Search result */
+    const char *ext = NULL;	/* possible extension to add */
+
+    if (filename == NULL) {
+        DSOerr(DSO_F_VMS_LOAD, DSO_R_NO_FILENAME);
+        goto err;
+    }
+
+    /*-
+     * A file specification may look like this:
+     *
+     *      node::dev:[dir-spec]name.type;ver
+     *
+     * or (for compatibility with TOPS-20):
+     *
+     *      node::dev:<dir-spec>name.type;ver
+     *
+     * and the dir-spec uses '.' as separator.  Also, a dir-spec
+     * may consist of several parts, with mixed use of [] and <>:
+     *
+     *      [dir1.]<dir2>
+     *
+     * We need to split the file specification into the name and
+     * the rest (both before and after the name itself).
+     */
+    /*
+     * Start with trying to find the end of a dir-spec, and save the position
+     * of the byte after in sp1
+     */
+    sp1 = strrchr(filename, ']');
+    sp2 = strrchr(filename, '>');
+    if (sp1 == NULL)
+        sp1 = sp2;
+    if (sp2 != NULL && sp2 > sp1)
+        sp1 = sp2;
+    if (sp1 == NULL)
+        sp1 = strrchr(filename, ':');
+    if (sp1 == NULL)
+        sp1 = filename;
+    else
+        sp1++;                  /* The byte after the found character */
+    /* Now, let's see if there's a type, and save the position in sp2 */
+    sp2 = strchr(sp1, '.');
+    /*
+     * If there is a period and the next character is a semi-colon,
+     * we need to add an extension
+     */
+    if (sp2 != NULL && sp2[1] == ';')
+        ext = ".EXE";
+    /*
+     * If we found it, that's where we'll cut.  Otherwise, look for a version
+     * number and save the position in sp2
+     */
+    if (sp2 == NULL) {
+        sp2 = strchr(sp1, ';');
+        ext = ".EXE";
+    }
+    /*
+     * If there was still nothing to find, set sp2 to point at the end of the
+     * string
+     */
+    if (sp2 == NULL)
+        sp2 = sp1 + strlen(sp1);
+
+    /* Check that we won't get buffer overflows */
+    if (sp2 - sp1 > FILENAME_MAX
+        || (sp1 - filename) + strlen(sp2) > FILENAME_MAX) {
+        DSOerr(DSO_F_VMS_LOAD, DSO_R_FILENAME_TOO_BIG);
+        goto err;
+    }
+
+    p = DSO_MALLOC(sizeof(DSO_VMS_INTERNAL));
+    if (p == NULL) {
+        DSOerr(DSO_F_VMS_LOAD, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    strncpy(p->filename, sp1, sp2 - sp1);
+    p->filename[sp2 - sp1] = '\0';
+
+    strncpy(p->imagename, filename, sp1 - filename);
+    p->imagename[sp1 - filename] = '\0';
+    if (ext) {
+        strcat(p->imagename, ext);
+        if (*sp2 == '.')
+            sp2++;
+    }
+    strcat(p->imagename, sp2);
+
+    p->filename_dsc.dsc$w_length = strlen(p->filename);
+    p->filename_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+    p->filename_dsc.dsc$b_class = DSC$K_CLASS_S;
+    p->filename_dsc.dsc$a_pointer = p->filename;
+    p->imagename_dsc.dsc$w_length = strlen(p->imagename);
+    p->imagename_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+    p->imagename_dsc.dsc$b_class = DSC$K_CLASS_S;
+    p->imagename_dsc.dsc$a_pointer = p->imagename;
+
+    if (!sk_void_push(dso->meth_data, (char *)p)) {
+        DSOerr(DSO_F_VMS_LOAD, DSO_R_STACK_ERROR);
+        goto err;
+    }
+
+    /* Success (for now, we lie.  We actually do not know...) */
+    dso->loaded_filename = filename;
+    return (1);
+ err:
+    /* Cleanup! */
+    if (p != NULL)
+        OPENSSL_free(p);
+    if (filename != NULL)
+        OPENSSL_free(filename);
+    return (0);
+}
+
+/*
+ * Note that this doesn't actually unload the shared image, as there is no
+ * such thing in VMS.  Next time it get loaded again, a new copy will
+ * actually be loaded.
+ */
+static int vms_unload(DSO *dso)
+{
+    DSO_VMS_INTERNAL *p;
+    if (dso == NULL) {
+        DSOerr(DSO_F_VMS_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
+        return (0);
+    }
+    if (sk_void_num(dso->meth_data) < 1)
+        return (1);
+    p = (DSO_VMS_INTERNAL *)sk_void_pop(dso->meth_data);
+    if (p == NULL) {
+        DSOerr(DSO_F_VMS_UNLOAD, DSO_R_NULL_HANDLE);
+        return (0);
+    }
+    /* Cleanup */
+    OPENSSL_free(p);
+    return (1);
+}
+
+/*
+ * We must do this in a separate function because of the way the exception
+ * handler works (it makes this function return
+ */
+static int do_find_symbol(DSO_VMS_INTERNAL *ptr,
+                          struct dsc$descriptor_s *symname_dsc, void **sym,
+                          unsigned long flags)
+{
+    /*
+     * Make sure that signals are caught and returned instead of aborting the
+     * program.  The exception handler gets unestablished automatically on
+     * return from this function.
+     */
+    lib$establish(lib$sig_to_ret);
+
+    if (ptr->imagename_dsc.dsc$w_length)
+        return lib$find_image_symbol(&ptr->filename_dsc,
+                                     symname_dsc, sym,
+                                     &ptr->imagename_dsc, flags);
+    else
+        return lib$find_image_symbol(&ptr->filename_dsc,
+                                     symname_dsc, sym, 0, flags);
+}
+
+void vms_bind_sym(DSO *dso, const char *symname, void **sym)
+{
+    DSO_VMS_INTERNAL *ptr;
+    int status;
+# if 0
+    int flags = (1 << 4);       /* LIB$M_FIS_MIXEDCASE, but this symbol isn't
+                                 * defined in VMS older than 7.0 or so */
+# else
+    int flags = 0;
+# endif
+    struct dsc$descriptor_s symname_dsc;
+
+/* Arrange 32-bit pointer to (copied) string storage, if needed. */
+# if __INITIAL_POINTER_SIZE == 64
+#  define SYMNAME symname_32p
+#  pragma pointer_size save
+#  pragma pointer_size 32
+    char *symname_32p;
+#  pragma pointer_size restore
+    char symname_32[NAMX_MAXRSS + 1];
+# else                          /* __INITIAL_POINTER_SIZE == 64 */
+#  define SYMNAME ((char *) symname)
+# endif                         /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+    *sym = NULL;
+
+    if ((dso == NULL) || (symname == NULL)) {
+        DSOerr(DSO_F_VMS_BIND_SYM, ERR_R_PASSED_NULL_PARAMETER);
+        return;
+    }
+# if __INITIAL_POINTER_SIZE == 64
+    /* Copy the symbol name to storage with a 32-bit pointer. */
+    symname_32p = symname_32;
+    strcpy(symname_32p, symname);
+# endif                         /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+    symname_dsc.dsc$w_length = strlen(SYMNAME);
+    symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+    symname_dsc.dsc$b_class = DSC$K_CLASS_S;
+    symname_dsc.dsc$a_pointer = SYMNAME;
+
+    if (sk_void_num(dso->meth_data) < 1) {
+        DSOerr(DSO_F_VMS_BIND_SYM, DSO_R_STACK_ERROR);
+        return;
+    }
+    ptr = (DSO_VMS_INTERNAL *)sk_void_value(dso->meth_data,
+                                            sk_void_num(dso->meth_data) - 1);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_VMS_BIND_SYM, DSO_R_NULL_HANDLE);
+        return;
+    }
+
+    if (dso->flags & DSO_FLAG_UPCASE_SYMBOL)
+        flags = 0;
+
+    status = do_find_symbol(ptr, &symname_dsc, sym, flags);
+
+    if (!$VMS_STATUS_SUCCESS(status)) {
+        unsigned short length;
+        char errstring[257];
+        struct dsc$descriptor_s errstring_dsc;
+
+        errstring_dsc.dsc$w_length = sizeof(errstring);
+        errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+        errstring_dsc.dsc$b_class = DSC$K_CLASS_S;
+        errstring_dsc.dsc$a_pointer = errstring;
+
+        *sym = NULL;
+
+        status = sys$getmsg(status, &length, &errstring_dsc, 1, 0);
+
+        if (!$VMS_STATUS_SUCCESS(status))
+            lib$signal(status); /* This is really bad.  Abort! */
+        else {
+            errstring[length] = '\0';
+
+            DSOerr(DSO_F_VMS_BIND_SYM, DSO_R_SYM_FAILURE);
+            if (ptr->imagename_dsc.dsc$w_length)
+                ERR_add_error_data(9,
+                                   "Symbol ", symname,
+                                   " in ", ptr->filename,
+                                   " (", ptr->imagename, ")",
+                                   ": ", errstring);
+            else
+                ERR_add_error_data(6,
+                                   "Symbol ", symname,
+                                   " in ", ptr->filename, ": ", errstring);
+        }
+        return;
+    }
+    return;
+}
+
+static void *vms_bind_var(DSO *dso, const char *symname)
+{
+    void *sym = 0;
+    vms_bind_sym(dso, symname, &sym);
+    return sym;
+}
+
+static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname)
+{
+    DSO_FUNC_TYPE sym = 0;
+    vms_bind_sym(dso, symname, (void **)&sym);
+    return sym;
+}
+
+static char *vms_merger(DSO *dso, const char *filespec1,
+                        const char *filespec2)
+{
+    int status;
+    int filespec1len, filespec2len;
+    struct FAB fab;
+    struct NAMX_STRUCT nam;
+    char esa[NAMX_MAXRSS + 1];
+    char *merged;
+
+/* Arrange 32-bit pointer to (copied) string storage, if needed. */
+# if __INITIAL_POINTER_SIZE == 64
+#  define FILESPEC1 filespec1_32p;
+#  define FILESPEC2 filespec2_32p;
+#  pragma pointer_size save
+#  pragma pointer_size 32
+    char *filespec1_32p;
+    char *filespec2_32p;
+#  pragma pointer_size restore
+    char filespec1_32[NAMX_MAXRSS + 1];
+    char filespec2_32[NAMX_MAXRSS + 1];
+# else                          /* __INITIAL_POINTER_SIZE == 64 */
+#  define FILESPEC1 ((char *) filespec1)
+#  define FILESPEC2 ((char *) filespec2)
+# endif                         /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+    if (!filespec1)
+        filespec1 = "";
+    if (!filespec2)
+        filespec2 = "";
+    filespec1len = strlen(filespec1);
+    filespec2len = strlen(filespec2);
+
+# if __INITIAL_POINTER_SIZE == 64
+    /* Copy the file names to storage with a 32-bit pointer. */
+    filespec1_32p = filespec1_32;
+    filespec2_32p = filespec2_32;
+    strcpy(filespec1_32p, filespec1);
+    strcpy(filespec2_32p, filespec2);
+# endif                         /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+    fab = cc$rms_fab;
+    nam = CC_RMS_NAMX;
+
+    FAB_OR_NAML(fab, nam).FAB_OR_NAML_FNA = FILESPEC1;
+    FAB_OR_NAML(fab, nam).FAB_OR_NAML_FNS = filespec1len;
+    FAB_OR_NAML(fab, nam).FAB_OR_NAML_DNA = FILESPEC2;
+    FAB_OR_NAML(fab, nam).FAB_OR_NAML_DNS = filespec2len;
+    NAMX_DNA_FNA_SET(fab)
+
+        nam.NAMX_ESA = esa;
+    nam.NAMX_ESS = NAMX_MAXRSS;
+    nam.NAMX_NOP = NAM$M_SYNCHK | NAM$M_PWD;
+    SET_NAMX_NO_SHORT_UPCASE(nam);
+
+    fab.FAB_NAMX = &nam;
+
+    status = sys$parse(&fab, 0, 0);
+
+    if (!$VMS_STATUS_SUCCESS(status)) {
+        unsigned short length;
+        char errstring[257];
+        struct dsc$descriptor_s errstring_dsc;
+
+        errstring_dsc.dsc$w_length = sizeof(errstring);
+        errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+        errstring_dsc.dsc$b_class = DSC$K_CLASS_S;
+        errstring_dsc.dsc$a_pointer = errstring;
+
+        status = sys$getmsg(status, &length, &errstring_dsc, 1, 0);
+
+        if (!$VMS_STATUS_SUCCESS(status))
+            lib$signal(status); /* This is really bad.  Abort! */
+        else {
+            errstring[length] = '\0';
+
+            DSOerr(DSO_F_VMS_MERGER, DSO_R_FAILURE);
+            ERR_add_error_data(7,
+                               "filespec \"", filespec1, "\", ",
+                               "defaults \"", filespec2, "\": ", errstring);
+        }
+        return (NULL);
+    }
+
+    merged = OPENSSL_malloc(nam.NAMX_ESL + 1);
+    if (!merged)
+        goto malloc_err;
+    strncpy(merged, nam.NAMX_ESA, nam.NAMX_ESL);
+    merged[nam.NAMX_ESL] = '\0';
+    return (merged);
+ malloc_err:
+    DSOerr(DSO_F_VMS_MERGER, ERR_R_MALLOC_FAILURE);
+}
+
+static char *vms_name_converter(DSO *dso, const char *filename)
+{
+    int len = strlen(filename);
+    char *not_translated = OPENSSL_malloc(len + 1);
+    if (not_translated)
+        strcpy(not_translated, filename);
+    return (not_translated);
+}
+
+#endif                          /* OPENSSL_SYS_VMS */

Deleted: vendor-crypto/openssl/1.0.1u/crypto/dso/dso_win32.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dso/dso_win32.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/dso/dso_win32.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,785 +0,0 @@
-/* dso_win32.c -*- mode:C; c-file-style: "eay" -*- */
-/*
- * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include "cryptlib.h"
-#include <openssl/dso.h>
-
-#if !defined(DSO_WIN32)
-DSO_METHOD *DSO_METHOD_win32(void)
-{
-    return NULL;
-}
-#else
-
-# ifdef _WIN32_WCE
-#  if _WIN32_WCE < 300
-static FARPROC GetProcAddressA(HMODULE hModule, LPCSTR lpProcName)
-{
-    WCHAR lpProcNameW[64];
-    int i;
-
-    for (i = 0; lpProcName[i] && i < 64; i++)
-        lpProcNameW[i] = (WCHAR)lpProcName[i];
-    if (i == 64)
-        return NULL;
-    lpProcNameW[i] = 0;
-
-    return GetProcAddressW(hModule, lpProcNameW);
-}
-#  endif
-#  undef GetProcAddress
-#  define GetProcAddress GetProcAddressA
-
-static HINSTANCE LoadLibraryA(LPCSTR lpLibFileName)
-{
-    WCHAR *fnamw;
-    size_t len_0 = strlen(lpLibFileName) + 1, i;
-
-#  ifdef _MSC_VER
-    fnamw = (WCHAR *)_alloca(len_0 * sizeof(WCHAR));
-#  else
-    fnamw = (WCHAR *)alloca(len_0 * sizeof(WCHAR));
-#  endif
-    if (fnamw == NULL) {
-        SetLastError(ERROR_NOT_ENOUGH_MEMORY);
-        return NULL;
-    }
-#  if defined(_WIN32_WCE) && _WIN32_WCE>=101
-    if (!MultiByteToWideChar(CP_ACP, 0, lpLibFileName, len_0, fnamw, len_0))
-#  endif
-        for (i = 0; i < len_0; i++)
-            fnamw[i] = (WCHAR)lpLibFileName[i];
-
-    return LoadLibraryW(fnamw);
-}
-# endif
-
-/* Part of the hack in "win32_load" ... */
-# define DSO_MAX_TRANSLATED_SIZE 256
-
-static int win32_load(DSO *dso);
-static int win32_unload(DSO *dso);
-static void *win32_bind_var(DSO *dso, const char *symname);
-static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname);
-# if 0
-static int win32_unbind_var(DSO *dso, char *symname, void *symptr);
-static int win32_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
-static int win32_init(DSO *dso);
-static int win32_finish(DSO *dso);
-static long win32_ctrl(DSO *dso, int cmd, long larg, void *parg);
-# endif
-static char *win32_name_converter(DSO *dso, const char *filename);
-static char *win32_merger(DSO *dso, const char *filespec1,
-                          const char *filespec2);
-static int win32_pathbyaddr(void *addr, char *path, int sz);
-static void *win32_globallookup(const char *name);
-
-static const char *openssl_strnchr(const char *string, int c, size_t len);
-
-static DSO_METHOD dso_meth_win32 = {
-    "OpenSSL 'win32' shared library method",
-    win32_load,
-    win32_unload,
-    win32_bind_var,
-    win32_bind_func,
-/* For now, "unbind" doesn't exist */
-# if 0
-    NULL,                       /* unbind_var */
-    NULL,                       /* unbind_func */
-# endif
-    NULL,                       /* ctrl */
-    win32_name_converter,
-    win32_merger,
-    NULL,                       /* init */
-    NULL,                       /* finish */
-    win32_pathbyaddr,
-    win32_globallookup
-};
-
-DSO_METHOD *DSO_METHOD_win32(void)
-{
-    return (&dso_meth_win32);
-}
-
-/*
- * For this DSO_METHOD, our meth_data STACK will contain; (i) a pointer to
- * the handle (HINSTANCE) returned from LoadLibrary(), and copied.
- */
-
-static int win32_load(DSO *dso)
-{
-    HINSTANCE h = NULL, *p = NULL;
-    /* See applicable comments from dso_dl.c */
-    char *filename = DSO_convert_filename(dso, NULL);
-
-    if (filename == NULL) {
-        DSOerr(DSO_F_WIN32_LOAD, DSO_R_NO_FILENAME);
-        goto err;
-    }
-    h = LoadLibraryA(filename);
-    if (h == NULL) {
-        DSOerr(DSO_F_WIN32_LOAD, DSO_R_LOAD_FAILED);
-        ERR_add_error_data(3, "filename(", filename, ")");
-        goto err;
-    }
-    p = (HINSTANCE *) OPENSSL_malloc(sizeof(HINSTANCE));
-    if (p == NULL) {
-        DSOerr(DSO_F_WIN32_LOAD, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    *p = h;
-    if (!sk_void_push(dso->meth_data, p)) {
-        DSOerr(DSO_F_WIN32_LOAD, DSO_R_STACK_ERROR);
-        goto err;
-    }
-    /* Success */
-    dso->loaded_filename = filename;
-    return (1);
- err:
-    /* Cleanup ! */
-    if (filename != NULL)
-        OPENSSL_free(filename);
-    if (p != NULL)
-        OPENSSL_free(p);
-    if (h != NULL)
-        FreeLibrary(h);
-    return (0);
-}
-
-static int win32_unload(DSO *dso)
-{
-    HINSTANCE *p;
-    if (dso == NULL) {
-        DSOerr(DSO_F_WIN32_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
-        return (0);
-    }
-    if (sk_void_num(dso->meth_data) < 1)
-        return (1);
-    p = sk_void_pop(dso->meth_data);
-    if (p == NULL) {
-        DSOerr(DSO_F_WIN32_UNLOAD, DSO_R_NULL_HANDLE);
-        return (0);
-    }
-    if (!FreeLibrary(*p)) {
-        DSOerr(DSO_F_WIN32_UNLOAD, DSO_R_UNLOAD_FAILED);
-        /*
-         * We should push the value back onto the stack in case of a retry.
-         */
-        sk_void_push(dso->meth_data, p);
-        return (0);
-    }
-    /* Cleanup */
-    OPENSSL_free(p);
-    return (1);
-}
-
-/*
- * Using GetProcAddress for variables? TODO: Check this out in the Win32 API
- * docs, there's probably a variant for variables.
- */
-static void *win32_bind_var(DSO *dso, const char *symname)
-{
-    HINSTANCE *ptr;
-    void *sym;
-
-    if ((dso == NULL) || (symname == NULL)) {
-        DSOerr(DSO_F_WIN32_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
-    }
-    if (sk_void_num(dso->meth_data) < 1) {
-        DSOerr(DSO_F_WIN32_BIND_VAR, DSO_R_STACK_ERROR);
-        return (NULL);
-    }
-    ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
-    if (ptr == NULL) {
-        DSOerr(DSO_F_WIN32_BIND_VAR, DSO_R_NULL_HANDLE);
-        return (NULL);
-    }
-    sym = GetProcAddress(*ptr, symname);
-    if (sym == NULL) {
-        DSOerr(DSO_F_WIN32_BIND_VAR, DSO_R_SYM_FAILURE);
-        ERR_add_error_data(3, "symname(", symname, ")");
-        return (NULL);
-    }
-    return (sym);
-}
-
-static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname)
-{
-    HINSTANCE *ptr;
-    void *sym;
-
-    if ((dso == NULL) || (symname == NULL)) {
-        DSOerr(DSO_F_WIN32_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
-    }
-    if (sk_void_num(dso->meth_data) < 1) {
-        DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_STACK_ERROR);
-        return (NULL);
-    }
-    ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
-    if (ptr == NULL) {
-        DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_NULL_HANDLE);
-        return (NULL);
-    }
-    sym = GetProcAddress(*ptr, symname);
-    if (sym == NULL) {
-        DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_SYM_FAILURE);
-        ERR_add_error_data(3, "symname(", symname, ")");
-        return (NULL);
-    }
-    return ((DSO_FUNC_TYPE)sym);
-}
-
-struct file_st {
-    const char *node;
-    int nodelen;
-    const char *device;
-    int devicelen;
-    const char *predir;
-    int predirlen;
-    const char *dir;
-    int dirlen;
-    const char *file;
-    int filelen;
-};
-
-static struct file_st *win32_splitter(DSO *dso, const char *filename,
-                                      int assume_last_is_dir)
-{
-    struct file_st *result = NULL;
-    enum { IN_NODE, IN_DEVICE, IN_FILE } position;
-    const char *start = filename;
-    char last;
-
-    if (!filename) {
-        DSOerr(DSO_F_WIN32_SPLITTER, DSO_R_NO_FILENAME);
-        /*
-         * goto err;
-         */
-        return (NULL);
-    }
-
-    result = OPENSSL_malloc(sizeof(struct file_st));
-    if (result == NULL) {
-        DSOerr(DSO_F_WIN32_SPLITTER, ERR_R_MALLOC_FAILURE);
-        return (NULL);
-    }
-
-    memset(result, 0, sizeof(struct file_st));
-    position = IN_DEVICE;
-
-    if ((filename[0] == '\\' && filename[1] == '\\')
-        || (filename[0] == '/' && filename[1] == '/')) {
-        position = IN_NODE;
-        filename += 2;
-        start = filename;
-        result->node = start;
-    }
-
-    do {
-        last = filename[0];
-        switch (last) {
-        case ':':
-            if (position != IN_DEVICE) {
-                DSOerr(DSO_F_WIN32_SPLITTER, DSO_R_INCORRECT_FILE_SYNTAX);
-                /*
-                 * goto err;
-                 */
-                OPENSSL_free(result);
-                return (NULL);
-            }
-            result->device = start;
-            result->devicelen = (int)(filename - start);
-            position = IN_FILE;
-            start = ++filename;
-            result->dir = start;
-            break;
-        case '\\':
-        case '/':
-            if (position == IN_NODE) {
-                result->nodelen = (int)(filename - start);
-                position = IN_FILE;
-                start = ++filename;
-                result->dir = start;
-            } else if (position == IN_DEVICE) {
-                position = IN_FILE;
-                filename++;
-                result->dir = start;
-                result->dirlen = (int)(filename - start);
-                start = filename;
-            } else {
-                filename++;
-                result->dirlen += (int)(filename - start);
-                start = filename;
-            }
-            break;
-        case '\0':
-            if (position == IN_NODE) {
-                result->nodelen = (int)(filename - start);
-            } else {
-                if (filename - start > 0) {
-                    if (assume_last_is_dir) {
-                        if (position == IN_DEVICE) {
-                            result->dir = start;
-                            result->dirlen = 0;
-                        }
-                        result->dirlen += (int)(filename - start);
-                    } else {
-                        result->file = start;
-                        result->filelen = (int)(filename - start);
-                    }
-                }
-            }
-            break;
-        default:
-            filename++;
-            break;
-        }
-    }
-    while (last);
-
-    if (!result->nodelen)
-        result->node = NULL;
-    if (!result->devicelen)
-        result->device = NULL;
-    if (!result->dirlen)
-        result->dir = NULL;
-    if (!result->filelen)
-        result->file = NULL;
-
-    return (result);
-}
-
-static char *win32_joiner(DSO *dso, const struct file_st *file_split)
-{
-    int len = 0, offset = 0;
-    char *result = NULL;
-    const char *start;
-
-    if (!file_split) {
-        DSOerr(DSO_F_WIN32_JOINER, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
-    }
-    if (file_split->node) {
-        len += 2 + file_split->nodelen; /* 2 for starting \\ */
-        if (file_split->predir || file_split->dir || file_split->file)
-            len++;              /* 1 for ending \ */
-    } else if (file_split->device) {
-        len += file_split->devicelen + 1; /* 1 for ending : */
-    }
-    len += file_split->predirlen;
-    if (file_split->predir && (file_split->dir || file_split->file)) {
-        len++;                  /* 1 for ending \ */
-    }
-    len += file_split->dirlen;
-    if (file_split->dir && file_split->file) {
-        len++;                  /* 1 for ending \ */
-    }
-    len += file_split->filelen;
-
-    if (!len) {
-        DSOerr(DSO_F_WIN32_JOINER, DSO_R_EMPTY_FILE_STRUCTURE);
-        return (NULL);
-    }
-
-    result = OPENSSL_malloc(len + 1);
-    if (!result) {
-        DSOerr(DSO_F_WIN32_JOINER, ERR_R_MALLOC_FAILURE);
-        return (NULL);
-    }
-
-    if (file_split->node) {
-        strcpy(&result[offset], "\\\\");
-        offset += 2;
-        strncpy(&result[offset], file_split->node, file_split->nodelen);
-        offset += file_split->nodelen;
-        if (file_split->predir || file_split->dir || file_split->file) {
-            result[offset] = '\\';
-            offset++;
-        }
-    } else if (file_split->device) {
-        strncpy(&result[offset], file_split->device, file_split->devicelen);
-        offset += file_split->devicelen;
-        result[offset] = ':';
-        offset++;
-    }
-    start = file_split->predir;
-    while (file_split->predirlen > (start - file_split->predir)) {
-        const char *end = openssl_strnchr(start, '/',
-                                          file_split->predirlen - (start -
-                                                                   file_split->predir));
-        if (!end)
-            end = start
-                + file_split->predirlen - (start - file_split->predir);
-        strncpy(&result[offset], start, end - start);
-        offset += (int)(end - start);
-        result[offset] = '\\';
-        offset++;
-        start = end + 1;
-    }
-# if 0                          /* Not needed, since the directory converter
-                                 * above already appeneded a backslash */
-    if (file_split->predir && (file_split->dir || file_split->file)) {
-        result[offset] = '\\';
-        offset++;
-    }
-# endif
-    start = file_split->dir;
-    while (file_split->dirlen > (start - file_split->dir)) {
-        const char *end = openssl_strnchr(start, '/',
-                                          file_split->dirlen - (start -
-                                                                file_split->dir));
-        if (!end)
-            end = start + file_split->dirlen - (start - file_split->dir);
-        strncpy(&result[offset], start, end - start);
-        offset += (int)(end - start);
-        result[offset] = '\\';
-        offset++;
-        start = end + 1;
-    }
-# if 0                          /* Not needed, since the directory converter
-                                 * above already appeneded a backslash */
-    if (file_split->dir && file_split->file) {
-        result[offset] = '\\';
-        offset++;
-    }
-# endif
-    strncpy(&result[offset], file_split->file, file_split->filelen);
-    offset += file_split->filelen;
-    result[offset] = '\0';
-    return (result);
-}
-
-static char *win32_merger(DSO *dso, const char *filespec1,
-                          const char *filespec2)
-{
-    char *merged = NULL;
-    struct file_st *filespec1_split = NULL;
-    struct file_st *filespec2_split = NULL;
-
-    if (!filespec1 && !filespec2) {
-        DSOerr(DSO_F_WIN32_MERGER, ERR_R_PASSED_NULL_PARAMETER);
-        return (NULL);
-    }
-    if (!filespec2) {
-        merged = OPENSSL_malloc(strlen(filespec1) + 1);
-        if (!merged) {
-            DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE);
-            return (NULL);
-        }
-        strcpy(merged, filespec1);
-    } else if (!filespec1) {
-        merged = OPENSSL_malloc(strlen(filespec2) + 1);
-        if (!merged) {
-            DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE);
-            return (NULL);
-        }
-        strcpy(merged, filespec2);
-    } else {
-        filespec1_split = win32_splitter(dso, filespec1, 0);
-        if (!filespec1_split) {
-            DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE);
-            return (NULL);
-        }
-        filespec2_split = win32_splitter(dso, filespec2, 1);
-        if (!filespec2_split) {
-            DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE);
-            OPENSSL_free(filespec1_split);
-            return (NULL);
-        }
-
-        /* Fill in into filespec1_split */
-        if (!filespec1_split->node && !filespec1_split->device) {
-            filespec1_split->node = filespec2_split->node;
-            filespec1_split->nodelen = filespec2_split->nodelen;
-            filespec1_split->device = filespec2_split->device;
-            filespec1_split->devicelen = filespec2_split->devicelen;
-        }
-        if (!filespec1_split->dir) {
-            filespec1_split->dir = filespec2_split->dir;
-            filespec1_split->dirlen = filespec2_split->dirlen;
-        } else if (filespec1_split->dir[0] != '\\'
-                   && filespec1_split->dir[0] != '/') {
-            filespec1_split->predir = filespec2_split->dir;
-            filespec1_split->predirlen = filespec2_split->dirlen;
-        }
-        if (!filespec1_split->file) {
-            filespec1_split->file = filespec2_split->file;
-            filespec1_split->filelen = filespec2_split->filelen;
-        }
-
-        merged = win32_joiner(dso, filespec1_split);
-    }
-    OPENSSL_free(filespec1_split);
-    OPENSSL_free(filespec2_split);
-    return (merged);
-}
-
-static char *win32_name_converter(DSO *dso, const char *filename)
-{
-    char *translated;
-    int len, transform;
-
-    len = strlen(filename);
-    transform = ((strstr(filename, "/") == NULL) &&
-                 (strstr(filename, "\\") == NULL) &&
-                 (strstr(filename, ":") == NULL));
-    if (transform)
-        /* We will convert this to "%s.dll" */
-        translated = OPENSSL_malloc(len + 5);
-    else
-        /* We will simply duplicate filename */
-        translated = OPENSSL_malloc(len + 1);
-    if (translated == NULL) {
-        DSOerr(DSO_F_WIN32_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED);
-        return (NULL);
-    }
-    if (transform)
-        sprintf(translated, "%s.dll", filename);
-    else
-        sprintf(translated, "%s", filename);
-    return (translated);
-}
-
-static const char *openssl_strnchr(const char *string, int c, size_t len)
-{
-    size_t i;
-    const char *p;
-    for (i = 0, p = string; i < len && *p; i++, p++) {
-        if (*p == c)
-            return p;
-    }
-    return NULL;
-}
-
-# include <tlhelp32.h>
-# ifdef _WIN32_WCE
-#  define DLLNAME "TOOLHELP.DLL"
-# else
-#  ifdef MODULEENTRY32
-#   undef MODULEENTRY32         /* unmask the ASCII version! */
-#  endif
-#  define DLLNAME "KERNEL32.DLL"
-# endif
-
-typedef HANDLE(WINAPI *CREATETOOLHELP32SNAPSHOT) (DWORD, DWORD);
-typedef BOOL(WINAPI *CLOSETOOLHELP32SNAPSHOT) (HANDLE);
-typedef BOOL(WINAPI *MODULE32) (HANDLE, MODULEENTRY32 *);
-
-static int win32_pathbyaddr(void *addr, char *path, int sz)
-{
-    HMODULE dll;
-    HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
-    MODULEENTRY32 me32;
-    CREATETOOLHELP32SNAPSHOT create_snap;
-    CLOSETOOLHELP32SNAPSHOT close_snap;
-    MODULE32 module_first, module_next;
-    int len;
-
-    if (addr == NULL) {
-        union {
-            int (*f) (void *, char *, int);
-            void *p;
-        } t = {
-            win32_pathbyaddr
-        };
-        addr = t.p;
-    }
-
-    dll = LoadLibrary(TEXT(DLLNAME));
-    if (dll == NULL) {
-        DSOerr(DSO_F_WIN32_PATHBYADDR, DSO_R_UNSUPPORTED);
-        return -1;
-    }
-
-    create_snap = (CREATETOOLHELP32SNAPSHOT)
-        GetProcAddress(dll, "CreateToolhelp32Snapshot");
-    if (create_snap == NULL) {
-        FreeLibrary(dll);
-        DSOerr(DSO_F_WIN32_PATHBYADDR, DSO_R_UNSUPPORTED);
-        return -1;
-    }
-    /* We take the rest for granted... */
-# ifdef _WIN32_WCE
-    close_snap = (CLOSETOOLHELP32SNAPSHOT)
-        GetProcAddress(dll, "CloseToolhelp32Snapshot");
-# else
-    close_snap = (CLOSETOOLHELP32SNAPSHOT) CloseHandle;
-# endif
-    module_first = (MODULE32) GetProcAddress(dll, "Module32First");
-    module_next = (MODULE32) GetProcAddress(dll, "Module32Next");
-
-    hModuleSnap = (*create_snap) (TH32CS_SNAPMODULE, 0);
-    if (hModuleSnap == INVALID_HANDLE_VALUE) {
-        FreeLibrary(dll);
-        DSOerr(DSO_F_WIN32_PATHBYADDR, DSO_R_UNSUPPORTED);
-        return -1;
-    }
-
-    me32.dwSize = sizeof(me32);
-
-    if (!(*module_first) (hModuleSnap, &me32)) {
-        (*close_snap) (hModuleSnap);
-        FreeLibrary(dll);
-        DSOerr(DSO_F_WIN32_PATHBYADDR, DSO_R_FAILURE);
-        return -1;
-    }
-
-    do {
-        if ((BYTE *) addr >= me32.modBaseAddr &&
-            (BYTE *) addr < me32.modBaseAddr + me32.modBaseSize) {
-            (*close_snap) (hModuleSnap);
-            FreeLibrary(dll);
-# ifdef _WIN32_WCE
-#  if _WIN32_WCE >= 101
-            return WideCharToMultiByte(CP_ACP, 0, me32.szExePath, -1,
-                                       path, sz, NULL, NULL);
-#  else
-            len = (int)wcslen(me32.szExePath);
-            if (sz <= 0)
-                return len + 1;
-            if (len >= sz)
-                len = sz - 1;
-            for (i = 0; i < len; i++)
-                path[i] = (char)me32.szExePath[i];
-            path[len++] = 0;
-            return len;
-#  endif
-# else
-            len = (int)strlen(me32.szExePath);
-            if (sz <= 0)
-                return len + 1;
-            if (len >= sz)
-                len = sz - 1;
-            memcpy(path, me32.szExePath, len);
-            path[len++] = 0;
-            return len;
-# endif
-        }
-    } while ((*module_next) (hModuleSnap, &me32));
-
-    (*close_snap) (hModuleSnap);
-    FreeLibrary(dll);
-    return 0;
-}
-
-static void *win32_globallookup(const char *name)
-{
-    HMODULE dll;
-    HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
-    MODULEENTRY32 me32;
-    CREATETOOLHELP32SNAPSHOT create_snap;
-    CLOSETOOLHELP32SNAPSHOT close_snap;
-    MODULE32 module_first, module_next;
-    FARPROC ret = NULL;
-
-    dll = LoadLibrary(TEXT(DLLNAME));
-    if (dll == NULL) {
-        DSOerr(DSO_F_WIN32_GLOBALLOOKUP, DSO_R_UNSUPPORTED);
-        return NULL;
-    }
-
-    create_snap = (CREATETOOLHELP32SNAPSHOT)
-        GetProcAddress(dll, "CreateToolhelp32Snapshot");
-    if (create_snap == NULL) {
-        FreeLibrary(dll);
-        DSOerr(DSO_F_WIN32_GLOBALLOOKUP, DSO_R_UNSUPPORTED);
-        return NULL;
-    }
-    /* We take the rest for granted... */
-# ifdef _WIN32_WCE
-    close_snap = (CLOSETOOLHELP32SNAPSHOT)
-        GetProcAddress(dll, "CloseToolhelp32Snapshot");
-# else
-    close_snap = (CLOSETOOLHELP32SNAPSHOT) CloseHandle;
-# endif
-    module_first = (MODULE32) GetProcAddress(dll, "Module32First");
-    module_next = (MODULE32) GetProcAddress(dll, "Module32Next");
-
-    hModuleSnap = (*create_snap) (TH32CS_SNAPMODULE, 0);
-    if (hModuleSnap == INVALID_HANDLE_VALUE) {
-        FreeLibrary(dll);
-        DSOerr(DSO_F_WIN32_GLOBALLOOKUP, DSO_R_UNSUPPORTED);
-        return NULL;
-    }
-
-    me32.dwSize = sizeof(me32);
-
-    if (!(*module_first) (hModuleSnap, &me32)) {
-        (*close_snap) (hModuleSnap);
-        FreeLibrary(dll);
-        return NULL;
-    }
-
-    do {
-        if ((ret = GetProcAddress(me32.hModule, name))) {
-            (*close_snap) (hModuleSnap);
-            FreeLibrary(dll);
-            return ret;
-        }
-    } while ((*module_next) (hModuleSnap, &me32));
-
-    (*close_snap) (hModuleSnap);
-    FreeLibrary(dll);
-    return NULL;
-}
-#endif                          /* DSO_WIN32 */

Copied: vendor-crypto/openssl/1.0.1u/crypto/dso/dso_win32.c (from rev 11605, vendor-crypto/openssl/dist/crypto/dso/dso_win32.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/dso/dso_win32.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/dso/dso_win32.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,785 @@
+/* dso_win32.c */
+/*
+ * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+
+#if !defined(DSO_WIN32)
+DSO_METHOD *DSO_METHOD_win32(void)
+{
+    return NULL;
+}
+#else
+
+# ifdef _WIN32_WCE
+#  if _WIN32_WCE < 300
+static FARPROC GetProcAddressA(HMODULE hModule, LPCSTR lpProcName)
+{
+    WCHAR lpProcNameW[64];
+    int i;
+
+    for (i = 0; lpProcName[i] && i < 64; i++)
+        lpProcNameW[i] = (WCHAR)lpProcName[i];
+    if (i == 64)
+        return NULL;
+    lpProcNameW[i] = 0;
+
+    return GetProcAddressW(hModule, lpProcNameW);
+}
+#  endif
+#  undef GetProcAddress
+#  define GetProcAddress GetProcAddressA
+
+static HINSTANCE LoadLibraryA(LPCSTR lpLibFileName)
+{
+    WCHAR *fnamw;
+    size_t len_0 = strlen(lpLibFileName) + 1, i;
+
+#  ifdef _MSC_VER
+    fnamw = (WCHAR *)_alloca(len_0 * sizeof(WCHAR));
+#  else
+    fnamw = (WCHAR *)alloca(len_0 * sizeof(WCHAR));
+#  endif
+    if (fnamw == NULL) {
+        SetLastError(ERROR_NOT_ENOUGH_MEMORY);
+        return NULL;
+    }
+#  if defined(_WIN32_WCE) && _WIN32_WCE>=101
+    if (!MultiByteToWideChar(CP_ACP, 0, lpLibFileName, len_0, fnamw, len_0))
+#  endif
+        for (i = 0; i < len_0; i++)
+            fnamw[i] = (WCHAR)lpLibFileName[i];
+
+    return LoadLibraryW(fnamw);
+}
+# endif
+
+/* Part of the hack in "win32_load" ... */
+# define DSO_MAX_TRANSLATED_SIZE 256
+
+static int win32_load(DSO *dso);
+static int win32_unload(DSO *dso);
+static void *win32_bind_var(DSO *dso, const char *symname);
+static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname);
+# if 0
+static int win32_unbind_var(DSO *dso, char *symname, void *symptr);
+static int win32_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
+static int win32_init(DSO *dso);
+static int win32_finish(DSO *dso);
+static long win32_ctrl(DSO *dso, int cmd, long larg, void *parg);
+# endif
+static char *win32_name_converter(DSO *dso, const char *filename);
+static char *win32_merger(DSO *dso, const char *filespec1,
+                          const char *filespec2);
+static int win32_pathbyaddr(void *addr, char *path, int sz);
+static void *win32_globallookup(const char *name);
+
+static const char *openssl_strnchr(const char *string, int c, size_t len);
+
+static DSO_METHOD dso_meth_win32 = {
+    "OpenSSL 'win32' shared library method",
+    win32_load,
+    win32_unload,
+    win32_bind_var,
+    win32_bind_func,
+/* For now, "unbind" doesn't exist */
+# if 0
+    NULL,                       /* unbind_var */
+    NULL,                       /* unbind_func */
+# endif
+    NULL,                       /* ctrl */
+    win32_name_converter,
+    win32_merger,
+    NULL,                       /* init */
+    NULL,                       /* finish */
+    win32_pathbyaddr,
+    win32_globallookup
+};
+
+DSO_METHOD *DSO_METHOD_win32(void)
+{
+    return (&dso_meth_win32);
+}
+
+/*
+ * For this DSO_METHOD, our meth_data STACK will contain; (i) a pointer to
+ * the handle (HINSTANCE) returned from LoadLibrary(), and copied.
+ */
+
+static int win32_load(DSO *dso)
+{
+    HINSTANCE h = NULL, *p = NULL;
+    /* See applicable comments from dso_dl.c */
+    char *filename = DSO_convert_filename(dso, NULL);
+
+    if (filename == NULL) {
+        DSOerr(DSO_F_WIN32_LOAD, DSO_R_NO_FILENAME);
+        goto err;
+    }
+    h = LoadLibraryA(filename);
+    if (h == NULL) {
+        DSOerr(DSO_F_WIN32_LOAD, DSO_R_LOAD_FAILED);
+        ERR_add_error_data(3, "filename(", filename, ")");
+        goto err;
+    }
+    p = (HINSTANCE *) OPENSSL_malloc(sizeof(HINSTANCE));
+    if (p == NULL) {
+        DSOerr(DSO_F_WIN32_LOAD, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    *p = h;
+    if (!sk_void_push(dso->meth_data, p)) {
+        DSOerr(DSO_F_WIN32_LOAD, DSO_R_STACK_ERROR);
+        goto err;
+    }
+    /* Success */
+    dso->loaded_filename = filename;
+    return (1);
+ err:
+    /* Cleanup ! */
+    if (filename != NULL)
+        OPENSSL_free(filename);
+    if (p != NULL)
+        OPENSSL_free(p);
+    if (h != NULL)
+        FreeLibrary(h);
+    return (0);
+}
+
+static int win32_unload(DSO *dso)
+{
+    HINSTANCE *p;
+    if (dso == NULL) {
+        DSOerr(DSO_F_WIN32_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
+        return (0);
+    }
+    if (sk_void_num(dso->meth_data) < 1)
+        return (1);
+    p = sk_void_pop(dso->meth_data);
+    if (p == NULL) {
+        DSOerr(DSO_F_WIN32_UNLOAD, DSO_R_NULL_HANDLE);
+        return (0);
+    }
+    if (!FreeLibrary(*p)) {
+        DSOerr(DSO_F_WIN32_UNLOAD, DSO_R_UNLOAD_FAILED);
+        /*
+         * We should push the value back onto the stack in case of a retry.
+         */
+        sk_void_push(dso->meth_data, p);
+        return (0);
+    }
+    /* Cleanup */
+    OPENSSL_free(p);
+    return (1);
+}
+
+/*
+ * Using GetProcAddress for variables? TODO: Check this out in the Win32 API
+ * docs, there's probably a variant for variables.
+ */
+static void *win32_bind_var(DSO *dso, const char *symname)
+{
+    HINSTANCE *ptr;
+    void *sym;
+
+    if ((dso == NULL) || (symname == NULL)) {
+        DSOerr(DSO_F_WIN32_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    if (sk_void_num(dso->meth_data) < 1) {
+        DSOerr(DSO_F_WIN32_BIND_VAR, DSO_R_STACK_ERROR);
+        return (NULL);
+    }
+    ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_WIN32_BIND_VAR, DSO_R_NULL_HANDLE);
+        return (NULL);
+    }
+    sym = GetProcAddress(*ptr, symname);
+    if (sym == NULL) {
+        DSOerr(DSO_F_WIN32_BIND_VAR, DSO_R_SYM_FAILURE);
+        ERR_add_error_data(3, "symname(", symname, ")");
+        return (NULL);
+    }
+    return (sym);
+}
+
+static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname)
+{
+    HINSTANCE *ptr;
+    void *sym;
+
+    if ((dso == NULL) || (symname == NULL)) {
+        DSOerr(DSO_F_WIN32_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    if (sk_void_num(dso->meth_data) < 1) {
+        DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_STACK_ERROR);
+        return (NULL);
+    }
+    ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_NULL_HANDLE);
+        return (NULL);
+    }
+    sym = GetProcAddress(*ptr, symname);
+    if (sym == NULL) {
+        DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_SYM_FAILURE);
+        ERR_add_error_data(3, "symname(", symname, ")");
+        return (NULL);
+    }
+    return ((DSO_FUNC_TYPE)sym);
+}
+
+struct file_st {
+    const char *node;
+    int nodelen;
+    const char *device;
+    int devicelen;
+    const char *predir;
+    int predirlen;
+    const char *dir;
+    int dirlen;
+    const char *file;
+    int filelen;
+};
+
+static struct file_st *win32_splitter(DSO *dso, const char *filename,
+                                      int assume_last_is_dir)
+{
+    struct file_st *result = NULL;
+    enum { IN_NODE, IN_DEVICE, IN_FILE } position;
+    const char *start = filename;
+    char last;
+
+    if (!filename) {
+        DSOerr(DSO_F_WIN32_SPLITTER, DSO_R_NO_FILENAME);
+        /*
+         * goto err;
+         */
+        return (NULL);
+    }
+
+    result = OPENSSL_malloc(sizeof(struct file_st));
+    if (result == NULL) {
+        DSOerr(DSO_F_WIN32_SPLITTER, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
+
+    memset(result, 0, sizeof(struct file_st));
+    position = IN_DEVICE;
+
+    if ((filename[0] == '\\' && filename[1] == '\\')
+        || (filename[0] == '/' && filename[1] == '/')) {
+        position = IN_NODE;
+        filename += 2;
+        start = filename;
+        result->node = start;
+    }
+
+    do {
+        last = filename[0];
+        switch (last) {
+        case ':':
+            if (position != IN_DEVICE) {
+                DSOerr(DSO_F_WIN32_SPLITTER, DSO_R_INCORRECT_FILE_SYNTAX);
+                /*
+                 * goto err;
+                 */
+                OPENSSL_free(result);
+                return (NULL);
+            }
+            result->device = start;
+            result->devicelen = (int)(filename - start);
+            position = IN_FILE;
+            start = ++filename;
+            result->dir = start;
+            break;
+        case '\\':
+        case '/':
+            if (position == IN_NODE) {
+                result->nodelen = (int)(filename - start);
+                position = IN_FILE;
+                start = ++filename;
+                result->dir = start;
+            } else if (position == IN_DEVICE) {
+                position = IN_FILE;
+                filename++;
+                result->dir = start;
+                result->dirlen = (int)(filename - start);
+                start = filename;
+            } else {
+                filename++;
+                result->dirlen += (int)(filename - start);
+                start = filename;
+            }
+            break;
+        case '\0':
+            if (position == IN_NODE) {
+                result->nodelen = (int)(filename - start);
+            } else {
+                if (filename - start > 0) {
+                    if (assume_last_is_dir) {
+                        if (position == IN_DEVICE) {
+                            result->dir = start;
+                            result->dirlen = 0;
+                        }
+                        result->dirlen += (int)(filename - start);
+                    } else {
+                        result->file = start;
+                        result->filelen = (int)(filename - start);
+                    }
+                }
+            }
+            break;
+        default:
+            filename++;
+            break;
+        }
+    }
+    while (last);
+
+    if (!result->nodelen)
+        result->node = NULL;
+    if (!result->devicelen)
+        result->device = NULL;
+    if (!result->dirlen)
+        result->dir = NULL;
+    if (!result->filelen)
+        result->file = NULL;
+
+    return (result);
+}
+
+static char *win32_joiner(DSO *dso, const struct file_st *file_split)
+{
+    int len = 0, offset = 0;
+    char *result = NULL;
+    const char *start;
+
+    if (!file_split) {
+        DSOerr(DSO_F_WIN32_JOINER, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    if (file_split->node) {
+        len += 2 + file_split->nodelen; /* 2 for starting \\ */
+        if (file_split->predir || file_split->dir || file_split->file)
+            len++;              /* 1 for ending \ */
+    } else if (file_split->device) {
+        len += file_split->devicelen + 1; /* 1 for ending : */
+    }
+    len += file_split->predirlen;
+    if (file_split->predir && (file_split->dir || file_split->file)) {
+        len++;                  /* 1 for ending \ */
+    }
+    len += file_split->dirlen;
+    if (file_split->dir && file_split->file) {
+        len++;                  /* 1 for ending \ */
+    }
+    len += file_split->filelen;
+
+    if (!len) {
+        DSOerr(DSO_F_WIN32_JOINER, DSO_R_EMPTY_FILE_STRUCTURE);
+        return (NULL);
+    }
+
+    result = OPENSSL_malloc(len + 1);
+    if (!result) {
+        DSOerr(DSO_F_WIN32_JOINER, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
+
+    if (file_split->node) {
+        strcpy(&result[offset], "\\\\");
+        offset += 2;
+        strncpy(&result[offset], file_split->node, file_split->nodelen);
+        offset += file_split->nodelen;
+        if (file_split->predir || file_split->dir || file_split->file) {
+            result[offset] = '\\';
+            offset++;
+        }
+    } else if (file_split->device) {
+        strncpy(&result[offset], file_split->device, file_split->devicelen);
+        offset += file_split->devicelen;
+        result[offset] = ':';
+        offset++;
+    }
+    start = file_split->predir;
+    while (file_split->predirlen > (start - file_split->predir)) {
+        const char *end = openssl_strnchr(start, '/',
+                                          file_split->predirlen - (start -
+                                                                   file_split->predir));
+        if (!end)
+            end = start
+                + file_split->predirlen - (start - file_split->predir);
+        strncpy(&result[offset], start, end - start);
+        offset += (int)(end - start);
+        result[offset] = '\\';
+        offset++;
+        start = end + 1;
+    }
+# if 0                          /* Not needed, since the directory converter
+                                 * above already appeneded a backslash */
+    if (file_split->predir && (file_split->dir || file_split->file)) {
+        result[offset] = '\\';
+        offset++;
+    }
+# endif
+    start = file_split->dir;
+    while (file_split->dirlen > (start - file_split->dir)) {
+        const char *end = openssl_strnchr(start, '/',
+                                          file_split->dirlen - (start -
+                                                                file_split->dir));
+        if (!end)
+            end = start + file_split->dirlen - (start - file_split->dir);
+        strncpy(&result[offset], start, end - start);
+        offset += (int)(end - start);
+        result[offset] = '\\';
+        offset++;
+        start = end + 1;
+    }
+# if 0                          /* Not needed, since the directory converter
+                                 * above already appeneded a backslash */
+    if (file_split->dir && file_split->file) {
+        result[offset] = '\\';
+        offset++;
+    }
+# endif
+    strncpy(&result[offset], file_split->file, file_split->filelen);
+    offset += file_split->filelen;
+    result[offset] = '\0';
+    return (result);
+}
+
+static char *win32_merger(DSO *dso, const char *filespec1,
+                          const char *filespec2)
+{
+    char *merged = NULL;
+    struct file_st *filespec1_split = NULL;
+    struct file_st *filespec2_split = NULL;
+
+    if (!filespec1 && !filespec2) {
+        DSOerr(DSO_F_WIN32_MERGER, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    if (!filespec2) {
+        merged = OPENSSL_malloc(strlen(filespec1) + 1);
+        if (!merged) {
+            DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE);
+            return (NULL);
+        }
+        strcpy(merged, filespec1);
+    } else if (!filespec1) {
+        merged = OPENSSL_malloc(strlen(filespec2) + 1);
+        if (!merged) {
+            DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE);
+            return (NULL);
+        }
+        strcpy(merged, filespec2);
+    } else {
+        filespec1_split = win32_splitter(dso, filespec1, 0);
+        if (!filespec1_split) {
+            DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE);
+            return (NULL);
+        }
+        filespec2_split = win32_splitter(dso, filespec2, 1);
+        if (!filespec2_split) {
+            DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE);
+            OPENSSL_free(filespec1_split);
+            return (NULL);
+        }
+
+        /* Fill in into filespec1_split */
+        if (!filespec1_split->node && !filespec1_split->device) {
+            filespec1_split->node = filespec2_split->node;
+            filespec1_split->nodelen = filespec2_split->nodelen;
+            filespec1_split->device = filespec2_split->device;
+            filespec1_split->devicelen = filespec2_split->devicelen;
+        }
+        if (!filespec1_split->dir) {
+            filespec1_split->dir = filespec2_split->dir;
+            filespec1_split->dirlen = filespec2_split->dirlen;
+        } else if (filespec1_split->dir[0] != '\\'
+                   && filespec1_split->dir[0] != '/') {
+            filespec1_split->predir = filespec2_split->dir;
+            filespec1_split->predirlen = filespec2_split->dirlen;
+        }
+        if (!filespec1_split->file) {
+            filespec1_split->file = filespec2_split->file;
+            filespec1_split->filelen = filespec2_split->filelen;
+        }
+
+        merged = win32_joiner(dso, filespec1_split);
+    }
+    OPENSSL_free(filespec1_split);
+    OPENSSL_free(filespec2_split);
+    return (merged);
+}
+
+static char *win32_name_converter(DSO *dso, const char *filename)
+{
+    char *translated;
+    int len, transform;
+
+    len = strlen(filename);
+    transform = ((strstr(filename, "/") == NULL) &&
+                 (strstr(filename, "\\") == NULL) &&
+                 (strstr(filename, ":") == NULL));
+    if (transform)
+        /* We will convert this to "%s.dll" */
+        translated = OPENSSL_malloc(len + 5);
+    else
+        /* We will simply duplicate filename */
+        translated = OPENSSL_malloc(len + 1);
+    if (translated == NULL) {
+        DSOerr(DSO_F_WIN32_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED);
+        return (NULL);
+    }
+    if (transform)
+        sprintf(translated, "%s.dll", filename);
+    else
+        sprintf(translated, "%s", filename);
+    return (translated);
+}
+
+static const char *openssl_strnchr(const char *string, int c, size_t len)
+{
+    size_t i;
+    const char *p;
+    for (i = 0, p = string; i < len && *p; i++, p++) {
+        if (*p == c)
+            return p;
+    }
+    return NULL;
+}
+
+# include <tlhelp32.h>
+# ifdef _WIN32_WCE
+#  define DLLNAME "TOOLHELP.DLL"
+# else
+#  ifdef MODULEENTRY32
+#   undef MODULEENTRY32         /* unmask the ASCII version! */
+#  endif
+#  define DLLNAME "KERNEL32.DLL"
+# endif
+
+typedef HANDLE(WINAPI *CREATETOOLHELP32SNAPSHOT) (DWORD, DWORD);
+typedef BOOL(WINAPI *CLOSETOOLHELP32SNAPSHOT) (HANDLE);
+typedef BOOL(WINAPI *MODULE32) (HANDLE, MODULEENTRY32 *);
+
+static int win32_pathbyaddr(void *addr, char *path, int sz)
+{
+    HMODULE dll;
+    HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
+    MODULEENTRY32 me32;
+    CREATETOOLHELP32SNAPSHOT create_snap;
+    CLOSETOOLHELP32SNAPSHOT close_snap;
+    MODULE32 module_first, module_next;
+    int len;
+
+    if (addr == NULL) {
+        union {
+            int (*f) (void *, char *, int);
+            void *p;
+        } t = {
+            win32_pathbyaddr
+        };
+        addr = t.p;
+    }
+
+    dll = LoadLibrary(TEXT(DLLNAME));
+    if (dll == NULL) {
+        DSOerr(DSO_F_WIN32_PATHBYADDR, DSO_R_UNSUPPORTED);
+        return -1;
+    }
+
+    create_snap = (CREATETOOLHELP32SNAPSHOT)
+        GetProcAddress(dll, "CreateToolhelp32Snapshot");
+    if (create_snap == NULL) {
+        FreeLibrary(dll);
+        DSOerr(DSO_F_WIN32_PATHBYADDR, DSO_R_UNSUPPORTED);
+        return -1;
+    }
+    /* We take the rest for granted... */
+# ifdef _WIN32_WCE
+    close_snap = (CLOSETOOLHELP32SNAPSHOT)
+        GetProcAddress(dll, "CloseToolhelp32Snapshot");
+# else
+    close_snap = (CLOSETOOLHELP32SNAPSHOT) CloseHandle;
+# endif
+    module_first = (MODULE32) GetProcAddress(dll, "Module32First");
+    module_next = (MODULE32) GetProcAddress(dll, "Module32Next");
+
+    hModuleSnap = (*create_snap) (TH32CS_SNAPMODULE, 0);
+    if (hModuleSnap == INVALID_HANDLE_VALUE) {
+        FreeLibrary(dll);
+        DSOerr(DSO_F_WIN32_PATHBYADDR, DSO_R_UNSUPPORTED);
+        return -1;
+    }
+
+    me32.dwSize = sizeof(me32);
+
+    if (!(*module_first) (hModuleSnap, &me32)) {
+        (*close_snap) (hModuleSnap);
+        FreeLibrary(dll);
+        DSOerr(DSO_F_WIN32_PATHBYADDR, DSO_R_FAILURE);
+        return -1;
+    }
+
+    do {
+        if ((BYTE *) addr >= me32.modBaseAddr &&
+            (BYTE *) addr < me32.modBaseAddr + me32.modBaseSize) {
+            (*close_snap) (hModuleSnap);
+            FreeLibrary(dll);
+# ifdef _WIN32_WCE
+#  if _WIN32_WCE >= 101
+            return WideCharToMultiByte(CP_ACP, 0, me32.szExePath, -1,
+                                       path, sz, NULL, NULL);
+#  else
+            len = (int)wcslen(me32.szExePath);
+            if (sz <= 0)
+                return len + 1;
+            if (len >= sz)
+                len = sz - 1;
+            for (i = 0; i < len; i++)
+                path[i] = (char)me32.szExePath[i];
+            path[len++] = 0;
+            return len;
+#  endif
+# else
+            len = (int)strlen(me32.szExePath);
+            if (sz <= 0)
+                return len + 1;
+            if (len >= sz)
+                len = sz - 1;
+            memcpy(path, me32.szExePath, len);
+            path[len++] = 0;
+            return len;
+# endif
+        }
+    } while ((*module_next) (hModuleSnap, &me32));
+
+    (*close_snap) (hModuleSnap);
+    FreeLibrary(dll);
+    return 0;
+}
+
+static void *win32_globallookup(const char *name)
+{
+    HMODULE dll;
+    HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
+    MODULEENTRY32 me32;
+    CREATETOOLHELP32SNAPSHOT create_snap;
+    CLOSETOOLHELP32SNAPSHOT close_snap;
+    MODULE32 module_first, module_next;
+    FARPROC ret = NULL;
+
+    dll = LoadLibrary(TEXT(DLLNAME));
+    if (dll == NULL) {
+        DSOerr(DSO_F_WIN32_GLOBALLOOKUP, DSO_R_UNSUPPORTED);
+        return NULL;
+    }
+
+    create_snap = (CREATETOOLHELP32SNAPSHOT)
+        GetProcAddress(dll, "CreateToolhelp32Snapshot");
+    if (create_snap == NULL) {
+        FreeLibrary(dll);
+        DSOerr(DSO_F_WIN32_GLOBALLOOKUP, DSO_R_UNSUPPORTED);
+        return NULL;
+    }
+    /* We take the rest for granted... */
+# ifdef _WIN32_WCE
+    close_snap = (CLOSETOOLHELP32SNAPSHOT)
+        GetProcAddress(dll, "CloseToolhelp32Snapshot");
+# else
+    close_snap = (CLOSETOOLHELP32SNAPSHOT) CloseHandle;
+# endif
+    module_first = (MODULE32) GetProcAddress(dll, "Module32First");
+    module_next = (MODULE32) GetProcAddress(dll, "Module32Next");
+
+    hModuleSnap = (*create_snap) (TH32CS_SNAPMODULE, 0);
+    if (hModuleSnap == INVALID_HANDLE_VALUE) {
+        FreeLibrary(dll);
+        DSOerr(DSO_F_WIN32_GLOBALLOOKUP, DSO_R_UNSUPPORTED);
+        return NULL;
+    }
+
+    me32.dwSize = sizeof(me32);
+
+    if (!(*module_first) (hModuleSnap, &me32)) {
+        (*close_snap) (hModuleSnap);
+        FreeLibrary(dll);
+        return NULL;
+    }
+
+    do {
+        if ((ret = GetProcAddress(me32.hModule, name))) {
+            (*close_snap) (hModuleSnap);
+            FreeLibrary(dll);
+            return ret;
+        }
+    } while ((*module_next) (hModuleSnap, &me32));
+
+    (*close_snap) (hModuleSnap);
+    FreeLibrary(dll);
+    return NULL;
+}
+#endif                          /* DSO_WIN32 */

Deleted: vendor-crypto/openssl/1.0.1u/crypto/ec/ectest.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ec/ectest.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/ec/ectest.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,1861 +0,0 @@
-/* crypto/ec/ectest.c */
-/*
- * Originally written by Bodo Moeller for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The elliptic curve binary polynomial software is originally written by
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#ifdef FLAT_INC
-# include "e_os.h"
-#else
-# include "../e_os.h"
-#endif
-#include <string.h>
-#include <time.h>
-
-#ifdef OPENSSL_NO_EC
-int main(int argc, char *argv[])
-{
-    puts("Elliptic curves are disabled.");
-    return 0;
-}
-#else
-
-# include <openssl/ec.h>
-# ifndef OPENSSL_NO_ENGINE
-#  include <openssl/engine.h>
-# endif
-# include <openssl/err.h>
-# include <openssl/obj_mac.h>
-# include <openssl/objects.h>
-# include <openssl/rand.h>
-# include <openssl/bn.h>
-# include <openssl/opensslconf.h>
-
-# if defined(_MSC_VER) && defined(_MIPS_) && (_MSC_VER/100==12)
-/* suppress "too big too optimize" warning */
-#  pragma warning(disable:4959)
-# endif
-
-# define ABORT do { \
-        fflush(stdout); \
-        fprintf(stderr, "%s:%d: ABORT\n", __FILE__, __LINE__); \
-        ERR_print_errors_fp(stderr); \
-        EXIT(1); \
-} while (0)
-
-# define TIMING_BASE_PT 0
-# define TIMING_RAND_PT 1
-# define TIMING_SIMUL 2
-
-# if 0
-static void timings(EC_GROUP *group, int type, BN_CTX *ctx)
-{
-    clock_t clck;
-    int i, j;
-    BIGNUM *s;
-    BIGNUM *r[10], *r0[10];
-    EC_POINT *P;
-
-    s = BN_new();
-    if (s == NULL)
-        ABORT;
-
-    fprintf(stdout, "Timings for %d-bit field, ", EC_GROUP_get_degree(group));
-    if (!EC_GROUP_get_order(group, s, ctx))
-        ABORT;
-    fprintf(stdout, "%d-bit scalars ", (int)BN_num_bits(s));
-    fflush(stdout);
-
-    P = EC_POINT_new(group);
-    if (P == NULL)
-        ABORT;
-    EC_POINT_copy(P, EC_GROUP_get0_generator(group));
-
-    for (i = 0; i < 10; i++) {
-        if ((r[i] = BN_new()) == NULL)
-            ABORT;
-        if (!BN_pseudo_rand(r[i], BN_num_bits(s), 0, 0))
-            ABORT;
-        if (type != TIMING_BASE_PT) {
-            if ((r0[i] = BN_new()) == NULL)
-                ABORT;
-            if (!BN_pseudo_rand(r0[i], BN_num_bits(s), 0, 0))
-                ABORT;
-        }
-    }
-
-    clck = clock();
-    for (i = 0; i < 10; i++) {
-        for (j = 0; j < 10; j++) {
-            if (!EC_POINT_mul
-                (group, P, (type != TIMING_RAND_PT) ? r[i] : NULL,
-                 (type != TIMING_BASE_PT) ? P : NULL,
-                 (type != TIMING_BASE_PT) ? r0[i] : NULL, ctx))
-                ABORT;
-        }
-    }
-    clck = clock() - clck;
-
-    fprintf(stdout, "\n");
-
-#  ifdef CLOCKS_PER_SEC
-    /*
-     * "To determine the time in seconds, the value returned by the clock
-     * function should be divided by the value of the macro CLOCKS_PER_SEC."
-     * -- ISO/IEC 9899
-     */
-#   define UNIT "s"
-#  else
-    /*
-     * "`CLOCKS_PER_SEC' undeclared (first use this function)" -- cc on
-     * NeXTstep/OpenStep
-     */
-#   define UNIT "units"
-#   define CLOCKS_PER_SEC 1
-#  endif
-
-    if (type == TIMING_BASE_PT) {
-        fprintf(stdout, "%i %s in %.2f " UNIT "\n", i * j,
-                "base point multiplications", (double)clck / CLOCKS_PER_SEC);
-    } else if (type == TIMING_RAND_PT) {
-        fprintf(stdout, "%i %s in %.2f " UNIT "\n", i * j,
-                "random point multiplications",
-                (double)clck / CLOCKS_PER_SEC);
-    } else if (type == TIMING_SIMUL) {
-        fprintf(stdout, "%i %s in %.2f " UNIT "\n", i * j,
-                "s*P+t*Q operations", (double)clck / CLOCKS_PER_SEC);
-    }
-    fprintf(stdout, "average: %.4f " UNIT "\n",
-            (double)clck / (CLOCKS_PER_SEC * i * j));
-
-    EC_POINT_free(P);
-    BN_free(s);
-    for (i = 0; i < 10; i++) {
-        BN_free(r[i]);
-        if (type != TIMING_BASE_PT)
-            BN_free(r0[i]);
-    }
-}
-# endif
-
-/* test multiplication with group order, long and negative scalars */
-static void group_order_tests(EC_GROUP *group)
-{
-    BIGNUM *n1, *n2, *order;
-    EC_POINT *P = EC_POINT_new(group);
-    EC_POINT *Q = EC_POINT_new(group);
-    BN_CTX *ctx = BN_CTX_new();
-    int i;
-
-    n1 = BN_new();
-    n2 = BN_new();
-    order = BN_new();
-    fprintf(stdout, "verify group order ...");
-    fflush(stdout);
-    if (!EC_GROUP_get_order(group, order, ctx))
-        ABORT;
-    if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx))
-        ABORT;
-    if (!EC_POINT_is_at_infinity(group, Q))
-        ABORT;
-    fprintf(stdout, ".");
-    fflush(stdout);
-    if (!EC_GROUP_precompute_mult(group, ctx))
-        ABORT;
-    if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx))
-        ABORT;
-    if (!EC_POINT_is_at_infinity(group, Q))
-        ABORT;
-    fprintf(stdout, " ok\n");
-    fprintf(stdout, "long/negative scalar tests ");
-    for (i = 1; i <= 2; i++) {
-        const BIGNUM *scalars[6];
-        const EC_POINT *points[6];
-
-        fprintf(stdout, i == 1 ?
-                "allowing precomputation ... " :
-                "without precomputation ... ");
-        if (!BN_set_word(n1, i))
-            ABORT;
-        /*
-         * If i == 1, P will be the predefined generator for which
-         * EC_GROUP_precompute_mult has set up precomputation.
-         */
-        if (!EC_POINT_mul(group, P, n1, NULL, NULL, ctx))
-            ABORT;
-
-        if (!BN_one(n1))
-            ABORT;
-        /* n1 = 1 - order */
-        if (!BN_sub(n1, n1, order))
-            ABORT;
-        if (!EC_POINT_mul(group, Q, NULL, P, n1, ctx))
-            ABORT;
-        if (0 != EC_POINT_cmp(group, Q, P, ctx))
-            ABORT;
-
-        /* n2 = 1 + order */
-        if (!BN_add(n2, order, BN_value_one()))
-            ABORT;
-        if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx))
-            ABORT;
-        if (0 != EC_POINT_cmp(group, Q, P, ctx))
-            ABORT;
-
-        /* n2 = (1 - order) * (1 + order) = 1 - order^2 */
-        if (!BN_mul(n2, n1, n2, ctx))
-            ABORT;
-        if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx))
-            ABORT;
-        if (0 != EC_POINT_cmp(group, Q, P, ctx))
-            ABORT;
-
-        /* n2 = order^2 - 1 */
-        BN_set_negative(n2, 0);
-        if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx))
-            ABORT;
-        /* Add P to verify the result. */
-        if (!EC_POINT_add(group, Q, Q, P, ctx))
-            ABORT;
-        if (!EC_POINT_is_at_infinity(group, Q))
-            ABORT;
-
-        /* Exercise EC_POINTs_mul, including corner cases. */
-        if (EC_POINT_is_at_infinity(group, P))
-            ABORT;
-        scalars[0] = n1;
-        points[0] = Q;          /* => infinity */
-        scalars[1] = n2;
-        points[1] = P;          /* => -P */
-        scalars[2] = n1;
-        points[2] = Q;          /* => infinity */
-        scalars[3] = n2;
-        points[3] = Q;          /* => infinity */
-        scalars[4] = n1;
-        points[4] = P;          /* => P */
-        scalars[5] = n2;
-        points[5] = Q;          /* => infinity */
-        if (!EC_POINTs_mul(group, P, NULL, 6, points, scalars, ctx))
-            ABORT;
-        if (!EC_POINT_is_at_infinity(group, P))
-            ABORT;
-    }
-    fprintf(stdout, "ok\n");
-
-    EC_POINT_free(P);
-    EC_POINT_free(Q);
-    BN_free(n1);
-    BN_free(n2);
-    BN_free(order);
-    BN_CTX_free(ctx);
-}
-
-static void prime_field_tests(void)
-{
-    BN_CTX *ctx = NULL;
-    BIGNUM *p, *a, *b;
-    EC_GROUP *group;
-    EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 =
-        NULL, *P_384 = NULL, *P_521 = NULL;
-    EC_POINT *P, *Q, *R;
-    BIGNUM *x, *y, *z;
-    unsigned char buf[100];
-    size_t i, len;
-    int k;
-
-# if 1                          /* optional */
-    ctx = BN_CTX_new();
-    if (!ctx)
-        ABORT;
-# endif
-
-    p = BN_new();
-    a = BN_new();
-    b = BN_new();
-    if (!p || !a || !b)
-        ABORT;
-
-    if (!BN_hex2bn(&p, "17"))
-        ABORT;
-    if (!BN_hex2bn(&a, "1"))
-        ABORT;
-    if (!BN_hex2bn(&b, "1"))
-        ABORT;
-
-    group = EC_GROUP_new(EC_GFp_mont_method()); /* applications should use
-                                                 * EC_GROUP_new_curve_GFp so
-                                                 * that the library gets to
-                                                 * choose the EC_METHOD */
-    if (!group)
-        ABORT;
-
-    if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
-        ABORT;
-
-    {
-        EC_GROUP *tmp;
-        tmp = EC_GROUP_new(EC_GROUP_method_of(group));
-        if (!tmp)
-            ABORT;
-        if (!EC_GROUP_copy(tmp, group))
-            ABORT;
-        EC_GROUP_free(group);
-        group = tmp;
-    }
-
-    if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx))
-        ABORT;
-
-    fprintf(stdout,
-            "Curve defined by Weierstrass equation\n     y^2 = x^3 + a*x + b  (mod 0x");
-    BN_print_fp(stdout, p);
-    fprintf(stdout, ")\n     a = 0x");
-    BN_print_fp(stdout, a);
-    fprintf(stdout, "\n     b = 0x");
-    BN_print_fp(stdout, b);
-    fprintf(stdout, "\n");
-
-    P = EC_POINT_new(group);
-    Q = EC_POINT_new(group);
-    R = EC_POINT_new(group);
-    if (!P || !Q || !R)
-        ABORT;
-
-    if (!EC_POINT_set_to_infinity(group, P))
-        ABORT;
-    if (!EC_POINT_is_at_infinity(group, P))
-        ABORT;
-
-    buf[0] = 0;
-    if (!EC_POINT_oct2point(group, Q, buf, 1, ctx))
-        ABORT;
-
-    if (!EC_POINT_add(group, P, P, Q, ctx))
-        ABORT;
-    if (!EC_POINT_is_at_infinity(group, P))
-        ABORT;
-
-    x = BN_new();
-    y = BN_new();
-    z = BN_new();
-    if (!x || !y || !z)
-        ABORT;
-
-    if (!BN_hex2bn(&x, "D"))
-        ABORT;
-    if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx))
-        ABORT;
-    if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) {
-        if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx))
-            ABORT;
-        fprintf(stderr, "Point is not on curve: x = 0x");
-        BN_print_fp(stderr, x);
-        fprintf(stderr, ", y = 0x");
-        BN_print_fp(stderr, y);
-        fprintf(stderr, "\n");
-        ABORT;
-    }
-
-    fprintf(stdout, "A cyclic subgroup:\n");
-    k = 100;
-    do {
-        if (k-- == 0)
-            ABORT;
-
-        if (EC_POINT_is_at_infinity(group, P))
-            fprintf(stdout, "     point at infinity\n");
-        else {
-            if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
-                ABORT;
-
-            fprintf(stdout, "     x = 0x");
-            BN_print_fp(stdout, x);
-            fprintf(stdout, ", y = 0x");
-            BN_print_fp(stdout, y);
-            fprintf(stdout, "\n");
-        }
-
-        if (!EC_POINT_copy(R, P))
-            ABORT;
-        if (!EC_POINT_add(group, P, P, Q, ctx))
-            ABORT;
-
-# if 0                          /* optional */
-        {
-            EC_POINT *points[3];
-
-            points[0] = R;
-            points[1] = Q;
-            points[2] = P;
-            if (!EC_POINTs_make_affine(group, 2, points, ctx))
-                ABORT;
-        }
-# endif
-
-    }
-    while (!EC_POINT_is_at_infinity(group, P));
-
-    if (!EC_POINT_add(group, P, Q, R, ctx))
-        ABORT;
-    if (!EC_POINT_is_at_infinity(group, P))
-        ABORT;
-
-    len =
-        EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf,
-                           sizeof buf, ctx);
-    if (len == 0)
-        ABORT;
-    if (!EC_POINT_oct2point(group, P, buf, len, ctx))
-        ABORT;
-    if (0 != EC_POINT_cmp(group, P, Q, ctx))
-        ABORT;
-    fprintf(stdout, "Generator as octet string, compressed form:\n     ");
-    for (i = 0; i < len; i++)
-        fprintf(stdout, "%02X", buf[i]);
-
-    len =
-        EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf,
-                           sizeof buf, ctx);
-    if (len == 0)
-        ABORT;
-    if (!EC_POINT_oct2point(group, P, buf, len, ctx))
-        ABORT;
-    if (0 != EC_POINT_cmp(group, P, Q, ctx))
-        ABORT;
-    fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n     ");
-    for (i = 0; i < len; i++)
-        fprintf(stdout, "%02X", buf[i]);
-
-    len =
-        EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf,
-                           ctx);
-    if (len == 0)
-        ABORT;
-    if (!EC_POINT_oct2point(group, P, buf, len, ctx))
-        ABORT;
-    if (0 != EC_POINT_cmp(group, P, Q, ctx))
-        ABORT;
-    fprintf(stdout, "\nGenerator as octet string, hybrid form:\n     ");
-    for (i = 0; i < len; i++)
-        fprintf(stdout, "%02X", buf[i]);
-
-    if (!EC_POINT_get_Jprojective_coordinates_GFp(group, R, x, y, z, ctx))
-        ABORT;
-    fprintf(stdout,
-            "\nA representation of the inverse of that generator in\nJacobian projective coordinates:\n     X = 0x");
-    BN_print_fp(stdout, x);
-    fprintf(stdout, ", Y = 0x");
-    BN_print_fp(stdout, y);
-    fprintf(stdout, ", Z = 0x");
-    BN_print_fp(stdout, z);
-    fprintf(stdout, "\n");
-
-    if (!EC_POINT_invert(group, P, ctx))
-        ABORT;
-    if (0 != EC_POINT_cmp(group, P, R, ctx))
-        ABORT;
-
-    /*
-     * Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2,
-     * 2000) -- not a NIST curve, but commonly used
-     */
-
-    if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF"))
-        ABORT;
-    if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
-        ABORT;
-    if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC"))
-        ABORT;
-    if (!BN_hex2bn(&b, "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45"))
-        ABORT;
-    if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
-        ABORT;
-
-    if (!BN_hex2bn(&x, "4A96B5688EF573284664698968C38BB913CBFC82"))
-        ABORT;
-    if (!BN_hex2bn(&y, "23a628553168947d59dcc912042351377ac5fb32"))
-        ABORT;
-    if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx))
-        ABORT;
-    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
-        ABORT;
-    if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257"))
-        ABORT;
-    if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
-        ABORT;
-
-    if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
-        ABORT;
-    fprintf(stdout, "\nSEC2 curve secp160r1 -- Generator:\n     x = 0x");
-    BN_print_fp(stdout, x);
-    fprintf(stdout, "\n     y = 0x");
-    BN_print_fp(stdout, y);
-    fprintf(stdout, "\n");
-    /* G_y value taken from the standard: */
-    if (!BN_hex2bn(&z, "23a628553168947d59dcc912042351377ac5fb32"))
-        ABORT;
-    if (0 != BN_cmp(y, z))
-        ABORT;
-
-    fprintf(stdout, "verify degree ...");
-    if (EC_GROUP_get_degree(group) != 160)
-        ABORT;
-    fprintf(stdout, " ok\n");
-
-    group_order_tests(group);
-
-    if (!(P_160 = EC_GROUP_new(EC_GROUP_method_of(group))))
-        ABORT;
-    if (!EC_GROUP_copy(P_160, group))
-        ABORT;
-
-    /* Curve P-192 (FIPS PUB 186-2, App. 6) */
-
-    if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF"))
-        ABORT;
-    if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
-        ABORT;
-    if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC"))
-        ABORT;
-    if (!BN_hex2bn(&b, "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1"))
-        ABORT;
-    if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
-        ABORT;
-
-    if (!BN_hex2bn(&x, "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012"))
-        ABORT;
-    if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
-        ABORT;
-    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
-        ABORT;
-    if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831"))
-        ABORT;
-    if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
-        ABORT;
-
-    if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
-        ABORT;
-    fprintf(stdout, "\nNIST curve P-192 -- Generator:\n     x = 0x");
-    BN_print_fp(stdout, x);
-    fprintf(stdout, "\n     y = 0x");
-    BN_print_fp(stdout, y);
-    fprintf(stdout, "\n");
-    /* G_y value taken from the standard: */
-    if (!BN_hex2bn(&z, "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811"))
-        ABORT;
-    if (0 != BN_cmp(y, z))
-        ABORT;
-
-    fprintf(stdout, "verify degree ...");
-    if (EC_GROUP_get_degree(group) != 192)
-        ABORT;
-    fprintf(stdout, " ok\n");
-
-    group_order_tests(group);
-
-    if (!(P_192 = EC_GROUP_new(EC_GROUP_method_of(group))))
-        ABORT;
-    if (!EC_GROUP_copy(P_192, group))
-        ABORT;
-
-    /* Curve P-224 (FIPS PUB 186-2, App. 6) */
-
-    if (!BN_hex2bn
-        (&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001"))
-        ABORT;
-    if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
-        ABORT;
-    if (!BN_hex2bn
-        (&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE"))
-        ABORT;
-    if (!BN_hex2bn
-        (&b, "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4"))
-        ABORT;
-    if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
-        ABORT;
-
-    if (!BN_hex2bn
-        (&x, "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21"))
-        ABORT;
-    if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx))
-        ABORT;
-    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
-        ABORT;
-    if (!BN_hex2bn
-        (&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D"))
-        ABORT;
-    if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
-        ABORT;
-
-    if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
-        ABORT;
-    fprintf(stdout, "\nNIST curve P-224 -- Generator:\n     x = 0x");
-    BN_print_fp(stdout, x);
-    fprintf(stdout, "\n     y = 0x");
-    BN_print_fp(stdout, y);
-    fprintf(stdout, "\n");
-    /* G_y value taken from the standard: */
-    if (!BN_hex2bn
-        (&z, "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34"))
-        ABORT;
-    if (0 != BN_cmp(y, z))
-        ABORT;
-
-    fprintf(stdout, "verify degree ...");
-    if (EC_GROUP_get_degree(group) != 224)
-        ABORT;
-    fprintf(stdout, " ok\n");
-
-    group_order_tests(group);
-
-    if (!(P_224 = EC_GROUP_new(EC_GROUP_method_of(group))))
-        ABORT;
-    if (!EC_GROUP_copy(P_224, group))
-        ABORT;
-
-    /* Curve P-256 (FIPS PUB 186-2, App. 6) */
-
-    if (!BN_hex2bn
-        (&p,
-         "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF"))
-        ABORT;
-    if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
-        ABORT;
-    if (!BN_hex2bn
-        (&a,
-         "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC"))
-        ABORT;
-    if (!BN_hex2bn
-        (&b,
-         "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B"))
-        ABORT;
-    if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
-        ABORT;
-
-    if (!BN_hex2bn
-        (&x,
-         "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"))
-        ABORT;
-    if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
-        ABORT;
-    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
-        ABORT;
-    if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E"
-                   "84F3B9CAC2FC632551"))
-        ABORT;
-    if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
-        ABORT;
-
-    if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
-        ABORT;
-    fprintf(stdout, "\nNIST curve P-256 -- Generator:\n     x = 0x");
-    BN_print_fp(stdout, x);
-    fprintf(stdout, "\n     y = 0x");
-    BN_print_fp(stdout, y);
-    fprintf(stdout, "\n");
-    /* G_y value taken from the standard: */
-    if (!BN_hex2bn
-        (&z,
-         "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5"))
-        ABORT;
-    if (0 != BN_cmp(y, z))
-        ABORT;
-
-    fprintf(stdout, "verify degree ...");
-    if (EC_GROUP_get_degree(group) != 256)
-        ABORT;
-    fprintf(stdout, " ok\n");
-
-    group_order_tests(group);
-
-    if (!(P_256 = EC_GROUP_new(EC_GROUP_method_of(group))))
-        ABORT;
-    if (!EC_GROUP_copy(P_256, group))
-        ABORT;
-
-    /* Curve P-384 (FIPS PUB 186-2, App. 6) */
-
-    if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
-                   "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF"))
-        ABORT;
-    if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
-        ABORT;
-    if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
-                   "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC"))
-        ABORT;
-    if (!BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141"
-                   "120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF"))
-        ABORT;
-    if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
-        ABORT;
-
-    if (!BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B"
-                   "9859F741E082542A385502F25DBF55296C3A545E3872760AB7"))
-        ABORT;
-    if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
-        ABORT;
-    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
-        ABORT;
-    if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
-                   "FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973"))
-        ABORT;
-    if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
-        ABORT;
-
-    if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
-        ABORT;
-    fprintf(stdout, "\nNIST curve P-384 -- Generator:\n     x = 0x");
-    BN_print_fp(stdout, x);
-    fprintf(stdout, "\n     y = 0x");
-    BN_print_fp(stdout, y);
-    fprintf(stdout, "\n");
-    /* G_y value taken from the standard: */
-    if (!BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A14"
-                   "7CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F"))
-        ABORT;
-    if (0 != BN_cmp(y, z))
-        ABORT;
-
-    fprintf(stdout, "verify degree ...");
-    if (EC_GROUP_get_degree(group) != 384)
-        ABORT;
-    fprintf(stdout, " ok\n");
-
-    group_order_tests(group);
-
-    if (!(P_384 = EC_GROUP_new(EC_GROUP_method_of(group))))
-        ABORT;
-    if (!EC_GROUP_copy(P_384, group))
-        ABORT;
-
-    /* Curve P-521 (FIPS PUB 186-2, App. 6) */
-
-    if (!BN_hex2bn(&p, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
-                   "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
-                   "FFFFFFFFFFFFFFFFFFFFFFFFFFFF"))
-        ABORT;
-    if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
-        ABORT;
-    if (!BN_hex2bn(&a, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
-                   "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
-                   "FFFFFFFFFFFFFFFFFFFFFFFFFFFC"))
-        ABORT;
-    if (!BN_hex2bn(&b, "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B"
-                   "315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573"
-                   "DF883D2C34F1EF451FD46B503F00"))
-        ABORT;
-    if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
-        ABORT;
-
-    if (!BN_hex2bn(&x, "C6858E06B70404E9CD9E3ECB662395B4429C648139053F"
-                   "B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B"
-                   "3C1856A429BF97E7E31C2E5BD66"))
-        ABORT;
-    if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx))
-        ABORT;
-    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
-        ABORT;
-    if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
-                   "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5"
-                   "C9B8899C47AEBB6FB71E91386409"))
-        ABORT;
-    if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
-        ABORT;
-
-    if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
-        ABORT;
-    fprintf(stdout, "\nNIST curve P-521 -- Generator:\n     x = 0x");
-    BN_print_fp(stdout, x);
-    fprintf(stdout, "\n     y = 0x");
-    BN_print_fp(stdout, y);
-    fprintf(stdout, "\n");
-    /* G_y value taken from the standard: */
-    if (!BN_hex2bn(&z, "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579"
-                   "B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C"
-                   "7086A272C24088BE94769FD16650"))
-        ABORT;
-    if (0 != BN_cmp(y, z))
-        ABORT;
-
-    fprintf(stdout, "verify degree ...");
-    if (EC_GROUP_get_degree(group) != 521)
-        ABORT;
-    fprintf(stdout, " ok\n");
-
-    group_order_tests(group);
-
-    if (!(P_521 = EC_GROUP_new(EC_GROUP_method_of(group))))
-        ABORT;
-    if (!EC_GROUP_copy(P_521, group))
-        ABORT;
-
-    /* more tests using the last curve */
-
-    if (!EC_POINT_copy(Q, P))
-        ABORT;
-    if (EC_POINT_is_at_infinity(group, Q))
-        ABORT;
-    if (!EC_POINT_dbl(group, P, P, ctx))
-        ABORT;
-    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
-        ABORT;
-    if (!EC_POINT_invert(group, Q, ctx))
-        ABORT;                  /* P = -2Q */
-
-    if (!EC_POINT_add(group, R, P, Q, ctx))
-        ABORT;
-    if (!EC_POINT_add(group, R, R, Q, ctx))
-        ABORT;
-    if (!EC_POINT_is_at_infinity(group, R))
-        ABORT;                  /* R = P + 2Q */
-
-    {
-        const EC_POINT *points[4];
-        const BIGNUM *scalars[4];
-        BIGNUM scalar3;
-
-        if (EC_POINT_is_at_infinity(group, Q))
-            ABORT;
-        points[0] = Q;
-        points[1] = Q;
-        points[2] = Q;
-        points[3] = Q;
-
-        if (!EC_GROUP_get_order(group, z, ctx))
-            ABORT;
-        if (!BN_add(y, z, BN_value_one()))
-            ABORT;
-        if (BN_is_odd(y))
-            ABORT;
-        if (!BN_rshift1(y, y))
-            ABORT;
-        scalars[0] = y;         /* (group order + 1)/2, so y*Q + y*Q = Q */
-        scalars[1] = y;
-
-        fprintf(stdout, "combined multiplication ...");
-        fflush(stdout);
-
-        /* z is still the group order */
-        if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
-            ABORT;
-        if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx))
-            ABORT;
-        if (0 != EC_POINT_cmp(group, P, R, ctx))
-            ABORT;
-        if (0 != EC_POINT_cmp(group, R, Q, ctx))
-            ABORT;
-
-        fprintf(stdout, ".");
-        fflush(stdout);
-
-        if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0))
-            ABORT;
-        if (!BN_add(z, z, y))
-            ABORT;
-        BN_set_negative(z, 1);
-        scalars[0] = y;
-        scalars[1] = z;         /* z = -(order + y) */
-
-        if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
-            ABORT;
-        if (!EC_POINT_is_at_infinity(group, P))
-            ABORT;
-
-        fprintf(stdout, ".");
-        fflush(stdout);
-
-        if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0))
-            ABORT;
-        if (!BN_add(z, x, y))
-            ABORT;
-        BN_set_negative(z, 1);
-        scalars[0] = x;
-        scalars[1] = y;
-        scalars[2] = z;         /* z = -(x+y) */
-
-        BN_init(&scalar3);
-        BN_zero(&scalar3);
-        scalars[3] = &scalar3;
-
-        if (!EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx))
-            ABORT;
-        if (!EC_POINT_is_at_infinity(group, P))
-            ABORT;
-
-        fprintf(stdout, " ok\n\n");
-
-        BN_free(&scalar3);
-    }
-
-# if 0
-    timings(P_160, TIMING_BASE_PT, ctx);
-    timings(P_160, TIMING_RAND_PT, ctx);
-    timings(P_160, TIMING_SIMUL, ctx);
-    timings(P_192, TIMING_BASE_PT, ctx);
-    timings(P_192, TIMING_RAND_PT, ctx);
-    timings(P_192, TIMING_SIMUL, ctx);
-    timings(P_224, TIMING_BASE_PT, ctx);
-    timings(P_224, TIMING_RAND_PT, ctx);
-    timings(P_224, TIMING_SIMUL, ctx);
-    timings(P_256, TIMING_BASE_PT, ctx);
-    timings(P_256, TIMING_RAND_PT, ctx);
-    timings(P_256, TIMING_SIMUL, ctx);
-    timings(P_384, TIMING_BASE_PT, ctx);
-    timings(P_384, TIMING_RAND_PT, ctx);
-    timings(P_384, TIMING_SIMUL, ctx);
-    timings(P_521, TIMING_BASE_PT, ctx);
-    timings(P_521, TIMING_RAND_PT, ctx);
-    timings(P_521, TIMING_SIMUL, ctx);
-# endif
-
-    if (ctx)
-        BN_CTX_free(ctx);
-    BN_free(p);
-    BN_free(a);
-    BN_free(b);
-    EC_GROUP_free(group);
-    EC_POINT_free(P);
-    EC_POINT_free(Q);
-    EC_POINT_free(R);
-    BN_free(x);
-    BN_free(y);
-    BN_free(z);
-
-    if (P_160)
-        EC_GROUP_free(P_160);
-    if (P_192)
-        EC_GROUP_free(P_192);
-    if (P_224)
-        EC_GROUP_free(P_224);
-    if (P_256)
-        EC_GROUP_free(P_256);
-    if (P_384)
-        EC_GROUP_free(P_384);
-    if (P_521)
-        EC_GROUP_free(P_521);
-
-}
-
-/* Change test based on whether binary point compression is enabled or not. */
-# ifdef OPENSSL_EC_BIN_PT_COMP
-#  define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
-        if (!BN_hex2bn(&x, _x)) ABORT; \
-        if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \
-        if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \
-        if (!BN_hex2bn(&z, _order)) ABORT; \
-        if (!BN_hex2bn(&cof, _cof)) ABORT; \
-        if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
-        if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
-        fprintf(stdout, "\n%s -- Generator:\n     x = 0x", _name); \
-        BN_print_fp(stdout, x); \
-        fprintf(stdout, "\n     y = 0x"); \
-        BN_print_fp(stdout, y); \
-        fprintf(stdout, "\n"); \
-        /* G_y value taken from the standard: */ \
-        if (!BN_hex2bn(&z, _y)) ABORT; \
-        if (0 != BN_cmp(y, z)) ABORT;
-# else
-#  define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
-        if (!BN_hex2bn(&x, _x)) ABORT; \
-        if (!BN_hex2bn(&y, _y)) ABORT; \
-        if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
-        if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \
-        if (!BN_hex2bn(&z, _order)) ABORT; \
-        if (!BN_hex2bn(&cof, _cof)) ABORT; \
-        if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
-        fprintf(stdout, "\n%s -- Generator:\n     x = 0x", _name); \
-        BN_print_fp(stdout, x); \
-        fprintf(stdout, "\n     y = 0x"); \
-        BN_print_fp(stdout, y); \
-        fprintf(stdout, "\n");
-# endif
-
-# define CHAR2_CURVE_TEST(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
-        if (!BN_hex2bn(&p, _p)) ABORT; \
-        if (!BN_hex2bn(&a, _a)) ABORT; \
-        if (!BN_hex2bn(&b, _b)) ABORT; \
-        if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx)) ABORT; \
-        CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
-        fprintf(stdout, "verify degree ..."); \
-        if (EC_GROUP_get_degree(group) != _degree) ABORT; \
-        fprintf(stdout, " ok\n"); \
-        group_order_tests(group); \
-        if (!(_variable = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; \
-        if (!EC_GROUP_copy(_variable, group)) ABORT; \
-
-# ifndef OPENSSL_NO_EC2M
-
-static void char2_field_tests(void)
-{
-    BN_CTX *ctx = NULL;
-    BIGNUM *p, *a, *b;
-    EC_GROUP *group;
-    EC_GROUP *C2_K163 = NULL, *C2_K233 = NULL, *C2_K283 = NULL, *C2_K409 =
-        NULL, *C2_K571 = NULL;
-    EC_GROUP *C2_B163 = NULL, *C2_B233 = NULL, *C2_B283 = NULL, *C2_B409 =
-        NULL, *C2_B571 = NULL;
-    EC_POINT *P, *Q, *R;
-    BIGNUM *x, *y, *z, *cof;
-    unsigned char buf[100];
-    size_t i, len;
-    int k;
-
-#  if 1                         /* optional */
-    ctx = BN_CTX_new();
-    if (!ctx)
-        ABORT;
-#  endif
-
-    p = BN_new();
-    a = BN_new();
-    b = BN_new();
-    if (!p || !a || !b)
-        ABORT;
-
-    if (!BN_hex2bn(&p, "13"))
-        ABORT;
-    if (!BN_hex2bn(&a, "3"))
-        ABORT;
-    if (!BN_hex2bn(&b, "1"))
-        ABORT;
-
-    group = EC_GROUP_new(EC_GF2m_simple_method()); /* applications should use
-                                                    * EC_GROUP_new_curve_GF2m
-                                                    * so that the library gets
-                                                    * to choose the EC_METHOD */
-    if (!group)
-        ABORT;
-    if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx))
-        ABORT;
-
-    {
-        EC_GROUP *tmp;
-        tmp = EC_GROUP_new(EC_GROUP_method_of(group));
-        if (!tmp)
-            ABORT;
-        if (!EC_GROUP_copy(tmp, group))
-            ABORT;
-        EC_GROUP_free(group);
-        group = tmp;
-    }
-
-    if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx))
-        ABORT;
-
-    fprintf(stdout,
-            "Curve defined by Weierstrass equation\n     y^2 + x*y = x^3 + a*x^2 + b  (mod 0x");
-    BN_print_fp(stdout, p);
-    fprintf(stdout, ")\n     a = 0x");
-    BN_print_fp(stdout, a);
-    fprintf(stdout, "\n     b = 0x");
-    BN_print_fp(stdout, b);
-    fprintf(stdout, "\n(0x... means binary polynomial)\n");
-
-    P = EC_POINT_new(group);
-    Q = EC_POINT_new(group);
-    R = EC_POINT_new(group);
-    if (!P || !Q || !R)
-        ABORT;
-
-    if (!EC_POINT_set_to_infinity(group, P))
-        ABORT;
-    if (!EC_POINT_is_at_infinity(group, P))
-        ABORT;
-
-    buf[0] = 0;
-    if (!EC_POINT_oct2point(group, Q, buf, 1, ctx))
-        ABORT;
-
-    if (!EC_POINT_add(group, P, P, Q, ctx))
-        ABORT;
-    if (!EC_POINT_is_at_infinity(group, P))
-        ABORT;
-
-    x = BN_new();
-    y = BN_new();
-    z = BN_new();
-    cof = BN_new();
-    if (!x || !y || !z || !cof)
-        ABORT;
-
-    if (!BN_hex2bn(&x, "6"))
-        ABORT;
-/* Change test based on whether binary point compression is enabled or not. */
-#  ifdef OPENSSL_EC_BIN_PT_COMP
-    if (!EC_POINT_set_compressed_coordinates_GF2m(group, Q, x, 1, ctx))
-        ABORT;
-#  else
-    if (!BN_hex2bn(&y, "8"))
-        ABORT;
-    if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx))
-        ABORT;
-#  endif
-    if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) {
-/* Change test based on whether binary point compression is enabled or not. */
-#  ifdef OPENSSL_EC_BIN_PT_COMP
-        if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx))
-            ABORT;
-#  endif
-        fprintf(stderr, "Point is not on curve: x = 0x");
-        BN_print_fp(stderr, x);
-        fprintf(stderr, ", y = 0x");
-        BN_print_fp(stderr, y);
-        fprintf(stderr, "\n");
-        ABORT;
-    }
-
-    fprintf(stdout, "A cyclic subgroup:\n");
-    k = 100;
-    do {
-        if (k-- == 0)
-            ABORT;
-
-        if (EC_POINT_is_at_infinity(group, P))
-            fprintf(stdout, "     point at infinity\n");
-        else {
-            if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx))
-                ABORT;
-
-            fprintf(stdout, "     x = 0x");
-            BN_print_fp(stdout, x);
-            fprintf(stdout, ", y = 0x");
-            BN_print_fp(stdout, y);
-            fprintf(stdout, "\n");
-        }
-
-        if (!EC_POINT_copy(R, P))
-            ABORT;
-        if (!EC_POINT_add(group, P, P, Q, ctx))
-            ABORT;
-    }
-    while (!EC_POINT_is_at_infinity(group, P));
-
-    if (!EC_POINT_add(group, P, Q, R, ctx))
-        ABORT;
-    if (!EC_POINT_is_at_infinity(group, P))
-        ABORT;
-
-/* Change test based on whether binary point compression is enabled or not. */
-#  ifdef OPENSSL_EC_BIN_PT_COMP
-    len =
-        EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf,
-                           sizeof buf, ctx);
-    if (len == 0)
-        ABORT;
-    if (!EC_POINT_oct2point(group, P, buf, len, ctx))
-        ABORT;
-    if (0 != EC_POINT_cmp(group, P, Q, ctx))
-        ABORT;
-    fprintf(stdout, "Generator as octet string, compressed form:\n     ");
-    for (i = 0; i < len; i++)
-        fprintf(stdout, "%02X", buf[i]);
-#  endif
-
-    len =
-        EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf,
-                           sizeof buf, ctx);
-    if (len == 0)
-        ABORT;
-    if (!EC_POINT_oct2point(group, P, buf, len, ctx))
-        ABORT;
-    if (0 != EC_POINT_cmp(group, P, Q, ctx))
-        ABORT;
-    fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n     ");
-    for (i = 0; i < len; i++)
-        fprintf(stdout, "%02X", buf[i]);
-
-/* Change test based on whether binary point compression is enabled or not. */
-#  ifdef OPENSSL_EC_BIN_PT_COMP
-    len =
-        EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf,
-                           ctx);
-    if (len == 0)
-        ABORT;
-    if (!EC_POINT_oct2point(group, P, buf, len, ctx))
-        ABORT;
-    if (0 != EC_POINT_cmp(group, P, Q, ctx))
-        ABORT;
-    fprintf(stdout, "\nGenerator as octet string, hybrid form:\n     ");
-    for (i = 0; i < len; i++)
-        fprintf(stdout, "%02X", buf[i]);
-#  endif
-
-    fprintf(stdout, "\n");
-
-    if (!EC_POINT_invert(group, P, ctx))
-        ABORT;
-    if (0 != EC_POINT_cmp(group, P, R, ctx))
-        ABORT;
-
-    /* Curve K-163 (FIPS PUB 186-2, App. 6) */
-    CHAR2_CURVE_TEST
-        ("NIST curve K-163",
-         "0800000000000000000000000000000000000000C9",
-         "1",
-         "1",
-         "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8",
-         "0289070FB05D38FF58321F2E800536D538CCDAA3D9",
-         1, "04000000000000000000020108A2E0CC0D99F8A5EF", "2", 163, C2_K163);
-
-    /* Curve B-163 (FIPS PUB 186-2, App. 6) */
-    CHAR2_CURVE_TEST
-        ("NIST curve B-163",
-         "0800000000000000000000000000000000000000C9",
-         "1",
-         "020A601907B8C953CA1481EB10512F78744A3205FD",
-         "03F0EBA16286A2D57EA0991168D4994637E8343E36",
-         "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1",
-         1, "040000000000000000000292FE77E70C12A4234C33", "2", 163, C2_B163);
-
-    /* Curve K-233 (FIPS PUB 186-2, App. 6) */
-    CHAR2_CURVE_TEST
-        ("NIST curve K-233",
-         "020000000000000000000000000000000000000004000000000000000001",
-         "0",
-         "1",
-         "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126",
-         "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3",
-         0,
-         "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF",
-         "4", 233, C2_K233);
-
-    /* Curve B-233 (FIPS PUB 186-2, App. 6) */
-    CHAR2_CURVE_TEST
-        ("NIST curve B-233",
-         "020000000000000000000000000000000000000004000000000000000001",
-         "000000000000000000000000000000000000000000000000000000000001",
-         "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD",
-         "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B",
-         "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052",
-         1,
-         "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7",
-         "2", 233, C2_B233);
-
-    /* Curve K-283 (FIPS PUB 186-2, App. 6) */
-    CHAR2_CURVE_TEST
-        ("NIST curve K-283",
-         "0800000000000000000000000000000000000000000000000000000000000000000010A1",
-         "0",
-         "1",
-         "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836",
-         "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259",
-         0,
-         "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61",
-         "4", 283, C2_K283);
-
-    /* Curve B-283 (FIPS PUB 186-2, App. 6) */
-    CHAR2_CURVE_TEST
-        ("NIST curve B-283",
-         "0800000000000000000000000000000000000000000000000000000000000000000010A1",
-         "000000000000000000000000000000000000000000000000000000000000000000000001",
-         "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5",
-         "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053",
-         "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4",
-         1,
-         "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307",
-         "2", 283, C2_B283);
-
-    /* Curve K-409 (FIPS PUB 186-2, App. 6) */
-    CHAR2_CURVE_TEST
-        ("NIST curve K-409",
-         "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
-         "0",
-         "1",
-         "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746",
-         "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B",
-         1,
-         "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF",
-         "4", 409, C2_K409);
-
-    /* Curve B-409 (FIPS PUB 186-2, App. 6) */
-    CHAR2_CURVE_TEST
-        ("NIST curve B-409",
-         "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
-         "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
-         "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F",
-         "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7",
-         "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706",
-         1,
-         "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173",
-         "2", 409, C2_B409);
-
-    /* Curve K-571 (FIPS PUB 186-2, App. 6) */
-    CHAR2_CURVE_TEST
-        ("NIST curve K-571",
-         "80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
-         "0",
-         "1",
-         "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972",
-         "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3",
-         0,
-         "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001",
-         "4", 571, C2_K571);
-
-    /* Curve B-571 (FIPS PUB 186-2, App. 6) */
-    CHAR2_CURVE_TEST
-        ("NIST curve B-571",
-         "80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
-         "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
-         "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A",
-         "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19",
-         "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B",
-         1,
-         "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47",
-         "2", 571, C2_B571);
-
-    /* more tests using the last curve */
-
-    if (!EC_POINT_copy(Q, P))
-        ABORT;
-    if (EC_POINT_is_at_infinity(group, Q))
-        ABORT;
-    if (!EC_POINT_dbl(group, P, P, ctx))
-        ABORT;
-    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
-        ABORT;
-    if (!EC_POINT_invert(group, Q, ctx))
-        ABORT;                  /* P = -2Q */
-
-    if (!EC_POINT_add(group, R, P, Q, ctx))
-        ABORT;
-    if (!EC_POINT_add(group, R, R, Q, ctx))
-        ABORT;
-    if (!EC_POINT_is_at_infinity(group, R))
-        ABORT;                  /* R = P + 2Q */
-
-    {
-        const EC_POINT *points[3];
-        const BIGNUM *scalars[3];
-
-        if (EC_POINT_is_at_infinity(group, Q))
-            ABORT;
-        points[0] = Q;
-        points[1] = Q;
-        points[2] = Q;
-
-        if (!BN_add(y, z, BN_value_one()))
-            ABORT;
-        if (BN_is_odd(y))
-            ABORT;
-        if (!BN_rshift1(y, y))
-            ABORT;
-        scalars[0] = y;         /* (group order + 1)/2, so y*Q + y*Q = Q */
-        scalars[1] = y;
-
-        fprintf(stdout, "combined multiplication ...");
-        fflush(stdout);
-
-        /* z is still the group order */
-        if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
-            ABORT;
-        if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx))
-            ABORT;
-        if (0 != EC_POINT_cmp(group, P, R, ctx))
-            ABORT;
-        if (0 != EC_POINT_cmp(group, R, Q, ctx))
-            ABORT;
-
-        fprintf(stdout, ".");
-        fflush(stdout);
-
-        if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0))
-            ABORT;
-        if (!BN_add(z, z, y))
-            ABORT;
-        BN_set_negative(z, 1);
-        scalars[0] = y;
-        scalars[1] = z;         /* z = -(order + y) */
-
-        if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
-            ABORT;
-        if (!EC_POINT_is_at_infinity(group, P))
-            ABORT;
-
-        fprintf(stdout, ".");
-        fflush(stdout);
-
-        if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0))
-            ABORT;
-        if (!BN_add(z, x, y))
-            ABORT;
-        BN_set_negative(z, 1);
-        scalars[0] = x;
-        scalars[1] = y;
-        scalars[2] = z;         /* z = -(x+y) */
-
-        if (!EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx))
-            ABORT;
-        if (!EC_POINT_is_at_infinity(group, P))
-            ABORT;
-
-        fprintf(stdout, " ok\n\n");
-    }
-
-#  if 0
-    timings(C2_K163, TIMING_BASE_PT, ctx);
-    timings(C2_K163, TIMING_RAND_PT, ctx);
-    timings(C2_K163, TIMING_SIMUL, ctx);
-    timings(C2_B163, TIMING_BASE_PT, ctx);
-    timings(C2_B163, TIMING_RAND_PT, ctx);
-    timings(C2_B163, TIMING_SIMUL, ctx);
-    timings(C2_K233, TIMING_BASE_PT, ctx);
-    timings(C2_K233, TIMING_RAND_PT, ctx);
-    timings(C2_K233, TIMING_SIMUL, ctx);
-    timings(C2_B233, TIMING_BASE_PT, ctx);
-    timings(C2_B233, TIMING_RAND_PT, ctx);
-    timings(C2_B233, TIMING_SIMUL, ctx);
-    timings(C2_K283, TIMING_BASE_PT, ctx);
-    timings(C2_K283, TIMING_RAND_PT, ctx);
-    timings(C2_K283, TIMING_SIMUL, ctx);
-    timings(C2_B283, TIMING_BASE_PT, ctx);
-    timings(C2_B283, TIMING_RAND_PT, ctx);
-    timings(C2_B283, TIMING_SIMUL, ctx);
-    timings(C2_K409, TIMING_BASE_PT, ctx);
-    timings(C2_K409, TIMING_RAND_PT, ctx);
-    timings(C2_K409, TIMING_SIMUL, ctx);
-    timings(C2_B409, TIMING_BASE_PT, ctx);
-    timings(C2_B409, TIMING_RAND_PT, ctx);
-    timings(C2_B409, TIMING_SIMUL, ctx);
-    timings(C2_K571, TIMING_BASE_PT, ctx);
-    timings(C2_K571, TIMING_RAND_PT, ctx);
-    timings(C2_K571, TIMING_SIMUL, ctx);
-    timings(C2_B571, TIMING_BASE_PT, ctx);
-    timings(C2_B571, TIMING_RAND_PT, ctx);
-    timings(C2_B571, TIMING_SIMUL, ctx);
-#  endif
-
-    if (ctx)
-        BN_CTX_free(ctx);
-    BN_free(p);
-    BN_free(a);
-    BN_free(b);
-    EC_GROUP_free(group);
-    EC_POINT_free(P);
-    EC_POINT_free(Q);
-    EC_POINT_free(R);
-    BN_free(x);
-    BN_free(y);
-    BN_free(z);
-    BN_free(cof);
-
-    if (C2_K163)
-        EC_GROUP_free(C2_K163);
-    if (C2_B163)
-        EC_GROUP_free(C2_B163);
-    if (C2_K233)
-        EC_GROUP_free(C2_K233);
-    if (C2_B233)
-        EC_GROUP_free(C2_B233);
-    if (C2_K283)
-        EC_GROUP_free(C2_K283);
-    if (C2_B283)
-        EC_GROUP_free(C2_B283);
-    if (C2_K409)
-        EC_GROUP_free(C2_K409);
-    if (C2_B409)
-        EC_GROUP_free(C2_B409);
-    if (C2_K571)
-        EC_GROUP_free(C2_K571);
-    if (C2_B571)
-        EC_GROUP_free(C2_B571);
-
-}
-# endif
-
-static void internal_curve_test(void)
-{
-    EC_builtin_curve *curves = NULL;
-    size_t crv_len = 0, n = 0;
-    int ok = 1;
-
-    crv_len = EC_get_builtin_curves(NULL, 0);
-
-    curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);
-
-    if (curves == NULL)
-        return;
-
-    if (!EC_get_builtin_curves(curves, crv_len)) {
-        OPENSSL_free(curves);
-        return;
-    }
-
-    fprintf(stdout, "testing internal curves: ");
-
-    for (n = 0; n < crv_len; n++) {
-        EC_GROUP *group = NULL;
-        int nid = curves[n].nid;
-        if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL) {
-            ok = 0;
-            fprintf(stdout, "\nEC_GROUP_new_curve_name() failed with"
-                    " curve %s\n", OBJ_nid2sn(nid));
-            /* try next curve */
-            continue;
-        }
-        if (!EC_GROUP_check(group, NULL)) {
-            ok = 0;
-            fprintf(stdout, "\nEC_GROUP_check() failed with"
-                    " curve %s\n", OBJ_nid2sn(nid));
-            EC_GROUP_free(group);
-            /* try the next curve */
-            continue;
-        }
-        fprintf(stdout, ".");
-        fflush(stdout);
-        EC_GROUP_free(group);
-    }
-    if (ok)
-        fprintf(stdout, " ok\n\n");
-    else {
-        fprintf(stdout, " failed\n\n");
-        ABORT;
-    }
-    OPENSSL_free(curves);
-    return;
-}
-
-# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-/*
- * nistp_test_params contains magic numbers for testing our optimized
- * implementations of several NIST curves with characteristic > 3.
- */
-struct nistp_test_params {
-    const EC_METHOD *(*meth) ();
-    int degree;
-    /*
-     * Qx, Qy and D are taken from
-     * http://csrcdocut.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf
-     * Otherwise, values are standard curve parameters from FIPS 180-3
-     */
-    const char *p, *a, *b, *Qx, *Qy, *Gx, *Gy, *order, *d;
-};
-
-static const struct nistp_test_params nistp_tests_params[] = {
-    {
-     /* P-224 */
-     EC_GFp_nistp224_method,
-     224,
-     /* p */
-     "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
-     /* a */
-     "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
-     /* b */
-     "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
-     /* Qx */
-     "E84FB0B8E7000CB657D7973CF6B42ED78B301674276DF744AF130B3E",
-     /* Qy */
-     "4376675C6FC5612C21A0FF2D2A89D2987DF7A2BC52183B5982298555",
-     /* Gx */
-     "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
-     /* Gy */
-     "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34",
-     /* order */
-     "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",
-     /* d */
-     "3F0C488E987C80BE0FEE521F8D90BE6034EC69AE11CA72AA777481E8",
-     },
-    {
-     /* P-256 */
-     EC_GFp_nistp256_method,
-     256,
-     /* p */
-     "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff",
-     /* a */
-     "ffffffff00000001000000000000000000000000fffffffffffffffffffffffc",
-     /* b */
-     "5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b",
-     /* Qx */
-     "b7e08afdfe94bad3f1dc8c734798ba1c62b3a0ad1e9ea2a38201cd0889bc7a19",
-     /* Qy */
-     "3603f747959dbf7a4bb226e41928729063adc7ae43529e61b563bbc606cc5e09",
-     /* Gx */
-     "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296",
-     /* Gy */
-     "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5",
-     /* order */
-     "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551",
-     /* d */
-     "c477f9f65c22cce20657faa5b2d1d8122336f851a508a1ed04e479c34985bf96",
-     },
-    {
-     /* P-521 */
-     EC_GFp_nistp521_method,
-     521,
-     /* p */
-     "1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
-     /* a */
-     "1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc",
-     /* b */
-     "051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00",
-     /* Qx */
-     "0098e91eef9a68452822309c52fab453f5f117c1da8ed796b255e9ab8f6410cca16e59df403a6bdc6ca467a37056b1e54b3005d8ac030decfeb68df18b171885d5c4",
-     /* Qy */
-     "0164350c321aecfc1cca1ba4364c9b15656150b4b78d6a48d7d28e7f31985ef17be8554376b72900712c4b83ad668327231526e313f5f092999a4632fd50d946bc2e",
-     /* Gx */
-     "c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66",
-     /* Gy */
-     "11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650",
-     /* order */
-     "1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409",
-     /* d */
-     "0100085f47b8e1b8b11b7eb33028c0b2888e304bfc98501955b45bba1478dc184eeedf09b86a5f7c21994406072787205e69a63709fe35aa93ba333514b24f961722",
-     },
-};
-
-static void nistp_single_test(const struct nistp_test_params *test)
-{
-    BN_CTX *ctx;
-    BIGNUM *p, *a, *b, *x, *y, *n, *m, *order;
-    EC_GROUP *NISTP;
-    EC_POINT *G, *P, *Q, *Q_CHECK;
-
-    fprintf(stdout, "\nNIST curve P-%d (optimised implementation):\n",
-            test->degree);
-    ctx = BN_CTX_new();
-    p = BN_new();
-    a = BN_new();
-    b = BN_new();
-    x = BN_new();
-    y = BN_new();
-    m = BN_new();
-    n = BN_new();
-    order = BN_new();
-
-    NISTP = EC_GROUP_new(test->meth());
-    if (!NISTP)
-        ABORT;
-    if (!BN_hex2bn(&p, test->p))
-        ABORT;
-    if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
-        ABORT;
-    if (!BN_hex2bn(&a, test->a))
-        ABORT;
-    if (!BN_hex2bn(&b, test->b))
-        ABORT;
-    if (!EC_GROUP_set_curve_GFp(NISTP, p, a, b, ctx))
-        ABORT;
-    G = EC_POINT_new(NISTP);
-    P = EC_POINT_new(NISTP);
-    Q = EC_POINT_new(NISTP);
-    Q_CHECK = EC_POINT_new(NISTP);
-    if (!BN_hex2bn(&x, test->Qx))
-        ABORT;
-    if (!BN_hex2bn(&y, test->Qy))
-        ABORT;
-    if (!EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, y, ctx))
-        ABORT;
-    if (!BN_hex2bn(&x, test->Gx))
-        ABORT;
-    if (!BN_hex2bn(&y, test->Gy))
-        ABORT;
-    if (!EC_POINT_set_affine_coordinates_GFp(NISTP, G, x, y, ctx))
-        ABORT;
-    if (!BN_hex2bn(&order, test->order))
-        ABORT;
-    if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one()))
-        ABORT;
-
-    fprintf(stdout, "verify degree ... ");
-    if (EC_GROUP_get_degree(NISTP) != test->degree)
-        ABORT;
-    fprintf(stdout, "ok\n");
-
-    fprintf(stdout, "NIST test vectors ... ");
-    if (!BN_hex2bn(&n, test->d))
-        ABORT;
-    /* fixed point multiplication */
-    EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
-    if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
-        ABORT;
-    /* random point multiplication */
-    EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
-    if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
-        ABORT;
-
-    /* set generator to P = 2*G, where G is the standard generator */
-    if (!EC_POINT_dbl(NISTP, P, G, ctx))
-        ABORT;
-    if (!EC_GROUP_set_generator(NISTP, P, order, BN_value_one()))
-        ABORT;
-    /* set the scalar to m=n/2, where n is the NIST test scalar */
-    if (!BN_rshift(m, n, 1))
-        ABORT;
-
-    /* test the non-standard generator */
-    /* fixed point multiplication */
-    EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
-    if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
-        ABORT;
-    /* random point multiplication */
-    EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
-    if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
-        ABORT;
-
-    /* now repeat all tests with precomputation */
-    if (!EC_GROUP_precompute_mult(NISTP, ctx))
-        ABORT;
-
-    /* fixed point multiplication */
-    EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
-    if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
-        ABORT;
-    /* random point multiplication */
-    EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
-    if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
-        ABORT;
-
-    /* reset generator */
-    if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one()))
-        ABORT;
-    /* fixed point multiplication */
-    EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
-    if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
-        ABORT;
-    /* random point multiplication */
-    EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
-    if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
-        ABORT;
-
-    fprintf(stdout, "ok\n");
-    group_order_tests(NISTP);
-#  if 0
-    timings(NISTP, TIMING_BASE_PT, ctx);
-    timings(NISTP, TIMING_RAND_PT, ctx);
-#  endif
-    EC_GROUP_free(NISTP);
-    EC_POINT_free(G);
-    EC_POINT_free(P);
-    EC_POINT_free(Q);
-    EC_POINT_free(Q_CHECK);
-    BN_free(n);
-    BN_free(m);
-    BN_free(p);
-    BN_free(a);
-    BN_free(b);
-    BN_free(x);
-    BN_free(y);
-    BN_free(order);
-    BN_CTX_free(ctx);
-}
-
-static void nistp_tests()
-{
-    unsigned i;
-
-    for (i = 0;
-         i < sizeof(nistp_tests_params) / sizeof(struct nistp_test_params);
-         i++) {
-        nistp_single_test(&nistp_tests_params[i]);
-    }
-}
-# endif
-
-static const char rnd_seed[] =
-    "string to make the random number generator think it has entropy";
-
-int main(int argc, char *argv[])
-{
-
-    /* enable memory leak checking unless explicitly disabled */
-    if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL)
-          && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) {
-        CRYPTO_malloc_debug_init();
-        CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
-    } else {
-        /* OPENSSL_DEBUG_MEMORY=off */
-        CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
-    }
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-    ERR_load_crypto_strings();
-
-    RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */
-
-    prime_field_tests();
-    puts("");
-# ifndef OPENSSL_NO_EC2M
-    char2_field_tests();
-# endif
-# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-    nistp_tests();
-# endif
-    /* test the internal curves */
-    internal_curve_test();
-
-# ifndef OPENSSL_NO_ENGINE
-    ENGINE_cleanup();
-# endif
-    CRYPTO_cleanup_all_ex_data();
-    ERR_free_strings();
-    ERR_remove_thread_state(NULL);
-    CRYPTO_mem_leaks_fp(stderr);
-
-    return 0;
-}
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/ec/ectest.c (from rev 11605, vendor-crypto/openssl/dist/crypto/ec/ectest.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/ec/ectest.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/ec/ectest.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,1861 @@
+/* crypto/ec/ectest.c */
+/*
+ * Originally written by Bodo Moeller for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#ifdef FLAT_INC
+# include "e_os.h"
+#else
+# include "../e_os.h"
+#endif
+#include <string.h>
+#include <time.h>
+
+#ifdef OPENSSL_NO_EC
+int main(int argc, char *argv[])
+{
+    puts("Elliptic curves are disabled.");
+    return 0;
+}
+#else
+
+# include <openssl/ec.h>
+# ifndef OPENSSL_NO_ENGINE
+#  include <openssl/engine.h>
+# endif
+# include <openssl/err.h>
+# include <openssl/obj_mac.h>
+# include <openssl/objects.h>
+# include <openssl/rand.h>
+# include <openssl/bn.h>
+# include <openssl/opensslconf.h>
+
+# if defined(_MSC_VER) && defined(_MIPS_) && (_MSC_VER/100==12)
+/* suppress "too big too optimize" warning */
+#  pragma warning(disable:4959)
+# endif
+
+# define ABORT do { \
+        fflush(stdout); \
+        fprintf(stderr, "%s:%d: ABORT\n", __FILE__, __LINE__); \
+        ERR_print_errors_fp(stderr); \
+        EXIT(1); \
+} while (0)
+
+# define TIMING_BASE_PT 0
+# define TIMING_RAND_PT 1
+# define TIMING_SIMUL 2
+
+# if 0
+static void timings(EC_GROUP *group, int type, BN_CTX *ctx)
+{
+    clock_t clck;
+    int i, j;
+    BIGNUM *s;
+    BIGNUM *r[10], *r0[10];
+    EC_POINT *P;
+
+    s = BN_new();
+    if (s == NULL)
+        ABORT;
+
+    fprintf(stdout, "Timings for %d-bit field, ", EC_GROUP_get_degree(group));
+    if (!EC_GROUP_get_order(group, s, ctx))
+        ABORT;
+    fprintf(stdout, "%d-bit scalars ", (int)BN_num_bits(s));
+    fflush(stdout);
+
+    P = EC_POINT_new(group);
+    if (P == NULL)
+        ABORT;
+    EC_POINT_copy(P, EC_GROUP_get0_generator(group));
+
+    for (i = 0; i < 10; i++) {
+        if ((r[i] = BN_new()) == NULL)
+            ABORT;
+        if (!BN_pseudo_rand(r[i], BN_num_bits(s), 0, 0))
+            ABORT;
+        if (type != TIMING_BASE_PT) {
+            if ((r0[i] = BN_new()) == NULL)
+                ABORT;
+            if (!BN_pseudo_rand(r0[i], BN_num_bits(s), 0, 0))
+                ABORT;
+        }
+    }
+
+    clck = clock();
+    for (i = 0; i < 10; i++) {
+        for (j = 0; j < 10; j++) {
+            if (!EC_POINT_mul
+                (group, P, (type != TIMING_RAND_PT) ? r[i] : NULL,
+                 (type != TIMING_BASE_PT) ? P : NULL,
+                 (type != TIMING_BASE_PT) ? r0[i] : NULL, ctx))
+                ABORT;
+        }
+    }
+    clck = clock() - clck;
+
+    fprintf(stdout, "\n");
+
+#  ifdef CLOCKS_PER_SEC
+    /*
+     * "To determine the time in seconds, the value returned by the clock
+     * function should be divided by the value of the macro CLOCKS_PER_SEC."
+     * -- ISO/IEC 9899
+     */
+#   define UNIT "s"
+#  else
+    /*
+     * "`CLOCKS_PER_SEC' undeclared (first use this function)" -- cc on
+     * NeXTstep/OpenStep
+     */
+#   define UNIT "units"
+#   define CLOCKS_PER_SEC 1
+#  endif
+
+    if (type == TIMING_BASE_PT) {
+        fprintf(stdout, "%i %s in %.2f " UNIT "\n", i * j,
+                "base point multiplications", (double)clck / CLOCKS_PER_SEC);
+    } else if (type == TIMING_RAND_PT) {
+        fprintf(stdout, "%i %s in %.2f " UNIT "\n", i * j,
+                "random point multiplications",
+                (double)clck / CLOCKS_PER_SEC);
+    } else if (type == TIMING_SIMUL) {
+        fprintf(stdout, "%i %s in %.2f " UNIT "\n", i * j,
+                "s*P+t*Q operations", (double)clck / CLOCKS_PER_SEC);
+    }
+    fprintf(stdout, "average: %.4f " UNIT "\n",
+            (double)clck / (CLOCKS_PER_SEC * i * j));
+
+    EC_POINT_free(P);
+    BN_free(s);
+    for (i = 0; i < 10; i++) {
+        BN_free(r[i]);
+        if (type != TIMING_BASE_PT)
+            BN_free(r0[i]);
+    }
+}
+# endif
+
+/* test multiplication with group order, long and negative scalars */
+static void group_order_tests(EC_GROUP *group)
+{
+    BIGNUM *n1, *n2, *order;
+    EC_POINT *P = EC_POINT_new(group);
+    EC_POINT *Q = EC_POINT_new(group);
+    BN_CTX *ctx = BN_CTX_new();
+    int i;
+
+    n1 = BN_new();
+    n2 = BN_new();
+    order = BN_new();
+    fprintf(stdout, "verify group order ...");
+    fflush(stdout);
+    if (!EC_GROUP_get_order(group, order, ctx))
+        ABORT;
+    if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx))
+        ABORT;
+    if (!EC_POINT_is_at_infinity(group, Q))
+        ABORT;
+    fprintf(stdout, ".");
+    fflush(stdout);
+    if (!EC_GROUP_precompute_mult(group, ctx))
+        ABORT;
+    if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx))
+        ABORT;
+    if (!EC_POINT_is_at_infinity(group, Q))
+        ABORT;
+    fprintf(stdout, " ok\n");
+    fprintf(stdout, "long/negative scalar tests ");
+    for (i = 1; i <= 2; i++) {
+        const BIGNUM *scalars[6];
+        const EC_POINT *points[6];
+
+        fprintf(stdout, i == 1 ?
+                "allowing precomputation ... " :
+                "without precomputation ... ");
+        if (!BN_set_word(n1, i))
+            ABORT;
+        /*
+         * If i == 1, P will be the predefined generator for which
+         * EC_GROUP_precompute_mult has set up precomputation.
+         */
+        if (!EC_POINT_mul(group, P, n1, NULL, NULL, ctx))
+            ABORT;
+
+        if (!BN_one(n1))
+            ABORT;
+        /* n1 = 1 - order */
+        if (!BN_sub(n1, n1, order))
+            ABORT;
+        if (!EC_POINT_mul(group, Q, NULL, P, n1, ctx))
+            ABORT;
+        if (0 != EC_POINT_cmp(group, Q, P, ctx))
+            ABORT;
+
+        /* n2 = 1 + order */
+        if (!BN_add(n2, order, BN_value_one()))
+            ABORT;
+        if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx))
+            ABORT;
+        if (0 != EC_POINT_cmp(group, Q, P, ctx))
+            ABORT;
+
+        /* n2 = (1 - order) * (1 + order) = 1 - order^2 */
+        if (!BN_mul(n2, n1, n2, ctx))
+            ABORT;
+        if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx))
+            ABORT;
+        if (0 != EC_POINT_cmp(group, Q, P, ctx))
+            ABORT;
+
+        /* n2 = order^2 - 1 */
+        BN_set_negative(n2, 0);
+        if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx))
+            ABORT;
+        /* Add P to verify the result. */
+        if (!EC_POINT_add(group, Q, Q, P, ctx))
+            ABORT;
+        if (!EC_POINT_is_at_infinity(group, Q))
+            ABORT;
+
+        /* Exercise EC_POINTs_mul, including corner cases. */
+        if (EC_POINT_is_at_infinity(group, P))
+            ABORT;
+        scalars[0] = n1;
+        points[0] = Q;          /* => infinity */
+        scalars[1] = n2;
+        points[1] = P;          /* => -P */
+        scalars[2] = n1;
+        points[2] = Q;          /* => infinity */
+        scalars[3] = n2;
+        points[3] = Q;          /* => infinity */
+        scalars[4] = n1;
+        points[4] = P;          /* => P */
+        scalars[5] = n2;
+        points[5] = Q;          /* => infinity */
+        if (!EC_POINTs_mul(group, P, NULL, 6, points, scalars, ctx))
+            ABORT;
+        if (!EC_POINT_is_at_infinity(group, P))
+            ABORT;
+    }
+    fprintf(stdout, "ok\n");
+
+    EC_POINT_free(P);
+    EC_POINT_free(Q);
+    BN_free(n1);
+    BN_free(n2);
+    BN_free(order);
+    BN_CTX_free(ctx);
+}
+
+static void prime_field_tests(void)
+{
+    BN_CTX *ctx = NULL;
+    BIGNUM *p, *a, *b;
+    EC_GROUP *group;
+    EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 =
+        NULL, *P_384 = NULL, *P_521 = NULL;
+    EC_POINT *P, *Q, *R;
+    BIGNUM *x, *y, *z;
+    unsigned char buf[100];
+    size_t i, len;
+    int k;
+
+# if 1                          /* optional */
+    ctx = BN_CTX_new();
+    if (!ctx)
+        ABORT;
+# endif
+
+    p = BN_new();
+    a = BN_new();
+    b = BN_new();
+    if (!p || !a || !b)
+        ABORT;
+
+    if (!BN_hex2bn(&p, "17"))
+        ABORT;
+    if (!BN_hex2bn(&a, "1"))
+        ABORT;
+    if (!BN_hex2bn(&b, "1"))
+        ABORT;
+
+    group = EC_GROUP_new(EC_GFp_mont_method()); /* applications should use
+                                                 * EC_GROUP_new_curve_GFp so
+                                                 * that the library gets to
+                                                 * choose the EC_METHOD */
+    if (!group)
+        ABORT;
+
+    if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
+        ABORT;
+
+    {
+        EC_GROUP *tmp;
+        tmp = EC_GROUP_new(EC_GROUP_method_of(group));
+        if (!tmp)
+            ABORT;
+        if (!EC_GROUP_copy(tmp, group))
+            ABORT;
+        EC_GROUP_free(group);
+        group = tmp;
+    }
+
+    if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx))
+        ABORT;
+
+    fprintf(stdout,
+            "Curve defined by Weierstrass equation\n     y^2 = x^3 + a*x + b  (mod 0x");
+    BN_print_fp(stdout, p);
+    fprintf(stdout, ")\n     a = 0x");
+    BN_print_fp(stdout, a);
+    fprintf(stdout, "\n     b = 0x");
+    BN_print_fp(stdout, b);
+    fprintf(stdout, "\n");
+
+    P = EC_POINT_new(group);
+    Q = EC_POINT_new(group);
+    R = EC_POINT_new(group);
+    if (!P || !Q || !R)
+        ABORT;
+
+    if (!EC_POINT_set_to_infinity(group, P))
+        ABORT;
+    if (!EC_POINT_is_at_infinity(group, P))
+        ABORT;
+
+    buf[0] = 0;
+    if (!EC_POINT_oct2point(group, Q, buf, 1, ctx))
+        ABORT;
+
+    if (!EC_POINT_add(group, P, P, Q, ctx))
+        ABORT;
+    if (!EC_POINT_is_at_infinity(group, P))
+        ABORT;
+
+    x = BN_new();
+    y = BN_new();
+    z = BN_new();
+    if (!x || !y || !z)
+        ABORT;
+
+    if (!BN_hex2bn(&x, "D"))
+        ABORT;
+    if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx))
+        ABORT;
+    if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) {
+        if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx))
+            ABORT;
+        fprintf(stderr, "Point is not on curve: x = 0x");
+        BN_print_fp(stderr, x);
+        fprintf(stderr, ", y = 0x");
+        BN_print_fp(stderr, y);
+        fprintf(stderr, "\n");
+        ABORT;
+    }
+
+    fprintf(stdout, "A cyclic subgroup:\n");
+    k = 100;
+    do {
+        if (k-- == 0)
+            ABORT;
+
+        if (EC_POINT_is_at_infinity(group, P))
+            fprintf(stdout, "     point at infinity\n");
+        else {
+            if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
+                ABORT;
+
+            fprintf(stdout, "     x = 0x");
+            BN_print_fp(stdout, x);
+            fprintf(stdout, ", y = 0x");
+            BN_print_fp(stdout, y);
+            fprintf(stdout, "\n");
+        }
+
+        if (!EC_POINT_copy(R, P))
+            ABORT;
+        if (!EC_POINT_add(group, P, P, Q, ctx))
+            ABORT;
+
+# if 0                          /* optional */
+        {
+            EC_POINT *points[3];
+
+            points[0] = R;
+            points[1] = Q;
+            points[2] = P;
+            if (!EC_POINTs_make_affine(group, 2, points, ctx))
+                ABORT;
+        }
+# endif
+
+    }
+    while (!EC_POINT_is_at_infinity(group, P));
+
+    if (!EC_POINT_add(group, P, Q, R, ctx))
+        ABORT;
+    if (!EC_POINT_is_at_infinity(group, P))
+        ABORT;
+
+    len =
+        EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf,
+                           sizeof buf, ctx);
+    if (len == 0)
+        ABORT;
+    if (!EC_POINT_oct2point(group, P, buf, len, ctx))
+        ABORT;
+    if (0 != EC_POINT_cmp(group, P, Q, ctx))
+        ABORT;
+    fprintf(stdout, "Generator as octet string, compressed form:\n     ");
+    for (i = 0; i < len; i++)
+        fprintf(stdout, "%02X", buf[i]);
+
+    len =
+        EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf,
+                           sizeof buf, ctx);
+    if (len == 0)
+        ABORT;
+    if (!EC_POINT_oct2point(group, P, buf, len, ctx))
+        ABORT;
+    if (0 != EC_POINT_cmp(group, P, Q, ctx))
+        ABORT;
+    fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n     ");
+    for (i = 0; i < len; i++)
+        fprintf(stdout, "%02X", buf[i]);
+
+    len =
+        EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf,
+                           ctx);
+    if (len == 0)
+        ABORT;
+    if (!EC_POINT_oct2point(group, P, buf, len, ctx))
+        ABORT;
+    if (0 != EC_POINT_cmp(group, P, Q, ctx))
+        ABORT;
+    fprintf(stdout, "\nGenerator as octet string, hybrid form:\n     ");
+    for (i = 0; i < len; i++)
+        fprintf(stdout, "%02X", buf[i]);
+
+    if (!EC_POINT_get_Jprojective_coordinates_GFp(group, R, x, y, z, ctx))
+        ABORT;
+    fprintf(stdout,
+            "\nA representation of the inverse of that generator in\nJacobian projective coordinates:\n     X = 0x");
+    BN_print_fp(stdout, x);
+    fprintf(stdout, ", Y = 0x");
+    BN_print_fp(stdout, y);
+    fprintf(stdout, ", Z = 0x");
+    BN_print_fp(stdout, z);
+    fprintf(stdout, "\n");
+
+    if (!EC_POINT_invert(group, P, ctx))
+        ABORT;
+    if (0 != EC_POINT_cmp(group, P, R, ctx))
+        ABORT;
+
+    /*
+     * Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2,
+     * 2000) -- not a NIST curve, but commonly used
+     */
+
+    if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF"))
+        ABORT;
+    if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
+        ABORT;
+    if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC"))
+        ABORT;
+    if (!BN_hex2bn(&b, "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45"))
+        ABORT;
+    if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
+        ABORT;
+
+    if (!BN_hex2bn(&x, "4A96B5688EF573284664698968C38BB913CBFC82"))
+        ABORT;
+    if (!BN_hex2bn(&y, "23a628553168947d59dcc912042351377ac5fb32"))
+        ABORT;
+    if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx))
+        ABORT;
+    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
+        ABORT;
+    if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257"))
+        ABORT;
+    if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
+        ABORT;
+
+    if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
+        ABORT;
+    fprintf(stdout, "\nSEC2 curve secp160r1 -- Generator:\n     x = 0x");
+    BN_print_fp(stdout, x);
+    fprintf(stdout, "\n     y = 0x");
+    BN_print_fp(stdout, y);
+    fprintf(stdout, "\n");
+    /* G_y value taken from the standard: */
+    if (!BN_hex2bn(&z, "23a628553168947d59dcc912042351377ac5fb32"))
+        ABORT;
+    if (0 != BN_cmp(y, z))
+        ABORT;
+
+    fprintf(stdout, "verify degree ...");
+    if (EC_GROUP_get_degree(group) != 160)
+        ABORT;
+    fprintf(stdout, " ok\n");
+
+    group_order_tests(group);
+
+    if (!(P_160 = EC_GROUP_new(EC_GROUP_method_of(group))))
+        ABORT;
+    if (!EC_GROUP_copy(P_160, group))
+        ABORT;
+
+    /* Curve P-192 (FIPS PUB 186-2, App. 6) */
+
+    if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF"))
+        ABORT;
+    if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
+        ABORT;
+    if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC"))
+        ABORT;
+    if (!BN_hex2bn(&b, "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1"))
+        ABORT;
+    if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
+        ABORT;
+
+    if (!BN_hex2bn(&x, "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012"))
+        ABORT;
+    if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
+        ABORT;
+    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
+        ABORT;
+    if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831"))
+        ABORT;
+    if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
+        ABORT;
+
+    if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
+        ABORT;
+    fprintf(stdout, "\nNIST curve P-192 -- Generator:\n     x = 0x");
+    BN_print_fp(stdout, x);
+    fprintf(stdout, "\n     y = 0x");
+    BN_print_fp(stdout, y);
+    fprintf(stdout, "\n");
+    /* G_y value taken from the standard: */
+    if (!BN_hex2bn(&z, "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811"))
+        ABORT;
+    if (0 != BN_cmp(y, z))
+        ABORT;
+
+    fprintf(stdout, "verify degree ...");
+    if (EC_GROUP_get_degree(group) != 192)
+        ABORT;
+    fprintf(stdout, " ok\n");
+
+    group_order_tests(group);
+
+    if (!(P_192 = EC_GROUP_new(EC_GROUP_method_of(group))))
+        ABORT;
+    if (!EC_GROUP_copy(P_192, group))
+        ABORT;
+
+    /* Curve P-224 (FIPS PUB 186-2, App. 6) */
+
+    if (!BN_hex2bn
+        (&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001"))
+        ABORT;
+    if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
+        ABORT;
+    if (!BN_hex2bn
+        (&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE"))
+        ABORT;
+    if (!BN_hex2bn
+        (&b, "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4"))
+        ABORT;
+    if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
+        ABORT;
+
+    if (!BN_hex2bn
+        (&x, "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21"))
+        ABORT;
+    if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx))
+        ABORT;
+    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
+        ABORT;
+    if (!BN_hex2bn
+        (&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D"))
+        ABORT;
+    if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
+        ABORT;
+
+    if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
+        ABORT;
+    fprintf(stdout, "\nNIST curve P-224 -- Generator:\n     x = 0x");
+    BN_print_fp(stdout, x);
+    fprintf(stdout, "\n     y = 0x");
+    BN_print_fp(stdout, y);
+    fprintf(stdout, "\n");
+    /* G_y value taken from the standard: */
+    if (!BN_hex2bn
+        (&z, "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34"))
+        ABORT;
+    if (0 != BN_cmp(y, z))
+        ABORT;
+
+    fprintf(stdout, "verify degree ...");
+    if (EC_GROUP_get_degree(group) != 224)
+        ABORT;
+    fprintf(stdout, " ok\n");
+
+    group_order_tests(group);
+
+    if (!(P_224 = EC_GROUP_new(EC_GROUP_method_of(group))))
+        ABORT;
+    if (!EC_GROUP_copy(P_224, group))
+        ABORT;
+
+    /* Curve P-256 (FIPS PUB 186-2, App. 6) */
+
+    if (!BN_hex2bn
+        (&p,
+         "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF"))
+        ABORT;
+    if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
+        ABORT;
+    if (!BN_hex2bn
+        (&a,
+         "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC"))
+        ABORT;
+    if (!BN_hex2bn
+        (&b,
+         "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B"))
+        ABORT;
+    if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
+        ABORT;
+
+    if (!BN_hex2bn
+        (&x,
+         "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"))
+        ABORT;
+    if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
+        ABORT;
+    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
+        ABORT;
+    if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E"
+                   "84F3B9CAC2FC632551"))
+        ABORT;
+    if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
+        ABORT;
+
+    if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
+        ABORT;
+    fprintf(stdout, "\nNIST curve P-256 -- Generator:\n     x = 0x");
+    BN_print_fp(stdout, x);
+    fprintf(stdout, "\n     y = 0x");
+    BN_print_fp(stdout, y);
+    fprintf(stdout, "\n");
+    /* G_y value taken from the standard: */
+    if (!BN_hex2bn
+        (&z,
+         "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5"))
+        ABORT;
+    if (0 != BN_cmp(y, z))
+        ABORT;
+
+    fprintf(stdout, "verify degree ...");
+    if (EC_GROUP_get_degree(group) != 256)
+        ABORT;
+    fprintf(stdout, " ok\n");
+
+    group_order_tests(group);
+
+    if (!(P_256 = EC_GROUP_new(EC_GROUP_method_of(group))))
+        ABORT;
+    if (!EC_GROUP_copy(P_256, group))
+        ABORT;
+
+    /* Curve P-384 (FIPS PUB 186-2, App. 6) */
+
+    if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+                   "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF"))
+        ABORT;
+    if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
+        ABORT;
+    if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+                   "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC"))
+        ABORT;
+    if (!BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141"
+                   "120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF"))
+        ABORT;
+    if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
+        ABORT;
+
+    if (!BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B"
+                   "9859F741E082542A385502F25DBF55296C3A545E3872760AB7"))
+        ABORT;
+    if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
+        ABORT;
+    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
+        ABORT;
+    if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+                   "FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973"))
+        ABORT;
+    if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
+        ABORT;
+
+    if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
+        ABORT;
+    fprintf(stdout, "\nNIST curve P-384 -- Generator:\n     x = 0x");
+    BN_print_fp(stdout, x);
+    fprintf(stdout, "\n     y = 0x");
+    BN_print_fp(stdout, y);
+    fprintf(stdout, "\n");
+    /* G_y value taken from the standard: */
+    if (!BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A14"
+                   "7CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F"))
+        ABORT;
+    if (0 != BN_cmp(y, z))
+        ABORT;
+
+    fprintf(stdout, "verify degree ...");
+    if (EC_GROUP_get_degree(group) != 384)
+        ABORT;
+    fprintf(stdout, " ok\n");
+
+    group_order_tests(group);
+
+    if (!(P_384 = EC_GROUP_new(EC_GROUP_method_of(group))))
+        ABORT;
+    if (!EC_GROUP_copy(P_384, group))
+        ABORT;
+
+    /* Curve P-521 (FIPS PUB 186-2, App. 6) */
+
+    if (!BN_hex2bn(&p, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+                   "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+                   "FFFFFFFFFFFFFFFFFFFFFFFFFFFF"))
+        ABORT;
+    if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
+        ABORT;
+    if (!BN_hex2bn(&a, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+                   "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+                   "FFFFFFFFFFFFFFFFFFFFFFFFFFFC"))
+        ABORT;
+    if (!BN_hex2bn(&b, "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B"
+                   "315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573"
+                   "DF883D2C34F1EF451FD46B503F00"))
+        ABORT;
+    if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
+        ABORT;
+
+    if (!BN_hex2bn(&x, "C6858E06B70404E9CD9E3ECB662395B4429C648139053F"
+                   "B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B"
+                   "3C1856A429BF97E7E31C2E5BD66"))
+        ABORT;
+    if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx))
+        ABORT;
+    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
+        ABORT;
+    if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+                   "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5"
+                   "C9B8899C47AEBB6FB71E91386409"))
+        ABORT;
+    if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
+        ABORT;
+
+    if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
+        ABORT;
+    fprintf(stdout, "\nNIST curve P-521 -- Generator:\n     x = 0x");
+    BN_print_fp(stdout, x);
+    fprintf(stdout, "\n     y = 0x");
+    BN_print_fp(stdout, y);
+    fprintf(stdout, "\n");
+    /* G_y value taken from the standard: */
+    if (!BN_hex2bn(&z, "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579"
+                   "B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C"
+                   "7086A272C24088BE94769FD16650"))
+        ABORT;
+    if (0 != BN_cmp(y, z))
+        ABORT;
+
+    fprintf(stdout, "verify degree ...");
+    if (EC_GROUP_get_degree(group) != 521)
+        ABORT;
+    fprintf(stdout, " ok\n");
+
+    group_order_tests(group);
+
+    if (!(P_521 = EC_GROUP_new(EC_GROUP_method_of(group))))
+        ABORT;
+    if (!EC_GROUP_copy(P_521, group))
+        ABORT;
+
+    /* more tests using the last curve */
+
+    if (!EC_POINT_copy(Q, P))
+        ABORT;
+    if (EC_POINT_is_at_infinity(group, Q))
+        ABORT;
+    if (!EC_POINT_dbl(group, P, P, ctx))
+        ABORT;
+    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
+        ABORT;
+    if (!EC_POINT_invert(group, Q, ctx))
+        ABORT;                  /* P = -2Q */
+
+    if (!EC_POINT_add(group, R, P, Q, ctx))
+        ABORT;
+    if (!EC_POINT_add(group, R, R, Q, ctx))
+        ABORT;
+    if (!EC_POINT_is_at_infinity(group, R))
+        ABORT;                  /* R = P + 2Q */
+
+    {
+        const EC_POINT *points[4];
+        const BIGNUM *scalars[4];
+        BIGNUM scalar3;
+
+        if (EC_POINT_is_at_infinity(group, Q))
+            ABORT;
+        points[0] = Q;
+        points[1] = Q;
+        points[2] = Q;
+        points[3] = Q;
+
+        if (!EC_GROUP_get_order(group, z, ctx))
+            ABORT;
+        if (!BN_add(y, z, BN_value_one()))
+            ABORT;
+        if (BN_is_odd(y))
+            ABORT;
+        if (!BN_rshift1(y, y))
+            ABORT;
+        scalars[0] = y;         /* (group order + 1)/2, so y*Q + y*Q = Q */
+        scalars[1] = y;
+
+        fprintf(stdout, "combined multiplication ...");
+        fflush(stdout);
+
+        /* z is still the group order */
+        if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
+            ABORT;
+        if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx))
+            ABORT;
+        if (0 != EC_POINT_cmp(group, P, R, ctx))
+            ABORT;
+        if (0 != EC_POINT_cmp(group, R, Q, ctx))
+            ABORT;
+
+        fprintf(stdout, ".");
+        fflush(stdout);
+
+        if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0))
+            ABORT;
+        if (!BN_add(z, z, y))
+            ABORT;
+        BN_set_negative(z, 1);
+        scalars[0] = y;
+        scalars[1] = z;         /* z = -(order + y) */
+
+        if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
+            ABORT;
+        if (!EC_POINT_is_at_infinity(group, P))
+            ABORT;
+
+        fprintf(stdout, ".");
+        fflush(stdout);
+
+        if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0))
+            ABORT;
+        if (!BN_add(z, x, y))
+            ABORT;
+        BN_set_negative(z, 1);
+        scalars[0] = x;
+        scalars[1] = y;
+        scalars[2] = z;         /* z = -(x+y) */
+
+        BN_init(&scalar3);
+        BN_zero(&scalar3);
+        scalars[3] = &scalar3;
+
+        if (!EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx))
+            ABORT;
+        if (!EC_POINT_is_at_infinity(group, P))
+            ABORT;
+
+        fprintf(stdout, " ok\n\n");
+
+        BN_free(&scalar3);
+    }
+
+# if 0
+    timings(P_160, TIMING_BASE_PT, ctx);
+    timings(P_160, TIMING_RAND_PT, ctx);
+    timings(P_160, TIMING_SIMUL, ctx);
+    timings(P_192, TIMING_BASE_PT, ctx);
+    timings(P_192, TIMING_RAND_PT, ctx);
+    timings(P_192, TIMING_SIMUL, ctx);
+    timings(P_224, TIMING_BASE_PT, ctx);
+    timings(P_224, TIMING_RAND_PT, ctx);
+    timings(P_224, TIMING_SIMUL, ctx);
+    timings(P_256, TIMING_BASE_PT, ctx);
+    timings(P_256, TIMING_RAND_PT, ctx);
+    timings(P_256, TIMING_SIMUL, ctx);
+    timings(P_384, TIMING_BASE_PT, ctx);
+    timings(P_384, TIMING_RAND_PT, ctx);
+    timings(P_384, TIMING_SIMUL, ctx);
+    timings(P_521, TIMING_BASE_PT, ctx);
+    timings(P_521, TIMING_RAND_PT, ctx);
+    timings(P_521, TIMING_SIMUL, ctx);
+# endif
+
+    if (ctx)
+        BN_CTX_free(ctx);
+    BN_free(p);
+    BN_free(a);
+    BN_free(b);
+    EC_GROUP_free(group);
+    EC_POINT_free(P);
+    EC_POINT_free(Q);
+    EC_POINT_free(R);
+    BN_free(x);
+    BN_free(y);
+    BN_free(z);
+
+    if (P_160)
+        EC_GROUP_free(P_160);
+    if (P_192)
+        EC_GROUP_free(P_192);
+    if (P_224)
+        EC_GROUP_free(P_224);
+    if (P_256)
+        EC_GROUP_free(P_256);
+    if (P_384)
+        EC_GROUP_free(P_384);
+    if (P_521)
+        EC_GROUP_free(P_521);
+
+}
+
+/* Change test based on whether binary point compression is enabled or not. */
+# ifdef OPENSSL_EC_BIN_PT_COMP
+#  define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
+        if (!BN_hex2bn(&x, _x)) ABORT; \
+        if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \
+        if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \
+        if (!BN_hex2bn(&z, _order)) ABORT; \
+        if (!BN_hex2bn(&cof, _cof)) ABORT; \
+        if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
+        if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
+        fprintf(stdout, "\n%s -- Generator:\n     x = 0x", _name); \
+        BN_print_fp(stdout, x); \
+        fprintf(stdout, "\n     y = 0x"); \
+        BN_print_fp(stdout, y); \
+        fprintf(stdout, "\n"); \
+        /* G_y value taken from the standard: */ \
+        if (!BN_hex2bn(&z, _y)) ABORT; \
+        if (0 != BN_cmp(y, z)) ABORT;
+# else
+#  define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
+        if (!BN_hex2bn(&x, _x)) ABORT; \
+        if (!BN_hex2bn(&y, _y)) ABORT; \
+        if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
+        if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \
+        if (!BN_hex2bn(&z, _order)) ABORT; \
+        if (!BN_hex2bn(&cof, _cof)) ABORT; \
+        if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
+        fprintf(stdout, "\n%s -- Generator:\n     x = 0x", _name); \
+        BN_print_fp(stdout, x); \
+        fprintf(stdout, "\n     y = 0x"); \
+        BN_print_fp(stdout, y); \
+        fprintf(stdout, "\n");
+# endif
+
+# define CHAR2_CURVE_TEST(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
+        if (!BN_hex2bn(&p, _p)) ABORT; \
+        if (!BN_hex2bn(&a, _a)) ABORT; \
+        if (!BN_hex2bn(&b, _b)) ABORT; \
+        if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx)) ABORT; \
+        CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
+        fprintf(stdout, "verify degree ..."); \
+        if (EC_GROUP_get_degree(group) != _degree) ABORT; \
+        fprintf(stdout, " ok\n"); \
+        group_order_tests(group); \
+        if (!(_variable = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; \
+        if (!EC_GROUP_copy(_variable, group)) ABORT; \
+
+# ifndef OPENSSL_NO_EC2M
+
+static void char2_field_tests(void)
+{
+    BN_CTX *ctx = NULL;
+    BIGNUM *p, *a, *b;
+    EC_GROUP *group;
+    EC_GROUP *C2_K163 = NULL, *C2_K233 = NULL, *C2_K283 = NULL, *C2_K409 =
+        NULL, *C2_K571 = NULL;
+    EC_GROUP *C2_B163 = NULL, *C2_B233 = NULL, *C2_B283 = NULL, *C2_B409 =
+        NULL, *C2_B571 = NULL;
+    EC_POINT *P, *Q, *R;
+    BIGNUM *x, *y, *z, *cof;
+    unsigned char buf[100];
+    size_t i, len;
+    int k;
+
+#  if 1                         /* optional */
+    ctx = BN_CTX_new();
+    if (!ctx)
+        ABORT;
+#  endif
+
+    p = BN_new();
+    a = BN_new();
+    b = BN_new();
+    if (!p || !a || !b)
+        ABORT;
+
+    if (!BN_hex2bn(&p, "13"))
+        ABORT;
+    if (!BN_hex2bn(&a, "3"))
+        ABORT;
+    if (!BN_hex2bn(&b, "1"))
+        ABORT;
+
+    group = EC_GROUP_new(EC_GF2m_simple_method()); /* applications should use
+                                                    * EC_GROUP_new_curve_GF2m
+                                                    * so that the library gets
+                                                    * to choose the EC_METHOD */
+    if (!group)
+        ABORT;
+    if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx))
+        ABORT;
+
+    {
+        EC_GROUP *tmp;
+        tmp = EC_GROUP_new(EC_GROUP_method_of(group));
+        if (!tmp)
+            ABORT;
+        if (!EC_GROUP_copy(tmp, group))
+            ABORT;
+        EC_GROUP_free(group);
+        group = tmp;
+    }
+
+    if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx))
+        ABORT;
+
+    fprintf(stdout,
+            "Curve defined by Weierstrass equation\n     y^2 + x*y = x^3 + a*x^2 + b  (mod 0x");
+    BN_print_fp(stdout, p);
+    fprintf(stdout, ")\n     a = 0x");
+    BN_print_fp(stdout, a);
+    fprintf(stdout, "\n     b = 0x");
+    BN_print_fp(stdout, b);
+    fprintf(stdout, "\n(0x... means binary polynomial)\n");
+
+    P = EC_POINT_new(group);
+    Q = EC_POINT_new(group);
+    R = EC_POINT_new(group);
+    if (!P || !Q || !R)
+        ABORT;
+
+    if (!EC_POINT_set_to_infinity(group, P))
+        ABORT;
+    if (!EC_POINT_is_at_infinity(group, P))
+        ABORT;
+
+    buf[0] = 0;
+    if (!EC_POINT_oct2point(group, Q, buf, 1, ctx))
+        ABORT;
+
+    if (!EC_POINT_add(group, P, P, Q, ctx))
+        ABORT;
+    if (!EC_POINT_is_at_infinity(group, P))
+        ABORT;
+
+    x = BN_new();
+    y = BN_new();
+    z = BN_new();
+    cof = BN_new();
+    if (!x || !y || !z || !cof)
+        ABORT;
+
+    if (!BN_hex2bn(&x, "6"))
+        ABORT;
+/* Change test based on whether binary point compression is enabled or not. */
+#  ifdef OPENSSL_EC_BIN_PT_COMP
+    if (!EC_POINT_set_compressed_coordinates_GF2m(group, Q, x, 1, ctx))
+        ABORT;
+#  else
+    if (!BN_hex2bn(&y, "8"))
+        ABORT;
+    if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx))
+        ABORT;
+#  endif
+    if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) {
+/* Change test based on whether binary point compression is enabled or not. */
+#  ifdef OPENSSL_EC_BIN_PT_COMP
+        if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx))
+            ABORT;
+#  endif
+        fprintf(stderr, "Point is not on curve: x = 0x");
+        BN_print_fp(stderr, x);
+        fprintf(stderr, ", y = 0x");
+        BN_print_fp(stderr, y);
+        fprintf(stderr, "\n");
+        ABORT;
+    }
+
+    fprintf(stdout, "A cyclic subgroup:\n");
+    k = 100;
+    do {
+        if (k-- == 0)
+            ABORT;
+
+        if (EC_POINT_is_at_infinity(group, P))
+            fprintf(stdout, "     point at infinity\n");
+        else {
+            if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx))
+                ABORT;
+
+            fprintf(stdout, "     x = 0x");
+            BN_print_fp(stdout, x);
+            fprintf(stdout, ", y = 0x");
+            BN_print_fp(stdout, y);
+            fprintf(stdout, "\n");
+        }
+
+        if (!EC_POINT_copy(R, P))
+            ABORT;
+        if (!EC_POINT_add(group, P, P, Q, ctx))
+            ABORT;
+    }
+    while (!EC_POINT_is_at_infinity(group, P));
+
+    if (!EC_POINT_add(group, P, Q, R, ctx))
+        ABORT;
+    if (!EC_POINT_is_at_infinity(group, P))
+        ABORT;
+
+/* Change test based on whether binary point compression is enabled or not. */
+#  ifdef OPENSSL_EC_BIN_PT_COMP
+    len =
+        EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf,
+                           sizeof buf, ctx);
+    if (len == 0)
+        ABORT;
+    if (!EC_POINT_oct2point(group, P, buf, len, ctx))
+        ABORT;
+    if (0 != EC_POINT_cmp(group, P, Q, ctx))
+        ABORT;
+    fprintf(stdout, "Generator as octet string, compressed form:\n     ");
+    for (i = 0; i < len; i++)
+        fprintf(stdout, "%02X", buf[i]);
+#  endif
+
+    len =
+        EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf,
+                           sizeof buf, ctx);
+    if (len == 0)
+        ABORT;
+    if (!EC_POINT_oct2point(group, P, buf, len, ctx))
+        ABORT;
+    if (0 != EC_POINT_cmp(group, P, Q, ctx))
+        ABORT;
+    fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n     ");
+    for (i = 0; i < len; i++)
+        fprintf(stdout, "%02X", buf[i]);
+
+/* Change test based on whether binary point compression is enabled or not. */
+#  ifdef OPENSSL_EC_BIN_PT_COMP
+    len =
+        EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf,
+                           ctx);
+    if (len == 0)
+        ABORT;
+    if (!EC_POINT_oct2point(group, P, buf, len, ctx))
+        ABORT;
+    if (0 != EC_POINT_cmp(group, P, Q, ctx))
+        ABORT;
+    fprintf(stdout, "\nGenerator as octet string, hybrid form:\n     ");
+    for (i = 0; i < len; i++)
+        fprintf(stdout, "%02X", buf[i]);
+#  endif
+
+    fprintf(stdout, "\n");
+
+    if (!EC_POINT_invert(group, P, ctx))
+        ABORT;
+    if (0 != EC_POINT_cmp(group, P, R, ctx))
+        ABORT;
+
+    /* Curve K-163 (FIPS PUB 186-2, App. 6) */
+    CHAR2_CURVE_TEST
+        ("NIST curve K-163",
+         "0800000000000000000000000000000000000000C9",
+         "1",
+         "1",
+         "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8",
+         "0289070FB05D38FF58321F2E800536D538CCDAA3D9",
+         1, "04000000000000000000020108A2E0CC0D99F8A5EF", "2", 163, C2_K163);
+
+    /* Curve B-163 (FIPS PUB 186-2, App. 6) */
+    CHAR2_CURVE_TEST
+        ("NIST curve B-163",
+         "0800000000000000000000000000000000000000C9",
+         "1",
+         "020A601907B8C953CA1481EB10512F78744A3205FD",
+         "03F0EBA16286A2D57EA0991168D4994637E8343E36",
+         "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1",
+         1, "040000000000000000000292FE77E70C12A4234C33", "2", 163, C2_B163);
+
+    /* Curve K-233 (FIPS PUB 186-2, App. 6) */
+    CHAR2_CURVE_TEST
+        ("NIST curve K-233",
+         "020000000000000000000000000000000000000004000000000000000001",
+         "0",
+         "1",
+         "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126",
+         "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3",
+         0,
+         "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF",
+         "4", 233, C2_K233);
+
+    /* Curve B-233 (FIPS PUB 186-2, App. 6) */
+    CHAR2_CURVE_TEST
+        ("NIST curve B-233",
+         "020000000000000000000000000000000000000004000000000000000001",
+         "000000000000000000000000000000000000000000000000000000000001",
+         "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD",
+         "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B",
+         "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052",
+         1,
+         "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7",
+         "2", 233, C2_B233);
+
+    /* Curve K-283 (FIPS PUB 186-2, App. 6) */
+    CHAR2_CURVE_TEST
+        ("NIST curve K-283",
+         "0800000000000000000000000000000000000000000000000000000000000000000010A1",
+         "0",
+         "1",
+         "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836",
+         "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259",
+         0,
+         "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61",
+         "4", 283, C2_K283);
+
+    /* Curve B-283 (FIPS PUB 186-2, App. 6) */
+    CHAR2_CURVE_TEST
+        ("NIST curve B-283",
+         "0800000000000000000000000000000000000000000000000000000000000000000010A1",
+         "000000000000000000000000000000000000000000000000000000000000000000000001",
+         "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5",
+         "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053",
+         "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4",
+         1,
+         "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307",
+         "2", 283, C2_B283);
+
+    /* Curve K-409 (FIPS PUB 186-2, App. 6) */
+    CHAR2_CURVE_TEST
+        ("NIST curve K-409",
+         "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
+         "0",
+         "1",
+         "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746",
+         "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B",
+         1,
+         "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF",
+         "4", 409, C2_K409);
+
+    /* Curve B-409 (FIPS PUB 186-2, App. 6) */
+    CHAR2_CURVE_TEST
+        ("NIST curve B-409",
+         "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
+         "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
+         "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F",
+         "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7",
+         "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706",
+         1,
+         "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173",
+         "2", 409, C2_B409);
+
+    /* Curve K-571 (FIPS PUB 186-2, App. 6) */
+    CHAR2_CURVE_TEST
+        ("NIST curve K-571",
+         "80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
+         "0",
+         "1",
+         "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972",
+         "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3",
+         0,
+         "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001",
+         "4", 571, C2_K571);
+
+    /* Curve B-571 (FIPS PUB 186-2, App. 6) */
+    CHAR2_CURVE_TEST
+        ("NIST curve B-571",
+         "80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
+         "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
+         "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A",
+         "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19",
+         "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B",
+         1,
+         "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47",
+         "2", 571, C2_B571);
+
+    /* more tests using the last curve */
+
+    if (!EC_POINT_copy(Q, P))
+        ABORT;
+    if (EC_POINT_is_at_infinity(group, Q))
+        ABORT;
+    if (!EC_POINT_dbl(group, P, P, ctx))
+        ABORT;
+    if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
+        ABORT;
+    if (!EC_POINT_invert(group, Q, ctx))
+        ABORT;                  /* P = -2Q */
+
+    if (!EC_POINT_add(group, R, P, Q, ctx))
+        ABORT;
+    if (!EC_POINT_add(group, R, R, Q, ctx))
+        ABORT;
+    if (!EC_POINT_is_at_infinity(group, R))
+        ABORT;                  /* R = P + 2Q */
+
+    {
+        const EC_POINT *points[3];
+        const BIGNUM *scalars[3];
+
+        if (EC_POINT_is_at_infinity(group, Q))
+            ABORT;
+        points[0] = Q;
+        points[1] = Q;
+        points[2] = Q;
+
+        if (!BN_add(y, z, BN_value_one()))
+            ABORT;
+        if (BN_is_odd(y))
+            ABORT;
+        if (!BN_rshift1(y, y))
+            ABORT;
+        scalars[0] = y;         /* (group order + 1)/2, so y*Q + y*Q = Q */
+        scalars[1] = y;
+
+        fprintf(stdout, "combined multiplication ...");
+        fflush(stdout);
+
+        /* z is still the group order */
+        if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
+            ABORT;
+        if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx))
+            ABORT;
+        if (0 != EC_POINT_cmp(group, P, R, ctx))
+            ABORT;
+        if (0 != EC_POINT_cmp(group, R, Q, ctx))
+            ABORT;
+
+        fprintf(stdout, ".");
+        fflush(stdout);
+
+        if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0))
+            ABORT;
+        if (!BN_add(z, z, y))
+            ABORT;
+        BN_set_negative(z, 1);
+        scalars[0] = y;
+        scalars[1] = z;         /* z = -(order + y) */
+
+        if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
+            ABORT;
+        if (!EC_POINT_is_at_infinity(group, P))
+            ABORT;
+
+        fprintf(stdout, ".");
+        fflush(stdout);
+
+        if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0))
+            ABORT;
+        if (!BN_add(z, x, y))
+            ABORT;
+        BN_set_negative(z, 1);
+        scalars[0] = x;
+        scalars[1] = y;
+        scalars[2] = z;         /* z = -(x+y) */
+
+        if (!EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx))
+            ABORT;
+        if (!EC_POINT_is_at_infinity(group, P))
+            ABORT;
+
+        fprintf(stdout, " ok\n\n");
+    }
+
+#  if 0
+    timings(C2_K163, TIMING_BASE_PT, ctx);
+    timings(C2_K163, TIMING_RAND_PT, ctx);
+    timings(C2_K163, TIMING_SIMUL, ctx);
+    timings(C2_B163, TIMING_BASE_PT, ctx);
+    timings(C2_B163, TIMING_RAND_PT, ctx);
+    timings(C2_B163, TIMING_SIMUL, ctx);
+    timings(C2_K233, TIMING_BASE_PT, ctx);
+    timings(C2_K233, TIMING_RAND_PT, ctx);
+    timings(C2_K233, TIMING_SIMUL, ctx);
+    timings(C2_B233, TIMING_BASE_PT, ctx);
+    timings(C2_B233, TIMING_RAND_PT, ctx);
+    timings(C2_B233, TIMING_SIMUL, ctx);
+    timings(C2_K283, TIMING_BASE_PT, ctx);
+    timings(C2_K283, TIMING_RAND_PT, ctx);
+    timings(C2_K283, TIMING_SIMUL, ctx);
+    timings(C2_B283, TIMING_BASE_PT, ctx);
+    timings(C2_B283, TIMING_RAND_PT, ctx);
+    timings(C2_B283, TIMING_SIMUL, ctx);
+    timings(C2_K409, TIMING_BASE_PT, ctx);
+    timings(C2_K409, TIMING_RAND_PT, ctx);
+    timings(C2_K409, TIMING_SIMUL, ctx);
+    timings(C2_B409, TIMING_BASE_PT, ctx);
+    timings(C2_B409, TIMING_RAND_PT, ctx);
+    timings(C2_B409, TIMING_SIMUL, ctx);
+    timings(C2_K571, TIMING_BASE_PT, ctx);
+    timings(C2_K571, TIMING_RAND_PT, ctx);
+    timings(C2_K571, TIMING_SIMUL, ctx);
+    timings(C2_B571, TIMING_BASE_PT, ctx);
+    timings(C2_B571, TIMING_RAND_PT, ctx);
+    timings(C2_B571, TIMING_SIMUL, ctx);
+#  endif
+
+    if (ctx)
+        BN_CTX_free(ctx);
+    BN_free(p);
+    BN_free(a);
+    BN_free(b);
+    EC_GROUP_free(group);
+    EC_POINT_free(P);
+    EC_POINT_free(Q);
+    EC_POINT_free(R);
+    BN_free(x);
+    BN_free(y);
+    BN_free(z);
+    BN_free(cof);
+
+    if (C2_K163)
+        EC_GROUP_free(C2_K163);
+    if (C2_B163)
+        EC_GROUP_free(C2_B163);
+    if (C2_K233)
+        EC_GROUP_free(C2_K233);
+    if (C2_B233)
+        EC_GROUP_free(C2_B233);
+    if (C2_K283)
+        EC_GROUP_free(C2_K283);
+    if (C2_B283)
+        EC_GROUP_free(C2_B283);
+    if (C2_K409)
+        EC_GROUP_free(C2_K409);
+    if (C2_B409)
+        EC_GROUP_free(C2_B409);
+    if (C2_K571)
+        EC_GROUP_free(C2_K571);
+    if (C2_B571)
+        EC_GROUP_free(C2_B571);
+
+}
+# endif
+
+static void internal_curve_test(void)
+{
+    EC_builtin_curve *curves = NULL;
+    size_t crv_len = 0, n = 0;
+    int ok = 1;
+
+    crv_len = EC_get_builtin_curves(NULL, 0);
+
+    curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);
+
+    if (curves == NULL)
+        return;
+
+    if (!EC_get_builtin_curves(curves, crv_len)) {
+        OPENSSL_free(curves);
+        return;
+    }
+
+    fprintf(stdout, "testing internal curves: ");
+
+    for (n = 0; n < crv_len; n++) {
+        EC_GROUP *group = NULL;
+        int nid = curves[n].nid;
+        if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL) {
+            ok = 0;
+            fprintf(stdout, "\nEC_GROUP_new_curve_name() failed with"
+                    " curve %s\n", OBJ_nid2sn(nid));
+            /* try next curve */
+            continue;
+        }
+        if (!EC_GROUP_check(group, NULL)) {
+            ok = 0;
+            fprintf(stdout, "\nEC_GROUP_check() failed with"
+                    " curve %s\n", OBJ_nid2sn(nid));
+            EC_GROUP_free(group);
+            /* try the next curve */
+            continue;
+        }
+        fprintf(stdout, ".");
+        fflush(stdout);
+        EC_GROUP_free(group);
+    }
+    if (ok)
+        fprintf(stdout, " ok\n\n");
+    else {
+        fprintf(stdout, " failed\n\n");
+        ABORT;
+    }
+    OPENSSL_free(curves);
+    return;
+}
+
+# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+/*
+ * nistp_test_params contains magic numbers for testing our optimized
+ * implementations of several NIST curves with characteristic > 3.
+ */
+struct nistp_test_params {
+    const EC_METHOD *(*meth) ();
+    int degree;
+    /*
+     * Qx, Qy and D are taken from
+     * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf
+     * Otherwise, values are standard curve parameters from FIPS 180-3
+     */
+    const char *p, *a, *b, *Qx, *Qy, *Gx, *Gy, *order, *d;
+};
+
+static const struct nistp_test_params nistp_tests_params[] = {
+    {
+     /* P-224 */
+     EC_GFp_nistp224_method,
+     224,
+     /* p */
+     "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
+     /* a */
+     "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
+     /* b */
+     "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
+     /* Qx */
+     "E84FB0B8E7000CB657D7973CF6B42ED78B301674276DF744AF130B3E",
+     /* Qy */
+     "4376675C6FC5612C21A0FF2D2A89D2987DF7A2BC52183B5982298555",
+     /* Gx */
+     "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
+     /* Gy */
+     "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34",
+     /* order */
+     "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",
+     /* d */
+     "3F0C488E987C80BE0FEE521F8D90BE6034EC69AE11CA72AA777481E8",
+     },
+    {
+     /* P-256 */
+     EC_GFp_nistp256_method,
+     256,
+     /* p */
+     "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff",
+     /* a */
+     "ffffffff00000001000000000000000000000000fffffffffffffffffffffffc",
+     /* b */
+     "5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b",
+     /* Qx */
+     "b7e08afdfe94bad3f1dc8c734798ba1c62b3a0ad1e9ea2a38201cd0889bc7a19",
+     /* Qy */
+     "3603f747959dbf7a4bb226e41928729063adc7ae43529e61b563bbc606cc5e09",
+     /* Gx */
+     "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296",
+     /* Gy */
+     "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5",
+     /* order */
+     "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551",
+     /* d */
+     "c477f9f65c22cce20657faa5b2d1d8122336f851a508a1ed04e479c34985bf96",
+     },
+    {
+     /* P-521 */
+     EC_GFp_nistp521_method,
+     521,
+     /* p */
+     "1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+     /* a */
+     "1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc",
+     /* b */
+     "051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00",
+     /* Qx */
+     "0098e91eef9a68452822309c52fab453f5f117c1da8ed796b255e9ab8f6410cca16e59df403a6bdc6ca467a37056b1e54b3005d8ac030decfeb68df18b171885d5c4",
+     /* Qy */
+     "0164350c321aecfc1cca1ba4364c9b15656150b4b78d6a48d7d28e7f31985ef17be8554376b72900712c4b83ad668327231526e313f5f092999a4632fd50d946bc2e",
+     /* Gx */
+     "c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66",
+     /* Gy */
+     "11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650",
+     /* order */
+     "1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409",
+     /* d */
+     "0100085f47b8e1b8b11b7eb33028c0b2888e304bfc98501955b45bba1478dc184eeedf09b86a5f7c21994406072787205e69a63709fe35aa93ba333514b24f961722",
+     },
+};
+
+static void nistp_single_test(const struct nistp_test_params *test)
+{
+    BN_CTX *ctx;
+    BIGNUM *p, *a, *b, *x, *y, *n, *m, *order;
+    EC_GROUP *NISTP;
+    EC_POINT *G, *P, *Q, *Q_CHECK;
+
+    fprintf(stdout, "\nNIST curve P-%d (optimised implementation):\n",
+            test->degree);
+    ctx = BN_CTX_new();
+    p = BN_new();
+    a = BN_new();
+    b = BN_new();
+    x = BN_new();
+    y = BN_new();
+    m = BN_new();
+    n = BN_new();
+    order = BN_new();
+
+    NISTP = EC_GROUP_new(test->meth());
+    if (!NISTP)
+        ABORT;
+    if (!BN_hex2bn(&p, test->p))
+        ABORT;
+    if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
+        ABORT;
+    if (!BN_hex2bn(&a, test->a))
+        ABORT;
+    if (!BN_hex2bn(&b, test->b))
+        ABORT;
+    if (!EC_GROUP_set_curve_GFp(NISTP, p, a, b, ctx))
+        ABORT;
+    G = EC_POINT_new(NISTP);
+    P = EC_POINT_new(NISTP);
+    Q = EC_POINT_new(NISTP);
+    Q_CHECK = EC_POINT_new(NISTP);
+    if (!BN_hex2bn(&x, test->Qx))
+        ABORT;
+    if (!BN_hex2bn(&y, test->Qy))
+        ABORT;
+    if (!EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, y, ctx))
+        ABORT;
+    if (!BN_hex2bn(&x, test->Gx))
+        ABORT;
+    if (!BN_hex2bn(&y, test->Gy))
+        ABORT;
+    if (!EC_POINT_set_affine_coordinates_GFp(NISTP, G, x, y, ctx))
+        ABORT;
+    if (!BN_hex2bn(&order, test->order))
+        ABORT;
+    if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one()))
+        ABORT;
+
+    fprintf(stdout, "verify degree ... ");
+    if (EC_GROUP_get_degree(NISTP) != test->degree)
+        ABORT;
+    fprintf(stdout, "ok\n");
+
+    fprintf(stdout, "NIST test vectors ... ");
+    if (!BN_hex2bn(&n, test->d))
+        ABORT;
+    /* fixed point multiplication */
+    EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
+    if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
+        ABORT;
+    /* random point multiplication */
+    EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
+    if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
+        ABORT;
+
+    /* set generator to P = 2*G, where G is the standard generator */
+    if (!EC_POINT_dbl(NISTP, P, G, ctx))
+        ABORT;
+    if (!EC_GROUP_set_generator(NISTP, P, order, BN_value_one()))
+        ABORT;
+    /* set the scalar to m=n/2, where n is the NIST test scalar */
+    if (!BN_rshift(m, n, 1))
+        ABORT;
+
+    /* test the non-standard generator */
+    /* fixed point multiplication */
+    EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
+    if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
+        ABORT;
+    /* random point multiplication */
+    EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
+    if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
+        ABORT;
+
+    /* now repeat all tests with precomputation */
+    if (!EC_GROUP_precompute_mult(NISTP, ctx))
+        ABORT;
+
+    /* fixed point multiplication */
+    EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
+    if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
+        ABORT;
+    /* random point multiplication */
+    EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
+    if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
+        ABORT;
+
+    /* reset generator */
+    if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one()))
+        ABORT;
+    /* fixed point multiplication */
+    EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
+    if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
+        ABORT;
+    /* random point multiplication */
+    EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
+    if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
+        ABORT;
+
+    fprintf(stdout, "ok\n");
+    group_order_tests(NISTP);
+#  if 0
+    timings(NISTP, TIMING_BASE_PT, ctx);
+    timings(NISTP, TIMING_RAND_PT, ctx);
+#  endif
+    EC_GROUP_free(NISTP);
+    EC_POINT_free(G);
+    EC_POINT_free(P);
+    EC_POINT_free(Q);
+    EC_POINT_free(Q_CHECK);
+    BN_free(n);
+    BN_free(m);
+    BN_free(p);
+    BN_free(a);
+    BN_free(b);
+    BN_free(x);
+    BN_free(y);
+    BN_free(order);
+    BN_CTX_free(ctx);
+}
+
+static void nistp_tests()
+{
+    unsigned i;
+
+    for (i = 0;
+         i < sizeof(nistp_tests_params) / sizeof(struct nistp_test_params);
+         i++) {
+        nistp_single_test(&nistp_tests_params[i]);
+    }
+}
+# endif
+
+static const char rnd_seed[] =
+    "string to make the random number generator think it has entropy";
+
+int main(int argc, char *argv[])
+{
+
+    /* enable memory leak checking unless explicitly disabled */
+    if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL)
+          && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) {
+        CRYPTO_malloc_debug_init();
+        CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+    } else {
+        /* OPENSSL_DEBUG_MEMORY=off */
+        CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
+    }
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+    ERR_load_crypto_strings();
+
+    RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */
+
+    prime_field_tests();
+    puts("");
+# ifndef OPENSSL_NO_EC2M
+    char2_field_tests();
+# endif
+# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+    nistp_tests();
+# endif
+    /* test the internal curves */
+    internal_curve_test();
+
+# ifndef OPENSSL_NO_ENGINE
+    ENGINE_cleanup();
+# endif
+    CRYPTO_cleanup_all_ex_data();
+    ERR_free_strings();
+    ERR_remove_thread_state(NULL);
+    CRYPTO_mem_leaks_fp(stderr);
+
+    return 0;
+}
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/engine/eng_all.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/engine/eng_all.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/engine/eng_all.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,139 +0,0 @@
-/* crypto/engine/eng_all.c -*- mode: C; c-file-style: "eay" -*- */
-/*
- * Written by Richard Levitte <richard at levitte.org> for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include "eng_int.h"
-
-void ENGINE_load_builtin_engines(void)
-{
-    /* Some ENGINEs need this */
-    OPENSSL_cpuid_setup();
-#if 0
-    /*
-     * There's no longer any need for an "openssl" ENGINE unless, one day, it
-     * is the *only* way for standard builtin implementations to be be
-     * accessed (ie. it would be possible to statically link binaries with
-     * *no* builtin implementations).
-     */
-    ENGINE_load_openssl();
-#endif
-#if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
-    ENGINE_load_cryptodev();
-#endif
-#ifndef OPENSSL_NO_RSAX
-    ENGINE_load_rsax();
-#endif
-#ifndef OPENSSL_NO_RDRAND
-    ENGINE_load_rdrand();
-#endif
-    ENGINE_load_dynamic();
-#ifndef OPENSSL_NO_STATIC_ENGINE
-# ifndef OPENSSL_NO_HW
-#  ifndef OPENSSL_NO_HW_4758_CCA
-    ENGINE_load_4758cca();
-#  endif
-#  ifndef OPENSSL_NO_HW_AEP
-    ENGINE_load_aep();
-#  endif
-#  ifndef OPENSSL_NO_HW_ATALLA
-    ENGINE_load_atalla();
-#  endif
-#  ifndef OPENSSL_NO_HW_CSWIFT
-    ENGINE_load_cswift();
-#  endif
-#  ifndef OPENSSL_NO_HW_NCIPHER
-    ENGINE_load_chil();
-#  endif
-#  ifndef OPENSSL_NO_HW_NURON
-    ENGINE_load_nuron();
-#  endif
-#  ifndef OPENSSL_NO_HW_SUREWARE
-    ENGINE_load_sureware();
-#  endif
-#  ifndef OPENSSL_NO_HW_UBSEC
-    ENGINE_load_ubsec();
-#  endif
-#  ifndef OPENSSL_NO_HW_PADLOCK
-    ENGINE_load_padlock();
-#  endif
-# endif
-# ifndef OPENSSL_NO_GOST
-    ENGINE_load_gost();
-# endif
-# ifndef OPENSSL_NO_GMP
-    ENGINE_load_gmp();
-# endif
-# if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
-    ENGINE_load_capi();
-# endif
-#endif
-    ENGINE_register_all_complete();
-}
-
-#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
-void ENGINE_setup_bsd_cryptodev(void)
-{
-    static int bsd_cryptodev_default_loaded = 0;
-    if (!bsd_cryptodev_default_loaded) {
-        ENGINE_load_cryptodev();
-        ENGINE_register_all_complete();
-    }
-    bsd_cryptodev_default_loaded = 1;
-}
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/engine/eng_all.c (from rev 11605, vendor-crypto/openssl/dist/crypto/engine/eng_all.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/engine/eng_all.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/engine/eng_all.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,139 @@
+/* crypto/engine/eng_all.c */
+/*
+ * Written by Richard Levitte <richard at levitte.org> for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include "eng_int.h"
+
+void ENGINE_load_builtin_engines(void)
+{
+    /* Some ENGINEs need this */
+    OPENSSL_cpuid_setup();
+#if 0
+    /*
+     * There's no longer any need for an "openssl" ENGINE unless, one day, it
+     * is the *only* way for standard builtin implementations to be be
+     * accessed (ie. it would be possible to statically link binaries with
+     * *no* builtin implementations).
+     */
+    ENGINE_load_openssl();
+#endif
+#if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
+    ENGINE_load_cryptodev();
+#endif
+#ifndef OPENSSL_NO_RSAX
+    ENGINE_load_rsax();
+#endif
+#ifndef OPENSSL_NO_RDRAND
+    ENGINE_load_rdrand();
+#endif
+    ENGINE_load_dynamic();
+#ifndef OPENSSL_NO_STATIC_ENGINE
+# ifndef OPENSSL_NO_HW
+#  ifndef OPENSSL_NO_HW_4758_CCA
+    ENGINE_load_4758cca();
+#  endif
+#  ifndef OPENSSL_NO_HW_AEP
+    ENGINE_load_aep();
+#  endif
+#  ifndef OPENSSL_NO_HW_ATALLA
+    ENGINE_load_atalla();
+#  endif
+#  ifndef OPENSSL_NO_HW_CSWIFT
+    ENGINE_load_cswift();
+#  endif
+#  ifndef OPENSSL_NO_HW_NCIPHER
+    ENGINE_load_chil();
+#  endif
+#  ifndef OPENSSL_NO_HW_NURON
+    ENGINE_load_nuron();
+#  endif
+#  ifndef OPENSSL_NO_HW_SUREWARE
+    ENGINE_load_sureware();
+#  endif
+#  ifndef OPENSSL_NO_HW_UBSEC
+    ENGINE_load_ubsec();
+#  endif
+#  ifndef OPENSSL_NO_HW_PADLOCK
+    ENGINE_load_padlock();
+#  endif
+# endif
+# ifndef OPENSSL_NO_GOST
+    ENGINE_load_gost();
+# endif
+# ifndef OPENSSL_NO_GMP
+    ENGINE_load_gmp();
+# endif
+# if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
+    ENGINE_load_capi();
+# endif
+#endif
+    ENGINE_register_all_complete();
+}
+
+#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
+void ENGINE_setup_bsd_cryptodev(void)
+{
+    static int bsd_cryptodev_default_loaded = 0;
+    if (!bsd_cryptodev_default_loaded) {
+        ENGINE_load_cryptodev();
+        ENGINE_register_all_complete();
+    }
+    bsd_cryptodev_default_loaded = 1;
+}
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/evp/Makefile
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/Makefile	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/evp/Makefile	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,778 +0,0 @@
-#
-# OpenSSL/crypto/evp/Makefile
-#
-
-DIR=	evp
-TOP=	../..
-CC=	cc
-INCLUDES= -I.. -I$(TOP) -I../../include
-CFLAG=-g
-MAKEFILE=	Makefile
-AR=		ar r
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST=evp_test.c evp_extra_test.c
-TESTDATA=evptests.txt
-APPS=
-
-LIB=$(TOP)/libcrypto.a
-LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \
-	e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\
-	e_rc4.c e_aes.c names.c e_seed.c \
-	e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \
-	m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c m_wp.c \
-	m_dss.c m_dss1.c m_mdc2.c m_ripemd.c m_ecdsa.c\
-	p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
-	bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
-	c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
-	evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \
-	e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c evp_fips.c	\
-	e_aes_cbc_hmac_sha1.c e_rc4_hmac_md5.c
-
-LIBOBJ=	encode.o digest.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \
-	e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o\
-	e_rc4.o e_aes.o names.o e_seed.o \
-	e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \
-	m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o m_wp.o \
-	m_dss.o m_dss1.o m_mdc2.o m_ripemd.o m_ecdsa.o\
-	p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \
-	bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
-	c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
-	evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \
-	e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o evp_fips.o \
-	e_aes_cbc_hmac_sha1.o e_rc4_hmac_md5.o
-
-SRC= $(LIBSRC)
-
-EXHEADER= evp.h
-HEADER=	evp_locl.h $(EXHEADER)
-
-ALL=    $(GENERAL) $(SRC) $(HEADER)
-
-top:
-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
-
-all:	lib
-
-lib:	$(LIBOBJ)
-	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB) || echo Never mind.
-	@touch lib
-
-files:
-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-
-links:
-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
-	@[ -f $(TESTDATA) ] && cp $(TESTDATA) ../../test && echo "$(TESTDATA) -> ../../test/$(TESTDATA)"
-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
-
-install:
-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
-	do  \
-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-	done;
-
-tags:
-	ctags $(SRC)
-
-tests:
-
-lint:
-	lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-update: depend
-
-depend:
-	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
-
-dclean:
-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
-	mv -f Makefile.new $(MAKEFILE)
-
-clean:
-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-bio_b64.o: ../../e_os.h ../../include/openssl/asn1.h
-bio_b64.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-bio_b64.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-bio_b64.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-bio_b64.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-bio_b64.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-bio_b64.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bio_b64.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bio_b64.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_b64.c
-bio_enc.o: ../../e_os.h ../../include/openssl/asn1.h
-bio_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-bio_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-bio_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-bio_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-bio_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-bio_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bio_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bio_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_enc.c
-bio_md.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-bio_md.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bio_md.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bio_md.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-bio_md.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-bio_md.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bio_md.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-bio_md.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bio_md.o: ../cryptlib.h bio_md.c
-bio_ok.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-bio_ok.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bio_ok.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bio_ok.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-bio_ok.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-bio_ok.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bio_ok.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-bio_ok.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bio_ok.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_ok.c
-c_all.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-c_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-c_all.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-c_all.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-c_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-c_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-c_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-c_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-c_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-c_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-c_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-c_all.o: ../cryptlib.h c_all.c
-c_allc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-c_allc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-c_allc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-c_allc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-c_allc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-c_allc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-c_allc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-c_allc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-c_allc.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
-c_allc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-c_allc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-c_allc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-c_allc.o: ../cryptlib.h c_allc.c
-c_alld.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-c_alld.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-c_alld.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-c_alld.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-c_alld.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-c_alld.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-c_alld.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-c_alld.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-c_alld.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
-c_alld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-c_alld.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-c_alld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-c_alld.o: ../cryptlib.h c_alld.c
-digest.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-digest.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-digest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-digest.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-digest.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-digest.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-digest.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-digest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-digest.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-digest.o: ../cryptlib.h digest.c
-e_aes.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-e_aes.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-e_aes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_aes.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-e_aes.o: ../../include/openssl/modes.h ../../include/openssl/obj_mac.h
-e_aes.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_aes.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-e_aes.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-e_aes.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-e_aes.o: ../modes/modes_lcl.h e_aes.c evp_locl.h
-e_aes_cbc_hmac_sha1.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-e_aes_cbc_hmac_sha1.o: ../../include/openssl/bio.h
-e_aes_cbc_hmac_sha1.o: ../../include/openssl/crypto.h
-e_aes_cbc_hmac_sha1.o: ../../include/openssl/e_os2.h
-e_aes_cbc_hmac_sha1.o: ../../include/openssl/evp.h
-e_aes_cbc_hmac_sha1.o: ../../include/openssl/obj_mac.h
-e_aes_cbc_hmac_sha1.o: ../../include/openssl/objects.h
-e_aes_cbc_hmac_sha1.o: ../../include/openssl/opensslconf.h
-e_aes_cbc_hmac_sha1.o: ../../include/openssl/opensslv.h
-e_aes_cbc_hmac_sha1.o: ../../include/openssl/ossl_typ.h
-e_aes_cbc_hmac_sha1.o: ../../include/openssl/safestack.h
-e_aes_cbc_hmac_sha1.o: ../../include/openssl/sha.h
-e_aes_cbc_hmac_sha1.o: ../../include/openssl/stack.h
-e_aes_cbc_hmac_sha1.o: ../../include/openssl/symhacks.h e_aes_cbc_hmac_sha1.c
-e_aes_cbc_hmac_sha1.o: evp_locl.h
-e_bf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/buffer.h
-e_bf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-e_bf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_bf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-e_bf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_bf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-e_bf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_bf.o: ../../include/openssl/symhacks.h ../cryptlib.h e_bf.c evp_locl.h
-e_camellia.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_camellia.o: ../../include/openssl/camellia.h ../../include/openssl/crypto.h
-e_camellia.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_camellia.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-e_camellia.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_camellia.o: ../../include/openssl/opensslconf.h
-e_camellia.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-e_camellia.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_camellia.o: ../../include/openssl/symhacks.h e_camellia.c evp_locl.h
-e_cast.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_cast.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_cast.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-e_cast.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_cast.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-e_cast.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_cast.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-e_cast.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_cast.o: ../../include/openssl/symhacks.h ../cryptlib.h e_cast.c evp_locl.h
-e_des.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_des.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-e_des.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-e_des.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_des.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-e_des.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_des.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-e_des.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-e_des.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_des.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-e_des.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des.c evp_locl.h
-e_des3.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_des3.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-e_des3.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-e_des3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_des3.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-e_des3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_des3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-e_des3.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-e_des3.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_des3.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-e_des3.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des3.c evp_locl.h
-e_idea.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_idea.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-e_idea.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_idea.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-e_idea.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-e_idea.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_idea.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-e_idea.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_idea.o: ../../include/openssl/symhacks.h ../cryptlib.h e_idea.c evp_locl.h
-e_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-e_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_null.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-e_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-e_null.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-e_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-e_null.o: ../cryptlib.h e_null.c
-e_old.o: e_old.c
-e_rc2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_rc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-e_rc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_rc2.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-e_rc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_rc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-e_rc2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
-e_rc2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_rc2.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc2.c evp_locl.h
-e_rc4.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_rc4.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-e_rc4.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_rc4.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-e_rc4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_rc4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-e_rc4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc4.h
-e_rc4.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_rc4.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc4.c evp_locl.h
-e_rc4_hmac_md5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_rc4_hmac_md5.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-e_rc4_hmac_md5.o: ../../include/openssl/evp.h ../../include/openssl/md5.h
-e_rc4_hmac_md5.o: ../../include/openssl/obj_mac.h
-e_rc4_hmac_md5.o: ../../include/openssl/objects.h
-e_rc4_hmac_md5.o: ../../include/openssl/opensslconf.h
-e_rc4_hmac_md5.o: ../../include/openssl/opensslv.h
-e_rc4_hmac_md5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc4.h
-e_rc4_hmac_md5.o: ../../include/openssl/safestack.h
-e_rc4_hmac_md5.o: ../../include/openssl/stack.h
-e_rc4_hmac_md5.o: ../../include/openssl/symhacks.h e_rc4_hmac_md5.c
-e_rc5.o: ../../e_os.h ../../include/openssl/bio.h
-e_rc5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-e_rc5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_rc5.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-e_rc5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-e_rc5.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_rc5.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc5.c
-e_seed.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_seed.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-e_seed.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_seed.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-e_seed.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_seed.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-e_seed.o: ../../include/openssl/safestack.h ../../include/openssl/seed.h
-e_seed.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-e_seed.o: e_seed.c evp_locl.h
-e_xcbc_d.o: ../../e_os.h ../../include/openssl/asn1.h
-e_xcbc_d.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-e_xcbc_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-e_xcbc_d.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
-e_xcbc_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_xcbc_d.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-e_xcbc_d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_xcbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-e_xcbc_d.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_xcbc_d.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-e_xcbc_d.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_xcbc_d.c
-e_xcbc_d.o: evp_locl.h
-encode.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-encode.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-encode.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-encode.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-encode.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-encode.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-encode.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-encode.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-encode.o: ../cryptlib.h encode.c
-evp_acnf.o: ../../e_os.h ../../include/openssl/asn1.h
-evp_acnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-evp_acnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-evp_acnf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-evp_acnf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-evp_acnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-evp_acnf.o: ../../include/openssl/opensslconf.h
-evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-evp_acnf.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_acnf.c
-evp_cnf.o: ../../e_os.h ../../include/openssl/asn1.h
-evp_cnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-evp_cnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-evp_cnf.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
-evp_cnf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-evp_cnf.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-evp_cnf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-evp_cnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-evp_cnf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-evp_cnf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-evp_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-evp_cnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-evp_cnf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-evp_cnf.o: ../../include/openssl/x509v3.h ../cryptlib.h evp_cnf.c
-evp_enc.o: ../../e_os.h ../../include/openssl/asn1.h
-evp_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-evp_enc.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-evp_enc.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-evp_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-evp_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-evp_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-evp_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-evp_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-evp_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-evp_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-evp_enc.o: ../cryptlib.h evp_enc.c evp_locl.h
-evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-evp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-evp_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-evp_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-evp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-evp_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-evp_err.o: ../../include/openssl/symhacks.h evp_err.c
-evp_fips.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-evp_fips.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-evp_fips.o: ../../include/openssl/evp.h ../../include/openssl/obj_mac.h
-evp_fips.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-evp_fips.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-evp_fips.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-evp_fips.o: ../../include/openssl/symhacks.h evp_fips.c
-evp_key.o: ../../e_os.h ../../include/openssl/asn1.h
-evp_key.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-evp_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-evp_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-evp_key.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-evp_key.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-evp_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-evp_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-evp_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-evp_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-evp_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-evp_key.o: ../../include/openssl/ui.h ../../include/openssl/x509.h
-evp_key.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_key.c
-evp_lib.o: ../../e_os.h ../../include/openssl/asn1.h
-evp_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-evp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-evp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-evp_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-evp_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-evp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-evp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-evp_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_lib.c
-evp_pbe.o: ../../e_os.h ../../include/openssl/asn1.h
-evp_pbe.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-evp_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-evp_pbe.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-evp_pbe.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-evp_pbe.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-evp_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-evp_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-evp_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
-evp_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-evp_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-evp_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-evp_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h evp_pbe.c
-evp_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
-evp_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-evp_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-evp_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-evp_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-evp_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-evp_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-evp_pkey.o: ../../include/openssl/opensslconf.h
-evp_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-evp_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-evp_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-evp_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-evp_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-evp_pkey.o: ../asn1/asn1_locl.h ../cryptlib.h evp_pkey.c
-m_dss.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_dss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_dss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-m_dss.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_dss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-m_dss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_dss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_dss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-m_dss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_dss.o: ../cryptlib.h m_dss.c
-m_dss1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_dss1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_dss1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-m_dss1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_dss1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-m_dss1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_dss1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_dss1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-m_dss1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_dss1.o: ../cryptlib.h m_dss1.c
-m_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h
-m_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-m_ecdsa.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-m_ecdsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-m_ecdsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-m_ecdsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-m_ecdsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_ecdsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_ecdsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-m_ecdsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-m_ecdsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_ecdsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_ecdsa.o: ../cryptlib.h m_ecdsa.c
-m_md2.o: ../../e_os.h ../../include/openssl/bio.h
-m_md2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_md2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-m_md2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-m_md2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_md2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-m_md2.o: ../../include/openssl/symhacks.h ../cryptlib.h m_md2.c
-m_md4.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_md4.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_md4.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-m_md4.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-m_md4.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_md4.o: ../../include/openssl/lhash.h ../../include/openssl/md4.h
-m_md4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_md4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_md4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-m_md4.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-m_md4.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-m_md4.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-m_md4.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h m_md4.c
-m_md5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_md5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_md5.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-m_md5.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-m_md5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_md5.o: ../../include/openssl/lhash.h ../../include/openssl/md5.h
-m_md5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_md5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_md5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-m_md5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-m_md5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-m_md5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-m_md5.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h m_md5.c
-m_mdc2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_mdc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_mdc2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-m_mdc2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-m_mdc2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-m_mdc2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_mdc2.o: ../../include/openssl/lhash.h ../../include/openssl/mdc2.h
-m_mdc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_mdc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_mdc2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-m_mdc2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-m_mdc2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-m_mdc2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-m_mdc2.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
-m_mdc2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h m_mdc2.c
-m_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_null.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-m_null.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-m_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_null.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-m_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_null.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-m_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-m_null.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-m_null.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_null.c
-m_ripemd.o: ../../e_os.h ../../include/openssl/asn1.h
-m_ripemd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-m_ripemd.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-m_ripemd.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-m_ripemd.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-m_ripemd.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-m_ripemd.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_ripemd.o: ../../include/openssl/opensslconf.h
-m_ripemd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_ripemd.o: ../../include/openssl/pkcs7.h ../../include/openssl/ripemd.h
-m_ripemd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-m_ripemd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-m_ripemd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-m_ripemd.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h
-m_ripemd.o: m_ripemd.c
-m_sha.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_sha.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_sha.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-m_sha.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-m_sha.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_sha.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-m_sha.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_sha.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_sha.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-m_sha.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-m_sha.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_sha.o: ../cryptlib.h evp_locl.h m_sha.c
-m_sha1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-m_sha1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-m_sha1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_sha1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_sha1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
-m_sha1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-m_sha1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_sha1.o: ../cryptlib.h m_sha1.c
-m_sigver.o: ../../e_os.h ../../include/openssl/asn1.h
-m_sigver.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-m_sigver.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-m_sigver.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-m_sigver.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-m_sigver.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-m_sigver.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_sigver.o: ../../include/openssl/opensslconf.h
-m_sigver.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_sigver.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-m_sigver.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-m_sigver.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-m_sigver.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h
-m_sigver.o: m_sigver.c
-m_wp.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_wp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_wp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-m_wp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-m_wp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_wp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-m_wp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_wp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_wp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-m_wp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-m_wp.o: ../../include/openssl/symhacks.h ../../include/openssl/whrlpool.h
-m_wp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_wp.o: ../cryptlib.h evp_locl.h m_wp.c
-names.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-names.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-names.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-names.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-names.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-names.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-names.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-names.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-names.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-names.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-names.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-names.o: ../../include/openssl/x509_vfy.h ../cryptlib.h names.c
-p5_crpt.o: ../../e_os.h ../../include/openssl/asn1.h
-p5_crpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-p5_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-p5_crpt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-p5_crpt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p5_crpt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p5_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p5_crpt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p5_crpt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-p5_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p5_crpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p5_crpt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p5_crpt.o: ../cryptlib.h p5_crpt.c
-p5_crpt2.o: ../../e_os.h ../../include/openssl/asn1.h
-p5_crpt2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-p5_crpt2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-p5_crpt2.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-p5_crpt2.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p5_crpt2.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h
-p5_crpt2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p5_crpt2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p5_crpt2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p5_crpt2.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-p5_crpt2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p5_crpt2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p5_crpt2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h
-p5_crpt2.o: p5_crpt2.c
-p_dec.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-p_dec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-p_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-p_dec.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-p_dec.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_dec.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p_dec.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p_dec.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-p_dec.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p_dec.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p_dec.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p_dec.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_dec.c
-p_enc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-p_enc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-p_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-p_enc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-p_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-p_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_enc.c
-p_lib.o: ../../e_os.h ../../include/openssl/asn1.h
-p_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
-p_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-p_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-p_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-p_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-p_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-p_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p_lib.o: ../asn1/asn1_locl.h ../cryptlib.h p_lib.c
-p_open.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-p_open.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-p_open.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-p_open.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-p_open.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_open.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p_open.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p_open.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p_open.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-p_open.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p_open.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p_open.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p_open.o: ../cryptlib.h p_open.c
-p_seal.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-p_seal.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-p_seal.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-p_seal.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-p_seal.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_seal.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p_seal.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-p_seal.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p_seal.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_seal.c
-p_sign.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-p_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-p_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-p_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-p_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-p_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_sign.c
-p_verify.o: ../../e_os.h ../../include/openssl/asn1.h
-p_verify.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-p_verify.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-p_verify.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-p_verify.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p_verify.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p_verify.o: ../../include/openssl/opensslconf.h
-p_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-p_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_verify.c
-pmeth_fn.o: ../../e_os.h ../../include/openssl/asn1.h
-pmeth_fn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-pmeth_fn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-pmeth_fn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pmeth_fn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pmeth_fn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pmeth_fn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-pmeth_fn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-pmeth_fn.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
-pmeth_fn.o: pmeth_fn.c
-pmeth_gn.o: ../../e_os.h ../../include/openssl/asn1.h
-pmeth_gn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-pmeth_gn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-pmeth_gn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-pmeth_gn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pmeth_gn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pmeth_gn.o: ../../include/openssl/opensslconf.h
-pmeth_gn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-pmeth_gn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-pmeth_gn.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
-pmeth_gn.o: pmeth_gn.c
-pmeth_lib.o: ../../e_os.h ../../include/openssl/asn1.h
-pmeth_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-pmeth_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-pmeth_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-pmeth_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-pmeth_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pmeth_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pmeth_lib.o: ../../include/openssl/objects.h
-pmeth_lib.o: ../../include/openssl/opensslconf.h
-pmeth_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-pmeth_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-pmeth_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-pmeth_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-pmeth_lib.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h
-pmeth_lib.o: evp_locl.h pmeth_lib.c

Copied: vendor-crypto/openssl/1.0.1u/crypto/evp/Makefile (from rev 11605, vendor-crypto/openssl/dist/crypto/evp/Makefile)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/evp/Makefile	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/evp/Makefile	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,778 @@
+#
+# OpenSSL/crypto/evp/Makefile
+#
+
+DIR=	evp
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=	Makefile
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=evp_test.c evp_extra_test.c
+TESTDATA=evptests.txt
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \
+	e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\
+	e_rc4.c e_aes.c names.c e_seed.c \
+	e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \
+	m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c m_wp.c \
+	m_dss.c m_dss1.c m_mdc2.c m_ripemd.c m_ecdsa.c\
+	p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
+	bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
+	c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
+	evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \
+	e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c evp_fips.c	\
+	e_aes_cbc_hmac_sha1.c e_rc4_hmac_md5.c
+
+LIBOBJ=	encode.o digest.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \
+	e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o\
+	e_rc4.o e_aes.o names.o e_seed.o \
+	e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \
+	m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o m_wp.o \
+	m_dss.o m_dss1.o m_mdc2.o m_ripemd.o m_ecdsa.o\
+	p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \
+	bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
+	c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
+	evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \
+	e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o evp_fips.o \
+	e_aes_cbc_hmac_sha1.o e_rc4_hmac_md5.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= evp.h
+HEADER=	evp_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB) || echo Never mind.
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@[ -f $(TESTDATA) ] && cp $(TESTDATA) ../../test && echo "$(TESTDATA) -> ../../test/$(TESTDATA)"
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+update: depend
+
+depend:
+	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+bio_b64.o: ../../e_os.h ../../include/openssl/asn1.h
+bio_b64.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+bio_b64.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+bio_b64.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+bio_b64.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+bio_b64.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bio_b64.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_b64.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bio_b64.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_b64.c
+bio_enc.o: ../../e_os.h ../../include/openssl/asn1.h
+bio_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+bio_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+bio_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+bio_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+bio_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bio_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bio_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_enc.c
+bio_md.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+bio_md.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bio_md.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_md.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+bio_md.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+bio_md.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bio_md.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+bio_md.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_md.o: ../cryptlib.h bio_md.c
+bio_ok.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+bio_ok.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bio_ok.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_ok.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+bio_ok.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+bio_ok.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bio_ok.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+bio_ok.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bio_ok.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_ok.c
+c_all.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+c_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+c_all.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+c_all.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+c_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+c_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+c_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+c_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+c_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+c_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+c_all.o: ../cryptlib.h c_all.c
+c_allc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+c_allc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+c_allc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+c_allc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+c_allc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+c_allc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+c_allc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+c_allc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+c_allc.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+c_allc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+c_allc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+c_allc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+c_allc.o: ../cryptlib.h c_allc.c
+c_alld.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+c_alld.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+c_alld.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+c_alld.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+c_alld.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+c_alld.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+c_alld.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+c_alld.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+c_alld.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+c_alld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+c_alld.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+c_alld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+c_alld.o: ../cryptlib.h c_alld.c
+digest.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+digest.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+digest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+digest.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+digest.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+digest.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+digest.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+digest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+digest.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+digest.o: ../cryptlib.h digest.c
+e_aes.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_aes.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+e_aes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_aes.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+e_aes.o: ../../include/openssl/modes.h ../../include/openssl/obj_mac.h
+e_aes.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_aes.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_aes.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+e_aes.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_aes.o: ../modes/modes_lcl.h e_aes.c evp_locl.h
+e_aes_cbc_hmac_sha1.o: ../../e_os.h ../../include/openssl/aes.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/crypto.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/e_os2.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/evp.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/obj_mac.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/objects.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/opensslconf.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/opensslv.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/ossl_typ.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/safestack.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/sha.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/stack.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/symhacks.h ../constant_time_locl.h
+e_aes_cbc_hmac_sha1.o: e_aes_cbc_hmac_sha1.c evp_locl.h
+e_bf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/buffer.h
+e_bf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+e_bf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_bf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_bf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_bf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_bf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_bf.o: ../../include/openssl/symhacks.h ../cryptlib.h e_bf.c evp_locl.h
+e_camellia.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_camellia.o: ../../include/openssl/camellia.h ../../include/openssl/crypto.h
+e_camellia.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_camellia.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+e_camellia.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_camellia.o: ../../include/openssl/opensslconf.h
+e_camellia.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_camellia.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_camellia.o: ../../include/openssl/symhacks.h e_camellia.c evp_locl.h
+e_cast.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_cast.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_cast.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+e_cast.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_cast.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_cast.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_cast.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_cast.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_cast.o: ../../include/openssl/symhacks.h ../cryptlib.h e_cast.c evp_locl.h
+e_des.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_des.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+e_des.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_des.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_des.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+e_des.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_des.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_des.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+e_des.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_des.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_des.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des.c evp_locl.h
+e_des3.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_des3.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+e_des3.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_des3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_des3.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+e_des3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_des3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_des3.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+e_des3.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_des3.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_des3.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des3.c evp_locl.h
+e_idea.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_idea.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+e_idea.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_idea.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_idea.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_idea.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_idea.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_idea.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_idea.o: ../../include/openssl/symhacks.h ../cryptlib.h e_idea.c evp_locl.h
+e_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+e_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_null.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+e_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_null.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+e_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_null.o: ../cryptlib.h e_null.c
+e_old.o: e_old.c
+e_rc2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_rc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+e_rc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_rc2.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+e_rc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_rc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_rc2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+e_rc2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_rc2.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc2.c evp_locl.h
+e_rc4.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_rc4.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+e_rc4.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_rc4.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+e_rc4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_rc4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_rc4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc4.h
+e_rc4.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_rc4.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc4.c evp_locl.h
+e_rc4_hmac_md5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_rc4_hmac_md5.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+e_rc4_hmac_md5.o: ../../include/openssl/evp.h ../../include/openssl/md5.h
+e_rc4_hmac_md5.o: ../../include/openssl/obj_mac.h
+e_rc4_hmac_md5.o: ../../include/openssl/objects.h
+e_rc4_hmac_md5.o: ../../include/openssl/opensslconf.h
+e_rc4_hmac_md5.o: ../../include/openssl/opensslv.h
+e_rc4_hmac_md5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc4.h
+e_rc4_hmac_md5.o: ../../include/openssl/safestack.h
+e_rc4_hmac_md5.o: ../../include/openssl/stack.h
+e_rc4_hmac_md5.o: ../../include/openssl/symhacks.h e_rc4_hmac_md5.c
+e_rc5.o: ../../e_os.h ../../include/openssl/bio.h
+e_rc5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+e_rc5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_rc5.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+e_rc5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_rc5.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_rc5.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc5.c
+e_seed.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_seed.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+e_seed.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_seed.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_seed.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_seed.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_seed.o: ../../include/openssl/safestack.h ../../include/openssl/seed.h
+e_seed.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_seed.o: e_seed.c evp_locl.h
+e_xcbc_d.o: ../../e_os.h ../../include/openssl/asn1.h
+e_xcbc_d.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+e_xcbc_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_xcbc_d.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+e_xcbc_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_xcbc_d.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_xcbc_d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_xcbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_xcbc_d.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_xcbc_d.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_xcbc_d.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_xcbc_d.c
+e_xcbc_d.o: evp_locl.h
+encode.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+encode.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+encode.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+encode.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+encode.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+encode.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+encode.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+encode.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+encode.o: ../cryptlib.h encode.c
+evp_acnf.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_acnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+evp_acnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+evp_acnf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+evp_acnf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+evp_acnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_acnf.o: ../../include/openssl/opensslconf.h
+evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+evp_acnf.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_acnf.c
+evp_cnf.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_cnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+evp_cnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+evp_cnf.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+evp_cnf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+evp_cnf.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+evp_cnf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+evp_cnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_cnf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_cnf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+evp_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_cnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_cnf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+evp_cnf.o: ../../include/openssl/x509v3.h ../cryptlib.h evp_cnf.c
+evp_enc.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+evp_enc.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+evp_enc.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+evp_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+evp_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+evp_enc.o: ../cryptlib.h evp_enc.c evp_locl.h
+evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+evp_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+evp_err.o: ../../include/openssl/symhacks.h evp_err.c
+evp_fips.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_fips.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+evp_fips.o: ../../include/openssl/evp.h ../../include/openssl/obj_mac.h
+evp_fips.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_fips.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_fips.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+evp_fips.o: ../../include/openssl/symhacks.h evp_fips.c
+evp_key.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_key.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+evp_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+evp_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+evp_key.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+evp_key.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+evp_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+evp_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_key.o: ../../include/openssl/ui.h ../../include/openssl/x509.h
+evp_key.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_key.c
+evp_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+evp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+evp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+evp_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+evp_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_lib.c
+evp_pbe.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_pbe.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+evp_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+evp_pbe.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+evp_pbe.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+evp_pbe.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+evp_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+evp_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+evp_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+evp_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h evp_pbe.c
+evp_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+evp_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+evp_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+evp_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+evp_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+evp_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_pkey.o: ../../include/openssl/opensslconf.h
+evp_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+evp_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+evp_pkey.o: ../asn1/asn1_locl.h ../cryptlib.h evp_pkey.c
+m_dss.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_dss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_dss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+m_dss.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_dss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_dss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_dss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_dss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_dss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_dss.o: ../cryptlib.h m_dss.c
+m_dss1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_dss1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_dss1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+m_dss1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_dss1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_dss1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_dss1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_dss1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_dss1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_dss1.o: ../cryptlib.h m_dss1.c
+m_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h
+m_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+m_ecdsa.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+m_ecdsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+m_ecdsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+m_ecdsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+m_ecdsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_ecdsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_ecdsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_ecdsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_ecdsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_ecdsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_ecdsa.o: ../cryptlib.h m_ecdsa.c
+m_md2.o: ../../e_os.h ../../include/openssl/bio.h
+m_md2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_md2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_md2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+m_md2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_md2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+m_md2.o: ../../include/openssl/symhacks.h ../cryptlib.h m_md2.c
+m_md4.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_md4.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_md4.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_md4.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_md4.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_md4.o: ../../include/openssl/lhash.h ../../include/openssl/md4.h
+m_md4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_md4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_md4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_md4.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_md4.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_md4.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_md4.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h m_md4.c
+m_md5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_md5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_md5.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_md5.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_md5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_md5.o: ../../include/openssl/lhash.h ../../include/openssl/md5.h
+m_md5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_md5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_md5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_md5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_md5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_md5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_md5.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h m_md5.c
+m_mdc2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_mdc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_mdc2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_mdc2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_mdc2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_mdc2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_mdc2.o: ../../include/openssl/lhash.h ../../include/openssl/mdc2.h
+m_mdc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_mdc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_mdc2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_mdc2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_mdc2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_mdc2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+m_mdc2.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+m_mdc2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h m_mdc2.c
+m_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_null.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_null.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_null.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_null.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+m_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_null.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_null.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_null.c
+m_ripemd.o: ../../e_os.h ../../include/openssl/asn1.h
+m_ripemd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+m_ripemd.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+m_ripemd.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+m_ripemd.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+m_ripemd.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+m_ripemd.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_ripemd.o: ../../include/openssl/opensslconf.h
+m_ripemd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_ripemd.o: ../../include/openssl/pkcs7.h ../../include/openssl/ripemd.h
+m_ripemd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_ripemd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_ripemd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_ripemd.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h
+m_ripemd.o: m_ripemd.c
+m_sha.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_sha.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_sha.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_sha.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_sha.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_sha.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_sha.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_sha.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_sha.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+m_sha.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_sha.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_sha.o: ../cryptlib.h evp_locl.h m_sha.c
+m_sha1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_sha1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+m_sha1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_sha1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_sha1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+m_sha1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_sha1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_sha1.o: ../cryptlib.h m_sha1.c
+m_sigver.o: ../../e_os.h ../../include/openssl/asn1.h
+m_sigver.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+m_sigver.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+m_sigver.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+m_sigver.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+m_sigver.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+m_sigver.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_sigver.o: ../../include/openssl/opensslconf.h
+m_sigver.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_sigver.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+m_sigver.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_sigver.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_sigver.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h
+m_sigver.o: m_sigver.c
+m_wp.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_wp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_wp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_wp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_wp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_wp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_wp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_wp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_wp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+m_wp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_wp.o: ../../include/openssl/symhacks.h ../../include/openssl/whrlpool.h
+m_wp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_wp.o: ../cryptlib.h evp_locl.h m_wp.c
+names.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+names.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+names.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+names.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+names.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+names.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+names.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+names.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+names.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+names.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+names.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+names.o: ../../include/openssl/x509_vfy.h ../cryptlib.h names.c
+p5_crpt.o: ../../e_os.h ../../include/openssl/asn1.h
+p5_crpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+p5_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+p5_crpt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p5_crpt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p5_crpt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+p5_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p5_crpt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p5_crpt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p5_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p5_crpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p5_crpt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p5_crpt.o: ../cryptlib.h p5_crpt.c
+p5_crpt2.o: ../../e_os.h ../../include/openssl/asn1.h
+p5_crpt2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+p5_crpt2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+p5_crpt2.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p5_crpt2.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p5_crpt2.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h
+p5_crpt2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p5_crpt2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p5_crpt2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p5_crpt2.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+p5_crpt2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p5_crpt2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p5_crpt2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h
+p5_crpt2.o: p5_crpt2.c
+p_dec.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p_dec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p_dec.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p_dec.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_dec.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p_dec.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_dec.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p_dec.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_dec.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_dec.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p_dec.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_dec.c
+p_enc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p_enc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p_enc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_enc.c
+p_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+p_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+p_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+p_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+p_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+p_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_lib.o: ../asn1/asn1_locl.h ../cryptlib.h p_lib.c
+p_open.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p_open.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p_open.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p_open.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p_open.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_open.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p_open.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_open.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_open.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+p_open.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_open.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_open.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_open.o: ../cryptlib.h p_open.c
+p_seal.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p_seal.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p_seal.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p_seal.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p_seal.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_seal.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p_seal.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p_seal.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_seal.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_seal.c
+p_sign.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+p_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_sign.c
+p_verify.o: ../../e_os.h ../../include/openssl/asn1.h
+p_verify.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+p_verify.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+p_verify.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p_verify.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p_verify.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+p_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_verify.o: ../../include/openssl/opensslconf.h
+p_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+p_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_verify.c
+pmeth_fn.o: ../../e_os.h ../../include/openssl/asn1.h
+pmeth_fn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pmeth_fn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+pmeth_fn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pmeth_fn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pmeth_fn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pmeth_fn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pmeth_fn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+pmeth_fn.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
+pmeth_fn.o: pmeth_fn.c
+pmeth_gn.o: ../../e_os.h ../../include/openssl/asn1.h
+pmeth_gn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+pmeth_gn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+pmeth_gn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+pmeth_gn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+pmeth_gn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pmeth_gn.o: ../../include/openssl/opensslconf.h
+pmeth_gn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pmeth_gn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+pmeth_gn.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
+pmeth_gn.o: pmeth_gn.c
+pmeth_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+pmeth_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pmeth_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+pmeth_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pmeth_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+pmeth_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pmeth_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pmeth_lib.o: ../../include/openssl/objects.h
+pmeth_lib.o: ../../include/openssl/opensslconf.h
+pmeth_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pmeth_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pmeth_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pmeth_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pmeth_lib.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h
+pmeth_lib.o: evp_locl.h pmeth_lib.c

Deleted: vendor-crypto/openssl/1.0.1u/crypto/evp/bio_ok.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/bio_ok.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/evp/bio_ok.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,624 +0,0 @@
-/* crypto/evp/bio_ok.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/*-
-        From: Arne Ansper <arne at cyber.ee>
-
-        Why BIO_f_reliable?
-
-        I wrote function which took BIO* as argument, read data from it
-        and processed it. Then I wanted to store the input file in
-        encrypted form. OK I pushed BIO_f_cipher to the BIO stack
-        and everything was OK. BUT if user types wrong password
-        BIO_f_cipher outputs only garbage and my function crashes. Yes
-        I can and I should fix my function, but BIO_f_cipher is
-        easy way to add encryption support to many existing applications
-        and it's hard to debug and fix them all.
-
-        So I wanted another BIO which would catch the incorrect passwords and
-        file damages which cause garbage on BIO_f_cipher's output.
-
-        The easy way is to push the BIO_f_md and save the checksum at
-        the end of the file. However there are several problems with this
-        approach:
-
-        1) you must somehow separate checksum from actual data.
-        2) you need lot's of memory when reading the file, because you
-        must read to the end of the file and verify the checksum before
-        letting the application to read the data.
-
-        BIO_f_reliable tries to solve both problems, so that you can
-        read and write arbitrary long streams using only fixed amount
-        of memory.
-
-        BIO_f_reliable splits data stream into blocks. Each block is prefixed
-        with it's length and suffixed with it's digest. So you need only
-        several Kbytes of memory to buffer single block before verifying
-        it's digest.
-
-        BIO_f_reliable goes further and adds several important capabilities:
-
-        1) the digest of the block is computed over the whole stream
-        -- so nobody can rearrange the blocks or remove or replace them.
-
-        2) to detect invalid passwords right at the start BIO_f_reliable
-        adds special prefix to the stream. In order to avoid known plain-text
-        attacks this prefix is generated as follows:
-
-                *) digest is initialized with random seed instead of
-                standardized one.
-                *) same seed is written to output
-                *) well-known text is then hashed and the output
-                of the digest is also written to output.
-
-        reader can now read the seed from stream, hash the same string
-        and then compare the digest output.
-
-        Bad things: BIO_f_reliable knows what's going on in EVP_Digest. I
-        initially wrote and tested this code on x86 machine and wrote the
-        digests out in machine-dependent order :( There are people using
-        this code and I cannot change this easily without making existing
-        data files unreadable.
-
-*/
-
-#include <stdio.h>
-#include <errno.h>
-#include <assert.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-
-static int ok_write(BIO *h, const char *buf, int num);
-static int ok_read(BIO *h, char *buf, int size);
-static long ok_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int ok_new(BIO *h);
-static int ok_free(BIO *data);
-static long ok_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
-
-static int sig_out(BIO *b);
-static int sig_in(BIO *b);
-static int block_out(BIO *b);
-static int block_in(BIO *b);
-#define OK_BLOCK_SIZE   (1024*4)
-#define OK_BLOCK_BLOCK  4
-#define IOBS            (OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE)
-#define WELLKNOWN "The quick brown fox jumped over the lazy dog's back."
-
-typedef struct ok_struct {
-    size_t buf_len;
-    size_t buf_off;
-    size_t buf_len_save;
-    size_t buf_off_save;
-    int cont;                   /* <= 0 when finished */
-    int finished;
-    EVP_MD_CTX md;
-    int blockout;               /* output block is ready */
-    int sigio;                  /* must process signature */
-    unsigned char buf[IOBS];
-} BIO_OK_CTX;
-
-static BIO_METHOD methods_ok = {
-    BIO_TYPE_CIPHER, "reliable",
-    ok_write,
-    ok_read,
-    NULL,                       /* ok_puts, */
-    NULL,                       /* ok_gets, */
-    ok_ctrl,
-    ok_new,
-    ok_free,
-    ok_callback_ctrl,
-};
-
-BIO_METHOD *BIO_f_reliable(void)
-{
-    return (&methods_ok);
-}
-
-static int ok_new(BIO *bi)
-{
-    BIO_OK_CTX *ctx;
-
-    ctx = (BIO_OK_CTX *)OPENSSL_malloc(sizeof(BIO_OK_CTX));
-    if (ctx == NULL)
-        return (0);
-
-    ctx->buf_len = 0;
-    ctx->buf_off = 0;
-    ctx->buf_len_save = 0;
-    ctx->buf_off_save = 0;
-    ctx->cont = 1;
-    ctx->finished = 0;
-    ctx->blockout = 0;
-    ctx->sigio = 1;
-
-    EVP_MD_CTX_init(&ctx->md);
-
-    bi->init = 0;
-    bi->ptr = (char *)ctx;
-    bi->flags = 0;
-    return (1);
-}
-
-static int ok_free(BIO *a)
-{
-    if (a == NULL)
-        return (0);
-    EVP_MD_CTX_cleanup(&((BIO_OK_CTX *)a->ptr)->md);
-    OPENSSL_cleanse(a->ptr, sizeof(BIO_OK_CTX));
-    OPENSSL_free(a->ptr);
-    a->ptr = NULL;
-    a->init = 0;
-    a->flags = 0;
-    return (1);
-}
-
-static int ok_read(BIO *b, char *out, int outl)
-{
-    int ret = 0, i, n;
-    BIO_OK_CTX *ctx;
-
-    if (out == NULL)
-        return (0);
-    ctx = (BIO_OK_CTX *)b->ptr;
-
-    if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0))
-        return (0);
-
-    while (outl > 0) {
-
-        /* copy clean bytes to output buffer */
-        if (ctx->blockout) {
-            i = ctx->buf_len - ctx->buf_off;
-            if (i > outl)
-                i = outl;
-            memcpy(out, &(ctx->buf[ctx->buf_off]), i);
-            ret += i;
-            out += i;
-            outl -= i;
-            ctx->buf_off += i;
-
-            /* all clean bytes are out */
-            if (ctx->buf_len == ctx->buf_off) {
-                ctx->buf_off = 0;
-
-                /*
-                 * copy start of the next block into proper place
-                 */
-                if (ctx->buf_len_save - ctx->buf_off_save > 0) {
-                    ctx->buf_len = ctx->buf_len_save - ctx->buf_off_save;
-                    memmove(ctx->buf, &(ctx->buf[ctx->buf_off_save]),
-                            ctx->buf_len);
-                } else {
-                    ctx->buf_len = 0;
-                }
-                ctx->blockout = 0;
-            }
-        }
-
-        /* output buffer full -- cancel */
-        if (outl == 0)
-            break;
-
-        /* no clean bytes in buffer -- fill it */
-        n = IOBS - ctx->buf_len;
-        i = BIO_read(b->next_bio, &(ctx->buf[ctx->buf_len]), n);
-
-        if (i <= 0)
-            break;              /* nothing new */
-
-        ctx->buf_len += i;
-
-        /* no signature yet -- check if we got one */
-        if (ctx->sigio == 1) {
-            if (!sig_in(b)) {
-                BIO_clear_retry_flags(b);
-                return 0;
-            }
-        }
-
-        /* signature ok -- check if we got block */
-        if (ctx->sigio == 0) {
-            if (!block_in(b)) {
-                BIO_clear_retry_flags(b);
-                return 0;
-            }
-        }
-
-        /* invalid block -- cancel */
-        if (ctx->cont <= 0)
-            break;
-
-    }
-
-    BIO_clear_retry_flags(b);
-    BIO_copy_next_retry(b);
-    return (ret);
-}
-
-static int ok_write(BIO *b, const char *in, int inl)
-{
-    int ret = 0, n, i;
-    BIO_OK_CTX *ctx;
-
-    if (inl <= 0)
-        return inl;
-
-    ctx = (BIO_OK_CTX *)b->ptr;
-    ret = inl;
-
-    if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0))
-        return (0);
-
-    if (ctx->sigio && !sig_out(b))
-        return 0;
-
-    do {
-        BIO_clear_retry_flags(b);
-        n = ctx->buf_len - ctx->buf_off;
-        while (ctx->blockout && n > 0) {
-            i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n);
-            if (i <= 0) {
-                BIO_copy_next_retry(b);
-                if (!BIO_should_retry(b))
-                    ctx->cont = 0;
-                return (i);
-            }
-            ctx->buf_off += i;
-            n -= i;
-        }
-
-        /* at this point all pending data has been written */
-        ctx->blockout = 0;
-        if (ctx->buf_len == ctx->buf_off) {
-            ctx->buf_len = OK_BLOCK_BLOCK;
-            ctx->buf_off = 0;
-        }
-
-        if ((in == NULL) || (inl <= 0))
-            return (0);
-
-        n = (inl + ctx->buf_len > OK_BLOCK_SIZE + OK_BLOCK_BLOCK) ?
-            (int)(OK_BLOCK_SIZE + OK_BLOCK_BLOCK - ctx->buf_len) : inl;
-
-        memcpy((unsigned char *)(&(ctx->buf[ctx->buf_len])),
-               (unsigned char *)in, n);
-        ctx->buf_len += n;
-        inl -= n;
-        in += n;
-
-        if (ctx->buf_len >= OK_BLOCK_SIZE + OK_BLOCK_BLOCK) {
-            if (!block_out(b)) {
-                BIO_clear_retry_flags(b);
-                return 0;
-            }
-        }
-    } while (inl > 0);
-
-    BIO_clear_retry_flags(b);
-    BIO_copy_next_retry(b);
-    return (ret);
-}
-
-static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)
-{
-    BIO_OK_CTX *ctx;
-    EVP_MD *md;
-    const EVP_MD **ppmd;
-    long ret = 1;
-    int i;
-
-    ctx = b->ptr;
-
-    switch (cmd) {
-    case BIO_CTRL_RESET:
-        ctx->buf_len = 0;
-        ctx->buf_off = 0;
-        ctx->buf_len_save = 0;
-        ctx->buf_off_save = 0;
-        ctx->cont = 1;
-        ctx->finished = 0;
-        ctx->blockout = 0;
-        ctx->sigio = 1;
-        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
-        break;
-    case BIO_CTRL_EOF:         /* More to read */
-        if (ctx->cont <= 0)
-            ret = 1;
-        else
-            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
-        break;
-    case BIO_CTRL_PENDING:     /* More to read in buffer */
-    case BIO_CTRL_WPENDING:    /* More to read in buffer */
-        ret = ctx->blockout ? ctx->buf_len - ctx->buf_off : 0;
-        if (ret <= 0)
-            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
-        break;
-    case BIO_CTRL_FLUSH:
-        /* do a final write */
-        if (ctx->blockout == 0)
-            if (!block_out(b))
-                return 0;
-
-        while (ctx->blockout) {
-            i = ok_write(b, NULL, 0);
-            if (i < 0) {
-                ret = i;
-                break;
-            }
-        }
-
-        ctx->finished = 1;
-        ctx->buf_off = ctx->buf_len = 0;
-        ctx->cont = (int)ret;
-
-        /* Finally flush the underlying BIO */
-        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
-        break;
-    case BIO_C_DO_STATE_MACHINE:
-        BIO_clear_retry_flags(b);
-        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
-        BIO_copy_next_retry(b);
-        break;
-    case BIO_CTRL_INFO:
-        ret = (long)ctx->cont;
-        break;
-    case BIO_C_SET_MD:
-        md = ptr;
-        if (!EVP_DigestInit_ex(&ctx->md, md, NULL))
-            return 0;
-        b->init = 1;
-        break;
-    case BIO_C_GET_MD:
-        if (b->init) {
-            ppmd = ptr;
-            *ppmd = ctx->md.digest;
-        } else
-            ret = 0;
-        break;
-    default:
-        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
-        break;
-    }
-    return (ret);
-}
-
-static long ok_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
-{
-    long ret = 1;
-
-    if (b->next_bio == NULL)
-        return (0);
-    switch (cmd) {
-    default:
-        ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
-        break;
-    }
-    return (ret);
-}
-
-static void longswap(void *_ptr, size_t len)
-{
-    const union {
-        long one;
-        char little;
-    } is_endian = {
-        1
-    };
-
-    if (is_endian.little) {
-        size_t i;
-        unsigned char *p = _ptr, c;
-
-        for (i = 0; i < len; i += 4) {
-            c = p[0], p[0] = p[3], p[3] = c;
-            c = p[1], p[1] = p[2], p[2] = c;
-        }
-    }
-}
-
-static int sig_out(BIO *b)
-{
-    BIO_OK_CTX *ctx;
-    EVP_MD_CTX *md;
-
-    ctx = b->ptr;
-    md = &ctx->md;
-
-    if (ctx->buf_len + 2 * md->digest->md_size > OK_BLOCK_SIZE)
-        return 1;
-
-    if (!EVP_DigestInit_ex(md, md->digest, NULL))
-        goto berr;
-    /*
-     * FIXME: there's absolutely no guarantee this makes any sense at all,
-     * particularly now EVP_MD_CTX has been restructured.
-     */
-    if (RAND_pseudo_bytes(md->md_data, md->digest->md_size) < 0)
-        goto berr;
-    memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size);
-    longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size);
-    ctx->buf_len += md->digest->md_size;
-
-    if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)))
-        goto berr;
-    if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL))
-        goto berr;
-    ctx->buf_len += md->digest->md_size;
-    ctx->blockout = 1;
-    ctx->sigio = 0;
-    return 1;
- berr:
-    BIO_clear_retry_flags(b);
-    return 0;
-}
-
-static int sig_in(BIO *b)
-{
-    BIO_OK_CTX *ctx;
-    EVP_MD_CTX *md;
-    unsigned char tmp[EVP_MAX_MD_SIZE];
-    int ret = 0;
-
-    ctx = b->ptr;
-    md = &ctx->md;
-
-    if ((int)(ctx->buf_len - ctx->buf_off) < 2 * md->digest->md_size)
-        return 1;
-
-    if (!EVP_DigestInit_ex(md, md->digest, NULL))
-        goto berr;
-    memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size);
-    longswap(md->md_data, md->digest->md_size);
-    ctx->buf_off += md->digest->md_size;
-
-    if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)))
-        goto berr;
-    if (!EVP_DigestFinal_ex(md, tmp, NULL))
-        goto berr;
-    ret = memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0;
-    ctx->buf_off += md->digest->md_size;
-    if (ret == 1) {
-        ctx->sigio = 0;
-        if (ctx->buf_len != ctx->buf_off) {
-            memmove(ctx->buf, &(ctx->buf[ctx->buf_off]),
-                    ctx->buf_len - ctx->buf_off);
-        }
-        ctx->buf_len -= ctx->buf_off;
-        ctx->buf_off = 0;
-    } else {
-        ctx->cont = 0;
-    }
-    return 1;
- berr:
-    BIO_clear_retry_flags(b);
-    return 0;
-}
-
-static int block_out(BIO *b)
-{
-    BIO_OK_CTX *ctx;
-    EVP_MD_CTX *md;
-    unsigned long tl;
-
-    ctx = b->ptr;
-    md = &ctx->md;
-
-    tl = ctx->buf_len - OK_BLOCK_BLOCK;
-    ctx->buf[0] = (unsigned char)(tl >> 24);
-    ctx->buf[1] = (unsigned char)(tl >> 16);
-    ctx->buf[2] = (unsigned char)(tl >> 8);
-    ctx->buf[3] = (unsigned char)(tl);
-    if (!EVP_DigestUpdate(md,
-                          (unsigned char *)&(ctx->buf[OK_BLOCK_BLOCK]), tl))
-        goto berr;
-    if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL))
-        goto berr;
-    ctx->buf_len += md->digest->md_size;
-    ctx->blockout = 1;
-    return 1;
- berr:
-    BIO_clear_retry_flags(b);
-    return 0;
-}
-
-static int block_in(BIO *b)
-{
-    BIO_OK_CTX *ctx;
-    EVP_MD_CTX *md;
-    unsigned long tl = 0;
-    unsigned char tmp[EVP_MAX_MD_SIZE];
-
-    ctx = b->ptr;
-    md = &ctx->md;
-
-    assert(sizeof(tl) >= OK_BLOCK_BLOCK); /* always true */
-    tl = ctx->buf[0];
-    tl <<= 8;
-    tl |= ctx->buf[1];
-    tl <<= 8;
-    tl |= ctx->buf[2];
-    tl <<= 8;
-    tl |= ctx->buf[3];
-
-    if (ctx->buf_len < tl + OK_BLOCK_BLOCK + md->digest->md_size)
-        return 1;
-
-    if (!EVP_DigestUpdate(md,
-                          (unsigned char *)&(ctx->buf[OK_BLOCK_BLOCK]), tl))
-        goto berr;
-    if (!EVP_DigestFinal_ex(md, tmp, NULL))
-        goto berr;
-    if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, md->digest->md_size) ==
-        0) {
-        /* there might be parts from next block lurking around ! */
-        ctx->buf_off_save = tl + OK_BLOCK_BLOCK + md->digest->md_size;
-        ctx->buf_len_save = ctx->buf_len;
-        ctx->buf_off = OK_BLOCK_BLOCK;
-        ctx->buf_len = tl + OK_BLOCK_BLOCK;
-        ctx->blockout = 1;
-    } else {
-        ctx->cont = 0;
-    }
-    return 1;
- berr:
-    BIO_clear_retry_flags(b);
-    return 0;
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/evp/bio_ok.c (from rev 11605, vendor-crypto/openssl/dist/crypto/evp/bio_ok.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/evp/bio_ok.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/evp/bio_ok.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,624 @@
+/* crypto/evp/bio_ok.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*-
+        From: Arne Ansper <arne at cyber.ee>
+
+        Why BIO_f_reliable?
+
+        I wrote function which took BIO* as argument, read data from it
+        and processed it. Then I wanted to store the input file in
+        encrypted form. OK I pushed BIO_f_cipher to the BIO stack
+        and everything was OK. BUT if user types wrong password
+        BIO_f_cipher outputs only garbage and my function crashes. Yes
+        I can and I should fix my function, but BIO_f_cipher is
+        easy way to add encryption support to many existing applications
+        and it's hard to debug and fix them all.
+
+        So I wanted another BIO which would catch the incorrect passwords and
+        file damages which cause garbage on BIO_f_cipher's output.
+
+        The easy way is to push the BIO_f_md and save the checksum at
+        the end of the file. However there are several problems with this
+        approach:
+
+        1) you must somehow separate checksum from actual data.
+        2) you need lot's of memory when reading the file, because you
+        must read to the end of the file and verify the checksum before
+        letting the application to read the data.
+
+        BIO_f_reliable tries to solve both problems, so that you can
+        read and write arbitrary long streams using only fixed amount
+        of memory.
+
+        BIO_f_reliable splits data stream into blocks. Each block is prefixed
+        with it's length and suffixed with it's digest. So you need only
+        several Kbytes of memory to buffer single block before verifying
+        it's digest.
+
+        BIO_f_reliable goes further and adds several important capabilities:
+
+        1) the digest of the block is computed over the whole stream
+        -- so nobody can rearrange the blocks or remove or replace them.
+
+        2) to detect invalid passwords right at the start BIO_f_reliable
+        adds special prefix to the stream. In order to avoid known plain-text
+        attacks this prefix is generated as follows:
+
+                *) digest is initialized with random seed instead of
+                standardized one.
+                *) same seed is written to output
+                *) well-known text is then hashed and the output
+                of the digest is also written to output.
+
+        reader can now read the seed from stream, hash the same string
+        and then compare the digest output.
+
+        Bad things: BIO_f_reliable knows what's going on in EVP_Digest. I
+        initially wrote and tested this code on x86 machine and wrote the
+        digests out in machine-dependent order :( There are people using
+        this code and I cannot change this easily without making existing
+        data files unreadable.
+
+*/
+
+#include <stdio.h>
+#include <errno.h>
+#include <assert.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+
+static int ok_write(BIO *h, const char *buf, int num);
+static int ok_read(BIO *h, char *buf, int size);
+static long ok_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int ok_new(BIO *h);
+static int ok_free(BIO *data);
+static long ok_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+
+static int sig_out(BIO *b);
+static int sig_in(BIO *b);
+static int block_out(BIO *b);
+static int block_in(BIO *b);
+#define OK_BLOCK_SIZE   (1024*4)
+#define OK_BLOCK_BLOCK  4
+#define IOBS            (OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE)
+#define WELLKNOWN "The quick brown fox jumped over the lazy dog's back."
+
+typedef struct ok_struct {
+    size_t buf_len;
+    size_t buf_off;
+    size_t buf_len_save;
+    size_t buf_off_save;
+    int cont;                   /* <= 0 when finished */
+    int finished;
+    EVP_MD_CTX md;
+    int blockout;               /* output block is ready */
+    int sigio;                  /* must process signature */
+    unsigned char buf[IOBS];
+} BIO_OK_CTX;
+
+static BIO_METHOD methods_ok = {
+    BIO_TYPE_CIPHER, "reliable",
+    ok_write,
+    ok_read,
+    NULL,                       /* ok_puts, */
+    NULL,                       /* ok_gets, */
+    ok_ctrl,
+    ok_new,
+    ok_free,
+    ok_callback_ctrl,
+};
+
+BIO_METHOD *BIO_f_reliable(void)
+{
+    return (&methods_ok);
+}
+
+static int ok_new(BIO *bi)
+{
+    BIO_OK_CTX *ctx;
+
+    ctx = (BIO_OK_CTX *)OPENSSL_malloc(sizeof(BIO_OK_CTX));
+    if (ctx == NULL)
+        return (0);
+
+    ctx->buf_len = 0;
+    ctx->buf_off = 0;
+    ctx->buf_len_save = 0;
+    ctx->buf_off_save = 0;
+    ctx->cont = 1;
+    ctx->finished = 0;
+    ctx->blockout = 0;
+    ctx->sigio = 1;
+
+    EVP_MD_CTX_init(&ctx->md);
+
+    bi->init = 0;
+    bi->ptr = (char *)ctx;
+    bi->flags = 0;
+    return (1);
+}
+
+static int ok_free(BIO *a)
+{
+    if (a == NULL)
+        return (0);
+    EVP_MD_CTX_cleanup(&((BIO_OK_CTX *)a->ptr)->md);
+    OPENSSL_cleanse(a->ptr, sizeof(BIO_OK_CTX));
+    OPENSSL_free(a->ptr);
+    a->ptr = NULL;
+    a->init = 0;
+    a->flags = 0;
+    return (1);
+}
+
+static int ok_read(BIO *b, char *out, int outl)
+{
+    int ret = 0, i, n;
+    BIO_OK_CTX *ctx;
+
+    if (out == NULL)
+        return (0);
+    ctx = (BIO_OK_CTX *)b->ptr;
+
+    if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0))
+        return (0);
+
+    while (outl > 0) {
+
+        /* copy clean bytes to output buffer */
+        if (ctx->blockout) {
+            i = ctx->buf_len - ctx->buf_off;
+            if (i > outl)
+                i = outl;
+            memcpy(out, &(ctx->buf[ctx->buf_off]), i);
+            ret += i;
+            out += i;
+            outl -= i;
+            ctx->buf_off += i;
+
+            /* all clean bytes are out */
+            if (ctx->buf_len == ctx->buf_off) {
+                ctx->buf_off = 0;
+
+                /*
+                 * copy start of the next block into proper place
+                 */
+                if (ctx->buf_len_save - ctx->buf_off_save > 0) {
+                    ctx->buf_len = ctx->buf_len_save - ctx->buf_off_save;
+                    memmove(ctx->buf, &(ctx->buf[ctx->buf_off_save]),
+                            ctx->buf_len);
+                } else {
+                    ctx->buf_len = 0;
+                }
+                ctx->blockout = 0;
+            }
+        }
+
+        /* output buffer full -- cancel */
+        if (outl == 0)
+            break;
+
+        /* no clean bytes in buffer -- fill it */
+        n = IOBS - ctx->buf_len;
+        i = BIO_read(b->next_bio, &(ctx->buf[ctx->buf_len]), n);
+
+        if (i <= 0)
+            break;              /* nothing new */
+
+        ctx->buf_len += i;
+
+        /* no signature yet -- check if we got one */
+        if (ctx->sigio == 1) {
+            if (!sig_in(b)) {
+                BIO_clear_retry_flags(b);
+                return 0;
+            }
+        }
+
+        /* signature ok -- check if we got block */
+        if (ctx->sigio == 0) {
+            if (!block_in(b)) {
+                BIO_clear_retry_flags(b);
+                return 0;
+            }
+        }
+
+        /* invalid block -- cancel */
+        if (ctx->cont <= 0)
+            break;
+
+    }
+
+    BIO_clear_retry_flags(b);
+    BIO_copy_next_retry(b);
+    return (ret);
+}
+
+static int ok_write(BIO *b, const char *in, int inl)
+{
+    int ret = 0, n, i;
+    BIO_OK_CTX *ctx;
+
+    if (inl <= 0)
+        return inl;
+
+    ctx = (BIO_OK_CTX *)b->ptr;
+    ret = inl;
+
+    if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0))
+        return (0);
+
+    if (ctx->sigio && !sig_out(b))
+        return 0;
+
+    do {
+        BIO_clear_retry_flags(b);
+        n = ctx->buf_len - ctx->buf_off;
+        while (ctx->blockout && n > 0) {
+            i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n);
+            if (i <= 0) {
+                BIO_copy_next_retry(b);
+                if (!BIO_should_retry(b))
+                    ctx->cont = 0;
+                return (i);
+            }
+            ctx->buf_off += i;
+            n -= i;
+        }
+
+        /* at this point all pending data has been written */
+        ctx->blockout = 0;
+        if (ctx->buf_len == ctx->buf_off) {
+            ctx->buf_len = OK_BLOCK_BLOCK;
+            ctx->buf_off = 0;
+        }
+
+        if ((in == NULL) || (inl <= 0))
+            return (0);
+
+        n = (inl + ctx->buf_len > OK_BLOCK_SIZE + OK_BLOCK_BLOCK) ?
+            (int)(OK_BLOCK_SIZE + OK_BLOCK_BLOCK - ctx->buf_len) : inl;
+
+        memcpy((unsigned char *)(&(ctx->buf[ctx->buf_len])),
+               (unsigned char *)in, n);
+        ctx->buf_len += n;
+        inl -= n;
+        in += n;
+
+        if (ctx->buf_len >= OK_BLOCK_SIZE + OK_BLOCK_BLOCK) {
+            if (!block_out(b)) {
+                BIO_clear_retry_flags(b);
+                return 0;
+            }
+        }
+    } while (inl > 0);
+
+    BIO_clear_retry_flags(b);
+    BIO_copy_next_retry(b);
+    return (ret);
+}
+
+static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    BIO_OK_CTX *ctx;
+    EVP_MD *md;
+    const EVP_MD **ppmd;
+    long ret = 1;
+    int i;
+
+    ctx = b->ptr;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        ctx->buf_len = 0;
+        ctx->buf_off = 0;
+        ctx->buf_len_save = 0;
+        ctx->buf_off_save = 0;
+        ctx->cont = 1;
+        ctx->finished = 0;
+        ctx->blockout = 0;
+        ctx->sigio = 1;
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_EOF:         /* More to read */
+        if (ctx->cont <= 0)
+            ret = 1;
+        else
+            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_PENDING:     /* More to read in buffer */
+    case BIO_CTRL_WPENDING:    /* More to read in buffer */
+        ret = ctx->blockout ? ctx->buf_len - ctx->buf_off : 0;
+        if (ret <= 0)
+            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_FLUSH:
+        /* do a final write */
+        if (ctx->blockout == 0)
+            if (!block_out(b))
+                return 0;
+
+        while (ctx->blockout) {
+            i = ok_write(b, NULL, 0);
+            if (i < 0) {
+                ret = i;
+                break;
+            }
+        }
+
+        ctx->finished = 1;
+        ctx->buf_off = ctx->buf_len = 0;
+        ctx->cont = (int)ret;
+
+        /* Finally flush the underlying BIO */
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    case BIO_C_DO_STATE_MACHINE:
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+    case BIO_CTRL_INFO:
+        ret = (long)ctx->cont;
+        break;
+    case BIO_C_SET_MD:
+        md = ptr;
+        if (!EVP_DigestInit_ex(&ctx->md, md, NULL))
+            return 0;
+        b->init = 1;
+        break;
+    case BIO_C_GET_MD:
+        if (b->init) {
+            ppmd = ptr;
+            *ppmd = ctx->md.digest;
+        } else
+            ret = 0;
+        break;
+    default:
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    }
+    return (ret);
+}
+
+static long ok_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+{
+    long ret = 1;
+
+    if (b->next_bio == NULL)
+        return (0);
+    switch (cmd) {
+    default:
+        ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+        break;
+    }
+    return (ret);
+}
+
+static void longswap(void *_ptr, size_t len)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = {
+        1
+    };
+
+    if (is_endian.little) {
+        size_t i;
+        unsigned char *p = _ptr, c;
+
+        for (i = 0; i < len; i += 4) {
+            c = p[0], p[0] = p[3], p[3] = c;
+            c = p[1], p[1] = p[2], p[2] = c;
+        }
+    }
+}
+
+static int sig_out(BIO *b)
+{
+    BIO_OK_CTX *ctx;
+    EVP_MD_CTX *md;
+
+    ctx = b->ptr;
+    md = &ctx->md;
+
+    if (ctx->buf_len + 2 * md->digest->md_size > OK_BLOCK_SIZE)
+        return 1;
+
+    if (!EVP_DigestInit_ex(md, md->digest, NULL))
+        goto berr;
+    /*
+     * FIXME: there's absolutely no guarantee this makes any sense at all,
+     * particularly now EVP_MD_CTX has been restructured.
+     */
+    if (RAND_bytes(md->md_data, md->digest->md_size) <= 0)
+        goto berr;
+    memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size);
+    longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size);
+    ctx->buf_len += md->digest->md_size;
+
+    if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)))
+        goto berr;
+    if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL))
+        goto berr;
+    ctx->buf_len += md->digest->md_size;
+    ctx->blockout = 1;
+    ctx->sigio = 0;
+    return 1;
+ berr:
+    BIO_clear_retry_flags(b);
+    return 0;
+}
+
+static int sig_in(BIO *b)
+{
+    BIO_OK_CTX *ctx;
+    EVP_MD_CTX *md;
+    unsigned char tmp[EVP_MAX_MD_SIZE];
+    int ret = 0;
+
+    ctx = b->ptr;
+    md = &ctx->md;
+
+    if ((int)(ctx->buf_len - ctx->buf_off) < 2 * md->digest->md_size)
+        return 1;
+
+    if (!EVP_DigestInit_ex(md, md->digest, NULL))
+        goto berr;
+    memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size);
+    longswap(md->md_data, md->digest->md_size);
+    ctx->buf_off += md->digest->md_size;
+
+    if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)))
+        goto berr;
+    if (!EVP_DigestFinal_ex(md, tmp, NULL))
+        goto berr;
+    ret = memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0;
+    ctx->buf_off += md->digest->md_size;
+    if (ret == 1) {
+        ctx->sigio = 0;
+        if (ctx->buf_len != ctx->buf_off) {
+            memmove(ctx->buf, &(ctx->buf[ctx->buf_off]),
+                    ctx->buf_len - ctx->buf_off);
+        }
+        ctx->buf_len -= ctx->buf_off;
+        ctx->buf_off = 0;
+    } else {
+        ctx->cont = 0;
+    }
+    return 1;
+ berr:
+    BIO_clear_retry_flags(b);
+    return 0;
+}
+
+static int block_out(BIO *b)
+{
+    BIO_OK_CTX *ctx;
+    EVP_MD_CTX *md;
+    unsigned long tl;
+
+    ctx = b->ptr;
+    md = &ctx->md;
+
+    tl = ctx->buf_len - OK_BLOCK_BLOCK;
+    ctx->buf[0] = (unsigned char)(tl >> 24);
+    ctx->buf[1] = (unsigned char)(tl >> 16);
+    ctx->buf[2] = (unsigned char)(tl >> 8);
+    ctx->buf[3] = (unsigned char)(tl);
+    if (!EVP_DigestUpdate(md,
+                          (unsigned char *)&(ctx->buf[OK_BLOCK_BLOCK]), tl))
+        goto berr;
+    if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL))
+        goto berr;
+    ctx->buf_len += md->digest->md_size;
+    ctx->blockout = 1;
+    return 1;
+ berr:
+    BIO_clear_retry_flags(b);
+    return 0;
+}
+
+static int block_in(BIO *b)
+{
+    BIO_OK_CTX *ctx;
+    EVP_MD_CTX *md;
+    unsigned long tl = 0;
+    unsigned char tmp[EVP_MAX_MD_SIZE];
+
+    ctx = b->ptr;
+    md = &ctx->md;
+
+    assert(sizeof(tl) >= OK_BLOCK_BLOCK); /* always true */
+    tl = ctx->buf[0];
+    tl <<= 8;
+    tl |= ctx->buf[1];
+    tl <<= 8;
+    tl |= ctx->buf[2];
+    tl <<= 8;
+    tl |= ctx->buf[3];
+
+    if (ctx->buf_len < tl + OK_BLOCK_BLOCK + md->digest->md_size)
+        return 1;
+
+    if (!EVP_DigestUpdate(md,
+                          (unsigned char *)&(ctx->buf[OK_BLOCK_BLOCK]), tl))
+        goto berr;
+    if (!EVP_DigestFinal_ex(md, tmp, NULL))
+        goto berr;
+    if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, md->digest->md_size) ==
+        0) {
+        /* there might be parts from next block lurking around ! */
+        ctx->buf_off_save = tl + OK_BLOCK_BLOCK + md->digest->md_size;
+        ctx->buf_len_save = ctx->buf_len;
+        ctx->buf_off = OK_BLOCK_BLOCK;
+        ctx->buf_len = tl + OK_BLOCK_BLOCK;
+        ctx->blockout = 1;
+    } else {
+        ctx->cont = 0;
+    }
+    return 1;
+ berr:
+    BIO_clear_retry_flags(b);
+    return 0;
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/evp/digest.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/digest.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/evp/digest.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,394 +0,0 @@
-/* crypto/evp/digest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
-
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-#endif
-
-void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
-{
-    memset(ctx, '\0', sizeof *ctx);
-}
-
-EVP_MD_CTX *EVP_MD_CTX_create(void)
-{
-    EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof *ctx);
-
-    if (ctx)
-        EVP_MD_CTX_init(ctx);
-
-    return ctx;
-}
-
-int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
-{
-    EVP_MD_CTX_init(ctx);
-    return EVP_DigestInit_ex(ctx, type, NULL);
-}
-
-int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
-{
-    EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
-#ifndef OPENSSL_NO_ENGINE
-    /*
-     * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
-     * this context may already have an ENGINE! Try to avoid releasing the
-     * previous handle, re-querying for an ENGINE, and having a
-     * reinitialisation, when it may all be unecessary.
-     */
-    if (ctx->engine && ctx->digest && (!type ||
-                                       (type
-                                        && (type->type ==
-                                            ctx->digest->type))))
-        goto skip_to_init;
-    if (type) {
-        /*
-         * Ensure an ENGINE left lying around from last time is cleared (the
-         * previous check attempted to avoid this if the same ENGINE and
-         * EVP_MD could be used).
-         */
-        if (ctx->engine)
-            ENGINE_finish(ctx->engine);
-        if (impl) {
-            if (!ENGINE_init(impl)) {
-                EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);
-                return 0;
-            }
-        } else
-            /* Ask if an ENGINE is reserved for this job */
-            impl = ENGINE_get_digest_engine(type->type);
-        if (impl) {
-            /* There's an ENGINE for this job ... (apparently) */
-            const EVP_MD *d = ENGINE_get_digest(impl, type->type);
-            if (!d) {
-                /* Same comment from evp_enc.c */
-                EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);
-                ENGINE_finish(impl);
-                return 0;
-            }
-            /* We'll use the ENGINE's private digest definition */
-            type = d;
-            /*
-             * Store the ENGINE functional reference so we know 'type' came
-             * from an ENGINE and we need to release it when done.
-             */
-            ctx->engine = impl;
-        } else
-            ctx->engine = NULL;
-    } else {
-        if (!ctx->digest) {
-            EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_NO_DIGEST_SET);
-            return 0;
-        }
-        type = ctx->digest;
-    }
-#endif
-    if (ctx->digest != type) {
-        if (ctx->digest && ctx->digest->ctx_size)
-            OPENSSL_free(ctx->md_data);
-        ctx->digest = type;
-        if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) {
-            ctx->update = type->update;
-            ctx->md_data = OPENSSL_malloc(type->ctx_size);
-            if (ctx->md_data == NULL) {
-                EVPerr(EVP_F_EVP_DIGESTINIT_EX, ERR_R_MALLOC_FAILURE);
-                return 0;
-            }
-        }
-    }
-#ifndef OPENSSL_NO_ENGINE
- skip_to_init:
-#endif
-    if (ctx->pctx) {
-        int r;
-        r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG,
-                              EVP_PKEY_CTRL_DIGESTINIT, 0, ctx);
-        if (r <= 0 && (r != -2))
-            return 0;
-    }
-    if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
-        return 1;
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode()) {
-        if (FIPS_digestinit(ctx, type))
-            return 1;
-        OPENSSL_free(ctx->md_data);
-        ctx->md_data = NULL;
-        return 0;
-    }
-#endif
-    return ctx->digest->init(ctx);
-}
-
-int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
-{
-#ifdef OPENSSL_FIPS
-    return FIPS_digestupdate(ctx, data, count);
-#else
-    return ctx->update(ctx, data, count);
-#endif
-}
-
-/* The caller can assume that this removes any secret data from the context */
-int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
-{
-    int ret;
-    ret = EVP_DigestFinal_ex(ctx, md, size);
-    EVP_MD_CTX_cleanup(ctx);
-    return ret;
-}
-
-/* The caller can assume that this removes any secret data from the context */
-int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
-{
-#ifdef OPENSSL_FIPS
-    return FIPS_digestfinal(ctx, md, size);
-#else
-    int ret;
-
-    OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
-    ret = ctx->digest->final(ctx, md);
-    if (size != NULL)
-        *size = ctx->digest->md_size;
-    if (ctx->digest->cleanup) {
-        ctx->digest->cleanup(ctx);
-        EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
-    }
-    memset(ctx->md_data, 0, ctx->digest->ctx_size);
-    return ret;
-#endif
-}
-
-int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
-{
-    EVP_MD_CTX_init(out);
-    return EVP_MD_CTX_copy_ex(out, in);
-}
-
-int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
-{
-    unsigned char *tmp_buf;
-    if ((in == NULL) || (in->digest == NULL)) {
-        EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_INPUT_NOT_INITIALIZED);
-        return 0;
-    }
-#ifndef OPENSSL_NO_ENGINE
-    /* Make sure it's safe to copy a digest context using an ENGINE */
-    if (in->engine && !ENGINE_init(in->engine)) {
-        EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_ENGINE_LIB);
-        return 0;
-    }
-#endif
-
-    if (out->digest == in->digest) {
-        tmp_buf = out->md_data;
-        EVP_MD_CTX_set_flags(out, EVP_MD_CTX_FLAG_REUSE);
-    } else
-        tmp_buf = NULL;
-    EVP_MD_CTX_cleanup(out);
-    memcpy(out, in, sizeof *out);
-
-    if (in->md_data && out->digest->ctx_size) {
-        if (tmp_buf)
-            out->md_data = tmp_buf;
-        else {
-            out->md_data = OPENSSL_malloc(out->digest->ctx_size);
-            if (!out->md_data) {
-                EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_MALLOC_FAILURE);
-                return 0;
-            }
-        }
-        memcpy(out->md_data, in->md_data, out->digest->ctx_size);
-    }
-
-    out->update = in->update;
-
-    if (in->pctx) {
-        out->pctx = EVP_PKEY_CTX_dup(in->pctx);
-        if (!out->pctx) {
-            EVP_MD_CTX_cleanup(out);
-            return 0;
-        }
-    }
-
-    if (out->digest->copy)
-        return out->digest->copy(out, in);
-
-    return 1;
-}
-
-int EVP_Digest(const void *data, size_t count,
-               unsigned char *md, unsigned int *size, const EVP_MD *type,
-               ENGINE *impl)
-{
-    EVP_MD_CTX ctx;
-    int ret;
-
-    EVP_MD_CTX_init(&ctx);
-    EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_ONESHOT);
-    ret = EVP_DigestInit_ex(&ctx, type, impl)
-        && EVP_DigestUpdate(&ctx, data, count)
-        && EVP_DigestFinal_ex(&ctx, md, size);
-    EVP_MD_CTX_cleanup(&ctx);
-
-    return ret;
-}
-
-void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
-{
-    if (ctx) {
-        EVP_MD_CTX_cleanup(ctx);
-        OPENSSL_free(ctx);
-    }
-}
-
-/* This call frees resources associated with the context */
-int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
-{
-#ifndef OPENSSL_FIPS
-    /*
-     * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because
-     * sometimes only copies of the context are ever finalised.
-     */
-    if (ctx->digest && ctx->digest->cleanup
-        && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED))
-        ctx->digest->cleanup(ctx);
-    if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
-        && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) {
-        OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
-        OPENSSL_free(ctx->md_data);
-    }
-#endif
-    if (ctx->pctx)
-        EVP_PKEY_CTX_free(ctx->pctx);
-#ifndef OPENSSL_NO_ENGINE
-    if (ctx->engine)
-        /*
-         * The EVP_MD we used belongs to an ENGINE, release the functional
-         * reference we held for this reason.
-         */
-        ENGINE_finish(ctx->engine);
-#endif
-#ifdef OPENSSL_FIPS
-    FIPS_md_ctx_cleanup(ctx);
-#endif
-    memset(ctx, '\0', sizeof *ctx);
-
-    return 1;
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/evp/digest.c (from rev 11605, vendor-crypto/openssl/dist/crypto/evp/digest.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/evp/digest.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/evp/digest.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,396 @@
+/* crypto/evp/digest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+
+void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
+{
+    memset(ctx, '\0', sizeof *ctx);
+}
+
+EVP_MD_CTX *EVP_MD_CTX_create(void)
+{
+    EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof *ctx);
+
+    if (ctx)
+        EVP_MD_CTX_init(ctx);
+
+    return ctx;
+}
+
+int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
+{
+    EVP_MD_CTX_init(ctx);
+    return EVP_DigestInit_ex(ctx, type, NULL);
+}
+
+int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
+{
+    EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
+#ifndef OPENSSL_NO_ENGINE
+    /*
+     * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
+     * this context may already have an ENGINE! Try to avoid releasing the
+     * previous handle, re-querying for an ENGINE, and having a
+     * reinitialisation, when it may all be unecessary.
+     */
+    if (ctx->engine && ctx->digest && (!type ||
+                                       (type
+                                        && (type->type ==
+                                            ctx->digest->type))))
+        goto skip_to_init;
+    if (type) {
+        /*
+         * Ensure an ENGINE left lying around from last time is cleared (the
+         * previous check attempted to avoid this if the same ENGINE and
+         * EVP_MD could be used).
+         */
+        if (ctx->engine)
+            ENGINE_finish(ctx->engine);
+        if (impl) {
+            if (!ENGINE_init(impl)) {
+                EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                return 0;
+            }
+        } else
+            /* Ask if an ENGINE is reserved for this job */
+            impl = ENGINE_get_digest_engine(type->type);
+        if (impl) {
+            /* There's an ENGINE for this job ... (apparently) */
+            const EVP_MD *d = ENGINE_get_digest(impl, type->type);
+            if (!d) {
+                /* Same comment from evp_enc.c */
+                EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                ENGINE_finish(impl);
+                return 0;
+            }
+            /* We'll use the ENGINE's private digest definition */
+            type = d;
+            /*
+             * Store the ENGINE functional reference so we know 'type' came
+             * from an ENGINE and we need to release it when done.
+             */
+            ctx->engine = impl;
+        } else
+            ctx->engine = NULL;
+    } else {
+        if (!ctx->digest) {
+            EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_NO_DIGEST_SET);
+            return 0;
+        }
+        type = ctx->digest;
+    }
+#endif
+    if (ctx->digest != type) {
+        if (ctx->digest && ctx->digest->ctx_size) {
+            OPENSSL_free(ctx->md_data);
+            ctx->md_data = NULL;
+        }
+        ctx->digest = type;
+        if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) {
+            ctx->update = type->update;
+            ctx->md_data = OPENSSL_malloc(type->ctx_size);
+            if (ctx->md_data == NULL) {
+                EVPerr(EVP_F_EVP_DIGESTINIT_EX, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+        }
+    }
+#ifndef OPENSSL_NO_ENGINE
+ skip_to_init:
+#endif
+    if (ctx->pctx) {
+        int r;
+        r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG,
+                              EVP_PKEY_CTRL_DIGESTINIT, 0, ctx);
+        if (r <= 0 && (r != -2))
+            return 0;
+    }
+    if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
+        return 1;
+#ifdef OPENSSL_FIPS
+    if (FIPS_mode()) {
+        if (FIPS_digestinit(ctx, type))
+            return 1;
+        OPENSSL_free(ctx->md_data);
+        ctx->md_data = NULL;
+        return 0;
+    }
+#endif
+    return ctx->digest->init(ctx);
+}
+
+int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+#ifdef OPENSSL_FIPS
+    if (FIPS_mode())
+        return FIPS_digestupdate(ctx, data, count);
+#endif
+    return ctx->update(ctx, data, count);
+}
+
+/* The caller can assume that this removes any secret data from the context */
+int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
+{
+    int ret;
+    ret = EVP_DigestFinal_ex(ctx, md, size);
+    EVP_MD_CTX_cleanup(ctx);
+    return ret;
+}
+
+/* The caller can assume that this removes any secret data from the context */
+int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
+{
+    int ret;
+#ifdef OPENSSL_FIPS
+    if (FIPS_mode())
+        return FIPS_digestfinal(ctx, md, size);
+#endif
+
+    OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
+    ret = ctx->digest->final(ctx, md);
+    if (size != NULL)
+        *size = ctx->digest->md_size;
+    if (ctx->digest->cleanup) {
+        ctx->digest->cleanup(ctx);
+        EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
+    }
+    OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
+    return ret;
+}
+
+int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
+{
+    EVP_MD_CTX_init(out);
+    return EVP_MD_CTX_copy_ex(out, in);
+}
+
+int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
+{
+    unsigned char *tmp_buf;
+    if ((in == NULL) || (in->digest == NULL)) {
+        EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_INPUT_NOT_INITIALIZED);
+        return 0;
+    }
+#ifndef OPENSSL_NO_ENGINE
+    /* Make sure it's safe to copy a digest context using an ENGINE */
+    if (in->engine && !ENGINE_init(in->engine)) {
+        EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_ENGINE_LIB);
+        return 0;
+    }
+#endif
+
+    if (out->digest == in->digest) {
+        tmp_buf = out->md_data;
+        EVP_MD_CTX_set_flags(out, EVP_MD_CTX_FLAG_REUSE);
+    } else
+        tmp_buf = NULL;
+    EVP_MD_CTX_cleanup(out);
+    memcpy(out, in, sizeof *out);
+
+    if (in->md_data && out->digest->ctx_size) {
+        if (tmp_buf)
+            out->md_data = tmp_buf;
+        else {
+            out->md_data = OPENSSL_malloc(out->digest->ctx_size);
+            if (!out->md_data) {
+                EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+        }
+        memcpy(out->md_data, in->md_data, out->digest->ctx_size);
+    }
+
+    out->update = in->update;
+
+    if (in->pctx) {
+        out->pctx = EVP_PKEY_CTX_dup(in->pctx);
+        if (!out->pctx) {
+            EVP_MD_CTX_cleanup(out);
+            return 0;
+        }
+    }
+
+    if (out->digest->copy)
+        return out->digest->copy(out, in);
+
+    return 1;
+}
+
+int EVP_Digest(const void *data, size_t count,
+               unsigned char *md, unsigned int *size, const EVP_MD *type,
+               ENGINE *impl)
+{
+    EVP_MD_CTX ctx;
+    int ret;
+
+    EVP_MD_CTX_init(&ctx);
+    EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_ONESHOT);
+    ret = EVP_DigestInit_ex(&ctx, type, impl)
+        && EVP_DigestUpdate(&ctx, data, count)
+        && EVP_DigestFinal_ex(&ctx, md, size);
+    EVP_MD_CTX_cleanup(&ctx);
+
+    return ret;
+}
+
+void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
+{
+    if (ctx) {
+        EVP_MD_CTX_cleanup(ctx);
+        OPENSSL_free(ctx);
+    }
+}
+
+/* This call frees resources associated with the context */
+int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
+{
+#ifndef OPENSSL_FIPS
+    /*
+     * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because
+     * sometimes only copies of the context are ever finalised.
+     */
+    if (ctx->digest && ctx->digest->cleanup
+        && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED))
+        ctx->digest->cleanup(ctx);
+    if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
+        && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) {
+        OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
+        OPENSSL_free(ctx->md_data);
+    }
+#endif
+    if (ctx->pctx)
+        EVP_PKEY_CTX_free(ctx->pctx);
+#ifndef OPENSSL_NO_ENGINE
+    if (ctx->engine)
+        /*
+         * The EVP_MD we used belongs to an ENGINE, release the functional
+         * reference we held for this reason.
+         */
+        ENGINE_finish(ctx->engine);
+#endif
+#ifdef OPENSSL_FIPS
+    FIPS_md_ctx_cleanup(ctx);
+#endif
+    memset(ctx, '\0', sizeof *ctx);
+
+    return 1;
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/evp/e_aes_cbc_hmac_sha1.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/e_aes_cbc_hmac_sha1.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/evp/e_aes_cbc_hmac_sha1.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,599 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2011-2013 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include <openssl/opensslconf.h>
-
-#include <stdio.h>
-#include <string.h>
-
-#if !defined(OPENSSL_NO_AES) && !defined(OPENSSL_NO_SHA1)
-
-# include <openssl/evp.h>
-# include <openssl/objects.h>
-# include <openssl/aes.h>
-# include <openssl/sha.h>
-# include "evp_locl.h"
-
-# ifndef EVP_CIPH_FLAG_AEAD_CIPHER
-#  define EVP_CIPH_FLAG_AEAD_CIPHER       0x200000
-#  define EVP_CTRL_AEAD_TLS1_AAD          0x16
-#  define EVP_CTRL_AEAD_SET_MAC_KEY       0x17
-# endif
-
-# if !defined(EVP_CIPH_FLAG_DEFAULT_ASN1)
-#  define EVP_CIPH_FLAG_DEFAULT_ASN1 0
-# endif
-
-# define TLS1_1_VERSION 0x0302
-
-typedef struct {
-    AES_KEY ks;
-    SHA_CTX head, tail, md;
-    size_t payload_length;      /* AAD length in decrypt case */
-    union {
-        unsigned int tls_ver;
-        unsigned char tls_aad[16]; /* 13 used */
-    } aux;
-} EVP_AES_HMAC_SHA1;
-
-# define NO_PAYLOAD_LENGTH       ((size_t)-1)
-
-# if     defined(AES_ASM) &&     ( \
-        defined(__x86_64)       || defined(__x86_64__)  || \
-        defined(_M_AMD64)       || defined(_M_X64)      || \
-        defined(__INTEL__)      )
-
-#  if defined(__GNUC__) && __GNUC__>=2 && !defined(PEDANTIC)
-#   define BSWAP(x) ({ unsigned int r=(x); asm ("bswapl %0":"=r"(r):"0"(r)); r; })
-#  endif
-
-extern unsigned int OPENSSL_ia32cap_P[2];
-#  define AESNI_CAPABLE   (1<<(57-32))
-
-int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
-                          AES_KEY *key);
-int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
-                          AES_KEY *key);
-
-void aesni_cbc_encrypt(const unsigned char *in,
-                       unsigned char *out,
-                       size_t length,
-                       const AES_KEY *key, unsigned char *ivec, int enc);
-
-void aesni_cbc_sha1_enc(const void *inp, void *out, size_t blocks,
-                        const AES_KEY *key, unsigned char iv[16],
-                        SHA_CTX *ctx, const void *in0);
-
-#  define data(ctx) ((EVP_AES_HMAC_SHA1 *)(ctx)->cipher_data)
-
-static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
-                                        const unsigned char *inkey,
-                                        const unsigned char *iv, int enc)
-{
-    EVP_AES_HMAC_SHA1 *key = data(ctx);
-    int ret;
-
-    if (enc)
-        ret = aesni_set_encrypt_key(inkey, ctx->key_len * 8, &key->ks);
-    else
-        ret = aesni_set_decrypt_key(inkey, ctx->key_len * 8, &key->ks);
-
-    SHA1_Init(&key->head);      /* handy when benchmarking */
-    key->tail = key->head;
-    key->md = key->head;
-
-    key->payload_length = NO_PAYLOAD_LENGTH;
-
-    return ret < 0 ? 0 : 1;
-}
-
-#  define STITCHED_CALL
-
-#  if !defined(STITCHED_CALL)
-#   define aes_off 0
-#  endif
-
-void sha1_block_data_order(void *c, const void *p, size_t len);
-
-static void sha1_update(SHA_CTX *c, const void *data, size_t len)
-{
-    const unsigned char *ptr = data;
-    size_t res;
-
-    if ((res = c->num)) {
-        res = SHA_CBLOCK - res;
-        if (len < res)
-            res = len;
-        SHA1_Update(c, ptr, res);
-        ptr += res;
-        len -= res;
-    }
-
-    res = len % SHA_CBLOCK;
-    len -= res;
-
-    if (len) {
-        sha1_block_data_order(c, ptr, len / SHA_CBLOCK);
-
-        ptr += len;
-        c->Nh += len >> 29;
-        c->Nl += len <<= 3;
-        if (c->Nl < (unsigned int)len)
-            c->Nh++;
-    }
-
-    if (res)
-        SHA1_Update(c, ptr, res);
-}
-
-#  ifdef SHA1_Update
-#   undef SHA1_Update
-#  endif
-#  define SHA1_Update sha1_update
-
-static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-                                      const unsigned char *in, size_t len)
-{
-    EVP_AES_HMAC_SHA1 *key = data(ctx);
-    unsigned int l;
-    size_t plen = key->payload_length, iv = 0, /* explicit IV in TLS 1.1 and
-                                                * later */
-        sha_off = 0;
-#  if defined(STITCHED_CALL)
-    size_t aes_off = 0, blocks;
-
-    sha_off = SHA_CBLOCK - key->md.num;
-#  endif
-
-    key->payload_length = NO_PAYLOAD_LENGTH;
-
-    if (len % AES_BLOCK_SIZE)
-        return 0;
-
-    if (ctx->encrypt) {
-        if (plen == NO_PAYLOAD_LENGTH)
-            plen = len;
-        else if (len !=
-                 ((plen + SHA_DIGEST_LENGTH +
-                   AES_BLOCK_SIZE) & -AES_BLOCK_SIZE))
-            return 0;
-        else if (key->aux.tls_ver >= TLS1_1_VERSION)
-            iv = AES_BLOCK_SIZE;
-
-#  if defined(STITCHED_CALL)
-        if (plen > (sha_off + iv)
-            && (blocks = (plen - (sha_off + iv)) / SHA_CBLOCK)) {
-            SHA1_Update(&key->md, in + iv, sha_off);
-
-            aesni_cbc_sha1_enc(in, out, blocks, &key->ks,
-                               ctx->iv, &key->md, in + iv + sha_off);
-            blocks *= SHA_CBLOCK;
-            aes_off += blocks;
-            sha_off += blocks;
-            key->md.Nh += blocks >> 29;
-            key->md.Nl += blocks <<= 3;
-            if (key->md.Nl < (unsigned int)blocks)
-                key->md.Nh++;
-        } else {
-            sha_off = 0;
-        }
-#  endif
-        sha_off += iv;
-        SHA1_Update(&key->md, in + sha_off, plen - sha_off);
-
-        if (plen != len) {      /* "TLS" mode of operation */
-            if (in != out)
-                memcpy(out + aes_off, in + aes_off, plen - aes_off);
-
-            /* calculate HMAC and append it to payload */
-            SHA1_Final(out + plen, &key->md);
-            key->md = key->tail;
-            SHA1_Update(&key->md, out + plen, SHA_DIGEST_LENGTH);
-            SHA1_Final(out + plen, &key->md);
-
-            /* pad the payload|hmac */
-            plen += SHA_DIGEST_LENGTH;
-            for (l = len - plen - 1; plen < len; plen++)
-                out[plen] = l;
-            /* encrypt HMAC|padding at once */
-            aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off,
-                              &key->ks, ctx->iv, 1);
-        } else {
-            aesni_cbc_encrypt(in + aes_off, out + aes_off, len - aes_off,
-                              &key->ks, ctx->iv, 1);
-        }
-    } else {
-        union {
-            unsigned int u[SHA_DIGEST_LENGTH / sizeof(unsigned int)];
-            unsigned char c[32 + SHA_DIGEST_LENGTH];
-        } mac, *pmac;
-
-        /* arrange cache line alignment */
-        pmac = (void *)(((size_t)mac.c + 31) & ((size_t)0 - 32));
-
-        /* decrypt HMAC|padding at once */
-        aesni_cbc_encrypt(in, out, len, &key->ks, ctx->iv, 0);
-
-        if (plen) {             /* "TLS" mode of operation */
-            size_t inp_len, mask, j, i;
-            unsigned int res, maxpad, pad, bitlen;
-            int ret = 1;
-            union {
-                unsigned int u[SHA_LBLOCK];
-                unsigned char c[SHA_CBLOCK];
-            } *data = (void *)key->md.data;
-
-            if ((key->aux.tls_aad[plen - 4] << 8 | key->aux.tls_aad[plen - 3])
-                >= TLS1_1_VERSION)
-                iv = AES_BLOCK_SIZE;
-
-            if (len < (iv + SHA_DIGEST_LENGTH + 1))
-                return 0;
-
-            /* omit explicit iv */
-            out += iv;
-            len -= iv;
-
-            /* figure out payload length */
-            pad = out[len - 1];
-            maxpad = len - (SHA_DIGEST_LENGTH + 1);
-            maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
-            maxpad &= 255;
-
-            inp_len = len - (SHA_DIGEST_LENGTH + pad + 1);
-            mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1)));
-            inp_len &= mask;
-            ret &= (int)mask;
-
-            key->aux.tls_aad[plen - 2] = inp_len >> 8;
-            key->aux.tls_aad[plen - 1] = inp_len;
-
-            /* calculate HMAC */
-            key->md = key->head;
-            SHA1_Update(&key->md, key->aux.tls_aad, plen);
-
-#  if 1
-            len -= SHA_DIGEST_LENGTH; /* amend mac */
-            if (len >= (256 + SHA_CBLOCK)) {
-                j = (len - (256 + SHA_CBLOCK)) & (0 - SHA_CBLOCK);
-                j += SHA_CBLOCK - key->md.num;
-                SHA1_Update(&key->md, out, j);
-                out += j;
-                len -= j;
-                inp_len -= j;
-            }
-
-            /* but pretend as if we hashed padded payload */
-            bitlen = key->md.Nl + (inp_len << 3); /* at most 18 bits */
-#   ifdef BSWAP
-            bitlen = BSWAP(bitlen);
-#   else
-            mac.c[0] = 0;
-            mac.c[1] = (unsigned char)(bitlen >> 16);
-            mac.c[2] = (unsigned char)(bitlen >> 8);
-            mac.c[3] = (unsigned char)bitlen;
-            bitlen = mac.u[0];
-#   endif
-
-            pmac->u[0] = 0;
-            pmac->u[1] = 0;
-            pmac->u[2] = 0;
-            pmac->u[3] = 0;
-            pmac->u[4] = 0;
-
-            for (res = key->md.num, j = 0; j < len; j++) {
-                size_t c = out[j];
-                mask = (j - inp_len) >> (sizeof(j) * 8 - 8);
-                c &= mask;
-                c |= 0x80 & ~mask & ~((inp_len - j) >> (sizeof(j) * 8 - 8));
-                data->c[res++] = (unsigned char)c;
-
-                if (res != SHA_CBLOCK)
-                    continue;
-
-                /* j is not incremented yet */
-                mask = 0 - ((inp_len + 7 - j) >> (sizeof(j) * 8 - 1));
-                data->u[SHA_LBLOCK - 1] |= bitlen & mask;
-                sha1_block_data_order(&key->md, data, 1);
-                mask &= 0 - ((j - inp_len - 72) >> (sizeof(j) * 8 - 1));
-                pmac->u[0] |= key->md.h0 & mask;
-                pmac->u[1] |= key->md.h1 & mask;
-                pmac->u[2] |= key->md.h2 & mask;
-                pmac->u[3] |= key->md.h3 & mask;
-                pmac->u[4] |= key->md.h4 & mask;
-                res = 0;
-            }
-
-            for (i = res; i < SHA_CBLOCK; i++, j++)
-                data->c[i] = 0;
-
-            if (res > SHA_CBLOCK - 8) {
-                mask = 0 - ((inp_len + 8 - j) >> (sizeof(j) * 8 - 1));
-                data->u[SHA_LBLOCK - 1] |= bitlen & mask;
-                sha1_block_data_order(&key->md, data, 1);
-                mask &= 0 - ((j - inp_len - 73) >> (sizeof(j) * 8 - 1));
-                pmac->u[0] |= key->md.h0 & mask;
-                pmac->u[1] |= key->md.h1 & mask;
-                pmac->u[2] |= key->md.h2 & mask;
-                pmac->u[3] |= key->md.h3 & mask;
-                pmac->u[4] |= key->md.h4 & mask;
-
-                memset(data, 0, SHA_CBLOCK);
-                j += 64;
-            }
-            data->u[SHA_LBLOCK - 1] = bitlen;
-            sha1_block_data_order(&key->md, data, 1);
-            mask = 0 - ((j - inp_len - 73) >> (sizeof(j) * 8 - 1));
-            pmac->u[0] |= key->md.h0 & mask;
-            pmac->u[1] |= key->md.h1 & mask;
-            pmac->u[2] |= key->md.h2 & mask;
-            pmac->u[3] |= key->md.h3 & mask;
-            pmac->u[4] |= key->md.h4 & mask;
-
-#   ifdef BSWAP
-            pmac->u[0] = BSWAP(pmac->u[0]);
-            pmac->u[1] = BSWAP(pmac->u[1]);
-            pmac->u[2] = BSWAP(pmac->u[2]);
-            pmac->u[3] = BSWAP(pmac->u[3]);
-            pmac->u[4] = BSWAP(pmac->u[4]);
-#   else
-            for (i = 0; i < 5; i++) {
-                res = pmac->u[i];
-                pmac->c[4 * i + 0] = (unsigned char)(res >> 24);
-                pmac->c[4 * i + 1] = (unsigned char)(res >> 16);
-                pmac->c[4 * i + 2] = (unsigned char)(res >> 8);
-                pmac->c[4 * i + 3] = (unsigned char)res;
-            }
-#   endif
-            len += SHA_DIGEST_LENGTH;
-#  else
-            SHA1_Update(&key->md, out, inp_len);
-            res = key->md.num;
-            SHA1_Final(pmac->c, &key->md);
-
-            {
-                unsigned int inp_blocks, pad_blocks;
-
-                /* but pretend as if we hashed padded payload */
-                inp_blocks =
-                    1 + ((SHA_CBLOCK - 9 - res) >> (sizeof(res) * 8 - 1));
-                res += (unsigned int)(len - inp_len);
-                pad_blocks = res / SHA_CBLOCK;
-                res %= SHA_CBLOCK;
-                pad_blocks +=
-                    1 + ((SHA_CBLOCK - 9 - res) >> (sizeof(res) * 8 - 1));
-                for (; inp_blocks < pad_blocks; inp_blocks++)
-                    sha1_block_data_order(&key->md, data, 1);
-            }
-#  endif
-            key->md = key->tail;
-            SHA1_Update(&key->md, pmac->c, SHA_DIGEST_LENGTH);
-            SHA1_Final(pmac->c, &key->md);
-
-            /* verify HMAC */
-            out += inp_len;
-            len -= inp_len;
-#  if 1
-            {
-                unsigned char *p = out + len - 1 - maxpad - SHA_DIGEST_LENGTH;
-                size_t off = out - p;
-                unsigned int c, cmask;
-
-                maxpad += SHA_DIGEST_LENGTH;
-                for (res = 0, i = 0, j = 0; j < maxpad; j++) {
-                    c = p[j];
-                    cmask =
-                        ((int)(j - off - SHA_DIGEST_LENGTH)) >> (sizeof(int) *
-                                                                 8 - 1);
-                    res |= (c ^ pad) & ~cmask; /* ... and padding */
-                    cmask &= ((int)(off - 1 - j)) >> (sizeof(int) * 8 - 1);
-                    res |= (c ^ pmac->c[i]) & cmask;
-                    i += 1 & cmask;
-                }
-                maxpad -= SHA_DIGEST_LENGTH;
-
-                res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
-                ret &= (int)~res;
-            }
-#  else
-            for (res = 0, i = 0; i < SHA_DIGEST_LENGTH; i++)
-                res |= out[i] ^ pmac->c[i];
-            res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
-            ret &= (int)~res;
-
-            /* verify padding */
-            pad = (pad & ~res) | (maxpad & res);
-            out = out + len - 1 - pad;
-            for (res = 0, i = 0; i < pad; i++)
-                res |= out[i] ^ pad;
-
-            res = (0 - res) >> (sizeof(res) * 8 - 1);
-            ret &= (int)~res;
-#  endif
-            return ret;
-        } else {
-            SHA1_Update(&key->md, out, len);
-        }
-    }
-
-    return 1;
-}
-
-static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
-                                    void *ptr)
-{
-    EVP_AES_HMAC_SHA1 *key = data(ctx);
-
-    switch (type) {
-    case EVP_CTRL_AEAD_SET_MAC_KEY:
-        {
-            unsigned int i;
-            unsigned char hmac_key[64];
-
-            memset(hmac_key, 0, sizeof(hmac_key));
-
-            if (arg > (int)sizeof(hmac_key)) {
-                SHA1_Init(&key->head);
-                SHA1_Update(&key->head, ptr, arg);
-                SHA1_Final(hmac_key, &key->head);
-            } else {
-                memcpy(hmac_key, ptr, arg);
-            }
-
-            for (i = 0; i < sizeof(hmac_key); i++)
-                hmac_key[i] ^= 0x36; /* ipad */
-            SHA1_Init(&key->head);
-            SHA1_Update(&key->head, hmac_key, sizeof(hmac_key));
-
-            for (i = 0; i < sizeof(hmac_key); i++)
-                hmac_key[i] ^= 0x36 ^ 0x5c; /* opad */
-            SHA1_Init(&key->tail);
-            SHA1_Update(&key->tail, hmac_key, sizeof(hmac_key));
-
-            OPENSSL_cleanse(hmac_key, sizeof(hmac_key));
-
-            return 1;
-        }
-    case EVP_CTRL_AEAD_TLS1_AAD:
-        {
-            unsigned char *p = ptr;
-            unsigned int len;
-
-            if (arg != EVP_AEAD_TLS1_AAD_LEN)
-                return -1;
- 
-            len = p[arg - 2] << 8 | p[arg - 1];
-
-            if (ctx->encrypt) {
-                key->payload_length = len;
-                if ((key->aux.tls_ver =
-                     p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {
-                    len -= AES_BLOCK_SIZE;
-                    p[arg - 2] = len >> 8;
-                    p[arg - 1] = len;
-                }
-                key->md = key->head;
-                SHA1_Update(&key->md, p, arg);
-
-                return (int)(((len + SHA_DIGEST_LENGTH +
-                               AES_BLOCK_SIZE) & -AES_BLOCK_SIZE)
-                             - len);
-            } else {
-                memcpy(key->aux.tls_aad, ptr, arg);
-                key->payload_length = arg;
-
-                return SHA_DIGEST_LENGTH;
-            }
-        }
-    default:
-        return -1;
-    }
-}
-
-static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = {
-#  ifdef NID_aes_128_cbc_hmac_sha1
-    NID_aes_128_cbc_hmac_sha1,
-#  else
-    NID_undef,
-#  endif
-    16, 16, 16,
-    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |
-        EVP_CIPH_FLAG_AEAD_CIPHER,
-    aesni_cbc_hmac_sha1_init_key,
-    aesni_cbc_hmac_sha1_cipher,
-    NULL,
-    sizeof(EVP_AES_HMAC_SHA1),
-    EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_set_asn1_iv,
-    EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_get_asn1_iv,
-    aesni_cbc_hmac_sha1_ctrl,
-    NULL
-};
-
-static EVP_CIPHER aesni_256_cbc_hmac_sha1_cipher = {
-#  ifdef NID_aes_256_cbc_hmac_sha1
-    NID_aes_256_cbc_hmac_sha1,
-#  else
-    NID_undef,
-#  endif
-    16, 32, 16,
-    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |
-        EVP_CIPH_FLAG_AEAD_CIPHER,
-    aesni_cbc_hmac_sha1_init_key,
-    aesni_cbc_hmac_sha1_cipher,
-    NULL,
-    sizeof(EVP_AES_HMAC_SHA1),
-    EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_set_asn1_iv,
-    EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_get_asn1_iv,
-    aesni_cbc_hmac_sha1_ctrl,
-    NULL
-};
-
-const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void)
-{
-    return (OPENSSL_ia32cap_P[1] & AESNI_CAPABLE ?
-            &aesni_128_cbc_hmac_sha1_cipher : NULL);
-}
-
-const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void)
-{
-    return (OPENSSL_ia32cap_P[1] & AESNI_CAPABLE ?
-            &aesni_256_cbc_hmac_sha1_cipher : NULL);
-}
-# else
-const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void)
-{
-    return NULL;
-}
-
-const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void)
-{
-    return NULL;
-}
-# endif
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/evp/e_aes_cbc_hmac_sha1.c (from rev 11605, vendor-crypto/openssl/dist/crypto/evp/e_aes_cbc_hmac_sha1.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/evp/e_aes_cbc_hmac_sha1.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/evp/e_aes_cbc_hmac_sha1.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,602 @@
+/* ====================================================================
+ * Copyright (c) 2011-2013 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <openssl/opensslconf.h>
+
+#include <stdio.h>
+#include <string.h>
+
+#if !defined(OPENSSL_NO_AES) && !defined(OPENSSL_NO_SHA1)
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/aes.h>
+# include <openssl/sha.h>
+# include "evp_locl.h"
+# include "constant_time_locl.h"
+
+# ifndef EVP_CIPH_FLAG_AEAD_CIPHER
+#  define EVP_CIPH_FLAG_AEAD_CIPHER       0x200000
+#  define EVP_CTRL_AEAD_TLS1_AAD          0x16
+#  define EVP_CTRL_AEAD_SET_MAC_KEY       0x17
+# endif
+
+# if !defined(EVP_CIPH_FLAG_DEFAULT_ASN1)
+#  define EVP_CIPH_FLAG_DEFAULT_ASN1 0
+# endif
+
+# define TLS1_1_VERSION 0x0302
+
+typedef struct {
+    AES_KEY ks;
+    SHA_CTX head, tail, md;
+    size_t payload_length;      /* AAD length in decrypt case */
+    union {
+        unsigned int tls_ver;
+        unsigned char tls_aad[16]; /* 13 used */
+    } aux;
+} EVP_AES_HMAC_SHA1;
+
+# define NO_PAYLOAD_LENGTH       ((size_t)-1)
+
+# if     defined(AES_ASM) &&     ( \
+        defined(__x86_64)       || defined(__x86_64__)  || \
+        defined(_M_AMD64)       || defined(_M_X64)      || \
+        defined(__INTEL__)      )
+
+#  if defined(__GNUC__) && __GNUC__>=2 && !defined(PEDANTIC)
+#   define BSWAP(x) ({ unsigned int r=(x); asm ("bswapl %0":"=r"(r):"0"(r)); r; })
+#  endif
+
+extern unsigned int OPENSSL_ia32cap_P[2];
+#  define AESNI_CAPABLE   (1<<(57-32))
+
+int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
+                          AES_KEY *key);
+int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
+                          AES_KEY *key);
+
+void aesni_cbc_encrypt(const unsigned char *in,
+                       unsigned char *out,
+                       size_t length,
+                       const AES_KEY *key, unsigned char *ivec, int enc);
+
+void aesni_cbc_sha1_enc(const void *inp, void *out, size_t blocks,
+                        const AES_KEY *key, unsigned char iv[16],
+                        SHA_CTX *ctx, const void *in0);
+
+#  define data(ctx) ((EVP_AES_HMAC_SHA1 *)(ctx)->cipher_data)
+
+static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
+                                        const unsigned char *inkey,
+                                        const unsigned char *iv, int enc)
+{
+    EVP_AES_HMAC_SHA1 *key = data(ctx);
+    int ret;
+
+    if (enc)
+        ret = aesni_set_encrypt_key(inkey, ctx->key_len * 8, &key->ks);
+    else
+        ret = aesni_set_decrypt_key(inkey, ctx->key_len * 8, &key->ks);
+
+    SHA1_Init(&key->head);      /* handy when benchmarking */
+    key->tail = key->head;
+    key->md = key->head;
+
+    key->payload_length = NO_PAYLOAD_LENGTH;
+
+    return ret < 0 ? 0 : 1;
+}
+
+#  define STITCHED_CALL
+
+#  if !defined(STITCHED_CALL)
+#   define aes_off 0
+#  endif
+
+void sha1_block_data_order(void *c, const void *p, size_t len);
+
+static void sha1_update(SHA_CTX *c, const void *data, size_t len)
+{
+    const unsigned char *ptr = data;
+    size_t res;
+
+    if ((res = c->num)) {
+        res = SHA_CBLOCK - res;
+        if (len < res)
+            res = len;
+        SHA1_Update(c, ptr, res);
+        ptr += res;
+        len -= res;
+    }
+
+    res = len % SHA_CBLOCK;
+    len -= res;
+
+    if (len) {
+        sha1_block_data_order(c, ptr, len / SHA_CBLOCK);
+
+        ptr += len;
+        c->Nh += len >> 29;
+        c->Nl += len <<= 3;
+        if (c->Nl < (unsigned int)len)
+            c->Nh++;
+    }
+
+    if (res)
+        SHA1_Update(c, ptr, res);
+}
+
+#  ifdef SHA1_Update
+#   undef SHA1_Update
+#  endif
+#  define SHA1_Update sha1_update
+
+static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                      const unsigned char *in, size_t len)
+{
+    EVP_AES_HMAC_SHA1 *key = data(ctx);
+    unsigned int l;
+    size_t plen = key->payload_length, iv = 0, /* explicit IV in TLS 1.1 and
+                                                * later */
+        sha_off = 0;
+#  if defined(STITCHED_CALL)
+    size_t aes_off = 0, blocks;
+
+    sha_off = SHA_CBLOCK - key->md.num;
+#  endif
+
+    key->payload_length = NO_PAYLOAD_LENGTH;
+
+    if (len % AES_BLOCK_SIZE)
+        return 0;
+
+    if (ctx->encrypt) {
+        if (plen == NO_PAYLOAD_LENGTH)
+            plen = len;
+        else if (len !=
+                 ((plen + SHA_DIGEST_LENGTH +
+                   AES_BLOCK_SIZE) & -AES_BLOCK_SIZE))
+            return 0;
+        else if (key->aux.tls_ver >= TLS1_1_VERSION)
+            iv = AES_BLOCK_SIZE;
+
+#  if defined(STITCHED_CALL)
+        if (plen > (sha_off + iv)
+            && (blocks = (plen - (sha_off + iv)) / SHA_CBLOCK)) {
+            SHA1_Update(&key->md, in + iv, sha_off);
+
+            aesni_cbc_sha1_enc(in, out, blocks, &key->ks,
+                               ctx->iv, &key->md, in + iv + sha_off);
+            blocks *= SHA_CBLOCK;
+            aes_off += blocks;
+            sha_off += blocks;
+            key->md.Nh += blocks >> 29;
+            key->md.Nl += blocks <<= 3;
+            if (key->md.Nl < (unsigned int)blocks)
+                key->md.Nh++;
+        } else {
+            sha_off = 0;
+        }
+#  endif
+        sha_off += iv;
+        SHA1_Update(&key->md, in + sha_off, plen - sha_off);
+
+        if (plen != len) {      /* "TLS" mode of operation */
+            if (in != out)
+                memcpy(out + aes_off, in + aes_off, plen - aes_off);
+
+            /* calculate HMAC and append it to payload */
+            SHA1_Final(out + plen, &key->md);
+            key->md = key->tail;
+            SHA1_Update(&key->md, out + plen, SHA_DIGEST_LENGTH);
+            SHA1_Final(out + plen, &key->md);
+
+            /* pad the payload|hmac */
+            plen += SHA_DIGEST_LENGTH;
+            for (l = len - plen - 1; plen < len; plen++)
+                out[plen] = l;
+            /* encrypt HMAC|padding at once */
+            aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off,
+                              &key->ks, ctx->iv, 1);
+        } else {
+            aesni_cbc_encrypt(in + aes_off, out + aes_off, len - aes_off,
+                              &key->ks, ctx->iv, 1);
+        }
+    } else {
+        union {
+            unsigned int u[SHA_DIGEST_LENGTH / sizeof(unsigned int)];
+            unsigned char c[32 + SHA_DIGEST_LENGTH];
+        } mac, *pmac;
+
+        /* arrange cache line alignment */
+        pmac = (void *)(((size_t)mac.c + 31) & ((size_t)0 - 32));
+
+        /* decrypt HMAC|padding at once */
+        aesni_cbc_encrypt(in, out, len, &key->ks, ctx->iv, 0);
+
+        if (plen) {             /* "TLS" mode of operation */
+            size_t inp_len, mask, j, i;
+            unsigned int res, maxpad, pad, bitlen;
+            int ret = 1;
+            union {
+                unsigned int u[SHA_LBLOCK];
+                unsigned char c[SHA_CBLOCK];
+            } *data = (void *)key->md.data;
+
+            if ((key->aux.tls_aad[plen - 4] << 8 | key->aux.tls_aad[plen - 3])
+                >= TLS1_1_VERSION)
+                iv = AES_BLOCK_SIZE;
+
+            if (len < (iv + SHA_DIGEST_LENGTH + 1))
+                return 0;
+
+            /* omit explicit iv */
+            out += iv;
+            len -= iv;
+
+            /* figure out payload length */
+            pad = out[len - 1];
+            maxpad = len - (SHA_DIGEST_LENGTH + 1);
+            maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
+            maxpad &= 255;
+
+            ret &= constant_time_ge(maxpad, pad);
+
+            inp_len = len - (SHA_DIGEST_LENGTH + pad + 1);
+            mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1)));
+            inp_len &= mask;
+            ret &= (int)mask;
+
+            key->aux.tls_aad[plen - 2] = inp_len >> 8;
+            key->aux.tls_aad[plen - 1] = inp_len;
+
+            /* calculate HMAC */
+            key->md = key->head;
+            SHA1_Update(&key->md, key->aux.tls_aad, plen);
+
+#  if 1
+            len -= SHA_DIGEST_LENGTH; /* amend mac */
+            if (len >= (256 + SHA_CBLOCK)) {
+                j = (len - (256 + SHA_CBLOCK)) & (0 - SHA_CBLOCK);
+                j += SHA_CBLOCK - key->md.num;
+                SHA1_Update(&key->md, out, j);
+                out += j;
+                len -= j;
+                inp_len -= j;
+            }
+
+            /* but pretend as if we hashed padded payload */
+            bitlen = key->md.Nl + (inp_len << 3); /* at most 18 bits */
+#   ifdef BSWAP
+            bitlen = BSWAP(bitlen);
+#   else
+            mac.c[0] = 0;
+            mac.c[1] = (unsigned char)(bitlen >> 16);
+            mac.c[2] = (unsigned char)(bitlen >> 8);
+            mac.c[3] = (unsigned char)bitlen;
+            bitlen = mac.u[0];
+#   endif
+
+            pmac->u[0] = 0;
+            pmac->u[1] = 0;
+            pmac->u[2] = 0;
+            pmac->u[3] = 0;
+            pmac->u[4] = 0;
+
+            for (res = key->md.num, j = 0; j < len; j++) {
+                size_t c = out[j];
+                mask = (j - inp_len) >> (sizeof(j) * 8 - 8);
+                c &= mask;
+                c |= 0x80 & ~mask & ~((inp_len - j) >> (sizeof(j) * 8 - 8));
+                data->c[res++] = (unsigned char)c;
+
+                if (res != SHA_CBLOCK)
+                    continue;
+
+                /* j is not incremented yet */
+                mask = 0 - ((inp_len + 7 - j) >> (sizeof(j) * 8 - 1));
+                data->u[SHA_LBLOCK - 1] |= bitlen & mask;
+                sha1_block_data_order(&key->md, data, 1);
+                mask &= 0 - ((j - inp_len - 72) >> (sizeof(j) * 8 - 1));
+                pmac->u[0] |= key->md.h0 & mask;
+                pmac->u[1] |= key->md.h1 & mask;
+                pmac->u[2] |= key->md.h2 & mask;
+                pmac->u[3] |= key->md.h3 & mask;
+                pmac->u[4] |= key->md.h4 & mask;
+                res = 0;
+            }
+
+            for (i = res; i < SHA_CBLOCK; i++, j++)
+                data->c[i] = 0;
+
+            if (res > SHA_CBLOCK - 8) {
+                mask = 0 - ((inp_len + 8 - j) >> (sizeof(j) * 8 - 1));
+                data->u[SHA_LBLOCK - 1] |= bitlen & mask;
+                sha1_block_data_order(&key->md, data, 1);
+                mask &= 0 - ((j - inp_len - 73) >> (sizeof(j) * 8 - 1));
+                pmac->u[0] |= key->md.h0 & mask;
+                pmac->u[1] |= key->md.h1 & mask;
+                pmac->u[2] |= key->md.h2 & mask;
+                pmac->u[3] |= key->md.h3 & mask;
+                pmac->u[4] |= key->md.h4 & mask;
+
+                memset(data, 0, SHA_CBLOCK);
+                j += 64;
+            }
+            data->u[SHA_LBLOCK - 1] = bitlen;
+            sha1_block_data_order(&key->md, data, 1);
+            mask = 0 - ((j - inp_len - 73) >> (sizeof(j) * 8 - 1));
+            pmac->u[0] |= key->md.h0 & mask;
+            pmac->u[1] |= key->md.h1 & mask;
+            pmac->u[2] |= key->md.h2 & mask;
+            pmac->u[3] |= key->md.h3 & mask;
+            pmac->u[4] |= key->md.h4 & mask;
+
+#   ifdef BSWAP
+            pmac->u[0] = BSWAP(pmac->u[0]);
+            pmac->u[1] = BSWAP(pmac->u[1]);
+            pmac->u[2] = BSWAP(pmac->u[2]);
+            pmac->u[3] = BSWAP(pmac->u[3]);
+            pmac->u[4] = BSWAP(pmac->u[4]);
+#   else
+            for (i = 0; i < 5; i++) {
+                res = pmac->u[i];
+                pmac->c[4 * i + 0] = (unsigned char)(res >> 24);
+                pmac->c[4 * i + 1] = (unsigned char)(res >> 16);
+                pmac->c[4 * i + 2] = (unsigned char)(res >> 8);
+                pmac->c[4 * i + 3] = (unsigned char)res;
+            }
+#   endif
+            len += SHA_DIGEST_LENGTH;
+#  else
+            SHA1_Update(&key->md, out, inp_len);
+            res = key->md.num;
+            SHA1_Final(pmac->c, &key->md);
+
+            {
+                unsigned int inp_blocks, pad_blocks;
+
+                /* but pretend as if we hashed padded payload */
+                inp_blocks =
+                    1 + ((SHA_CBLOCK - 9 - res) >> (sizeof(res) * 8 - 1));
+                res += (unsigned int)(len - inp_len);
+                pad_blocks = res / SHA_CBLOCK;
+                res %= SHA_CBLOCK;
+                pad_blocks +=
+                    1 + ((SHA_CBLOCK - 9 - res) >> (sizeof(res) * 8 - 1));
+                for (; inp_blocks < pad_blocks; inp_blocks++)
+                    sha1_block_data_order(&key->md, data, 1);
+            }
+#  endif
+            key->md = key->tail;
+            SHA1_Update(&key->md, pmac->c, SHA_DIGEST_LENGTH);
+            SHA1_Final(pmac->c, &key->md);
+
+            /* verify HMAC */
+            out += inp_len;
+            len -= inp_len;
+#  if 1
+            {
+                unsigned char *p = out + len - 1 - maxpad - SHA_DIGEST_LENGTH;
+                size_t off = out - p;
+                unsigned int c, cmask;
+
+                maxpad += SHA_DIGEST_LENGTH;
+                for (res = 0, i = 0, j = 0; j < maxpad; j++) {
+                    c = p[j];
+                    cmask =
+                        ((int)(j - off - SHA_DIGEST_LENGTH)) >> (sizeof(int) *
+                                                                 8 - 1);
+                    res |= (c ^ pad) & ~cmask; /* ... and padding */
+                    cmask &= ((int)(off - 1 - j)) >> (sizeof(int) * 8 - 1);
+                    res |= (c ^ pmac->c[i]) & cmask;
+                    i += 1 & cmask;
+                }
+                maxpad -= SHA_DIGEST_LENGTH;
+
+                res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
+                ret &= (int)~res;
+            }
+#  else
+            for (res = 0, i = 0; i < SHA_DIGEST_LENGTH; i++)
+                res |= out[i] ^ pmac->c[i];
+            res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
+            ret &= (int)~res;
+
+            /* verify padding */
+            pad = (pad & ~res) | (maxpad & res);
+            out = out + len - 1 - pad;
+            for (res = 0, i = 0; i < pad; i++)
+                res |= out[i] ^ pad;
+
+            res = (0 - res) >> (sizeof(res) * 8 - 1);
+            ret &= (int)~res;
+#  endif
+            return ret;
+        } else {
+            SHA1_Update(&key->md, out, len);
+        }
+    }
+
+    return 1;
+}
+
+static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+                                    void *ptr)
+{
+    EVP_AES_HMAC_SHA1 *key = data(ctx);
+
+    switch (type) {
+    case EVP_CTRL_AEAD_SET_MAC_KEY:
+        {
+            unsigned int i;
+            unsigned char hmac_key[64];
+
+            memset(hmac_key, 0, sizeof(hmac_key));
+
+            if (arg > (int)sizeof(hmac_key)) {
+                SHA1_Init(&key->head);
+                SHA1_Update(&key->head, ptr, arg);
+                SHA1_Final(hmac_key, &key->head);
+            } else {
+                memcpy(hmac_key, ptr, arg);
+            }
+
+            for (i = 0; i < sizeof(hmac_key); i++)
+                hmac_key[i] ^= 0x36; /* ipad */
+            SHA1_Init(&key->head);
+            SHA1_Update(&key->head, hmac_key, sizeof(hmac_key));
+
+            for (i = 0; i < sizeof(hmac_key); i++)
+                hmac_key[i] ^= 0x36 ^ 0x5c; /* opad */
+            SHA1_Init(&key->tail);
+            SHA1_Update(&key->tail, hmac_key, sizeof(hmac_key));
+
+            OPENSSL_cleanse(hmac_key, sizeof(hmac_key));
+
+            return 1;
+        }
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        {
+            unsigned char *p = ptr;
+            unsigned int len;
+
+            if (arg != EVP_AEAD_TLS1_AAD_LEN)
+                return -1;
+ 
+            len = p[arg - 2] << 8 | p[arg - 1];
+
+            if (ctx->encrypt) {
+                key->payload_length = len;
+                if ((key->aux.tls_ver =
+                     p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {
+                    len -= AES_BLOCK_SIZE;
+                    p[arg - 2] = len >> 8;
+                    p[arg - 1] = len;
+                }
+                key->md = key->head;
+                SHA1_Update(&key->md, p, arg);
+
+                return (int)(((len + SHA_DIGEST_LENGTH +
+                               AES_BLOCK_SIZE) & -AES_BLOCK_SIZE)
+                             - len);
+            } else {
+                memcpy(key->aux.tls_aad, ptr, arg);
+                key->payload_length = arg;
+
+                return SHA_DIGEST_LENGTH;
+            }
+        }
+    default:
+        return -1;
+    }
+}
+
+static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = {
+#  ifdef NID_aes_128_cbc_hmac_sha1
+    NID_aes_128_cbc_hmac_sha1,
+#  else
+    NID_undef,
+#  endif
+    16, 16, 16,
+    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |
+        EVP_CIPH_FLAG_AEAD_CIPHER,
+    aesni_cbc_hmac_sha1_init_key,
+    aesni_cbc_hmac_sha1_cipher,
+    NULL,
+    sizeof(EVP_AES_HMAC_SHA1),
+    EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_set_asn1_iv,
+    EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_get_asn1_iv,
+    aesni_cbc_hmac_sha1_ctrl,
+    NULL
+};
+
+static EVP_CIPHER aesni_256_cbc_hmac_sha1_cipher = {
+#  ifdef NID_aes_256_cbc_hmac_sha1
+    NID_aes_256_cbc_hmac_sha1,
+#  else
+    NID_undef,
+#  endif
+    16, 32, 16,
+    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |
+        EVP_CIPH_FLAG_AEAD_CIPHER,
+    aesni_cbc_hmac_sha1_init_key,
+    aesni_cbc_hmac_sha1_cipher,
+    NULL,
+    sizeof(EVP_AES_HMAC_SHA1),
+    EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_set_asn1_iv,
+    EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_get_asn1_iv,
+    aesni_cbc_hmac_sha1_ctrl,
+    NULL
+};
+
+const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void)
+{
+    return (OPENSSL_ia32cap_P[1] & AESNI_CAPABLE ?
+            &aesni_128_cbc_hmac_sha1_cipher : NULL);
+}
+
+const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void)
+{
+    return (OPENSSL_ia32cap_P[1] & AESNI_CAPABLE ?
+            &aesni_256_cbc_hmac_sha1_cipher : NULL);
+}
+# else
+const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void)
+{
+    return NULL;
+}
+
+const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void)
+{
+    return NULL;
+}
+# endif
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/evp/e_camellia.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/e_camellia.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/evp/e_camellia.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,119 +0,0 @@
-/* crypto/evp/e_camellia.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_CAMELLIA
-# include <openssl/evp.h>
-# include <openssl/err.h>
-# include <string.h>
-# include <assert.h>
-# include <openssl/camellia.h>
-# include "evp_locl.h"
-
-static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                             const unsigned char *iv, int enc);
-
-/* Camellia subkey Structure */
-typedef struct {
-    CAMELLIA_KEY ks;
-} EVP_CAMELLIA_KEY;
-
-/* Attribute operation for Camellia */
-# define data(ctx)       EVP_C_DATA(EVP_CAMELLIA_KEY,ctx)
-
-IMPLEMENT_BLOCK_CIPHER(camellia_128, ks, Camellia, EVP_CAMELLIA_KEY,
-                       NID_camellia_128, 16, 16, 16, 128,
-                       0, camellia_init_key, NULL,
-                       EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
-    IMPLEMENT_BLOCK_CIPHER(camellia_192, ks, Camellia, EVP_CAMELLIA_KEY,
-                       NID_camellia_192, 16, 24, 16, 128,
-                       0, camellia_init_key, NULL,
-                       EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
-    IMPLEMENT_BLOCK_CIPHER(camellia_256, ks, Camellia, EVP_CAMELLIA_KEY,
-                       NID_camellia_256, 16, 32, 16, 128,
-                       0, camellia_init_key, NULL,
-                       EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
-# define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits)    IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16)
-    IMPLEMENT_CAMELLIA_CFBR(128, 1)
-    IMPLEMENT_CAMELLIA_CFBR(192, 1)
-    IMPLEMENT_CAMELLIA_CFBR(256, 1)
-
-    IMPLEMENT_CAMELLIA_CFBR(128, 8)
-    IMPLEMENT_CAMELLIA_CFBR(192, 8)
-    IMPLEMENT_CAMELLIA_CFBR(256, 8)
-
-/* The subkey for Camellia is generated. */
-static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                             const unsigned char *iv, int enc)
-{
-    int ret;
-
-    ret = Camellia_set_key(key, ctx->key_len * 8, ctx->cipher_data);
-
-    if (ret < 0) {
-        EVPerr(EVP_F_CAMELLIA_INIT_KEY, EVP_R_CAMELLIA_KEY_SETUP_FAILED);
-        return 0;
-    }
-
-    return 1;
-}
-
-#else
-
-# ifdef PEDANTIC
-static void *dummy = &dummy;
-# endif
-
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/evp/e_camellia.c (from rev 11605, vendor-crypto/openssl/dist/crypto/evp/e_camellia.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/evp/e_camellia.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/evp/e_camellia.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,119 @@
+/* crypto/evp/e_camellia.c */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_CAMELLIA
+# include <openssl/evp.h>
+# include <openssl/err.h>
+# include <string.h>
+# include <assert.h>
+# include <openssl/camellia.h>
+# include "evp_locl.h"
+
+static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc);
+
+/* Camellia subkey Structure */
+typedef struct {
+    CAMELLIA_KEY ks;
+} EVP_CAMELLIA_KEY;
+
+/* Attribute operation for Camellia */
+# define data(ctx)       EVP_C_DATA(EVP_CAMELLIA_KEY,ctx)
+
+IMPLEMENT_BLOCK_CIPHER(camellia_128, ks, Camellia, EVP_CAMELLIA_KEY,
+                       NID_camellia_128, 16, 16, 16, 128,
+                       0, camellia_init_key, NULL,
+                       EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
+    IMPLEMENT_BLOCK_CIPHER(camellia_192, ks, Camellia, EVP_CAMELLIA_KEY,
+                       NID_camellia_192, 16, 24, 16, 128,
+                       0, camellia_init_key, NULL,
+                       EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
+    IMPLEMENT_BLOCK_CIPHER(camellia_256, ks, Camellia, EVP_CAMELLIA_KEY,
+                       NID_camellia_256, 16, 32, 16, 128,
+                       0, camellia_init_key, NULL,
+                       EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
+# define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits)    IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16)
+    IMPLEMENT_CAMELLIA_CFBR(128, 1)
+    IMPLEMENT_CAMELLIA_CFBR(192, 1)
+    IMPLEMENT_CAMELLIA_CFBR(256, 1)
+
+    IMPLEMENT_CAMELLIA_CFBR(128, 8)
+    IMPLEMENT_CAMELLIA_CFBR(192, 8)
+    IMPLEMENT_CAMELLIA_CFBR(256, 8)
+
+/* The subkey for Camellia is generated. */
+static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc)
+{
+    int ret;
+
+    ret = Camellia_set_key(key, ctx->key_len * 8, ctx->cipher_data);
+
+    if (ret < 0) {
+        EVPerr(EVP_F_CAMELLIA_INIT_KEY, EVP_R_CAMELLIA_KEY_SETUP_FAILED);
+        return 0;
+    }
+
+    return 1;
+}
+
+#else
+
+# ifdef PEDANTIC
+static void *dummy = &dummy;
+# endif
+
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/evp/e_old.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/e_old.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/evp/e_old.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,164 +0,0 @@
-/* crypto/evp/e_old.c -*- mode:C; c-file-style: "eay" -*- */
-/*
- * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
- * 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifdef OPENSSL_NO_DEPRECATED
-static void *dummy = &dummy;
-#else
-
-# include <openssl/evp.h>
-
-/*
- * Define some deprecated functions, so older programs don't crash and burn
- * too quickly.  On Windows and VMS, these will never be used, since
- * functions and variables in shared libraries are selected by entry point
- * location, not by name.
- */
-
-# ifndef OPENSSL_NO_BF
-#  undef EVP_bf_cfb
-const EVP_CIPHER *EVP_bf_cfb(void);
-const EVP_CIPHER *EVP_bf_cfb(void)
-{
-    return EVP_bf_cfb64();
-}
-# endif
-
-# ifndef OPENSSL_NO_DES
-#  undef EVP_des_cfb
-const EVP_CIPHER *EVP_des_cfb(void);
-const EVP_CIPHER *EVP_des_cfb(void)
-{
-    return EVP_des_cfb64();
-}
-
-#  undef EVP_des_ede3_cfb
-const EVP_CIPHER *EVP_des_ede3_cfb(void);
-const EVP_CIPHER *EVP_des_ede3_cfb(void)
-{
-    return EVP_des_ede3_cfb64();
-}
-
-#  undef EVP_des_ede_cfb
-const EVP_CIPHER *EVP_des_ede_cfb(void);
-const EVP_CIPHER *EVP_des_ede_cfb(void)
-{
-    return EVP_des_ede_cfb64();
-}
-# endif
-
-# ifndef OPENSSL_NO_IDEA
-#  undef EVP_idea_cfb
-const EVP_CIPHER *EVP_idea_cfb(void);
-const EVP_CIPHER *EVP_idea_cfb(void)
-{
-    return EVP_idea_cfb64();
-}
-# endif
-
-# ifndef OPENSSL_NO_RC2
-#  undef EVP_rc2_cfb
-const EVP_CIPHER *EVP_rc2_cfb(void);
-const EVP_CIPHER *EVP_rc2_cfb(void)
-{
-    return EVP_rc2_cfb64();
-}
-# endif
-
-# ifndef OPENSSL_NO_CAST
-#  undef EVP_cast5_cfb
-const EVP_CIPHER *EVP_cast5_cfb(void);
-const EVP_CIPHER *EVP_cast5_cfb(void)
-{
-    return EVP_cast5_cfb64();
-}
-# endif
-
-# ifndef OPENSSL_NO_RC5
-#  undef EVP_rc5_32_12_16_cfb
-const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void);
-const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void)
-{
-    return EVP_rc5_32_12_16_cfb64();
-}
-# endif
-
-# ifndef OPENSSL_NO_AES
-#  undef EVP_aes_128_cfb
-const EVP_CIPHER *EVP_aes_128_cfb(void);
-const EVP_CIPHER *EVP_aes_128_cfb(void)
-{
-    return EVP_aes_128_cfb128();
-}
-
-#  undef EVP_aes_192_cfb
-const EVP_CIPHER *EVP_aes_192_cfb(void);
-const EVP_CIPHER *EVP_aes_192_cfb(void)
-{
-    return EVP_aes_192_cfb128();
-}
-
-#  undef EVP_aes_256_cfb
-const EVP_CIPHER *EVP_aes_256_cfb(void);
-const EVP_CIPHER *EVP_aes_256_cfb(void)
-{
-    return EVP_aes_256_cfb128();
-}
-# endif
-
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/evp/e_old.c (from rev 11605, vendor-crypto/openssl/dist/crypto/evp/e_old.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/evp/e_old.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/evp/e_old.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,164 @@
+/* crypto/evp/e_old.c */
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2004.
+ */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifdef OPENSSL_NO_DEPRECATED
+static void *dummy = &dummy;
+#else
+
+# include <openssl/evp.h>
+
+/*
+ * Define some deprecated functions, so older programs don't crash and burn
+ * too quickly.  On Windows and VMS, these will never be used, since
+ * functions and variables in shared libraries are selected by entry point
+ * location, not by name.
+ */
+
+# ifndef OPENSSL_NO_BF
+#  undef EVP_bf_cfb
+const EVP_CIPHER *EVP_bf_cfb(void);
+const EVP_CIPHER *EVP_bf_cfb(void)
+{
+    return EVP_bf_cfb64();
+}
+# endif
+
+# ifndef OPENSSL_NO_DES
+#  undef EVP_des_cfb
+const EVP_CIPHER *EVP_des_cfb(void);
+const EVP_CIPHER *EVP_des_cfb(void)
+{
+    return EVP_des_cfb64();
+}
+
+#  undef EVP_des_ede3_cfb
+const EVP_CIPHER *EVP_des_ede3_cfb(void);
+const EVP_CIPHER *EVP_des_ede3_cfb(void)
+{
+    return EVP_des_ede3_cfb64();
+}
+
+#  undef EVP_des_ede_cfb
+const EVP_CIPHER *EVP_des_ede_cfb(void);
+const EVP_CIPHER *EVP_des_ede_cfb(void)
+{
+    return EVP_des_ede_cfb64();
+}
+# endif
+
+# ifndef OPENSSL_NO_IDEA
+#  undef EVP_idea_cfb
+const EVP_CIPHER *EVP_idea_cfb(void);
+const EVP_CIPHER *EVP_idea_cfb(void)
+{
+    return EVP_idea_cfb64();
+}
+# endif
+
+# ifndef OPENSSL_NO_RC2
+#  undef EVP_rc2_cfb
+const EVP_CIPHER *EVP_rc2_cfb(void);
+const EVP_CIPHER *EVP_rc2_cfb(void)
+{
+    return EVP_rc2_cfb64();
+}
+# endif
+
+# ifndef OPENSSL_NO_CAST
+#  undef EVP_cast5_cfb
+const EVP_CIPHER *EVP_cast5_cfb(void);
+const EVP_CIPHER *EVP_cast5_cfb(void)
+{
+    return EVP_cast5_cfb64();
+}
+# endif
+
+# ifndef OPENSSL_NO_RC5
+#  undef EVP_rc5_32_12_16_cfb
+const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void);
+const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void)
+{
+    return EVP_rc5_32_12_16_cfb64();
+}
+# endif
+
+# ifndef OPENSSL_NO_AES
+#  undef EVP_aes_128_cfb
+const EVP_CIPHER *EVP_aes_128_cfb(void);
+const EVP_CIPHER *EVP_aes_128_cfb(void)
+{
+    return EVP_aes_128_cfb128();
+}
+
+#  undef EVP_aes_192_cfb
+const EVP_CIPHER *EVP_aes_192_cfb(void);
+const EVP_CIPHER *EVP_aes_192_cfb(void)
+{
+    return EVP_aes_192_cfb128();
+}
+
+#  undef EVP_aes_256_cfb
+const EVP_CIPHER *EVP_aes_256_cfb(void);
+const EVP_CIPHER *EVP_aes_256_cfb(void)
+{
+    return EVP_aes_256_cfb128();
+}
+# endif
+
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/evp/e_seed.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/e_seed.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/evp/e_seed.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,82 +0,0 @@
-/* crypto/evp/e_seed.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_SEED
-# include <openssl/evp.h>
-# include <openssl/err.h>
-# include <string.h>
-# include <assert.h>
-# include <openssl/seed.h>
-# include "evp_locl.h"
-
-static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                         const unsigned char *iv, int enc);
-
-typedef struct {
-    SEED_KEY_SCHEDULE ks;
-} EVP_SEED_KEY;
-
-IMPLEMENT_BLOCK_CIPHER(seed, ks, SEED, EVP_SEED_KEY, NID_seed,
-                       16, 16, 16, 128, 0, seed_init_key, 0, 0, 0, 0)
-
-static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                         const unsigned char *iv, int enc)
-{
-    SEED_set_key(key, ctx->cipher_data);
-    return 1;
-}
-
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/evp/e_seed.c (from rev 11605, vendor-crypto/openssl/dist/crypto/evp/e_seed.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/evp/e_seed.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/evp/e_seed.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,83 @@
+/* crypto/evp/e_seed.c */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_SEED
+# include <openssl/evp.h>
+# include <openssl/err.h>
+# include <string.h>
+# include <assert.h>
+# include <openssl/seed.h>
+# include "evp_locl.h"
+
+static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv, int enc);
+
+typedef struct {
+    SEED_KEY_SCHEDULE ks;
+} EVP_SEED_KEY;
+
+IMPLEMENT_BLOCK_CIPHER(seed, ks, SEED, EVP_SEED_KEY, NID_seed,
+                       16, 16, 16, 128, EVP_CIPH_FLAG_DEFAULT_ASN1,
+                       seed_init_key, 0, 0, 0, 0)
+
+static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv, int enc)
+{
+    SEED_set_key(key, ctx->cipher_data);
+    return 1;
+}
+
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/evp/encode.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/encode.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/evp/encode.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,454 +0,0 @@
-/* crypto/evp/encode.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-
-static unsigned char conv_ascii2bin(unsigned char a);
-#ifndef CHARSET_EBCDIC
-# define conv_bin2ascii(a)       (data_bin2ascii[(a)&0x3f])
-#else
-/*
- * We assume that PEM encoded files are EBCDIC files (i.e., printable text
- * files). Convert them here while decoding. When encoding, output is EBCDIC
- * (text) format again. (No need for conversion in the conv_bin2ascii macro,
- * as the underlying textstring data_bin2ascii[] is already EBCDIC)
- */
-# define conv_bin2ascii(a)       (data_bin2ascii[(a)&0x3f])
-#endif
-
-/*-
- * 64 char lines
- * pad input with 0
- * left over chars are set to =
- * 1 byte  => xx==
- * 2 bytes => xxx=
- * 3 bytes => xxxx
- */
-#define BIN_PER_LINE    (64/4*3)
-#define CHUNKS_PER_LINE (64/4)
-#define CHAR_PER_LINE   (64+1)
-
-static const unsigned char data_bin2ascii[65] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ\
-abcdefghijklmnopqrstuvwxyz0123456789+/";
-
-/*-
- * 0xF0 is a EOLN
- * 0xF1 is ignore but next needs to be 0xF0 (for \r\n processing).
- * 0xF2 is EOF
- * 0xE0 is ignore at start of line.
- * 0xFF is error
- */
-
-#define B64_EOLN                0xF0
-#define B64_CR                  0xF1
-#define B64_EOF                 0xF2
-#define B64_WS                  0xE0
-#define B64_ERROR               0xFF
-#define B64_NOT_BASE64(a)       (((a)|0x13) == 0xF3)
-#define B64_BASE64(a)           !B64_NOT_BASE64(a)
-
-static const unsigned char data_ascii2bin[128] = {
-    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-    0xFF, 0xE0, 0xF0, 0xFF, 0xFF, 0xF1, 0xFF, 0xFF,
-    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-    0xE0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-    0xFF, 0xFF, 0xFF, 0x3E, 0xFF, 0xF2, 0xFF, 0x3F,
-    0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B,
-    0x3C, 0x3D, 0xFF, 0xFF, 0xFF, 0x00, 0xFF, 0xFF,
-    0xFF, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
-    0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E,
-    0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
-    0x17, 0x18, 0x19, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-    0xFF, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20,
-    0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
-    0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30,
-    0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-};
-
-#ifndef CHARSET_EBCDIC
-static unsigned char conv_ascii2bin(unsigned char a)
-{
-    if (a & 0x80)
-        return B64_ERROR;
-    return data_ascii2bin[a];
-}
-#else
-static unsigned char conv_ascii2bin(unsigned char a)
-{
-    a = os_toascii[a];
-    if (a & 0x80)
-        return B64_ERROR;
-    return data_ascii2bin[a];
-}
-#endif
-
-void EVP_EncodeInit(EVP_ENCODE_CTX *ctx)
-{
-    ctx->length = 48;
-    ctx->num = 0;
-    ctx->line_num = 0;
-}
-
-void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
-                      const unsigned char *in, int inl)
-{
-    int i, j;
-    unsigned int total = 0;
-
-    *outl = 0;
-    if (inl <= 0)
-        return;
-    OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
-    if ((ctx->num + inl) < ctx->length) {
-        memcpy(&(ctx->enc_data[ctx->num]), in, inl);
-        ctx->num += inl;
-        return;
-    }
-    if (ctx->num != 0) {
-        i = ctx->length - ctx->num;
-        memcpy(&(ctx->enc_data[ctx->num]), in, i);
-        in += i;
-        inl -= i;
-        j = EVP_EncodeBlock(out, ctx->enc_data, ctx->length);
-        ctx->num = 0;
-        out += j;
-        *(out++) = '\n';
-        *out = '\0';
-        total = j + 1;
-    }
-    while (inl >= ctx->length) {
-        j = EVP_EncodeBlock(out, in, ctx->length);
-        in += ctx->length;
-        inl -= ctx->length;
-        out += j;
-        *(out++) = '\n';
-        *out = '\0';
-        total += j + 1;
-    }
-    if (inl != 0)
-        memcpy(&(ctx->enc_data[0]), in, inl);
-    ctx->num = inl;
-    *outl = total;
-}
-
-void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
-{
-    unsigned int ret = 0;
-
-    if (ctx->num != 0) {
-        ret = EVP_EncodeBlock(out, ctx->enc_data, ctx->num);
-        out[ret++] = '\n';
-        out[ret] = '\0';
-        ctx->num = 0;
-    }
-    *outl = ret;
-}
-
-int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen)
-{
-    int i, ret = 0;
-    unsigned long l;
-
-    for (i = dlen; i > 0; i -= 3) {
-        if (i >= 3) {
-            l = (((unsigned long)f[0]) << 16L) |
-                (((unsigned long)f[1]) << 8L) | f[2];
-            *(t++) = conv_bin2ascii(l >> 18L);
-            *(t++) = conv_bin2ascii(l >> 12L);
-            *(t++) = conv_bin2ascii(l >> 6L);
-            *(t++) = conv_bin2ascii(l);
-        } else {
-            l = ((unsigned long)f[0]) << 16L;
-            if (i == 2)
-                l |= ((unsigned long)f[1] << 8L);
-
-            *(t++) = conv_bin2ascii(l >> 18L);
-            *(t++) = conv_bin2ascii(l >> 12L);
-            *(t++) = (i == 1) ? '=' : conv_bin2ascii(l >> 6L);
-            *(t++) = '=';
-        }
-        ret += 4;
-        f += 3;
-    }
-
-    *t = '\0';
-    return (ret);
-}
-
-void EVP_DecodeInit(EVP_ENCODE_CTX *ctx)
-{
-    /* Only ctx->num is used during decoding. */
-    ctx->num = 0;
-    ctx->length = 0;
-    ctx->line_num = 0;
-    ctx->expect_nl = 0;
-}
-
-/*-
- * -1 for error
- *  0 for last line
- *  1 for full line
- *
- * Note: even though EVP_DecodeUpdate attempts to detect and report end of
- * content, the context doesn't currently remember it and will accept more data
- * in the next call. Therefore, the caller is responsible for checking and
- * rejecting a 0 return value in the middle of content.
- *
- * Note: even though EVP_DecodeUpdate has historically tried to detect end of
- * content based on line length, this has never worked properly. Therefore,
- * we now return 0 when one of the following is true:
- *   - Padding or B64_EOF was detected and the last block is complete.
- *   - Input has zero-length.
- * -1 is returned if:
- *   - Invalid characters are detected.
- *   - There is extra trailing padding, or data after padding.
- *   - B64_EOF is detected after an incomplete base64 block.
- */
-int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
-                     const unsigned char *in, int inl)
-{
-    int seof = 0, eof = 0, rv = -1, ret = 0, i, v, tmp, n, decoded_len;
-    unsigned char *d;
-
-    n = ctx->num;
-    d = ctx->enc_data;
-
-    if (n > 0 && d[n - 1] == '=') {
-        eof++;
-        if (n > 1 && d[n - 2] == '=')
-            eof++;
-    }
-
-     /* Legacy behaviour: an empty input chunk signals end of input. */
-    if (inl == 0) {
-        rv = 0;
-        goto end;
-    }
-
-    for (i = 0; i < inl; i++) {
-        tmp = *(in++);
-        v = conv_ascii2bin(tmp);
-        if (v == B64_ERROR) {
-            rv = -1;
-            goto end;
-        }
-
-        if (tmp == '=') {
-            eof++;
-        } else if (eof > 0 && B64_BASE64(v)) {
-            /* More data after padding. */
-            rv = -1;
-            goto end;
-        }
-
-        if (eof > 2) {
-            rv = -1;
-            goto end;
-        }
-
-        if (v == B64_EOF) {
-            seof = 1;
-            goto tail;
-        }
-
-        /* Only save valid base64 characters. */
-        if (B64_BASE64(v)) {
-            if (n >= 64) {
-                /*
-                 * We increment n once per loop, and empty the buffer as soon as
-                 * we reach 64 characters, so this can only happen if someone's
-                 * manually messed with the ctx. Refuse to write any more data.
-                 */
-                rv = -1;
-                goto end;
-            }
-            OPENSSL_assert(n < (int)sizeof(ctx->enc_data));
-            d[n++] = tmp;
-        }
-
-        if (n == 64) {
-            decoded_len = EVP_DecodeBlock(out, d, n);
-            n = 0;
-            if (decoded_len < 0 || eof > decoded_len) {
-                rv = -1;
-                goto end;
-            }
-            ret += decoded_len - eof;
-            out += decoded_len - eof;
-        }
-    }
-
-    /*
-     * Legacy behaviour: if the current line is a full base64-block (i.e., has
-     * 0 mod 4 base64 characters), it is processed immediately. We keep this
-     * behaviour as applications may not be calling EVP_DecodeFinal properly.
-     */
-tail:
-    if (n > 0) {
-        if ((n & 3) == 0) {
-            decoded_len = EVP_DecodeBlock(out, d, n);
-            n = 0;
-            if (decoded_len < 0 || eof > decoded_len) {
-                rv = -1;
-                goto end;
-            }
-            ret += (decoded_len - eof);
-        } else if (seof) {
-            /* EOF in the middle of a base64 block. */
-            rv = -1;
-            goto end;
-        }
-    }
-
-    rv = seof || (n == 0 && eof) ? 0 : 1;
-end:
-    /* Legacy behaviour. This should probably rather be zeroed on error. */
-    *outl = ret;
-    ctx->num = n;
-    return (rv);
-}
-
-int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n)
-{
-    int i, ret = 0, a, b, c, d;
-    unsigned long l;
-
-    /* trim white space from the start of the line. */
-    while ((conv_ascii2bin(*f) == B64_WS) && (n > 0)) {
-        f++;
-        n--;
-    }
-
-    /*
-     * strip off stuff at the end of the line ascii2bin values B64_WS,
-     * B64_EOLN, B64_EOLN and B64_EOF
-     */
-    while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n - 1]))))
-        n--;
-
-    if (n % 4 != 0)
-        return (-1);
-
-    for (i = 0; i < n; i += 4) {
-        a = conv_ascii2bin(*(f++));
-        b = conv_ascii2bin(*(f++));
-        c = conv_ascii2bin(*(f++));
-        d = conv_ascii2bin(*(f++));
-        if ((a & 0x80) || (b & 0x80) || (c & 0x80) || (d & 0x80))
-            return (-1);
-        l = ((((unsigned long)a) << 18L) |
-             (((unsigned long)b) << 12L) |
-             (((unsigned long)c) << 6L) | (((unsigned long)d)));
-        *(t++) = (unsigned char)(l >> 16L) & 0xff;
-        *(t++) = (unsigned char)(l >> 8L) & 0xff;
-        *(t++) = (unsigned char)(l) & 0xff;
-        ret += 3;
-    }
-    return (ret);
-}
-
-int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
-{
-    int i;
-
-    *outl = 0;
-    if (ctx->num != 0) {
-        i = EVP_DecodeBlock(out, ctx->enc_data, ctx->num);
-        if (i < 0)
-            return (-1);
-        ctx->num = 0;
-        *outl = i;
-        return (1);
-    } else
-        return (1);
-}
-
-#ifdef undef
-int EVP_DecodeValid(unsigned char *buf, int len)
-{
-    int i, num = 0, bad = 0;
-
-    if (len == 0)
-        return (-1);
-    while (conv_ascii2bin(*buf) == B64_WS) {
-        buf++;
-        len--;
-        if (len == 0)
-            return (-1);
-    }
-
-    for (i = len; i >= 4; i -= 4) {
-        if ((conv_ascii2bin(buf[0]) >= 0x40) ||
-            (conv_ascii2bin(buf[1]) >= 0x40) ||
-            (conv_ascii2bin(buf[2]) >= 0x40) ||
-            (conv_ascii2bin(buf[3]) >= 0x40))
-            return (-1);
-        buf += 4;
-        num += 1 + (buf[2] != '=') + (buf[3] != '=');
-    }
-    if ((i == 1) && (conv_ascii2bin(buf[0]) == B64_EOLN))
-        return (num);
-    if ((i == 2) && (conv_ascii2bin(buf[0]) == B64_EOLN) &&
-        (conv_ascii2bin(buf[0]) == B64_EOLN))
-        return (num);
-    return (1);
-}
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/evp/encode.c (from rev 11605, vendor-crypto/openssl/dist/crypto/evp/encode.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/evp/encode.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/evp/encode.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,460 @@
+/* crypto/evp/encode.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <limits.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+
+static unsigned char conv_ascii2bin(unsigned char a);
+#ifndef CHARSET_EBCDIC
+# define conv_bin2ascii(a)       (data_bin2ascii[(a)&0x3f])
+#else
+/*
+ * We assume that PEM encoded files are EBCDIC files (i.e., printable text
+ * files). Convert them here while decoding. When encoding, output is EBCDIC
+ * (text) format again. (No need for conversion in the conv_bin2ascii macro,
+ * as the underlying textstring data_bin2ascii[] is already EBCDIC)
+ */
+# define conv_bin2ascii(a)       (data_bin2ascii[(a)&0x3f])
+#endif
+
+/*-
+ * 64 char lines
+ * pad input with 0
+ * left over chars are set to =
+ * 1 byte  => xx==
+ * 2 bytes => xxx=
+ * 3 bytes => xxxx
+ */
+#define BIN_PER_LINE    (64/4*3)
+#define CHUNKS_PER_LINE (64/4)
+#define CHAR_PER_LINE   (64+1)
+
+static const unsigned char data_bin2ascii[65] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ\
+abcdefghijklmnopqrstuvwxyz0123456789+/";
+
+/*-
+ * 0xF0 is a EOLN
+ * 0xF1 is ignore but next needs to be 0xF0 (for \r\n processing).
+ * 0xF2 is EOF
+ * 0xE0 is ignore at start of line.
+ * 0xFF is error
+ */
+
+#define B64_EOLN                0xF0
+#define B64_CR                  0xF1
+#define B64_EOF                 0xF2
+#define B64_WS                  0xE0
+#define B64_ERROR               0xFF
+#define B64_NOT_BASE64(a)       (((a)|0x13) == 0xF3)
+#define B64_BASE64(a)           !B64_NOT_BASE64(a)
+
+static const unsigned char data_ascii2bin[128] = {
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0xE0, 0xF0, 0xFF, 0xFF, 0xF1, 0xFF, 0xFF,
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xE0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0xFF, 0xFF, 0x3E, 0xFF, 0xF2, 0xFF, 0x3F,
+    0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B,
+    0x3C, 0x3D, 0xFF, 0xFF, 0xFF, 0x00, 0xFF, 0xFF,
+    0xFF, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
+    0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E,
+    0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
+    0x17, 0x18, 0x19, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20,
+    0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
+    0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30,
+    0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
+#ifndef CHARSET_EBCDIC
+static unsigned char conv_ascii2bin(unsigned char a)
+{
+    if (a & 0x80)
+        return B64_ERROR;
+    return data_ascii2bin[a];
+}
+#else
+static unsigned char conv_ascii2bin(unsigned char a)
+{
+    a = os_toascii[a];
+    if (a & 0x80)
+        return B64_ERROR;
+    return data_ascii2bin[a];
+}
+#endif
+
+void EVP_EncodeInit(EVP_ENCODE_CTX *ctx)
+{
+    ctx->length = 48;
+    ctx->num = 0;
+    ctx->line_num = 0;
+}
+
+void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+                      const unsigned char *in, int inl)
+{
+    int i, j;
+    size_t total = 0;
+
+    *outl = 0;
+    if (inl <= 0)
+        return;
+    OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
+    if (ctx->length - ctx->num > inl) {
+        memcpy(&(ctx->enc_data[ctx->num]), in, inl);
+        ctx->num += inl;
+        return;
+    }
+    if (ctx->num != 0) {
+        i = ctx->length - ctx->num;
+        memcpy(&(ctx->enc_data[ctx->num]), in, i);
+        in += i;
+        inl -= i;
+        j = EVP_EncodeBlock(out, ctx->enc_data, ctx->length);
+        ctx->num = 0;
+        out += j;
+        *(out++) = '\n';
+        *out = '\0';
+        total = j + 1;
+    }
+    while (inl >= ctx->length && total <= INT_MAX) {
+        j = EVP_EncodeBlock(out, in, ctx->length);
+        in += ctx->length;
+        inl -= ctx->length;
+        out += j;
+        *(out++) = '\n';
+        *out = '\0';
+        total += j + 1;
+    }
+    if (total > INT_MAX) {
+        /* Too much output data! */
+        *outl = 0;
+        return;
+    }
+    if (inl != 0)
+        memcpy(&(ctx->enc_data[0]), in, inl);
+    ctx->num = inl;
+    *outl = total;
+}
+
+void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
+{
+    unsigned int ret = 0;
+
+    if (ctx->num != 0) {
+        ret = EVP_EncodeBlock(out, ctx->enc_data, ctx->num);
+        out[ret++] = '\n';
+        out[ret] = '\0';
+        ctx->num = 0;
+    }
+    *outl = ret;
+}
+
+int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen)
+{
+    int i, ret = 0;
+    unsigned long l;
+
+    for (i = dlen; i > 0; i -= 3) {
+        if (i >= 3) {
+            l = (((unsigned long)f[0]) << 16L) |
+                (((unsigned long)f[1]) << 8L) | f[2];
+            *(t++) = conv_bin2ascii(l >> 18L);
+            *(t++) = conv_bin2ascii(l >> 12L);
+            *(t++) = conv_bin2ascii(l >> 6L);
+            *(t++) = conv_bin2ascii(l);
+        } else {
+            l = ((unsigned long)f[0]) << 16L;
+            if (i == 2)
+                l |= ((unsigned long)f[1] << 8L);
+
+            *(t++) = conv_bin2ascii(l >> 18L);
+            *(t++) = conv_bin2ascii(l >> 12L);
+            *(t++) = (i == 1) ? '=' : conv_bin2ascii(l >> 6L);
+            *(t++) = '=';
+        }
+        ret += 4;
+        f += 3;
+    }
+
+    *t = '\0';
+    return (ret);
+}
+
+void EVP_DecodeInit(EVP_ENCODE_CTX *ctx)
+{
+    /* Only ctx->num is used during decoding. */
+    ctx->num = 0;
+    ctx->length = 0;
+    ctx->line_num = 0;
+    ctx->expect_nl = 0;
+}
+
+/*-
+ * -1 for error
+ *  0 for last line
+ *  1 for full line
+ *
+ * Note: even though EVP_DecodeUpdate attempts to detect and report end of
+ * content, the context doesn't currently remember it and will accept more data
+ * in the next call. Therefore, the caller is responsible for checking and
+ * rejecting a 0 return value in the middle of content.
+ *
+ * Note: even though EVP_DecodeUpdate has historically tried to detect end of
+ * content based on line length, this has never worked properly. Therefore,
+ * we now return 0 when one of the following is true:
+ *   - Padding or B64_EOF was detected and the last block is complete.
+ *   - Input has zero-length.
+ * -1 is returned if:
+ *   - Invalid characters are detected.
+ *   - There is extra trailing padding, or data after padding.
+ *   - B64_EOF is detected after an incomplete base64 block.
+ */
+int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+                     const unsigned char *in, int inl)
+{
+    int seof = 0, eof = 0, rv = -1, ret = 0, i, v, tmp, n, decoded_len;
+    unsigned char *d;
+
+    n = ctx->num;
+    d = ctx->enc_data;
+
+    if (n > 0 && d[n - 1] == '=') {
+        eof++;
+        if (n > 1 && d[n - 2] == '=')
+            eof++;
+    }
+
+     /* Legacy behaviour: an empty input chunk signals end of input. */
+    if (inl == 0) {
+        rv = 0;
+        goto end;
+    }
+
+    for (i = 0; i < inl; i++) {
+        tmp = *(in++);
+        v = conv_ascii2bin(tmp);
+        if (v == B64_ERROR) {
+            rv = -1;
+            goto end;
+        }
+
+        if (tmp == '=') {
+            eof++;
+        } else if (eof > 0 && B64_BASE64(v)) {
+            /* More data after padding. */
+            rv = -1;
+            goto end;
+        }
+
+        if (eof > 2) {
+            rv = -1;
+            goto end;
+        }
+
+        if (v == B64_EOF) {
+            seof = 1;
+            goto tail;
+        }
+
+        /* Only save valid base64 characters. */
+        if (B64_BASE64(v)) {
+            if (n >= 64) {
+                /*
+                 * We increment n once per loop, and empty the buffer as soon as
+                 * we reach 64 characters, so this can only happen if someone's
+                 * manually messed with the ctx. Refuse to write any more data.
+                 */
+                rv = -1;
+                goto end;
+            }
+            OPENSSL_assert(n < (int)sizeof(ctx->enc_data));
+            d[n++] = tmp;
+        }
+
+        if (n == 64) {
+            decoded_len = EVP_DecodeBlock(out, d, n);
+            n = 0;
+            if (decoded_len < 0 || eof > decoded_len) {
+                rv = -1;
+                goto end;
+            }
+            ret += decoded_len - eof;
+            out += decoded_len - eof;
+        }
+    }
+
+    /*
+     * Legacy behaviour: if the current line is a full base64-block (i.e., has
+     * 0 mod 4 base64 characters), it is processed immediately. We keep this
+     * behaviour as applications may not be calling EVP_DecodeFinal properly.
+     */
+tail:
+    if (n > 0) {
+        if ((n & 3) == 0) {
+            decoded_len = EVP_DecodeBlock(out, d, n);
+            n = 0;
+            if (decoded_len < 0 || eof > decoded_len) {
+                rv = -1;
+                goto end;
+            }
+            ret += (decoded_len - eof);
+        } else if (seof) {
+            /* EOF in the middle of a base64 block. */
+            rv = -1;
+            goto end;
+        }
+    }
+
+    rv = seof || (n == 0 && eof) ? 0 : 1;
+end:
+    /* Legacy behaviour. This should probably rather be zeroed on error. */
+    *outl = ret;
+    ctx->num = n;
+    return (rv);
+}
+
+int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n)
+{
+    int i, ret = 0, a, b, c, d;
+    unsigned long l;
+
+    /* trim white space from the start of the line. */
+    while ((conv_ascii2bin(*f) == B64_WS) && (n > 0)) {
+        f++;
+        n--;
+    }
+
+    /*
+     * strip off stuff at the end of the line ascii2bin values B64_WS,
+     * B64_EOLN, B64_EOLN and B64_EOF
+     */
+    while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n - 1]))))
+        n--;
+
+    if (n % 4 != 0)
+        return (-1);
+
+    for (i = 0; i < n; i += 4) {
+        a = conv_ascii2bin(*(f++));
+        b = conv_ascii2bin(*(f++));
+        c = conv_ascii2bin(*(f++));
+        d = conv_ascii2bin(*(f++));
+        if ((a & 0x80) || (b & 0x80) || (c & 0x80) || (d & 0x80))
+            return (-1);
+        l = ((((unsigned long)a) << 18L) |
+             (((unsigned long)b) << 12L) |
+             (((unsigned long)c) << 6L) | (((unsigned long)d)));
+        *(t++) = (unsigned char)(l >> 16L) & 0xff;
+        *(t++) = (unsigned char)(l >> 8L) & 0xff;
+        *(t++) = (unsigned char)(l) & 0xff;
+        ret += 3;
+    }
+    return (ret);
+}
+
+int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
+{
+    int i;
+
+    *outl = 0;
+    if (ctx->num != 0) {
+        i = EVP_DecodeBlock(out, ctx->enc_data, ctx->num);
+        if (i < 0)
+            return (-1);
+        ctx->num = 0;
+        *outl = i;
+        return (1);
+    } else
+        return (1);
+}
+
+#ifdef undef
+int EVP_DecodeValid(unsigned char *buf, int len)
+{
+    int i, num = 0, bad = 0;
+
+    if (len == 0)
+        return (-1);
+    while (conv_ascii2bin(*buf) == B64_WS) {
+        buf++;
+        len--;
+        if (len == 0)
+            return (-1);
+    }
+
+    for (i = len; i >= 4; i -= 4) {
+        if ((conv_ascii2bin(buf[0]) >= 0x40) ||
+            (conv_ascii2bin(buf[1]) >= 0x40) ||
+            (conv_ascii2bin(buf[2]) >= 0x40) ||
+            (conv_ascii2bin(buf[3]) >= 0x40))
+            return (-1);
+        buf += 4;
+        num += 1 + (buf[2] != '=') + (buf[3] != '=');
+    }
+    if ((i == 1) && (conv_ascii2bin(buf[0]) == B64_EOLN))
+        return (num);
+    if ((i == 2) && (conv_ascii2bin(buf[0]) == B64_EOLN) &&
+        (conv_ascii2bin(buf[0]) == B64_EOLN))
+        return (num);
+    return (1);
+}
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/evp/evp_enc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/evp_enc.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/evp/evp_enc.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,653 +0,0 @@
-/* crypto/evp/evp_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-#endif
-#include "evp_locl.h"
-
-#ifdef OPENSSL_FIPS
-# define M_do_cipher(ctx, out, in, inl) FIPS_cipher(ctx, out, in, inl)
-#else
-# define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl)
-#endif
-
-const char EVP_version[] = "EVP" OPENSSL_VERSION_PTEXT;
-
-void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
-{
-    memset(ctx, 0, sizeof(EVP_CIPHER_CTX));
-    /* ctx->cipher=NULL; */
-}
-
-EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
-{
-    EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof *ctx);
-    if (ctx)
-        EVP_CIPHER_CTX_init(ctx);
-    return ctx;
-}
-
-int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
-                   const unsigned char *key, const unsigned char *iv, int enc)
-{
-    if (cipher)
-        EVP_CIPHER_CTX_init(ctx);
-    return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc);
-}
-
-int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
-                      ENGINE *impl, const unsigned char *key,
-                      const unsigned char *iv, int enc)
-{
-    if (enc == -1)
-        enc = ctx->encrypt;
-    else {
-        if (enc)
-            enc = 1;
-        ctx->encrypt = enc;
-    }
-#ifndef OPENSSL_NO_ENGINE
-    /*
-     * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
-     * this context may already have an ENGINE! Try to avoid releasing the
-     * previous handle, re-querying for an ENGINE, and having a
-     * reinitialisation, when it may all be unecessary.
-     */
-    if (ctx->engine && ctx->cipher && (!cipher ||
-                                       (cipher
-                                        && (cipher->nid ==
-                                            ctx->cipher->nid))))
-        goto skip_to_init;
-#endif
-    if (cipher) {
-        /*
-         * Ensure a context left lying around from last time is cleared (the
-         * previous check attempted to avoid this if the same ENGINE and
-         * EVP_CIPHER could be used).
-         */
-        if (ctx->cipher) {
-            unsigned long flags = ctx->flags;
-            EVP_CIPHER_CTX_cleanup(ctx);
-            /* Restore encrypt and flags */
-            ctx->encrypt = enc;
-            ctx->flags = flags;
-        }
-#ifndef OPENSSL_NO_ENGINE
-        if (impl) {
-            if (!ENGINE_init(impl)) {
-                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
-                return 0;
-            }
-        } else
-            /* Ask if an ENGINE is reserved for this job */
-            impl = ENGINE_get_cipher_engine(cipher->nid);
-        if (impl) {
-            /* There's an ENGINE for this job ... (apparently) */
-            const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
-            if (!c) {
-                /*
-                 * One positive side-effect of US's export control history,
-                 * is that we should at least be able to avoid using US
-                 * mispellings of "initialisation"?
-                 */
-                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
-                return 0;
-            }
-            /* We'll use the ENGINE's private cipher definition */
-            cipher = c;
-            /*
-             * Store the ENGINE functional reference so we know 'cipher' came
-             * from an ENGINE and we need to release it when done.
-             */
-            ctx->engine = impl;
-        } else
-            ctx->engine = NULL;
-#endif
-
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode())
-            return FIPS_cipherinit(ctx, cipher, key, iv, enc);
-#endif
-        ctx->cipher = cipher;
-        if (ctx->cipher->ctx_size) {
-            ctx->cipher_data = OPENSSL_malloc(ctx->cipher->ctx_size);
-            if (!ctx->cipher_data) {
-                EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
-                return 0;
-            }
-        } else {
-            ctx->cipher_data = NULL;
-        }
-        ctx->key_len = cipher->key_len;
-        ctx->flags = 0;
-        if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
-            if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
-                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
-                return 0;
-            }
-        }
-    } else if (!ctx->cipher) {
-        EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
-        return 0;
-    }
-#ifndef OPENSSL_NO_ENGINE
- skip_to_init:
-#endif
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode())
-        return FIPS_cipherinit(ctx, cipher, key, iv, enc);
-#endif
-    /* we assume block size is a power of 2 in *cryptUpdate */
-    OPENSSL_assert(ctx->cipher->block_size == 1
-                   || ctx->cipher->block_size == 8
-                   || ctx->cipher->block_size == 16);
-
-    if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
-        switch (EVP_CIPHER_CTX_mode(ctx)) {
-
-        case EVP_CIPH_STREAM_CIPHER:
-        case EVP_CIPH_ECB_MODE:
-            break;
-
-        case EVP_CIPH_CFB_MODE:
-        case EVP_CIPH_OFB_MODE:
-
-            ctx->num = 0;
-            /* fall-through */
-
-        case EVP_CIPH_CBC_MODE:
-
-            OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
-                           (int)sizeof(ctx->iv));
-            if (iv)
-                memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
-            memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
-            break;
-
-        case EVP_CIPH_CTR_MODE:
-            ctx->num = 0;
-            /* Don't reuse IV for CTR mode */
-            if (iv)
-                memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx));
-            break;
-
-        default:
-            return 0;
-            break;
-        }
-    }
-
-    if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
-        if (!ctx->cipher->init(ctx, key, iv, enc))
-            return 0;
-    }
-    ctx->buf_len = 0;
-    ctx->final_used = 0;
-    ctx->block_mask = ctx->cipher->block_size - 1;
-    return 1;
-}
-
-int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
-                     const unsigned char *in, int inl)
-{
-    if (ctx->encrypt)
-        return EVP_EncryptUpdate(ctx, out, outl, in, inl);
-    else
-        return EVP_DecryptUpdate(ctx, out, outl, in, inl);
-}
-
-int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
-{
-    if (ctx->encrypt)
-        return EVP_EncryptFinal_ex(ctx, out, outl);
-    else
-        return EVP_DecryptFinal_ex(ctx, out, outl);
-}
-
-int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
-{
-    if (ctx->encrypt)
-        return EVP_EncryptFinal(ctx, out, outl);
-    else
-        return EVP_DecryptFinal(ctx, out, outl);
-}
-
-int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
-                    const unsigned char *key, const unsigned char *iv)
-{
-    return EVP_CipherInit(ctx, cipher, key, iv, 1);
-}
-
-int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
-                       ENGINE *impl, const unsigned char *key,
-                       const unsigned char *iv)
-{
-    return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);
-}
-
-int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
-                    const unsigned char *key, const unsigned char *iv)
-{
-    return EVP_CipherInit(ctx, cipher, key, iv, 0);
-}
-
-int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
-                       ENGINE *impl, const unsigned char *key,
-                       const unsigned char *iv)
-{
-    return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
-}
-
-int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
-                      const unsigned char *in, int inl)
-{
-    int i, j, bl;
-
-    if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
-        i = M_do_cipher(ctx, out, in, inl);
-        if (i < 0)
-            return 0;
-        else
-            *outl = i;
-        return 1;
-    }
-
-    if (inl <= 0) {
-        *outl = 0;
-        return inl == 0;
-    }
-
-    if (ctx->buf_len == 0 && (inl & (ctx->block_mask)) == 0) {
-        if (M_do_cipher(ctx, out, in, inl)) {
-            *outl = inl;
-            return 1;
-        } else {
-            *outl = 0;
-            return 0;
-        }
-    }
-    i = ctx->buf_len;
-    bl = ctx->cipher->block_size;
-    OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
-    if (i != 0) {
-        if (i + inl < bl) {
-            memcpy(&(ctx->buf[i]), in, inl);
-            ctx->buf_len += inl;
-            *outl = 0;
-            return 1;
-        } else {
-            j = bl - i;
-            memcpy(&(ctx->buf[i]), in, j);
-            if (!M_do_cipher(ctx, out, ctx->buf, bl))
-                return 0;
-            inl -= j;
-            in += j;
-            out += bl;
-            *outl = bl;
-        }
-    } else
-        *outl = 0;
-    i = inl & (bl - 1);
-    inl -= i;
-    if (inl > 0) {
-        if (!M_do_cipher(ctx, out, in, inl))
-            return 0;
-        *outl += inl;
-    }
-
-    if (i != 0)
-        memcpy(ctx->buf, &(in[inl]), i);
-    ctx->buf_len = i;
-    return 1;
-}
-
-int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
-{
-    int ret;
-    ret = EVP_EncryptFinal_ex(ctx, out, outl);
-    return ret;
-}
-
-int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
-{
-    int n, ret;
-    unsigned int i, b, bl;
-
-    if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
-        ret = M_do_cipher(ctx, out, NULL, 0);
-        if (ret < 0)
-            return 0;
-        else
-            *outl = ret;
-        return 1;
-    }
-
-    b = ctx->cipher->block_size;
-    OPENSSL_assert(b <= sizeof ctx->buf);
-    if (b == 1) {
-        *outl = 0;
-        return 1;
-    }
-    bl = ctx->buf_len;
-    if (ctx->flags & EVP_CIPH_NO_PADDING) {
-        if (bl) {
-            EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,
-                   EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
-            return 0;
-        }
-        *outl = 0;
-        return 1;
-    }
-
-    n = b - bl;
-    for (i = bl; i < b; i++)
-        ctx->buf[i] = n;
-    ret = M_do_cipher(ctx, out, ctx->buf, b);
-
-    if (ret)
-        *outl = b;
-
-    return ret;
-}
-
-int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
-                      const unsigned char *in, int inl)
-{
-    int fix_len;
-    unsigned int b;
-
-    if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
-        fix_len = M_do_cipher(ctx, out, in, inl);
-        if (fix_len < 0) {
-            *outl = 0;
-            return 0;
-        } else
-            *outl = fix_len;
-        return 1;
-    }
-
-    if (inl <= 0) {
-        *outl = 0;
-        return inl == 0;
-    }
-
-    if (ctx->flags & EVP_CIPH_NO_PADDING)
-        return EVP_EncryptUpdate(ctx, out, outl, in, inl);
-
-    b = ctx->cipher->block_size;
-    OPENSSL_assert(b <= sizeof ctx->final);
-
-    if (ctx->final_used) {
-        memcpy(out, ctx->final, b);
-        out += b;
-        fix_len = 1;
-    } else
-        fix_len = 0;
-
-    if (!EVP_EncryptUpdate(ctx, out, outl, in, inl))
-        return 0;
-
-    /*
-     * if we have 'decrypted' a multiple of block size, make sure we have a
-     * copy of this last block
-     */
-    if (b > 1 && !ctx->buf_len) {
-        *outl -= b;
-        ctx->final_used = 1;
-        memcpy(ctx->final, &out[*outl], b);
-    } else
-        ctx->final_used = 0;
-
-    if (fix_len)
-        *outl += b;
-
-    return 1;
-}
-
-int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
-{
-    int ret;
-    ret = EVP_DecryptFinal_ex(ctx, out, outl);
-    return ret;
-}
-
-int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
-{
-    int i, n;
-    unsigned int b;
-    *outl = 0;
-
-    if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
-        i = M_do_cipher(ctx, out, NULL, 0);
-        if (i < 0)
-            return 0;
-        else
-            *outl = i;
-        return 1;
-    }
-
-    b = ctx->cipher->block_size;
-    if (ctx->flags & EVP_CIPH_NO_PADDING) {
-        if (ctx->buf_len) {
-            EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,
-                   EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
-            return 0;
-        }
-        *outl = 0;
-        return 1;
-    }
-    if (b > 1) {
-        if (ctx->buf_len || !ctx->final_used) {
-            EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH);
-            return (0);
-        }
-        OPENSSL_assert(b <= sizeof ctx->final);
-
-        /*
-         * The following assumes that the ciphertext has been authenticated.
-         * Otherwise it provides a padding oracle.
-         */
-        n = ctx->final[b - 1];
-        if (n == 0 || n > (int)b) {
-            EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
-            return (0);
-        }
-        for (i = 0; i < n; i++) {
-            if (ctx->final[--b] != n) {
-                EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
-                return (0);
-            }
-        }
-        n = ctx->cipher->block_size - n;
-        for (i = 0; i < n; i++)
-            out[i] = ctx->final[i];
-        *outl = n;
-    } else
-        *outl = 0;
-    return (1);
-}
-
-void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
-{
-    if (ctx) {
-        EVP_CIPHER_CTX_cleanup(ctx);
-        OPENSSL_free(ctx);
-    }
-}
-
-int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
-{
-#ifndef OPENSSL_FIPS
-    if (c->cipher != NULL) {
-        if (c->cipher->cleanup && !c->cipher->cleanup(c))
-            return 0;
-        /* Cleanse cipher context data */
-        if (c->cipher_data)
-            OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
-    }
-    if (c->cipher_data)
-        OPENSSL_free(c->cipher_data);
-#endif
-#ifndef OPENSSL_NO_ENGINE
-    if (c->engine)
-        /*
-         * The EVP_CIPHER we used belongs to an ENGINE, release the
-         * functional reference we held for this reason.
-         */
-        ENGINE_finish(c->engine);
-#endif
-#ifdef OPENSSL_FIPS
-    FIPS_cipher_ctx_cleanup(c);
-#endif
-    memset(c, 0, sizeof(EVP_CIPHER_CTX));
-    return 1;
-}
-
-int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
-{
-    if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
-        return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL);
-    if (c->key_len == keylen)
-        return 1;
-    if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) {
-        c->key_len = keylen;
-        return 1;
-    }
-    EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH, EVP_R_INVALID_KEY_LENGTH);
-    return 0;
-}
-
-int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
-{
-    if (pad)
-        ctx->flags &= ~EVP_CIPH_NO_PADDING;
-    else
-        ctx->flags |= EVP_CIPH_NO_PADDING;
-    return 1;
-}
-
-int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
-{
-    int ret;
-    if (!ctx->cipher) {
-        EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
-        return 0;
-    }
-
-    if (!ctx->cipher->ctrl) {
-        EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
-        return 0;
-    }
-
-    ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
-    if (ret == -1) {
-        EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL,
-               EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
-        return 0;
-    }
-    return ret;
-}
-
-int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
-{
-    if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
-        return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
-    if (RAND_bytes(key, ctx->key_len) <= 0)
-        return 0;
-    return 1;
-}
-
-int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
-{
-    if ((in == NULL) || (in->cipher == NULL)) {
-        EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INPUT_NOT_INITIALIZED);
-        return 0;
-    }
-#ifndef OPENSSL_NO_ENGINE
-    /* Make sure it's safe to copy a cipher context using an ENGINE */
-    if (in->engine && !ENGINE_init(in->engine)) {
-        EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_ENGINE_LIB);
-        return 0;
-    }
-#endif
-
-    EVP_CIPHER_CTX_cleanup(out);
-    memcpy(out, in, sizeof *out);
-
-    if (in->cipher_data && in->cipher->ctx_size) {
-        out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
-        if (!out->cipher_data) {
-            EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_MALLOC_FAILURE);
-            return 0;
-        }
-        memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
-    }
-
-    if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
-        return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out);
-    return 1;
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/evp/evp_enc.c (from rev 11605, vendor-crypto/openssl/dist/crypto/evp/evp_enc.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/evp/evp_enc.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/evp/evp_enc.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,653 @@
+/* crypto/evp/evp_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+#include "evp_locl.h"
+
+#ifdef OPENSSL_FIPS
+# define M_do_cipher(ctx, out, in, inl) FIPS_cipher(ctx, out, in, inl)
+#else
+# define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl)
+#endif
+
+const char EVP_version[] = "EVP" OPENSSL_VERSION_PTEXT;
+
+void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
+{
+    memset(ctx, 0, sizeof(EVP_CIPHER_CTX));
+    /* ctx->cipher=NULL; */
+}
+
+EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
+{
+    EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof *ctx);
+    if (ctx)
+        EVP_CIPHER_CTX_init(ctx);
+    return ctx;
+}
+
+int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                   const unsigned char *key, const unsigned char *iv, int enc)
+{
+    if (cipher)
+        EVP_CIPHER_CTX_init(ctx);
+    return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc);
+}
+
+int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                      ENGINE *impl, const unsigned char *key,
+                      const unsigned char *iv, int enc)
+{
+    if (enc == -1)
+        enc = ctx->encrypt;
+    else {
+        if (enc)
+            enc = 1;
+        ctx->encrypt = enc;
+    }
+#ifndef OPENSSL_NO_ENGINE
+    /*
+     * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
+     * this context may already have an ENGINE! Try to avoid releasing the
+     * previous handle, re-querying for an ENGINE, and having a
+     * reinitialisation, when it may all be unecessary.
+     */
+    if (ctx->engine && ctx->cipher && (!cipher ||
+                                       (cipher
+                                        && (cipher->nid ==
+                                            ctx->cipher->nid))))
+        goto skip_to_init;
+#endif
+    if (cipher) {
+        /*
+         * Ensure a context left lying around from last time is cleared (the
+         * previous check attempted to avoid this if the same ENGINE and
+         * EVP_CIPHER could be used).
+         */
+        if (ctx->cipher) {
+            unsigned long flags = ctx->flags;
+            EVP_CIPHER_CTX_cleanup(ctx);
+            /* Restore encrypt and flags */
+            ctx->encrypt = enc;
+            ctx->flags = flags;
+        }
+#ifndef OPENSSL_NO_ENGINE
+        if (impl) {
+            if (!ENGINE_init(impl)) {
+                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                return 0;
+            }
+        } else
+            /* Ask if an ENGINE is reserved for this job */
+            impl = ENGINE_get_cipher_engine(cipher->nid);
+        if (impl) {
+            /* There's an ENGINE for this job ... (apparently) */
+            const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
+            if (!c) {
+                /*
+                 * One positive side-effect of US's export control history,
+                 * is that we should at least be able to avoid using US
+                 * mispellings of "initialisation"?
+                 */
+                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                return 0;
+            }
+            /* We'll use the ENGINE's private cipher definition */
+            cipher = c;
+            /*
+             * Store the ENGINE functional reference so we know 'cipher' came
+             * from an ENGINE and we need to release it when done.
+             */
+            ctx->engine = impl;
+        } else
+            ctx->engine = NULL;
+#endif
+
+#ifdef OPENSSL_FIPS
+        if (FIPS_mode())
+            return FIPS_cipherinit(ctx, cipher, key, iv, enc);
+#endif
+        ctx->cipher = cipher;
+        if (ctx->cipher->ctx_size) {
+            ctx->cipher_data = OPENSSL_malloc(ctx->cipher->ctx_size);
+            if (!ctx->cipher_data) {
+                EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+        } else {
+            ctx->cipher_data = NULL;
+        }
+        ctx->key_len = cipher->key_len;
+        ctx->flags = 0;
+        if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
+            if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
+                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                return 0;
+            }
+        }
+    } else if (!ctx->cipher) {
+        EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
+        return 0;
+    }
+#ifndef OPENSSL_NO_ENGINE
+ skip_to_init:
+#endif
+#ifdef OPENSSL_FIPS
+    if (FIPS_mode())
+        return FIPS_cipherinit(ctx, cipher, key, iv, enc);
+#endif
+    /* we assume block size is a power of 2 in *cryptUpdate */
+    OPENSSL_assert(ctx->cipher->block_size == 1
+                   || ctx->cipher->block_size == 8
+                   || ctx->cipher->block_size == 16);
+
+    if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
+        switch (EVP_CIPHER_CTX_mode(ctx)) {
+
+        case EVP_CIPH_STREAM_CIPHER:
+        case EVP_CIPH_ECB_MODE:
+            break;
+
+        case EVP_CIPH_CFB_MODE:
+        case EVP_CIPH_OFB_MODE:
+
+            ctx->num = 0;
+            /* fall-through */
+
+        case EVP_CIPH_CBC_MODE:
+
+            OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
+                           (int)sizeof(ctx->iv));
+            if (iv)
+                memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
+            memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
+            break;
+
+        case EVP_CIPH_CTR_MODE:
+            ctx->num = 0;
+            /* Don't reuse IV for CTR mode */
+            if (iv)
+                memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx));
+            break;
+
+        default:
+            return 0;
+            break;
+        }
+    }
+
+    if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
+        if (!ctx->cipher->init(ctx, key, iv, enc))
+            return 0;
+    }
+    ctx->buf_len = 0;
+    ctx->final_used = 0;
+    ctx->block_mask = ctx->cipher->block_size - 1;
+    return 1;
+}
+
+int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+                     const unsigned char *in, int inl)
+{
+    if (ctx->encrypt)
+        return EVP_EncryptUpdate(ctx, out, outl, in, inl);
+    else
+        return EVP_DecryptUpdate(ctx, out, outl, in, inl);
+}
+
+int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+    if (ctx->encrypt)
+        return EVP_EncryptFinal_ex(ctx, out, outl);
+    else
+        return EVP_DecryptFinal_ex(ctx, out, outl);
+}
+
+int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+    if (ctx->encrypt)
+        return EVP_EncryptFinal(ctx, out, outl);
+    else
+        return EVP_DecryptFinal(ctx, out, outl);
+}
+
+int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                    const unsigned char *key, const unsigned char *iv)
+{
+    return EVP_CipherInit(ctx, cipher, key, iv, 1);
+}
+
+int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                       ENGINE *impl, const unsigned char *key,
+                       const unsigned char *iv)
+{
+    return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);
+}
+
+int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                    const unsigned char *key, const unsigned char *iv)
+{
+    return EVP_CipherInit(ctx, cipher, key, iv, 0);
+}
+
+int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                       ENGINE *impl, const unsigned char *key,
+                       const unsigned char *iv)
+{
+    return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
+}
+
+int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+                      const unsigned char *in, int inl)
+{
+    int i, j, bl;
+
+    if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
+        i = M_do_cipher(ctx, out, in, inl);
+        if (i < 0)
+            return 0;
+        else
+            *outl = i;
+        return 1;
+    }
+
+    if (inl <= 0) {
+        *outl = 0;
+        return inl == 0;
+    }
+
+    if (ctx->buf_len == 0 && (inl & (ctx->block_mask)) == 0) {
+        if (M_do_cipher(ctx, out, in, inl)) {
+            *outl = inl;
+            return 1;
+        } else {
+            *outl = 0;
+            return 0;
+        }
+    }
+    i = ctx->buf_len;
+    bl = ctx->cipher->block_size;
+    OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
+    if (i != 0) {
+        if (bl - i > inl) {
+            memcpy(&(ctx->buf[i]), in, inl);
+            ctx->buf_len += inl;
+            *outl = 0;
+            return 1;
+        } else {
+            j = bl - i;
+            memcpy(&(ctx->buf[i]), in, j);
+            if (!M_do_cipher(ctx, out, ctx->buf, bl))
+                return 0;
+            inl -= j;
+            in += j;
+            out += bl;
+            *outl = bl;
+        }
+    } else
+        *outl = 0;
+    i = inl & (bl - 1);
+    inl -= i;
+    if (inl > 0) {
+        if (!M_do_cipher(ctx, out, in, inl))
+            return 0;
+        *outl += inl;
+    }
+
+    if (i != 0)
+        memcpy(ctx->buf, &(in[inl]), i);
+    ctx->buf_len = i;
+    return 1;
+}
+
+int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+    int ret;
+    ret = EVP_EncryptFinal_ex(ctx, out, outl);
+    return ret;
+}
+
+int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+    int n, ret;
+    unsigned int i, b, bl;
+
+    if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
+        ret = M_do_cipher(ctx, out, NULL, 0);
+        if (ret < 0)
+            return 0;
+        else
+            *outl = ret;
+        return 1;
+    }
+
+    b = ctx->cipher->block_size;
+    OPENSSL_assert(b <= sizeof ctx->buf);
+    if (b == 1) {
+        *outl = 0;
+        return 1;
+    }
+    bl = ctx->buf_len;
+    if (ctx->flags & EVP_CIPH_NO_PADDING) {
+        if (bl) {
+            EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,
+                   EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+            return 0;
+        }
+        *outl = 0;
+        return 1;
+    }
+
+    n = b - bl;
+    for (i = bl; i < b; i++)
+        ctx->buf[i] = n;
+    ret = M_do_cipher(ctx, out, ctx->buf, b);
+
+    if (ret)
+        *outl = b;
+
+    return ret;
+}
+
+int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+                      const unsigned char *in, int inl)
+{
+    int fix_len;
+    unsigned int b;
+
+    if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
+        fix_len = M_do_cipher(ctx, out, in, inl);
+        if (fix_len < 0) {
+            *outl = 0;
+            return 0;
+        } else
+            *outl = fix_len;
+        return 1;
+    }
+
+    if (inl <= 0) {
+        *outl = 0;
+        return inl == 0;
+    }
+
+    if (ctx->flags & EVP_CIPH_NO_PADDING)
+        return EVP_EncryptUpdate(ctx, out, outl, in, inl);
+
+    b = ctx->cipher->block_size;
+    OPENSSL_assert(b <= sizeof ctx->final);
+
+    if (ctx->final_used) {
+        memcpy(out, ctx->final, b);
+        out += b;
+        fix_len = 1;
+    } else
+        fix_len = 0;
+
+    if (!EVP_EncryptUpdate(ctx, out, outl, in, inl))
+        return 0;
+
+    /*
+     * if we have 'decrypted' a multiple of block size, make sure we have a
+     * copy of this last block
+     */
+    if (b > 1 && !ctx->buf_len) {
+        *outl -= b;
+        ctx->final_used = 1;
+        memcpy(ctx->final, &out[*outl], b);
+    } else
+        ctx->final_used = 0;
+
+    if (fix_len)
+        *outl += b;
+
+    return 1;
+}
+
+int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+    int ret;
+    ret = EVP_DecryptFinal_ex(ctx, out, outl);
+    return ret;
+}
+
+int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+    int i, n;
+    unsigned int b;
+    *outl = 0;
+
+    if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
+        i = M_do_cipher(ctx, out, NULL, 0);
+        if (i < 0)
+            return 0;
+        else
+            *outl = i;
+        return 1;
+    }
+
+    b = ctx->cipher->block_size;
+    if (ctx->flags & EVP_CIPH_NO_PADDING) {
+        if (ctx->buf_len) {
+            EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,
+                   EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+            return 0;
+        }
+        *outl = 0;
+        return 1;
+    }
+    if (b > 1) {
+        if (ctx->buf_len || !ctx->final_used) {
+            EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH);
+            return (0);
+        }
+        OPENSSL_assert(b <= sizeof ctx->final);
+
+        /*
+         * The following assumes that the ciphertext has been authenticated.
+         * Otherwise it provides a padding oracle.
+         */
+        n = ctx->final[b - 1];
+        if (n == 0 || n > (int)b) {
+            EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
+            return (0);
+        }
+        for (i = 0; i < n; i++) {
+            if (ctx->final[--b] != n) {
+                EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
+                return (0);
+            }
+        }
+        n = ctx->cipher->block_size - n;
+        for (i = 0; i < n; i++)
+            out[i] = ctx->final[i];
+        *outl = n;
+    } else
+        *outl = 0;
+    return (1);
+}
+
+void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
+{
+    if (ctx) {
+        EVP_CIPHER_CTX_cleanup(ctx);
+        OPENSSL_free(ctx);
+    }
+}
+
+int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
+{
+#ifndef OPENSSL_FIPS
+    if (c->cipher != NULL) {
+        if (c->cipher->cleanup && !c->cipher->cleanup(c))
+            return 0;
+        /* Cleanse cipher context data */
+        if (c->cipher_data)
+            OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
+    }
+    if (c->cipher_data)
+        OPENSSL_free(c->cipher_data);
+#endif
+#ifndef OPENSSL_NO_ENGINE
+    if (c->engine)
+        /*
+         * The EVP_CIPHER we used belongs to an ENGINE, release the
+         * functional reference we held for this reason.
+         */
+        ENGINE_finish(c->engine);
+#endif
+#ifdef OPENSSL_FIPS
+    FIPS_cipher_ctx_cleanup(c);
+#endif
+    memset(c, 0, sizeof(EVP_CIPHER_CTX));
+    return 1;
+}
+
+int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
+{
+    if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
+        return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL);
+    if (c->key_len == keylen)
+        return 1;
+    if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) {
+        c->key_len = keylen;
+        return 1;
+    }
+    EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH, EVP_R_INVALID_KEY_LENGTH);
+    return 0;
+}
+
+int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
+{
+    if (pad)
+        ctx->flags &= ~EVP_CIPH_NO_PADDING;
+    else
+        ctx->flags |= EVP_CIPH_NO_PADDING;
+    return 1;
+}
+
+int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
+{
+    int ret;
+    if (!ctx->cipher) {
+        EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
+        return 0;
+    }
+
+    if (!ctx->cipher->ctrl) {
+        EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
+        return 0;
+    }
+
+    ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
+    if (ret == -1) {
+        EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL,
+               EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
+        return 0;
+    }
+    return ret;
+}
+
+int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
+{
+    if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
+        return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
+    if (RAND_bytes(key, ctx->key_len) <= 0)
+        return 0;
+    return 1;
+}
+
+int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
+{
+    if ((in == NULL) || (in->cipher == NULL)) {
+        EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INPUT_NOT_INITIALIZED);
+        return 0;
+    }
+#ifndef OPENSSL_NO_ENGINE
+    /* Make sure it's safe to copy a cipher context using an ENGINE */
+    if (in->engine && !ENGINE_init(in->engine)) {
+        EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_ENGINE_LIB);
+        return 0;
+    }
+#endif
+
+    EVP_CIPHER_CTX_cleanup(out);
+    memcpy(out, in, sizeof *out);
+
+    if (in->cipher_data && in->cipher->ctx_size) {
+        out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
+        if (!out->cipher_data) {
+            EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
+    }
+
+    if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
+        return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out);
+    return 1;
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/md2/md2_dgst.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/md2/md2_dgst.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/md2/md2_dgst.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,224 +0,0 @@
-/* crypto/md2/md2_dgst.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/md2.h>
-#include <openssl/opensslv.h>
-#include <openssl/crypto.h>
-
-const char MD2_version[] = "MD2" OPENSSL_VERSION_PTEXT;
-
-/*
- * Implemented from RFC1319 The MD2 Message-Digest Algorithm
- */
-
-#define UCHAR   unsigned char
-
-static void md2_block(MD2_CTX *c, const unsigned char *d);
-/*
- * The magic S table - I have converted it to hex since it is basically just
- * a random byte string.
- */
-static const MD2_INT S[256] = {
-    0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01,
-    0x3D, 0x36, 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13,
-    0x62, 0xA7, 0x05, 0xF3, 0xC0, 0xC7, 0x73, 0x8C,
-    0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C, 0x82, 0xCA,
-    0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16,
-    0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12,
-    0xBE, 0x4E, 0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49,
-    0xA0, 0xFB, 0xF5, 0x8E, 0xBB, 0x2F, 0xEE, 0x7A,
-    0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2, 0x07, 0x3F,
-    0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21,
-    0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27,
-    0x35, 0x3E, 0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03,
-    0xFF, 0x19, 0x30, 0xB3, 0x48, 0xA5, 0xB5, 0xD1,
-    0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56, 0xAA, 0xC6,
-    0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6,
-    0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1,
-    0x45, 0x9D, 0x70, 0x59, 0x64, 0x71, 0x87, 0x20,
-    0x86, 0x5B, 0xCF, 0x65, 0xE6, 0x2D, 0xA8, 0x02,
-    0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0, 0xB9, 0xF6,
-    0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F,
-    0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A,
-    0xC3, 0x5C, 0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26,
-    0x2C, 0x53, 0x0D, 0x6E, 0x85, 0x28, 0x84, 0x09,
-    0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81, 0x4D, 0x52,
-    0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA,
-    0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A,
-    0x78, 0x88, 0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D,
-    0xE9, 0xCB, 0xD5, 0xFE, 0x3B, 0x00, 0x1D, 0x39,
-    0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58, 0xD0, 0xE4,
-    0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A,
-    0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A,
-    0xDB, 0x99, 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14,
-};
-
-const char *MD2_options(void)
-{
-    if (sizeof(MD2_INT) == 1)
-        return ("md2(char)");
-    else
-        return ("md2(int)");
-}
-
-fips_md_init(MD2)
-{
-    c->num = 0;
-    memset(c->state, 0, sizeof c->state);
-    memset(c->cksm, 0, sizeof c->cksm);
-    memset(c->data, 0, sizeof c->data);
-    return 1;
-}
-
-int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len)
-{
-    register UCHAR *p;
-
-    if (len == 0)
-        return 1;
-
-    p = c->data;
-    if (c->num != 0) {
-        if ((c->num + len) >= MD2_BLOCK) {
-            memcpy(&(p[c->num]), data, MD2_BLOCK - c->num);
-            md2_block(c, c->data);
-            data += (MD2_BLOCK - c->num);
-            len -= (MD2_BLOCK - c->num);
-            c->num = 0;
-            /* drop through and do the rest */
-        } else {
-            memcpy(&(p[c->num]), data, len);
-            /* data+=len; */
-            c->num += (int)len;
-            return 1;
-        }
-    }
-    /*
-     * we now can process the input data in blocks of MD2_BLOCK chars and
-     * save the leftovers to c->data.
-     */
-    while (len >= MD2_BLOCK) {
-        md2_block(c, data);
-        data += MD2_BLOCK;
-        len -= MD2_BLOCK;
-    }
-    memcpy(p, data, len);
-    c->num = (int)len;
-    return 1;
-}
-
-static void md2_block(MD2_CTX *c, const unsigned char *d)
-{
-    register MD2_INT t, *sp1, *sp2;
-    register int i, j;
-    MD2_INT state[48];
-
-    sp1 = c->state;
-    sp2 = c->cksm;
-    j = sp2[MD2_BLOCK - 1];
-    for (i = 0; i < 16; i++) {
-        state[i] = sp1[i];
-        state[i + 16] = t = d[i];
-        state[i + 32] = (t ^ sp1[i]);
-        j = sp2[i] ^= S[t ^ j];
-    }
-    t = 0;
-    for (i = 0; i < 18; i++) {
-        for (j = 0; j < 48; j += 8) {
-            t = state[j + 0] ^= S[t];
-            t = state[j + 1] ^= S[t];
-            t = state[j + 2] ^= S[t];
-            t = state[j + 3] ^= S[t];
-            t = state[j + 4] ^= S[t];
-            t = state[j + 5] ^= S[t];
-            t = state[j + 6] ^= S[t];
-            t = state[j + 7] ^= S[t];
-        }
-        t = (t + i) & 0xff;
-    }
-    memcpy(sp1, state, 16 * sizeof(MD2_INT));
-    OPENSSL_cleanse(state, 48 * sizeof(MD2_INT));
-}
-
-int MD2_Final(unsigned char *md, MD2_CTX *c)
-{
-    int i, v;
-    register UCHAR *cp;
-    register MD2_INT *p1, *p2;
-
-    cp = c->data;
-    p1 = c->state;
-    p2 = c->cksm;
-    v = MD2_BLOCK - c->num;
-    for (i = c->num; i < MD2_BLOCK; i++)
-        cp[i] = (UCHAR) v;
-
-    md2_block(c, cp);
-
-    for (i = 0; i < MD2_BLOCK; i++)
-        cp[i] = (UCHAR) p2[i];
-    md2_block(c, cp);
-
-    for (i = 0; i < 16; i++)
-        md[i] = (UCHAR) (p1[i] & 0xff);
-    memset((char *)&c, 0, sizeof(c));
-    return 1;
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/md2/md2_dgst.c (from rev 11605, vendor-crypto/openssl/dist/crypto/md2/md2_dgst.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/md2/md2_dgst.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/md2/md2_dgst.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,224 @@
+/* crypto/md2/md2_dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/md2.h>
+#include <openssl/opensslv.h>
+#include <openssl/crypto.h>
+
+const char MD2_version[] = "MD2" OPENSSL_VERSION_PTEXT;
+
+/*
+ * Implemented from RFC1319 The MD2 Message-Digest Algorithm
+ */
+
+#define UCHAR   unsigned char
+
+static void md2_block(MD2_CTX *c, const unsigned char *d);
+/*
+ * The magic S table - I have converted it to hex since it is basically just
+ * a random byte string.
+ */
+static const MD2_INT S[256] = {
+    0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01,
+    0x3D, 0x36, 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13,
+    0x62, 0xA7, 0x05, 0xF3, 0xC0, 0xC7, 0x73, 0x8C,
+    0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C, 0x82, 0xCA,
+    0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16,
+    0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12,
+    0xBE, 0x4E, 0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49,
+    0xA0, 0xFB, 0xF5, 0x8E, 0xBB, 0x2F, 0xEE, 0x7A,
+    0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2, 0x07, 0x3F,
+    0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21,
+    0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27,
+    0x35, 0x3E, 0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03,
+    0xFF, 0x19, 0x30, 0xB3, 0x48, 0xA5, 0xB5, 0xD1,
+    0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56, 0xAA, 0xC6,
+    0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6,
+    0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1,
+    0x45, 0x9D, 0x70, 0x59, 0x64, 0x71, 0x87, 0x20,
+    0x86, 0x5B, 0xCF, 0x65, 0xE6, 0x2D, 0xA8, 0x02,
+    0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0, 0xB9, 0xF6,
+    0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F,
+    0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A,
+    0xC3, 0x5C, 0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26,
+    0x2C, 0x53, 0x0D, 0x6E, 0x85, 0x28, 0x84, 0x09,
+    0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81, 0x4D, 0x52,
+    0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA,
+    0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A,
+    0x78, 0x88, 0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D,
+    0xE9, 0xCB, 0xD5, 0xFE, 0x3B, 0x00, 0x1D, 0x39,
+    0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58, 0xD0, 0xE4,
+    0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A,
+    0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A,
+    0xDB, 0x99, 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14,
+};
+
+const char *MD2_options(void)
+{
+    if (sizeof(MD2_INT) == 1)
+        return ("md2(char)");
+    else
+        return ("md2(int)");
+}
+
+fips_md_init(MD2)
+{
+    c->num = 0;
+    memset(c->state, 0, sizeof c->state);
+    memset(c->cksm, 0, sizeof c->cksm);
+    memset(c->data, 0, sizeof c->data);
+    return 1;
+}
+
+int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len)
+{
+    register UCHAR *p;
+
+    if (len == 0)
+        return 1;
+
+    p = c->data;
+    if (c->num != 0) {
+        if ((c->num + len) >= MD2_BLOCK) {
+            memcpy(&(p[c->num]), data, MD2_BLOCK - c->num);
+            md2_block(c, c->data);
+            data += (MD2_BLOCK - c->num);
+            len -= (MD2_BLOCK - c->num);
+            c->num = 0;
+            /* drop through and do the rest */
+        } else {
+            memcpy(&(p[c->num]), data, len);
+            /* data+=len; */
+            c->num += (int)len;
+            return 1;
+        }
+    }
+    /*
+     * we now can process the input data in blocks of MD2_BLOCK chars and
+     * save the leftovers to c->data.
+     */
+    while (len >= MD2_BLOCK) {
+        md2_block(c, data);
+        data += MD2_BLOCK;
+        len -= MD2_BLOCK;
+    }
+    memcpy(p, data, len);
+    c->num = (int)len;
+    return 1;
+}
+
+static void md2_block(MD2_CTX *c, const unsigned char *d)
+{
+    register MD2_INT t, *sp1, *sp2;
+    register int i, j;
+    MD2_INT state[48];
+
+    sp1 = c->state;
+    sp2 = c->cksm;
+    j = sp2[MD2_BLOCK - 1];
+    for (i = 0; i < 16; i++) {
+        state[i] = sp1[i];
+        state[i + 16] = t = d[i];
+        state[i + 32] = (t ^ sp1[i]);
+        j = sp2[i] ^= S[t ^ j];
+    }
+    t = 0;
+    for (i = 0; i < 18; i++) {
+        for (j = 0; j < 48; j += 8) {
+            t = state[j + 0] ^= S[t];
+            t = state[j + 1] ^= S[t];
+            t = state[j + 2] ^= S[t];
+            t = state[j + 3] ^= S[t];
+            t = state[j + 4] ^= S[t];
+            t = state[j + 5] ^= S[t];
+            t = state[j + 6] ^= S[t];
+            t = state[j + 7] ^= S[t];
+        }
+        t = (t + i) & 0xff;
+    }
+    memcpy(sp1, state, 16 * sizeof(MD2_INT));
+    OPENSSL_cleanse(state, 48 * sizeof(MD2_INT));
+}
+
+int MD2_Final(unsigned char *md, MD2_CTX *c)
+{
+    int i, v;
+    register UCHAR *cp;
+    register MD2_INT *p1, *p2;
+
+    cp = c->data;
+    p1 = c->state;
+    p2 = c->cksm;
+    v = MD2_BLOCK - c->num;
+    for (i = c->num; i < MD2_BLOCK; i++)
+        cp[i] = (UCHAR) v;
+
+    md2_block(c, cp);
+
+    for (i = 0; i < MD2_BLOCK; i++)
+        cp[i] = (UCHAR) p2[i];
+    md2_block(c, cp);
+
+    for (i = 0; i < 16; i++)
+        md[i] = (UCHAR) (p1[i] & 0xff);
+    OPENSSL_cleanse(c, sizeof(*c));
+    return 1;
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/md32_common.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/md32_common.h	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/md32_common.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,410 +0,0 @@
-/* crypto/md32_common.h */
-/* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-/*-
- * This is a generic 32 bit "collector" for message digest algorithms.
- * Whenever needed it collects input character stream into chunks of
- * 32 bit values and invokes a block function that performs actual hash
- * calculations.
- *
- * Porting guide.
- *
- * Obligatory macros:
- *
- * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN
- *      this macro defines byte order of input stream.
- * HASH_CBLOCK
- *      size of a unit chunk HASH_BLOCK operates on.
- * HASH_LONG
- *      has to be at lest 32 bit wide, if it's wider, then
- *      HASH_LONG_LOG2 *has to* be defined along
- * HASH_CTX
- *      context structure that at least contains following
- *      members:
- *              typedef struct {
- *                      ...
- *                      HASH_LONG       Nl,Nh;
- *                      either {
- *                      HASH_LONG       data[HASH_LBLOCK];
- *                      unsigned char   data[HASH_CBLOCK];
- *                      };
- *                      unsigned int    num;
- *                      ...
- *                      } HASH_CTX;
- *      data[] vector is expected to be zeroed upon first call to
- *      HASH_UPDATE.
- * HASH_UPDATE
- *      name of "Update" function, implemented here.
- * HASH_TRANSFORM
- *      name of "Transform" function, implemented here.
- * HASH_FINAL
- *      name of "Final" function, implemented here.
- * HASH_BLOCK_DATA_ORDER
- *      name of "block" function capable of treating *unaligned* input
- *      message in original (data) byte order, implemented externally.
- * HASH_MAKE_STRING
- *      macro convering context variables to an ASCII hash string.
- *
- * MD5 example:
- *
- *      #define DATA_ORDER_IS_LITTLE_ENDIAN
- *
- *      #define HASH_LONG               MD5_LONG
- *      #define HASH_LONG_LOG2          MD5_LONG_LOG2
- *      #define HASH_CTX                MD5_CTX
- *      #define HASH_CBLOCK             MD5_CBLOCK
- *      #define HASH_UPDATE             MD5_Update
- *      #define HASH_TRANSFORM          MD5_Transform
- *      #define HASH_FINAL              MD5_Final
- *      #define HASH_BLOCK_DATA_ORDER   md5_block_data_order
- *
- *                                      <appro at fy.chalmers.se>
- */
-
-#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
-# error "DATA_ORDER must be defined!"
-#endif
-
-#ifndef HASH_CBLOCK
-# error "HASH_CBLOCK must be defined!"
-#endif
-#ifndef HASH_LONG
-# error "HASH_LONG must be defined!"
-#endif
-#ifndef HASH_CTX
-# error "HASH_CTX must be defined!"
-#endif
-
-#ifndef HASH_UPDATE
-# error "HASH_UPDATE must be defined!"
-#endif
-#ifndef HASH_TRANSFORM
-# error "HASH_TRANSFORM must be defined!"
-#endif
-#ifndef HASH_FINAL
-# error "HASH_FINAL must be defined!"
-#endif
-
-#ifndef HASH_BLOCK_DATA_ORDER
-# error "HASH_BLOCK_DATA_ORDER must be defined!"
-#endif
-
-/*
- * Engage compiler specific rotate intrinsic function if available.
- */
-#undef ROTATE
-#ifndef PEDANTIC
-# if defined(_MSC_VER)
-#  define ROTATE(a,n)   _lrotl(a,n)
-# elif defined(__ICC)
-#  define ROTATE(a,n)   _rotl(a,n)
-# elif defined(__MWERKS__)
-#  if defined(__POWERPC__)
-#   define ROTATE(a,n)  __rlwinm(a,n,0,31)
-#  elif defined(__MC68K__)
-    /* Motorola specific tweak. <appro at fy.chalmers.se> */
-#   define ROTATE(a,n)  ( n<24 ? __rol(a,n) : __ror(a,32-n) )
-#  else
-#   define ROTATE(a,n)  __rol(a,n)
-#  endif
-# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-  /*
-   * Some GNU C inline assembler templates. Note that these are
-   * rotates by *constant* number of bits! But that's exactly
-   * what we need here...
-   *                                    <appro at fy.chalmers.se>
-   */
-#  if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
-#   define ROTATE(a,n)  ({ register unsigned int ret;   \
-                                asm (                   \
-                                "roll %1,%0"            \
-                                : "=r"(ret)             \
-                                : "I"(n), "0"((unsigned int)(a))        \
-                                : "cc");                \
-                           ret;                         \
-                        })
-#  elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \
-        defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__)
-#   define ROTATE(a,n)  ({ register unsigned int ret;   \
-                                asm (                   \
-                                "rlwinm %0,%1,%2,0,31"  \
-                                : "=r"(ret)             \
-                                : "r"(a), "I"(n));      \
-                           ret;                         \
-                        })
-#  elif defined(__s390x__)
-#   define ROTATE(a,n) ({ register unsigned int ret;    \
-                                asm ("rll %0,%1,%2"     \
-                                : "=r"(ret)             \
-                                : "r"(a), "I"(n));      \
-                          ret;                          \
-                        })
-#  endif
-# endif
-#endif                          /* PEDANTIC */
-
-#ifndef ROTATE
-# define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
-#endif
-
-#if defined(DATA_ORDER_IS_BIG_ENDIAN)
-
-# ifndef PEDANTIC
-#  if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-#   if ((defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)) || \
-      (defined(__x86_64) || defined(__x86_64__))
-#    if !defined(B_ENDIAN)
-    /*
-     * This gives ~30-40% performance improvement in SHA-256 compiled
-     * with gcc [on P4]. Well, first macro to be frank. We can pull
-     * this trick on x86* platforms only, because these CPUs can fetch
-     * unaligned data without raising an exception.
-     */
-#     define HOST_c2l(c,l)        ({ unsigned int r=*((const unsigned int *)(c)); \
-                                   asm ("bswapl %0":"=r"(r):"0"(r));    \
-                                   (c)+=4; (l)=r;                       })
-#     define HOST_l2c(l,c)        ({ unsigned int r=(l);                  \
-                                   asm ("bswapl %0":"=r"(r):"0"(r));    \
-                                   *((unsigned int *)(c))=r; (c)+=4; r; })
-#    endif
-#   endif
-#  endif
-# endif
-# if defined(__s390__) || defined(__s390x__)
-#  define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l))
-#  define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l))
-# endif
-
-# ifndef HOST_c2l
-#  define HOST_c2l(c,l)   (l =(((unsigned long)(*((c)++)))<<24),          \
-                         l|=(((unsigned long)(*((c)++)))<<16),          \
-                         l|=(((unsigned long)(*((c)++)))<< 8),          \
-                         l|=(((unsigned long)(*((c)++)))    )           )
-# endif
-# ifndef HOST_l2c
-#  define HOST_l2c(l,c)   (*((c)++)=(unsigned char)(((l)>>24)&0xff),      \
-                         *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
-                         *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
-                         *((c)++)=(unsigned char)(((l)    )&0xff),      \
-                         l)
-# endif
-
-#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
-
-# ifndef PEDANTIC
-#  if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-#   if defined(__s390x__)
-#    define HOST_c2l(c,l)        ({ asm ("lrv    %0,%1"                  \
-                                   :"=d"(l) :"m"(*(const unsigned int *)(c)));\
-                                   (c)+=4; (l);                         })
-#    define HOST_l2c(l,c)        ({ asm ("strv   %1,%0"                  \
-                                   :"=m"(*(unsigned int *)(c)) :"d"(l));\
-                                   (c)+=4; (l);                         })
-#   endif
-#  endif
-# endif
-# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
-#  ifndef B_ENDIAN
-   /* See comment in DATA_ORDER_IS_BIG_ENDIAN section. */
-#   define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, l)
-#   define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, l)
-#  endif
-# endif
-
-# ifndef HOST_c2l
-#  define HOST_c2l(c,l)   (l =(((unsigned long)(*((c)++)))    ),          \
-                         l|=(((unsigned long)(*((c)++)))<< 8),          \
-                         l|=(((unsigned long)(*((c)++)))<<16),          \
-                         l|=(((unsigned long)(*((c)++)))<<24)           )
-# endif
-# ifndef HOST_l2c
-#  define HOST_l2c(l,c)   (*((c)++)=(unsigned char)(((l)    )&0xff),      \
-                         *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
-                         *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
-                         *((c)++)=(unsigned char)(((l)>>24)&0xff),      \
-                         l)
-# endif
-
-#endif
-
-/*
- * Time for some action:-)
- */
-
-int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len)
-{
-    const unsigned char *data = data_;
-    unsigned char *p;
-    HASH_LONG l;
-    size_t n;
-
-    if (len == 0)
-        return 1;
-
-    l = (c->Nl + (((HASH_LONG) len) << 3)) & 0xffffffffUL;
-    /*
-     * 95-05-24 eay Fixed a bug with the overflow handling, thanks to Wei Dai
-     * <weidai at eskimo.com> for pointing it out.
-     */
-    if (l < c->Nl)              /* overflow */
-        c->Nh++;
-    c->Nh += (HASH_LONG) (len >> 29); /* might cause compiler warning on
-                                       * 16-bit */
-    c->Nl = l;
-
-    n = c->num;
-    if (n != 0) {
-        p = (unsigned char *)c->data;
-
-        if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) {
-            memcpy(p + n, data, HASH_CBLOCK - n);
-            HASH_BLOCK_DATA_ORDER(c, p, 1);
-            n = HASH_CBLOCK - n;
-            data += n;
-            len -= n;
-            c->num = 0;
-            memset(p, 0, HASH_CBLOCK); /* keep it zeroed */
-        } else {
-            memcpy(p + n, data, len);
-            c->num += (unsigned int)len;
-            return 1;
-        }
-    }
-
-    n = len / HASH_CBLOCK;
-    if (n > 0) {
-        HASH_BLOCK_DATA_ORDER(c, data, n);
-        n *= HASH_CBLOCK;
-        data += n;
-        len -= n;
-    }
-
-    if (len != 0) {
-        p = (unsigned char *)c->data;
-        c->num = (unsigned int)len;
-        memcpy(p, data, len);
-    }
-    return 1;
-}
-
-void HASH_TRANSFORM(HASH_CTX *c, const unsigned char *data)
-{
-    HASH_BLOCK_DATA_ORDER(c, data, 1);
-}
-
-int HASH_FINAL(unsigned char *md, HASH_CTX *c)
-{
-    unsigned char *p = (unsigned char *)c->data;
-    size_t n = c->num;
-
-    p[n] = 0x80;                /* there is always room for one */
-    n++;
-
-    if (n > (HASH_CBLOCK - 8)) {
-        memset(p + n, 0, HASH_CBLOCK - n);
-        n = 0;
-        HASH_BLOCK_DATA_ORDER(c, p, 1);
-    }
-    memset(p + n, 0, HASH_CBLOCK - 8 - n);
-
-    p += HASH_CBLOCK - 8;
-#if   defined(DATA_ORDER_IS_BIG_ENDIAN)
-    (void)HOST_l2c(c->Nh, p);
-    (void)HOST_l2c(c->Nl, p);
-#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
-    (void)HOST_l2c(c->Nl, p);
-    (void)HOST_l2c(c->Nh, p);
-#endif
-    p -= HASH_CBLOCK;
-    HASH_BLOCK_DATA_ORDER(c, p, 1);
-    c->num = 0;
-    memset(p, 0, HASH_CBLOCK);
-
-#ifndef HASH_MAKE_STRING
-# error "HASH_MAKE_STRING must be defined!"
-#else
-    HASH_MAKE_STRING(c, md);
-#endif
-
-    return 1;
-}
-
-#ifndef MD32_REG_T
-# if defined(__alpha) || defined(__sparcv9) || defined(__mips)
-#  define MD32_REG_T long
-/*
- * This comment was originaly written for MD5, which is why it
- * discusses A-D. But it basically applies to all 32-bit digests,
- * which is why it was moved to common header file.
- *
- * In case you wonder why A-D are declared as long and not
- * as MD5_LONG. Doing so results in slight performance
- * boost on LP64 architectures. The catch is we don't
- * really care if 32 MSBs of a 64-bit register get polluted
- * with eventual overflows as we *save* only 32 LSBs in
- * *either* case. Now declaring 'em long excuses the compiler
- * from keeping 32 MSBs zeroed resulting in 13% performance
- * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
- * Well, to be honest it should say that this *prevents*
- * performance degradation.
- *                              <appro at fy.chalmers.se>
- */
-# else
-/*
- * Above is not absolute and there are LP64 compilers that
- * generate better code if MD32_REG_T is defined int. The above
- * pre-processor condition reflects the circumstances under which
- * the conclusion was made and is subject to further extension.
- *                              <appro at fy.chalmers.se>
- */
-#  define MD32_REG_T int
-# endif
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/md32_common.h (from rev 11605, vendor-crypto/openssl/dist/crypto/md32_common.h)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/md32_common.h	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/md32_common.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,418 @@
+/* crypto/md32_common.h */
+/* ====================================================================
+ * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+/*-
+ * This is a generic 32 bit "collector" for message digest algorithms.
+ * Whenever needed it collects input character stream into chunks of
+ * 32 bit values and invokes a block function that performs actual hash
+ * calculations.
+ *
+ * Porting guide.
+ *
+ * Obligatory macros:
+ *
+ * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN
+ *      this macro defines byte order of input stream.
+ * HASH_CBLOCK
+ *      size of a unit chunk HASH_BLOCK operates on.
+ * HASH_LONG
+ *      has to be at lest 32 bit wide, if it's wider, then
+ *      HASH_LONG_LOG2 *has to* be defined along
+ * HASH_CTX
+ *      context structure that at least contains following
+ *      members:
+ *              typedef struct {
+ *                      ...
+ *                      HASH_LONG       Nl,Nh;
+ *                      either {
+ *                      HASH_LONG       data[HASH_LBLOCK];
+ *                      unsigned char   data[HASH_CBLOCK];
+ *                      };
+ *                      unsigned int    num;
+ *                      ...
+ *                      } HASH_CTX;
+ *      data[] vector is expected to be zeroed upon first call to
+ *      HASH_UPDATE.
+ * HASH_UPDATE
+ *      name of "Update" function, implemented here.
+ * HASH_TRANSFORM
+ *      name of "Transform" function, implemented here.
+ * HASH_FINAL
+ *      name of "Final" function, implemented here.
+ * HASH_BLOCK_DATA_ORDER
+ *      name of "block" function capable of treating *unaligned* input
+ *      message in original (data) byte order, implemented externally.
+ * HASH_MAKE_STRING
+ *      macro convering context variables to an ASCII hash string.
+ *
+ * MD5 example:
+ *
+ *      #define DATA_ORDER_IS_LITTLE_ENDIAN
+ *
+ *      #define HASH_LONG               MD5_LONG
+ *      #define HASH_LONG_LOG2          MD5_LONG_LOG2
+ *      #define HASH_CTX                MD5_CTX
+ *      #define HASH_CBLOCK             MD5_CBLOCK
+ *      #define HASH_UPDATE             MD5_Update
+ *      #define HASH_TRANSFORM          MD5_Transform
+ *      #define HASH_FINAL              MD5_Final
+ *      #define HASH_BLOCK_DATA_ORDER   md5_block_data_order
+ *
+ *                                      <appro at fy.chalmers.se>
+ */
+
+#include <openssl/crypto.h>
+
+#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+# error "DATA_ORDER must be defined!"
+#endif
+
+#ifndef HASH_CBLOCK
+# error "HASH_CBLOCK must be defined!"
+#endif
+#ifndef HASH_LONG
+# error "HASH_LONG must be defined!"
+#endif
+#ifndef HASH_CTX
+# error "HASH_CTX must be defined!"
+#endif
+
+#ifndef HASH_UPDATE
+# error "HASH_UPDATE must be defined!"
+#endif
+#ifndef HASH_TRANSFORM
+# error "HASH_TRANSFORM must be defined!"
+#endif
+#ifndef HASH_FINAL
+# error "HASH_FINAL must be defined!"
+#endif
+
+#ifndef HASH_BLOCK_DATA_ORDER
+# error "HASH_BLOCK_DATA_ORDER must be defined!"
+#endif
+
+/*
+ * Engage compiler specific rotate intrinsic function if available.
+ */
+#undef ROTATE
+#ifndef PEDANTIC
+# if defined(_MSC_VER)
+#  define ROTATE(a,n)   _lrotl(a,n)
+# elif defined(__ICC)
+#  define ROTATE(a,n)   _rotl(a,n)
+# elif defined(__MWERKS__)
+#  if defined(__POWERPC__)
+#   define ROTATE(a,n)  __rlwinm(a,n,0,31)
+#  elif defined(__MC68K__)
+    /* Motorola specific tweak. <appro at fy.chalmers.se> */
+#   define ROTATE(a,n)  ( n<24 ? __rol(a,n) : __ror(a,32-n) )
+#  else
+#   define ROTATE(a,n)  __rol(a,n)
+#  endif
+# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+  /*
+   * Some GNU C inline assembler templates. Note that these are
+   * rotates by *constant* number of bits! But that's exactly
+   * what we need here...
+   *                                    <appro at fy.chalmers.se>
+   */
+#  if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+#   define ROTATE(a,n)  ({ register unsigned int ret;   \
+                                asm (                   \
+                                "roll %1,%0"            \
+                                : "=r"(ret)             \
+                                : "I"(n), "0"((unsigned int)(a))        \
+                                : "cc");                \
+                           ret;                         \
+                        })
+#  elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \
+        defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__)
+#   define ROTATE(a,n)  ({ register unsigned int ret;   \
+                                asm (                   \
+                                "rlwinm %0,%1,%2,0,31"  \
+                                : "=r"(ret)             \
+                                : "r"(a), "I"(n));      \
+                           ret;                         \
+                        })
+#  elif defined(__s390x__)
+#   define ROTATE(a,n) ({ register unsigned int ret;    \
+                                asm ("rll %0,%1,%2"     \
+                                : "=r"(ret)             \
+                                : "r"(a), "I"(n));      \
+                          ret;                          \
+                        })
+#  endif
+# endif
+#endif                          /* PEDANTIC */
+
+#ifndef ROTATE
+# define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
+#endif
+
+#if defined(DATA_ORDER_IS_BIG_ENDIAN)
+
+# ifndef PEDANTIC
+#  if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+#   if ((defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)) || \
+      (defined(__x86_64) || defined(__x86_64__))
+#    if !defined(B_ENDIAN)
+    /*
+     * This gives ~30-40% performance improvement in SHA-256 compiled
+     * with gcc [on P4]. Well, first macro to be frank. We can pull
+     * this trick on x86* platforms only, because these CPUs can fetch
+     * unaligned data without raising an exception.
+     */
+#     define HOST_c2l(c,l)        ({ unsigned int r=*((const unsigned int *)(c)); \
+                                   asm ("bswapl %0":"=r"(r):"0"(r));    \
+                                   (c)+=4; (l)=r;                       })
+#     define HOST_l2c(l,c)        ({ unsigned int r=(l);                  \
+                                   asm ("bswapl %0":"=r"(r):"0"(r));    \
+                                   *((unsigned int *)(c))=r; (c)+=4; r; })
+#    endif
+#   endif
+#  endif
+# endif
+# if defined(__s390__) || defined(__s390x__)
+#  define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l))
+#  define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l))
+# endif
+
+# ifndef HOST_c2l
+#  define HOST_c2l(c,l)   (l =(((unsigned long)(*((c)++)))<<24),          \
+                         l|=(((unsigned long)(*((c)++)))<<16),          \
+                         l|=(((unsigned long)(*((c)++)))<< 8),          \
+                         l|=(((unsigned long)(*((c)++)))    )           )
+# endif
+# ifndef HOST_l2c
+#  define HOST_l2c(l,c)   (*((c)++)=(unsigned char)(((l)>>24)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)    )&0xff),      \
+                         l)
+# endif
+
+#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+
+# ifndef PEDANTIC
+#  if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+#   if defined(__s390x__)
+#    define HOST_c2l(c,l)        ({ asm ("lrv    %0,%1"                  \
+                                   :"=d"(l) :"m"(*(const unsigned int *)(c)));\
+                                   (c)+=4; (l);                         })
+#    define HOST_l2c(l,c)        ({ asm ("strv   %1,%0"                  \
+                                   :"=m"(*(unsigned int *)(c)) :"d"(l));\
+                                   (c)+=4; (l);                         })
+#   endif
+#  endif
+# endif
+# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+#  ifndef B_ENDIAN
+   /* See comment in DATA_ORDER_IS_BIG_ENDIAN section. */
+#   define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, l)
+#   define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, l)
+#  endif
+# endif
+
+# ifndef HOST_c2l
+#  define HOST_c2l(c,l)   (l =(((unsigned long)(*((c)++)))    ),          \
+                         l|=(((unsigned long)(*((c)++)))<< 8),          \
+                         l|=(((unsigned long)(*((c)++)))<<16),          \
+                         l|=(((unsigned long)(*((c)++)))<<24)           )
+# endif
+# ifndef HOST_l2c
+#  define HOST_l2c(l,c)   (*((c)++)=(unsigned char)(((l)    )&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>>24)&0xff),      \
+                         l)
+# endif
+
+#endif
+
+/*
+ * Time for some action:-)
+ */
+
+int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len)
+{
+    const unsigned char *data = data_;
+    unsigned char *p;
+    HASH_LONG l;
+    size_t n;
+
+    if (len == 0)
+        return 1;
+
+    l = (c->Nl + (((HASH_LONG) len) << 3)) & 0xffffffffUL;
+    /*
+     * 95-05-24 eay Fixed a bug with the overflow handling, thanks to Wei Dai
+     * <weidai at eskimo.com> for pointing it out.
+     */
+    if (l < c->Nl)              /* overflow */
+        c->Nh++;
+    c->Nh += (HASH_LONG) (len >> 29); /* might cause compiler warning on
+                                       * 16-bit */
+    c->Nl = l;
+
+    n = c->num;
+    if (n != 0) {
+        p = (unsigned char *)c->data;
+
+        if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) {
+            memcpy(p + n, data, HASH_CBLOCK - n);
+            HASH_BLOCK_DATA_ORDER(c, p, 1);
+            n = HASH_CBLOCK - n;
+            data += n;
+            len -= n;
+            c->num = 0;
+            /*
+             * We use memset rather than OPENSSL_cleanse() here deliberately.
+             * Using OPENSSL_cleanse() here could be a performance issue. It
+             * will get properly cleansed on finalisation so this isn't a
+             * security problem.
+             */
+            memset(p, 0, HASH_CBLOCK); /* keep it zeroed */
+        } else {
+            memcpy(p + n, data, len);
+            c->num += (unsigned int)len;
+            return 1;
+        }
+    }
+
+    n = len / HASH_CBLOCK;
+    if (n > 0) {
+        HASH_BLOCK_DATA_ORDER(c, data, n);
+        n *= HASH_CBLOCK;
+        data += n;
+        len -= n;
+    }
+
+    if (len != 0) {
+        p = (unsigned char *)c->data;
+        c->num = (unsigned int)len;
+        memcpy(p, data, len);
+    }
+    return 1;
+}
+
+void HASH_TRANSFORM(HASH_CTX *c, const unsigned char *data)
+{
+    HASH_BLOCK_DATA_ORDER(c, data, 1);
+}
+
+int HASH_FINAL(unsigned char *md, HASH_CTX *c)
+{
+    unsigned char *p = (unsigned char *)c->data;
+    size_t n = c->num;
+
+    p[n] = 0x80;                /* there is always room for one */
+    n++;
+
+    if (n > (HASH_CBLOCK - 8)) {
+        memset(p + n, 0, HASH_CBLOCK - n);
+        n = 0;
+        HASH_BLOCK_DATA_ORDER(c, p, 1);
+    }
+    memset(p + n, 0, HASH_CBLOCK - 8 - n);
+
+    p += HASH_CBLOCK - 8;
+#if   defined(DATA_ORDER_IS_BIG_ENDIAN)
+    (void)HOST_l2c(c->Nh, p);
+    (void)HOST_l2c(c->Nl, p);
+#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+    (void)HOST_l2c(c->Nl, p);
+    (void)HOST_l2c(c->Nh, p);
+#endif
+    p -= HASH_CBLOCK;
+    HASH_BLOCK_DATA_ORDER(c, p, 1);
+    c->num = 0;
+    OPENSSL_cleanse(p, HASH_CBLOCK);
+
+#ifndef HASH_MAKE_STRING
+# error "HASH_MAKE_STRING must be defined!"
+#else
+    HASH_MAKE_STRING(c, md);
+#endif
+
+    return 1;
+}
+
+#ifndef MD32_REG_T
+# if defined(__alpha) || defined(__sparcv9) || defined(__mips)
+#  define MD32_REG_T long
+/*
+ * This comment was originaly written for MD5, which is why it
+ * discusses A-D. But it basically applies to all 32-bit digests,
+ * which is why it was moved to common header file.
+ *
+ * In case you wonder why A-D are declared as long and not
+ * as MD5_LONG. Doing so results in slight performance
+ * boost on LP64 architectures. The catch is we don't
+ * really care if 32 MSBs of a 64-bit register get polluted
+ * with eventual overflows as we *save* only 32 LSBs in
+ * *either* case. Now declaring 'em long excuses the compiler
+ * from keeping 32 MSBs zeroed resulting in 13% performance
+ * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
+ * Well, to be honest it should say that this *prevents*
+ * performance degradation.
+ *                              <appro at fy.chalmers.se>
+ */
+# else
+/*
+ * Above is not absolute and there are LP64 compilers that
+ * generate better code if MD32_REG_T is defined int. The above
+ * pre-processor condition reflects the circumstances under which
+ * the conclusion was made and is subject to further extension.
+ *                              <appro at fy.chalmers.se>
+ */
+#  define MD32_REG_T int
+# endif
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/mdc2/mdc2dgst.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/mdc2/mdc2dgst.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/mdc2/mdc2dgst.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,196 +0,0 @@
-/* crypto/mdc2/mdc2dgst.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/des.h>
-#include <openssl/mdc2.h>
-
-#undef c2l
-#define c2l(c,l)        (l =((DES_LONG)(*((c)++)))    , \
-                         l|=((DES_LONG)(*((c)++)))<< 8L, \
-                         l|=((DES_LONG)(*((c)++)))<<16L, \
-                         l|=((DES_LONG)(*((c)++)))<<24L)
-
-#undef l2c
-#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
-                        *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-                        *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-                        *((c)++)=(unsigned char)(((l)>>24L)&0xff))
-
-static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len);
-fips_md_init(MDC2)
-{
-    c->num = 0;
-    c->pad_type = 1;
-    memset(&(c->h[0]), 0x52, MDC2_BLOCK);
-    memset(&(c->hh[0]), 0x25, MDC2_BLOCK);
-    return 1;
-}
-
-int MDC2_Update(MDC2_CTX *c, const unsigned char *in, size_t len)
-{
-    size_t i, j;
-
-    i = c->num;
-    if (i != 0) {
-        if (i + len < MDC2_BLOCK) {
-            /* partial block */
-            memcpy(&(c->data[i]), in, len);
-            c->num += (int)len;
-            return 1;
-        } else {
-            /* filled one */
-            j = MDC2_BLOCK - i;
-            memcpy(&(c->data[i]), in, j);
-            len -= j;
-            in += j;
-            c->num = 0;
-            mdc2_body(c, &(c->data[0]), MDC2_BLOCK);
-        }
-    }
-    i = len & ~((size_t)MDC2_BLOCK - 1);
-    if (i > 0)
-        mdc2_body(c, in, i);
-    j = len - i;
-    if (j > 0) {
-        memcpy(&(c->data[0]), &(in[i]), j);
-        c->num = (int)j;
-    }
-    return 1;
-}
-
-static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len)
-{
-    register DES_LONG tin0, tin1;
-    register DES_LONG ttin0, ttin1;
-    DES_LONG d[2], dd[2];
-    DES_key_schedule k;
-    unsigned char *p;
-    size_t i;
-
-    for (i = 0; i < len; i += 8) {
-        c2l(in, tin0);
-        d[0] = dd[0] = tin0;
-        c2l(in, tin1);
-        d[1] = dd[1] = tin1;
-        c->h[0] = (c->h[0] & 0x9f) | 0x40;
-        c->hh[0] = (c->hh[0] & 0x9f) | 0x20;
-
-        DES_set_odd_parity(&c->h);
-        DES_set_key_unchecked(&c->h, &k);
-        DES_encrypt1(d, &k, 1);
-
-        DES_set_odd_parity(&c->hh);
-        DES_set_key_unchecked(&c->hh, &k);
-        DES_encrypt1(dd, &k, 1);
-
-        ttin0 = tin0 ^ dd[0];
-        ttin1 = tin1 ^ dd[1];
-        tin0 ^= d[0];
-        tin1 ^= d[1];
-
-        p = c->h;
-        l2c(tin0, p);
-        l2c(ttin1, p);
-        p = c->hh;
-        l2c(ttin0, p);
-        l2c(tin1, p);
-    }
-}
-
-int MDC2_Final(unsigned char *md, MDC2_CTX *c)
-{
-    unsigned int i;
-    int j;
-
-    i = c->num;
-    j = c->pad_type;
-    if ((i > 0) || (j == 2)) {
-        if (j == 2)
-            c->data[i++] = 0x80;
-        memset(&(c->data[i]), 0, MDC2_BLOCK - i);
-        mdc2_body(c, c->data, MDC2_BLOCK);
-    }
-    memcpy(md, (char *)c->h, MDC2_BLOCK);
-    memcpy(&(md[MDC2_BLOCK]), (char *)c->hh, MDC2_BLOCK);
-    return 1;
-}
-
-#undef TEST
-
-#ifdef TEST
-main()
-{
-    unsigned char md[MDC2_DIGEST_LENGTH];
-    int i;
-    MDC2_CTX c;
-    static char *text = "Now is the time for all ";
-
-    MDC2_Init(&c);
-    MDC2_Update(&c, text, strlen(text));
-    MDC2_Final(&(md[0]), &c);
-
-    for (i = 0; i < MDC2_DIGEST_LENGTH; i++)
-        printf("%02X", md[i]);
-    printf("\n");
-}
-
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/mdc2/mdc2dgst.c (from rev 11605, vendor-crypto/openssl/dist/crypto/mdc2/mdc2dgst.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/mdc2/mdc2dgst.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/mdc2/mdc2dgst.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,196 @@
+/* crypto/mdc2/mdc2dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/des.h>
+#include <openssl/mdc2.h>
+
+#undef c2l
+#define c2l(c,l)        (l =((DES_LONG)(*((c)++)))    , \
+                         l|=((DES_LONG)(*((c)++)))<< 8L, \
+                         l|=((DES_LONG)(*((c)++)))<<16L, \
+                         l|=((DES_LONG)(*((c)++)))<<24L)
+
+#undef l2c
+#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
+                        *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                        *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                        *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len);
+fips_md_init(MDC2)
+{
+    c->num = 0;
+    c->pad_type = 1;
+    memset(&(c->h[0]), 0x52, MDC2_BLOCK);
+    memset(&(c->hh[0]), 0x25, MDC2_BLOCK);
+    return 1;
+}
+
+int MDC2_Update(MDC2_CTX *c, const unsigned char *in, size_t len)
+{
+    size_t i, j;
+
+    i = c->num;
+    if (i != 0) {
+        if (len < MDC2_BLOCK - i) {
+            /* partial block */
+            memcpy(&(c->data[i]), in, len);
+            c->num += (int)len;
+            return 1;
+        } else {
+            /* filled one */
+            j = MDC2_BLOCK - i;
+            memcpy(&(c->data[i]), in, j);
+            len -= j;
+            in += j;
+            c->num = 0;
+            mdc2_body(c, &(c->data[0]), MDC2_BLOCK);
+        }
+    }
+    i = len & ~((size_t)MDC2_BLOCK - 1);
+    if (i > 0)
+        mdc2_body(c, in, i);
+    j = len - i;
+    if (j > 0) {
+        memcpy(&(c->data[0]), &(in[i]), j);
+        c->num = (int)j;
+    }
+    return 1;
+}
+
+static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len)
+{
+    register DES_LONG tin0, tin1;
+    register DES_LONG ttin0, ttin1;
+    DES_LONG d[2], dd[2];
+    DES_key_schedule k;
+    unsigned char *p;
+    size_t i;
+
+    for (i = 0; i < len; i += 8) {
+        c2l(in, tin0);
+        d[0] = dd[0] = tin0;
+        c2l(in, tin1);
+        d[1] = dd[1] = tin1;
+        c->h[0] = (c->h[0] & 0x9f) | 0x40;
+        c->hh[0] = (c->hh[0] & 0x9f) | 0x20;
+
+        DES_set_odd_parity(&c->h);
+        DES_set_key_unchecked(&c->h, &k);
+        DES_encrypt1(d, &k, 1);
+
+        DES_set_odd_parity(&c->hh);
+        DES_set_key_unchecked(&c->hh, &k);
+        DES_encrypt1(dd, &k, 1);
+
+        ttin0 = tin0 ^ dd[0];
+        ttin1 = tin1 ^ dd[1];
+        tin0 ^= d[0];
+        tin1 ^= d[1];
+
+        p = c->h;
+        l2c(tin0, p);
+        l2c(ttin1, p);
+        p = c->hh;
+        l2c(ttin0, p);
+        l2c(tin1, p);
+    }
+}
+
+int MDC2_Final(unsigned char *md, MDC2_CTX *c)
+{
+    unsigned int i;
+    int j;
+
+    i = c->num;
+    j = c->pad_type;
+    if ((i > 0) || (j == 2)) {
+        if (j == 2)
+            c->data[i++] = 0x80;
+        memset(&(c->data[i]), 0, MDC2_BLOCK - i);
+        mdc2_body(c, c->data, MDC2_BLOCK);
+    }
+    memcpy(md, (char *)c->h, MDC2_BLOCK);
+    memcpy(&(md[MDC2_BLOCK]), (char *)c->hh, MDC2_BLOCK);
+    return 1;
+}
+
+#undef TEST
+
+#ifdef TEST
+main()
+{
+    unsigned char md[MDC2_DIGEST_LENGTH];
+    int i;
+    MDC2_CTX c;
+    static char *text = "Now is the time for all ";
+
+    MDC2_Init(&c);
+    MDC2_Update(&c, text, strlen(text));
+    MDC2_Final(&(md[0]), &c);
+
+    for (i = 0; i < MDC2_DIGEST_LENGTH; i++)
+        printf("%02X", md[i]);
+    printf("\n");
+}
+
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/mem_clr.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/mem_clr.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/mem_clr.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,81 +0,0 @@
-/* crypto/mem_clr.c -*- mode:C; c-file-style: "eay" -*- */
-/*
- * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
- * 2002.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include <openssl/crypto.h>
-
-unsigned char cleanse_ctr = 0;
-
-void OPENSSL_cleanse(void *ptr, size_t len)
-{
-    unsigned char *p = ptr;
-    size_t loop = len, ctr = cleanse_ctr;
-
-    if (ptr == NULL)
-        return;
-
-    while (loop--) {
-        *(p++) = (unsigned char)ctr;
-        ctr += (17 + ((size_t)p & 0xF));
-    }
-    p = memchr(ptr, (unsigned char)ctr, len);
-    if (p)
-        ctr += (63 + (size_t)p);
-    cleanse_ctr = (unsigned char)ctr;
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/mem_clr.c (from rev 11605, vendor-crypto/openssl/dist/crypto/mem_clr.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/mem_clr.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/mem_clr.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,81 @@
+/* crypto/mem_clr.c */
+/*
+ * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
+ * 2002.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/crypto.h>
+
+unsigned char cleanse_ctr = 0;
+
+void OPENSSL_cleanse(void *ptr, size_t len)
+{
+    unsigned char *p = ptr;
+    size_t loop = len, ctr = cleanse_ctr;
+
+    if (ptr == NULL)
+        return;
+
+    while (loop--) {
+        *(p++) = (unsigned char)ctr;
+        ctr += (17 + ((size_t)p & 0xF));
+    }
+    p = memchr(ptr, (unsigned char)ctr, len);
+    if (p)
+        ctr += (63 + (size_t)p);
+    cleanse_ctr = (unsigned char)ctr;
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/modes/ctr128.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/modes/ctr128.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/modes/ctr128.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,270 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/crypto.h>
-#include "modes_lcl.h"
-#include <string.h>
-
-#ifndef MODES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
-/*
- * NOTE: the IV/counter CTR mode is big-endian.  The code itself is
- * endian-neutral.
- */
-
-/* increment counter (128-bit int) by 1 */
-static void ctr128_inc(unsigned char *counter)
-{
-    u32 n = 16;
-    u8 c;
-
-    do {
-        --n;
-        c = counter[n];
-        ++c;
-        counter[n] = c;
-        if (c)
-            return;
-    } while (n);
-}
-
-#if !defined(OPENSSL_SMALL_FOOTPRINT)
-static void ctr128_inc_aligned(unsigned char *counter)
-{
-    size_t *data, c, n;
-    const union {
-        long one;
-        char little;
-    } is_endian = {
-        1
-    };
-
-    if (is_endian.little) {
-        ctr128_inc(counter);
-        return;
-    }
-
-    data = (size_t *)counter;
-    n = 16 / sizeof(size_t);
-    do {
-        --n;
-        c = data[n];
-        ++c;
-        data[n] = c;
-        if (c)
-            return;
-    } while (n);
-}
-#endif
-
-/*
- * The input encrypted as though 128bit counter mode is being used.  The
- * extra state information to record how much of the 128bit block we have
- * used is contained in *num, and the encrypted counter is kept in
- * ecount_buf.  Both *num and ecount_buf must be initialised with zeros
- * before the first call to CRYPTO_ctr128_encrypt(). This algorithm assumes
- * that the counter is in the x lower bits of the IV (ivec), and that the
- * application has full control over overflow and the rest of the IV.  This
- * implementation takes NO responsability for checking that the counter
- * doesn't overflow into the rest of the IV when incremented.
- */
-void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
-                           size_t len, const void *key,
-                           unsigned char ivec[16],
-                           unsigned char ecount_buf[16], unsigned int *num,
-                           block128_f block)
-{
-    unsigned int n;
-    size_t l = 0;
-
-    assert(in && out && key && ecount_buf && num);
-    assert(*num < 16);
-
-    n = *num;
-
-#if !defined(OPENSSL_SMALL_FOOTPRINT)
-    if (16 % sizeof(size_t) == 0) { /* always true actually */
-        do {
-            while (n && len) {
-                *(out++) = *(in++) ^ ecount_buf[n];
-                --len;
-                n = (n + 1) % 16;
-            }
-
-# if defined(STRICT_ALIGNMENT)
-            if (((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) !=
-                0)
-                break;
-# endif
-            while (len >= 16) {
-                (*block) (ivec, ecount_buf, key);
-                ctr128_inc_aligned(ivec);
-                for (; n < 16; n += sizeof(size_t))
-                    *(size_t *)(out + n) =
-                        *(size_t *)(in + n) ^ *(size_t *)(ecount_buf + n);
-                len -= 16;
-                out += 16;
-                in += 16;
-                n = 0;
-            }
-            if (len) {
-                (*block) (ivec, ecount_buf, key);
-                ctr128_inc_aligned(ivec);
-                while (len--) {
-                    out[n] = in[n] ^ ecount_buf[n];
-                    ++n;
-                }
-            }
-            *num = n;
-            return;
-        } while (0);
-    }
-    /* the rest would be commonly eliminated by x86* compiler */
-#endif
-    while (l < len) {
-        if (n == 0) {
-            (*block) (ivec, ecount_buf, key);
-            ctr128_inc(ivec);
-        }
-        out[l] = in[l] ^ ecount_buf[n];
-        ++l;
-        n = (n + 1) % 16;
-    }
-
-    *num = n;
-}
-
-/* increment upper 96 bits of 128-bit counter by 1 */
-static void ctr96_inc(unsigned char *counter)
-{
-    u32 n = 12;
-    u8 c;
-
-    do {
-        --n;
-        c = counter[n];
-        ++c;
-        counter[n] = c;
-        if (c)
-            return;
-    } while (n);
-}
-
-void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out,
-                                 size_t len, const void *key,
-                                 unsigned char ivec[16],
-                                 unsigned char ecount_buf[16],
-                                 unsigned int *num, ctr128_f func)
-{
-    unsigned int n, ctr32;
-
-    assert(in && out && key && ecount_buf && num);
-    assert(*num < 16);
-
-    n = *num;
-
-    while (n && len) {
-        *(out++) = *(in++) ^ ecount_buf[n];
-        --len;
-        n = (n + 1) % 16;
-    }
-
-    ctr32 = GETU32(ivec + 12);
-    while (len >= 16) {
-        size_t blocks = len / 16;
-        /*
-         * 1<<28 is just a not-so-small yet not-so-large number...
-         * Below condition is practically never met, but it has to
-         * be checked for code correctness.
-         */
-        if (sizeof(size_t) > sizeof(unsigned int) && blocks > (1U << 28))
-            blocks = (1U << 28);
-        /*
-         * As (*func) operates on 32-bit counter, caller
-         * has to handle overflow. 'if' below detects the
-         * overflow, which is then handled by limiting the
-         * amount of blocks to the exact overflow point...
-         */
-        ctr32 += (u32)blocks;
-        if (ctr32 < blocks) {
-            blocks -= ctr32;
-            ctr32 = 0;
-        }
-        (*func) (in, out, blocks, key, ivec);
-        /* (*ctr) does not update ivec, caller does: */
-        PUTU32(ivec + 12, ctr32);
-        /* ... overflow was detected, propogate carry. */
-        if (ctr32 == 0)
-            ctr96_inc(ivec);
-        blocks *= 16;
-        len -= blocks;
-        out += blocks;
-        in += blocks;
-    }
-    if (len) {
-        memset(ecount_buf, 0, 16);
-        (*func) (ecount_buf, ecount_buf, 1, key, ivec);
-        ++ctr32;
-        PUTU32(ivec + 12, ctr32);
-        if (ctr32 == 0)
-            ctr96_inc(ivec);
-        while (len--) {
-            out[n] = in[n] ^ ecount_buf[n];
-            ++n;
-        }
-    }
-
-    *num = n;
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/modes/ctr128.c (from rev 11605, vendor-crypto/openssl/dist/crypto/modes/ctr128.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/modes/ctr128.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/modes/ctr128.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,263 @@
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <openssl/crypto.h>
+#include "modes_lcl.h"
+#include <string.h>
+
+#ifndef MODES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+/*
+ * NOTE: the IV/counter CTR mode is big-endian.  The code itself is
+ * endian-neutral.
+ */
+
+/* increment counter (128-bit int) by 1 */
+static void ctr128_inc(unsigned char *counter)
+{
+    u32 n = 16, c = 1;
+
+    do {
+        --n;
+        c += counter[n];
+        counter[n] = (u8)c;
+        c >>= 8;
+    } while (n);
+}
+
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+static void ctr128_inc_aligned(unsigned char *counter)
+{
+    size_t *data, c, d, n;
+    const union {
+        long one;
+        char little;
+    } is_endian = {
+        1
+    };
+
+    if (is_endian.little || ((size_t)counter % sizeof(size_t)) != 0) {
+        ctr128_inc(counter);
+        return;
+    }
+
+    data = (size_t *)counter;
+    c = 1;
+    n = 16 / sizeof(size_t);
+    do {
+        --n;
+        d = data[n] += c;
+        /* did addition carry? */
+        c = ((d - c) ^ d) >> (sizeof(size_t) * 8 - 1);
+    } while (n);
+}
+#endif
+
+/*
+ * The input encrypted as though 128bit counter mode is being used.  The
+ * extra state information to record how much of the 128bit block we have
+ * used is contained in *num, and the encrypted counter is kept in
+ * ecount_buf.  Both *num and ecount_buf must be initialised with zeros
+ * before the first call to CRYPTO_ctr128_encrypt(). This algorithm assumes
+ * that the counter is in the x lower bits of the IV (ivec), and that the
+ * application has full control over overflow and the rest of the IV.  This
+ * implementation takes NO responsability for checking that the counter
+ * doesn't overflow into the rest of the IV when incremented.
+ */
+void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const void *key,
+                           unsigned char ivec[16],
+                           unsigned char ecount_buf[16], unsigned int *num,
+                           block128_f block)
+{
+    unsigned int n;
+    size_t l = 0;
+
+    assert(in && out && key && ecount_buf && num);
+    assert(*num < 16);
+
+    n = *num;
+
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+    if (16 % sizeof(size_t) == 0) { /* always true actually */
+        do {
+            while (n && len) {
+                *(out++) = *(in++) ^ ecount_buf[n];
+                --len;
+                n = (n + 1) % 16;
+            }
+
+# if defined(STRICT_ALIGNMENT)
+            if (((size_t)in | (size_t)out | (size_t)ecount_buf)
+                % sizeof(size_t) != 0)
+                break;
+# endif
+            while (len >= 16) {
+                (*block) (ivec, ecount_buf, key);
+                ctr128_inc_aligned(ivec);
+                for (n = 0; n < 16; n += sizeof(size_t))
+                    *(size_t *)(out + n) =
+                        *(size_t *)(in + n) ^ *(size_t *)(ecount_buf + n);
+                len -= 16;
+                out += 16;
+                in += 16;
+                n = 0;
+            }
+            if (len) {
+                (*block) (ivec, ecount_buf, key);
+                ctr128_inc_aligned(ivec);
+                while (len--) {
+                    out[n] = in[n] ^ ecount_buf[n];
+                    ++n;
+                }
+            }
+            *num = n;
+            return;
+        } while (0);
+    }
+    /* the rest would be commonly eliminated by x86* compiler */
+#endif
+    while (l < len) {
+        if (n == 0) {
+            (*block) (ivec, ecount_buf, key);
+            ctr128_inc(ivec);
+        }
+        out[l] = in[l] ^ ecount_buf[n];
+        ++l;
+        n = (n + 1) % 16;
+    }
+
+    *num = n;
+}
+
+/* increment upper 96 bits of 128-bit counter by 1 */
+static void ctr96_inc(unsigned char *counter)
+{
+    u32 n = 12, c = 1;
+
+    do {
+        --n;
+        c += counter[n];
+        counter[n] = (u8)c;
+        c >>= 8;
+    } while (n);
+}
+
+void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out,
+                                 size_t len, const void *key,
+                                 unsigned char ivec[16],
+                                 unsigned char ecount_buf[16],
+                                 unsigned int *num, ctr128_f func)
+{
+    unsigned int n, ctr32;
+
+    assert(in && out && key && ecount_buf && num);
+    assert(*num < 16);
+
+    n = *num;
+
+    while (n && len) {
+        *(out++) = *(in++) ^ ecount_buf[n];
+        --len;
+        n = (n + 1) % 16;
+    }
+
+    ctr32 = GETU32(ivec + 12);
+    while (len >= 16) {
+        size_t blocks = len / 16;
+        /*
+         * 1<<28 is just a not-so-small yet not-so-large number...
+         * Below condition is practically never met, but it has to
+         * be checked for code correctness.
+         */
+        if (sizeof(size_t) > sizeof(unsigned int) && blocks > (1U << 28))
+            blocks = (1U << 28);
+        /*
+         * As (*func) operates on 32-bit counter, caller
+         * has to handle overflow. 'if' below detects the
+         * overflow, which is then handled by limiting the
+         * amount of blocks to the exact overflow point...
+         */
+        ctr32 += (u32)blocks;
+        if (ctr32 < blocks) {
+            blocks -= ctr32;
+            ctr32 = 0;
+        }
+        (*func) (in, out, blocks, key, ivec);
+        /* (*ctr) does not update ivec, caller does: */
+        PUTU32(ivec + 12, ctr32);
+        /* ... overflow was detected, propogate carry. */
+        if (ctr32 == 0)
+            ctr96_inc(ivec);
+        blocks *= 16;
+        len -= blocks;
+        out += blocks;
+        in += blocks;
+    }
+    if (len) {
+        memset(ecount_buf, 0, 16);
+        (*func) (ecount_buf, ecount_buf, 1, key, ivec);
+        ++ctr32;
+        PUTU32(ivec + 12, ctr32);
+        if (ctr32 == 0)
+            ctr96_inc(ivec);
+        while (len--) {
+            out[n] = in[n] ^ ecount_buf[n];
+            ++n;
+        }
+    }
+
+    *num = n;
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/o_dir.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/o_dir.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/o_dir.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,86 +0,0 @@
-/* crypto/o_dir.c -*- mode:C; c-file-style: "eay" -*- */
-/*
- * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
- * 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <errno.h>
-#include <e_os.h>
-
-/*
- * The routines really come from the Levitte Programming, so to make life
- * simple, let's just use the raw files and hack the symbols to fit our
- * namespace.
- */
-#define LP_DIR_CTX OPENSSL_DIR_CTX
-#define LP_dir_context_st OPENSSL_dir_context_st
-#define LP_find_file OPENSSL_DIR_read
-#define LP_find_file_end OPENSSL_DIR_end
-
-#include "o_dir.h"
-
-#define LPDIR_H
-#if defined OPENSSL_SYS_UNIX || defined DJGPP
-# include "LPdir_unix.c"
-#elif defined OPENSSL_SYS_VMS
-# include "LPdir_vms.c"
-#elif defined OPENSSL_SYS_WIN32
-# include "LPdir_win32.c"
-#elif defined OPENSSL_SYS_WINCE
-# include "LPdir_wince.c"
-#else
-# include "LPdir_nyi.c"
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/o_dir.c (from rev 11605, vendor-crypto/openssl/dist/crypto/o_dir.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/o_dir.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/o_dir.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,86 @@
+/* crypto/o_dir.c */
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2004.
+ */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <errno.h>
+#include <e_os.h>
+
+/*
+ * The routines really come from the Levitte Programming, so to make life
+ * simple, let's just use the raw files and hack the symbols to fit our
+ * namespace.
+ */
+#define LP_DIR_CTX OPENSSL_DIR_CTX
+#define LP_dir_context_st OPENSSL_dir_context_st
+#define LP_find_file OPENSSL_DIR_read
+#define LP_find_file_end OPENSSL_DIR_end
+
+#include "o_dir.h"
+
+#define LPDIR_H
+#if defined OPENSSL_SYS_UNIX || defined DJGPP
+# include "LPdir_unix.c"
+#elif defined OPENSSL_SYS_VMS
+# include "LPdir_vms.c"
+#elif defined OPENSSL_SYS_WIN32
+# include "LPdir_win32.c"
+#elif defined OPENSSL_SYS_WINCE
+# include "LPdir_wince.c"
+#else
+# include "LPdir_nyi.c"
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/o_dir.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/o_dir.h	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/o_dir.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,55 +0,0 @@
-/* crypto/o_dir.h -*- mode:C; c-file-style: "eay" -*- */
-/*
- * Copied from Richard Levitte's (richard at levitte.org) LP library.  All
- * symbol names have been changed, with permission from the author.
- */
-
-/* $LP: LPlib/source/LPdir.h,v 1.1 2004/06/14 08:56:04 _cvs_levitte Exp $ */
-/*
- * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef O_DIR_H
-# define O_DIR_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct OPENSSL_dir_context_st OPENSSL_DIR_CTX;
-
-  /*
-   * returns NULL on error or end-of-directory. If it is end-of-directory,
-   * errno will be zero
-   */
-const char *OPENSSL_DIR_read(OPENSSL_DIR_CTX **ctx, const char *directory);
-  /* returns 1 on success, 0 on error */
-int OPENSSL_DIR_end(OPENSSL_DIR_CTX **ctx);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif                          /* LPDIR_H */

Copied: vendor-crypto/openssl/1.0.1u/crypto/o_dir.h (from rev 11605, vendor-crypto/openssl/dist/crypto/o_dir.h)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/o_dir.h	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/o_dir.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,55 @@
+/* crypto/o_dir.h */
+/*
+ * Copied from Richard Levitte's (richard at levitte.org) LP library.  All
+ * symbol names have been changed, with permission from the author.
+ */
+
+/* $LP: LPlib/source/LPdir.h,v 1.1 2004/06/14 08:56:04 _cvs_levitte Exp $ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef O_DIR_H
+# define O_DIR_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct OPENSSL_dir_context_st OPENSSL_DIR_CTX;
+
+  /*
+   * returns NULL on error or end-of-directory. If it is end-of-directory,
+   * errno will be zero
+   */
+const char *OPENSSL_DIR_read(OPENSSL_DIR_CTX **ctx, const char *directory);
+  /* returns 1 on success, 0 on error */
+int OPENSSL_DIR_end(OPENSSL_DIR_CTX **ctx);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif                          /* LPDIR_H */

Deleted: vendor-crypto/openssl/1.0.1u/crypto/o_dir_test.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/o_dir_test.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/o_dir_test.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,68 +0,0 @@
-/* crypto/o_dir.h -*- mode:C; c-file-style: "eay" -*- */
-/*
- * Copied from Richard Levitte's (richard at levitte.org) LP library.  All
- * symbol names have been changed, with permission from the author.
- */
-
-/* $LP: LPlib/test/test_dir.c,v 1.1 2004/06/16 22:59:47 _cvs_levitte Exp $ */
-/*
- * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <stddef.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <errno.h>
-#include "e_os2.h"
-#include "o_dir.h"
-
-#if defined OPENSSL_SYS_UNIX || defined OPENSSL_SYS_WIN32 || defined OPENSSL_SYS_WINCE
-# define CURRDIR "."
-#elif defined OPENSSL_SYS_VMS
-# define CURRDIR "SYS$DISK:[]"
-#else
-# error "No supported platform defined!"
-#endif
-
-int main()
-{
-    OPENSSL_DIR_CTX *ctx = NULL;
-    const char *result;
-
-    while ((result = OPENSSL_DIR_read(&ctx, CURRDIR)) != NULL) {
-        printf("%s\n", result);
-    }
-
-    if (errno) {
-        perror("test_dir");
-        exit(1);
-    }
-
-    if (!OPENSSL_DIR_end(&ctx)) {
-        perror("test_dir");
-        exit(2);
-    }
-    exit(0);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/o_dir_test.c (from rev 11605, vendor-crypto/openssl/dist/crypto/o_dir_test.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/o_dir_test.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/o_dir_test.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,68 @@
+/* crypto/o_dir.h */
+/*
+ * Copied from Richard Levitte's (richard at levitte.org) LP library.  All
+ * symbol names have been changed, with permission from the author.
+ */
+
+/* $LP: LPlib/test/test_dir.c,v 1.1 2004/06/16 22:59:47 _cvs_levitte Exp $ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <stddef.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include "e_os2.h"
+#include "o_dir.h"
+
+#if defined OPENSSL_SYS_UNIX || defined OPENSSL_SYS_WIN32 || defined OPENSSL_SYS_WINCE
+# define CURRDIR "."
+#elif defined OPENSSL_SYS_VMS
+# define CURRDIR "SYS$DISK:[]"
+#else
+# error "No supported platform defined!"
+#endif
+
+int main()
+{
+    OPENSSL_DIR_CTX *ctx = NULL;
+    const char *result;
+
+    while ((result = OPENSSL_DIR_read(&ctx, CURRDIR)) != NULL) {
+        printf("%s\n", result);
+    }
+
+    if (errno) {
+        perror("test_dir");
+        exit(1);
+    }
+
+    if (!OPENSSL_DIR_end(&ctx)) {
+        perror("test_dir");
+        exit(2);
+    }
+    exit(0);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/o_str.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/o_str.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/o_str.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,116 +0,0 @@
-/* crypto/o_str.c -*- mode:C; c-file-style: "eay" -*- */
-/*
- * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
- * 2003.
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <ctype.h>
-#include <e_os.h>
-#include "o_str.h"
-
-#if !defined(OPENSSL_IMPLEMENTS_strncasecmp) && \
-    !defined(OPENSSL_SYSNAME_WIN32) && \
-    !defined(NETWARE_CLIB)
-# include <strings.h>
-#endif
-
-int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n)
-{
-#if defined(OPENSSL_IMPLEMENTS_strncasecmp)
-    while (*str1 && *str2 && n) {
-        int res = toupper(*str1) - toupper(*str2);
-        if (res)
-            return res < 0 ? -1 : 1;
-        str1++;
-        str2++;
-        n--;
-    }
-    if (n == 0)
-        return 0;
-    if (*str1)
-        return 1;
-    if (*str2)
-        return -1;
-    return 0;
-#else
-    /*
-     * Recursion hazard warning! Whenever strncasecmp is #defined as
-     * OPENSSL_strncasecmp, OPENSSL_IMPLEMENTS_strncasecmp must be defined as
-     * well.
-     */
-    return strncasecmp(str1, str2, n);
-#endif
-}
-
-int OPENSSL_strcasecmp(const char *str1, const char *str2)
-{
-#if defined(OPENSSL_IMPLEMENTS_strncasecmp)
-    return OPENSSL_strncasecmp(str1, str2, (size_t)-1);
-#else
-    return strcasecmp(str1, str2);
-#endif
-}
-
-int OPENSSL_memcmp(const void *v1, const void *v2, size_t n)
-{
-    const unsigned char *c1 = v1, *c2 = v2;
-    int ret = 0;
-
-    while (n && (ret = *c1 - *c2) == 0)
-        n--, c1++, c2++;
-
-    return ret;
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/o_str.c (from rev 11605, vendor-crypto/openssl/dist/crypto/o_str.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/o_str.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/o_str.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,116 @@
+/* crypto/o_str.c */
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <ctype.h>
+#include <e_os.h>
+#include "o_str.h"
+
+#if !defined(OPENSSL_IMPLEMENTS_strncasecmp) && \
+    !defined(OPENSSL_SYSNAME_WIN32) && \
+    !defined(NETWARE_CLIB)
+# include <strings.h>
+#endif
+
+int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n)
+{
+#if defined(OPENSSL_IMPLEMENTS_strncasecmp)
+    while (*str1 && *str2 && n) {
+        int res = toupper(*str1) - toupper(*str2);
+        if (res)
+            return res < 0 ? -1 : 1;
+        str1++;
+        str2++;
+        n--;
+    }
+    if (n == 0)
+        return 0;
+    if (*str1)
+        return 1;
+    if (*str2)
+        return -1;
+    return 0;
+#else
+    /*
+     * Recursion hazard warning! Whenever strncasecmp is #defined as
+     * OPENSSL_strncasecmp, OPENSSL_IMPLEMENTS_strncasecmp must be defined as
+     * well.
+     */
+    return strncasecmp(str1, str2, n);
+#endif
+}
+
+int OPENSSL_strcasecmp(const char *str1, const char *str2)
+{
+#if defined(OPENSSL_IMPLEMENTS_strncasecmp)
+    return OPENSSL_strncasecmp(str1, str2, (size_t)-1);
+#else
+    return strcasecmp(str1, str2);
+#endif
+}
+
+int OPENSSL_memcmp(const void *v1, const void *v2, size_t n)
+{
+    const unsigned char *c1 = v1, *c2 = v2;
+    int ret = 0;
+
+    while (n && (ret = *c1 - *c2) == 0)
+        n--, c1++, c2++;
+
+    return ret;
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/o_str.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/o_str.h	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/o_str.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,69 +0,0 @@
-/* crypto/o_str.h -*- mode:C; c-file-style: "eay" -*- */
-/*
- * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
- * 2003.
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_O_STR_H
-# define HEADER_O_STR_H
-
-# include <stddef.h>            /* to get size_t */
-
-int OPENSSL_strcasecmp(const char *str1, const char *str2);
-int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n);
-int OPENSSL_memcmp(const void *p1, const void *p2, size_t n);
-
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/o_str.h (from rev 11605, vendor-crypto/openssl/dist/crypto/o_str.h)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/o_str.h	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/o_str.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,69 @@
+/* crypto/o_str.h */
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_O_STR_H
+# define HEADER_O_STR_H
+
+# include <stddef.h>            /* to get size_t */
+
+int OPENSSL_strcasecmp(const char *str1, const char *str2);
+int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n);
+int OPENSSL_memcmp(const void *p1, const void *p2, size_t n);
+
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/o_time.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/o_time.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/o_time.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,380 +0,0 @@
-/* crypto/o_time.c -*- mode:C; c-file-style: "eay" -*- */
-/*
- * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
- * 2001.
- */
-/*
- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
- * 2008.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <openssl/e_os2.h>
-#include <string.h>
-#include "o_time.h"
-
-#ifdef OPENSSL_SYS_VMS
-# if __CRTL_VER >= 70000000 && \
-     (defined _POSIX_C_SOURCE || !defined _ANSI_C_SOURCE)
-#  define VMS_GMTIME_OK
-# endif
-# ifndef VMS_GMTIME_OK
-#  include <libdtdef.h>
-#  include <lib$routines.h>
-#  include <lnmdef.h>
-#  include <starlet.h>
-#  include <descrip.h>
-#  include <stdlib.h>
-# endif                         /* ndef VMS_GMTIME_OK */
-#endif
-
-struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
-{
-    struct tm *ts = NULL;
-
-#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS)
-    /*
-     * should return &data, but doesn't on some systems, so we don't even
-     * look at the return value
-     */
-    gmtime_r(timer, result);
-    ts = result;
-#elif !defined(OPENSSL_SYS_VMS) || defined(VMS_GMTIME_OK)
-    ts = gmtime(timer);
-    if (ts == NULL)
-        return NULL;
-
-    memcpy(result, ts, sizeof(struct tm));
-    ts = result;
-#endif
-#if defined( OPENSSL_SYS_VMS) && !defined( VMS_GMTIME_OK)
-    if (ts == NULL) {
-        static $DESCRIPTOR(tabnam, "LNM$DCL_LOGICAL");
-        static $DESCRIPTOR(lognam, "SYS$TIMEZONE_DIFFERENTIAL");
-        char logvalue[256];
-        unsigned int reslen = 0;
-        struct {
-            short buflen;
-            short code;
-            void *bufaddr;
-            unsigned int *reslen;
-        } itemlist[] = {
-            {
-                0, LNM$_STRING, 0, 0
-            },
-            {
-                0, 0, 0, 0
-            },
-        };
-        int status;
-        time_t t;
-
-        /* Get the value for SYS$TIMEZONE_DIFFERENTIAL */
-        itemlist[0].buflen = sizeof(logvalue);
-        itemlist[0].bufaddr = logvalue;
-        itemlist[0].reslen = &reslen;
-        status = sys$trnlnm(0, &tabnam, &lognam, 0, itemlist);
-        if (!(status & 1))
-            return NULL;
-        logvalue[reslen] = '\0';
-
-        t = *timer;
-
-/* The following is extracted from the DEC C header time.h */
-        /*
-         **  Beginning in OpenVMS Version 7.0 mktime, time, ctime, strftime
-         **  have two implementations.  One implementation is provided
-         **  for compatibility and deals with time in terms of local time,
-         **  the other __utc_* deals with time in terms of UTC.
-         */
-        /*
-         * We use the same conditions as in said time.h to check if we should
-         * assume that t contains local time (and should therefore be
-         * adjusted) or UTC (and should therefore be left untouched).
-         */
-# if __CRTL_VER < 70000000 || defined _VMS_V6_SOURCE
-        /* Get the numerical value of the equivalence string */
-        status = atoi(logvalue);
-
-        /* and use it to move time to GMT */
-        t -= status;
-# endif
-
-        /* then convert the result to the time structure */
-
-        /*
-         * Since there was no gmtime_r() to do this stuff for us, we have to
-         * do it the hard way.
-         */
-        {
-            /*-
-             * The VMS epoch is the astronomical Smithsonian date,
-               if I remember correctly, which is November 17, 1858.
-               Furthermore, time is measure in thenths of microseconds
-               and stored in quadwords (64 bit integers).  unix_epoch
-               below is January 1st 1970 expressed as a VMS time.  The
-               following code was used to get this number:
-
-               #include <stdio.h>
-               #include <stdlib.h>
-               #include <lib$routines.h>
-               #include <starlet.h>
-
-               main()
-               {
-                 unsigned long systime[2];
-                 unsigned short epoch_values[7] =
-                   { 1970, 1, 1, 0, 0, 0, 0 };
-
-                 lib$cvt_vectim(epoch_values, systime);
-
-                 printf("%u %u", systime[0], systime[1]);
-               }
-            */
-            unsigned long unix_epoch[2] = { 1273708544, 8164711 };
-            unsigned long deltatime[2];
-            unsigned long systime[2];
-            struct vms_vectime {
-                short year, month, day, hour, minute, second, centi_second;
-            } time_values;
-            long operation;
-
-            /*
-             * Turn the number of seconds since January 1st 1970 to an
-             * internal delta time. Note that lib$cvt_to_internal_time() will
-             * assume that t is signed, and will therefore break on 32-bit
-             * systems some time in 2038.
-             */
-            operation = LIB$K_DELTA_SECONDS;
-            status = lib$cvt_to_internal_time(&operation, &t, deltatime);
-
-            /*
-             * Add the delta time with the Unix epoch and we have the current
-             * UTC time in internal format
-             */
-            status = lib$add_times(unix_epoch, deltatime, systime);
-
-            /* Turn the internal time into a time vector */
-            status = sys$numtim(&time_values, systime);
-
-            /* Fill in the struct tm with the result */
-            result->tm_sec = time_values.second;
-            result->tm_min = time_values.minute;
-            result->tm_hour = time_values.hour;
-            result->tm_mday = time_values.day;
-            result->tm_mon = time_values.month - 1;
-            result->tm_year = time_values.year - 1900;
-
-            operation = LIB$K_DAY_OF_WEEK;
-            status = lib$cvt_from_internal_time(&operation,
-                                                &result->tm_wday, systime);
-            result->tm_wday %= 7;
-
-            operation = LIB$K_DAY_OF_YEAR;
-            status = lib$cvt_from_internal_time(&operation,
-                                                &result->tm_yday, systime);
-            result->tm_yday--;
-
-            result->tm_isdst = 0; /* There's no way to know... */
-
-            ts = result;
-        }
-    }
-#endif
-    return ts;
-}
-
-/*
- * Take a tm structure and add an offset to it. This avoids any OS issues
- * with restricted date types and overflows which cause the year 2038
- * problem.
- */
-
-#define SECS_PER_DAY (24 * 60 * 60)
-
-static long date_to_julian(int y, int m, int d);
-static void julian_to_date(long jd, int *y, int *m, int *d);
-
-int OPENSSL_gmtime_adj(struct tm *tm, int off_day, long offset_sec)
-{
-    int offset_hms, offset_day;
-    long time_jd;
-    int time_year, time_month, time_day;
-    /* split offset into days and day seconds */
-    offset_day = offset_sec / SECS_PER_DAY;
-    /* Avoid sign issues with % operator */
-    offset_hms = offset_sec - (offset_day * SECS_PER_DAY);
-    offset_day += off_day;
-    /* Add current time seconds to offset */
-    offset_hms += tm->tm_hour * 3600 + tm->tm_min * 60 + tm->tm_sec;
-    /* Adjust day seconds if overflow */
-    if (offset_hms >= SECS_PER_DAY) {
-        offset_day++;
-        offset_hms -= SECS_PER_DAY;
-    } else if (offset_hms < 0) {
-        offset_day--;
-        offset_hms += SECS_PER_DAY;
-    }
-
-    /*
-     * Convert date of time structure into a Julian day number.
-     */
-
-    time_year = tm->tm_year + 1900;
-    time_month = tm->tm_mon + 1;
-    time_day = tm->tm_mday;
-
-    time_jd = date_to_julian(time_year, time_month, time_day);
-
-    /* Work out Julian day of new date */
-    time_jd += offset_day;
-
-    if (time_jd < 0)
-        return 0;
-
-    /* Convert Julian day back to date */
-
-    julian_to_date(time_jd, &time_year, &time_month, &time_day);
-
-    if (time_year < 1900 || time_year > 9999)
-        return 0;
-
-    /* Update tm structure */
-
-    tm->tm_year = time_year - 1900;
-    tm->tm_mon = time_month - 1;
-    tm->tm_mday = time_day;
-
-    tm->tm_hour = offset_hms / 3600;
-    tm->tm_min = (offset_hms / 60) % 60;
-    tm->tm_sec = offset_hms % 60;
-
-    return 1;
-
-}
-
-/*
- * Convert date to and from julian day Uses Fliegel & Van Flandern algorithm
- */
-static long date_to_julian(int y, int m, int d)
-{
-    return (1461 * (y + 4800 + (m - 14) / 12)) / 4 +
-        (367 * (m - 2 - 12 * ((m - 14) / 12))) / 12 -
-        (3 * ((y + 4900 + (m - 14) / 12) / 100)) / 4 + d - 32075;
-}
-
-static void julian_to_date(long jd, int *y, int *m, int *d)
-{
-    long L = jd + 68569;
-    long n = (4 * L) / 146097;
-    long i, j;
-
-    L = L - (146097 * n + 3) / 4;
-    i = (4000 * (L + 1)) / 1461001;
-    L = L - (1461 * i) / 4 + 31;
-    j = (80 * L) / 2447;
-    *d = L - (2447 * j) / 80;
-    L = j / 11;
-    *m = j + 2 - (12 * L);
-    *y = 100 * (n - 49) + i + L;
-}
-
-#ifdef OPENSSL_TIME_TEST
-
-# include <stdio.h>
-
-/*
- * Time checking test code. Check times are identical for a wide range of
- * offsets. This should be run on a machine with 64 bit time_t or it will
- * trigger the very errors the routines fix.
- */
-
-int main(int argc, char **argv)
-{
-    long offset;
-    for (offset = 0; offset < 1000000; offset++) {
-        check_time(offset);
-        check_time(-offset);
-        check_time(offset * 1000);
-        check_time(-offset * 1000);
-    }
-}
-
-int check_time(long offset)
-{
-    struct tm tm1, tm2;
-    time_t t1, t2;
-    time(&t1);
-    t2 = t1 + offset;
-    OPENSSL_gmtime(&t2, &tm2);
-    OPENSSL_gmtime(&t1, &tm1);
-    OPENSSL_gmtime_adj(&tm1, 0, offset);
-    if ((tm1.tm_year == tm2.tm_year) &&
-        (tm1.tm_mon == tm2.tm_mon) &&
-        (tm1.tm_mday == tm2.tm_mday) &&
-        (tm1.tm_hour == tm2.tm_hour) &&
-        (tm1.tm_min == tm2.tm_min) && (tm1.tm_sec == tm2.tm_sec))
-        return 1;
-    fprintf(stderr, "TIME ERROR!!\n");
-    fprintf(stderr, "Time1: %d/%d/%d, %d:%02d:%02d\n",
-            tm2.tm_mday, tm2.tm_mon + 1, tm2.tm_year + 1900,
-            tm2.tm_hour, tm2.tm_min, tm2.tm_sec);
-    fprintf(stderr, "Time2: %d/%d/%d, %d:%02d:%02d\n",
-            tm1.tm_mday, tm1.tm_mon + 1, tm1.tm_year + 1900,
-            tm1.tm_hour, tm1.tm_min, tm1.tm_sec);
-    return 0;
-}
-
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/o_time.c (from rev 11605, vendor-crypto/openssl/dist/crypto/o_time.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/o_time.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/o_time.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,380 @@
+/* crypto/o_time.c */
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2001.
+ */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2008.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <openssl/e_os2.h>
+#include <string.h>
+#include "o_time.h"
+
+#ifdef OPENSSL_SYS_VMS
+# if __CRTL_VER >= 70000000 && \
+     (defined _POSIX_C_SOURCE || !defined _ANSI_C_SOURCE)
+#  define VMS_GMTIME_OK
+# endif
+# ifndef VMS_GMTIME_OK
+#  include <libdtdef.h>
+#  include <lib$routines.h>
+#  include <lnmdef.h>
+#  include <starlet.h>
+#  include <descrip.h>
+#  include <stdlib.h>
+# endif                         /* ndef VMS_GMTIME_OK */
+#endif
+
+struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
+{
+    struct tm *ts = NULL;
+
+#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS)
+    /*
+     * should return &data, but doesn't on some systems, so we don't even
+     * look at the return value
+     */
+    gmtime_r(timer, result);
+    ts = result;
+#elif !defined(OPENSSL_SYS_VMS) || defined(VMS_GMTIME_OK)
+    ts = gmtime(timer);
+    if (ts == NULL)
+        return NULL;
+
+    memcpy(result, ts, sizeof(struct tm));
+    ts = result;
+#endif
+#if defined( OPENSSL_SYS_VMS) && !defined( VMS_GMTIME_OK)
+    if (ts == NULL) {
+        static $DESCRIPTOR(tabnam, "LNM$DCL_LOGICAL");
+        static $DESCRIPTOR(lognam, "SYS$TIMEZONE_DIFFERENTIAL");
+        char logvalue[256];
+        unsigned int reslen = 0;
+        struct {
+            short buflen;
+            short code;
+            void *bufaddr;
+            unsigned int *reslen;
+        } itemlist[] = {
+            {
+                0, LNM$_STRING, 0, 0
+            },
+            {
+                0, 0, 0, 0
+            },
+        };
+        int status;
+        time_t t;
+
+        /* Get the value for SYS$TIMEZONE_DIFFERENTIAL */
+        itemlist[0].buflen = sizeof(logvalue);
+        itemlist[0].bufaddr = logvalue;
+        itemlist[0].reslen = &reslen;
+        status = sys$trnlnm(0, &tabnam, &lognam, 0, itemlist);
+        if (!(status & 1))
+            return NULL;
+        logvalue[reslen] = '\0';
+
+        t = *timer;
+
+/* The following is extracted from the DEC C header time.h */
+        /*
+         **  Beginning in OpenVMS Version 7.0 mktime, time, ctime, strftime
+         **  have two implementations.  One implementation is provided
+         **  for compatibility and deals with time in terms of local time,
+         **  the other __utc_* deals with time in terms of UTC.
+         */
+        /*
+         * We use the same conditions as in said time.h to check if we should
+         * assume that t contains local time (and should therefore be
+         * adjusted) or UTC (and should therefore be left untouched).
+         */
+# if __CRTL_VER < 70000000 || defined _VMS_V6_SOURCE
+        /* Get the numerical value of the equivalence string */
+        status = atoi(logvalue);
+
+        /* and use it to move time to GMT */
+        t -= status;
+# endif
+
+        /* then convert the result to the time structure */
+
+        /*
+         * Since there was no gmtime_r() to do this stuff for us, we have to
+         * do it the hard way.
+         */
+        {
+            /*-
+             * The VMS epoch is the astronomical Smithsonian date,
+               if I remember correctly, which is November 17, 1858.
+               Furthermore, time is measure in thenths of microseconds
+               and stored in quadwords (64 bit integers).  unix_epoch
+               below is January 1st 1970 expressed as a VMS time.  The
+               following code was used to get this number:
+
+               #include <stdio.h>
+               #include <stdlib.h>
+               #include <lib$routines.h>
+               #include <starlet.h>
+
+               main()
+               {
+                 unsigned long systime[2];
+                 unsigned short epoch_values[7] =
+                   { 1970, 1, 1, 0, 0, 0, 0 };
+
+                 lib$cvt_vectim(epoch_values, systime);
+
+                 printf("%u %u", systime[0], systime[1]);
+               }
+            */
+            unsigned long unix_epoch[2] = { 1273708544, 8164711 };
+            unsigned long deltatime[2];
+            unsigned long systime[2];
+            struct vms_vectime {
+                short year, month, day, hour, minute, second, centi_second;
+            } time_values;
+            long operation;
+
+            /*
+             * Turn the number of seconds since January 1st 1970 to an
+             * internal delta time. Note that lib$cvt_to_internal_time() will
+             * assume that t is signed, and will therefore break on 32-bit
+             * systems some time in 2038.
+             */
+            operation = LIB$K_DELTA_SECONDS;
+            status = lib$cvt_to_internal_time(&operation, &t, deltatime);
+
+            /*
+             * Add the delta time with the Unix epoch and we have the current
+             * UTC time in internal format
+             */
+            status = lib$add_times(unix_epoch, deltatime, systime);
+
+            /* Turn the internal time into a time vector */
+            status = sys$numtim(&time_values, systime);
+
+            /* Fill in the struct tm with the result */
+            result->tm_sec = time_values.second;
+            result->tm_min = time_values.minute;
+            result->tm_hour = time_values.hour;
+            result->tm_mday = time_values.day;
+            result->tm_mon = time_values.month - 1;
+            result->tm_year = time_values.year - 1900;
+
+            operation = LIB$K_DAY_OF_WEEK;
+            status = lib$cvt_from_internal_time(&operation,
+                                                &result->tm_wday, systime);
+            result->tm_wday %= 7;
+
+            operation = LIB$K_DAY_OF_YEAR;
+            status = lib$cvt_from_internal_time(&operation,
+                                                &result->tm_yday, systime);
+            result->tm_yday--;
+
+            result->tm_isdst = 0; /* There's no way to know... */
+
+            ts = result;
+        }
+    }
+#endif
+    return ts;
+}
+
+/*
+ * Take a tm structure and add an offset to it. This avoids any OS issues
+ * with restricted date types and overflows which cause the year 2038
+ * problem.
+ */
+
+#define SECS_PER_DAY (24 * 60 * 60)
+
+static long date_to_julian(int y, int m, int d);
+static void julian_to_date(long jd, int *y, int *m, int *d);
+
+int OPENSSL_gmtime_adj(struct tm *tm, int off_day, long offset_sec)
+{
+    int offset_hms, offset_day;
+    long time_jd;
+    int time_year, time_month, time_day;
+    /* split offset into days and day seconds */
+    offset_day = offset_sec / SECS_PER_DAY;
+    /* Avoid sign issues with % operator */
+    offset_hms = offset_sec - (offset_day * SECS_PER_DAY);
+    offset_day += off_day;
+    /* Add current time seconds to offset */
+    offset_hms += tm->tm_hour * 3600 + tm->tm_min * 60 + tm->tm_sec;
+    /* Adjust day seconds if overflow */
+    if (offset_hms >= SECS_PER_DAY) {
+        offset_day++;
+        offset_hms -= SECS_PER_DAY;
+    } else if (offset_hms < 0) {
+        offset_day--;
+        offset_hms += SECS_PER_DAY;
+    }
+
+    /*
+     * Convert date of time structure into a Julian day number.
+     */
+
+    time_year = tm->tm_year + 1900;
+    time_month = tm->tm_mon + 1;
+    time_day = tm->tm_mday;
+
+    time_jd = date_to_julian(time_year, time_month, time_day);
+
+    /* Work out Julian day of new date */
+    time_jd += offset_day;
+
+    if (time_jd < 0)
+        return 0;
+
+    /* Convert Julian day back to date */
+
+    julian_to_date(time_jd, &time_year, &time_month, &time_day);
+
+    if (time_year < 1900 || time_year > 9999)
+        return 0;
+
+    /* Update tm structure */
+
+    tm->tm_year = time_year - 1900;
+    tm->tm_mon = time_month - 1;
+    tm->tm_mday = time_day;
+
+    tm->tm_hour = offset_hms / 3600;
+    tm->tm_min = (offset_hms / 60) % 60;
+    tm->tm_sec = offset_hms % 60;
+
+    return 1;
+
+}
+
+/*
+ * Convert date to and from julian day Uses Fliegel & Van Flandern algorithm
+ */
+static long date_to_julian(int y, int m, int d)
+{
+    return (1461 * (y + 4800 + (m - 14) / 12)) / 4 +
+        (367 * (m - 2 - 12 * ((m - 14) / 12))) / 12 -
+        (3 * ((y + 4900 + (m - 14) / 12) / 100)) / 4 + d - 32075;
+}
+
+static void julian_to_date(long jd, int *y, int *m, int *d)
+{
+    long L = jd + 68569;
+    long n = (4 * L) / 146097;
+    long i, j;
+
+    L = L - (146097 * n + 3) / 4;
+    i = (4000 * (L + 1)) / 1461001;
+    L = L - (1461 * i) / 4 + 31;
+    j = (80 * L) / 2447;
+    *d = L - (2447 * j) / 80;
+    L = j / 11;
+    *m = j + 2 - (12 * L);
+    *y = 100 * (n - 49) + i + L;
+}
+
+#ifdef OPENSSL_TIME_TEST
+
+# include <stdio.h>
+
+/*
+ * Time checking test code. Check times are identical for a wide range of
+ * offsets. This should be run on a machine with 64 bit time_t or it will
+ * trigger the very errors the routines fix.
+ */
+
+int main(int argc, char **argv)
+{
+    long offset;
+    for (offset = 0; offset < 1000000; offset++) {
+        check_time(offset);
+        check_time(-offset);
+        check_time(offset * 1000);
+        check_time(-offset * 1000);
+    }
+}
+
+int check_time(long offset)
+{
+    struct tm tm1, tm2;
+    time_t t1, t2;
+    time(&t1);
+    t2 = t1 + offset;
+    OPENSSL_gmtime(&t2, &tm2);
+    OPENSSL_gmtime(&t1, &tm1);
+    OPENSSL_gmtime_adj(&tm1, 0, offset);
+    if ((tm1.tm_year == tm2.tm_year) &&
+        (tm1.tm_mon == tm2.tm_mon) &&
+        (tm1.tm_mday == tm2.tm_mday) &&
+        (tm1.tm_hour == tm2.tm_hour) &&
+        (tm1.tm_min == tm2.tm_min) && (tm1.tm_sec == tm2.tm_sec))
+        return 1;
+    fprintf(stderr, "TIME ERROR!!\n");
+    fprintf(stderr, "Time1: %d/%d/%d, %d:%02d:%02d\n",
+            tm2.tm_mday, tm2.tm_mon + 1, tm2.tm_year + 1900,
+            tm2.tm_hour, tm2.tm_min, tm2.tm_sec);
+    fprintf(stderr, "Time2: %d/%d/%d, %d:%02d:%02d\n",
+            tm1.tm_mday, tm1.tm_mon + 1, tm1.tm_year + 1900,
+            tm1.tm_hour, tm1.tm_min, tm1.tm_sec);
+    return 0;
+}
+
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/o_time.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/o_time.h	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/o_time.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,68 +0,0 @@
-/* crypto/o_time.h -*- mode:C; c-file-style: "eay" -*- */
-/*
- * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
- * 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_O_TIME_H
-# define HEADER_O_TIME_H
-
-# include <time.h>
-
-struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result);
-int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec);
-
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/o_time.h (from rev 11605, vendor-crypto/openssl/dist/crypto/o_time.h)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/o_time.h	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/o_time.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,68 @@
+/* crypto/o_time.h */
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_O_TIME_H
+# define HEADER_O_TIME_H
+
+# include <time.h>
+
+struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result);
+int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec);
+
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/ocsp/ocsp_ext.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ocsp/ocsp_ext.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/ocsp/ocsp_ext.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,566 +0,0 @@
-/* ocsp_ext.c */
-/*
- * Written by Tom Titchener <Tom_Titchener at groove.net> for the OpenSSL
- * project.
- */
-
-/*
- * History: This file was transfered to Richard Levitte from CertCo by Kathy
- * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a
- * patch kit.
- */
-
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <cryptlib.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/ocsp.h>
-#include <openssl/rand.h>
-#include <openssl/x509v3.h>
-
-/* Standard wrapper functions for extensions */
-
-/* OCSP request extensions */
-
-int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x)
-{
-    return (X509v3_get_ext_count(x->tbsRequest->requestExtensions));
-}
-
-int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos)
-{
-    return (X509v3_get_ext_by_NID
-            (x->tbsRequest->requestExtensions, nid, lastpos));
-}
-
-int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj,
-                                int lastpos)
-{
-    return (X509v3_get_ext_by_OBJ
-            (x->tbsRequest->requestExtensions, obj, lastpos));
-}
-
-int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos)
-{
-    return (X509v3_get_ext_by_critical
-            (x->tbsRequest->requestExtensions, crit, lastpos));
-}
-
-X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc)
-{
-    return (X509v3_get_ext(x->tbsRequest->requestExtensions, loc));
-}
-
-X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc)
-{
-    return (X509v3_delete_ext(x->tbsRequest->requestExtensions, loc));
-}
-
-void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx)
-{
-    return X509V3_get_d2i(x->tbsRequest->requestExtensions, nid, crit, idx);
-}
-
-int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
-                              unsigned long flags)
-{
-    return X509V3_add1_i2d(&x->tbsRequest->requestExtensions, nid, value,
-                           crit, flags);
-}
-
-int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc)
-{
-    return (X509v3_add_ext(&(x->tbsRequest->requestExtensions), ex, loc) !=
-            NULL);
-}
-
-/* Single extensions */
-
-int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x)
-{
-    return (X509v3_get_ext_count(x->singleRequestExtensions));
-}
-
-int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos)
-{
-    return (X509v3_get_ext_by_NID(x->singleRequestExtensions, nid, lastpos));
-}
-
-int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos)
-{
-    return (X509v3_get_ext_by_OBJ(x->singleRequestExtensions, obj, lastpos));
-}
-
-int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos)
-{
-    return (X509v3_get_ext_by_critical
-            (x->singleRequestExtensions, crit, lastpos));
-}
-
-X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc)
-{
-    return (X509v3_get_ext(x->singleRequestExtensions, loc));
-}
-
-X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc)
-{
-    return (X509v3_delete_ext(x->singleRequestExtensions, loc));
-}
-
-void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx)
-{
-    return X509V3_get_d2i(x->singleRequestExtensions, nid, crit, idx);
-}
-
-int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit,
-                             unsigned long flags)
-{
-    return X509V3_add1_i2d(&x->singleRequestExtensions, nid, value, crit,
-                           flags);
-}
-
-int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc)
-{
-    return (X509v3_add_ext(&(x->singleRequestExtensions), ex, loc) != NULL);
-}
-
-/* OCSP Basic response */
-
-int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x)
-{
-    return (X509v3_get_ext_count(x->tbsResponseData->responseExtensions));
-}
-
-int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos)
-{
-    return (X509v3_get_ext_by_NID
-            (x->tbsResponseData->responseExtensions, nid, lastpos));
-}
-
-int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj,
-                                  int lastpos)
-{
-    return (X509v3_get_ext_by_OBJ
-            (x->tbsResponseData->responseExtensions, obj, lastpos));
-}
-
-int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit,
-                                       int lastpos)
-{
-    return (X509v3_get_ext_by_critical
-            (x->tbsResponseData->responseExtensions, crit, lastpos));
-}
-
-X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc)
-{
-    return (X509v3_get_ext(x->tbsResponseData->responseExtensions, loc));
-}
-
-X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc)
-{
-    return (X509v3_delete_ext(x->tbsResponseData->responseExtensions, loc));
-}
-
-void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit,
-                                  int *idx)
-{
-    return X509V3_get_d2i(x->tbsResponseData->responseExtensions, nid, crit,
-                          idx);
-}
-
-int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value,
-                                int crit, unsigned long flags)
-{
-    return X509V3_add1_i2d(&x->tbsResponseData->responseExtensions, nid,
-                           value, crit, flags);
-}
-
-int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc)
-{
-    return (X509v3_add_ext(&(x->tbsResponseData->responseExtensions), ex, loc)
-            != NULL);
-}
-
-/* OCSP single response extensions */
-
-int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x)
-{
-    return (X509v3_get_ext_count(x->singleExtensions));
-}
-
-int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos)
-{
-    return (X509v3_get_ext_by_NID(x->singleExtensions, nid, lastpos));
-}
-
-int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj,
-                                   int lastpos)
-{
-    return (X509v3_get_ext_by_OBJ(x->singleExtensions, obj, lastpos));
-}
-
-int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit,
-                                        int lastpos)
-{
-    return (X509v3_get_ext_by_critical(x->singleExtensions, crit, lastpos));
-}
-
-X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc)
-{
-    return (X509v3_get_ext(x->singleExtensions, loc));
-}
-
-X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc)
-{
-    return (X509v3_delete_ext(x->singleExtensions, loc));
-}
-
-void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit,
-                                   int *idx)
-{
-    return X509V3_get_d2i(x->singleExtensions, nid, crit, idx);
-}
-
-int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value,
-                                 int crit, unsigned long flags)
-{
-    return X509V3_add1_i2d(&x->singleExtensions, nid, value, crit, flags);
-}
-
-int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc)
-{
-    return (X509v3_add_ext(&(x->singleExtensions), ex, loc) != NULL);
-}
-
-/* also CRL Entry Extensions */
-#if 0
-ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d,
-                                void *data, STACK_OF(ASN1_OBJECT) *sk)
-{
-    int i;
-    unsigned char *p, *b = NULL;
-
-    if (data) {
-        if ((i = i2d(data, NULL)) <= 0)
-            goto err;
-        if (!(b = p = OPENSSL_malloc((unsigned int)i)))
-            goto err;
-        if (i2d(data, &p) <= 0)
-            goto err;
-    } else if (sk) {
-        if ((i = i2d_ASN1_SET_OF_ASN1_OBJECT(sk, NULL,
-                                             (I2D_OF(ASN1_OBJECT)) i2d,
-                                             V_ASN1_SEQUENCE,
-                                             V_ASN1_UNIVERSAL,
-                                             IS_SEQUENCE)) <= 0)
-             goto err;
-        if (!(b = p = OPENSSL_malloc((unsigned int)i)))
-            goto err;
-        if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk, &p, (I2D_OF(ASN1_OBJECT)) i2d,
-                                        V_ASN1_SEQUENCE,
-                                        V_ASN1_UNIVERSAL, IS_SEQUENCE) <= 0)
-             goto err;
-    } else {
-        OCSPerr(OCSP_F_ASN1_STRING_ENCODE, OCSP_R_BAD_DATA);
-        goto err;
-    }
-    if (!s && !(s = ASN1_STRING_new()))
-        goto err;
-    if (!(ASN1_STRING_set(s, b, i)))
-        goto err;
-    OPENSSL_free(b);
-    return s;
- err:
-    if (b)
-        OPENSSL_free(b);
-    return NULL;
-}
-#endif
-
-/* Nonce handling functions */
-
-/*
- * Add a nonce to an extension stack. A nonce can be specificed or if NULL a
- * random nonce will be generated. Note: OpenSSL 0.9.7d and later create an
- * OCTET STRING containing the nonce, previous versions used the raw nonce.
- */
-
-static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts,
-                           unsigned char *val, int len)
-{
-    unsigned char *tmpval;
-    ASN1_OCTET_STRING os;
-    int ret = 0;
-    if (len <= 0)
-        len = OCSP_DEFAULT_NONCE_LENGTH;
-    /*
-     * Create the OCTET STRING manually by writing out the header and
-     * appending the content octets. This avoids an extra memory allocation
-     * operation in some cases. Applications should *NOT* do this because it
-     * relies on library internals.
-     */
-    os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING);
-    os.data = OPENSSL_malloc(os.length);
-    if (os.data == NULL)
-        goto err;
-    tmpval = os.data;
-    ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL);
-    if (val)
-        memcpy(tmpval, val, len);
-    else if (RAND_pseudo_bytes(tmpval, len) < 0)
-        goto err;
-    if (!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce,
-                         &os, 0, X509V3_ADD_REPLACE))
-        goto err;
-    ret = 1;
- err:
-    if (os.data)
-        OPENSSL_free(os.data);
-    return ret;
-}
-
-/* Add nonce to an OCSP request */
-
-int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len)
-{
-    return ocsp_add1_nonce(&req->tbsRequest->requestExtensions, val, len);
-}
-
-/* Same as above but for a response */
-
-int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len)
-{
-    return ocsp_add1_nonce(&resp->tbsResponseData->responseExtensions, val,
-                           len);
-}
-
-/*-
- * Check nonce validity in a request and response.
- * Return value reflects result:
- *  1: nonces present and equal.
- *  2: nonces both absent.
- *  3: nonce present in response only.
- *  0: nonces both present and not equal.
- * -1: nonce in request only.
- *
- *  For most responders clients can check return > 0.
- *  If responder doesn't handle nonces return != 0 may be
- *  necessary. return == 0 is always an error.
- */
-
-int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs)
-{
-    /*
-     * Since we are only interested in the presence or absence of
-     * the nonce and comparing its value there is no need to use
-     * the X509V3 routines: this way we can avoid them allocating an
-     * ASN1_OCTET_STRING structure for the value which would be
-     * freed immediately anyway.
-     */
-
-    int req_idx, resp_idx;
-    X509_EXTENSION *req_ext, *resp_ext;
-    req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);
-    resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, NID_id_pkix_OCSP_Nonce, -1);
-    /* Check both absent */
-    if ((req_idx < 0) && (resp_idx < 0))
-        return 2;
-    /* Check in request only */
-    if ((req_idx >= 0) && (resp_idx < 0))
-        return -1;
-    /* Check in response but not request */
-    if ((req_idx < 0) && (resp_idx >= 0))
-        return 3;
-    /*
-     * Otherwise nonce in request and response so retrieve the extensions
-     */
-    req_ext = OCSP_REQUEST_get_ext(req, req_idx);
-    resp_ext = OCSP_BASICRESP_get_ext(bs, resp_idx);
-    if (ASN1_OCTET_STRING_cmp(req_ext->value, resp_ext->value))
-        return 0;
-    return 1;
-}
-
-/*
- * Copy the nonce value (if any) from an OCSP request to a response.
- */
-
-int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req)
-{
-    X509_EXTENSION *req_ext;
-    int req_idx;
-    /* Check for nonce in request */
-    req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);
-    /* If no nonce that's OK */
-    if (req_idx < 0)
-        return 2;
-    req_ext = OCSP_REQUEST_get_ext(req, req_idx);
-    return OCSP_BASICRESP_add_ext(resp, req_ext, -1);
-}
-
-X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim)
-{
-    X509_EXTENSION *x = NULL;
-    OCSP_CRLID *cid = NULL;
-
-    if (!(cid = OCSP_CRLID_new()))
-        goto err;
-    if (url) {
-        if (!(cid->crlUrl = ASN1_IA5STRING_new()))
-            goto err;
-        if (!(ASN1_STRING_set(cid->crlUrl, url, -1)))
-            goto err;
-    }
-    if (n) {
-        if (!(cid->crlNum = ASN1_INTEGER_new()))
-            goto err;
-        if (!(ASN1_INTEGER_set(cid->crlNum, *n)))
-            goto err;
-    }
-    if (tim) {
-        if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new()))
-            goto err;
-        if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim)))
-            goto err;
-    }
-    x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid);
- err:
-    if (cid)
-        OCSP_CRLID_free(cid);
-    return x;
-}
-
-/*   AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */
-X509_EXTENSION *OCSP_accept_responses_new(char **oids)
-{
-    int nid;
-    STACK_OF(ASN1_OBJECT) *sk = NULL;
-    ASN1_OBJECT *o = NULL;
-    X509_EXTENSION *x = NULL;
-
-    if (!(sk = sk_ASN1_OBJECT_new_null()))
-        goto err;
-    while (oids && *oids) {
-        if ((nid = OBJ_txt2nid(*oids)) != NID_undef && (o = OBJ_nid2obj(nid)))
-            sk_ASN1_OBJECT_push(sk, o);
-        oids++;
-    }
-    x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk);
- err:
-    if (sk)
-        sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
-    return x;
-}
-
-/*  ArchiveCutoff ::= GeneralizedTime */
-X509_EXTENSION *OCSP_archive_cutoff_new(char *tim)
-{
-    X509_EXTENSION *x = NULL;
-    ASN1_GENERALIZEDTIME *gt = NULL;
-
-    if (!(gt = ASN1_GENERALIZEDTIME_new()))
-        goto err;
-    if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim)))
-        goto err;
-    x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt);
- err:
-    if (gt)
-        ASN1_GENERALIZEDTIME_free(gt);
-    return x;
-}
-
-/*
- * per ACCESS_DESCRIPTION parameter are oids, of which there are currently
- * two--NID_ad_ocsp, NID_id_ad_caIssuers--and GeneralName value.  This method
- * forces NID_ad_ocsp and uniformResourceLocator [6] IA5String.
- */
-X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, char **urls)
-{
-    X509_EXTENSION *x = NULL;
-    ASN1_IA5STRING *ia5 = NULL;
-    OCSP_SERVICELOC *sloc = NULL;
-    ACCESS_DESCRIPTION *ad = NULL;
-
-    if (!(sloc = OCSP_SERVICELOC_new()))
-        goto err;
-    if (!(sloc->issuer = X509_NAME_dup(issuer)))
-        goto err;
-    if (urls && *urls && !(sloc->locator = sk_ACCESS_DESCRIPTION_new_null()))
-        goto err;
-    while (urls && *urls) {
-        if (!(ad = ACCESS_DESCRIPTION_new()))
-            goto err;
-        if (!(ad->method = OBJ_nid2obj(NID_ad_OCSP)))
-            goto err;
-        if (!(ad->location = GENERAL_NAME_new()))
-            goto err;
-        if (!(ia5 = ASN1_IA5STRING_new()))
-            goto err;
-        if (!ASN1_STRING_set((ASN1_STRING *)ia5, *urls, -1))
-            goto err;
-        ad->location->type = GEN_URI;
-        ad->location->d.ia5 = ia5;
-        if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad))
-            goto err;
-        urls++;
-    }
-    x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc);
- err:
-    if (sloc)
-        OCSP_SERVICELOC_free(sloc);
-    return x;
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/ocsp/ocsp_ext.c (from rev 11605, vendor-crypto/openssl/dist/crypto/ocsp/ocsp_ext.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/ocsp/ocsp_ext.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/ocsp/ocsp_ext.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,566 @@
+/* ocsp_ext.c */
+/*
+ * Written by Tom Titchener <Tom_Titchener at groove.net> for the OpenSSL
+ * project.
+ */
+
+/*
+ * History: This file was transfered to Richard Levitte from CertCo by Kathy
+ * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a
+ * patch kit.
+ */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <cryptlib.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/ocsp.h>
+#include <openssl/rand.h>
+#include <openssl/x509v3.h>
+
+/* Standard wrapper functions for extensions */
+
+/* OCSP request extensions */
+
+int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x)
+{
+    return (X509v3_get_ext_count(x->tbsRequest->requestExtensions));
+}
+
+int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos)
+{
+    return (X509v3_get_ext_by_NID
+            (x->tbsRequest->requestExtensions, nid, lastpos));
+}
+
+int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj,
+                                int lastpos)
+{
+    return (X509v3_get_ext_by_OBJ
+            (x->tbsRequest->requestExtensions, obj, lastpos));
+}
+
+int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos)
+{
+    return (X509v3_get_ext_by_critical
+            (x->tbsRequest->requestExtensions, crit, lastpos));
+}
+
+X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc)
+{
+    return (X509v3_get_ext(x->tbsRequest->requestExtensions, loc));
+}
+
+X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc)
+{
+    return (X509v3_delete_ext(x->tbsRequest->requestExtensions, loc));
+}
+
+void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx)
+{
+    return X509V3_get_d2i(x->tbsRequest->requestExtensions, nid, crit, idx);
+}
+
+int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
+                              unsigned long flags)
+{
+    return X509V3_add1_i2d(&x->tbsRequest->requestExtensions, nid, value,
+                           crit, flags);
+}
+
+int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc)
+{
+    return (X509v3_add_ext(&(x->tbsRequest->requestExtensions), ex, loc) !=
+            NULL);
+}
+
+/* Single extensions */
+
+int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x)
+{
+    return (X509v3_get_ext_count(x->singleRequestExtensions));
+}
+
+int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos)
+{
+    return (X509v3_get_ext_by_NID(x->singleRequestExtensions, nid, lastpos));
+}
+
+int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos)
+{
+    return (X509v3_get_ext_by_OBJ(x->singleRequestExtensions, obj, lastpos));
+}
+
+int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos)
+{
+    return (X509v3_get_ext_by_critical
+            (x->singleRequestExtensions, crit, lastpos));
+}
+
+X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc)
+{
+    return (X509v3_get_ext(x->singleRequestExtensions, loc));
+}
+
+X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc)
+{
+    return (X509v3_delete_ext(x->singleRequestExtensions, loc));
+}
+
+void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx)
+{
+    return X509V3_get_d2i(x->singleRequestExtensions, nid, crit, idx);
+}
+
+int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit,
+                             unsigned long flags)
+{
+    return X509V3_add1_i2d(&x->singleRequestExtensions, nid, value, crit,
+                           flags);
+}
+
+int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc)
+{
+    return (X509v3_add_ext(&(x->singleRequestExtensions), ex, loc) != NULL);
+}
+
+/* OCSP Basic response */
+
+int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x)
+{
+    return (X509v3_get_ext_count(x->tbsResponseData->responseExtensions));
+}
+
+int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos)
+{
+    return (X509v3_get_ext_by_NID
+            (x->tbsResponseData->responseExtensions, nid, lastpos));
+}
+
+int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj,
+                                  int lastpos)
+{
+    return (X509v3_get_ext_by_OBJ
+            (x->tbsResponseData->responseExtensions, obj, lastpos));
+}
+
+int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit,
+                                       int lastpos)
+{
+    return (X509v3_get_ext_by_critical
+            (x->tbsResponseData->responseExtensions, crit, lastpos));
+}
+
+X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc)
+{
+    return (X509v3_get_ext(x->tbsResponseData->responseExtensions, loc));
+}
+
+X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc)
+{
+    return (X509v3_delete_ext(x->tbsResponseData->responseExtensions, loc));
+}
+
+void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit,
+                                  int *idx)
+{
+    return X509V3_get_d2i(x->tbsResponseData->responseExtensions, nid, crit,
+                          idx);
+}
+
+int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value,
+                                int crit, unsigned long flags)
+{
+    return X509V3_add1_i2d(&x->tbsResponseData->responseExtensions, nid,
+                           value, crit, flags);
+}
+
+int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc)
+{
+    return (X509v3_add_ext(&(x->tbsResponseData->responseExtensions), ex, loc)
+            != NULL);
+}
+
+/* OCSP single response extensions */
+
+int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x)
+{
+    return (X509v3_get_ext_count(x->singleExtensions));
+}
+
+int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos)
+{
+    return (X509v3_get_ext_by_NID(x->singleExtensions, nid, lastpos));
+}
+
+int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj,
+                                   int lastpos)
+{
+    return (X509v3_get_ext_by_OBJ(x->singleExtensions, obj, lastpos));
+}
+
+int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit,
+                                        int lastpos)
+{
+    return (X509v3_get_ext_by_critical(x->singleExtensions, crit, lastpos));
+}
+
+X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc)
+{
+    return (X509v3_get_ext(x->singleExtensions, loc));
+}
+
+X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc)
+{
+    return (X509v3_delete_ext(x->singleExtensions, loc));
+}
+
+void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit,
+                                   int *idx)
+{
+    return X509V3_get_d2i(x->singleExtensions, nid, crit, idx);
+}
+
+int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value,
+                                 int crit, unsigned long flags)
+{
+    return X509V3_add1_i2d(&x->singleExtensions, nid, value, crit, flags);
+}
+
+int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc)
+{
+    return (X509v3_add_ext(&(x->singleExtensions), ex, loc) != NULL);
+}
+
+/* also CRL Entry Extensions */
+#if 0
+ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d,
+                                void *data, STACK_OF(ASN1_OBJECT) *sk)
+{
+    int i;
+    unsigned char *p, *b = NULL;
+
+    if (data) {
+        if ((i = i2d(data, NULL)) <= 0)
+            goto err;
+        if (!(b = p = OPENSSL_malloc((unsigned int)i)))
+            goto err;
+        if (i2d(data, &p) <= 0)
+            goto err;
+    } else if (sk) {
+        if ((i = i2d_ASN1_SET_OF_ASN1_OBJECT(sk, NULL,
+                                             (I2D_OF(ASN1_OBJECT)) i2d,
+                                             V_ASN1_SEQUENCE,
+                                             V_ASN1_UNIVERSAL,
+                                             IS_SEQUENCE)) <= 0)
+             goto err;
+        if (!(b = p = OPENSSL_malloc((unsigned int)i)))
+            goto err;
+        if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk, &p, (I2D_OF(ASN1_OBJECT)) i2d,
+                                        V_ASN1_SEQUENCE,
+                                        V_ASN1_UNIVERSAL, IS_SEQUENCE) <= 0)
+             goto err;
+    } else {
+        OCSPerr(OCSP_F_ASN1_STRING_ENCODE, OCSP_R_BAD_DATA);
+        goto err;
+    }
+    if (!s && !(s = ASN1_STRING_new()))
+        goto err;
+    if (!(ASN1_STRING_set(s, b, i)))
+        goto err;
+    OPENSSL_free(b);
+    return s;
+ err:
+    if (b)
+        OPENSSL_free(b);
+    return NULL;
+}
+#endif
+
+/* Nonce handling functions */
+
+/*
+ * Add a nonce to an extension stack. A nonce can be specificed or if NULL a
+ * random nonce will be generated. Note: OpenSSL 0.9.7d and later create an
+ * OCTET STRING containing the nonce, previous versions used the raw nonce.
+ */
+
+static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts,
+                           unsigned char *val, int len)
+{
+    unsigned char *tmpval;
+    ASN1_OCTET_STRING os;
+    int ret = 0;
+    if (len <= 0)
+        len = OCSP_DEFAULT_NONCE_LENGTH;
+    /*
+     * Create the OCTET STRING manually by writing out the header and
+     * appending the content octets. This avoids an extra memory allocation
+     * operation in some cases. Applications should *NOT* do this because it
+     * relies on library internals.
+     */
+    os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING);
+    os.data = OPENSSL_malloc(os.length);
+    if (os.data == NULL)
+        goto err;
+    tmpval = os.data;
+    ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL);
+    if (val)
+        memcpy(tmpval, val, len);
+    else if (RAND_bytes(tmpval, len) <= 0)
+        goto err;
+    if (!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce,
+                         &os, 0, X509V3_ADD_REPLACE))
+        goto err;
+    ret = 1;
+ err:
+    if (os.data)
+        OPENSSL_free(os.data);
+    return ret;
+}
+
+/* Add nonce to an OCSP request */
+
+int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len)
+{
+    return ocsp_add1_nonce(&req->tbsRequest->requestExtensions, val, len);
+}
+
+/* Same as above but for a response */
+
+int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len)
+{
+    return ocsp_add1_nonce(&resp->tbsResponseData->responseExtensions, val,
+                           len);
+}
+
+/*-
+ * Check nonce validity in a request and response.
+ * Return value reflects result:
+ *  1: nonces present and equal.
+ *  2: nonces both absent.
+ *  3: nonce present in response only.
+ *  0: nonces both present and not equal.
+ * -1: nonce in request only.
+ *
+ *  For most responders clients can check return > 0.
+ *  If responder doesn't handle nonces return != 0 may be
+ *  necessary. return == 0 is always an error.
+ */
+
+int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs)
+{
+    /*
+     * Since we are only interested in the presence or absence of
+     * the nonce and comparing its value there is no need to use
+     * the X509V3 routines: this way we can avoid them allocating an
+     * ASN1_OCTET_STRING structure for the value which would be
+     * freed immediately anyway.
+     */
+
+    int req_idx, resp_idx;
+    X509_EXTENSION *req_ext, *resp_ext;
+    req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);
+    resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, NID_id_pkix_OCSP_Nonce, -1);
+    /* Check both absent */
+    if ((req_idx < 0) && (resp_idx < 0))
+        return 2;
+    /* Check in request only */
+    if ((req_idx >= 0) && (resp_idx < 0))
+        return -1;
+    /* Check in response but not request */
+    if ((req_idx < 0) && (resp_idx >= 0))
+        return 3;
+    /*
+     * Otherwise nonce in request and response so retrieve the extensions
+     */
+    req_ext = OCSP_REQUEST_get_ext(req, req_idx);
+    resp_ext = OCSP_BASICRESP_get_ext(bs, resp_idx);
+    if (ASN1_OCTET_STRING_cmp(req_ext->value, resp_ext->value))
+        return 0;
+    return 1;
+}
+
+/*
+ * Copy the nonce value (if any) from an OCSP request to a response.
+ */
+
+int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req)
+{
+    X509_EXTENSION *req_ext;
+    int req_idx;
+    /* Check for nonce in request */
+    req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);
+    /* If no nonce that's OK */
+    if (req_idx < 0)
+        return 2;
+    req_ext = OCSP_REQUEST_get_ext(req, req_idx);
+    return OCSP_BASICRESP_add_ext(resp, req_ext, -1);
+}
+
+X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim)
+{
+    X509_EXTENSION *x = NULL;
+    OCSP_CRLID *cid = NULL;
+
+    if (!(cid = OCSP_CRLID_new()))
+        goto err;
+    if (url) {
+        if (!(cid->crlUrl = ASN1_IA5STRING_new()))
+            goto err;
+        if (!(ASN1_STRING_set(cid->crlUrl, url, -1)))
+            goto err;
+    }
+    if (n) {
+        if (!(cid->crlNum = ASN1_INTEGER_new()))
+            goto err;
+        if (!(ASN1_INTEGER_set(cid->crlNum, *n)))
+            goto err;
+    }
+    if (tim) {
+        if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new()))
+            goto err;
+        if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim)))
+            goto err;
+    }
+    x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid);
+ err:
+    if (cid)
+        OCSP_CRLID_free(cid);
+    return x;
+}
+
+/*   AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */
+X509_EXTENSION *OCSP_accept_responses_new(char **oids)
+{
+    int nid;
+    STACK_OF(ASN1_OBJECT) *sk = NULL;
+    ASN1_OBJECT *o = NULL;
+    X509_EXTENSION *x = NULL;
+
+    if (!(sk = sk_ASN1_OBJECT_new_null()))
+        goto err;
+    while (oids && *oids) {
+        if ((nid = OBJ_txt2nid(*oids)) != NID_undef && (o = OBJ_nid2obj(nid)))
+            sk_ASN1_OBJECT_push(sk, o);
+        oids++;
+    }
+    x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk);
+ err:
+    if (sk)
+        sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
+    return x;
+}
+
+/*  ArchiveCutoff ::= GeneralizedTime */
+X509_EXTENSION *OCSP_archive_cutoff_new(char *tim)
+{
+    X509_EXTENSION *x = NULL;
+    ASN1_GENERALIZEDTIME *gt = NULL;
+
+    if (!(gt = ASN1_GENERALIZEDTIME_new()))
+        goto err;
+    if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim)))
+        goto err;
+    x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt);
+ err:
+    if (gt)
+        ASN1_GENERALIZEDTIME_free(gt);
+    return x;
+}
+
+/*
+ * per ACCESS_DESCRIPTION parameter are oids, of which there are currently
+ * two--NID_ad_ocsp, NID_id_ad_caIssuers--and GeneralName value.  This method
+ * forces NID_ad_ocsp and uniformResourceLocator [6] IA5String.
+ */
+X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, char **urls)
+{
+    X509_EXTENSION *x = NULL;
+    ASN1_IA5STRING *ia5 = NULL;
+    OCSP_SERVICELOC *sloc = NULL;
+    ACCESS_DESCRIPTION *ad = NULL;
+
+    if (!(sloc = OCSP_SERVICELOC_new()))
+        goto err;
+    if (!(sloc->issuer = X509_NAME_dup(issuer)))
+        goto err;
+    if (urls && *urls && !(sloc->locator = sk_ACCESS_DESCRIPTION_new_null()))
+        goto err;
+    while (urls && *urls) {
+        if (!(ad = ACCESS_DESCRIPTION_new()))
+            goto err;
+        if (!(ad->method = OBJ_nid2obj(NID_ad_OCSP)))
+            goto err;
+        if (!(ad->location = GENERAL_NAME_new()))
+            goto err;
+        if (!(ia5 = ASN1_IA5STRING_new()))
+            goto err;
+        if (!ASN1_STRING_set((ASN1_STRING *)ia5, *urls, -1))
+            goto err;
+        ad->location->type = GEN_URI;
+        ad->location->d.ia5 = ia5;
+        if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad))
+            goto err;
+        urls++;
+    }
+    x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc);
+ err:
+    if (sloc)
+        OCSP_SERVICELOC_free(sloc);
+    return x;
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/opensslconf.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/opensslconf.h	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/opensslconf.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,241 +0,0 @@
-/* opensslconf.h */
-/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-/* OpenSSL was configured with the following options: */
-#ifndef OPENSSL_DOING_MAKEDEPEND
-
-
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-# define OPENSSL_NO_EC_NISTP_64_GCC_128
-#endif
-#ifndef OPENSSL_NO_GMP
-# define OPENSSL_NO_GMP
-#endif
-#ifndef OPENSSL_NO_JPAKE
-# define OPENSSL_NO_JPAKE
-#endif
-#ifndef OPENSSL_NO_KRB5
-# define OPENSSL_NO_KRB5
-#endif
-#ifndef OPENSSL_NO_MD2
-# define OPENSSL_NO_MD2
-#endif
-#ifndef OPENSSL_NO_RC5
-# define OPENSSL_NO_RC5
-#endif
-#ifndef OPENSSL_NO_RFC3779
-# define OPENSSL_NO_RFC3779
-#endif
-#ifndef OPENSSL_NO_SCTP
-# define OPENSSL_NO_SCTP
-#endif
-#ifndef OPENSSL_NO_STORE
-# define OPENSSL_NO_STORE
-#endif
-#ifndef OPENSSL_NO_UNIT_TEST
-# define OPENSSL_NO_UNIT_TEST
-#endif
-
-#endif /* OPENSSL_DOING_MAKEDEPEND */
-
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-# define OPENSSL_NO_DYNAMIC_ENGINE
-#endif
-
-/* The OPENSSL_NO_* macros are also defined as NO_* if the application
-   asks for it.  This is a transient feature that is provided for those
-   who haven't had the time to do the appropriate changes in their
-   applications.  */
-#ifdef OPENSSL_ALGORITHM_DEFINES
-# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
-#  define NO_EC_NISTP_64_GCC_128
-# endif
-# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
-#  define NO_GMP
-# endif
-# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
-#  define NO_JPAKE
-# endif
-# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
-#  define NO_KRB5
-# endif
-# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
-#  define NO_MD2
-# endif
-# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
-#  define NO_RC5
-# endif
-# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
-#  define NO_RFC3779
-# endif
-# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
-#  define NO_SCTP
-# endif
-# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
-#  define NO_STORE
-# endif
-# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
-#  define NO_UNIT_TEST
-# endif
-#endif
-
-/* crypto/opensslconf.h.in */
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/local/ssl/lib/engines"
-#define OPENSSLDIR "/usr/local/ssl"
-#endif
-#endif
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <unistd.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned int
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#undef RC4_CHUNK
-#endif
-#endif
-
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned long
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-#define CONFIG_HEADER_BN_H
-#undef BN_LLONG
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-#undef SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#define THIRTY_TWO_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#undef RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#undef BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#undef DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#undef DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-#error YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#undef DES_UNROLL
-#endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001 at cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
- 
-#if defined( __sun ) || defined ( sun )		/* Newer Sparc's */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#elif defined( __ultrix )	/* Older MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( __osf1__ )	/* Alpha */
-#  define DES_PTR
-#  define DES_RISC2
-#elif defined ( _AIX )		/* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )		/* HP-PA */
-  /* Unknown */
-#elif defined( __aux )		/* 68K */
-  /* Unknown */
-#elif defined( __dgux )		/* 88K (but P6 in latest boxes) */
-#  define DES_UNROLL
-#elif defined( __sgi )		/* Newer MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined(i386) || defined(__i386__)	/* x86 boxes, should be gcc */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#endif /* Systems-specific speed defines */
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
-#endif /* HEADER_DES_LOCL_H */
-#ifdef  __cplusplus
-}
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/opensslconf.h (from rev 11605, vendor-crypto/openssl/dist/crypto/opensslconf.h)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/opensslconf.h	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/opensslconf.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,253 @@
+/* opensslconf.h */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+/* OpenSSL was configured with the following options: */
+#ifndef OPENSSL_DOING_MAKEDEPEND
+
+
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_GMP
+# define OPENSSL_NO_GMP
+#endif
+#ifndef OPENSSL_NO_JPAKE
+# define OPENSSL_NO_JPAKE
+#endif
+#ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RFC3779
+# define OPENSSL_NO_RFC3779
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SSL2
+# define OPENSSL_NO_SSL2
+#endif
+#ifndef OPENSSL_NO_STORE
+# define OPENSSL_NO_STORE
+#endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+# define OPENSSL_NO_WEAK_SSL_CIPHERS
+#endif
+
+#endif /* OPENSSL_DOING_MAKEDEPEND */
+
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+   asks for it.  This is a transient feature that is provided for those
+   who haven't had the time to do the appropriate changes in their
+   applications.  */
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
+#  define NO_EC_NISTP_64_GCC_128
+# endif
+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
+#  define NO_GMP
+# endif
+# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
+#  define NO_JPAKE
+# endif
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+#  define NO_KRB5
+# endif
+# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
+#  define NO_MD2
+# endif
+# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
+#  define NO_RC5
+# endif
+# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
+#  define NO_RFC3779
+# endif
+# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
+#  define NO_SCTP
+# endif
+# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
+#  define NO_SSL2
+# endif
+# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
+#  define NO_STORE
+# endif
+# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
+#  define NO_UNIT_TEST
+# endif
+# if defined(OPENSSL_NO_WEAK_SSL_CIPHERS) && !defined(NO_WEAK_SSL_CIPHERS)
+#  define NO_WEAK_SSL_CIPHERS
+# endif
+#endif
+
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define ENGINESDIR "/usr/local/ssl/lib/engines"
+#define OPENSSLDIR "/usr/local/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned long
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#undef BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#undef RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+#error YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#undef DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001 at cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( __sun ) || defined ( sun )		/* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )	/* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )	/* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )		/* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )		/* HP-PA */
+  /* Unknown */
+#elif defined( __aux )		/* 68K */
+  /* Unknown */
+#elif defined( __dgux )		/* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )		/* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)	/* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
+#ifdef  __cplusplus
+}
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/opensslv.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/opensslv.h	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/opensslv.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,97 +0,0 @@
-#ifndef HEADER_OPENSSLV_H
-# define HEADER_OPENSSLV_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/*-
- * Numeric release version identifier:
- * MNNFFPPS: major minor fix patch status
- * The status nibble has one of the values 0 for development, 1 to e for betas
- * 1 to 14, and f for release.  The patch level is exactly that.
- * For example:
- * 0.9.3-dev      0x00903000
- * 0.9.3-beta1    0x00903001
- * 0.9.3-beta2-dev 0x00903002
- * 0.9.3-beta2    0x00903002 (same as ...beta2-dev)
- * 0.9.3          0x0090300f
- * 0.9.3a         0x0090301f
- * 0.9.4          0x0090400f
- * 1.2.3z         0x102031af
- *
- * For continuity reasons (because 0.9.5 is already out, and is coded
- * 0x00905100), between 0.9.5 and 0.9.6 the coding of the patch level
- * part is slightly different, by setting the highest bit.  This means
- * that 0.9.5a looks like this: 0x0090581f.  At 0.9.6, we can start
- * with 0x0090600S...
- *
- * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.)
- * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
- *  major minor fix final patch/beta)
- */
-# define OPENSSL_VERSION_NUMBER  0x1000111fL
-# ifdef OPENSSL_FIPS
-#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.1q-fips 3 Dec 2015"
-# else
-#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.1q 3 Dec 2015"
-# endif
-# define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT
-
-/*-
- * The macros below are to be used for shared library (.so, .dll, ...)
- * versioning.  That kind of versioning works a bit differently between
- * operating systems.  The most usual scheme is to set a major and a minor
- * number, and have the runtime loader check that the major number is equal
- * to what it was at application link time, while the minor number has to
- * be greater or equal to what it was at application link time.  With this
- * scheme, the version number is usually part of the file name, like this:
- *
- *      libcrypto.so.0.9
- *
- * Some unixen also make a softlink with the major verson number only:
- *
- *      libcrypto.so.0
- *
- * On Tru64 and IRIX 6.x it works a little bit differently.  There, the
- * shared library version is stored in the file, and is actually a series
- * of versions, separated by colons.  The rightmost version present in the
- * library when linking an application is stored in the application to be
- * matched at run time.  When the application is run, a check is done to
- * see if the library version stored in the application matches any of the
- * versions in the version string of the library itself.
- * This version string can be constructed in any way, depending on what
- * kind of matching is desired.  However, to implement the same scheme as
- * the one used in the other unixen, all compatible versions, from lowest
- * to highest, should be part of the string.  Consecutive builds would
- * give the following versions strings:
- *
- *      3.0
- *      3.0:3.1
- *      3.0:3.1:3.2
- *      4.0
- *      4.0:4.1
- *
- * Notice how version 4 is completely incompatible with version, and
- * therefore give the breach you can see.
- *
- * There may be other schemes as well that I haven't yet discovered.
- *
- * So, here's the way it works here: first of all, the library version
- * number doesn't need at all to match the overall OpenSSL version.
- * However, it's nice and more understandable if it actually does.
- * The current library version is stored in the macro SHLIB_VERSION_NUMBER,
- * which is just a piece of text in the format "M.m.e" (Major, minor, edit).
- * For the sake of Tru64, IRIX, and any other OS that behaves in similar ways,
- * we need to keep a history of version numbers, which is done in the
- * macro SHLIB_VERSION_HISTORY.  The numbers are separated by colons and
- * should only keep the versions that are binary compatible with the current.
- */
-# define SHLIB_VERSION_HISTORY ""
-# define SHLIB_VERSION_NUMBER "1.0.0"
-
-
-#ifdef  __cplusplus
-}
-#endif
-#endif                          /* HEADER_OPENSSLV_H */

Copied: vendor-crypto/openssl/1.0.1u/crypto/opensslv.h (from rev 11605, vendor-crypto/openssl/dist/crypto/opensslv.h)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/opensslv.h	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/opensslv.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,97 @@
+#ifndef HEADER_OPENSSLV_H
+# define HEADER_OPENSSLV_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*-
+ * Numeric release version identifier:
+ * MNNFFPPS: major minor fix patch status
+ * The status nibble has one of the values 0 for development, 1 to e for betas
+ * 1 to 14, and f for release.  The patch level is exactly that.
+ * For example:
+ * 0.9.3-dev      0x00903000
+ * 0.9.3-beta1    0x00903001
+ * 0.9.3-beta2-dev 0x00903002
+ * 0.9.3-beta2    0x00903002 (same as ...beta2-dev)
+ * 0.9.3          0x0090300f
+ * 0.9.3a         0x0090301f
+ * 0.9.4          0x0090400f
+ * 1.2.3z         0x102031af
+ *
+ * For continuity reasons (because 0.9.5 is already out, and is coded
+ * 0x00905100), between 0.9.5 and 0.9.6 the coding of the patch level
+ * part is slightly different, by setting the highest bit.  This means
+ * that 0.9.5a looks like this: 0x0090581f.  At 0.9.6, we can start
+ * with 0x0090600S...
+ *
+ * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.)
+ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
+ *  major minor fix final patch/beta)
+ */
+# define OPENSSL_VERSION_NUMBER  0x1000115fL
+# ifdef OPENSSL_FIPS
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.1u-fips  22 Sep 2016"
+# else
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.1u  22 Sep 2016"
+# endif
+# define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT
+
+/*-
+ * The macros below are to be used for shared library (.so, .dll, ...)
+ * versioning.  That kind of versioning works a bit differently between
+ * operating systems.  The most usual scheme is to set a major and a minor
+ * number, and have the runtime loader check that the major number is equal
+ * to what it was at application link time, while the minor number has to
+ * be greater or equal to what it was at application link time.  With this
+ * scheme, the version number is usually part of the file name, like this:
+ *
+ *      libcrypto.so.0.9
+ *
+ * Some unixen also make a softlink with the major verson number only:
+ *
+ *      libcrypto.so.0
+ *
+ * On Tru64 and IRIX 6.x it works a little bit differently.  There, the
+ * shared library version is stored in the file, and is actually a series
+ * of versions, separated by colons.  The rightmost version present in the
+ * library when linking an application is stored in the application to be
+ * matched at run time.  When the application is run, a check is done to
+ * see if the library version stored in the application matches any of the
+ * versions in the version string of the library itself.
+ * This version string can be constructed in any way, depending on what
+ * kind of matching is desired.  However, to implement the same scheme as
+ * the one used in the other unixen, all compatible versions, from lowest
+ * to highest, should be part of the string.  Consecutive builds would
+ * give the following versions strings:
+ *
+ *      3.0
+ *      3.0:3.1
+ *      3.0:3.1:3.2
+ *      4.0
+ *      4.0:4.1
+ *
+ * Notice how version 4 is completely incompatible with version, and
+ * therefore give the breach you can see.
+ *
+ * There may be other schemes as well that I haven't yet discovered.
+ *
+ * So, here's the way it works here: first of all, the library version
+ * number doesn't need at all to match the overall OpenSSL version.
+ * However, it's nice and more understandable if it actually does.
+ * The current library version is stored in the macro SHLIB_VERSION_NUMBER,
+ * which is just a piece of text in the format "M.m.e" (Major, minor, edit).
+ * For the sake of Tru64, IRIX, and any other OS that behaves in similar ways,
+ * we need to keep a history of version numbers, which is done in the
+ * macro SHLIB_VERSION_HISTORY.  The numbers are separated by colons and
+ * should only keep the versions that are binary compatible with the current.
+ */
+# define SHLIB_VERSION_HISTORY ""
+# define SHLIB_VERSION_NUMBER "1.0.0"
+
+
+#ifdef  __cplusplus
+}
+#endif
+#endif                          /* HEADER_OPENSSLV_H */

Deleted: vendor-crypto/openssl/1.0.1u/crypto/pem/pem.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/pem/pem.h	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/pem/pem.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,611 +0,0 @@
-/* crypto/pem/pem.h */
-/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_PEM_H
-# define HEADER_PEM_H
-
-# include <openssl/e_os2.h>
-# ifndef OPENSSL_NO_BIO
-#  include <openssl/bio.h>
-# endif
-# ifndef OPENSSL_NO_STACK
-#  include <openssl/stack.h>
-# endif
-# include <openssl/evp.h>
-# include <openssl/x509.h>
-# include <openssl/pem2.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-# define PEM_BUFSIZE             1024
-
-# define PEM_OBJ_UNDEF           0
-# define PEM_OBJ_X509            1
-# define PEM_OBJ_X509_REQ        2
-# define PEM_OBJ_CRL             3
-# define PEM_OBJ_SSL_SESSION     4
-# define PEM_OBJ_PRIV_KEY        10
-# define PEM_OBJ_PRIV_RSA        11
-# define PEM_OBJ_PRIV_DSA        12
-# define PEM_OBJ_PRIV_DH         13
-# define PEM_OBJ_PUB_RSA         14
-# define PEM_OBJ_PUB_DSA         15
-# define PEM_OBJ_PUB_DH          16
-# define PEM_OBJ_DHPARAMS        17
-# define PEM_OBJ_DSAPARAMS       18
-# define PEM_OBJ_PRIV_RSA_PUBLIC 19
-# define PEM_OBJ_PRIV_ECDSA      20
-# define PEM_OBJ_PUB_ECDSA       21
-# define PEM_OBJ_ECPARAMETERS    22
-
-# define PEM_ERROR               30
-# define PEM_DEK_DES_CBC         40
-# define PEM_DEK_IDEA_CBC        45
-# define PEM_DEK_DES_EDE         50
-# define PEM_DEK_DES_ECB         60
-# define PEM_DEK_RSA             70
-# define PEM_DEK_RSA_MD2         80
-# define PEM_DEK_RSA_MD5         90
-
-# define PEM_MD_MD2              NID_md2
-# define PEM_MD_MD5              NID_md5
-# define PEM_MD_SHA              NID_sha
-# define PEM_MD_MD2_RSA          NID_md2WithRSAEncryption
-# define PEM_MD_MD5_RSA          NID_md5WithRSAEncryption
-# define PEM_MD_SHA_RSA          NID_sha1WithRSAEncryption
-
-# define PEM_STRING_X509_OLD     "X509 CERTIFICATE"
-# define PEM_STRING_X509         "CERTIFICATE"
-# define PEM_STRING_X509_PAIR    "CERTIFICATE PAIR"
-# define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE"
-# define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST"
-# define PEM_STRING_X509_REQ     "CERTIFICATE REQUEST"
-# define PEM_STRING_X509_CRL     "X509 CRL"
-# define PEM_STRING_EVP_PKEY     "ANY PRIVATE KEY"
-# define PEM_STRING_PUBLIC       "PUBLIC KEY"
-# define PEM_STRING_RSA          "RSA PRIVATE KEY"
-# define PEM_STRING_RSA_PUBLIC   "RSA PUBLIC KEY"
-# define PEM_STRING_DSA          "DSA PRIVATE KEY"
-# define PEM_STRING_DSA_PUBLIC   "DSA PUBLIC KEY"
-# define PEM_STRING_PKCS7        "PKCS7"
-# define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA"
-# define PEM_STRING_PKCS8        "ENCRYPTED PRIVATE KEY"
-# define PEM_STRING_PKCS8INF     "PRIVATE KEY"
-# define PEM_STRING_DHPARAMS     "DH PARAMETERS"
-# define PEM_STRING_SSL_SESSION  "SSL SESSION PARAMETERS"
-# define PEM_STRING_DSAPARAMS    "DSA PARAMETERS"
-# define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY"
-# define PEM_STRING_ECPARAMETERS "EC PARAMETERS"
-# define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
-# define PEM_STRING_PARAMETERS   "PARAMETERS"
-# define PEM_STRING_CMS          "CMS"
-
-  /*
-   * Note that this structure is initialised by PEM_SealInit and cleaned up
-   * by PEM_SealFinal (at least for now)
-   */
-typedef struct PEM_Encode_Seal_st {
-    EVP_ENCODE_CTX encode;
-    EVP_MD_CTX md;
-    EVP_CIPHER_CTX cipher;
-} PEM_ENCODE_SEAL_CTX;
-
-/* enc_type is one off */
-# define PEM_TYPE_ENCRYPTED      10
-# define PEM_TYPE_MIC_ONLY       20
-# define PEM_TYPE_MIC_CLEAR      30
-# define PEM_TYPE_CLEAR          40
-
-typedef struct pem_recip_st {
-    char *name;
-    X509_NAME *dn;
-    int cipher;
-    int key_enc;
-    /*      char iv[8]; unused and wrong size */
-} PEM_USER;
-
-typedef struct pem_ctx_st {
-    int type;                   /* what type of object */
-    struct {
-        int version;
-        int mode;
-    } proc_type;
-
-    char *domain;
-
-    struct {
-        int cipher;
-        /*-
-        unused, and wrong size
-        unsigned char iv[8]; */
-    } DEK_info;
-
-    PEM_USER *originator;
-
-    int num_recipient;
-    PEM_USER **recipient;
-
-/*-
-    XXX(ben): don#t think this is used!
-        STACK *x509_chain;      / * certificate chain */
-    EVP_MD *md;                 /* signature type */
-
-    int md_enc;                 /* is the md encrypted or not? */
-    int md_len;                 /* length of md_data */
-    char *md_data;              /* message digest, could be pkey encrypted */
-
-    EVP_CIPHER *dec;            /* date encryption cipher */
-    int key_len;                /* key length */
-    unsigned char *key;         /* key */
-  /*-
-    unused, and wrong size
-    unsigned char iv[8]; */
-
-    int data_enc;               /* is the data encrypted */
-    int data_len;
-    unsigned char *data;
-} PEM_CTX;
-
-/*
- * These macros make the PEM_read/PEM_write functions easier to maintain and
- * write. Now they are all implemented with either: IMPLEMENT_PEM_rw(...) or
- * IMPLEMENT_PEM_rw_cb(...)
- */
-
-# ifdef OPENSSL_NO_FP_API
-
-#  define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/
-#  define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/
-#  define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/
-#  define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/
-#  define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/
-# else
-
-#  define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \
-type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\
-{ \
-return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \
-}
-
-#  define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \
-int PEM_write_##name(FILE *fp, type *x) \
-{ \
-return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL); \
-}
-
-#  define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \
-int PEM_write_##name(FILE *fp, const type *x) \
-{ \
-return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,(void *)x,NULL,NULL,0,NULL,NULL); \
-}
-
-#  define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \
-int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
-             unsigned char *kstr, int klen, pem_password_cb *cb, \
-                  void *u) \
-        { \
-        return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \
-        }
-
-#  define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \
-int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
-             unsigned char *kstr, int klen, pem_password_cb *cb, \
-                  void *u) \
-        { \
-        return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \
-        }
-
-# endif
-
-# define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
-type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\
-{ \
-return PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str,bp,(void **)x,cb,u); \
-}
-
-# define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
-int PEM_write_bio_##name(BIO *bp, type *x) \
-{ \
-return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL); \
-}
-
-# define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
-int PEM_write_bio_##name(BIO *bp, const type *x) \
-{ \
-return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,NULL,NULL,0,NULL,NULL); \
-}
-
-# define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
-int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
-             unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
-        { \
-        return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u); \
-        }
-
-# define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
-int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
-             unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
-        { \
-        return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,enc,kstr,klen,cb,u); \
-        }
-
-# define IMPLEMENT_PEM_write(name, type, str, asn1) \
-        IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
-        IMPLEMENT_PEM_write_fp(name, type, str, asn1)
-
-# define IMPLEMENT_PEM_write_const(name, type, str, asn1) \
-        IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
-        IMPLEMENT_PEM_write_fp_const(name, type, str, asn1)
-
-# define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \
-        IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
-        IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1)
-
-# define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \
-        IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
-        IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1)
-
-# define IMPLEMENT_PEM_read(name, type, str, asn1) \
-        IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
-        IMPLEMENT_PEM_read_fp(name, type, str, asn1)
-
-# define IMPLEMENT_PEM_rw(name, type, str, asn1) \
-        IMPLEMENT_PEM_read(name, type, str, asn1) \
-        IMPLEMENT_PEM_write(name, type, str, asn1)
-
-# define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \
-        IMPLEMENT_PEM_read(name, type, str, asn1) \
-        IMPLEMENT_PEM_write_const(name, type, str, asn1)
-
-# define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \
-        IMPLEMENT_PEM_read(name, type, str, asn1) \
-        IMPLEMENT_PEM_write_cb(name, type, str, asn1)
-
-/* These are the same except they are for the declarations */
-
-# if defined(OPENSSL_NO_FP_API)
-
-#  define DECLARE_PEM_read_fp(name, type) /**/
-#  define DECLARE_PEM_write_fp(name, type) /**/
-#  define DECLARE_PEM_write_cb_fp(name, type) /**/
-# else
-
-#  define DECLARE_PEM_read_fp(name, type) \
-        type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u);
-
-#  define DECLARE_PEM_write_fp(name, type) \
-        int PEM_write_##name(FILE *fp, type *x);
-
-#  define DECLARE_PEM_write_fp_const(name, type) \
-        int PEM_write_##name(FILE *fp, const type *x);
-
-#  define DECLARE_PEM_write_cb_fp(name, type) \
-        int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
-             unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
-
-# endif
-
-# ifndef OPENSSL_NO_BIO
-#  define DECLARE_PEM_read_bio(name, type) \
-        type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u);
-
-#  define DECLARE_PEM_write_bio(name, type) \
-        int PEM_write_bio_##name(BIO *bp, type *x);
-
-#  define DECLARE_PEM_write_bio_const(name, type) \
-        int PEM_write_bio_##name(BIO *bp, const type *x);
-
-#  define DECLARE_PEM_write_cb_bio(name, type) \
-        int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
-             unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
-
-# else
-
-#  define DECLARE_PEM_read_bio(name, type) /**/
-#  define DECLARE_PEM_write_bio(name, type) /**/
-#  define DECLARE_PEM_write_bio_const(name, type) /**/
-#  define DECLARE_PEM_write_cb_bio(name, type) /**/
-# endif
-# define DECLARE_PEM_write(name, type) \
-        DECLARE_PEM_write_bio(name, type) \
-        DECLARE_PEM_write_fp(name, type)
-# define DECLARE_PEM_write_const(name, type) \
-        DECLARE_PEM_write_bio_const(name, type) \
-        DECLARE_PEM_write_fp_const(name, type)
-# define DECLARE_PEM_write_cb(name, type) \
-        DECLARE_PEM_write_cb_bio(name, type) \
-        DECLARE_PEM_write_cb_fp(name, type)
-# define DECLARE_PEM_read(name, type) \
-        DECLARE_PEM_read_bio(name, type) \
-        DECLARE_PEM_read_fp(name, type)
-# define DECLARE_PEM_rw(name, type) \
-        DECLARE_PEM_read(name, type) \
-        DECLARE_PEM_write(name, type)
-# define DECLARE_PEM_rw_const(name, type) \
-        DECLARE_PEM_read(name, type) \
-        DECLARE_PEM_write_const(name, type)
-# define DECLARE_PEM_rw_cb(name, type) \
-        DECLARE_PEM_read(name, type) \
-        DECLARE_PEM_write_cb(name, type)
-# if 1
-/* "userdata": new with OpenSSL 0.9.4 */
-typedef int pem_password_cb (char *buf, int size, int rwflag, void *userdata);
-# else
-/* OpenSSL 0.9.3, 0.9.3a */
-typedef int pem_password_cb (char *buf, int size, int rwflag);
-# endif
-
-int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher);
-int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *len,
-                  pem_password_cb *callback, void *u);
-
-# ifndef OPENSSL_NO_BIO
-int PEM_read_bio(BIO *bp, char **name, char **header,
-                 unsigned char **data, long *len);
-int PEM_write_bio(BIO *bp, const char *name, char *hdr, unsigned char *data,
-                  long len);
-int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
-                       const char *name, BIO *bp, pem_password_cb *cb,
-                       void *u);
-void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x,
-                        pem_password_cb *cb, void *u);
-int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x,
-                       const EVP_CIPHER *enc, unsigned char *kstr, int klen,
-                       pem_password_cb *cb, void *u);
-
-STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
-                                            pem_password_cb *cb, void *u);
-int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
-                            unsigned char *kstr, int klen,
-                            pem_password_cb *cd, void *u);
-# endif
-
-int PEM_read(FILE *fp, char **name, char **header,
-             unsigned char **data, long *len);
-int PEM_write(FILE *fp, char *name, char *hdr, unsigned char *data, long len);
-void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
-                    pem_password_cb *cb, void *u);
-int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
-                   void *x, const EVP_CIPHER *enc, unsigned char *kstr,
-                   int klen, pem_password_cb *callback, void *u);
-STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
-                                        pem_password_cb *cb, void *u);
-
-int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
-                 EVP_MD *md_type, unsigned char **ek, int *ekl,
-                 unsigned char *iv, EVP_PKEY **pubk, int npubk);
-void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
-                    unsigned char *in, int inl);
-int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
-                  unsigned char *out, int *outl, EVP_PKEY *priv);
-
-void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type);
-void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt);
-int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
-                  unsigned int *siglen, EVP_PKEY *pkey);
-
-int PEM_def_callback(char *buf, int num, int w, void *key);
-void PEM_proc_type(char *buf, int type);
-void PEM_dek_info(char *buf, const char *type, int len, char *str);
-
-# include <openssl/symhacks.h>
-
-DECLARE_PEM_rw(X509, X509)
-DECLARE_PEM_rw(X509_AUX, X509)
-DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR)
-DECLARE_PEM_rw(X509_REQ, X509_REQ)
-DECLARE_PEM_write(X509_REQ_NEW, X509_REQ)
-DECLARE_PEM_rw(X509_CRL, X509_CRL)
-DECLARE_PEM_rw(PKCS7, PKCS7)
-DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
-DECLARE_PEM_rw(PKCS8, X509_SIG)
-DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
-# ifndef OPENSSL_NO_RSA
-DECLARE_PEM_rw_cb(RSAPrivateKey, RSA)
-DECLARE_PEM_rw_const(RSAPublicKey, RSA)
-DECLARE_PEM_rw(RSA_PUBKEY, RSA)
-# endif
-# ifndef OPENSSL_NO_DSA
-DECLARE_PEM_rw_cb(DSAPrivateKey, DSA)
-DECLARE_PEM_rw(DSA_PUBKEY, DSA)
-DECLARE_PEM_rw_const(DSAparams, DSA)
-# endif
-# ifndef OPENSSL_NO_EC
-DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP)
-DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY)
-DECLARE_PEM_rw(EC_PUBKEY, EC_KEY)
-# endif
-# ifndef OPENSSL_NO_DH
-DECLARE_PEM_rw_const(DHparams, DH)
-# endif
-DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
-DECLARE_PEM_rw(PUBKEY, EVP_PKEY)
-
-int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
-                                      char *kstr, int klen,
-                                      pem_password_cb *cb, void *u);
-int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *,
-                                  char *, int, pem_password_cb *, void *);
-int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
-                            char *kstr, int klen,
-                            pem_password_cb *cb, void *u);
-int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
-                                char *kstr, int klen,
-                                pem_password_cb *cb, void *u);
-EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
-                                  void *u);
-
-int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
-                           char *kstr, int klen,
-                           pem_password_cb *cb, void *u);
-int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
-                               char *kstr, int klen,
-                               pem_password_cb *cb, void *u);
-int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
-                                  char *kstr, int klen,
-                                  pem_password_cb *cb, void *u);
-
-EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
-                                 void *u);
-
-int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
-                              char *kstr, int klen, pem_password_cb *cd,
-                              void *u);
-
-EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
-int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);
-
-EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length);
-EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length);
-EVP_PKEY *b2i_PrivateKey_bio(BIO *in);
-EVP_PKEY *b2i_PublicKey_bio(BIO *in);
-int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk);
-int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk);
-# ifndef OPENSSL_NO_RC4
-EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u);
-int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
-                pem_password_cb *cb, void *u);
-# endif
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_PEM_strings(void);
-
-/* Error codes for the PEM functions. */
-
-/* Function codes. */
-# define PEM_F_B2I_DSS                                    127
-# define PEM_F_B2I_PVK_BIO                                128
-# define PEM_F_B2I_RSA                                    129
-# define PEM_F_CHECK_BITLEN_DSA                           130
-# define PEM_F_CHECK_BITLEN_RSA                           131
-# define PEM_F_D2I_PKCS8PRIVATEKEY_BIO                    120
-# define PEM_F_D2I_PKCS8PRIVATEKEY_FP                     121
-# define PEM_F_DO_B2I                                     132
-# define PEM_F_DO_B2I_BIO                                 133
-# define PEM_F_DO_BLOB_HEADER                             134
-# define PEM_F_DO_PK8PKEY                                 126
-# define PEM_F_DO_PK8PKEY_FP                              125
-# define PEM_F_DO_PVK_BODY                                135
-# define PEM_F_DO_PVK_HEADER                              136
-# define PEM_F_I2B_PVK                                    137
-# define PEM_F_I2B_PVK_BIO                                138
-# define PEM_F_LOAD_IV                                    101
-# define PEM_F_PEM_ASN1_READ                              102
-# define PEM_F_PEM_ASN1_READ_BIO                          103
-# define PEM_F_PEM_ASN1_WRITE                             104
-# define PEM_F_PEM_ASN1_WRITE_BIO                         105
-# define PEM_F_PEM_DEF_CALLBACK                           100
-# define PEM_F_PEM_DO_HEADER                              106
-# define PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY            118
-# define PEM_F_PEM_GET_EVP_CIPHER_INFO                    107
-# define PEM_F_PEM_PK8PKEY                                119
-# define PEM_F_PEM_READ                                   108
-# define PEM_F_PEM_READ_BIO                               109
-# define PEM_F_PEM_READ_BIO_PARAMETERS                    140
-# define PEM_F_PEM_READ_BIO_PRIVATEKEY                    123
-# define PEM_F_PEM_READ_PRIVATEKEY                        124
-# define PEM_F_PEM_SEALFINAL                              110
-# define PEM_F_PEM_SEALINIT                               111
-# define PEM_F_PEM_SIGNFINAL                              112
-# define PEM_F_PEM_WRITE                                  113
-# define PEM_F_PEM_WRITE_BIO                              114
-# define PEM_F_PEM_WRITE_PRIVATEKEY                       139
-# define PEM_F_PEM_X509_INFO_READ                         115
-# define PEM_F_PEM_X509_INFO_READ_BIO                     116
-# define PEM_F_PEM_X509_INFO_WRITE_BIO                    117
-
-/* Reason codes. */
-# define PEM_R_BAD_BASE64_DECODE                          100
-# define PEM_R_BAD_DECRYPT                                101
-# define PEM_R_BAD_END_LINE                               102
-# define PEM_R_BAD_IV_CHARS                               103
-# define PEM_R_BAD_MAGIC_NUMBER                           116
-# define PEM_R_BAD_PASSWORD_READ                          104
-# define PEM_R_BAD_VERSION_NUMBER                         117
-# define PEM_R_BIO_WRITE_FAILURE                          118
-# define PEM_R_CIPHER_IS_NULL                             127
-# define PEM_R_ERROR_CONVERTING_PRIVATE_KEY               115
-# define PEM_R_EXPECTING_PRIVATE_KEY_BLOB                 119
-# define PEM_R_EXPECTING_PUBLIC_KEY_BLOB                  120
-# define PEM_R_INCONSISTENT_HEADER                        121
-# define PEM_R_KEYBLOB_HEADER_PARSE_ERROR                 122
-# define PEM_R_KEYBLOB_TOO_SHORT                          123
-# define PEM_R_NOT_DEK_INFO                               105
-# define PEM_R_NOT_ENCRYPTED                              106
-# define PEM_R_NOT_PROC_TYPE                              107
-# define PEM_R_NO_START_LINE                              108
-# define PEM_R_PROBLEMS_GETTING_PASSWORD                  109
-# define PEM_R_PUBLIC_KEY_NO_RSA                          110
-# define PEM_R_PVK_DATA_TOO_SHORT                         124
-# define PEM_R_PVK_TOO_SHORT                              125
-# define PEM_R_READ_KEY                                   111
-# define PEM_R_SHORT_HEADER                               112
-# define PEM_R_UNSUPPORTED_CIPHER                         113
-# define PEM_R_UNSUPPORTED_ENCRYPTION                     114
-# define PEM_R_UNSUPPORTED_KEY_COMPONENTS                 126
-
-#ifdef  __cplusplus
-}
-#endif
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/pem/pem.h (from rev 11605, vendor-crypto/openssl/dist/crypto/pem/pem.h)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/pem/pem.h	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/pem/pem.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,612 @@
+/* crypto/pem/pem.h */
+/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_PEM_H
+# define HEADER_PEM_H
+
+# include <openssl/e_os2.h>
+# ifndef OPENSSL_NO_BIO
+#  include <openssl/bio.h>
+# endif
+# ifndef OPENSSL_NO_STACK
+#  include <openssl/stack.h>
+# endif
+# include <openssl/evp.h>
+# include <openssl/x509.h>
+# include <openssl/pem2.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# define PEM_BUFSIZE             1024
+
+# define PEM_OBJ_UNDEF           0
+# define PEM_OBJ_X509            1
+# define PEM_OBJ_X509_REQ        2
+# define PEM_OBJ_CRL             3
+# define PEM_OBJ_SSL_SESSION     4
+# define PEM_OBJ_PRIV_KEY        10
+# define PEM_OBJ_PRIV_RSA        11
+# define PEM_OBJ_PRIV_DSA        12
+# define PEM_OBJ_PRIV_DH         13
+# define PEM_OBJ_PUB_RSA         14
+# define PEM_OBJ_PUB_DSA         15
+# define PEM_OBJ_PUB_DH          16
+# define PEM_OBJ_DHPARAMS        17
+# define PEM_OBJ_DSAPARAMS       18
+# define PEM_OBJ_PRIV_RSA_PUBLIC 19
+# define PEM_OBJ_PRIV_ECDSA      20
+# define PEM_OBJ_PUB_ECDSA       21
+# define PEM_OBJ_ECPARAMETERS    22
+
+# define PEM_ERROR               30
+# define PEM_DEK_DES_CBC         40
+# define PEM_DEK_IDEA_CBC        45
+# define PEM_DEK_DES_EDE         50
+# define PEM_DEK_DES_ECB         60
+# define PEM_DEK_RSA             70
+# define PEM_DEK_RSA_MD2         80
+# define PEM_DEK_RSA_MD5         90
+
+# define PEM_MD_MD2              NID_md2
+# define PEM_MD_MD5              NID_md5
+# define PEM_MD_SHA              NID_sha
+# define PEM_MD_MD2_RSA          NID_md2WithRSAEncryption
+# define PEM_MD_MD5_RSA          NID_md5WithRSAEncryption
+# define PEM_MD_SHA_RSA          NID_sha1WithRSAEncryption
+
+# define PEM_STRING_X509_OLD     "X509 CERTIFICATE"
+# define PEM_STRING_X509         "CERTIFICATE"
+# define PEM_STRING_X509_PAIR    "CERTIFICATE PAIR"
+# define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE"
+# define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST"
+# define PEM_STRING_X509_REQ     "CERTIFICATE REQUEST"
+# define PEM_STRING_X509_CRL     "X509 CRL"
+# define PEM_STRING_EVP_PKEY     "ANY PRIVATE KEY"
+# define PEM_STRING_PUBLIC       "PUBLIC KEY"
+# define PEM_STRING_RSA          "RSA PRIVATE KEY"
+# define PEM_STRING_RSA_PUBLIC   "RSA PUBLIC KEY"
+# define PEM_STRING_DSA          "DSA PRIVATE KEY"
+# define PEM_STRING_DSA_PUBLIC   "DSA PUBLIC KEY"
+# define PEM_STRING_PKCS7        "PKCS7"
+# define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA"
+# define PEM_STRING_PKCS8        "ENCRYPTED PRIVATE KEY"
+# define PEM_STRING_PKCS8INF     "PRIVATE KEY"
+# define PEM_STRING_DHPARAMS     "DH PARAMETERS"
+# define PEM_STRING_SSL_SESSION  "SSL SESSION PARAMETERS"
+# define PEM_STRING_DSAPARAMS    "DSA PARAMETERS"
+# define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY"
+# define PEM_STRING_ECPARAMETERS "EC PARAMETERS"
+# define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
+# define PEM_STRING_PARAMETERS   "PARAMETERS"
+# define PEM_STRING_CMS          "CMS"
+
+  /*
+   * Note that this structure is initialised by PEM_SealInit and cleaned up
+   * by PEM_SealFinal (at least for now)
+   */
+typedef struct PEM_Encode_Seal_st {
+    EVP_ENCODE_CTX encode;
+    EVP_MD_CTX md;
+    EVP_CIPHER_CTX cipher;
+} PEM_ENCODE_SEAL_CTX;
+
+/* enc_type is one off */
+# define PEM_TYPE_ENCRYPTED      10
+# define PEM_TYPE_MIC_ONLY       20
+# define PEM_TYPE_MIC_CLEAR      30
+# define PEM_TYPE_CLEAR          40
+
+typedef struct pem_recip_st {
+    char *name;
+    X509_NAME *dn;
+    int cipher;
+    int key_enc;
+    /*      char iv[8]; unused and wrong size */
+} PEM_USER;
+
+typedef struct pem_ctx_st {
+    int type;                   /* what type of object */
+    struct {
+        int version;
+        int mode;
+    } proc_type;
+
+    char *domain;
+
+    struct {
+        int cipher;
+        /*-
+        unused, and wrong size
+        unsigned char iv[8]; */
+    } DEK_info;
+
+    PEM_USER *originator;
+
+    int num_recipient;
+    PEM_USER **recipient;
+
+/*-
+    XXX(ben): don#t think this is used!
+        STACK *x509_chain;      / * certificate chain */
+    EVP_MD *md;                 /* signature type */
+
+    int md_enc;                 /* is the md encrypted or not? */
+    int md_len;                 /* length of md_data */
+    char *md_data;              /* message digest, could be pkey encrypted */
+
+    EVP_CIPHER *dec;            /* date encryption cipher */
+    int key_len;                /* key length */
+    unsigned char *key;         /* key */
+  /*-
+    unused, and wrong size
+    unsigned char iv[8]; */
+
+    int data_enc;               /* is the data encrypted */
+    int data_len;
+    unsigned char *data;
+} PEM_CTX;
+
+/*
+ * These macros make the PEM_read/PEM_write functions easier to maintain and
+ * write. Now they are all implemented with either: IMPLEMENT_PEM_rw(...) or
+ * IMPLEMENT_PEM_rw_cb(...)
+ */
+
+# ifdef OPENSSL_NO_FP_API
+
+#  define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/
+#  define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/
+#  define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/
+#  define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/
+#  define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/
+# else
+
+#  define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \
+type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\
+{ \
+return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \
+}
+
+#  define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \
+int PEM_write_##name(FILE *fp, type *x) \
+{ \
+return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL); \
+}
+
+#  define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \
+int PEM_write_##name(FILE *fp, const type *x) \
+{ \
+return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,(void *)x,NULL,NULL,0,NULL,NULL); \
+}
+
+#  define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \
+int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
+             unsigned char *kstr, int klen, pem_password_cb *cb, \
+                  void *u) \
+        { \
+        return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \
+        }
+
+#  define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \
+int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
+             unsigned char *kstr, int klen, pem_password_cb *cb, \
+                  void *u) \
+        { \
+        return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \
+        }
+
+# endif
+
+# define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
+type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\
+{ \
+return PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str,bp,(void **)x,cb,u); \
+}
+
+# define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
+int PEM_write_bio_##name(BIO *bp, type *x) \
+{ \
+return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL); \
+}
+
+# define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
+int PEM_write_bio_##name(BIO *bp, const type *x) \
+{ \
+return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,NULL,NULL,0,NULL,NULL); \
+}
+
+# define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
+int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
+             unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
+        { \
+        return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u); \
+        }
+
+# define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
+int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
+             unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
+        { \
+        return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,enc,kstr,klen,cb,u); \
+        }
+
+# define IMPLEMENT_PEM_write(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_fp(name, type, str, asn1)
+
+# define IMPLEMENT_PEM_write_const(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_fp_const(name, type, str, asn1)
+
+# define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1)
+
+# define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1)
+
+# define IMPLEMENT_PEM_read(name, type, str, asn1) \
+        IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
+        IMPLEMENT_PEM_read_fp(name, type, str, asn1)
+
+# define IMPLEMENT_PEM_rw(name, type, str, asn1) \
+        IMPLEMENT_PEM_read(name, type, str, asn1) \
+        IMPLEMENT_PEM_write(name, type, str, asn1)
+
+# define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \
+        IMPLEMENT_PEM_read(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_const(name, type, str, asn1)
+
+# define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \
+        IMPLEMENT_PEM_read(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_cb(name, type, str, asn1)
+
+/* These are the same except they are for the declarations */
+
+# if defined(OPENSSL_NO_FP_API)
+
+#  define DECLARE_PEM_read_fp(name, type) /**/
+#  define DECLARE_PEM_write_fp(name, type) /**/
+#  define DECLARE_PEM_write_cb_fp(name, type) /**/
+# else
+
+#  define DECLARE_PEM_read_fp(name, type) \
+        type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u);
+
+#  define DECLARE_PEM_write_fp(name, type) \
+        int PEM_write_##name(FILE *fp, type *x);
+
+#  define DECLARE_PEM_write_fp_const(name, type) \
+        int PEM_write_##name(FILE *fp, const type *x);
+
+#  define DECLARE_PEM_write_cb_fp(name, type) \
+        int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
+             unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
+
+# endif
+
+# ifndef OPENSSL_NO_BIO
+#  define DECLARE_PEM_read_bio(name, type) \
+        type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u);
+
+#  define DECLARE_PEM_write_bio(name, type) \
+        int PEM_write_bio_##name(BIO *bp, type *x);
+
+#  define DECLARE_PEM_write_bio_const(name, type) \
+        int PEM_write_bio_##name(BIO *bp, const type *x);
+
+#  define DECLARE_PEM_write_cb_bio(name, type) \
+        int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
+             unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
+
+# else
+
+#  define DECLARE_PEM_read_bio(name, type) /**/
+#  define DECLARE_PEM_write_bio(name, type) /**/
+#  define DECLARE_PEM_write_bio_const(name, type) /**/
+#  define DECLARE_PEM_write_cb_bio(name, type) /**/
+# endif
+# define DECLARE_PEM_write(name, type) \
+        DECLARE_PEM_write_bio(name, type) \
+        DECLARE_PEM_write_fp(name, type)
+# define DECLARE_PEM_write_const(name, type) \
+        DECLARE_PEM_write_bio_const(name, type) \
+        DECLARE_PEM_write_fp_const(name, type)
+# define DECLARE_PEM_write_cb(name, type) \
+        DECLARE_PEM_write_cb_bio(name, type) \
+        DECLARE_PEM_write_cb_fp(name, type)
+# define DECLARE_PEM_read(name, type) \
+        DECLARE_PEM_read_bio(name, type) \
+        DECLARE_PEM_read_fp(name, type)
+# define DECLARE_PEM_rw(name, type) \
+        DECLARE_PEM_read(name, type) \
+        DECLARE_PEM_write(name, type)
+# define DECLARE_PEM_rw_const(name, type) \
+        DECLARE_PEM_read(name, type) \
+        DECLARE_PEM_write_const(name, type)
+# define DECLARE_PEM_rw_cb(name, type) \
+        DECLARE_PEM_read(name, type) \
+        DECLARE_PEM_write_cb(name, type)
+# if 1
+/* "userdata": new with OpenSSL 0.9.4 */
+typedef int pem_password_cb (char *buf, int size, int rwflag, void *userdata);
+# else
+/* OpenSSL 0.9.3, 0.9.3a */
+typedef int pem_password_cb (char *buf, int size, int rwflag);
+# endif
+
+int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher);
+int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *len,
+                  pem_password_cb *callback, void *u);
+
+# ifndef OPENSSL_NO_BIO
+int PEM_read_bio(BIO *bp, char **name, char **header,
+                 unsigned char **data, long *len);
+int PEM_write_bio(BIO *bp, const char *name, char *hdr, unsigned char *data,
+                  long len);
+int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
+                       const char *name, BIO *bp, pem_password_cb *cb,
+                       void *u);
+void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x,
+                        pem_password_cb *cb, void *u);
+int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x,
+                       const EVP_CIPHER *enc, unsigned char *kstr, int klen,
+                       pem_password_cb *cb, void *u);
+
+STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
+                                            pem_password_cb *cb, void *u);
+int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
+                            unsigned char *kstr, int klen,
+                            pem_password_cb *cd, void *u);
+# endif
+
+int PEM_read(FILE *fp, char **name, char **header,
+             unsigned char **data, long *len);
+int PEM_write(FILE *fp, char *name, char *hdr, unsigned char *data, long len);
+void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
+                    pem_password_cb *cb, void *u);
+int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
+                   void *x, const EVP_CIPHER *enc, unsigned char *kstr,
+                   int klen, pem_password_cb *callback, void *u);
+STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
+                                        pem_password_cb *cb, void *u);
+
+int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
+                 EVP_MD *md_type, unsigned char **ek, int *ekl,
+                 unsigned char *iv, EVP_PKEY **pubk, int npubk);
+void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
+                    unsigned char *in, int inl);
+int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
+                  unsigned char *out, int *outl, EVP_PKEY *priv);
+
+void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type);
+void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt);
+int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
+                  unsigned int *siglen, EVP_PKEY *pkey);
+
+int PEM_def_callback(char *buf, int num, int w, void *key);
+void PEM_proc_type(char *buf, int type);
+void PEM_dek_info(char *buf, const char *type, int len, char *str);
+
+# include <openssl/symhacks.h>
+
+DECLARE_PEM_rw(X509, X509)
+DECLARE_PEM_rw(X509_AUX, X509)
+DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR)
+DECLARE_PEM_rw(X509_REQ, X509_REQ)
+DECLARE_PEM_write(X509_REQ_NEW, X509_REQ)
+DECLARE_PEM_rw(X509_CRL, X509_CRL)
+DECLARE_PEM_rw(PKCS7, PKCS7)
+DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
+DECLARE_PEM_rw(PKCS8, X509_SIG)
+DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
+# ifndef OPENSSL_NO_RSA
+DECLARE_PEM_rw_cb(RSAPrivateKey, RSA)
+DECLARE_PEM_rw_const(RSAPublicKey, RSA)
+DECLARE_PEM_rw(RSA_PUBKEY, RSA)
+# endif
+# ifndef OPENSSL_NO_DSA
+DECLARE_PEM_rw_cb(DSAPrivateKey, DSA)
+DECLARE_PEM_rw(DSA_PUBKEY, DSA)
+DECLARE_PEM_rw_const(DSAparams, DSA)
+# endif
+# ifndef OPENSSL_NO_EC
+DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP)
+DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY)
+DECLARE_PEM_rw(EC_PUBKEY, EC_KEY)
+# endif
+# ifndef OPENSSL_NO_DH
+DECLARE_PEM_rw_const(DHparams, DH)
+# endif
+DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
+DECLARE_PEM_rw(PUBKEY, EVP_PKEY)
+
+int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
+                                      char *kstr, int klen,
+                                      pem_password_cb *cb, void *u);
+int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *,
+                                  char *, int, pem_password_cb *, void *);
+int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                            char *kstr, int klen,
+                            pem_password_cb *cb, void *u);
+int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
+                                char *kstr, int klen,
+                                pem_password_cb *cb, void *u);
+EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
+                                  void *u);
+
+int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                           char *kstr, int klen,
+                           pem_password_cb *cb, void *u);
+int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
+                               char *kstr, int klen,
+                               pem_password_cb *cb, void *u);
+int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u);
+
+EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
+                                 void *u);
+
+int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                              char *kstr, int klen, pem_password_cb *cd,
+                              void *u);
+
+EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
+int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);
+
+EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length);
+EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length);
+EVP_PKEY *b2i_PrivateKey_bio(BIO *in);
+EVP_PKEY *b2i_PublicKey_bio(BIO *in);
+int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk);
+int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk);
+# ifndef OPENSSL_NO_RC4
+EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u);
+int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
+                pem_password_cb *cb, void *u);
+# endif
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_PEM_strings(void);
+
+/* Error codes for the PEM functions. */
+
+/* Function codes. */
+# define PEM_F_B2I_DSS                                    127
+# define PEM_F_B2I_PVK_BIO                                128
+# define PEM_F_B2I_RSA                                    129
+# define PEM_F_CHECK_BITLEN_DSA                           130
+# define PEM_F_CHECK_BITLEN_RSA                           131
+# define PEM_F_D2I_PKCS8PRIVATEKEY_BIO                    120
+# define PEM_F_D2I_PKCS8PRIVATEKEY_FP                     121
+# define PEM_F_DO_B2I                                     132
+# define PEM_F_DO_B2I_BIO                                 133
+# define PEM_F_DO_BLOB_HEADER                             134
+# define PEM_F_DO_PK8PKEY                                 126
+# define PEM_F_DO_PK8PKEY_FP                              125
+# define PEM_F_DO_PVK_BODY                                135
+# define PEM_F_DO_PVK_HEADER                              136
+# define PEM_F_I2B_PVK                                    137
+# define PEM_F_I2B_PVK_BIO                                138
+# define PEM_F_LOAD_IV                                    101
+# define PEM_F_PEM_ASN1_READ                              102
+# define PEM_F_PEM_ASN1_READ_BIO                          103
+# define PEM_F_PEM_ASN1_WRITE                             104
+# define PEM_F_PEM_ASN1_WRITE_BIO                         105
+# define PEM_F_PEM_DEF_CALLBACK                           100
+# define PEM_F_PEM_DO_HEADER                              106
+# define PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY            118
+# define PEM_F_PEM_GET_EVP_CIPHER_INFO                    107
+# define PEM_F_PEM_PK8PKEY                                119
+# define PEM_F_PEM_READ                                   108
+# define PEM_F_PEM_READ_BIO                               109
+# define PEM_F_PEM_READ_BIO_PARAMETERS                    140
+# define PEM_F_PEM_READ_BIO_PRIVATEKEY                    123
+# define PEM_F_PEM_READ_PRIVATEKEY                        124
+# define PEM_F_PEM_SEALFINAL                              110
+# define PEM_F_PEM_SEALINIT                               111
+# define PEM_F_PEM_SIGNFINAL                              112
+# define PEM_F_PEM_WRITE                                  113
+# define PEM_F_PEM_WRITE_BIO                              114
+# define PEM_F_PEM_WRITE_PRIVATEKEY                       139
+# define PEM_F_PEM_X509_INFO_READ                         115
+# define PEM_F_PEM_X509_INFO_READ_BIO                     116
+# define PEM_F_PEM_X509_INFO_WRITE_BIO                    117
+
+/* Reason codes. */
+# define PEM_R_BAD_BASE64_DECODE                          100
+# define PEM_R_BAD_DECRYPT                                101
+# define PEM_R_BAD_END_LINE                               102
+# define PEM_R_BAD_IV_CHARS                               103
+# define PEM_R_BAD_MAGIC_NUMBER                           116
+# define PEM_R_BAD_PASSWORD_READ                          104
+# define PEM_R_BAD_VERSION_NUMBER                         117
+# define PEM_R_BIO_WRITE_FAILURE                          118
+# define PEM_R_CIPHER_IS_NULL                             127
+# define PEM_R_ERROR_CONVERTING_PRIVATE_KEY               115
+# define PEM_R_EXPECTING_PRIVATE_KEY_BLOB                 119
+# define PEM_R_EXPECTING_PUBLIC_KEY_BLOB                  120
+# define PEM_R_HEADER_TOO_LONG                            128
+# define PEM_R_INCONSISTENT_HEADER                        121
+# define PEM_R_KEYBLOB_HEADER_PARSE_ERROR                 122
+# define PEM_R_KEYBLOB_TOO_SHORT                          123
+# define PEM_R_NOT_DEK_INFO                               105
+# define PEM_R_NOT_ENCRYPTED                              106
+# define PEM_R_NOT_PROC_TYPE                              107
+# define PEM_R_NO_START_LINE                              108
+# define PEM_R_PROBLEMS_GETTING_PASSWORD                  109
+# define PEM_R_PUBLIC_KEY_NO_RSA                          110
+# define PEM_R_PVK_DATA_TOO_SHORT                         124
+# define PEM_R_PVK_TOO_SHORT                              125
+# define PEM_R_READ_KEY                                   111
+# define PEM_R_SHORT_HEADER                               112
+# define PEM_R_UNSUPPORTED_CIPHER                         113
+# define PEM_R_UNSUPPORTED_ENCRYPTION                     114
+# define PEM_R_UNSUPPORTED_KEY_COMPONENTS                 126
+
+#ifdef  __cplusplus
+}
+#endif
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/pem/pem_err.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pem/pem_err.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/pem/pem_err.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,166 +0,0 @@
-/* crypto/pem/pem_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_PEM,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_PEM,0,reason)
-
-static ERR_STRING_DATA PEM_str_functs[] = {
-    {ERR_FUNC(PEM_F_B2I_DSS), "B2I_DSS"},
-    {ERR_FUNC(PEM_F_B2I_PVK_BIO), "b2i_PVK_bio"},
-    {ERR_FUNC(PEM_F_B2I_RSA), "B2I_RSA"},
-    {ERR_FUNC(PEM_F_CHECK_BITLEN_DSA), "CHECK_BITLEN_DSA"},
-    {ERR_FUNC(PEM_F_CHECK_BITLEN_RSA), "CHECK_BITLEN_RSA"},
-    {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO), "d2i_PKCS8PrivateKey_bio"},
-    {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP), "d2i_PKCS8PrivateKey_fp"},
-    {ERR_FUNC(PEM_F_DO_B2I), "DO_B2I"},
-    {ERR_FUNC(PEM_F_DO_B2I_BIO), "DO_B2I_BIO"},
-    {ERR_FUNC(PEM_F_DO_BLOB_HEADER), "DO_BLOB_HEADER"},
-    {ERR_FUNC(PEM_F_DO_PK8PKEY), "DO_PK8PKEY"},
-    {ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "DO_PK8PKEY_FP"},
-    {ERR_FUNC(PEM_F_DO_PVK_BODY), "DO_PVK_BODY"},
-    {ERR_FUNC(PEM_F_DO_PVK_HEADER), "DO_PVK_HEADER"},
-    {ERR_FUNC(PEM_F_I2B_PVK), "I2B_PVK"},
-    {ERR_FUNC(PEM_F_I2B_PVK_BIO), "i2b_PVK_bio"},
-    {ERR_FUNC(PEM_F_LOAD_IV), "LOAD_IV"},
-    {ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"},
-    {ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO), "PEM_ASN1_read_bio"},
-    {ERR_FUNC(PEM_F_PEM_ASN1_WRITE), "PEM_ASN1_write"},
-    {ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO), "PEM_ASN1_write_bio"},
-    {ERR_FUNC(PEM_F_PEM_DEF_CALLBACK), "PEM_def_callback"},
-    {ERR_FUNC(PEM_F_PEM_DO_HEADER), "PEM_do_header"},
-    {ERR_FUNC(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY),
-     "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"},
-    {ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO), "PEM_get_EVP_CIPHER_INFO"},
-    {ERR_FUNC(PEM_F_PEM_PK8PKEY), "PEM_PK8PKEY"},
-    {ERR_FUNC(PEM_F_PEM_READ), "PEM_read"},
-    {ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"},
-    {ERR_FUNC(PEM_F_PEM_READ_BIO_PARAMETERS), "PEM_read_bio_Parameters"},
-    {ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY), "PEM_READ_BIO_PRIVATEKEY"},
-    {ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY), "PEM_READ_PRIVATEKEY"},
-    {ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"},
-    {ERR_FUNC(PEM_F_PEM_SEALINIT), "PEM_SealInit"},
-    {ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"},
-    {ERR_FUNC(PEM_F_PEM_WRITE), "PEM_write"},
-    {ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"},
-    {ERR_FUNC(PEM_F_PEM_WRITE_PRIVATEKEY), "PEM_WRITE_PRIVATEKEY"},
-    {ERR_FUNC(PEM_F_PEM_X509_INFO_READ), "PEM_X509_INFO_read"},
-    {ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO), "PEM_X509_INFO_read_bio"},
-    {ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO), "PEM_X509_INFO_write_bio"},
-    {0, NULL}
-};
-
-static ERR_STRING_DATA PEM_str_reasons[] = {
-    {ERR_REASON(PEM_R_BAD_BASE64_DECODE), "bad base64 decode"},
-    {ERR_REASON(PEM_R_BAD_DECRYPT), "bad decrypt"},
-    {ERR_REASON(PEM_R_BAD_END_LINE), "bad end line"},
-    {ERR_REASON(PEM_R_BAD_IV_CHARS), "bad iv chars"},
-    {ERR_REASON(PEM_R_BAD_MAGIC_NUMBER), "bad magic number"},
-    {ERR_REASON(PEM_R_BAD_PASSWORD_READ), "bad password read"},
-    {ERR_REASON(PEM_R_BAD_VERSION_NUMBER), "bad version number"},
-    {ERR_REASON(PEM_R_BIO_WRITE_FAILURE), "bio write failure"},
-    {ERR_REASON(PEM_R_CIPHER_IS_NULL), "cipher is null"},
-    {ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY),
-     "error converting private key"},
-    {ERR_REASON(PEM_R_EXPECTING_PRIVATE_KEY_BLOB),
-     "expecting private key blob"},
-    {ERR_REASON(PEM_R_EXPECTING_PUBLIC_KEY_BLOB),
-     "expecting public key blob"},
-    {ERR_REASON(PEM_R_INCONSISTENT_HEADER), "inconsistent header"},
-    {ERR_REASON(PEM_R_KEYBLOB_HEADER_PARSE_ERROR),
-     "keyblob header parse error"},
-    {ERR_REASON(PEM_R_KEYBLOB_TOO_SHORT), "keyblob too short"},
-    {ERR_REASON(PEM_R_NOT_DEK_INFO), "not dek info"},
-    {ERR_REASON(PEM_R_NOT_ENCRYPTED), "not encrypted"},
-    {ERR_REASON(PEM_R_NOT_PROC_TYPE), "not proc type"},
-    {ERR_REASON(PEM_R_NO_START_LINE), "no start line"},
-    {ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD),
-     "problems getting password"},
-    {ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA), "public key no rsa"},
-    {ERR_REASON(PEM_R_PVK_DATA_TOO_SHORT), "pvk data too short"},
-    {ERR_REASON(PEM_R_PVK_TOO_SHORT), "pvk too short"},
-    {ERR_REASON(PEM_R_READ_KEY), "read key"},
-    {ERR_REASON(PEM_R_SHORT_HEADER), "short header"},
-    {ERR_REASON(PEM_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
-    {ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION), "unsupported encryption"},
-    {ERR_REASON(PEM_R_UNSUPPORTED_KEY_COMPONENTS),
-     "unsupported key components"},
-    {0, NULL}
-};
-
-#endif
-
-void ERR_load_PEM_strings(void)
-{
-#ifndef OPENSSL_NO_ERR
-
-    if (ERR_func_error_string(PEM_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, PEM_str_functs);
-        ERR_load_strings(0, PEM_str_reasons);
-    }
-#endif
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/pem/pem_err.c (from rev 11605, vendor-crypto/openssl/dist/crypto/pem/pem_err.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/pem/pem_err.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/pem/pem_err.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,167 @@
+/* crypto/pem/pem_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2016 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_PEM,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_PEM,0,reason)
+
+static ERR_STRING_DATA PEM_str_functs[] = {
+    {ERR_FUNC(PEM_F_B2I_DSS), "B2I_DSS"},
+    {ERR_FUNC(PEM_F_B2I_PVK_BIO), "b2i_PVK_bio"},
+    {ERR_FUNC(PEM_F_B2I_RSA), "B2I_RSA"},
+    {ERR_FUNC(PEM_F_CHECK_BITLEN_DSA), "CHECK_BITLEN_DSA"},
+    {ERR_FUNC(PEM_F_CHECK_BITLEN_RSA), "CHECK_BITLEN_RSA"},
+    {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO), "d2i_PKCS8PrivateKey_bio"},
+    {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP), "d2i_PKCS8PrivateKey_fp"},
+    {ERR_FUNC(PEM_F_DO_B2I), "DO_B2I"},
+    {ERR_FUNC(PEM_F_DO_B2I_BIO), "DO_B2I_BIO"},
+    {ERR_FUNC(PEM_F_DO_BLOB_HEADER), "DO_BLOB_HEADER"},
+    {ERR_FUNC(PEM_F_DO_PK8PKEY), "DO_PK8PKEY"},
+    {ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "DO_PK8PKEY_FP"},
+    {ERR_FUNC(PEM_F_DO_PVK_BODY), "DO_PVK_BODY"},
+    {ERR_FUNC(PEM_F_DO_PVK_HEADER), "DO_PVK_HEADER"},
+    {ERR_FUNC(PEM_F_I2B_PVK), "I2B_PVK"},
+    {ERR_FUNC(PEM_F_I2B_PVK_BIO), "i2b_PVK_bio"},
+    {ERR_FUNC(PEM_F_LOAD_IV), "LOAD_IV"},
+    {ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"},
+    {ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO), "PEM_ASN1_read_bio"},
+    {ERR_FUNC(PEM_F_PEM_ASN1_WRITE), "PEM_ASN1_write"},
+    {ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO), "PEM_ASN1_write_bio"},
+    {ERR_FUNC(PEM_F_PEM_DEF_CALLBACK), "PEM_def_callback"},
+    {ERR_FUNC(PEM_F_PEM_DO_HEADER), "PEM_do_header"},
+    {ERR_FUNC(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY),
+     "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"},
+    {ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO), "PEM_get_EVP_CIPHER_INFO"},
+    {ERR_FUNC(PEM_F_PEM_PK8PKEY), "PEM_PK8PKEY"},
+    {ERR_FUNC(PEM_F_PEM_READ), "PEM_read"},
+    {ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"},
+    {ERR_FUNC(PEM_F_PEM_READ_BIO_PARAMETERS), "PEM_read_bio_Parameters"},
+    {ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY), "PEM_READ_BIO_PRIVATEKEY"},
+    {ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY), "PEM_READ_PRIVATEKEY"},
+    {ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"},
+    {ERR_FUNC(PEM_F_PEM_SEALINIT), "PEM_SealInit"},
+    {ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"},
+    {ERR_FUNC(PEM_F_PEM_WRITE), "PEM_write"},
+    {ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"},
+    {ERR_FUNC(PEM_F_PEM_WRITE_PRIVATEKEY), "PEM_WRITE_PRIVATEKEY"},
+    {ERR_FUNC(PEM_F_PEM_X509_INFO_READ), "PEM_X509_INFO_read"},
+    {ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO), "PEM_X509_INFO_read_bio"},
+    {ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO), "PEM_X509_INFO_write_bio"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA PEM_str_reasons[] = {
+    {ERR_REASON(PEM_R_BAD_BASE64_DECODE), "bad base64 decode"},
+    {ERR_REASON(PEM_R_BAD_DECRYPT), "bad decrypt"},
+    {ERR_REASON(PEM_R_BAD_END_LINE), "bad end line"},
+    {ERR_REASON(PEM_R_BAD_IV_CHARS), "bad iv chars"},
+    {ERR_REASON(PEM_R_BAD_MAGIC_NUMBER), "bad magic number"},
+    {ERR_REASON(PEM_R_BAD_PASSWORD_READ), "bad password read"},
+    {ERR_REASON(PEM_R_BAD_VERSION_NUMBER), "bad version number"},
+    {ERR_REASON(PEM_R_BIO_WRITE_FAILURE), "bio write failure"},
+    {ERR_REASON(PEM_R_CIPHER_IS_NULL), "cipher is null"},
+    {ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY),
+     "error converting private key"},
+    {ERR_REASON(PEM_R_EXPECTING_PRIVATE_KEY_BLOB),
+     "expecting private key blob"},
+    {ERR_REASON(PEM_R_EXPECTING_PUBLIC_KEY_BLOB),
+     "expecting public key blob"},
+    {ERR_REASON(PEM_R_HEADER_TOO_LONG), "header too long"},
+    {ERR_REASON(PEM_R_INCONSISTENT_HEADER), "inconsistent header"},
+    {ERR_REASON(PEM_R_KEYBLOB_HEADER_PARSE_ERROR),
+     "keyblob header parse error"},
+    {ERR_REASON(PEM_R_KEYBLOB_TOO_SHORT), "keyblob too short"},
+    {ERR_REASON(PEM_R_NOT_DEK_INFO), "not dek info"},
+    {ERR_REASON(PEM_R_NOT_ENCRYPTED), "not encrypted"},
+    {ERR_REASON(PEM_R_NOT_PROC_TYPE), "not proc type"},
+    {ERR_REASON(PEM_R_NO_START_LINE), "no start line"},
+    {ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD),
+     "problems getting password"},
+    {ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA), "public key no rsa"},
+    {ERR_REASON(PEM_R_PVK_DATA_TOO_SHORT), "pvk data too short"},
+    {ERR_REASON(PEM_R_PVK_TOO_SHORT), "pvk too short"},
+    {ERR_REASON(PEM_R_READ_KEY), "read key"},
+    {ERR_REASON(PEM_R_SHORT_HEADER), "short header"},
+    {ERR_REASON(PEM_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
+    {ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION), "unsupported encryption"},
+    {ERR_REASON(PEM_R_UNSUPPORTED_KEY_COMPONENTS),
+     "unsupported key components"},
+    {0, NULL}
+};
+
+#endif
+
+void ERR_load_PEM_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(PEM_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, PEM_str_functs);
+        ERR_load_strings(0, PEM_str_reasons);
+    }
+#endif
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/pem/pem_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pem/pem_lib.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/pem/pem_lib.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,860 +0,0 @@
-/* crypto/pem/pem_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/pkcs12.h>
-#include "asn1_locl.h"
-#ifndef OPENSSL_NO_DES
-# include <openssl/des.h>
-#endif
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
-
-const char PEM_version[] = "PEM" OPENSSL_VERSION_PTEXT;
-
-#define MIN_LENGTH      4
-
-static int load_iv(char **fromp, unsigned char *to, int num);
-static int check_pem(const char *nm, const char *name);
-int pem_check_suffix(const char *pem_str, const char *suffix);
-
-int PEM_def_callback(char *buf, int num, int w, void *key)
-{
-#ifdef OPENSSL_NO_FP_API
-    /*
-     * We should not ever call the default callback routine from windows.
-     */
-    PEMerr(PEM_F_PEM_DEF_CALLBACK, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-    return (-1);
-#else
-    int i, j;
-    const char *prompt;
-    if (key) {
-        i = strlen(key);
-        i = (i > num) ? num : i;
-        memcpy(buf, key, i);
-        return (i);
-    }
-
-    prompt = EVP_get_pw_prompt();
-    if (prompt == NULL)
-        prompt = "Enter PEM pass phrase:";
-
-    for (;;) {
-        i = EVP_read_pw_string_min(buf, MIN_LENGTH, num, prompt, w);
-        if (i != 0) {
-            PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD);
-            memset(buf, 0, (unsigned int)num);
-            return (-1);
-        }
-        j = strlen(buf);
-        if (j < MIN_LENGTH) {
-            fprintf(stderr,
-                    "phrase is too short, needs to be at least %d chars\n",
-                    MIN_LENGTH);
-        } else
-            break;
-    }
-    return (j);
-#endif
-}
-
-void PEM_proc_type(char *buf, int type)
-{
-    const char *str;
-
-    if (type == PEM_TYPE_ENCRYPTED)
-        str = "ENCRYPTED";
-    else if (type == PEM_TYPE_MIC_CLEAR)
-        str = "MIC-CLEAR";
-    else if (type == PEM_TYPE_MIC_ONLY)
-        str = "MIC-ONLY";
-    else
-        str = "BAD-TYPE";
-
-    BUF_strlcat(buf, "Proc-Type: 4,", PEM_BUFSIZE);
-    BUF_strlcat(buf, str, PEM_BUFSIZE);
-    BUF_strlcat(buf, "\n", PEM_BUFSIZE);
-}
-
-void PEM_dek_info(char *buf, const char *type, int len, char *str)
-{
-    static const unsigned char map[17] = "0123456789ABCDEF";
-    long i;
-    int j;
-
-    BUF_strlcat(buf, "DEK-Info: ", PEM_BUFSIZE);
-    BUF_strlcat(buf, type, PEM_BUFSIZE);
-    BUF_strlcat(buf, ",", PEM_BUFSIZE);
-    j = strlen(buf);
-    if (j + (len * 2) + 1 > PEM_BUFSIZE)
-        return;
-    for (i = 0; i < len; i++) {
-        buf[j + i * 2] = map[(str[i] >> 4) & 0x0f];
-        buf[j + i * 2 + 1] = map[(str[i]) & 0x0f];
-    }
-    buf[j + i * 2] = '\n';
-    buf[j + i * 2 + 1] = '\0';
-}
-
-#ifndef OPENSSL_NO_FP_API
-void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
-                    pem_password_cb *cb, void *u)
-{
-    BIO *b;
-    void *ret;
-
-    if ((b = BIO_new(BIO_s_file())) == NULL) {
-        PEMerr(PEM_F_PEM_ASN1_READ, ERR_R_BUF_LIB);
-        return (0);
-    }
-    BIO_set_fp(b, fp, BIO_NOCLOSE);
-    ret = PEM_ASN1_read_bio(d2i, name, b, x, cb, u);
-    BIO_free(b);
-    return (ret);
-}
-#endif
-
-static int check_pem(const char *nm, const char *name)
-{
-    /* Normal matching nm and name */
-    if (!strcmp(nm, name))
-        return 1;
-
-    /* Make PEM_STRING_EVP_PKEY match any private key */
-
-    if (!strcmp(name, PEM_STRING_EVP_PKEY)) {
-        int slen;
-        const EVP_PKEY_ASN1_METHOD *ameth;
-        if (!strcmp(nm, PEM_STRING_PKCS8))
-            return 1;
-        if (!strcmp(nm, PEM_STRING_PKCS8INF))
-            return 1;
-        slen = pem_check_suffix(nm, "PRIVATE KEY");
-        if (slen > 0) {
-            /*
-             * NB: ENGINE implementations wont contain a deprecated old
-             * private key decode function so don't look for them.
-             */
-            ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
-            if (ameth && ameth->old_priv_decode)
-                return 1;
-        }
-        return 0;
-    }
-
-    if (!strcmp(name, PEM_STRING_PARAMETERS)) {
-        int slen;
-        const EVP_PKEY_ASN1_METHOD *ameth;
-        slen = pem_check_suffix(nm, "PARAMETERS");
-        if (slen > 0) {
-            ENGINE *e;
-            ameth = EVP_PKEY_asn1_find_str(&e, nm, slen);
-            if (ameth) {
-                int r;
-                if (ameth->param_decode)
-                    r = 1;
-                else
-                    r = 0;
-#ifndef OPENSSL_NO_ENGINE
-                if (e)
-                    ENGINE_finish(e);
-#endif
-                return r;
-            }
-        }
-        return 0;
-    }
-
-    /* Permit older strings */
-
-    if (!strcmp(nm, PEM_STRING_X509_OLD) && !strcmp(name, PEM_STRING_X509))
-        return 1;
-
-    if (!strcmp(nm, PEM_STRING_X509_REQ_OLD) &&
-        !strcmp(name, PEM_STRING_X509_REQ))
-        return 1;
-
-    /* Allow normal certs to be read as trusted certs */
-    if (!strcmp(nm, PEM_STRING_X509) &&
-        !strcmp(name, PEM_STRING_X509_TRUSTED))
-        return 1;
-
-    if (!strcmp(nm, PEM_STRING_X509_OLD) &&
-        !strcmp(name, PEM_STRING_X509_TRUSTED))
-        return 1;
-
-    /* Some CAs use PKCS#7 with CERTIFICATE headers */
-    if (!strcmp(nm, PEM_STRING_X509) && !strcmp(name, PEM_STRING_PKCS7))
-        return 1;
-
-    if (!strcmp(nm, PEM_STRING_PKCS7_SIGNED) &&
-        !strcmp(name, PEM_STRING_PKCS7))
-        return 1;
-
-#ifndef OPENSSL_NO_CMS
-    if (!strcmp(nm, PEM_STRING_X509) && !strcmp(name, PEM_STRING_CMS))
-        return 1;
-    /* Allow CMS to be read from PKCS#7 headers */
-    if (!strcmp(nm, PEM_STRING_PKCS7) && !strcmp(name, PEM_STRING_CMS))
-        return 1;
-#endif
-
-    return 0;
-}
-
-int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
-                       const char *name, BIO *bp, pem_password_cb *cb,
-                       void *u)
-{
-    EVP_CIPHER_INFO cipher;
-    char *nm = NULL, *header = NULL;
-    unsigned char *data = NULL;
-    long len;
-    int ret = 0;
-
-    for (;;) {
-        if (!PEM_read_bio(bp, &nm, &header, &data, &len)) {
-            if (ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE)
-                ERR_add_error_data(2, "Expecting: ", name);
-            return 0;
-        }
-        if (check_pem(nm, name))
-            break;
-        OPENSSL_free(nm);
-        OPENSSL_free(header);
-        OPENSSL_free(data);
-    }
-    if (!PEM_get_EVP_CIPHER_INFO(header, &cipher))
-        goto err;
-    if (!PEM_do_header(&cipher, data, &len, cb, u))
-        goto err;
-
-    *pdata = data;
-    *plen = len;
-
-    if (pnm)
-        *pnm = nm;
-
-    ret = 1;
-
- err:
-    if (!ret || !pnm)
-        OPENSSL_free(nm);
-    OPENSSL_free(header);
-    if (!ret)
-        OPENSSL_free(data);
-    return ret;
-}
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
-                   void *x, const EVP_CIPHER *enc, unsigned char *kstr,
-                   int klen, pem_password_cb *callback, void *u)
-{
-    BIO *b;
-    int ret;
-
-    if ((b = BIO_new(BIO_s_file())) == NULL) {
-        PEMerr(PEM_F_PEM_ASN1_WRITE, ERR_R_BUF_LIB);
-        return (0);
-    }
-    BIO_set_fp(b, fp, BIO_NOCLOSE);
-    ret = PEM_ASN1_write_bio(i2d, name, b, x, enc, kstr, klen, callback, u);
-    BIO_free(b);
-    return (ret);
-}
-#endif
-
-int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
-                       void *x, const EVP_CIPHER *enc, unsigned char *kstr,
-                       int klen, pem_password_cb *callback, void *u)
-{
-    EVP_CIPHER_CTX ctx;
-    int dsize = 0, i, j, ret = 0;
-    unsigned char *p, *data = NULL;
-    const char *objstr = NULL;
-    char buf[PEM_BUFSIZE];
-    unsigned char key[EVP_MAX_KEY_LENGTH];
-    unsigned char iv[EVP_MAX_IV_LENGTH];
-
-    if (enc != NULL) {
-        objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
-        if (objstr == NULL) {
-            PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
-            goto err;
-        }
-    }
-
-    if ((dsize = i2d(x, NULL)) < 0) {
-        PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_ASN1_LIB);
-        dsize = 0;
-        goto err;
-    }
-    /* dzise + 8 bytes are needed */
-    /* actually it needs the cipher block size extra... */
-    data = (unsigned char *)OPENSSL_malloc((unsigned int)dsize + 20);
-    if (data == NULL) {
-        PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    p = data;
-    i = i2d(x, &p);
-
-    if (enc != NULL) {
-        if (kstr == NULL) {
-            if (callback == NULL)
-                klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u);
-            else
-                klen = (*callback) (buf, PEM_BUFSIZE, 1, u);
-            if (klen <= 0) {
-                PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_READ_KEY);
-                goto err;
-            }
-#ifdef CHARSET_EBCDIC
-            /* Convert the pass phrase from EBCDIC */
-            ebcdic2ascii(buf, buf, klen);
-#endif
-            kstr = (unsigned char *)buf;
-        }
-        RAND_add(data, i, 0);   /* put in the RSA key. */
-        OPENSSL_assert(enc->iv_len <= (int)sizeof(iv));
-        if (RAND_pseudo_bytes(iv, enc->iv_len) < 0) /* Generate a salt */
-            goto err;
-        /*
-         * The 'iv' is used as the iv and as a salt.  It is NOT taken from
-         * the BytesToKey function
-         */
-        if (!EVP_BytesToKey(enc, EVP_md5(), iv, kstr, klen, 1, key, NULL))
-            goto err;
-
-        if (kstr == (unsigned char *)buf)
-            OPENSSL_cleanse(buf, PEM_BUFSIZE);
-
-        OPENSSL_assert(strlen(objstr) + 23 + 2 * enc->iv_len + 13 <=
-                       sizeof buf);
-
-        buf[0] = '\0';
-        PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
-        PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv);
-        /* k=strlen(buf); */
-
-        EVP_CIPHER_CTX_init(&ctx);
-        ret = 1;
-        if (!EVP_EncryptInit_ex(&ctx, enc, NULL, key, iv)
-            || !EVP_EncryptUpdate(&ctx, data, &j, data, i)
-            || !EVP_EncryptFinal_ex(&ctx, &(data[j]), &i))
-            ret = 0;
-        EVP_CIPHER_CTX_cleanup(&ctx);
-        if (ret == 0)
-            goto err;
-        i += j;
-    } else {
-        ret = 1;
-        buf[0] = '\0';
-    }
-    i = PEM_write_bio(bp, name, buf, data, i);
-    if (i <= 0)
-        ret = 0;
- err:
-    OPENSSL_cleanse(key, sizeof(key));
-    OPENSSL_cleanse(iv, sizeof(iv));
-    OPENSSL_cleanse((char *)&ctx, sizeof(ctx));
-    OPENSSL_cleanse(buf, PEM_BUFSIZE);
-    if (data != NULL) {
-        OPENSSL_cleanse(data, (unsigned int)dsize);
-        OPENSSL_free(data);
-    }
-    return (ret);
-}
-
-int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
-                  pem_password_cb *callback, void *u)
-{
-    int i = 0, j, o, klen;
-    long len;
-    EVP_CIPHER_CTX ctx;
-    unsigned char key[EVP_MAX_KEY_LENGTH];
-    char buf[PEM_BUFSIZE];
-
-    len = *plen;
-
-    if (cipher->cipher == NULL)
-        return (1);
-    if (callback == NULL)
-        klen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u);
-    else
-        klen = callback(buf, PEM_BUFSIZE, 0, u);
-    if (klen <= 0) {
-        PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ);
-        return (0);
-    }
-#ifdef CHARSET_EBCDIC
-    /* Convert the pass phrase from EBCDIC */
-    ebcdic2ascii(buf, buf, klen);
-#endif
-
-    if (!EVP_BytesToKey(cipher->cipher, EVP_md5(), &(cipher->iv[0]),
-                        (unsigned char *)buf, klen, 1, key, NULL))
-        return 0;
-
-    j = (int)len;
-    EVP_CIPHER_CTX_init(&ctx);
-    o = EVP_DecryptInit_ex(&ctx, cipher->cipher, NULL, key, &(cipher->iv[0]));
-    if (o)
-        o = EVP_DecryptUpdate(&ctx, data, &i, data, j);
-    if (o)
-        o = EVP_DecryptFinal_ex(&ctx, &(data[i]), &j);
-    EVP_CIPHER_CTX_cleanup(&ctx);
-    OPENSSL_cleanse((char *)buf, sizeof(buf));
-    OPENSSL_cleanse((char *)key, sizeof(key));
-    j += i;
-    if (!o) {
-        PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_DECRYPT);
-        return (0);
-    }
-    *plen = j;
-    return (1);
-}
-
-int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
-{
-    const EVP_CIPHER *enc = NULL;
-    char *p, c;
-    char **header_pp = &header;
-
-    cipher->cipher = NULL;
-    if ((header == NULL) || (*header == '\0') || (*header == '\n'))
-        return (1);
-    if (strncmp(header, "Proc-Type: ", 11) != 0) {
-        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_PROC_TYPE);
-        return (0);
-    }
-    header += 11;
-    if (*header != '4')
-        return (0);
-    header++;
-    if (*header != ',')
-        return (0);
-    header++;
-    if (strncmp(header, "ENCRYPTED", 9) != 0) {
-        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_ENCRYPTED);
-        return (0);
-    }
-    for (; (*header != '\n') && (*header != '\0'); header++) ;
-    if (*header == '\0') {
-        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_SHORT_HEADER);
-        return (0);
-    }
-    header++;
-    if (strncmp(header, "DEK-Info: ", 10) != 0) {
-        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_DEK_INFO);
-        return (0);
-    }
-    header += 10;
-
-    p = header;
-    for (;;) {
-        c = *header;
-#ifndef CHARSET_EBCDIC
-        if (!(((c >= 'A') && (c <= 'Z')) || (c == '-') ||
-              ((c >= '0') && (c <= '9'))))
-            break;
-#else
-        if (!(isupper(c) || (c == '-') || isdigit(c)))
-            break;
-#endif
-        header++;
-    }
-    *header = '\0';
-    cipher->cipher = enc = EVP_get_cipherbyname(p);
-    *header = c;
-    header++;
-
-    if (enc == NULL) {
-        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_UNSUPPORTED_ENCRYPTION);
-        return (0);
-    }
-    if (!load_iv(header_pp, &(cipher->iv[0]), enc->iv_len))
-        return (0);
-
-    return (1);
-}
-
-static int load_iv(char **fromp, unsigned char *to, int num)
-{
-    int v, i;
-    char *from;
-
-    from = *fromp;
-    for (i = 0; i < num; i++)
-        to[i] = 0;
-    num *= 2;
-    for (i = 0; i < num; i++) {
-        if ((*from >= '0') && (*from <= '9'))
-            v = *from - '0';
-        else if ((*from >= 'A') && (*from <= 'F'))
-            v = *from - 'A' + 10;
-        else if ((*from >= 'a') && (*from <= 'f'))
-            v = *from - 'a' + 10;
-        else {
-            PEMerr(PEM_F_LOAD_IV, PEM_R_BAD_IV_CHARS);
-            return (0);
-        }
-        from++;
-        to[i / 2] |= v << (long)((!(i & 1)) * 4);
-    }
-
-    *fromp = from;
-    return (1);
-}
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_write(FILE *fp, char *name, char *header, unsigned char *data,
-              long len)
-{
-    BIO *b;
-    int ret;
-
-    if ((b = BIO_new(BIO_s_file())) == NULL) {
-        PEMerr(PEM_F_PEM_WRITE, ERR_R_BUF_LIB);
-        return (0);
-    }
-    BIO_set_fp(b, fp, BIO_NOCLOSE);
-    ret = PEM_write_bio(b, name, header, data, len);
-    BIO_free(b);
-    return (ret);
-}
-#endif
-
-int PEM_write_bio(BIO *bp, const char *name, char *header,
-                  unsigned char *data, long len)
-{
-    int nlen, n, i, j, outl;
-    unsigned char *buf = NULL;
-    EVP_ENCODE_CTX ctx;
-    int reason = ERR_R_BUF_LIB;
-
-    EVP_EncodeInit(&ctx);
-    nlen = strlen(name);
-
-    if ((BIO_write(bp, "-----BEGIN ", 11) != 11) ||
-        (BIO_write(bp, name, nlen) != nlen) ||
-        (BIO_write(bp, "-----\n", 6) != 6))
-        goto err;
-
-    i = strlen(header);
-    if (i > 0) {
-        if ((BIO_write(bp, header, i) != i) || (BIO_write(bp, "\n", 1) != 1))
-            goto err;
-    }
-
-    buf = OPENSSL_malloc(PEM_BUFSIZE * 8);
-    if (buf == NULL) {
-        reason = ERR_R_MALLOC_FAILURE;
-        goto err;
-    }
-
-    i = j = 0;
-    while (len > 0) {
-        n = (int)((len > (PEM_BUFSIZE * 5)) ? (PEM_BUFSIZE * 5) : len);
-        EVP_EncodeUpdate(&ctx, buf, &outl, &(data[j]), n);
-        if ((outl) && (BIO_write(bp, (char *)buf, outl) != outl))
-            goto err;
-        i += outl;
-        len -= n;
-        j += n;
-    }
-    EVP_EncodeFinal(&ctx, buf, &outl);
-    if ((outl > 0) && (BIO_write(bp, (char *)buf, outl) != outl))
-        goto err;
-    OPENSSL_cleanse(buf, PEM_BUFSIZE * 8);
-    OPENSSL_free(buf);
-    buf = NULL;
-    if ((BIO_write(bp, "-----END ", 9) != 9) ||
-        (BIO_write(bp, name, nlen) != nlen) ||
-        (BIO_write(bp, "-----\n", 6) != 6))
-        goto err;
-    return (i + outl);
- err:
-    if (buf) {
-        OPENSSL_cleanse(buf, PEM_BUFSIZE * 8);
-        OPENSSL_free(buf);
-    }
-    PEMerr(PEM_F_PEM_WRITE_BIO, reason);
-    return (0);
-}
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,
-             long *len)
-{
-    BIO *b;
-    int ret;
-
-    if ((b = BIO_new(BIO_s_file())) == NULL) {
-        PEMerr(PEM_F_PEM_READ, ERR_R_BUF_LIB);
-        return (0);
-    }
-    BIO_set_fp(b, fp, BIO_NOCLOSE);
-    ret = PEM_read_bio(b, name, header, data, len);
-    BIO_free(b);
-    return (ret);
-}
-#endif
-
-int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
-                 long *len)
-{
-    EVP_ENCODE_CTX ctx;
-    int end = 0, i, k, bl = 0, hl = 0, nohead = 0;
-    char buf[256];
-    BUF_MEM *nameB;
-    BUF_MEM *headerB;
-    BUF_MEM *dataB, *tmpB;
-
-    nameB = BUF_MEM_new();
-    headerB = BUF_MEM_new();
-    dataB = BUF_MEM_new();
-    if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL)) {
-        BUF_MEM_free(nameB);
-        BUF_MEM_free(headerB);
-        BUF_MEM_free(dataB);
-        PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
-        return (0);
-    }
-
-    buf[254] = '\0';
-    for (;;) {
-        i = BIO_gets(bp, buf, 254);
-
-        if (i <= 0) {
-            PEMerr(PEM_F_PEM_READ_BIO, PEM_R_NO_START_LINE);
-            goto err;
-        }
-
-        while ((i >= 0) && (buf[i] <= ' '))
-            i--;
-        buf[++i] = '\n';
-        buf[++i] = '\0';
-
-        if (strncmp(buf, "-----BEGIN ", 11) == 0) {
-            i = strlen(&(buf[11]));
-
-            if (strncmp(&(buf[11 + i - 6]), "-----\n", 6) != 0)
-                continue;
-            if (!BUF_MEM_grow(nameB, i + 9)) {
-                PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
-                goto err;
-            }
-            memcpy(nameB->data, &(buf[11]), i - 6);
-            nameB->data[i - 6] = '\0';
-            break;
-        }
-    }
-    hl = 0;
-    if (!BUF_MEM_grow(headerB, 256)) {
-        PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    headerB->data[0] = '\0';
-    for (;;) {
-        i = BIO_gets(bp, buf, 254);
-        if (i <= 0)
-            break;
-
-        while ((i >= 0) && (buf[i] <= ' '))
-            i--;
-        buf[++i] = '\n';
-        buf[++i] = '\0';
-
-        if (buf[0] == '\n')
-            break;
-        if (!BUF_MEM_grow(headerB, hl + i + 9)) {
-            PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-        if (strncmp(buf, "-----END ", 9) == 0) {
-            nohead = 1;
-            break;
-        }
-        memcpy(&(headerB->data[hl]), buf, i);
-        headerB->data[hl + i] = '\0';
-        hl += i;
-    }
-
-    bl = 0;
-    if (!BUF_MEM_grow(dataB, 1024)) {
-        PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    dataB->data[0] = '\0';
-    if (!nohead) {
-        for (;;) {
-            i = BIO_gets(bp, buf, 254);
-            if (i <= 0)
-                break;
-
-            while ((i >= 0) && (buf[i] <= ' '))
-                i--;
-            buf[++i] = '\n';
-            buf[++i] = '\0';
-
-            if (i != 65)
-                end = 1;
-            if (strncmp(buf, "-----END ", 9) == 0)
-                break;
-            if (i > 65)
-                break;
-            if (!BUF_MEM_grow_clean(dataB, i + bl + 9)) {
-                PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
-                goto err;
-            }
-            memcpy(&(dataB->data[bl]), buf, i);
-            dataB->data[bl + i] = '\0';
-            bl += i;
-            if (end) {
-                buf[0] = '\0';
-                i = BIO_gets(bp, buf, 254);
-                if (i <= 0)
-                    break;
-
-                while ((i >= 0) && (buf[i] <= ' '))
-                    i--;
-                buf[++i] = '\n';
-                buf[++i] = '\0';
-
-                break;
-            }
-        }
-    } else {
-        tmpB = headerB;
-        headerB = dataB;
-        dataB = tmpB;
-        bl = hl;
-    }
-    i = strlen(nameB->data);
-    if ((strncmp(buf, "-----END ", 9) != 0) ||
-        (strncmp(nameB->data, &(buf[9]), i) != 0) ||
-        (strncmp(&(buf[9 + i]), "-----\n", 6) != 0)) {
-        PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_END_LINE);
-        goto err;
-    }
-
-    EVP_DecodeInit(&ctx);
-    i = EVP_DecodeUpdate(&ctx,
-                         (unsigned char *)dataB->data, &bl,
-                         (unsigned char *)dataB->data, bl);
-    if (i < 0) {
-        PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_BASE64_DECODE);
-        goto err;
-    }
-    i = EVP_DecodeFinal(&ctx, (unsigned char *)&(dataB->data[bl]), &k);
-    if (i < 0) {
-        PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_BASE64_DECODE);
-        goto err;
-    }
-    bl += k;
-
-    if (bl == 0)
-        goto err;
-    *name = nameB->data;
-    *header = headerB->data;
-    *data = (unsigned char *)dataB->data;
-    *len = bl;
-    OPENSSL_free(nameB);
-    OPENSSL_free(headerB);
-    OPENSSL_free(dataB);
-    return (1);
- err:
-    BUF_MEM_free(nameB);
-    BUF_MEM_free(headerB);
-    BUF_MEM_free(dataB);
-    return (0);
-}
-
-/*
- * Check pem string and return prefix length. If for example the pem_str ==
- * "RSA PRIVATE KEY" and suffix = "PRIVATE KEY" the return value is 3 for the
- * string "RSA".
- */
-
-int pem_check_suffix(const char *pem_str, const char *suffix)
-{
-    int pem_len = strlen(pem_str);
-    int suffix_len = strlen(suffix);
-    const char *p;
-    if (suffix_len + 1 >= pem_len)
-        return 0;
-    p = pem_str + pem_len - suffix_len;
-    if (strcmp(p, suffix))
-        return 0;
-    p--;
-    if (*p != ' ')
-        return 0;
-    return p - pem_str;
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/pem/pem_lib.c (from rev 11605, vendor-crypto/openssl/dist/crypto/pem/pem_lib.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/pem/pem_lib.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/pem/pem_lib.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,860 @@
+/* crypto/pem/pem_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs12.h>
+#include "asn1_locl.h"
+#ifndef OPENSSL_NO_DES
+# include <openssl/des.h>
+#endif
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+
+const char PEM_version[] = "PEM" OPENSSL_VERSION_PTEXT;
+
+#define MIN_LENGTH      4
+
+static int load_iv(char **fromp, unsigned char *to, int num);
+static int check_pem(const char *nm, const char *name);
+int pem_check_suffix(const char *pem_str, const char *suffix);
+
+int PEM_def_callback(char *buf, int num, int w, void *key)
+{
+#ifdef OPENSSL_NO_FP_API
+    /*
+     * We should not ever call the default callback routine from windows.
+     */
+    PEMerr(PEM_F_PEM_DEF_CALLBACK, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+    return (-1);
+#else
+    int i, j;
+    const char *prompt;
+    if (key) {
+        i = strlen(key);
+        i = (i > num) ? num : i;
+        memcpy(buf, key, i);
+        return (i);
+    }
+
+    prompt = EVP_get_pw_prompt();
+    if (prompt == NULL)
+        prompt = "Enter PEM pass phrase:";
+
+    for (;;) {
+        i = EVP_read_pw_string_min(buf, MIN_LENGTH, num, prompt, w);
+        if (i != 0) {
+            PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD);
+            memset(buf, 0, (unsigned int)num);
+            return (-1);
+        }
+        j = strlen(buf);
+        if (j < MIN_LENGTH) {
+            fprintf(stderr,
+                    "phrase is too short, needs to be at least %d chars\n",
+                    MIN_LENGTH);
+        } else
+            break;
+    }
+    return (j);
+#endif
+}
+
+void PEM_proc_type(char *buf, int type)
+{
+    const char *str;
+
+    if (type == PEM_TYPE_ENCRYPTED)
+        str = "ENCRYPTED";
+    else if (type == PEM_TYPE_MIC_CLEAR)
+        str = "MIC-CLEAR";
+    else if (type == PEM_TYPE_MIC_ONLY)
+        str = "MIC-ONLY";
+    else
+        str = "BAD-TYPE";
+
+    BUF_strlcat(buf, "Proc-Type: 4,", PEM_BUFSIZE);
+    BUF_strlcat(buf, str, PEM_BUFSIZE);
+    BUF_strlcat(buf, "\n", PEM_BUFSIZE);
+}
+
+void PEM_dek_info(char *buf, const char *type, int len, char *str)
+{
+    static const unsigned char map[17] = "0123456789ABCDEF";
+    long i;
+    int j;
+
+    BUF_strlcat(buf, "DEK-Info: ", PEM_BUFSIZE);
+    BUF_strlcat(buf, type, PEM_BUFSIZE);
+    BUF_strlcat(buf, ",", PEM_BUFSIZE);
+    j = strlen(buf);
+    if (j + (len * 2) + 1 > PEM_BUFSIZE)
+        return;
+    for (i = 0; i < len; i++) {
+        buf[j + i * 2] = map[(str[i] >> 4) & 0x0f];
+        buf[j + i * 2 + 1] = map[(str[i]) & 0x0f];
+    }
+    buf[j + i * 2] = '\n';
+    buf[j + i * 2 + 1] = '\0';
+}
+
+#ifndef OPENSSL_NO_FP_API
+void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
+                    pem_password_cb *cb, void *u)
+{
+    BIO *b;
+    void *ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        PEMerr(PEM_F_PEM_ASN1_READ, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = PEM_ASN1_read_bio(d2i, name, b, x, cb, u);
+    BIO_free(b);
+    return (ret);
+}
+#endif
+
+static int check_pem(const char *nm, const char *name)
+{
+    /* Normal matching nm and name */
+    if (!strcmp(nm, name))
+        return 1;
+
+    /* Make PEM_STRING_EVP_PKEY match any private key */
+
+    if (!strcmp(name, PEM_STRING_EVP_PKEY)) {
+        int slen;
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        if (!strcmp(nm, PEM_STRING_PKCS8))
+            return 1;
+        if (!strcmp(nm, PEM_STRING_PKCS8INF))
+            return 1;
+        slen = pem_check_suffix(nm, "PRIVATE KEY");
+        if (slen > 0) {
+            /*
+             * NB: ENGINE implementations wont contain a deprecated old
+             * private key decode function so don't look for them.
+             */
+            ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
+            if (ameth && ameth->old_priv_decode)
+                return 1;
+        }
+        return 0;
+    }
+
+    if (!strcmp(name, PEM_STRING_PARAMETERS)) {
+        int slen;
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        slen = pem_check_suffix(nm, "PARAMETERS");
+        if (slen > 0) {
+            ENGINE *e;
+            ameth = EVP_PKEY_asn1_find_str(&e, nm, slen);
+            if (ameth) {
+                int r;
+                if (ameth->param_decode)
+                    r = 1;
+                else
+                    r = 0;
+#ifndef OPENSSL_NO_ENGINE
+                if (e)
+                    ENGINE_finish(e);
+#endif
+                return r;
+            }
+        }
+        return 0;
+    }
+
+    /* Permit older strings */
+
+    if (!strcmp(nm, PEM_STRING_X509_OLD) && !strcmp(name, PEM_STRING_X509))
+        return 1;
+
+    if (!strcmp(nm, PEM_STRING_X509_REQ_OLD) &&
+        !strcmp(name, PEM_STRING_X509_REQ))
+        return 1;
+
+    /* Allow normal certs to be read as trusted certs */
+    if (!strcmp(nm, PEM_STRING_X509) &&
+        !strcmp(name, PEM_STRING_X509_TRUSTED))
+        return 1;
+
+    if (!strcmp(nm, PEM_STRING_X509_OLD) &&
+        !strcmp(name, PEM_STRING_X509_TRUSTED))
+        return 1;
+
+    /* Some CAs use PKCS#7 with CERTIFICATE headers */
+    if (!strcmp(nm, PEM_STRING_X509) && !strcmp(name, PEM_STRING_PKCS7))
+        return 1;
+
+    if (!strcmp(nm, PEM_STRING_PKCS7_SIGNED) &&
+        !strcmp(name, PEM_STRING_PKCS7))
+        return 1;
+
+#ifndef OPENSSL_NO_CMS
+    if (!strcmp(nm, PEM_STRING_X509) && !strcmp(name, PEM_STRING_CMS))
+        return 1;
+    /* Allow CMS to be read from PKCS#7 headers */
+    if (!strcmp(nm, PEM_STRING_PKCS7) && !strcmp(name, PEM_STRING_CMS))
+        return 1;
+#endif
+
+    return 0;
+}
+
+int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
+                       const char *name, BIO *bp, pem_password_cb *cb,
+                       void *u)
+{
+    EVP_CIPHER_INFO cipher;
+    char *nm = NULL, *header = NULL;
+    unsigned char *data = NULL;
+    long len;
+    int ret = 0;
+
+    for (;;) {
+        if (!PEM_read_bio(bp, &nm, &header, &data, &len)) {
+            if (ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE)
+                ERR_add_error_data(2, "Expecting: ", name);
+            return 0;
+        }
+        if (check_pem(nm, name))
+            break;
+        OPENSSL_free(nm);
+        OPENSSL_free(header);
+        OPENSSL_free(data);
+    }
+    if (!PEM_get_EVP_CIPHER_INFO(header, &cipher))
+        goto err;
+    if (!PEM_do_header(&cipher, data, &len, cb, u))
+        goto err;
+
+    *pdata = data;
+    *plen = len;
+
+    if (pnm)
+        *pnm = nm;
+
+    ret = 1;
+
+ err:
+    if (!ret || !pnm)
+        OPENSSL_free(nm);
+    OPENSSL_free(header);
+    if (!ret)
+        OPENSSL_free(data);
+    return ret;
+}
+
+#ifndef OPENSSL_NO_FP_API
+int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
+                   void *x, const EVP_CIPHER *enc, unsigned char *kstr,
+                   int klen, pem_password_cb *callback, void *u)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        PEMerr(PEM_F_PEM_ASN1_WRITE, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = PEM_ASN1_write_bio(i2d, name, b, x, enc, kstr, klen, callback, u);
+    BIO_free(b);
+    return (ret);
+}
+#endif
+
+int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
+                       void *x, const EVP_CIPHER *enc, unsigned char *kstr,
+                       int klen, pem_password_cb *callback, void *u)
+{
+    EVP_CIPHER_CTX ctx;
+    int dsize = 0, i, j, ret = 0;
+    unsigned char *p, *data = NULL;
+    const char *objstr = NULL;
+    char buf[PEM_BUFSIZE];
+    unsigned char key[EVP_MAX_KEY_LENGTH];
+    unsigned char iv[EVP_MAX_IV_LENGTH];
+
+    if (enc != NULL) {
+        objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
+        if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0) {
+            PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
+            goto err;
+        }
+    }
+
+    if ((dsize = i2d(x, NULL)) < 0) {
+        PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_ASN1_LIB);
+        dsize = 0;
+        goto err;
+    }
+    /* dzise + 8 bytes are needed */
+    /* actually it needs the cipher block size extra... */
+    data = (unsigned char *)OPENSSL_malloc((unsigned int)dsize + 20);
+    if (data == NULL) {
+        PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    p = data;
+    i = i2d(x, &p);
+
+    if (enc != NULL) {
+        if (kstr == NULL) {
+            if (callback == NULL)
+                klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u);
+            else
+                klen = (*callback) (buf, PEM_BUFSIZE, 1, u);
+            if (klen <= 0) {
+                PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_READ_KEY);
+                goto err;
+            }
+#ifdef CHARSET_EBCDIC
+            /* Convert the pass phrase from EBCDIC */
+            ebcdic2ascii(buf, buf, klen);
+#endif
+            kstr = (unsigned char *)buf;
+        }
+        RAND_add(data, i, 0);   /* put in the RSA key. */
+        OPENSSL_assert(enc->iv_len <= (int)sizeof(iv));
+        if (RAND_bytes(iv, enc->iv_len) <= 0) /* Generate a salt */
+            goto err;
+        /*
+         * The 'iv' is used as the iv and as a salt.  It is NOT taken from
+         * the BytesToKey function
+         */
+        if (!EVP_BytesToKey(enc, EVP_md5(), iv, kstr, klen, 1, key, NULL))
+            goto err;
+
+        if (kstr == (unsigned char *)buf)
+            OPENSSL_cleanse(buf, PEM_BUFSIZE);
+
+        OPENSSL_assert(strlen(objstr) + 23 + 2 * enc->iv_len + 13 <=
+                       sizeof buf);
+
+        buf[0] = '\0';
+        PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
+        PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv);
+        /* k=strlen(buf); */
+
+        EVP_CIPHER_CTX_init(&ctx);
+        ret = 1;
+        if (!EVP_EncryptInit_ex(&ctx, enc, NULL, key, iv)
+            || !EVP_EncryptUpdate(&ctx, data, &j, data, i)
+            || !EVP_EncryptFinal_ex(&ctx, &(data[j]), &i))
+            ret = 0;
+        EVP_CIPHER_CTX_cleanup(&ctx);
+        if (ret == 0)
+            goto err;
+        i += j;
+    } else {
+        ret = 1;
+        buf[0] = '\0';
+    }
+    i = PEM_write_bio(bp, name, buf, data, i);
+    if (i <= 0)
+        ret = 0;
+ err:
+    OPENSSL_cleanse(key, sizeof(key));
+    OPENSSL_cleanse(iv, sizeof(iv));
+    OPENSSL_cleanse((char *)&ctx, sizeof(ctx));
+    OPENSSL_cleanse(buf, PEM_BUFSIZE);
+    if (data != NULL) {
+        OPENSSL_cleanse(data, (unsigned int)dsize);
+        OPENSSL_free(data);
+    }
+    return (ret);
+}
+
+int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
+                  pem_password_cb *callback, void *u)
+{
+    int i = 0, j, o, klen;
+    long len;
+    EVP_CIPHER_CTX ctx;
+    unsigned char key[EVP_MAX_KEY_LENGTH];
+    char buf[PEM_BUFSIZE];
+
+    len = *plen;
+
+    if (cipher->cipher == NULL)
+        return (1);
+    if (callback == NULL)
+        klen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u);
+    else
+        klen = callback(buf, PEM_BUFSIZE, 0, u);
+    if (klen <= 0) {
+        PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ);
+        return (0);
+    }
+#ifdef CHARSET_EBCDIC
+    /* Convert the pass phrase from EBCDIC */
+    ebcdic2ascii(buf, buf, klen);
+#endif
+
+    if (!EVP_BytesToKey(cipher->cipher, EVP_md5(), &(cipher->iv[0]),
+                        (unsigned char *)buf, klen, 1, key, NULL))
+        return 0;
+
+    j = (int)len;
+    EVP_CIPHER_CTX_init(&ctx);
+    o = EVP_DecryptInit_ex(&ctx, cipher->cipher, NULL, key, &(cipher->iv[0]));
+    if (o)
+        o = EVP_DecryptUpdate(&ctx, data, &i, data, j);
+    if (o)
+        o = EVP_DecryptFinal_ex(&ctx, &(data[i]), &j);
+    EVP_CIPHER_CTX_cleanup(&ctx);
+    OPENSSL_cleanse((char *)buf, sizeof(buf));
+    OPENSSL_cleanse((char *)key, sizeof(key));
+    j += i;
+    if (!o) {
+        PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_DECRYPT);
+        return (0);
+    }
+    *plen = j;
+    return (1);
+}
+
+int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
+{
+    const EVP_CIPHER *enc = NULL;
+    char *p, c;
+    char **header_pp = &header;
+
+    cipher->cipher = NULL;
+    if ((header == NULL) || (*header == '\0') || (*header == '\n'))
+        return (1);
+    if (strncmp(header, "Proc-Type: ", 11) != 0) {
+        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_PROC_TYPE);
+        return (0);
+    }
+    header += 11;
+    if (*header != '4')
+        return (0);
+    header++;
+    if (*header != ',')
+        return (0);
+    header++;
+    if (strncmp(header, "ENCRYPTED", 9) != 0) {
+        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_ENCRYPTED);
+        return (0);
+    }
+    for (; (*header != '\n') && (*header != '\0'); header++) ;
+    if (*header == '\0') {
+        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_SHORT_HEADER);
+        return (0);
+    }
+    header++;
+    if (strncmp(header, "DEK-Info: ", 10) != 0) {
+        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_DEK_INFO);
+        return (0);
+    }
+    header += 10;
+
+    p = header;
+    for (;;) {
+        c = *header;
+#ifndef CHARSET_EBCDIC
+        if (!(((c >= 'A') && (c <= 'Z')) || (c == '-') ||
+              ((c >= '0') && (c <= '9'))))
+            break;
+#else
+        if (!(isupper(c) || (c == '-') || isdigit(c)))
+            break;
+#endif
+        header++;
+    }
+    *header = '\0';
+    cipher->cipher = enc = EVP_get_cipherbyname(p);
+    *header = c;
+    header++;
+
+    if (enc == NULL) {
+        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_UNSUPPORTED_ENCRYPTION);
+        return (0);
+    }
+    if (!load_iv(header_pp, &(cipher->iv[0]), enc->iv_len))
+        return (0);
+
+    return (1);
+}
+
+static int load_iv(char **fromp, unsigned char *to, int num)
+{
+    int v, i;
+    char *from;
+
+    from = *fromp;
+    for (i = 0; i < num; i++)
+        to[i] = 0;
+    num *= 2;
+    for (i = 0; i < num; i++) {
+        if ((*from >= '0') && (*from <= '9'))
+            v = *from - '0';
+        else if ((*from >= 'A') && (*from <= 'F'))
+            v = *from - 'A' + 10;
+        else if ((*from >= 'a') && (*from <= 'f'))
+            v = *from - 'a' + 10;
+        else {
+            PEMerr(PEM_F_LOAD_IV, PEM_R_BAD_IV_CHARS);
+            return (0);
+        }
+        from++;
+        to[i / 2] |= v << (long)((!(i & 1)) * 4);
+    }
+
+    *fromp = from;
+    return (1);
+}
+
+#ifndef OPENSSL_NO_FP_API
+int PEM_write(FILE *fp, char *name, char *header, unsigned char *data,
+              long len)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        PEMerr(PEM_F_PEM_WRITE, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = PEM_write_bio(b, name, header, data, len);
+    BIO_free(b);
+    return (ret);
+}
+#endif
+
+int PEM_write_bio(BIO *bp, const char *name, char *header,
+                  unsigned char *data, long len)
+{
+    int nlen, n, i, j, outl;
+    unsigned char *buf = NULL;
+    EVP_ENCODE_CTX ctx;
+    int reason = ERR_R_BUF_LIB;
+
+    EVP_EncodeInit(&ctx);
+    nlen = strlen(name);
+
+    if ((BIO_write(bp, "-----BEGIN ", 11) != 11) ||
+        (BIO_write(bp, name, nlen) != nlen) ||
+        (BIO_write(bp, "-----\n", 6) != 6))
+        goto err;
+
+    i = strlen(header);
+    if (i > 0) {
+        if ((BIO_write(bp, header, i) != i) || (BIO_write(bp, "\n", 1) != 1))
+            goto err;
+    }
+
+    buf = OPENSSL_malloc(PEM_BUFSIZE * 8);
+    if (buf == NULL) {
+        reason = ERR_R_MALLOC_FAILURE;
+        goto err;
+    }
+
+    i = j = 0;
+    while (len > 0) {
+        n = (int)((len > (PEM_BUFSIZE * 5)) ? (PEM_BUFSIZE * 5) : len);
+        EVP_EncodeUpdate(&ctx, buf, &outl, &(data[j]), n);
+        if ((outl) && (BIO_write(bp, (char *)buf, outl) != outl))
+            goto err;
+        i += outl;
+        len -= n;
+        j += n;
+    }
+    EVP_EncodeFinal(&ctx, buf, &outl);
+    if ((outl > 0) && (BIO_write(bp, (char *)buf, outl) != outl))
+        goto err;
+    OPENSSL_cleanse(buf, PEM_BUFSIZE * 8);
+    OPENSSL_free(buf);
+    buf = NULL;
+    if ((BIO_write(bp, "-----END ", 9) != 9) ||
+        (BIO_write(bp, name, nlen) != nlen) ||
+        (BIO_write(bp, "-----\n", 6) != 6))
+        goto err;
+    return (i + outl);
+ err:
+    if (buf) {
+        OPENSSL_cleanse(buf, PEM_BUFSIZE * 8);
+        OPENSSL_free(buf);
+    }
+    PEMerr(PEM_F_PEM_WRITE_BIO, reason);
+    return (0);
+}
+
+#ifndef OPENSSL_NO_FP_API
+int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,
+             long *len)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        PEMerr(PEM_F_PEM_READ, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = PEM_read_bio(b, name, header, data, len);
+    BIO_free(b);
+    return (ret);
+}
+#endif
+
+int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
+                 long *len)
+{
+    EVP_ENCODE_CTX ctx;
+    int end = 0, i, k, bl = 0, hl = 0, nohead = 0;
+    char buf[256];
+    BUF_MEM *nameB;
+    BUF_MEM *headerB;
+    BUF_MEM *dataB, *tmpB;
+
+    nameB = BUF_MEM_new();
+    headerB = BUF_MEM_new();
+    dataB = BUF_MEM_new();
+    if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL)) {
+        BUF_MEM_free(nameB);
+        BUF_MEM_free(headerB);
+        BUF_MEM_free(dataB);
+        PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
+        return (0);
+    }
+
+    buf[254] = '\0';
+    for (;;) {
+        i = BIO_gets(bp, buf, 254);
+
+        if (i <= 0) {
+            PEMerr(PEM_F_PEM_READ_BIO, PEM_R_NO_START_LINE);
+            goto err;
+        }
+
+        while ((i >= 0) && (buf[i] <= ' '))
+            i--;
+        buf[++i] = '\n';
+        buf[++i] = '\0';
+
+        if (strncmp(buf, "-----BEGIN ", 11) == 0) {
+            i = strlen(&(buf[11]));
+
+            if (strncmp(&(buf[11 + i - 6]), "-----\n", 6) != 0)
+                continue;
+            if (!BUF_MEM_grow(nameB, i + 9)) {
+                PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            memcpy(nameB->data, &(buf[11]), i - 6);
+            nameB->data[i - 6] = '\0';
+            break;
+        }
+    }
+    hl = 0;
+    if (!BUF_MEM_grow(headerB, 256)) {
+        PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    headerB->data[0] = '\0';
+    for (;;) {
+        i = BIO_gets(bp, buf, 254);
+        if (i <= 0)
+            break;
+
+        while ((i >= 0) && (buf[i] <= ' '))
+            i--;
+        buf[++i] = '\n';
+        buf[++i] = '\0';
+
+        if (buf[0] == '\n')
+            break;
+        if (!BUF_MEM_grow(headerB, hl + i + 9)) {
+            PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (strncmp(buf, "-----END ", 9) == 0) {
+            nohead = 1;
+            break;
+        }
+        memcpy(&(headerB->data[hl]), buf, i);
+        headerB->data[hl + i] = '\0';
+        hl += i;
+    }
+
+    bl = 0;
+    if (!BUF_MEM_grow(dataB, 1024)) {
+        PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    dataB->data[0] = '\0';
+    if (!nohead) {
+        for (;;) {
+            i = BIO_gets(bp, buf, 254);
+            if (i <= 0)
+                break;
+
+            while ((i >= 0) && (buf[i] <= ' '))
+                i--;
+            buf[++i] = '\n';
+            buf[++i] = '\0';
+
+            if (i != 65)
+                end = 1;
+            if (strncmp(buf, "-----END ", 9) == 0)
+                break;
+            if (i > 65)
+                break;
+            if (!BUF_MEM_grow_clean(dataB, i + bl + 9)) {
+                PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            memcpy(&(dataB->data[bl]), buf, i);
+            dataB->data[bl + i] = '\0';
+            bl += i;
+            if (end) {
+                buf[0] = '\0';
+                i = BIO_gets(bp, buf, 254);
+                if (i <= 0)
+                    break;
+
+                while ((i >= 0) && (buf[i] <= ' '))
+                    i--;
+                buf[++i] = '\n';
+                buf[++i] = '\0';
+
+                break;
+            }
+        }
+    } else {
+        tmpB = headerB;
+        headerB = dataB;
+        dataB = tmpB;
+        bl = hl;
+    }
+    i = strlen(nameB->data);
+    if ((strncmp(buf, "-----END ", 9) != 0) ||
+        (strncmp(nameB->data, &(buf[9]), i) != 0) ||
+        (strncmp(&(buf[9 + i]), "-----\n", 6) != 0)) {
+        PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_END_LINE);
+        goto err;
+    }
+
+    EVP_DecodeInit(&ctx);
+    i = EVP_DecodeUpdate(&ctx,
+                         (unsigned char *)dataB->data, &bl,
+                         (unsigned char *)dataB->data, bl);
+    if (i < 0) {
+        PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_BASE64_DECODE);
+        goto err;
+    }
+    i = EVP_DecodeFinal(&ctx, (unsigned char *)&(dataB->data[bl]), &k);
+    if (i < 0) {
+        PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_BASE64_DECODE);
+        goto err;
+    }
+    bl += k;
+
+    if (bl == 0)
+        goto err;
+    *name = nameB->data;
+    *header = headerB->data;
+    *data = (unsigned char *)dataB->data;
+    *len = bl;
+    OPENSSL_free(nameB);
+    OPENSSL_free(headerB);
+    OPENSSL_free(dataB);
+    return (1);
+ err:
+    BUF_MEM_free(nameB);
+    BUF_MEM_free(headerB);
+    BUF_MEM_free(dataB);
+    return (0);
+}
+
+/*
+ * Check pem string and return prefix length. If for example the pem_str ==
+ * "RSA PRIVATE KEY" and suffix = "PRIVATE KEY" the return value is 3 for the
+ * string "RSA".
+ */
+
+int pem_check_suffix(const char *pem_str, const char *suffix)
+{
+    int pem_len = strlen(pem_str);
+    int suffix_len = strlen(suffix);
+    const char *p;
+    if (suffix_len + 1 >= pem_len)
+        return 0;
+    p = pem_str + pem_len - suffix_len;
+    if (strcmp(p, suffix))
+        return 0;
+    p--;
+    if (*p != ' ')
+        return 0;
+    return p - pem_str;
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/pem/pvkfmt.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pem/pvkfmt.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/pem/pvkfmt.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,881 +0,0 @@
-/*
- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
- * 2005.
- */
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/*
- * Support for PVK format keys and related structures (such a PUBLICKEYBLOB
- * and PRIVATEKEYBLOB).
- */
-
-#include "cryptlib.h"
-#include <openssl/pem.h>
-#include <openssl/rand.h>
-#include <openssl/bn.h>
-#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
-# include <openssl/dsa.h>
-# include <openssl/rsa.h>
-
-/*
- * Utility function: read a DWORD (4 byte unsigned integer) in little endian
- * format
- */
-
-static unsigned int read_ledword(const unsigned char **in)
-{
-    const unsigned char *p = *in;
-    unsigned int ret;
-    ret = *p++;
-    ret |= (*p++ << 8);
-    ret |= (*p++ << 16);
-    ret |= (*p++ << 24);
-    *in = p;
-    return ret;
-}
-
-/*
- * Read a BIGNUM in little endian format. The docs say that this should take
- * up bitlen/8 bytes.
- */
-
-static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r)
-{
-    const unsigned char *p;
-    unsigned char *tmpbuf, *q;
-    unsigned int i;
-    p = *in + nbyte - 1;
-    tmpbuf = OPENSSL_malloc(nbyte);
-    if (!tmpbuf)
-        return 0;
-    q = tmpbuf;
-    for (i = 0; i < nbyte; i++)
-        *q++ = *p--;
-    *r = BN_bin2bn(tmpbuf, nbyte, NULL);
-    OPENSSL_free(tmpbuf);
-    if (*r) {
-        *in += nbyte;
-        return 1;
-    } else
-        return 0;
-}
-
-/* Convert private key blob to EVP_PKEY: RSA and DSA keys supported */
-
-# define MS_PUBLICKEYBLOB        0x6
-# define MS_PRIVATEKEYBLOB       0x7
-# define MS_RSA1MAGIC            0x31415352L
-# define MS_RSA2MAGIC            0x32415352L
-# define MS_DSS1MAGIC            0x31535344L
-# define MS_DSS2MAGIC            0x32535344L
-
-# define MS_KEYALG_RSA_KEYX      0xa400
-# define MS_KEYALG_DSS_SIGN      0x2200
-
-# define MS_KEYTYPE_KEYX         0x1
-# define MS_KEYTYPE_SIGN         0x2
-
-/* The PVK file magic number: seems to spell out "bobsfile", who is Bob? */
-# define MS_PVKMAGIC             0xb0b5f11eL
-/* Salt length for PVK files */
-# define PVK_SALTLEN             0x10
-
-static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
-                         unsigned int bitlen, int ispub);
-static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
-                         unsigned int bitlen, int ispub);
-
-static int do_blob_header(const unsigned char **in, unsigned int length,
-                          unsigned int *pmagic, unsigned int *pbitlen,
-                          int *pisdss, int *pispub)
-{
-    const unsigned char *p = *in;
-    if (length < 16)
-        return 0;
-    /* bType */
-    if (*p == MS_PUBLICKEYBLOB) {
-        if (*pispub == 0) {
-            PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
-            return 0;
-        }
-        *pispub = 1;
-    } else if (*p == MS_PRIVATEKEYBLOB) {
-        if (*pispub == 1) {
-            PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
-            return 0;
-        }
-        *pispub = 0;
-    } else
-        return 0;
-    p++;
-    /* Version */
-    if (*p++ != 0x2) {
-        PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_VERSION_NUMBER);
-        return 0;
-    }
-    /* Ignore reserved, aiKeyAlg */
-    p += 6;
-    *pmagic = read_ledword(&p);
-    *pbitlen = read_ledword(&p);
-    *pisdss = 0;
-    switch (*pmagic) {
-
-    case MS_DSS1MAGIC:
-        *pisdss = 1;
-    case MS_RSA1MAGIC:
-        if (*pispub == 0) {
-            PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
-            return 0;
-        }
-        break;
-
-    case MS_DSS2MAGIC:
-        *pisdss = 1;
-    case MS_RSA2MAGIC:
-        if (*pispub == 1) {
-            PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
-            return 0;
-        }
-        break;
-
-    default:
-        PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_MAGIC_NUMBER);
-        return -1;
-    }
-    *in = p;
-    return 1;
-}
-
-static unsigned int blob_length(unsigned bitlen, int isdss, int ispub)
-{
-    unsigned int nbyte, hnbyte;
-    nbyte = (bitlen + 7) >> 3;
-    hnbyte = (bitlen + 15) >> 4;
-    if (isdss) {
-
-        /*
-         * Expected length: 20 for q + 3 components bitlen each + 24 for seed
-         * structure.
-         */
-        if (ispub)
-            return 44 + 3 * nbyte;
-        /*
-         * Expected length: 20 for q, priv, 2 bitlen components + 24 for seed
-         * structure.
-         */
-        else
-            return 64 + 2 * nbyte;
-    } else {
-        /* Expected length: 4 for 'e' + 'n' */
-        if (ispub)
-            return 4 + nbyte;
-        else
-            /*
-             * Expected length: 4 for 'e' and 7 other components. 2
-             * components are bitlen size, 5 are bitlen/2
-             */
-            return 4 + 2 * nbyte + 5 * hnbyte;
-    }
-
-}
-
-static EVP_PKEY *do_b2i(const unsigned char **in, unsigned int length,
-                        int ispub)
-{
-    const unsigned char *p = *in;
-    unsigned int bitlen, magic;
-    int isdss;
-    if (do_blob_header(&p, length, &magic, &bitlen, &isdss, &ispub) <= 0) {
-        PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_HEADER_PARSE_ERROR);
-        return NULL;
-    }
-    length -= 16;
-    if (length < blob_length(bitlen, isdss, ispub)) {
-        PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_TOO_SHORT);
-        return NULL;
-    }
-    if (isdss)
-        return b2i_dss(&p, length, bitlen, ispub);
-    else
-        return b2i_rsa(&p, length, bitlen, ispub);
-}
-
-static EVP_PKEY *do_b2i_bio(BIO *in, int ispub)
-{
-    const unsigned char *p;
-    unsigned char hdr_buf[16], *buf = NULL;
-    unsigned int bitlen, magic, length;
-    int isdss;
-    EVP_PKEY *ret = NULL;
-    if (BIO_read(in, hdr_buf, 16) != 16) {
-        PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT);
-        return NULL;
-    }
-    p = hdr_buf;
-    if (do_blob_header(&p, 16, &magic, &bitlen, &isdss, &ispub) <= 0)
-        return NULL;
-
-    length = blob_length(bitlen, isdss, ispub);
-    buf = OPENSSL_malloc(length);
-    if (!buf) {
-        PEMerr(PEM_F_DO_B2I_BIO, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    p = buf;
-    if (BIO_read(in, buf, length) != (int)length) {
-        PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT);
-        goto err;
-    }
-
-    if (isdss)
-        ret = b2i_dss(&p, length, bitlen, ispub);
-    else
-        ret = b2i_rsa(&p, length, bitlen, ispub);
-
- err:
-    if (buf)
-        OPENSSL_free(buf);
-    return ret;
-}
-
-static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
-                         unsigned int bitlen, int ispub)
-{
-    const unsigned char *p = *in;
-    EVP_PKEY *ret = NULL;
-    DSA *dsa = NULL;
-    BN_CTX *ctx = NULL;
-    unsigned int nbyte;
-    nbyte = (bitlen + 7) >> 3;
-
-    dsa = DSA_new();
-    ret = EVP_PKEY_new();
-    if (!dsa || !ret)
-        goto memerr;
-    if (!read_lebn(&p, nbyte, &dsa->p))
-        goto memerr;
-    if (!read_lebn(&p, 20, &dsa->q))
-        goto memerr;
-    if (!read_lebn(&p, nbyte, &dsa->g))
-        goto memerr;
-    if (ispub) {
-        if (!read_lebn(&p, nbyte, &dsa->pub_key))
-            goto memerr;
-    } else {
-        if (!read_lebn(&p, 20, &dsa->priv_key))
-            goto memerr;
-        /* Calculate public key */
-        if (!(dsa->pub_key = BN_new()))
-            goto memerr;
-        if (!(ctx = BN_CTX_new()))
-            goto memerr;
-
-        if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx))
-
-            goto memerr;
-        BN_CTX_free(ctx);
-    }
-
-    EVP_PKEY_set1_DSA(ret, dsa);
-    DSA_free(dsa);
-    *in = p;
-    return ret;
-
- memerr:
-    PEMerr(PEM_F_B2I_DSS, ERR_R_MALLOC_FAILURE);
-    if (dsa)
-        DSA_free(dsa);
-    if (ret)
-        EVP_PKEY_free(ret);
-    if (ctx)
-        BN_CTX_free(ctx);
-    return NULL;
-}
-
-static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
-                         unsigned int bitlen, int ispub)
-{
-    const unsigned char *p = *in;
-    EVP_PKEY *ret = NULL;
-    RSA *rsa = NULL;
-    unsigned int nbyte, hnbyte;
-    nbyte = (bitlen + 7) >> 3;
-    hnbyte = (bitlen + 15) >> 4;
-    rsa = RSA_new();
-    ret = EVP_PKEY_new();
-    if (!rsa || !ret)
-        goto memerr;
-    rsa->e = BN_new();
-    if (!rsa->e)
-        goto memerr;
-    if (!BN_set_word(rsa->e, read_ledword(&p)))
-        goto memerr;
-    if (!read_lebn(&p, nbyte, &rsa->n))
-        goto memerr;
-    if (!ispub) {
-        if (!read_lebn(&p, hnbyte, &rsa->p))
-            goto memerr;
-        if (!read_lebn(&p, hnbyte, &rsa->q))
-            goto memerr;
-        if (!read_lebn(&p, hnbyte, &rsa->dmp1))
-            goto memerr;
-        if (!read_lebn(&p, hnbyte, &rsa->dmq1))
-            goto memerr;
-        if (!read_lebn(&p, hnbyte, &rsa->iqmp))
-            goto memerr;
-        if (!read_lebn(&p, nbyte, &rsa->d))
-            goto memerr;
-    }
-
-    EVP_PKEY_set1_RSA(ret, rsa);
-    RSA_free(rsa);
-    *in = p;
-    return ret;
- memerr:
-    PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE);
-    if (rsa)
-        RSA_free(rsa);
-    if (ret)
-        EVP_PKEY_free(ret);
-    return NULL;
-}
-
-EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length)
-{
-    return do_b2i(in, length, 0);
-}
-
-EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length)
-{
-    return do_b2i(in, length, 1);
-}
-
-EVP_PKEY *b2i_PrivateKey_bio(BIO *in)
-{
-    return do_b2i_bio(in, 0);
-}
-
-EVP_PKEY *b2i_PublicKey_bio(BIO *in)
-{
-    return do_b2i_bio(in, 1);
-}
-
-static void write_ledword(unsigned char **out, unsigned int dw)
-{
-    unsigned char *p = *out;
-    *p++ = dw & 0xff;
-    *p++ = (dw >> 8) & 0xff;
-    *p++ = (dw >> 16) & 0xff;
-    *p++ = (dw >> 24) & 0xff;
-    *out = p;
-}
-
-static void write_lebn(unsigned char **out, const BIGNUM *bn, int len)
-{
-    int nb, i;
-    unsigned char *p = *out, *q, c;
-    nb = BN_num_bytes(bn);
-    BN_bn2bin(bn, p);
-    q = p + nb - 1;
-    /* In place byte order reversal */
-    for (i = 0; i < nb / 2; i++) {
-        c = *p;
-        *p++ = *q;
-        *q-- = c;
-    }
-    *out += nb;
-    /* Pad with zeroes if we have to */
-    if (len > 0) {
-        len -= nb;
-        if (len > 0) {
-            memset(*out, 0, len);
-            *out += len;
-        }
-    }
-}
-
-static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *magic);
-static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *magic);
-
-static void write_rsa(unsigned char **out, RSA *rsa, int ispub);
-static void write_dsa(unsigned char **out, DSA *dsa, int ispub);
-
-static int do_i2b(unsigned char **out, EVP_PKEY *pk, int ispub)
-{
-    unsigned char *p;
-    unsigned int bitlen, magic = 0, keyalg;
-    int outlen, noinc = 0;
-    if (pk->type == EVP_PKEY_DSA) {
-        bitlen = check_bitlen_dsa(pk->pkey.dsa, ispub, &magic);
-        keyalg = MS_KEYALG_DSS_SIGN;
-    } else if (pk->type == EVP_PKEY_RSA) {
-        bitlen = check_bitlen_rsa(pk->pkey.rsa, ispub, &magic);
-        keyalg = MS_KEYALG_RSA_KEYX;
-    } else
-        return -1;
-    if (bitlen == 0)
-        return -1;
-    outlen = 16 + blob_length(bitlen,
-                              keyalg == MS_KEYALG_DSS_SIGN ? 1 : 0, ispub);
-    if (out == NULL)
-        return outlen;
-    if (*out)
-        p = *out;
-    else {
-        p = OPENSSL_malloc(outlen);
-        if (!p)
-            return -1;
-        *out = p;
-        noinc = 1;
-    }
-    if (ispub)
-        *p++ = MS_PUBLICKEYBLOB;
-    else
-        *p++ = MS_PRIVATEKEYBLOB;
-    *p++ = 0x2;
-    *p++ = 0;
-    *p++ = 0;
-    write_ledword(&p, keyalg);
-    write_ledword(&p, magic);
-    write_ledword(&p, bitlen);
-    if (keyalg == MS_KEYALG_DSS_SIGN)
-        write_dsa(&p, pk->pkey.dsa, ispub);
-    else
-        write_rsa(&p, pk->pkey.rsa, ispub);
-    if (!noinc)
-        *out += outlen;
-    return outlen;
-}
-
-static int do_i2b_bio(BIO *out, EVP_PKEY *pk, int ispub)
-{
-    unsigned char *tmp = NULL;
-    int outlen, wrlen;
-    outlen = do_i2b(&tmp, pk, ispub);
-    if (outlen < 0)
-        return -1;
-    wrlen = BIO_write(out, tmp, outlen);
-    OPENSSL_free(tmp);
-    if (wrlen == outlen)
-        return outlen;
-    return -1;
-}
-
-static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic)
-{
-    int bitlen;
-    bitlen = BN_num_bits(dsa->p);
-    if ((bitlen & 7) || (BN_num_bits(dsa->q) != 160)
-        || (BN_num_bits(dsa->g) > bitlen))
-        goto badkey;
-    if (ispub) {
-        if (BN_num_bits(dsa->pub_key) > bitlen)
-            goto badkey;
-        *pmagic = MS_DSS1MAGIC;
-    } else {
-        if (BN_num_bits(dsa->priv_key) > 160)
-            goto badkey;
-        *pmagic = MS_DSS2MAGIC;
-    }
-
-    return bitlen;
- badkey:
-    PEMerr(PEM_F_CHECK_BITLEN_DSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
-    return 0;
-}
-
-static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic)
-{
-    int nbyte, hnbyte, bitlen;
-    if (BN_num_bits(rsa->e) > 32)
-        goto badkey;
-    bitlen = BN_num_bits(rsa->n);
-    nbyte = BN_num_bytes(rsa->n);
-    hnbyte = (BN_num_bits(rsa->n) + 15) >> 4;
-    if (ispub) {
-        *pmagic = MS_RSA1MAGIC;
-        return bitlen;
-    } else {
-        *pmagic = MS_RSA2MAGIC;
-        /*
-         * For private key each component must fit within nbyte or hnbyte.
-         */
-        if (BN_num_bytes(rsa->d) > nbyte)
-            goto badkey;
-        if ((BN_num_bytes(rsa->iqmp) > hnbyte)
-            || (BN_num_bytes(rsa->p) > hnbyte)
-            || (BN_num_bytes(rsa->q) > hnbyte)
-            || (BN_num_bytes(rsa->dmp1) > hnbyte)
-            || (BN_num_bytes(rsa->dmq1) > hnbyte))
-            goto badkey;
-    }
-    return bitlen;
- badkey:
-    PEMerr(PEM_F_CHECK_BITLEN_RSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
-    return 0;
-}
-
-static void write_rsa(unsigned char **out, RSA *rsa, int ispub)
-{
-    int nbyte, hnbyte;
-    nbyte = BN_num_bytes(rsa->n);
-    hnbyte = (BN_num_bits(rsa->n) + 15) >> 4;
-    write_lebn(out, rsa->e, 4);
-    write_lebn(out, rsa->n, -1);
-    if (ispub)
-        return;
-    write_lebn(out, rsa->p, hnbyte);
-    write_lebn(out, rsa->q, hnbyte);
-    write_lebn(out, rsa->dmp1, hnbyte);
-    write_lebn(out, rsa->dmq1, hnbyte);
-    write_lebn(out, rsa->iqmp, hnbyte);
-    write_lebn(out, rsa->d, nbyte);
-}
-
-static void write_dsa(unsigned char **out, DSA *dsa, int ispub)
-{
-    int nbyte;
-    nbyte = BN_num_bytes(dsa->p);
-    write_lebn(out, dsa->p, nbyte);
-    write_lebn(out, dsa->q, 20);
-    write_lebn(out, dsa->g, nbyte);
-    if (ispub)
-        write_lebn(out, dsa->pub_key, nbyte);
-    else
-        write_lebn(out, dsa->priv_key, 20);
-    /* Set "invalid" for seed structure values */
-    memset(*out, 0xff, 24);
-    *out += 24;
-    return;
-}
-
-int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk)
-{
-    return do_i2b_bio(out, pk, 0);
-}
-
-int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk)
-{
-    return do_i2b_bio(out, pk, 1);
-}
-
-# ifndef OPENSSL_NO_RC4
-
-static int do_PVK_header(const unsigned char **in, unsigned int length,
-                         int skip_magic,
-                         unsigned int *psaltlen, unsigned int *pkeylen)
-{
-    const unsigned char *p = *in;
-    unsigned int pvk_magic, is_encrypted;
-    if (skip_magic) {
-        if (length < 20) {
-            PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);
-            return 0;
-        }
-    } else {
-        if (length < 24) {
-            PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);
-            return 0;
-        }
-        pvk_magic = read_ledword(&p);
-        if (pvk_magic != MS_PVKMAGIC) {
-            PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_BAD_MAGIC_NUMBER);
-            return 0;
-        }
-    }
-    /* Skip reserved */
-    p += 4;
-    /*
-     * keytype =
-     */ read_ledword(&p);
-    is_encrypted = read_ledword(&p);
-    *psaltlen = read_ledword(&p);
-    *pkeylen = read_ledword(&p);
-
-    if (is_encrypted && !*psaltlen) {
-        PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER);
-        return 0;
-    }
-
-    *in = p;
-    return 1;
-}
-
-static int derive_pvk_key(unsigned char *key,
-                          const unsigned char *salt, unsigned int saltlen,
-                          const unsigned char *pass, int passlen)
-{
-    EVP_MD_CTX mctx;
-    int rv = 1;
-    EVP_MD_CTX_init(&mctx);
-    if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL)
-        || !EVP_DigestUpdate(&mctx, salt, saltlen)
-        || !EVP_DigestUpdate(&mctx, pass, passlen)
-        || !EVP_DigestFinal_ex(&mctx, key, NULL))
-        rv = 0;
-
-    EVP_MD_CTX_cleanup(&mctx);
-    return rv;
-}
-
-static EVP_PKEY *do_PVK_body(const unsigned char **in,
-                             unsigned int saltlen, unsigned int keylen,
-                             pem_password_cb *cb, void *u)
-{
-    EVP_PKEY *ret = NULL;
-    const unsigned char *p = *in;
-    unsigned int magic;
-    unsigned char *enctmp = NULL, *q;
-    EVP_CIPHER_CTX cctx;
-    EVP_CIPHER_CTX_init(&cctx);
-    if (saltlen) {
-        char psbuf[PEM_BUFSIZE];
-        unsigned char keybuf[20];
-        int enctmplen, inlen;
-        if (cb)
-            inlen = cb(psbuf, PEM_BUFSIZE, 0, u);
-        else
-            inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
-        if (inlen <= 0) {
-            PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ);
-            goto err;
-        }
-        enctmp = OPENSSL_malloc(keylen + 8);
-        if (!enctmp) {
-            PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-        if (!derive_pvk_key(keybuf, p, saltlen,
-                            (unsigned char *)psbuf, inlen))
-            goto err;
-        p += saltlen;
-        /* Copy BLOBHEADER across, decrypt rest */
-        memcpy(enctmp, p, 8);
-        p += 8;
-        if (keylen < 8) {
-            PEMerr(PEM_F_DO_PVK_BODY, PEM_R_PVK_TOO_SHORT);
-            goto err;
-        }
-        inlen = keylen - 8;
-        q = enctmp + 8;
-        if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
-            goto err;
-        if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen))
-            goto err;
-        if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen))
-            goto err;
-        magic = read_ledword((const unsigned char **)&q);
-        if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) {
-            q = enctmp + 8;
-            memset(keybuf + 5, 0, 11);
-            if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
-                goto err;
-            OPENSSL_cleanse(keybuf, 20);
-            if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen))
-                goto err;
-            if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen))
-                goto err;
-            magic = read_ledword((const unsigned char **)&q);
-            if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) {
-                PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT);
-                goto err;
-            }
-        } else
-            OPENSSL_cleanse(keybuf, 20);
-        p = enctmp;
-    }
-
-    ret = b2i_PrivateKey(&p, keylen);
- err:
-    EVP_CIPHER_CTX_cleanup(&cctx);
-    if (enctmp && saltlen)
-        OPENSSL_free(enctmp);
-    return ret;
-}
-
-EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u)
-{
-    unsigned char pvk_hdr[24], *buf = NULL;
-    const unsigned char *p;
-    int buflen;
-    EVP_PKEY *ret = NULL;
-    unsigned int saltlen, keylen;
-    if (BIO_read(in, pvk_hdr, 24) != 24) {
-        PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT);
-        return NULL;
-    }
-    p = pvk_hdr;
-
-    if (!do_PVK_header(&p, 24, 0, &saltlen, &keylen))
-        return 0;
-    buflen = (int)keylen + saltlen;
-    buf = OPENSSL_malloc(buflen);
-    if (!buf) {
-        PEMerr(PEM_F_B2I_PVK_BIO, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-    p = buf;
-    if (BIO_read(in, buf, buflen) != buflen) {
-        PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT);
-        goto err;
-    }
-    ret = do_PVK_body(&p, saltlen, keylen, cb, u);
-
- err:
-    if (buf) {
-        OPENSSL_cleanse(buf, buflen);
-        OPENSSL_free(buf);
-    }
-    return ret;
-}
-
-static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel,
-                   pem_password_cb *cb, void *u)
-{
-    int outlen = 24, pklen;
-    unsigned char *p, *salt = NULL;
-    EVP_CIPHER_CTX cctx;
-    EVP_CIPHER_CTX_init(&cctx);
-    if (enclevel)
-        outlen += PVK_SALTLEN;
-    pklen = do_i2b(NULL, pk, 0);
-    if (pklen < 0)
-        return -1;
-    outlen += pklen;
-    if (!out)
-        return outlen;
-    if (*out)
-        p = *out;
-    else {
-        p = OPENSSL_malloc(outlen);
-        if (!p) {
-            PEMerr(PEM_F_I2B_PVK, ERR_R_MALLOC_FAILURE);
-            return -1;
-        }
-        *out = p;
-    }
-
-    write_ledword(&p, MS_PVKMAGIC);
-    write_ledword(&p, 0);
-    if (pk->type == EVP_PKEY_DSA)
-        write_ledword(&p, MS_KEYTYPE_SIGN);
-    else
-        write_ledword(&p, MS_KEYTYPE_KEYX);
-    write_ledword(&p, enclevel ? 1 : 0);
-    write_ledword(&p, enclevel ? PVK_SALTLEN : 0);
-    write_ledword(&p, pklen);
-    if (enclevel) {
-        if (RAND_bytes(p, PVK_SALTLEN) <= 0)
-            goto error;
-        salt = p;
-        p += PVK_SALTLEN;
-    }
-    do_i2b(&p, pk, 0);
-    if (enclevel == 0)
-        return outlen;
-    else {
-        char psbuf[PEM_BUFSIZE];
-        unsigned char keybuf[20];
-        int enctmplen, inlen;
-        if (cb)
-            inlen = cb(psbuf, PEM_BUFSIZE, 1, u);
-        else
-            inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 1, u);
-        if (inlen <= 0) {
-            PEMerr(PEM_F_I2B_PVK, PEM_R_BAD_PASSWORD_READ);
-            goto error;
-        }
-        if (!derive_pvk_key(keybuf, salt, PVK_SALTLEN,
-                            (unsigned char *)psbuf, inlen))
-            goto error;
-        if (enclevel == 1)
-            memset(keybuf + 5, 0, 11);
-        p = salt + PVK_SALTLEN + 8;
-        if (!EVP_EncryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
-            goto error;
-        OPENSSL_cleanse(keybuf, 20);
-        if (!EVP_DecryptUpdate(&cctx, p, &enctmplen, p, pklen - 8))
-            goto error;
-        if (!EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen))
-            goto error;
-    }
-    EVP_CIPHER_CTX_cleanup(&cctx);
-    return outlen;
-
- error:
-    EVP_CIPHER_CTX_cleanup(&cctx);
-    return -1;
-}
-
-int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
-                pem_password_cb *cb, void *u)
-{
-    unsigned char *tmp = NULL;
-    int outlen, wrlen;
-    outlen = i2b_PVK(&tmp, pk, enclevel, cb, u);
-    if (outlen < 0)
-        return -1;
-    wrlen = BIO_write(out, tmp, outlen);
-    OPENSSL_free(tmp);
-    if (wrlen == outlen) {
-        PEMerr(PEM_F_I2B_PVK_BIO, PEM_R_BIO_WRITE_FAILURE);
-        return outlen;
-    }
-    return -1;
-}
-
-# endif
-
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/pem/pvkfmt.c (from rev 11605, vendor-crypto/openssl/dist/crypto/pem/pvkfmt.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/pem/pvkfmt.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/pem/pvkfmt.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,895 @@
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * Support for PVK format keys and related structures (such a PUBLICKEYBLOB
+ * and PRIVATEKEYBLOB).
+ */
+
+#include "cryptlib.h"
+#include <openssl/pem.h>
+#include <openssl/rand.h>
+#include <openssl/bn.h>
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
+# include <openssl/dsa.h>
+# include <openssl/rsa.h>
+
+/*
+ * Utility function: read a DWORD (4 byte unsigned integer) in little endian
+ * format
+ */
+
+static unsigned int read_ledword(const unsigned char **in)
+{
+    const unsigned char *p = *in;
+    unsigned int ret;
+    ret = *p++;
+    ret |= (*p++ << 8);
+    ret |= (*p++ << 16);
+    ret |= (*p++ << 24);
+    *in = p;
+    return ret;
+}
+
+/*
+ * Read a BIGNUM in little endian format. The docs say that this should take
+ * up bitlen/8 bytes.
+ */
+
+static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r)
+{
+    const unsigned char *p;
+    unsigned char *tmpbuf, *q;
+    unsigned int i;
+    p = *in + nbyte - 1;
+    tmpbuf = OPENSSL_malloc(nbyte);
+    if (!tmpbuf)
+        return 0;
+    q = tmpbuf;
+    for (i = 0; i < nbyte; i++)
+        *q++ = *p--;
+    *r = BN_bin2bn(tmpbuf, nbyte, NULL);
+    OPENSSL_free(tmpbuf);
+    if (*r) {
+        *in += nbyte;
+        return 1;
+    } else
+        return 0;
+}
+
+/* Convert private key blob to EVP_PKEY: RSA and DSA keys supported */
+
+# define MS_PUBLICKEYBLOB        0x6
+# define MS_PRIVATEKEYBLOB       0x7
+# define MS_RSA1MAGIC            0x31415352L
+# define MS_RSA2MAGIC            0x32415352L
+# define MS_DSS1MAGIC            0x31535344L
+# define MS_DSS2MAGIC            0x32535344L
+
+# define MS_KEYALG_RSA_KEYX      0xa400
+# define MS_KEYALG_DSS_SIGN      0x2200
+
+# define MS_KEYTYPE_KEYX         0x1
+# define MS_KEYTYPE_SIGN         0x2
+
+/* Maximum length of a blob after header */
+# define BLOB_MAX_LENGTH          102400
+
+/* The PVK file magic number: seems to spell out "bobsfile", who is Bob? */
+# define MS_PVKMAGIC             0xb0b5f11eL
+/* Salt length for PVK files */
+# define PVK_SALTLEN             0x10
+/* Maximum length in PVK header */
+# define PVK_MAX_KEYLEN          102400
+/* Maximum salt length */
+# define PVK_MAX_SALTLEN         10240
+
+static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
+                         unsigned int bitlen, int ispub);
+static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
+                         unsigned int bitlen, int ispub);
+
+static int do_blob_header(const unsigned char **in, unsigned int length,
+                          unsigned int *pmagic, unsigned int *pbitlen,
+                          int *pisdss, int *pispub)
+{
+    const unsigned char *p = *in;
+    if (length < 16)
+        return 0;
+    /* bType */
+    if (*p == MS_PUBLICKEYBLOB) {
+        if (*pispub == 0) {
+            PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
+            return 0;
+        }
+        *pispub = 1;
+    } else if (*p == MS_PRIVATEKEYBLOB) {
+        if (*pispub == 1) {
+            PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
+            return 0;
+        }
+        *pispub = 0;
+    } else
+        return 0;
+    p++;
+    /* Version */
+    if (*p++ != 0x2) {
+        PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_VERSION_NUMBER);
+        return 0;
+    }
+    /* Ignore reserved, aiKeyAlg */
+    p += 6;
+    *pmagic = read_ledword(&p);
+    *pbitlen = read_ledword(&p);
+    *pisdss = 0;
+    switch (*pmagic) {
+
+    case MS_DSS1MAGIC:
+        *pisdss = 1;
+    case MS_RSA1MAGIC:
+        if (*pispub == 0) {
+            PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
+            return 0;
+        }
+        break;
+
+    case MS_DSS2MAGIC:
+        *pisdss = 1;
+    case MS_RSA2MAGIC:
+        if (*pispub == 1) {
+            PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
+            return 0;
+        }
+        break;
+
+    default:
+        PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_MAGIC_NUMBER);
+        return -1;
+    }
+    *in = p;
+    return 1;
+}
+
+static unsigned int blob_length(unsigned bitlen, int isdss, int ispub)
+{
+    unsigned int nbyte, hnbyte;
+    nbyte = (bitlen + 7) >> 3;
+    hnbyte = (bitlen + 15) >> 4;
+    if (isdss) {
+
+        /*
+         * Expected length: 20 for q + 3 components bitlen each + 24 for seed
+         * structure.
+         */
+        if (ispub)
+            return 44 + 3 * nbyte;
+        /*
+         * Expected length: 20 for q, priv, 2 bitlen components + 24 for seed
+         * structure.
+         */
+        else
+            return 64 + 2 * nbyte;
+    } else {
+        /* Expected length: 4 for 'e' + 'n' */
+        if (ispub)
+            return 4 + nbyte;
+        else
+            /*
+             * Expected length: 4 for 'e' and 7 other components. 2
+             * components are bitlen size, 5 are bitlen/2
+             */
+            return 4 + 2 * nbyte + 5 * hnbyte;
+    }
+
+}
+
+static EVP_PKEY *do_b2i(const unsigned char **in, unsigned int length,
+                        int ispub)
+{
+    const unsigned char *p = *in;
+    unsigned int bitlen, magic;
+    int isdss;
+    if (do_blob_header(&p, length, &magic, &bitlen, &isdss, &ispub) <= 0) {
+        PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_HEADER_PARSE_ERROR);
+        return NULL;
+    }
+    length -= 16;
+    if (length < blob_length(bitlen, isdss, ispub)) {
+        PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_TOO_SHORT);
+        return NULL;
+    }
+    if (isdss)
+        return b2i_dss(&p, length, bitlen, ispub);
+    else
+        return b2i_rsa(&p, length, bitlen, ispub);
+}
+
+static EVP_PKEY *do_b2i_bio(BIO *in, int ispub)
+{
+    const unsigned char *p;
+    unsigned char hdr_buf[16], *buf = NULL;
+    unsigned int bitlen, magic, length;
+    int isdss;
+    EVP_PKEY *ret = NULL;
+    if (BIO_read(in, hdr_buf, 16) != 16) {
+        PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT);
+        return NULL;
+    }
+    p = hdr_buf;
+    if (do_blob_header(&p, 16, &magic, &bitlen, &isdss, &ispub) <= 0)
+        return NULL;
+
+    length = blob_length(bitlen, isdss, ispub);
+    if (length > BLOB_MAX_LENGTH) {
+        PEMerr(PEM_F_DO_B2I_BIO, PEM_R_HEADER_TOO_LONG);
+        return NULL;
+    }
+    buf = OPENSSL_malloc(length);
+    if (!buf) {
+        PEMerr(PEM_F_DO_B2I_BIO, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    p = buf;
+    if (BIO_read(in, buf, length) != (int)length) {
+        PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT);
+        goto err;
+    }
+
+    if (isdss)
+        ret = b2i_dss(&p, length, bitlen, ispub);
+    else
+        ret = b2i_rsa(&p, length, bitlen, ispub);
+
+ err:
+    if (buf)
+        OPENSSL_free(buf);
+    return ret;
+}
+
+static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
+                         unsigned int bitlen, int ispub)
+{
+    const unsigned char *p = *in;
+    EVP_PKEY *ret = NULL;
+    DSA *dsa = NULL;
+    BN_CTX *ctx = NULL;
+    unsigned int nbyte;
+    nbyte = (bitlen + 7) >> 3;
+
+    dsa = DSA_new();
+    ret = EVP_PKEY_new();
+    if (!dsa || !ret)
+        goto memerr;
+    if (!read_lebn(&p, nbyte, &dsa->p))
+        goto memerr;
+    if (!read_lebn(&p, 20, &dsa->q))
+        goto memerr;
+    if (!read_lebn(&p, nbyte, &dsa->g))
+        goto memerr;
+    if (ispub) {
+        if (!read_lebn(&p, nbyte, &dsa->pub_key))
+            goto memerr;
+    } else {
+        if (!read_lebn(&p, 20, &dsa->priv_key))
+            goto memerr;
+        /* Calculate public key */
+        if (!(dsa->pub_key = BN_new()))
+            goto memerr;
+        if (!(ctx = BN_CTX_new()))
+            goto memerr;
+
+        if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx))
+
+            goto memerr;
+        BN_CTX_free(ctx);
+    }
+
+    EVP_PKEY_set1_DSA(ret, dsa);
+    DSA_free(dsa);
+    *in = p;
+    return ret;
+
+ memerr:
+    PEMerr(PEM_F_B2I_DSS, ERR_R_MALLOC_FAILURE);
+    if (dsa)
+        DSA_free(dsa);
+    if (ret)
+        EVP_PKEY_free(ret);
+    if (ctx)
+        BN_CTX_free(ctx);
+    return NULL;
+}
+
+static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
+                         unsigned int bitlen, int ispub)
+{
+    const unsigned char *p = *in;
+    EVP_PKEY *ret = NULL;
+    RSA *rsa = NULL;
+    unsigned int nbyte, hnbyte;
+    nbyte = (bitlen + 7) >> 3;
+    hnbyte = (bitlen + 15) >> 4;
+    rsa = RSA_new();
+    ret = EVP_PKEY_new();
+    if (!rsa || !ret)
+        goto memerr;
+    rsa->e = BN_new();
+    if (!rsa->e)
+        goto memerr;
+    if (!BN_set_word(rsa->e, read_ledword(&p)))
+        goto memerr;
+    if (!read_lebn(&p, nbyte, &rsa->n))
+        goto memerr;
+    if (!ispub) {
+        if (!read_lebn(&p, hnbyte, &rsa->p))
+            goto memerr;
+        if (!read_lebn(&p, hnbyte, &rsa->q))
+            goto memerr;
+        if (!read_lebn(&p, hnbyte, &rsa->dmp1))
+            goto memerr;
+        if (!read_lebn(&p, hnbyte, &rsa->dmq1))
+            goto memerr;
+        if (!read_lebn(&p, hnbyte, &rsa->iqmp))
+            goto memerr;
+        if (!read_lebn(&p, nbyte, &rsa->d))
+            goto memerr;
+    }
+
+    EVP_PKEY_set1_RSA(ret, rsa);
+    RSA_free(rsa);
+    *in = p;
+    return ret;
+ memerr:
+    PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE);
+    if (rsa)
+        RSA_free(rsa);
+    if (ret)
+        EVP_PKEY_free(ret);
+    return NULL;
+}
+
+EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length)
+{
+    return do_b2i(in, length, 0);
+}
+
+EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length)
+{
+    return do_b2i(in, length, 1);
+}
+
+EVP_PKEY *b2i_PrivateKey_bio(BIO *in)
+{
+    return do_b2i_bio(in, 0);
+}
+
+EVP_PKEY *b2i_PublicKey_bio(BIO *in)
+{
+    return do_b2i_bio(in, 1);
+}
+
+static void write_ledword(unsigned char **out, unsigned int dw)
+{
+    unsigned char *p = *out;
+    *p++ = dw & 0xff;
+    *p++ = (dw >> 8) & 0xff;
+    *p++ = (dw >> 16) & 0xff;
+    *p++ = (dw >> 24) & 0xff;
+    *out = p;
+}
+
+static void write_lebn(unsigned char **out, const BIGNUM *bn, int len)
+{
+    int nb, i;
+    unsigned char *p = *out, *q, c;
+    nb = BN_num_bytes(bn);
+    BN_bn2bin(bn, p);
+    q = p + nb - 1;
+    /* In place byte order reversal */
+    for (i = 0; i < nb / 2; i++) {
+        c = *p;
+        *p++ = *q;
+        *q-- = c;
+    }
+    *out += nb;
+    /* Pad with zeroes if we have to */
+    if (len > 0) {
+        len -= nb;
+        if (len > 0) {
+            memset(*out, 0, len);
+            *out += len;
+        }
+    }
+}
+
+static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *magic);
+static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *magic);
+
+static void write_rsa(unsigned char **out, RSA *rsa, int ispub);
+static void write_dsa(unsigned char **out, DSA *dsa, int ispub);
+
+static int do_i2b(unsigned char **out, EVP_PKEY *pk, int ispub)
+{
+    unsigned char *p;
+    unsigned int bitlen, magic = 0, keyalg;
+    int outlen, noinc = 0;
+    if (pk->type == EVP_PKEY_DSA) {
+        bitlen = check_bitlen_dsa(pk->pkey.dsa, ispub, &magic);
+        keyalg = MS_KEYALG_DSS_SIGN;
+    } else if (pk->type == EVP_PKEY_RSA) {
+        bitlen = check_bitlen_rsa(pk->pkey.rsa, ispub, &magic);
+        keyalg = MS_KEYALG_RSA_KEYX;
+    } else
+        return -1;
+    if (bitlen == 0)
+        return -1;
+    outlen = 16 + blob_length(bitlen,
+                              keyalg == MS_KEYALG_DSS_SIGN ? 1 : 0, ispub);
+    if (out == NULL)
+        return outlen;
+    if (*out)
+        p = *out;
+    else {
+        p = OPENSSL_malloc(outlen);
+        if (!p)
+            return -1;
+        *out = p;
+        noinc = 1;
+    }
+    if (ispub)
+        *p++ = MS_PUBLICKEYBLOB;
+    else
+        *p++ = MS_PRIVATEKEYBLOB;
+    *p++ = 0x2;
+    *p++ = 0;
+    *p++ = 0;
+    write_ledword(&p, keyalg);
+    write_ledword(&p, magic);
+    write_ledword(&p, bitlen);
+    if (keyalg == MS_KEYALG_DSS_SIGN)
+        write_dsa(&p, pk->pkey.dsa, ispub);
+    else
+        write_rsa(&p, pk->pkey.rsa, ispub);
+    if (!noinc)
+        *out += outlen;
+    return outlen;
+}
+
+static int do_i2b_bio(BIO *out, EVP_PKEY *pk, int ispub)
+{
+    unsigned char *tmp = NULL;
+    int outlen, wrlen;
+    outlen = do_i2b(&tmp, pk, ispub);
+    if (outlen < 0)
+        return -1;
+    wrlen = BIO_write(out, tmp, outlen);
+    OPENSSL_free(tmp);
+    if (wrlen == outlen)
+        return outlen;
+    return -1;
+}
+
+static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic)
+{
+    int bitlen;
+    bitlen = BN_num_bits(dsa->p);
+    if ((bitlen & 7) || (BN_num_bits(dsa->q) != 160)
+        || (BN_num_bits(dsa->g) > bitlen))
+        goto badkey;
+    if (ispub) {
+        if (BN_num_bits(dsa->pub_key) > bitlen)
+            goto badkey;
+        *pmagic = MS_DSS1MAGIC;
+    } else {
+        if (BN_num_bits(dsa->priv_key) > 160)
+            goto badkey;
+        *pmagic = MS_DSS2MAGIC;
+    }
+
+    return bitlen;
+ badkey:
+    PEMerr(PEM_F_CHECK_BITLEN_DSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
+    return 0;
+}
+
+static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic)
+{
+    int nbyte, hnbyte, bitlen;
+    if (BN_num_bits(rsa->e) > 32)
+        goto badkey;
+    bitlen = BN_num_bits(rsa->n);
+    nbyte = BN_num_bytes(rsa->n);
+    hnbyte = (BN_num_bits(rsa->n) + 15) >> 4;
+    if (ispub) {
+        *pmagic = MS_RSA1MAGIC;
+        return bitlen;
+    } else {
+        *pmagic = MS_RSA2MAGIC;
+        /*
+         * For private key each component must fit within nbyte or hnbyte.
+         */
+        if (BN_num_bytes(rsa->d) > nbyte)
+            goto badkey;
+        if ((BN_num_bytes(rsa->iqmp) > hnbyte)
+            || (BN_num_bytes(rsa->p) > hnbyte)
+            || (BN_num_bytes(rsa->q) > hnbyte)
+            || (BN_num_bytes(rsa->dmp1) > hnbyte)
+            || (BN_num_bytes(rsa->dmq1) > hnbyte))
+            goto badkey;
+    }
+    return bitlen;
+ badkey:
+    PEMerr(PEM_F_CHECK_BITLEN_RSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
+    return 0;
+}
+
+static void write_rsa(unsigned char **out, RSA *rsa, int ispub)
+{
+    int nbyte, hnbyte;
+    nbyte = BN_num_bytes(rsa->n);
+    hnbyte = (BN_num_bits(rsa->n) + 15) >> 4;
+    write_lebn(out, rsa->e, 4);
+    write_lebn(out, rsa->n, -1);
+    if (ispub)
+        return;
+    write_lebn(out, rsa->p, hnbyte);
+    write_lebn(out, rsa->q, hnbyte);
+    write_lebn(out, rsa->dmp1, hnbyte);
+    write_lebn(out, rsa->dmq1, hnbyte);
+    write_lebn(out, rsa->iqmp, hnbyte);
+    write_lebn(out, rsa->d, nbyte);
+}
+
+static void write_dsa(unsigned char **out, DSA *dsa, int ispub)
+{
+    int nbyte;
+    nbyte = BN_num_bytes(dsa->p);
+    write_lebn(out, dsa->p, nbyte);
+    write_lebn(out, dsa->q, 20);
+    write_lebn(out, dsa->g, nbyte);
+    if (ispub)
+        write_lebn(out, dsa->pub_key, nbyte);
+    else
+        write_lebn(out, dsa->priv_key, 20);
+    /* Set "invalid" for seed structure values */
+    memset(*out, 0xff, 24);
+    *out += 24;
+    return;
+}
+
+int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk)
+{
+    return do_i2b_bio(out, pk, 0);
+}
+
+int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk)
+{
+    return do_i2b_bio(out, pk, 1);
+}
+
+# ifndef OPENSSL_NO_RC4
+
+static int do_PVK_header(const unsigned char **in, unsigned int length,
+                         int skip_magic,
+                         unsigned int *psaltlen, unsigned int *pkeylen)
+{
+    const unsigned char *p = *in;
+    unsigned int pvk_magic, is_encrypted;
+    if (skip_magic) {
+        if (length < 20) {
+            PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);
+            return 0;
+        }
+    } else {
+        if (length < 24) {
+            PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);
+            return 0;
+        }
+        pvk_magic = read_ledword(&p);
+        if (pvk_magic != MS_PVKMAGIC) {
+            PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_BAD_MAGIC_NUMBER);
+            return 0;
+        }
+    }
+    /* Skip reserved */
+    p += 4;
+    /*
+     * keytype =
+     */ read_ledword(&p);
+    is_encrypted = read_ledword(&p);
+    *psaltlen = read_ledword(&p);
+    *pkeylen = read_ledword(&p);
+
+    if (*pkeylen > PVK_MAX_KEYLEN || *psaltlen > PVK_MAX_SALTLEN)
+        return 0;
+
+    if (is_encrypted && !*psaltlen) {
+        PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER);
+        return 0;
+    }
+
+    *in = p;
+    return 1;
+}
+
+static int derive_pvk_key(unsigned char *key,
+                          const unsigned char *salt, unsigned int saltlen,
+                          const unsigned char *pass, int passlen)
+{
+    EVP_MD_CTX mctx;
+    int rv = 1;
+    EVP_MD_CTX_init(&mctx);
+    if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL)
+        || !EVP_DigestUpdate(&mctx, salt, saltlen)
+        || !EVP_DigestUpdate(&mctx, pass, passlen)
+        || !EVP_DigestFinal_ex(&mctx, key, NULL))
+        rv = 0;
+
+    EVP_MD_CTX_cleanup(&mctx);
+    return rv;
+}
+
+static EVP_PKEY *do_PVK_body(const unsigned char **in,
+                             unsigned int saltlen, unsigned int keylen,
+                             pem_password_cb *cb, void *u)
+{
+    EVP_PKEY *ret = NULL;
+    const unsigned char *p = *in;
+    unsigned int magic;
+    unsigned char *enctmp = NULL, *q;
+    EVP_CIPHER_CTX cctx;
+    EVP_CIPHER_CTX_init(&cctx);
+    if (saltlen) {
+        char psbuf[PEM_BUFSIZE];
+        unsigned char keybuf[20];
+        int enctmplen, inlen;
+        if (cb)
+            inlen = cb(psbuf, PEM_BUFSIZE, 0, u);
+        else
+            inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
+        if (inlen <= 0) {
+            PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ);
+            goto err;
+        }
+        enctmp = OPENSSL_malloc(keylen + 8);
+        if (!enctmp) {
+            PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (!derive_pvk_key(keybuf, p, saltlen,
+                            (unsigned char *)psbuf, inlen))
+            goto err;
+        p += saltlen;
+        /* Copy BLOBHEADER across, decrypt rest */
+        memcpy(enctmp, p, 8);
+        p += 8;
+        if (keylen < 8) {
+            PEMerr(PEM_F_DO_PVK_BODY, PEM_R_PVK_TOO_SHORT);
+            goto err;
+        }
+        inlen = keylen - 8;
+        q = enctmp + 8;
+        if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
+            goto err;
+        if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen))
+            goto err;
+        if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen))
+            goto err;
+        magic = read_ledword((const unsigned char **)&q);
+        if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) {
+            q = enctmp + 8;
+            memset(keybuf + 5, 0, 11);
+            if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
+                goto err;
+            OPENSSL_cleanse(keybuf, 20);
+            if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen))
+                goto err;
+            if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen))
+                goto err;
+            magic = read_ledword((const unsigned char **)&q);
+            if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) {
+                PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT);
+                goto err;
+            }
+        } else
+            OPENSSL_cleanse(keybuf, 20);
+        p = enctmp;
+    }
+
+    ret = b2i_PrivateKey(&p, keylen);
+ err:
+    EVP_CIPHER_CTX_cleanup(&cctx);
+    if (enctmp && saltlen)
+        OPENSSL_free(enctmp);
+    return ret;
+}
+
+EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u)
+{
+    unsigned char pvk_hdr[24], *buf = NULL;
+    const unsigned char *p;
+    int buflen;
+    EVP_PKEY *ret = NULL;
+    unsigned int saltlen, keylen;
+    if (BIO_read(in, pvk_hdr, 24) != 24) {
+        PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT);
+        return NULL;
+    }
+    p = pvk_hdr;
+
+    if (!do_PVK_header(&p, 24, 0, &saltlen, &keylen))
+        return 0;
+    buflen = (int)keylen + saltlen;
+    buf = OPENSSL_malloc(buflen);
+    if (!buf) {
+        PEMerr(PEM_F_B2I_PVK_BIO, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    p = buf;
+    if (BIO_read(in, buf, buflen) != buflen) {
+        PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT);
+        goto err;
+    }
+    ret = do_PVK_body(&p, saltlen, keylen, cb, u);
+
+ err:
+    if (buf) {
+        OPENSSL_cleanse(buf, buflen);
+        OPENSSL_free(buf);
+    }
+    return ret;
+}
+
+static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel,
+                   pem_password_cb *cb, void *u)
+{
+    int outlen = 24, pklen;
+    unsigned char *p, *salt = NULL;
+    EVP_CIPHER_CTX cctx;
+    EVP_CIPHER_CTX_init(&cctx);
+    if (enclevel)
+        outlen += PVK_SALTLEN;
+    pklen = do_i2b(NULL, pk, 0);
+    if (pklen < 0)
+        return -1;
+    outlen += pklen;
+    if (!out)
+        return outlen;
+    if (*out)
+        p = *out;
+    else {
+        p = OPENSSL_malloc(outlen);
+        if (!p) {
+            PEMerr(PEM_F_I2B_PVK, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+        *out = p;
+    }
+
+    write_ledword(&p, MS_PVKMAGIC);
+    write_ledword(&p, 0);
+    if (pk->type == EVP_PKEY_DSA)
+        write_ledword(&p, MS_KEYTYPE_SIGN);
+    else
+        write_ledword(&p, MS_KEYTYPE_KEYX);
+    write_ledword(&p, enclevel ? 1 : 0);
+    write_ledword(&p, enclevel ? PVK_SALTLEN : 0);
+    write_ledword(&p, pklen);
+    if (enclevel) {
+        if (RAND_bytes(p, PVK_SALTLEN) <= 0)
+            goto error;
+        salt = p;
+        p += PVK_SALTLEN;
+    }
+    do_i2b(&p, pk, 0);
+    if (enclevel == 0)
+        return outlen;
+    else {
+        char psbuf[PEM_BUFSIZE];
+        unsigned char keybuf[20];
+        int enctmplen, inlen;
+        if (cb)
+            inlen = cb(psbuf, PEM_BUFSIZE, 1, u);
+        else
+            inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 1, u);
+        if (inlen <= 0) {
+            PEMerr(PEM_F_I2B_PVK, PEM_R_BAD_PASSWORD_READ);
+            goto error;
+        }
+        if (!derive_pvk_key(keybuf, salt, PVK_SALTLEN,
+                            (unsigned char *)psbuf, inlen))
+            goto error;
+        if (enclevel == 1)
+            memset(keybuf + 5, 0, 11);
+        p = salt + PVK_SALTLEN + 8;
+        if (!EVP_EncryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
+            goto error;
+        OPENSSL_cleanse(keybuf, 20);
+        if (!EVP_DecryptUpdate(&cctx, p, &enctmplen, p, pklen - 8))
+            goto error;
+        if (!EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen))
+            goto error;
+    }
+    EVP_CIPHER_CTX_cleanup(&cctx);
+    return outlen;
+
+ error:
+    EVP_CIPHER_CTX_cleanup(&cctx);
+    return -1;
+}
+
+int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
+                pem_password_cb *cb, void *u)
+{
+    unsigned char *tmp = NULL;
+    int outlen, wrlen;
+    outlen = i2b_PVK(&tmp, pk, enclevel, cb, u);
+    if (outlen < 0)
+        return -1;
+    wrlen = BIO_write(out, tmp, outlen);
+    OPENSSL_free(tmp);
+    if (wrlen == outlen) {
+        PEMerr(PEM_F_I2B_PVK_BIO, PEM_R_BIO_WRITE_FAILURE);
+        return outlen;
+    }
+    return -1;
+}
+
+# endif
+
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/perlasm/x86_64-xlate.pl
===================================================================
--- vendor-crypto/openssl/dist/crypto/perlasm/x86_64-xlate.pl	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/perlasm/x86_64-xlate.pl	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,1080 +0,0 @@
-#!/usr/bin/env perl
-
-# Ascetic x86_64 AT&T to MASM/NASM assembler translator by <appro>.
-#
-# Why AT&T to MASM and not vice versa? Several reasons. Because AT&T
-# format is way easier to parse. Because it's simpler to "gear" from
-# Unix ABI to Windows one [see cross-reference "card" at the end of
-# file]. Because Linux targets were available first...
-#
-# In addition the script also "distills" code suitable for GNU
-# assembler, so that it can be compiled with more rigid assemblers,
-# such as Solaris /usr/ccs/bin/as.
-#
-# This translator is not designed to convert *arbitrary* assembler
-# code from AT&T format to MASM one. It's designed to convert just
-# enough to provide for dual-ABI OpenSSL modules development...
-# There *are* limitations and you might have to modify your assembler
-# code or this script to achieve the desired result...
-#
-# Currently recognized limitations:
-#
-# - can't use multiple ops per line;
-#
-# Dual-ABI styling rules.
-#
-# 1. Adhere to Unix register and stack layout [see cross-reference
-#    ABI "card" at the end for explanation].
-# 2. Forget about "red zone," stick to more traditional blended
-#    stack frame allocation. If volatile storage is actually required
-#    that is. If not, just leave the stack as is.
-# 3. Functions tagged with ".type name, at function" get crafted with
-#    unified Win64 prologue and epilogue automatically. If you want
-#    to take care of ABI differences yourself, tag functions as
-#    ".type name, at abi-omnipotent" instead.
-# 4. To optimize the Win64 prologue you can specify number of input
-#    arguments as ".type name, at function,N." Keep in mind that if N is
-#    larger than 6, then you *have to* write "abi-omnipotent" code,
-#    because >6 cases can't be addressed with unified prologue.
-# 5. Name local labels as .L*, do *not* use dynamic labels such as 1:
-#    (sorry about latter).
-# 6. Don't use [or hand-code with .byte] "rep ret." "ret" mnemonic is
-#    required to identify the spots, where to inject Win64 epilogue!
-#    But on the pros, it's then prefixed with rep automatically:-)
-# 7. Stick to explicit ip-relative addressing. If you have to use
-#    GOTPCREL addressing, stick to mov symbol at GOTPCREL(%rip),%r??.
-#    Both are recognized and translated to proper Win64 addressing
-#    modes. To support legacy code a synthetic directive, .picmeup,
-#    is implemented. It puts address of the *next* instruction into
-#    target register, e.g.:
-#
-#		.picmeup	%rax
-#		lea		.Label-.(%rax),%rax
-#
-# 8. In order to provide for structured exception handling unified
-#    Win64 prologue copies %rsp value to %rax. For further details
-#    see SEH paragraph at the end.
-# 9. .init segment is allowed to contain calls to functions only.
-# a. If function accepts more than 4 arguments *and* >4th argument
-#    is declared as non 64-bit value, do clear its upper part.
-

-my $flavour = shift;
-my $output  = shift;
-if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
-
-open STDOUT,">$output" || die "can't open $output: $!"
-	if (defined($output));
-
-my $gas=1;	$gas=0 if ($output =~ /\.asm$/);
-my $elf=1;	$elf=0 if (!$gas);
-my $win64=0;
-my $prefix="";
-my $decor=".L";
-
-my $masmref=8 + 50727*2**-32;	# 8.00.50727 shipped with VS2005
-my $masm=0;
-my $PTR=" PTR";
-
-my $nasmref=2.03;
-my $nasm=0;
-
-if    ($flavour eq "mingw64")	{ $gas=1; $elf=0; $win64=1;
-				  $prefix=`echo __USER_LABEL_PREFIX__ | $ENV{CC} -E -P -`;
-				  chomp($prefix);
-				}
-elsif ($flavour eq "macosx")	{ $gas=1; $elf=0; $prefix="_"; $decor="L\$"; }
-elsif ($flavour eq "masm")	{ $gas=0; $elf=0; $masm=$masmref; $win64=1; $decor="\$L\$"; }
-elsif ($flavour eq "nasm")	{ $gas=0; $elf=0; $nasm=$nasmref; $win64=1; $decor="\$L\$"; $PTR=""; }
-elsif (!$gas)
-{   if ($ENV{ASM} =~ m/nasm/ && `nasm -v` =~ m/version ([0-9]+)\.([0-9]+)/i)
-    {	$nasm = $1 + $2*0.01; $PTR="";  }
-    elsif (`ml64 2>&1` =~ m/Version ([0-9]+)\.([0-9]+)(\.([0-9]+))?/)
-    {	$masm = $1 + $2*2**-16 + $4*2**-32;   }
-    die "no assembler found on %PATH" if (!($nasm || $masm));
-    $win64=1;
-    $elf=0;
-    $decor="\$L\$";
-}
-
-my $current_segment;
-my $current_function;
-my %globals;
-
-{ package opcode;	# pick up opcodes
-    sub re {
-	my	$self = shift;	# single instance in enough...
-	local	*line = shift;
-	undef	$ret;
-
-	if ($line =~ /^([a-z][a-z0-9]*)/i) {
-	    $self->{op} = $1;
-	    $ret = $self;
-	    $line = substr($line, at +[0]); $line =~ s/^\s+//;
-
-	    undef $self->{sz};
-	    if ($self->{op} =~ /^(movz)x?([bw]).*/) {	# movz is pain...
-		$self->{op} = $1;
-		$self->{sz} = $2;
-	    } elsif ($self->{op} =~ /call|jmp/) {
-		$self->{sz} = "";
-	    } elsif ($self->{op} =~ /^p/ && $' !~ /^(ush|op|insrw)/) { # SSEn
-		$self->{sz} = "";
-	    } elsif ($self->{op} =~ /^v/) { # VEX
-		$self->{sz} = "";
-	    } elsif ($self->{op} =~ /movq/ && $line =~ /%xmm/) {
-		$self->{sz} = "";
-	    } elsif ($self->{op} =~ /([a-z]{3,})([qlwb])$/) {
-		$self->{op} = $1;
-		$self->{sz} = $2;
-	    }
-	}
-	$ret;
-    }
-    sub size {
-	my $self = shift;
-	my $sz   = shift;
-	$self->{sz} = $sz if (defined($sz) && !defined($self->{sz}));
-	$self->{sz};
-    }
-    sub out {
-	my $self = shift;
-	if ($gas) {
-	    if ($self->{op} eq "movz") {	# movz is pain...
-		sprintf "%s%s%s",$self->{op},$self->{sz},shift;
-	    } elsif ($self->{op} =~ /^set/) { 
-		"$self->{op}";
-	    } elsif ($self->{op} eq "ret") {
-		my $epilogue = "";
-		if ($win64 && $current_function->{abi} eq "svr4") {
-		    $epilogue = "movq	8(%rsp),%rdi\n\t" .
-				"movq	16(%rsp),%rsi\n\t";
-		}
-	    	$epilogue . ".byte	0xf3,0xc3";
-	    } elsif ($self->{op} eq "call" && !$elf && $current_segment eq ".init") {
-		".p2align\t3\n\t.quad";
-	    } else {
-		"$self->{op}$self->{sz}";
-	    }
-	} else {
-	    $self->{op} =~ s/^movz/movzx/;
-	    if ($self->{op} eq "ret") {
-		$self->{op} = "";
-		if ($win64 && $current_function->{abi} eq "svr4") {
-		    $self->{op} = "mov	rdi,QWORD${PTR}[8+rsp]\t;WIN64 epilogue\n\t".
-				  "mov	rsi,QWORD${PTR}[16+rsp]\n\t";
-	    	}
-		$self->{op} .= "DB\t0F3h,0C3h\t\t;repret";
-	    } elsif ($self->{op} =~ /^(pop|push)f/) {
-		$self->{op} .= $self->{sz};
-	    } elsif ($self->{op} eq "call" && $current_segment eq ".CRT\$XCU") {
-		$self->{op} = "\tDQ";
-	    } 
-	    $self->{op};
-	}
-    }
-    sub mnemonic {
-	my $self=shift;
-	my $op=shift;
-	$self->{op}=$op if (defined($op));
-	$self->{op};
-    }
-}
-{ package const;	# pick up constants, which start with $
-    sub re {
-	my	$self = shift;	# single instance in enough...
-	local	*line = shift;
-	undef	$ret;
-
-	if ($line =~ /^\$([^,]+)/) {
-	    $self->{value} = $1;
-	    $ret = $self;
-	    $line = substr($line, at +[0]); $line =~ s/^\s+//;
-	}
-	$ret;
-    }
-    sub out {
-    	my $self = shift;
-
-	if ($gas) {
-	    # Solaris /usr/ccs/bin/as can't handle multiplications
-	    # in $self->{value}
-	    $self->{value} =~ s/(?<![\w\$\.])(0x?[0-9a-f]+)/oct($1)/egi;
-	    $self->{value} =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg;
-	    sprintf "\$%s",$self->{value};
-	} else {
-	    $self->{value} =~ s/(0b[0-1]+)/oct($1)/eig;
-	    $self->{value} =~ s/0x([0-9a-f]+)/0$1h/ig if ($masm);
-	    sprintf "%s",$self->{value};
-	}
-    }
-}
-{ package ea;		# pick up effective addresses: expr(%reg,%reg,scale)
-    sub re {
-	my	$self = shift;	# single instance in enough...
-	local	*line = shift;
-	undef	$ret;
-
-	# optional * ---vvv--- appears in indirect jmp/call
-	if ($line =~ /^(\*?)([^\(,]*)\(([%\w,]+)\)/) {
-	    $self->{asterisk} = $1;
-	    $self->{label} = $2;
-	    ($self->{base},$self->{index},$self->{scale})=split(/,/,$3);
-	    $self->{scale} = 1 if (!defined($self->{scale}));
-	    $ret = $self;
-	    $line = substr($line, at +[0]); $line =~ s/^\s+//;
-
-	    if ($win64 && $self->{label} =~ s/\@GOTPCREL//) {
-		die if (opcode->mnemonic() ne "mov");
-		opcode->mnemonic("lea");
-	    }
-	    $self->{base}  =~ s/^%//;
-	    $self->{index} =~ s/^%// if (defined($self->{index}));
-	}
-	$ret;
-    }
-    sub size {}
-    sub out {
-    	my $self = shift;
-	my $sz = shift;
-
-	$self->{label} =~ s/([_a-z][_a-z0-9]*)/$globals{$1} or $1/gei;
-	$self->{label} =~ s/\.L/$decor/g;
-
-	# Silently convert all EAs to 64-bit. This is required for
-	# elder GNU assembler and results in more compact code,
-	# *but* most importantly AES module depends on this feature!
-	$self->{index} =~ s/^[er](.?[0-9xpi])[d]?$/r\1/;
-	$self->{base}  =~ s/^[er](.?[0-9xpi])[d]?$/r\1/;
-
-	# Solaris /usr/ccs/bin/as can't handle multiplications
-	# in $self->{label}, new gas requires sign extension...
-	use integer;
-	$self->{label} =~ s/(?<![\w\$\.])(0x?[0-9a-f]+)/oct($1)/egi;
-	$self->{label} =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg;
-	$self->{label} =~ s/([0-9]+)/$1<<32>>32/eg;
-
-	if ($gas) {
-	    $self->{label} =~ s/^___imp_/__imp__/   if ($flavour eq "mingw64");
-
-	    if (defined($self->{index})) {
-		sprintf "%s%s(%s,%%%s,%d)",$self->{asterisk},
-					$self->{label},
-					$self->{base}?"%$self->{base}":"",
-					$self->{index},$self->{scale};
-	    } else {
-		sprintf "%s%s(%%%s)",	$self->{asterisk},$self->{label},$self->{base};
-	    }
-	} else {
-	    %szmap = (	b=>"BYTE$PTR", w=>"WORD$PTR", l=>"DWORD$PTR",
-	    		q=>"QWORD$PTR",o=>"OWORD$PTR",x=>"XMMWORD$PTR" );
-
-	    $self->{label} =~ s/\./\$/g;
-	    $self->{label} =~ s/(?<![\w\$\.])0x([0-9a-f]+)/0$1h/ig;
-	    $self->{label} = "($self->{label})" if ($self->{label} =~ /[\*\+\-\/]/);
-	    $sz="q" if ($self->{asterisk} || opcode->mnemonic() eq "movq");
-	    $sz="l" if (opcode->mnemonic() eq "movd");
-
-	    if (defined($self->{index})) {
-		sprintf "%s[%s%s*%d%s]",$szmap{$sz},
-					$self->{label}?"$self->{label}+":"",
-					$self->{index},$self->{scale},
-					$self->{base}?"+$self->{base}":"";
-	    } elsif ($self->{base} eq "rip") {
-		sprintf "%s[%s]",$szmap{$sz},$self->{label};
-	    } else {
-		sprintf "%s[%s%s]",$szmap{$sz},
-					$self->{label}?"$self->{label}+":"",
-					$self->{base};
-	    }
-	}
-    }
-}
-{ package register;	# pick up registers, which start with %.
-    sub re {
-	my	$class = shift;	# muliple instances...
-	my	$self = {};
-	local	*line = shift;
-	undef	$ret;
-
-	# optional * ---vvv--- appears in indirect jmp/call
-	if ($line =~ /^(\*?)%(\w+)/) {
-	    bless $self,$class;
-	    $self->{asterisk} = $1;
-	    $self->{value} = $2;
-	    $ret = $self;
-	    $line = substr($line, at +[0]); $line =~ s/^\s+//;
-	}
-	$ret;
-    }
-    sub size {
-	my	$self = shift;
-	undef	$ret;
-
-	if    ($self->{value} =~ /^r[\d]+b$/i)	{ $ret="b"; }
-	elsif ($self->{value} =~ /^r[\d]+w$/i)	{ $ret="w"; }
-	elsif ($self->{value} =~ /^r[\d]+d$/i)	{ $ret="l"; }
-	elsif ($self->{value} =~ /^r[\w]+$/i)	{ $ret="q"; }
-	elsif ($self->{value} =~ /^[a-d][hl]$/i){ $ret="b"; }
-	elsif ($self->{value} =~ /^[\w]{2}l$/i)	{ $ret="b"; }
-	elsif ($self->{value} =~ /^[\w]{2}$/i)	{ $ret="w"; }
-	elsif ($self->{value} =~ /^e[a-z]{2}$/i){ $ret="l"; }
-
-	$ret;
-    }
-    sub out {
-    	my $self = shift;
-	if ($gas)	{ sprintf "%s%%%s",$self->{asterisk},$self->{value}; }
-	else		{ $self->{value}; }
-    }
-}
-{ package label;	# pick up labels, which end with :
-    sub re {
-	my	$self = shift;	# single instance is enough...
-	local	*line = shift;
-	undef	$ret;
-
-	if ($line =~ /(^[\.\w]+)\:/) {
-	    $self->{value} = $1;
-	    $ret = $self;
-	    $line = substr($line, at +[0]); $line =~ s/^\s+//;
-
-	    $self->{value} =~ s/^\.L/$decor/;
-	}
-	$ret;
-    }
-    sub out {
-	my $self = shift;
-
-	if ($gas) {
-	    my $func = ($globals{$self->{value}} or $self->{value}) . ":";
-	    if ($win64	&&
-			$current_function->{name} eq $self->{value} &&
-			$current_function->{abi} eq "svr4") {
-		$func .= "\n";
-		$func .= "	movq	%rdi,8(%rsp)\n";
-		$func .= "	movq	%rsi,16(%rsp)\n";
-		$func .= "	movq	%rsp,%rax\n";
-		$func .= "${decor}SEH_begin_$current_function->{name}:\n";
-		my $narg = $current_function->{narg};
-		$narg=6 if (!defined($narg));
-		$func .= "	movq	%rcx,%rdi\n" if ($narg>0);
-		$func .= "	movq	%rdx,%rsi\n" if ($narg>1);
-		$func .= "	movq	%r8,%rdx\n"  if ($narg>2);
-		$func .= "	movq	%r9,%rcx\n"  if ($narg>3);
-		$func .= "	movq	40(%rsp),%r8\n" if ($narg>4);
-		$func .= "	movq	48(%rsp),%r9\n" if ($narg>5);
-	    }
-	    $func;
-	} elsif ($self->{value} ne "$current_function->{name}") {
-	    $self->{value} .= ":" if ($masm && $ret!~m/^\$/);
-	    $self->{value} . ":";
-	} elsif ($win64 && $current_function->{abi} eq "svr4") {
-	    my $func =	"$current_function->{name}" .
-			($nasm ? ":" : "\tPROC $current_function->{scope}") .
-			"\n";
-	    $func .= "	mov	QWORD${PTR}[8+rsp],rdi\t;WIN64 prologue\n";
-	    $func .= "	mov	QWORD${PTR}[16+rsp],rsi\n";
-	    $func .= "	mov	rax,rsp\n";
-	    $func .= "${decor}SEH_begin_$current_function->{name}:";
-	    $func .= ":" if ($masm);
-	    $func .= "\n";
-	    my $narg = $current_function->{narg};
-	    $narg=6 if (!defined($narg));
-	    $func .= "	mov	rdi,rcx\n" if ($narg>0);
-	    $func .= "	mov	rsi,rdx\n" if ($narg>1);
-	    $func .= "	mov	rdx,r8\n"  if ($narg>2);
-	    $func .= "	mov	rcx,r9\n"  if ($narg>3);
-	    $func .= "	mov	r8,QWORD${PTR}[40+rsp]\n" if ($narg>4);
-	    $func .= "	mov	r9,QWORD${PTR}[48+rsp]\n" if ($narg>5);
-	    $func .= "\n";
-	} else {
-	   "$current_function->{name}".
-			($nasm ? ":" : "\tPROC $current_function->{scope}");
-	}
-    }
-}
-{ package expr;		# pick up expressioins
-    sub re {
-	my	$self = shift;	# single instance is enough...
-	local	*line = shift;
-	undef	$ret;
-
-	if ($line =~ /(^[^,]+)/) {
-	    $self->{value} = $1;
-	    $ret = $self;
-	    $line = substr($line, at +[0]); $line =~ s/^\s+//;
-
-	    $self->{value} =~ s/\@PLT// if (!$elf);
-	    $self->{value} =~ s/([_a-z][_a-z0-9]*)/$globals{$1} or $1/gei;
-	    $self->{value} =~ s/\.L/$decor/g;
-	}
-	$ret;
-    }
-    sub out {
-	my $self = shift;
-	if ($nasm && opcode->mnemonic()=~m/^j/) {
-	    "NEAR ".$self->{value};
-	} else {
-	    $self->{value};
-	}
-    }
-}
-{ package directive;	# pick up directives, which start with .
-    sub re {
-	my	$self = shift;	# single instance is enough...
-	local	*line = shift;
-	undef	$ret;
-	my	$dir;
-	my	%opcode =	# lea 2f-1f(%rip),%dst; 1: nop; 2:
-		(	"%rax"=>0x01058d48,	"%rcx"=>0x010d8d48,
-			"%rdx"=>0x01158d48,	"%rbx"=>0x011d8d48,
-			"%rsp"=>0x01258d48,	"%rbp"=>0x012d8d48,
-			"%rsi"=>0x01358d48,	"%rdi"=>0x013d8d48,
-			"%r8" =>0x01058d4c,	"%r9" =>0x010d8d4c,
-			"%r10"=>0x01158d4c,	"%r11"=>0x011d8d4c,
-			"%r12"=>0x01258d4c,	"%r13"=>0x012d8d4c,
-			"%r14"=>0x01358d4c,	"%r15"=>0x013d8d4c	);
-
-	if ($line =~ /^\s*(\.\w+)/) {
-	    $dir = $1;
-	    $ret = $self;
-	    undef $self->{value};
-	    $line = substr($line, at +[0]); $line =~ s/^\s+//;
-
-	    SWITCH: for ($dir) {
-		/\.picmeup/ && do { if ($line =~ /(%r[\w]+)/i) {
-			    		$dir="\t.long";
-					$line=sprintf "0x%x,0x90000000",$opcode{$1};
-				    }
-				    last;
-				  };
-		/\.global|\.globl|\.extern/
-			    && do { $globals{$line} = $prefix . $line;
-				    $line = $globals{$line} if ($prefix);
-				    last;
-				  };
-		/\.type/    && do { ($sym,$type,$narg) = split(',',$line);
-				    if ($type eq "\@function") {
-					undef $current_function;
-					$current_function->{name} = $sym;
-					$current_function->{abi}  = "svr4";
-					$current_function->{narg} = $narg;
-					$current_function->{scope} = defined($globals{$sym})?"PUBLIC":"PRIVATE";
-				    } elsif ($type eq "\@abi-omnipotent") {
-					undef $current_function;
-					$current_function->{name} = $sym;
-					$current_function->{scope} = defined($globals{$sym})?"PUBLIC":"PRIVATE";
-				    }
-				    $line =~ s/\@abi\-omnipotent/\@function/;
-				    $line =~ s/\@function.*/\@function/;
-				    last;
-				  };
-		/\.asciz/   && do { if ($line =~ /^"(.*)"$/) {
-					$dir  = ".byte";
-					$line = join(",",unpack("C*",$1),0);
-				    }
-				    last;
-				  };
-		/\.rva|\.long|\.quad/
-			    && do { $line =~ s/([_a-z][_a-z0-9]*)/$globals{$1} or $1/gei;
-				    $line =~ s/\.L/$decor/g;
-				    last;
-				  };
-	    }
-
-	    if ($gas) {
-		$self->{value} = $dir . "\t" . $line;
-
-		if ($dir =~ /\.extern/) {
-		    $self->{value} = ""; # swallow extern
-		} elsif (!$elf && $dir =~ /\.type/) {
-		    $self->{value} = "";
-		    $self->{value} = ".def\t" . ($globals{$1} or $1) . ";\t" .
-				(defined($globals{$1})?".scl 2;":".scl 3;") .
-				"\t.type 32;\t.endef"
-				if ($win64 && $line =~ /([^,]+),\@function/);
-		} elsif (!$elf && $dir =~ /\.size/) {
-		    $self->{value} = "";
-		    if (defined($current_function)) {
-			$self->{value} .= "${decor}SEH_end_$current_function->{name}:"
-				if ($win64 && $current_function->{abi} eq "svr4");
-			undef $current_function;
-		    }
-		} elsif (!$elf && $dir =~ /\.align/) {
-		    $self->{value} = ".p2align\t" . (log($line)/log(2));
-		} elsif ($dir eq ".section") {
-		    $current_segment=$line;
-		    if (!$elf && $current_segment eq ".init") {
-			if	($flavour eq "macosx")	{ $self->{value} = ".mod_init_func"; }
-			elsif	($flavour eq "mingw64")	{ $self->{value} = ".section\t.ctors"; }
-		    }
-		} elsif ($dir =~ /\.(text|data)/) {
-		    $current_segment=".$1";
-		} elsif ($dir =~ /\.hidden/) {
-		    if    ($flavour eq "macosx")  { $self->{value} = ".private_extern\t$prefix$line"; }
-		    elsif ($flavour eq "mingw64") { $self->{value} = ""; }
-		} elsif ($dir =~ /\.comm/) {
-		    $self->{value} = "$dir\t$prefix$line";
-		    $self->{value} =~ s|,([0-9]+),([0-9]+)$|",$1,".log($2)/log(2)|e if ($flavour eq "macosx");
-		}
-		$line = "";
-		return $self;
-	    }
-
-	    # non-gas case or nasm/masm
-	    SWITCH: for ($dir) {
-		/\.text/    && do { my $v=undef;
-				    if ($nasm) {
-					$v="section	.text code align=64\n";
-				    } else {
-					$v="$current_segment\tENDS\n" if ($current_segment);
-					$current_segment = ".text\$";
-					$v.="$current_segment\tSEGMENT ";
-					$v.=$masm>=$masmref ? "ALIGN(64)" : "PAGE";
-					$v.=" 'CODE'";
-				    }
-				    $self->{value} = $v;
-				    last;
-				  };
-		/\.data/    && do { my $v=undef;
-				    if ($nasm) {
-					$v="section	.data data align=8\n";
-				    } else {
-					$v="$current_segment\tENDS\n" if ($current_segment);
-					$current_segment = "_DATA";
-					$v.="$current_segment\tSEGMENT";
-				    }
-				    $self->{value} = $v;
-				    last;
-				  };
-		/\.section/ && do { my $v=undef;
-				    $line =~ s/([^,]*).*/$1/;
-				    $line = ".CRT\$XCU" if ($line eq ".init");
-				    if ($nasm) {
-					$v="section	$line";
-					if ($line=~/\.([px])data/) {
-					    $v.=" rdata align=";
-					    $v.=$1 eq "p"? 4 : 8;
-					} elsif ($line=~/\.CRT\$/i) {
-					    $v.=" rdata align=8";
-					}
-				    } else {
-					$v="$current_segment\tENDS\n" if ($current_segment);
-					$v.="$line\tSEGMENT";
-					if ($line=~/\.([px])data/) {
-					    $v.=" READONLY";
-					    $v.=" ALIGN(".($1 eq "p" ? 4 : 8).")" if ($masm>=$masmref);
-					} elsif ($line=~/\.CRT\$/i) {
-					    $v.=" READONLY ";
-					    $v.=$masm>=$masmref ? "ALIGN(8)" : "DWORD";
-					}
-				    }
-				    $current_segment = $line;
-				    $self->{value} = $v;
-				    last;
-				  };
-		/\.extern/  && do { $self->{value}  = "EXTERN\t".$line;
-				    $self->{value} .= ":NEAR" if ($masm);
-				    last;
-				  };
-		/\.globl|.global/
-			    && do { $self->{value}  = $masm?"PUBLIC":"global";
-				    $self->{value} .= "\t".$line;
-				    last;
-				  };
-		/\.size/    && do { if (defined($current_function)) {
-					undef $self->{value};
-					if ($current_function->{abi} eq "svr4") {
-					    $self->{value}="${decor}SEH_end_$current_function->{name}:";
-					    $self->{value}.=":\n" if($masm);
-					}
-					$self->{value}.="$current_function->{name}\tENDP" if($masm && $current_function->{name});
-					undef $current_function;
-				    }
-				    last;
-				  };
-		/\.align/   && do { $self->{value} = "ALIGN\t".$line; last; };
-		/\.(value|long|rva|quad)/
-			    && do { my $sz  = substr($1,0,1);
-				    my @arr = split(/,\s*/,$line);
-				    my $last = pop(@arr);
-				    my $conv = sub  {	my $var=shift;
-							$var=~s/^(0b[0-1]+)/oct($1)/eig;
-							$var=~s/^0x([0-9a-f]+)/0$1h/ig if ($masm);
-							if ($sz eq "D" && ($current_segment=~/.[px]data/ || $dir eq ".rva"))
-							{ $var=~s/([_a-z\$\@][_a-z0-9\$\@]*)/$nasm?"$1 wrt ..imagebase":"imagerel $1"/egi; }
-							$var;
-						    };  
-
-				    $sz =~ tr/bvlrq/BWDDQ/;
-				    $self->{value} = "\tD$sz\t";
-				    for (@arr) { $self->{value} .= &$conv($_).","; }
-				    $self->{value} .= &$conv($last);
-				    last;
-				  };
-		/\.byte/    && do { my @str=split(/,\s*/,$line);
-				    map(s/(0b[0-1]+)/oct($1)/eig, at str);
-				    map(s/0x([0-9a-f]+)/0$1h/ig, at str) if ($masm);	
-				    while ($#str>15) {
-					$self->{value}.="DB\t"
-						.join(",", at str[0..15])."\n";
-					foreach (0..15) { shift @str; }
-				    }
-				    $self->{value}.="DB\t"
-						.join(",", at str) if (@str);
-				    last;
-				  };
-		/\.comm/    && do { my @str=split(/,\s*/,$line);
-				    my $v=undef;
-				    if ($nasm) {
-					$v.="common	$prefix at str[0] @str[1]";
-				    } else {
-					$v="$current_segment\tENDS\n" if ($current_segment);
-					$current_segment = "_DATA";
-					$v.="$current_segment\tSEGMENT\n";
-					$v.="COMM	@str[0]:DWORD:". at str[1]/4;
-				    }
-				    $self->{value} = $v;
-				    last;
-				  };
-	    }
-	    $line = "";
-	}
-
-	$ret;
-    }
-    sub out {
-	my $self = shift;
-	$self->{value};
-    }
-}
-
-sub rex {
- local *opcode=shift;
- my ($dst,$src,$rex)=@_;
-
-   $rex|=0x04 if($dst>=8);
-   $rex|=0x01 if($src>=8);
-   push @opcode,($rex|0x40) if ($rex);
-}
-
-# older gas and ml64 don't handle SSE>2 instructions
-my %regrm = (	"%eax"=>0, "%ecx"=>1, "%edx"=>2, "%ebx"=>3,
-		"%esp"=>4, "%ebp"=>5, "%esi"=>6, "%edi"=>7	);
-
-my $movq = sub {	# elderly gas can't handle inter-register movq
-  my $arg = shift;
-  my @opcode=(0x66);
-    if ($arg =~ /%xmm([0-9]+),\s*%r(\w+)/) {
-	my ($src,$dst)=($1,$2);
-	if ($dst !~ /[0-9]+/)	{ $dst = $regrm{"%e$dst"}; }
-	rex(\@opcode,$src,$dst,0x8);
-	push @opcode,0x0f,0x7e;
-	push @opcode,0xc0|(($src&7)<<3)|($dst&7);	# ModR/M
-	@opcode;
-    } elsif ($arg =~ /%r(\w+),\s*%xmm([0-9]+)/) {
-	my ($src,$dst)=($2,$1);
-	if ($dst !~ /[0-9]+/)	{ $dst = $regrm{"%e$dst"}; }
-	rex(\@opcode,$src,$dst,0x8);
-	push @opcode,0x0f,0x6e;
-	push @opcode,0xc0|(($src&7)<<3)|($dst&7);	# ModR/M
-	@opcode;
-    } else {
-	();
-    }
-};
-
-my $pextrd = sub {
-    if (shift =~ /\$([0-9]+),\s*%xmm([0-9]+),\s*(%\w+)/) {
-      my @opcode=(0x66);
-	$imm=$1;
-	$src=$2;
-	$dst=$3;
-	if ($dst =~ /%r([0-9]+)d/)	{ $dst = $1; }
-	elsif ($dst =~ /%e/)		{ $dst = $regrm{$dst}; }
-	rex(\@opcode,$src,$dst);
-	push @opcode,0x0f,0x3a,0x16;
-	push @opcode,0xc0|(($src&7)<<3)|($dst&7);	# ModR/M
-	push @opcode,$imm;
-	@opcode;
-    } else {
-	();
-    }
-};
-
-my $pinsrd = sub {
-    if (shift =~ /\$([0-9]+),\s*(%\w+),\s*%xmm([0-9]+)/) {
-      my @opcode=(0x66);
-	$imm=$1;
-	$src=$2;
-	$dst=$3;
-	if ($src =~ /%r([0-9]+)/)	{ $src = $1; }
-	elsif ($src =~ /%e/)		{ $src = $regrm{$src}; }
-	rex(\@opcode,$dst,$src);
-	push @opcode,0x0f,0x3a,0x22;
-	push @opcode,0xc0|(($dst&7)<<3)|($src&7);	# ModR/M
-	push @opcode,$imm;
-	@opcode;
-    } else {
-	();
-    }
-};
-
-my $pshufb = sub {
-    if (shift =~ /%xmm([0-9]+),\s*%xmm([0-9]+)/) {
-      my @opcode=(0x66);
-	rex(\@opcode,$2,$1);
-	push @opcode,0x0f,0x38,0x00;
-	push @opcode,0xc0|($1&7)|(($2&7)<<3);		# ModR/M
-	@opcode;
-    } else {
-	();
-    }
-};
-
-my $palignr = sub {
-    if (shift =~ /\$([0-9]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) {
-      my @opcode=(0x66);
-	rex(\@opcode,$3,$2);
-	push @opcode,0x0f,0x3a,0x0f;
-	push @opcode,0xc0|($2&7)|(($3&7)<<3);		# ModR/M
-	push @opcode,$1;
-	@opcode;
-    } else {
-	();
-    }
-};
-
-my $pclmulqdq = sub {
-    if (shift =~ /\$([x0-9a-f]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) {
-      my @opcode=(0x66);
-	rex(\@opcode,$3,$2);
-	push @opcode,0x0f,0x3a,0x44;
-	push @opcode,0xc0|($2&7)|(($3&7)<<3);		# ModR/M
-	my $c=$1;
-	push @opcode,$c=~/^0/?oct($c):$c;
-	@opcode;
-    } else {
-	();
-    }
-};
-
-my $rdrand = sub {
-    if (shift =~ /%[er](\w+)/) {
-      my @opcode=();
-      my $dst=$1;
-	if ($dst !~ /[0-9]+/) { $dst = $regrm{"%e$dst"}; }
-	rex(\@opcode,0,$1,8);
-	push @opcode,0x0f,0xc7,0xf0|($dst&7);
-	@opcode;
-    } else {
-	();
-    }
-};
-
-if ($nasm) {
-    print <<___;
-default	rel
-%define XMMWORD
-___
-} elsif ($masm) {
-    print <<___;
-OPTION	DOTNAME
-___
-}
-while($line=<>) {
-
-    chomp($line);
-
-    $line =~ s|[#!].*$||;	# get rid of asm-style comments...
-    $line =~ s|/\*.*\*/||;	# ... and C-style comments...
-    $line =~ s|^\s+||;		# ... and skip white spaces in beginning
-
-    undef $label;
-    undef $opcode;
-    undef @args;
-
-    if ($label=label->re(\$line))	{ print $label->out(); }
-
-    if (directive->re(\$line)) {
-	printf "%s",directive->out();
-    } elsif ($opcode=opcode->re(\$line)) {
-	my $asm = eval("\$".$opcode->mnemonic());
-	undef @bytes;
-	
-	if ((ref($asm) eq 'CODE') && scalar(@bytes=&$asm($line))) {
-	    print $gas?".byte\t":"DB\t",join(',', at bytes),"\n";
-	    next;
-	}
-
-	ARGUMENT: while (1) {
-	my $arg;
-
-	if ($arg=register->re(\$line))	{ opcode->size($arg->size()); }
-	elsif ($arg=const->re(\$line))	{ }
-	elsif ($arg=ea->re(\$line))	{ }
-	elsif ($arg=expr->re(\$line))	{ }
-	else				{ last ARGUMENT; }
-
-	push @args,$arg;
-
-	last ARGUMENT if ($line !~ /^,/);
-
-	$line =~ s/^,\s*//;
-	} # ARGUMENT:
-
-	if ($#args>=0) {
-	    my $insn;
-	    my $sz=opcode->size();
-
-	    if ($gas) {
-		$insn = $opcode->out($#args>=1?$args[$#args]->size():$sz);
-		@args = map($_->out($sz), at args);
-		printf "\t%s\t%s",$insn,join(",", at args);
-	    } else {
-		$insn = $opcode->out();
-		foreach (@args) {
-		    my $arg = $_->out();
-		    # $insn.=$sz compensates for movq, pinsrw, ...
-		    if ($arg =~ /^xmm[0-9]+$/) { $insn.=$sz; $sz="x" if(!$sz); last; }
-		    if ($arg =~ /^mm[0-9]+$/)  { $insn.=$sz; $sz="q" if(!$sz); last; }
-		}
-		@args = reverse(@args);
-		undef $sz if ($nasm && $opcode->mnemonic() eq "lea");
-		printf "\t%s\t%s",$insn,join(",",map($_->out($sz), at args));
-	    }
-	} else {
-	    printf "\t%s",$opcode->out();
-	}
-    }
-
-    print $line,"\n";
-}
-
-print "\n$current_segment\tENDS\n"	if ($current_segment && $masm);
-print "END\n"				if ($masm);
-
-close STDOUT;
-
-
#################################################
-# Cross-reference x86_64 ABI "card"
-#
-# 		Unix		Win64
-# %rax		*		*
-# %rbx		-		-
-# %rcx		#4		#1
-# %rdx		#3		#2
-# %rsi		#2		-
-# %rdi		#1		-
-# %rbp		-		-
-# %rsp		-		-
-# %r8		#5		#3
-# %r9		#6		#4
-# %r10		*		*
-# %r11		*		*
-# %r12		-		-
-# %r13		-		-
-# %r14		-		-
-# %r15		-		-
-# 
-# (*)	volatile register
-# (-)	preserved by callee
-# (#)	Nth argument, volatile
-#
-# In Unix terms top of stack is argument transfer area for arguments
-# which could not be accomodated in registers. Or in other words 7th
-# [integer] argument resides at 8(%rsp) upon function entry point.
-# 128 bytes above %rsp constitute a "red zone" which is not touched
-# by signal handlers and can be used as temporal storage without
-# allocating a frame.
-#
-# In Win64 terms N*8 bytes on top of stack is argument transfer area,
-# which belongs to/can be overwritten by callee. N is the number of
-# arguments passed to callee, *but* not less than 4! This means that
-# upon function entry point 5th argument resides at 40(%rsp), as well
-# as that 32 bytes from 8(%rsp) can always be used as temporal
-# storage [without allocating a frame]. One can actually argue that
-# one can assume a "red zone" above stack pointer under Win64 as well.
-# Point is that at apparently no occasion Windows kernel would alter
-# the area above user stack pointer in true asynchronous manner...
-#
-# All the above means that if assembler programmer adheres to Unix
-# register and stack layout, but disregards the "red zone" existense,
-# it's possible to use following prologue and epilogue to "gear" from
-# Unix to Win64 ABI in leaf functions with not more than 6 arguments.
-#
-# omnipotent_function:
-# ifdef WIN64
-#	movq	%rdi,8(%rsp)
-#	movq	%rsi,16(%rsp)
-#	movq	%rcx,%rdi	; if 1st argument is actually present
-#	movq	%rdx,%rsi	; if 2nd argument is actually ...
-#	movq	%r8,%rdx	; if 3rd argument is ...
-#	movq	%r9,%rcx	; if 4th argument ...
-#	movq	40(%rsp),%r8	; if 5th ...
-#	movq	48(%rsp),%r9	; if 6th ...
-# endif
-#	...
-# ifdef WIN64
-#	movq	8(%rsp),%rdi
-#	movq	16(%rsp),%rsi
-# endif
-#	ret
-#
-
#################################################
-# Win64 SEH, Structured Exception Handling.
-#
-# Unlike on Unix systems(*) lack of Win64 stack unwinding information
-# has undesired side-effect at run-time: if an exception is raised in
-# assembler subroutine such as those in question (basically we're
-# referring to segmentation violations caused by malformed input
-# parameters), the application is briskly terminated without invoking
-# any exception handlers, most notably without generating memory dump
-# or any user notification whatsoever. This poses a problem. It's
-# possible to address it by registering custom language-specific
-# handler that would restore processor context to the state at
-# subroutine entry point and return "exception is not handled, keep
-# unwinding" code. Writing such handler can be a challenge... But it's
-# doable, though requires certain coding convention. Consider following
-# snippet:
-#
-# .type	function, at function
-# function:
-#	movq	%rsp,%rax	# copy rsp to volatile register
-#	pushq	%r15		# save non-volatile registers
-#	pushq	%rbx
-#	pushq	%rbp
-#	movq	%rsp,%r11
-#	subq	%rdi,%r11	# prepare [variable] stack frame
-#	andq	$-64,%r11
-#	movq	%rax,0(%r11)	# check for exceptions
-#	movq	%r11,%rsp	# allocate [variable] stack frame
-#	movq	%rax,0(%rsp)	# save original rsp value
-# magic_point:
-#	...
-#	movq	0(%rsp),%rcx	# pull original rsp value
-#	movq	-24(%rcx),%rbp	# restore non-volatile registers
-#	movq	-16(%rcx),%rbx
-#	movq	-8(%rcx),%r15
-#	movq	%rcx,%rsp	# restore original rsp
-#	ret
-# .size function,.-function
-#
-# The key is that up to magic_point copy of original rsp value remains
-# in chosen volatile register and no non-volatile register, except for
-# rsp, is modified. While past magic_point rsp remains constant till
-# the very end of the function. In this case custom language-specific
-# exception handler would look like this:
-#
-# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
-#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
-# {	ULONG64 *rsp = (ULONG64 *)context->Rax;
-#	if (context->Rip >= magic_point)
-#	{   rsp = ((ULONG64 **)context->Rsp)[0];
-#	    context->Rbp = rsp[-3];
-#	    context->Rbx = rsp[-2];
-#	    context->R15 = rsp[-1];
-#	}
-#	context->Rsp = (ULONG64)rsp;
-#	context->Rdi = rsp[1];
-#	context->Rsi = rsp[2];
-#
-#	memcpy (disp->ContextRecord,context,sizeof(CONTEXT));
-#	RtlVirtualUnwind(UNW_FLAG_NHANDLER,disp->ImageBase,
-#		dips->ControlPc,disp->FunctionEntry,disp->ContextRecord,
-#		&disp->HandlerData,&disp->EstablisherFrame,NULL);
-#	return ExceptionContinueSearch;
-# }
-#
-# It's appropriate to implement this handler in assembler, directly in
-# function's module. In order to do that one has to know members'
-# offsets in CONTEXT and DISPATCHER_CONTEXT structures and some constant
-# values. Here they are:
-#
-#	CONTEXT.Rax				120
-#	CONTEXT.Rcx				128
-#	CONTEXT.Rdx				136
-#	CONTEXT.Rbx				144
-#	CONTEXT.Rsp				152
-#	CONTEXT.Rbp				160
-#	CONTEXT.Rsi				168
-#	CONTEXT.Rdi				176
-#	CONTEXT.R8				184
-#	CONTEXT.R9				192
-#	CONTEXT.R10				200
-#	CONTEXT.R11				208
-#	CONTEXT.R12				216
-#	CONTEXT.R13				224
-#	CONTEXT.R14				232
-#	CONTEXT.R15				240
-#	CONTEXT.Rip				248
-#	CONTEXT.Xmm6				512
-#	sizeof(CONTEXT)				1232
-#	DISPATCHER_CONTEXT.ControlPc		0
-#	DISPATCHER_CONTEXT.ImageBase		8
-#	DISPATCHER_CONTEXT.FunctionEntry	16
-#	DISPATCHER_CONTEXT.EstablisherFrame	24
-#	DISPATCHER_CONTEXT.TargetIp		32
-#	DISPATCHER_CONTEXT.ContextRecord	40
-#	DISPATCHER_CONTEXT.LanguageHandler	48
-#	DISPATCHER_CONTEXT.HandlerData		56
-#	UNW_FLAG_NHANDLER			0
-#	ExceptionContinueSearch			1
-#
-# In order to tie the handler to the function one has to compose
-# couple of structures: one for .xdata segment and one for .pdata.
-#
-# UNWIND_INFO structure for .xdata segment would be
-#
-# function_unwind_info:
-#	.byte	9,0,0,0
-#	.rva	handler
-#
-# This structure designates exception handler for a function with
-# zero-length prologue, no stack frame or frame register.
-#
-# To facilitate composing of .pdata structures, auto-generated "gear"
-# prologue copies rsp value to rax and denotes next instruction with
-# .LSEH_begin_{function_name} label. This essentially defines the SEH
-# styling rule mentioned in the beginning. Position of this label is
-# chosen in such manner that possible exceptions raised in the "gear"
-# prologue would be accounted to caller and unwound from latter's frame.
-# End of function is marked with respective .LSEH_end_{function_name}
-# label. To summarize, .pdata segment would contain
-#
-#	.rva	.LSEH_begin_function
-#	.rva	.LSEH_end_function
-#	.rva	function_unwind_info
-#
-# Reference to functon_unwind_info from .xdata segment is the anchor.
-# In case you wonder why references are 32-bit .rvas and not 64-bit
-# .quads. References put into these two segments are required to be
-# *relative* to the base address of the current binary module, a.k.a.
-# image base. No Win64 module, be it .exe or .dll, can be larger than
-# 2GB and thus such relative references can be and are accommodated in
-# 32 bits.
-#
-# Having reviewed the example function code, one can argue that "movq
-# %rsp,%rax" above is redundant. It is not! Keep in mind that on Unix
-# rax would contain an undefined value. If this "offends" you, use
-# another register and refrain from modifying rax till magic_point is
-# reached, i.e. as if it was a non-volatile register. If more registers
-# are required prior [variable] frame setup is completed, note that
-# nobody says that you can have only one "magic point." You can
-# "liberate" non-volatile registers by denoting last stack off-load
-# instruction and reflecting it in finer grade unwind logic in handler.
-# After all, isn't it why it's called *language-specific* handler...
-#
-# Attentive reader can notice that exceptions would be mishandled in
-# auto-generated "gear" epilogue. Well, exception effectively can't
-# occur there, because if memory area used by it was subject to
-# segmentation violation, then it would be raised upon call to the
-# function (and as already mentioned be accounted to caller, which is
-# not a problem). If you're still not comfortable, then define tail
-# "magic point" just prior ret instruction and have handler treat it...
-#
-# (*)	Note that we're talking about run-time, not debug-time. Lack of
-#	unwind information makes debugging hard on both Windows and
-#	Unix. "Unlike" referes to the fact that on Unix signal handler
-#	will always be invoked, core dumped and appropriate exit code
-#	returned to parent (for user notification).

Copied: vendor-crypto/openssl/1.0.1u/crypto/perlasm/x86_64-xlate.pl (from rev 11605, vendor-crypto/openssl/dist/crypto/perlasm/x86_64-xlate.pl)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/perlasm/x86_64-xlate.pl	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/perlasm/x86_64-xlate.pl	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,1080 @@
+#!/usr/bin/env perl
+
+# Ascetic x86_64 AT&T to MASM/NASM assembler translator by <appro>.
+#
+# Why AT&T to MASM and not vice versa? Several reasons. Because AT&T
+# format is way easier to parse. Because it's simpler to "gear" from
+# Unix ABI to Windows one [see cross-reference "card" at the end of
+# file]. Because Linux targets were available first...
+#
+# In addition the script also "distills" code suitable for GNU
+# assembler, so that it can be compiled with more rigid assemblers,
+# such as Solaris /usr/ccs/bin/as.
+#
+# This translator is not designed to convert *arbitrary* assembler
+# code from AT&T format to MASM one. It's designed to convert just
+# enough to provide for dual-ABI OpenSSL modules development...
+# There *are* limitations and you might have to modify your assembler
+# code or this script to achieve the desired result...
+#
+# Currently recognized limitations:
+#
+# - can't use multiple ops per line;
+#
+# Dual-ABI styling rules.
+#
+# 1. Adhere to Unix register and stack layout [see cross-reference
+#    ABI "card" at the end for explanation].
+# 2. Forget about "red zone," stick to more traditional blended
+#    stack frame allocation. If volatile storage is actually required
+#    that is. If not, just leave the stack as is.
+# 3. Functions tagged with ".type name, at function" get crafted with
+#    unified Win64 prologue and epilogue automatically. If you want
+#    to take care of ABI differences yourself, tag functions as
+#    ".type name, at abi-omnipotent" instead.
+# 4. To optimize the Win64 prologue you can specify number of input
+#    arguments as ".type name, at function,N." Keep in mind that if N is
+#    larger than 6, then you *have to* write "abi-omnipotent" code,
+#    because >6 cases can't be addressed with unified prologue.
+# 5. Name local labels as .L*, do *not* use dynamic labels such as 1:
+#    (sorry about latter).
+# 6. Don't use [or hand-code with .byte] "rep ret." "ret" mnemonic is
+#    required to identify the spots, where to inject Win64 epilogue!
+#    But on the pros, it's then prefixed with rep automatically:-)
+# 7. Stick to explicit ip-relative addressing. If you have to use
+#    GOTPCREL addressing, stick to mov symbol at GOTPCREL(%rip),%r??.
+#    Both are recognized and translated to proper Win64 addressing
+#    modes. To support legacy code a synthetic directive, .picmeup,
+#    is implemented. It puts address of the *next* instruction into
+#    target register, e.g.:
+#
+#		.picmeup	%rax
+#		lea		.Label-.(%rax),%rax
+#
+# 8. In order to provide for structured exception handling unified
+#    Win64 prologue copies %rsp value to %rax. For further details
+#    see SEH paragraph at the end.
+# 9. .init segment is allowed to contain calls to functions only.
+# a. If function accepts more than 4 arguments *and* >4th argument
+#    is declared as non 64-bit value, do clear its upper part.
+

+my $flavour = shift;
+my $output  = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+open STDOUT,">$output" || die "can't open $output: $!"
+	if (defined($output));
+
+my $gas=1;	$gas=0 if ($output =~ /\.asm$/);
+my $elf=1;	$elf=0 if (!$gas);
+my $win64=0;
+my $prefix="";
+my $decor=".L";
+
+my $masmref=8 + 50727*2**-32;	# 8.00.50727 shipped with VS2005
+my $masm=0;
+my $PTR=" PTR";
+
+my $nasmref=2.03;
+my $nasm=0;
+
+if    ($flavour eq "mingw64")	{ $gas=1; $elf=0; $win64=1;
+				  $prefix=`echo __USER_LABEL_PREFIX__ | $ENV{CC} -E -P -`;
+				  chomp($prefix);
+				}
+elsif ($flavour eq "macosx")	{ $gas=1; $elf=0; $prefix="_"; $decor="L\$"; }
+elsif ($flavour eq "masm")	{ $gas=0; $elf=0; $masm=$masmref; $win64=1; $decor="\$L\$"; }
+elsif ($flavour eq "nasm")	{ $gas=0; $elf=0; $nasm=$nasmref; $win64=1; $decor="\$L\$"; $PTR=""; }
+elsif (!$gas)
+{   if ($ENV{ASM} =~ m/nasm/ && `nasm -v` =~ m/version ([0-9]+)\.([0-9]+)/i)
+    {	$nasm = $1 + $2*0.01; $PTR="";  }
+    elsif (`ml64 2>&1` =~ m/Version ([0-9]+)\.([0-9]+)(\.([0-9]+))?/)
+    {	$masm = $1 + $2*2**-16 + $4*2**-32;   }
+    die "no assembler found on %PATH" if (!($nasm || $masm));
+    $win64=1;
+    $elf=0;
+    $decor="\$L\$";
+}
+
+my $current_segment;
+my $current_function;
+my %globals;
+
+{ package opcode;	# pick up opcodes
+    sub re {
+	my	$self = shift;	# single instance in enough...
+	local	*line = shift;
+	undef	$ret;
+
+	if ($line =~ /^([a-z][a-z0-9]*)/i) {
+	    $self->{op} = $1;
+	    $ret = $self;
+	    $line = substr($line, at +[0]); $line =~ s/^\s+//;
+
+	    undef $self->{sz};
+	    if ($self->{op} =~ /^(movz)x?([bw]).*/) {	# movz is pain...
+		$self->{op} = $1;
+		$self->{sz} = $2;
+	    } elsif ($self->{op} =~ /call|jmp/) {
+		$self->{sz} = "";
+	    } elsif ($self->{op} =~ /^p/ && $' !~ /^(ush|op|insrw)/) { # SSEn
+		$self->{sz} = "";
+	    } elsif ($self->{op} =~ /^v/) { # VEX
+		$self->{sz} = "";
+	    } elsif ($self->{op} =~ /mov[dq]/ && $line =~ /%xmm/) {
+		$self->{sz} = "";
+	    } elsif ($self->{op} =~ /([a-z]{3,})([qlwb])$/) {
+		$self->{op} = $1;
+		$self->{sz} = $2;
+	    }
+	}
+	$ret;
+    }
+    sub size {
+	my $self = shift;
+	my $sz   = shift;
+	$self->{sz} = $sz if (defined($sz) && !defined($self->{sz}));
+	$self->{sz};
+    }
+    sub out {
+	my $self = shift;
+	if ($gas) {
+	    if ($self->{op} eq "movz") {	# movz is pain...
+		sprintf "%s%s%s",$self->{op},$self->{sz},shift;
+	    } elsif ($self->{op} =~ /^set/) { 
+		"$self->{op}";
+	    } elsif ($self->{op} eq "ret") {
+		my $epilogue = "";
+		if ($win64 && $current_function->{abi} eq "svr4") {
+		    $epilogue = "movq	8(%rsp),%rdi\n\t" .
+				"movq	16(%rsp),%rsi\n\t";
+		}
+	    	$epilogue . ".byte	0xf3,0xc3";
+	    } elsif ($self->{op} eq "call" && !$elf && $current_segment eq ".init") {
+		".p2align\t3\n\t.quad";
+	    } else {
+		"$self->{op}$self->{sz}";
+	    }
+	} else {
+	    $self->{op} =~ s/^movz/movzx/;
+	    if ($self->{op} eq "ret") {
+		$self->{op} = "";
+		if ($win64 && $current_function->{abi} eq "svr4") {
+		    $self->{op} = "mov	rdi,QWORD${PTR}[8+rsp]\t;WIN64 epilogue\n\t".
+				  "mov	rsi,QWORD${PTR}[16+rsp]\n\t";
+	    	}
+		$self->{op} .= "DB\t0F3h,0C3h\t\t;repret";
+	    } elsif ($self->{op} =~ /^(pop|push)f/) {
+		$self->{op} .= $self->{sz};
+	    } elsif ($self->{op} eq "call" && $current_segment eq ".CRT\$XCU") {
+		$self->{op} = "\tDQ";
+	    } 
+	    $self->{op};
+	}
+    }
+    sub mnemonic {
+	my $self=shift;
+	my $op=shift;
+	$self->{op}=$op if (defined($op));
+	$self->{op};
+    }
+}
+{ package const;	# pick up constants, which start with $
+    sub re {
+	my	$self = shift;	# single instance in enough...
+	local	*line = shift;
+	undef	$ret;
+
+	if ($line =~ /^\$([^,]+)/) {
+	    $self->{value} = $1;
+	    $ret = $self;
+	    $line = substr($line, at +[0]); $line =~ s/^\s+//;
+	}
+	$ret;
+    }
+    sub out {
+    	my $self = shift;
+
+	if ($gas) {
+	    # Solaris /usr/ccs/bin/as can't handle multiplications
+	    # in $self->{value}
+	    $self->{value} =~ s/(?<![\w\$\.])(0x?[0-9a-f]+)/oct($1)/egi;
+	    $self->{value} =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg;
+	    sprintf "\$%s",$self->{value};
+	} else {
+	    $self->{value} =~ s/(0b[0-1]+)/oct($1)/eig;
+	    $self->{value} =~ s/0x([0-9a-f]+)/0$1h/ig if ($masm);
+	    sprintf "%s",$self->{value};
+	}
+    }
+}
+{ package ea;		# pick up effective addresses: expr(%reg,%reg,scale)
+    sub re {
+	my	$self = shift;	# single instance in enough...
+	local	*line = shift;
+	undef	$ret;
+
+	# optional * ---vvv--- appears in indirect jmp/call
+	if ($line =~ /^(\*?)([^\(,]*)\(([%\w,]+)\)/) {
+	    $self->{asterisk} = $1;
+	    $self->{label} = $2;
+	    ($self->{base},$self->{index},$self->{scale})=split(/,/,$3);
+	    $self->{scale} = 1 if (!defined($self->{scale}));
+	    $ret = $self;
+	    $line = substr($line, at +[0]); $line =~ s/^\s+//;
+
+	    if ($win64 && $self->{label} =~ s/\@GOTPCREL//) {
+		die if (opcode->mnemonic() ne "mov");
+		opcode->mnemonic("lea");
+	    }
+	    $self->{base}  =~ s/^%//;
+	    $self->{index} =~ s/^%// if (defined($self->{index}));
+	}
+	$ret;
+    }
+    sub size {}
+    sub out {
+    	my $self = shift;
+	my $sz = shift;
+
+	$self->{label} =~ s/([_a-z][_a-z0-9]*)/$globals{$1} or $1/gei;
+	$self->{label} =~ s/\.L/$decor/g;
+
+	# Silently convert all EAs to 64-bit. This is required for
+	# elder GNU assembler and results in more compact code,
+	# *but* most importantly AES module depends on this feature!
+	$self->{index} =~ s/^[er](.?[0-9xpi])[d]?$/r\1/;
+	$self->{base}  =~ s/^[er](.?[0-9xpi])[d]?$/r\1/;
+
+	# Solaris /usr/ccs/bin/as can't handle multiplications
+	# in $self->{label}, new gas requires sign extension...
+	use integer;
+	$self->{label} =~ s/(?<![\w\$\.])(0x?[0-9a-f]+)/oct($1)/egi;
+	$self->{label} =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg;
+	$self->{label} =~ s/([0-9]+)/$1<<32>>32/eg;
+
+	if ($gas) {
+	    $self->{label} =~ s/^___imp_/__imp__/   if ($flavour eq "mingw64");
+
+	    if (defined($self->{index})) {
+		sprintf "%s%s(%s,%%%s,%d)",$self->{asterisk},
+					$self->{label},
+					$self->{base}?"%$self->{base}":"",
+					$self->{index},$self->{scale};
+	    } else {
+		sprintf "%s%s(%%%s)",	$self->{asterisk},$self->{label},$self->{base};
+	    }
+	} else {
+	    %szmap = (	b=>"BYTE$PTR", w=>"WORD$PTR", l=>"DWORD$PTR",
+	    		q=>"QWORD$PTR",o=>"OWORD$PTR",x=>"XMMWORD$PTR" );
+
+	    $self->{label} =~ s/\./\$/g;
+	    $self->{label} =~ s/(?<![\w\$\.])0x([0-9a-f]+)/0$1h/ig;
+	    $self->{label} = "($self->{label})" if ($self->{label} =~ /[\*\+\-\/]/);
+	    $sz="q" if ($self->{asterisk} || opcode->mnemonic() eq "movq");
+	    $sz="l" if (opcode->mnemonic() eq "movd");
+
+	    if (defined($self->{index})) {
+		sprintf "%s[%s%s*%d%s]",$szmap{$sz},
+					$self->{label}?"$self->{label}+":"",
+					$self->{index},$self->{scale},
+					$self->{base}?"+$self->{base}":"";
+	    } elsif ($self->{base} eq "rip") {
+		sprintf "%s[%s]",$szmap{$sz},$self->{label};
+	    } else {
+		sprintf "%s[%s%s]",$szmap{$sz},
+					$self->{label}?"$self->{label}+":"",
+					$self->{base};
+	    }
+	}
+    }
+}
+{ package register;	# pick up registers, which start with %.
+    sub re {
+	my	$class = shift;	# muliple instances...
+	my	$self = {};
+	local	*line = shift;
+	undef	$ret;
+
+	# optional * ---vvv--- appears in indirect jmp/call
+	if ($line =~ /^(\*?)%(\w+)/) {
+	    bless $self,$class;
+	    $self->{asterisk} = $1;
+	    $self->{value} = $2;
+	    $ret = $self;
+	    $line = substr($line, at +[0]); $line =~ s/^\s+//;
+	}
+	$ret;
+    }
+    sub size {
+	my	$self = shift;
+	undef	$ret;
+
+	if    ($self->{value} =~ /^r[\d]+b$/i)	{ $ret="b"; }
+	elsif ($self->{value} =~ /^r[\d]+w$/i)	{ $ret="w"; }
+	elsif ($self->{value} =~ /^r[\d]+d$/i)	{ $ret="l"; }
+	elsif ($self->{value} =~ /^r[\w]+$/i)	{ $ret="q"; }
+	elsif ($self->{value} =~ /^[a-d][hl]$/i){ $ret="b"; }
+	elsif ($self->{value} =~ /^[\w]{2}l$/i)	{ $ret="b"; }
+	elsif ($self->{value} =~ /^[\w]{2}$/i)	{ $ret="w"; }
+	elsif ($self->{value} =~ /^e[a-z]{2}$/i){ $ret="l"; }
+
+	$ret;
+    }
+    sub out {
+    	my $self = shift;
+	if ($gas)	{ sprintf "%s%%%s",$self->{asterisk},$self->{value}; }
+	else		{ $self->{value}; }
+    }
+}
+{ package label;	# pick up labels, which end with :
+    sub re {
+	my	$self = shift;	# single instance is enough...
+	local	*line = shift;
+	undef	$ret;
+
+	if ($line =~ /(^[\.\w]+)\:/) {
+	    $self->{value} = $1;
+	    $ret = $self;
+	    $line = substr($line, at +[0]); $line =~ s/^\s+//;
+
+	    $self->{value} =~ s/^\.L/$decor/;
+	}
+	$ret;
+    }
+    sub out {
+	my $self = shift;
+
+	if ($gas) {
+	    my $func = ($globals{$self->{value}} or $self->{value}) . ":";
+	    if ($win64	&&
+			$current_function->{name} eq $self->{value} &&
+			$current_function->{abi} eq "svr4") {
+		$func .= "\n";
+		$func .= "	movq	%rdi,8(%rsp)\n";
+		$func .= "	movq	%rsi,16(%rsp)\n";
+		$func .= "	movq	%rsp,%rax\n";
+		$func .= "${decor}SEH_begin_$current_function->{name}:\n";
+		my $narg = $current_function->{narg};
+		$narg=6 if (!defined($narg));
+		$func .= "	movq	%rcx,%rdi\n" if ($narg>0);
+		$func .= "	movq	%rdx,%rsi\n" if ($narg>1);
+		$func .= "	movq	%r8,%rdx\n"  if ($narg>2);
+		$func .= "	movq	%r9,%rcx\n"  if ($narg>3);
+		$func .= "	movq	40(%rsp),%r8\n" if ($narg>4);
+		$func .= "	movq	48(%rsp),%r9\n" if ($narg>5);
+	    }
+	    $func;
+	} elsif ($self->{value} ne "$current_function->{name}") {
+	    $self->{value} .= ":" if ($masm && $ret!~m/^\$/);
+	    $self->{value} . ":";
+	} elsif ($win64 && $current_function->{abi} eq "svr4") {
+	    my $func =	"$current_function->{name}" .
+			($nasm ? ":" : "\tPROC $current_function->{scope}") .
+			"\n";
+	    $func .= "	mov	QWORD${PTR}[8+rsp],rdi\t;WIN64 prologue\n";
+	    $func .= "	mov	QWORD${PTR}[16+rsp],rsi\n";
+	    $func .= "	mov	rax,rsp\n";
+	    $func .= "${decor}SEH_begin_$current_function->{name}:";
+	    $func .= ":" if ($masm);
+	    $func .= "\n";
+	    my $narg = $current_function->{narg};
+	    $narg=6 if (!defined($narg));
+	    $func .= "	mov	rdi,rcx\n" if ($narg>0);
+	    $func .= "	mov	rsi,rdx\n" if ($narg>1);
+	    $func .= "	mov	rdx,r8\n"  if ($narg>2);
+	    $func .= "	mov	rcx,r9\n"  if ($narg>3);
+	    $func .= "	mov	r8,QWORD${PTR}[40+rsp]\n" if ($narg>4);
+	    $func .= "	mov	r9,QWORD${PTR}[48+rsp]\n" if ($narg>5);
+	    $func .= "\n";
+	} else {
+	   "$current_function->{name}".
+			($nasm ? ":" : "\tPROC $current_function->{scope}");
+	}
+    }
+}
+{ package expr;		# pick up expressioins
+    sub re {
+	my	$self = shift;	# single instance is enough...
+	local	*line = shift;
+	undef	$ret;
+
+	if ($line =~ /(^[^,]+)/) {
+	    $self->{value} = $1;
+	    $ret = $self;
+	    $line = substr($line, at +[0]); $line =~ s/^\s+//;
+
+	    $self->{value} =~ s/\@PLT// if (!$elf);
+	    $self->{value} =~ s/([_a-z][_a-z0-9]*)/$globals{$1} or $1/gei;
+	    $self->{value} =~ s/\.L/$decor/g;
+	}
+	$ret;
+    }
+    sub out {
+	my $self = shift;
+	if ($nasm && opcode->mnemonic()=~m/^j/) {
+	    "NEAR ".$self->{value};
+	} else {
+	    $self->{value};
+	}
+    }
+}
+{ package directive;	# pick up directives, which start with .
+    sub re {
+	my	$self = shift;	# single instance is enough...
+	local	*line = shift;
+	undef	$ret;
+	my	$dir;
+	my	%opcode =	# lea 2f-1f(%rip),%dst; 1: nop; 2:
+		(	"%rax"=>0x01058d48,	"%rcx"=>0x010d8d48,
+			"%rdx"=>0x01158d48,	"%rbx"=>0x011d8d48,
+			"%rsp"=>0x01258d48,	"%rbp"=>0x012d8d48,
+			"%rsi"=>0x01358d48,	"%rdi"=>0x013d8d48,
+			"%r8" =>0x01058d4c,	"%r9" =>0x010d8d4c,
+			"%r10"=>0x01158d4c,	"%r11"=>0x011d8d4c,
+			"%r12"=>0x01258d4c,	"%r13"=>0x012d8d4c,
+			"%r14"=>0x01358d4c,	"%r15"=>0x013d8d4c	);
+
+	if ($line =~ /^\s*(\.\w+)/) {
+	    $dir = $1;
+	    $ret = $self;
+	    undef $self->{value};
+	    $line = substr($line, at +[0]); $line =~ s/^\s+//;
+
+	    SWITCH: for ($dir) {
+		/\.picmeup/ && do { if ($line =~ /(%r[\w]+)/i) {
+			    		$dir="\t.long";
+					$line=sprintf "0x%x,0x90000000",$opcode{$1};
+				    }
+				    last;
+				  };
+		/\.global|\.globl|\.extern/
+			    && do { $globals{$line} = $prefix . $line;
+				    $line = $globals{$line} if ($prefix);
+				    last;
+				  };
+		/\.type/    && do { ($sym,$type,$narg) = split(',',$line);
+				    if ($type eq "\@function") {
+					undef $current_function;
+					$current_function->{name} = $sym;
+					$current_function->{abi}  = "svr4";
+					$current_function->{narg} = $narg;
+					$current_function->{scope} = defined($globals{$sym})?"PUBLIC":"PRIVATE";
+				    } elsif ($type eq "\@abi-omnipotent") {
+					undef $current_function;
+					$current_function->{name} = $sym;
+					$current_function->{scope} = defined($globals{$sym})?"PUBLIC":"PRIVATE";
+				    }
+				    $line =~ s/\@abi\-omnipotent/\@function/;
+				    $line =~ s/\@function.*/\@function/;
+				    last;
+				  };
+		/\.asciz/   && do { if ($line =~ /^"(.*)"$/) {
+					$dir  = ".byte";
+					$line = join(",",unpack("C*",$1),0);
+				    }
+				    last;
+				  };
+		/\.rva|\.long|\.quad/
+			    && do { $line =~ s/([_a-z][_a-z0-9]*)/$globals{$1} or $1/gei;
+				    $line =~ s/\.L/$decor/g;
+				    last;
+				  };
+	    }
+
+	    if ($gas) {
+		$self->{value} = $dir . "\t" . $line;
+
+		if ($dir =~ /\.extern/) {
+		    $self->{value} = ""; # swallow extern
+		} elsif (!$elf && $dir =~ /\.type/) {
+		    $self->{value} = "";
+		    $self->{value} = ".def\t" . ($globals{$1} or $1) . ";\t" .
+				(defined($globals{$1})?".scl 2;":".scl 3;") .
+				"\t.type 32;\t.endef"
+				if ($win64 && $line =~ /([^,]+),\@function/);
+		} elsif (!$elf && $dir =~ /\.size/) {
+		    $self->{value} = "";
+		    if (defined($current_function)) {
+			$self->{value} .= "${decor}SEH_end_$current_function->{name}:"
+				if ($win64 && $current_function->{abi} eq "svr4");
+			undef $current_function;
+		    }
+		} elsif (!$elf && $dir =~ /\.align/) {
+		    $self->{value} = ".p2align\t" . (log($line)/log(2));
+		} elsif ($dir eq ".section") {
+		    $current_segment=$line;
+		    if (!$elf && $current_segment eq ".init") {
+			if	($flavour eq "macosx")	{ $self->{value} = ".mod_init_func"; }
+			elsif	($flavour eq "mingw64")	{ $self->{value} = ".section\t.ctors"; }
+		    }
+		} elsif ($dir =~ /\.(text|data)/) {
+		    $current_segment=".$1";
+		} elsif ($dir =~ /\.hidden/) {
+		    if    ($flavour eq "macosx")  { $self->{value} = ".private_extern\t$prefix$line"; }
+		    elsif ($flavour eq "mingw64") { $self->{value} = ""; }
+		} elsif ($dir =~ /\.comm/) {
+		    $self->{value} = "$dir\t$prefix$line";
+		    $self->{value} =~ s|,([0-9]+),([0-9]+)$|",$1,".log($2)/log(2)|e if ($flavour eq "macosx");
+		}
+		$line = "";
+		return $self;
+	    }
+
+	    # non-gas case or nasm/masm
+	    SWITCH: for ($dir) {
+		/\.text/    && do { my $v=undef;
+				    if ($nasm) {
+					$v="section	.text code align=64\n";
+				    } else {
+					$v="$current_segment\tENDS\n" if ($current_segment);
+					$current_segment = ".text\$";
+					$v.="$current_segment\tSEGMENT ";
+					$v.=$masm>=$masmref ? "ALIGN(64)" : "PAGE";
+					$v.=" 'CODE'";
+				    }
+				    $self->{value} = $v;
+				    last;
+				  };
+		/\.data/    && do { my $v=undef;
+				    if ($nasm) {
+					$v="section	.data data align=8\n";
+				    } else {
+					$v="$current_segment\tENDS\n" if ($current_segment);
+					$current_segment = "_DATA";
+					$v.="$current_segment\tSEGMENT";
+				    }
+				    $self->{value} = $v;
+				    last;
+				  };
+		/\.section/ && do { my $v=undef;
+				    $line =~ s/([^,]*).*/$1/;
+				    $line = ".CRT\$XCU" if ($line eq ".init");
+				    if ($nasm) {
+					$v="section	$line";
+					if ($line=~/\.([px])data/) {
+					    $v.=" rdata align=";
+					    $v.=$1 eq "p"? 4 : 8;
+					} elsif ($line=~/\.CRT\$/i) {
+					    $v.=" rdata align=8";
+					}
+				    } else {
+					$v="$current_segment\tENDS\n" if ($current_segment);
+					$v.="$line\tSEGMENT";
+					if ($line=~/\.([px])data/) {
+					    $v.=" READONLY";
+					    $v.=" ALIGN(".($1 eq "p" ? 4 : 8).")" if ($masm>=$masmref);
+					} elsif ($line=~/\.CRT\$/i) {
+					    $v.=" READONLY ";
+					    $v.=$masm>=$masmref ? "ALIGN(8)" : "DWORD";
+					}
+				    }
+				    $current_segment = $line;
+				    $self->{value} = $v;
+				    last;
+				  };
+		/\.extern/  && do { $self->{value}  = "EXTERN\t".$line;
+				    $self->{value} .= ":NEAR" if ($masm);
+				    last;
+				  };
+		/\.globl|.global/
+			    && do { $self->{value}  = $masm?"PUBLIC":"global";
+				    $self->{value} .= "\t".$line;
+				    last;
+				  };
+		/\.size/    && do { if (defined($current_function)) {
+					undef $self->{value};
+					if ($current_function->{abi} eq "svr4") {
+					    $self->{value}="${decor}SEH_end_$current_function->{name}:";
+					    $self->{value}.=":\n" if($masm);
+					}
+					$self->{value}.="$current_function->{name}\tENDP" if($masm && $current_function->{name});
+					undef $current_function;
+				    }
+				    last;
+				  };
+		/\.align/   && do { $self->{value} = "ALIGN\t".$line; last; };
+		/\.(value|long|rva|quad)/
+			    && do { my $sz  = substr($1,0,1);
+				    my @arr = split(/,\s*/,$line);
+				    my $last = pop(@arr);
+				    my $conv = sub  {	my $var=shift;
+							$var=~s/^(0b[0-1]+)/oct($1)/eig;
+							$var=~s/^0x([0-9a-f]+)/0$1h/ig if ($masm);
+							if ($sz eq "D" && ($current_segment=~/.[px]data/ || $dir eq ".rva"))
+							{ $var=~s/([_a-z\$\@][_a-z0-9\$\@]*)/$nasm?"$1 wrt ..imagebase":"imagerel $1"/egi; }
+							$var;
+						    };  
+
+				    $sz =~ tr/bvlrq/BWDDQ/;
+				    $self->{value} = "\tD$sz\t";
+				    for (@arr) { $self->{value} .= &$conv($_).","; }
+				    $self->{value} .= &$conv($last);
+				    last;
+				  };
+		/\.byte/    && do { my @str=split(/,\s*/,$line);
+				    map(s/(0b[0-1]+)/oct($1)/eig, at str);
+				    map(s/0x([0-9a-f]+)/0$1h/ig, at str) if ($masm);	
+				    while ($#str>15) {
+					$self->{value}.="DB\t"
+						.join(",", at str[0..15])."\n";
+					foreach (0..15) { shift @str; }
+				    }
+				    $self->{value}.="DB\t"
+						.join(",", at str) if (@str);
+				    last;
+				  };
+		/\.comm/    && do { my @str=split(/,\s*/,$line);
+				    my $v=undef;
+				    if ($nasm) {
+					$v.="common	$prefix at str[0] @str[1]";
+				    } else {
+					$v="$current_segment\tENDS\n" if ($current_segment);
+					$current_segment = "_DATA";
+					$v.="$current_segment\tSEGMENT\n";
+					$v.="COMM	@str[0]:DWORD:". at str[1]/4;
+				    }
+				    $self->{value} = $v;
+				    last;
+				  };
+	    }
+	    $line = "";
+	}
+
+	$ret;
+    }
+    sub out {
+	my $self = shift;
+	$self->{value};
+    }
+}
+
+sub rex {
+ local *opcode=shift;
+ my ($dst,$src,$rex)=@_;
+
+   $rex|=0x04 if($dst>=8);
+   $rex|=0x01 if($src>=8);
+   push @opcode,($rex|0x40) if ($rex);
+}
+
+# older gas and ml64 don't handle SSE>2 instructions
+my %regrm = (	"%eax"=>0, "%ecx"=>1, "%edx"=>2, "%ebx"=>3,
+		"%esp"=>4, "%ebp"=>5, "%esi"=>6, "%edi"=>7	);
+
+my $movq = sub {	# elderly gas can't handle inter-register movq
+  my $arg = shift;
+  my @opcode=(0x66);
+    if ($arg =~ /%xmm([0-9]+),\s*%r(\w+)/) {
+	my ($src,$dst)=($1,$2);
+	if ($dst !~ /[0-9]+/)	{ $dst = $regrm{"%e$dst"}; }
+	rex(\@opcode,$src,$dst,0x8);
+	push @opcode,0x0f,0x7e;
+	push @opcode,0xc0|(($src&7)<<3)|($dst&7);	# ModR/M
+	@opcode;
+    } elsif ($arg =~ /%r(\w+),\s*%xmm([0-9]+)/) {
+	my ($src,$dst)=($2,$1);
+	if ($dst !~ /[0-9]+/)	{ $dst = $regrm{"%e$dst"}; }
+	rex(\@opcode,$src,$dst,0x8);
+	push @opcode,0x0f,0x6e;
+	push @opcode,0xc0|(($src&7)<<3)|($dst&7);	# ModR/M
+	@opcode;
+    } else {
+	();
+    }
+};
+
+my $pextrd = sub {
+    if (shift =~ /\$([0-9]+),\s*%xmm([0-9]+),\s*(%\w+)/) {
+      my @opcode=(0x66);
+	$imm=$1;
+	$src=$2;
+	$dst=$3;
+	if ($dst =~ /%r([0-9]+)d/)	{ $dst = $1; }
+	elsif ($dst =~ /%e/)		{ $dst = $regrm{$dst}; }
+	rex(\@opcode,$src,$dst);
+	push @opcode,0x0f,0x3a,0x16;
+	push @opcode,0xc0|(($src&7)<<3)|($dst&7);	# ModR/M
+	push @opcode,$imm;
+	@opcode;
+    } else {
+	();
+    }
+};
+
+my $pinsrd = sub {
+    if (shift =~ /\$([0-9]+),\s*(%\w+),\s*%xmm([0-9]+)/) {
+      my @opcode=(0x66);
+	$imm=$1;
+	$src=$2;
+	$dst=$3;
+	if ($src =~ /%r([0-9]+)/)	{ $src = $1; }
+	elsif ($src =~ /%e/)		{ $src = $regrm{$src}; }
+	rex(\@opcode,$dst,$src);
+	push @opcode,0x0f,0x3a,0x22;
+	push @opcode,0xc0|(($dst&7)<<3)|($src&7);	# ModR/M
+	push @opcode,$imm;
+	@opcode;
+    } else {
+	();
+    }
+};
+
+my $pshufb = sub {
+    if (shift =~ /%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+      my @opcode=(0x66);
+	rex(\@opcode,$2,$1);
+	push @opcode,0x0f,0x38,0x00;
+	push @opcode,0xc0|($1&7)|(($2&7)<<3);		# ModR/M
+	@opcode;
+    } else {
+	();
+    }
+};
+
+my $palignr = sub {
+    if (shift =~ /\$([0-9]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+      my @opcode=(0x66);
+	rex(\@opcode,$3,$2);
+	push @opcode,0x0f,0x3a,0x0f;
+	push @opcode,0xc0|($2&7)|(($3&7)<<3);		# ModR/M
+	push @opcode,$1;
+	@opcode;
+    } else {
+	();
+    }
+};
+
+my $pclmulqdq = sub {
+    if (shift =~ /\$([x0-9a-f]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+      my @opcode=(0x66);
+	rex(\@opcode,$3,$2);
+	push @opcode,0x0f,0x3a,0x44;
+	push @opcode,0xc0|($2&7)|(($3&7)<<3);		# ModR/M
+	my $c=$1;
+	push @opcode,$c=~/^0/?oct($c):$c;
+	@opcode;
+    } else {
+	();
+    }
+};
+
+my $rdrand = sub {
+    if (shift =~ /%[er](\w+)/) {
+      my @opcode=();
+      my $dst=$1;
+	if ($dst !~ /[0-9]+/) { $dst = $regrm{"%e$dst"}; }
+	rex(\@opcode,0,$1,8);
+	push @opcode,0x0f,0xc7,0xf0|($dst&7);
+	@opcode;
+    } else {
+	();
+    }
+};
+
+if ($nasm) {
+    print <<___;
+default	rel
+%define XMMWORD
+___
+} elsif ($masm) {
+    print <<___;
+OPTION	DOTNAME
+___
+}
+while($line=<>) {
+
+    chomp($line);
+
+    $line =~ s|[#!].*$||;	# get rid of asm-style comments...
+    $line =~ s|/\*.*\*/||;	# ... and C-style comments...
+    $line =~ s|^\s+||;		# ... and skip white spaces in beginning
+
+    undef $label;
+    undef $opcode;
+    undef @args;
+
+    if ($label=label->re(\$line))	{ print $label->out(); }
+
+    if (directive->re(\$line)) {
+	printf "%s",directive->out();
+    } elsif ($opcode=opcode->re(\$line)) {
+	my $asm = eval("\$".$opcode->mnemonic());
+	undef @bytes;
+	
+	if ((ref($asm) eq 'CODE') && scalar(@bytes=&$asm($line))) {
+	    print $gas?".byte\t":"DB\t",join(',', at bytes),"\n";
+	    next;
+	}
+
+	ARGUMENT: while (1) {
+	my $arg;
+
+	if ($arg=register->re(\$line))	{ opcode->size($arg->size()); }
+	elsif ($arg=const->re(\$line))	{ }
+	elsif ($arg=ea->re(\$line))	{ }
+	elsif ($arg=expr->re(\$line))	{ }
+	else				{ last ARGUMENT; }
+
+	push @args,$arg;
+
+	last ARGUMENT if ($line !~ /^,/);
+
+	$line =~ s/^,\s*//;
+	} # ARGUMENT:
+
+	if ($#args>=0) {
+	    my $insn;
+	    my $sz=opcode->size();
+
+	    if ($gas) {
+		$insn = $opcode->out($#args>=1?$args[$#args]->size():$sz);
+		@args = map($_->out($sz), at args);
+		printf "\t%s\t%s",$insn,join(",", at args);
+	    } else {
+		$insn = $opcode->out();
+		foreach (@args) {
+		    my $arg = $_->out();
+		    # $insn.=$sz compensates for movq, pinsrw, ...
+		    if ($arg =~ /^xmm[0-9]+$/) { $insn.=$sz; $sz="x" if(!$sz); last; }
+		    if ($arg =~ /^mm[0-9]+$/)  { $insn.=$sz; $sz="q" if(!$sz); last; }
+		}
+		@args = reverse(@args);
+		undef $sz if ($nasm && $opcode->mnemonic() eq "lea");
+		printf "\t%s\t%s",$insn,join(",",map($_->out($sz), at args));
+	    }
+	} else {
+	    printf "\t%s",$opcode->out();
+	}
+    }
+
+    print $line,"\n";
+}
+
+print "\n$current_segment\tENDS\n"	if ($current_segment && $masm);
+print "END\n"				if ($masm);
+
+close STDOUT;
+
+
#################################################
+# Cross-reference x86_64 ABI "card"
+#
+# 		Unix		Win64
+# %rax		*		*
+# %rbx		-		-
+# %rcx		#4		#1
+# %rdx		#3		#2
+# %rsi		#2		-
+# %rdi		#1		-
+# %rbp		-		-
+# %rsp		-		-
+# %r8		#5		#3
+# %r9		#6		#4
+# %r10		*		*
+# %r11		*		*
+# %r12		-		-
+# %r13		-		-
+# %r14		-		-
+# %r15		-		-
+# 
+# (*)	volatile register
+# (-)	preserved by callee
+# (#)	Nth argument, volatile
+#
+# In Unix terms top of stack is argument transfer area for arguments
+# which could not be accomodated in registers. Or in other words 7th
+# [integer] argument resides at 8(%rsp) upon function entry point.
+# 128 bytes above %rsp constitute a "red zone" which is not touched
+# by signal handlers and can be used as temporal storage without
+# allocating a frame.
+#
+# In Win64 terms N*8 bytes on top of stack is argument transfer area,
+# which belongs to/can be overwritten by callee. N is the number of
+# arguments passed to callee, *but* not less than 4! This means that
+# upon function entry point 5th argument resides at 40(%rsp), as well
+# as that 32 bytes from 8(%rsp) can always be used as temporal
+# storage [without allocating a frame]. One can actually argue that
+# one can assume a "red zone" above stack pointer under Win64 as well.
+# Point is that at apparently no occasion Windows kernel would alter
+# the area above user stack pointer in true asynchronous manner...
+#
+# All the above means that if assembler programmer adheres to Unix
+# register and stack layout, but disregards the "red zone" existense,
+# it's possible to use following prologue and epilogue to "gear" from
+# Unix to Win64 ABI in leaf functions with not more than 6 arguments.
+#
+# omnipotent_function:
+# ifdef WIN64
+#	movq	%rdi,8(%rsp)
+#	movq	%rsi,16(%rsp)
+#	movq	%rcx,%rdi	; if 1st argument is actually present
+#	movq	%rdx,%rsi	; if 2nd argument is actually ...
+#	movq	%r8,%rdx	; if 3rd argument is ...
+#	movq	%r9,%rcx	; if 4th argument ...
+#	movq	40(%rsp),%r8	; if 5th ...
+#	movq	48(%rsp),%r9	; if 6th ...
+# endif
+#	...
+# ifdef WIN64
+#	movq	8(%rsp),%rdi
+#	movq	16(%rsp),%rsi
+# endif
+#	ret
+#
+
#################################################
+# Win64 SEH, Structured Exception Handling.
+#
+# Unlike on Unix systems(*) lack of Win64 stack unwinding information
+# has undesired side-effect at run-time: if an exception is raised in
+# assembler subroutine such as those in question (basically we're
+# referring to segmentation violations caused by malformed input
+# parameters), the application is briskly terminated without invoking
+# any exception handlers, most notably without generating memory dump
+# or any user notification whatsoever. This poses a problem. It's
+# possible to address it by registering custom language-specific
+# handler that would restore processor context to the state at
+# subroutine entry point and return "exception is not handled, keep
+# unwinding" code. Writing such handler can be a challenge... But it's
+# doable, though requires certain coding convention. Consider following
+# snippet:
+#
+# .type	function, at function
+# function:
+#	movq	%rsp,%rax	# copy rsp to volatile register
+#	pushq	%r15		# save non-volatile registers
+#	pushq	%rbx
+#	pushq	%rbp
+#	movq	%rsp,%r11
+#	subq	%rdi,%r11	# prepare [variable] stack frame
+#	andq	$-64,%r11
+#	movq	%rax,0(%r11)	# check for exceptions
+#	movq	%r11,%rsp	# allocate [variable] stack frame
+#	movq	%rax,0(%rsp)	# save original rsp value
+# magic_point:
+#	...
+#	movq	0(%rsp),%rcx	# pull original rsp value
+#	movq	-24(%rcx),%rbp	# restore non-volatile registers
+#	movq	-16(%rcx),%rbx
+#	movq	-8(%rcx),%r15
+#	movq	%rcx,%rsp	# restore original rsp
+#	ret
+# .size function,.-function
+#
+# The key is that up to magic_point copy of original rsp value remains
+# in chosen volatile register and no non-volatile register, except for
+# rsp, is modified. While past magic_point rsp remains constant till
+# the very end of the function. In this case custom language-specific
+# exception handler would look like this:
+#
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
+# {	ULONG64 *rsp = (ULONG64 *)context->Rax;
+#	if (context->Rip >= magic_point)
+#	{   rsp = ((ULONG64 **)context->Rsp)[0];
+#	    context->Rbp = rsp[-3];
+#	    context->Rbx = rsp[-2];
+#	    context->R15 = rsp[-1];
+#	}
+#	context->Rsp = (ULONG64)rsp;
+#	context->Rdi = rsp[1];
+#	context->Rsi = rsp[2];
+#
+#	memcpy (disp->ContextRecord,context,sizeof(CONTEXT));
+#	RtlVirtualUnwind(UNW_FLAG_NHANDLER,disp->ImageBase,
+#		dips->ControlPc,disp->FunctionEntry,disp->ContextRecord,
+#		&disp->HandlerData,&disp->EstablisherFrame,NULL);
+#	return ExceptionContinueSearch;
+# }
+#
+# It's appropriate to implement this handler in assembler, directly in
+# function's module. In order to do that one has to know members'
+# offsets in CONTEXT and DISPATCHER_CONTEXT structures and some constant
+# values. Here they are:
+#
+#	CONTEXT.Rax				120
+#	CONTEXT.Rcx				128
+#	CONTEXT.Rdx				136
+#	CONTEXT.Rbx				144
+#	CONTEXT.Rsp				152
+#	CONTEXT.Rbp				160
+#	CONTEXT.Rsi				168
+#	CONTEXT.Rdi				176
+#	CONTEXT.R8				184
+#	CONTEXT.R9				192
+#	CONTEXT.R10				200
+#	CONTEXT.R11				208
+#	CONTEXT.R12				216
+#	CONTEXT.R13				224
+#	CONTEXT.R14				232
+#	CONTEXT.R15				240
+#	CONTEXT.Rip				248
+#	CONTEXT.Xmm6				512
+#	sizeof(CONTEXT)				1232
+#	DISPATCHER_CONTEXT.ControlPc		0
+#	DISPATCHER_CONTEXT.ImageBase		8
+#	DISPATCHER_CONTEXT.FunctionEntry	16
+#	DISPATCHER_CONTEXT.EstablisherFrame	24
+#	DISPATCHER_CONTEXT.TargetIp		32
+#	DISPATCHER_CONTEXT.ContextRecord	40
+#	DISPATCHER_CONTEXT.LanguageHandler	48
+#	DISPATCHER_CONTEXT.HandlerData		56
+#	UNW_FLAG_NHANDLER			0
+#	ExceptionContinueSearch			1
+#
+# In order to tie the handler to the function one has to compose
+# couple of structures: one for .xdata segment and one for .pdata.
+#
+# UNWIND_INFO structure for .xdata segment would be
+#
+# function_unwind_info:
+#	.byte	9,0,0,0
+#	.rva	handler
+#
+# This structure designates exception handler for a function with
+# zero-length prologue, no stack frame or frame register.
+#
+# To facilitate composing of .pdata structures, auto-generated "gear"
+# prologue copies rsp value to rax and denotes next instruction with
+# .LSEH_begin_{function_name} label. This essentially defines the SEH
+# styling rule mentioned in the beginning. Position of this label is
+# chosen in such manner that possible exceptions raised in the "gear"
+# prologue would be accounted to caller and unwound from latter's frame.
+# End of function is marked with respective .LSEH_end_{function_name}
+# label. To summarize, .pdata segment would contain
+#
+#	.rva	.LSEH_begin_function
+#	.rva	.LSEH_end_function
+#	.rva	function_unwind_info
+#
+# Reference to functon_unwind_info from .xdata segment is the anchor.
+# In case you wonder why references are 32-bit .rvas and not 64-bit
+# .quads. References put into these two segments are required to be
+# *relative* to the base address of the current binary module, a.k.a.
+# image base. No Win64 module, be it .exe or .dll, can be larger than
+# 2GB and thus such relative references can be and are accommodated in
+# 32 bits.
+#
+# Having reviewed the example function code, one can argue that "movq
+# %rsp,%rax" above is redundant. It is not! Keep in mind that on Unix
+# rax would contain an undefined value. If this "offends" you, use
+# another register and refrain from modifying rax till magic_point is
+# reached, i.e. as if it was a non-volatile register. If more registers
+# are required prior [variable] frame setup is completed, note that
+# nobody says that you can have only one "magic point." You can
+# "liberate" non-volatile registers by denoting last stack off-load
+# instruction and reflecting it in finer grade unwind logic in handler.
+# After all, isn't it why it's called *language-specific* handler...
+#
+# Attentive reader can notice that exceptions would be mishandled in
+# auto-generated "gear" epilogue. Well, exception effectively can't
+# occur there, because if memory area used by it was subject to
+# segmentation violation, then it would be raised upon call to the
+# function (and as already mentioned be accounted to caller, which is
+# not a problem). If you're still not comfortable, then define tail
+# "magic point" just prior ret instruction and have handler treat it...
+#
+# (*)	Note that we're talking about run-time, not debug-time. Lack of
+#	unwind information makes debugging hard on both Windows and
+#	Unix. "Unlike" referes to the fact that on Unix signal handler
+#	will always be invoked, core dumped and appropriate exit code
+#	returned to parent (for user notification).

Deleted: vendor-crypto/openssl/1.0.1u/crypto/pkcs12/p12_mutl.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pkcs12/p12_mutl.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/pkcs12/p12_mutl.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,195 +0,0 @@
-/* p12_mutl.c */
-/*
- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef OPENSSL_NO_HMAC
-# include <stdio.h>
-# include "cryptlib.h"
-# include <openssl/crypto.h>
-# include <openssl/hmac.h>
-# include <openssl/rand.h>
-# include <openssl/pkcs12.h>
-
-/* Generate a MAC */
-int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
-                   unsigned char *mac, unsigned int *maclen)
-{
-    const EVP_MD *md_type;
-    HMAC_CTX hmac;
-    unsigned char key[EVP_MAX_MD_SIZE], *salt;
-    int saltlen, iter;
-    int md_size;
-
-    if (!PKCS7_type_is_data(p12->authsafes)) {
-        PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_CONTENT_TYPE_NOT_DATA);
-        return 0;
-    }
-
-    salt = p12->mac->salt->data;
-    saltlen = p12->mac->salt->length;
-    if (!p12->mac->iter)
-        iter = 1;
-    else
-        iter = ASN1_INTEGER_get(p12->mac->iter);
-    if (!(md_type = EVP_get_digestbyobj(p12->mac->dinfo->algor->algorithm))) {
-        PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
-        return 0;
-    }
-    md_size = EVP_MD_size(md_type);
-    if (md_size < 0)
-        return 0;
-    if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
-                        md_size, key, md_type)) {
-        PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
-        return 0;
-    }
-    HMAC_CTX_init(&hmac);
-    if (!HMAC_Init_ex(&hmac, key, md_size, md_type, NULL)
-        || !HMAC_Update(&hmac, p12->authsafes->d.data->data,
-                        p12->authsafes->d.data->length)
-        || !HMAC_Final(&hmac, mac, maclen)) {
-        HMAC_CTX_cleanup(&hmac);
-        return 0;
-    }
-    HMAC_CTX_cleanup(&hmac);
-    return 1;
-}
-
-/* Verify the mac */
-int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
-{
-    unsigned char mac[EVP_MAX_MD_SIZE];
-    unsigned int maclen;
-    if (p12->mac == NULL) {
-        PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_ABSENT);
-        return 0;
-    }
-    if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) {
-        PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_GENERATION_ERROR);
-        return 0;
-    }
-    if ((maclen != (unsigned int)p12->mac->dinfo->digest->length)
-        || CRYPTO_memcmp(mac, p12->mac->dinfo->digest->data, maclen))
-        return 0;
-    return 1;
-}
-
-/* Set a mac */
-
-int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
-                   unsigned char *salt, int saltlen, int iter,
-                   const EVP_MD *md_type)
-{
-    unsigned char mac[EVP_MAX_MD_SIZE];
-    unsigned int maclen;
-
-    if (!md_type)
-        md_type = EVP_sha1();
-    if (PKCS12_setup_mac(p12, iter, salt, saltlen, md_type) == PKCS12_ERROR) {
-        PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_SETUP_ERROR);
-        return 0;
-    }
-    if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) {
-        PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_GENERATION_ERROR);
-        return 0;
-    }
-    if (!(M_ASN1_OCTET_STRING_set(p12->mac->dinfo->digest, mac, maclen))) {
-        PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_STRING_SET_ERROR);
-        return 0;
-    }
-    return 1;
-}
-
-/* Set up a mac structure */
-int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
-                     const EVP_MD *md_type)
-{
-    if (!(p12->mac = PKCS12_MAC_DATA_new()))
-        return PKCS12_ERROR;
-    if (iter > 1) {
-        if (!(p12->mac->iter = M_ASN1_INTEGER_new())) {
-            PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
-            return 0;
-        }
-        if (!ASN1_INTEGER_set(p12->mac->iter, iter)) {
-            PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
-            return 0;
-        }
-    }
-    if (!saltlen)
-        saltlen = PKCS12_SALT_LEN;
-    if ((p12->mac->salt->data = OPENSSL_malloc(saltlen)) == NULL) {
-        PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-    p12->mac->salt->length = saltlen;
-    if (!salt) {
-        if (RAND_pseudo_bytes(p12->mac->salt->data, saltlen) < 0)
-            return 0;
-    } else
-        memcpy(p12->mac->salt->data, salt, saltlen);
-    p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
-    if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {
-        PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-    p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL;
-
-    return 1;
-}
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/pkcs12/p12_mutl.c (from rev 11605, vendor-crypto/openssl/dist/crypto/pkcs12/p12_mutl.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/pkcs12/p12_mutl.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/pkcs12/p12_mutl.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,195 @@
+/* p12_mutl.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef OPENSSL_NO_HMAC
+# include <stdio.h>
+# include "cryptlib.h"
+# include <openssl/crypto.h>
+# include <openssl/hmac.h>
+# include <openssl/rand.h>
+# include <openssl/pkcs12.h>
+
+/* Generate a MAC */
+int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
+                   unsigned char *mac, unsigned int *maclen)
+{
+    const EVP_MD *md_type;
+    HMAC_CTX hmac;
+    unsigned char key[EVP_MAX_MD_SIZE], *salt;
+    int saltlen, iter;
+    int md_size;
+
+    if (!PKCS7_type_is_data(p12->authsafes)) {
+        PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_CONTENT_TYPE_NOT_DATA);
+        return 0;
+    }
+
+    salt = p12->mac->salt->data;
+    saltlen = p12->mac->salt->length;
+    if (!p12->mac->iter)
+        iter = 1;
+    else
+        iter = ASN1_INTEGER_get(p12->mac->iter);
+    if (!(md_type = EVP_get_digestbyobj(p12->mac->dinfo->algor->algorithm))) {
+        PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
+        return 0;
+    }
+    md_size = EVP_MD_size(md_type);
+    if (md_size < 0)
+        return 0;
+    if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
+                        md_size, key, md_type)) {
+        PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
+        return 0;
+    }
+    HMAC_CTX_init(&hmac);
+    if (!HMAC_Init_ex(&hmac, key, md_size, md_type, NULL)
+        || !HMAC_Update(&hmac, p12->authsafes->d.data->data,
+                        p12->authsafes->d.data->length)
+        || !HMAC_Final(&hmac, mac, maclen)) {
+        HMAC_CTX_cleanup(&hmac);
+        return 0;
+    }
+    HMAC_CTX_cleanup(&hmac);
+    return 1;
+}
+
+/* Verify the mac */
+int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
+{
+    unsigned char mac[EVP_MAX_MD_SIZE];
+    unsigned int maclen;
+    if (p12->mac == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_ABSENT);
+        return 0;
+    }
+    if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) {
+        PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_GENERATION_ERROR);
+        return 0;
+    }
+    if ((maclen != (unsigned int)p12->mac->dinfo->digest->length)
+        || CRYPTO_memcmp(mac, p12->mac->dinfo->digest->data, maclen))
+        return 0;
+    return 1;
+}
+
+/* Set a mac */
+
+int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
+                   unsigned char *salt, int saltlen, int iter,
+                   const EVP_MD *md_type)
+{
+    unsigned char mac[EVP_MAX_MD_SIZE];
+    unsigned int maclen;
+
+    if (!md_type)
+        md_type = EVP_sha1();
+    if (PKCS12_setup_mac(p12, iter, salt, saltlen, md_type) == PKCS12_ERROR) {
+        PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_SETUP_ERROR);
+        return 0;
+    }
+    if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) {
+        PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_GENERATION_ERROR);
+        return 0;
+    }
+    if (!(M_ASN1_OCTET_STRING_set(p12->mac->dinfo->digest, mac, maclen))) {
+        PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_STRING_SET_ERROR);
+        return 0;
+    }
+    return 1;
+}
+
+/* Set up a mac structure */
+int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
+                     const EVP_MD *md_type)
+{
+    if (!(p12->mac = PKCS12_MAC_DATA_new()))
+        return PKCS12_ERROR;
+    if (iter > 1) {
+        if (!(p12->mac->iter = M_ASN1_INTEGER_new())) {
+            PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        if (!ASN1_INTEGER_set(p12->mac->iter, iter)) {
+            PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+    if (!saltlen)
+        saltlen = PKCS12_SALT_LEN;
+    if ((p12->mac->salt->data = OPENSSL_malloc(saltlen)) == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    p12->mac->salt->length = saltlen;
+    if (!salt) {
+        if (RAND_bytes(p12->mac->salt->data, saltlen) <= 0)
+            return 0;
+    } else
+        memcpy(p12->mac->salt->data, salt, saltlen);
+    p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
+    if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {
+        PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL;
+
+    return 1;
+}
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/pkcs12/p12_npas.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pkcs12/p12_npas.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/pkcs12/p12_npas.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,235 +0,0 @@
-/* p12_npas.c */
-/*
- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/pem.h>
-#include <openssl/err.h>
-#include <openssl/pkcs12.h>
-
-/* PKCS#12 password change routine */
-
-static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass);
-static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
-                        char *newpass);
-static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass);
-static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen);
-
-/*
- * Change the password on a PKCS#12 structure.
- */
-
-int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass)
-{
-    /* Check for NULL PKCS12 structure */
-
-    if (!p12) {
-        PKCS12err(PKCS12_F_PKCS12_NEWPASS,
-                  PKCS12_R_INVALID_NULL_PKCS12_POINTER);
-        return 0;
-    }
-
-    /* Check the mac */
-
-    if (!PKCS12_verify_mac(p12, oldpass, -1)) {
-        PKCS12err(PKCS12_F_PKCS12_NEWPASS, PKCS12_R_MAC_VERIFY_FAILURE);
-        return 0;
-    }
-
-    if (!newpass_p12(p12, oldpass, newpass)) {
-        PKCS12err(PKCS12_F_PKCS12_NEWPASS, PKCS12_R_PARSE_ERROR);
-        return 0;
-    }
-
-    return 1;
-}
-
-/* Parse the outer PKCS#12 structure */
-
-static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
-{
-    STACK_OF(PKCS7) *asafes, *newsafes;
-    STACK_OF(PKCS12_SAFEBAG) *bags;
-    int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0;
-    PKCS7 *p7, *p7new;
-    ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL;
-    unsigned char mac[EVP_MAX_MD_SIZE];
-    unsigned int maclen;
-
-    if (!(asafes = PKCS12_unpack_authsafes(p12)))
-        return 0;
-    if (!(newsafes = sk_PKCS7_new_null()))
-        return 0;
-    for (i = 0; i < sk_PKCS7_num(asafes); i++) {
-        p7 = sk_PKCS7_value(asafes, i);
-        bagnid = OBJ_obj2nid(p7->type);
-        if (bagnid == NID_pkcs7_data) {
-            bags = PKCS12_unpack_p7data(p7);
-        } else if (bagnid == NID_pkcs7_encrypted) {
-            bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);
-            if (!alg_get(p7->d.encrypted->enc_data->algorithm,
-                         &pbe_nid, &pbe_iter, &pbe_saltlen)) {
-                sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-                bags = NULL;
-            }
-        } else
-            continue;
-        if (!bags) {
-            sk_PKCS7_pop_free(asafes, PKCS7_free);
-            return 0;
-        }
-        if (!newpass_bags(bags, oldpass, newpass)) {
-            sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-            sk_PKCS7_pop_free(asafes, PKCS7_free);
-            return 0;
-        }
-        /* Repack bag in same form with new password */
-        if (bagnid == NID_pkcs7_data)
-            p7new = PKCS12_pack_p7data(bags);
-        else
-            p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL,
-                                          pbe_saltlen, pbe_iter, bags);
-        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-        if (!p7new) {
-            sk_PKCS7_pop_free(asafes, PKCS7_free);
-            return 0;
-        }
-        sk_PKCS7_push(newsafes, p7new);
-    }
-    sk_PKCS7_pop_free(asafes, PKCS7_free);
-
-    /* Repack safe: save old safe in case of error */
-
-    p12_data_tmp = p12->authsafes->d.data;
-    if (!(p12->authsafes->d.data = ASN1_OCTET_STRING_new()))
-        goto saferr;
-    if (!PKCS12_pack_authsafes(p12, newsafes))
-        goto saferr;
-
-    if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen))
-        goto saferr;
-    if (!(macnew = ASN1_OCTET_STRING_new()))
-        goto saferr;
-    if (!ASN1_OCTET_STRING_set(macnew, mac, maclen))
-        goto saferr;
-    ASN1_OCTET_STRING_free(p12->mac->dinfo->digest);
-    p12->mac->dinfo->digest = macnew;
-    ASN1_OCTET_STRING_free(p12_data_tmp);
-
-    return 1;
-
- saferr:
-    /* Restore old safe */
-    ASN1_OCTET_STRING_free(p12->authsafes->d.data);
-    ASN1_OCTET_STRING_free(macnew);
-    p12->authsafes->d.data = p12_data_tmp;
-    return 0;
-
-}
-
-static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
-                        char *newpass)
-{
-    int i;
-    for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
-        if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i), oldpass, newpass))
-            return 0;
-    }
-    return 1;
-}
-
-/* Change password of safebag: only needs handle shrouded keybags */
-
-static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass)
-{
-    PKCS8_PRIV_KEY_INFO *p8;
-    X509_SIG *p8new;
-    int p8_nid, p8_saltlen, p8_iter;
-
-    if (M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag)
-        return 1;
-
-    if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)))
-        return 0;
-    if (!alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen))
-        return 0;
-    if (!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
-                                p8_iter, p8)))
-        return 0;
-    X509_SIG_free(bag->value.shkeybag);
-    bag->value.shkeybag = p8new;
-    return 1;
-}
-
-static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen)
-{
-    PBEPARAM *pbe;
-    const unsigned char *p;
-
-    p = alg->parameter->value.sequence->data;
-    pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
-    if (!pbe)
-        return 0;
-    *pnid = OBJ_obj2nid(alg->algorithm);
-    *piter = ASN1_INTEGER_get(pbe->iter);
-    *psaltlen = pbe->salt->length;
-    PBEPARAM_free(pbe);
-    return 1;
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/pkcs12/p12_npas.c (from rev 11605, vendor-crypto/openssl/dist/crypto/pkcs12/p12_npas.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/pkcs12/p12_npas.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/pkcs12/p12_npas.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,230 @@
+/* p12_npas.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+
+/* PKCS#12 password change routine */
+
+static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass);
+static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass,
+                        const char *newpass);
+static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass,
+                        const char *newpass);
+static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen);
+
+/*
+ * Change the password on a PKCS#12 structure.
+ */
+
+int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass)
+{
+    /* Check for NULL PKCS12 structure */
+
+    if (!p12) {
+        PKCS12err(PKCS12_F_PKCS12_NEWPASS,
+                  PKCS12_R_INVALID_NULL_PKCS12_POINTER);
+        return 0;
+    }
+
+    /* Check the mac */
+
+    if (!PKCS12_verify_mac(p12, oldpass, -1)) {
+        PKCS12err(PKCS12_F_PKCS12_NEWPASS, PKCS12_R_MAC_VERIFY_FAILURE);
+        return 0;
+    }
+
+    if (!newpass_p12(p12, oldpass, newpass)) {
+        PKCS12err(PKCS12_F_PKCS12_NEWPASS, PKCS12_R_PARSE_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+/* Parse the outer PKCS#12 structure */
+
+static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass)
+{
+    STACK_OF(PKCS7) *asafes = NULL, *newsafes = NULL;
+    STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
+    int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0;
+    PKCS7 *p7, *p7new;
+    ASN1_OCTET_STRING *p12_data_tmp = NULL;
+    unsigned char mac[EVP_MAX_MD_SIZE];
+    unsigned int maclen;
+    int rv = 0;
+
+    if ((asafes = PKCS12_unpack_authsafes(p12)) == NULL)
+        goto err;
+    if ((newsafes = sk_PKCS7_new_null()) == NULL)
+        goto err;
+    for (i = 0; i < sk_PKCS7_num(asafes); i++) {
+        p7 = sk_PKCS7_value(asafes, i);
+        bagnid = OBJ_obj2nid(p7->type);
+        if (bagnid == NID_pkcs7_data) {
+            bags = PKCS12_unpack_p7data(p7);
+        } else if (bagnid == NID_pkcs7_encrypted) {
+            bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);
+            if (!alg_get(p7->d.encrypted->enc_data->algorithm,
+                         &pbe_nid, &pbe_iter, &pbe_saltlen))
+                goto err;
+        } else {
+            continue;
+        }
+        if (bags == NULL)
+            goto err;
+        if (!newpass_bags(bags, oldpass, newpass))
+            goto err;
+        /* Repack bag in same form with new password */
+        if (bagnid == NID_pkcs7_data)
+            p7new = PKCS12_pack_p7data(bags);
+        else
+            p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL,
+                                          pbe_saltlen, pbe_iter, bags);
+        if (!p7new || !sk_PKCS7_push(newsafes, p7new))
+            goto err;
+        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+        bags = NULL;
+    }
+
+    /* Repack safe: save old safe in case of error */
+
+    p12_data_tmp = p12->authsafes->d.data;
+    if ((p12->authsafes->d.data = ASN1_OCTET_STRING_new()) == NULL)
+        goto err;
+    if (!PKCS12_pack_authsafes(p12, newsafes))
+        goto err;
+    if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen))
+        goto err;
+    if (!ASN1_OCTET_STRING_set(p12->mac->dinfo->digest, mac, maclen))
+        goto err;
+
+    rv = 1;
+
+err:
+    /* Restore old safe if necessary */
+    if (rv == 1) {
+        ASN1_OCTET_STRING_free(p12_data_tmp);
+    } else if (p12_data_tmp != NULL) {
+        ASN1_OCTET_STRING_free(p12->authsafes->d.data);
+        p12->authsafes->d.data = p12_data_tmp;
+    }
+    sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+    sk_PKCS7_pop_free(asafes, PKCS7_free);
+    sk_PKCS7_pop_free(newsafes, PKCS7_free);
+    return rv;
+}
+
+static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass,
+                        const char *newpass)
+{
+    int i;
+    for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
+        if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i), oldpass, newpass))
+            return 0;
+    }
+    return 1;
+}
+
+/* Change password of safebag: only needs handle shrouded keybags */
+
+static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass,
+                       const char *newpass)
+{
+    PKCS8_PRIV_KEY_INFO *p8;
+    X509_SIG *p8new;
+    int p8_nid, p8_saltlen, p8_iter;
+
+    if (M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag)
+        return 1;
+
+    if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)))
+        return 0;
+    if (!alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen))
+        return 0;
+    p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
+                          p8_iter, p8);
+    PKCS8_PRIV_KEY_INFO_free(p8);
+    if (p8new == NULL)
+        return 0;
+    X509_SIG_free(bag->value.shkeybag);
+    bag->value.shkeybag = p8new;
+    return 1;
+}
+
+static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen)
+{
+    PBEPARAM *pbe;
+    const unsigned char *p;
+
+    p = alg->parameter->value.sequence->data;
+    pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
+    if (!pbe)
+        return 0;
+    *pnid = OBJ_obj2nid(alg->algorithm);
+    *piter = ASN1_INTEGER_get(pbe->iter);
+    *psaltlen = pbe->salt->length;
+    PBEPARAM_free(pbe);
+    return 1;
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/pkcs12/p12_utl.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pkcs12/p12_utl.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/pkcs12/p12_utl.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,161 +0,0 @@
-/* p12_utl.c */
-/*
- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/pkcs12.h>
-
-/* Cheap and nasty Unicode stuff */
-
-unsigned char *OPENSSL_asc2uni(const char *asc, int asclen,
-                               unsigned char **uni, int *unilen)
-{
-    int ulen, i;
-    unsigned char *unitmp;
-    if (asclen == -1)
-        asclen = strlen(asc);
-    ulen = asclen * 2 + 2;
-    if (!(unitmp = OPENSSL_malloc(ulen)))
-        return NULL;
-    for (i = 0; i < ulen - 2; i += 2) {
-        unitmp[i] = 0;
-        unitmp[i + 1] = asc[i >> 1];
-    }
-    /* Make result double null terminated */
-    unitmp[ulen - 2] = 0;
-    unitmp[ulen - 1] = 0;
-    if (unilen)
-        *unilen = ulen;
-    if (uni)
-        *uni = unitmp;
-    return unitmp;
-}
-
-char *OPENSSL_uni2asc(unsigned char *uni, int unilen)
-{
-    int asclen, i;
-    char *asctmp;
-    asclen = unilen / 2;
-    /* If no terminating zero allow for one */
-    if (!unilen || uni[unilen - 1])
-        asclen++;
-    uni++;
-    if (!(asctmp = OPENSSL_malloc(asclen)))
-        return NULL;
-    for (i = 0; i < unilen; i += 2)
-        asctmp[i >> 1] = uni[i];
-    asctmp[asclen - 1] = 0;
-    return asctmp;
-}
-
-int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12)
-{
-    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
-}
-
-#ifndef OPENSSL_NO_FP_API
-int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12)
-{
-    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
-}
-#endif
-
-PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12)
-{
-    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
-}
-
-#ifndef OPENSSL_NO_FP_API
-PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)
-{
-    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
-}
-#endif
-
-PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509)
-{
-    return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),
-                                    NID_x509Certificate, NID_certBag);
-}
-
-PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl)
-{
-    return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL),
-                                    NID_x509Crl, NID_crlBag);
-}
-
-X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag)
-{
-    if (M_PKCS12_bag_type(bag) != NID_certBag)
-        return NULL;
-    if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate)
-        return NULL;
-    return ASN1_item_unpack(bag->value.bag->value.octet,
-                            ASN1_ITEM_rptr(X509));
-}
-
-X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag)
-{
-    if (M_PKCS12_bag_type(bag) != NID_crlBag)
-        return NULL;
-    if (M_PKCS12_cert_bag_type(bag) != NID_x509Crl)
-        return NULL;
-    return ASN1_item_unpack(bag->value.bag->value.octet,
-                            ASN1_ITEM_rptr(X509_CRL));
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/pkcs12/p12_utl.c (from rev 11605, vendor-crypto/openssl/dist/crypto/pkcs12/p12_utl.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/pkcs12/p12_utl.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/pkcs12/p12_utl.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,165 @@
+/* p12_utl.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+
+/* Cheap and nasty Unicode stuff */
+
+unsigned char *OPENSSL_asc2uni(const char *asc, int asclen,
+                               unsigned char **uni, int *unilen)
+{
+    int ulen, i;
+    unsigned char *unitmp;
+    if (asclen == -1)
+        asclen = strlen(asc);
+    ulen = asclen * 2 + 2;
+    if (!(unitmp = OPENSSL_malloc(ulen)))
+        return NULL;
+    for (i = 0; i < ulen - 2; i += 2) {
+        unitmp[i] = 0;
+        unitmp[i + 1] = asc[i >> 1];
+    }
+    /* Make result double null terminated */
+    unitmp[ulen - 2] = 0;
+    unitmp[ulen - 1] = 0;
+    if (unilen)
+        *unilen = ulen;
+    if (uni)
+        *uni = unitmp;
+    return unitmp;
+}
+
+char *OPENSSL_uni2asc(unsigned char *uni, int unilen)
+{
+    int asclen, i;
+    char *asctmp;
+
+    /* string must contain an even number of bytes */
+    if (unilen & 1)
+        return NULL;
+    asclen = unilen / 2;
+    /* If no terminating zero allow for one */
+    if (!unilen || uni[unilen - 1])
+        asclen++;
+    uni++;
+    if (!(asctmp = OPENSSL_malloc(asclen)))
+        return NULL;
+    for (i = 0; i < unilen; i += 2)
+        asctmp[i >> 1] = uni[i];
+    asctmp[asclen - 1] = 0;
+    return asctmp;
+}
+
+int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12)
+{
+    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
+}
+
+#ifndef OPENSSL_NO_FP_API
+int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12)
+{
+    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
+}
+#endif
+
+PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12)
+{
+    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
+}
+
+#ifndef OPENSSL_NO_FP_API
+PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)
+{
+    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
+}
+#endif
+
+PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509)
+{
+    return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),
+                                    NID_x509Certificate, NID_certBag);
+}
+
+PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl)
+{
+    return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL),
+                                    NID_x509Crl, NID_crlBag);
+}
+
+X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag)
+{
+    if (M_PKCS12_bag_type(bag) != NID_certBag)
+        return NULL;
+    if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate)
+        return NULL;
+    return ASN1_item_unpack(bag->value.bag->value.octet,
+                            ASN1_ITEM_rptr(X509));
+}
+
+X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag)
+{
+    if (M_PKCS12_bag_type(bag) != NID_crlBag)
+        return NULL;
+    if (M_PKCS12_cert_bag_type(bag) != NID_x509Crl)
+        return NULL;
+    return ASN1_item_unpack(bag->value.bag->value.octet,
+                            ASN1_ITEM_rptr(X509_CRL));
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/pkcs12/pkcs12.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/pkcs12/pkcs12.h	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/pkcs12/pkcs12.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,342 +0,0 @@
-/* pkcs12.h */
-/*
- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_PKCS12_H
-# define HEADER_PKCS12_H
-
-# include <openssl/bio.h>
-# include <openssl/x509.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-# define PKCS12_KEY_ID   1
-# define PKCS12_IV_ID    2
-# define PKCS12_MAC_ID   3
-
-/* Default iteration count */
-# ifndef PKCS12_DEFAULT_ITER
-#  define PKCS12_DEFAULT_ITER     PKCS5_DEFAULT_ITER
-# endif
-
-# define PKCS12_MAC_KEY_LENGTH 20
-
-# define PKCS12_SALT_LEN 8
-
-/* Uncomment out next line for unicode password and names, otherwise ASCII */
-
-/*
- * #define PBE_UNICODE
- */
-
-# ifdef PBE_UNICODE
-#  define PKCS12_key_gen PKCS12_key_gen_uni
-#  define PKCS12_add_friendlyname PKCS12_add_friendlyname_uni
-# else
-#  define PKCS12_key_gen PKCS12_key_gen_asc
-#  define PKCS12_add_friendlyname PKCS12_add_friendlyname_asc
-# endif
-
-/* MS key usage constants */
-
-# define KEY_EX  0x10
-# define KEY_SIG 0x80
-
-typedef struct {
-    X509_SIG *dinfo;
-    ASN1_OCTET_STRING *salt;
-    ASN1_INTEGER *iter;         /* defaults to 1 */
-} PKCS12_MAC_DATA;
-
-typedef struct {
-    ASN1_INTEGER *version;
-    PKCS12_MAC_DATA *mac;
-    PKCS7 *authsafes;
-} PKCS12;
-
-typedef struct {
-    ASN1_OBJECT *type;
-    union {
-        struct pkcs12_bag_st *bag; /* secret, crl and certbag */
-        struct pkcs8_priv_key_info_st *keybag; /* keybag */
-        X509_SIG *shkeybag;     /* shrouded key bag */
-        STACK_OF(PKCS12_SAFEBAG) *safes;
-        ASN1_TYPE *other;
-    } value;
-    STACK_OF(X509_ATTRIBUTE) *attrib;
-} PKCS12_SAFEBAG;
-
-DECLARE_STACK_OF(PKCS12_SAFEBAG)
-DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG)
-DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG)
-
-typedef struct pkcs12_bag_st {
-    ASN1_OBJECT *type;
-    union {
-        ASN1_OCTET_STRING *x509cert;
-        ASN1_OCTET_STRING *x509crl;
-        ASN1_OCTET_STRING *octet;
-        ASN1_IA5STRING *sdsicert;
-        ASN1_TYPE *other;       /* Secret or other bag */
-    } value;
-} PKCS12_BAGS;
-
-# define PKCS12_ERROR    0
-# define PKCS12_OK       1
-
-/* Compatibility macros */
-
-# define M_PKCS12_x5092certbag PKCS12_x5092certbag
-# define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag
-
-# define M_PKCS12_certbag2x509 PKCS12_certbag2x509
-# define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl
-
-# define M_PKCS12_unpack_p7data PKCS12_unpack_p7data
-# define M_PKCS12_pack_authsafes PKCS12_pack_authsafes
-# define M_PKCS12_unpack_authsafes PKCS12_unpack_authsafes
-# define M_PKCS12_unpack_p7encdata PKCS12_unpack_p7encdata
-
-# define M_PKCS12_decrypt_skey PKCS12_decrypt_skey
-# define M_PKCS8_decrypt PKCS8_decrypt
-
-# define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type)
-# define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type)
-# define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type
-
-# define PKCS12_get_attr(bag, attr_nid) \
-                         PKCS12_get_attr_gen(bag->attrib, attr_nid)
-
-# define PKCS8_get_attr(p8, attr_nid) \
-                PKCS12_get_attr_gen(p8->attributes, attr_nid)
-
-# define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0)
-
-PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509);
-PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl);
-X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag);
-X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag);
-
-PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
-                                         int nid1, int nid2);
-PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8);
-PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass,
-                                   int passlen);
-PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag,
-                                         const char *pass, int passlen);
-X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
-                        const char *pass, int passlen, unsigned char *salt,
-                        int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8);
-PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
-                                     int passlen, unsigned char *salt,
-                                     int saltlen, int iter,
-                                     PKCS8_PRIV_KEY_INFO *p8);
-PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk);
-STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7);
-PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
-                             unsigned char *salt, int saltlen, int iter,
-                             STACK_OF(PKCS12_SAFEBAG) *bags);
-STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass,
-                                                  int passlen);
-
-int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes);
-STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12);
-
-int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name,
-                          int namelen);
-int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
-                                int namelen);
-int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,
-                           int namelen);
-int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag,
-                                const unsigned char *name, int namelen);
-int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage);
-ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid);
-char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
-unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
-                                int passlen, unsigned char *in, int inlen,
-                                unsigned char **data, int *datalen,
-                                int en_de);
-void *PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
-                              const char *pass, int passlen,
-                              ASN1_OCTET_STRING *oct, int zbuf);
-ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,
-                                           const ASN1_ITEM *it,
-                                           const char *pass, int passlen,
-                                           void *obj, int zbuf);
-PKCS12 *PKCS12_init(int mode);
-int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
-                       int saltlen, int id, int iter, int n,
-                       unsigned char *out, const EVP_MD *md_type);
-int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
-                       int saltlen, int id, int iter, int n,
-                       unsigned char *out, const EVP_MD *md_type);
-int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-                        ASN1_TYPE *param, const EVP_CIPHER *cipher,
-                        const EVP_MD *md_type, int en_de);
-int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
-                   unsigned char *mac, unsigned int *maclen);
-int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);
-int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
-                   unsigned char *salt, int saltlen, int iter,
-                   const EVP_MD *md_type);
-int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
-                     int saltlen, const EVP_MD *md_type);
-unsigned char *OPENSSL_asc2uni(const char *asc, int asclen,
-                               unsigned char **uni, int *unilen);
-char *OPENSSL_uni2asc(unsigned char *uni, int unilen);
-
-DECLARE_ASN1_FUNCTIONS(PKCS12)
-DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
-DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG)
-DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS)
-
-DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS)
-DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
-
-void PKCS12_PBE_add(void);
-int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
-                 STACK_OF(X509) **ca);
-PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
-                      STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
-                      int mac_iter, int keytype);
-
-PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
-PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
-                               EVP_PKEY *key, int key_usage, int iter,
-                               int key_nid, char *pass);
-int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
-                    int safe_nid, int iter, char *pass);
-PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid);
-
-int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);
-int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);
-PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12);
-PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
-int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_PKCS12_strings(void);
-
-/* Error codes for the PKCS12 functions. */
-
-/* Function codes. */
-# define PKCS12_F_PARSE_BAG                               129
-# define PKCS12_F_PARSE_BAGS                              103
-# define PKCS12_F_PKCS12_ADD_FRIENDLYNAME                 100
-# define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC             127
-# define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI             102
-# define PKCS12_F_PKCS12_ADD_LOCALKEYID                   104
-# define PKCS12_F_PKCS12_CREATE                           105
-# define PKCS12_F_PKCS12_GEN_MAC                          107
-# define PKCS12_F_PKCS12_INIT                             109
-# define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I                 106
-# define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT                 108
-# define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG                117
-# define PKCS12_F_PKCS12_KEY_GEN_ASC                      110
-# define PKCS12_F_PKCS12_KEY_GEN_UNI                      111
-# define PKCS12_F_PKCS12_MAKE_KEYBAG                      112
-# define PKCS12_F_PKCS12_MAKE_SHKEYBAG                    113
-# define PKCS12_F_PKCS12_NEWPASS                          128
-# define PKCS12_F_PKCS12_PACK_P7DATA                      114
-# define PKCS12_F_PKCS12_PACK_P7ENCDATA                   115
-# define PKCS12_F_PKCS12_PARSE                            118
-# define PKCS12_F_PKCS12_PBE_CRYPT                        119
-# define PKCS12_F_PKCS12_PBE_KEYIVGEN                     120
-# define PKCS12_F_PKCS12_SETUP_MAC                        122
-# define PKCS12_F_PKCS12_SET_MAC                          123
-# define PKCS12_F_PKCS12_UNPACK_AUTHSAFES                 130
-# define PKCS12_F_PKCS12_UNPACK_P7DATA                    131
-# define PKCS12_F_PKCS12_VERIFY_MAC                       126
-# define PKCS12_F_PKCS8_ADD_KEYUSAGE                      124
-# define PKCS12_F_PKCS8_ENCRYPT                           125
-
-/* Reason codes. */
-# define PKCS12_R_CANT_PACK_STRUCTURE                     100
-# define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
-# define PKCS12_R_DECODE_ERROR                            101
-# define PKCS12_R_ENCODE_ERROR                            102
-# define PKCS12_R_ENCRYPT_ERROR                           103
-# define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE       120
-# define PKCS12_R_INVALID_NULL_ARGUMENT                   104
-# define PKCS12_R_INVALID_NULL_PKCS12_POINTER             105
-# define PKCS12_R_IV_GEN_ERROR                            106
-# define PKCS12_R_KEY_GEN_ERROR                           107
-# define PKCS12_R_MAC_ABSENT                              108
-# define PKCS12_R_MAC_GENERATION_ERROR                    109
-# define PKCS12_R_MAC_SETUP_ERROR                         110
-# define PKCS12_R_MAC_STRING_SET_ERROR                    111
-# define PKCS12_R_MAC_VERIFY_ERROR                        112
-# define PKCS12_R_MAC_VERIFY_FAILURE                      113
-# define PKCS12_R_PARSE_ERROR                             114
-# define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR           115
-# define PKCS12_R_PKCS12_CIPHERFINAL_ERROR                116
-# define PKCS12_R_PKCS12_PBE_CRYPT_ERROR                  117
-# define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM                118
-# define PKCS12_R_UNSUPPORTED_PKCS12_MODE                 119
-
-#ifdef  __cplusplus
-}
-#endif
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/pkcs12/pkcs12.h (from rev 11605, vendor-crypto/openssl/dist/crypto/pkcs12/pkcs12.h)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/pkcs12/pkcs12.h	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/pkcs12/pkcs12.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,342 @@
+/* pkcs12.h */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_PKCS12_H
+# define HEADER_PKCS12_H
+
+# include <openssl/bio.h>
+# include <openssl/x509.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# define PKCS12_KEY_ID   1
+# define PKCS12_IV_ID    2
+# define PKCS12_MAC_ID   3
+
+/* Default iteration count */
+# ifndef PKCS12_DEFAULT_ITER
+#  define PKCS12_DEFAULT_ITER     PKCS5_DEFAULT_ITER
+# endif
+
+# define PKCS12_MAC_KEY_LENGTH 20
+
+# define PKCS12_SALT_LEN 8
+
+/* Uncomment out next line for unicode password and names, otherwise ASCII */
+
+/*
+ * #define PBE_UNICODE
+ */
+
+# ifdef PBE_UNICODE
+#  define PKCS12_key_gen PKCS12_key_gen_uni
+#  define PKCS12_add_friendlyname PKCS12_add_friendlyname_uni
+# else
+#  define PKCS12_key_gen PKCS12_key_gen_asc
+#  define PKCS12_add_friendlyname PKCS12_add_friendlyname_asc
+# endif
+
+/* MS key usage constants */
+
+# define KEY_EX  0x10
+# define KEY_SIG 0x80
+
+typedef struct {
+    X509_SIG *dinfo;
+    ASN1_OCTET_STRING *salt;
+    ASN1_INTEGER *iter;         /* defaults to 1 */
+} PKCS12_MAC_DATA;
+
+typedef struct {
+    ASN1_INTEGER *version;
+    PKCS12_MAC_DATA *mac;
+    PKCS7 *authsafes;
+} PKCS12;
+
+typedef struct {
+    ASN1_OBJECT *type;
+    union {
+        struct pkcs12_bag_st *bag; /* secret, crl and certbag */
+        struct pkcs8_priv_key_info_st *keybag; /* keybag */
+        X509_SIG *shkeybag;     /* shrouded key bag */
+        STACK_OF(PKCS12_SAFEBAG) *safes;
+        ASN1_TYPE *other;
+    } value;
+    STACK_OF(X509_ATTRIBUTE) *attrib;
+} PKCS12_SAFEBAG;
+
+DECLARE_STACK_OF(PKCS12_SAFEBAG)
+DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG)
+DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG)
+
+typedef struct pkcs12_bag_st {
+    ASN1_OBJECT *type;
+    union {
+        ASN1_OCTET_STRING *x509cert;
+        ASN1_OCTET_STRING *x509crl;
+        ASN1_OCTET_STRING *octet;
+        ASN1_IA5STRING *sdsicert;
+        ASN1_TYPE *other;       /* Secret or other bag */
+    } value;
+} PKCS12_BAGS;
+
+# define PKCS12_ERROR    0
+# define PKCS12_OK       1
+
+/* Compatibility macros */
+
+# define M_PKCS12_x5092certbag PKCS12_x5092certbag
+# define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag
+
+# define M_PKCS12_certbag2x509 PKCS12_certbag2x509
+# define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl
+
+# define M_PKCS12_unpack_p7data PKCS12_unpack_p7data
+# define M_PKCS12_pack_authsafes PKCS12_pack_authsafes
+# define M_PKCS12_unpack_authsafes PKCS12_unpack_authsafes
+# define M_PKCS12_unpack_p7encdata PKCS12_unpack_p7encdata
+
+# define M_PKCS12_decrypt_skey PKCS12_decrypt_skey
+# define M_PKCS8_decrypt PKCS8_decrypt
+
+# define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type)
+# define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type)
+# define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type
+
+# define PKCS12_get_attr(bag, attr_nid) \
+                         PKCS12_get_attr_gen(bag->attrib, attr_nid)
+
+# define PKCS8_get_attr(p8, attr_nid) \
+                PKCS12_get_attr_gen(p8->attributes, attr_nid)
+
+# define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0)
+
+PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509);
+PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl);
+X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag);
+
+PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
+                                         int nid1, int nid2);
+PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8);
+PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass,
+                                   int passlen);
+PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag,
+                                         const char *pass, int passlen);
+X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
+                        const char *pass, int passlen, unsigned char *salt,
+                        int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8);
+PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
+                                     int passlen, unsigned char *salt,
+                                     int saltlen, int iter,
+                                     PKCS8_PRIV_KEY_INFO *p8);
+PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk);
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7);
+PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
+                             unsigned char *salt, int saltlen, int iter,
+                             STACK_OF(PKCS12_SAFEBAG) *bags);
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass,
+                                                  int passlen);
+
+int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes);
+STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12);
+
+int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name,
+                          int namelen);
+int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
+                                int namelen);
+int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,
+                           int namelen);
+int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag,
+                                const unsigned char *name, int namelen);
+int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage);
+ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid);
+char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
+unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
+                                int passlen, unsigned char *in, int inlen,
+                                unsigned char **data, int *datalen,
+                                int en_de);
+void *PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
+                              const char *pass, int passlen,
+                              ASN1_OCTET_STRING *oct, int zbuf);
+ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,
+                                           const ASN1_ITEM *it,
+                                           const char *pass, int passlen,
+                                           void *obj, int zbuf);
+PKCS12 *PKCS12_init(int mode);
+int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
+                       int saltlen, int id, int iter, int n,
+                       unsigned char *out, const EVP_MD *md_type);
+int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
+                       int saltlen, int id, int iter, int n,
+                       unsigned char *out, const EVP_MD *md_type);
+int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+                        ASN1_TYPE *param, const EVP_CIPHER *cipher,
+                        const EVP_MD *md_type, int en_de);
+int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
+                   unsigned char *mac, unsigned int *maclen);
+int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);
+int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
+                   unsigned char *salt, int saltlen, int iter,
+                   const EVP_MD *md_type);
+int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
+                     int saltlen, const EVP_MD *md_type);
+unsigned char *OPENSSL_asc2uni(const char *asc, int asclen,
+                               unsigned char **uni, int *unilen);
+char *OPENSSL_uni2asc(unsigned char *uni, int unilen);
+
+DECLARE_ASN1_FUNCTIONS(PKCS12)
+DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
+DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG)
+DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS)
+
+DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS)
+DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
+
+void PKCS12_PBE_add(void);
+int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
+                 STACK_OF(X509) **ca);
+PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
+                      STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
+                      int mac_iter, int keytype);
+
+PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
+PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
+                               EVP_PKEY *key, int key_usage, int iter,
+                               int key_nid, char *pass);
+int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
+                    int safe_nid, int iter, char *pass);
+PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid);
+
+int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);
+int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);
+PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12);
+PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
+int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_PKCS12_strings(void);
+
+/* Error codes for the PKCS12 functions. */
+
+/* Function codes. */
+# define PKCS12_F_PARSE_BAG                               129
+# define PKCS12_F_PARSE_BAGS                              103
+# define PKCS12_F_PKCS12_ADD_FRIENDLYNAME                 100
+# define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC             127
+# define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI             102
+# define PKCS12_F_PKCS12_ADD_LOCALKEYID                   104
+# define PKCS12_F_PKCS12_CREATE                           105
+# define PKCS12_F_PKCS12_GEN_MAC                          107
+# define PKCS12_F_PKCS12_INIT                             109
+# define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I                 106
+# define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT                 108
+# define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG                117
+# define PKCS12_F_PKCS12_KEY_GEN_ASC                      110
+# define PKCS12_F_PKCS12_KEY_GEN_UNI                      111
+# define PKCS12_F_PKCS12_MAKE_KEYBAG                      112
+# define PKCS12_F_PKCS12_MAKE_SHKEYBAG                    113
+# define PKCS12_F_PKCS12_NEWPASS                          128
+# define PKCS12_F_PKCS12_PACK_P7DATA                      114
+# define PKCS12_F_PKCS12_PACK_P7ENCDATA                   115
+# define PKCS12_F_PKCS12_PARSE                            118
+# define PKCS12_F_PKCS12_PBE_CRYPT                        119
+# define PKCS12_F_PKCS12_PBE_KEYIVGEN                     120
+# define PKCS12_F_PKCS12_SETUP_MAC                        122
+# define PKCS12_F_PKCS12_SET_MAC                          123
+# define PKCS12_F_PKCS12_UNPACK_AUTHSAFES                 130
+# define PKCS12_F_PKCS12_UNPACK_P7DATA                    131
+# define PKCS12_F_PKCS12_VERIFY_MAC                       126
+# define PKCS12_F_PKCS8_ADD_KEYUSAGE                      124
+# define PKCS12_F_PKCS8_ENCRYPT                           125
+
+/* Reason codes. */
+# define PKCS12_R_CANT_PACK_STRUCTURE                     100
+# define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
+# define PKCS12_R_DECODE_ERROR                            101
+# define PKCS12_R_ENCODE_ERROR                            102
+# define PKCS12_R_ENCRYPT_ERROR                           103
+# define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE       120
+# define PKCS12_R_INVALID_NULL_ARGUMENT                   104
+# define PKCS12_R_INVALID_NULL_PKCS12_POINTER             105
+# define PKCS12_R_IV_GEN_ERROR                            106
+# define PKCS12_R_KEY_GEN_ERROR                           107
+# define PKCS12_R_MAC_ABSENT                              108
+# define PKCS12_R_MAC_GENERATION_ERROR                    109
+# define PKCS12_R_MAC_SETUP_ERROR                         110
+# define PKCS12_R_MAC_STRING_SET_ERROR                    111
+# define PKCS12_R_MAC_VERIFY_ERROR                        112
+# define PKCS12_R_MAC_VERIFY_FAILURE                      113
+# define PKCS12_R_PARSE_ERROR                             114
+# define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR           115
+# define PKCS12_R_PKCS12_CIPHERFINAL_ERROR                116
+# define PKCS12_R_PKCS12_PBE_CRYPT_ERROR                  117
+# define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM                118
+# define PKCS12_R_UNSUPPORTED_PKCS12_MODE                 119
+
+#ifdef  __cplusplus
+}
+#endif
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/pkcs7/pk7_doit.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pkcs7/pk7_doit.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/pkcs7/pk7_doit.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,1295 +0,0 @@
-/* crypto/pkcs7/pk7_doit.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/err.h>
-
-static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
-                         void *value);
-static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid);
-
-static int PKCS7_type_is_other(PKCS7 *p7)
-{
-    int isOther = 1;
-
-    int nid = OBJ_obj2nid(p7->type);
-
-    switch (nid) {
-    case NID_pkcs7_data:
-    case NID_pkcs7_signed:
-    case NID_pkcs7_enveloped:
-    case NID_pkcs7_signedAndEnveloped:
-    case NID_pkcs7_digest:
-    case NID_pkcs7_encrypted:
-        isOther = 0;
-        break;
-    default:
-        isOther = 1;
-    }
-
-    return isOther;
-
-}
-
-static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7)
-{
-    if (PKCS7_type_is_data(p7))
-        return p7->d.data;
-    if (PKCS7_type_is_other(p7) && p7->d.other
-        && (p7->d.other->type == V_ASN1_OCTET_STRING))
-        return p7->d.other->value.octet_string;
-    return NULL;
-}
-
-static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg)
-{
-    BIO *btmp;
-    const EVP_MD *md;
-    if ((btmp = BIO_new(BIO_f_md())) == NULL) {
-        PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB);
-        goto err;
-    }
-
-    md = EVP_get_digestbyobj(alg->algorithm);
-    if (md == NULL) {
-        PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, PKCS7_R_UNKNOWN_DIGEST_TYPE);
-        goto err;
-    }
-
-    BIO_set_md(btmp, md);
-    if (*pbio == NULL)
-        *pbio = btmp;
-    else if (!BIO_push(*pbio, btmp)) {
-        PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB);
-        goto err;
-    }
-    btmp = NULL;
-
-    return 1;
-
- err:
-    if (btmp)
-        BIO_free(btmp);
-    return 0;
-
-}
-
-static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
-                              unsigned char *key, int keylen)
-{
-    EVP_PKEY_CTX *pctx = NULL;
-    EVP_PKEY *pkey = NULL;
-    unsigned char *ek = NULL;
-    int ret = 0;
-    size_t eklen;
-
-    pkey = X509_get_pubkey(ri->cert);
-
-    if (!pkey)
-        return 0;
-
-    pctx = EVP_PKEY_CTX_new(pkey, NULL);
-    if (!pctx)
-        return 0;
-
-    if (EVP_PKEY_encrypt_init(pctx) <= 0)
-        goto err;
-
-    if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
-                          EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0) {
-        PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, PKCS7_R_CTRL_ERROR);
-        goto err;
-    }
-
-    if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0)
-        goto err;
-
-    ek = OPENSSL_malloc(eklen);
-
-    if (ek == NULL) {
-        PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0)
-        goto err;
-
-    ASN1_STRING_set0(ri->enc_key, ek, eklen);
-    ek = NULL;
-
-    ret = 1;
-
- err:
-    if (pkey)
-        EVP_PKEY_free(pkey);
-    if (pctx)
-        EVP_PKEY_CTX_free(pctx);
-    if (ek)
-        OPENSSL_free(ek);
-    return ret;
-
-}
-
-static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
-                               PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey)
-{
-    EVP_PKEY_CTX *pctx = NULL;
-    unsigned char *ek = NULL;
-    size_t eklen;
-
-    int ret = -1;
-
-    pctx = EVP_PKEY_CTX_new(pkey, NULL);
-    if (!pctx)
-        return -1;
-
-    if (EVP_PKEY_decrypt_init(pctx) <= 0)
-        goto err;
-
-    if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT,
-                          EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0) {
-        PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, PKCS7_R_CTRL_ERROR);
-        goto err;
-    }
-
-    if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
-                         ri->enc_key->data, ri->enc_key->length) <= 0)
-        goto err;
-
-    ek = OPENSSL_malloc(eklen);
-
-    if (ek == NULL) {
-        PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    if (EVP_PKEY_decrypt(pctx, ek, &eklen,
-                         ri->enc_key->data, ri->enc_key->length) <= 0) {
-        ret = 0;
-        PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB);
-        goto err;
-    }
-
-    ret = 1;
-
-    if (*pek) {
-        OPENSSL_cleanse(*pek, *peklen);
-        OPENSSL_free(*pek);
-    }
-
-    *pek = ek;
-    *peklen = eklen;
-
- err:
-    if (pctx)
-        EVP_PKEY_CTX_free(pctx);
-    if (!ret && ek)
-        OPENSSL_free(ek);
-
-    return ret;
-}
-
-BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
-{
-    int i;
-    BIO *out = NULL, *btmp = NULL;
-    X509_ALGOR *xa = NULL;
-    const EVP_CIPHER *evp_cipher = NULL;
-    STACK_OF(X509_ALGOR) *md_sk = NULL;
-    STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
-    X509_ALGOR *xalg = NULL;
-    PKCS7_RECIP_INFO *ri = NULL;
-    ASN1_OCTET_STRING *os = NULL;
-
-    if (p7 == NULL) {
-        PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
-        return NULL;
-    }
-    /*
-     * The content field in the PKCS7 ContentInfo is optional, but that really
-     * only applies to inner content (precisely, detached signatures).
-     *
-     * When reading content, missing outer content is therefore treated as an
-     * error.
-     *
-     * When creating content, PKCS7_content_new() must be called before
-     * calling this method, so a NULL p7->d is always an error.
-     */
-    if (p7->d.ptr == NULL) {
-        PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
-        return NULL;
-    }
-
-    i = OBJ_obj2nid(p7->type);
-    p7->state = PKCS7_S_HEADER;
-
-    switch (i) {
-    case NID_pkcs7_signed:
-        md_sk = p7->d.sign->md_algs;
-        os = PKCS7_get_octet_string(p7->d.sign->contents);
-        break;
-    case NID_pkcs7_signedAndEnveloped:
-        rsk = p7->d.signed_and_enveloped->recipientinfo;
-        md_sk = p7->d.signed_and_enveloped->md_algs;
-        xalg = p7->d.signed_and_enveloped->enc_data->algorithm;
-        evp_cipher = p7->d.signed_and_enveloped->enc_data->cipher;
-        if (evp_cipher == NULL) {
-            PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_CIPHER_NOT_INITIALIZED);
-            goto err;
-        }
-        break;
-    case NID_pkcs7_enveloped:
-        rsk = p7->d.enveloped->recipientinfo;
-        xalg = p7->d.enveloped->enc_data->algorithm;
-        evp_cipher = p7->d.enveloped->enc_data->cipher;
-        if (evp_cipher == NULL) {
-            PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_CIPHER_NOT_INITIALIZED);
-            goto err;
-        }
-        break;
-    case NID_pkcs7_digest:
-        xa = p7->d.digest->md;
-        os = PKCS7_get_octet_string(p7->d.digest->contents);
-        break;
-    case NID_pkcs7_data:
-        break;
-    default:
-        PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
-        goto err;
-    }
-
-    for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++)
-        if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i)))
-            goto err;
-
-    if (xa && !PKCS7_bio_add_digest(&out, xa))
-        goto err;
-
-    if (evp_cipher != NULL) {
-        unsigned char key[EVP_MAX_KEY_LENGTH];
-        unsigned char iv[EVP_MAX_IV_LENGTH];
-        int keylen, ivlen;
-        EVP_CIPHER_CTX *ctx;
-
-        if ((btmp = BIO_new(BIO_f_cipher())) == NULL) {
-            PKCS7err(PKCS7_F_PKCS7_DATAINIT, ERR_R_BIO_LIB);
-            goto err;
-        }
-        BIO_get_cipher_ctx(btmp, &ctx);
-        keylen = EVP_CIPHER_key_length(evp_cipher);
-        ivlen = EVP_CIPHER_iv_length(evp_cipher);
-        xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
-        if (ivlen > 0)
-            if (RAND_pseudo_bytes(iv, ivlen) <= 0)
-                goto err;
-        if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1) <= 0)
-            goto err;
-        if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
-            goto err;
-        if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0)
-            goto err;
-
-        if (ivlen > 0) {
-            if (xalg->parameter == NULL) {
-                xalg->parameter = ASN1_TYPE_new();
-                if (xalg->parameter == NULL)
-                    goto err;
-            }
-            if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
-                goto err;
-        }
-
-        /* Lets do the pub key stuff :-) */
-        for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
-            ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
-            if (pkcs7_encode_rinfo(ri, key, keylen) <= 0)
-                goto err;
-        }
-        OPENSSL_cleanse(key, keylen);
-
-        if (out == NULL)
-            out = btmp;
-        else
-            BIO_push(out, btmp);
-        btmp = NULL;
-    }
-
-    if (bio == NULL) {
-        if (PKCS7_is_detached(p7))
-            bio = BIO_new(BIO_s_null());
-        else if (os && os->length > 0)
-            bio = BIO_new_mem_buf(os->data, os->length);
-        if (bio == NULL) {
-            bio = BIO_new(BIO_s_mem());
-            if (bio == NULL)
-                goto err;
-            BIO_set_mem_eof_return(bio, 0);
-        }
-    }
-    if (out)
-        BIO_push(out, bio);
-    else
-        out = bio;
-    bio = NULL;
-    if (0) {
- err:
-        if (out != NULL)
-            BIO_free_all(out);
-        if (btmp != NULL)
-            BIO_free_all(btmp);
-        out = NULL;
-    }
-    return (out);
-}
-
-static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert)
-{
-    int ret;
-    ret = X509_NAME_cmp(ri->issuer_and_serial->issuer,
-                        pcert->cert_info->issuer);
-    if (ret)
-        return ret;
-    return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber,
-                              ri->issuer_and_serial->serial);
-}
-
-/* int */
-BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
-{
-    int i, j;
-    BIO *out = NULL, *btmp = NULL, *etmp = NULL, *bio = NULL;
-    X509_ALGOR *xa;
-    ASN1_OCTET_STRING *data_body = NULL;
-    const EVP_MD *evp_md;
-    const EVP_CIPHER *evp_cipher = NULL;
-    EVP_CIPHER_CTX *evp_ctx = NULL;
-    X509_ALGOR *enc_alg = NULL;
-    STACK_OF(X509_ALGOR) *md_sk = NULL;
-    STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
-    PKCS7_RECIP_INFO *ri = NULL;
-    unsigned char *ek = NULL, *tkey = NULL;
-    int eklen = 0, tkeylen = 0;
-
-    if (p7 == NULL) {
-        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
-        return NULL;
-    }
-
-    if (p7->d.ptr == NULL) {
-        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
-        return NULL;
-    }
-
-    i = OBJ_obj2nid(p7->type);
-    p7->state = PKCS7_S_HEADER;
-
-    switch (i) {
-    case NID_pkcs7_signed:
-        /*
-         * p7->d.sign->contents is a PKCS7 structure consisting of a contentType
-         * field and optional content.
-         * data_body is NULL if that structure has no (=detached) content
-         * or if the contentType is wrong (i.e., not "data").
-         */
-        data_body = PKCS7_get_octet_string(p7->d.sign->contents);
-        if (!PKCS7_is_detached(p7) && data_body == NULL) {
-            PKCS7err(PKCS7_F_PKCS7_DATADECODE,
-                     PKCS7_R_INVALID_SIGNED_DATA_TYPE);
-            goto err;
-        }
-        md_sk = p7->d.sign->md_algs;
-        break;
-    case NID_pkcs7_signedAndEnveloped:
-        rsk = p7->d.signed_and_enveloped->recipientinfo;
-        md_sk = p7->d.signed_and_enveloped->md_algs;
-        /* data_body is NULL if the optional EncryptedContent is missing. */
-        data_body = p7->d.signed_and_enveloped->enc_data->enc_data;
-        enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm;
-        evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
-        if (evp_cipher == NULL) {
-            PKCS7err(PKCS7_F_PKCS7_DATADECODE,
-                     PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
-            goto err;
-        }
-        break;
-    case NID_pkcs7_enveloped:
-        rsk = p7->d.enveloped->recipientinfo;
-        enc_alg = p7->d.enveloped->enc_data->algorithm;
-        /* data_body is NULL if the optional EncryptedContent is missing. */
-        data_body = p7->d.enveloped->enc_data->enc_data;
-        evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
-        if (evp_cipher == NULL) {
-            PKCS7err(PKCS7_F_PKCS7_DATADECODE,
-                     PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
-            goto err;
-        }
-        break;
-    default:
-        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
-        goto err;
-    }
-
-    /* Detached content must be supplied via in_bio instead. */
-    if (data_body == NULL && in_bio == NULL) {
-        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
-        goto err;
-    }
-
-    /* We will be checking the signature */
-    if (md_sk != NULL) {
-        for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
-            xa = sk_X509_ALGOR_value(md_sk, i);
-            if ((btmp = BIO_new(BIO_f_md())) == NULL) {
-                PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB);
-                goto err;
-            }
-
-            j = OBJ_obj2nid(xa->algorithm);
-            evp_md = EVP_get_digestbynid(j);
-            if (evp_md == NULL) {
-                PKCS7err(PKCS7_F_PKCS7_DATADECODE,
-                         PKCS7_R_UNKNOWN_DIGEST_TYPE);
-                goto err;
-            }
-
-            BIO_set_md(btmp, evp_md);
-            if (out == NULL)
-                out = btmp;
-            else
-                BIO_push(out, btmp);
-            btmp = NULL;
-        }
-    }
-
-    if (evp_cipher != NULL) {
-#if 0
-        unsigned char key[EVP_MAX_KEY_LENGTH];
-        unsigned char iv[EVP_MAX_IV_LENGTH];
-        unsigned char *p;
-        int keylen, ivlen;
-        int max;
-        X509_OBJECT ret;
-#endif
-
-        if ((etmp = BIO_new(BIO_f_cipher())) == NULL) {
-            PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB);
-            goto err;
-        }
-
-        /*
-         * It was encrypted, we need to decrypt the secret key with the
-         * private key
-         */
-
-        /*
-         * Find the recipientInfo which matches the passed certificate (if
-         * any)
-         */
-
-        if (pcert) {
-            for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
-                ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
-                if (!pkcs7_cmp_ri(ri, pcert))
-                    break;
-                ri = NULL;
-            }
-            if (ri == NULL) {
-                PKCS7err(PKCS7_F_PKCS7_DATADECODE,
-                         PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
-                goto err;
-            }
-        }
-
-        /* If we haven't got a certificate try each ri in turn */
-        if (pcert == NULL) {
-            /*
-             * Always attempt to decrypt all rinfo even after sucess as a
-             * defence against MMA timing attacks.
-             */
-            for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
-                ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
-
-                if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0)
-                    goto err;
-                ERR_clear_error();
-            }
-        } else {
-            /* Only exit on fatal errors, not decrypt failure */
-            if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0)
-                goto err;
-            ERR_clear_error();
-        }
-
-        evp_ctx = NULL;
-        BIO_get_cipher_ctx(etmp, &evp_ctx);
-        if (EVP_CipherInit_ex(evp_ctx, evp_cipher, NULL, NULL, NULL, 0) <= 0)
-            goto err;
-        if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) < 0)
-            goto err;
-        /* Generate random key as MMA defence */
-        tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx);
-        tkey = OPENSSL_malloc(tkeylen);
-        if (!tkey)
-            goto err;
-        if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0)
-            goto err;
-        if (ek == NULL) {
-            ek = tkey;
-            eklen = tkeylen;
-            tkey = NULL;
-        }
-
-        if (eklen != EVP_CIPHER_CTX_key_length(evp_ctx)) {
-            /*
-             * Some S/MIME clients don't use the same key and effective key
-             * length. The key length is determined by the size of the
-             * decrypted RSA key.
-             */
-            if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) {
-                /* Use random key as MMA defence */
-                OPENSSL_cleanse(ek, eklen);
-                OPENSSL_free(ek);
-                ek = tkey;
-                eklen = tkeylen;
-                tkey = NULL;
-            }
-        }
-        /* Clear errors so we don't leak information useful in MMA */
-        ERR_clear_error();
-        if (EVP_CipherInit_ex(evp_ctx, NULL, NULL, ek, NULL, 0) <= 0)
-            goto err;
-
-        if (ek) {
-            OPENSSL_cleanse(ek, eklen);
-            OPENSSL_free(ek);
-            ek = NULL;
-        }
-        if (tkey) {
-            OPENSSL_cleanse(tkey, tkeylen);
-            OPENSSL_free(tkey);
-            tkey = NULL;
-        }
-
-        if (out == NULL)
-            out = etmp;
-        else
-            BIO_push(out, etmp);
-        etmp = NULL;
-    }
-#if 1
-    if (in_bio != NULL) {
-        bio = in_bio;
-    } else {
-# if 0
-        bio = BIO_new(BIO_s_mem());
-        /*
-         * We need to set this so that when we have read all the data, the
-         * encrypt BIO, if present, will read EOF and encode the last few
-         * bytes
-         */
-        BIO_set_mem_eof_return(bio, 0);
-
-        if (data_body->length > 0)
-            BIO_write(bio, (char *)data_body->data, data_body->length);
-# else
-        if (data_body->length > 0)
-            bio = BIO_new_mem_buf(data_body->data, data_body->length);
-        else {
-            bio = BIO_new(BIO_s_mem());
-            if (bio == NULL)
-                goto err;
-            BIO_set_mem_eof_return(bio, 0);
-        }
-        if (bio == NULL)
-            goto err;
-# endif
-    }
-    BIO_push(out, bio);
-    bio = NULL;
-#endif
-    if (0) {
- err:
-        if (ek) {
-            OPENSSL_cleanse(ek, eklen);
-            OPENSSL_free(ek);
-        }
-        if (tkey) {
-            OPENSSL_cleanse(tkey, tkeylen);
-            OPENSSL_free(tkey);
-        }
-        if (out != NULL)
-            BIO_free_all(out);
-        if (btmp != NULL)
-            BIO_free_all(btmp);
-        if (etmp != NULL)
-            BIO_free_all(etmp);
-        if (bio != NULL)
-            BIO_free_all(bio);
-        out = NULL;
-    }
-    return (out);
-}
-
-static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid)
-{
-    for (;;) {
-        bio = BIO_find_type(bio, BIO_TYPE_MD);
-        if (bio == NULL) {
-            PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,
-                     PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
-            return NULL;
-        }
-        BIO_get_md_ctx(bio, pmd);
-        if (*pmd == NULL) {
-            PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST, ERR_R_INTERNAL_ERROR);
-            return NULL;
-        }
-        if (EVP_MD_CTX_type(*pmd) == nid)
-            return bio;
-        bio = BIO_next(bio);
-    }
-    return NULL;
-}
-
-static int do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx)
-{
-    unsigned char md_data[EVP_MAX_MD_SIZE];
-    unsigned int md_len;
-
-    /* Add signing time if not already present */
-    if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) {
-        if (!PKCS7_add0_attrib_signing_time(si, NULL)) {
-            PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE);
-            return 0;
-        }
-    }
-
-    /* Add digest */
-    if (!EVP_DigestFinal_ex(mctx, md_data, &md_len)) {
-        PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_EVP_LIB);
-        return 0;
-    }
-    if (!PKCS7_add1_attrib_digest(si, md_data, md_len)) {
-        PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-
-    /* Now sign the attributes */
-    if (!PKCS7_SIGNER_INFO_sign(si))
-        return 0;
-
-    return 1;
-}
-
-int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
-{
-    int ret = 0;
-    int i, j;
-    BIO *btmp;
-    PKCS7_SIGNER_INFO *si;
-    EVP_MD_CTX *mdc, ctx_tmp;
-    STACK_OF(X509_ATTRIBUTE) *sk;
-    STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL;
-    ASN1_OCTET_STRING *os = NULL;
-
-    if (p7 == NULL) {
-        PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
-        return 0;
-    }
-
-    if (p7->d.ptr == NULL) {
-        PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
-        return 0;
-    }
-
-    EVP_MD_CTX_init(&ctx_tmp);
-    i = OBJ_obj2nid(p7->type);
-    p7->state = PKCS7_S_HEADER;
-
-    switch (i) {
-    case NID_pkcs7_data:
-        os = p7->d.data;
-        break;
-    case NID_pkcs7_signedAndEnveloped:
-        /* XXXXXXXXXXXXXXXX */
-        si_sk = p7->d.signed_and_enveloped->signer_info;
-        os = p7->d.signed_and_enveloped->enc_data->enc_data;
-        if (!os) {
-            os = M_ASN1_OCTET_STRING_new();
-            if (!os) {
-                PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
-                goto err;
-            }
-            p7->d.signed_and_enveloped->enc_data->enc_data = os;
-        }
-        break;
-    case NID_pkcs7_enveloped:
-        /* XXXXXXXXXXXXXXXX */
-        os = p7->d.enveloped->enc_data->enc_data;
-        if (!os) {
-            os = M_ASN1_OCTET_STRING_new();
-            if (!os) {
-                PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
-                goto err;
-            }
-            p7->d.enveloped->enc_data->enc_data = os;
-        }
-        break;
-    case NID_pkcs7_signed:
-        si_sk = p7->d.sign->signer_info;
-        os = PKCS7_get_octet_string(p7->d.sign->contents);
-        /* If detached data then the content is excluded */
-        if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
-            M_ASN1_OCTET_STRING_free(os);
-            os = NULL;
-            p7->d.sign->contents->d.data = NULL;
-        }
-        break;
-
-    case NID_pkcs7_digest:
-        os = PKCS7_get_octet_string(p7->d.digest->contents);
-        /* If detached data then the content is excluded */
-        if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) {
-            M_ASN1_OCTET_STRING_free(os);
-            os = NULL;
-            p7->d.digest->contents->d.data = NULL;
-        }
-        break;
-
-    default:
-        PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
-        goto err;
-    }
-
-    if (si_sk != NULL) {
-        for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(si_sk); i++) {
-            si = sk_PKCS7_SIGNER_INFO_value(si_sk, i);
-            if (si->pkey == NULL)
-                continue;
-
-            j = OBJ_obj2nid(si->digest_alg->algorithm);
-
-            btmp = bio;
-
-            btmp = PKCS7_find_digest(&mdc, btmp, j);
-
-            if (btmp == NULL)
-                goto err;
-
-            /*
-             * We now have the EVP_MD_CTX, lets do the signing.
-             */
-            if (!EVP_MD_CTX_copy_ex(&ctx_tmp, mdc))
-                goto err;
-
-            sk = si->auth_attr;
-
-            /*
-             * If there are attributes, we add the digest attribute and only
-             * sign the attributes
-             */
-            if (sk_X509_ATTRIBUTE_num(sk) > 0) {
-                if (!do_pkcs7_signed_attrib(si, &ctx_tmp))
-                    goto err;
-            } else {
-                unsigned char *abuf = NULL;
-                unsigned int abuflen;
-                abuflen = EVP_PKEY_size(si->pkey);
-                abuf = OPENSSL_malloc(abuflen);
-                if (!abuf)
-                    goto err;
-
-                if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen, si->pkey)) {
-                    PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_EVP_LIB);
-                    goto err;
-                }
-                ASN1_STRING_set0(si->enc_digest, abuf, abuflen);
-            }
-        }
-    } else if (i == NID_pkcs7_digest) {
-        unsigned char md_data[EVP_MAX_MD_SIZE];
-        unsigned int md_len;
-        if (!PKCS7_find_digest(&mdc, bio,
-                               OBJ_obj2nid(p7->d.digest->md->algorithm)))
-            goto err;
-        if (!EVP_DigestFinal_ex(mdc, md_data, &md_len))
-            goto err;
-        M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
-    }
-
-    if (!PKCS7_is_detached(p7)) {
-        /*
-         * NOTE(emilia): I think we only reach os == NULL here because detached
-         * digested data support is broken.
-         */
-        if (os == NULL)
-            goto err;
-        if (!(os->flags & ASN1_STRING_FLAG_NDEF)) {
-            char *cont;
-            long contlen;
-            btmp = BIO_find_type(bio, BIO_TYPE_MEM);
-            if (btmp == NULL) {
-                PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
-                goto err;
-            }
-            contlen = BIO_get_mem_data(btmp, &cont);
-            /*
-             * Mark the BIO read only then we can use its copy of the data
-             * instead of making an extra copy.
-             */
-            BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
-            BIO_set_mem_eof_return(btmp, 0);
-            ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
-        }
-    }
-    ret = 1;
- err:
-    EVP_MD_CTX_cleanup(&ctx_tmp);
-    return (ret);
-}
-
-int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
-{
-    EVP_MD_CTX mctx;
-    EVP_PKEY_CTX *pctx;
-    unsigned char *abuf = NULL;
-    int alen;
-    size_t siglen;
-    const EVP_MD *md = NULL;
-
-    md = EVP_get_digestbyobj(si->digest_alg->algorithm);
-    if (md == NULL)
-        return 0;
-
-    EVP_MD_CTX_init(&mctx);
-    if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
-        goto err;
-
-    if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
-                          EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0) {
-        PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);
-        goto err;
-    }
-
-    alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr, &abuf,
-                         ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
-    if (!abuf)
-        goto err;
-    if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0)
-        goto err;
-    OPENSSL_free(abuf);
-    abuf = NULL;
-    if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0)
-        goto err;
-    abuf = OPENSSL_malloc(siglen);
-    if (!abuf)
-        goto err;
-    if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0)
-        goto err;
-
-    if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
-                          EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0) {
-        PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);
-        goto err;
-    }
-
-    EVP_MD_CTX_cleanup(&mctx);
-
-    ASN1_STRING_set0(si->enc_digest, abuf, siglen);
-
-    return 1;
-
- err:
-    if (abuf)
-        OPENSSL_free(abuf);
-    EVP_MD_CTX_cleanup(&mctx);
-    return 0;
-
-}
-
-int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
-                     PKCS7 *p7, PKCS7_SIGNER_INFO *si)
-{
-    PKCS7_ISSUER_AND_SERIAL *ias;
-    int ret = 0, i;
-    STACK_OF(X509) *cert;
-    X509 *x509;
-
-    if (p7 == NULL) {
-        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
-        return 0;
-    }
-
-    if (p7->d.ptr == NULL) {
-        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
-        return 0;
-    }
-
-    if (PKCS7_type_is_signed(p7)) {
-        cert = p7->d.sign->cert;
-    } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
-        cert = p7->d.signed_and_enveloped->cert;
-    } else {
-        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_WRONG_PKCS7_TYPE);
-        goto err;
-    }
-    /* XXXXXXXXXXXXXXXXXXXXXXX */
-    ias = si->issuer_and_serial;
-
-    x509 = X509_find_by_issuer_and_serial(cert, ias->issuer, ias->serial);
-
-    /* were we able to find the cert in passed to us */
-    if (x509 == NULL) {
-        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,
-                 PKCS7_R_UNABLE_TO_FIND_CERTIFICATE);
-        goto err;
-    }
-
-    /* Lets verify */
-    if (!X509_STORE_CTX_init(ctx, cert_store, x509, cert)) {
-        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB);
-        goto err;
-    }
-    X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN);
-    i = X509_verify_cert(ctx);
-    if (i <= 0) {
-        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB);
-        X509_STORE_CTX_cleanup(ctx);
-        goto err;
-    }
-    X509_STORE_CTX_cleanup(ctx);
-
-    return PKCS7_signatureVerify(bio, p7, si, x509);
- err:
-    return ret;
-}
-
-int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-                          X509 *x509)
-{
-    ASN1_OCTET_STRING *os;
-    EVP_MD_CTX mdc_tmp, *mdc;
-    int ret = 0, i;
-    int md_type;
-    STACK_OF(X509_ATTRIBUTE) *sk;
-    BIO *btmp;
-    EVP_PKEY *pkey;
-
-    EVP_MD_CTX_init(&mdc_tmp);
-
-    if (!PKCS7_type_is_signed(p7) && !PKCS7_type_is_signedAndEnveloped(p7)) {
-        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_WRONG_PKCS7_TYPE);
-        goto err;
-    }
-
-    md_type = OBJ_obj2nid(si->digest_alg->algorithm);
-
-    btmp = bio;
-    for (;;) {
-        if ((btmp == NULL) ||
-            ((btmp = BIO_find_type(btmp, BIO_TYPE_MD)) == NULL)) {
-            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
-                     PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
-            goto err;
-        }
-        BIO_get_md_ctx(btmp, &mdc);
-        if (mdc == NULL) {
-            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_INTERNAL_ERROR);
-            goto err;
-        }
-        if (EVP_MD_CTX_type(mdc) == md_type)
-            break;
-        /*
-         * Workaround for some broken clients that put the signature OID
-         * instead of the digest OID in digest_alg->algorithm
-         */
-        if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
-            break;
-        btmp = BIO_next(btmp);
-    }
-
-    /*
-     * mdc is the digest ctx that we want, unless there are attributes, in
-     * which case the digest is the signed attributes
-     */
-    if (!EVP_MD_CTX_copy_ex(&mdc_tmp, mdc))
-        goto err;
-
-    sk = si->auth_attr;
-    if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) {
-        unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL;
-        unsigned int md_len;
-        int alen;
-        ASN1_OCTET_STRING *message_digest;
-
-        if (!EVP_DigestFinal_ex(&mdc_tmp, md_dat, &md_len))
-            goto err;
-        message_digest = PKCS7_digest_from_attributes(sk);
-        if (!message_digest) {
-            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
-                     PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
-            goto err;
-        }
-        if ((message_digest->length != (int)md_len) ||
-            (memcmp(message_digest->data, md_dat, md_len))) {
-#if 0
-            {
-                int ii;
-                for (ii = 0; ii < message_digest->length; ii++)
-                    printf("%02X", message_digest->data[ii]);
-                printf(" sent\n");
-                for (ii = 0; ii < md_len; ii++)
-                    printf("%02X", md_dat[ii]);
-                printf(" calc\n");
-            }
-#endif
-            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_DIGEST_FAILURE);
-            ret = -1;
-            goto err;
-        }
-
-        if (!EVP_VerifyInit_ex(&mdc_tmp, EVP_get_digestbynid(md_type), NULL))
-            goto err;
-
-        alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
-                             ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
-        if (alen <= 0) {
-            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_ASN1_LIB);
-            ret = -1;
-            goto err;
-        }
-        if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen))
-            goto err;
-
-        OPENSSL_free(abuf);
-    }
-
-    os = si->enc_digest;
-    pkey = X509_get_pubkey(x509);
-    if (!pkey) {
-        ret = -1;
-        goto err;
-    }
-
-    i = EVP_VerifyFinal(&mdc_tmp, os->data, os->length, pkey);
-    EVP_PKEY_free(pkey);
-    if (i <= 0) {
-        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_SIGNATURE_FAILURE);
-        ret = -1;
-        goto err;
-    } else
-        ret = 1;
- err:
-    EVP_MD_CTX_cleanup(&mdc_tmp);
-    return (ret);
-}
-
-PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
-{
-    STACK_OF(PKCS7_RECIP_INFO) *rsk;
-    PKCS7_RECIP_INFO *ri;
-    int i;
-
-    i = OBJ_obj2nid(p7->type);
-    if (i != NID_pkcs7_signedAndEnveloped)
-        return NULL;
-    if (p7->d.signed_and_enveloped == NULL)
-        return NULL;
-    rsk = p7->d.signed_and_enveloped->recipientinfo;
-    if (rsk == NULL)
-        return NULL;
-    if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx)
-        return (NULL);
-    ri = sk_PKCS7_RECIP_INFO_value(rsk, idx);
-    return (ri->issuer_and_serial);
-}
-
-ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid)
-{
-    return (get_attribute(si->auth_attr, nid));
-}
-
-ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid)
-{
-    return (get_attribute(si->unauth_attr, nid));
-}
-
-static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
-{
-    int i;
-    X509_ATTRIBUTE *xa;
-    ASN1_OBJECT *o;
-
-    o = OBJ_nid2obj(nid);
-    if (!o || !sk)
-        return (NULL);
-    for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
-        xa = sk_X509_ATTRIBUTE_value(sk, i);
-        if (OBJ_cmp(xa->object, o) == 0) {
-            if (!xa->single && sk_ASN1_TYPE_num(xa->value.set))
-                return (sk_ASN1_TYPE_value(xa->value.set, 0));
-            else
-                return (NULL);
-        }
-    }
-    return (NULL);
-}
-
-ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk)
-{
-    ASN1_TYPE *astype;
-    if (!(astype = get_attribute(sk, NID_pkcs9_messageDigest)))
-        return NULL;
-    return astype->value.octet_string;
-}
-
-int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
-                                STACK_OF(X509_ATTRIBUTE) *sk)
-{
-    int i;
-
-    if (p7si->auth_attr != NULL)
-        sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr, X509_ATTRIBUTE_free);
-    p7si->auth_attr = sk_X509_ATTRIBUTE_dup(sk);
-    if (p7si->auth_attr == NULL)
-        return 0;
-    for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
-        if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr, i,
-                                   X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value
-                                                      (sk, i))))
-            == NULL)
-            return (0);
-    }
-    return (1);
-}
-
-int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,
-                         STACK_OF(X509_ATTRIBUTE) *sk)
-{
-    int i;
-
-    if (p7si->unauth_attr != NULL)
-        sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, X509_ATTRIBUTE_free);
-    p7si->unauth_attr = sk_X509_ATTRIBUTE_dup(sk);
-    if (p7si->unauth_attr == NULL)
-        return 0;
-    for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
-        if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr, i,
-                                   X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value
-                                                      (sk, i))))
-            == NULL)
-            return (0);
-    }
-    return (1);
-}
-
-int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
-                               void *value)
-{
-    return (add_attribute(&(p7si->auth_attr), nid, atrtype, value));
-}
-
-int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
-                        void *value)
-{
-    return (add_attribute(&(p7si->unauth_attr), nid, atrtype, value));
-}
-
-static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
-                         void *value)
-{
-    X509_ATTRIBUTE *attr = NULL;
-
-    if (*sk == NULL) {
-        *sk = sk_X509_ATTRIBUTE_new_null();
-        if (*sk == NULL)
-            return 0;
- new_attrib:
-        if (!(attr = X509_ATTRIBUTE_create(nid, atrtype, value)))
-            return 0;
-        if (!sk_X509_ATTRIBUTE_push(*sk, attr)) {
-            X509_ATTRIBUTE_free(attr);
-            return 0;
-        }
-    } else {
-        int i;
-
-        for (i = 0; i < sk_X509_ATTRIBUTE_num(*sk); i++) {
-            attr = sk_X509_ATTRIBUTE_value(*sk, i);
-            if (OBJ_obj2nid(attr->object) == nid) {
-                X509_ATTRIBUTE_free(attr);
-                attr = X509_ATTRIBUTE_create(nid, atrtype, value);
-                if (attr == NULL)
-                    return 0;
-                if (!sk_X509_ATTRIBUTE_set(*sk, i, attr)) {
-                    X509_ATTRIBUTE_free(attr);
-                    return 0;
-                }
-                goto end;
-            }
-        }
-        goto new_attrib;
-    }
- end:
-    return (1);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/pkcs7/pk7_doit.c (from rev 11605, vendor-crypto/openssl/dist/crypto/pkcs7/pk7_doit.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/pkcs7/pk7_doit.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/pkcs7/pk7_doit.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,1295 @@
+/* crypto/pkcs7/pk7_doit.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+
+static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
+                         void *value);
+static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid);
+
+static int PKCS7_type_is_other(PKCS7 *p7)
+{
+    int isOther = 1;
+
+    int nid = OBJ_obj2nid(p7->type);
+
+    switch (nid) {
+    case NID_pkcs7_data:
+    case NID_pkcs7_signed:
+    case NID_pkcs7_enveloped:
+    case NID_pkcs7_signedAndEnveloped:
+    case NID_pkcs7_digest:
+    case NID_pkcs7_encrypted:
+        isOther = 0;
+        break;
+    default:
+        isOther = 1;
+    }
+
+    return isOther;
+
+}
+
+static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7)
+{
+    if (PKCS7_type_is_data(p7))
+        return p7->d.data;
+    if (PKCS7_type_is_other(p7) && p7->d.other
+        && (p7->d.other->type == V_ASN1_OCTET_STRING))
+        return p7->d.other->value.octet_string;
+    return NULL;
+}
+
+static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg)
+{
+    BIO *btmp;
+    const EVP_MD *md;
+    if ((btmp = BIO_new(BIO_f_md())) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB);
+        goto err;
+    }
+
+    md = EVP_get_digestbyobj(alg->algorithm);
+    if (md == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, PKCS7_R_UNKNOWN_DIGEST_TYPE);
+        goto err;
+    }
+
+    BIO_set_md(btmp, md);
+    if (*pbio == NULL)
+        *pbio = btmp;
+    else if (!BIO_push(*pbio, btmp)) {
+        PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB);
+        goto err;
+    }
+    btmp = NULL;
+
+    return 1;
+
+ err:
+    if (btmp)
+        BIO_free(btmp);
+    return 0;
+
+}
+
+static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
+                              unsigned char *key, int keylen)
+{
+    EVP_PKEY_CTX *pctx = NULL;
+    EVP_PKEY *pkey = NULL;
+    unsigned char *ek = NULL;
+    int ret = 0;
+    size_t eklen;
+
+    pkey = X509_get_pubkey(ri->cert);
+
+    if (!pkey)
+        return 0;
+
+    pctx = EVP_PKEY_CTX_new(pkey, NULL);
+    if (!pctx)
+        return 0;
+
+    if (EVP_PKEY_encrypt_init(pctx) <= 0)
+        goto err;
+
+    if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
+                          EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0) {
+        PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, PKCS7_R_CTRL_ERROR);
+        goto err;
+    }
+
+    if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0)
+        goto err;
+
+    ek = OPENSSL_malloc(eklen);
+
+    if (ek == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0)
+        goto err;
+
+    ASN1_STRING_set0(ri->enc_key, ek, eklen);
+    ek = NULL;
+
+    ret = 1;
+
+ err:
+    if (pkey)
+        EVP_PKEY_free(pkey);
+    if (pctx)
+        EVP_PKEY_CTX_free(pctx);
+    if (ek)
+        OPENSSL_free(ek);
+    return ret;
+
+}
+
+static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
+                               PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey)
+{
+    EVP_PKEY_CTX *pctx = NULL;
+    unsigned char *ek = NULL;
+    size_t eklen;
+
+    int ret = -1;
+
+    pctx = EVP_PKEY_CTX_new(pkey, NULL);
+    if (!pctx)
+        return -1;
+
+    if (EVP_PKEY_decrypt_init(pctx) <= 0)
+        goto err;
+
+    if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT,
+                          EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0) {
+        PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, PKCS7_R_CTRL_ERROR);
+        goto err;
+    }
+
+    if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
+                         ri->enc_key->data, ri->enc_key->length) <= 0)
+        goto err;
+
+    ek = OPENSSL_malloc(eklen);
+
+    if (ek == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (EVP_PKEY_decrypt(pctx, ek, &eklen,
+                         ri->enc_key->data, ri->enc_key->length) <= 0) {
+        ret = 0;
+        PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB);
+        goto err;
+    }
+
+    ret = 1;
+
+    if (*pek) {
+        OPENSSL_cleanse(*pek, *peklen);
+        OPENSSL_free(*pek);
+    }
+
+    *pek = ek;
+    *peklen = eklen;
+
+ err:
+    if (pctx)
+        EVP_PKEY_CTX_free(pctx);
+    if (!ret && ek)
+        OPENSSL_free(ek);
+
+    return ret;
+}
+
+BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
+{
+    int i;
+    BIO *out = NULL, *btmp = NULL;
+    X509_ALGOR *xa = NULL;
+    const EVP_CIPHER *evp_cipher = NULL;
+    STACK_OF(X509_ALGOR) *md_sk = NULL;
+    STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
+    X509_ALGOR *xalg = NULL;
+    PKCS7_RECIP_INFO *ri = NULL;
+    ASN1_OCTET_STRING *os = NULL;
+
+    if (p7 == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
+        return NULL;
+    }
+    /*
+     * The content field in the PKCS7 ContentInfo is optional, but that really
+     * only applies to inner content (precisely, detached signatures).
+     *
+     * When reading content, missing outer content is therefore treated as an
+     * error.
+     *
+     * When creating content, PKCS7_content_new() must be called before
+     * calling this method, so a NULL p7->d is always an error.
+     */
+    if (p7->d.ptr == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
+        return NULL;
+    }
+
+    i = OBJ_obj2nid(p7->type);
+    p7->state = PKCS7_S_HEADER;
+
+    switch (i) {
+    case NID_pkcs7_signed:
+        md_sk = p7->d.sign->md_algs;
+        os = PKCS7_get_octet_string(p7->d.sign->contents);
+        break;
+    case NID_pkcs7_signedAndEnveloped:
+        rsk = p7->d.signed_and_enveloped->recipientinfo;
+        md_sk = p7->d.signed_and_enveloped->md_algs;
+        xalg = p7->d.signed_and_enveloped->enc_data->algorithm;
+        evp_cipher = p7->d.signed_and_enveloped->enc_data->cipher;
+        if (evp_cipher == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_CIPHER_NOT_INITIALIZED);
+            goto err;
+        }
+        break;
+    case NID_pkcs7_enveloped:
+        rsk = p7->d.enveloped->recipientinfo;
+        xalg = p7->d.enveloped->enc_data->algorithm;
+        evp_cipher = p7->d.enveloped->enc_data->cipher;
+        if (evp_cipher == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_CIPHER_NOT_INITIALIZED);
+            goto err;
+        }
+        break;
+    case NID_pkcs7_digest:
+        xa = p7->d.digest->md;
+        os = PKCS7_get_octet_string(p7->d.digest->contents);
+        break;
+    case NID_pkcs7_data:
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+        goto err;
+    }
+
+    for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++)
+        if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i)))
+            goto err;
+
+    if (xa && !PKCS7_bio_add_digest(&out, xa))
+        goto err;
+
+    if (evp_cipher != NULL) {
+        unsigned char key[EVP_MAX_KEY_LENGTH];
+        unsigned char iv[EVP_MAX_IV_LENGTH];
+        int keylen, ivlen;
+        EVP_CIPHER_CTX *ctx;
+
+        if ((btmp = BIO_new(BIO_f_cipher())) == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATAINIT, ERR_R_BIO_LIB);
+            goto err;
+        }
+        BIO_get_cipher_ctx(btmp, &ctx);
+        keylen = EVP_CIPHER_key_length(evp_cipher);
+        ivlen = EVP_CIPHER_iv_length(evp_cipher);
+        xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
+        if (ivlen > 0)
+            if (RAND_bytes(iv, ivlen) <= 0)
+                goto err;
+        if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1) <= 0)
+            goto err;
+        if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
+            goto err;
+        if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0)
+            goto err;
+
+        if (ivlen > 0) {
+            if (xalg->parameter == NULL) {
+                xalg->parameter = ASN1_TYPE_new();
+                if (xalg->parameter == NULL)
+                    goto err;
+            }
+            if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
+                goto err;
+        }
+
+        /* Lets do the pub key stuff :-) */
+        for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
+            ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
+            if (pkcs7_encode_rinfo(ri, key, keylen) <= 0)
+                goto err;
+        }
+        OPENSSL_cleanse(key, keylen);
+
+        if (out == NULL)
+            out = btmp;
+        else
+            BIO_push(out, btmp);
+        btmp = NULL;
+    }
+
+    if (bio == NULL) {
+        if (PKCS7_is_detached(p7))
+            bio = BIO_new(BIO_s_null());
+        else if (os && os->length > 0)
+            bio = BIO_new_mem_buf(os->data, os->length);
+        if (bio == NULL) {
+            bio = BIO_new(BIO_s_mem());
+            if (bio == NULL)
+                goto err;
+            BIO_set_mem_eof_return(bio, 0);
+        }
+    }
+    if (out)
+        BIO_push(out, bio);
+    else
+        out = bio;
+    bio = NULL;
+    if (0) {
+ err:
+        if (out != NULL)
+            BIO_free_all(out);
+        if (btmp != NULL)
+            BIO_free_all(btmp);
+        out = NULL;
+    }
+    return (out);
+}
+
+static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert)
+{
+    int ret;
+    ret = X509_NAME_cmp(ri->issuer_and_serial->issuer,
+                        pcert->cert_info->issuer);
+    if (ret)
+        return ret;
+    return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber,
+                              ri->issuer_and_serial->serial);
+}
+
+/* int */
+BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
+{
+    int i, j;
+    BIO *out = NULL, *btmp = NULL, *etmp = NULL, *bio = NULL;
+    X509_ALGOR *xa;
+    ASN1_OCTET_STRING *data_body = NULL;
+    const EVP_MD *evp_md;
+    const EVP_CIPHER *evp_cipher = NULL;
+    EVP_CIPHER_CTX *evp_ctx = NULL;
+    X509_ALGOR *enc_alg = NULL;
+    STACK_OF(X509_ALGOR) *md_sk = NULL;
+    STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
+    PKCS7_RECIP_INFO *ri = NULL;
+    unsigned char *ek = NULL, *tkey = NULL;
+    int eklen = 0, tkeylen = 0;
+
+    if (p7 == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
+        return NULL;
+    }
+
+    if (p7->d.ptr == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
+        return NULL;
+    }
+
+    i = OBJ_obj2nid(p7->type);
+    p7->state = PKCS7_S_HEADER;
+
+    switch (i) {
+    case NID_pkcs7_signed:
+        /*
+         * p7->d.sign->contents is a PKCS7 structure consisting of a contentType
+         * field and optional content.
+         * data_body is NULL if that structure has no (=detached) content
+         * or if the contentType is wrong (i.e., not "data").
+         */
+        data_body = PKCS7_get_octet_string(p7->d.sign->contents);
+        if (!PKCS7_is_detached(p7) && data_body == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+                     PKCS7_R_INVALID_SIGNED_DATA_TYPE);
+            goto err;
+        }
+        md_sk = p7->d.sign->md_algs;
+        break;
+    case NID_pkcs7_signedAndEnveloped:
+        rsk = p7->d.signed_and_enveloped->recipientinfo;
+        md_sk = p7->d.signed_and_enveloped->md_algs;
+        /* data_body is NULL if the optional EncryptedContent is missing. */
+        data_body = p7->d.signed_and_enveloped->enc_data->enc_data;
+        enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm;
+        evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
+        if (evp_cipher == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+                     PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
+            goto err;
+        }
+        break;
+    case NID_pkcs7_enveloped:
+        rsk = p7->d.enveloped->recipientinfo;
+        enc_alg = p7->d.enveloped->enc_data->algorithm;
+        /* data_body is NULL if the optional EncryptedContent is missing. */
+        data_body = p7->d.enveloped->enc_data->enc_data;
+        evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
+        if (evp_cipher == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+                     PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
+            goto err;
+        }
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+        goto err;
+    }
+
+    /* Detached content must be supplied via in_bio instead. */
+    if (data_body == NULL && in_bio == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
+        goto err;
+    }
+
+    /* We will be checking the signature */
+    if (md_sk != NULL) {
+        for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
+            xa = sk_X509_ALGOR_value(md_sk, i);
+            if ((btmp = BIO_new(BIO_f_md())) == NULL) {
+                PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB);
+                goto err;
+            }
+
+            j = OBJ_obj2nid(xa->algorithm);
+            evp_md = EVP_get_digestbynid(j);
+            if (evp_md == NULL) {
+                PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+                         PKCS7_R_UNKNOWN_DIGEST_TYPE);
+                goto err;
+            }
+
+            BIO_set_md(btmp, evp_md);
+            if (out == NULL)
+                out = btmp;
+            else
+                BIO_push(out, btmp);
+            btmp = NULL;
+        }
+    }
+
+    if (evp_cipher != NULL) {
+#if 0
+        unsigned char key[EVP_MAX_KEY_LENGTH];
+        unsigned char iv[EVP_MAX_IV_LENGTH];
+        unsigned char *p;
+        int keylen, ivlen;
+        int max;
+        X509_OBJECT ret;
+#endif
+
+        if ((etmp = BIO_new(BIO_f_cipher())) == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB);
+            goto err;
+        }
+
+        /*
+         * It was encrypted, we need to decrypt the secret key with the
+         * private key
+         */
+
+        /*
+         * Find the recipientInfo which matches the passed certificate (if
+         * any)
+         */
+
+        if (pcert) {
+            for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
+                ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
+                if (!pkcs7_cmp_ri(ri, pcert))
+                    break;
+                ri = NULL;
+            }
+            if (ri == NULL) {
+                PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+                         PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
+                goto err;
+            }
+        }
+
+        /* If we haven't got a certificate try each ri in turn */
+        if (pcert == NULL) {
+            /*
+             * Always attempt to decrypt all rinfo even after sucess as a
+             * defence against MMA timing attacks.
+             */
+            for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
+                ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
+
+                if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0)
+                    goto err;
+                ERR_clear_error();
+            }
+        } else {
+            /* Only exit on fatal errors, not decrypt failure */
+            if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0)
+                goto err;
+            ERR_clear_error();
+        }
+
+        evp_ctx = NULL;
+        BIO_get_cipher_ctx(etmp, &evp_ctx);
+        if (EVP_CipherInit_ex(evp_ctx, evp_cipher, NULL, NULL, NULL, 0) <= 0)
+            goto err;
+        if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) < 0)
+            goto err;
+        /* Generate random key as MMA defence */
+        tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx);
+        tkey = OPENSSL_malloc(tkeylen);
+        if (!tkey)
+            goto err;
+        if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0)
+            goto err;
+        if (ek == NULL) {
+            ek = tkey;
+            eklen = tkeylen;
+            tkey = NULL;
+        }
+
+        if (eklen != EVP_CIPHER_CTX_key_length(evp_ctx)) {
+            /*
+             * Some S/MIME clients don't use the same key and effective key
+             * length. The key length is determined by the size of the
+             * decrypted RSA key.
+             */
+            if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) {
+                /* Use random key as MMA defence */
+                OPENSSL_cleanse(ek, eklen);
+                OPENSSL_free(ek);
+                ek = tkey;
+                eklen = tkeylen;
+                tkey = NULL;
+            }
+        }
+        /* Clear errors so we don't leak information useful in MMA */
+        ERR_clear_error();
+        if (EVP_CipherInit_ex(evp_ctx, NULL, NULL, ek, NULL, 0) <= 0)
+            goto err;
+
+        if (ek) {
+            OPENSSL_cleanse(ek, eklen);
+            OPENSSL_free(ek);
+            ek = NULL;
+        }
+        if (tkey) {
+            OPENSSL_cleanse(tkey, tkeylen);
+            OPENSSL_free(tkey);
+            tkey = NULL;
+        }
+
+        if (out == NULL)
+            out = etmp;
+        else
+            BIO_push(out, etmp);
+        etmp = NULL;
+    }
+#if 1
+    if (in_bio != NULL) {
+        bio = in_bio;
+    } else {
+# if 0
+        bio = BIO_new(BIO_s_mem());
+        /*
+         * We need to set this so that when we have read all the data, the
+         * encrypt BIO, if present, will read EOF and encode the last few
+         * bytes
+         */
+        BIO_set_mem_eof_return(bio, 0);
+
+        if (data_body->length > 0)
+            BIO_write(bio, (char *)data_body->data, data_body->length);
+# else
+        if (data_body->length > 0)
+            bio = BIO_new_mem_buf(data_body->data, data_body->length);
+        else {
+            bio = BIO_new(BIO_s_mem());
+            if (bio == NULL)
+                goto err;
+            BIO_set_mem_eof_return(bio, 0);
+        }
+        if (bio == NULL)
+            goto err;
+# endif
+    }
+    BIO_push(out, bio);
+    bio = NULL;
+#endif
+    if (0) {
+ err:
+        if (ek) {
+            OPENSSL_cleanse(ek, eklen);
+            OPENSSL_free(ek);
+        }
+        if (tkey) {
+            OPENSSL_cleanse(tkey, tkeylen);
+            OPENSSL_free(tkey);
+        }
+        if (out != NULL)
+            BIO_free_all(out);
+        if (btmp != NULL)
+            BIO_free_all(btmp);
+        if (etmp != NULL)
+            BIO_free_all(etmp);
+        if (bio != NULL)
+            BIO_free_all(bio);
+        out = NULL;
+    }
+    return (out);
+}
+
+static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid)
+{
+    for (;;) {
+        bio = BIO_find_type(bio, BIO_TYPE_MD);
+        if (bio == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,
+                     PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+            return NULL;
+        }
+        BIO_get_md_ctx(bio, pmd);
+        if (*pmd == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST, ERR_R_INTERNAL_ERROR);
+            return NULL;
+        }
+        if (EVP_MD_CTX_type(*pmd) == nid)
+            return bio;
+        bio = BIO_next(bio);
+    }
+    return NULL;
+}
+
+static int do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx)
+{
+    unsigned char md_data[EVP_MAX_MD_SIZE];
+    unsigned int md_len;
+
+    /* Add signing time if not already present */
+    if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) {
+        if (!PKCS7_add0_attrib_signing_time(si, NULL)) {
+            PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+
+    /* Add digest */
+    if (!EVP_DigestFinal_ex(mctx, md_data, &md_len)) {
+        PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_EVP_LIB);
+        return 0;
+    }
+    if (!PKCS7_add1_attrib_digest(si, md_data, md_len)) {
+        PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    /* Now sign the attributes */
+    if (!PKCS7_SIGNER_INFO_sign(si))
+        return 0;
+
+    return 1;
+}
+
+int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
+{
+    int ret = 0;
+    int i, j;
+    BIO *btmp;
+    PKCS7_SIGNER_INFO *si;
+    EVP_MD_CTX *mdc, ctx_tmp;
+    STACK_OF(X509_ATTRIBUTE) *sk;
+    STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL;
+    ASN1_OCTET_STRING *os = NULL;
+
+    if (p7 == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
+        return 0;
+    }
+
+    if (p7->d.ptr == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
+        return 0;
+    }
+
+    EVP_MD_CTX_init(&ctx_tmp);
+    i = OBJ_obj2nid(p7->type);
+    p7->state = PKCS7_S_HEADER;
+
+    switch (i) {
+    case NID_pkcs7_data:
+        os = p7->d.data;
+        break;
+    case NID_pkcs7_signedAndEnveloped:
+        /* XXXXXXXXXXXXXXXX */
+        si_sk = p7->d.signed_and_enveloped->signer_info;
+        os = p7->d.signed_and_enveloped->enc_data->enc_data;
+        if (!os) {
+            os = M_ASN1_OCTET_STRING_new();
+            if (!os) {
+                PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            p7->d.signed_and_enveloped->enc_data->enc_data = os;
+        }
+        break;
+    case NID_pkcs7_enveloped:
+        /* XXXXXXXXXXXXXXXX */
+        os = p7->d.enveloped->enc_data->enc_data;
+        if (!os) {
+            os = M_ASN1_OCTET_STRING_new();
+            if (!os) {
+                PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            p7->d.enveloped->enc_data->enc_data = os;
+        }
+        break;
+    case NID_pkcs7_signed:
+        si_sk = p7->d.sign->signer_info;
+        os = PKCS7_get_octet_string(p7->d.sign->contents);
+        /* If detached data then the content is excluded */
+        if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
+            M_ASN1_OCTET_STRING_free(os);
+            os = NULL;
+            p7->d.sign->contents->d.data = NULL;
+        }
+        break;
+
+    case NID_pkcs7_digest:
+        os = PKCS7_get_octet_string(p7->d.digest->contents);
+        /* If detached data then the content is excluded */
+        if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) {
+            M_ASN1_OCTET_STRING_free(os);
+            os = NULL;
+            p7->d.digest->contents->d.data = NULL;
+        }
+        break;
+
+    default:
+        PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+        goto err;
+    }
+
+    if (si_sk != NULL) {
+        for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(si_sk); i++) {
+            si = sk_PKCS7_SIGNER_INFO_value(si_sk, i);
+            if (si->pkey == NULL)
+                continue;
+
+            j = OBJ_obj2nid(si->digest_alg->algorithm);
+
+            btmp = bio;
+
+            btmp = PKCS7_find_digest(&mdc, btmp, j);
+
+            if (btmp == NULL)
+                goto err;
+
+            /*
+             * We now have the EVP_MD_CTX, lets do the signing.
+             */
+            if (!EVP_MD_CTX_copy_ex(&ctx_tmp, mdc))
+                goto err;
+
+            sk = si->auth_attr;
+
+            /*
+             * If there are attributes, we add the digest attribute and only
+             * sign the attributes
+             */
+            if (sk_X509_ATTRIBUTE_num(sk) > 0) {
+                if (!do_pkcs7_signed_attrib(si, &ctx_tmp))
+                    goto err;
+            } else {
+                unsigned char *abuf = NULL;
+                unsigned int abuflen;
+                abuflen = EVP_PKEY_size(si->pkey);
+                abuf = OPENSSL_malloc(abuflen);
+                if (!abuf)
+                    goto err;
+
+                if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen, si->pkey)) {
+                    PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_EVP_LIB);
+                    goto err;
+                }
+                ASN1_STRING_set0(si->enc_digest, abuf, abuflen);
+            }
+        }
+    } else if (i == NID_pkcs7_digest) {
+        unsigned char md_data[EVP_MAX_MD_SIZE];
+        unsigned int md_len;
+        if (!PKCS7_find_digest(&mdc, bio,
+                               OBJ_obj2nid(p7->d.digest->md->algorithm)))
+            goto err;
+        if (!EVP_DigestFinal_ex(mdc, md_data, &md_len))
+            goto err;
+        M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
+    }
+
+    if (!PKCS7_is_detached(p7)) {
+        /*
+         * NOTE(emilia): I think we only reach os == NULL here because detached
+         * digested data support is broken.
+         */
+        if (os == NULL)
+            goto err;
+        if (!(os->flags & ASN1_STRING_FLAG_NDEF)) {
+            char *cont;
+            long contlen;
+            btmp = BIO_find_type(bio, BIO_TYPE_MEM);
+            if (btmp == NULL) {
+                PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
+                goto err;
+            }
+            contlen = BIO_get_mem_data(btmp, &cont);
+            /*
+             * Mark the BIO read only then we can use its copy of the data
+             * instead of making an extra copy.
+             */
+            BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
+            BIO_set_mem_eof_return(btmp, 0);
+            ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
+        }
+    }
+    ret = 1;
+ err:
+    EVP_MD_CTX_cleanup(&ctx_tmp);
+    return (ret);
+}
+
+int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
+{
+    EVP_MD_CTX mctx;
+    EVP_PKEY_CTX *pctx;
+    unsigned char *abuf = NULL;
+    int alen;
+    size_t siglen;
+    const EVP_MD *md = NULL;
+
+    md = EVP_get_digestbyobj(si->digest_alg->algorithm);
+    if (md == NULL)
+        return 0;
+
+    EVP_MD_CTX_init(&mctx);
+    if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
+        goto err;
+
+    if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
+                          EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0) {
+        PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);
+        goto err;
+    }
+
+    alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr, &abuf,
+                         ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
+    if (!abuf)
+        goto err;
+    if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0)
+        goto err;
+    OPENSSL_free(abuf);
+    abuf = NULL;
+    if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0)
+        goto err;
+    abuf = OPENSSL_malloc(siglen);
+    if (!abuf)
+        goto err;
+    if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0)
+        goto err;
+
+    if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
+                          EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0) {
+        PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);
+        goto err;
+    }
+
+    EVP_MD_CTX_cleanup(&mctx);
+
+    ASN1_STRING_set0(si->enc_digest, abuf, siglen);
+
+    return 1;
+
+ err:
+    if (abuf)
+        OPENSSL_free(abuf);
+    EVP_MD_CTX_cleanup(&mctx);
+    return 0;
+
+}
+
+int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
+                     PKCS7 *p7, PKCS7_SIGNER_INFO *si)
+{
+    PKCS7_ISSUER_AND_SERIAL *ias;
+    int ret = 0, i;
+    STACK_OF(X509) *cert;
+    X509 *x509;
+
+    if (p7 == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
+        return 0;
+    }
+
+    if (p7->d.ptr == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
+        return 0;
+    }
+
+    if (PKCS7_type_is_signed(p7)) {
+        cert = p7->d.sign->cert;
+    } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
+        cert = p7->d.signed_and_enveloped->cert;
+    } else {
+        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_WRONG_PKCS7_TYPE);
+        goto err;
+    }
+    /* XXXXXXXXXXXXXXXXXXXXXXX */
+    ias = si->issuer_and_serial;
+
+    x509 = X509_find_by_issuer_and_serial(cert, ias->issuer, ias->serial);
+
+    /* were we able to find the cert in passed to us */
+    if (x509 == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,
+                 PKCS7_R_UNABLE_TO_FIND_CERTIFICATE);
+        goto err;
+    }
+
+    /* Lets verify */
+    if (!X509_STORE_CTX_init(ctx, cert_store, x509, cert)) {
+        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB);
+        goto err;
+    }
+    X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN);
+    i = X509_verify_cert(ctx);
+    if (i <= 0) {
+        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB);
+        X509_STORE_CTX_cleanup(ctx);
+        goto err;
+    }
+    X509_STORE_CTX_cleanup(ctx);
+
+    return PKCS7_signatureVerify(bio, p7, si, x509);
+ err:
+    return ret;
+}
+
+int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
+                          X509 *x509)
+{
+    ASN1_OCTET_STRING *os;
+    EVP_MD_CTX mdc_tmp, *mdc;
+    int ret = 0, i;
+    int md_type;
+    STACK_OF(X509_ATTRIBUTE) *sk;
+    BIO *btmp;
+    EVP_PKEY *pkey;
+
+    EVP_MD_CTX_init(&mdc_tmp);
+
+    if (!PKCS7_type_is_signed(p7) && !PKCS7_type_is_signedAndEnveloped(p7)) {
+        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_WRONG_PKCS7_TYPE);
+        goto err;
+    }
+
+    md_type = OBJ_obj2nid(si->digest_alg->algorithm);
+
+    btmp = bio;
+    for (;;) {
+        if ((btmp == NULL) ||
+            ((btmp = BIO_find_type(btmp, BIO_TYPE_MD)) == NULL)) {
+            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+                     PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+            goto err;
+        }
+        BIO_get_md_ctx(btmp, &mdc);
+        if (mdc == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        if (EVP_MD_CTX_type(mdc) == md_type)
+            break;
+        /*
+         * Workaround for some broken clients that put the signature OID
+         * instead of the digest OID in digest_alg->algorithm
+         */
+        if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
+            break;
+        btmp = BIO_next(btmp);
+    }
+
+    /*
+     * mdc is the digest ctx that we want, unless there are attributes, in
+     * which case the digest is the signed attributes
+     */
+    if (!EVP_MD_CTX_copy_ex(&mdc_tmp, mdc))
+        goto err;
+
+    sk = si->auth_attr;
+    if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) {
+        unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL;
+        unsigned int md_len;
+        int alen;
+        ASN1_OCTET_STRING *message_digest;
+
+        if (!EVP_DigestFinal_ex(&mdc_tmp, md_dat, &md_len))
+            goto err;
+        message_digest = PKCS7_digest_from_attributes(sk);
+        if (!message_digest) {
+            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+                     PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+            goto err;
+        }
+        if ((message_digest->length != (int)md_len) ||
+            (memcmp(message_digest->data, md_dat, md_len))) {
+#if 0
+            {
+                int ii;
+                for (ii = 0; ii < message_digest->length; ii++)
+                    printf("%02X", message_digest->data[ii]);
+                printf(" sent\n");
+                for (ii = 0; ii < md_len; ii++)
+                    printf("%02X", md_dat[ii]);
+                printf(" calc\n");
+            }
+#endif
+            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_DIGEST_FAILURE);
+            ret = -1;
+            goto err;
+        }
+
+        if (!EVP_VerifyInit_ex(&mdc_tmp, EVP_get_digestbynid(md_type), NULL))
+            goto err;
+
+        alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
+                             ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
+        if (alen <= 0) {
+            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_ASN1_LIB);
+            ret = -1;
+            goto err;
+        }
+        if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen))
+            goto err;
+
+        OPENSSL_free(abuf);
+    }
+
+    os = si->enc_digest;
+    pkey = X509_get_pubkey(x509);
+    if (!pkey) {
+        ret = -1;
+        goto err;
+    }
+
+    i = EVP_VerifyFinal(&mdc_tmp, os->data, os->length, pkey);
+    EVP_PKEY_free(pkey);
+    if (i <= 0) {
+        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_SIGNATURE_FAILURE);
+        ret = -1;
+        goto err;
+    } else
+        ret = 1;
+ err:
+    EVP_MD_CTX_cleanup(&mdc_tmp);
+    return (ret);
+}
+
+PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
+{
+    STACK_OF(PKCS7_RECIP_INFO) *rsk;
+    PKCS7_RECIP_INFO *ri;
+    int i;
+
+    i = OBJ_obj2nid(p7->type);
+    if (i != NID_pkcs7_signedAndEnveloped)
+        return NULL;
+    if (p7->d.signed_and_enveloped == NULL)
+        return NULL;
+    rsk = p7->d.signed_and_enveloped->recipientinfo;
+    if (rsk == NULL)
+        return NULL;
+    if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx)
+        return (NULL);
+    ri = sk_PKCS7_RECIP_INFO_value(rsk, idx);
+    return (ri->issuer_and_serial);
+}
+
+ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid)
+{
+    return (get_attribute(si->auth_attr, nid));
+}
+
+ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid)
+{
+    return (get_attribute(si->unauth_attr, nid));
+}
+
+static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
+{
+    int i;
+    X509_ATTRIBUTE *xa;
+    ASN1_OBJECT *o;
+
+    o = OBJ_nid2obj(nid);
+    if (!o || !sk)
+        return (NULL);
+    for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
+        xa = sk_X509_ATTRIBUTE_value(sk, i);
+        if (OBJ_cmp(xa->object, o) == 0) {
+            if (!xa->single && sk_ASN1_TYPE_num(xa->value.set))
+                return (sk_ASN1_TYPE_value(xa->value.set, 0));
+            else
+                return (NULL);
+        }
+    }
+    return (NULL);
+}
+
+ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk)
+{
+    ASN1_TYPE *astype;
+    if (!(astype = get_attribute(sk, NID_pkcs9_messageDigest)))
+        return NULL;
+    return astype->value.octet_string;
+}
+
+int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
+                                STACK_OF(X509_ATTRIBUTE) *sk)
+{
+    int i;
+
+    if (p7si->auth_attr != NULL)
+        sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr, X509_ATTRIBUTE_free);
+    p7si->auth_attr = sk_X509_ATTRIBUTE_dup(sk);
+    if (p7si->auth_attr == NULL)
+        return 0;
+    for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
+        if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr, i,
+                                   X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value
+                                                      (sk, i))))
+            == NULL)
+            return (0);
+    }
+    return (1);
+}
+
+int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,
+                         STACK_OF(X509_ATTRIBUTE) *sk)
+{
+    int i;
+
+    if (p7si->unauth_attr != NULL)
+        sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, X509_ATTRIBUTE_free);
+    p7si->unauth_attr = sk_X509_ATTRIBUTE_dup(sk);
+    if (p7si->unauth_attr == NULL)
+        return 0;
+    for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
+        if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr, i,
+                                   X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value
+                                                      (sk, i))))
+            == NULL)
+            return (0);
+    }
+    return (1);
+}
+
+int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
+                               void *value)
+{
+    return (add_attribute(&(p7si->auth_attr), nid, atrtype, value));
+}
+
+int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
+                        void *value)
+{
+    return (add_attribute(&(p7si->unauth_attr), nid, atrtype, value));
+}
+
+static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
+                         void *value)
+{
+    X509_ATTRIBUTE *attr = NULL;
+
+    if (*sk == NULL) {
+        *sk = sk_X509_ATTRIBUTE_new_null();
+        if (*sk == NULL)
+            return 0;
+ new_attrib:
+        if (!(attr = X509_ATTRIBUTE_create(nid, atrtype, value)))
+            return 0;
+        if (!sk_X509_ATTRIBUTE_push(*sk, attr)) {
+            X509_ATTRIBUTE_free(attr);
+            return 0;
+        }
+    } else {
+        int i;
+
+        for (i = 0; i < sk_X509_ATTRIBUTE_num(*sk); i++) {
+            attr = sk_X509_ATTRIBUTE_value(*sk, i);
+            if (OBJ_obj2nid(attr->object) == nid) {
+                X509_ATTRIBUTE_free(attr);
+                attr = X509_ATTRIBUTE_create(nid, atrtype, value);
+                if (attr == NULL)
+                    return 0;
+                if (!sk_X509_ATTRIBUTE_set(*sk, i, attr)) {
+                    X509_ATTRIBUTE_free(attr);
+                    return 0;
+                }
+                goto end;
+            }
+        }
+        goto new_attrib;
+    }
+ end:
+    return (1);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/rand/rand_unix.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rand/rand_unix.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/rand/rand_unix.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,447 +0,0 @@
-/* crypto/rand/rand_unix.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-#include <stdio.h>
-
-#define USE_SOCKETS
-#include "e_os.h"
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#include "rand_lcl.h"
-
-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
-
-# include <sys/types.h>
-# include <sys/time.h>
-# include <sys/times.h>
-# include <sys/stat.h>
-# include <fcntl.h>
-# include <unistd.h>
-# include <time.h>
-# if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually
-                                 * everywhere */
-#  include <poll.h>
-# endif
-# include <limits.h>
-# ifndef FD_SETSIZE
-#  define FD_SETSIZE (8*sizeof(fd_set))
-# endif
-
-# if defined(OPENSSL_SYS_VOS)
-
-/*
- * The following algorithm repeatedly samples the real-time clock (RTC) to
- * generate a sequence of unpredictable data.  The algorithm relies upon the
- * uneven execution speed of the code (due to factors such as cache misses,
- * interrupts, bus activity, and scheduling) and upon the rather large
- * relative difference between the speed of the clock and the rate at which
- * it can be read.
- *
- * If this code is ported to an environment where execution speed is more
- * constant or where the RTC ticks at a much slower rate, or the clock can be
- * read with fewer instructions, it is likely that the results would be far
- * more predictable.
- *
- * As a precaution, we generate 4 times the minimum required amount of seed
- * data.
- */
-
-int RAND_poll(void)
-{
-    short int code;
-    gid_t curr_gid;
-    pid_t curr_pid;
-    uid_t curr_uid;
-    int i, k;
-    struct timespec ts;
-    unsigned char v;
-
-#  ifdef OPENSSL_SYS_VOS_HPPA
-    long duration;
-    extern void s$sleep(long *_duration, short int *_code);
-#  else
-#   ifdef OPENSSL_SYS_VOS_IA32
-    long long duration;
-    extern void s$sleep2(long long *_duration, short int *_code);
-#   else
-#    error "Unsupported Platform."
-#   endif                       /* OPENSSL_SYS_VOS_IA32 */
-#  endif                        /* OPENSSL_SYS_VOS_HPPA */
-
-    /*
-     * Seed with the gid, pid, and uid, to ensure *some* variation between
-     * different processes.
-     */
-
-    curr_gid = getgid();
-    RAND_add(&curr_gid, sizeof curr_gid, 1);
-    curr_gid = 0;
-
-    curr_pid = getpid();
-    RAND_add(&curr_pid, sizeof curr_pid, 1);
-    curr_pid = 0;
-
-    curr_uid = getuid();
-    RAND_add(&curr_uid, sizeof curr_uid, 1);
-    curr_uid = 0;
-
-    for (i = 0; i < (ENTROPY_NEEDED * 4); i++) {
-        /*
-         * burn some cpu; hope for interrupts, cache collisions, bus
-         * interference, etc.
-         */
-        for (k = 0; k < 99; k++)
-            ts.tv_nsec = random();
-
-#  ifdef OPENSSL_SYS_VOS_HPPA
-        /* sleep for 1/1024 of a second (976 us).  */
-        duration = 1;
-        s$sleep(&duration, &code);
-#  else
-#   ifdef OPENSSL_SYS_VOS_IA32
-        /* sleep for 1/65536 of a second (15 us).  */
-        duration = 1;
-        s$sleep2(&duration, &code);
-#   endif                       /* OPENSSL_SYS_VOS_IA32 */
-#  endif                        /* OPENSSL_SYS_VOS_HPPA */
-
-        /* get wall clock time.  */
-        clock_gettime(CLOCK_REALTIME, &ts);
-
-        /* take 8 bits */
-        v = (unsigned char)(ts.tv_nsec % 256);
-        RAND_add(&v, sizeof v, 1);
-        v = 0;
-    }
-    return 1;
-}
-# elif defined __OpenBSD__
-int RAND_poll(void)
-{
-    u_int32_t rnd = 0, i;
-    unsigned char buf[ENTROPY_NEEDED];
-
-    for (i = 0; i < sizeof(buf); i++) {
-        if (i % 4 == 0)
-            rnd = arc4random();
-        buf[i] = rnd;
-        rnd >>= 8;
-    }
-    RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);
-    memset(buf, 0, sizeof(buf));
-
-    return 1;
-}
-# else                          /* !defined(__OpenBSD__) */
-int RAND_poll(void)
-{
-    unsigned long l;
-    pid_t curr_pid = getpid();
-#  if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
-    unsigned char tmpbuf[ENTROPY_NEEDED];
-    int n = 0;
-#  endif
-#  ifdef DEVRANDOM
-    static const char *randomfiles[] = { DEVRANDOM };
-    struct stat randomstats[sizeof(randomfiles) / sizeof(randomfiles[0])];
-    int fd;
-    unsigned int i;
-#  endif
-#  ifdef DEVRANDOM_EGD
-    static const char *egdsockets[] = { DEVRANDOM_EGD, NULL };
-    const char **egdsocket = NULL;
-#  endif
-
-#  ifdef DEVRANDOM
-    memset(randomstats, 0, sizeof(randomstats));
-    /*
-     * Use a random entropy pool device. Linux, FreeBSD and OpenBSD have
-     * this. Use /dev/urandom if you can as /dev/random may block if it runs
-     * out of random entries.
-     */
-
-    for (i = 0; (i < sizeof(randomfiles) / sizeof(randomfiles[0])) &&
-         (n < ENTROPY_NEEDED); i++) {
-        if ((fd = open(randomfiles[i], O_RDONLY
-#   ifdef O_NONBLOCK
-                       | O_NONBLOCK
-#   endif
-#   ifdef O_BINARY
-                       | O_BINARY
-#   endif
-#   ifdef O_NOCTTY              /* If it happens to be a TTY (god forbid), do
-                                 * not make it our controlling tty */
-                       | O_NOCTTY
-#   endif
-             )) >= 0) {
-            int usec = 10 * 1000; /* spend 10ms on each file */
-            int r;
-            unsigned int j;
-            struct stat *st = &randomstats[i];
-
-            /*
-             * Avoid using same input... Used to be O_NOFOLLOW above, but
-             * it's not universally appropriate...
-             */
-            if (fstat(fd, st) != 0) {
-                close(fd);
-                continue;
-            }
-            for (j = 0; j < i; j++) {
-                if (randomstats[j].st_ino == st->st_ino &&
-                    randomstats[j].st_dev == st->st_dev)
-                    break;
-            }
-            if (j < i) {
-                close(fd);
-                continue;
-            }
-
-            do {
-                int try_read = 0;
-
-#   if defined(OPENSSL_SYS_BEOS_R5)
-                /*
-                 * select() is broken in BeOS R5, so we simply try to read
-                 * something and snooze if we couldn't
-                 */
-                try_read = 1;
-
-#   elif defined(OPENSSL_SYS_LINUX)
-                /* use poll() */
-                struct pollfd pset;
-
-                pset.fd = fd;
-                pset.events = POLLIN;
-                pset.revents = 0;
-
-                if (poll(&pset, 1, usec / 1000) < 0)
-                    usec = 0;
-                else
-                    try_read = (pset.revents & POLLIN) != 0;
-
-#   else
-                /* use select() */
-                fd_set fset;
-                struct timeval t;
-
-                t.tv_sec = 0;
-                t.tv_usec = usec;
-
-                if (FD_SETSIZE > 0 && (unsigned)fd >= FD_SETSIZE) {
-                    /*
-                     * can't use select, so just try to read once anyway
-                     */
-                    try_read = 1;
-                } else {
-                    FD_ZERO(&fset);
-                    FD_SET(fd, &fset);
-
-                    if (select(fd + 1, &fset, NULL, NULL, &t) >= 0) {
-                        usec = t.tv_usec;
-                        if (FD_ISSET(fd, &fset))
-                            try_read = 1;
-                    } else
-                        usec = 0;
-                }
-#   endif
-
-                if (try_read) {
-                    r = read(fd, (unsigned char *)tmpbuf + n,
-                             ENTROPY_NEEDED - n);
-                    if (r > 0)
-                        n += r;
-#   if defined(OPENSSL_SYS_BEOS_R5)
-                    if (r == 0)
-                        snooze(t.tv_usec);
-#   endif
-                } else
-                    r = -1;
-
-                /*
-                 * Some Unixen will update t in select(), some won't.  For
-                 * those who won't, or if we didn't use select() in the first
-                 * place, give up here, otherwise, we will do this once again
-                 * for the remaining time.
-                 */
-                if (usec == 10 * 1000)
-                    usec = 0;
-            }
-            while ((r > 0 ||
-                    (errno == EINTR || errno == EAGAIN)) && usec != 0
-                   && n < ENTROPY_NEEDED);
-
-            close(fd);
-        }
-    }
-#  endif                        /* defined(DEVRANDOM) */
-
-#  ifdef DEVRANDOM_EGD
-    /*
-     * Use an EGD socket to read entropy from an EGD or PRNGD entropy
-     * collecting daemon.
-     */
-
-    for (egdsocket = egdsockets; *egdsocket && n < ENTROPY_NEEDED;
-         egdsocket++) {
-        int r;
-
-        r = RAND_query_egd_bytes(*egdsocket, (unsigned char *)tmpbuf + n,
-                                 ENTROPY_NEEDED - n);
-        if (r > 0)
-            n += r;
-    }
-#  endif                        /* defined(DEVRANDOM_EGD) */
-
-#  if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
-    if (n > 0) {
-        RAND_add(tmpbuf, sizeof tmpbuf, (double)n);
-        OPENSSL_cleanse(tmpbuf, n);
-    }
-#  endif
-
-    /* put in some default random data, we need more than just this */
-    l = curr_pid;
-    RAND_add(&l, sizeof(l), 0.0);
-    l = getuid();
-    RAND_add(&l, sizeof(l), 0.0);
-
-    l = time(NULL);
-    RAND_add(&l, sizeof(l), 0.0);
-
-#  if defined(OPENSSL_SYS_BEOS)
-    {
-        system_info sysInfo;
-        get_system_info(&sysInfo);
-        RAND_add(&sysInfo, sizeof(sysInfo), 0);
-    }
-#  endif
-
-#  if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
-    return 1;
-#  else
-    return 0;
-#  endif
-}
-
-# endif                         /* defined(__OpenBSD__) */
-#endif                          /* !(defined(OPENSSL_SYS_WINDOWS) ||
-                                 * defined(OPENSSL_SYS_WIN32) ||
-                                 * defined(OPENSSL_SYS_VMS) ||
-                                 * defined(OPENSSL_SYS_OS2) ||
-                                 * defined(OPENSSL_SYS_VXWORKS) ||
-                                 * defined(OPENSSL_SYS_NETWARE)) */
-
-#if defined(OPENSSL_SYS_VXWORKS)
-int RAND_poll(void)
-{
-    return 0;
-}
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/rand/rand_unix.c (from rev 11605, vendor-crypto/openssl/dist/crypto/rand/rand_unix.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/rand/rand_unix.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/rand/rand_unix.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,447 @@
+/* crypto/rand/rand_unix.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+
+#define USE_SOCKETS
+#include "e_os.h"
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+
+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
+
+# include <sys/types.h>
+# include <sys/time.h>
+# include <sys/times.h>
+# include <sys/stat.h>
+# include <fcntl.h>
+# include <unistd.h>
+# include <time.h>
+# if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually
+                                 * everywhere */
+#  include <poll.h>
+# endif
+# include <limits.h>
+# ifndef FD_SETSIZE
+#  define FD_SETSIZE (8*sizeof(fd_set))
+# endif
+
+# if defined(OPENSSL_SYS_VOS)
+
+/*
+ * The following algorithm repeatedly samples the real-time clock (RTC) to
+ * generate a sequence of unpredictable data.  The algorithm relies upon the
+ * uneven execution speed of the code (due to factors such as cache misses,
+ * interrupts, bus activity, and scheduling) and upon the rather large
+ * relative difference between the speed of the clock and the rate at which
+ * it can be read.
+ *
+ * If this code is ported to an environment where execution speed is more
+ * constant or where the RTC ticks at a much slower rate, or the clock can be
+ * read with fewer instructions, it is likely that the results would be far
+ * more predictable.
+ *
+ * As a precaution, we generate 4 times the minimum required amount of seed
+ * data.
+ */
+
+int RAND_poll(void)
+{
+    short int code;
+    gid_t curr_gid;
+    pid_t curr_pid;
+    uid_t curr_uid;
+    int i, k;
+    struct timespec ts;
+    unsigned char v;
+
+#  ifdef OPENSSL_SYS_VOS_HPPA
+    long duration;
+    extern void s$sleep(long *_duration, short int *_code);
+#  else
+#   ifdef OPENSSL_SYS_VOS_IA32
+    long long duration;
+    extern void s$sleep2(long long *_duration, short int *_code);
+#   else
+#    error "Unsupported Platform."
+#   endif                       /* OPENSSL_SYS_VOS_IA32 */
+#  endif                        /* OPENSSL_SYS_VOS_HPPA */
+
+    /*
+     * Seed with the gid, pid, and uid, to ensure *some* variation between
+     * different processes.
+     */
+
+    curr_gid = getgid();
+    RAND_add(&curr_gid, sizeof curr_gid, 1);
+    curr_gid = 0;
+
+    curr_pid = getpid();
+    RAND_add(&curr_pid, sizeof curr_pid, 1);
+    curr_pid = 0;
+
+    curr_uid = getuid();
+    RAND_add(&curr_uid, sizeof curr_uid, 1);
+    curr_uid = 0;
+
+    for (i = 0; i < (ENTROPY_NEEDED * 4); i++) {
+        /*
+         * burn some cpu; hope for interrupts, cache collisions, bus
+         * interference, etc.
+         */
+        for (k = 0; k < 99; k++)
+            ts.tv_nsec = random();
+
+#  ifdef OPENSSL_SYS_VOS_HPPA
+        /* sleep for 1/1024 of a second (976 us).  */
+        duration = 1;
+        s$sleep(&duration, &code);
+#  else
+#   ifdef OPENSSL_SYS_VOS_IA32
+        /* sleep for 1/65536 of a second (15 us).  */
+        duration = 1;
+        s$sleep2(&duration, &code);
+#   endif                       /* OPENSSL_SYS_VOS_IA32 */
+#  endif                        /* OPENSSL_SYS_VOS_HPPA */
+
+        /* get wall clock time.  */
+        clock_gettime(CLOCK_REALTIME, &ts);
+
+        /* take 8 bits */
+        v = (unsigned char)(ts.tv_nsec % 256);
+        RAND_add(&v, sizeof v, 1);
+        v = 0;
+    }
+    return 1;
+}
+# elif defined __OpenBSD__
+int RAND_poll(void)
+{
+    u_int32_t rnd = 0, i;
+    unsigned char buf[ENTROPY_NEEDED];
+
+    for (i = 0; i < sizeof(buf); i++) {
+        if (i % 4 == 0)
+            rnd = arc4random();
+        buf[i] = rnd;
+        rnd >>= 8;
+    }
+    RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);
+    OPENSSL_cleanse(buf, sizeof(buf));
+
+    return 1;
+}
+# else                          /* !defined(__OpenBSD__) */
+int RAND_poll(void)
+{
+    unsigned long l;
+    pid_t curr_pid = getpid();
+#  if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
+    unsigned char tmpbuf[ENTROPY_NEEDED];
+    int n = 0;
+#  endif
+#  ifdef DEVRANDOM
+    static const char *randomfiles[] = { DEVRANDOM };
+    struct stat randomstats[sizeof(randomfiles) / sizeof(randomfiles[0])];
+    int fd;
+    unsigned int i;
+#  endif
+#  ifdef DEVRANDOM_EGD
+    static const char *egdsockets[] = { DEVRANDOM_EGD, NULL };
+    const char **egdsocket = NULL;
+#  endif
+
+#  ifdef DEVRANDOM
+    memset(randomstats, 0, sizeof(randomstats));
+    /*
+     * Use a random entropy pool device. Linux, FreeBSD and OpenBSD have
+     * this. Use /dev/urandom if you can as /dev/random may block if it runs
+     * out of random entries.
+     */
+
+    for (i = 0; (i < sizeof(randomfiles) / sizeof(randomfiles[0])) &&
+         (n < ENTROPY_NEEDED); i++) {
+        if ((fd = open(randomfiles[i], O_RDONLY
+#   ifdef O_NONBLOCK
+                       | O_NONBLOCK
+#   endif
+#   ifdef O_BINARY
+                       | O_BINARY
+#   endif
+#   ifdef O_NOCTTY              /* If it happens to be a TTY (god forbid), do
+                                 * not make it our controlling tty */
+                       | O_NOCTTY
+#   endif
+             )) >= 0) {
+            int usec = 10 * 1000; /* spend 10ms on each file */
+            int r;
+            unsigned int j;
+            struct stat *st = &randomstats[i];
+
+            /*
+             * Avoid using same input... Used to be O_NOFOLLOW above, but
+             * it's not universally appropriate...
+             */
+            if (fstat(fd, st) != 0) {
+                close(fd);
+                continue;
+            }
+            for (j = 0; j < i; j++) {
+                if (randomstats[j].st_ino == st->st_ino &&
+                    randomstats[j].st_dev == st->st_dev)
+                    break;
+            }
+            if (j < i) {
+                close(fd);
+                continue;
+            }
+
+            do {
+                int try_read = 0;
+
+#   if defined(OPENSSL_SYS_BEOS_R5)
+                /*
+                 * select() is broken in BeOS R5, so we simply try to read
+                 * something and snooze if we couldn't
+                 */
+                try_read = 1;
+
+#   elif defined(OPENSSL_SYS_LINUX)
+                /* use poll() */
+                struct pollfd pset;
+
+                pset.fd = fd;
+                pset.events = POLLIN;
+                pset.revents = 0;
+
+                if (poll(&pset, 1, usec / 1000) < 0)
+                    usec = 0;
+                else
+                    try_read = (pset.revents & POLLIN) != 0;
+
+#   else
+                /* use select() */
+                fd_set fset;
+                struct timeval t;
+
+                t.tv_sec = 0;
+                t.tv_usec = usec;
+
+                if (FD_SETSIZE > 0 && (unsigned)fd >= FD_SETSIZE) {
+                    /*
+                     * can't use select, so just try to read once anyway
+                     */
+                    try_read = 1;
+                } else {
+                    FD_ZERO(&fset);
+                    FD_SET(fd, &fset);
+
+                    if (select(fd + 1, &fset, NULL, NULL, &t) >= 0) {
+                        usec = t.tv_usec;
+                        if (FD_ISSET(fd, &fset))
+                            try_read = 1;
+                    } else
+                        usec = 0;
+                }
+#   endif
+
+                if (try_read) {
+                    r = read(fd, (unsigned char *)tmpbuf + n,
+                             ENTROPY_NEEDED - n);
+                    if (r > 0)
+                        n += r;
+#   if defined(OPENSSL_SYS_BEOS_R5)
+                    if (r == 0)
+                        snooze(t.tv_usec);
+#   endif
+                } else
+                    r = -1;
+
+                /*
+                 * Some Unixen will update t in select(), some won't.  For
+                 * those who won't, or if we didn't use select() in the first
+                 * place, give up here, otherwise, we will do this once again
+                 * for the remaining time.
+                 */
+                if (usec == 10 * 1000)
+                    usec = 0;
+            }
+            while ((r > 0 ||
+                    (errno == EINTR || errno == EAGAIN)) && usec != 0
+                   && n < ENTROPY_NEEDED);
+
+            close(fd);
+        }
+    }
+#  endif                        /* defined(DEVRANDOM) */
+
+#  ifdef DEVRANDOM_EGD
+    /*
+     * Use an EGD socket to read entropy from an EGD or PRNGD entropy
+     * collecting daemon.
+     */
+
+    for (egdsocket = egdsockets; *egdsocket && n < ENTROPY_NEEDED;
+         egdsocket++) {
+        int r;
+
+        r = RAND_query_egd_bytes(*egdsocket, (unsigned char *)tmpbuf + n,
+                                 ENTROPY_NEEDED - n);
+        if (r > 0)
+            n += r;
+    }
+#  endif                        /* defined(DEVRANDOM_EGD) */
+
+#  if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
+    if (n > 0) {
+        RAND_add(tmpbuf, sizeof tmpbuf, (double)n);
+        OPENSSL_cleanse(tmpbuf, n);
+    }
+#  endif
+
+    /* put in some default random data, we need more than just this */
+    l = curr_pid;
+    RAND_add(&l, sizeof(l), 0.0);
+    l = getuid();
+    RAND_add(&l, sizeof(l), 0.0);
+
+    l = time(NULL);
+    RAND_add(&l, sizeof(l), 0.0);
+
+#  if defined(OPENSSL_SYS_BEOS)
+    {
+        system_info sysInfo;
+        get_system_info(&sysInfo);
+        RAND_add(&sysInfo, sizeof(sysInfo), 0);
+    }
+#  endif
+
+#  if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
+    return 1;
+#  else
+    return 0;
+#  endif
+}
+
+# endif                         /* defined(__OpenBSD__) */
+#endif                          /* !(defined(OPENSSL_SYS_WINDOWS) ||
+                                 * defined(OPENSSL_SYS_WIN32) ||
+                                 * defined(OPENSSL_SYS_VMS) ||
+                                 * defined(OPENSSL_SYS_OS2) ||
+                                 * defined(OPENSSL_SYS_VXWORKS) ||
+                                 * defined(OPENSSL_SYS_NETWARE)) */
+
+#if defined(OPENSSL_SYS_VXWORKS)
+int RAND_poll(void)
+{
+    return 0;
+}
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/rand/rand_vms.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rand/rand_vms.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/rand/rand_vms.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,159 +0,0 @@
-/* crypto/rand/rand_vms.c -*- mode:C; c-file-style: "eay" -*- */
-/*
- * Written by Richard Levitte <richard at levitte.org> for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <openssl/rand.h>
-#include "rand_lcl.h"
-
-#if defined(OPENSSL_SYS_VMS)
-
-# include <descrip.h>
-# include <jpidef.h>
-# include <ssdef.h>
-# include <starlet.h>
-# ifdef __DECC
-#  pragma message disable DOLLARID
-# endif
-
-/*
- * Use 32-bit pointers almost everywhere.  Define the type to which to cast a
- * pointer passed to an external function.
- */
-# if __INITIAL_POINTER_SIZE == 64
-#  define PTR_T __void_ptr64
-#  pragma pointer_size save
-#  pragma pointer_size 32
-# else                          /* __INITIAL_POINTER_SIZE == 64 */
-#  define PTR_T void *
-# endif                         /* __INITIAL_POINTER_SIZE == 64 [else] */
-
-static struct items_data_st {
-    short length, code;         /* length is amount of bytes */
-} items_data[] = {
-    {
-        4, JPI$_BUFIO
-    },
-    {
-        4, JPI$_CPUTIM
-    },
-    {
-        4, JPI$_DIRIO
-    },
-    {
-        8, JPI$_LOGINTIM
-    },
-    {
-        4, JPI$_PAGEFLTS
-    },
-    {
-        4, JPI$_PID
-    },
-    {
-        4, JPI$_WSSIZE
-    },
-    {
-        0, 0
-    }
-};
-
-int RAND_poll(void)
-{
-    long pid, iosb[2];
-    int status = 0;
-    struct {
-        short length, code;
-        long *buffer;
-        int *retlen;
-    } item[32], *pitem;
-    unsigned char data_buffer[256];
-    short total_length = 0;
-    struct items_data_st *pitems_data;
-
-    pitems_data = items_data;
-    pitem = item;
-
-    /* Setup */
-    while (pitems_data->length && (total_length + pitems_data->length <= 256)) {
-        pitem->length = pitems_data->length;
-        pitem->code = pitems_data->code;
-        pitem->buffer = (long *)&data_buffer[total_length];
-        pitem->retlen = 0;
-        total_length += pitems_data->length;
-        pitems_data++;
-        pitem ++;
-    }
-    pitem->length = pitem->code = 0;
-
-    /*
-     * Scan through all the processes in the system and add entropy with
-     * results from the processes that were possible to look at.
-     * However, view the information as only half trustable.
-     */
-    pid = -1;                   /* search context */
-    while ((status = sys$getjpiw(0, &pid, 0, item, iosb, 0, 0))
-           != SS$_NOMOREPROC) {
-        if (status == SS$_NORMAL) {
-            RAND_add((PTR_T) data_buffer, total_length, total_length / 2);
-        }
-    }
-    sys$gettim(iosb);
-    RAND_add((PTR_T) iosb, sizeof(iosb), sizeof(iosb) / 2);
-    return 1;
-}
-
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/rand/rand_vms.c (from rev 11605, vendor-crypto/openssl/dist/crypto/rand/rand_vms.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/rand/rand_vms.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/rand/rand_vms.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,159 @@
+/* crypto/rand/rand_vms.c */
+/*
+ * Written by Richard Levitte <richard at levitte.org> for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+
+#if defined(OPENSSL_SYS_VMS)
+
+# include <descrip.h>
+# include <jpidef.h>
+# include <ssdef.h>
+# include <starlet.h>
+# ifdef __DECC
+#  pragma message disable DOLLARID
+# endif
+
+/*
+ * Use 32-bit pointers almost everywhere.  Define the type to which to cast a
+ * pointer passed to an external function.
+ */
+# if __INITIAL_POINTER_SIZE == 64
+#  define PTR_T __void_ptr64
+#  pragma pointer_size save
+#  pragma pointer_size 32
+# else                          /* __INITIAL_POINTER_SIZE == 64 */
+#  define PTR_T void *
+# endif                         /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+static struct items_data_st {
+    short length, code;         /* length is amount of bytes */
+} items_data[] = {
+    {
+        4, JPI$_BUFIO
+    },
+    {
+        4, JPI$_CPUTIM
+    },
+    {
+        4, JPI$_DIRIO
+    },
+    {
+        8, JPI$_LOGINTIM
+    },
+    {
+        4, JPI$_PAGEFLTS
+    },
+    {
+        4, JPI$_PID
+    },
+    {
+        4, JPI$_WSSIZE
+    },
+    {
+        0, 0
+    }
+};
+
+int RAND_poll(void)
+{
+    long pid, iosb[2];
+    int status = 0;
+    struct {
+        short length, code;
+        long *buffer;
+        int *retlen;
+    } item[32], *pitem;
+    unsigned char data_buffer[256];
+    short total_length = 0;
+    struct items_data_st *pitems_data;
+
+    pitems_data = items_data;
+    pitem = item;
+
+    /* Setup */
+    while (pitems_data->length && (total_length + pitems_data->length <= 256)) {
+        pitem->length = pitems_data->length;
+        pitem->code = pitems_data->code;
+        pitem->buffer = (long *)&data_buffer[total_length];
+        pitem->retlen = 0;
+        total_length += pitems_data->length;
+        pitems_data++;
+        pitem ++;
+    }
+    pitem->length = pitem->code = 0;
+
+    /*
+     * Scan through all the processes in the system and add entropy with
+     * results from the processes that were possible to look at.
+     * However, view the information as only half trustable.
+     */
+    pid = -1;                   /* search context */
+    while ((status = sys$getjpiw(0, &pid, 0, item, iosb, 0, 0))
+           != SS$_NOMOREPROC) {
+        if (status == SS$_NORMAL) {
+            RAND_add((PTR_T) data_buffer, total_length, total_length / 2);
+        }
+    }
+    sys$gettim(iosb);
+    RAND_add((PTR_T) iosb, sizeof(iosb), sizeof(iosb) / 2);
+    return 1;
+}
+
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/rc4/rc4_utl.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rc4/rc4_utl.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/rc4/rc4_utl.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,62 +0,0 @@
-/* crypto/rc4/rc4_utl.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/opensslv.h>
-#include <openssl/crypto.h>
-#include <openssl/rc4.h>
-
-void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
-{
-#ifdef OPENSSL_FIPS
-    fips_cipher_abort(RC4);
-#endif
-    private_RC4_set_key(key, len, data);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/rc4/rc4_utl.c (from rev 11605, vendor-crypto/openssl/dist/crypto/rc4/rc4_utl.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/rc4/rc4_utl.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/rc4/rc4_utl.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,62 @@
+/* crypto/rc4/rc4_utl.c */
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <openssl/opensslv.h>
+#include <openssl/crypto.h>
+#include <openssl/rc4.h>
+
+void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
+{
+#ifdef OPENSSL_FIPS
+    fips_cipher_abort(RC4);
+#endif
+    private_RC4_set_key(key, len, data);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/rsa/rsa_chk.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rsa/rsa_chk.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/rsa/rsa_chk.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,214 +0,0 @@
-/* crypto/rsa/rsa_chk.c  -*- Mode: C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include <openssl/bn.h>
-#include <openssl/err.h>
-#include <openssl/rsa.h>
-
-int RSA_check_key(const RSA *key)
-{
-    BIGNUM *i, *j, *k, *l, *m;
-    BN_CTX *ctx;
-    int r;
-    int ret = 1;
-
-    if (!key->p || !key->q || !key->n || !key->e || !key->d) {
-        RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_VALUE_MISSING);
-        return 0;
-    }
-
-    i = BN_new();
-    j = BN_new();
-    k = BN_new();
-    l = BN_new();
-    m = BN_new();
-    ctx = BN_CTX_new();
-    if (i == NULL || j == NULL || k == NULL || l == NULL ||
-        m == NULL || ctx == NULL) {
-        ret = -1;
-        RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    /* p prime? */
-    r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL);
-    if (r != 1) {
-        ret = r;
-        if (r != 0)
-            goto err;
-        RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME);
-    }
-
-    /* q prime? */
-    r = BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL);
-    if (r != 1) {
-        ret = r;
-        if (r != 0)
-            goto err;
-        RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME);
-    }
-
-    /* n = p*q? */
-    r = BN_mul(i, key->p, key->q, ctx);
-    if (!r) {
-        ret = -1;
-        goto err;
-    }
-
-    if (BN_cmp(i, key->n) != 0) {
-        ret = 0;
-        RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q);
-    }
-
-    /* d*e = 1  mod lcm(p-1,q-1)? */
-
-    r = BN_sub(i, key->p, BN_value_one());
-    if (!r) {
-        ret = -1;
-        goto err;
-    }
-    r = BN_sub(j, key->q, BN_value_one());
-    if (!r) {
-        ret = -1;
-        goto err;
-    }
-
-    /* now compute k = lcm(i,j) */
-    r = BN_mul(l, i, j, ctx);
-    if (!r) {
-        ret = -1;
-        goto err;
-    }
-    r = BN_gcd(m, i, j, ctx);
-    if (!r) {
-        ret = -1;
-        goto err;
-    }
-    r = BN_div(k, NULL, l, m, ctx); /* remainder is 0 */
-    if (!r) {
-        ret = -1;
-        goto err;
-    }
-
-    r = BN_mod_mul(i, key->d, key->e, k, ctx);
-    if (!r) {
-        ret = -1;
-        goto err;
-    }
-
-    if (!BN_is_one(i)) {
-        ret = 0;
-        RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1);
-    }
-
-    if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) {
-        /* dmp1 = d mod (p-1)? */
-        r = BN_sub(i, key->p, BN_value_one());
-        if (!r) {
-            ret = -1;
-            goto err;
-        }
-
-        r = BN_mod(j, key->d, i, ctx);
-        if (!r) {
-            ret = -1;
-            goto err;
-        }
-
-        if (BN_cmp(j, key->dmp1) != 0) {
-            ret = 0;
-            RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_DMP1_NOT_CONGRUENT_TO_D);
-        }
-
-        /* dmq1 = d mod (q-1)? */
-        r = BN_sub(i, key->q, BN_value_one());
-        if (!r) {
-            ret = -1;
-            goto err;
-        }
-
-        r = BN_mod(j, key->d, i, ctx);
-        if (!r) {
-            ret = -1;
-            goto err;
-        }
-
-        if (BN_cmp(j, key->dmq1) != 0) {
-            ret = 0;
-            RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_DMQ1_NOT_CONGRUENT_TO_D);
-        }
-
-        /* iqmp = q^-1 mod p? */
-        if (!BN_mod_inverse(i, key->q, key->p, ctx)) {
-            ret = -1;
-            goto err;
-        }
-
-        if (BN_cmp(i, key->iqmp) != 0) {
-            ret = 0;
-            RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_IQMP_NOT_INVERSE_OF_Q);
-        }
-    }
-
- err:
-    if (i != NULL)
-        BN_free(i);
-    if (j != NULL)
-        BN_free(j);
-    if (k != NULL)
-        BN_free(k);
-    if (l != NULL)
-        BN_free(l);
-    if (m != NULL)
-        BN_free(m);
-    if (ctx != NULL)
-        BN_CTX_free(ctx);
-    return (ret);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/rsa/rsa_chk.c (from rev 11605, vendor-crypto/openssl/dist/crypto/rsa/rsa_chk.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/rsa/rsa_chk.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/rsa/rsa_chk.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,214 @@
+/* crypto/rsa/rsa_chk.c  */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <openssl/bn.h>
+#include <openssl/err.h>
+#include <openssl/rsa.h>
+
+int RSA_check_key(const RSA *key)
+{
+    BIGNUM *i, *j, *k, *l, *m;
+    BN_CTX *ctx;
+    int r;
+    int ret = 1;
+
+    if (!key->p || !key->q || !key->n || !key->e || !key->d) {
+        RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_VALUE_MISSING);
+        return 0;
+    }
+
+    i = BN_new();
+    j = BN_new();
+    k = BN_new();
+    l = BN_new();
+    m = BN_new();
+    ctx = BN_CTX_new();
+    if (i == NULL || j == NULL || k == NULL || l == NULL ||
+        m == NULL || ctx == NULL) {
+        ret = -1;
+        RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* p prime? */
+    r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL);
+    if (r != 1) {
+        ret = r;
+        if (r != 0)
+            goto err;
+        RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME);
+    }
+
+    /* q prime? */
+    r = BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL);
+    if (r != 1) {
+        ret = r;
+        if (r != 0)
+            goto err;
+        RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME);
+    }
+
+    /* n = p*q? */
+    r = BN_mul(i, key->p, key->q, ctx);
+    if (!r) {
+        ret = -1;
+        goto err;
+    }
+
+    if (BN_cmp(i, key->n) != 0) {
+        ret = 0;
+        RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q);
+    }
+
+    /* d*e = 1  mod lcm(p-1,q-1)? */
+
+    r = BN_sub(i, key->p, BN_value_one());
+    if (!r) {
+        ret = -1;
+        goto err;
+    }
+    r = BN_sub(j, key->q, BN_value_one());
+    if (!r) {
+        ret = -1;
+        goto err;
+    }
+
+    /* now compute k = lcm(i,j) */
+    r = BN_mul(l, i, j, ctx);
+    if (!r) {
+        ret = -1;
+        goto err;
+    }
+    r = BN_gcd(m, i, j, ctx);
+    if (!r) {
+        ret = -1;
+        goto err;
+    }
+    r = BN_div(k, NULL, l, m, ctx); /* remainder is 0 */
+    if (!r) {
+        ret = -1;
+        goto err;
+    }
+
+    r = BN_mod_mul(i, key->d, key->e, k, ctx);
+    if (!r) {
+        ret = -1;
+        goto err;
+    }
+
+    if (!BN_is_one(i)) {
+        ret = 0;
+        RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1);
+    }
+
+    if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) {
+        /* dmp1 = d mod (p-1)? */
+        r = BN_sub(i, key->p, BN_value_one());
+        if (!r) {
+            ret = -1;
+            goto err;
+        }
+
+        r = BN_mod(j, key->d, i, ctx);
+        if (!r) {
+            ret = -1;
+            goto err;
+        }
+
+        if (BN_cmp(j, key->dmp1) != 0) {
+            ret = 0;
+            RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_DMP1_NOT_CONGRUENT_TO_D);
+        }
+
+        /* dmq1 = d mod (q-1)? */
+        r = BN_sub(i, key->q, BN_value_one());
+        if (!r) {
+            ret = -1;
+            goto err;
+        }
+
+        r = BN_mod(j, key->d, i, ctx);
+        if (!r) {
+            ret = -1;
+            goto err;
+        }
+
+        if (BN_cmp(j, key->dmq1) != 0) {
+            ret = 0;
+            RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_DMQ1_NOT_CONGRUENT_TO_D);
+        }
+
+        /* iqmp = q^-1 mod p? */
+        if (!BN_mod_inverse(i, key->q, key->p, ctx)) {
+            ret = -1;
+            goto err;
+        }
+
+        if (BN_cmp(i, key->iqmp) != 0) {
+            ret = 0;
+            RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_IQMP_NOT_INVERSE_OF_Q);
+        }
+    }
+
+ err:
+    if (i != NULL)
+        BN_free(i);
+    if (j != NULL)
+        BN_free(j);
+    if (k != NULL)
+        BN_free(k);
+    if (l != NULL)
+        BN_free(l);
+    if (m != NULL)
+        BN_free(m);
+    if (ctx != NULL)
+        BN_CTX_free(ctx);
+    return (ret);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/seed/seed_cbc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/seed/seed_cbc.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/seed/seed_cbc.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,65 +0,0 @@
-/* crypto/seed/seed_cbc.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/seed.h>
-#include <openssl/modes.h>
-
-void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out,
-                      size_t len, const SEED_KEY_SCHEDULE *ks,
-                      unsigned char ivec[SEED_BLOCK_SIZE], int enc)
-{
-    if (enc)
-        CRYPTO_cbc128_encrypt(in, out, len, ks, ivec,
-                              (block128_f) SEED_encrypt);
-    else
-        CRYPTO_cbc128_decrypt(in, out, len, ks, ivec,
-                              (block128_f) SEED_decrypt);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/seed/seed_cbc.c (from rev 11605, vendor-crypto/openssl/dist/crypto/seed/seed_cbc.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/seed/seed_cbc.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/seed/seed_cbc.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,65 @@
+/* crypto/seed/seed_cbc.c */
+/* ====================================================================
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <openssl/seed.h>
+#include <openssl/modes.h>
+
+void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                      size_t len, const SEED_KEY_SCHEDULE *ks,
+                      unsigned char ivec[SEED_BLOCK_SIZE], int enc)
+{
+    if (enc)
+        CRYPTO_cbc128_encrypt(in, out, len, ks, ivec,
+                              (block128_f) SEED_encrypt);
+    else
+        CRYPTO_cbc128_decrypt(in, out, len, ks, ivec,
+                              (block128_f) SEED_decrypt);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/seed/seed_cfb.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/seed/seed_cfb.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/seed/seed_cfb.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,118 +0,0 @@
-/* crypto/seed/seed_cfb.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/seed.h>
-#include <openssl/modes.h>
-
-void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out,
-                         size_t len, const SEED_KEY_SCHEDULE *ks,
-                         unsigned char ivec[SEED_BLOCK_SIZE], int *num,
-                         int enc)
-{
-    CRYPTO_cfb128_encrypt(in, out, len, ks, ivec, num, enc,
-                          (block128_f) SEED_encrypt);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/seed/seed_cfb.c (from rev 11605, vendor-crypto/openssl/dist/crypto/seed/seed_cfb.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/seed/seed_cfb.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/seed/seed_cfb.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,118 @@
+/* crypto/seed/seed_cfb.c */
+/* ====================================================================
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/seed.h>
+#include <openssl/modes.h>
+
+void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                         size_t len, const SEED_KEY_SCHEDULE *ks,
+                         unsigned char ivec[SEED_BLOCK_SIZE], int *num,
+                         int enc)
+{
+    CRYPTO_cfb128_encrypt(in, out, len, ks, ivec, num, enc,
+                          (block128_f) SEED_encrypt);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/seed/seed_ecb.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/seed/seed_ecb.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/seed/seed_ecb.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,61 +0,0 @@
-/* crypto/seed/seed_ecb.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/seed.h>
-
-void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out,
-                      const SEED_KEY_SCHEDULE *ks, int enc)
-{
-    if (enc)
-        SEED_encrypt(in, out, ks);
-    else
-        SEED_decrypt(in, out, ks);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/seed/seed_ecb.c (from rev 11605, vendor-crypto/openssl/dist/crypto/seed/seed_ecb.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/seed/seed_ecb.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/seed/seed_ecb.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,61 @@
+/* crypto/seed/seed_ecb.c */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <openssl/seed.h>
+
+void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                      const SEED_KEY_SCHEDULE *ks, int enc)
+{
+    if (enc)
+        SEED_encrypt(in, out, ks);
+    else
+        SEED_decrypt(in, out, ks);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/seed/seed_ofb.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/seed/seed_ofb.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/seed/seed_ofb.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,117 +0,0 @@
-/* crypto/seed/seed_ofb.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/seed.h>
-#include <openssl/modes.h>
-
-void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out,
-                         size_t len, const SEED_KEY_SCHEDULE *ks,
-                         unsigned char ivec[SEED_BLOCK_SIZE], int *num)
-{
-    CRYPTO_ofb128_encrypt(in, out, len, ks, ivec, num,
-                          (block128_f) SEED_encrypt);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/seed/seed_ofb.c (from rev 11605, vendor-crypto/openssl/dist/crypto/seed/seed_ofb.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/seed/seed_ofb.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/seed/seed_ofb.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,117 @@
+/* crypto/seed/seed_ofb.c */
+/* ====================================================================
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/seed.h>
+#include <openssl/modes.h>
+
+void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                         size_t len, const SEED_KEY_SCHEDULE *ks,
+                         unsigned char ivec[SEED_BLOCK_SIZE], int *num)
+{
+    CRYPTO_ofb128_encrypt(in, out, len, ks, ivec, num,
+                          (block128_f) SEED_encrypt);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/sha/sha1test.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/sha/sha1test.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/sha/sha1test.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,174 +0,0 @@
-/* crypto/sha/sha1test.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "../e_os.h"
-
-#ifdef OPENSSL_NO_SHA
-int main(int argc, char *argv[])
-{
-    printf("No SHA support\n");
-    return (0);
-}
-#else
-# include <openssl/evp.h>
-# include <openssl/sha.h>
-
-# ifdef CHARSET_EBCDIC
-#  include <openssl/ebcdic.h>
-# endif
-
-# undef SHA_0                   /* FIPS 180 */
-# define  SHA_1                 /* FIPS 180-1 */
-
-static char *test[] = {
-    "abc",
-    "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
-    NULL,
-};
-
-# ifdef SHA_0
-static char *ret[] = {
-    "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880",
-    "d2516ee1acfa5baf33dfc1c471e438449ef134c8",
-};
-
-static char *bigret = "3232affa48628a26653b5aaa44541fd90d690603";
-# endif
-# ifdef SHA_1
-static char *ret[] = {
-    "a9993e364706816aba3e25717850c26c9cd0d89d",
-    "84983e441c3bd26ebaae4aa1f95129e5e54670f1",
-};
-
-static char *bigret = "34aa973cd4c4daa4f61eeb2bdbad27316534016f";
-# endif
-
-static char *pt(unsigned char *md);
-int main(int argc, char *argv[])
-{
-    int i, err = 0;
-    char **P, **R;
-    static unsigned char buf[1000];
-    char *p, *r;
-    EVP_MD_CTX c;
-    unsigned char md[SHA_DIGEST_LENGTH];
-
-# ifdef CHARSET_EBCDIC
-    ebcdic2ascii(test[0], test[0], strlen(test[0]));
-    ebcdic2ascii(test[1], test[1], strlen(test[1]));
-# endif
-
-    EVP_MD_CTX_init(&c);
-    P = test;
-    R = ret;
-    i = 1;
-    while (*P != NULL) {
-        EVP_Digest(*P, strlen((char *)*P), md, NULL, EVP_sha1(), NULL);
-        p = pt(md);
-        if (strcmp(p, (char *)*R) != 0) {
-            printf("error calculating SHA1 on '%s'\n", *P);
-            printf("got %s instead of %s\n", p, *R);
-            err++;
-        } else
-            printf("test %d ok\n", i);
-        i++;
-        R++;
-        P++;
-    }
-
-    memset(buf, 'a', 1000);
-# ifdef CHARSET_EBCDIC
-    ebcdic2ascii(buf, buf, 1000);
-# endif                         /* CHARSET_EBCDIC */
-    EVP_DigestInit_ex(&c, EVP_sha1(), NULL);
-    for (i = 0; i < 1000; i++)
-        EVP_DigestUpdate(&c, buf, 1000);
-    EVP_DigestFinal_ex(&c, md, NULL);
-    p = pt(md);
-
-    r = bigret;
-    if (strcmp(p, r) != 0) {
-        printf("error calculating SHA1 on 'a' * 1000\n");
-        printf("got %s instead of %s\n", p, r);
-        err++;
-    } else
-        printf("test 3 ok\n");
-
-# ifdef OPENSSL_SYS_NETWARE
-    if (err)
-        printf("ERROR: %d\n", err);
-# endif
-    EXIT(err);
-    EVP_MD_CTX_cleanup(&c);
-    return (0);
-}
-
-static char *pt(unsigned char *md)
-{
-    int i;
-    static char buf[80];
-
-    for (i = 0; i < SHA_DIGEST_LENGTH; i++)
-        sprintf(&(buf[i * 2]), "%02x", md[i]);
-    return (buf);
-}
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/sha/sha1test.c (from rev 11605, vendor-crypto/openssl/dist/crypto/sha/sha1test.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/sha/sha1test.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/sha/sha1test.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,174 @@
+/* crypto/sha/sha1test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_SHA
+int main(int argc, char *argv[])
+{
+    printf("No SHA support\n");
+    return (0);
+}
+#else
+# include <openssl/evp.h>
+# include <openssl/sha.h>
+
+# ifdef CHARSET_EBCDIC
+#  include <openssl/ebcdic.h>
+# endif
+
+# undef SHA_0                   /* FIPS 180 */
+# define  SHA_1                 /* FIPS 180-1 */
+
+static char *test[] = {
+    "abc",
+    "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+    NULL,
+};
+
+# ifdef SHA_0
+static char *ret[] = {
+    "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880",
+    "d2516ee1acfa5baf33dfc1c471e438449ef134c8",
+};
+
+static char *bigret = "3232affa48628a26653b5aaa44541fd90d690603";
+# endif
+# ifdef SHA_1
+static char *ret[] = {
+    "a9993e364706816aba3e25717850c26c9cd0d89d",
+    "84983e441c3bd26ebaae4aa1f95129e5e54670f1",
+};
+
+static char *bigret = "34aa973cd4c4daa4f61eeb2bdbad27316534016f";
+# endif
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+{
+    int i, err = 0;
+    char **P, **R;
+    static unsigned char buf[1000];
+    char *p, *r;
+    EVP_MD_CTX c;
+    unsigned char md[SHA_DIGEST_LENGTH];
+
+# ifdef CHARSET_EBCDIC
+    ebcdic2ascii(test[0], test[0], strlen(test[0]));
+    ebcdic2ascii(test[1], test[1], strlen(test[1]));
+# endif
+
+    EVP_MD_CTX_init(&c);
+    P = test;
+    R = ret;
+    i = 1;
+    while (*P != NULL) {
+        EVP_Digest(*P, strlen((char *)*P), md, NULL, EVP_sha1(), NULL);
+        p = pt(md);
+        if (strcmp(p, (char *)*R) != 0) {
+            printf("error calculating SHA1 on '%s'\n", *P);
+            printf("got %s instead of %s\n", p, *R);
+            err++;
+        } else
+            printf("test %d ok\n", i);
+        i++;
+        R++;
+        P++;
+    }
+
+    memset(buf, 'a', 1000);
+# ifdef CHARSET_EBCDIC
+    ebcdic2ascii(buf, buf, 1000);
+# endif                         /* CHARSET_EBCDIC */
+    EVP_DigestInit_ex(&c, EVP_sha1(), NULL);
+    for (i = 0; i < 1000; i++)
+        EVP_DigestUpdate(&c, buf, 1000);
+    EVP_DigestFinal_ex(&c, md, NULL);
+    p = pt(md);
+
+    r = bigret;
+    if (strcmp(p, r) != 0) {
+        printf("error calculating SHA1 on 'a' * 1000\n");
+        printf("got %s instead of %s\n", p, r);
+        err++;
+    } else
+        printf("test 3 ok\n");
+
+# ifdef OPENSSL_SYS_NETWARE
+    if (err)
+        printf("ERROR: %d\n", err);
+# endif
+    EVP_MD_CTX_cleanup(&c);
+    EXIT(err);
+    return (0);
+}
+
+static char *pt(unsigned char *md)
+{
+    int i;
+    static char buf[80];
+
+    for (i = 0; i < SHA_DIGEST_LENGTH; i++)
+        sprintf(&(buf[i * 2]), "%02x", md[i]);
+    return (buf);
+}
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/srp/srp.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/srp/srp.h	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/srp/srp.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,169 +0,0 @@
-/* crypto/srp/srp.h */
-/*
- * Written by Christophe Renou (christophe.renou at edelweb.fr) with the
- * precious help of Peter Sylvester (peter.sylvester at edelweb.fr) for the
- * EdelKey project and contributed to the OpenSSL project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-#ifndef __SRP_H__
-# define __SRP_H__
-
-# ifndef OPENSSL_NO_SRP
-
-#  include <stdio.h>
-#  include <string.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#  include <openssl/safestack.h>
-#  include <openssl/bn.h>
-#  include <openssl/crypto.h>
-
-typedef struct SRP_gN_cache_st {
-    char *b64_bn;
-    BIGNUM *bn;
-} SRP_gN_cache;
-
-
-DECLARE_STACK_OF(SRP_gN_cache)
-
-typedef struct SRP_user_pwd_st {
-    char *id;
-    BIGNUM *s;
-    BIGNUM *v;
-    const BIGNUM *g;
-    const BIGNUM *N;
-    char *info;
-} SRP_user_pwd;
-
-DECLARE_STACK_OF(SRP_user_pwd)
-
-typedef struct SRP_VBASE_st {
-    STACK_OF(SRP_user_pwd) *users_pwd;
-    STACK_OF(SRP_gN_cache) *gN_cache;
-/* to simulate a user */
-    char *seed_key;
-    BIGNUM *default_g;
-    BIGNUM *default_N;
-} SRP_VBASE;
-
-/*
- * Structure interne pour retenir les couples N et g
- */
-typedef struct SRP_gN_st {
-    char *id;
-    BIGNUM *g;
-    BIGNUM *N;
-} SRP_gN;
-
-DECLARE_STACK_OF(SRP_gN)
-
-SRP_VBASE *SRP_VBASE_new(char *seed_key);
-int SRP_VBASE_free(SRP_VBASE *vb);
-int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file);
-SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username);
-char *SRP_create_verifier(const char *user, const char *pass, char **salt,
-                          char **verifier, const char *N, const char *g);
-int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
-                           BIGNUM **verifier, BIGNUM *N, BIGNUM *g);
-
-#  define SRP_NO_ERROR 0
-#  define SRP_ERR_VBASE_INCOMPLETE_FILE 1
-#  define SRP_ERR_VBASE_BN_LIB 2
-#  define SRP_ERR_OPEN_FILE 3
-#  define SRP_ERR_MEMORY 4
-
-#  define DB_srptype      0
-#  define DB_srpverifier  1
-#  define DB_srpsalt      2
-#  define DB_srpid        3
-#  define DB_srpgN        4
-#  define DB_srpinfo      5
-#  undef  DB_NUMBER
-#  define DB_NUMBER       6
-
-#  define DB_SRP_INDEX    'I'
-#  define DB_SRP_VALID    'V'
-#  define DB_SRP_REVOKED  'R'
-#  define DB_SRP_MODIF    'v'
-
-/* see srp.c */
-char *SRP_check_known_gN_param(BIGNUM *g, BIGNUM *N);
-SRP_gN *SRP_get_default_gN(const char *id);
-
-/* server side .... */
-BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b,
-                            BIGNUM *N);
-BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v);
-int SRP_Verify_A_mod_N(BIGNUM *A, BIGNUM *N);
-BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N);
-
-/* client side .... */
-BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass);
-BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g);
-BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x,
-                            BIGNUM *a, BIGNUM *u);
-int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N);
-
-#  define SRP_MINIMAL_N 1024
-
-#ifdef  __cplusplus
-}
-#endif
-
-# endif
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/srp/srp.h (from rev 11605, vendor-crypto/openssl/dist/crypto/srp/srp.h)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/srp/srp.h	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/srp/srp.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,179 @@
+/* crypto/srp/srp.h */
+/*
+ * Written by Christophe Renou (christophe.renou at edelweb.fr) with the
+ * precious help of Peter Sylvester (peter.sylvester at edelweb.fr) for the
+ * EdelKey project and contributed to the OpenSSL project 2004.
+ */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+#ifndef __SRP_H__
+# define __SRP_H__
+
+# ifndef OPENSSL_NO_SRP
+
+#  include <stdio.h>
+#  include <string.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#  include <openssl/safestack.h>
+#  include <openssl/bn.h>
+#  include <openssl/crypto.h>
+
+typedef struct SRP_gN_cache_st {
+    char *b64_bn;
+    BIGNUM *bn;
+} SRP_gN_cache;
+
+
+DECLARE_STACK_OF(SRP_gN_cache)
+
+typedef struct SRP_user_pwd_st {
+    /* Owned by us. */
+    char *id;
+    BIGNUM *s;
+    BIGNUM *v;
+    /* Not owned by us. */
+    const BIGNUM *g;
+    const BIGNUM *N;
+    /* Owned by us. */
+    char *info;
+} SRP_user_pwd;
+
+DECLARE_STACK_OF(SRP_user_pwd)
+
+void SRP_user_pwd_free(SRP_user_pwd *user_pwd);
+
+typedef struct SRP_VBASE_st {
+    STACK_OF(SRP_user_pwd) *users_pwd;
+    STACK_OF(SRP_gN_cache) *gN_cache;
+/* to simulate a user */
+    char *seed_key;
+    BIGNUM *default_g;
+    BIGNUM *default_N;
+} SRP_VBASE;
+
+/*
+ * Structure interne pour retenir les couples N et g
+ */
+typedef struct SRP_gN_st {
+    char *id;
+    BIGNUM *g;
+    BIGNUM *N;
+} SRP_gN;
+
+DECLARE_STACK_OF(SRP_gN)
+
+SRP_VBASE *SRP_VBASE_new(char *seed_key);
+int SRP_VBASE_free(SRP_VBASE *vb);
+int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file);
+
+/* This method ignores the configured seed and fails for an unknown user. */
+SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username);
+/* NOTE: unlike in SRP_VBASE_get_by_user, caller owns the returned pointer.*/
+SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username);
+
+char *SRP_create_verifier(const char *user, const char *pass, char **salt,
+                          char **verifier, const char *N, const char *g);
+int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
+                           BIGNUM **verifier, BIGNUM *N, BIGNUM *g);
+
+#  define SRP_NO_ERROR 0
+#  define SRP_ERR_VBASE_INCOMPLETE_FILE 1
+#  define SRP_ERR_VBASE_BN_LIB 2
+#  define SRP_ERR_OPEN_FILE 3
+#  define SRP_ERR_MEMORY 4
+
+#  define DB_srptype      0
+#  define DB_srpverifier  1
+#  define DB_srpsalt      2
+#  define DB_srpid        3
+#  define DB_srpgN        4
+#  define DB_srpinfo      5
+#  undef  DB_NUMBER
+#  define DB_NUMBER       6
+
+#  define DB_SRP_INDEX    'I'
+#  define DB_SRP_VALID    'V'
+#  define DB_SRP_REVOKED  'R'
+#  define DB_SRP_MODIF    'v'
+
+/* see srp.c */
+char *SRP_check_known_gN_param(BIGNUM *g, BIGNUM *N);
+SRP_gN *SRP_get_default_gN(const char *id);
+
+/* server side .... */
+BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b,
+                            BIGNUM *N);
+BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v);
+int SRP_Verify_A_mod_N(BIGNUM *A, BIGNUM *N);
+BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N);
+
+/* client side .... */
+BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass);
+BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g);
+BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x,
+                            BIGNUM *a, BIGNUM *u);
+int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N);
+
+#  define SRP_MINIMAL_N 1024
+
+#ifdef  __cplusplus
+}
+#endif
+
+# endif
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/srp/srp_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/srp/srp_lib.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/srp/srp_lib.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,357 +0,0 @@
-/* crypto/srp/srp_lib.c */
-/*
- * Written by Christophe Renou (christophe.renou at edelweb.fr) with the
- * precious help of Peter Sylvester (peter.sylvester at edelweb.fr) for the
- * EdelKey project and contributed to the OpenSSL project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-#ifndef OPENSSL_NO_SRP
-# include "cryptlib.h"
-# include "srp_lcl.h"
-# include <openssl/srp.h>
-# include <openssl/evp.h>
-
-# if (BN_BYTES == 8)
-#  if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
-#   define bn_pack4(a1,a2,a3,a4) ((a1##UI64<<48)|(a2##UI64<<32)|(a3##UI64<<16)|a4##UI64)
-#  elif defined(__arch64__)
-#   define bn_pack4(a1,a2,a3,a4) ((a1##UL<<48)|(a2##UL<<32)|(a3##UL<<16)|a4##UL)
-#  else
-#   define bn_pack4(a1,a2,a3,a4) ((a1##ULL<<48)|(a2##ULL<<32)|(a3##ULL<<16)|a4##ULL)
-#  endif
-# elif (BN_BYTES == 4)
-#  define bn_pack4(a1,a2,a3,a4)  ((a3##UL<<16)|a4##UL), ((a1##UL<<16)|a2##UL)
-# else
-#  error "unsupported BN_BYTES"
-# endif
-
-# include "srp_grps.h"
-
-static BIGNUM *srp_Calc_k(BIGNUM *N, BIGNUM *g)
-{
-    /* k = SHA1(N | PAD(g)) -- tls-srp draft 8 */
-
-    unsigned char digest[SHA_DIGEST_LENGTH];
-    unsigned char *tmp;
-    EVP_MD_CTX ctxt;
-    int longg;
-    int longN = BN_num_bytes(N);
-
-    if (BN_ucmp(g, N) >= 0)
-        return NULL;
-
-    if ((tmp = OPENSSL_malloc(longN)) == NULL)
-        return NULL;
-    BN_bn2bin(N, tmp);
-
-    EVP_MD_CTX_init(&ctxt);
-    EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
-    EVP_DigestUpdate(&ctxt, tmp, longN);
-
-    memset(tmp, 0, longN);
-    longg = BN_bn2bin(g, tmp);
-    /* use the zeros behind to pad on left */
-    EVP_DigestUpdate(&ctxt, tmp + longg, longN - longg);
-    EVP_DigestUpdate(&ctxt, tmp, longg);
-    OPENSSL_free(tmp);
-
-    EVP_DigestFinal_ex(&ctxt, digest, NULL);
-    EVP_MD_CTX_cleanup(&ctxt);
-    return BN_bin2bn(digest, sizeof(digest), NULL);
-}
-
-BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N)
-{
-    /* k = SHA1(PAD(A) || PAD(B) ) -- tls-srp draft 8 */
-
-    BIGNUM *u;
-    unsigned char cu[SHA_DIGEST_LENGTH];
-    unsigned char *cAB;
-    EVP_MD_CTX ctxt;
-    int longN;
-    if ((A == NULL) || (B == NULL) || (N == NULL))
-        return NULL;
-
-    if (BN_ucmp(A, N) >= 0 || BN_ucmp(B, N) >= 0)
-        return NULL;
-
-    longN = BN_num_bytes(N);
-
-    if ((cAB = OPENSSL_malloc(2 * longN)) == NULL)
-        return NULL;
-
-    memset(cAB, 0, longN);
-
-    EVP_MD_CTX_init(&ctxt);
-    EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
-    EVP_DigestUpdate(&ctxt, cAB + BN_bn2bin(A, cAB + longN), longN);
-    EVP_DigestUpdate(&ctxt, cAB + BN_bn2bin(B, cAB + longN), longN);
-    OPENSSL_free(cAB);
-    EVP_DigestFinal_ex(&ctxt, cu, NULL);
-    EVP_MD_CTX_cleanup(&ctxt);
-
-    if (!(u = BN_bin2bn(cu, sizeof(cu), NULL)))
-        return NULL;
-    if (!BN_is_zero(u))
-        return u;
-    BN_free(u);
-    return NULL;
-}
-
-BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b,
-                            BIGNUM *N)
-{
-    BIGNUM *tmp = NULL, *S = NULL;
-    BN_CTX *bn_ctx;
-
-    if (u == NULL || A == NULL || v == NULL || b == NULL || N == NULL)
-        return NULL;
-
-    if ((bn_ctx = BN_CTX_new()) == NULL ||
-        (tmp = BN_new()) == NULL || (S = BN_new()) == NULL)
-        goto err;
-
-    /* S = (A*v**u) ** b */
-
-    if (!BN_mod_exp(tmp, v, u, N, bn_ctx))
-        goto err;
-    if (!BN_mod_mul(tmp, A, tmp, N, bn_ctx))
-        goto err;
-    if (!BN_mod_exp(S, tmp, b, N, bn_ctx))
-        goto err;
- err:
-    BN_CTX_free(bn_ctx);
-    BN_clear_free(tmp);
-    return S;
-}
-
-BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v)
-{
-    BIGNUM *kv = NULL, *gb = NULL;
-    BIGNUM *B = NULL, *k = NULL;
-    BN_CTX *bn_ctx;
-
-    if (b == NULL || N == NULL || g == NULL || v == NULL ||
-        (bn_ctx = BN_CTX_new()) == NULL)
-        return NULL;
-
-    if ((kv = BN_new()) == NULL ||
-        (gb = BN_new()) == NULL || (B = BN_new()) == NULL)
-        goto err;
-
-    /* B = g**b + k*v */
-
-    if (!BN_mod_exp(gb, g, b, N, bn_ctx) ||
-        !(k = srp_Calc_k(N, g)) ||
-        !BN_mod_mul(kv, v, k, N, bn_ctx) ||
-        !BN_mod_add(B, gb, kv, N, bn_ctx)) {
-        BN_free(B);
-        B = NULL;
-    }
- err:
-    BN_CTX_free(bn_ctx);
-    BN_clear_free(kv);
-    BN_clear_free(gb);
-    BN_free(k);
-    return B;
-}
-
-BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass)
-{
-    unsigned char dig[SHA_DIGEST_LENGTH];
-    EVP_MD_CTX ctxt;
-    unsigned char *cs;
-
-    if ((s == NULL) || (user == NULL) || (pass == NULL))
-        return NULL;
-
-    if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL)
-        return NULL;
-
-    EVP_MD_CTX_init(&ctxt);
-    EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
-    EVP_DigestUpdate(&ctxt, user, strlen(user));
-    EVP_DigestUpdate(&ctxt, ":", 1);
-    EVP_DigestUpdate(&ctxt, pass, strlen(pass));
-    EVP_DigestFinal_ex(&ctxt, dig, NULL);
-
-    EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
-    BN_bn2bin(s, cs);
-    EVP_DigestUpdate(&ctxt, cs, BN_num_bytes(s));
-    OPENSSL_free(cs);
-    EVP_DigestUpdate(&ctxt, dig, sizeof(dig));
-    EVP_DigestFinal_ex(&ctxt, dig, NULL);
-    EVP_MD_CTX_cleanup(&ctxt);
-
-    return BN_bin2bn(dig, sizeof(dig), NULL);
-}
-
-BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g)
-{
-    BN_CTX *bn_ctx;
-    BIGNUM *A = NULL;
-
-    if (a == NULL || N == NULL || g == NULL ||
-        (bn_ctx = BN_CTX_new()) == NULL)
-        return NULL;
-
-    if ((A = BN_new()) != NULL && !BN_mod_exp(A, g, a, N, bn_ctx)) {
-        BN_free(A);
-        A = NULL;
-    }
-    BN_CTX_free(bn_ctx);
-    return A;
-}
-
-BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x,
-                            BIGNUM *a, BIGNUM *u)
-{
-    BIGNUM *tmp = NULL, *tmp2 = NULL, *tmp3 = NULL, *k = NULL, *K = NULL;
-    BN_CTX *bn_ctx;
-
-    if (u == NULL || B == NULL || N == NULL || g == NULL || x == NULL
-        || a == NULL || (bn_ctx = BN_CTX_new()) == NULL)
-        return NULL;
-
-    if ((tmp = BN_new()) == NULL ||
-        (tmp2 = BN_new()) == NULL ||
-        (tmp3 = BN_new()) == NULL || (K = BN_new()) == NULL)
-        goto err;
-
-    if (!BN_mod_exp(tmp, g, x, N, bn_ctx))
-        goto err;
-    if (!(k = srp_Calc_k(N, g)))
-        goto err;
-    if (!BN_mod_mul(tmp2, tmp, k, N, bn_ctx))
-        goto err;
-    if (!BN_mod_sub(tmp, B, tmp2, N, bn_ctx))
-        goto err;
-
-    if (!BN_mod_mul(tmp3, u, x, N, bn_ctx))
-        goto err;
-    if (!BN_mod_add(tmp2, a, tmp3, N, bn_ctx))
-        goto err;
-    if (!BN_mod_exp(K, tmp, tmp2, N, bn_ctx))
-        goto err;
-
- err:
-    BN_CTX_free(bn_ctx);
-    BN_clear_free(tmp);
-    BN_clear_free(tmp2);
-    BN_clear_free(tmp3);
-    BN_free(k);
-    return K;
-}
-
-int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N)
-{
-    BIGNUM *r;
-    BN_CTX *bn_ctx;
-    int ret = 0;
-
-    if (B == NULL || N == NULL || (bn_ctx = BN_CTX_new()) == NULL)
-        return 0;
-
-    if ((r = BN_new()) == NULL)
-        goto err;
-    /* Checks if B % N == 0 */
-    if (!BN_nnmod(r, B, N, bn_ctx))
-        goto err;
-    ret = !BN_is_zero(r);
- err:
-    BN_CTX_free(bn_ctx);
-    BN_free(r);
-    return ret;
-}
-
-int SRP_Verify_A_mod_N(BIGNUM *A, BIGNUM *N)
-{
-    /* Checks if A % N == 0 */
-    return SRP_Verify_B_mod_N(A, N);
-}
-
-/*
- * Check if G and N are kwown parameters. The values have been generated
- * from the ietf-tls-srp draft version 8
- */
-char *SRP_check_known_gN_param(BIGNUM *g, BIGNUM *N)
-{
-    size_t i;
-    if ((g == NULL) || (N == NULL))
-        return 0;
-
-    srp_bn_print(g);
-    srp_bn_print(N);
-
-    for (i = 0; i < KNOWN_GN_NUMBER; i++) {
-        if (BN_cmp(knowngN[i].g, g) == 0 && BN_cmp(knowngN[i].N, N) == 0)
-            return knowngN[i].id;
-    }
-    return NULL;
-}
-
-SRP_gN *SRP_get_default_gN(const char *id)
-{
-    size_t i;
-
-    if (id == NULL)
-        return knowngN;
-    for (i = 0; i < KNOWN_GN_NUMBER; i++) {
-        if (strcmp(knowngN[i].id, id) == 0)
-            return knowngN + i;
-    }
-    return NULL;
-}
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/srp/srp_lib.c (from rev 11605, vendor-crypto/openssl/dist/crypto/srp/srp_lib.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/srp/srp_lib.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/srp/srp_lib.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,363 @@
+/* crypto/srp/srp_lib.c */
+/*
+ * Written by Christophe Renou (christophe.renou at edelweb.fr) with the
+ * precious help of Peter Sylvester (peter.sylvester at edelweb.fr) for the
+ * EdelKey project and contributed to the OpenSSL project 2004.
+ */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+#ifndef OPENSSL_NO_SRP
+# include "cryptlib.h"
+# include "srp_lcl.h"
+# include <openssl/srp.h>
+# include <openssl/evp.h>
+
+# if (BN_BYTES == 8)
+#  if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
+#   define bn_pack4(a1,a2,a3,a4) ((a1##UI64<<48)|(a2##UI64<<32)|(a3##UI64<<16)|a4##UI64)
+#  elif defined(__arch64__)
+#   define bn_pack4(a1,a2,a3,a4) ((a1##UL<<48)|(a2##UL<<32)|(a3##UL<<16)|a4##UL)
+#  else
+#   define bn_pack4(a1,a2,a3,a4) ((a1##ULL<<48)|(a2##ULL<<32)|(a3##ULL<<16)|a4##ULL)
+#  endif
+# elif (BN_BYTES == 4)
+#  define bn_pack4(a1,a2,a3,a4)  ((a3##UL<<16)|a4##UL), ((a1##UL<<16)|a2##UL)
+# else
+#  error "unsupported BN_BYTES"
+# endif
+
+# include "srp_grps.h"
+
+static BIGNUM *srp_Calc_k(BIGNUM *N, BIGNUM *g)
+{
+    /* k = SHA1(N | PAD(g)) -- tls-srp draft 8 */
+
+    unsigned char digest[SHA_DIGEST_LENGTH];
+    unsigned char *tmp;
+    EVP_MD_CTX ctxt;
+    int longg;
+    int longN = BN_num_bytes(N);
+
+    if (BN_ucmp(g, N) >= 0)
+        return NULL;
+
+    if ((tmp = OPENSSL_malloc(longN)) == NULL)
+        return NULL;
+    BN_bn2bin(N, tmp);
+
+    EVP_MD_CTX_init(&ctxt);
+    EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
+    EVP_DigestUpdate(&ctxt, tmp, longN);
+
+    memset(tmp, 0, longN);
+    longg = BN_bn2bin(g, tmp);
+    /* use the zeros behind to pad on left */
+    EVP_DigestUpdate(&ctxt, tmp + longg, longN - longg);
+    EVP_DigestUpdate(&ctxt, tmp, longg);
+    OPENSSL_free(tmp);
+
+    EVP_DigestFinal_ex(&ctxt, digest, NULL);
+    EVP_MD_CTX_cleanup(&ctxt);
+    return BN_bin2bn(digest, sizeof(digest), NULL);
+}
+
+BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N)
+{
+    /* k = SHA1(PAD(A) || PAD(B) ) -- tls-srp draft 8 */
+
+    BIGNUM *u;
+    unsigned char cu[SHA_DIGEST_LENGTH];
+    unsigned char *cAB;
+    EVP_MD_CTX ctxt;
+    int longN;
+    if ((A == NULL) || (B == NULL) || (N == NULL))
+        return NULL;
+
+    if (BN_ucmp(A, N) >= 0 || BN_ucmp(B, N) >= 0)
+        return NULL;
+
+    longN = BN_num_bytes(N);
+
+    if ((cAB = OPENSSL_malloc(2 * longN)) == NULL)
+        return NULL;
+
+    memset(cAB, 0, longN);
+
+    EVP_MD_CTX_init(&ctxt);
+    EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
+    EVP_DigestUpdate(&ctxt, cAB + BN_bn2bin(A, cAB + longN), longN);
+    EVP_DigestUpdate(&ctxt, cAB + BN_bn2bin(B, cAB + longN), longN);
+    OPENSSL_free(cAB);
+    EVP_DigestFinal_ex(&ctxt, cu, NULL);
+    EVP_MD_CTX_cleanup(&ctxt);
+
+    if (!(u = BN_bin2bn(cu, sizeof(cu), NULL)))
+        return NULL;
+    if (!BN_is_zero(u))
+        return u;
+    BN_free(u);
+    return NULL;
+}
+
+BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b,
+                            BIGNUM *N)
+{
+    BIGNUM *tmp = NULL, *S = NULL;
+    BN_CTX *bn_ctx;
+
+    if (u == NULL || A == NULL || v == NULL || b == NULL || N == NULL)
+        return NULL;
+
+    if ((bn_ctx = BN_CTX_new()) == NULL || (tmp = BN_new()) == NULL)
+        goto err;
+
+    /* S = (A*v**u) ** b */
+
+    if (!BN_mod_exp(tmp, v, u, N, bn_ctx))
+        goto err;
+    if (!BN_mod_mul(tmp, A, tmp, N, bn_ctx))
+        goto err;
+
+    S = BN_new();
+    if (S != NULL && !BN_mod_exp(S, tmp, b, N, bn_ctx)) {
+        BN_free(S);
+        S = NULL;
+    }
+ err:
+    BN_CTX_free(bn_ctx);
+    BN_clear_free(tmp);
+    return S;
+}
+
+BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v)
+{
+    BIGNUM *kv = NULL, *gb = NULL;
+    BIGNUM *B = NULL, *k = NULL;
+    BN_CTX *bn_ctx;
+
+    if (b == NULL || N == NULL || g == NULL || v == NULL ||
+        (bn_ctx = BN_CTX_new()) == NULL)
+        return NULL;
+
+    if ((kv = BN_new()) == NULL ||
+        (gb = BN_new()) == NULL || (B = BN_new()) == NULL)
+        goto err;
+
+    /* B = g**b + k*v */
+
+    if (!BN_mod_exp(gb, g, b, N, bn_ctx) ||
+        !(k = srp_Calc_k(N, g)) ||
+        !BN_mod_mul(kv, v, k, N, bn_ctx) ||
+        !BN_mod_add(B, gb, kv, N, bn_ctx)) {
+        BN_free(B);
+        B = NULL;
+    }
+ err:
+    BN_CTX_free(bn_ctx);
+    BN_clear_free(kv);
+    BN_clear_free(gb);
+    BN_free(k);
+    return B;
+}
+
+BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass)
+{
+    unsigned char dig[SHA_DIGEST_LENGTH];
+    EVP_MD_CTX ctxt;
+    unsigned char *cs;
+
+    if ((s == NULL) || (user == NULL) || (pass == NULL))
+        return NULL;
+
+    if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL)
+        return NULL;
+
+    EVP_MD_CTX_init(&ctxt);
+    EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
+    EVP_DigestUpdate(&ctxt, user, strlen(user));
+    EVP_DigestUpdate(&ctxt, ":", 1);
+    EVP_DigestUpdate(&ctxt, pass, strlen(pass));
+    EVP_DigestFinal_ex(&ctxt, dig, NULL);
+
+    EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
+    BN_bn2bin(s, cs);
+    EVP_DigestUpdate(&ctxt, cs, BN_num_bytes(s));
+    OPENSSL_free(cs);
+    EVP_DigestUpdate(&ctxt, dig, sizeof(dig));
+    EVP_DigestFinal_ex(&ctxt, dig, NULL);
+    EVP_MD_CTX_cleanup(&ctxt);
+
+    return BN_bin2bn(dig, sizeof(dig), NULL);
+}
+
+BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g)
+{
+    BN_CTX *bn_ctx;
+    BIGNUM *A = NULL;
+
+    if (a == NULL || N == NULL || g == NULL ||
+        (bn_ctx = BN_CTX_new()) == NULL)
+        return NULL;
+
+    if ((A = BN_new()) != NULL && !BN_mod_exp(A, g, a, N, bn_ctx)) {
+        BN_free(A);
+        A = NULL;
+    }
+    BN_CTX_free(bn_ctx);
+    return A;
+}
+
+BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x,
+                            BIGNUM *a, BIGNUM *u)
+{
+    BIGNUM *tmp = NULL, *tmp2 = NULL, *tmp3 = NULL, *k = NULL, *K = NULL;
+    BN_CTX *bn_ctx;
+
+    if (u == NULL || B == NULL || N == NULL || g == NULL || x == NULL
+        || a == NULL || (bn_ctx = BN_CTX_new()) == NULL)
+        return NULL;
+
+    if ((tmp = BN_new()) == NULL ||
+        (tmp2 = BN_new()) == NULL ||
+        (tmp3 = BN_new()) == NULL)
+        goto err;
+
+    if (!BN_mod_exp(tmp, g, x, N, bn_ctx))
+        goto err;
+    if (!(k = srp_Calc_k(N, g)))
+        goto err;
+    if (!BN_mod_mul(tmp2, tmp, k, N, bn_ctx))
+        goto err;
+    if (!BN_mod_sub(tmp, B, tmp2, N, bn_ctx))
+        goto err;
+
+    if (!BN_mod_mul(tmp3, u, x, N, bn_ctx))
+        goto err;
+    if (!BN_mod_add(tmp2, a, tmp3, N, bn_ctx))
+        goto err;
+    K = BN_new();
+    if (K != NULL && !BN_mod_exp(K, tmp, tmp2, N, bn_ctx)) {
+        BN_free(K);
+        K = NULL;
+    }
+
+ err:
+    BN_CTX_free(bn_ctx);
+    BN_clear_free(tmp);
+    BN_clear_free(tmp2);
+    BN_clear_free(tmp3);
+    BN_free(k);
+    return K;
+}
+
+int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N)
+{
+    BIGNUM *r;
+    BN_CTX *bn_ctx;
+    int ret = 0;
+
+    if (B == NULL || N == NULL || (bn_ctx = BN_CTX_new()) == NULL)
+        return 0;
+
+    if ((r = BN_new()) == NULL)
+        goto err;
+    /* Checks if B % N == 0 */
+    if (!BN_nnmod(r, B, N, bn_ctx))
+        goto err;
+    ret = !BN_is_zero(r);
+ err:
+    BN_CTX_free(bn_ctx);
+    BN_free(r);
+    return ret;
+}
+
+int SRP_Verify_A_mod_N(BIGNUM *A, BIGNUM *N)
+{
+    /* Checks if A % N == 0 */
+    return SRP_Verify_B_mod_N(A, N);
+}
+
+/*
+ * Check if G and N are kwown parameters. The values have been generated
+ * from the ietf-tls-srp draft version 8
+ */
+char *SRP_check_known_gN_param(BIGNUM *g, BIGNUM *N)
+{
+    size_t i;
+    if ((g == NULL) || (N == NULL))
+        return 0;
+
+    srp_bn_print(g);
+    srp_bn_print(N);
+
+    for (i = 0; i < KNOWN_GN_NUMBER; i++) {
+        if (BN_cmp(knowngN[i].g, g) == 0 && BN_cmp(knowngN[i].N, N) == 0)
+            return knowngN[i].id;
+    }
+    return NULL;
+}
+
+SRP_gN *SRP_get_default_gN(const char *id)
+{
+    size_t i;
+
+    if (id == NULL)
+        return knowngN;
+    for (i = 0; i < KNOWN_GN_NUMBER; i++) {
+        if (strcmp(knowngN[i].id, id) == 0)
+            return knowngN + i;
+    }
+    return NULL;
+}
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/srp/srp_vfy.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/srp/srp_vfy.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/srp/srp_vfy.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,658 +0,0 @@
-/* crypto/srp/srp_vfy.c */
-/*
- * Written by Christophe Renou (christophe.renou at edelweb.fr) with the
- * precious help of Peter Sylvester (peter.sylvester at edelweb.fr) for the
- * EdelKey project and contributed to the OpenSSL project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-#ifndef OPENSSL_NO_SRP
-# include "cryptlib.h"
-# include "srp_lcl.h"
-# include <openssl/srp.h>
-# include <openssl/evp.h>
-# include <openssl/buffer.h>
-# include <openssl/rand.h>
-# include <openssl/txt_db.h>
-
-# define SRP_RANDOM_SALT_LEN 20
-# define MAX_LEN 2500
-
-static char b64table[] =
-    "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./";
-
-/*
- * the following two conversion routines have been inspired by code from
- * Stanford
- */
-
-/*
- * Convert a base64 string into raw byte array representation.
- */
-static int t_fromb64(unsigned char *a, const char *src)
-{
-    char *loc;
-    int i, j;
-    int size;
-
-    while (*src && (*src == ' ' || *src == '\t' || *src == '\n'))
-        ++src;
-    size = strlen(src);
-    i = 0;
-    while (i < size) {
-        loc = strchr(b64table, src[i]);
-        if (loc == (char *)0)
-            break;
-        else
-            a[i] = loc - b64table;
-        ++i;
-    }
-    /* if nothing valid to process we have a zero length response */
-    if (i == 0)
-        return 0;
-    size = i;
-    i = size - 1;
-    j = size;
-    while (1) {
-        a[j] = a[i];
-        if (--i < 0)
-            break;
-        a[j] |= (a[i] & 3) << 6;
-        --j;
-        a[j] = (unsigned char)((a[i] & 0x3c) >> 2);
-        if (--i < 0)
-            break;
-        a[j] |= (a[i] & 0xf) << 4;
-        --j;
-        a[j] = (unsigned char)((a[i] & 0x30) >> 4);
-        if (--i < 0)
-            break;
-        a[j] |= (a[i] << 2);
-
-        a[--j] = 0;
-        if (--i < 0)
-            break;
-    }
-    while (a[j] == 0 && j <= size)
-        ++j;
-    i = 0;
-    while (j <= size)
-        a[i++] = a[j++];
-    return i;
-}
-
-/*
- * Convert a raw byte string into a null-terminated base64 ASCII string.
- */
-static char *t_tob64(char *dst, const unsigned char *src, int size)
-{
-    int c, pos = size % 3;
-    unsigned char b0 = 0, b1 = 0, b2 = 0, notleading = 0;
-    char *olddst = dst;
-
-    switch (pos) {
-    case 1:
-        b2 = src[0];
-        break;
-    case 2:
-        b1 = src[0];
-        b2 = src[1];
-        break;
-    }
-
-    while (1) {
-        c = (b0 & 0xfc) >> 2;
-        if (notleading || c != 0) {
-            *dst++ = b64table[c];
-            notleading = 1;
-        }
-        c = ((b0 & 3) << 4) | ((b1 & 0xf0) >> 4);
-        if (notleading || c != 0) {
-            *dst++ = b64table[c];
-            notleading = 1;
-        }
-        c = ((b1 & 0xf) << 2) | ((b2 & 0xc0) >> 6);
-        if (notleading || c != 0) {
-            *dst++ = b64table[c];
-            notleading = 1;
-        }
-        c = b2 & 0x3f;
-        if (notleading || c != 0) {
-            *dst++ = b64table[c];
-            notleading = 1;
-        }
-        if (pos >= size)
-            break;
-        else {
-            b0 = src[pos++];
-            b1 = src[pos++];
-            b2 = src[pos++];
-        }
-    }
-
-    *dst++ = '\0';
-    return olddst;
-}
-
-static void SRP_user_pwd_free(SRP_user_pwd *user_pwd)
-{
-    if (user_pwd == NULL)
-        return;
-    BN_free(user_pwd->s);
-    BN_clear_free(user_pwd->v);
-    OPENSSL_free(user_pwd->id);
-    OPENSSL_free(user_pwd->info);
-    OPENSSL_free(user_pwd);
-}
-
-static SRP_user_pwd *SRP_user_pwd_new()
-{
-    SRP_user_pwd *ret = OPENSSL_malloc(sizeof(SRP_user_pwd));
-    if (ret == NULL)
-        return NULL;
-    ret->N = NULL;
-    ret->g = NULL;
-    ret->s = NULL;
-    ret->v = NULL;
-    ret->id = NULL;
-    ret->info = NULL;
-    return ret;
-}
-
-static void SRP_user_pwd_set_gN(SRP_user_pwd *vinfo, const BIGNUM *g,
-                                const BIGNUM *N)
-{
-    vinfo->N = N;
-    vinfo->g = g;
-}
-
-static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id,
-                                const char *info)
-{
-    if (id != NULL && NULL == (vinfo->id = BUF_strdup(id)))
-        return 0;
-    return (info == NULL || NULL != (vinfo->info = BUF_strdup(info)));
-}
-
-static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,
-                               const char *v)
-{
-    unsigned char tmp[MAX_LEN];
-    int len;
-
-    if (strlen(s) > MAX_LEN || strlen(v) > MAX_LEN)
-        return 0;
-    len = t_fromb64(tmp, v);
-    if (NULL == (vinfo->v = BN_bin2bn(tmp, len, NULL)))
-        return 0;
-    len = t_fromb64(tmp, s);
-    return ((vinfo->s = BN_bin2bn(tmp, len, NULL)) != NULL);
-}
-
-static int SRP_user_pwd_set_sv_BN(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v)
-{
-    vinfo->v = v;
-    vinfo->s = s;
-    return (vinfo->s != NULL && vinfo->v != NULL);
-}
-
-SRP_VBASE *SRP_VBASE_new(char *seed_key)
-{
-    SRP_VBASE *vb = (SRP_VBASE *)OPENSSL_malloc(sizeof(SRP_VBASE));
-
-    if (vb == NULL)
-        return NULL;
-    if (!(vb->users_pwd = sk_SRP_user_pwd_new_null()) ||
-        !(vb->gN_cache = sk_SRP_gN_cache_new_null())) {
-        OPENSSL_free(vb);
-        return NULL;
-    }
-    vb->default_g = NULL;
-    vb->default_N = NULL;
-    vb->seed_key = NULL;
-    if ((seed_key != NULL) && (vb->seed_key = BUF_strdup(seed_key)) == NULL) {
-        sk_SRP_user_pwd_free(vb->users_pwd);
-        sk_SRP_gN_cache_free(vb->gN_cache);
-        OPENSSL_free(vb);
-        return NULL;
-    }
-    return vb;
-}
-
-int SRP_VBASE_free(SRP_VBASE *vb)
-{
-    sk_SRP_user_pwd_pop_free(vb->users_pwd, SRP_user_pwd_free);
-    sk_SRP_gN_cache_free(vb->gN_cache);
-    OPENSSL_free(vb->seed_key);
-    OPENSSL_free(vb);
-    return 0;
-}
-
-static SRP_gN_cache *SRP_gN_new_init(const char *ch)
-{
-    unsigned char tmp[MAX_LEN];
-    int len;
-
-    SRP_gN_cache *newgN =
-        (SRP_gN_cache *)OPENSSL_malloc(sizeof(SRP_gN_cache));
-    if (newgN == NULL)
-        return NULL;
-
-    if ((newgN->b64_bn = BUF_strdup(ch)) == NULL)
-        goto err;
-
-    len = t_fromb64(tmp, ch);
-    if ((newgN->bn = BN_bin2bn(tmp, len, NULL)))
-        return newgN;
-
-    OPENSSL_free(newgN->b64_bn);
- err:
-    OPENSSL_free(newgN);
-    return NULL;
-}
-
-static void SRP_gN_free(SRP_gN_cache *gN_cache)
-{
-    if (gN_cache == NULL)
-        return;
-    OPENSSL_free(gN_cache->b64_bn);
-    BN_free(gN_cache->bn);
-    OPENSSL_free(gN_cache);
-}
-
-static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab)
-{
-    int i;
-
-    SRP_gN *gN;
-    if (gN_tab != NULL)
-        for (i = 0; i < sk_SRP_gN_num(gN_tab); i++) {
-            gN = sk_SRP_gN_value(gN_tab, i);
-            if (gN && (id == NULL || strcmp(gN->id, id) == 0))
-                return gN;
-        }
-
-    return SRP_get_default_gN(id);
-}
-
-static BIGNUM *SRP_gN_place_bn(STACK_OF(SRP_gN_cache) *gN_cache, char *ch)
-{
-    int i;
-    if (gN_cache == NULL)
-        return NULL;
-
-    /* search if we have already one... */
-    for (i = 0; i < sk_SRP_gN_cache_num(gN_cache); i++) {
-        SRP_gN_cache *cache = sk_SRP_gN_cache_value(gN_cache, i);
-        if (strcmp(cache->b64_bn, ch) == 0)
-            return cache->bn;
-    }
-    {                           /* it is the first time that we find it */
-        SRP_gN_cache *newgN = SRP_gN_new_init(ch);
-        if (newgN) {
-            if (sk_SRP_gN_cache_insert(gN_cache, newgN, 0) > 0)
-                return newgN->bn;
-            SRP_gN_free(newgN);
-        }
-    }
-    return NULL;
-}
-
-/*
- * this function parses verifier file. Format is:
- * string(index):base64(N):base64(g):0
- * string(username):base64(v):base64(salt):int(index)
- */
-
-int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)
-{
-    int error_code;
-    STACK_OF(SRP_gN) *SRP_gN_tab = sk_SRP_gN_new_null();
-    char *last_index = NULL;
-    int i;
-    char **pp;
-
-    SRP_gN *gN = NULL;
-    SRP_user_pwd *user_pwd = NULL;
-
-    TXT_DB *tmpdb = NULL;
-    BIO *in = BIO_new(BIO_s_file());
-
-    error_code = SRP_ERR_OPEN_FILE;
-
-    if (in == NULL || BIO_read_filename(in, verifier_file) <= 0)
-        goto err;
-
-    error_code = SRP_ERR_VBASE_INCOMPLETE_FILE;
-
-    if ((tmpdb = TXT_DB_read(in, DB_NUMBER)) == NULL)
-        goto err;
-
-    error_code = SRP_ERR_MEMORY;
-
-    if (vb->seed_key) {
-        last_index = SRP_get_default_gN(NULL)->id;
-    }
-    for (i = 0; i < sk_OPENSSL_PSTRING_num(tmpdb->data); i++) {
-        pp = sk_OPENSSL_PSTRING_value(tmpdb->data, i);
-        if (pp[DB_srptype][0] == DB_SRP_INDEX) {
-            /*
-             * we add this couple in the internal Stack
-             */
-
-            if ((gN = (SRP_gN *) OPENSSL_malloc(sizeof(SRP_gN))) == NULL)
-                goto err;
-
-            if (!(gN->id = BUF_strdup(pp[DB_srpid]))
-                || !(gN->N =
-                     SRP_gN_place_bn(vb->gN_cache, pp[DB_srpverifier]))
-                || !(gN->g = SRP_gN_place_bn(vb->gN_cache, pp[DB_srpsalt]))
-                || sk_SRP_gN_insert(SRP_gN_tab, gN, 0) == 0)
-                goto err;
-
-            gN = NULL;
-
-            if (vb->seed_key != NULL) {
-                last_index = pp[DB_srpid];
-            }
-        } else if (pp[DB_srptype][0] == DB_SRP_VALID) {
-            /* it is a user .... */
-            SRP_gN *lgN;
-            if ((lgN = SRP_get_gN_by_id(pp[DB_srpgN], SRP_gN_tab)) != NULL) {
-                error_code = SRP_ERR_MEMORY;
-                if ((user_pwd = SRP_user_pwd_new()) == NULL)
-                    goto err;
-
-                SRP_user_pwd_set_gN(user_pwd, lgN->g, lgN->N);
-                if (!SRP_user_pwd_set_ids
-                    (user_pwd, pp[DB_srpid], pp[DB_srpinfo]))
-                    goto err;
-
-                error_code = SRP_ERR_VBASE_BN_LIB;
-                if (!SRP_user_pwd_set_sv
-                    (user_pwd, pp[DB_srpsalt], pp[DB_srpverifier]))
-                    goto err;
-
-                if (sk_SRP_user_pwd_insert(vb->users_pwd, user_pwd, 0) == 0)
-                    goto err;
-                user_pwd = NULL; /* abandon responsability */
-            }
-        }
-    }
-
-    if (last_index != NULL) {
-        /* this means that we want to simulate a default user */
-
-        if (((gN = SRP_get_gN_by_id(last_index, SRP_gN_tab)) == NULL)) {
-            error_code = SRP_ERR_VBASE_BN_LIB;
-            goto err;
-        }
-        vb->default_g = gN->g;
-        vb->default_N = gN->N;
-        gN = NULL;
-    }
-    error_code = SRP_NO_ERROR;
-
- err:
-    /*
-     * there may be still some leaks to fix, if this fails, the application
-     * terminates most likely
-     */
-
-    if (gN != NULL) {
-        OPENSSL_free(gN->id);
-        OPENSSL_free(gN);
-    }
-
-    SRP_user_pwd_free(user_pwd);
-
-    if (tmpdb)
-        TXT_DB_free(tmpdb);
-    if (in)
-        BIO_free_all(in);
-
-    sk_SRP_gN_free(SRP_gN_tab);
-
-    return error_code;
-
-}
-
-SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)
-{
-    int i;
-    SRP_user_pwd *user;
-    unsigned char digv[SHA_DIGEST_LENGTH];
-    unsigned char digs[SHA_DIGEST_LENGTH];
-    EVP_MD_CTX ctxt;
-
-    if (vb == NULL)
-        return NULL;
-    for (i = 0; i < sk_SRP_user_pwd_num(vb->users_pwd); i++) {
-        user = sk_SRP_user_pwd_value(vb->users_pwd, i);
-        if (strcmp(user->id, username) == 0)
-            return user;
-    }
-    if ((vb->seed_key == NULL) ||
-        (vb->default_g == NULL) || (vb->default_N == NULL))
-        return NULL;
-
-/* if the user is unknown we set parameters as well if we have a seed_key */
-
-    if ((user = SRP_user_pwd_new()) == NULL)
-        return NULL;
-
-    SRP_user_pwd_set_gN(user, vb->default_g, vb->default_N);
-
-    if (!SRP_user_pwd_set_ids(user, username, NULL))
-        goto err;
-
-    if (RAND_pseudo_bytes(digv, SHA_DIGEST_LENGTH) < 0)
-        goto err;
-    EVP_MD_CTX_init(&ctxt);
-    EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
-    EVP_DigestUpdate(&ctxt, vb->seed_key, strlen(vb->seed_key));
-    EVP_DigestUpdate(&ctxt, username, strlen(username));
-    EVP_DigestFinal_ex(&ctxt, digs, NULL);
-    EVP_MD_CTX_cleanup(&ctxt);
-    if (SRP_user_pwd_set_sv_BN
-        (user, BN_bin2bn(digs, SHA_DIGEST_LENGTH, NULL),
-         BN_bin2bn(digv, SHA_DIGEST_LENGTH, NULL)))
-        return user;
-
- err:SRP_user_pwd_free(user);
-    return NULL;
-}
-
-/*
- * create a verifier (*salt,*verifier,g and N are in base64)
- */
-char *SRP_create_verifier(const char *user, const char *pass, char **salt,
-                          char **verifier, const char *N, const char *g)
-{
-    int len;
-    char *result = NULL, *vf = NULL;
-    BIGNUM *N_bn = NULL, *g_bn = NULL, *s = NULL, *v = NULL;
-    unsigned char tmp[MAX_LEN];
-    unsigned char tmp2[MAX_LEN];
-    char *defgNid = NULL;
-    int vfsize = 0;
-
-    if ((user == NULL) ||
-        (pass == NULL) || (salt == NULL) || (verifier == NULL))
-        goto err;
-
-    if (N) {
-        if (!(len = t_fromb64(tmp, N)))
-            goto err;
-        N_bn = BN_bin2bn(tmp, len, NULL);
-        if (!(len = t_fromb64(tmp, g)))
-            goto err;
-        g_bn = BN_bin2bn(tmp, len, NULL);
-        defgNid = "*";
-    } else {
-        SRP_gN *gN = SRP_get_gN_by_id(g, NULL);
-        if (gN == NULL)
-            goto err;
-        N_bn = gN->N;
-        g_bn = gN->g;
-        defgNid = gN->id;
-    }
-
-    if (*salt == NULL) {
-        if (RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN) < 0)
-            goto err;
-
-        s = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
-    } else {
-        if (!(len = t_fromb64(tmp2, *salt)))
-            goto err;
-        s = BN_bin2bn(tmp2, len, NULL);
-    }
-
-    if (!SRP_create_verifier_BN(user, pass, &s, &v, N_bn, g_bn))
-        goto err;
-
-    BN_bn2bin(v, tmp);
-    vfsize = BN_num_bytes(v) * 2;
-    if (((vf = OPENSSL_malloc(vfsize)) == NULL))
-        goto err;
-    t_tob64(vf, tmp, BN_num_bytes(v));
-
-    if (*salt == NULL) {
-        char *tmp_salt;
-
-        if ((tmp_salt = OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL) {
-            goto err;
-        }
-        t_tob64(tmp_salt, tmp2, SRP_RANDOM_SALT_LEN);
-        *salt = tmp_salt;
-    }
-
-    *verifier = vf;
-    vf = NULL;
-    result = defgNid;
-
- err:
-    if (N) {
-        BN_free(N_bn);
-        BN_free(g_bn);
-    }
-    OPENSSL_cleanse(vf, vfsize);
-    OPENSSL_free(vf);
-    BN_clear_free(s);
-    BN_clear_free(v);
-    return result;
-}
-
-/*
- * create a verifier (*salt,*verifier,g and N are BIGNUMs). If *salt != NULL
- * then the provided salt will be used. On successful exit *verifier will point
- * to a newly allocated BIGNUM containing the verifier and (if a salt was not
- * provided) *salt will be populated with a newly allocated BIGNUM containing a
- * random salt.
- * The caller is responsible for freeing the allocated *salt and *verifier
- * BIGNUMS.
- */
-int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
-                           BIGNUM **verifier, BIGNUM *N, BIGNUM *g)
-{
-    int result = 0;
-    BIGNUM *x = NULL;
-    BN_CTX *bn_ctx = BN_CTX_new();
-    unsigned char tmp2[MAX_LEN];
-    BIGNUM *salttmp = NULL;
-
-    if ((user == NULL) ||
-        (pass == NULL) ||
-        (salt == NULL) ||
-        (verifier == NULL) || (N == NULL) || (g == NULL) || (bn_ctx == NULL))
-        goto err;
-
-    srp_bn_print(N);
-    srp_bn_print(g);
-
-    if (*salt == NULL) {
-        if (RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN) < 0)
-            goto err;
-
-        salttmp = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
-    } else {
-        salttmp = *salt;
-    }
-
-    x = SRP_Calc_x(salttmp, user, pass);
-
-    *verifier = BN_new();
-    if (*verifier == NULL)
-        goto err;
-
-    if (!BN_mod_exp(*verifier, g, x, N, bn_ctx)) {
-        BN_clear_free(*verifier);
-        goto err;
-    }
-
-    srp_bn_print(*verifier);
-
-    result = 1;
-    *salt = salttmp;
-
- err:
-    if (*salt != salttmp)
-        BN_clear_free(salttmp);
-    BN_clear_free(x);
-    BN_CTX_free(bn_ctx);
-    return result;
-}
-
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/srp/srp_vfy.c (from rev 11605, vendor-crypto/openssl/dist/crypto/srp/srp_vfy.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/srp/srp_vfy.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/srp/srp_vfy.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,705 @@
+/* crypto/srp/srp_vfy.c */
+/*
+ * Written by Christophe Renou (christophe.renou at edelweb.fr) with the
+ * precious help of Peter Sylvester (peter.sylvester at edelweb.fr) for the
+ * EdelKey project and contributed to the OpenSSL project 2004.
+ */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+#ifndef OPENSSL_NO_SRP
+# include "cryptlib.h"
+# include "srp_lcl.h"
+# include <openssl/srp.h>
+# include <openssl/evp.h>
+# include <openssl/buffer.h>
+# include <openssl/rand.h>
+# include <openssl/txt_db.h>
+
+# define SRP_RANDOM_SALT_LEN 20
+# define MAX_LEN 2500
+
+static char b64table[] =
+    "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./";
+
+/*
+ * the following two conversion routines have been inspired by code from
+ * Stanford
+ */
+
+/*
+ * Convert a base64 string into raw byte array representation.
+ */
+static int t_fromb64(unsigned char *a, const char *src)
+{
+    char *loc;
+    int i, j;
+    int size;
+
+    while (*src && (*src == ' ' || *src == '\t' || *src == '\n'))
+        ++src;
+    size = strlen(src);
+    i = 0;
+    while (i < size) {
+        loc = strchr(b64table, src[i]);
+        if (loc == (char *)0)
+            break;
+        else
+            a[i] = loc - b64table;
+        ++i;
+    }
+    /* if nothing valid to process we have a zero length response */
+    if (i == 0)
+        return 0;
+    size = i;
+    i = size - 1;
+    j = size;
+    while (1) {
+        a[j] = a[i];
+        if (--i < 0)
+            break;
+        a[j] |= (a[i] & 3) << 6;
+        --j;
+        a[j] = (unsigned char)((a[i] & 0x3c) >> 2);
+        if (--i < 0)
+            break;
+        a[j] |= (a[i] & 0xf) << 4;
+        --j;
+        a[j] = (unsigned char)((a[i] & 0x30) >> 4);
+        if (--i < 0)
+            break;
+        a[j] |= (a[i] << 2);
+
+        a[--j] = 0;
+        if (--i < 0)
+            break;
+    }
+    while (a[j] == 0 && j <= size)
+        ++j;
+    i = 0;
+    while (j <= size)
+        a[i++] = a[j++];
+    return i;
+}
+
+/*
+ * Convert a raw byte string into a null-terminated base64 ASCII string.
+ */
+static char *t_tob64(char *dst, const unsigned char *src, int size)
+{
+    int c, pos = size % 3;
+    unsigned char b0 = 0, b1 = 0, b2 = 0, notleading = 0;
+    char *olddst = dst;
+
+    switch (pos) {
+    case 1:
+        b2 = src[0];
+        break;
+    case 2:
+        b1 = src[0];
+        b2 = src[1];
+        break;
+    }
+
+    while (1) {
+        c = (b0 & 0xfc) >> 2;
+        if (notleading || c != 0) {
+            *dst++ = b64table[c];
+            notleading = 1;
+        }
+        c = ((b0 & 3) << 4) | ((b1 & 0xf0) >> 4);
+        if (notleading || c != 0) {
+            *dst++ = b64table[c];
+            notleading = 1;
+        }
+        c = ((b1 & 0xf) << 2) | ((b2 & 0xc0) >> 6);
+        if (notleading || c != 0) {
+            *dst++ = b64table[c];
+            notleading = 1;
+        }
+        c = b2 & 0x3f;
+        if (notleading || c != 0) {
+            *dst++ = b64table[c];
+            notleading = 1;
+        }
+        if (pos >= size)
+            break;
+        else {
+            b0 = src[pos++];
+            b1 = src[pos++];
+            b2 = src[pos++];
+        }
+    }
+
+    *dst++ = '\0';
+    return olddst;
+}
+
+void SRP_user_pwd_free(SRP_user_pwd *user_pwd)
+{
+    if (user_pwd == NULL)
+        return;
+    BN_free(user_pwd->s);
+    BN_clear_free(user_pwd->v);
+    OPENSSL_free(user_pwd->id);
+    OPENSSL_free(user_pwd->info);
+    OPENSSL_free(user_pwd);
+}
+
+static SRP_user_pwd *SRP_user_pwd_new()
+{
+    SRP_user_pwd *ret = OPENSSL_malloc(sizeof(SRP_user_pwd));
+    if (ret == NULL)
+        return NULL;
+    ret->N = NULL;
+    ret->g = NULL;
+    ret->s = NULL;
+    ret->v = NULL;
+    ret->id = NULL;
+    ret->info = NULL;
+    return ret;
+}
+
+static void SRP_user_pwd_set_gN(SRP_user_pwd *vinfo, const BIGNUM *g,
+                                const BIGNUM *N)
+{
+    vinfo->N = N;
+    vinfo->g = g;
+}
+
+static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id,
+                                const char *info)
+{
+    if (id != NULL && NULL == (vinfo->id = BUF_strdup(id)))
+        return 0;
+    return (info == NULL || NULL != (vinfo->info = BUF_strdup(info)));
+}
+
+static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,
+                               const char *v)
+{
+    unsigned char tmp[MAX_LEN];
+    int len;
+
+    if (strlen(s) > MAX_LEN || strlen(v) > MAX_LEN)
+        return 0;
+    len = t_fromb64(tmp, v);
+    if (NULL == (vinfo->v = BN_bin2bn(tmp, len, NULL)))
+        return 0;
+    len = t_fromb64(tmp, s);
+    return ((vinfo->s = BN_bin2bn(tmp, len, NULL)) != NULL);
+}
+
+static int SRP_user_pwd_set_sv_BN(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v)
+{
+    vinfo->v = v;
+    vinfo->s = s;
+    return (vinfo->s != NULL && vinfo->v != NULL);
+}
+
+static SRP_user_pwd *srp_user_pwd_dup(SRP_user_pwd *src)
+{
+    SRP_user_pwd *ret;
+
+    if (src == NULL)
+        return NULL;
+    if ((ret = SRP_user_pwd_new()) == NULL)
+        return NULL;
+
+    SRP_user_pwd_set_gN(ret, src->g, src->N);
+    if (!SRP_user_pwd_set_ids(ret, src->id, src->info)
+        || !SRP_user_pwd_set_sv_BN(ret, BN_dup(src->s), BN_dup(src->v))) {
+            SRP_user_pwd_free(ret);
+            return NULL;
+    }
+    return ret;
+}
+
+SRP_VBASE *SRP_VBASE_new(char *seed_key)
+{
+    SRP_VBASE *vb = (SRP_VBASE *)OPENSSL_malloc(sizeof(SRP_VBASE));
+
+    if (vb == NULL)
+        return NULL;
+    if (!(vb->users_pwd = sk_SRP_user_pwd_new_null()) ||
+        !(vb->gN_cache = sk_SRP_gN_cache_new_null())) {
+        OPENSSL_free(vb);
+        return NULL;
+    }
+    vb->default_g = NULL;
+    vb->default_N = NULL;
+    vb->seed_key = NULL;
+    if ((seed_key != NULL) && (vb->seed_key = BUF_strdup(seed_key)) == NULL) {
+        sk_SRP_user_pwd_free(vb->users_pwd);
+        sk_SRP_gN_cache_free(vb->gN_cache);
+        OPENSSL_free(vb);
+        return NULL;
+    }
+    return vb;
+}
+
+int SRP_VBASE_free(SRP_VBASE *vb)
+{
+    sk_SRP_user_pwd_pop_free(vb->users_pwd, SRP_user_pwd_free);
+    sk_SRP_gN_cache_free(vb->gN_cache);
+    OPENSSL_free(vb->seed_key);
+    OPENSSL_free(vb);
+    return 0;
+}
+
+static SRP_gN_cache *SRP_gN_new_init(const char *ch)
+{
+    unsigned char tmp[MAX_LEN];
+    int len;
+
+    SRP_gN_cache *newgN =
+        (SRP_gN_cache *)OPENSSL_malloc(sizeof(SRP_gN_cache));
+    if (newgN == NULL)
+        return NULL;
+
+    if ((newgN->b64_bn = BUF_strdup(ch)) == NULL)
+        goto err;
+
+    len = t_fromb64(tmp, ch);
+    if ((newgN->bn = BN_bin2bn(tmp, len, NULL)))
+        return newgN;
+
+    OPENSSL_free(newgN->b64_bn);
+ err:
+    OPENSSL_free(newgN);
+    return NULL;
+}
+
+static void SRP_gN_free(SRP_gN_cache *gN_cache)
+{
+    if (gN_cache == NULL)
+        return;
+    OPENSSL_free(gN_cache->b64_bn);
+    BN_free(gN_cache->bn);
+    OPENSSL_free(gN_cache);
+}
+
+static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab)
+{
+    int i;
+
+    SRP_gN *gN;
+    if (gN_tab != NULL)
+        for (i = 0; i < sk_SRP_gN_num(gN_tab); i++) {
+            gN = sk_SRP_gN_value(gN_tab, i);
+            if (gN && (id == NULL || strcmp(gN->id, id) == 0))
+                return gN;
+        }
+
+    return SRP_get_default_gN(id);
+}
+
+static BIGNUM *SRP_gN_place_bn(STACK_OF(SRP_gN_cache) *gN_cache, char *ch)
+{
+    int i;
+    if (gN_cache == NULL)
+        return NULL;
+
+    /* search if we have already one... */
+    for (i = 0; i < sk_SRP_gN_cache_num(gN_cache); i++) {
+        SRP_gN_cache *cache = sk_SRP_gN_cache_value(gN_cache, i);
+        if (strcmp(cache->b64_bn, ch) == 0)
+            return cache->bn;
+    }
+    {                           /* it is the first time that we find it */
+        SRP_gN_cache *newgN = SRP_gN_new_init(ch);
+        if (newgN) {
+            if (sk_SRP_gN_cache_insert(gN_cache, newgN, 0) > 0)
+                return newgN->bn;
+            SRP_gN_free(newgN);
+        }
+    }
+    return NULL;
+}
+
+/*
+ * this function parses verifier file. Format is:
+ * string(index):base64(N):base64(g):0
+ * string(username):base64(v):base64(salt):int(index)
+ */
+
+int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)
+{
+    int error_code;
+    STACK_OF(SRP_gN) *SRP_gN_tab = sk_SRP_gN_new_null();
+    char *last_index = NULL;
+    int i;
+    char **pp;
+
+    SRP_gN *gN = NULL;
+    SRP_user_pwd *user_pwd = NULL;
+
+    TXT_DB *tmpdb = NULL;
+    BIO *in = BIO_new(BIO_s_file());
+
+    error_code = SRP_ERR_OPEN_FILE;
+
+    if (in == NULL || BIO_read_filename(in, verifier_file) <= 0)
+        goto err;
+
+    error_code = SRP_ERR_VBASE_INCOMPLETE_FILE;
+
+    if ((tmpdb = TXT_DB_read(in, DB_NUMBER)) == NULL)
+        goto err;
+
+    error_code = SRP_ERR_MEMORY;
+
+    if (vb->seed_key) {
+        last_index = SRP_get_default_gN(NULL)->id;
+    }
+    for (i = 0; i < sk_OPENSSL_PSTRING_num(tmpdb->data); i++) {
+        pp = sk_OPENSSL_PSTRING_value(tmpdb->data, i);
+        if (pp[DB_srptype][0] == DB_SRP_INDEX) {
+            /*
+             * we add this couple in the internal Stack
+             */
+
+            if ((gN = (SRP_gN *) OPENSSL_malloc(sizeof(SRP_gN))) == NULL)
+                goto err;
+
+            if (!(gN->id = BUF_strdup(pp[DB_srpid]))
+                || !(gN->N =
+                     SRP_gN_place_bn(vb->gN_cache, pp[DB_srpverifier]))
+                || !(gN->g = SRP_gN_place_bn(vb->gN_cache, pp[DB_srpsalt]))
+                || sk_SRP_gN_insert(SRP_gN_tab, gN, 0) == 0)
+                goto err;
+
+            gN = NULL;
+
+            if (vb->seed_key != NULL) {
+                last_index = pp[DB_srpid];
+            }
+        } else if (pp[DB_srptype][0] == DB_SRP_VALID) {
+            /* it is a user .... */
+            SRP_gN *lgN;
+            if ((lgN = SRP_get_gN_by_id(pp[DB_srpgN], SRP_gN_tab)) != NULL) {
+                error_code = SRP_ERR_MEMORY;
+                if ((user_pwd = SRP_user_pwd_new()) == NULL)
+                    goto err;
+
+                SRP_user_pwd_set_gN(user_pwd, lgN->g, lgN->N);
+                if (!SRP_user_pwd_set_ids
+                    (user_pwd, pp[DB_srpid], pp[DB_srpinfo]))
+                    goto err;
+
+                error_code = SRP_ERR_VBASE_BN_LIB;
+                if (!SRP_user_pwd_set_sv
+                    (user_pwd, pp[DB_srpsalt], pp[DB_srpverifier]))
+                    goto err;
+
+                if (sk_SRP_user_pwd_insert(vb->users_pwd, user_pwd, 0) == 0)
+                    goto err;
+                user_pwd = NULL; /* abandon responsability */
+            }
+        }
+    }
+
+    if (last_index != NULL) {
+        /* this means that we want to simulate a default user */
+
+        if (((gN = SRP_get_gN_by_id(last_index, SRP_gN_tab)) == NULL)) {
+            error_code = SRP_ERR_VBASE_BN_LIB;
+            goto err;
+        }
+        vb->default_g = gN->g;
+        vb->default_N = gN->N;
+        gN = NULL;
+    }
+    error_code = SRP_NO_ERROR;
+
+ err:
+    /*
+     * there may be still some leaks to fix, if this fails, the application
+     * terminates most likely
+     */
+
+    if (gN != NULL) {
+        OPENSSL_free(gN->id);
+        OPENSSL_free(gN);
+    }
+
+    SRP_user_pwd_free(user_pwd);
+
+    if (tmpdb)
+        TXT_DB_free(tmpdb);
+    if (in)
+        BIO_free_all(in);
+
+    sk_SRP_gN_free(SRP_gN_tab);
+
+    return error_code;
+
+}
+
+static SRP_user_pwd *find_user(SRP_VBASE *vb, char *username)
+{
+    int i;
+    SRP_user_pwd *user;
+
+    if (vb == NULL)
+        return NULL;
+
+    for (i = 0; i < sk_SRP_user_pwd_num(vb->users_pwd); i++) {
+        user = sk_SRP_user_pwd_value(vb->users_pwd, i);
+        if (strcmp(user->id, username) == 0)
+            return user;
+    }
+
+    return NULL;
+}
+
+/*
+ * This method ignores the configured seed and fails for an unknown user.
+ * Ownership of the returned pointer is not released to the caller.
+ * In other words, caller must not free the result.
+ */
+SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)
+{
+    return find_user(vb, username);
+}
+
+/*
+ * Ownership of the returned pointer is released to the caller.
+ * In other words, caller must free the result once done.
+ */
+SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username)
+{
+    SRP_user_pwd *user;
+    unsigned char digv[SHA_DIGEST_LENGTH];
+    unsigned char digs[SHA_DIGEST_LENGTH];
+    EVP_MD_CTX ctxt;
+
+    if (vb == NULL)
+        return NULL;
+
+    if ((user = find_user(vb, username)) != NULL)
+        return srp_user_pwd_dup(user);
+
+    if ((vb->seed_key == NULL) ||
+        (vb->default_g == NULL) || (vb->default_N == NULL))
+        return NULL;
+
+/* if the user is unknown we set parameters as well if we have a seed_key */
+
+    if ((user = SRP_user_pwd_new()) == NULL)
+        return NULL;
+
+    SRP_user_pwd_set_gN(user, vb->default_g, vb->default_N);
+
+    if (!SRP_user_pwd_set_ids(user, username, NULL))
+        goto err;
+
+    if (RAND_bytes(digv, SHA_DIGEST_LENGTH) <= 0)
+        goto err;
+    EVP_MD_CTX_init(&ctxt);
+    EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
+    EVP_DigestUpdate(&ctxt, vb->seed_key, strlen(vb->seed_key));
+    EVP_DigestUpdate(&ctxt, username, strlen(username));
+    EVP_DigestFinal_ex(&ctxt, digs, NULL);
+    EVP_MD_CTX_cleanup(&ctxt);
+    if (SRP_user_pwd_set_sv_BN
+        (user, BN_bin2bn(digs, SHA_DIGEST_LENGTH, NULL),
+         BN_bin2bn(digv, SHA_DIGEST_LENGTH, NULL)))
+        return user;
+
+ err:SRP_user_pwd_free(user);
+    return NULL;
+}
+
+/*
+ * create a verifier (*salt,*verifier,g and N are in base64)
+ */
+char *SRP_create_verifier(const char *user, const char *pass, char **salt,
+                          char **verifier, const char *N, const char *g)
+{
+    int len;
+    char *result = NULL, *vf = NULL;
+    BIGNUM *N_bn = NULL, *g_bn = NULL, *s = NULL, *v = NULL;
+    unsigned char tmp[MAX_LEN];
+    unsigned char tmp2[MAX_LEN];
+    char *defgNid = NULL;
+    int vfsize = 0;
+
+    if ((user == NULL) ||
+        (pass == NULL) || (salt == NULL) || (verifier == NULL))
+        goto err;
+
+    if (N) {
+        if (!(len = t_fromb64(tmp, N)))
+            goto err;
+        N_bn = BN_bin2bn(tmp, len, NULL);
+        if (!(len = t_fromb64(tmp, g)))
+            goto err;
+        g_bn = BN_bin2bn(tmp, len, NULL);
+        defgNid = "*";
+    } else {
+        SRP_gN *gN = SRP_get_gN_by_id(g, NULL);
+        if (gN == NULL)
+            goto err;
+        N_bn = gN->N;
+        g_bn = gN->g;
+        defgNid = gN->id;
+    }
+
+    if (*salt == NULL) {
+        if (RAND_bytes(tmp2, SRP_RANDOM_SALT_LEN) <= 0)
+            goto err;
+
+        s = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
+    } else {
+        if (!(len = t_fromb64(tmp2, *salt)))
+            goto err;
+        s = BN_bin2bn(tmp2, len, NULL);
+    }
+
+    if (!SRP_create_verifier_BN(user, pass, &s, &v, N_bn, g_bn))
+        goto err;
+
+    BN_bn2bin(v, tmp);
+    vfsize = BN_num_bytes(v) * 2;
+    if (((vf = OPENSSL_malloc(vfsize)) == NULL))
+        goto err;
+    t_tob64(vf, tmp, BN_num_bytes(v));
+
+    if (*salt == NULL) {
+        char *tmp_salt;
+
+        if ((tmp_salt = OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL) {
+            goto err;
+        }
+        t_tob64(tmp_salt, tmp2, SRP_RANDOM_SALT_LEN);
+        *salt = tmp_salt;
+    }
+
+    *verifier = vf;
+    vf = NULL;
+    result = defgNid;
+
+ err:
+    if (N) {
+        BN_free(N_bn);
+        BN_free(g_bn);
+    }
+    OPENSSL_cleanse(vf, vfsize);
+    OPENSSL_free(vf);
+    BN_clear_free(s);
+    BN_clear_free(v);
+    return result;
+}
+
+/*
+ * create a verifier (*salt,*verifier,g and N are BIGNUMs). If *salt != NULL
+ * then the provided salt will be used. On successful exit *verifier will point
+ * to a newly allocated BIGNUM containing the verifier and (if a salt was not
+ * provided) *salt will be populated with a newly allocated BIGNUM containing a
+ * random salt.
+ * The caller is responsible for freeing the allocated *salt and *verifier
+ * BIGNUMS.
+ */
+int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
+                           BIGNUM **verifier, BIGNUM *N, BIGNUM *g)
+{
+    int result = 0;
+    BIGNUM *x = NULL;
+    BN_CTX *bn_ctx = BN_CTX_new();
+    unsigned char tmp2[MAX_LEN];
+    BIGNUM *salttmp = NULL;
+
+    if ((user == NULL) ||
+        (pass == NULL) ||
+        (salt == NULL) ||
+        (verifier == NULL) || (N == NULL) || (g == NULL) || (bn_ctx == NULL))
+        goto err;
+
+    srp_bn_print(N);
+    srp_bn_print(g);
+
+    if (*salt == NULL) {
+        if (RAND_bytes(tmp2, SRP_RANDOM_SALT_LEN) <= 0)
+            goto err;
+
+        salttmp = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
+    } else {
+        salttmp = *salt;
+    }
+
+    x = SRP_Calc_x(salttmp, user, pass);
+
+    *verifier = BN_new();
+    if (*verifier == NULL)
+        goto err;
+
+    if (!BN_mod_exp(*verifier, g, x, N, bn_ctx)) {
+        BN_clear_free(*verifier);
+        goto err;
+    }
+
+    srp_bn_print(*verifier);
+
+    result = 1;
+    *salt = salttmp;
+
+ err:
+    if (*salt != salttmp)
+        BN_clear_free(salttmp);
+    BN_clear_free(x);
+    BN_CTX_free(bn_ctx);
+    return result;
+}
+
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/store/store.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/store/store.h	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/store/store.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,658 +0,0 @@
-/* crypto/store/store.h -*- mode:C; c-file-style: "eay" -*- */
-/*
- * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
- * 2003.
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_STORE_H
-# define HEADER_STORE_H
-
-# include <openssl/opensslconf.h>
-
-# ifdef OPENSSL_NO_STORE
-#  error STORE is disabled.
-# endif
-
-# include <openssl/ossl_typ.h>
-# ifndef OPENSSL_NO_DEPRECATED
-#  include <openssl/evp.h>
-#  include <openssl/bn.h>
-#  include <openssl/x509.h>
-# endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Already defined in ossl_typ.h */
-/* typedef struct store_st STORE; */
-/* typedef struct store_method_st STORE_METHOD; */
-
-/*
- * All the following functions return 0, a negative number or NULL on error.
- * When everything is fine, they return a positive value or a non-NULL
- * pointer, all depending on their purpose.
- */
-
-/* Creators and destructor.   */
-STORE *STORE_new_method(const STORE_METHOD *method);
-STORE *STORE_new_engine(ENGINE *engine);
-void STORE_free(STORE *ui);
-
-/*
- * Give a user interface parametrised control commands.  This can be used to
- * send down an integer, a data pointer or a function pointer, as well as be
- * used to get information from a STORE.
- */
-int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f) (void));
-
-/*
- * A control to set the directory with keys and certificates.  Used by the
- * built-in directory level method.
- */
-# define STORE_CTRL_SET_DIRECTORY        0x0001
-/*
- * A control to set a file to load.  Used by the built-in file level method.
- */
-# define STORE_CTRL_SET_FILE             0x0002
-/*
- * A control to set a configuration file to load.  Can be used by any method
- * that wishes to load a configuration file.
- */
-# define STORE_CTRL_SET_CONF_FILE        0x0003
-/*
- * A control to set a the section of the loaded configuration file.  Can be
- * used by any method that wishes to load a configuration file.
- */
-# define STORE_CTRL_SET_CONF_SECTION     0x0004
-
-/* Some methods may use extra data */
-# define STORE_set_app_data(s,arg)       STORE_set_ex_data(s,0,arg)
-# define STORE_get_app_data(s)           STORE_get_ex_data(s,0)
-int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-                           CRYPTO_EX_dup *dup_func,
-                           CRYPTO_EX_free *free_func);
-int STORE_set_ex_data(STORE *r, int idx, void *arg);
-void *STORE_get_ex_data(STORE *r, int idx);
-
-/* Use specific methods instead of the built-in one */
-const STORE_METHOD *STORE_get_method(STORE *store);
-const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth);
-
-/* The standard OpenSSL methods. */
-/*
- * This is the in-memory method.  It does everything except revoking and
- * updating, and is of course volatile.  It's used by other methods that have
- * an in-memory cache.
- */
-const STORE_METHOD *STORE_Memory(void);
-# if 0                          /* Not yet implemented */
-/*
- * This is the directory store.  It does everything except revoking and
- * updating, and uses STORE_Memory() to cache things in memory.
- */
-const STORE_METHOD *STORE_Directory(void);
-/*
- * This is the file store.  It does everything except revoking and updating,
- * and uses STORE_Memory() to cache things in memory.  Certificates are added
- * to it with the store operation, and it will only get cached certificates.
- */
-const STORE_METHOD *STORE_File(void);
-# endif
-
-/*
- * Store functions take a type code for the type of data they should store or
- * fetch
- */
-typedef enum STORE_object_types {
-    STORE_OBJECT_TYPE_X509_CERTIFICATE = 0x01, /* X509 * */
-    STORE_OBJECT_TYPE_X509_CRL = 0x02, /* X509_CRL * */
-    STORE_OBJECT_TYPE_PRIVATE_KEY = 0x03, /* EVP_PKEY * */
-    STORE_OBJECT_TYPE_PUBLIC_KEY = 0x04, /* EVP_PKEY * */
-    STORE_OBJECT_TYPE_NUMBER = 0x05, /* BIGNUM * */
-    STORE_OBJECT_TYPE_ARBITRARY = 0x06, /* BUF_MEM * */
-    STORE_OBJECT_TYPE_NUM = 0x06 /* The amount of known object types */
-} STORE_OBJECT_TYPES;
-/* List of text strings corresponding to the object types. */
-extern const char *const STORE_object_type_string[STORE_OBJECT_TYPE_NUM + 1];
-
-/*
- * Some store functions take a parameter list.  Those parameters come with
- * one of the following codes. The comments following the codes below
- * indicate what type the value should be a pointer to.
- */
-typedef enum STORE_params {
-    STORE_PARAM_EVP_TYPE = 0x01, /* int */
-    STORE_PARAM_BITS = 0x02,    /* size_t */
-    STORE_PARAM_KEY_PARAMETERS = 0x03, /* ??? */
-    STORE_PARAM_KEY_NO_PARAMETERS = 0x04, /* N/A */
-    STORE_PARAM_AUTH_PASSPHRASE = 0x05, /* char * */
-    STORE_PARAM_AUTH_KRB5_TICKET = 0x06, /* void * */
-    STORE_PARAM_TYPE_NUM = 0x06 /* The amount of known parameter types */
-} STORE_PARAM_TYPES;
-/*
- * Parameter value sizes.  -1 means unknown, anything else is the required
- * size.
- */
-extern const int STORE_param_sizes[STORE_PARAM_TYPE_NUM + 1];
-
-/*
- * Store functions take attribute lists.  Those attributes come with codes.
- * The comments following the codes below indicate what type the value should
- * be a pointer to.
- */
-typedef enum STORE_attribs {
-    STORE_ATTR_END = 0x00,
-    STORE_ATTR_FRIENDLYNAME = 0x01, /* C string */
-    STORE_ATTR_KEYID = 0x02,    /* 160 bit string (SHA1) */
-    STORE_ATTR_ISSUERKEYID = 0x03, /* 160 bit string (SHA1) */
-    STORE_ATTR_SUBJECTKEYID = 0x04, /* 160 bit string (SHA1) */
-    STORE_ATTR_ISSUERSERIALHASH = 0x05, /* 160 bit string (SHA1) */
-    STORE_ATTR_ISSUER = 0x06,   /* X509_NAME * */
-    STORE_ATTR_SERIAL = 0x07,   /* BIGNUM * */
-    STORE_ATTR_SUBJECT = 0x08,  /* X509_NAME * */
-    STORE_ATTR_CERTHASH = 0x09, /* 160 bit string (SHA1) */
-    STORE_ATTR_EMAIL = 0x0a,    /* C string */
-    STORE_ATTR_FILENAME = 0x0b, /* C string */
-    STORE_ATTR_TYPE_NUM = 0x0b, /* The amount of known attribute types */
-    STORE_ATTR_OR = 0xff        /* This is a special separator, which
-                                 * expresses the OR operation.  */
-} STORE_ATTR_TYPES;
-/*
- * Attribute value sizes.  -1 means unknown, anything else is the required
- * size.
- */
-extern const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM + 1];
-
-typedef enum STORE_certificate_status {
-    STORE_X509_VALID = 0x00,
-    STORE_X509_EXPIRED = 0x01,
-    STORE_X509_SUSPENDED = 0x02,
-    STORE_X509_REVOKED = 0x03
-} STORE_CERTIFICATE_STATUS;
-
-/*
- * Engine store functions will return a structure that contains all the
- * necessary information, including revokation status for certificates.  This
- * is really not needed for application authors, as the ENGINE framework
- * functions will extract the OpenSSL-specific information when at all
- * possible.  However, for engine authors, it's crucial to know this
- * structure.
- */
-typedef struct STORE_OBJECT_st {
-    STORE_OBJECT_TYPES type;
-    union {
-        struct {
-            STORE_CERTIFICATE_STATUS status;
-            X509 *certificate;
-        } x509;
-        X509_CRL *crl;
-        EVP_PKEY *key;
-        BIGNUM *number;
-        BUF_MEM *arbitrary;
-    } data;
-} STORE_OBJECT;
-DECLARE_STACK_OF(STORE_OBJECT)
-STORE_OBJECT *STORE_OBJECT_new(void);
-void STORE_OBJECT_free(STORE_OBJECT *data);
-
-/*
- * The following functions handle the storage. They return 0, a negative
- * number or NULL on error, anything else on success.
- */
-X509 *STORE_get_certificate(STORE *e, OPENSSL_ITEM attributes[],
-                            OPENSSL_ITEM parameters[]);
-int STORE_store_certificate(STORE *e, X509 *data, OPENSSL_ITEM attributes[],
-                            OPENSSL_ITEM parameters[]);
-int STORE_modify_certificate(STORE *e, OPENSSL_ITEM search_attributes[],
-                             OPENSSL_ITEM add_attributes[],
-                             OPENSSL_ITEM modify_attributes[],
-                             OPENSSL_ITEM delete_attributes[],
-                             OPENSSL_ITEM parameters[]);
-int STORE_revoke_certificate(STORE *e, OPENSSL_ITEM attributes[],
-                             OPENSSL_ITEM parameters[]);
-int STORE_delete_certificate(STORE *e, OPENSSL_ITEM attributes[],
-                             OPENSSL_ITEM parameters[]);
-void *STORE_list_certificate_start(STORE *e, OPENSSL_ITEM attributes[],
-                                   OPENSSL_ITEM parameters[]);
-X509 *STORE_list_certificate_next(STORE *e, void *handle);
-int STORE_list_certificate_end(STORE *e, void *handle);
-int STORE_list_certificate_endp(STORE *e, void *handle);
-EVP_PKEY *STORE_generate_key(STORE *e, OPENSSL_ITEM attributes[],
-                             OPENSSL_ITEM parameters[]);
-EVP_PKEY *STORE_get_private_key(STORE *e, OPENSSL_ITEM attributes[],
-                                OPENSSL_ITEM parameters[]);
-int STORE_store_private_key(STORE *e, EVP_PKEY *data,
-                            OPENSSL_ITEM attributes[],
-                            OPENSSL_ITEM parameters[]);
-int STORE_modify_private_key(STORE *e, OPENSSL_ITEM search_attributes[],
-                             OPENSSL_ITEM add_sttributes[],
-                             OPENSSL_ITEM modify_attributes[],
-                             OPENSSL_ITEM delete_attributes[],
-                             OPENSSL_ITEM parameters[]);
-int STORE_revoke_private_key(STORE *e, OPENSSL_ITEM attributes[],
-                             OPENSSL_ITEM parameters[]);
-int STORE_delete_private_key(STORE *e, OPENSSL_ITEM attributes[],
-                             OPENSSL_ITEM parameters[]);
-void *STORE_list_private_key_start(STORE *e, OPENSSL_ITEM attributes[],
-                                   OPENSSL_ITEM parameters[]);
-EVP_PKEY *STORE_list_private_key_next(STORE *e, void *handle);
-int STORE_list_private_key_end(STORE *e, void *handle);
-int STORE_list_private_key_endp(STORE *e, void *handle);
-EVP_PKEY *STORE_get_public_key(STORE *e, OPENSSL_ITEM attributes[],
-                               OPENSSL_ITEM parameters[]);
-int STORE_store_public_key(STORE *e, EVP_PKEY *data,
-                           OPENSSL_ITEM attributes[],
-                           OPENSSL_ITEM parameters[]);
-int STORE_modify_public_key(STORE *e, OPENSSL_ITEM search_attributes[],
-                            OPENSSL_ITEM add_sttributes[],
-                            OPENSSL_ITEM modify_attributes[],
-                            OPENSSL_ITEM delete_attributes[],
-                            OPENSSL_ITEM parameters[]);
-int STORE_revoke_public_key(STORE *e, OPENSSL_ITEM attributes[],
-                            OPENSSL_ITEM parameters[]);
-int STORE_delete_public_key(STORE *e, OPENSSL_ITEM attributes[],
-                            OPENSSL_ITEM parameters[]);
-void *STORE_list_public_key_start(STORE *e, OPENSSL_ITEM attributes[],
-                                  OPENSSL_ITEM parameters[]);
-EVP_PKEY *STORE_list_public_key_next(STORE *e, void *handle);
-int STORE_list_public_key_end(STORE *e, void *handle);
-int STORE_list_public_key_endp(STORE *e, void *handle);
-X509_CRL *STORE_generate_crl(STORE *e, OPENSSL_ITEM attributes[],
-                             OPENSSL_ITEM parameters[]);
-X509_CRL *STORE_get_crl(STORE *e, OPENSSL_ITEM attributes[],
-                        OPENSSL_ITEM parameters[]);
-int STORE_store_crl(STORE *e, X509_CRL *data, OPENSSL_ITEM attributes[],
-                    OPENSSL_ITEM parameters[]);
-int STORE_modify_crl(STORE *e, OPENSSL_ITEM search_attributes[],
-                     OPENSSL_ITEM add_sttributes[],
-                     OPENSSL_ITEM modify_attributes[],
-                     OPENSSL_ITEM delete_attributes[],
-                     OPENSSL_ITEM parameters[]);
-int STORE_delete_crl(STORE *e, OPENSSL_ITEM attributes[],
-                     OPENSSL_ITEM parameters[]);
-void *STORE_list_crl_start(STORE *e, OPENSSL_ITEM attributes[],
-                           OPENSSL_ITEM parameters[]);
-X509_CRL *STORE_list_crl_next(STORE *e, void *handle);
-int STORE_list_crl_end(STORE *e, void *handle);
-int STORE_list_crl_endp(STORE *e, void *handle);
-int STORE_store_number(STORE *e, BIGNUM *data, OPENSSL_ITEM attributes[],
-                       OPENSSL_ITEM parameters[]);
-int STORE_modify_number(STORE *e, OPENSSL_ITEM search_attributes[],
-                        OPENSSL_ITEM add_sttributes[],
-                        OPENSSL_ITEM modify_attributes[],
-                        OPENSSL_ITEM delete_attributes[],
-                        OPENSSL_ITEM parameters[]);
-BIGNUM *STORE_get_number(STORE *e, OPENSSL_ITEM attributes[],
-                         OPENSSL_ITEM parameters[]);
-int STORE_delete_number(STORE *e, OPENSSL_ITEM attributes[],
-                        OPENSSL_ITEM parameters[]);
-int STORE_store_arbitrary(STORE *e, BUF_MEM *data, OPENSSL_ITEM attributes[],
-                          OPENSSL_ITEM parameters[]);
-int STORE_modify_arbitrary(STORE *e, OPENSSL_ITEM search_attributes[],
-                           OPENSSL_ITEM add_sttributes[],
-                           OPENSSL_ITEM modify_attributes[],
-                           OPENSSL_ITEM delete_attributes[],
-                           OPENSSL_ITEM parameters[]);
-BUF_MEM *STORE_get_arbitrary(STORE *e, OPENSSL_ITEM attributes[],
-                             OPENSSL_ITEM parameters[]);
-int STORE_delete_arbitrary(STORE *e, OPENSSL_ITEM attributes[],
-                           OPENSSL_ITEM parameters[]);
-
-/* Create and manipulate methods */
-STORE_METHOD *STORE_create_method(char *name);
-void STORE_destroy_method(STORE_METHOD *store_method);
-
-/* These callback types are use for store handlers */
-typedef int (*STORE_INITIALISE_FUNC_PTR) (STORE *);
-typedef void (*STORE_CLEANUP_FUNC_PTR) (STORE *);
-typedef STORE_OBJECT *(*STORE_GENERATE_OBJECT_FUNC_PTR)(STORE *,
-                                                        STORE_OBJECT_TYPES
-                                                        type,
-                                                        OPENSSL_ITEM
-                                                        attributes[],
-                                                        OPENSSL_ITEM
-                                                        parameters[]);
-typedef STORE_OBJECT *(*STORE_GET_OBJECT_FUNC_PTR)(STORE *,
-                                                   STORE_OBJECT_TYPES type,
-                                                   OPENSSL_ITEM attributes[],
-                                                   OPENSSL_ITEM parameters[]);
-typedef void *(*STORE_START_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type,
-                                             OPENSSL_ITEM attributes[],
-                                             OPENSSL_ITEM parameters[]);
-typedef STORE_OBJECT *(*STORE_NEXT_OBJECT_FUNC_PTR)(STORE *, void *handle);
-typedef int (*STORE_END_OBJECT_FUNC_PTR) (STORE *, void *handle);
-typedef int (*STORE_HANDLE_OBJECT_FUNC_PTR) (STORE *, STORE_OBJECT_TYPES type,
-                                             OPENSSL_ITEM attributes[],
-                                             OPENSSL_ITEM parameters[]);
-typedef int (*STORE_STORE_OBJECT_FUNC_PTR) (STORE *, STORE_OBJECT_TYPES type,
-                                            STORE_OBJECT *data,
-                                            OPENSSL_ITEM attributes[],
-                                            OPENSSL_ITEM parameters[]);
-typedef int (*STORE_MODIFY_OBJECT_FUNC_PTR) (STORE *, STORE_OBJECT_TYPES type,
-                                             OPENSSL_ITEM search_attributes[],
-                                             OPENSSL_ITEM add_attributes[],
-                                             OPENSSL_ITEM modify_attributes[],
-                                             OPENSSL_ITEM delete_attributes[],
-                                             OPENSSL_ITEM parameters[]);
-typedef int (*STORE_GENERIC_FUNC_PTR) (STORE *, OPENSSL_ITEM attributes[],
-                                       OPENSSL_ITEM parameters[]);
-typedef int (*STORE_CTRL_FUNC_PTR) (STORE *, int cmd, long l, void *p,
-                                    void (*f) (void));
-
-int STORE_method_set_initialise_function(STORE_METHOD *sm,
-                                         STORE_INITIALISE_FUNC_PTR init_f);
-int STORE_method_set_cleanup_function(STORE_METHOD *sm,
-                                      STORE_CLEANUP_FUNC_PTR clean_f);
-int STORE_method_set_generate_function(STORE_METHOD *sm,
-                                       STORE_GENERATE_OBJECT_FUNC_PTR
-                                       generate_f);
-int STORE_method_set_get_function(STORE_METHOD *sm,
-                                  STORE_GET_OBJECT_FUNC_PTR get_f);
-int STORE_method_set_store_function(STORE_METHOD *sm,
-                                    STORE_STORE_OBJECT_FUNC_PTR store_f);
-int STORE_method_set_modify_function(STORE_METHOD *sm,
-                                     STORE_MODIFY_OBJECT_FUNC_PTR store_f);
-int STORE_method_set_revoke_function(STORE_METHOD *sm,
-                                     STORE_HANDLE_OBJECT_FUNC_PTR revoke_f);
-int STORE_method_set_delete_function(STORE_METHOD *sm,
-                                     STORE_HANDLE_OBJECT_FUNC_PTR delete_f);
-int STORE_method_set_list_start_function(STORE_METHOD *sm,
-                                         STORE_START_OBJECT_FUNC_PTR
-                                         list_start_f);
-int STORE_method_set_list_next_function(STORE_METHOD *sm,
-                                        STORE_NEXT_OBJECT_FUNC_PTR
-                                        list_next_f);
-int STORE_method_set_list_end_function(STORE_METHOD *sm,
-                                       STORE_END_OBJECT_FUNC_PTR list_end_f);
-int STORE_method_set_update_store_function(STORE_METHOD *sm,
-                                           STORE_GENERIC_FUNC_PTR);
-int STORE_method_set_lock_store_function(STORE_METHOD *sm,
-                                         STORE_GENERIC_FUNC_PTR);
-int STORE_method_set_unlock_store_function(STORE_METHOD *sm,
-                                           STORE_GENERIC_FUNC_PTR);
-int STORE_method_set_ctrl_function(STORE_METHOD *sm,
-                                   STORE_CTRL_FUNC_PTR ctrl_f);
-
-STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD
-                                                               *sm);
-STORE_CLEANUP_FUNC_PTR STORE_method_get_cleanup_function(STORE_METHOD *sm);
-STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD
-                                                                  *sm);
-STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm);
-STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm);
-STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD
-                                                              *sm);
-STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD
-                                                              *sm);
-STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD
-                                                              *sm);
-STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD
-                                                                 *sm);
-STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD
-                                                               *sm);
-STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD
-                                                             *sm);
-STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD
-                                                              *sm);
-STORE_GENERIC_FUNC_PTR STORE_method_get_lock_store_function(STORE_METHOD *sm);
-STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD
-                                                              *sm);
-STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm);
-
-/* Method helper structures and functions. */
-
-/*
- * This structure is the result of parsing through the information in a list
- * of OPENSSL_ITEMs.  It stores all the necessary information in a structured
- * way.
- */
-typedef struct STORE_attr_info_st STORE_ATTR_INFO;
-
-/*
- * Parse a list of OPENSSL_ITEMs and return a pointer to a STORE_ATTR_INFO.
- * Note that we do this in the list form, since the list of OPENSSL_ITEMs can
- * come in blocks separated with STORE_ATTR_OR.  Note that the value returned
- * by STORE_parse_attrs_next() must be freed with STORE_ATTR_INFO_free().
- */
-void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes);
-STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle);
-int STORE_parse_attrs_end(void *handle);
-int STORE_parse_attrs_endp(void *handle);
-
-/* Creator and destructor */
-STORE_ATTR_INFO *STORE_ATTR_INFO_new(void);
-int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs);
-
-/* Manipulators */
-char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs,
-                                STORE_ATTR_TYPES code);
-unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs,
-                                            STORE_ATTR_TYPES code);
-X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs,
-                                   STORE_ATTR_TYPES code);
-BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs,
-                                    STORE_ATTR_TYPES code);
-int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
-                             char *cstr, size_t cstr_size);
-int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
-                                unsigned char *sha1str, size_t sha1str_size);
-int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
-                           X509_NAME *dn);
-int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
-                               BIGNUM *number);
-int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
-                                char *cstr, size_t cstr_size);
-int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs,
-                                   STORE_ATTR_TYPES code,
-                                   unsigned char *sha1str,
-                                   size_t sha1str_size);
-int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
-                              X509_NAME *dn);
-int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs,
-                                  STORE_ATTR_TYPES code, BIGNUM *number);
-
-/*
- * Compare on basis of a bit pattern formed by the STORE_ATTR_TYPES values in
- * each contained attribute.
- */
-int STORE_ATTR_INFO_compare(const STORE_ATTR_INFO *const *a,
-                            const STORE_ATTR_INFO *const *b);
-/*
- * Check if the set of attributes in a is within the range of attributes set
- * in b.
- */
-int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);
-/* Check if the set of attributes in a are also set in b. */
-int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);
-/* Same as STORE_ATTR_INFO_in(), but also checks the attribute values. */
-int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_STORE_strings(void);
-
-/* Error codes for the STORE functions. */
-
-/* Function codes. */
-# define STORE_F_MEM_DELETE                               134
-# define STORE_F_MEM_GENERATE                             135
-# define STORE_F_MEM_LIST_END                             168
-# define STORE_F_MEM_LIST_NEXT                            136
-# define STORE_F_MEM_LIST_START                           137
-# define STORE_F_MEM_MODIFY                               169
-# define STORE_F_MEM_STORE                                138
-# define STORE_F_STORE_ATTR_INFO_GET0_CSTR                139
-# define STORE_F_STORE_ATTR_INFO_GET0_DN                  140
-# define STORE_F_STORE_ATTR_INFO_GET0_NUMBER              141
-# define STORE_F_STORE_ATTR_INFO_GET0_SHA1STR             142
-# define STORE_F_STORE_ATTR_INFO_MODIFY_CSTR              143
-# define STORE_F_STORE_ATTR_INFO_MODIFY_DN                144
-# define STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER            145
-# define STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR           146
-# define STORE_F_STORE_ATTR_INFO_SET_CSTR                 147
-# define STORE_F_STORE_ATTR_INFO_SET_DN                   148
-# define STORE_F_STORE_ATTR_INFO_SET_NUMBER               149
-# define STORE_F_STORE_ATTR_INFO_SET_SHA1STR              150
-# define STORE_F_STORE_CERTIFICATE                        170
-# define STORE_F_STORE_CTRL                               161
-# define STORE_F_STORE_DELETE_ARBITRARY                   158
-# define STORE_F_STORE_DELETE_CERTIFICATE                 102
-# define STORE_F_STORE_DELETE_CRL                         103
-# define STORE_F_STORE_DELETE_NUMBER                      104
-# define STORE_F_STORE_DELETE_PRIVATE_KEY                 105
-# define STORE_F_STORE_DELETE_PUBLIC_KEY                  106
-# define STORE_F_STORE_GENERATE_CRL                       107
-# define STORE_F_STORE_GENERATE_KEY                       108
-# define STORE_F_STORE_GET_ARBITRARY                      159
-# define STORE_F_STORE_GET_CERTIFICATE                    109
-# define STORE_F_STORE_GET_CRL                            110
-# define STORE_F_STORE_GET_NUMBER                         111
-# define STORE_F_STORE_GET_PRIVATE_KEY                    112
-# define STORE_F_STORE_GET_PUBLIC_KEY                     113
-# define STORE_F_STORE_LIST_CERTIFICATE_END               114
-# define STORE_F_STORE_LIST_CERTIFICATE_ENDP              153
-# define STORE_F_STORE_LIST_CERTIFICATE_NEXT              115
-# define STORE_F_STORE_LIST_CERTIFICATE_START             116
-# define STORE_F_STORE_LIST_CRL_END                       117
-# define STORE_F_STORE_LIST_CRL_ENDP                      154
-# define STORE_F_STORE_LIST_CRL_NEXT                      118
-# define STORE_F_STORE_LIST_CRL_START                     119
-# define STORE_F_STORE_LIST_PRIVATE_KEY_END               120
-# define STORE_F_STORE_LIST_PRIVATE_KEY_ENDP              155
-# define STORE_F_STORE_LIST_PRIVATE_KEY_NEXT              121
-# define STORE_F_STORE_LIST_PRIVATE_KEY_START             122
-# define STORE_F_STORE_LIST_PUBLIC_KEY_END                123
-# define STORE_F_STORE_LIST_PUBLIC_KEY_ENDP               156
-# define STORE_F_STORE_LIST_PUBLIC_KEY_NEXT               124
-# define STORE_F_STORE_LIST_PUBLIC_KEY_START              125
-# define STORE_F_STORE_MODIFY_ARBITRARY                   162
-# define STORE_F_STORE_MODIFY_CERTIFICATE                 163
-# define STORE_F_STORE_MODIFY_CRL                         164
-# define STORE_F_STORE_MODIFY_NUMBER                      165
-# define STORE_F_STORE_MODIFY_PRIVATE_KEY                 166
-# define STORE_F_STORE_MODIFY_PUBLIC_KEY                  167
-# define STORE_F_STORE_NEW_ENGINE                         133
-# define STORE_F_STORE_NEW_METHOD                         132
-# define STORE_F_STORE_PARSE_ATTRS_END                    151
-# define STORE_F_STORE_PARSE_ATTRS_ENDP                   172
-# define STORE_F_STORE_PARSE_ATTRS_NEXT                   152
-# define STORE_F_STORE_PARSE_ATTRS_START                  171
-# define STORE_F_STORE_REVOKE_CERTIFICATE                 129
-# define STORE_F_STORE_REVOKE_PRIVATE_KEY                 130
-# define STORE_F_STORE_REVOKE_PUBLIC_KEY                  131
-# define STORE_F_STORE_STORE_ARBITRARY                    157
-# define STORE_F_STORE_STORE_CERTIFICATE                  100
-# define STORE_F_STORE_STORE_CRL                          101
-# define STORE_F_STORE_STORE_NUMBER                       126
-# define STORE_F_STORE_STORE_PRIVATE_KEY                  127
-# define STORE_F_STORE_STORE_PUBLIC_KEY                   128
-
-/* Reason codes. */
-# define STORE_R_ALREADY_HAS_A_VALUE                      127
-# define STORE_R_FAILED_DELETING_ARBITRARY                132
-# define STORE_R_FAILED_DELETING_CERTIFICATE              100
-# define STORE_R_FAILED_DELETING_KEY                      101
-# define STORE_R_FAILED_DELETING_NUMBER                   102
-# define STORE_R_FAILED_GENERATING_CRL                    103
-# define STORE_R_FAILED_GENERATING_KEY                    104
-# define STORE_R_FAILED_GETTING_ARBITRARY                 133
-# define STORE_R_FAILED_GETTING_CERTIFICATE               105
-# define STORE_R_FAILED_GETTING_KEY                       106
-# define STORE_R_FAILED_GETTING_NUMBER                    107
-# define STORE_R_FAILED_LISTING_CERTIFICATES              108
-# define STORE_R_FAILED_LISTING_KEYS                      109
-# define STORE_R_FAILED_MODIFYING_ARBITRARY               138
-# define STORE_R_FAILED_MODIFYING_CERTIFICATE             139
-# define STORE_R_FAILED_MODIFYING_CRL                     140
-# define STORE_R_FAILED_MODIFYING_NUMBER                  141
-# define STORE_R_FAILED_MODIFYING_PRIVATE_KEY             142
-# define STORE_R_FAILED_MODIFYING_PUBLIC_KEY              143
-# define STORE_R_FAILED_REVOKING_CERTIFICATE              110
-# define STORE_R_FAILED_REVOKING_KEY                      111
-# define STORE_R_FAILED_STORING_ARBITRARY                 134
-# define STORE_R_FAILED_STORING_CERTIFICATE               112
-# define STORE_R_FAILED_STORING_KEY                       113
-# define STORE_R_FAILED_STORING_NUMBER                    114
-# define STORE_R_NOT_IMPLEMENTED                          128
-# define STORE_R_NO_CONTROL_FUNCTION                      144
-# define STORE_R_NO_DELETE_ARBITRARY_FUNCTION             135
-# define STORE_R_NO_DELETE_NUMBER_FUNCTION                115
-# define STORE_R_NO_DELETE_OBJECT_FUNCTION                116
-# define STORE_R_NO_GENERATE_CRL_FUNCTION                 117
-# define STORE_R_NO_GENERATE_OBJECT_FUNCTION              118
-# define STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION         136
-# define STORE_R_NO_GET_OBJECT_FUNCTION                   119
-# define STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION            120
-# define STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION             131
-# define STORE_R_NO_LIST_OBJECT_END_FUNCTION              121
-# define STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION             122
-# define STORE_R_NO_LIST_OBJECT_START_FUNCTION            123
-# define STORE_R_NO_MODIFY_OBJECT_FUNCTION                145
-# define STORE_R_NO_REVOKE_OBJECT_FUNCTION                124
-# define STORE_R_NO_STORE                                 129
-# define STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION       137
-# define STORE_R_NO_STORE_OBJECT_FUNCTION                 125
-# define STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION          126
-# define STORE_R_NO_VALUE                                 130
-
-#ifdef  __cplusplus
-}
-#endif
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/store/store.h (from rev 11605, vendor-crypto/openssl/dist/crypto/store/store.h)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/store/store.h	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/store/store.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,658 @@
+/* crypto/store/store.h */
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_STORE_H
+# define HEADER_STORE_H
+
+# include <openssl/opensslconf.h>
+
+# ifdef OPENSSL_NO_STORE
+#  error STORE is disabled.
+# endif
+
+# include <openssl/ossl_typ.h>
+# ifndef OPENSSL_NO_DEPRECATED
+#  include <openssl/evp.h>
+#  include <openssl/bn.h>
+#  include <openssl/x509.h>
+# endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Already defined in ossl_typ.h */
+/* typedef struct store_st STORE; */
+/* typedef struct store_method_st STORE_METHOD; */
+
+/*
+ * All the following functions return 0, a negative number or NULL on error.
+ * When everything is fine, they return a positive value or a non-NULL
+ * pointer, all depending on their purpose.
+ */
+
+/* Creators and destructor.   */
+STORE *STORE_new_method(const STORE_METHOD *method);
+STORE *STORE_new_engine(ENGINE *engine);
+void STORE_free(STORE *ui);
+
+/*
+ * Give a user interface parametrised control commands.  This can be used to
+ * send down an integer, a data pointer or a function pointer, as well as be
+ * used to get information from a STORE.
+ */
+int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f) (void));
+
+/*
+ * A control to set the directory with keys and certificates.  Used by the
+ * built-in directory level method.
+ */
+# define STORE_CTRL_SET_DIRECTORY        0x0001
+/*
+ * A control to set a file to load.  Used by the built-in file level method.
+ */
+# define STORE_CTRL_SET_FILE             0x0002
+/*
+ * A control to set a configuration file to load.  Can be used by any method
+ * that wishes to load a configuration file.
+ */
+# define STORE_CTRL_SET_CONF_FILE        0x0003
+/*
+ * A control to set a the section of the loaded configuration file.  Can be
+ * used by any method that wishes to load a configuration file.
+ */
+# define STORE_CTRL_SET_CONF_SECTION     0x0004
+
+/* Some methods may use extra data */
+# define STORE_set_app_data(s,arg)       STORE_set_ex_data(s,0,arg)
+# define STORE_get_app_data(s)           STORE_get_ex_data(s,0)
+int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+                           CRYPTO_EX_dup *dup_func,
+                           CRYPTO_EX_free *free_func);
+int STORE_set_ex_data(STORE *r, int idx, void *arg);
+void *STORE_get_ex_data(STORE *r, int idx);
+
+/* Use specific methods instead of the built-in one */
+const STORE_METHOD *STORE_get_method(STORE *store);
+const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth);
+
+/* The standard OpenSSL methods. */
+/*
+ * This is the in-memory method.  It does everything except revoking and
+ * updating, and is of course volatile.  It's used by other methods that have
+ * an in-memory cache.
+ */
+const STORE_METHOD *STORE_Memory(void);
+# if 0                          /* Not yet implemented */
+/*
+ * This is the directory store.  It does everything except revoking and
+ * updating, and uses STORE_Memory() to cache things in memory.
+ */
+const STORE_METHOD *STORE_Directory(void);
+/*
+ * This is the file store.  It does everything except revoking and updating,
+ * and uses STORE_Memory() to cache things in memory.  Certificates are added
+ * to it with the store operation, and it will only get cached certificates.
+ */
+const STORE_METHOD *STORE_File(void);
+# endif
+
+/*
+ * Store functions take a type code for the type of data they should store or
+ * fetch
+ */
+typedef enum STORE_object_types {
+    STORE_OBJECT_TYPE_X509_CERTIFICATE = 0x01, /* X509 * */
+    STORE_OBJECT_TYPE_X509_CRL = 0x02, /* X509_CRL * */
+    STORE_OBJECT_TYPE_PRIVATE_KEY = 0x03, /* EVP_PKEY * */
+    STORE_OBJECT_TYPE_PUBLIC_KEY = 0x04, /* EVP_PKEY * */
+    STORE_OBJECT_TYPE_NUMBER = 0x05, /* BIGNUM * */
+    STORE_OBJECT_TYPE_ARBITRARY = 0x06, /* BUF_MEM * */
+    STORE_OBJECT_TYPE_NUM = 0x06 /* The amount of known object types */
+} STORE_OBJECT_TYPES;
+/* List of text strings corresponding to the object types. */
+extern const char *const STORE_object_type_string[STORE_OBJECT_TYPE_NUM + 1];
+
+/*
+ * Some store functions take a parameter list.  Those parameters come with
+ * one of the following codes. The comments following the codes below
+ * indicate what type the value should be a pointer to.
+ */
+typedef enum STORE_params {
+    STORE_PARAM_EVP_TYPE = 0x01, /* int */
+    STORE_PARAM_BITS = 0x02,    /* size_t */
+    STORE_PARAM_KEY_PARAMETERS = 0x03, /* ??? */
+    STORE_PARAM_KEY_NO_PARAMETERS = 0x04, /* N/A */
+    STORE_PARAM_AUTH_PASSPHRASE = 0x05, /* char * */
+    STORE_PARAM_AUTH_KRB5_TICKET = 0x06, /* void * */
+    STORE_PARAM_TYPE_NUM = 0x06 /* The amount of known parameter types */
+} STORE_PARAM_TYPES;
+/*
+ * Parameter value sizes.  -1 means unknown, anything else is the required
+ * size.
+ */
+extern const int STORE_param_sizes[STORE_PARAM_TYPE_NUM + 1];
+
+/*
+ * Store functions take attribute lists.  Those attributes come with codes.
+ * The comments following the codes below indicate what type the value should
+ * be a pointer to.
+ */
+typedef enum STORE_attribs {
+    STORE_ATTR_END = 0x00,
+    STORE_ATTR_FRIENDLYNAME = 0x01, /* C string */
+    STORE_ATTR_KEYID = 0x02,    /* 160 bit string (SHA1) */
+    STORE_ATTR_ISSUERKEYID = 0x03, /* 160 bit string (SHA1) */
+    STORE_ATTR_SUBJECTKEYID = 0x04, /* 160 bit string (SHA1) */
+    STORE_ATTR_ISSUERSERIALHASH = 0x05, /* 160 bit string (SHA1) */
+    STORE_ATTR_ISSUER = 0x06,   /* X509_NAME * */
+    STORE_ATTR_SERIAL = 0x07,   /* BIGNUM * */
+    STORE_ATTR_SUBJECT = 0x08,  /* X509_NAME * */
+    STORE_ATTR_CERTHASH = 0x09, /* 160 bit string (SHA1) */
+    STORE_ATTR_EMAIL = 0x0a,    /* C string */
+    STORE_ATTR_FILENAME = 0x0b, /* C string */
+    STORE_ATTR_TYPE_NUM = 0x0b, /* The amount of known attribute types */
+    STORE_ATTR_OR = 0xff        /* This is a special separator, which
+                                 * expresses the OR operation.  */
+} STORE_ATTR_TYPES;
+/*
+ * Attribute value sizes.  -1 means unknown, anything else is the required
+ * size.
+ */
+extern const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM + 1];
+
+typedef enum STORE_certificate_status {
+    STORE_X509_VALID = 0x00,
+    STORE_X509_EXPIRED = 0x01,
+    STORE_X509_SUSPENDED = 0x02,
+    STORE_X509_REVOKED = 0x03
+} STORE_CERTIFICATE_STATUS;
+
+/*
+ * Engine store functions will return a structure that contains all the
+ * necessary information, including revokation status for certificates.  This
+ * is really not needed for application authors, as the ENGINE framework
+ * functions will extract the OpenSSL-specific information when at all
+ * possible.  However, for engine authors, it's crucial to know this
+ * structure.
+ */
+typedef struct STORE_OBJECT_st {
+    STORE_OBJECT_TYPES type;
+    union {
+        struct {
+            STORE_CERTIFICATE_STATUS status;
+            X509 *certificate;
+        } x509;
+        X509_CRL *crl;
+        EVP_PKEY *key;
+        BIGNUM *number;
+        BUF_MEM *arbitrary;
+    } data;
+} STORE_OBJECT;
+DECLARE_STACK_OF(STORE_OBJECT)
+STORE_OBJECT *STORE_OBJECT_new(void);
+void STORE_OBJECT_free(STORE_OBJECT *data);
+
+/*
+ * The following functions handle the storage. They return 0, a negative
+ * number or NULL on error, anything else on success.
+ */
+X509 *STORE_get_certificate(STORE *e, OPENSSL_ITEM attributes[],
+                            OPENSSL_ITEM parameters[]);
+int STORE_store_certificate(STORE *e, X509 *data, OPENSSL_ITEM attributes[],
+                            OPENSSL_ITEM parameters[]);
+int STORE_modify_certificate(STORE *e, OPENSSL_ITEM search_attributes[],
+                             OPENSSL_ITEM add_attributes[],
+                             OPENSSL_ITEM modify_attributes[],
+                             OPENSSL_ITEM delete_attributes[],
+                             OPENSSL_ITEM parameters[]);
+int STORE_revoke_certificate(STORE *e, OPENSSL_ITEM attributes[],
+                             OPENSSL_ITEM parameters[]);
+int STORE_delete_certificate(STORE *e, OPENSSL_ITEM attributes[],
+                             OPENSSL_ITEM parameters[]);
+void *STORE_list_certificate_start(STORE *e, OPENSSL_ITEM attributes[],
+                                   OPENSSL_ITEM parameters[]);
+X509 *STORE_list_certificate_next(STORE *e, void *handle);
+int STORE_list_certificate_end(STORE *e, void *handle);
+int STORE_list_certificate_endp(STORE *e, void *handle);
+EVP_PKEY *STORE_generate_key(STORE *e, OPENSSL_ITEM attributes[],
+                             OPENSSL_ITEM parameters[]);
+EVP_PKEY *STORE_get_private_key(STORE *e, OPENSSL_ITEM attributes[],
+                                OPENSSL_ITEM parameters[]);
+int STORE_store_private_key(STORE *e, EVP_PKEY *data,
+                            OPENSSL_ITEM attributes[],
+                            OPENSSL_ITEM parameters[]);
+int STORE_modify_private_key(STORE *e, OPENSSL_ITEM search_attributes[],
+                             OPENSSL_ITEM add_sttributes[],
+                             OPENSSL_ITEM modify_attributes[],
+                             OPENSSL_ITEM delete_attributes[],
+                             OPENSSL_ITEM parameters[]);
+int STORE_revoke_private_key(STORE *e, OPENSSL_ITEM attributes[],
+                             OPENSSL_ITEM parameters[]);
+int STORE_delete_private_key(STORE *e, OPENSSL_ITEM attributes[],
+                             OPENSSL_ITEM parameters[]);
+void *STORE_list_private_key_start(STORE *e, OPENSSL_ITEM attributes[],
+                                   OPENSSL_ITEM parameters[]);
+EVP_PKEY *STORE_list_private_key_next(STORE *e, void *handle);
+int STORE_list_private_key_end(STORE *e, void *handle);
+int STORE_list_private_key_endp(STORE *e, void *handle);
+EVP_PKEY *STORE_get_public_key(STORE *e, OPENSSL_ITEM attributes[],
+                               OPENSSL_ITEM parameters[]);
+int STORE_store_public_key(STORE *e, EVP_PKEY *data,
+                           OPENSSL_ITEM attributes[],
+                           OPENSSL_ITEM parameters[]);
+int STORE_modify_public_key(STORE *e, OPENSSL_ITEM search_attributes[],
+                            OPENSSL_ITEM add_sttributes[],
+                            OPENSSL_ITEM modify_attributes[],
+                            OPENSSL_ITEM delete_attributes[],
+                            OPENSSL_ITEM parameters[]);
+int STORE_revoke_public_key(STORE *e, OPENSSL_ITEM attributes[],
+                            OPENSSL_ITEM parameters[]);
+int STORE_delete_public_key(STORE *e, OPENSSL_ITEM attributes[],
+                            OPENSSL_ITEM parameters[]);
+void *STORE_list_public_key_start(STORE *e, OPENSSL_ITEM attributes[],
+                                  OPENSSL_ITEM parameters[]);
+EVP_PKEY *STORE_list_public_key_next(STORE *e, void *handle);
+int STORE_list_public_key_end(STORE *e, void *handle);
+int STORE_list_public_key_endp(STORE *e, void *handle);
+X509_CRL *STORE_generate_crl(STORE *e, OPENSSL_ITEM attributes[],
+                             OPENSSL_ITEM parameters[]);
+X509_CRL *STORE_get_crl(STORE *e, OPENSSL_ITEM attributes[],
+                        OPENSSL_ITEM parameters[]);
+int STORE_store_crl(STORE *e, X509_CRL *data, OPENSSL_ITEM attributes[],
+                    OPENSSL_ITEM parameters[]);
+int STORE_modify_crl(STORE *e, OPENSSL_ITEM search_attributes[],
+                     OPENSSL_ITEM add_sttributes[],
+                     OPENSSL_ITEM modify_attributes[],
+                     OPENSSL_ITEM delete_attributes[],
+                     OPENSSL_ITEM parameters[]);
+int STORE_delete_crl(STORE *e, OPENSSL_ITEM attributes[],
+                     OPENSSL_ITEM parameters[]);
+void *STORE_list_crl_start(STORE *e, OPENSSL_ITEM attributes[],
+                           OPENSSL_ITEM parameters[]);
+X509_CRL *STORE_list_crl_next(STORE *e, void *handle);
+int STORE_list_crl_end(STORE *e, void *handle);
+int STORE_list_crl_endp(STORE *e, void *handle);
+int STORE_store_number(STORE *e, BIGNUM *data, OPENSSL_ITEM attributes[],
+                       OPENSSL_ITEM parameters[]);
+int STORE_modify_number(STORE *e, OPENSSL_ITEM search_attributes[],
+                        OPENSSL_ITEM add_sttributes[],
+                        OPENSSL_ITEM modify_attributes[],
+                        OPENSSL_ITEM delete_attributes[],
+                        OPENSSL_ITEM parameters[]);
+BIGNUM *STORE_get_number(STORE *e, OPENSSL_ITEM attributes[],
+                         OPENSSL_ITEM parameters[]);
+int STORE_delete_number(STORE *e, OPENSSL_ITEM attributes[],
+                        OPENSSL_ITEM parameters[]);
+int STORE_store_arbitrary(STORE *e, BUF_MEM *data, OPENSSL_ITEM attributes[],
+                          OPENSSL_ITEM parameters[]);
+int STORE_modify_arbitrary(STORE *e, OPENSSL_ITEM search_attributes[],
+                           OPENSSL_ITEM add_sttributes[],
+                           OPENSSL_ITEM modify_attributes[],
+                           OPENSSL_ITEM delete_attributes[],
+                           OPENSSL_ITEM parameters[]);
+BUF_MEM *STORE_get_arbitrary(STORE *e, OPENSSL_ITEM attributes[],
+                             OPENSSL_ITEM parameters[]);
+int STORE_delete_arbitrary(STORE *e, OPENSSL_ITEM attributes[],
+                           OPENSSL_ITEM parameters[]);
+
+/* Create and manipulate methods */
+STORE_METHOD *STORE_create_method(char *name);
+void STORE_destroy_method(STORE_METHOD *store_method);
+
+/* These callback types are use for store handlers */
+typedef int (*STORE_INITIALISE_FUNC_PTR) (STORE *);
+typedef void (*STORE_CLEANUP_FUNC_PTR) (STORE *);
+typedef STORE_OBJECT *(*STORE_GENERATE_OBJECT_FUNC_PTR)(STORE *,
+                                                        STORE_OBJECT_TYPES
+                                                        type,
+                                                        OPENSSL_ITEM
+                                                        attributes[],
+                                                        OPENSSL_ITEM
+                                                        parameters[]);
+typedef STORE_OBJECT *(*STORE_GET_OBJECT_FUNC_PTR)(STORE *,
+                                                   STORE_OBJECT_TYPES type,
+                                                   OPENSSL_ITEM attributes[],
+                                                   OPENSSL_ITEM parameters[]);
+typedef void *(*STORE_START_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type,
+                                             OPENSSL_ITEM attributes[],
+                                             OPENSSL_ITEM parameters[]);
+typedef STORE_OBJECT *(*STORE_NEXT_OBJECT_FUNC_PTR)(STORE *, void *handle);
+typedef int (*STORE_END_OBJECT_FUNC_PTR) (STORE *, void *handle);
+typedef int (*STORE_HANDLE_OBJECT_FUNC_PTR) (STORE *, STORE_OBJECT_TYPES type,
+                                             OPENSSL_ITEM attributes[],
+                                             OPENSSL_ITEM parameters[]);
+typedef int (*STORE_STORE_OBJECT_FUNC_PTR) (STORE *, STORE_OBJECT_TYPES type,
+                                            STORE_OBJECT *data,
+                                            OPENSSL_ITEM attributes[],
+                                            OPENSSL_ITEM parameters[]);
+typedef int (*STORE_MODIFY_OBJECT_FUNC_PTR) (STORE *, STORE_OBJECT_TYPES type,
+                                             OPENSSL_ITEM search_attributes[],
+                                             OPENSSL_ITEM add_attributes[],
+                                             OPENSSL_ITEM modify_attributes[],
+                                             OPENSSL_ITEM delete_attributes[],
+                                             OPENSSL_ITEM parameters[]);
+typedef int (*STORE_GENERIC_FUNC_PTR) (STORE *, OPENSSL_ITEM attributes[],
+                                       OPENSSL_ITEM parameters[]);
+typedef int (*STORE_CTRL_FUNC_PTR) (STORE *, int cmd, long l, void *p,
+                                    void (*f) (void));
+
+int STORE_method_set_initialise_function(STORE_METHOD *sm,
+                                         STORE_INITIALISE_FUNC_PTR init_f);
+int STORE_method_set_cleanup_function(STORE_METHOD *sm,
+                                      STORE_CLEANUP_FUNC_PTR clean_f);
+int STORE_method_set_generate_function(STORE_METHOD *sm,
+                                       STORE_GENERATE_OBJECT_FUNC_PTR
+                                       generate_f);
+int STORE_method_set_get_function(STORE_METHOD *sm,
+                                  STORE_GET_OBJECT_FUNC_PTR get_f);
+int STORE_method_set_store_function(STORE_METHOD *sm,
+                                    STORE_STORE_OBJECT_FUNC_PTR store_f);
+int STORE_method_set_modify_function(STORE_METHOD *sm,
+                                     STORE_MODIFY_OBJECT_FUNC_PTR store_f);
+int STORE_method_set_revoke_function(STORE_METHOD *sm,
+                                     STORE_HANDLE_OBJECT_FUNC_PTR revoke_f);
+int STORE_method_set_delete_function(STORE_METHOD *sm,
+                                     STORE_HANDLE_OBJECT_FUNC_PTR delete_f);
+int STORE_method_set_list_start_function(STORE_METHOD *sm,
+                                         STORE_START_OBJECT_FUNC_PTR
+                                         list_start_f);
+int STORE_method_set_list_next_function(STORE_METHOD *sm,
+                                        STORE_NEXT_OBJECT_FUNC_PTR
+                                        list_next_f);
+int STORE_method_set_list_end_function(STORE_METHOD *sm,
+                                       STORE_END_OBJECT_FUNC_PTR list_end_f);
+int STORE_method_set_update_store_function(STORE_METHOD *sm,
+                                           STORE_GENERIC_FUNC_PTR);
+int STORE_method_set_lock_store_function(STORE_METHOD *sm,
+                                         STORE_GENERIC_FUNC_PTR);
+int STORE_method_set_unlock_store_function(STORE_METHOD *sm,
+                                           STORE_GENERIC_FUNC_PTR);
+int STORE_method_set_ctrl_function(STORE_METHOD *sm,
+                                   STORE_CTRL_FUNC_PTR ctrl_f);
+
+STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD
+                                                               *sm);
+STORE_CLEANUP_FUNC_PTR STORE_method_get_cleanup_function(STORE_METHOD *sm);
+STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD
+                                                                  *sm);
+STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm);
+STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm);
+STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD
+                                                              *sm);
+STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD
+                                                              *sm);
+STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD
+                                                              *sm);
+STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD
+                                                                 *sm);
+STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD
+                                                               *sm);
+STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD
+                                                             *sm);
+STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD
+                                                              *sm);
+STORE_GENERIC_FUNC_PTR STORE_method_get_lock_store_function(STORE_METHOD *sm);
+STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD
+                                                              *sm);
+STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm);
+
+/* Method helper structures and functions. */
+
+/*
+ * This structure is the result of parsing through the information in a list
+ * of OPENSSL_ITEMs.  It stores all the necessary information in a structured
+ * way.
+ */
+typedef struct STORE_attr_info_st STORE_ATTR_INFO;
+
+/*
+ * Parse a list of OPENSSL_ITEMs and return a pointer to a STORE_ATTR_INFO.
+ * Note that we do this in the list form, since the list of OPENSSL_ITEMs can
+ * come in blocks separated with STORE_ATTR_OR.  Note that the value returned
+ * by STORE_parse_attrs_next() must be freed with STORE_ATTR_INFO_free().
+ */
+void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes);
+STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle);
+int STORE_parse_attrs_end(void *handle);
+int STORE_parse_attrs_endp(void *handle);
+
+/* Creator and destructor */
+STORE_ATTR_INFO *STORE_ATTR_INFO_new(void);
+int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs);
+
+/* Manipulators */
+char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs,
+                                STORE_ATTR_TYPES code);
+unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs,
+                                            STORE_ATTR_TYPES code);
+X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs,
+                                   STORE_ATTR_TYPES code);
+BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs,
+                                    STORE_ATTR_TYPES code);
+int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+                             char *cstr, size_t cstr_size);
+int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+                                unsigned char *sha1str, size_t sha1str_size);
+int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+                           X509_NAME *dn);
+int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+                               BIGNUM *number);
+int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+                                char *cstr, size_t cstr_size);
+int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs,
+                                   STORE_ATTR_TYPES code,
+                                   unsigned char *sha1str,
+                                   size_t sha1str_size);
+int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+                              X509_NAME *dn);
+int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs,
+                                  STORE_ATTR_TYPES code, BIGNUM *number);
+
+/*
+ * Compare on basis of a bit pattern formed by the STORE_ATTR_TYPES values in
+ * each contained attribute.
+ */
+int STORE_ATTR_INFO_compare(const STORE_ATTR_INFO *const *a,
+                            const STORE_ATTR_INFO *const *b);
+/*
+ * Check if the set of attributes in a is within the range of attributes set
+ * in b.
+ */
+int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);
+/* Check if the set of attributes in a are also set in b. */
+int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);
+/* Same as STORE_ATTR_INFO_in(), but also checks the attribute values. */
+int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_STORE_strings(void);
+
+/* Error codes for the STORE functions. */
+
+/* Function codes. */
+# define STORE_F_MEM_DELETE                               134
+# define STORE_F_MEM_GENERATE                             135
+# define STORE_F_MEM_LIST_END                             168
+# define STORE_F_MEM_LIST_NEXT                            136
+# define STORE_F_MEM_LIST_START                           137
+# define STORE_F_MEM_MODIFY                               169
+# define STORE_F_MEM_STORE                                138
+# define STORE_F_STORE_ATTR_INFO_GET0_CSTR                139
+# define STORE_F_STORE_ATTR_INFO_GET0_DN                  140
+# define STORE_F_STORE_ATTR_INFO_GET0_NUMBER              141
+# define STORE_F_STORE_ATTR_INFO_GET0_SHA1STR             142
+# define STORE_F_STORE_ATTR_INFO_MODIFY_CSTR              143
+# define STORE_F_STORE_ATTR_INFO_MODIFY_DN                144
+# define STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER            145
+# define STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR           146
+# define STORE_F_STORE_ATTR_INFO_SET_CSTR                 147
+# define STORE_F_STORE_ATTR_INFO_SET_DN                   148
+# define STORE_F_STORE_ATTR_INFO_SET_NUMBER               149
+# define STORE_F_STORE_ATTR_INFO_SET_SHA1STR              150
+# define STORE_F_STORE_CERTIFICATE                        170
+# define STORE_F_STORE_CTRL                               161
+# define STORE_F_STORE_DELETE_ARBITRARY                   158
+# define STORE_F_STORE_DELETE_CERTIFICATE                 102
+# define STORE_F_STORE_DELETE_CRL                         103
+# define STORE_F_STORE_DELETE_NUMBER                      104
+# define STORE_F_STORE_DELETE_PRIVATE_KEY                 105
+# define STORE_F_STORE_DELETE_PUBLIC_KEY                  106
+# define STORE_F_STORE_GENERATE_CRL                       107
+# define STORE_F_STORE_GENERATE_KEY                       108
+# define STORE_F_STORE_GET_ARBITRARY                      159
+# define STORE_F_STORE_GET_CERTIFICATE                    109
+# define STORE_F_STORE_GET_CRL                            110
+# define STORE_F_STORE_GET_NUMBER                         111
+# define STORE_F_STORE_GET_PRIVATE_KEY                    112
+# define STORE_F_STORE_GET_PUBLIC_KEY                     113
+# define STORE_F_STORE_LIST_CERTIFICATE_END               114
+# define STORE_F_STORE_LIST_CERTIFICATE_ENDP              153
+# define STORE_F_STORE_LIST_CERTIFICATE_NEXT              115
+# define STORE_F_STORE_LIST_CERTIFICATE_START             116
+# define STORE_F_STORE_LIST_CRL_END                       117
+# define STORE_F_STORE_LIST_CRL_ENDP                      154
+# define STORE_F_STORE_LIST_CRL_NEXT                      118
+# define STORE_F_STORE_LIST_CRL_START                     119
+# define STORE_F_STORE_LIST_PRIVATE_KEY_END               120
+# define STORE_F_STORE_LIST_PRIVATE_KEY_ENDP              155
+# define STORE_F_STORE_LIST_PRIVATE_KEY_NEXT              121
+# define STORE_F_STORE_LIST_PRIVATE_KEY_START             122
+# define STORE_F_STORE_LIST_PUBLIC_KEY_END                123
+# define STORE_F_STORE_LIST_PUBLIC_KEY_ENDP               156
+# define STORE_F_STORE_LIST_PUBLIC_KEY_NEXT               124
+# define STORE_F_STORE_LIST_PUBLIC_KEY_START              125
+# define STORE_F_STORE_MODIFY_ARBITRARY                   162
+# define STORE_F_STORE_MODIFY_CERTIFICATE                 163
+# define STORE_F_STORE_MODIFY_CRL                         164
+# define STORE_F_STORE_MODIFY_NUMBER                      165
+# define STORE_F_STORE_MODIFY_PRIVATE_KEY                 166
+# define STORE_F_STORE_MODIFY_PUBLIC_KEY                  167
+# define STORE_F_STORE_NEW_ENGINE                         133
+# define STORE_F_STORE_NEW_METHOD                         132
+# define STORE_F_STORE_PARSE_ATTRS_END                    151
+# define STORE_F_STORE_PARSE_ATTRS_ENDP                   172
+# define STORE_F_STORE_PARSE_ATTRS_NEXT                   152
+# define STORE_F_STORE_PARSE_ATTRS_START                  171
+# define STORE_F_STORE_REVOKE_CERTIFICATE                 129
+# define STORE_F_STORE_REVOKE_PRIVATE_KEY                 130
+# define STORE_F_STORE_REVOKE_PUBLIC_KEY                  131
+# define STORE_F_STORE_STORE_ARBITRARY                    157
+# define STORE_F_STORE_STORE_CERTIFICATE                  100
+# define STORE_F_STORE_STORE_CRL                          101
+# define STORE_F_STORE_STORE_NUMBER                       126
+# define STORE_F_STORE_STORE_PRIVATE_KEY                  127
+# define STORE_F_STORE_STORE_PUBLIC_KEY                   128
+
+/* Reason codes. */
+# define STORE_R_ALREADY_HAS_A_VALUE                      127
+# define STORE_R_FAILED_DELETING_ARBITRARY                132
+# define STORE_R_FAILED_DELETING_CERTIFICATE              100
+# define STORE_R_FAILED_DELETING_KEY                      101
+# define STORE_R_FAILED_DELETING_NUMBER                   102
+# define STORE_R_FAILED_GENERATING_CRL                    103
+# define STORE_R_FAILED_GENERATING_KEY                    104
+# define STORE_R_FAILED_GETTING_ARBITRARY                 133
+# define STORE_R_FAILED_GETTING_CERTIFICATE               105
+# define STORE_R_FAILED_GETTING_KEY                       106
+# define STORE_R_FAILED_GETTING_NUMBER                    107
+# define STORE_R_FAILED_LISTING_CERTIFICATES              108
+# define STORE_R_FAILED_LISTING_KEYS                      109
+# define STORE_R_FAILED_MODIFYING_ARBITRARY               138
+# define STORE_R_FAILED_MODIFYING_CERTIFICATE             139
+# define STORE_R_FAILED_MODIFYING_CRL                     140
+# define STORE_R_FAILED_MODIFYING_NUMBER                  141
+# define STORE_R_FAILED_MODIFYING_PRIVATE_KEY             142
+# define STORE_R_FAILED_MODIFYING_PUBLIC_KEY              143
+# define STORE_R_FAILED_REVOKING_CERTIFICATE              110
+# define STORE_R_FAILED_REVOKING_KEY                      111
+# define STORE_R_FAILED_STORING_ARBITRARY                 134
+# define STORE_R_FAILED_STORING_CERTIFICATE               112
+# define STORE_R_FAILED_STORING_KEY                       113
+# define STORE_R_FAILED_STORING_NUMBER                    114
+# define STORE_R_NOT_IMPLEMENTED                          128
+# define STORE_R_NO_CONTROL_FUNCTION                      144
+# define STORE_R_NO_DELETE_ARBITRARY_FUNCTION             135
+# define STORE_R_NO_DELETE_NUMBER_FUNCTION                115
+# define STORE_R_NO_DELETE_OBJECT_FUNCTION                116
+# define STORE_R_NO_GENERATE_CRL_FUNCTION                 117
+# define STORE_R_NO_GENERATE_OBJECT_FUNCTION              118
+# define STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION         136
+# define STORE_R_NO_GET_OBJECT_FUNCTION                   119
+# define STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION            120
+# define STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION             131
+# define STORE_R_NO_LIST_OBJECT_END_FUNCTION              121
+# define STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION             122
+# define STORE_R_NO_LIST_OBJECT_START_FUNCTION            123
+# define STORE_R_NO_MODIFY_OBJECT_FUNCTION                145
+# define STORE_R_NO_REVOKE_OBJECT_FUNCTION                124
+# define STORE_R_NO_STORE                                 129
+# define STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION       137
+# define STORE_R_NO_STORE_OBJECT_FUNCTION                 125
+# define STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION          126
+# define STORE_R_NO_VALUE                                 130
+
+#ifdef  __cplusplus
+}
+#endif
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/store/str_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/store/str_lib.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/store/str_lib.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,1772 +0,0 @@
-/* crypto/store/str_lib.c -*- mode:C; c-file-style: "eay" -*- */
-/*
- * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
- * 2003.
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include <openssl/bn.h>
-#include <openssl/err.h>
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
-#include <openssl/sha.h>
-#include <openssl/x509.h>
-#include "str_locl.h"
-
-const char *const STORE_object_type_string[STORE_OBJECT_TYPE_NUM + 1] = {
-    0,
-    "X.509 Certificate",
-    "X.509 CRL",
-    "Private Key",
-    "Public Key",
-    "Number",
-    "Arbitrary Data"
-};
-
-const int STORE_param_sizes[STORE_PARAM_TYPE_NUM + 1] = {
-    0,
-    sizeof(int),                /* EVP_TYPE */
-    sizeof(size_t),             /* BITS */
-    -1,                         /* KEY_PARAMETERS */
-    0                           /* KEY_NO_PARAMETERS */
-};
-
-const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM + 1] = {
-    0,
-    -1,                         /* FRIENDLYNAME: C string */
-    SHA_DIGEST_LENGTH,          /* KEYID: SHA1 digest, 160 bits */
-    SHA_DIGEST_LENGTH,          /* ISSUERKEYID: SHA1 digest, 160 bits */
-    SHA_DIGEST_LENGTH,          /* SUBJECTKEYID: SHA1 digest, 160 bits */
-    SHA_DIGEST_LENGTH,          /* ISSUERSERIALHASH: SHA1 digest, 160 bits */
-    sizeof(X509_NAME *),        /* ISSUER: X509_NAME * */
-    sizeof(BIGNUM *),           /* SERIAL: BIGNUM * */
-    sizeof(X509_NAME *),        /* SUBJECT: X509_NAME * */
-    SHA_DIGEST_LENGTH,          /* CERTHASH: SHA1 digest, 160 bits */
-    -1,                         /* EMAIL: C string */
-    -1,                         /* FILENAME: C string */
-};
-
-STORE *STORE_new_method(const STORE_METHOD *method)
-{
-    STORE *ret;
-
-    if (method == NULL) {
-        STOREerr(STORE_F_STORE_NEW_METHOD, ERR_R_PASSED_NULL_PARAMETER);
-        return NULL;
-    }
-
-    ret = (STORE *)OPENSSL_malloc(sizeof(STORE));
-    if (ret == NULL) {
-        STOREerr(STORE_F_STORE_NEW_METHOD, ERR_R_MALLOC_FAILURE);
-        return NULL;
-    }
-
-    ret->meth = method;
-
-    CRYPTO_new_ex_data(CRYPTO_EX_INDEX_STORE, ret, &ret->ex_data);
-    if (ret->meth->init && !ret->meth->init(ret)) {
-        STORE_free(ret);
-        ret = NULL;
-    }
-    return ret;
-}
-
-STORE *STORE_new_engine(ENGINE *engine)
-{
-    STORE *ret = NULL;
-    ENGINE *e = engine;
-    const STORE_METHOD *meth = 0;
-
-#ifdef OPENSSL_NO_ENGINE
-    e = NULL;
-#else
-    if (engine) {
-        if (!ENGINE_init(engine)) {
-            STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_ENGINE_LIB);
-            return NULL;
-        }
-        e = engine;
-    } else {
-        STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_PASSED_NULL_PARAMETER);
-        return NULL;
-    }
-    if (e) {
-        meth = ENGINE_get_STORE(e);
-        if (!meth) {
-            STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_ENGINE_LIB);
-            ENGINE_finish(e);
-            return NULL;
-        }
-    }
-#endif
-
-    ret = STORE_new_method(meth);
-    if (ret == NULL) {
-        STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_STORE_LIB);
-        return NULL;
-    }
-
-    ret->engine = e;
-
-    return (ret);
-}
-
-void STORE_free(STORE *store)
-{
-    if (store == NULL)
-        return;
-    if (store->meth->clean)
-        store->meth->clean(store);
-    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_STORE, store, &store->ex_data);
-    OPENSSL_free(store);
-}
-
-int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f) (void))
-{
-    if (store == NULL) {
-        STOREerr(STORE_F_STORE_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-        return 0;
-    }
-    if (store->meth->ctrl)
-        return store->meth->ctrl(store, cmd, i, p, f);
-    STOREerr(STORE_F_STORE_CTRL, STORE_R_NO_CONTROL_FUNCTION);
-    return 0;
-}
-
-int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-                           CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-{
-    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_STORE, argl, argp,
-                                   new_func, dup_func, free_func);
-}
-
-int STORE_set_ex_data(STORE *r, int idx, void *arg)
-{
-    return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
-}
-
-void *STORE_get_ex_data(STORE *r, int idx)
-{
-    return (CRYPTO_get_ex_data(&r->ex_data, idx));
-}
-
-const STORE_METHOD *STORE_get_method(STORE *store)
-{
-    return store->meth;
-}
-
-const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth)
-{
-    store->meth = meth;
-    return store->meth;
-}
-
-/* API helpers */
-
-#define check_store(s,fncode,fnname,fnerrcode) \
-        do \
-                { \
-                if ((s) == NULL || (s)->meth == NULL) \
-                        { \
-                        STOREerr((fncode), ERR_R_PASSED_NULL_PARAMETER); \
-                        return 0; \
-                        } \
-                if ((s)->meth->fnname == NULL) \
-                        { \
-                        STOREerr((fncode), (fnerrcode)); \
-                        return 0; \
-                        } \
-                } \
-        while(0)
-
-/* API functions */
-
-X509 *STORE_get_certificate(STORE *s, OPENSSL_ITEM attributes[],
-                            OPENSSL_ITEM parameters[])
-{
-    STORE_OBJECT *object;
-    X509 *x;
-
-    check_store(s, STORE_F_STORE_GET_CERTIFICATE,
-                get_object, STORE_R_NO_GET_OBJECT_FUNCTION);
-
-    object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
-                                 attributes, parameters);
-    if (!object || !object->data.x509.certificate) {
-        STOREerr(STORE_F_STORE_GET_CERTIFICATE,
-                 STORE_R_FAILED_GETTING_CERTIFICATE);
-        return 0;
-    }
-    CRYPTO_add(&object->data.x509.certificate->references, 1,
-               CRYPTO_LOCK_X509);
-#ifdef REF_PRINT
-    REF_PRINT("X509", data);
-#endif
-    x = object->data.x509.certificate;
-    STORE_OBJECT_free(object);
-    return x;
-}
-
-int STORE_store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[],
-                            OPENSSL_ITEM parameters[])
-{
-    STORE_OBJECT *object;
-    int i;
-
-    check_store(s, STORE_F_STORE_CERTIFICATE,
-                store_object, STORE_R_NO_STORE_OBJECT_FUNCTION);
-
-    object = STORE_OBJECT_new();
-    if (!object) {
-        STOREerr(STORE_F_STORE_STORE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-
-    CRYPTO_add(&data->references, 1, CRYPTO_LOCK_X509);
-#ifdef REF_PRINT
-    REF_PRINT("X509", data);
-#endif
-    object->data.x509.certificate = data;
-
-    i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
-                              object, attributes, parameters);
-
-    STORE_OBJECT_free(object);
-
-    if (!i) {
-        STOREerr(STORE_F_STORE_STORE_CERTIFICATE,
-                 STORE_R_FAILED_STORING_CERTIFICATE);
-        return 0;
-    }
-    return 1;
-}
-
-int STORE_modify_certificate(STORE *s, OPENSSL_ITEM search_attributes[],
-                             OPENSSL_ITEM add_attributes[],
-                             OPENSSL_ITEM modify_attributes[],
-                             OPENSSL_ITEM delete_attributes[],
-                             OPENSSL_ITEM parameters[])
-{
-    check_store(s, STORE_F_STORE_MODIFY_CERTIFICATE,
-                modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
-
-    if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
-                                search_attributes, add_attributes,
-                                modify_attributes, delete_attributes,
-                                parameters)) {
-        STOREerr(STORE_F_STORE_MODIFY_CERTIFICATE,
-                 STORE_R_FAILED_MODIFYING_CERTIFICATE);
-        return 0;
-    }
-    return 1;
-}
-
-int STORE_revoke_certificate(STORE *s, OPENSSL_ITEM attributes[],
-                             OPENSSL_ITEM parameters[])
-{
-    check_store(s, STORE_F_STORE_REVOKE_CERTIFICATE,
-                revoke_object, STORE_R_NO_REVOKE_OBJECT_FUNCTION);
-
-    if (!s->meth->revoke_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
-                                attributes, parameters)) {
-        STOREerr(STORE_F_STORE_REVOKE_CERTIFICATE,
-                 STORE_R_FAILED_REVOKING_CERTIFICATE);
-        return 0;
-    }
-    return 1;
-}
-
-int STORE_delete_certificate(STORE *s, OPENSSL_ITEM attributes[],
-                             OPENSSL_ITEM parameters[])
-{
-    check_store(s, STORE_F_STORE_DELETE_CERTIFICATE,
-                delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION);
-
-    if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
-                                attributes, parameters)) {
-        STOREerr(STORE_F_STORE_DELETE_CERTIFICATE,
-                 STORE_R_FAILED_DELETING_CERTIFICATE);
-        return 0;
-    }
-    return 1;
-}
-
-void *STORE_list_certificate_start(STORE *s, OPENSSL_ITEM attributes[],
-                                   OPENSSL_ITEM parameters[])
-{
-    void *handle;
-
-    check_store(s, STORE_F_STORE_LIST_CERTIFICATE_START,
-                list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION);
-
-    handle = s->meth->list_object_start(s,
-                                        STORE_OBJECT_TYPE_X509_CERTIFICATE,
-                                        attributes, parameters);
-    if (!handle) {
-        STOREerr(STORE_F_STORE_LIST_CERTIFICATE_START,
-                 STORE_R_FAILED_LISTING_CERTIFICATES);
-        return 0;
-    }
-    return handle;
-}
-
-X509 *STORE_list_certificate_next(STORE *s, void *handle)
-{
-    STORE_OBJECT *object;
-    X509 *x;
-
-    check_store(s, STORE_F_STORE_LIST_CERTIFICATE_NEXT,
-                list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
-
-    object = s->meth->list_object_next(s, handle);
-    if (!object || !object->data.x509.certificate) {
-        STOREerr(STORE_F_STORE_LIST_CERTIFICATE_NEXT,
-                 STORE_R_FAILED_LISTING_CERTIFICATES);
-        return 0;
-    }
-    CRYPTO_add(&object->data.x509.certificate->references, 1,
-               CRYPTO_LOCK_X509);
-#ifdef REF_PRINT
-    REF_PRINT("X509", data);
-#endif
-    x = object->data.x509.certificate;
-    STORE_OBJECT_free(object);
-    return x;
-}
-
-int STORE_list_certificate_end(STORE *s, void *handle)
-{
-    check_store(s, STORE_F_STORE_LIST_CERTIFICATE_END,
-                list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION);
-
-    if (!s->meth->list_object_end(s, handle)) {
-        STOREerr(STORE_F_STORE_LIST_CERTIFICATE_END,
-                 STORE_R_FAILED_LISTING_CERTIFICATES);
-        return 0;
-    }
-    return 1;
-}
-
-int STORE_list_certificate_endp(STORE *s, void *handle)
-{
-    check_store(s, STORE_F_STORE_LIST_CERTIFICATE_ENDP,
-                list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
-
-    if (!s->meth->list_object_endp(s, handle)) {
-        STOREerr(STORE_F_STORE_LIST_CERTIFICATE_ENDP,
-                 STORE_R_FAILED_LISTING_CERTIFICATES);
-        return 0;
-    }
-    return 1;
-}
-
-EVP_PKEY *STORE_generate_key(STORE *s, OPENSSL_ITEM attributes[],
-                             OPENSSL_ITEM parameters[])
-{
-    STORE_OBJECT *object;
-    EVP_PKEY *pkey;
-
-    check_store(s, STORE_F_STORE_GENERATE_KEY,
-                generate_object, STORE_R_NO_GENERATE_OBJECT_FUNCTION);
-
-    object = s->meth->generate_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
-                                      attributes, parameters);
-    if (!object || !object->data.key) {
-        STOREerr(STORE_F_STORE_GENERATE_KEY, STORE_R_FAILED_GENERATING_KEY);
-        return 0;
-    }
-    CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY);
-#ifdef REF_PRINT
-    REF_PRINT("EVP_PKEY", data);
-#endif
-    pkey = object->data.key;
-    STORE_OBJECT_free(object);
-    return pkey;
-}
-
-EVP_PKEY *STORE_get_private_key(STORE *s, OPENSSL_ITEM attributes[],
-                                OPENSSL_ITEM parameters[])
-{
-    STORE_OBJECT *object;
-    EVP_PKEY *pkey;
-
-    check_store(s, STORE_F_STORE_GET_PRIVATE_KEY,
-                get_object, STORE_R_NO_GET_OBJECT_FUNCTION);
-
-    object = s->meth->get_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
-                                 attributes, parameters);
-    if (!object || !object->data.key || !object->data.key) {
-        STOREerr(STORE_F_STORE_GET_PRIVATE_KEY, STORE_R_FAILED_GETTING_KEY);
-        return 0;
-    }
-    CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY);
-#ifdef REF_PRINT
-    REF_PRINT("EVP_PKEY", data);
-#endif
-    pkey = object->data.key;
-    STORE_OBJECT_free(object);
-    return pkey;
-}
-
-int STORE_store_private_key(STORE *s, EVP_PKEY *data,
-                            OPENSSL_ITEM attributes[],
-                            OPENSSL_ITEM parameters[])
-{
-    STORE_OBJECT *object;
-    int i;
-
-    check_store(s, STORE_F_STORE_STORE_PRIVATE_KEY,
-                store_object, STORE_R_NO_STORE_OBJECT_FUNCTION);
-
-    object = STORE_OBJECT_new();
-    if (!object) {
-        STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-    object->data.key = EVP_PKEY_new();
-    if (!object->data.key) {
-        STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-
-    CRYPTO_add(&data->references, 1, CRYPTO_LOCK_EVP_PKEY);
-#ifdef REF_PRINT
-    REF_PRINT("EVP_PKEY", data);
-#endif
-    object->data.key = data;
-
-    i = s->meth->store_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, object,
-                              attributes, parameters);
-
-    STORE_OBJECT_free(object);
-
-    if (!i) {
-        STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, STORE_R_FAILED_STORING_KEY);
-        return 0;
-    }
-    return i;
-}
-
-int STORE_modify_private_key(STORE *s, OPENSSL_ITEM search_attributes[],
-                             OPENSSL_ITEM add_attributes[],
-                             OPENSSL_ITEM modify_attributes[],
-                             OPENSSL_ITEM delete_attributes[],
-                             OPENSSL_ITEM parameters[])
-{
-    check_store(s, STORE_F_STORE_MODIFY_PRIVATE_KEY,
-                modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
-
-    if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
-                                search_attributes, add_attributes,
-                                modify_attributes, delete_attributes,
-                                parameters)) {
-        STOREerr(STORE_F_STORE_MODIFY_PRIVATE_KEY,
-                 STORE_R_FAILED_MODIFYING_PRIVATE_KEY);
-        return 0;
-    }
-    return 1;
-}
-
-int STORE_revoke_private_key(STORE *s, OPENSSL_ITEM attributes[],
-                             OPENSSL_ITEM parameters[])
-{
-    int i;
-
-    check_store(s, STORE_F_STORE_REVOKE_PRIVATE_KEY,
-                revoke_object, STORE_R_NO_REVOKE_OBJECT_FUNCTION);
-
-    i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
-                               attributes, parameters);
-
-    if (!i) {
-        STOREerr(STORE_F_STORE_REVOKE_PRIVATE_KEY,
-                 STORE_R_FAILED_REVOKING_KEY);
-        return 0;
-    }
-    return i;
-}
-
-int STORE_delete_private_key(STORE *s, OPENSSL_ITEM attributes[],
-                             OPENSSL_ITEM parameters[])
-{
-    check_store(s, STORE_F_STORE_DELETE_PRIVATE_KEY,
-                delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION);
-
-    if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
-                                attributes, parameters)) {
-        STOREerr(STORE_F_STORE_DELETE_PRIVATE_KEY,
-                 STORE_R_FAILED_DELETING_KEY);
-        return 0;
-    }
-    return 1;
-}
-
-void *STORE_list_private_key_start(STORE *s, OPENSSL_ITEM attributes[],
-                                   OPENSSL_ITEM parameters[])
-{
-    void *handle;
-
-    check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_START,
-                list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION);
-
-    handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
-                                        attributes, parameters);
-    if (!handle) {
-        STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_START,
-                 STORE_R_FAILED_LISTING_KEYS);
-        return 0;
-    }
-    return handle;
-}
-
-EVP_PKEY *STORE_list_private_key_next(STORE *s, void *handle)
-{
-    STORE_OBJECT *object;
-    EVP_PKEY *pkey;
-
-    check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_NEXT,
-                list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
-
-    object = s->meth->list_object_next(s, handle);
-    if (!object || !object->data.key || !object->data.key) {
-        STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT,
-                 STORE_R_FAILED_LISTING_KEYS);
-        return 0;
-    }
-    CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY);
-#ifdef REF_PRINT
-    REF_PRINT("EVP_PKEY", data);
-#endif
-    pkey = object->data.key;
-    STORE_OBJECT_free(object);
-    return pkey;
-}
-
-int STORE_list_private_key_end(STORE *s, void *handle)
-{
-    check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_END,
-                list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION);
-
-    if (!s->meth->list_object_end(s, handle)) {
-        STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_END,
-                 STORE_R_FAILED_LISTING_KEYS);
-        return 0;
-    }
-    return 1;
-}
-
-int STORE_list_private_key_endp(STORE *s, void *handle)
-{
-    check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_ENDP,
-                list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
-
-    if (!s->meth->list_object_endp(s, handle)) {
-        STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP,
-                 STORE_R_FAILED_LISTING_KEYS);
-        return 0;
-    }
-    return 1;
-}
-
-EVP_PKEY *STORE_get_public_key(STORE *s, OPENSSL_ITEM attributes[],
-                               OPENSSL_ITEM parameters[])
-{
-    STORE_OBJECT *object;
-    EVP_PKEY *pkey;
-
-    check_store(s, STORE_F_STORE_GET_PUBLIC_KEY,
-                get_object, STORE_R_NO_GET_OBJECT_FUNCTION);
-
-    object = s->meth->get_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
-                                 attributes, parameters);
-    if (!object || !object->data.key || !object->data.key) {
-        STOREerr(STORE_F_STORE_GET_PUBLIC_KEY, STORE_R_FAILED_GETTING_KEY);
-        return 0;
-    }
-    CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY);
-#ifdef REF_PRINT
-    REF_PRINT("EVP_PKEY", data);
-#endif
-    pkey = object->data.key;
-    STORE_OBJECT_free(object);
-    return pkey;
-}
-
-int STORE_store_public_key(STORE *s, EVP_PKEY *data,
-                           OPENSSL_ITEM attributes[],
-                           OPENSSL_ITEM parameters[])
-{
-    STORE_OBJECT *object;
-    int i;
-
-    check_store(s, STORE_F_STORE_STORE_PUBLIC_KEY,
-                store_object, STORE_R_NO_STORE_OBJECT_FUNCTION);
-
-    object = STORE_OBJECT_new();
-    if (!object) {
-        STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-    object->data.key = EVP_PKEY_new();
-    if (!object->data.key) {
-        STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-
-    CRYPTO_add(&data->references, 1, CRYPTO_LOCK_EVP_PKEY);
-#ifdef REF_PRINT
-    REF_PRINT("EVP_PKEY", data);
-#endif
-    object->data.key = data;
-
-    i = s->meth->store_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, object,
-                              attributes, parameters);
-
-    STORE_OBJECT_free(object);
-
-    if (!i) {
-        STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, STORE_R_FAILED_STORING_KEY);
-        return 0;
-    }
-    return i;
-}
-
-int STORE_modify_public_key(STORE *s, OPENSSL_ITEM search_attributes[],
-                            OPENSSL_ITEM add_attributes[],
-                            OPENSSL_ITEM modify_attributes[],
-                            OPENSSL_ITEM delete_attributes[],
-                            OPENSSL_ITEM parameters[])
-{
-    check_store(s, STORE_F_STORE_MODIFY_PUBLIC_KEY,
-                modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
-
-    if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
-                                search_attributes, add_attributes,
-                                modify_attributes, delete_attributes,
-                                parameters)) {
-        STOREerr(STORE_F_STORE_MODIFY_PUBLIC_KEY,
-                 STORE_R_FAILED_MODIFYING_PUBLIC_KEY);
-        return 0;
-    }
-    return 1;
-}
-
-int STORE_revoke_public_key(STORE *s, OPENSSL_ITEM attributes[],
-                            OPENSSL_ITEM parameters[])
-{
-    int i;
-
-    check_store(s, STORE_F_STORE_REVOKE_PUBLIC_KEY,
-                revoke_object, STORE_R_NO_REVOKE_OBJECT_FUNCTION);
-
-    i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
-                               attributes, parameters);
-
-    if (!i) {
-        STOREerr(STORE_F_STORE_REVOKE_PUBLIC_KEY,
-                 STORE_R_FAILED_REVOKING_KEY);
-        return 0;
-    }
-    return i;
-}
-
-int STORE_delete_public_key(STORE *s, OPENSSL_ITEM attributes[],
-                            OPENSSL_ITEM parameters[])
-{
-    check_store(s, STORE_F_STORE_DELETE_PUBLIC_KEY,
-                delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION);
-
-    if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
-                                attributes, parameters)) {
-        STOREerr(STORE_F_STORE_DELETE_PUBLIC_KEY,
-                 STORE_R_FAILED_DELETING_KEY);
-        return 0;
-    }
-    return 1;
-}
-
-void *STORE_list_public_key_start(STORE *s, OPENSSL_ITEM attributes[],
-                                  OPENSSL_ITEM parameters[])
-{
-    void *handle;
-
-    check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_START,
-                list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION);
-
-    handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
-                                        attributes, parameters);
-    if (!handle) {
-        STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_START,
-                 STORE_R_FAILED_LISTING_KEYS);
-        return 0;
-    }
-    return handle;
-}
-
-EVP_PKEY *STORE_list_public_key_next(STORE *s, void *handle)
-{
-    STORE_OBJECT *object;
-    EVP_PKEY *pkey;
-
-    check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_NEXT,
-                list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
-
-    object = s->meth->list_object_next(s, handle);
-    if (!object || !object->data.key || !object->data.key) {
-        STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT,
-                 STORE_R_FAILED_LISTING_KEYS);
-        return 0;
-    }
-    CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY);
-#ifdef REF_PRINT
-    REF_PRINT("EVP_PKEY", data);
-#endif
-    pkey = object->data.key;
-    STORE_OBJECT_free(object);
-    return pkey;
-}
-
-int STORE_list_public_key_end(STORE *s, void *handle)
-{
-    check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_END,
-                list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION);
-
-    if (!s->meth->list_object_end(s, handle)) {
-        STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_END,
-                 STORE_R_FAILED_LISTING_KEYS);
-        return 0;
-    }
-    return 1;
-}
-
-int STORE_list_public_key_endp(STORE *s, void *handle)
-{
-    check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_ENDP,
-                list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
-
-    if (!s->meth->list_object_endp(s, handle)) {
-        STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP,
-                 STORE_R_FAILED_LISTING_KEYS);
-        return 0;
-    }
-    return 1;
-}
-
-X509_CRL *STORE_generate_crl(STORE *s, OPENSSL_ITEM attributes[],
-                             OPENSSL_ITEM parameters[])
-{
-    STORE_OBJECT *object;
-    X509_CRL *crl;
-
-    check_store(s, STORE_F_STORE_GENERATE_CRL,
-                generate_object, STORE_R_NO_GENERATE_CRL_FUNCTION);
-
-    object = s->meth->generate_object(s, STORE_OBJECT_TYPE_X509_CRL,
-                                      attributes, parameters);
-    if (!object || !object->data.crl) {
-        STOREerr(STORE_F_STORE_GENERATE_CRL, STORE_R_FAILED_GENERATING_CRL);
-        return 0;
-    }
-    CRYPTO_add(&object->data.crl->references, 1, CRYPTO_LOCK_X509_CRL);
-#ifdef REF_PRINT
-    REF_PRINT("X509_CRL", data);
-#endif
-    crl = object->data.crl;
-    STORE_OBJECT_free(object);
-    return crl;
-}
-
-X509_CRL *STORE_get_crl(STORE *s, OPENSSL_ITEM attributes[],
-                        OPENSSL_ITEM parameters[])
-{
-    STORE_OBJECT *object;
-    X509_CRL *crl;
-
-    check_store(s, STORE_F_STORE_GET_CRL,
-                get_object, STORE_R_NO_GET_OBJECT_FUNCTION);
-
-    object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CRL,
-                                 attributes, parameters);
-    if (!object || !object->data.crl) {
-        STOREerr(STORE_F_STORE_GET_CRL, STORE_R_FAILED_GETTING_KEY);
-        return 0;
-    }
-    CRYPTO_add(&object->data.crl->references, 1, CRYPTO_LOCK_X509_CRL);
-#ifdef REF_PRINT
-    REF_PRINT("X509_CRL", data);
-#endif
-    crl = object->data.crl;
-    STORE_OBJECT_free(object);
-    return crl;
-}
-
-int STORE_store_crl(STORE *s, X509_CRL *data, OPENSSL_ITEM attributes[],
-                    OPENSSL_ITEM parameters[])
-{
-    STORE_OBJECT *object;
-    int i;
-
-    check_store(s, STORE_F_STORE_STORE_CRL,
-                store_object, STORE_R_NO_STORE_OBJECT_FUNCTION);
-
-    object = STORE_OBJECT_new();
-    if (!object) {
-        STOREerr(STORE_F_STORE_STORE_CRL, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-
-    CRYPTO_add(&data->references, 1, CRYPTO_LOCK_X509_CRL);
-#ifdef REF_PRINT
-    REF_PRINT("X509_CRL", data);
-#endif
-    object->data.crl = data;
-
-    i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CRL, object,
-                              attributes, parameters);
-
-    STORE_OBJECT_free(object);
-
-    if (!i) {
-        STOREerr(STORE_F_STORE_STORE_CRL, STORE_R_FAILED_STORING_KEY);
-        return 0;
-    }
-    return i;
-}
-
-int STORE_modify_crl(STORE *s, OPENSSL_ITEM search_attributes[],
-                     OPENSSL_ITEM add_attributes[],
-                     OPENSSL_ITEM modify_attributes[],
-                     OPENSSL_ITEM delete_attributes[],
-                     OPENSSL_ITEM parameters[])
-{
-    check_store(s, STORE_F_STORE_MODIFY_CRL,
-                modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
-
-    if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CRL,
-                                search_attributes, add_attributes,
-                                modify_attributes, delete_attributes,
-                                parameters)) {
-        STOREerr(STORE_F_STORE_MODIFY_CRL, STORE_R_FAILED_MODIFYING_CRL);
-        return 0;
-    }
-    return 1;
-}
-
-int STORE_delete_crl(STORE *s, OPENSSL_ITEM attributes[],
-                     OPENSSL_ITEM parameters[])
-{
-    check_store(s, STORE_F_STORE_DELETE_CRL,
-                delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION);
-
-    if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CRL,
-                                attributes, parameters)) {
-        STOREerr(STORE_F_STORE_DELETE_CRL, STORE_R_FAILED_DELETING_KEY);
-        return 0;
-    }
-    return 1;
-}
-
-void *STORE_list_crl_start(STORE *s, OPENSSL_ITEM attributes[],
-                           OPENSSL_ITEM parameters[])
-{
-    void *handle;
-
-    check_store(s, STORE_F_STORE_LIST_CRL_START,
-                list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION);
-
-    handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_X509_CRL,
-                                        attributes, parameters);
-    if (!handle) {
-        STOREerr(STORE_F_STORE_LIST_CRL_START, STORE_R_FAILED_LISTING_KEYS);
-        return 0;
-    }
-    return handle;
-}
-
-X509_CRL *STORE_list_crl_next(STORE *s, void *handle)
-{
-    STORE_OBJECT *object;
-    X509_CRL *crl;
-
-    check_store(s, STORE_F_STORE_LIST_CRL_NEXT,
-                list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
-
-    object = s->meth->list_object_next(s, handle);
-    if (!object || !object->data.crl) {
-        STOREerr(STORE_F_STORE_LIST_CRL_NEXT, STORE_R_FAILED_LISTING_KEYS);
-        return 0;
-    }
-    CRYPTO_add(&object->data.crl->references, 1, CRYPTO_LOCK_X509_CRL);
-#ifdef REF_PRINT
-    REF_PRINT("X509_CRL", data);
-#endif
-    crl = object->data.crl;
-    STORE_OBJECT_free(object);
-    return crl;
-}
-
-int STORE_list_crl_end(STORE *s, void *handle)
-{
-    check_store(s, STORE_F_STORE_LIST_CRL_END,
-                list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION);
-
-    if (!s->meth->list_object_end(s, handle)) {
-        STOREerr(STORE_F_STORE_LIST_CRL_END, STORE_R_FAILED_LISTING_KEYS);
-        return 0;
-    }
-    return 1;
-}
-
-int STORE_list_crl_endp(STORE *s, void *handle)
-{
-    check_store(s, STORE_F_STORE_LIST_CRL_ENDP,
-                list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
-
-    if (!s->meth->list_object_endp(s, handle)) {
-        STOREerr(STORE_F_STORE_LIST_CRL_ENDP, STORE_R_FAILED_LISTING_KEYS);
-        return 0;
-    }
-    return 1;
-}
-
-int STORE_store_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[],
-                       OPENSSL_ITEM parameters[])
-{
-    STORE_OBJECT *object;
-    int i;
-
-    check_store(s, STORE_F_STORE_STORE_NUMBER,
-                store_object, STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION);
-
-    object = STORE_OBJECT_new();
-    if (!object) {
-        STOREerr(STORE_F_STORE_STORE_NUMBER, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-
-    object->data.number = data;
-
-    i = s->meth->store_object(s, STORE_OBJECT_TYPE_NUMBER, object,
-                              attributes, parameters);
-
-    STORE_OBJECT_free(object);
-
-    if (!i) {
-        STOREerr(STORE_F_STORE_STORE_NUMBER, STORE_R_FAILED_STORING_NUMBER);
-        return 0;
-    }
-    return 1;
-}
-
-int STORE_modify_number(STORE *s, OPENSSL_ITEM search_attributes[],
-                        OPENSSL_ITEM add_attributes[],
-                        OPENSSL_ITEM modify_attributes[],
-                        OPENSSL_ITEM delete_attributes[],
-                        OPENSSL_ITEM parameters[])
-{
-    check_store(s, STORE_F_STORE_MODIFY_NUMBER,
-                modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
-
-    if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_NUMBER,
-                                search_attributes, add_attributes,
-                                modify_attributes, delete_attributes,
-                                parameters)) {
-        STOREerr(STORE_F_STORE_MODIFY_NUMBER,
-                 STORE_R_FAILED_MODIFYING_NUMBER);
-        return 0;
-    }
-    return 1;
-}
-
-BIGNUM *STORE_get_number(STORE *s, OPENSSL_ITEM attributes[],
-                         OPENSSL_ITEM parameters[])
-{
-    STORE_OBJECT *object;
-    BIGNUM *n;
-
-    check_store(s, STORE_F_STORE_GET_NUMBER,
-                get_object, STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION);
-
-    object = s->meth->get_object(s, STORE_OBJECT_TYPE_NUMBER, attributes,
-                                 parameters);
-    if (!object || !object->data.number) {
-        STOREerr(STORE_F_STORE_GET_NUMBER, STORE_R_FAILED_GETTING_NUMBER);
-        return 0;
-    }
-    n = object->data.number;
-    object->data.number = NULL;
-    STORE_OBJECT_free(object);
-    return n;
-}
-
-int STORE_delete_number(STORE *s, OPENSSL_ITEM attributes[],
-                        OPENSSL_ITEM parameters[])
-{
-    check_store(s, STORE_F_STORE_DELETE_NUMBER,
-                delete_object, STORE_R_NO_DELETE_NUMBER_FUNCTION);
-
-    if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_NUMBER, attributes,
-                                parameters)) {
-        STOREerr(STORE_F_STORE_DELETE_NUMBER, STORE_R_FAILED_DELETING_NUMBER);
-        return 0;
-    }
-    return 1;
-}
-
-int STORE_store_arbitrary(STORE *s, BUF_MEM *data, OPENSSL_ITEM attributes[],
-                          OPENSSL_ITEM parameters[])
-{
-    STORE_OBJECT *object;
-    int i;
-
-    check_store(s, STORE_F_STORE_STORE_ARBITRARY,
-                store_object, STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION);
-
-    object = STORE_OBJECT_new();
-    if (!object) {
-        STOREerr(STORE_F_STORE_STORE_ARBITRARY, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-
-    object->data.arbitrary = data;
-
-    i = s->meth->store_object(s, STORE_OBJECT_TYPE_ARBITRARY, object,
-                              attributes, parameters);
-
-    STORE_OBJECT_free(object);
-
-    if (!i) {
-        STOREerr(STORE_F_STORE_STORE_ARBITRARY,
-                 STORE_R_FAILED_STORING_ARBITRARY);
-        return 0;
-    }
-    return 1;
-}
-
-int STORE_modify_arbitrary(STORE *s, OPENSSL_ITEM search_attributes[],
-                           OPENSSL_ITEM add_attributes[],
-                           OPENSSL_ITEM modify_attributes[],
-                           OPENSSL_ITEM delete_attributes[],
-                           OPENSSL_ITEM parameters[])
-{
-    check_store(s, STORE_F_STORE_MODIFY_ARBITRARY,
-                modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
-
-    if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_ARBITRARY,
-                                search_attributes, add_attributes,
-                                modify_attributes, delete_attributes,
-                                parameters)) {
-        STOREerr(STORE_F_STORE_MODIFY_ARBITRARY,
-                 STORE_R_FAILED_MODIFYING_ARBITRARY);
-        return 0;
-    }
-    return 1;
-}
-
-BUF_MEM *STORE_get_arbitrary(STORE *s, OPENSSL_ITEM attributes[],
-                             OPENSSL_ITEM parameters[])
-{
-    STORE_OBJECT *object;
-    BUF_MEM *b;
-
-    check_store(s, STORE_F_STORE_GET_ARBITRARY,
-                get_object, STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION);
-
-    object = s->meth->get_object(s, STORE_OBJECT_TYPE_ARBITRARY,
-                                 attributes, parameters);
-    if (!object || !object->data.arbitrary) {
-        STOREerr(STORE_F_STORE_GET_ARBITRARY,
-                 STORE_R_FAILED_GETTING_ARBITRARY);
-        return 0;
-    }
-    b = object->data.arbitrary;
-    object->data.arbitrary = NULL;
-    STORE_OBJECT_free(object);
-    return b;
-}
-
-int STORE_delete_arbitrary(STORE *s, OPENSSL_ITEM attributes[],
-                           OPENSSL_ITEM parameters[])
-{
-    check_store(s, STORE_F_STORE_DELETE_ARBITRARY,
-                delete_object, STORE_R_NO_DELETE_ARBITRARY_FUNCTION);
-
-    if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_ARBITRARY, attributes,
-                                parameters)) {
-        STOREerr(STORE_F_STORE_DELETE_ARBITRARY,
-                 STORE_R_FAILED_DELETING_ARBITRARY);
-        return 0;
-    }
-    return 1;
-}
-
-STORE_OBJECT *STORE_OBJECT_new(void)
-{
-    STORE_OBJECT *object = OPENSSL_malloc(sizeof(STORE_OBJECT));
-    if (object)
-        memset(object, 0, sizeof(STORE_OBJECT));
-    return object;
-}
-
-void STORE_OBJECT_free(STORE_OBJECT *data)
-{
-    if (!data)
-        return;
-    switch (data->type) {
-    case STORE_OBJECT_TYPE_X509_CERTIFICATE:
-        X509_free(data->data.x509.certificate);
-        break;
-    case STORE_OBJECT_TYPE_X509_CRL:
-        X509_CRL_free(data->data.crl);
-        break;
-    case STORE_OBJECT_TYPE_PRIVATE_KEY:
-    case STORE_OBJECT_TYPE_PUBLIC_KEY:
-        EVP_PKEY_free(data->data.key);
-        break;
-    case STORE_OBJECT_TYPE_NUMBER:
-        BN_free(data->data.number);
-        break;
-    case STORE_OBJECT_TYPE_ARBITRARY:
-        BUF_MEM_free(data->data.arbitrary);
-        break;
-    }
-    OPENSSL_free(data);
-}
-
-IMPLEMENT_STACK_OF(STORE_OBJECT*)
-
-struct STORE_attr_info_st {
-    unsigned char set[(STORE_ATTR_TYPE_NUM + 8) / 8];
-    union {
-        char *cstring;
-        unsigned char *sha1string;
-        X509_NAME *dn;
-        BIGNUM *number;
-        void *any;
-    } values[STORE_ATTR_TYPE_NUM + 1];
-    size_t value_sizes[STORE_ATTR_TYPE_NUM + 1];
-};
-
-#define ATTR_IS_SET(a,i)        ((i) > 0 && (i) < STORE_ATTR_TYPE_NUM \
-                                && ((a)->set[(i) / 8] & (1 << ((i) % 8))))
-#define SET_ATTRBIT(a,i)        ((a)->set[(i) / 8] |= (1 << ((i) % 8)))
-#define CLEAR_ATTRBIT(a,i)      ((a)->set[(i) / 8] &= ~(1 << ((i) % 8)))
-
-STORE_ATTR_INFO *STORE_ATTR_INFO_new(void)
-{
-    return (STORE_ATTR_INFO *)OPENSSL_malloc(sizeof(STORE_ATTR_INFO));
-}
-
-static void STORE_ATTR_INFO_attr_free(STORE_ATTR_INFO *attrs,
-                                      STORE_ATTR_TYPES code)
-{
-    if (ATTR_IS_SET(attrs, code)) {
-        switch (code) {
-        case STORE_ATTR_FRIENDLYNAME:
-        case STORE_ATTR_EMAIL:
-        case STORE_ATTR_FILENAME:
-            STORE_ATTR_INFO_modify_cstr(attrs, code, NULL, 0);
-            break;
-        case STORE_ATTR_KEYID:
-        case STORE_ATTR_ISSUERKEYID:
-        case STORE_ATTR_SUBJECTKEYID:
-        case STORE_ATTR_ISSUERSERIALHASH:
-        case STORE_ATTR_CERTHASH:
-            STORE_ATTR_INFO_modify_sha1str(attrs, code, NULL, 0);
-            break;
-        case STORE_ATTR_ISSUER:
-        case STORE_ATTR_SUBJECT:
-            STORE_ATTR_INFO_modify_dn(attrs, code, NULL);
-            break;
-        case STORE_ATTR_SERIAL:
-            STORE_ATTR_INFO_modify_number(attrs, code, NULL);
-            break;
-        default:
-            break;
-        }
-    }
-}
-
-int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs)
-{
-    if (attrs) {
-        STORE_ATTR_TYPES i;
-        for (i = 0; i++ < STORE_ATTR_TYPE_NUM;)
-            STORE_ATTR_INFO_attr_free(attrs, i);
-        OPENSSL_free(attrs);
-    }
-    return 1;
-}
-
-char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code)
-{
-    if (!attrs) {
-        STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR,
-                 ERR_R_PASSED_NULL_PARAMETER);
-        return NULL;
-    }
-    if (ATTR_IS_SET(attrs, code))
-        return attrs->values[code].cstring;
-    STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR, STORE_R_NO_VALUE);
-    return NULL;
-}
-
-unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs,
-                                            STORE_ATTR_TYPES code)
-{
-    if (!attrs) {
-        STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR,
-                 ERR_R_PASSED_NULL_PARAMETER);
-        return NULL;
-    }
-    if (ATTR_IS_SET(attrs, code))
-        return attrs->values[code].sha1string;
-    STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR, STORE_R_NO_VALUE);
-    return NULL;
-}
-
-X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs,
-                                   STORE_ATTR_TYPES code)
-{
-    if (!attrs) {
-        STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN,
-                 ERR_R_PASSED_NULL_PARAMETER);
-        return NULL;
-    }
-    if (ATTR_IS_SET(attrs, code))
-        return attrs->values[code].dn;
-    STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN, STORE_R_NO_VALUE);
-    return NULL;
-}
-
-BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs,
-                                    STORE_ATTR_TYPES code)
-{
-    if (!attrs) {
-        STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER,
-                 ERR_R_PASSED_NULL_PARAMETER);
-        return NULL;
-    }
-    if (ATTR_IS_SET(attrs, code))
-        return attrs->values[code].number;
-    STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER, STORE_R_NO_VALUE);
-    return NULL;
-}
-
-int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
-                             char *cstr, size_t cstr_size)
-{
-    if (!attrs) {
-        STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR,
-                 ERR_R_PASSED_NULL_PARAMETER);
-        return 0;
-    }
-    if (!ATTR_IS_SET(attrs, code)) {
-        if ((attrs->values[code].cstring = BUF_strndup(cstr, cstr_size)))
-            return 1;
-        STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-    STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, STORE_R_ALREADY_HAS_A_VALUE);
-    return 0;
-}
-
-int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
-                                unsigned char *sha1str, size_t sha1str_size)
-{
-    if (!attrs) {
-        STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR,
-                 ERR_R_PASSED_NULL_PARAMETER);
-        return 0;
-    }
-    if (!ATTR_IS_SET(attrs, code)) {
-        if ((attrs->values[code].sha1string =
-             (unsigned char *)BUF_memdup(sha1str, sha1str_size)))
-            return 1;
-        STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-    STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR,
-             STORE_R_ALREADY_HAS_A_VALUE);
-    return 0;
-}
-
-int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
-                           X509_NAME *dn)
-{
-    if (!attrs) {
-        STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, ERR_R_PASSED_NULL_PARAMETER);
-        return 0;
-    }
-    if (!ATTR_IS_SET(attrs, code)) {
-        if ((attrs->values[code].dn = X509_NAME_dup(dn)))
-            return 1;
-        STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-    STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, STORE_R_ALREADY_HAS_A_VALUE);
-    return 0;
-}
-
-int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
-                               BIGNUM *number)
-{
-    if (!attrs) {
-        STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER,
-                 ERR_R_PASSED_NULL_PARAMETER);
-        return 0;
-    }
-    if (!ATTR_IS_SET(attrs, code)) {
-        if ((attrs->values[code].number = BN_dup(number)))
-            return 1;
-        STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-    STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, STORE_R_ALREADY_HAS_A_VALUE);
-    return 0;
-}
-
-int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
-                                char *cstr, size_t cstr_size)
-{
-    if (!attrs) {
-        STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR,
-                 ERR_R_PASSED_NULL_PARAMETER);
-        return 0;
-    }
-    if (ATTR_IS_SET(attrs, code)) {
-        OPENSSL_free(attrs->values[code].cstring);
-        attrs->values[code].cstring = NULL;
-        CLEAR_ATTRBIT(attrs, code);
-    }
-    return STORE_ATTR_INFO_set_cstr(attrs, code, cstr, cstr_size);
-}
-
-int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs,
-                                   STORE_ATTR_TYPES code,
-                                   unsigned char *sha1str,
-                                   size_t sha1str_size)
-{
-    if (!attrs) {
-        STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR,
-                 ERR_R_PASSED_NULL_PARAMETER);
-        return 0;
-    }
-    if (ATTR_IS_SET(attrs, code)) {
-        OPENSSL_free(attrs->values[code].sha1string);
-        attrs->values[code].sha1string = NULL;
-        CLEAR_ATTRBIT(attrs, code);
-    }
-    return STORE_ATTR_INFO_set_sha1str(attrs, code, sha1str, sha1str_size);
-}
-
-int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
-                              X509_NAME *dn)
-{
-    if (!attrs) {
-        STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_DN,
-                 ERR_R_PASSED_NULL_PARAMETER);
-        return 0;
-    }
-    if (ATTR_IS_SET(attrs, code)) {
-        OPENSSL_free(attrs->values[code].dn);
-        attrs->values[code].dn = NULL;
-        CLEAR_ATTRBIT(attrs, code);
-    }
-    return STORE_ATTR_INFO_set_dn(attrs, code, dn);
-}
-
-int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs,
-                                  STORE_ATTR_TYPES code, BIGNUM *number)
-{
-    if (!attrs) {
-        STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER,
-                 ERR_R_PASSED_NULL_PARAMETER);
-        return 0;
-    }
-    if (ATTR_IS_SET(attrs, code)) {
-        OPENSSL_free(attrs->values[code].number);
-        attrs->values[code].number = NULL;
-        CLEAR_ATTRBIT(attrs, code);
-    }
-    return STORE_ATTR_INFO_set_number(attrs, code, number);
-}
-
-struct attr_list_ctx_st {
-    OPENSSL_ITEM *attributes;
-};
-void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes)
-{
-    if (attributes) {
-        struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)
-            OPENSSL_malloc(sizeof(struct attr_list_ctx_st));
-        if (context)
-            context->attributes = attributes;
-        else
-            STOREerr(STORE_F_STORE_PARSE_ATTRS_START, ERR_R_MALLOC_FAILURE);
-        return context;
-    }
-    STOREerr(STORE_F_STORE_PARSE_ATTRS_START, ERR_R_PASSED_NULL_PARAMETER);
-    return 0;
-}
-
-STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle)
-{
-    struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
-
-    if (context && context->attributes) {
-        STORE_ATTR_INFO *attrs = NULL;
-
-        while (context->attributes
-               && context->attributes->code != STORE_ATTR_OR
-               && context->attributes->code != STORE_ATTR_END) {
-            switch (context->attributes->code) {
-            case STORE_ATTR_FRIENDLYNAME:
-            case STORE_ATTR_EMAIL:
-            case STORE_ATTR_FILENAME:
-                if (!attrs)
-                    attrs = STORE_ATTR_INFO_new();
-                if (attrs == NULL) {
-                    STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
-                             ERR_R_MALLOC_FAILURE);
-                    goto err;
-                }
-                STORE_ATTR_INFO_set_cstr(attrs,
-                                         context->attributes->code,
-                                         context->attributes->value,
-                                         context->attributes->value_size);
-                break;
-            case STORE_ATTR_KEYID:
-            case STORE_ATTR_ISSUERKEYID:
-            case STORE_ATTR_SUBJECTKEYID:
-            case STORE_ATTR_ISSUERSERIALHASH:
-            case STORE_ATTR_CERTHASH:
-                if (!attrs)
-                    attrs = STORE_ATTR_INFO_new();
-                if (attrs == NULL) {
-                    STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
-                             ERR_R_MALLOC_FAILURE);
-                    goto err;
-                }
-                STORE_ATTR_INFO_set_sha1str(attrs,
-                                            context->attributes->code,
-                                            context->attributes->value,
-                                            context->attributes->value_size);
-                break;
-            case STORE_ATTR_ISSUER:
-            case STORE_ATTR_SUBJECT:
-                if (!attrs)
-                    attrs = STORE_ATTR_INFO_new();
-                if (attrs == NULL) {
-                    STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
-                             ERR_R_MALLOC_FAILURE);
-                    goto err;
-                }
-                STORE_ATTR_INFO_modify_dn(attrs,
-                                          context->attributes->code,
-                                          context->attributes->value);
-                break;
-            case STORE_ATTR_SERIAL:
-                if (!attrs)
-                    attrs = STORE_ATTR_INFO_new();
-                if (attrs == NULL) {
-                    STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
-                             ERR_R_MALLOC_FAILURE);
-                    goto err;
-                }
-                STORE_ATTR_INFO_modify_number(attrs,
-                                              context->attributes->code,
-                                              context->attributes->value);
-                break;
-            }
-            context->attributes++;
-        }
-        if (context->attributes->code == STORE_ATTR_OR)
-            context->attributes++;
-        return attrs;
- err:
-        while (context->attributes
-               && context->attributes->code != STORE_ATTR_OR
-               && context->attributes->code != STORE_ATTR_END)
-            context->attributes++;
-        if (context->attributes->code == STORE_ATTR_OR)
-            context->attributes++;
-        return NULL;
-    }
-    STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, ERR_R_PASSED_NULL_PARAMETER);
-    return NULL;
-}
-
-int STORE_parse_attrs_end(void *handle)
-{
-    struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
-
-    if (context && context->attributes) {
-#if 0
-        OPENSSL_ITEM *attributes = context->attributes;
-#endif
-        OPENSSL_free(context);
-        return 1;
-    }
-    STOREerr(STORE_F_STORE_PARSE_ATTRS_END, ERR_R_PASSED_NULL_PARAMETER);
-    return 0;
-}
-
-int STORE_parse_attrs_endp(void *handle)
-{
-    struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
-
-    if (context && context->attributes) {
-        return context->attributes->code == STORE_ATTR_END;
-    }
-    STOREerr(STORE_F_STORE_PARSE_ATTRS_ENDP, ERR_R_PASSED_NULL_PARAMETER);
-    return 0;
-}
-
-static int attr_info_compare_compute_range(const unsigned char *abits,
-                                           const unsigned char *bbits,
-                                           unsigned int *alowp,
-                                           unsigned int *ahighp,
-                                           unsigned int *blowp,
-                                           unsigned int *bhighp)
-{
-    unsigned int alow = (unsigned int)-1, ahigh = 0;
-    unsigned int blow = (unsigned int)-1, bhigh = 0;
-    int i, res = 0;
-
-    for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++) {
-        if (res == 0) {
-            if (*abits < *bbits)
-                res = -1;
-            if (*abits > *bbits)
-                res = 1;
-        }
-        if (*abits) {
-            if (alow == (unsigned int)-1) {
-                alow = i * 8;
-                if (!(*abits & 0x01))
-                    alow++;
-                if (!(*abits & 0x02))
-                    alow++;
-                if (!(*abits & 0x04))
-                    alow++;
-                if (!(*abits & 0x08))
-                    alow++;
-                if (!(*abits & 0x10))
-                    alow++;
-                if (!(*abits & 0x20))
-                    alow++;
-                if (!(*abits & 0x40))
-                    alow++;
-            }
-            ahigh = i * 8 + 7;
-            if (!(*abits & 0x80))
-                ahigh++;
-            if (!(*abits & 0x40))
-                ahigh++;
-            if (!(*abits & 0x20))
-                ahigh++;
-            if (!(*abits & 0x10))
-                ahigh++;
-            if (!(*abits & 0x08))
-                ahigh++;
-            if (!(*abits & 0x04))
-                ahigh++;
-            if (!(*abits & 0x02))
-                ahigh++;
-        }
-        if (*bbits) {
-            if (blow == (unsigned int)-1) {
-                blow = i * 8;
-                if (!(*bbits & 0x01))
-                    blow++;
-                if (!(*bbits & 0x02))
-                    blow++;
-                if (!(*bbits & 0x04))
-                    blow++;
-                if (!(*bbits & 0x08))
-                    blow++;
-                if (!(*bbits & 0x10))
-                    blow++;
-                if (!(*bbits & 0x20))
-                    blow++;
-                if (!(*bbits & 0x40))
-                    blow++;
-            }
-            bhigh = i * 8 + 7;
-            if (!(*bbits & 0x80))
-                bhigh++;
-            if (!(*bbits & 0x40))
-                bhigh++;
-            if (!(*bbits & 0x20))
-                bhigh++;
-            if (!(*bbits & 0x10))
-                bhigh++;
-            if (!(*bbits & 0x08))
-                bhigh++;
-            if (!(*bbits & 0x04))
-                bhigh++;
-            if (!(*bbits & 0x02))
-                bhigh++;
-        }
-    }
-    if (ahigh + alow < bhigh + blow)
-        res = -1;
-    if (ahigh + alow > bhigh + blow)
-        res = 1;
-    if (alowp)
-        *alowp = alow;
-    if (ahighp)
-        *ahighp = ahigh;
-    if (blowp)
-        *blowp = blow;
-    if (bhighp)
-        *bhighp = bhigh;
-    return res;
-}
-
-int STORE_ATTR_INFO_compare(const STORE_ATTR_INFO *const *a,
-                            const STORE_ATTR_INFO *const *b)
-{
-    if (a == b)
-        return 0;
-    if (!a)
-        return -1;
-    if (!b)
-        return 1;
-    return attr_info_compare_compute_range((*a)->set, (*b)->set, 0, 0, 0, 0);
-}
-
-int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
-{
-    unsigned int alow, ahigh, blow, bhigh;
-
-    if (a == b)
-        return 1;
-    if (!a)
-        return 0;
-    if (!b)
-        return 0;
-    attr_info_compare_compute_range(a->set, b->set,
-                                    &alow, &ahigh, &blow, &bhigh);
-    if (alow >= blow && ahigh <= bhigh)
-        return 1;
-    return 0;
-}
-
-int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
-{
-    unsigned char *abits, *bbits;
-    int i;
-
-    if (a == b)
-        return 1;
-    if (!a)
-        return 0;
-    if (!b)
-        return 0;
-    abits = a->set;
-    bbits = b->set;
-    for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++) {
-        if (*abits && (*bbits & *abits) != *abits)
-            return 0;
-    }
-    return 1;
-}
-
-int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
-{
-    STORE_ATTR_TYPES i;
-
-    if (a == b)
-        return 1;
-    if (!STORE_ATTR_INFO_in(a, b))
-        return 0;
-    for (i = 1; i < STORE_ATTR_TYPE_NUM; i++)
-        if (ATTR_IS_SET(a, i)) {
-            switch (i) {
-            case STORE_ATTR_FRIENDLYNAME:
-            case STORE_ATTR_EMAIL:
-            case STORE_ATTR_FILENAME:
-                if (strcmp(a->values[i].cstring, b->values[i].cstring))
-                    return 0;
-                break;
-            case STORE_ATTR_KEYID:
-            case STORE_ATTR_ISSUERKEYID:
-            case STORE_ATTR_SUBJECTKEYID:
-            case STORE_ATTR_ISSUERSERIALHASH:
-            case STORE_ATTR_CERTHASH:
-                if (memcmp(a->values[i].sha1string,
-                           b->values[i].sha1string, a->value_sizes[i]))
-                    return 0;
-                break;
-            case STORE_ATTR_ISSUER:
-            case STORE_ATTR_SUBJECT:
-                if (X509_NAME_cmp(a->values[i].dn, b->values[i].dn))
-                    return 0;
-                break;
-            case STORE_ATTR_SERIAL:
-                if (BN_cmp(a->values[i].number, b->values[i].number))
-                    return 0;
-                break;
-            default:
-                break;
-            }
-        }
-
-    return 1;
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/store/str_lib.c (from rev 11605, vendor-crypto/openssl/dist/crypto/store/str_lib.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/store/str_lib.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/store/str_lib.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,1772 @@
+/* crypto/store/str_lib.c */
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/bn.h>
+#include <openssl/err.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+#include <openssl/sha.h>
+#include <openssl/x509.h>
+#include "str_locl.h"
+
+const char *const STORE_object_type_string[STORE_OBJECT_TYPE_NUM + 1] = {
+    0,
+    "X.509 Certificate",
+    "X.509 CRL",
+    "Private Key",
+    "Public Key",
+    "Number",
+    "Arbitrary Data"
+};
+
+const int STORE_param_sizes[STORE_PARAM_TYPE_NUM + 1] = {
+    0,
+    sizeof(int),                /* EVP_TYPE */
+    sizeof(size_t),             /* BITS */
+    -1,                         /* KEY_PARAMETERS */
+    0                           /* KEY_NO_PARAMETERS */
+};
+
+const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM + 1] = {
+    0,
+    -1,                         /* FRIENDLYNAME: C string */
+    SHA_DIGEST_LENGTH,          /* KEYID: SHA1 digest, 160 bits */
+    SHA_DIGEST_LENGTH,          /* ISSUERKEYID: SHA1 digest, 160 bits */
+    SHA_DIGEST_LENGTH,          /* SUBJECTKEYID: SHA1 digest, 160 bits */
+    SHA_DIGEST_LENGTH,          /* ISSUERSERIALHASH: SHA1 digest, 160 bits */
+    sizeof(X509_NAME *),        /* ISSUER: X509_NAME * */
+    sizeof(BIGNUM *),           /* SERIAL: BIGNUM * */
+    sizeof(X509_NAME *),        /* SUBJECT: X509_NAME * */
+    SHA_DIGEST_LENGTH,          /* CERTHASH: SHA1 digest, 160 bits */
+    -1,                         /* EMAIL: C string */
+    -1,                         /* FILENAME: C string */
+};
+
+STORE *STORE_new_method(const STORE_METHOD *method)
+{
+    STORE *ret;
+
+    if (method == NULL) {
+        STOREerr(STORE_F_STORE_NEW_METHOD, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+
+    ret = (STORE *)OPENSSL_malloc(sizeof(STORE));
+    if (ret == NULL) {
+        STOREerr(STORE_F_STORE_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->meth = method;
+
+    CRYPTO_new_ex_data(CRYPTO_EX_INDEX_STORE, ret, &ret->ex_data);
+    if (ret->meth->init && !ret->meth->init(ret)) {
+        STORE_free(ret);
+        ret = NULL;
+    }
+    return ret;
+}
+
+STORE *STORE_new_engine(ENGINE *engine)
+{
+    STORE *ret = NULL;
+    ENGINE *e = engine;
+    const STORE_METHOD *meth = 0;
+
+#ifdef OPENSSL_NO_ENGINE
+    e = NULL;
+#else
+    if (engine) {
+        if (!ENGINE_init(engine)) {
+            STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_ENGINE_LIB);
+            return NULL;
+        }
+        e = engine;
+    } else {
+        STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (e) {
+        meth = ENGINE_get_STORE(e);
+        if (!meth) {
+            STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_ENGINE_LIB);
+            ENGINE_finish(e);
+            return NULL;
+        }
+    }
+#endif
+
+    ret = STORE_new_method(meth);
+    if (ret == NULL) {
+        STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_STORE_LIB);
+        return NULL;
+    }
+
+    ret->engine = e;
+
+    return (ret);
+}
+
+void STORE_free(STORE *store)
+{
+    if (store == NULL)
+        return;
+    if (store->meth->clean)
+        store->meth->clean(store);
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_STORE, store, &store->ex_data);
+    OPENSSL_free(store);
+}
+
+int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f) (void))
+{
+    if (store == NULL) {
+        STOREerr(STORE_F_STORE_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (store->meth->ctrl)
+        return store->meth->ctrl(store, cmd, i, p, f);
+    STOREerr(STORE_F_STORE_CTRL, STORE_R_NO_CONTROL_FUNCTION);
+    return 0;
+}
+
+int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+                           CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+{
+    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_STORE, argl, argp,
+                                   new_func, dup_func, free_func);
+}
+
+int STORE_set_ex_data(STORE *r, int idx, void *arg)
+{
+    return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
+}
+
+void *STORE_get_ex_data(STORE *r, int idx)
+{
+    return (CRYPTO_get_ex_data(&r->ex_data, idx));
+}
+
+const STORE_METHOD *STORE_get_method(STORE *store)
+{
+    return store->meth;
+}
+
+const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth)
+{
+    store->meth = meth;
+    return store->meth;
+}
+
+/* API helpers */
+
+#define check_store(s,fncode,fnname,fnerrcode) \
+        do \
+                { \
+                if ((s) == NULL || (s)->meth == NULL) \
+                        { \
+                        STOREerr((fncode), ERR_R_PASSED_NULL_PARAMETER); \
+                        return 0; \
+                        } \
+                if ((s)->meth->fnname == NULL) \
+                        { \
+                        STOREerr((fncode), (fnerrcode)); \
+                        return 0; \
+                        } \
+                } \
+        while(0)
+
+/* API functions */
+
+X509 *STORE_get_certificate(STORE *s, OPENSSL_ITEM attributes[],
+                            OPENSSL_ITEM parameters[])
+{
+    STORE_OBJECT *object;
+    X509 *x;
+
+    check_store(s, STORE_F_STORE_GET_CERTIFICATE,
+                get_object, STORE_R_NO_GET_OBJECT_FUNCTION);
+
+    object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
+                                 attributes, parameters);
+    if (!object || !object->data.x509.certificate) {
+        STOREerr(STORE_F_STORE_GET_CERTIFICATE,
+                 STORE_R_FAILED_GETTING_CERTIFICATE);
+        return 0;
+    }
+    CRYPTO_add(&object->data.x509.certificate->references, 1,
+               CRYPTO_LOCK_X509);
+#ifdef REF_PRINT
+    REF_PRINT("X509", data);
+#endif
+    x = object->data.x509.certificate;
+    STORE_OBJECT_free(object);
+    return x;
+}
+
+int STORE_store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[],
+                            OPENSSL_ITEM parameters[])
+{
+    STORE_OBJECT *object;
+    int i;
+
+    check_store(s, STORE_F_STORE_CERTIFICATE,
+                store_object, STORE_R_NO_STORE_OBJECT_FUNCTION);
+
+    object = STORE_OBJECT_new();
+    if (!object) {
+        STOREerr(STORE_F_STORE_STORE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    CRYPTO_add(&data->references, 1, CRYPTO_LOCK_X509);
+#ifdef REF_PRINT
+    REF_PRINT("X509", data);
+#endif
+    object->data.x509.certificate = data;
+
+    i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
+                              object, attributes, parameters);
+
+    STORE_OBJECT_free(object);
+
+    if (!i) {
+        STOREerr(STORE_F_STORE_STORE_CERTIFICATE,
+                 STORE_R_FAILED_STORING_CERTIFICATE);
+        return 0;
+    }
+    return 1;
+}
+
+int STORE_modify_certificate(STORE *s, OPENSSL_ITEM search_attributes[],
+                             OPENSSL_ITEM add_attributes[],
+                             OPENSSL_ITEM modify_attributes[],
+                             OPENSSL_ITEM delete_attributes[],
+                             OPENSSL_ITEM parameters[])
+{
+    check_store(s, STORE_F_STORE_MODIFY_CERTIFICATE,
+                modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
+
+    if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
+                                search_attributes, add_attributes,
+                                modify_attributes, delete_attributes,
+                                parameters)) {
+        STOREerr(STORE_F_STORE_MODIFY_CERTIFICATE,
+                 STORE_R_FAILED_MODIFYING_CERTIFICATE);
+        return 0;
+    }
+    return 1;
+}
+
+int STORE_revoke_certificate(STORE *s, OPENSSL_ITEM attributes[],
+                             OPENSSL_ITEM parameters[])
+{
+    check_store(s, STORE_F_STORE_REVOKE_CERTIFICATE,
+                revoke_object, STORE_R_NO_REVOKE_OBJECT_FUNCTION);
+
+    if (!s->meth->revoke_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
+                                attributes, parameters)) {
+        STOREerr(STORE_F_STORE_REVOKE_CERTIFICATE,
+                 STORE_R_FAILED_REVOKING_CERTIFICATE);
+        return 0;
+    }
+    return 1;
+}
+
+int STORE_delete_certificate(STORE *s, OPENSSL_ITEM attributes[],
+                             OPENSSL_ITEM parameters[])
+{
+    check_store(s, STORE_F_STORE_DELETE_CERTIFICATE,
+                delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION);
+
+    if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
+                                attributes, parameters)) {
+        STOREerr(STORE_F_STORE_DELETE_CERTIFICATE,
+                 STORE_R_FAILED_DELETING_CERTIFICATE);
+        return 0;
+    }
+    return 1;
+}
+
+void *STORE_list_certificate_start(STORE *s, OPENSSL_ITEM attributes[],
+                                   OPENSSL_ITEM parameters[])
+{
+    void *handle;
+
+    check_store(s, STORE_F_STORE_LIST_CERTIFICATE_START,
+                list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION);
+
+    handle = s->meth->list_object_start(s,
+                                        STORE_OBJECT_TYPE_X509_CERTIFICATE,
+                                        attributes, parameters);
+    if (!handle) {
+        STOREerr(STORE_F_STORE_LIST_CERTIFICATE_START,
+                 STORE_R_FAILED_LISTING_CERTIFICATES);
+        return 0;
+    }
+    return handle;
+}
+
+X509 *STORE_list_certificate_next(STORE *s, void *handle)
+{
+    STORE_OBJECT *object;
+    X509 *x;
+
+    check_store(s, STORE_F_STORE_LIST_CERTIFICATE_NEXT,
+                list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
+
+    object = s->meth->list_object_next(s, handle);
+    if (!object || !object->data.x509.certificate) {
+        STOREerr(STORE_F_STORE_LIST_CERTIFICATE_NEXT,
+                 STORE_R_FAILED_LISTING_CERTIFICATES);
+        return 0;
+    }
+    CRYPTO_add(&object->data.x509.certificate->references, 1,
+               CRYPTO_LOCK_X509);
+#ifdef REF_PRINT
+    REF_PRINT("X509", data);
+#endif
+    x = object->data.x509.certificate;
+    STORE_OBJECT_free(object);
+    return x;
+}
+
+int STORE_list_certificate_end(STORE *s, void *handle)
+{
+    check_store(s, STORE_F_STORE_LIST_CERTIFICATE_END,
+                list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION);
+
+    if (!s->meth->list_object_end(s, handle)) {
+        STOREerr(STORE_F_STORE_LIST_CERTIFICATE_END,
+                 STORE_R_FAILED_LISTING_CERTIFICATES);
+        return 0;
+    }
+    return 1;
+}
+
+int STORE_list_certificate_endp(STORE *s, void *handle)
+{
+    check_store(s, STORE_F_STORE_LIST_CERTIFICATE_ENDP,
+                list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
+
+    if (!s->meth->list_object_endp(s, handle)) {
+        STOREerr(STORE_F_STORE_LIST_CERTIFICATE_ENDP,
+                 STORE_R_FAILED_LISTING_CERTIFICATES);
+        return 0;
+    }
+    return 1;
+}
+
+EVP_PKEY *STORE_generate_key(STORE *s, OPENSSL_ITEM attributes[],
+                             OPENSSL_ITEM parameters[])
+{
+    STORE_OBJECT *object;
+    EVP_PKEY *pkey;
+
+    check_store(s, STORE_F_STORE_GENERATE_KEY,
+                generate_object, STORE_R_NO_GENERATE_OBJECT_FUNCTION);
+
+    object = s->meth->generate_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
+                                      attributes, parameters);
+    if (!object || !object->data.key) {
+        STOREerr(STORE_F_STORE_GENERATE_KEY, STORE_R_FAILED_GENERATING_KEY);
+        return 0;
+    }
+    CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+    REF_PRINT("EVP_PKEY", data);
+#endif
+    pkey = object->data.key;
+    STORE_OBJECT_free(object);
+    return pkey;
+}
+
+EVP_PKEY *STORE_get_private_key(STORE *s, OPENSSL_ITEM attributes[],
+                                OPENSSL_ITEM parameters[])
+{
+    STORE_OBJECT *object;
+    EVP_PKEY *pkey;
+
+    check_store(s, STORE_F_STORE_GET_PRIVATE_KEY,
+                get_object, STORE_R_NO_GET_OBJECT_FUNCTION);
+
+    object = s->meth->get_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
+                                 attributes, parameters);
+    if (!object || !object->data.key || !object->data.key) {
+        STOREerr(STORE_F_STORE_GET_PRIVATE_KEY, STORE_R_FAILED_GETTING_KEY);
+        return 0;
+    }
+    CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+    REF_PRINT("EVP_PKEY", data);
+#endif
+    pkey = object->data.key;
+    STORE_OBJECT_free(object);
+    return pkey;
+}
+
+int STORE_store_private_key(STORE *s, EVP_PKEY *data,
+                            OPENSSL_ITEM attributes[],
+                            OPENSSL_ITEM parameters[])
+{
+    STORE_OBJECT *object;
+    int i;
+
+    check_store(s, STORE_F_STORE_STORE_PRIVATE_KEY,
+                store_object, STORE_R_NO_STORE_OBJECT_FUNCTION);
+
+    object = STORE_OBJECT_new();
+    if (!object) {
+        STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    object->data.key = EVP_PKEY_new();
+    if (!object->data.key) {
+        STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    CRYPTO_add(&data->references, 1, CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+    REF_PRINT("EVP_PKEY", data);
+#endif
+    object->data.key = data;
+
+    i = s->meth->store_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, object,
+                              attributes, parameters);
+
+    STORE_OBJECT_free(object);
+
+    if (!i) {
+        STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, STORE_R_FAILED_STORING_KEY);
+        return 0;
+    }
+    return i;
+}
+
+int STORE_modify_private_key(STORE *s, OPENSSL_ITEM search_attributes[],
+                             OPENSSL_ITEM add_attributes[],
+                             OPENSSL_ITEM modify_attributes[],
+                             OPENSSL_ITEM delete_attributes[],
+                             OPENSSL_ITEM parameters[])
+{
+    check_store(s, STORE_F_STORE_MODIFY_PRIVATE_KEY,
+                modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
+
+    if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
+                                search_attributes, add_attributes,
+                                modify_attributes, delete_attributes,
+                                parameters)) {
+        STOREerr(STORE_F_STORE_MODIFY_PRIVATE_KEY,
+                 STORE_R_FAILED_MODIFYING_PRIVATE_KEY);
+        return 0;
+    }
+    return 1;
+}
+
+int STORE_revoke_private_key(STORE *s, OPENSSL_ITEM attributes[],
+                             OPENSSL_ITEM parameters[])
+{
+    int i;
+
+    check_store(s, STORE_F_STORE_REVOKE_PRIVATE_KEY,
+                revoke_object, STORE_R_NO_REVOKE_OBJECT_FUNCTION);
+
+    i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
+                               attributes, parameters);
+
+    if (!i) {
+        STOREerr(STORE_F_STORE_REVOKE_PRIVATE_KEY,
+                 STORE_R_FAILED_REVOKING_KEY);
+        return 0;
+    }
+    return i;
+}
+
+int STORE_delete_private_key(STORE *s, OPENSSL_ITEM attributes[],
+                             OPENSSL_ITEM parameters[])
+{
+    check_store(s, STORE_F_STORE_DELETE_PRIVATE_KEY,
+                delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION);
+
+    if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
+                                attributes, parameters)) {
+        STOREerr(STORE_F_STORE_DELETE_PRIVATE_KEY,
+                 STORE_R_FAILED_DELETING_KEY);
+        return 0;
+    }
+    return 1;
+}
+
+void *STORE_list_private_key_start(STORE *s, OPENSSL_ITEM attributes[],
+                                   OPENSSL_ITEM parameters[])
+{
+    void *handle;
+
+    check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_START,
+                list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION);
+
+    handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
+                                        attributes, parameters);
+    if (!handle) {
+        STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_START,
+                 STORE_R_FAILED_LISTING_KEYS);
+        return 0;
+    }
+    return handle;
+}
+
+EVP_PKEY *STORE_list_private_key_next(STORE *s, void *handle)
+{
+    STORE_OBJECT *object;
+    EVP_PKEY *pkey;
+
+    check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_NEXT,
+                list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
+
+    object = s->meth->list_object_next(s, handle);
+    if (!object || !object->data.key || !object->data.key) {
+        STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT,
+                 STORE_R_FAILED_LISTING_KEYS);
+        return 0;
+    }
+    CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+    REF_PRINT("EVP_PKEY", data);
+#endif
+    pkey = object->data.key;
+    STORE_OBJECT_free(object);
+    return pkey;
+}
+
+int STORE_list_private_key_end(STORE *s, void *handle)
+{
+    check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_END,
+                list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION);
+
+    if (!s->meth->list_object_end(s, handle)) {
+        STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_END,
+                 STORE_R_FAILED_LISTING_KEYS);
+        return 0;
+    }
+    return 1;
+}
+
+int STORE_list_private_key_endp(STORE *s, void *handle)
+{
+    check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_ENDP,
+                list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
+
+    if (!s->meth->list_object_endp(s, handle)) {
+        STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP,
+                 STORE_R_FAILED_LISTING_KEYS);
+        return 0;
+    }
+    return 1;
+}
+
+EVP_PKEY *STORE_get_public_key(STORE *s, OPENSSL_ITEM attributes[],
+                               OPENSSL_ITEM parameters[])
+{
+    STORE_OBJECT *object;
+    EVP_PKEY *pkey;
+
+    check_store(s, STORE_F_STORE_GET_PUBLIC_KEY,
+                get_object, STORE_R_NO_GET_OBJECT_FUNCTION);
+
+    object = s->meth->get_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
+                                 attributes, parameters);
+    if (!object || !object->data.key || !object->data.key) {
+        STOREerr(STORE_F_STORE_GET_PUBLIC_KEY, STORE_R_FAILED_GETTING_KEY);
+        return 0;
+    }
+    CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+    REF_PRINT("EVP_PKEY", data);
+#endif
+    pkey = object->data.key;
+    STORE_OBJECT_free(object);
+    return pkey;
+}
+
+int STORE_store_public_key(STORE *s, EVP_PKEY *data,
+                           OPENSSL_ITEM attributes[],
+                           OPENSSL_ITEM parameters[])
+{
+    STORE_OBJECT *object;
+    int i;
+
+    check_store(s, STORE_F_STORE_STORE_PUBLIC_KEY,
+                store_object, STORE_R_NO_STORE_OBJECT_FUNCTION);
+
+    object = STORE_OBJECT_new();
+    if (!object) {
+        STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    object->data.key = EVP_PKEY_new();
+    if (!object->data.key) {
+        STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    CRYPTO_add(&data->references, 1, CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+    REF_PRINT("EVP_PKEY", data);
+#endif
+    object->data.key = data;
+
+    i = s->meth->store_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, object,
+                              attributes, parameters);
+
+    STORE_OBJECT_free(object);
+
+    if (!i) {
+        STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, STORE_R_FAILED_STORING_KEY);
+        return 0;
+    }
+    return i;
+}
+
+int STORE_modify_public_key(STORE *s, OPENSSL_ITEM search_attributes[],
+                            OPENSSL_ITEM add_attributes[],
+                            OPENSSL_ITEM modify_attributes[],
+                            OPENSSL_ITEM delete_attributes[],
+                            OPENSSL_ITEM parameters[])
+{
+    check_store(s, STORE_F_STORE_MODIFY_PUBLIC_KEY,
+                modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
+
+    if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
+                                search_attributes, add_attributes,
+                                modify_attributes, delete_attributes,
+                                parameters)) {
+        STOREerr(STORE_F_STORE_MODIFY_PUBLIC_KEY,
+                 STORE_R_FAILED_MODIFYING_PUBLIC_KEY);
+        return 0;
+    }
+    return 1;
+}
+
+int STORE_revoke_public_key(STORE *s, OPENSSL_ITEM attributes[],
+                            OPENSSL_ITEM parameters[])
+{
+    int i;
+
+    check_store(s, STORE_F_STORE_REVOKE_PUBLIC_KEY,
+                revoke_object, STORE_R_NO_REVOKE_OBJECT_FUNCTION);
+
+    i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
+                               attributes, parameters);
+
+    if (!i) {
+        STOREerr(STORE_F_STORE_REVOKE_PUBLIC_KEY,
+                 STORE_R_FAILED_REVOKING_KEY);
+        return 0;
+    }
+    return i;
+}
+
+int STORE_delete_public_key(STORE *s, OPENSSL_ITEM attributes[],
+                            OPENSSL_ITEM parameters[])
+{
+    check_store(s, STORE_F_STORE_DELETE_PUBLIC_KEY,
+                delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION);
+
+    if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
+                                attributes, parameters)) {
+        STOREerr(STORE_F_STORE_DELETE_PUBLIC_KEY,
+                 STORE_R_FAILED_DELETING_KEY);
+        return 0;
+    }
+    return 1;
+}
+
+void *STORE_list_public_key_start(STORE *s, OPENSSL_ITEM attributes[],
+                                  OPENSSL_ITEM parameters[])
+{
+    void *handle;
+
+    check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_START,
+                list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION);
+
+    handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
+                                        attributes, parameters);
+    if (!handle) {
+        STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_START,
+                 STORE_R_FAILED_LISTING_KEYS);
+        return 0;
+    }
+    return handle;
+}
+
+EVP_PKEY *STORE_list_public_key_next(STORE *s, void *handle)
+{
+    STORE_OBJECT *object;
+    EVP_PKEY *pkey;
+
+    check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_NEXT,
+                list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
+
+    object = s->meth->list_object_next(s, handle);
+    if (!object || !object->data.key || !object->data.key) {
+        STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT,
+                 STORE_R_FAILED_LISTING_KEYS);
+        return 0;
+    }
+    CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+    REF_PRINT("EVP_PKEY", data);
+#endif
+    pkey = object->data.key;
+    STORE_OBJECT_free(object);
+    return pkey;
+}
+
+int STORE_list_public_key_end(STORE *s, void *handle)
+{
+    check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_END,
+                list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION);
+
+    if (!s->meth->list_object_end(s, handle)) {
+        STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_END,
+                 STORE_R_FAILED_LISTING_KEYS);
+        return 0;
+    }
+    return 1;
+}
+
+int STORE_list_public_key_endp(STORE *s, void *handle)
+{
+    check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_ENDP,
+                list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
+
+    if (!s->meth->list_object_endp(s, handle)) {
+        STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP,
+                 STORE_R_FAILED_LISTING_KEYS);
+        return 0;
+    }
+    return 1;
+}
+
+X509_CRL *STORE_generate_crl(STORE *s, OPENSSL_ITEM attributes[],
+                             OPENSSL_ITEM parameters[])
+{
+    STORE_OBJECT *object;
+    X509_CRL *crl;
+
+    check_store(s, STORE_F_STORE_GENERATE_CRL,
+                generate_object, STORE_R_NO_GENERATE_CRL_FUNCTION);
+
+    object = s->meth->generate_object(s, STORE_OBJECT_TYPE_X509_CRL,
+                                      attributes, parameters);
+    if (!object || !object->data.crl) {
+        STOREerr(STORE_F_STORE_GENERATE_CRL, STORE_R_FAILED_GENERATING_CRL);
+        return 0;
+    }
+    CRYPTO_add(&object->data.crl->references, 1, CRYPTO_LOCK_X509_CRL);
+#ifdef REF_PRINT
+    REF_PRINT("X509_CRL", data);
+#endif
+    crl = object->data.crl;
+    STORE_OBJECT_free(object);
+    return crl;
+}
+
+X509_CRL *STORE_get_crl(STORE *s, OPENSSL_ITEM attributes[],
+                        OPENSSL_ITEM parameters[])
+{
+    STORE_OBJECT *object;
+    X509_CRL *crl;
+
+    check_store(s, STORE_F_STORE_GET_CRL,
+                get_object, STORE_R_NO_GET_OBJECT_FUNCTION);
+
+    object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CRL,
+                                 attributes, parameters);
+    if (!object || !object->data.crl) {
+        STOREerr(STORE_F_STORE_GET_CRL, STORE_R_FAILED_GETTING_KEY);
+        return 0;
+    }
+    CRYPTO_add(&object->data.crl->references, 1, CRYPTO_LOCK_X509_CRL);
+#ifdef REF_PRINT
+    REF_PRINT("X509_CRL", data);
+#endif
+    crl = object->data.crl;
+    STORE_OBJECT_free(object);
+    return crl;
+}
+
+int STORE_store_crl(STORE *s, X509_CRL *data, OPENSSL_ITEM attributes[],
+                    OPENSSL_ITEM parameters[])
+{
+    STORE_OBJECT *object;
+    int i;
+
+    check_store(s, STORE_F_STORE_STORE_CRL,
+                store_object, STORE_R_NO_STORE_OBJECT_FUNCTION);
+
+    object = STORE_OBJECT_new();
+    if (!object) {
+        STOREerr(STORE_F_STORE_STORE_CRL, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    CRYPTO_add(&data->references, 1, CRYPTO_LOCK_X509_CRL);
+#ifdef REF_PRINT
+    REF_PRINT("X509_CRL", data);
+#endif
+    object->data.crl = data;
+
+    i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CRL, object,
+                              attributes, parameters);
+
+    STORE_OBJECT_free(object);
+
+    if (!i) {
+        STOREerr(STORE_F_STORE_STORE_CRL, STORE_R_FAILED_STORING_KEY);
+        return 0;
+    }
+    return i;
+}
+
+int STORE_modify_crl(STORE *s, OPENSSL_ITEM search_attributes[],
+                     OPENSSL_ITEM add_attributes[],
+                     OPENSSL_ITEM modify_attributes[],
+                     OPENSSL_ITEM delete_attributes[],
+                     OPENSSL_ITEM parameters[])
+{
+    check_store(s, STORE_F_STORE_MODIFY_CRL,
+                modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
+
+    if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CRL,
+                                search_attributes, add_attributes,
+                                modify_attributes, delete_attributes,
+                                parameters)) {
+        STOREerr(STORE_F_STORE_MODIFY_CRL, STORE_R_FAILED_MODIFYING_CRL);
+        return 0;
+    }
+    return 1;
+}
+
+int STORE_delete_crl(STORE *s, OPENSSL_ITEM attributes[],
+                     OPENSSL_ITEM parameters[])
+{
+    check_store(s, STORE_F_STORE_DELETE_CRL,
+                delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION);
+
+    if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CRL,
+                                attributes, parameters)) {
+        STOREerr(STORE_F_STORE_DELETE_CRL, STORE_R_FAILED_DELETING_KEY);
+        return 0;
+    }
+    return 1;
+}
+
+void *STORE_list_crl_start(STORE *s, OPENSSL_ITEM attributes[],
+                           OPENSSL_ITEM parameters[])
+{
+    void *handle;
+
+    check_store(s, STORE_F_STORE_LIST_CRL_START,
+                list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION);
+
+    handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_X509_CRL,
+                                        attributes, parameters);
+    if (!handle) {
+        STOREerr(STORE_F_STORE_LIST_CRL_START, STORE_R_FAILED_LISTING_KEYS);
+        return 0;
+    }
+    return handle;
+}
+
+X509_CRL *STORE_list_crl_next(STORE *s, void *handle)
+{
+    STORE_OBJECT *object;
+    X509_CRL *crl;
+
+    check_store(s, STORE_F_STORE_LIST_CRL_NEXT,
+                list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
+
+    object = s->meth->list_object_next(s, handle);
+    if (!object || !object->data.crl) {
+        STOREerr(STORE_F_STORE_LIST_CRL_NEXT, STORE_R_FAILED_LISTING_KEYS);
+        return 0;
+    }
+    CRYPTO_add(&object->data.crl->references, 1, CRYPTO_LOCK_X509_CRL);
+#ifdef REF_PRINT
+    REF_PRINT("X509_CRL", data);
+#endif
+    crl = object->data.crl;
+    STORE_OBJECT_free(object);
+    return crl;
+}
+
+int STORE_list_crl_end(STORE *s, void *handle)
+{
+    check_store(s, STORE_F_STORE_LIST_CRL_END,
+                list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION);
+
+    if (!s->meth->list_object_end(s, handle)) {
+        STOREerr(STORE_F_STORE_LIST_CRL_END, STORE_R_FAILED_LISTING_KEYS);
+        return 0;
+    }
+    return 1;
+}
+
+int STORE_list_crl_endp(STORE *s, void *handle)
+{
+    check_store(s, STORE_F_STORE_LIST_CRL_ENDP,
+                list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
+
+    if (!s->meth->list_object_endp(s, handle)) {
+        STOREerr(STORE_F_STORE_LIST_CRL_ENDP, STORE_R_FAILED_LISTING_KEYS);
+        return 0;
+    }
+    return 1;
+}
+
+int STORE_store_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[],
+                       OPENSSL_ITEM parameters[])
+{
+    STORE_OBJECT *object;
+    int i;
+
+    check_store(s, STORE_F_STORE_STORE_NUMBER,
+                store_object, STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION);
+
+    object = STORE_OBJECT_new();
+    if (!object) {
+        STOREerr(STORE_F_STORE_STORE_NUMBER, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    object->data.number = data;
+
+    i = s->meth->store_object(s, STORE_OBJECT_TYPE_NUMBER, object,
+                              attributes, parameters);
+
+    STORE_OBJECT_free(object);
+
+    if (!i) {
+        STOREerr(STORE_F_STORE_STORE_NUMBER, STORE_R_FAILED_STORING_NUMBER);
+        return 0;
+    }
+    return 1;
+}
+
+int STORE_modify_number(STORE *s, OPENSSL_ITEM search_attributes[],
+                        OPENSSL_ITEM add_attributes[],
+                        OPENSSL_ITEM modify_attributes[],
+                        OPENSSL_ITEM delete_attributes[],
+                        OPENSSL_ITEM parameters[])
+{
+    check_store(s, STORE_F_STORE_MODIFY_NUMBER,
+                modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
+
+    if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_NUMBER,
+                                search_attributes, add_attributes,
+                                modify_attributes, delete_attributes,
+                                parameters)) {
+        STOREerr(STORE_F_STORE_MODIFY_NUMBER,
+                 STORE_R_FAILED_MODIFYING_NUMBER);
+        return 0;
+    }
+    return 1;
+}
+
+BIGNUM *STORE_get_number(STORE *s, OPENSSL_ITEM attributes[],
+                         OPENSSL_ITEM parameters[])
+{
+    STORE_OBJECT *object;
+    BIGNUM *n;
+
+    check_store(s, STORE_F_STORE_GET_NUMBER,
+                get_object, STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION);
+
+    object = s->meth->get_object(s, STORE_OBJECT_TYPE_NUMBER, attributes,
+                                 parameters);
+    if (!object || !object->data.number) {
+        STOREerr(STORE_F_STORE_GET_NUMBER, STORE_R_FAILED_GETTING_NUMBER);
+        return 0;
+    }
+    n = object->data.number;
+    object->data.number = NULL;
+    STORE_OBJECT_free(object);
+    return n;
+}
+
+int STORE_delete_number(STORE *s, OPENSSL_ITEM attributes[],
+                        OPENSSL_ITEM parameters[])
+{
+    check_store(s, STORE_F_STORE_DELETE_NUMBER,
+                delete_object, STORE_R_NO_DELETE_NUMBER_FUNCTION);
+
+    if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_NUMBER, attributes,
+                                parameters)) {
+        STOREerr(STORE_F_STORE_DELETE_NUMBER, STORE_R_FAILED_DELETING_NUMBER);
+        return 0;
+    }
+    return 1;
+}
+
+int STORE_store_arbitrary(STORE *s, BUF_MEM *data, OPENSSL_ITEM attributes[],
+                          OPENSSL_ITEM parameters[])
+{
+    STORE_OBJECT *object;
+    int i;
+
+    check_store(s, STORE_F_STORE_STORE_ARBITRARY,
+                store_object, STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION);
+
+    object = STORE_OBJECT_new();
+    if (!object) {
+        STOREerr(STORE_F_STORE_STORE_ARBITRARY, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    object->data.arbitrary = data;
+
+    i = s->meth->store_object(s, STORE_OBJECT_TYPE_ARBITRARY, object,
+                              attributes, parameters);
+
+    STORE_OBJECT_free(object);
+
+    if (!i) {
+        STOREerr(STORE_F_STORE_STORE_ARBITRARY,
+                 STORE_R_FAILED_STORING_ARBITRARY);
+        return 0;
+    }
+    return 1;
+}
+
+int STORE_modify_arbitrary(STORE *s, OPENSSL_ITEM search_attributes[],
+                           OPENSSL_ITEM add_attributes[],
+                           OPENSSL_ITEM modify_attributes[],
+                           OPENSSL_ITEM delete_attributes[],
+                           OPENSSL_ITEM parameters[])
+{
+    check_store(s, STORE_F_STORE_MODIFY_ARBITRARY,
+                modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
+
+    if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_ARBITRARY,
+                                search_attributes, add_attributes,
+                                modify_attributes, delete_attributes,
+                                parameters)) {
+        STOREerr(STORE_F_STORE_MODIFY_ARBITRARY,
+                 STORE_R_FAILED_MODIFYING_ARBITRARY);
+        return 0;
+    }
+    return 1;
+}
+
+BUF_MEM *STORE_get_arbitrary(STORE *s, OPENSSL_ITEM attributes[],
+                             OPENSSL_ITEM parameters[])
+{
+    STORE_OBJECT *object;
+    BUF_MEM *b;
+
+    check_store(s, STORE_F_STORE_GET_ARBITRARY,
+                get_object, STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION);
+
+    object = s->meth->get_object(s, STORE_OBJECT_TYPE_ARBITRARY,
+                                 attributes, parameters);
+    if (!object || !object->data.arbitrary) {
+        STOREerr(STORE_F_STORE_GET_ARBITRARY,
+                 STORE_R_FAILED_GETTING_ARBITRARY);
+        return 0;
+    }
+    b = object->data.arbitrary;
+    object->data.arbitrary = NULL;
+    STORE_OBJECT_free(object);
+    return b;
+}
+
+int STORE_delete_arbitrary(STORE *s, OPENSSL_ITEM attributes[],
+                           OPENSSL_ITEM parameters[])
+{
+    check_store(s, STORE_F_STORE_DELETE_ARBITRARY,
+                delete_object, STORE_R_NO_DELETE_ARBITRARY_FUNCTION);
+
+    if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_ARBITRARY, attributes,
+                                parameters)) {
+        STOREerr(STORE_F_STORE_DELETE_ARBITRARY,
+                 STORE_R_FAILED_DELETING_ARBITRARY);
+        return 0;
+    }
+    return 1;
+}
+
+STORE_OBJECT *STORE_OBJECT_new(void)
+{
+    STORE_OBJECT *object = OPENSSL_malloc(sizeof(STORE_OBJECT));
+    if (object)
+        memset(object, 0, sizeof(STORE_OBJECT));
+    return object;
+}
+
+void STORE_OBJECT_free(STORE_OBJECT *data)
+{
+    if (!data)
+        return;
+    switch (data->type) {
+    case STORE_OBJECT_TYPE_X509_CERTIFICATE:
+        X509_free(data->data.x509.certificate);
+        break;
+    case STORE_OBJECT_TYPE_X509_CRL:
+        X509_CRL_free(data->data.crl);
+        break;
+    case STORE_OBJECT_TYPE_PRIVATE_KEY:
+    case STORE_OBJECT_TYPE_PUBLIC_KEY:
+        EVP_PKEY_free(data->data.key);
+        break;
+    case STORE_OBJECT_TYPE_NUMBER:
+        BN_free(data->data.number);
+        break;
+    case STORE_OBJECT_TYPE_ARBITRARY:
+        BUF_MEM_free(data->data.arbitrary);
+        break;
+    }
+    OPENSSL_free(data);
+}
+
+IMPLEMENT_STACK_OF(STORE_OBJECT*)
+
+struct STORE_attr_info_st {
+    unsigned char set[(STORE_ATTR_TYPE_NUM + 8) / 8];
+    union {
+        char *cstring;
+        unsigned char *sha1string;
+        X509_NAME *dn;
+        BIGNUM *number;
+        void *any;
+    } values[STORE_ATTR_TYPE_NUM + 1];
+    size_t value_sizes[STORE_ATTR_TYPE_NUM + 1];
+};
+
+#define ATTR_IS_SET(a,i)        ((i) > 0 && (i) < STORE_ATTR_TYPE_NUM \
+                                && ((a)->set[(i) / 8] & (1 << ((i) % 8))))
+#define SET_ATTRBIT(a,i)        ((a)->set[(i) / 8] |= (1 << ((i) % 8)))
+#define CLEAR_ATTRBIT(a,i)      ((a)->set[(i) / 8] &= ~(1 << ((i) % 8)))
+
+STORE_ATTR_INFO *STORE_ATTR_INFO_new(void)
+{
+    return (STORE_ATTR_INFO *)OPENSSL_malloc(sizeof(STORE_ATTR_INFO));
+}
+
+static void STORE_ATTR_INFO_attr_free(STORE_ATTR_INFO *attrs,
+                                      STORE_ATTR_TYPES code)
+{
+    if (ATTR_IS_SET(attrs, code)) {
+        switch (code) {
+        case STORE_ATTR_FRIENDLYNAME:
+        case STORE_ATTR_EMAIL:
+        case STORE_ATTR_FILENAME:
+            STORE_ATTR_INFO_modify_cstr(attrs, code, NULL, 0);
+            break;
+        case STORE_ATTR_KEYID:
+        case STORE_ATTR_ISSUERKEYID:
+        case STORE_ATTR_SUBJECTKEYID:
+        case STORE_ATTR_ISSUERSERIALHASH:
+        case STORE_ATTR_CERTHASH:
+            STORE_ATTR_INFO_modify_sha1str(attrs, code, NULL, 0);
+            break;
+        case STORE_ATTR_ISSUER:
+        case STORE_ATTR_SUBJECT:
+            STORE_ATTR_INFO_modify_dn(attrs, code, NULL);
+            break;
+        case STORE_ATTR_SERIAL:
+            STORE_ATTR_INFO_modify_number(attrs, code, NULL);
+            break;
+        default:
+            break;
+        }
+    }
+}
+
+int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs)
+{
+    if (attrs) {
+        STORE_ATTR_TYPES i;
+        for (i = 0; i++ < STORE_ATTR_TYPE_NUM;)
+            STORE_ATTR_INFO_attr_free(attrs, i);
+        OPENSSL_free(attrs);
+    }
+    return 1;
+}
+
+char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code)
+{
+    if (!attrs) {
+        STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR,
+                 ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (ATTR_IS_SET(attrs, code))
+        return attrs->values[code].cstring;
+    STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR, STORE_R_NO_VALUE);
+    return NULL;
+}
+
+unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs,
+                                            STORE_ATTR_TYPES code)
+{
+    if (!attrs) {
+        STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR,
+                 ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (ATTR_IS_SET(attrs, code))
+        return attrs->values[code].sha1string;
+    STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR, STORE_R_NO_VALUE);
+    return NULL;
+}
+
+X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs,
+                                   STORE_ATTR_TYPES code)
+{
+    if (!attrs) {
+        STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN,
+                 ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (ATTR_IS_SET(attrs, code))
+        return attrs->values[code].dn;
+    STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN, STORE_R_NO_VALUE);
+    return NULL;
+}
+
+BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs,
+                                    STORE_ATTR_TYPES code)
+{
+    if (!attrs) {
+        STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER,
+                 ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (ATTR_IS_SET(attrs, code))
+        return attrs->values[code].number;
+    STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER, STORE_R_NO_VALUE);
+    return NULL;
+}
+
+int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+                             char *cstr, size_t cstr_size)
+{
+    if (!attrs) {
+        STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR,
+                 ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (!ATTR_IS_SET(attrs, code)) {
+        if ((attrs->values[code].cstring = BUF_strndup(cstr, cstr_size)))
+            return 1;
+        STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, STORE_R_ALREADY_HAS_A_VALUE);
+    return 0;
+}
+
+int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+                                unsigned char *sha1str, size_t sha1str_size)
+{
+    if (!attrs) {
+        STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR,
+                 ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (!ATTR_IS_SET(attrs, code)) {
+        if ((attrs->values[code].sha1string =
+             (unsigned char *)BUF_memdup(sha1str, sha1str_size)))
+            return 1;
+        STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR,
+             STORE_R_ALREADY_HAS_A_VALUE);
+    return 0;
+}
+
+int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+                           X509_NAME *dn)
+{
+    if (!attrs) {
+        STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (!ATTR_IS_SET(attrs, code)) {
+        if ((attrs->values[code].dn = X509_NAME_dup(dn)))
+            return 1;
+        STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, STORE_R_ALREADY_HAS_A_VALUE);
+    return 0;
+}
+
+int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+                               BIGNUM *number)
+{
+    if (!attrs) {
+        STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER,
+                 ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (!ATTR_IS_SET(attrs, code)) {
+        if ((attrs->values[code].number = BN_dup(number)))
+            return 1;
+        STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, STORE_R_ALREADY_HAS_A_VALUE);
+    return 0;
+}
+
+int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+                                char *cstr, size_t cstr_size)
+{
+    if (!attrs) {
+        STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR,
+                 ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (ATTR_IS_SET(attrs, code)) {
+        OPENSSL_free(attrs->values[code].cstring);
+        attrs->values[code].cstring = NULL;
+        CLEAR_ATTRBIT(attrs, code);
+    }
+    return STORE_ATTR_INFO_set_cstr(attrs, code, cstr, cstr_size);
+}
+
+int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs,
+                                   STORE_ATTR_TYPES code,
+                                   unsigned char *sha1str,
+                                   size_t sha1str_size)
+{
+    if (!attrs) {
+        STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR,
+                 ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (ATTR_IS_SET(attrs, code)) {
+        OPENSSL_free(attrs->values[code].sha1string);
+        attrs->values[code].sha1string = NULL;
+        CLEAR_ATTRBIT(attrs, code);
+    }
+    return STORE_ATTR_INFO_set_sha1str(attrs, code, sha1str, sha1str_size);
+}
+
+int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+                              X509_NAME *dn)
+{
+    if (!attrs) {
+        STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_DN,
+                 ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (ATTR_IS_SET(attrs, code)) {
+        OPENSSL_free(attrs->values[code].dn);
+        attrs->values[code].dn = NULL;
+        CLEAR_ATTRBIT(attrs, code);
+    }
+    return STORE_ATTR_INFO_set_dn(attrs, code, dn);
+}
+
+int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs,
+                                  STORE_ATTR_TYPES code, BIGNUM *number)
+{
+    if (!attrs) {
+        STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER,
+                 ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (ATTR_IS_SET(attrs, code)) {
+        OPENSSL_free(attrs->values[code].number);
+        attrs->values[code].number = NULL;
+        CLEAR_ATTRBIT(attrs, code);
+    }
+    return STORE_ATTR_INFO_set_number(attrs, code, number);
+}
+
+struct attr_list_ctx_st {
+    OPENSSL_ITEM *attributes;
+};
+void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes)
+{
+    if (attributes) {
+        struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)
+            OPENSSL_malloc(sizeof(struct attr_list_ctx_st));
+        if (context)
+            context->attributes = attributes;
+        else
+            STOREerr(STORE_F_STORE_PARSE_ATTRS_START, ERR_R_MALLOC_FAILURE);
+        return context;
+    }
+    STOREerr(STORE_F_STORE_PARSE_ATTRS_START, ERR_R_PASSED_NULL_PARAMETER);
+    return 0;
+}
+
+STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle)
+{
+    struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
+
+    if (context && context->attributes) {
+        STORE_ATTR_INFO *attrs = NULL;
+
+        while (context->attributes
+               && context->attributes->code != STORE_ATTR_OR
+               && context->attributes->code != STORE_ATTR_END) {
+            switch (context->attributes->code) {
+            case STORE_ATTR_FRIENDLYNAME:
+            case STORE_ATTR_EMAIL:
+            case STORE_ATTR_FILENAME:
+                if (!attrs)
+                    attrs = STORE_ATTR_INFO_new();
+                if (attrs == NULL) {
+                    STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
+                             ERR_R_MALLOC_FAILURE);
+                    goto err;
+                }
+                STORE_ATTR_INFO_set_cstr(attrs,
+                                         context->attributes->code,
+                                         context->attributes->value,
+                                         context->attributes->value_size);
+                break;
+            case STORE_ATTR_KEYID:
+            case STORE_ATTR_ISSUERKEYID:
+            case STORE_ATTR_SUBJECTKEYID:
+            case STORE_ATTR_ISSUERSERIALHASH:
+            case STORE_ATTR_CERTHASH:
+                if (!attrs)
+                    attrs = STORE_ATTR_INFO_new();
+                if (attrs == NULL) {
+                    STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
+                             ERR_R_MALLOC_FAILURE);
+                    goto err;
+                }
+                STORE_ATTR_INFO_set_sha1str(attrs,
+                                            context->attributes->code,
+                                            context->attributes->value,
+                                            context->attributes->value_size);
+                break;
+            case STORE_ATTR_ISSUER:
+            case STORE_ATTR_SUBJECT:
+                if (!attrs)
+                    attrs = STORE_ATTR_INFO_new();
+                if (attrs == NULL) {
+                    STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
+                             ERR_R_MALLOC_FAILURE);
+                    goto err;
+                }
+                STORE_ATTR_INFO_modify_dn(attrs,
+                                          context->attributes->code,
+                                          context->attributes->value);
+                break;
+            case STORE_ATTR_SERIAL:
+                if (!attrs)
+                    attrs = STORE_ATTR_INFO_new();
+                if (attrs == NULL) {
+                    STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
+                             ERR_R_MALLOC_FAILURE);
+                    goto err;
+                }
+                STORE_ATTR_INFO_modify_number(attrs,
+                                              context->attributes->code,
+                                              context->attributes->value);
+                break;
+            }
+            context->attributes++;
+        }
+        if (context->attributes->code == STORE_ATTR_OR)
+            context->attributes++;
+        return attrs;
+ err:
+        while (context->attributes
+               && context->attributes->code != STORE_ATTR_OR
+               && context->attributes->code != STORE_ATTR_END)
+            context->attributes++;
+        if (context->attributes->code == STORE_ATTR_OR)
+            context->attributes++;
+        return NULL;
+    }
+    STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, ERR_R_PASSED_NULL_PARAMETER);
+    return NULL;
+}
+
+int STORE_parse_attrs_end(void *handle)
+{
+    struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
+
+    if (context && context->attributes) {
+#if 0
+        OPENSSL_ITEM *attributes = context->attributes;
+#endif
+        OPENSSL_free(context);
+        return 1;
+    }
+    STOREerr(STORE_F_STORE_PARSE_ATTRS_END, ERR_R_PASSED_NULL_PARAMETER);
+    return 0;
+}
+
+int STORE_parse_attrs_endp(void *handle)
+{
+    struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
+
+    if (context && context->attributes) {
+        return context->attributes->code == STORE_ATTR_END;
+    }
+    STOREerr(STORE_F_STORE_PARSE_ATTRS_ENDP, ERR_R_PASSED_NULL_PARAMETER);
+    return 0;
+}
+
+static int attr_info_compare_compute_range(const unsigned char *abits,
+                                           const unsigned char *bbits,
+                                           unsigned int *alowp,
+                                           unsigned int *ahighp,
+                                           unsigned int *blowp,
+                                           unsigned int *bhighp)
+{
+    unsigned int alow = (unsigned int)-1, ahigh = 0;
+    unsigned int blow = (unsigned int)-1, bhigh = 0;
+    int i, res = 0;
+
+    for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++) {
+        if (res == 0) {
+            if (*abits < *bbits)
+                res = -1;
+            if (*abits > *bbits)
+                res = 1;
+        }
+        if (*abits) {
+            if (alow == (unsigned int)-1) {
+                alow = i * 8;
+                if (!(*abits & 0x01))
+                    alow++;
+                if (!(*abits & 0x02))
+                    alow++;
+                if (!(*abits & 0x04))
+                    alow++;
+                if (!(*abits & 0x08))
+                    alow++;
+                if (!(*abits & 0x10))
+                    alow++;
+                if (!(*abits & 0x20))
+                    alow++;
+                if (!(*abits & 0x40))
+                    alow++;
+            }
+            ahigh = i * 8 + 7;
+            if (!(*abits & 0x80))
+                ahigh++;
+            if (!(*abits & 0x40))
+                ahigh++;
+            if (!(*abits & 0x20))
+                ahigh++;
+            if (!(*abits & 0x10))
+                ahigh++;
+            if (!(*abits & 0x08))
+                ahigh++;
+            if (!(*abits & 0x04))
+                ahigh++;
+            if (!(*abits & 0x02))
+                ahigh++;
+        }
+        if (*bbits) {
+            if (blow == (unsigned int)-1) {
+                blow = i * 8;
+                if (!(*bbits & 0x01))
+                    blow++;
+                if (!(*bbits & 0x02))
+                    blow++;
+                if (!(*bbits & 0x04))
+                    blow++;
+                if (!(*bbits & 0x08))
+                    blow++;
+                if (!(*bbits & 0x10))
+                    blow++;
+                if (!(*bbits & 0x20))
+                    blow++;
+                if (!(*bbits & 0x40))
+                    blow++;
+            }
+            bhigh = i * 8 + 7;
+            if (!(*bbits & 0x80))
+                bhigh++;
+            if (!(*bbits & 0x40))
+                bhigh++;
+            if (!(*bbits & 0x20))
+                bhigh++;
+            if (!(*bbits & 0x10))
+                bhigh++;
+            if (!(*bbits & 0x08))
+                bhigh++;
+            if (!(*bbits & 0x04))
+                bhigh++;
+            if (!(*bbits & 0x02))
+                bhigh++;
+        }
+    }
+    if (ahigh + alow < bhigh + blow)
+        res = -1;
+    if (ahigh + alow > bhigh + blow)
+        res = 1;
+    if (alowp)
+        *alowp = alow;
+    if (ahighp)
+        *ahighp = ahigh;
+    if (blowp)
+        *blowp = blow;
+    if (bhighp)
+        *bhighp = bhigh;
+    return res;
+}
+
+int STORE_ATTR_INFO_compare(const STORE_ATTR_INFO *const *a,
+                            const STORE_ATTR_INFO *const *b)
+{
+    if (a == b)
+        return 0;
+    if (!a)
+        return -1;
+    if (!b)
+        return 1;
+    return attr_info_compare_compute_range((*a)->set, (*b)->set, 0, 0, 0, 0);
+}
+
+int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
+{
+    unsigned int alow, ahigh, blow, bhigh;
+
+    if (a == b)
+        return 1;
+    if (!a)
+        return 0;
+    if (!b)
+        return 0;
+    attr_info_compare_compute_range(a->set, b->set,
+                                    &alow, &ahigh, &blow, &bhigh);
+    if (alow >= blow && ahigh <= bhigh)
+        return 1;
+    return 0;
+}
+
+int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
+{
+    unsigned char *abits, *bbits;
+    int i;
+
+    if (a == b)
+        return 1;
+    if (!a)
+        return 0;
+    if (!b)
+        return 0;
+    abits = a->set;
+    bbits = b->set;
+    for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++) {
+        if (*abits && (*bbits & *abits) != *abits)
+            return 0;
+    }
+    return 1;
+}
+
+int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
+{
+    STORE_ATTR_TYPES i;
+
+    if (a == b)
+        return 1;
+    if (!STORE_ATTR_INFO_in(a, b))
+        return 0;
+    for (i = 1; i < STORE_ATTR_TYPE_NUM; i++)
+        if (ATTR_IS_SET(a, i)) {
+            switch (i) {
+            case STORE_ATTR_FRIENDLYNAME:
+            case STORE_ATTR_EMAIL:
+            case STORE_ATTR_FILENAME:
+                if (strcmp(a->values[i].cstring, b->values[i].cstring))
+                    return 0;
+                break;
+            case STORE_ATTR_KEYID:
+            case STORE_ATTR_ISSUERKEYID:
+            case STORE_ATTR_SUBJECTKEYID:
+            case STORE_ATTR_ISSUERSERIALHASH:
+            case STORE_ATTR_CERTHASH:
+                if (memcmp(a->values[i].sha1string,
+                           b->values[i].sha1string, a->value_sizes[i]))
+                    return 0;
+                break;
+            case STORE_ATTR_ISSUER:
+            case STORE_ATTR_SUBJECT:
+                if (X509_NAME_cmp(a->values[i].dn, b->values[i].dn))
+                    return 0;
+                break;
+            case STORE_ATTR_SERIAL:
+                if (BN_cmp(a->values[i].number, b->values[i].number))
+                    return 0;
+                break;
+            default:
+                break;
+            }
+        }
+
+    return 1;
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/store/str_locl.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/store/str_locl.h	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/store/str_locl.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,125 +0,0 @@
-/* crypto/store/str_locl.h -*- mode:C; c-file-style: "eay" -*- */
-/*
- * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
- * 2003.
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_STORE_LOCL_H
-# define HEADER_STORE_LOCL_H
-
-# include <openssl/crypto.h>
-# include <openssl/store.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-struct store_method_st {
-    char *name;
-    /*
-     * All the functions return a positive integer or non-NULL for success
-     * and 0, a negative integer or NULL for failure
-     */
-    /* Initialise the STORE with private data */
-    STORE_INITIALISE_FUNC_PTR init;
-    /* Initialise the STORE with private data */
-    STORE_CLEANUP_FUNC_PTR clean;
-    /* Generate an object of a given type */
-    STORE_GENERATE_OBJECT_FUNC_PTR generate_object;
-    /*
-     * Get an object of a given type.  This function isn't really very useful
-     * since the listing functions (below) can be used for the same purpose
-     * and are much more general.
-     */
-    STORE_GET_OBJECT_FUNC_PTR get_object;
-    /* Store an object of a given type. */
-    STORE_STORE_OBJECT_FUNC_PTR store_object;
-    /* Modify the attributes bound to an object of a given type. */
-    STORE_MODIFY_OBJECT_FUNC_PTR modify_object;
-    /* Revoke an object of a given type. */
-    STORE_HANDLE_OBJECT_FUNC_PTR revoke_object;
-    /* Delete an object of a given type. */
-    STORE_HANDLE_OBJECT_FUNC_PTR delete_object;
-    /*
-     * List a bunch of objects of a given type and with the associated
-     * attributes.
-     */
-    STORE_START_OBJECT_FUNC_PTR list_object_start;
-    STORE_NEXT_OBJECT_FUNC_PTR list_object_next;
-    STORE_END_OBJECT_FUNC_PTR list_object_end;
-    STORE_END_OBJECT_FUNC_PTR list_object_endp;
-    /* Store-level function to make any necessary update operations. */
-    STORE_GENERIC_FUNC_PTR update_store;
-    /* Store-level function to get exclusive access to the store. */
-    STORE_GENERIC_FUNC_PTR lock_store;
-    /* Store-level function to release exclusive access to the store. */
-    STORE_GENERIC_FUNC_PTR unlock_store;
-    /* Generic control function */
-    STORE_CTRL_FUNC_PTR ctrl;
-};
-
-struct store_st {
-    const STORE_METHOD *meth;
-    /* functional reference if 'meth' is ENGINE-provided */
-    ENGINE *engine;
-    CRYPTO_EX_DATA ex_data;
-    int references;
-};
-#ifdef  __cplusplus
-}
-#endif
-
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/store/str_locl.h (from rev 11605, vendor-crypto/openssl/dist/crypto/store/str_locl.h)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/store/str_locl.h	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/store/str_locl.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,125 @@
+/* crypto/store/str_locl.h */
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_STORE_LOCL_H
+# define HEADER_STORE_LOCL_H
+
+# include <openssl/crypto.h>
+# include <openssl/store.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+struct store_method_st {
+    char *name;
+    /*
+     * All the functions return a positive integer or non-NULL for success
+     * and 0, a negative integer or NULL for failure
+     */
+    /* Initialise the STORE with private data */
+    STORE_INITIALISE_FUNC_PTR init;
+    /* Initialise the STORE with private data */
+    STORE_CLEANUP_FUNC_PTR clean;
+    /* Generate an object of a given type */
+    STORE_GENERATE_OBJECT_FUNC_PTR generate_object;
+    /*
+     * Get an object of a given type.  This function isn't really very useful
+     * since the listing functions (below) can be used for the same purpose
+     * and are much more general.
+     */
+    STORE_GET_OBJECT_FUNC_PTR get_object;
+    /* Store an object of a given type. */
+    STORE_STORE_OBJECT_FUNC_PTR store_object;
+    /* Modify the attributes bound to an object of a given type. */
+    STORE_MODIFY_OBJECT_FUNC_PTR modify_object;
+    /* Revoke an object of a given type. */
+    STORE_HANDLE_OBJECT_FUNC_PTR revoke_object;
+    /* Delete an object of a given type. */
+    STORE_HANDLE_OBJECT_FUNC_PTR delete_object;
+    /*
+     * List a bunch of objects of a given type and with the associated
+     * attributes.
+     */
+    STORE_START_OBJECT_FUNC_PTR list_object_start;
+    STORE_NEXT_OBJECT_FUNC_PTR list_object_next;
+    STORE_END_OBJECT_FUNC_PTR list_object_end;
+    STORE_END_OBJECT_FUNC_PTR list_object_endp;
+    /* Store-level function to make any necessary update operations. */
+    STORE_GENERIC_FUNC_PTR update_store;
+    /* Store-level function to get exclusive access to the store. */
+    STORE_GENERIC_FUNC_PTR lock_store;
+    /* Store-level function to release exclusive access to the store. */
+    STORE_GENERIC_FUNC_PTR unlock_store;
+    /* Generic control function */
+    STORE_CTRL_FUNC_PTR ctrl;
+};
+
+struct store_st {
+    const STORE_METHOD *meth;
+    /* functional reference if 'meth' is ENGINE-provided */
+    ENGINE *engine;
+    CRYPTO_EX_DATA ex_data;
+    int references;
+};
+#ifdef  __cplusplus
+}
+#endif
+
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/store/str_mem.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/store/str_mem.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/store/str_mem.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,383 +0,0 @@
-/* crypto/store/str_mem.c -*- mode:C; c-file-style: "eay" -*- */
-/*
- * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
- * 2003.
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include <openssl/err.h>
-#include "str_locl.h"
-
-/*
- * The memory store is currently highly experimental.  It's meant to become a
- * base store used by other stores for internal caching (for full caching
- * support, aging needs to be added).
- *
- * The database use is meant to support as much attribute association as
- * possible, while providing for as small search ranges as possible. This is
- * currently provided for by sorting the entries by numbers that are composed
- * of bits set at the positions indicated by attribute type codes.  This
- * provides for ranges determined by the highest attribute type code value.
- * A better idea might be to sort by values computed from the range of
- * attributes associated with the object (basically, the difference between
- * the highest and lowest attribute type code) and it's distance from a base
- * (basically, the lowest associated attribute type code).
- */
-
-typedef struct mem_object_data_st {
-    STORE_OBJECT *object;
-    STORE_ATTR_INFO *attr_info;
-    int references;
-} MEM_OBJECT_DATA;
-
-DECLARE_STACK_OF(MEM_OBJECT_DATA)
-struct mem_data_st {
-    /*
-     * sorted with
-     * STORE_ATTR_INFO_compare().
-     */
-    STACK_OF(MEM_OBJECT_DATA) *data;
-    /*
-     * Currently unused, but can
-     * be used to add attributes
-     * from parts of the data.
-     */
-    unsigned int compute_components:1;
-};
-
-DECLARE_STACK_OF(STORE_ATTR_INFO)
-struct mem_ctx_st {
-    /* The type we're searching for */
-    int type;
-    /*
-     * Sets of
-     * attributes to search for.  Each
-     * element is a STORE_ATTR_INFO.
-     */
-    STACK_OF(STORE_ATTR_INFO) *search_attributes;
-    /*
-     * which of the search attributes we
-     * found a match for, -1 when we still
-     * haven't found any
-     */
-    int search_index;
-    /* -1 as long as we're searching for the first */
-    int index;
-};
-
-static int mem_init(STORE *s);
-static void mem_clean(STORE *s);
-static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type,
-                                  OPENSSL_ITEM attributes[],
-                                  OPENSSL_ITEM parameters[]);
-static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type,
-                             OPENSSL_ITEM attributes[],
-                             OPENSSL_ITEM parameters[]);
-static int mem_store(STORE *s, STORE_OBJECT_TYPES type, STORE_OBJECT *data,
-                     OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
-static int mem_modify(STORE *s, STORE_OBJECT_TYPES type,
-                      OPENSSL_ITEM search_attributes[],
-                      OPENSSL_ITEM add_attributes[],
-                      OPENSSL_ITEM modify_attributes[],
-                      OPENSSL_ITEM delete_attributes[],
-                      OPENSSL_ITEM parameters[]);
-static int mem_delete(STORE *s, STORE_OBJECT_TYPES type,
-                      OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
-static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type,
-                            OPENSSL_ITEM attributes[],
-                            OPENSSL_ITEM parameters[]);
-static STORE_OBJECT *mem_list_next(STORE *s, void *handle);
-static int mem_list_end(STORE *s, void *handle);
-static int mem_list_endp(STORE *s, void *handle);
-static int mem_lock(STORE *s, OPENSSL_ITEM attributes[],
-                    OPENSSL_ITEM parameters[]);
-static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[],
-                      OPENSSL_ITEM parameters[]);
-static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f) (void));
-
-static STORE_METHOD store_memory = {
-    "OpenSSL memory store interface",
-    mem_init,
-    mem_clean,
-    mem_generate,
-    mem_get,
-    mem_store,
-    mem_modify,
-    NULL,                       /* revoke */
-    mem_delete,
-    mem_list_start,
-    mem_list_next,
-    mem_list_end,
-    mem_list_endp,
-    NULL,                       /* update */
-    mem_lock,
-    mem_unlock,
-    mem_ctrl
-};
-
-const STORE_METHOD *STORE_Memory(void)
-{
-    return &store_memory;
-}
-
-static int mem_init(STORE *s)
-{
-    return 1;
-}
-
-static void mem_clean(STORE *s)
-{
-    return;
-}
-
-static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type,
-                                  OPENSSL_ITEM attributes[],
-                                  OPENSSL_ITEM parameters[])
-{
-    STOREerr(STORE_F_MEM_GENERATE, STORE_R_NOT_IMPLEMENTED);
-    return 0;
-}
-
-static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type,
-                             OPENSSL_ITEM attributes[],
-                             OPENSSL_ITEM parameters[])
-{
-    void *context = mem_list_start(s, type, attributes, parameters);
-
-    if (context) {
-        STORE_OBJECT *object = mem_list_next(s, context);
-
-        if (mem_list_end(s, context))
-            return object;
-    }
-    return NULL;
-}
-
-static int mem_store(STORE *s, STORE_OBJECT_TYPES type,
-                     STORE_OBJECT *data, OPENSSL_ITEM attributes[],
-                     OPENSSL_ITEM parameters[])
-{
-    STOREerr(STORE_F_MEM_STORE, STORE_R_NOT_IMPLEMENTED);
-    return 0;
-}
-
-static int mem_modify(STORE *s, STORE_OBJECT_TYPES type,
-                      OPENSSL_ITEM search_attributes[],
-                      OPENSSL_ITEM add_attributes[],
-                      OPENSSL_ITEM modify_attributes[],
-                      OPENSSL_ITEM delete_attributes[],
-                      OPENSSL_ITEM parameters[])
-{
-    STOREerr(STORE_F_MEM_MODIFY, STORE_R_NOT_IMPLEMENTED);
-    return 0;
-}
-
-static int mem_delete(STORE *s, STORE_OBJECT_TYPES type,
-                      OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[])
-{
-    STOREerr(STORE_F_MEM_DELETE, STORE_R_NOT_IMPLEMENTED);
-    return 0;
-}
-
-/*
- * The list functions may be the hardest to understand.  Basically,
- * mem_list_start compiles a stack of attribute info elements, and puts that
- * stack into the context to be returned.  mem_list_next will then find the
- * first matching element in the store, and then walk all the way to the end
- * of the store (since any combination of attribute bits above the starting
- * point may match the searched for bit pattern...).
- */
-static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type,
-                            OPENSSL_ITEM attributes[],
-                            OPENSSL_ITEM parameters[])
-{
-    struct mem_ctx_st *context =
-        (struct mem_ctx_st *)OPENSSL_malloc(sizeof(struct mem_ctx_st));
-    void *attribute_context = NULL;
-    STORE_ATTR_INFO *attrs = NULL;
-
-    if (!context) {
-        STOREerr(STORE_F_MEM_LIST_START, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-    memset(context, 0, sizeof(struct mem_ctx_st));
-
-    attribute_context = STORE_parse_attrs_start(attributes);
-    if (!attribute_context) {
-        STOREerr(STORE_F_MEM_LIST_START, ERR_R_STORE_LIB);
-        goto err;
-    }
-
-    while ((attrs = STORE_parse_attrs_next(attribute_context))) {
-        if (context->search_attributes == NULL) {
-            context->search_attributes =
-                sk_STORE_ATTR_INFO_new(STORE_ATTR_INFO_compare);
-            if (!context->search_attributes) {
-                STOREerr(STORE_F_MEM_LIST_START, ERR_R_MALLOC_FAILURE);
-                goto err;
-            }
-        }
-        sk_STORE_ATTR_INFO_push(context->search_attributes, attrs);
-    }
-    if (!STORE_parse_attrs_endp(attribute_context))
-        goto err;
-    STORE_parse_attrs_end(attribute_context);
-    context->search_index = -1;
-    context->index = -1;
-    return context;
- err:
-    if (attribute_context)
-        STORE_parse_attrs_end(attribute_context);
-    mem_list_end(s, context);
-    return NULL;
-}
-
-static STORE_OBJECT *mem_list_next(STORE *s, void *handle)
-{
-    int i;
-    struct mem_ctx_st *context = (struct mem_ctx_st *)handle;
-    struct mem_object_data_st key = { 0, 0, 1 };
-    struct mem_data_st *store = (struct mem_data_st *)STORE_get_ex_data(s, 1);
-    int srch;
-    int cres = 0;
-
-    if (!context) {
-        STOREerr(STORE_F_MEM_LIST_NEXT, ERR_R_PASSED_NULL_PARAMETER);
-        return NULL;
-    }
-    if (!store) {
-        STOREerr(STORE_F_MEM_LIST_NEXT, STORE_R_NO_STORE);
-        return NULL;
-    }
-
-    if (context->search_index == -1) {
-        for (i = 0;
-             i < sk_STORE_ATTR_INFO_num(context->search_attributes); i++) {
-            key.attr_info
-                = sk_STORE_ATTR_INFO_value(context->search_attributes, i);
-            srch = sk_MEM_OBJECT_DATA_find_ex(store->data, &key);
-
-            if (srch >= 0) {
-                context->search_index = srch;
-                break;
-            }
-        }
-    }
-    if (context->search_index < 0)
-        return NULL;
-
-    key.attr_info =
-        sk_STORE_ATTR_INFO_value(context->search_attributes,
-                                 context->search_index);
-    for (srch = context->search_index;
-         srch < sk_MEM_OBJECT_DATA_num(store->data)
-         && STORE_ATTR_INFO_in_range(key.attr_info,
-                                     sk_MEM_OBJECT_DATA_value(store->data,
-                                                              srch)->attr_info)
-         && !(cres =
-              STORE_ATTR_INFO_in_ex(key.attr_info,
-                                    sk_MEM_OBJECT_DATA_value(store->data,
-                                                             srch)->attr_info));
-         srch++) ;
-
-    context->search_index = srch;
-    if (cres)
-        return (sk_MEM_OBJECT_DATA_value(store->data, srch))->object;
-    return NULL;
-}
-
-static int mem_list_end(STORE *s, void *handle)
-{
-    struct mem_ctx_st *context = (struct mem_ctx_st *)handle;
-
-    if (!context) {
-        STOREerr(STORE_F_MEM_LIST_END, ERR_R_PASSED_NULL_PARAMETER);
-        return 0;
-    }
-    if (context && context->search_attributes)
-        sk_STORE_ATTR_INFO_free(context->search_attributes);
-    if (context)
-        OPENSSL_free(context);
-    return 1;
-}
-
-static int mem_list_endp(STORE *s, void *handle)
-{
-    struct mem_ctx_st *context = (struct mem_ctx_st *)handle;
-
-    if (!context
-        || context->search_index
-        == sk_STORE_ATTR_INFO_num(context->search_attributes))
-        return 1;
-    return 0;
-}
-
-static int mem_lock(STORE *s, OPENSSL_ITEM attributes[],
-                    OPENSSL_ITEM parameters[])
-{
-    return 1;
-}
-
-static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[],
-                      OPENSSL_ITEM parameters[])
-{
-    return 1;
-}
-
-static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f) (void))
-{
-    return 1;
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/store/str_mem.c (from rev 11605, vendor-crypto/openssl/dist/crypto/store/str_mem.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/store/str_mem.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/store/str_mem.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,383 @@
+/* crypto/store/str_mem.c */
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include "str_locl.h"
+
+/*
+ * The memory store is currently highly experimental.  It's meant to become a
+ * base store used by other stores for internal caching (for full caching
+ * support, aging needs to be added).
+ *
+ * The database use is meant to support as much attribute association as
+ * possible, while providing for as small search ranges as possible. This is
+ * currently provided for by sorting the entries by numbers that are composed
+ * of bits set at the positions indicated by attribute type codes.  This
+ * provides for ranges determined by the highest attribute type code value.
+ * A better idea might be to sort by values computed from the range of
+ * attributes associated with the object (basically, the difference between
+ * the highest and lowest attribute type code) and it's distance from a base
+ * (basically, the lowest associated attribute type code).
+ */
+
+typedef struct mem_object_data_st {
+    STORE_OBJECT *object;
+    STORE_ATTR_INFO *attr_info;
+    int references;
+} MEM_OBJECT_DATA;
+
+DECLARE_STACK_OF(MEM_OBJECT_DATA)
+struct mem_data_st {
+    /*
+     * sorted with
+     * STORE_ATTR_INFO_compare().
+     */
+    STACK_OF(MEM_OBJECT_DATA) *data;
+    /*
+     * Currently unused, but can
+     * be used to add attributes
+     * from parts of the data.
+     */
+    unsigned int compute_components:1;
+};
+
+DECLARE_STACK_OF(STORE_ATTR_INFO)
+struct mem_ctx_st {
+    /* The type we're searching for */
+    int type;
+    /*
+     * Sets of
+     * attributes to search for.  Each
+     * element is a STORE_ATTR_INFO.
+     */
+    STACK_OF(STORE_ATTR_INFO) *search_attributes;
+    /*
+     * which of the search attributes we
+     * found a match for, -1 when we still
+     * haven't found any
+     */
+    int search_index;
+    /* -1 as long as we're searching for the first */
+    int index;
+};
+
+static int mem_init(STORE *s);
+static void mem_clean(STORE *s);
+static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type,
+                                  OPENSSL_ITEM attributes[],
+                                  OPENSSL_ITEM parameters[]);
+static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type,
+                             OPENSSL_ITEM attributes[],
+                             OPENSSL_ITEM parameters[]);
+static int mem_store(STORE *s, STORE_OBJECT_TYPES type, STORE_OBJECT *data,
+                     OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+static int mem_modify(STORE *s, STORE_OBJECT_TYPES type,
+                      OPENSSL_ITEM search_attributes[],
+                      OPENSSL_ITEM add_attributes[],
+                      OPENSSL_ITEM modify_attributes[],
+                      OPENSSL_ITEM delete_attributes[],
+                      OPENSSL_ITEM parameters[]);
+static int mem_delete(STORE *s, STORE_OBJECT_TYPES type,
+                      OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type,
+                            OPENSSL_ITEM attributes[],
+                            OPENSSL_ITEM parameters[]);
+static STORE_OBJECT *mem_list_next(STORE *s, void *handle);
+static int mem_list_end(STORE *s, void *handle);
+static int mem_list_endp(STORE *s, void *handle);
+static int mem_lock(STORE *s, OPENSSL_ITEM attributes[],
+                    OPENSSL_ITEM parameters[]);
+static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[],
+                      OPENSSL_ITEM parameters[]);
+static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f) (void));
+
+static STORE_METHOD store_memory = {
+    "OpenSSL memory store interface",
+    mem_init,
+    mem_clean,
+    mem_generate,
+    mem_get,
+    mem_store,
+    mem_modify,
+    NULL,                       /* revoke */
+    mem_delete,
+    mem_list_start,
+    mem_list_next,
+    mem_list_end,
+    mem_list_endp,
+    NULL,                       /* update */
+    mem_lock,
+    mem_unlock,
+    mem_ctrl
+};
+
+const STORE_METHOD *STORE_Memory(void)
+{
+    return &store_memory;
+}
+
+static int mem_init(STORE *s)
+{
+    return 1;
+}
+
+static void mem_clean(STORE *s)
+{
+    return;
+}
+
+static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type,
+                                  OPENSSL_ITEM attributes[],
+                                  OPENSSL_ITEM parameters[])
+{
+    STOREerr(STORE_F_MEM_GENERATE, STORE_R_NOT_IMPLEMENTED);
+    return 0;
+}
+
+static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type,
+                             OPENSSL_ITEM attributes[],
+                             OPENSSL_ITEM parameters[])
+{
+    void *context = mem_list_start(s, type, attributes, parameters);
+
+    if (context) {
+        STORE_OBJECT *object = mem_list_next(s, context);
+
+        if (mem_list_end(s, context))
+            return object;
+    }
+    return NULL;
+}
+
+static int mem_store(STORE *s, STORE_OBJECT_TYPES type,
+                     STORE_OBJECT *data, OPENSSL_ITEM attributes[],
+                     OPENSSL_ITEM parameters[])
+{
+    STOREerr(STORE_F_MEM_STORE, STORE_R_NOT_IMPLEMENTED);
+    return 0;
+}
+
+static int mem_modify(STORE *s, STORE_OBJECT_TYPES type,
+                      OPENSSL_ITEM search_attributes[],
+                      OPENSSL_ITEM add_attributes[],
+                      OPENSSL_ITEM modify_attributes[],
+                      OPENSSL_ITEM delete_attributes[],
+                      OPENSSL_ITEM parameters[])
+{
+    STOREerr(STORE_F_MEM_MODIFY, STORE_R_NOT_IMPLEMENTED);
+    return 0;
+}
+
+static int mem_delete(STORE *s, STORE_OBJECT_TYPES type,
+                      OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[])
+{
+    STOREerr(STORE_F_MEM_DELETE, STORE_R_NOT_IMPLEMENTED);
+    return 0;
+}
+
+/*
+ * The list functions may be the hardest to understand.  Basically,
+ * mem_list_start compiles a stack of attribute info elements, and puts that
+ * stack into the context to be returned.  mem_list_next will then find the
+ * first matching element in the store, and then walk all the way to the end
+ * of the store (since any combination of attribute bits above the starting
+ * point may match the searched for bit pattern...).
+ */
+static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type,
+                            OPENSSL_ITEM attributes[],
+                            OPENSSL_ITEM parameters[])
+{
+    struct mem_ctx_st *context =
+        (struct mem_ctx_st *)OPENSSL_malloc(sizeof(struct mem_ctx_st));
+    void *attribute_context = NULL;
+    STORE_ATTR_INFO *attrs = NULL;
+
+    if (!context) {
+        STOREerr(STORE_F_MEM_LIST_START, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    memset(context, 0, sizeof(struct mem_ctx_st));
+
+    attribute_context = STORE_parse_attrs_start(attributes);
+    if (!attribute_context) {
+        STOREerr(STORE_F_MEM_LIST_START, ERR_R_STORE_LIB);
+        goto err;
+    }
+
+    while ((attrs = STORE_parse_attrs_next(attribute_context))) {
+        if (context->search_attributes == NULL) {
+            context->search_attributes =
+                sk_STORE_ATTR_INFO_new(STORE_ATTR_INFO_compare);
+            if (!context->search_attributes) {
+                STOREerr(STORE_F_MEM_LIST_START, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        }
+        sk_STORE_ATTR_INFO_push(context->search_attributes, attrs);
+    }
+    if (!STORE_parse_attrs_endp(attribute_context))
+        goto err;
+    STORE_parse_attrs_end(attribute_context);
+    context->search_index = -1;
+    context->index = -1;
+    return context;
+ err:
+    if (attribute_context)
+        STORE_parse_attrs_end(attribute_context);
+    mem_list_end(s, context);
+    return NULL;
+}
+
+static STORE_OBJECT *mem_list_next(STORE *s, void *handle)
+{
+    int i;
+    struct mem_ctx_st *context = (struct mem_ctx_st *)handle;
+    struct mem_object_data_st key = { 0, 0, 1 };
+    struct mem_data_st *store = (struct mem_data_st *)STORE_get_ex_data(s, 1);
+    int srch;
+    int cres = 0;
+
+    if (!context) {
+        STOREerr(STORE_F_MEM_LIST_NEXT, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (!store) {
+        STOREerr(STORE_F_MEM_LIST_NEXT, STORE_R_NO_STORE);
+        return NULL;
+    }
+
+    if (context->search_index == -1) {
+        for (i = 0;
+             i < sk_STORE_ATTR_INFO_num(context->search_attributes); i++) {
+            key.attr_info
+                = sk_STORE_ATTR_INFO_value(context->search_attributes, i);
+            srch = sk_MEM_OBJECT_DATA_find_ex(store->data, &key);
+
+            if (srch >= 0) {
+                context->search_index = srch;
+                break;
+            }
+        }
+    }
+    if (context->search_index < 0)
+        return NULL;
+
+    key.attr_info =
+        sk_STORE_ATTR_INFO_value(context->search_attributes,
+                                 context->search_index);
+    for (srch = context->search_index;
+         srch < sk_MEM_OBJECT_DATA_num(store->data)
+         && STORE_ATTR_INFO_in_range(key.attr_info,
+                                     sk_MEM_OBJECT_DATA_value(store->data,
+                                                              srch)->attr_info)
+         && !(cres =
+              STORE_ATTR_INFO_in_ex(key.attr_info,
+                                    sk_MEM_OBJECT_DATA_value(store->data,
+                                                             srch)->attr_info));
+         srch++) ;
+
+    context->search_index = srch;
+    if (cres)
+        return (sk_MEM_OBJECT_DATA_value(store->data, srch))->object;
+    return NULL;
+}
+
+static int mem_list_end(STORE *s, void *handle)
+{
+    struct mem_ctx_st *context = (struct mem_ctx_st *)handle;
+
+    if (!context) {
+        STOREerr(STORE_F_MEM_LIST_END, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (context && context->search_attributes)
+        sk_STORE_ATTR_INFO_free(context->search_attributes);
+    if (context)
+        OPENSSL_free(context);
+    return 1;
+}
+
+static int mem_list_endp(STORE *s, void *handle)
+{
+    struct mem_ctx_st *context = (struct mem_ctx_st *)handle;
+
+    if (!context
+        || context->search_index
+        == sk_STORE_ATTR_INFO_num(context->search_attributes))
+        return 1;
+    return 0;
+}
+
+static int mem_lock(STORE *s, OPENSSL_ITEM attributes[],
+                    OPENSSL_ITEM parameters[])
+{
+    return 1;
+}
+
+static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[],
+                      OPENSSL_ITEM parameters[])
+{
+    return 1;
+}
+
+static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f) (void))
+{
+    return 1;
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/store/str_meth.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/store/str_meth.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/store/str_meth.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,280 +0,0 @@
-/* crypto/store/str_meth.c -*- mode:C; c-file-style: "eay" -*- */
-/*
- * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
- * 2003.
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include <openssl/buffer.h>
-#include "str_locl.h"
-
-STORE_METHOD *STORE_create_method(char *name)
-{
-    STORE_METHOD *store_method =
-        (STORE_METHOD *)OPENSSL_malloc(sizeof(STORE_METHOD));
-
-    if (store_method) {
-        memset(store_method, 0, sizeof(*store_method));
-        store_method->name = BUF_strdup(name);
-    }
-    return store_method;
-}
-
-/*
- * BIG FSCKING WARNING!!!! If you use this on a statically allocated method
- * (that is, it hasn't been allocated using STORE_create_method(), you
- * deserve anything Murphy can throw at you and more! You have been warned.
- */
-void STORE_destroy_method(STORE_METHOD *store_method)
-{
-    if (!store_method)
-        return;
-    OPENSSL_free(store_method->name);
-    store_method->name = NULL;
-    OPENSSL_free(store_method);
-}
-
-int STORE_method_set_initialise_function(STORE_METHOD *sm,
-                                         STORE_INITIALISE_FUNC_PTR init_f)
-{
-    sm->init = init_f;
-    return 1;
-}
-
-int STORE_method_set_cleanup_function(STORE_METHOD *sm,
-                                      STORE_CLEANUP_FUNC_PTR clean_f)
-{
-    sm->clean = clean_f;
-    return 1;
-}
-
-int STORE_method_set_generate_function(STORE_METHOD *sm,
-                                       STORE_GENERATE_OBJECT_FUNC_PTR
-                                       generate_f)
-{
-    sm->generate_object = generate_f;
-    return 1;
-}
-
-int STORE_method_set_get_function(STORE_METHOD *sm,
-                                  STORE_GET_OBJECT_FUNC_PTR get_f)
-{
-    sm->get_object = get_f;
-    return 1;
-}
-
-int STORE_method_set_store_function(STORE_METHOD *sm,
-                                    STORE_STORE_OBJECT_FUNC_PTR store_f)
-{
-    sm->store_object = store_f;
-    return 1;
-}
-
-int STORE_method_set_modify_function(STORE_METHOD *sm,
-                                     STORE_MODIFY_OBJECT_FUNC_PTR modify_f)
-{
-    sm->modify_object = modify_f;
-    return 1;
-}
-
-int STORE_method_set_revoke_function(STORE_METHOD *sm,
-                                     STORE_HANDLE_OBJECT_FUNC_PTR revoke_f)
-{
-    sm->revoke_object = revoke_f;
-    return 1;
-}
-
-int STORE_method_set_delete_function(STORE_METHOD *sm,
-                                     STORE_HANDLE_OBJECT_FUNC_PTR delete_f)
-{
-    sm->delete_object = delete_f;
-    return 1;
-}
-
-int STORE_method_set_list_start_function(STORE_METHOD *sm,
-                                         STORE_START_OBJECT_FUNC_PTR
-                                         list_start_f)
-{
-    sm->list_object_start = list_start_f;
-    return 1;
-}
-
-int STORE_method_set_list_next_function(STORE_METHOD *sm,
-                                        STORE_NEXT_OBJECT_FUNC_PTR
-                                        list_next_f)
-{
-    sm->list_object_next = list_next_f;
-    return 1;
-}
-
-int STORE_method_set_list_end_function(STORE_METHOD *sm,
-                                       STORE_END_OBJECT_FUNC_PTR list_end_f)
-{
-    sm->list_object_end = list_end_f;
-    return 1;
-}
-
-int STORE_method_set_update_store_function(STORE_METHOD *sm,
-                                           STORE_GENERIC_FUNC_PTR update_f)
-{
-    sm->update_store = update_f;
-    return 1;
-}
-
-int STORE_method_set_lock_store_function(STORE_METHOD *sm,
-                                         STORE_GENERIC_FUNC_PTR lock_f)
-{
-    sm->lock_store = lock_f;
-    return 1;
-}
-
-int STORE_method_set_unlock_store_function(STORE_METHOD *sm,
-                                           STORE_GENERIC_FUNC_PTR unlock_f)
-{
-    sm->unlock_store = unlock_f;
-    return 1;
-}
-
-int STORE_method_set_ctrl_function(STORE_METHOD *sm,
-                                   STORE_CTRL_FUNC_PTR ctrl_f)
-{
-    sm->ctrl = ctrl_f;
-    return 1;
-}
-
-STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD
-                                                               *sm)
-{
-    return sm->init;
-}
-
-STORE_CLEANUP_FUNC_PTR STORE_method_get_cleanup_function(STORE_METHOD *sm)
-{
-    return sm->clean;
-}
-
-STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD
-                                                                  *sm)
-{
-    return sm->generate_object;
-}
-
-STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm)
-{
-    return sm->get_object;
-}
-
-STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm)
-{
-    return sm->store_object;
-}
-
-STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD
-                                                              *sm)
-{
-    return sm->modify_object;
-}
-
-STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD
-                                                              *sm)
-{
-    return sm->revoke_object;
-}
-
-STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD
-                                                              *sm)
-{
-    return sm->delete_object;
-}
-
-STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD
-                                                                 *sm)
-{
-    return sm->list_object_start;
-}
-
-STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD
-                                                               *sm)
-{
-    return sm->list_object_next;
-}
-
-STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD *sm)
-{
-    return sm->list_object_end;
-}
-
-STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD
-                                                              *sm)
-{
-    return sm->update_store;
-}
-
-STORE_GENERIC_FUNC_PTR STORE_method_get_lock_store_function(STORE_METHOD *sm)
-{
-    return sm->lock_store;
-}
-
-STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD
-                                                              *sm)
-{
-    return sm->unlock_store;
-}
-
-STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm)
-{
-    return sm->ctrl;
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/store/str_meth.c (from rev 11605, vendor-crypto/openssl/dist/crypto/store/str_meth.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/store/str_meth.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/store/str_meth.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,280 @@
+/* crypto/store/str_meth.c */
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/buffer.h>
+#include "str_locl.h"
+
+STORE_METHOD *STORE_create_method(char *name)
+{
+    STORE_METHOD *store_method =
+        (STORE_METHOD *)OPENSSL_malloc(sizeof(STORE_METHOD));
+
+    if (store_method) {
+        memset(store_method, 0, sizeof(*store_method));
+        store_method->name = BUF_strdup(name);
+    }
+    return store_method;
+}
+
+/*
+ * BIG FSCKING WARNING!!!! If you use this on a statically allocated method
+ * (that is, it hasn't been allocated using STORE_create_method(), you
+ * deserve anything Murphy can throw at you and more! You have been warned.
+ */
+void STORE_destroy_method(STORE_METHOD *store_method)
+{
+    if (!store_method)
+        return;
+    OPENSSL_free(store_method->name);
+    store_method->name = NULL;
+    OPENSSL_free(store_method);
+}
+
+int STORE_method_set_initialise_function(STORE_METHOD *sm,
+                                         STORE_INITIALISE_FUNC_PTR init_f)
+{
+    sm->init = init_f;
+    return 1;
+}
+
+int STORE_method_set_cleanup_function(STORE_METHOD *sm,
+                                      STORE_CLEANUP_FUNC_PTR clean_f)
+{
+    sm->clean = clean_f;
+    return 1;
+}
+
+int STORE_method_set_generate_function(STORE_METHOD *sm,
+                                       STORE_GENERATE_OBJECT_FUNC_PTR
+                                       generate_f)
+{
+    sm->generate_object = generate_f;
+    return 1;
+}
+
+int STORE_method_set_get_function(STORE_METHOD *sm,
+                                  STORE_GET_OBJECT_FUNC_PTR get_f)
+{
+    sm->get_object = get_f;
+    return 1;
+}
+
+int STORE_method_set_store_function(STORE_METHOD *sm,
+                                    STORE_STORE_OBJECT_FUNC_PTR store_f)
+{
+    sm->store_object = store_f;
+    return 1;
+}
+
+int STORE_method_set_modify_function(STORE_METHOD *sm,
+                                     STORE_MODIFY_OBJECT_FUNC_PTR modify_f)
+{
+    sm->modify_object = modify_f;
+    return 1;
+}
+
+int STORE_method_set_revoke_function(STORE_METHOD *sm,
+                                     STORE_HANDLE_OBJECT_FUNC_PTR revoke_f)
+{
+    sm->revoke_object = revoke_f;
+    return 1;
+}
+
+int STORE_method_set_delete_function(STORE_METHOD *sm,
+                                     STORE_HANDLE_OBJECT_FUNC_PTR delete_f)
+{
+    sm->delete_object = delete_f;
+    return 1;
+}
+
+int STORE_method_set_list_start_function(STORE_METHOD *sm,
+                                         STORE_START_OBJECT_FUNC_PTR
+                                         list_start_f)
+{
+    sm->list_object_start = list_start_f;
+    return 1;
+}
+
+int STORE_method_set_list_next_function(STORE_METHOD *sm,
+                                        STORE_NEXT_OBJECT_FUNC_PTR
+                                        list_next_f)
+{
+    sm->list_object_next = list_next_f;
+    return 1;
+}
+
+int STORE_method_set_list_end_function(STORE_METHOD *sm,
+                                       STORE_END_OBJECT_FUNC_PTR list_end_f)
+{
+    sm->list_object_end = list_end_f;
+    return 1;
+}
+
+int STORE_method_set_update_store_function(STORE_METHOD *sm,
+                                           STORE_GENERIC_FUNC_PTR update_f)
+{
+    sm->update_store = update_f;
+    return 1;
+}
+
+int STORE_method_set_lock_store_function(STORE_METHOD *sm,
+                                         STORE_GENERIC_FUNC_PTR lock_f)
+{
+    sm->lock_store = lock_f;
+    return 1;
+}
+
+int STORE_method_set_unlock_store_function(STORE_METHOD *sm,
+                                           STORE_GENERIC_FUNC_PTR unlock_f)
+{
+    sm->unlock_store = unlock_f;
+    return 1;
+}
+
+int STORE_method_set_ctrl_function(STORE_METHOD *sm,
+                                   STORE_CTRL_FUNC_PTR ctrl_f)
+{
+    sm->ctrl = ctrl_f;
+    return 1;
+}
+
+STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD
+                                                               *sm)
+{
+    return sm->init;
+}
+
+STORE_CLEANUP_FUNC_PTR STORE_method_get_cleanup_function(STORE_METHOD *sm)
+{
+    return sm->clean;
+}
+
+STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD
+                                                                  *sm)
+{
+    return sm->generate_object;
+}
+
+STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm)
+{
+    return sm->get_object;
+}
+
+STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm)
+{
+    return sm->store_object;
+}
+
+STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD
+                                                              *sm)
+{
+    return sm->modify_object;
+}
+
+STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD
+                                                              *sm)
+{
+    return sm->revoke_object;
+}
+
+STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD
+                                                              *sm)
+{
+    return sm->delete_object;
+}
+
+STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD
+                                                                 *sm)
+{
+    return sm->list_object_start;
+}
+
+STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD
+                                                               *sm)
+{
+    return sm->list_object_next;
+}
+
+STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD *sm)
+{
+    return sm->list_object_end;
+}
+
+STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD
+                                                              *sm)
+{
+    return sm->update_store;
+}
+
+STORE_GENERIC_FUNC_PTR STORE_method_get_lock_store_function(STORE_METHOD *sm)
+{
+    return sm->lock_store;
+}
+
+STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD
+                                                              *sm)
+{
+    return sm->unlock_store;
+}
+
+STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm)
+{
+    return sm->ctrl;
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/ts/ts_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ts/ts_lib.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/ts/ts_lib.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,143 +0,0 @@
-/* crypto/ts/ts_lib.c */
-/*
- * Written by Zoltan Glozik (zglozik at stones.com) for the OpenSSL project
- * 2002.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/objects.h>
-#include <openssl/bn.h>
-#include <openssl/x509v3.h>
-#include "ts.h"
-
-/* Local function declarations. */
-
-/* Function definitions. */
-
-int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num)
-{
-    BIGNUM num_bn;
-    int result = 0;
-    char *hex;
-
-    BN_init(&num_bn);
-    ASN1_INTEGER_to_BN(num, &num_bn);
-    if ((hex = BN_bn2hex(&num_bn))) {
-        result = BIO_write(bio, "0x", 2) > 0;
-        result = result && BIO_write(bio, hex, strlen(hex)) > 0;
-        OPENSSL_free(hex);
-    }
-    BN_free(&num_bn);
-
-    return result;
-}
-
-int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj)
-{
-    char obj_txt[128];
-
-    int len = OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0);
-    BIO_write(bio, obj_txt, len);
-    BIO_write(bio, "\n", 1);
-
-    return 1;
-}
-
-int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions)
-{
-    int i, critical, n;
-    X509_EXTENSION *ex;
-    ASN1_OBJECT *obj;
-
-    BIO_printf(bio, "Extensions:\n");
-    n = X509v3_get_ext_count(extensions);
-    for (i = 0; i < n; i++) {
-        ex = X509v3_get_ext(extensions, i);
-        obj = X509_EXTENSION_get_object(ex);
-        i2a_ASN1_OBJECT(bio, obj);
-        critical = X509_EXTENSION_get_critical(ex);
-        BIO_printf(bio, ": %s\n", critical ? "critical" : "");
-        if (!X509V3_EXT_print(bio, ex, 0, 4)) {
-            BIO_printf(bio, "%4s", "");
-            M_ASN1_OCTET_STRING_print(bio, ex->value);
-        }
-        BIO_write(bio, "\n", 1);
-    }
-
-    return 1;
-}
-
-int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg)
-{
-    int i = OBJ_obj2nid(alg->algorithm);
-    return BIO_printf(bio, "Hash Algorithm: %s\n",
-                      (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i));
-}
-
-int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *a)
-{
-    const ASN1_OCTET_STRING *msg;
-
-    TS_X509_ALGOR_print_bio(bio, TS_MSG_IMPRINT_get_algo(a));
-
-    BIO_printf(bio, "Message data:\n");
-    msg = TS_MSG_IMPRINT_get_msg(a);
-    BIO_dump_indent(bio, (const char *)M_ASN1_STRING_data(msg),
-                    M_ASN1_STRING_length(msg), 4);
-
-    return 1;
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/ts/ts_lib.c (from rev 11605, vendor-crypto/openssl/dist/crypto/ts/ts_lib.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/ts/ts_lib.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/ts/ts_lib.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,142 @@
+/* crypto/ts/ts_lib.c */
+/*
+ * Written by Zoltan Glozik (zglozik at stones.com) for the OpenSSL project
+ * 2002.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/bn.h>
+#include <openssl/x509v3.h>
+#include "ts.h"
+
+/* Local function declarations. */
+
+/* Function definitions. */
+
+int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num)
+{
+    BIGNUM num_bn;
+    int result = 0;
+    char *hex;
+
+    BN_init(&num_bn);
+    ASN1_INTEGER_to_BN(num, &num_bn);
+    if ((hex = BN_bn2hex(&num_bn))) {
+        result = BIO_write(bio, "0x", 2) > 0;
+        result = result && BIO_write(bio, hex, strlen(hex)) > 0;
+        OPENSSL_free(hex);
+    }
+    BN_free(&num_bn);
+
+    return result;
+}
+
+int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj)
+{
+    char obj_txt[128];
+
+    OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0);
+    BIO_printf(bio, "%s\n", obj_txt);
+
+    return 1;
+}
+
+int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions)
+{
+    int i, critical, n;
+    X509_EXTENSION *ex;
+    ASN1_OBJECT *obj;
+
+    BIO_printf(bio, "Extensions:\n");
+    n = X509v3_get_ext_count(extensions);
+    for (i = 0; i < n; i++) {
+        ex = X509v3_get_ext(extensions, i);
+        obj = X509_EXTENSION_get_object(ex);
+        i2a_ASN1_OBJECT(bio, obj);
+        critical = X509_EXTENSION_get_critical(ex);
+        BIO_printf(bio, ": %s\n", critical ? "critical" : "");
+        if (!X509V3_EXT_print(bio, ex, 0, 4)) {
+            BIO_printf(bio, "%4s", "");
+            M_ASN1_OCTET_STRING_print(bio, ex->value);
+        }
+        BIO_write(bio, "\n", 1);
+    }
+
+    return 1;
+}
+
+int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg)
+{
+    int i = OBJ_obj2nid(alg->algorithm);
+    return BIO_printf(bio, "Hash Algorithm: %s\n",
+                      (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i));
+}
+
+int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *a)
+{
+    const ASN1_OCTET_STRING *msg;
+
+    TS_X509_ALGOR_print_bio(bio, TS_MSG_IMPRINT_get_algo(a));
+
+    BIO_printf(bio, "Message data:\n");
+    msg = TS_MSG_IMPRINT_get_msg(a);
+    BIO_dump_indent(bio, (const char *)M_ASN1_STRING_data(msg),
+                    M_ASN1_STRING_length(msg), 4);
+
+    return 1;
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/ts/ts_rsp_verify.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ts/ts_rsp_verify.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/ts/ts_rsp_verify.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,736 +0,0 @@
-/* crypto/ts/ts_resp_verify.c */
-/*
- * Written by Zoltan Glozik (zglozik at stones.com) for the OpenSSL project
- * 2002.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/objects.h>
-#include <openssl/ts.h>
-#include <openssl/pkcs7.h>
-
-/* Private function declarations. */
-
-static int TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
-                          X509 *signer, STACK_OF(X509) **chain);
-static int TS_check_signing_certs(PKCS7_SIGNER_INFO *si,
-                                  STACK_OF(X509) *chain);
-static ESS_SIGNING_CERT *ESS_get_signing_cert(PKCS7_SIGNER_INFO *si);
-static int TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert);
-static int TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo);
-static int int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx,
-                                    PKCS7 *token, TS_TST_INFO *tst_info);
-static int TS_check_status_info(TS_RESP *response);
-static char *TS_get_status_text(STACK_OF(ASN1_UTF8STRING) *text);
-static int TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info);
-static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
-                              X509_ALGOR **md_alg,
-                              unsigned char **imprint, unsigned *imprint_len);
-static int TS_check_imprints(X509_ALGOR *algor_a,
-                             unsigned char *imprint_a, unsigned len_a,
-                             TS_TST_INFO *tst_info);
-static int TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info);
-static int TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer);
-static int TS_find_name(STACK_OF(GENERAL_NAME) *gen_names,
-                        GENERAL_NAME *name);
-
-/*
- * Local mapping between response codes and descriptions.
- * Don't forget to change TS_STATUS_BUF_SIZE when modifying
- * the elements of this array.
- */
-static const char *TS_status_text[] = { "granted",
-    "grantedWithMods",
-    "rejection",
-    "waiting",
-    "revocationWarning",
-    "revocationNotification"
-};
-
-#define TS_STATUS_TEXT_SIZE     (sizeof(TS_status_text)/sizeof(*TS_status_text))
-
-/*
- * This must be greater or equal to the sum of the strings in TS_status_text
- * plus the number of its elements.
- */
-#define TS_STATUS_BUF_SIZE      256
-
-static struct {
-    int code;
-    const char *text;
-} TS_failure_info[] = {
-    {
-        TS_INFO_BAD_ALG, "badAlg"
-    },
-    {
-        TS_INFO_BAD_REQUEST, "badRequest"
-    },
-    {
-        TS_INFO_BAD_DATA_FORMAT, "badDataFormat"
-    },
-    {
-        TS_INFO_TIME_NOT_AVAILABLE, "timeNotAvailable"
-    },
-    {
-        TS_INFO_UNACCEPTED_POLICY, "unacceptedPolicy"
-    },
-    {
-        TS_INFO_UNACCEPTED_EXTENSION, "unacceptedExtension"
-    },
-    {
-        TS_INFO_ADD_INFO_NOT_AVAILABLE, "addInfoNotAvailable"
-    },
-    {
-        TS_INFO_SYSTEM_FAILURE, "systemFailure"
-    }
-};
-
-#define TS_FAILURE_INFO_SIZE    (sizeof(TS_failure_info) / \
-                                sizeof(*TS_failure_info))
-
-/* Functions for verifying a signed TS_TST_INFO structure. */
-
-/*-
- * This function carries out the following tasks:
- *      - Checks if there is one and only one signer.
- *      - Search for the signing certificate in 'certs' and in the response.
- *      - Check the extended key usage and key usage fields of the signer
- *      certificate (done by the path validation).
- *      - Build and validate the certificate path.
- *      - Check if the certificate path meets the requirements of the
- *      SigningCertificate ESS signed attribute.
- *      - Verify the signature value.
- *      - Returns the signer certificate in 'signer', if 'signer' is not NULL.
- */
-int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs,
-                             X509_STORE *store, X509 **signer_out)
-{
-    STACK_OF(PKCS7_SIGNER_INFO) *sinfos = NULL;
-    PKCS7_SIGNER_INFO *si;
-    STACK_OF(X509) *signers = NULL;
-    X509 *signer;
-    STACK_OF(X509) *chain = NULL;
-    char buf[4096];
-    int i, j = 0, ret = 0;
-    BIO *p7bio = NULL;
-
-    /* Some sanity checks first. */
-    if (!token) {
-        TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_INVALID_NULL_POINTER);
-        goto err;
-    }
-
-    /* Check for the correct content type */
-    if (!PKCS7_type_is_signed(token)) {
-        TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_WRONG_CONTENT_TYPE);
-        goto err;
-    }
-
-    /* Check if there is one and only one signer. */
-    sinfos = PKCS7_get_signer_info(token);
-    if (!sinfos || sk_PKCS7_SIGNER_INFO_num(sinfos) != 1) {
-        TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_THERE_MUST_BE_ONE_SIGNER);
-        goto err;
-    }
-    si = sk_PKCS7_SIGNER_INFO_value(sinfos, 0);
-
-    /* Check for no content: no data to verify signature. */
-    if (PKCS7_get_detached(token)) {
-        TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_NO_CONTENT);
-        goto err;
-    }
-
-    /*
-     * Get hold of the signer certificate, search only internal certificates
-     * if it was requested.
-     */
-    signers = PKCS7_get0_signers(token, certs, 0);
-    if (!signers || sk_X509_num(signers) != 1)
-        goto err;
-    signer = sk_X509_value(signers, 0);
-
-    /* Now verify the certificate. */
-    if (!TS_verify_cert(store, certs, signer, &chain))
-        goto err;
-
-    /*
-     * Check if the signer certificate is consistent with the ESS extension.
-     */
-    if (!TS_check_signing_certs(si, chain))
-        goto err;
-
-    /* Creating the message digest. */
-    p7bio = PKCS7_dataInit(token, NULL);
-
-    /* We now have to 'read' from p7bio to calculate digests etc. */
-    while ((i = BIO_read(p7bio, buf, sizeof(buf))) > 0) ;
-
-    /* Verifying the signature. */
-    j = PKCS7_signatureVerify(p7bio, token, si, signer);
-    if (j <= 0) {
-        TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_SIGNATURE_FAILURE);
-        goto err;
-    }
-
-    /* Return the signer certificate if needed. */
-    if (signer_out) {
-        *signer_out = signer;
-        CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
-    }
-
-    ret = 1;
-
- err:
-    BIO_free_all(p7bio);
-    sk_X509_pop_free(chain, X509_free);
-    sk_X509_free(signers);
-
-    return ret;
-}
-
-/*
- * The certificate chain is returned in chain. Caller is responsible for
- * freeing the vector.
- */
-static int TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
-                          X509 *signer, STACK_OF(X509) **chain)
-{
-    X509_STORE_CTX cert_ctx;
-    int i;
-    int ret = 1;
-
-    /* chain is an out argument. */
-    *chain = NULL;
-    X509_STORE_CTX_init(&cert_ctx, store, signer, untrusted);
-    X509_STORE_CTX_set_purpose(&cert_ctx, X509_PURPOSE_TIMESTAMP_SIGN);
-    i = X509_verify_cert(&cert_ctx);
-    if (i <= 0) {
-        int j = X509_STORE_CTX_get_error(&cert_ctx);
-        TSerr(TS_F_TS_VERIFY_CERT, TS_R_CERTIFICATE_VERIFY_ERROR);
-        ERR_add_error_data(2, "Verify error:",
-                           X509_verify_cert_error_string(j));
-        ret = 0;
-    } else {
-        /* Get a copy of the certificate chain. */
-        *chain = X509_STORE_CTX_get1_chain(&cert_ctx);
-    }
-
-    X509_STORE_CTX_cleanup(&cert_ctx);
-
-    return ret;
-}
-
-static int TS_check_signing_certs(PKCS7_SIGNER_INFO *si,
-                                  STACK_OF(X509) *chain)
-{
-    ESS_SIGNING_CERT *ss = ESS_get_signing_cert(si);
-    STACK_OF(ESS_CERT_ID) *cert_ids = NULL;
-    X509 *cert;
-    int i = 0;
-    int ret = 0;
-
-    if (!ss)
-        goto err;
-    cert_ids = ss->cert_ids;
-    /* The signer certificate must be the first in cert_ids. */
-    cert = sk_X509_value(chain, 0);
-    if (TS_find_cert(cert_ids, cert) != 0)
-        goto err;
-
-    /*
-     * Check the other certificates of the chain if there are more than one
-     * certificate ids in cert_ids.
-     */
-    if (sk_ESS_CERT_ID_num(cert_ids) > 1) {
-        /* All the certificates of the chain must be in cert_ids. */
-        for (i = 1; i < sk_X509_num(chain); ++i) {
-            cert = sk_X509_value(chain, i);
-            if (TS_find_cert(cert_ids, cert) < 0)
-                goto err;
-        }
-    }
-    ret = 1;
- err:
-    if (!ret)
-        TSerr(TS_F_TS_CHECK_SIGNING_CERTS,
-              TS_R_ESS_SIGNING_CERTIFICATE_ERROR);
-    ESS_SIGNING_CERT_free(ss);
-    return ret;
-}
-
-static ESS_SIGNING_CERT *ESS_get_signing_cert(PKCS7_SIGNER_INFO *si)
-{
-    ASN1_TYPE *attr;
-    const unsigned char *p;
-    attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificate);
-    if (!attr)
-        return NULL;
-    p = attr->value.sequence->data;
-    return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length);
-}
-
-/* Returns < 0 if certificate is not found, certificate index otherwise. */
-static int TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert)
-{
-    int i;
-
-    if (!cert_ids || !cert)
-        return -1;
-
-    /* Recompute SHA1 hash of certificate if necessary (side effect). */
-    X509_check_purpose(cert, -1, 0);
-
-    /* Look for cert in the cert_ids vector. */
-    for (i = 0; i < sk_ESS_CERT_ID_num(cert_ids); ++i) {
-        ESS_CERT_ID *cid = sk_ESS_CERT_ID_value(cert_ids, i);
-
-        /* Check the SHA-1 hash first. */
-        if (cid->hash->length == sizeof(cert->sha1_hash)
-            && !memcmp(cid->hash->data, cert->sha1_hash,
-                       sizeof(cert->sha1_hash))) {
-            /* Check the issuer/serial as well if specified. */
-            ESS_ISSUER_SERIAL *is = cid->issuer_serial;
-            if (!is || !TS_issuer_serial_cmp(is, cert->cert_info))
-                return i;
-        }
-    }
-
-    return -1;
-}
-
-static int TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo)
-{
-    GENERAL_NAME *issuer;
-
-    if (!is || !cinfo || sk_GENERAL_NAME_num(is->issuer) != 1)
-        return -1;
-
-    /* Check the issuer first. It must be a directory name. */
-    issuer = sk_GENERAL_NAME_value(is->issuer, 0);
-    if (issuer->type != GEN_DIRNAME
-        || X509_NAME_cmp(issuer->d.dirn, cinfo->issuer))
-        return -1;
-
-    /* Check the serial number, too. */
-    if (ASN1_INTEGER_cmp(is->serial, cinfo->serialNumber))
-        return -1;
-
-    return 0;
-}
-
-/*-
- * Verifies whether 'response' contains a valid response with regards
- * to the settings of the context:
- *      - Gives an error message if the TS_TST_INFO is not present.
- *      - Calls _TS_RESP_verify_token to verify the token content.
- */
-int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response)
-{
-    PKCS7 *token = TS_RESP_get_token(response);
-    TS_TST_INFO *tst_info = TS_RESP_get_tst_info(response);
-    int ret = 0;
-
-    /* Check if we have a successful TS_TST_INFO object in place. */
-    if (!TS_check_status_info(response))
-        goto err;
-
-    /* Check the contents of the time stamp token. */
-    if (!int_TS_RESP_verify_token(ctx, token, tst_info))
-        goto err;
-
-    ret = 1;
- err:
-    return ret;
-}
-
-/*
- * Tries to extract a TS_TST_INFO structure from the PKCS7 token and
- * calls the internal int_TS_RESP_verify_token function for verifying it.
- */
-int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token)
-{
-    TS_TST_INFO *tst_info = PKCS7_to_TS_TST_INFO(token);
-    int ret = 0;
-    if (tst_info) {
-        ret = int_TS_RESP_verify_token(ctx, token, tst_info);
-        TS_TST_INFO_free(tst_info);
-    }
-    return ret;
-}
-
-/*-
- * Verifies whether the 'token' contains a valid time stamp token
- * with regards to the settings of the context. Only those checks are
- * carried out that are specified in the context:
- *      - Verifies the signature of the TS_TST_INFO.
- *      - Checks the version number of the response.
- *      - Check if the requested and returned policies math.
- *      - Check if the message imprints are the same.
- *      - Check if the nonces are the same.
- *      - Check if the TSA name matches the signer.
- *      - Check if the TSA name is the expected TSA.
- */
-static int int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx,
-                                    PKCS7 *token, TS_TST_INFO *tst_info)
-{
-    X509 *signer = NULL;
-    GENERAL_NAME *tsa_name = TS_TST_INFO_get_tsa(tst_info);
-    X509_ALGOR *md_alg = NULL;
-    unsigned char *imprint = NULL;
-    unsigned imprint_len = 0;
-    int ret = 0;
-
-    /* Verify the signature. */
-    if ((ctx->flags & TS_VFY_SIGNATURE)
-        && !TS_RESP_verify_signature(token, ctx->certs, ctx->store, &signer))
-        goto err;
-
-    /* Check version number of response. */
-    if ((ctx->flags & TS_VFY_VERSION)
-        && TS_TST_INFO_get_version(tst_info) != 1) {
-        TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_UNSUPPORTED_VERSION);
-        goto err;
-    }
-
-    /* Check policies. */
-    if ((ctx->flags & TS_VFY_POLICY)
-        && !TS_check_policy(ctx->policy, tst_info))
-        goto err;
-
-    /* Check message imprints. */
-    if ((ctx->flags & TS_VFY_IMPRINT)
-        && !TS_check_imprints(ctx->md_alg, ctx->imprint, ctx->imprint_len,
-                              tst_info))
-        goto err;
-
-    /* Compute and check message imprints. */
-    if ((ctx->flags & TS_VFY_DATA)
-        && (!TS_compute_imprint(ctx->data, tst_info,
-                                &md_alg, &imprint, &imprint_len)
-            || !TS_check_imprints(md_alg, imprint, imprint_len, tst_info)))
-        goto err;
-
-    /* Check nonces. */
-    if ((ctx->flags & TS_VFY_NONCE)
-        && !TS_check_nonces(ctx->nonce, tst_info))
-        goto err;
-
-    /* Check whether TSA name and signer certificate match. */
-    if ((ctx->flags & TS_VFY_SIGNER)
-        && tsa_name && !TS_check_signer_name(tsa_name, signer)) {
-        TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_NAME_MISMATCH);
-        goto err;
-    }
-
-    /* Check whether the TSA is the expected one. */
-    if ((ctx->flags & TS_VFY_TSA_NAME)
-        && !TS_check_signer_name(ctx->tsa_name, signer)) {
-        TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_UNTRUSTED);
-        goto err;
-    }
-
-    ret = 1;
- err:
-    X509_free(signer);
-    X509_ALGOR_free(md_alg);
-    OPENSSL_free(imprint);
-    return ret;
-}
-
-static int TS_check_status_info(TS_RESP *response)
-{
-    TS_STATUS_INFO *info = TS_RESP_get_status_info(response);
-    long status = ASN1_INTEGER_get(info->status);
-    const char *status_text = NULL;
-    char *embedded_status_text = NULL;
-    char failure_text[TS_STATUS_BUF_SIZE] = "";
-
-    /* Check if everything went fine. */
-    if (status == 0 || status == 1)
-        return 1;
-
-    /* There was an error, get the description in status_text. */
-    if (0 <= status && status < (long)TS_STATUS_TEXT_SIZE)
-        status_text = TS_status_text[status];
-    else
-        status_text = "unknown code";
-
-    /* Set the embedded_status_text to the returned description. */
-    if (sk_ASN1_UTF8STRING_num(info->text) > 0
-        && !(embedded_status_text = TS_get_status_text(info->text)))
-        return 0;
-
-    /* Filling in failure_text with the failure information. */
-    if (info->failure_info) {
-        int i;
-        int first = 1;
-        for (i = 0; i < (int)TS_FAILURE_INFO_SIZE; ++i) {
-            if (ASN1_BIT_STRING_get_bit(info->failure_info,
-                                        TS_failure_info[i].code)) {
-                if (!first)
-                    strcat(failure_text, ",");
-                else
-                    first = 0;
-                strcat(failure_text, TS_failure_info[i].text);
-            }
-        }
-    }
-    if (failure_text[0] == '\0')
-        strcpy(failure_text, "unspecified");
-
-    /* Making up the error string. */
-    TSerr(TS_F_TS_CHECK_STATUS_INFO, TS_R_NO_TIME_STAMP_TOKEN);
-    ERR_add_error_data(6,
-                       "status code: ", status_text,
-                       ", status text: ", embedded_status_text ?
-                       embedded_status_text : "unspecified",
-                       ", failure codes: ", failure_text);
-    OPENSSL_free(embedded_status_text);
-
-    return 0;
-}
-
-static char *TS_get_status_text(STACK_OF(ASN1_UTF8STRING) *text)
-{
-    int i;
-    unsigned int length = 0;
-    char *result = NULL;
-    char *p;
-
-    /* Determine length first. */
-    for (i = 0; i < sk_ASN1_UTF8STRING_num(text); ++i) {
-        ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i);
-        length += ASN1_STRING_length(current);
-        length += 1;            /* separator character */
-    }
-    /* Allocate memory (closing '\0' included). */
-    if (!(result = OPENSSL_malloc(length))) {
-        TSerr(TS_F_TS_GET_STATUS_TEXT, ERR_R_MALLOC_FAILURE);
-        return NULL;
-    }
-    /* Concatenate the descriptions. */
-    for (i = 0, p = result; i < sk_ASN1_UTF8STRING_num(text); ++i) {
-        ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i);
-        length = ASN1_STRING_length(current);
-        if (i > 0)
-            *p++ = '/';
-        strncpy(p, (const char *)ASN1_STRING_data(current), length);
-        p += length;
-    }
-    /* We do have space for this, too. */
-    *p = '\0';
-
-    return result;
-}
-
-static int TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info)
-{
-    ASN1_OBJECT *resp_oid = TS_TST_INFO_get_policy_id(tst_info);
-
-    if (OBJ_cmp(req_oid, resp_oid) != 0) {
-        TSerr(TS_F_TS_CHECK_POLICY, TS_R_POLICY_MISMATCH);
-        return 0;
-    }
-
-    return 1;
-}
-
-static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
-                              X509_ALGOR **md_alg,
-                              unsigned char **imprint, unsigned *imprint_len)
-{
-    TS_MSG_IMPRINT *msg_imprint = TS_TST_INFO_get_msg_imprint(tst_info);
-    X509_ALGOR *md_alg_resp = TS_MSG_IMPRINT_get_algo(msg_imprint);
-    const EVP_MD *md;
-    EVP_MD_CTX md_ctx;
-    unsigned char buffer[4096];
-    int length;
-
-    *md_alg = NULL;
-    *imprint = NULL;
-
-    /* Return the MD algorithm of the response. */
-    if (!(*md_alg = X509_ALGOR_dup(md_alg_resp)))
-        goto err;
-
-    /* Getting the MD object. */
-    if (!(md = EVP_get_digestbyobj((*md_alg)->algorithm))) {
-        TSerr(TS_F_TS_COMPUTE_IMPRINT, TS_R_UNSUPPORTED_MD_ALGORITHM);
-        goto err;
-    }
-
-    /* Compute message digest. */
-    length = EVP_MD_size(md);
-    if (length < 0)
-        goto err;
-    *imprint_len = length;
-    if (!(*imprint = OPENSSL_malloc(*imprint_len))) {
-        TSerr(TS_F_TS_COMPUTE_IMPRINT, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    if (!EVP_DigestInit(&md_ctx, md))
-        goto err;
-    while ((length = BIO_read(data, buffer, sizeof(buffer))) > 0) {
-        if (!EVP_DigestUpdate(&md_ctx, buffer, length))
-            goto err;
-    }
-    if (!EVP_DigestFinal(&md_ctx, *imprint, NULL))
-        goto err;
-
-    return 1;
- err:
-    X509_ALGOR_free(*md_alg);
-    OPENSSL_free(*imprint);
-    *imprint_len = 0;
-    *imprint = NULL;
-    return 0;
-}
-
-static int TS_check_imprints(X509_ALGOR *algor_a,
-                             unsigned char *imprint_a, unsigned len_a,
-                             TS_TST_INFO *tst_info)
-{
-    TS_MSG_IMPRINT *b = TS_TST_INFO_get_msg_imprint(tst_info);
-    X509_ALGOR *algor_b = TS_MSG_IMPRINT_get_algo(b);
-    int ret = 0;
-
-    /* algor_a is optional. */
-    if (algor_a) {
-        /* Compare algorithm OIDs. */
-        if (OBJ_cmp(algor_a->algorithm, algor_b->algorithm))
-            goto err;
-
-        /* The parameter must be NULL in both. */
-        if ((algor_a->parameter
-             && ASN1_TYPE_get(algor_a->parameter) != V_ASN1_NULL)
-            || (algor_b->parameter
-                && ASN1_TYPE_get(algor_b->parameter) != V_ASN1_NULL))
-            goto err;
-    }
-
-    /* Compare octet strings. */
-    ret = len_a == (unsigned)ASN1_STRING_length(b->hashed_msg) &&
-        memcmp(imprint_a, ASN1_STRING_data(b->hashed_msg), len_a) == 0;
- err:
-    if (!ret)
-        TSerr(TS_F_TS_CHECK_IMPRINTS, TS_R_MESSAGE_IMPRINT_MISMATCH);
-    return ret;
-}
-
-static int TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info)
-{
-    const ASN1_INTEGER *b = TS_TST_INFO_get_nonce(tst_info);
-
-    /* Error if nonce is missing. */
-    if (!b) {
-        TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_NOT_RETURNED);
-        return 0;
-    }
-
-    /* No error if a nonce is returned without being requested. */
-    if (ASN1_INTEGER_cmp(a, b) != 0) {
-        TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_MISMATCH);
-        return 0;
-    }
-
-    return 1;
-}
-
-/*
- * Check if the specified TSA name matches either the subject or one of the
- * subject alternative names of the TSA certificate.
- */
-static int TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer)
-{
-    STACK_OF(GENERAL_NAME) *gen_names = NULL;
-    int idx = -1;
-    int found = 0;
-
-    /* Check the subject name first. */
-    if (tsa_name->type == GEN_DIRNAME
-        && X509_name_cmp(tsa_name->d.dirn, signer->cert_info->subject) == 0)
-        return 1;
-
-    /* Check all the alternative names. */
-    gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, NULL, &idx);
-    while (gen_names != NULL
-           && !(found = TS_find_name(gen_names, tsa_name) >= 0)) {
-        /*
-         * Get the next subject alternative name, although there should be no
-         * more than one.
-         */
-        GENERAL_NAMES_free(gen_names);
-        gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name,
-                                     NULL, &idx);
-    }
-    if (gen_names)
-        GENERAL_NAMES_free(gen_names);
-
-    return found;
-}
-
-/* Returns 1 if name is in gen_names, 0 otherwise. */
-static int TS_find_name(STACK_OF(GENERAL_NAME) *gen_names, GENERAL_NAME *name)
-{
-    int i, found;
-    for (i = 0, found = 0; !found && i < sk_GENERAL_NAME_num(gen_names); ++i) {
-        GENERAL_NAME *current = sk_GENERAL_NAME_value(gen_names, i);
-        found = GENERAL_NAME_cmp(current, name) == 0;
-    }
-    return found ? i - 1 : -1;
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/ts/ts_rsp_verify.c (from rev 11605, vendor-crypto/openssl/dist/crypto/ts/ts_rsp_verify.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/ts/ts_rsp_verify.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/ts/ts_rsp_verify.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,737 @@
+/* crypto/ts/ts_resp_verify.c */
+/*
+ * Written by Zoltan Glozik (zglozik at stones.com) for the OpenSSL project
+ * 2002.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/ts.h>
+#include <openssl/pkcs7.h>
+
+/* Private function declarations. */
+
+static int TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
+                          X509 *signer, STACK_OF(X509) **chain);
+static int TS_check_signing_certs(PKCS7_SIGNER_INFO *si,
+                                  STACK_OF(X509) *chain);
+static ESS_SIGNING_CERT *ESS_get_signing_cert(PKCS7_SIGNER_INFO *si);
+static int TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert);
+static int TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo);
+static int int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx,
+                                    PKCS7 *token, TS_TST_INFO *tst_info);
+static int TS_check_status_info(TS_RESP *response);
+static char *TS_get_status_text(STACK_OF(ASN1_UTF8STRING) *text);
+static int TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info);
+static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
+                              X509_ALGOR **md_alg,
+                              unsigned char **imprint, unsigned *imprint_len);
+static int TS_check_imprints(X509_ALGOR *algor_a,
+                             unsigned char *imprint_a, unsigned len_a,
+                             TS_TST_INFO *tst_info);
+static int TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info);
+static int TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer);
+static int TS_find_name(STACK_OF(GENERAL_NAME) *gen_names,
+                        GENERAL_NAME *name);
+
+/*
+ * Local mapping between response codes and descriptions.
+ * Don't forget to change TS_STATUS_BUF_SIZE when modifying
+ * the elements of this array.
+ */
+static const char *TS_status_text[] = { "granted",
+    "grantedWithMods",
+    "rejection",
+    "waiting",
+    "revocationWarning",
+    "revocationNotification"
+};
+
+#define TS_STATUS_TEXT_SIZE     (sizeof(TS_status_text)/sizeof(*TS_status_text))
+
+/*
+ * This must be greater or equal to the sum of the strings in TS_status_text
+ * plus the number of its elements.
+ */
+#define TS_STATUS_BUF_SIZE      256
+
+static struct {
+    int code;
+    const char *text;
+} TS_failure_info[] = {
+    {
+        TS_INFO_BAD_ALG, "badAlg"
+    },
+    {
+        TS_INFO_BAD_REQUEST, "badRequest"
+    },
+    {
+        TS_INFO_BAD_DATA_FORMAT, "badDataFormat"
+    },
+    {
+        TS_INFO_TIME_NOT_AVAILABLE, "timeNotAvailable"
+    },
+    {
+        TS_INFO_UNACCEPTED_POLICY, "unacceptedPolicy"
+    },
+    {
+        TS_INFO_UNACCEPTED_EXTENSION, "unacceptedExtension"
+    },
+    {
+        TS_INFO_ADD_INFO_NOT_AVAILABLE, "addInfoNotAvailable"
+    },
+    {
+        TS_INFO_SYSTEM_FAILURE, "systemFailure"
+    }
+};
+
+#define TS_FAILURE_INFO_SIZE    (sizeof(TS_failure_info) / \
+                                sizeof(*TS_failure_info))
+
+/* Functions for verifying a signed TS_TST_INFO structure. */
+
+/*-
+ * This function carries out the following tasks:
+ *      - Checks if there is one and only one signer.
+ *      - Search for the signing certificate in 'certs' and in the response.
+ *      - Check the extended key usage and key usage fields of the signer
+ *      certificate (done by the path validation).
+ *      - Build and validate the certificate path.
+ *      - Check if the certificate path meets the requirements of the
+ *      SigningCertificate ESS signed attribute.
+ *      - Verify the signature value.
+ *      - Returns the signer certificate in 'signer', if 'signer' is not NULL.
+ */
+int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs,
+                             X509_STORE *store, X509 **signer_out)
+{
+    STACK_OF(PKCS7_SIGNER_INFO) *sinfos = NULL;
+    PKCS7_SIGNER_INFO *si;
+    STACK_OF(X509) *signers = NULL;
+    X509 *signer;
+    STACK_OF(X509) *chain = NULL;
+    char buf[4096];
+    int i, j = 0, ret = 0;
+    BIO *p7bio = NULL;
+
+    /* Some sanity checks first. */
+    if (!token) {
+        TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_INVALID_NULL_POINTER);
+        goto err;
+    }
+
+    /* Check for the correct content type */
+    if (!PKCS7_type_is_signed(token)) {
+        TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_WRONG_CONTENT_TYPE);
+        goto err;
+    }
+
+    /* Check if there is one and only one signer. */
+    sinfos = PKCS7_get_signer_info(token);
+    if (!sinfos || sk_PKCS7_SIGNER_INFO_num(sinfos) != 1) {
+        TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_THERE_MUST_BE_ONE_SIGNER);
+        goto err;
+    }
+    si = sk_PKCS7_SIGNER_INFO_value(sinfos, 0);
+
+    /* Check for no content: no data to verify signature. */
+    if (PKCS7_get_detached(token)) {
+        TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_NO_CONTENT);
+        goto err;
+    }
+
+    /*
+     * Get hold of the signer certificate, search only internal certificates
+     * if it was requested.
+     */
+    signers = PKCS7_get0_signers(token, certs, 0);
+    if (!signers || sk_X509_num(signers) != 1)
+        goto err;
+    signer = sk_X509_value(signers, 0);
+
+    /* Now verify the certificate. */
+    if (!TS_verify_cert(store, certs, signer, &chain))
+        goto err;
+
+    /*
+     * Check if the signer certificate is consistent with the ESS extension.
+     */
+    if (!TS_check_signing_certs(si, chain))
+        goto err;
+
+    /* Creating the message digest. */
+    p7bio = PKCS7_dataInit(token, NULL);
+
+    /* We now have to 'read' from p7bio to calculate digests etc. */
+    while ((i = BIO_read(p7bio, buf, sizeof(buf))) > 0) ;
+
+    /* Verifying the signature. */
+    j = PKCS7_signatureVerify(p7bio, token, si, signer);
+    if (j <= 0) {
+        TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_SIGNATURE_FAILURE);
+        goto err;
+    }
+
+    /* Return the signer certificate if needed. */
+    if (signer_out) {
+        *signer_out = signer;
+        CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
+    }
+
+    ret = 1;
+
+ err:
+    BIO_free_all(p7bio);
+    sk_X509_pop_free(chain, X509_free);
+    sk_X509_free(signers);
+
+    return ret;
+}
+
+/*
+ * The certificate chain is returned in chain. Caller is responsible for
+ * freeing the vector.
+ */
+static int TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
+                          X509 *signer, STACK_OF(X509) **chain)
+{
+    X509_STORE_CTX cert_ctx;
+    int i;
+    int ret = 1;
+
+    /* chain is an out argument. */
+    *chain = NULL;
+    if (!X509_STORE_CTX_init(&cert_ctx, store, signer, untrusted))
+        return 0;
+    X509_STORE_CTX_set_purpose(&cert_ctx, X509_PURPOSE_TIMESTAMP_SIGN);
+    i = X509_verify_cert(&cert_ctx);
+    if (i <= 0) {
+        int j = X509_STORE_CTX_get_error(&cert_ctx);
+        TSerr(TS_F_TS_VERIFY_CERT, TS_R_CERTIFICATE_VERIFY_ERROR);
+        ERR_add_error_data(2, "Verify error:",
+                           X509_verify_cert_error_string(j));
+        ret = 0;
+    } else {
+        /* Get a copy of the certificate chain. */
+        *chain = X509_STORE_CTX_get1_chain(&cert_ctx);
+    }
+
+    X509_STORE_CTX_cleanup(&cert_ctx);
+
+    return ret;
+}
+
+static int TS_check_signing_certs(PKCS7_SIGNER_INFO *si,
+                                  STACK_OF(X509) *chain)
+{
+    ESS_SIGNING_CERT *ss = ESS_get_signing_cert(si);
+    STACK_OF(ESS_CERT_ID) *cert_ids = NULL;
+    X509 *cert;
+    int i = 0;
+    int ret = 0;
+
+    if (!ss)
+        goto err;
+    cert_ids = ss->cert_ids;
+    /* The signer certificate must be the first in cert_ids. */
+    cert = sk_X509_value(chain, 0);
+    if (TS_find_cert(cert_ids, cert) != 0)
+        goto err;
+
+    /*
+     * Check the other certificates of the chain if there are more than one
+     * certificate ids in cert_ids.
+     */
+    if (sk_ESS_CERT_ID_num(cert_ids) > 1) {
+        /* All the certificates of the chain must be in cert_ids. */
+        for (i = 1; i < sk_X509_num(chain); ++i) {
+            cert = sk_X509_value(chain, i);
+            if (TS_find_cert(cert_ids, cert) < 0)
+                goto err;
+        }
+    }
+    ret = 1;
+ err:
+    if (!ret)
+        TSerr(TS_F_TS_CHECK_SIGNING_CERTS,
+              TS_R_ESS_SIGNING_CERTIFICATE_ERROR);
+    ESS_SIGNING_CERT_free(ss);
+    return ret;
+}
+
+static ESS_SIGNING_CERT *ESS_get_signing_cert(PKCS7_SIGNER_INFO *si)
+{
+    ASN1_TYPE *attr;
+    const unsigned char *p;
+    attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificate);
+    if (!attr)
+        return NULL;
+    p = attr->value.sequence->data;
+    return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length);
+}
+
+/* Returns < 0 if certificate is not found, certificate index otherwise. */
+static int TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert)
+{
+    int i;
+
+    if (!cert_ids || !cert)
+        return -1;
+
+    /* Recompute SHA1 hash of certificate if necessary (side effect). */
+    X509_check_purpose(cert, -1, 0);
+
+    /* Look for cert in the cert_ids vector. */
+    for (i = 0; i < sk_ESS_CERT_ID_num(cert_ids); ++i) {
+        ESS_CERT_ID *cid = sk_ESS_CERT_ID_value(cert_ids, i);
+
+        /* Check the SHA-1 hash first. */
+        if (cid->hash->length == sizeof(cert->sha1_hash)
+            && !memcmp(cid->hash->data, cert->sha1_hash,
+                       sizeof(cert->sha1_hash))) {
+            /* Check the issuer/serial as well if specified. */
+            ESS_ISSUER_SERIAL *is = cid->issuer_serial;
+            if (!is || !TS_issuer_serial_cmp(is, cert->cert_info))
+                return i;
+        }
+    }
+
+    return -1;
+}
+
+static int TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo)
+{
+    GENERAL_NAME *issuer;
+
+    if (!is || !cinfo || sk_GENERAL_NAME_num(is->issuer) != 1)
+        return -1;
+
+    /* Check the issuer first. It must be a directory name. */
+    issuer = sk_GENERAL_NAME_value(is->issuer, 0);
+    if (issuer->type != GEN_DIRNAME
+        || X509_NAME_cmp(issuer->d.dirn, cinfo->issuer))
+        return -1;
+
+    /* Check the serial number, too. */
+    if (ASN1_INTEGER_cmp(is->serial, cinfo->serialNumber))
+        return -1;
+
+    return 0;
+}
+
+/*-
+ * Verifies whether 'response' contains a valid response with regards
+ * to the settings of the context:
+ *      - Gives an error message if the TS_TST_INFO is not present.
+ *      - Calls _TS_RESP_verify_token to verify the token content.
+ */
+int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response)
+{
+    PKCS7 *token = TS_RESP_get_token(response);
+    TS_TST_INFO *tst_info = TS_RESP_get_tst_info(response);
+    int ret = 0;
+
+    /* Check if we have a successful TS_TST_INFO object in place. */
+    if (!TS_check_status_info(response))
+        goto err;
+
+    /* Check the contents of the time stamp token. */
+    if (!int_TS_RESP_verify_token(ctx, token, tst_info))
+        goto err;
+
+    ret = 1;
+ err:
+    return ret;
+}
+
+/*
+ * Tries to extract a TS_TST_INFO structure from the PKCS7 token and
+ * calls the internal int_TS_RESP_verify_token function for verifying it.
+ */
+int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token)
+{
+    TS_TST_INFO *tst_info = PKCS7_to_TS_TST_INFO(token);
+    int ret = 0;
+    if (tst_info) {
+        ret = int_TS_RESP_verify_token(ctx, token, tst_info);
+        TS_TST_INFO_free(tst_info);
+    }
+    return ret;
+}
+
+/*-
+ * Verifies whether the 'token' contains a valid time stamp token
+ * with regards to the settings of the context. Only those checks are
+ * carried out that are specified in the context:
+ *      - Verifies the signature of the TS_TST_INFO.
+ *      - Checks the version number of the response.
+ *      - Check if the requested and returned policies math.
+ *      - Check if the message imprints are the same.
+ *      - Check if the nonces are the same.
+ *      - Check if the TSA name matches the signer.
+ *      - Check if the TSA name is the expected TSA.
+ */
+static int int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx,
+                                    PKCS7 *token, TS_TST_INFO *tst_info)
+{
+    X509 *signer = NULL;
+    GENERAL_NAME *tsa_name = TS_TST_INFO_get_tsa(tst_info);
+    X509_ALGOR *md_alg = NULL;
+    unsigned char *imprint = NULL;
+    unsigned imprint_len = 0;
+    int ret = 0;
+
+    /* Verify the signature. */
+    if ((ctx->flags & TS_VFY_SIGNATURE)
+        && !TS_RESP_verify_signature(token, ctx->certs, ctx->store, &signer))
+        goto err;
+
+    /* Check version number of response. */
+    if ((ctx->flags & TS_VFY_VERSION)
+        && TS_TST_INFO_get_version(tst_info) != 1) {
+        TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_UNSUPPORTED_VERSION);
+        goto err;
+    }
+
+    /* Check policies. */
+    if ((ctx->flags & TS_VFY_POLICY)
+        && !TS_check_policy(ctx->policy, tst_info))
+        goto err;
+
+    /* Check message imprints. */
+    if ((ctx->flags & TS_VFY_IMPRINT)
+        && !TS_check_imprints(ctx->md_alg, ctx->imprint, ctx->imprint_len,
+                              tst_info))
+        goto err;
+
+    /* Compute and check message imprints. */
+    if ((ctx->flags & TS_VFY_DATA)
+        && (!TS_compute_imprint(ctx->data, tst_info,
+                                &md_alg, &imprint, &imprint_len)
+            || !TS_check_imprints(md_alg, imprint, imprint_len, tst_info)))
+        goto err;
+
+    /* Check nonces. */
+    if ((ctx->flags & TS_VFY_NONCE)
+        && !TS_check_nonces(ctx->nonce, tst_info))
+        goto err;
+
+    /* Check whether TSA name and signer certificate match. */
+    if ((ctx->flags & TS_VFY_SIGNER)
+        && tsa_name && !TS_check_signer_name(tsa_name, signer)) {
+        TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_NAME_MISMATCH);
+        goto err;
+    }
+
+    /* Check whether the TSA is the expected one. */
+    if ((ctx->flags & TS_VFY_TSA_NAME)
+        && !TS_check_signer_name(ctx->tsa_name, signer)) {
+        TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_UNTRUSTED);
+        goto err;
+    }
+
+    ret = 1;
+ err:
+    X509_free(signer);
+    X509_ALGOR_free(md_alg);
+    OPENSSL_free(imprint);
+    return ret;
+}
+
+static int TS_check_status_info(TS_RESP *response)
+{
+    TS_STATUS_INFO *info = TS_RESP_get_status_info(response);
+    long status = ASN1_INTEGER_get(info->status);
+    const char *status_text = NULL;
+    char *embedded_status_text = NULL;
+    char failure_text[TS_STATUS_BUF_SIZE] = "";
+
+    /* Check if everything went fine. */
+    if (status == 0 || status == 1)
+        return 1;
+
+    /* There was an error, get the description in status_text. */
+    if (0 <= status && status < (long)TS_STATUS_TEXT_SIZE)
+        status_text = TS_status_text[status];
+    else
+        status_text = "unknown code";
+
+    /* Set the embedded_status_text to the returned description. */
+    if (sk_ASN1_UTF8STRING_num(info->text) > 0
+        && !(embedded_status_text = TS_get_status_text(info->text)))
+        return 0;
+
+    /* Filling in failure_text with the failure information. */
+    if (info->failure_info) {
+        int i;
+        int first = 1;
+        for (i = 0; i < (int)TS_FAILURE_INFO_SIZE; ++i) {
+            if (ASN1_BIT_STRING_get_bit(info->failure_info,
+                                        TS_failure_info[i].code)) {
+                if (!first)
+                    strcat(failure_text, ",");
+                else
+                    first = 0;
+                strcat(failure_text, TS_failure_info[i].text);
+            }
+        }
+    }
+    if (failure_text[0] == '\0')
+        strcpy(failure_text, "unspecified");
+
+    /* Making up the error string. */
+    TSerr(TS_F_TS_CHECK_STATUS_INFO, TS_R_NO_TIME_STAMP_TOKEN);
+    ERR_add_error_data(6,
+                       "status code: ", status_text,
+                       ", status text: ", embedded_status_text ?
+                       embedded_status_text : "unspecified",
+                       ", failure codes: ", failure_text);
+    OPENSSL_free(embedded_status_text);
+
+    return 0;
+}
+
+static char *TS_get_status_text(STACK_OF(ASN1_UTF8STRING) *text)
+{
+    int i;
+    unsigned int length = 0;
+    char *result = NULL;
+    char *p;
+
+    /* Determine length first. */
+    for (i = 0; i < sk_ASN1_UTF8STRING_num(text); ++i) {
+        ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i);
+        length += ASN1_STRING_length(current);
+        length += 1;            /* separator character */
+    }
+    /* Allocate memory (closing '\0' included). */
+    if (!(result = OPENSSL_malloc(length))) {
+        TSerr(TS_F_TS_GET_STATUS_TEXT, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    /* Concatenate the descriptions. */
+    for (i = 0, p = result; i < sk_ASN1_UTF8STRING_num(text); ++i) {
+        ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i);
+        length = ASN1_STRING_length(current);
+        if (i > 0)
+            *p++ = '/';
+        strncpy(p, (const char *)ASN1_STRING_data(current), length);
+        p += length;
+    }
+    /* We do have space for this, too. */
+    *p = '\0';
+
+    return result;
+}
+
+static int TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info)
+{
+    ASN1_OBJECT *resp_oid = TS_TST_INFO_get_policy_id(tst_info);
+
+    if (OBJ_cmp(req_oid, resp_oid) != 0) {
+        TSerr(TS_F_TS_CHECK_POLICY, TS_R_POLICY_MISMATCH);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
+                              X509_ALGOR **md_alg,
+                              unsigned char **imprint, unsigned *imprint_len)
+{
+    TS_MSG_IMPRINT *msg_imprint = TS_TST_INFO_get_msg_imprint(tst_info);
+    X509_ALGOR *md_alg_resp = TS_MSG_IMPRINT_get_algo(msg_imprint);
+    const EVP_MD *md;
+    EVP_MD_CTX md_ctx;
+    unsigned char buffer[4096];
+    int length;
+
+    *md_alg = NULL;
+    *imprint = NULL;
+
+    /* Return the MD algorithm of the response. */
+    if (!(*md_alg = X509_ALGOR_dup(md_alg_resp)))
+        goto err;
+
+    /* Getting the MD object. */
+    if (!(md = EVP_get_digestbyobj((*md_alg)->algorithm))) {
+        TSerr(TS_F_TS_COMPUTE_IMPRINT, TS_R_UNSUPPORTED_MD_ALGORITHM);
+        goto err;
+    }
+
+    /* Compute message digest. */
+    length = EVP_MD_size(md);
+    if (length < 0)
+        goto err;
+    *imprint_len = length;
+    if (!(*imprint = OPENSSL_malloc(*imprint_len))) {
+        TSerr(TS_F_TS_COMPUTE_IMPRINT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!EVP_DigestInit(&md_ctx, md))
+        goto err;
+    while ((length = BIO_read(data, buffer, sizeof(buffer))) > 0) {
+        if (!EVP_DigestUpdate(&md_ctx, buffer, length))
+            goto err;
+    }
+    if (!EVP_DigestFinal(&md_ctx, *imprint, NULL))
+        goto err;
+
+    return 1;
+ err:
+    X509_ALGOR_free(*md_alg);
+    OPENSSL_free(*imprint);
+    *imprint_len = 0;
+    *imprint = NULL;
+    return 0;
+}
+
+static int TS_check_imprints(X509_ALGOR *algor_a,
+                             unsigned char *imprint_a, unsigned len_a,
+                             TS_TST_INFO *tst_info)
+{
+    TS_MSG_IMPRINT *b = TS_TST_INFO_get_msg_imprint(tst_info);
+    X509_ALGOR *algor_b = TS_MSG_IMPRINT_get_algo(b);
+    int ret = 0;
+
+    /* algor_a is optional. */
+    if (algor_a) {
+        /* Compare algorithm OIDs. */
+        if (OBJ_cmp(algor_a->algorithm, algor_b->algorithm))
+            goto err;
+
+        /* The parameter must be NULL in both. */
+        if ((algor_a->parameter
+             && ASN1_TYPE_get(algor_a->parameter) != V_ASN1_NULL)
+            || (algor_b->parameter
+                && ASN1_TYPE_get(algor_b->parameter) != V_ASN1_NULL))
+            goto err;
+    }
+
+    /* Compare octet strings. */
+    ret = len_a == (unsigned)ASN1_STRING_length(b->hashed_msg) &&
+        memcmp(imprint_a, ASN1_STRING_data(b->hashed_msg), len_a) == 0;
+ err:
+    if (!ret)
+        TSerr(TS_F_TS_CHECK_IMPRINTS, TS_R_MESSAGE_IMPRINT_MISMATCH);
+    return ret;
+}
+
+static int TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info)
+{
+    const ASN1_INTEGER *b = TS_TST_INFO_get_nonce(tst_info);
+
+    /* Error if nonce is missing. */
+    if (!b) {
+        TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_NOT_RETURNED);
+        return 0;
+    }
+
+    /* No error if a nonce is returned without being requested. */
+    if (ASN1_INTEGER_cmp(a, b) != 0) {
+        TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_MISMATCH);
+        return 0;
+    }
+
+    return 1;
+}
+
+/*
+ * Check if the specified TSA name matches either the subject or one of the
+ * subject alternative names of the TSA certificate.
+ */
+static int TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer)
+{
+    STACK_OF(GENERAL_NAME) *gen_names = NULL;
+    int idx = -1;
+    int found = 0;
+
+    /* Check the subject name first. */
+    if (tsa_name->type == GEN_DIRNAME
+        && X509_name_cmp(tsa_name->d.dirn, signer->cert_info->subject) == 0)
+        return 1;
+
+    /* Check all the alternative names. */
+    gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, NULL, &idx);
+    while (gen_names != NULL
+           && !(found = TS_find_name(gen_names, tsa_name) >= 0)) {
+        /*
+         * Get the next subject alternative name, although there should be no
+         * more than one.
+         */
+        GENERAL_NAMES_free(gen_names);
+        gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name,
+                                     NULL, &idx);
+    }
+    if (gen_names)
+        GENERAL_NAMES_free(gen_names);
+
+    return found;
+}
+
+/* Returns 1 if name is in gen_names, 0 otherwise. */
+static int TS_find_name(STACK_OF(GENERAL_NAME) *gen_names, GENERAL_NAME *name)
+{
+    int i, found;
+    for (i = 0, found = 0; !found && i < sk_GENERAL_NAME_num(gen_names); ++i) {
+        GENERAL_NAME *current = sk_GENERAL_NAME_value(gen_names, i);
+        found = GENERAL_NAME_cmp(current, name) == 0;
+    }
+    return found ? i - 1 : -1;
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/ui/ui.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/ui/ui.h	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/ui/ui.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,415 +0,0 @@
-/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
-/*
- * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
- * 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_UI_H
-# define HEADER_UI_H
-
-# ifndef OPENSSL_NO_DEPRECATED
-#  include <openssl/crypto.h>
-# endif
-# include <openssl/safestack.h>
-# include <openssl/ossl_typ.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Declared already in ossl_typ.h */
-/* typedef struct ui_st UI; */
-/* typedef struct ui_method_st UI_METHOD; */
-
-/*
- * All the following functions return -1 or NULL on error and in some cases
- * (UI_process()) -2 if interrupted or in some other way cancelled. When
- * everything is fine, they return 0, a positive value or a non-NULL pointer,
- * all depending on their purpose.
- */
-
-/* Creators and destructor.   */
-UI *UI_new(void);
-UI *UI_new_method(const UI_METHOD *method);
-void UI_free(UI *ui);
-
-/*-
-   The following functions are used to add strings to be printed and prompt
-   strings to prompt for data.  The names are UI_{add,dup}_<function>_string
-   and UI_{add,dup}_input_boolean.
-
-   UI_{add,dup}_<function>_string have the following meanings:
-        add     add a text or prompt string.  The pointers given to these
-                functions are used verbatim, no copying is done.
-        dup     make a copy of the text or prompt string, then add the copy
-                to the collection of strings in the user interface.
-        <function>
-                The function is a name for the functionality that the given
-                string shall be used for.  It can be one of:
-                        input   use the string as data prompt.
-                        verify  use the string as verification prompt.  This
-                                is used to verify a previous input.
-                        info    use the string for informational output.
-                        error   use the string for error output.
-   Honestly, there's currently no difference between info and error for the
-   moment.
-
-   UI_{add,dup}_input_boolean have the same semantics for "add" and "dup",
-   and are typically used when one wants to prompt for a yes/no response.
-
-   All of the functions in this group take a UI and a prompt string.
-   The string input and verify addition functions also take a flag argument,
-   a buffer for the result to end up with, a minimum input size and a maximum
-   input size (the result buffer MUST be large enough to be able to contain
-   the maximum number of characters).  Additionally, the verify addition
-   functions takes another buffer to compare the result against.
-   The boolean input functions take an action description string (which should
-   be safe to ignore if the expected user action is obvious, for example with
-   a dialog box with an OK button and a Cancel button), a string of acceptable
-   characters to mean OK and to mean Cancel.  The two last strings are checked
-   to make sure they don't have common characters.  Additionally, the same
-   flag argument as for the string input is taken, as well as a result buffer.
-   The result buffer is required to be at least one byte long.  Depending on
-   the answer, the first character from the OK or the Cancel character strings
-   will be stored in the first byte of the result buffer.  No NUL will be
-   added, so the result is *not* a string.
-
-   On success, the all return an index of the added information.  That index
-   is usefull when retrieving results with UI_get0_result(). */
-int UI_add_input_string(UI *ui, const char *prompt, int flags,
-                        char *result_buf, int minsize, int maxsize);
-int UI_dup_input_string(UI *ui, const char *prompt, int flags,
-                        char *result_buf, int minsize, int maxsize);
-int UI_add_verify_string(UI *ui, const char *prompt, int flags,
-                         char *result_buf, int minsize, int maxsize,
-                         const char *test_buf);
-int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
-                         char *result_buf, int minsize, int maxsize,
-                         const char *test_buf);
-int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
-                         const char *ok_chars, const char *cancel_chars,
-                         int flags, char *result_buf);
-int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
-                         const char *ok_chars, const char *cancel_chars,
-                         int flags, char *result_buf);
-int UI_add_info_string(UI *ui, const char *text);
-int UI_dup_info_string(UI *ui, const char *text);
-int UI_add_error_string(UI *ui, const char *text);
-int UI_dup_error_string(UI *ui, const char *text);
-
-/* These are the possible flags.  They can be or'ed together. */
-/* Use to have echoing of input */
-# define UI_INPUT_FLAG_ECHO              0x01
-/*
- * Use a default password.  Where that password is found is completely up to
- * the application, it might for example be in the user data set with
- * UI_add_user_data().  It is not recommended to have more than one input in
- * each UI being marked with this flag, or the application might get
- * confused.
- */
-# define UI_INPUT_FLAG_DEFAULT_PWD       0x02
-
-/*-
- * The user of these routines may want to define flags of their own.  The core
- * UI won't look at those, but will pass them on to the method routines.  They
- * must use higher bits so they don't get confused with the UI bits above.
- * UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use.  A good
- * example of use is this:
- *
- *    #define MY_UI_FLAG1       (0x01 << UI_INPUT_FLAG_USER_BASE)
- *
-*/
-# define UI_INPUT_FLAG_USER_BASE 16
-
-/*-
- * The following function helps construct a prompt.  object_desc is a
- * textual short description of the object, for example "pass phrase",
- * and object_name is the name of the object (might be a card name or
- * a file name.
- * The returned string shall always be allocated on the heap with
- * OPENSSL_malloc(), and need to be free'd with OPENSSL_free().
- *
- * If the ui_method doesn't contain a pointer to a user-defined prompt
- * constructor, a default string is built, looking like this:
- *
- *       "Enter {object_desc} for {object_name}:"
- *
- * So, if object_desc has the value "pass phrase" and object_name has
- * the value "foo.key", the resulting string is:
- *
- *       "Enter pass phrase for foo.key:"
-*/
-char *UI_construct_prompt(UI *ui_method,
-                          const char *object_desc, const char *object_name);
-
-/*
- * The following function is used to store a pointer to user-specific data.
- * Any previous such pointer will be returned and replaced.
- *
- * For callback purposes, this function makes a lot more sense than using
- * ex_data, since the latter requires that different parts of OpenSSL or
- * applications share the same ex_data index.
- *
- * Note that the UI_OpenSSL() method completely ignores the user data. Other
- * methods may not, however.
- */
-void *UI_add_user_data(UI *ui, void *user_data);
-/* We need a user data retrieving function as well.  */
-void *UI_get0_user_data(UI *ui);
-
-/* Return the result associated with a prompt given with the index i. */
-const char *UI_get0_result(UI *ui, int i);
-
-/* When all strings have been added, process the whole thing. */
-int UI_process(UI *ui);
-
-/*
- * Give a user interface parametrised control commands.  This can be used to
- * send down an integer, a data pointer or a function pointer, as well as be
- * used to get information from a UI.
- */
-int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void));
-
-/* The commands */
-/*
- * Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the
- * OpenSSL error stack before printing any info or added error messages and
- * before any prompting.
- */
-# define UI_CTRL_PRINT_ERRORS            1
-/*
- * Check if a UI_process() is possible to do again with the same instance of
- * a user interface.  This makes UI_ctrl() return 1 if it is redoable, and 0
- * if not.
- */
-# define UI_CTRL_IS_REDOABLE             2
-
-/* Some methods may use extra data */
-# define UI_set_app_data(s,arg)         UI_set_ex_data(s,0,arg)
-# define UI_get_app_data(s)             UI_get_ex_data(s,0)
-int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-                        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int UI_set_ex_data(UI *r, int idx, void *arg);
-void *UI_get_ex_data(UI *r, int idx);
-
-/* Use specific methods instead of the built-in one */
-void UI_set_default_method(const UI_METHOD *meth);
-const UI_METHOD *UI_get_default_method(void);
-const UI_METHOD *UI_get_method(UI *ui);
-const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth);
-
-/* The method with all the built-in thingies */
-UI_METHOD *UI_OpenSSL(void);
-
-/* ---------- For method writers ---------- */
-/*-
-   A method contains a number of functions that implement the low level
-   of the User Interface.  The functions are:
-
-        an opener       This function starts a session, maybe by opening
-                        a channel to a tty, or by opening a window.
-        a writer        This function is called to write a given string,
-                        maybe to the tty, maybe as a field label in a
-                        window.
-        a flusher       This function is called to flush everything that
-                        has been output so far.  It can be used to actually
-                        display a dialog box after it has been built.
-        a reader        This function is called to read a given prompt,
-                        maybe from the tty, maybe from a field in a
-                        window.  Note that it's called wth all string
-                        structures, not only the prompt ones, so it must
-                        check such things itself.
-        a closer        This function closes the session, maybe by closing
-                        the channel to the tty, or closing the window.
-
-   All these functions are expected to return:
-
-        0       on error.
-        1       on success.
-        -1      on out-of-band events, for example if some prompting has
-                been canceled (by pressing Ctrl-C, for example).  This is
-                only checked when returned by the flusher or the reader.
-
-   The way this is used, the opener is first called, then the writer for all
-   strings, then the flusher, then the reader for all strings and finally the
-   closer.  Note that if you want to prompt from a terminal or other command
-   line interface, the best is to have the reader also write the prompts
-   instead of having the writer do it.  If you want to prompt from a dialog
-   box, the writer can be used to build up the contents of the box, and the
-   flusher to actually display the box and run the event loop until all data
-   has been given, after which the reader only grabs the given data and puts
-   them back into the UI strings.
-
-   All method functions take a UI as argument.  Additionally, the writer and
-   the reader take a UI_STRING.
-*/
-
-/*
- * The UI_STRING type is the data structure that contains all the needed info
- * about a string or a prompt, including test data for a verification prompt.
- */
-typedef struct ui_string_st UI_STRING;
-DECLARE_STACK_OF(UI_STRING)
-
-/*
- * The different types of strings that are currently supported. This is only
- * needed by method authors.
- */
-enum UI_string_types {
-    UIT_NONE = 0,
-    UIT_PROMPT,                 /* Prompt for a string */
-    UIT_VERIFY,                 /* Prompt for a string and verify */
-    UIT_BOOLEAN,                /* Prompt for a yes/no response */
-    UIT_INFO,                   /* Send info to the user */
-    UIT_ERROR                   /* Send an error message to the user */
-};
-
-/* Create and manipulate methods */
-UI_METHOD *UI_create_method(char *name);
-void UI_destroy_method(UI_METHOD *ui_method);
-int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui));
-int UI_method_set_writer(UI_METHOD *method,
-                         int (*writer) (UI *ui, UI_STRING *uis));
-int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui));
-int UI_method_set_reader(UI_METHOD *method,
-                         int (*reader) (UI *ui, UI_STRING *uis));
-int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui));
-int UI_method_set_prompt_constructor(UI_METHOD *method,
-                                     char *(*prompt_constructor) (UI *ui,
-                                                                  const char
-                                                                  *object_desc,
-                                                                  const char
-                                                                  *object_name));
-int (*UI_method_get_opener(UI_METHOD *method)) (UI *);
-int (*UI_method_get_writer(UI_METHOD *method)) (UI *, UI_STRING *);
-int (*UI_method_get_flusher(UI_METHOD *method)) (UI *);
-int (*UI_method_get_reader(UI_METHOD *method)) (UI *, UI_STRING *);
-int (*UI_method_get_closer(UI_METHOD *method)) (UI *);
-char *(*UI_method_get_prompt_constructor(UI_METHOD *method)) (UI *,
-                                                              const char *,
-                                                              const char *);
-
-/*
- * The following functions are helpers for method writers to access relevant
- * data from a UI_STRING.
- */
-
-/* Return type of the UI_STRING */
-enum UI_string_types UI_get_string_type(UI_STRING *uis);
-/* Return input flags of the UI_STRING */
-int UI_get_input_flags(UI_STRING *uis);
-/* Return the actual string to output (the prompt, info or error) */
-const char *UI_get0_output_string(UI_STRING *uis);
-/*
- * Return the optional action string to output (the boolean promtp
- * instruction)
- */
-const char *UI_get0_action_string(UI_STRING *uis);
-/* Return the result of a prompt */
-const char *UI_get0_result_string(UI_STRING *uis);
-/*
- * Return the string to test the result against.  Only useful with verifies.
- */
-const char *UI_get0_test_string(UI_STRING *uis);
-/* Return the required minimum size of the result */
-int UI_get_result_minsize(UI_STRING *uis);
-/* Return the required maximum size of the result */
-int UI_get_result_maxsize(UI_STRING *uis);
-/* Set the result of a UI_STRING. */
-int UI_set_result(UI *ui, UI_STRING *uis, const char *result);
-
-/* A couple of popular utility functions */
-int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,
-                           int verify);
-int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt,
-                    int verify);
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_UI_strings(void);
-
-/* Error codes for the UI functions. */
-
-/* Function codes. */
-# define UI_F_GENERAL_ALLOCATE_BOOLEAN                    108
-# define UI_F_GENERAL_ALLOCATE_PROMPT                     109
-# define UI_F_GENERAL_ALLOCATE_STRING                     100
-# define UI_F_UI_CTRL                                     111
-# define UI_F_UI_DUP_ERROR_STRING                         101
-# define UI_F_UI_DUP_INFO_STRING                          102
-# define UI_F_UI_DUP_INPUT_BOOLEAN                        110
-# define UI_F_UI_DUP_INPUT_STRING                         103
-# define UI_F_UI_DUP_VERIFY_STRING                        106
-# define UI_F_UI_GET0_RESULT                              107
-# define UI_F_UI_NEW_METHOD                               104
-# define UI_F_UI_SET_RESULT                               105
-
-/* Reason codes. */
-# define UI_R_COMMON_OK_AND_CANCEL_CHARACTERS             104
-# define UI_R_INDEX_TOO_LARGE                             102
-# define UI_R_INDEX_TOO_SMALL                             103
-# define UI_R_NO_RESULT_BUFFER                            105
-# define UI_R_RESULT_TOO_LARGE                            100
-# define UI_R_RESULT_TOO_SMALL                            101
-# define UI_R_UNKNOWN_CONTROL_COMMAND                     106
-
-#ifdef  __cplusplus
-}
-#endif
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/ui/ui.h (from rev 11605, vendor-crypto/openssl/dist/crypto/ui/ui.h)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/ui/ui.h	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/ui/ui.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,415 @@
+/* crypto/ui/ui.h */
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_UI_H
+# define HEADER_UI_H
+
+# ifndef OPENSSL_NO_DEPRECATED
+#  include <openssl/crypto.h>
+# endif
+# include <openssl/safestack.h>
+# include <openssl/ossl_typ.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Declared already in ossl_typ.h */
+/* typedef struct ui_st UI; */
+/* typedef struct ui_method_st UI_METHOD; */
+
+/*
+ * All the following functions return -1 or NULL on error and in some cases
+ * (UI_process()) -2 if interrupted or in some other way cancelled. When
+ * everything is fine, they return 0, a positive value or a non-NULL pointer,
+ * all depending on their purpose.
+ */
+
+/* Creators and destructor.   */
+UI *UI_new(void);
+UI *UI_new_method(const UI_METHOD *method);
+void UI_free(UI *ui);
+
+/*-
+   The following functions are used to add strings to be printed and prompt
+   strings to prompt for data.  The names are UI_{add,dup}_<function>_string
+   and UI_{add,dup}_input_boolean.
+
+   UI_{add,dup}_<function>_string have the following meanings:
+        add     add a text or prompt string.  The pointers given to these
+                functions are used verbatim, no copying is done.
+        dup     make a copy of the text or prompt string, then add the copy
+                to the collection of strings in the user interface.
+        <function>
+                The function is a name for the functionality that the given
+                string shall be used for.  It can be one of:
+                        input   use the string as data prompt.
+                        verify  use the string as verification prompt.  This
+                                is used to verify a previous input.
+                        info    use the string for informational output.
+                        error   use the string for error output.
+   Honestly, there's currently no difference between info and error for the
+   moment.
+
+   UI_{add,dup}_input_boolean have the same semantics for "add" and "dup",
+   and are typically used when one wants to prompt for a yes/no response.
+
+   All of the functions in this group take a UI and a prompt string.
+   The string input and verify addition functions also take a flag argument,
+   a buffer for the result to end up with, a minimum input size and a maximum
+   input size (the result buffer MUST be large enough to be able to contain
+   the maximum number of characters).  Additionally, the verify addition
+   functions takes another buffer to compare the result against.
+   The boolean input functions take an action description string (which should
+   be safe to ignore if the expected user action is obvious, for example with
+   a dialog box with an OK button and a Cancel button), a string of acceptable
+   characters to mean OK and to mean Cancel.  The two last strings are checked
+   to make sure they don't have common characters.  Additionally, the same
+   flag argument as for the string input is taken, as well as a result buffer.
+   The result buffer is required to be at least one byte long.  Depending on
+   the answer, the first character from the OK or the Cancel character strings
+   will be stored in the first byte of the result buffer.  No NUL will be
+   added, so the result is *not* a string.
+
+   On success, the all return an index of the added information.  That index
+   is usefull when retrieving results with UI_get0_result(). */
+int UI_add_input_string(UI *ui, const char *prompt, int flags,
+                        char *result_buf, int minsize, int maxsize);
+int UI_dup_input_string(UI *ui, const char *prompt, int flags,
+                        char *result_buf, int minsize, int maxsize);
+int UI_add_verify_string(UI *ui, const char *prompt, int flags,
+                         char *result_buf, int minsize, int maxsize,
+                         const char *test_buf);
+int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
+                         char *result_buf, int minsize, int maxsize,
+                         const char *test_buf);
+int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+                         const char *ok_chars, const char *cancel_chars,
+                         int flags, char *result_buf);
+int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+                         const char *ok_chars, const char *cancel_chars,
+                         int flags, char *result_buf);
+int UI_add_info_string(UI *ui, const char *text);
+int UI_dup_info_string(UI *ui, const char *text);
+int UI_add_error_string(UI *ui, const char *text);
+int UI_dup_error_string(UI *ui, const char *text);
+
+/* These are the possible flags.  They can be or'ed together. */
+/* Use to have echoing of input */
+# define UI_INPUT_FLAG_ECHO              0x01
+/*
+ * Use a default password.  Where that password is found is completely up to
+ * the application, it might for example be in the user data set with
+ * UI_add_user_data().  It is not recommended to have more than one input in
+ * each UI being marked with this flag, or the application might get
+ * confused.
+ */
+# define UI_INPUT_FLAG_DEFAULT_PWD       0x02
+
+/*-
+ * The user of these routines may want to define flags of their own.  The core
+ * UI won't look at those, but will pass them on to the method routines.  They
+ * must use higher bits so they don't get confused with the UI bits above.
+ * UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use.  A good
+ * example of use is this:
+ *
+ *    #define MY_UI_FLAG1       (0x01 << UI_INPUT_FLAG_USER_BASE)
+ *
+*/
+# define UI_INPUT_FLAG_USER_BASE 16
+
+/*-
+ * The following function helps construct a prompt.  object_desc is a
+ * textual short description of the object, for example "pass phrase",
+ * and object_name is the name of the object (might be a card name or
+ * a file name.
+ * The returned string shall always be allocated on the heap with
+ * OPENSSL_malloc(), and need to be free'd with OPENSSL_free().
+ *
+ * If the ui_method doesn't contain a pointer to a user-defined prompt
+ * constructor, a default string is built, looking like this:
+ *
+ *       "Enter {object_desc} for {object_name}:"
+ *
+ * So, if object_desc has the value "pass phrase" and object_name has
+ * the value "foo.key", the resulting string is:
+ *
+ *       "Enter pass phrase for foo.key:"
+*/
+char *UI_construct_prompt(UI *ui_method,
+                          const char *object_desc, const char *object_name);
+
+/*
+ * The following function is used to store a pointer to user-specific data.
+ * Any previous such pointer will be returned and replaced.
+ *
+ * For callback purposes, this function makes a lot more sense than using
+ * ex_data, since the latter requires that different parts of OpenSSL or
+ * applications share the same ex_data index.
+ *
+ * Note that the UI_OpenSSL() method completely ignores the user data. Other
+ * methods may not, however.
+ */
+void *UI_add_user_data(UI *ui, void *user_data);
+/* We need a user data retrieving function as well.  */
+void *UI_get0_user_data(UI *ui);
+
+/* Return the result associated with a prompt given with the index i. */
+const char *UI_get0_result(UI *ui, int i);
+
+/* When all strings have been added, process the whole thing. */
+int UI_process(UI *ui);
+
+/*
+ * Give a user interface parametrised control commands.  This can be used to
+ * send down an integer, a data pointer or a function pointer, as well as be
+ * used to get information from a UI.
+ */
+int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void));
+
+/* The commands */
+/*
+ * Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the
+ * OpenSSL error stack before printing any info or added error messages and
+ * before any prompting.
+ */
+# define UI_CTRL_PRINT_ERRORS            1
+/*
+ * Check if a UI_process() is possible to do again with the same instance of
+ * a user interface.  This makes UI_ctrl() return 1 if it is redoable, and 0
+ * if not.
+ */
+# define UI_CTRL_IS_REDOABLE             2
+
+/* Some methods may use extra data */
+# define UI_set_app_data(s,arg)         UI_set_ex_data(s,0,arg)
+# define UI_get_app_data(s)             UI_get_ex_data(s,0)
+int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+                        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int UI_set_ex_data(UI *r, int idx, void *arg);
+void *UI_get_ex_data(UI *r, int idx);
+
+/* Use specific methods instead of the built-in one */
+void UI_set_default_method(const UI_METHOD *meth);
+const UI_METHOD *UI_get_default_method(void);
+const UI_METHOD *UI_get_method(UI *ui);
+const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth);
+
+/* The method with all the built-in thingies */
+UI_METHOD *UI_OpenSSL(void);
+
+/* ---------- For method writers ---------- */
+/*-
+   A method contains a number of functions that implement the low level
+   of the User Interface.  The functions are:
+
+        an opener       This function starts a session, maybe by opening
+                        a channel to a tty, or by opening a window.
+        a writer        This function is called to write a given string,
+                        maybe to the tty, maybe as a field label in a
+                        window.
+        a flusher       This function is called to flush everything that
+                        has been output so far.  It can be used to actually
+                        display a dialog box after it has been built.
+        a reader        This function is called to read a given prompt,
+                        maybe from the tty, maybe from a field in a
+                        window.  Note that it's called wth all string
+                        structures, not only the prompt ones, so it must
+                        check such things itself.
+        a closer        This function closes the session, maybe by closing
+                        the channel to the tty, or closing the window.
+
+   All these functions are expected to return:
+
+        0       on error.
+        1       on success.
+        -1      on out-of-band events, for example if some prompting has
+                been canceled (by pressing Ctrl-C, for example).  This is
+                only checked when returned by the flusher or the reader.
+
+   The way this is used, the opener is first called, then the writer for all
+   strings, then the flusher, then the reader for all strings and finally the
+   closer.  Note that if you want to prompt from a terminal or other command
+   line interface, the best is to have the reader also write the prompts
+   instead of having the writer do it.  If you want to prompt from a dialog
+   box, the writer can be used to build up the contents of the box, and the
+   flusher to actually display the box and run the event loop until all data
+   has been given, after which the reader only grabs the given data and puts
+   them back into the UI strings.
+
+   All method functions take a UI as argument.  Additionally, the writer and
+   the reader take a UI_STRING.
+*/
+
+/*
+ * The UI_STRING type is the data structure that contains all the needed info
+ * about a string or a prompt, including test data for a verification prompt.
+ */
+typedef struct ui_string_st UI_STRING;
+DECLARE_STACK_OF(UI_STRING)
+
+/*
+ * The different types of strings that are currently supported. This is only
+ * needed by method authors.
+ */
+enum UI_string_types {
+    UIT_NONE = 0,
+    UIT_PROMPT,                 /* Prompt for a string */
+    UIT_VERIFY,                 /* Prompt for a string and verify */
+    UIT_BOOLEAN,                /* Prompt for a yes/no response */
+    UIT_INFO,                   /* Send info to the user */
+    UIT_ERROR                   /* Send an error message to the user */
+};
+
+/* Create and manipulate methods */
+UI_METHOD *UI_create_method(char *name);
+void UI_destroy_method(UI_METHOD *ui_method);
+int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui));
+int UI_method_set_writer(UI_METHOD *method,
+                         int (*writer) (UI *ui, UI_STRING *uis));
+int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui));
+int UI_method_set_reader(UI_METHOD *method,
+                         int (*reader) (UI *ui, UI_STRING *uis));
+int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui));
+int UI_method_set_prompt_constructor(UI_METHOD *method,
+                                     char *(*prompt_constructor) (UI *ui,
+                                                                  const char
+                                                                  *object_desc,
+                                                                  const char
+                                                                  *object_name));
+int (*UI_method_get_opener(UI_METHOD *method)) (UI *);
+int (*UI_method_get_writer(UI_METHOD *method)) (UI *, UI_STRING *);
+int (*UI_method_get_flusher(UI_METHOD *method)) (UI *);
+int (*UI_method_get_reader(UI_METHOD *method)) (UI *, UI_STRING *);
+int (*UI_method_get_closer(UI_METHOD *method)) (UI *);
+char *(*UI_method_get_prompt_constructor(UI_METHOD *method)) (UI *,
+                                                              const char *,
+                                                              const char *);
+
+/*
+ * The following functions are helpers for method writers to access relevant
+ * data from a UI_STRING.
+ */
+
+/* Return type of the UI_STRING */
+enum UI_string_types UI_get_string_type(UI_STRING *uis);
+/* Return input flags of the UI_STRING */
+int UI_get_input_flags(UI_STRING *uis);
+/* Return the actual string to output (the prompt, info or error) */
+const char *UI_get0_output_string(UI_STRING *uis);
+/*
+ * Return the optional action string to output (the boolean promtp
+ * instruction)
+ */
+const char *UI_get0_action_string(UI_STRING *uis);
+/* Return the result of a prompt */
+const char *UI_get0_result_string(UI_STRING *uis);
+/*
+ * Return the string to test the result against.  Only useful with verifies.
+ */
+const char *UI_get0_test_string(UI_STRING *uis);
+/* Return the required minimum size of the result */
+int UI_get_result_minsize(UI_STRING *uis);
+/* Return the required maximum size of the result */
+int UI_get_result_maxsize(UI_STRING *uis);
+/* Set the result of a UI_STRING. */
+int UI_set_result(UI *ui, UI_STRING *uis, const char *result);
+
+/* A couple of popular utility functions */
+int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,
+                           int verify);
+int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt,
+                    int verify);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_UI_strings(void);
+
+/* Error codes for the UI functions. */
+
+/* Function codes. */
+# define UI_F_GENERAL_ALLOCATE_BOOLEAN                    108
+# define UI_F_GENERAL_ALLOCATE_PROMPT                     109
+# define UI_F_GENERAL_ALLOCATE_STRING                     100
+# define UI_F_UI_CTRL                                     111
+# define UI_F_UI_DUP_ERROR_STRING                         101
+# define UI_F_UI_DUP_INFO_STRING                          102
+# define UI_F_UI_DUP_INPUT_BOOLEAN                        110
+# define UI_F_UI_DUP_INPUT_STRING                         103
+# define UI_F_UI_DUP_VERIFY_STRING                        106
+# define UI_F_UI_GET0_RESULT                              107
+# define UI_F_UI_NEW_METHOD                               104
+# define UI_F_UI_SET_RESULT                               105
+
+/* Reason codes. */
+# define UI_R_COMMON_OK_AND_CANCEL_CHARACTERS             104
+# define UI_R_INDEX_TOO_LARGE                             102
+# define UI_R_INDEX_TOO_SMALL                             103
+# define UI_R_NO_RESULT_BUFFER                            105
+# define UI_R_RESULT_TOO_LARGE                            100
+# define UI_R_RESULT_TOO_SMALL                            101
+# define UI_R_UNKNOWN_CONTROL_COMMAND                     106
+
+#ifdef  __cplusplus
+}
+#endif
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/ui/ui_compat.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ui/ui_compat.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/ui/ui_compat.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,69 +0,0 @@
-/* crypto/ui/ui_compat.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include <openssl/ui_compat.h>
-
-int _ossl_old_des_read_pw_string(char *buf, int length, const char *prompt,
-                                 int verify)
-{
-    return UI_UTIL_read_pw_string(buf, length, prompt, verify);
-}
-
-int _ossl_old_des_read_pw(char *buf, char *buff, int size, const char *prompt,
-                          int verify)
-{
-    return UI_UTIL_read_pw(buf, buff, size, prompt, verify);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/ui/ui_compat.c (from rev 11605, vendor-crypto/openssl/dist/crypto/ui/ui_compat.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/ui/ui_compat.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/ui/ui_compat.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,69 @@
+/* crypto/ui/ui_compat.c */
+/* ====================================================================
+ * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/ui_compat.h>
+
+int _ossl_old_des_read_pw_string(char *buf, int length, const char *prompt,
+                                 int verify)
+{
+    return UI_UTIL_read_pw_string(buf, length, prompt, verify);
+}
+
+int _ossl_old_des_read_pw(char *buf, char *buff, int size, const char *prompt,
+                          int verify)
+{
+    return UI_UTIL_read_pw(buf, buff, size, prompt, verify);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/ui/ui_compat.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/ui/ui_compat.h	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/ui/ui_compat.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,88 +0,0 @@
-/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
-/*
- * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
- * 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_UI_COMPAT_H
-# define HEADER_UI_COMPAT_H
-
-# include <openssl/opensslconf.h>
-# include <openssl/ui.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/*
- * The following functions were previously part of the DES section, and are
- * provided here for backward compatibility reasons.
- */
-
-# define des_read_pw_string(b,l,p,v) \
-        _ossl_old_des_read_pw_string((b),(l),(p),(v))
-# define des_read_pw(b,bf,s,p,v) \
-        _ossl_old_des_read_pw((b),(bf),(s),(p),(v))
-
-int _ossl_old_des_read_pw_string(char *buf, int length, const char *prompt,
-                                 int verify);
-int _ossl_old_des_read_pw(char *buf, char *buff, int size, const char *prompt,
-                          int verify);
-
-#ifdef  __cplusplus
-}
-#endif
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/ui/ui_compat.h (from rev 11605, vendor-crypto/openssl/dist/crypto/ui/ui_compat.h)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/ui/ui_compat.h	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/ui/ui_compat.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,88 @@
+/* crypto/ui/ui.h */
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_UI_COMPAT_H
+# define HEADER_UI_COMPAT_H
+
+# include <openssl/opensslconf.h>
+# include <openssl/ui.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*
+ * The following functions were previously part of the DES section, and are
+ * provided here for backward compatibility reasons.
+ */
+
+# define des_read_pw_string(b,l,p,v) \
+        _ossl_old_des_read_pw_string((b),(l),(p),(v))
+# define des_read_pw(b,bf,s,p,v) \
+        _ossl_old_des_read_pw((b),(bf),(s),(p),(v))
+
+int _ossl_old_des_read_pw_string(char *buf, int length, const char *prompt,
+                                 int verify);
+int _ossl_old_des_read_pw(char *buf, char *buff, int size, const char *prompt,
+                          int verify);
+
+#ifdef  __cplusplus
+}
+#endif
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/ui/ui_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ui/ui_lib.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/ui/ui_lib.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,870 +0,0 @@
-/* crypto/ui/ui_lib.c -*- mode:C; c-file-style: "eay" -*- */
-/*
- * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
- * 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include "cryptlib.h"
-#include <openssl/e_os2.h>
-#include <openssl/buffer.h>
-#include <openssl/ui.h>
-#include <openssl/err.h>
-#include "ui_locl.h"
-
-IMPLEMENT_STACK_OF(UI_STRING_ST)
-
-static const UI_METHOD *default_UI_meth = NULL;
-
-UI *UI_new(void)
-{
-    return (UI_new_method(NULL));
-}
-
-UI *UI_new_method(const UI_METHOD *method)
-{
-    UI *ret;
-
-    ret = (UI *)OPENSSL_malloc(sizeof(UI));
-    if (ret == NULL) {
-        UIerr(UI_F_UI_NEW_METHOD, ERR_R_MALLOC_FAILURE);
-        return NULL;
-    }
-    if (method == NULL)
-        ret->meth = UI_get_default_method();
-    else
-        ret->meth = method;
-
-    ret->strings = NULL;
-    ret->user_data = NULL;
-    ret->flags = 0;
-    CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data);
-    return ret;
-}
-
-static void free_string(UI_STRING *uis)
-{
-    if (uis->flags & OUT_STRING_FREEABLE) {
-        OPENSSL_free((char *)uis->out_string);
-        switch (uis->type) {
-        case UIT_BOOLEAN:
-            OPENSSL_free((char *)uis->_.boolean_data.action_desc);
-            OPENSSL_free((char *)uis->_.boolean_data.ok_chars);
-            OPENSSL_free((char *)uis->_.boolean_data.cancel_chars);
-            break;
-        default:
-            break;
-        }
-    }
-    OPENSSL_free(uis);
-}
-
-void UI_free(UI *ui)
-{
-    if (ui == NULL)
-        return;
-    sk_UI_STRING_pop_free(ui->strings, free_string);
-    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI, ui, &ui->ex_data);
-    OPENSSL_free(ui);
-}
-
-static int allocate_string_stack(UI *ui)
-{
-    if (ui->strings == NULL) {
-        ui->strings = sk_UI_STRING_new_null();
-        if (ui->strings == NULL) {
-            return -1;
-        }
-    }
-    return 0;
-}
-
-static UI_STRING *general_allocate_prompt(UI *ui, const char *prompt,
-                                          int prompt_freeable,
-                                          enum UI_string_types type,
-                                          int input_flags, char *result_buf)
-{
-    UI_STRING *ret = NULL;
-
-    if (prompt == NULL) {
-        UIerr(UI_F_GENERAL_ALLOCATE_PROMPT, ERR_R_PASSED_NULL_PARAMETER);
-    } else if ((type == UIT_PROMPT || type == UIT_VERIFY
-                || type == UIT_BOOLEAN) && result_buf == NULL) {
-        UIerr(UI_F_GENERAL_ALLOCATE_PROMPT, UI_R_NO_RESULT_BUFFER);
-    } else if ((ret = (UI_STRING *)OPENSSL_malloc(sizeof(UI_STRING)))) {
-        ret->out_string = prompt;
-        ret->flags = prompt_freeable ? OUT_STRING_FREEABLE : 0;
-        ret->input_flags = input_flags;
-        ret->type = type;
-        ret->result_buf = result_buf;
-    }
-    return ret;
-}
-
-static int general_allocate_string(UI *ui, const char *prompt,
-                                   int prompt_freeable,
-                                   enum UI_string_types type, int input_flags,
-                                   char *result_buf, int minsize, int maxsize,
-                                   const char *test_buf)
-{
-    int ret = -1;
-    UI_STRING *s = general_allocate_prompt(ui, prompt, prompt_freeable,
-                                           type, input_flags, result_buf);
-
-    if (s) {
-        if (allocate_string_stack(ui) >= 0) {
-            s->_.string_data.result_minsize = minsize;
-            s->_.string_data.result_maxsize = maxsize;
-            s->_.string_data.test_buf = test_buf;
-            ret = sk_UI_STRING_push(ui->strings, s);
-            /* sk_push() returns 0 on error.  Let's addapt that */
-            if (ret <= 0)
-                ret--;
-        } else
-            free_string(s);
-    }
-    return ret;
-}
-
-static int general_allocate_boolean(UI *ui,
-                                    const char *prompt,
-                                    const char *action_desc,
-                                    const char *ok_chars,
-                                    const char *cancel_chars,
-                                    int prompt_freeable,
-                                    enum UI_string_types type,
-                                    int input_flags, char *result_buf)
-{
-    int ret = -1;
-    UI_STRING *s;
-    const char *p;
-
-    if (ok_chars == NULL) {
-        UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN, ERR_R_PASSED_NULL_PARAMETER);
-    } else if (cancel_chars == NULL) {
-        UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN, ERR_R_PASSED_NULL_PARAMETER);
-    } else {
-        for (p = ok_chars; *p; p++) {
-            if (strchr(cancel_chars, *p)) {
-                UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,
-                      UI_R_COMMON_OK_AND_CANCEL_CHARACTERS);
-            }
-        }
-
-        s = general_allocate_prompt(ui, prompt, prompt_freeable,
-                                    type, input_flags, result_buf);
-
-        if (s) {
-            if (allocate_string_stack(ui) >= 0) {
-                s->_.boolean_data.action_desc = action_desc;
-                s->_.boolean_data.ok_chars = ok_chars;
-                s->_.boolean_data.cancel_chars = cancel_chars;
-                ret = sk_UI_STRING_push(ui->strings, s);
-                /*
-                 * sk_push() returns 0 on error. Let's addapt that
-                 */
-                if (ret <= 0)
-                    ret--;
-            } else
-                free_string(s);
-        }
-    }
-    return ret;
-}
-
-/*
- * Returns the index to the place in the stack or -1 for error.  Uses a
- * direct reference to the prompt.
- */
-int UI_add_input_string(UI *ui, const char *prompt, int flags,
-                        char *result_buf, int minsize, int maxsize)
-{
-    return general_allocate_string(ui, prompt, 0,
-                                   UIT_PROMPT, flags, result_buf, minsize,
-                                   maxsize, NULL);
-}
-
-/* Same as UI_add_input_string(), excepts it takes a copy of the prompt */
-int UI_dup_input_string(UI *ui, const char *prompt, int flags,
-                        char *result_buf, int minsize, int maxsize)
-{
-    char *prompt_copy = NULL;
-
-    if (prompt) {
-        prompt_copy = BUF_strdup(prompt);
-        if (prompt_copy == NULL) {
-            UIerr(UI_F_UI_DUP_INPUT_STRING, ERR_R_MALLOC_FAILURE);
-            return 0;
-        }
-    }
-
-    return general_allocate_string(ui, prompt_copy, 1,
-                                   UIT_PROMPT, flags, result_buf, minsize,
-                                   maxsize, NULL);
-}
-
-int UI_add_verify_string(UI *ui, const char *prompt, int flags,
-                         char *result_buf, int minsize, int maxsize,
-                         const char *test_buf)
-{
-    return general_allocate_string(ui, prompt, 0,
-                                   UIT_VERIFY, flags, result_buf, minsize,
-                                   maxsize, test_buf);
-}
-
-int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
-                         char *result_buf, int minsize, int maxsize,
-                         const char *test_buf)
-{
-    char *prompt_copy = NULL;
-
-    if (prompt) {
-        prompt_copy = BUF_strdup(prompt);
-        if (prompt_copy == NULL) {
-            UIerr(UI_F_UI_DUP_VERIFY_STRING, ERR_R_MALLOC_FAILURE);
-            return -1;
-        }
-    }
-
-    return general_allocate_string(ui, prompt_copy, 1,
-                                   UIT_VERIFY, flags, result_buf, minsize,
-                                   maxsize, test_buf);
-}
-
-int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
-                         const char *ok_chars, const char *cancel_chars,
-                         int flags, char *result_buf)
-{
-    return general_allocate_boolean(ui, prompt, action_desc,
-                                    ok_chars, cancel_chars, 0, UIT_BOOLEAN,
-                                    flags, result_buf);
-}
-
-int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
-                         const char *ok_chars, const char *cancel_chars,
-                         int flags, char *result_buf)
-{
-    char *prompt_copy = NULL;
-    char *action_desc_copy = NULL;
-    char *ok_chars_copy = NULL;
-    char *cancel_chars_copy = NULL;
-
-    if (prompt) {
-        prompt_copy = BUF_strdup(prompt);
-        if (prompt_copy == NULL) {
-            UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-    }
-
-    if (action_desc) {
-        action_desc_copy = BUF_strdup(action_desc);
-        if (action_desc_copy == NULL) {
-            UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-    }
-
-    if (ok_chars) {
-        ok_chars_copy = BUF_strdup(ok_chars);
-        if (ok_chars_copy == NULL) {
-            UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-    }
-
-    if (cancel_chars) {
-        cancel_chars_copy = BUF_strdup(cancel_chars);
-        if (cancel_chars_copy == NULL) {
-            UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-    }
-
-    return general_allocate_boolean(ui, prompt_copy, action_desc_copy,
-                                    ok_chars_copy, cancel_chars_copy, 1,
-                                    UIT_BOOLEAN, flags, result_buf);
- err:
-    if (prompt_copy)
-        OPENSSL_free(prompt_copy);
-    if (action_desc_copy)
-        OPENSSL_free(action_desc_copy);
-    if (ok_chars_copy)
-        OPENSSL_free(ok_chars_copy);
-    if (cancel_chars_copy)
-        OPENSSL_free(cancel_chars_copy);
-    return -1;
-}
-
-int UI_add_info_string(UI *ui, const char *text)
-{
-    return general_allocate_string(ui, text, 0, UIT_INFO, 0, NULL, 0, 0,
-                                   NULL);
-}
-
-int UI_dup_info_string(UI *ui, const char *text)
-{
-    char *text_copy = NULL;
-
-    if (text) {
-        text_copy = BUF_strdup(text);
-        if (text_copy == NULL) {
-            UIerr(UI_F_UI_DUP_INFO_STRING, ERR_R_MALLOC_FAILURE);
-            return -1;
-        }
-    }
-
-    return general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL,
-                                   0, 0, NULL);
-}
-
-int UI_add_error_string(UI *ui, const char *text)
-{
-    return general_allocate_string(ui, text, 0, UIT_ERROR, 0, NULL, 0, 0,
-                                   NULL);
-}
-
-int UI_dup_error_string(UI *ui, const char *text)
-{
-    char *text_copy = NULL;
-
-    if (text) {
-        text_copy = BUF_strdup(text);
-        if (text_copy == NULL) {
-            UIerr(UI_F_UI_DUP_ERROR_STRING, ERR_R_MALLOC_FAILURE);
-            return -1;
-        }
-    }
-    return general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL,
-                                   0, 0, NULL);
-}
-
-char *UI_construct_prompt(UI *ui, const char *object_desc,
-                          const char *object_name)
-{
-    char *prompt = NULL;
-
-    if (ui->meth->ui_construct_prompt)
-        prompt = ui->meth->ui_construct_prompt(ui, object_desc, object_name);
-    else {
-        char prompt1[] = "Enter ";
-        char prompt2[] = " for ";
-        char prompt3[] = ":";
-        int len = 0;
-
-        if (object_desc == NULL)
-            return NULL;
-        len = sizeof(prompt1) - 1 + strlen(object_desc);
-        if (object_name)
-            len += sizeof(prompt2) - 1 + strlen(object_name);
-        len += sizeof(prompt3) - 1;
-
-        prompt = (char *)OPENSSL_malloc(len + 1);
-        BUF_strlcpy(prompt, prompt1, len + 1);
-        BUF_strlcat(prompt, object_desc, len + 1);
-        if (object_name) {
-            BUF_strlcat(prompt, prompt2, len + 1);
-            BUF_strlcat(prompt, object_name, len + 1);
-        }
-        BUF_strlcat(prompt, prompt3, len + 1);
-    }
-    return prompt;
-}
-
-void *UI_add_user_data(UI *ui, void *user_data)
-{
-    void *old_data = ui->user_data;
-    ui->user_data = user_data;
-    return old_data;
-}
-
-void *UI_get0_user_data(UI *ui)
-{
-    return ui->user_data;
-}
-
-const char *UI_get0_result(UI *ui, int i)
-{
-    if (i < 0) {
-        UIerr(UI_F_UI_GET0_RESULT, UI_R_INDEX_TOO_SMALL);
-        return NULL;
-    }
-    if (i >= sk_UI_STRING_num(ui->strings)) {
-        UIerr(UI_F_UI_GET0_RESULT, UI_R_INDEX_TOO_LARGE);
-        return NULL;
-    }
-    return UI_get0_result_string(sk_UI_STRING_value(ui->strings, i));
-}
-
-static int print_error(const char *str, size_t len, UI *ui)
-{
-    UI_STRING uis;
-
-    memset(&uis, 0, sizeof(uis));
-    uis.type = UIT_ERROR;
-    uis.out_string = str;
-
-    if (ui->meth->ui_write_string && !ui->meth->ui_write_string(ui, &uis))
-        return -1;
-    return 0;
-}
-
-int UI_process(UI *ui)
-{
-    int i, ok = 0;
-
-    if (ui->meth->ui_open_session && !ui->meth->ui_open_session(ui))
-        return -1;
-
-    if (ui->flags & UI_FLAG_PRINT_ERRORS)
-        ERR_print_errors_cb((int (*)(const char *, size_t, void *))
-                            print_error, (void *)ui);
-
-    for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) {
-        if (ui->meth->ui_write_string
-            && !ui->meth->ui_write_string(ui,
-                                          sk_UI_STRING_value(ui->strings, i)))
-        {
-            ok = -1;
-            goto err;
-        }
-    }
-
-    if (ui->meth->ui_flush)
-        switch (ui->meth->ui_flush(ui)) {
-        case -1:               /* Interrupt/Cancel/something... */
-            ok = -2;
-            goto err;
-        case 0:                /* Errors */
-            ok = -1;
-            goto err;
-        default:               /* Success */
-            ok = 0;
-            break;
-        }
-
-    for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) {
-        if (ui->meth->ui_read_string) {
-            switch (ui->meth->ui_read_string(ui,
-                                             sk_UI_STRING_value(ui->strings,
-                                                                i))) {
-            case -1:           /* Interrupt/Cancel/something... */
-                ok = -2;
-                goto err;
-            case 0:            /* Errors */
-                ok = -1;
-                goto err;
-            default:           /* Success */
-                ok = 0;
-                break;
-            }
-        }
-    }
- err:
-    if (ui->meth->ui_close_session && !ui->meth->ui_close_session(ui))
-        return -1;
-    return ok;
-}
-
-int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void))
-{
-    if (ui == NULL) {
-        UIerr(UI_F_UI_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-        return -1;
-    }
-    switch (cmd) {
-    case UI_CTRL_PRINT_ERRORS:
-        {
-            int save_flag = ! !(ui->flags & UI_FLAG_PRINT_ERRORS);
-            if (i)
-                ui->flags |= UI_FLAG_PRINT_ERRORS;
-            else
-                ui->flags &= ~UI_FLAG_PRINT_ERRORS;
-            return save_flag;
-        }
-    case UI_CTRL_IS_REDOABLE:
-        return ! !(ui->flags & UI_FLAG_REDOABLE);
-    default:
-        break;
-    }
-    UIerr(UI_F_UI_CTRL, UI_R_UNKNOWN_CONTROL_COMMAND);
-    return -1;
-}
-
-int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-                        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-{
-    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, argl, argp,
-                                   new_func, dup_func, free_func);
-}
-
-int UI_set_ex_data(UI *r, int idx, void *arg)
-{
-    return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
-}
-
-void *UI_get_ex_data(UI *r, int idx)
-{
-    return (CRYPTO_get_ex_data(&r->ex_data, idx));
-}
-
-void UI_set_default_method(const UI_METHOD *meth)
-{
-    default_UI_meth = meth;
-}
-
-const UI_METHOD *UI_get_default_method(void)
-{
-    if (default_UI_meth == NULL) {
-        default_UI_meth = UI_OpenSSL();
-    }
-    return default_UI_meth;
-}
-
-const UI_METHOD *UI_get_method(UI *ui)
-{
-    return ui->meth;
-}
-
-const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth)
-{
-    ui->meth = meth;
-    return ui->meth;
-}
-
-UI_METHOD *UI_create_method(char *name)
-{
-    UI_METHOD *ui_method = (UI_METHOD *)OPENSSL_malloc(sizeof(UI_METHOD));
-
-    if (ui_method) {
-        memset(ui_method, 0, sizeof(*ui_method));
-        ui_method->name = BUF_strdup(name);
-    }
-    return ui_method;
-}
-
-/*
- * BIG FSCKING WARNING!!!! If you use this on a statically allocated method
- * (that is, it hasn't been allocated using UI_create_method(), you deserve
- * anything Murphy can throw at you and more! You have been warned.
- */
-void UI_destroy_method(UI_METHOD *ui_method)
-{
-    OPENSSL_free(ui_method->name);
-    ui_method->name = NULL;
-    OPENSSL_free(ui_method);
-}
-
-int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui))
-{
-    if (method) {
-        method->ui_open_session = opener;
-        return 0;
-    } else
-        return -1;
-}
-
-int UI_method_set_writer(UI_METHOD *method,
-                         int (*writer) (UI *ui, UI_STRING *uis))
-{
-    if (method) {
-        method->ui_write_string = writer;
-        return 0;
-    } else
-        return -1;
-}
-
-int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui))
-{
-    if (method) {
-        method->ui_flush = flusher;
-        return 0;
-    } else
-        return -1;
-}
-
-int UI_method_set_reader(UI_METHOD *method,
-                         int (*reader) (UI *ui, UI_STRING *uis))
-{
-    if (method) {
-        method->ui_read_string = reader;
-        return 0;
-    } else
-        return -1;
-}
-
-int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui))
-{
-    if (method) {
-        method->ui_close_session = closer;
-        return 0;
-    } else
-        return -1;
-}
-
-int UI_method_set_prompt_constructor(UI_METHOD *method,
-                                     char *(*prompt_constructor) (UI *ui,
-                                                                  const char
-                                                                  *object_desc,
-                                                                  const char
-                                                                  *object_name))
-{
-    if (method) {
-        method->ui_construct_prompt = prompt_constructor;
-        return 0;
-    } else
-        return -1;
-}
-
-int (*UI_method_get_opener(UI_METHOD *method)) (UI *) {
-    if (method)
-        return method->ui_open_session;
-    else
-        return NULL;
-}
-
-int (*UI_method_get_writer(UI_METHOD *method)) (UI *, UI_STRING *) {
-    if (method)
-        return method->ui_write_string;
-    else
-        return NULL;
-}
-
-int (*UI_method_get_flusher(UI_METHOD *method)) (UI *) {
-    if (method)
-        return method->ui_flush;
-    else
-        return NULL;
-}
-
-int (*UI_method_get_reader(UI_METHOD *method)) (UI *, UI_STRING *) {
-    if (method)
-        return method->ui_read_string;
-    else
-        return NULL;
-}
-
-int (*UI_method_get_closer(UI_METHOD *method)) (UI *) {
-    if (method)
-        return method->ui_close_session;
-    else
-        return NULL;
-}
-
-char *(*UI_method_get_prompt_constructor(UI_METHOD *method)) (UI *,
-                                                              const char *,
-                                                              const char *) {
-    if (method)
-        return method->ui_construct_prompt;
-    else
-        return NULL;
-}
-
-enum UI_string_types UI_get_string_type(UI_STRING *uis)
-{
-    if (!uis)
-        return UIT_NONE;
-    return uis->type;
-}
-
-int UI_get_input_flags(UI_STRING *uis)
-{
-    if (!uis)
-        return 0;
-    return uis->input_flags;
-}
-
-const char *UI_get0_output_string(UI_STRING *uis)
-{
-    if (!uis)
-        return NULL;
-    return uis->out_string;
-}
-
-const char *UI_get0_action_string(UI_STRING *uis)
-{
-    if (!uis)
-        return NULL;
-    switch (uis->type) {
-    case UIT_PROMPT:
-    case UIT_BOOLEAN:
-        return uis->_.boolean_data.action_desc;
-    default:
-        return NULL;
-    }
-}
-
-const char *UI_get0_result_string(UI_STRING *uis)
-{
-    if (!uis)
-        return NULL;
-    switch (uis->type) {
-    case UIT_PROMPT:
-    case UIT_VERIFY:
-        return uis->result_buf;
-    default:
-        return NULL;
-    }
-}
-
-const char *UI_get0_test_string(UI_STRING *uis)
-{
-    if (!uis)
-        return NULL;
-    switch (uis->type) {
-    case UIT_VERIFY:
-        return uis->_.string_data.test_buf;
-    default:
-        return NULL;
-    }
-}
-
-int UI_get_result_minsize(UI_STRING *uis)
-{
-    if (!uis)
-        return -1;
-    switch (uis->type) {
-    case UIT_PROMPT:
-    case UIT_VERIFY:
-        return uis->_.string_data.result_minsize;
-    default:
-        return -1;
-    }
-}
-
-int UI_get_result_maxsize(UI_STRING *uis)
-{
-    if (!uis)
-        return -1;
-    switch (uis->type) {
-    case UIT_PROMPT:
-    case UIT_VERIFY:
-        return uis->_.string_data.result_maxsize;
-    default:
-        return -1;
-    }
-}
-
-int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
-{
-    int l = strlen(result);
-
-    ui->flags &= ~UI_FLAG_REDOABLE;
-
-    if (!uis)
-        return -1;
-    switch (uis->type) {
-    case UIT_PROMPT:
-    case UIT_VERIFY:
-        {
-            char number1[DECIMAL_SIZE(uis->_.string_data.result_minsize) + 1];
-            char number2[DECIMAL_SIZE(uis->_.string_data.result_maxsize) + 1];
-
-            BIO_snprintf(number1, sizeof(number1), "%d",
-                         uis->_.string_data.result_minsize);
-            BIO_snprintf(number2, sizeof(number2), "%d",
-                         uis->_.string_data.result_maxsize);
-
-            if (l < uis->_.string_data.result_minsize) {
-                ui->flags |= UI_FLAG_REDOABLE;
-                UIerr(UI_F_UI_SET_RESULT, UI_R_RESULT_TOO_SMALL);
-                ERR_add_error_data(5, "You must type in ",
-                                   number1, " to ", number2, " characters");
-                return -1;
-            }
-            if (l > uis->_.string_data.result_maxsize) {
-                ui->flags |= UI_FLAG_REDOABLE;
-                UIerr(UI_F_UI_SET_RESULT, UI_R_RESULT_TOO_LARGE);
-                ERR_add_error_data(5, "You must type in ",
-                                   number1, " to ", number2, " characters");
-                return -1;
-            }
-        }
-
-        if (!uis->result_buf) {
-            UIerr(UI_F_UI_SET_RESULT, UI_R_NO_RESULT_BUFFER);
-            return -1;
-        }
-
-        BUF_strlcpy(uis->result_buf, result,
-                    uis->_.string_data.result_maxsize + 1);
-        break;
-    case UIT_BOOLEAN:
-        {
-            const char *p;
-
-            if (!uis->result_buf) {
-                UIerr(UI_F_UI_SET_RESULT, UI_R_NO_RESULT_BUFFER);
-                return -1;
-            }
-
-            uis->result_buf[0] = '\0';
-            for (p = result; *p; p++) {
-                if (strchr(uis->_.boolean_data.ok_chars, *p)) {
-                    uis->result_buf[0] = uis->_.boolean_data.ok_chars[0];
-                    break;
-                }
-                if (strchr(uis->_.boolean_data.cancel_chars, *p)) {
-                    uis->result_buf[0] = uis->_.boolean_data.cancel_chars[0];
-                    break;
-                }
-            }
-        }
-    default:
-        break;
-    }
-    return 0;
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/ui/ui_lib.c (from rev 11605, vendor-crypto/openssl/dist/crypto/ui/ui_lib.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/ui/ui_lib.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/ui/ui_lib.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,870 @@
+/* crypto/ui/ui_lib.c */
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include "cryptlib.h"
+#include <openssl/e_os2.h>
+#include <openssl/buffer.h>
+#include <openssl/ui.h>
+#include <openssl/err.h>
+#include "ui_locl.h"
+
+IMPLEMENT_STACK_OF(UI_STRING_ST)
+
+static const UI_METHOD *default_UI_meth = NULL;
+
+UI *UI_new(void)
+{
+    return (UI_new_method(NULL));
+}
+
+UI *UI_new_method(const UI_METHOD *method)
+{
+    UI *ret;
+
+    ret = (UI *)OPENSSL_malloc(sizeof(UI));
+    if (ret == NULL) {
+        UIerr(UI_F_UI_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    if (method == NULL)
+        ret->meth = UI_get_default_method();
+    else
+        ret->meth = method;
+
+    ret->strings = NULL;
+    ret->user_data = NULL;
+    ret->flags = 0;
+    CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data);
+    return ret;
+}
+
+static void free_string(UI_STRING *uis)
+{
+    if (uis->flags & OUT_STRING_FREEABLE) {
+        OPENSSL_free((char *)uis->out_string);
+        switch (uis->type) {
+        case UIT_BOOLEAN:
+            OPENSSL_free((char *)uis->_.boolean_data.action_desc);
+            OPENSSL_free((char *)uis->_.boolean_data.ok_chars);
+            OPENSSL_free((char *)uis->_.boolean_data.cancel_chars);
+            break;
+        default:
+            break;
+        }
+    }
+    OPENSSL_free(uis);
+}
+
+void UI_free(UI *ui)
+{
+    if (ui == NULL)
+        return;
+    sk_UI_STRING_pop_free(ui->strings, free_string);
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI, ui, &ui->ex_data);
+    OPENSSL_free(ui);
+}
+
+static int allocate_string_stack(UI *ui)
+{
+    if (ui->strings == NULL) {
+        ui->strings = sk_UI_STRING_new_null();
+        if (ui->strings == NULL) {
+            return -1;
+        }
+    }
+    return 0;
+}
+
+static UI_STRING *general_allocate_prompt(UI *ui, const char *prompt,
+                                          int prompt_freeable,
+                                          enum UI_string_types type,
+                                          int input_flags, char *result_buf)
+{
+    UI_STRING *ret = NULL;
+
+    if (prompt == NULL) {
+        UIerr(UI_F_GENERAL_ALLOCATE_PROMPT, ERR_R_PASSED_NULL_PARAMETER);
+    } else if ((type == UIT_PROMPT || type == UIT_VERIFY
+                || type == UIT_BOOLEAN) && result_buf == NULL) {
+        UIerr(UI_F_GENERAL_ALLOCATE_PROMPT, UI_R_NO_RESULT_BUFFER);
+    } else if ((ret = (UI_STRING *)OPENSSL_malloc(sizeof(UI_STRING)))) {
+        ret->out_string = prompt;
+        ret->flags = prompt_freeable ? OUT_STRING_FREEABLE : 0;
+        ret->input_flags = input_flags;
+        ret->type = type;
+        ret->result_buf = result_buf;
+    }
+    return ret;
+}
+
+static int general_allocate_string(UI *ui, const char *prompt,
+                                   int prompt_freeable,
+                                   enum UI_string_types type, int input_flags,
+                                   char *result_buf, int minsize, int maxsize,
+                                   const char *test_buf)
+{
+    int ret = -1;
+    UI_STRING *s = general_allocate_prompt(ui, prompt, prompt_freeable,
+                                           type, input_flags, result_buf);
+
+    if (s) {
+        if (allocate_string_stack(ui) >= 0) {
+            s->_.string_data.result_minsize = minsize;
+            s->_.string_data.result_maxsize = maxsize;
+            s->_.string_data.test_buf = test_buf;
+            ret = sk_UI_STRING_push(ui->strings, s);
+            /* sk_push() returns 0 on error.  Let's addapt that */
+            if (ret <= 0)
+                ret--;
+        } else
+            free_string(s);
+    }
+    return ret;
+}
+
+static int general_allocate_boolean(UI *ui,
+                                    const char *prompt,
+                                    const char *action_desc,
+                                    const char *ok_chars,
+                                    const char *cancel_chars,
+                                    int prompt_freeable,
+                                    enum UI_string_types type,
+                                    int input_flags, char *result_buf)
+{
+    int ret = -1;
+    UI_STRING *s;
+    const char *p;
+
+    if (ok_chars == NULL) {
+        UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN, ERR_R_PASSED_NULL_PARAMETER);
+    } else if (cancel_chars == NULL) {
+        UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN, ERR_R_PASSED_NULL_PARAMETER);
+    } else {
+        for (p = ok_chars; *p; p++) {
+            if (strchr(cancel_chars, *p)) {
+                UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,
+                      UI_R_COMMON_OK_AND_CANCEL_CHARACTERS);
+            }
+        }
+
+        s = general_allocate_prompt(ui, prompt, prompt_freeable,
+                                    type, input_flags, result_buf);
+
+        if (s) {
+            if (allocate_string_stack(ui) >= 0) {
+                s->_.boolean_data.action_desc = action_desc;
+                s->_.boolean_data.ok_chars = ok_chars;
+                s->_.boolean_data.cancel_chars = cancel_chars;
+                ret = sk_UI_STRING_push(ui->strings, s);
+                /*
+                 * sk_push() returns 0 on error. Let's addapt that
+                 */
+                if (ret <= 0)
+                    ret--;
+            } else
+                free_string(s);
+        }
+    }
+    return ret;
+}
+
+/*
+ * Returns the index to the place in the stack or -1 for error.  Uses a
+ * direct reference to the prompt.
+ */
+int UI_add_input_string(UI *ui, const char *prompt, int flags,
+                        char *result_buf, int minsize, int maxsize)
+{
+    return general_allocate_string(ui, prompt, 0,
+                                   UIT_PROMPT, flags, result_buf, minsize,
+                                   maxsize, NULL);
+}
+
+/* Same as UI_add_input_string(), excepts it takes a copy of the prompt */
+int UI_dup_input_string(UI *ui, const char *prompt, int flags,
+                        char *result_buf, int minsize, int maxsize)
+{
+    char *prompt_copy = NULL;
+
+    if (prompt) {
+        prompt_copy = BUF_strdup(prompt);
+        if (prompt_copy == NULL) {
+            UIerr(UI_F_UI_DUP_INPUT_STRING, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+
+    return general_allocate_string(ui, prompt_copy, 1,
+                                   UIT_PROMPT, flags, result_buf, minsize,
+                                   maxsize, NULL);
+}
+
+int UI_add_verify_string(UI *ui, const char *prompt, int flags,
+                         char *result_buf, int minsize, int maxsize,
+                         const char *test_buf)
+{
+    return general_allocate_string(ui, prompt, 0,
+                                   UIT_VERIFY, flags, result_buf, minsize,
+                                   maxsize, test_buf);
+}
+
+int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
+                         char *result_buf, int minsize, int maxsize,
+                         const char *test_buf)
+{
+    char *prompt_copy = NULL;
+
+    if (prompt) {
+        prompt_copy = BUF_strdup(prompt);
+        if (prompt_copy == NULL) {
+            UIerr(UI_F_UI_DUP_VERIFY_STRING, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+    }
+
+    return general_allocate_string(ui, prompt_copy, 1,
+                                   UIT_VERIFY, flags, result_buf, minsize,
+                                   maxsize, test_buf);
+}
+
+int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+                         const char *ok_chars, const char *cancel_chars,
+                         int flags, char *result_buf)
+{
+    return general_allocate_boolean(ui, prompt, action_desc,
+                                    ok_chars, cancel_chars, 0, UIT_BOOLEAN,
+                                    flags, result_buf);
+}
+
+int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+                         const char *ok_chars, const char *cancel_chars,
+                         int flags, char *result_buf)
+{
+    char *prompt_copy = NULL;
+    char *action_desc_copy = NULL;
+    char *ok_chars_copy = NULL;
+    char *cancel_chars_copy = NULL;
+
+    if (prompt) {
+        prompt_copy = BUF_strdup(prompt);
+        if (prompt_copy == NULL) {
+            UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    if (action_desc) {
+        action_desc_copy = BUF_strdup(action_desc);
+        if (action_desc_copy == NULL) {
+            UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    if (ok_chars) {
+        ok_chars_copy = BUF_strdup(ok_chars);
+        if (ok_chars_copy == NULL) {
+            UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    if (cancel_chars) {
+        cancel_chars_copy = BUF_strdup(cancel_chars);
+        if (cancel_chars_copy == NULL) {
+            UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    return general_allocate_boolean(ui, prompt_copy, action_desc_copy,
+                                    ok_chars_copy, cancel_chars_copy, 1,
+                                    UIT_BOOLEAN, flags, result_buf);
+ err:
+    if (prompt_copy)
+        OPENSSL_free(prompt_copy);
+    if (action_desc_copy)
+        OPENSSL_free(action_desc_copy);
+    if (ok_chars_copy)
+        OPENSSL_free(ok_chars_copy);
+    if (cancel_chars_copy)
+        OPENSSL_free(cancel_chars_copy);
+    return -1;
+}
+
+int UI_add_info_string(UI *ui, const char *text)
+{
+    return general_allocate_string(ui, text, 0, UIT_INFO, 0, NULL, 0, 0,
+                                   NULL);
+}
+
+int UI_dup_info_string(UI *ui, const char *text)
+{
+    char *text_copy = NULL;
+
+    if (text) {
+        text_copy = BUF_strdup(text);
+        if (text_copy == NULL) {
+            UIerr(UI_F_UI_DUP_INFO_STRING, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+    }
+
+    return general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL,
+                                   0, 0, NULL);
+}
+
+int UI_add_error_string(UI *ui, const char *text)
+{
+    return general_allocate_string(ui, text, 0, UIT_ERROR, 0, NULL, 0, 0,
+                                   NULL);
+}
+
+int UI_dup_error_string(UI *ui, const char *text)
+{
+    char *text_copy = NULL;
+
+    if (text) {
+        text_copy = BUF_strdup(text);
+        if (text_copy == NULL) {
+            UIerr(UI_F_UI_DUP_ERROR_STRING, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+    }
+    return general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL,
+                                   0, 0, NULL);
+}
+
+char *UI_construct_prompt(UI *ui, const char *object_desc,
+                          const char *object_name)
+{
+    char *prompt = NULL;
+
+    if (ui->meth->ui_construct_prompt)
+        prompt = ui->meth->ui_construct_prompt(ui, object_desc, object_name);
+    else {
+        char prompt1[] = "Enter ";
+        char prompt2[] = " for ";
+        char prompt3[] = ":";
+        int len = 0;
+
+        if (object_desc == NULL)
+            return NULL;
+        len = sizeof(prompt1) - 1 + strlen(object_desc);
+        if (object_name)
+            len += sizeof(prompt2) - 1 + strlen(object_name);
+        len += sizeof(prompt3) - 1;
+
+        prompt = (char *)OPENSSL_malloc(len + 1);
+        BUF_strlcpy(prompt, prompt1, len + 1);
+        BUF_strlcat(prompt, object_desc, len + 1);
+        if (object_name) {
+            BUF_strlcat(prompt, prompt2, len + 1);
+            BUF_strlcat(prompt, object_name, len + 1);
+        }
+        BUF_strlcat(prompt, prompt3, len + 1);
+    }
+    return prompt;
+}
+
+void *UI_add_user_data(UI *ui, void *user_data)
+{
+    void *old_data = ui->user_data;
+    ui->user_data = user_data;
+    return old_data;
+}
+
+void *UI_get0_user_data(UI *ui)
+{
+    return ui->user_data;
+}
+
+const char *UI_get0_result(UI *ui, int i)
+{
+    if (i < 0) {
+        UIerr(UI_F_UI_GET0_RESULT, UI_R_INDEX_TOO_SMALL);
+        return NULL;
+    }
+    if (i >= sk_UI_STRING_num(ui->strings)) {
+        UIerr(UI_F_UI_GET0_RESULT, UI_R_INDEX_TOO_LARGE);
+        return NULL;
+    }
+    return UI_get0_result_string(sk_UI_STRING_value(ui->strings, i));
+}
+
+static int print_error(const char *str, size_t len, UI *ui)
+{
+    UI_STRING uis;
+
+    memset(&uis, 0, sizeof(uis));
+    uis.type = UIT_ERROR;
+    uis.out_string = str;
+
+    if (ui->meth->ui_write_string && !ui->meth->ui_write_string(ui, &uis))
+        return -1;
+    return 0;
+}
+
+int UI_process(UI *ui)
+{
+    int i, ok = 0;
+
+    if (ui->meth->ui_open_session && !ui->meth->ui_open_session(ui))
+        return -1;
+
+    if (ui->flags & UI_FLAG_PRINT_ERRORS)
+        ERR_print_errors_cb((int (*)(const char *, size_t, void *))
+                            print_error, (void *)ui);
+
+    for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) {
+        if (ui->meth->ui_write_string
+            && !ui->meth->ui_write_string(ui,
+                                          sk_UI_STRING_value(ui->strings, i)))
+        {
+            ok = -1;
+            goto err;
+        }
+    }
+
+    if (ui->meth->ui_flush)
+        switch (ui->meth->ui_flush(ui)) {
+        case -1:               /* Interrupt/Cancel/something... */
+            ok = -2;
+            goto err;
+        case 0:                /* Errors */
+            ok = -1;
+            goto err;
+        default:               /* Success */
+            ok = 0;
+            break;
+        }
+
+    for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) {
+        if (ui->meth->ui_read_string) {
+            switch (ui->meth->ui_read_string(ui,
+                                             sk_UI_STRING_value(ui->strings,
+                                                                i))) {
+            case -1:           /* Interrupt/Cancel/something... */
+                ok = -2;
+                goto err;
+            case 0:            /* Errors */
+                ok = -1;
+                goto err;
+            default:           /* Success */
+                ok = 0;
+                break;
+            }
+        }
+    }
+ err:
+    if (ui->meth->ui_close_session && !ui->meth->ui_close_session(ui))
+        return -1;
+    return ok;
+}
+
+int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void))
+{
+    if (ui == NULL) {
+        UIerr(UI_F_UI_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+        return -1;
+    }
+    switch (cmd) {
+    case UI_CTRL_PRINT_ERRORS:
+        {
+            int save_flag = ! !(ui->flags & UI_FLAG_PRINT_ERRORS);
+            if (i)
+                ui->flags |= UI_FLAG_PRINT_ERRORS;
+            else
+                ui->flags &= ~UI_FLAG_PRINT_ERRORS;
+            return save_flag;
+        }
+    case UI_CTRL_IS_REDOABLE:
+        return ! !(ui->flags & UI_FLAG_REDOABLE);
+    default:
+        break;
+    }
+    UIerr(UI_F_UI_CTRL, UI_R_UNKNOWN_CONTROL_COMMAND);
+    return -1;
+}
+
+int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+                        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+{
+    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, argl, argp,
+                                   new_func, dup_func, free_func);
+}
+
+int UI_set_ex_data(UI *r, int idx, void *arg)
+{
+    return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
+}
+
+void *UI_get_ex_data(UI *r, int idx)
+{
+    return (CRYPTO_get_ex_data(&r->ex_data, idx));
+}
+
+void UI_set_default_method(const UI_METHOD *meth)
+{
+    default_UI_meth = meth;
+}
+
+const UI_METHOD *UI_get_default_method(void)
+{
+    if (default_UI_meth == NULL) {
+        default_UI_meth = UI_OpenSSL();
+    }
+    return default_UI_meth;
+}
+
+const UI_METHOD *UI_get_method(UI *ui)
+{
+    return ui->meth;
+}
+
+const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth)
+{
+    ui->meth = meth;
+    return ui->meth;
+}
+
+UI_METHOD *UI_create_method(char *name)
+{
+    UI_METHOD *ui_method = (UI_METHOD *)OPENSSL_malloc(sizeof(UI_METHOD));
+
+    if (ui_method) {
+        memset(ui_method, 0, sizeof(*ui_method));
+        ui_method->name = BUF_strdup(name);
+    }
+    return ui_method;
+}
+
+/*
+ * BIG FSCKING WARNING!!!! If you use this on a statically allocated method
+ * (that is, it hasn't been allocated using UI_create_method(), you deserve
+ * anything Murphy can throw at you and more! You have been warned.
+ */
+void UI_destroy_method(UI_METHOD *ui_method)
+{
+    OPENSSL_free(ui_method->name);
+    ui_method->name = NULL;
+    OPENSSL_free(ui_method);
+}
+
+int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui))
+{
+    if (method) {
+        method->ui_open_session = opener;
+        return 0;
+    } else
+        return -1;
+}
+
+int UI_method_set_writer(UI_METHOD *method,
+                         int (*writer) (UI *ui, UI_STRING *uis))
+{
+    if (method) {
+        method->ui_write_string = writer;
+        return 0;
+    } else
+        return -1;
+}
+
+int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui))
+{
+    if (method) {
+        method->ui_flush = flusher;
+        return 0;
+    } else
+        return -1;
+}
+
+int UI_method_set_reader(UI_METHOD *method,
+                         int (*reader) (UI *ui, UI_STRING *uis))
+{
+    if (method) {
+        method->ui_read_string = reader;
+        return 0;
+    } else
+        return -1;
+}
+
+int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui))
+{
+    if (method) {
+        method->ui_close_session = closer;
+        return 0;
+    } else
+        return -1;
+}
+
+int UI_method_set_prompt_constructor(UI_METHOD *method,
+                                     char *(*prompt_constructor) (UI *ui,
+                                                                  const char
+                                                                  *object_desc,
+                                                                  const char
+                                                                  *object_name))
+{
+    if (method) {
+        method->ui_construct_prompt = prompt_constructor;
+        return 0;
+    } else
+        return -1;
+}
+
+int (*UI_method_get_opener(UI_METHOD *method)) (UI *) {
+    if (method)
+        return method->ui_open_session;
+    else
+        return NULL;
+}
+
+int (*UI_method_get_writer(UI_METHOD *method)) (UI *, UI_STRING *) {
+    if (method)
+        return method->ui_write_string;
+    else
+        return NULL;
+}
+
+int (*UI_method_get_flusher(UI_METHOD *method)) (UI *) {
+    if (method)
+        return method->ui_flush;
+    else
+        return NULL;
+}
+
+int (*UI_method_get_reader(UI_METHOD *method)) (UI *, UI_STRING *) {
+    if (method)
+        return method->ui_read_string;
+    else
+        return NULL;
+}
+
+int (*UI_method_get_closer(UI_METHOD *method)) (UI *) {
+    if (method)
+        return method->ui_close_session;
+    else
+        return NULL;
+}
+
+char *(*UI_method_get_prompt_constructor(UI_METHOD *method)) (UI *,
+                                                              const char *,
+                                                              const char *) {
+    if (method)
+        return method->ui_construct_prompt;
+    else
+        return NULL;
+}
+
+enum UI_string_types UI_get_string_type(UI_STRING *uis)
+{
+    if (!uis)
+        return UIT_NONE;
+    return uis->type;
+}
+
+int UI_get_input_flags(UI_STRING *uis)
+{
+    if (!uis)
+        return 0;
+    return uis->input_flags;
+}
+
+const char *UI_get0_output_string(UI_STRING *uis)
+{
+    if (!uis)
+        return NULL;
+    return uis->out_string;
+}
+
+const char *UI_get0_action_string(UI_STRING *uis)
+{
+    if (!uis)
+        return NULL;
+    switch (uis->type) {
+    case UIT_PROMPT:
+    case UIT_BOOLEAN:
+        return uis->_.boolean_data.action_desc;
+    default:
+        return NULL;
+    }
+}
+
+const char *UI_get0_result_string(UI_STRING *uis)
+{
+    if (!uis)
+        return NULL;
+    switch (uis->type) {
+    case UIT_PROMPT:
+    case UIT_VERIFY:
+        return uis->result_buf;
+    default:
+        return NULL;
+    }
+}
+
+const char *UI_get0_test_string(UI_STRING *uis)
+{
+    if (!uis)
+        return NULL;
+    switch (uis->type) {
+    case UIT_VERIFY:
+        return uis->_.string_data.test_buf;
+    default:
+        return NULL;
+    }
+}
+
+int UI_get_result_minsize(UI_STRING *uis)
+{
+    if (!uis)
+        return -1;
+    switch (uis->type) {
+    case UIT_PROMPT:
+    case UIT_VERIFY:
+        return uis->_.string_data.result_minsize;
+    default:
+        return -1;
+    }
+}
+
+int UI_get_result_maxsize(UI_STRING *uis)
+{
+    if (!uis)
+        return -1;
+    switch (uis->type) {
+    case UIT_PROMPT:
+    case UIT_VERIFY:
+        return uis->_.string_data.result_maxsize;
+    default:
+        return -1;
+    }
+}
+
+int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
+{
+    int l = strlen(result);
+
+    ui->flags &= ~UI_FLAG_REDOABLE;
+
+    if (!uis)
+        return -1;
+    switch (uis->type) {
+    case UIT_PROMPT:
+    case UIT_VERIFY:
+        {
+            char number1[DECIMAL_SIZE(uis->_.string_data.result_minsize) + 1];
+            char number2[DECIMAL_SIZE(uis->_.string_data.result_maxsize) + 1];
+
+            BIO_snprintf(number1, sizeof(number1), "%d",
+                         uis->_.string_data.result_minsize);
+            BIO_snprintf(number2, sizeof(number2), "%d",
+                         uis->_.string_data.result_maxsize);
+
+            if (l < uis->_.string_data.result_minsize) {
+                ui->flags |= UI_FLAG_REDOABLE;
+                UIerr(UI_F_UI_SET_RESULT, UI_R_RESULT_TOO_SMALL);
+                ERR_add_error_data(5, "You must type in ",
+                                   number1, " to ", number2, " characters");
+                return -1;
+            }
+            if (l > uis->_.string_data.result_maxsize) {
+                ui->flags |= UI_FLAG_REDOABLE;
+                UIerr(UI_F_UI_SET_RESULT, UI_R_RESULT_TOO_LARGE);
+                ERR_add_error_data(5, "You must type in ",
+                                   number1, " to ", number2, " characters");
+                return -1;
+            }
+        }
+
+        if (!uis->result_buf) {
+            UIerr(UI_F_UI_SET_RESULT, UI_R_NO_RESULT_BUFFER);
+            return -1;
+        }
+
+        BUF_strlcpy(uis->result_buf, result,
+                    uis->_.string_data.result_maxsize + 1);
+        break;
+    case UIT_BOOLEAN:
+        {
+            const char *p;
+
+            if (!uis->result_buf) {
+                UIerr(UI_F_UI_SET_RESULT, UI_R_NO_RESULT_BUFFER);
+                return -1;
+            }
+
+            uis->result_buf[0] = '\0';
+            for (p = result; *p; p++) {
+                if (strchr(uis->_.boolean_data.ok_chars, *p)) {
+                    uis->result_buf[0] = uis->_.boolean_data.ok_chars[0];
+                    break;
+                }
+                if (strchr(uis->_.boolean_data.cancel_chars, *p)) {
+                    uis->result_buf[0] = uis->_.boolean_data.cancel_chars[0];
+                    break;
+                }
+            }
+        }
+    default:
+        break;
+    }
+    return 0;
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/ui/ui_locl.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/ui/ui_locl.h	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/ui/ui_locl.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,145 +0,0 @@
-/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
-/*
- * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
- * 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_UI_LOCL_H
-# define HEADER_UI_LOCL_H
-
-# include <openssl/ui.h>
-# include <openssl/crypto.h>
-
-# ifdef _
-#  undef _
-# endif
-
-struct ui_method_st {
-    char *name;
-    /*
-     * All the functions return 1 or non-NULL for success and 0 or NULL for
-     * failure
-     */
-    /*
-     * Open whatever channel for this, be it the console, an X window or
-     * whatever. This function should use the ex_data structure to save
-     * intermediate data.
-     */
-    int (*ui_open_session) (UI *ui);
-    int (*ui_write_string) (UI *ui, UI_STRING *uis);
-    /*
-     * Flush the output.  If a GUI dialog box is used, this function can be
-     * used to actually display it.
-     */
-    int (*ui_flush) (UI *ui);
-    int (*ui_read_string) (UI *ui, UI_STRING *uis);
-    int (*ui_close_session) (UI *ui);
-    /*
-     * Construct a prompt in a user-defined manner.  object_desc is a textual
-     * short description of the object, for example "pass phrase", and
-     * object_name is the name of the object (might be a card name or a file
-     * name. The returned string shall always be allocated on the heap with
-     * OPENSSL_malloc(), and need to be free'd with OPENSSL_free().
-     */
-    char *(*ui_construct_prompt) (UI *ui, const char *object_desc,
-                                  const char *object_name);
-};
-
-struct ui_string_st {
-    enum UI_string_types type;  /* Input */
-    const char *out_string;     /* Input */
-    int input_flags;            /* Flags from the user */
-    /*
-     * The following parameters are completely irrelevant for UIT_INFO, and
-     * can therefore be set to 0 or NULL
-     */
-    char *result_buf;           /* Input and Output: If not NULL,
-                                 * user-defined with size in result_maxsize.
-                                 * Otherwise, it may be allocated by the UI
-                                 * routine, meaning result_minsize is going
-                                 * to be overwritten. */
-    union {
-        struct {
-            int result_minsize; /* Input: minimum required size of the
-                                 * result. */
-            int result_maxsize; /* Input: maximum permitted size of the
-                                 * result */
-            const char *test_buf; /* Input: test string to verify against */
-        } string_data;
-        struct {
-            const char *action_desc; /* Input */
-            const char *ok_chars; /* Input */
-            const char *cancel_chars; /* Input */
-        } boolean_data;
-    } _;
-
-# define OUT_STRING_FREEABLE 0x01
-    int flags;                  /* flags for internal use */
-};
-
-struct ui_st {
-    const UI_METHOD *meth;
-    STACK_OF(UI_STRING) *strings; /* We might want to prompt for more than
-                                   * one thing at a time, and with different
-                                   * echoing status.  */
-    void *user_data;
-    CRYPTO_EX_DATA ex_data;
-# define UI_FLAG_REDOABLE        0x0001
-# define UI_FLAG_PRINT_ERRORS    0x0100
-    int flags;
-};
-
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/ui/ui_locl.h (from rev 11605, vendor-crypto/openssl/dist/crypto/ui/ui_locl.h)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/ui/ui_locl.h	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/ui/ui_locl.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,145 @@
+/* crypto/ui/ui.h */
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_UI_LOCL_H
+# define HEADER_UI_LOCL_H
+
+# include <openssl/ui.h>
+# include <openssl/crypto.h>
+
+# ifdef _
+#  undef _
+# endif
+
+struct ui_method_st {
+    char *name;
+    /*
+     * All the functions return 1 or non-NULL for success and 0 or NULL for
+     * failure
+     */
+    /*
+     * Open whatever channel for this, be it the console, an X window or
+     * whatever. This function should use the ex_data structure to save
+     * intermediate data.
+     */
+    int (*ui_open_session) (UI *ui);
+    int (*ui_write_string) (UI *ui, UI_STRING *uis);
+    /*
+     * Flush the output.  If a GUI dialog box is used, this function can be
+     * used to actually display it.
+     */
+    int (*ui_flush) (UI *ui);
+    int (*ui_read_string) (UI *ui, UI_STRING *uis);
+    int (*ui_close_session) (UI *ui);
+    /*
+     * Construct a prompt in a user-defined manner.  object_desc is a textual
+     * short description of the object, for example "pass phrase", and
+     * object_name is the name of the object (might be a card name or a file
+     * name. The returned string shall always be allocated on the heap with
+     * OPENSSL_malloc(), and need to be free'd with OPENSSL_free().
+     */
+    char *(*ui_construct_prompt) (UI *ui, const char *object_desc,
+                                  const char *object_name);
+};
+
+struct ui_string_st {
+    enum UI_string_types type;  /* Input */
+    const char *out_string;     /* Input */
+    int input_flags;            /* Flags from the user */
+    /*
+     * The following parameters are completely irrelevant for UIT_INFO, and
+     * can therefore be set to 0 or NULL
+     */
+    char *result_buf;           /* Input and Output: If not NULL,
+                                 * user-defined with size in result_maxsize.
+                                 * Otherwise, it may be allocated by the UI
+                                 * routine, meaning result_minsize is going
+                                 * to be overwritten. */
+    union {
+        struct {
+            int result_minsize; /* Input: minimum required size of the
+                                 * result. */
+            int result_maxsize; /* Input: maximum permitted size of the
+                                 * result */
+            const char *test_buf; /* Input: test string to verify against */
+        } string_data;
+        struct {
+            const char *action_desc; /* Input */
+            const char *ok_chars; /* Input */
+            const char *cancel_chars; /* Input */
+        } boolean_data;
+    } _;
+
+# define OUT_STRING_FREEABLE 0x01
+    int flags;                  /* flags for internal use */
+};
+
+struct ui_st {
+    const UI_METHOD *meth;
+    STACK_OF(UI_STRING) *strings; /* We might want to prompt for more than
+                                   * one thing at a time, and with different
+                                   * echoing status.  */
+    void *user_data;
+    CRYPTO_EX_DATA ex_data;
+# define UI_FLAG_REDOABLE        0x0001
+# define UI_FLAG_PRINT_ERRORS    0x0100
+    int flags;
+};
+
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/ui/ui_openssl.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ui/ui_openssl.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/ui/ui_openssl.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,717 +0,0 @@
-/* crypto/ui/ui_openssl.c -*- mode:C; c-file-style: "eay" -*- */
-/*
- * Written by Richard Levitte (richard at levitte.org) and others for the
- * OpenSSL project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/*-
- * The lowest level part of this file was previously in crypto/des/read_pwd.c,
- * Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/e_os2.h>
-
-/*
- * need for #define _POSIX_C_SOURCE arises whenever you pass -ansi to gcc
- * [maybe others?], because it masks interfaces not discussed in standard,
- * sigaction and fileno included. -pedantic would be more appropriate for the
- * intended purposes, but we can't prevent users from adding -ansi.
- */
-#if defined(OPENSSL_SYSNAME_VXWORKS)
-# include <sys/types.h>
-#endif
-
-#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
-# ifndef _POSIX_C_SOURCE
-#  define _POSIX_C_SOURCE 2
-# endif
-#endif
-#include <signal.h>
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-
-#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS)
-# ifdef OPENSSL_UNISTD
-#  include OPENSSL_UNISTD
-# else
-#  include <unistd.h>
-# endif
-/*
- * If unistd.h defines _POSIX_VERSION, we conclude that we are on a POSIX
- * system and have sigaction and termios.
- */
-# if defined(_POSIX_VERSION)
-
-#  define SIGACTION
-#  if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)
-#   define TERMIOS
-#  endif
-
-# endif
-#endif
-
-#ifdef WIN16TTY
-# undef OPENSSL_SYS_WIN16
-# undef WIN16
-# undef _WINDOWS
-# include <graph.h>
-#endif
-
-/* 06-Apr-92 Luke Brennan    Support for VMS */
-#include "ui_locl.h"
-#include "cryptlib.h"
-
-#ifdef OPENSSL_SYS_VMS          /* prototypes for sys$whatever */
-# include <starlet.h>
-# ifdef __DECC
-#  pragma message disable DOLLARID
-# endif
-#endif
-
-#ifdef WIN_CONSOLE_BUG
-# include <windows.h>
-# ifndef OPENSSL_SYS_WINCE
-#  include <wincon.h>
-# endif
-#endif
-
-/*
- * There are 5 types of terminal interface supported, TERMIO, TERMIOS, VMS,
- * MSDOS and SGTTY.
- *
- * If someone defines one of the macros TERMIO, TERMIOS or SGTTY, it will
- * remain respected.  Otherwise, we default to TERMIOS except for a few
- * systems that require something different.
- *
- * Note: we do not use SGTTY unless it's defined by the configuration.  We
- * may eventually opt to remove it's use entirely.
- */
-
-#if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)
-
-# if defined(_LIBC)
-#  undef  TERMIOS
-#  define TERMIO
-#  undef  SGTTY
-/*
- * We know that VMS, MSDOS, VXWORKS, NETWARE use entirely other mechanisms.
- * MAC_OS_GUSI_SOURCE should probably go away, but that needs to be confirmed.
- */
-# elif !defined(OPENSSL_SYS_VMS) \
-	&& !defined(OPENSSL_SYS_MSDOS) \
-	&& !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) \
-	&& !defined(MAC_OS_GUSI_SOURCE) \
-	&& !defined(OPENSSL_SYS_VXWORKS) \
-	&& !defined(OPENSSL_SYS_NETWARE)
-#  define TERMIOS
-#  undef  TERMIO
-#  undef  SGTTY
-# endif
-
-#endif
-
-#ifdef TERMIOS
-# include <termios.h>
-# define TTY_STRUCT             struct termios
-# define TTY_FLAGS              c_lflag
-# define TTY_get(tty,data)      tcgetattr(tty,data)
-# define TTY_set(tty,data)      tcsetattr(tty,TCSANOW,data)
-#endif
-
-#ifdef TERMIO
-# include <termio.h>
-# define TTY_STRUCT             struct termio
-# define TTY_FLAGS              c_lflag
-# define TTY_get(tty,data)      ioctl(tty,TCGETA,data)
-# define TTY_set(tty,data)      ioctl(tty,TCSETA,data)
-#endif
-
-#ifdef SGTTY
-# include <sgtty.h>
-# define TTY_STRUCT             struct sgttyb
-# define TTY_FLAGS              sg_flags
-# define TTY_get(tty,data)      ioctl(tty,TIOCGETP,data)
-# define TTY_set(tty,data)      ioctl(tty,TIOCSETP,data)
-#endif
-
-#if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_SUNOS)
-# include <sys/ioctl.h>
-#endif
-
-#ifdef OPENSSL_SYS_MSDOS
-# include <conio.h>
-#endif
-
-#ifdef OPENSSL_SYS_VMS
-# include <ssdef.h>
-# include <iodef.h>
-# include <ttdef.h>
-# include <descrip.h>
-struct IOSB {
-    short iosb$w_value;
-    short iosb$w_count;
-    long iosb$l_info;
-};
-#endif
-
-#ifdef OPENSSL_SYS_SUNOS
-typedef int sig_atomic_t;
-#endif
-
-#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(MAC_OS_GUSI_SOURCE) || defined(OPENSSL_SYS_NETWARE)
-/*
- * This one needs work. As a matter of fact the code is unoperational
- * and this is only a trick to get it compiled.
- *                                      <appro at fy.chalmers.se>
- */
-# define TTY_STRUCT int
-#endif
-
-#ifndef NX509_SIG
-# define NX509_SIG 32
-#endif
-
-/* Define globals.  They are protected by a lock */
-#ifdef SIGACTION
-static struct sigaction savsig[NX509_SIG];
-#else
-static void (*savsig[NX509_SIG]) (int);
-#endif
-
-#ifdef OPENSSL_SYS_VMS
-static struct IOSB iosb;
-static $DESCRIPTOR(terminal, "TT");
-static long tty_orig[3], tty_new[3]; /* XXX Is there any guarantee that this
-                                      * will always suffice for the actual
-                                      * structures? */
-static long status;
-static unsigned short channel = 0;
-#else
-# if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
-static TTY_STRUCT tty_orig, tty_new;
-# endif
-#endif
-static FILE *tty_in, *tty_out;
-static int is_a_tty;
-
-/* Declare static functions */
-#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
-static int read_till_nl(FILE *);
-static void recsig(int);
-static void pushsig(void);
-static void popsig(void);
-#endif
-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16)
-static int noecho_fgets(char *buf, int size, FILE *tty);
-#endif
-static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl);
-
-static int read_string(UI *ui, UI_STRING *uis);
-static int write_string(UI *ui, UI_STRING *uis);
-
-static int open_console(UI *ui);
-static int echo_console(UI *ui);
-static int noecho_console(UI *ui);
-static int close_console(UI *ui);
-
-static UI_METHOD ui_openssl = {
-    "OpenSSL default user interface",
-    open_console,
-    write_string,
-    NULL,                       /* No flusher is needed for command lines */
-    read_string,
-    close_console,
-    NULL
-};
-
-/* The method with all the built-in thingies */
-UI_METHOD *UI_OpenSSL(void)
-{
-    return &ui_openssl;
-}
-
-/*
- * The following function makes sure that info and error strings are printed
- * before any prompt.
- */
-static int write_string(UI *ui, UI_STRING *uis)
-{
-    switch (UI_get_string_type(uis)) {
-    case UIT_ERROR:
-    case UIT_INFO:
-        fputs(UI_get0_output_string(uis), tty_out);
-        fflush(tty_out);
-        break;
-    default:
-        break;
-    }
-    return 1;
-}
-
-static int read_string(UI *ui, UI_STRING *uis)
-{
-    int ok = 0;
-
-    switch (UI_get_string_type(uis)) {
-    case UIT_BOOLEAN:
-        fputs(UI_get0_output_string(uis), tty_out);
-        fputs(UI_get0_action_string(uis), tty_out);
-        fflush(tty_out);
-        return read_string_inner(ui, uis,
-                                 UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO,
-                                 0);
-    case UIT_PROMPT:
-        fputs(UI_get0_output_string(uis), tty_out);
-        fflush(tty_out);
-        return read_string_inner(ui, uis,
-                                 UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO,
-                                 1);
-    case UIT_VERIFY:
-        fprintf(tty_out, "Verifying - %s", UI_get0_output_string(uis));
-        fflush(tty_out);
-        if ((ok = read_string_inner(ui, uis,
-                                    UI_get_input_flags(uis) &
-                                    UI_INPUT_FLAG_ECHO, 1)) <= 0)
-            return ok;
-        if (strcmp(UI_get0_result_string(uis), UI_get0_test_string(uis)) != 0) {
-            fprintf(tty_out, "Verify failure\n");
-            fflush(tty_out);
-            return 0;
-        }
-        break;
-    default:
-        break;
-    }
-    return 1;
-}
-
-#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
-/* Internal functions to read a string without echoing */
-static int read_till_nl(FILE *in)
-{
-# define SIZE 4
-    char buf[SIZE + 1];
-
-    do {
-        if (!fgets(buf, SIZE, in))
-            return 0;
-    } while (strchr(buf, '\n') == NULL);
-    return 1;
-}
-
-static volatile sig_atomic_t intr_signal;
-#endif
-
-static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)
-{
-    static int ps;
-    int ok;
-    char result[BUFSIZ];
-    int maxsize = BUFSIZ - 1;
-#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
-    char *p;
-
-    intr_signal = 0;
-    ok = 0;
-    ps = 0;
-
-    pushsig();
-    ps = 1;
-
-    if (!echo && !noecho_console(ui))
-        goto error;
-    ps = 2;
-
-    result[0] = '\0';
-# ifdef OPENSSL_SYS_MSDOS
-    if (!echo) {
-        noecho_fgets(result, maxsize, tty_in);
-        p = result;             /* FIXME: noecho_fgets doesn't return errors */
-    } else
-        p = fgets(result, maxsize, tty_in);
-# else
-    p = fgets(result, maxsize, tty_in);
-# endif
-    if (!p)
-        goto error;
-    if (feof(tty_in))
-        goto error;
-    if (ferror(tty_in))
-        goto error;
-    if ((p = (char *)strchr(result, '\n')) != NULL) {
-        if (strip_nl)
-            *p = '\0';
-    } else if (!read_till_nl(tty_in))
-        goto error;
-    if (UI_set_result(ui, uis, result) >= 0)
-        ok = 1;
-
- error:
-    if (intr_signal == SIGINT)
-        ok = -1;
-    if (!echo)
-        fprintf(tty_out, "\n");
-    if (ps >= 2 && !echo && !echo_console(ui))
-        ok = 0;
-
-    if (ps >= 1)
-        popsig();
-#else
-    ok = 1;
-#endif
-
-    OPENSSL_cleanse(result, BUFSIZ);
-    return ok;
-}
-
-/* Internal functions to open, handle and close a channel to the console.  */
-static int open_console(UI *ui)
-{
-    CRYPTO_w_lock(CRYPTO_LOCK_UI);
-    is_a_tty = 1;
-
-#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS)
-    tty_in = stdin;
-    tty_out = stderr;
-#else
-# ifdef OPENSSL_SYS_MSDOS
-#  define DEV_TTY "con"
-# else
-#  define DEV_TTY "/dev/tty"
-# endif
-    if ((tty_in = fopen(DEV_TTY, "r")) == NULL)
-        tty_in = stdin;
-    if ((tty_out = fopen(DEV_TTY, "w")) == NULL)
-        tty_out = stderr;
-#endif
-
-#if defined(TTY_get) && !defined(OPENSSL_SYS_VMS)
-    if (TTY_get(fileno(tty_in), &tty_orig) == -1) {
-# ifdef ENOTTY
-        if (errno == ENOTTY)
-            is_a_tty = 0;
-        else
-# endif
-# ifdef EINVAL
-            /*
-             * Ariel Glenn ariel at columbia.edu reports that solaris can return
-             * EINVAL instead.  This should be ok
-             */
-        if (errno == EINVAL)
-            is_a_tty = 0;
-        else
-# endif
-            return 0;
-    }
-#endif
-#ifdef OPENSSL_SYS_VMS
-    status = sys$assign(&terminal, &channel, 0, 0);
-    if (status != SS$_NORMAL)
-        return 0;
-    status =
-        sys$qiow(0, channel, IO$_SENSEMODE, &iosb, 0, 0, tty_orig, 12, 0, 0,
-                 0, 0);
-    if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
-        return 0;
-#endif
-    return 1;
-}
-
-static int noecho_console(UI *ui)
-{
-#ifdef TTY_FLAGS
-    memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig));
-    tty_new.TTY_FLAGS &= ~ECHO;
-#endif
-
-#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
-    if (is_a_tty && (TTY_set(fileno(tty_in), &tty_new) == -1))
-        return 0;
-#endif
-#ifdef OPENSSL_SYS_VMS
-    tty_new[0] = tty_orig[0];
-    tty_new[1] = tty_orig[1] | TT$M_NOECHO;
-    tty_new[2] = tty_orig[2];
-    status =
-        sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12, 0, 0, 0,
-                 0);
-    if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
-        return 0;
-#endif
-    return 1;
-}
-
-static int echo_console(UI *ui)
-{
-#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
-    memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig));
-    tty_new.TTY_FLAGS |= ECHO;
-#endif
-
-#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
-    if (is_a_tty && (TTY_set(fileno(tty_in), &tty_new) == -1))
-        return 0;
-#endif
-#ifdef OPENSSL_SYS_VMS
-    tty_new[0] = tty_orig[0];
-    tty_new[1] = tty_orig[1] & ~TT$M_NOECHO;
-    tty_new[2] = tty_orig[2];
-    status =
-        sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12, 0, 0, 0,
-                 0);
-    if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
-        return 0;
-#endif
-    return 1;
-}
-
-static int close_console(UI *ui)
-{
-    if (tty_in != stdin)
-        fclose(tty_in);
-    if (tty_out != stderr)
-        fclose(tty_out);
-#ifdef OPENSSL_SYS_VMS
-    status = sys$dassgn(channel);
-#endif
-    CRYPTO_w_unlock(CRYPTO_LOCK_UI);
-
-    return 1;
-}
-
-#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
-/* Internal functions to handle signals and act on them */
-static void pushsig(void)
-{
-# ifndef OPENSSL_SYS_WIN32
-    int i;
-# endif
-# ifdef SIGACTION
-    struct sigaction sa;
-
-    memset(&sa, 0, sizeof sa);
-    sa.sa_handler = recsig;
-# endif
-
-# ifdef OPENSSL_SYS_WIN32
-    savsig[SIGABRT] = signal(SIGABRT, recsig);
-    savsig[SIGFPE] = signal(SIGFPE, recsig);
-    savsig[SIGILL] = signal(SIGILL, recsig);
-    savsig[SIGINT] = signal(SIGINT, recsig);
-    savsig[SIGSEGV] = signal(SIGSEGV, recsig);
-    savsig[SIGTERM] = signal(SIGTERM, recsig);
-# else
-    for (i = 1; i < NX509_SIG; i++) {
-#  ifdef SIGUSR1
-        if (i == SIGUSR1)
-            continue;
-#  endif
-#  ifdef SIGUSR2
-        if (i == SIGUSR2)
-            continue;
-#  endif
-#  ifdef SIGKILL
-        if (i == SIGKILL)       /* We can't make any action on that. */
-            continue;
-#  endif
-#  ifdef SIGACTION
-        sigaction(i, &sa, &savsig[i]);
-#  else
-        savsig[i] = signal(i, recsig);
-#  endif
-    }
-# endif
-
-# ifdef SIGWINCH
-    signal(SIGWINCH, SIG_DFL);
-# endif
-}
-
-static void popsig(void)
-{
-# ifdef OPENSSL_SYS_WIN32
-    signal(SIGABRT, savsig[SIGABRT]);
-    signal(SIGFPE, savsig[SIGFPE]);
-    signal(SIGILL, savsig[SIGILL]);
-    signal(SIGINT, savsig[SIGINT]);
-    signal(SIGSEGV, savsig[SIGSEGV]);
-    signal(SIGTERM, savsig[SIGTERM]);
-# else
-    int i;
-    for (i = 1; i < NX509_SIG; i++) {
-#  ifdef SIGUSR1
-        if (i == SIGUSR1)
-            continue;
-#  endif
-#  ifdef SIGUSR2
-        if (i == SIGUSR2)
-            continue;
-#  endif
-#  ifdef SIGACTION
-        sigaction(i, &savsig[i], NULL);
-#  else
-        signal(i, savsig[i]);
-#  endif
-    }
-# endif
-}
-
-static void recsig(int i)
-{
-    intr_signal = i;
-}
-#endif
-
-/* Internal functions specific for Windows */
-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
-static int noecho_fgets(char *buf, int size, FILE *tty)
-{
-    int i;
-    char *p;
-
-    p = buf;
-    for (;;) {
-        if (size == 0) {
-            *p = '\0';
-            break;
-        }
-        size--;
-# ifdef WIN16TTY
-        i = _inchar();
-# elif defined(_WIN32)
-        i = _getch();
-# else
-        i = getch();
-# endif
-        if (i == '\r')
-            i = '\n';
-        *(p++) = i;
-        if (i == '\n') {
-            *p = '\0';
-            break;
-        }
-    }
-# ifdef WIN_CONSOLE_BUG
-    /*
-     * Win95 has several evil console bugs: one of these is that the last
-     * character read using getch() is passed to the next read: this is
-     * usually a CR so this can be trouble. No STDIO fix seems to work but
-     * flushing the console appears to do the trick.
-     */
-    {
-        HANDLE inh;
-        inh = GetStdHandle(STD_INPUT_HANDLE);
-        FlushConsoleInputBuffer(inh);
-    }
-# endif
-    return (strlen(buf));
-}
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/ui/ui_openssl.c (from rev 11605, vendor-crypto/openssl/dist/crypto/ui/ui_openssl.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/ui/ui_openssl.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/ui/ui_openssl.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,717 @@
+/* crypto/ui/ui_openssl.c */
+/*
+ * Written by Richard Levitte (richard at levitte.org) and others for the
+ * OpenSSL project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*-
+ * The lowest level part of this file was previously in crypto/des/read_pwd.c,
+ * Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/e_os2.h>
+
+/*
+ * need for #define _POSIX_C_SOURCE arises whenever you pass -ansi to gcc
+ * [maybe others?], because it masks interfaces not discussed in standard,
+ * sigaction and fileno included. -pedantic would be more appropriate for the
+ * intended purposes, but we can't prevent users from adding -ansi.
+ */
+#if defined(OPENSSL_SYSNAME_VXWORKS)
+# include <sys/types.h>
+#endif
+
+#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
+# ifndef _POSIX_C_SOURCE
+#  define _POSIX_C_SOURCE 2
+# endif
+#endif
+#include <signal.h>
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+
+#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS)
+# ifdef OPENSSL_UNISTD
+#  include OPENSSL_UNISTD
+# else
+#  include <unistd.h>
+# endif
+/*
+ * If unistd.h defines _POSIX_VERSION, we conclude that we are on a POSIX
+ * system and have sigaction and termios.
+ */
+# if defined(_POSIX_VERSION)
+
+#  define SIGACTION
+#  if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)
+#   define TERMIOS
+#  endif
+
+# endif
+#endif
+
+#ifdef WIN16TTY
+# undef OPENSSL_SYS_WIN16
+# undef WIN16
+# undef _WINDOWS
+# include <graph.h>
+#endif
+
+/* 06-Apr-92 Luke Brennan    Support for VMS */
+#include "ui_locl.h"
+#include "cryptlib.h"
+
+#ifdef OPENSSL_SYS_VMS          /* prototypes for sys$whatever */
+# include <starlet.h>
+# ifdef __DECC
+#  pragma message disable DOLLARID
+# endif
+#endif
+
+#ifdef WIN_CONSOLE_BUG
+# include <windows.h>
+# ifndef OPENSSL_SYS_WINCE
+#  include <wincon.h>
+# endif
+#endif
+
+/*
+ * There are 5 types of terminal interface supported, TERMIO, TERMIOS, VMS,
+ * MSDOS and SGTTY.
+ *
+ * If someone defines one of the macros TERMIO, TERMIOS or SGTTY, it will
+ * remain respected.  Otherwise, we default to TERMIOS except for a few
+ * systems that require something different.
+ *
+ * Note: we do not use SGTTY unless it's defined by the configuration.  We
+ * may eventually opt to remove it's use entirely.
+ */
+
+#if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)
+
+# if defined(_LIBC)
+#  undef  TERMIOS
+#  define TERMIO
+#  undef  SGTTY
+/*
+ * We know that VMS, MSDOS, VXWORKS, NETWARE use entirely other mechanisms.
+ * MAC_OS_GUSI_SOURCE should probably go away, but that needs to be confirmed.
+ */
+# elif !defined(OPENSSL_SYS_VMS) \
+	&& !defined(OPENSSL_SYS_MSDOS) \
+	&& !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) \
+	&& !defined(MAC_OS_GUSI_SOURCE) \
+	&& !defined(OPENSSL_SYS_VXWORKS) \
+	&& !defined(OPENSSL_SYS_NETWARE)
+#  define TERMIOS
+#  undef  TERMIO
+#  undef  SGTTY
+# endif
+
+#endif
+
+#ifdef TERMIOS
+# include <termios.h>
+# define TTY_STRUCT             struct termios
+# define TTY_FLAGS              c_lflag
+# define TTY_get(tty,data)      tcgetattr(tty,data)
+# define TTY_set(tty,data)      tcsetattr(tty,TCSANOW,data)
+#endif
+
+#ifdef TERMIO
+# include <termio.h>
+# define TTY_STRUCT             struct termio
+# define TTY_FLAGS              c_lflag
+# define TTY_get(tty,data)      ioctl(tty,TCGETA,data)
+# define TTY_set(tty,data)      ioctl(tty,TCSETA,data)
+#endif
+
+#ifdef SGTTY
+# include <sgtty.h>
+# define TTY_STRUCT             struct sgttyb
+# define TTY_FLAGS              sg_flags
+# define TTY_get(tty,data)      ioctl(tty,TIOCGETP,data)
+# define TTY_set(tty,data)      ioctl(tty,TIOCSETP,data)
+#endif
+
+#if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_SUNOS)
+# include <sys/ioctl.h>
+#endif
+
+#ifdef OPENSSL_SYS_MSDOS
+# include <conio.h>
+#endif
+
+#ifdef OPENSSL_SYS_VMS
+# include <ssdef.h>
+# include <iodef.h>
+# include <ttdef.h>
+# include <descrip.h>
+struct IOSB {
+    short iosb$w_value;
+    short iosb$w_count;
+    long iosb$l_info;
+};
+#endif
+
+#ifdef OPENSSL_SYS_SUNOS
+typedef int sig_atomic_t;
+#endif
+
+#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(MAC_OS_GUSI_SOURCE) || defined(OPENSSL_SYS_NETWARE)
+/*
+ * This one needs work. As a matter of fact the code is unoperational
+ * and this is only a trick to get it compiled.
+ *                                      <appro at fy.chalmers.se>
+ */
+# define TTY_STRUCT int
+#endif
+
+#ifndef NX509_SIG
+# define NX509_SIG 32
+#endif
+
+/* Define globals.  They are protected by a lock */
+#ifdef SIGACTION
+static struct sigaction savsig[NX509_SIG];
+#else
+static void (*savsig[NX509_SIG]) (int);
+#endif
+
+#ifdef OPENSSL_SYS_VMS
+static struct IOSB iosb;
+static $DESCRIPTOR(terminal, "TT");
+static long tty_orig[3], tty_new[3]; /* XXX Is there any guarantee that this
+                                      * will always suffice for the actual
+                                      * structures? */
+static long status;
+static unsigned short channel = 0;
+#else
+# if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
+static TTY_STRUCT tty_orig, tty_new;
+# endif
+#endif
+static FILE *tty_in, *tty_out;
+static int is_a_tty;
+
+/* Declare static functions */
+#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
+static int read_till_nl(FILE *);
+static void recsig(int);
+static void pushsig(void);
+static void popsig(void);
+#endif
+#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16)
+static int noecho_fgets(char *buf, int size, FILE *tty);
+#endif
+static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl);
+
+static int read_string(UI *ui, UI_STRING *uis);
+static int write_string(UI *ui, UI_STRING *uis);
+
+static int open_console(UI *ui);
+static int echo_console(UI *ui);
+static int noecho_console(UI *ui);
+static int close_console(UI *ui);
+
+static UI_METHOD ui_openssl = {
+    "OpenSSL default user interface",
+    open_console,
+    write_string,
+    NULL,                       /* No flusher is needed for command lines */
+    read_string,
+    close_console,
+    NULL
+};
+
+/* The method with all the built-in thingies */
+UI_METHOD *UI_OpenSSL(void)
+{
+    return &ui_openssl;
+}
+
+/*
+ * The following function makes sure that info and error strings are printed
+ * before any prompt.
+ */
+static int write_string(UI *ui, UI_STRING *uis)
+{
+    switch (UI_get_string_type(uis)) {
+    case UIT_ERROR:
+    case UIT_INFO:
+        fputs(UI_get0_output_string(uis), tty_out);
+        fflush(tty_out);
+        break;
+    default:
+        break;
+    }
+    return 1;
+}
+
+static int read_string(UI *ui, UI_STRING *uis)
+{
+    int ok = 0;
+
+    switch (UI_get_string_type(uis)) {
+    case UIT_BOOLEAN:
+        fputs(UI_get0_output_string(uis), tty_out);
+        fputs(UI_get0_action_string(uis), tty_out);
+        fflush(tty_out);
+        return read_string_inner(ui, uis,
+                                 UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO,
+                                 0);
+    case UIT_PROMPT:
+        fputs(UI_get0_output_string(uis), tty_out);
+        fflush(tty_out);
+        return read_string_inner(ui, uis,
+                                 UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO,
+                                 1);
+    case UIT_VERIFY:
+        fprintf(tty_out, "Verifying - %s", UI_get0_output_string(uis));
+        fflush(tty_out);
+        if ((ok = read_string_inner(ui, uis,
+                                    UI_get_input_flags(uis) &
+                                    UI_INPUT_FLAG_ECHO, 1)) <= 0)
+            return ok;
+        if (strcmp(UI_get0_result_string(uis), UI_get0_test_string(uis)) != 0) {
+            fprintf(tty_out, "Verify failure\n");
+            fflush(tty_out);
+            return 0;
+        }
+        break;
+    default:
+        break;
+    }
+    return 1;
+}
+
+#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
+/* Internal functions to read a string without echoing */
+static int read_till_nl(FILE *in)
+{
+# define SIZE 4
+    char buf[SIZE + 1];
+
+    do {
+        if (!fgets(buf, SIZE, in))
+            return 0;
+    } while (strchr(buf, '\n') == NULL);
+    return 1;
+}
+
+static volatile sig_atomic_t intr_signal;
+#endif
+
+static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)
+{
+    static int ps;
+    int ok;
+    char result[BUFSIZ];
+    int maxsize = BUFSIZ - 1;
+#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
+    char *p;
+
+    intr_signal = 0;
+    ok = 0;
+    ps = 0;
+
+    pushsig();
+    ps = 1;
+
+    if (!echo && !noecho_console(ui))
+        goto error;
+    ps = 2;
+
+    result[0] = '\0';
+# ifdef OPENSSL_SYS_MSDOS
+    if (!echo) {
+        noecho_fgets(result, maxsize, tty_in);
+        p = result;             /* FIXME: noecho_fgets doesn't return errors */
+    } else
+        p = fgets(result, maxsize, tty_in);
+# else
+    p = fgets(result, maxsize, tty_in);
+# endif
+    if (!p)
+        goto error;
+    if (feof(tty_in))
+        goto error;
+    if (ferror(tty_in))
+        goto error;
+    if ((p = (char *)strchr(result, '\n')) != NULL) {
+        if (strip_nl)
+            *p = '\0';
+    } else if (!read_till_nl(tty_in))
+        goto error;
+    if (UI_set_result(ui, uis, result) >= 0)
+        ok = 1;
+
+ error:
+    if (intr_signal == SIGINT)
+        ok = -1;
+    if (!echo)
+        fprintf(tty_out, "\n");
+    if (ps >= 2 && !echo && !echo_console(ui))
+        ok = 0;
+
+    if (ps >= 1)
+        popsig();
+#else
+    ok = 1;
+#endif
+
+    OPENSSL_cleanse(result, BUFSIZ);
+    return ok;
+}
+
+/* Internal functions to open, handle and close a channel to the console.  */
+static int open_console(UI *ui)
+{
+    CRYPTO_w_lock(CRYPTO_LOCK_UI);
+    is_a_tty = 1;
+
+#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS)
+    tty_in = stdin;
+    tty_out = stderr;
+#else
+# ifdef OPENSSL_SYS_MSDOS
+#  define DEV_TTY "con"
+# else
+#  define DEV_TTY "/dev/tty"
+# endif
+    if ((tty_in = fopen(DEV_TTY, "r")) == NULL)
+        tty_in = stdin;
+    if ((tty_out = fopen(DEV_TTY, "w")) == NULL)
+        tty_out = stderr;
+#endif
+
+#if defined(TTY_get) && !defined(OPENSSL_SYS_VMS)
+    if (TTY_get(fileno(tty_in), &tty_orig) == -1) {
+# ifdef ENOTTY
+        if (errno == ENOTTY)
+            is_a_tty = 0;
+        else
+# endif
+# ifdef EINVAL
+            /*
+             * Ariel Glenn ariel at columbia.edu reports that solaris can return
+             * EINVAL instead.  This should be ok
+             */
+        if (errno == EINVAL)
+            is_a_tty = 0;
+        else
+# endif
+            return 0;
+    }
+#endif
+#ifdef OPENSSL_SYS_VMS
+    status = sys$assign(&terminal, &channel, 0, 0);
+    if (status != SS$_NORMAL)
+        return 0;
+    status =
+        sys$qiow(0, channel, IO$_SENSEMODE, &iosb, 0, 0, tty_orig, 12, 0, 0,
+                 0, 0);
+    if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+        return 0;
+#endif
+    return 1;
+}
+
+static int noecho_console(UI *ui)
+{
+#ifdef TTY_FLAGS
+    memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig));
+    tty_new.TTY_FLAGS &= ~ECHO;
+#endif
+
+#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
+    if (is_a_tty && (TTY_set(fileno(tty_in), &tty_new) == -1))
+        return 0;
+#endif
+#ifdef OPENSSL_SYS_VMS
+    tty_new[0] = tty_orig[0];
+    tty_new[1] = tty_orig[1] | TT$M_NOECHO;
+    tty_new[2] = tty_orig[2];
+    status =
+        sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12, 0, 0, 0,
+                 0);
+    if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+        return 0;
+#endif
+    return 1;
+}
+
+static int echo_console(UI *ui)
+{
+#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
+    memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig));
+    tty_new.TTY_FLAGS |= ECHO;
+#endif
+
+#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
+    if (is_a_tty && (TTY_set(fileno(tty_in), &tty_new) == -1))
+        return 0;
+#endif
+#ifdef OPENSSL_SYS_VMS
+    tty_new[0] = tty_orig[0];
+    tty_new[1] = tty_orig[1] & ~TT$M_NOECHO;
+    tty_new[2] = tty_orig[2];
+    status =
+        sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12, 0, 0, 0,
+                 0);
+    if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+        return 0;
+#endif
+    return 1;
+}
+
+static int close_console(UI *ui)
+{
+    if (tty_in != stdin)
+        fclose(tty_in);
+    if (tty_out != stderr)
+        fclose(tty_out);
+#ifdef OPENSSL_SYS_VMS
+    status = sys$dassgn(channel);
+#endif
+    CRYPTO_w_unlock(CRYPTO_LOCK_UI);
+
+    return 1;
+}
+
+#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
+/* Internal functions to handle signals and act on them */
+static void pushsig(void)
+{
+# ifndef OPENSSL_SYS_WIN32
+    int i;
+# endif
+# ifdef SIGACTION
+    struct sigaction sa;
+
+    memset(&sa, 0, sizeof sa);
+    sa.sa_handler = recsig;
+# endif
+
+# ifdef OPENSSL_SYS_WIN32
+    savsig[SIGABRT] = signal(SIGABRT, recsig);
+    savsig[SIGFPE] = signal(SIGFPE, recsig);
+    savsig[SIGILL] = signal(SIGILL, recsig);
+    savsig[SIGINT] = signal(SIGINT, recsig);
+    savsig[SIGSEGV] = signal(SIGSEGV, recsig);
+    savsig[SIGTERM] = signal(SIGTERM, recsig);
+# else
+    for (i = 1; i < NX509_SIG; i++) {
+#  ifdef SIGUSR1
+        if (i == SIGUSR1)
+            continue;
+#  endif
+#  ifdef SIGUSR2
+        if (i == SIGUSR2)
+            continue;
+#  endif
+#  ifdef SIGKILL
+        if (i == SIGKILL)       /* We can't make any action on that. */
+            continue;
+#  endif
+#  ifdef SIGACTION
+        sigaction(i, &sa, &savsig[i]);
+#  else
+        savsig[i] = signal(i, recsig);
+#  endif
+    }
+# endif
+
+# ifdef SIGWINCH
+    signal(SIGWINCH, SIG_DFL);
+# endif
+}
+
+static void popsig(void)
+{
+# ifdef OPENSSL_SYS_WIN32
+    signal(SIGABRT, savsig[SIGABRT]);
+    signal(SIGFPE, savsig[SIGFPE]);
+    signal(SIGILL, savsig[SIGILL]);
+    signal(SIGINT, savsig[SIGINT]);
+    signal(SIGSEGV, savsig[SIGSEGV]);
+    signal(SIGTERM, savsig[SIGTERM]);
+# else
+    int i;
+    for (i = 1; i < NX509_SIG; i++) {
+#  ifdef SIGUSR1
+        if (i == SIGUSR1)
+            continue;
+#  endif
+#  ifdef SIGUSR2
+        if (i == SIGUSR2)
+            continue;
+#  endif
+#  ifdef SIGACTION
+        sigaction(i, &savsig[i], NULL);
+#  else
+        signal(i, savsig[i]);
+#  endif
+    }
+# endif
+}
+
+static void recsig(int i)
+{
+    intr_signal = i;
+}
+#endif
+
+/* Internal functions specific for Windows */
+#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
+static int noecho_fgets(char *buf, int size, FILE *tty)
+{
+    int i;
+    char *p;
+
+    p = buf;
+    for (;;) {
+        if (size == 0) {
+            *p = '\0';
+            break;
+        }
+        size--;
+# ifdef WIN16TTY
+        i = _inchar();
+# elif defined(_WIN32)
+        i = _getch();
+# else
+        i = getch();
+# endif
+        if (i == '\r')
+            i = '\n';
+        *(p++) = i;
+        if (i == '\n') {
+            *p = '\0';
+            break;
+        }
+    }
+# ifdef WIN_CONSOLE_BUG
+    /*
+     * Win95 has several evil console bugs: one of these is that the last
+     * character read using getch() is passed to the next read: this is
+     * usually a CR so this can be trouble. No STDIO fix seems to work but
+     * flushing the console appears to do the trick.
+     */
+    {
+        HANDLE inh;
+        inh = GetStdHandle(STD_INPUT_HANDLE);
+        FlushConsoleInputBuffer(inh);
+    }
+# endif
+    return (strlen(buf));
+}
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/ui/ui_util.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ui/ui_util.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/ui/ui_util.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,93 +0,0 @@
-/* crypto/ui/ui_util.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include "ui_locl.h"
-
-int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,
-                           int verify)
-{
-    char buff[BUFSIZ];
-    int ret;
-
-    ret =
-        UI_UTIL_read_pw(buf, buff, (length > BUFSIZ) ? BUFSIZ : length,
-                        prompt, verify);
-    OPENSSL_cleanse(buff, BUFSIZ);
-    return (ret);
-}
-
-int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt,
-                    int verify)
-{
-    int ok = 0;
-    UI *ui;
-
-    if (size < 1)
-        return -1;
-
-    ui = UI_new();
-    if (ui) {
-        ok = UI_add_input_string(ui, prompt, 0, buf, 0, size - 1);
-        if (ok >= 0 && verify)
-            ok = UI_add_verify_string(ui, prompt, 0, buff, 0, size - 1, buf);
-        if (ok >= 0)
-            ok = UI_process(ui);
-        UI_free(ui);
-    }
-    if (ok > 0)
-        ok = 0;
-    return (ok);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/ui/ui_util.c (from rev 11605, vendor-crypto/openssl/dist/crypto/ui/ui_util.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/ui/ui_util.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/ui/ui_util.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,93 @@
+/* crypto/ui/ui_util.c */
+/* ====================================================================
+ * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include "ui_locl.h"
+
+int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,
+                           int verify)
+{
+    char buff[BUFSIZ];
+    int ret;
+
+    ret =
+        UI_UTIL_read_pw(buf, buff, (length > BUFSIZ) ? BUFSIZ : length,
+                        prompt, verify);
+    OPENSSL_cleanse(buff, BUFSIZ);
+    return (ret);
+}
+
+int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt,
+                    int verify)
+{
+    int ok = 0;
+    UI *ui;
+
+    if (size < 1)
+        return -1;
+
+    ui = UI_new();
+    if (ui) {
+        ok = UI_add_input_string(ui, prompt, 0, buf, 0, size - 1);
+        if (ok >= 0 && verify)
+            ok = UI_add_verify_string(ui, prompt, 0, buff, 0, size - 1, buf);
+        if (ok >= 0)
+            ok = UI_process(ui);
+        UI_free(ui);
+    }
+    if (ok > 0)
+        ok = 0;
+    return (ok);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/whrlpool/wp_dgst.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/whrlpool/wp_dgst.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/whrlpool/wp_dgst.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,257 +0,0 @@
-/**
- * The Whirlpool hashing function.
- *
- * <P>
- * <b>References</b>
- *
- * <P>
- * The Whirlpool algorithm was developed by
- * <a href="mailto:pbarreto at scopus.com.br">Paulo S. L. M. Barreto</a> and
- * <a href="mailto:vincent.rijmen at cryptomathic.com">Vincent Rijmen</a>.
- *
- * See
- *      P.S.L.M. Barreto, V. Rijmen,
- *      ``The Whirlpool hashing function,''
- *      NESSIE submission, 2000 (tweaked version, 2001),
- *      <https://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/whirlpool.zip>
- *
- * Based on "@version 3.0 (2003.03.12)" by Paulo S.L.M. Barreto and
- * Vincent Rijmen. Lookup "reference implementations" on
- * <http://planeta.terra.com.br/informatica/paulobarreto/>
- *
- * =============================================================================
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
- * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
- * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
- * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-/*
- * OpenSSL-specific implementation notes.
- *
- * WHIRLPOOL_Update as well as one-stroke WHIRLPOOL both expect
- * number of *bytes* as input length argument. Bit-oriented routine
- * as specified by authors is called WHIRLPOOL_BitUpdate[!] and
- * does not have one-stroke counterpart.
- *
- * WHIRLPOOL_BitUpdate implements byte-oriented loop, essentially
- * to serve WHIRLPOOL_Update. This is done for performance.
- *
- * Unlike authors' reference implementation, block processing
- * routine whirlpool_block is designed to operate on multi-block
- * input. This is done for perfomance.
- */
-
-#include "wp_locl.h"
-#include <openssl/crypto.h>
-#include <string.h>
-
-fips_md_init(WHIRLPOOL)
-{
-    memset(c, 0, sizeof(*c));
-    return (1);
-}
-
-int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *_inp, size_t bytes)
-{
-    /*
-     * Well, largest suitable chunk size actually is
-     * (1<<(sizeof(size_t)*8-3))-64, but below number is large enough for not
-     * to care about excessive calls to WHIRLPOOL_BitUpdate...
-     */
-    size_t chunk = ((size_t)1) << (sizeof(size_t) * 8 - 4);
-    const unsigned char *inp = _inp;
-
-    while (bytes >= chunk) {
-        WHIRLPOOL_BitUpdate(c, inp, chunk * 8);
-        bytes -= chunk;
-        inp += chunk;
-    }
-    if (bytes)
-        WHIRLPOOL_BitUpdate(c, inp, bytes * 8);
-
-    return (1);
-}
-
-void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits)
-{
-    size_t n;
-    unsigned int bitoff = c->bitoff,
-        bitrem = bitoff % 8, inpgap = (8 - (unsigned int)bits % 8) & 7;
-    const unsigned char *inp = _inp;
-
-    /*
-     * This 256-bit increment procedure relies on the size_t being natural
-     * size of CPU register, so that we don't have to mask the value in order
-     * to detect overflows.
-     */
-    c->bitlen[0] += bits;
-    if (c->bitlen[0] < bits) {  /* overflow */
-        n = 1;
-        do {
-            c->bitlen[n]++;
-        } while (c->bitlen[n] == 0
-                 && ++n < (WHIRLPOOL_COUNTER / sizeof(size_t)));
-    }
-#ifndef OPENSSL_SMALL_FOOTPRINT
- reconsider:
-    if (inpgap == 0 && bitrem == 0) { /* byte-oriented loop */
-        while (bits) {
-            if (bitoff == 0 && (n = bits / WHIRLPOOL_BBLOCK)) {
-                whirlpool_block(c, inp, n);
-                inp += n * WHIRLPOOL_BBLOCK / 8;
-                bits %= WHIRLPOOL_BBLOCK;
-            } else {
-                unsigned int byteoff = bitoff / 8;
-
-                bitrem = WHIRLPOOL_BBLOCK - bitoff; /* re-use bitrem */
-                if (bits >= bitrem) {
-                    bits -= bitrem;
-                    bitrem /= 8;
-                    memcpy(c->data + byteoff, inp, bitrem);
-                    inp += bitrem;
-                    whirlpool_block(c, c->data, 1);
-                    bitoff = 0;
-                } else {
-                    memcpy(c->data + byteoff, inp, bits / 8);
-                    bitoff += (unsigned int)bits;
-                    bits = 0;
-                }
-                c->bitoff = bitoff;
-            }
-        }
-    } else                      /* bit-oriented loop */
-#endif
-    {
-        /*-
-                   inp
-                   |
-                   +-------+-------+-------
-                      |||||||||||||||||||||
-                   +-------+-------+-------
-        +-------+-------+-------+-------+-------
-        ||||||||||||||                          c->data
-        +-------+-------+-------+-------+-------
-                |
-                c->bitoff/8
-        */
-        while (bits) {
-            unsigned int byteoff = bitoff / 8;
-            unsigned char b;
-
-#ifndef OPENSSL_SMALL_FOOTPRINT
-            if (bitrem == inpgap) {
-                c->data[byteoff++] |= inp[0] & (0xff >> inpgap);
-                inpgap = 8 - inpgap;
-                bitoff += inpgap;
-                bitrem = 0;     /* bitoff%8 */
-                bits -= inpgap;
-                inpgap = 0;     /* bits%8 */
-                inp++;
-                if (bitoff == WHIRLPOOL_BBLOCK) {
-                    whirlpool_block(c, c->data, 1);
-                    bitoff = 0;
-                }
-                c->bitoff = bitoff;
-                goto reconsider;
-            } else
-#endif
-            if (bits >= 8) {
-                b = ((inp[0] << inpgap) | (inp[1] >> (8 - inpgap)));
-                b &= 0xff;
-                if (bitrem)
-                    c->data[byteoff++] |= b >> bitrem;
-                else
-                    c->data[byteoff++] = b;
-                bitoff += 8;
-                bits -= 8;
-                inp++;
-                if (bitoff >= WHIRLPOOL_BBLOCK) {
-                    whirlpool_block(c, c->data, 1);
-                    byteoff = 0;
-                    bitoff %= WHIRLPOOL_BBLOCK;
-                }
-                if (bitrem)
-                    c->data[byteoff] = b << (8 - bitrem);
-            } else {            /* remaining less than 8 bits */
-
-                b = (inp[0] << inpgap) & 0xff;
-                if (bitrem)
-                    c->data[byteoff++] |= b >> bitrem;
-                else
-                    c->data[byteoff++] = b;
-                bitoff += (unsigned int)bits;
-                if (bitoff == WHIRLPOOL_BBLOCK) {
-                    whirlpool_block(c, c->data, 1);
-                    byteoff = 0;
-                    bitoff %= WHIRLPOOL_BBLOCK;
-                }
-                if (bitrem)
-                    c->data[byteoff] = b << (8 - bitrem);
-                bits = 0;
-            }
-            c->bitoff = bitoff;
-        }
-    }
-}
-
-int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c)
-{
-    unsigned int bitoff = c->bitoff, byteoff = bitoff / 8;
-    size_t i, j, v;
-    unsigned char *p;
-
-    bitoff %= 8;
-    if (bitoff)
-        c->data[byteoff] |= 0x80 >> bitoff;
-    else
-        c->data[byteoff] = 0x80;
-    byteoff++;
-
-    /* pad with zeros */
-    if (byteoff > (WHIRLPOOL_BBLOCK / 8 - WHIRLPOOL_COUNTER)) {
-        if (byteoff < WHIRLPOOL_BBLOCK / 8)
-            memset(&c->data[byteoff], 0, WHIRLPOOL_BBLOCK / 8 - byteoff);
-        whirlpool_block(c, c->data, 1);
-        byteoff = 0;
-    }
-    if (byteoff < (WHIRLPOOL_BBLOCK / 8 - WHIRLPOOL_COUNTER))
-        memset(&c->data[byteoff], 0,
-               (WHIRLPOOL_BBLOCK / 8 - WHIRLPOOL_COUNTER) - byteoff);
-    /* smash 256-bit c->bitlen in big-endian order */
-    p = &c->data[WHIRLPOOL_BBLOCK / 8 - 1]; /* last byte in c->data */
-    for (i = 0; i < WHIRLPOOL_COUNTER / sizeof(size_t); i++)
-        for (v = c->bitlen[i], j = 0; j < sizeof(size_t); j++, v >>= 8)
-            *p-- = (unsigned char)(v & 0xff);
-
-    whirlpool_block(c, c->data, 1);
-
-    if (md) {
-        memcpy(md, c->H.c, WHIRLPOOL_DIGEST_LENGTH);
-        memset(c, 0, sizeof(*c));
-        return (1);
-    }
-    return (0);
-}
-
-unsigned char *WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md)
-{
-    WHIRLPOOL_CTX ctx;
-    static unsigned char m[WHIRLPOOL_DIGEST_LENGTH];
-
-    if (md == NULL)
-        md = m;
-    WHIRLPOOL_Init(&ctx);
-    WHIRLPOOL_Update(&ctx, inp, bytes);
-    WHIRLPOOL_Final(md, &ctx);
-    return (md);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/whrlpool/wp_dgst.c (from rev 11605, vendor-crypto/openssl/dist/crypto/whrlpool/wp_dgst.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/whrlpool/wp_dgst.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/whrlpool/wp_dgst.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,258 @@
+/**
+ * The Whirlpool hashing function.
+ *
+ * <P>
+ * <b>References</b>
+ *
+ * <P>
+ * The Whirlpool algorithm was developed by
+ * <a href="mailto:pbarreto at scopus.com.br">Paulo S. L. M. Barreto</a> and
+ * <a href="mailto:vincent.rijmen at cryptomathic.com">Vincent Rijmen</a>.
+ *
+ * See
+ *      P.S.L.M. Barreto, V. Rijmen,
+ *      ``The Whirlpool hashing function,''
+ *      NESSIE submission, 2000 (tweaked version, 2001),
+ *      <https://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/whirlpool.zip>
+ *
+ * Based on "@version 3.0 (2003.03.12)" by Paulo S.L.M. Barreto and
+ * Vincent Rijmen. Lookup "reference implementations" on
+ * <http://planeta.terra.com.br/informatica/paulobarreto/>
+ *
+ * =============================================================================
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/*
+ * OpenSSL-specific implementation notes.
+ *
+ * WHIRLPOOL_Update as well as one-stroke WHIRLPOOL both expect
+ * number of *bytes* as input length argument. Bit-oriented routine
+ * as specified by authors is called WHIRLPOOL_BitUpdate[!] and
+ * does not have one-stroke counterpart.
+ *
+ * WHIRLPOOL_BitUpdate implements byte-oriented loop, essentially
+ * to serve WHIRLPOOL_Update. This is done for performance.
+ *
+ * Unlike authors' reference implementation, block processing
+ * routine whirlpool_block is designed to operate on multi-block
+ * input. This is done for perfomance.
+ */
+
+#include <openssl/crypto.h>
+#include "wp_locl.h"
+#include <openssl/crypto.h>
+#include <string.h>
+
+fips_md_init(WHIRLPOOL)
+{
+    memset(c, 0, sizeof(*c));
+    return (1);
+}
+
+int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *_inp, size_t bytes)
+{
+    /*
+     * Well, largest suitable chunk size actually is
+     * (1<<(sizeof(size_t)*8-3))-64, but below number is large enough for not
+     * to care about excessive calls to WHIRLPOOL_BitUpdate...
+     */
+    size_t chunk = ((size_t)1) << (sizeof(size_t) * 8 - 4);
+    const unsigned char *inp = _inp;
+
+    while (bytes >= chunk) {
+        WHIRLPOOL_BitUpdate(c, inp, chunk * 8);
+        bytes -= chunk;
+        inp += chunk;
+    }
+    if (bytes)
+        WHIRLPOOL_BitUpdate(c, inp, bytes * 8);
+
+    return (1);
+}
+
+void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits)
+{
+    size_t n;
+    unsigned int bitoff = c->bitoff,
+        bitrem = bitoff % 8, inpgap = (8 - (unsigned int)bits % 8) & 7;
+    const unsigned char *inp = _inp;
+
+    /*
+     * This 256-bit increment procedure relies on the size_t being natural
+     * size of CPU register, so that we don't have to mask the value in order
+     * to detect overflows.
+     */
+    c->bitlen[0] += bits;
+    if (c->bitlen[0] < bits) {  /* overflow */
+        n = 1;
+        do {
+            c->bitlen[n]++;
+        } while (c->bitlen[n] == 0
+                 && ++n < (WHIRLPOOL_COUNTER / sizeof(size_t)));
+    }
+#ifndef OPENSSL_SMALL_FOOTPRINT
+ reconsider:
+    if (inpgap == 0 && bitrem == 0) { /* byte-oriented loop */
+        while (bits) {
+            if (bitoff == 0 && (n = bits / WHIRLPOOL_BBLOCK)) {
+                whirlpool_block(c, inp, n);
+                inp += n * WHIRLPOOL_BBLOCK / 8;
+                bits %= WHIRLPOOL_BBLOCK;
+            } else {
+                unsigned int byteoff = bitoff / 8;
+
+                bitrem = WHIRLPOOL_BBLOCK - bitoff; /* re-use bitrem */
+                if (bits >= bitrem) {
+                    bits -= bitrem;
+                    bitrem /= 8;
+                    memcpy(c->data + byteoff, inp, bitrem);
+                    inp += bitrem;
+                    whirlpool_block(c, c->data, 1);
+                    bitoff = 0;
+                } else {
+                    memcpy(c->data + byteoff, inp, bits / 8);
+                    bitoff += (unsigned int)bits;
+                    bits = 0;
+                }
+                c->bitoff = bitoff;
+            }
+        }
+    } else                      /* bit-oriented loop */
+#endif
+    {
+        /*-
+                   inp
+                   |
+                   +-------+-------+-------
+                      |||||||||||||||||||||
+                   +-------+-------+-------
+        +-------+-------+-------+-------+-------
+        ||||||||||||||                          c->data
+        +-------+-------+-------+-------+-------
+                |
+                c->bitoff/8
+        */
+        while (bits) {
+            unsigned int byteoff = bitoff / 8;
+            unsigned char b;
+
+#ifndef OPENSSL_SMALL_FOOTPRINT
+            if (bitrem == inpgap) {
+                c->data[byteoff++] |= inp[0] & (0xff >> inpgap);
+                inpgap = 8 - inpgap;
+                bitoff += inpgap;
+                bitrem = 0;     /* bitoff%8 */
+                bits -= inpgap;
+                inpgap = 0;     /* bits%8 */
+                inp++;
+                if (bitoff == WHIRLPOOL_BBLOCK) {
+                    whirlpool_block(c, c->data, 1);
+                    bitoff = 0;
+                }
+                c->bitoff = bitoff;
+                goto reconsider;
+            } else
+#endif
+            if (bits >= 8) {
+                b = ((inp[0] << inpgap) | (inp[1] >> (8 - inpgap)));
+                b &= 0xff;
+                if (bitrem)
+                    c->data[byteoff++] |= b >> bitrem;
+                else
+                    c->data[byteoff++] = b;
+                bitoff += 8;
+                bits -= 8;
+                inp++;
+                if (bitoff >= WHIRLPOOL_BBLOCK) {
+                    whirlpool_block(c, c->data, 1);
+                    byteoff = 0;
+                    bitoff %= WHIRLPOOL_BBLOCK;
+                }
+                if (bitrem)
+                    c->data[byteoff] = b << (8 - bitrem);
+            } else {            /* remaining less than 8 bits */
+
+                b = (inp[0] << inpgap) & 0xff;
+                if (bitrem)
+                    c->data[byteoff++] |= b >> bitrem;
+                else
+                    c->data[byteoff++] = b;
+                bitoff += (unsigned int)bits;
+                if (bitoff == WHIRLPOOL_BBLOCK) {
+                    whirlpool_block(c, c->data, 1);
+                    byteoff = 0;
+                    bitoff %= WHIRLPOOL_BBLOCK;
+                }
+                if (bitrem)
+                    c->data[byteoff] = b << (8 - bitrem);
+                bits = 0;
+            }
+            c->bitoff = bitoff;
+        }
+    }
+}
+
+int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c)
+{
+    unsigned int bitoff = c->bitoff, byteoff = bitoff / 8;
+    size_t i, j, v;
+    unsigned char *p;
+
+    bitoff %= 8;
+    if (bitoff)
+        c->data[byteoff] |= 0x80 >> bitoff;
+    else
+        c->data[byteoff] = 0x80;
+    byteoff++;
+
+    /* pad with zeros */
+    if (byteoff > (WHIRLPOOL_BBLOCK / 8 - WHIRLPOOL_COUNTER)) {
+        if (byteoff < WHIRLPOOL_BBLOCK / 8)
+            memset(&c->data[byteoff], 0, WHIRLPOOL_BBLOCK / 8 - byteoff);
+        whirlpool_block(c, c->data, 1);
+        byteoff = 0;
+    }
+    if (byteoff < (WHIRLPOOL_BBLOCK / 8 - WHIRLPOOL_COUNTER))
+        memset(&c->data[byteoff], 0,
+               (WHIRLPOOL_BBLOCK / 8 - WHIRLPOOL_COUNTER) - byteoff);
+    /* smash 256-bit c->bitlen in big-endian order */
+    p = &c->data[WHIRLPOOL_BBLOCK / 8 - 1]; /* last byte in c->data */
+    for (i = 0; i < WHIRLPOOL_COUNTER / sizeof(size_t); i++)
+        for (v = c->bitlen[i], j = 0; j < sizeof(size_t); j++, v >>= 8)
+            *p-- = (unsigned char)(v & 0xff);
+
+    whirlpool_block(c, c->data, 1);
+
+    if (md) {
+        memcpy(md, c->H.c, WHIRLPOOL_DIGEST_LENGTH);
+        OPENSSL_cleanse(c, sizeof(*c));
+        return (1);
+    }
+    return (0);
+}
+
+unsigned char *WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md)
+{
+    WHIRLPOOL_CTX ctx;
+    static unsigned char m[WHIRLPOOL_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    WHIRLPOOL_Init(&ctx);
+    WHIRLPOOL_Update(&ctx, inp, bytes);
+    WHIRLPOOL_Final(md, &ctx);
+    return (md);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/x509/x509.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509/x509.h	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/x509/x509.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,1301 +0,0 @@
-/* crypto/x509/x509.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#ifndef HEADER_X509_H
-# define HEADER_X509_H
-
-# include <openssl/e_os2.h>
-# include <openssl/symhacks.h>
-# ifndef OPENSSL_NO_BUFFER
-#  include <openssl/buffer.h>
-# endif
-# ifndef OPENSSL_NO_EVP
-#  include <openssl/evp.h>
-# endif
-# ifndef OPENSSL_NO_BIO
-#  include <openssl/bio.h>
-# endif
-# include <openssl/stack.h>
-# include <openssl/asn1.h>
-# include <openssl/safestack.h>
-
-# ifndef OPENSSL_NO_EC
-#  include <openssl/ec.h>
-# endif
-
-# ifndef OPENSSL_NO_ECDSA
-#  include <openssl/ecdsa.h>
-# endif
-
-# ifndef OPENSSL_NO_ECDH
-#  include <openssl/ecdh.h>
-# endif
-
-# ifndef OPENSSL_NO_DEPRECATED
-#  ifndef OPENSSL_NO_RSA
-#   include <openssl/rsa.h>
-#  endif
-#  ifndef OPENSSL_NO_DSA
-#   include <openssl/dsa.h>
-#  endif
-#  ifndef OPENSSL_NO_DH
-#   include <openssl/dh.h>
-#  endif
-# endif
-
-# ifndef OPENSSL_NO_SHA
-#  include <openssl/sha.h>
-# endif
-# include <openssl/ossl_typ.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-# ifdef OPENSSL_SYS_WIN32
-/* Under Win32 these are defined in wincrypt.h */
-#  undef X509_NAME
-#  undef X509_CERT_PAIR
-#  undef X509_EXTENSIONS
-# endif
-
-# define X509_FILETYPE_PEM       1
-# define X509_FILETYPE_ASN1      2
-# define X509_FILETYPE_DEFAULT   3
-
-# define X509v3_KU_DIGITAL_SIGNATURE     0x0080
-# define X509v3_KU_NON_REPUDIATION       0x0040
-# define X509v3_KU_KEY_ENCIPHERMENT      0x0020
-# define X509v3_KU_DATA_ENCIPHERMENT     0x0010
-# define X509v3_KU_KEY_AGREEMENT         0x0008
-# define X509v3_KU_KEY_CERT_SIGN         0x0004
-# define X509v3_KU_CRL_SIGN              0x0002
-# define X509v3_KU_ENCIPHER_ONLY         0x0001
-# define X509v3_KU_DECIPHER_ONLY         0x8000
-# define X509v3_KU_UNDEF                 0xffff
-
-typedef struct X509_objects_st {
-    int nid;
-    int (*a2i) (void);
-    int (*i2a) (void);
-} X509_OBJECTS;
-
-struct X509_algor_st {
-    ASN1_OBJECT *algorithm;
-    ASN1_TYPE *parameter;
-} /* X509_ALGOR */ ;
-
-DECLARE_ASN1_SET_OF(X509_ALGOR)
-
-typedef STACK_OF(X509_ALGOR) X509_ALGORS;
-
-typedef struct X509_val_st {
-    ASN1_TIME *notBefore;
-    ASN1_TIME *notAfter;
-} X509_VAL;
-
-struct X509_pubkey_st {
-    X509_ALGOR *algor;
-    ASN1_BIT_STRING *public_key;
-    EVP_PKEY *pkey;
-};
-
-typedef struct X509_sig_st {
-    X509_ALGOR *algor;
-    ASN1_OCTET_STRING *digest;
-} X509_SIG;
-
-typedef struct X509_name_entry_st {
-    ASN1_OBJECT *object;
-    ASN1_STRING *value;
-    int set;
-    int size;                   /* temp variable */
-} X509_NAME_ENTRY;
-
-DECLARE_STACK_OF(X509_NAME_ENTRY)
-DECLARE_ASN1_SET_OF(X509_NAME_ENTRY)
-
-/* we always keep X509_NAMEs in 2 forms. */
-struct X509_name_st {
-    STACK_OF(X509_NAME_ENTRY) *entries;
-    int modified;               /* true if 'bytes' needs to be built */
-# ifndef OPENSSL_NO_BUFFER
-    BUF_MEM *bytes;
-# else
-    char *bytes;
-# endif
-/*      unsigned long hash; Keep the hash around for lookups */
-    unsigned char *canon_enc;
-    int canon_enclen;
-} /* X509_NAME */ ;
-
-DECLARE_STACK_OF(X509_NAME)
-
-# define X509_EX_V_NETSCAPE_HACK         0x8000
-# define X509_EX_V_INIT                  0x0001
-typedef struct X509_extension_st {
-    ASN1_OBJECT *object;
-    ASN1_BOOLEAN critical;
-    ASN1_OCTET_STRING *value;
-} X509_EXTENSION;
-
-typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;
-
-DECLARE_STACK_OF(X509_EXTENSION)
-DECLARE_ASN1_SET_OF(X509_EXTENSION)
-
-/* a sequence of these are used */
-typedef struct x509_attributes_st {
-    ASN1_OBJECT *object;
-    int single;                 /* 0 for a set, 1 for a single item (which is
-                                 * wrong) */
-    union {
-        char *ptr;
-        /*
-         * 0
-         */ STACK_OF(ASN1_TYPE) *set;
-        /*
-         * 1
-         */ ASN1_TYPE *single;
-    } value;
-} X509_ATTRIBUTE;
-
-DECLARE_STACK_OF(X509_ATTRIBUTE)
-DECLARE_ASN1_SET_OF(X509_ATTRIBUTE)
-
-typedef struct X509_req_info_st {
-    ASN1_ENCODING enc;
-    ASN1_INTEGER *version;
-    X509_NAME *subject;
-    X509_PUBKEY *pubkey;
-    /*  d=2 hl=2 l=  0 cons: cont: 00 */
-    STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
-} X509_REQ_INFO;
-
-typedef struct X509_req_st {
-    X509_REQ_INFO *req_info;
-    X509_ALGOR *sig_alg;
-    ASN1_BIT_STRING *signature;
-    int references;
-} X509_REQ;
-
-typedef struct x509_cinf_st {
-    ASN1_INTEGER *version;      /* [ 0 ] default of v1 */
-    ASN1_INTEGER *serialNumber;
-    X509_ALGOR *signature;
-    X509_NAME *issuer;
-    X509_VAL *validity;
-    X509_NAME *subject;
-    X509_PUBKEY *key;
-    ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */
-    ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */
-    STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */
-    ASN1_ENCODING enc;
-} X509_CINF;
-
-/*
- * This stuff is certificate "auxiliary info" it contains details which are
- * useful in certificate stores and databases. When used this is tagged onto
- * the end of the certificate itself
- */
-
-typedef struct x509_cert_aux_st {
-    STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */
-    STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */
-    ASN1_UTF8STRING *alias;     /* "friendly name" */
-    ASN1_OCTET_STRING *keyid;   /* key id of private key */
-    STACK_OF(X509_ALGOR) *other; /* other unspecified info */
-} X509_CERT_AUX;
-
-struct x509_st {
-    X509_CINF *cert_info;
-    X509_ALGOR *sig_alg;
-    ASN1_BIT_STRING *signature;
-    int valid;
-    int references;
-    char *name;
-    CRYPTO_EX_DATA ex_data;
-    /* These contain copies of various extension values */
-    long ex_pathlen;
-    long ex_pcpathlen;
-    unsigned long ex_flags;
-    unsigned long ex_kusage;
-    unsigned long ex_xkusage;
-    unsigned long ex_nscert;
-    ASN1_OCTET_STRING *skid;
-    AUTHORITY_KEYID *akid;
-    X509_POLICY_CACHE *policy_cache;
-    STACK_OF(DIST_POINT) *crldp;
-    STACK_OF(GENERAL_NAME) *altname;
-    NAME_CONSTRAINTS *nc;
-# ifndef OPENSSL_NO_RFC3779
-    STACK_OF(IPAddressFamily) *rfc3779_addr;
-    struct ASIdentifiers_st *rfc3779_asid;
-# endif
-# ifndef OPENSSL_NO_SHA
-    unsigned char sha1_hash[SHA_DIGEST_LENGTH];
-# endif
-    X509_CERT_AUX *aux;
-} /* X509 */ ;
-
-DECLARE_STACK_OF(X509)
-DECLARE_ASN1_SET_OF(X509)
-
-/* This is used for a table of trust checking functions */
-
-typedef struct x509_trust_st {
-    int trust;
-    int flags;
-    int (*check_trust) (struct x509_trust_st *, X509 *, int);
-    char *name;
-    int arg1;
-    void *arg2;
-} X509_TRUST;
-
-DECLARE_STACK_OF(X509_TRUST)
-
-typedef struct x509_cert_pair_st {
-    X509 *forward;
-    X509 *reverse;
-} X509_CERT_PAIR;
-
-/* standard trust ids */
-
-# define X509_TRUST_DEFAULT      -1/* Only valid in purpose settings */
-
-# define X509_TRUST_COMPAT       1
-# define X509_TRUST_SSL_CLIENT   2
-# define X509_TRUST_SSL_SERVER   3
-# define X509_TRUST_EMAIL        4
-# define X509_TRUST_OBJECT_SIGN  5
-# define X509_TRUST_OCSP_SIGN    6
-# define X509_TRUST_OCSP_REQUEST 7
-# define X509_TRUST_TSA          8
-
-/* Keep these up to date! */
-# define X509_TRUST_MIN          1
-# define X509_TRUST_MAX          8
-
-/* trust_flags values */
-# define X509_TRUST_DYNAMIC      1
-# define X509_TRUST_DYNAMIC_NAME 2
-
-/* check_trust return codes */
-
-# define X509_TRUST_TRUSTED      1
-# define X509_TRUST_REJECTED     2
-# define X509_TRUST_UNTRUSTED    3
-
-/* Flags for X509_print_ex() */
-
-# define X509_FLAG_COMPAT                0
-# define X509_FLAG_NO_HEADER             1L
-# define X509_FLAG_NO_VERSION            (1L << 1)
-# define X509_FLAG_NO_SERIAL             (1L << 2)
-# define X509_FLAG_NO_SIGNAME            (1L << 3)
-# define X509_FLAG_NO_ISSUER             (1L << 4)
-# define X509_FLAG_NO_VALIDITY           (1L << 5)
-# define X509_FLAG_NO_SUBJECT            (1L << 6)
-# define X509_FLAG_NO_PUBKEY             (1L << 7)
-# define X509_FLAG_NO_EXTENSIONS         (1L << 8)
-# define X509_FLAG_NO_SIGDUMP            (1L << 9)
-# define X509_FLAG_NO_AUX                (1L << 10)
-# define X509_FLAG_NO_ATTRIBUTES         (1L << 11)
-
-/* Flags specific to X509_NAME_print_ex() */
-
-/* The field separator information */
-
-# define XN_FLAG_SEP_MASK        (0xf << 16)
-
-# define XN_FLAG_COMPAT          0/* Traditional SSLeay: use old
-                                   * X509_NAME_print */
-# define XN_FLAG_SEP_COMMA_PLUS  (1 << 16)/* RFC2253 ,+ */
-# define XN_FLAG_SEP_CPLUS_SPC   (2 << 16)/* ,+ spaced: more readable */
-# define XN_FLAG_SEP_SPLUS_SPC   (3 << 16)/* ;+ spaced */
-# define XN_FLAG_SEP_MULTILINE   (4 << 16)/* One line per field */
-
-# define XN_FLAG_DN_REV          (1 << 20)/* Reverse DN order */
-
-/* How the field name is shown */
-
-# define XN_FLAG_FN_MASK         (0x3 << 21)
-
-# define XN_FLAG_FN_SN           0/* Object short name */
-# define XN_FLAG_FN_LN           (1 << 21)/* Object long name */
-# define XN_FLAG_FN_OID          (2 << 21)/* Always use OIDs */
-# define XN_FLAG_FN_NONE         (3 << 21)/* No field names */
-
-# define XN_FLAG_SPC_EQ          (1 << 23)/* Put spaces round '=' */
-
-/*
- * This determines if we dump fields we don't recognise: RFC2253 requires
- * this.
- */
-
-# define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
-
-# define XN_FLAG_FN_ALIGN        (1 << 25)/* Align field names to 20
-                                           * characters */
-
-/* Complete set of RFC2253 flags */
-
-# define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \
-                        XN_FLAG_SEP_COMMA_PLUS | \
-                        XN_FLAG_DN_REV | \
-                        XN_FLAG_FN_SN | \
-                        XN_FLAG_DUMP_UNKNOWN_FIELDS)
-
-/* readable oneline form */
-
-# define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \
-                        ASN1_STRFLGS_ESC_QUOTE | \
-                        XN_FLAG_SEP_CPLUS_SPC | \
-                        XN_FLAG_SPC_EQ | \
-                        XN_FLAG_FN_SN)
-
-/* readable multiline form */
-
-# define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \
-                        ASN1_STRFLGS_ESC_MSB | \
-                        XN_FLAG_SEP_MULTILINE | \
-                        XN_FLAG_SPC_EQ | \
-                        XN_FLAG_FN_LN | \
-                        XN_FLAG_FN_ALIGN)
-
-struct x509_revoked_st {
-    ASN1_INTEGER *serialNumber;
-    ASN1_TIME *revocationDate;
-    STACK_OF(X509_EXTENSION) /* optional */ *extensions;
-    /* Set up if indirect CRL */
-    STACK_OF(GENERAL_NAME) *issuer;
-    /* Revocation reason */
-    int reason;
-    int sequence;               /* load sequence */
-};
-
-DECLARE_STACK_OF(X509_REVOKED)
-DECLARE_ASN1_SET_OF(X509_REVOKED)
-
-typedef struct X509_crl_info_st {
-    ASN1_INTEGER *version;
-    X509_ALGOR *sig_alg;
-    X509_NAME *issuer;
-    ASN1_TIME *lastUpdate;
-    ASN1_TIME *nextUpdate;
-    STACK_OF(X509_REVOKED) *revoked;
-    STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
-    ASN1_ENCODING enc;
-} X509_CRL_INFO;
-
-struct X509_crl_st {
-    /* actual signature */
-    X509_CRL_INFO *crl;
-    X509_ALGOR *sig_alg;
-    ASN1_BIT_STRING *signature;
-    int references;
-    int flags;
-    /* Copies of various extensions */
-    AUTHORITY_KEYID *akid;
-    ISSUING_DIST_POINT *idp;
-    /* Convenient breakdown of IDP */
-    int idp_flags;
-    int idp_reasons;
-    /* CRL and base CRL numbers for delta processing */
-    ASN1_INTEGER *crl_number;
-    ASN1_INTEGER *base_crl_number;
-# ifndef OPENSSL_NO_SHA
-    unsigned char sha1_hash[SHA_DIGEST_LENGTH];
-# endif
-    STACK_OF(GENERAL_NAMES) *issuers;
-    const X509_CRL_METHOD *meth;
-    void *meth_data;
-} /* X509_CRL */ ;
-
-DECLARE_STACK_OF(X509_CRL)
-DECLARE_ASN1_SET_OF(X509_CRL)
-
-typedef struct private_key_st {
-    int version;
-    /* The PKCS#8 data types */
-    X509_ALGOR *enc_algor;
-    ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */
-    /* When decrypted, the following will not be NULL */
-    EVP_PKEY *dec_pkey;
-    /* used to encrypt and decrypt */
-    int key_length;
-    char *key_data;
-    int key_free;               /* true if we should auto free key_data */
-    /* expanded version of 'enc_algor' */
-    EVP_CIPHER_INFO cipher;
-    int references;
-} X509_PKEY;
-
-# ifndef OPENSSL_NO_EVP
-typedef struct X509_info_st {
-    X509 *x509;
-    X509_CRL *crl;
-    X509_PKEY *x_pkey;
-    EVP_CIPHER_INFO enc_cipher;
-    int enc_len;
-    char *enc_data;
-    int references;
-} X509_INFO;
-
-DECLARE_STACK_OF(X509_INFO)
-# endif
-
-/*
- * The next 2 structures and their 8 routines were sent to me by Pat Richard
- * <patr at x509.com> and are used to manipulate Netscapes spki structures -
- * useful if you are writing a CA web page
- */
-typedef struct Netscape_spkac_st {
-    X509_PUBKEY *pubkey;
-    ASN1_IA5STRING *challenge;  /* challenge sent in atlas >= PR2 */
-} NETSCAPE_SPKAC;
-
-typedef struct Netscape_spki_st {
-    NETSCAPE_SPKAC *spkac;      /* signed public key and challenge */
-    X509_ALGOR *sig_algor;
-    ASN1_BIT_STRING *signature;
-} NETSCAPE_SPKI;
-
-/* Netscape certificate sequence structure */
-typedef struct Netscape_certificate_sequence {
-    ASN1_OBJECT *type;
-    STACK_OF(X509) *certs;
-} NETSCAPE_CERT_SEQUENCE;
-
-/*- Unused (and iv length is wrong)
-typedef struct CBCParameter_st
-        {
-        unsigned char iv[8];
-        } CBC_PARAM;
-*/
-
-/* Password based encryption structure */
-
-typedef struct PBEPARAM_st {
-    ASN1_OCTET_STRING *salt;
-    ASN1_INTEGER *iter;
-} PBEPARAM;
-
-/* Password based encryption V2 structures */
-
-typedef struct PBE2PARAM_st {
-    X509_ALGOR *keyfunc;
-    X509_ALGOR *encryption;
-} PBE2PARAM;
-
-typedef struct PBKDF2PARAM_st {
-/* Usually OCTET STRING but could be anything */
-    ASN1_TYPE *salt;
-    ASN1_INTEGER *iter;
-    ASN1_INTEGER *keylength;
-    X509_ALGOR *prf;
-} PBKDF2PARAM;
-
-/* PKCS#8 private key info structure */
-
-struct pkcs8_priv_key_info_st {
-    /* Flag for various broken formats */
-    int broken;
-# define PKCS8_OK                0
-# define PKCS8_NO_OCTET          1
-# define PKCS8_EMBEDDED_PARAM    2
-# define PKCS8_NS_DB             3
-# define PKCS8_NEG_PRIVKEY       4
-    ASN1_INTEGER *version;
-    X509_ALGOR *pkeyalg;
-    /* Should be OCTET STRING but some are broken */
-    ASN1_TYPE *pkey;
-    STACK_OF(X509_ATTRIBUTE) *attributes;
-};
-
-#ifdef  __cplusplus
-}
-#endif
-
-# include <openssl/x509_vfy.h>
-# include <openssl/pkcs7.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-# define X509_EXT_PACK_UNKNOWN   1
-# define X509_EXT_PACK_STRING    2
-
-# define         X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version)
-/* #define      X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */
-# define         X509_get_notBefore(x) ((x)->cert_info->validity->notBefore)
-# define         X509_get_notAfter(x) ((x)->cert_info->validity->notAfter)
-# define         X509_extract_key(x)     X509_get_pubkey(x)/*****/
-# define         X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version)
-# define         X509_REQ_get_subject_name(x) ((x)->req_info->subject)
-# define         X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
-# define         X509_name_cmp(a,b)      X509_NAME_cmp((a),(b))
-# define         X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
-
-# define         X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version)
-# define         X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
-# define         X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
-# define         X509_CRL_get_issuer(x) ((x)->crl->issuer)
-# define         X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
-
-void X509_CRL_set_default_method(const X509_CRL_METHOD *meth);
-X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl),
-                                     int (*crl_free) (X509_CRL *crl),
-                                     int (*crl_lookup) (X509_CRL *crl,
-                                                        X509_REVOKED **ret,
-                                                        ASN1_INTEGER *ser,
-                                                        X509_NAME *issuer),
-                                     int (*crl_verify) (X509_CRL *crl,
-                                                        EVP_PKEY *pk));
-void X509_CRL_METHOD_free(X509_CRL_METHOD *m);
-
-void X509_CRL_set_meth_data(X509_CRL *crl, void *dat);
-void *X509_CRL_get_meth_data(X509_CRL *crl);
-
-/*
- * This one is only used so that a binary form can output, as in
- * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf)
- */
-# define         X509_get_X509_PUBKEY(x) ((x)->cert_info->key)
-
-const char *X509_verify_cert_error_string(long n);
-
-# ifndef OPENSSL_NO_EVP
-int X509_verify(X509 *a, EVP_PKEY *r);
-
-int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
-int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
-int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r);
-
-NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len);
-char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x);
-EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x);
-int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
-
-int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki);
-
-int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent);
-int X509_signature_print(BIO *bp, X509_ALGOR *alg, ASN1_STRING *sig);
-
-int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
-int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx);
-int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
-int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx);
-int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
-int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx);
-int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
-
-int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
-                       unsigned char *md, unsigned int *len);
-int X509_digest(const X509 *data, const EVP_MD *type,
-                unsigned char *md, unsigned int *len);
-int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type,
-                    unsigned char *md, unsigned int *len);
-int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type,
-                    unsigned char *md, unsigned int *len);
-int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
-                     unsigned char *md, unsigned int *len);
-# endif
-
-# ifndef OPENSSL_NO_FP_API
-X509 *d2i_X509_fp(FILE *fp, X509 **x509);
-int i2d_X509_fp(FILE *fp, X509 *x509);
-X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl);
-int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl);
-X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req);
-int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req);
-#  ifndef OPENSSL_NO_RSA
-RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa);
-int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa);
-RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa);
-int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa);
-RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa);
-int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa);
-#  endif
-#  ifndef OPENSSL_NO_DSA
-DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
-int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
-DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
-int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
-#  endif
-#  ifndef OPENSSL_NO_EC
-EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey);
-int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey);
-EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey);
-int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey);
-#  endif
-X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8);
-int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8);
-PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
-                                                PKCS8_PRIV_KEY_INFO **p8inf);
-int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf);
-int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key);
-int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey);
-EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
-int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
-EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
-# endif
-
-# ifndef OPENSSL_NO_BIO
-X509 *d2i_X509_bio(BIO *bp, X509 **x509);
-int i2d_X509_bio(BIO *bp, X509 *x509);
-X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl);
-int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl);
-X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req);
-int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req);
-#  ifndef OPENSSL_NO_RSA
-RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa);
-int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa);
-RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa);
-int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa);
-RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa);
-int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa);
-#  endif
-#  ifndef OPENSSL_NO_DSA
-DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);
-int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
-DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
-int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
-#  endif
-#  ifndef OPENSSL_NO_EC
-EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey);
-int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey);
-EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey);
-int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey);
-#  endif
-X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8);
-int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8);
-PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
-                                                 PKCS8_PRIV_KEY_INFO **p8inf);
-int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf);
-int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key);
-int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey);
-EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
-int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);
-EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
-# endif
-
-X509 *X509_dup(X509 *x509);
-X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa);
-X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex);
-X509_CRL *X509_CRL_dup(X509_CRL *crl);
-X509_REQ *X509_REQ_dup(X509_REQ *req);
-X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
-int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype,
-                    void *pval);
-void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
-                     X509_ALGOR *algor);
-void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
-int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
-
-X509_NAME *X509_NAME_dup(X509_NAME *xn);
-X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
-
-int X509_cmp_time(const ASN1_TIME *s, time_t *t);
-int X509_cmp_current_time(const ASN1_TIME *s);
-ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *t);
-ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s,
-                            int offset_day, long offset_sec, time_t *t);
-ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj);
-
-const char *X509_get_default_cert_area(void);
-const char *X509_get_default_cert_dir(void);
-const char *X509_get_default_cert_file(void);
-const char *X509_get_default_cert_dir_env(void);
-const char *X509_get_default_cert_file_env(void);
-const char *X509_get_default_private_dir(void);
-
-X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
-X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey);
-
-DECLARE_ASN1_FUNCTIONS(X509_ALGOR)
-DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS)
-DECLARE_ASN1_FUNCTIONS(X509_VAL)
-
-DECLARE_ASN1_FUNCTIONS(X509_PUBKEY)
-
-int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
-EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key);
-int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain);
-int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp);
-EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length);
-# ifndef OPENSSL_NO_RSA
-int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp);
-RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length);
-# endif
-# ifndef OPENSSL_NO_DSA
-int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp);
-DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length);
-# endif
-# ifndef OPENSSL_NO_EC
-int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp);
-EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length);
-# endif
-
-DECLARE_ASN1_FUNCTIONS(X509_SIG)
-DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO)
-DECLARE_ASN1_FUNCTIONS(X509_REQ)
-
-DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE)
-X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);
-
-DECLARE_ASN1_FUNCTIONS(X509_EXTENSION)
-DECLARE_ASN1_ENCODE_FUNCTIONS(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS)
-
-DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY)
-
-DECLARE_ASN1_FUNCTIONS(X509_NAME)
-
-int X509_NAME_set(X509_NAME **xn, X509_NAME *name);
-
-DECLARE_ASN1_FUNCTIONS(X509_CINF)
-
-DECLARE_ASN1_FUNCTIONS(X509)
-DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX)
-
-DECLARE_ASN1_FUNCTIONS(X509_CERT_PAIR)
-
-int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-                          CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int X509_set_ex_data(X509 *r, int idx, void *arg);
-void *X509_get_ex_data(X509 *r, int idx);
-int i2d_X509_AUX(X509 *a, unsigned char **pp);
-X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length);
-
-int X509_alias_set1(X509 *x, unsigned char *name, int len);
-int X509_keyid_set1(X509 *x, unsigned char *id, int len);
-unsigned char *X509_alias_get0(X509 *x, int *len);
-unsigned char *X509_keyid_get0(X509 *x, int *len);
-int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *,
-                                                                int);
-int X509_TRUST_set(int *t, int trust);
-int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
-int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);
-void X509_trust_clear(X509 *x);
-void X509_reject_clear(X509 *x);
-
-DECLARE_ASN1_FUNCTIONS(X509_REVOKED)
-DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO)
-DECLARE_ASN1_FUNCTIONS(X509_CRL)
-
-int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
-int X509_CRL_get0_by_serial(X509_CRL *crl,
-                            X509_REVOKED **ret, ASN1_INTEGER *serial);
-int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x);
-
-X509_PKEY *X509_PKEY_new(void);
-void X509_PKEY_free(X509_PKEY *a);
-int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp);
-X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, const unsigned char **pp,
-                         long length);
-
-DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI)
-DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
-DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
-
-# ifndef OPENSSL_NO_EVP
-X509_INFO *X509_INFO_new(void);
-void X509_INFO_free(X509_INFO *a);
-char *X509_NAME_oneline(X509_NAME *a, char *buf, int size);
-
-int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1,
-                ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey);
-
-int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
-                unsigned char *md, unsigned int *len);
-
-int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1,
-              X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
-              char *data, EVP_PKEY *pkey, const EVP_MD *type);
-
-int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *data,
-                     unsigned char *md, unsigned int *len);
-
-int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1,
-                     ASN1_BIT_STRING *signature, void *data, EVP_PKEY *pkey);
-
-int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
-                   X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *data,
-                   EVP_PKEY *pkey, const EVP_MD *type);
-int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
-                       X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
-                       void *asn, EVP_MD_CTX *ctx);
-# endif
-
-int X509_set_version(X509 *x, long version);
-int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
-ASN1_INTEGER *X509_get_serialNumber(X509 *x);
-int X509_set_issuer_name(X509 *x, X509_NAME *name);
-X509_NAME *X509_get_issuer_name(X509 *a);
-int X509_set_subject_name(X509 *x, X509_NAME *name);
-X509_NAME *X509_get_subject_name(X509 *a);
-int X509_set_notBefore(X509 *x, const ASN1_TIME *tm);
-int X509_set_notAfter(X509 *x, const ASN1_TIME *tm);
-int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
-EVP_PKEY *X509_get_pubkey(X509 *x);
-ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x);
-int X509_certificate_type(X509 *x, EVP_PKEY *pubkey /* optional */ );
-
-int X509_REQ_set_version(X509_REQ *x, long version);
-int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name);
-int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
-EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
-int X509_REQ_extension_nid(int nid);
-int *X509_REQ_get_extension_nids(void);
-void X509_REQ_set_extension_nids(int *nids);
-STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
-int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
-                                int nid);
-int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts);
-int X509_REQ_get_attr_count(const X509_REQ *req);
-int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos);
-int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
-                             int lastpos);
-X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc);
-X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc);
-int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr);
-int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
-                              const ASN1_OBJECT *obj, int type,
-                              const unsigned char *bytes, int len);
-int X509_REQ_add1_attr_by_NID(X509_REQ *req,
-                              int nid, int type,
-                              const unsigned char *bytes, int len);
-int X509_REQ_add1_attr_by_txt(X509_REQ *req,
-                              const char *attrname, int type,
-                              const unsigned char *bytes, int len);
-
-int X509_CRL_set_version(X509_CRL *x, long version);
-int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
-int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
-int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
-int X509_CRL_sort(X509_CRL *crl);
-
-int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
-int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
-
-int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
-
-int X509_check_private_key(X509 *x509, EVP_PKEY *pkey);
-
-int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
-unsigned long X509_issuer_and_serial_hash(X509 *a);
-
-int X509_issuer_name_cmp(const X509 *a, const X509 *b);
-unsigned long X509_issuer_name_hash(X509 *a);
-
-int X509_subject_name_cmp(const X509 *a, const X509 *b);
-unsigned long X509_subject_name_hash(X509 *x);
-
-# ifndef OPENSSL_NO_MD5
-unsigned long X509_issuer_name_hash_old(X509 *a);
-unsigned long X509_subject_name_hash_old(X509 *x);
-# endif
-
-int X509_cmp(const X509 *a, const X509 *b);
-int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
-unsigned long X509_NAME_hash(X509_NAME *x);
-unsigned long X509_NAME_hash_old(X509_NAME *x);
-
-int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
-int X509_CRL_match(const X509_CRL *a, const X509_CRL *b);
-# ifndef OPENSSL_NO_FP_API
-int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag,
-                     unsigned long cflag);
-int X509_print_fp(FILE *bp, X509 *x);
-int X509_CRL_print_fp(FILE *bp, X509_CRL *x);
-int X509_REQ_print_fp(FILE *bp, X509_REQ *req);
-int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent,
-                          unsigned long flags);
-# endif
-
-# ifndef OPENSSL_NO_BIO
-int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
-int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent,
-                       unsigned long flags);
-int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag,
-                  unsigned long cflag);
-int X509_print(BIO *bp, X509 *x);
-int X509_ocspid_print(BIO *bp, X509 *x);
-int X509_CERT_AUX_print(BIO *bp, X509_CERT_AUX *x, int indent);
-int X509_CRL_print(BIO *bp, X509_CRL *x);
-int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag,
-                      unsigned long cflag);
-int X509_REQ_print(BIO *bp, X509_REQ *req);
-# endif
-
-int X509_NAME_entry_count(X509_NAME *name);
-int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len);
-int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
-                              char *buf, int len);
-
-/*
- * NOTE: you should be passsing -1, not 0 as lastpos.  The functions that use
- * lastpos, search after that position on.
- */
-int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos);
-int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
-                               int lastpos);
-X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
-X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
-int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne,
-                        int loc, int set);
-int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
-                               unsigned char *bytes, int len, int loc,
-                               int set);
-int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
-                               unsigned char *bytes, int len, int loc,
-                               int set);
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
-                                               const char *field, int type,
-                                               const unsigned char *bytes,
-                                               int len);
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
-                                               int type, unsigned char *bytes,
-                                               int len);
-int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
-                               const unsigned char *bytes, int len, int loc,
-                               int set);
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
-                                               ASN1_OBJECT *obj, int type,
-                                               const unsigned char *bytes,
-                                               int len);
-int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj);
-int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
-                             const unsigned char *bytes, int len);
-ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
-ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
-
-int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
-int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
-                          int nid, int lastpos);
-int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
-                          ASN1_OBJECT *obj, int lastpos);
-int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
-                               int crit, int lastpos);
-X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
-X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);
-STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
-                                         X509_EXTENSION *ex, int loc);
-
-int X509_get_ext_count(X509 *x);
-int X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
-int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos);
-int X509_get_ext_by_critical(X509 *x, int crit, int lastpos);
-X509_EXTENSION *X509_get_ext(X509 *x, int loc);
-X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
-int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
-void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
-int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
-                      unsigned long flags);
-
-int X509_CRL_get_ext_count(X509_CRL *x);
-int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos);
-int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos);
-int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos);
-X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc);
-X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
-int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
-void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
-int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
-                          unsigned long flags);
-
-int X509_REVOKED_get_ext_count(X509_REVOKED *x);
-int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos);
-int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj,
-                                int lastpos);
-int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos);
-X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc);
-X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
-int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
-void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
-int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
-                              unsigned long flags);
-
-X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
-                                             int nid, int crit,
-                                             ASN1_OCTET_STRING *data);
-X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
-                                             ASN1_OBJECT *obj, int crit,
-                                             ASN1_OCTET_STRING *data);
-int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj);
-int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
-int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data);
-ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex);
-ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
-int X509_EXTENSION_get_critical(X509_EXTENSION *ex);
-
-int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);
-int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
-                           int lastpos);
-int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk,
-                           ASN1_OBJECT *obj, int lastpos);
-X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc);
-X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc);
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
-                                           X509_ATTRIBUTE *attr);
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE)
-                                                  **x, const ASN1_OBJECT *obj,
-                                                  int type,
-                                                  const unsigned char *bytes,
-                                                  int len);
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE)
-                                                  **x, int nid, int type,
-                                                  const unsigned char *bytes,
-                                                  int len);
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE)
-                                                  **x, const char *attrname,
-                                                  int type,
-                                                  const unsigned char *bytes,
-                                                  int len);
-void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, ASN1_OBJECT *obj,
-                              int lastpos, int type);
-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
-                                             int atrtype, const void *data,
-                                             int len);
-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
-                                             const ASN1_OBJECT *obj,
-                                             int atrtype, const void *data,
-                                             int len);
-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
-                                             const char *atrname, int type,
-                                             const unsigned char *bytes,
-                                             int len);
-int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj);
-int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
-                             const void *data, int len);
-void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype,
-                               void *data);
-int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr);
-ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);
-ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx);
-
-int EVP_PKEY_get_attr_count(const EVP_PKEY *key);
-int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos);
-int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj,
-                             int lastpos);
-X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc);
-X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc);
-int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr);
-int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,
-                              const ASN1_OBJECT *obj, int type,
-                              const unsigned char *bytes, int len);
-int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,
-                              int nid, int type,
-                              const unsigned char *bytes, int len);
-int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
-                              const char *attrname, int type,
-                              const unsigned char *bytes, int len);
-
-int X509_verify_cert(X509_STORE_CTX *ctx);
-
-/* lookup a cert from a X509 STACK */
-X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
-                                     ASN1_INTEGER *serial);
-X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name);
-
-DECLARE_ASN1_FUNCTIONS(PBEPARAM)
-DECLARE_ASN1_FUNCTIONS(PBE2PARAM)
-DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM)
-
-int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
-                         const unsigned char *salt, int saltlen);
-
-X509_ALGOR *PKCS5_pbe_set(int alg, int iter,
-                          const unsigned char *salt, int saltlen);
-X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
-                           unsigned char *salt, int saltlen);
-X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
-                              unsigned char *salt, int saltlen,
-                              unsigned char *aiv, int prf_nid);
-
-X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
-                             int prf_nid, int keylen);
-
-/* PKCS#8 utilities */
-
-DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
-
-EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);
-PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
-PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken);
-PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
-
-int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
-                    int version, int ptype, void *pval,
-                    unsigned char *penc, int penclen);
-int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg,
-                    const unsigned char **pk, int *ppklen,
-                    X509_ALGOR **pa, PKCS8_PRIV_KEY_INFO *p8);
-
-int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
-                           int ptype, void *pval,
-                           unsigned char *penc, int penclen);
-int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
-                           const unsigned char **pk, int *ppklen,
-                           X509_ALGOR **pa, X509_PUBKEY *pub);
-
-int X509_check_trust(X509 *x, int id, int flags);
-int X509_TRUST_get_count(void);
-X509_TRUST *X509_TRUST_get0(int idx);
-int X509_TRUST_get_by_id(int id);
-int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
-                   char *name, int arg1, void *arg2);
-void X509_TRUST_cleanup(void);
-int X509_TRUST_get_flags(X509_TRUST *xp);
-char *X509_TRUST_get0_name(X509_TRUST *xp);
-int X509_TRUST_get_trust(X509_TRUST *xp);
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_X509_strings(void);
-
-/* Error codes for the X509 functions. */
-
-/* Function codes. */
-# define X509_F_ADD_CERT_DIR                              100
-# define X509_F_BY_FILE_CTRL                              101
-# define X509_F_CHECK_POLICY                              145
-# define X509_F_DIR_CTRL                                  102
-# define X509_F_GET_CERT_BY_SUBJECT                       103
-# define X509_F_NETSCAPE_SPKI_B64_DECODE                  129
-# define X509_F_NETSCAPE_SPKI_B64_ENCODE                  130
-# define X509_F_X509AT_ADD1_ATTR                          135
-# define X509_F_X509V3_ADD_EXT                            104
-# define X509_F_X509_ATTRIBUTE_CREATE_BY_NID              136
-# define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ              137
-# define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT              140
-# define X509_F_X509_ATTRIBUTE_GET0_DATA                  139
-# define X509_F_X509_ATTRIBUTE_SET1_DATA                  138
-# define X509_F_X509_CHECK_PRIVATE_KEY                    128
-# define X509_F_X509_CRL_PRINT_FP                         147
-# define X509_F_X509_EXTENSION_CREATE_BY_NID              108
-# define X509_F_X509_EXTENSION_CREATE_BY_OBJ              109
-# define X509_F_X509_GET_PUBKEY_PARAMETERS                110
-# define X509_F_X509_LOAD_CERT_CRL_FILE                   132
-# define X509_F_X509_LOAD_CERT_FILE                       111
-# define X509_F_X509_LOAD_CRL_FILE                        112
-# define X509_F_X509_NAME_ADD_ENTRY                       113
-# define X509_F_X509_NAME_ENTRY_CREATE_BY_NID             114
-# define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT             131
-# define X509_F_X509_NAME_ENTRY_SET_OBJECT                115
-# define X509_F_X509_NAME_ONELINE                         116
-# define X509_F_X509_NAME_PRINT                           117
-# define X509_F_X509_PRINT_EX_FP                          118
-# define X509_F_X509_PUBKEY_GET                           119
-# define X509_F_X509_PUBKEY_SET                           120
-# define X509_F_X509_REQ_CHECK_PRIVATE_KEY                144
-# define X509_F_X509_REQ_PRINT_EX                         121
-# define X509_F_X509_REQ_PRINT_FP                         122
-# define X509_F_X509_REQ_TO_X509                          123
-# define X509_F_X509_STORE_ADD_CERT                       124
-# define X509_F_X509_STORE_ADD_CRL                        125
-# define X509_F_X509_STORE_CTX_GET1_ISSUER                146
-# define X509_F_X509_STORE_CTX_INIT                       143
-# define X509_F_X509_STORE_CTX_NEW                        142
-# define X509_F_X509_STORE_CTX_PURPOSE_INHERIT            134
-# define X509_F_X509_TO_X509_REQ                          126
-# define X509_F_X509_TRUST_ADD                            133
-# define X509_F_X509_TRUST_SET                            141
-# define X509_F_X509_VERIFY_CERT                          127
-
-/* Reason codes. */
-# define X509_R_BAD_X509_FILETYPE                         100
-# define X509_R_BASE64_DECODE_ERROR                       118
-# define X509_R_CANT_CHECK_DH_KEY                         114
-# define X509_R_CERT_ALREADY_IN_HASH_TABLE                101
-# define X509_R_ERR_ASN1_LIB                              102
-# define X509_R_INVALID_DIRECTORY                         113
-# define X509_R_INVALID_FIELD_NAME                        119
-# define X509_R_INVALID_TRUST                             123
-# define X509_R_KEY_TYPE_MISMATCH                         115
-# define X509_R_KEY_VALUES_MISMATCH                       116
-# define X509_R_LOADING_CERT_DIR                          103
-# define X509_R_LOADING_DEFAULTS                          104
-# define X509_R_METHOD_NOT_SUPPORTED                      124
-# define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY              105
-# define X509_R_PUBLIC_KEY_DECODE_ERROR                   125
-# define X509_R_PUBLIC_KEY_ENCODE_ERROR                   126
-# define X509_R_SHOULD_RETRY                              106
-# define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN        107
-# define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY            108
-# define X509_R_UNKNOWN_KEY_TYPE                          117
-# define X509_R_UNKNOWN_NID                               109
-# define X509_R_UNKNOWN_PURPOSE_ID                        121
-# define X509_R_UNKNOWN_TRUST_ID                          120
-# define X509_R_UNSUPPORTED_ALGORITHM                     111
-# define X509_R_WRONG_LOOKUP_TYPE                         112
-# define X509_R_WRONG_TYPE                                122
-
-#ifdef  __cplusplus
-}
-#endif
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/x509/x509.h (from rev 11605, vendor-crypto/openssl/dist/crypto/x509/x509.h)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/x509/x509.h	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/x509/x509.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,1304 @@
+/* crypto/x509/x509.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#ifndef HEADER_X509_H
+# define HEADER_X509_H
+
+# include <openssl/e_os2.h>
+# include <openssl/symhacks.h>
+# ifndef OPENSSL_NO_BUFFER
+#  include <openssl/buffer.h>
+# endif
+# ifndef OPENSSL_NO_EVP
+#  include <openssl/evp.h>
+# endif
+# ifndef OPENSSL_NO_BIO
+#  include <openssl/bio.h>
+# endif
+# include <openssl/stack.h>
+# include <openssl/asn1.h>
+# include <openssl/safestack.h>
+
+# ifndef OPENSSL_NO_EC
+#  include <openssl/ec.h>
+# endif
+
+# ifndef OPENSSL_NO_ECDSA
+#  include <openssl/ecdsa.h>
+# endif
+
+# ifndef OPENSSL_NO_ECDH
+#  include <openssl/ecdh.h>
+# endif
+
+# ifndef OPENSSL_NO_DEPRECATED
+#  ifndef OPENSSL_NO_RSA
+#   include <openssl/rsa.h>
+#  endif
+#  ifndef OPENSSL_NO_DSA
+#   include <openssl/dsa.h>
+#  endif
+#  ifndef OPENSSL_NO_DH
+#   include <openssl/dh.h>
+#  endif
+# endif
+
+# ifndef OPENSSL_NO_SHA
+#  include <openssl/sha.h>
+# endif
+# include <openssl/ossl_typ.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# ifdef OPENSSL_SYS_WIN32
+/* Under Win32 these are defined in wincrypt.h */
+#  undef X509_NAME
+#  undef X509_CERT_PAIR
+#  undef X509_EXTENSIONS
+# endif
+
+# define X509_FILETYPE_PEM       1
+# define X509_FILETYPE_ASN1      2
+# define X509_FILETYPE_DEFAULT   3
+
+# define X509v3_KU_DIGITAL_SIGNATURE     0x0080
+# define X509v3_KU_NON_REPUDIATION       0x0040
+# define X509v3_KU_KEY_ENCIPHERMENT      0x0020
+# define X509v3_KU_DATA_ENCIPHERMENT     0x0010
+# define X509v3_KU_KEY_AGREEMENT         0x0008
+# define X509v3_KU_KEY_CERT_SIGN         0x0004
+# define X509v3_KU_CRL_SIGN              0x0002
+# define X509v3_KU_ENCIPHER_ONLY         0x0001
+# define X509v3_KU_DECIPHER_ONLY         0x8000
+# define X509v3_KU_UNDEF                 0xffff
+
+typedef struct X509_objects_st {
+    int nid;
+    int (*a2i) (void);
+    int (*i2a) (void);
+} X509_OBJECTS;
+
+struct X509_algor_st {
+    ASN1_OBJECT *algorithm;
+    ASN1_TYPE *parameter;
+} /* X509_ALGOR */ ;
+
+DECLARE_ASN1_SET_OF(X509_ALGOR)
+
+typedef STACK_OF(X509_ALGOR) X509_ALGORS;
+
+typedef struct X509_val_st {
+    ASN1_TIME *notBefore;
+    ASN1_TIME *notAfter;
+} X509_VAL;
+
+struct X509_pubkey_st {
+    X509_ALGOR *algor;
+    ASN1_BIT_STRING *public_key;
+    EVP_PKEY *pkey;
+};
+
+typedef struct X509_sig_st {
+    X509_ALGOR *algor;
+    ASN1_OCTET_STRING *digest;
+} X509_SIG;
+
+typedef struct X509_name_entry_st {
+    ASN1_OBJECT *object;
+    ASN1_STRING *value;
+    int set;
+    int size;                   /* temp variable */
+} X509_NAME_ENTRY;
+
+DECLARE_STACK_OF(X509_NAME_ENTRY)
+DECLARE_ASN1_SET_OF(X509_NAME_ENTRY)
+
+/* we always keep X509_NAMEs in 2 forms. */
+struct X509_name_st {
+    STACK_OF(X509_NAME_ENTRY) *entries;
+    int modified;               /* true if 'bytes' needs to be built */
+# ifndef OPENSSL_NO_BUFFER
+    BUF_MEM *bytes;
+# else
+    char *bytes;
+# endif
+/*      unsigned long hash; Keep the hash around for lookups */
+    unsigned char *canon_enc;
+    int canon_enclen;
+} /* X509_NAME */ ;
+
+DECLARE_STACK_OF(X509_NAME)
+
+# define X509_EX_V_NETSCAPE_HACK         0x8000
+# define X509_EX_V_INIT                  0x0001
+typedef struct X509_extension_st {
+    ASN1_OBJECT *object;
+    ASN1_BOOLEAN critical;
+    ASN1_OCTET_STRING *value;
+} X509_EXTENSION;
+
+typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;
+
+DECLARE_STACK_OF(X509_EXTENSION)
+DECLARE_ASN1_SET_OF(X509_EXTENSION)
+
+/* a sequence of these are used */
+typedef struct x509_attributes_st {
+    ASN1_OBJECT *object;
+    int single;                 /* 0 for a set, 1 for a single item (which is
+                                 * wrong) */
+    union {
+        char *ptr;
+        /*
+         * 0
+         */ STACK_OF(ASN1_TYPE) *set;
+        /*
+         * 1
+         */ ASN1_TYPE *single;
+    } value;
+} X509_ATTRIBUTE;
+
+DECLARE_STACK_OF(X509_ATTRIBUTE)
+DECLARE_ASN1_SET_OF(X509_ATTRIBUTE)
+
+typedef struct X509_req_info_st {
+    ASN1_ENCODING enc;
+    ASN1_INTEGER *version;
+    X509_NAME *subject;
+    X509_PUBKEY *pubkey;
+    /*  d=2 hl=2 l=  0 cons: cont: 00 */
+    STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
+} X509_REQ_INFO;
+
+typedef struct X509_req_st {
+    X509_REQ_INFO *req_info;
+    X509_ALGOR *sig_alg;
+    ASN1_BIT_STRING *signature;
+    int references;
+} X509_REQ;
+
+typedef struct x509_cinf_st {
+    ASN1_INTEGER *version;      /* [ 0 ] default of v1 */
+    ASN1_INTEGER *serialNumber;
+    X509_ALGOR *signature;
+    X509_NAME *issuer;
+    X509_VAL *validity;
+    X509_NAME *subject;
+    X509_PUBKEY *key;
+    ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */
+    ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */
+    STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */
+    ASN1_ENCODING enc;
+} X509_CINF;
+
+/*
+ * This stuff is certificate "auxiliary info" it contains details which are
+ * useful in certificate stores and databases. When used this is tagged onto
+ * the end of the certificate itself
+ */
+
+typedef struct x509_cert_aux_st {
+    STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */
+    STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */
+    ASN1_UTF8STRING *alias;     /* "friendly name" */
+    ASN1_OCTET_STRING *keyid;   /* key id of private key */
+    STACK_OF(X509_ALGOR) *other; /* other unspecified info */
+} X509_CERT_AUX;
+
+struct x509_st {
+    X509_CINF *cert_info;
+    X509_ALGOR *sig_alg;
+    ASN1_BIT_STRING *signature;
+    int valid;
+    int references;
+    char *name;
+    CRYPTO_EX_DATA ex_data;
+    /* These contain copies of various extension values */
+    long ex_pathlen;
+    long ex_pcpathlen;
+    unsigned long ex_flags;
+    unsigned long ex_kusage;
+    unsigned long ex_xkusage;
+    unsigned long ex_nscert;
+    ASN1_OCTET_STRING *skid;
+    AUTHORITY_KEYID *akid;
+    X509_POLICY_CACHE *policy_cache;
+    STACK_OF(DIST_POINT) *crldp;
+    STACK_OF(GENERAL_NAME) *altname;
+    NAME_CONSTRAINTS *nc;
+# ifndef OPENSSL_NO_RFC3779
+    STACK_OF(IPAddressFamily) *rfc3779_addr;
+    struct ASIdentifiers_st *rfc3779_asid;
+# endif
+# ifndef OPENSSL_NO_SHA
+    unsigned char sha1_hash[SHA_DIGEST_LENGTH];
+# endif
+    X509_CERT_AUX *aux;
+} /* X509 */ ;
+
+DECLARE_STACK_OF(X509)
+DECLARE_ASN1_SET_OF(X509)
+
+/* This is used for a table of trust checking functions */
+
+typedef struct x509_trust_st {
+    int trust;
+    int flags;
+    int (*check_trust) (struct x509_trust_st *, X509 *, int);
+    char *name;
+    int arg1;
+    void *arg2;
+} X509_TRUST;
+
+DECLARE_STACK_OF(X509_TRUST)
+
+typedef struct x509_cert_pair_st {
+    X509 *forward;
+    X509 *reverse;
+} X509_CERT_PAIR;
+
+/* standard trust ids */
+
+# define X509_TRUST_DEFAULT      -1/* Only valid in purpose settings */
+
+# define X509_TRUST_COMPAT       1
+# define X509_TRUST_SSL_CLIENT   2
+# define X509_TRUST_SSL_SERVER   3
+# define X509_TRUST_EMAIL        4
+# define X509_TRUST_OBJECT_SIGN  5
+# define X509_TRUST_OCSP_SIGN    6
+# define X509_TRUST_OCSP_REQUEST 7
+# define X509_TRUST_TSA          8
+
+/* Keep these up to date! */
+# define X509_TRUST_MIN          1
+# define X509_TRUST_MAX          8
+
+/* trust_flags values */
+# define X509_TRUST_DYNAMIC      1
+# define X509_TRUST_DYNAMIC_NAME 2
+
+/* check_trust return codes */
+
+# define X509_TRUST_TRUSTED      1
+# define X509_TRUST_REJECTED     2
+# define X509_TRUST_UNTRUSTED    3
+
+/* Flags for X509_print_ex() */
+
+# define X509_FLAG_COMPAT                0
+# define X509_FLAG_NO_HEADER             1L
+# define X509_FLAG_NO_VERSION            (1L << 1)
+# define X509_FLAG_NO_SERIAL             (1L << 2)
+# define X509_FLAG_NO_SIGNAME            (1L << 3)
+# define X509_FLAG_NO_ISSUER             (1L << 4)
+# define X509_FLAG_NO_VALIDITY           (1L << 5)
+# define X509_FLAG_NO_SUBJECT            (1L << 6)
+# define X509_FLAG_NO_PUBKEY             (1L << 7)
+# define X509_FLAG_NO_EXTENSIONS         (1L << 8)
+# define X509_FLAG_NO_SIGDUMP            (1L << 9)
+# define X509_FLAG_NO_AUX                (1L << 10)
+# define X509_FLAG_NO_ATTRIBUTES         (1L << 11)
+
+/* Flags specific to X509_NAME_print_ex() */
+
+/* The field separator information */
+
+# define XN_FLAG_SEP_MASK        (0xf << 16)
+
+# define XN_FLAG_COMPAT          0/* Traditional SSLeay: use old
+                                   * X509_NAME_print */
+# define XN_FLAG_SEP_COMMA_PLUS  (1 << 16)/* RFC2253 ,+ */
+# define XN_FLAG_SEP_CPLUS_SPC   (2 << 16)/* ,+ spaced: more readable */
+# define XN_FLAG_SEP_SPLUS_SPC   (3 << 16)/* ;+ spaced */
+# define XN_FLAG_SEP_MULTILINE   (4 << 16)/* One line per field */
+
+# define XN_FLAG_DN_REV          (1 << 20)/* Reverse DN order */
+
+/* How the field name is shown */
+
+# define XN_FLAG_FN_MASK         (0x3 << 21)
+
+# define XN_FLAG_FN_SN           0/* Object short name */
+# define XN_FLAG_FN_LN           (1 << 21)/* Object long name */
+# define XN_FLAG_FN_OID          (2 << 21)/* Always use OIDs */
+# define XN_FLAG_FN_NONE         (3 << 21)/* No field names */
+
+# define XN_FLAG_SPC_EQ          (1 << 23)/* Put spaces round '=' */
+
+/*
+ * This determines if we dump fields we don't recognise: RFC2253 requires
+ * this.
+ */
+
+# define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
+
+# define XN_FLAG_FN_ALIGN        (1 << 25)/* Align field names to 20
+                                           * characters */
+
+/* Complete set of RFC2253 flags */
+
+# define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \
+                        XN_FLAG_SEP_COMMA_PLUS | \
+                        XN_FLAG_DN_REV | \
+                        XN_FLAG_FN_SN | \
+                        XN_FLAG_DUMP_UNKNOWN_FIELDS)
+
+/* readable oneline form */
+
+# define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \
+                        ASN1_STRFLGS_ESC_QUOTE | \
+                        XN_FLAG_SEP_CPLUS_SPC | \
+                        XN_FLAG_SPC_EQ | \
+                        XN_FLAG_FN_SN)
+
+/* readable multiline form */
+
+# define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \
+                        ASN1_STRFLGS_ESC_MSB | \
+                        XN_FLAG_SEP_MULTILINE | \
+                        XN_FLAG_SPC_EQ | \
+                        XN_FLAG_FN_LN | \
+                        XN_FLAG_FN_ALIGN)
+
+struct x509_revoked_st {
+    ASN1_INTEGER *serialNumber;
+    ASN1_TIME *revocationDate;
+    STACK_OF(X509_EXTENSION) /* optional */ *extensions;
+    /* Set up if indirect CRL */
+    STACK_OF(GENERAL_NAME) *issuer;
+    /* Revocation reason */
+    int reason;
+    int sequence;               /* load sequence */
+};
+
+DECLARE_STACK_OF(X509_REVOKED)
+DECLARE_ASN1_SET_OF(X509_REVOKED)
+
+typedef struct X509_crl_info_st {
+    ASN1_INTEGER *version;
+    X509_ALGOR *sig_alg;
+    X509_NAME *issuer;
+    ASN1_TIME *lastUpdate;
+    ASN1_TIME *nextUpdate;
+    STACK_OF(X509_REVOKED) *revoked;
+    STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
+    ASN1_ENCODING enc;
+} X509_CRL_INFO;
+
+struct X509_crl_st {
+    /* actual signature */
+    X509_CRL_INFO *crl;
+    X509_ALGOR *sig_alg;
+    ASN1_BIT_STRING *signature;
+    int references;
+    int flags;
+    /* Copies of various extensions */
+    AUTHORITY_KEYID *akid;
+    ISSUING_DIST_POINT *idp;
+    /* Convenient breakdown of IDP */
+    int idp_flags;
+    int idp_reasons;
+    /* CRL and base CRL numbers for delta processing */
+    ASN1_INTEGER *crl_number;
+    ASN1_INTEGER *base_crl_number;
+# ifndef OPENSSL_NO_SHA
+    unsigned char sha1_hash[SHA_DIGEST_LENGTH];
+# endif
+    STACK_OF(GENERAL_NAMES) *issuers;
+    const X509_CRL_METHOD *meth;
+    void *meth_data;
+} /* X509_CRL */ ;
+
+DECLARE_STACK_OF(X509_CRL)
+DECLARE_ASN1_SET_OF(X509_CRL)
+
+typedef struct private_key_st {
+    int version;
+    /* The PKCS#8 data types */
+    X509_ALGOR *enc_algor;
+    ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */
+    /* When decrypted, the following will not be NULL */
+    EVP_PKEY *dec_pkey;
+    /* used to encrypt and decrypt */
+    int key_length;
+    char *key_data;
+    int key_free;               /* true if we should auto free key_data */
+    /* expanded version of 'enc_algor' */
+    EVP_CIPHER_INFO cipher;
+    int references;
+} X509_PKEY;
+
+# ifndef OPENSSL_NO_EVP
+typedef struct X509_info_st {
+    X509 *x509;
+    X509_CRL *crl;
+    X509_PKEY *x_pkey;
+    EVP_CIPHER_INFO enc_cipher;
+    int enc_len;
+    char *enc_data;
+    int references;
+} X509_INFO;
+
+DECLARE_STACK_OF(X509_INFO)
+# endif
+
+/*
+ * The next 2 structures and their 8 routines were sent to me by Pat Richard
+ * <patr at x509.com> and are used to manipulate Netscapes spki structures -
+ * useful if you are writing a CA web page
+ */
+typedef struct Netscape_spkac_st {
+    X509_PUBKEY *pubkey;
+    ASN1_IA5STRING *challenge;  /* challenge sent in atlas >= PR2 */
+} NETSCAPE_SPKAC;
+
+typedef struct Netscape_spki_st {
+    NETSCAPE_SPKAC *spkac;      /* signed public key and challenge */
+    X509_ALGOR *sig_algor;
+    ASN1_BIT_STRING *signature;
+} NETSCAPE_SPKI;
+
+/* Netscape certificate sequence structure */
+typedef struct Netscape_certificate_sequence {
+    ASN1_OBJECT *type;
+    STACK_OF(X509) *certs;
+} NETSCAPE_CERT_SEQUENCE;
+
+/*- Unused (and iv length is wrong)
+typedef struct CBCParameter_st
+        {
+        unsigned char iv[8];
+        } CBC_PARAM;
+*/
+
+/* Password based encryption structure */
+
+typedef struct PBEPARAM_st {
+    ASN1_OCTET_STRING *salt;
+    ASN1_INTEGER *iter;
+} PBEPARAM;
+
+/* Password based encryption V2 structures */
+
+typedef struct PBE2PARAM_st {
+    X509_ALGOR *keyfunc;
+    X509_ALGOR *encryption;
+} PBE2PARAM;
+
+typedef struct PBKDF2PARAM_st {
+/* Usually OCTET STRING but could be anything */
+    ASN1_TYPE *salt;
+    ASN1_INTEGER *iter;
+    ASN1_INTEGER *keylength;
+    X509_ALGOR *prf;
+} PBKDF2PARAM;
+
+/* PKCS#8 private key info structure */
+
+struct pkcs8_priv_key_info_st {
+    /* Flag for various broken formats */
+    int broken;
+# define PKCS8_OK                0
+# define PKCS8_NO_OCTET          1
+# define PKCS8_EMBEDDED_PARAM    2
+# define PKCS8_NS_DB             3
+# define PKCS8_NEG_PRIVKEY       4
+    ASN1_INTEGER *version;
+    X509_ALGOR *pkeyalg;
+    /* Should be OCTET STRING but some are broken */
+    ASN1_TYPE *pkey;
+    STACK_OF(X509_ATTRIBUTE) *attributes;
+};
+
+#ifdef  __cplusplus
+}
+#endif
+
+# include <openssl/x509_vfy.h>
+# include <openssl/pkcs7.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# define X509_EXT_PACK_UNKNOWN   1
+# define X509_EXT_PACK_STRING    2
+
+# define         X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version)
+/* #define      X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */
+# define         X509_get_notBefore(x) ((x)->cert_info->validity->notBefore)
+# define         X509_get_notAfter(x) ((x)->cert_info->validity->notAfter)
+# define         X509_extract_key(x)     X509_get_pubkey(x)/*****/
+# define         X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version)
+# define         X509_REQ_get_subject_name(x) ((x)->req_info->subject)
+# define         X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
+# define         X509_name_cmp(a,b)      X509_NAME_cmp((a),(b))
+# define         X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
+
+# define         X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version)
+# define         X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
+# define         X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
+# define         X509_CRL_get_issuer(x) ((x)->crl->issuer)
+# define         X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
+
+void X509_CRL_set_default_method(const X509_CRL_METHOD *meth);
+X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl),
+                                     int (*crl_free) (X509_CRL *crl),
+                                     int (*crl_lookup) (X509_CRL *crl,
+                                                        X509_REVOKED **ret,
+                                                        ASN1_INTEGER *ser,
+                                                        X509_NAME *issuer),
+                                     int (*crl_verify) (X509_CRL *crl,
+                                                        EVP_PKEY *pk));
+void X509_CRL_METHOD_free(X509_CRL_METHOD *m);
+
+void X509_CRL_set_meth_data(X509_CRL *crl, void *dat);
+void *X509_CRL_get_meth_data(X509_CRL *crl);
+
+/*
+ * This one is only used so that a binary form can output, as in
+ * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf)
+ */
+# define         X509_get_X509_PUBKEY(x) ((x)->cert_info->key)
+
+const char *X509_verify_cert_error_string(long n);
+
+# ifndef OPENSSL_NO_EVP
+int X509_verify(X509 *a, EVP_PKEY *r);
+
+int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
+int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
+int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r);
+
+NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len);
+char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x);
+EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x);
+int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
+
+int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki);
+
+int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent);
+int X509_signature_print(BIO *bp, X509_ALGOR *alg, ASN1_STRING *sig);
+
+int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx);
+int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx);
+int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx);
+int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
+
+int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
+                       unsigned char *md, unsigned int *len);
+int X509_digest(const X509 *data, const EVP_MD *type,
+                unsigned char *md, unsigned int *len);
+int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type,
+                    unsigned char *md, unsigned int *len);
+int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type,
+                    unsigned char *md, unsigned int *len);
+int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
+                     unsigned char *md, unsigned int *len);
+# endif
+
+# ifndef OPENSSL_NO_FP_API
+X509 *d2i_X509_fp(FILE *fp, X509 **x509);
+int i2d_X509_fp(FILE *fp, X509 *x509);
+X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl);
+int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl);
+X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req);
+int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req);
+#  ifndef OPENSSL_NO_RSA
+RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa);
+int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa);
+RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa);
+int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa);
+RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa);
+int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa);
+#  endif
+#  ifndef OPENSSL_NO_DSA
+DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
+int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
+DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
+int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
+#  endif
+#  ifndef OPENSSL_NO_EC
+EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey);
+int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey);
+EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey);
+int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey);
+#  endif
+X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8);
+int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8);
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
+                                                PKCS8_PRIV_KEY_INFO **p8inf);
+int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf);
+int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key);
+int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey);
+EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
+int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
+# endif
+
+# ifndef OPENSSL_NO_BIO
+X509 *d2i_X509_bio(BIO *bp, X509 **x509);
+int i2d_X509_bio(BIO *bp, X509 *x509);
+X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl);
+int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl);
+X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req);
+int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req);
+#  ifndef OPENSSL_NO_RSA
+RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa);
+int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa);
+RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa);
+int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa);
+RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa);
+int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa);
+#  endif
+#  ifndef OPENSSL_NO_DSA
+DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);
+int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
+DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
+int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
+#  endif
+#  ifndef OPENSSL_NO_EC
+EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey);
+int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey);
+EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey);
+int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey);
+#  endif
+X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8);
+int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8);
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
+                                                 PKCS8_PRIV_KEY_INFO **p8inf);
+int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf);
+int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key);
+int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey);
+EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
+int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
+# endif
+
+X509 *X509_dup(X509 *x509);
+X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa);
+X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex);
+X509_CRL *X509_CRL_dup(X509_CRL *crl);
+X509_REQ *X509_REQ_dup(X509_REQ *req);
+X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
+int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype,
+                    void *pval);
+void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
+                     X509_ALGOR *algor);
+void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
+int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
+
+X509_NAME *X509_NAME_dup(X509_NAME *xn);
+X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
+
+int X509_cmp_time(const ASN1_TIME *s, time_t *t);
+int X509_cmp_current_time(const ASN1_TIME *s);
+ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *t);
+ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s,
+                            int offset_day, long offset_sec, time_t *t);
+ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj);
+
+const char *X509_get_default_cert_area(void);
+const char *X509_get_default_cert_dir(void);
+const char *X509_get_default_cert_file(void);
+const char *X509_get_default_cert_dir_env(void);
+const char *X509_get_default_cert_file_env(void);
+const char *X509_get_default_private_dir(void);
+
+X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
+X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey);
+
+DECLARE_ASN1_FUNCTIONS(X509_ALGOR)
+DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS)
+DECLARE_ASN1_FUNCTIONS(X509_VAL)
+
+DECLARE_ASN1_FUNCTIONS(X509_PUBKEY)
+
+int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
+EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key);
+int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain);
+int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp);
+EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length);
+# ifndef OPENSSL_NO_RSA
+int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp);
+RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length);
+# endif
+# ifndef OPENSSL_NO_DSA
+int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp);
+DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length);
+# endif
+# ifndef OPENSSL_NO_EC
+int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp);
+EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length);
+# endif
+
+DECLARE_ASN1_FUNCTIONS(X509_SIG)
+DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO)
+DECLARE_ASN1_FUNCTIONS(X509_REQ)
+
+DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE)
+X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);
+
+DECLARE_ASN1_FUNCTIONS(X509_EXTENSION)
+DECLARE_ASN1_ENCODE_FUNCTIONS(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS)
+
+DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY)
+
+DECLARE_ASN1_FUNCTIONS(X509_NAME)
+
+int X509_NAME_set(X509_NAME **xn, X509_NAME *name);
+
+DECLARE_ASN1_FUNCTIONS(X509_CINF)
+
+DECLARE_ASN1_FUNCTIONS(X509)
+DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX)
+
+DECLARE_ASN1_FUNCTIONS(X509_CERT_PAIR)
+
+int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+                          CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int X509_set_ex_data(X509 *r, int idx, void *arg);
+void *X509_get_ex_data(X509 *r, int idx);
+int i2d_X509_AUX(X509 *a, unsigned char **pp);
+X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length);
+
+int X509_alias_set1(X509 *x, unsigned char *name, int len);
+int X509_keyid_set1(X509 *x, unsigned char *id, int len);
+unsigned char *X509_alias_get0(X509 *x, int *len);
+unsigned char *X509_keyid_get0(X509 *x, int *len);
+int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *,
+                                                                int);
+int X509_TRUST_set(int *t, int trust);
+int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
+int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);
+void X509_trust_clear(X509 *x);
+void X509_reject_clear(X509 *x);
+
+DECLARE_ASN1_FUNCTIONS(X509_REVOKED)
+DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO)
+DECLARE_ASN1_FUNCTIONS(X509_CRL)
+
+int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
+int X509_CRL_get0_by_serial(X509_CRL *crl,
+                            X509_REVOKED **ret, ASN1_INTEGER *serial);
+int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x);
+
+X509_PKEY *X509_PKEY_new(void);
+void X509_PKEY_free(X509_PKEY *a);
+int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp);
+X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, const unsigned char **pp,
+                         long length);
+
+DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI)
+DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
+DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
+
+# ifndef OPENSSL_NO_EVP
+X509_INFO *X509_INFO_new(void);
+void X509_INFO_free(X509_INFO *a);
+char *X509_NAME_oneline(X509_NAME *a, char *buf, int size);
+
+int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1,
+                ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey);
+
+int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
+                unsigned char *md, unsigned int *len);
+
+int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1,
+              X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
+              char *data, EVP_PKEY *pkey, const EVP_MD *type);
+
+int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *data,
+                     unsigned char *md, unsigned int *len);
+
+int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1,
+                     ASN1_BIT_STRING *signature, void *data, EVP_PKEY *pkey);
+
+int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
+                   X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *data,
+                   EVP_PKEY *pkey, const EVP_MD *type);
+int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
+                       X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
+                       void *asn, EVP_MD_CTX *ctx);
+# endif
+
+int X509_set_version(X509 *x, long version);
+int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
+ASN1_INTEGER *X509_get_serialNumber(X509 *x);
+int X509_set_issuer_name(X509 *x, X509_NAME *name);
+X509_NAME *X509_get_issuer_name(X509 *a);
+int X509_set_subject_name(X509 *x, X509_NAME *name);
+X509_NAME *X509_get_subject_name(X509 *a);
+int X509_set_notBefore(X509 *x, const ASN1_TIME *tm);
+int X509_set_notAfter(X509 *x, const ASN1_TIME *tm);
+int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
+EVP_PKEY *X509_get_pubkey(X509 *x);
+ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x);
+int X509_certificate_type(X509 *x, EVP_PKEY *pubkey /* optional */ );
+
+int X509_REQ_set_version(X509_REQ *x, long version);
+int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name);
+int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
+EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
+int X509_REQ_extension_nid(int nid);
+int *X509_REQ_get_extension_nids(void);
+void X509_REQ_set_extension_nids(int *nids);
+STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
+int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
+                                int nid);
+int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts);
+int X509_REQ_get_attr_count(const X509_REQ *req);
+int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos);
+int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
+                             int lastpos);
+X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc);
+X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc);
+int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr);
+int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
+                              const ASN1_OBJECT *obj, int type,
+                              const unsigned char *bytes, int len);
+int X509_REQ_add1_attr_by_NID(X509_REQ *req,
+                              int nid, int type,
+                              const unsigned char *bytes, int len);
+int X509_REQ_add1_attr_by_txt(X509_REQ *req,
+                              const char *attrname, int type,
+                              const unsigned char *bytes, int len);
+
+int X509_CRL_set_version(X509_CRL *x, long version);
+int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
+int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
+int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
+int X509_CRL_sort(X509_CRL *crl);
+
+int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
+int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
+
+int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
+
+int X509_check_private_key(X509 *x509, EVP_PKEY *pkey);
+
+int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
+unsigned long X509_issuer_and_serial_hash(X509 *a);
+
+int X509_issuer_name_cmp(const X509 *a, const X509 *b);
+unsigned long X509_issuer_name_hash(X509 *a);
+
+int X509_subject_name_cmp(const X509 *a, const X509 *b);
+unsigned long X509_subject_name_hash(X509 *x);
+
+# ifndef OPENSSL_NO_MD5
+unsigned long X509_issuer_name_hash_old(X509 *a);
+unsigned long X509_subject_name_hash_old(X509 *x);
+# endif
+
+int X509_cmp(const X509 *a, const X509 *b);
+int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
+unsigned long X509_NAME_hash(X509_NAME *x);
+unsigned long X509_NAME_hash_old(X509_NAME *x);
+
+int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
+int X509_CRL_match(const X509_CRL *a, const X509_CRL *b);
+# ifndef OPENSSL_NO_FP_API
+int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag,
+                     unsigned long cflag);
+int X509_print_fp(FILE *bp, X509 *x);
+int X509_CRL_print_fp(FILE *bp, X509_CRL *x);
+int X509_REQ_print_fp(FILE *bp, X509_REQ *req);
+int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent,
+                          unsigned long flags);
+# endif
+
+# ifndef OPENSSL_NO_BIO
+int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
+int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent,
+                       unsigned long flags);
+int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag,
+                  unsigned long cflag);
+int X509_print(BIO *bp, X509 *x);
+int X509_ocspid_print(BIO *bp, X509 *x);
+int X509_CERT_AUX_print(BIO *bp, X509_CERT_AUX *x, int indent);
+int X509_CRL_print(BIO *bp, X509_CRL *x);
+int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag,
+                      unsigned long cflag);
+int X509_REQ_print(BIO *bp, X509_REQ *req);
+# endif
+
+int X509_NAME_entry_count(X509_NAME *name);
+int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len);
+int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
+                              char *buf, int len);
+
+/*
+ * NOTE: you should be passsing -1, not 0 as lastpos.  The functions that use
+ * lastpos, search after that position on.
+ */
+int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos);
+int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
+                               int lastpos);
+X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
+X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
+int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne,
+                        int loc, int set);
+int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
+                               unsigned char *bytes, int len, int loc,
+                               int set);
+int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
+                               unsigned char *bytes, int len, int loc,
+                               int set);
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
+                                               const char *field, int type,
+                                               const unsigned char *bytes,
+                                               int len);
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
+                                               int type, unsigned char *bytes,
+                                               int len);
+int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
+                               const unsigned char *bytes, int len, int loc,
+                               int set);
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
+                                               ASN1_OBJECT *obj, int type,
+                                               const unsigned char *bytes,
+                                               int len);
+int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj);
+int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
+                             const unsigned char *bytes, int len);
+ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
+ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
+
+int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
+int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
+                          int nid, int lastpos);
+int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
+                          ASN1_OBJECT *obj, int lastpos);
+int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
+                               int crit, int lastpos);
+X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
+X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);
+STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
+                                         X509_EXTENSION *ex, int loc);
+
+int X509_get_ext_count(X509 *x);
+int X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
+int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos);
+int X509_get_ext_by_critical(X509 *x, int crit, int lastpos);
+X509_EXTENSION *X509_get_ext(X509 *x, int loc);
+X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
+int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
+void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
+int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
+                      unsigned long flags);
+
+int X509_CRL_get_ext_count(X509_CRL *x);
+int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos);
+int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos);
+int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos);
+X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc);
+X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
+int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
+void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
+int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
+                          unsigned long flags);
+
+int X509_REVOKED_get_ext_count(X509_REVOKED *x);
+int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos);
+int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj,
+                                int lastpos);
+int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos);
+X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc);
+X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
+int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
+void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
+int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
+                              unsigned long flags);
+
+X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
+                                             int nid, int crit,
+                                             ASN1_OCTET_STRING *data);
+X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
+                                             ASN1_OBJECT *obj, int crit,
+                                             ASN1_OCTET_STRING *data);
+int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj);
+int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
+int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data);
+ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex);
+ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
+int X509_EXTENSION_get_critical(X509_EXTENSION *ex);
+
+int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);
+int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
+                           int lastpos);
+int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk,
+                           ASN1_OBJECT *obj, int lastpos);
+X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc);
+X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc);
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
+                                           X509_ATTRIBUTE *attr);
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE)
+                                                  **x, const ASN1_OBJECT *obj,
+                                                  int type,
+                                                  const unsigned char *bytes,
+                                                  int len);
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE)
+                                                  **x, int nid, int type,
+                                                  const unsigned char *bytes,
+                                                  int len);
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE)
+                                                  **x, const char *attrname,
+                                                  int type,
+                                                  const unsigned char *bytes,
+                                                  int len);
+void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, ASN1_OBJECT *obj,
+                              int lastpos, int type);
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
+                                             int atrtype, const void *data,
+                                             int len);
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
+                                             const ASN1_OBJECT *obj,
+                                             int atrtype, const void *data,
+                                             int len);
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
+                                             const char *atrname, int type,
+                                             const unsigned char *bytes,
+                                             int len);
+int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj);
+int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
+                             const void *data, int len);
+void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype,
+                               void *data);
+int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr);
+ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);
+ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx);
+
+int EVP_PKEY_get_attr_count(const EVP_PKEY *key);
+int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos);
+int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj,
+                             int lastpos);
+X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc);
+X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc);
+int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr);
+int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,
+                              const ASN1_OBJECT *obj, int type,
+                              const unsigned char *bytes, int len);
+int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,
+                              int nid, int type,
+                              const unsigned char *bytes, int len);
+int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
+                              const char *attrname, int type,
+                              const unsigned char *bytes, int len);
+
+int X509_verify_cert(X509_STORE_CTX *ctx);
+
+/* lookup a cert from a X509 STACK */
+X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
+                                     ASN1_INTEGER *serial);
+X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name);
+
+DECLARE_ASN1_FUNCTIONS(PBEPARAM)
+DECLARE_ASN1_FUNCTIONS(PBE2PARAM)
+DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM)
+
+int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
+                         const unsigned char *salt, int saltlen);
+
+X509_ALGOR *PKCS5_pbe_set(int alg, int iter,
+                          const unsigned char *salt, int saltlen);
+X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
+                           unsigned char *salt, int saltlen);
+X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
+                              unsigned char *salt, int saltlen,
+                              unsigned char *aiv, int prf_nid);
+
+X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
+                             int prf_nid, int keylen);
+
+/* PKCS#8 utilities */
+
+DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
+
+EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);
+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken);
+PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
+
+int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
+                    int version, int ptype, void *pval,
+                    unsigned char *penc, int penclen);
+int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg,
+                    const unsigned char **pk, int *ppklen,
+                    X509_ALGOR **pa, PKCS8_PRIV_KEY_INFO *p8);
+
+int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
+                           int ptype, void *pval,
+                           unsigned char *penc, int penclen);
+int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
+                           const unsigned char **pk, int *ppklen,
+                           X509_ALGOR **pa, X509_PUBKEY *pub);
+
+int X509_check_trust(X509 *x, int id, int flags);
+int X509_TRUST_get_count(void);
+X509_TRUST *X509_TRUST_get0(int idx);
+int X509_TRUST_get_by_id(int id);
+int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
+                   char *name, int arg1, void *arg2);
+void X509_TRUST_cleanup(void);
+int X509_TRUST_get_flags(X509_TRUST *xp);
+char *X509_TRUST_get0_name(X509_TRUST *xp);
+int X509_TRUST_get_trust(X509_TRUST *xp);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+void ERR_load_X509_strings(void);
+
+/* Error codes for the X509 functions. */
+
+/* Function codes. */
+# define X509_F_ADD_CERT_DIR                              100
+# define X509_F_BY_FILE_CTRL                              101
+# define X509_F_CHECK_NAME_CONSTRAINTS                    106
+# define X509_F_CHECK_POLICY                              145
+# define X509_F_DIR_CTRL                                  102
+# define X509_F_GET_CERT_BY_SUBJECT                       103
+# define X509_F_NETSCAPE_SPKI_B64_DECODE                  129
+# define X509_F_NETSCAPE_SPKI_B64_ENCODE                  130
+# define X509_F_X509AT_ADD1_ATTR                          135
+# define X509_F_X509V3_ADD_EXT                            104
+# define X509_F_X509_ATTRIBUTE_CREATE_BY_NID              136
+# define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ              137
+# define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT              140
+# define X509_F_X509_ATTRIBUTE_GET0_DATA                  139
+# define X509_F_X509_ATTRIBUTE_SET1_DATA                  138
+# define X509_F_X509_CHECK_PRIVATE_KEY                    128
+# define X509_F_X509_CRL_PRINT_FP                         147
+# define X509_F_X509_EXTENSION_CREATE_BY_NID              108
+# define X509_F_X509_EXTENSION_CREATE_BY_OBJ              109
+# define X509_F_X509_GET_PUBKEY_PARAMETERS                110
+# define X509_F_X509_LOAD_CERT_CRL_FILE                   132
+# define X509_F_X509_LOAD_CERT_FILE                       111
+# define X509_F_X509_LOAD_CRL_FILE                        112
+# define X509_F_X509_NAME_ADD_ENTRY                       113
+# define X509_F_X509_NAME_ENTRY_CREATE_BY_NID             114
+# define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT             131
+# define X509_F_X509_NAME_ENTRY_SET_OBJECT                115
+# define X509_F_X509_NAME_ONELINE                         116
+# define X509_F_X509_NAME_PRINT                           117
+# define X509_F_X509_PRINT_EX_FP                          118
+# define X509_F_X509_PUBKEY_GET                           119
+# define X509_F_X509_PUBKEY_SET                           120
+# define X509_F_X509_REQ_CHECK_PRIVATE_KEY                144
+# define X509_F_X509_REQ_PRINT_EX                         121
+# define X509_F_X509_REQ_PRINT_FP                         122
+# define X509_F_X509_REQ_TO_X509                          123
+# define X509_F_X509_STORE_ADD_CERT                       124
+# define X509_F_X509_STORE_ADD_CRL                        125
+# define X509_F_X509_STORE_CTX_GET1_ISSUER                146
+# define X509_F_X509_STORE_CTX_INIT                       143
+# define X509_F_X509_STORE_CTX_NEW                        142
+# define X509_F_X509_STORE_CTX_PURPOSE_INHERIT            134
+# define X509_F_X509_TO_X509_REQ                          126
+# define X509_F_X509_TRUST_ADD                            133
+# define X509_F_X509_TRUST_SET                            141
+# define X509_F_X509_VERIFY_CERT                          127
+
+/* Reason codes. */
+# define X509_R_BAD_X509_FILETYPE                         100
+# define X509_R_BASE64_DECODE_ERROR                       118
+# define X509_R_CANT_CHECK_DH_KEY                         114
+# define X509_R_CERT_ALREADY_IN_HASH_TABLE                101
+# define X509_R_ERR_ASN1_LIB                              102
+# define X509_R_INVALID_DIRECTORY                         113
+# define X509_R_INVALID_FIELD_NAME                        119
+# define X509_R_INVALID_TRUST                             123
+# define X509_R_KEY_TYPE_MISMATCH                         115
+# define X509_R_KEY_VALUES_MISMATCH                       116
+# define X509_R_LOADING_CERT_DIR                          103
+# define X509_R_LOADING_DEFAULTS                          104
+# define X509_R_METHOD_NOT_SUPPORTED                      124
+# define X509_R_NAME_TOO_LONG                             134
+# define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY              105
+# define X509_R_PUBLIC_KEY_DECODE_ERROR                   125
+# define X509_R_PUBLIC_KEY_ENCODE_ERROR                   126
+# define X509_R_SHOULD_RETRY                              106
+# define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN        107
+# define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY            108
+# define X509_R_UNKNOWN_KEY_TYPE                          117
+# define X509_R_UNKNOWN_NID                               109
+# define X509_R_UNKNOWN_PURPOSE_ID                        121
+# define X509_R_UNKNOWN_TRUST_ID                          120
+# define X509_R_UNSUPPORTED_ALGORITHM                     111
+# define X509_R_WRONG_LOOKUP_TYPE                         112
+# define X509_R_WRONG_TYPE                                122
+
+# ifdef  __cplusplus
+}
+# endif
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/x509/x509_err.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509/x509_err.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/x509/x509_err.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,178 +0,0 @@
-/* crypto/x509/x509_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/x509.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason)
-
-static ERR_STRING_DATA X509_str_functs[] = {
-    {ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"},
-    {ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"},
-    {ERR_FUNC(X509_F_CHECK_POLICY), "CHECK_POLICY"},
-    {ERR_FUNC(X509_F_DIR_CTRL), "DIR_CTRL"},
-    {ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "GET_CERT_BY_SUBJECT"},
-    {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"},
-    {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"},
-    {ERR_FUNC(X509_F_X509AT_ADD1_ATTR), "X509at_add1_attr"},
-    {ERR_FUNC(X509_F_X509V3_ADD_EXT), "X509v3_add_ext"},
-    {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID),
-     "X509_ATTRIBUTE_create_by_NID"},
-    {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ),
-     "X509_ATTRIBUTE_create_by_OBJ"},
-    {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT),
-     "X509_ATTRIBUTE_create_by_txt"},
-    {ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"},
-    {ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"},
-    {ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"},
-    {ERR_FUNC(X509_F_X509_CRL_PRINT_FP), "X509_CRL_print_fp"},
-    {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID),
-     "X509_EXTENSION_create_by_NID"},
-    {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ),
-     "X509_EXTENSION_create_by_OBJ"},
-    {ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS),
-     "X509_get_pubkey_parameters"},
-    {ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE), "X509_load_cert_crl_file"},
-    {ERR_FUNC(X509_F_X509_LOAD_CERT_FILE), "X509_load_cert_file"},
-    {ERR_FUNC(X509_F_X509_LOAD_CRL_FILE), "X509_load_crl_file"},
-    {ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY), "X509_NAME_add_entry"},
-    {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID),
-     "X509_NAME_ENTRY_create_by_NID"},
-    {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT),
-     "X509_NAME_ENTRY_create_by_txt"},
-    {ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT),
-     "X509_NAME_ENTRY_set_object"},
-    {ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"},
-    {ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"},
-    {ERR_FUNC(X509_F_X509_PRINT_EX_FP), "X509_print_ex_fp"},
-    {ERR_FUNC(X509_F_X509_PUBKEY_GET), "X509_PUBKEY_get"},
-    {ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"},
-    {ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY),
-     "X509_REQ_check_private_key"},
-    {ERR_FUNC(X509_F_X509_REQ_PRINT_EX), "X509_REQ_print_ex"},
-    {ERR_FUNC(X509_F_X509_REQ_PRINT_FP), "X509_REQ_print_fp"},
-    {ERR_FUNC(X509_F_X509_REQ_TO_X509), "X509_REQ_to_X509"},
-    {ERR_FUNC(X509_F_X509_STORE_ADD_CERT), "X509_STORE_add_cert"},
-    {ERR_FUNC(X509_F_X509_STORE_ADD_CRL), "X509_STORE_add_crl"},
-    {ERR_FUNC(X509_F_X509_STORE_CTX_GET1_ISSUER),
-     "X509_STORE_CTX_get1_issuer"},
-    {ERR_FUNC(X509_F_X509_STORE_CTX_INIT), "X509_STORE_CTX_init"},
-    {ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"},
-    {ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT),
-     "X509_STORE_CTX_purpose_inherit"},
-    {ERR_FUNC(X509_F_X509_TO_X509_REQ), "X509_to_X509_REQ"},
-    {ERR_FUNC(X509_F_X509_TRUST_ADD), "X509_TRUST_add"},
-    {ERR_FUNC(X509_F_X509_TRUST_SET), "X509_TRUST_set"},
-    {ERR_FUNC(X509_F_X509_VERIFY_CERT), "X509_verify_cert"},
-    {0, NULL}
-};
-
-static ERR_STRING_DATA X509_str_reasons[] = {
-    {ERR_REASON(X509_R_BAD_X509_FILETYPE), "bad x509 filetype"},
-    {ERR_REASON(X509_R_BASE64_DECODE_ERROR), "base64 decode error"},
-    {ERR_REASON(X509_R_CANT_CHECK_DH_KEY), "cant check dh key"},
-    {ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE),
-     "cert already in hash table"},
-    {ERR_REASON(X509_R_ERR_ASN1_LIB), "err asn1 lib"},
-    {ERR_REASON(X509_R_INVALID_DIRECTORY), "invalid directory"},
-    {ERR_REASON(X509_R_INVALID_FIELD_NAME), "invalid field name"},
-    {ERR_REASON(X509_R_INVALID_TRUST), "invalid trust"},
-    {ERR_REASON(X509_R_KEY_TYPE_MISMATCH), "key type mismatch"},
-    {ERR_REASON(X509_R_KEY_VALUES_MISMATCH), "key values mismatch"},
-    {ERR_REASON(X509_R_LOADING_CERT_DIR), "loading cert dir"},
-    {ERR_REASON(X509_R_LOADING_DEFAULTS), "loading defaults"},
-    {ERR_REASON(X509_R_METHOD_NOT_SUPPORTED), "method not supported"},
-    {ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),
-     "no cert set for us to verify"},
-    {ERR_REASON(X509_R_PUBLIC_KEY_DECODE_ERROR), "public key decode error"},
-    {ERR_REASON(X509_R_PUBLIC_KEY_ENCODE_ERROR), "public key encode error"},
-    {ERR_REASON(X509_R_SHOULD_RETRY), "should retry"},
-    {ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN),
-     "unable to find parameters in chain"},
-    {ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY),
-     "unable to get certs public key"},
-    {ERR_REASON(X509_R_UNKNOWN_KEY_TYPE), "unknown key type"},
-    {ERR_REASON(X509_R_UNKNOWN_NID), "unknown nid"},
-    {ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID), "unknown purpose id"},
-    {ERR_REASON(X509_R_UNKNOWN_TRUST_ID), "unknown trust id"},
-    {ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM), "unsupported algorithm"},
-    {ERR_REASON(X509_R_WRONG_LOOKUP_TYPE), "wrong lookup type"},
-    {ERR_REASON(X509_R_WRONG_TYPE), "wrong type"},
-    {0, NULL}
-};
-
-#endif
-
-void ERR_load_X509_strings(void)
-{
-#ifndef OPENSSL_NO_ERR
-
-    if (ERR_func_error_string(X509_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, X509_str_functs);
-        ERR_load_strings(0, X509_str_reasons);
-    }
-#endif
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/x509/x509_err.c (from rev 11605, vendor-crypto/openssl/dist/crypto/x509/x509_err.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/x509/x509_err.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/x509/x509_err.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,180 @@
+/* crypto/x509/x509_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason)
+
+static ERR_STRING_DATA X509_str_functs[] = {
+    {ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"},
+    {ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"},
+    {ERR_FUNC(X509_F_CHECK_NAME_CONSTRAINTS), "CHECK_NAME_CONSTRAINTS"},
+    {ERR_FUNC(X509_F_CHECK_POLICY), "CHECK_POLICY"},
+    {ERR_FUNC(X509_F_DIR_CTRL), "DIR_CTRL"},
+    {ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "GET_CERT_BY_SUBJECT"},
+    {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"},
+    {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"},
+    {ERR_FUNC(X509_F_X509AT_ADD1_ATTR), "X509at_add1_attr"},
+    {ERR_FUNC(X509_F_X509V3_ADD_EXT), "X509v3_add_ext"},
+    {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID),
+     "X509_ATTRIBUTE_create_by_NID"},
+    {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ),
+     "X509_ATTRIBUTE_create_by_OBJ"},
+    {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT),
+     "X509_ATTRIBUTE_create_by_txt"},
+    {ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"},
+    {ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"},
+    {ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"},
+    {ERR_FUNC(X509_F_X509_CRL_PRINT_FP), "X509_CRL_print_fp"},
+    {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID),
+     "X509_EXTENSION_create_by_NID"},
+    {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ),
+     "X509_EXTENSION_create_by_OBJ"},
+    {ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS),
+     "X509_get_pubkey_parameters"},
+    {ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE), "X509_load_cert_crl_file"},
+    {ERR_FUNC(X509_F_X509_LOAD_CERT_FILE), "X509_load_cert_file"},
+    {ERR_FUNC(X509_F_X509_LOAD_CRL_FILE), "X509_load_crl_file"},
+    {ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY), "X509_NAME_add_entry"},
+    {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID),
+     "X509_NAME_ENTRY_create_by_NID"},
+    {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT),
+     "X509_NAME_ENTRY_create_by_txt"},
+    {ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT),
+     "X509_NAME_ENTRY_set_object"},
+    {ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"},
+    {ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"},
+    {ERR_FUNC(X509_F_X509_PRINT_EX_FP), "X509_print_ex_fp"},
+    {ERR_FUNC(X509_F_X509_PUBKEY_GET), "X509_PUBKEY_get"},
+    {ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"},
+    {ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY),
+     "X509_REQ_check_private_key"},
+    {ERR_FUNC(X509_F_X509_REQ_PRINT_EX), "X509_REQ_print_ex"},
+    {ERR_FUNC(X509_F_X509_REQ_PRINT_FP), "X509_REQ_print_fp"},
+    {ERR_FUNC(X509_F_X509_REQ_TO_X509), "X509_REQ_to_X509"},
+    {ERR_FUNC(X509_F_X509_STORE_ADD_CERT), "X509_STORE_add_cert"},
+    {ERR_FUNC(X509_F_X509_STORE_ADD_CRL), "X509_STORE_add_crl"},
+    {ERR_FUNC(X509_F_X509_STORE_CTX_GET1_ISSUER),
+     "X509_STORE_CTX_get1_issuer"},
+    {ERR_FUNC(X509_F_X509_STORE_CTX_INIT), "X509_STORE_CTX_init"},
+    {ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"},
+    {ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT),
+     "X509_STORE_CTX_purpose_inherit"},
+    {ERR_FUNC(X509_F_X509_TO_X509_REQ), "X509_to_X509_REQ"},
+    {ERR_FUNC(X509_F_X509_TRUST_ADD), "X509_TRUST_add"},
+    {ERR_FUNC(X509_F_X509_TRUST_SET), "X509_TRUST_set"},
+    {ERR_FUNC(X509_F_X509_VERIFY_CERT), "X509_verify_cert"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA X509_str_reasons[] = {
+    {ERR_REASON(X509_R_BAD_X509_FILETYPE), "bad x509 filetype"},
+    {ERR_REASON(X509_R_BASE64_DECODE_ERROR), "base64 decode error"},
+    {ERR_REASON(X509_R_CANT_CHECK_DH_KEY), "cant check dh key"},
+    {ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE),
+     "cert already in hash table"},
+    {ERR_REASON(X509_R_ERR_ASN1_LIB), "err asn1 lib"},
+    {ERR_REASON(X509_R_INVALID_DIRECTORY), "invalid directory"},
+    {ERR_REASON(X509_R_INVALID_FIELD_NAME), "invalid field name"},
+    {ERR_REASON(X509_R_INVALID_TRUST), "invalid trust"},
+    {ERR_REASON(X509_R_KEY_TYPE_MISMATCH), "key type mismatch"},
+    {ERR_REASON(X509_R_KEY_VALUES_MISMATCH), "key values mismatch"},
+    {ERR_REASON(X509_R_LOADING_CERT_DIR), "loading cert dir"},
+    {ERR_REASON(X509_R_LOADING_DEFAULTS), "loading defaults"},
+    {ERR_REASON(X509_R_METHOD_NOT_SUPPORTED), "method not supported"},
+    {ERR_REASON(X509_R_NAME_TOO_LONG), "name too long"},
+    {ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),
+     "no cert set for us to verify"},
+    {ERR_REASON(X509_R_PUBLIC_KEY_DECODE_ERROR), "public key decode error"},
+    {ERR_REASON(X509_R_PUBLIC_KEY_ENCODE_ERROR), "public key encode error"},
+    {ERR_REASON(X509_R_SHOULD_RETRY), "should retry"},
+    {ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN),
+     "unable to find parameters in chain"},
+    {ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY),
+     "unable to get certs public key"},
+    {ERR_REASON(X509_R_UNKNOWN_KEY_TYPE), "unknown key type"},
+    {ERR_REASON(X509_R_UNKNOWN_NID), "unknown nid"},
+    {ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID), "unknown purpose id"},
+    {ERR_REASON(X509_R_UNKNOWN_TRUST_ID), "unknown trust id"},
+    {ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM), "unsupported algorithm"},
+    {ERR_REASON(X509_R_WRONG_LOOKUP_TYPE), "wrong lookup type"},
+    {ERR_REASON(X509_R_WRONG_TYPE), "wrong type"},
+    {0, NULL}
+};
+
+#endif
+
+void ERR_load_X509_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(X509_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, X509_str_functs);
+        ERR_load_strings(0, X509_str_reasons);
+    }
+#endif
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/x509/x509_obj.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509/x509_obj.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/x509/x509_obj.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,212 +0,0 @@
-/* crypto/x509/x509_obj.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/buffer.h>
-
-char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
-{
-    X509_NAME_ENTRY *ne;
-    int i;
-    int n, lold, l, l1, l2, num, j, type;
-    const char *s;
-    char *p;
-    unsigned char *q;
-    BUF_MEM *b = NULL;
-    static const char hex[17] = "0123456789ABCDEF";
-    int gs_doit[4];
-    char tmp_buf[80];
-#ifdef CHARSET_EBCDIC
-    char ebcdic_buf[1024];
-#endif
-
-    if (buf == NULL) {
-        if ((b = BUF_MEM_new()) == NULL)
-            goto err;
-        if (!BUF_MEM_grow(b, 200))
-            goto err;
-        b->data[0] = '\0';
-        len = 200;
-    }
-    if (a == NULL) {
-        if (b) {
-            buf = b->data;
-            OPENSSL_free(b);
-        }
-        strncpy(buf, "NO X509_NAME", len);
-        buf[len - 1] = '\0';
-        return buf;
-    }
-
-    len--;                      /* space for '\0' */
-    l = 0;
-    for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
-        ne = sk_X509_NAME_ENTRY_value(a->entries, i);
-        n = OBJ_obj2nid(ne->object);
-        if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
-            i2t_ASN1_OBJECT(tmp_buf, sizeof(tmp_buf), ne->object);
-            s = tmp_buf;
-        }
-        l1 = strlen(s);
-
-        type = ne->value->type;
-        num = ne->value->length;
-        q = ne->value->data;
-#ifdef CHARSET_EBCDIC
-        if (type == V_ASN1_GENERALSTRING ||
-            type == V_ASN1_VISIBLESTRING ||
-            type == V_ASN1_PRINTABLESTRING ||
-            type == V_ASN1_TELETEXSTRING ||
-            type == V_ASN1_VISIBLESTRING || type == V_ASN1_IA5STRING) {
-            ascii2ebcdic(ebcdic_buf, q, (num > sizeof ebcdic_buf)
-                         ? sizeof ebcdic_buf : num);
-            q = ebcdic_buf;
-        }
-#endif
-
-        if ((type == V_ASN1_GENERALSTRING) && ((num % 4) == 0)) {
-            gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 0;
-            for (j = 0; j < num; j++)
-                if (q[j] != 0)
-                    gs_doit[j & 3] = 1;
-
-            if (gs_doit[0] | gs_doit[1] | gs_doit[2])
-                gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1;
-            else {
-                gs_doit[0] = gs_doit[1] = gs_doit[2] = 0;
-                gs_doit[3] = 1;
-            }
-        } else
-            gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1;
-
-        for (l2 = j = 0; j < num; j++) {
-            if (!gs_doit[j & 3])
-                continue;
-            l2++;
-#ifndef CHARSET_EBCDIC
-            if ((q[j] < ' ') || (q[j] > '~'))
-                l2 += 3;
-#else
-            if ((os_toascii[q[j]] < os_toascii[' ']) ||
-                (os_toascii[q[j]] > os_toascii['~']))
-                l2 += 3;
-#endif
-        }
-
-        lold = l;
-        l += 1 + l1 + 1 + l2;
-        if (b != NULL) {
-            if (!BUF_MEM_grow(b, l + 1))
-                goto err;
-            p = &(b->data[lold]);
-        } else if (l > len) {
-            break;
-        } else
-            p = &(buf[lold]);
-        *(p++) = '/';
-        memcpy(p, s, (unsigned int)l1);
-        p += l1;
-        *(p++) = '=';
-
-#ifndef CHARSET_EBCDIC          /* q was assigned above already. */
-        q = ne->value->data;
-#endif
-
-        for (j = 0; j < num; j++) {
-            if (!gs_doit[j & 3])
-                continue;
-#ifndef CHARSET_EBCDIC
-            n = q[j];
-            if ((n < ' ') || (n > '~')) {
-                *(p++) = '\\';
-                *(p++) = 'x';
-                *(p++) = hex[(n >> 4) & 0x0f];
-                *(p++) = hex[n & 0x0f];
-            } else
-                *(p++) = n;
-#else
-            n = os_toascii[q[j]];
-            if ((n < os_toascii[' ']) || (n > os_toascii['~'])) {
-                *(p++) = '\\';
-                *(p++) = 'x';
-                *(p++) = hex[(n >> 4) & 0x0f];
-                *(p++) = hex[n & 0x0f];
-            } else
-                *(p++) = q[j];
-#endif
-        }
-        *p = '\0';
-    }
-    if (b != NULL) {
-        p = b->data;
-        OPENSSL_free(b);
-    } else
-        p = buf;
-    if (i == 0)
-        *p = '\0';
-    return (p);
- err:
-    X509err(X509_F_X509_NAME_ONELINE, ERR_R_MALLOC_FAILURE);
-    if (b != NULL)
-        BUF_MEM_free(b);
-    return (NULL);
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/x509/x509_obj.c (from rev 11605, vendor-crypto/openssl/dist/crypto/x509/x509_obj.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/x509/x509_obj.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/x509/x509_obj.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,230 @@
+/* crypto/x509/x509_obj.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/buffer.h>
+
+/*
+ * Limit to ensure we don't overflow: much greater than
+ * anything enountered in practice.
+ */
+
+#define NAME_ONELINE_MAX    (1024 * 1024)
+
+char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
+{
+    X509_NAME_ENTRY *ne;
+    int i;
+    int n, lold, l, l1, l2, num, j, type;
+    const char *s;
+    char *p;
+    unsigned char *q;
+    BUF_MEM *b = NULL;
+    static const char hex[17] = "0123456789ABCDEF";
+    int gs_doit[4];
+    char tmp_buf[80];
+#ifdef CHARSET_EBCDIC
+    char ebcdic_buf[1024];
+#endif
+
+    if (buf == NULL) {
+        if ((b = BUF_MEM_new()) == NULL)
+            goto err;
+        if (!BUF_MEM_grow(b, 200))
+            goto err;
+        b->data[0] = '\0';
+        len = 200;
+    } else if (len == 0) {
+        return NULL;
+    }
+    if (a == NULL) {
+        if (b) {
+            buf = b->data;
+            OPENSSL_free(b);
+        }
+        strncpy(buf, "NO X509_NAME", len);
+        buf[len - 1] = '\0';
+        return buf;
+    }
+
+    len--;                      /* space for '\0' */
+    l = 0;
+    for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
+        ne = sk_X509_NAME_ENTRY_value(a->entries, i);
+        n = OBJ_obj2nid(ne->object);
+        if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
+            i2t_ASN1_OBJECT(tmp_buf, sizeof(tmp_buf), ne->object);
+            s = tmp_buf;
+        }
+        l1 = strlen(s);
+
+        type = ne->value->type;
+        num = ne->value->length;
+        if (num > NAME_ONELINE_MAX) {
+            X509err(X509_F_X509_NAME_ONELINE, X509_R_NAME_TOO_LONG);
+            goto end;
+        }
+        q = ne->value->data;
+#ifdef CHARSET_EBCDIC
+        if (type == V_ASN1_GENERALSTRING ||
+            type == V_ASN1_VISIBLESTRING ||
+            type == V_ASN1_PRINTABLESTRING ||
+            type == V_ASN1_TELETEXSTRING ||
+            type == V_ASN1_VISIBLESTRING || type == V_ASN1_IA5STRING) {
+            if (num > (int)sizeof(ebcdic_buf))
+                num = sizeof(ebcdic_buf);
+            ascii2ebcdic(ebcdic_buf, q, num);
+            q = ebcdic_buf;
+        }
+#endif
+
+        if ((type == V_ASN1_GENERALSTRING) && ((num % 4) == 0)) {
+            gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 0;
+            for (j = 0; j < num; j++)
+                if (q[j] != 0)
+                    gs_doit[j & 3] = 1;
+
+            if (gs_doit[0] | gs_doit[1] | gs_doit[2])
+                gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1;
+            else {
+                gs_doit[0] = gs_doit[1] = gs_doit[2] = 0;
+                gs_doit[3] = 1;
+            }
+        } else
+            gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1;
+
+        for (l2 = j = 0; j < num; j++) {
+            if (!gs_doit[j & 3])
+                continue;
+            l2++;
+#ifndef CHARSET_EBCDIC
+            if ((q[j] < ' ') || (q[j] > '~'))
+                l2 += 3;
+#else
+            if ((os_toascii[q[j]] < os_toascii[' ']) ||
+                (os_toascii[q[j]] > os_toascii['~']))
+                l2 += 3;
+#endif
+        }
+
+        lold = l;
+        l += 1 + l1 + 1 + l2;
+        if (l > NAME_ONELINE_MAX) {
+            X509err(X509_F_X509_NAME_ONELINE, X509_R_NAME_TOO_LONG);
+            goto end;
+        }
+        if (b != NULL) {
+            if (!BUF_MEM_grow(b, l + 1))
+                goto err;
+            p = &(b->data[lold]);
+        } else if (l > len) {
+            break;
+        } else
+            p = &(buf[lold]);
+        *(p++) = '/';
+        memcpy(p, s, (unsigned int)l1);
+        p += l1;
+        *(p++) = '=';
+
+#ifndef CHARSET_EBCDIC          /* q was assigned above already. */
+        q = ne->value->data;
+#endif
+
+        for (j = 0; j < num; j++) {
+            if (!gs_doit[j & 3])
+                continue;
+#ifndef CHARSET_EBCDIC
+            n = q[j];
+            if ((n < ' ') || (n > '~')) {
+                *(p++) = '\\';
+                *(p++) = 'x';
+                *(p++) = hex[(n >> 4) & 0x0f];
+                *(p++) = hex[n & 0x0f];
+            } else
+                *(p++) = n;
+#else
+            n = os_toascii[q[j]];
+            if ((n < os_toascii[' ']) || (n > os_toascii['~'])) {
+                *(p++) = '\\';
+                *(p++) = 'x';
+                *(p++) = hex[(n >> 4) & 0x0f];
+                *(p++) = hex[n & 0x0f];
+            } else
+                *(p++) = q[j];
+#endif
+        }
+        *p = '\0';
+    }
+    if (b != NULL) {
+        p = b->data;
+        OPENSSL_free(b);
+    } else
+        p = buf;
+    if (i == 0)
+        *p = '\0';
+    return (p);
+ err:
+    X509err(X509_F_X509_NAME_ONELINE, ERR_R_MALLOC_FAILURE);
+ end:
+    BUF_MEM_free(b);
+    return (NULL);
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/x509/x509_txt.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509/x509_txt.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/x509/x509_txt.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,191 +0,0 @@
-/* crypto/x509/x509_txt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <time.h>
-#include <errno.h>
-
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-#include <openssl/buffer.h>
-#include <openssl/evp.h>
-#include <openssl/asn1.h>
-#include <openssl/x509.h>
-#include <openssl/objects.h>
-
-const char *X509_verify_cert_error_string(long n)
-{
-    static char buf[100];
-
-    switch ((int)n) {
-    case X509_V_OK:
-        return ("ok");
-    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-        return ("unable to get issuer certificate");
-    case X509_V_ERR_UNABLE_TO_GET_CRL:
-        return ("unable to get certificate CRL");
-    case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
-        return ("unable to decrypt certificate's signature");
-    case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
-        return ("unable to decrypt CRL's signature");
-    case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
-        return ("unable to decode issuer public key");
-    case X509_V_ERR_CERT_SIGNATURE_FAILURE:
-        return ("certificate signature failure");
-    case X509_V_ERR_CRL_SIGNATURE_FAILURE:
-        return ("CRL signature failure");
-    case X509_V_ERR_CERT_NOT_YET_VALID:
-        return ("certificate is not yet valid");
-    case X509_V_ERR_CRL_NOT_YET_VALID:
-        return ("CRL is not yet valid");
-    case X509_V_ERR_CERT_HAS_EXPIRED:
-        return ("certificate has expired");
-    case X509_V_ERR_CRL_HAS_EXPIRED:
-        return ("CRL has expired");
-    case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
-        return ("format error in certificate's notBefore field");
-    case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
-        return ("format error in certificate's notAfter field");
-    case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
-        return ("format error in CRL's lastUpdate field");
-    case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
-        return ("format error in CRL's nextUpdate field");
-    case X509_V_ERR_OUT_OF_MEM:
-        return ("out of memory");
-    case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
-        return ("self signed certificate");
-    case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
-        return ("self signed certificate in certificate chain");
-    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
-        return ("unable to get local issuer certificate");
-    case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
-        return ("unable to verify the first certificate");
-    case X509_V_ERR_CERT_CHAIN_TOO_LONG:
-        return ("certificate chain too long");
-    case X509_V_ERR_CERT_REVOKED:
-        return ("certificate revoked");
-    case X509_V_ERR_INVALID_CA:
-        return ("invalid CA certificate");
-    case X509_V_ERR_INVALID_NON_CA:
-        return ("invalid non-CA certificate (has CA markings)");
-    case X509_V_ERR_PATH_LENGTH_EXCEEDED:
-        return ("path length constraint exceeded");
-    case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED:
-        return ("proxy path length constraint exceeded");
-    case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED:
-        return
-            ("proxy certificates not allowed, please set the appropriate flag");
-    case X509_V_ERR_INVALID_PURPOSE:
-        return ("unsupported certificate purpose");
-    case X509_V_ERR_CERT_UNTRUSTED:
-        return ("certificate not trusted");
-    case X509_V_ERR_CERT_REJECTED:
-        return ("certificate rejected");
-    case X509_V_ERR_APPLICATION_VERIFICATION:
-        return ("application verification failure");
-    case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
-        return ("subject issuer mismatch");
-    case X509_V_ERR_AKID_SKID_MISMATCH:
-        return ("authority and subject key identifier mismatch");
-    case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
-        return ("authority and issuer serial number mismatch");
-    case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
-        return ("key usage does not include certificate signing");
-    case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
-        return ("unable to get CRL issuer certificate");
-    case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
-        return ("unhandled critical extension");
-    case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN:
-        return ("key usage does not include CRL signing");
-    case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE:
-        return ("key usage does not include digital signature");
-    case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION:
-        return ("unhandled critical CRL extension");
-    case X509_V_ERR_INVALID_EXTENSION:
-        return ("invalid or inconsistent certificate extension");
-    case X509_V_ERR_INVALID_POLICY_EXTENSION:
-        return ("invalid or inconsistent certificate policy extension");
-    case X509_V_ERR_NO_EXPLICIT_POLICY:
-        return ("no explicit policy");
-    case X509_V_ERR_DIFFERENT_CRL_SCOPE:
-        return ("Different CRL scope");
-    case X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE:
-        return ("Unsupported extension feature");
-    case X509_V_ERR_UNNESTED_RESOURCE:
-        return ("RFC 3779 resource not subset of parent's resources");
-
-    case X509_V_ERR_PERMITTED_VIOLATION:
-        return ("permitted subtree violation");
-    case X509_V_ERR_EXCLUDED_VIOLATION:
-        return ("excluded subtree violation");
-    case X509_V_ERR_SUBTREE_MINMAX:
-        return ("name constraints minimum and maximum not supported");
-    case X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE:
-        return ("unsupported name constraint type");
-    case X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX:
-        return ("unsupported or invalid name constraint syntax");
-    case X509_V_ERR_UNSUPPORTED_NAME_SYNTAX:
-        return ("unsupported or invalid name syntax");
-    case X509_V_ERR_CRL_PATH_VALIDATION_ERROR:
-        return ("CRL path validation error");
-
-    default:
-        BIO_snprintf(buf, sizeof buf, "error number %ld", n);
-        return (buf);
-    }
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/x509/x509_txt.c (from rev 11605, vendor-crypto/openssl/dist/crypto/x509/x509_txt.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/x509/x509_txt.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/x509/x509_txt.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,197 @@
+/* crypto/x509/x509_txt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <errno.h>
+
+#include "cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+
+const char *X509_verify_cert_error_string(long n)
+{
+    static char buf[100];
+
+    switch ((int)n) {
+    case X509_V_OK:
+        return ("ok");
+    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+        return ("unable to get issuer certificate");
+    case X509_V_ERR_UNABLE_TO_GET_CRL:
+        return ("unable to get certificate CRL");
+    case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
+        return ("unable to decrypt certificate's signature");
+    case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
+        return ("unable to decrypt CRL's signature");
+    case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
+        return ("unable to decode issuer public key");
+    case X509_V_ERR_CERT_SIGNATURE_FAILURE:
+        return ("certificate signature failure");
+    case X509_V_ERR_CRL_SIGNATURE_FAILURE:
+        return ("CRL signature failure");
+    case X509_V_ERR_CERT_NOT_YET_VALID:
+        return ("certificate is not yet valid");
+    case X509_V_ERR_CRL_NOT_YET_VALID:
+        return ("CRL is not yet valid");
+    case X509_V_ERR_CERT_HAS_EXPIRED:
+        return ("certificate has expired");
+    case X509_V_ERR_CRL_HAS_EXPIRED:
+        return ("CRL has expired");
+    case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+        return ("format error in certificate's notBefore field");
+    case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+        return ("format error in certificate's notAfter field");
+    case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
+        return ("format error in CRL's lastUpdate field");
+    case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
+        return ("format error in CRL's nextUpdate field");
+    case X509_V_ERR_OUT_OF_MEM:
+        return ("out of memory");
+    case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+        return ("self signed certificate");
+    case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
+        return ("self signed certificate in certificate chain");
+    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
+        return ("unable to get local issuer certificate");
+    case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
+        return ("unable to verify the first certificate");
+    case X509_V_ERR_CERT_CHAIN_TOO_LONG:
+        return ("certificate chain too long");
+    case X509_V_ERR_CERT_REVOKED:
+        return ("certificate revoked");
+    case X509_V_ERR_INVALID_CA:
+        return ("invalid CA certificate");
+    case X509_V_ERR_INVALID_NON_CA:
+        return ("invalid non-CA certificate (has CA markings)");
+    case X509_V_ERR_PATH_LENGTH_EXCEEDED:
+        return ("path length constraint exceeded");
+    case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED:
+        return ("proxy path length constraint exceeded");
+    case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED:
+        return
+            ("proxy certificates not allowed, please set the appropriate flag");
+    case X509_V_ERR_INVALID_PURPOSE:
+        return ("unsupported certificate purpose");
+    case X509_V_ERR_CERT_UNTRUSTED:
+        return ("certificate not trusted");
+    case X509_V_ERR_CERT_REJECTED:
+        return ("certificate rejected");
+    case X509_V_ERR_APPLICATION_VERIFICATION:
+        return ("application verification failure");
+    case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
+        return ("subject issuer mismatch");
+    case X509_V_ERR_AKID_SKID_MISMATCH:
+        return ("authority and subject key identifier mismatch");
+    case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
+        return ("authority and issuer serial number mismatch");
+    case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
+        return ("key usage does not include certificate signing");
+    case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
+        return ("unable to get CRL issuer certificate");
+    case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
+        return ("unhandled critical extension");
+    case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN:
+        return ("key usage does not include CRL signing");
+    case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE:
+        return ("key usage does not include digital signature");
+    case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION:
+        return ("unhandled critical CRL extension");
+    case X509_V_ERR_INVALID_EXTENSION:
+        return ("invalid or inconsistent certificate extension");
+    case X509_V_ERR_INVALID_POLICY_EXTENSION:
+        return ("invalid or inconsistent certificate policy extension");
+    case X509_V_ERR_NO_EXPLICIT_POLICY:
+        return ("no explicit policy");
+    case X509_V_ERR_DIFFERENT_CRL_SCOPE:
+        return ("Different CRL scope");
+    case X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE:
+        return ("Unsupported extension feature");
+    case X509_V_ERR_UNNESTED_RESOURCE:
+        return ("RFC 3779 resource not subset of parent's resources");
+
+    case X509_V_ERR_PERMITTED_VIOLATION:
+        return ("permitted subtree violation");
+    case X509_V_ERR_EXCLUDED_VIOLATION:
+        return ("excluded subtree violation");
+    case X509_V_ERR_SUBTREE_MINMAX:
+        return ("name constraints minimum and maximum not supported");
+    case X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE:
+        return ("unsupported name constraint type");
+    case X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX:
+        return ("unsupported or invalid name constraint syntax");
+    case X509_V_ERR_UNSUPPORTED_NAME_SYNTAX:
+        return ("unsupported or invalid name syntax");
+    case X509_V_ERR_CRL_PATH_VALIDATION_ERROR:
+        return ("CRL path validation error");
+    case X509_V_ERR_INVALID_CALL:
+        return ("Invalid certificate verification context");
+    case X509_V_ERR_STORE_LOOKUP:
+        return ("Issuer certificate lookup error");
+    case X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION:
+        return ("proxy subject name violation");
+
+    default:
+        BIO_snprintf(buf, sizeof buf, "error number %ld", n);
+        return (buf);
+    }
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/x509/x509_vfy.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509/x509_vfy.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/x509/x509_vfy.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,2221 +0,0 @@
-/* crypto/x509/x509_vfy.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <time.h>
-#include <errno.h>
-
-#include "cryptlib.h"
-#include <openssl/crypto.h>
-#include <openssl/lhash.h>
-#include <openssl/buffer.h>
-#include <openssl/evp.h>
-#include <openssl/asn1.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/objects.h>
-
-/* CRL score values */
-
-/* No unhandled critical extensions */
-
-#define CRL_SCORE_NOCRITICAL    0x100
-
-/* certificate is within CRL scope */
-
-#define CRL_SCORE_SCOPE         0x080
-
-/* CRL times valid */
-
-#define CRL_SCORE_TIME          0x040
-
-/* Issuer name matches certificate */
-
-#define CRL_SCORE_ISSUER_NAME   0x020
-
-/* If this score or above CRL is probably valid */
-
-#define CRL_SCORE_VALID (CRL_SCORE_NOCRITICAL|CRL_SCORE_TIME|CRL_SCORE_SCOPE)
-
-/* CRL issuer is certificate issuer */
-
-#define CRL_SCORE_ISSUER_CERT   0x018
-
-/* CRL issuer is on certificate path */
-
-#define CRL_SCORE_SAME_PATH     0x008
-
-/* CRL issuer matches CRL AKID */
-
-#define CRL_SCORE_AKID          0x004
-
-/* Have a delta CRL with valid times */
-
-#define CRL_SCORE_TIME_DELTA    0x002
-
-static int null_callback(int ok, X509_STORE_CTX *e);
-static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
-static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x);
-static int check_chain_extensions(X509_STORE_CTX *ctx);
-static int check_name_constraints(X509_STORE_CTX *ctx);
-static int check_trust(X509_STORE_CTX *ctx);
-static int check_revocation(X509_STORE_CTX *ctx);
-static int check_cert(X509_STORE_CTX *ctx);
-static int check_policy(X509_STORE_CTX *ctx);
-
-static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
-                         unsigned int *preasons, X509_CRL *crl, X509 *x);
-static int get_crl_delta(X509_STORE_CTX *ctx,
-                         X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x);
-static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl,
-                         int *pcrl_score, X509_CRL *base,
-                         STACK_OF(X509_CRL) *crls);
-static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer,
-                           int *pcrl_score);
-static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
-                           unsigned int *preasons);
-static int check_crl_path(X509_STORE_CTX *ctx, X509 *x);
-static int check_crl_chain(X509_STORE_CTX *ctx,
-                           STACK_OF(X509) *cert_path,
-                           STACK_OF(X509) *crl_path);
-
-static int internal_verify(X509_STORE_CTX *ctx);
-const char X509_version[] = "X.509" OPENSSL_VERSION_PTEXT;
-
-static int null_callback(int ok, X509_STORE_CTX *e)
-{
-    return ok;
-}
-
-#if 0
-static int x509_subject_cmp(X509 **a, X509 **b)
-{
-    return X509_subject_name_cmp(*a, *b);
-}
-#endif
-
-int X509_verify_cert(X509_STORE_CTX *ctx)
-{
-    X509 *x, *xtmp, *xtmp2, *chain_ss = NULL;
-    int bad_chain = 0;
-    X509_VERIFY_PARAM *param = ctx->param;
-    int depth, i, ok = 0;
-    int num, j, retry;
-    int (*cb) (int xok, X509_STORE_CTX *xctx);
-    STACK_OF(X509) *sktmp = NULL;
-    if (ctx->cert == NULL) {
-        X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
-        return -1;
-    }
-    if (ctx->chain != NULL) {
-        /*
-         * This X509_STORE_CTX has already been used to verify a cert. We
-         * cannot do another one.
-         */
-        X509err(X509_F_X509_VERIFY_CERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-        return -1;
-    }
-
-    cb = ctx->verify_cb;
-
-    /*
-     * first we make sure the chain we are going to build is present and that
-     * the first entry is in place
-     */
-    if (((ctx->chain = sk_X509_new_null()) == NULL) ||
-        (!sk_X509_push(ctx->chain, ctx->cert))) {
-        X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
-        goto end;
-    }
-    CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509);
-    ctx->last_untrusted = 1;
-
-    /* We use a temporary STACK so we can chop and hack at it */
-    if (ctx->untrusted != NULL
-        && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
-        X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
-        goto end;
-    }
-
-    num = sk_X509_num(ctx->chain);
-    x = sk_X509_value(ctx->chain, num - 1);
-    depth = param->depth;
-
-    for (;;) {
-        /* If we have enough, we break */
-        if (depth < num)
-            break;              /* FIXME: If this happens, we should take
-                                 * note of it and, if appropriate, use the
-                                 * X509_V_ERR_CERT_CHAIN_TOO_LONG error code
-                                 * later. */
-
-        /* If we are self signed, we break */
-        if (ctx->check_issued(ctx, x, x))
-            break;
-
-        /* If we were passed a cert chain, use it first */
-        if (ctx->untrusted != NULL) {
-            xtmp = find_issuer(ctx, sktmp, x);
-            if (xtmp != NULL) {
-                if (!sk_X509_push(ctx->chain, xtmp)) {
-                    X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
-                    goto end;
-                }
-                CRYPTO_add(&xtmp->references, 1, CRYPTO_LOCK_X509);
-                (void)sk_X509_delete_ptr(sktmp, xtmp);
-                ctx->last_untrusted++;
-                x = xtmp;
-                num++;
-                /*
-                 * reparse the full chain for the next one
-                 */
-                continue;
-            }
-        }
-        break;
-    }
-
-    /* Remember how many untrusted certs we have */
-    j = num;
-    /*
-     * at this point, chain should contain a list of untrusted certificates.
-     * We now need to add at least one trusted one, if possible, otherwise we
-     * complain.
-     */
-
-    do {
-        /*
-         * Examine last certificate in chain and see if it is self signed.
-         */
-        i = sk_X509_num(ctx->chain);
-        x = sk_X509_value(ctx->chain, i - 1);
-        if (ctx->check_issued(ctx, x, x)) {
-            /* we have a self signed certificate */
-            if (sk_X509_num(ctx->chain) == 1) {
-                /*
-                 * We have a single self signed certificate: see if we can
-                 * find it in the store. We must have an exact match to avoid
-                 * possible impersonation.
-                 */
-                ok = ctx->get_issuer(&xtmp, ctx, x);
-                if ((ok <= 0) || X509_cmp(x, xtmp)) {
-                    ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
-                    ctx->current_cert = x;
-                    ctx->error_depth = i - 1;
-                    if (ok == 1)
-                        X509_free(xtmp);
-                    bad_chain = 1;
-                    ok = cb(0, ctx);
-                    if (!ok)
-                        goto end;
-                } else {
-                    /*
-                     * We have a match: replace certificate with store
-                     * version so we get any trust settings.
-                     */
-                    X509_free(x);
-                    x = xtmp;
-                    (void)sk_X509_set(ctx->chain, i - 1, x);
-                    ctx->last_untrusted = 0;
-                }
-            } else {
-                /*
-                 * extract and save self signed certificate for later use
-                 */
-                chain_ss = sk_X509_pop(ctx->chain);
-                ctx->last_untrusted--;
-                num--;
-                j--;
-                x = sk_X509_value(ctx->chain, num - 1);
-            }
-        }
-        /* We now lookup certs from the certificate store */
-        for (;;) {
-            /* If we have enough, we break */
-            if (depth < num)
-                break;
-            /* If we are self signed, we break */
-            if (ctx->check_issued(ctx, x, x))
-                break;
-            ok = ctx->get_issuer(&xtmp, ctx, x);
-            if (ok < 0)
-                return ok;
-            if (ok == 0)
-                break;
-            x = xtmp;
-            if (!sk_X509_push(ctx->chain, x)) {
-                X509_free(xtmp);
-                X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
-                return 0;
-            }
-            num++;
-        }
-
-        /*
-         * If we haven't got a least one certificate from our store then check
-         * if there is an alternative chain that could be used.  We only do this
-         * if the user hasn't switched off alternate chain checking
-         */
-        retry = 0;
-        if (num == ctx->last_untrusted &&
-            !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) {
-            while (j-- > 1) {
-                xtmp2 = sk_X509_value(ctx->chain, j - 1);
-                ok = ctx->get_issuer(&xtmp, ctx, xtmp2);
-                if (ok < 0)
-                    goto end;
-                /* Check if we found an alternate chain */
-                if (ok > 0) {
-                    /*
-                     * Free up the found cert we'll add it again later
-                     */
-                    X509_free(xtmp);
-
-                    /*
-                     * Dump all the certs above this point - we've found an
-                     * alternate chain
-                     */
-                    while (num > j) {
-                        xtmp = sk_X509_pop(ctx->chain);
-                        X509_free(xtmp);
-                        num--;
-                    }
-                    ctx->last_untrusted = sk_X509_num(ctx->chain);
-                    retry = 1;
-                    break;
-                }
-            }
-        }
-    } while (retry);
-
-    /* Is last certificate looked up self signed? */
-    if (!ctx->check_issued(ctx, x, x)) {
-        if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) {
-            if (ctx->last_untrusted >= num)
-                ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
-            else
-                ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
-            ctx->current_cert = x;
-        } else {
-
-            sk_X509_push(ctx->chain, chain_ss);
-            num++;
-            ctx->last_untrusted = num;
-            ctx->current_cert = chain_ss;
-            ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
-            chain_ss = NULL;
-        }
-
-        ctx->error_depth = num - 1;
-        bad_chain = 1;
-        ok = cb(0, ctx);
-        if (!ok)
-            goto end;
-    }
-
-    /* We have the chain complete: now we need to check its purpose */
-    ok = check_chain_extensions(ctx);
-
-    if (!ok)
-        goto end;
-
-    /* Check name constraints */
-
-    ok = check_name_constraints(ctx);
-
-    if (!ok)
-        goto end;
-
-    /* The chain extensions are OK: check trust */
-
-    if (param->trust > 0)
-        ok = check_trust(ctx);
-
-    if (!ok)
-        goto end;
-
-    /* We may as well copy down any DSA parameters that are required */
-    X509_get_pubkey_parameters(NULL, ctx->chain);
-
-    /*
-     * Check revocation status: we do this after copying parameters because
-     * they may be needed for CRL signature verification.
-     */
-
-    ok = ctx->check_revocation(ctx);
-    if (!ok)
-        goto end;
-
-    /* At this point, we have a chain and need to verify it */
-    if (ctx->verify != NULL)
-        ok = ctx->verify(ctx);
-    else
-        ok = internal_verify(ctx);
-    if (!ok)
-        goto end;
-
-#ifndef OPENSSL_NO_RFC3779
-    /* RFC 3779 path validation, now that CRL check has been done */
-    ok = v3_asid_validate_path(ctx);
-    if (!ok)
-        goto end;
-    ok = v3_addr_validate_path(ctx);
-    if (!ok)
-        goto end;
-#endif
-
-    /* If we get this far evaluate policies */
-    if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
-        ok = ctx->check_policy(ctx);
-    if (!ok)
-        goto end;
-    if (0) {
- end:
-        X509_get_pubkey_parameters(NULL, ctx->chain);
-    }
-    if (sktmp != NULL)
-        sk_X509_free(sktmp);
-    if (chain_ss != NULL)
-        X509_free(chain_ss);
-    return ok;
-}
-
-/*
- * Given a STACK_OF(X509) find the issuer of cert (if any)
- */
-
-static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
-{
-    int i;
-    X509 *issuer;
-    for (i = 0; i < sk_X509_num(sk); i++) {
-        issuer = sk_X509_value(sk, i);
-        if (ctx->check_issued(ctx, x, issuer))
-            return issuer;
-    }
-    return NULL;
-}
-
-/* Given a possible certificate and issuer check them */
-
-static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
-{
-    int ret;
-    ret = X509_check_issued(issuer, x);
-    if (ret == X509_V_OK)
-        return 1;
-    /* If we haven't asked for issuer errors don't set ctx */
-    if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK))
-        return 0;
-
-    ctx->error = ret;
-    ctx->current_cert = x;
-    ctx->current_issuer = issuer;
-    return ctx->verify_cb(0, ctx);
-    return 0;
-}
-
-/* Alternative lookup method: look from a STACK stored in other_ctx */
-
-static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
-{
-    *issuer = find_issuer(ctx, ctx->other_ctx, x);
-    if (*issuer) {
-        CRYPTO_add(&(*issuer)->references, 1, CRYPTO_LOCK_X509);
-        return 1;
-    } else
-        return 0;
-}
-
-/*
- * Check a certificate chains extensions for consistency with the supplied
- * purpose
- */
-
-static int check_chain_extensions(X509_STORE_CTX *ctx)
-{
-#ifdef OPENSSL_NO_CHAIN_VERIFY
-    return 1;
-#else
-    int i, ok = 0, must_be_ca, plen = 0;
-    X509 *x;
-    int (*cb) (int xok, X509_STORE_CTX *xctx);
-    int proxy_path_length = 0;
-    int purpose;
-    int allow_proxy_certs;
-    cb = ctx->verify_cb;
-
-    /*-
-     *  must_be_ca can have 1 of 3 values:
-     * -1: we accept both CA and non-CA certificates, to allow direct
-     *     use of self-signed certificates (which are marked as CA).
-     * 0:  we only accept non-CA certificates.  This is currently not
-     *     used, but the possibility is present for future extensions.
-     * 1:  we only accept CA certificates.  This is currently used for
-     *     all certificates in the chain except the leaf certificate.
-     */
-    must_be_ca = -1;
-
-    /* CRL path validation */
-    if (ctx->parent) {
-        allow_proxy_certs = 0;
-        purpose = X509_PURPOSE_CRL_SIGN;
-    } else {
-        allow_proxy_certs =
-            ! !(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
-        /*
-         * A hack to keep people who don't want to modify their software
-         * happy
-         */
-        if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
-            allow_proxy_certs = 1;
-        purpose = ctx->param->purpose;
-    }
-
-    /* Check all untrusted certificates */
-    for (i = 0; i < ctx->last_untrusted; i++) {
-        int ret;
-        x = sk_X509_value(ctx->chain, i);
-        if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
-            && (x->ex_flags & EXFLAG_CRITICAL)) {
-            ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;
-            ctx->error_depth = i;
-            ctx->current_cert = x;
-            ok = cb(0, ctx);
-            if (!ok)
-                goto end;
-        }
-        if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) {
-            ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED;
-            ctx->error_depth = i;
-            ctx->current_cert = x;
-            ok = cb(0, ctx);
-            if (!ok)
-                goto end;
-        }
-        ret = X509_check_ca(x);
-        switch (must_be_ca) {
-        case -1:
-            if ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
-                && (ret != 1) && (ret != 0)) {
-                ret = 0;
-                ctx->error = X509_V_ERR_INVALID_CA;
-            } else
-                ret = 1;
-            break;
-        case 0:
-            if (ret != 0) {
-                ret = 0;
-                ctx->error = X509_V_ERR_INVALID_NON_CA;
-            } else
-                ret = 1;
-            break;
-        default:
-            if ((ret == 0)
-                || ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
-                    && (ret != 1))) {
-                ret = 0;
-                ctx->error = X509_V_ERR_INVALID_CA;
-            } else
-                ret = 1;
-            break;
-        }
-        if (ret == 0) {
-            ctx->error_depth = i;
-            ctx->current_cert = x;
-            ok = cb(0, ctx);
-            if (!ok)
-                goto end;
-        }
-        if (ctx->param->purpose > 0) {
-            ret = X509_check_purpose(x, purpose, must_be_ca > 0);
-            if ((ret == 0)
-                || ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
-                    && (ret != 1))) {
-                ctx->error = X509_V_ERR_INVALID_PURPOSE;
-                ctx->error_depth = i;
-                ctx->current_cert = x;
-                ok = cb(0, ctx);
-                if (!ok)
-                    goto end;
-            }
-        }
-        /* Check pathlen if not self issued */
-        if ((i > 1) && !(x->ex_flags & EXFLAG_SI)
-            && (x->ex_pathlen != -1)
-            && (plen > (x->ex_pathlen + proxy_path_length + 1))) {
-            ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
-            ctx->error_depth = i;
-            ctx->current_cert = x;
-            ok = cb(0, ctx);
-            if (!ok)
-                goto end;
-        }
-        /* Increment path length if not self issued */
-        if (!(x->ex_flags & EXFLAG_SI))
-            plen++;
-        /*
-         * If this certificate is a proxy certificate, the next certificate
-         * must be another proxy certificate or a EE certificate.  If not,
-         * the next certificate must be a CA certificate.
-         */
-        if (x->ex_flags & EXFLAG_PROXY) {
-            if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen) {
-                ctx->error = X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED;
-                ctx->error_depth = i;
-                ctx->current_cert = x;
-                ok = cb(0, ctx);
-                if (!ok)
-                    goto end;
-            }
-            proxy_path_length++;
-            must_be_ca = 0;
-        } else
-            must_be_ca = 1;
-    }
-    ok = 1;
- end:
-    return ok;
-#endif
-}
-
-static int check_name_constraints(X509_STORE_CTX *ctx)
-{
-    X509 *x;
-    int i, j, rv;
-    /* Check name constraints for all certificates */
-    for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) {
-        x = sk_X509_value(ctx->chain, i);
-        /* Ignore self issued certs unless last in chain */
-        if (i && (x->ex_flags & EXFLAG_SI))
-            continue;
-        /*
-         * Check against constraints for all certificates higher in chain
-         * including trust anchor. Trust anchor not strictly speaking needed
-         * but if it includes constraints it is to be assumed it expects them
-         * to be obeyed.
-         */
-        for (j = sk_X509_num(ctx->chain) - 1; j > i; j--) {
-            NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc;
-            if (nc) {
-                rv = NAME_CONSTRAINTS_check(x, nc);
-                if (rv != X509_V_OK) {
-                    ctx->error = rv;
-                    ctx->error_depth = i;
-                    ctx->current_cert = x;
-                    if (!ctx->verify_cb(0, ctx))
-                        return 0;
-                }
-            }
-        }
-    }
-    return 1;
-}
-
-static int check_trust(X509_STORE_CTX *ctx)
-{
-#ifdef OPENSSL_NO_CHAIN_VERIFY
-    return 1;
-#else
-    int i, ok;
-    X509 *x;
-    int (*cb) (int xok, X509_STORE_CTX *xctx);
-    cb = ctx->verify_cb;
-/* For now just check the last certificate in the chain */
-    i = sk_X509_num(ctx->chain) - 1;
-    x = sk_X509_value(ctx->chain, i);
-    ok = X509_check_trust(x, ctx->param->trust, 0);
-    if (ok == X509_TRUST_TRUSTED)
-        return 1;
-    ctx->error_depth = i;
-    ctx->current_cert = x;
-    if (ok == X509_TRUST_REJECTED)
-        ctx->error = X509_V_ERR_CERT_REJECTED;
-    else
-        ctx->error = X509_V_ERR_CERT_UNTRUSTED;
-    ok = cb(0, ctx);
-    return ok;
-#endif
-}
-
-static int check_revocation(X509_STORE_CTX *ctx)
-{
-    int i, last, ok;
-    if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK))
-        return 1;
-    if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL)
-        last = sk_X509_num(ctx->chain) - 1;
-    else {
-        /* If checking CRL paths this isn't the EE certificate */
-        if (ctx->parent)
-            return 1;
-        last = 0;
-    }
-    for (i = 0; i <= last; i++) {
-        ctx->error_depth = i;
-        ok = check_cert(ctx);
-        if (!ok)
-            return ok;
-    }
-    return 1;
-}
-
-static int check_cert(X509_STORE_CTX *ctx)
-{
-    X509_CRL *crl = NULL, *dcrl = NULL;
-    X509 *x;
-    int ok, cnum;
-    unsigned int last_reasons;
-    cnum = ctx->error_depth;
-    x = sk_X509_value(ctx->chain, cnum);
-    ctx->current_cert = x;
-    ctx->current_issuer = NULL;
-    ctx->current_crl_score = 0;
-    ctx->current_reasons = 0;
-    while (ctx->current_reasons != CRLDP_ALL_REASONS) {
-        last_reasons = ctx->current_reasons;
-        /* Try to retrieve relevant CRL */
-        if (ctx->get_crl)
-            ok = ctx->get_crl(ctx, &crl, x);
-        else
-            ok = get_crl_delta(ctx, &crl, &dcrl, x);
-        /*
-         * If error looking up CRL, nothing we can do except notify callback
-         */
-        if (!ok) {
-            ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
-            ok = ctx->verify_cb(0, ctx);
-            goto err;
-        }
-        ctx->current_crl = crl;
-        ok = ctx->check_crl(ctx, crl);
-        if (!ok)
-            goto err;
-
-        if (dcrl) {
-            ok = ctx->check_crl(ctx, dcrl);
-            if (!ok)
-                goto err;
-            ok = ctx->cert_crl(ctx, dcrl, x);
-            if (!ok)
-                goto err;
-        } else
-            ok = 1;
-
-        /* Don't look in full CRL if delta reason is removefromCRL */
-        if (ok != 2) {
-            ok = ctx->cert_crl(ctx, crl, x);
-            if (!ok)
-                goto err;
-        }
-
-        X509_CRL_free(crl);
-        X509_CRL_free(dcrl);
-        crl = NULL;
-        dcrl = NULL;
-        /*
-         * If reasons not updated we wont get anywhere by another iteration,
-         * so exit loop.
-         */
-        if (last_reasons == ctx->current_reasons) {
-            ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
-            ok = ctx->verify_cb(0, ctx);
-            goto err;
-        }
-    }
- err:
-    X509_CRL_free(crl);
-    X509_CRL_free(dcrl);
-
-    ctx->current_crl = NULL;
-    return ok;
-
-}
-
-/* Check CRL times against values in X509_STORE_CTX */
-
-static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
-{
-    time_t *ptime;
-    int i;
-    if (notify)
-        ctx->current_crl = crl;
-    if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
-        ptime = &ctx->param->check_time;
-    else
-        ptime = NULL;
-
-    i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);
-    if (i == 0) {
-        if (!notify)
-            return 0;
-        ctx->error = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
-        if (!ctx->verify_cb(0, ctx))
-            return 0;
-    }
-
-    if (i > 0) {
-        if (!notify)
-            return 0;
-        ctx->error = X509_V_ERR_CRL_NOT_YET_VALID;
-        if (!ctx->verify_cb(0, ctx))
-            return 0;
-    }
-
-    if (X509_CRL_get_nextUpdate(crl)) {
-        i = X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime);
-
-        if (i == 0) {
-            if (!notify)
-                return 0;
-            ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
-            if (!ctx->verify_cb(0, ctx))
-                return 0;
-        }
-        /* Ignore expiry of base CRL is delta is valid */
-        if ((i < 0) && !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA)) {
-            if (!notify)
-                return 0;
-            ctx->error = X509_V_ERR_CRL_HAS_EXPIRED;
-            if (!ctx->verify_cb(0, ctx))
-                return 0;
-        }
-    }
-
-    if (notify)
-        ctx->current_crl = NULL;
-
-    return 1;
-}
-
-static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
-                      X509 **pissuer, int *pscore, unsigned int *preasons,
-                      STACK_OF(X509_CRL) *crls)
-{
-    int i, crl_score, best_score = *pscore;
-    unsigned int reasons, best_reasons = 0;
-    X509 *x = ctx->current_cert;
-    X509_CRL *crl, *best_crl = NULL;
-    X509 *crl_issuer = NULL, *best_crl_issuer = NULL;
-
-    for (i = 0; i < sk_X509_CRL_num(crls); i++) {
-        crl = sk_X509_CRL_value(crls, i);
-        reasons = *preasons;
-        crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x);
-
-        if (crl_score > best_score) {
-            best_crl = crl;
-            best_crl_issuer = crl_issuer;
-            best_score = crl_score;
-            best_reasons = reasons;
-        }
-    }
-
-    if (best_crl) {
-        if (*pcrl)
-            X509_CRL_free(*pcrl);
-        *pcrl = best_crl;
-        *pissuer = best_crl_issuer;
-        *pscore = best_score;
-        *preasons = best_reasons;
-        CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509_CRL);
-        if (*pdcrl) {
-            X509_CRL_free(*pdcrl);
-            *pdcrl = NULL;
-        }
-        get_delta_sk(ctx, pdcrl, pscore, best_crl, crls);
-    }
-
-    if (best_score >= CRL_SCORE_VALID)
-        return 1;
-
-    return 0;
-}
-
-/*
- * Compare two CRL extensions for delta checking purposes. They should be
- * both present or both absent. If both present all fields must be identical.
- */
-
-static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid)
-{
-    ASN1_OCTET_STRING *exta, *extb;
-    int i;
-    i = X509_CRL_get_ext_by_NID(a, nid, -1);
-    if (i >= 0) {
-        /* Can't have multiple occurrences */
-        if (X509_CRL_get_ext_by_NID(a, nid, i) != -1)
-            return 0;
-        exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i));
-    } else
-        exta = NULL;
-
-    i = X509_CRL_get_ext_by_NID(b, nid, -1);
-
-    if (i >= 0) {
-
-        if (X509_CRL_get_ext_by_NID(b, nid, i) != -1)
-            return 0;
-        extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i));
-    } else
-        extb = NULL;
-
-    if (!exta && !extb)
-        return 1;
-
-    if (!exta || !extb)
-        return 0;
-
-    if (ASN1_OCTET_STRING_cmp(exta, extb))
-        return 0;
-
-    return 1;
-}
-
-/* See if a base and delta are compatible */
-
-static int check_delta_base(X509_CRL *delta, X509_CRL *base)
-{
-    /* Delta CRL must be a delta */
-    if (!delta->base_crl_number)
-        return 0;
-    /* Base must have a CRL number */
-    if (!base->crl_number)
-        return 0;
-    /* Issuer names must match */
-    if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(delta)))
-        return 0;
-    /* AKID and IDP must match */
-    if (!crl_extension_match(delta, base, NID_authority_key_identifier))
-        return 0;
-    if (!crl_extension_match(delta, base, NID_issuing_distribution_point))
-        return 0;
-    /* Delta CRL base number must not exceed Full CRL number. */
-    if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0)
-        return 0;
-    /* Delta CRL number must exceed full CRL number */
-    if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0)
-        return 1;
-    return 0;
-}
-
-/*
- * For a given base CRL find a delta... maybe extend to delta scoring or
- * retrieve a chain of deltas...
- */
-
-static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore,
-                         X509_CRL *base, STACK_OF(X509_CRL) *crls)
-{
-    X509_CRL *delta;
-    int i;
-    if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS))
-        return;
-    if (!((ctx->current_cert->ex_flags | base->flags) & EXFLAG_FRESHEST))
-        return;
-    for (i = 0; i < sk_X509_CRL_num(crls); i++) {
-        delta = sk_X509_CRL_value(crls, i);
-        if (check_delta_base(delta, base)) {
-            if (check_crl_time(ctx, delta, 0))
-                *pscore |= CRL_SCORE_TIME_DELTA;
-            CRYPTO_add(&delta->references, 1, CRYPTO_LOCK_X509_CRL);
-            *dcrl = delta;
-            return;
-        }
-    }
-    *dcrl = NULL;
-}
-
-/*
- * For a given CRL return how suitable it is for the supplied certificate
- * 'x'. The return value is a mask of several criteria. If the issuer is not
- * the certificate issuer this is returned in *pissuer. The reasons mask is
- * also used to determine if the CRL is suitable: if no new reasons the CRL
- * is rejected, otherwise reasons is updated.
- */
-
-static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
-                         unsigned int *preasons, X509_CRL *crl, X509 *x)
-{
-
-    int crl_score = 0;
-    unsigned int tmp_reasons = *preasons, crl_reasons;
-
-    /* First see if we can reject CRL straight away */
-
-    /* Invalid IDP cannot be processed */
-    if (crl->idp_flags & IDP_INVALID)
-        return 0;
-    /* Reason codes or indirect CRLs need extended CRL support */
-    if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) {
-        if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS))
-            return 0;
-    } else if (crl->idp_flags & IDP_REASONS) {
-        /* If no new reasons reject */
-        if (!(crl->idp_reasons & ~tmp_reasons))
-            return 0;
-    }
-    /* Don't process deltas at this stage */
-    else if (crl->base_crl_number)
-        return 0;
-    /* If issuer name doesn't match certificate need indirect CRL */
-    if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl))) {
-        if (!(crl->idp_flags & IDP_INDIRECT))
-            return 0;
-    } else
-        crl_score |= CRL_SCORE_ISSUER_NAME;
-
-    if (!(crl->flags & EXFLAG_CRITICAL))
-        crl_score |= CRL_SCORE_NOCRITICAL;
-
-    /* Check expiry */
-    if (check_crl_time(ctx, crl, 0))
-        crl_score |= CRL_SCORE_TIME;
-
-    /* Check authority key ID and locate certificate issuer */
-    crl_akid_check(ctx, crl, pissuer, &crl_score);
-
-    /* If we can't locate certificate issuer at this point forget it */
-
-    if (!(crl_score & CRL_SCORE_AKID))
-        return 0;
-
-    /* Check cert for matching CRL distribution points */
-
-    if (crl_crldp_check(x, crl, crl_score, &crl_reasons)) {
-        /* If no new reasons reject */
-        if (!(crl_reasons & ~tmp_reasons))
-            return 0;
-        tmp_reasons |= crl_reasons;
-        crl_score |= CRL_SCORE_SCOPE;
-    }
-
-    *preasons = tmp_reasons;
-
-    return crl_score;
-
-}
-
-static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl,
-                           X509 **pissuer, int *pcrl_score)
-{
-    X509 *crl_issuer = NULL;
-    X509_NAME *cnm = X509_CRL_get_issuer(crl);
-    int cidx = ctx->error_depth;
-    int i;
-
-    if (cidx != sk_X509_num(ctx->chain) - 1)
-        cidx++;
-
-    crl_issuer = sk_X509_value(ctx->chain, cidx);
-
-    if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
-        if (*pcrl_score & CRL_SCORE_ISSUER_NAME) {
-            *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_ISSUER_CERT;
-            *pissuer = crl_issuer;
-            return;
-        }
-    }
-
-    for (cidx++; cidx < sk_X509_num(ctx->chain); cidx++) {
-        crl_issuer = sk_X509_value(ctx->chain, cidx);
-        if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
-            continue;
-        if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
-            *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_SAME_PATH;
-            *pissuer = crl_issuer;
-            return;
-        }
-    }
-
-    /* Anything else needs extended CRL support */
-
-    if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT))
-        return;
-
-    /*
-     * Otherwise the CRL issuer is not on the path. Look for it in the set of
-     * untrusted certificates.
-     */
-    for (i = 0; i < sk_X509_num(ctx->untrusted); i++) {
-        crl_issuer = sk_X509_value(ctx->untrusted, i);
-        if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
-            continue;
-        if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
-            *pissuer = crl_issuer;
-            *pcrl_score |= CRL_SCORE_AKID;
-            return;
-        }
-    }
-}
-
-/*
- * Check the path of a CRL issuer certificate. This creates a new
- * X509_STORE_CTX and populates it with most of the parameters from the
- * parent. This could be optimised somewhat since a lot of path checking will
- * be duplicated by the parent, but this will rarely be used in practice.
- */
-
-static int check_crl_path(X509_STORE_CTX *ctx, X509 *x)
-{
-    X509_STORE_CTX crl_ctx;
-    int ret;
-    /* Don't allow recursive CRL path validation */
-    if (ctx->parent)
-        return 0;
-    if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted))
-        return -1;
-
-    crl_ctx.crls = ctx->crls;
-    /* Copy verify params across */
-    X509_STORE_CTX_set0_param(&crl_ctx, ctx->param);
-
-    crl_ctx.parent = ctx;
-    crl_ctx.verify_cb = ctx->verify_cb;
-
-    /* Verify CRL issuer */
-    ret = X509_verify_cert(&crl_ctx);
-
-    if (ret <= 0)
-        goto err;
-
-    /* Check chain is acceptable */
-
-    ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain);
- err:
-    X509_STORE_CTX_cleanup(&crl_ctx);
-    return ret;
-}
-
-/*
- * RFC3280 says nothing about the relationship between CRL path and
- * certificate path, which could lead to situations where a certificate could
- * be revoked or validated by a CA not authorised to do so. RFC5280 is more
- * strict and states that the two paths must end in the same trust anchor,
- * though some discussions remain... until this is resolved we use the
- * RFC5280 version
- */
-
-static int check_crl_chain(X509_STORE_CTX *ctx,
-                           STACK_OF(X509) *cert_path,
-                           STACK_OF(X509) *crl_path)
-{
-    X509 *cert_ta, *crl_ta;
-    cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - 1);
-    crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - 1);
-    if (!X509_cmp(cert_ta, crl_ta))
-        return 1;
-    return 0;
-}
-
-/*-
- * Check for match between two dist point names: three separate cases.
- * 1. Both are relative names and compare X509_NAME types.
- * 2. One full, one relative. Compare X509_NAME to GENERAL_NAMES.
- * 3. Both are full names and compare two GENERAL_NAMES.
- * 4. One is NULL: automatic match.
- */
-
-static int idp_check_dp(DIST_POINT_NAME *a, DIST_POINT_NAME *b)
-{
-    X509_NAME *nm = NULL;
-    GENERAL_NAMES *gens = NULL;
-    GENERAL_NAME *gena, *genb;
-    int i, j;
-    if (!a || !b)
-        return 1;
-    if (a->type == 1) {
-        if (!a->dpname)
-            return 0;
-        /* Case 1: two X509_NAME */
-        if (b->type == 1) {
-            if (!b->dpname)
-                return 0;
-            if (!X509_NAME_cmp(a->dpname, b->dpname))
-                return 1;
-            else
-                return 0;
-        }
-        /* Case 2: set name and GENERAL_NAMES appropriately */
-        nm = a->dpname;
-        gens = b->name.fullname;
-    } else if (b->type == 1) {
-        if (!b->dpname)
-            return 0;
-        /* Case 2: set name and GENERAL_NAMES appropriately */
-        gens = a->name.fullname;
-        nm = b->dpname;
-    }
-
-    /* Handle case 2 with one GENERAL_NAMES and one X509_NAME */
-    if (nm) {
-        for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
-            gena = sk_GENERAL_NAME_value(gens, i);
-            if (gena->type != GEN_DIRNAME)
-                continue;
-            if (!X509_NAME_cmp(nm, gena->d.directoryName))
-                return 1;
-        }
-        return 0;
-    }
-
-    /* Else case 3: two GENERAL_NAMES */
-
-    for (i = 0; i < sk_GENERAL_NAME_num(a->name.fullname); i++) {
-        gena = sk_GENERAL_NAME_value(a->name.fullname, i);
-        for (j = 0; j < sk_GENERAL_NAME_num(b->name.fullname); j++) {
-            genb = sk_GENERAL_NAME_value(b->name.fullname, j);
-            if (!GENERAL_NAME_cmp(gena, genb))
-                return 1;
-        }
-    }
-
-    return 0;
-
-}
-
-static int crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score)
-{
-    int i;
-    X509_NAME *nm = X509_CRL_get_issuer(crl);
-    /* If no CRLissuer return is successful iff don't need a match */
-    if (!dp->CRLissuer)
-        return ! !(crl_score & CRL_SCORE_ISSUER_NAME);
-    for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) {
-        GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
-        if (gen->type != GEN_DIRNAME)
-            continue;
-        if (!X509_NAME_cmp(gen->d.directoryName, nm))
-            return 1;
-    }
-    return 0;
-}
-
-/* Check CRLDP and IDP */
-
-static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
-                           unsigned int *preasons)
-{
-    int i;
-    if (crl->idp_flags & IDP_ONLYATTR)
-        return 0;
-    if (x->ex_flags & EXFLAG_CA) {
-        if (crl->idp_flags & IDP_ONLYUSER)
-            return 0;
-    } else {
-        if (crl->idp_flags & IDP_ONLYCA)
-            return 0;
-    }
-    *preasons = crl->idp_reasons;
-    for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) {
-        DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, i);
-        if (crldp_check_crlissuer(dp, crl, crl_score)) {
-            if (!crl->idp || idp_check_dp(dp->distpoint, crl->idp->distpoint)) {
-                *preasons &= dp->dp_reasons;
-                return 1;
-            }
-        }
-    }
-    if ((!crl->idp || !crl->idp->distpoint)
-        && (crl_score & CRL_SCORE_ISSUER_NAME))
-        return 1;
-    return 0;
-}
-
-/*
- * Retrieve CRL corresponding to current certificate. If deltas enabled try
- * to find a delta CRL too
- */
-
-static int get_crl_delta(X509_STORE_CTX *ctx,
-                         X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x)
-{
-    int ok;
-    X509 *issuer = NULL;
-    int crl_score = 0;
-    unsigned int reasons;
-    X509_CRL *crl = NULL, *dcrl = NULL;
-    STACK_OF(X509_CRL) *skcrl;
-    X509_NAME *nm = X509_get_issuer_name(x);
-    reasons = ctx->current_reasons;
-    ok = get_crl_sk(ctx, &crl, &dcrl,
-                    &issuer, &crl_score, &reasons, ctx->crls);
-
-    if (ok)
-        goto done;
-
-    /* Lookup CRLs from store */
-
-    skcrl = ctx->lookup_crls(ctx, nm);
-
-    /* If no CRLs found and a near match from get_crl_sk use that */
-    if (!skcrl && crl)
-        goto done;
-
-    get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl);
-
-    sk_X509_CRL_pop_free(skcrl, X509_CRL_free);
-
- done:
-
-    /* If we got any kind of CRL use it and return success */
-    if (crl) {
-        ctx->current_issuer = issuer;
-        ctx->current_crl_score = crl_score;
-        ctx->current_reasons = reasons;
-        *pcrl = crl;
-        *pdcrl = dcrl;
-        return 1;
-    }
-
-    return 0;
-}
-
-/* Check CRL validity */
-static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
-{
-    X509 *issuer = NULL;
-    EVP_PKEY *ikey = NULL;
-    int ok = 0, chnum, cnum;
-    cnum = ctx->error_depth;
-    chnum = sk_X509_num(ctx->chain) - 1;
-    /* if we have an alternative CRL issuer cert use that */
-    if (ctx->current_issuer)
-        issuer = ctx->current_issuer;
-
-    /*
-     * Else find CRL issuer: if not last certificate then issuer is next
-     * certificate in chain.
-     */
-    else if (cnum < chnum)
-        issuer = sk_X509_value(ctx->chain, cnum + 1);
-    else {
-        issuer = sk_X509_value(ctx->chain, chnum);
-        /* If not self signed, can't check signature */
-        if (!ctx->check_issued(ctx, issuer, issuer)) {
-            ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
-            ok = ctx->verify_cb(0, ctx);
-            if (!ok)
-                goto err;
-        }
-    }
-
-    if (issuer) {
-        /*
-         * Skip most tests for deltas because they have already been done
-         */
-        if (!crl->base_crl_number) {
-            /* Check for cRLSign bit if keyUsage present */
-            if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
-                !(issuer->ex_kusage & KU_CRL_SIGN)) {
-                ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
-                ok = ctx->verify_cb(0, ctx);
-                if (!ok)
-                    goto err;
-            }
-
-            if (!(ctx->current_crl_score & CRL_SCORE_SCOPE)) {
-                ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE;
-                ok = ctx->verify_cb(0, ctx);
-                if (!ok)
-                    goto err;
-            }
-
-            if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH)) {
-                if (check_crl_path(ctx, ctx->current_issuer) <= 0) {
-                    ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR;
-                    ok = ctx->verify_cb(0, ctx);
-                    if (!ok)
-                        goto err;
-                }
-            }
-
-            if (crl->idp_flags & IDP_INVALID) {
-                ctx->error = X509_V_ERR_INVALID_EXTENSION;
-                ok = ctx->verify_cb(0, ctx);
-                if (!ok)
-                    goto err;
-            }
-
-        }
-
-        if (!(ctx->current_crl_score & CRL_SCORE_TIME)) {
-            ok = check_crl_time(ctx, crl, 1);
-            if (!ok)
-                goto err;
-        }
-
-        /* Attempt to get issuer certificate public key */
-        ikey = X509_get_pubkey(issuer);
-
-        if (!ikey) {
-            ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
-            ok = ctx->verify_cb(0, ctx);
-            if (!ok)
-                goto err;
-        } else {
-            /* Verify CRL signature */
-            if (X509_CRL_verify(crl, ikey) <= 0) {
-                ctx->error = X509_V_ERR_CRL_SIGNATURE_FAILURE;
-                ok = ctx->verify_cb(0, ctx);
-                if (!ok)
-                    goto err;
-            }
-        }
-    }
-
-    ok = 1;
-
- err:
-    EVP_PKEY_free(ikey);
-    return ok;
-}
-
-/* Check certificate against CRL */
-static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
-{
-    int ok;
-    X509_REVOKED *rev;
-    /*
-     * The rules changed for this... previously if a CRL contained unhandled
-     * critical extensions it could still be used to indicate a certificate
-     * was revoked. This has since been changed since critical extension can
-     * change the meaning of CRL entries.
-     */
-    if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
-        && (crl->flags & EXFLAG_CRITICAL)) {
-        ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
-        ok = ctx->verify_cb(0, ctx);
-        if (!ok)
-            return 0;
-    }
-    /*
-     * Look for serial number of certificate in CRL If found make sure reason
-     * is not removeFromCRL.
-     */
-    if (X509_CRL_get0_by_cert(crl, &rev, x)) {
-        if (rev->reason == CRL_REASON_REMOVE_FROM_CRL)
-            return 2;
-        ctx->error = X509_V_ERR_CERT_REVOKED;
-        ok = ctx->verify_cb(0, ctx);
-        if (!ok)
-            return 0;
-    }
-
-    return 1;
-}
-
-static int check_policy(X509_STORE_CTX *ctx)
-{
-    int ret;
-    if (ctx->parent)
-        return 1;
-    ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
-                            ctx->param->policies, ctx->param->flags);
-    if (ret == 0) {
-        X509err(X509_F_CHECK_POLICY, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-    /* Invalid or inconsistent extensions */
-    if (ret == -1) {
-        /*
-         * Locate certificates with bad extensions and notify callback.
-         */
-        X509 *x;
-        int i;
-        for (i = 1; i < sk_X509_num(ctx->chain); i++) {
-            x = sk_X509_value(ctx->chain, i);
-            if (!(x->ex_flags & EXFLAG_INVALID_POLICY))
-                continue;
-            ctx->current_cert = x;
-            ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION;
-            if (!ctx->verify_cb(0, ctx))
-                return 0;
-        }
-        return 1;
-    }
-    if (ret == -2) {
-        ctx->current_cert = NULL;
-        ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY;
-        return ctx->verify_cb(0, ctx);
-    }
-
-    if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) {
-        ctx->current_cert = NULL;
-        ctx->error = X509_V_OK;
-        if (!ctx->verify_cb(2, ctx))
-            return 0;
-    }
-
-    return 1;
-}
-
-static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
-{
-    time_t *ptime;
-    int i;
-
-    if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
-        ptime = &ctx->param->check_time;
-    else
-        ptime = NULL;
-
-    i = X509_cmp_time(X509_get_notBefore(x), ptime);
-    if (i == 0) {
-        ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
-        ctx->current_cert = x;
-        if (!ctx->verify_cb(0, ctx))
-            return 0;
-    }
-
-    if (i > 0) {
-        ctx->error = X509_V_ERR_CERT_NOT_YET_VALID;
-        ctx->current_cert = x;
-        if (!ctx->verify_cb(0, ctx))
-            return 0;
-    }
-
-    i = X509_cmp_time(X509_get_notAfter(x), ptime);
-    if (i == 0) {
-        ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
-        ctx->current_cert = x;
-        if (!ctx->verify_cb(0, ctx))
-            return 0;
-    }
-
-    if (i < 0) {
-        ctx->error = X509_V_ERR_CERT_HAS_EXPIRED;
-        ctx->current_cert = x;
-        if (!ctx->verify_cb(0, ctx))
-            return 0;
-    }
-
-    return 1;
-}
-
-static int internal_verify(X509_STORE_CTX *ctx)
-{
-    int ok = 0, n;
-    X509 *xs, *xi;
-    EVP_PKEY *pkey = NULL;
-    int (*cb) (int xok, X509_STORE_CTX *xctx);
-
-    cb = ctx->verify_cb;
-
-    n = sk_X509_num(ctx->chain);
-    ctx->error_depth = n - 1;
-    n--;
-    xi = sk_X509_value(ctx->chain, n);
-
-    if (ctx->check_issued(ctx, xi, xi))
-        xs = xi;
-    else {
-        if (n <= 0) {
-            ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
-            ctx->current_cert = xi;
-            ok = cb(0, ctx);
-            goto end;
-        } else {
-            n--;
-            ctx->error_depth = n;
-            xs = sk_X509_value(ctx->chain, n);
-        }
-    }
-
-/*      ctx->error=0;  not needed */
-    while (n >= 0) {
-        ctx->error_depth = n;
-
-        /*
-         * Skip signature check for self signed certificates unless
-         * explicitly asked for. It doesn't add any security and just wastes
-         * time.
-         */
-        if (!xs->valid
-            && (xs != xi
-                || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE))) {
-            if ((pkey = X509_get_pubkey(xi)) == NULL) {
-                ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
-                ctx->current_cert = xi;
-                ok = (*cb) (0, ctx);
-                if (!ok)
-                    goto end;
-            } else if (X509_verify(xs, pkey) <= 0) {
-                ctx->error = X509_V_ERR_CERT_SIGNATURE_FAILURE;
-                ctx->current_cert = xs;
-                ok = (*cb) (0, ctx);
-                if (!ok) {
-                    EVP_PKEY_free(pkey);
-                    goto end;
-                }
-            }
-            EVP_PKEY_free(pkey);
-            pkey = NULL;
-        }
-
-        xs->valid = 1;
-
-        ok = check_cert_time(ctx, xs);
-        if (!ok)
-            goto end;
-
-        /* The last error (if any) is still in the error value */
-        ctx->current_issuer = xi;
-        ctx->current_cert = xs;
-        ok = (*cb) (1, ctx);
-        if (!ok)
-            goto end;
-
-        n--;
-        if (n >= 0) {
-            xi = xs;
-            xs = sk_X509_value(ctx->chain, n);
-        }
-    }
-    ok = 1;
- end:
-    return ok;
-}
-
-int X509_cmp_current_time(const ASN1_TIME *ctm)
-{
-    return X509_cmp_time(ctm, NULL);
-}
-
-int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time)
-{
-    char *str;
-    ASN1_TIME atm;
-    long offset;
-    char buff1[24], buff2[24], *p;
-    int i, j, remaining;
-
-    p = buff1;
-    remaining = ctm->length;
-    str = (char *)ctm->data;
-    /*
-     * Note that the following (historical) code allows much more slack in the
-     * time format than RFC5280. In RFC5280, the representation is fixed:
-     * UTCTime: YYMMDDHHMMSSZ
-     * GeneralizedTime: YYYYMMDDHHMMSSZ
-     */
-    if (ctm->type == V_ASN1_UTCTIME) {
-        /* YYMMDDHHMM[SS]Z or YYMMDDHHMM[SS](+-)hhmm */
-        int min_length = sizeof("YYMMDDHHMMZ") - 1;
-        int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1;
-        if (remaining < min_length || remaining > max_length)
-            return 0;
-        memcpy(p, str, 10);
-        p += 10;
-        str += 10;
-        remaining -= 10;
-    } else {
-        /* YYYYMMDDHHMM[SS[.fff]]Z or YYYYMMDDHHMM[SS[.f[f[f]]]](+-)hhmm */
-        int min_length = sizeof("YYYYMMDDHHMMZ") - 1;
-        int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1;
-        if (remaining < min_length || remaining > max_length)
-            return 0;
-        memcpy(p, str, 12);
-        p += 12;
-        str += 12;
-        remaining -= 12;
-    }
-
-    if ((*str == 'Z') || (*str == '-') || (*str == '+')) {
-        *(p++) = '0';
-        *(p++) = '0';
-    } else {
-        /* SS (seconds) */
-        if (remaining < 2)
-            return 0;
-        *(p++) = *(str++);
-        *(p++) = *(str++);
-        remaining -= 2;
-        /*
-         * Skip any (up to three) fractional seconds...
-         * TODO(emilia): in RFC5280, fractional seconds are forbidden.
-         * Can we just kill them altogether?
-         */
-        if (remaining && *str == '.') {
-            str++;
-            remaining--;
-            for (i = 0; i < 3 && remaining; i++, str++, remaining--) {
-                if (*str < '0' || *str > '9')
-                    break;
-            }
-        }
-
-    }
-    *(p++) = 'Z';
-    *(p++) = '\0';
-
-    /* We now need either a terminating 'Z' or an offset. */
-    if (!remaining)
-        return 0;
-    if (*str == 'Z') {
-        if (remaining != 1)
-            return 0;
-        offset = 0;
-    } else {
-        /* (+-)HHMM */
-        if ((*str != '+') && (*str != '-'))
-            return 0;
-        /* Historical behaviour: the (+-)hhmm offset is forbidden in RFC5280. */
-        if (remaining != 5)
-            return 0;
-        if (str[1] < '0' || str[1] > '9' || str[2] < '0' || str[2] > '9' ||
-            str[3] < '0' || str[3] > '9' || str[4] < '0' || str[4] > '9')
-            return 0;
-        offset = ((str[1] - '0') * 10 + (str[2] - '0')) * 60;
-        offset += (str[3] - '0') * 10 + (str[4] - '0');
-        if (*str == '-')
-            offset = -offset;
-    }
-    atm.type = ctm->type;
-    atm.flags = 0;
-    atm.length = sizeof(buff2);
-    atm.data = (unsigned char *)buff2;
-
-    if (X509_time_adj(&atm, offset * 60, cmp_time) == NULL)
-        return 0;
-
-    if (ctm->type == V_ASN1_UTCTIME) {
-        i = (buff1[0] - '0') * 10 + (buff1[1] - '0');
-        if (i < 50)
-            i += 100;           /* cf. RFC 2459 */
-        j = (buff2[0] - '0') * 10 + (buff2[1] - '0');
-        if (j < 50)
-            j += 100;
-
-        if (i < j)
-            return -1;
-        if (i > j)
-            return 1;
-    }
-    i = strcmp(buff1, buff2);
-    if (i == 0)                 /* wait a second then return younger :-) */
-        return -1;
-    else
-        return i;
-}
-
-ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
-{
-    return X509_time_adj(s, adj, NULL);
-}
-
-ASN1_TIME *X509_time_adj(ASN1_TIME *s, long offset_sec, time_t *in_tm)
-{
-    return X509_time_adj_ex(s, 0, offset_sec, in_tm);
-}
-
-ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s,
-                            int offset_day, long offset_sec, time_t *in_tm)
-{
-    time_t t;
-
-    if (in_tm)
-        t = *in_tm;
-    else
-        time(&t);
-
-    if (s && !(s->flags & ASN1_STRING_FLAG_MSTRING)) {
-        if (s->type == V_ASN1_UTCTIME)
-            return ASN1_UTCTIME_adj(s, t, offset_day, offset_sec);
-        if (s->type == V_ASN1_GENERALIZEDTIME)
-            return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec);
-    }
-    return ASN1_TIME_adj(s, t, offset_day, offset_sec);
-}
-
-int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
-{
-    EVP_PKEY *ktmp = NULL, *ktmp2;
-    int i, j;
-
-    if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey))
-        return 1;
-
-    for (i = 0; i < sk_X509_num(chain); i++) {
-        ktmp = X509_get_pubkey(sk_X509_value(chain, i));
-        if (ktmp == NULL) {
-            X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,
-                    X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
-            return 0;
-        }
-        if (!EVP_PKEY_missing_parameters(ktmp))
-            break;
-        else {
-            EVP_PKEY_free(ktmp);
-            ktmp = NULL;
-        }
-    }
-    if (ktmp == NULL) {
-        X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,
-                X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);
-        return 0;
-    }
-
-    /* first, populate the other certs */
-    for (j = i - 1; j >= 0; j--) {
-        ktmp2 = X509_get_pubkey(sk_X509_value(chain, j));
-        EVP_PKEY_copy_parameters(ktmp2, ktmp);
-        EVP_PKEY_free(ktmp2);
-    }
-
-    if (pkey != NULL)
-        EVP_PKEY_copy_parameters(pkey, ktmp);
-    EVP_PKEY_free(ktmp);
-    return 1;
-}
-
-int X509_STORE_CTX_get_ex_new_index(long argl, void *argp,
-                                    CRYPTO_EX_new *new_func,
-                                    CRYPTO_EX_dup *dup_func,
-                                    CRYPTO_EX_free *free_func)
-{
-    /*
-     * This function is (usually) called only once, by
-     * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c).
-     */
-    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp,
-                                   new_func, dup_func, free_func);
-}
-
-int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
-{
-    return CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
-}
-
-void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)
-{
-    return CRYPTO_get_ex_data(&ctx->ex_data, idx);
-}
-
-int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
-{
-    return ctx->error;
-}
-
-void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
-{
-    ctx->error = err;
-}
-
-int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
-{
-    return ctx->error_depth;
-}
-
-X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
-{
-    return ctx->current_cert;
-}
-
-STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
-{
-    return ctx->chain;
-}
-
-STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
-{
-    int i;
-    X509 *x;
-    STACK_OF(X509) *chain;
-    if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain)))
-        return NULL;
-    for (i = 0; i < sk_X509_num(chain); i++) {
-        x = sk_X509_value(chain, i);
-        CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-    }
-    return chain;
-}
-
-X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx)
-{
-    return ctx->current_issuer;
-}
-
-X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx)
-{
-    return ctx->current_crl;
-}
-
-X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx)
-{
-    return ctx->parent;
-}
-
-void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
-{
-    ctx->cert = x;
-}
-
-void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
-{
-    ctx->untrusted = sk;
-}
-
-void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk)
-{
-    ctx->crls = sk;
-}
-
-int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)
-{
-    return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
-}
-
-int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)
-{
-    return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
-}
-
-/*
- * This function is used to set the X509_STORE_CTX purpose and trust values.
- * This is intended to be used when another structure has its own trust and
- * purpose values which (if set) will be inherited by the ctx. If they aren't
- * set then we will usually have a default purpose in mind which should then
- * be used to set the trust value. An example of this is SSL use: an SSL
- * structure will have its own purpose and trust settings which the
- * application can set: if they aren't set then we use the default of SSL
- * client/server.
- */
-
-int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
-                                   int purpose, int trust)
-{
-    int idx;
-    /* If purpose not set use default */
-    if (!purpose)
-        purpose = def_purpose;
-    /* If we have a purpose then check it is valid */
-    if (purpose) {
-        X509_PURPOSE *ptmp;
-        idx = X509_PURPOSE_get_by_id(purpose);
-        if (idx == -1) {
-            X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
-                    X509_R_UNKNOWN_PURPOSE_ID);
-            return 0;
-        }
-        ptmp = X509_PURPOSE_get0(idx);
-        if (ptmp->trust == X509_TRUST_DEFAULT) {
-            idx = X509_PURPOSE_get_by_id(def_purpose);
-            if (idx == -1) {
-                X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
-                        X509_R_UNKNOWN_PURPOSE_ID);
-                return 0;
-            }
-            ptmp = X509_PURPOSE_get0(idx);
-        }
-        /* If trust not set then get from purpose default */
-        if (!trust)
-            trust = ptmp->trust;
-    }
-    if (trust) {
-        idx = X509_TRUST_get_by_id(trust);
-        if (idx == -1) {
-            X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
-                    X509_R_UNKNOWN_TRUST_ID);
-            return 0;
-        }
-    }
-
-    if (purpose && !ctx->param->purpose)
-        ctx->param->purpose = purpose;
-    if (trust && !ctx->param->trust)
-        ctx->param->trust = trust;
-    return 1;
-}
-
-X509_STORE_CTX *X509_STORE_CTX_new(void)
-{
-    X509_STORE_CTX *ctx;
-    ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
-    if (!ctx) {
-        X509err(X509_F_X509_STORE_CTX_NEW, ERR_R_MALLOC_FAILURE);
-        return NULL;
-    }
-    memset(ctx, 0, sizeof(X509_STORE_CTX));
-    return ctx;
-}
-
-void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
-{
-    if (!ctx)
-        return;
-    X509_STORE_CTX_cleanup(ctx);
-    OPENSSL_free(ctx);
-}
-
-int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
-                        STACK_OF(X509) *chain)
-{
-    int ret = 1;
-    ctx->ctx = store;
-    ctx->current_method = 0;
-    ctx->cert = x509;
-    ctx->untrusted = chain;
-    ctx->crls = NULL;
-    ctx->last_untrusted = 0;
-    ctx->other_ctx = NULL;
-    ctx->valid = 0;
-    ctx->chain = NULL;
-    ctx->error = 0;
-    ctx->explicit_policy = 0;
-    ctx->error_depth = 0;
-    ctx->current_cert = NULL;
-    ctx->current_issuer = NULL;
-    ctx->current_crl = NULL;
-    ctx->current_crl_score = 0;
-    ctx->current_reasons = 0;
-    ctx->tree = NULL;
-    ctx->parent = NULL;
-
-    ctx->param = X509_VERIFY_PARAM_new();
-
-    if (!ctx->param) {
-        X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-
-    /*
-     * Inherit callbacks and flags from X509_STORE if not set use defaults.
-     */
-
-    if (store)
-        ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
-    else
-        ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT | X509_VP_FLAG_ONCE;
-
-    if (store) {
-        ctx->verify_cb = store->verify_cb;
-        ctx->cleanup = store->cleanup;
-    } else
-        ctx->cleanup = 0;
-
-    if (ret)
-        ret = X509_VERIFY_PARAM_inherit(ctx->param,
-                                        X509_VERIFY_PARAM_lookup("default"));
-
-    if (ret == 0) {
-        X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-
-    if (store && store->check_issued)
-        ctx->check_issued = store->check_issued;
-    else
-        ctx->check_issued = check_issued;
-
-    if (store && store->get_issuer)
-        ctx->get_issuer = store->get_issuer;
-    else
-        ctx->get_issuer = X509_STORE_CTX_get1_issuer;
-
-    if (store && store->verify_cb)
-        ctx->verify_cb = store->verify_cb;
-    else
-        ctx->verify_cb = null_callback;
-
-    if (store && store->verify)
-        ctx->verify = store->verify;
-    else
-        ctx->verify = internal_verify;
-
-    if (store && store->check_revocation)
-        ctx->check_revocation = store->check_revocation;
-    else
-        ctx->check_revocation = check_revocation;
-
-    if (store && store->get_crl)
-        ctx->get_crl = store->get_crl;
-    else
-        ctx->get_crl = NULL;
-
-    if (store && store->check_crl)
-        ctx->check_crl = store->check_crl;
-    else
-        ctx->check_crl = check_crl;
-
-    if (store && store->cert_crl)
-        ctx->cert_crl = store->cert_crl;
-    else
-        ctx->cert_crl = cert_crl;
-
-    if (store && store->lookup_certs)
-        ctx->lookup_certs = store->lookup_certs;
-    else
-        ctx->lookup_certs = X509_STORE_get1_certs;
-
-    if (store && store->lookup_crls)
-        ctx->lookup_crls = store->lookup_crls;
-    else
-        ctx->lookup_crls = X509_STORE_get1_crls;
-
-    ctx->check_policy = check_policy;
-
-    /*
-     * This memset() can't make any sense anyway, so it's removed. As
-     * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a
-     * corresponding "new" here and remove this bogus initialisation.
-     */
-    /* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */
-    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
-                            &(ctx->ex_data))) {
-        OPENSSL_free(ctx);
-        X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-    return 1;
-}
-
-/*
- * Set alternative lookup method: just a STACK of trusted certificates. This
- * avoids X509_STORE nastiness where it isn't needed.
- */
-
-void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
-{
-    ctx->other_ctx = sk;
-    ctx->get_issuer = get_issuer_sk;
-}
-
-void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
-{
-    if (ctx->cleanup)
-        ctx->cleanup(ctx);
-    if (ctx->param != NULL) {
-        if (ctx->parent == NULL)
-            X509_VERIFY_PARAM_free(ctx->param);
-        ctx->param = NULL;
-    }
-    if (ctx->tree != NULL) {
-        X509_policy_tree_free(ctx->tree);
-        ctx->tree = NULL;
-    }
-    if (ctx->chain != NULL) {
-        sk_X509_pop_free(ctx->chain, X509_free);
-        ctx->chain = NULL;
-    }
-    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
-    memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA));
-}
-
-void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth)
-{
-    X509_VERIFY_PARAM_set_depth(ctx->param, depth);
-}
-
-void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags)
-{
-    X509_VERIFY_PARAM_set_flags(ctx->param, flags);
-}
-
-void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
-                             time_t t)
-{
-    X509_VERIFY_PARAM_set_time(ctx->param, t);
-}
-
-void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
-                                  int (*verify_cb) (int, X509_STORE_CTX *))
-{
-    ctx->verify_cb = verify_cb;
-}
-
-X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx)
-{
-    return ctx->tree;
-}
-
-int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx)
-{
-    return ctx->explicit_policy;
-}
-
-int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name)
-{
-    const X509_VERIFY_PARAM *param;
-    param = X509_VERIFY_PARAM_lookup(name);
-    if (!param)
-        return 0;
-    return X509_VERIFY_PARAM_inherit(ctx->param, param);
-}
-
-X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx)
-{
-    return ctx->param;
-}
-
-void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param)
-{
-    if (ctx->param)
-        X509_VERIFY_PARAM_free(ctx->param);
-    ctx->param = param;
-}
-
-IMPLEMENT_STACK_OF(X509)
-
-IMPLEMENT_ASN1_SET_OF(X509)
-
-IMPLEMENT_STACK_OF(X509_NAME)
-
-IMPLEMENT_STACK_OF(X509_ATTRIBUTE)
-
-IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE)

Copied: vendor-crypto/openssl/1.0.1u/crypto/x509/x509_vfy.c (from rev 11605, vendor-crypto/openssl/dist/crypto/x509/x509_vfy.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/x509/x509_vfy.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/x509/x509_vfy.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,2350 @@
+/* crypto/x509/x509_vfy.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <errno.h>
+
+#include "cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/lhash.h>
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/objects.h>
+
+/* CRL score values */
+
+/* No unhandled critical extensions */
+
+#define CRL_SCORE_NOCRITICAL    0x100
+
+/* certificate is within CRL scope */
+
+#define CRL_SCORE_SCOPE         0x080
+
+/* CRL times valid */
+
+#define CRL_SCORE_TIME          0x040
+
+/* Issuer name matches certificate */
+
+#define CRL_SCORE_ISSUER_NAME   0x020
+
+/* If this score or above CRL is probably valid */
+
+#define CRL_SCORE_VALID (CRL_SCORE_NOCRITICAL|CRL_SCORE_TIME|CRL_SCORE_SCOPE)
+
+/* CRL issuer is certificate issuer */
+
+#define CRL_SCORE_ISSUER_CERT   0x018
+
+/* CRL issuer is on certificate path */
+
+#define CRL_SCORE_SAME_PATH     0x008
+
+/* CRL issuer matches CRL AKID */
+
+#define CRL_SCORE_AKID          0x004
+
+/* Have a delta CRL with valid times */
+
+#define CRL_SCORE_TIME_DELTA    0x002
+
+static int null_callback(int ok, X509_STORE_CTX *e);
+static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
+static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x);
+static int check_chain_extensions(X509_STORE_CTX *ctx);
+static int check_name_constraints(X509_STORE_CTX *ctx);
+static int check_trust(X509_STORE_CTX *ctx);
+static int check_revocation(X509_STORE_CTX *ctx);
+static int check_cert(X509_STORE_CTX *ctx);
+static int check_policy(X509_STORE_CTX *ctx);
+
+static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
+                         unsigned int *preasons, X509_CRL *crl, X509 *x);
+static int get_crl_delta(X509_STORE_CTX *ctx,
+                         X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x);
+static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl,
+                         int *pcrl_score, X509_CRL *base,
+                         STACK_OF(X509_CRL) *crls);
+static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer,
+                           int *pcrl_score);
+static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
+                           unsigned int *preasons);
+static int check_crl_path(X509_STORE_CTX *ctx, X509 *x);
+static int check_crl_chain(X509_STORE_CTX *ctx,
+                           STACK_OF(X509) *cert_path,
+                           STACK_OF(X509) *crl_path);
+
+static int internal_verify(X509_STORE_CTX *ctx);
+const char X509_version[] = "X.509" OPENSSL_VERSION_PTEXT;
+
+static int null_callback(int ok, X509_STORE_CTX *e)
+{
+    return ok;
+}
+
+#if 0
+static int x509_subject_cmp(X509 **a, X509 **b)
+{
+    return X509_subject_name_cmp(*a, *b);
+}
+#endif
+
+int X509_verify_cert(X509_STORE_CTX *ctx)
+{
+    X509 *x, *xtmp, *xtmp2, *chain_ss = NULL;
+    int bad_chain = 0;
+    X509_VERIFY_PARAM *param = ctx->param;
+    int depth, i, ok = 0;
+    int num, j, retry;
+    int (*cb) (int xok, X509_STORE_CTX *xctx);
+    STACK_OF(X509) *sktmp = NULL;
+    if (ctx->cert == NULL) {
+        X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
+        ctx->error = X509_V_ERR_INVALID_CALL;
+        return -1;
+    }
+    if (ctx->chain != NULL) {
+        /*
+         * This X509_STORE_CTX has already been used to verify a cert. We
+         * cannot do another one.
+         */
+        X509err(X509_F_X509_VERIFY_CERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        ctx->error = X509_V_ERR_INVALID_CALL;
+        return -1;
+    }
+
+    cb = ctx->verify_cb;
+
+    /*
+     * first we make sure the chain we are going to build is present and that
+     * the first entry is in place
+     */
+    if (((ctx->chain = sk_X509_new_null()) == NULL) ||
+        (!sk_X509_push(ctx->chain, ctx->cert))) {
+        X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+        ctx->error = X509_V_ERR_OUT_OF_MEM;
+        ok = -1;
+        goto end;
+    }
+    CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509);
+    ctx->last_untrusted = 1;
+
+    /* We use a temporary STACK so we can chop and hack at it */
+    if (ctx->untrusted != NULL
+        && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
+        X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+        ctx->error = X509_V_ERR_OUT_OF_MEM;
+        ok = -1;
+        goto end;
+    }
+
+    num = sk_X509_num(ctx->chain);
+    x = sk_X509_value(ctx->chain, num - 1);
+    depth = param->depth;
+
+    for (;;) {
+        /* If we have enough, we break */
+        if (depth < num)
+            break;              /* FIXME: If this happens, we should take
+                                 * note of it and, if appropriate, use the
+                                 * X509_V_ERR_CERT_CHAIN_TOO_LONG error code
+                                 * later. */
+
+        /* If we are self signed, we break */
+        if (ctx->check_issued(ctx, x, x))
+            break;
+
+        /* If we were passed a cert chain, use it first */
+        if (ctx->untrusted != NULL) {
+            xtmp = find_issuer(ctx, sktmp, x);
+            if (xtmp != NULL) {
+                if (!sk_X509_push(ctx->chain, xtmp)) {
+                    X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+                    ctx->error = X509_V_ERR_OUT_OF_MEM;
+                    ok = -1;
+                    goto end;
+                }
+                CRYPTO_add(&xtmp->references, 1, CRYPTO_LOCK_X509);
+                (void)sk_X509_delete_ptr(sktmp, xtmp);
+                ctx->last_untrusted++;
+                x = xtmp;
+                num++;
+                /*
+                 * reparse the full chain for the next one
+                 */
+                continue;
+            }
+        }
+        break;
+    }
+
+    /* Remember how many untrusted certs we have */
+    j = num;
+    /*
+     * at this point, chain should contain a list of untrusted certificates.
+     * We now need to add at least one trusted one, if possible, otherwise we
+     * complain.
+     */
+
+    do {
+        /*
+         * Examine last certificate in chain and see if it is self signed.
+         */
+        i = sk_X509_num(ctx->chain);
+        x = sk_X509_value(ctx->chain, i - 1);
+        if (ctx->check_issued(ctx, x, x)) {
+            /* we have a self signed certificate */
+            if (sk_X509_num(ctx->chain) == 1) {
+                /*
+                 * We have a single self signed certificate: see if we can
+                 * find it in the store. We must have an exact match to avoid
+                 * possible impersonation.
+                 */
+                ok = ctx->get_issuer(&xtmp, ctx, x);
+                if ((ok <= 0) || X509_cmp(x, xtmp)) {
+                    ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
+                    ctx->current_cert = x;
+                    ctx->error_depth = i - 1;
+                    if (ok == 1)
+                        X509_free(xtmp);
+                    bad_chain = 1;
+                    ok = cb(0, ctx);
+                    if (!ok)
+                        goto end;
+                } else {
+                    /*
+                     * We have a match: replace certificate with store
+                     * version so we get any trust settings.
+                     */
+                    X509_free(x);
+                    x = xtmp;
+                    (void)sk_X509_set(ctx->chain, i - 1, x);
+                    ctx->last_untrusted = 0;
+                }
+            } else {
+                /*
+                 * extract and save self signed certificate for later use
+                 */
+                chain_ss = sk_X509_pop(ctx->chain);
+                ctx->last_untrusted--;
+                num--;
+                j--;
+                x = sk_X509_value(ctx->chain, num - 1);
+            }
+        }
+        /* We now lookup certs from the certificate store */
+        for (;;) {
+            /* If we have enough, we break */
+            if (depth < num)
+                break;
+            /* If we are self signed, we break */
+            if (ctx->check_issued(ctx, x, x))
+                break;
+            ok = ctx->get_issuer(&xtmp, ctx, x);
+            if (ok < 0) {
+                ctx->error = X509_V_ERR_STORE_LOOKUP;
+                goto end;
+            }
+            if (ok == 0)
+                break;
+            x = xtmp;
+            if (!sk_X509_push(ctx->chain, x)) {
+                X509_free(xtmp);
+                X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+                ctx->error = X509_V_ERR_OUT_OF_MEM;
+                ok = -1;
+                goto end;
+            }
+            num++;
+        }
+
+        /*
+         * If we haven't got a least one certificate from our store then check
+         * if there is an alternative chain that could be used.  We only do this
+         * if the user hasn't switched off alternate chain checking
+         */
+        retry = 0;
+        if (num == ctx->last_untrusted &&
+            !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) {
+            while (j-- > 1) {
+                xtmp2 = sk_X509_value(ctx->chain, j - 1);
+                ok = ctx->get_issuer(&xtmp, ctx, xtmp2);
+                if (ok < 0) {
+                    ctx->error = X509_V_ERR_STORE_LOOKUP;
+                    goto end;
+                }
+                /* Check if we found an alternate chain */
+                if (ok > 0) {
+                    /*
+                     * Free up the found cert we'll add it again later
+                     */
+                    X509_free(xtmp);
+
+                    /*
+                     * Dump all the certs above this point - we've found an
+                     * alternate chain
+                     */
+                    while (num > j) {
+                        xtmp = sk_X509_pop(ctx->chain);
+                        X509_free(xtmp);
+                        num--;
+                    }
+                    ctx->last_untrusted = sk_X509_num(ctx->chain);
+                    retry = 1;
+                    break;
+                }
+            }
+        }
+    } while (retry);
+
+    /* Is last certificate looked up self signed? */
+    if (!ctx->check_issued(ctx, x, x)) {
+        if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) {
+            if (ctx->last_untrusted >= num)
+                ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
+            else
+                ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
+            ctx->current_cert = x;
+        } else {
+
+            sk_X509_push(ctx->chain, chain_ss);
+            num++;
+            ctx->last_untrusted = num;
+            ctx->current_cert = chain_ss;
+            ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
+            chain_ss = NULL;
+        }
+
+        ctx->error_depth = num - 1;
+        bad_chain = 1;
+        ok = cb(0, ctx);
+        if (!ok)
+            goto end;
+    }
+
+    /* We have the chain complete: now we need to check its purpose */
+    ok = check_chain_extensions(ctx);
+
+    if (!ok)
+        goto end;
+
+    /* Check name constraints */
+
+    ok = check_name_constraints(ctx);
+
+    if (!ok)
+        goto end;
+
+    /* The chain extensions are OK: check trust */
+
+    if (param->trust > 0)
+        ok = check_trust(ctx);
+
+    if (!ok)
+        goto end;
+
+    /* We may as well copy down any DSA parameters that are required */
+    X509_get_pubkey_parameters(NULL, ctx->chain);
+
+    /*
+     * Check revocation status: we do this after copying parameters because
+     * they may be needed for CRL signature verification.
+     */
+
+    ok = ctx->check_revocation(ctx);
+    if (!ok)
+        goto end;
+
+    /* At this point, we have a chain and need to verify it */
+    if (ctx->verify != NULL)
+        ok = ctx->verify(ctx);
+    else
+        ok = internal_verify(ctx);
+    if (!ok)
+        goto end;
+
+#ifndef OPENSSL_NO_RFC3779
+    /* RFC 3779 path validation, now that CRL check has been done */
+    ok = v3_asid_validate_path(ctx);
+    if (!ok)
+        goto end;
+    ok = v3_addr_validate_path(ctx);
+    if (!ok)
+        goto end;
+#endif
+
+    /* If we get this far evaluate policies */
+    if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
+        ok = ctx->check_policy(ctx);
+    if (!ok)
+        goto end;
+    if (0) {
+ end:
+        X509_get_pubkey_parameters(NULL, ctx->chain);
+    }
+    if (sktmp != NULL)
+        sk_X509_free(sktmp);
+    if (chain_ss != NULL)
+        X509_free(chain_ss);
+
+    /* Safety net, error returns must set ctx->error */
+    if (ok <= 0 && ctx->error == X509_V_OK)
+        ctx->error = X509_V_ERR_UNSPECIFIED;
+    return ok;
+}
+
+/*
+ * Given a STACK_OF(X509) find the issuer of cert (if any)
+ */
+
+static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
+{
+    int i;
+    X509 *issuer;
+    for (i = 0; i < sk_X509_num(sk); i++) {
+        issuer = sk_X509_value(sk, i);
+        if (ctx->check_issued(ctx, x, issuer))
+            return issuer;
+    }
+    return NULL;
+}
+
+/* Given a possible certificate and issuer check them */
+
+static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
+{
+    int ret;
+    ret = X509_check_issued(issuer, x);
+    if (ret == X509_V_OK)
+        return 1;
+    /* If we haven't asked for issuer errors don't set ctx */
+    if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK))
+        return 0;
+
+    ctx->error = ret;
+    ctx->current_cert = x;
+    ctx->current_issuer = issuer;
+    return ctx->verify_cb(0, ctx);
+    return 0;
+}
+
+/* Alternative lookup method: look from a STACK stored in other_ctx */
+
+static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
+{
+    *issuer = find_issuer(ctx, ctx->other_ctx, x);
+    if (*issuer) {
+        CRYPTO_add(&(*issuer)->references, 1, CRYPTO_LOCK_X509);
+        return 1;
+    } else
+        return 0;
+}
+
+/*
+ * Check a certificate chains extensions for consistency with the supplied
+ * purpose
+ */
+
+static int check_chain_extensions(X509_STORE_CTX *ctx)
+{
+#ifdef OPENSSL_NO_CHAIN_VERIFY
+    return 1;
+#else
+    int i, ok = 0, must_be_ca, plen = 0;
+    X509 *x;
+    int (*cb) (int xok, X509_STORE_CTX *xctx);
+    int proxy_path_length = 0;
+    int purpose;
+    int allow_proxy_certs;
+    cb = ctx->verify_cb;
+
+    /*-
+     *  must_be_ca can have 1 of 3 values:
+     * -1: we accept both CA and non-CA certificates, to allow direct
+     *     use of self-signed certificates (which are marked as CA).
+     * 0:  we only accept non-CA certificates.  This is currently not
+     *     used, but the possibility is present for future extensions.
+     * 1:  we only accept CA certificates.  This is currently used for
+     *     all certificates in the chain except the leaf certificate.
+     */
+    must_be_ca = -1;
+
+    /* CRL path validation */
+    if (ctx->parent) {
+        allow_proxy_certs = 0;
+        purpose = X509_PURPOSE_CRL_SIGN;
+    } else {
+        allow_proxy_certs =
+            ! !(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
+        /*
+         * A hack to keep people who don't want to modify their software
+         * happy
+         */
+        if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
+            allow_proxy_certs = 1;
+        purpose = ctx->param->purpose;
+    }
+
+    /* Check all untrusted certificates */
+    for (i = 0; i < ctx->last_untrusted; i++) {
+        int ret;
+        x = sk_X509_value(ctx->chain, i);
+        if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
+            && (x->ex_flags & EXFLAG_CRITICAL)) {
+            ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;
+            ctx->error_depth = i;
+            ctx->current_cert = x;
+            ok = cb(0, ctx);
+            if (!ok)
+                goto end;
+        }
+        if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) {
+            ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED;
+            ctx->error_depth = i;
+            ctx->current_cert = x;
+            ok = cb(0, ctx);
+            if (!ok)
+                goto end;
+        }
+        ret = X509_check_ca(x);
+        switch (must_be_ca) {
+        case -1:
+            if ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
+                && (ret != 1) && (ret != 0)) {
+                ret = 0;
+                ctx->error = X509_V_ERR_INVALID_CA;
+            } else
+                ret = 1;
+            break;
+        case 0:
+            if (ret != 0) {
+                ret = 0;
+                ctx->error = X509_V_ERR_INVALID_NON_CA;
+            } else
+                ret = 1;
+            break;
+        default:
+            if ((ret == 0)
+                || ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
+                    && (ret != 1))) {
+                ret = 0;
+                ctx->error = X509_V_ERR_INVALID_CA;
+            } else
+                ret = 1;
+            break;
+        }
+        if (ret == 0) {
+            ctx->error_depth = i;
+            ctx->current_cert = x;
+            ok = cb(0, ctx);
+            if (!ok)
+                goto end;
+        }
+        if (ctx->param->purpose > 0) {
+            ret = X509_check_purpose(x, purpose, must_be_ca > 0);
+            if ((ret == 0)
+                || ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
+                    && (ret != 1))) {
+                ctx->error = X509_V_ERR_INVALID_PURPOSE;
+                ctx->error_depth = i;
+                ctx->current_cert = x;
+                ok = cb(0, ctx);
+                if (!ok)
+                    goto end;
+            }
+        }
+        /* Check pathlen if not self issued */
+        if ((i > 1) && !(x->ex_flags & EXFLAG_SI)
+            && (x->ex_pathlen != -1)
+            && (plen > (x->ex_pathlen + proxy_path_length + 1))) {
+            ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
+            ctx->error_depth = i;
+            ctx->current_cert = x;
+            ok = cb(0, ctx);
+            if (!ok)
+                goto end;
+        }
+        /* Increment path length if not self issued */
+        if (!(x->ex_flags & EXFLAG_SI))
+            plen++;
+        /*
+         * If this certificate is a proxy certificate, the next certificate
+         * must be another proxy certificate or a EE certificate.  If not,
+         * the next certificate must be a CA certificate.
+         */
+        if (x->ex_flags & EXFLAG_PROXY) {
+            /*
+             * RFC3820, 4.1.3 (b)(1) stipulates that if pCPathLengthConstraint
+             * is less than max_path_length, the former should be copied to
+             * the latter, and 4.1.4 (a) stipulates that max_path_length
+             * should be verified to be larger than zero and decrement it.
+             *
+             * Because we're checking the certs in the reverse order, we start
+             * with verifying that proxy_path_length isn't larger than pcPLC,
+             * and copy the latter to the former if it is, and finally,
+             * increment proxy_path_length.
+             */
+            if (x->ex_pcpathlen != -1) {
+                if (proxy_path_length > x->ex_pcpathlen) {
+                    ctx->error = X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED;
+                    ctx->error_depth = i;
+                    ctx->current_cert = x;
+                    ok = cb(0, ctx);
+                    if (!ok)
+                        goto end;
+                }
+                proxy_path_length = x->ex_pcpathlen;
+            }
+            proxy_path_length++;
+            must_be_ca = 0;
+        } else
+            must_be_ca = 1;
+    }
+    ok = 1;
+ end:
+    return ok;
+#endif
+}
+
+static int check_name_constraints(X509_STORE_CTX *ctx)
+{
+    X509 *x;
+    int i, j, rv;
+    /* Check name constraints for all certificates */
+    for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) {
+        x = sk_X509_value(ctx->chain, i);
+        /* Ignore self issued certs unless last in chain */
+        if (i && (x->ex_flags & EXFLAG_SI))
+            continue;
+
+        /*
+         * Proxy certificates policy has an extra constraint, where the
+         * certificate subject MUST be the issuer with a single CN entry
+         * added.
+         * (RFC 3820: 3.4, 4.1.3 (a)(4))
+         */
+        if (x->ex_flags & EXFLAG_PROXY) {
+            X509_NAME *tmpsubject = X509_get_subject_name(x);
+            X509_NAME *tmpissuer = X509_get_issuer_name(x);
+            X509_NAME_ENTRY *tmpentry = NULL;
+            int last_object_nid = 0;
+            int err = X509_V_OK;
+            int last_object_loc = X509_NAME_entry_count(tmpsubject) - 1;
+
+            /* Check that there are at least two RDNs */
+            if (last_object_loc < 1) {
+                err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION;
+                goto proxy_name_done;
+            }
+
+            /*
+             * Check that there is exactly one more RDN in subject as
+             * there is in issuer.
+             */
+            if (X509_NAME_entry_count(tmpsubject)
+                != X509_NAME_entry_count(tmpissuer) + 1) {
+                err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION;
+                goto proxy_name_done;
+            }
+
+            /*
+             * Check that the last subject component isn't part of a
+             * multivalued RDN
+             */
+            if (X509_NAME_get_entry(tmpsubject, last_object_loc)->set
+                == X509_NAME_get_entry(tmpsubject, last_object_loc - 1)->set) {
+                err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION;
+                goto proxy_name_done;
+            }
+
+            /*
+             * Check that the last subject RDN is a commonName, and that
+             * all the previous RDNs match the issuer exactly
+             */
+            tmpsubject = X509_NAME_dup(tmpsubject);
+            if (tmpsubject == NULL) {
+                X509err(X509_F_CHECK_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
+                ctx->error = X509_V_ERR_OUT_OF_MEM;
+                return 0;
+            }
+
+            tmpentry =
+                X509_NAME_delete_entry(tmpsubject, last_object_loc);
+            last_object_nid =
+                OBJ_obj2nid(X509_NAME_ENTRY_get_object(tmpentry));
+
+            if (last_object_nid != NID_commonName
+                || X509_NAME_cmp(tmpsubject, tmpissuer) != 0) {
+                err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION;
+            }
+
+            X509_NAME_ENTRY_free(tmpentry);
+            X509_NAME_free(tmpsubject);
+
+         proxy_name_done:
+            if (err != X509_V_OK) {
+                ctx->error = err;
+                ctx->error_depth = i;
+                ctx->current_cert = x;
+                if (!ctx->verify_cb(0, ctx))
+                    return 0;
+            }
+        }
+
+        /*
+         * Check against constraints for all certificates higher in chain
+         * including trust anchor. Trust anchor not strictly speaking needed
+         * but if it includes constraints it is to be assumed it expects them
+         * to be obeyed.
+         */
+        for (j = sk_X509_num(ctx->chain) - 1; j > i; j--) {
+            NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc;
+            if (nc) {
+                rv = NAME_CONSTRAINTS_check(x, nc);
+                switch (rv) {
+                case X509_V_OK:
+                    continue;
+                case X509_V_ERR_OUT_OF_MEM:
+                    ctx->error = rv;
+                    return 0;
+                default:
+                    ctx->error = rv;
+                    ctx->error_depth = i;
+                    ctx->current_cert = x;
+                    if (!ctx->verify_cb(0, ctx))
+                        return 0;
+                    break;
+                }
+            }
+        }
+    }
+    return 1;
+}
+
+static int check_trust(X509_STORE_CTX *ctx)
+{
+#ifdef OPENSSL_NO_CHAIN_VERIFY
+    return 1;
+#else
+    int i, ok;
+    X509 *x;
+    int (*cb) (int xok, X509_STORE_CTX *xctx);
+    cb = ctx->verify_cb;
+/* For now just check the last certificate in the chain */
+    i = sk_X509_num(ctx->chain) - 1;
+    x = sk_X509_value(ctx->chain, i);
+    ok = X509_check_trust(x, ctx->param->trust, 0);
+    if (ok == X509_TRUST_TRUSTED)
+        return 1;
+    ctx->error_depth = i;
+    ctx->current_cert = x;
+    if (ok == X509_TRUST_REJECTED)
+        ctx->error = X509_V_ERR_CERT_REJECTED;
+    else
+        ctx->error = X509_V_ERR_CERT_UNTRUSTED;
+    ok = cb(0, ctx);
+    return ok;
+#endif
+}
+
+static int check_revocation(X509_STORE_CTX *ctx)
+{
+    int i, last, ok;
+    if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK))
+        return 1;
+    if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL)
+        last = sk_X509_num(ctx->chain) - 1;
+    else {
+        /* If checking CRL paths this isn't the EE certificate */
+        if (ctx->parent)
+            return 1;
+        last = 0;
+    }
+    for (i = 0; i <= last; i++) {
+        ctx->error_depth = i;
+        ok = check_cert(ctx);
+        if (!ok)
+            return ok;
+    }
+    return 1;
+}
+
+static int check_cert(X509_STORE_CTX *ctx)
+{
+    X509_CRL *crl = NULL, *dcrl = NULL;
+    X509 *x;
+    int ok, cnum;
+    unsigned int last_reasons;
+    cnum = ctx->error_depth;
+    x = sk_X509_value(ctx->chain, cnum);
+    ctx->current_cert = x;
+    ctx->current_issuer = NULL;
+    ctx->current_crl_score = 0;
+    ctx->current_reasons = 0;
+    while (ctx->current_reasons != CRLDP_ALL_REASONS) {
+        last_reasons = ctx->current_reasons;
+        /* Try to retrieve relevant CRL */
+        if (ctx->get_crl)
+            ok = ctx->get_crl(ctx, &crl, x);
+        else
+            ok = get_crl_delta(ctx, &crl, &dcrl, x);
+        /*
+         * If error looking up CRL, nothing we can do except notify callback
+         */
+        if (!ok) {
+            ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
+            ok = ctx->verify_cb(0, ctx);
+            goto err;
+        }
+        ctx->current_crl = crl;
+        ok = ctx->check_crl(ctx, crl);
+        if (!ok)
+            goto err;
+
+        if (dcrl) {
+            ok = ctx->check_crl(ctx, dcrl);
+            if (!ok)
+                goto err;
+            ok = ctx->cert_crl(ctx, dcrl, x);
+            if (!ok)
+                goto err;
+        } else
+            ok = 1;
+
+        /* Don't look in full CRL if delta reason is removefromCRL */
+        if (ok != 2) {
+            ok = ctx->cert_crl(ctx, crl, x);
+            if (!ok)
+                goto err;
+        }
+
+        X509_CRL_free(crl);
+        X509_CRL_free(dcrl);
+        crl = NULL;
+        dcrl = NULL;
+        /*
+         * If reasons not updated we wont get anywhere by another iteration,
+         * so exit loop.
+         */
+        if (last_reasons == ctx->current_reasons) {
+            ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
+            ok = ctx->verify_cb(0, ctx);
+            goto err;
+        }
+    }
+ err:
+    X509_CRL_free(crl);
+    X509_CRL_free(dcrl);
+
+    ctx->current_crl = NULL;
+    return ok;
+
+}
+
+/* Check CRL times against values in X509_STORE_CTX */
+
+static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
+{
+    time_t *ptime;
+    int i;
+    if (notify)
+        ctx->current_crl = crl;
+    if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
+        ptime = &ctx->param->check_time;
+    else
+        ptime = NULL;
+
+    i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);
+    if (i == 0) {
+        if (!notify)
+            return 0;
+        ctx->error = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
+        if (!ctx->verify_cb(0, ctx))
+            return 0;
+    }
+
+    if (i > 0) {
+        if (!notify)
+            return 0;
+        ctx->error = X509_V_ERR_CRL_NOT_YET_VALID;
+        if (!ctx->verify_cb(0, ctx))
+            return 0;
+    }
+
+    if (X509_CRL_get_nextUpdate(crl)) {
+        i = X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime);
+
+        if (i == 0) {
+            if (!notify)
+                return 0;
+            ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
+            if (!ctx->verify_cb(0, ctx))
+                return 0;
+        }
+        /* Ignore expiry of base CRL is delta is valid */
+        if ((i < 0) && !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA)) {
+            if (!notify)
+                return 0;
+            ctx->error = X509_V_ERR_CRL_HAS_EXPIRED;
+            if (!ctx->verify_cb(0, ctx))
+                return 0;
+        }
+    }
+
+    if (notify)
+        ctx->current_crl = NULL;
+
+    return 1;
+}
+
+static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
+                      X509 **pissuer, int *pscore, unsigned int *preasons,
+                      STACK_OF(X509_CRL) *crls)
+{
+    int i, crl_score, best_score = *pscore;
+    unsigned int reasons, best_reasons = 0;
+    X509 *x = ctx->current_cert;
+    X509_CRL *crl, *best_crl = NULL;
+    X509 *crl_issuer = NULL, *best_crl_issuer = NULL;
+
+    for (i = 0; i < sk_X509_CRL_num(crls); i++) {
+        crl = sk_X509_CRL_value(crls, i);
+        reasons = *preasons;
+        crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x);
+
+        if (crl_score > best_score) {
+            best_crl = crl;
+            best_crl_issuer = crl_issuer;
+            best_score = crl_score;
+            best_reasons = reasons;
+        }
+    }
+
+    if (best_crl) {
+        if (*pcrl)
+            X509_CRL_free(*pcrl);
+        *pcrl = best_crl;
+        *pissuer = best_crl_issuer;
+        *pscore = best_score;
+        *preasons = best_reasons;
+        CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509_CRL);
+        if (*pdcrl) {
+            X509_CRL_free(*pdcrl);
+            *pdcrl = NULL;
+        }
+        get_delta_sk(ctx, pdcrl, pscore, best_crl, crls);
+    }
+
+    if (best_score >= CRL_SCORE_VALID)
+        return 1;
+
+    return 0;
+}
+
+/*
+ * Compare two CRL extensions for delta checking purposes. They should be
+ * both present or both absent. If both present all fields must be identical.
+ */
+
+static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid)
+{
+    ASN1_OCTET_STRING *exta, *extb;
+    int i;
+    i = X509_CRL_get_ext_by_NID(a, nid, -1);
+    if (i >= 0) {
+        /* Can't have multiple occurrences */
+        if (X509_CRL_get_ext_by_NID(a, nid, i) != -1)
+            return 0;
+        exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i));
+    } else
+        exta = NULL;
+
+    i = X509_CRL_get_ext_by_NID(b, nid, -1);
+
+    if (i >= 0) {
+
+        if (X509_CRL_get_ext_by_NID(b, nid, i) != -1)
+            return 0;
+        extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i));
+    } else
+        extb = NULL;
+
+    if (!exta && !extb)
+        return 1;
+
+    if (!exta || !extb)
+        return 0;
+
+    if (ASN1_OCTET_STRING_cmp(exta, extb))
+        return 0;
+
+    return 1;
+}
+
+/* See if a base and delta are compatible */
+
+static int check_delta_base(X509_CRL *delta, X509_CRL *base)
+{
+    /* Delta CRL must be a delta */
+    if (!delta->base_crl_number)
+        return 0;
+    /* Base must have a CRL number */
+    if (!base->crl_number)
+        return 0;
+    /* Issuer names must match */
+    if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(delta)))
+        return 0;
+    /* AKID and IDP must match */
+    if (!crl_extension_match(delta, base, NID_authority_key_identifier))
+        return 0;
+    if (!crl_extension_match(delta, base, NID_issuing_distribution_point))
+        return 0;
+    /* Delta CRL base number must not exceed Full CRL number. */
+    if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0)
+        return 0;
+    /* Delta CRL number must exceed full CRL number */
+    if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0)
+        return 1;
+    return 0;
+}
+
+/*
+ * For a given base CRL find a delta... maybe extend to delta scoring or
+ * retrieve a chain of deltas...
+ */
+
+static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore,
+                         X509_CRL *base, STACK_OF(X509_CRL) *crls)
+{
+    X509_CRL *delta;
+    int i;
+    if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS))
+        return;
+    if (!((ctx->current_cert->ex_flags | base->flags) & EXFLAG_FRESHEST))
+        return;
+    for (i = 0; i < sk_X509_CRL_num(crls); i++) {
+        delta = sk_X509_CRL_value(crls, i);
+        if (check_delta_base(delta, base)) {
+            if (check_crl_time(ctx, delta, 0))
+                *pscore |= CRL_SCORE_TIME_DELTA;
+            CRYPTO_add(&delta->references, 1, CRYPTO_LOCK_X509_CRL);
+            *dcrl = delta;
+            return;
+        }
+    }
+    *dcrl = NULL;
+}
+
+/*
+ * For a given CRL return how suitable it is for the supplied certificate
+ * 'x'. The return value is a mask of several criteria. If the issuer is not
+ * the certificate issuer this is returned in *pissuer. The reasons mask is
+ * also used to determine if the CRL is suitable: if no new reasons the CRL
+ * is rejected, otherwise reasons is updated.
+ */
+
+static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
+                         unsigned int *preasons, X509_CRL *crl, X509 *x)
+{
+
+    int crl_score = 0;
+    unsigned int tmp_reasons = *preasons, crl_reasons;
+
+    /* First see if we can reject CRL straight away */
+
+    /* Invalid IDP cannot be processed */
+    if (crl->idp_flags & IDP_INVALID)
+        return 0;
+    /* Reason codes or indirect CRLs need extended CRL support */
+    if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) {
+        if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS))
+            return 0;
+    } else if (crl->idp_flags & IDP_REASONS) {
+        /* If no new reasons reject */
+        if (!(crl->idp_reasons & ~tmp_reasons))
+            return 0;
+    }
+    /* Don't process deltas at this stage */
+    else if (crl->base_crl_number)
+        return 0;
+    /* If issuer name doesn't match certificate need indirect CRL */
+    if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl))) {
+        if (!(crl->idp_flags & IDP_INDIRECT))
+            return 0;
+    } else
+        crl_score |= CRL_SCORE_ISSUER_NAME;
+
+    if (!(crl->flags & EXFLAG_CRITICAL))
+        crl_score |= CRL_SCORE_NOCRITICAL;
+
+    /* Check expiry */
+    if (check_crl_time(ctx, crl, 0))
+        crl_score |= CRL_SCORE_TIME;
+
+    /* Check authority key ID and locate certificate issuer */
+    crl_akid_check(ctx, crl, pissuer, &crl_score);
+
+    /* If we can't locate certificate issuer at this point forget it */
+
+    if (!(crl_score & CRL_SCORE_AKID))
+        return 0;
+
+    /* Check cert for matching CRL distribution points */
+
+    if (crl_crldp_check(x, crl, crl_score, &crl_reasons)) {
+        /* If no new reasons reject */
+        if (!(crl_reasons & ~tmp_reasons))
+            return 0;
+        tmp_reasons |= crl_reasons;
+        crl_score |= CRL_SCORE_SCOPE;
+    }
+
+    *preasons = tmp_reasons;
+
+    return crl_score;
+
+}
+
+static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl,
+                           X509 **pissuer, int *pcrl_score)
+{
+    X509 *crl_issuer = NULL;
+    X509_NAME *cnm = X509_CRL_get_issuer(crl);
+    int cidx = ctx->error_depth;
+    int i;
+
+    if (cidx != sk_X509_num(ctx->chain) - 1)
+        cidx++;
+
+    crl_issuer = sk_X509_value(ctx->chain, cidx);
+
+    if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
+        if (*pcrl_score & CRL_SCORE_ISSUER_NAME) {
+            *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_ISSUER_CERT;
+            *pissuer = crl_issuer;
+            return;
+        }
+    }
+
+    for (cidx++; cidx < sk_X509_num(ctx->chain); cidx++) {
+        crl_issuer = sk_X509_value(ctx->chain, cidx);
+        if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
+            continue;
+        if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
+            *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_SAME_PATH;
+            *pissuer = crl_issuer;
+            return;
+        }
+    }
+
+    /* Anything else needs extended CRL support */
+
+    if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT))
+        return;
+
+    /*
+     * Otherwise the CRL issuer is not on the path. Look for it in the set of
+     * untrusted certificates.
+     */
+    for (i = 0; i < sk_X509_num(ctx->untrusted); i++) {
+        crl_issuer = sk_X509_value(ctx->untrusted, i);
+        if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
+            continue;
+        if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
+            *pissuer = crl_issuer;
+            *pcrl_score |= CRL_SCORE_AKID;
+            return;
+        }
+    }
+}
+
+/*
+ * Check the path of a CRL issuer certificate. This creates a new
+ * X509_STORE_CTX and populates it with most of the parameters from the
+ * parent. This could be optimised somewhat since a lot of path checking will
+ * be duplicated by the parent, but this will rarely be used in practice.
+ */
+
+static int check_crl_path(X509_STORE_CTX *ctx, X509 *x)
+{
+    X509_STORE_CTX crl_ctx;
+    int ret;
+    /* Don't allow recursive CRL path validation */
+    if (ctx->parent)
+        return 0;
+    if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted))
+        return -1;
+
+    crl_ctx.crls = ctx->crls;
+    /* Copy verify params across */
+    X509_STORE_CTX_set0_param(&crl_ctx, ctx->param);
+
+    crl_ctx.parent = ctx;
+    crl_ctx.verify_cb = ctx->verify_cb;
+
+    /* Verify CRL issuer */
+    ret = X509_verify_cert(&crl_ctx);
+
+    if (ret <= 0)
+        goto err;
+
+    /* Check chain is acceptable */
+
+    ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain);
+ err:
+    X509_STORE_CTX_cleanup(&crl_ctx);
+    return ret;
+}
+
+/*
+ * RFC3280 says nothing about the relationship between CRL path and
+ * certificate path, which could lead to situations where a certificate could
+ * be revoked or validated by a CA not authorised to do so. RFC5280 is more
+ * strict and states that the two paths must end in the same trust anchor,
+ * though some discussions remain... until this is resolved we use the
+ * RFC5280 version
+ */
+
+static int check_crl_chain(X509_STORE_CTX *ctx,
+                           STACK_OF(X509) *cert_path,
+                           STACK_OF(X509) *crl_path)
+{
+    X509 *cert_ta, *crl_ta;
+    cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - 1);
+    crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - 1);
+    if (!X509_cmp(cert_ta, crl_ta))
+        return 1;
+    return 0;
+}
+
+/*-
+ * Check for match between two dist point names: three separate cases.
+ * 1. Both are relative names and compare X509_NAME types.
+ * 2. One full, one relative. Compare X509_NAME to GENERAL_NAMES.
+ * 3. Both are full names and compare two GENERAL_NAMES.
+ * 4. One is NULL: automatic match.
+ */
+
+static int idp_check_dp(DIST_POINT_NAME *a, DIST_POINT_NAME *b)
+{
+    X509_NAME *nm = NULL;
+    GENERAL_NAMES *gens = NULL;
+    GENERAL_NAME *gena, *genb;
+    int i, j;
+    if (!a || !b)
+        return 1;
+    if (a->type == 1) {
+        if (!a->dpname)
+            return 0;
+        /* Case 1: two X509_NAME */
+        if (b->type == 1) {
+            if (!b->dpname)
+                return 0;
+            if (!X509_NAME_cmp(a->dpname, b->dpname))
+                return 1;
+            else
+                return 0;
+        }
+        /* Case 2: set name and GENERAL_NAMES appropriately */
+        nm = a->dpname;
+        gens = b->name.fullname;
+    } else if (b->type == 1) {
+        if (!b->dpname)
+            return 0;
+        /* Case 2: set name and GENERAL_NAMES appropriately */
+        gens = a->name.fullname;
+        nm = b->dpname;
+    }
+
+    /* Handle case 2 with one GENERAL_NAMES and one X509_NAME */
+    if (nm) {
+        for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+            gena = sk_GENERAL_NAME_value(gens, i);
+            if (gena->type != GEN_DIRNAME)
+                continue;
+            if (!X509_NAME_cmp(nm, gena->d.directoryName))
+                return 1;
+        }
+        return 0;
+    }
+
+    /* Else case 3: two GENERAL_NAMES */
+
+    for (i = 0; i < sk_GENERAL_NAME_num(a->name.fullname); i++) {
+        gena = sk_GENERAL_NAME_value(a->name.fullname, i);
+        for (j = 0; j < sk_GENERAL_NAME_num(b->name.fullname); j++) {
+            genb = sk_GENERAL_NAME_value(b->name.fullname, j);
+            if (!GENERAL_NAME_cmp(gena, genb))
+                return 1;
+        }
+    }
+
+    return 0;
+
+}
+
+static int crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score)
+{
+    int i;
+    X509_NAME *nm = X509_CRL_get_issuer(crl);
+    /* If no CRLissuer return is successful iff don't need a match */
+    if (!dp->CRLissuer)
+        return ! !(crl_score & CRL_SCORE_ISSUER_NAME);
+    for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) {
+        GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
+        if (gen->type != GEN_DIRNAME)
+            continue;
+        if (!X509_NAME_cmp(gen->d.directoryName, nm))
+            return 1;
+    }
+    return 0;
+}
+
+/* Check CRLDP and IDP */
+
+static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
+                           unsigned int *preasons)
+{
+    int i;
+    if (crl->idp_flags & IDP_ONLYATTR)
+        return 0;
+    if (x->ex_flags & EXFLAG_CA) {
+        if (crl->idp_flags & IDP_ONLYUSER)
+            return 0;
+    } else {
+        if (crl->idp_flags & IDP_ONLYCA)
+            return 0;
+    }
+    *preasons = crl->idp_reasons;
+    for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) {
+        DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, i);
+        if (crldp_check_crlissuer(dp, crl, crl_score)) {
+            if (!crl->idp || idp_check_dp(dp->distpoint, crl->idp->distpoint)) {
+                *preasons &= dp->dp_reasons;
+                return 1;
+            }
+        }
+    }
+    if ((!crl->idp || !crl->idp->distpoint)
+        && (crl_score & CRL_SCORE_ISSUER_NAME))
+        return 1;
+    return 0;
+}
+
+/*
+ * Retrieve CRL corresponding to current certificate. If deltas enabled try
+ * to find a delta CRL too
+ */
+
+static int get_crl_delta(X509_STORE_CTX *ctx,
+                         X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x)
+{
+    int ok;
+    X509 *issuer = NULL;
+    int crl_score = 0;
+    unsigned int reasons;
+    X509_CRL *crl = NULL, *dcrl = NULL;
+    STACK_OF(X509_CRL) *skcrl;
+    X509_NAME *nm = X509_get_issuer_name(x);
+    reasons = ctx->current_reasons;
+    ok = get_crl_sk(ctx, &crl, &dcrl,
+                    &issuer, &crl_score, &reasons, ctx->crls);
+
+    if (ok)
+        goto done;
+
+    /* Lookup CRLs from store */
+
+    skcrl = ctx->lookup_crls(ctx, nm);
+
+    /* If no CRLs found and a near match from get_crl_sk use that */
+    if (!skcrl && crl)
+        goto done;
+
+    get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl);
+
+    sk_X509_CRL_pop_free(skcrl, X509_CRL_free);
+
+ done:
+
+    /* If we got any kind of CRL use it and return success */
+    if (crl) {
+        ctx->current_issuer = issuer;
+        ctx->current_crl_score = crl_score;
+        ctx->current_reasons = reasons;
+        *pcrl = crl;
+        *pdcrl = dcrl;
+        return 1;
+    }
+
+    return 0;
+}
+
+/* Check CRL validity */
+static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
+{
+    X509 *issuer = NULL;
+    EVP_PKEY *ikey = NULL;
+    int ok = 0, chnum, cnum;
+    cnum = ctx->error_depth;
+    chnum = sk_X509_num(ctx->chain) - 1;
+    /* if we have an alternative CRL issuer cert use that */
+    if (ctx->current_issuer)
+        issuer = ctx->current_issuer;
+
+    /*
+     * Else find CRL issuer: if not last certificate then issuer is next
+     * certificate in chain.
+     */
+    else if (cnum < chnum)
+        issuer = sk_X509_value(ctx->chain, cnum + 1);
+    else {
+        issuer = sk_X509_value(ctx->chain, chnum);
+        /* If not self signed, can't check signature */
+        if (!ctx->check_issued(ctx, issuer, issuer)) {
+            ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
+            ok = ctx->verify_cb(0, ctx);
+            if (!ok)
+                goto err;
+        }
+    }
+
+    if (issuer) {
+        /*
+         * Skip most tests for deltas because they have already been done
+         */
+        if (!crl->base_crl_number) {
+            /* Check for cRLSign bit if keyUsage present */
+            if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
+                !(issuer->ex_kusage & KU_CRL_SIGN)) {
+                ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
+                ok = ctx->verify_cb(0, ctx);
+                if (!ok)
+                    goto err;
+            }
+
+            if (!(ctx->current_crl_score & CRL_SCORE_SCOPE)) {
+                ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE;
+                ok = ctx->verify_cb(0, ctx);
+                if (!ok)
+                    goto err;
+            }
+
+            if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH)) {
+                if (check_crl_path(ctx, ctx->current_issuer) <= 0) {
+                    ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR;
+                    ok = ctx->verify_cb(0, ctx);
+                    if (!ok)
+                        goto err;
+                }
+            }
+
+            if (crl->idp_flags & IDP_INVALID) {
+                ctx->error = X509_V_ERR_INVALID_EXTENSION;
+                ok = ctx->verify_cb(0, ctx);
+                if (!ok)
+                    goto err;
+            }
+
+        }
+
+        if (!(ctx->current_crl_score & CRL_SCORE_TIME)) {
+            ok = check_crl_time(ctx, crl, 1);
+            if (!ok)
+                goto err;
+        }
+
+        /* Attempt to get issuer certificate public key */
+        ikey = X509_get_pubkey(issuer);
+
+        if (!ikey) {
+            ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
+            ok = ctx->verify_cb(0, ctx);
+            if (!ok)
+                goto err;
+        } else {
+            /* Verify CRL signature */
+            if (X509_CRL_verify(crl, ikey) <= 0) {
+                ctx->error = X509_V_ERR_CRL_SIGNATURE_FAILURE;
+                ok = ctx->verify_cb(0, ctx);
+                if (!ok)
+                    goto err;
+            }
+        }
+    }
+
+    ok = 1;
+
+ err:
+    EVP_PKEY_free(ikey);
+    return ok;
+}
+
+/* Check certificate against CRL */
+static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
+{
+    int ok;
+    X509_REVOKED *rev;
+    /*
+     * The rules changed for this... previously if a CRL contained unhandled
+     * critical extensions it could still be used to indicate a certificate
+     * was revoked. This has since been changed since critical extension can
+     * change the meaning of CRL entries.
+     */
+    if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
+        && (crl->flags & EXFLAG_CRITICAL)) {
+        ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
+        ok = ctx->verify_cb(0, ctx);
+        if (!ok)
+            return 0;
+    }
+    /*
+     * Look for serial number of certificate in CRL If found make sure reason
+     * is not removeFromCRL.
+     */
+    if (X509_CRL_get0_by_cert(crl, &rev, x)) {
+        if (rev->reason == CRL_REASON_REMOVE_FROM_CRL)
+            return 2;
+        ctx->error = X509_V_ERR_CERT_REVOKED;
+        ok = ctx->verify_cb(0, ctx);
+        if (!ok)
+            return 0;
+    }
+
+    return 1;
+}
+
+static int check_policy(X509_STORE_CTX *ctx)
+{
+    int ret;
+    if (ctx->parent)
+        return 1;
+    ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
+                            ctx->param->policies, ctx->param->flags);
+    if (ret == 0) {
+        X509err(X509_F_CHECK_POLICY, ERR_R_MALLOC_FAILURE);
+        ctx->error = X509_V_ERR_OUT_OF_MEM;
+        return 0;
+    }
+    /* Invalid or inconsistent extensions */
+    if (ret == -1) {
+        /*
+         * Locate certificates with bad extensions and notify callback.
+         */
+        X509 *x;
+        int i;
+        for (i = 1; i < sk_X509_num(ctx->chain); i++) {
+            x = sk_X509_value(ctx->chain, i);
+            if (!(x->ex_flags & EXFLAG_INVALID_POLICY))
+                continue;
+            ctx->current_cert = x;
+            ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION;
+            if (!ctx->verify_cb(0, ctx))
+                return 0;
+        }
+        return 1;
+    }
+    if (ret == -2) {
+        ctx->current_cert = NULL;
+        ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY;
+        return ctx->verify_cb(0, ctx);
+    }
+
+    if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) {
+        ctx->current_cert = NULL;
+        /*
+         * Verification errors need to be "sticky", a callback may have allowed
+         * an SSL handshake to continue despite an error, and we must then
+         * remain in an error state.  Therefore, we MUST NOT clear earlier
+         * verification errors by setting the error to X509_V_OK.
+         */
+        if (!ctx->verify_cb(2, ctx))
+            return 0;
+    }
+
+    return 1;
+}
+
+static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
+{
+    time_t *ptime;
+    int i;
+
+    if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
+        ptime = &ctx->param->check_time;
+    else
+        ptime = NULL;
+
+    i = X509_cmp_time(X509_get_notBefore(x), ptime);
+    if (i == 0) {
+        ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
+        ctx->current_cert = x;
+        if (!ctx->verify_cb(0, ctx))
+            return 0;
+    }
+
+    if (i > 0) {
+        ctx->error = X509_V_ERR_CERT_NOT_YET_VALID;
+        ctx->current_cert = x;
+        if (!ctx->verify_cb(0, ctx))
+            return 0;
+    }
+
+    i = X509_cmp_time(X509_get_notAfter(x), ptime);
+    if (i == 0) {
+        ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
+        ctx->current_cert = x;
+        if (!ctx->verify_cb(0, ctx))
+            return 0;
+    }
+
+    if (i < 0) {
+        ctx->error = X509_V_ERR_CERT_HAS_EXPIRED;
+        ctx->current_cert = x;
+        if (!ctx->verify_cb(0, ctx))
+            return 0;
+    }
+
+    return 1;
+}
+
+static int internal_verify(X509_STORE_CTX *ctx)
+{
+    int ok = 0, n;
+    X509 *xs, *xi;
+    EVP_PKEY *pkey = NULL;
+    int (*cb) (int xok, X509_STORE_CTX *xctx);
+
+    cb = ctx->verify_cb;
+
+    n = sk_X509_num(ctx->chain);
+    ctx->error_depth = n - 1;
+    n--;
+    xi = sk_X509_value(ctx->chain, n);
+
+    if (ctx->check_issued(ctx, xi, xi))
+        xs = xi;
+    else {
+        if (n <= 0) {
+            ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
+            ctx->current_cert = xi;
+            ok = cb(0, ctx);
+            goto end;
+        } else {
+            n--;
+            ctx->error_depth = n;
+            xs = sk_X509_value(ctx->chain, n);
+        }
+    }
+
+/*      ctx->error=0;  not needed */
+    while (n >= 0) {
+        ctx->error_depth = n;
+
+        /*
+         * Skip signature check for self signed certificates unless
+         * explicitly asked for. It doesn't add any security and just wastes
+         * time.
+         */
+        if (!xs->valid
+            && (xs != xi
+                || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE))) {
+            if ((pkey = X509_get_pubkey(xi)) == NULL) {
+                ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
+                ctx->current_cert = xi;
+                ok = (*cb) (0, ctx);
+                if (!ok)
+                    goto end;
+            } else if (X509_verify(xs, pkey) <= 0) {
+                ctx->error = X509_V_ERR_CERT_SIGNATURE_FAILURE;
+                ctx->current_cert = xs;
+                ok = (*cb) (0, ctx);
+                if (!ok) {
+                    EVP_PKEY_free(pkey);
+                    goto end;
+                }
+            }
+            EVP_PKEY_free(pkey);
+            pkey = NULL;
+        }
+
+        xs->valid = 1;
+
+        ok = check_cert_time(ctx, xs);
+        if (!ok)
+            goto end;
+
+        /* The last error (if any) is still in the error value */
+        ctx->current_issuer = xi;
+        ctx->current_cert = xs;
+        ok = (*cb) (1, ctx);
+        if (!ok)
+            goto end;
+
+        n--;
+        if (n >= 0) {
+            xi = xs;
+            xs = sk_X509_value(ctx->chain, n);
+        }
+    }
+    ok = 1;
+ end:
+    return ok;
+}
+
+int X509_cmp_current_time(const ASN1_TIME *ctm)
+{
+    return X509_cmp_time(ctm, NULL);
+}
+
+int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time)
+{
+    char *str;
+    ASN1_TIME atm;
+    long offset;
+    char buff1[24], buff2[24], *p;
+    int i, j, remaining;
+
+    p = buff1;
+    remaining = ctm->length;
+    str = (char *)ctm->data;
+    /*
+     * Note that the following (historical) code allows much more slack in the
+     * time format than RFC5280. In RFC5280, the representation is fixed:
+     * UTCTime: YYMMDDHHMMSSZ
+     * GeneralizedTime: YYYYMMDDHHMMSSZ
+     */
+    if (ctm->type == V_ASN1_UTCTIME) {
+        /* YYMMDDHHMM[SS]Z or YYMMDDHHMM[SS](+-)hhmm */
+        int min_length = sizeof("YYMMDDHHMMZ") - 1;
+        int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1;
+        if (remaining < min_length || remaining > max_length)
+            return 0;
+        memcpy(p, str, 10);
+        p += 10;
+        str += 10;
+        remaining -= 10;
+    } else {
+        /* YYYYMMDDHHMM[SS[.fff]]Z or YYYYMMDDHHMM[SS[.f[f[f]]]](+-)hhmm */
+        int min_length = sizeof("YYYYMMDDHHMMZ") - 1;
+        int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1;
+        if (remaining < min_length || remaining > max_length)
+            return 0;
+        memcpy(p, str, 12);
+        p += 12;
+        str += 12;
+        remaining -= 12;
+    }
+
+    if ((*str == 'Z') || (*str == '-') || (*str == '+')) {
+        *(p++) = '0';
+        *(p++) = '0';
+    } else {
+        /* SS (seconds) */
+        if (remaining < 2)
+            return 0;
+        *(p++) = *(str++);
+        *(p++) = *(str++);
+        remaining -= 2;
+        /*
+         * Skip any (up to three) fractional seconds...
+         * TODO(emilia): in RFC5280, fractional seconds are forbidden.
+         * Can we just kill them altogether?
+         */
+        if (remaining && *str == '.') {
+            str++;
+            remaining--;
+            for (i = 0; i < 3 && remaining; i++, str++, remaining--) {
+                if (*str < '0' || *str > '9')
+                    break;
+            }
+        }
+
+    }
+    *(p++) = 'Z';
+    *(p++) = '\0';
+
+    /* We now need either a terminating 'Z' or an offset. */
+    if (!remaining)
+        return 0;
+    if (*str == 'Z') {
+        if (remaining != 1)
+            return 0;
+        offset = 0;
+    } else {
+        /* (+-)HHMM */
+        if ((*str != '+') && (*str != '-'))
+            return 0;
+        /* Historical behaviour: the (+-)hhmm offset is forbidden in RFC5280. */
+        if (remaining != 5)
+            return 0;
+        if (str[1] < '0' || str[1] > '9' || str[2] < '0' || str[2] > '9' ||
+            str[3] < '0' || str[3] > '9' || str[4] < '0' || str[4] > '9')
+            return 0;
+        offset = ((str[1] - '0') * 10 + (str[2] - '0')) * 60;
+        offset += (str[3] - '0') * 10 + (str[4] - '0');
+        if (*str == '-')
+            offset = -offset;
+    }
+    atm.type = ctm->type;
+    atm.flags = 0;
+    atm.length = sizeof(buff2);
+    atm.data = (unsigned char *)buff2;
+
+    if (X509_time_adj(&atm, offset * 60, cmp_time) == NULL)
+        return 0;
+
+    if (ctm->type == V_ASN1_UTCTIME) {
+        i = (buff1[0] - '0') * 10 + (buff1[1] - '0');
+        if (i < 50)
+            i += 100;           /* cf. RFC 2459 */
+        j = (buff2[0] - '0') * 10 + (buff2[1] - '0');
+        if (j < 50)
+            j += 100;
+
+        if (i < j)
+            return -1;
+        if (i > j)
+            return 1;
+    }
+    i = strcmp(buff1, buff2);
+    if (i == 0)                 /* wait a second then return younger :-) */
+        return -1;
+    else
+        return i;
+}
+
+ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
+{
+    return X509_time_adj(s, adj, NULL);
+}
+
+ASN1_TIME *X509_time_adj(ASN1_TIME *s, long offset_sec, time_t *in_tm)
+{
+    return X509_time_adj_ex(s, 0, offset_sec, in_tm);
+}
+
+ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s,
+                            int offset_day, long offset_sec, time_t *in_tm)
+{
+    time_t t;
+
+    if (in_tm)
+        t = *in_tm;
+    else
+        time(&t);
+
+    if (s && !(s->flags & ASN1_STRING_FLAG_MSTRING)) {
+        if (s->type == V_ASN1_UTCTIME)
+            return ASN1_UTCTIME_adj(s, t, offset_day, offset_sec);
+        if (s->type == V_ASN1_GENERALIZEDTIME)
+            return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec);
+    }
+    return ASN1_TIME_adj(s, t, offset_day, offset_sec);
+}
+
+int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
+{
+    EVP_PKEY *ktmp = NULL, *ktmp2;
+    int i, j;
+
+    if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey))
+        return 1;
+
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        ktmp = X509_get_pubkey(sk_X509_value(chain, i));
+        if (ktmp == NULL) {
+            X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,
+                    X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
+            return 0;
+        }
+        if (!EVP_PKEY_missing_parameters(ktmp))
+            break;
+        else {
+            EVP_PKEY_free(ktmp);
+            ktmp = NULL;
+        }
+    }
+    if (ktmp == NULL) {
+        X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,
+                X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);
+        return 0;
+    }
+
+    /* first, populate the other certs */
+    for (j = i - 1; j >= 0; j--) {
+        ktmp2 = X509_get_pubkey(sk_X509_value(chain, j));
+        EVP_PKEY_copy_parameters(ktmp2, ktmp);
+        EVP_PKEY_free(ktmp2);
+    }
+
+    if (pkey != NULL)
+        EVP_PKEY_copy_parameters(pkey, ktmp);
+    EVP_PKEY_free(ktmp);
+    return 1;
+}
+
+int X509_STORE_CTX_get_ex_new_index(long argl, void *argp,
+                                    CRYPTO_EX_new *new_func,
+                                    CRYPTO_EX_dup *dup_func,
+                                    CRYPTO_EX_free *free_func)
+{
+    /*
+     * This function is (usually) called only once, by
+     * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c).
+     */
+    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp,
+                                   new_func, dup_func, free_func);
+}
+
+int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
+{
+    return CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
+}
+
+void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)
+{
+    return CRYPTO_get_ex_data(&ctx->ex_data, idx);
+}
+
+int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
+{
+    return ctx->error;
+}
+
+void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
+{
+    ctx->error = err;
+}
+
+int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
+{
+    return ctx->error_depth;
+}
+
+X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
+{
+    return ctx->current_cert;
+}
+
+STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
+{
+    return ctx->chain;
+}
+
+STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
+{
+    int i;
+    X509 *x;
+    STACK_OF(X509) *chain;
+    if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain)))
+        return NULL;
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        x = sk_X509_value(chain, i);
+        CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+    }
+    return chain;
+}
+
+X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx)
+{
+    return ctx->current_issuer;
+}
+
+X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx)
+{
+    return ctx->current_crl;
+}
+
+X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx)
+{
+    return ctx->parent;
+}
+
+void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
+{
+    ctx->cert = x;
+}
+
+void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
+{
+    ctx->untrusted = sk;
+}
+
+void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk)
+{
+    ctx->crls = sk;
+}
+
+int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)
+{
+    return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
+}
+
+int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)
+{
+    return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
+}
+
+/*
+ * This function is used to set the X509_STORE_CTX purpose and trust values.
+ * This is intended to be used when another structure has its own trust and
+ * purpose values which (if set) will be inherited by the ctx. If they aren't
+ * set then we will usually have a default purpose in mind which should then
+ * be used to set the trust value. An example of this is SSL use: an SSL
+ * structure will have its own purpose and trust settings which the
+ * application can set: if they aren't set then we use the default of SSL
+ * client/server.
+ */
+
+int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
+                                   int purpose, int trust)
+{
+    int idx;
+    /* If purpose not set use default */
+    if (!purpose)
+        purpose = def_purpose;
+    /* If we have a purpose then check it is valid */
+    if (purpose) {
+        X509_PURPOSE *ptmp;
+        idx = X509_PURPOSE_get_by_id(purpose);
+        if (idx == -1) {
+            X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
+                    X509_R_UNKNOWN_PURPOSE_ID);
+            return 0;
+        }
+        ptmp = X509_PURPOSE_get0(idx);
+        if (ptmp->trust == X509_TRUST_DEFAULT) {
+            idx = X509_PURPOSE_get_by_id(def_purpose);
+            if (idx == -1) {
+                X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
+                        X509_R_UNKNOWN_PURPOSE_ID);
+                return 0;
+            }
+            ptmp = X509_PURPOSE_get0(idx);
+        }
+        /* If trust not set then get from purpose default */
+        if (!trust)
+            trust = ptmp->trust;
+    }
+    if (trust) {
+        idx = X509_TRUST_get_by_id(trust);
+        if (idx == -1) {
+            X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
+                    X509_R_UNKNOWN_TRUST_ID);
+            return 0;
+        }
+    }
+
+    if (purpose && !ctx->param->purpose)
+        ctx->param->purpose = purpose;
+    if (trust && !ctx->param->trust)
+        ctx->param->trust = trust;
+    return 1;
+}
+
+X509_STORE_CTX *X509_STORE_CTX_new(void)
+{
+    X509_STORE_CTX *ctx;
+    ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
+    if (!ctx) {
+        X509err(X509_F_X509_STORE_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    memset(ctx, 0, sizeof(X509_STORE_CTX));
+    return ctx;
+}
+
+void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
+{
+    if (!ctx)
+        return;
+    X509_STORE_CTX_cleanup(ctx);
+    OPENSSL_free(ctx);
+}
+
+int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
+                        STACK_OF(X509) *chain)
+{
+    int ret = 1;
+    ctx->ctx = store;
+    ctx->current_method = 0;
+    ctx->cert = x509;
+    ctx->untrusted = chain;
+    ctx->crls = NULL;
+    ctx->last_untrusted = 0;
+    ctx->other_ctx = NULL;
+    ctx->valid = 0;
+    ctx->chain = NULL;
+    ctx->error = 0;
+    ctx->explicit_policy = 0;
+    ctx->error_depth = 0;
+    ctx->current_cert = NULL;
+    ctx->current_issuer = NULL;
+    ctx->current_crl = NULL;
+    ctx->current_crl_score = 0;
+    ctx->current_reasons = 0;
+    ctx->tree = NULL;
+    ctx->parent = NULL;
+    /* Zero ex_data to make sure we're cleanup-safe */
+    memset(&ctx->ex_data, 0, sizeof(ctx->ex_data));
+
+    ctx->param = X509_VERIFY_PARAM_new();
+    if (!ctx->param) {
+        X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    /*
+     * Inherit callbacks and flags from X509_STORE if not set use defaults.
+     */
+    if (store)
+        ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
+    else
+        ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT | X509_VP_FLAG_ONCE;
+
+    if (store) {
+        ctx->verify_cb = store->verify_cb;
+        /* Seems to always be 0 in OpenSSL, else must be idempotent */
+        ctx->cleanup = store->cleanup;
+    } else
+        ctx->cleanup = 0;
+
+    if (ret)
+        ret = X509_VERIFY_PARAM_inherit(ctx->param,
+                                        X509_VERIFY_PARAM_lookup("default"));
+
+    if (ret == 0) {
+        X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (store && store->check_issued)
+        ctx->check_issued = store->check_issued;
+    else
+        ctx->check_issued = check_issued;
+
+    if (store && store->get_issuer)
+        ctx->get_issuer = store->get_issuer;
+    else
+        ctx->get_issuer = X509_STORE_CTX_get1_issuer;
+
+    if (store && store->verify_cb)
+        ctx->verify_cb = store->verify_cb;
+    else
+        ctx->verify_cb = null_callback;
+
+    if (store && store->verify)
+        ctx->verify = store->verify;
+    else
+        ctx->verify = internal_verify;
+
+    if (store && store->check_revocation)
+        ctx->check_revocation = store->check_revocation;
+    else
+        ctx->check_revocation = check_revocation;
+
+    if (store && store->get_crl)
+        ctx->get_crl = store->get_crl;
+    else
+        ctx->get_crl = NULL;
+
+    if (store && store->check_crl)
+        ctx->check_crl = store->check_crl;
+    else
+        ctx->check_crl = check_crl;
+
+    if (store && store->cert_crl)
+        ctx->cert_crl = store->cert_crl;
+    else
+        ctx->cert_crl = cert_crl;
+
+    if (store && store->lookup_certs)
+        ctx->lookup_certs = store->lookup_certs;
+    else
+        ctx->lookup_certs = X509_STORE_get1_certs;
+
+    if (store && store->lookup_crls)
+        ctx->lookup_crls = store->lookup_crls;
+    else
+        ctx->lookup_crls = X509_STORE_get1_crls;
+
+    ctx->check_policy = check_policy;
+
+    if (CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
+                           &ctx->ex_data))
+        return 1;
+    X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
+
+ err:
+    /*
+     * On error clean up allocated storage, if the store context was not
+     * allocated with X509_STORE_CTX_new() this is our last chance to do so.
+     */
+    X509_STORE_CTX_cleanup(ctx);
+    return 0;
+}
+
+/*
+ * Set alternative lookup method: just a STACK of trusted certificates. This
+ * avoids X509_STORE nastiness where it isn't needed.
+ */
+
+void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
+{
+    ctx->other_ctx = sk;
+    ctx->get_issuer = get_issuer_sk;
+}
+
+void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
+{
+    /*
+     * We need to be idempotent because, unfortunately, free() also calls
+     * cleanup(), so the natural call sequence new(), init(), cleanup(), free()
+     * calls cleanup() for the same object twice!  Thus we must zero the
+     * pointers below after they're freed!
+     */
+    /* Seems to always be 0 in OpenSSL, do this at most once. */
+    if (ctx->cleanup != NULL) {
+        ctx->cleanup(ctx);
+        ctx->cleanup = NULL;
+    }
+    if (ctx->param != NULL) {
+        if (ctx->parent == NULL)
+            X509_VERIFY_PARAM_free(ctx->param);
+        ctx->param = NULL;
+    }
+    if (ctx->tree != NULL) {
+        X509_policy_tree_free(ctx->tree);
+        ctx->tree = NULL;
+    }
+    if (ctx->chain != NULL) {
+        sk_X509_pop_free(ctx->chain, X509_free);
+        ctx->chain = NULL;
+    }
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
+    memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA));
+}
+
+void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth)
+{
+    X509_VERIFY_PARAM_set_depth(ctx->param, depth);
+}
+
+void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags)
+{
+    X509_VERIFY_PARAM_set_flags(ctx->param, flags);
+}
+
+void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
+                             time_t t)
+{
+    X509_VERIFY_PARAM_set_time(ctx->param, t);
+}
+
+void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
+                                  int (*verify_cb) (int, X509_STORE_CTX *))
+{
+    ctx->verify_cb = verify_cb;
+}
+
+X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx)
+{
+    return ctx->tree;
+}
+
+int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx)
+{
+    return ctx->explicit_policy;
+}
+
+int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name)
+{
+    const X509_VERIFY_PARAM *param;
+    param = X509_VERIFY_PARAM_lookup(name);
+    if (!param)
+        return 0;
+    return X509_VERIFY_PARAM_inherit(ctx->param, param);
+}
+
+X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx)
+{
+    return ctx->param;
+}
+
+void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param)
+{
+    if (ctx->param)
+        X509_VERIFY_PARAM_free(ctx->param);
+    ctx->param = param;
+}
+
+IMPLEMENT_STACK_OF(X509)
+
+IMPLEMENT_ASN1_SET_OF(X509)
+
+IMPLEMENT_STACK_OF(X509_NAME)
+
+IMPLEMENT_STACK_OF(X509_ATTRIBUTE)
+
+IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE)

Deleted: vendor-crypto/openssl/1.0.1u/crypto/x509/x509_vfy.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509/x509_vfy.h	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/x509/x509_vfy.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,595 +0,0 @@
-/* crypto/x509/x509_vfy.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_X509_H
-# include <openssl/x509.h>
-/*
- * openssl/x509.h ends up #include-ing this file at about the only
- * appropriate moment.
- */
-#endif
-
-#ifndef HEADER_X509_VFY_H
-# define HEADER_X509_VFY_H
-
-# include <openssl/opensslconf.h>
-# ifndef OPENSSL_NO_LHASH
-#  include <openssl/lhash.h>
-# endif
-# include <openssl/bio.h>
-# include <openssl/crypto.h>
-# include <openssl/symhacks.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-# if 0
-/* Outer object */
-typedef struct x509_hash_dir_st {
-    int num_dirs;
-    char **dirs;
-    int *dirs_type;
-    int num_dirs_alloced;
-} X509_HASH_DIR_CTX;
-# endif
-
-typedef struct x509_file_st {
-    int num_paths;              /* number of paths to files or directories */
-    int num_alloced;
-    char **paths;               /* the list of paths or directories */
-    int *path_type;
-} X509_CERT_FILE_CTX;
-
-/*******************************/
-/*-
-SSL_CTX -> X509_STORE
-                -> X509_LOOKUP
-                        ->X509_LOOKUP_METHOD
-                -> X509_LOOKUP
-                        ->X509_LOOKUP_METHOD
-
-SSL     -> X509_STORE_CTX
-                ->X509_STORE
-
-The X509_STORE holds the tables etc for verification stuff.
-A X509_STORE_CTX is used while validating a single certificate.
-The X509_STORE has X509_LOOKUPs for looking up certs.
-The X509_STORE then calls a function to actually verify the
-certificate chain.
-*/
-
-# define X509_LU_RETRY           -1
-# define X509_LU_FAIL            0
-# define X509_LU_X509            1
-# define X509_LU_CRL             2
-# define X509_LU_PKEY            3
-
-typedef struct x509_object_st {
-    /* one of the above types */
-    int type;
-    union {
-        char *ptr;
-        X509 *x509;
-        X509_CRL *crl;
-        EVP_PKEY *pkey;
-    } data;
-} X509_OBJECT;
-
-typedef struct x509_lookup_st X509_LOOKUP;
-
-DECLARE_STACK_OF(X509_LOOKUP)
-DECLARE_STACK_OF(X509_OBJECT)
-
-/* This is a static that defines the function interface */
-typedef struct x509_lookup_method_st {
-    const char *name;
-    int (*new_item) (X509_LOOKUP *ctx);
-    void (*free) (X509_LOOKUP *ctx);
-    int (*init) (X509_LOOKUP *ctx);
-    int (*shutdown) (X509_LOOKUP *ctx);
-    int (*ctrl) (X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
-                 char **ret);
-    int (*get_by_subject) (X509_LOOKUP *ctx, int type, X509_NAME *name,
-                           X509_OBJECT *ret);
-    int (*get_by_issuer_serial) (X509_LOOKUP *ctx, int type, X509_NAME *name,
-                                 ASN1_INTEGER *serial, X509_OBJECT *ret);
-    int (*get_by_fingerprint) (X509_LOOKUP *ctx, int type,
-                               unsigned char *bytes, int len,
-                               X509_OBJECT *ret);
-    int (*get_by_alias) (X509_LOOKUP *ctx, int type, char *str, int len,
-                         X509_OBJECT *ret);
-} X509_LOOKUP_METHOD;
-
-/*
- * This structure hold all parameters associated with a verify operation by
- * including an X509_VERIFY_PARAM structure in related structures the
- * parameters used can be customized
- */
-
-typedef struct X509_VERIFY_PARAM_st {
-    char *name;
-    time_t check_time;          /* Time to use */
-    unsigned long inh_flags;    /* Inheritance flags */
-    unsigned long flags;        /* Various verify flags */
-    int purpose;                /* purpose to check untrusted certificates */
-    int trust;                  /* trust setting to check */
-    int depth;                  /* Verify depth */
-    STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */
-} X509_VERIFY_PARAM;
-
-DECLARE_STACK_OF(X509_VERIFY_PARAM)
-
-/*
- * This is used to hold everything.  It is used for all certificate
- * validation.  Once we have a certificate chain, the 'verify' function is
- * then called to actually check the cert chain.
- */
-struct x509_store_st {
-    /* The following is a cache of trusted certs */
-    int cache;                  /* if true, stash any hits */
-    STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */
-    /* These are external lookup methods */
-    STACK_OF(X509_LOOKUP) *get_cert_methods;
-    X509_VERIFY_PARAM *param;
-    /* Callbacks for various operations */
-    /* called to verify a certificate */
-    int (*verify) (X509_STORE_CTX *ctx);
-    /* error callback */
-    int (*verify_cb) (int ok, X509_STORE_CTX *ctx);
-    /* get issuers cert from ctx */
-    int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
-    /* check issued */
-    int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
-    /* Check revocation status of chain */
-    int (*check_revocation) (X509_STORE_CTX *ctx);
-    /* retrieve CRL */
-    int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x);
-    /* Check CRL validity */
-    int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl);
-    /* Check certificate against CRL */
-    int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x);
-    STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm);
-    STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm);
-    int (*cleanup) (X509_STORE_CTX *ctx);
-    CRYPTO_EX_DATA ex_data;
-    int references;
-} /* X509_STORE */ ;
-
-int X509_STORE_set_depth(X509_STORE *store, int depth);
-
-# define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))
-# define X509_STORE_set_verify_func(ctx,func)    ((ctx)->verify=(func))
-
-/* This is the functions plus an instance of the local variables. */
-struct x509_lookup_st {
-    int init;                   /* have we been started */
-    int skip;                   /* don't use us. */
-    X509_LOOKUP_METHOD *method; /* the functions */
-    char *method_data;          /* method data */
-    X509_STORE *store_ctx;      /* who owns us */
-} /* X509_LOOKUP */ ;
-
-/*
- * This is a used when verifying cert chains.  Since the gathering of the
- * cert chain can take some time (and have to be 'retried', this needs to be
- * kept and passed around.
- */
-struct x509_store_ctx_st {      /* X509_STORE_CTX */
-    X509_STORE *ctx;
-    /* used when looking up certs */
-    int current_method;
-    /* The following are set by the caller */
-    /* The cert to check */
-    X509 *cert;
-    /* chain of X509s - untrusted - passed in */
-    STACK_OF(X509) *untrusted;
-    /* set of CRLs passed in */
-    STACK_OF(X509_CRL) *crls;
-    X509_VERIFY_PARAM *param;
-    /* Other info for use with get_issuer() */
-    void *other_ctx;
-    /* Callbacks for various operations */
-    /* called to verify a certificate */
-    int (*verify) (X509_STORE_CTX *ctx);
-    /* error callback */
-    int (*verify_cb) (int ok, X509_STORE_CTX *ctx);
-    /* get issuers cert from ctx */
-    int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
-    /* check issued */
-    int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
-    /* Check revocation status of chain */
-    int (*check_revocation) (X509_STORE_CTX *ctx);
-    /* retrieve CRL */
-    int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x);
-    /* Check CRL validity */
-    int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl);
-    /* Check certificate against CRL */
-    int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x);
-    int (*check_policy) (X509_STORE_CTX *ctx);
-    STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm);
-    STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm);
-    int (*cleanup) (X509_STORE_CTX *ctx);
-    /* The following is built up */
-    /* if 0, rebuild chain */
-    int valid;
-    /* index of last untrusted cert */
-    int last_untrusted;
-    /* chain of X509s - built up and trusted */
-    STACK_OF(X509) *chain;
-    /* Valid policy tree */
-    X509_POLICY_TREE *tree;
-    /* Require explicit policy value */
-    int explicit_policy;
-    /* When something goes wrong, this is why */
-    int error_depth;
-    int error;
-    X509 *current_cert;
-    /* cert currently being tested as valid issuer */
-    X509 *current_issuer;
-    /* current CRL */
-    X509_CRL *current_crl;
-    /* score of current CRL */
-    int current_crl_score;
-    /* Reason mask */
-    unsigned int current_reasons;
-    /* For CRL path validation: parent context */
-    X509_STORE_CTX *parent;
-    CRYPTO_EX_DATA ex_data;
-} /* X509_STORE_CTX */ ;
-
-void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
-
-# define X509_STORE_CTX_set_app_data(ctx,data) \
-        X509_STORE_CTX_set_ex_data(ctx,0,data)
-# define X509_STORE_CTX_get_app_data(ctx) \
-        X509_STORE_CTX_get_ex_data(ctx,0)
-
-# define X509_L_FILE_LOAD        1
-# define X509_L_ADD_DIR          2
-
-# define X509_LOOKUP_load_file(x,name,type) \
-                X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL)
-
-# define X509_LOOKUP_add_dir(x,name,type) \
-                X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
-
-# define         X509_V_OK                                       0
-/* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */
-
-# define         X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT            2
-# define         X509_V_ERR_UNABLE_TO_GET_CRL                    3
-# define         X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE     4
-# define         X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE      5
-# define         X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY   6
-# define         X509_V_ERR_CERT_SIGNATURE_FAILURE               7
-# define         X509_V_ERR_CRL_SIGNATURE_FAILURE                8
-# define         X509_V_ERR_CERT_NOT_YET_VALID                   9
-# define         X509_V_ERR_CERT_HAS_EXPIRED                     10
-# define         X509_V_ERR_CRL_NOT_YET_VALID                    11
-# define         X509_V_ERR_CRL_HAS_EXPIRED                      12
-# define         X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD       13
-# define         X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD        14
-# define         X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD       15
-# define         X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD       16
-# define         X509_V_ERR_OUT_OF_MEM                           17
-# define         X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT          18
-# define         X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN            19
-# define         X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY    20
-# define         X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE      21
-# define         X509_V_ERR_CERT_CHAIN_TOO_LONG                  22
-# define         X509_V_ERR_CERT_REVOKED                         23
-# define         X509_V_ERR_INVALID_CA                           24
-# define         X509_V_ERR_PATH_LENGTH_EXCEEDED                 25
-# define         X509_V_ERR_INVALID_PURPOSE                      26
-# define         X509_V_ERR_CERT_UNTRUSTED                       27
-# define         X509_V_ERR_CERT_REJECTED                        28
-/* These are 'informational' when looking for issuer cert */
-# define         X509_V_ERR_SUBJECT_ISSUER_MISMATCH              29
-# define         X509_V_ERR_AKID_SKID_MISMATCH                   30
-# define         X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH          31
-# define         X509_V_ERR_KEYUSAGE_NO_CERTSIGN                 32
-
-# define         X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER             33
-# define         X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION         34
-# define         X509_V_ERR_KEYUSAGE_NO_CRL_SIGN                 35
-# define         X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION     36
-# define         X509_V_ERR_INVALID_NON_CA                       37
-# define         X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED           38
-# define         X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE        39
-# define         X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED       40
-
-# define         X509_V_ERR_INVALID_EXTENSION                    41
-# define         X509_V_ERR_INVALID_POLICY_EXTENSION             42
-# define         X509_V_ERR_NO_EXPLICIT_POLICY                   43
-# define         X509_V_ERR_DIFFERENT_CRL_SCOPE                  44
-# define         X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE        45
-
-# define         X509_V_ERR_UNNESTED_RESOURCE                    46
-
-# define         X509_V_ERR_PERMITTED_VIOLATION                  47
-# define         X509_V_ERR_EXCLUDED_VIOLATION                   48
-# define         X509_V_ERR_SUBTREE_MINMAX                       49
-# define         X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE          51
-# define         X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX        52
-# define         X509_V_ERR_UNSUPPORTED_NAME_SYNTAX              53
-# define         X509_V_ERR_CRL_PATH_VALIDATION_ERROR            54
-
-/* The application is not happy */
-# define         X509_V_ERR_APPLICATION_VERIFICATION             50
-
-/* Certificate verify flags */
-
-/* Send issuer+subject checks to verify_cb */
-# define X509_V_FLAG_CB_ISSUER_CHECK             0x1
-/* Use check time instead of current time */
-# define X509_V_FLAG_USE_CHECK_TIME              0x2
-/* Lookup CRLs */
-# define X509_V_FLAG_CRL_CHECK                   0x4
-/* Lookup CRLs for whole chain */
-# define X509_V_FLAG_CRL_CHECK_ALL               0x8
-/* Ignore unhandled critical extensions */
-# define X509_V_FLAG_IGNORE_CRITICAL             0x10
-/* Disable workarounds for broken certificates */
-# define X509_V_FLAG_X509_STRICT                 0x20
-/* Enable proxy certificate validation */
-# define X509_V_FLAG_ALLOW_PROXY_CERTS           0x40
-/* Enable policy checking */
-# define X509_V_FLAG_POLICY_CHECK                0x80
-/* Policy variable require-explicit-policy */
-# define X509_V_FLAG_EXPLICIT_POLICY             0x100
-/* Policy variable inhibit-any-policy */
-# define X509_V_FLAG_INHIBIT_ANY                 0x200
-/* Policy variable inhibit-policy-mapping */
-# define X509_V_FLAG_INHIBIT_MAP                 0x400
-/* Notify callback that policy is OK */
-# define X509_V_FLAG_NOTIFY_POLICY               0x800
-/* Extended CRL features such as indirect CRLs, alternate CRL signing keys */
-# define X509_V_FLAG_EXTENDED_CRL_SUPPORT        0x1000
-/* Delta CRL support */
-# define X509_V_FLAG_USE_DELTAS                  0x2000
-/* Check selfsigned CA signature */
-# define X509_V_FLAG_CHECK_SS_SIGNATURE          0x4000
-/*
- * If the initial chain is not trusted, do not attempt to build an alternative
- * chain. Alternate chain checking was introduced in 1.0.1n/1.0.2b. Setting
- * this flag will force the behaviour to match that of previous versions.
- */
-# define X509_V_FLAG_NO_ALT_CHAINS               0x100000
-
-# define X509_VP_FLAG_DEFAULT                    0x1
-# define X509_VP_FLAG_OVERWRITE                  0x2
-# define X509_VP_FLAG_RESET_FLAGS                0x4
-# define X509_VP_FLAG_LOCKED                     0x8
-# define X509_VP_FLAG_ONCE                       0x10
-
-/* Internal use: mask of policy related options */
-# define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \
-                                | X509_V_FLAG_EXPLICIT_POLICY \
-                                | X509_V_FLAG_INHIBIT_ANY \
-                                | X509_V_FLAG_INHIBIT_MAP)
-
-int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
-                               X509_NAME *name);
-X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,
-                                             int type, X509_NAME *name);
-X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h,
-                                        X509_OBJECT *x);
-void X509_OBJECT_up_ref_count(X509_OBJECT *a);
-void X509_OBJECT_free_contents(X509_OBJECT *a);
-X509_STORE *X509_STORE_new(void);
-void X509_STORE_free(X509_STORE *v);
-
-STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *st, X509_NAME *nm);
-STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *st, X509_NAME *nm);
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
-int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm);
-
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
-                              int (*verify_cb) (int, X509_STORE_CTX *));
-
-X509_STORE_CTX *X509_STORE_CTX_new(void);
-
-int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
-
-void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
-int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
-                        X509 *x509, STACK_OF(X509) *chain);
-void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
-void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
-
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
-
-X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
-X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
-
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
-
-int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
-                              X509_OBJECT *ret);
-
-int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
-                     long argl, char **ret);
-
-# ifndef OPENSSL_NO_STDIO
-int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
-int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
-int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
-# endif
-
-X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
-void X509_LOOKUP_free(X509_LOOKUP *ctx);
-int X509_LOOKUP_init(X509_LOOKUP *ctx);
-int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
-                           X509_OBJECT *ret);
-int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
-                                 ASN1_INTEGER *serial, X509_OBJECT *ret);
-int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
-                               unsigned char *bytes, int len,
-                               X509_OBJECT *ret);
-int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
-                         X509_OBJECT *ret);
-int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
-
-# ifndef OPENSSL_NO_STDIO
-int X509_STORE_load_locations(X509_STORE *ctx,
-                              const char *file, const char *dir);
-int X509_STORE_set_default_paths(X509_STORE *ctx);
-# endif
-
-int X509_STORE_CTX_get_ex_new_index(long argl, void *argp,
-                                    CRYPTO_EX_new *new_func,
-                                    CRYPTO_EX_dup *dup_func,
-                                    CRYPTO_EX_free *free_func);
-int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data);
-void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx);
-int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
-void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s);
-int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
-X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
-X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx);
-X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx);
-X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx);
-STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
-STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
-void X509_STORE_CTX_set_cert(X509_STORE_CTX *c, X509 *x);
-void X509_STORE_CTX_set_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
-void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c, STACK_OF(X509_CRL) *sk);
-int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
-int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
-int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
-                                   int purpose, int trust);
-void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
-void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
-                             time_t t);
-void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
-                                  int (*verify_cb) (int, X509_STORE_CTX *));
-
-X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx);
-int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx);
-
-X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx);
-void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);
-int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);
-
-/* X509_VERIFY_PARAM functions */
-
-X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void);
-void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param);
-int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to,
-                              const X509_VERIFY_PARAM *from);
-int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
-                           const X509_VERIFY_PARAM *from);
-int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name);
-int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param,
-                                unsigned long flags);
-int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
-                                  unsigned long flags);
-unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param);
-int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
-int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
-void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
-void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
-int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
-                                  ASN1_OBJECT *policy);
-int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
-                                    STACK_OF(ASN1_OBJECT) *policies);
-int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
-
-int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param);
-const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name);
-void X509_VERIFY_PARAM_table_cleanup(void);
-
-int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
-                      STACK_OF(X509) *certs,
-                      STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags);
-
-void X509_policy_tree_free(X509_POLICY_TREE *tree);
-
-int X509_policy_tree_level_count(const X509_POLICY_TREE *tree);
-X509_POLICY_LEVEL *X509_policy_tree_get0_level(const X509_POLICY_TREE *tree,
-                                               int i);
-
-STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_policies(const
-                                                           X509_POLICY_TREE
-                                                           *tree);
-
-STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_user_policies(const
-                                                                X509_POLICY_TREE
-                                                                *tree);
-
-int X509_policy_level_node_count(X509_POLICY_LEVEL *level);
-
-X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level,
-                                              int i);
-
-const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node);
-
-STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const
-                                                           X509_POLICY_NODE
-                                                           *node);
-const X509_POLICY_NODE *X509_policy_node_get0_parent(const X509_POLICY_NODE
-                                                     *node);
-
-#ifdef  __cplusplus
-}
-#endif
-#endif

Copied: vendor-crypto/openssl/1.0.1u/crypto/x509/x509_vfy.h (from rev 11605, vendor-crypto/openssl/dist/crypto/x509/x509_vfy.h)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/x509/x509_vfy.h	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/x509/x509_vfy.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,615 @@
+/* crypto/x509/x509_vfy.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_X509_H
+# include <openssl/x509.h>
+/*
+ * openssl/x509.h ends up #include-ing this file at about the only
+ * appropriate moment.
+ */
+#endif
+
+#ifndef HEADER_X509_VFY_H
+# define HEADER_X509_VFY_H
+
+# include <openssl/opensslconf.h>
+# ifndef OPENSSL_NO_LHASH
+#  include <openssl/lhash.h>
+# endif
+# include <openssl/bio.h>
+# include <openssl/crypto.h>
+# include <openssl/symhacks.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# if 0
+/* Outer object */
+typedef struct x509_hash_dir_st {
+    int num_dirs;
+    char **dirs;
+    int *dirs_type;
+    int num_dirs_alloced;
+} X509_HASH_DIR_CTX;
+# endif
+
+typedef struct x509_file_st {
+    int num_paths;              /* number of paths to files or directories */
+    int num_alloced;
+    char **paths;               /* the list of paths or directories */
+    int *path_type;
+} X509_CERT_FILE_CTX;
+
+/*******************************/
+/*-
+SSL_CTX -> X509_STORE
+                -> X509_LOOKUP
+                        ->X509_LOOKUP_METHOD
+                -> X509_LOOKUP
+                        ->X509_LOOKUP_METHOD
+
+SSL     -> X509_STORE_CTX
+                ->X509_STORE
+
+The X509_STORE holds the tables etc for verification stuff.
+A X509_STORE_CTX is used while validating a single certificate.
+The X509_STORE has X509_LOOKUPs for looking up certs.
+The X509_STORE then calls a function to actually verify the
+certificate chain.
+*/
+
+# define X509_LU_RETRY           -1
+# define X509_LU_FAIL            0
+# define X509_LU_X509            1
+# define X509_LU_CRL             2
+# define X509_LU_PKEY            3
+
+typedef struct x509_object_st {
+    /* one of the above types */
+    int type;
+    union {
+        char *ptr;
+        X509 *x509;
+        X509_CRL *crl;
+        EVP_PKEY *pkey;
+    } data;
+} X509_OBJECT;
+
+typedef struct x509_lookup_st X509_LOOKUP;
+
+DECLARE_STACK_OF(X509_LOOKUP)
+DECLARE_STACK_OF(X509_OBJECT)
+
+/* This is a static that defines the function interface */
+typedef struct x509_lookup_method_st {
+    const char *name;
+    int (*new_item) (X509_LOOKUP *ctx);
+    void (*free) (X509_LOOKUP *ctx);
+    int (*init) (X509_LOOKUP *ctx);
+    int (*shutdown) (X509_LOOKUP *ctx);
+    int (*ctrl) (X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
+                 char **ret);
+    int (*get_by_subject) (X509_LOOKUP *ctx, int type, X509_NAME *name,
+                           X509_OBJECT *ret);
+    int (*get_by_issuer_serial) (X509_LOOKUP *ctx, int type, X509_NAME *name,
+                                 ASN1_INTEGER *serial, X509_OBJECT *ret);
+    int (*get_by_fingerprint) (X509_LOOKUP *ctx, int type,
+                               unsigned char *bytes, int len,
+                               X509_OBJECT *ret);
+    int (*get_by_alias) (X509_LOOKUP *ctx, int type, char *str, int len,
+                         X509_OBJECT *ret);
+} X509_LOOKUP_METHOD;
+
+/*
+ * This structure hold all parameters associated with a verify operation by
+ * including an X509_VERIFY_PARAM structure in related structures the
+ * parameters used can be customized
+ */
+
+typedef struct X509_VERIFY_PARAM_st {
+    char *name;
+    time_t check_time;          /* Time to use */
+    unsigned long inh_flags;    /* Inheritance flags */
+    unsigned long flags;        /* Various verify flags */
+    int purpose;                /* purpose to check untrusted certificates */
+    int trust;                  /* trust setting to check */
+    int depth;                  /* Verify depth */
+    STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */
+} X509_VERIFY_PARAM;
+
+DECLARE_STACK_OF(X509_VERIFY_PARAM)
+
+/*
+ * This is used to hold everything.  It is used for all certificate
+ * validation.  Once we have a certificate chain, the 'verify' function is
+ * then called to actually check the cert chain.
+ */
+struct x509_store_st {
+    /* The following is a cache of trusted certs */
+    int cache;                  /* if true, stash any hits */
+    STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */
+    /* These are external lookup methods */
+    STACK_OF(X509_LOOKUP) *get_cert_methods;
+    X509_VERIFY_PARAM *param;
+    /* Callbacks for various operations */
+    /* called to verify a certificate */
+    int (*verify) (X509_STORE_CTX *ctx);
+    /* error callback */
+    int (*verify_cb) (int ok, X509_STORE_CTX *ctx);
+    /* get issuers cert from ctx */
+    int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
+    /* check issued */
+    int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
+    /* Check revocation status of chain */
+    int (*check_revocation) (X509_STORE_CTX *ctx);
+    /* retrieve CRL */
+    int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x);
+    /* Check CRL validity */
+    int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl);
+    /* Check certificate against CRL */
+    int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x);
+    STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm);
+    STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm);
+    int (*cleanup) (X509_STORE_CTX *ctx);
+    CRYPTO_EX_DATA ex_data;
+    int references;
+} /* X509_STORE */ ;
+
+int X509_STORE_set_depth(X509_STORE *store, int depth);
+
+# define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))
+# define X509_STORE_set_verify_func(ctx,func)    ((ctx)->verify=(func))
+
+/* This is the functions plus an instance of the local variables. */
+struct x509_lookup_st {
+    int init;                   /* have we been started */
+    int skip;                   /* don't use us. */
+    X509_LOOKUP_METHOD *method; /* the functions */
+    char *method_data;          /* method data */
+    X509_STORE *store_ctx;      /* who owns us */
+} /* X509_LOOKUP */ ;
+
+/*
+ * This is a used when verifying cert chains.  Since the gathering of the
+ * cert chain can take some time (and have to be 'retried', this needs to be
+ * kept and passed around.
+ */
+struct x509_store_ctx_st {      /* X509_STORE_CTX */
+    X509_STORE *ctx;
+    /* used when looking up certs */
+    int current_method;
+    /* The following are set by the caller */
+    /* The cert to check */
+    X509 *cert;
+    /* chain of X509s - untrusted - passed in */
+    STACK_OF(X509) *untrusted;
+    /* set of CRLs passed in */
+    STACK_OF(X509_CRL) *crls;
+    X509_VERIFY_PARAM *param;
+    /* Other info for use with get_issuer() */
+    void *other_ctx;
+    /* Callbacks for various operations */
+    /* called to verify a certificate */
+    int (*verify) (X509_STORE_CTX *ctx);
+    /* error callback */
+    int (*verify_cb) (int ok, X509_STORE_CTX *ctx);
+    /* get issuers cert from ctx */
+    int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
+    /* check issued */
+    int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
+    /* Check revocation status of chain */
+    int (*check_revocation) (X509_STORE_CTX *ctx);
+    /* retrieve CRL */
+    int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x);
+    /* Check CRL validity */
+    int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl);
+    /* Check certificate against CRL */
+    int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x);
+    int (*check_policy) (X509_STORE_CTX *ctx);
+    STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm);
+    STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm);
+    int (*cleanup) (X509_STORE_CTX *ctx);
+    /* The following is built up */
+    /* if 0, rebuild chain */
+    int valid;
+    /* index of last untrusted cert */
+    int last_untrusted;
+    /* chain of X509s - built up and trusted */
+    STACK_OF(X509) *chain;
+    /* Valid policy tree */
+    X509_POLICY_TREE *tree;
+    /* Require explicit policy value */
+    int explicit_policy;
+    /* When something goes wrong, this is why */
+    int error_depth;
+    int error;
+    X509 *current_cert;
+    /* cert currently being tested as valid issuer */
+    X509 *current_issuer;
+    /* current CRL */
+    X509_CRL *current_crl;
+    /* score of current CRL */
+    int current_crl_score;
+    /* Reason mask */
+    unsigned int current_reasons;
+    /* For CRL path validation: parent context */
+    X509_STORE_CTX *parent;
+    CRYPTO_EX_DATA ex_data;
+} /* X509_STORE_CTX */ ;
+
+void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
+
+# define X509_STORE_CTX_set_app_data(ctx,data) \
+        X509_STORE_CTX_set_ex_data(ctx,0,data)
+# define X509_STORE_CTX_get_app_data(ctx) \
+        X509_STORE_CTX_get_ex_data(ctx,0)
+
+# define X509_L_FILE_LOAD        1
+# define X509_L_ADD_DIR          2
+
+# define X509_LOOKUP_load_file(x,name,type) \
+                X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL)
+
+# define X509_LOOKUP_add_dir(x,name,type) \
+                X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
+
+# define         X509_V_OK                                       0
+# define         X509_V_ERR_UNSPECIFIED                          1
+
+# define         X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT            2
+# define         X509_V_ERR_UNABLE_TO_GET_CRL                    3
+# define         X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE     4
+# define         X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE      5
+# define         X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY   6
+# define         X509_V_ERR_CERT_SIGNATURE_FAILURE               7
+# define         X509_V_ERR_CRL_SIGNATURE_FAILURE                8
+# define         X509_V_ERR_CERT_NOT_YET_VALID                   9
+# define         X509_V_ERR_CERT_HAS_EXPIRED                     10
+# define         X509_V_ERR_CRL_NOT_YET_VALID                    11
+# define         X509_V_ERR_CRL_HAS_EXPIRED                      12
+# define         X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD       13
+# define         X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD        14
+# define         X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD       15
+# define         X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD       16
+# define         X509_V_ERR_OUT_OF_MEM                           17
+# define         X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT          18
+# define         X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN            19
+# define         X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY    20
+# define         X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE      21
+# define         X509_V_ERR_CERT_CHAIN_TOO_LONG                  22
+# define         X509_V_ERR_CERT_REVOKED                         23
+# define         X509_V_ERR_INVALID_CA                           24
+# define         X509_V_ERR_PATH_LENGTH_EXCEEDED                 25
+# define         X509_V_ERR_INVALID_PURPOSE                      26
+# define         X509_V_ERR_CERT_UNTRUSTED                       27
+# define         X509_V_ERR_CERT_REJECTED                        28
+/* These are 'informational' when looking for issuer cert */
+# define         X509_V_ERR_SUBJECT_ISSUER_MISMATCH              29
+# define         X509_V_ERR_AKID_SKID_MISMATCH                   30
+# define         X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH          31
+# define         X509_V_ERR_KEYUSAGE_NO_CERTSIGN                 32
+
+# define         X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER             33
+# define         X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION         34
+# define         X509_V_ERR_KEYUSAGE_NO_CRL_SIGN                 35
+# define         X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION     36
+# define         X509_V_ERR_INVALID_NON_CA                       37
+# define         X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED           38
+# define         X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE        39
+# define         X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED       40
+
+# define         X509_V_ERR_INVALID_EXTENSION                    41
+# define         X509_V_ERR_INVALID_POLICY_EXTENSION             42
+# define         X509_V_ERR_NO_EXPLICIT_POLICY                   43
+# define         X509_V_ERR_DIFFERENT_CRL_SCOPE                  44
+# define         X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE        45
+
+# define         X509_V_ERR_UNNESTED_RESOURCE                    46
+
+# define         X509_V_ERR_PERMITTED_VIOLATION                  47
+# define         X509_V_ERR_EXCLUDED_VIOLATION                   48
+# define         X509_V_ERR_SUBTREE_MINMAX                       49
+# define         X509_V_ERR_APPLICATION_VERIFICATION             50
+# define         X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE          51
+# define         X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX        52
+# define         X509_V_ERR_UNSUPPORTED_NAME_SYNTAX              53
+# define         X509_V_ERR_CRL_PATH_VALIDATION_ERROR            54
+
+# if 0 /* Reserved for compatibility 1.0.2 */
+/* Suite B mode algorithm violation */
+#  define         X509_V_ERR_SUITE_B_INVALID_VERSION              56
+#  define         X509_V_ERR_SUITE_B_INVALID_ALGORITHM            57
+#  define         X509_V_ERR_SUITE_B_INVALID_CURVE                58
+#  define         X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM  59
+#  define         X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED              60
+#  define         X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61
+
+/* Host, email and IP check errors */
+#  define         X509_V_ERR_HOSTNAME_MISMATCH                    62
+#  define         X509_V_ERR_EMAIL_MISMATCH                       63
+#  define         X509_V_ERR_IP_ADDRESS_MISMATCH                  64
+# endif
+
+/* Caller error */
+# define         X509_V_ERR_INVALID_CALL                         65
+/* Issuer lookup error */
+# define         X509_V_ERR_STORE_LOOKUP                         66
+
+# define         X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION         67
+
+/* Certificate verify flags */
+
+/* Send issuer+subject checks to verify_cb */
+# define X509_V_FLAG_CB_ISSUER_CHECK             0x1
+/* Use check time instead of current time */
+# define X509_V_FLAG_USE_CHECK_TIME              0x2
+/* Lookup CRLs */
+# define X509_V_FLAG_CRL_CHECK                   0x4
+/* Lookup CRLs for whole chain */
+# define X509_V_FLAG_CRL_CHECK_ALL               0x8
+/* Ignore unhandled critical extensions */
+# define X509_V_FLAG_IGNORE_CRITICAL             0x10
+/* Disable workarounds for broken certificates */
+# define X509_V_FLAG_X509_STRICT                 0x20
+/* Enable proxy certificate validation */
+# define X509_V_FLAG_ALLOW_PROXY_CERTS           0x40
+/* Enable policy checking */
+# define X509_V_FLAG_POLICY_CHECK                0x80
+/* Policy variable require-explicit-policy */
+# define X509_V_FLAG_EXPLICIT_POLICY             0x100
+/* Policy variable inhibit-any-policy */
+# define X509_V_FLAG_INHIBIT_ANY                 0x200
+/* Policy variable inhibit-policy-mapping */
+# define X509_V_FLAG_INHIBIT_MAP                 0x400
+/* Notify callback that policy is OK */
+# define X509_V_FLAG_NOTIFY_POLICY               0x800
+/* Extended CRL features such as indirect CRLs, alternate CRL signing keys */
+# define X509_V_FLAG_EXTENDED_CRL_SUPPORT        0x1000
+/* Delta CRL support */
+# define X509_V_FLAG_USE_DELTAS                  0x2000
+/* Check selfsigned CA signature */
+# define X509_V_FLAG_CHECK_SS_SIGNATURE          0x4000
+/*
+ * If the initial chain is not trusted, do not attempt to build an alternative
+ * chain. Alternate chain checking was introduced in 1.0.1n/1.0.2b. Setting
+ * this flag will force the behaviour to match that of previous versions.
+ */
+# define X509_V_FLAG_NO_ALT_CHAINS               0x100000
+
+# define X509_VP_FLAG_DEFAULT                    0x1
+# define X509_VP_FLAG_OVERWRITE                  0x2
+# define X509_VP_FLAG_RESET_FLAGS                0x4
+# define X509_VP_FLAG_LOCKED                     0x8
+# define X509_VP_FLAG_ONCE                       0x10
+
+/* Internal use: mask of policy related options */
+# define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \
+                                | X509_V_FLAG_EXPLICIT_POLICY \
+                                | X509_V_FLAG_INHIBIT_ANY \
+                                | X509_V_FLAG_INHIBIT_MAP)
+
+int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
+                               X509_NAME *name);
+X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,
+                                             int type, X509_NAME *name);
+X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h,
+                                        X509_OBJECT *x);
+void X509_OBJECT_up_ref_count(X509_OBJECT *a);
+void X509_OBJECT_free_contents(X509_OBJECT *a);
+X509_STORE *X509_STORE_new(void);
+void X509_STORE_free(X509_STORE *v);
+
+STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *st, X509_NAME *nm);
+STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *st, X509_NAME *nm);
+int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
+int X509_STORE_set_trust(X509_STORE *ctx, int trust);
+int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm);
+
+void X509_STORE_set_verify_cb(X509_STORE *ctx,
+                              int (*verify_cb) (int, X509_STORE_CTX *));
+
+X509_STORE_CTX *X509_STORE_CTX_new(void);
+
+int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
+
+void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
+int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
+                        X509 *x509, STACK_OF(X509) *chain);
+void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
+void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
+
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+
+X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
+X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
+
+int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
+int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+
+int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
+                              X509_OBJECT *ret);
+
+int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
+                     long argl, char **ret);
+
+# ifndef OPENSSL_NO_STDIO
+int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
+int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
+int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
+# endif
+
+X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
+void X509_LOOKUP_free(X509_LOOKUP *ctx);
+int X509_LOOKUP_init(X509_LOOKUP *ctx);
+int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
+                           X509_OBJECT *ret);
+int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
+                                 ASN1_INTEGER *serial, X509_OBJECT *ret);
+int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
+                               unsigned char *bytes, int len,
+                               X509_OBJECT *ret);
+int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
+                         X509_OBJECT *ret);
+int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
+
+# ifndef OPENSSL_NO_STDIO
+int X509_STORE_load_locations(X509_STORE *ctx,
+                              const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *ctx);
+# endif
+
+int X509_STORE_CTX_get_ex_new_index(long argl, void *argp,
+                                    CRYPTO_EX_new *new_func,
+                                    CRYPTO_EX_dup *dup_func,
+                                    CRYPTO_EX_free *free_func);
+int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data);
+void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx);
+int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s);
+int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
+X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
+X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx);
+X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx);
+X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx);
+STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
+STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_cert(X509_STORE_CTX *c, X509 *x);
+void X509_STORE_CTX_set_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
+void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c, STACK_OF(X509_CRL) *sk);
+int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
+int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
+int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
+                                   int purpose, int trust);
+void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
+void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
+                             time_t t);
+void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
+                                  int (*verify_cb) (int, X509_STORE_CTX *));
+
+X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx);
+int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx);
+
+X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);
+int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);
+
+/* X509_VERIFY_PARAM functions */
+
+X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void);
+void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param);
+int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to,
+                              const X509_VERIFY_PARAM *from);
+int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
+                           const X509_VERIFY_PARAM *from);
+int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name);
+int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param,
+                                unsigned long flags);
+int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
+                                  unsigned long flags);
+unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param);
+int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
+int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
+void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
+void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
+int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
+                                  ASN1_OBJECT *policy);
+int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
+                                    STACK_OF(ASN1_OBJECT) *policies);
+int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
+
+int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param);
+const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name);
+void X509_VERIFY_PARAM_table_cleanup(void);
+
+int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
+                      STACK_OF(X509) *certs,
+                      STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags);
+
+void X509_policy_tree_free(X509_POLICY_TREE *tree);
+
+int X509_policy_tree_level_count(const X509_POLICY_TREE *tree);
+X509_POLICY_LEVEL *X509_policy_tree_get0_level(const X509_POLICY_TREE *tree,
+                                               int i);
+
+STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_policies(const
+                                                           X509_POLICY_TREE
+                                                           *tree);
+
+STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_user_policies(const
+                                                                X509_POLICY_TREE
+                                                                *tree);
+
+int X509_policy_level_node_count(X509_POLICY_LEVEL *level);
+
+X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level,
+                                              int i);
+
+const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node);
+
+STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const
+                                                           X509_POLICY_NODE
+                                                           *node);
+const X509_POLICY_NODE *X509_policy_node_get0_parent(const X509_POLICY_NODE
+                                                     *node);
+
+#ifdef  __cplusplus
+}
+#endif
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/crypto/x509v3/v3_addr.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/v3_addr.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/x509v3/v3_addr.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,1344 +0,0 @@
-/*
- * Contributed to the OpenSSL Project by the American Registry for
- * Internet Numbers ("ARIN").
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- */
-
-/*
- * Implementation of RFC 3779 section 2.2.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/buffer.h>
-#include <openssl/x509v3.h>
-
-#ifndef OPENSSL_NO_RFC3779
-
-/*
- * OpenSSL ASN.1 template translation of RFC 3779 2.2.3.
- */
-
-ASN1_SEQUENCE(IPAddressRange) = {
-  ASN1_SIMPLE(IPAddressRange, min, ASN1_BIT_STRING),
-  ASN1_SIMPLE(IPAddressRange, max, ASN1_BIT_STRING)
-} ASN1_SEQUENCE_END(IPAddressRange)
-
-ASN1_CHOICE(IPAddressOrRange) = {
-  ASN1_SIMPLE(IPAddressOrRange, u.addressPrefix, ASN1_BIT_STRING),
-  ASN1_SIMPLE(IPAddressOrRange, u.addressRange,  IPAddressRange)
-} ASN1_CHOICE_END(IPAddressOrRange)
-
-ASN1_CHOICE(IPAddressChoice) = {
-  ASN1_SIMPLE(IPAddressChoice,      u.inherit,           ASN1_NULL),
-  ASN1_SEQUENCE_OF(IPAddressChoice, u.addressesOrRanges, IPAddressOrRange)
-} ASN1_CHOICE_END(IPAddressChoice)
-
-ASN1_SEQUENCE(IPAddressFamily) = {
-  ASN1_SIMPLE(IPAddressFamily, addressFamily,   ASN1_OCTET_STRING),
-  ASN1_SIMPLE(IPAddressFamily, ipAddressChoice, IPAddressChoice)
-} ASN1_SEQUENCE_END(IPAddressFamily)
-
-ASN1_ITEM_TEMPLATE(IPAddrBlocks) =
-  ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
-                        IPAddrBlocks, IPAddressFamily)
-ASN1_ITEM_TEMPLATE_END(IPAddrBlocks)
-
-IMPLEMENT_ASN1_FUNCTIONS(IPAddressRange)
-IMPLEMENT_ASN1_FUNCTIONS(IPAddressOrRange)
-IMPLEMENT_ASN1_FUNCTIONS(IPAddressChoice)
-IMPLEMENT_ASN1_FUNCTIONS(IPAddressFamily)
-
-/*
- * How much buffer space do we need for a raw address?
- */
-# define ADDR_RAW_BUF_LEN        16
-
-/*
- * What's the address length associated with this AFI?
- */
-static int length_from_afi(const unsigned afi)
-{
-    switch (afi) {
-    case IANA_AFI_IPV4:
-        return 4;
-    case IANA_AFI_IPV6:
-        return 16;
-    default:
-        return 0;
-    }
-}
-
-/*
- * Extract the AFI from an IPAddressFamily.
- */
-unsigned int v3_addr_get_afi(const IPAddressFamily *f)
-{
-    return ((f != NULL &&
-             f->addressFamily != NULL && f->addressFamily->data != NULL)
-            ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1]))
-            : 0);
-}
-
-/*
- * Expand the bitstring form of an address into a raw byte array.
- * At the moment this is coded for simplicity, not speed.
- */
-static int addr_expand(unsigned char *addr,
-                       const ASN1_BIT_STRING *bs,
-                       const int length, const unsigned char fill)
-{
-    if (bs->length < 0 || bs->length > length)
-        return 0;
-    if (bs->length > 0) {
-        memcpy(addr, bs->data, bs->length);
-        if ((bs->flags & 7) != 0) {
-            unsigned char mask = 0xFF >> (8 - (bs->flags & 7));
-            if (fill == 0)
-                addr[bs->length - 1] &= ~mask;
-            else
-                addr[bs->length - 1] |= mask;
-        }
-    }
-    memset(addr + bs->length, fill, length - bs->length);
-    return 1;
-}
-
-/*
- * Extract the prefix length from a bitstring.
- */
-# define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7)))
-
-/*
- * i2r handler for one address bitstring.
- */
-static int i2r_address(BIO *out,
-                       const unsigned afi,
-                       const unsigned char fill, const ASN1_BIT_STRING *bs)
-{
-    unsigned char addr[ADDR_RAW_BUF_LEN];
-    int i, n;
-
-    if (bs->length < 0)
-        return 0;
-    switch (afi) {
-    case IANA_AFI_IPV4:
-        if (!addr_expand(addr, bs, 4, fill))
-            return 0;
-        BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
-        break;
-    case IANA_AFI_IPV6:
-        if (!addr_expand(addr, bs, 16, fill))
-            return 0;
-        for (n = 16; n > 1 && addr[n - 1] == 0x00 && addr[n - 2] == 0x00;
-             n -= 2) ;
-        for (i = 0; i < n; i += 2)
-            BIO_printf(out, "%x%s", (addr[i] << 8) | addr[i + 1],
-                       (i < 14 ? ":" : ""));
-        if (i < 16)
-            BIO_puts(out, ":");
-        if (i == 0)
-            BIO_puts(out, ":");
-        break;
-    default:
-        for (i = 0; i < bs->length; i++)
-            BIO_printf(out, "%s%02x", (i > 0 ? ":" : ""), bs->data[i]);
-        BIO_printf(out, "[%d]", (int)(bs->flags & 7));
-        break;
-    }
-    return 1;
-}
-
-/*
- * i2r handler for a sequence of addresses and ranges.
- */
-static int i2r_IPAddressOrRanges(BIO *out,
-                                 const int indent,
-                                 const IPAddressOrRanges *aors,
-                                 const unsigned afi)
-{
-    int i;
-    for (i = 0; i < sk_IPAddressOrRange_num(aors); i++) {
-        const IPAddressOrRange *aor = sk_IPAddressOrRange_value(aors, i);
-        BIO_printf(out, "%*s", indent, "");
-        switch (aor->type) {
-        case IPAddressOrRange_addressPrefix:
-            if (!i2r_address(out, afi, 0x00, aor->u.addressPrefix))
-                return 0;
-            BIO_printf(out, "/%d\n", addr_prefixlen(aor->u.addressPrefix));
-            continue;
-        case IPAddressOrRange_addressRange:
-            if (!i2r_address(out, afi, 0x00, aor->u.addressRange->min))
-                return 0;
-            BIO_puts(out, "-");
-            if (!i2r_address(out, afi, 0xFF, aor->u.addressRange->max))
-                return 0;
-            BIO_puts(out, "\n");
-            continue;
-        }
-    }
-    return 1;
-}
-
-/*
- * i2r handler for an IPAddrBlocks extension.
- */
-static int i2r_IPAddrBlocks(const X509V3_EXT_METHOD *method,
-                            void *ext, BIO *out, int indent)
-{
-    const IPAddrBlocks *addr = ext;
-    int i;
-    for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
-        IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
-        const unsigned int afi = v3_addr_get_afi(f);
-        switch (afi) {
-        case IANA_AFI_IPV4:
-            BIO_printf(out, "%*sIPv4", indent, "");
-            break;
-        case IANA_AFI_IPV6:
-            BIO_printf(out, "%*sIPv6", indent, "");
-            break;
-        default:
-            BIO_printf(out, "%*sUnknown AFI %u", indent, "", afi);
-            break;
-        }
-        if (f->addressFamily->length > 2) {
-            switch (f->addressFamily->data[2]) {
-            case 1:
-                BIO_puts(out, " (Unicast)");
-                break;
-            case 2:
-                BIO_puts(out, " (Multicast)");
-                break;
-            case 3:
-                BIO_puts(out, " (Unicast/Multicast)");
-                break;
-            case 4:
-                BIO_puts(out, " (MPLS)");
-                break;
-            case 64:
-                BIO_puts(out, " (Tunnel)");
-                break;
-            case 65:
-                BIO_puts(out, " (VPLS)");
-                break;
-            case 66:
-                BIO_puts(out, " (BGP MDT)");
-                break;
-            case 128:
-                BIO_puts(out, " (MPLS-labeled VPN)");
-                break;
-            default:
-                BIO_printf(out, " (Unknown SAFI %u)",
-                           (unsigned)f->addressFamily->data[2]);
-                break;
-            }
-        }
-        switch (f->ipAddressChoice->type) {
-        case IPAddressChoice_inherit:
-            BIO_puts(out, ": inherit\n");
-            break;
-        case IPAddressChoice_addressesOrRanges:
-            BIO_puts(out, ":\n");
-            if (!i2r_IPAddressOrRanges(out,
-                                       indent + 2,
-                                       f->ipAddressChoice->
-                                       u.addressesOrRanges, afi))
-                return 0;
-            break;
-        }
-    }
-    return 1;
-}
-
-/*
- * Sort comparison function for a sequence of IPAddressOrRange
- * elements.
- *
- * There's no sane answer we can give if addr_expand() fails, and an
- * assertion failure on externally supplied data is seriously uncool,
- * so we just arbitrarily declare that if given invalid inputs this
- * function returns -1.  If this messes up your preferred sort order
- * for garbage input, tough noogies.
- */
-static int IPAddressOrRange_cmp(const IPAddressOrRange *a,
-                                const IPAddressOrRange *b, const int length)
-{
-    unsigned char addr_a[ADDR_RAW_BUF_LEN], addr_b[ADDR_RAW_BUF_LEN];
-    int prefixlen_a = 0, prefixlen_b = 0;
-    int r;
-
-    switch (a->type) {
-    case IPAddressOrRange_addressPrefix:
-        if (!addr_expand(addr_a, a->u.addressPrefix, length, 0x00))
-            return -1;
-        prefixlen_a = addr_prefixlen(a->u.addressPrefix);
-        break;
-    case IPAddressOrRange_addressRange:
-        if (!addr_expand(addr_a, a->u.addressRange->min, length, 0x00))
-            return -1;
-        prefixlen_a = length * 8;
-        break;
-    }
-
-    switch (b->type) {
-    case IPAddressOrRange_addressPrefix:
-        if (!addr_expand(addr_b, b->u.addressPrefix, length, 0x00))
-            return -1;
-        prefixlen_b = addr_prefixlen(b->u.addressPrefix);
-        break;
-    case IPAddressOrRange_addressRange:
-        if (!addr_expand(addr_b, b->u.addressRange->min, length, 0x00))
-            return -1;
-        prefixlen_b = length * 8;
-        break;
-    }
-
-    if ((r = memcmp(addr_a, addr_b, length)) != 0)
-        return r;
-    else
-        return prefixlen_a - prefixlen_b;
-}
-
-/*
- * IPv4-specific closure over IPAddressOrRange_cmp, since sk_sort()
- * comparision routines are only allowed two arguments.
- */
-static int v4IPAddressOrRange_cmp(const IPAddressOrRange *const *a,
-                                  const IPAddressOrRange *const *b)
-{
-    return IPAddressOrRange_cmp(*a, *b, 4);
-}
-
-/*
- * IPv6-specific closure over IPAddressOrRange_cmp, since sk_sort()
- * comparision routines are only allowed two arguments.
- */
-static int v6IPAddressOrRange_cmp(const IPAddressOrRange *const *a,
-                                  const IPAddressOrRange *const *b)
-{
-    return IPAddressOrRange_cmp(*a, *b, 16);
-}
-
-/*
- * Calculate whether a range collapses to a prefix.
- * See last paragraph of RFC 3779 2.2.3.7.
- */
-static int range_should_be_prefix(const unsigned char *min,
-                                  const unsigned char *max, const int length)
-{
-    unsigned char mask;
-    int i, j;
-
-    OPENSSL_assert(memcmp(min, max, length) <= 0);
-    for (i = 0; i < length && min[i] == max[i]; i++) ;
-    for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--) ;
-    if (i < j)
-        return -1;
-    if (i > j)
-        return i * 8;
-    mask = min[i] ^ max[i];
-    switch (mask) {
-    case 0x01:
-        j = 7;
-        break;
-    case 0x03:
-        j = 6;
-        break;
-    case 0x07:
-        j = 5;
-        break;
-    case 0x0F:
-        j = 4;
-        break;
-    case 0x1F:
-        j = 3;
-        break;
-    case 0x3F:
-        j = 2;
-        break;
-    case 0x7F:
-        j = 1;
-        break;
-    default:
-        return -1;
-    }
-    if ((min[i] & mask) != 0 || (max[i] & mask) != mask)
-        return -1;
-    else
-        return i * 8 + j;
-}
-
-/*
- * Construct a prefix.
- */
-static int make_addressPrefix(IPAddressOrRange **result,
-                              unsigned char *addr, const int prefixlen)
-{
-    int bytelen = (prefixlen + 7) / 8, bitlen = prefixlen % 8;
-    IPAddressOrRange *aor = IPAddressOrRange_new();
-
-    if (aor == NULL)
-        return 0;
-    aor->type = IPAddressOrRange_addressPrefix;
-    if (aor->u.addressPrefix == NULL &&
-        (aor->u.addressPrefix = ASN1_BIT_STRING_new()) == NULL)
-        goto err;
-    if (!ASN1_BIT_STRING_set(aor->u.addressPrefix, addr, bytelen))
-        goto err;
-    aor->u.addressPrefix->flags &= ~7;
-    aor->u.addressPrefix->flags |= ASN1_STRING_FLAG_BITS_LEFT;
-    if (bitlen > 0) {
-        aor->u.addressPrefix->data[bytelen - 1] &= ~(0xFF >> bitlen);
-        aor->u.addressPrefix->flags |= 8 - bitlen;
-    }
-
-    *result = aor;
-    return 1;
-
- err:
-    IPAddressOrRange_free(aor);
-    return 0;
-}
-
-/*
- * Construct a range.  If it can be expressed as a prefix,
- * return a prefix instead.  Doing this here simplifies
- * the rest of the code considerably.
- */
-static int make_addressRange(IPAddressOrRange **result,
-                             unsigned char *min,
-                             unsigned char *max, const int length)
-{
-    IPAddressOrRange *aor;
-    int i, prefixlen;
-
-    if ((prefixlen = range_should_be_prefix(min, max, length)) >= 0)
-        return make_addressPrefix(result, min, prefixlen);
-
-    if ((aor = IPAddressOrRange_new()) == NULL)
-        return 0;
-    aor->type = IPAddressOrRange_addressRange;
-    OPENSSL_assert(aor->u.addressRange == NULL);
-    if ((aor->u.addressRange = IPAddressRange_new()) == NULL)
-        goto err;
-    if (aor->u.addressRange->min == NULL &&
-        (aor->u.addressRange->min = ASN1_BIT_STRING_new()) == NULL)
-        goto err;
-    if (aor->u.addressRange->max == NULL &&
-        (aor->u.addressRange->max = ASN1_BIT_STRING_new()) == NULL)
-        goto err;
-
-    for (i = length; i > 0 && min[i - 1] == 0x00; --i) ;
-    if (!ASN1_BIT_STRING_set(aor->u.addressRange->min, min, i))
-        goto err;
-    aor->u.addressRange->min->flags &= ~7;
-    aor->u.addressRange->min->flags |= ASN1_STRING_FLAG_BITS_LEFT;
-    if (i > 0) {
-        unsigned char b = min[i - 1];
-        int j = 1;
-        while ((b & (0xFFU >> j)) != 0)
-            ++j;
-        aor->u.addressRange->min->flags |= 8 - j;
-    }
-
-    for (i = length; i > 0 && max[i - 1] == 0xFF; --i) ;
-    if (!ASN1_BIT_STRING_set(aor->u.addressRange->max, max, i))
-        goto err;
-    aor->u.addressRange->max->flags &= ~7;
-    aor->u.addressRange->max->flags |= ASN1_STRING_FLAG_BITS_LEFT;
-    if (i > 0) {
-        unsigned char b = max[i - 1];
-        int j = 1;
-        while ((b & (0xFFU >> j)) != (0xFFU >> j))
-            ++j;
-        aor->u.addressRange->max->flags |= 8 - j;
-    }
-
-    *result = aor;
-    return 1;
-
- err:
-    IPAddressOrRange_free(aor);
-    return 0;
-}
-
-/*
- * Construct a new address family or find an existing one.
- */
-static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr,
-                                             const unsigned afi,
-                                             const unsigned *safi)
-{
-    IPAddressFamily *f;
-    unsigned char key[3];
-    unsigned keylen;
-    int i;
-
-    key[0] = (afi >> 8) & 0xFF;
-    key[1] = afi & 0xFF;
-    if (safi != NULL) {
-        key[2] = *safi & 0xFF;
-        keylen = 3;
-    } else {
-        keylen = 2;
-    }
-
-    for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
-        f = sk_IPAddressFamily_value(addr, i);
-        OPENSSL_assert(f->addressFamily->data != NULL);
-        if (f->addressFamily->length == keylen &&
-            !memcmp(f->addressFamily->data, key, keylen))
-            return f;
-    }
-
-    if ((f = IPAddressFamily_new()) == NULL)
-        goto err;
-    if (f->ipAddressChoice == NULL &&
-        (f->ipAddressChoice = IPAddressChoice_new()) == NULL)
-        goto err;
-    if (f->addressFamily == NULL &&
-        (f->addressFamily = ASN1_OCTET_STRING_new()) == NULL)
-        goto err;
-    if (!ASN1_OCTET_STRING_set(f->addressFamily, key, keylen))
-        goto err;
-    if (!sk_IPAddressFamily_push(addr, f))
-        goto err;
-
-    return f;
-
- err:
-    IPAddressFamily_free(f);
-    return NULL;
-}
-
-/*
- * Add an inheritance element.
- */
-int v3_addr_add_inherit(IPAddrBlocks *addr,
-                        const unsigned afi, const unsigned *safi)
-{
-    IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);
-    if (f == NULL ||
-        f->ipAddressChoice == NULL ||
-        (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&
-         f->ipAddressChoice->u.addressesOrRanges != NULL))
-        return 0;
-    if (f->ipAddressChoice->type == IPAddressChoice_inherit &&
-        f->ipAddressChoice->u.inherit != NULL)
-        return 1;
-    if (f->ipAddressChoice->u.inherit == NULL &&
-        (f->ipAddressChoice->u.inherit = ASN1_NULL_new()) == NULL)
-        return 0;
-    f->ipAddressChoice->type = IPAddressChoice_inherit;
-    return 1;
-}
-
-/*
- * Construct an IPAddressOrRange sequence, or return an existing one.
- */
-static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr,
-                                               const unsigned afi,
-                                               const unsigned *safi)
-{
-    IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);
-    IPAddressOrRanges *aors = NULL;
-
-    if (f == NULL ||
-        f->ipAddressChoice == NULL ||
-        (f->ipAddressChoice->type == IPAddressChoice_inherit &&
-         f->ipAddressChoice->u.inherit != NULL))
-        return NULL;
-    if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges)
-        aors = f->ipAddressChoice->u.addressesOrRanges;
-    if (aors != NULL)
-        return aors;
-    if ((aors = sk_IPAddressOrRange_new_null()) == NULL)
-        return NULL;
-    switch (afi) {
-    case IANA_AFI_IPV4:
-        (void)sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp);
-        break;
-    case IANA_AFI_IPV6:
-        (void)sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp);
-        break;
-    }
-    f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges;
-    f->ipAddressChoice->u.addressesOrRanges = aors;
-    return aors;
-}
-
-/*
- * Add a prefix.
- */
-int v3_addr_add_prefix(IPAddrBlocks *addr,
-                       const unsigned afi,
-                       const unsigned *safi,
-                       unsigned char *a, const int prefixlen)
-{
-    IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
-    IPAddressOrRange *aor;
-    if (aors == NULL || !make_addressPrefix(&aor, a, prefixlen))
-        return 0;
-    if (sk_IPAddressOrRange_push(aors, aor))
-        return 1;
-    IPAddressOrRange_free(aor);
-    return 0;
-}
-
-/*
- * Add a range.
- */
-int v3_addr_add_range(IPAddrBlocks *addr,
-                      const unsigned afi,
-                      const unsigned *safi,
-                      unsigned char *min, unsigned char *max)
-{
-    IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
-    IPAddressOrRange *aor;
-    int length = length_from_afi(afi);
-    if (aors == NULL)
-        return 0;
-    if (!make_addressRange(&aor, min, max, length))
-        return 0;
-    if (sk_IPAddressOrRange_push(aors, aor))
-        return 1;
-    IPAddressOrRange_free(aor);
-    return 0;
-}
-
-/*
- * Extract min and max values from an IPAddressOrRange.
- */
-static int extract_min_max(IPAddressOrRange *aor,
-                           unsigned char *min, unsigned char *max, int length)
-{
-    if (aor == NULL || min == NULL || max == NULL)
-        return 0;
-    switch (aor->type) {
-    case IPAddressOrRange_addressPrefix:
-        return (addr_expand(min, aor->u.addressPrefix, length, 0x00) &&
-                addr_expand(max, aor->u.addressPrefix, length, 0xFF));
-    case IPAddressOrRange_addressRange:
-        return (addr_expand(min, aor->u.addressRange->min, length, 0x00) &&
-                addr_expand(max, aor->u.addressRange->max, length, 0xFF));
-    }
-    return 0;
-}
-
-/*
- * Public wrapper for extract_min_max().
- */
-int v3_addr_get_range(IPAddressOrRange *aor,
-                      const unsigned afi,
-                      unsigned char *min,
-                      unsigned char *max, const int length)
-{
-    int afi_length = length_from_afi(afi);
-    if (aor == NULL || min == NULL || max == NULL ||
-        afi_length == 0 || length < afi_length ||
-        (aor->type != IPAddressOrRange_addressPrefix &&
-         aor->type != IPAddressOrRange_addressRange) ||
-        !extract_min_max(aor, min, max, afi_length))
-        return 0;
-
-    return afi_length;
-}
-
-/*
- * Sort comparision function for a sequence of IPAddressFamily.
- *
- * The last paragraph of RFC 3779 2.2.3.3 is slightly ambiguous about
- * the ordering: I can read it as meaning that IPv6 without a SAFI
- * comes before IPv4 with a SAFI, which seems pretty weird.  The
- * examples in appendix B suggest that the author intended the
- * null-SAFI rule to apply only within a single AFI, which is what I
- * would have expected and is what the following code implements.
- */
-static int IPAddressFamily_cmp(const IPAddressFamily *const *a_,
-                               const IPAddressFamily *const *b_)
-{
-    const ASN1_OCTET_STRING *a = (*a_)->addressFamily;
-    const ASN1_OCTET_STRING *b = (*b_)->addressFamily;
-    int len = ((a->length <= b->length) ? a->length : b->length);
-    int cmp = memcmp(a->data, b->data, len);
-    return cmp ? cmp : a->length - b->length;
-}
-
-/*
- * Check whether an IPAddrBLocks is in canonical form.
- */
-int v3_addr_is_canonical(IPAddrBlocks *addr)
-{
-    unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
-    unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];
-    IPAddressOrRanges *aors;
-    int i, j, k;
-
-    /*
-     * Empty extension is cannonical.
-     */
-    if (addr == NULL)
-        return 1;
-
-    /*
-     * Check whether the top-level list is in order.
-     */
-    for (i = 0; i < sk_IPAddressFamily_num(addr) - 1; i++) {
-        const IPAddressFamily *a = sk_IPAddressFamily_value(addr, i);
-        const IPAddressFamily *b = sk_IPAddressFamily_value(addr, i + 1);
-        if (IPAddressFamily_cmp(&a, &b) >= 0)
-            return 0;
-    }
-
-    /*
-     * Top level's ok, now check each address family.
-     */
-    for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
-        IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
-        int length = length_from_afi(v3_addr_get_afi(f));
-
-        /*
-         * Inheritance is canonical.  Anything other than inheritance or
-         * a SEQUENCE OF IPAddressOrRange is an ASN.1 error or something.
-         */
-        if (f == NULL || f->ipAddressChoice == NULL)
-            return 0;
-        switch (f->ipAddressChoice->type) {
-        case IPAddressChoice_inherit:
-            continue;
-        case IPAddressChoice_addressesOrRanges:
-            break;
-        default:
-            return 0;
-        }
-
-        /*
-         * It's an IPAddressOrRanges sequence, check it.
-         */
-        aors = f->ipAddressChoice->u.addressesOrRanges;
-        if (sk_IPAddressOrRange_num(aors) == 0)
-            return 0;
-        for (j = 0; j < sk_IPAddressOrRange_num(aors) - 1; j++) {
-            IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
-            IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, j + 1);
-
-            if (!extract_min_max(a, a_min, a_max, length) ||
-                !extract_min_max(b, b_min, b_max, length))
-                return 0;
-
-            /*
-             * Punt misordered list, overlapping start, or inverted range.
-             */
-            if (memcmp(a_min, b_min, length) >= 0 ||
-                memcmp(a_min, a_max, length) > 0 ||
-                memcmp(b_min, b_max, length) > 0)
-                return 0;
-
-            /*
-             * Punt if adjacent or overlapping.  Check for adjacency by
-             * subtracting one from b_min first.
-             */
-            for (k = length - 1; k >= 0 && b_min[k]-- == 0x00; k--) ;
-            if (memcmp(a_max, b_min, length) >= 0)
-                return 0;
-
-            /*
-             * Check for range that should be expressed as a prefix.
-             */
-            if (a->type == IPAddressOrRange_addressRange &&
-                range_should_be_prefix(a_min, a_max, length) >= 0)
-                return 0;
-        }
-
-        /*
-         * Check range to see if it's inverted or should be a
-         * prefix.
-         */
-        j = sk_IPAddressOrRange_num(aors) - 1;
-        {
-            IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
-            if (a != NULL && a->type == IPAddressOrRange_addressRange) {
-                if (!extract_min_max(a, a_min, a_max, length))
-                    return 0;
-                if (memcmp(a_min, a_max, length) > 0 ||
-                    range_should_be_prefix(a_min, a_max, length) >= 0)
-                    return 0;
-            }
-        }
-    }
-
-    /*
-     * If we made it through all that, we're happy.
-     */
-    return 1;
-}
-
-/*
- * Whack an IPAddressOrRanges into canonical form.
- */
-static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,
-                                      const unsigned afi)
-{
-    int i, j, length = length_from_afi(afi);
-
-    /*
-     * Sort the IPAddressOrRanges sequence.
-     */
-    sk_IPAddressOrRange_sort(aors);
-
-    /*
-     * Clean up representation issues, punt on duplicates or overlaps.
-     */
-    for (i = 0; i < sk_IPAddressOrRange_num(aors) - 1; i++) {
-        IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, i);
-        IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, i + 1);
-        unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
-        unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];
-
-        if (!extract_min_max(a, a_min, a_max, length) ||
-            !extract_min_max(b, b_min, b_max, length))
-            return 0;
-
-        /*
-         * Punt inverted ranges.
-         */
-        if (memcmp(a_min, a_max, length) > 0 ||
-            memcmp(b_min, b_max, length) > 0)
-            return 0;
-
-        /*
-         * Punt overlaps.
-         */
-        if (memcmp(a_max, b_min, length) >= 0)
-            return 0;
-
-        /*
-         * Merge if a and b are adjacent.  We check for
-         * adjacency by subtracting one from b_min first.
-         */
-        for (j = length - 1; j >= 0 && b_min[j]-- == 0x00; j--) ;
-        if (memcmp(a_max, b_min, length) == 0) {
-            IPAddressOrRange *merged;
-            if (!make_addressRange(&merged, a_min, b_max, length))
-                return 0;
-            (void)sk_IPAddressOrRange_set(aors, i, merged);
-            (void)sk_IPAddressOrRange_delete(aors, i + 1);
-            IPAddressOrRange_free(a);
-            IPAddressOrRange_free(b);
-            --i;
-            continue;
-        }
-    }
-
-    /*
-     * Check for inverted final range.
-     */
-    j = sk_IPAddressOrRange_num(aors) - 1;
-    {
-        IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
-        if (a != NULL && a->type == IPAddressOrRange_addressRange) {
-            unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
-            extract_min_max(a, a_min, a_max, length);
-            if (memcmp(a_min, a_max, length) > 0)
-                return 0;
-        }
-    }
-
-    return 1;
-}
-
-/*
- * Whack an IPAddrBlocks extension into canonical form.
- */
-int v3_addr_canonize(IPAddrBlocks *addr)
-{
-    int i;
-    for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
-        IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
-        if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&
-            !IPAddressOrRanges_canonize(f->ipAddressChoice->
-                                        u.addressesOrRanges,
-                                        v3_addr_get_afi(f)))
-            return 0;
-    }
-    (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp);
-    sk_IPAddressFamily_sort(addr);
-    OPENSSL_assert(v3_addr_is_canonical(addr));
-    return 1;
-}
-
-/*
- * v2i handler for the IPAddrBlocks extension.
- */
-static void *v2i_IPAddrBlocks(const struct v3_ext_method *method,
-                              struct v3_ext_ctx *ctx,
-                              STACK_OF(CONF_VALUE) *values)
-{
-    static const char v4addr_chars[] = "0123456789.";
-    static const char v6addr_chars[] = "0123456789.:abcdefABCDEF";
-    IPAddrBlocks *addr = NULL;
-    char *s = NULL, *t;
-    int i;
-
-    if ((addr = sk_IPAddressFamily_new(IPAddressFamily_cmp)) == NULL) {
-        X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
-        return NULL;
-    }
-
-    for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
-        CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
-        unsigned char min[ADDR_RAW_BUF_LEN], max[ADDR_RAW_BUF_LEN];
-        unsigned afi, *safi = NULL, safi_;
-        const char *addr_chars;
-        int prefixlen, i1, i2, delim, length;
-
-        if (!name_cmp(val->name, "IPv4")) {
-            afi = IANA_AFI_IPV4;
-        } else if (!name_cmp(val->name, "IPv6")) {
-            afi = IANA_AFI_IPV6;
-        } else if (!name_cmp(val->name, "IPv4-SAFI")) {
-            afi = IANA_AFI_IPV4;
-            safi = &safi_;
-        } else if (!name_cmp(val->name, "IPv6-SAFI")) {
-            afi = IANA_AFI_IPV6;
-            safi = &safi_;
-        } else {
-            X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
-                      X509V3_R_EXTENSION_NAME_ERROR);
-            X509V3_conf_err(val);
-            goto err;
-        }
-
-        switch (afi) {
-        case IANA_AFI_IPV4:
-            addr_chars = v4addr_chars;
-            break;
-        case IANA_AFI_IPV6:
-            addr_chars = v6addr_chars;
-            break;
-        }
-
-        length = length_from_afi(afi);
-
-        /*
-         * Handle SAFI, if any, and BUF_strdup() so we can null-terminate
-         * the other input values.
-         */
-        if (safi != NULL) {
-            *safi = strtoul(val->value, &t, 0);
-            t += strspn(t, " \t");
-            if (*safi > 0xFF || *t++ != ':') {
-                X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_SAFI);
-                X509V3_conf_err(val);
-                goto err;
-            }
-            t += strspn(t, " \t");
-            s = BUF_strdup(t);
-        } else {
-            s = BUF_strdup(val->value);
-        }
-        if (s == NULL) {
-            X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-
-        /*
-         * Check for inheritance.  Not worth additional complexity to
-         * optimize this (seldom-used) case.
-         */
-        if (!strcmp(s, "inherit")) {
-            if (!v3_addr_add_inherit(addr, afi, safi)) {
-                X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
-                          X509V3_R_INVALID_INHERITANCE);
-                X509V3_conf_err(val);
-                goto err;
-            }
-            OPENSSL_free(s);
-            s = NULL;
-            continue;
-        }
-
-        i1 = strspn(s, addr_chars);
-        i2 = i1 + strspn(s + i1, " \t");
-        delim = s[i2++];
-        s[i1] = '\0';
-
-        if (a2i_ipadd(min, s) != length) {
-            X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_IPADDRESS);
-            X509V3_conf_err(val);
-            goto err;
-        }
-
-        switch (delim) {
-        case '/':
-            prefixlen = (int)strtoul(s + i2, &t, 10);
-            if (t == s + i2 || *t != '\0') {
-                X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
-                          X509V3_R_EXTENSION_VALUE_ERROR);
-                X509V3_conf_err(val);
-                goto err;
-            }
-            if (!v3_addr_add_prefix(addr, afi, safi, min, prefixlen)) {
-                X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
-                goto err;
-            }
-            break;
-        case '-':
-            i1 = i2 + strspn(s + i2, " \t");
-            i2 = i1 + strspn(s + i1, addr_chars);
-            if (i1 == i2 || s[i2] != '\0') {
-                X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
-                          X509V3_R_EXTENSION_VALUE_ERROR);
-                X509V3_conf_err(val);
-                goto err;
-            }
-            if (a2i_ipadd(max, s + i1) != length) {
-                X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
-                          X509V3_R_INVALID_IPADDRESS);
-                X509V3_conf_err(val);
-                goto err;
-            }
-            if (memcmp(min, max, length_from_afi(afi)) > 0) {
-                X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
-                          X509V3_R_EXTENSION_VALUE_ERROR);
-                X509V3_conf_err(val);
-                goto err;
-            }
-            if (!v3_addr_add_range(addr, afi, safi, min, max)) {
-                X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
-                goto err;
-            }
-            break;
-        case '\0':
-            if (!v3_addr_add_prefix(addr, afi, safi, min, length * 8)) {
-                X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
-                goto err;
-            }
-            break;
-        default:
-            X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
-                      X509V3_R_EXTENSION_VALUE_ERROR);
-            X509V3_conf_err(val);
-            goto err;
-        }
-
-        OPENSSL_free(s);
-        s = NULL;
-    }
-
-    /*
-     * Canonize the result, then we're done.
-     */
-    if (!v3_addr_canonize(addr))
-        goto err;
-    return addr;
-
- err:
-    OPENSSL_free(s);
-    sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free);
-    return NULL;
-}
-
-/*
- * OpenSSL dispatch
- */
-const X509V3_EXT_METHOD v3_addr = {
-    NID_sbgp_ipAddrBlock,       /* nid */
-    0,                          /* flags */
-    ASN1_ITEM_ref(IPAddrBlocks), /* template */
-    0, 0, 0, 0,                 /* old functions, ignored */
-    0,                          /* i2s */
-    0,                          /* s2i */
-    0,                          /* i2v */
-    v2i_IPAddrBlocks,           /* v2i */
-    i2r_IPAddrBlocks,           /* i2r */
-    0,                          /* r2i */
-    NULL                        /* extension-specific data */
-};
-
-/*
- * Figure out whether extension sues inheritance.
- */
-int v3_addr_inherits(IPAddrBlocks *addr)
-{
-    int i;
-    if (addr == NULL)
-        return 0;
-    for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
-        IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
-        if (f->ipAddressChoice->type == IPAddressChoice_inherit)
-            return 1;
-    }
-    return 0;
-}
-
-/*
- * Figure out whether parent contains child.
- */
-static int addr_contains(IPAddressOrRanges *parent,
-                         IPAddressOrRanges *child, int length)
-{
-    unsigned char p_min[ADDR_RAW_BUF_LEN], p_max[ADDR_RAW_BUF_LEN];
-    unsigned char c_min[ADDR_RAW_BUF_LEN], c_max[ADDR_RAW_BUF_LEN];
-    int p, c;
-
-    if (child == NULL || parent == child)
-        return 1;
-    if (parent == NULL)
-        return 0;
-
-    p = 0;
-    for (c = 0; c < sk_IPAddressOrRange_num(child); c++) {
-        if (!extract_min_max(sk_IPAddressOrRange_value(child, c),
-                             c_min, c_max, length))
-            return -1;
-        for (;; p++) {
-            if (p >= sk_IPAddressOrRange_num(parent))
-                return 0;
-            if (!extract_min_max(sk_IPAddressOrRange_value(parent, p),
-                                 p_min, p_max, length))
-                return 0;
-            if (memcmp(p_max, c_max, length) < 0)
-                continue;
-            if (memcmp(p_min, c_min, length) > 0)
-                return 0;
-            break;
-        }
-    }
-
-    return 1;
-}
-
-/*
- * Test whether a is a subset of b.
- */
-int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
-{
-    int i;
-    if (a == NULL || a == b)
-        return 1;
-    if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b))
-        return 0;
-    (void)sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp);
-    for (i = 0; i < sk_IPAddressFamily_num(a); i++) {
-        IPAddressFamily *fa = sk_IPAddressFamily_value(a, i);
-        int j = sk_IPAddressFamily_find(b, fa);
-        IPAddressFamily *fb;
-        fb = sk_IPAddressFamily_value(b, j);
-        if (fb == NULL)
-            return 0;
-        if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges,
-                           fa->ipAddressChoice->u.addressesOrRanges,
-                           length_from_afi(v3_addr_get_afi(fb))))
-            return 0;
-    }
-    return 1;
-}
-
-/*
- * Validation error handling via callback.
- */
-# define validation_err(_err_)           \
-  do {                                  \
-    if (ctx != NULL) {                  \
-      ctx->error = _err_;               \
-      ctx->error_depth = i;             \
-      ctx->current_cert = x;            \
-      ret = ctx->verify_cb(0, ctx);     \
-    } else {                            \
-      ret = 0;                          \
-    }                                   \
-    if (!ret)                           \
-      goto done;                        \
-  } while (0)
-
-/*
- * Core code for RFC 3779 2.3 path validation.
- */
-static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
-                                          STACK_OF(X509) *chain,
-                                          IPAddrBlocks *ext)
-{
-    IPAddrBlocks *child = NULL;
-    int i, j, ret = 1;
-    X509 *x;
-
-    OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
-    OPENSSL_assert(ctx != NULL || ext != NULL);
-    OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
-
-    /*
-     * Figure out where to start.  If we don't have an extension to
-     * check, we're done.  Otherwise, check canonical form and
-     * set up for walking up the chain.
-     */
-    if (ext != NULL) {
-        i = -1;
-        x = NULL;
-    } else {
-        i = 0;
-        x = sk_X509_value(chain, i);
-        OPENSSL_assert(x != NULL);
-        if ((ext = x->rfc3779_addr) == NULL)
-            goto done;
-    }
-    if (!v3_addr_is_canonical(ext))
-        validation_err(X509_V_ERR_INVALID_EXTENSION);
-    (void)sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp);
-    if ((child = sk_IPAddressFamily_dup(ext)) == NULL) {
-        X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL,
-                  ERR_R_MALLOC_FAILURE);
-        ret = 0;
-        goto done;
-    }
-
-    /*
-     * Now walk up the chain.  No cert may list resources that its
-     * parent doesn't list.
-     */
-    for (i++; i < sk_X509_num(chain); i++) {
-        x = sk_X509_value(chain, i);
-        OPENSSL_assert(x != NULL);
-        if (!v3_addr_is_canonical(x->rfc3779_addr))
-            validation_err(X509_V_ERR_INVALID_EXTENSION);
-        if (x->rfc3779_addr == NULL) {
-            for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
-                IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
-                if (fc->ipAddressChoice->type != IPAddressChoice_inherit) {
-                    validation_err(X509_V_ERR_UNNESTED_RESOURCE);
-                    break;
-                }
-            }
-            continue;
-        }
-        (void)sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr,
-                                              IPAddressFamily_cmp);
-        for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
-            IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
-            int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc);
-            IPAddressFamily *fp =
-                sk_IPAddressFamily_value(x->rfc3779_addr, k);
-            if (fp == NULL) {
-                if (fc->ipAddressChoice->type ==
-                    IPAddressChoice_addressesOrRanges) {
-                    validation_err(X509_V_ERR_UNNESTED_RESOURCE);
-                    break;
-                }
-                continue;
-            }
-            if (fp->ipAddressChoice->type ==
-                IPAddressChoice_addressesOrRanges) {
-                if (fc->ipAddressChoice->type == IPAddressChoice_inherit
-                    || addr_contains(fp->ipAddressChoice->u.addressesOrRanges,
-                                     fc->ipAddressChoice->u.addressesOrRanges,
-                                     length_from_afi(v3_addr_get_afi(fc))))
-                    sk_IPAddressFamily_set(child, j, fp);
-                else
-                    validation_err(X509_V_ERR_UNNESTED_RESOURCE);
-            }
-        }
-    }
-
-    /*
-     * Trust anchor can't inherit.
-     */
-    OPENSSL_assert(x != NULL);
-    if (x->rfc3779_addr != NULL) {
-        for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) {
-            IPAddressFamily *fp =
-                sk_IPAddressFamily_value(x->rfc3779_addr, j);
-            if (fp->ipAddressChoice->type == IPAddressChoice_inherit
-                && sk_IPAddressFamily_find(child, fp) >= 0)
-                validation_err(X509_V_ERR_UNNESTED_RESOURCE);
-        }
-    }
-
- done:
-    sk_IPAddressFamily_free(child);
-    return ret;
-}
-
-# undef validation_err
-
-/*
- * RFC 3779 2.3 path validation -- called from X509_verify_cert().
- */
-int v3_addr_validate_path(X509_STORE_CTX *ctx)
-{
-    return v3_addr_validate_path_internal(ctx, ctx->chain, NULL);
-}
-
-/*
- * RFC 3779 2.3 path validation of an extension.
- * Test whether chain covers extension.
- */
-int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
-                                  IPAddrBlocks *ext, int allow_inheritance)
-{
-    if (ext == NULL)
-        return 1;
-    if (chain == NULL || sk_X509_num(chain) == 0)
-        return 0;
-    if (!allow_inheritance && v3_addr_inherits(ext))
-        return 0;
-    return v3_addr_validate_path_internal(NULL, chain, ext);
-}
-
-#endif                          /* OPENSSL_NO_RFC3779 */

Copied: vendor-crypto/openssl/1.0.1u/crypto/x509v3/v3_addr.c (from rev 11605, vendor-crypto/openssl/dist/crypto/x509v3/v3_addr.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/x509v3/v3_addr.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/x509v3/v3_addr.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,1350 @@
+/*
+ * Contributed to the OpenSSL Project by the American Registry for
+ * Internet Numbers ("ARIN").
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ */
+
+/*
+ * Implementation of RFC 3779 section 2.2.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/buffer.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_NO_RFC3779
+
+/*
+ * OpenSSL ASN.1 template translation of RFC 3779 2.2.3.
+ */
+
+ASN1_SEQUENCE(IPAddressRange) = {
+  ASN1_SIMPLE(IPAddressRange, min, ASN1_BIT_STRING),
+  ASN1_SIMPLE(IPAddressRange, max, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END(IPAddressRange)
+
+ASN1_CHOICE(IPAddressOrRange) = {
+  ASN1_SIMPLE(IPAddressOrRange, u.addressPrefix, ASN1_BIT_STRING),
+  ASN1_SIMPLE(IPAddressOrRange, u.addressRange,  IPAddressRange)
+} ASN1_CHOICE_END(IPAddressOrRange)
+
+ASN1_CHOICE(IPAddressChoice) = {
+  ASN1_SIMPLE(IPAddressChoice,      u.inherit,           ASN1_NULL),
+  ASN1_SEQUENCE_OF(IPAddressChoice, u.addressesOrRanges, IPAddressOrRange)
+} ASN1_CHOICE_END(IPAddressChoice)
+
+ASN1_SEQUENCE(IPAddressFamily) = {
+  ASN1_SIMPLE(IPAddressFamily, addressFamily,   ASN1_OCTET_STRING),
+  ASN1_SIMPLE(IPAddressFamily, ipAddressChoice, IPAddressChoice)
+} ASN1_SEQUENCE_END(IPAddressFamily)
+
+ASN1_ITEM_TEMPLATE(IPAddrBlocks) =
+  ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
+                        IPAddrBlocks, IPAddressFamily)
+ASN1_ITEM_TEMPLATE_END(IPAddrBlocks)
+
+IMPLEMENT_ASN1_FUNCTIONS(IPAddressRange)
+IMPLEMENT_ASN1_FUNCTIONS(IPAddressOrRange)
+IMPLEMENT_ASN1_FUNCTIONS(IPAddressChoice)
+IMPLEMENT_ASN1_FUNCTIONS(IPAddressFamily)
+
+/*
+ * How much buffer space do we need for a raw address?
+ */
+# define ADDR_RAW_BUF_LEN        16
+
+/*
+ * What's the address length associated with this AFI?
+ */
+static int length_from_afi(const unsigned afi)
+{
+    switch (afi) {
+    case IANA_AFI_IPV4:
+        return 4;
+    case IANA_AFI_IPV6:
+        return 16;
+    default:
+        return 0;
+    }
+}
+
+/*
+ * Extract the AFI from an IPAddressFamily.
+ */
+unsigned int v3_addr_get_afi(const IPAddressFamily *f)
+{
+    return ((f != NULL &&
+             f->addressFamily != NULL && f->addressFamily->data != NULL)
+            ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1]))
+            : 0);
+}
+
+/*
+ * Expand the bitstring form of an address into a raw byte array.
+ * At the moment this is coded for simplicity, not speed.
+ */
+static int addr_expand(unsigned char *addr,
+                       const ASN1_BIT_STRING *bs,
+                       const int length, const unsigned char fill)
+{
+    if (bs->length < 0 || bs->length > length)
+        return 0;
+    if (bs->length > 0) {
+        memcpy(addr, bs->data, bs->length);
+        if ((bs->flags & 7) != 0) {
+            unsigned char mask = 0xFF >> (8 - (bs->flags & 7));
+            if (fill == 0)
+                addr[bs->length - 1] &= ~mask;
+            else
+                addr[bs->length - 1] |= mask;
+        }
+    }
+    memset(addr + bs->length, fill, length - bs->length);
+    return 1;
+}
+
+/*
+ * Extract the prefix length from a bitstring.
+ */
+# define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7)))
+
+/*
+ * i2r handler for one address bitstring.
+ */
+static int i2r_address(BIO *out,
+                       const unsigned afi,
+                       const unsigned char fill, const ASN1_BIT_STRING *bs)
+{
+    unsigned char addr[ADDR_RAW_BUF_LEN];
+    int i, n;
+
+    if (bs->length < 0)
+        return 0;
+    switch (afi) {
+    case IANA_AFI_IPV4:
+        if (!addr_expand(addr, bs, 4, fill))
+            return 0;
+        BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
+        break;
+    case IANA_AFI_IPV6:
+        if (!addr_expand(addr, bs, 16, fill))
+            return 0;
+        for (n = 16; n > 1 && addr[n - 1] == 0x00 && addr[n - 2] == 0x00;
+             n -= 2) ;
+        for (i = 0; i < n; i += 2)
+            BIO_printf(out, "%x%s", (addr[i] << 8) | addr[i + 1],
+                       (i < 14 ? ":" : ""));
+        if (i < 16)
+            BIO_puts(out, ":");
+        if (i == 0)
+            BIO_puts(out, ":");
+        break;
+    default:
+        for (i = 0; i < bs->length; i++)
+            BIO_printf(out, "%s%02x", (i > 0 ? ":" : ""), bs->data[i]);
+        BIO_printf(out, "[%d]", (int)(bs->flags & 7));
+        break;
+    }
+    return 1;
+}
+
+/*
+ * i2r handler for a sequence of addresses and ranges.
+ */
+static int i2r_IPAddressOrRanges(BIO *out,
+                                 const int indent,
+                                 const IPAddressOrRanges *aors,
+                                 const unsigned afi)
+{
+    int i;
+    for (i = 0; i < sk_IPAddressOrRange_num(aors); i++) {
+        const IPAddressOrRange *aor = sk_IPAddressOrRange_value(aors, i);
+        BIO_printf(out, "%*s", indent, "");
+        switch (aor->type) {
+        case IPAddressOrRange_addressPrefix:
+            if (!i2r_address(out, afi, 0x00, aor->u.addressPrefix))
+                return 0;
+            BIO_printf(out, "/%d\n", addr_prefixlen(aor->u.addressPrefix));
+            continue;
+        case IPAddressOrRange_addressRange:
+            if (!i2r_address(out, afi, 0x00, aor->u.addressRange->min))
+                return 0;
+            BIO_puts(out, "-");
+            if (!i2r_address(out, afi, 0xFF, aor->u.addressRange->max))
+                return 0;
+            BIO_puts(out, "\n");
+            continue;
+        }
+    }
+    return 1;
+}
+
+/*
+ * i2r handler for an IPAddrBlocks extension.
+ */
+static int i2r_IPAddrBlocks(const X509V3_EXT_METHOD *method,
+                            void *ext, BIO *out, int indent)
+{
+    const IPAddrBlocks *addr = ext;
+    int i;
+    for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+        IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
+        const unsigned int afi = v3_addr_get_afi(f);
+        switch (afi) {
+        case IANA_AFI_IPV4:
+            BIO_printf(out, "%*sIPv4", indent, "");
+            break;
+        case IANA_AFI_IPV6:
+            BIO_printf(out, "%*sIPv6", indent, "");
+            break;
+        default:
+            BIO_printf(out, "%*sUnknown AFI %u", indent, "", afi);
+            break;
+        }
+        if (f->addressFamily->length > 2) {
+            switch (f->addressFamily->data[2]) {
+            case 1:
+                BIO_puts(out, " (Unicast)");
+                break;
+            case 2:
+                BIO_puts(out, " (Multicast)");
+                break;
+            case 3:
+                BIO_puts(out, " (Unicast/Multicast)");
+                break;
+            case 4:
+                BIO_puts(out, " (MPLS)");
+                break;
+            case 64:
+                BIO_puts(out, " (Tunnel)");
+                break;
+            case 65:
+                BIO_puts(out, " (VPLS)");
+                break;
+            case 66:
+                BIO_puts(out, " (BGP MDT)");
+                break;
+            case 128:
+                BIO_puts(out, " (MPLS-labeled VPN)");
+                break;
+            default:
+                BIO_printf(out, " (Unknown SAFI %u)",
+                           (unsigned)f->addressFamily->data[2]);
+                break;
+            }
+        }
+        switch (f->ipAddressChoice->type) {
+        case IPAddressChoice_inherit:
+            BIO_puts(out, ": inherit\n");
+            break;
+        case IPAddressChoice_addressesOrRanges:
+            BIO_puts(out, ":\n");
+            if (!i2r_IPAddressOrRanges(out,
+                                       indent + 2,
+                                       f->ipAddressChoice->
+                                       u.addressesOrRanges, afi))
+                return 0;
+            break;
+        }
+    }
+    return 1;
+}
+
+/*
+ * Sort comparison function for a sequence of IPAddressOrRange
+ * elements.
+ *
+ * There's no sane answer we can give if addr_expand() fails, and an
+ * assertion failure on externally supplied data is seriously uncool,
+ * so we just arbitrarily declare that if given invalid inputs this
+ * function returns -1.  If this messes up your preferred sort order
+ * for garbage input, tough noogies.
+ */
+static int IPAddressOrRange_cmp(const IPAddressOrRange *a,
+                                const IPAddressOrRange *b, const int length)
+{
+    unsigned char addr_a[ADDR_RAW_BUF_LEN], addr_b[ADDR_RAW_BUF_LEN];
+    int prefixlen_a = 0, prefixlen_b = 0;
+    int r;
+
+    switch (a->type) {
+    case IPAddressOrRange_addressPrefix:
+        if (!addr_expand(addr_a, a->u.addressPrefix, length, 0x00))
+            return -1;
+        prefixlen_a = addr_prefixlen(a->u.addressPrefix);
+        break;
+    case IPAddressOrRange_addressRange:
+        if (!addr_expand(addr_a, a->u.addressRange->min, length, 0x00))
+            return -1;
+        prefixlen_a = length * 8;
+        break;
+    }
+
+    switch (b->type) {
+    case IPAddressOrRange_addressPrefix:
+        if (!addr_expand(addr_b, b->u.addressPrefix, length, 0x00))
+            return -1;
+        prefixlen_b = addr_prefixlen(b->u.addressPrefix);
+        break;
+    case IPAddressOrRange_addressRange:
+        if (!addr_expand(addr_b, b->u.addressRange->min, length, 0x00))
+            return -1;
+        prefixlen_b = length * 8;
+        break;
+    }
+
+    if ((r = memcmp(addr_a, addr_b, length)) != 0)
+        return r;
+    else
+        return prefixlen_a - prefixlen_b;
+}
+
+/*
+ * IPv4-specific closure over IPAddressOrRange_cmp, since sk_sort()
+ * comparision routines are only allowed two arguments.
+ */
+static int v4IPAddressOrRange_cmp(const IPAddressOrRange *const *a,
+                                  const IPAddressOrRange *const *b)
+{
+    return IPAddressOrRange_cmp(*a, *b, 4);
+}
+
+/*
+ * IPv6-specific closure over IPAddressOrRange_cmp, since sk_sort()
+ * comparision routines are only allowed two arguments.
+ */
+static int v6IPAddressOrRange_cmp(const IPAddressOrRange *const *a,
+                                  const IPAddressOrRange *const *b)
+{
+    return IPAddressOrRange_cmp(*a, *b, 16);
+}
+
+/*
+ * Calculate whether a range collapses to a prefix.
+ * See last paragraph of RFC 3779 2.2.3.7.
+ */
+static int range_should_be_prefix(const unsigned char *min,
+                                  const unsigned char *max, const int length)
+{
+    unsigned char mask;
+    int i, j;
+
+    OPENSSL_assert(memcmp(min, max, length) <= 0);
+    for (i = 0; i < length && min[i] == max[i]; i++) ;
+    for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--) ;
+    if (i < j)
+        return -1;
+    if (i > j)
+        return i * 8;
+    mask = min[i] ^ max[i];
+    switch (mask) {
+    case 0x01:
+        j = 7;
+        break;
+    case 0x03:
+        j = 6;
+        break;
+    case 0x07:
+        j = 5;
+        break;
+    case 0x0F:
+        j = 4;
+        break;
+    case 0x1F:
+        j = 3;
+        break;
+    case 0x3F:
+        j = 2;
+        break;
+    case 0x7F:
+        j = 1;
+        break;
+    default:
+        return -1;
+    }
+    if ((min[i] & mask) != 0 || (max[i] & mask) != mask)
+        return -1;
+    else
+        return i * 8 + j;
+}
+
+/*
+ * Construct a prefix.
+ */
+static int make_addressPrefix(IPAddressOrRange **result,
+                              unsigned char *addr, const int prefixlen)
+{
+    int bytelen = (prefixlen + 7) / 8, bitlen = prefixlen % 8;
+    IPAddressOrRange *aor = IPAddressOrRange_new();
+
+    if (aor == NULL)
+        return 0;
+    aor->type = IPAddressOrRange_addressPrefix;
+    if (aor->u.addressPrefix == NULL &&
+        (aor->u.addressPrefix = ASN1_BIT_STRING_new()) == NULL)
+        goto err;
+    if (!ASN1_BIT_STRING_set(aor->u.addressPrefix, addr, bytelen))
+        goto err;
+    aor->u.addressPrefix->flags &= ~7;
+    aor->u.addressPrefix->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+    if (bitlen > 0) {
+        aor->u.addressPrefix->data[bytelen - 1] &= ~(0xFF >> bitlen);
+        aor->u.addressPrefix->flags |= 8 - bitlen;
+    }
+
+    *result = aor;
+    return 1;
+
+ err:
+    IPAddressOrRange_free(aor);
+    return 0;
+}
+
+/*
+ * Construct a range.  If it can be expressed as a prefix,
+ * return a prefix instead.  Doing this here simplifies
+ * the rest of the code considerably.
+ */
+static int make_addressRange(IPAddressOrRange **result,
+                             unsigned char *min,
+                             unsigned char *max, const int length)
+{
+    IPAddressOrRange *aor;
+    int i, prefixlen;
+
+    if ((prefixlen = range_should_be_prefix(min, max, length)) >= 0)
+        return make_addressPrefix(result, min, prefixlen);
+
+    if ((aor = IPAddressOrRange_new()) == NULL)
+        return 0;
+    aor->type = IPAddressOrRange_addressRange;
+    OPENSSL_assert(aor->u.addressRange == NULL);
+    if ((aor->u.addressRange = IPAddressRange_new()) == NULL)
+        goto err;
+    if (aor->u.addressRange->min == NULL &&
+        (aor->u.addressRange->min = ASN1_BIT_STRING_new()) == NULL)
+        goto err;
+    if (aor->u.addressRange->max == NULL &&
+        (aor->u.addressRange->max = ASN1_BIT_STRING_new()) == NULL)
+        goto err;
+
+    for (i = length; i > 0 && min[i - 1] == 0x00; --i) ;
+    if (!ASN1_BIT_STRING_set(aor->u.addressRange->min, min, i))
+        goto err;
+    aor->u.addressRange->min->flags &= ~7;
+    aor->u.addressRange->min->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+    if (i > 0) {
+        unsigned char b = min[i - 1];
+        int j = 1;
+        while ((b & (0xFFU >> j)) != 0)
+            ++j;
+        aor->u.addressRange->min->flags |= 8 - j;
+    }
+
+    for (i = length; i > 0 && max[i - 1] == 0xFF; --i) ;
+    if (!ASN1_BIT_STRING_set(aor->u.addressRange->max, max, i))
+        goto err;
+    aor->u.addressRange->max->flags &= ~7;
+    aor->u.addressRange->max->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+    if (i > 0) {
+        unsigned char b = max[i - 1];
+        int j = 1;
+        while ((b & (0xFFU >> j)) != (0xFFU >> j))
+            ++j;
+        aor->u.addressRange->max->flags |= 8 - j;
+    }
+
+    *result = aor;
+    return 1;
+
+ err:
+    IPAddressOrRange_free(aor);
+    return 0;
+}
+
+/*
+ * Construct a new address family or find an existing one.
+ */
+static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr,
+                                             const unsigned afi,
+                                             const unsigned *safi)
+{
+    IPAddressFamily *f;
+    unsigned char key[3];
+    unsigned keylen;
+    int i;
+
+    key[0] = (afi >> 8) & 0xFF;
+    key[1] = afi & 0xFF;
+    if (safi != NULL) {
+        key[2] = *safi & 0xFF;
+        keylen = 3;
+    } else {
+        keylen = 2;
+    }
+
+    for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+        f = sk_IPAddressFamily_value(addr, i);
+        OPENSSL_assert(f->addressFamily->data != NULL);
+        if (f->addressFamily->length == keylen &&
+            !memcmp(f->addressFamily->data, key, keylen))
+            return f;
+    }
+
+    if ((f = IPAddressFamily_new()) == NULL)
+        goto err;
+    if (f->ipAddressChoice == NULL &&
+        (f->ipAddressChoice = IPAddressChoice_new()) == NULL)
+        goto err;
+    if (f->addressFamily == NULL &&
+        (f->addressFamily = ASN1_OCTET_STRING_new()) == NULL)
+        goto err;
+    if (!ASN1_OCTET_STRING_set(f->addressFamily, key, keylen))
+        goto err;
+    if (!sk_IPAddressFamily_push(addr, f))
+        goto err;
+
+    return f;
+
+ err:
+    IPAddressFamily_free(f);
+    return NULL;
+}
+
+/*
+ * Add an inheritance element.
+ */
+int v3_addr_add_inherit(IPAddrBlocks *addr,
+                        const unsigned afi, const unsigned *safi)
+{
+    IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);
+    if (f == NULL ||
+        f->ipAddressChoice == NULL ||
+        (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&
+         f->ipAddressChoice->u.addressesOrRanges != NULL))
+        return 0;
+    if (f->ipAddressChoice->type == IPAddressChoice_inherit &&
+        f->ipAddressChoice->u.inherit != NULL)
+        return 1;
+    if (f->ipAddressChoice->u.inherit == NULL &&
+        (f->ipAddressChoice->u.inherit = ASN1_NULL_new()) == NULL)
+        return 0;
+    f->ipAddressChoice->type = IPAddressChoice_inherit;
+    return 1;
+}
+
+/*
+ * Construct an IPAddressOrRange sequence, or return an existing one.
+ */
+static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr,
+                                               const unsigned afi,
+                                               const unsigned *safi)
+{
+    IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);
+    IPAddressOrRanges *aors = NULL;
+
+    if (f == NULL ||
+        f->ipAddressChoice == NULL ||
+        (f->ipAddressChoice->type == IPAddressChoice_inherit &&
+         f->ipAddressChoice->u.inherit != NULL))
+        return NULL;
+    if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges)
+        aors = f->ipAddressChoice->u.addressesOrRanges;
+    if (aors != NULL)
+        return aors;
+    if ((aors = sk_IPAddressOrRange_new_null()) == NULL)
+        return NULL;
+    switch (afi) {
+    case IANA_AFI_IPV4:
+        (void)sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp);
+        break;
+    case IANA_AFI_IPV6:
+        (void)sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp);
+        break;
+    }
+    f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges;
+    f->ipAddressChoice->u.addressesOrRanges = aors;
+    return aors;
+}
+
+/*
+ * Add a prefix.
+ */
+int v3_addr_add_prefix(IPAddrBlocks *addr,
+                       const unsigned afi,
+                       const unsigned *safi,
+                       unsigned char *a, const int prefixlen)
+{
+    IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
+    IPAddressOrRange *aor;
+    if (aors == NULL || !make_addressPrefix(&aor, a, prefixlen))
+        return 0;
+    if (sk_IPAddressOrRange_push(aors, aor))
+        return 1;
+    IPAddressOrRange_free(aor);
+    return 0;
+}
+
+/*
+ * Add a range.
+ */
+int v3_addr_add_range(IPAddrBlocks *addr,
+                      const unsigned afi,
+                      const unsigned *safi,
+                      unsigned char *min, unsigned char *max)
+{
+    IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
+    IPAddressOrRange *aor;
+    int length = length_from_afi(afi);
+    if (aors == NULL)
+        return 0;
+    if (!make_addressRange(&aor, min, max, length))
+        return 0;
+    if (sk_IPAddressOrRange_push(aors, aor))
+        return 1;
+    IPAddressOrRange_free(aor);
+    return 0;
+}
+
+/*
+ * Extract min and max values from an IPAddressOrRange.
+ */
+static int extract_min_max(IPAddressOrRange *aor,
+                           unsigned char *min, unsigned char *max, int length)
+{
+    if (aor == NULL || min == NULL || max == NULL)
+        return 0;
+    switch (aor->type) {
+    case IPAddressOrRange_addressPrefix:
+        return (addr_expand(min, aor->u.addressPrefix, length, 0x00) &&
+                addr_expand(max, aor->u.addressPrefix, length, 0xFF));
+    case IPAddressOrRange_addressRange:
+        return (addr_expand(min, aor->u.addressRange->min, length, 0x00) &&
+                addr_expand(max, aor->u.addressRange->max, length, 0xFF));
+    }
+    return 0;
+}
+
+/*
+ * Public wrapper for extract_min_max().
+ */
+int v3_addr_get_range(IPAddressOrRange *aor,
+                      const unsigned afi,
+                      unsigned char *min,
+                      unsigned char *max, const int length)
+{
+    int afi_length = length_from_afi(afi);
+    if (aor == NULL || min == NULL || max == NULL ||
+        afi_length == 0 || length < afi_length ||
+        (aor->type != IPAddressOrRange_addressPrefix &&
+         aor->type != IPAddressOrRange_addressRange) ||
+        !extract_min_max(aor, min, max, afi_length))
+        return 0;
+
+    return afi_length;
+}
+
+/*
+ * Sort comparision function for a sequence of IPAddressFamily.
+ *
+ * The last paragraph of RFC 3779 2.2.3.3 is slightly ambiguous about
+ * the ordering: I can read it as meaning that IPv6 without a SAFI
+ * comes before IPv4 with a SAFI, which seems pretty weird.  The
+ * examples in appendix B suggest that the author intended the
+ * null-SAFI rule to apply only within a single AFI, which is what I
+ * would have expected and is what the following code implements.
+ */
+static int IPAddressFamily_cmp(const IPAddressFamily *const *a_,
+                               const IPAddressFamily *const *b_)
+{
+    const ASN1_OCTET_STRING *a = (*a_)->addressFamily;
+    const ASN1_OCTET_STRING *b = (*b_)->addressFamily;
+    int len = ((a->length <= b->length) ? a->length : b->length);
+    int cmp = memcmp(a->data, b->data, len);
+    return cmp ? cmp : a->length - b->length;
+}
+
+/*
+ * Check whether an IPAddrBLocks is in canonical form.
+ */
+int v3_addr_is_canonical(IPAddrBlocks *addr)
+{
+    unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
+    unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];
+    IPAddressOrRanges *aors;
+    int i, j, k;
+
+    /*
+     * Empty extension is cannonical.
+     */
+    if (addr == NULL)
+        return 1;
+
+    /*
+     * Check whether the top-level list is in order.
+     */
+    for (i = 0; i < sk_IPAddressFamily_num(addr) - 1; i++) {
+        const IPAddressFamily *a = sk_IPAddressFamily_value(addr, i);
+        const IPAddressFamily *b = sk_IPAddressFamily_value(addr, i + 1);
+        if (IPAddressFamily_cmp(&a, &b) >= 0)
+            return 0;
+    }
+
+    /*
+     * Top level's ok, now check each address family.
+     */
+    for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+        IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
+        int length = length_from_afi(v3_addr_get_afi(f));
+
+        /*
+         * Inheritance is canonical.  Anything other than inheritance or
+         * a SEQUENCE OF IPAddressOrRange is an ASN.1 error or something.
+         */
+        if (f == NULL || f->ipAddressChoice == NULL)
+            return 0;
+        switch (f->ipAddressChoice->type) {
+        case IPAddressChoice_inherit:
+            continue;
+        case IPAddressChoice_addressesOrRanges:
+            break;
+        default:
+            return 0;
+        }
+
+        /*
+         * It's an IPAddressOrRanges sequence, check it.
+         */
+        aors = f->ipAddressChoice->u.addressesOrRanges;
+        if (sk_IPAddressOrRange_num(aors) == 0)
+            return 0;
+        for (j = 0; j < sk_IPAddressOrRange_num(aors) - 1; j++) {
+            IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
+            IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, j + 1);
+
+            if (!extract_min_max(a, a_min, a_max, length) ||
+                !extract_min_max(b, b_min, b_max, length))
+                return 0;
+
+            /*
+             * Punt misordered list, overlapping start, or inverted range.
+             */
+            if (memcmp(a_min, b_min, length) >= 0 ||
+                memcmp(a_min, a_max, length) > 0 ||
+                memcmp(b_min, b_max, length) > 0)
+                return 0;
+
+            /*
+             * Punt if adjacent or overlapping.  Check for adjacency by
+             * subtracting one from b_min first.
+             */
+            for (k = length - 1; k >= 0 && b_min[k]-- == 0x00; k--) ;
+            if (memcmp(a_max, b_min, length) >= 0)
+                return 0;
+
+            /*
+             * Check for range that should be expressed as a prefix.
+             */
+            if (a->type == IPAddressOrRange_addressRange &&
+                range_should_be_prefix(a_min, a_max, length) >= 0)
+                return 0;
+        }
+
+        /*
+         * Check range to see if it's inverted or should be a
+         * prefix.
+         */
+        j = sk_IPAddressOrRange_num(aors) - 1;
+        {
+            IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
+            if (a != NULL && a->type == IPAddressOrRange_addressRange) {
+                if (!extract_min_max(a, a_min, a_max, length))
+                    return 0;
+                if (memcmp(a_min, a_max, length) > 0 ||
+                    range_should_be_prefix(a_min, a_max, length) >= 0)
+                    return 0;
+            }
+        }
+    }
+
+    /*
+     * If we made it through all that, we're happy.
+     */
+    return 1;
+}
+
+/*
+ * Whack an IPAddressOrRanges into canonical form.
+ */
+static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,
+                                      const unsigned afi)
+{
+    int i, j, length = length_from_afi(afi);
+
+    /*
+     * Sort the IPAddressOrRanges sequence.
+     */
+    sk_IPAddressOrRange_sort(aors);
+
+    /*
+     * Clean up representation issues, punt on duplicates or overlaps.
+     */
+    for (i = 0; i < sk_IPAddressOrRange_num(aors) - 1; i++) {
+        IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, i);
+        IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, i + 1);
+        unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
+        unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];
+
+        if (!extract_min_max(a, a_min, a_max, length) ||
+            !extract_min_max(b, b_min, b_max, length))
+            return 0;
+
+        /*
+         * Punt inverted ranges.
+         */
+        if (memcmp(a_min, a_max, length) > 0 ||
+            memcmp(b_min, b_max, length) > 0)
+            return 0;
+
+        /*
+         * Punt overlaps.
+         */
+        if (memcmp(a_max, b_min, length) >= 0)
+            return 0;
+
+        /*
+         * Merge if a and b are adjacent.  We check for
+         * adjacency by subtracting one from b_min first.
+         */
+        for (j = length - 1; j >= 0 && b_min[j]-- == 0x00; j--) ;
+        if (memcmp(a_max, b_min, length) == 0) {
+            IPAddressOrRange *merged;
+            if (!make_addressRange(&merged, a_min, b_max, length))
+                return 0;
+            (void)sk_IPAddressOrRange_set(aors, i, merged);
+            (void)sk_IPAddressOrRange_delete(aors, i + 1);
+            IPAddressOrRange_free(a);
+            IPAddressOrRange_free(b);
+            --i;
+            continue;
+        }
+    }
+
+    /*
+     * Check for inverted final range.
+     */
+    j = sk_IPAddressOrRange_num(aors) - 1;
+    {
+        IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
+        if (a != NULL && a->type == IPAddressOrRange_addressRange) {
+            unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
+            extract_min_max(a, a_min, a_max, length);
+            if (memcmp(a_min, a_max, length) > 0)
+                return 0;
+        }
+    }
+
+    return 1;
+}
+
+/*
+ * Whack an IPAddrBlocks extension into canonical form.
+ */
+int v3_addr_canonize(IPAddrBlocks *addr)
+{
+    int i;
+    for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+        IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
+        if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&
+            !IPAddressOrRanges_canonize(f->ipAddressChoice->
+                                        u.addressesOrRanges,
+                                        v3_addr_get_afi(f)))
+            return 0;
+    }
+    (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp);
+    sk_IPAddressFamily_sort(addr);
+    OPENSSL_assert(v3_addr_is_canonical(addr));
+    return 1;
+}
+
+/*
+ * v2i handler for the IPAddrBlocks extension.
+ */
+static void *v2i_IPAddrBlocks(const struct v3_ext_method *method,
+                              struct v3_ext_ctx *ctx,
+                              STACK_OF(CONF_VALUE) *values)
+{
+    static const char v4addr_chars[] = "0123456789.";
+    static const char v6addr_chars[] = "0123456789.:abcdefABCDEF";
+    IPAddrBlocks *addr = NULL;
+    char *s = NULL, *t;
+    int i;
+
+    if ((addr = sk_IPAddressFamily_new(IPAddressFamily_cmp)) == NULL) {
+        X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+        CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
+        unsigned char min[ADDR_RAW_BUF_LEN], max[ADDR_RAW_BUF_LEN];
+        unsigned afi, *safi = NULL, safi_;
+        const char *addr_chars;
+        int prefixlen, i1, i2, delim, length;
+
+        if (!name_cmp(val->name, "IPv4")) {
+            afi = IANA_AFI_IPV4;
+        } else if (!name_cmp(val->name, "IPv6")) {
+            afi = IANA_AFI_IPV6;
+        } else if (!name_cmp(val->name, "IPv4-SAFI")) {
+            afi = IANA_AFI_IPV4;
+            safi = &safi_;
+        } else if (!name_cmp(val->name, "IPv6-SAFI")) {
+            afi = IANA_AFI_IPV6;
+            safi = &safi_;
+        } else {
+            X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+                      X509V3_R_EXTENSION_NAME_ERROR);
+            X509V3_conf_err(val);
+            goto err;
+        }
+
+        switch (afi) {
+        case IANA_AFI_IPV4:
+            addr_chars = v4addr_chars;
+            break;
+        case IANA_AFI_IPV6:
+            addr_chars = v6addr_chars;
+            break;
+        }
+
+        length = length_from_afi(afi);
+
+        /*
+         * Handle SAFI, if any, and BUF_strdup() so we can null-terminate
+         * the other input values.
+         */
+        if (safi != NULL) {
+            *safi = strtoul(val->value, &t, 0);
+            t += strspn(t, " \t");
+            if (*safi > 0xFF || *t++ != ':') {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_SAFI);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            t += strspn(t, " \t");
+            s = BUF_strdup(t);
+        } else {
+            s = BUF_strdup(val->value);
+        }
+        if (s == NULL) {
+            X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        /*
+         * Check for inheritance.  Not worth additional complexity to
+         * optimize this (seldom-used) case.
+         */
+        if (!strcmp(s, "inherit")) {
+            if (!v3_addr_add_inherit(addr, afi, safi)) {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+                          X509V3_R_INVALID_INHERITANCE);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            OPENSSL_free(s);
+            s = NULL;
+            continue;
+        }
+
+        i1 = strspn(s, addr_chars);
+        i2 = i1 + strspn(s + i1, " \t");
+        delim = s[i2++];
+        s[i1] = '\0';
+
+        if (a2i_ipadd(min, s) != length) {
+            X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_IPADDRESS);
+            X509V3_conf_err(val);
+            goto err;
+        }
+
+        switch (delim) {
+        case '/':
+            prefixlen = (int)strtoul(s + i2, &t, 10);
+            if (t == s + i2 || *t != '\0') {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+                          X509V3_R_EXTENSION_VALUE_ERROR);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            if (!v3_addr_add_prefix(addr, afi, safi, min, prefixlen)) {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            break;
+        case '-':
+            i1 = i2 + strspn(s + i2, " \t");
+            i2 = i1 + strspn(s + i1, addr_chars);
+            if (i1 == i2 || s[i2] != '\0') {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+                          X509V3_R_EXTENSION_VALUE_ERROR);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            if (a2i_ipadd(max, s + i1) != length) {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+                          X509V3_R_INVALID_IPADDRESS);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            if (memcmp(min, max, length_from_afi(afi)) > 0) {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+                          X509V3_R_EXTENSION_VALUE_ERROR);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            if (!v3_addr_add_range(addr, afi, safi, min, max)) {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            break;
+        case '\0':
+            if (!v3_addr_add_prefix(addr, afi, safi, min, length * 8)) {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            break;
+        default:
+            X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+                      X509V3_R_EXTENSION_VALUE_ERROR);
+            X509V3_conf_err(val);
+            goto err;
+        }
+
+        OPENSSL_free(s);
+        s = NULL;
+    }
+
+    /*
+     * Canonize the result, then we're done.
+     */
+    if (!v3_addr_canonize(addr))
+        goto err;
+    return addr;
+
+ err:
+    OPENSSL_free(s);
+    sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free);
+    return NULL;
+}
+
+/*
+ * OpenSSL dispatch
+ */
+const X509V3_EXT_METHOD v3_addr = {
+    NID_sbgp_ipAddrBlock,       /* nid */
+    0,                          /* flags */
+    ASN1_ITEM_ref(IPAddrBlocks), /* template */
+    0, 0, 0, 0,                 /* old functions, ignored */
+    0,                          /* i2s */
+    0,                          /* s2i */
+    0,                          /* i2v */
+    v2i_IPAddrBlocks,           /* v2i */
+    i2r_IPAddrBlocks,           /* i2r */
+    0,                          /* r2i */
+    NULL                        /* extension-specific data */
+};
+
+/*
+ * Figure out whether extension sues inheritance.
+ */
+int v3_addr_inherits(IPAddrBlocks *addr)
+{
+    int i;
+    if (addr == NULL)
+        return 0;
+    for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+        IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
+        if (f->ipAddressChoice->type == IPAddressChoice_inherit)
+            return 1;
+    }
+    return 0;
+}
+
+/*
+ * Figure out whether parent contains child.
+ */
+static int addr_contains(IPAddressOrRanges *parent,
+                         IPAddressOrRanges *child, int length)
+{
+    unsigned char p_min[ADDR_RAW_BUF_LEN], p_max[ADDR_RAW_BUF_LEN];
+    unsigned char c_min[ADDR_RAW_BUF_LEN], c_max[ADDR_RAW_BUF_LEN];
+    int p, c;
+
+    if (child == NULL || parent == child)
+        return 1;
+    if (parent == NULL)
+        return 0;
+
+    p = 0;
+    for (c = 0; c < sk_IPAddressOrRange_num(child); c++) {
+        if (!extract_min_max(sk_IPAddressOrRange_value(child, c),
+                             c_min, c_max, length))
+            return -1;
+        for (;; p++) {
+            if (p >= sk_IPAddressOrRange_num(parent))
+                return 0;
+            if (!extract_min_max(sk_IPAddressOrRange_value(parent, p),
+                                 p_min, p_max, length))
+                return 0;
+            if (memcmp(p_max, c_max, length) < 0)
+                continue;
+            if (memcmp(p_min, c_min, length) > 0)
+                return 0;
+            break;
+        }
+    }
+
+    return 1;
+}
+
+/*
+ * Test whether a is a subset of b.
+ */
+int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
+{
+    int i;
+    if (a == NULL || a == b)
+        return 1;
+    if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b))
+        return 0;
+    (void)sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp);
+    for (i = 0; i < sk_IPAddressFamily_num(a); i++) {
+        IPAddressFamily *fa = sk_IPAddressFamily_value(a, i);
+        int j = sk_IPAddressFamily_find(b, fa);
+        IPAddressFamily *fb;
+        fb = sk_IPAddressFamily_value(b, j);
+        if (fb == NULL)
+            return 0;
+        if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges,
+                           fa->ipAddressChoice->u.addressesOrRanges,
+                           length_from_afi(v3_addr_get_afi(fb))))
+            return 0;
+    }
+    return 1;
+}
+
+/*
+ * Validation error handling via callback.
+ */
+# define validation_err(_err_)           \
+  do {                                  \
+    if (ctx != NULL) {                  \
+      ctx->error = _err_;               \
+      ctx->error_depth = i;             \
+      ctx->current_cert = x;            \
+      ret = ctx->verify_cb(0, ctx);     \
+    } else {                            \
+      ret = 0;                          \
+    }                                   \
+    if (!ret)                           \
+      goto done;                        \
+  } while (0)
+
+/*
+ * Core code for RFC 3779 2.3 path validation.
+ *
+ * Returns 1 for success, 0 on error.
+ *
+ * When returning 0, ctx->error MUST be set to an appropriate value other than
+ * X509_V_OK.
+ */
+static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
+                                          STACK_OF(X509) *chain,
+                                          IPAddrBlocks *ext)
+{
+    IPAddrBlocks *child = NULL;
+    int i, j, ret = 1;
+    X509 *x;
+
+    OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
+    OPENSSL_assert(ctx != NULL || ext != NULL);
+    OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
+
+    /*
+     * Figure out where to start.  If we don't have an extension to
+     * check, we're done.  Otherwise, check canonical form and
+     * set up for walking up the chain.
+     */
+    if (ext != NULL) {
+        i = -1;
+        x = NULL;
+    } else {
+        i = 0;
+        x = sk_X509_value(chain, i);
+        OPENSSL_assert(x != NULL);
+        if ((ext = x->rfc3779_addr) == NULL)
+            goto done;
+    }
+    if (!v3_addr_is_canonical(ext))
+        validation_err(X509_V_ERR_INVALID_EXTENSION);
+    (void)sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp);
+    if ((child = sk_IPAddressFamily_dup(ext)) == NULL) {
+        X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL,
+                  ERR_R_MALLOC_FAILURE);
+        ctx->error = X509_V_ERR_OUT_OF_MEM;
+        ret = 0;
+        goto done;
+    }
+
+    /*
+     * Now walk up the chain.  No cert may list resources that its
+     * parent doesn't list.
+     */
+    for (i++; i < sk_X509_num(chain); i++) {
+        x = sk_X509_value(chain, i);
+        OPENSSL_assert(x != NULL);
+        if (!v3_addr_is_canonical(x->rfc3779_addr))
+            validation_err(X509_V_ERR_INVALID_EXTENSION);
+        if (x->rfc3779_addr == NULL) {
+            for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
+                IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
+                if (fc->ipAddressChoice->type != IPAddressChoice_inherit) {
+                    validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+                    break;
+                }
+            }
+            continue;
+        }
+        (void)sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr,
+                                              IPAddressFamily_cmp);
+        for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
+            IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
+            int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc);
+            IPAddressFamily *fp =
+                sk_IPAddressFamily_value(x->rfc3779_addr, k);
+            if (fp == NULL) {
+                if (fc->ipAddressChoice->type ==
+                    IPAddressChoice_addressesOrRanges) {
+                    validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+                    break;
+                }
+                continue;
+            }
+            if (fp->ipAddressChoice->type ==
+                IPAddressChoice_addressesOrRanges) {
+                if (fc->ipAddressChoice->type == IPAddressChoice_inherit
+                    || addr_contains(fp->ipAddressChoice->u.addressesOrRanges,
+                                     fc->ipAddressChoice->u.addressesOrRanges,
+                                     length_from_afi(v3_addr_get_afi(fc))))
+                    sk_IPAddressFamily_set(child, j, fp);
+                else
+                    validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+            }
+        }
+    }
+
+    /*
+     * Trust anchor can't inherit.
+     */
+    OPENSSL_assert(x != NULL);
+    if (x->rfc3779_addr != NULL) {
+        for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) {
+            IPAddressFamily *fp =
+                sk_IPAddressFamily_value(x->rfc3779_addr, j);
+            if (fp->ipAddressChoice->type == IPAddressChoice_inherit
+                && sk_IPAddressFamily_find(child, fp) >= 0)
+                validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+        }
+    }
+
+ done:
+    sk_IPAddressFamily_free(child);
+    return ret;
+}
+
+# undef validation_err
+
+/*
+ * RFC 3779 2.3 path validation -- called from X509_verify_cert().
+ */
+int v3_addr_validate_path(X509_STORE_CTX *ctx)
+{
+    return v3_addr_validate_path_internal(ctx, ctx->chain, NULL);
+}
+
+/*
+ * RFC 3779 2.3 path validation of an extension.
+ * Test whether chain covers extension.
+ */
+int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
+                                  IPAddrBlocks *ext, int allow_inheritance)
+{
+    if (ext == NULL)
+        return 1;
+    if (chain == NULL || sk_X509_num(chain) == 0)
+        return 0;
+    if (!allow_inheritance && v3_addr_inherits(ext))
+        return 0;
+    return v3_addr_validate_path_internal(NULL, chain, ext);
+}
+
+#endif                          /* OPENSSL_NO_RFC3779 */

Deleted: vendor-crypto/openssl/1.0.1u/crypto/x509v3/v3_pci.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/v3_pci.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/x509v3/v3_pci.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,317 +0,0 @@
-/* v3_pci.c -*- mode:C; c-file-style: "eay" -*- */
-/*
- * Contributed to the OpenSSL Project 2004 by Richard Levitte
- * (richard at levitte.org)
- */
-/* Copyright (c) 2004 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext,
-                   BIO *out, int indent);
-static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
-                                          X509V3_CTX *ctx, char *str);
-
-const X509V3_EXT_METHOD v3_pci =
-    { NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
-    0, 0, 0, 0,
-    0, 0,
-    NULL, NULL,
-    (X509V3_EXT_I2R)i2r_pci,
-    (X509V3_EXT_R2I)r2i_pci,
-    NULL,
-};
-
-static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci,
-                   BIO *out, int indent)
-{
-    BIO_printf(out, "%*sPath Length Constraint: ", indent, "");
-    if (pci->pcPathLengthConstraint)
-        i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint);
-    else
-        BIO_printf(out, "infinite");
-    BIO_puts(out, "\n");
-    BIO_printf(out, "%*sPolicy Language: ", indent, "");
-    i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);
-    BIO_puts(out, "\n");
-    if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)
-        BIO_printf(out, "%*sPolicy Text: %s\n", indent, "",
-                   pci->proxyPolicy->policy->data);
-    return 1;
-}
-
-static int process_pci_value(CONF_VALUE *val,
-                             ASN1_OBJECT **language, ASN1_INTEGER **pathlen,
-                             ASN1_OCTET_STRING **policy)
-{
-    int free_policy = 0;
-
-    if (strcmp(val->name, "language") == 0) {
-        if (*language) {
-            X509V3err(X509V3_F_PROCESS_PCI_VALUE,
-                      X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED);
-            X509V3_conf_err(val);
-            return 0;
-        }
-        if (!(*language = OBJ_txt2obj(val->value, 0))) {
-            X509V3err(X509V3_F_PROCESS_PCI_VALUE,
-                      X509V3_R_INVALID_OBJECT_IDENTIFIER);
-            X509V3_conf_err(val);
-            return 0;
-        }
-    } else if (strcmp(val->name, "pathlen") == 0) {
-        if (*pathlen) {
-            X509V3err(X509V3_F_PROCESS_PCI_VALUE,
-                      X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED);
-            X509V3_conf_err(val);
-            return 0;
-        }
-        if (!X509V3_get_value_int(val, pathlen)) {
-            X509V3err(X509V3_F_PROCESS_PCI_VALUE,
-                      X509V3_R_POLICY_PATH_LENGTH);
-            X509V3_conf_err(val);
-            return 0;
-        }
-    } else if (strcmp(val->name, "policy") == 0) {
-        unsigned char *tmp_data = NULL;
-        long val_len;
-        if (!*policy) {
-            *policy = ASN1_OCTET_STRING_new();
-            if (!*policy) {
-                X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
-                X509V3_conf_err(val);
-                return 0;
-            }
-            free_policy = 1;
-        }
-        if (strncmp(val->value, "hex:", 4) == 0) {
-            unsigned char *tmp_data2 =
-                string_to_hex(val->value + 4, &val_len);
-
-            if (!tmp_data2) {
-                X509V3err(X509V3_F_PROCESS_PCI_VALUE,
-                          X509V3_R_ILLEGAL_HEX_DIGIT);
-                X509V3_conf_err(val);
-                goto err;
-            }
-
-            tmp_data = OPENSSL_realloc((*policy)->data,
-                                       (*policy)->length + val_len + 1);
-            if (tmp_data) {
-                (*policy)->data = tmp_data;
-                memcpy(&(*policy)->data[(*policy)->length],
-                       tmp_data2, val_len);
-                (*policy)->length += val_len;
-                (*policy)->data[(*policy)->length] = '\0';
-            } else {
-                OPENSSL_free(tmp_data2);
-                /*
-                 * realloc failure implies the original data space is b0rked
-                 * too!
-                 */
-                (*policy)->data = NULL;
-                (*policy)->length = 0;
-                X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
-                X509V3_conf_err(val);
-                goto err;
-            }
-            OPENSSL_free(tmp_data2);
-        } else if (strncmp(val->value, "file:", 5) == 0) {
-            unsigned char buf[2048];
-            int n;
-            BIO *b = BIO_new_file(val->value + 5, "r");
-            if (!b) {
-                X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_BIO_LIB);
-                X509V3_conf_err(val);
-                goto err;
-            }
-            while ((n = BIO_read(b, buf, sizeof(buf))) > 0
-                   || (n == 0 && BIO_should_retry(b))) {
-                if (!n)
-                    continue;
-
-                tmp_data = OPENSSL_realloc((*policy)->data,
-                                           (*policy)->length + n + 1);
-
-                if (!tmp_data)
-                    break;
-
-                (*policy)->data = tmp_data;
-                memcpy(&(*policy)->data[(*policy)->length], buf, n);
-                (*policy)->length += n;
-                (*policy)->data[(*policy)->length] = '\0';
-            }
-            BIO_free_all(b);
-
-            if (n < 0) {
-                X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_BIO_LIB);
-                X509V3_conf_err(val);
-                goto err;
-            }
-        } else if (strncmp(val->value, "text:", 5) == 0) {
-            val_len = strlen(val->value + 5);
-            tmp_data = OPENSSL_realloc((*policy)->data,
-                                       (*policy)->length + val_len + 1);
-            if (tmp_data) {
-                (*policy)->data = tmp_data;
-                memcpy(&(*policy)->data[(*policy)->length],
-                       val->value + 5, val_len);
-                (*policy)->length += val_len;
-                (*policy)->data[(*policy)->length] = '\0';
-            } else {
-                /*
-                 * realloc failure implies the original data space is b0rked
-                 * too!
-                 */
-                (*policy)->data = NULL;
-                (*policy)->length = 0;
-                X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
-                X509V3_conf_err(val);
-                goto err;
-            }
-        } else {
-            X509V3err(X509V3_F_PROCESS_PCI_VALUE,
-                      X509V3_R_INCORRECT_POLICY_SYNTAX_TAG);
-            X509V3_conf_err(val);
-            goto err;
-        }
-        if (!tmp_data) {
-            X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
-            X509V3_conf_err(val);
-            goto err;
-        }
-    }
-    return 1;
- err:
-    if (free_policy) {
-        ASN1_OCTET_STRING_free(*policy);
-        *policy = NULL;
-    }
-    return 0;
-}
-
-static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
-                                          X509V3_CTX *ctx, char *value)
-{
-    PROXY_CERT_INFO_EXTENSION *pci = NULL;
-    STACK_OF(CONF_VALUE) *vals;
-    ASN1_OBJECT *language = NULL;
-    ASN1_INTEGER *pathlen = NULL;
-    ASN1_OCTET_STRING *policy = NULL;
-    int i, j;
-
-    vals = X509V3_parse_list(value);
-    for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
-        CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i);
-        if (!cnf->name || (*cnf->name != '@' && !cnf->value)) {
-            X509V3err(X509V3_F_R2I_PCI,
-                      X509V3_R_INVALID_PROXY_POLICY_SETTING);
-            X509V3_conf_err(cnf);
-            goto err;
-        }
-        if (*cnf->name == '@') {
-            STACK_OF(CONF_VALUE) *sect;
-            int success_p = 1;
-
-            sect = X509V3_get_section(ctx, cnf->name + 1);
-            if (!sect) {
-                X509V3err(X509V3_F_R2I_PCI, X509V3_R_INVALID_SECTION);
-                X509V3_conf_err(cnf);
-                goto err;
-            }
-            for (j = 0; success_p && j < sk_CONF_VALUE_num(sect); j++) {
-                success_p =
-                    process_pci_value(sk_CONF_VALUE_value(sect, j),
-                                      &language, &pathlen, &policy);
-            }
-            X509V3_section_free(ctx, sect);
-            if (!success_p)
-                goto err;
-        } else {
-            if (!process_pci_value(cnf, &language, &pathlen, &policy)) {
-                X509V3_conf_err(cnf);
-                goto err;
-            }
-        }
-    }
-
-    /* Language is mandatory */
-    if (!language) {
-        X509V3err(X509V3_F_R2I_PCI,
-                  X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED);
-        goto err;
-    }
-    i = OBJ_obj2nid(language);
-    if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy) {
-        X509V3err(X509V3_F_R2I_PCI,
-                  X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY);
-        goto err;
-    }
-
-    pci = PROXY_CERT_INFO_EXTENSION_new();
-    if (!pci) {
-        X509V3err(X509V3_F_R2I_PCI, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    pci->proxyPolicy->policyLanguage = language;
-    language = NULL;
-    pci->proxyPolicy->policy = policy;
-    policy = NULL;
-    pci->pcPathLengthConstraint = pathlen;
-    pathlen = NULL;
-    goto end;
- err:
-    if (language) {
-        ASN1_OBJECT_free(language);
-        language = NULL;
-    }
-    if (pathlen) {
-        ASN1_INTEGER_free(pathlen);
-        pathlen = NULL;
-    }
-    if (policy) {
-        ASN1_OCTET_STRING_free(policy);
-        policy = NULL;
-    }
-    if (pci) {
-        PROXY_CERT_INFO_EXTENSION_free(pci);
-        pci = NULL;
-    }
- end:
-    sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
-    return pci;
-}

Copied: vendor-crypto/openssl/1.0.1u/crypto/x509v3/v3_pci.c (from rev 11605, vendor-crypto/openssl/dist/crypto/x509v3/v3_pci.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/x509v3/v3_pci.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/x509v3/v3_pci.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,317 @@
+/* v3_pci.c */
+/*
+ * Contributed to the OpenSSL Project 2004 by Richard Levitte
+ * (richard at levitte.org)
+ */
+/* Copyright (c) 2004 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext,
+                   BIO *out, int indent);
+static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
+                                          X509V3_CTX *ctx, char *str);
+
+const X509V3_EXT_METHOD v3_pci =
+    { NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
+    0, 0, 0, 0,
+    0, 0,
+    NULL, NULL,
+    (X509V3_EXT_I2R)i2r_pci,
+    (X509V3_EXT_R2I)r2i_pci,
+    NULL,
+};
+
+static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci,
+                   BIO *out, int indent)
+{
+    BIO_printf(out, "%*sPath Length Constraint: ", indent, "");
+    if (pci->pcPathLengthConstraint)
+        i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint);
+    else
+        BIO_printf(out, "infinite");
+    BIO_puts(out, "\n");
+    BIO_printf(out, "%*sPolicy Language: ", indent, "");
+    i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);
+    BIO_puts(out, "\n");
+    if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)
+        BIO_printf(out, "%*sPolicy Text: %s\n", indent, "",
+                   pci->proxyPolicy->policy->data);
+    return 1;
+}
+
+static int process_pci_value(CONF_VALUE *val,
+                             ASN1_OBJECT **language, ASN1_INTEGER **pathlen,
+                             ASN1_OCTET_STRING **policy)
+{
+    int free_policy = 0;
+
+    if (strcmp(val->name, "language") == 0) {
+        if (*language) {
+            X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+                      X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED);
+            X509V3_conf_err(val);
+            return 0;
+        }
+        if (!(*language = OBJ_txt2obj(val->value, 0))) {
+            X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+                      X509V3_R_INVALID_OBJECT_IDENTIFIER);
+            X509V3_conf_err(val);
+            return 0;
+        }
+    } else if (strcmp(val->name, "pathlen") == 0) {
+        if (*pathlen) {
+            X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+                      X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED);
+            X509V3_conf_err(val);
+            return 0;
+        }
+        if (!X509V3_get_value_int(val, pathlen)) {
+            X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+                      X509V3_R_POLICY_PATH_LENGTH);
+            X509V3_conf_err(val);
+            return 0;
+        }
+    } else if (strcmp(val->name, "policy") == 0) {
+        unsigned char *tmp_data = NULL;
+        long val_len;
+        if (!*policy) {
+            *policy = ASN1_OCTET_STRING_new();
+            if (!*policy) {
+                X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
+                X509V3_conf_err(val);
+                return 0;
+            }
+            free_policy = 1;
+        }
+        if (strncmp(val->value, "hex:", 4) == 0) {
+            unsigned char *tmp_data2 =
+                string_to_hex(val->value + 4, &val_len);
+
+            if (!tmp_data2) {
+                X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+                          X509V3_R_ILLEGAL_HEX_DIGIT);
+                X509V3_conf_err(val);
+                goto err;
+            }
+
+            tmp_data = OPENSSL_realloc((*policy)->data,
+                                       (*policy)->length + val_len + 1);
+            if (tmp_data) {
+                (*policy)->data = tmp_data;
+                memcpy(&(*policy)->data[(*policy)->length],
+                       tmp_data2, val_len);
+                (*policy)->length += val_len;
+                (*policy)->data[(*policy)->length] = '\0';
+            } else {
+                OPENSSL_free(tmp_data2);
+                /*
+                 * realloc failure implies the original data space is b0rked
+                 * too!
+                 */
+                (*policy)->data = NULL;
+                (*policy)->length = 0;
+                X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            OPENSSL_free(tmp_data2);
+        } else if (strncmp(val->value, "file:", 5) == 0) {
+            unsigned char buf[2048];
+            int n;
+            BIO *b = BIO_new_file(val->value + 5, "r");
+            if (!b) {
+                X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_BIO_LIB);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            while ((n = BIO_read(b, buf, sizeof(buf))) > 0
+                   || (n == 0 && BIO_should_retry(b))) {
+                if (!n)
+                    continue;
+
+                tmp_data = OPENSSL_realloc((*policy)->data,
+                                           (*policy)->length + n + 1);
+
+                if (!tmp_data)
+                    break;
+
+                (*policy)->data = tmp_data;
+                memcpy(&(*policy)->data[(*policy)->length], buf, n);
+                (*policy)->length += n;
+                (*policy)->data[(*policy)->length] = '\0';
+            }
+            BIO_free_all(b);
+
+            if (n < 0) {
+                X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_BIO_LIB);
+                X509V3_conf_err(val);
+                goto err;
+            }
+        } else if (strncmp(val->value, "text:", 5) == 0) {
+            val_len = strlen(val->value + 5);
+            tmp_data = OPENSSL_realloc((*policy)->data,
+                                       (*policy)->length + val_len + 1);
+            if (tmp_data) {
+                (*policy)->data = tmp_data;
+                memcpy(&(*policy)->data[(*policy)->length],
+                       val->value + 5, val_len);
+                (*policy)->length += val_len;
+                (*policy)->data[(*policy)->length] = '\0';
+            } else {
+                /*
+                 * realloc failure implies the original data space is b0rked
+                 * too!
+                 */
+                (*policy)->data = NULL;
+                (*policy)->length = 0;
+                X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
+                X509V3_conf_err(val);
+                goto err;
+            }
+        } else {
+            X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+                      X509V3_R_INCORRECT_POLICY_SYNTAX_TAG);
+            X509V3_conf_err(val);
+            goto err;
+        }
+        if (!tmp_data) {
+            X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
+            X509V3_conf_err(val);
+            goto err;
+        }
+    }
+    return 1;
+ err:
+    if (free_policy) {
+        ASN1_OCTET_STRING_free(*policy);
+        *policy = NULL;
+    }
+    return 0;
+}
+
+static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
+                                          X509V3_CTX *ctx, char *value)
+{
+    PROXY_CERT_INFO_EXTENSION *pci = NULL;
+    STACK_OF(CONF_VALUE) *vals;
+    ASN1_OBJECT *language = NULL;
+    ASN1_INTEGER *pathlen = NULL;
+    ASN1_OCTET_STRING *policy = NULL;
+    int i, j;
+
+    vals = X509V3_parse_list(value);
+    for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
+        CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i);
+        if (!cnf->name || (*cnf->name != '@' && !cnf->value)) {
+            X509V3err(X509V3_F_R2I_PCI,
+                      X509V3_R_INVALID_PROXY_POLICY_SETTING);
+            X509V3_conf_err(cnf);
+            goto err;
+        }
+        if (*cnf->name == '@') {
+            STACK_OF(CONF_VALUE) *sect;
+            int success_p = 1;
+
+            sect = X509V3_get_section(ctx, cnf->name + 1);
+            if (!sect) {
+                X509V3err(X509V3_F_R2I_PCI, X509V3_R_INVALID_SECTION);
+                X509V3_conf_err(cnf);
+                goto err;
+            }
+            for (j = 0; success_p && j < sk_CONF_VALUE_num(sect); j++) {
+                success_p =
+                    process_pci_value(sk_CONF_VALUE_value(sect, j),
+                                      &language, &pathlen, &policy);
+            }
+            X509V3_section_free(ctx, sect);
+            if (!success_p)
+                goto err;
+        } else {
+            if (!process_pci_value(cnf, &language, &pathlen, &policy)) {
+                X509V3_conf_err(cnf);
+                goto err;
+            }
+        }
+    }
+
+    /* Language is mandatory */
+    if (!language) {
+        X509V3err(X509V3_F_R2I_PCI,
+                  X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED);
+        goto err;
+    }
+    i = OBJ_obj2nid(language);
+    if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy) {
+        X509V3err(X509V3_F_R2I_PCI,
+                  X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY);
+        goto err;
+    }
+
+    pci = PROXY_CERT_INFO_EXTENSION_new();
+    if (!pci) {
+        X509V3err(X509V3_F_R2I_PCI, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    pci->proxyPolicy->policyLanguage = language;
+    language = NULL;
+    pci->proxyPolicy->policy = policy;
+    policy = NULL;
+    pci->pcPathLengthConstraint = pathlen;
+    pathlen = NULL;
+    goto end;
+ err:
+    if (language) {
+        ASN1_OBJECT_free(language);
+        language = NULL;
+    }
+    if (pathlen) {
+        ASN1_INTEGER_free(pathlen);
+        pathlen = NULL;
+    }
+    if (policy) {
+        ASN1_OCTET_STRING_free(policy);
+        policy = NULL;
+    }
+    if (pci) {
+        PROXY_CERT_INFO_EXTENSION_free(pci);
+        pci = NULL;
+    }
+ end:
+    sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
+    return pci;
+}

Deleted: vendor-crypto/openssl/1.0.1u/crypto/x509v3/v3_pcia.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/v3_pcia.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/crypto/x509v3/v3_pcia.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,56 +0,0 @@
-/* v3_pcia.c -*- mode:C; c-file-style: "eay" -*- */
-/*
- * Contributed to the OpenSSL Project 2004 by Richard Levitte
- * (richard at levitte.org)
- */
-/* Copyright (c) 2004 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509v3.h>
-
-ASN1_SEQUENCE(PROXY_POLICY) =
-        {
-        ASN1_SIMPLE(PROXY_POLICY,policyLanguage,ASN1_OBJECT),
-        ASN1_OPT(PROXY_POLICY,policy,ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(PROXY_POLICY)
-
-IMPLEMENT_ASN1_FUNCTIONS(PROXY_POLICY)
-
-ASN1_SEQUENCE(PROXY_CERT_INFO_EXTENSION) =
-        {
-        ASN1_OPT(PROXY_CERT_INFO_EXTENSION,pcPathLengthConstraint,ASN1_INTEGER),
-        ASN1_SIMPLE(PROXY_CERT_INFO_EXTENSION,proxyPolicy,PROXY_POLICY)
-} ASN1_SEQUENCE_END(PROXY_CERT_INFO_EXTENSION)
-
-IMPLEMENT_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)

Copied: vendor-crypto/openssl/1.0.1u/crypto/x509v3/v3_pcia.c (from rev 11605, vendor-crypto/openssl/dist/crypto/x509v3/v3_pcia.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/crypto/x509v3/v3_pcia.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/crypto/x509v3/v3_pcia.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,56 @@
+/* v3_pcia.c */
+/*
+ * Contributed to the OpenSSL Project 2004 by Richard Levitte
+ * (richard at levitte.org)
+ */
+/* Copyright (c) 2004 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+ASN1_SEQUENCE(PROXY_POLICY) =
+        {
+        ASN1_SIMPLE(PROXY_POLICY,policyLanguage,ASN1_OBJECT),
+        ASN1_OPT(PROXY_POLICY,policy,ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(PROXY_POLICY)
+
+IMPLEMENT_ASN1_FUNCTIONS(PROXY_POLICY)
+
+ASN1_SEQUENCE(PROXY_CERT_INFO_EXTENSION) =
+        {
+        ASN1_OPT(PROXY_CERT_INFO_EXTENSION,pcPathLengthConstraint,ASN1_INTEGER),
+        ASN1_SIMPLE(PROXY_CERT_INFO_EXTENSION,proxyPolicy,PROXY_POLICY)
+} ASN1_SEQUENCE_END(PROXY_CERT_INFO_EXTENSION)
+
+IMPLEMENT_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)

Deleted: vendor-crypto/openssl/1.0.1u/demos/easy_tls/easy-tls.c
===================================================================
--- vendor-crypto/openssl/dist/demos/easy_tls/easy-tls.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/demos/easy_tls/easy-tls.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,1311 +0,0 @@
-/* -*- Mode: C; c-file-style: "bsd" -*- */
-/*-
- * easy-tls.c -- generic TLS proxy.
- * $Id: easy-tls.c,v 1.4 2002/03/05 09:07:16 bodo Exp $
- */
-/*-
- (c) Copyright 1999 Bodo Moeller.  All rights reserved.
-
- This is free software; you can redistributed and/or modify it
- unter the terms of either
-   -  the GNU General Public License as published by the
-      Free Software Foundation, version 1, or (at your option)
-      any later version,
- or
-   -  the following license:
-*/
-/*-
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that each of the following
- * conditions is met:
- *
- * 1. Redistributions qualify as "freeware" or "Open Source Software" under
- *    one of the following terms:
- *
- *    (a) Redistributions are made at no charge beyond the reasonable cost of
- *        materials and delivery.
- *
- *    (b) Redistributions are accompanied by a copy of the Source Code
- *        or by an irrevocable offer to provide a copy of the Source Code
- *        for up to three years at the cost of materials and delivery.
- *        Such redistributions must allow further use, modification, and
- *        redistribution of the Source Code under substantially the same
- *        terms as this license.
- *
- * 2. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 3. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 4. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by Bodo Moeller."
- *    (If available, substitute umlauted o for oe.)
- *
- * 5. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by Bodo Moeller."
- *
- * THIS SOFTWARE IS PROVIDED BY BODO MOELLER ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL BODO MOELLER OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-/*-
- * Attribution for OpenSSL library:
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- * This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)
- */
-
-static char const rcsid[] =
-    "$Id: easy-tls.c,v 1.4 2002/03/05 09:07:16 bodo Exp $";
-
-#include <assert.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <limits.h>
-#include <stdarg.h>
-#include <stdio.h>
-#include <string.h>
-#include <sys/select.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
-#include <sys/time.h>
-#include <sys/types.h>
-#include <sys/utsname.h>
-#include <unistd.h>
-
-#include <openssl/crypto.h>
-#include <openssl/dh.h>
-#include <openssl/dsa.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/opensslv.h>
-#include <openssl/pem.h>
-#include <openssl/rand.h>
-#ifndef NO_RSA
-# include <openssl/rsa.h>
-#endif
-#include <openssl/ssl.h>
-#include <openssl/x509.h>
-#include <openssl/x509_vfy.h>
-
-#if OPENSSL_VERSION_NUMBER < 0x00904000L /* 0.9.4-dev */
-# error "This program needs OpenSSL 0.9.4 or later."
-#endif
-
-#include "easy-tls.h"           /* include after <openssl/ssl.h> if both are
-                                 * needed */
-
-#if TLS_INFO_SIZE > PIPE_BUF
-# if PIPE_BUF < 512
-#  error "PIPE_BUF < 512"       /* non-POSIX */
-# endif
-# error "TLS_INFO_SIZE > PIPE_BUF"
-#endif
-
-/*****************************************************************************/
-
-#ifdef TLS_APP
-# include TLS_APP
-#endif
-
-/*-
- * Applications can define:
- *   TLS_APP_PROCESS_INIT -- void ...(int fd, int client_p, void *apparg)
- *   TLS_CUMULATE_ERRORS
- *   TLS_ERROR_BUFSIZ
- *   TLS_APP_ERRFLUSH -- void ...(int child_p, char *, size_t, void *apparg)
- */
-
-#ifndef TLS_APP_PROCESS_INIT
-# define TLS_APP_PROCESS_INIT(fd, client_p, apparg) ((void) 0)
-#endif
-
-#ifndef TLS_ERROR_BUFSIZ
-# define TLS_ERROR_BUFSIZ (10*160)
-#endif
-#if TLS_ERROR_BUFSIZ < 2        /* {'\n',0} */
-# error "TLS_ERROR_BUFSIZE is too small."
-#endif
-
-#ifndef TLS_APP_ERRFLUSH
-# define TLS_APP_ERRFLUSH tls_app_errflush
-static void
-tls_app_errflush(int child_p, char *errbuf, size_t num, void *apparg)
-{
-    fputs(errbuf, stderr);
-}
-#endif
-
-/*****************************************************************************/
-
-#ifdef DEBUG_TLS
-# define DEBUG_MSG(x) fprintf(stderr,"  %s\n",x)
-# define DEBUG_MSG2(x,y) fprintf(stderr, "  %s: %d\n",x,y)
-static int tls_loop_count = 0;
-static int tls_select_count = 0;
-#else
-# define DEBUG_MSG(x) (void)0
-# define DEBUG_MSG2(x,y) (void)0
-#endif
-
-static void tls_rand_seed_uniquely(void);
-static void tls_proxy(int clear_fd, int tls_fd, int info_fd, SSL_CTX *ctx,
-                      int client_p);
-static int tls_socket_nonblocking(int fd);
-
-static int tls_child_p = 0;
-static void *tls_child_apparg;
-
-struct tls_start_proxy_args tls_start_proxy_defaultargs(void)
-{
-    struct tls_start_proxy_args ret;
-
-    ret.fd = -1;
-    ret.client_p = -1;
-    ret.ctx = NULL;
-    ret.pid = NULL;
-    ret.infofd = NULL;
-
-    return ret;
-}
-
-/*-
- * Slice in TLS proxy process at fd.
- * Return value:
- *   0    ok  (*pid is set to child's PID if pid != NULL),
- *   < 0  look at errno
- *   > 0  other error
- *   (return value encodes place of error)
- *
- */
-int tls_start_proxy(struct tls_start_proxy_args a, void *apparg)
-{
-    int fds[2] = { -1, -1 };
-    int infofds[2] = { -1, -1 };
-    int r, getfd, getfl;
-    int ret;
-
-    DEBUG_MSG2("tls_start_proxy fd", a.fd);
-    DEBUG_MSG2("tls_start_proxy client_p", a.client_p);
-
-    if (a.fd == -1 || a.client_p == -1 || a.ctx == NULL)
-        return 1;
-
-    if (a.pid != NULL) {
-        *a.pid = 0;
-    }
-    if (a.infofd != NULL) {
-        *a.infofd = -1;
-    }
-
-    r = socketpair(AF_UNIX, SOCK_STREAM, 0, fds);
-    if (r == -1)
-        return -1;
-    if (a.fd >= FD_SETSIZE || fds[0] >= FD_SETSIZE) {
-        ret = 2;
-        goto err;
-    }
-    if (a.infofd != NULL) {
-        r = pipe(infofds);
-        if (r == -1) {
-            ret = -3;
-            goto err;
-        }
-    }
-
-    r = fork();
-    if (r == -1) {
-        ret = -4;
-        goto err;
-    }
-    if (r == 0) {
-        DEBUG_MSG("fork");
-        tls_child_p = 1;
-        tls_child_apparg = apparg;
-        close(fds[1]);
-        if (infofds[0] != -1)
-            close(infofds[0]);
-        TLS_APP_PROCESS_INIT(a.fd, a.client_p, apparg);
-        DEBUG_MSG("TLS_APP_PROCESS_INIT");
-        tls_proxy(fds[0], a.fd, infofds[1], a.ctx, a.client_p);
-        exit(0);
-    }
-    if (a.pid != NULL)
-        *a.pid = r;
-    if (infofds[1] != -1) {
-        close(infofds[1]);
-        infofds[1] = -1;
-    }
-    /* install fds[1] in place of fd: */
-    close(fds[0]);
-    fds[0] = -1;
-    getfd = fcntl(a.fd, F_GETFD);
-    getfl = fcntl(a.fd, F_GETFL);
-    r = dup2(fds[1], a.fd);
-    close(fds[1]);
-    fds[1] = -1;
-    if (r == -1) {
-        ret = -5;
-        goto err;
-    }
-    if (getfd != 1)
-        fcntl(a.fd, F_SETFD, getfd);
-    if (getfl & O_NONBLOCK)
-        (void)tls_socket_nonblocking(a.fd);
-    if (a.infofd != NULL)
-        *a.infofd = infofds[0];
-    return 0;
-
- err:
-    if (fds[0] != -1)
-        close(fds[0]);
-    if (fds[1] != -1)
-        close(fds[1]);
-    if (infofds[0] != -1)
-        close(infofds[0]);
-    if (infofds[1] != -1)
-        close(infofds[1]);
-    return ret;
-}
-
-/*****************************************************************************/
-
-static char errbuf[TLS_ERROR_BUFSIZ];
-static size_t errbuf_i = 0;
-
-static void tls_errflush(void *apparg)
-{
-    if (errbuf_i == 0)
-        return;
-
-    assert(errbuf_i < sizeof errbuf);
-    assert(errbuf[errbuf_i] == 0);
-    if (errbuf_i == sizeof errbuf - 1) {
-        /* make sure we have a newline, even if string has been truncated */
-        errbuf[errbuf_i - 1] = '\n';
-    }
-
-    /*
-     * TLS_APP_ERRFLUSH may modify the string as needed, e.g. substitute
-     * other characters for \n for convenience
-     */
-    TLS_APP_ERRFLUSH(tls_child_p, errbuf, errbuf_i, apparg);
-
-    errbuf_i = 0;
-}
-
-static void tls_errprintf(int flush, void *apparg, const char *fmt, ...)
-{
-    va_list args;
-    int r;
-
-    if (errbuf_i < sizeof errbuf - 1) {
-        size_t n;
-
-        va_start(args, fmt);
-        n = (sizeof errbuf) - errbuf_i;
-        r = vsnprintf(errbuf + errbuf_i, n, fmt, args);
-        if (r >= n)
-            r = n - 1;
-        if (r >= 0) {
-            errbuf_i += r;
-        } else {
-            errbuf_i = sizeof errbuf - 1;
-            errbuf[errbuf_i] = '\0';
-        }
-        assert(errbuf_i < sizeof errbuf);
-        assert(errbuf[errbuf_i] == 0);
-    }
-#ifndef TLS_CUMULATE_ERRORS
-    tls_errflush(apparg);
-#else
-    if (flush)
-        tls_errflush(apparg);
-#endif
-}
-
-/*
- * app_prefix.. are for additional information provided by caller. If OpenSSL
- * error queue is empty, print default_text ("???" if NULL).
- */
-static char *tls_openssl_errors(const char *app_prefix_1,
-                                const char *app_prefix_2,
-                                const char *default_text, void *apparg)
-{
-    static char reasons[255];
-    size_t reasons_i;
-    unsigned long err;
-    const char *file;
-    int line;
-    const char *data;
-    int flags;
-    char *errstring;
-    int printed_something = 0;
-
-    reasons_i = 0;
-
-    assert(app_prefix_1 != NULL);
-    assert(app_prefix_2 != NULL);
-
-    if (default_text == NULL)
-        default_text = "?" "?" "?";
-
-    while ((err = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) {
-        if (reasons_i < sizeof reasons) {
-            size_t n;
-            int r;
-
-            n = (sizeof reasons) - reasons_i;
-            r = snprintf(reasons + reasons_i, n, "%s%s",
-                         (reasons_i > 0 ? ", " : ""),
-                         ERR_reason_error_string(err));
-            if (r >= n)
-                r = n - 1;
-            if (r >= 0) {
-                reasons_i += r;
-            } else {
-                reasons_i = sizeof reasons;
-            }
-            assert(reasons_i <= sizeof reasons);
-        }
-
-        errstring = ERR_error_string(err, NULL);
-        assert(errstring != NULL);
-        tls_errprintf(0, apparg, "OpenSSL error%s%s: %s:%s:%d:%s\n",
-                      app_prefix_1, app_prefix_2, errstring, file, line,
-                      (flags & ERR_TXT_STRING) ? data : "");
-        printed_something = 1;
-    }
-
-    if (!printed_something) {
-        assert(reasons_i == 0);
-        snprintf(reasons, sizeof reasons, "%s", default_text);
-        tls_errprintf(0, apparg, "OpenSSL error%s%s: %s\n", app_prefix_1,
-                      app_prefix_2, default_text);
-    }
-#ifdef TLS_CUMULATE_ERRORS
-    tls_errflush(apparg);
-#endif
-    assert(errbuf_i == 0);
-
-    return reasons;
-}
-
-/*****************************************************************************/
-
-static int tls_init_done = 0;
-
-static int tls_init(void *apparg)
-{
-    if (tls_init_done)
-        return 0;
-
-    SSL_load_error_strings();
-    if (!SSL_library_init() /* aka SSLeay_add_ssl_algorithms() */ ) {
-        tls_errprintf(1, apparg, "SSL_library_init failed.\n");
-        return -1;
-    }
-    tls_init_done = 1;
-    tls_rand_seed();
-    return 0;
-}
-
-/*****************************************************************************/
-
-static void tls_rand_seed_uniquely(void)
-{
-    struct {
-        pid_t pid;
-        time_t time;
-        void *stack;
-    } data;
-
-    data.pid = getpid();
-    data.time = time(NULL);
-    data.stack = (void *)&data;
-
-    RAND_seed((const void *)&data, sizeof data);
-}
-
-void tls_rand_seed(void)
-{
-    struct {
-        struct utsname uname;
-        int uname_1;
-        int uname_2;
-        uid_t uid;
-        uid_t euid;
-        gid_t gid;
-        gid_t egid;
-    } data;
-
-    data.uname_1 = uname(&data.uname);
-    data.uname_2 = errno;       /* Let's hope that uname fails randomly :-) */
-
-    data.uid = getuid();
-    data.euid = geteuid();
-    data.gid = getgid();
-    data.egid = getegid();
-
-    RAND_seed((const void *)&data, sizeof data);
-    tls_rand_seed_uniquely();
-}
-
-static int tls_rand_seeded_p = 0;
-
-#define my_MIN_SEED_BYTES 256   /* struct stat can be larger than 128 */
-int tls_rand_seed_from_file(const char *filename, size_t n, void *apparg)
-{
-    /*
-     * Seed OpenSSL's random number generator from file. Try to read n bytes
-     * if n > 0, whole file if n == 0.
-     */
-
-    int r;
-
-    if (tls_init(apparg) == -1)
-        return -1;
-    tls_rand_seed();
-
-    r = RAND_load_file(filename,
-                       (n > 0 && n < LONG_MAX) ? (long)n : LONG_MAX);
-    /*
-     * r is the number of bytes filled into the random number generator,
-     * which are taken from "stat(filename, ...)" in addition to the file
-     * contents.
-     */
-    assert(1 < my_MIN_SEED_BYTES);
-    /*
-     * We need to detect at least those cases when the file does not exist at
-     * all.  With current versions of OpenSSL, this should do it:
-     */
-    if (n == 0)
-        n = my_MIN_SEED_BYTES;
-    if (r < n) {
-        tls_errprintf(1, apparg,
-                      "rand_seed_from_file: could not read %d bytes from %s.\n",
-                      n, filename);
-        return -1;
-    } else {
-        tls_rand_seeded_p = 1;
-        return 0;
-    }
-}
-
-void tls_rand_seed_from_memory(const void *buf, size_t n)
-{
-    size_t i = 0;
-
-    while (i < n) {
-        size_t rest = n - i;
-        int chunk = rest < INT_MAX ? (int)rest : INT_MAX;
-        RAND_seed((const char *)buf + i, chunk);
-        i += chunk;
-    }
-    tls_rand_seeded_p = 1;
-}
-
-/*****************************************************************************/
-
-struct tls_x509_name_string {
-    char str[100];
-};
-
-static void
-tls_get_x509_subject_name_oneline(X509 *cert,
-                                  struct tls_x509_name_string *namestring)
-{
-    X509_NAME *name;
-
-    if (cert == NULL) {
-        namestring->str[0] = '\0';
-        return;
-    }
-
-    name = X509_get_subject_name(cert); /* does not increment any reference
-                                         * counter */
-
-    assert(sizeof namestring->str >= 4); /* "?" or "...", plus 0 */
-
-    if (name == NULL) {
-        namestring->str[0] = '?';
-        namestring->str[1] = 0;
-    } else {
-        size_t len;
-
-        X509_NAME_oneline(name, namestring->str, sizeof namestring->str);
-        len = strlen(namestring->str);
-        assert(namestring->str[len] == 0);
-        assert(len < sizeof namestring->str);
-
-        if (len + 1 == sizeof namestring->str) {
-            /*
-             * (Probably something was cut off.) Does not really work --
-             * X509_NAME_oneline truncates after name components, we cannot
-             * tell from the result whether anything is missing.
-             */
-
-            assert(namestring->str[len] == 0);
-            namestring->str[--len] = '.';
-            namestring->str[--len] = '.';
-            namestring->str[--len] = '.';
-        }
-    }
-}
-
-/*****************************************************************************/
-
-/* to hinder OpenSSL from asking for passphrases */
-static int no_passphrase_callback(char *buf, int num, int w, void *arg)
-{
-    return -1;
-}
-
-#if OPENSSL_VERSION_NUMBER >= 0x00907000L
-static int verify_dont_fail_cb(X509_STORE_CTX *c, void *unused_arg)
-#else
-static int verify_dont_fail_cb(X509_STORE_CTX *c)
-#endif
-{
-    int i;
-
-    i = X509_verify_cert(c);    /* sets c->error */
-#if OPENSSL_VERSION_NUMBER >= 0x00905000L /* don't allow unverified
-                                           * certificates -- they could
-                                           * survive session reuse, but
-                                           * OpenSSL < 0.9.5-dev does not
-                                           * preserve their verify_result */
-    if (i == 0)
-        return 1;
-    else
-#endif
-        return i;
-}
-
-static DH *tls_dhe1024 = NULL;  /* generating these takes a while, so do it
-                                 * just once */
-
-void tls_set_dhe1024(int i, void *apparg)
-{
-    DSA *dsaparams;
-    DH *dhparams;
-    const char *seed[] = { ";-)  :-(  :-)  :-(  ",
-        ";-)  :-(  :-)  :-(  ",
-        "Random String no. 12",
-        ";-)  :-(  :-)  :-(  ",
-        "hackers have even mo", /* from jargon file */
-    };
-    unsigned char seedbuf[20];
-
-    tls_init(apparg);
-    if (i >= 0) {
-        i %= sizeof seed / sizeof seed[0];
-        assert(strlen(seed[i]) == 20);
-        memcpy(seedbuf, seed[i], 20);
-        dsaparams =
-            DSA_generate_parameters(1024, seedbuf, 20, NULL, NULL, 0, NULL);
-    } else {
-        /* random parameters (may take a while) */
-        dsaparams =
-            DSA_generate_parameters(1024, NULL, 0, NULL, NULL, 0, NULL);
-    }
-
-    if (dsaparams == NULL) {
-        tls_openssl_errors("", "", NULL, apparg);
-        return;
-    }
-    dhparams = DSA_dup_DH(dsaparams);
-    DSA_free(dsaparams);
-    if (dhparams == NULL) {
-        tls_openssl_errors("", "", NULL, apparg);
-        return;
-    }
-    if (tls_dhe1024 != NULL)
-        DH_free(tls_dhe1024);
-    tls_dhe1024 = dhparams;
-}
-
-struct tls_create_ctx_args tls_create_ctx_defaultargs(void)
-{
-    struct tls_create_ctx_args ret;
-
-    ret.client_p = 0;
-    ret.certificate_file = NULL;
-    ret.key_file = NULL;
-    ret.ca_file = NULL;
-    ret.verify_depth = -1;
-    ret.fail_unless_verified = 0;
-    ret.export_p = 0;
-
-    return ret;
-}
-
-SSL_CTX *tls_create_ctx(struct tls_create_ctx_args a, void *apparg)
-{
-    int r;
-    static long context_num = 0;
-    SSL_CTX *ret;
-    const char *err_pref_1 = "", *err_pref_2 = "";
-
-    if (tls_init(apparg) == -1)
-        return NULL;
-
-    ret =
-        SSL_CTX_new((a.client_p ? SSLv23_client_method :
-                     SSLv23_server_method) ());
-
-    if (ret == NULL)
-        goto err;
-
-    SSL_CTX_set_default_passwd_cb(ret, no_passphrase_callback);
-    SSL_CTX_set_mode(ret, SSL_MODE_ENABLE_PARTIAL_WRITE);
-
-    if ((a.certificate_file != NULL) || (a.key_file != NULL)) {
-        if (a.key_file == NULL) {
-            tls_errprintf(1, apparg, "Need a key file.\n");
-            goto err_return;
-        }
-        if (a.certificate_file == NULL) {
-            tls_errprintf(1, apparg, "Need a certificate chain file.\n");
-            goto err_return;
-        }
-
-        if (!SSL_CTX_use_PrivateKey_file(ret, a.key_file, SSL_FILETYPE_PEM))
-            goto err;
-        if (!tls_rand_seeded_p) {
-            /*
-             * particularly paranoid people may not like this -- so provide
-             * your own random seeding before calling this
-             */
-            if (tls_rand_seed_from_file(a.key_file, 0, apparg) == -1)
-                goto err_return;
-        }
-        if (!SSL_CTX_use_certificate_chain_file(ret, a.certificate_file))
-            goto err;
-        if (!SSL_CTX_check_private_key(ret)) {
-            tls_errprintf(1, apparg,
-                          "Private key \"%s\" does not match certificate \"%s\".\n",
-                          a.key_file, a.certificate_file);
-            goto err_peek;
-        }
-    }
-
-    if ((a.ca_file != NULL) || (a.verify_depth > 0)) {
-        context_num++;
-        r = SSL_CTX_set_session_id_context(ret, (const void *)&context_num,
-                                           (unsigned int)sizeof context_num);
-        if (!r)
-            goto err;
-
-        SSL_CTX_set_verify(ret,
-                           SSL_VERIFY_PEER | (a.fail_unless_verified ?
-                                              SSL_VERIFY_FAIL_IF_NO_PEER_CERT
-                                              : 0), 0);
-        if (!a.fail_unless_verified)
-            SSL_CTX_set_cert_verify_callback(ret, verify_dont_fail_cb, NULL);
-
-        if (a.verify_depth > 0)
-            SSL_CTX_set_verify_depth(ret, a.verify_depth);
-
-        if (a.ca_file != NULL) {
-            /* does not report failure if file does not exist ... */
-            /* NULL argument means no CA-directory */
-            r = SSL_CTX_load_verify_locations(ret, a.ca_file, NULL);
-            if (!r) {
-                err_pref_1 = " while processing certificate file ";
-                err_pref_2 = a.ca_file;
-                goto err;
-            }
-
-            if (!a.client_p) {
-                /*
-                 * SSL_load_client_CA_file is a misnomer, it just creates a
-                 * list of CNs.
-                 */
-                SSL_CTX_set_client_CA_list(ret,
-                                           SSL_load_client_CA_file
-                                           (a.ca_file));
-                /*
-                 * SSL_CTX_set_client_CA_list does not have a return value;
-                 * it does not really need one, but make sure (we really test
-                 * if SSL_load_client_CA_file worked)
-                 */
-                if (SSL_CTX_get_client_CA_list(ret) == NULL) {
-                    tls_errprintf(1, apparg,
-                                  "Could not set client CA list from \"%s\".\n",
-                                  a.ca_file);
-                    goto err_peek;
-                }
-            }
-        }
-    }
-
-    if (!a.client_p) {
-        if (tls_dhe1024 == NULL) {
-            int i;
-
-            if (RAND_bytes((unsigned char *)&i, sizeof i) <= 0)
-                goto err_return;
-            /*
-             * make sure that i is non-negative -- pick one of the provided
-             * seeds
-             */
-            if (i < 0)
-                i = -i;
-            if (i < 0)
-                i = 0;
-            tls_set_dhe1024(i, apparg);
-            if (tls_dhe1024 == NULL)
-                goto err_return;
-        }
-
-        if (!SSL_CTX_set_tmp_dh(ret, tls_dhe1024))
-            goto err;
-
-        /* avoid small subgroup attacks: */
-        SSL_CTX_set_options(ret, SSL_OP_SINGLE_DH_USE);
-    }
-#ifndef NO_RSA
-    if (!a.client_p && a.export_p) {
-        RSA *tmpkey;
-
-        tmpkey = RSA_generate_key(512, RSA_F4, 0, NULL);
-        if (tmpkey == NULL)
-            goto err;
-        if (!SSL_CTX_set_tmp_rsa(ret, tmpkey)) {
-            RSA_free(tmpkey);
-            goto err;
-        }
-        RSA_free(tmpkey);       /* SSL_CTX_set_tmp_rsa uses a duplicate. */
-    }
-#endif
-
-    return ret;
-
- err_peek:
-    if (!ERR_peek_error())
-        goto err_return;
- err:
-    tls_openssl_errors(err_pref_1, err_pref_2, NULL, apparg);
- err_return:
-    if (ret != NULL)
-        SSL_CTX_free(ret);
-    return NULL;
-}
-
-/*****************************************************************************/
-
-static int tls_socket_nonblocking(int fd)
-{
-    int v, r;
-
-    v = fcntl(fd, F_GETFL, 0);
-    if (v == -1) {
-        if (errno == EINVAL)
-            return 0;           /* already shut down -- ignore */
-        return -1;
-    }
-    r = fcntl(fd, F_SETFL, v | O_NONBLOCK);
-    if (r == -1) {
-        if (errno == EINVAL)
-            return 0;           /* already shut down -- ignore */
-        return -1;
-    }
-    return 0;
-}
-
-static int max(int a, int b)
-{
-    return a > b ? a : b;
-}
-
-/* timeout, -1 means no timeout */
-static void
-tls_sockets_select(int read_select_1, int read_select_2, int write_select_1,
-                   int write_select_2, int seconds)
-{
-    int maxfd, n;
-    fd_set reads, writes;
-    struct timeval timeout;
-    struct timeval *timeout_p;
-
-    assert(read_select_1 >= -1 && read_select_2 >= -1 && write_select_1 >= -1
-           && write_select_2 >= -1);
-    assert(read_select_1 < FD_SETSIZE && read_select_2 < FD_SETSIZE - 1
-           && write_select_1 < FD_SETSIZE - 1
-           && write_select_2 < FD_SETSIZE - 1);
-
-    maxfd =
-        max(max(read_select_1, read_select_2),
-            max(write_select_1, write_select_2));
-    assert(maxfd >= 0);
-
-    FD_ZERO(&reads);
-    FD_ZERO(&writes);
-
-    for (n = 0; n < 4; ++n) {
-        int i = n % 2;
-        int w = n >= 2;
-        /* loop over all (i, w) in {0,1}x{0,1} */
-        int fd;
-
-        if (i == 0 && w == 0)
-            fd = read_select_1;
-        else if (i == 1 && w == 0)
-            fd = read_select_2;
-        else if (i == 0 && w == 1)
-            fd = write_select_1;
-        else {
-            assert(i == 1 && w == 1);
-            fd = write_select_2;
-        }
-
-        if (fd >= 0) {
-            if (w == 0)
-                FD_SET(fd, &reads);
-            else                /* w == 1 */
-                FD_SET(fd, &writes);
-        }
-    }
-
-    if (seconds >= 0) {
-        timeout.tv_sec = seconds;
-        timeout.tv_usec = 0;
-        timeout_p = &timeout;
-    } else
-        timeout_p = NULL;
-
-    DEBUG_MSG2("select no.", ++tls_select_count);
-    select(maxfd + 1, &reads, &writes, (fd_set *) NULL, timeout_p);
-    DEBUG_MSG("cont.");
-}
-
-/*****************************************************************************/
-
-#define TUNNELBUFSIZE (16*1024)
-struct tunnelbuf {
-    char buf[TUNNELBUFSIZE];
-    size_t len;
-    size_t offset;
-};
-
-static int tls_connect_attempt(SSL *, int *write_select, int *read_select,
-                               int *closed, int *progress,
-                               const char **err_pref);
-
-static int tls_accept_attempt(SSL *, int *write_select, int *read_select,
-                              int *closed, int *progress,
-                              const char **err_pref);
-
-static int tls_write_attempt(SSL *, struct tunnelbuf *, int *write_select,
-                             int *read_select, int *closed, int *progress,
-                             const char **err_pref);
-
-static int tls_read_attempt(SSL *, struct tunnelbuf *, int *write_select,
-                            int *read_select, int *closed, int *progress,
-                            const char **err_pref);
-
-static int write_attempt(int fd, struct tunnelbuf *, int *select, int *closed,
-                         int *progress);
-
-static int read_attempt(int fd, struct tunnelbuf *, int *select, int *closed,
-                        int *progress);
-
-static void write_info(SSL *ssl, int *info_fd)
-{
-    if (*info_fd != -1) {
-        long v;
-        int v_ok;
-        struct tls_x509_name_string peer;
-        char infobuf[TLS_INFO_SIZE];
-        int r;
-
-        DEBUG_MSG("write_info");
-        v = SSL_get_verify_result(ssl);
-        v_ok = (v == X509_V_OK) ? 'A' : 'E'; /* Auth./Error */
-        {
-            X509 *peercert;
-
-            peercert = SSL_get_peer_certificate(ssl);
-            tls_get_x509_subject_name_oneline(peercert, &peer);
-            if (peercert != NULL)
-                X509_free(peercert);
-        }
-        if (peer.str[0] == '\0')
-            v_ok = '0';         /* no cert at all */
-        else if (strchr(peer.str, '\n')) {
-            /* should not happen, but make sure */
-            *strchr(peer.str, '\n') = '\0';
-        }
-        r = snprintf(infobuf, sizeof infobuf, "%c:%s\n%s\n", v_ok,
-                     X509_verify_cert_error_string(v), peer.str);
-        DEBUG_MSG2("snprintf", r);
-        if (r == -1 || r >= sizeof infobuf)
-            r = sizeof infobuf - 1;
-        write(*info_fd, infobuf, r);
-        close(*info_fd);
-        *info_fd = -1;
-    }
-}
-
-/* tls_proxy expects that all fds are closed after return */
-static void
-tls_proxy(int clear_fd, int tls_fd, int info_fd, SSL_CTX *ctx, int client_p)
-{
-    struct tunnelbuf clear_to_tls, tls_to_clear;
-    SSL *ssl;
-    BIO *rbio, *wbio;
-    int closed, in_handshake;
-    const char *err_pref_1 = "", *err_pref_2 = "";
-    const char *err_def = NULL;
-
-    assert(clear_fd != -1);
-    assert(tls_fd != -1);
-    assert(clear_fd < FD_SETSIZE);
-    assert(tls_fd < FD_SETSIZE);
-    /* info_fd may be -1 */
-    assert(ctx != NULL);
-
-    tls_rand_seed_uniquely();
-
-    tls_socket_nonblocking(clear_fd);
-    DEBUG_MSG2("clear_fd", clear_fd);
-    tls_socket_nonblocking(tls_fd);
-    DEBUG_MSG2("tls_fd", tls_fd);
-
-    ssl = SSL_new(ctx);
-    if (ssl == NULL)
-        goto err;
-    DEBUG_MSG("SSL_new");
-    if (!SSL_set_fd(ssl, tls_fd))
-        goto err;
-    rbio = SSL_get_rbio(ssl);
-    wbio = SSL_get_wbio(ssl);   /* should be the same, but who cares */
-    assert(rbio != NULL);
-    assert(wbio != NULL);
-    if (client_p)
-        SSL_set_connect_state(ssl);
-    else
-        SSL_set_accept_state(ssl);
-
-    closed = 0;
-    in_handshake = 1;
-    tls_to_clear.len = 0;
-    tls_to_clear.offset = 0;
-    clear_to_tls.len = 0;
-    clear_to_tls.offset = 0;
-
-    err_def = "I/O error";
-
-    /*
-     * loop finishes as soon as we detect that one side closed; when all
-     * (program and OS) buffers have enough space, the data from the last
-     * succesful read in each direction is transferred before close
-     */
-    do {
-        int clear_read_select = 0, clear_write_select = 0,
-            tls_read_select = 0, tls_write_select = 0, progress = 0;
-        int r;
-        unsigned long num_read = BIO_number_read(rbio),
-            num_written = BIO_number_written(wbio);
-
-        DEBUG_MSG2("loop iteration", ++tls_loop_count);
-
-        if (in_handshake) {
-            DEBUG_MSG("in_handshake");
-            if (client_p)
-                r = tls_connect_attempt(ssl, &tls_write_select,
-                                        &tls_read_select, &closed, &progress,
-                                        &err_pref_1);
-            else
-                r = tls_accept_attempt(ssl, &tls_write_select,
-                                       &tls_read_select, &closed, &progress,
-                                       &err_pref_1);
-            if (r != 0) {
-                write_info(ssl, &info_fd);
-                goto err;
-            }
-            if (closed)
-                goto err_return;
-            if (!SSL_in_init(ssl)) {
-                in_handshake = 0;
-                write_info(ssl, &info_fd);
-            }
-        }
-
-        if (clear_to_tls.len != 0 && !in_handshake) {
-            assert(!closed);
-
-            r = tls_write_attempt(ssl, &clear_to_tls, &tls_write_select,
-                                  &tls_read_select, &closed, &progress,
-                                  &err_pref_1);
-            if (r != 0)
-                goto err;
-            if (closed) {
-                assert(progress);
-                tls_to_clear.offset = 0;
-                tls_to_clear.len = 0;
-            }
-        }
-
-        if (tls_to_clear.len != 0) {
-            assert(!closed);
-
-            r = write_attempt(clear_fd, &tls_to_clear, &clear_write_select,
-                              &closed, &progress);
-            if (r != 0)
-                goto err_return;
-            if (closed) {
-                assert(progress);
-                clear_to_tls.offset = 0;
-                clear_to_tls.len = 0;
-            }
-        }
-
-        if (!closed) {
-            if (clear_to_tls.offset + clear_to_tls.len <
-                sizeof clear_to_tls.buf) {
-                r = read_attempt(clear_fd, &clear_to_tls, &clear_read_select,
-                                 &closed, &progress);
-                if (r != 0)
-                    goto err_return;
-                if (closed) {
-                    r = SSL_shutdown(ssl);
-                    DEBUG_MSG2("SSL_shutdown", r);
-                }
-            }
-        }
-
-        if (!closed && !in_handshake) {
-            if (tls_to_clear.offset + tls_to_clear.len <
-                sizeof tls_to_clear.buf) {
-                r = tls_read_attempt(ssl, &tls_to_clear, &tls_write_select,
-                                     &tls_read_select, &closed, &progress,
-                                     &err_pref_1);
-                if (r != 0)
-                    goto err;
-                if (closed) {
-                    r = SSL_shutdown(ssl);
-                    DEBUG_MSG2("SSL_shutdown", r);
-                }
-            }
-        }
-
-        if (!progress) {
-            DEBUG_MSG("!progress?");
-            if (num_read != BIO_number_read(rbio)
-                || num_written != BIO_number_written(wbio))
-                progress = 1;
-
-            if (!progress) {
-                DEBUG_MSG("!progress");
-                assert(clear_read_select || tls_read_select
-                       || clear_write_select || tls_write_select);
-                tls_sockets_select(clear_read_select ? clear_fd : -1,
-                                   tls_read_select ? tls_fd : -1,
-                                   clear_write_select ? clear_fd : -1,
-                                   tls_write_select ? tls_fd : -1, -1);
-            }
-        }
-    } while (!closed);
-    return;
-
- err:
-    tls_openssl_errors(err_pref_1, err_pref_2, err_def, tls_child_apparg);
- err_return:
-    return;
-}
-
-static int
-tls_get_error(SSL *ssl, int r, int *write_select, int *read_select,
-              int *closed, int *progress)
-{
-    int err = SSL_get_error(ssl, r);
-
-    if (err == SSL_ERROR_NONE) {
-        assert(r > 0);
-        *progress = 1;
-        return 0;
-    }
-
-    assert(r <= 0);
-
-    switch (err) {
-    case SSL_ERROR_ZERO_RETURN:
-        assert(r == 0);
-        *closed = 1;
-        *progress = 1;
-        return 0;
-
-    case SSL_ERROR_WANT_WRITE:
-        *write_select = 1;
-        return 0;
-
-    case SSL_ERROR_WANT_READ:
-        *read_select = 1;
-        return 0;
-    }
-
-    return -1;
-}
-
-static int
-tls_connect_attempt(SSL *ssl, int *write_select, int *read_select,
-                    int *closed, int *progress, const char **err_pref)
-{
-    int n, r;
-
-    DEBUG_MSG("tls_connect_attempt");
-    n = SSL_connect(ssl);
-    DEBUG_MSG2("SSL_connect", n);
-    r = tls_get_error(ssl, n, write_select, read_select, closed, progress);
-    if (r == -1)
-        *err_pref = " during SSL_connect";
-    return r;
-}
-
-static int
-tls_accept_attempt(SSL *ssl, int *write_select, int *read_select, int *closed,
-                   int *progress, const char **err_pref)
-{
-    int n, r;
-
-    DEBUG_MSG("tls_accept_attempt");
-    n = SSL_accept(ssl);
-    DEBUG_MSG2("SSL_accept", n);
-    r = tls_get_error(ssl, n, write_select, read_select, closed, progress);
-    if (r == -1)
-        *err_pref = " during SSL_accept";
-    return r;
-}
-
-static int
-tls_write_attempt(SSL *ssl, struct tunnelbuf *buf, int *write_select,
-                  int *read_select, int *closed, int *progress,
-                  const char **err_pref)
-{
-    int n, r;
-
-    DEBUG_MSG("tls_write_attempt");
-    n = SSL_write(ssl, buf->buf + buf->offset, buf->len);
-    DEBUG_MSG2("SSL_write", n);
-    r = tls_get_error(ssl, n, write_select, read_select, closed, progress);
-    if (n > 0) {
-        buf->len -= n;
-        assert(buf->len >= 0);
-        if (buf->len == 0)
-            buf->offset = 0;
-        else
-            buf->offset += n;
-    }
-    if (r == -1)
-        *err_pref = " during SSL_write";
-    return r;
-}
-
-static int
-tls_read_attempt(SSL *ssl, struct tunnelbuf *buf, int *write_select,
-                 int *read_select, int *closed, int *progress,
-                 const char **err_pref)
-{
-    int n, r;
-    size_t total;
-
-    DEBUG_MSG("tls_read_attempt");
-    total = buf->offset + buf->len;
-    assert(total < sizeof buf->buf);
-    n = SSL_read(ssl, buf->buf + total, (sizeof buf->buf) - total);
-    DEBUG_MSG2("SSL_read", n);
-    r = tls_get_error(ssl, n, write_select, read_select, closed, progress);
-    if (n > 0) {
-        buf->len += n;
-        assert(buf->offset + buf->len <= sizeof buf->buf);
-    }
-    if (r == -1)
-        *err_pref = " during SSL_read";
-    return r;
-}
-
-static int get_error(int r, int *select, int *closed, int *progress)
-{
-    if (r >= 0) {
-        *progress = 1;
-        if (r == 0)
-            *closed = 1;
-        return 0;
-    } else {
-        assert(r == -1);
-        if (errno == EAGAIN || errno == EWOULDBLOCK) {
-            *select = 1;
-            return 0;
-        } else if (errno == EPIPE) {
-            *progress = 1;
-            *closed = 1;
-            return 0;
-        } else
-            return -1;
-    }
-}
-
-static int write_attempt(int fd, struct tunnelbuf *buf, int *select,
-                         int *closed, int *progress)
-{
-    int n, r;
-
-    DEBUG_MSG("write_attempt");
-    n = write(fd, buf->buf + buf->offset, buf->len);
-    DEBUG_MSG2("write", n);
-    r = get_error(n, select, closed, progress);
-    if (n > 0) {
-        buf->len -= n;
-        assert(buf->len >= 0);
-        if (buf->len == 0)
-            buf->offset = 0;
-        else
-            buf->offset += n;
-    }
-    if (r == -1)
-        tls_errprintf(1, tls_child_apparg, "write error: %s\n",
-                      strerror(errno));
-    return r;
-}
-
-static int
-read_attempt(int fd, struct tunnelbuf *buf, int *select, int *closed,
-             int *progress)
-{
-    int n, r;
-    size_t total;
-
-    DEBUG_MSG("read_attempt");
-    total = buf->offset + buf->len;
-    assert(total < sizeof buf->buf);
-    n = read(fd, buf->buf + total, (sizeof buf->buf) - total);
-    DEBUG_MSG2("read", n);
-    r = get_error(n, select, closed, progress);
-    if (n > 0) {
-        buf->len += n;
-        assert(buf->offset + buf->len <= sizeof buf->buf);
-    }
-    if (r == -1)
-        tls_errprintf(1, tls_child_apparg, "read error: %s\n",
-                      strerror(errno));
-    return r;
-}

Copied: vendor-crypto/openssl/1.0.1u/demos/easy_tls/easy-tls.c (from rev 11605, vendor-crypto/openssl/dist/demos/easy_tls/easy-tls.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/demos/easy_tls/easy-tls.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/demos/easy_tls/easy-tls.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,1311 @@
+/* */
+/*-
+ * easy-tls.c -- generic TLS proxy.
+ * $Id: easy-tls.c,v 1.4 2002/03/05 09:07:16 bodo Exp $
+ */
+/*-
+ (c) Copyright 1999 Bodo Moeller.  All rights reserved.
+
+ This is free software; you can redistributed and/or modify it
+ unter the terms of either
+   -  the GNU General Public License as published by the
+      Free Software Foundation, version 1, or (at your option)
+      any later version,
+ or
+   -  the following license:
+*/
+/*-
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that each of the following
+ * conditions is met:
+ *
+ * 1. Redistributions qualify as "freeware" or "Open Source Software" under
+ *    one of the following terms:
+ *
+ *    (a) Redistributions are made at no charge beyond the reasonable cost of
+ *        materials and delivery.
+ *
+ *    (b) Redistributions are accompanied by a copy of the Source Code
+ *        or by an irrevocable offer to provide a copy of the Source Code
+ *        for up to three years at the cost of materials and delivery.
+ *        Such redistributions must allow further use, modification, and
+ *        redistribution of the Source Code under substantially the same
+ *        terms as this license.
+ *
+ * 2. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 3. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 4. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by Bodo Moeller."
+ *    (If available, substitute umlauted o for oe.)
+ *
+ * 5. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by Bodo Moeller."
+ *
+ * THIS SOFTWARE IS PROVIDED BY BODO MOELLER ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL BODO MOELLER OR
+ * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+/*-
+ * Attribution for OpenSSL library:
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ * This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)
+ */
+
+static char const rcsid[] =
+    "$Id: easy-tls.c,v 1.4 2002/03/05 09:07:16 bodo Exp $";
+
+#include <assert.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/select.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/utsname.h>
+#include <unistd.h>
+
+#include <openssl/crypto.h>
+#include <openssl/dh.h>
+#include <openssl/dsa.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/opensslv.h>
+#include <openssl/pem.h>
+#include <openssl/rand.h>
+#ifndef NO_RSA
+# include <openssl/rsa.h>
+#endif
+#include <openssl/ssl.h>
+#include <openssl/x509.h>
+#include <openssl/x509_vfy.h>
+
+#if OPENSSL_VERSION_NUMBER < 0x00904000L /* 0.9.4-dev */
+# error "This program needs OpenSSL 0.9.4 or later."
+#endif
+
+#include "easy-tls.h"           /* include after <openssl/ssl.h> if both are
+                                 * needed */
+
+#if TLS_INFO_SIZE > PIPE_BUF
+# if PIPE_BUF < 512
+#  error "PIPE_BUF < 512"       /* non-POSIX */
+# endif
+# error "TLS_INFO_SIZE > PIPE_BUF"
+#endif
+
+/*****************************************************************************/
+
+#ifdef TLS_APP
+# include TLS_APP
+#endif
+
+/*-
+ * Applications can define:
+ *   TLS_APP_PROCESS_INIT -- void ...(int fd, int client_p, void *apparg)
+ *   TLS_CUMULATE_ERRORS
+ *   TLS_ERROR_BUFSIZ
+ *   TLS_APP_ERRFLUSH -- void ...(int child_p, char *, size_t, void *apparg)
+ */
+
+#ifndef TLS_APP_PROCESS_INIT
+# define TLS_APP_PROCESS_INIT(fd, client_p, apparg) ((void) 0)
+#endif
+
+#ifndef TLS_ERROR_BUFSIZ
+# define TLS_ERROR_BUFSIZ (10*160)
+#endif
+#if TLS_ERROR_BUFSIZ < 2        /* {'\n',0} */
+# error "TLS_ERROR_BUFSIZE is too small."
+#endif
+
+#ifndef TLS_APP_ERRFLUSH
+# define TLS_APP_ERRFLUSH tls_app_errflush
+static void
+tls_app_errflush(int child_p, char *errbuf, size_t num, void *apparg)
+{
+    fputs(errbuf, stderr);
+}
+#endif
+
+/*****************************************************************************/
+
+#ifdef DEBUG_TLS
+# define DEBUG_MSG(x) fprintf(stderr,"  %s\n",x)
+# define DEBUG_MSG2(x,y) fprintf(stderr, "  %s: %d\n",x,y)
+static int tls_loop_count = 0;
+static int tls_select_count = 0;
+#else
+# define DEBUG_MSG(x) (void)0
+# define DEBUG_MSG2(x,y) (void)0
+#endif
+
+static void tls_rand_seed_uniquely(void);
+static void tls_proxy(int clear_fd, int tls_fd, int info_fd, SSL_CTX *ctx,
+                      int client_p);
+static int tls_socket_nonblocking(int fd);
+
+static int tls_child_p = 0;
+static void *tls_child_apparg;
+
+struct tls_start_proxy_args tls_start_proxy_defaultargs(void)
+{
+    struct tls_start_proxy_args ret;
+
+    ret.fd = -1;
+    ret.client_p = -1;
+    ret.ctx = NULL;
+    ret.pid = NULL;
+    ret.infofd = NULL;
+
+    return ret;
+}
+
+/*-
+ * Slice in TLS proxy process at fd.
+ * Return value:
+ *   0    ok  (*pid is set to child's PID if pid != NULL),
+ *   < 0  look at errno
+ *   > 0  other error
+ *   (return value encodes place of error)
+ *
+ */
+int tls_start_proxy(struct tls_start_proxy_args a, void *apparg)
+{
+    int fds[2] = { -1, -1 };
+    int infofds[2] = { -1, -1 };
+    int r, getfd, getfl;
+    int ret;
+
+    DEBUG_MSG2("tls_start_proxy fd", a.fd);
+    DEBUG_MSG2("tls_start_proxy client_p", a.client_p);
+
+    if (a.fd == -1 || a.client_p == -1 || a.ctx == NULL)
+        return 1;
+
+    if (a.pid != NULL) {
+        *a.pid = 0;
+    }
+    if (a.infofd != NULL) {
+        *a.infofd = -1;
+    }
+
+    r = socketpair(AF_UNIX, SOCK_STREAM, 0, fds);
+    if (r == -1)
+        return -1;
+    if (a.fd >= FD_SETSIZE || fds[0] >= FD_SETSIZE) {
+        ret = 2;
+        goto err;
+    }
+    if (a.infofd != NULL) {
+        r = pipe(infofds);
+        if (r == -1) {
+            ret = -3;
+            goto err;
+        }
+    }
+
+    r = fork();
+    if (r == -1) {
+        ret = -4;
+        goto err;
+    }
+    if (r == 0) {
+        DEBUG_MSG("fork");
+        tls_child_p = 1;
+        tls_child_apparg = apparg;
+        close(fds[1]);
+        if (infofds[0] != -1)
+            close(infofds[0]);
+        TLS_APP_PROCESS_INIT(a.fd, a.client_p, apparg);
+        DEBUG_MSG("TLS_APP_PROCESS_INIT");
+        tls_proxy(fds[0], a.fd, infofds[1], a.ctx, a.client_p);
+        exit(0);
+    }
+    if (a.pid != NULL)
+        *a.pid = r;
+    if (infofds[1] != -1) {
+        close(infofds[1]);
+        infofds[1] = -1;
+    }
+    /* install fds[1] in place of fd: */
+    close(fds[0]);
+    fds[0] = -1;
+    getfd = fcntl(a.fd, F_GETFD);
+    getfl = fcntl(a.fd, F_GETFL);
+    r = dup2(fds[1], a.fd);
+    close(fds[1]);
+    fds[1] = -1;
+    if (r == -1) {
+        ret = -5;
+        goto err;
+    }
+    if (getfd != 1)
+        fcntl(a.fd, F_SETFD, getfd);
+    if (getfl & O_NONBLOCK)
+        (void)tls_socket_nonblocking(a.fd);
+    if (a.infofd != NULL)
+        *a.infofd = infofds[0];
+    return 0;
+
+ err:
+    if (fds[0] != -1)
+        close(fds[0]);
+    if (fds[1] != -1)
+        close(fds[1]);
+    if (infofds[0] != -1)
+        close(infofds[0]);
+    if (infofds[1] != -1)
+        close(infofds[1]);
+    return ret;
+}
+
+/*****************************************************************************/
+
+static char errbuf[TLS_ERROR_BUFSIZ];
+static size_t errbuf_i = 0;
+
+static void tls_errflush(void *apparg)
+{
+    if (errbuf_i == 0)
+        return;
+
+    assert(errbuf_i < sizeof errbuf);
+    assert(errbuf[errbuf_i] == 0);
+    if (errbuf_i == sizeof errbuf - 1) {
+        /* make sure we have a newline, even if string has been truncated */
+        errbuf[errbuf_i - 1] = '\n';
+    }
+
+    /*
+     * TLS_APP_ERRFLUSH may modify the string as needed, e.g. substitute
+     * other characters for \n for convenience
+     */
+    TLS_APP_ERRFLUSH(tls_child_p, errbuf, errbuf_i, apparg);
+
+    errbuf_i = 0;
+}
+
+static void tls_errprintf(int flush, void *apparg, const char *fmt, ...)
+{
+    va_list args;
+    int r;
+
+    if (errbuf_i < sizeof errbuf - 1) {
+        size_t n;
+
+        va_start(args, fmt);
+        n = (sizeof errbuf) - errbuf_i;
+        r = vsnprintf(errbuf + errbuf_i, n, fmt, args);
+        if (r >= n)
+            r = n - 1;
+        if (r >= 0) {
+            errbuf_i += r;
+        } else {
+            errbuf_i = sizeof errbuf - 1;
+            errbuf[errbuf_i] = '\0';
+        }
+        assert(errbuf_i < sizeof errbuf);
+        assert(errbuf[errbuf_i] == 0);
+    }
+#ifndef TLS_CUMULATE_ERRORS
+    tls_errflush(apparg);
+#else
+    if (flush)
+        tls_errflush(apparg);
+#endif
+}
+
+/*
+ * app_prefix.. are for additional information provided by caller. If OpenSSL
+ * error queue is empty, print default_text ("???" if NULL).
+ */
+static char *tls_openssl_errors(const char *app_prefix_1,
+                                const char *app_prefix_2,
+                                const char *default_text, void *apparg)
+{
+    static char reasons[255];
+    size_t reasons_i;
+    unsigned long err;
+    const char *file;
+    int line;
+    const char *data;
+    int flags;
+    char *errstring;
+    int printed_something = 0;
+
+    reasons_i = 0;
+
+    assert(app_prefix_1 != NULL);
+    assert(app_prefix_2 != NULL);
+
+    if (default_text == NULL)
+        default_text = "?" "?" "?";
+
+    while ((err = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) {
+        if (reasons_i < sizeof reasons) {
+            size_t n;
+            int r;
+
+            n = (sizeof reasons) - reasons_i;
+            r = snprintf(reasons + reasons_i, n, "%s%s",
+                         (reasons_i > 0 ? ", " : ""),
+                         ERR_reason_error_string(err));
+            if (r >= n)
+                r = n - 1;
+            if (r >= 0) {
+                reasons_i += r;
+            } else {
+                reasons_i = sizeof reasons;
+            }
+            assert(reasons_i <= sizeof reasons);
+        }
+
+        errstring = ERR_error_string(err, NULL);
+        assert(errstring != NULL);
+        tls_errprintf(0, apparg, "OpenSSL error%s%s: %s:%s:%d:%s\n",
+                      app_prefix_1, app_prefix_2, errstring, file, line,
+                      (flags & ERR_TXT_STRING) ? data : "");
+        printed_something = 1;
+    }
+
+    if (!printed_something) {
+        assert(reasons_i == 0);
+        snprintf(reasons, sizeof reasons, "%s", default_text);
+        tls_errprintf(0, apparg, "OpenSSL error%s%s: %s\n", app_prefix_1,
+                      app_prefix_2, default_text);
+    }
+#ifdef TLS_CUMULATE_ERRORS
+    tls_errflush(apparg);
+#endif
+    assert(errbuf_i == 0);
+
+    return reasons;
+}
+
+/*****************************************************************************/
+
+static int tls_init_done = 0;
+
+static int tls_init(void *apparg)
+{
+    if (tls_init_done)
+        return 0;
+
+    SSL_load_error_strings();
+    if (!SSL_library_init() /* aka SSLeay_add_ssl_algorithms() */ ) {
+        tls_errprintf(1, apparg, "SSL_library_init failed.\n");
+        return -1;
+    }
+    tls_init_done = 1;
+    tls_rand_seed();
+    return 0;
+}
+
+/*****************************************************************************/
+
+static void tls_rand_seed_uniquely(void)
+{
+    struct {
+        pid_t pid;
+        time_t time;
+        void *stack;
+    } data;
+
+    data.pid = getpid();
+    data.time = time(NULL);
+    data.stack = (void *)&data;
+
+    RAND_seed((const void *)&data, sizeof data);
+}
+
+void tls_rand_seed(void)
+{
+    struct {
+        struct utsname uname;
+        int uname_1;
+        int uname_2;
+        uid_t uid;
+        uid_t euid;
+        gid_t gid;
+        gid_t egid;
+    } data;
+
+    data.uname_1 = uname(&data.uname);
+    data.uname_2 = errno;       /* Let's hope that uname fails randomly :-) */
+
+    data.uid = getuid();
+    data.euid = geteuid();
+    data.gid = getgid();
+    data.egid = getegid();
+
+    RAND_seed((const void *)&data, sizeof data);
+    tls_rand_seed_uniquely();
+}
+
+static int tls_rand_seeded_p = 0;
+
+#define my_MIN_SEED_BYTES 256   /* struct stat can be larger than 128 */
+int tls_rand_seed_from_file(const char *filename, size_t n, void *apparg)
+{
+    /*
+     * Seed OpenSSL's random number generator from file. Try to read n bytes
+     * if n > 0, whole file if n == 0.
+     */
+
+    int r;
+
+    if (tls_init(apparg) == -1)
+        return -1;
+    tls_rand_seed();
+
+    r = RAND_load_file(filename,
+                       (n > 0 && n < LONG_MAX) ? (long)n : LONG_MAX);
+    /*
+     * r is the number of bytes filled into the random number generator,
+     * which are taken from "stat(filename, ...)" in addition to the file
+     * contents.
+     */
+    assert(1 < my_MIN_SEED_BYTES);
+    /*
+     * We need to detect at least those cases when the file does not exist at
+     * all.  With current versions of OpenSSL, this should do it:
+     */
+    if (n == 0)
+        n = my_MIN_SEED_BYTES;
+    if (r < n) {
+        tls_errprintf(1, apparg,
+                      "rand_seed_from_file: could not read %d bytes from %s.\n",
+                      n, filename);
+        return -1;
+    } else {
+        tls_rand_seeded_p = 1;
+        return 0;
+    }
+}
+
+void tls_rand_seed_from_memory(const void *buf, size_t n)
+{
+    size_t i = 0;
+
+    while (i < n) {
+        size_t rest = n - i;
+        int chunk = rest < INT_MAX ? (int)rest : INT_MAX;
+        RAND_seed((const char *)buf + i, chunk);
+        i += chunk;
+    }
+    tls_rand_seeded_p = 1;
+}
+
+/*****************************************************************************/
+
+struct tls_x509_name_string {
+    char str[100];
+};
+
+static void
+tls_get_x509_subject_name_oneline(X509 *cert,
+                                  struct tls_x509_name_string *namestring)
+{
+    X509_NAME *name;
+
+    if (cert == NULL) {
+        namestring->str[0] = '\0';
+        return;
+    }
+
+    name = X509_get_subject_name(cert); /* does not increment any reference
+                                         * counter */
+
+    assert(sizeof namestring->str >= 4); /* "?" or "...", plus 0 */
+
+    if (name == NULL) {
+        namestring->str[0] = '?';
+        namestring->str[1] = 0;
+    } else {
+        size_t len;
+
+        X509_NAME_oneline(name, namestring->str, sizeof namestring->str);
+        len = strlen(namestring->str);
+        assert(namestring->str[len] == 0);
+        assert(len < sizeof namestring->str);
+
+        if (len + 1 == sizeof namestring->str) {
+            /*
+             * (Probably something was cut off.) Does not really work --
+             * X509_NAME_oneline truncates after name components, we cannot
+             * tell from the result whether anything is missing.
+             */
+
+            assert(namestring->str[len] == 0);
+            namestring->str[--len] = '.';
+            namestring->str[--len] = '.';
+            namestring->str[--len] = '.';
+        }
+    }
+}
+
+/*****************************************************************************/
+
+/* to hinder OpenSSL from asking for passphrases */
+static int no_passphrase_callback(char *buf, int num, int w, void *arg)
+{
+    return -1;
+}
+
+#if OPENSSL_VERSION_NUMBER >= 0x00907000L
+static int verify_dont_fail_cb(X509_STORE_CTX *c, void *unused_arg)
+#else
+static int verify_dont_fail_cb(X509_STORE_CTX *c)
+#endif
+{
+    int i;
+
+    i = X509_verify_cert(c);    /* sets c->error */
+#if OPENSSL_VERSION_NUMBER >= 0x00905000L /* don't allow unverified
+                                           * certificates -- they could
+                                           * survive session reuse, but
+                                           * OpenSSL < 0.9.5-dev does not
+                                           * preserve their verify_result */
+    if (i == 0)
+        return 1;
+    else
+#endif
+        return i;
+}
+
+static DH *tls_dhe1024 = NULL;  /* generating these takes a while, so do it
+                                 * just once */
+
+void tls_set_dhe1024(int i, void *apparg)
+{
+    DSA *dsaparams;
+    DH *dhparams;
+    const char *seed[] = { ";-)  :-(  :-)  :-(  ",
+        ";-)  :-(  :-)  :-(  ",
+        "Random String no. 12",
+        ";-)  :-(  :-)  :-(  ",
+        "hackers have even mo", /* from jargon file */
+    };
+    unsigned char seedbuf[20];
+
+    tls_init(apparg);
+    if (i >= 0) {
+        i %= sizeof seed / sizeof seed[0];
+        assert(strlen(seed[i]) == 20);
+        memcpy(seedbuf, seed[i], 20);
+        dsaparams =
+            DSA_generate_parameters(1024, seedbuf, 20, NULL, NULL, 0, NULL);
+    } else {
+        /* random parameters (may take a while) */
+        dsaparams =
+            DSA_generate_parameters(1024, NULL, 0, NULL, NULL, 0, NULL);
+    }
+
+    if (dsaparams == NULL) {
+        tls_openssl_errors("", "", NULL, apparg);
+        return;
+    }
+    dhparams = DSA_dup_DH(dsaparams);
+    DSA_free(dsaparams);
+    if (dhparams == NULL) {
+        tls_openssl_errors("", "", NULL, apparg);
+        return;
+    }
+    if (tls_dhe1024 != NULL)
+        DH_free(tls_dhe1024);
+    tls_dhe1024 = dhparams;
+}
+
+struct tls_create_ctx_args tls_create_ctx_defaultargs(void)
+{
+    struct tls_create_ctx_args ret;
+
+    ret.client_p = 0;
+    ret.certificate_file = NULL;
+    ret.key_file = NULL;
+    ret.ca_file = NULL;
+    ret.verify_depth = -1;
+    ret.fail_unless_verified = 0;
+    ret.export_p = 0;
+
+    return ret;
+}
+
+SSL_CTX *tls_create_ctx(struct tls_create_ctx_args a, void *apparg)
+{
+    int r;
+    static long context_num = 0;
+    SSL_CTX *ret;
+    const char *err_pref_1 = "", *err_pref_2 = "";
+
+    if (tls_init(apparg) == -1)
+        return NULL;
+
+    ret =
+        SSL_CTX_new((a.client_p ? SSLv23_client_method :
+                     SSLv23_server_method) ());
+
+    if (ret == NULL)
+        goto err;
+
+    SSL_CTX_set_default_passwd_cb(ret, no_passphrase_callback);
+    SSL_CTX_set_mode(ret, SSL_MODE_ENABLE_PARTIAL_WRITE);
+
+    if ((a.certificate_file != NULL) || (a.key_file != NULL)) {
+        if (a.key_file == NULL) {
+            tls_errprintf(1, apparg, "Need a key file.\n");
+            goto err_return;
+        }
+        if (a.certificate_file == NULL) {
+            tls_errprintf(1, apparg, "Need a certificate chain file.\n");
+            goto err_return;
+        }
+
+        if (!SSL_CTX_use_PrivateKey_file(ret, a.key_file, SSL_FILETYPE_PEM))
+            goto err;
+        if (!tls_rand_seeded_p) {
+            /*
+             * particularly paranoid people may not like this -- so provide
+             * your own random seeding before calling this
+             */
+            if (tls_rand_seed_from_file(a.key_file, 0, apparg) == -1)
+                goto err_return;
+        }
+        if (!SSL_CTX_use_certificate_chain_file(ret, a.certificate_file))
+            goto err;
+        if (!SSL_CTX_check_private_key(ret)) {
+            tls_errprintf(1, apparg,
+                          "Private key \"%s\" does not match certificate \"%s\".\n",
+                          a.key_file, a.certificate_file);
+            goto err_peek;
+        }
+    }
+
+    if ((a.ca_file != NULL) || (a.verify_depth > 0)) {
+        context_num++;
+        r = SSL_CTX_set_session_id_context(ret, (const void *)&context_num,
+                                           (unsigned int)sizeof context_num);
+        if (!r)
+            goto err;
+
+        SSL_CTX_set_verify(ret,
+                           SSL_VERIFY_PEER | (a.fail_unless_verified ?
+                                              SSL_VERIFY_FAIL_IF_NO_PEER_CERT
+                                              : 0), 0);
+        if (!a.fail_unless_verified)
+            SSL_CTX_set_cert_verify_callback(ret, verify_dont_fail_cb, NULL);
+
+        if (a.verify_depth > 0)
+            SSL_CTX_set_verify_depth(ret, a.verify_depth);
+
+        if (a.ca_file != NULL) {
+            /* does not report failure if file does not exist ... */
+            /* NULL argument means no CA-directory */
+            r = SSL_CTX_load_verify_locations(ret, a.ca_file, NULL);
+            if (!r) {
+                err_pref_1 = " while processing certificate file ";
+                err_pref_2 = a.ca_file;
+                goto err;
+            }
+
+            if (!a.client_p) {
+                /*
+                 * SSL_load_client_CA_file is a misnomer, it just creates a
+                 * list of CNs.
+                 */
+                SSL_CTX_set_client_CA_list(ret,
+                                           SSL_load_client_CA_file
+                                           (a.ca_file));
+                /*
+                 * SSL_CTX_set_client_CA_list does not have a return value;
+                 * it does not really need one, but make sure (we really test
+                 * if SSL_load_client_CA_file worked)
+                 */
+                if (SSL_CTX_get_client_CA_list(ret) == NULL) {
+                    tls_errprintf(1, apparg,
+                                  "Could not set client CA list from \"%s\".\n",
+                                  a.ca_file);
+                    goto err_peek;
+                }
+            }
+        }
+    }
+
+    if (!a.client_p) {
+        if (tls_dhe1024 == NULL) {
+            int i;
+
+            if (RAND_bytes((unsigned char *)&i, sizeof i) <= 0)
+                goto err_return;
+            /*
+             * make sure that i is non-negative -- pick one of the provided
+             * seeds
+             */
+            if (i < 0)
+                i = -i;
+            if (i < 0)
+                i = 0;
+            tls_set_dhe1024(i, apparg);
+            if (tls_dhe1024 == NULL)
+                goto err_return;
+        }
+
+        if (!SSL_CTX_set_tmp_dh(ret, tls_dhe1024))
+            goto err;
+
+        /* avoid small subgroup attacks: */
+        SSL_CTX_set_options(ret, SSL_OP_SINGLE_DH_USE);
+    }
+#ifndef NO_RSA
+    if (!a.client_p && a.export_p) {
+        RSA *tmpkey;
+
+        tmpkey = RSA_generate_key(512, RSA_F4, 0, NULL);
+        if (tmpkey == NULL)
+            goto err;
+        if (!SSL_CTX_set_tmp_rsa(ret, tmpkey)) {
+            RSA_free(tmpkey);
+            goto err;
+        }
+        RSA_free(tmpkey);       /* SSL_CTX_set_tmp_rsa uses a duplicate. */
+    }
+#endif
+
+    return ret;
+
+ err_peek:
+    if (!ERR_peek_error())
+        goto err_return;
+ err:
+    tls_openssl_errors(err_pref_1, err_pref_2, NULL, apparg);
+ err_return:
+    if (ret != NULL)
+        SSL_CTX_free(ret);
+    return NULL;
+}
+
+/*****************************************************************************/
+
+static int tls_socket_nonblocking(int fd)
+{
+    int v, r;
+
+    v = fcntl(fd, F_GETFL, 0);
+    if (v == -1) {
+        if (errno == EINVAL)
+            return 0;           /* already shut down -- ignore */
+        return -1;
+    }
+    r = fcntl(fd, F_SETFL, v | O_NONBLOCK);
+    if (r == -1) {
+        if (errno == EINVAL)
+            return 0;           /* already shut down -- ignore */
+        return -1;
+    }
+    return 0;
+}
+
+static int max(int a, int b)
+{
+    return a > b ? a : b;
+}
+
+/* timeout, -1 means no timeout */
+static void
+tls_sockets_select(int read_select_1, int read_select_2, int write_select_1,
+                   int write_select_2, int seconds)
+{
+    int maxfd, n;
+    fd_set reads, writes;
+    struct timeval timeout;
+    struct timeval *timeout_p;
+
+    assert(read_select_1 >= -1 && read_select_2 >= -1 && write_select_1 >= -1
+           && write_select_2 >= -1);
+    assert(read_select_1 < FD_SETSIZE && read_select_2 < FD_SETSIZE - 1
+           && write_select_1 < FD_SETSIZE - 1
+           && write_select_2 < FD_SETSIZE - 1);
+
+    maxfd =
+        max(max(read_select_1, read_select_2),
+            max(write_select_1, write_select_2));
+    assert(maxfd >= 0);
+
+    FD_ZERO(&reads);
+    FD_ZERO(&writes);
+
+    for (n = 0; n < 4; ++n) {
+        int i = n % 2;
+        int w = n >= 2;
+        /* loop over all (i, w) in {0,1}x{0,1} */
+        int fd;
+
+        if (i == 0 && w == 0)
+            fd = read_select_1;
+        else if (i == 1 && w == 0)
+            fd = read_select_2;
+        else if (i == 0 && w == 1)
+            fd = write_select_1;
+        else {
+            assert(i == 1 && w == 1);
+            fd = write_select_2;
+        }
+
+        if (fd >= 0) {
+            if (w == 0)
+                FD_SET(fd, &reads);
+            else                /* w == 1 */
+                FD_SET(fd, &writes);
+        }
+    }
+
+    if (seconds >= 0) {
+        timeout.tv_sec = seconds;
+        timeout.tv_usec = 0;
+        timeout_p = &timeout;
+    } else
+        timeout_p = NULL;
+
+    DEBUG_MSG2("select no.", ++tls_select_count);
+    select(maxfd + 1, &reads, &writes, (fd_set *) NULL, timeout_p);
+    DEBUG_MSG("cont.");
+}
+
+/*****************************************************************************/
+
+#define TUNNELBUFSIZE (16*1024)
+struct tunnelbuf {
+    char buf[TUNNELBUFSIZE];
+    size_t len;
+    size_t offset;
+};
+
+static int tls_connect_attempt(SSL *, int *write_select, int *read_select,
+                               int *closed, int *progress,
+                               const char **err_pref);
+
+static int tls_accept_attempt(SSL *, int *write_select, int *read_select,
+                              int *closed, int *progress,
+                              const char **err_pref);
+
+static int tls_write_attempt(SSL *, struct tunnelbuf *, int *write_select,
+                             int *read_select, int *closed, int *progress,
+                             const char **err_pref);
+
+static int tls_read_attempt(SSL *, struct tunnelbuf *, int *write_select,
+                            int *read_select, int *closed, int *progress,
+                            const char **err_pref);
+
+static int write_attempt(int fd, struct tunnelbuf *, int *select, int *closed,
+                         int *progress);
+
+static int read_attempt(int fd, struct tunnelbuf *, int *select, int *closed,
+                        int *progress);
+
+static void write_info(SSL *ssl, int *info_fd)
+{
+    if (*info_fd != -1) {
+        long v;
+        int v_ok;
+        struct tls_x509_name_string peer;
+        char infobuf[TLS_INFO_SIZE];
+        int r;
+
+        DEBUG_MSG("write_info");
+        v = SSL_get_verify_result(ssl);
+        v_ok = (v == X509_V_OK) ? 'A' : 'E'; /* Auth./Error */
+        {
+            X509 *peercert;
+
+            peercert = SSL_get_peer_certificate(ssl);
+            tls_get_x509_subject_name_oneline(peercert, &peer);
+            if (peercert != NULL)
+                X509_free(peercert);
+        }
+        if (peer.str[0] == '\0')
+            v_ok = '0';         /* no cert at all */
+        else if (strchr(peer.str, '\n')) {
+            /* should not happen, but make sure */
+            *strchr(peer.str, '\n') = '\0';
+        }
+        r = snprintf(infobuf, sizeof infobuf, "%c:%s\n%s\n", v_ok,
+                     X509_verify_cert_error_string(v), peer.str);
+        DEBUG_MSG2("snprintf", r);
+        if (r == -1 || r >= sizeof infobuf)
+            r = sizeof infobuf - 1;
+        write(*info_fd, infobuf, r);
+        close(*info_fd);
+        *info_fd = -1;
+    }
+}
+
+/* tls_proxy expects that all fds are closed after return */
+static void
+tls_proxy(int clear_fd, int tls_fd, int info_fd, SSL_CTX *ctx, int client_p)
+{
+    struct tunnelbuf clear_to_tls, tls_to_clear;
+    SSL *ssl;
+    BIO *rbio, *wbio;
+    int closed, in_handshake;
+    const char *err_pref_1 = "", *err_pref_2 = "";
+    const char *err_def = NULL;
+
+    assert(clear_fd != -1);
+    assert(tls_fd != -1);
+    assert(clear_fd < FD_SETSIZE);
+    assert(tls_fd < FD_SETSIZE);
+    /* info_fd may be -1 */
+    assert(ctx != NULL);
+
+    tls_rand_seed_uniquely();
+
+    tls_socket_nonblocking(clear_fd);
+    DEBUG_MSG2("clear_fd", clear_fd);
+    tls_socket_nonblocking(tls_fd);
+    DEBUG_MSG2("tls_fd", tls_fd);
+
+    ssl = SSL_new(ctx);
+    if (ssl == NULL)
+        goto err;
+    DEBUG_MSG("SSL_new");
+    if (!SSL_set_fd(ssl, tls_fd))
+        goto err;
+    rbio = SSL_get_rbio(ssl);
+    wbio = SSL_get_wbio(ssl);   /* should be the same, but who cares */
+    assert(rbio != NULL);
+    assert(wbio != NULL);
+    if (client_p)
+        SSL_set_connect_state(ssl);
+    else
+        SSL_set_accept_state(ssl);
+
+    closed = 0;
+    in_handshake = 1;
+    tls_to_clear.len = 0;
+    tls_to_clear.offset = 0;
+    clear_to_tls.len = 0;
+    clear_to_tls.offset = 0;
+
+    err_def = "I/O error";
+
+    /*
+     * loop finishes as soon as we detect that one side closed; when all
+     * (program and OS) buffers have enough space, the data from the last
+     * succesful read in each direction is transferred before close
+     */
+    do {
+        int clear_read_select = 0, clear_write_select = 0,
+            tls_read_select = 0, tls_write_select = 0, progress = 0;
+        int r;
+        unsigned long num_read = BIO_number_read(rbio),
+            num_written = BIO_number_written(wbio);
+
+        DEBUG_MSG2("loop iteration", ++tls_loop_count);
+
+        if (in_handshake) {
+            DEBUG_MSG("in_handshake");
+            if (client_p)
+                r = tls_connect_attempt(ssl, &tls_write_select,
+                                        &tls_read_select, &closed, &progress,
+                                        &err_pref_1);
+            else
+                r = tls_accept_attempt(ssl, &tls_write_select,
+                                       &tls_read_select, &closed, &progress,
+                                       &err_pref_1);
+            if (r != 0) {
+                write_info(ssl, &info_fd);
+                goto err;
+            }
+            if (closed)
+                goto err_return;
+            if (!SSL_in_init(ssl)) {
+                in_handshake = 0;
+                write_info(ssl, &info_fd);
+            }
+        }
+
+        if (clear_to_tls.len != 0 && !in_handshake) {
+            assert(!closed);
+
+            r = tls_write_attempt(ssl, &clear_to_tls, &tls_write_select,
+                                  &tls_read_select, &closed, &progress,
+                                  &err_pref_1);
+            if (r != 0)
+                goto err;
+            if (closed) {
+                assert(progress);
+                tls_to_clear.offset = 0;
+                tls_to_clear.len = 0;
+            }
+        }
+
+        if (tls_to_clear.len != 0) {
+            assert(!closed);
+
+            r = write_attempt(clear_fd, &tls_to_clear, &clear_write_select,
+                              &closed, &progress);
+            if (r != 0)
+                goto err_return;
+            if (closed) {
+                assert(progress);
+                clear_to_tls.offset = 0;
+                clear_to_tls.len = 0;
+            }
+        }
+
+        if (!closed) {
+            if (clear_to_tls.offset + clear_to_tls.len <
+                sizeof clear_to_tls.buf) {
+                r = read_attempt(clear_fd, &clear_to_tls, &clear_read_select,
+                                 &closed, &progress);
+                if (r != 0)
+                    goto err_return;
+                if (closed) {
+                    r = SSL_shutdown(ssl);
+                    DEBUG_MSG2("SSL_shutdown", r);
+                }
+            }
+        }
+
+        if (!closed && !in_handshake) {
+            if (tls_to_clear.offset + tls_to_clear.len <
+                sizeof tls_to_clear.buf) {
+                r = tls_read_attempt(ssl, &tls_to_clear, &tls_write_select,
+                                     &tls_read_select, &closed, &progress,
+                                     &err_pref_1);
+                if (r != 0)
+                    goto err;
+                if (closed) {
+                    r = SSL_shutdown(ssl);
+                    DEBUG_MSG2("SSL_shutdown", r);
+                }
+            }
+        }
+
+        if (!progress) {
+            DEBUG_MSG("!progress?");
+            if (num_read != BIO_number_read(rbio)
+                || num_written != BIO_number_written(wbio))
+                progress = 1;
+
+            if (!progress) {
+                DEBUG_MSG("!progress");
+                assert(clear_read_select || tls_read_select
+                       || clear_write_select || tls_write_select);
+                tls_sockets_select(clear_read_select ? clear_fd : -1,
+                                   tls_read_select ? tls_fd : -1,
+                                   clear_write_select ? clear_fd : -1,
+                                   tls_write_select ? tls_fd : -1, -1);
+            }
+        }
+    } while (!closed);
+    return;
+
+ err:
+    tls_openssl_errors(err_pref_1, err_pref_2, err_def, tls_child_apparg);
+ err_return:
+    return;
+}
+
+static int
+tls_get_error(SSL *ssl, int r, int *write_select, int *read_select,
+              int *closed, int *progress)
+{
+    int err = SSL_get_error(ssl, r);
+
+    if (err == SSL_ERROR_NONE) {
+        assert(r > 0);
+        *progress = 1;
+        return 0;
+    }
+
+    assert(r <= 0);
+
+    switch (err) {
+    case SSL_ERROR_ZERO_RETURN:
+        assert(r == 0);
+        *closed = 1;
+        *progress = 1;
+        return 0;
+
+    case SSL_ERROR_WANT_WRITE:
+        *write_select = 1;
+        return 0;
+
+    case SSL_ERROR_WANT_READ:
+        *read_select = 1;
+        return 0;
+    }
+
+    return -1;
+}
+
+static int
+tls_connect_attempt(SSL *ssl, int *write_select, int *read_select,
+                    int *closed, int *progress, const char **err_pref)
+{
+    int n, r;
+
+    DEBUG_MSG("tls_connect_attempt");
+    n = SSL_connect(ssl);
+    DEBUG_MSG2("SSL_connect", n);
+    r = tls_get_error(ssl, n, write_select, read_select, closed, progress);
+    if (r == -1)
+        *err_pref = " during SSL_connect";
+    return r;
+}
+
+static int
+tls_accept_attempt(SSL *ssl, int *write_select, int *read_select, int *closed,
+                   int *progress, const char **err_pref)
+{
+    int n, r;
+
+    DEBUG_MSG("tls_accept_attempt");
+    n = SSL_accept(ssl);
+    DEBUG_MSG2("SSL_accept", n);
+    r = tls_get_error(ssl, n, write_select, read_select, closed, progress);
+    if (r == -1)
+        *err_pref = " during SSL_accept";
+    return r;
+}
+
+static int
+tls_write_attempt(SSL *ssl, struct tunnelbuf *buf, int *write_select,
+                  int *read_select, int *closed, int *progress,
+                  const char **err_pref)
+{
+    int n, r;
+
+    DEBUG_MSG("tls_write_attempt");
+    n = SSL_write(ssl, buf->buf + buf->offset, buf->len);
+    DEBUG_MSG2("SSL_write", n);
+    r = tls_get_error(ssl, n, write_select, read_select, closed, progress);
+    if (n > 0) {
+        buf->len -= n;
+        assert(buf->len >= 0);
+        if (buf->len == 0)
+            buf->offset = 0;
+        else
+            buf->offset += n;
+    }
+    if (r == -1)
+        *err_pref = " during SSL_write";
+    return r;
+}
+
+static int
+tls_read_attempt(SSL *ssl, struct tunnelbuf *buf, int *write_select,
+                 int *read_select, int *closed, int *progress,
+                 const char **err_pref)
+{
+    int n, r;
+    size_t total;
+
+    DEBUG_MSG("tls_read_attempt");
+    total = buf->offset + buf->len;
+    assert(total < sizeof buf->buf);
+    n = SSL_read(ssl, buf->buf + total, (sizeof buf->buf) - total);
+    DEBUG_MSG2("SSL_read", n);
+    r = tls_get_error(ssl, n, write_select, read_select, closed, progress);
+    if (n > 0) {
+        buf->len += n;
+        assert(buf->offset + buf->len <= sizeof buf->buf);
+    }
+    if (r == -1)
+        *err_pref = " during SSL_read";
+    return r;
+}
+
+static int get_error(int r, int *select, int *closed, int *progress)
+{
+    if (r >= 0) {
+        *progress = 1;
+        if (r == 0)
+            *closed = 1;
+        return 0;
+    } else {
+        assert(r == -1);
+        if (errno == EAGAIN || errno == EWOULDBLOCK) {
+            *select = 1;
+            return 0;
+        } else if (errno == EPIPE) {
+            *progress = 1;
+            *closed = 1;
+            return 0;
+        } else
+            return -1;
+    }
+}
+
+static int write_attempt(int fd, struct tunnelbuf *buf, int *select,
+                         int *closed, int *progress)
+{
+    int n, r;
+
+    DEBUG_MSG("write_attempt");
+    n = write(fd, buf->buf + buf->offset, buf->len);
+    DEBUG_MSG2("write", n);
+    r = get_error(n, select, closed, progress);
+    if (n > 0) {
+        buf->len -= n;
+        assert(buf->len >= 0);
+        if (buf->len == 0)
+            buf->offset = 0;
+        else
+            buf->offset += n;
+    }
+    if (r == -1)
+        tls_errprintf(1, tls_child_apparg, "write error: %s\n",
+                      strerror(errno));
+    return r;
+}
+
+static int
+read_attempt(int fd, struct tunnelbuf *buf, int *select, int *closed,
+             int *progress)
+{
+    int n, r;
+    size_t total;
+
+    DEBUG_MSG("read_attempt");
+    total = buf->offset + buf->len;
+    assert(total < sizeof buf->buf);
+    n = read(fd, buf->buf + total, (sizeof buf->buf) - total);
+    DEBUG_MSG2("read", n);
+    r = get_error(n, select, closed, progress);
+    if (n > 0) {
+        buf->len += n;
+        assert(buf->offset + buf->len <= sizeof buf->buf);
+    }
+    if (r == -1)
+        tls_errprintf(1, tls_child_apparg, "read error: %s\n",
+                      strerror(errno));
+    return r;
+}

Deleted: vendor-crypto/openssl/1.0.1u/demos/easy_tls/easy-tls.h
===================================================================
--- vendor-crypto/openssl/dist/demos/easy_tls/easy-tls.h	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/demos/easy_tls/easy-tls.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,60 +0,0 @@
-/* -*- Mode: C; c-file-style: "bsd" -*- */
-/*-
- * easy-tls.h -- generic TLS proxy.
- * $Id: easy-tls.h,v 1.1 2001/09/17 19:06:59 bodo Exp $
- */
-/*
- * (c) Copyright 1999 Bodo Moeller.  All rights reserved.
- */
-
-#ifndef HEADER_TLS_H
-# define HEADER_TLS_H
-
-# ifndef HEADER_SSL_H
-typedef struct ssl_ctx_st SSL_CTX;
-# endif
-
-# define TLS_INFO_SIZE 512      /* max. # of bytes written to infofd */
-
-void tls_set_dhe1024(int i, void *apparg);
-/*
- * Generate DHE parameters: i >= 0 deterministic (i selects seed), i < 0
- * random (may take a while). tls_create_ctx calls this with random
- * non-negative i if the application has never called it.
- */
-
-void tls_rand_seed(void);
-int tls_rand_seed_from_file(const char *filename, size_t n, void *apparg);
-void tls_rand_seed_from_memory(const void *buf, size_t n);
-
-struct tls_create_ctx_args {
-    int client_p;
-    const char *certificate_file;
-    const char *key_file;
-    const char *ca_file;
-    int verify_depth;
-    int fail_unless_verified;
-    int export_p;
-};
-struct tls_create_ctx_args tls_create_ctx_defaultargs(void);
-/*
- * struct tls_create_ctx_args is similar to a conventional argument list, but
- * it can provide default values and allows for future extension.
- */
-SSL_CTX *tls_create_ctx(struct tls_create_ctx_args, void *apparg);
-
-struct tls_start_proxy_args {
-    int fd;
-    int client_p;
-    SSL_CTX *ctx;
-    pid_t *pid;
-    int *infofd;
-};
-struct tls_start_proxy_args tls_start_proxy_defaultargs(void);
-/*
- * tls_start_proxy return value *MUST* be checked! 0 means ok, otherwise
- * we've probably run out of some resources.
- */
-int tls_start_proxy(struct tls_start_proxy_args, void *apparg);
-
-#endif

Copied: vendor-crypto/openssl/1.0.1u/demos/easy_tls/easy-tls.h (from rev 11605, vendor-crypto/openssl/dist/demos/easy_tls/easy-tls.h)
===================================================================
--- vendor-crypto/openssl/1.0.1u/demos/easy_tls/easy-tls.h	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/demos/easy_tls/easy-tls.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,60 @@
+/* */
+/*-
+ * easy-tls.h -- generic TLS proxy.
+ * $Id: easy-tls.h,v 1.1 2001/09/17 19:06:59 bodo Exp $
+ */
+/*
+ * (c) Copyright 1999 Bodo Moeller.  All rights reserved.
+ */
+
+#ifndef HEADER_TLS_H
+# define HEADER_TLS_H
+
+# ifndef HEADER_SSL_H
+typedef struct ssl_ctx_st SSL_CTX;
+# endif
+
+# define TLS_INFO_SIZE 512      /* max. # of bytes written to infofd */
+
+void tls_set_dhe1024(int i, void *apparg);
+/*
+ * Generate DHE parameters: i >= 0 deterministic (i selects seed), i < 0
+ * random (may take a while). tls_create_ctx calls this with random
+ * non-negative i if the application has never called it.
+ */
+
+void tls_rand_seed(void);
+int tls_rand_seed_from_file(const char *filename, size_t n, void *apparg);
+void tls_rand_seed_from_memory(const void *buf, size_t n);
+
+struct tls_create_ctx_args {
+    int client_p;
+    const char *certificate_file;
+    const char *key_file;
+    const char *ca_file;
+    int verify_depth;
+    int fail_unless_verified;
+    int export_p;
+};
+struct tls_create_ctx_args tls_create_ctx_defaultargs(void);
+/*
+ * struct tls_create_ctx_args is similar to a conventional argument list, but
+ * it can provide default values and allows for future extension.
+ */
+SSL_CTX *tls_create_ctx(struct tls_create_ctx_args, void *apparg);
+
+struct tls_start_proxy_args {
+    int fd;
+    int client_p;
+    SSL_CTX *ctx;
+    pid_t *pid;
+    int *infofd;
+};
+struct tls_start_proxy_args tls_start_proxy_defaultargs(void);
+/*
+ * tls_start_proxy return value *MUST* be checked! 0 means ok, otherwise
+ * we've probably run out of some resources.
+ */
+int tls_start_proxy(struct tls_start_proxy_args, void *apparg);
+
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/demos/tunala/tunala.c
===================================================================
--- vendor-crypto/openssl/dist/demos/tunala/tunala.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/demos/tunala/tunala.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,1183 +0,0 @@
-#if defined(NO_BUFFER) || defined(NO_IP) || defined(NO_OPENSSL)
-# error "Badness, NO_BUFFER, NO_IP or NO_OPENSSL is defined, turn them *off*"
-#endif
-
-/* Include our bits'n'pieces */
-#include "tunala.h"
-
-/********************************************/
-/* Our local types that specify our "world" */
-/********************************************/
-
-/*
- * These represent running "tunnels". Eg. if you wanted to do SSL in a
- * "message-passing" scanario, the "int" file-descriptors might be replaced
- * by thread or process IDs, and the "select" code might be replaced by
- * message handling code. Whatever.
- */
-typedef struct _tunala_item_t {
-    /*
-     * The underlying SSL state machine. This is a data-only processing unit
-     * and we communicate with it by talking to its four "buffers".
-     */
-    state_machine_t sm;
-    /*
-     * The file-descriptors for the "dirty" (encrypted) side of the SSL
-     * setup. In actuality, this is typically a socket and both values are
-     * identical.
-     */
-    int dirty_read, dirty_send;
-    /*
-     * The file-descriptors for the "clean" (unencrypted) side of the SSL
-     * setup. These could be stdin/stdout, a socket (both values the same),
-     * or whatever you like.
-     */
-    int clean_read, clean_send;
-} tunala_item_t;
-
-/*
- * This structure is used as the data for running the main loop. Namely, in a
- * network format such as this, it is stuff for select() - but as pointed out,
- * when moving the real-world to somewhere else, this might be replaced by
- * something entirely different. It's basically the stuff that controls when
- * it's time to do some "work".
- */
-typedef struct _select_sets_t {
-    int max;                    /* As required as the first argument to
-                                 * select() */
-    fd_set reads, sends, excepts; /* As passed to select() */
-} select_sets_t;
-typedef struct _tunala_selector_t {
-    select_sets_t last_selected; /* Results of the last select() */
-    select_sets_t next_select;  /* What we'll next select on */
-} tunala_selector_t;
-
-/*
- * This structure is *everything*. We do it to avoid the use of globals so
- * that, for example, it would be easier to shift things around between
- * async-IO, thread-based, or multi-fork()ed (or combinations thereof).
- */
-typedef struct _tunala_world_t {
-    /* The file-descriptor we "listen" on for new connections */
-    int listen_fd;
-    /* The array of tunnels */
-    tunala_item_t *tunnels;
-    /* the number of tunnels in use and allocated, respectively */
-    unsigned int tunnels_used, tunnels_size;
-    /* Our outside "loop" context stuff */
-    tunala_selector_t selector;
-    /*
-     * Our SSL_CTX, which is configured as the SSL client or server and has
-     * the various cert-settings and callbacks configured.
-     */
-    SSL_CTX *ssl_ctx;
-    /*
-     * Simple flag with complex logic :-) Indicates whether we're an SSL
-     * server or an SSL client.
-     */
-    int server_mode;
-} tunala_world_t;
-
-/*****************************/
-/* Internal static functions */
-/*****************************/
-
-static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id,
-                                   const char *CAfile, const char *cert,
-                                   const char *key, const char *dcert,
-                                   const char *dkey, const char *cipher_list,
-                                   const char *dh_file,
-                                   const char *dh_special, int tmp_rsa,
-                                   int ctx_options, int out_state,
-                                   int out_verify, int verify_mode,
-                                   unsigned int verify_depth);
-static void selector_init(tunala_selector_t * selector);
-static void selector_add_listener(tunala_selector_t * selector, int fd);
-static void selector_add_tunala(tunala_selector_t * selector,
-                                tunala_item_t * t);
-static int selector_select(tunala_selector_t * selector);
-/*
- * This returns -1 for error, 0 for no new connections, or 1 for success, in
- * which case *newfd is populated.
- */
-static int selector_get_listener(tunala_selector_t * selector, int fd,
-                                 int *newfd);
-static int tunala_world_new_item(tunala_world_t * world, int fd,
-                                 const char *ip, unsigned short port,
-                                 int flipped);
-static void tunala_world_del_item(tunala_world_t * world, unsigned int idx);
-static int tunala_item_io(tunala_selector_t * selector, tunala_item_t * item);
-
-/*********************************************/
-/* MAIN FUNCTION (and its utility functions) */
-/*********************************************/
-
-static const char *def_proxyhost = "127.0.0.1:443";
-static const char *def_listenhost = "127.0.0.1:8080";
-static int def_max_tunnels = 50;
-static const char *def_cacert = NULL;
-static const char *def_cert = NULL;
-static const char *def_key = NULL;
-static const char *def_dcert = NULL;
-static const char *def_dkey = NULL;
-static const char *def_engine_id = NULL;
-static int def_server_mode = 0;
-static int def_flipped = 0;
-static const char *def_cipher_list = NULL;
-static const char *def_dh_file = NULL;
-static const char *def_dh_special = NULL;
-static int def_tmp_rsa = 1;
-static int def_ctx_options = 0;
-static int def_verify_mode = 0;
-static unsigned int def_verify_depth = 10;
-static int def_out_state = 0;
-static unsigned int def_out_verify = 0;
-static int def_out_totals = 0;
-static int def_out_conns = 0;
-
-static const char *helpstring =
-    "\n'Tunala' (A tunneler with a New Zealand accent)\n"
-    "Usage: tunala [options], where options are from;\n"
-    " -listen [host:]<port>  (default = 127.0.0.1:8080)\n"
-    " -proxy <host>:<port>   (default = 127.0.0.1:443)\n"
-    " -maxtunnels <num>      (default = 50)\n"
-    " -cacert <path|NULL>    (default = NULL)\n"
-    " -cert <path|NULL>      (default = NULL)\n"
-    " -key <path|NULL>       (default = whatever '-cert' is)\n"
-    " -dcert <path|NULL>     (usually for DSA, default = NULL)\n"
-    " -dkey <path|NULL>      (usually for DSA, default = whatever '-dcert' is)\n"
-    " -engine <id|NULL>      (default = NULL)\n"
-    " -server <0|1>          (default = 0, ie. an SSL client)\n"
-    " -flipped <0|1>         (makes SSL servers be network clients, and vice versa)\n"
-    " -cipher <list>         (specifies cipher list to use)\n"
-    " -dh_file <path>        (a PEM file containing DH parameters to use)\n"
-    " -dh_special <NULL|generate|standard> (see below: def=NULL)\n"
-    " -no_tmp_rsa            (don't generate temporary RSA keys)\n"
-    " -no_ssl2               (disable SSLv2)\n"
-    " -no_ssl3               (disable SSLv3)\n"
-    " -no_tls1               (disable TLSv1)\n"
-    " -v_peer                (verify the peer certificate)\n"
-    " -v_strict              (do not continue if peer doesn't authenticate)\n"
-    " -v_once                (no verification in renegotiates)\n"
-    " -v_depth <num>         (limit certificate chain depth, default = 10)\n"
-    " -out_conns             (prints client connections and disconnections)\n"
-    " -out_state             (prints SSL handshake states)\n"
-    " -out_verify <0|1|2|3>  (prints certificate verification states: def=1)\n"
-    " -out_totals            (prints out byte-totals when a tunnel closes)\n"
-    " -<h|help|?>            (displays this help screen)\n"
-    "Notes:\n"
-    "(1) It is recommended to specify a cert+key when operating as an SSL server.\n"
-    "    If you only specify '-cert', the same file must contain a matching\n"
-    "    private key.\n"
-    "(2) Either dh_file or dh_special can be used to specify where DH parameters\n"
-    "    will be obtained from (or '-dh_special NULL' for the default choice) but\n"
-    "    you cannot specify both. For dh_special, 'generate' will create new DH\n"
-    "    parameters on startup, and 'standard' will use embedded parameters\n"
-    "    instead.\n"
-    "(3) Normally an ssl client connects to an ssl server - so that an 'ssl client\n"
-    "    tunala' listens for 'clean' client connections and proxies ssl, and an\n"
-    "    'ssl server tunala' listens for ssl connections and proxies 'clean'. With\n"
-    "    '-flipped 1', this behaviour is reversed so that an 'ssl server tunala'\n"
-    "    listens for clean client connections and proxies ssl (but participating\n"
-    "    as an ssl *server* in the SSL/TLS protocol), and an 'ssl client tunala'\n"
-    "    listens for ssl connections (participating as an ssl *client* in the\n"
-    "    SSL/TLS protocol) and proxies 'clean' to the end destination. This can\n"
-    "    be useful for allowing network access to 'servers' where only the server\n"
-    "    needs to authenticate the client (ie. the other way is not required).\n"
-    "    Even with client and server authentication, this 'technique' mitigates\n"
-    "    some DoS (denial-of-service) potential as it will be the network client\n"
-    "    having to perform the first private key operation rather than the other\n"
-    "    way round.\n"
-    "(4) The 'technique' used by setting '-flipped 1' is probably compatible with\n"
-    "    absolutely nothing except another complimentary instance of 'tunala'\n"
-    "    running with '-flipped 1'. :-)\n";
-
-/*
- * Default DH parameters for use with "-dh_special standard" ... stolen
- * striaght from s_server.
- */
-static unsigned char dh512_p[] = {
-    0xDA, 0x58, 0x3C, 0x16, 0xD9, 0x85, 0x22, 0x89, 0xD0, 0xE4, 0xAF, 0x75,
-    0x6F, 0x4C, 0xCA, 0x92, 0xDD, 0x4B, 0xE5, 0x33, 0xB8, 0x04, 0xFB, 0x0F,
-    0xED, 0x94, 0xEF, 0x9C, 0x8A, 0x44, 0x03, 0xED, 0x57, 0x46, 0x50, 0xD3,
-    0x69, 0x99, 0xDB, 0x29, 0xD7, 0x76, 0x27, 0x6B, 0xA2, 0xD3, 0xD4, 0x12,
-    0xE2, 0x18, 0xF4, 0xDD, 0x1E, 0x08, 0x4C, 0xF6, 0xD8, 0x00, 0x3E, 0x7C,
-    0x47, 0x74, 0xE8, 0x33,
-};
-
-static unsigned char dh512_g[] = {
-    0x02,
-};
-
-/*
- * And the function that parses the above "standard" parameters, again,
- * straight out of s_server.
- */
-static DH *get_dh512(void)
-{
-    DH *dh = NULL;
-
-    if ((dh = DH_new()) == NULL)
-        return (NULL);
-    dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
-    dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
-    if ((dh->p == NULL) || (dh->g == NULL))
-        return (NULL);
-    return (dh);
-}
-
-/* Various help/error messages used by main() */
-static int usage(const char *errstr, int isunknownarg)
-{
-    if (isunknownarg)
-        fprintf(stderr, "Error: unknown argument '%s'\n", errstr);
-    else
-        fprintf(stderr, "Error: %s\n", errstr);
-    fprintf(stderr, "%s\n", helpstring);
-    return 1;
-}
-
-static int err_str0(const char *str0)
-{
-    fprintf(stderr, "%s\n", str0);
-    return 1;
-}
-
-static int err_str1(const char *fmt, const char *str1)
-{
-    fprintf(stderr, fmt, str1);
-    fprintf(stderr, "\n");
-    return 1;
-}
-
-static int parse_max_tunnels(const char *s, unsigned int *maxtunnels)
-{
-    unsigned long l;
-    if (!int_strtoul(s, &l) || (l < 1) || (l > 1024)) {
-        fprintf(stderr, "Error, '%s' is an invalid value for "
-                "maxtunnels\n", s);
-        return 0;
-    }
-    *maxtunnels = (unsigned int)l;
-    return 1;
-}
-
-static int parse_server_mode(const char *s, int *servermode)
-{
-    unsigned long l;
-    if (!int_strtoul(s, &l) || (l > 1)) {
-        fprintf(stderr, "Error, '%s' is an invalid value for the "
-                "server mode\n", s);
-        return 0;
-    }
-    *servermode = (int)l;
-    return 1;
-}
-
-static int parse_dh_special(const char *s, const char **dh_special)
-{
-    if ((strcmp(s, "NULL") == 0) || (strcmp(s, "generate") == 0) ||
-        (strcmp(s, "standard") == 0)) {
-        *dh_special = s;
-        return 1;
-    }
-    fprintf(stderr, "Error, '%s' is an invalid value for 'dh_special'\n", s);
-    return 0;
-}
-
-static int parse_verify_level(const char *s, unsigned int *verify_level)
-{
-    unsigned long l;
-    if (!int_strtoul(s, &l) || (l > 3)) {
-        fprintf(stderr, "Error, '%s' is an invalid value for "
-                "out_verify\n", s);
-        return 0;
-    }
-    *verify_level = (unsigned int)l;
-    return 1;
-}
-
-static int parse_verify_depth(const char *s, unsigned int *verify_depth)
-{
-    unsigned long l;
-    if (!int_strtoul(s, &l) || (l < 1) || (l > 50)) {
-        fprintf(stderr, "Error, '%s' is an invalid value for "
-                "verify_depth\n", s);
-        return 0;
-    }
-    *verify_depth = (unsigned int)l;
-    return 1;
-}
-
-/* Some fprintf format strings used when tunnels close */
-static const char *io_stats_dirty =
-    "    SSL traffic;   %8lu bytes in, %8lu bytes out\n";
-static const char *io_stats_clean =
-    "    clear traffic; %8lu bytes in, %8lu bytes out\n";
-
-int main(int argc, char *argv[])
-{
-    unsigned int loop;
-    int newfd;
-    tunala_world_t world;
-    tunala_item_t *t_item;
-    const char *proxy_ip;
-    unsigned short proxy_port;
-    /* Overridables */
-    const char *proxyhost = def_proxyhost;
-    const char *listenhost = def_listenhost;
-    unsigned int max_tunnels = def_max_tunnels;
-    const char *cacert = def_cacert;
-    const char *cert = def_cert;
-    const char *key = def_key;
-    const char *dcert = def_dcert;
-    const char *dkey = def_dkey;
-    const char *engine_id = def_engine_id;
-    int server_mode = def_server_mode;
-    int flipped = def_flipped;
-    const char *cipher_list = def_cipher_list;
-    const char *dh_file = def_dh_file;
-    const char *dh_special = def_dh_special;
-    int tmp_rsa = def_tmp_rsa;
-    int ctx_options = def_ctx_options;
-    int verify_mode = def_verify_mode;
-    unsigned int verify_depth = def_verify_depth;
-    int out_state = def_out_state;
-    unsigned int out_verify = def_out_verify;
-    int out_totals = def_out_totals;
-    int out_conns = def_out_conns;
-
-/* Parse command-line arguments */
- next_arg:
-    argc--;
-    argv++;
-    if (argc > 0) {
-        if (strcmp(*argv, "-listen") == 0) {
-            if (argc < 2)
-                return usage("-listen requires an argument", 0);
-            argc--;
-            argv++;
-            listenhost = *argv;
-            goto next_arg;
-        } else if (strcmp(*argv, "-proxy") == 0) {
-            if (argc < 2)
-                return usage("-proxy requires an argument", 0);
-            argc--;
-            argv++;
-            proxyhost = *argv;
-            goto next_arg;
-        } else if (strcmp(*argv, "-maxtunnels") == 0) {
-            if (argc < 2)
-                return usage("-maxtunnels requires an argument", 0);
-            argc--;
-            argv++;
-            if (!parse_max_tunnels(*argv, &max_tunnels))
-                return 1;
-            goto next_arg;
-        } else if (strcmp(*argv, "-cacert") == 0) {
-            if (argc < 2)
-                return usage("-cacert requires an argument", 0);
-            argc--;
-            argv++;
-            if (strcmp(*argv, "NULL") == 0)
-                cacert = NULL;
-            else
-                cacert = *argv;
-            goto next_arg;
-        } else if (strcmp(*argv, "-cert") == 0) {
-            if (argc < 2)
-                return usage("-cert requires an argument", 0);
-            argc--;
-            argv++;
-            if (strcmp(*argv, "NULL") == 0)
-                cert = NULL;
-            else
-                cert = *argv;
-            goto next_arg;
-        } else if (strcmp(*argv, "-key") == 0) {
-            if (argc < 2)
-                return usage("-key requires an argument", 0);
-            argc--;
-            argv++;
-            if (strcmp(*argv, "NULL") == 0)
-                key = NULL;
-            else
-                key = *argv;
-            goto next_arg;
-        } else if (strcmp(*argv, "-dcert") == 0) {
-            if (argc < 2)
-                return usage("-dcert requires an argument", 0);
-            argc--;
-            argv++;
-            if (strcmp(*argv, "NULL") == 0)
-                dcert = NULL;
-            else
-                dcert = *argv;
-            goto next_arg;
-        } else if (strcmp(*argv, "-dkey") == 0) {
-            if (argc < 2)
-                return usage("-dkey requires an argument", 0);
-            argc--;
-            argv++;
-            if (strcmp(*argv, "NULL") == 0)
-                dkey = NULL;
-            else
-                dkey = *argv;
-            goto next_arg;
-        } else if (strcmp(*argv, "-engine") == 0) {
-            if (argc < 2)
-                return usage("-engine requires an argument", 0);
-            argc--;
-            argv++;
-            engine_id = *argv;
-            goto next_arg;
-        } else if (strcmp(*argv, "-server") == 0) {
-            if (argc < 2)
-                return usage("-server requires an argument", 0);
-            argc--;
-            argv++;
-            if (!parse_server_mode(*argv, &server_mode))
-                return 1;
-            goto next_arg;
-        } else if (strcmp(*argv, "-flipped") == 0) {
-            if (argc < 2)
-                return usage("-flipped requires an argument", 0);
-            argc--;
-            argv++;
-            if (!parse_server_mode(*argv, &flipped))
-                return 1;
-            goto next_arg;
-        } else if (strcmp(*argv, "-cipher") == 0) {
-            if (argc < 2)
-                return usage("-cipher requires an argument", 0);
-            argc--;
-            argv++;
-            cipher_list = *argv;
-            goto next_arg;
-        } else if (strcmp(*argv, "-dh_file") == 0) {
-            if (argc < 2)
-                return usage("-dh_file requires an argument", 0);
-            if (dh_special)
-                return usage("cannot mix -dh_file with " "-dh_special", 0);
-            argc--;
-            argv++;
-            dh_file = *argv;
-            goto next_arg;
-        } else if (strcmp(*argv, "-dh_special") == 0) {
-            if (argc < 2)
-                return usage("-dh_special requires an argument", 0);
-            if (dh_file)
-                return usage("cannot mix -dh_file with " "-dh_special", 0);
-            argc--;
-            argv++;
-            if (!parse_dh_special(*argv, &dh_special))
-                return 1;
-            goto next_arg;
-        } else if (strcmp(*argv, "-no_tmp_rsa") == 0) {
-            tmp_rsa = 0;
-            goto next_arg;
-        } else if (strcmp(*argv, "-no_ssl2") == 0) {
-            ctx_options |= SSL_OP_NO_SSLv2;
-            goto next_arg;
-        } else if (strcmp(*argv, "-no_ssl3") == 0) {
-            ctx_options |= SSL_OP_NO_SSLv3;
-            goto next_arg;
-        } else if (strcmp(*argv, "-no_tls1") == 0) {
-            ctx_options |= SSL_OP_NO_TLSv1;
-            goto next_arg;
-        } else if (strcmp(*argv, "-v_peer") == 0) {
-            verify_mode |= SSL_VERIFY_PEER;
-            goto next_arg;
-        } else if (strcmp(*argv, "-v_strict") == 0) {
-            verify_mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
-            goto next_arg;
-        } else if (strcmp(*argv, "-v_once") == 0) {
-            verify_mode |= SSL_VERIFY_CLIENT_ONCE;
-            goto next_arg;
-        } else if (strcmp(*argv, "-v_depth") == 0) {
-            if (argc < 2)
-                return usage("-v_depth requires an argument", 0);
-            argc--;
-            argv++;
-            if (!parse_verify_depth(*argv, &verify_depth))
-                return 1;
-            goto next_arg;
-        } else if (strcmp(*argv, "-out_state") == 0) {
-            out_state = 1;
-            goto next_arg;
-        } else if (strcmp(*argv, "-out_verify") == 0) {
-            if (argc < 2)
-                return usage("-out_verify requires an argument", 0);
-            argc--;
-            argv++;
-            if (!parse_verify_level(*argv, &out_verify))
-                return 1;
-            goto next_arg;
-        } else if (strcmp(*argv, "-out_totals") == 0) {
-            out_totals = 1;
-            goto next_arg;
-        } else if (strcmp(*argv, "-out_conns") == 0) {
-            out_conns = 1;
-            goto next_arg;
-        } else if ((strcmp(*argv, "-h") == 0) ||
-                   (strcmp(*argv, "-help") == 0) ||
-                   (strcmp(*argv, "-?") == 0)) {
-            fprintf(stderr, "%s\n", helpstring);
-            return 0;
-        } else
-            return usage(*argv, 1);
-    }
-    /* Run any sanity checks we want here */
-    if (!cert && !dcert && server_mode)
-        fprintf(stderr, "WARNING: you are running an SSL server without "
-                "a certificate - this may not work!\n");
-
-    /* Initialise network stuff */
-    if (!ip_initialise())
-        return err_str0("ip_initialise failed");
-    /* Create the SSL_CTX */
-    if ((world.ssl_ctx = initialise_ssl_ctx(server_mode, engine_id,
-                                            cacert, cert, key, dcert, dkey,
-                                            cipher_list, dh_file, dh_special,
-                                            tmp_rsa, ctx_options, out_state,
-                                            out_verify, verify_mode,
-                                            verify_depth)) == NULL)
-        return err_str1("initialise_ssl_ctx(engine_id=%s) failed",
-                        (engine_id == NULL) ? "NULL" : engine_id);
-    if (engine_id)
-        fprintf(stderr, "Info, engine '%s' initialised\n", engine_id);
-    /* Create the listener */
-    if ((world.listen_fd = ip_create_listener(listenhost)) == -1)
-        return err_str1("ip_create_listener(%s) failed", listenhost);
-    fprintf(stderr, "Info, listening on '%s'\n", listenhost);
-    if (!ip_parse_address(proxyhost, &proxy_ip, &proxy_port, 0))
-        return err_str1("ip_parse_address(%s) failed", proxyhost);
-    fprintf(stderr, "Info, proxying to '%s' (%d.%d.%d.%d:%d)\n", proxyhost,
-            (int)proxy_ip[0], (int)proxy_ip[1],
-            (int)proxy_ip[2], (int)proxy_ip[3], (int)proxy_port);
-    fprintf(stderr, "Info, set maxtunnels to %d\n", (int)max_tunnels);
-    fprintf(stderr, "Info, set to operate as an SSL %s\n",
-            (server_mode ? "server" : "client"));
-    /* Initialise the rest of the stuff */
-    world.tunnels_used = world.tunnels_size = 0;
-    world.tunnels = NULL;
-    world.server_mode = server_mode;
-    selector_init(&world.selector);
-
-/* We're ready to loop */
- main_loop:
-    /* Should we listen for *new* tunnels? */
-    if (world.tunnels_used < max_tunnels)
-        selector_add_listener(&world.selector, world.listen_fd);
-    /* We should add in our existing tunnels */
-    for (loop = 0; loop < world.tunnels_used; loop++)
-        selector_add_tunala(&world.selector, world.tunnels + loop);
-    /* Now do the select */
-    switch (selector_select(&world.selector)) {
-    case -1:
-        if (errno != EINTR) {
-            fprintf(stderr, "selector_select returned a " "badness error.\n");
-            goto shouldnt_happen;
-        }
-        fprintf(stderr, "Warn, selector interrupted by a signal\n");
-        goto main_loop;
-    case 0:
-        fprintf(stderr, "Warn, selector_select returned 0 - signal?" "?\n");
-        goto main_loop;
-    default:
-        break;
-    }
-    /* Accept new connection if we should and can */
-    if ((world.tunnels_used < max_tunnels)
-        && (selector_get_listener(&world.selector, world.listen_fd, &newfd) ==
-            1)) {
-        /* We have a new connection */
-        if (!tunala_world_new_item(&world, newfd, proxy_ip,
-                                   proxy_port, flipped))
-            fprintf(stderr, "tunala_world_new_item failed\n");
-        else if (out_conns)
-            fprintf(stderr, "Info, new tunnel opened, now up to "
-                    "%d\n", world.tunnels_used);
-    }
-    /*
-     * Give each tunnel its moment, note the while loop is because it makes
-     * the logic easier than with "for" to deal with an array that may shift
-     * because of deletes.
-     */
-    loop = 0;
-    t_item = world.tunnels;
-    while (loop < world.tunnels_used) {
-        if (!tunala_item_io(&world.selector, t_item)) {
-            /*
-             * We're closing whether for reasons of an error or a natural
-             * close. Don't increment loop or t_item because the next item is
-             * moving to us!
-             */
-            if (!out_totals)
-                goto skip_totals;
-            fprintf(stderr, "Tunnel closing, traffic stats follow\n");
-            /* Display the encrypted (over the network) stats */
-            fprintf(stderr, io_stats_dirty,
-                    buffer_total_in(state_machine_get_buffer
-                                    (&t_item->sm, SM_DIRTY_IN)),
-                    buffer_total_out(state_machine_get_buffer
-                                     (&t_item->sm, SM_DIRTY_OUT)));
-            /*
-             * Display the local (tunnelled) stats. NB: Data we *receive* is
-             * data sent *out* of the state_machine on its 'clean' side.
-             * Hence the apparent back-to-front OUT/IN mixup here :-)
-             */
-            fprintf(stderr, io_stats_clean,
-                    buffer_total_out(state_machine_get_buffer
-                                     (&t_item->sm, SM_CLEAN_OUT)),
-                    buffer_total_in(state_machine_get_buffer
-                                    (&t_item->sm, SM_CLEAN_IN)));
- skip_totals:
-            tunala_world_del_item(&world, loop);
-            if (out_conns)
-                fprintf(stderr, "Info, tunnel closed, down to %d\n",
-                        world.tunnels_used);
-        } else {
-            /* Move to the next item */
-            loop++;
-            t_item++;
-        }
-    }
-    goto main_loop;
-    /* Should never get here */
- shouldnt_happen:
-    abort();
-    return 1;
-}
-
-/****************/
-/* OpenSSL bits */
-/****************/
-
-static int ctx_set_cert(SSL_CTX *ctx, const char *cert, const char *key)
-{
-    FILE *fp = NULL;
-    X509 *x509 = NULL;
-    EVP_PKEY *pkey = NULL;
-    int toret = 0;              /* Assume an error */
-
-    /* cert */
-    if (cert) {
-        if ((fp = fopen(cert, "r")) == NULL) {
-            fprintf(stderr, "Error opening cert file '%s'\n", cert);
-            goto err;
-        }
-        if (!PEM_read_X509(fp, &x509, NULL, NULL)) {
-            fprintf(stderr, "Error reading PEM cert from '%s'\n", cert);
-            goto err;
-        }
-        if (!SSL_CTX_use_certificate(ctx, x509)) {
-            fprintf(stderr, "Error, cert in '%s' can not be used\n", cert);
-            goto err;
-        }
-        /* Clear the FILE* for reuse in the "key" code */
-        fclose(fp);
-        fp = NULL;
-        fprintf(stderr, "Info, operating with cert in '%s'\n", cert);
-        /*
-         * If a cert was given without matching key, we assume the same file
-         * contains the required key.
-         */
-        if (!key)
-            key = cert;
-    } else {
-        if (key)
-            fprintf(stderr, "Error, can't specify a key without a "
-                    "corresponding certificate\n");
-        else
-            fprintf(stderr, "Error, ctx_set_cert called with " "NULLs!\n");
-        goto err;
-    }
-    /* key */
-    if (key) {
-        if ((fp = fopen(key, "r")) == NULL) {
-            fprintf(stderr, "Error opening key file '%s'\n", key);
-            goto err;
-        }
-        if (!PEM_read_PrivateKey(fp, &pkey, NULL, NULL)) {
-            fprintf(stderr, "Error reading PEM key from '%s'\n", key);
-            goto err;
-        }
-        if (!SSL_CTX_use_PrivateKey(ctx, pkey)) {
-            fprintf(stderr, "Error, key in '%s' can not be used\n", key);
-            goto err;
-        }
-        fprintf(stderr, "Info, operating with key in '%s'\n", key);
-    } else
-        fprintf(stderr, "Info, operating without a cert or key\n");
-    /* Success */
-    toret = 1;
- err:
-    if (x509)
-        X509_free(x509);
-    if (pkey)
-        EVP_PKEY_free(pkey);
-    if (fp)
-        fclose(fp);
-    return toret;
-}
-
-static int ctx_set_dh(SSL_CTX *ctx, const char *dh_file,
-                      const char *dh_special)
-{
-    DH *dh = NULL;
-    FILE *fp = NULL;
-
-    if (dh_special) {
-        if (strcmp(dh_special, "NULL") == 0)
-            return 1;
-        if (strcmp(dh_special, "standard") == 0) {
-            if ((dh = get_dh512()) == NULL) {
-                fprintf(stderr, "Error, can't parse 'standard'"
-                        " DH parameters\n");
-                return 0;
-            }
-            fprintf(stderr, "Info, using 'standard' DH parameters\n");
-            goto do_it;
-        }
-        if (strcmp(dh_special, "generate") != 0)
-            /*
-             * This shouldn't happen - screening values is handled in main().
-             */
-            abort();
-        fprintf(stderr, "Info, generating DH parameters ... ");
-        fflush(stderr);
-        if (!(dh = DH_new()) || !DH_generate_parameters_ex(dh, 512,
-                                                           DH_GENERATOR_5,
-                                                           NULL)) {
-            fprintf(stderr, "error!\n");
-            if (dh)
-                DH_free(dh);
-            return 0;
-        }
-        fprintf(stderr, "complete\n");
-        goto do_it;
-    }
-    /* So, we're loading dh_file */
-    if ((fp = fopen(dh_file, "r")) == NULL) {
-        fprintf(stderr, "Error, couldn't open '%s' for DH parameters\n",
-                dh_file);
-        return 0;
-    }
-    dh = PEM_read_DHparams(fp, NULL, NULL, NULL);
-    fclose(fp);
-    if (dh == NULL) {
-        fprintf(stderr, "Error, could not parse DH parameters from '%s'\n",
-                dh_file);
-        return 0;
-    }
-    fprintf(stderr, "Info, using DH parameters from file '%s'\n", dh_file);
- do_it:
-    SSL_CTX_set_tmp_dh(ctx, dh);
-    DH_free(dh);
-    return 1;
-}
-
-static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id,
-                                   const char *CAfile, const char *cert,
-                                   const char *key, const char *dcert,
-                                   const char *dkey, const char *cipher_list,
-                                   const char *dh_file,
-                                   const char *dh_special, int tmp_rsa,
-                                   int ctx_options, int out_state,
-                                   int out_verify, int verify_mode,
-                                   unsigned int verify_depth)
-{
-    SSL_CTX *ctx = NULL, *ret = NULL;
-    const SSL_METHOD *meth;
-    ENGINE *e = NULL;
-
-    OpenSSL_add_ssl_algorithms();
-    SSL_load_error_strings();
-
-    meth = (server_mode ? SSLv23_server_method() : SSLv23_client_method());
-    if (meth == NULL)
-        goto err;
-    if (engine_id) {
-        ENGINE_load_builtin_engines();
-        if ((e = ENGINE_by_id(engine_id)) == NULL) {
-            fprintf(stderr, "Error obtaining '%s' engine, openssl "
-                    "errors follow\n", engine_id);
-            goto err;
-        }
-        if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
-            fprintf(stderr, "Error assigning '%s' engine, openssl "
-                    "errors follow\n", engine_id);
-            goto err;
-        }
-        ENGINE_free(e);
-    }
-    if ((ctx = SSL_CTX_new(meth)) == NULL)
-        goto err;
-    /* cacert */
-    if (CAfile) {
-        if (!X509_STORE_load_locations(SSL_CTX_get_cert_store(ctx),
-                                       CAfile, NULL)) {
-            fprintf(stderr, "Error loading CA cert(s) in '%s'\n", CAfile);
-            goto err;
-        }
-        fprintf(stderr, "Info, operating with CA cert(s) in '%s'\n", CAfile);
-    } else
-        fprintf(stderr, "Info, operating without a CA cert(-list)\n");
-    if (!SSL_CTX_set_default_verify_paths(ctx)) {
-        fprintf(stderr, "Error setting default verify paths\n");
-        goto err;
-    }
-
-    /* cert and key */
-    if ((cert || key) && !ctx_set_cert(ctx, cert, key))
-        goto err;
-    /* dcert and dkey */
-    if ((dcert || dkey) && !ctx_set_cert(ctx, dcert, dkey))
-        goto err;
-    /* temporary RSA key generation */
-    if (tmp_rsa)
-        SSL_CTX_set_tmp_rsa_callback(ctx, cb_generate_tmp_rsa);
-
-    /* cipher_list */
-    if (cipher_list) {
-        if (!SSL_CTX_set_cipher_list(ctx, cipher_list)) {
-            fprintf(stderr, "Error setting cipher list '%s'\n", cipher_list);
-            goto err;
-        }
-        fprintf(stderr, "Info, set cipher list '%s'\n", cipher_list);
-    } else
-        fprintf(stderr, "Info, operating with default cipher list\n");
-
-    /* dh_file & dh_special */
-    if ((dh_file || dh_special) && !ctx_set_dh(ctx, dh_file, dh_special))
-        goto err;
-
-    /* ctx_options */
-    SSL_CTX_set_options(ctx, ctx_options);
-
-    /* out_state (output of SSL handshake states to screen). */
-    if (out_state)
-        cb_ssl_info_set_output(stderr);
-
-    /* out_verify */
-    if (out_verify > 0) {
-        cb_ssl_verify_set_output(stderr);
-        cb_ssl_verify_set_level(out_verify);
-    }
-
-    /* verify_depth */
-    cb_ssl_verify_set_depth(verify_depth);
-
-    /* Success! (includes setting verify_mode) */
-    SSL_CTX_set_info_callback(ctx, cb_ssl_info);
-    SSL_CTX_set_verify(ctx, verify_mode, cb_ssl_verify);
-    ret = ctx;
- err:
-    if (!ret) {
-        ERR_print_errors_fp(stderr);
-        if (ctx)
-            SSL_CTX_free(ctx);
-    }
-    return ret;
-}
-
-/*****************/
-/* Selector bits */
-/*****************/
-
-static void selector_sets_init(select_sets_t * s)
-{
-    s->max = 0;
-    FD_ZERO(&s->reads);
-    FD_ZERO(&s->sends);
-    FD_ZERO(&s->excepts);
-}
-
-static void selector_init(tunala_selector_t * selector)
-{
-    selector_sets_init(&selector->last_selected);
-    selector_sets_init(&selector->next_select);
-}
-
-#define SEL_EXCEPTS 0x00
-#define SEL_READS   0x01
-#define SEL_SENDS   0x02
-static void selector_add_raw_fd(tunala_selector_t * s, int fd, int flags)
-{
-    FD_SET(fd, &s->next_select.excepts);
-    if (flags & SEL_READS)
-        FD_SET(fd, &s->next_select.reads);
-    if (flags & SEL_SENDS)
-        FD_SET(fd, &s->next_select.sends);
-    /* Adjust "max" */
-    if (s->next_select.max < (fd + 1))
-        s->next_select.max = fd + 1;
-}
-
-static void selector_add_listener(tunala_selector_t * selector, int fd)
-{
-    selector_add_raw_fd(selector, fd, SEL_READS);
-}
-
-static void selector_add_tunala(tunala_selector_t * s, tunala_item_t * t)
-{
-    /* Set clean read if sm.clean_in is not full */
-    if (t->clean_read != -1) {
-        selector_add_raw_fd(s, t->clean_read,
-                            (buffer_full(state_machine_get_buffer(&t->sm,
-                                                                  SM_CLEAN_IN))
-                             ? SEL_EXCEPTS : SEL_READS));
-    }
-    /* Set clean send if sm.clean_out is not empty */
-    if (t->clean_send != -1) {
-        selector_add_raw_fd(s, t->clean_send,
-                            (buffer_empty(state_machine_get_buffer(&t->sm,
-                                                                   SM_CLEAN_OUT))
-                             ? SEL_EXCEPTS : SEL_SENDS));
-    }
-    /* Set dirty read if sm.dirty_in is not full */
-    if (t->dirty_read != -1) {
-        selector_add_raw_fd(s, t->dirty_read,
-                            (buffer_full(state_machine_get_buffer(&t->sm,
-                                                                  SM_DIRTY_IN))
-                             ? SEL_EXCEPTS : SEL_READS));
-    }
-    /* Set dirty send if sm.dirty_out is not empty */
-    if (t->dirty_send != -1) {
-        selector_add_raw_fd(s, t->dirty_send,
-                            (buffer_empty(state_machine_get_buffer(&t->sm,
-                                                                   SM_DIRTY_OUT))
-                             ? SEL_EXCEPTS : SEL_SENDS));
-    }
-}
-
-static int selector_select(tunala_selector_t * selector)
-{
-    memcpy(&selector->last_selected, &selector->next_select,
-           sizeof(select_sets_t));
-    selector_sets_init(&selector->next_select);
-    return select(selector->last_selected.max,
-                  &selector->last_selected.reads,
-                  &selector->last_selected.sends,
-                  &selector->last_selected.excepts, NULL);
-}
-
-/*
- * This returns -1 for error, 0 for no new connections, or 1 for success, in
- * which case *newfd is populated.
- */
-static int selector_get_listener(tunala_selector_t * selector, int fd,
-                                 int *newfd)
-{
-    if (FD_ISSET(fd, &selector->last_selected.excepts))
-        return -1;
-    if (!FD_ISSET(fd, &selector->last_selected.reads))
-        return 0;
-    if ((*newfd = ip_accept_connection(fd)) == -1)
-        return -1;
-    return 1;
-}
-
-/************************/
-/* "Tunala" world stuff */
-/************************/
-
-static int tunala_world_make_room(tunala_world_t * world)
-{
-    unsigned int newsize;
-    tunala_item_t *newarray;
-
-    if (world->tunnels_used < world->tunnels_size)
-        return 1;
-    newsize = (world->tunnels_size == 0 ? 16 :
-               ((world->tunnels_size * 3) / 2));
-    if ((newarray = malloc(newsize * sizeof(tunala_item_t))) == NULL)
-        return 0;
-    memset(newarray, 0, newsize * sizeof(tunala_item_t));
-    if (world->tunnels_used > 0)
-        memcpy(newarray, world->tunnels,
-               world->tunnels_used * sizeof(tunala_item_t));
-    if (world->tunnels_size > 0)
-        free(world->tunnels);
-    /* migrate */
-    world->tunnels = newarray;
-    world->tunnels_size = newsize;
-    return 1;
-}
-
-static int tunala_world_new_item(tunala_world_t * world, int fd,
-                                 const char *ip, unsigned short port,
-                                 int flipped)
-{
-    tunala_item_t *item;
-    int newfd;
-    SSL *new_ssl = NULL;
-
-    if (!tunala_world_make_room(world))
-        return 0;
-    if ((new_ssl = SSL_new(world->ssl_ctx)) == NULL) {
-        fprintf(stderr, "Error creating new SSL\n");
-        ERR_print_errors_fp(stderr);
-        return 0;
-    }
-    item = world->tunnels + (world->tunnels_used++);
-    state_machine_init(&item->sm);
-    item->clean_read = item->clean_send =
-        item->dirty_read = item->dirty_send = -1;
-    if ((newfd = ip_create_connection_split(ip, port)) == -1)
-        goto err;
-    /*
-     * Which way round? If we're a server, "fd" is the dirty side and the
-     * connection we open is the clean one. For a client, it's the other way
-     * around. Unless, of course, we're "flipped" in which case everything
-     * gets reversed. :-)
-     */
-    if ((world->server_mode && !flipped) || (!world->server_mode && flipped)) {
-        item->dirty_read = item->dirty_send = fd;
-        item->clean_read = item->clean_send = newfd;
-    } else {
-        item->clean_read = item->clean_send = fd;
-        item->dirty_read = item->dirty_send = newfd;
-    }
-    /*
-     * We use the SSL's "app_data" to indicate a call-back induced "kill"
-     */
-    SSL_set_app_data(new_ssl, NULL);
-    if (!state_machine_set_SSL(&item->sm, new_ssl, world->server_mode))
-        goto err;
-    return 1;
- err:
-    tunala_world_del_item(world, world->tunnels_used - 1);
-    return 0;
-
-}
-
-static void tunala_world_del_item(tunala_world_t * world, unsigned int idx)
-{
-    tunala_item_t *item = world->tunnels + idx;
-    if (item->clean_read != -1)
-        close(item->clean_read);
-    if (item->clean_send != item->clean_read)
-        close(item->clean_send);
-    item->clean_read = item->clean_send = -1;
-    if (item->dirty_read != -1)
-        close(item->dirty_read);
-    if (item->dirty_send != item->dirty_read)
-        close(item->dirty_send);
-    item->dirty_read = item->dirty_send = -1;
-    state_machine_close(&item->sm);
-    /* OK, now we fix the item array */
-    if (idx + 1 < world->tunnels_used)
-        /* We need to scroll entries to the left */
-        memmove(world->tunnels + idx,
-                world->tunnels + (idx + 1),
-                (world->tunnels_used - (idx + 1)) * sizeof(tunala_item_t));
-    world->tunnels_used--;
-}
-
-static int tunala_item_io(tunala_selector_t * selector, tunala_item_t * item)
-{
-    int c_r, c_s, d_r, d_s;     /* Four boolean flags */
-
-    /* Take ourselves out of the gene-pool if there was an except */
-    if ((item->clean_read != -1) && FD_ISSET(item->clean_read,
-                                             &selector->
-                                             last_selected.excepts))
-        return 0;
-    if ((item->clean_send != -1) && FD_ISSET(item->clean_send,
-                                             &selector->
-                                             last_selected.excepts))
-        return 0;
-    if ((item->dirty_read != -1) && FD_ISSET(item->dirty_read,
-                                             &selector->
-                                             last_selected.excepts))
-        return 0;
-    if ((item->dirty_send != -1) && FD_ISSET(item->dirty_send,
-                                             &selector->
-                                             last_selected.excepts))
-        return 0;
-    /* Grab our 4 IO flags */
-    c_r = c_s = d_r = d_s = 0;
-    if (item->clean_read != -1)
-        c_r = FD_ISSET(item->clean_read, &selector->last_selected.reads);
-    if (item->clean_send != -1)
-        c_s = FD_ISSET(item->clean_send, &selector->last_selected.sends);
-    if (item->dirty_read != -1)
-        d_r = FD_ISSET(item->dirty_read, &selector->last_selected.reads);
-    if (item->dirty_send != -1)
-        d_s = FD_ISSET(item->dirty_send, &selector->last_selected.sends);
-    /* If no IO has happened for us, skip needless data looping */
-    if (!c_r && !c_s && !d_r && !d_s)
-        return 1;
-    if (c_r)
-        c_r = (buffer_from_fd(state_machine_get_buffer(&item->sm,
-                                                       SM_CLEAN_IN),
-                              item->clean_read) <= 0);
-    if (c_s)
-        c_s = (buffer_to_fd(state_machine_get_buffer(&item->sm,
-                                                     SM_CLEAN_OUT),
-                            item->clean_send) <= 0);
-    if (d_r)
-        d_r = (buffer_from_fd(state_machine_get_buffer(&item->sm,
-                                                       SM_DIRTY_IN),
-                              item->dirty_read) <= 0);
-    if (d_s)
-        d_s = (buffer_to_fd(state_machine_get_buffer(&item->sm,
-                                                     SM_DIRTY_OUT),
-                            item->dirty_send) <= 0);
-    /* If any of the flags is non-zero, that means they need closing */
-    if (c_r) {
-        close(item->clean_read);
-        if (item->clean_send == item->clean_read)
-            item->clean_send = -1;
-        item->clean_read = -1;
-    }
-    if (c_s && (item->clean_send != -1)) {
-        close(item->clean_send);
-        if (item->clean_send == item->clean_read)
-            item->clean_read = -1;
-        item->clean_send = -1;
-    }
-    if (d_r) {
-        close(item->dirty_read);
-        if (item->dirty_send == item->dirty_read)
-            item->dirty_send = -1;
-        item->dirty_read = -1;
-    }
-    if (d_s && (item->dirty_send != -1)) {
-        close(item->dirty_send);
-        if (item->dirty_send == item->dirty_read)
-            item->dirty_read = -1;
-        item->dirty_send = -1;
-    }
-    /*
-     * This function name is attributed to the term donated by David Schwartz
-     * on openssl-dev, message-ID:
-     * <NCBBLIEPOCbmasEKBEAKEEDGLIAA.davids at webmaster.com>. :-)
-     */
-    if (!state_machine_churn(&item->sm))
-        /*
-         * If the SSL closes, it will also zero-out the _in buffers and will
-         * in future process just outgoing data. As and when the outgoing
-         * data has gone, it will return zero here to tell us to bail out.
-         */
-        return 0;
-    /* Otherwise, we return zero if both sides are dead. */
-    if (((item->clean_read == -1) || (item->clean_send == -1)) &&
-        ((item->dirty_read == -1) || (item->dirty_send == -1)))
-        return 0;
-    /*
-     * If only one side closed, notify the SSL of this so it can take
-     * appropriate action.
-     */
-    if ((item->clean_read == -1) || (item->clean_send == -1)) {
-        if (!state_machine_close_clean(&item->sm))
-            return 0;
-    }
-    if ((item->dirty_read == -1) || (item->dirty_send == -1)) {
-        if (!state_machine_close_dirty(&item->sm))
-            return 0;
-    }
-    return 1;
-}

Copied: vendor-crypto/openssl/1.0.1u/demos/tunala/tunala.c (from rev 11605, vendor-crypto/openssl/dist/demos/tunala/tunala.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/demos/tunala/tunala.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/demos/tunala/tunala.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,1183 @@
+#if defined(NO_BUFFER) || defined(NO_IP) || defined(NO_OPENSSL)
+# error "Badness, NO_BUFFER, NO_IP or NO_OPENSSL is defined, turn them *off*"
+#endif
+
+/* Include our bits'n'pieces */
+#include "tunala.h"
+
+/********************************************/
+/* Our local types that specify our "world" */
+/********************************************/
+
+/*
+ * These represent running "tunnels". Eg. if you wanted to do SSL in a
+ * "message-passing" scanario, the "int" file-descriptors might be replaced
+ * by thread or process IDs, and the "select" code might be replaced by
+ * message handling code. Whatever.
+ */
+typedef struct _tunala_item_t {
+    /*
+     * The underlying SSL state machine. This is a data-only processing unit
+     * and we communicate with it by talking to its four "buffers".
+     */
+    state_machine_t sm;
+    /*
+     * The file-descriptors for the "dirty" (encrypted) side of the SSL
+     * setup. In actuality, this is typically a socket and both values are
+     * identical.
+     */
+    int dirty_read, dirty_send;
+    /*
+     * The file-descriptors for the "clean" (unencrypted) side of the SSL
+     * setup. These could be stdin/stdout, a socket (both values the same),
+     * or whatever you like.
+     */
+    int clean_read, clean_send;
+} tunala_item_t;
+
+/*
+ * This structure is used as the data for running the main loop. Namely, in a
+ * network format such as this, it is stuff for select() - but as pointed out,
+ * when moving the real-world to somewhere else, this might be replaced by
+ * something entirely different. It's basically the stuff that controls when
+ * it's time to do some "work".
+ */
+typedef struct _select_sets_t {
+    int max;                    /* As required as the first argument to
+                                 * select() */
+    fd_set reads, sends, excepts; /* As passed to select() */
+} select_sets_t;
+typedef struct _tunala_selector_t {
+    select_sets_t last_selected; /* Results of the last select() */
+    select_sets_t next_select;  /* What we'll next select on */
+} tunala_selector_t;
+
+/*
+ * This structure is *everything*. We do it to avoid the use of globals so
+ * that, for example, it would be easier to shift things around between
+ * async-IO, thread-based, or multi-fork()ed (or combinations thereof).
+ */
+typedef struct _tunala_world_t {
+    /* The file-descriptor we "listen" on for new connections */
+    int listen_fd;
+    /* The array of tunnels */
+    tunala_item_t *tunnels;
+    /* the number of tunnels in use and allocated, respectively */
+    unsigned int tunnels_used, tunnels_size;
+    /* Our outside "loop" context stuff */
+    tunala_selector_t selector;
+    /*
+     * Our SSL_CTX, which is configured as the SSL client or server and has
+     * the various cert-settings and callbacks configured.
+     */
+    SSL_CTX *ssl_ctx;
+    /*
+     * Simple flag with complex logic :-) Indicates whether we're an SSL
+     * server or an SSL client.
+     */
+    int server_mode;
+} tunala_world_t;
+
+/*****************************/
+/* Internal static functions */
+/*****************************/
+
+static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id,
+                                   const char *CAfile, const char *cert,
+                                   const char *key, const char *dcert,
+                                   const char *dkey, const char *cipher_list,
+                                   const char *dh_file,
+                                   const char *dh_special, int tmp_rsa,
+                                   int ctx_options, int out_state,
+                                   int out_verify, int verify_mode,
+                                   unsigned int verify_depth);
+static void selector_init(tunala_selector_t * selector);
+static void selector_add_listener(tunala_selector_t * selector, int fd);
+static void selector_add_tunala(tunala_selector_t * selector,
+                                tunala_item_t * t);
+static int selector_select(tunala_selector_t * selector);
+/*
+ * This returns -1 for error, 0 for no new connections, or 1 for success, in
+ * which case *newfd is populated.
+ */
+static int selector_get_listener(tunala_selector_t * selector, int fd,
+                                 int *newfd);
+static int tunala_world_new_item(tunala_world_t * world, int fd,
+                                 const char *ip, unsigned short port,
+                                 int flipped);
+static void tunala_world_del_item(tunala_world_t * world, unsigned int idx);
+static int tunala_item_io(tunala_selector_t * selector, tunala_item_t * item);
+
+/*********************************************/
+/* MAIN FUNCTION (and its utility functions) */
+/*********************************************/
+
+static const char *def_proxyhost = "127.0.0.1:443";
+static const char *def_listenhost = "127.0.0.1:8080";
+static int def_max_tunnels = 50;
+static const char *def_cacert = NULL;
+static const char *def_cert = NULL;
+static const char *def_key = NULL;
+static const char *def_dcert = NULL;
+static const char *def_dkey = NULL;
+static const char *def_engine_id = NULL;
+static int def_server_mode = 0;
+static int def_flipped = 0;
+static const char *def_cipher_list = NULL;
+static const char *def_dh_file = NULL;
+static const char *def_dh_special = NULL;
+static int def_tmp_rsa = 1;
+static int def_ctx_options = 0;
+static int def_verify_mode = 0;
+static unsigned int def_verify_depth = 10;
+static int def_out_state = 0;
+static unsigned int def_out_verify = 0;
+static int def_out_totals = 0;
+static int def_out_conns = 0;
+
+static const char *helpstring =
+    "\n'Tunala' (A tunneler with a New Zealand accent)\n"
+    "Usage: tunala [options], where options are from;\n"
+    " -listen [host:]<port>  (default = 127.0.0.1:8080)\n"
+    " -proxy <host>:<port>   (default = 127.0.0.1:443)\n"
+    " -maxtunnels <num>      (default = 50)\n"
+    " -cacert <path|NULL>    (default = NULL)\n"
+    " -cert <path|NULL>      (default = NULL)\n"
+    " -key <path|NULL>       (default = whatever '-cert' is)\n"
+    " -dcert <path|NULL>     (usually for DSA, default = NULL)\n"
+    " -dkey <path|NULL>      (usually for DSA, default = whatever '-dcert' is)\n"
+    " -engine <id|NULL>      (default = NULL)\n"
+    " -server <0|1>          (default = 0, ie. an SSL client)\n"
+    " -flipped <0|1>         (makes SSL servers be network clients, and vice versa)\n"
+    " -cipher <list>         (specifies cipher list to use)\n"
+    " -dh_file <path>        (a PEM file containing DH parameters to use)\n"
+    " -dh_special <NULL|generate|standard> (see below: def=NULL)\n"
+    " -no_tmp_rsa            (don't generate temporary RSA keys)\n"
+    " -no_ssl2               (disable SSLv2)\n"
+    " -no_ssl3               (disable SSLv3)\n"
+    " -no_tls1               (disable TLSv1)\n"
+    " -v_peer                (verify the peer certificate)\n"
+    " -v_strict              (do not continue if peer doesn't authenticate)\n"
+    " -v_once                (no verification in renegotiates)\n"
+    " -v_depth <num>         (limit certificate chain depth, default = 10)\n"
+    " -out_conns             (prints client connections and disconnections)\n"
+    " -out_state             (prints SSL handshake states)\n"
+    " -out_verify <0|1|2|3>  (prints certificate verification states: def=1)\n"
+    " -out_totals            (prints out byte-totals when a tunnel closes)\n"
+    " -<h|help|?>            (displays this help screen)\n"
+    "Notes:\n"
+    "(1) It is recommended to specify a cert+key when operating as an SSL server.\n"
+    "    If you only specify '-cert', the same file must contain a matching\n"
+    "    private key.\n"
+    "(2) Either dh_file or dh_special can be used to specify where DH parameters\n"
+    "    will be obtained from (or '-dh_special NULL' for the default choice) but\n"
+    "    you cannot specify both. For dh_special, 'generate' will create new DH\n"
+    "    parameters on startup, and 'standard' will use embedded parameters\n"
+    "    instead.\n"
+    "(3) Normally an ssl client connects to an ssl server - so that an 'ssl client\n"
+    "    tunala' listens for 'clean' client connections and proxies ssl, and an\n"
+    "    'ssl server tunala' listens for ssl connections and proxies 'clean'. With\n"
+    "    '-flipped 1', this behaviour is reversed so that an 'ssl server tunala'\n"
+    "    listens for clean client connections and proxies ssl (but participating\n"
+    "    as an ssl *server* in the SSL/TLS protocol), and an 'ssl client tunala'\n"
+    "    listens for ssl connections (participating as an ssl *client* in the\n"
+    "    SSL/TLS protocol) and proxies 'clean' to the end destination. This can\n"
+    "    be useful for allowing network access to 'servers' where only the server\n"
+    "    needs to authenticate the client (ie. the other way is not required).\n"
+    "    Even with client and server authentication, this 'technique' mitigates\n"
+    "    some DoS (denial-of-service) potential as it will be the network client\n"
+    "    having to perform the first private key operation rather than the other\n"
+    "    way round.\n"
+    "(4) The 'technique' used by setting '-flipped 1' is probably compatible with\n"
+    "    absolutely nothing except another complimentary instance of 'tunala'\n"
+    "    running with '-flipped 1'. :-)\n";
+
+/*
+ * Default DH parameters for use with "-dh_special standard" ... stolen
+ * striaght from s_server.
+ */
+static unsigned char dh512_p[] = {
+    0xDA, 0x58, 0x3C, 0x16, 0xD9, 0x85, 0x22, 0x89, 0xD0, 0xE4, 0xAF, 0x75,
+    0x6F, 0x4C, 0xCA, 0x92, 0xDD, 0x4B, 0xE5, 0x33, 0xB8, 0x04, 0xFB, 0x0F,
+    0xED, 0x94, 0xEF, 0x9C, 0x8A, 0x44, 0x03, 0xED, 0x57, 0x46, 0x50, 0xD3,
+    0x69, 0x99, 0xDB, 0x29, 0xD7, 0x76, 0x27, 0x6B, 0xA2, 0xD3, 0xD4, 0x12,
+    0xE2, 0x18, 0xF4, 0xDD, 0x1E, 0x08, 0x4C, 0xF6, 0xD8, 0x00, 0x3E, 0x7C,
+    0x47, 0x74, 0xE8, 0x33,
+};
+
+static unsigned char dh512_g[] = {
+    0x02,
+};
+
+/*
+ * And the function that parses the above "standard" parameters, again,
+ * straight out of s_server.
+ */
+static DH *get_dh512(void)
+{
+    DH *dh = NULL;
+
+    if ((dh = DH_new()) == NULL)
+        return (NULL);
+    dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
+    dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
+    if ((dh->p == NULL) || (dh->g == NULL))
+        return (NULL);
+    return (dh);
+}
+
+/* Various help/error messages used by main() */
+static int usage(const char *errstr, int isunknownarg)
+{
+    if (isunknownarg)
+        fprintf(stderr, "Error: unknown argument '%s'\n", errstr);
+    else
+        fprintf(stderr, "Error: %s\n", errstr);
+    fprintf(stderr, "%s\n", helpstring);
+    return 1;
+}
+
+static int err_str0(const char *str0)
+{
+    fprintf(stderr, "%s\n", str0);
+    return 1;
+}
+
+static int err_str1(const char *fmt, const char *str1)
+{
+    fprintf(stderr, fmt, str1);
+    fprintf(stderr, "\n");
+    return 1;
+}
+
+static int parse_max_tunnels(const char *s, unsigned int *maxtunnels)
+{
+    unsigned long l;
+    if (!int_strtoul(s, &l) || (l < 1) || (l > 1024)) {
+        fprintf(stderr, "Error, '%s' is an invalid value for "
+                "maxtunnels\n", s);
+        return 0;
+    }
+    *maxtunnels = (unsigned int)l;
+    return 1;
+}
+
+static int parse_server_mode(const char *s, int *servermode)
+{
+    unsigned long l;
+    if (!int_strtoul(s, &l) || (l > 1)) {
+        fprintf(stderr, "Error, '%s' is an invalid value for the "
+                "server mode\n", s);
+        return 0;
+    }
+    *servermode = (int)l;
+    return 1;
+}
+
+static int parse_dh_special(const char *s, const char **dh_special)
+{
+    if ((strcmp(s, "NULL") == 0) || (strcmp(s, "generate") == 0) ||
+        (strcmp(s, "standard") == 0)) {
+        *dh_special = s;
+        return 1;
+    }
+    fprintf(stderr, "Error, '%s' is an invalid value for 'dh_special'\n", s);
+    return 0;
+}
+
+static int parse_verify_level(const char *s, unsigned int *verify_level)
+{
+    unsigned long l;
+    if (!int_strtoul(s, &l) || (l > 3)) {
+        fprintf(stderr, "Error, '%s' is an invalid value for "
+                "out_verify\n", s);
+        return 0;
+    }
+    *verify_level = (unsigned int)l;
+    return 1;
+}
+
+static int parse_verify_depth(const char *s, unsigned int *verify_depth)
+{
+    unsigned long l;
+    if (!int_strtoul(s, &l) || (l < 1) || (l > 50)) {
+        fprintf(stderr, "Error, '%s' is an invalid value for "
+                "verify_depth\n", s);
+        return 0;
+    }
+    *verify_depth = (unsigned int)l;
+    return 1;
+}
+
+/* Some fprintf format strings used when tunnels close */
+static const char *io_stats_dirty =
+    "    SSL traffic;   %8lu bytes in, %8lu bytes out\n";
+static const char *io_stats_clean =
+    "    clear traffic; %8lu bytes in, %8lu bytes out\n";
+
+int main(int argc, char *argv[])
+{
+    unsigned int loop;
+    int newfd;
+    tunala_world_t world;
+    tunala_item_t *t_item;
+    const char *proxy_ip;
+    unsigned short proxy_port;
+    /* Overridables */
+    const char *proxyhost = def_proxyhost;
+    const char *listenhost = def_listenhost;
+    unsigned int max_tunnels = def_max_tunnels;
+    const char *cacert = def_cacert;
+    const char *cert = def_cert;
+    const char *key = def_key;
+    const char *dcert = def_dcert;
+    const char *dkey = def_dkey;
+    const char *engine_id = def_engine_id;
+    int server_mode = def_server_mode;
+    int flipped = def_flipped;
+    const char *cipher_list = def_cipher_list;
+    const char *dh_file = def_dh_file;
+    const char *dh_special = def_dh_special;
+    int tmp_rsa = def_tmp_rsa;
+    int ctx_options = def_ctx_options;
+    int verify_mode = def_verify_mode;
+    unsigned int verify_depth = def_verify_depth;
+    int out_state = def_out_state;
+    unsigned int out_verify = def_out_verify;
+    int out_totals = def_out_totals;
+    int out_conns = def_out_conns;
+
+/* Parse command-line arguments */
+ next_arg:
+    argc--;
+    argv++;
+    if (argc > 0) {
+        if (strcmp(*argv, "-listen") == 0) {
+            if (argc < 2)
+                return usage("-listen requires an argument", 0);
+            argc--;
+            argv++;
+            listenhost = *argv;
+            goto next_arg;
+        } else if (strcmp(*argv, "-proxy") == 0) {
+            if (argc < 2)
+                return usage("-proxy requires an argument", 0);
+            argc--;
+            argv++;
+            proxyhost = *argv;
+            goto next_arg;
+        } else if (strcmp(*argv, "-maxtunnels") == 0) {
+            if (argc < 2)
+                return usage("-maxtunnels requires an argument", 0);
+            argc--;
+            argv++;
+            if (!parse_max_tunnels(*argv, &max_tunnels))
+                return 1;
+            goto next_arg;
+        } else if (strcmp(*argv, "-cacert") == 0) {
+            if (argc < 2)
+                return usage("-cacert requires an argument", 0);
+            argc--;
+            argv++;
+            if (strcmp(*argv, "NULL") == 0)
+                cacert = NULL;
+            else
+                cacert = *argv;
+            goto next_arg;
+        } else if (strcmp(*argv, "-cert") == 0) {
+            if (argc < 2)
+                return usage("-cert requires an argument", 0);
+            argc--;
+            argv++;
+            if (strcmp(*argv, "NULL") == 0)
+                cert = NULL;
+            else
+                cert = *argv;
+            goto next_arg;
+        } else if (strcmp(*argv, "-key") == 0) {
+            if (argc < 2)
+                return usage("-key requires an argument", 0);
+            argc--;
+            argv++;
+            if (strcmp(*argv, "NULL") == 0)
+                key = NULL;
+            else
+                key = *argv;
+            goto next_arg;
+        } else if (strcmp(*argv, "-dcert") == 0) {
+            if (argc < 2)
+                return usage("-dcert requires an argument", 0);
+            argc--;
+            argv++;
+            if (strcmp(*argv, "NULL") == 0)
+                dcert = NULL;
+            else
+                dcert = *argv;
+            goto next_arg;
+        } else if (strcmp(*argv, "-dkey") == 0) {
+            if (argc < 2)
+                return usage("-dkey requires an argument", 0);
+            argc--;
+            argv++;
+            if (strcmp(*argv, "NULL") == 0)
+                dkey = NULL;
+            else
+                dkey = *argv;
+            goto next_arg;
+        } else if (strcmp(*argv, "-engine") == 0) {
+            if (argc < 2)
+                return usage("-engine requires an argument", 0);
+            argc--;
+            argv++;
+            engine_id = *argv;
+            goto next_arg;
+        } else if (strcmp(*argv, "-server") == 0) {
+            if (argc < 2)
+                return usage("-server requires an argument", 0);
+            argc--;
+            argv++;
+            if (!parse_server_mode(*argv, &server_mode))
+                return 1;
+            goto next_arg;
+        } else if (strcmp(*argv, "-flipped") == 0) {
+            if (argc < 2)
+                return usage("-flipped requires an argument", 0);
+            argc--;
+            argv++;
+            if (!parse_server_mode(*argv, &flipped))
+                return 1;
+            goto next_arg;
+        } else if (strcmp(*argv, "-cipher") == 0) {
+            if (argc < 2)
+                return usage("-cipher requires an argument", 0);
+            argc--;
+            argv++;
+            cipher_list = *argv;
+            goto next_arg;
+        } else if (strcmp(*argv, "-dh_file") == 0) {
+            if (argc < 2)
+                return usage("-dh_file requires an argument", 0);
+            if (dh_special)
+                return usage("cannot mix -dh_file with " "-dh_special", 0);
+            argc--;
+            argv++;
+            dh_file = *argv;
+            goto next_arg;
+        } else if (strcmp(*argv, "-dh_special") == 0) {
+            if (argc < 2)
+                return usage("-dh_special requires an argument", 0);
+            if (dh_file)
+                return usage("cannot mix -dh_file with " "-dh_special", 0);
+            argc--;
+            argv++;
+            if (!parse_dh_special(*argv, &dh_special))
+                return 1;
+            goto next_arg;
+        } else if (strcmp(*argv, "-no_tmp_rsa") == 0) {
+            tmp_rsa = 0;
+            goto next_arg;
+        } else if (strcmp(*argv, "-no_ssl2") == 0) {
+            ctx_options |= SSL_OP_NO_SSLv2;
+            goto next_arg;
+        } else if (strcmp(*argv, "-no_ssl3") == 0) {
+            ctx_options |= SSL_OP_NO_SSLv3;
+            goto next_arg;
+        } else if (strcmp(*argv, "-no_tls1") == 0) {
+            ctx_options |= SSL_OP_NO_TLSv1;
+            goto next_arg;
+        } else if (strcmp(*argv, "-v_peer") == 0) {
+            verify_mode |= SSL_VERIFY_PEER;
+            goto next_arg;
+        } else if (strcmp(*argv, "-v_strict") == 0) {
+            verify_mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
+            goto next_arg;
+        } else if (strcmp(*argv, "-v_once") == 0) {
+            verify_mode |= SSL_VERIFY_CLIENT_ONCE;
+            goto next_arg;
+        } else if (strcmp(*argv, "-v_depth") == 0) {
+            if (argc < 2)
+                return usage("-v_depth requires an argument", 0);
+            argc--;
+            argv++;
+            if (!parse_verify_depth(*argv, &verify_depth))
+                return 1;
+            goto next_arg;
+        } else if (strcmp(*argv, "-out_state") == 0) {
+            out_state = 1;
+            goto next_arg;
+        } else if (strcmp(*argv, "-out_verify") == 0) {
+            if (argc < 2)
+                return usage("-out_verify requires an argument", 0);
+            argc--;
+            argv++;
+            if (!parse_verify_level(*argv, &out_verify))
+                return 1;
+            goto next_arg;
+        } else if (strcmp(*argv, "-out_totals") == 0) {
+            out_totals = 1;
+            goto next_arg;
+        } else if (strcmp(*argv, "-out_conns") == 0) {
+            out_conns = 1;
+            goto next_arg;
+        } else if ((strcmp(*argv, "-h") == 0) ||
+                   (strcmp(*argv, "-help") == 0) ||
+                   (strcmp(*argv, "-?") == 0)) {
+            fprintf(stderr, "%s\n", helpstring);
+            return 0;
+        } else
+            return usage(*argv, 1);
+    }
+    /* Run any sanity checks we want here */
+    if (!cert && !dcert && server_mode)
+        fprintf(stderr, "WARNING: you are running an SSL server without "
+                "a certificate - this may not work!\n");
+
+    /* Initialise network stuff */
+    if (!ip_initialise())
+        return err_str0("ip_initialise failed");
+    /* Create the SSL_CTX */
+    if ((world.ssl_ctx = initialise_ssl_ctx(server_mode, engine_id,
+                                            cacert, cert, key, dcert, dkey,
+                                            cipher_list, dh_file, dh_special,
+                                            tmp_rsa, ctx_options, out_state,
+                                            out_verify, verify_mode,
+                                            verify_depth)) == NULL)
+        return err_str1("initialise_ssl_ctx(engine_id=%s) failed",
+                        (engine_id == NULL) ? "NULL" : engine_id);
+    if (engine_id)
+        fprintf(stderr, "Info, engine '%s' initialised\n", engine_id);
+    /* Create the listener */
+    if ((world.listen_fd = ip_create_listener(listenhost)) == -1)
+        return err_str1("ip_create_listener(%s) failed", listenhost);
+    fprintf(stderr, "Info, listening on '%s'\n", listenhost);
+    if (!ip_parse_address(proxyhost, &proxy_ip, &proxy_port, 0))
+        return err_str1("ip_parse_address(%s) failed", proxyhost);
+    fprintf(stderr, "Info, proxying to '%s' (%d.%d.%d.%d:%d)\n", proxyhost,
+            (int)proxy_ip[0], (int)proxy_ip[1],
+            (int)proxy_ip[2], (int)proxy_ip[3], (int)proxy_port);
+    fprintf(stderr, "Info, set maxtunnels to %d\n", (int)max_tunnels);
+    fprintf(stderr, "Info, set to operate as an SSL %s\n",
+            (server_mode ? "server" : "client"));
+    /* Initialise the rest of the stuff */
+    world.tunnels_used = world.tunnels_size = 0;
+    world.tunnels = NULL;
+    world.server_mode = server_mode;
+    selector_init(&world.selector);
+
+/* We're ready to loop */
+ main_loop:
+    /* Should we listen for *new* tunnels? */
+    if (world.tunnels_used < max_tunnels)
+        selector_add_listener(&world.selector, world.listen_fd);
+    /* We should add in our existing tunnels */
+    for (loop = 0; loop < world.tunnels_used; loop++)
+        selector_add_tunala(&world.selector, world.tunnels + loop);
+    /* Now do the select */
+    switch (selector_select(&world.selector)) {
+    case -1:
+        if (errno != EINTR) {
+            fprintf(stderr, "selector_select returned a " "badness error.\n");
+            goto shouldnt_happen;
+        }
+        fprintf(stderr, "Warn, selector interrupted by a signal\n");
+        goto main_loop;
+    case 0:
+        fprintf(stderr, "Warn, selector_select returned 0 - signal?" "?\n");
+        goto main_loop;
+    default:
+        break;
+    }
+    /* Accept new connection if we should and can */
+    if ((world.tunnels_used < max_tunnels)
+        && (selector_get_listener(&world.selector, world.listen_fd, &newfd) ==
+            1)) {
+        /* We have a new connection */
+        if (!tunala_world_new_item(&world, newfd, proxy_ip,
+                                   proxy_port, flipped))
+            fprintf(stderr, "tunala_world_new_item failed\n");
+        else if (out_conns)
+            fprintf(stderr, "Info, new tunnel opened, now up to "
+                    "%d\n", world.tunnels_used);
+    }
+    /*
+     * Give each tunnel its moment, note the while loop is because it makes
+     * the logic easier than with "for" to deal with an array that may shift
+     * because of deletes.
+     */
+    loop = 0;
+    t_item = world.tunnels;
+    while (loop < world.tunnels_used) {
+        if (!tunala_item_io(&world.selector, t_item)) {
+            /*
+             * We're closing whether for reasons of an error or a natural
+             * close. Don't increment loop or t_item because the next item is
+             * moving to us!
+             */
+            if (!out_totals)
+                goto skip_totals;
+            fprintf(stderr, "Tunnel closing, traffic stats follow\n");
+            /* Display the encrypted (over the network) stats */
+            fprintf(stderr, io_stats_dirty,
+                    buffer_total_in(state_machine_get_buffer
+                                    (&t_item->sm, SM_DIRTY_IN)),
+                    buffer_total_out(state_machine_get_buffer
+                                     (&t_item->sm, SM_DIRTY_OUT)));
+            /*
+             * Display the local (tunnelled) stats. NB: Data we *receive* is
+             * data sent *out* of the state_machine on its 'clean' side.
+             * Hence the apparent back-to-front OUT/IN mixup here :-)
+             */
+            fprintf(stderr, io_stats_clean,
+                    buffer_total_out(state_machine_get_buffer
+                                     (&t_item->sm, SM_CLEAN_OUT)),
+                    buffer_total_in(state_machine_get_buffer
+                                    (&t_item->sm, SM_CLEAN_IN)));
+ skip_totals:
+            tunala_world_del_item(&world, loop);
+            if (out_conns)
+                fprintf(stderr, "Info, tunnel closed, down to %d\n",
+                        world.tunnels_used);
+        } else {
+            /* Move to the next item */
+            loop++;
+            t_item++;
+        }
+    }
+    goto main_loop;
+    /* Should never get here */
+ shouldnt_happen:
+    abort();
+    return 1;
+}
+
+/****************/
+/* OpenSSL bits */
+/****************/
+
+static int ctx_set_cert(SSL_CTX *ctx, const char *cert, const char *key)
+{
+    FILE *fp = NULL;
+    X509 *x509 = NULL;
+    EVP_PKEY *pkey = NULL;
+    int toret = 0;              /* Assume an error */
+
+    /* cert */
+    if (cert) {
+        if ((fp = fopen(cert, "r")) == NULL) {
+            fprintf(stderr, "Error opening cert file '%s'\n", cert);
+            goto err;
+        }
+        if (!PEM_read_X509(fp, &x509, NULL, NULL)) {
+            fprintf(stderr, "Error reading PEM cert from '%s'\n", cert);
+            goto err;
+        }
+        if (!SSL_CTX_use_certificate(ctx, x509)) {
+            fprintf(stderr, "Error, cert in '%s' can not be used\n", cert);
+            goto err;
+        }
+        /* Clear the FILE* for reuse in the "key" code */
+        fclose(fp);
+        fp = NULL;
+        fprintf(stderr, "Info, operating with cert in '%s'\n", cert);
+        /*
+         * If a cert was given without matching key, we assume the same file
+         * contains the required key.
+         */
+        if (!key)
+            key = cert;
+    } else {
+        if (key)
+            fprintf(stderr, "Error, can't specify a key without a "
+                    "corresponding certificate\n");
+        else
+            fprintf(stderr, "Error, ctx_set_cert called with " "NULLs!\n");
+        goto err;
+    }
+    /* key */
+    if (key) {
+        if ((fp = fopen(key, "r")) == NULL) {
+            fprintf(stderr, "Error opening key file '%s'\n", key);
+            goto err;
+        }
+        if (!PEM_read_PrivateKey(fp, &pkey, NULL, NULL)) {
+            fprintf(stderr, "Error reading PEM key from '%s'\n", key);
+            goto err;
+        }
+        if (!SSL_CTX_use_PrivateKey(ctx, pkey)) {
+            fprintf(stderr, "Error, key in '%s' can not be used\n", key);
+            goto err;
+        }
+        fprintf(stderr, "Info, operating with key in '%s'\n", key);
+    } else
+        fprintf(stderr, "Info, operating without a cert or key\n");
+    /* Success */
+    toret = 1;
+ err:
+    if (x509)
+        X509_free(x509);
+    if (pkey)
+        EVP_PKEY_free(pkey);
+    if (fp)
+        fclose(fp);
+    return toret;
+}
+
+static int ctx_set_dh(SSL_CTX *ctx, const char *dh_file,
+                      const char *dh_special)
+{
+    DH *dh = NULL;
+    FILE *fp = NULL;
+
+    if (dh_special) {
+        if (strcmp(dh_special, "NULL") == 0)
+            return 1;
+        if (strcmp(dh_special, "standard") == 0) {
+            if ((dh = get_dh512()) == NULL) {
+                fprintf(stderr, "Error, can't parse 'standard'"
+                        " DH parameters\n");
+                return 0;
+            }
+            fprintf(stderr, "Info, using 'standard' DH parameters\n");
+            goto do_it;
+        }
+        if (strcmp(dh_special, "generate") != 0)
+            /*
+             * This shouldn't happen - screening values is handled in main().
+             */
+            abort();
+        fprintf(stderr, "Info, generating DH parameters ... ");
+        fflush(stderr);
+        if (!(dh = DH_new()) || !DH_generate_parameters_ex(dh, 512,
+                                                           DH_GENERATOR_5,
+                                                           NULL)) {
+            fprintf(stderr, "error!\n");
+            if (dh)
+                DH_free(dh);
+            return 0;
+        }
+        fprintf(stderr, "complete\n");
+        goto do_it;
+    }
+    /* So, we're loading dh_file */
+    if ((fp = fopen(dh_file, "r")) == NULL) {
+        fprintf(stderr, "Error, couldn't open '%s' for DH parameters\n",
+                dh_file);
+        return 0;
+    }
+    dh = PEM_read_DHparams(fp, NULL, NULL, NULL);
+    fclose(fp);
+    if (dh == NULL) {
+        fprintf(stderr, "Error, could not parse DH parameters from '%s'\n",
+                dh_file);
+        return 0;
+    }
+    fprintf(stderr, "Info, using DH parameters from file '%s'\n", dh_file);
+ do_it:
+    SSL_CTX_set_tmp_dh(ctx, dh);
+    DH_free(dh);
+    return 1;
+}
+
+static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id,
+                                   const char *CAfile, const char *cert,
+                                   const char *key, const char *dcert,
+                                   const char *dkey, const char *cipher_list,
+                                   const char *dh_file,
+                                   const char *dh_special, int tmp_rsa,
+                                   int ctx_options, int out_state,
+                                   int out_verify, int verify_mode,
+                                   unsigned int verify_depth)
+{
+    SSL_CTX *ctx = NULL, *ret = NULL;
+    const SSL_METHOD *meth;
+    ENGINE *e = NULL;
+
+    OpenSSL_add_ssl_algorithms();
+    SSL_load_error_strings();
+
+    meth = (server_mode ? SSLv23_server_method() : SSLv23_client_method());
+    if (meth == NULL)
+        goto err;
+    if (engine_id) {
+        ENGINE_load_builtin_engines();
+        if ((e = ENGINE_by_id(engine_id)) == NULL) {
+            fprintf(stderr, "Error obtaining '%s' engine, openssl "
+                    "errors follow\n", engine_id);
+            goto err;
+        }
+        if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
+            fprintf(stderr, "Error assigning '%s' engine, openssl "
+                    "errors follow\n", engine_id);
+            goto err;
+        }
+        ENGINE_free(e);
+    }
+    if ((ctx = SSL_CTX_new(meth)) == NULL)
+        goto err;
+    /* cacert */
+    if (CAfile) {
+        if (!X509_STORE_load_locations(SSL_CTX_get_cert_store(ctx),
+                                       CAfile, NULL)) {
+            fprintf(stderr, "Error loading CA cert(s) in '%s'\n", CAfile);
+            goto err;
+        }
+        fprintf(stderr, "Info, operating with CA cert(s) in '%s'\n", CAfile);
+    } else
+        fprintf(stderr, "Info, operating without a CA cert(-list)\n");
+    if (!SSL_CTX_set_default_verify_paths(ctx)) {
+        fprintf(stderr, "Error setting default verify paths\n");
+        goto err;
+    }
+
+    /* cert and key */
+    if ((cert || key) && !ctx_set_cert(ctx, cert, key))
+        goto err;
+    /* dcert and dkey */
+    if ((dcert || dkey) && !ctx_set_cert(ctx, dcert, dkey))
+        goto err;
+    /* temporary RSA key generation */
+    if (tmp_rsa)
+        SSL_CTX_set_tmp_rsa_callback(ctx, cb_generate_tmp_rsa);
+
+    /* cipher_list */
+    if (cipher_list) {
+        if (!SSL_CTX_set_cipher_list(ctx, cipher_list)) {
+            fprintf(stderr, "Error setting cipher list '%s'\n", cipher_list);
+            goto err;
+        }
+        fprintf(stderr, "Info, set cipher list '%s'\n", cipher_list);
+    } else
+        fprintf(stderr, "Info, operating with default cipher list\n");
+
+    /* dh_file & dh_special */
+    if ((dh_file || dh_special) && !ctx_set_dh(ctx, dh_file, dh_special))
+        goto err;
+
+    /* ctx_options */
+    SSL_CTX_set_options(ctx, ctx_options);
+
+    /* out_state (output of SSL handshake states to screen). */
+    if (out_state)
+        cb_ssl_info_set_output(stderr);
+
+    /* out_verify */
+    if (out_verify > 0) {
+        cb_ssl_verify_set_output(stderr);
+        cb_ssl_verify_set_level(out_verify);
+    }
+
+    /* verify_depth */
+    cb_ssl_verify_set_depth(verify_depth);
+
+    /* Success! (includes setting verify_mode) */
+    SSL_CTX_set_info_callback(ctx, cb_ssl_info);
+    SSL_CTX_set_verify(ctx, verify_mode, cb_ssl_verify);
+    ret = ctx;
+ err:
+    if (!ret) {
+        ERR_print_errors_fp(stderr);
+        if (ctx)
+            SSL_CTX_free(ctx);
+    }
+    return ret;
+}
+
+/*****************/
+/* Selector bits */
+/*****************/
+
+static void selector_sets_init(select_sets_t * s)
+{
+    s->max = 0;
+    FD_ZERO(&s->reads);
+    FD_ZERO(&s->sends);
+    FD_ZERO(&s->excepts);
+}
+
+static void selector_init(tunala_selector_t * selector)
+{
+    selector_sets_init(&selector->last_selected);
+    selector_sets_init(&selector->next_select);
+}
+
+#define SEL_EXCEPTS 0x00
+#define SEL_READS   0x01
+#define SEL_SENDS   0x02
+static void selector_add_raw_fd(tunala_selector_t * s, int fd, int flags)
+{
+    FD_SET(fd, &s->next_select.excepts);
+    if (flags & SEL_READS)
+        FD_SET(fd, &s->next_select.reads);
+    if (flags & SEL_SENDS)
+        FD_SET(fd, &s->next_select.sends);
+    /* Adjust "max" */
+    if (s->next_select.max < (fd + 1))
+        s->next_select.max = fd + 1;
+}
+
+static void selector_add_listener(tunala_selector_t * selector, int fd)
+{
+    selector_add_raw_fd(selector, fd, SEL_READS);
+}
+
+static void selector_add_tunala(tunala_selector_t * s, tunala_item_t * t)
+{
+    /* Set clean read if sm.clean_in is not full */
+    if (t->clean_read != -1) {
+        selector_add_raw_fd(s, t->clean_read,
+                            (buffer_full(state_machine_get_buffer(&t->sm,
+                                                                  SM_CLEAN_IN))
+                             ? SEL_EXCEPTS : SEL_READS));
+    }
+    /* Set clean send if sm.clean_out is not empty */
+    if (t->clean_send != -1) {
+        selector_add_raw_fd(s, t->clean_send,
+                            (buffer_empty(state_machine_get_buffer(&t->sm,
+                                                                   SM_CLEAN_OUT))
+                             ? SEL_EXCEPTS : SEL_SENDS));
+    }
+    /* Set dirty read if sm.dirty_in is not full */
+    if (t->dirty_read != -1) {
+        selector_add_raw_fd(s, t->dirty_read,
+                            (buffer_full(state_machine_get_buffer(&t->sm,
+                                                                  SM_DIRTY_IN))
+                             ? SEL_EXCEPTS : SEL_READS));
+    }
+    /* Set dirty send if sm.dirty_out is not empty */
+    if (t->dirty_send != -1) {
+        selector_add_raw_fd(s, t->dirty_send,
+                            (buffer_empty(state_machine_get_buffer(&t->sm,
+                                                                   SM_DIRTY_OUT))
+                             ? SEL_EXCEPTS : SEL_SENDS));
+    }
+}
+
+static int selector_select(tunala_selector_t * selector)
+{
+    memcpy(&selector->last_selected, &selector->next_select,
+           sizeof(select_sets_t));
+    selector_sets_init(&selector->next_select);
+    return select(selector->last_selected.max,
+                  &selector->last_selected.reads,
+                  &selector->last_selected.sends,
+                  &selector->last_selected.excepts, NULL);
+}
+
+/*
+ * This returns -1 for error, 0 for no new connections, or 1 for success, in
+ * which case *newfd is populated.
+ */
+static int selector_get_listener(tunala_selector_t * selector, int fd,
+                                 int *newfd)
+{
+    if (FD_ISSET(fd, &selector->last_selected.excepts))
+        return -1;
+    if (!FD_ISSET(fd, &selector->last_selected.reads))
+        return 0;
+    if ((*newfd = ip_accept_connection(fd)) == -1)
+        return -1;
+    return 1;
+}
+
+/************************/
+/* "Tunala" world stuff */
+/************************/
+
+static int tunala_world_make_room(tunala_world_t * world)
+{
+    unsigned int newsize;
+    tunala_item_t *newarray;
+
+    if (world->tunnels_used < world->tunnels_size)
+        return 1;
+    newsize = (world->tunnels_size == 0 ? 16 :
+               ((world->tunnels_size * 3) / 2));
+    if ((newarray = malloc(newsize * sizeof(tunala_item_t))) == NULL)
+        return 0;
+    memset(newarray, 0, newsize * sizeof(tunala_item_t));
+    if (world->tunnels_used > 0)
+        memcpy(newarray, world->tunnels,
+               world->tunnels_used * sizeof(tunala_item_t));
+    if (world->tunnels_size > 0)
+        free(world->tunnels);
+    /* migrate */
+    world->tunnels = newarray;
+    world->tunnels_size = newsize;
+    return 1;
+}
+
+static int tunala_world_new_item(tunala_world_t * world, int fd,
+                                 const char *ip, unsigned short port,
+                                 int flipped)
+{
+    tunala_item_t *item;
+    int newfd;
+    SSL *new_ssl = NULL;
+
+    if (!tunala_world_make_room(world))
+        return 0;
+    if ((new_ssl = SSL_new(world->ssl_ctx)) == NULL) {
+        fprintf(stderr, "Error creating new SSL\n");
+        ERR_print_errors_fp(stderr);
+        return 0;
+    }
+    item = world->tunnels + (world->tunnels_used++);
+    state_machine_init(&item->sm);
+    item->clean_read = item->clean_send =
+        item->dirty_read = item->dirty_send = -1;
+    if ((newfd = ip_create_connection_split(ip, port)) == -1)
+        goto err;
+    /*
+     * Which way round? If we're a server, "fd" is the dirty side and the
+     * connection we open is the clean one. For a client, it's the other way
+     * around. Unless, of course, we're "flipped" in which case everything
+     * gets reversed. :-)
+     */
+    if ((world->server_mode && !flipped) || (!world->server_mode && flipped)) {
+        item->dirty_read = item->dirty_send = fd;
+        item->clean_read = item->clean_send = newfd;
+    } else {
+        item->clean_read = item->clean_send = fd;
+        item->dirty_read = item->dirty_send = newfd;
+    }
+    /*
+     * We use the SSL's "app_data" to indicate a call-back induced "kill"
+     */
+    SSL_set_app_data(new_ssl, NULL);
+    if (!state_machine_set_SSL(&item->sm, new_ssl, world->server_mode))
+        goto err;
+    return 1;
+ err:
+    tunala_world_del_item(world, world->tunnels_used - 1);
+    return 0;
+
+}
+
+static void tunala_world_del_item(tunala_world_t * world, unsigned int idx)
+{
+    tunala_item_t *item = world->tunnels + idx;
+    if (item->clean_read != -1)
+        close(item->clean_read);
+    if (item->clean_send != item->clean_read)
+        close(item->clean_send);
+    item->clean_read = item->clean_send = -1;
+    if (item->dirty_read != -1)
+        close(item->dirty_read);
+    if (item->dirty_send != item->dirty_read)
+        close(item->dirty_send);
+    item->dirty_read = item->dirty_send = -1;
+    state_machine_close(&item->sm);
+    /* OK, now we fix the item array */
+    if (idx + 1 < world->tunnels_used)
+        /* We need to scroll entries to the left */
+        memmove(world->tunnels + idx,
+                world->tunnels + (idx + 1),
+                (world->tunnels_used - (idx + 1)) * sizeof(tunala_item_t));
+    world->tunnels_used--;
+}
+
+static int tunala_item_io(tunala_selector_t * selector, tunala_item_t * item)
+{
+    int c_r, c_s, d_r, d_s;     /* Four boolean flags */
+
+    /* Take ourselves out of the gene-pool if there was an except */
+    if ((item->clean_read != -1) && FD_ISSET(item->clean_read,
+                                             &selector->
+                                             last_selected.excepts))
+        return 0;
+    if ((item->clean_send != -1) && FD_ISSET(item->clean_send,
+                                             &selector->
+                                             last_selected.excepts))
+        return 0;
+    if ((item->dirty_read != -1) && FD_ISSET(item->dirty_read,
+                                             &selector->
+                                             last_selected.excepts))
+        return 0;
+    if ((item->dirty_send != -1) && FD_ISSET(item->dirty_send,
+                                             &selector->
+                                             last_selected.excepts))
+        return 0;
+    /* Grab our 4 IO flags */
+    c_r = c_s = d_r = d_s = 0;
+    if (item->clean_read != -1)
+        c_r = FD_ISSET(item->clean_read, &selector->last_selected.reads);
+    if (item->clean_send != -1)
+        c_s = FD_ISSET(item->clean_send, &selector->last_selected.sends);
+    if (item->dirty_read != -1)
+        d_r = FD_ISSET(item->dirty_read, &selector->last_selected.reads);
+    if (item->dirty_send != -1)
+        d_s = FD_ISSET(item->dirty_send, &selector->last_selected.sends);
+    /* If no IO has happened for us, skip needless data looping */
+    if (!c_r && !c_s && !d_r && !d_s)
+        return 1;
+    if (c_r)
+        c_r = (buffer_from_fd(state_machine_get_buffer(&item->sm,
+                                                       SM_CLEAN_IN),
+                              item->clean_read) <= 0);
+    if (c_s)
+        c_s = (buffer_to_fd(state_machine_get_buffer(&item->sm,
+                                                     SM_CLEAN_OUT),
+                            item->clean_send) <= 0);
+    if (d_r)
+        d_r = (buffer_from_fd(state_machine_get_buffer(&item->sm,
+                                                       SM_DIRTY_IN),
+                              item->dirty_read) <= 0);
+    if (d_s)
+        d_s = (buffer_to_fd(state_machine_get_buffer(&item->sm,
+                                                     SM_DIRTY_OUT),
+                            item->dirty_send) <= 0);
+    /* If any of the flags is non-zero, that means they need closing */
+    if (c_r) {
+        close(item->clean_read);
+        if (item->clean_send == item->clean_read)
+            item->clean_send = -1;
+        item->clean_read = -1;
+    }
+    if (c_s && (item->clean_send != -1)) {
+        close(item->clean_send);
+        if (item->clean_send == item->clean_read)
+            item->clean_read = -1;
+        item->clean_send = -1;
+    }
+    if (d_r) {
+        close(item->dirty_read);
+        if (item->dirty_send == item->dirty_read)
+            item->dirty_send = -1;
+        item->dirty_read = -1;
+    }
+    if (d_s && (item->dirty_send != -1)) {
+        close(item->dirty_send);
+        if (item->dirty_send == item->dirty_read)
+            item->dirty_read = -1;
+        item->dirty_send = -1;
+    }
+    /*
+     * This function name is attributed to the term donated by David Schwartz
+     * on openssl-dev, message-ID:
+     * <NCBBLIEPOCNJOAEKBEAKEEDGLIAA.davids at webmaster.com>. :-)
+     */
+    if (!state_machine_churn(&item->sm))
+        /*
+         * If the SSL closes, it will also zero-out the _in buffers and will
+         * in future process just outgoing data. As and when the outgoing
+         * data has gone, it will return zero here to tell us to bail out.
+         */
+        return 0;
+    /* Otherwise, we return zero if both sides are dead. */
+    if (((item->clean_read == -1) || (item->clean_send == -1)) &&
+        ((item->dirty_read == -1) || (item->dirty_send == -1)))
+        return 0;
+    /*
+     * If only one side closed, notify the SSL of this so it can take
+     * appropriate action.
+     */
+    if ((item->clean_read == -1) || (item->clean_send == -1)) {
+        if (!state_machine_close_clean(&item->sm))
+            return 0;
+    }
+    if ((item->dirty_read == -1) || (item->dirty_send == -1)) {
+        if (!state_machine_close_dirty(&item->sm))
+            return 0;
+    }
+    return 1;
+}

Deleted: vendor-crypto/openssl/1.0.1u/doc/apps/ciphers.pod
===================================================================
--- vendor-crypto/openssl/dist/doc/apps/ciphers.pod	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/doc/apps/ciphers.pod	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,629 +0,0 @@
-=pod
-
-=head1 NAME
-
-ciphers - SSL cipher display and cipher list tool.
-
-=head1 SYNOPSIS
-
-B<openssl> B<ciphers>
-[B<-v>]
-[B<-V>]
-[B<-ssl2>]
-[B<-ssl3>]
-[B<-tls1>]
-[B<cipherlist>]
-
-=head1 DESCRIPTION
-
-The B<ciphers> command converts textual OpenSSL cipher lists into ordered
-SSL cipher preference lists. It can be used as a test tool to determine
-the appropriate cipherlist.
-
-=head1 COMMAND OPTIONS
-
-=over 4
-
-=item B<-v>
-
-Verbose option. List ciphers with a complete description of
-protocol version (SSLv2 or SSLv3; the latter includes TLS), key exchange,
-authentication, encryption and mac algorithms used along with any key size
-restrictions and whether the algorithm is classed as an "export" cipher.
-Note that without the B<-v> option, ciphers may seem to appear twice
-in a cipher list; this is when similar ciphers are available for
-SSL v2 and for SSL v3/TLS v1.
-
-=item B<-V>
-
-Like B<-v>, but include cipher suite codes in output (hex format).
-
-=item B<-ssl3>
-
-only include SSL v3 ciphers.
-
-=item B<-ssl2>
-
-only include SSL v2 ciphers.
-
-=item B<-tls1>
-
-only include TLS v1 ciphers.
-
-=item B<-h>, B<-?>
-
-print a brief usage message.
-
-=item B<cipherlist>
-
-a cipher list to convert to a cipher preference list. If it is not included
-then the default cipher list will be used. The format is described below.
-
-=back
-
-=head1 CIPHER LIST FORMAT
-
-The cipher list consists of one or more I<cipher strings> separated by colons.
-Commas or spaces are also acceptable separators but colons are normally used.
-
-The actual cipher string can take several different forms.
-
-It can consist of a single cipher suite such as B<RC4-SHA>.
-
-It can represent a list of cipher suites containing a certain algorithm, or
-cipher suites of a certain type. For example B<SHA1> represents all ciphers
-suites using the digest algorithm SHA1 and B<SSLv3> represents all SSL v3
-algorithms.
-
-Lists of cipher suites can be combined in a single cipher string using the
-B<+> character. This is used as a logical B<and> operation. For example
-B<SHA1+DES> represents all cipher suites containing the SHA1 B<and> the DES
-algorithms.
-
-Each cipher string can be optionally preceded by the characters B<!>,
-B<-> or B<+>.
-
-If B<!> is used then the ciphers are permanently deleted from the list.
-The ciphers deleted can never reappear in the list even if they are
-explicitly stated.
-
-If B<-> is used then the ciphers are deleted from the list, but some or
-all of the ciphers can be added again by later options.
-
-If B<+> is used then the ciphers are moved to the end of the list. This
-option doesn't add any new ciphers it just moves matching existing ones.
-
-If none of these characters is present then the string is just interpreted
-as a list of ciphers to be appended to the current preference list. If the
-list includes any ciphers already present they will be ignored: that is they
-will not moved to the end of the list.
-
-Additionally the cipher string B<@STRENGTH> can be used at any point to sort
-the current cipher list in order of encryption algorithm key length.
-
-=head1 CIPHER STRINGS
-
-The following is a list of all permitted cipher strings and their meanings.
-
-=over 4
-
-=item B<DEFAULT>
-
-the default cipher list. This is determined at compile time and
-is normally B<ALL:!EXPORT:!aNULL:!eNULL:!SSLv2>. This must be the firstcipher string
-specified.
-
-=item B<COMPLEMENTOFDEFAULT>
-
-the ciphers included in B<ALL>, but not enabled by default. Currently
-this is B<ADH> and B<AECDH>. Note that this rule does not cover B<eNULL>,
-which is not included by B<ALL> (use B<COMPLEMENTOFALL> if necessary).
-
-=item B<ALL>
-
-all cipher suites except the B<eNULL> ciphers which must be explicitly enabled;
-as of OpenSSL, the B<ALL> cipher suites are reasonably ordered by default
-
-=item B<COMPLEMENTOFALL>
-
-the cipher suites not enabled by B<ALL>, currently being B<eNULL>.
-
-=item B<HIGH>
-
-"high" encryption cipher suites. This currently means those with key lengths larger
-than 128 bits, and some cipher suites with 128-bit keys.
-
-=item B<MEDIUM>
-
-"medium" encryption cipher suites, currently some of those using 128 bit encryption.
-
-=item B<LOW>
-
-"low" encryption cipher suites, currently those using 64 or 56 bit encryption algorithms
-but excluding export cipher suites.
-
-=item B<EXP>, B<EXPORT>
-
-export encryption algorithms. Including 40 and 56 bits algorithms.
-
-=item B<EXPORT40>
-
-40 bit export encryption algorithms
-
-=item B<EXPORT56>
-
-56 bit export encryption algorithms. In OpenSSL 0.9.8c and later the set of
-56 bit export ciphers is empty unless OpenSSL has been explicitly configured
-with support for experimental ciphers.
-
-=item B<eNULL>, B<NULL>
-
-the "NULL" ciphers that is those offering no encryption. Because these offer no
-encryption at all and are a security risk they are disabled unless explicitly
-included.
-
-=item B<aNULL>
-
-the cipher suites offering no authentication. This is currently the anonymous
-DH algorithms and anonymous ECDH algorithms. These cipher suites are vulnerable
-to a "man in the middle" attack and so their use is normally discouraged.
-
-=item B<kRSA>, B<RSA>
-
-cipher suites using RSA key exchange.
-
-=item B<kDHr>, B<kDHd>, B<kDH>
-
-cipher suites using DH key agreement and DH certificates signed by CAs with RSA
-and DSS keys or either respectively. Not implemented.
-
-=item B<kEDH>
-
-cipher suites using ephemeral DH key agreement, including anonymous cipher
-suites.
-
-=item B<EDH>
-
-cipher suites using authenticated ephemeral DH key agreement.
-
-=item B<ADH>
-
-anonymous DH cipher suites, note that this does not include anonymous Elliptic
-Curve DH (ECDH) cipher suites.
-
-=item B<DH>
-
-cipher suites using DH, including anonymous DH, ephemeral DH and fixed DH.
-
-=item B<kECDHr>, B<kECDHe>, B<kECDH>
-
-cipher suites using fixed ECDH key agreement signed by CAs with RSA and ECDSA
-keys or either respectively.
-
-=item B<kEECDH>
-
-cipher suites using ephemeral ECDH key agreement, including anonymous
-cipher suites.
-
-=item B<EECDH>
-
-cipher suites using authenticated ephemeral ECDH key agreement.
-
-=item B<AECDH>
-
-anonymous Elliptic Curve Diffie Hellman cipher suites.
-
-=item B<ECDH>
-
-cipher suites using ECDH key exchange, including anonymous, ephemeral and
-fixed ECDH.
-
-=item B<aRSA>
-
-cipher suites using RSA authentication, i.e. the certificates carry RSA keys.
-
-=item B<aDSS>, B<DSS>
-
-cipher suites using DSS authentication, i.e. the certificates carry DSS keys.
-
-=item B<aDH>
-
-cipher suites effectively using DH authentication, i.e. the certificates carry
-DH keys.  Not implemented.
-
-=item B<aECDH>
-
-cipher suites effectively using ECDH authentication, i.e. the certificates
-carry ECDH keys.
-
-=item B<aECDSA>, B<ECDSA>
-
-cipher suites using ECDSA authentication, i.e. the certificates carry ECDSA
-keys.
-
-=item B<kFZA>, B<aFZA>, B<eFZA>, B<FZA>
-
-ciphers suites using FORTEZZA key exchange, authentication, encryption or all
-FORTEZZA algorithms. Not implemented.
-
-=item B<TLSv1.2>, B<TLSv1>, B<SSLv3>, B<SSLv2>
-
-TLS v1.2, TLS v1.0, SSL v3.0 or SSL v2.0 cipher suites respectively. Note:
-there are no ciphersuites specific to TLS v1.1.
-
-=item B<AES128>, B<AES256>, B<AES>
-
-cipher suites using 128 bit AES, 256 bit AES or either 128 or 256 bit AES.
-
-=item B<AESGCM>
-
-AES in Galois Counter Mode (GCM): these ciphersuites are only supported
-in TLS v1.2.
-
-=item B<CAMELLIA128>, B<CAMELLIA256>, B<CAMELLIA>
-
-cipher suites using 128 bit CAMELLIA, 256 bit CAMELLIA or either 128 or 256 bit
-CAMELLIA.
-
-=item B<3DES>
-
-cipher suites using triple DES.
-
-=item B<DES>
-
-cipher suites using DES (not triple DES).
-
-=item B<RC4>
-
-cipher suites using RC4.
-
-=item B<RC2>
-
-cipher suites using RC2.
-
-=item B<IDEA>
-
-cipher suites using IDEA.
-
-=item B<SEED>
-
-cipher suites using SEED.
-
-=item B<MD5>
-
-cipher suites using MD5.
-
-=item B<SHA1>, B<SHA>
-
-cipher suites using SHA1.
-
-=item B<SHA256>, B<SHA384>
-
-ciphersuites using SHA256 or SHA384.
-
-=item B<aGOST> 
-
-cipher suites using GOST R 34.10 (either 2001 or 94) for authenticaction
-(needs an engine supporting GOST algorithms). 
-
-=item B<aGOST01>
-
-cipher suites using GOST R 34.10-2001 authentication.
-
-=item B<aGOST94>
-
-cipher suites using GOST R 34.10-94 authentication (note that R 34.10-94
-standard has been expired so use GOST R 34.10-2001)
-
-=item B<kGOST>
-
-cipher suites, using VKO 34.10 key exchange, specified in the RFC 4357.
-
-=item B<GOST94>
-
-cipher suites, using HMAC based on GOST R 34.11-94.
-
-=item B<GOST89MAC>
-
-cipher suites using GOST 28147-89 MAC B<instead of> HMAC.
-
-=item B<PSK>
-
-cipher suites using pre-shared keys (PSK).
-
-=back
-
-=head1 CIPHER SUITE NAMES
-
-The following lists give the SSL or TLS cipher suites names from the
-relevant specification and their OpenSSL equivalents. It should be noted,
-that several cipher suite names do not include the authentication used,
-e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
-
-=head2 SSL v3.0 cipher suites.
-
- SSL_RSA_WITH_NULL_MD5                   NULL-MD5
- SSL_RSA_WITH_NULL_SHA                   NULL-SHA
- SSL_RSA_EXPORT_WITH_RC4_40_MD5          EXP-RC4-MD5
- SSL_RSA_WITH_RC4_128_MD5                RC4-MD5
- SSL_RSA_WITH_RC4_128_SHA                RC4-SHA
- SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5      EXP-RC2-CBC-MD5
- SSL_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
- SSL_RSA_EXPORT_WITH_DES40_CBC_SHA       EXP-DES-CBC-SHA
- SSL_RSA_WITH_DES_CBC_SHA                DES-CBC-SHA
- SSL_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA
-
- SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
- SSL_DH_DSS_WITH_DES_CBC_SHA             Not implemented.
- SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA        Not implemented.
- SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
- SSL_DH_RSA_WITH_DES_CBC_SHA             Not implemented.
- SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA        Not implemented.
- SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA   EXP-EDH-DSS-DES-CBC-SHA
- SSL_DHE_DSS_WITH_DES_CBC_SHA            EDH-DSS-CBC-SHA
- SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA       EDH-DSS-DES-CBC3-SHA
- SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA   EXP-EDH-RSA-DES-CBC-SHA
- SSL_DHE_RSA_WITH_DES_CBC_SHA            EDH-RSA-DES-CBC-SHA
- SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA       EDH-RSA-DES-CBC3-SHA
-
- SSL_DH_anon_EXPORT_WITH_RC4_40_MD5      EXP-ADH-RC4-MD5
- SSL_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
- SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA   EXP-ADH-DES-CBC-SHA
- SSL_DH_anon_WITH_DES_CBC_SHA            ADH-DES-CBC-SHA
- SSL_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
-
- SSL_FORTEZZA_KEA_WITH_NULL_SHA          Not implemented.
- SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA  Not implemented.
- SSL_FORTEZZA_KEA_WITH_RC4_128_SHA       Not implemented.
-
-=head2 TLS v1.0 cipher suites.
-
- TLS_RSA_WITH_NULL_MD5                   NULL-MD5
- TLS_RSA_WITH_NULL_SHA                   NULL-SHA
- TLS_RSA_EXPORT_WITH_RC4_40_MD5          EXP-RC4-MD5
- TLS_RSA_WITH_RC4_128_MD5                RC4-MD5
- TLS_RSA_WITH_RC4_128_SHA                RC4-SHA
- TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5      EXP-RC2-CBC-MD5
- TLS_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
- TLS_RSA_EXPORT_WITH_DES40_CBC_SHA       EXP-DES-CBC-SHA
- TLS_RSA_WITH_DES_CBC_SHA                DES-CBC-SHA
- TLS_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA
-
- TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
- TLS_DH_DSS_WITH_DES_CBC_SHA             Not implemented.
- TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA        Not implemented.
- TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
- TLS_DH_RSA_WITH_DES_CBC_SHA             Not implemented.
- TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA        Not implemented.
- TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA   EXP-EDH-DSS-DES-CBC-SHA
- TLS_DHE_DSS_WITH_DES_CBC_SHA            EDH-DSS-CBC-SHA
- TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA       EDH-DSS-DES-CBC3-SHA
- TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA   EXP-EDH-RSA-DES-CBC-SHA
- TLS_DHE_RSA_WITH_DES_CBC_SHA            EDH-RSA-DES-CBC-SHA
- TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA       EDH-RSA-DES-CBC3-SHA
-
- TLS_DH_anon_EXPORT_WITH_RC4_40_MD5      EXP-ADH-RC4-MD5
- TLS_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
- TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA   EXP-ADH-DES-CBC-SHA
- TLS_DH_anon_WITH_DES_CBC_SHA            ADH-DES-CBC-SHA
- TLS_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
-
-=head2 AES ciphersuites from RFC3268, extending TLS v1.0
-
- TLS_RSA_WITH_AES_128_CBC_SHA            AES128-SHA
- TLS_RSA_WITH_AES_256_CBC_SHA            AES256-SHA
-
- TLS_DH_DSS_WITH_AES_128_CBC_SHA         Not implemented.
- TLS_DH_DSS_WITH_AES_256_CBC_SHA         Not implemented.
- TLS_DH_RSA_WITH_AES_128_CBC_SHA         Not implemented.
- TLS_DH_RSA_WITH_AES_256_CBC_SHA         Not implemented.
-
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA        DHE-DSS-AES128-SHA
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA        DHE-DSS-AES256-SHA
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA        DHE-RSA-AES128-SHA
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA        DHE-RSA-AES256-SHA
-
- TLS_DH_anon_WITH_AES_128_CBC_SHA        ADH-AES128-SHA
- TLS_DH_anon_WITH_AES_256_CBC_SHA        ADH-AES256-SHA
-
-=head2 Camellia ciphersuites from RFC4132, extending TLS v1.0
-
- TLS_RSA_WITH_CAMELLIA_128_CBC_SHA      CAMELLIA128-SHA
- TLS_RSA_WITH_CAMELLIA_256_CBC_SHA      CAMELLIA256-SHA
-
- TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA   Not implemented.
- TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA   Not implemented.
- TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA   Not implemented.
- TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA   Not implemented.
-
- TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA  DHE-DSS-CAMELLIA128-SHA
- TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA  DHE-DSS-CAMELLIA256-SHA
- TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA  DHE-RSA-CAMELLIA128-SHA
- TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA  DHE-RSA-CAMELLIA256-SHA
-
- TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA  ADH-CAMELLIA128-SHA
- TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA  ADH-CAMELLIA256-SHA
-
-=head2 SEED ciphersuites from RFC4162, extending TLS v1.0
-
- TLS_RSA_WITH_SEED_CBC_SHA              SEED-SHA
-
- TLS_DH_DSS_WITH_SEED_CBC_SHA           Not implemented.
- TLS_DH_RSA_WITH_SEED_CBC_SHA           Not implemented.
-
- TLS_DHE_DSS_WITH_SEED_CBC_SHA          DHE-DSS-SEED-SHA
- TLS_DHE_RSA_WITH_SEED_CBC_SHA          DHE-RSA-SEED-SHA
-
- TLS_DH_anon_WITH_SEED_CBC_SHA          ADH-SEED-SHA
-
-=head2 GOST ciphersuites from draft-chudov-cryptopro-cptls, extending TLS v1.0
-
-Note: these ciphers require an engine which including GOST cryptographic
-algorithms, such as the B<ccgost> engine, included in the OpenSSL distribution.
-
- TLS_GOSTR341094_WITH_28147_CNT_IMIT GOST94-GOST89-GOST89
- TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001-GOST89-GOST89
- TLS_GOSTR341094_WITH_NULL_GOSTR3411 GOST94-NULL-GOST94
- TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001-NULL-GOST94
-
-=head2 Additional Export 1024 and other cipher suites
-
-Note: these ciphers can also be used in SSL v3.
-
- TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA     EXP1024-DES-CBC-SHA
- TLS_RSA_EXPORT1024_WITH_RC4_56_SHA      EXP1024-RC4-SHA
- TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DHE-DSS-DES-CBC-SHA
- TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA  EXP1024-DHE-DSS-RC4-SHA
- TLS_DHE_DSS_WITH_RC4_128_SHA            DHE-DSS-RC4-SHA
-
-=head2 Elliptic curve cipher suites.
-
- TLS_ECDH_RSA_WITH_NULL_SHA              ECDH-RSA-NULL-SHA
- TLS_ECDH_RSA_WITH_RC4_128_SHA           ECDH-RSA-RC4-SHA
- TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA      ECDH-RSA-DES-CBC3-SHA
- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA       ECDH-RSA-AES128-SHA
- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA       ECDH-RSA-AES256-SHA
-
- TLS_ECDH_ECDSA_WITH_NULL_SHA            ECDH-ECDSA-NULL-SHA
- TLS_ECDH_ECDSA_WITH_RC4_128_SHA         ECDH-ECDSA-RC4-SHA
- TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA    ECDH-ECDSA-DES-CBC3-SHA
- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA     ECDH-ECDSA-AES128-SHA
- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA     ECDH-ECDSA-AES256-SHA
-
- TLS_ECDHE_RSA_WITH_NULL_SHA             ECDHE-RSA-NULL-SHA
- TLS_ECDHE_RSA_WITH_RC4_128_SHA          ECDHE-RSA-RC4-SHA
- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA     ECDHE-RSA-DES-CBC3-SHA
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA      ECDHE-RSA-AES128-SHA
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA      ECDHE-RSA-AES256-SHA
-
- TLS_ECDHE_ECDSA_WITH_NULL_SHA           ECDHE-ECDSA-NULL-SHA
- TLS_ECDHE_ECDSA_WITH_RC4_128_SHA        ECDHE-ECDSA-RC4-SHA
- TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA   ECDHE-ECDSA-DES-CBC3-SHA
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA    ECDHE-ECDSA-AES128-SHA
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA    ECDHE-ECDSA-AES256-SHA
-
- TLS_ECDH_anon_WITH_NULL_SHA             AECDH-NULL-SHA
- TLS_ECDH_anon_WITH_RC4_128_SHA          AECDH-RC4-SHA
- TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA     AECDH-DES-CBC3-SHA
- TLS_ECDH_anon_WITH_AES_128_CBC_SHA      AECDH-AES128-SHA
- TLS_ECDH_anon_WITH_AES_256_CBC_SHA      AECDH-AES256-SHA
-
-=head2 TLS v1.2 cipher suites
-
- TLS_RSA_WITH_NULL_SHA256                  NULL-SHA256
-
- TLS_RSA_WITH_AES_128_CBC_SHA256           AES128-SHA256
- TLS_RSA_WITH_AES_256_CBC_SHA256           AES256-SHA256
- TLS_RSA_WITH_AES_128_GCM_SHA256           AES128-GCM-SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384           AES256-GCM-SHA384
-
- TLS_DH_RSA_WITH_AES_128_CBC_SHA256        Not implemented.
- TLS_DH_RSA_WITH_AES_256_CBC_SHA256        Not implemented.
- TLS_DH_RSA_WITH_AES_128_GCM_SHA256        Not implemented.
- TLS_DH_RSA_WITH_AES_256_GCM_SHA384        Not implemented.
-
- TLS_DH_DSS_WITH_AES_128_CBC_SHA256        Not implemented.
- TLS_DH_DSS_WITH_AES_256_CBC_SHA256        Not implemented.
- TLS_DH_DSS_WITH_AES_128_GCM_SHA256        Not implemented.
- TLS_DH_DSS_WITH_AES_256_GCM_SHA384        Not implemented.
-
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA256       DHE-RSA-AES128-SHA256
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA256       DHE-RSA-AES256-SHA256
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256       DHE-RSA-AES128-GCM-SHA256
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384       DHE-RSA-AES256-GCM-SHA384
-
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA256       DHE-DSS-AES128-SHA256
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA256       DHE-DSS-AES256-SHA256
- TLS_DHE_DSS_WITH_AES_128_GCM_SHA256       DHE-DSS-AES128-GCM-SHA256
- TLS_DHE_DSS_WITH_AES_256_GCM_SHA384       DHE-DSS-AES256-GCM-SHA384
-
- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256      ECDH-RSA-AES128-SHA256
- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384      ECDH-RSA-AES256-SHA384
- TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256      ECDH-RSA-AES128-GCM-SHA256
- TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384      ECDH-RSA-AES256-GCM-SHA384
-
- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256    ECDH-ECDSA-AES128-SHA256
- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384    ECDH-ECDSA-AES256-SHA384
- TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256    ECDH-ECDSA-AES128-GCM-SHA256
- TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384    ECDH-ECDSA-AES256-GCM-SHA384
-
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256     ECDHE-RSA-AES128-SHA256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384     ECDHE-RSA-AES256-SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256     ECDHE-RSA-AES128-GCM-SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384     ECDHE-RSA-AES256-GCM-SHA384
-
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256   ECDHE-ECDSA-AES128-SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384   ECDHE-ECDSA-AES256-SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDHE-ECDSA-AES128-GCM-SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDHE-ECDSA-AES256-GCM-SHA384
-
- TLS_DH_anon_WITH_AES_128_CBC_SHA256       ADH-AES128-SHA256
- TLS_DH_anon_WITH_AES_256_CBC_SHA256       ADH-AES256-SHA256
- TLS_DH_anon_WITH_AES_128_GCM_SHA256       ADH-AES128-GCM-SHA256
- TLS_DH_anon_WITH_AES_256_GCM_SHA384       ADH-AES256-GCM-SHA384
-
-=head2 Pre shared keying (PSK) cipheruites
-
- TLS_PSK_WITH_RC4_128_SHA                  PSK-RC4-SHA
- TLS_PSK_WITH_3DES_EDE_CBC_SHA             PSK-3DES-EDE-CBC-SHA
- TLS_PSK_WITH_AES_128_CBC_SHA              PSK-AES128-CBC-SHA
- TLS_PSK_WITH_AES_256_CBC_SHA              PSK-AES256-CBC-SHA
-
-=head2 Deprecated SSL v2.0 cipher suites.
-
- SSL_CK_RC4_128_WITH_MD5                 RC4-MD5
- SSL_CK_RC4_128_EXPORT40_WITH_MD5        EXP-RC4-MD5
- SSL_CK_RC2_128_CBC_WITH_MD5             RC2-MD5
- SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5    EXP-RC2-MD5
- SSL_CK_IDEA_128_CBC_WITH_MD5            IDEA-CBC-MD5
- SSL_CK_DES_64_CBC_WITH_MD5              DES-CBC-MD5
- SSL_CK_DES_192_EDE3_CBC_WITH_MD5        DES-CBC3-MD5
-
-=head1 NOTES
-
-The non-ephemeral DH modes are currently unimplemented in OpenSSL
-because there is no support for DH certificates.
-
-Some compiled versions of OpenSSL may not include all the ciphers
-listed here because some ciphers were excluded at compile time.
-
-=head1 EXAMPLES
-
-Verbose listing of all OpenSSL ciphers including NULL ciphers:
-
- openssl ciphers -v 'ALL:eNULL'
-
-Include all ciphers except NULL and anonymous DH then sort by
-strength:
-
- openssl ciphers -v 'ALL:!ADH:@STRENGTH'
-
-Include all ciphers except ones with no encryption (eNULL) or no
-authentication (aNULL):
-
- openssl ciphers -v 'ALL:!aNULL'
-
-Include only 3DES ciphers and then place RSA ciphers last:
-
- openssl ciphers -v '3DES:+RSA'
-
-Include all RC4 ciphers but leave out those without authentication:
-
- openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT'
-
-Include all chiphers with RSA authentication but leave out ciphers without
-encryption.
-
- openssl ciphers -v 'RSA:!COMPLEMENTOFALL'
-
-=head1 SEE ALSO
-
-L<s_client(1)|s_client(1)>, L<s_server(1)|s_server(1)>, L<ssl(3)|ssl(3)>
-
-=head1 HISTORY
-
-The B<COMPLENTOFALL> and B<COMPLEMENTOFDEFAULT> selection options
-for cipherlist strings were added in OpenSSL 0.9.7.
-The B<-V> option for the B<ciphers> command was added in OpenSSL 1.0.0.
-
-=cut

Copied: vendor-crypto/openssl/1.0.1u/doc/apps/ciphers.pod (from rev 11605, vendor-crypto/openssl/dist/doc/apps/ciphers.pod)
===================================================================
--- vendor-crypto/openssl/1.0.1u/doc/apps/ciphers.pod	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/doc/apps/ciphers.pod	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,638 @@
+=pod
+
+=head1 NAME
+
+ciphers - SSL cipher display and cipher list tool.
+
+=head1 SYNOPSIS
+
+B<openssl> B<ciphers>
+[B<-v>]
+[B<-V>]
+[B<-ssl2>]
+[B<-ssl3>]
+[B<-tls1>]
+[B<cipherlist>]
+
+=head1 DESCRIPTION
+
+The B<ciphers> command converts textual OpenSSL cipher lists into ordered
+SSL cipher preference lists. It can be used as a test tool to determine
+the appropriate cipherlist.
+
+=head1 COMMAND OPTIONS
+
+=over 4
+
+=item B<-v>
+
+Verbose option. List ciphers with a complete description of
+protocol version (SSLv2 or SSLv3; the latter includes TLS), key exchange,
+authentication, encryption and mac algorithms used along with any key size
+restrictions and whether the algorithm is classed as an "export" cipher.
+Note that without the B<-v> option, ciphers may seem to appear twice
+in a cipher list; this is when similar ciphers are available for
+SSL v2 and for SSL v3/TLS v1.
+
+=item B<-V>
+
+Like B<-v>, but include cipher suite codes in output (hex format).
+
+=item B<-ssl3>, B<-tls1>
+
+This lists ciphers compatible with any of SSLv3, TLSv1, TLSv1.1 or TLSv1.2.
+
+=item B<-ssl2>
+
+Only include SSLv2 ciphers.
+
+=item B<-h>, B<-?>
+
+Print a brief usage message.
+
+=item B<cipherlist>
+
+A cipher list to convert to a cipher preference list. If it is not included
+then the default cipher list will be used. The format is described below.
+
+=back
+
+=head1 CIPHER LIST FORMAT
+
+The cipher list consists of one or more I<cipher strings> separated by colons.
+Commas or spaces are also acceptable separators but colons are normally used.
+
+The actual cipher string can take several different forms.
+
+It can consist of a single cipher suite such as B<RC4-SHA>.
+
+It can represent a list of cipher suites containing a certain algorithm, or
+cipher suites of a certain type. For example B<SHA1> represents all ciphers
+suites using the digest algorithm SHA1 and B<SSLv3> represents all SSL v3
+algorithms.
+
+Lists of cipher suites can be combined in a single cipher string using the
+B<+> character. This is used as a logical B<and> operation. For example
+B<SHA1+DES> represents all cipher suites containing the SHA1 B<and> the DES
+algorithms.
+
+Each cipher string can be optionally preceded by the characters B<!>,
+B<-> or B<+>.
+
+If B<!> is used then the ciphers are permanently deleted from the list.
+The ciphers deleted can never reappear in the list even if they are
+explicitly stated.
+
+If B<-> is used then the ciphers are deleted from the list, but some or
+all of the ciphers can be added again by later options.
+
+If B<+> is used then the ciphers are moved to the end of the list. This
+option doesn't add any new ciphers it just moves matching existing ones.
+
+If none of these characters is present then the string is just interpreted
+as a list of ciphers to be appended to the current preference list. If the
+list includes any ciphers already present they will be ignored: that is they
+will not moved to the end of the list.
+
+Additionally the cipher string B<@STRENGTH> can be used at any point to sort
+the current cipher list in order of encryption algorithm key length.
+
+=head1 CIPHER STRINGS
+
+The following is a list of all permitted cipher strings and their meanings.
+
+=over 4
+
+=item B<DEFAULT>
+
+The default cipher list.
+This is determined at compile time and is normally
+B<ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2>.
+When used, this must be the first cipherstring specified.
+
+=item B<COMPLEMENTOFDEFAULT>
+
+the ciphers included in B<ALL>, but not enabled by default. Currently
+this is B<ADH> and B<AECDH>. Note that this rule does not cover B<eNULL>,
+which is not included by B<ALL> (use B<COMPLEMENTOFALL> if necessary).
+
+=item B<ALL>
+
+all cipher suites except the B<eNULL> ciphers which must be explicitly enabled;
+as of OpenSSL, the B<ALL> cipher suites are reasonably ordered by default
+
+=item B<COMPLEMENTOFALL>
+
+the cipher suites not enabled by B<ALL>, currently being B<eNULL>.
+
+=item B<HIGH>
+
+"high" encryption cipher suites. This currently means those with key lengths larger
+than 128 bits, and some cipher suites with 128-bit keys.
+
+=item B<MEDIUM>
+
+"medium" encryption cipher suites, currently some of those using 128 bit encryption.
+
+=item B<LOW>
+
+Low strength encryption cipher suites, currently those using 64 or 56 bit
+encryption algorithms but excluding export cipher suites.
+As of OpenSSL 1.0.1s, these are disabled in default builds.
+
+=item B<EXP>, B<EXPORT>
+
+Export strength encryption algorithms. Including 40 and 56 bits algorithms.
+As of OpenSSL 1.0.1s, these are disabled in default builds.
+
+=item B<EXPORT40>
+
+40-bit export encryption algorithms
+As of OpenSSL 1.0.1s, these are disabled in default builds.
+
+=item B<EXPORT56>
+
+56-bit export encryption algorithms. In OpenSSL 0.9.8c and later the set of
+56 bit export ciphers is empty unless OpenSSL has been explicitly configured
+with support for experimental ciphers.
+As of OpenSSL 1.0.1s, these are disabled in default builds.
+
+=item B<eNULL>, B<NULL>
+
+The "NULL" ciphers that is those offering no encryption. Because these offer no
+encryption at all and are a security risk they are not enabled via either the
+B<DEFAULT> or B<ALL> cipher strings.
+Be careful when building cipherlists out of lower-level primitives such as
+B<kRSA> or B<aECDSA> as these do overlap with the B<eNULL> ciphers.
+When in doubt, include B<!eNULL> in your cipherlist.
+
+=item B<aNULL>
+
+The cipher suites offering no authentication. This is currently the anonymous
+DH algorithms and anonymous ECDH algorithms. These cipher suites are vulnerable
+to a "man in the middle" attack and so their use is normally discouraged.
+These are excluded from the B<DEFAULT> ciphers, but included in the B<ALL>
+ciphers.
+Be careful when building cipherlists out of lower-level primitives such as
+B<kDHE> or B<AES> as these do overlap with the B<aNULL> ciphers.
+When in doubt, include B<!aNULL> in your cipherlist.
+
+=item B<kRSA>, B<RSA>
+
+cipher suites using RSA key exchange.
+
+=item B<kDHr>, B<kDHd>, B<kDH>
+
+cipher suites using DH key agreement and DH certificates signed by CAs with RSA
+and DSS keys or either respectively. Not implemented.
+
+=item B<kEDH>
+
+cipher suites using ephemeral DH key agreement, including anonymous cipher
+suites.
+
+=item B<EDH>
+
+cipher suites using authenticated ephemeral DH key agreement.
+
+=item B<ADH>
+
+anonymous DH cipher suites, note that this does not include anonymous Elliptic
+Curve DH (ECDH) cipher suites.
+
+=item B<DH>
+
+cipher suites using DH, including anonymous DH, ephemeral DH and fixed DH.
+
+=item B<kECDHr>, B<kECDHe>, B<kECDH>
+
+cipher suites using fixed ECDH key agreement signed by CAs with RSA and ECDSA
+keys or either respectively.
+
+=item B<kEECDH>
+
+cipher suites using ephemeral ECDH key agreement, including anonymous
+cipher suites.
+
+=item B<EECDH>
+
+cipher suites using authenticated ephemeral ECDH key agreement.
+
+=item B<AECDH>
+
+anonymous Elliptic Curve Diffie Hellman cipher suites.
+
+=item B<ECDH>
+
+cipher suites using ECDH key exchange, including anonymous, ephemeral and
+fixed ECDH.
+
+=item B<aRSA>
+
+cipher suites using RSA authentication, i.e. the certificates carry RSA keys.
+
+=item B<aDSS>, B<DSS>
+
+cipher suites using DSS authentication, i.e. the certificates carry DSS keys.
+
+=item B<aDH>
+
+cipher suites effectively using DH authentication, i.e. the certificates carry
+DH keys.  Not implemented.
+
+=item B<aECDH>
+
+cipher suites effectively using ECDH authentication, i.e. the certificates
+carry ECDH keys.
+
+=item B<aECDSA>, B<ECDSA>
+
+cipher suites using ECDSA authentication, i.e. the certificates carry ECDSA
+keys.
+
+=item B<kFZA>, B<aFZA>, B<eFZA>, B<FZA>
+
+ciphers suites using FORTEZZA key exchange, authentication, encryption or all
+FORTEZZA algorithms. Not implemented.
+
+=item B<TLSv1.2>, B<TLSv1>, B<SSLv3>, B<SSLv2>
+
+TLS v1.2, TLS v1.0, SSL v3.0 or SSL v2.0 cipher suites respectively. Note:
+there are no ciphersuites specific to TLS v1.1.
+
+=item B<AES128>, B<AES256>, B<AES>
+
+cipher suites using 128 bit AES, 256 bit AES or either 128 or 256 bit AES.
+
+=item B<AESGCM>
+
+AES in Galois Counter Mode (GCM): these ciphersuites are only supported
+in TLS v1.2.
+
+=item B<CAMELLIA128>, B<CAMELLIA256>, B<CAMELLIA>
+
+cipher suites using 128 bit CAMELLIA, 256 bit CAMELLIA or either 128 or 256 bit
+CAMELLIA.
+
+=item B<3DES>
+
+cipher suites using triple DES.
+
+=item B<DES>
+
+cipher suites using DES (not triple DES).
+
+=item B<RC4>
+
+cipher suites using RC4.
+
+=item B<RC2>
+
+cipher suites using RC2.
+
+=item B<IDEA>
+
+cipher suites using IDEA.
+
+=item B<SEED>
+
+cipher suites using SEED.
+
+=item B<MD5>
+
+cipher suites using MD5.
+
+=item B<SHA1>, B<SHA>
+
+cipher suites using SHA1.
+
+=item B<SHA256>, B<SHA384>
+
+ciphersuites using SHA256 or SHA384.
+
+=item B<aGOST> 
+
+cipher suites using GOST R 34.10 (either 2001 or 94) for authenticaction
+(needs an engine supporting GOST algorithms). 
+
+=item B<aGOST01>
+
+cipher suites using GOST R 34.10-2001 authentication.
+
+=item B<aGOST94>
+
+cipher suites using GOST R 34.10-94 authentication (note that R 34.10-94
+standard has been expired so use GOST R 34.10-2001)
+
+=item B<kGOST>
+
+cipher suites, using VKO 34.10 key exchange, specified in the RFC 4357.
+
+=item B<GOST94>
+
+cipher suites, using HMAC based on GOST R 34.11-94.
+
+=item B<GOST89MAC>
+
+cipher suites using GOST 28147-89 MAC B<instead of> HMAC.
+
+=item B<PSK>
+
+cipher suites using pre-shared keys (PSK).
+
+=back
+
+=head1 CIPHER SUITE NAMES
+
+The following lists give the SSL or TLS cipher suites names from the
+relevant specification and their OpenSSL equivalents. It should be noted,
+that several cipher suite names do not include the authentication used,
+e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
+
+=head2 SSL v3.0 cipher suites.
+
+ SSL_RSA_WITH_NULL_MD5                   NULL-MD5
+ SSL_RSA_WITH_NULL_SHA                   NULL-SHA
+ SSL_RSA_EXPORT_WITH_RC4_40_MD5          EXP-RC4-MD5
+ SSL_RSA_WITH_RC4_128_MD5                RC4-MD5
+ SSL_RSA_WITH_RC4_128_SHA                RC4-SHA
+ SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5      EXP-RC2-CBC-MD5
+ SSL_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
+ SSL_RSA_EXPORT_WITH_DES40_CBC_SHA       EXP-DES-CBC-SHA
+ SSL_RSA_WITH_DES_CBC_SHA                DES-CBC-SHA
+ SSL_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA
+
+ SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
+ SSL_DH_DSS_WITH_DES_CBC_SHA             Not implemented.
+ SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA        Not implemented.
+ SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
+ SSL_DH_RSA_WITH_DES_CBC_SHA             Not implemented.
+ SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA        Not implemented.
+ SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA   EXP-EDH-DSS-DES-CBC-SHA
+ SSL_DHE_DSS_WITH_DES_CBC_SHA            EDH-DSS-CBC-SHA
+ SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA       EDH-DSS-DES-CBC3-SHA
+ SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA   EXP-EDH-RSA-DES-CBC-SHA
+ SSL_DHE_RSA_WITH_DES_CBC_SHA            EDH-RSA-DES-CBC-SHA
+ SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA       EDH-RSA-DES-CBC3-SHA
+
+ SSL_DH_anon_EXPORT_WITH_RC4_40_MD5      EXP-ADH-RC4-MD5
+ SSL_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
+ SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA   EXP-ADH-DES-CBC-SHA
+ SSL_DH_anon_WITH_DES_CBC_SHA            ADH-DES-CBC-SHA
+ SSL_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
+
+ SSL_FORTEZZA_KEA_WITH_NULL_SHA          Not implemented.
+ SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA  Not implemented.
+ SSL_FORTEZZA_KEA_WITH_RC4_128_SHA       Not implemented.
+
+=head2 TLS v1.0 cipher suites.
+
+ TLS_RSA_WITH_NULL_MD5                   NULL-MD5
+ TLS_RSA_WITH_NULL_SHA                   NULL-SHA
+ TLS_RSA_EXPORT_WITH_RC4_40_MD5          EXP-RC4-MD5
+ TLS_RSA_WITH_RC4_128_MD5                RC4-MD5
+ TLS_RSA_WITH_RC4_128_SHA                RC4-SHA
+ TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5      EXP-RC2-CBC-MD5
+ TLS_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
+ TLS_RSA_EXPORT_WITH_DES40_CBC_SHA       EXP-DES-CBC-SHA
+ TLS_RSA_WITH_DES_CBC_SHA                DES-CBC-SHA
+ TLS_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA
+
+ TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
+ TLS_DH_DSS_WITH_DES_CBC_SHA             Not implemented.
+ TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA        Not implemented.
+ TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
+ TLS_DH_RSA_WITH_DES_CBC_SHA             Not implemented.
+ TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA        Not implemented.
+ TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA   EXP-EDH-DSS-DES-CBC-SHA
+ TLS_DHE_DSS_WITH_DES_CBC_SHA            EDH-DSS-CBC-SHA
+ TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA       EDH-DSS-DES-CBC3-SHA
+ TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA   EXP-EDH-RSA-DES-CBC-SHA
+ TLS_DHE_RSA_WITH_DES_CBC_SHA            EDH-RSA-DES-CBC-SHA
+ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA       EDH-RSA-DES-CBC3-SHA
+
+ TLS_DH_anon_EXPORT_WITH_RC4_40_MD5      EXP-ADH-RC4-MD5
+ TLS_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
+ TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA   EXP-ADH-DES-CBC-SHA
+ TLS_DH_anon_WITH_DES_CBC_SHA            ADH-DES-CBC-SHA
+ TLS_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
+
+=head2 AES ciphersuites from RFC3268, extending TLS v1.0
+
+ TLS_RSA_WITH_AES_128_CBC_SHA            AES128-SHA
+ TLS_RSA_WITH_AES_256_CBC_SHA            AES256-SHA
+
+ TLS_DH_DSS_WITH_AES_128_CBC_SHA         Not implemented.
+ TLS_DH_DSS_WITH_AES_256_CBC_SHA         Not implemented.
+ TLS_DH_RSA_WITH_AES_128_CBC_SHA         Not implemented.
+ TLS_DH_RSA_WITH_AES_256_CBC_SHA         Not implemented.
+
+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA        DHE-DSS-AES128-SHA
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA        DHE-DSS-AES256-SHA
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA        DHE-RSA-AES128-SHA
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA        DHE-RSA-AES256-SHA
+
+ TLS_DH_anon_WITH_AES_128_CBC_SHA        ADH-AES128-SHA
+ TLS_DH_anon_WITH_AES_256_CBC_SHA        ADH-AES256-SHA
+
+=head2 Camellia ciphersuites from RFC4132, extending TLS v1.0
+
+ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA      CAMELLIA128-SHA
+ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA      CAMELLIA256-SHA
+
+ TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA   Not implemented.
+ TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA   Not implemented.
+ TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA   Not implemented.
+ TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA   Not implemented.
+
+ TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA  DHE-DSS-CAMELLIA128-SHA
+ TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA  DHE-DSS-CAMELLIA256-SHA
+ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA  DHE-RSA-CAMELLIA128-SHA
+ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA  DHE-RSA-CAMELLIA256-SHA
+
+ TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA  ADH-CAMELLIA128-SHA
+ TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA  ADH-CAMELLIA256-SHA
+
+=head2 SEED ciphersuites from RFC4162, extending TLS v1.0
+
+ TLS_RSA_WITH_SEED_CBC_SHA              SEED-SHA
+
+ TLS_DH_DSS_WITH_SEED_CBC_SHA           Not implemented.
+ TLS_DH_RSA_WITH_SEED_CBC_SHA           Not implemented.
+
+ TLS_DHE_DSS_WITH_SEED_CBC_SHA          DHE-DSS-SEED-SHA
+ TLS_DHE_RSA_WITH_SEED_CBC_SHA          DHE-RSA-SEED-SHA
+
+ TLS_DH_anon_WITH_SEED_CBC_SHA          ADH-SEED-SHA
+
+=head2 GOST ciphersuites from draft-chudov-cryptopro-cptls, extending TLS v1.0
+
+Note: these ciphers require an engine which including GOST cryptographic
+algorithms, such as the B<ccgost> engine, included in the OpenSSL distribution.
+
+ TLS_GOSTR341094_WITH_28147_CNT_IMIT GOST94-GOST89-GOST89
+ TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001-GOST89-GOST89
+ TLS_GOSTR341094_WITH_NULL_GOSTR3411 GOST94-NULL-GOST94
+ TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001-NULL-GOST94
+
+=head2 Additional Export 1024 and other cipher suites
+
+Note: these ciphers can also be used in SSL v3.
+
+ TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA     EXP1024-DES-CBC-SHA
+ TLS_RSA_EXPORT1024_WITH_RC4_56_SHA      EXP1024-RC4-SHA
+ TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DHE-DSS-DES-CBC-SHA
+ TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA  EXP1024-DHE-DSS-RC4-SHA
+ TLS_DHE_DSS_WITH_RC4_128_SHA            DHE-DSS-RC4-SHA
+
+=head2 Elliptic curve cipher suites.
+
+ TLS_ECDH_RSA_WITH_NULL_SHA              ECDH-RSA-NULL-SHA
+ TLS_ECDH_RSA_WITH_RC4_128_SHA           ECDH-RSA-RC4-SHA
+ TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA      ECDH-RSA-DES-CBC3-SHA
+ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA       ECDH-RSA-AES128-SHA
+ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA       ECDH-RSA-AES256-SHA
+
+ TLS_ECDH_ECDSA_WITH_NULL_SHA            ECDH-ECDSA-NULL-SHA
+ TLS_ECDH_ECDSA_WITH_RC4_128_SHA         ECDH-ECDSA-RC4-SHA
+ TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA    ECDH-ECDSA-DES-CBC3-SHA
+ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA     ECDH-ECDSA-AES128-SHA
+ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA     ECDH-ECDSA-AES256-SHA
+
+ TLS_ECDHE_RSA_WITH_NULL_SHA             ECDHE-RSA-NULL-SHA
+ TLS_ECDHE_RSA_WITH_RC4_128_SHA          ECDHE-RSA-RC4-SHA
+ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA     ECDHE-RSA-DES-CBC3-SHA
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA      ECDHE-RSA-AES128-SHA
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA      ECDHE-RSA-AES256-SHA
+
+ TLS_ECDHE_ECDSA_WITH_NULL_SHA           ECDHE-ECDSA-NULL-SHA
+ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA        ECDHE-ECDSA-RC4-SHA
+ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA   ECDHE-ECDSA-DES-CBC3-SHA
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA    ECDHE-ECDSA-AES128-SHA
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA    ECDHE-ECDSA-AES256-SHA
+
+ TLS_ECDH_anon_WITH_NULL_SHA             AECDH-NULL-SHA
+ TLS_ECDH_anon_WITH_RC4_128_SHA          AECDH-RC4-SHA
+ TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA     AECDH-DES-CBC3-SHA
+ TLS_ECDH_anon_WITH_AES_128_CBC_SHA      AECDH-AES128-SHA
+ TLS_ECDH_anon_WITH_AES_256_CBC_SHA      AECDH-AES256-SHA
+
+=head2 TLS v1.2 cipher suites
+
+ TLS_RSA_WITH_NULL_SHA256                  NULL-SHA256
+
+ TLS_RSA_WITH_AES_128_CBC_SHA256           AES128-SHA256
+ TLS_RSA_WITH_AES_256_CBC_SHA256           AES256-SHA256
+ TLS_RSA_WITH_AES_128_GCM_SHA256           AES128-GCM-SHA256
+ TLS_RSA_WITH_AES_256_GCM_SHA384           AES256-GCM-SHA384
+
+ TLS_DH_RSA_WITH_AES_128_CBC_SHA256        Not implemented.
+ TLS_DH_RSA_WITH_AES_256_CBC_SHA256        Not implemented.
+ TLS_DH_RSA_WITH_AES_128_GCM_SHA256        Not implemented.
+ TLS_DH_RSA_WITH_AES_256_GCM_SHA384        Not implemented.
+
+ TLS_DH_DSS_WITH_AES_128_CBC_SHA256        Not implemented.
+ TLS_DH_DSS_WITH_AES_256_CBC_SHA256        Not implemented.
+ TLS_DH_DSS_WITH_AES_128_GCM_SHA256        Not implemented.
+ TLS_DH_DSS_WITH_AES_256_GCM_SHA384        Not implemented.
+
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA256       DHE-RSA-AES128-SHA256
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256       DHE-RSA-AES256-SHA256
+ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256       DHE-RSA-AES128-GCM-SHA256
+ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384       DHE-RSA-AES256-GCM-SHA384
+
+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA256       DHE-DSS-AES128-SHA256
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA256       DHE-DSS-AES256-SHA256
+ TLS_DHE_DSS_WITH_AES_128_GCM_SHA256       DHE-DSS-AES128-GCM-SHA256
+ TLS_DHE_DSS_WITH_AES_256_GCM_SHA384       DHE-DSS-AES256-GCM-SHA384
+
+ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256      ECDH-RSA-AES128-SHA256
+ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384      ECDH-RSA-AES256-SHA384
+ TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256      ECDH-RSA-AES128-GCM-SHA256
+ TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384      ECDH-RSA-AES256-GCM-SHA384
+
+ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256    ECDH-ECDSA-AES128-SHA256
+ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384    ECDH-ECDSA-AES256-SHA384
+ TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256    ECDH-ECDSA-AES128-GCM-SHA256
+ TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384    ECDH-ECDSA-AES256-GCM-SHA384
+
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256     ECDHE-RSA-AES128-SHA256
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384     ECDHE-RSA-AES256-SHA384
+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256     ECDHE-RSA-AES128-GCM-SHA256
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384     ECDHE-RSA-AES256-GCM-SHA384
+
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256   ECDHE-ECDSA-AES128-SHA256
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384   ECDHE-ECDSA-AES256-SHA384
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDHE-ECDSA-AES128-GCM-SHA256
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDHE-ECDSA-AES256-GCM-SHA384
+
+ TLS_DH_anon_WITH_AES_128_CBC_SHA256       ADH-AES128-SHA256
+ TLS_DH_anon_WITH_AES_256_CBC_SHA256       ADH-AES256-SHA256
+ TLS_DH_anon_WITH_AES_128_GCM_SHA256       ADH-AES128-GCM-SHA256
+ TLS_DH_anon_WITH_AES_256_GCM_SHA384       ADH-AES256-GCM-SHA384
+
+=head2 Pre shared keying (PSK) cipheruites
+
+ TLS_PSK_WITH_RC4_128_SHA                  PSK-RC4-SHA
+ TLS_PSK_WITH_3DES_EDE_CBC_SHA             PSK-3DES-EDE-CBC-SHA
+ TLS_PSK_WITH_AES_128_CBC_SHA              PSK-AES128-CBC-SHA
+ TLS_PSK_WITH_AES_256_CBC_SHA              PSK-AES256-CBC-SHA
+
+=head2 Deprecated SSL v2.0 cipher suites.
+
+ SSL_CK_RC4_128_WITH_MD5                 RC4-MD5
+ SSL_CK_RC4_128_EXPORT40_WITH_MD5        Not implemented.
+ SSL_CK_RC2_128_CBC_WITH_MD5             RC2-CBC-MD5
+ SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5    Not implemented.
+ SSL_CK_IDEA_128_CBC_WITH_MD5            IDEA-CBC-MD5
+ SSL_CK_DES_64_CBC_WITH_MD5              Not implemented.
+ SSL_CK_DES_192_EDE3_CBC_WITH_MD5        DES-CBC3-MD5
+
+=head1 NOTES
+
+The non-ephemeral DH modes are currently unimplemented in OpenSSL
+because there is no support for DH certificates.
+
+Some compiled versions of OpenSSL may not include all the ciphers
+listed here because some ciphers were excluded at compile time.
+
+=head1 EXAMPLES
+
+Verbose listing of all OpenSSL ciphers including NULL ciphers:
+
+ openssl ciphers -v 'ALL:eNULL'
+
+Include all ciphers except NULL and anonymous DH then sort by
+strength:
+
+ openssl ciphers -v 'ALL:!ADH:@STRENGTH'
+
+Include all ciphers except ones with no encryption (eNULL) or no
+authentication (aNULL):
+
+ openssl ciphers -v 'ALL:!aNULL'
+
+Include only 3DES ciphers and then place RSA ciphers last:
+
+ openssl ciphers -v '3DES:+RSA'
+
+Include all RC4 ciphers but leave out those without authentication:
+
+ openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT'
+
+Include all chiphers with RSA authentication but leave out ciphers without
+encryption.
+
+ openssl ciphers -v 'RSA:!COMPLEMENTOFALL'
+
+=head1 SEE ALSO
+
+L<s_client(1)|s_client(1)>, L<s_server(1)|s_server(1)>, L<ssl(3)|ssl(3)>
+
+=head1 HISTORY
+
+The B<COMPLENTOFALL> and B<COMPLEMENTOFDEFAULT> selection options
+for cipherlist strings were added in OpenSSL 0.9.7.
+The B<-V> option for the B<ciphers> command was added in OpenSSL 1.0.0.
+
+=cut

Deleted: vendor-crypto/openssl/1.0.1u/doc/apps/cms.pod
===================================================================
--- vendor-crypto/openssl/dist/doc/apps/cms.pod	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/doc/apps/cms.pod	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,620 +0,0 @@
-=pod
-
-=head1 NAME
-
-cms - CMS utility
-
-=head1 SYNOPSIS
-
-B<openssl> B<cms>
-[B<-encrypt>]
-[B<-decrypt>]
-[B<-sign>]
-[B<-verify>]
-[B<-cmsout>]
-[B<-resign>]
-[B<-data_create>]
-[B<-data_out>]
-[B<-digest_create>]
-[B<-digest_verify>]
-[B<-compress>]
-[B<-uncompress>]
-[B<-EncryptedData_encrypt>]
-[B<-sign_receipt>]
-[B<-verify_receipt receipt>]
-[B<-in filename>]
-[B<-inform SMIME|PEM|DER>]
-[B<-rctform SMIME|PEM|DER>]
-[B<-out filename>]
-[B<-outform SMIME|PEM|DER>]
-[B<-stream -indef -noindef>]
-[B<-noindef>]
-[B<-content filename>]
-[B<-text>]
-[B<-noout>]
-[B<-print>]
-[B<-CAfile file>]
-[B<-CApath dir>]
-[B<-no_alt_chains>]
-[B<-md digest>]
-[B<-[cipher]>]
-[B<-nointern>]
-[B<-no_signer_cert_verify>]
-[B<-nocerts>]
-[B<-noattr>]
-[B<-nosmimecap>]
-[B<-binary>]
-[B<-nodetach>]
-[B<-certfile file>]
-[B<-certsout file>]
-[B<-signer file>]
-[B<-recip file>]
-[B<-keyid>]
-[B<-receipt_request_all -receipt_request_first>]
-[B<-receipt_request_from emailaddress>]
-[B<-receipt_request_to emailaddress>]
-[B<-receipt_request_print>]
-[B<-secretkey key>]
-[B<-secretkeyid id>]
-[B<-econtent_type type>]
-[B<-inkey file>]
-[B<-passin arg>]
-[B<-rand file(s)>]
-[B<cert.pem...>]
-[B<-to addr>]
-[B<-from addr>]
-[B<-subject subj>]
-[cert.pem]...
-
-=head1 DESCRIPTION
-
-The B<cms> command handles S/MIME v3.1 mail. It can encrypt, decrypt, sign and
-verify, compress and uncompress S/MIME messages.
-
-=head1 COMMAND OPTIONS
-
-There are fourteen operation options that set the type of operation to be
-performed. The meaning of the other options varies according to the operation
-type.
-
-=over 4
-
-=item B<-encrypt>
-
-encrypt mail for the given recipient certificates. Input file is the message
-to be encrypted. The output file is the encrypted mail in MIME format. The
-actual CMS type is <B>EnvelopedData<B>.
-
-=item B<-decrypt>
-
-decrypt mail using the supplied certificate and private key. Expects an
-encrypted mail message in MIME format for the input file. The decrypted mail
-is written to the output file.
-
-=item B<-debug_decrypt>
-
-this option sets the B<CMS_DEBUG_DECRYPT> flag. This option should be used
-with caution: see the notes section below.
-
-=item B<-sign>
-
-sign mail using the supplied certificate and private key. Input file is
-the message to be signed. The signed message in MIME format is written
-to the output file.
-
-=item B<-verify>
-
-verify signed mail. Expects a signed mail message on input and outputs
-the signed data. Both clear text and opaque signing is supported.
-
-=item B<-cmsout>
-
-takes an input message and writes out a PEM encoded CMS structure.
-
-=item B<-resign>
-
-resign a message: take an existing message and one or more new signers.
-
-=item B<-data_create>
-
-Create a CMS B<Data> type.
-
-=item B<-data_out>
-
-B<Data> type and output the content.
-
-=item B<-digest_create>
-
-Create a CMS B<DigestedData> type.
-
-=item B<-digest_verify>
-
-Verify a CMS B<DigestedData> type and output the content.
-
-=item B<-compress>
-
-Create a CMS B<CompressedData> type. OpenSSL must be compiled with B<zlib>
-support for this option to work, otherwise it will output an error.
-
-=item B<-uncompress>
-
-Uncompress a CMS B<CompressedData> type and output the content. OpenSSL must be
-compiled with B<zlib> support for this option to work, otherwise it will
-output an error.
-
-=item B<-EncryptedData_encrypt>
-
-Encrypt content using supplied symmetric key and algorithm using a CMS
-B<EncrytedData> type and output the content.
-
-=item B<-sign_receipt>
-
-Generate and output a signed receipt for the supplied message. The input 
-message B<must> contain a signed receipt request. Functionality is otherwise
-similar to the B<-sign> operation.
-
-=item B<-verify_receipt receipt>
-
-Verify a signed receipt in filename B<receipt>. The input message B<must> 
-contain the original receipt request. Functionality is otherwise similar
-to the B<-verify> operation.
-
-=item B<-in filename>
-
-the input message to be encrypted or signed or the message to be decrypted
-or verified.
-
-=item B<-inform SMIME|PEM|DER>
-
-this specifies the input format for the CMS structure. The default
-is B<SMIME> which reads an S/MIME format message. B<PEM> and B<DER>
-format change this to expect PEM and DER format CMS structures
-instead. This currently only affects the input format of the CMS
-structure, if no CMS structure is being input (for example with
-B<-encrypt> or B<-sign>) this option has no effect.
-
-=item B<-rctform SMIME|PEM|DER>
-
-specify the format for a signed receipt for use with the B<-receipt_verify>
-operation.
-
-=item B<-out filename>
-
-the message text that has been decrypted or verified or the output MIME
-format message that has been signed or verified.
-
-=item B<-outform SMIME|PEM|DER>
-
-this specifies the output format for the CMS structure. The default
-is B<SMIME> which writes an S/MIME format message. B<PEM> and B<DER>
-format change this to write PEM and DER format CMS structures
-instead. This currently only affects the output format of the CMS
-structure, if no CMS structure is being output (for example with
-B<-verify> or B<-decrypt>) this option has no effect.
-
-=item B<-stream -indef -noindef>
-
-the B<-stream> and B<-indef> options are equivalent and enable streaming I/O
-for encoding operations. This permits single pass processing of data without
-the need to hold the entire contents in memory, potentially supporting very
-large files. Streaming is automatically set for S/MIME signing with detached
-data if the output format is B<SMIME> it is currently off by default for all
-other operations.
-
-=item B<-noindef>
-
-disable streaming I/O where it would produce and indefinite length constructed
-encoding. This option currently has no effect. In future streaming will be
-enabled by default on all relevant operations and this option will disable it.
-
-=item B<-content filename>
-
-This specifies a file containing the detached content, this is only
-useful with the B<-verify> command. This is only usable if the CMS
-structure is using the detached signature form where the content is
-not included. This option will override any content if the input format
-is S/MIME and it uses the multipart/signed MIME content type.
-
-=item B<-text>
-
-this option adds plain text (text/plain) MIME headers to the supplied
-message if encrypting or signing. If decrypting or verifying it strips
-off text headers: if the decrypted or verified message is not of MIME 
-type text/plain then an error occurs.
-
-=item B<-noout>
-
-for the B<-cmsout> operation do not output the parsed CMS structure. This
-is useful when combined with the B<-print> option or if the syntax of the CMS
-structure is being checked.
-
-=item B<-print>
-
-for the B<-cmsout> operation print out all fields of the CMS structure. This
-is mainly useful for testing purposes.
-
-=item B<-CAfile file>
-
-a file containing trusted CA certificates, only used with B<-verify>.
-
-=item B<-CApath dir>
-
-a directory containing trusted CA certificates, only used with
-B<-verify>. This directory must be a standard certificate directory: that
-is a hash of each subject name (using B<x509 -hash>) should be linked
-to each certificate.
-
-=item B<-md digest>
-
-digest algorithm to use when signing or resigning. If not present then the
-default digest algorithm for the signing key will be used (usually SHA1).
-
-=item B<-[cipher]>
-
-the encryption algorithm to use. For example triple DES (168 bits) - B<-des3>
-or 256 bit AES - B<-aes256>. Any standard algorithm name (as used by the
-EVP_get_cipherbyname() function) can also be used preceded by a dash, for 
-example B<-aes_128_cbc>. See L<B<enc>|enc(1)> for a list of ciphers
-supported by your version of OpenSSL.
-
-If not specified triple DES is used. Only used with B<-encrypt> and 
-B<-EncryptedData_create> commands.
-
-=item B<-nointern>
-
-when verifying a message normally certificates (if any) included in
-the message are searched for the signing certificate. With this option
-only the certificates specified in the B<-certfile> option are used.
-The supplied certificates can still be used as untrusted CAs however.
-
-=item B<-no_signer_cert_verify>
-
-do not verify the signers certificate of a signed message.
-
-=item B<-nocerts>
-
-when signing a message the signer's certificate is normally included
-with this option it is excluded. This will reduce the size of the
-signed message but the verifier must have a copy of the signers certificate
-available locally (passed using the B<-certfile> option for example).
-
-=item B<-noattr>
-
-normally when a message is signed a set of attributes are included which
-include the signing time and supported symmetric algorithms. With this
-option they are not included.
-
-=item B<-nosmimecap>
-
-exclude the list of supported algorithms from signed attributes, other options
-such as signing time and content type are still included.
-
-=item B<-binary>
-
-normally the input message is converted to "canonical" format which is
-effectively using CR and LF as end of line: as required by the S/MIME
-specification. When this option is present no translation occurs. This
-is useful when handling binary data which may not be in MIME format.
-
-=item B<-nodetach>
-
-when signing a message use opaque signing: this form is more resistant
-to translation by mail relays but it cannot be read by mail agents that
-do not support S/MIME.  Without this option cleartext signing with
-the MIME type multipart/signed is used.
-
-=item B<-certfile file>
-
-allows additional certificates to be specified. When signing these will
-be included with the message. When verifying these will be searched for
-the signers certificates. The certificates should be in PEM format.
-
-=item B<-certsout file>
-
-any certificates contained in the message are written to B<file>.
-
-=item B<-signer file>
-
-a signing certificate when signing or resigning a message, this option can be
-used multiple times if more than one signer is required. If a message is being
-verified then the signers certificates will be written to this file if the
-verification was successful.
-
-=item B<-recip file>
-
-the recipients certificate when decrypting a message. This certificate
-must match one of the recipients of the message or an error occurs.
-
-=item B<-keyid>
-
-use subject key identifier to identify certificates instead of issuer name and
-serial number. The supplied certificate B<must> include a subject key
-identifier extension. Supported by B<-sign> and B<-encrypt> options.
-
-=item B<-receipt_request_all -receipt_request_first>
-
-for B<-sign> option include a signed receipt request. Indicate requests should
-be provided by all receipient or first tier recipients (those mailed directly
-and not from a mailing list). Ignored it B<-receipt_request_from> is included.
-
-=item B<-receipt_request_from emailaddress>
-
-for B<-sign> option include a signed receipt request. Add an explicit email
-address where receipts should be supplied.
-
-=item B<-receipt_request_to emailaddress>
-
-Add an explicit email address where signed receipts should be sent to. This 
-option B<must> but supplied if a signed receipt it requested.
-
-=item B<-receipt_request_print>
-
-For the B<-verify> operation print out the contents of any signed receipt
-requests.
-
-=item B<-secretkey key>
-
-specify symmetric key to use. The key must be supplied in hex format and be
-consistent with the algorithm used. Supported by the B<-EncryptedData_encrypt>
-B<-EncrryptedData_decrypt>, B<-encrypt> and B<-decrypt> options. When used
-with B<-encrypt> or B<-decrypt> the supplied key is used to wrap or unwrap the
-content encryption key using an AES key in the B<KEKRecipientInfo> type.
-
-=item B<-secretkeyid id>
-
-the key identifier for the supplied symmetric key for B<KEKRecipientInfo> type.
-This option B<must> be present if the B<-secretkey> option is used with
-B<-encrypt>. With B<-decrypt> operations the B<id> is used to locate the
-relevant key if it is not supplied then an attempt is used to decrypt any
-B<KEKRecipientInfo> structures.
-
-=item B<-econtent_type type>
-
-set the encapsulated content type to B<type> if not supplied the B<Data> type
-is used. The B<type> argument can be any valid OID name in either text or
-numerical format. 
-
-=item B<-inkey file>
-
-the private key to use when signing or decrypting. This must match the
-corresponding certificate. If this option is not specified then the
-private key must be included in the certificate file specified with
-the B<-recip> or B<-signer> file. When signing this option can be used
-multiple times to specify successive keys.
-
-=item B<-passin arg>
-
-the private key password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
-
-=item B<-rand file(s)>
-
-a file or files containing random data used to seed the random number
-generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
-Multiple files can be specified separated by a OS-dependent character.
-The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
-all others.
-
-=item B<cert.pem...>
-
-one or more certificates of message recipients: used when encrypting
-a message. 
-
-=item B<-to, -from, -subject>
-
-the relevant mail headers. These are included outside the signed
-portion of a message so they may be included manually. If signing
-then many S/MIME mail clients check the signers certificate's email
-address matches that specified in the From: address.
-
-=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains>
-
-Set various certificate chain valiadition option. See the
-L<B<verify>|verify(1)> manual page for details.
-
-=back
-
-=head1 NOTES
-
-The MIME message must be sent without any blank lines between the
-headers and the output. Some mail programs will automatically add
-a blank line. Piping the mail directly to sendmail is one way to
-achieve the correct format.
-
-The supplied message to be signed or encrypted must include the
-necessary MIME headers or many S/MIME clients wont display it
-properly (if at all). You can use the B<-text> option to automatically
-add plain text headers.
-
-A "signed and encrypted" message is one where a signed message is
-then encrypted. This can be produced by encrypting an already signed
-message: see the examples section.
-
-This version of the program only allows one signer per message but it
-will verify multiple signers on received messages. Some S/MIME clients
-choke if a message contains multiple signers. It is possible to sign
-messages "in parallel" by signing an already signed message.
-
-The options B<-encrypt> and B<-decrypt> reflect common usage in S/MIME
-clients. Strictly speaking these process CMS enveloped data: CMS
-encrypted data is used for other purposes.
-
-The B<-resign> option uses an existing message digest when adding a new
-signer. This means that attributes must be present in at least one existing
-signer using the same message digest or this operation will fail.
-
-The B<-stream> and B<-indef> options enable experimental streaming I/O support.
-As a result the encoding is BER using indefinite length constructed encoding
-and no longer DER. Streaming is supported for the B<-encrypt> operation and the
-B<-sign> operation if the content is not detached.
-
-Streaming is always used for the B<-sign> operation with detached data but
-since the content is no longer part of the CMS structure the encoding
-remains DER.
-
-If the B<-decrypt> option is used without a recipient certificate then an
-attempt is made to locate the recipient by trying each potential recipient
-in turn using the supplied private key. To thwart the MMA attack
-(Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) all recipients are
-tried whether they succeed or not and if no recipients match the message
-is "decrypted" using a random key which will typically output garbage. 
-The B<-debug_decrypt> option can be used to disable the MMA attack protection
-and return an error if no recipient can be found: this option should be used
-with caution. For a fuller description see L<CMS_decrypt(3)|CMS_decrypt(3)>).
-
-=head1 EXIT CODES
-
-=over 4
-
-=item Z<>0
-
-the operation was completely successfully.
-
-=item Z<>1
-
-an error occurred parsing the command options.
-
-=item Z<>2
-
-one of the input files could not be read.
-
-=item Z<>3
-
-an error occurred creating the CMS file or when reading the MIME
-message.
-
-=item Z<>4
-
-an error occurred decrypting or verifying the message.
-
-=item Z<>5
-
-the message was verified correctly but an error occurred writing out
-the signers certificates.
-
-=back
-
-=head1 COMPATIBILITY WITH PKCS#7 format.
-
-The B<smime> utility can only process the older B<PKCS#7> format. The B<cms>
-utility supports Cryptographic Message Syntax format. Use of some features
-will result in messages which cannot be processed by applications which only
-support the older format. These are detailed below.
-
-The use of the B<-keyid> option with B<-sign> or B<-encrypt>.
-
-The B<-outform PEM> option uses different headers.
-
-The B<-compress> option.
-
-The B<-secretkey> option when used with B<-encrypt>.
-
-Additionally the B<-EncryptedData_create> and B<-data_create> type cannot
-be processed by the older B<smime> command.
-
-=head1 EXAMPLES
-
-Create a cleartext signed message:
-
- openssl cms -sign -in message.txt -text -out mail.msg \
-	-signer mycert.pem
-
-Create an opaque signed message
-
- openssl cms -sign -in message.txt -text -out mail.msg -nodetach \
-	-signer mycert.pem
-
-Create a signed message, include some additional certificates and
-read the private key from another file:
-
- openssl cms -sign -in in.txt -text -out mail.msg \
-	-signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
-
-Create a signed message with two signers, use key identifier:
-
- openssl cms -sign -in message.txt -text -out mail.msg \
-	-signer mycert.pem -signer othercert.pem -keyid
-
-Send a signed message under Unix directly to sendmail, including headers:
-
- openssl cms -sign -in in.txt -text -signer mycert.pem \
-	-from steve at openssl.org -to someone at somewhere \
-	-subject "Signed message" | sendmail someone at somewhere
-
-Verify a message and extract the signer's certificate if successful:
-
- openssl cms -verify -in mail.msg -signer user.pem -out signedtext.txt
-
-Send encrypted mail using triple DES:
-
- openssl cms -encrypt -in in.txt -from steve at openssl.org \
-	-to someone at somewhere -subject "Encrypted message" \
-	-des3 user.pem -out mail.msg
-
-Sign and encrypt mail:
-
- openssl cms -sign -in ml.txt -signer my.pem -text \
-	| openssl cms -encrypt -out mail.msg \
-	-from steve at openssl.org -to someone at somewhere \
-	-subject "Signed and Encrypted message" -des3 user.pem
-
-Note: the encryption command does not include the B<-text> option because the
-message being encrypted already has MIME headers.
-
-Decrypt mail:
-
- openssl cms -decrypt -in mail.msg -recip mycert.pem -inkey key.pem
-
-The output from Netscape form signing is a PKCS#7 structure with the
-detached signature format. You can use this program to verify the
-signature by line wrapping the base64 encoded structure and surrounding
-it with:
-
- -----BEGIN PKCS7-----
- -----END PKCS7-----
-
-and using the command, 
-
- openssl cms -verify -inform PEM -in signature.pem -content content.txt
-
-alternatively you can base64 decode the signature and use
-
- openssl cms -verify -inform DER -in signature.der -content content.txt
-
-Create an encrypted message using 128 bit Camellia:
-
- openssl cms -encrypt -in plain.txt -camellia128 -out mail.msg cert.pem
-
-Add a signer to an existing message:
-
- openssl cms -resign -in mail.msg -signer newsign.pem -out mail2.msg
-
-=head1 BUGS
-
-The MIME parser isn't very clever: it seems to handle most messages that I've
-thrown at it but it may choke on others.
-
-The code currently will only write out the signer's certificate to a file: if
-the signer has a separate encryption certificate this must be manually
-extracted. There should be some heuristic that determines the correct
-encryption certificate.
-
-Ideally a database should be maintained of a certificates for each email
-address.
-
-The code doesn't currently take note of the permitted symmetric encryption
-algorithms as supplied in the SMIMECapabilities signed attribute. this means the
-user has to manually include the correct encryption algorithm. It should store
-the list of permitted ciphers in a database and only use those.
-
-No revocation checking is done on the signer's certificate.
-
-=head1 HISTORY
-
-The use of multiple B<-signer> options and the B<-resign> command were first
-added in OpenSSL 1.0.0
-
-
-The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b.
-
-=cut

Copied: vendor-crypto/openssl/1.0.1u/doc/apps/cms.pod (from rev 11605, vendor-crypto/openssl/dist/doc/apps/cms.pod)
===================================================================
--- vendor-crypto/openssl/1.0.1u/doc/apps/cms.pod	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/doc/apps/cms.pod	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,623 @@
+=pod
+
+=head1 NAME
+
+cms - CMS utility
+
+=head1 SYNOPSIS
+
+B<openssl> B<cms>
+[B<-encrypt>]
+[B<-decrypt>]
+[B<-sign>]
+[B<-verify>]
+[B<-cmsout>]
+[B<-resign>]
+[B<-data_create>]
+[B<-data_out>]
+[B<-digest_create>]
+[B<-digest_verify>]
+[B<-compress>]
+[B<-uncompress>]
+[B<-EncryptedData_encrypt>]
+[B<-sign_receipt>]
+[B<-verify_receipt receipt>]
+[B<-in filename>]
+[B<-inform SMIME|PEM|DER>]
+[B<-rctform SMIME|PEM|DER>]
+[B<-out filename>]
+[B<-outform SMIME|PEM|DER>]
+[B<-stream -indef -noindef>]
+[B<-noindef>]
+[B<-content filename>]
+[B<-text>]
+[B<-noout>]
+[B<-print>]
+[B<-CAfile file>]
+[B<-CApath dir>]
+[B<-no_alt_chains>]
+[B<-md digest>]
+[B<-[cipher]>]
+[B<-nointern>]
+[B<-no_signer_cert_verify>]
+[B<-nocerts>]
+[B<-noattr>]
+[B<-nosmimecap>]
+[B<-binary>]
+[B<-nodetach>]
+[B<-certfile file>]
+[B<-certsout file>]
+[B<-signer file>]
+[B<-recip file>]
+[B<-keyid>]
+[B<-receipt_request_all -receipt_request_first>]
+[B<-receipt_request_from emailaddress>]
+[B<-receipt_request_to emailaddress>]
+[B<-receipt_request_print>]
+[B<-secretkey key>]
+[B<-secretkeyid id>]
+[B<-econtent_type type>]
+[B<-inkey file>]
+[B<-passin arg>]
+[B<-rand file(s)>]
+[B<cert.pem...>]
+[B<-to addr>]
+[B<-from addr>]
+[B<-subject subj>]
+[cert.pem]...
+
+=head1 DESCRIPTION
+
+The B<cms> command handles S/MIME v3.1 mail. It can encrypt, decrypt, sign and
+verify, compress and uncompress S/MIME messages.
+
+=head1 COMMAND OPTIONS
+
+There are fourteen operation options that set the type of operation to be
+performed. The meaning of the other options varies according to the operation
+type.
+
+=over 4
+
+=item B<-encrypt>
+
+encrypt mail for the given recipient certificates. Input file is the message
+to be encrypted. The output file is the encrypted mail in MIME format. The
+actual CMS type is <B>EnvelopedData<B>.
+
+Note that no revocation check is done for the recipient cert, so if that
+key has been compromised, others may be able to decrypt the text.
+
+=item B<-decrypt>
+
+decrypt mail using the supplied certificate and private key. Expects an
+encrypted mail message in MIME format for the input file. The decrypted mail
+is written to the output file.
+
+=item B<-debug_decrypt>
+
+this option sets the B<CMS_DEBUG_DECRYPT> flag. This option should be used
+with caution: see the notes section below.
+
+=item B<-sign>
+
+sign mail using the supplied certificate and private key. Input file is
+the message to be signed. The signed message in MIME format is written
+to the output file.
+
+=item B<-verify>
+
+verify signed mail. Expects a signed mail message on input and outputs
+the signed data. Both clear text and opaque signing is supported.
+
+=item B<-cmsout>
+
+takes an input message and writes out a PEM encoded CMS structure.
+
+=item B<-resign>
+
+resign a message: take an existing message and one or more new signers.
+
+=item B<-data_create>
+
+Create a CMS B<Data> type.
+
+=item B<-data_out>
+
+B<Data> type and output the content.
+
+=item B<-digest_create>
+
+Create a CMS B<DigestedData> type.
+
+=item B<-digest_verify>
+
+Verify a CMS B<DigestedData> type and output the content.
+
+=item B<-compress>
+
+Create a CMS B<CompressedData> type. OpenSSL must be compiled with B<zlib>
+support for this option to work, otherwise it will output an error.
+
+=item B<-uncompress>
+
+Uncompress a CMS B<CompressedData> type and output the content. OpenSSL must be
+compiled with B<zlib> support for this option to work, otherwise it will
+output an error.
+
+=item B<-EncryptedData_encrypt>
+
+Encrypt content using supplied symmetric key and algorithm using a CMS
+B<EncrytedData> type and output the content.
+
+=item B<-sign_receipt>
+
+Generate and output a signed receipt for the supplied message. The input 
+message B<must> contain a signed receipt request. Functionality is otherwise
+similar to the B<-sign> operation.
+
+=item B<-verify_receipt receipt>
+
+Verify a signed receipt in filename B<receipt>. The input message B<must> 
+contain the original receipt request. Functionality is otherwise similar
+to the B<-verify> operation.
+
+=item B<-in filename>
+
+the input message to be encrypted or signed or the message to be decrypted
+or verified.
+
+=item B<-inform SMIME|PEM|DER>
+
+this specifies the input format for the CMS structure. The default
+is B<SMIME> which reads an S/MIME format message. B<PEM> and B<DER>
+format change this to expect PEM and DER format CMS structures
+instead. This currently only affects the input format of the CMS
+structure, if no CMS structure is being input (for example with
+B<-encrypt> or B<-sign>) this option has no effect.
+
+=item B<-rctform SMIME|PEM|DER>
+
+specify the format for a signed receipt for use with the B<-receipt_verify>
+operation.
+
+=item B<-out filename>
+
+the message text that has been decrypted or verified or the output MIME
+format message that has been signed or verified.
+
+=item B<-outform SMIME|PEM|DER>
+
+this specifies the output format for the CMS structure. The default
+is B<SMIME> which writes an S/MIME format message. B<PEM> and B<DER>
+format change this to write PEM and DER format CMS structures
+instead. This currently only affects the output format of the CMS
+structure, if no CMS structure is being output (for example with
+B<-verify> or B<-decrypt>) this option has no effect.
+
+=item B<-stream -indef -noindef>
+
+the B<-stream> and B<-indef> options are equivalent and enable streaming I/O
+for encoding operations. This permits single pass processing of data without
+the need to hold the entire contents in memory, potentially supporting very
+large files. Streaming is automatically set for S/MIME signing with detached
+data if the output format is B<SMIME> it is currently off by default for all
+other operations.
+
+=item B<-noindef>
+
+disable streaming I/O where it would produce and indefinite length constructed
+encoding. This option currently has no effect. In future streaming will be
+enabled by default on all relevant operations and this option will disable it.
+
+=item B<-content filename>
+
+This specifies a file containing the detached content, this is only
+useful with the B<-verify> command. This is only usable if the CMS
+structure is using the detached signature form where the content is
+not included. This option will override any content if the input format
+is S/MIME and it uses the multipart/signed MIME content type.
+
+=item B<-text>
+
+this option adds plain text (text/plain) MIME headers to the supplied
+message if encrypting or signing. If decrypting or verifying it strips
+off text headers: if the decrypted or verified message is not of MIME 
+type text/plain then an error occurs.
+
+=item B<-noout>
+
+for the B<-cmsout> operation do not output the parsed CMS structure. This
+is useful when combined with the B<-print> option or if the syntax of the CMS
+structure is being checked.
+
+=item B<-print>
+
+for the B<-cmsout> operation print out all fields of the CMS structure. This
+is mainly useful for testing purposes.
+
+=item B<-CAfile file>
+
+a file containing trusted CA certificates, only used with B<-verify>.
+
+=item B<-CApath dir>
+
+a directory containing trusted CA certificates, only used with
+B<-verify>. This directory must be a standard certificate directory: that
+is a hash of each subject name (using B<x509 -hash>) should be linked
+to each certificate.
+
+=item B<-md digest>
+
+digest algorithm to use when signing or resigning. If not present then the
+default digest algorithm for the signing key will be used (usually SHA1).
+
+=item B<-[cipher]>
+
+the encryption algorithm to use. For example triple DES (168 bits) - B<-des3>
+or 256 bit AES - B<-aes256>. Any standard algorithm name (as used by the
+EVP_get_cipherbyname() function) can also be used preceded by a dash, for 
+example B<-aes_128_cbc>. See L<B<enc>|enc(1)> for a list of ciphers
+supported by your version of OpenSSL.
+
+If not specified triple DES is used. Only used with B<-encrypt> and 
+B<-EncryptedData_create> commands.
+
+=item B<-nointern>
+
+when verifying a message normally certificates (if any) included in
+the message are searched for the signing certificate. With this option
+only the certificates specified in the B<-certfile> option are used.
+The supplied certificates can still be used as untrusted CAs however.
+
+=item B<-no_signer_cert_verify>
+
+do not verify the signers certificate of a signed message.
+
+=item B<-nocerts>
+
+when signing a message the signer's certificate is normally included
+with this option it is excluded. This will reduce the size of the
+signed message but the verifier must have a copy of the signers certificate
+available locally (passed using the B<-certfile> option for example).
+
+=item B<-noattr>
+
+normally when a message is signed a set of attributes are included which
+include the signing time and supported symmetric algorithms. With this
+option they are not included.
+
+=item B<-nosmimecap>
+
+exclude the list of supported algorithms from signed attributes, other options
+such as signing time and content type are still included.
+
+=item B<-binary>
+
+normally the input message is converted to "canonical" format which is
+effectively using CR and LF as end of line: as required by the S/MIME
+specification. When this option is present no translation occurs. This
+is useful when handling binary data which may not be in MIME format.
+
+=item B<-nodetach>
+
+when signing a message use opaque signing: this form is more resistant
+to translation by mail relays but it cannot be read by mail agents that
+do not support S/MIME.  Without this option cleartext signing with
+the MIME type multipart/signed is used.
+
+=item B<-certfile file>
+
+allows additional certificates to be specified. When signing these will
+be included with the message. When verifying these will be searched for
+the signers certificates. The certificates should be in PEM format.
+
+=item B<-certsout file>
+
+any certificates contained in the message are written to B<file>.
+
+=item B<-signer file>
+
+a signing certificate when signing or resigning a message, this option can be
+used multiple times if more than one signer is required. If a message is being
+verified then the signers certificates will be written to this file if the
+verification was successful.
+
+=item B<-recip file>
+
+the recipients certificate when decrypting a message. This certificate
+must match one of the recipients of the message or an error occurs.
+
+=item B<-keyid>
+
+use subject key identifier to identify certificates instead of issuer name and
+serial number. The supplied certificate B<must> include a subject key
+identifier extension. Supported by B<-sign> and B<-encrypt> options.
+
+=item B<-receipt_request_all -receipt_request_first>
+
+for B<-sign> option include a signed receipt request. Indicate requests should
+be provided by all receipient or first tier recipients (those mailed directly
+and not from a mailing list). Ignored it B<-receipt_request_from> is included.
+
+=item B<-receipt_request_from emailaddress>
+
+for B<-sign> option include a signed receipt request. Add an explicit email
+address where receipts should be supplied.
+
+=item B<-receipt_request_to emailaddress>
+
+Add an explicit email address where signed receipts should be sent to. This 
+option B<must> but supplied if a signed receipt it requested.
+
+=item B<-receipt_request_print>
+
+For the B<-verify> operation print out the contents of any signed receipt
+requests.
+
+=item B<-secretkey key>
+
+specify symmetric key to use. The key must be supplied in hex format and be
+consistent with the algorithm used. Supported by the B<-EncryptedData_encrypt>
+B<-EncrryptedData_decrypt>, B<-encrypt> and B<-decrypt> options. When used
+with B<-encrypt> or B<-decrypt> the supplied key is used to wrap or unwrap the
+content encryption key using an AES key in the B<KEKRecipientInfo> type.
+
+=item B<-secretkeyid id>
+
+the key identifier for the supplied symmetric key for B<KEKRecipientInfo> type.
+This option B<must> be present if the B<-secretkey> option is used with
+B<-encrypt>. With B<-decrypt> operations the B<id> is used to locate the
+relevant key if it is not supplied then an attempt is used to decrypt any
+B<KEKRecipientInfo> structures.
+
+=item B<-econtent_type type>
+
+set the encapsulated content type to B<type> if not supplied the B<Data> type
+is used. The B<type> argument can be any valid OID name in either text or
+numerical format. 
+
+=item B<-inkey file>
+
+the private key to use when signing or decrypting. This must match the
+corresponding certificate. If this option is not specified then the
+private key must be included in the certificate file specified with
+the B<-recip> or B<-signer> file. When signing this option can be used
+multiple times to specify successive keys.
+
+=item B<-passin arg>
+
+the private key password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item B<cert.pem...>
+
+one or more certificates of message recipients: used when encrypting
+a message. 
+
+=item B<-to, -from, -subject>
+
+the relevant mail headers. These are included outside the signed
+portion of a message so they may be included manually. If signing
+then many S/MIME mail clients check the signers certificate's email
+address matches that specified in the From: address.
+
+=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains>
+
+Set various certificate chain valiadition option. See the
+L<B<verify>|verify(1)> manual page for details.
+
+=back
+
+=head1 NOTES
+
+The MIME message must be sent without any blank lines between the
+headers and the output. Some mail programs will automatically add
+a blank line. Piping the mail directly to sendmail is one way to
+achieve the correct format.
+
+The supplied message to be signed or encrypted must include the
+necessary MIME headers or many S/MIME clients wont display it
+properly (if at all). You can use the B<-text> option to automatically
+add plain text headers.
+
+A "signed and encrypted" message is one where a signed message is
+then encrypted. This can be produced by encrypting an already signed
+message: see the examples section.
+
+This version of the program only allows one signer per message but it
+will verify multiple signers on received messages. Some S/MIME clients
+choke if a message contains multiple signers. It is possible to sign
+messages "in parallel" by signing an already signed message.
+
+The options B<-encrypt> and B<-decrypt> reflect common usage in S/MIME
+clients. Strictly speaking these process CMS enveloped data: CMS
+encrypted data is used for other purposes.
+
+The B<-resign> option uses an existing message digest when adding a new
+signer. This means that attributes must be present in at least one existing
+signer using the same message digest or this operation will fail.
+
+The B<-stream> and B<-indef> options enable experimental streaming I/O support.
+As a result the encoding is BER using indefinite length constructed encoding
+and no longer DER. Streaming is supported for the B<-encrypt> operation and the
+B<-sign> operation if the content is not detached.
+
+Streaming is always used for the B<-sign> operation with detached data but
+since the content is no longer part of the CMS structure the encoding
+remains DER.
+
+If the B<-decrypt> option is used without a recipient certificate then an
+attempt is made to locate the recipient by trying each potential recipient
+in turn using the supplied private key. To thwart the MMA attack
+(Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) all recipients are
+tried whether they succeed or not and if no recipients match the message
+is "decrypted" using a random key which will typically output garbage. 
+The B<-debug_decrypt> option can be used to disable the MMA attack protection
+and return an error if no recipient can be found: this option should be used
+with caution. For a fuller description see L<CMS_decrypt(3)|CMS_decrypt(3)>).
+
+=head1 EXIT CODES
+
+=over 4
+
+=item Z<>0
+
+the operation was completely successfully.
+
+=item Z<>1
+
+an error occurred parsing the command options.
+
+=item Z<>2
+
+one of the input files could not be read.
+
+=item Z<>3
+
+an error occurred creating the CMS file or when reading the MIME
+message.
+
+=item Z<>4
+
+an error occurred decrypting or verifying the message.
+
+=item Z<>5
+
+the message was verified correctly but an error occurred writing out
+the signers certificates.
+
+=back
+
+=head1 COMPATIBILITY WITH PKCS#7 format.
+
+The B<smime> utility can only process the older B<PKCS#7> format. The B<cms>
+utility supports Cryptographic Message Syntax format. Use of some features
+will result in messages which cannot be processed by applications which only
+support the older format. These are detailed below.
+
+The use of the B<-keyid> option with B<-sign> or B<-encrypt>.
+
+The B<-outform PEM> option uses different headers.
+
+The B<-compress> option.
+
+The B<-secretkey> option when used with B<-encrypt>.
+
+Additionally the B<-EncryptedData_create> and B<-data_create> type cannot
+be processed by the older B<smime> command.
+
+=head1 EXAMPLES
+
+Create a cleartext signed message:
+
+ openssl cms -sign -in message.txt -text -out mail.msg \
+	-signer mycert.pem
+
+Create an opaque signed message
+
+ openssl cms -sign -in message.txt -text -out mail.msg -nodetach \
+	-signer mycert.pem
+
+Create a signed message, include some additional certificates and
+read the private key from another file:
+
+ openssl cms -sign -in in.txt -text -out mail.msg \
+	-signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
+
+Create a signed message with two signers, use key identifier:
+
+ openssl cms -sign -in message.txt -text -out mail.msg \
+	-signer mycert.pem -signer othercert.pem -keyid
+
+Send a signed message under Unix directly to sendmail, including headers:
+
+ openssl cms -sign -in in.txt -text -signer mycert.pem \
+	-from steve at openssl.org -to someone at somewhere \
+	-subject "Signed message" | sendmail someone at somewhere
+
+Verify a message and extract the signer's certificate if successful:
+
+ openssl cms -verify -in mail.msg -signer user.pem -out signedtext.txt
+
+Send encrypted mail using triple DES:
+
+ openssl cms -encrypt -in in.txt -from steve at openssl.org \
+	-to someone at somewhere -subject "Encrypted message" \
+	-des3 user.pem -out mail.msg
+
+Sign and encrypt mail:
+
+ openssl cms -sign -in ml.txt -signer my.pem -text \
+	| openssl cms -encrypt -out mail.msg \
+	-from steve at openssl.org -to someone at somewhere \
+	-subject "Signed and Encrypted message" -des3 user.pem
+
+Note: the encryption command does not include the B<-text> option because the
+message being encrypted already has MIME headers.
+
+Decrypt mail:
+
+ openssl cms -decrypt -in mail.msg -recip mycert.pem -inkey key.pem
+
+The output from Netscape form signing is a PKCS#7 structure with the
+detached signature format. You can use this program to verify the
+signature by line wrapping the base64 encoded structure and surrounding
+it with:
+
+ -----BEGIN PKCS7-----
+ -----END PKCS7-----
+
+and using the command, 
+
+ openssl cms -verify -inform PEM -in signature.pem -content content.txt
+
+alternatively you can base64 decode the signature and use
+
+ openssl cms -verify -inform DER -in signature.der -content content.txt
+
+Create an encrypted message using 128 bit Camellia:
+
+ openssl cms -encrypt -in plain.txt -camellia128 -out mail.msg cert.pem
+
+Add a signer to an existing message:
+
+ openssl cms -resign -in mail.msg -signer newsign.pem -out mail2.msg
+
+=head1 BUGS
+
+The MIME parser isn't very clever: it seems to handle most messages that I've
+thrown at it but it may choke on others.
+
+The code currently will only write out the signer's certificate to a file: if
+the signer has a separate encryption certificate this must be manually
+extracted. There should be some heuristic that determines the correct
+encryption certificate.
+
+Ideally a database should be maintained of a certificates for each email
+address.
+
+The code doesn't currently take note of the permitted symmetric encryption
+algorithms as supplied in the SMIMECapabilities signed attribute. this means the
+user has to manually include the correct encryption algorithm. It should store
+the list of permitted ciphers in a database and only use those.
+
+No revocation checking is done on the signer's certificate.
+
+=head1 HISTORY
+
+The use of multiple B<-signer> options and the B<-resign> command were first
+added in OpenSSL 1.0.0
+
+
+The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b.
+
+=cut

Deleted: vendor-crypto/openssl/1.0.1u/doc/apps/s_client.pod
===================================================================
--- vendor-crypto/openssl/dist/doc/apps/s_client.pod	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/doc/apps/s_client.pod	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,355 +0,0 @@
-
-=pod
-
-=head1 NAME
-
-s_client - SSL/TLS client program
-
-=head1 SYNOPSIS
-
-B<openssl> B<s_client>
-[B<-connect host:port>]
-[B<-servername name>]
-[B<-verify depth>]
-[B<-verify_return_error>]
-[B<-cert filename>]
-[B<-certform DER|PEM>]
-[B<-key filename>]
-[B<-keyform DER|PEM>]
-[B<-pass arg>]
-[B<-CApath directory>]
-[B<-CAfile filename>]
-[B<-no_alt_chains>]
-[B<-reconnect>]
-[B<-pause>]
-[B<-showcerts>]
-[B<-debug>]
-[B<-msg>]
-[B<-nbio_test>]
-[B<-state>]
-[B<-nbio>]
-[B<-crlf>]
-[B<-ign_eof>]
-[B<-no_ign_eof>]
-[B<-quiet>]
-[B<-ssl2>]
-[B<-ssl3>]
-[B<-tls1>]
-[B<-no_ssl2>]
-[B<-no_ssl3>]
-[B<-no_tls1>]
-[B<-bugs>]
-[B<-cipher cipherlist>]
-[B<-serverpref>]
-[B<-starttls protocol>]
-[B<-engine id>]
-[B<-tlsextdebug>]
-[B<-no_ticket>]
-[B<-sess_out filename>]
-[B<-sess_in filename>]
-[B<-rand file(s)>]
-[B<-status>]
-[B<-nextprotoneg protocols>]
-
-=head1 DESCRIPTION
-
-The B<s_client> command implements a generic SSL/TLS client which connects
-to a remote host using SSL/TLS. It is a I<very> useful diagnostic tool for
-SSL servers.
-
-=head1 OPTIONS
-
-=over 4
-
-=item B<-connect host:port>
-
-This specifies the host and optional port to connect to. If not specified
-then an attempt is made to connect to the local host on port 4433.
-
-=item B<-servername name>
-
-Set the TLS SNI (Server Name Indication) extension in the ClientHello message.
-
-=item B<-cert certname>
-
-The certificate to use, if one is requested by the server. The default is
-not to use a certificate.
-
-=item B<-certform format>
-
-The certificate format to use: DER or PEM. PEM is the default.
-
-=item B<-key keyfile>
-
-The private key to use. If not specified then the certificate file will
-be used.
-
-=item B<-keyform format>
-
-The private format to use: DER or PEM. PEM is the default.
-
-=item B<-pass arg>
-
-the private key password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
-
-=item B<-verify depth>
-
-The verify depth to use. This specifies the maximum length of the
-server certificate chain and turns on server certificate verification.
-Currently the verify operation continues after errors so all the problems
-with a certificate chain can be seen. As a side effect the connection
-will never fail due to a server certificate verify failure.
-
-=item B<-verify_return_error>
-
-Return verification errors instead of continuing. This will typically
-abort the handshake with a fatal error.
-
-=item B<-CApath directory>
-
-The directory to use for server certificate verification. This directory
-must be in "hash format", see B<verify> for more information. These are
-also used when building the client certificate chain.
-
-=item B<-CAfile file>
-
-A file containing trusted certificates to use during server authentication
-and to use when attempting to build the client certificate chain.
-
-=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains>
-
-Set various certificate chain valiadition option. See the
-L<B<verify>|verify(1)> manual page for details.
-
-=item B<-reconnect>
-
-reconnects to the same server 5 times using the same session ID, this can
-be used as a test that session caching is working.
-
-=item B<-pause>
-
-pauses 1 second between each read and write call.
-
-=item B<-showcerts>
-
-display the whole server certificate chain: normally only the server
-certificate itself is displayed.
-
-=item B<-prexit>
-
-print session information when the program exits. This will always attempt
-to print out information even if the connection fails. Normally information
-will only be printed out once if the connection succeeds. This option is useful
-because the cipher in use may be renegotiated or the connection may fail
-because a client certificate is required or is requested only after an
-attempt is made to access a certain URL. Note: the output produced by this
-option is not always accurate because a connection might never have been
-established.
-
-=item B<-state>
-
-prints out the SSL session states.
-
-=item B<-debug>
-
-print extensive debugging information including a hex dump of all traffic.
-
-=item B<-msg>
-
-show all protocol messages with hex dump.
-
-=item B<-nbio_test>
-
-tests non-blocking I/O
-
-=item B<-nbio>
-
-turns on non-blocking I/O
-
-=item B<-crlf>
-
-this option translated a line feed from the terminal into CR+LF as required
-by some servers.
-
-=item B<-ign_eof>
-
-inhibit shutting down the connection when end of file is reached in the
-input.
-
-=item B<-quiet>
-
-inhibit printing of session and certificate information.  This implicitly
-turns on B<-ign_eof> as well.
-
-=item B<-no_ign_eof>
-
-shut down the connection when end of file is reached in the input.
-Can be used to override the implicit B<-ign_eof> after B<-quiet>.
-
-=item B<-psk_identity identity>
-
-Use the PSK identity B<identity> when using a PSK cipher suite.
-
-=item B<-psk key>
-
-Use the PSK key B<key> when using a PSK cipher suite. The key is
-given as a hexadecimal number without leading 0x, for example -psk
-1a2b3c4d.
-
-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
-
-these options disable the use of certain SSL or TLS protocols. By default
-the initial handshake uses a method which should be compatible with all
-servers and permit them to use SSL v3, SSL v2 or TLS as appropriate.
-
-Unfortunately there are a lot of ancient and broken servers in use which
-cannot handle this technique and will fail to connect. Some servers only
-work if TLS is turned off with the B<-no_tls> option others will only
-support SSL v2 and may need the B<-ssl2> option.
-
-=item B<-bugs>
-
-there are several known bug in SSL and TLS implementations. Adding this
-option enables various workarounds.
-
-=item B<-cipher cipherlist>
-
-this allows the cipher list sent by the client to be modified. Although
-the server determines which cipher suite is used it should take the first
-supported cipher in the list sent by the client. See the B<ciphers>
-command for more information.
-
-=item B<-serverpref>
-
-use the server's cipher preferences; only used for SSLV2.
-
-=item B<-starttls protocol>
-
-send the protocol-specific message(s) to switch to TLS for communication.
-B<protocol> is a keyword for the intended protocol.  Currently, the only
-supported keywords are "smtp", "pop3", "imap", and "ftp".
-
-=item B<-tlsextdebug>
-
-print out a hex dump of any TLS extensions received from the server.
-
-=item B<-no_ticket>
-
-disable RFC4507bis session ticket support. 
-
-=item B<-sess_out filename>
-
-output SSL session to B<filename>
-
-=item B<-sess_in sess.pem>
-
-load SSL session from B<filename>. The client will attempt to resume a
-connection from this session.
-
-=item B<-engine id>
-
-specifying an engine (by its unique B<id> string) will cause B<s_client>
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
-
-=item B<-rand file(s)>
-
-a file or files containing random data used to seed the random number
-generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
-Multiple files can be specified separated by a OS-dependent character.
-The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
-all others.
-
-=item B<-status>
-
-sends a certificate status request to the server (OCSP stapling). The server
-response (if any) is printed out.
-
-=item B<-nextprotoneg protocols>
-
-enable Next Protocol Negotiation TLS extension and provide a list of
-comma-separated protocol names that the client should advertise
-support for. The list should contain most wanted protocols first.
-Protocol names are printable ASCII strings, for example "http/1.1" or
-"spdy/3".
-Empty list of protocols is treated specially and will cause the client to
-advertise support for the TLS extension but disconnect just after
-reciving ServerHello with a list of server supported protocols.
-
-=back
-
-=head1 CONNECTED COMMANDS
-
-If a connection is established with an SSL server then any data received
-from the server is displayed and any key presses will be sent to the
-server. When used interactively (which means neither B<-quiet> nor B<-ign_eof>
-have been given), the session will be renegotiated if the line begins with an
-B<R>, and if the line begins with a B<Q> or if end of file is reached, the
-connection will be closed down.
-
-=head1 NOTES
-
-B<s_client> can be used to debug SSL servers. To connect to an SSL HTTP
-server the command:
-
- openssl s_client -connect servername:443
-
-would typically be used (https uses port 443). If the connection succeeds
-then an HTTP command can be given such as "GET /" to retrieve a web page.
-
-If the handshake fails then there are several possible causes, if it is
-nothing obvious like no client certificate then the B<-bugs>, B<-ssl2>,
-B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> options can be tried
-in case it is a buggy server. In particular you should play with these
-options B<before> submitting a bug report to an OpenSSL mailing list.
-
-A frequent problem when attempting to get client certificates working
-is that a web client complains it has no certificates or gives an empty
-list to choose from. This is normally because the server is not sending
-the clients certificate authority in its "acceptable CA list" when it
-requests a certificate. By using B<s_client> the CA list can be viewed
-and checked. However some servers only request client authentication
-after a specific URL is requested. To obtain the list in this case it
-is necessary to use the B<-prexit> option and send an HTTP request
-for an appropriate page.
-
-If a certificate is specified on the command line using the B<-cert>
-option it will not be used unless the server specifically requests
-a client certificate. Therefor merely including a client certificate
-on the command line is no guarantee that the certificate works.
-
-If there are problems verifying a server certificate then the
-B<-showcerts> option can be used to show the whole chain.
-
-Since the SSLv23 client hello cannot include compression methods or extensions
-these will only be supported if its use is disabled, for example by using the
-B<-no_sslv2> option.
-
-The B<s_client> utility is a test tool and is designed to continue the
-handshake after any certificate verification errors. As a result it will
-accept any certificate chain (trusted or not) sent by the peer. None test
-applications should B<not> do this as it makes them vulnerable to a MITM
-attack. This behaviour can be changed by with the B<-verify_return_error>
-option: any verify errors are then returned aborting the handshake.
-
-=head1 BUGS
-
-Because this program has a lot of options and also because some of
-the techniques used are rather old, the C source of s_client is rather
-hard to read and not a model of how things should be done. A typical
-SSL client program would be much simpler.
-
-The B<-prexit> option is a bit of a hack. We should really report
-information whenever a session is renegotiated.
-
-=head1 SEE ALSO
-
-L<sess_id(1)|sess_id(1)>, L<s_server(1)|s_server(1)>, L<ciphers(1)|ciphers(1)>
-
-=head1 HISTORY
-
-The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b.
-
-=cut

Copied: vendor-crypto/openssl/1.0.1u/doc/apps/s_client.pod (from rev 11605, vendor-crypto/openssl/dist/doc/apps/s_client.pod)
===================================================================
--- vendor-crypto/openssl/1.0.1u/doc/apps/s_client.pod	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/doc/apps/s_client.pod	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,350 @@
+
+=pod
+
+=head1 NAME
+
+s_client - SSL/TLS client program
+
+=head1 SYNOPSIS
+
+B<openssl> B<s_client>
+[B<-connect host:port>]
+[B<-servername name>]
+[B<-verify depth>]
+[B<-verify_return_error>]
+[B<-cert filename>]
+[B<-certform DER|PEM>]
+[B<-key filename>]
+[B<-keyform DER|PEM>]
+[B<-pass arg>]
+[B<-CApath directory>]
+[B<-CAfile filename>]
+[B<-no_alt_chains>]
+[B<-reconnect>]
+[B<-pause>]
+[B<-showcerts>]
+[B<-debug>]
+[B<-msg>]
+[B<-nbio_test>]
+[B<-state>]
+[B<-nbio>]
+[B<-crlf>]
+[B<-ign_eof>]
+[B<-no_ign_eof>]
+[B<-quiet>]
+[B<-ssl2>]
+[B<-ssl3>]
+[B<-tls1>]
+[B<-no_ssl2>]
+[B<-no_ssl3>]
+[B<-no_tls1>]
+[B<-bugs>]
+[B<-cipher cipherlist>]
+[B<-serverpref>]
+[B<-starttls protocol>]
+[B<-engine id>]
+[B<-tlsextdebug>]
+[B<-no_ticket>]
+[B<-sess_out filename>]
+[B<-sess_in filename>]
+[B<-rand file(s)>]
+[B<-status>]
+[B<-nextprotoneg protocols>]
+
+=head1 DESCRIPTION
+
+The B<s_client> command implements a generic SSL/TLS client which connects
+to a remote host using SSL/TLS. It is a I<very> useful diagnostic tool for
+SSL servers.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-connect host:port>
+
+This specifies the host and optional port to connect to. If not specified
+then an attempt is made to connect to the local host on port 4433.
+
+=item B<-servername name>
+
+Set the TLS SNI (Server Name Indication) extension in the ClientHello message.
+
+=item B<-cert certname>
+
+The certificate to use, if one is requested by the server. The default is
+not to use a certificate.
+
+=item B<-certform format>
+
+The certificate format to use: DER or PEM. PEM is the default.
+
+=item B<-key keyfile>
+
+The private key to use. If not specified then the certificate file will
+be used.
+
+=item B<-keyform format>
+
+The private format to use: DER or PEM. PEM is the default.
+
+=item B<-pass arg>
+
+the private key password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
+=item B<-verify depth>
+
+The verify depth to use. This specifies the maximum length of the
+server certificate chain and turns on server certificate verification.
+Currently the verify operation continues after errors so all the problems
+with a certificate chain can be seen. As a side effect the connection
+will never fail due to a server certificate verify failure.
+
+=item B<-verify_return_error>
+
+Return verification errors instead of continuing. This will typically
+abort the handshake with a fatal error.
+
+=item B<-CApath directory>
+
+The directory to use for server certificate verification. This directory
+must be in "hash format", see B<verify> for more information. These are
+also used when building the client certificate chain.
+
+=item B<-CAfile file>
+
+A file containing trusted certificates to use during server authentication
+and to use when attempting to build the client certificate chain.
+
+=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains>
+
+Set various certificate chain valiadition option. See the
+L<B<verify>|verify(1)> manual page for details.
+
+=item B<-reconnect>
+
+reconnects to the same server 5 times using the same session ID, this can
+be used as a test that session caching is working.
+
+=item B<-pause>
+
+pauses 1 second between each read and write call.
+
+=item B<-showcerts>
+
+display the whole server certificate chain: normally only the server
+certificate itself is displayed.
+
+=item B<-prexit>
+
+print session information when the program exits. This will always attempt
+to print out information even if the connection fails. Normally information
+will only be printed out once if the connection succeeds. This option is useful
+because the cipher in use may be renegotiated or the connection may fail
+because a client certificate is required or is requested only after an
+attempt is made to access a certain URL. Note: the output produced by this
+option is not always accurate because a connection might never have been
+established.
+
+=item B<-state>
+
+prints out the SSL session states.
+
+=item B<-debug>
+
+print extensive debugging information including a hex dump of all traffic.
+
+=item B<-msg>
+
+show all protocol messages with hex dump.
+
+=item B<-nbio_test>
+
+tests non-blocking I/O
+
+=item B<-nbio>
+
+turns on non-blocking I/O
+
+=item B<-crlf>
+
+this option translated a line feed from the terminal into CR+LF as required
+by some servers.
+
+=item B<-ign_eof>
+
+inhibit shutting down the connection when end of file is reached in the
+input.
+
+=item B<-quiet>
+
+inhibit printing of session and certificate information.  This implicitly
+turns on B<-ign_eof> as well.
+
+=item B<-no_ign_eof>
+
+shut down the connection when end of file is reached in the input.
+Can be used to override the implicit B<-ign_eof> after B<-quiet>.
+
+=item B<-psk_identity identity>
+
+Use the PSK identity B<identity> when using a PSK cipher suite.
+
+=item B<-psk key>
+
+Use the PSK key B<key> when using a PSK cipher suite. The key is
+given as a hexadecimal number without leading 0x, for example -psk
+1a2b3c4d.
+
+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
+
+These options require or disable the use of the specified SSL or TLS protocols.
+By default the initial handshake uses a I<version-flexible> method which will
+negotiate the highest mutually supported protocol version.
+
+=item B<-bugs>
+
+there are several known bug in SSL and TLS implementations. Adding this
+option enables various workarounds.
+
+=item B<-cipher cipherlist>
+
+this allows the cipher list sent by the client to be modified. Although
+the server determines which cipher suite is used it should take the first
+supported cipher in the list sent by the client. See the B<ciphers>
+command for more information.
+
+=item B<-serverpref>
+
+use the server's cipher preferences; only used for SSLV2.
+
+=item B<-starttls protocol>
+
+send the protocol-specific message(s) to switch to TLS for communication.
+B<protocol> is a keyword for the intended protocol.  Currently, the only
+supported keywords are "smtp", "pop3", "imap", and "ftp".
+
+=item B<-tlsextdebug>
+
+print out a hex dump of any TLS extensions received from the server.
+
+=item B<-no_ticket>
+
+disable RFC4507bis session ticket support. 
+
+=item B<-sess_out filename>
+
+output SSL session to B<filename>
+
+=item B<-sess_in sess.pem>
+
+load SSL session from B<filename>. The client will attempt to resume a
+connection from this session.
+
+=item B<-engine id>
+
+specifying an engine (by its unique B<id> string) will cause B<s_client>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item B<-status>
+
+sends a certificate status request to the server (OCSP stapling). The server
+response (if any) is printed out.
+
+=item B<-nextprotoneg protocols>
+
+enable Next Protocol Negotiation TLS extension and provide a list of
+comma-separated protocol names that the client should advertise
+support for. The list should contain most wanted protocols first.
+Protocol names are printable ASCII strings, for example "http/1.1" or
+"spdy/3".
+Empty list of protocols is treated specially and will cause the client to
+advertise support for the TLS extension but disconnect just after
+reciving ServerHello with a list of server supported protocols.
+
+=back
+
+=head1 CONNECTED COMMANDS
+
+If a connection is established with an SSL server then any data received
+from the server is displayed and any key presses will be sent to the
+server. When used interactively (which means neither B<-quiet> nor B<-ign_eof>
+have been given), the session will be renegotiated if the line begins with an
+B<R>, and if the line begins with a B<Q> or if end of file is reached, the
+connection will be closed down.
+
+=head1 NOTES
+
+B<s_client> can be used to debug SSL servers. To connect to an SSL HTTP
+server the command:
+
+ openssl s_client -connect servername:443
+
+would typically be used (https uses port 443). If the connection succeeds
+then an HTTP command can be given such as "GET /" to retrieve a web page.
+
+If the handshake fails then there are several possible causes, if it is
+nothing obvious like no client certificate then the B<-bugs>, B<-ssl2>,
+B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> options can be tried
+in case it is a buggy server. In particular you should play with these
+options B<before> submitting a bug report to an OpenSSL mailing list.
+
+A frequent problem when attempting to get client certificates working
+is that a web client complains it has no certificates or gives an empty
+list to choose from. This is normally because the server is not sending
+the clients certificate authority in its "acceptable CA list" when it
+requests a certificate. By using B<s_client> the CA list can be viewed
+and checked. However some servers only request client authentication
+after a specific URL is requested. To obtain the list in this case it
+is necessary to use the B<-prexit> option and send an HTTP request
+for an appropriate page.
+
+If a certificate is specified on the command line using the B<-cert>
+option it will not be used unless the server specifically requests
+a client certificate. Therefor merely including a client certificate
+on the command line is no guarantee that the certificate works.
+
+If there are problems verifying a server certificate then the
+B<-showcerts> option can be used to show the whole chain.
+
+Since the SSLv23 client hello cannot include compression methods or extensions
+these will only be supported if its use is disabled, for example by using the
+B<-no_sslv2> option.
+
+The B<s_client> utility is a test tool and is designed to continue the
+handshake after any certificate verification errors. As a result it will
+accept any certificate chain (trusted or not) sent by the peer. None test
+applications should B<not> do this as it makes them vulnerable to a MITM
+attack. This behaviour can be changed by with the B<-verify_return_error>
+option: any verify errors are then returned aborting the handshake.
+
+=head1 BUGS
+
+Because this program has a lot of options and also because some of
+the techniques used are rather old, the C source of s_client is rather
+hard to read and not a model of how things should be done. A typical
+SSL client program would be much simpler.
+
+The B<-prexit> option is a bit of a hack. We should really report
+information whenever a session is renegotiated.
+
+=head1 SEE ALSO
+
+L<sess_id(1)|sess_id(1)>, L<s_server(1)|s_server(1)>, L<ciphers(1)|ciphers(1)>
+
+=head1 HISTORY
+
+The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b.
+
+=cut

Deleted: vendor-crypto/openssl/1.0.1u/doc/apps/s_server.pod
===================================================================
--- vendor-crypto/openssl/dist/doc/apps/s_server.pod	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/doc/apps/s_server.pod	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,410 +0,0 @@
-
-=pod
-
-=head1 NAME
-
-s_server - SSL/TLS server program
-
-=head1 SYNOPSIS
-
-B<openssl> B<s_server>
-[B<-accept port>]
-[B<-context id>]
-[B<-verify depth>]
-[B<-Verify depth>]
-[B<-crl_check>]
-[B<-crl_check_all>]
-[B<-cert filename>]
-[B<-certform DER|PEM>]
-[B<-key keyfile>]
-[B<-keyform DER|PEM>]
-[B<-pass arg>]
-[B<-dcert filename>]
-[B<-dcertform DER|PEM>]
-[B<-dkey keyfile>]
-[B<-dkeyform DER|PEM>]
-[B<-dpass arg>]
-[B<-dhparam filename>]
-[B<-nbio>]
-[B<-nbio_test>]
-[B<-crlf>]
-[B<-debug>]
-[B<-msg>]
-[B<-state>]
-[B<-CApath directory>]
-[B<-CAfile filename>]
-[B<-no_alt_chains>]
-[B<-nocert>]
-[B<-cipher cipherlist>]
-[B<-serverpref>]
-[B<-quiet>]
-[B<-no_tmp_rsa>]
-[B<-ssl2>]
-[B<-ssl3>]
-[B<-tls1>]
-[B<-no_ssl2>]
-[B<-no_ssl3>]
-[B<-no_tls1>]
-[B<-no_dhe>]
-[B<-no_ecdhe>]
-[B<-bugs>]
-[B<-hack>]
-[B<-www>]
-[B<-WWW>]
-[B<-HTTP>]
-[B<-engine id>]
-[B<-tlsextdebug>]
-[B<-no_ticket>]
-[B<-id_prefix arg>]
-[B<-rand file(s)>]
-[B<-status>]
-[B<-status_verbose>]
-[B<-status_timeout nsec>]
-[B<-status_url url>]
-[B<-nextprotoneg protocols>]
-
-=head1 DESCRIPTION
-
-The B<s_server> command implements a generic SSL/TLS server which listens
-for connections on a given port using SSL/TLS.
-
-=head1 OPTIONS
-
-=over 4
-
-=item B<-accept port>
-
-the TCP port to listen on for connections. If not specified 4433 is used.
-
-=item B<-context id>
-
-sets the SSL context id. It can be given any string value. If this option
-is not present a default value will be used.
-
-=item B<-cert certname>
-
-The certificate to use, most servers cipher suites require the use of a
-certificate and some require a certificate with a certain public key type:
-for example the DSS cipher suites require a certificate containing a DSS
-(DSA) key. If not specified then the filename "server.pem" will be used.
-
-=item B<-certform format>
-
-The certificate format to use: DER or PEM. PEM is the default.
-
-=item B<-key keyfile>
-
-The private key to use. If not specified then the certificate file will
-be used.
-
-=item B<-keyform format>
-
-The private format to use: DER or PEM. PEM is the default.
-
-=item B<-pass arg>
-
-the private key password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
-
-=item B<-dcert filename>, B<-dkey keyname>
-
-specify an additional certificate and private key, these behave in the
-same manner as the B<-cert> and B<-key> options except there is no default
-if they are not specified (no additional certificate and key is used). As
-noted above some cipher suites require a certificate containing a key of
-a certain type. Some cipher suites need a certificate carrying an RSA key
-and some a DSS (DSA) key. By using RSA and DSS certificates and keys
-a server can support clients which only support RSA or DSS cipher suites
-by using an appropriate certificate.
-
-=item B<-dcertform format>, B<-dkeyform format>, B<-dpass arg>
-
-additional certificate and private key format and passphrase respectively.
-
-=item B<-nocert>
-
-if this option is set then no certificate is used. This restricts the
-cipher suites available to the anonymous ones (currently just anonymous
-DH).
-
-=item B<-dhparam filename>
-
-the DH parameter file to use. The ephemeral DH cipher suites generate keys
-using a set of DH parameters. If not specified then an attempt is made to
-load the parameters from the server certificate file. If this fails then
-a static set of parameters hard coded into the s_server program will be used.
-
-=item B<-no_dhe>
-
-if this option is set then no DH parameters will be loaded effectively
-disabling the ephemeral DH cipher suites.
-
-=item B<-no_ecdhe>
-
-if this option is set then no ECDH parameters will be loaded effectively
-disabling the ephemeral ECDH cipher suites.
-
-=item B<-no_tmp_rsa>
-
-certain export cipher suites sometimes use a temporary RSA key, this option
-disables temporary RSA key generation.
-
-=item B<-verify depth>, B<-Verify depth>
-
-The verify depth to use. This specifies the maximum length of the
-client certificate chain and makes the server request a certificate from
-the client. With the B<-verify> option a certificate is requested but the
-client does not have to send one, with the B<-Verify> option the client
-must supply a certificate or an error occurs.
-
-If the ciphersuite cannot request a client certificate (for example an
-anonymous ciphersuite or PSK) this option has no effect.
-
-=item B<-crl_check>, B<-crl_check_all>
-
-Check the peer certificate has not been revoked by its CA.
-The CRL(s) are appended to the certificate file. With the B<-crl_check_all>
-option all CRLs of all CAs in the chain are checked.
-
-=item B<-CApath directory>
-
-The directory to use for client certificate verification. This directory
-must be in "hash format", see B<verify> for more information. These are
-also used when building the server certificate chain.
-
-=item B<-CAfile file>
-
-A file containing trusted certificates to use during client authentication
-and to use when attempting to build the server certificate chain. The list
-is also used in the list of acceptable client CAs passed to the client when
-a certificate is requested.
-
-=item B<-no_alt_chains>
-
-See the L<B<verify>|verify(1)> manual page for details.
-
-=item B<-state>
-
-prints out the SSL session states.
-
-=item B<-debug>
-
-print extensive debugging information including a hex dump of all traffic.
-
-=item B<-msg>
-
-show all protocol messages with hex dump.
-
-=item B<-nbio_test>
-
-tests non blocking I/O
-
-=item B<-nbio>
-
-turns on non blocking I/O
-
-=item B<-crlf>
-
-this option translated a line feed from the terminal into CR+LF.
-
-=item B<-quiet>
-
-inhibit printing of session and certificate information.
-
-=item B<-psk_hint hint>
-
-Use the PSK identity hint B<hint> when using a PSK cipher suite.
-
-=item B<-psk key>
-
-Use the PSK key B<key> when using a PSK cipher suite. The key is
-given as a hexadecimal number without leading 0x, for example -psk
-1a2b3c4d.
-
-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
-
-these options disable the use of certain SSL or TLS protocols. By default
-the initial handshake uses a method which should be compatible with all
-servers and permit them to use SSL v3, SSL v2 or TLS as appropriate.
-
-=item B<-bugs>
-
-there are several known bug in SSL and TLS implementations. Adding this
-option enables various workarounds.
-
-=item B<-hack>
-
-this option enables a further workaround for some some early Netscape
-SSL code (?).
-
-=item B<-cipher cipherlist>
-
-this allows the cipher list used by the server to be modified.  When
-the client sends a list of supported ciphers the first client cipher
-also included in the server list is used. Because the client specifies
-the preference order, the order of the server cipherlist irrelevant. See
-the B<ciphers> command for more information.
-
-=item B<-serverpref>
-
-use the server's cipher preferences, rather than the client's preferences.
-
-=item B<-tlsextdebug>
-
-print out a hex dump of any TLS extensions received from the server.
-
-=item B<-no_ticket>
-
-disable RFC4507bis session ticket support. 
-
-=item B<-www>
-
-sends a status message back to the client when it connects. This includes
-lots of information about the ciphers used and various session parameters.
-The output is in HTML format so this option will normally be used with a
-web browser.
-
-=item B<-WWW>
-
-emulates a simple web server. Pages will be resolved relative to the
-current directory, for example if the URL https://myhost/page.html is
-requested the file ./page.html will be loaded.
-
-=item B<-HTTP>
-
-emulates a simple web server. Pages will be resolved relative to the
-current directory, for example if the URL https://myhost/page.html is
-requested the file ./page.html will be loaded. The files loaded are
-assumed to contain a complete and correct HTTP response (lines that
-are part of the HTTP response line and headers must end with CRLF).
-
-=item B<-engine id>
-
-specifying an engine (by its unique B<id> string) will cause B<s_server>
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
-
-=item B<-id_prefix arg>
-
-generate SSL/TLS session IDs prefixed by B<arg>. This is mostly useful
-for testing any SSL/TLS code (eg. proxies) that wish to deal with multiple
-servers, when each of which might be generating a unique range of session
-IDs (eg. with a certain prefix).
-
-=item B<-rand file(s)>
-
-a file or files containing random data used to seed the random number
-generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
-Multiple files can be specified separated by a OS-dependent character.
-The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
-all others.
-
-=item B<-status>
-
-enables certificate status request support (aka OCSP stapling).
-
-=item B<-status_verbose>
-
-enables certificate status request support (aka OCSP stapling) and gives
-a verbose printout of the OCSP response.
-
-=item B<-status_timeout nsec>
-
-sets the timeout for OCSP response to B<nsec> seconds.
-
-=item B<-status_url url>
-
-sets a fallback responder URL to use if no responder URL is present in the
-server certificate. Without this option an error is returned if the server
-certificate does not contain a responder address.
-
-=item B<-nextprotoneg protocols>
-
-enable Next Protocol Negotiation TLS extension and provide a
-comma-separated list of supported protocol names.
-The list should contain most wanted protocols first.
-Protocol names are printable ASCII strings, for example "http/1.1" or
-"spdy/3".
-
-=back
-
-=head1 CONNECTED COMMANDS
-
-If a connection request is established with an SSL client and neither the
-B<-www> nor the B<-WWW> option has been used then normally any data received
-from the client is displayed and any key presses will be sent to the client. 
-
-Certain single letter commands are also recognized which perform special
-operations: these are listed below.
-
-=over 4
-
-=item B<q>
-
-end the current SSL connection but still accept new connections.
-
-=item B<Q>
-
-end the current SSL connection and exit.
-
-=item B<r>
-
-renegotiate the SSL session.
-
-=item B<R>
-
-renegotiate the SSL session and request a client certificate.
-
-=item B<P>
-
-send some plain text down the underlying TCP connection: this should
-cause the client to disconnect due to a protocol violation.
-
-=item B<S>
-
-print out some session cache status information.
-
-=back
-
-=head1 NOTES
-
-B<s_server> can be used to debug SSL clients. To accept connections from
-a web browser the command:
-
- openssl s_server -accept 443 -www
-
-can be used for example.
-
-Most web browsers (in particular Netscape and MSIE) only support RSA cipher
-suites, so they cannot connect to servers which don't use a certificate
-carrying an RSA key or a version of OpenSSL with RSA disabled.
-
-Although specifying an empty list of CAs when requesting a client certificate
-is strictly speaking a protocol violation, some SSL clients interpret this to
-mean any CA is acceptable. This is useful for debugging purposes.
-
-The session parameters can printed out using the B<sess_id> program.
-
-=head1 BUGS
-
-Because this program has a lot of options and also because some of
-the techniques used are rather old, the C source of s_server is rather
-hard to read and not a model of how things should be done. A typical
-SSL server program would be much simpler.
-
-The output of common ciphers is wrong: it just gives the list of ciphers that
-OpenSSL recognizes and the client supports.
-
-There should be a way for the B<s_server> program to print out details of any
-unknown cipher suites a client says it supports.
-
-=head1 SEE ALSO
-
-L<sess_id(1)|sess_id(1)>, L<s_client(1)|s_client(1)>, L<ciphers(1)|ciphers(1)>
-
-=head1 HISTORY
-
-The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b.
-
-=cut

Copied: vendor-crypto/openssl/1.0.1u/doc/apps/s_server.pod (from rev 11605, vendor-crypto/openssl/dist/doc/apps/s_server.pod)
===================================================================
--- vendor-crypto/openssl/1.0.1u/doc/apps/s_server.pod	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/doc/apps/s_server.pod	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,410 @@
+
+=pod
+
+=head1 NAME
+
+s_server - SSL/TLS server program
+
+=head1 SYNOPSIS
+
+B<openssl> B<s_server>
+[B<-accept port>]
+[B<-context id>]
+[B<-verify depth>]
+[B<-Verify depth>]
+[B<-crl_check>]
+[B<-crl_check_all>]
+[B<-cert filename>]
+[B<-certform DER|PEM>]
+[B<-key keyfile>]
+[B<-keyform DER|PEM>]
+[B<-pass arg>]
+[B<-dcert filename>]
+[B<-dcertform DER|PEM>]
+[B<-dkey keyfile>]
+[B<-dkeyform DER|PEM>]
+[B<-dpass arg>]
+[B<-dhparam filename>]
+[B<-nbio>]
+[B<-nbio_test>]
+[B<-crlf>]
+[B<-debug>]
+[B<-msg>]
+[B<-state>]
+[B<-CApath directory>]
+[B<-CAfile filename>]
+[B<-no_alt_chains>]
+[B<-nocert>]
+[B<-cipher cipherlist>]
+[B<-serverpref>]
+[B<-quiet>]
+[B<-no_tmp_rsa>]
+[B<-ssl2>]
+[B<-ssl3>]
+[B<-tls1>]
+[B<-no_ssl2>]
+[B<-no_ssl3>]
+[B<-no_tls1>]
+[B<-no_dhe>]
+[B<-no_ecdhe>]
+[B<-bugs>]
+[B<-hack>]
+[B<-www>]
+[B<-WWW>]
+[B<-HTTP>]
+[B<-engine id>]
+[B<-tlsextdebug>]
+[B<-no_ticket>]
+[B<-id_prefix arg>]
+[B<-rand file(s)>]
+[B<-status>]
+[B<-status_verbose>]
+[B<-status_timeout nsec>]
+[B<-status_url url>]
+[B<-nextprotoneg protocols>]
+
+=head1 DESCRIPTION
+
+The B<s_server> command implements a generic SSL/TLS server which listens
+for connections on a given port using SSL/TLS.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-accept port>
+
+the TCP port to listen on for connections. If not specified 4433 is used.
+
+=item B<-context id>
+
+sets the SSL context id. It can be given any string value. If this option
+is not present a default value will be used.
+
+=item B<-cert certname>
+
+The certificate to use, most servers cipher suites require the use of a
+certificate and some require a certificate with a certain public key type:
+for example the DSS cipher suites require a certificate containing a DSS
+(DSA) key. If not specified then the filename "server.pem" will be used.
+
+=item B<-certform format>
+
+The certificate format to use: DER or PEM. PEM is the default.
+
+=item B<-key keyfile>
+
+The private key to use. If not specified then the certificate file will
+be used.
+
+=item B<-keyform format>
+
+The private format to use: DER or PEM. PEM is the default.
+
+=item B<-pass arg>
+
+the private key password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
+=item B<-dcert filename>, B<-dkey keyname>
+
+specify an additional certificate and private key, these behave in the
+same manner as the B<-cert> and B<-key> options except there is no default
+if they are not specified (no additional certificate and key is used). As
+noted above some cipher suites require a certificate containing a key of
+a certain type. Some cipher suites need a certificate carrying an RSA key
+and some a DSS (DSA) key. By using RSA and DSS certificates and keys
+a server can support clients which only support RSA or DSS cipher suites
+by using an appropriate certificate.
+
+=item B<-dcertform format>, B<-dkeyform format>, B<-dpass arg>
+
+additional certificate and private key format and passphrase respectively.
+
+=item B<-nocert>
+
+if this option is set then no certificate is used. This restricts the
+cipher suites available to the anonymous ones (currently just anonymous
+DH).
+
+=item B<-dhparam filename>
+
+the DH parameter file to use. The ephemeral DH cipher suites generate keys
+using a set of DH parameters. If not specified then an attempt is made to
+load the parameters from the server certificate file. If this fails then
+a static set of parameters hard coded into the s_server program will be used.
+
+=item B<-no_dhe>
+
+if this option is set then no DH parameters will be loaded effectively
+disabling the ephemeral DH cipher suites.
+
+=item B<-no_ecdhe>
+
+if this option is set then no ECDH parameters will be loaded effectively
+disabling the ephemeral ECDH cipher suites.
+
+=item B<-no_tmp_rsa>
+
+certain export cipher suites sometimes use a temporary RSA key, this option
+disables temporary RSA key generation.
+
+=item B<-verify depth>, B<-Verify depth>
+
+The verify depth to use. This specifies the maximum length of the
+client certificate chain and makes the server request a certificate from
+the client. With the B<-verify> option a certificate is requested but the
+client does not have to send one, with the B<-Verify> option the client
+must supply a certificate or an error occurs.
+
+If the ciphersuite cannot request a client certificate (for example an
+anonymous ciphersuite or PSK) this option has no effect.
+
+=item B<-crl_check>, B<-crl_check_all>
+
+Check the peer certificate has not been revoked by its CA.
+The CRL(s) are appended to the certificate file. With the B<-crl_check_all>
+option all CRLs of all CAs in the chain are checked.
+
+=item B<-CApath directory>
+
+The directory to use for client certificate verification. This directory
+must be in "hash format", see B<verify> for more information. These are
+also used when building the server certificate chain.
+
+=item B<-CAfile file>
+
+A file containing trusted certificates to use during client authentication
+and to use when attempting to build the server certificate chain. The list
+is also used in the list of acceptable client CAs passed to the client when
+a certificate is requested.
+
+=item B<-no_alt_chains>
+
+See the L<B<verify>|verify(1)> manual page for details.
+
+=item B<-state>
+
+prints out the SSL session states.
+
+=item B<-debug>
+
+print extensive debugging information including a hex dump of all traffic.
+
+=item B<-msg>
+
+show all protocol messages with hex dump.
+
+=item B<-nbio_test>
+
+tests non blocking I/O
+
+=item B<-nbio>
+
+turns on non blocking I/O
+
+=item B<-crlf>
+
+this option translated a line feed from the terminal into CR+LF.
+
+=item B<-quiet>
+
+inhibit printing of session and certificate information.
+
+=item B<-psk_hint hint>
+
+Use the PSK identity hint B<hint> when using a PSK cipher suite.
+
+=item B<-psk key>
+
+Use the PSK key B<key> when using a PSK cipher suite. The key is
+given as a hexadecimal number without leading 0x, for example -psk
+1a2b3c4d.
+
+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
+
+These options require or disable the use of the specified SSL or TLS protocols.
+By default the initial handshake uses a I<version-flexible> method which will
+negotiate the highest mutually supported protocol version.
+
+=item B<-bugs>
+
+there are several known bug in SSL and TLS implementations. Adding this
+option enables various workarounds.
+
+=item B<-hack>
+
+this option enables a further workaround for some some early Netscape
+SSL code (?).
+
+=item B<-cipher cipherlist>
+
+this allows the cipher list used by the server to be modified.  When
+the client sends a list of supported ciphers the first client cipher
+also included in the server list is used. Because the client specifies
+the preference order, the order of the server cipherlist irrelevant. See
+the B<ciphers> command for more information.
+
+=item B<-serverpref>
+
+use the server's cipher preferences, rather than the client's preferences.
+
+=item B<-tlsextdebug>
+
+print out a hex dump of any TLS extensions received from the server.
+
+=item B<-no_ticket>
+
+disable RFC4507bis session ticket support. 
+
+=item B<-www>
+
+sends a status message back to the client when it connects. This includes
+lots of information about the ciphers used and various session parameters.
+The output is in HTML format so this option will normally be used with a
+web browser.
+
+=item B<-WWW>
+
+emulates a simple web server. Pages will be resolved relative to the
+current directory, for example if the URL https://myhost/page.html is
+requested the file ./page.html will be loaded.
+
+=item B<-HTTP>
+
+emulates a simple web server. Pages will be resolved relative to the
+current directory, for example if the URL https://myhost/page.html is
+requested the file ./page.html will be loaded. The files loaded are
+assumed to contain a complete and correct HTTP response (lines that
+are part of the HTTP response line and headers must end with CRLF).
+
+=item B<-engine id>
+
+specifying an engine (by its unique B<id> string) will cause B<s_server>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
+=item B<-id_prefix arg>
+
+generate SSL/TLS session IDs prefixed by B<arg>. This is mostly useful
+for testing any SSL/TLS code (eg. proxies) that wish to deal with multiple
+servers, when each of which might be generating a unique range of session
+IDs (eg. with a certain prefix).
+
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item B<-status>
+
+enables certificate status request support (aka OCSP stapling).
+
+=item B<-status_verbose>
+
+enables certificate status request support (aka OCSP stapling) and gives
+a verbose printout of the OCSP response.
+
+=item B<-status_timeout nsec>
+
+sets the timeout for OCSP response to B<nsec> seconds.
+
+=item B<-status_url url>
+
+sets a fallback responder URL to use if no responder URL is present in the
+server certificate. Without this option an error is returned if the server
+certificate does not contain a responder address.
+
+=item B<-nextprotoneg protocols>
+
+enable Next Protocol Negotiation TLS extension and provide a
+comma-separated list of supported protocol names.
+The list should contain most wanted protocols first.
+Protocol names are printable ASCII strings, for example "http/1.1" or
+"spdy/3".
+
+=back
+
+=head1 CONNECTED COMMANDS
+
+If a connection request is established with an SSL client and neither the
+B<-www> nor the B<-WWW> option has been used then normally any data received
+from the client is displayed and any key presses will be sent to the client. 
+
+Certain single letter commands are also recognized which perform special
+operations: these are listed below.
+
+=over 4
+
+=item B<q>
+
+end the current SSL connection but still accept new connections.
+
+=item B<Q>
+
+end the current SSL connection and exit.
+
+=item B<r>
+
+renegotiate the SSL session.
+
+=item B<R>
+
+renegotiate the SSL session and request a client certificate.
+
+=item B<P>
+
+send some plain text down the underlying TCP connection: this should
+cause the client to disconnect due to a protocol violation.
+
+=item B<S>
+
+print out some session cache status information.
+
+=back
+
+=head1 NOTES
+
+B<s_server> can be used to debug SSL clients. To accept connections from
+a web browser the command:
+
+ openssl s_server -accept 443 -www
+
+can be used for example.
+
+Most web browsers (in particular Netscape and MSIE) only support RSA cipher
+suites, so they cannot connect to servers which don't use a certificate
+carrying an RSA key or a version of OpenSSL with RSA disabled.
+
+Although specifying an empty list of CAs when requesting a client certificate
+is strictly speaking a protocol violation, some SSL clients interpret this to
+mean any CA is acceptable. This is useful for debugging purposes.
+
+The session parameters can printed out using the B<sess_id> program.
+
+=head1 BUGS
+
+Because this program has a lot of options and also because some of
+the techniques used are rather old, the C source of s_server is rather
+hard to read and not a model of how things should be done. A typical
+SSL server program would be much simpler.
+
+The output of common ciphers is wrong: it just gives the list of ciphers that
+OpenSSL recognizes and the client supports.
+
+There should be a way for the B<s_server> program to print out details of any
+unknown cipher suites a client says it supports.
+
+=head1 SEE ALSO
+
+L<sess_id(1)|sess_id(1)>, L<s_client(1)|s_client(1)>, L<ciphers(1)|ciphers(1)>
+
+=head1 HISTORY
+
+The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b.
+
+=cut

Deleted: vendor-crypto/openssl/1.0.1u/doc/apps/s_time.pod
===================================================================
--- vendor-crypto/openssl/dist/doc/apps/s_time.pod	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/doc/apps/s_time.pod	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,173 +0,0 @@
-
-=pod
-
-=head1 NAME
-
-s_time - SSL/TLS performance timing program
-
-=head1 SYNOPSIS
-
-B<openssl> B<s_time>
-[B<-connect host:port>]
-[B<-www page>]
-[B<-cert filename>]
-[B<-key filename>]
-[B<-CApath directory>]
-[B<-CAfile filename>]
-[B<-reuse>]
-[B<-new>]
-[B<-verify depth>]
-[B<-nbio>]
-[B<-time seconds>]
-[B<-ssl2>]
-[B<-ssl3>]
-[B<-bugs>]
-[B<-cipher cipherlist>]
-
-=head1 DESCRIPTION
-
-The B<s_client> command implements a generic SSL/TLS client which connects to a
-remote host using SSL/TLS. It can request a page from the server and includes
-the time to transfer the payload data in its timing measurements. It measures
-the number of connections within a given timeframe, the amount of data
-transferred (if any), and calculates the average time spent for one connection.
-
-=head1 OPTIONS
-
-=over 4
-
-=item B<-connect host:port>
-
-This specifies the host and optional port to connect to.
-
-=item B<-www page>
-
-This specifies the page to GET from the server. A value of '/' gets the
-index.htm[l] page. If this parameter is not specified, then B<s_time> will only
-perform the handshake to establish SSL connections but not transfer any
-payload data.
-
-=item B<-cert certname>
-
-The certificate to use, if one is requested by the server. The default is
-not to use a certificate. The file is in PEM format.
-
-=item B<-key keyfile>
-
-The private key to use. If not specified then the certificate file will
-be used. The file is in PEM format.
-
-=item B<-verify depth>
-
-The verify depth to use. This specifies the maximum length of the
-server certificate chain and turns on server certificate verification.
-Currently the verify operation continues after errors so all the problems
-with a certificate chain can be seen. As a side effect the connection
-will never fail due to a server certificate verify failure.
-
-=item B<-CApath directory>
-
-The directory to use for server certificate verification. This directory
-must be in "hash format", see B<verify> for more information. These are
-also used when building the client certificate chain.
-
-=item B<-CAfile file>
-
-A file containing trusted certificates to use during server authentication
-and to use when attempting to build the client certificate chain.
-
-=item B<-new>
-
-performs the timing test using a new session ID for each connection.
-If neither B<-new> nor B<-reuse> are specified, they are both on by default
-and executed in sequence.
-
-=item B<-reuse>
-
-performs the timing test using the same session ID; this can be used as a test
-that session caching is working. If neither B<-new> nor B<-reuse> are
-specified, they are both on by default and executed in sequence.
-
-=item B<-nbio>
-
-turns on non-blocking I/O.
-
-=item B<-ssl2>, B<-ssl3>
-
-these options disable the use of certain SSL or TLS protocols. By default
-the initial handshake uses a method which should be compatible with all
-servers and permit them to use SSL v3, SSL v2 or TLS as appropriate.
-The timing program is not as rich in options to turn protocols on and off as
-the L<s_client(1)|s_client(1)> program and may not connect to all servers.
-
-Unfortunately there are a lot of ancient and broken servers in use which
-cannot handle this technique and will fail to connect. Some servers only
-work if TLS is turned off with the B<-ssl3> option; others
-will only support SSL v2 and may need the B<-ssl2> option.
-
-=item B<-bugs>
-
-there are several known bug in SSL and TLS implementations. Adding this
-option enables various workarounds.
-
-=item B<-cipher cipherlist>
-
-this allows the cipher list sent by the client to be modified. Although
-the server determines which cipher suite is used it should take the first
-supported cipher in the list sent by the client.
-See the L<ciphers(1)|ciphers(1)> command for more information.
-
-=item B<-time length>
-
-specifies how long (in seconds) B<s_time> should establish connections and
-optionally transfer payload data from a server. Server and client performance
-and the link speed determine how many connections B<s_time> can establish.
-
-=back
-
-=head1 NOTES
-
-B<s_client> can be used to measure the performance of an SSL connection.
-To connect to an SSL HTTP server and get the default page the command
-
- openssl s_time -connect servername:443 -www / -CApath yourdir -CAfile yourfile.pem -cipher commoncipher [-ssl3]
-
-would typically be used (https uses port 443). 'commoncipher' is a cipher to
-which both client and server can agree, see the L<ciphers(1)|ciphers(1)> command
-for details.
-
-If the handshake fails then there are several possible causes, if it is
-nothing obvious like no client certificate then the B<-bugs>, B<-ssl2>,
-B<-ssl3> options can be tried
-in case it is a buggy server. In particular you should play with these
-options B<before> submitting a bug report to an OpenSSL mailing list.
-
-A frequent problem when attempting to get client certificates working
-is that a web client complains it has no certificates or gives an empty
-list to choose from. This is normally because the server is not sending
-the clients certificate authority in its "acceptable CA list" when it
-requests a certificate. By using L<s_client(1)|s_client(1)> the CA list can be
-viewed and checked. However some servers only request client authentication
-after a specific URL is requested. To obtain the list in this case it
-is necessary to use the B<-prexit> option of L<s_client(1)|s_client(1)> and
-send an HTTP request for an appropriate page.
-
-If a certificate is specified on the command line using the B<-cert>
-option it will not be used unless the server specifically requests
-a client certificate. Therefor merely including a client certificate
-on the command line is no guarantee that the certificate works.
-
-=head1 BUGS
-
-Because this program does not have all the options of the
-L<s_client(1)|s_client(1)> program to turn protocols on and off, you may not be
-able to measure the performance of all protocols with all servers.
-
-The B<-verify> option should really exit if the server verification
-fails.
-
-=head1 SEE ALSO
-
-L<s_client(1)|s_client(1)>, L<s_server(1)|s_server(1)>, L<ciphers(1)|ciphers(1)>
-
-=cut

Copied: vendor-crypto/openssl/1.0.1u/doc/apps/s_time.pod (from rev 11605, vendor-crypto/openssl/dist/doc/apps/s_time.pod)
===================================================================
--- vendor-crypto/openssl/1.0.1u/doc/apps/s_time.pod	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/doc/apps/s_time.pod	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,173 @@
+
+=pod
+
+=head1 NAME
+
+s_time - SSL/TLS performance timing program
+
+=head1 SYNOPSIS
+
+B<openssl> B<s_time>
+[B<-connect host:port>]
+[B<-www page>]
+[B<-cert filename>]
+[B<-key filename>]
+[B<-CApath directory>]
+[B<-CAfile filename>]
+[B<-reuse>]
+[B<-new>]
+[B<-verify depth>]
+[B<-nbio>]
+[B<-time seconds>]
+[B<-ssl2>]
+[B<-ssl3>]
+[B<-bugs>]
+[B<-cipher cipherlist>]
+
+=head1 DESCRIPTION
+
+The B<s_time> command implements a generic SSL/TLS client which connects to a
+remote host using SSL/TLS. It can request a page from the server and includes
+the time to transfer the payload data in its timing measurements. It measures
+the number of connections within a given timeframe, the amount of data
+transferred (if any), and calculates the average time spent for one connection.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-connect host:port>
+
+This specifies the host and optional port to connect to.
+
+=item B<-www page>
+
+This specifies the page to GET from the server. A value of '/' gets the
+index.htm[l] page. If this parameter is not specified, then B<s_time> will only
+perform the handshake to establish SSL connections but not transfer any
+payload data.
+
+=item B<-cert certname>
+
+The certificate to use, if one is requested by the server. The default is
+not to use a certificate. The file is in PEM format.
+
+=item B<-key keyfile>
+
+The private key to use. If not specified then the certificate file will
+be used. The file is in PEM format.
+
+=item B<-verify depth>
+
+The verify depth to use. This specifies the maximum length of the
+server certificate chain and turns on server certificate verification.
+Currently the verify operation continues after errors so all the problems
+with a certificate chain can be seen. As a side effect the connection
+will never fail due to a server certificate verify failure.
+
+=item B<-CApath directory>
+
+The directory to use for server certificate verification. This directory
+must be in "hash format", see B<verify> for more information. These are
+also used when building the client certificate chain.
+
+=item B<-CAfile file>
+
+A file containing trusted certificates to use during server authentication
+and to use when attempting to build the client certificate chain.
+
+=item B<-new>
+
+performs the timing test using a new session ID for each connection.
+If neither B<-new> nor B<-reuse> are specified, they are both on by default
+and executed in sequence.
+
+=item B<-reuse>
+
+performs the timing test using the same session ID; this can be used as a test
+that session caching is working. If neither B<-new> nor B<-reuse> are
+specified, they are both on by default and executed in sequence.
+
+=item B<-nbio>
+
+turns on non-blocking I/O.
+
+=item B<-ssl2>, B<-ssl3>
+
+these options disable the use of certain SSL or TLS protocols. By default
+the initial handshake uses a method which should be compatible with all
+servers and permit them to use SSL v3, SSL v2 or TLS as appropriate.
+The timing program is not as rich in options to turn protocols on and off as
+the L<s_client(1)|s_client(1)> program and may not connect to all servers.
+
+Unfortunately there are a lot of ancient and broken servers in use which
+cannot handle this technique and will fail to connect. Some servers only
+work if TLS is turned off with the B<-ssl3> option; others
+will only support SSL v2 and may need the B<-ssl2> option.
+
+=item B<-bugs>
+
+there are several known bug in SSL and TLS implementations. Adding this
+option enables various workarounds.
+
+=item B<-cipher cipherlist>
+
+this allows the cipher list sent by the client to be modified. Although
+the server determines which cipher suite is used it should take the first
+supported cipher in the list sent by the client.
+See the L<ciphers(1)|ciphers(1)> command for more information.
+
+=item B<-time length>
+
+specifies how long (in seconds) B<s_time> should establish connections and
+optionally transfer payload data from a server. Server and client performance
+and the link speed determine how many connections B<s_time> can establish.
+
+=back
+
+=head1 NOTES
+
+B<s_time> can be used to measure the performance of an SSL connection.
+To connect to an SSL HTTP server and get the default page the command
+
+ openssl s_time -connect servername:443 -www / -CApath yourdir -CAfile yourfile.pem -cipher commoncipher [-ssl3]
+
+would typically be used (https uses port 443). 'commoncipher' is a cipher to
+which both client and server can agree, see the L<ciphers(1)|ciphers(1)> command
+for details.
+
+If the handshake fails then there are several possible causes, if it is
+nothing obvious like no client certificate then the B<-bugs>, B<-ssl2>,
+B<-ssl3> options can be tried
+in case it is a buggy server. In particular you should play with these
+options B<before> submitting a bug report to an OpenSSL mailing list.
+
+A frequent problem when attempting to get client certificates working
+is that a web client complains it has no certificates or gives an empty
+list to choose from. This is normally because the server is not sending
+the clients certificate authority in its "acceptable CA list" when it
+requests a certificate. By using L<s_client(1)|s_client(1)> the CA list can be
+viewed and checked. However some servers only request client authentication
+after a specific URL is requested. To obtain the list in this case it
+is necessary to use the B<-prexit> option of L<s_client(1)|s_client(1)> and
+send an HTTP request for an appropriate page.
+
+If a certificate is specified on the command line using the B<-cert>
+option it will not be used unless the server specifically requests
+a client certificate. Therefor merely including a client certificate
+on the command line is no guarantee that the certificate works.
+
+=head1 BUGS
+
+Because this program does not have all the options of the
+L<s_client(1)|s_client(1)> program to turn protocols on and off, you may not be
+able to measure the performance of all protocols with all servers.
+
+The B<-verify> option should really exit if the server verification
+fails.
+
+=head1 SEE ALSO
+
+L<s_client(1)|s_client(1)>, L<s_server(1)|s_server(1)>, L<ciphers(1)|ciphers(1)>
+
+=cut

Deleted: vendor-crypto/openssl/1.0.1u/doc/apps/smime.pod
===================================================================
--- vendor-crypto/openssl/dist/doc/apps/smime.pod	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/doc/apps/smime.pod	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,447 +0,0 @@
-=pod
-
-=head1 NAME
-
-smime - S/MIME utility
-
-=head1 SYNOPSIS
-
-B<openssl> B<smime>
-[B<-encrypt>]
-[B<-decrypt>]
-[B<-sign>]
-[B<-resign>]
-[B<-verify>]
-[B<-pk7out>]
-[B<-[cipher]>]
-[B<-in file>]
-[B<-no_alt_chains>]
-[B<-certfile file>]
-[B<-signer file>]
-[B<-recip  file>]
-[B<-inform SMIME|PEM|DER>]
-[B<-passin arg>]
-[B<-inkey file>]
-[B<-out file>]
-[B<-outform SMIME|PEM|DER>]
-[B<-content file>]
-[B<-to addr>]
-[B<-from ad>]
-[B<-subject s>]
-[B<-text>]
-[B<-indef>]
-[B<-noindef>]
-[B<-stream>]
-[B<-rand file(s)>]
-[B<-md digest>]
-[cert.pem]...
-
-=head1 DESCRIPTION
-
-The B<smime> command handles S/MIME mail. It can encrypt, decrypt, sign and
-verify S/MIME messages.
-
-=head1 COMMAND OPTIONS
-
-There are six operation options that set the type of operation to be performed.
-The meaning of the other options varies according to the operation type.
-
-=over 4
-
-=item B<-encrypt>
-
-encrypt mail for the given recipient certificates. Input file is the message
-to be encrypted. The output file is the encrypted mail in MIME format.
-
-=item B<-decrypt>
-
-decrypt mail using the supplied certificate and private key. Expects an
-encrypted mail message in MIME format for the input file. The decrypted mail
-is written to the output file.
-
-=item B<-sign>
-
-sign mail using the supplied certificate and private key. Input file is
-the message to be signed. The signed message in MIME format is written
-to the output file.
-
-=item B<-verify>
-
-verify signed mail. Expects a signed mail message on input and outputs
-the signed data. Both clear text and opaque signing is supported.
-
-=item B<-pk7out>
-
-takes an input message and writes out a PEM encoded PKCS#7 structure.
-
-=item B<-resign>
-
-resign a message: take an existing message and one or more new signers.
-
-=item B<-in filename>
-
-the input message to be encrypted or signed or the MIME message to
-be decrypted or verified.
-
-=item B<-inform SMIME|PEM|DER>
-
-this specifies the input format for the PKCS#7 structure. The default
-is B<SMIME> which reads an S/MIME format message. B<PEM> and B<DER>
-format change this to expect PEM and DER format PKCS#7 structures
-instead. This currently only affects the input format of the PKCS#7
-structure, if no PKCS#7 structure is being input (for example with
-B<-encrypt> or B<-sign>) this option has no effect.
-
-=item B<-out filename>
-
-the message text that has been decrypted or verified or the output MIME
-format message that has been signed or verified.
-
-=item B<-outform SMIME|PEM|DER>
-
-this specifies the output format for the PKCS#7 structure. The default
-is B<SMIME> which write an S/MIME format message. B<PEM> and B<DER>
-format change this to write PEM and DER format PKCS#7 structures
-instead. This currently only affects the output format of the PKCS#7
-structure, if no PKCS#7 structure is being output (for example with
-B<-verify> or B<-decrypt>) this option has no effect.
-
-=item B<-stream -indef -noindef>
-
-the B<-stream> and B<-indef> options are equivalent and enable streaming I/O
-for encoding operations. This permits single pass processing of data without
-the need to hold the entire contents in memory, potentially supporting very
-large files. Streaming is automatically set for S/MIME signing with detached
-data if the output format is B<SMIME> it is currently off by default for all
-other operations.
-
-=item B<-noindef>
-
-disable streaming I/O where it would produce and indefinite length constructed
-encoding. This option currently has no effect. In future streaming will be
-enabled by default on all relevant operations and this option will disable it.
-
-=item B<-content filename>
-
-This specifies a file containing the detached content, this is only
-useful with the B<-verify> command. This is only usable if the PKCS#7
-structure is using the detached signature form where the content is
-not included. This option will override any content if the input format
-is S/MIME and it uses the multipart/signed MIME content type.
-
-=item B<-text>
-
-this option adds plain text (text/plain) MIME headers to the supplied
-message if encrypting or signing. If decrypting or verifying it strips
-off text headers: if the decrypted or verified message is not of MIME 
-type text/plain then an error occurs.
-
-=item B<-CAfile file>
-
-a file containing trusted CA certificates, only used with B<-verify>.
-
-=item B<-CApath dir>
-
-a directory containing trusted CA certificates, only used with
-B<-verify>. This directory must be a standard certificate directory: that
-is a hash of each subject name (using B<x509 -hash>) should be linked
-to each certificate.
-
-=item B<-md digest>
-
-digest algorithm to use when signing or resigning. If not present then the
-default digest algorithm for the signing key will be used (usually SHA1).
-
-=item B<-[cipher]>
-
-the encryption algorithm to use. For example DES  (56 bits) - B<-des>,
-triple DES (168 bits) - B<-des3>,
-EVP_get_cipherbyname() function) can also be used preceded by a dash, for 
-example B<-aes_128_cbc>. See L<B<enc>|enc(1)> for list of ciphers
-supported by your version of OpenSSL.
-
-If not specified triple DES is used. Only used with B<-encrypt>.
-
-=item B<-nointern>
-
-when verifying a message normally certificates (if any) included in
-the message are searched for the signing certificate. With this option
-only the certificates specified in the B<-certfile> option are used.
-The supplied certificates can still be used as untrusted CAs however.
-
-=item B<-noverify>
-
-do not verify the signers certificate of a signed message.
-
-=item B<-nochain>
-
-do not do chain verification of signers certificates: that is don't
-use the certificates in the signed message as untrusted CAs.
-
-=item B<-nosigs>
-
-don't try to verify the signatures on the message.
-
-=item B<-nocerts>
-
-when signing a message the signer's certificate is normally included
-with this option it is excluded. This will reduce the size of the
-signed message but the verifier must have a copy of the signers certificate
-available locally (passed using the B<-certfile> option for example).
-
-=item B<-noattr>
-
-normally when a message is signed a set of attributes are included which
-include the signing time and supported symmetric algorithms. With this
-option they are not included.
-
-=item B<-binary>
-
-normally the input message is converted to "canonical" format which is
-effectively using CR and LF as end of line: as required by the S/MIME
-specification. When this option is present no translation occurs. This
-is useful when handling binary data which may not be in MIME format.
-
-=item B<-nodetach>
-
-when signing a message use opaque signing: this form is more resistant
-to translation by mail relays but it cannot be read by mail agents that
-do not support S/MIME.  Without this option cleartext signing with
-the MIME type multipart/signed is used.
-
-=item B<-certfile file>
-
-allows additional certificates to be specified. When signing these will
-be included with the message. When verifying these will be searched for
-the signers certificates. The certificates should be in PEM format.
-
-=item B<-signer file>
-
-a signing certificate when signing or resigning a message, this option can be
-used multiple times if more than one signer is required. If a message is being
-verified then the signers certificates will be written to this file if the
-verification was successful.
-
-=item B<-recip file>
-
-the recipients certificate when decrypting a message. This certificate
-must match one of the recipients of the message or an error occurs.
-
-=item B<-inkey file>
-
-the private key to use when signing or decrypting. This must match the
-corresponding certificate. If this option is not specified then the
-private key must be included in the certificate file specified with
-the B<-recip> or B<-signer> file. When signing this option can be used
-multiple times to specify successive keys.
-
-=item B<-passin arg>
-
-the private key password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
-
-=item B<-rand file(s)>
-
-a file or files containing random data used to seed the random number
-generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
-Multiple files can be specified separated by a OS-dependent character.
-The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
-all others.
-
-=item B<cert.pem...>
-
-one or more certificates of message recipients: used when encrypting
-a message. 
-
-=item B<-to, -from, -subject>
-
-the relevant mail headers. These are included outside the signed
-portion of a message so they may be included manually. If signing
-then many S/MIME mail clients check the signers certificate's email
-address matches that specified in the From: address.
-
-=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains>
-
-Set various options of certificate chain verification. See
-L<B<verify>|verify(1)> manual page for details.
-
-=back
-
-=head1 NOTES
-
-The MIME message must be sent without any blank lines between the
-headers and the output. Some mail programs will automatically add
-a blank line. Piping the mail directly to sendmail is one way to
-achieve the correct format.
-
-The supplied message to be signed or encrypted must include the
-necessary MIME headers or many S/MIME clients wont display it
-properly (if at all). You can use the B<-text> option to automatically
-add plain text headers.
-
-A "signed and encrypted" message is one where a signed message is
-then encrypted. This can be produced by encrypting an already signed
-message: see the examples section.
-
-This version of the program only allows one signer per message but it
-will verify multiple signers on received messages. Some S/MIME clients
-choke if a message contains multiple signers. It is possible to sign
-messages "in parallel" by signing an already signed message.
-
-The options B<-encrypt> and B<-decrypt> reflect common usage in S/MIME
-clients. Strictly speaking these process PKCS#7 enveloped data: PKCS#7
-encrypted data is used for other purposes.
-
-The B<-resign> option uses an existing message digest when adding a new
-signer. This means that attributes must be present in at least one existing
-signer using the same message digest or this operation will fail.
-
-The B<-stream> and B<-indef> options enable experimental streaming I/O support.
-As a result the encoding is BER using indefinite length constructed encoding
-and no longer DER. Streaming is supported for the B<-encrypt> operation and the
-B<-sign> operation if the content is not detached.
-
-Streaming is always used for the B<-sign> operation with detached data but
-since the content is no longer part of the PKCS#7 structure the encoding
-remains DER.
-
-=head1 EXIT CODES
-
-=over 4
-
-=item Z<>0
-
-the operation was completely successfully.
-
-=item Z<>1
-
-an error occurred parsing the command options.
-
-=item Z<>2
-
-one of the input files could not be read.
-
-=item Z<>3
-
-an error occurred creating the PKCS#7 file or when reading the MIME
-message.
-
-=item Z<>4
-
-an error occurred decrypting or verifying the message.
-
-=item Z<>5
-
-the message was verified correctly but an error occurred writing out
-the signers certificates.
-
-=back
-
-=head1 EXAMPLES
-
-Create a cleartext signed message:
-
- openssl smime -sign -in message.txt -text -out mail.msg \
-	-signer mycert.pem
-
-Create an opaque signed message:
-
- openssl smime -sign -in message.txt -text -out mail.msg -nodetach \
-	-signer mycert.pem
-
-Create a signed message, include some additional certificates and
-read the private key from another file:
-
- openssl smime -sign -in in.txt -text -out mail.msg \
-	-signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
-
-Create a signed message with two signers:
-
- openssl smime -sign -in message.txt -text -out mail.msg \
-	-signer mycert.pem -signer othercert.pem
-
-Send a signed message under Unix directly to sendmail, including headers:
-
- openssl smime -sign -in in.txt -text -signer mycert.pem \
-	-from steve at openssl.org -to someone at somewhere \
-	-subject "Signed message" | sendmail someone at somewhere
-
-Verify a message and extract the signer's certificate if successful:
-
- openssl smime -verify -in mail.msg -signer user.pem -out signedtext.txt
-
-Send encrypted mail using triple DES:
-
- openssl smime -encrypt -in in.txt -from steve at openssl.org \
-	-to someone at somewhere -subject "Encrypted message" \
-	-des3 user.pem -out mail.msg
-
-Sign and encrypt mail:
-
- openssl smime -sign -in ml.txt -signer my.pem -text \
-	| openssl smime -encrypt -out mail.msg \
-	-from steve at openssl.org -to someone at somewhere \
-	-subject "Signed and Encrypted message" -des3 user.pem
-
-Note: the encryption command does not include the B<-text> option because the
-message being encrypted already has MIME headers.
-
-Decrypt mail:
-
- openssl smime -decrypt -in mail.msg -recip mycert.pem -inkey key.pem
-
-The output from Netscape form signing is a PKCS#7 structure with the
-detached signature format. You can use this program to verify the
-signature by line wrapping the base64 encoded structure and surrounding
-it with:
-
- -----BEGIN PKCS7-----
- -----END PKCS7-----
-
-and using the command: 
-
- openssl smime -verify -inform PEM -in signature.pem -content content.txt
-
-Alternatively you can base64 decode the signature and use:
-
- openssl smime -verify -inform DER -in signature.der -content content.txt
-
-Create an encrypted message using 128 bit Camellia:
-
- openssl smime -encrypt -in plain.txt -camellia128 -out mail.msg cert.pem
-
-Add a signer to an existing message:
-
- openssl smime -resign -in mail.msg -signer newsign.pem -out mail2.msg
-
-=head1 BUGS
-
-The MIME parser isn't very clever: it seems to handle most messages that I've
-thrown at it but it may choke on others.
-
-The code currently will only write out the signer's certificate to a file: if
-the signer has a separate encryption certificate this must be manually
-extracted. There should be some heuristic that determines the correct
-encryption certificate.
-
-Ideally a database should be maintained of a certificates for each email
-address.
-
-The code doesn't currently take note of the permitted symmetric encryption
-algorithms as supplied in the SMIMECapabilities signed attribute. This means the
-user has to manually include the correct encryption algorithm. It should store
-the list of permitted ciphers in a database and only use those.
-
-No revocation checking is done on the signer's certificate.
-
-The current code can only handle S/MIME v2 messages, the more complex S/MIME v3
-structures may cause parsing errors.
-
-=head1 HISTORY
-
-The use of multiple B<-signer> options and the B<-resign> command were first
-added in OpenSSL 1.0.0
-
-The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b.
-
-=cut

Copied: vendor-crypto/openssl/1.0.1u/doc/apps/smime.pod (from rev 11605, vendor-crypto/openssl/dist/doc/apps/smime.pod)
===================================================================
--- vendor-crypto/openssl/1.0.1u/doc/apps/smime.pod	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/doc/apps/smime.pod	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,450 @@
+=pod
+
+=head1 NAME
+
+smime - S/MIME utility
+
+=head1 SYNOPSIS
+
+B<openssl> B<smime>
+[B<-encrypt>]
+[B<-decrypt>]
+[B<-sign>]
+[B<-resign>]
+[B<-verify>]
+[B<-pk7out>]
+[B<-[cipher]>]
+[B<-in file>]
+[B<-no_alt_chains>]
+[B<-certfile file>]
+[B<-signer file>]
+[B<-recip  file>]
+[B<-inform SMIME|PEM|DER>]
+[B<-passin arg>]
+[B<-inkey file>]
+[B<-out file>]
+[B<-outform SMIME|PEM|DER>]
+[B<-content file>]
+[B<-to addr>]
+[B<-from ad>]
+[B<-subject s>]
+[B<-text>]
+[B<-indef>]
+[B<-noindef>]
+[B<-stream>]
+[B<-rand file(s)>]
+[B<-md digest>]
+[cert.pem]...
+
+=head1 DESCRIPTION
+
+The B<smime> command handles S/MIME mail. It can encrypt, decrypt, sign and
+verify S/MIME messages.
+
+=head1 COMMAND OPTIONS
+
+There are six operation options that set the type of operation to be performed.
+The meaning of the other options varies according to the operation type.
+
+=over 4
+
+=item B<-encrypt>
+
+encrypt mail for the given recipient certificates. Input file is the message
+to be encrypted. The output file is the encrypted mail in MIME format.
+
+Note that no revocation check is done for the recipient cert, so if that
+key has been compromised, others may be able to decrypt the text.
+
+=item B<-decrypt>
+
+decrypt mail using the supplied certificate and private key. Expects an
+encrypted mail message in MIME format for the input file. The decrypted mail
+is written to the output file.
+
+=item B<-sign>
+
+sign mail using the supplied certificate and private key. Input file is
+the message to be signed. The signed message in MIME format is written
+to the output file.
+
+=item B<-verify>
+
+verify signed mail. Expects a signed mail message on input and outputs
+the signed data. Both clear text and opaque signing is supported.
+
+=item B<-pk7out>
+
+takes an input message and writes out a PEM encoded PKCS#7 structure.
+
+=item B<-resign>
+
+resign a message: take an existing message and one or more new signers.
+
+=item B<-in filename>
+
+the input message to be encrypted or signed or the MIME message to
+be decrypted or verified.
+
+=item B<-inform SMIME|PEM|DER>
+
+this specifies the input format for the PKCS#7 structure. The default
+is B<SMIME> which reads an S/MIME format message. B<PEM> and B<DER>
+format change this to expect PEM and DER format PKCS#7 structures
+instead. This currently only affects the input format of the PKCS#7
+structure, if no PKCS#7 structure is being input (for example with
+B<-encrypt> or B<-sign>) this option has no effect.
+
+=item B<-out filename>
+
+the message text that has been decrypted or verified or the output MIME
+format message that has been signed or verified.
+
+=item B<-outform SMIME|PEM|DER>
+
+this specifies the output format for the PKCS#7 structure. The default
+is B<SMIME> which write an S/MIME format message. B<PEM> and B<DER>
+format change this to write PEM and DER format PKCS#7 structures
+instead. This currently only affects the output format of the PKCS#7
+structure, if no PKCS#7 structure is being output (for example with
+B<-verify> or B<-decrypt>) this option has no effect.
+
+=item B<-stream -indef -noindef>
+
+the B<-stream> and B<-indef> options are equivalent and enable streaming I/O
+for encoding operations. This permits single pass processing of data without
+the need to hold the entire contents in memory, potentially supporting very
+large files. Streaming is automatically set for S/MIME signing with detached
+data if the output format is B<SMIME> it is currently off by default for all
+other operations.
+
+=item B<-noindef>
+
+disable streaming I/O where it would produce and indefinite length constructed
+encoding. This option currently has no effect. In future streaming will be
+enabled by default on all relevant operations and this option will disable it.
+
+=item B<-content filename>
+
+This specifies a file containing the detached content, this is only
+useful with the B<-verify> command. This is only usable if the PKCS#7
+structure is using the detached signature form where the content is
+not included. This option will override any content if the input format
+is S/MIME and it uses the multipart/signed MIME content type.
+
+=item B<-text>
+
+this option adds plain text (text/plain) MIME headers to the supplied
+message if encrypting or signing. If decrypting or verifying it strips
+off text headers: if the decrypted or verified message is not of MIME 
+type text/plain then an error occurs.
+
+=item B<-CAfile file>
+
+a file containing trusted CA certificates, only used with B<-verify>.
+
+=item B<-CApath dir>
+
+a directory containing trusted CA certificates, only used with
+B<-verify>. This directory must be a standard certificate directory: that
+is a hash of each subject name (using B<x509 -hash>) should be linked
+to each certificate.
+
+=item B<-md digest>
+
+digest algorithm to use when signing or resigning. If not present then the
+default digest algorithm for the signing key will be used (usually SHA1).
+
+=item B<-[cipher]>
+
+the encryption algorithm to use. For example DES  (56 bits) - B<-des>,
+triple DES (168 bits) - B<-des3>,
+EVP_get_cipherbyname() function) can also be used preceded by a dash, for 
+example B<-aes_128_cbc>. See L<B<enc>|enc(1)> for list of ciphers
+supported by your version of OpenSSL.
+
+If not specified triple DES is used. Only used with B<-encrypt>.
+
+=item B<-nointern>
+
+when verifying a message normally certificates (if any) included in
+the message are searched for the signing certificate. With this option
+only the certificates specified in the B<-certfile> option are used.
+The supplied certificates can still be used as untrusted CAs however.
+
+=item B<-noverify>
+
+do not verify the signers certificate of a signed message.
+
+=item B<-nochain>
+
+do not do chain verification of signers certificates: that is don't
+use the certificates in the signed message as untrusted CAs.
+
+=item B<-nosigs>
+
+don't try to verify the signatures on the message.
+
+=item B<-nocerts>
+
+when signing a message the signer's certificate is normally included
+with this option it is excluded. This will reduce the size of the
+signed message but the verifier must have a copy of the signers certificate
+available locally (passed using the B<-certfile> option for example).
+
+=item B<-noattr>
+
+normally when a message is signed a set of attributes are included which
+include the signing time and supported symmetric algorithms. With this
+option they are not included.
+
+=item B<-binary>
+
+normally the input message is converted to "canonical" format which is
+effectively using CR and LF as end of line: as required by the S/MIME
+specification. When this option is present no translation occurs. This
+is useful when handling binary data which may not be in MIME format.
+
+=item B<-nodetach>
+
+when signing a message use opaque signing: this form is more resistant
+to translation by mail relays but it cannot be read by mail agents that
+do not support S/MIME.  Without this option cleartext signing with
+the MIME type multipart/signed is used.
+
+=item B<-certfile file>
+
+allows additional certificates to be specified. When signing these will
+be included with the message. When verifying these will be searched for
+the signers certificates. The certificates should be in PEM format.
+
+=item B<-signer file>
+
+a signing certificate when signing or resigning a message, this option can be
+used multiple times if more than one signer is required. If a message is being
+verified then the signers certificates will be written to this file if the
+verification was successful.
+
+=item B<-recip file>
+
+the recipients certificate when decrypting a message. This certificate
+must match one of the recipients of the message or an error occurs.
+
+=item B<-inkey file>
+
+the private key to use when signing or decrypting. This must match the
+corresponding certificate. If this option is not specified then the
+private key must be included in the certificate file specified with
+the B<-recip> or B<-signer> file. When signing this option can be used
+multiple times to specify successive keys.
+
+=item B<-passin arg>
+
+the private key password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item B<cert.pem...>
+
+one or more certificates of message recipients: used when encrypting
+a message. 
+
+=item B<-to, -from, -subject>
+
+the relevant mail headers. These are included outside the signed
+portion of a message so they may be included manually. If signing
+then many S/MIME mail clients check the signers certificate's email
+address matches that specified in the From: address.
+
+=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains>
+
+Set various options of certificate chain verification. See
+L<B<verify>|verify(1)> manual page for details.
+
+=back
+
+=head1 NOTES
+
+The MIME message must be sent without any blank lines between the
+headers and the output. Some mail programs will automatically add
+a blank line. Piping the mail directly to sendmail is one way to
+achieve the correct format.
+
+The supplied message to be signed or encrypted must include the
+necessary MIME headers or many S/MIME clients wont display it
+properly (if at all). You can use the B<-text> option to automatically
+add plain text headers.
+
+A "signed and encrypted" message is one where a signed message is
+then encrypted. This can be produced by encrypting an already signed
+message: see the examples section.
+
+This version of the program only allows one signer per message but it
+will verify multiple signers on received messages. Some S/MIME clients
+choke if a message contains multiple signers. It is possible to sign
+messages "in parallel" by signing an already signed message.
+
+The options B<-encrypt> and B<-decrypt> reflect common usage in S/MIME
+clients. Strictly speaking these process PKCS#7 enveloped data: PKCS#7
+encrypted data is used for other purposes.
+
+The B<-resign> option uses an existing message digest when adding a new
+signer. This means that attributes must be present in at least one existing
+signer using the same message digest or this operation will fail.
+
+The B<-stream> and B<-indef> options enable experimental streaming I/O support.
+As a result the encoding is BER using indefinite length constructed encoding
+and no longer DER. Streaming is supported for the B<-encrypt> operation and the
+B<-sign> operation if the content is not detached.
+
+Streaming is always used for the B<-sign> operation with detached data but
+since the content is no longer part of the PKCS#7 structure the encoding
+remains DER.
+
+=head1 EXIT CODES
+
+=over 4
+
+=item Z<>0
+
+the operation was completely successfully.
+
+=item Z<>1
+
+an error occurred parsing the command options.
+
+=item Z<>2
+
+one of the input files could not be read.
+
+=item Z<>3
+
+an error occurred creating the PKCS#7 file or when reading the MIME
+message.
+
+=item Z<>4
+
+an error occurred decrypting or verifying the message.
+
+=item Z<>5
+
+the message was verified correctly but an error occurred writing out
+the signers certificates.
+
+=back
+
+=head1 EXAMPLES
+
+Create a cleartext signed message:
+
+ openssl smime -sign -in message.txt -text -out mail.msg \
+	-signer mycert.pem
+
+Create an opaque signed message:
+
+ openssl smime -sign -in message.txt -text -out mail.msg -nodetach \
+	-signer mycert.pem
+
+Create a signed message, include some additional certificates and
+read the private key from another file:
+
+ openssl smime -sign -in in.txt -text -out mail.msg \
+	-signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
+
+Create a signed message with two signers:
+
+ openssl smime -sign -in message.txt -text -out mail.msg \
+	-signer mycert.pem -signer othercert.pem
+
+Send a signed message under Unix directly to sendmail, including headers:
+
+ openssl smime -sign -in in.txt -text -signer mycert.pem \
+	-from steve at openssl.org -to someone at somewhere \
+	-subject "Signed message" | sendmail someone at somewhere
+
+Verify a message and extract the signer's certificate if successful:
+
+ openssl smime -verify -in mail.msg -signer user.pem -out signedtext.txt
+
+Send encrypted mail using triple DES:
+
+ openssl smime -encrypt -in in.txt -from steve at openssl.org \
+	-to someone at somewhere -subject "Encrypted message" \
+	-des3 user.pem -out mail.msg
+
+Sign and encrypt mail:
+
+ openssl smime -sign -in ml.txt -signer my.pem -text \
+	| openssl smime -encrypt -out mail.msg \
+	-from steve at openssl.org -to someone at somewhere \
+	-subject "Signed and Encrypted message" -des3 user.pem
+
+Note: the encryption command does not include the B<-text> option because the
+message being encrypted already has MIME headers.
+
+Decrypt mail:
+
+ openssl smime -decrypt -in mail.msg -recip mycert.pem -inkey key.pem
+
+The output from Netscape form signing is a PKCS#7 structure with the
+detached signature format. You can use this program to verify the
+signature by line wrapping the base64 encoded structure and surrounding
+it with:
+
+ -----BEGIN PKCS7-----
+ -----END PKCS7-----
+
+and using the command: 
+
+ openssl smime -verify -inform PEM -in signature.pem -content content.txt
+
+Alternatively you can base64 decode the signature and use:
+
+ openssl smime -verify -inform DER -in signature.der -content content.txt
+
+Create an encrypted message using 128 bit Camellia:
+
+ openssl smime -encrypt -in plain.txt -camellia128 -out mail.msg cert.pem
+
+Add a signer to an existing message:
+
+ openssl smime -resign -in mail.msg -signer newsign.pem -out mail2.msg
+
+=head1 BUGS
+
+The MIME parser isn't very clever: it seems to handle most messages that I've
+thrown at it but it may choke on others.
+
+The code currently will only write out the signer's certificate to a file: if
+the signer has a separate encryption certificate this must be manually
+extracted. There should be some heuristic that determines the correct
+encryption certificate.
+
+Ideally a database should be maintained of a certificates for each email
+address.
+
+The code doesn't currently take note of the permitted symmetric encryption
+algorithms as supplied in the SMIMECapabilities signed attribute. This means the
+user has to manually include the correct encryption algorithm. It should store
+the list of permitted ciphers in a database and only use those.
+
+No revocation checking is done on the signer's certificate.
+
+The current code can only handle S/MIME v2 messages, the more complex S/MIME v3
+structures may cause parsing errors.
+
+=head1 HISTORY
+
+The use of multiple B<-signer> options and the B<-resign> command were first
+added in OpenSSL 1.0.0
+
+The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b.
+
+=cut

Deleted: vendor-crypto/openssl/1.0.1u/doc/apps/verify.pod
===================================================================
--- vendor-crypto/openssl/dist/doc/apps/verify.pod	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/doc/apps/verify.pod	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,425 +0,0 @@
-=pod
-
-=head1 NAME
-
-verify - Utility to verify certificates.
-
-=head1 SYNOPSIS
-
-B<openssl> B<verify>
-[B<-CApath directory>]
-[B<-CAfile file>]
-[B<-purpose purpose>]
-[B<-policy arg>]
-[B<-ignore_critical>]
-[B<-crl_check>]
-[B<-crl_check_all>]
-[B<-policy_check>]
-[B<-explicit_policy>]
-[B<-inhibit_any>]
-[B<-inhibit_map>]
-[B<-x509_strict>]
-[B<-extended_crl>]
-[B<-use_deltas>]
-[B<-policy_print>]
-[B<-no_alt_chains>]
-[B<-untrusted file>]
-[B<-help>]
-[B<-issuer_checks>]
-[B<-attime timestamp>]
-[B<-verbose>]
-[B<->]
-[certificates]
-
-
-=head1 DESCRIPTION
-
-The B<verify> command verifies certificate chains.
-
-=head1 COMMAND OPTIONS
-
-=over 4
-
-=item B<-CApath directory>
-
-A directory of trusted certificates. The certificates should have names
-of the form: hash.0 or have symbolic links to them of this
-form ("hash" is the hashed certificate subject name: see the B<-hash> option
-of the B<x509> utility). Under Unix the B<c_rehash> script will automatically
-create symbolic links to a directory of certificates.
-
-=item B<-CAfile file>
-A file of trusted certificates. The file should contain multiple certificates
-in PEM format concatenated together.
-
-=item B<-untrusted file>
-
-A file of untrusted certificates. The file should contain multiple certificates
-in PEM format concatenated together.
-
-=item B<-purpose purpose>
-
-The intended use for the certificate. If this option is not specified,
-B<verify> will not consider certificate purpose during chain verification.
-Currently accepted uses are B<sslclient>, B<sslserver>, B<nssslserver>,
-B<smimesign>, B<smimeencrypt>. See the B<VERIFY OPERATION> section for more
-information.
-
-=item B<-help>
-
-Print out a usage message.
-
-=item B<-verbose>
-
-Print extra information about the operations being performed.
-
-=item B<-issuer_checks>
-
-Print out diagnostics relating to searches for the issuer certificate of the
-current certificate. This shows why each candidate issuer certificate was
-rejected. The presence of rejection messages does not itself imply that
-anything is wrong; during the normal verification process, several
-rejections may take place.
-
-=item B<-attime timestamp>
-
-Perform validation checks using time specified by B<timestamp> and not
-current system time. B<timestamp> is the number of seconds since
-01.01.1970 (UNIX time).
-
-=item B<-policy arg>
-
-Enable policy processing and add B<arg> to the user-initial-policy-set (see
-RFC5280). The policy B<arg> can be an object name an OID in numeric form.
-This argument can appear more than once.
-
-=item B<-policy_check>
-
-Enables certificate policy processing.
-
-=item B<-explicit_policy>
-
-Set policy variable require-explicit-policy (see RFC5280).
-
-=item B<-inhibit_any>
-
-Set policy variable inhibit-any-policy (see RFC5280).
-
-=item B<-inhibit_map>
-
-Set policy variable inhibit-policy-mapping (see RFC5280).
-
-=item B<-no_alt_chains>
-
-When building a certificate chain, if the first certificate chain found is not
-trusted, then OpenSSL will continue to check to see if an alternative chain can
-be found that is trusted. With this option that behaviour is suppressed so that
-only the first chain found is ever used. Using this option will force the
-behaviour to match that of previous OpenSSL versions.
-
-=item B<-policy_print>
-
-Print out diagnostics related to policy processing.
-
-=item B<-crl_check>
-
-Checks end entity certificate validity by attempting to look up a valid CRL.
-If a valid CRL cannot be found an error occurs. 
-
-=item B<-crl_check_all>
-
-Checks the validity of B<all> certificates in the chain by attempting
-to look up valid CRLs.
-
-=item B<-ignore_critical>
-
-Normally if an unhandled critical extension is present which is not
-supported by OpenSSL the certificate is rejected (as required by RFC5280).
-If this option is set critical extensions are ignored.
-
-=item B<-x509_strict>
-
-For strict X.509 compliance, disable non-compliant workarounds for broken
-certificates.
-
-=item B<-extended_crl>
-
-Enable extended CRL features such as indirect CRLs and alternate CRL
-signing keys.
-
-=item B<-use_deltas>
-
-Enable support for delta CRLs.
-
-=item B<-check_ss_sig>
-
-Verify the signature on the self-signed root CA. This is disabled by default
-because it doesn't add any security.
-
-=item B<->
-
-Indicates the last option. All arguments following this are assumed to be
-certificate files. This is useful if the first certificate filename begins
-with a B<->.
-
-=item B<certificates>
-
-One or more certificates to verify. If no certificates are given, B<verify>
-will attempt to read a certificate from standard input. Certificates must be
-in PEM format.
-
-=back
-
-=head1 VERIFY OPERATION
-
-The B<verify> program uses the same functions as the internal SSL and S/MIME
-verification, therefore this description applies to these verify operations
-too.
-
-There is one crucial difference between the verify operations performed
-by the B<verify> program: wherever possible an attempt is made to continue
-after an error whereas normally the verify operation would halt on the
-first error. This allows all the problems with a certificate chain to be
-determined.
-
-The verify operation consists of a number of separate steps.
-
-Firstly a certificate chain is built up starting from the supplied certificate
-and ending in the root CA. It is an error if the whole chain cannot be built
-up. The chain is built up by looking up the issuers certificate of the current
-certificate. If a certificate is found which is its own issuer it is assumed 
-to be the root CA.
-
-The process of 'looking up the issuers certificate' itself involves a number
-of steps. In versions of OpenSSL before 0.9.5a the first certificate whose
-subject name matched the issuer of the current certificate was assumed to be
-the issuers certificate. In OpenSSL 0.9.6 and later all certificates
-whose subject name matches the issuer name of the current certificate are 
-subject to further tests. The relevant authority key identifier components
-of the current certificate (if present) must match the subject key identifier
-(if present) and issuer and serial number of the candidate issuer, in addition
-the keyUsage extension of the candidate issuer (if present) must permit
-certificate signing.
-
-The lookup first looks in the list of untrusted certificates and if no match
-is found the remaining lookups are from the trusted certificates. The root CA
-is always looked up in the trusted certificate list: if the certificate to
-verify is a root certificate then an exact match must be found in the trusted
-list.
-
-The second operation is to check every untrusted certificate's extensions for
-consistency with the supplied purpose. If the B<-purpose> option is not included
-then no checks are done. The supplied or "leaf" certificate must have extensions
-compatible with the supplied purpose and all other certificates must also be valid
-CA certificates. The precise extensions required are described in more detail in
-the B<CERTIFICATE EXTENSIONS> section of the B<x509> utility.
-
-The third operation is to check the trust settings on the root CA. The root
-CA should be trusted for the supplied purpose. For compatibility with previous
-versions of SSLeay and OpenSSL a certificate with no trust settings is considered
-to be valid for all purposes. 
-
-The final operation is to check the validity of the certificate chain. The validity
-period is checked against the current system time and the notBefore and notAfter
-dates in the certificate. The certificate signatures are also checked at this
-point.
-
-If all operations complete successfully then certificate is considered valid. If
-any operation fails then the certificate is not valid.
-
-=head1 DIAGNOSTICS
-
-When a verify operation fails the output messages can be somewhat cryptic. The
-general form of the error message is:
-
- server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
- error 24 at 1 depth lookup:invalid CA certificate
-
-The first line contains the name of the certificate being verified followed by
-the subject name of the certificate. The second line contains the error number
-and the depth. The depth is number of the certificate being verified when a
-problem was detected starting with zero for the certificate being verified itself
-then 1 for the CA that signed the certificate and so on. Finally a text version
-of the error number is presented.
-
-An exhaustive list of the error codes and messages is shown below, this also
-includes the name of the error code as defined in the header file x509_vfy.h
-Some of the error codes are defined but never returned: these are described
-as "unused".
-
-=over 4
-
-=item B<0 X509_V_OK: ok>
-
-the operation was successful.
-
-=item B<2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate>
-
-the issuer certificate of a looked up certificate could not be found. This
-normally means the list of trusted certificates is not complete.
-
-=item B<3 X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL>
-
-the CRL of a certificate could not be found.
-
-=item B<4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature>
-
-the certificate signature could not be decrypted. This means that the actual signature value
-could not be determined rather than it not matching the expected value, this is only
-meaningful for RSA keys.
-
-=item B<5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature>
-
-the CRL signature could not be decrypted: this means that the actual signature value
-could not be determined rather than it not matching the expected value. Unused.
-
-=item B<6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key>
-
-the public key in the certificate SubjectPublicKeyInfo could not be read.
-
-=item B<7 X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure>
-
-the signature of the certificate is invalid.
-
-=item B<8 X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure>
-
-the signature of the certificate is invalid.
-
-=item B<9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid>
-
-the certificate is not yet valid: the notBefore date is after the current time.
-
-=item B<10 X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired>
-
-the certificate has expired: that is the notAfter date is before the current time.
-
-=item B<11 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid>
-
-the CRL is not yet valid.
-
-=item B<12 X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired>
-
-the CRL has expired.
-
-=item B<13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field>
-
-the certificate notBefore field contains an invalid time.
-
-=item B<14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field>
-
-the certificate notAfter field contains an invalid time.
-
-=item B<15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field>
-
-the CRL lastUpdate field contains an invalid time.
-
-=item B<16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field>
-
-the CRL nextUpdate field contains an invalid time.
-
-=item B<17 X509_V_ERR_OUT_OF_MEM: out of memory>
-
-an error occurred trying to allocate memory. This should never happen.
-
-=item B<18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate>
-
-the passed certificate is self signed and the same certificate cannot be found in the list of
-trusted certificates.
-
-=item B<19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain>
-
-the certificate chain could be built up using the untrusted certificates but the root could not
-be found locally.
-
-=item B<20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate>
-
-the issuer certificate could not be found: this occurs if the issuer
-certificate of an untrusted certificate cannot be found.
-
-=item B<21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate>
-
-no signatures could be verified because the chain contains only one certificate and it is not
-self signed.
-
-=item B<22 X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long>
-
-the certificate chain length is greater than the supplied maximum depth. Unused.
-
-=item B<23 X509_V_ERR_CERT_REVOKED: certificate revoked>
-
-the certificate has been revoked.
-
-=item B<24 X509_V_ERR_INVALID_CA: invalid CA certificate>
-
-a CA certificate is invalid. Either it is not a CA or its extensions are not consistent
-with the supplied purpose.
-
-=item B<25 X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded>
-
-the basicConstraints pathlength parameter has been exceeded.
-
-=item B<26 X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose>
-
-the supplied certificate cannot be used for the specified purpose.
-
-=item B<27 X509_V_ERR_CERT_UNTRUSTED: certificate not trusted>
-
-the root CA is not marked as trusted for the specified purpose.
-
-=item B<28 X509_V_ERR_CERT_REJECTED: certificate rejected>
-
-the root CA is marked to reject the specified purpose.
-
-=item B<29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch>
-
-the current candidate issuer certificate was rejected because its subject name
-did not match the issuer name of the current certificate. Only displayed when
-the B<-issuer_checks> option is set.
-
-=item B<30 X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch>
-
-the current candidate issuer certificate was rejected because its subject key
-identifier was present and did not match the authority key identifier current
-certificate. Only displayed when the B<-issuer_checks> option is set.
-
-=item B<31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch>
-
-the current candidate issuer certificate was rejected because its issuer name
-and serial number was present and did not match the authority key identifier
-of the current certificate. Only displayed when the B<-issuer_checks> option is set.
-
-=item B<32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing>
-
-the current candidate issuer certificate was rejected because its keyUsage extension
-does not permit certificate signing.
-
-=item B<50 X509_V_ERR_APPLICATION_VERIFICATION: application verification failure>
-
-an application specific error. Unused.
-
-=back
-
-=head1 BUGS
-
-Although the issuer checks are a considerable improvement over the old technique they still
-suffer from limitations in the underlying X509_LOOKUP API. One consequence of this is that
-trusted certificates with matching subject name must either appear in a file (as specified by the
-B<-CAfile> option) or a directory (as specified by B<-CApath>. If they occur in both then only
-the certificates in the file will be recognised.
-
-Previous versions of OpenSSL assume certificates with matching subject name are identical and
-mishandled them.
-
-Previous versions of this documentation swapped the meaning of the
-B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT> and
-B<20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY> error codes.
-
-=head1 SEE ALSO
-
-L<x509(1)|x509(1)>
-
-=head1 HISTORY
-
-The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b.
-
-=cut

Copied: vendor-crypto/openssl/1.0.1u/doc/apps/verify.pod (from rev 11605, vendor-crypto/openssl/dist/doc/apps/verify.pod)
===================================================================
--- vendor-crypto/openssl/1.0.1u/doc/apps/verify.pod	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/doc/apps/verify.pod	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,430 @@
+=pod
+
+=head1 NAME
+
+verify - Utility to verify certificates.
+
+=head1 SYNOPSIS
+
+B<openssl> B<verify>
+[B<-CApath directory>]
+[B<-CAfile file>]
+[B<-purpose purpose>]
+[B<-policy arg>]
+[B<-ignore_critical>]
+[B<-crl_check>]
+[B<-crl_check_all>]
+[B<-policy_check>]
+[B<-explicit_policy>]
+[B<-inhibit_any>]
+[B<-inhibit_map>]
+[B<-x509_strict>]
+[B<-extended_crl>]
+[B<-use_deltas>]
+[B<-policy_print>]
+[B<-no_alt_chains>]
+[B<-allow_proxy_certs>]
+[B<-untrusted file>]
+[B<-help>]
+[B<-issuer_checks>]
+[B<-attime timestamp>]
+[B<-verbose>]
+[B<->]
+[certificates]
+
+
+=head1 DESCRIPTION
+
+The B<verify> command verifies certificate chains.
+
+=head1 COMMAND OPTIONS
+
+=over 4
+
+=item B<-CApath directory>
+
+A directory of trusted certificates. The certificates should have names
+of the form: hash.0 or have symbolic links to them of this
+form ("hash" is the hashed certificate subject name: see the B<-hash> option
+of the B<x509> utility). Under Unix the B<c_rehash> script will automatically
+create symbolic links to a directory of certificates.
+
+=item B<-CAfile file>
+A file of trusted certificates. The file should contain multiple certificates
+in PEM format concatenated together.
+
+=item B<-untrusted file>
+
+A file of untrusted certificates. The file should contain multiple certificates
+in PEM format concatenated together.
+
+=item B<-purpose purpose>
+
+The intended use for the certificate. If this option is not specified,
+B<verify> will not consider certificate purpose during chain verification.
+Currently accepted uses are B<sslclient>, B<sslserver>, B<nssslserver>,
+B<smimesign>, B<smimeencrypt>. See the B<VERIFY OPERATION> section for more
+information.
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-verbose>
+
+Print extra information about the operations being performed.
+
+=item B<-issuer_checks>
+
+Print out diagnostics relating to searches for the issuer certificate of the
+current certificate. This shows why each candidate issuer certificate was
+rejected. The presence of rejection messages does not itself imply that
+anything is wrong; during the normal verification process, several
+rejections may take place.
+
+=item B<-attime timestamp>
+
+Perform validation checks using time specified by B<timestamp> and not
+current system time. B<timestamp> is the number of seconds since
+01.01.1970 (UNIX time).
+
+=item B<-policy arg>
+
+Enable policy processing and add B<arg> to the user-initial-policy-set (see
+RFC5280). The policy B<arg> can be an object name an OID in numeric form.
+This argument can appear more than once.
+
+=item B<-policy_check>
+
+Enables certificate policy processing.
+
+=item B<-explicit_policy>
+
+Set policy variable require-explicit-policy (see RFC5280).
+
+=item B<-inhibit_any>
+
+Set policy variable inhibit-any-policy (see RFC5280).
+
+=item B<-inhibit_map>
+
+Set policy variable inhibit-policy-mapping (see RFC5280).
+
+=item B<-no_alt_chains>
+
+When building a certificate chain, if the first certificate chain found is not
+trusted, then OpenSSL will continue to check to see if an alternative chain can
+be found that is trusted. With this option that behaviour is suppressed so that
+only the first chain found is ever used. Using this option will force the
+behaviour to match that of previous OpenSSL versions.
+
+=item B<-allow_proxy_certs>
+
+Allow the verification of proxy certificates.
+
+=item B<-policy_print>
+
+Print out diagnostics related to policy processing.
+
+=item B<-crl_check>
+
+Checks end entity certificate validity by attempting to look up a valid CRL.
+If a valid CRL cannot be found an error occurs. 
+
+=item B<-crl_check_all>
+
+Checks the validity of B<all> certificates in the chain by attempting
+to look up valid CRLs.
+
+=item B<-ignore_critical>
+
+Normally if an unhandled critical extension is present which is not
+supported by OpenSSL the certificate is rejected (as required by RFC5280).
+If this option is set critical extensions are ignored.
+
+=item B<-x509_strict>
+
+For strict X.509 compliance, disable non-compliant workarounds for broken
+certificates.
+
+=item B<-extended_crl>
+
+Enable extended CRL features such as indirect CRLs and alternate CRL
+signing keys.
+
+=item B<-use_deltas>
+
+Enable support for delta CRLs.
+
+=item B<-check_ss_sig>
+
+Verify the signature on the self-signed root CA. This is disabled by default
+because it doesn't add any security.
+
+=item B<->
+
+Indicates the last option. All arguments following this are assumed to be
+certificate files. This is useful if the first certificate filename begins
+with a B<->.
+
+=item B<certificates>
+
+One or more certificates to verify. If no certificates are given, B<verify>
+will attempt to read a certificate from standard input. Certificates must be
+in PEM format.
+
+=back
+
+=head1 VERIFY OPERATION
+
+The B<verify> program uses the same functions as the internal SSL and S/MIME
+verification, therefore this description applies to these verify operations
+too.
+
+There is one crucial difference between the verify operations performed
+by the B<verify> program: wherever possible an attempt is made to continue
+after an error whereas normally the verify operation would halt on the
+first error. This allows all the problems with a certificate chain to be
+determined.
+
+The verify operation consists of a number of separate steps.
+
+Firstly a certificate chain is built up starting from the supplied certificate
+and ending in the root CA. It is an error if the whole chain cannot be built
+up. The chain is built up by looking up the issuers certificate of the current
+certificate. If a certificate is found which is its own issuer it is assumed 
+to be the root CA.
+
+The process of 'looking up the issuers certificate' itself involves a number
+of steps. In versions of OpenSSL before 0.9.5a the first certificate whose
+subject name matched the issuer of the current certificate was assumed to be
+the issuers certificate. In OpenSSL 0.9.6 and later all certificates
+whose subject name matches the issuer name of the current certificate are 
+subject to further tests. The relevant authority key identifier components
+of the current certificate (if present) must match the subject key identifier
+(if present) and issuer and serial number of the candidate issuer, in addition
+the keyUsage extension of the candidate issuer (if present) must permit
+certificate signing.
+
+The lookup first looks in the list of untrusted certificates and if no match
+is found the remaining lookups are from the trusted certificates. The root CA
+is always looked up in the trusted certificate list: if the certificate to
+verify is a root certificate then an exact match must be found in the trusted
+list.
+
+The second operation is to check every untrusted certificate's extensions for
+consistency with the supplied purpose. If the B<-purpose> option is not included
+then no checks are done. The supplied or "leaf" certificate must have extensions
+compatible with the supplied purpose and all other certificates must also be valid
+CA certificates. The precise extensions required are described in more detail in
+the B<CERTIFICATE EXTENSIONS> section of the B<x509> utility.
+
+The third operation is to check the trust settings on the root CA. The root
+CA should be trusted for the supplied purpose. For compatibility with previous
+versions of SSLeay and OpenSSL a certificate with no trust settings is considered
+to be valid for all purposes. 
+
+The final operation is to check the validity of the certificate chain. The validity
+period is checked against the current system time and the notBefore and notAfter
+dates in the certificate. The certificate signatures are also checked at this
+point.
+
+If all operations complete successfully then certificate is considered valid. If
+any operation fails then the certificate is not valid.
+
+=head1 DIAGNOSTICS
+
+When a verify operation fails the output messages can be somewhat cryptic. The
+general form of the error message is:
+
+ server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+ error 24 at 1 depth lookup:invalid CA certificate
+
+The first line contains the name of the certificate being verified followed by
+the subject name of the certificate. The second line contains the error number
+and the depth. The depth is number of the certificate being verified when a
+problem was detected starting with zero for the certificate being verified itself
+then 1 for the CA that signed the certificate and so on. Finally a text version
+of the error number is presented.
+
+An exhaustive list of the error codes and messages is shown below, this also
+includes the name of the error code as defined in the header file x509_vfy.h
+Some of the error codes are defined but never returned: these are described
+as "unused".
+
+=over 4
+
+=item B<0 X509_V_OK: ok>
+
+the operation was successful.
+
+=item B<2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate>
+
+the issuer certificate of a looked up certificate could not be found. This
+normally means the list of trusted certificates is not complete.
+
+=item B<3 X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL>
+
+the CRL of a certificate could not be found.
+
+=item B<4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature>
+
+the certificate signature could not be decrypted. This means that the actual signature value
+could not be determined rather than it not matching the expected value, this is only
+meaningful for RSA keys.
+
+=item B<5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature>
+
+the CRL signature could not be decrypted: this means that the actual signature value
+could not be determined rather than it not matching the expected value. Unused.
+
+=item B<6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key>
+
+the public key in the certificate SubjectPublicKeyInfo could not be read.
+
+=item B<7 X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure>
+
+the signature of the certificate is invalid.
+
+=item B<8 X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure>
+
+the signature of the certificate is invalid.
+
+=item B<9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid>
+
+the certificate is not yet valid: the notBefore date is after the current time.
+
+=item B<10 X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired>
+
+the certificate has expired: that is the notAfter date is before the current time.
+
+=item B<11 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid>
+
+the CRL is not yet valid.
+
+=item B<12 X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired>
+
+the CRL has expired.
+
+=item B<13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field>
+
+the certificate notBefore field contains an invalid time.
+
+=item B<14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field>
+
+the certificate notAfter field contains an invalid time.
+
+=item B<15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field>
+
+the CRL lastUpdate field contains an invalid time.
+
+=item B<16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field>
+
+the CRL nextUpdate field contains an invalid time.
+
+=item B<17 X509_V_ERR_OUT_OF_MEM: out of memory>
+
+an error occurred trying to allocate memory. This should never happen.
+
+=item B<18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate>
+
+the passed certificate is self signed and the same certificate cannot be found in the list of
+trusted certificates.
+
+=item B<19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain>
+
+the certificate chain could be built up using the untrusted certificates but the root could not
+be found locally.
+
+=item B<20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate>
+
+the issuer certificate could not be found: this occurs if the issuer
+certificate of an untrusted certificate cannot be found.
+
+=item B<21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate>
+
+no signatures could be verified because the chain contains only one certificate and it is not
+self signed.
+
+=item B<22 X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long>
+
+the certificate chain length is greater than the supplied maximum depth. Unused.
+
+=item B<23 X509_V_ERR_CERT_REVOKED: certificate revoked>
+
+the certificate has been revoked.
+
+=item B<24 X509_V_ERR_INVALID_CA: invalid CA certificate>
+
+a CA certificate is invalid. Either it is not a CA or its extensions are not consistent
+with the supplied purpose.
+
+=item B<25 X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded>
+
+the basicConstraints pathlength parameter has been exceeded.
+
+=item B<26 X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose>
+
+the supplied certificate cannot be used for the specified purpose.
+
+=item B<27 X509_V_ERR_CERT_UNTRUSTED: certificate not trusted>
+
+the root CA is not marked as trusted for the specified purpose.
+
+=item B<28 X509_V_ERR_CERT_REJECTED: certificate rejected>
+
+the root CA is marked to reject the specified purpose.
+
+=item B<29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch>
+
+the current candidate issuer certificate was rejected because its subject name
+did not match the issuer name of the current certificate. Only displayed when
+the B<-issuer_checks> option is set.
+
+=item B<30 X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch>
+
+the current candidate issuer certificate was rejected because its subject key
+identifier was present and did not match the authority key identifier current
+certificate. Only displayed when the B<-issuer_checks> option is set.
+
+=item B<31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch>
+
+the current candidate issuer certificate was rejected because its issuer name
+and serial number was present and did not match the authority key identifier
+of the current certificate. Only displayed when the B<-issuer_checks> option is set.
+
+=item B<32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing>
+
+the current candidate issuer certificate was rejected because its keyUsage extension
+does not permit certificate signing.
+
+=item B<50 X509_V_ERR_APPLICATION_VERIFICATION: application verification failure>
+
+an application specific error. Unused.
+
+=back
+
+=head1 BUGS
+
+Although the issuer checks are a considerable improvement over the old technique they still
+suffer from limitations in the underlying X509_LOOKUP API. One consequence of this is that
+trusted certificates with matching subject name must either appear in a file (as specified by the
+B<-CAfile> option) or a directory (as specified by B<-CApath>. If they occur in both then only
+the certificates in the file will be recognised.
+
+Previous versions of OpenSSL assume certificates with matching subject name are identical and
+mishandled them.
+
+Previous versions of this documentation swapped the meaning of the
+B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT> and
+B<20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY> error codes.
+
+=head1 SEE ALSO
+
+L<x509(1)|x509(1)>
+
+=head1 HISTORY
+
+The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b.
+
+=cut

Deleted: vendor-crypto/openssl/1.0.1u/doc/crypto/BIO_s_connect.pod
===================================================================
--- vendor-crypto/openssl/dist/doc/crypto/BIO_s_connect.pod	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/doc/crypto/BIO_s_connect.pod	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,192 +0,0 @@
-=pod
-
-=head1 NAME
-
-BIO_s_connect, BIO_set_conn_hostname, BIO_set_conn_port,
-BIO_set_conn_ip, BIO_set_conn_int_port, BIO_get_conn_hostname,
-BIO_get_conn_port, BIO_get_conn_ip, BIO_get_conn_int_port,
-BIO_set_nbio, BIO_do_connect - connect BIO
-
-=head1 SYNOPSIS
-
- #include <openssl/bio.h>
-
- BIO_METHOD * BIO_s_connect(void);
-
- BIO *BIO_new_connect(char *name);
-
- long BIO_set_conn_hostname(BIO *b, char *name);
- long BIO_set_conn_port(BIO *b, char *port);
- long BIO_set_conn_ip(BIO *b, char *ip);
- long BIO_set_conn_int_port(BIO *b, char *port);
- char *BIO_get_conn_hostname(BIO *b);
- char *BIO_get_conn_port(BIO *b);
- char *BIO_get_conn_ip(BIO *b, dummy);
- long BIO_get_conn_int_port(BIO *b, int port);
-
- long BIO_set_nbio(BIO *b, long n);
-
- int BIO_do_connect(BIO *b);
-
-=head1 DESCRIPTION
-
-BIO_s_connect() returns the connect BIO method. This is a wrapper
-round the platform's TCP/IP socket connection routines.
-
-Using connect BIOs, TCP/IP connections can be made and data
-transferred using only BIO routines. In this way any platform
-specific operations are hidden by the BIO abstraction.
-
-Read and write operations on a connect BIO will perform I/O
-on the underlying connection. If no connection is established
-and the port and hostname (see below) is set up properly then
-a connection is established first.
-
-Connect BIOs support BIO_puts() but not BIO_gets().
-
-If the close flag is set on a connect BIO then any active
-connection is shutdown and the socket closed when the BIO
-is freed.
-
-Calling BIO_reset() on a connect BIO will close any active
-connection and reset the BIO into a state where it can connect
-to the same host again.
-
-BIO_get_fd() places the underlying socket in B<c> if it is not NULL,
-it also returns the socket . If B<c> is not NULL it should be of
-type (int *).
-
-BIO_set_conn_hostname() uses the string B<name> to set the hostname.
-The hostname can be an IP address. The hostname can also include the
-port in the form hostname:port . It is also acceptable to use the
-form "hostname/any/other/path" or "hostname:port/any/other/path".
-
-BIO_set_conn_port() sets the port to B<port>. B<port> can be the
-numerical form or a string such as "http". A string will be looked
-up first using getservbyname() on the host platform but if that
-fails a standard table of port names will be used. Currently the
-list is http, telnet, socks, https, ssl, ftp, gopher and wais.
-
-BIO_set_conn_ip() sets the IP address to B<ip> using binary form,
-that is four bytes specifying the IP address in big-endian form.
-
-BIO_set_conn_int_port() sets the port using B<port>. B<port> should
-be of type (int *).
-
-BIO_get_conn_hostname() returns the hostname of the connect BIO or
-NULL if the BIO is initialized but no hostname is set.
-This return value is an internal pointer which should not be modified.
-
-BIO_get_conn_port() returns the port as a string.
-
-BIO_get_conn_ip() returns the IP address in binary form.
-
-BIO_get_conn_int_port() returns the port as an int.
-
-BIO_set_nbio() sets the non blocking I/O flag to B<n>. If B<n> is
-zero then blocking I/O is set. If B<n> is 1 then non blocking I/O
-is set. Blocking I/O is the default. The call to BIO_set_nbio()
-should be made before the connection is established because 
-non blocking I/O is set during the connect process.
-
-BIO_new_connect() combines BIO_new() and BIO_set_conn_hostname() into
-a single call: that is it creates a new connect BIO with B<name>.
-
-BIO_do_connect() attempts to connect the supplied BIO. It returns 1
-if the connection was established successfully. A zero or negative
-value is returned if the connection could not be established, the
-call BIO_should_retry() should be used for non blocking connect BIOs
-to determine if the call should be retried.
-
-=head1 NOTES
-
-If blocking I/O is set then a non positive return value from any
-I/O call is caused by an error condition, although a zero return
-will normally mean that the connection was closed.
-
-If the port name is supplied as part of the host name then this will
-override any value set with BIO_set_conn_port(). This may be undesirable
-if the application does not wish to allow connection to arbitrary
-ports. This can be avoided by checking for the presence of the ':'
-character in the passed hostname and either indicating an error or
-truncating the string at that point.
-
-The values returned by BIO_get_conn_hostname(), BIO_get_conn_port(),
-BIO_get_conn_ip() and BIO_get_conn_int_port() are updated when a
-connection attempt is made. Before any connection attempt the values
-returned are those set by the application itself.
-
-Applications do not have to call BIO_do_connect() but may wish to do
-so to separate the connection process from other I/O processing.
-
-If non blocking I/O is set then retries will be requested as appropriate.
-
-It addition to BIO_should_read() and BIO_should_write() it is also
-possible for BIO_should_io_special() to be true during the initial
-connection process with the reason BIO_RR_CONNECT. If this is returned
-then this is an indication that a connection attempt would block,
-the application should then take appropriate action to wait until
-the underlying socket has connected and retry the call.
-
-BIO_set_conn_hostname(), BIO_set_conn_port(), BIO_set_conn_ip(),
-BIO_set_conn_int_port(), BIO_get_conn_hostname(), BIO_get_conn_port(),
-BIO_get_conn_ip(), BIO_get_conn_int_port(), BIO_set_nbio() and
-BIO_do_connect() are macros.
-
-=head1 RETURN VALUES
-
-BIO_s_connect() returns the connect BIO method.
-
-BIO_get_fd() returns the socket or -1 if the BIO has not
-been initialized.
-
-BIO_set_conn_hostname(), BIO_set_conn_port(), BIO_set_conn_ip() and
-BIO_set_conn_int_port() always return 1.
-
-BIO_get_conn_hostname() returns the connected hostname or NULL is
-none was set.
-
-BIO_get_conn_port() returns a string representing the connected
-port or NULL if not set.
-
-BIO_get_conn_ip() returns a pointer to the connected IP address in
-binary form or all zeros if not set.
-
-BIO_get_conn_int_port() returns the connected port or 0 if none was
-set.
-
-BIO_set_nbio() always returns 1.
-
-BIO_do_connect() returns 1 if the connection was successfully
-established and 0 or -1 if the connection failed.
-
-=head1 EXAMPLE
-
-This is example connects to a webserver on the local host and attempts
-to retrieve a page and copy the result to standard output.
-
-
- BIO *cbio, *out;
- int len;
- char tmpbuf[1024];
- ERR_load_crypto_strings();
- cbio = BIO_new_connect("localhost:http");
- out = BIO_new_fp(stdout, BIO_NOCLOSE);
- if(BIO_do_connect(cbio) <= 0) {
-	fprintf(stderr, "Error connecting to server\n");
-	ERR_print_errors_fp(stderr);
-	/* whatever ... */
-	}
- BIO_puts(cbio, "GET / HTTP/1.0\n\n");
- for(;;) {	
-	len = BIO_read(cbio, tmpbuf, 1024);
-	if(len <= 0) break;
-	BIO_write(out, tmpbuf, len);
- }
- BIO_free(cbio);
- BIO_free(out);
-
-
-=head1 SEE ALSO
-
-TBA

Copied: vendor-crypto/openssl/1.0.1u/doc/crypto/BIO_s_connect.pod (from rev 11605, vendor-crypto/openssl/dist/doc/crypto/BIO_s_connect.pod)
===================================================================
--- vendor-crypto/openssl/1.0.1u/doc/crypto/BIO_s_connect.pod	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/doc/crypto/BIO_s_connect.pod	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,192 @@
+=pod
+
+=head1 NAME
+
+BIO_s_connect, BIO_set_conn_hostname, BIO_set_conn_port,
+BIO_set_conn_ip, BIO_set_conn_int_port, BIO_get_conn_hostname,
+BIO_get_conn_port, BIO_get_conn_ip, BIO_get_conn_int_port,
+BIO_set_nbio, BIO_do_connect - connect BIO
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ BIO_METHOD * BIO_s_connect(void);
+
+ BIO *BIO_new_connect(char *name);
+
+ long BIO_set_conn_hostname(BIO *b, char *name);
+ long BIO_set_conn_port(BIO *b, char *port);
+ long BIO_set_conn_ip(BIO *b, char *ip);
+ long BIO_set_conn_int_port(BIO *b, char *port);
+ char *BIO_get_conn_hostname(BIO *b);
+ char *BIO_get_conn_port(BIO *b);
+ char *BIO_get_conn_ip(BIO *b);
+ long BIO_get_conn_int_port(BIO *b);
+
+ long BIO_set_nbio(BIO *b, long n);
+
+ int BIO_do_connect(BIO *b);
+
+=head1 DESCRIPTION
+
+BIO_s_connect() returns the connect BIO method. This is a wrapper
+round the platform's TCP/IP socket connection routines.
+
+Using connect BIOs, TCP/IP connections can be made and data
+transferred using only BIO routines. In this way any platform
+specific operations are hidden by the BIO abstraction.
+
+Read and write operations on a connect BIO will perform I/O
+on the underlying connection. If no connection is established
+and the port and hostname (see below) is set up properly then
+a connection is established first.
+
+Connect BIOs support BIO_puts() but not BIO_gets().
+
+If the close flag is set on a connect BIO then any active
+connection is shutdown and the socket closed when the BIO
+is freed.
+
+Calling BIO_reset() on a connect BIO will close any active
+connection and reset the BIO into a state where it can connect
+to the same host again.
+
+BIO_get_fd() places the underlying socket in B<c> if it is not NULL,
+it also returns the socket . If B<c> is not NULL it should be of
+type (int *).
+
+BIO_set_conn_hostname() uses the string B<name> to set the hostname.
+The hostname can be an IP address. The hostname can also include the
+port in the form hostname:port . It is also acceptable to use the
+form "hostname/any/other/path" or "hostname:port/any/other/path".
+
+BIO_set_conn_port() sets the port to B<port>. B<port> can be the
+numerical form or a string such as "http". A string will be looked
+up first using getservbyname() on the host platform but if that
+fails a standard table of port names will be used. Currently the
+list is http, telnet, socks, https, ssl, ftp, gopher and wais.
+
+BIO_set_conn_ip() sets the IP address to B<ip> using binary form,
+that is four bytes specifying the IP address in big-endian form.
+
+BIO_set_conn_int_port() sets the port using B<port>. B<port> should
+be of type (int *).
+
+BIO_get_conn_hostname() returns the hostname of the connect BIO or
+NULL if the BIO is initialized but no hostname is set.
+This return value is an internal pointer which should not be modified.
+
+BIO_get_conn_port() returns the port as a string.
+
+BIO_get_conn_ip() returns the IP address in binary form.
+
+BIO_get_conn_int_port() returns the port as an int.
+
+BIO_set_nbio() sets the non blocking I/O flag to B<n>. If B<n> is
+zero then blocking I/O is set. If B<n> is 1 then non blocking I/O
+is set. Blocking I/O is the default. The call to BIO_set_nbio()
+should be made before the connection is established because 
+non blocking I/O is set during the connect process.
+
+BIO_new_connect() combines BIO_new() and BIO_set_conn_hostname() into
+a single call: that is it creates a new connect BIO with B<name>.
+
+BIO_do_connect() attempts to connect the supplied BIO. It returns 1
+if the connection was established successfully. A zero or negative
+value is returned if the connection could not be established, the
+call BIO_should_retry() should be used for non blocking connect BIOs
+to determine if the call should be retried.
+
+=head1 NOTES
+
+If blocking I/O is set then a non positive return value from any
+I/O call is caused by an error condition, although a zero return
+will normally mean that the connection was closed.
+
+If the port name is supplied as part of the host name then this will
+override any value set with BIO_set_conn_port(). This may be undesirable
+if the application does not wish to allow connection to arbitrary
+ports. This can be avoided by checking for the presence of the ':'
+character in the passed hostname and either indicating an error or
+truncating the string at that point.
+
+The values returned by BIO_get_conn_hostname(), BIO_get_conn_port(),
+BIO_get_conn_ip() and BIO_get_conn_int_port() are updated when a
+connection attempt is made. Before any connection attempt the values
+returned are those set by the application itself.
+
+Applications do not have to call BIO_do_connect() but may wish to do
+so to separate the connection process from other I/O processing.
+
+If non blocking I/O is set then retries will be requested as appropriate.
+
+It addition to BIO_should_read() and BIO_should_write() it is also
+possible for BIO_should_io_special() to be true during the initial
+connection process with the reason BIO_RR_CONNECT. If this is returned
+then this is an indication that a connection attempt would block,
+the application should then take appropriate action to wait until
+the underlying socket has connected and retry the call.
+
+BIO_set_conn_hostname(), BIO_set_conn_port(), BIO_set_conn_ip(),
+BIO_set_conn_int_port(), BIO_get_conn_hostname(), BIO_get_conn_port(),
+BIO_get_conn_ip(), BIO_get_conn_int_port(), BIO_set_nbio() and
+BIO_do_connect() are macros.
+
+=head1 RETURN VALUES
+
+BIO_s_connect() returns the connect BIO method.
+
+BIO_get_fd() returns the socket or -1 if the BIO has not
+been initialized.
+
+BIO_set_conn_hostname(), BIO_set_conn_port(), BIO_set_conn_ip() and
+BIO_set_conn_int_port() always return 1.
+
+BIO_get_conn_hostname() returns the connected hostname or NULL is
+none was set.
+
+BIO_get_conn_port() returns a string representing the connected
+port or NULL if not set.
+
+BIO_get_conn_ip() returns a pointer to the connected IP address in
+binary form or all zeros if not set.
+
+BIO_get_conn_int_port() returns the connected port or 0 if none was
+set.
+
+BIO_set_nbio() always returns 1.
+
+BIO_do_connect() returns 1 if the connection was successfully
+established and 0 or -1 if the connection failed.
+
+=head1 EXAMPLE
+
+This is example connects to a webserver on the local host and attempts
+to retrieve a page and copy the result to standard output.
+
+
+ BIO *cbio, *out;
+ int len;
+ char tmpbuf[1024];
+ ERR_load_crypto_strings();
+ cbio = BIO_new_connect("localhost:http");
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ if(BIO_do_connect(cbio) <= 0) {
+	fprintf(stderr, "Error connecting to server\n");
+	ERR_print_errors_fp(stderr);
+	/* whatever ... */
+	}
+ BIO_puts(cbio, "GET / HTTP/1.0\n\n");
+ for(;;) {	
+	len = BIO_read(cbio, tmpbuf, 1024);
+	if(len <= 0) break;
+	BIO_write(out, tmpbuf, len);
+ }
+ BIO_free(cbio);
+ BIO_free(out);
+
+
+=head1 SEE ALSO
+
+TBA

Copied: vendor-crypto/openssl/1.0.1u/doc/crypto/EVP_EncodeInit.pod (from rev 11605, vendor-crypto/openssl/dist/doc/crypto/EVP_EncodeInit.pod)
===================================================================
--- vendor-crypto/openssl/1.0.1u/doc/crypto/EVP_EncodeInit.pod	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/doc/crypto/EVP_EncodeInit.pod	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,127 @@
+=pod
+
+=head1 NAME
+
+EVP_EncodeInit, EVP_EncodeUpdate, EVP_EncodeFinal, EVP_EncodeBlock,
+EVP_DecodeInit, EVP_DecodeUpdate, EVP_DecodeFinal, EVP_DecodeBlock - EVP base 64
+encode/decode routines
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
+ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+                       const unsigned char *in, int inl);
+ void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl);
+ int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n);
+
+ void EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
+ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+                      const unsigned char *in, int inl);
+ int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned
+                     char *out, int *outl);
+ int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
+
+=head1 DESCRIPTION
+
+The EVP encode routines provide a high level interface to base 64 encoding and
+decoding. Base 64 encoding converts binary data into a printable form that uses
+the characters A-Z, a-z, 0-9, "+" and "/" to represent the data. For every 3
+bytes of binary data provided 4 bytes of base 64 encoded data will be produced
+plus some occasional newlines (see below). If the input data length is not a
+multiple of 3 then the output data will be padded at the end using the "="
+character.
+
+Encoding of binary data is performed in blocks of 48 input bytes (or less for
+the final block). For each 48 byte input block encoded 64 bytes of base 64 data
+is output plus an additional newline character (i.e. 65 bytes in total). The
+final block (which may be less than 48 bytes) will output 4 bytes for every 3
+bytes of input. If the data length is not divisible by 3 then a full 4 bytes is
+still output for the final 1 or 2 bytes of input. Similarly a newline character
+will also be output.
+
+EVP_EncodeInit() initialises B<ctx> for the start of a new encoding operation.
+
+EVP_EncodeUpdate() encode B<inl> bytes of data found in the buffer pointed to by
+B<in>. The output is stored in the buffer B<out> and the number of bytes output
+is stored in B<*outl>. It is the caller's responsibility to ensure that the
+buffer at B<out> is sufficiently large to accommodate the output data. Only full
+blocks of data (48 bytes) will be immediately processed and output by this
+function. Any remainder is held in the B<ctx> object and will be processed by a
+subsequent call to EVP_EncodeUpdate() or EVP_EncodeFinal(). To calculate the
+required size of the output buffer add together the value of B<inl> with the
+amount of unprocessed data held in B<ctx> and divide the result by 48 (ignore
+any remainder). This gives the number of blocks of data that will be processed.
+Ensure the output buffer contains 65 bytes of storage for each block, plus an
+additional byte for a NUL terminator. EVP_EncodeUpdate() may be called
+repeatedly to process large amounts of input data. In the event of an error
+EVP_EncodeUpdate() will set B<*outl> to 0.
+
+EVP_EncodeFinal() must be called at the end of an encoding operation. It will
+process any partial block of data remaining in the B<ctx> object. The output
+data will be stored in B<out> and the length of the data written will be stored
+in B<*outl>. It is the caller's responsibility to ensure that B<out> is
+sufficiently large to accommodate the output data which will never be more than
+65 bytes plus an additional NUL terminator (i.e. 66 bytes in total).
+
+EVP_EncodeBlock() encodes a full block of input data in B<f> and of length
+B<dlen> and stores it in B<t>. For every 3 bytes of input provided 4 bytes of
+output data will be produced. If B<dlen> is not divisible by 3 then the block is
+encoded as a final block of data and the output is padded such that it is always
+divisible by 4. Additionally a NUL terminator character will be added. For
+example if 16 bytes of input data is provided then 24 bytes of encoded data is
+created plus 1 byte for a NUL terminator (i.e. 25 bytes in total). The length of
+the data generated I<without> the NUL terminator is returned from the function.
+
+EVP_DecodeInit() initialises B<ctx> for the start of a new decoding operation.
+
+EVP_DecodeUpdate() decodes B<inl> characters of data found in the buffer pointed
+to by B<in>. The output is stored in the buffer B<out> and the number of bytes
+output is stored in B<*outl>. It is the caller's responsibility to ensure that
+the buffer at B<out> is sufficiently large to accommodate the output data. This
+function will attempt to decode as much data as possible in 4 byte chunks. Any
+whitespace, newline or carriage return characters are ignored. Any partial chunk
+of unprocessed data (1, 2 or 3 bytes) that remains at the end will be held in
+the B<ctx> object and processed by a subsequent call to EVP_DecodeUpdate(). If
+any illegal base 64 characters are encountered or if the base 64 padding
+character "=" is encountered in the middle of the data then the function returns
+-1 to indicate an error. A return value of 0 or 1 indicates successful
+processing of the data. A return value of 0 additionally indicates that the last
+input data characters processed included the base 64 padding character "=" and
+therefore no more non-padding character data is expected to be processed. For
+every 4 valid base 64 bytes processed (ignoring whitespace, carriage returns and
+line feeds), 3 bytes of binary output data will be produced (or less at the end
+of the data where the padding character "=" has been used).
+
+EVP_DecodeFinal() must be called at the end of a decoding operation. If there
+is any unprocessed data still in B<ctx> then the input data must not have been
+a multiple of 4 and therefore an error has occurred. The function will return -1
+in this case. Otherwise the function returns 1 on success.
+
+EVP_DecodeBlock() will decode the block of B<n> characters of base 64 data
+contained in B<f> and store the result in B<t>. Any leading whitespace will be
+trimmed as will any trailing whitespace, newlines, carriage returns or EOF
+characters. After such trimming the length of the data in B<f> must be divisbile
+by 4. For every 4 input bytes exactly 3 output bytes will be produced. The
+output will be padded with 0 bits if necessary to ensure that the output is
+always 3 bytes for every 4 input bytes. This function will return the length of
+the data decoded or -1 on error.
+
+=head1 RETURN VALUES
+
+EVP_EncodeBlock() returns the number of bytes encoded excluding the NUL
+terminator.
+
+EVP_DecodeUpdate() returns -1 on error and 0 or 1 on success. If 0 is returned
+then no more non-padding base 64 characters are expected.
+
+EVP_DecodeFinal() returns -1 on error or 1 on success.
+
+EVP_DecodeBlock() returns the length of the data decoded or -1 on error.
+
+=head1 SEE ALSO
+
+L<evp(3)>
+
+=cut

Deleted: vendor-crypto/openssl/1.0.1u/doc/crypto/X509_verify_cert.pod
===================================================================
--- vendor-crypto/openssl/dist/doc/crypto/X509_verify_cert.pod	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/doc/crypto/X509_verify_cert.pod	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,54 +0,0 @@
-=pod
-
-=head1 NAME
-
-X509_verify_cert - discover and verify X509 certificte chain
-
-=head1 SYNOPSIS
-
- #include <openssl/x509.h>
-
- int X509_verify_cert(X509_STORE_CTX *ctx);
-
-=head1 DESCRIPTION
-
-The X509_verify_cert() function attempts to discover and validate a
-certificate chain based on parameters in B<ctx>. A complete description of
-the process is contained in the L<verify(1)|verify(1)> manual page.
-
-=head1 RETURN VALUES
-
-If a complete chain can be built and validated this function returns 1,
-otherwise it return zero, in exceptional circumstances it can also
-return a negative code.
-
-If the function fails additional error information can be obtained by
-examining B<ctx> using, for example X509_STORE_CTX_get_error().
-
-=head1 NOTES
-
-Applications rarely call this function directly but it is used by
-OpenSSL internally for certificate validation, in both the S/MIME and
-SSL/TLS code.
-
-The negative return value from X509_verify_cert() can only occur if no
-certificate is set in B<ctx> (due to a programming error); if X509_verify_cert()
-twice without reinitialising B<ctx> in between; or if a retry
-operation is requested during internal lookups (which never happens with
-standard lookup methods). It is however recommended that application check
-for <= 0 return value on error.
-
-=head1 BUGS
-
-This function uses the header B<x509.h> as opposed to most chain verification
-functiosn which use B<x509_vfy.h>.
-
-=head1 SEE ALSO
-
-L<X509_STORE_CTX_get_error(3)|X509_STORE_CTX_get_error(3)>
-
-=head1 HISTORY
-
-X509_verify_cert() is available in all versions of SSLeay and OpenSSL.
-
-=cut

Copied: vendor-crypto/openssl/1.0.1u/doc/crypto/X509_verify_cert.pod (from rev 11605, vendor-crypto/openssl/dist/doc/crypto/X509_verify_cert.pod)
===================================================================
--- vendor-crypto/openssl/1.0.1u/doc/crypto/X509_verify_cert.pod	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/doc/crypto/X509_verify_cert.pod	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,55 @@
+=pod
+
+=head1 NAME
+
+X509_verify_cert - discover and verify X509 certificte chain
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ int X509_verify_cert(X509_STORE_CTX *ctx);
+
+=head1 DESCRIPTION
+
+The X509_verify_cert() function attempts to discover and validate a
+certificate chain based on parameters in B<ctx>. A complete description of
+the process is contained in the L<verify(1)|verify(1)> manual page.
+
+=head1 RETURN VALUES
+
+If a complete chain can be built and validated this function returns 1,
+otherwise it return zero, in exceptional circumstances it can also
+return a negative code.
+
+If the function fails additional error information can be obtained by
+examining B<ctx> using, for example X509_STORE_CTX_get_error().
+
+=head1 NOTES
+
+Applications rarely call this function directly but it is used by
+OpenSSL internally for certificate validation, in both the S/MIME and
+SSL/TLS code.
+
+A negative return value from X509_verify_cert() can occur if it is invoked
+incorrectly, such as with no certificate set in B<ctx>, or when it is called
+twice in succession without reinitialising B<ctx> for the second call.
+A negative return value can also happen due to internal resource problems or if
+a retry operation is requested during internal lookups (which never happens
+with standard lookup methods).
+Applications must check for <= 0 return value on error.
+
+=head1 BUGS
+
+This function uses the header B<x509.h> as opposed to most chain verification
+functiosn which use B<x509_vfy.h>.
+
+=head1 SEE ALSO
+
+L<X509_STORE_CTX_get_error(3)|X509_STORE_CTX_get_error(3)>
+
+=head1 HISTORY
+
+X509_verify_cert() is available in all versions of SSLeay and OpenSSL.
+
+=cut

Copied: vendor-crypto/openssl/1.0.1u/doc/crypto/d2i_PrivateKey.pod (from rev 11605, vendor-crypto/openssl/dist/doc/crypto/d2i_PrivateKey.pod)
===================================================================
--- vendor-crypto/openssl/1.0.1u/doc/crypto/d2i_PrivateKey.pod	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/doc/crypto/d2i_PrivateKey.pod	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,59 @@
+=pod
+
+=head1 NAME
+
+d2i_Private_key, d2i_AutoPrivateKey, i2d_PrivateKey - decode and encode
+functions for reading and saving EVP_PKEY structures.
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
+                          long length);
+ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
+                              long length);
+ int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp);
+
+=head1 DESCRIPTION
+
+d2i_PrivateKey() decodes a private key using algorithm B<type>. It attempts to
+use any key specific format or PKCS#8 unencrypted PrivateKeyInfo format. The
+B<type> parameter should be a public key algorithm constant such as
+B<EVP_PKEY_RSA>. An error occurs if the decoded key does not match B<type>.
+
+d2i_AutoPrivateKey() is similar to d2i_PrivateKey() except it attempts to
+automatically detect the private key format.
+
+i2d_PrivateKey() encodes B<key>. It uses a key specific format or, if none is
+defined for that key type, PKCS#8 unencrypted PrivateKeyInfo format.
+
+These functions are similar to the d2i_X509() functions, and you should refer to
+that page for a detailed description (see L<d2i_X509(3)>).
+
+=head1 NOTES
+
+All these functions use DER format and unencrypted keys. Applications wishing
+to encrypt or decrypt private keys should use other functions such as
+d2i_PKC8PrivateKey() instead.
+
+If the B<*a> is not NULL when calling d2i_PrivateKey() or d2i_AutoPrivateKey()
+(i.e. an existing structure is being reused) and the key format is PKCS#8
+then B<*a> will be freed and replaced on a successful call.
+
+=head1 RETURN VALUES
+
+d2i_PrivateKey() and d2i_AutoPrivateKey() return a valid B<EVP_KEY> structure
+or B<NULL> if an error occurs. The error code can be obtained by calling
+L<ERR_get_error(3)>.
+
+i2d_PrivateKey() returns the number of bytes successfully encoded or a
+negative value if an error occurs. The error code can be obtained by calling
+L<ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<crypto(3)>,
+L<d2i_PKCS8PrivateKey(3)>
+
+=cut

Deleted: vendor-crypto/openssl/1.0.1u/doc/crypto/evp.pod
===================================================================
--- vendor-crypto/openssl/dist/doc/crypto/evp.pod	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/doc/crypto/evp.pod	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,55 +0,0 @@
-=pod
-
-=head1 NAME
-
-evp - high-level cryptographic functions
-
-=head1 SYNOPSIS
-
- #include <openssl/evp.h>
-
-=head1 DESCRIPTION
-
-The EVP library provides a high-level interface to cryptographic
-functions.
-
-B<EVP_Seal>I<...> and B<EVP_Open>I<...> provide public key encryption
-and decryption to implement digital "envelopes".
-
-The B<EVP_Sign>I<...> and B<EVP_Verify>I<...> functions implement
-digital signatures.
-
-Symmetric encryption is available with the B<EVP_Encrypt>I<...>
-functions.  The B<EVP_Digest>I<...> functions provide message digests.
-
-The B<EVP_PKEY>I<...> functions provide a high level interface to
-asymmetric algorithms.
-
-Algorithms are loaded with OpenSSL_add_all_algorithms(3).
-
-All the symmetric algorithms (ciphers), digests and asymmetric algorithms
-(public key algorithms) can be replaced by ENGINE modules providing alternative
-implementations. If ENGINE implementations of ciphers or digests are registered
-as defaults, then the various EVP functions will automatically use those
-implementations automatically in preference to built in software
-implementations. For more information, consult the engine(3) man page.
-
-Although low level algorithm specific functions exist for many algorithms
-their use is discouraged. They cannot be used with an ENGINE and ENGINE
-versions of new algorithms cannot be accessed using the low level functions.
-Also makes code harder to adapt to new algorithms and some options are not 
-cleanly supported at the low level and some operations are more efficient
-using the high level interface.
-
-=head1 SEE ALSO
-
-L<EVP_DigestInit(3)|EVP_DigestInit(3)>,
-L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
-L<EVP_OpenInit(3)|EVP_OpenInit(3)>,
-L<EVP_SealInit(3)|EVP_SealInit(3)>,
-L<EVP_SignInit(3)|EVP_SignInit(3)>,
-L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
-L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>,
-L<engine(3)|engine(3)>
-
-=cut

Copied: vendor-crypto/openssl/1.0.1u/doc/crypto/evp.pod (from rev 11605, vendor-crypto/openssl/dist/doc/crypto/evp.pod)
===================================================================
--- vendor-crypto/openssl/1.0.1u/doc/crypto/evp.pod	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/doc/crypto/evp.pod	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,60 @@
+=pod
+
+=head1 NAME
+
+evp - high-level cryptographic functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+=head1 DESCRIPTION
+
+The EVP library provides a high-level interface to cryptographic
+functions.
+
+B<EVP_Seal>I<...> and B<EVP_Open>I<...> provide public key encryption
+and decryption to implement digital "envelopes".
+
+The B<EVP_Sign>I<...> and B<EVP_Verify>I<...> functions implement
+digital signatures.
+
+Symmetric encryption is available with the B<EVP_Encrypt>I<...>
+functions.  The B<EVP_Digest>I<...> functions provide message digests.
+
+The B<EVP_PKEY>I<...> functions provide a high level interface to
+asymmetric algorithms.
+
+The L<B<EVP_Encode>I<...>|EVP_EncodeInit(3)> and
+L<B<EVP_Decode>I<...>|EVP_EncodeInit(3)> functions implement base 64 encoding
+and decoding.
+
+Algorithms are loaded with OpenSSL_add_all_algorithms(3).
+
+All the symmetric algorithms (ciphers), digests and asymmetric algorithms
+(public key algorithms) can be replaced by ENGINE modules providing alternative
+implementations. If ENGINE implementations of ciphers or digests are registered
+as defaults, then the various EVP functions will automatically use those
+implementations automatically in preference to built in software
+implementations. For more information, consult the engine(3) man page.
+
+Although low level algorithm specific functions exist for many algorithms
+their use is discouraged. They cannot be used with an ENGINE and ENGINE
+versions of new algorithms cannot be accessed using the low level functions.
+Also makes code harder to adapt to new algorithms and some options are not 
+cleanly supported at the low level and some operations are more efficient
+using the high level interface.
+
+=head1 SEE ALSO
+
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>,
+L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
+L<EVP_OpenInit(3)|EVP_OpenInit(3)>,
+L<EVP_SealInit(3)|EVP_SealInit(3)>,
+L<EVP_SignInit(3)|EVP_SignInit(3)>,
+L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
+L<EVP_EncodeInit(3)>,
+L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>,
+L<engine(3)|engine(3)>
+
+=cut

Deleted: vendor-crypto/openssl/1.0.1u/doc/ssl/SSL_CTX_new.pod
===================================================================
--- vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_new.pod	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/doc/ssl/SSL_CTX_new.pod	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,108 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_new - create a new SSL_CTX object as framework for TLS/SSL enabled functions
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- SSL_CTX *SSL_CTX_new(const SSL_METHOD *method);
-
-=head1 DESCRIPTION
-
-SSL_CTX_new() creates a new B<SSL_CTX> object as framework to establish
-TLS/SSL enabled connections.
-
-=head1 NOTES
-
-The SSL_CTX object uses B<method> as connection method. The methods exist
-in a generic type (for client and server use), a server only type, and a
-client only type. B<method> can be of the following types:
-
-=over 4
-
-=item SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void)
-
-A TLS/SSL connection established with these methods will only understand
-the SSLv2 protocol. A client will send out SSLv2 client hello messages
-and will also indicate that it only understand SSLv2. A server will only
-understand SSLv2 client hello messages.
-
-=item SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)
-
-A TLS/SSL connection established with these methods will only understand the
-SSLv3 protocol. A client will send out SSLv3 client hello messages
-and will indicate that it only understands SSLv3. A server will only understand
-SSLv3 client hello messages. This especially means, that it will
-not understand SSLv2 client hello messages which are widely used for
-compatibility reasons, see SSLv23_*_method().
-
-=item TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void)
-
-A TLS/SSL connection established with these methods will only understand the
-TLSv1 protocol. A client will send out TLSv1 client hello messages
-and will indicate that it only understands TLSv1. A server will only understand
-TLSv1 client hello messages. This especially means, that it will
-not understand SSLv2 client hello messages which are widely used for
-compatibility reasons, see SSLv23_*_method(). It will also not understand
-SSLv3 client hello messages.
-
-=item SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)
-
-A TLS/SSL connection established with these methods may understand the SSLv2,
-SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols.
-
-If the cipher list does not contain any SSLv2 ciphersuites (the default
-cipher list does not) or extensions are required (for example server name)
-a client will send out TLSv1 client hello messages including extensions and
-will indicate that it also understands TLSv1.1, TLSv1.2 and permits a
-fallback to SSLv3. A server will support SSLv3, TLSv1, TLSv1.1 and TLSv1.2
-protocols. This is the best choice when compatibility is a concern.
-
-If any SSLv2 ciphersuites are included in the cipher list and no extensions
-are required then SSLv2 compatible client hellos will be used by clients and
-SSLv2 will be accepted by servers. This is B<not> recommended due to the
-insecurity of SSLv2 and the limited nature of the SSLv2 client hello
-prohibiting the use of extensions.
-
-=back
-
-The list of protocols available can later be limited using the SSL_OP_NO_SSLv2,
-SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2
-options of the SSL_CTX_set_options() or SSL_set_options() functions.
-Using these options it is possible to choose e.g. SSLv23_server_method() and
-be able to negotiate with all possible clients, but to only allow newer
-protocols like TLSv1, TLSv1.1 or TLS v1.2.
-
-Applications which never want to support SSLv2 (even is the cipher string
-is configured to use SSLv2 ciphersuites) can set SSL_OP_NO_SSLv2.
-
-SSL_CTX_new() initializes the list of ciphers, the session cache setting,
-the callbacks, the keys and certificates and the options to its default
-values.
-
-=head1 RETURN VALUES
-
-The following return values can occur:
-
-=over 4
-
-=item NULL
-
-The creation of a new SSL_CTX object failed. Check the error stack to
-find out the reason.
-
-=item Pointer to an SSL_CTX object
-
-The return value points to an allocated SSL_CTX object.
-
-=back
-
-=head1 SEE ALSO
-
-L<SSL_CTX_free(3)|SSL_CTX_free(3)>, L<SSL_accept(3)|SSL_accept(3)>,
-L<ssl(3)|ssl(3)>,  L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
-
-=cut

Copied: vendor-crypto/openssl/1.0.1u/doc/ssl/SSL_CTX_new.pod (from rev 11605, vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_new.pod)
===================================================================
--- vendor-crypto/openssl/1.0.1u/doc/ssl/SSL_CTX_new.pod	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/doc/ssl/SSL_CTX_new.pod	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,158 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_new,
+SSLv23_method, SSLv23_server_method, SSLv23_client_method,
+TLSv1_2_method, TLSv1_2_server_method, TLSv1_2_client_method,
+TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method,
+TLSv1_method, TLSv1_server_method, TLSv1_client_method,
+SSLv3_method, SSLv3_server_method, SSLv3_client_method,
+SSLv2_method, SSLv2_server_method, SSLv2_client_method,
+DTLSv1_method, DTLSv1_server_method, DTLSv1_client_method -
+create a new SSL_CTX object as framework for TLS/SSL enabled functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ SSL_CTX *SSL_CTX_new(const SSL_METHOD *method);
+ const SSL_METHOD *SSLv23_method(void);
+ const SSL_METHOD *SSLv23_server_method(void);
+ const SSL_METHOD *SSLv23_client_method(void);
+ const SSL_METHOD *TLSv1_2_method(void);
+ const SSL_METHOD *TLSv1_2_server_method(void);
+ const SSL_METHOD *TLSv1_2_client_method(void);
+ const SSL_METHOD *TLSv1_1_method(void);
+ const SSL_METHOD *TLSv1_1_server_method(void);
+ const SSL_METHOD *TLSv1_1_client_method(void);
+ const SSL_METHOD *TLSv1_method(void);
+ const SSL_METHOD *TLSv1_server_method(void);
+ const SSL_METHOD *TLSv1_client_method(void);
+ #ifndef OPENSSL_NO_SSL3_METHOD
+ const SSL_METHOD *SSLv3_method(void);
+ const SSL_METHOD *SSLv3_server_method(void);
+ const SSL_METHOD *SSLv3_client_method(void);
+ #endif
+ #ifndef OPENSSL_NO_SSL2
+ const SSL_METHOD *SSLv2_method(void);
+ const SSL_METHOD *SSLv2_server_method(void);
+ const SSL_METHOD *SSLv2_client_method(void);
+ #endif
+
+ const SSL_METHOD *DTLSv1_method(void);
+ const SSL_METHOD *DTLSv1_server_method(void);
+ const SSL_METHOD *DTLSv1_client_method(void);
+
+=head1 DESCRIPTION
+
+SSL_CTX_new() creates a new B<SSL_CTX> object as framework to establish
+TLS/SSL enabled connections.
+
+=head1 NOTES
+
+The SSL_CTX object uses B<method> as connection method. The methods exist
+in a generic type (for client and server use), a server only type, and a
+client only type. B<method> can be of the following types:
+
+=over 4
+
+=item SSLv23_method(), SSLv23_server_method(), SSLv23_client_method()
+
+These are the general-purpose I<version-flexible> SSL/TLS methods.
+The actual protocol version used will be negotiated to the highest version
+mutually supported by the client and the server.
+The supported protocols are SSLv2, SSLv3, TLSv1, TLSv1.1 and TLSv1.2.
+Most applications should use these method, and avoid the version specific
+methods described below.
+
+The list of protocols available can be further limited using the
+B<SSL_OP_NO_SSLv2>, B<SSL_OP_NO_SSLv3>, B<SSL_OP_NO_TLSv1>,
+B<SSL_OP_NO_TLSv1_1> and B<SSL_OP_NO_TLSv1_2> options of the
+L<SSL_CTX_set_options(3)> or L<SSL_set_options(3)> functions.
+Clients should avoid creating "holes" in the set of protocols they support,
+when disabling a protocol, make sure that you also disable either all previous
+or all subsequent protocol versions.
+In clients, when a protocol version is disabled without disabling I<all>
+previous protocol versions, the effect is to also disable all subsequent
+protocol versions.
+
+The SSLv2 and SSLv3 protocols are deprecated and should generally not be used.
+Applications should typically use L<SSL_CTX_set_options(3)> in combination with
+the B<SSL_OP_NO_SSLv3> flag to disable negotiation of SSLv3 via the above
+I<version-flexible> SSL/TLS methods.
+The B<SSL_OP_NO_SSLv2> option is set by default, and would need to be cleared
+via L<SSL_CTX_clear_options(3)> in order to enable negotiation of SSLv2.
+
+=item TLSv1_2_method(), TLSv1_2_server_method(), TLSv1_2_client_method()
+
+A TLS/SSL connection established with these methods will only understand the
+TLSv1.2 protocol.  A client will send out TLSv1.2 client hello messages and
+will also indicate that it only understand TLSv1.2.  A server will only
+understand TLSv1.2 client hello messages.
+
+=item TLSv1_1_method(), TLSv1_1_server_method(), TLSv1_1_client_method()
+
+A TLS/SSL connection established with these methods will only understand the
+TLSv1.1 protocol.  A client will send out TLSv1.1 client hello messages and
+will also indicate that it only understand TLSv1.1.  A server will only
+understand TLSv1.1 client hello messages.
+
+=item TLSv1_method(), TLSv1_server_method(), TLSv1_client_method()
+
+A TLS/SSL connection established with these methods will only understand the
+TLSv1 protocol.  A client will send out TLSv1 client hello messages and will
+indicate that it only understands TLSv1.  A server will only understand TLSv1
+client hello messages.
+
+=item SSLv3_method(), SSLv3_server_method(), SSLv3_client_method()
+
+A TLS/SSL connection established with these methods will only understand the
+SSLv3 protocol.  A client will send out SSLv3 client hello messages and will
+indicate that it only understands SSLv3.  A server will only understand SSLv3
+client hello messages.  The SSLv3 protocol is deprecated and should not be
+used.
+
+=item SSLv2_method(), SSLv2_server_method(), SSLv2_client_method()
+
+A TLS/SSL connection established with these methods will only understand the
+SSLv2 protocol.  A client will send out SSLv2 client hello messages and will
+also indicate that it only understand SSLv2.  A server will only understand
+SSLv2 client hello messages.  The SSLv2 protocol offers little to no security
+and should not be used.
+As of OpenSSL 1.0.1s, EXPORT ciphers and 56-bit DES are no longer available
+with SSLv2.
+
+=item DTLSv1_method(), DTLSv1_server_method(), DTLSv1_client_method()
+
+These are the version-specific methods for DTLSv1.
+
+=back
+
+SSL_CTX_new() initializes the list of ciphers, the session cache setting, the
+callbacks, the keys and certificates and the options to its default values.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item NULL
+
+The creation of a new SSL_CTX object failed. Check the error stack to find out
+the reason.
+
+=item Pointer to an SSL_CTX object
+
+The return value points to an allocated SSL_CTX object.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_CTX_set_options(3)>, L<SSL_CTX_clear_options(3)>, L<SSL_set_options(3)>,
+L<SSL_CTX_free(3)|SSL_CTX_free(3)>, L<SSL_accept(3)|SSL_accept(3)>,
+L<ssl(3)|ssl(3)>,  L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
+
+=cut

Deleted: vendor-crypto/openssl/1.0.1u/doc/ssl/SSL_CTX_set_options.pod
===================================================================
--- vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_options.pod	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/doc/ssl/SSL_CTX_set_options.pod	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,345 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_set_options, SSL_set_options, SSL_CTX_clear_options, SSL_clear_options, SSL_CTX_get_options, SSL_get_options, SSL_get_secure_renegotiation_support - manipulate SSL options
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- long SSL_CTX_set_options(SSL_CTX *ctx, long options);
- long SSL_set_options(SSL *ssl, long options);
-
- long SSL_CTX_clear_options(SSL_CTX *ctx, long options);
- long SSL_clear_options(SSL *ssl, long options);
-
- long SSL_CTX_get_options(SSL_CTX *ctx);
- long SSL_get_options(SSL *ssl);
-
- long SSL_get_secure_renegotiation_support(SSL *ssl);
-
-=head1 DESCRIPTION
-
-Note: all these functions are implemented using macros.
-
-SSL_CTX_set_options() adds the options set via bitmask in B<options> to B<ctx>.
-Options already set before are not cleared!
-
-SSL_set_options() adds the options set via bitmask in B<options> to B<ssl>.
-Options already set before are not cleared!
-
-SSL_CTX_clear_options() clears the options set via bitmask in B<options>
-to B<ctx>.
-
-SSL_clear_options() clears the options set via bitmask in B<options> to B<ssl>.
-
-SSL_CTX_get_options() returns the options set for B<ctx>.
-
-SSL_get_options() returns the options set for B<ssl>.
-
-SSL_get_secure_renegotiation_support() indicates whether the peer supports
-secure renegotiation.
-
-=head1 NOTES
-
-The behaviour of the SSL library can be changed by setting several options.
-The options are coded as bitmasks and can be combined by a logical B<or>
-operation (|).
-
-SSL_CTX_set_options() and SSL_set_options() affect the (external)
-protocol behaviour of the SSL library. The (internal) behaviour of
-the API can be changed by using the similar
-L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)> and SSL_set_mode() functions.
-
-During a handshake, the option settings of the SSL object are used. When
-a new SSL object is created from a context using SSL_new(), the current
-option setting is copied. Changes to B<ctx> do not affect already created
-SSL objects. SSL_clear() does not affect the settings.
-
-The following B<bug workaround> options are available:
-
-=over 4
-
-=item SSL_OP_MICROSOFT_SESS_ID_BUG
-
-www.microsoft.com - when talking SSLv2, if session-id reuse is
-performed, the session-id passed back in the server-finished message
-is different from the one decided upon.
-
-=item SSL_OP_NETSCAPE_CHALLENGE_BUG
-
-Netscape-Commerce/1.12, when talking SSLv2, accepts a 32 byte
-challenge but then appears to only use 16 bytes when generating the
-encryption keys.  Using 16 bytes is ok but it should be ok to use 32.
-According to the SSLv3 spec, one should use 32 bytes for the challenge
-when operating in SSLv2/v3 compatibility mode, but as mentioned above,
-this breaks this server so 16 bytes is the way to go.
-
-=item SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
-
-As of OpenSSL 0.9.8q and 1.0.0c, this option has no effect.
-
-=item SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
-
-...
-
-=item SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
-
-...
-
-=item SSL_OP_SAFARI_ECDHE_ECDSA_BUG
-
-Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.
-OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
-
-=item SSL_OP_SSLEAY_080_CLIENT_DH_BUG
-
-...
-
-=item SSL_OP_TLS_D5_BUG
-
-...
-
-=item SSL_OP_TLS_BLOCK_PADDING_BUG
-
-...
-
-=item SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
-
-Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol
-vulnerability affecting CBC ciphers, which cannot be handled by some
-broken SSL implementations.  This option has no effect for connections
-using other ciphers.
-
-=item SSL_OP_TLSEXT_PADDING
-
-Adds a padding extension to ensure the ClientHello size is never between
-256 and 511 bytes in length. This is needed as a workaround for some
-implementations.
-
-=item SSL_OP_ALL
-
-All of the above bug workarounds.
-
-=back
-
-It is usually safe to use B<SSL_OP_ALL> to enable the bug workaround
-options if compatibility with somewhat broken implementations is
-desired.
-
-The following B<modifying> options are available:
-
-=over 4
-
-=item SSL_OP_TLS_ROLLBACK_BUG
-
-Disable version rollback attack detection.
-
-During the client key exchange, the client must send the same information
-about acceptable SSL/TLS protocol levels as during the first hello. Some
-clients violate this rule by adapting to the server's answer. (Example:
-the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server
-only understands up to SSLv3. In this case the client must still use the
-same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect
-to the server's answer and violate the version rollback protection.)
-
-=item SSL_OP_SINGLE_DH_USE
-
-Always create a new key when using temporary/ephemeral DH parameters
-(see L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>).
-This option must be used to prevent small subgroup attacks, when
-the DH parameters were not generated using "strong" primes
-(e.g. when using DSA-parameters, see L<dhparam(1)|dhparam(1)>).
-If "strong" primes were used, it is not strictly necessary to generate
-a new DH key during each handshake but it is also recommended.
-B<SSL_OP_SINGLE_DH_USE> should therefore be enabled whenever
-temporary/ephemeral DH parameters are used.
-
-=item SSL_OP_EPHEMERAL_RSA
-
-This option is no longer implemented and is treated as no op.
-
-=item SSL_OP_CIPHER_SERVER_PREFERENCE
-
-When choosing a cipher, use the server's preferences instead of the client
-preferences. When not set, the SSL server will always follow the clients
-preferences. When set, the SSLv3/TLSv1 server will choose following its
-own preferences. Because of the different protocol, for SSLv2 the server
-will send its list of preferences to the client and the client chooses.
-
-=item SSL_OP_PKCS1_CHECK_1
-
-...
-
-=item SSL_OP_PKCS1_CHECK_2
-
-...
-
-=item SSL_OP_NETSCAPE_CA_DN_BUG
-
-If we accept a netscape connection, demand a client cert, have a
-non-self-signed CA which does not have its CA in netscape, and the
-browser has a cert, it will crash/hang.  Works for 3.x and 4.xbeta 
-
-=item SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
-
-...
-
-=item SSL_OP_NO_SSLv2
-
-Do not use the SSLv2 protocol.
-
-=item SSL_OP_NO_SSLv3
-
-Do not use the SSLv3 protocol.
-
-=item SSL_OP_NO_TLSv1
-
-Do not use the TLSv1 protocol.
-
-=item SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
-
-When performing renegotiation as a server, always start a new session
-(i.e., session resumption requests are only accepted in the initial
-handshake). This option is not needed for clients.
-
-=item SSL_OP_NO_TICKET
-
-Normally clients and servers will, where possible, transparently make use
-of RFC4507bis tickets for stateless session resumption.
-
-If this option is set this functionality is disabled and tickets will
-not be used by clients or servers.
-
-=item SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
-
-Allow legacy insecure renegotiation between OpenSSL and unpatched clients or
-servers. See the B<SECURE RENEGOTIATION> section for more details.
-
-=item SSL_OP_LEGACY_SERVER_CONNECT
-
-Allow legacy insecure renegotiation between OpenSSL and unpatched servers
-B<only>: this option is currently set by default. See the
-B<SECURE RENEGOTIATION> section for more details.
-
-=back
-
-=head1 SECURE RENEGOTIATION
-
-OpenSSL 0.9.8m and later always attempts to use secure renegotiation as
-described in RFC5746. This counters the prefix attack described in
-CVE-2009-3555 and elsewhere.
-
-The deprecated and highly broken SSLv2 protocol does not support
-renegotiation at all: its use is B<strongly> discouraged.
-
-This attack has far reaching consequences which application writers should be
-aware of. In the description below an implementation supporting secure
-renegotiation is referred to as I<patched>. A server not supporting secure
-renegotiation is referred to as I<unpatched>.
-
-The following sections describe the operations permitted by OpenSSL's secure
-renegotiation implementation.
-
-=head2 Patched client and server
-
-Connections and renegotiation are always permitted by OpenSSL implementations.
-
-=head2 Unpatched client and patched OpenSSL server
-
-The initial connection succeeds but client renegotiation is denied by the
-server with a B<no_renegotiation> warning alert if TLS v1.0 is used or a fatal
-B<handshake_failure> alert in SSL v3.0.
-
-If the patched OpenSSL server attempts to renegotiate a fatal
-B<handshake_failure> alert is sent. This is because the server code may be
-unaware of the unpatched nature of the client.
-
-If the option B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> is set then
-renegotiation B<always> succeeds.
-
-B<NB:> a bug in OpenSSL clients earlier than 0.9.8m (all of which are
-unpatched) will result in the connection hanging if it receives a
-B<no_renegotiation> alert. OpenSSL versions 0.9.8m and later will regard
-a B<no_renegotiation> alert as fatal and respond with a fatal
-B<handshake_failure> alert. This is because the OpenSSL API currently has
-no provision to indicate to an application that a renegotiation attempt
-was refused.
-
-=head2 Patched OpenSSL client and unpatched server.
-
-If the option B<SSL_OP_LEGACY_SERVER_CONNECT> or
-B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> is set then initial connections
-and renegotiation between patched OpenSSL clients and unpatched servers
-succeeds. If neither option is set then initial connections to unpatched
-servers will fail.
-
-The option B<SSL_OP_LEGACY_SERVER_CONNECT> is currently set by default even
-though it has security implications: otherwise it would be impossible to
-connect to unpatched servers (i.e. all of them initially) and this is clearly
-not acceptable. Renegotiation is permitted because this does not add any
-additional security issues: during an attack clients do not see any
-renegotiations anyway.
-
-As more servers become patched the option B<SSL_OP_LEGACY_SERVER_CONNECT> will
-B<not> be set by default in a future version of OpenSSL.
-
-OpenSSL client applications wishing to ensure they can connect to unpatched
-servers should always B<set> B<SSL_OP_LEGACY_SERVER_CONNECT>
-
-OpenSSL client applications that want to ensure they can B<not> connect to
-unpatched servers (and thus avoid any security issues) should always B<clear>
-B<SSL_OP_LEGACY_SERVER_CONNECT> using SSL_CTX_clear_options() or
-SSL_clear_options().
-
-The difference between the B<SSL_OP_LEGACY_SERVER_CONNECT> and
-B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> options is that
-B<SSL_OP_LEGACY_SERVER_CONNECT> enables initial connections and secure
-renegotiation between OpenSSL clients and unpatched servers B<only>, while
-B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> allows initial connections
-and renegotiation between OpenSSL and unpatched clients or servers.
-
-=head1 RETURN VALUES
-
-SSL_CTX_set_options() and SSL_set_options() return the new options bitmask
-after adding B<options>.
-
-SSL_CTX_clear_options() and SSL_clear_options() return the new options bitmask
-after clearing B<options>.
-
-SSL_CTX_get_options() and SSL_get_options() return the current bitmask.
-
-SSL_get_secure_renegotiation_support() returns 1 is the peer supports
-secure renegotiation and 0 if it does not.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>,
-L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
-L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>,
-L<dhparam(1)|dhparam(1)>
-
-=head1 HISTORY
-
-B<SSL_OP_CIPHER_SERVER_PREFERENCE> and
-B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> have been added in
-OpenSSL 0.9.7.
-
-B<SSL_OP_TLS_ROLLBACK_BUG> has been added in OpenSSL 0.9.6 and was automatically
-enabled with B<SSL_OP_ALL>. As of 0.9.7, it is no longer included in B<SSL_OP_ALL>
-and must be explicitly set.
-
-B<SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS> has been added in OpenSSL 0.9.6e.
-Versions up to OpenSSL 0.9.6c do not include the countermeasure that
-can be disabled with this option (in OpenSSL 0.9.6d, it was always
-enabled).
-
-SSL_CTX_clear_options() and SSL_clear_options() were first added in OpenSSL
-0.9.8m.
-
-B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>, B<SSL_OP_LEGACY_SERVER_CONNECT>
-and the function SSL_get_secure_renegotiation_support() were first added in
-OpenSSL 0.9.8m.
-
-=cut

Copied: vendor-crypto/openssl/1.0.1u/doc/ssl/SSL_CTX_set_options.pod (from rev 11605, vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_options.pod)
===================================================================
--- vendor-crypto/openssl/1.0.1u/doc/ssl/SSL_CTX_set_options.pod	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/doc/ssl/SSL_CTX_set_options.pod	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,355 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_options, SSL_set_options, SSL_CTX_clear_options, SSL_clear_options, SSL_CTX_get_options, SSL_get_options, SSL_get_secure_renegotiation_support - manipulate SSL options
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ long SSL_CTX_set_options(SSL_CTX *ctx, long options);
+ long SSL_set_options(SSL *ssl, long options);
+
+ long SSL_CTX_clear_options(SSL_CTX *ctx, long options);
+ long SSL_clear_options(SSL *ssl, long options);
+
+ long SSL_CTX_get_options(SSL_CTX *ctx);
+ long SSL_get_options(SSL *ssl);
+
+ long SSL_get_secure_renegotiation_support(SSL *ssl);
+
+=head1 DESCRIPTION
+
+Note: all these functions are implemented using macros.
+
+SSL_CTX_set_options() adds the options set via bitmask in B<options> to B<ctx>.
+Options already set before are not cleared!
+
+SSL_set_options() adds the options set via bitmask in B<options> to B<ssl>.
+Options already set before are not cleared!
+
+SSL_CTX_clear_options() clears the options set via bitmask in B<options>
+to B<ctx>.
+
+SSL_clear_options() clears the options set via bitmask in B<options> to B<ssl>.
+
+SSL_CTX_get_options() returns the options set for B<ctx>.
+
+SSL_get_options() returns the options set for B<ssl>.
+
+SSL_get_secure_renegotiation_support() indicates whether the peer supports
+secure renegotiation.
+
+=head1 NOTES
+
+The behaviour of the SSL library can be changed by setting several options.
+The options are coded as bitmasks and can be combined by a logical B<or>
+operation (|).
+
+SSL_CTX_set_options() and SSL_set_options() affect the (external)
+protocol behaviour of the SSL library. The (internal) behaviour of
+the API can be changed by using the similar
+L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)> and SSL_set_mode() functions.
+
+During a handshake, the option settings of the SSL object are used. When
+a new SSL object is created from a context using SSL_new(), the current
+option setting is copied. Changes to B<ctx> do not affect already created
+SSL objects. SSL_clear() does not affect the settings.
+
+The following B<bug workaround> options are available:
+
+=over 4
+
+=item SSL_OP_MICROSOFT_SESS_ID_BUG
+
+www.microsoft.com - when talking SSLv2, if session-id reuse is
+performed, the session-id passed back in the server-finished message
+is different from the one decided upon.
+
+=item SSL_OP_NETSCAPE_CHALLENGE_BUG
+
+Netscape-Commerce/1.12, when talking SSLv2, accepts a 32 byte
+challenge but then appears to only use 16 bytes when generating the
+encryption keys.  Using 16 bytes is ok but it should be ok to use 32.
+According to the SSLv3 spec, one should use 32 bytes for the challenge
+when operating in SSLv2/v3 compatibility mode, but as mentioned above,
+this breaks this server so 16 bytes is the way to go.
+
+=item SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
+
+As of OpenSSL 0.9.8q and 1.0.0c, this option has no effect.
+
+=item SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
+
+...
+
+=item SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
+
+...
+
+=item SSL_OP_SAFARI_ECDHE_ECDSA_BUG
+
+Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.
+OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
+
+=item SSL_OP_SSLEAY_080_CLIENT_DH_BUG
+
+...
+
+=item SSL_OP_TLS_D5_BUG
+
+...
+
+=item SSL_OP_TLS_BLOCK_PADDING_BUG
+
+...
+
+=item SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+
+Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol
+vulnerability affecting CBC ciphers, which cannot be handled by some
+broken SSL implementations.  This option has no effect for connections
+using other ciphers.
+
+=item SSL_OP_TLSEXT_PADDING
+
+Adds a padding extension to ensure the ClientHello size is never between
+256 and 511 bytes in length. This is needed as a workaround for some
+implementations.
+
+=item SSL_OP_ALL
+
+All of the above bug workarounds.
+
+=back
+
+It is usually safe to use B<SSL_OP_ALL> to enable the bug workaround
+options if compatibility with somewhat broken implementations is
+desired.
+
+The following B<modifying> options are available:
+
+=over 4
+
+=item SSL_OP_TLS_ROLLBACK_BUG
+
+Disable version rollback attack detection.
+
+During the client key exchange, the client must send the same information
+about acceptable SSL/TLS protocol levels as during the first hello. Some
+clients violate this rule by adapting to the server's answer. (Example:
+the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server
+only understands up to SSLv3. In this case the client must still use the
+same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect
+to the server's answer and violate the version rollback protection.)
+
+=item SSL_OP_SINGLE_DH_USE
+
+Always create a new key when using temporary/ephemeral DH parameters
+(see L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>).
+This option must be used to prevent small subgroup attacks, when
+the DH parameters were not generated using "strong" primes
+(e.g. when using DSA-parameters, see L<dhparam(1)|dhparam(1)>).
+If "strong" primes were used, it is not strictly necessary to generate
+a new DH key during each handshake but it is also recommended.
+B<SSL_OP_SINGLE_DH_USE> should therefore be enabled whenever
+temporary/ephemeral DH parameters are used.
+
+=item SSL_OP_EPHEMERAL_RSA
+
+This option is no longer implemented and is treated as no op.
+
+=item SSL_OP_CIPHER_SERVER_PREFERENCE
+
+When choosing a cipher, use the server's preferences instead of the client
+preferences. When not set, the SSL server will always follow the clients
+preferences. When set, the SSLv3/TLSv1 server will choose following its
+own preferences. Because of the different protocol, for SSLv2 the server
+will send its list of preferences to the client and the client chooses.
+
+=item SSL_OP_PKCS1_CHECK_1
+
+...
+
+=item SSL_OP_PKCS1_CHECK_2
+
+...
+
+=item SSL_OP_NETSCAPE_CA_DN_BUG
+
+If we accept a netscape connection, demand a client cert, have a
+non-self-signed CA which does not have its CA in netscape, and the
+browser has a cert, it will crash/hang.  Works for 3.x and 4.xbeta 
+
+=item SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
+
+...
+
+=item SSL_OP_NO_SSLv2
+
+Do not use the SSLv2 protocol.
+As of OpenSSL 1.0.1s the B<SSL_OP_NO_SSLv2> option is set by default.
+
+=item SSL_OP_NO_SSLv3
+
+Do not use the SSLv3 protocol.
+It is recommended that applications should set this option.
+
+=item SSL_OP_NO_TLSv1
+
+Do not use the TLSv1 protocol.
+
+=item SSL_OP_NO_TLSv1_1
+
+Do not use the TLSv1.1 protocol.
+
+=item SSL_OP_NO_TLSv1_2
+
+Do not use the TLSv1.2 protocol.
+
+=item SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+
+When performing renegotiation as a server, always start a new session
+(i.e., session resumption requests are only accepted in the initial
+handshake). This option is not needed for clients.
+
+=item SSL_OP_NO_TICKET
+
+Normally clients and servers will, where possible, transparently make use
+of RFC4507bis tickets for stateless session resumption.
+
+If this option is set this functionality is disabled and tickets will
+not be used by clients or servers.
+
+=item SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
+
+Allow legacy insecure renegotiation between OpenSSL and unpatched clients or
+servers. See the B<SECURE RENEGOTIATION> section for more details.
+
+=item SSL_OP_LEGACY_SERVER_CONNECT
+
+Allow legacy insecure renegotiation between OpenSSL and unpatched servers
+B<only>: this option is currently set by default. See the
+B<SECURE RENEGOTIATION> section for more details.
+
+=back
+
+=head1 SECURE RENEGOTIATION
+
+OpenSSL 0.9.8m and later always attempts to use secure renegotiation as
+described in RFC5746. This counters the prefix attack described in
+CVE-2009-3555 and elsewhere.
+
+The deprecated and highly broken SSLv2 protocol does not support
+renegotiation at all: its use is B<strongly> discouraged.
+
+This attack has far reaching consequences which application writers should be
+aware of. In the description below an implementation supporting secure
+renegotiation is referred to as I<patched>. A server not supporting secure
+renegotiation is referred to as I<unpatched>.
+
+The following sections describe the operations permitted by OpenSSL's secure
+renegotiation implementation.
+
+=head2 Patched client and server
+
+Connections and renegotiation are always permitted by OpenSSL implementations.
+
+=head2 Unpatched client and patched OpenSSL server
+
+The initial connection succeeds but client renegotiation is denied by the
+server with a B<no_renegotiation> warning alert if TLS v1.0 is used or a fatal
+B<handshake_failure> alert in SSL v3.0.
+
+If the patched OpenSSL server attempts to renegotiate a fatal
+B<handshake_failure> alert is sent. This is because the server code may be
+unaware of the unpatched nature of the client.
+
+If the option B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> is set then
+renegotiation B<always> succeeds.
+
+B<NB:> a bug in OpenSSL clients earlier than 0.9.8m (all of which are
+unpatched) will result in the connection hanging if it receives a
+B<no_renegotiation> alert. OpenSSL versions 0.9.8m and later will regard
+a B<no_renegotiation> alert as fatal and respond with a fatal
+B<handshake_failure> alert. This is because the OpenSSL API currently has
+no provision to indicate to an application that a renegotiation attempt
+was refused.
+
+=head2 Patched OpenSSL client and unpatched server.
+
+If the option B<SSL_OP_LEGACY_SERVER_CONNECT> or
+B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> is set then initial connections
+and renegotiation between patched OpenSSL clients and unpatched servers
+succeeds. If neither option is set then initial connections to unpatched
+servers will fail.
+
+The option B<SSL_OP_LEGACY_SERVER_CONNECT> is currently set by default even
+though it has security implications: otherwise it would be impossible to
+connect to unpatched servers (i.e. all of them initially) and this is clearly
+not acceptable. Renegotiation is permitted because this does not add any
+additional security issues: during an attack clients do not see any
+renegotiations anyway.
+
+As more servers become patched the option B<SSL_OP_LEGACY_SERVER_CONNECT> will
+B<not> be set by default in a future version of OpenSSL.
+
+OpenSSL client applications wishing to ensure they can connect to unpatched
+servers should always B<set> B<SSL_OP_LEGACY_SERVER_CONNECT>
+
+OpenSSL client applications that want to ensure they can B<not> connect to
+unpatched servers (and thus avoid any security issues) should always B<clear>
+B<SSL_OP_LEGACY_SERVER_CONNECT> using SSL_CTX_clear_options() or
+SSL_clear_options().
+
+The difference between the B<SSL_OP_LEGACY_SERVER_CONNECT> and
+B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> options is that
+B<SSL_OP_LEGACY_SERVER_CONNECT> enables initial connections and secure
+renegotiation between OpenSSL clients and unpatched servers B<only>, while
+B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> allows initial connections
+and renegotiation between OpenSSL and unpatched clients or servers.
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_options() and SSL_set_options() return the new options bitmask
+after adding B<options>.
+
+SSL_CTX_clear_options() and SSL_clear_options() return the new options bitmask
+after clearing B<options>.
+
+SSL_CTX_get_options() and SSL_get_options() return the current bitmask.
+
+SSL_get_secure_renegotiation_support() returns 1 is the peer supports
+secure renegotiation and 0 if it does not.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>,
+L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
+L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>,
+L<dhparam(1)|dhparam(1)>
+
+=head1 HISTORY
+
+B<SSL_OP_CIPHER_SERVER_PREFERENCE> and
+B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> have been added in
+OpenSSL 0.9.7.
+
+B<SSL_OP_TLS_ROLLBACK_BUG> has been added in OpenSSL 0.9.6 and was automatically
+enabled with B<SSL_OP_ALL>. As of 0.9.7, it is no longer included in B<SSL_OP_ALL>
+and must be explicitly set.
+
+B<SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS> has been added in OpenSSL 0.9.6e.
+Versions up to OpenSSL 0.9.6c do not include the countermeasure that
+can be disabled with this option (in OpenSSL 0.9.6d, it was always
+enabled).
+
+SSL_CTX_clear_options() and SSL_clear_options() were first added in OpenSSL
+0.9.8m.
+
+B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>, B<SSL_OP_LEGACY_SERVER_CONNECT>
+and the function SSL_get_secure_renegotiation_support() were first added in
+OpenSSL 0.9.8m.
+
+=cut

Copied: vendor-crypto/openssl/1.0.1u/doc/ssl/SSL_CTX_set_tlsext_status_cb.pod (from rev 11605, vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_tlsext_status_cb.pod)
===================================================================
--- vendor-crypto/openssl/1.0.1u/doc/ssl/SSL_CTX_set_tlsext_status_cb.pod	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/doc/ssl/SSL_CTX_set_tlsext_status_cb.pod	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,73 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_tlsext_status_cb, SSL_CTX_set_tlsext_status_arg,
+SSL_set_tlsext_status_type, SSL_get_tlsext_status_ocsp_resp,
+SSL_set_tlsext_status_ocsp_resp - OCSP Certificate Status Request functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/tls1.h>
+
+ long SSL_CTX_set_tlsext_status_cb(SSL_CTX *ctx,
+                                   int (*callback)(SSL *, void *));
+ long SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg);
+
+ long SSL_set_tlsext_status_type(SSL *s, int type);
+
+ long SSL_get_tlsext_status_ocsp_resp(ssl, unsigned char **resp);
+ long SSL_set_tlsext_status_ocsp_resp(ssl, unsigned char *resp, int len);
+
+=head1 DESCRIPTION
+
+A client application may request that a server send back an OCSP status response
+(also known as OCSP stapling). To do so the client should call the
+SSL_set_tlsext_status_type() function prior to the start of the handshake.
+Currently the only supported type is B<TLSEXT_STATUSTYPE_ocsp>. This value
+should be passed in the B<type> argument. The client should additionally provide
+a callback function to decide what to do with the returned OCSP response by
+calling SSL_CTX_set_tlsext_status_cb(). The callback function should determine
+whether the returned OCSP response is acceptable or not. The callback will be
+passed as an argument the value previously set via a call to
+SSL_CTX_set_tlsext_status_arg(). Note that the callback will not be called in
+the event of a handshake where session resumption occurs (because there are no
+Certificates exchanged in such a handshake).
+
+The response returned by the server can be obtained via a call to
+SSL_get_tlsext_status_ocsp_resp(). The value B<*resp> will be updated to point
+to the OCSP response data and the return value will be the length of that data.
+Typically a callback would obtain an OCSP_RESPONSE object from this data via a
+call to the d2i_OCSP_RESPONSE() function. If the server has not provided any
+response data then B<*resp> will be NULL and the return value from
+SSL_get_tlsext_status_ocsp_resp() will be -1.
+
+A server application must also call the SSL_CTX_set_tlsext_status_cb() function
+if it wants to be able to provide clients with OCSP Certificate Status
+responses. Typically the server callback would obtain the server certificate
+that is being sent back to the client via a call to SSL_get_certificate();
+obtain the OCSP response to be sent back; and then set that response data by
+calling SSL_set_tlsext_status_ocsp_resp(). A pointer to the response data should
+be provided in the B<resp> argument, and the length of that data should be in
+the B<len> argument.
+
+=head1 RETURN VALUES
+
+The callback when used on the client side should return a negative value on
+error; 0 if the response is not acceptable (in which case the handshake will
+fail) or a positive value if it is acceptable.
+
+The callback when used on the server side should return with either
+SSL_TLSEXT_ERR_OK (meaning that the OCSP response that has been set should be
+returned), SSL_TLSEXT_ERR_NOACK (meaning that an OCSP response should not be
+returned) or SSL_TLSEXT_ERR_ALERT_FATAL (meaning that a fatal error has
+occurred).
+
+SSL_CTX_set_tlsext_status_cb(), SSL_CTX_set_tlsext_status_arg(),
+SSL_set_tlsext_status_type() and SSL_set_tlsext_status_ocsp_resp() return 0 on
+error or 1 on success.
+
+SSL_get_tlsext_status_ocsp_resp() returns the length of the OCSP response data
+or -1 if there is no OCSP response data.
+
+=cut

Deleted: vendor-crypto/openssl/1.0.1u/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
===================================================================
--- vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,149 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh - handle DH keys for ephemeral key exchange
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
-            DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
- long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh);
-
- void SSL_set_tmp_dh_callback(SSL *ctx,
-            DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
- long SSL_set_tmp_dh(SSL *ssl, DH *dh)
-
-=head1 DESCRIPTION
-
-SSL_CTX_set_tmp_dh_callback() sets the callback function for B<ctx> to be
-used when a DH parameters are required to B<tmp_dh_callback>.
-The callback is inherited by all B<ssl> objects created from B<ctx>.
-
-SSL_CTX_set_tmp_dh() sets DH parameters to be used to be B<dh>.
-The key is inherited by all B<ssl> objects created from B<ctx>.
-
-SSL_set_tmp_dh_callback() sets the callback only for B<ssl>.
-
-SSL_set_tmp_dh() sets the parameters only for B<ssl>.
-
-These functions apply to SSL/TLS servers only.
-
-=head1 NOTES
-
-When using a cipher with RSA authentication, an ephemeral DH key exchange
-can take place. Ciphers with DSA keys always use ephemeral DH keys as well.
-In these cases, the session data are negotiated using the
-ephemeral/temporary DH key and the key supplied and certified
-by the certificate chain is only used for signing.
-Anonymous ciphers (without a permanent server key) also use ephemeral DH keys.
-
-Using ephemeral DH key exchange yields forward secrecy, as the connection
-can only be decrypted, when the DH key is known. By generating a temporary
-DH key inside the server application that is lost when the application
-is left, it becomes impossible for an attacker to decrypt past sessions,
-even if he gets hold of the normal (certified) key, as this key was
-only used for signing.
-
-In order to perform a DH key exchange the server must use a DH group
-(DH parameters) and generate a DH key.
-The server will always generate a new DH key during the negotiation
-if either the DH parameters are supplied via callback or the
-SSL_OP_SINGLE_DH_USE option of SSL_CTX_set_options(3) is set (or both).
-It will  immediately create a DH key if DH parameters are supplied via
-SSL_CTX_set_tmp_dh() and SSL_OP_SINGLE_DH_USE is not set.
-In this case,
-it may happen that a key is generated on initialization without later
-being needed, while on the other hand the computer time during the
-negotiation is being saved.
-
-If "strong" primes were used to generate the DH parameters, it is not strictly
-necessary to generate a new key for each handshake but it does improve forward
-secrecy. If it is not assured that "strong" primes were used,
-SSL_OP_SINGLE_DH_USE must be used in order to prevent small subgroup
-attacks. Always using SSL_OP_SINGLE_DH_USE has an impact on the
-computer time needed during negotiation, but it is not very large, so
-application authors/users should consider always enabling this option.
-The option is required to implement perfect forward secrecy (PFS).
-
-As generating DH parameters is extremely time consuming, an application
-should not generate the parameters on the fly but supply the parameters.
-DH parameters can be reused, as the actual key is newly generated during
-the negotiation. The risk in reusing DH parameters is that an attacker
-may specialize on a very often used DH group. Applications should therefore
-generate their own DH parameters during the installation process using the
-openssl L<dhparam(1)|dhparam(1)> application. This application
-guarantees that "strong" primes are used.
-
-Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current
-version of the OpenSSL distribution contain the 'SKIP' DH parameters,
-which use safe primes and were generated verifiably pseudo-randomly.
-These files can be converted into C code using the B<-C> option of the
-L<dhparam(1)|dhparam(1)> application. Generation of custom DH
-parameters during installation should still be preferred to stop an
-attacker from specializing on a commonly used group. Files dh1024.pem
-and dh512.pem contain old parameters that must not be used by
-applications.
-
-An application may either directly specify the DH parameters or
-can supply the DH parameters via a callback function.
-
-Previous versions of the callback used B<is_export> and B<keylength>
-parameters to control parameter generation for export and non-export
-cipher suites. Modern servers that do not support export ciphersuites
-are advised to either use SSL_CTX_set_tmp_dh() in combination with
-SSL_OP_SINGLE_DH_USE, or alternatively, use the callback but ignore
-B<keylength> and B<is_export> and simply supply at least 2048-bit
-parameters in the callback.
-
-=head1 EXAMPLES
-
-Setup DH parameters with a key length of 2048 bits. (Error handling
-partly left out.)
-
- Command-line parameter generation:
- $ openssl dhparam -out dh_param_2048.pem 2048
-
- Code for setting up parameters during server initialization:
-
- ...
- SSL_CTX ctx = SSL_CTX_new();
- ...
-
- /* Set up ephemeral DH parameters. */
- DH *dh_2048 = NULL;
- FILE *paramfile;
- paramfile = fopen("dh_param_2048.pem", "r");
- if (paramfile) {
-   dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
-   fclose(paramfile);
- } else {
-   /* Error. */
- }
- if (dh_2048 == NULL) {
-  /* Error. */
- }
- if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) {
-   /* Error. */
- }
- SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
- ...
-
-=head1 RETURN VALUES
-
-SSL_CTX_set_tmp_dh_callback() and SSL_set_tmp_dh_callback() do not return
-diagnostic output.
-
-SSL_CTX_set_tmp_dh() and SSL_set_tmp_dh() do return 1 on success and 0
-on failure. Check the error queue to find out the reason of failure.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>,
-L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>,
-L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
-L<ciphers(1)|ciphers(1)>, L<dhparam(1)|dhparam(1)>
-
-=cut

Copied: vendor-crypto/openssl/1.0.1u/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod (from rev 11605, vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod)
===================================================================
--- vendor-crypto/openssl/1.0.1u/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,130 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh - handle DH keys for ephemeral key exchange
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
+            DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
+ long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh);
+
+ void SSL_set_tmp_dh_callback(SSL *ctx,
+            DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
+ long SSL_set_tmp_dh(SSL *ssl, DH *dh)
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_tmp_dh_callback() sets the callback function for B<ctx> to be
+used when a DH parameters are required to B<tmp_dh_callback>.
+The callback is inherited by all B<ssl> objects created from B<ctx>.
+
+SSL_CTX_set_tmp_dh() sets DH parameters to be used to be B<dh>.
+The key is inherited by all B<ssl> objects created from B<ctx>.
+
+SSL_set_tmp_dh_callback() sets the callback only for B<ssl>.
+
+SSL_set_tmp_dh() sets the parameters only for B<ssl>.
+
+These functions apply to SSL/TLS servers only.
+
+=head1 NOTES
+
+When using a cipher with RSA authentication, an ephemeral DH key exchange
+can take place. Ciphers with DSA keys always use ephemeral DH keys as well.
+In these cases, the session data are negotiated using the
+ephemeral/temporary DH key and the key supplied and certified
+by the certificate chain is only used for signing.
+Anonymous ciphers (without a permanent server key) also use ephemeral DH keys.
+
+Using ephemeral DH key exchange yields forward secrecy, as the connection
+can only be decrypted, when the DH key is known. By generating a temporary
+DH key inside the server application that is lost when the application
+is left, it becomes impossible for an attacker to decrypt past sessions,
+even if he gets hold of the normal (certified) key, as this key was
+only used for signing.
+
+In order to perform a DH key exchange the server must use a DH group
+(DH parameters) and generate a DH key. The server will always generate
+a new DH key during the negotiation.
+
+As generating DH parameters is extremely time consuming, an application
+should not generate the parameters on the fly but supply the parameters.
+DH parameters can be reused, as the actual key is newly generated during
+the negotiation. The risk in reusing DH parameters is that an attacker
+may specialize on a very often used DH group. Applications should therefore
+generate their own DH parameters during the installation process using the
+openssl L<dhparam(1)|dhparam(1)> application. This application
+guarantees that "strong" primes are used.
+
+Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current
+version of the OpenSSL distribution contain the 'SKIP' DH parameters,
+which use safe primes and were generated verifiably pseudo-randomly.
+These files can be converted into C code using the B<-C> option of the
+L<dhparam(1)|dhparam(1)> application. Generation of custom DH
+parameters during installation should still be preferred to stop an
+attacker from specializing on a commonly used group. Files dh1024.pem
+and dh512.pem contain old parameters that must not be used by
+applications.
+
+An application may either directly specify the DH parameters or
+can supply the DH parameters via a callback function.
+
+Previous versions of the callback used B<is_export> and B<keylength>
+parameters to control parameter generation for export and non-export
+cipher suites. Modern servers that do not support export ciphersuites
+are advised to either use SSL_CTX_set_tmp_dh() or alternatively, use
+the callback but ignore B<keylength> and B<is_export> and simply
+supply at least 2048-bit parameters in the callback.
+
+=head1 EXAMPLES
+
+Setup DH parameters with a key length of 2048 bits. (Error handling
+partly left out.)
+
+ Command-line parameter generation:
+ $ openssl dhparam -out dh_param_2048.pem 2048
+
+ Code for setting up parameters during server initialization:
+
+ ...
+ SSL_CTX ctx = SSL_CTX_new();
+ ...
+
+ /* Set up ephemeral DH parameters. */
+ DH *dh_2048 = NULL;
+ FILE *paramfile;
+ paramfile = fopen("dh_param_2048.pem", "r");
+ if (paramfile) {
+   dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
+   fclose(paramfile);
+ } else {
+   /* Error. */
+ }
+ if (dh_2048 == NULL) {
+  /* Error. */
+ }
+ if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) {
+   /* Error. */
+ }
+ ...
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_tmp_dh_callback() and SSL_set_tmp_dh_callback() do not return
+diagnostic output.
+
+SSL_CTX_set_tmp_dh() and SSL_set_tmp_dh() do return 1 on success and 0
+on failure. Check the error queue to find out the reason of failure.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>,
+L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>,
+L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
+L<ciphers(1)|ciphers(1)>, L<dhparam(1)|dhparam(1)>
+
+=cut

Deleted: vendor-crypto/openssl/1.0.1u/doc/ssl/ssl.pod
===================================================================
--- vendor-crypto/openssl/dist/doc/ssl/ssl.pod	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/doc/ssl/ssl.pod	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,765 +0,0 @@
-
-=pod
-
-=head1 NAME
-
-SSL - OpenSSL SSL/TLS library
-
-=head1 SYNOPSIS
-
-=head1 DESCRIPTION
-
-The OpenSSL B<ssl> library implements the Secure Sockets Layer (SSL v2/v3) and
-Transport Layer Security (TLS v1) protocols. It provides a rich API which is
-documented here.
-
-At first the library must be initialized; see
-L<SSL_library_init(3)|SSL_library_init(3)>.
-
-Then an B<SSL_CTX> object is created as a framework to establish
-TLS/SSL enabled connections (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>).
-Various options regarding certificates, algorithms etc. can be set
-in this object.
-
-When a network connection has been created, it can be assigned to an
-B<SSL> object. After the B<SSL> object has been created using
-L<SSL_new(3)|SSL_new(3)>, L<SSL_set_fd(3)|SSL_set_fd(3)> or
-L<SSL_set_bio(3)|SSL_set_bio(3)> can be used to associate the network
-connection with the object.
-
-Then the TLS/SSL handshake is performed using
-L<SSL_accept(3)|SSL_accept(3)> or L<SSL_connect(3)|SSL_connect(3)>
-respectively.
-L<SSL_read(3)|SSL_read(3)> and L<SSL_write(3)|SSL_write(3)> are used
-to read and write data on the TLS/SSL connection.
-L<SSL_shutdown(3)|SSL_shutdown(3)> can be used to shut down the
-TLS/SSL connection.
-
-=head1 DATA STRUCTURES
-
-Currently the OpenSSL B<ssl> library functions deals with the following data
-structures:
-
-=over 4
-
-=item B<SSL_METHOD> (SSL Method)
-
-That's a dispatch structure describing the internal B<ssl> library
-methods/functions which implement the various protocol versions (SSLv1, SSLv2
-and TLSv1). It's needed to create an B<SSL_CTX>.
-
-=item B<SSL_CIPHER> (SSL Cipher)
-
-This structure holds the algorithm information for a particular cipher which
-are a core part of the SSL/TLS protocol. The available ciphers are configured
-on a B<SSL_CTX> basis and the actually used ones are then part of the
-B<SSL_SESSION>.
-
-=item B<SSL_CTX> (SSL Context)
-
-That's the global context structure which is created by a server or client
-once per program life-time and which holds mainly default values for the
-B<SSL> structures which are later created for the connections.
-
-=item B<SSL_SESSION> (SSL Session)
-
-This is a structure containing the current TLS/SSL session details for a
-connection: B<SSL_CIPHER>s, client and server certificates, keys, etc.
-
-=item B<SSL> (SSL Connection)
-
-That's the main SSL/TLS structure which is created by a server or client per
-established connection. This actually is the core structure in the SSL API.
-Under run-time the application usually deals with this structure which has
-links to mostly all other structures.
-
-=back
-
-
-=head1 HEADER FILES
-
-Currently the OpenSSL B<ssl> library provides the following C header files
-containing the prototypes for the data structures and and functions:
-
-=over 4
-
-=item B<ssl.h>
-
-That's the common header file for the SSL/TLS API.  Include it into your
-program to make the API of the B<ssl> library available. It internally
-includes both more private SSL headers and headers from the B<crypto> library.
-Whenever you need hard-core details on the internals of the SSL API, look
-inside this header file.
-
-=item B<ssl2.h>
-
-That's the sub header file dealing with the SSLv2 protocol only.
-I<Usually you don't have to include it explicitly because
-it's already included by ssl.h>.
-
-=item B<ssl3.h>
-
-That's the sub header file dealing with the SSLv3 protocol only.
-I<Usually you don't have to include it explicitly because
-it's already included by ssl.h>.
-
-=item B<ssl23.h>
-
-That's the sub header file dealing with the combined use of the SSLv2 and
-SSLv3 protocols.
-I<Usually you don't have to include it explicitly because
-it's already included by ssl.h>.
-
-=item B<tls1.h>
-
-That's the sub header file dealing with the TLSv1 protocol only.
-I<Usually you don't have to include it explicitly because
-it's already included by ssl.h>.
-
-=back
-
-=head1 API FUNCTIONS
-
-Currently the OpenSSL B<ssl> library exports 214 API functions.
-They are documented in the following:
-
-=head2 DEALING WITH PROTOCOL METHODS
-
-Here we document the various API functions which deal with the SSL/TLS
-protocol methods defined in B<SSL_METHOD> structures.
-
-=over 4
-
-=item const SSL_METHOD *B<SSLv2_client_method>(void);
-
-Constructor for the SSLv2 SSL_METHOD structure for a dedicated client.
-
-=item const SSL_METHOD *B<SSLv2_server_method>(void);
-
-Constructor for the SSLv2 SSL_METHOD structure for a dedicated server.
-
-=item const SSL_METHOD *B<SSLv2_method>(void);
-
-Constructor for the SSLv2 SSL_METHOD structure for combined client and server.
-
-=item const SSL_METHOD *B<SSLv3_client_method>(void);
-
-Constructor for the SSLv3 SSL_METHOD structure for a dedicated client.
-
-=item const SSL_METHOD *B<SSLv3_server_method>(void);
-
-Constructor for the SSLv3 SSL_METHOD structure for a dedicated server.
-
-=item const SSL_METHOD *B<SSLv3_method>(void);
-
-Constructor for the SSLv3 SSL_METHOD structure for combined client and server.
-
-=item const SSL_METHOD *B<TLSv1_client_method>(void);
-
-Constructor for the TLSv1 SSL_METHOD structure for a dedicated client.
-
-=item const SSL_METHOD *B<TLSv1_server_method>(void);
-
-Constructor for the TLSv1 SSL_METHOD structure for a dedicated server.
-
-=item const SSL_METHOD *B<TLSv1_method>(void);
-
-Constructor for the TLSv1 SSL_METHOD structure for combined client and server.
-
-=back
-
-=head2 DEALING WITH CIPHERS
-
-Here we document the various API functions which deal with the SSL/TLS
-ciphers defined in B<SSL_CIPHER> structures.
-
-=over 4
-
-=item char *B<SSL_CIPHER_description>(SSL_CIPHER *cipher, char *buf, int len);
-
-Write a string to I<buf> (with a maximum size of I<len>) containing a human
-readable description of I<cipher>. Returns I<buf>.
-
-=item int B<SSL_CIPHER_get_bits>(SSL_CIPHER *cipher, int *alg_bits);
-
-Determine the number of bits in I<cipher>. Because of export crippled ciphers
-there are two bits: The bits the algorithm supports in general (stored to
-I<alg_bits>) and the bits which are actually used (the return value).
-
-=item const char *B<SSL_CIPHER_get_name>(SSL_CIPHER *cipher);
-
-Return the internal name of I<cipher> as a string. These are the various
-strings defined by the I<SSL2_TXT_xxx>, I<SSL3_TXT_xxx> and I<TLS1_TXT_xxx>
-definitions in the header files.
-
-=item char *B<SSL_CIPHER_get_version>(SSL_CIPHER *cipher);
-
-Returns a string like "C<TLSv1/SSLv3>" or "C<SSLv2>" which indicates the
-SSL/TLS protocol version to which I<cipher> belongs (i.e. where it was defined
-in the specification the first time).
-
-=back
-
-=head2 DEALING WITH PROTOCOL CONTEXTS
-
-Here we document the various API functions which deal with the SSL/TLS
-protocol context defined in the B<SSL_CTX> structure.
-
-=over 4
-
-=item int B<SSL_CTX_add_client_CA>(SSL_CTX *ctx, X509 *x);
-
-=item long B<SSL_CTX_add_extra_chain_cert>(SSL_CTX *ctx, X509 *x509);
-
-=item int B<SSL_CTX_add_session>(SSL_CTX *ctx, SSL_SESSION *c);
-
-=item int B<SSL_CTX_check_private_key>(const SSL_CTX *ctx);
-
-=item long B<SSL_CTX_ctrl>(SSL_CTX *ctx, int cmd, long larg, char *parg);
-
-=item void B<SSL_CTX_flush_sessions>(SSL_CTX *s, long t);
-
-=item void B<SSL_CTX_free>(SSL_CTX *a);
-
-=item char *B<SSL_CTX_get_app_data>(SSL_CTX *ctx);
-
-=item X509_STORE *B<SSL_CTX_get_cert_store>(SSL_CTX *ctx);
-
-=item STACK *B<SSL_CTX_get_client_CA_list>(const SSL_CTX *ctx);
-
-=item int (*B<SSL_CTX_get_client_cert_cb>(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
-
-=item void B<SSL_CTX_get_default_read_ahead>(SSL_CTX *ctx);
-
-=item char *B<SSL_CTX_get_ex_data>(const SSL_CTX *s, int idx);
-
-=item int B<SSL_CTX_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
-
-=item void (*B<SSL_CTX_get_info_callback>(SSL_CTX *ctx))(SSL *ssl, int cb, int ret);
-
-=item int B<SSL_CTX_get_quiet_shutdown>(const SSL_CTX *ctx);
-
-=item void B<SSL_CTX_get_read_ahead>(SSL_CTX *ctx);
-
-=item int B<SSL_CTX_get_session_cache_mode>(SSL_CTX *ctx);
-
-=item long B<SSL_CTX_get_timeout>(const SSL_CTX *ctx);
-
-=item int (*B<SSL_CTX_get_verify_callback>(const SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx);
-
-=item int B<SSL_CTX_get_verify_mode>(SSL_CTX *ctx);
-
-=item int B<SSL_CTX_load_verify_locations>(SSL_CTX *ctx, char *CAfile, char *CApath);
-
-=item long B<SSL_CTX_need_tmp_RSA>(SSL_CTX *ctx);
-
-=item SSL_CTX *B<SSL_CTX_new>(const SSL_METHOD *meth);
-
-=item int B<SSL_CTX_remove_session>(SSL_CTX *ctx, SSL_SESSION *c);
-
-=item int B<SSL_CTX_sess_accept>(SSL_CTX *ctx);
-
-=item int B<SSL_CTX_sess_accept_good>(SSL_CTX *ctx);
-
-=item int B<SSL_CTX_sess_accept_renegotiate>(SSL_CTX *ctx);
-
-=item int B<SSL_CTX_sess_cache_full>(SSL_CTX *ctx);
-
-=item int B<SSL_CTX_sess_cb_hits>(SSL_CTX *ctx);
-
-=item int B<SSL_CTX_sess_connect>(SSL_CTX *ctx);
-
-=item int B<SSL_CTX_sess_connect_good>(SSL_CTX *ctx);
-
-=item int B<SSL_CTX_sess_connect_renegotiate>(SSL_CTX *ctx);
-
-=item int B<SSL_CTX_sess_get_cache_size>(SSL_CTX *ctx);
-
-=item SSL_SESSION *(*B<SSL_CTX_sess_get_get_cb>(SSL_CTX *ctx))(SSL *ssl, unsigned char *data, int len, int *copy);
-
-=item int (*B<SSL_CTX_sess_get_new_cb>(SSL_CTX *ctx)(SSL *ssl, SSL_SESSION *sess);
-
-=item void (*B<SSL_CTX_sess_get_remove_cb>(SSL_CTX *ctx)(SSL_CTX *ctx, SSL_SESSION *sess);
-
-=item int B<SSL_CTX_sess_hits>(SSL_CTX *ctx);
-
-=item int B<SSL_CTX_sess_misses>(SSL_CTX *ctx);
-
-=item int B<SSL_CTX_sess_number>(SSL_CTX *ctx);
-
-=item void B<SSL_CTX_sess_set_cache_size>(SSL_CTX *ctx,t);
-
-=item void B<SSL_CTX_sess_set_get_cb>(SSL_CTX *ctx, SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy));
-
-=item void B<SSL_CTX_sess_set_new_cb>(SSL_CTX *ctx, int (*cb)(SSL *ssl, SSL_SESSION *sess));
-
-=item void B<SSL_CTX_sess_set_remove_cb>(SSL_CTX *ctx, void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess));
-
-=item int B<SSL_CTX_sess_timeouts>(SSL_CTX *ctx);
-
-=item LHASH *B<SSL_CTX_sessions>(SSL_CTX *ctx);
-
-=item void B<SSL_CTX_set_app_data>(SSL_CTX *ctx, void *arg);
-
-=item void B<SSL_CTX_set_cert_store>(SSL_CTX *ctx, X509_STORE *cs);
-
-=item void B<SSL_CTX_set_cert_verify_cb>(SSL_CTX *ctx, int (*cb)(), char *arg)
-
-=item int B<SSL_CTX_set_cipher_list>(SSL_CTX *ctx, char *str);
-
-=item void B<SSL_CTX_set_client_CA_list>(SSL_CTX *ctx, STACK *list);
-
-=item void B<SSL_CTX_set_client_cert_cb>(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
-
-=item void B<SSL_CTX_set_default_passwd_cb>(SSL_CTX *ctx, int (*cb);(void))
-
-=item void B<SSL_CTX_set_default_read_ahead>(SSL_CTX *ctx, int m);
-
-=item int B<SSL_CTX_set_default_verify_paths>(SSL_CTX *ctx);
-
-=item int B<SSL_CTX_set_ex_data>(SSL_CTX *s, int idx, char *arg);
-
-=item void B<SSL_CTX_set_info_callback>(SSL_CTX *ctx, void (*cb)(SSL *ssl, int cb, int ret));
-
-=item void B<SSL_CTX_set_msg_callback>(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
-
-=item void B<SSL_CTX_set_msg_callback_arg>(SSL_CTX *ctx, void *arg);
-
-=item void B<SSL_CTX_set_options>(SSL_CTX *ctx, unsigned long op);
-
-=item void B<SSL_CTX_set_quiet_shutdown>(SSL_CTX *ctx, int mode);
-
-=item void B<SSL_CTX_set_read_ahead>(SSL_CTX *ctx, int m);
-
-=item void B<SSL_CTX_set_session_cache_mode>(SSL_CTX *ctx, int mode);
-
-=item int B<SSL_CTX_set_ssl_version>(SSL_CTX *ctx, const SSL_METHOD *meth);
-
-=item void B<SSL_CTX_set_timeout>(SSL_CTX *ctx, long t);
-
-=item long B<SSL_CTX_set_tmp_dh>(SSL_CTX* ctx, DH *dh);
-
-=item long B<SSL_CTX_set_tmp_dh_callback>(SSL_CTX *ctx, DH *(*cb)(void));
-
-=item long B<SSL_CTX_set_tmp_rsa>(SSL_CTX *ctx, RSA *rsa);
-
-=item SSL_CTX_set_tmp_rsa_callback
-
-C<long B<SSL_CTX_set_tmp_rsa_callback>(SSL_CTX *B<ctx>, RSA *(*B<cb>)(SSL *B<ssl>, int B<export>, int B<keylength>));>
-
-Sets the callback which will be called when a temporary private key is
-required. The B<C<export>> flag will be set if the reason for needing
-a temp key is that an export ciphersuite is in use, in which case,
-B<C<keylength>> will contain the required keylength in bits. Generate a key of
-appropriate size (using ???) and return it.
-
-=item SSL_set_tmp_rsa_callback
-
-long B<SSL_set_tmp_rsa_callback>(SSL *ssl, RSA *(*cb)(SSL *ssl, int export, int keylength));
-
-The same as B<SSL_CTX_set_tmp_rsa_callback>, except it operates on an SSL
-session instead of a context.
-
-=item void B<SSL_CTX_set_verify>(SSL_CTX *ctx, int mode, int (*cb);(void))
-
-=item int B<SSL_CTX_use_PrivateKey>(SSL_CTX *ctx, EVP_PKEY *pkey);
-
-=item int B<SSL_CTX_use_PrivateKey_ASN1>(int type, SSL_CTX *ctx, unsigned char *d, long len);
-
-=item int B<SSL_CTX_use_PrivateKey_file>(SSL_CTX *ctx, char *file, int type);
-
-=item int B<SSL_CTX_use_RSAPrivateKey>(SSL_CTX *ctx, RSA *rsa);
-
-=item int B<SSL_CTX_use_RSAPrivateKey_ASN1>(SSL_CTX *ctx, unsigned char *d, long len);
-
-=item int B<SSL_CTX_use_RSAPrivateKey_file>(SSL_CTX *ctx, char *file, int type);
-
-=item int B<SSL_CTX_use_certificate>(SSL_CTX *ctx, X509 *x);
-
-=item int B<SSL_CTX_use_certificate_ASN1>(SSL_CTX *ctx, int len, unsigned char *d);
-
-=item int B<SSL_CTX_use_certificate_file>(SSL_CTX *ctx, char *file, int type);
-
-=item void B<SSL_CTX_set_psk_client_callback>(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));
-
-=item int B<SSL_CTX_use_psk_identity_hint>(SSL_CTX *ctx, const char *hint);
-
-=item void B<SSL_CTX_set_psk_server_callback>(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len));
-
-
-
-
-=back
-
-=head2 DEALING WITH SESSIONS
-
-Here we document the various API functions which deal with the SSL/TLS
-sessions defined in the B<SSL_SESSION> structures.
-
-=over 4
-
-=item int B<SSL_SESSION_cmp>(const SSL_SESSION *a, const SSL_SESSION *b);
-
-=item void B<SSL_SESSION_free>(SSL_SESSION *ss);
-
-=item char *B<SSL_SESSION_get_app_data>(SSL_SESSION *s);
-
-=item char *B<SSL_SESSION_get_ex_data>(const SSL_SESSION *s, int idx);
-
-=item int B<SSL_SESSION_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
-
-=item long B<SSL_SESSION_get_time>(const SSL_SESSION *s);
-
-=item long B<SSL_SESSION_get_timeout>(const SSL_SESSION *s);
-
-=item unsigned long B<SSL_SESSION_hash>(const SSL_SESSION *a);
-
-=item SSL_SESSION *B<SSL_SESSION_new>(void);
-
-=item int B<SSL_SESSION_print>(BIO *bp, const SSL_SESSION *x);
-
-=item int B<SSL_SESSION_print_fp>(FILE *fp, const SSL_SESSION *x);
-
-=item void B<SSL_SESSION_set_app_data>(SSL_SESSION *s, char *a);
-
-=item int B<SSL_SESSION_set_ex_data>(SSL_SESSION *s, int idx, char *arg);
-
-=item long B<SSL_SESSION_set_time>(SSL_SESSION *s, long t);
-
-=item long B<SSL_SESSION_set_timeout>(SSL_SESSION *s, long t);
-
-=back
-
-=head2 DEALING WITH CONNECTIONS
-
-Here we document the various API functions which deal with the SSL/TLS
-connection defined in the B<SSL> structure.
-
-=over 4
-
-=item int B<SSL_accept>(SSL *ssl);
-
-=item int B<SSL_add_dir_cert_subjects_to_stack>(STACK *stack, const char *dir);
-
-=item int B<SSL_add_file_cert_subjects_to_stack>(STACK *stack, const char *file);
-
-=item int B<SSL_add_client_CA>(SSL *ssl, X509 *x);
-
-=item char *B<SSL_alert_desc_string>(int value);
-
-=item char *B<SSL_alert_desc_string_long>(int value);
-
-=item char *B<SSL_alert_type_string>(int value);
-
-=item char *B<SSL_alert_type_string_long>(int value);
-
-=item int B<SSL_check_private_key>(const SSL *ssl);
-
-=item void B<SSL_clear>(SSL *ssl);
-
-=item long B<SSL_clear_num_renegotiations>(SSL *ssl);
-
-=item int B<SSL_connect>(SSL *ssl);
-
-=item void B<SSL_copy_session_id>(SSL *t, const SSL *f);
-
-=item long B<SSL_ctrl>(SSL *ssl, int cmd, long larg, char *parg);
-
-=item int B<SSL_do_handshake>(SSL *ssl);
-
-=item SSL *B<SSL_dup>(SSL *ssl);
-
-=item STACK *B<SSL_dup_CA_list>(STACK *sk);
-
-=item void B<SSL_free>(SSL *ssl);
-
-=item SSL_CTX *B<SSL_get_SSL_CTX>(const SSL *ssl);
-
-=item char *B<SSL_get_app_data>(SSL *ssl);
-
-=item X509 *B<SSL_get_certificate>(const SSL *ssl);
-
-=item const char *B<SSL_get_cipher>(const SSL *ssl);
-
-=item int B<SSL_get_cipher_bits>(const SSL *ssl, int *alg_bits);
-
-=item char *B<SSL_get_cipher_list>(const SSL *ssl, int n);
-
-=item char *B<SSL_get_cipher_name>(const SSL *ssl);
-
-=item char *B<SSL_get_cipher_version>(const SSL *ssl);
-
-=item STACK *B<SSL_get_ciphers>(const SSL *ssl);
-
-=item STACK *B<SSL_get_client_CA_list>(const SSL *ssl);
-
-=item SSL_CIPHER *B<SSL_get_current_cipher>(SSL *ssl);
-
-=item long B<SSL_get_default_timeout>(const SSL *ssl);
-
-=item int B<SSL_get_error>(const SSL *ssl, int i);
-
-=item char *B<SSL_get_ex_data>(const SSL *ssl, int idx);
-
-=item int B<SSL_get_ex_data_X509_STORE_CTX_idx>(void);
-
-=item int B<SSL_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
-
-=item int B<SSL_get_fd>(const SSL *ssl);
-
-=item void (*B<SSL_get_info_callback>(const SSL *ssl);)()
-
-=item STACK *B<SSL_get_peer_cert_chain>(const SSL *ssl);
-
-=item X509 *B<SSL_get_peer_certificate>(const SSL *ssl);
-
-=item EVP_PKEY *B<SSL_get_privatekey>(SSL *ssl);
-
-=item int B<SSL_get_quiet_shutdown>(const SSL *ssl);
-
-=item BIO *B<SSL_get_rbio>(const SSL *ssl);
-
-=item int B<SSL_get_read_ahead>(const SSL *ssl);
-
-=item SSL_SESSION *B<SSL_get_session>(const SSL *ssl);
-
-=item char *B<SSL_get_shared_ciphers>(const SSL *ssl, char *buf, int len);
-
-=item int B<SSL_get_shutdown>(const SSL *ssl);
-
-=item const SSL_METHOD *B<SSL_get_ssl_method>(SSL *ssl);
-
-=item int B<SSL_get_state>(const SSL *ssl);
-
-=item long B<SSL_get_time>(const SSL *ssl);
-
-=item long B<SSL_get_timeout>(const SSL *ssl);
-
-=item int (*B<SSL_get_verify_callback>(const SSL *ssl))(int,X509_STORE_CTX *)
-
-=item int B<SSL_get_verify_mode>(const SSL *ssl);
-
-=item long B<SSL_get_verify_result>(const SSL *ssl);
-
-=item char *B<SSL_get_version>(const SSL *ssl);
-
-=item BIO *B<SSL_get_wbio>(const SSL *ssl);
-
-=item int B<SSL_in_accept_init>(SSL *ssl);
-
-=item int B<SSL_in_before>(SSL *ssl);
-
-=item int B<SSL_in_connect_init>(SSL *ssl);
-
-=item int B<SSL_in_init>(SSL *ssl);
-
-=item int B<SSL_is_init_finished>(SSL *ssl);
-
-=item STACK *B<SSL_load_client_CA_file>(char *file);
-
-=item void B<SSL_load_error_strings>(void);
-
-=item SSL *B<SSL_new>(SSL_CTX *ctx);
-
-=item long B<SSL_num_renegotiations>(SSL *ssl);
-
-=item int B<SSL_peek>(SSL *ssl, void *buf, int num);
-
-=item int B<SSL_pending>(const SSL *ssl);
-
-=item int B<SSL_read>(SSL *ssl, void *buf, int num);
-
-=item int B<SSL_renegotiate>(SSL *ssl);
-
-=item char *B<SSL_rstate_string>(SSL *ssl);
-
-=item char *B<SSL_rstate_string_long>(SSL *ssl);
-
-=item long B<SSL_session_reused>(SSL *ssl);
-
-=item void B<SSL_set_accept_state>(SSL *ssl);
-
-=item void B<SSL_set_app_data>(SSL *ssl, char *arg);
-
-=item void B<SSL_set_bio>(SSL *ssl, BIO *rbio, BIO *wbio);
-
-=item int B<SSL_set_cipher_list>(SSL *ssl, char *str);
-
-=item void B<SSL_set_client_CA_list>(SSL *ssl, STACK *list);
-
-=item void B<SSL_set_connect_state>(SSL *ssl);
-
-=item int B<SSL_set_ex_data>(SSL *ssl, int idx, char *arg);
-
-=item int B<SSL_set_fd>(SSL *ssl, int fd);
-
-=item void B<SSL_set_info_callback>(SSL *ssl, void (*cb);(void))
-
-=item void B<SSL_set_msg_callback>(SSL *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
-
-=item void B<SSL_set_msg_callback_arg>(SSL *ctx, void *arg);
-
-=item void B<SSL_set_options>(SSL *ssl, unsigned long op);
-
-=item void B<SSL_set_quiet_shutdown>(SSL *ssl, int mode);
-
-=item void B<SSL_set_read_ahead>(SSL *ssl, int yes);
-
-=item int B<SSL_set_rfd>(SSL *ssl, int fd);
-
-=item int B<SSL_set_session>(SSL *ssl, SSL_SESSION *session);
-
-=item void B<SSL_set_shutdown>(SSL *ssl, int mode);
-
-=item int B<SSL_set_ssl_method>(SSL *ssl, const SSL_METHOD *meth);
-
-=item void B<SSL_set_time>(SSL *ssl, long t);
-
-=item void B<SSL_set_timeout>(SSL *ssl, long t);
-
-=item void B<SSL_set_verify>(SSL *ssl, int mode, int (*callback);(void))
-
-=item void B<SSL_set_verify_result>(SSL *ssl, long arg);
-
-=item int B<SSL_set_wfd>(SSL *ssl, int fd);
-
-=item int B<SSL_shutdown>(SSL *ssl);
-
-=item int B<SSL_state>(const SSL *ssl);
-
-=item char *B<SSL_state_string>(const SSL *ssl);
-
-=item char *B<SSL_state_string_long>(const SSL *ssl);
-
-=item long B<SSL_total_renegotiations>(SSL *ssl);
-
-=item int B<SSL_use_PrivateKey>(SSL *ssl, EVP_PKEY *pkey);
-
-=item int B<SSL_use_PrivateKey_ASN1>(int type, SSL *ssl, unsigned char *d, long len);
-
-=item int B<SSL_use_PrivateKey_file>(SSL *ssl, char *file, int type);
-
-=item int B<SSL_use_RSAPrivateKey>(SSL *ssl, RSA *rsa);
-
-=item int B<SSL_use_RSAPrivateKey_ASN1>(SSL *ssl, unsigned char *d, long len);
-
-=item int B<SSL_use_RSAPrivateKey_file>(SSL *ssl, char *file, int type);
-
-=item int B<SSL_use_certificate>(SSL *ssl, X509 *x);
-
-=item int B<SSL_use_certificate_ASN1>(SSL *ssl, int len, unsigned char *d);
-
-=item int B<SSL_use_certificate_file>(SSL *ssl, char *file, int type);
-
-=item int B<SSL_version>(const SSL *ssl);
-
-=item int B<SSL_want>(const SSL *ssl);
-
-=item int B<SSL_want_nothing>(const SSL *ssl);
-
-=item int B<SSL_want_read>(const SSL *ssl);
-
-=item int B<SSL_want_write>(const SSL *ssl);
-
-=item int B<SSL_want_x509_lookup>(const SSL *ssl);
-
-=item int B<SSL_write>(SSL *ssl, const void *buf, int num);
-
-=item void B<SSL_set_psk_client_callback>(SSL *ssl, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));
-
-=item int B<SSL_use_psk_identity_hint>(SSL *ssl, const char *hint);
-
-=item void B<SSL_set_psk_server_callback>(SSL *ssl, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len));
-
-=item const char *B<SSL_get_psk_identity_hint>(SSL *ssl);
-
-=item const char *B<SSL_get_psk_identity>(SSL *ssl);
-
-=back
-
-=head1 SEE ALSO
-
-L<openssl(1)|openssl(1)>, L<crypto(3)|crypto(3)>,
-L<SSL_accept(3)|SSL_accept(3)>, L<SSL_clear(3)|SSL_clear(3)>,
-L<SSL_connect(3)|SSL_connect(3)>,
-L<SSL_CIPHER_get_name(3)|SSL_CIPHER_get_name(3)>,
-L<SSL_COMP_add_compression_method(3)|SSL_COMP_add_compression_method(3)>,
-L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>,
-L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>,
-L<SSL_CTX_ctrl(3)|SSL_CTX_ctrl(3)>,
-L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
-L<SSL_CTX_get_ex_new_index(3)|SSL_CTX_get_ex_new_index(3)>,
-L<SSL_CTX_get_verify_mode(3)|SSL_CTX_get_verify_mode(3)>,
-L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
-L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
-L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>,
-L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)>,
-L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>,
-L<SSL_CTX_sessions(3)|SSL_CTX_sessions(3)>,
-L<SSL_CTX_set_cert_store(3)|SSL_CTX_set_cert_store(3)>,
-L<SSL_CTX_set_cert_verify_callback(3)|SSL_CTX_set_cert_verify_callback(3)>,
-L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>,
-L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>,
-L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>,
-L<SSL_CTX_set_default_passwd_cb(3)|SSL_CTX_set_default_passwd_cb(3)>,
-L<SSL_CTX_set_generate_session_id(3)|SSL_CTX_set_generate_session_id(3)>,
-L<SSL_CTX_set_info_callback(3)|SSL_CTX_set_info_callback(3)>,
-L<SSL_CTX_set_max_cert_list(3)|SSL_CTX_set_max_cert_list(3)>,
-L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>,
-L<SSL_CTX_set_msg_callback(3)|SSL_CTX_set_msg_callback(3)>,
-L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
-L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>,
-L<SSL_CTX_set_read_ahead(3)|SSL_CTX_set_read_ahead(3)>,
-L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
-L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>,
-L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>,
-L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>,
-L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>,
-L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
-L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>,
-L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
-L<SSL_alert_type_string(3)|SSL_alert_type_string(3)>,
-L<SSL_do_handshake(3)|SSL_do_handshake(3)>,
-L<SSL_get_SSL_CTX(3)|SSL_get_SSL_CTX(3)>,
-L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>,
-L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,
-L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>,
-L<SSL_get_error(3)|SSL_get_error(3)>,
-L<SSL_get_ex_data_X509_STORE_CTX_idx(3)|SSL_get_ex_data_X509_STORE_CTX_idx(3)>,
-L<SSL_get_ex_new_index(3)|SSL_get_ex_new_index(3)>,
-L<SSL_get_fd(3)|SSL_get_fd(3)>,
-L<SSL_get_peer_cert_chain(3)|SSL_get_peer_cert_chain(3)>,
-L<SSL_get_rbio(3)|SSL_get_rbio(3)>,
-L<SSL_get_session(3)|SSL_get_session(3)>,
-L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
-L<SSL_get_version(3)|SSL_get_version(3)>,
-L<SSL_library_init(3)|SSL_library_init(3)>,
-L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)>,
-L<SSL_new(3)|SSL_new(3)>,
-L<SSL_pending(3)|SSL_pending(3)>,
-L<SSL_read(3)|SSL_read(3)>,
-L<SSL_rstate_string(3)|SSL_rstate_string(3)>,
-L<SSL_session_reused(3)|SSL_session_reused(3)>,
-L<SSL_set_bio(3)|SSL_set_bio(3)>,
-L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
-L<SSL_set_fd(3)|SSL_set_fd(3)>,
-L<SSL_set_session(3)|SSL_set_session(3)>,
-L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
-L<SSL_shutdown(3)|SSL_shutdown(3)>,
-L<SSL_state_string(3)|SSL_state_string(3)>,
-L<SSL_want(3)|SSL_want(3)>,
-L<SSL_write(3)|SSL_write(3)>,
-L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
-L<SSL_SESSION_get_ex_new_index(3)|SSL_SESSION_get_ex_new_index(3)>,
-L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)>,
-L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>,
-L<SSL_CTX_set_psk_client_callback(3)|SSL_CTX_set_psk_client_callback(3)>,
-L<SSL_CTX_use_psk_identity_hint(3)|SSL_CTX_use_psk_identity_hint(3)>,
-L<SSL_get_psk_identity(3)|SSL_get_psk_identity(3)>
-
-=head1 HISTORY
-
-The L<ssl(3)|ssl(3)> document appeared in OpenSSL 0.9.2
-
-=cut
-

Copied: vendor-crypto/openssl/1.0.1u/doc/ssl/ssl.pod (from rev 11605, vendor-crypto/openssl/dist/doc/ssl/ssl.pod)
===================================================================
--- vendor-crypto/openssl/1.0.1u/doc/ssl/ssl.pod	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/doc/ssl/ssl.pod	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,810 @@
+
+=pod
+
+=head1 NAME
+
+SSL - OpenSSL SSL/TLS library
+
+=head1 SYNOPSIS
+
+=head1 DESCRIPTION
+
+The OpenSSL B<ssl> library implements the Secure Sockets Layer (SSL v2/v3) and
+Transport Layer Security (TLS v1) protocols. It provides a rich API which is
+documented here.
+
+At first the library must be initialized; see
+L<SSL_library_init(3)|SSL_library_init(3)>.
+
+Then an B<SSL_CTX> object is created as a framework to establish
+TLS/SSL enabled connections (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>).
+Various options regarding certificates, algorithms etc. can be set
+in this object.
+
+When a network connection has been created, it can be assigned to an
+B<SSL> object. After the B<SSL> object has been created using
+L<SSL_new(3)|SSL_new(3)>, L<SSL_set_fd(3)|SSL_set_fd(3)> or
+L<SSL_set_bio(3)|SSL_set_bio(3)> can be used to associate the network
+connection with the object.
+
+Then the TLS/SSL handshake is performed using
+L<SSL_accept(3)|SSL_accept(3)> or L<SSL_connect(3)|SSL_connect(3)>
+respectively.
+L<SSL_read(3)|SSL_read(3)> and L<SSL_write(3)|SSL_write(3)> are used
+to read and write data on the TLS/SSL connection.
+L<SSL_shutdown(3)|SSL_shutdown(3)> can be used to shut down the
+TLS/SSL connection.
+
+=head1 DATA STRUCTURES
+
+Currently the OpenSSL B<ssl> library functions deals with the following data
+structures:
+
+=over 4
+
+=item B<SSL_METHOD> (SSL Method)
+
+That's a dispatch structure describing the internal B<ssl> library
+methods/functions which implement the various protocol versions (SSLv1, SSLv2
+and TLSv1). It's needed to create an B<SSL_CTX>.
+
+=item B<SSL_CIPHER> (SSL Cipher)
+
+This structure holds the algorithm information for a particular cipher which
+are a core part of the SSL/TLS protocol. The available ciphers are configured
+on a B<SSL_CTX> basis and the actually used ones are then part of the
+B<SSL_SESSION>.
+
+=item B<SSL_CTX> (SSL Context)
+
+That's the global context structure which is created by a server or client
+once per program life-time and which holds mainly default values for the
+B<SSL> structures which are later created for the connections.
+
+=item B<SSL_SESSION> (SSL Session)
+
+This is a structure containing the current TLS/SSL session details for a
+connection: B<SSL_CIPHER>s, client and server certificates, keys, etc.
+
+=item B<SSL> (SSL Connection)
+
+That's the main SSL/TLS structure which is created by a server or client per
+established connection. This actually is the core structure in the SSL API.
+Under run-time the application usually deals with this structure which has
+links to mostly all other structures.
+
+=back
+
+
+=head1 HEADER FILES
+
+Currently the OpenSSL B<ssl> library provides the following C header files
+containing the prototypes for the data structures and and functions:
+
+=over 4
+
+=item B<ssl.h>
+
+That's the common header file for the SSL/TLS API.  Include it into your
+program to make the API of the B<ssl> library available. It internally
+includes both more private SSL headers and headers from the B<crypto> library.
+Whenever you need hard-core details on the internals of the SSL API, look
+inside this header file.
+
+=item B<ssl2.h>
+
+That's the sub header file dealing with the SSLv2 protocol only.
+I<Usually you don't have to include it explicitly because
+it's already included by ssl.h>.
+
+=item B<ssl3.h>
+
+That's the sub header file dealing with the SSLv3 protocol only.
+I<Usually you don't have to include it explicitly because
+it's already included by ssl.h>.
+
+=item B<ssl23.h>
+
+That's the sub header file dealing with the combined use of the SSLv2 and
+SSLv3 protocols.
+I<Usually you don't have to include it explicitly because
+it's already included by ssl.h>.
+
+=item B<tls1.h>
+
+That's the sub header file dealing with the TLSv1 protocol only.
+I<Usually you don't have to include it explicitly because
+it's already included by ssl.h>.
+
+=back
+
+=head1 API FUNCTIONS
+
+Currently the OpenSSL B<ssl> library exports 214 API functions.
+They are documented in the following:
+
+=head2 DEALING WITH PROTOCOL METHODS
+
+Here we document the various API functions which deal with the SSL/TLS
+protocol methods defined in B<SSL_METHOD> structures.
+
+=over 4
+
+=item const SSL_METHOD *B<SSLv23_method>(void);
+
+Constructor for the I<version-flexible> SSL_METHOD structure for
+clients, servers or both.
+See L<SSL_CTX_new(3)> for details.
+
+=item const SSL_METHOD *B<SSLv23_client_method>(void);
+
+Constructor for the I<version-flexible> SSL_METHOD structure for
+clients.
+
+=item const SSL_METHOD *B<SSLv23_client_method>(void);
+
+Constructor for the I<version-flexible> SSL_METHOD structure for
+servers.
+
+=item const SSL_METHOD *B<TLSv1_2_method>(void);
+
+Constructor for the TLSv1.2 SSL_METHOD structure for clients, servers
+or both.
+
+=item const SSL_METHOD *B<TLSv1_2_client_method>(void);
+
+Constructor for the TLSv1.2 SSL_METHOD structure for clients.
+
+=item const SSL_METHOD *B<TLSv1_2_server_method>(void);
+
+Constructor for the TLSv1.2 SSL_METHOD structure for servers.
+
+=item const SSL_METHOD *B<TLSv1_1_method>(void);
+
+Constructor for the TLSv1.1 SSL_METHOD structure for clients, servers
+or both.
+
+=item const SSL_METHOD *B<TLSv1_1_client_method>(void);
+
+Constructor for the TLSv1.1 SSL_METHOD structure for clients.
+
+=item const SSL_METHOD *B<TLSv1_1_server_method>(void);
+
+Constructor for the TLSv1.1 SSL_METHOD structure for servers.
+
+=item const SSL_METHOD *B<TLSv1_method>(void);
+
+Constructor for the TLSv1 SSL_METHOD structure for clients, servers
+or both.
+
+=item const SSL_METHOD *B<TLSv1_client_method>(void);
+
+Constructor for the TLSv1 SSL_METHOD structure for clients.
+
+=item const SSL_METHOD *B<TLSv1_server_method>(void);
+
+Constructor for the TLSv1 SSL_METHOD structure for servers.
+
+=item const SSL_METHOD *B<SSLv3_method>(void);
+
+Constructor for the SSLv3 SSL_METHOD structure for clients, servers
+or both.
+
+=item const SSL_METHOD *B<SSLv3_client_method>(void);
+
+Constructor for the SSLv3 SSL_METHOD structure for clients.
+
+=item const SSL_METHOD *B<SSLv3_server_method>(void);
+
+Constructor for the SSLv3 SSL_METHOD structure for servers.
+
+=item const SSL_METHOD *B<SSLv2_method>(void);
+
+Constructor for the SSLv2 SSL_METHOD structure for clients, servers
+or both.
+
+=item const SSL_METHOD *B<SSLv2_client_method>(void);
+
+Constructor for the SSLv2 SSL_METHOD structure for clients.
+
+=item const SSL_METHOD *B<SSLv2_server_method>(void);
+
+Constructor for the SSLv2 SSL_METHOD structure for servers.
+
+=back
+
+=head2 DEALING WITH CIPHERS
+
+Here we document the various API functions which deal with the SSL/TLS
+ciphers defined in B<SSL_CIPHER> structures.
+
+=over 4
+
+=item char *B<SSL_CIPHER_description>(SSL_CIPHER *cipher, char *buf, int len);
+
+Write a string to I<buf> (with a maximum size of I<len>) containing a human
+readable description of I<cipher>. Returns I<buf>.
+
+=item int B<SSL_CIPHER_get_bits>(SSL_CIPHER *cipher, int *alg_bits);
+
+Determine the number of bits in I<cipher>. Because of export crippled ciphers
+there are two bits: The bits the algorithm supports in general (stored to
+I<alg_bits>) and the bits which are actually used (the return value).
+
+=item const char *B<SSL_CIPHER_get_name>(SSL_CIPHER *cipher);
+
+Return the internal name of I<cipher> as a string. These are the various
+strings defined by the I<SSL2_TXT_xxx>, I<SSL3_TXT_xxx> and I<TLS1_TXT_xxx>
+definitions in the header files.
+
+=item char *B<SSL_CIPHER_get_version>(SSL_CIPHER *cipher);
+
+Returns a string like "C<TLSv1/SSLv3>" or "C<SSLv2>" which indicates the
+SSL/TLS protocol version to which I<cipher> belongs (i.e. where it was defined
+in the specification the first time).
+
+=back
+
+=head2 DEALING WITH PROTOCOL CONTEXTS
+
+Here we document the various API functions which deal with the SSL/TLS
+protocol context defined in the B<SSL_CTX> structure.
+
+=over 4
+
+=item int B<SSL_CTX_add_client_CA>(SSL_CTX *ctx, X509 *x);
+
+=item long B<SSL_CTX_add_extra_chain_cert>(SSL_CTX *ctx, X509 *x509);
+
+=item int B<SSL_CTX_add_session>(SSL_CTX *ctx, SSL_SESSION *c);
+
+=item int B<SSL_CTX_check_private_key>(const SSL_CTX *ctx);
+
+=item long B<SSL_CTX_ctrl>(SSL_CTX *ctx, int cmd, long larg, char *parg);
+
+=item void B<SSL_CTX_flush_sessions>(SSL_CTX *s, long t);
+
+=item void B<SSL_CTX_free>(SSL_CTX *a);
+
+=item char *B<SSL_CTX_get_app_data>(SSL_CTX *ctx);
+
+=item X509_STORE *B<SSL_CTX_get_cert_store>(SSL_CTX *ctx);
+
+=item STACK *B<SSL_CTX_get_client_CA_list>(const SSL_CTX *ctx);
+
+=item int (*B<SSL_CTX_get_client_cert_cb>(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+
+=item void B<SSL_CTX_get_default_read_ahead>(SSL_CTX *ctx);
+
+=item char *B<SSL_CTX_get_ex_data>(const SSL_CTX *s, int idx);
+
+=item int B<SSL_CTX_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
+
+=item void (*B<SSL_CTX_get_info_callback>(SSL_CTX *ctx))(SSL *ssl, int cb, int ret);
+
+=item int B<SSL_CTX_get_quiet_shutdown>(const SSL_CTX *ctx);
+
+=item void B<SSL_CTX_get_read_ahead>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_get_session_cache_mode>(SSL_CTX *ctx);
+
+=item long B<SSL_CTX_get_timeout>(const SSL_CTX *ctx);
+
+=item int (*B<SSL_CTX_get_verify_callback>(const SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx);
+
+=item int B<SSL_CTX_get_verify_mode>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_load_verify_locations>(SSL_CTX *ctx, char *CAfile, char *CApath);
+
+=item long B<SSL_CTX_need_tmp_RSA>(SSL_CTX *ctx);
+
+=item SSL_CTX *B<SSL_CTX_new>(const SSL_METHOD *meth);
+
+=item int B<SSL_CTX_remove_session>(SSL_CTX *ctx, SSL_SESSION *c);
+
+=item int B<SSL_CTX_sess_accept>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_accept_good>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_accept_renegotiate>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_cache_full>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_cb_hits>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_connect>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_connect_good>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_connect_renegotiate>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_get_cache_size>(SSL_CTX *ctx);
+
+=item SSL_SESSION *(*B<SSL_CTX_sess_get_get_cb>(SSL_CTX *ctx))(SSL *ssl, unsigned char *data, int len, int *copy);
+
+=item int (*B<SSL_CTX_sess_get_new_cb>(SSL_CTX *ctx)(SSL *ssl, SSL_SESSION *sess);
+
+=item void (*B<SSL_CTX_sess_get_remove_cb>(SSL_CTX *ctx)(SSL_CTX *ctx, SSL_SESSION *sess);
+
+=item int B<SSL_CTX_sess_hits>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_misses>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_number>(SSL_CTX *ctx);
+
+=item void B<SSL_CTX_sess_set_cache_size>(SSL_CTX *ctx,t);
+
+=item void B<SSL_CTX_sess_set_get_cb>(SSL_CTX *ctx, SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy));
+
+=item void B<SSL_CTX_sess_set_new_cb>(SSL_CTX *ctx, int (*cb)(SSL *ssl, SSL_SESSION *sess));
+
+=item void B<SSL_CTX_sess_set_remove_cb>(SSL_CTX *ctx, void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess));
+
+=item int B<SSL_CTX_sess_timeouts>(SSL_CTX *ctx);
+
+=item LHASH *B<SSL_CTX_sessions>(SSL_CTX *ctx);
+
+=item void B<SSL_CTX_set_app_data>(SSL_CTX *ctx, void *arg);
+
+=item void B<SSL_CTX_set_cert_store>(SSL_CTX *ctx, X509_STORE *cs);
+
+=item void B<SSL_CTX_set_cert_verify_cb>(SSL_CTX *ctx, int (*cb)(), char *arg)
+
+=item int B<SSL_CTX_set_cipher_list>(SSL_CTX *ctx, char *str);
+
+=item void B<SSL_CTX_set_client_CA_list>(SSL_CTX *ctx, STACK *list);
+
+=item void B<SSL_CTX_set_client_cert_cb>(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
+
+=item void B<SSL_CTX_set_default_passwd_cb>(SSL_CTX *ctx, int (*cb);(void))
+
+=item void B<SSL_CTX_set_default_read_ahead>(SSL_CTX *ctx, int m);
+
+=item int B<SSL_CTX_set_default_verify_paths>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_set_ex_data>(SSL_CTX *s, int idx, char *arg);
+
+=item void B<SSL_CTX_set_info_callback>(SSL_CTX *ctx, void (*cb)(SSL *ssl, int cb, int ret));
+
+=item void B<SSL_CTX_set_msg_callback>(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+
+=item void B<SSL_CTX_set_msg_callback_arg>(SSL_CTX *ctx, void *arg);
+
+=item void B<SSL_CTX_set_options>(SSL_CTX *ctx, unsigned long op);
+
+=item void B<SSL_CTX_set_quiet_shutdown>(SSL_CTX *ctx, int mode);
+
+=item void B<SSL_CTX_set_read_ahead>(SSL_CTX *ctx, int m);
+
+=item void B<SSL_CTX_set_session_cache_mode>(SSL_CTX *ctx, int mode);
+
+=item int B<SSL_CTX_set_ssl_version>(SSL_CTX *ctx, const SSL_METHOD *meth);
+
+=item void B<SSL_CTX_set_timeout>(SSL_CTX *ctx, long t);
+
+=item long B<SSL_CTX_set_tmp_dh>(SSL_CTX* ctx, DH *dh);
+
+=item long B<SSL_CTX_set_tmp_dh_callback>(SSL_CTX *ctx, DH *(*cb)(void));
+
+=item long B<SSL_CTX_set_tmp_rsa>(SSL_CTX *ctx, RSA *rsa);
+
+=item SSL_CTX_set_tmp_rsa_callback
+
+C<long B<SSL_CTX_set_tmp_rsa_callback>(SSL_CTX *B<ctx>, RSA *(*B<cb>)(SSL *B<ssl>, int B<export>, int B<keylength>));>
+
+Sets the callback which will be called when a temporary private key is
+required. The B<C<export>> flag will be set if the reason for needing
+a temp key is that an export ciphersuite is in use, in which case,
+B<C<keylength>> will contain the required keylength in bits. Generate a key of
+appropriate size (using ???) and return it.
+
+=item SSL_set_tmp_rsa_callback
+
+long B<SSL_set_tmp_rsa_callback>(SSL *ssl, RSA *(*cb)(SSL *ssl, int export, int keylength));
+
+The same as B<SSL_CTX_set_tmp_rsa_callback>, except it operates on an SSL
+session instead of a context.
+
+=item void B<SSL_CTX_set_verify>(SSL_CTX *ctx, int mode, int (*cb);(void))
+
+=item int B<SSL_CTX_use_PrivateKey>(SSL_CTX *ctx, EVP_PKEY *pkey);
+
+=item int B<SSL_CTX_use_PrivateKey_ASN1>(int type, SSL_CTX *ctx, unsigned char *d, long len);
+
+=item int B<SSL_CTX_use_PrivateKey_file>(SSL_CTX *ctx, char *file, int type);
+
+=item int B<SSL_CTX_use_RSAPrivateKey>(SSL_CTX *ctx, RSA *rsa);
+
+=item int B<SSL_CTX_use_RSAPrivateKey_ASN1>(SSL_CTX *ctx, unsigned char *d, long len);
+
+=item int B<SSL_CTX_use_RSAPrivateKey_file>(SSL_CTX *ctx, char *file, int type);
+
+=item int B<SSL_CTX_use_certificate>(SSL_CTX *ctx, X509 *x);
+
+=item int B<SSL_CTX_use_certificate_ASN1>(SSL_CTX *ctx, int len, unsigned char *d);
+
+=item int B<SSL_CTX_use_certificate_file>(SSL_CTX *ctx, char *file, int type);
+
+=item void B<SSL_CTX_set_psk_client_callback>(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));
+
+=item int B<SSL_CTX_use_psk_identity_hint>(SSL_CTX *ctx, const char *hint);
+
+=item void B<SSL_CTX_set_psk_server_callback>(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len));
+
+
+
+
+=back
+
+=head2 DEALING WITH SESSIONS
+
+Here we document the various API functions which deal with the SSL/TLS
+sessions defined in the B<SSL_SESSION> structures.
+
+=over 4
+
+=item int B<SSL_SESSION_cmp>(const SSL_SESSION *a, const SSL_SESSION *b);
+
+=item void B<SSL_SESSION_free>(SSL_SESSION *ss);
+
+=item char *B<SSL_SESSION_get_app_data>(SSL_SESSION *s);
+
+=item char *B<SSL_SESSION_get_ex_data>(const SSL_SESSION *s, int idx);
+
+=item int B<SSL_SESSION_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
+
+=item long B<SSL_SESSION_get_time>(const SSL_SESSION *s);
+
+=item long B<SSL_SESSION_get_timeout>(const SSL_SESSION *s);
+
+=item unsigned long B<SSL_SESSION_hash>(const SSL_SESSION *a);
+
+=item SSL_SESSION *B<SSL_SESSION_new>(void);
+
+=item int B<SSL_SESSION_print>(BIO *bp, const SSL_SESSION *x);
+
+=item int B<SSL_SESSION_print_fp>(FILE *fp, const SSL_SESSION *x);
+
+=item void B<SSL_SESSION_set_app_data>(SSL_SESSION *s, char *a);
+
+=item int B<SSL_SESSION_set_ex_data>(SSL_SESSION *s, int idx, char *arg);
+
+=item long B<SSL_SESSION_set_time>(SSL_SESSION *s, long t);
+
+=item long B<SSL_SESSION_set_timeout>(SSL_SESSION *s, long t);
+
+=back
+
+=head2 DEALING WITH CONNECTIONS
+
+Here we document the various API functions which deal with the SSL/TLS
+connection defined in the B<SSL> structure.
+
+=over 4
+
+=item int B<SSL_accept>(SSL *ssl);
+
+=item int B<SSL_add_dir_cert_subjects_to_stack>(STACK *stack, const char *dir);
+
+=item int B<SSL_add_file_cert_subjects_to_stack>(STACK *stack, const char *file);
+
+=item int B<SSL_add_client_CA>(SSL *ssl, X509 *x);
+
+=item char *B<SSL_alert_desc_string>(int value);
+
+=item char *B<SSL_alert_desc_string_long>(int value);
+
+=item char *B<SSL_alert_type_string>(int value);
+
+=item char *B<SSL_alert_type_string_long>(int value);
+
+=item int B<SSL_check_private_key>(const SSL *ssl);
+
+=item void B<SSL_clear>(SSL *ssl);
+
+=item long B<SSL_clear_num_renegotiations>(SSL *ssl);
+
+=item int B<SSL_connect>(SSL *ssl);
+
+=item void B<SSL_copy_session_id>(SSL *t, const SSL *f);
+
+=item long B<SSL_ctrl>(SSL *ssl, int cmd, long larg, char *parg);
+
+=item int B<SSL_do_handshake>(SSL *ssl);
+
+=item SSL *B<SSL_dup>(SSL *ssl);
+
+=item STACK *B<SSL_dup_CA_list>(STACK *sk);
+
+=item void B<SSL_free>(SSL *ssl);
+
+=item SSL_CTX *B<SSL_get_SSL_CTX>(const SSL *ssl);
+
+=item char *B<SSL_get_app_data>(SSL *ssl);
+
+=item X509 *B<SSL_get_certificate>(const SSL *ssl);
+
+=item const char *B<SSL_get_cipher>(const SSL *ssl);
+
+=item int B<SSL_get_cipher_bits>(const SSL *ssl, int *alg_bits);
+
+=item char *B<SSL_get_cipher_list>(const SSL *ssl, int n);
+
+=item char *B<SSL_get_cipher_name>(const SSL *ssl);
+
+=item char *B<SSL_get_cipher_version>(const SSL *ssl);
+
+=item STACK *B<SSL_get_ciphers>(const SSL *ssl);
+
+=item STACK *B<SSL_get_client_CA_list>(const SSL *ssl);
+
+=item SSL_CIPHER *B<SSL_get_current_cipher>(SSL *ssl);
+
+=item long B<SSL_get_default_timeout>(const SSL *ssl);
+
+=item int B<SSL_get_error>(const SSL *ssl, int i);
+
+=item char *B<SSL_get_ex_data>(const SSL *ssl, int idx);
+
+=item int B<SSL_get_ex_data_X509_STORE_CTX_idx>(void);
+
+=item int B<SSL_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
+
+=item int B<SSL_get_fd>(const SSL *ssl);
+
+=item void (*B<SSL_get_info_callback>(const SSL *ssl);)()
+
+=item STACK *B<SSL_get_peer_cert_chain>(const SSL *ssl);
+
+=item X509 *B<SSL_get_peer_certificate>(const SSL *ssl);
+
+=item EVP_PKEY *B<SSL_get_privatekey>(SSL *ssl);
+
+=item int B<SSL_get_quiet_shutdown>(const SSL *ssl);
+
+=item BIO *B<SSL_get_rbio>(const SSL *ssl);
+
+=item int B<SSL_get_read_ahead>(const SSL *ssl);
+
+=item SSL_SESSION *B<SSL_get_session>(const SSL *ssl);
+
+=item char *B<SSL_get_shared_ciphers>(const SSL *ssl, char *buf, int len);
+
+=item int B<SSL_get_shutdown>(const SSL *ssl);
+
+=item const SSL_METHOD *B<SSL_get_ssl_method>(SSL *ssl);
+
+=item int B<SSL_get_state>(const SSL *ssl);
+
+=item long B<SSL_get_time>(const SSL *ssl);
+
+=item long B<SSL_get_timeout>(const SSL *ssl);
+
+=item int (*B<SSL_get_verify_callback>(const SSL *ssl))(int,X509_STORE_CTX *)
+
+=item int B<SSL_get_verify_mode>(const SSL *ssl);
+
+=item long B<SSL_get_verify_result>(const SSL *ssl);
+
+=item char *B<SSL_get_version>(const SSL *ssl);
+
+=item BIO *B<SSL_get_wbio>(const SSL *ssl);
+
+=item int B<SSL_in_accept_init>(SSL *ssl);
+
+=item int B<SSL_in_before>(SSL *ssl);
+
+=item int B<SSL_in_connect_init>(SSL *ssl);
+
+=item int B<SSL_in_init>(SSL *ssl);
+
+=item int B<SSL_is_init_finished>(SSL *ssl);
+
+=item STACK *B<SSL_load_client_CA_file>(char *file);
+
+=item void B<SSL_load_error_strings>(void);
+
+=item SSL *B<SSL_new>(SSL_CTX *ctx);
+
+=item long B<SSL_num_renegotiations>(SSL *ssl);
+
+=item int B<SSL_peek>(SSL *ssl, void *buf, int num);
+
+=item int B<SSL_pending>(const SSL *ssl);
+
+=item int B<SSL_read>(SSL *ssl, void *buf, int num);
+
+=item int B<SSL_renegotiate>(SSL *ssl);
+
+=item char *B<SSL_rstate_string>(SSL *ssl);
+
+=item char *B<SSL_rstate_string_long>(SSL *ssl);
+
+=item long B<SSL_session_reused>(SSL *ssl);
+
+=item void B<SSL_set_accept_state>(SSL *ssl);
+
+=item void B<SSL_set_app_data>(SSL *ssl, char *arg);
+
+=item void B<SSL_set_bio>(SSL *ssl, BIO *rbio, BIO *wbio);
+
+=item int B<SSL_set_cipher_list>(SSL *ssl, char *str);
+
+=item void B<SSL_set_client_CA_list>(SSL *ssl, STACK *list);
+
+=item void B<SSL_set_connect_state>(SSL *ssl);
+
+=item int B<SSL_set_ex_data>(SSL *ssl, int idx, char *arg);
+
+=item int B<SSL_set_fd>(SSL *ssl, int fd);
+
+=item void B<SSL_set_info_callback>(SSL *ssl, void (*cb);(void))
+
+=item void B<SSL_set_msg_callback>(SSL *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+
+=item void B<SSL_set_msg_callback_arg>(SSL *ctx, void *arg);
+
+=item void B<SSL_set_options>(SSL *ssl, unsigned long op);
+
+=item void B<SSL_set_quiet_shutdown>(SSL *ssl, int mode);
+
+=item void B<SSL_set_read_ahead>(SSL *ssl, int yes);
+
+=item int B<SSL_set_rfd>(SSL *ssl, int fd);
+
+=item int B<SSL_set_session>(SSL *ssl, SSL_SESSION *session);
+
+=item void B<SSL_set_shutdown>(SSL *ssl, int mode);
+
+=item int B<SSL_set_ssl_method>(SSL *ssl, const SSL_METHOD *meth);
+
+=item void B<SSL_set_time>(SSL *ssl, long t);
+
+=item void B<SSL_set_timeout>(SSL *ssl, long t);
+
+=item void B<SSL_set_verify>(SSL *ssl, int mode, int (*callback);(void))
+
+=item void B<SSL_set_verify_result>(SSL *ssl, long arg);
+
+=item int B<SSL_set_wfd>(SSL *ssl, int fd);
+
+=item int B<SSL_shutdown>(SSL *ssl);
+
+=item int B<SSL_state>(const SSL *ssl);
+
+=item char *B<SSL_state_string>(const SSL *ssl);
+
+=item char *B<SSL_state_string_long>(const SSL *ssl);
+
+=item long B<SSL_total_renegotiations>(SSL *ssl);
+
+=item int B<SSL_use_PrivateKey>(SSL *ssl, EVP_PKEY *pkey);
+
+=item int B<SSL_use_PrivateKey_ASN1>(int type, SSL *ssl, unsigned char *d, long len);
+
+=item int B<SSL_use_PrivateKey_file>(SSL *ssl, char *file, int type);
+
+=item int B<SSL_use_RSAPrivateKey>(SSL *ssl, RSA *rsa);
+
+=item int B<SSL_use_RSAPrivateKey_ASN1>(SSL *ssl, unsigned char *d, long len);
+
+=item int B<SSL_use_RSAPrivateKey_file>(SSL *ssl, char *file, int type);
+
+=item int B<SSL_use_certificate>(SSL *ssl, X509 *x);
+
+=item int B<SSL_use_certificate_ASN1>(SSL *ssl, int len, unsigned char *d);
+
+=item int B<SSL_use_certificate_file>(SSL *ssl, char *file, int type);
+
+=item int B<SSL_version>(const SSL *ssl);
+
+=item int B<SSL_want>(const SSL *ssl);
+
+=item int B<SSL_want_nothing>(const SSL *ssl);
+
+=item int B<SSL_want_read>(const SSL *ssl);
+
+=item int B<SSL_want_write>(const SSL *ssl);
+
+=item int B<SSL_want_x509_lookup>(const SSL *ssl);
+
+=item int B<SSL_write>(SSL *ssl, const void *buf, int num);
+
+=item void B<SSL_set_psk_client_callback>(SSL *ssl, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));
+
+=item int B<SSL_use_psk_identity_hint>(SSL *ssl, const char *hint);
+
+=item void B<SSL_set_psk_server_callback>(SSL *ssl, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len));
+
+=item const char *B<SSL_get_psk_identity_hint>(SSL *ssl);
+
+=item const char *B<SSL_get_psk_identity>(SSL *ssl);
+
+=back
+
+=head1 SEE ALSO
+
+L<openssl(1)|openssl(1)>, L<crypto(3)|crypto(3)>,
+L<SSL_accept(3)|SSL_accept(3)>, L<SSL_clear(3)|SSL_clear(3)>,
+L<SSL_connect(3)|SSL_connect(3)>,
+L<SSL_CIPHER_get_name(3)|SSL_CIPHER_get_name(3)>,
+L<SSL_COMP_add_compression_method(3)|SSL_COMP_add_compression_method(3)>,
+L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>,
+L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>,
+L<SSL_CTX_ctrl(3)|SSL_CTX_ctrl(3)>,
+L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
+L<SSL_CTX_get_ex_new_index(3)|SSL_CTX_get_ex_new_index(3)>,
+L<SSL_CTX_get_verify_mode(3)|SSL_CTX_get_verify_mode(3)>,
+L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
+L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
+L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>,
+L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)>,
+L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>,
+L<SSL_CTX_sessions(3)|SSL_CTX_sessions(3)>,
+L<SSL_CTX_set_cert_store(3)|SSL_CTX_set_cert_store(3)>,
+L<SSL_CTX_set_cert_verify_callback(3)|SSL_CTX_set_cert_verify_callback(3)>,
+L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>,
+L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>,
+L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>,
+L<SSL_CTX_set_default_passwd_cb(3)|SSL_CTX_set_default_passwd_cb(3)>,
+L<SSL_CTX_set_generate_session_id(3)|SSL_CTX_set_generate_session_id(3)>,
+L<SSL_CTX_set_info_callback(3)|SSL_CTX_set_info_callback(3)>,
+L<SSL_CTX_set_max_cert_list(3)|SSL_CTX_set_max_cert_list(3)>,
+L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>,
+L<SSL_CTX_set_msg_callback(3)|SSL_CTX_set_msg_callback(3)>,
+L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
+L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>,
+L<SSL_CTX_set_read_ahead(3)|SSL_CTX_set_read_ahead(3)>,
+L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
+L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>,
+L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>,
+L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>,
+L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>,
+L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
+L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>,
+L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
+L<SSL_alert_type_string(3)|SSL_alert_type_string(3)>,
+L<SSL_do_handshake(3)|SSL_do_handshake(3)>,
+L<SSL_get_SSL_CTX(3)|SSL_get_SSL_CTX(3)>,
+L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>,
+L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,
+L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>,
+L<SSL_get_error(3)|SSL_get_error(3)>,
+L<SSL_get_ex_data_X509_STORE_CTX_idx(3)|SSL_get_ex_data_X509_STORE_CTX_idx(3)>,
+L<SSL_get_ex_new_index(3)|SSL_get_ex_new_index(3)>,
+L<SSL_get_fd(3)|SSL_get_fd(3)>,
+L<SSL_get_peer_cert_chain(3)|SSL_get_peer_cert_chain(3)>,
+L<SSL_get_rbio(3)|SSL_get_rbio(3)>,
+L<SSL_get_session(3)|SSL_get_session(3)>,
+L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
+L<SSL_get_version(3)|SSL_get_version(3)>,
+L<SSL_library_init(3)|SSL_library_init(3)>,
+L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)>,
+L<SSL_new(3)|SSL_new(3)>,
+L<SSL_pending(3)|SSL_pending(3)>,
+L<SSL_read(3)|SSL_read(3)>,
+L<SSL_rstate_string(3)|SSL_rstate_string(3)>,
+L<SSL_session_reused(3)|SSL_session_reused(3)>,
+L<SSL_set_bio(3)|SSL_set_bio(3)>,
+L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
+L<SSL_set_fd(3)|SSL_set_fd(3)>,
+L<SSL_set_session(3)|SSL_set_session(3)>,
+L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
+L<SSL_shutdown(3)|SSL_shutdown(3)>,
+L<SSL_state_string(3)|SSL_state_string(3)>,
+L<SSL_want(3)|SSL_want(3)>,
+L<SSL_write(3)|SSL_write(3)>,
+L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
+L<SSL_SESSION_get_ex_new_index(3)|SSL_SESSION_get_ex_new_index(3)>,
+L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)>,
+L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>,
+L<SSL_CTX_set_psk_client_callback(3)|SSL_CTX_set_psk_client_callback(3)>,
+L<SSL_CTX_use_psk_identity_hint(3)|SSL_CTX_use_psk_identity_hint(3)>,
+L<SSL_get_psk_identity(3)|SSL_get_psk_identity(3)>
+
+=head1 HISTORY
+
+The L<ssl(3)|ssl(3)> document appeared in OpenSSL 0.9.2
+
+=cut
+

Deleted: vendor-crypto/openssl/1.0.1u/engines/e_chil.c
===================================================================
--- vendor-crypto/openssl/dist/engines/e_chil.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/engines/e_chil.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,1343 +0,0 @@
-/* crypto/engine/e_chil.c -*- mode: C; c-file-style: "eay" -*- */
-/*
- * Written by Richard Levitte (richard at levitte.org), Geoff Thorpe
- * (geoff at geoffthorpe.net) and Dr Stephen N Henson (steve at openssl.org) for
- * the OpenSSL project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/pem.h>
-#include <openssl/dso.h>
-#include <openssl/engine.h>
-#include <openssl/ui.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_RSA
-# include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_NO_HW
-# ifndef OPENSSL_NO_HW_CHIL
-
-/*-
- * Attribution notice: nCipher have said several times that it's OK for
- * us to implement a general interface to their boxes, and recently declared
- * their HWCryptoHook to be public, and therefore available for us to use.
- * Thanks, nCipher.
- *
- * The hwcryptohook.h included here is from May 2000.
- * [Richard Levitte]
- */
-#  ifdef FLAT_INC
-#   include "hwcryptohook.h"
-#  else
-#   include "vendor_defns/hwcryptohook.h"
-#  endif
-
-#  define HWCRHK_LIB_NAME "CHIL engine"
-#  include "e_chil_err.c"
-
-static int hwcrhk_destroy(ENGINE *e);
-static int hwcrhk_init(ENGINE *e);
-static int hwcrhk_finish(ENGINE *e);
-static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
-
-/* Functions to handle mutexes */
-static int hwcrhk_mutex_init(HWCryptoHook_Mutex *,
-                             HWCryptoHook_CallerContext *);
-static int hwcrhk_mutex_lock(HWCryptoHook_Mutex *);
-static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex *);
-static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex *);
-
-/* BIGNUM stuff */
-static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                          const BIGNUM *m, BN_CTX *ctx);
-
-#  ifndef OPENSSL_NO_RSA
-/* RSA stuff */
-static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa,
-                              BN_CTX *ctx);
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                               const BIGNUM *m, BN_CTX *ctx,
-                               BN_MONT_CTX *m_ctx);
-static int hwcrhk_rsa_finish(RSA *rsa);
-#  endif
-
-#  ifndef OPENSSL_NO_DH
-/* DH stuff */
-/* This function is alised to mod_exp (with the DH and mont dropped). */
-static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r,
-                             const BIGNUM *a, const BIGNUM *p,
-                             const BIGNUM *m, BN_CTX *ctx,
-                             BN_MONT_CTX *m_ctx);
-#  endif
-
-/* RAND stuff */
-static int hwcrhk_rand_bytes(unsigned char *buf, int num);
-static int hwcrhk_rand_status(void);
-
-/* KM stuff */
-static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
-                                     UI_METHOD *ui_method,
-                                     void *callback_data);
-static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
-                                    UI_METHOD *ui_method,
-                                    void *callback_data);
-
-/* Interaction stuff */
-static int hwcrhk_insert_card(const char *prompt_info,
-                              const char *wrong_info,
-                              HWCryptoHook_PassphraseContext * ppctx,
-                              HWCryptoHook_CallerContext * cactx);
-static int hwcrhk_get_pass(const char *prompt_info,
-                           int *len_io, char *buf,
-                           HWCryptoHook_PassphraseContext * ppctx,
-                           HWCryptoHook_CallerContext * cactx);
-static void hwcrhk_log_message(void *logstr, const char *message);
-
-/* The definitions for control commands specific to this engine */
-#  define HWCRHK_CMD_SO_PATH              ENGINE_CMD_BASE
-#  define HWCRHK_CMD_FORK_CHECK           (ENGINE_CMD_BASE + 1)
-#  define HWCRHK_CMD_THREAD_LOCKING       (ENGINE_CMD_BASE + 2)
-#  define HWCRHK_CMD_SET_USER_INTERFACE   (ENGINE_CMD_BASE + 3)
-#  define HWCRHK_CMD_SET_CALLBACK_DATA    (ENGINE_CMD_BASE + 4)
-static const ENGINE_CMD_DEFN hwcrhk_cmd_defns[] = {
-    {HWCRHK_CMD_SO_PATH,
-     "SO_PATH",
-     "Specifies the path to the 'hwcrhk' shared library",
-     ENGINE_CMD_FLAG_STRING},
-    {HWCRHK_CMD_FORK_CHECK,
-     "FORK_CHECK",
-     "Turns fork() checking on (non-zero) or off (zero)",
-     ENGINE_CMD_FLAG_NUMERIC},
-    {HWCRHK_CMD_THREAD_LOCKING,
-     "THREAD_LOCKING",
-     "Turns thread-safe locking on (zero) or off (non-zero)",
-     ENGINE_CMD_FLAG_NUMERIC},
-    {HWCRHK_CMD_SET_USER_INTERFACE,
-     "SET_USER_INTERFACE",
-     "Set the global user interface (internal)",
-     ENGINE_CMD_FLAG_INTERNAL},
-    {HWCRHK_CMD_SET_CALLBACK_DATA,
-     "SET_CALLBACK_DATA",
-     "Set the global user interface extra data (internal)",
-     ENGINE_CMD_FLAG_INTERNAL},
-    {0, NULL, NULL, 0}
-};
-
-#  ifndef OPENSSL_NO_RSA
-/* Our internal RSA_METHOD that we provide pointers to */
-static RSA_METHOD hwcrhk_rsa = {
-    "CHIL RSA method",
-    NULL,
-    NULL,
-    NULL,
-    NULL,
-    hwcrhk_rsa_mod_exp,
-    hwcrhk_mod_exp_mont,
-    NULL,
-    hwcrhk_rsa_finish,
-    0,
-    NULL,
-    NULL,
-    NULL,
-    NULL
-};
-#  endif
-
-#  ifndef OPENSSL_NO_DH
-/* Our internal DH_METHOD that we provide pointers to */
-static DH_METHOD hwcrhk_dh = {
-    "CHIL DH method",
-    NULL,
-    NULL,
-    hwcrhk_mod_exp_dh,
-    NULL,
-    NULL,
-    0,
-    NULL,
-    NULL
-};
-#  endif
-
-static RAND_METHOD hwcrhk_rand = {
-    /* "CHIL RAND method", */
-    NULL,
-    hwcrhk_rand_bytes,
-    NULL,
-    NULL,
-    hwcrhk_rand_bytes,
-    hwcrhk_rand_status,
-};
-
-/* Constants used when creating the ENGINE */
-static const char *engine_hwcrhk_id = "chil";
-static const char *engine_hwcrhk_name = "CHIL hardware engine support";
-#  ifndef OPENSSL_NO_DYNAMIC_ENGINE
-/* Compatibility hack, the dynamic library uses this form in the path */
-static const char *engine_hwcrhk_id_alt = "ncipher";
-#  endif
-
-/* Internal stuff for HWCryptoHook */
-
-/* Some structures needed for proper use of thread locks */
-/*
- * hwcryptohook.h has some typedefs that turn struct HWCryptoHook_MutexValue
- * into HWCryptoHook_Mutex
- */
-struct HWCryptoHook_MutexValue {
-    int lockid;
-};
-
-/*
- * hwcryptohook.h has some typedefs that turn struct
- * HWCryptoHook_PassphraseContextValue into HWCryptoHook_PassphraseContext
- */
-struct HWCryptoHook_PassphraseContextValue {
-    UI_METHOD *ui_method;
-    void *callback_data;
-};
-
-/*
- * hwcryptohook.h has some typedefs that turn struct
- * HWCryptoHook_CallerContextValue into HWCryptoHook_CallerContext
- */
-struct HWCryptoHook_CallerContextValue {
-    pem_password_cb *password_callback; /* Deprecated! Only present for
-                                         * backward compatibility! */
-    UI_METHOD *ui_method;
-    void *callback_data;
-};
-
-/*
- * The MPI structure in HWCryptoHook is pretty compatible with OpenSSL
- * BIGNUM's, so lets define a couple of conversion macros
- */
-#  define BN2MPI(mp, bn) \
-    {mp.size = bn->top * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;}
-#  define MPI2BN(bn, mp) \
-    {mp.size = bn->dmax * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;}
-
-static BIO *logstream = NULL;
-static int disable_mutex_callbacks = 0;
-
-/*
- * One might wonder why these are needed, since one can pass down at least a
- * UI_METHOD and a pointer to callback data to the key-loading functions. The
- * thing is that the ModExp and RSAImmed functions can load keys as well, if
- * the data they get is in a special, nCipher-defined format (hint: if you
- * look at the private exponent of the RSA data as a string, you'll see this
- * string: "nCipher KM tool key id", followed by some bytes, followed a key
- * identity string, followed by more bytes.  This happens when you use
- * "embed" keys instead of "hwcrhk" keys).  Unfortunately, those functions do
- * not take any passphrase or caller context, and our functions can't really
- * take any callback data either.  Still, the "insert_card" and
- * "get_passphrase" callbacks may be called down the line, and will need to
- * know what user interface callbacks to call, and having callback data from
- * the application may be a nice thing as well, so we need to keep track of
- * that globally.
- */
-static HWCryptoHook_CallerContext password_context = { NULL, NULL, NULL };
-
-/* Stuff to pass to the HWCryptoHook library */
-static HWCryptoHook_InitInfo hwcrhk_globals = {
-    HWCryptoHook_InitFlags_SimpleForkCheck, /* Flags */
-    &logstream,                 /* logstream */
-    sizeof(BN_ULONG),           /* limbsize */
-    0,                          /* mslimb first: false for BNs */
-    -1,                         /* msbyte first: use native */
-    0,                          /* Max mutexes, 0 = no small limit */
-    0,                          /* Max simultaneous, 0 = default */
-
-    /*
-     * The next few are mutex stuff: we write wrapper functions around the OS
-     * mutex functions.  We initialise them to 0 here, and change that to
-     * actual function pointers in hwcrhk_init() if dynamic locks are
-     * supported (that is, if the application programmer has made sure of
-     * setting up callbacks bafore starting this engine) *and* if
-     * disable_mutex_callbacks hasn't been set by a call to
-     * ENGINE_ctrl(ENGINE_CTRL_CHIL_NO_LOCKING).
-     */
-    sizeof(HWCryptoHook_Mutex),
-    0,
-    0,
-    0,
-    0,
-
-    /*
-     * The next few are condvar stuff: we write wrapper functions round the
-     * OS functions.  Currently not implemented and not and absolute
-     * necessity even in threaded programs, therefore 0'ed.  Will hopefully
-     * be implemented some day, since it enhances the efficiency of
-     * HWCryptoHook.
-     */
-    0,                          /* sizeof(HWCryptoHook_CondVar), */
-    0,                          /* hwcrhk_cv_init, */
-    0,                          /* hwcrhk_cv_wait, */
-    0,                          /* hwcrhk_cv_signal, */
-    0,                          /* hwcrhk_cv_broadcast, */
-    0,                          /* hwcrhk_cv_destroy, */
-
-    hwcrhk_get_pass,            /* pass phrase */
-    hwcrhk_insert_card,         /* insert a card */
-    hwcrhk_log_message          /* Log message */
-};
-
-/* Now, to our own code */
-
-/*
- * This internal function is used by ENGINE_chil() and possibly by the
- * "dynamic" ENGINE support too
- */
-static int bind_helper(ENGINE *e)
-{
-#  ifndef OPENSSL_NO_RSA
-    const RSA_METHOD *meth1;
-#  endif
-#  ifndef OPENSSL_NO_DH
-    const DH_METHOD *meth2;
-#  endif
-    if (!ENGINE_set_id(e, engine_hwcrhk_id) ||
-        !ENGINE_set_name(e, engine_hwcrhk_name) ||
-#  ifndef OPENSSL_NO_RSA
-        !ENGINE_set_RSA(e, &hwcrhk_rsa) ||
-#  endif
-#  ifndef OPENSSL_NO_DH
-        !ENGINE_set_DH(e, &hwcrhk_dh) ||
-#  endif
-        !ENGINE_set_RAND(e, &hwcrhk_rand) ||
-        !ENGINE_set_destroy_function(e, hwcrhk_destroy) ||
-        !ENGINE_set_init_function(e, hwcrhk_init) ||
-        !ENGINE_set_finish_function(e, hwcrhk_finish) ||
-        !ENGINE_set_ctrl_function(e, hwcrhk_ctrl) ||
-        !ENGINE_set_load_privkey_function(e, hwcrhk_load_privkey) ||
-        !ENGINE_set_load_pubkey_function(e, hwcrhk_load_pubkey) ||
-        !ENGINE_set_cmd_defns(e, hwcrhk_cmd_defns))
-        return 0;
-
-#  ifndef OPENSSL_NO_RSA
-    /*
-     * We know that the "PKCS1_SSLeay()" functions hook properly to the
-     * cswift-specific mod_exp and mod_exp_crt so we use those functions. NB:
-     * We don't use ENGINE_openssl() or anything "more generic" because
-     * something like the RSAref code may not hook properly, and if you own
-     * one of these cards then you have the right to do RSA operations on it
-     * anyway!
-     */
-    meth1 = RSA_PKCS1_SSLeay();
-    hwcrhk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
-    hwcrhk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
-    hwcrhk_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
-    hwcrhk_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
-#  endif
-
-#  ifndef OPENSSL_NO_DH
-    /* Much the same for Diffie-Hellman */
-    meth2 = DH_OpenSSL();
-    hwcrhk_dh.generate_key = meth2->generate_key;
-    hwcrhk_dh.compute_key = meth2->compute_key;
-#  endif
-
-    /* Ensure the hwcrhk error handling is set up */
-    ERR_load_HWCRHK_strings();
-    return 1;
-}
-
-#  ifdef OPENSSL_NO_DYNAMIC_ENGINE
-static ENGINE *engine_chil(void)
-{
-    ENGINE *ret = ENGINE_new();
-    if (!ret)
-        return NULL;
-    if (!bind_helper(ret)) {
-        ENGINE_free(ret);
-        return NULL;
-    }
-    return ret;
-}
-
-void ENGINE_load_chil(void)
-{
-    /* Copied from eng_[openssl|dyn].c */
-    ENGINE *toadd = engine_chil();
-    if (!toadd)
-        return;
-    ENGINE_add(toadd);
-    ENGINE_free(toadd);
-    ERR_clear_error();
-}
-#  endif
-
-/*
- * This is a process-global DSO handle used for loading and unloading the
- * HWCryptoHook library. NB: This is only set (or unset) during an init() or
- * finish() call (reference counts permitting) and they're operating with
- * global locks, so this should be thread-safe implicitly.
- */
-static DSO *hwcrhk_dso = NULL;
-static HWCryptoHook_ContextHandle hwcrhk_context = 0;
-#  ifndef OPENSSL_NO_RSA
-/* Index for KM handle.  Not really used yet. */
-static int hndidx_rsa = -1;
-#  endif
-
-/*
- * These are the function pointers that are (un)set when the library has
- * successfully (un)loaded.
- */
-static HWCryptoHook_Init_t *p_hwcrhk_Init = NULL;
-static HWCryptoHook_Finish_t *p_hwcrhk_Finish = NULL;
-static HWCryptoHook_ModExp_t *p_hwcrhk_ModExp = NULL;
-#  ifndef OPENSSL_NO_RSA
-static HWCryptoHook_RSA_t *p_hwcrhk_RSA = NULL;
-#  endif
-static HWCryptoHook_RandomBytes_t *p_hwcrhk_RandomBytes = NULL;
-#  ifndef OPENSSL_NO_RSA
-static HWCryptoHook_RSALoadKey_t *p_hwcrhk_RSALoadKey = NULL;
-static HWCryptoHook_RSAGetPublicKey_t *p_hwcrhk_RSAGetPublicKey = NULL;
-static HWCryptoHook_RSAUnloadKey_t *p_hwcrhk_RSAUnloadKey = NULL;
-#  endif
-static HWCryptoHook_ModExpCRT_t *p_hwcrhk_ModExpCRT = NULL;
-
-/* Used in the DSO operations. */
-static const char *HWCRHK_LIBNAME = NULL;
-static void free_HWCRHK_LIBNAME(void)
-{
-    if (HWCRHK_LIBNAME)
-        OPENSSL_free((void *)HWCRHK_LIBNAME);
-    HWCRHK_LIBNAME = NULL;
-}
-
-static const char *get_HWCRHK_LIBNAME(void)
-{
-    if (HWCRHK_LIBNAME)
-        return HWCRHK_LIBNAME;
-    return "nfhwcrhk";
-}
-
-static long set_HWCRHK_LIBNAME(const char *name)
-{
-    free_HWCRHK_LIBNAME();
-    return (((HWCRHK_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
-}
-
-static const char *n_hwcrhk_Init = "HWCryptoHook_Init";
-static const char *n_hwcrhk_Finish = "HWCryptoHook_Finish";
-static const char *n_hwcrhk_ModExp = "HWCryptoHook_ModExp";
-#  ifndef OPENSSL_NO_RSA
-static const char *n_hwcrhk_RSA = "HWCryptoHook_RSA";
-#  endif
-static const char *n_hwcrhk_RandomBytes = "HWCryptoHook_RandomBytes";
-#  ifndef OPENSSL_NO_RSA
-static const char *n_hwcrhk_RSALoadKey = "HWCryptoHook_RSALoadKey";
-static const char *n_hwcrhk_RSAGetPublicKey = "HWCryptoHook_RSAGetPublicKey";
-static const char *n_hwcrhk_RSAUnloadKey = "HWCryptoHook_RSAUnloadKey";
-#  endif
-static const char *n_hwcrhk_ModExpCRT = "HWCryptoHook_ModExpCRT";
-
-/*
- * HWCryptoHook library functions and mechanics - these are used by the
- * higher-level functions further down. NB: As and where there's no error
- * checking, take a look lower down where these functions are called, the
- * checking and error handling is probably down there.
- */
-
-/* utility function to obtain a context */
-static int get_context(HWCryptoHook_ContextHandle * hac,
-                       HWCryptoHook_CallerContext * cac)
-{
-    char tempbuf[1024];
-    HWCryptoHook_ErrMsgBuf rmsg;
-
-    rmsg.buf = tempbuf;
-    rmsg.size = sizeof(tempbuf);
-
-    *hac = p_hwcrhk_Init(&hwcrhk_globals, sizeof(hwcrhk_globals), &rmsg, cac);
-    if (!*hac)
-        return 0;
-    return 1;
-}
-
-/* similarly to release one. */
-static void release_context(HWCryptoHook_ContextHandle hac)
-{
-    p_hwcrhk_Finish(hac);
-}
-
-/* Destructor (complements the "ENGINE_chil()" constructor) */
-static int hwcrhk_destroy(ENGINE *e)
-{
-    free_HWCRHK_LIBNAME();
-    ERR_unload_HWCRHK_strings();
-    return 1;
-}
-
-/* (de)initialisation functions. */
-static int hwcrhk_init(ENGINE *e)
-{
-    HWCryptoHook_Init_t *p1;
-    HWCryptoHook_Finish_t *p2;
-    HWCryptoHook_ModExp_t *p3;
-#  ifndef OPENSSL_NO_RSA
-    HWCryptoHook_RSA_t *p4;
-    HWCryptoHook_RSALoadKey_t *p5;
-    HWCryptoHook_RSAGetPublicKey_t *p6;
-    HWCryptoHook_RSAUnloadKey_t *p7;
-#  endif
-    HWCryptoHook_RandomBytes_t *p8;
-    HWCryptoHook_ModExpCRT_t *p9;
-
-    if (hwcrhk_dso != NULL) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_ALREADY_LOADED);
-        goto err;
-    }
-    /* Attempt to load libnfhwcrhk.so/nfhwcrhk.dll/whatever. */
-    hwcrhk_dso = DSO_load(NULL, get_HWCRHK_LIBNAME(), NULL, 0);
-    if (hwcrhk_dso == NULL) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_DSO_FAILURE);
-        goto err;
-    }
-    if (!(p1 = (HWCryptoHook_Init_t *)
-          DSO_bind_func(hwcrhk_dso, n_hwcrhk_Init)) ||
-        !(p2 = (HWCryptoHook_Finish_t *)
-          DSO_bind_func(hwcrhk_dso, n_hwcrhk_Finish)) ||
-        !(p3 = (HWCryptoHook_ModExp_t *)
-          DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExp)) ||
-#  ifndef OPENSSL_NO_RSA
-        !(p4 = (HWCryptoHook_RSA_t *)
-          DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSA)) ||
-        !(p5 = (HWCryptoHook_RSALoadKey_t *)
-          DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSALoadKey)) ||
-        !(p6 = (HWCryptoHook_RSAGetPublicKey_t *)
-          DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAGetPublicKey)) ||
-        !(p7 = (HWCryptoHook_RSAUnloadKey_t *)
-          DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAUnloadKey)) ||
-#  endif
-        !(p8 = (HWCryptoHook_RandomBytes_t *)
-          DSO_bind_func(hwcrhk_dso, n_hwcrhk_RandomBytes)) ||
-        !(p9 = (HWCryptoHook_ModExpCRT_t *)
-          DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExpCRT))) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_DSO_FAILURE);
-        goto err;
-    }
-    /* Copy the pointers */
-    p_hwcrhk_Init = p1;
-    p_hwcrhk_Finish = p2;
-    p_hwcrhk_ModExp = p3;
-#  ifndef OPENSSL_NO_RSA
-    p_hwcrhk_RSA = p4;
-    p_hwcrhk_RSALoadKey = p5;
-    p_hwcrhk_RSAGetPublicKey = p6;
-    p_hwcrhk_RSAUnloadKey = p7;
-#  endif
-    p_hwcrhk_RandomBytes = p8;
-    p_hwcrhk_ModExpCRT = p9;
-
-    /*
-     * Check if the application decided to support dynamic locks, and if it
-     * does, use them.
-     */
-    if (disable_mutex_callbacks == 0) {
-        if (CRYPTO_get_dynlock_create_callback() != NULL &&
-            CRYPTO_get_dynlock_lock_callback() != NULL &&
-            CRYPTO_get_dynlock_destroy_callback() != NULL) {
-            hwcrhk_globals.mutex_init = hwcrhk_mutex_init;
-            hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock;
-            hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock;
-            hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy;
-        }
-    }
-
-    /*
-     * Try and get a context - if not, we may have a DSO but no accelerator!
-     */
-    if (!get_context(&hwcrhk_context, &password_context)) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_UNIT_FAILURE);
-        goto err;
-    }
-    /* Everything's fine. */
-#  ifndef OPENSSL_NO_RSA
-    if (hndidx_rsa == -1)
-        hndidx_rsa = RSA_get_ex_new_index(0,
-                                          "nFast HWCryptoHook RSA key handle",
-                                          NULL, NULL, NULL);
-#  endif
-    return 1;
- err:
-    if (hwcrhk_dso)
-        DSO_free(hwcrhk_dso);
-    hwcrhk_dso = NULL;
-    p_hwcrhk_Init = NULL;
-    p_hwcrhk_Finish = NULL;
-    p_hwcrhk_ModExp = NULL;
-#  ifndef OPENSSL_NO_RSA
-    p_hwcrhk_RSA = NULL;
-    p_hwcrhk_RSALoadKey = NULL;
-    p_hwcrhk_RSAGetPublicKey = NULL;
-    p_hwcrhk_RSAUnloadKey = NULL;
-#  endif
-    p_hwcrhk_ModExpCRT = NULL;
-    p_hwcrhk_RandomBytes = NULL;
-    return 0;
-}
-
-static int hwcrhk_finish(ENGINE *e)
-{
-    int to_return = 1;
-    free_HWCRHK_LIBNAME();
-    if (hwcrhk_dso == NULL) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_FINISH, HWCRHK_R_NOT_LOADED);
-        to_return = 0;
-        goto err;
-    }
-    release_context(hwcrhk_context);
-    if (!DSO_free(hwcrhk_dso)) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_FINISH, HWCRHK_R_DSO_FAILURE);
-        to_return = 0;
-        goto err;
-    }
- err:
-    if (logstream)
-        BIO_free(logstream);
-    hwcrhk_dso = NULL;
-    p_hwcrhk_Init = NULL;
-    p_hwcrhk_Finish = NULL;
-    p_hwcrhk_ModExp = NULL;
-#  ifndef OPENSSL_NO_RSA
-    p_hwcrhk_RSA = NULL;
-    p_hwcrhk_RSALoadKey = NULL;
-    p_hwcrhk_RSAGetPublicKey = NULL;
-    p_hwcrhk_RSAUnloadKey = NULL;
-#  endif
-    p_hwcrhk_ModExpCRT = NULL;
-    p_hwcrhk_RandomBytes = NULL;
-    return to_return;
-}
-
-static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
-{
-    int to_return = 1;
-
-    switch (cmd) {
-    case HWCRHK_CMD_SO_PATH:
-        if (hwcrhk_dso) {
-            HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, HWCRHK_R_ALREADY_LOADED);
-            return 0;
-        }
-        if (p == NULL) {
-            HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-            return 0;
-        }
-        return set_HWCRHK_LIBNAME((const char *)p);
-    case ENGINE_CTRL_SET_LOGSTREAM:
-        {
-            BIO *bio = (BIO *)p;
-
-            CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-            if (logstream) {
-                BIO_free(logstream);
-                logstream = NULL;
-            }
-            if (CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO) > 1)
-                logstream = bio;
-            else
-                HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, HWCRHK_R_BIO_WAS_FREED);
-        }
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        break;
-    case ENGINE_CTRL_SET_PASSWORD_CALLBACK:
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        password_context.password_callback = (pem_password_cb *)f;
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        break;
-    case ENGINE_CTRL_SET_USER_INTERFACE:
-    case HWCRHK_CMD_SET_USER_INTERFACE:
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        password_context.ui_method = (UI_METHOD *)p;
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        break;
-    case ENGINE_CTRL_SET_CALLBACK_DATA:
-    case HWCRHK_CMD_SET_CALLBACK_DATA:
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        password_context.callback_data = p;
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        break;
-        /*
-         * this enables or disables the "SimpleForkCheck" flag used in the
-         * initialisation structure.
-         */
-    case ENGINE_CTRL_CHIL_SET_FORKCHECK:
-    case HWCRHK_CMD_FORK_CHECK:
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        if (i)
-            hwcrhk_globals.flags |= HWCryptoHook_InitFlags_SimpleForkCheck;
-        else
-            hwcrhk_globals.flags &= ~HWCryptoHook_InitFlags_SimpleForkCheck;
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        break;
-        /*
-         * This will prevent the initialisation function from "installing"
-         * the mutex-handling callbacks, even if they are available from
-         * within the library (or were provided to the library from the
-         * calling application). This is to remove any baggage for
-         * applications not using multithreading.
-         */
-    case ENGINE_CTRL_CHIL_NO_LOCKING:
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        disable_mutex_callbacks = 1;
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        break;
-    case HWCRHK_CMD_THREAD_LOCKING:
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        disable_mutex_callbacks = ((i == 0) ? 0 : 1);
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        break;
-
-        /* The command isn't understood by this engine */
-    default:
-        HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,
-                  HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
-        to_return = 0;
-        break;
-    }
-
-    return to_return;
-}
-
-static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
-                                     UI_METHOD *ui_method,
-                                     void *callback_data)
-{
-#  ifndef OPENSSL_NO_RSA
-    RSA *rtmp = NULL;
-#  endif
-    EVP_PKEY *res = NULL;
-#  ifndef OPENSSL_NO_RSA
-    HWCryptoHook_MPI e, n;
-    HWCryptoHook_RSAKeyHandle *hptr;
-#  endif
-#  if !defined(OPENSSL_NO_RSA)
-    char tempbuf[1024];
-    HWCryptoHook_ErrMsgBuf rmsg;
-    HWCryptoHook_PassphraseContext ppctx;
-#  endif
-
-#  if !defined(OPENSSL_NO_RSA)
-    rmsg.buf = tempbuf;
-    rmsg.size = sizeof(tempbuf);
-#  endif
-
-    if (!hwcrhk_context) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_NOT_INITIALISED);
-        goto err;
-    }
-#  ifndef OPENSSL_NO_RSA
-    hptr = OPENSSL_malloc(sizeof(HWCryptoHook_RSAKeyHandle));
-    if (!hptr) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    ppctx.ui_method = ui_method;
-    ppctx.callback_data = callback_data;
-    if (p_hwcrhk_RSALoadKey(hwcrhk_context, key_id, hptr, &rmsg, &ppctx)) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR);
-        ERR_add_error_data(1, rmsg.buf);
-        goto err;
-    }
-    if (!*hptr) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_NO_KEY);
-        goto err;
-    }
-#  endif
-#  ifndef OPENSSL_NO_RSA
-    rtmp = RSA_new_method(eng);
-    RSA_set_ex_data(rtmp, hndidx_rsa, (char *)hptr);
-    rtmp->e = BN_new();
-    rtmp->n = BN_new();
-    rtmp->flags |= RSA_FLAG_EXT_PKEY;
-    MPI2BN(rtmp->e, e);
-    MPI2BN(rtmp->n, n);
-    if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg)
-        != HWCRYPTOHOOK_ERROR_MPISIZE) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR);
-        ERR_add_error_data(1, rmsg.buf);
-        goto err;
-    }
-
-    bn_expand2(rtmp->e, e.size / sizeof(BN_ULONG));
-    bn_expand2(rtmp->n, n.size / sizeof(BN_ULONG));
-    MPI2BN(rtmp->e, e);
-    MPI2BN(rtmp->n, n);
-
-    if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg)) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR);
-        ERR_add_error_data(1, rmsg.buf);
-        goto err;
-    }
-    rtmp->e->top = e.size / sizeof(BN_ULONG);
-    bn_fix_top(rtmp->e);
-    rtmp->n->top = n.size / sizeof(BN_ULONG);
-    bn_fix_top(rtmp->n);
-
-    res = EVP_PKEY_new();
-    if (res == NULL) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR);
-        goto err;
-    }
-    EVP_PKEY_assign_RSA(res, rtmp);
-#  endif
-
-    if (!res)
-        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
-                  HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED);
-
-    return res;
- err:
-#  ifndef OPENSSL_NO_RSA
-    if (rtmp)
-        RSA_free(rtmp);
-#  endif
-    return NULL;
-}
-
-static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
-                                    UI_METHOD *ui_method, void *callback_data)
-{
-    EVP_PKEY *res = NULL;
-
-#  ifndef OPENSSL_NO_RSA
-    res = hwcrhk_load_privkey(eng, key_id, ui_method, callback_data);
-#  endif
-
-    if (res)
-        switch (res->type) {
-#  ifndef OPENSSL_NO_RSA
-        case EVP_PKEY_RSA:
-            {
-                RSA *rsa = NULL;
-
-                CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
-                rsa = res->pkey.rsa;
-                res->pkey.rsa = RSA_new();
-                res->pkey.rsa->n = rsa->n;
-                res->pkey.rsa->e = rsa->e;
-                rsa->n = NULL;
-                rsa->e = NULL;
-                CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
-                RSA_free(rsa);
-            }
-            break;
-#  endif
-        default:
-            HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,
-                      HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
-            goto err;
-        }
-
-    return res;
- err:
-    if (res)
-        EVP_PKEY_free(res);
-    return NULL;
-}
-
-/* A little mod_exp */
-static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                          const BIGNUM *m, BN_CTX *ctx)
-{
-    char tempbuf[1024];
-    HWCryptoHook_ErrMsgBuf rmsg;
-    /*
-     * Since HWCryptoHook_MPI is pretty compatible with BIGNUM's, we use them
-     * directly, plus a little macro magic.  We only thing we need to make
-     * sure of is that enough space is allocated.
-     */
-    HWCryptoHook_MPI m_a, m_p, m_n, m_r;
-    int to_return, ret;
-
-    to_return = 0;              /* expect failure */
-    rmsg.buf = tempbuf;
-    rmsg.size = sizeof(tempbuf);
-
-    if (!hwcrhk_context) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP, HWCRHK_R_NOT_INITIALISED);
-        goto err;
-    }
-    /* Prepare the params */
-    bn_expand2(r, m->top);      /* Check for error !! */
-    BN2MPI(m_a, a);
-    BN2MPI(m_p, p);
-    BN2MPI(m_n, m);
-    MPI2BN(r, m_r);
-
-    /* Perform the operation */
-    ret = p_hwcrhk_ModExp(hwcrhk_context, m_a, m_p, m_n, &m_r, &rmsg);
-
-    /* Convert the response */
-    r->top = m_r.size / sizeof(BN_ULONG);
-    bn_fix_top(r);
-
-    if (ret < 0) {
-        /*
-         * FIXME: When this error is returned, HWCryptoHook is telling us
-         * that falling back to software computation might be a good thing.
-         */
-        if (ret == HWCRYPTOHOOK_ERROR_FALLBACK) {
-            HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP, HWCRHK_R_REQUEST_FALLBACK);
-        } else {
-            HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP, HWCRHK_R_REQUEST_FAILED);
-        }
-        ERR_add_error_data(1, rmsg.buf);
-        goto err;
-    }
-
-    to_return = 1;
- err:
-    return to_return;
-}
-
-#  ifndef OPENSSL_NO_RSA
-static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa,
-                              BN_CTX *ctx)
-{
-    char tempbuf[1024];
-    HWCryptoHook_ErrMsgBuf rmsg;
-    HWCryptoHook_RSAKeyHandle *hptr;
-    int to_return = 0, ret;
-
-    rmsg.buf = tempbuf;
-    rmsg.size = sizeof(tempbuf);
-
-    if (!hwcrhk_context) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, HWCRHK_R_NOT_INITIALISED);
-        goto err;
-    }
-
-    /*
-     * This provides support for nForce keys.  Since that's opaque data all
-     * we do is provide a handle to the proper key and let HWCryptoHook take
-     * care of the rest.
-     */
-    if ((hptr =
-         (HWCryptoHook_RSAKeyHandle *) RSA_get_ex_data(rsa, hndidx_rsa))
-        != NULL) {
-        HWCryptoHook_MPI m_a, m_r;
-
-        if (!rsa->n) {
-            HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
-                      HWCRHK_R_MISSING_KEY_COMPONENTS);
-            goto err;
-        }
-
-        /* Prepare the params */
-        bn_expand2(r, rsa->n->top); /* Check for error !! */
-        BN2MPI(m_a, I);
-        MPI2BN(r, m_r);
-
-        /* Perform the operation */
-        ret = p_hwcrhk_RSA(m_a, *hptr, &m_r, &rmsg);
-
-        /* Convert the response */
-        r->top = m_r.size / sizeof(BN_ULONG);
-        bn_fix_top(r);
-
-        if (ret < 0) {
-            /*
-             * FIXME: When this error is returned, HWCryptoHook is telling us
-             * that falling back to software computation might be a good
-             * thing.
-             */
-            if (ret == HWCRYPTOHOOK_ERROR_FALLBACK) {
-                HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
-                          HWCRHK_R_REQUEST_FALLBACK);
-            } else {
-                HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
-                          HWCRHK_R_REQUEST_FAILED);
-            }
-            ERR_add_error_data(1, rmsg.buf);
-            goto err;
-        }
-    } else {
-        HWCryptoHook_MPI m_a, m_p, m_q, m_dmp1, m_dmq1, m_iqmp, m_r;
-
-        if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
-            HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
-                      HWCRHK_R_MISSING_KEY_COMPONENTS);
-            goto err;
-        }
-
-        /* Prepare the params */
-        bn_expand2(r, rsa->n->top); /* Check for error !! */
-        BN2MPI(m_a, I);
-        BN2MPI(m_p, rsa->p);
-        BN2MPI(m_q, rsa->q);
-        BN2MPI(m_dmp1, rsa->dmp1);
-        BN2MPI(m_dmq1, rsa->dmq1);
-        BN2MPI(m_iqmp, rsa->iqmp);
-        MPI2BN(r, m_r);
-
-        /* Perform the operation */
-        ret = p_hwcrhk_ModExpCRT(hwcrhk_context, m_a, m_p, m_q,
-                                 m_dmp1, m_dmq1, m_iqmp, &m_r, &rmsg);
-
-        /* Convert the response */
-        r->top = m_r.size / sizeof(BN_ULONG);
-        bn_fix_top(r);
-
-        if (ret < 0) {
-            /*
-             * FIXME: When this error is returned, HWCryptoHook is telling us
-             * that falling back to software computation might be a good
-             * thing.
-             */
-            if (ret == HWCRYPTOHOOK_ERROR_FALLBACK) {
-                HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
-                          HWCRHK_R_REQUEST_FALLBACK);
-            } else {
-                HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
-                          HWCRHK_R_REQUEST_FAILED);
-            }
-            ERR_add_error_data(1, rmsg.buf);
-            goto err;
-        }
-    }
-    /*
-     * If we're here, we must be here with some semblance of success :-)
-     */
-    to_return = 1;
- err:
-    return to_return;
-}
-#  endif
-
-#  ifndef OPENSSL_NO_RSA
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                               const BIGNUM *m, BN_CTX *ctx,
-                               BN_MONT_CTX *m_ctx)
-{
-    return hwcrhk_mod_exp(r, a, p, m, ctx);
-}
-
-static int hwcrhk_rsa_finish(RSA *rsa)
-{
-    HWCryptoHook_RSAKeyHandle *hptr;
-
-    hptr = RSA_get_ex_data(rsa, hndidx_rsa);
-    if (hptr) {
-        p_hwcrhk_RSAUnloadKey(*hptr, NULL);
-        OPENSSL_free(hptr);
-        RSA_set_ex_data(rsa, hndidx_rsa, NULL);
-    }
-    return 1;
-}
-
-#  endif
-
-#  ifndef OPENSSL_NO_DH
-/* This function is aliased to mod_exp (with the dh and mont dropped). */
-static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r,
-                             const BIGNUM *a, const BIGNUM *p,
-                             const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
-{
-    return hwcrhk_mod_exp(r, a, p, m, ctx);
-}
-#  endif
-
-/* Random bytes are good */
-static int hwcrhk_rand_bytes(unsigned char *buf, int num)
-{
-    char tempbuf[1024];
-    HWCryptoHook_ErrMsgBuf rmsg;
-    int to_return = 0;          /* assume failure */
-    int ret;
-
-    rmsg.buf = tempbuf;
-    rmsg.size = sizeof(tempbuf);
-
-    if (!hwcrhk_context) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES, HWCRHK_R_NOT_INITIALISED);
-        goto err;
-    }
-
-    ret = p_hwcrhk_RandomBytes(hwcrhk_context, buf, num, &rmsg);
-    if (ret < 0) {
-        /*
-         * FIXME: When this error is returned, HWCryptoHook is telling us
-         * that falling back to software computation might be a good thing.
-         */
-        if (ret == HWCRYPTOHOOK_ERROR_FALLBACK) {
-            HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES, HWCRHK_R_REQUEST_FALLBACK);
-        } else {
-            HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES, HWCRHK_R_REQUEST_FAILED);
-        }
-        ERR_add_error_data(1, rmsg.buf);
-        goto err;
-    }
-    to_return = 1;
- err:
-    return to_return;
-}
-
-static int hwcrhk_rand_status(void)
-{
-    return 1;
-}
-
-/*
- * Mutex calls: since the HWCryptoHook model closely follows the POSIX model
- * these just wrap the POSIX functions and add some logging.
- */
-
-static int hwcrhk_mutex_init(HWCryptoHook_Mutex * mt,
-                             HWCryptoHook_CallerContext * cactx)
-{
-    mt->lockid = CRYPTO_get_new_dynlockid();
-    if (mt->lockid == 0)
-        return 1;               /* failure */
-    return 0;                   /* success */
-}
-
-static int hwcrhk_mutex_lock(HWCryptoHook_Mutex * mt)
-{
-    CRYPTO_w_lock(mt->lockid);
-    return 0;
-}
-
-static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex * mt)
-{
-    CRYPTO_w_unlock(mt->lockid);
-}
-
-static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex * mt)
-{
-    CRYPTO_destroy_dynlockid(mt->lockid);
-}
-
-static int hwcrhk_get_pass(const char *prompt_info,
-                           int *len_io, char *buf,
-                           HWCryptoHook_PassphraseContext * ppctx,
-                           HWCryptoHook_CallerContext * cactx)
-{
-    pem_password_cb *callback = NULL;
-    void *callback_data = NULL;
-    UI_METHOD *ui_method = NULL;
-    /*
-     * Despite what the documentation says prompt_info can be an empty
-     * string.
-     */
-    if (prompt_info && !*prompt_info)
-        prompt_info = NULL;
-
-    if (cactx) {
-        if (cactx->ui_method)
-            ui_method = cactx->ui_method;
-        if (cactx->password_callback)
-            callback = cactx->password_callback;
-        if (cactx->callback_data)
-            callback_data = cactx->callback_data;
-    }
-    if (ppctx) {
-        if (ppctx->ui_method) {
-            ui_method = ppctx->ui_method;
-            callback = NULL;
-        }
-        if (ppctx->callback_data)
-            callback_data = ppctx->callback_data;
-    }
-    if (callback == NULL && ui_method == NULL) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_GET_PASS, HWCRHK_R_NO_CALLBACK);
-        return -1;
-    }
-
-    if (ui_method) {
-        UI *ui = UI_new_method(ui_method);
-        if (ui) {
-            int ok;
-            char *prompt = UI_construct_prompt(ui,
-                                               "pass phrase", prompt_info);
-
-            ok = UI_add_input_string(ui, prompt,
-                                     UI_INPUT_FLAG_DEFAULT_PWD,
-                                     buf, 0, (*len_io) - 1);
-            UI_add_user_data(ui, callback_data);
-            UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
-
-            if (ok >= 0)
-                do {
-                    ok = UI_process(ui);
-                }
-                while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
-
-            if (ok >= 0)
-                *len_io = strlen(buf);
-
-            UI_free(ui);
-            OPENSSL_free(prompt);
-        }
-    } else {
-        *len_io = callback(buf, *len_io, 0, callback_data);
-    }
-    if (!*len_io)
-        return -1;
-    return 0;
-}
-
-static int hwcrhk_insert_card(const char *prompt_info,
-                              const char *wrong_info,
-                              HWCryptoHook_PassphraseContext * ppctx,
-                              HWCryptoHook_CallerContext * cactx)
-{
-    int ok = -1;
-    UI *ui;
-    void *callback_data = NULL;
-    UI_METHOD *ui_method = NULL;
-
-    if (cactx) {
-        if (cactx->ui_method)
-            ui_method = cactx->ui_method;
-        if (cactx->callback_data)
-            callback_data = cactx->callback_data;
-    }
-    if (ppctx) {
-        if (ppctx->ui_method)
-            ui_method = ppctx->ui_method;
-        if (ppctx->callback_data)
-            callback_data = ppctx->callback_data;
-    }
-    if (ui_method == NULL) {
-        HWCRHKerr(HWCRHK_F_HWCRHK_INSERT_CARD, HWCRHK_R_NO_CALLBACK);
-        return -1;
-    }
-
-    ui = UI_new_method(ui_method);
-
-    if (ui) {
-        char answer;
-        char buf[BUFSIZ];
-        /*
-         * Despite what the documentation says wrong_info can be an empty
-         * string.
-         */
-        if (wrong_info && *wrong_info)
-            BIO_snprintf(buf, sizeof(buf) - 1,
-                         "Current card: \"%s\"\n", wrong_info);
-        else
-            buf[0] = 0;
-        ok = UI_dup_info_string(ui, buf);
-        if (ok >= 0 && prompt_info) {
-            BIO_snprintf(buf, sizeof(buf) - 1,
-                         "Insert card \"%s\"", prompt_info);
-            ok = UI_dup_input_boolean(ui, buf,
-                                      "\n then hit <enter> or C<enter> to cancel\n",
-                                      "\r\n", "Cc", UI_INPUT_FLAG_ECHO,
-                                      &answer);
-        }
-        UI_add_user_data(ui, callback_data);
-
-        if (ok >= 0)
-            ok = UI_process(ui);
-        UI_free(ui);
-
-        if (ok == -2 || (ok >= 0 && answer == 'C'))
-            ok = 1;
-        else if (ok < 0)
-            ok = -1;
-        else
-            ok = 0;
-    }
-    return ok;
-}
-
-static void hwcrhk_log_message(void *logstr, const char *message)
-{
-    BIO *lstream = NULL;
-
-    CRYPTO_w_lock(CRYPTO_LOCK_BIO);
-    if (logstr)
-        lstream = *(BIO **)logstr;
-    if (lstream) {
-        BIO_printf(lstream, "%s\n", message);
-    }
-    CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
-}
-
-/*
- * This stuff is needed if this ENGINE is being compiled into a
- * self-contained shared-library.
- */
-#  ifndef OPENSSL_NO_DYNAMIC_ENGINE
-static int bind_fn(ENGINE *e, const char *id)
-{
-    if (id && (strcmp(id, engine_hwcrhk_id) != 0) &&
-        (strcmp(id, engine_hwcrhk_id_alt) != 0))
-        return 0;
-    if (!bind_helper(e))
-        return 0;
-    return 1;
-}
-
-IMPLEMENT_DYNAMIC_CHECK_FN()
-    IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#  endif                        /* OPENSSL_NO_DYNAMIC_ENGINE */
-# endif                         /* !OPENSSL_NO_HW_CHIL */
-#endif                          /* !OPENSSL_NO_HW */

Copied: vendor-crypto/openssl/1.0.1u/engines/e_chil.c (from rev 11605, vendor-crypto/openssl/dist/engines/e_chil.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/engines/e_chil.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/engines/e_chil.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,1343 @@
+/* crypto/engine/e_chil.c */
+/*
+ * Written by Richard Levitte (richard at levitte.org), Geoff Thorpe
+ * (geoff at geoffthorpe.net) and Dr Stephen N Henson (steve at openssl.org) for
+ * the OpenSSL project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/pem.h>
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+#include <openssl/ui.h>
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+#include <openssl/bn.h>
+
+#ifndef OPENSSL_NO_HW
+# ifndef OPENSSL_NO_HW_CHIL
+
+/*-
+ * Attribution notice: nCipher have said several times that it's OK for
+ * us to implement a general interface to their boxes, and recently declared
+ * their HWCryptoHook to be public, and therefore available for us to use.
+ * Thanks, nCipher.
+ *
+ * The hwcryptohook.h included here is from May 2000.
+ * [Richard Levitte]
+ */
+#  ifdef FLAT_INC
+#   include "hwcryptohook.h"
+#  else
+#   include "vendor_defns/hwcryptohook.h"
+#  endif
+
+#  define HWCRHK_LIB_NAME "CHIL engine"
+#  include "e_chil_err.c"
+
+static int hwcrhk_destroy(ENGINE *e);
+static int hwcrhk_init(ENGINE *e);
+static int hwcrhk_finish(ENGINE *e);
+static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
+
+/* Functions to handle mutexes */
+static int hwcrhk_mutex_init(HWCryptoHook_Mutex *,
+                             HWCryptoHook_CallerContext *);
+static int hwcrhk_mutex_lock(HWCryptoHook_Mutex *);
+static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex *);
+static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex *);
+
+/* BIGNUM stuff */
+static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                          const BIGNUM *m, BN_CTX *ctx);
+
+#  ifndef OPENSSL_NO_RSA
+/* RSA stuff */
+static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa,
+                              BN_CTX *ctx);
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                               const BIGNUM *m, BN_CTX *ctx,
+                               BN_MONT_CTX *m_ctx);
+static int hwcrhk_rsa_finish(RSA *rsa);
+#  endif
+
+#  ifndef OPENSSL_NO_DH
+/* DH stuff */
+/* This function is alised to mod_exp (with the DH and mont dropped). */
+static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r,
+                             const BIGNUM *a, const BIGNUM *p,
+                             const BIGNUM *m, BN_CTX *ctx,
+                             BN_MONT_CTX *m_ctx);
+#  endif
+
+/* RAND stuff */
+static int hwcrhk_rand_bytes(unsigned char *buf, int num);
+static int hwcrhk_rand_status(void);
+
+/* KM stuff */
+static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
+                                     UI_METHOD *ui_method,
+                                     void *callback_data);
+static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
+                                    UI_METHOD *ui_method,
+                                    void *callback_data);
+
+/* Interaction stuff */
+static int hwcrhk_insert_card(const char *prompt_info,
+                              const char *wrong_info,
+                              HWCryptoHook_PassphraseContext * ppctx,
+                              HWCryptoHook_CallerContext * cactx);
+static int hwcrhk_get_pass(const char *prompt_info,
+                           int *len_io, char *buf,
+                           HWCryptoHook_PassphraseContext * ppctx,
+                           HWCryptoHook_CallerContext * cactx);
+static void hwcrhk_log_message(void *logstr, const char *message);
+
+/* The definitions for control commands specific to this engine */
+#  define HWCRHK_CMD_SO_PATH              ENGINE_CMD_BASE
+#  define HWCRHK_CMD_FORK_CHECK           (ENGINE_CMD_BASE + 1)
+#  define HWCRHK_CMD_THREAD_LOCKING       (ENGINE_CMD_BASE + 2)
+#  define HWCRHK_CMD_SET_USER_INTERFACE   (ENGINE_CMD_BASE + 3)
+#  define HWCRHK_CMD_SET_CALLBACK_DATA    (ENGINE_CMD_BASE + 4)
+static const ENGINE_CMD_DEFN hwcrhk_cmd_defns[] = {
+    {HWCRHK_CMD_SO_PATH,
+     "SO_PATH",
+     "Specifies the path to the 'hwcrhk' shared library",
+     ENGINE_CMD_FLAG_STRING},
+    {HWCRHK_CMD_FORK_CHECK,
+     "FORK_CHECK",
+     "Turns fork() checking on (non-zero) or off (zero)",
+     ENGINE_CMD_FLAG_NUMERIC},
+    {HWCRHK_CMD_THREAD_LOCKING,
+     "THREAD_LOCKING",
+     "Turns thread-safe locking on (zero) or off (non-zero)",
+     ENGINE_CMD_FLAG_NUMERIC},
+    {HWCRHK_CMD_SET_USER_INTERFACE,
+     "SET_USER_INTERFACE",
+     "Set the global user interface (internal)",
+     ENGINE_CMD_FLAG_INTERNAL},
+    {HWCRHK_CMD_SET_CALLBACK_DATA,
+     "SET_CALLBACK_DATA",
+     "Set the global user interface extra data (internal)",
+     ENGINE_CMD_FLAG_INTERNAL},
+    {0, NULL, NULL, 0}
+};
+
+#  ifndef OPENSSL_NO_RSA
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD hwcrhk_rsa = {
+    "CHIL RSA method",
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    hwcrhk_rsa_mod_exp,
+    hwcrhk_mod_exp_mont,
+    NULL,
+    hwcrhk_rsa_finish,
+    0,
+    NULL,
+    NULL,
+    NULL,
+    NULL
+};
+#  endif
+
+#  ifndef OPENSSL_NO_DH
+/* Our internal DH_METHOD that we provide pointers to */
+static DH_METHOD hwcrhk_dh = {
+    "CHIL DH method",
+    NULL,
+    NULL,
+    hwcrhk_mod_exp_dh,
+    NULL,
+    NULL,
+    0,
+    NULL,
+    NULL
+};
+#  endif
+
+static RAND_METHOD hwcrhk_rand = {
+    /* "CHIL RAND method", */
+    NULL,
+    hwcrhk_rand_bytes,
+    NULL,
+    NULL,
+    hwcrhk_rand_bytes,
+    hwcrhk_rand_status,
+};
+
+/* Constants used when creating the ENGINE */
+static const char *engine_hwcrhk_id = "chil";
+static const char *engine_hwcrhk_name = "CHIL hardware engine support";
+#  ifndef OPENSSL_NO_DYNAMIC_ENGINE
+/* Compatibility hack, the dynamic library uses this form in the path */
+static const char *engine_hwcrhk_id_alt = "ncipher";
+#  endif
+
+/* Internal stuff for HWCryptoHook */
+
+/* Some structures needed for proper use of thread locks */
+/*
+ * hwcryptohook.h has some typedefs that turn struct HWCryptoHook_MutexValue
+ * into HWCryptoHook_Mutex
+ */
+struct HWCryptoHook_MutexValue {
+    int lockid;
+};
+
+/*
+ * hwcryptohook.h has some typedefs that turn struct
+ * HWCryptoHook_PassphraseContextValue into HWCryptoHook_PassphraseContext
+ */
+struct HWCryptoHook_PassphraseContextValue {
+    UI_METHOD *ui_method;
+    void *callback_data;
+};
+
+/*
+ * hwcryptohook.h has some typedefs that turn struct
+ * HWCryptoHook_CallerContextValue into HWCryptoHook_CallerContext
+ */
+struct HWCryptoHook_CallerContextValue {
+    pem_password_cb *password_callback; /* Deprecated! Only present for
+                                         * backward compatibility! */
+    UI_METHOD *ui_method;
+    void *callback_data;
+};
+
+/*
+ * The MPI structure in HWCryptoHook is pretty compatible with OpenSSL
+ * BIGNUM's, so lets define a couple of conversion macros
+ */
+#  define BN2MPI(mp, bn) \
+    {mp.size = bn->top * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;}
+#  define MPI2BN(bn, mp) \
+    {mp.size = bn->dmax * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;}
+
+static BIO *logstream = NULL;
+static int disable_mutex_callbacks = 0;
+
+/*
+ * One might wonder why these are needed, since one can pass down at least a
+ * UI_METHOD and a pointer to callback data to the key-loading functions. The
+ * thing is that the ModExp and RSAImmed functions can load keys as well, if
+ * the data they get is in a special, nCipher-defined format (hint: if you
+ * look at the private exponent of the RSA data as a string, you'll see this
+ * string: "nCipher KM tool key id", followed by some bytes, followed a key
+ * identity string, followed by more bytes.  This happens when you use
+ * "embed" keys instead of "hwcrhk" keys).  Unfortunately, those functions do
+ * not take any passphrase or caller context, and our functions can't really
+ * take any callback data either.  Still, the "insert_card" and
+ * "get_passphrase" callbacks may be called down the line, and will need to
+ * know what user interface callbacks to call, and having callback data from
+ * the application may be a nice thing as well, so we need to keep track of
+ * that globally.
+ */
+static HWCryptoHook_CallerContext password_context = { NULL, NULL, NULL };
+
+/* Stuff to pass to the HWCryptoHook library */
+static HWCryptoHook_InitInfo hwcrhk_globals = {
+    HWCryptoHook_InitFlags_SimpleForkCheck, /* Flags */
+    &logstream,                 /* logstream */
+    sizeof(BN_ULONG),           /* limbsize */
+    0,                          /* mslimb first: false for BNs */
+    -1,                         /* msbyte first: use native */
+    0,                          /* Max mutexes, 0 = no small limit */
+    0,                          /* Max simultaneous, 0 = default */
+
+    /*
+     * The next few are mutex stuff: we write wrapper functions around the OS
+     * mutex functions.  We initialise them to 0 here, and change that to
+     * actual function pointers in hwcrhk_init() if dynamic locks are
+     * supported (that is, if the application programmer has made sure of
+     * setting up callbacks bafore starting this engine) *and* if
+     * disable_mutex_callbacks hasn't been set by a call to
+     * ENGINE_ctrl(ENGINE_CTRL_CHIL_NO_LOCKING).
+     */
+    sizeof(HWCryptoHook_Mutex),
+    0,
+    0,
+    0,
+    0,
+
+    /*
+     * The next few are condvar stuff: we write wrapper functions round the
+     * OS functions.  Currently not implemented and not and absolute
+     * necessity even in threaded programs, therefore 0'ed.  Will hopefully
+     * be implemented some day, since it enhances the efficiency of
+     * HWCryptoHook.
+     */
+    0,                          /* sizeof(HWCryptoHook_CondVar), */
+    0,                          /* hwcrhk_cv_init, */
+    0,                          /* hwcrhk_cv_wait, */
+    0,                          /* hwcrhk_cv_signal, */
+    0,                          /* hwcrhk_cv_broadcast, */
+    0,                          /* hwcrhk_cv_destroy, */
+
+    hwcrhk_get_pass,            /* pass phrase */
+    hwcrhk_insert_card,         /* insert a card */
+    hwcrhk_log_message          /* Log message */
+};
+
+/* Now, to our own code */
+
+/*
+ * This internal function is used by ENGINE_chil() and possibly by the
+ * "dynamic" ENGINE support too
+ */
+static int bind_helper(ENGINE *e)
+{
+#  ifndef OPENSSL_NO_RSA
+    const RSA_METHOD *meth1;
+#  endif
+#  ifndef OPENSSL_NO_DH
+    const DH_METHOD *meth2;
+#  endif
+    if (!ENGINE_set_id(e, engine_hwcrhk_id) ||
+        !ENGINE_set_name(e, engine_hwcrhk_name) ||
+#  ifndef OPENSSL_NO_RSA
+        !ENGINE_set_RSA(e, &hwcrhk_rsa) ||
+#  endif
+#  ifndef OPENSSL_NO_DH
+        !ENGINE_set_DH(e, &hwcrhk_dh) ||
+#  endif
+        !ENGINE_set_RAND(e, &hwcrhk_rand) ||
+        !ENGINE_set_destroy_function(e, hwcrhk_destroy) ||
+        !ENGINE_set_init_function(e, hwcrhk_init) ||
+        !ENGINE_set_finish_function(e, hwcrhk_finish) ||
+        !ENGINE_set_ctrl_function(e, hwcrhk_ctrl) ||
+        !ENGINE_set_load_privkey_function(e, hwcrhk_load_privkey) ||
+        !ENGINE_set_load_pubkey_function(e, hwcrhk_load_pubkey) ||
+        !ENGINE_set_cmd_defns(e, hwcrhk_cmd_defns))
+        return 0;
+
+#  ifndef OPENSSL_NO_RSA
+    /*
+     * We know that the "PKCS1_SSLeay()" functions hook properly to the
+     * cswift-specific mod_exp and mod_exp_crt so we use those functions. NB:
+     * We don't use ENGINE_openssl() or anything "more generic" because
+     * something like the RSAref code may not hook properly, and if you own
+     * one of these cards then you have the right to do RSA operations on it
+     * anyway!
+     */
+    meth1 = RSA_PKCS1_SSLeay();
+    hwcrhk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+    hwcrhk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+    hwcrhk_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+    hwcrhk_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+#  endif
+
+#  ifndef OPENSSL_NO_DH
+    /* Much the same for Diffie-Hellman */
+    meth2 = DH_OpenSSL();
+    hwcrhk_dh.generate_key = meth2->generate_key;
+    hwcrhk_dh.compute_key = meth2->compute_key;
+#  endif
+
+    /* Ensure the hwcrhk error handling is set up */
+    ERR_load_HWCRHK_strings();
+    return 1;
+}
+
+#  ifdef OPENSSL_NO_DYNAMIC_ENGINE
+static ENGINE *engine_chil(void)
+{
+    ENGINE *ret = ENGINE_new();
+    if (!ret)
+        return NULL;
+    if (!bind_helper(ret)) {
+        ENGINE_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+void ENGINE_load_chil(void)
+{
+    /* Copied from eng_[openssl|dyn].c */
+    ENGINE *toadd = engine_chil();
+    if (!toadd)
+        return;
+    ENGINE_add(toadd);
+    ENGINE_free(toadd);
+    ERR_clear_error();
+}
+#  endif
+
+/*
+ * This is a process-global DSO handle used for loading and unloading the
+ * HWCryptoHook library. NB: This is only set (or unset) during an init() or
+ * finish() call (reference counts permitting) and they're operating with
+ * global locks, so this should be thread-safe implicitly.
+ */
+static DSO *hwcrhk_dso = NULL;
+static HWCryptoHook_ContextHandle hwcrhk_context = 0;
+#  ifndef OPENSSL_NO_RSA
+/* Index for KM handle.  Not really used yet. */
+static int hndidx_rsa = -1;
+#  endif
+
+/*
+ * These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded.
+ */
+static HWCryptoHook_Init_t *p_hwcrhk_Init = NULL;
+static HWCryptoHook_Finish_t *p_hwcrhk_Finish = NULL;
+static HWCryptoHook_ModExp_t *p_hwcrhk_ModExp = NULL;
+#  ifndef OPENSSL_NO_RSA
+static HWCryptoHook_RSA_t *p_hwcrhk_RSA = NULL;
+#  endif
+static HWCryptoHook_RandomBytes_t *p_hwcrhk_RandomBytes = NULL;
+#  ifndef OPENSSL_NO_RSA
+static HWCryptoHook_RSALoadKey_t *p_hwcrhk_RSALoadKey = NULL;
+static HWCryptoHook_RSAGetPublicKey_t *p_hwcrhk_RSAGetPublicKey = NULL;
+static HWCryptoHook_RSAUnloadKey_t *p_hwcrhk_RSAUnloadKey = NULL;
+#  endif
+static HWCryptoHook_ModExpCRT_t *p_hwcrhk_ModExpCRT = NULL;
+
+/* Used in the DSO operations. */
+static const char *HWCRHK_LIBNAME = NULL;
+static void free_HWCRHK_LIBNAME(void)
+{
+    if (HWCRHK_LIBNAME)
+        OPENSSL_free((void *)HWCRHK_LIBNAME);
+    HWCRHK_LIBNAME = NULL;
+}
+
+static const char *get_HWCRHK_LIBNAME(void)
+{
+    if (HWCRHK_LIBNAME)
+        return HWCRHK_LIBNAME;
+    return "nfhwcrhk";
+}
+
+static long set_HWCRHK_LIBNAME(const char *name)
+{
+    free_HWCRHK_LIBNAME();
+    return (((HWCRHK_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+}
+
+static const char *n_hwcrhk_Init = "HWCryptoHook_Init";
+static const char *n_hwcrhk_Finish = "HWCryptoHook_Finish";
+static const char *n_hwcrhk_ModExp = "HWCryptoHook_ModExp";
+#  ifndef OPENSSL_NO_RSA
+static const char *n_hwcrhk_RSA = "HWCryptoHook_RSA";
+#  endif
+static const char *n_hwcrhk_RandomBytes = "HWCryptoHook_RandomBytes";
+#  ifndef OPENSSL_NO_RSA
+static const char *n_hwcrhk_RSALoadKey = "HWCryptoHook_RSALoadKey";
+static const char *n_hwcrhk_RSAGetPublicKey = "HWCryptoHook_RSAGetPublicKey";
+static const char *n_hwcrhk_RSAUnloadKey = "HWCryptoHook_RSAUnloadKey";
+#  endif
+static const char *n_hwcrhk_ModExpCRT = "HWCryptoHook_ModExpCRT";
+
+/*
+ * HWCryptoHook library functions and mechanics - these are used by the
+ * higher-level functions further down. NB: As and where there's no error
+ * checking, take a look lower down where these functions are called, the
+ * checking and error handling is probably down there.
+ */
+
+/* utility function to obtain a context */
+static int get_context(HWCryptoHook_ContextHandle * hac,
+                       HWCryptoHook_CallerContext * cac)
+{
+    char tempbuf[1024];
+    HWCryptoHook_ErrMsgBuf rmsg;
+
+    rmsg.buf = tempbuf;
+    rmsg.size = sizeof(tempbuf);
+
+    *hac = p_hwcrhk_Init(&hwcrhk_globals, sizeof(hwcrhk_globals), &rmsg, cac);
+    if (!*hac)
+        return 0;
+    return 1;
+}
+
+/* similarly to release one. */
+static void release_context(HWCryptoHook_ContextHandle hac)
+{
+    p_hwcrhk_Finish(hac);
+}
+
+/* Destructor (complements the "ENGINE_chil()" constructor) */
+static int hwcrhk_destroy(ENGINE *e)
+{
+    free_HWCRHK_LIBNAME();
+    ERR_unload_HWCRHK_strings();
+    return 1;
+}
+
+/* (de)initialisation functions. */
+static int hwcrhk_init(ENGINE *e)
+{
+    HWCryptoHook_Init_t *p1;
+    HWCryptoHook_Finish_t *p2;
+    HWCryptoHook_ModExp_t *p3;
+#  ifndef OPENSSL_NO_RSA
+    HWCryptoHook_RSA_t *p4;
+    HWCryptoHook_RSALoadKey_t *p5;
+    HWCryptoHook_RSAGetPublicKey_t *p6;
+    HWCryptoHook_RSAUnloadKey_t *p7;
+#  endif
+    HWCryptoHook_RandomBytes_t *p8;
+    HWCryptoHook_ModExpCRT_t *p9;
+
+    if (hwcrhk_dso != NULL) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_ALREADY_LOADED);
+        goto err;
+    }
+    /* Attempt to load libnfhwcrhk.so/nfhwcrhk.dll/whatever. */
+    hwcrhk_dso = DSO_load(NULL, get_HWCRHK_LIBNAME(), NULL, 0);
+    if (hwcrhk_dso == NULL) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_DSO_FAILURE);
+        goto err;
+    }
+    if (!(p1 = (HWCryptoHook_Init_t *)
+          DSO_bind_func(hwcrhk_dso, n_hwcrhk_Init)) ||
+        !(p2 = (HWCryptoHook_Finish_t *)
+          DSO_bind_func(hwcrhk_dso, n_hwcrhk_Finish)) ||
+        !(p3 = (HWCryptoHook_ModExp_t *)
+          DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExp)) ||
+#  ifndef OPENSSL_NO_RSA
+        !(p4 = (HWCryptoHook_RSA_t *)
+          DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSA)) ||
+        !(p5 = (HWCryptoHook_RSALoadKey_t *)
+          DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSALoadKey)) ||
+        !(p6 = (HWCryptoHook_RSAGetPublicKey_t *)
+          DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAGetPublicKey)) ||
+        !(p7 = (HWCryptoHook_RSAUnloadKey_t *)
+          DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAUnloadKey)) ||
+#  endif
+        !(p8 = (HWCryptoHook_RandomBytes_t *)
+          DSO_bind_func(hwcrhk_dso, n_hwcrhk_RandomBytes)) ||
+        !(p9 = (HWCryptoHook_ModExpCRT_t *)
+          DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExpCRT))) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_DSO_FAILURE);
+        goto err;
+    }
+    /* Copy the pointers */
+    p_hwcrhk_Init = p1;
+    p_hwcrhk_Finish = p2;
+    p_hwcrhk_ModExp = p3;
+#  ifndef OPENSSL_NO_RSA
+    p_hwcrhk_RSA = p4;
+    p_hwcrhk_RSALoadKey = p5;
+    p_hwcrhk_RSAGetPublicKey = p6;
+    p_hwcrhk_RSAUnloadKey = p7;
+#  endif
+    p_hwcrhk_RandomBytes = p8;
+    p_hwcrhk_ModExpCRT = p9;
+
+    /*
+     * Check if the application decided to support dynamic locks, and if it
+     * does, use them.
+     */
+    if (disable_mutex_callbacks == 0) {
+        if (CRYPTO_get_dynlock_create_callback() != NULL &&
+            CRYPTO_get_dynlock_lock_callback() != NULL &&
+            CRYPTO_get_dynlock_destroy_callback() != NULL) {
+            hwcrhk_globals.mutex_init = hwcrhk_mutex_init;
+            hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock;
+            hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock;
+            hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy;
+        }
+    }
+
+    /*
+     * Try and get a context - if not, we may have a DSO but no accelerator!
+     */
+    if (!get_context(&hwcrhk_context, &password_context)) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_UNIT_FAILURE);
+        goto err;
+    }
+    /* Everything's fine. */
+#  ifndef OPENSSL_NO_RSA
+    if (hndidx_rsa == -1)
+        hndidx_rsa = RSA_get_ex_new_index(0,
+                                          "nFast HWCryptoHook RSA key handle",
+                                          NULL, NULL, NULL);
+#  endif
+    return 1;
+ err:
+    if (hwcrhk_dso)
+        DSO_free(hwcrhk_dso);
+    hwcrhk_dso = NULL;
+    p_hwcrhk_Init = NULL;
+    p_hwcrhk_Finish = NULL;
+    p_hwcrhk_ModExp = NULL;
+#  ifndef OPENSSL_NO_RSA
+    p_hwcrhk_RSA = NULL;
+    p_hwcrhk_RSALoadKey = NULL;
+    p_hwcrhk_RSAGetPublicKey = NULL;
+    p_hwcrhk_RSAUnloadKey = NULL;
+#  endif
+    p_hwcrhk_ModExpCRT = NULL;
+    p_hwcrhk_RandomBytes = NULL;
+    return 0;
+}
+
+static int hwcrhk_finish(ENGINE *e)
+{
+    int to_return = 1;
+    free_HWCRHK_LIBNAME();
+    if (hwcrhk_dso == NULL) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_FINISH, HWCRHK_R_NOT_LOADED);
+        to_return = 0;
+        goto err;
+    }
+    release_context(hwcrhk_context);
+    if (!DSO_free(hwcrhk_dso)) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_FINISH, HWCRHK_R_DSO_FAILURE);
+        to_return = 0;
+        goto err;
+    }
+ err:
+    if (logstream)
+        BIO_free(logstream);
+    hwcrhk_dso = NULL;
+    p_hwcrhk_Init = NULL;
+    p_hwcrhk_Finish = NULL;
+    p_hwcrhk_ModExp = NULL;
+#  ifndef OPENSSL_NO_RSA
+    p_hwcrhk_RSA = NULL;
+    p_hwcrhk_RSALoadKey = NULL;
+    p_hwcrhk_RSAGetPublicKey = NULL;
+    p_hwcrhk_RSAUnloadKey = NULL;
+#  endif
+    p_hwcrhk_ModExpCRT = NULL;
+    p_hwcrhk_RandomBytes = NULL;
+    return to_return;
+}
+
+static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+{
+    int to_return = 1;
+
+    switch (cmd) {
+    case HWCRHK_CMD_SO_PATH:
+        if (hwcrhk_dso) {
+            HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, HWCRHK_R_ALREADY_LOADED);
+            return 0;
+        }
+        if (p == NULL) {
+            HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+            return 0;
+        }
+        return set_HWCRHK_LIBNAME((const char *)p);
+    case ENGINE_CTRL_SET_LOGSTREAM:
+        {
+            BIO *bio = (BIO *)p;
+
+            CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+            if (logstream) {
+                BIO_free(logstream);
+                logstream = NULL;
+            }
+            if (CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO) > 1)
+                logstream = bio;
+            else
+                HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, HWCRHK_R_BIO_WAS_FREED);
+        }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        break;
+    case ENGINE_CTRL_SET_PASSWORD_CALLBACK:
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        password_context.password_callback = (pem_password_cb *)f;
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        break;
+    case ENGINE_CTRL_SET_USER_INTERFACE:
+    case HWCRHK_CMD_SET_USER_INTERFACE:
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        password_context.ui_method = (UI_METHOD *)p;
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        break;
+    case ENGINE_CTRL_SET_CALLBACK_DATA:
+    case HWCRHK_CMD_SET_CALLBACK_DATA:
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        password_context.callback_data = p;
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        break;
+        /*
+         * this enables or disables the "SimpleForkCheck" flag used in the
+         * initialisation structure.
+         */
+    case ENGINE_CTRL_CHIL_SET_FORKCHECK:
+    case HWCRHK_CMD_FORK_CHECK:
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        if (i)
+            hwcrhk_globals.flags |= HWCryptoHook_InitFlags_SimpleForkCheck;
+        else
+            hwcrhk_globals.flags &= ~HWCryptoHook_InitFlags_SimpleForkCheck;
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        break;
+        /*
+         * This will prevent the initialisation function from "installing"
+         * the mutex-handling callbacks, even if they are available from
+         * within the library (or were provided to the library from the
+         * calling application). This is to remove any baggage for
+         * applications not using multithreading.
+         */
+    case ENGINE_CTRL_CHIL_NO_LOCKING:
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        disable_mutex_callbacks = 1;
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        break;
+    case HWCRHK_CMD_THREAD_LOCKING:
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        disable_mutex_callbacks = ((i == 0) ? 0 : 1);
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        break;
+
+        /* The command isn't understood by this engine */
+    default:
+        HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,
+                  HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+        to_return = 0;
+        break;
+    }
+
+    return to_return;
+}
+
+static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
+                                     UI_METHOD *ui_method,
+                                     void *callback_data)
+{
+#  ifndef OPENSSL_NO_RSA
+    RSA *rtmp = NULL;
+#  endif
+    EVP_PKEY *res = NULL;
+#  ifndef OPENSSL_NO_RSA
+    HWCryptoHook_MPI e, n;
+    HWCryptoHook_RSAKeyHandle *hptr;
+#  endif
+#  if !defined(OPENSSL_NO_RSA)
+    char tempbuf[1024];
+    HWCryptoHook_ErrMsgBuf rmsg;
+    HWCryptoHook_PassphraseContext ppctx;
+#  endif
+
+#  if !defined(OPENSSL_NO_RSA)
+    rmsg.buf = tempbuf;
+    rmsg.size = sizeof(tempbuf);
+#  endif
+
+    if (!hwcrhk_context) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_NOT_INITIALISED);
+        goto err;
+    }
+#  ifndef OPENSSL_NO_RSA
+    hptr = OPENSSL_malloc(sizeof(HWCryptoHook_RSAKeyHandle));
+    if (!hptr) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    ppctx.ui_method = ui_method;
+    ppctx.callback_data = callback_data;
+    if (p_hwcrhk_RSALoadKey(hwcrhk_context, key_id, hptr, &rmsg, &ppctx)) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR);
+        ERR_add_error_data(1, rmsg.buf);
+        goto err;
+    }
+    if (!*hptr) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_NO_KEY);
+        goto err;
+    }
+#  endif
+#  ifndef OPENSSL_NO_RSA
+    rtmp = RSA_new_method(eng);
+    RSA_set_ex_data(rtmp, hndidx_rsa, (char *)hptr);
+    rtmp->e = BN_new();
+    rtmp->n = BN_new();
+    rtmp->flags |= RSA_FLAG_EXT_PKEY;
+    MPI2BN(rtmp->e, e);
+    MPI2BN(rtmp->n, n);
+    if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg)
+        != HWCRYPTOHOOK_ERROR_MPISIZE) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR);
+        ERR_add_error_data(1, rmsg.buf);
+        goto err;
+    }
+
+    bn_expand2(rtmp->e, e.size / sizeof(BN_ULONG));
+    bn_expand2(rtmp->n, n.size / sizeof(BN_ULONG));
+    MPI2BN(rtmp->e, e);
+    MPI2BN(rtmp->n, n);
+
+    if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg)) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR);
+        ERR_add_error_data(1, rmsg.buf);
+        goto err;
+    }
+    rtmp->e->top = e.size / sizeof(BN_ULONG);
+    bn_fix_top(rtmp->e);
+    rtmp->n->top = n.size / sizeof(BN_ULONG);
+    bn_fix_top(rtmp->n);
+
+    res = EVP_PKEY_new();
+    if (res == NULL) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR);
+        goto err;
+    }
+    EVP_PKEY_assign_RSA(res, rtmp);
+#  endif
+
+    if (!res)
+        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
+                  HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED);
+
+    return res;
+ err:
+#  ifndef OPENSSL_NO_RSA
+    if (rtmp)
+        RSA_free(rtmp);
+#  endif
+    return NULL;
+}
+
+static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
+                                    UI_METHOD *ui_method, void *callback_data)
+{
+    EVP_PKEY *res = NULL;
+
+#  ifndef OPENSSL_NO_RSA
+    res = hwcrhk_load_privkey(eng, key_id, ui_method, callback_data);
+#  endif
+
+    if (res)
+        switch (res->type) {
+#  ifndef OPENSSL_NO_RSA
+        case EVP_PKEY_RSA:
+            {
+                RSA *rsa = NULL;
+
+                CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
+                rsa = res->pkey.rsa;
+                res->pkey.rsa = RSA_new();
+                res->pkey.rsa->n = rsa->n;
+                res->pkey.rsa->e = rsa->e;
+                rsa->n = NULL;
+                rsa->e = NULL;
+                CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
+                RSA_free(rsa);
+            }
+            break;
+#  endif
+        default:
+            HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,
+                      HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+            goto err;
+        }
+
+    return res;
+ err:
+    if (res)
+        EVP_PKEY_free(res);
+    return NULL;
+}
+
+/* A little mod_exp */
+static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                          const BIGNUM *m, BN_CTX *ctx)
+{
+    char tempbuf[1024];
+    HWCryptoHook_ErrMsgBuf rmsg;
+    /*
+     * Since HWCryptoHook_MPI is pretty compatible with BIGNUM's, we use them
+     * directly, plus a little macro magic.  We only thing we need to make
+     * sure of is that enough space is allocated.
+     */
+    HWCryptoHook_MPI m_a, m_p, m_n, m_r;
+    int to_return, ret;
+
+    to_return = 0;              /* expect failure */
+    rmsg.buf = tempbuf;
+    rmsg.size = sizeof(tempbuf);
+
+    if (!hwcrhk_context) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP, HWCRHK_R_NOT_INITIALISED);
+        goto err;
+    }
+    /* Prepare the params */
+    bn_expand2(r, m->top);      /* Check for error !! */
+    BN2MPI(m_a, a);
+    BN2MPI(m_p, p);
+    BN2MPI(m_n, m);
+    MPI2BN(r, m_r);
+
+    /* Perform the operation */
+    ret = p_hwcrhk_ModExp(hwcrhk_context, m_a, m_p, m_n, &m_r, &rmsg);
+
+    /* Convert the response */
+    r->top = m_r.size / sizeof(BN_ULONG);
+    bn_fix_top(r);
+
+    if (ret < 0) {
+        /*
+         * FIXME: When this error is returned, HWCryptoHook is telling us
+         * that falling back to software computation might be a good thing.
+         */
+        if (ret == HWCRYPTOHOOK_ERROR_FALLBACK) {
+            HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP, HWCRHK_R_REQUEST_FALLBACK);
+        } else {
+            HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP, HWCRHK_R_REQUEST_FAILED);
+        }
+        ERR_add_error_data(1, rmsg.buf);
+        goto err;
+    }
+
+    to_return = 1;
+ err:
+    return to_return;
+}
+
+#  ifndef OPENSSL_NO_RSA
+static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa,
+                              BN_CTX *ctx)
+{
+    char tempbuf[1024];
+    HWCryptoHook_ErrMsgBuf rmsg;
+    HWCryptoHook_RSAKeyHandle *hptr;
+    int to_return = 0, ret;
+
+    rmsg.buf = tempbuf;
+    rmsg.size = sizeof(tempbuf);
+
+    if (!hwcrhk_context) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, HWCRHK_R_NOT_INITIALISED);
+        goto err;
+    }
+
+    /*
+     * This provides support for nForce keys.  Since that's opaque data all
+     * we do is provide a handle to the proper key and let HWCryptoHook take
+     * care of the rest.
+     */
+    if ((hptr =
+         (HWCryptoHook_RSAKeyHandle *) RSA_get_ex_data(rsa, hndidx_rsa))
+        != NULL) {
+        HWCryptoHook_MPI m_a, m_r;
+
+        if (!rsa->n) {
+            HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+                      HWCRHK_R_MISSING_KEY_COMPONENTS);
+            goto err;
+        }
+
+        /* Prepare the params */
+        bn_expand2(r, rsa->n->top); /* Check for error !! */
+        BN2MPI(m_a, I);
+        MPI2BN(r, m_r);
+
+        /* Perform the operation */
+        ret = p_hwcrhk_RSA(m_a, *hptr, &m_r, &rmsg);
+
+        /* Convert the response */
+        r->top = m_r.size / sizeof(BN_ULONG);
+        bn_fix_top(r);
+
+        if (ret < 0) {
+            /*
+             * FIXME: When this error is returned, HWCryptoHook is telling us
+             * that falling back to software computation might be a good
+             * thing.
+             */
+            if (ret == HWCRYPTOHOOK_ERROR_FALLBACK) {
+                HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+                          HWCRHK_R_REQUEST_FALLBACK);
+            } else {
+                HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+                          HWCRHK_R_REQUEST_FAILED);
+            }
+            ERR_add_error_data(1, rmsg.buf);
+            goto err;
+        }
+    } else {
+        HWCryptoHook_MPI m_a, m_p, m_q, m_dmp1, m_dmq1, m_iqmp, m_r;
+
+        if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
+            HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+                      HWCRHK_R_MISSING_KEY_COMPONENTS);
+            goto err;
+        }
+
+        /* Prepare the params */
+        bn_expand2(r, rsa->n->top); /* Check for error !! */
+        BN2MPI(m_a, I);
+        BN2MPI(m_p, rsa->p);
+        BN2MPI(m_q, rsa->q);
+        BN2MPI(m_dmp1, rsa->dmp1);
+        BN2MPI(m_dmq1, rsa->dmq1);
+        BN2MPI(m_iqmp, rsa->iqmp);
+        MPI2BN(r, m_r);
+
+        /* Perform the operation */
+        ret = p_hwcrhk_ModExpCRT(hwcrhk_context, m_a, m_p, m_q,
+                                 m_dmp1, m_dmq1, m_iqmp, &m_r, &rmsg);
+
+        /* Convert the response */
+        r->top = m_r.size / sizeof(BN_ULONG);
+        bn_fix_top(r);
+
+        if (ret < 0) {
+            /*
+             * FIXME: When this error is returned, HWCryptoHook is telling us
+             * that falling back to software computation might be a good
+             * thing.
+             */
+            if (ret == HWCRYPTOHOOK_ERROR_FALLBACK) {
+                HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+                          HWCRHK_R_REQUEST_FALLBACK);
+            } else {
+                HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+                          HWCRHK_R_REQUEST_FAILED);
+            }
+            ERR_add_error_data(1, rmsg.buf);
+            goto err;
+        }
+    }
+    /*
+     * If we're here, we must be here with some semblance of success :-)
+     */
+    to_return = 1;
+ err:
+    return to_return;
+}
+#  endif
+
+#  ifndef OPENSSL_NO_RSA
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                               const BIGNUM *m, BN_CTX *ctx,
+                               BN_MONT_CTX *m_ctx)
+{
+    return hwcrhk_mod_exp(r, a, p, m, ctx);
+}
+
+static int hwcrhk_rsa_finish(RSA *rsa)
+{
+    HWCryptoHook_RSAKeyHandle *hptr;
+
+    hptr = RSA_get_ex_data(rsa, hndidx_rsa);
+    if (hptr) {
+        p_hwcrhk_RSAUnloadKey(*hptr, NULL);
+        OPENSSL_free(hptr);
+        RSA_set_ex_data(rsa, hndidx_rsa, NULL);
+    }
+    return 1;
+}
+
+#  endif
+
+#  ifndef OPENSSL_NO_DH
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r,
+                             const BIGNUM *a, const BIGNUM *p,
+                             const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+    return hwcrhk_mod_exp(r, a, p, m, ctx);
+}
+#  endif
+
+/* Random bytes are good */
+static int hwcrhk_rand_bytes(unsigned char *buf, int num)
+{
+    char tempbuf[1024];
+    HWCryptoHook_ErrMsgBuf rmsg;
+    int to_return = 0;          /* assume failure */
+    int ret;
+
+    rmsg.buf = tempbuf;
+    rmsg.size = sizeof(tempbuf);
+
+    if (!hwcrhk_context) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES, HWCRHK_R_NOT_INITIALISED);
+        goto err;
+    }
+
+    ret = p_hwcrhk_RandomBytes(hwcrhk_context, buf, num, &rmsg);
+    if (ret < 0) {
+        /*
+         * FIXME: When this error is returned, HWCryptoHook is telling us
+         * that falling back to software computation might be a good thing.
+         */
+        if (ret == HWCRYPTOHOOK_ERROR_FALLBACK) {
+            HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES, HWCRHK_R_REQUEST_FALLBACK);
+        } else {
+            HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES, HWCRHK_R_REQUEST_FAILED);
+        }
+        ERR_add_error_data(1, rmsg.buf);
+        goto err;
+    }
+    to_return = 1;
+ err:
+    return to_return;
+}
+
+static int hwcrhk_rand_status(void)
+{
+    return 1;
+}
+
+/*
+ * Mutex calls: since the HWCryptoHook model closely follows the POSIX model
+ * these just wrap the POSIX functions and add some logging.
+ */
+
+static int hwcrhk_mutex_init(HWCryptoHook_Mutex * mt,
+                             HWCryptoHook_CallerContext * cactx)
+{
+    mt->lockid = CRYPTO_get_new_dynlockid();
+    if (mt->lockid == 0)
+        return 1;               /* failure */
+    return 0;                   /* success */
+}
+
+static int hwcrhk_mutex_lock(HWCryptoHook_Mutex * mt)
+{
+    CRYPTO_w_lock(mt->lockid);
+    return 0;
+}
+
+static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex * mt)
+{
+    CRYPTO_w_unlock(mt->lockid);
+}
+
+static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex * mt)
+{
+    CRYPTO_destroy_dynlockid(mt->lockid);
+}
+
+static int hwcrhk_get_pass(const char *prompt_info,
+                           int *len_io, char *buf,
+                           HWCryptoHook_PassphraseContext * ppctx,
+                           HWCryptoHook_CallerContext * cactx)
+{
+    pem_password_cb *callback = NULL;
+    void *callback_data = NULL;
+    UI_METHOD *ui_method = NULL;
+    /*
+     * Despite what the documentation says prompt_info can be an empty
+     * string.
+     */
+    if (prompt_info && !*prompt_info)
+        prompt_info = NULL;
+
+    if (cactx) {
+        if (cactx->ui_method)
+            ui_method = cactx->ui_method;
+        if (cactx->password_callback)
+            callback = cactx->password_callback;
+        if (cactx->callback_data)
+            callback_data = cactx->callback_data;
+    }
+    if (ppctx) {
+        if (ppctx->ui_method) {
+            ui_method = ppctx->ui_method;
+            callback = NULL;
+        }
+        if (ppctx->callback_data)
+            callback_data = ppctx->callback_data;
+    }
+    if (callback == NULL && ui_method == NULL) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_GET_PASS, HWCRHK_R_NO_CALLBACK);
+        return -1;
+    }
+
+    if (ui_method) {
+        UI *ui = UI_new_method(ui_method);
+        if (ui) {
+            int ok;
+            char *prompt = UI_construct_prompt(ui,
+                                               "pass phrase", prompt_info);
+
+            ok = UI_add_input_string(ui, prompt,
+                                     UI_INPUT_FLAG_DEFAULT_PWD,
+                                     buf, 0, (*len_io) - 1);
+            UI_add_user_data(ui, callback_data);
+            UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
+
+            if (ok >= 0)
+                do {
+                    ok = UI_process(ui);
+                }
+                while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
+
+            if (ok >= 0)
+                *len_io = strlen(buf);
+
+            UI_free(ui);
+            OPENSSL_free(prompt);
+        }
+    } else {
+        *len_io = callback(buf, *len_io, 0, callback_data);
+    }
+    if (!*len_io)
+        return -1;
+    return 0;
+}
+
+static int hwcrhk_insert_card(const char *prompt_info,
+                              const char *wrong_info,
+                              HWCryptoHook_PassphraseContext * ppctx,
+                              HWCryptoHook_CallerContext * cactx)
+{
+    int ok = -1;
+    UI *ui;
+    void *callback_data = NULL;
+    UI_METHOD *ui_method = NULL;
+
+    if (cactx) {
+        if (cactx->ui_method)
+            ui_method = cactx->ui_method;
+        if (cactx->callback_data)
+            callback_data = cactx->callback_data;
+    }
+    if (ppctx) {
+        if (ppctx->ui_method)
+            ui_method = ppctx->ui_method;
+        if (ppctx->callback_data)
+            callback_data = ppctx->callback_data;
+    }
+    if (ui_method == NULL) {
+        HWCRHKerr(HWCRHK_F_HWCRHK_INSERT_CARD, HWCRHK_R_NO_CALLBACK);
+        return -1;
+    }
+
+    ui = UI_new_method(ui_method);
+
+    if (ui) {
+        char answer;
+        char buf[BUFSIZ];
+        /*
+         * Despite what the documentation says wrong_info can be an empty
+         * string.
+         */
+        if (wrong_info && *wrong_info)
+            BIO_snprintf(buf, sizeof(buf) - 1,
+                         "Current card: \"%s\"\n", wrong_info);
+        else
+            buf[0] = 0;
+        ok = UI_dup_info_string(ui, buf);
+        if (ok >= 0 && prompt_info) {
+            BIO_snprintf(buf, sizeof(buf) - 1,
+                         "Insert card \"%s\"", prompt_info);
+            ok = UI_dup_input_boolean(ui, buf,
+                                      "\n then hit <enter> or C<enter> to cancel\n",
+                                      "\r\n", "Cc", UI_INPUT_FLAG_ECHO,
+                                      &answer);
+        }
+        UI_add_user_data(ui, callback_data);
+
+        if (ok >= 0)
+            ok = UI_process(ui);
+        UI_free(ui);
+
+        if (ok == -2 || (ok >= 0 && answer == 'C'))
+            ok = 1;
+        else if (ok < 0)
+            ok = -1;
+        else
+            ok = 0;
+    }
+    return ok;
+}
+
+static void hwcrhk_log_message(void *logstr, const char *message)
+{
+    BIO *lstream = NULL;
+
+    CRYPTO_w_lock(CRYPTO_LOCK_BIO);
+    if (logstr)
+        lstream = *(BIO **)logstr;
+    if (lstream) {
+        BIO_printf(lstream, "%s\n", message);
+    }
+    CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
+}
+
+/*
+ * This stuff is needed if this ENGINE is being compiled into a
+ * self-contained shared-library.
+ */
+#  ifndef OPENSSL_NO_DYNAMIC_ENGINE
+static int bind_fn(ENGINE *e, const char *id)
+{
+    if (id && (strcmp(id, engine_hwcrhk_id) != 0) &&
+        (strcmp(id, engine_hwcrhk_id_alt) != 0))
+        return 0;
+    if (!bind_helper(e))
+        return 0;
+    return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+    IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#  endif                        /* OPENSSL_NO_DYNAMIC_ENGINE */
+# endif                         /* !OPENSSL_NO_HW_CHIL */
+#endif                          /* !OPENSSL_NO_HW */

Deleted: vendor-crypto/openssl/1.0.1u/ms/uplink-x86.pl
===================================================================
--- vendor-crypto/openssl/dist/ms/uplink-x86.pl	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/ms/uplink-x86.pl	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,33 +0,0 @@
-#!/usr/bin/env perl
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-push(@INC, "${dir}.", "${dir}../crypto/perlasm");
-require "x86asm.pl";
-
-require "uplink-common.pl";
-
-&asm_init($ARGV[0],"uplink-x86");
-
-&external_label("OPENSSL_Uplink");
-&public_label("OPENSSL_UplinkTable");
-
-for ($i=1;$i<=$N;$i++) {
-&function_begin_B("_\$lazy${i}");
-	&lea	("eax",&DWP(&label("OPENSSL_UplinkTable")));
-	&push	("eax");
-	&push	($i);
-	&call	(&label("OPENSSL_Uplink"));
-	&add	("esp",8);
-	&pop	("eax");
-	&jmp_ptr(&DWP(4*$i,"eax"));
-&function_end_B("_\$lazy${i}");
-}
-
-&dataseg();
-&align(4);
-&set_label("OPENSSL_UplinkTable");
-&data_word($N);
-for ($i=1;$i<=$N;$i++) {
-&data_word(&label("_\$lazy${i}"));
-}
-&asm_finish();

Copied: vendor-crypto/openssl/1.0.1u/ms/uplink-x86.pl (from rev 11605, vendor-crypto/openssl/dist/ms/uplink-x86.pl)
===================================================================
--- vendor-crypto/openssl/1.0.1u/ms/uplink-x86.pl	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/ms/uplink-x86.pl	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,33 @@
+#!/usr/bin/env perl
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC, "${dir}.", "${dir}../crypto/perlasm");
+require "x86asm.pl";
+
+require "uplink-common.pl";
+
+&asm_init($ARGV[0],"uplink-x86");
+
+&external_label("OPENSSL_Uplink");
+&public_label("OPENSSL_UplinkTable");
+
+for ($i=1;$i<=$N;$i++) {
+&function_begin_B("_\$lazy${i}");
+	&lea	("eax",&DWP(&label("OPENSSL_UplinkTable")));
+	&push	($i);
+	&push	("eax");
+	&call	(&label("OPENSSL_Uplink"));
+	&pop	("eax");
+	&add	("esp",4);
+	&jmp_ptr(&DWP(4*$i,"eax"));
+&function_end_B("_\$lazy${i}");
+}
+
+&dataseg();
+&align(4);
+&set_label("OPENSSL_UplinkTable");
+&data_word($N);
+for ($i=1;$i<=$N;$i++) {
+&data_word(&label("_\$lazy${i}"));
+}
+&asm_finish();

Deleted: vendor-crypto/openssl/1.0.1u/openssl.spec
===================================================================
--- vendor-crypto/openssl/dist/openssl.spec	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/openssl.spec	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,210 +0,0 @@
-%define _unpackaged_files_terminate_build 0
-
-Release: 1
-
-%define openssldir /var/ssl
-
-Summary: Secure Sockets Layer and cryptography libraries and tools
-Name: openssl
-#Version: %{libmaj}.%{libmin}.%{librel}
-Version: 1.0.1q
-Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
-License: OpenSSL
-Group: System Environment/Libraries
-Provides: SSL
-URL: http://www.openssl.org/
-Packager: Damien Miller <djm at mindrot.org>
-BuildRoot:   /var/tmp/%{name}-%{version}-root
-
-%description
-The OpenSSL Project is a collaborative effort to develop a robust,
-commercial-grade, fully featured, and Open Source toolkit implementing the
-Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
-protocols as well as a full-strength general purpose cryptography library.
-The project is managed by a worldwide community of volunteers that use the
-Internet to communicate, plan, and develop the OpenSSL tookit and its related
-documentation. 
-
-OpenSSL is based on the excellent SSLeay library developed from Eric A.
-Young and Tim J. Hudson.  The OpenSSL toolkit is licensed under an
-Apache-style licence, which basically means that you are free to get and
-use it for commercial and non-commercial purposes. 
-
-This package contains the base OpenSSL cryptography and SSL/TLS 
-libraries and tools.
-
-%package devel
-Summary: Secure Sockets Layer and cryptography static libraries and headers
-Group: Development/Libraries
-Requires: openssl
-%description devel
-The OpenSSL Project is a collaborative effort to develop a robust,
-commercial-grade, fully featured, and Open Source toolkit implementing the
-Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
-protocols as well as a full-strength general purpose cryptography library.
-The project is managed by a worldwide community of volunteers that use the
-Internet to communicate, plan, and develop the OpenSSL tookit and its related
-documentation. 
-
-OpenSSL is based on the excellent SSLeay library developed from Eric A.
-Young and Tim J. Hudson.  The OpenSSL toolkit is licensed under an
-Apache-style licence, which basically means that you are free to get and
-use it for commercial and non-commercial purposes. 
-
-This package contains the the OpenSSL cryptography and SSL/TLS 
-static libraries and header files required when developing applications.
-
-%package doc
-Summary: OpenSSL miscellaneous files
-Group: Documentation
-Requires: openssl
-%description doc
-The OpenSSL Project is a collaborative effort to develop a robust,
-commercial-grade, fully featured, and Open Source toolkit implementing the
-Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
-protocols as well as a full-strength general purpose cryptography library.
-The project is managed by a worldwide community of volunteers that use the
-Internet to communicate, plan, and develop the OpenSSL tookit and its related
-documentation. 
-
-OpenSSL is based on the excellent SSLeay library developed from Eric A.
-Young and Tim J. Hudson.  The OpenSSL toolkit is licensed under an
-Apache-style licence, which basically means that you are free to get and
-use it for commercial and non-commercial purposes. 
-
-This package contains the the OpenSSL cryptography and SSL/TLS extra
-documentation and POD files from which the man pages were produced.
-
-%prep
-
-%setup -q
-
-%build 
-
-%define CONFIG_FLAGS -DSSL_ALLOW_ADH --prefix=/usr --openssldir=%{openssldir}
-
-perl util/perlpath.pl /usr/bin/perl
-
-%ifarch i386 i486 i586 i686
-./Configure %{CONFIG_FLAGS} linux-elf shared
-%endif
-%ifarch ppc
-./Configure %{CONFIG_FLAGS} linux-ppc shared
-%endif
-%ifarch alpha
-./Configure %{CONFIG_FLAGS} linux-alpha shared
-%endif
-%ifarch x86_64
-./Configure %{CONFIG_FLAGS} linux-x86_64 shared
-%endif
-LD_LIBRARY_PATH=`pwd` make
-LD_LIBRARY_PATH=`pwd` make rehash
-LD_LIBRARY_PATH=`pwd` make test
-
-%install
-rm -rf $RPM_BUILD_ROOT
-make MANDIR=/usr/man MANSUFFIX=ssl INSTALL_PREFIX="$RPM_BUILD_ROOT" install
-
-# Make backwards-compatibility symlink to ssleay
-ln -sf /usr/bin/openssl $RPM_BUILD_ROOT/usr/bin/ssleay
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-%files 
-%defattr(0644,root,root,0755)
-%doc CHANGES CHANGES.SSLeay LICENSE NEWS README
-
-%attr(0755,root,root) /usr/bin/*
-%attr(0755,root,root) /usr/lib/*.so*
-%attr(0755,root,root) %{openssldir}/misc/*
-%attr(0644,root,root) /usr/man/man[157]/*
-
-%config %attr(0644,root,root) %{openssldir}/openssl.cnf 
-%dir %attr(0755,root,root) %{openssldir}/certs
-%dir %attr(0755,root,root) %{openssldir}/misc
-%dir %attr(0750,root,root) %{openssldir}/private
-
-%files devel
-%defattr(0644,root,root,0755)
-%doc CHANGES CHANGES.SSLeay LICENSE NEWS README
-
-%attr(0644,root,root) /usr/lib/*.a
-%attr(0644,root,root) /usr/lib/pkgconfig/openssl.pc
-%attr(0644,root,root) /usr/include/openssl/*
-%attr(0644,root,root) /usr/man/man[3]/*
-
-%files doc
-%defattr(0644,root,root,0755)
-%doc CHANGES CHANGES.SSLeay LICENSE NEWS README
-%doc doc
-
-%post
-ldconfig
-
-%postun
-ldconfig
-
-%changelog
-* Sun Jun  6 2005 Richard Levitte <richard at levitte.org>
-- Remove the incorrect installation of '%{openssldir}/lib'.
-* Wed May  7 2003 Richard Levitte <richard at levitte.org>
-- Add /usr/lib/pkgconfig/openssl.pc to the development section.
-* Thu Mar 22 2001 Richard Levitte <richard at levitte.org>
-- Removed redundant subsection that re-installed libcrypto.a and libssl.a
-  as well.  Also remove RSAref stuff completely, since it's not needed
-  any more.
-* Thu Mar 15 2001 Jeremiah Johnson <jjohnson at penguincomputing.com>
-- Removed redundant subsection that re-installed libcrypto.so.0.9.6 and
-  libssl.so.0.9.6.  As well as the subsection that created symlinks for
-  these.  make install handles all this.
-* Sat Oct 21 2000 Horms <horms at vergenet.net>
-- Make sure symlinks are created by using -f flag to ln.
-  Otherwise some .so libraries are copied rather than
-  linked in the resulting binary RPM. This causes the package
-  to be larger than neccessary and makes ldconfig complain.
-* Fri Oct 13 2000 Horms <horms at vergenet.net>
-- Make defattr is set for files in all packages so packages built as
-  non-root will still be installed with files owned by root.
-* Thu Sep 14 2000 Richard Levitte <richard at levitte.org>
-- Changed to adapt to the new (supported) way of making shared libraries
-- Installs all static libraries, not just libRSAglue.a
-- Extra documents now end up in a separate document package
-* Sun Feb 27 2000 Damien Miller <djm at mindrot.org>
-- Merged patches to spec
-- Updated to 0.9.5beta2 (now with manpages)
-* Sat Feb  5 2000 Michal Jaegermann <michal at harddata.com>
-- added 'linux-alpha' to configuration
-- fixed nasty absolute links
-* Tue Jan 25 2000 Bennett Todd <bet at rahul.net>
-- Added -DSSL_ALLOW_ADH, bumped Release to 4
-* Thu Oct 14 1999 Damien Miller <djm at mindrot.org>
-- Set default permissions
-- Removed documentation from devel sub-package
-* Thu Sep 30 1999 Damien Miller <djm at mindrot.org>
-- Added "make test" stage
-- GPG signed
-* Tue Sep 10 1999 Damien Miller <damien at ibs.com.au>
-- Updated to version 0.9.4
-* Tue May 25 1999 Damien Miller <damien at ibs.com.au>
-- Updated to version 0.9.3
-- Added attributes for all files
-- Paramatised openssl directory
-* Sat Mar 20 1999 Carlo M. Arenas Belon <carenas at jmconsultores.com.pe>
-- Added "official" bnrec patch and taking other out
-- making a link from ssleay to openssl binary
-- putting all changelog together on SPEC file
-* Fri Mar  5 1999 Henri Gomez <gomez at slib.fr>
-- Added bnrec patch
-* Tue Dec 29 1998 Jonathan Ruano <kobalt at james.encomix.es>
-- minimum spec and patches changes for openssl
-- modified for openssl sources
-* Sat Aug  8 1998 Khimenko Victor <khim at sch57.msk.ru>
-- shared library creating process honours $RPM_OPT_FLAGS
-- shared libarry supports threads (as well as static library)
-* Wed Jul 22 1998 Khimenko Victor <khim at sch57.msk.ru>
-- building of shared library completely reworked
-* Tue Jul 21 1998 Khimenko Victor <khim at sch57.msk.ru>
-- RPM is BuildRoot'ed
-* Tue Feb 10 1998 Khimenko Victor <khim at sch57.msk.ru>
-- all stuff is moved out of /usr/local

Copied: vendor-crypto/openssl/1.0.1u/openssl.spec (from rev 11605, vendor-crypto/openssl/dist/openssl.spec)
===================================================================
--- vendor-crypto/openssl/1.0.1u/openssl.spec	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/openssl.spec	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,210 @@
+%define _unpackaged_files_terminate_build 0
+
+Release: 1
+
+%define openssldir /var/ssl
+
+Summary: Secure Sockets Layer and cryptography libraries and tools
+Name: openssl
+#Version: %{libmaj}.%{libmin}.%{librel}
+Version: 1.0.1u
+Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
+License: OpenSSL
+Group: System Environment/Libraries
+Provides: SSL
+URL: http://www.openssl.org/
+Packager: Damien Miller <djm at mindrot.org>
+BuildRoot:   /var/tmp/%{name}-%{version}-root
+
+%description
+The OpenSSL Project is a collaborative effort to develop a robust,
+commercial-grade, fully featured, and Open Source toolkit implementing the
+Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
+protocols as well as a full-strength general purpose cryptography library.
+The project is managed by a worldwide community of volunteers that use the
+Internet to communicate, plan, and develop the OpenSSL tookit and its related
+documentation. 
+
+OpenSSL is based on the excellent SSLeay library developed from Eric A.
+Young and Tim J. Hudson.  The OpenSSL toolkit is licensed under an
+Apache-style licence, which basically means that you are free to get and
+use it for commercial and non-commercial purposes. 
+
+This package contains the base OpenSSL cryptography and SSL/TLS 
+libraries and tools.
+
+%package devel
+Summary: Secure Sockets Layer and cryptography static libraries and headers
+Group: Development/Libraries
+Requires: openssl
+%description devel
+The OpenSSL Project is a collaborative effort to develop a robust,
+commercial-grade, fully featured, and Open Source toolkit implementing the
+Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
+protocols as well as a full-strength general purpose cryptography library.
+The project is managed by a worldwide community of volunteers that use the
+Internet to communicate, plan, and develop the OpenSSL tookit and its related
+documentation. 
+
+OpenSSL is based on the excellent SSLeay library developed from Eric A.
+Young and Tim J. Hudson.  The OpenSSL toolkit is licensed under an
+Apache-style licence, which basically means that you are free to get and
+use it for commercial and non-commercial purposes. 
+
+This package contains the the OpenSSL cryptography and SSL/TLS 
+static libraries and header files required when developing applications.
+
+%package doc
+Summary: OpenSSL miscellaneous files
+Group: Documentation
+Requires: openssl
+%description doc
+The OpenSSL Project is a collaborative effort to develop a robust,
+commercial-grade, fully featured, and Open Source toolkit implementing the
+Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
+protocols as well as a full-strength general purpose cryptography library.
+The project is managed by a worldwide community of volunteers that use the
+Internet to communicate, plan, and develop the OpenSSL tookit and its related
+documentation. 
+
+OpenSSL is based on the excellent SSLeay library developed from Eric A.
+Young and Tim J. Hudson.  The OpenSSL toolkit is licensed under an
+Apache-style licence, which basically means that you are free to get and
+use it for commercial and non-commercial purposes. 
+
+This package contains the the OpenSSL cryptography and SSL/TLS extra
+documentation and POD files from which the man pages were produced.
+
+%prep
+
+%setup -q
+
+%build 
+
+%define CONFIG_FLAGS -DSSL_ALLOW_ADH --prefix=/usr --openssldir=%{openssldir}
+
+perl util/perlpath.pl /usr/bin/perl
+
+%ifarch i386 i486 i586 i686
+./Configure %{CONFIG_FLAGS} linux-elf shared
+%endif
+%ifarch ppc
+./Configure %{CONFIG_FLAGS} linux-ppc shared
+%endif
+%ifarch alpha
+./Configure %{CONFIG_FLAGS} linux-alpha shared
+%endif
+%ifarch x86_64
+./Configure %{CONFIG_FLAGS} linux-x86_64 shared
+%endif
+LD_LIBRARY_PATH=`pwd` make
+LD_LIBRARY_PATH=`pwd` make rehash
+LD_LIBRARY_PATH=`pwd` make test
+
+%install
+rm -rf $RPM_BUILD_ROOT
+make MANDIR=/usr/man MANSUFFIX=ssl INSTALL_PREFIX="$RPM_BUILD_ROOT" install
+
+# Make backwards-compatibility symlink to ssleay
+ln -sf /usr/bin/openssl $RPM_BUILD_ROOT/usr/bin/ssleay
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%files 
+%defattr(0644,root,root,0755)
+%doc CHANGES CHANGES.SSLeay LICENSE NEWS README
+
+%attr(0755,root,root) /usr/bin/*
+%attr(0755,root,root) /usr/lib/*.so*
+%attr(0755,root,root) %{openssldir}/misc/*
+%attr(0644,root,root) /usr/man/man[157]/*
+
+%config %attr(0644,root,root) %{openssldir}/openssl.cnf 
+%dir %attr(0755,root,root) %{openssldir}/certs
+%dir %attr(0755,root,root) %{openssldir}/misc
+%dir %attr(0750,root,root) %{openssldir}/private
+
+%files devel
+%defattr(0644,root,root,0755)
+%doc CHANGES CHANGES.SSLeay LICENSE NEWS README
+
+%attr(0644,root,root) /usr/lib/*.a
+%attr(0644,root,root) /usr/lib/pkgconfig/openssl.pc
+%attr(0644,root,root) /usr/include/openssl/*
+%attr(0644,root,root) /usr/man/man[3]/*
+
+%files doc
+%defattr(0644,root,root,0755)
+%doc CHANGES CHANGES.SSLeay LICENSE NEWS README
+%doc doc
+
+%post
+ldconfig
+
+%postun
+ldconfig
+
+%changelog
+* Sun Jun  6 2005 Richard Levitte <richard at levitte.org>
+- Remove the incorrect installation of '%{openssldir}/lib'.
+* Wed May  7 2003 Richard Levitte <richard at levitte.org>
+- Add /usr/lib/pkgconfig/openssl.pc to the development section.
+* Thu Mar 22 2001 Richard Levitte <richard at levitte.org>
+- Removed redundant subsection that re-installed libcrypto.a and libssl.a
+  as well.  Also remove RSAref stuff completely, since it's not needed
+  any more.
+* Thu Mar 15 2001 Jeremiah Johnson <jjohnson at penguincomputing.com>
+- Removed redundant subsection that re-installed libcrypto.so.0.9.6 and
+  libssl.so.0.9.6.  As well as the subsection that created symlinks for
+  these.  make install handles all this.
+* Sat Oct 21 2000 Horms <horms at vergenet.net>
+- Make sure symlinks are created by using -f flag to ln.
+  Otherwise some .so libraries are copied rather than
+  linked in the resulting binary RPM. This causes the package
+  to be larger than neccessary and makes ldconfig complain.
+* Fri Oct 13 2000 Horms <horms at vergenet.net>
+- Make defattr is set for files in all packages so packages built as
+  non-root will still be installed with files owned by root.
+* Thu Sep 14 2000 Richard Levitte <richard at levitte.org>
+- Changed to adapt to the new (supported) way of making shared libraries
+- Installs all static libraries, not just libRSAglue.a
+- Extra documents now end up in a separate document package
+* Sun Feb 27 2000 Damien Miller <djm at mindrot.org>
+- Merged patches to spec
+- Updated to 0.9.5beta2 (now with manpages)
+* Sat Feb  5 2000 Michal Jaegermann <michal at harddata.com>
+- added 'linux-alpha' to configuration
+- fixed nasty absolute links
+* Tue Jan 25 2000 Bennett Todd <bet at rahul.net>
+- Added -DSSL_ALLOW_ADH, bumped Release to 4
+* Thu Oct 14 1999 Damien Miller <djm at mindrot.org>
+- Set default permissions
+- Removed documentation from devel sub-package
+* Thu Sep 30 1999 Damien Miller <djm at mindrot.org>
+- Added "make test" stage
+- GPG signed
+* Tue Sep 10 1999 Damien Miller <damien at ibs.com.au>
+- Updated to version 0.9.4
+* Tue May 25 1999 Damien Miller <damien at ibs.com.au>
+- Updated to version 0.9.3
+- Added attributes for all files
+- Paramatised openssl directory
+* Sat Mar 20 1999 Carlo M. Arenas Belon <carenas at jmconsultores.com.pe>
+- Added "official" bnrec patch and taking other out
+- making a link from ssleay to openssl binary
+- putting all changelog together on SPEC file
+* Fri Mar  5 1999 Henri Gomez <gomez at slib.fr>
+- Added bnrec patch
+* Tue Dec 29 1998 Jonathan Ruano <kobalt at james.encomix.es>
+- minimum spec and patches changes for openssl
+- modified for openssl sources
+* Sat Aug  8 1998 Khimenko Victor <khim at sch57.msk.ru>
+- shared library creating process honours $RPM_OPT_FLAGS
+- shared libarry supports threads (as well as static library)
+* Wed Jul 22 1998 Khimenko Victor <khim at sch57.msk.ru>
+- building of shared library completely reworked
+* Tue Jul 21 1998 Khimenko Victor <khim at sch57.msk.ru>
+- RPM is BuildRoot'ed
+* Tue Feb 10 1998 Khimenko Victor <khim at sch57.msk.ru>
+- all stuff is moved out of /usr/local

Deleted: vendor-crypto/openssl/1.0.1u/ssl/Makefile
===================================================================
--- vendor-crypto/openssl/dist/ssl/Makefile	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/ssl/Makefile	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,1085 +0,0 @@
-#
-# OpenSSL/ssl/Makefile
-#
-
-DIR=	ssl
-TOP=	..
-CC=	cc
-INCLUDES= -I../crypto -I$(TOP) -I../include $(KRB5_INCLUDES)
-CFLAG=-g
-MAKEFILE=	Makefile
-AR=		ar r
-# KRB5 stuff
-KRB5_INCLUDES=
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile README ssl-lib.com install.com
-TEST=ssltest.c heartbeat_test.c clienthellotest.c
-APPS=
-
-LIB=$(TOP)/libssl.a
-SHARED_LIB= libssl$(SHLIB_EXT)
-LIBSRC=	\
-	s2_meth.c   s2_srvr.c s2_clnt.c  s2_lib.c  s2_enc.c s2_pkt.c \
-	s3_meth.c   s3_srvr.c s3_clnt.c  s3_lib.c  s3_enc.c s3_pkt.c s3_both.c s3_cbc.c \
-	s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c          s23_pkt.c \
-	t1_meth.c   t1_srvr.c t1_clnt.c  t1_lib.c  t1_enc.c \
-	d1_meth.c   d1_srvr.c d1_clnt.c  d1_lib.c  d1_pkt.c \
-	d1_both.c d1_enc.c d1_srtp.c \
-	ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \
-	ssl_ciph.c ssl_stat.c ssl_rsa.c \
-	ssl_asn1.c ssl_txt.c ssl_algs.c \
-	bio_ssl.c ssl_err.c kssl.c tls_srp.c t1_reneg.c ssl_utst.c
-LIBOBJ= \
-	s2_meth.o  s2_srvr.o  s2_clnt.o  s2_lib.o  s2_enc.o s2_pkt.o \
-	s3_meth.o  s3_srvr.o  s3_clnt.o  s3_lib.o  s3_enc.o s3_pkt.o s3_both.o s3_cbc.o \
-	s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o          s23_pkt.o \
-	t1_meth.o   t1_srvr.o t1_clnt.o  t1_lib.o  t1_enc.o \
-	d1_meth.o   d1_srvr.o d1_clnt.o  d1_lib.o  d1_pkt.o \
-	d1_both.o d1_enc.o d1_srtp.o\
-	ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \
-	ssl_ciph.o ssl_stat.o ssl_rsa.o \
-	ssl_asn1.o ssl_txt.o ssl_algs.o \
-	bio_ssl.o ssl_err.o kssl.o tls_srp.o t1_reneg.o ssl_utst.o
-
-SRC= $(LIBSRC)
-
-EXHEADER= ssl.h ssl2.h ssl3.h ssl23.h tls1.h dtls1.h kssl.h srtp.h
-HEADER=	$(EXHEADER) ssl_locl.h kssl_lcl.h
-
-ALL=    $(GENERAL) $(SRC) $(HEADER)
-
-top:
-	(cd ..; $(MAKE) DIRS=$(DIR) all)
-
-all:	shared
-
-lib:	$(LIBOBJ)
-	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB) || echo Never mind.
-	@touch lib
-
-shared: lib
-	if [ -n "$(SHARED_LIBS)" ]; then \
-		(cd ..; $(MAKE) $(SHARED_LIB)); \
-	fi
-
-files:
-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-
-links:
-	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
-	@$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
-	@$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
-
-install:
-	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
-	do  \
-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-	done;
-
-tags:
-	ctags $(SRC)
-
-tests:
-
-lint:
-	lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-update: local_depend
-	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
-
-depend: local_depend
-	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
-local_depend:
-	@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
-
-dclean:
-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
-	mv -f Makefile.new $(MAKEFILE)
-
-clean:
-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-bio_ssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-bio_ssl.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-bio_ssl.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
-bio_ssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-bio_ssl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-bio_ssl.o: ../include/openssl/err.h ../include/openssl/evp.h
-bio_ssl.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
-bio_ssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-bio_ssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-bio_ssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-bio_ssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-bio_ssl.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-bio_ssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-bio_ssl.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-bio_ssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-bio_ssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-bio_ssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-bio_ssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h bio_ssl.c
-d1_both.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-d1_both.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-d1_both.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-d1_both.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-d1_both.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-d1_both.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-d1_both.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-d1_both.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-d1_both.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-d1_both.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-d1_both.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-d1_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-d1_both.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-d1_both.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-d1_both.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-d1_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-d1_both.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-d1_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-d1_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-d1_both.o: ../include/openssl/x509_vfy.h d1_both.c ssl_locl.h
-d1_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-d1_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-d1_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-d1_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-d1_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-d1_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-d1_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-d1_clnt.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-d1_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-d1_clnt.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
-d1_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-d1_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-d1_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-d1_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-d1_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-d1_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-d1_clnt.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-d1_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-d1_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-d1_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-d1_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_clnt.c
-d1_clnt.o: kssl_lcl.h ssl_locl.h
-d1_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-d1_enc.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-d1_enc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-d1_enc.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-d1_enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-d1_enc.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-d1_enc.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-d1_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-d1_enc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
-d1_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-d1_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-d1_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-d1_enc.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-d1_enc.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-d1_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-d1_enc.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-d1_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-d1_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-d1_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-d1_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_enc.c
-d1_enc.o: ssl_locl.h
-d1_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-d1_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-d1_lib.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-d1_lib.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-d1_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-d1_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-d1_lib.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-d1_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-d1_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-d1_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-d1_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-d1_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-d1_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-d1_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-d1_lib.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-d1_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-d1_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-d1_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-d1_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_lib.c
-d1_lib.o: ssl_locl.h
-d1_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-d1_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-d1_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-d1_meth.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-d1_meth.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-d1_meth.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-d1_meth.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-d1_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-d1_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-d1_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-d1_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-d1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-d1_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-d1_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-d1_meth.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-d1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-d1_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-d1_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-d1_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_meth.c
-d1_meth.o: ssl_locl.h
-d1_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-d1_pkt.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-d1_pkt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-d1_pkt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-d1_pkt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-d1_pkt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-d1_pkt.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-d1_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-d1_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-d1_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-d1_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-d1_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-d1_pkt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-d1_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-d1_pkt.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-d1_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-d1_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-d1_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-d1_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-d1_pkt.o: ../include/openssl/x509_vfy.h d1_pkt.c ssl_locl.h
-d1_srtp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-d1_srtp.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-d1_srtp.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-d1_srtp.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-d1_srtp.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-d1_srtp.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-d1_srtp.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-d1_srtp.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-d1_srtp.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-d1_srtp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-d1_srtp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-d1_srtp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-d1_srtp.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-d1_srtp.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-d1_srtp.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-d1_srtp.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-d1_srtp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-d1_srtp.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-d1_srtp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_srtp.c
-d1_srtp.o: srtp.h ssl_locl.h
-d1_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-d1_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-d1_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-d1_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-d1_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-d1_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-d1_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-d1_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-d1_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-d1_srvr.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
-d1_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-d1_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-d1_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-d1_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-d1_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-d1_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-d1_srvr.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-d1_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-d1_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-d1_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-d1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_srvr.c
-d1_srvr.o: ssl_locl.h
-kssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-kssl.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-kssl.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
-kssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-kssl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-kssl.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-kssl.o: ../include/openssl/krb5_asn.h ../include/openssl/kssl.h
-kssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-kssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-kssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-kssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-kssl.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-kssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-kssl.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-kssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-kssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-kssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-kssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl.c
-kssl.o: kssl_lcl.h
-s23_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s23_clnt.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s23_clnt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-s23_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s23_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s23_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s23_clnt.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s23_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s23_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s23_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s23_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s23_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s23_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-s23_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s23_clnt.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-s23_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s23_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s23_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s23_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s23_clnt.o: ../include/openssl/x509_vfy.h s23_clnt.c ssl_locl.h
-s23_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s23_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s23_lib.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-s23_lib.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s23_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s23_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s23_lib.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s23_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s23_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s23_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s23_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s23_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s23_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-s23_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s23_lib.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-s23_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s23_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s23_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s23_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_lib.c
-s23_lib.o: ssl_locl.h
-s23_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s23_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s23_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-s23_meth.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s23_meth.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s23_meth.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s23_meth.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s23_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s23_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s23_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s23_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s23_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s23_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-s23_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s23_meth.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-s23_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s23_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s23_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s23_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_meth.c
-s23_meth.o: ssl_locl.h
-s23_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s23_pkt.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s23_pkt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-s23_pkt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s23_pkt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s23_pkt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s23_pkt.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s23_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s23_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s23_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s23_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s23_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s23_pkt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-s23_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s23_pkt.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-s23_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s23_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s23_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s23_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_pkt.c
-s23_pkt.o: ssl_locl.h
-s23_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s23_srvr.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s23_srvr.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-s23_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s23_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s23_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s23_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s23_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s23_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s23_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s23_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s23_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s23_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-s23_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s23_srvr.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-s23_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s23_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s23_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s23_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s23_srvr.o: ../include/openssl/x509_vfy.h s23_srvr.c ssl_locl.h
-s2_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_clnt.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s2_clnt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-s2_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s2_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s2_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s2_clnt.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s2_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s2_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s2_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s2_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s2_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-s2_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s2_clnt.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-s2_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s2_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s2_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s2_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s2_clnt.o: ../include/openssl/x509_vfy.h s2_clnt.c ssl_locl.h
-s2_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_enc.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s2_enc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-s2_enc.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s2_enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s2_enc.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s2_enc.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s2_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s2_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s2_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s2_enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s2_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_enc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-s2_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s2_enc.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-s2_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s2_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s2_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s2_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_enc.c
-s2_enc.o: ssl_locl.h
-s2_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s2_lib.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-s2_lib.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s2_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s2_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s2_lib.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s2_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s2_lib.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
-s2_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s2_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s2_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s2_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-s2_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s2_lib.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-s2_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s2_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s2_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s2_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s2_lib.o: ../include/openssl/x509_vfy.h s2_lib.c ssl_locl.h
-s2_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s2_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-s2_meth.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s2_meth.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s2_meth.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s2_meth.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s2_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s2_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s2_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s2_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s2_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-s2_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s2_meth.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-s2_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s2_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s2_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s2_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_meth.c
-s2_meth.o: ssl_locl.h
-s2_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_pkt.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s2_pkt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-s2_pkt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s2_pkt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s2_pkt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s2_pkt.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s2_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s2_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s2_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s2_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s2_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_pkt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-s2_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s2_pkt.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-s2_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s2_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s2_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s2_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_pkt.c
-s2_pkt.o: ssl_locl.h
-s2_srvr.o: ../crypto/constant_time_locl.h ../e_os.h ../include/openssl/asn1.h
-s2_srvr.o: ../include/openssl/bio.h ../include/openssl/buffer.h
-s2_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s2_srvr.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-s2_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-s2_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-s2_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h
-s2_srvr.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
-s2_srvr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-s2_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s2_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s2_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s2_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-s2_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-s2_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s2_srvr.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-s2_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s2_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s2_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s2_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_srvr.c
-s2_srvr.o: ssl_locl.h
-s3_both.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_both.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s3_both.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-s3_both.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s3_both.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s3_both.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s3_both.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s3_both.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s3_both.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s3_both.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s3_both.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s3_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_both.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-s3_both.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s3_both.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-s3_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s3_both.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s3_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s3_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s3_both.o: ../include/openssl/x509_vfy.h s3_both.c ssl_locl.h
-s3_cbc.o: ../crypto/constant_time_locl.h ../e_os.h ../include/openssl/asn1.h
-s3_cbc.o: ../include/openssl/bio.h ../include/openssl/buffer.h
-s3_cbc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s3_cbc.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-s3_cbc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-s3_cbc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-s3_cbc.o: ../include/openssl/err.h ../include/openssl/evp.h
-s3_cbc.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
-s3_cbc.o: ../include/openssl/lhash.h ../include/openssl/md5.h
-s3_cbc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s3_cbc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s3_cbc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s3_cbc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_cbc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-s3_cbc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s3_cbc.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-s3_cbc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s3_cbc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_cbc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s3_cbc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_cbc.c
-s3_cbc.o: ssl_locl.h
-s3_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s3_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s3_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s3_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s3_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-s3_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h
-s3_clnt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
-s3_clnt.o: ../include/openssl/lhash.h ../include/openssl/md5.h
-s3_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s3_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s3_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s3_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-s3_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s3_clnt.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-s3_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s3_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s3_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s3_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s3_clnt.o: ../include/openssl/x509_vfy.h kssl_lcl.h s3_clnt.c ssl_locl.h
-s3_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_enc.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s3_enc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-s3_enc.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s3_enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s3_enc.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s3_enc.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s3_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s3_enc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
-s3_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s3_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s3_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s3_enc.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-s3_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s3_enc.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-s3_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s3_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s3_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s3_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s3_enc.o: ../include/openssl/x509_vfy.h s3_enc.c ssl_locl.h
-s3_lib.o: ../crypto/ec/ec_lcl.h ../e_os.h ../include/openssl/asn1.h
-s3_lib.o: ../include/openssl/bio.h ../include/openssl/bn.h
-s3_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s3_lib.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-s3_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-s3_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-s3_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-s3_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
-s3_lib.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
-s3_lib.o: ../include/openssl/lhash.h ../include/openssl/md5.h
-s3_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s3_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s3_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s3_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-s3_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s3_lib.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-s3_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s3_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s3_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h
-s3_lib.o: s3_lib.c ssl_locl.h
-s3_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s3_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-s3_meth.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s3_meth.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s3_meth.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s3_meth.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s3_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s3_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s3_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s3_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s3_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-s3_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s3_meth.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-s3_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s3_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s3_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_meth.c
-s3_meth.o: ssl_locl.h
-s3_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_pkt.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s3_pkt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-s3_pkt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s3_pkt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s3_pkt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s3_pkt.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-s3_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s3_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s3_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s3_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s3_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_pkt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-s3_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s3_pkt.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-s3_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s3_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s3_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s3_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s3_pkt.o: ../include/openssl/x509_vfy.h s3_pkt.c ssl_locl.h
-s3_srvr.o: ../crypto/constant_time_locl.h ../e_os.h ../include/openssl/asn1.h
-s3_srvr.o: ../include/openssl/bio.h ../include/openssl/bn.h
-s3_srvr.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-s3_srvr.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-s3_srvr.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-s3_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-s3_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-s3_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h
-s3_srvr.o: ../include/openssl/hmac.h ../include/openssl/krb5_asn.h
-s3_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s3_srvr.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
-s3_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s3_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s3_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s3_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-s3_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-s3_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s3_srvr.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-s3_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s3_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s3_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h
-s3_srvr.o: s3_srvr.c ssl_locl.h
-ssl_algs.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_algs.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-ssl_algs.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-ssl_algs.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-ssl_algs.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-ssl_algs.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-ssl_algs.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-ssl_algs.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-ssl_algs.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssl_algs.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssl_algs.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ssl_algs.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_algs.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-ssl_algs.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_algs.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-ssl_algs.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_algs.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_algs.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_algs.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_algs.c
-ssl_algs.o: ssl_locl.h
-ssl_asn1.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1_mac.h
-ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/buffer.h
-ssl_asn1.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_asn1.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-ssl_asn1.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-ssl_asn1.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-ssl_asn1.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_asn1.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
-ssl_asn1.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ssl_asn1.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_asn1.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ssl_asn1.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl_asn1.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-ssl_asn1.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_asn1.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-ssl_asn1.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_asn1.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_asn1.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_asn1.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_asn1.o: ../include/openssl/x509_vfy.h ssl_asn1.c ssl_locl.h
-ssl_cert.o: ../crypto/o_dir.h ../e_os.h ../include/openssl/asn1.h
-ssl_cert.o: ../include/openssl/bio.h ../include/openssl/bn.h
-ssl_cert.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-ssl_cert.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-ssl_cert.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-ssl_cert.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-ssl_cert.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-ssl_cert.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-ssl_cert.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-ssl_cert.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-ssl_cert.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssl_cert.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssl_cert.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ssl_cert.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_cert.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-ssl_cert.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_cert.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-ssl_cert.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_cert.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_cert.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_cert.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ssl_cert.o: ../include/openssl/x509v3.h ssl_cert.c ssl_locl.h
-ssl_ciph.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_ciph.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-ssl_ciph.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-ssl_ciph.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-ssl_ciph.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-ssl_ciph.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-ssl_ciph.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_ciph.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
-ssl_ciph.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ssl_ciph.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_ciph.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ssl_ciph.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl_ciph.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-ssl_ciph.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_ciph.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-ssl_ciph.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_ciph.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_ciph.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_ciph.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_ciph.o: ../include/openssl/x509_vfy.h ssl_ciph.c ssl_locl.h
-ssl_err.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_err.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-ssl_err.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
-ssl_err.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-ssl_err.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-ssl_err.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_err.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
-ssl_err.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ssl_err.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_err.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ssl_err.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl_err.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-ssl_err.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_err.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-ssl_err.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_err.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_err.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_err.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_err.c
-ssl_err2.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_err2.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-ssl_err2.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
-ssl_err2.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-ssl_err2.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-ssl_err2.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_err2.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
-ssl_err2.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ssl_err2.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_err2.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ssl_err2.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl_err2.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-ssl_err2.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_err2.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-ssl_err2.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_err2.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_err2.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_err2.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_err2.c
-ssl_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-ssl_lib.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-ssl_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-ssl_lib.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-ssl_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-ssl_lib.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-ssl_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_lib.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
-ssl_lib.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ssl_lib.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-ssl_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssl_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ssl_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_lib.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-ssl_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_lib.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-ssl_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_lib.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h kssl_lcl.h
-ssl_lib.o: ssl_lib.c ssl_locl.h
-ssl_rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_rsa.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-ssl_rsa.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-ssl_rsa.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-ssl_rsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-ssl_rsa.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-ssl_rsa.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-ssl_rsa.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-ssl_rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssl_rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssl_rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ssl_rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_rsa.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-ssl_rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_rsa.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-ssl_rsa.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_rsa.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_rsa.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-ssl_rsa.o: ssl_rsa.c
-ssl_sess.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_sess.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-ssl_sess.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-ssl_sess.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-ssl_sess.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-ssl_sess.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-ssl_sess.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_sess.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
-ssl_sess.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ssl_sess.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_sess.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ssl_sess.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl_sess.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-ssl_sess.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-ssl_sess.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_sess.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-ssl_sess.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_sess.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_sess.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_sess.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-ssl_sess.o: ssl_sess.c
-ssl_stat.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_stat.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-ssl_stat.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-ssl_stat.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-ssl_stat.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-ssl_stat.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-ssl_stat.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-ssl_stat.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-ssl_stat.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssl_stat.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssl_stat.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ssl_stat.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_stat.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-ssl_stat.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_stat.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-ssl_stat.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_stat.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_stat.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_stat.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-ssl_stat.o: ssl_stat.c
-ssl_txt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_txt.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-ssl_txt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-ssl_txt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-ssl_txt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-ssl_txt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-ssl_txt.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-ssl_txt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-ssl_txt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssl_txt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssl_txt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ssl_txt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_txt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-ssl_txt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_txt.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-ssl_txt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_txt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_txt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_txt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-ssl_txt.o: ssl_txt.c
-ssl_utst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_utst.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-ssl_utst.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-ssl_utst.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-ssl_utst.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-ssl_utst.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-ssl_utst.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-ssl_utst.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-ssl_utst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssl_utst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssl_utst.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ssl_utst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_utst.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-ssl_utst.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_utst.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-ssl_utst.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_utst.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_utst.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_utst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-ssl_utst.o: ssl_utst.c
-t1_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_clnt.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-t1_clnt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-t1_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-t1_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-t1_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-t1_clnt.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-t1_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-t1_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-t1_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-t1_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-t1_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-t1_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-t1_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-t1_clnt.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-t1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-t1_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-t1_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-t1_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-t1_clnt.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_clnt.c
-t1_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_enc.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-t1_enc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-t1_enc.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-t1_enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-t1_enc.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-t1_enc.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-t1_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-t1_enc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
-t1_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-t1_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-t1_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-t1_enc.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-t1_enc.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-t1_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-t1_enc.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-t1_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-t1_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-t1_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-t1_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-t1_enc.o: t1_enc.c
-t1_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-t1_lib.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-t1_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-t1_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-t1_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-t1_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
-t1_lib.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
-t1_lib.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-t1_lib.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-t1_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-t1_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-t1_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-t1_lib.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-t1_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-t1_lib.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-t1_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-t1_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-t1_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-t1_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-t1_lib.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h ssl_locl.h
-t1_lib.o: t1_lib.c
-t1_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-t1_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-t1_meth.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-t1_meth.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-t1_meth.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-t1_meth.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-t1_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-t1_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-t1_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-t1_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-t1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-t1_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-t1_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-t1_meth.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-t1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-t1_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-t1_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-t1_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-t1_meth.o: t1_meth.c
-t1_reneg.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_reneg.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-t1_reneg.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-t1_reneg.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-t1_reneg.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-t1_reneg.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-t1_reneg.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-t1_reneg.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-t1_reneg.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-t1_reneg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-t1_reneg.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-t1_reneg.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-t1_reneg.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-t1_reneg.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-t1_reneg.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
-t1_reneg.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-t1_reneg.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-t1_reneg.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-t1_reneg.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-t1_reneg.o: t1_reneg.c
-t1_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_srvr.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-t1_srvr.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-t1_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-t1_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-t1_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-t1_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-t1_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-t1_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-t1_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-t1_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-t1_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-t1_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-t1_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-t1_srvr.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-t1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-t1_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-t1_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-t1_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-t1_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_srvr.c
-tls_srp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-tls_srp.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-tls_srp.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-tls_srp.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-tls_srp.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-tls_srp.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-tls_srp.o: ../include/openssl/err.h ../include/openssl/evp.h
-tls_srp.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
-tls_srp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-tls_srp.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-tls_srp.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-tls_srp.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-tls_srp.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-tls_srp.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-tls_srp.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-tls_srp.o: ../include/openssl/srp.h ../include/openssl/srtp.h
-tls_srp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-tls_srp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-tls_srp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-tls_srp.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-tls_srp.o: ../include/openssl/x509_vfy.h ssl_locl.h tls_srp.c

Copied: vendor-crypto/openssl/1.0.1u/ssl/Makefile (from rev 11605, vendor-crypto/openssl/dist/ssl/Makefile)
===================================================================
--- vendor-crypto/openssl/1.0.1u/ssl/Makefile	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/ssl/Makefile	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,1084 @@
+#
+# OpenSSL/ssl/Makefile
+#
+
+DIR=	ssl
+TOP=	..
+CC=	cc
+INCLUDES= -I../crypto -I$(TOP) -I../include $(KRB5_INCLUDES)
+CFLAG=-g
+MAKEFILE=	Makefile
+AR=		ar r
+# KRB5 stuff
+KRB5_INCLUDES=
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README ssl-lib.com install.com
+TEST=ssltest.c heartbeat_test.c clienthellotest.c
+APPS=
+
+LIB=$(TOP)/libssl.a
+SHARED_LIB= libssl$(SHLIB_EXT)
+LIBSRC=	\
+	s2_meth.c   s2_srvr.c s2_clnt.c  s2_lib.c  s2_enc.c s2_pkt.c \
+	s3_meth.c   s3_srvr.c s3_clnt.c  s3_lib.c  s3_enc.c s3_pkt.c s3_both.c s3_cbc.c \
+	s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c          s23_pkt.c \
+	t1_meth.c   t1_srvr.c t1_clnt.c  t1_lib.c  t1_enc.c \
+	d1_meth.c   d1_srvr.c d1_clnt.c  d1_lib.c  d1_pkt.c \
+	d1_both.c d1_enc.c d1_srtp.c \
+	ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \
+	ssl_ciph.c ssl_stat.c ssl_rsa.c \
+	ssl_asn1.c ssl_txt.c ssl_algs.c \
+	bio_ssl.c ssl_err.c kssl.c tls_srp.c t1_reneg.c ssl_utst.c
+LIBOBJ= \
+	s2_meth.o  s2_srvr.o  s2_clnt.o  s2_lib.o  s2_enc.o s2_pkt.o \
+	s3_meth.o  s3_srvr.o  s3_clnt.o  s3_lib.o  s3_enc.o s3_pkt.o s3_both.o s3_cbc.o \
+	s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o          s23_pkt.o \
+	t1_meth.o   t1_srvr.o t1_clnt.o  t1_lib.o  t1_enc.o \
+	d1_meth.o   d1_srvr.o d1_clnt.o  d1_lib.o  d1_pkt.o \
+	d1_both.o d1_enc.o d1_srtp.o\
+	ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \
+	ssl_ciph.o ssl_stat.o ssl_rsa.o \
+	ssl_asn1.o ssl_txt.o ssl_algs.o \
+	bio_ssl.o ssl_err.o kssl.o tls_srp.o t1_reneg.o ssl_utst.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= ssl.h ssl2.h ssl3.h ssl23.h tls1.h dtls1.h kssl.h srtp.h
+HEADER=	$(EXHEADER) ssl_locl.h kssl_lcl.h
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ..; $(MAKE) DIRS=$(DIR) all)
+
+all:	shared
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB) || echo Never mind.
+	@touch lib
+
+shared: lib
+	if [ -n "$(SHARED_LIBS)" ]; then \
+		(cd ..; $(MAKE) $(SHARED_LIB)); \
+	fi
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
+
+install:
+	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+update: local_depend
+	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+
+depend: local_depend
+	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+local_depend:
+	@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+bio_ssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+bio_ssl.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+bio_ssl.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+bio_ssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+bio_ssl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+bio_ssl.o: ../include/openssl/err.h ../include/openssl/evp.h
+bio_ssl.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+bio_ssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+bio_ssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+bio_ssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+bio_ssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+bio_ssl.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+bio_ssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+bio_ssl.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+bio_ssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+bio_ssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+bio_ssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+bio_ssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h bio_ssl.c
+d1_both.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+d1_both.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+d1_both.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+d1_both.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+d1_both.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+d1_both.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+d1_both.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+d1_both.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+d1_both.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+d1_both.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+d1_both.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+d1_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+d1_both.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+d1_both.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+d1_both.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+d1_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+d1_both.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+d1_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+d1_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+d1_both.o: ../include/openssl/x509_vfy.h d1_both.c ssl_locl.h
+d1_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+d1_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+d1_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+d1_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+d1_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+d1_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+d1_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+d1_clnt.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+d1_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+d1_clnt.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
+d1_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+d1_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+d1_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+d1_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+d1_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+d1_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+d1_clnt.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+d1_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+d1_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+d1_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+d1_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_clnt.c
+d1_clnt.o: kssl_lcl.h ssl_locl.h
+d1_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+d1_enc.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+d1_enc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+d1_enc.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+d1_enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+d1_enc.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+d1_enc.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+d1_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+d1_enc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
+d1_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+d1_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+d1_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+d1_enc.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+d1_enc.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+d1_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+d1_enc.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+d1_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+d1_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+d1_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+d1_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_enc.c
+d1_enc.o: ssl_locl.h
+d1_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+d1_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+d1_lib.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+d1_lib.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+d1_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+d1_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+d1_lib.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+d1_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+d1_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+d1_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+d1_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+d1_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+d1_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+d1_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+d1_lib.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+d1_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+d1_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+d1_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+d1_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_lib.c
+d1_lib.o: ssl_locl.h
+d1_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+d1_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+d1_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+d1_meth.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+d1_meth.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+d1_meth.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+d1_meth.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+d1_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+d1_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+d1_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+d1_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+d1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+d1_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+d1_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+d1_meth.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+d1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+d1_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+d1_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+d1_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_meth.c
+d1_meth.o: ssl_locl.h
+d1_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+d1_pkt.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+d1_pkt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+d1_pkt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+d1_pkt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+d1_pkt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+d1_pkt.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+d1_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+d1_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+d1_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+d1_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+d1_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+d1_pkt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+d1_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+d1_pkt.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+d1_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+d1_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+d1_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+d1_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+d1_pkt.o: ../include/openssl/x509_vfy.h d1_pkt.c ssl_locl.h
+d1_srtp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+d1_srtp.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+d1_srtp.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+d1_srtp.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+d1_srtp.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+d1_srtp.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+d1_srtp.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+d1_srtp.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+d1_srtp.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+d1_srtp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+d1_srtp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+d1_srtp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+d1_srtp.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+d1_srtp.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+d1_srtp.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+d1_srtp.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+d1_srtp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+d1_srtp.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+d1_srtp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_srtp.c
+d1_srtp.o: srtp.h ssl_locl.h
+d1_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+d1_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+d1_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+d1_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+d1_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+d1_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+d1_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+d1_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+d1_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+d1_srvr.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
+d1_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+d1_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+d1_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+d1_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+d1_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+d1_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+d1_srvr.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+d1_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+d1_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+d1_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+d1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_srvr.c
+d1_srvr.o: ssl_locl.h
+kssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+kssl.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+kssl.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+kssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+kssl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+kssl.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+kssl.o: ../include/openssl/krb5_asn.h ../include/openssl/kssl.h
+kssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+kssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+kssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+kssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+kssl.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+kssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+kssl.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+kssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+kssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+kssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+kssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl.c
+kssl.o: kssl_lcl.h
+s23_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+s23_clnt.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+s23_clnt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+s23_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+s23_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+s23_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s23_clnt.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+s23_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s23_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s23_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s23_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s23_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s23_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+s23_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s23_clnt.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+s23_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s23_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s23_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s23_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s23_clnt.o: ../include/openssl/x509_vfy.h s23_clnt.c ssl_locl.h
+s23_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+s23_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+s23_lib.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+s23_lib.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+s23_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+s23_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s23_lib.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+s23_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s23_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s23_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s23_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s23_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s23_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+s23_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s23_lib.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+s23_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s23_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s23_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s23_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_lib.c
+s23_lib.o: ssl_locl.h
+s23_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+s23_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+s23_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+s23_meth.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+s23_meth.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+s23_meth.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s23_meth.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+s23_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s23_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s23_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s23_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s23_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s23_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+s23_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s23_meth.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+s23_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s23_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s23_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s23_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_meth.c
+s23_meth.o: ssl_locl.h
+s23_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+s23_pkt.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+s23_pkt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+s23_pkt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+s23_pkt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+s23_pkt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s23_pkt.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+s23_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s23_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s23_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s23_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s23_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s23_pkt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+s23_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s23_pkt.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+s23_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s23_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s23_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s23_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_pkt.c
+s23_pkt.o: ssl_locl.h
+s23_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+s23_srvr.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+s23_srvr.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+s23_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+s23_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+s23_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s23_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+s23_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s23_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s23_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s23_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s23_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s23_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+s23_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s23_srvr.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+s23_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s23_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s23_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s23_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s23_srvr.o: ../include/openssl/x509_vfy.h s23_srvr.c ssl_locl.h
+s2_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_clnt.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+s2_clnt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+s2_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+s2_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+s2_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s2_clnt.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+s2_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s2_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s2_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s2_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s2_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s2_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+s2_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s2_clnt.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+s2_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s2_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s2_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s2_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_clnt.c
+s2_clnt.o: ssl_locl.h
+s2_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_enc.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+s2_enc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+s2_enc.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+s2_enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+s2_enc.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s2_enc.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+s2_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s2_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s2_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s2_enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s2_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s2_enc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+s2_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s2_enc.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+s2_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s2_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s2_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s2_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_enc.c
+s2_enc.o: ssl_locl.h
+s2_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+s2_lib.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+s2_lib.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+s2_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+s2_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s2_lib.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+s2_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s2_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s2_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s2_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s2_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s2_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+s2_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s2_lib.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+s2_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s2_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s2_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s2_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_lib.c
+s2_lib.o: ssl_locl.h
+s2_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+s2_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+s2_meth.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+s2_meth.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+s2_meth.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s2_meth.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+s2_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s2_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s2_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s2_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s2_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s2_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+s2_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s2_meth.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+s2_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s2_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s2_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s2_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_meth.c
+s2_meth.o: ssl_locl.h
+s2_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_pkt.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+s2_pkt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+s2_pkt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+s2_pkt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+s2_pkt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s2_pkt.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+s2_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s2_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s2_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s2_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s2_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s2_pkt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+s2_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s2_pkt.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+s2_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s2_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s2_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s2_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_pkt.c
+s2_pkt.o: ssl_locl.h
+s2_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_srvr.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+s2_srvr.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+s2_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+s2_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+s2_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s2_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+s2_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s2_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s2_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s2_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s2_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s2_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+s2_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s2_srvr.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+s2_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s2_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s2_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s2_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_srvr.c
+s2_srvr.o: ssl_locl.h
+s3_both.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+s3_both.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+s3_both.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+s3_both.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+s3_both.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+s3_both.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s3_both.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+s3_both.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s3_both.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s3_both.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s3_both.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s3_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s3_both.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+s3_both.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s3_both.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+s3_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s3_both.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s3_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s3_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s3_both.o: ../include/openssl/x509_vfy.h s3_both.c ssl_locl.h
+s3_cbc.o: ../crypto/constant_time_locl.h ../e_os.h ../include/openssl/asn1.h
+s3_cbc.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+s3_cbc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s3_cbc.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+s3_cbc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s3_cbc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s3_cbc.o: ../include/openssl/err.h ../include/openssl/evp.h
+s3_cbc.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+s3_cbc.o: ../include/openssl/lhash.h ../include/openssl/md5.h
+s3_cbc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s3_cbc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s3_cbc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s3_cbc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s3_cbc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+s3_cbc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s3_cbc.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+s3_cbc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s3_cbc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s3_cbc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s3_cbc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_cbc.c
+s3_cbc.o: ssl_locl.h
+s3_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s3_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s3_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+s3_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+s3_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+s3_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h
+s3_clnt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+s3_clnt.o: ../include/openssl/lhash.h ../include/openssl/md5.h
+s3_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s3_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s3_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s3_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s3_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+s3_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s3_clnt.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+s3_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s3_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s3_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s3_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s3_clnt.o: ../include/openssl/x509_vfy.h kssl_lcl.h s3_clnt.c ssl_locl.h
+s3_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+s3_enc.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+s3_enc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+s3_enc.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+s3_enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+s3_enc.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s3_enc.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+s3_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s3_enc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
+s3_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s3_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s3_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s3_enc.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+s3_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s3_enc.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+s3_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s3_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s3_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s3_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s3_enc.o: ../include/openssl/x509_vfy.h s3_enc.c ssl_locl.h
+s3_lib.o: ../crypto/ec/ec_lcl.h ../e_os.h ../include/openssl/asn1.h
+s3_lib.o: ../include/openssl/bio.h ../include/openssl/bn.h
+s3_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+s3_lib.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+s3_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+s3_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s3_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s3_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
+s3_lib.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+s3_lib.o: ../include/openssl/lhash.h ../include/openssl/md5.h
+s3_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s3_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s3_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s3_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s3_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+s3_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s3_lib.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+s3_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s3_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s3_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s3_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h
+s3_lib.o: s3_lib.c ssl_locl.h
+s3_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+s3_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+s3_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+s3_meth.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+s3_meth.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+s3_meth.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s3_meth.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+s3_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s3_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s3_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s3_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s3_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s3_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+s3_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s3_meth.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+s3_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s3_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s3_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s3_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_meth.c
+s3_meth.o: ssl_locl.h
+s3_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+s3_pkt.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+s3_pkt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+s3_pkt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+s3_pkt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+s3_pkt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s3_pkt.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+s3_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s3_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s3_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s3_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s3_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s3_pkt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+s3_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s3_pkt.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+s3_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s3_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s3_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s3_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s3_pkt.o: ../include/openssl/x509_vfy.h s3_pkt.c ssl_locl.h
+s3_srvr.o: ../crypto/constant_time_locl.h ../e_os.h ../include/openssl/asn1.h
+s3_srvr.o: ../include/openssl/bio.h ../include/openssl/bn.h
+s3_srvr.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+s3_srvr.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+s3_srvr.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+s3_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s3_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s3_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h
+s3_srvr.o: ../include/openssl/hmac.h ../include/openssl/krb5_asn.h
+s3_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s3_srvr.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
+s3_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s3_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s3_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s3_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+s3_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+s3_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s3_srvr.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+s3_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s3_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s3_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s3_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h
+s3_srvr.o: s3_srvr.c ssl_locl.h
+ssl_algs.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_algs.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+ssl_algs.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+ssl_algs.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+ssl_algs.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+ssl_algs.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+ssl_algs.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+ssl_algs.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+ssl_algs.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl_algs.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_algs.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssl_algs.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_algs.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+ssl_algs.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_algs.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+ssl_algs.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_algs.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_algs.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_algs.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_algs.c
+ssl_algs.o: ssl_locl.h
+ssl_asn1.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1_mac.h
+ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+ssl_asn1.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_asn1.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+ssl_asn1.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ssl_asn1.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ssl_asn1.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_asn1.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+ssl_asn1.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+ssl_asn1.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_asn1.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ssl_asn1.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssl_asn1.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+ssl_asn1.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_asn1.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+ssl_asn1.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_asn1.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssl_asn1.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_asn1.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssl_asn1.o: ../include/openssl/x509_vfy.h ssl_asn1.c ssl_locl.h
+ssl_cert.o: ../crypto/o_dir.h ../e_os.h ../include/openssl/asn1.h
+ssl_cert.o: ../include/openssl/bio.h ../include/openssl/bn.h
+ssl_cert.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+ssl_cert.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ssl_cert.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ssl_cert.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+ssl_cert.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+ssl_cert.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+ssl_cert.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+ssl_cert.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+ssl_cert.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl_cert.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_cert.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssl_cert.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_cert.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+ssl_cert.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_cert.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+ssl_cert.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_cert.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_cert.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_cert.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ssl_cert.o: ../include/openssl/x509v3.h ssl_cert.c ssl_locl.h
+ssl_ciph.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_ciph.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+ssl_ciph.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+ssl_ciph.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+ssl_ciph.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+ssl_ciph.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+ssl_ciph.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_ciph.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+ssl_ciph.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+ssl_ciph.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_ciph.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ssl_ciph.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssl_ciph.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+ssl_ciph.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_ciph.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+ssl_ciph.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_ciph.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssl_ciph.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_ciph.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssl_ciph.o: ../include/openssl/x509_vfy.h ssl_ciph.c ssl_locl.h
+ssl_err.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_err.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+ssl_err.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+ssl_err.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ssl_err.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ssl_err.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_err.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+ssl_err.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+ssl_err.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_err.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ssl_err.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssl_err.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+ssl_err.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_err.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+ssl_err.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_err.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_err.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_err.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_err.c
+ssl_err2.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_err2.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+ssl_err2.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+ssl_err2.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ssl_err2.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ssl_err2.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_err2.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+ssl_err2.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+ssl_err2.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_err2.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ssl_err2.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssl_err2.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+ssl_err2.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_err2.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+ssl_err2.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_err2.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_err2.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_err2.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_err2.c
+ssl_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+ssl_lib.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ssl_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ssl_lib.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+ssl_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+ssl_lib.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+ssl_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_lib.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+ssl_lib.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+ssl_lib.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+ssl_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssl_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_lib.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+ssl_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_lib.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+ssl_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssl_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssl_lib.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h kssl_lcl.h
+ssl_lib.o: ssl_lib.c ssl_locl.h
+ssl_rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_rsa.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+ssl_rsa.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+ssl_rsa.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+ssl_rsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+ssl_rsa.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+ssl_rsa.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+ssl_rsa.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+ssl_rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl_rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssl_rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_rsa.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+ssl_rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_rsa.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+ssl_rsa.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_rsa.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_rsa.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_rsa.o: ssl_rsa.c
+ssl_sess.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_sess.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+ssl_sess.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+ssl_sess.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+ssl_sess.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+ssl_sess.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+ssl_sess.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_sess.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+ssl_sess.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+ssl_sess.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_sess.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ssl_sess.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssl_sess.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+ssl_sess.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+ssl_sess.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_sess.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+ssl_sess.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_sess.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_sess.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_sess.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_sess.o: ssl_sess.c
+ssl_stat.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_stat.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+ssl_stat.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+ssl_stat.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+ssl_stat.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+ssl_stat.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+ssl_stat.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+ssl_stat.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+ssl_stat.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl_stat.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_stat.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssl_stat.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_stat.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+ssl_stat.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_stat.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+ssl_stat.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_stat.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_stat.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_stat.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_stat.o: ssl_stat.c
+ssl_txt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_txt.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+ssl_txt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+ssl_txt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+ssl_txt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+ssl_txt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+ssl_txt.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+ssl_txt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+ssl_txt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl_txt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_txt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssl_txt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_txt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+ssl_txt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_txt.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+ssl_txt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_txt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_txt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_txt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_txt.o: ssl_txt.c
+ssl_utst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_utst.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+ssl_utst.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+ssl_utst.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+ssl_utst.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+ssl_utst.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+ssl_utst.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+ssl_utst.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+ssl_utst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl_utst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_utst.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssl_utst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_utst.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+ssl_utst.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_utst.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+ssl_utst.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_utst.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_utst.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_utst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_utst.o: ssl_utst.c
+t1_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+t1_clnt.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+t1_clnt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+t1_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+t1_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+t1_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+t1_clnt.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+t1_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+t1_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+t1_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+t1_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+t1_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+t1_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+t1_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+t1_clnt.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+t1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+t1_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+t1_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+t1_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+t1_clnt.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_clnt.c
+t1_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+t1_enc.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+t1_enc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+t1_enc.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+t1_enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+t1_enc.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+t1_enc.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+t1_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+t1_enc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
+t1_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+t1_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+t1_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+t1_enc.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+t1_enc.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+t1_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+t1_enc.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+t1_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+t1_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+t1_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+t1_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+t1_enc.o: t1_enc.c
+t1_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+t1_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+t1_lib.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+t1_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+t1_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+t1_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+t1_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
+t1_lib.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+t1_lib.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+t1_lib.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+t1_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+t1_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+t1_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+t1_lib.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+t1_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+t1_lib.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+t1_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+t1_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+t1_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+t1_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+t1_lib.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h ssl_locl.h
+t1_lib.o: t1_lib.c
+t1_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+t1_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+t1_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+t1_meth.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+t1_meth.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+t1_meth.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+t1_meth.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+t1_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+t1_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+t1_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+t1_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+t1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+t1_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+t1_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+t1_meth.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+t1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+t1_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+t1_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+t1_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+t1_meth.o: t1_meth.c
+t1_reneg.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+t1_reneg.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+t1_reneg.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+t1_reneg.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+t1_reneg.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+t1_reneg.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+t1_reneg.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+t1_reneg.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+t1_reneg.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+t1_reneg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+t1_reneg.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+t1_reneg.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+t1_reneg.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+t1_reneg.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+t1_reneg.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+t1_reneg.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+t1_reneg.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+t1_reneg.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+t1_reneg.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+t1_reneg.o: t1_reneg.c
+t1_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+t1_srvr.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+t1_srvr.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+t1_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+t1_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+t1_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+t1_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+t1_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+t1_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+t1_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+t1_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+t1_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+t1_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+t1_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+t1_srvr.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+t1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+t1_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+t1_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+t1_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+t1_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_srvr.c
+tls_srp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+tls_srp.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+tls_srp.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+tls_srp.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+tls_srp.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+tls_srp.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+tls_srp.o: ../include/openssl/err.h ../include/openssl/evp.h
+tls_srp.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+tls_srp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+tls_srp.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+tls_srp.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+tls_srp.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+tls_srp.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+tls_srp.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+tls_srp.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+tls_srp.o: ../include/openssl/srp.h ../include/openssl/srtp.h
+tls_srp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+tls_srp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+tls_srp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+tls_srp.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+tls_srp.o: ../include/openssl/x509_vfy.h ssl_locl.h tls_srp.c

Deleted: vendor-crypto/openssl/1.0.1u/ssl/d1_both.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/d1_both.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/ssl/d1_both.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,1670 +0,0 @@
-/* ssl/d1_both.c */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <limits.h>
-#include <string.h>
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-#define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8)
-
-#define RSMBLY_BITMASK_MARK(bitmask, start, end) { \
-                        if ((end) - (start) <= 8) { \
-                                long ii; \
-                                for (ii = (start); ii < (end); ii++) bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \
-                        } else { \
-                                long ii; \
-                                bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \
-                                for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) bitmask[ii] = 0xff; \
-                                bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \
-                        } }
-
-#define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) { \
-                        long ii; \
-                        OPENSSL_assert((msg_len) > 0); \
-                        is_complete = 1; \
-                        if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \
-                        if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \
-                                if (bitmask[ii] != 0xff) { is_complete = 0; break; } }
-
-#if 0
-# define RSMBLY_BITMASK_PRINT(bitmask, msg_len) { \
-                        long ii; \
-                        printf("bitmask: "); for (ii = 0; ii < (msg_len); ii++) \
-                        printf("%d ", (bitmask[ii >> 3] & (1 << (ii & 7))) >> (ii & 7)); \
-                        printf("\n"); }
-#endif
-
-static unsigned char bitmask_start_values[] =
-    { 0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80 };
-static unsigned char bitmask_end_values[] =
-    { 0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f };
-
-/* XDTLS:  figure out the right values */
-static const unsigned int g_probable_mtu[] = { 1500, 512, 256 };
-
-static void dtls1_fix_message_header(SSL *s, unsigned long frag_off,
-                                     unsigned long frag_len);
-static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p);
-static void dtls1_set_message_header_int(SSL *s, unsigned char mt,
-                                         unsigned long len,
-                                         unsigned short seq_num,
-                                         unsigned long frag_off,
-                                         unsigned long frag_len);
-static long dtls1_get_message_fragment(SSL *s, int st1, int stn, long max,
-                                       int *ok);
-
-static hm_fragment *dtls1_hm_fragment_new(unsigned long frag_len,
-                                          int reassembly)
-{
-    hm_fragment *frag = NULL;
-    unsigned char *buf = NULL;
-    unsigned char *bitmask = NULL;
-
-    frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment));
-    if (frag == NULL)
-        return NULL;
-
-    if (frag_len) {
-        buf = (unsigned char *)OPENSSL_malloc(frag_len);
-        if (buf == NULL) {
-            OPENSSL_free(frag);
-            return NULL;
-        }
-    }
-
-    /* zero length fragment gets zero frag->fragment */
-    frag->fragment = buf;
-
-    /* Initialize reassembly bitmask if necessary */
-    if (reassembly) {
-        bitmask =
-            (unsigned char *)OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len));
-        if (bitmask == NULL) {
-            if (buf != NULL)
-                OPENSSL_free(buf);
-            OPENSSL_free(frag);
-            return NULL;
-        }
-        memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len));
-    }
-
-    frag->reassembly = bitmask;
-
-    return frag;
-}
-
-void dtls1_hm_fragment_free(hm_fragment *frag)
-{
-
-    if (frag->msg_header.is_ccs) {
-        EVP_CIPHER_CTX_free(frag->msg_header.
-                            saved_retransmit_state.enc_write_ctx);
-        EVP_MD_CTX_destroy(frag->msg_header.
-                           saved_retransmit_state.write_hash);
-    }
-    if (frag->fragment)
-        OPENSSL_free(frag->fragment);
-    if (frag->reassembly)
-        OPENSSL_free(frag->reassembly);
-    OPENSSL_free(frag);
-}
-
-static int dtls1_query_mtu(SSL *s)
-{
-    if (s->d1->link_mtu) {
-        s->d1->mtu =
-            s->d1->link_mtu - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s));
-        s->d1->link_mtu = 0;
-    }
-
-    /* AHA!  Figure out the MTU, and stick to the right size */
-    if (s->d1->mtu < dtls1_min_mtu(s)) {
-        if (!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
-            s->d1->mtu =
-                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
-
-            /*
-             * I've seen the kernel return bogus numbers when it doesn't know
-             * (initial write), so just make sure we have a reasonable number
-             */
-            if (s->d1->mtu < dtls1_min_mtu(s)) {
-                /* Set to min mtu */
-                s->d1->mtu = dtls1_min_mtu(s);
-                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
-                         s->d1->mtu, NULL);
-            }
-        } else
-            return 0;
-    }
-    return 1;
-}
-
-/*
- * send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or
- * SSL3_RT_CHANGE_CIPHER_SPEC)
- */
-int dtls1_do_write(SSL *s, int type)
-{
-    int ret;
-    unsigned int curr_mtu;
-    int retry = 1;
-    unsigned int len, frag_off, mac_size, blocksize, used_len;
-
-    if (!dtls1_query_mtu(s))
-        return -1;
-
-    OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu(s)); /* should have something
-                                                     * reasonable now */
-
-    if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
-        OPENSSL_assert(s->init_num ==
-                       (int)s->d1->w_msg_hdr.msg_len +
-                       DTLS1_HM_HEADER_LENGTH);
-
-    if (s->write_hash)
-        mac_size = EVP_MD_CTX_size(s->write_hash);
-    else
-        mac_size = 0;
-
-    if (s->enc_write_ctx &&
-        (EVP_CIPHER_mode(s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE))
-        blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
-    else
-        blocksize = 0;
-
-    frag_off = 0;
-    /* s->init_num shouldn't ever be < 0...but just in case */
-    while (s->init_num > 0) {
-        used_len = BIO_wpending(SSL_get_wbio(s)) + DTLS1_RT_HEADER_LENGTH
-            + mac_size + blocksize;
-        if (s->d1->mtu > used_len)
-            curr_mtu = s->d1->mtu - used_len;
-        else
-            curr_mtu = 0;
-
-        if (curr_mtu <= DTLS1_HM_HEADER_LENGTH) {
-            /*
-             * grr.. we could get an error if MTU picked was wrong
-             */
-            ret = BIO_flush(SSL_get_wbio(s));
-            if (ret <= 0)
-                return ret;
-            used_len = DTLS1_RT_HEADER_LENGTH + mac_size + blocksize;
-            if (s->d1->mtu > used_len + DTLS1_HM_HEADER_LENGTH) {
-                curr_mtu = s->d1->mtu - used_len;
-            } else {
-                /* Shouldn't happen */
-                return -1;
-            }
-        }
-
-        /*
-         * We just checked that s->init_num > 0 so this cast should be safe
-         */
-        if (((unsigned int)s->init_num) > curr_mtu)
-            len = curr_mtu;
-        else
-            len = s->init_num;
-
-        /* Shouldn't ever happen */
-        if (len > INT_MAX)
-            len = INT_MAX;
-
-        /*
-         * XDTLS: this function is too long.  split out the CCS part
-         */
-        if (type == SSL3_RT_HANDSHAKE) {
-            if (s->init_off != 0) {
-                OPENSSL_assert(s->init_off > DTLS1_HM_HEADER_LENGTH);
-                s->init_off -= DTLS1_HM_HEADER_LENGTH;
-                s->init_num += DTLS1_HM_HEADER_LENGTH;
-
-                /*
-                 * We just checked that s->init_num > 0 so this cast should
-                 * be safe
-                 */
-                if (((unsigned int)s->init_num) > curr_mtu)
-                    len = curr_mtu;
-                else
-                    len = s->init_num;
-            }
-
-            /* Shouldn't ever happen */
-            if (len > INT_MAX)
-                len = INT_MAX;
-
-            if (len < DTLS1_HM_HEADER_LENGTH) {
-                /*
-                 * len is so small that we really can't do anything sensible
-                 * so fail
-                 */
-                return -1;
-            }
-            dtls1_fix_message_header(s, frag_off,
-                                     len - DTLS1_HM_HEADER_LENGTH);
-
-            dtls1_write_message_header(s,
-                                       (unsigned char *)&s->init_buf->
-                                       data[s->init_off]);
-        }
-
-        ret = dtls1_write_bytes(s, type, &s->init_buf->data[s->init_off],
-                                len);
-        if (ret < 0) {
-            /*
-             * might need to update MTU here, but we don't know which
-             * previous packet caused the failure -- so can't really
-             * retransmit anything.  continue as if everything is fine and
-             * wait for an alert to handle the retransmit
-             */
-            if (retry && BIO_ctrl(SSL_get_wbio(s),
-                                  BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0) {
-                if (!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
-                    if (!dtls1_query_mtu(s))
-                        return -1;
-                    /* Have one more go */
-                    retry = 0;
-                } else
-                    return -1;
-            } else {
-                return (-1);
-            }
-        } else {
-
-            /*
-             * bad if this assert fails, only part of the handshake message
-             * got sent.  but why would this happen?
-             */
-            OPENSSL_assert(len == (unsigned int)ret);
-
-            if (type == SSL3_RT_HANDSHAKE && !s->d1->retransmitting) {
-                /*
-                 * should not be done for 'Hello Request's, but in that case
-                 * we'll ignore the result anyway
-                 */
-                unsigned char *p =
-                    (unsigned char *)&s->init_buf->data[s->init_off];
-                const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
-                int xlen;
-
-                if (frag_off == 0 && s->version != DTLS1_BAD_VER) {
-                    /*
-                     * reconstruct message header is if it is being sent in
-                     * single fragment
-                     */
-                    *p++ = msg_hdr->type;
-                    l2n3(msg_hdr->msg_len, p);
-                    s2n(msg_hdr->seq, p);
-                    l2n3(0, p);
-                    l2n3(msg_hdr->msg_len, p);
-                    p -= DTLS1_HM_HEADER_LENGTH;
-                    xlen = ret;
-                } else {
-                    p += DTLS1_HM_HEADER_LENGTH;
-                    xlen = ret - DTLS1_HM_HEADER_LENGTH;
-                }
-
-                ssl3_finish_mac(s, p, xlen);
-            }
-
-            if (ret == s->init_num) {
-                if (s->msg_callback)
-                    s->msg_callback(1, s->version, type, s->init_buf->data,
-                                    (size_t)(s->init_off + s->init_num), s,
-                                    s->msg_callback_arg);
-
-                s->init_off = 0; /* done writing this message */
-                s->init_num = 0;
-
-                return (1);
-            }
-            s->init_off += ret;
-            s->init_num -= ret;
-            frag_off += (ret -= DTLS1_HM_HEADER_LENGTH);
-        }
-    }
-    return (0);
-}
-
-/*
- * Obtain handshake message of message type 'mt' (any if mt == -1), maximum
- * acceptable body length 'max'. Read an entire handshake message.  Handshake
- * messages arrive in fragments.
- */
-long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
-{
-    int i, al;
-    struct hm_header_st *msg_hdr;
-    unsigned char *p;
-    unsigned long msg_len;
-
-    /*
-     * s3->tmp is used to store messages that are unexpected, caused by the
-     * absence of an optional handshake message
-     */
-    if (s->s3->tmp.reuse_message) {
-        s->s3->tmp.reuse_message = 0;
-        if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
-            al = SSL_AD_UNEXPECTED_MESSAGE;
-            SSLerr(SSL_F_DTLS1_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
-            goto f_err;
-        }
-        *ok = 1;
-        s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
-        s->init_num = (int)s->s3->tmp.message_size;
-        return s->init_num;
-    }
-
-    msg_hdr = &s->d1->r_msg_hdr;
-    memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
-
- again:
-    i = dtls1_get_message_fragment(s, st1, stn, max, ok);
-    if (i == DTLS1_HM_BAD_FRAGMENT || i == DTLS1_HM_FRAGMENT_RETRY) {
-        /* bad fragment received */
-        goto again;
-    } else if (i <= 0 && !*ok) {
-        return i;
-    }
-
-    if (mt >= 0 && s->s3->tmp.message_type != mt) {
-        al = SSL_AD_UNEXPECTED_MESSAGE;
-        SSLerr(SSL_F_DTLS1_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
-        goto f_err;
-    }
-
-    p = (unsigned char *)s->init_buf->data;
-    msg_len = msg_hdr->msg_len;
-
-    /* reconstruct message header */
-    *(p++) = msg_hdr->type;
-    l2n3(msg_len, p);
-    s2n(msg_hdr->seq, p);
-    l2n3(0, p);
-    l2n3(msg_len, p);
-    if (s->version != DTLS1_BAD_VER) {
-        p -= DTLS1_HM_HEADER_LENGTH;
-        msg_len += DTLS1_HM_HEADER_LENGTH;
-    }
-
-    ssl3_finish_mac(s, p, msg_len);
-    if (s->msg_callback)
-        s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
-                        p, msg_len, s, s->msg_callback_arg);
-
-    memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
-
-    /* Don't change sequence numbers while listening */
-    if (!s->d1->listen)
-        s->d1->handshake_read_seq++;
-
-    s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
-    return s->init_num;
-
- f_err:
-    ssl3_send_alert(s, SSL3_AL_FATAL, al);
-    *ok = 0;
-    return -1;
-}
-
-static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr,
-                                     int max)
-{
-    size_t frag_off, frag_len, msg_len;
-
-    msg_len = msg_hdr->msg_len;
-    frag_off = msg_hdr->frag_off;
-    frag_len = msg_hdr->frag_len;
-
-    /* sanity checking */
-    if ((frag_off + frag_len) > msg_len) {
-        SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE);
-        return SSL_AD_ILLEGAL_PARAMETER;
-    }
-
-    if ((frag_off + frag_len) > (unsigned long)max) {
-        SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE);
-        return SSL_AD_ILLEGAL_PARAMETER;
-    }
-
-    if (s->d1->r_msg_hdr.frag_off == 0) { /* first fragment */
-        /*
-         * msg_len is limited to 2^24, but is effectively checked against max
-         * above
-         */
-        if (!BUF_MEM_grow_clean
-            (s->init_buf, msg_len + DTLS1_HM_HEADER_LENGTH)) {
-            SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, ERR_R_BUF_LIB);
-            return SSL_AD_INTERNAL_ERROR;
-        }
-
-        s->s3->tmp.message_size = msg_len;
-        s->d1->r_msg_hdr.msg_len = msg_len;
-        s->s3->tmp.message_type = msg_hdr->type;
-        s->d1->r_msg_hdr.type = msg_hdr->type;
-        s->d1->r_msg_hdr.seq = msg_hdr->seq;
-    } else if (msg_len != s->d1->r_msg_hdr.msg_len) {
-        /*
-         * They must be playing with us! BTW, failure to enforce upper limit
-         * would open possibility for buffer overrun.
-         */
-        SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE);
-        return SSL_AD_ILLEGAL_PARAMETER;
-    }
-
-    return 0;                   /* no error */
-}
-
-static int dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
-{
-    /*-
-     * (0) check whether the desired fragment is available
-     * if so:
-     * (1) copy over the fragment to s->init_buf->data[]
-     * (2) update s->init_num
-     */
-    pitem *item;
-    hm_fragment *frag;
-    int al;
-
-    *ok = 0;
-    item = pqueue_peek(s->d1->buffered_messages);
-    if (item == NULL)
-        return 0;
-
-    frag = (hm_fragment *)item->data;
-
-    /* Don't return if reassembly still in progress */
-    if (frag->reassembly != NULL)
-        return 0;
-
-    if (s->d1->handshake_read_seq == frag->msg_header.seq) {
-        unsigned long frag_len = frag->msg_header.frag_len;
-        pqueue_pop(s->d1->buffered_messages);
-
-        al = dtls1_preprocess_fragment(s, &frag->msg_header, max);
-
-        if (al == 0) {          /* no alert */
-            unsigned char *p =
-                (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
-            memcpy(&p[frag->msg_header.frag_off], frag->fragment,
-                   frag->msg_header.frag_len);
-        }
-
-        dtls1_hm_fragment_free(frag);
-        pitem_free(item);
-
-        if (al == 0) {
-            *ok = 1;
-            return frag_len;
-        }
-
-        ssl3_send_alert(s, SSL3_AL_FATAL, al);
-        s->init_num = 0;
-        *ok = 0;
-        return -1;
-    } else
-        return 0;
-}
-
-/*
- * dtls1_max_handshake_message_len returns the maximum number of bytes
- * permitted in a DTLS handshake message for |s|. The minimum is 16KB, but
- * may be greater if the maximum certificate list size requires it.
- */
-static unsigned long dtls1_max_handshake_message_len(const SSL *s)
-{
-    unsigned long max_len =
-        DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
-    if (max_len < (unsigned long)s->max_cert_list)
-        return s->max_cert_list;
-    return max_len;
-}
-
-static int
-dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr, int *ok)
-{
-    hm_fragment *frag = NULL;
-    pitem *item = NULL;
-    int i = -1, is_complete;
-    unsigned char seq64be[8];
-    unsigned long frag_len = msg_hdr->frag_len;
-
-    if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len ||
-        msg_hdr->msg_len > dtls1_max_handshake_message_len(s))
-        goto err;
-
-    if (frag_len == 0)
-        return DTLS1_HM_FRAGMENT_RETRY;
-
-    /* Try to find item in queue */
-    memset(seq64be, 0, sizeof(seq64be));
-    seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
-    seq64be[7] = (unsigned char)msg_hdr->seq;
-    item = pqueue_find(s->d1->buffered_messages, seq64be);
-
-    if (item == NULL) {
-        frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1);
-        if (frag == NULL)
-            goto err;
-        memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
-        frag->msg_header.frag_len = frag->msg_header.msg_len;
-        frag->msg_header.frag_off = 0;
-    } else {
-        frag = (hm_fragment *)item->data;
-        if (frag->msg_header.msg_len != msg_hdr->msg_len) {
-            item = NULL;
-            frag = NULL;
-            goto err;
-        }
-    }
-
-    /*
-     * If message is already reassembled, this must be a retransmit and can
-     * be dropped. In this case item != NULL and so frag does not need to be
-     * freed.
-     */
-    if (frag->reassembly == NULL) {
-        unsigned char devnull[256];
-
-        while (frag_len) {
-            i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
-                                          devnull,
-                                          frag_len >
-                                          sizeof(devnull) ? sizeof(devnull) :
-                                          frag_len, 0);
-            if (i <= 0)
-                goto err;
-            frag_len -= i;
-        }
-        return DTLS1_HM_FRAGMENT_RETRY;
-    }
-
-    /* read the body of the fragment (header has already been read */
-    i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
-                                  frag->fragment + msg_hdr->frag_off,
-                                  frag_len, 0);
-    if ((unsigned long)i != frag_len)
-        i = -1;
-    if (i <= 0)
-        goto err;
-
-    RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
-                        (long)(msg_hdr->frag_off + frag_len));
-
-    RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len,
-                               is_complete);
-
-    if (is_complete) {
-        OPENSSL_free(frag->reassembly);
-        frag->reassembly = NULL;
-    }
-
-    if (item == NULL) {
-        item = pitem_new(seq64be, frag);
-        if (item == NULL) {
-            i = -1;
-            goto err;
-        }
-
-        item = pqueue_insert(s->d1->buffered_messages, item);
-        /*
-         * pqueue_insert fails iff a duplicate item is inserted. However,
-         * |item| cannot be a duplicate. If it were, |pqueue_find|, above,
-         * would have returned it and control would never have reached this
-         * branch.
-         */
-        OPENSSL_assert(item != NULL);
-    }
-
-    return DTLS1_HM_FRAGMENT_RETRY;
-
- err:
-    if (frag != NULL && item == NULL)
-        dtls1_hm_fragment_free(frag);
-    *ok = 0;
-    return i;
-}
-
-static int
-dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr,
-                                 int *ok)
-{
-    int i = -1;
-    hm_fragment *frag = NULL;
-    pitem *item = NULL;
-    unsigned char seq64be[8];
-    unsigned long frag_len = msg_hdr->frag_len;
-
-    if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len)
-        goto err;
-
-    /* Try to find item in queue, to prevent duplicate entries */
-    memset(seq64be, 0, sizeof(seq64be));
-    seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
-    seq64be[7] = (unsigned char)msg_hdr->seq;
-    item = pqueue_find(s->d1->buffered_messages, seq64be);
-
-    /*
-     * If we already have an entry and this one is a fragment, don't discard
-     * it and rather try to reassemble it.
-     */
-    if (item != NULL && frag_len != msg_hdr->msg_len)
-        item = NULL;
-
-    /*
-     * Discard the message if sequence number was already there, is too far
-     * in the future, already in the queue or if we received a FINISHED
-     * before the SERVER_HELLO, which then must be a stale retransmit.
-     */
-    if (msg_hdr->seq <= s->d1->handshake_read_seq ||
-        msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL ||
-        (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED))
-    {
-        unsigned char devnull[256];
-
-        while (frag_len) {
-            i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
-                                          devnull,
-                                          frag_len >
-                                          sizeof(devnull) ? sizeof(devnull) :
-                                          frag_len, 0);
-            if (i <= 0)
-                goto err;
-            frag_len -= i;
-        }
-    } else {
-        if (frag_len != msg_hdr->msg_len)
-            return dtls1_reassemble_fragment(s, msg_hdr, ok);
-
-        if (frag_len > dtls1_max_handshake_message_len(s))
-            goto err;
-
-        frag = dtls1_hm_fragment_new(frag_len, 0);
-        if (frag == NULL)
-            goto err;
-
-        memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
-
-        if (frag_len) {
-            /*
-             * read the body of the fragment (header has already been read
-             */
-            i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
-                                          frag->fragment, frag_len, 0);
-            if ((unsigned long)i != frag_len)
-                i = -1;
-            if (i <= 0)
-                goto err;
-        }
-
-        item = pitem_new(seq64be, frag);
-        if (item == NULL)
-            goto err;
-
-        item = pqueue_insert(s->d1->buffered_messages, item);
-        /*
-         * pqueue_insert fails iff a duplicate item is inserted. However,
-         * |item| cannot be a duplicate. If it were, |pqueue_find|, above,
-         * would have returned it. Then, either |frag_len| !=
-         * |msg_hdr->msg_len| in which case |item| is set to NULL and it will
-         * have been processed with |dtls1_reassemble_fragment|, above, or
-         * the record will have been discarded.
-         */
-        OPENSSL_assert(item != NULL);
-    }
-
-    return DTLS1_HM_FRAGMENT_RETRY;
-
- err:
-    if (frag != NULL && item == NULL)
-        dtls1_hm_fragment_free(frag);
-    *ok = 0;
-    return i;
-}
-
-static long
-dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
-{
-    unsigned char wire[DTLS1_HM_HEADER_LENGTH];
-    unsigned long len, frag_off, frag_len;
-    int i, al;
-    struct hm_header_st msg_hdr;
-
- redo:
-    /* see if we have the required fragment already */
-    if ((frag_len = dtls1_retrieve_buffered_fragment(s, max, ok)) || *ok) {
-        if (*ok)
-            s->init_num = frag_len;
-        return frag_len;
-    }
-
-    /* read handshake message header */
-    i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, wire,
-                                  DTLS1_HM_HEADER_LENGTH, 0);
-    if (i <= 0) {               /* nbio, or an error */
-        s->rwstate = SSL_READING;
-        *ok = 0;
-        return i;
-    }
-    /* Handshake fails if message header is incomplete */
-    if (i != DTLS1_HM_HEADER_LENGTH) {
-        al = SSL_AD_UNEXPECTED_MESSAGE;
-        SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL_R_UNEXPECTED_MESSAGE);
-        goto f_err;
-    }
-
-    /* parse the message fragment header */
-    dtls1_get_message_header(wire, &msg_hdr);
-
-    len = msg_hdr.msg_len;
-    frag_off = msg_hdr.frag_off;
-    frag_len = msg_hdr.frag_len;
-
-    /*
-     * We must have at least frag_len bytes left in the record to be read.
-     * Fragments must not span records.
-     */
-    if (frag_len > s->s3->rrec.length) {
-        al = SSL3_AD_ILLEGAL_PARAMETER;
-        SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL_R_BAD_LENGTH);
-        goto f_err;
-    }
-
-    /*
-     * if this is a future (or stale) message it gets buffered
-     * (or dropped)--no further processing at this time
-     * While listening, we accept seq 1 (ClientHello with cookie)
-     * although we're still expecting seq 0 (ClientHello)
-     */
-    if (msg_hdr.seq != s->d1->handshake_read_seq
-        && !(s->d1->listen && msg_hdr.seq == 1))
-        return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
-
-    if (frag_len && frag_len < len)
-        return dtls1_reassemble_fragment(s, &msg_hdr, ok);
-
-    if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&
-        wire[0] == SSL3_MT_HELLO_REQUEST) {
-        /*
-         * The server may always send 'Hello Request' messages -- we are
-         * doing a handshake anyway now, so ignore them if their format is
-         * correct. Does not count for 'Finished' MAC.
-         */
-        if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) {
-            if (s->msg_callback)
-                s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
-                                wire, DTLS1_HM_HEADER_LENGTH, s,
-                                s->msg_callback_arg);
-
-            s->init_num = 0;
-            goto redo;
-        } else {                /* Incorrectly formated Hello request */
-
-            al = SSL_AD_UNEXPECTED_MESSAGE;
-            SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,
-                   SSL_R_UNEXPECTED_MESSAGE);
-            goto f_err;
-        }
-    }
-
-    if ((al = dtls1_preprocess_fragment(s, &msg_hdr, max)))
-        goto f_err;
-
-    if (frag_len > 0) {
-        unsigned char *p =
-            (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
-
-        i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
-                                      &p[frag_off], frag_len, 0);
-
-        /*
-         * This shouldn't ever fail due to NBIO because we already checked
-         * that we have enough data in the record
-         */
-        if (i <= 0) {
-            s->rwstate = SSL_READING;
-            *ok = 0;
-            return i;
-        }
-    } else
-        i = 0;
-
-    /*
-     * XDTLS: an incorrectly formatted fragment should cause the handshake
-     * to fail
-     */
-    if (i != (int)frag_len) {
-        al = SSL3_AD_ILLEGAL_PARAMETER;
-        SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL3_AD_ILLEGAL_PARAMETER);
-        goto f_err;
-    }
-
-    *ok = 1;
-    s->state = stn;
-
-    /*
-     * Note that s->init_num is *not* used as current offset in
-     * s->init_buf->data, but as a counter summing up fragments' lengths: as
-     * soon as they sum up to handshake packet length, we assume we have got
-     * all the fragments.
-     */
-    s->init_num = frag_len;
-    return frag_len;
-
- f_err:
-    ssl3_send_alert(s, SSL3_AL_FATAL, al);
-    s->init_num = 0;
-
-    *ok = 0;
-    return (-1);
-}
-
-int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
-{
-    unsigned char *p, *d;
-    int i;
-    unsigned long l;
-
-    if (s->state == a) {
-        d = (unsigned char *)s->init_buf->data;
-        p = &(d[DTLS1_HM_HEADER_LENGTH]);
-
-        i = s->method->ssl3_enc->final_finish_mac(s,
-                                                  sender, slen,
-                                                  s->s3->tmp.finish_md);
-        s->s3->tmp.finish_md_len = i;
-        memcpy(p, s->s3->tmp.finish_md, i);
-        p += i;
-        l = i;
-
-        /*
-         * Copy the finished so we can use it for renegotiation checks
-         */
-        if (s->type == SSL_ST_CONNECT) {
-            OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
-            memcpy(s->s3->previous_client_finished, s->s3->tmp.finish_md, i);
-            s->s3->previous_client_finished_len = i;
-        } else {
-            OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
-            memcpy(s->s3->previous_server_finished, s->s3->tmp.finish_md, i);
-            s->s3->previous_server_finished_len = i;
-        }
-
-#ifdef OPENSSL_SYS_WIN16
-        /*
-         * MSVC 1.5 does not clear the top bytes of the word unless I do
-         * this.
-         */
-        l &= 0xffff;
-#endif
-
-        d = dtls1_set_message_header(s, d, SSL3_MT_FINISHED, l, 0, l);
-        s->init_num = (int)l + DTLS1_HM_HEADER_LENGTH;
-        s->init_off = 0;
-
-        /* buffer the message to handle re-xmits */
-        dtls1_buffer_message(s, 0);
-
-        s->state = b;
-    }
-
-    /* SSL3_ST_SEND_xxxxxx_HELLO_B */
-    return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
-}
-
-/*-
- * for these 2 messages, we need to
- * ssl->enc_read_ctx                    re-init
- * ssl->s3->read_sequence               zero
- * ssl->s3->read_mac_secret             re-init
- * ssl->session->read_sym_enc           assign
- * ssl->session->read_compression       assign
- * ssl->session->read_hash              assign
- */
-int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
-{
-    unsigned char *p;
-
-    if (s->state == a) {
-        p = (unsigned char *)s->init_buf->data;
-        *p++ = SSL3_MT_CCS;
-        s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
-        s->init_num = DTLS1_CCS_HEADER_LENGTH;
-
-        if (s->version == DTLS1_BAD_VER) {
-            s->d1->next_handshake_write_seq++;
-            s2n(s->d1->handshake_write_seq, p);
-            s->init_num += 2;
-        }
-
-        s->init_off = 0;
-
-        dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
-                                     s->d1->handshake_write_seq, 0, 0);
-
-        /* buffer the message to handle re-xmits */
-        dtls1_buffer_message(s, 1);
-
-        s->state = b;
-    }
-
-    /* SSL3_ST_CW_CHANGE_B */
-    return (dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC));
-}
-
-static int dtls1_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
-{
-    int n;
-    unsigned char *p;
-
-    n = i2d_X509(x, NULL);
-    if (!BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) {
-        SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
-        return 0;
-    }
-    p = (unsigned char *)&(buf->data[*l]);
-    l2n3(n, p);
-    i2d_X509(x, &p);
-    *l += n + 3;
-
-    return 1;
-}
-
-unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
-{
-    unsigned char *p;
-    int i;
-    unsigned long l = 3 + DTLS1_HM_HEADER_LENGTH;
-    BUF_MEM *buf;
-
-    /* TLSv1 sends a chain with nothing in it, instead of an alert */
-    buf = s->init_buf;
-    if (!BUF_MEM_grow_clean(buf, 10)) {
-        SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN, ERR_R_BUF_LIB);
-        return (0);
-    }
-    if (x != NULL) {
-        X509_STORE_CTX xs_ctx;
-
-        if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store, x, NULL)) {
-            SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN, ERR_R_X509_LIB);
-            return (0);
-        }
-
-        X509_verify_cert(&xs_ctx);
-        /* Don't leave errors in the queue */
-        ERR_clear_error();
-        for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) {
-            x = sk_X509_value(xs_ctx.chain, i);
-
-            if (!dtls1_add_cert_to_buf(buf, &l, x)) {
-                X509_STORE_CTX_cleanup(&xs_ctx);
-                return 0;
-            }
-        }
-        X509_STORE_CTX_cleanup(&xs_ctx);
-    }
-    /* Thawte special :-) */
-    for (i = 0; i < sk_X509_num(s->ctx->extra_certs); i++) {
-        x = sk_X509_value(s->ctx->extra_certs, i);
-        if (!dtls1_add_cert_to_buf(buf, &l, x))
-            return 0;
-    }
-
-    l -= (3 + DTLS1_HM_HEADER_LENGTH);
-
-    p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
-    l2n3(l, p);
-    l += 3;
-    p = (unsigned char *)&(buf->data[0]);
-    p = dtls1_set_message_header(s, p, SSL3_MT_CERTIFICATE, l, 0, l);
-
-    l += DTLS1_HM_HEADER_LENGTH;
-    return (l);
-}
-
-int dtls1_read_failed(SSL *s, int code)
-{
-    if (code > 0) {
-        fprintf(stderr, "invalid state reached %s:%d", __FILE__, __LINE__);
-        return 1;
-    }
-
-    if (!dtls1_is_timer_expired(s)) {
-        /*
-         * not a timeout, none of our business, let higher layers handle
-         * this.  in fact it's probably an error
-         */
-        return code;
-    }
-#ifndef OPENSSL_NO_HEARTBEATS
-    /* done, no need to send a retransmit */
-    if (!SSL_in_init(s) && !s->tlsext_hb_pending)
-#else
-    /* done, no need to send a retransmit */
-    if (!SSL_in_init(s))
-#endif
-    {
-        BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ);
-        return code;
-    }
-#if 0                           /* for now, each alert contains only one
-                                 * record number */
-    item = pqueue_peek(state->rcvd_records);
-    if (item) {
-        /* send an alert immediately for all the missing records */
-    } else
-#endif
-
-#if 0                           /* no more alert sending, just retransmit the
-                                 * last set of messages */
-    if (state->timeout.read_timeouts >= DTLS1_TMO_READ_COUNT)
-        ssl3_send_alert(s, SSL3_AL_WARNING,
-                        DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
-#endif
-
-    return dtls1_handle_timeout(s);
-}
-
-int dtls1_get_queue_priority(unsigned short seq, int is_ccs)
-{
-    /*
-     * The index of the retransmission queue actually is the message sequence
-     * number, since the queue only contains messages of a single handshake.
-     * However, the ChangeCipherSpec has no message sequence number and so
-     * using only the sequence will result in the CCS and Finished having the
-     * same index. To prevent this, the sequence number is multiplied by 2.
-     * In case of a CCS 1 is subtracted. This does not only differ CSS and
-     * Finished, it also maintains the order of the index (important for
-     * priority queues) and fits in the unsigned short variable.
-     */
-    return seq * 2 - is_ccs;
-}
-
-int dtls1_retransmit_buffered_messages(SSL *s)
-{
-    pqueue sent = s->d1->sent_messages;
-    piterator iter;
-    pitem *item;
-    hm_fragment *frag;
-    int found = 0;
-
-    iter = pqueue_iterator(sent);
-
-    for (item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter)) {
-        frag = (hm_fragment *)item->data;
-        if (dtls1_retransmit_message(s, (unsigned short)
-                                     dtls1_get_queue_priority
-                                     (frag->msg_header.seq,
-                                      frag->msg_header.is_ccs), 0,
-                                     &found) <= 0 && found) {
-            fprintf(stderr, "dtls1_retransmit_message() failed\n");
-            return -1;
-        }
-    }
-
-    return 1;
-}
-
-int dtls1_buffer_message(SSL *s, int is_ccs)
-{
-    pitem *item;
-    hm_fragment *frag;
-    unsigned char seq64be[8];
-
-    /*
-     * this function is called immediately after a message has been
-     * serialized
-     */
-    OPENSSL_assert(s->init_off == 0);
-
-    frag = dtls1_hm_fragment_new(s->init_num, 0);
-    if (!frag)
-        return 0;
-
-    memcpy(frag->fragment, s->init_buf->data, s->init_num);
-
-    if (is_ccs) {
-        OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
-                       ((s->version ==
-                         DTLS1_VERSION) ? DTLS1_CCS_HEADER_LENGTH : 3) ==
-                       (unsigned int)s->init_num);
-    } else {
-        OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
-                       DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);
-    }
-
-    frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;
-    frag->msg_header.seq = s->d1->w_msg_hdr.seq;
-    frag->msg_header.type = s->d1->w_msg_hdr.type;
-    frag->msg_header.frag_off = 0;
-    frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len;
-    frag->msg_header.is_ccs = is_ccs;
-
-    /* save current state */
-    frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx;
-    frag->msg_header.saved_retransmit_state.write_hash = s->write_hash;
-    frag->msg_header.saved_retransmit_state.compress = s->compress;
-    frag->msg_header.saved_retransmit_state.session = s->session;
-    frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch;
-
-    memset(seq64be, 0, sizeof(seq64be));
-    seq64be[6] =
-        (unsigned
-         char)(dtls1_get_queue_priority(frag->msg_header.seq,
-                                        frag->msg_header.is_ccs) >> 8);
-    seq64be[7] =
-        (unsigned
-         char)(dtls1_get_queue_priority(frag->msg_header.seq,
-                                        frag->msg_header.is_ccs));
-
-    item = pitem_new(seq64be, frag);
-    if (item == NULL) {
-        dtls1_hm_fragment_free(frag);
-        return 0;
-    }
-#if 0
-    fprintf(stderr, "buffered messge: \ttype = %xx\n", msg_buf->type);
-    fprintf(stderr, "\t\t\t\t\tlen = %d\n", msg_buf->len);
-    fprintf(stderr, "\t\t\t\t\tseq_num = %d\n", msg_buf->seq_num);
-#endif
-
-    pqueue_insert(s->d1->sent_messages, item);
-    return 1;
-}
-
-int
-dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
-                         int *found)
-{
-    int ret;
-    /* XDTLS: for now assuming that read/writes are blocking */
-    pitem *item;
-    hm_fragment *frag;
-    unsigned long header_length;
-    unsigned char seq64be[8];
-    struct dtls1_retransmit_state saved_state;
-    unsigned char save_write_sequence[8];
-
-    /*-
-      OPENSSL_assert(s->init_num == 0);
-      OPENSSL_assert(s->init_off == 0);
-     */
-
-    /* XDTLS:  the requested message ought to be found, otherwise error */
-    memset(seq64be, 0, sizeof(seq64be));
-    seq64be[6] = (unsigned char)(seq >> 8);
-    seq64be[7] = (unsigned char)seq;
-
-    item = pqueue_find(s->d1->sent_messages, seq64be);
-    if (item == NULL) {
-        fprintf(stderr, "retransmit:  message %d non-existant\n", seq);
-        *found = 0;
-        return 0;
-    }
-
-    *found = 1;
-    frag = (hm_fragment *)item->data;
-
-    if (frag->msg_header.is_ccs)
-        header_length = DTLS1_CCS_HEADER_LENGTH;
-    else
-        header_length = DTLS1_HM_HEADER_LENGTH;
-
-    memcpy(s->init_buf->data, frag->fragment,
-           frag->msg_header.msg_len + header_length);
-    s->init_num = frag->msg_header.msg_len + header_length;
-
-    dtls1_set_message_header_int(s, frag->msg_header.type,
-                                 frag->msg_header.msg_len,
-                                 frag->msg_header.seq, 0,
-                                 frag->msg_header.frag_len);
-
-    /* save current state */
-    saved_state.enc_write_ctx = s->enc_write_ctx;
-    saved_state.write_hash = s->write_hash;
-    saved_state.compress = s->compress;
-    saved_state.session = s->session;
-    saved_state.epoch = s->d1->w_epoch;
-    saved_state.epoch = s->d1->w_epoch;
-
-    s->d1->retransmitting = 1;
-
-    /* restore state in which the message was originally sent */
-    s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx;
-    s->write_hash = frag->msg_header.saved_retransmit_state.write_hash;
-    s->compress = frag->msg_header.saved_retransmit_state.compress;
-    s->session = frag->msg_header.saved_retransmit_state.session;
-    s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch;
-
-    if (frag->msg_header.saved_retransmit_state.epoch ==
-        saved_state.epoch - 1) {
-        memcpy(save_write_sequence, s->s3->write_sequence,
-               sizeof(s->s3->write_sequence));
-        memcpy(s->s3->write_sequence, s->d1->last_write_sequence,
-               sizeof(s->s3->write_sequence));
-    }
-
-    ret = dtls1_do_write(s, frag->msg_header.is_ccs ?
-                         SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);
-
-    /* restore current state */
-    s->enc_write_ctx = saved_state.enc_write_ctx;
-    s->write_hash = saved_state.write_hash;
-    s->compress = saved_state.compress;
-    s->session = saved_state.session;
-    s->d1->w_epoch = saved_state.epoch;
-
-    if (frag->msg_header.saved_retransmit_state.epoch ==
-        saved_state.epoch - 1) {
-        memcpy(s->d1->last_write_sequence, s->s3->write_sequence,
-               sizeof(s->s3->write_sequence));
-        memcpy(s->s3->write_sequence, save_write_sequence,
-               sizeof(s->s3->write_sequence));
-    }
-
-    s->d1->retransmitting = 0;
-
-    (void)BIO_flush(SSL_get_wbio(s));
-    return ret;
-}
-
-/* call this function when the buffered messages are no longer needed */
-void dtls1_clear_record_buffer(SSL *s)
-{
-    pitem *item;
-
-    for (item = pqueue_pop(s->d1->sent_messages);
-         item != NULL; item = pqueue_pop(s->d1->sent_messages)) {
-        dtls1_hm_fragment_free((hm_fragment *)item->data);
-        pitem_free(item);
-    }
-}
-
-unsigned char *dtls1_set_message_header(SSL *s, unsigned char *p,
-                                        unsigned char mt, unsigned long len,
-                                        unsigned long frag_off,
-                                        unsigned long frag_len)
-{
-    /* Don't change sequence numbers while listening */
-    if (frag_off == 0 && !s->d1->listen) {
-        s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
-        s->d1->next_handshake_write_seq++;
-    }
-
-    dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,
-                                 frag_off, frag_len);
-
-    return p += DTLS1_HM_HEADER_LENGTH;
-}
-
-/* don't actually do the writing, wait till the MTU has been retrieved */
-static void
-dtls1_set_message_header_int(SSL *s, unsigned char mt,
-                             unsigned long len, unsigned short seq_num,
-                             unsigned long frag_off, unsigned long frag_len)
-{
-    struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
-
-    msg_hdr->type = mt;
-    msg_hdr->msg_len = len;
-    msg_hdr->seq = seq_num;
-    msg_hdr->frag_off = frag_off;
-    msg_hdr->frag_len = frag_len;
-}
-
-static void
-dtls1_fix_message_header(SSL *s, unsigned long frag_off,
-                         unsigned long frag_len)
-{
-    struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
-
-    msg_hdr->frag_off = frag_off;
-    msg_hdr->frag_len = frag_len;
-}
-
-static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p)
-{
-    struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
-
-    *p++ = msg_hdr->type;
-    l2n3(msg_hdr->msg_len, p);
-
-    s2n(msg_hdr->seq, p);
-    l2n3(msg_hdr->frag_off, p);
-    l2n3(msg_hdr->frag_len, p);
-
-    return p;
-}
-
-unsigned int dtls1_link_min_mtu(void)
-{
-    return (g_probable_mtu[(sizeof(g_probable_mtu) /
-                            sizeof(g_probable_mtu[0])) - 1]);
-}
-
-unsigned int dtls1_min_mtu(SSL *s)
-{
-    return dtls1_link_min_mtu() - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s));
-}
-
-void
-dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
-{
-    memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
-    msg_hdr->type = *(data++);
-    n2l3(data, msg_hdr->msg_len);
-
-    n2s(data, msg_hdr->seq);
-    n2l3(data, msg_hdr->frag_off);
-    n2l3(data, msg_hdr->frag_len);
-}
-
-void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr)
-{
-    memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st));
-
-    ccs_hdr->type = *(data++);
-}
-
-int dtls1_shutdown(SSL *s)
-{
-    int ret;
-#ifndef OPENSSL_NO_SCTP
-    BIO *wbio;
-
-    wbio = SSL_get_wbio(s);
-    if (wbio != NULL && BIO_dgram_is_sctp(wbio) &&
-        !(s->shutdown & SSL_SENT_SHUTDOWN)) {
-        ret = BIO_dgram_sctp_wait_for_dry(wbio);
-        if (ret < 0)
-            return -1;
-
-        if (ret == 0)
-            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1,
-                     NULL);
-    }
-#endif
-    ret = ssl3_shutdown(s);
-#ifndef OPENSSL_NO_SCTP
-    BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 0, NULL);
-#endif
-    return ret;
-}
-
-#ifndef OPENSSL_NO_HEARTBEATS
-int dtls1_process_heartbeat(SSL *s)
-{
-    unsigned char *p = &s->s3->rrec.data[0], *pl;
-    unsigned short hbtype;
-    unsigned int payload;
-    unsigned int padding = 16;  /* Use minimum padding */
-
-    if (s->msg_callback)
-        s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
-                        &s->s3->rrec.data[0], s->s3->rrec.length,
-                        s, s->msg_callback_arg);
-
-    /* Read type and payload length first */
-    if (1 + 2 + 16 > s->s3->rrec.length)
-        return 0;               /* silently discard */
-    if (s->s3->rrec.length > SSL3_RT_MAX_PLAIN_LENGTH)
-        return 0;               /* silently discard per RFC 6520 sec. 4 */
-
-    hbtype = *p++;
-    n2s(p, payload);
-    if (1 + 2 + payload + 16 > s->s3->rrec.length)
-        return 0;               /* silently discard per RFC 6520 sec. 4 */
-    pl = p;
-
-    if (hbtype == TLS1_HB_REQUEST) {
-        unsigned char *buffer, *bp;
-        unsigned int write_length = 1 /* heartbeat type */  +
-            2 /* heartbeat length */  +
-            payload + padding;
-        int r;
-
-        if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
-            return 0;
-
-        /*
-         * Allocate memory for the response, size is 1 byte message type,
-         * plus 2 bytes payload length, plus payload, plus padding
-         */
-        buffer = OPENSSL_malloc(write_length);
-        bp = buffer;
-
-        /* Enter response type, length and copy payload */
-        *bp++ = TLS1_HB_RESPONSE;
-        s2n(payload, bp);
-        memcpy(bp, pl, payload);
-        bp += payload;
-        /* Random padding */
-        if (RAND_pseudo_bytes(bp, padding) < 0) {
-            OPENSSL_free(buffer);
-            return -1;
-        }
-
-        r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
-
-        if (r >= 0 && s->msg_callback)
-            s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
-                            buffer, write_length, s, s->msg_callback_arg);
-
-        OPENSSL_free(buffer);
-
-        if (r < 0)
-            return r;
-    } else if (hbtype == TLS1_HB_RESPONSE) {
-        unsigned int seq;
-
-        /*
-         * We only send sequence numbers (2 bytes unsigned int), and 16
-         * random bytes, so we just try to read the sequence number
-         */
-        n2s(pl, seq);
-
-        if (payload == 18 && seq == s->tlsext_hb_seq) {
-            dtls1_stop_timer(s);
-            s->tlsext_hb_seq++;
-            s->tlsext_hb_pending = 0;
-        }
-    }
-
-    return 0;
-}
-
-int dtls1_heartbeat(SSL *s)
-{
-    unsigned char *buf, *p;
-    int ret = -1;
-    unsigned int payload = 18;  /* Sequence number + random bytes */
-    unsigned int padding = 16;  /* Use minimum padding */
-
-    /* Only send if peer supports and accepts HB requests... */
-    if (!(s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) ||
-        s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS) {
-        SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT);
-        return -1;
-    }
-
-    /* ...and there is none in flight yet... */
-    if (s->tlsext_hb_pending) {
-        SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PENDING);
-        return -1;
-    }
-
-    /* ...and no handshake in progress. */
-    if (SSL_in_init(s) || s->in_handshake) {
-        SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_UNEXPECTED_MESSAGE);
-        return -1;
-    }
-
-    /*
-     * Check if padding is too long, payload and padding must not exceed 2^14
-     * - 3 = 16381 bytes in total.
-     */
-    OPENSSL_assert(payload + padding <= 16381);
-
-    /*-
-     * Create HeartBeat message, we just use a sequence number
-     * as payload to distuingish different messages and add
-     * some random stuff.
-     *  - Message Type, 1 byte
-     *  - Payload Length, 2 bytes (unsigned int)
-     *  - Payload, the sequence number (2 bytes uint)
-     *  - Payload, random bytes (16 bytes uint)
-     *  - Padding
-     */
-    buf = OPENSSL_malloc(1 + 2 + payload + padding);
-    p = buf;
-    /* Message Type */
-    *p++ = TLS1_HB_REQUEST;
-    /* Payload length (18 bytes here) */
-    s2n(payload, p);
-    /* Sequence number */
-    s2n(s->tlsext_hb_seq, p);
-    /* 16 random bytes */
-    if (RAND_pseudo_bytes(p, 16) < 0)
-        goto err;
-    p += 16;
-    /* Random padding */
-    if (RAND_pseudo_bytes(p, padding) < 0)
-        goto err;
-
-    ret = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding);
-    if (ret >= 0) {
-        if (s->msg_callback)
-            s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
-                            buf, 3 + payload + padding,
-                            s, s->msg_callback_arg);
-
-        dtls1_start_timer(s);
-        s->tlsext_hb_pending = 1;
-    }
-
-err:
-    OPENSSL_free(buf);
-
-    return ret;
-}
-#endif

Copied: vendor-crypto/openssl/1.0.1u/ssl/d1_both.c (from rev 11605, vendor-crypto/openssl/dist/ssl/d1_both.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/ssl/d1_both.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/ssl/d1_both.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,1703 @@
+/* ssl/d1_both.c */
+/*
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <limits.h>
+#include <string.h>
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+#define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8)
+
+#define RSMBLY_BITMASK_MARK(bitmask, start, end) { \
+                        if ((end) - (start) <= 8) { \
+                                long ii; \
+                                for (ii = (start); ii < (end); ii++) bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \
+                        } else { \
+                                long ii; \
+                                bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \
+                                for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) bitmask[ii] = 0xff; \
+                                bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \
+                        } }
+
+#define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) { \
+                        long ii; \
+                        OPENSSL_assert((msg_len) > 0); \
+                        is_complete = 1; \
+                        if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \
+                        if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \
+                                if (bitmask[ii] != 0xff) { is_complete = 0; break; } }
+
+#if 0
+# define RSMBLY_BITMASK_PRINT(bitmask, msg_len) { \
+                        long ii; \
+                        printf("bitmask: "); for (ii = 0; ii < (msg_len); ii++) \
+                        printf("%d ", (bitmask[ii >> 3] & (1 << (ii & 7))) >> (ii & 7)); \
+                        printf("\n"); }
+#endif
+
+static unsigned char bitmask_start_values[] =
+    { 0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80 };
+static unsigned char bitmask_end_values[] =
+    { 0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f };
+
+/* XDTLS:  figure out the right values */
+static const unsigned int g_probable_mtu[] = { 1500, 512, 256 };
+
+static void dtls1_fix_message_header(SSL *s, unsigned long frag_off,
+                                     unsigned long frag_len);
+static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p);
+static void dtls1_set_message_header_int(SSL *s, unsigned char mt,
+                                         unsigned long len,
+                                         unsigned short seq_num,
+                                         unsigned long frag_off,
+                                         unsigned long frag_len);
+static long dtls1_get_message_fragment(SSL *s, int st1, int stn, long max,
+                                       int *ok);
+
+static hm_fragment *dtls1_hm_fragment_new(unsigned long frag_len,
+                                          int reassembly)
+{
+    hm_fragment *frag = NULL;
+    unsigned char *buf = NULL;
+    unsigned char *bitmask = NULL;
+
+    frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment));
+    if (frag == NULL)
+        return NULL;
+
+    if (frag_len) {
+        buf = (unsigned char *)OPENSSL_malloc(frag_len);
+        if (buf == NULL) {
+            OPENSSL_free(frag);
+            return NULL;
+        }
+    }
+
+    /* zero length fragment gets zero frag->fragment */
+    frag->fragment = buf;
+
+    /* Initialize reassembly bitmask if necessary */
+    if (reassembly) {
+        bitmask =
+            (unsigned char *)OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len));
+        if (bitmask == NULL) {
+            if (buf != NULL)
+                OPENSSL_free(buf);
+            OPENSSL_free(frag);
+            return NULL;
+        }
+        memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len));
+    }
+
+    frag->reassembly = bitmask;
+
+    return frag;
+}
+
+void dtls1_hm_fragment_free(hm_fragment *frag)
+{
+
+    if (frag->msg_header.is_ccs) {
+        EVP_CIPHER_CTX_free(frag->msg_header.
+                            saved_retransmit_state.enc_write_ctx);
+        EVP_MD_CTX_destroy(frag->msg_header.
+                           saved_retransmit_state.write_hash);
+    }
+    if (frag->fragment)
+        OPENSSL_free(frag->fragment);
+    if (frag->reassembly)
+        OPENSSL_free(frag->reassembly);
+    OPENSSL_free(frag);
+}
+
+static int dtls1_query_mtu(SSL *s)
+{
+    if (s->d1->link_mtu) {
+        s->d1->mtu =
+            s->d1->link_mtu - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s));
+        s->d1->link_mtu = 0;
+    }
+
+    /* AHA!  Figure out the MTU, and stick to the right size */
+    if (s->d1->mtu < dtls1_min_mtu(s)) {
+        if (!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
+            s->d1->mtu =
+                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
+
+            /*
+             * I've seen the kernel return bogus numbers when it doesn't know
+             * (initial write), so just make sure we have a reasonable number
+             */
+            if (s->d1->mtu < dtls1_min_mtu(s)) {
+                /* Set to min mtu */
+                s->d1->mtu = dtls1_min_mtu(s);
+                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
+                         s->d1->mtu, NULL);
+            }
+        } else
+            return 0;
+    }
+    return 1;
+}
+
+/*
+ * send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or
+ * SSL3_RT_CHANGE_CIPHER_SPEC)
+ */
+int dtls1_do_write(SSL *s, int type)
+{
+    int ret;
+    unsigned int curr_mtu;
+    int retry = 1;
+    unsigned int len, frag_off, mac_size, blocksize, used_len;
+
+    if (!dtls1_query_mtu(s))
+        return -1;
+
+    OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu(s)); /* should have something
+                                                     * reasonable now */
+
+    if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
+        OPENSSL_assert(s->init_num ==
+                       (int)s->d1->w_msg_hdr.msg_len +
+                       DTLS1_HM_HEADER_LENGTH);
+
+    if (s->write_hash)
+        mac_size = EVP_MD_CTX_size(s->write_hash);
+    else
+        mac_size = 0;
+
+    if (s->enc_write_ctx &&
+        (EVP_CIPHER_mode(s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE))
+        blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
+    else
+        blocksize = 0;
+
+    frag_off = 0;
+    s->rwstate = SSL_NOTHING;
+
+    /* s->init_num shouldn't ever be < 0...but just in case */
+    while (s->init_num > 0) {
+        if (type == SSL3_RT_HANDSHAKE && s->init_off != 0) {
+            /* We must be writing a fragment other than the first one */
+
+            if (frag_off > 0) {
+                /* This is the first attempt at writing out this fragment */
+
+                if (s->init_off <= DTLS1_HM_HEADER_LENGTH) {
+                    /*
+                     * Each fragment that was already sent must at least have
+                     * contained the message header plus one other byte.
+                     * Therefore |init_off| must have progressed by at least
+                     * |DTLS1_HM_HEADER_LENGTH + 1| bytes. If not something went
+                     * wrong.
+                     */
+                    return -1;
+                }
+
+                /*
+                 * Adjust |init_off| and |init_num| to allow room for a new
+                 * message header for this fragment.
+                 */
+                s->init_off -= DTLS1_HM_HEADER_LENGTH;
+                s->init_num += DTLS1_HM_HEADER_LENGTH;
+            } else {
+                /*
+                 * We must have been called again after a retry so use the
+                 * fragment offset from our last attempt. We do not need
+                 * to adjust |init_off| and |init_num| as above, because
+                 * that should already have been done before the retry.
+                 */
+                frag_off = s->d1->w_msg_hdr.frag_off;
+            }
+        }
+
+        used_len = BIO_wpending(SSL_get_wbio(s)) + DTLS1_RT_HEADER_LENGTH
+            + mac_size + blocksize;
+        if (s->d1->mtu > used_len)
+            curr_mtu = s->d1->mtu - used_len;
+        else
+            curr_mtu = 0;
+
+        if (curr_mtu <= DTLS1_HM_HEADER_LENGTH) {
+            /*
+             * grr.. we could get an error if MTU picked was wrong
+             */
+            ret = BIO_flush(SSL_get_wbio(s));
+            if (ret <= 0) {
+                s->rwstate = SSL_WRITING;
+                return ret;
+            }
+            used_len = DTLS1_RT_HEADER_LENGTH + mac_size + blocksize;
+            if (s->d1->mtu > used_len + DTLS1_HM_HEADER_LENGTH) {
+                curr_mtu = s->d1->mtu - used_len;
+            } else {
+                /* Shouldn't happen */
+                return -1;
+            }
+        }
+
+        /*
+         * We just checked that s->init_num > 0 so this cast should be safe
+         */
+        if (((unsigned int)s->init_num) > curr_mtu)
+            len = curr_mtu;
+        else
+            len = s->init_num;
+
+        /* Shouldn't ever happen */
+        if (len > INT_MAX)
+            len = INT_MAX;
+
+        /*
+         * XDTLS: this function is too long.  split out the CCS part
+         */
+        if (type == SSL3_RT_HANDSHAKE) {
+            if (len < DTLS1_HM_HEADER_LENGTH) {
+                /*
+                 * len is so small that we really can't do anything sensible
+                 * so fail
+                 */
+                return -1;
+            }
+            dtls1_fix_message_header(s, frag_off,
+                                     len - DTLS1_HM_HEADER_LENGTH);
+
+            dtls1_write_message_header(s,
+                                       (unsigned char *)&s->init_buf->
+                                       data[s->init_off]);
+        }
+
+        ret = dtls1_write_bytes(s, type, &s->init_buf->data[s->init_off],
+                                len);
+        if (ret < 0) {
+            /*
+             * might need to update MTU here, but we don't know which
+             * previous packet caused the failure -- so can't really
+             * retransmit anything.  continue as if everything is fine and
+             * wait for an alert to handle the retransmit
+             */
+            if (retry && BIO_ctrl(SSL_get_wbio(s),
+                                  BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0) {
+                if (!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
+                    if (!dtls1_query_mtu(s))
+                        return -1;
+                    /* Have one more go */
+                    retry = 0;
+                } else
+                    return -1;
+            } else {
+                return (-1);
+            }
+        } else {
+
+            /*
+             * bad if this assert fails, only part of the handshake message
+             * got sent.  but why would this happen?
+             */
+            OPENSSL_assert(len == (unsigned int)ret);
+
+            if (type == SSL3_RT_HANDSHAKE && !s->d1->retransmitting) {
+                /*
+                 * should not be done for 'Hello Request's, but in that case
+                 * we'll ignore the result anyway
+                 */
+                unsigned char *p =
+                    (unsigned char *)&s->init_buf->data[s->init_off];
+                const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
+                int xlen;
+
+                if (frag_off == 0 && s->version != DTLS1_BAD_VER) {
+                    /*
+                     * reconstruct message header is if it is being sent in
+                     * single fragment
+                     */
+                    *p++ = msg_hdr->type;
+                    l2n3(msg_hdr->msg_len, p);
+                    s2n(msg_hdr->seq, p);
+                    l2n3(0, p);
+                    l2n3(msg_hdr->msg_len, p);
+                    p -= DTLS1_HM_HEADER_LENGTH;
+                    xlen = ret;
+                } else {
+                    p += DTLS1_HM_HEADER_LENGTH;
+                    xlen = ret - DTLS1_HM_HEADER_LENGTH;
+                }
+
+                ssl3_finish_mac(s, p, xlen);
+            }
+
+            if (ret == s->init_num) {
+                if (s->msg_callback)
+                    s->msg_callback(1, s->version, type, s->init_buf->data,
+                                    (size_t)(s->init_off + s->init_num), s,
+                                    s->msg_callback_arg);
+
+                s->init_off = 0; /* done writing this message */
+                s->init_num = 0;
+
+                return (1);
+            }
+            s->init_off += ret;
+            s->init_num -= ret;
+            ret -= DTLS1_HM_HEADER_LENGTH;
+            frag_off += ret;
+
+            /*
+             * We save the fragment offset for the next fragment so we have it
+             * available in case of an IO retry. We don't know the length of the
+             * next fragment yet so just set that to 0 for now. It will be
+             * updated again later.
+             */
+            dtls1_fix_message_header(s, frag_off, 0);
+        }
+    }
+    return (0);
+}
+
+/*
+ * Obtain handshake message of message type 'mt' (any if mt == -1), maximum
+ * acceptable body length 'max'. Read an entire handshake message.  Handshake
+ * messages arrive in fragments.
+ */
+long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
+{
+    int i, al;
+    struct hm_header_st *msg_hdr;
+    unsigned char *p;
+    unsigned long msg_len;
+
+    /*
+     * s3->tmp is used to store messages that are unexpected, caused by the
+     * absence of an optional handshake message
+     */
+    if (s->s3->tmp.reuse_message) {
+        s->s3->tmp.reuse_message = 0;
+        if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
+            al = SSL_AD_UNEXPECTED_MESSAGE;
+            SSLerr(SSL_F_DTLS1_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
+            goto f_err;
+        }
+        *ok = 1;
+        s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
+        s->init_num = (int)s->s3->tmp.message_size;
+        return s->init_num;
+    }
+
+    msg_hdr = &s->d1->r_msg_hdr;
+    memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
+
+ again:
+    i = dtls1_get_message_fragment(s, st1, stn, max, ok);
+    if (i == DTLS1_HM_BAD_FRAGMENT || i == DTLS1_HM_FRAGMENT_RETRY) {
+        /* bad fragment received */
+        goto again;
+    } else if (i <= 0 && !*ok) {
+        return i;
+    }
+
+    if (mt >= 0 && s->s3->tmp.message_type != mt) {
+        al = SSL_AD_UNEXPECTED_MESSAGE;
+        SSLerr(SSL_F_DTLS1_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
+        goto f_err;
+    }
+
+    p = (unsigned char *)s->init_buf->data;
+    msg_len = msg_hdr->msg_len;
+
+    /* reconstruct message header */
+    *(p++) = msg_hdr->type;
+    l2n3(msg_len, p);
+    s2n(msg_hdr->seq, p);
+    l2n3(0, p);
+    l2n3(msg_len, p);
+    if (s->version != DTLS1_BAD_VER) {
+        p -= DTLS1_HM_HEADER_LENGTH;
+        msg_len += DTLS1_HM_HEADER_LENGTH;
+    }
+
+    ssl3_finish_mac(s, p, msg_len);
+    if (s->msg_callback)
+        s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
+                        p, msg_len, s, s->msg_callback_arg);
+
+    memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
+
+    /* Don't change sequence numbers while listening */
+    if (!s->d1->listen)
+        s->d1->handshake_read_seq++;
+
+    s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
+    return s->init_num;
+
+ f_err:
+    ssl3_send_alert(s, SSL3_AL_FATAL, al);
+    *ok = 0;
+    return -1;
+}
+
+static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr,
+                                     int max)
+{
+    size_t frag_off, frag_len, msg_len;
+
+    msg_len = msg_hdr->msg_len;
+    frag_off = msg_hdr->frag_off;
+    frag_len = msg_hdr->frag_len;
+
+    /* sanity checking */
+    if ((frag_off + frag_len) > msg_len) {
+        SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE);
+        return SSL_AD_ILLEGAL_PARAMETER;
+    }
+
+    if ((frag_off + frag_len) > (unsigned long)max) {
+        SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE);
+        return SSL_AD_ILLEGAL_PARAMETER;
+    }
+
+    if (s->d1->r_msg_hdr.frag_off == 0) { /* first fragment */
+        /*
+         * msg_len is limited to 2^24, but is effectively checked against max
+         * above
+         *
+         * Make buffer slightly larger than message length as a precaution
+         * against small OOB reads e.g. CVE-2016-6306
+         */
+        if (!BUF_MEM_grow_clean
+            (s->init_buf, msg_len + DTLS1_HM_HEADER_LENGTH + 16)) {
+            SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, ERR_R_BUF_LIB);
+            return SSL_AD_INTERNAL_ERROR;
+        }
+
+        s->s3->tmp.message_size = msg_len;
+        s->d1->r_msg_hdr.msg_len = msg_len;
+        s->s3->tmp.message_type = msg_hdr->type;
+        s->d1->r_msg_hdr.type = msg_hdr->type;
+        s->d1->r_msg_hdr.seq = msg_hdr->seq;
+    } else if (msg_len != s->d1->r_msg_hdr.msg_len) {
+        /*
+         * They must be playing with us! BTW, failure to enforce upper limit
+         * would open possibility for buffer overrun.
+         */
+        SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE);
+        return SSL_AD_ILLEGAL_PARAMETER;
+    }
+
+    return 0;                   /* no error */
+}
+
+static int dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
+{
+    /*-
+     * (0) check whether the desired fragment is available
+     * if so:
+     * (1) copy over the fragment to s->init_buf->data[]
+     * (2) update s->init_num
+     */
+    pitem *item;
+    hm_fragment *frag;
+    int al;
+
+    *ok = 0;
+    do {
+        item = pqueue_peek(s->d1->buffered_messages);
+        if (item == NULL)
+            return 0;
+
+        frag = (hm_fragment *)item->data;
+
+        if (frag->msg_header.seq < s->d1->handshake_read_seq) {
+            /* This is a stale message that has been buffered so clear it */
+            pqueue_pop(s->d1->buffered_messages);
+            dtls1_hm_fragment_free(frag);
+            pitem_free(item);
+            item = NULL;
+            frag = NULL;
+        }
+    } while (item == NULL);
+
+
+    /* Don't return if reassembly still in progress */
+    if (frag->reassembly != NULL)
+        return 0;
+
+    if (s->d1->handshake_read_seq == frag->msg_header.seq) {
+        unsigned long frag_len = frag->msg_header.frag_len;
+        pqueue_pop(s->d1->buffered_messages);
+
+        al = dtls1_preprocess_fragment(s, &frag->msg_header, max);
+
+        if (al == 0) {          /* no alert */
+            unsigned char *p =
+                (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
+            memcpy(&p[frag->msg_header.frag_off], frag->fragment,
+                   frag->msg_header.frag_len);
+        }
+
+        dtls1_hm_fragment_free(frag);
+        pitem_free(item);
+
+        if (al == 0) {
+            *ok = 1;
+            return frag_len;
+        }
+
+        ssl3_send_alert(s, SSL3_AL_FATAL, al);
+        s->init_num = 0;
+        *ok = 0;
+        return -1;
+    } else
+        return 0;
+}
+
+/*
+ * dtls1_max_handshake_message_len returns the maximum number of bytes
+ * permitted in a DTLS handshake message for |s|. The minimum is 16KB, but
+ * may be greater if the maximum certificate list size requires it.
+ */
+static unsigned long dtls1_max_handshake_message_len(const SSL *s)
+{
+    unsigned long max_len =
+        DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
+    if (max_len < (unsigned long)s->max_cert_list)
+        return s->max_cert_list;
+    return max_len;
+}
+
+static int
+dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr, int *ok)
+{
+    hm_fragment *frag = NULL;
+    pitem *item = NULL;
+    int i = -1, is_complete;
+    unsigned char seq64be[8];
+    unsigned long frag_len = msg_hdr->frag_len;
+
+    if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len ||
+        msg_hdr->msg_len > dtls1_max_handshake_message_len(s))
+        goto err;
+
+    if (frag_len == 0)
+        return DTLS1_HM_FRAGMENT_RETRY;
+
+    /* Try to find item in queue */
+    memset(seq64be, 0, sizeof(seq64be));
+    seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
+    seq64be[7] = (unsigned char)msg_hdr->seq;
+    item = pqueue_find(s->d1->buffered_messages, seq64be);
+
+    if (item == NULL) {
+        frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1);
+        if (frag == NULL)
+            goto err;
+        memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
+        frag->msg_header.frag_len = frag->msg_header.msg_len;
+        frag->msg_header.frag_off = 0;
+    } else {
+        frag = (hm_fragment *)item->data;
+        if (frag->msg_header.msg_len != msg_hdr->msg_len) {
+            item = NULL;
+            frag = NULL;
+            goto err;
+        }
+    }
+
+    /*
+     * If message is already reassembled, this must be a retransmit and can
+     * be dropped. In this case item != NULL and so frag does not need to be
+     * freed.
+     */
+    if (frag->reassembly == NULL) {
+        unsigned char devnull[256];
+
+        while (frag_len) {
+            i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
+                                          devnull,
+                                          frag_len >
+                                          sizeof(devnull) ? sizeof(devnull) :
+                                          frag_len, 0);
+            if (i <= 0)
+                goto err;
+            frag_len -= i;
+        }
+        return DTLS1_HM_FRAGMENT_RETRY;
+    }
+
+    /* read the body of the fragment (header has already been read */
+    i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
+                                  frag->fragment + msg_hdr->frag_off,
+                                  frag_len, 0);
+    if ((unsigned long)i != frag_len)
+        i = -1;
+    if (i <= 0)
+        goto err;
+
+    RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
+                        (long)(msg_hdr->frag_off + frag_len));
+
+    RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len,
+                               is_complete);
+
+    if (is_complete) {
+        OPENSSL_free(frag->reassembly);
+        frag->reassembly = NULL;
+    }
+
+    if (item == NULL) {
+        item = pitem_new(seq64be, frag);
+        if (item == NULL) {
+            i = -1;
+            goto err;
+        }
+
+        item = pqueue_insert(s->d1->buffered_messages, item);
+        /*
+         * pqueue_insert fails iff a duplicate item is inserted. However,
+         * |item| cannot be a duplicate. If it were, |pqueue_find|, above,
+         * would have returned it and control would never have reached this
+         * branch.
+         */
+        OPENSSL_assert(item != NULL);
+    }
+
+    return DTLS1_HM_FRAGMENT_RETRY;
+
+ err:
+    if (frag != NULL && item == NULL)
+        dtls1_hm_fragment_free(frag);
+    *ok = 0;
+    return i;
+}
+
+static int
+dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr,
+                                 int *ok)
+{
+    int i = -1;
+    hm_fragment *frag = NULL;
+    pitem *item = NULL;
+    unsigned char seq64be[8];
+    unsigned long frag_len = msg_hdr->frag_len;
+
+    if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len)
+        goto err;
+
+    /* Try to find item in queue, to prevent duplicate entries */
+    memset(seq64be, 0, sizeof(seq64be));
+    seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
+    seq64be[7] = (unsigned char)msg_hdr->seq;
+    item = pqueue_find(s->d1->buffered_messages, seq64be);
+
+    /*
+     * If we already have an entry and this one is a fragment, don't discard
+     * it and rather try to reassemble it.
+     */
+    if (item != NULL && frag_len != msg_hdr->msg_len)
+        item = NULL;
+
+    /*
+     * Discard the message if sequence number was already there, is too far
+     * in the future, already in the queue or if we received a FINISHED
+     * before the SERVER_HELLO, which then must be a stale retransmit.
+     */
+    if (msg_hdr->seq <= s->d1->handshake_read_seq ||
+        msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL ||
+        (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED))
+    {
+        unsigned char devnull[256];
+
+        while (frag_len) {
+            i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
+                                          devnull,
+                                          frag_len >
+                                          sizeof(devnull) ? sizeof(devnull) :
+                                          frag_len, 0);
+            if (i <= 0)
+                goto err;
+            frag_len -= i;
+        }
+    } else {
+        if (frag_len != msg_hdr->msg_len)
+            return dtls1_reassemble_fragment(s, msg_hdr, ok);
+
+        if (frag_len > dtls1_max_handshake_message_len(s))
+            goto err;
+
+        frag = dtls1_hm_fragment_new(frag_len, 0);
+        if (frag == NULL)
+            goto err;
+
+        memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
+
+        if (frag_len) {
+            /*
+             * read the body of the fragment (header has already been read
+             */
+            i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
+                                          frag->fragment, frag_len, 0);
+            if ((unsigned long)i != frag_len)
+                i = -1;
+            if (i <= 0)
+                goto err;
+        }
+
+        item = pitem_new(seq64be, frag);
+        if (item == NULL)
+            goto err;
+
+        item = pqueue_insert(s->d1->buffered_messages, item);
+        /*
+         * pqueue_insert fails iff a duplicate item is inserted. However,
+         * |item| cannot be a duplicate. If it were, |pqueue_find|, above,
+         * would have returned it. Then, either |frag_len| !=
+         * |msg_hdr->msg_len| in which case |item| is set to NULL and it will
+         * have been processed with |dtls1_reassemble_fragment|, above, or
+         * the record will have been discarded.
+         */
+        OPENSSL_assert(item != NULL);
+    }
+
+    return DTLS1_HM_FRAGMENT_RETRY;
+
+ err:
+    if (frag != NULL && item == NULL)
+        dtls1_hm_fragment_free(frag);
+    *ok = 0;
+    return i;
+}
+
+static long
+dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
+{
+    unsigned char wire[DTLS1_HM_HEADER_LENGTH];
+    unsigned long len, frag_off, frag_len;
+    int i, al;
+    struct hm_header_st msg_hdr;
+
+ redo:
+    /* see if we have the required fragment already */
+    if ((frag_len = dtls1_retrieve_buffered_fragment(s, max, ok)) || *ok) {
+        if (*ok)
+            s->init_num = frag_len;
+        return frag_len;
+    }
+
+    /* read handshake message header */
+    i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, wire,
+                                  DTLS1_HM_HEADER_LENGTH, 0);
+    if (i <= 0) {               /* nbio, or an error */
+        s->rwstate = SSL_READING;
+        *ok = 0;
+        return i;
+    }
+    /* Handshake fails if message header is incomplete */
+    if (i != DTLS1_HM_HEADER_LENGTH) {
+        al = SSL_AD_UNEXPECTED_MESSAGE;
+        SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL_R_UNEXPECTED_MESSAGE);
+        goto f_err;
+    }
+
+    /* parse the message fragment header */
+    dtls1_get_message_header(wire, &msg_hdr);
+
+    len = msg_hdr.msg_len;
+    frag_off = msg_hdr.frag_off;
+    frag_len = msg_hdr.frag_len;
+
+    /*
+     * We must have at least frag_len bytes left in the record to be read.
+     * Fragments must not span records.
+     */
+    if (frag_len > s->s3->rrec.length) {
+        al = SSL3_AD_ILLEGAL_PARAMETER;
+        SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL_R_BAD_LENGTH);
+        goto f_err;
+    }
+
+    /*
+     * if this is a future (or stale) message it gets buffered
+     * (or dropped)--no further processing at this time
+     * While listening, we accept seq 1 (ClientHello with cookie)
+     * although we're still expecting seq 0 (ClientHello)
+     */
+    if (msg_hdr.seq != s->d1->handshake_read_seq
+        && !(s->d1->listen && msg_hdr.seq == 1))
+        return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
+
+    if (frag_len && frag_len < len)
+        return dtls1_reassemble_fragment(s, &msg_hdr, ok);
+
+    if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&
+        wire[0] == SSL3_MT_HELLO_REQUEST) {
+        /*
+         * The server may always send 'Hello Request' messages -- we are
+         * doing a handshake anyway now, so ignore them if their format is
+         * correct. Does not count for 'Finished' MAC.
+         */
+        if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) {
+            if (s->msg_callback)
+                s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
+                                wire, DTLS1_HM_HEADER_LENGTH, s,
+                                s->msg_callback_arg);
+
+            s->init_num = 0;
+            goto redo;
+        } else {                /* Incorrectly formated Hello request */
+
+            al = SSL_AD_UNEXPECTED_MESSAGE;
+            SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,
+                   SSL_R_UNEXPECTED_MESSAGE);
+            goto f_err;
+        }
+    }
+
+    if ((al = dtls1_preprocess_fragment(s, &msg_hdr, max)))
+        goto f_err;
+
+    if (frag_len > 0) {
+        unsigned char *p =
+            (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
+
+        i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
+                                      &p[frag_off], frag_len, 0);
+
+        /*
+         * This shouldn't ever fail due to NBIO because we already checked
+         * that we have enough data in the record
+         */
+        if (i <= 0) {
+            s->rwstate = SSL_READING;
+            *ok = 0;
+            return i;
+        }
+    } else
+        i = 0;
+
+    /*
+     * XDTLS: an incorrectly formatted fragment should cause the handshake
+     * to fail
+     */
+    if (i != (int)frag_len) {
+        al = SSL3_AD_ILLEGAL_PARAMETER;
+        SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL3_AD_ILLEGAL_PARAMETER);
+        goto f_err;
+    }
+
+    *ok = 1;
+    s->state = stn;
+
+    /*
+     * Note that s->init_num is *not* used as current offset in
+     * s->init_buf->data, but as a counter summing up fragments' lengths: as
+     * soon as they sum up to handshake packet length, we assume we have got
+     * all the fragments.
+     */
+    s->init_num = frag_len;
+    return frag_len;
+
+ f_err:
+    ssl3_send_alert(s, SSL3_AL_FATAL, al);
+    s->init_num = 0;
+
+    *ok = 0;
+    return (-1);
+}
+
+int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
+{
+    unsigned char *p, *d;
+    int i;
+    unsigned long l;
+
+    if (s->state == a) {
+        d = (unsigned char *)s->init_buf->data;
+        p = &(d[DTLS1_HM_HEADER_LENGTH]);
+
+        i = s->method->ssl3_enc->final_finish_mac(s,
+                                                  sender, slen,
+                                                  s->s3->tmp.finish_md);
+        s->s3->tmp.finish_md_len = i;
+        memcpy(p, s->s3->tmp.finish_md, i);
+        p += i;
+        l = i;
+
+        /*
+         * Copy the finished so we can use it for renegotiation checks
+         */
+        if (s->type == SSL_ST_CONNECT) {
+            OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
+            memcpy(s->s3->previous_client_finished, s->s3->tmp.finish_md, i);
+            s->s3->previous_client_finished_len = i;
+        } else {
+            OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
+            memcpy(s->s3->previous_server_finished, s->s3->tmp.finish_md, i);
+            s->s3->previous_server_finished_len = i;
+        }
+
+#ifdef OPENSSL_SYS_WIN16
+        /*
+         * MSVC 1.5 does not clear the top bytes of the word unless I do
+         * this.
+         */
+        l &= 0xffff;
+#endif
+
+        d = dtls1_set_message_header(s, d, SSL3_MT_FINISHED, l, 0, l);
+        s->init_num = (int)l + DTLS1_HM_HEADER_LENGTH;
+        s->init_off = 0;
+
+        /* buffer the message to handle re-xmits */
+        dtls1_buffer_message(s, 0);
+
+        s->state = b;
+    }
+
+    /* SSL3_ST_SEND_xxxxxx_HELLO_B */
+    return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+}
+
+/*-
+ * for these 2 messages, we need to
+ * ssl->enc_read_ctx                    re-init
+ * ssl->s3->read_sequence               zero
+ * ssl->s3->read_mac_secret             re-init
+ * ssl->session->read_sym_enc           assign
+ * ssl->session->read_compression       assign
+ * ssl->session->read_hash              assign
+ */
+int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
+{
+    unsigned char *p;
+
+    if (s->state == a) {
+        p = (unsigned char *)s->init_buf->data;
+        *p++ = SSL3_MT_CCS;
+        s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
+        s->init_num = DTLS1_CCS_HEADER_LENGTH;
+
+        if (s->version == DTLS1_BAD_VER) {
+            s->d1->next_handshake_write_seq++;
+            s2n(s->d1->handshake_write_seq, p);
+            s->init_num += 2;
+        }
+
+        s->init_off = 0;
+
+        dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
+                                     s->d1->handshake_write_seq, 0, 0);
+
+        /* buffer the message to handle re-xmits */
+        dtls1_buffer_message(s, 1);
+
+        s->state = b;
+    }
+
+    /* SSL3_ST_CW_CHANGE_B */
+    return (dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC));
+}
+
+static int dtls1_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
+{
+    int n;
+    unsigned char *p;
+
+    n = i2d_X509(x, NULL);
+    if (!BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) {
+        SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
+        return 0;
+    }
+    p = (unsigned char *)&(buf->data[*l]);
+    l2n3(n, p);
+    i2d_X509(x, &p);
+    *l += n + 3;
+
+    return 1;
+}
+
+unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
+{
+    unsigned char *p;
+    int i;
+    unsigned long l = 3 + DTLS1_HM_HEADER_LENGTH;
+    BUF_MEM *buf;
+
+    /* TLSv1 sends a chain with nothing in it, instead of an alert */
+    buf = s->init_buf;
+    if (!BUF_MEM_grow_clean(buf, 10)) {
+        SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN, ERR_R_BUF_LIB);
+        return (0);
+    }
+    if (x != NULL) {
+        X509_STORE_CTX xs_ctx;
+
+        if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store, x, NULL)) {
+            SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN, ERR_R_X509_LIB);
+            return (0);
+        }
+
+        X509_verify_cert(&xs_ctx);
+        /* Don't leave errors in the queue */
+        ERR_clear_error();
+        for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) {
+            x = sk_X509_value(xs_ctx.chain, i);
+
+            if (!dtls1_add_cert_to_buf(buf, &l, x)) {
+                X509_STORE_CTX_cleanup(&xs_ctx);
+                return 0;
+            }
+        }
+        X509_STORE_CTX_cleanup(&xs_ctx);
+    }
+    /* Thawte special :-) */
+    for (i = 0; i < sk_X509_num(s->ctx->extra_certs); i++) {
+        x = sk_X509_value(s->ctx->extra_certs, i);
+        if (!dtls1_add_cert_to_buf(buf, &l, x))
+            return 0;
+    }
+
+    l -= (3 + DTLS1_HM_HEADER_LENGTH);
+
+    p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
+    l2n3(l, p);
+    l += 3;
+    p = (unsigned char *)&(buf->data[0]);
+    p = dtls1_set_message_header(s, p, SSL3_MT_CERTIFICATE, l, 0, l);
+
+    l += DTLS1_HM_HEADER_LENGTH;
+    return (l);
+}
+
+int dtls1_read_failed(SSL *s, int code)
+{
+    if (code > 0) {
+        fprintf(stderr, "invalid state reached %s:%d", __FILE__, __LINE__);
+        return 1;
+    }
+
+    if (!dtls1_is_timer_expired(s)) {
+        /*
+         * not a timeout, none of our business, let higher layers handle
+         * this.  in fact it's probably an error
+         */
+        return code;
+    }
+#ifndef OPENSSL_NO_HEARTBEATS
+    /* done, no need to send a retransmit */
+    if (!SSL_in_init(s) && !s->tlsext_hb_pending)
+#else
+    /* done, no need to send a retransmit */
+    if (!SSL_in_init(s))
+#endif
+    {
+        BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ);
+        return code;
+    }
+#if 0                           /* for now, each alert contains only one
+                                 * record number */
+    item = pqueue_peek(state->rcvd_records);
+    if (item) {
+        /* send an alert immediately for all the missing records */
+    } else
+#endif
+
+#if 0                           /* no more alert sending, just retransmit the
+                                 * last set of messages */
+    if (state->timeout.read_timeouts >= DTLS1_TMO_READ_COUNT)
+        ssl3_send_alert(s, SSL3_AL_WARNING,
+                        DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
+#endif
+
+    return dtls1_handle_timeout(s);
+}
+
+int dtls1_get_queue_priority(unsigned short seq, int is_ccs)
+{
+    /*
+     * The index of the retransmission queue actually is the message sequence
+     * number, since the queue only contains messages of a single handshake.
+     * However, the ChangeCipherSpec has no message sequence number and so
+     * using only the sequence will result in the CCS and Finished having the
+     * same index. To prevent this, the sequence number is multiplied by 2.
+     * In case of a CCS 1 is subtracted. This does not only differ CSS and
+     * Finished, it also maintains the order of the index (important for
+     * priority queues) and fits in the unsigned short variable.
+     */
+    return seq * 2 - is_ccs;
+}
+
+int dtls1_retransmit_buffered_messages(SSL *s)
+{
+    pqueue sent = s->d1->sent_messages;
+    piterator iter;
+    pitem *item;
+    hm_fragment *frag;
+    int found = 0;
+
+    iter = pqueue_iterator(sent);
+
+    for (item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter)) {
+        frag = (hm_fragment *)item->data;
+        if (dtls1_retransmit_message(s, (unsigned short)
+                                     dtls1_get_queue_priority
+                                     (frag->msg_header.seq,
+                                      frag->msg_header.is_ccs), 0,
+                                     &found) <= 0 && found) {
+            fprintf(stderr, "dtls1_retransmit_message() failed\n");
+            return -1;
+        }
+    }
+
+    return 1;
+}
+
+int dtls1_buffer_message(SSL *s, int is_ccs)
+{
+    pitem *item;
+    hm_fragment *frag;
+    unsigned char seq64be[8];
+
+    /*
+     * this function is called immediately after a message has been
+     * serialized
+     */
+    OPENSSL_assert(s->init_off == 0);
+
+    frag = dtls1_hm_fragment_new(s->init_num, 0);
+    if (!frag)
+        return 0;
+
+    memcpy(frag->fragment, s->init_buf->data, s->init_num);
+
+    if (is_ccs) {
+        OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
+                       ((s->version ==
+                         DTLS1_VERSION) ? DTLS1_CCS_HEADER_LENGTH : 3) ==
+                       (unsigned int)s->init_num);
+    } else {
+        OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
+                       DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);
+    }
+
+    frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;
+    frag->msg_header.seq = s->d1->w_msg_hdr.seq;
+    frag->msg_header.type = s->d1->w_msg_hdr.type;
+    frag->msg_header.frag_off = 0;
+    frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len;
+    frag->msg_header.is_ccs = is_ccs;
+
+    /* save current state */
+    frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx;
+    frag->msg_header.saved_retransmit_state.write_hash = s->write_hash;
+    frag->msg_header.saved_retransmit_state.compress = s->compress;
+    frag->msg_header.saved_retransmit_state.session = s->session;
+    frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch;
+
+    memset(seq64be, 0, sizeof(seq64be));
+    seq64be[6] =
+        (unsigned
+         char)(dtls1_get_queue_priority(frag->msg_header.seq,
+                                        frag->msg_header.is_ccs) >> 8);
+    seq64be[7] =
+        (unsigned
+         char)(dtls1_get_queue_priority(frag->msg_header.seq,
+                                        frag->msg_header.is_ccs));
+
+    item = pitem_new(seq64be, frag);
+    if (item == NULL) {
+        dtls1_hm_fragment_free(frag);
+        return 0;
+    }
+#if 0
+    fprintf(stderr, "buffered messge: \ttype = %xx\n", msg_buf->type);
+    fprintf(stderr, "\t\t\t\t\tlen = %d\n", msg_buf->len);
+    fprintf(stderr, "\t\t\t\t\tseq_num = %d\n", msg_buf->seq_num);
+#endif
+
+    pqueue_insert(s->d1->sent_messages, item);
+    return 1;
+}
+
+int
+dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
+                         int *found)
+{
+    int ret;
+    /* XDTLS: for now assuming that read/writes are blocking */
+    pitem *item;
+    hm_fragment *frag;
+    unsigned long header_length;
+    unsigned char seq64be[8];
+    struct dtls1_retransmit_state saved_state;
+    unsigned char save_write_sequence[8];
+
+    /*-
+      OPENSSL_assert(s->init_num == 0);
+      OPENSSL_assert(s->init_off == 0);
+     */
+
+    /* XDTLS:  the requested message ought to be found, otherwise error */
+    memset(seq64be, 0, sizeof(seq64be));
+    seq64be[6] = (unsigned char)(seq >> 8);
+    seq64be[7] = (unsigned char)seq;
+
+    item = pqueue_find(s->d1->sent_messages, seq64be);
+    if (item == NULL) {
+        fprintf(stderr, "retransmit:  message %d non-existant\n", seq);
+        *found = 0;
+        return 0;
+    }
+
+    *found = 1;
+    frag = (hm_fragment *)item->data;
+
+    if (frag->msg_header.is_ccs)
+        header_length = DTLS1_CCS_HEADER_LENGTH;
+    else
+        header_length = DTLS1_HM_HEADER_LENGTH;
+
+    memcpy(s->init_buf->data, frag->fragment,
+           frag->msg_header.msg_len + header_length);
+    s->init_num = frag->msg_header.msg_len + header_length;
+
+    dtls1_set_message_header_int(s, frag->msg_header.type,
+                                 frag->msg_header.msg_len,
+                                 frag->msg_header.seq, 0,
+                                 frag->msg_header.frag_len);
+
+    /* save current state */
+    saved_state.enc_write_ctx = s->enc_write_ctx;
+    saved_state.write_hash = s->write_hash;
+    saved_state.compress = s->compress;
+    saved_state.session = s->session;
+    saved_state.epoch = s->d1->w_epoch;
+    saved_state.epoch = s->d1->w_epoch;
+
+    s->d1->retransmitting = 1;
+
+    /* restore state in which the message was originally sent */
+    s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx;
+    s->write_hash = frag->msg_header.saved_retransmit_state.write_hash;
+    s->compress = frag->msg_header.saved_retransmit_state.compress;
+    s->session = frag->msg_header.saved_retransmit_state.session;
+    s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch;
+
+    if (frag->msg_header.saved_retransmit_state.epoch ==
+        saved_state.epoch - 1) {
+        memcpy(save_write_sequence, s->s3->write_sequence,
+               sizeof(s->s3->write_sequence));
+        memcpy(s->s3->write_sequence, s->d1->last_write_sequence,
+               sizeof(s->s3->write_sequence));
+    }
+
+    ret = dtls1_do_write(s, frag->msg_header.is_ccs ?
+                         SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);
+
+    /* restore current state */
+    s->enc_write_ctx = saved_state.enc_write_ctx;
+    s->write_hash = saved_state.write_hash;
+    s->compress = saved_state.compress;
+    s->session = saved_state.session;
+    s->d1->w_epoch = saved_state.epoch;
+
+    if (frag->msg_header.saved_retransmit_state.epoch ==
+        saved_state.epoch - 1) {
+        memcpy(s->d1->last_write_sequence, s->s3->write_sequence,
+               sizeof(s->s3->write_sequence));
+        memcpy(s->s3->write_sequence, save_write_sequence,
+               sizeof(s->s3->write_sequence));
+    }
+
+    s->d1->retransmitting = 0;
+
+    (void)BIO_flush(SSL_get_wbio(s));
+    return ret;
+}
+
+unsigned char *dtls1_set_message_header(SSL *s, unsigned char *p,
+                                        unsigned char mt, unsigned long len,
+                                        unsigned long frag_off,
+                                        unsigned long frag_len)
+{
+    /* Don't change sequence numbers while listening */
+    if (frag_off == 0 && !s->d1->listen) {
+        s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
+        s->d1->next_handshake_write_seq++;
+    }
+
+    dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,
+                                 frag_off, frag_len);
+
+    return p += DTLS1_HM_HEADER_LENGTH;
+}
+
+/* don't actually do the writing, wait till the MTU has been retrieved */
+static void
+dtls1_set_message_header_int(SSL *s, unsigned char mt,
+                             unsigned long len, unsigned short seq_num,
+                             unsigned long frag_off, unsigned long frag_len)
+{
+    struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
+
+    msg_hdr->type = mt;
+    msg_hdr->msg_len = len;
+    msg_hdr->seq = seq_num;
+    msg_hdr->frag_off = frag_off;
+    msg_hdr->frag_len = frag_len;
+}
+
+static void
+dtls1_fix_message_header(SSL *s, unsigned long frag_off,
+                         unsigned long frag_len)
+{
+    struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
+
+    msg_hdr->frag_off = frag_off;
+    msg_hdr->frag_len = frag_len;
+}
+
+static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p)
+{
+    struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
+
+    *p++ = msg_hdr->type;
+    l2n3(msg_hdr->msg_len, p);
+
+    s2n(msg_hdr->seq, p);
+    l2n3(msg_hdr->frag_off, p);
+    l2n3(msg_hdr->frag_len, p);
+
+    return p;
+}
+
+unsigned int dtls1_link_min_mtu(void)
+{
+    return (g_probable_mtu[(sizeof(g_probable_mtu) /
+                            sizeof(g_probable_mtu[0])) - 1]);
+}
+
+unsigned int dtls1_min_mtu(SSL *s)
+{
+    return dtls1_link_min_mtu() - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s));
+}
+
+void
+dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
+{
+    memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
+    msg_hdr->type = *(data++);
+    n2l3(data, msg_hdr->msg_len);
+
+    n2s(data, msg_hdr->seq);
+    n2l3(data, msg_hdr->frag_off);
+    n2l3(data, msg_hdr->frag_len);
+}
+
+void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr)
+{
+    memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st));
+
+    ccs_hdr->type = *(data++);
+}
+
+int dtls1_shutdown(SSL *s)
+{
+    int ret;
+#ifndef OPENSSL_NO_SCTP
+    BIO *wbio;
+
+    wbio = SSL_get_wbio(s);
+    if (wbio != NULL && BIO_dgram_is_sctp(wbio) &&
+        !(s->shutdown & SSL_SENT_SHUTDOWN)) {
+        ret = BIO_dgram_sctp_wait_for_dry(wbio);
+        if (ret < 0)
+            return -1;
+
+        if (ret == 0)
+            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1,
+                     NULL);
+    }
+#endif
+    ret = ssl3_shutdown(s);
+#ifndef OPENSSL_NO_SCTP
+    BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 0, NULL);
+#endif
+    return ret;
+}
+
+#ifndef OPENSSL_NO_HEARTBEATS
+int dtls1_process_heartbeat(SSL *s)
+{
+    unsigned char *p = &s->s3->rrec.data[0], *pl;
+    unsigned short hbtype;
+    unsigned int payload;
+    unsigned int padding = 16;  /* Use minimum padding */
+
+    if (s->msg_callback)
+        s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
+                        &s->s3->rrec.data[0], s->s3->rrec.length,
+                        s, s->msg_callback_arg);
+
+    /* Read type and payload length first */
+    if (1 + 2 + 16 > s->s3->rrec.length)
+        return 0;               /* silently discard */
+    if (s->s3->rrec.length > SSL3_RT_MAX_PLAIN_LENGTH)
+        return 0;               /* silently discard per RFC 6520 sec. 4 */
+
+    hbtype = *p++;
+    n2s(p, payload);
+    if (1 + 2 + payload + 16 > s->s3->rrec.length)
+        return 0;               /* silently discard per RFC 6520 sec. 4 */
+    pl = p;
+
+    if (hbtype == TLS1_HB_REQUEST) {
+        unsigned char *buffer, *bp;
+        unsigned int write_length = 1 /* heartbeat type */  +
+            2 /* heartbeat length */  +
+            payload + padding;
+        int r;
+
+        if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
+            return 0;
+
+        /*
+         * Allocate memory for the response, size is 1 byte message type,
+         * plus 2 bytes payload length, plus payload, plus padding
+         */
+        buffer = OPENSSL_malloc(write_length);
+        if (buffer == NULL)
+            return -1;
+        bp = buffer;
+
+        /* Enter response type, length and copy payload */
+        *bp++ = TLS1_HB_RESPONSE;
+        s2n(payload, bp);
+        memcpy(bp, pl, payload);
+        bp += payload;
+        /* Random padding */
+        if (RAND_bytes(bp, padding) <= 0) {
+            OPENSSL_free(buffer);
+            return -1;
+        }
+
+        r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
+
+        if (r >= 0 && s->msg_callback)
+            s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
+                            buffer, write_length, s, s->msg_callback_arg);
+
+        OPENSSL_free(buffer);
+
+        if (r < 0)
+            return r;
+    } else if (hbtype == TLS1_HB_RESPONSE) {
+        unsigned int seq;
+
+        /*
+         * We only send sequence numbers (2 bytes unsigned int), and 16
+         * random bytes, so we just try to read the sequence number
+         */
+        n2s(pl, seq);
+
+        if (payload == 18 && seq == s->tlsext_hb_seq) {
+            dtls1_stop_timer(s);
+            s->tlsext_hb_seq++;
+            s->tlsext_hb_pending = 0;
+        }
+    }
+
+    return 0;
+}
+
+int dtls1_heartbeat(SSL *s)
+{
+    unsigned char *buf, *p;
+    int ret = -1;
+    unsigned int payload = 18;  /* Sequence number + random bytes */
+    unsigned int padding = 16;  /* Use minimum padding */
+
+    /* Only send if peer supports and accepts HB requests... */
+    if (!(s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) ||
+        s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS) {
+        SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT);
+        return -1;
+    }
+
+    /* ...and there is none in flight yet... */
+    if (s->tlsext_hb_pending) {
+        SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PENDING);
+        return -1;
+    }
+
+    /* ...and no handshake in progress. */
+    if (SSL_in_init(s) || s->in_handshake) {
+        SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_UNEXPECTED_MESSAGE);
+        return -1;
+    }
+
+    /*
+     * Check if padding is too long, payload and padding must not exceed 2^14
+     * - 3 = 16381 bytes in total.
+     */
+    OPENSSL_assert(payload + padding <= 16381);
+
+    /*-
+     * Create HeartBeat message, we just use a sequence number
+     * as payload to distuingish different messages and add
+     * some random stuff.
+     *  - Message Type, 1 byte
+     *  - Payload Length, 2 bytes (unsigned int)
+     *  - Payload, the sequence number (2 bytes uint)
+     *  - Payload, random bytes (16 bytes uint)
+     *  - Padding
+     */
+    buf = OPENSSL_malloc(1 + 2 + payload + padding);
+    p = buf;
+    /* Message Type */
+    *p++ = TLS1_HB_REQUEST;
+    /* Payload length (18 bytes here) */
+    s2n(payload, p);
+    /* Sequence number */
+    s2n(s->tlsext_hb_seq, p);
+    /* 16 random bytes */
+    if (RAND_bytes(p, 16) <= 0)
+        goto err;
+    p += 16;
+    /* Random padding */
+    if (RAND_bytes(p, padding) <= 0)
+        goto err;
+
+    ret = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding);
+    if (ret >= 0) {
+        if (s->msg_callback)
+            s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
+                            buf, 3 + payload + padding,
+                            s, s->msg_callback_arg);
+
+        dtls1_start_timer(s);
+        s->tlsext_hb_pending = 1;
+    }
+
+err:
+    OPENSSL_free(buf);
+
+    return ret;
+}
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/ssl/d1_clnt.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/d1_clnt.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/ssl/d1_clnt.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,1713 +0,0 @@
-/* ssl/d1_clnt.c */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_KRB5
-# include "kssl_lcl.h"
-#endif
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/md5.h>
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
-
-static const SSL_METHOD *dtls1_get_client_method(int ver);
-static int dtls1_get_hello_verify(SSL *s);
-
-static const SSL_METHOD *dtls1_get_client_method(int ver)
-{
-    if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)
-        return (DTLSv1_client_method());
-    else
-        return (NULL);
-}
-
-IMPLEMENT_dtls1_meth_func(DTLSv1_client_method,
-                          ssl_undefined_function,
-                          dtls1_connect, dtls1_get_client_method)
-
-int dtls1_connect(SSL *s)
-{
-    BUF_MEM *buf = NULL;
-    unsigned long Time = (unsigned long)time(NULL);
-    void (*cb) (const SSL *ssl, int type, int val) = NULL;
-    int ret = -1;
-    int new_state, state, skip = 0;
-#ifndef OPENSSL_NO_SCTP
-    unsigned char sctpauthkey[64];
-    char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
-#endif
-
-    RAND_add(&Time, sizeof(Time), 0);
-    ERR_clear_error();
-    clear_sys_error();
-
-    if (s->info_callback != NULL)
-        cb = s->info_callback;
-    else if (s->ctx->info_callback != NULL)
-        cb = s->ctx->info_callback;
-
-    s->in_handshake++;
-    if (!SSL_in_init(s) || SSL_in_before(s))
-        SSL_clear(s);
-
-#ifndef OPENSSL_NO_SCTP
-    /*
-     * Notify SCTP BIO socket to enter handshake mode and prevent stream
-     * identifier other than 0. Will be ignored if no SCTP is used.
-     */
-    BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
-             s->in_handshake, NULL);
-#endif
-
-#ifndef OPENSSL_NO_HEARTBEATS
-    /*
-     * If we're awaiting a HeartbeatResponse, pretend we already got and
-     * don't await it anymore, because Heartbeats don't make sense during
-     * handshakes anyway.
-     */
-    if (s->tlsext_hb_pending) {
-        dtls1_stop_timer(s);
-        s->tlsext_hb_pending = 0;
-        s->tlsext_hb_seq++;
-    }
-#endif
-
-    for (;;) {
-        state = s->state;
-
-        switch (s->state) {
-        case SSL_ST_RENEGOTIATE:
-            s->renegotiate = 1;
-            s->state = SSL_ST_CONNECT;
-            s->ctx->stats.sess_connect_renegotiate++;
-            /* break */
-        case SSL_ST_BEFORE:
-        case SSL_ST_CONNECT:
-        case SSL_ST_BEFORE | SSL_ST_CONNECT:
-        case SSL_ST_OK | SSL_ST_CONNECT:
-
-            s->server = 0;
-            if (cb != NULL)
-                cb(s, SSL_CB_HANDSHAKE_START, 1);
-
-            if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00) &&
-                (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00)) {
-                SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-
-            /* s->version=SSL3_VERSION; */
-            s->type = SSL_ST_CONNECT;
-
-            if (s->init_buf == NULL) {
-                if ((buf = BUF_MEM_new()) == NULL) {
-                    ret = -1;
-                    s->state = SSL_ST_ERR;
-                    goto end;
-                }
-                if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
-                    ret = -1;
-                    s->state = SSL_ST_ERR;
-                    goto end;
-                }
-                s->init_buf = buf;
-                buf = NULL;
-            }
-
-            if (!ssl3_setup_buffers(s)) {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-
-            /* setup buffing BIO */
-            if (!ssl_init_wbio_buffer(s, 0)) {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-
-            /* don't push the buffering BIO quite yet */
-
-            s->state = SSL3_ST_CW_CLNT_HELLO_A;
-            s->ctx->stats.sess_connect++;
-            s->init_num = 0;
-            /* mark client_random uninitialized */
-            memset(s->s3->client_random, 0, sizeof(s->s3->client_random));
-            s->d1->send_cookie = 0;
-            s->hit = 0;
-            s->d1->change_cipher_spec_ok = 0;
-            /*
-             * Should have been reset by ssl3_get_finished, too.
-             */
-            s->s3->change_cipher_spec = 0;
-            break;
-
-#ifndef OPENSSL_NO_SCTP
-        case DTLS1_SCTP_ST_CR_READ_SOCK:
-
-            if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
-                s->s3->in_read_app_data = 2;
-                s->rwstate = SSL_READING;
-                BIO_clear_retry_flags(SSL_get_rbio(s));
-                BIO_set_retry_read(SSL_get_rbio(s));
-                ret = -1;
-                goto end;
-            }
-
-            s->state = s->s3->tmp.next_state;
-            break;
-
-        case DTLS1_SCTP_ST_CW_WRITE_SOCK:
-            /* read app data until dry event */
-
-            ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
-            if (ret < 0)
-                goto end;
-
-            if (ret == 0) {
-                s->s3->in_read_app_data = 2;
-                s->rwstate = SSL_READING;
-                BIO_clear_retry_flags(SSL_get_rbio(s));
-                BIO_set_retry_read(SSL_get_rbio(s));
-                ret = -1;
-                goto end;
-            }
-
-            s->state = s->d1->next_state;
-            break;
-#endif
-
-        case SSL3_ST_CW_CLNT_HELLO_A:
-            s->shutdown = 0;
-
-            /* every DTLS ClientHello resets Finished MAC */
-            ssl3_init_finished_mac(s);
-
-        case SSL3_ST_CW_CLNT_HELLO_B:
-            dtls1_start_timer(s);
-            ret = dtls1_client_hello(s);
-            if (ret <= 0)
-                goto end;
-
-            if (s->d1->send_cookie) {
-                s->state = SSL3_ST_CW_FLUSH;
-                s->s3->tmp.next_state = SSL3_ST_CR_SRVR_HELLO_A;
-            } else
-                s->state = SSL3_ST_CR_SRVR_HELLO_A;
-
-            s->init_num = 0;
-
-#ifndef OPENSSL_NO_SCTP
-            /* Disable buffering for SCTP */
-            if (!BIO_dgram_is_sctp(SSL_get_wbio(s))) {
-#endif
-                /*
-                 * turn on buffering for the next lot of output
-                 */
-                if (s->bbio != s->wbio)
-                    s->wbio = BIO_push(s->bbio, s->wbio);
-#ifndef OPENSSL_NO_SCTP
-            }
-#endif
-
-            break;
-
-        case SSL3_ST_CR_SRVR_HELLO_A:
-        case SSL3_ST_CR_SRVR_HELLO_B:
-            ret = ssl3_get_server_hello(s);
-            if (ret <= 0)
-                goto end;
-            else {
-                if (s->hit) {
-#ifndef OPENSSL_NO_SCTP
-                    /*
-                     * Add new shared key for SCTP-Auth, will be ignored if
-                     * no SCTP used.
-                     */
-                    snprintf((char *)labelbuffer,
-                             sizeof(DTLS1_SCTP_AUTH_LABEL),
-                             DTLS1_SCTP_AUTH_LABEL);
-
-                    if (SSL_export_keying_material(s, sctpauthkey,
-                                               sizeof(sctpauthkey),
-                                               labelbuffer,
-                                               sizeof(labelbuffer), NULL, 0,
-                                               0) <= 0) {
-                        ret = -1;
-                        s->state = SSL_ST_ERR;
-                        goto end;
-                    }
-
-                    BIO_ctrl(SSL_get_wbio(s),
-                             BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
-                             sizeof(sctpauthkey), sctpauthkey);
-#endif
-
-                    s->state = SSL3_ST_CR_FINISHED_A;
-                    if (s->tlsext_ticket_expected) {
-                        /* receive renewed session ticket */
-                        s->state = SSL3_ST_CR_SESSION_TICKET_A;
-                    }
-                } else
-                    s->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
-            }
-            s->init_num = 0;
-            break;
-
-        case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
-        case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
-
-            ret = dtls1_get_hello_verify(s);
-            if (ret <= 0)
-                goto end;
-            dtls1_stop_timer(s);
-            if (s->d1->send_cookie) /* start again, with a cookie */
-                s->state = SSL3_ST_CW_CLNT_HELLO_A;
-            else
-                s->state = SSL3_ST_CR_CERT_A;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_CR_CERT_A:
-        case SSL3_ST_CR_CERT_B:
-            /* Check if it is anon DH or PSK */
-            if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
-                !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
-                ret = ssl3_get_server_certificate(s);
-                if (ret <= 0)
-                    goto end;
-#ifndef OPENSSL_NO_TLSEXT
-                if (s->tlsext_status_expected)
-                    s->state = SSL3_ST_CR_CERT_STATUS_A;
-                else
-                    s->state = SSL3_ST_CR_KEY_EXCH_A;
-            } else {
-                skip = 1;
-                s->state = SSL3_ST_CR_KEY_EXCH_A;
-            }
-#else
-            } else
-                skip = 1;
-
-            s->state = SSL3_ST_CR_KEY_EXCH_A;
-#endif
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_CR_KEY_EXCH_A:
-        case SSL3_ST_CR_KEY_EXCH_B:
-            ret = ssl3_get_key_exchange(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_CR_CERT_REQ_A;
-            s->init_num = 0;
-
-            /*
-             * at this point we check that we have the required stuff from
-             * the server
-             */
-            if (!ssl3_check_cert_and_algorithm(s)) {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-            break;
-
-        case SSL3_ST_CR_CERT_REQ_A:
-        case SSL3_ST_CR_CERT_REQ_B:
-            ret = ssl3_get_certificate_request(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_CR_SRVR_DONE_A;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_CR_SRVR_DONE_A:
-        case SSL3_ST_CR_SRVR_DONE_B:
-            ret = ssl3_get_server_done(s);
-            if (ret <= 0)
-                goto end;
-            dtls1_stop_timer(s);
-            if (s->s3->tmp.cert_req)
-                s->s3->tmp.next_state = SSL3_ST_CW_CERT_A;
-            else
-                s->s3->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A;
-            s->init_num = 0;
-
-#ifndef OPENSSL_NO_SCTP
-            if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
-                state == SSL_ST_RENEGOTIATE)
-                s->state = DTLS1_SCTP_ST_CR_READ_SOCK;
-            else
-#endif
-                s->state = s->s3->tmp.next_state;
-            break;
-
-        case SSL3_ST_CW_CERT_A:
-        case SSL3_ST_CW_CERT_B:
-        case SSL3_ST_CW_CERT_C:
-        case SSL3_ST_CW_CERT_D:
-            dtls1_start_timer(s);
-            ret = dtls1_send_client_certificate(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_CW_KEY_EXCH_A;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_CW_KEY_EXCH_A:
-        case SSL3_ST_CW_KEY_EXCH_B:
-            dtls1_start_timer(s);
-            ret = dtls1_send_client_key_exchange(s);
-            if (ret <= 0)
-                goto end;
-
-#ifndef OPENSSL_NO_SCTP
-            /*
-             * Add new shared key for SCTP-Auth, will be ignored if no SCTP
-             * used.
-             */
-            snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
-                     DTLS1_SCTP_AUTH_LABEL);
-
-            if (SSL_export_keying_material(s, sctpauthkey,
-                                       sizeof(sctpauthkey), labelbuffer,
-                                       sizeof(labelbuffer), NULL, 0, 0) <= 0) {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-
-            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
-                     sizeof(sctpauthkey), sctpauthkey);
-#endif
-
-            /*
-             * EAY EAY EAY need to check for DH fix cert sent back
-             */
-            /*
-             * For TLS, cert_req is set to 2, so a cert chain of nothing is
-             * sent, but no verify packet is sent
-             */
-            if (s->s3->tmp.cert_req == 1) {
-                s->state = SSL3_ST_CW_CERT_VRFY_A;
-            } else {
-#ifndef OPENSSL_NO_SCTP
-                if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
-                    s->d1->next_state = SSL3_ST_CW_CHANGE_A;
-                    s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
-                } else
-#endif
-                    s->state = SSL3_ST_CW_CHANGE_A;
-            }
-
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_CW_CERT_VRFY_A:
-        case SSL3_ST_CW_CERT_VRFY_B:
-            dtls1_start_timer(s);
-            ret = dtls1_send_client_verify(s);
-            if (ret <= 0)
-                goto end;
-#ifndef OPENSSL_NO_SCTP
-            if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
-                s->d1->next_state = SSL3_ST_CW_CHANGE_A;
-                s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
-            } else
-#endif
-                s->state = SSL3_ST_CW_CHANGE_A;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_CW_CHANGE_A:
-        case SSL3_ST_CW_CHANGE_B:
-            if (!s->hit)
-                dtls1_start_timer(s);
-            ret = dtls1_send_change_cipher_spec(s,
-                                                SSL3_ST_CW_CHANGE_A,
-                                                SSL3_ST_CW_CHANGE_B);
-            if (ret <= 0)
-                goto end;
-
-            s->state = SSL3_ST_CW_FINISHED_A;
-            s->init_num = 0;
-
-            s->session->cipher = s->s3->tmp.new_cipher;
-#ifdef OPENSSL_NO_COMP
-            s->session->compress_meth = 0;
-#else
-            if (s->s3->tmp.new_compression == NULL)
-                s->session->compress_meth = 0;
-            else
-                s->session->compress_meth = s->s3->tmp.new_compression->id;
-#endif
-            if (!s->method->ssl3_enc->setup_key_block(s)) {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-
-            if (!s->method->ssl3_enc->change_cipher_state(s,
-                                                          SSL3_CHANGE_CIPHER_CLIENT_WRITE))
-            {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-#ifndef OPENSSL_NO_SCTP
-            if (s->hit) {
-                /*
-                 * Change to new shared key of SCTP-Auth, will be ignored if
-                 * no SCTP used.
-                 */
-                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY,
-                         0, NULL);
-            }
-#endif
-
-            dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
-            break;
-
-        case SSL3_ST_CW_FINISHED_A:
-        case SSL3_ST_CW_FINISHED_B:
-            if (!s->hit)
-                dtls1_start_timer(s);
-            ret = dtls1_send_finished(s,
-                                      SSL3_ST_CW_FINISHED_A,
-                                      SSL3_ST_CW_FINISHED_B,
-                                      s->method->
-                                      ssl3_enc->client_finished_label,
-                                      s->method->
-                                      ssl3_enc->client_finished_label_len);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_CW_FLUSH;
-
-            /* clear flags */
-            s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
-            if (s->hit) {
-                s->s3->tmp.next_state = SSL_ST_OK;
-#ifndef OPENSSL_NO_SCTP
-                if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
-                    s->d1->next_state = s->s3->tmp.next_state;
-                    s->s3->tmp.next_state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
-                }
-#endif
-                if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
-                    s->state = SSL_ST_OK;
-#ifndef OPENSSL_NO_SCTP
-                    if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
-                        s->d1->next_state = SSL_ST_OK;
-                        s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
-                    }
-#endif
-                    s->s3->flags |= SSL3_FLAGS_POP_BUFFER;
-                    s->s3->delay_buf_pop_ret = 0;
-                }
-            } else {
-#ifndef OPENSSL_NO_SCTP
-                /*
-                 * Change to new shared key of SCTP-Auth, will be ignored if
-                 * no SCTP used.
-                 */
-                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY,
-                         0, NULL);
-#endif
-
-#ifndef OPENSSL_NO_TLSEXT
-                /*
-                 * Allow NewSessionTicket if ticket expected
-                 */
-                if (s->tlsext_ticket_expected)
-                    s->s3->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A;
-                else
-#endif
-
-                    s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A;
-            }
-            s->init_num = 0;
-            break;
-
-#ifndef OPENSSL_NO_TLSEXT
-        case SSL3_ST_CR_SESSION_TICKET_A:
-        case SSL3_ST_CR_SESSION_TICKET_B:
-            ret = ssl3_get_new_session_ticket(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_CR_FINISHED_A;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_CR_CERT_STATUS_A:
-        case SSL3_ST_CR_CERT_STATUS_B:
-            ret = ssl3_get_cert_status(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_CR_KEY_EXCH_A;
-            s->init_num = 0;
-            break;
-#endif
-
-        case SSL3_ST_CR_FINISHED_A:
-        case SSL3_ST_CR_FINISHED_B:
-            s->d1->change_cipher_spec_ok = 1;
-            ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A,
-                                    SSL3_ST_CR_FINISHED_B);
-            if (ret <= 0)
-                goto end;
-            dtls1_stop_timer(s);
-
-            if (s->hit)
-                s->state = SSL3_ST_CW_CHANGE_A;
-            else
-                s->state = SSL_ST_OK;
-
-#ifndef OPENSSL_NO_SCTP
-            if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
-                state == SSL_ST_RENEGOTIATE) {
-                s->d1->next_state = s->state;
-                s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
-            }
-#endif
-
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_CW_FLUSH:
-            s->rwstate = SSL_WRITING;
-            if (BIO_flush(s->wbio) <= 0) {
-                /*
-                 * If the write error was fatal, stop trying
-                 */
-                if (!BIO_should_retry(s->wbio)) {
-                    s->rwstate = SSL_NOTHING;
-                    s->state = s->s3->tmp.next_state;
-                }
-
-                ret = -1;
-                goto end;
-            }
-            s->rwstate = SSL_NOTHING;
-            s->state = s->s3->tmp.next_state;
-            break;
-
-        case SSL_ST_OK:
-            /* clean a few things up */
-            ssl3_cleanup_key_block(s);
-
-#if 0
-            if (s->init_buf != NULL) {
-                BUF_MEM_free(s->init_buf);
-                s->init_buf = NULL;
-            }
-#endif
-
-            /*
-             * If we are not 'joining' the last two packets, remove the
-             * buffering now
-             */
-            if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
-                ssl_free_wbio_buffer(s);
-            /* else do it later in ssl3_write */
-
-            s->init_num = 0;
-            s->renegotiate = 0;
-            s->new_session = 0;
-
-            ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
-            if (s->hit)
-                s->ctx->stats.sess_hit++;
-
-            ret = 1;
-            /* s->server=0; */
-            s->handshake_func = dtls1_connect;
-            s->ctx->stats.sess_connect_good++;
-
-            if (cb != NULL)
-                cb(s, SSL_CB_HANDSHAKE_DONE, 1);
-
-            /* done with handshaking */
-            s->d1->handshake_read_seq = 0;
-            s->d1->next_handshake_write_seq = 0;
-            goto end;
-            /* break; */
-
-        case SSL_ST_ERR:
-        default:
-            SSLerr(SSL_F_DTLS1_CONNECT, SSL_R_UNKNOWN_STATE);
-            ret = -1;
-            goto end;
-            /* break; */
-        }
-
-        /* did we do anything */
-        if (!s->s3->tmp.reuse_message && !skip) {
-            if (s->debug) {
-                if ((ret = BIO_flush(s->wbio)) <= 0)
-                    goto end;
-            }
-
-            if ((cb != NULL) && (s->state != state)) {
-                new_state = s->state;
-                s->state = state;
-                cb(s, SSL_CB_CONNECT_LOOP, 1);
-                s->state = new_state;
-            }
-        }
-        skip = 0;
-    }
- end:
-    s->in_handshake--;
-
-#ifndef OPENSSL_NO_SCTP
-    /*
-     * Notify SCTP BIO socket to leave handshake mode and allow stream
-     * identifier other than 0. Will be ignored if no SCTP is used.
-     */
-    BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
-             s->in_handshake, NULL);
-#endif
-
-    if (buf != NULL)
-        BUF_MEM_free(buf);
-    if (cb != NULL)
-        cb(s, SSL_CB_CONNECT_EXIT, ret);
-    return (ret);
-}
-
-int dtls1_client_hello(SSL *s)
-{
-    unsigned char *buf;
-    unsigned char *p, *d;
-    unsigned int i, j;
-    unsigned long l;
-    SSL_COMP *comp;
-
-    buf = (unsigned char *)s->init_buf->data;
-    if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
-        SSL_SESSION *sess = s->session;
-        if ((s->session == NULL) || (s->session->ssl_version != s->version) ||
-#ifdef OPENSSL_NO_TLSEXT
-            !sess->session_id_length ||
-#else
-            (!sess->session_id_length && !sess->tlsext_tick) ||
-#endif
-            (s->session->not_resumable)) {
-            if (!ssl_get_new_session(s, 0))
-                goto err;
-        }
-        /* else use the pre-loaded session */
-
-        p = s->s3->client_random;
-
-        /*
-         * if client_random is initialized, reuse it, we are required to use
-         * same upon reply to HelloVerify
-         */
-        for (i = 0; p[i] == '\0' && i < sizeof(s->s3->client_random); i++) ;
-        if (i == sizeof(s->s3->client_random))
-            ssl_fill_hello_random(s, 0, p, sizeof(s->s3->client_random));
-
-        /* Do the message type and length last */
-        d = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
-
-        *(p++) = s->version >> 8;
-        *(p++) = s->version & 0xff;
-        s->client_version = s->version;
-
-        /* Random stuff */
-        memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
-        p += SSL3_RANDOM_SIZE;
-
-        /* Session ID */
-        if (s->new_session)
-            i = 0;
-        else
-            i = s->session->session_id_length;
-        *(p++) = i;
-        if (i != 0) {
-            if (i > sizeof s->session->session_id) {
-                SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-            memcpy(p, s->session->session_id, i);
-            p += i;
-        }
-
-        /* cookie stuff */
-        if (s->d1->cookie_len > sizeof(s->d1->cookie)) {
-            SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
-            goto err;
-        }
-        *(p++) = s->d1->cookie_len;
-        memcpy(p, s->d1->cookie, s->d1->cookie_len);
-        p += s->d1->cookie_len;
-
-        /* Ciphers supported */
-        i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0);
-        if (i == 0) {
-            SSLerr(SSL_F_DTLS1_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
-            goto err;
-        }
-        s2n(i, p);
-        p += i;
-
-        /* COMPRESSION */
-        if (s->ctx->comp_methods == NULL)
-            j = 0;
-        else
-            j = sk_SSL_COMP_num(s->ctx->comp_methods);
-        *(p++) = 1 + j;
-        for (i = 0; i < j; i++) {
-            comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
-            *(p++) = comp->id;
-        }
-        *(p++) = 0;             /* Add the NULL method */
-
-#ifndef OPENSSL_NO_TLSEXT
-        /* TLS extensions */
-        if (ssl_prepare_clienthello_tlsext(s) <= 0) {
-            SSLerr(SSL_F_DTLS1_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
-            goto err;
-        }
-        if ((p =
-             ssl_add_clienthello_tlsext(s, p,
-                                        buf + SSL3_RT_MAX_PLAIN_LENGTH)) ==
-            NULL) {
-            SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
-            goto err;
-        }
-#endif
-
-        l = (p - d);
-        d = buf;
-
-        d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_HELLO, l, 0, l);
-
-        s->state = SSL3_ST_CW_CLNT_HELLO_B;
-        /* number of bytes to write */
-        s->init_num = p - buf;
-        s->init_off = 0;
-
-        /* buffer the message to handle re-xmits */
-        dtls1_buffer_message(s, 0);
-    }
-
-    /* SSL3_ST_CW_CLNT_HELLO_B */
-    return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
- err:
-    return (-1);
-}
-
-static int dtls1_get_hello_verify(SSL *s)
-{
-    int n, al, ok = 0;
-    unsigned char *data;
-    unsigned int cookie_len;
-
-    n = s->method->ssl_get_message(s,
-                                   DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
-                                   DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B,
-                                   -1, s->max_cert_list, &ok);
-
-    if (!ok)
-        return ((int)n);
-
-    if (s->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
-        s->d1->send_cookie = 0;
-        s->s3->tmp.reuse_message = 1;
-        return (1);
-    }
-
-    data = (unsigned char *)s->init_msg;
-
-    if ((data[0] != (s->version >> 8)) || (data[1] != (s->version & 0xff))) {
-        SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY, SSL_R_WRONG_SSL_VERSION);
-        s->version = (s->version & 0xff00) | data[1];
-        al = SSL_AD_PROTOCOL_VERSION;
-        goto f_err;
-    }
-    data += 2;
-
-    cookie_len = *(data++);
-    if (cookie_len > sizeof(s->d1->cookie)) {
-        al = SSL_AD_ILLEGAL_PARAMETER;
-        goto f_err;
-    }
-
-    memcpy(s->d1->cookie, data, cookie_len);
-    s->d1->cookie_len = cookie_len;
-
-    s->d1->send_cookie = 1;
-    return 1;
-
- f_err:
-    ssl3_send_alert(s, SSL3_AL_FATAL, al);
-    s->state = SSL_ST_ERR;
-    return -1;
-}
-
-int dtls1_send_client_key_exchange(SSL *s)
-{
-    unsigned char *p, *d;
-    int n;
-    unsigned long alg_k;
-#ifndef OPENSSL_NO_RSA
-    unsigned char *q;
-    EVP_PKEY *pkey = NULL;
-#endif
-#ifndef OPENSSL_NO_KRB5
-    KSSL_ERR kssl_err;
-#endif                          /* OPENSSL_NO_KRB5 */
-#ifndef OPENSSL_NO_ECDH
-    EC_KEY *clnt_ecdh = NULL;
-    const EC_POINT *srvr_ecpoint = NULL;
-    EVP_PKEY *srvr_pub_pkey = NULL;
-    unsigned char *encodedPoint = NULL;
-    int encoded_pt_len = 0;
-    BN_CTX *bn_ctx = NULL;
-#endif
-
-    if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
-        d = (unsigned char *)s->init_buf->data;
-        p = &(d[DTLS1_HM_HEADER_LENGTH]);
-
-        alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-
-        /* Fool emacs indentation */
-        if (0) {
-        }
-#ifndef OPENSSL_NO_RSA
-        else if (alg_k & SSL_kRSA) {
-            RSA *rsa;
-            unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
-
-            if (s->session->sess_cert == NULL) {
-                /*
-                 * We should always have a server certificate with SSL_kRSA.
-                 */
-                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
-                       ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-
-            if (s->session->sess_cert->peer_rsa_tmp != NULL)
-                rsa = s->session->sess_cert->peer_rsa_tmp;
-            else {
-                pkey =
-                    X509_get_pubkey(s->session->
-                                    sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].
-                                    x509);
-                if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA)
-                    || (pkey->pkey.rsa == NULL)) {
-                    SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
-                           ERR_R_INTERNAL_ERROR);
-                    goto err;
-                }
-                rsa = pkey->pkey.rsa;
-                EVP_PKEY_free(pkey);
-            }
-
-            tmp_buf[0] = s->client_version >> 8;
-            tmp_buf[1] = s->client_version & 0xff;
-            if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0)
-                goto err;
-
-            s->session->master_key_length = sizeof tmp_buf;
-
-            q = p;
-            /* Fix buf for TLS and [incidentally] DTLS */
-            if (s->version > SSL3_VERSION)
-                p += 2;
-            n = RSA_public_encrypt(sizeof tmp_buf,
-                                   tmp_buf, p, rsa, RSA_PKCS1_PADDING);
-# ifdef PKCS1_CHECK
-            if (s->options & SSL_OP_PKCS1_CHECK_1)
-                p[1]++;
-            if (s->options & SSL_OP_PKCS1_CHECK_2)
-                tmp_buf[0] = 0x70;
-# endif
-            if (n <= 0) {
-                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
-                       SSL_R_BAD_RSA_ENCRYPT);
-                goto err;
-            }
-
-            /* Fix buf for TLS and [incidentally] DTLS */
-            if (s->version > SSL3_VERSION) {
-                s2n(n, q);
-                n += 2;
-            }
-
-            s->session->master_key_length =
-                s->method->ssl3_enc->generate_master_secret(s,
-                                                            s->
-                                                            session->master_key,
-                                                            tmp_buf,
-                                                            sizeof tmp_buf);
-            OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
-        }
-#endif
-#ifndef OPENSSL_NO_KRB5
-        else if (alg_k & SSL_kKRB5) {
-            krb5_error_code krb5rc;
-            KSSL_CTX *kssl_ctx = s->kssl_ctx;
-            /*  krb5_data   krb5_ap_req;  */
-            krb5_data *enc_ticket;
-            krb5_data authenticator, *authp = NULL;
-            EVP_CIPHER_CTX ciph_ctx;
-            const EVP_CIPHER *enc = NULL;
-            unsigned char iv[EVP_MAX_IV_LENGTH];
-            unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
-            unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH + EVP_MAX_IV_LENGTH];
-            int padl, outl = sizeof(epms);
-
-            EVP_CIPHER_CTX_init(&ciph_ctx);
-
-# ifdef KSSL_DEBUG
-            printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
-                   alg_k, SSL_kKRB5);
-# endif                         /* KSSL_DEBUG */
-
-            authp = NULL;
-# ifdef KRB5SENDAUTH
-            if (KRB5SENDAUTH)
-                authp = &authenticator;
-# endif                         /* KRB5SENDAUTH */
-
-            krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, &kssl_err);
-            enc = kssl_map_enc(kssl_ctx->enctype);
-            if (enc == NULL)
-                goto err;
-# ifdef KSSL_DEBUG
-            {
-                printf("kssl_cget_tkt rtn %d\n", krb5rc);
-                if (krb5rc && kssl_err.text)
-                    printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
-            }
-# endif                         /* KSSL_DEBUG */
-
-            if (krb5rc) {
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
-                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, kssl_err.reason);
-                goto err;
-            }
-
-            /*-
-             *   20010406 VRS - Earlier versions used KRB5 AP_REQ
-            **  in place of RFC 2712 KerberosWrapper, as in:
-            **
-            **  Send ticket (copy to *p, set n = length)
-            **  n = krb5_ap_req.length;
-            **  memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
-            **  if (krb5_ap_req.data)
-            **    kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
-            **
-            **  Now using real RFC 2712 KerberosWrapper
-            **  (Thanks to Simon Wilkinson <sxw at sxw.org.uk>)
-            **  Note: 2712 "opaque" types are here replaced
-            **  with a 2-byte length followed by the value.
-            **  Example:
-            **  KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms
-            **  Where "xx xx" = length bytes.  Shown here with
-            **  optional authenticator omitted.
-            */
-
-            /*  KerberosWrapper.Ticket              */
-            s2n(enc_ticket->length, p);
-            memcpy(p, enc_ticket->data, enc_ticket->length);
-            p += enc_ticket->length;
-            n = enc_ticket->length + 2;
-
-            /*  KerberosWrapper.Authenticator       */
-            if (authp && authp->length) {
-                s2n(authp->length, p);
-                memcpy(p, authp->data, authp->length);
-                p += authp->length;
-                n += authp->length + 2;
-
-                free(authp->data);
-                authp->data = NULL;
-                authp->length = 0;
-            } else {
-                s2n(0, p);      /* null authenticator length */
-                n += 2;
-            }
-
-            if (RAND_bytes(tmp_buf, sizeof tmp_buf) <= 0)
-                goto err;
-
-            /*-
-             *  20010420 VRS.  Tried it this way; failed.
-             *      EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
-             *      EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
-             *                              kssl_ctx->length);
-             *      EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
-             */
-
-            memset(iv, 0, sizeof iv); /* per RFC 1510 */
-            EVP_EncryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv);
-            EVP_EncryptUpdate(&ciph_ctx, epms, &outl, tmp_buf,
-                              sizeof tmp_buf);
-            EVP_EncryptFinal_ex(&ciph_ctx, &(epms[outl]), &padl);
-            outl += padl;
-            if (outl > (int)sizeof epms) {
-                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
-                       ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-            EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-
-            /*  KerberosWrapper.EncryptedPreMasterSecret    */
-            s2n(outl, p);
-            memcpy(p, epms, outl);
-            p += outl;
-            n += outl + 2;
-
-            s->session->master_key_length =
-                s->method->ssl3_enc->generate_master_secret(s,
-                                                            s->
-                                                            session->master_key,
-                                                            tmp_buf,
-                                                            sizeof tmp_buf);
-
-            OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
-            OPENSSL_cleanse(epms, outl);
-        }
-#endif
-#ifndef OPENSSL_NO_DH
-        else if (alg_k & (SSL_kEDH | SSL_kDHr | SSL_kDHd)) {
-            DH *dh_srvr, *dh_clnt;
-
-            if (s->session->sess_cert == NULL) {
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
-                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
-                       SSL_R_UNEXPECTED_MESSAGE);
-                goto err;
-            }
-
-            if (s->session->sess_cert->peer_dh_tmp != NULL)
-                dh_srvr = s->session->sess_cert->peer_dh_tmp;
-            else {
-                /* we get them from the cert */
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
-                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
-                       SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
-                goto err;
-            }
-
-            /* generate a new random key */
-            if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) {
-                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
-                goto err;
-            }
-            if (!DH_generate_key(dh_clnt)) {
-                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
-                goto err;
-            }
-
-            /*
-             * use the 'p' output buffer for the DH key, but make sure to
-             * clear it out afterwards
-             */
-
-            n = DH_compute_key(p, dh_srvr->pub_key, dh_clnt);
-
-            if (n <= 0) {
-                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
-                goto err;
-            }
-
-            /* generate master key from the result */
-            s->session->master_key_length =
-                s->method->ssl3_enc->generate_master_secret(s,
-                                                            s->
-                                                            session->master_key,
-                                                            p, n);
-            /* clean up */
-            memset(p, 0, n);
-
-            /* send off the data */
-            n = BN_num_bytes(dh_clnt->pub_key);
-            s2n(n, p);
-            BN_bn2bin(dh_clnt->pub_key, p);
-            n += 2;
-
-            DH_free(dh_clnt);
-
-            /* perhaps clean things up a bit EAY EAY EAY EAY */
-        }
-#endif
-#ifndef OPENSSL_NO_ECDH
-        else if (alg_k & (SSL_kEECDH | SSL_kECDHr | SSL_kECDHe)) {
-            const EC_GROUP *srvr_group = NULL;
-            EC_KEY *tkey;
-            int ecdh_clnt_cert = 0;
-            int field_size = 0;
-
-            if (s->session->sess_cert == NULL) {
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
-                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
-                       SSL_R_UNEXPECTED_MESSAGE);
-                goto err;
-            }
-
-            /*
-             * Did we send out the client's ECDH share for use in premaster
-             * computation as part of client certificate? If so, set
-             * ecdh_clnt_cert to 1.
-             */
-            if ((alg_k & (SSL_kECDHr | SSL_kECDHe)) && (s->cert != NULL)) {
-                /*
-                 * XXX: For now, we do not support client authentication
-                 * using ECDH certificates. To add such support, one needs to
-                 * add code that checks for appropriate conditions and sets
-                 * ecdh_clnt_cert to 1. For example, the cert have an ECC key
-                 * on the same curve as the server's and the key should be
-                 * authorized for key agreement. One also needs to add code
-                 * in ssl3_connect to skip sending the certificate verify
-                 * message. if ((s->cert->key->privatekey != NULL) &&
-                 * (s->cert->key->privatekey->type == EVP_PKEY_EC) && ...)
-                 * ecdh_clnt_cert = 1;
-                 */
-            }
-
-            if (s->session->sess_cert->peer_ecdh_tmp != NULL) {
-                tkey = s->session->sess_cert->peer_ecdh_tmp;
-            } else {
-                /* Get the Server Public Key from Cert */
-                srvr_pub_pkey =
-                    X509_get_pubkey(s->session->
-                                    sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
-                if ((srvr_pub_pkey == NULL)
-                    || (srvr_pub_pkey->type != EVP_PKEY_EC)
-                    || (srvr_pub_pkey->pkey.ec == NULL)) {
-                    SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
-                           ERR_R_INTERNAL_ERROR);
-                    goto err;
-                }
-
-                tkey = srvr_pub_pkey->pkey.ec;
-            }
-
-            srvr_group = EC_KEY_get0_group(tkey);
-            srvr_ecpoint = EC_KEY_get0_public_key(tkey);
-
-            if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) {
-                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
-                       ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-
-            if ((clnt_ecdh = EC_KEY_new()) == NULL) {
-                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
-                       ERR_R_MALLOC_FAILURE);
-                goto err;
-            }
-
-            if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) {
-                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
-                goto err;
-            }
-            if (ecdh_clnt_cert) {
-                /*
-                 * Reuse key info from our certificate We only need our
-                 * private key to perform the ECDH computation.
-                 */
-                const BIGNUM *priv_key;
-                tkey = s->cert->key->privatekey->pkey.ec;
-                priv_key = EC_KEY_get0_private_key(tkey);
-                if (priv_key == NULL) {
-                    SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
-                           ERR_R_MALLOC_FAILURE);
-                    goto err;
-                }
-                if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) {
-                    SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
-                           ERR_R_EC_LIB);
-                    goto err;
-                }
-            } else {
-                /* Generate a new ECDH key pair */
-                if (!(EC_KEY_generate_key(clnt_ecdh))) {
-                    SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
-                           ERR_R_ECDH_LIB);
-                    goto err;
-                }
-            }
-
-            /*
-             * use the 'p' output buffer for the ECDH key, but make sure to
-             * clear it out afterwards
-             */
-
-            field_size = EC_GROUP_get_degree(srvr_group);
-            if (field_size <= 0) {
-                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
-                goto err;
-            }
-            n = ECDH_compute_key(p, (field_size + 7) / 8, srvr_ecpoint,
-                                 clnt_ecdh, NULL);
-            if (n <= 0) {
-                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
-                goto err;
-            }
-
-            /* generate master key from the result */
-            s->session->master_key_length =
-                s->method->ssl3_enc->generate_master_secret(s,
-                                                            s->
-                                                            session->master_key,
-                                                            p, n);
-
-            memset(p, 0, n);    /* clean up */
-
-            if (ecdh_clnt_cert) {
-                /* Send empty client key exch message */
-                n = 0;
-            } else {
-                /*
-                 * First check the size of encoding and allocate memory
-                 * accordingly.
-                 */
-                encoded_pt_len =
-                    EC_POINT_point2oct(srvr_group,
-                                       EC_KEY_get0_public_key(clnt_ecdh),
-                                       POINT_CONVERSION_UNCOMPRESSED,
-                                       NULL, 0, NULL);
-
-                encodedPoint = (unsigned char *)
-                    OPENSSL_malloc(encoded_pt_len * sizeof(unsigned char));
-                bn_ctx = BN_CTX_new();
-                if ((encodedPoint == NULL) || (bn_ctx == NULL)) {
-                    SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
-                           ERR_R_MALLOC_FAILURE);
-                    goto err;
-                }
-
-                /* Encode the public key */
-                n = EC_POINT_point2oct(srvr_group,
-                                       EC_KEY_get0_public_key(clnt_ecdh),
-                                       POINT_CONVERSION_UNCOMPRESSED,
-                                       encodedPoint, encoded_pt_len, bn_ctx);
-
-                *p = n;         /* length of encoded point */
-                /* Encoded point will be copied here */
-                p += 1;
-                /* copy the point */
-                memcpy((unsigned char *)p, encodedPoint, n);
-                /* increment n to account for length field */
-                n += 1;
-            }
-
-            /* Free allocated memory */
-            BN_CTX_free(bn_ctx);
-            if (encodedPoint != NULL)
-                OPENSSL_free(encodedPoint);
-            if (clnt_ecdh != NULL)
-                EC_KEY_free(clnt_ecdh);
-            EVP_PKEY_free(srvr_pub_pkey);
-        }
-#endif                          /* !OPENSSL_NO_ECDH */
-
-#ifndef OPENSSL_NO_PSK
-        else if (alg_k & SSL_kPSK) {
-            char identity[PSK_MAX_IDENTITY_LEN];
-            unsigned char *t = NULL;
-            unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN * 2 + 4];
-            unsigned int pre_ms_len = 0, psk_len = 0;
-            int psk_err = 1;
-
-            n = 0;
-            if (s->psk_client_callback == NULL) {
-                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
-                       SSL_R_PSK_NO_CLIENT_CB);
-                goto err;
-            }
-
-            psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint,
-                                             identity, PSK_MAX_IDENTITY_LEN,
-                                             psk_or_pre_ms,
-                                             sizeof(psk_or_pre_ms));
-            if (psk_len > PSK_MAX_PSK_LEN) {
-                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
-                       ERR_R_INTERNAL_ERROR);
-                goto psk_err;
-            } else if (psk_len == 0) {
-                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
-                       SSL_R_PSK_IDENTITY_NOT_FOUND);
-                goto psk_err;
-            }
-
-            /* create PSK pre_master_secret */
-            pre_ms_len = 2 + psk_len + 2 + psk_len;
-            t = psk_or_pre_ms;
-            memmove(psk_or_pre_ms + psk_len + 4, psk_or_pre_ms, psk_len);
-            s2n(psk_len, t);
-            memset(t, 0, psk_len);
-            t += psk_len;
-            s2n(psk_len, t);
-
-            if (s->session->psk_identity_hint != NULL)
-                OPENSSL_free(s->session->psk_identity_hint);
-            s->session->psk_identity_hint =
-                BUF_strdup(s->ctx->psk_identity_hint);
-            if (s->ctx->psk_identity_hint != NULL
-                && s->session->psk_identity_hint == NULL) {
-                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
-                       ERR_R_MALLOC_FAILURE);
-                goto psk_err;
-            }
-
-            if (s->session->psk_identity != NULL)
-                OPENSSL_free(s->session->psk_identity);
-            s->session->psk_identity = BUF_strdup(identity);
-            if (s->session->psk_identity == NULL) {
-                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
-                       ERR_R_MALLOC_FAILURE);
-                goto psk_err;
-            }
-
-            s->session->master_key_length =
-                s->method->ssl3_enc->generate_master_secret(s,
-                                                            s->
-                                                            session->master_key,
-                                                            psk_or_pre_ms,
-                                                            pre_ms_len);
-            n = strlen(identity);
-            s2n(n, p);
-            memcpy(p, identity, n);
-            n += 2;
-            psk_err = 0;
- psk_err:
-            OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN);
-            OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
-            if (psk_err != 0) {
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
-                goto err;
-            }
-        }
-#endif
-        else {
-            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
-            SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
-                   ERR_R_INTERNAL_ERROR);
-            goto err;
-        }
-
-        d = dtls1_set_message_header(s, d,
-                                     SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n);
-        /*-
-         *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
-         l2n3(n,d);
-         l2n(s->d1->handshake_write_seq,d);
-         s->d1->handshake_write_seq++;
-        */
-
-        s->state = SSL3_ST_CW_KEY_EXCH_B;
-        /* number of bytes to write */
-        s->init_num = n + DTLS1_HM_HEADER_LENGTH;
-        s->init_off = 0;
-
-        /* buffer the message to handle re-xmits */
-        dtls1_buffer_message(s, 0);
-    }
-
-    /* SSL3_ST_CW_KEY_EXCH_B */
-    return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
- err:
-#ifndef OPENSSL_NO_ECDH
-    BN_CTX_free(bn_ctx);
-    if (encodedPoint != NULL)
-        OPENSSL_free(encodedPoint);
-    if (clnt_ecdh != NULL)
-        EC_KEY_free(clnt_ecdh);
-    EVP_PKEY_free(srvr_pub_pkey);
-#endif
-    return (-1);
-}
-
-int dtls1_send_client_verify(SSL *s)
-{
-    unsigned char *p, *d;
-    unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
-    EVP_PKEY *pkey;
-#ifndef OPENSSL_NO_RSA
-    unsigned u = 0;
-#endif
-    unsigned long n;
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
-    int j;
-#endif
-
-    if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
-        d = (unsigned char *)s->init_buf->data;
-        p = &(d[DTLS1_HM_HEADER_LENGTH]);
-        pkey = s->cert->key->privatekey;
-
-        s->method->ssl3_enc->cert_verify_mac(s,
-                                             NID_sha1,
-                                             &(data[MD5_DIGEST_LENGTH]));
-
-#ifndef OPENSSL_NO_RSA
-        if (pkey->type == EVP_PKEY_RSA) {
-            s->method->ssl3_enc->cert_verify_mac(s, NID_md5, &(data[0]));
-            if (RSA_sign(NID_md5_sha1, data,
-                         MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
-                         &(p[2]), &u, pkey->pkey.rsa) <= 0) {
-                SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_RSA_LIB);
-                goto err;
-            }
-            s2n(u, p);
-            n = u + 2;
-        } else
-#endif
-#ifndef OPENSSL_NO_DSA
-        if (pkey->type == EVP_PKEY_DSA) {
-            if (!DSA_sign(pkey->save_type,
-                          &(data[MD5_DIGEST_LENGTH]),
-                          SHA_DIGEST_LENGTH, &(p[2]),
-                          (unsigned int *)&j, pkey->pkey.dsa)) {
-                SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_DSA_LIB);
-                goto err;
-            }
-            s2n(j, p);
-            n = j + 2;
-        } else
-#endif
-#ifndef OPENSSL_NO_ECDSA
-        if (pkey->type == EVP_PKEY_EC) {
-            if (!ECDSA_sign(pkey->save_type,
-                            &(data[MD5_DIGEST_LENGTH]),
-                            SHA_DIGEST_LENGTH, &(p[2]),
-                            (unsigned int *)&j, pkey->pkey.ec)) {
-                SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_ECDSA_LIB);
-                goto err;
-            }
-            s2n(j, p);
-            n = j + 2;
-        } else
-#endif
-        {
-            SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
-            goto err;
-        }
-
-        d = dtls1_set_message_header(s, d,
-                                     SSL3_MT_CERTIFICATE_VERIFY, n, 0, n);
-
-        s->init_num = (int)n + DTLS1_HM_HEADER_LENGTH;
-        s->init_off = 0;
-
-        /* buffer the message to handle re-xmits */
-        dtls1_buffer_message(s, 0);
-
-        s->state = SSL3_ST_CW_CERT_VRFY_B;
-    }
-
-    /* s->state = SSL3_ST_CW_CERT_VRFY_B */
-    return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
- err:
-    return (-1);
-}
-
-int dtls1_send_client_certificate(SSL *s)
-{
-    X509 *x509 = NULL;
-    EVP_PKEY *pkey = NULL;
-    int i;
-    unsigned long l;
-
-    if (s->state == SSL3_ST_CW_CERT_A) {
-        if ((s->cert == NULL) ||
-            (s->cert->key->x509 == NULL) ||
-            (s->cert->key->privatekey == NULL))
-            s->state = SSL3_ST_CW_CERT_B;
-        else
-            s->state = SSL3_ST_CW_CERT_C;
-    }
-
-    /* We need to get a client cert */
-    if (s->state == SSL3_ST_CW_CERT_B) {
-        /*
-         * If we get an error, we need to ssl->rwstate=SSL_X509_LOOKUP;
-         * return(-1); We then get retied later
-         */
-        i = 0;
-        i = ssl_do_client_cert_cb(s, &x509, &pkey);
-        if (i < 0) {
-            s->rwstate = SSL_X509_LOOKUP;
-            return (-1);
-        }
-        s->rwstate = SSL_NOTHING;
-        if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
-            s->state = SSL3_ST_CW_CERT_B;
-            if (!SSL_use_certificate(s, x509) || !SSL_use_PrivateKey(s, pkey))
-                i = 0;
-        } else if (i == 1) {
-            i = 0;
-            SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE,
-                   SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
-        }
-
-        if (x509 != NULL)
-            X509_free(x509);
-        if (pkey != NULL)
-            EVP_PKEY_free(pkey);
-        if (i == 0) {
-            if (s->version == SSL3_VERSION) {
-                s->s3->tmp.cert_req = 0;
-                ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_CERTIFICATE);
-                return (1);
-            } else {
-                s->s3->tmp.cert_req = 2;
-            }
-        }
-
-        /* Ok, we have a cert */
-        s->state = SSL3_ST_CW_CERT_C;
-    }
-
-    if (s->state == SSL3_ST_CW_CERT_C) {
-        s->state = SSL3_ST_CW_CERT_D;
-        l = dtls1_output_cert_chain(s,
-                                    (s->s3->tmp.cert_req ==
-                                     2) ? NULL : s->cert->key->x509);
-        if (!l) {
-            SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR);
-            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
-            return 0;
-        }
-        s->init_num = (int)l;
-        s->init_off = 0;
-
-        /* set header called by dtls1_output_cert_chain() */
-
-        /* buffer the message to handle re-xmits */
-        dtls1_buffer_message(s, 0);
-    }
-    /* SSL3_ST_CW_CERT_D */
-    return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
-}

Copied: vendor-crypto/openssl/1.0.1u/ssl/d1_clnt.c (from rev 11605, vendor-crypto/openssl/dist/ssl/d1_clnt.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/ssl/d1_clnt.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/ssl/d1_clnt.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,1714 @@
+/* ssl/d1_clnt.c */
+/*
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#ifndef OPENSSL_NO_KRB5
+# include "kssl_lcl.h"
+#endif
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/md5.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+
+static const SSL_METHOD *dtls1_get_client_method(int ver);
+static int dtls1_get_hello_verify(SSL *s);
+
+static const SSL_METHOD *dtls1_get_client_method(int ver)
+{
+    if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)
+        return (DTLSv1_client_method());
+    else
+        return (NULL);
+}
+
+IMPLEMENT_dtls1_meth_func(DTLSv1_client_method,
+                          ssl_undefined_function,
+                          dtls1_connect, dtls1_get_client_method)
+
+int dtls1_connect(SSL *s)
+{
+    BUF_MEM *buf = NULL;
+    unsigned long Time = (unsigned long)time(NULL);
+    void (*cb) (const SSL *ssl, int type, int val) = NULL;
+    int ret = -1;
+    int new_state, state, skip = 0;
+#ifndef OPENSSL_NO_SCTP
+    unsigned char sctpauthkey[64];
+    char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
+#endif
+
+    RAND_add(&Time, sizeof(Time), 0);
+    ERR_clear_error();
+    clear_sys_error();
+
+    if (s->info_callback != NULL)
+        cb = s->info_callback;
+    else if (s->ctx->info_callback != NULL)
+        cb = s->ctx->info_callback;
+
+    s->in_handshake++;
+    if (!SSL_in_init(s) || SSL_in_before(s))
+        SSL_clear(s);
+
+#ifndef OPENSSL_NO_SCTP
+    /*
+     * Notify SCTP BIO socket to enter handshake mode and prevent stream
+     * identifier other than 0. Will be ignored if no SCTP is used.
+     */
+    BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
+             s->in_handshake, NULL);
+#endif
+
+#ifndef OPENSSL_NO_HEARTBEATS
+    /*
+     * If we're awaiting a HeartbeatResponse, pretend we already got and
+     * don't await it anymore, because Heartbeats don't make sense during
+     * handshakes anyway.
+     */
+    if (s->tlsext_hb_pending) {
+        dtls1_stop_timer(s);
+        s->tlsext_hb_pending = 0;
+        s->tlsext_hb_seq++;
+    }
+#endif
+
+    for (;;) {
+        state = s->state;
+
+        switch (s->state) {
+        case SSL_ST_RENEGOTIATE:
+            s->renegotiate = 1;
+            s->state = SSL_ST_CONNECT;
+            s->ctx->stats.sess_connect_renegotiate++;
+            /* break */
+        case SSL_ST_BEFORE:
+        case SSL_ST_CONNECT:
+        case SSL_ST_BEFORE | SSL_ST_CONNECT:
+        case SSL_ST_OK | SSL_ST_CONNECT:
+
+            s->server = 0;
+            if (cb != NULL)
+                cb(s, SSL_CB_HANDSHAKE_START, 1);
+
+            if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00) &&
+                (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00)) {
+                SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
+                ret = -1;
+                s->state = SSL_ST_ERR;
+                goto end;
+            }
+
+            /* s->version=SSL3_VERSION; */
+            s->type = SSL_ST_CONNECT;
+
+            if (s->init_buf == NULL) {
+                if ((buf = BUF_MEM_new()) == NULL) {
+                    ret = -1;
+                    s->state = SSL_ST_ERR;
+                    goto end;
+                }
+                if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
+                    ret = -1;
+                    s->state = SSL_ST_ERR;
+                    goto end;
+                }
+                s->init_buf = buf;
+                buf = NULL;
+            }
+
+            if (!ssl3_setup_buffers(s)) {
+                ret = -1;
+                s->state = SSL_ST_ERR;
+                goto end;
+            }
+
+            /* setup buffing BIO */
+            if (!ssl_init_wbio_buffer(s, 0)) {
+                ret = -1;
+                s->state = SSL_ST_ERR;
+                goto end;
+            }
+
+            /* don't push the buffering BIO quite yet */
+
+            s->state = SSL3_ST_CW_CLNT_HELLO_A;
+            s->ctx->stats.sess_connect++;
+            s->init_num = 0;
+            /* mark client_random uninitialized */
+            memset(s->s3->client_random, 0, sizeof(s->s3->client_random));
+            s->d1->send_cookie = 0;
+            s->hit = 0;
+            s->d1->change_cipher_spec_ok = 0;
+            /*
+             * Should have been reset by ssl3_get_finished, too.
+             */
+            s->s3->change_cipher_spec = 0;
+            break;
+
+#ifndef OPENSSL_NO_SCTP
+        case DTLS1_SCTP_ST_CR_READ_SOCK:
+
+            if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
+                s->s3->in_read_app_data = 2;
+                s->rwstate = SSL_READING;
+                BIO_clear_retry_flags(SSL_get_rbio(s));
+                BIO_set_retry_read(SSL_get_rbio(s));
+                ret = -1;
+                goto end;
+            }
+
+            s->state = s->s3->tmp.next_state;
+            break;
+
+        case DTLS1_SCTP_ST_CW_WRITE_SOCK:
+            /* read app data until dry event */
+
+            ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
+            if (ret < 0)
+                goto end;
+
+            if (ret == 0) {
+                s->s3->in_read_app_data = 2;
+                s->rwstate = SSL_READING;
+                BIO_clear_retry_flags(SSL_get_rbio(s));
+                BIO_set_retry_read(SSL_get_rbio(s));
+                ret = -1;
+                goto end;
+            }
+
+            s->state = s->d1->next_state;
+            break;
+#endif
+
+        case SSL3_ST_CW_CLNT_HELLO_A:
+            s->shutdown = 0;
+
+            /* every DTLS ClientHello resets Finished MAC */
+            ssl3_init_finished_mac(s);
+
+        case SSL3_ST_CW_CLNT_HELLO_B:
+            dtls1_start_timer(s);
+            ret = dtls1_client_hello(s);
+            if (ret <= 0)
+                goto end;
+
+            if (s->d1->send_cookie) {
+                s->state = SSL3_ST_CW_FLUSH;
+                s->s3->tmp.next_state = SSL3_ST_CR_SRVR_HELLO_A;
+            } else
+                s->state = SSL3_ST_CR_SRVR_HELLO_A;
+
+            s->init_num = 0;
+
+#ifndef OPENSSL_NO_SCTP
+            /* Disable buffering for SCTP */
+            if (!BIO_dgram_is_sctp(SSL_get_wbio(s))) {
+#endif
+                /*
+                 * turn on buffering for the next lot of output
+                 */
+                if (s->bbio != s->wbio)
+                    s->wbio = BIO_push(s->bbio, s->wbio);
+#ifndef OPENSSL_NO_SCTP
+            }
+#endif
+
+            break;
+
+        case SSL3_ST_CR_SRVR_HELLO_A:
+        case SSL3_ST_CR_SRVR_HELLO_B:
+            ret = ssl3_get_server_hello(s);
+            if (ret <= 0)
+                goto end;
+            else {
+                if (s->hit) {
+#ifndef OPENSSL_NO_SCTP
+                    /*
+                     * Add new shared key for SCTP-Auth, will be ignored if
+                     * no SCTP used.
+                     */
+                    snprintf((char *)labelbuffer,
+                             sizeof(DTLS1_SCTP_AUTH_LABEL),
+                             DTLS1_SCTP_AUTH_LABEL);
+
+                    if (SSL_export_keying_material(s, sctpauthkey,
+                                               sizeof(sctpauthkey),
+                                               labelbuffer,
+                                               sizeof(labelbuffer), NULL, 0,
+                                               0) <= 0) {
+                        ret = -1;
+                        s->state = SSL_ST_ERR;
+                        goto end;
+                    }
+
+                    BIO_ctrl(SSL_get_wbio(s),
+                             BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
+                             sizeof(sctpauthkey), sctpauthkey);
+#endif
+
+                    s->state = SSL3_ST_CR_FINISHED_A;
+                    if (s->tlsext_ticket_expected) {
+                        /* receive renewed session ticket */
+                        s->state = SSL3_ST_CR_SESSION_TICKET_A;
+                    }
+                } else
+                    s->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
+            }
+            s->init_num = 0;
+            break;
+
+        case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
+        case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
+
+            ret = dtls1_get_hello_verify(s);
+            if (ret <= 0)
+                goto end;
+            dtls1_stop_timer(s);
+            if (s->d1->send_cookie) /* start again, with a cookie */
+                s->state = SSL3_ST_CW_CLNT_HELLO_A;
+            else
+                s->state = SSL3_ST_CR_CERT_A;
+            s->init_num = 0;
+            break;
+
+        case SSL3_ST_CR_CERT_A:
+        case SSL3_ST_CR_CERT_B:
+            /* Check if it is anon DH or PSK */
+            if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
+                !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
+                ret = ssl3_get_server_certificate(s);
+                if (ret <= 0)
+                    goto end;
+#ifndef OPENSSL_NO_TLSEXT
+                if (s->tlsext_status_expected)
+                    s->state = SSL3_ST_CR_CERT_STATUS_A;
+                else
+                    s->state = SSL3_ST_CR_KEY_EXCH_A;
+            } else {
+                skip = 1;
+                s->state = SSL3_ST_CR_KEY_EXCH_A;
+            }
+#else
+            } else
+                skip = 1;
+
+            s->state = SSL3_ST_CR_KEY_EXCH_A;
+#endif
+            s->init_num = 0;
+            break;
+
+        case SSL3_ST_CR_KEY_EXCH_A:
+        case SSL3_ST_CR_KEY_EXCH_B:
+            ret = ssl3_get_key_exchange(s);
+            if (ret <= 0)
+                goto end;
+            s->state = SSL3_ST_CR_CERT_REQ_A;
+            s->init_num = 0;
+
+            /*
+             * at this point we check that we have the required stuff from
+             * the server
+             */
+            if (!ssl3_check_cert_and_algorithm(s)) {
+                ret = -1;
+                s->state = SSL_ST_ERR;
+                goto end;
+            }
+            break;
+
+        case SSL3_ST_CR_CERT_REQ_A:
+        case SSL3_ST_CR_CERT_REQ_B:
+            ret = ssl3_get_certificate_request(s);
+            if (ret <= 0)
+                goto end;
+            s->state = SSL3_ST_CR_SRVR_DONE_A;
+            s->init_num = 0;
+            break;
+
+        case SSL3_ST_CR_SRVR_DONE_A:
+        case SSL3_ST_CR_SRVR_DONE_B:
+            ret = ssl3_get_server_done(s);
+            if (ret <= 0)
+                goto end;
+            dtls1_stop_timer(s);
+            if (s->s3->tmp.cert_req)
+                s->s3->tmp.next_state = SSL3_ST_CW_CERT_A;
+            else
+                s->s3->tmp.next_state = SSL3_ST_CW_KEY_EXCH_A;
+            s->init_num = 0;
+
+#ifndef OPENSSL_NO_SCTP
+            if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
+                state == SSL_ST_RENEGOTIATE)
+                s->state = DTLS1_SCTP_ST_CR_READ_SOCK;
+            else
+#endif
+                s->state = s->s3->tmp.next_state;
+            break;
+
+        case SSL3_ST_CW_CERT_A:
+        case SSL3_ST_CW_CERT_B:
+        case SSL3_ST_CW_CERT_C:
+        case SSL3_ST_CW_CERT_D:
+            dtls1_start_timer(s);
+            ret = dtls1_send_client_certificate(s);
+            if (ret <= 0)
+                goto end;
+            s->state = SSL3_ST_CW_KEY_EXCH_A;
+            s->init_num = 0;
+            break;
+
+        case SSL3_ST_CW_KEY_EXCH_A:
+        case SSL3_ST_CW_KEY_EXCH_B:
+            dtls1_start_timer(s);
+            ret = dtls1_send_client_key_exchange(s);
+            if (ret <= 0)
+                goto end;
+
+#ifndef OPENSSL_NO_SCTP
+            /*
+             * Add new shared key for SCTP-Auth, will be ignored if no SCTP
+             * used.
+             */
+            snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
+                     DTLS1_SCTP_AUTH_LABEL);
+
+            if (SSL_export_keying_material(s, sctpauthkey,
+                                       sizeof(sctpauthkey), labelbuffer,
+                                       sizeof(labelbuffer), NULL, 0, 0) <= 0) {
+                ret = -1;
+                s->state = SSL_ST_ERR;
+                goto end;
+            }
+
+            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
+                     sizeof(sctpauthkey), sctpauthkey);
+#endif
+
+            /*
+             * EAY EAY EAY need to check for DH fix cert sent back
+             */
+            /*
+             * For TLS, cert_req is set to 2, so a cert chain of nothing is
+             * sent, but no verify packet is sent
+             */
+            if (s->s3->tmp.cert_req == 1) {
+                s->state = SSL3_ST_CW_CERT_VRFY_A;
+            } else {
+#ifndef OPENSSL_NO_SCTP
+                if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
+                    s->d1->next_state = SSL3_ST_CW_CHANGE_A;
+                    s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
+                } else
+#endif
+                    s->state = SSL3_ST_CW_CHANGE_A;
+            }
+
+            s->init_num = 0;
+            break;
+
+        case SSL3_ST_CW_CERT_VRFY_A:
+        case SSL3_ST_CW_CERT_VRFY_B:
+            dtls1_start_timer(s);
+            ret = dtls1_send_client_verify(s);
+            if (ret <= 0)
+                goto end;
+#ifndef OPENSSL_NO_SCTP
+            if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
+                s->d1->next_state = SSL3_ST_CW_CHANGE_A;
+                s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
+            } else
+#endif
+                s->state = SSL3_ST_CW_CHANGE_A;
+            s->init_num = 0;
+            break;
+
+        case SSL3_ST_CW_CHANGE_A:
+        case SSL3_ST_CW_CHANGE_B:
+            if (!s->hit)
+                dtls1_start_timer(s);
+            ret = dtls1_send_change_cipher_spec(s,
+                                                SSL3_ST_CW_CHANGE_A,
+                                                SSL3_ST_CW_CHANGE_B);
+            if (ret <= 0)
+                goto end;
+
+            s->state = SSL3_ST_CW_FINISHED_A;
+            s->init_num = 0;
+
+            s->session->cipher = s->s3->tmp.new_cipher;
+#ifdef OPENSSL_NO_COMP
+            s->session->compress_meth = 0;
+#else
+            if (s->s3->tmp.new_compression == NULL)
+                s->session->compress_meth = 0;
+            else
+                s->session->compress_meth = s->s3->tmp.new_compression->id;
+#endif
+            if (!s->method->ssl3_enc->setup_key_block(s)) {
+                ret = -1;
+                s->state = SSL_ST_ERR;
+                goto end;
+            }
+
+            if (!s->method->ssl3_enc->change_cipher_state(s,
+                                                          SSL3_CHANGE_CIPHER_CLIENT_WRITE))
+            {
+                ret = -1;
+                s->state = SSL_ST_ERR;
+                goto end;
+            }
+#ifndef OPENSSL_NO_SCTP
+            if (s->hit) {
+                /*
+                 * Change to new shared key of SCTP-Auth, will be ignored if
+                 * no SCTP used.
+                 */
+                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY,
+                         0, NULL);
+            }
+#endif
+
+            dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
+            break;
+
+        case SSL3_ST_CW_FINISHED_A:
+        case SSL3_ST_CW_FINISHED_B:
+            if (!s->hit)
+                dtls1_start_timer(s);
+            ret = dtls1_send_finished(s,
+                                      SSL3_ST_CW_FINISHED_A,
+                                      SSL3_ST_CW_FINISHED_B,
+                                      s->method->
+                                      ssl3_enc->client_finished_label,
+                                      s->method->
+                                      ssl3_enc->client_finished_label_len);
+            if (ret <= 0)
+                goto end;
+            s->state = SSL3_ST_CW_FLUSH;
+
+            /* clear flags */
+            s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
+            if (s->hit) {
+                s->s3->tmp.next_state = SSL_ST_OK;
+#ifndef OPENSSL_NO_SCTP
+                if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
+                    s->d1->next_state = s->s3->tmp.next_state;
+                    s->s3->tmp.next_state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
+                }
+#endif
+                if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
+                    s->state = SSL_ST_OK;
+#ifndef OPENSSL_NO_SCTP
+                    if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
+                        s->d1->next_state = SSL_ST_OK;
+                        s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
+                    }
+#endif
+                    s->s3->flags |= SSL3_FLAGS_POP_BUFFER;
+                    s->s3->delay_buf_pop_ret = 0;
+                }
+            } else {
+#ifndef OPENSSL_NO_SCTP
+                /*
+                 * Change to new shared key of SCTP-Auth, will be ignored if
+                 * no SCTP used.
+                 */
+                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY,
+                         0, NULL);
+#endif
+
+#ifndef OPENSSL_NO_TLSEXT
+                /*
+                 * Allow NewSessionTicket if ticket expected
+                 */
+                if (s->tlsext_ticket_expected)
+                    s->s3->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A;
+                else
+#endif
+
+                    s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A;
+            }
+            s->init_num = 0;
+            break;
+
+#ifndef OPENSSL_NO_TLSEXT
+        case SSL3_ST_CR_SESSION_TICKET_A:
+        case SSL3_ST_CR_SESSION_TICKET_B:
+            ret = ssl3_get_new_session_ticket(s);
+            if (ret <= 0)
+                goto end;
+            s->state = SSL3_ST_CR_FINISHED_A;
+            s->init_num = 0;
+            break;
+
+        case SSL3_ST_CR_CERT_STATUS_A:
+        case SSL3_ST_CR_CERT_STATUS_B:
+            ret = ssl3_get_cert_status(s);
+            if (ret <= 0)
+                goto end;
+            s->state = SSL3_ST_CR_KEY_EXCH_A;
+            s->init_num = 0;
+            break;
+#endif
+
+        case SSL3_ST_CR_FINISHED_A:
+        case SSL3_ST_CR_FINISHED_B:
+            s->d1->change_cipher_spec_ok = 1;
+            ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A,
+                                    SSL3_ST_CR_FINISHED_B);
+            if (ret <= 0)
+                goto end;
+            dtls1_stop_timer(s);
+
+            if (s->hit)
+                s->state = SSL3_ST_CW_CHANGE_A;
+            else
+                s->state = SSL_ST_OK;
+
+#ifndef OPENSSL_NO_SCTP
+            if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
+                state == SSL_ST_RENEGOTIATE) {
+                s->d1->next_state = s->state;
+                s->state = DTLS1_SCTP_ST_CW_WRITE_SOCK;
+            }
+#endif
+
+            s->init_num = 0;
+            break;
+
+        case SSL3_ST_CW_FLUSH:
+            s->rwstate = SSL_WRITING;
+            if (BIO_flush(s->wbio) <= 0) {
+                /*
+                 * If the write error was fatal, stop trying
+                 */
+                if (!BIO_should_retry(s->wbio)) {
+                    s->rwstate = SSL_NOTHING;
+                    s->state = s->s3->tmp.next_state;
+                }
+
+                ret = -1;
+                goto end;
+            }
+            s->rwstate = SSL_NOTHING;
+            s->state = s->s3->tmp.next_state;
+            break;
+
+        case SSL_ST_OK:
+            /* clean a few things up */
+            ssl3_cleanup_key_block(s);
+
+#if 0
+            if (s->init_buf != NULL) {
+                BUF_MEM_free(s->init_buf);
+                s->init_buf = NULL;
+            }
+#endif
+
+            /*
+             * If we are not 'joining' the last two packets, remove the
+             * buffering now
+             */
+            if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
+                ssl_free_wbio_buffer(s);
+            /* else do it later in ssl3_write */
+
+            s->init_num = 0;
+            s->renegotiate = 0;
+            s->new_session = 0;
+
+            ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
+            if (s->hit)
+                s->ctx->stats.sess_hit++;
+
+            ret = 1;
+            /* s->server=0; */
+            s->handshake_func = dtls1_connect;
+            s->ctx->stats.sess_connect_good++;
+
+            if (cb != NULL)
+                cb(s, SSL_CB_HANDSHAKE_DONE, 1);
+
+            /* done with handshaking */
+            s->d1->handshake_read_seq = 0;
+            s->d1->next_handshake_write_seq = 0;
+            dtls1_clear_received_buffer(s);
+            goto end;
+            /* break; */
+
+        case SSL_ST_ERR:
+        default:
+            SSLerr(SSL_F_DTLS1_CONNECT, SSL_R_UNKNOWN_STATE);
+            ret = -1;
+            goto end;
+            /* break; */
+        }
+
+        /* did we do anything */
+        if (!s->s3->tmp.reuse_message && !skip) {
+            if (s->debug) {
+                if ((ret = BIO_flush(s->wbio)) <= 0)
+                    goto end;
+            }
+
+            if ((cb != NULL) && (s->state != state)) {
+                new_state = s->state;
+                s->state = state;
+                cb(s, SSL_CB_CONNECT_LOOP, 1);
+                s->state = new_state;
+            }
+        }
+        skip = 0;
+    }
+ end:
+    s->in_handshake--;
+
+#ifndef OPENSSL_NO_SCTP
+    /*
+     * Notify SCTP BIO socket to leave handshake mode and allow stream
+     * identifier other than 0. Will be ignored if no SCTP is used.
+     */
+    BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
+             s->in_handshake, NULL);
+#endif
+
+    if (buf != NULL)
+        BUF_MEM_free(buf);
+    if (cb != NULL)
+        cb(s, SSL_CB_CONNECT_EXIT, ret);
+    return (ret);
+}
+
+int dtls1_client_hello(SSL *s)
+{
+    unsigned char *buf;
+    unsigned char *p, *d;
+    unsigned int i, j;
+    unsigned long l;
+    SSL_COMP *comp;
+
+    buf = (unsigned char *)s->init_buf->data;
+    if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
+        SSL_SESSION *sess = s->session;
+        if ((s->session == NULL) || (s->session->ssl_version != s->version) ||
+#ifdef OPENSSL_NO_TLSEXT
+            !sess->session_id_length ||
+#else
+            (!sess->session_id_length && !sess->tlsext_tick) ||
+#endif
+            (s->session->not_resumable)) {
+            if (!ssl_get_new_session(s, 0))
+                goto err;
+        }
+        /* else use the pre-loaded session */
+
+        p = s->s3->client_random;
+
+        /*
+         * if client_random is initialized, reuse it, we are required to use
+         * same upon reply to HelloVerify
+         */
+        for (i = 0; p[i] == '\0' && i < sizeof(s->s3->client_random); i++) ;
+        if (i == sizeof(s->s3->client_random))
+            ssl_fill_hello_random(s, 0, p, sizeof(s->s3->client_random));
+
+        /* Do the message type and length last */
+        d = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
+
+        *(p++) = s->version >> 8;
+        *(p++) = s->version & 0xff;
+        s->client_version = s->version;
+
+        /* Random stuff */
+        memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
+        p += SSL3_RANDOM_SIZE;
+
+        /* Session ID */
+        if (s->new_session)
+            i = 0;
+        else
+            i = s->session->session_id_length;
+        *(p++) = i;
+        if (i != 0) {
+            if (i > sizeof s->session->session_id) {
+                SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            memcpy(p, s->session->session_id, i);
+            p += i;
+        }
+
+        /* cookie stuff */
+        if (s->d1->cookie_len > sizeof(s->d1->cookie)) {
+            SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        *(p++) = s->d1->cookie_len;
+        memcpy(p, s->d1->cookie, s->d1->cookie_len);
+        p += s->d1->cookie_len;
+
+        /* Ciphers supported */
+        i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0);
+        if (i == 0) {
+            SSLerr(SSL_F_DTLS1_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
+            goto err;
+        }
+        s2n(i, p);
+        p += i;
+
+        /* COMPRESSION */
+        if (s->ctx->comp_methods == NULL)
+            j = 0;
+        else
+            j = sk_SSL_COMP_num(s->ctx->comp_methods);
+        *(p++) = 1 + j;
+        for (i = 0; i < j; i++) {
+            comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
+            *(p++) = comp->id;
+        }
+        *(p++) = 0;             /* Add the NULL method */
+
+#ifndef OPENSSL_NO_TLSEXT
+        /* TLS extensions */
+        if (ssl_prepare_clienthello_tlsext(s) <= 0) {
+            SSLerr(SSL_F_DTLS1_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
+            goto err;
+        }
+        if ((p =
+             ssl_add_clienthello_tlsext(s, p,
+                                        buf + SSL3_RT_MAX_PLAIN_LENGTH)) ==
+            NULL) {
+            SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+#endif
+
+        l = (p - d);
+        d = buf;
+
+        d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_HELLO, l, 0, l);
+
+        s->state = SSL3_ST_CW_CLNT_HELLO_B;
+        /* number of bytes to write */
+        s->init_num = p - buf;
+        s->init_off = 0;
+
+        /* buffer the message to handle re-xmits */
+        dtls1_buffer_message(s, 0);
+    }
+
+    /* SSL3_ST_CW_CLNT_HELLO_B */
+    return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+ err:
+    return (-1);
+}
+
+static int dtls1_get_hello_verify(SSL *s)
+{
+    int n, al, ok = 0;
+    unsigned char *data;
+    unsigned int cookie_len;
+
+    n = s->method->ssl_get_message(s,
+                                   DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
+                                   DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B,
+                                   -1, s->max_cert_list, &ok);
+
+    if (!ok)
+        return ((int)n);
+
+    if (s->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
+        s->d1->send_cookie = 0;
+        s->s3->tmp.reuse_message = 1;
+        return (1);
+    }
+
+    data = (unsigned char *)s->init_msg;
+
+    if ((data[0] != (s->version >> 8)) || (data[1] != (s->version & 0xff))) {
+        SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY, SSL_R_WRONG_SSL_VERSION);
+        s->version = (s->version & 0xff00) | data[1];
+        al = SSL_AD_PROTOCOL_VERSION;
+        goto f_err;
+    }
+    data += 2;
+
+    cookie_len = *(data++);
+    if (cookie_len > sizeof(s->d1->cookie)) {
+        al = SSL_AD_ILLEGAL_PARAMETER;
+        goto f_err;
+    }
+
+    memcpy(s->d1->cookie, data, cookie_len);
+    s->d1->cookie_len = cookie_len;
+
+    s->d1->send_cookie = 1;
+    return 1;
+
+ f_err:
+    ssl3_send_alert(s, SSL3_AL_FATAL, al);
+    s->state = SSL_ST_ERR;
+    return -1;
+}
+
+int dtls1_send_client_key_exchange(SSL *s)
+{
+    unsigned char *p, *d;
+    int n;
+    unsigned long alg_k;
+#ifndef OPENSSL_NO_RSA
+    unsigned char *q;
+    EVP_PKEY *pkey = NULL;
+#endif
+#ifndef OPENSSL_NO_KRB5
+    KSSL_ERR kssl_err;
+#endif                          /* OPENSSL_NO_KRB5 */
+#ifndef OPENSSL_NO_ECDH
+    EC_KEY *clnt_ecdh = NULL;
+    const EC_POINT *srvr_ecpoint = NULL;
+    EVP_PKEY *srvr_pub_pkey = NULL;
+    unsigned char *encodedPoint = NULL;
+    int encoded_pt_len = 0;
+    BN_CTX *bn_ctx = NULL;
+#endif
+
+    if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
+        d = (unsigned char *)s->init_buf->data;
+        p = &(d[DTLS1_HM_HEADER_LENGTH]);
+
+        alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+
+        /* Fool emacs indentation */
+        if (0) {
+        }
+#ifndef OPENSSL_NO_RSA
+        else if (alg_k & SSL_kRSA) {
+            RSA *rsa;
+            unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
+
+            if (s->session->sess_cert == NULL) {
+                /*
+                 * We should always have a server certificate with SSL_kRSA.
+                 */
+                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
+                       ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+
+            if (s->session->sess_cert->peer_rsa_tmp != NULL)
+                rsa = s->session->sess_cert->peer_rsa_tmp;
+            else {
+                pkey =
+                    X509_get_pubkey(s->session->
+                                    sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].
+                                    x509);
+                if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA)
+                    || (pkey->pkey.rsa == NULL)) {
+                    SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
+                           ERR_R_INTERNAL_ERROR);
+                    goto err;
+                }
+                rsa = pkey->pkey.rsa;
+                EVP_PKEY_free(pkey);
+            }
+
+            tmp_buf[0] = s->client_version >> 8;
+            tmp_buf[1] = s->client_version & 0xff;
+            if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0)
+                goto err;
+
+            s->session->master_key_length = sizeof tmp_buf;
+
+            q = p;
+            /* Fix buf for TLS and [incidentally] DTLS */
+            if (s->version > SSL3_VERSION)
+                p += 2;
+            n = RSA_public_encrypt(sizeof tmp_buf,
+                                   tmp_buf, p, rsa, RSA_PKCS1_PADDING);
+# ifdef PKCS1_CHECK
+            if (s->options & SSL_OP_PKCS1_CHECK_1)
+                p[1]++;
+            if (s->options & SSL_OP_PKCS1_CHECK_2)
+                tmp_buf[0] = 0x70;
+# endif
+            if (n <= 0) {
+                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
+                       SSL_R_BAD_RSA_ENCRYPT);
+                goto err;
+            }
+
+            /* Fix buf for TLS and [incidentally] DTLS */
+            if (s->version > SSL3_VERSION) {
+                s2n(n, q);
+                n += 2;
+            }
+
+            s->session->master_key_length =
+                s->method->ssl3_enc->generate_master_secret(s,
+                                                            s->
+                                                            session->master_key,
+                                                            tmp_buf,
+                                                            sizeof tmp_buf);
+            OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
+        }
+#endif
+#ifndef OPENSSL_NO_KRB5
+        else if (alg_k & SSL_kKRB5) {
+            krb5_error_code krb5rc;
+            KSSL_CTX *kssl_ctx = s->kssl_ctx;
+            /*  krb5_data   krb5_ap_req;  */
+            krb5_data *enc_ticket;
+            krb5_data authenticator, *authp = NULL;
+            EVP_CIPHER_CTX ciph_ctx;
+            const EVP_CIPHER *enc = NULL;
+            unsigned char iv[EVP_MAX_IV_LENGTH];
+            unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
+            unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH + EVP_MAX_IV_LENGTH];
+            int padl, outl = sizeof(epms);
+
+            EVP_CIPHER_CTX_init(&ciph_ctx);
+
+# ifdef KSSL_DEBUG
+            printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
+                   alg_k, SSL_kKRB5);
+# endif                         /* KSSL_DEBUG */
+
+            authp = NULL;
+# ifdef KRB5SENDAUTH
+            if (KRB5SENDAUTH)
+                authp = &authenticator;
+# endif                         /* KRB5SENDAUTH */
+
+            krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, &kssl_err);
+            enc = kssl_map_enc(kssl_ctx->enctype);
+            if (enc == NULL)
+                goto err;
+# ifdef KSSL_DEBUG
+            {
+                printf("kssl_cget_tkt rtn %d\n", krb5rc);
+                if (krb5rc && kssl_err.text)
+                    printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
+            }
+# endif                         /* KSSL_DEBUG */
+
+            if (krb5rc) {
+                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, kssl_err.reason);
+                goto err;
+            }
+
+            /*-
+             *   20010406 VRS - Earlier versions used KRB5 AP_REQ
+            **  in place of RFC 2712 KerberosWrapper, as in:
+            **
+            **  Send ticket (copy to *p, set n = length)
+            **  n = krb5_ap_req.length;
+            **  memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
+            **  if (krb5_ap_req.data)
+            **    kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
+            **
+            **  Now using real RFC 2712 KerberosWrapper
+            **  (Thanks to Simon Wilkinson <sxw at sxw.org.uk>)
+            **  Note: 2712 "opaque" types are here replaced
+            **  with a 2-byte length followed by the value.
+            **  Example:
+            **  KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms
+            **  Where "xx xx" = length bytes.  Shown here with
+            **  optional authenticator omitted.
+            */
+
+            /*  KerberosWrapper.Ticket              */
+            s2n(enc_ticket->length, p);
+            memcpy(p, enc_ticket->data, enc_ticket->length);
+            p += enc_ticket->length;
+            n = enc_ticket->length + 2;
+
+            /*  KerberosWrapper.Authenticator       */
+            if (authp && authp->length) {
+                s2n(authp->length, p);
+                memcpy(p, authp->data, authp->length);
+                p += authp->length;
+                n += authp->length + 2;
+
+                free(authp->data);
+                authp->data = NULL;
+                authp->length = 0;
+            } else {
+                s2n(0, p);      /* null authenticator length */
+                n += 2;
+            }
+
+            if (RAND_bytes(tmp_buf, sizeof tmp_buf) <= 0)
+                goto err;
+
+            /*-
+             *  20010420 VRS.  Tried it this way; failed.
+             *      EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
+             *      EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
+             *                              kssl_ctx->length);
+             *      EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
+             */
+
+            memset(iv, 0, sizeof iv); /* per RFC 1510 */
+            EVP_EncryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv);
+            EVP_EncryptUpdate(&ciph_ctx, epms, &outl, tmp_buf,
+                              sizeof tmp_buf);
+            EVP_EncryptFinal_ex(&ciph_ctx, &(epms[outl]), &padl);
+            outl += padl;
+            if (outl > (int)sizeof epms) {
+                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
+                       ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            EVP_CIPHER_CTX_cleanup(&ciph_ctx);
+
+            /*  KerberosWrapper.EncryptedPreMasterSecret    */
+            s2n(outl, p);
+            memcpy(p, epms, outl);
+            p += outl;
+            n += outl + 2;
+
+            s->session->master_key_length =
+                s->method->ssl3_enc->generate_master_secret(s,
+                                                            s->
+                                                            session->master_key,
+                                                            tmp_buf,
+                                                            sizeof tmp_buf);
+
+            OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
+            OPENSSL_cleanse(epms, outl);
+        }
+#endif
+#ifndef OPENSSL_NO_DH
+        else if (alg_k & (SSL_kEDH | SSL_kDHr | SSL_kDHd)) {
+            DH *dh_srvr, *dh_clnt;
+
+            if (s->session->sess_cert == NULL) {
+                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
+                       SSL_R_UNEXPECTED_MESSAGE);
+                goto err;
+            }
+
+            if (s->session->sess_cert->peer_dh_tmp != NULL)
+                dh_srvr = s->session->sess_cert->peer_dh_tmp;
+            else {
+                /* we get them from the cert */
+                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
+                       SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
+                goto err;
+            }
+
+            /* generate a new random key */
+            if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) {
+                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
+                goto err;
+            }
+            if (!DH_generate_key(dh_clnt)) {
+                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
+                goto err;
+            }
+
+            /*
+             * use the 'p' output buffer for the DH key, but make sure to
+             * clear it out afterwards
+             */
+
+            n = DH_compute_key(p, dh_srvr->pub_key, dh_clnt);
+
+            if (n <= 0) {
+                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
+                goto err;
+            }
+
+            /* generate master key from the result */
+            s->session->master_key_length =
+                s->method->ssl3_enc->generate_master_secret(s,
+                                                            s->
+                                                            session->master_key,
+                                                            p, n);
+            /* clean up */
+            memset(p, 0, n);
+
+            /* send off the data */
+            n = BN_num_bytes(dh_clnt->pub_key);
+            s2n(n, p);
+            BN_bn2bin(dh_clnt->pub_key, p);
+            n += 2;
+
+            DH_free(dh_clnt);
+
+            /* perhaps clean things up a bit EAY EAY EAY EAY */
+        }
+#endif
+#ifndef OPENSSL_NO_ECDH
+        else if (alg_k & (SSL_kEECDH | SSL_kECDHr | SSL_kECDHe)) {
+            const EC_GROUP *srvr_group = NULL;
+            EC_KEY *tkey;
+            int ecdh_clnt_cert = 0;
+            int field_size = 0;
+
+            if (s->session->sess_cert == NULL) {
+                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
+                       SSL_R_UNEXPECTED_MESSAGE);
+                goto err;
+            }
+
+            /*
+             * Did we send out the client's ECDH share for use in premaster
+             * computation as part of client certificate? If so, set
+             * ecdh_clnt_cert to 1.
+             */
+            if ((alg_k & (SSL_kECDHr | SSL_kECDHe)) && (s->cert != NULL)) {
+                /*
+                 * XXX: For now, we do not support client authentication
+                 * using ECDH certificates. To add such support, one needs to
+                 * add code that checks for appropriate conditions and sets
+                 * ecdh_clnt_cert to 1. For example, the cert have an ECC key
+                 * on the same curve as the server's and the key should be
+                 * authorized for key agreement. One also needs to add code
+                 * in ssl3_connect to skip sending the certificate verify
+                 * message. if ((s->cert->key->privatekey != NULL) &&
+                 * (s->cert->key->privatekey->type == EVP_PKEY_EC) && ...)
+                 * ecdh_clnt_cert = 1;
+                 */
+            }
+
+            if (s->session->sess_cert->peer_ecdh_tmp != NULL) {
+                tkey = s->session->sess_cert->peer_ecdh_tmp;
+            } else {
+                /* Get the Server Public Key from Cert */
+                srvr_pub_pkey =
+                    X509_get_pubkey(s->session->
+                                    sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
+                if ((srvr_pub_pkey == NULL)
+                    || (srvr_pub_pkey->type != EVP_PKEY_EC)
+                    || (srvr_pub_pkey->pkey.ec == NULL)) {
+                    SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
+                           ERR_R_INTERNAL_ERROR);
+                    goto err;
+                }
+
+                tkey = srvr_pub_pkey->pkey.ec;
+            }
+
+            srvr_group = EC_KEY_get0_group(tkey);
+            srvr_ecpoint = EC_KEY_get0_public_key(tkey);
+
+            if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) {
+                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
+                       ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+
+            if ((clnt_ecdh = EC_KEY_new()) == NULL) {
+                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
+                       ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+
+            if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) {
+                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
+                goto err;
+            }
+            if (ecdh_clnt_cert) {
+                /*
+                 * Reuse key info from our certificate We only need our
+                 * private key to perform the ECDH computation.
+                 */
+                const BIGNUM *priv_key;
+                tkey = s->cert->key->privatekey->pkey.ec;
+                priv_key = EC_KEY_get0_private_key(tkey);
+                if (priv_key == NULL) {
+                    SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
+                           ERR_R_MALLOC_FAILURE);
+                    goto err;
+                }
+                if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) {
+                    SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
+                           ERR_R_EC_LIB);
+                    goto err;
+                }
+            } else {
+                /* Generate a new ECDH key pair */
+                if (!(EC_KEY_generate_key(clnt_ecdh))) {
+                    SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
+                           ERR_R_ECDH_LIB);
+                    goto err;
+                }
+            }
+
+            /*
+             * use the 'p' output buffer for the ECDH key, but make sure to
+             * clear it out afterwards
+             */
+
+            field_size = EC_GROUP_get_degree(srvr_group);
+            if (field_size <= 0) {
+                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
+                goto err;
+            }
+            n = ECDH_compute_key(p, (field_size + 7) / 8, srvr_ecpoint,
+                                 clnt_ecdh, NULL);
+            if (n <= 0) {
+                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
+                goto err;
+            }
+
+            /* generate master key from the result */
+            s->session->master_key_length =
+                s->method->ssl3_enc->generate_master_secret(s,
+                                                            s->
+                                                            session->master_key,
+                                                            p, n);
+
+            memset(p, 0, n);    /* clean up */
+
+            if (ecdh_clnt_cert) {
+                /* Send empty client key exch message */
+                n = 0;
+            } else {
+                /*
+                 * First check the size of encoding and allocate memory
+                 * accordingly.
+                 */
+                encoded_pt_len =
+                    EC_POINT_point2oct(srvr_group,
+                                       EC_KEY_get0_public_key(clnt_ecdh),
+                                       POINT_CONVERSION_UNCOMPRESSED,
+                                       NULL, 0, NULL);
+
+                encodedPoint = (unsigned char *)
+                    OPENSSL_malloc(encoded_pt_len * sizeof(unsigned char));
+                bn_ctx = BN_CTX_new();
+                if ((encodedPoint == NULL) || (bn_ctx == NULL)) {
+                    SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
+                           ERR_R_MALLOC_FAILURE);
+                    goto err;
+                }
+
+                /* Encode the public key */
+                n = EC_POINT_point2oct(srvr_group,
+                                       EC_KEY_get0_public_key(clnt_ecdh),
+                                       POINT_CONVERSION_UNCOMPRESSED,
+                                       encodedPoint, encoded_pt_len, bn_ctx);
+
+                *p = n;         /* length of encoded point */
+                /* Encoded point will be copied here */
+                p += 1;
+                /* copy the point */
+                memcpy((unsigned char *)p, encodedPoint, n);
+                /* increment n to account for length field */
+                n += 1;
+            }
+
+            /* Free allocated memory */
+            BN_CTX_free(bn_ctx);
+            if (encodedPoint != NULL)
+                OPENSSL_free(encodedPoint);
+            if (clnt_ecdh != NULL)
+                EC_KEY_free(clnt_ecdh);
+            EVP_PKEY_free(srvr_pub_pkey);
+        }
+#endif                          /* !OPENSSL_NO_ECDH */
+
+#ifndef OPENSSL_NO_PSK
+        else if (alg_k & SSL_kPSK) {
+            char identity[PSK_MAX_IDENTITY_LEN];
+            unsigned char *t = NULL;
+            unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN * 2 + 4];
+            unsigned int pre_ms_len = 0, psk_len = 0;
+            int psk_err = 1;
+
+            n = 0;
+            if (s->psk_client_callback == NULL) {
+                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
+                       SSL_R_PSK_NO_CLIENT_CB);
+                goto err;
+            }
+
+            psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint,
+                                             identity, PSK_MAX_IDENTITY_LEN,
+                                             psk_or_pre_ms,
+                                             sizeof(psk_or_pre_ms));
+            if (psk_len > PSK_MAX_PSK_LEN) {
+                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
+                       ERR_R_INTERNAL_ERROR);
+                goto psk_err;
+            } else if (psk_len == 0) {
+                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
+                       SSL_R_PSK_IDENTITY_NOT_FOUND);
+                goto psk_err;
+            }
+
+            /* create PSK pre_master_secret */
+            pre_ms_len = 2 + psk_len + 2 + psk_len;
+            t = psk_or_pre_ms;
+            memmove(psk_or_pre_ms + psk_len + 4, psk_or_pre_ms, psk_len);
+            s2n(psk_len, t);
+            memset(t, 0, psk_len);
+            t += psk_len;
+            s2n(psk_len, t);
+
+            if (s->session->psk_identity_hint != NULL)
+                OPENSSL_free(s->session->psk_identity_hint);
+            s->session->psk_identity_hint =
+                BUF_strdup(s->ctx->psk_identity_hint);
+            if (s->ctx->psk_identity_hint != NULL
+                && s->session->psk_identity_hint == NULL) {
+                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
+                       ERR_R_MALLOC_FAILURE);
+                goto psk_err;
+            }
+
+            if (s->session->psk_identity != NULL)
+                OPENSSL_free(s->session->psk_identity);
+            s->session->psk_identity = BUF_strdup(identity);
+            if (s->session->psk_identity == NULL) {
+                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
+                       ERR_R_MALLOC_FAILURE);
+                goto psk_err;
+            }
+
+            s->session->master_key_length =
+                s->method->ssl3_enc->generate_master_secret(s,
+                                                            s->
+                                                            session->master_key,
+                                                            psk_or_pre_ms,
+                                                            pre_ms_len);
+            n = strlen(identity);
+            s2n(n, p);
+            memcpy(p, identity, n);
+            n += 2;
+            psk_err = 0;
+ psk_err:
+            OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN);
+            OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
+            if (psk_err != 0) {
+                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+                goto err;
+            }
+        }
+#endif
+        else {
+            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+            SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
+                   ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        d = dtls1_set_message_header(s, d,
+                                     SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n);
+        /*-
+         *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
+         l2n3(n,d);
+         l2n(s->d1->handshake_write_seq,d);
+         s->d1->handshake_write_seq++;
+        */
+
+        s->state = SSL3_ST_CW_KEY_EXCH_B;
+        /* number of bytes to write */
+        s->init_num = n + DTLS1_HM_HEADER_LENGTH;
+        s->init_off = 0;
+
+        /* buffer the message to handle re-xmits */
+        dtls1_buffer_message(s, 0);
+    }
+
+    /* SSL3_ST_CW_KEY_EXCH_B */
+    return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+ err:
+#ifndef OPENSSL_NO_ECDH
+    BN_CTX_free(bn_ctx);
+    if (encodedPoint != NULL)
+        OPENSSL_free(encodedPoint);
+    if (clnt_ecdh != NULL)
+        EC_KEY_free(clnt_ecdh);
+    EVP_PKEY_free(srvr_pub_pkey);
+#endif
+    return (-1);
+}
+
+int dtls1_send_client_verify(SSL *s)
+{
+    unsigned char *p, *d;
+    unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
+    EVP_PKEY *pkey;
+#ifndef OPENSSL_NO_RSA
+    unsigned u = 0;
+#endif
+    unsigned long n;
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
+    int j;
+#endif
+
+    if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
+        d = (unsigned char *)s->init_buf->data;
+        p = &(d[DTLS1_HM_HEADER_LENGTH]);
+        pkey = s->cert->key->privatekey;
+
+        s->method->ssl3_enc->cert_verify_mac(s,
+                                             NID_sha1,
+                                             &(data[MD5_DIGEST_LENGTH]));
+
+#ifndef OPENSSL_NO_RSA
+        if (pkey->type == EVP_PKEY_RSA) {
+            s->method->ssl3_enc->cert_verify_mac(s, NID_md5, &(data[0]));
+            if (RSA_sign(NID_md5_sha1, data,
+                         MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
+                         &(p[2]), &u, pkey->pkey.rsa) <= 0) {
+                SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_RSA_LIB);
+                goto err;
+            }
+            s2n(u, p);
+            n = u + 2;
+        } else
+#endif
+#ifndef OPENSSL_NO_DSA
+        if (pkey->type == EVP_PKEY_DSA) {
+            if (!DSA_sign(pkey->save_type,
+                          &(data[MD5_DIGEST_LENGTH]),
+                          SHA_DIGEST_LENGTH, &(p[2]),
+                          (unsigned int *)&j, pkey->pkey.dsa)) {
+                SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_DSA_LIB);
+                goto err;
+            }
+            s2n(j, p);
+            n = j + 2;
+        } else
+#endif
+#ifndef OPENSSL_NO_ECDSA
+        if (pkey->type == EVP_PKEY_EC) {
+            if (!ECDSA_sign(pkey->save_type,
+                            &(data[MD5_DIGEST_LENGTH]),
+                            SHA_DIGEST_LENGTH, &(p[2]),
+                            (unsigned int *)&j, pkey->pkey.ec)) {
+                SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_ECDSA_LIB);
+                goto err;
+            }
+            s2n(j, p);
+            n = j + 2;
+        } else
+#endif
+        {
+            SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        d = dtls1_set_message_header(s, d,
+                                     SSL3_MT_CERTIFICATE_VERIFY, n, 0, n);
+
+        s->init_num = (int)n + DTLS1_HM_HEADER_LENGTH;
+        s->init_off = 0;
+
+        /* buffer the message to handle re-xmits */
+        dtls1_buffer_message(s, 0);
+
+        s->state = SSL3_ST_CW_CERT_VRFY_B;
+    }
+
+    /* s->state = SSL3_ST_CW_CERT_VRFY_B */
+    return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+ err:
+    return (-1);
+}
+
+int dtls1_send_client_certificate(SSL *s)
+{
+    X509 *x509 = NULL;
+    EVP_PKEY *pkey = NULL;
+    int i;
+    unsigned long l;
+
+    if (s->state == SSL3_ST_CW_CERT_A) {
+        if ((s->cert == NULL) ||
+            (s->cert->key->x509 == NULL) ||
+            (s->cert->key->privatekey == NULL))
+            s->state = SSL3_ST_CW_CERT_B;
+        else
+            s->state = SSL3_ST_CW_CERT_C;
+    }
+
+    /* We need to get a client cert */
+    if (s->state == SSL3_ST_CW_CERT_B) {
+        /*
+         * If we get an error, we need to ssl->rwstate=SSL_X509_LOOKUP;
+         * return(-1); We then get retied later
+         */
+        i = 0;
+        i = ssl_do_client_cert_cb(s, &x509, &pkey);
+        if (i < 0) {
+            s->rwstate = SSL_X509_LOOKUP;
+            return (-1);
+        }
+        s->rwstate = SSL_NOTHING;
+        if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
+            s->state = SSL3_ST_CW_CERT_B;
+            if (!SSL_use_certificate(s, x509) || !SSL_use_PrivateKey(s, pkey))
+                i = 0;
+        } else if (i == 1) {
+            i = 0;
+            SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE,
+                   SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
+        }
+
+        if (x509 != NULL)
+            X509_free(x509);
+        if (pkey != NULL)
+            EVP_PKEY_free(pkey);
+        if (i == 0) {
+            if (s->version == SSL3_VERSION) {
+                s->s3->tmp.cert_req = 0;
+                ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_CERTIFICATE);
+                return (1);
+            } else {
+                s->s3->tmp.cert_req = 2;
+            }
+        }
+
+        /* Ok, we have a cert */
+        s->state = SSL3_ST_CW_CERT_C;
+    }
+
+    if (s->state == SSL3_ST_CW_CERT_C) {
+        s->state = SSL3_ST_CW_CERT_D;
+        l = dtls1_output_cert_chain(s,
+                                    (s->s3->tmp.cert_req ==
+                                     2) ? NULL : s->cert->key->x509);
+        if (!l) {
+            SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+            return 0;
+        }
+        s->init_num = (int)l;
+        s->init_off = 0;
+
+        /* set header called by dtls1_output_cert_chain() */
+
+        /* buffer the message to handle re-xmits */
+        dtls1_buffer_message(s, 0);
+    }
+    /* SSL3_ST_CW_CERT_D */
+    return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+}

Deleted: vendor-crypto/openssl/1.0.1u/ssl/d1_lib.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/d1_lib.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/ssl/d1_lib.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,511 +0,0 @@
-/* ssl/d1_lib.c */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#define USE_SOCKETS
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS)
-# include <sys/timeb.h>
-#endif
-
-static void get_current_time(struct timeval *t);
-const char dtls1_version_str[] = "DTLSv1" OPENSSL_VERSION_PTEXT;
-int dtls1_listen(SSL *s, struct sockaddr *client);
-
-SSL3_ENC_METHOD DTLSv1_enc_data = {
-    dtls1_enc,
-    tls1_mac,
-    tls1_setup_key_block,
-    tls1_generate_master_secret,
-    tls1_change_cipher_state,
-    tls1_final_finish_mac,
-    TLS1_FINISH_MAC_LENGTH,
-    tls1_cert_verify_mac,
-    TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
-    TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
-    tls1_alert_code,
-    tls1_export_keying_material,
-};
-
-long dtls1_default_timeout(void)
-{
-    /*
-     * 2 hours, the 24 hours mentioned in the DTLSv1 spec is way too long for
-     * http, the cache would over fill
-     */
-    return (60 * 60 * 2);
-}
-
-int dtls1_new(SSL *s)
-{
-    DTLS1_STATE *d1;
-
-    if (!ssl3_new(s))
-        return (0);
-    if ((d1 = OPENSSL_malloc(sizeof *d1)) == NULL)
-        return (0);
-    memset(d1, 0, sizeof *d1);
-
-    /* d1->handshake_epoch=0; */
-
-    d1->unprocessed_rcds.q = pqueue_new();
-    d1->processed_rcds.q = pqueue_new();
-    d1->buffered_messages = pqueue_new();
-    d1->sent_messages = pqueue_new();
-    d1->buffered_app_data.q = pqueue_new();
-
-    if (s->server) {
-        d1->cookie_len = sizeof(s->d1->cookie);
-    }
-
-    d1->link_mtu = 0;
-    d1->mtu = 0;
-
-    if (!d1->unprocessed_rcds.q || !d1->processed_rcds.q
-        || !d1->buffered_messages || !d1->sent_messages
-        || !d1->buffered_app_data.q) {
-        if (d1->unprocessed_rcds.q)
-            pqueue_free(d1->unprocessed_rcds.q);
-        if (d1->processed_rcds.q)
-            pqueue_free(d1->processed_rcds.q);
-        if (d1->buffered_messages)
-            pqueue_free(d1->buffered_messages);
-        if (d1->sent_messages)
-            pqueue_free(d1->sent_messages);
-        if (d1->buffered_app_data.q)
-            pqueue_free(d1->buffered_app_data.q);
-        OPENSSL_free(d1);
-        return (0);
-    }
-
-    s->d1 = d1;
-    s->method->ssl_clear(s);
-    return (1);
-}
-
-static void dtls1_clear_queues(SSL *s)
-{
-    pitem *item = NULL;
-    hm_fragment *frag = NULL;
-    DTLS1_RECORD_DATA *rdata;
-
-    while ((item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) {
-        rdata = (DTLS1_RECORD_DATA *)item->data;
-        if (rdata->rbuf.buf) {
-            OPENSSL_free(rdata->rbuf.buf);
-        }
-        OPENSSL_free(item->data);
-        pitem_free(item);
-    }
-
-    while ((item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) {
-        rdata = (DTLS1_RECORD_DATA *)item->data;
-        if (rdata->rbuf.buf) {
-            OPENSSL_free(rdata->rbuf.buf);
-        }
-        OPENSSL_free(item->data);
-        pitem_free(item);
-    }
-
-    while ((item = pqueue_pop(s->d1->buffered_messages)) != NULL) {
-        frag = (hm_fragment *)item->data;
-        dtls1_hm_fragment_free(frag);
-        pitem_free(item);
-    }
-
-    while ((item = pqueue_pop(s->d1->sent_messages)) != NULL) {
-        frag = (hm_fragment *)item->data;
-        dtls1_hm_fragment_free(frag);
-        pitem_free(item);
-    }
-
-    while ((item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) {
-        rdata = (DTLS1_RECORD_DATA *)item->data;
-        if (rdata->rbuf.buf) {
-            OPENSSL_free(rdata->rbuf.buf);
-        }
-        OPENSSL_free(item->data);
-        pitem_free(item);
-    }
-}
-
-void dtls1_free(SSL *s)
-{
-    ssl3_free(s);
-
-    dtls1_clear_queues(s);
-
-    pqueue_free(s->d1->unprocessed_rcds.q);
-    pqueue_free(s->d1->processed_rcds.q);
-    pqueue_free(s->d1->buffered_messages);
-    pqueue_free(s->d1->sent_messages);
-    pqueue_free(s->d1->buffered_app_data.q);
-
-    OPENSSL_free(s->d1);
-    s->d1 = NULL;
-}
-
-void dtls1_clear(SSL *s)
-{
-    pqueue unprocessed_rcds;
-    pqueue processed_rcds;
-    pqueue buffered_messages;
-    pqueue sent_messages;
-    pqueue buffered_app_data;
-    unsigned int mtu;
-    unsigned int link_mtu;
-
-    if (s->d1) {
-        unprocessed_rcds = s->d1->unprocessed_rcds.q;
-        processed_rcds = s->d1->processed_rcds.q;
-        buffered_messages = s->d1->buffered_messages;
-        sent_messages = s->d1->sent_messages;
-        buffered_app_data = s->d1->buffered_app_data.q;
-        mtu = s->d1->mtu;
-        link_mtu = s->d1->link_mtu;
-
-        dtls1_clear_queues(s);
-
-        memset(s->d1, 0, sizeof(*(s->d1)));
-
-        if (s->server) {
-            s->d1->cookie_len = sizeof(s->d1->cookie);
-        }
-
-        if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) {
-            s->d1->mtu = mtu;
-            s->d1->link_mtu = link_mtu;
-        }
-
-        s->d1->unprocessed_rcds.q = unprocessed_rcds;
-        s->d1->processed_rcds.q = processed_rcds;
-        s->d1->buffered_messages = buffered_messages;
-        s->d1->sent_messages = sent_messages;
-        s->d1->buffered_app_data.q = buffered_app_data;
-    }
-
-    ssl3_clear(s);
-    if (s->options & SSL_OP_CISCO_ANYCONNECT)
-        s->version = DTLS1_BAD_VER;
-    else
-        s->version = DTLS1_VERSION;
-}
-
-long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
-{
-    int ret = 0;
-
-    switch (cmd) {
-    case DTLS_CTRL_GET_TIMEOUT:
-        if (dtls1_get_timeout(s, (struct timeval *)parg) != NULL) {
-            ret = 1;
-        }
-        break;
-    case DTLS_CTRL_HANDLE_TIMEOUT:
-        ret = dtls1_handle_timeout(s);
-        break;
-    case DTLS_CTRL_LISTEN:
-        ret = dtls1_listen(s, parg);
-        break;
-    case SSL_CTRL_CHECK_PROTO_VERSION:
-        /*
-         * For library-internal use; checks that the current protocol is the
-         * highest enabled version (according to s->ctx->method, as version
-         * negotiation may have changed s->method).
-         */
-#if DTLS_MAX_VERSION != DTLS1_VERSION
-# error Code needs update for DTLS_method() support beyond DTLS1_VERSION.
-#endif
-        /*
-         * Just one protocol version is supported so far; fail closed if the
-         * version is not as expected.
-         */
-        return s->version == DTLS_MAX_VERSION;
-    case DTLS_CTRL_SET_LINK_MTU:
-        if (larg < (long)dtls1_link_min_mtu())
-            return 0;
-        s->d1->link_mtu = larg;
-        return 1;
-    case DTLS_CTRL_GET_LINK_MIN_MTU:
-        return (long)dtls1_link_min_mtu();
-    case SSL_CTRL_SET_MTU:
-        /*
-         *  We may not have a BIO set yet so can't call dtls1_min_mtu()
-         *  We'll have to make do with dtls1_link_min_mtu() and max overhead
-         */
-        if (larg < (long)dtls1_link_min_mtu() - DTLS1_MAX_MTU_OVERHEAD)
-            return 0;
-        s->d1->mtu = larg;
-        return larg;
-    default:
-        ret = ssl3_ctrl(s, cmd, larg, parg);
-        break;
-    }
-    return (ret);
-}
-
-/*
- * As it's impossible to use stream ciphers in "datagram" mode, this
- * simple filter is designed to disengage them in DTLS. Unfortunately
- * there is no universal way to identify stream SSL_CIPHER, so we have
- * to explicitly list their SSL_* codes. Currently RC4 is the only one
- * available, but if new ones emerge, they will have to be added...
- */
-const SSL_CIPHER *dtls1_get_cipher(unsigned int u)
-{
-    const SSL_CIPHER *ciph = ssl3_get_cipher(u);
-
-    if (ciph != NULL) {
-        if (ciph->algorithm_enc == SSL_RC4)
-            return NULL;
-    }
-
-    return ciph;
-}
-
-void dtls1_start_timer(SSL *s)
-{
-#ifndef OPENSSL_NO_SCTP
-    /* Disable timer for SCTP */
-    if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
-        memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
-        return;
-    }
-#endif
-
-    /* If timer is not set, initialize duration with 1 second */
-    if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {
-        s->d1->timeout_duration = 1;
-    }
-
-    /* Set timeout to current time */
-    get_current_time(&(s->d1->next_timeout));
-
-    /* Add duration to current time */
-    s->d1->next_timeout.tv_sec += s->d1->timeout_duration;
-    BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
-             &(s->d1->next_timeout));
-}
-
-struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft)
-{
-    struct timeval timenow;
-
-    /* If no timeout is set, just return NULL */
-    if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {
-        return NULL;
-    }
-
-    /* Get current time */
-    get_current_time(&timenow);
-
-    /* If timer already expired, set remaining time to 0 */
-    if (s->d1->next_timeout.tv_sec < timenow.tv_sec ||
-        (s->d1->next_timeout.tv_sec == timenow.tv_sec &&
-         s->d1->next_timeout.tv_usec <= timenow.tv_usec)) {
-        memset(timeleft, 0, sizeof(struct timeval));
-        return timeleft;
-    }
-
-    /* Calculate time left until timer expires */
-    memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval));
-    timeleft->tv_sec -= timenow.tv_sec;
-    timeleft->tv_usec -= timenow.tv_usec;
-    if (timeleft->tv_usec < 0) {
-        timeleft->tv_sec--;
-        timeleft->tv_usec += 1000000;
-    }
-
-    /*
-     * If remaining time is less than 15 ms, set it to 0 to prevent issues
-     * because of small devergences with socket timeouts.
-     */
-    if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) {
-        memset(timeleft, 0, sizeof(struct timeval));
-    }
-
-    return timeleft;
-}
-
-int dtls1_is_timer_expired(SSL *s)
-{
-    struct timeval timeleft;
-
-    /* Get time left until timeout, return false if no timer running */
-    if (dtls1_get_timeout(s, &timeleft) == NULL) {
-        return 0;
-    }
-
-    /* Return false if timer is not expired yet */
-    if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) {
-        return 0;
-    }
-
-    /* Timer expired, so return true */
-    return 1;
-}
-
-void dtls1_double_timeout(SSL *s)
-{
-    s->d1->timeout_duration *= 2;
-    if (s->d1->timeout_duration > 60)
-        s->d1->timeout_duration = 60;
-    dtls1_start_timer(s);
-}
-
-void dtls1_stop_timer(SSL *s)
-{
-    /* Reset everything */
-    memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st));
-    memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
-    s->d1->timeout_duration = 1;
-    BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
-             &(s->d1->next_timeout));
-    /* Clear retransmission buffer */
-    dtls1_clear_record_buffer(s);
-}
-
-int dtls1_check_timeout_num(SSL *s)
-{
-    unsigned int mtu;
-
-    s->d1->timeout.num_alerts++;
-
-    /* Reduce MTU after 2 unsuccessful retransmissions */
-    if (s->d1->timeout.num_alerts > 2
-        && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
-        mtu =
-            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0,
-                     NULL);
-        if (mtu < s->d1->mtu)
-            s->d1->mtu = mtu;
-    }
-
-    if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) {
-        /* fail the connection, enough alerts have been sent */
-        SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM, SSL_R_READ_TIMEOUT_EXPIRED);
-        return -1;
-    }
-
-    return 0;
-}
-
-int dtls1_handle_timeout(SSL *s)
-{
-    /* if no timer is expired, don't do anything */
-    if (!dtls1_is_timer_expired(s)) {
-        return 0;
-    }
-
-    dtls1_double_timeout(s);
-
-    if (dtls1_check_timeout_num(s) < 0)
-        return -1;
-
-    s->d1->timeout.read_timeouts++;
-    if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) {
-        s->d1->timeout.read_timeouts = 1;
-    }
-#ifndef OPENSSL_NO_HEARTBEATS
-    if (s->tlsext_hb_pending) {
-        s->tlsext_hb_pending = 0;
-        return dtls1_heartbeat(s);
-    }
-#endif
-
-    dtls1_start_timer(s);
-    return dtls1_retransmit_buffered_messages(s);
-}
-
-static void get_current_time(struct timeval *t)
-{
-#ifdef OPENSSL_SYS_WIN32
-    struct _timeb tb;
-    _ftime(&tb);
-    t->tv_sec = (long)tb.time;
-    t->tv_usec = (long)tb.millitm * 1000;
-#elif defined(OPENSSL_SYS_VMS)
-    struct timeb tb;
-    ftime(&tb);
-    t->tv_sec = (long)tb.time;
-    t->tv_usec = (long)tb.millitm * 1000;
-#else
-    gettimeofday(t, NULL);
-#endif
-}
-
-int dtls1_listen(SSL *s, struct sockaddr *client)
-{
-    int ret;
-
-    /* Ensure there is no state left over from a previous invocation */
-    SSL_clear(s);
-
-    SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
-    s->d1->listen = 1;
-
-    ret = SSL_accept(s);
-    if (ret <= 0)
-        return ret;
-
-    (void)BIO_dgram_get_peer(SSL_get_rbio(s), client);
-    return 1;
-}

Copied: vendor-crypto/openssl/1.0.1u/ssl/d1_lib.c (from rev 11605, vendor-crypto/openssl/dist/ssl/d1_lib.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/ssl/d1_lib.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/ssl/d1_lib.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,526 @@
+/* ssl/d1_lib.c */
+/*
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#define USE_SOCKETS
+#include <openssl/objects.h>
+#include "ssl_locl.h"
+
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS)
+# include <sys/timeb.h>
+#endif
+
+static void get_current_time(struct timeval *t);
+const char dtls1_version_str[] = "DTLSv1" OPENSSL_VERSION_PTEXT;
+int dtls1_listen(SSL *s, struct sockaddr *client);
+
+SSL3_ENC_METHOD DTLSv1_enc_data = {
+    dtls1_enc,
+    tls1_mac,
+    tls1_setup_key_block,
+    tls1_generate_master_secret,
+    tls1_change_cipher_state,
+    tls1_final_finish_mac,
+    TLS1_FINISH_MAC_LENGTH,
+    tls1_cert_verify_mac,
+    TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
+    TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
+    tls1_alert_code,
+    tls1_export_keying_material,
+};
+
+long dtls1_default_timeout(void)
+{
+    /*
+     * 2 hours, the 24 hours mentioned in the DTLSv1 spec is way too long for
+     * http, the cache would over fill
+     */
+    return (60 * 60 * 2);
+}
+
+int dtls1_new(SSL *s)
+{
+    DTLS1_STATE *d1;
+
+    if (!ssl3_new(s))
+        return (0);
+    if ((d1 = OPENSSL_malloc(sizeof *d1)) == NULL)
+        return (0);
+    memset(d1, 0, sizeof *d1);
+
+    /* d1->handshake_epoch=0; */
+
+    d1->unprocessed_rcds.q = pqueue_new();
+    d1->processed_rcds.q = pqueue_new();
+    d1->buffered_messages = pqueue_new();
+    d1->sent_messages = pqueue_new();
+    d1->buffered_app_data.q = pqueue_new();
+
+    if (s->server) {
+        d1->cookie_len = sizeof(s->d1->cookie);
+    }
+
+    d1->link_mtu = 0;
+    d1->mtu = 0;
+
+    if (!d1->unprocessed_rcds.q || !d1->processed_rcds.q
+        || !d1->buffered_messages || !d1->sent_messages
+        || !d1->buffered_app_data.q) {
+        if (d1->unprocessed_rcds.q)
+            pqueue_free(d1->unprocessed_rcds.q);
+        if (d1->processed_rcds.q)
+            pqueue_free(d1->processed_rcds.q);
+        if (d1->buffered_messages)
+            pqueue_free(d1->buffered_messages);
+        if (d1->sent_messages)
+            pqueue_free(d1->sent_messages);
+        if (d1->buffered_app_data.q)
+            pqueue_free(d1->buffered_app_data.q);
+        OPENSSL_free(d1);
+        return (0);
+    }
+
+    s->d1 = d1;
+    s->method->ssl_clear(s);
+    return (1);
+}
+
+static void dtls1_clear_queues(SSL *s)
+{
+    pitem *item = NULL;
+    DTLS1_RECORD_DATA *rdata;
+
+    while ((item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) {
+        rdata = (DTLS1_RECORD_DATA *)item->data;
+        if (rdata->rbuf.buf) {
+            OPENSSL_free(rdata->rbuf.buf);
+        }
+        OPENSSL_free(item->data);
+        pitem_free(item);
+    }
+
+    while ((item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) {
+        rdata = (DTLS1_RECORD_DATA *)item->data;
+        if (rdata->rbuf.buf) {
+            OPENSSL_free(rdata->rbuf.buf);
+        }
+        OPENSSL_free(item->data);
+        pitem_free(item);
+    }
+
+    while ((item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) {
+        rdata = (DTLS1_RECORD_DATA *)item->data;
+        if (rdata->rbuf.buf) {
+            OPENSSL_free(rdata->rbuf.buf);
+        }
+        OPENSSL_free(item->data);
+        pitem_free(item);
+    }
+
+    dtls1_clear_received_buffer(s);
+    dtls1_clear_sent_buffer(s);
+}
+
+void dtls1_clear_received_buffer(SSL *s)
+{
+    pitem *item = NULL;
+    hm_fragment *frag = NULL;
+
+    while ((item = pqueue_pop(s->d1->buffered_messages)) != NULL) {
+        frag = (hm_fragment *)item->data;
+        dtls1_hm_fragment_free(frag);
+        pitem_free(item);
+    }
+}
+
+void dtls1_clear_sent_buffer(SSL *s)
+{
+    pitem *item = NULL;
+    hm_fragment *frag = NULL;
+
+    while ((item = pqueue_pop(s->d1->sent_messages)) != NULL) {
+        frag = (hm_fragment *)item->data;
+        dtls1_hm_fragment_free(frag);
+        pitem_free(item);
+    }
+}
+
+
+void dtls1_free(SSL *s)
+{
+    ssl3_free(s);
+
+    dtls1_clear_queues(s);
+
+    pqueue_free(s->d1->unprocessed_rcds.q);
+    pqueue_free(s->d1->processed_rcds.q);
+    pqueue_free(s->d1->buffered_messages);
+    pqueue_free(s->d1->sent_messages);
+    pqueue_free(s->d1->buffered_app_data.q);
+
+    OPENSSL_free(s->d1);
+    s->d1 = NULL;
+}
+
+void dtls1_clear(SSL *s)
+{
+    pqueue unprocessed_rcds;
+    pqueue processed_rcds;
+    pqueue buffered_messages;
+    pqueue sent_messages;
+    pqueue buffered_app_data;
+    unsigned int mtu;
+    unsigned int link_mtu;
+
+    if (s->d1) {
+        unprocessed_rcds = s->d1->unprocessed_rcds.q;
+        processed_rcds = s->d1->processed_rcds.q;
+        buffered_messages = s->d1->buffered_messages;
+        sent_messages = s->d1->sent_messages;
+        buffered_app_data = s->d1->buffered_app_data.q;
+        mtu = s->d1->mtu;
+        link_mtu = s->d1->link_mtu;
+
+        dtls1_clear_queues(s);
+
+        memset(s->d1, 0, sizeof(*(s->d1)));
+
+        if (s->server) {
+            s->d1->cookie_len = sizeof(s->d1->cookie);
+        }
+
+        if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) {
+            s->d1->mtu = mtu;
+            s->d1->link_mtu = link_mtu;
+        }
+
+        s->d1->unprocessed_rcds.q = unprocessed_rcds;
+        s->d1->processed_rcds.q = processed_rcds;
+        s->d1->buffered_messages = buffered_messages;
+        s->d1->sent_messages = sent_messages;
+        s->d1->buffered_app_data.q = buffered_app_data;
+    }
+
+    ssl3_clear(s);
+    if (s->options & SSL_OP_CISCO_ANYCONNECT)
+        s->version = DTLS1_BAD_VER;
+    else
+        s->version = DTLS1_VERSION;
+}
+
+long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
+{
+    int ret = 0;
+
+    switch (cmd) {
+    case DTLS_CTRL_GET_TIMEOUT:
+        if (dtls1_get_timeout(s, (struct timeval *)parg) != NULL) {
+            ret = 1;
+        }
+        break;
+    case DTLS_CTRL_HANDLE_TIMEOUT:
+        ret = dtls1_handle_timeout(s);
+        break;
+    case DTLS_CTRL_LISTEN:
+        ret = dtls1_listen(s, parg);
+        break;
+    case SSL_CTRL_CHECK_PROTO_VERSION:
+        /*
+         * For library-internal use; checks that the current protocol is the
+         * highest enabled version (according to s->ctx->method, as version
+         * negotiation may have changed s->method).
+         */
+#if DTLS_MAX_VERSION != DTLS1_VERSION
+# error Code needs update for DTLS_method() support beyond DTLS1_VERSION.
+#endif
+        /*
+         * Just one protocol version is supported so far; fail closed if the
+         * version is not as expected.
+         */
+        return s->version == DTLS_MAX_VERSION;
+    case DTLS_CTRL_SET_LINK_MTU:
+        if (larg < (long)dtls1_link_min_mtu())
+            return 0;
+        s->d1->link_mtu = larg;
+        return 1;
+    case DTLS_CTRL_GET_LINK_MIN_MTU:
+        return (long)dtls1_link_min_mtu();
+    case SSL_CTRL_SET_MTU:
+        /*
+         *  We may not have a BIO set yet so can't call dtls1_min_mtu()
+         *  We'll have to make do with dtls1_link_min_mtu() and max overhead
+         */
+        if (larg < (long)dtls1_link_min_mtu() - DTLS1_MAX_MTU_OVERHEAD)
+            return 0;
+        s->d1->mtu = larg;
+        return larg;
+    default:
+        ret = ssl3_ctrl(s, cmd, larg, parg);
+        break;
+    }
+    return (ret);
+}
+
+/*
+ * As it's impossible to use stream ciphers in "datagram" mode, this
+ * simple filter is designed to disengage them in DTLS. Unfortunately
+ * there is no universal way to identify stream SSL_CIPHER, so we have
+ * to explicitly list their SSL_* codes. Currently RC4 is the only one
+ * available, but if new ones emerge, they will have to be added...
+ */
+const SSL_CIPHER *dtls1_get_cipher(unsigned int u)
+{
+    const SSL_CIPHER *ciph = ssl3_get_cipher(u);
+
+    if (ciph != NULL) {
+        if (ciph->algorithm_enc == SSL_RC4)
+            return NULL;
+    }
+
+    return ciph;
+}
+
+void dtls1_start_timer(SSL *s)
+{
+#ifndef OPENSSL_NO_SCTP
+    /* Disable timer for SCTP */
+    if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
+        memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
+        return;
+    }
+#endif
+
+    /* If timer is not set, initialize duration with 1 second */
+    if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {
+        s->d1->timeout_duration = 1;
+    }
+
+    /* Set timeout to current time */
+    get_current_time(&(s->d1->next_timeout));
+
+    /* Add duration to current time */
+    s->d1->next_timeout.tv_sec += s->d1->timeout_duration;
+    BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
+             &(s->d1->next_timeout));
+}
+
+struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft)
+{
+    struct timeval timenow;
+
+    /* If no timeout is set, just return NULL */
+    if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {
+        return NULL;
+    }
+
+    /* Get current time */
+    get_current_time(&timenow);
+
+    /* If timer already expired, set remaining time to 0 */
+    if (s->d1->next_timeout.tv_sec < timenow.tv_sec ||
+        (s->d1->next_timeout.tv_sec == timenow.tv_sec &&
+         s->d1->next_timeout.tv_usec <= timenow.tv_usec)) {
+        memset(timeleft, 0, sizeof(struct timeval));
+        return timeleft;
+    }
+
+    /* Calculate time left until timer expires */
+    memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval));
+    timeleft->tv_sec -= timenow.tv_sec;
+    timeleft->tv_usec -= timenow.tv_usec;
+    if (timeleft->tv_usec < 0) {
+        timeleft->tv_sec--;
+        timeleft->tv_usec += 1000000;
+    }
+
+    /*
+     * If remaining time is less than 15 ms, set it to 0 to prevent issues
+     * because of small devergences with socket timeouts.
+     */
+    if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) {
+        memset(timeleft, 0, sizeof(struct timeval));
+    }
+
+    return timeleft;
+}
+
+int dtls1_is_timer_expired(SSL *s)
+{
+    struct timeval timeleft;
+
+    /* Get time left until timeout, return false if no timer running */
+    if (dtls1_get_timeout(s, &timeleft) == NULL) {
+        return 0;
+    }
+
+    /* Return false if timer is not expired yet */
+    if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) {
+        return 0;
+    }
+
+    /* Timer expired, so return true */
+    return 1;
+}
+
+void dtls1_double_timeout(SSL *s)
+{
+    s->d1->timeout_duration *= 2;
+    if (s->d1->timeout_duration > 60)
+        s->d1->timeout_duration = 60;
+    dtls1_start_timer(s);
+}
+
+void dtls1_stop_timer(SSL *s)
+{
+    /* Reset everything */
+    memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st));
+    memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
+    s->d1->timeout_duration = 1;
+    BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
+             &(s->d1->next_timeout));
+    /* Clear retransmission buffer */
+    dtls1_clear_sent_buffer(s);
+}
+
+int dtls1_check_timeout_num(SSL *s)
+{
+    unsigned int mtu;
+
+    s->d1->timeout.num_alerts++;
+
+    /* Reduce MTU after 2 unsuccessful retransmissions */
+    if (s->d1->timeout.num_alerts > 2
+        && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
+        mtu =
+            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0,
+                     NULL);
+        if (mtu < s->d1->mtu)
+            s->d1->mtu = mtu;
+    }
+
+    if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) {
+        /* fail the connection, enough alerts have been sent */
+        SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM, SSL_R_READ_TIMEOUT_EXPIRED);
+        return -1;
+    }
+
+    return 0;
+}
+
+int dtls1_handle_timeout(SSL *s)
+{
+    /* if no timer is expired, don't do anything */
+    if (!dtls1_is_timer_expired(s)) {
+        return 0;
+    }
+
+    dtls1_double_timeout(s);
+
+    if (dtls1_check_timeout_num(s) < 0)
+        return -1;
+
+    s->d1->timeout.read_timeouts++;
+    if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) {
+        s->d1->timeout.read_timeouts = 1;
+    }
+#ifndef OPENSSL_NO_HEARTBEATS
+    if (s->tlsext_hb_pending) {
+        s->tlsext_hb_pending = 0;
+        return dtls1_heartbeat(s);
+    }
+#endif
+
+    dtls1_start_timer(s);
+    return dtls1_retransmit_buffered_messages(s);
+}
+
+static void get_current_time(struct timeval *t)
+{
+#ifdef OPENSSL_SYS_WIN32
+    struct _timeb tb;
+    _ftime(&tb);
+    t->tv_sec = (long)tb.time;
+    t->tv_usec = (long)tb.millitm * 1000;
+#elif defined(OPENSSL_SYS_VMS)
+    struct timeb tb;
+    ftime(&tb);
+    t->tv_sec = (long)tb.time;
+    t->tv_usec = (long)tb.millitm * 1000;
+#else
+    gettimeofday(t, NULL);
+#endif
+}
+
+int dtls1_listen(SSL *s, struct sockaddr *client)
+{
+    int ret;
+
+    /* Ensure there is no state left over from a previous invocation */
+    SSL_clear(s);
+
+    SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
+    s->d1->listen = 1;
+
+    ret = SSL_accept(s);
+    if (ret <= 0)
+        return ret;
+
+    (void)BIO_dgram_get_peer(SSL_get_rbio(s), client);
+    return 1;
+}

Deleted: vendor-crypto/openssl/1.0.1u/ssl/d1_pkt.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/d1_pkt.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/ssl/d1_pkt.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,1905 +0,0 @@
-/* ssl/d1_pkt.c */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#define USE_SOCKETS
-#include "ssl_locl.h"
-#include <openssl/evp.h>
-#include <openssl/buffer.h>
-#include <openssl/pqueue.h>
-#include <openssl/rand.h>
-
-/* mod 128 saturating subtract of two 64-bit values in big-endian order */
-static int satsub64be(const unsigned char *v1, const unsigned char *v2)
-{
-    int ret, sat, brw, i;
-
-    if (sizeof(long) == 8)
-        do {
-            const union {
-                long one;
-                char little;
-            } is_endian = {
-                1
-            };
-            long l;
-
-            if (is_endian.little)
-                break;
-            /* not reached on little-endians */
-            /*
-             * following test is redundant, because input is always aligned,
-             * but I take no chances...
-             */
-            if (((size_t)v1 | (size_t)v2) & 0x7)
-                break;
-
-            l = *((long *)v1);
-            l -= *((long *)v2);
-            if (l > 128)
-                return 128;
-            else if (l < -128)
-                return -128;
-            else
-                return (int)l;
-        } while (0);
-
-    ret = (int)v1[7] - (int)v2[7];
-    sat = 0;
-    brw = ret >> 8;             /* brw is either 0 or -1 */
-    if (ret & 0x80) {
-        for (i = 6; i >= 0; i--) {
-            brw += (int)v1[i] - (int)v2[i];
-            sat |= ~brw;
-            brw >>= 8;
-        }
-    } else {
-        for (i = 6; i >= 0; i--) {
-            brw += (int)v1[i] - (int)v2[i];
-            sat |= brw;
-            brw >>= 8;
-        }
-    }
-    brw <<= 8;                  /* brw is either 0 or -256 */
-
-    if (sat & 0xff)
-        return brw | 0x80;
-    else
-        return brw + (ret & 0xFF);
-}
-
-static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
-                                   int len, int peek);
-static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap);
-static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
-static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
-                                      unsigned int *is_next_epoch);
-#if 0
-static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr,
-                                        unsigned short *priority,
-                                        unsigned long *offset);
-#endif
-static int dtls1_buffer_record(SSL *s, record_pqueue *q,
-                               unsigned char *priority);
-static int dtls1_process_record(SSL *s);
-
-/* copy buffered record into SSL structure */
-static int dtls1_copy_record(SSL *s, pitem *item)
-{
-    DTLS1_RECORD_DATA *rdata;
-
-    rdata = (DTLS1_RECORD_DATA *)item->data;
-
-    if (s->s3->rbuf.buf != NULL)
-        OPENSSL_free(s->s3->rbuf.buf);
-
-    s->packet = rdata->packet;
-    s->packet_length = rdata->packet_length;
-    memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
-    memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
-
-    /* Set proper sequence number for mac calculation */
-    memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6);
-
-    return (1);
-}
-
-static int
-dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
-{
-    DTLS1_RECORD_DATA *rdata;
-    pitem *item;
-
-    /* Limit the size of the queue to prevent DOS attacks */
-    if (pqueue_size(queue->q) >= 100)
-        return 0;
-
-    rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
-    item = pitem_new(priority, rdata);
-    if (rdata == NULL || item == NULL) {
-        if (rdata != NULL)
-            OPENSSL_free(rdata);
-        if (item != NULL)
-            pitem_free(item);
-
-        SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
-        return -1;
-    }
-
-    rdata->packet = s->packet;
-    rdata->packet_length = s->packet_length;
-    memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER));
-    memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD));
-
-    item->data = rdata;
-
-#ifndef OPENSSL_NO_SCTP
-    /* Store bio_dgram_sctp_rcvinfo struct */
-    if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
-        (s->state == SSL3_ST_SR_FINISHED_A
-         || s->state == SSL3_ST_CR_FINISHED_A)) {
-        BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO,
-                 sizeof(rdata->recordinfo), &rdata->recordinfo);
-    }
-#endif
-
-    s->packet = NULL;
-    s->packet_length = 0;
-    memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
-    memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD));
-
-    if (!ssl3_setup_buffers(s)) {
-        SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
-        if (rdata->rbuf.buf != NULL)
-            OPENSSL_free(rdata->rbuf.buf);
-        OPENSSL_free(rdata);
-        pitem_free(item);
-        return (-1);
-    }
-
-    /* insert should not fail, since duplicates are dropped */
-    if (pqueue_insert(queue->q, item) == NULL) {
-        SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
-        if (rdata->rbuf.buf != NULL)
-            OPENSSL_free(rdata->rbuf.buf);
-        OPENSSL_free(rdata);
-        pitem_free(item);
-        return (-1);
-    }
-
-    return (1);
-}
-
-static int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
-{
-    pitem *item;
-
-    item = pqueue_pop(queue->q);
-    if (item) {
-        dtls1_copy_record(s, item);
-
-        OPENSSL_free(item->data);
-        pitem_free(item);
-
-        return (1);
-    }
-
-    return (0);
-}
-
-/*
- * retrieve a buffered record that belongs to the new epoch, i.e., not
- * processed yet
- */
-#define dtls1_get_unprocessed_record(s) \
-                   dtls1_retrieve_buffered_record((s), \
-                   &((s)->d1->unprocessed_rcds))
-
-/*
- * retrieve a buffered record that belongs to the current epoch, ie,
- * processed
- */
-#define dtls1_get_processed_record(s) \
-                   dtls1_retrieve_buffered_record((s), \
-                   &((s)->d1->processed_rcds))
-
-static int dtls1_process_buffered_records(SSL *s)
-{
-    pitem *item;
-
-    item = pqueue_peek(s->d1->unprocessed_rcds.q);
-    if (item) {
-        /* Check if epoch is current. */
-        if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
-            return (1);         /* Nothing to do. */
-
-        /* Process all the records. */
-        while (pqueue_peek(s->d1->unprocessed_rcds.q)) {
-            dtls1_get_unprocessed_record(s);
-            if (!dtls1_process_record(s))
-                return (0);
-            if (dtls1_buffer_record(s, &(s->d1->processed_rcds),
-                                    s->s3->rrec.seq_num) < 0)
-                return -1;
-        }
-    }
-
-    /*
-     * sync epoch numbers once all the unprocessed records have been
-     * processed
-     */
-    s->d1->processed_rcds.epoch = s->d1->r_epoch;
-    s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1;
-
-    return (1);
-}
-
-#if 0
-
-static int dtls1_get_buffered_record(SSL *s)
-{
-    pitem *item;
-    PQ_64BIT priority =
-        (((PQ_64BIT) s->d1->handshake_read_seq) << 32) |
-        ((PQ_64BIT) s->d1->r_msg_hdr.frag_off);
-
-    /* if we're not (re)negotiating, nothing buffered */
-    if (!SSL_in_init(s))
-        return 0;
-
-    item = pqueue_peek(s->d1->rcvd_records);
-    if (item && item->priority == priority) {
-        /*
-         * Check if we've received the record of interest.  It must be a
-         * handshake record, since data records as passed up without
-         * buffering
-         */
-        DTLS1_RECORD_DATA *rdata;
-        item = pqueue_pop(s->d1->rcvd_records);
-        rdata = (DTLS1_RECORD_DATA *)item->data;
-
-        if (s->s3->rbuf.buf != NULL)
-            OPENSSL_free(s->s3->rbuf.buf);
-
-        s->packet = rdata->packet;
-        s->packet_length = rdata->packet_length;
-        memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
-        memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
-
-        OPENSSL_free(item->data);
-        pitem_free(item);
-
-        /* s->d1->next_expected_seq_num++; */
-        return (1);
-    }
-
-    return 0;
-}
-
-#endif
-
-static int dtls1_process_record(SSL *s)
-{
-    int i, al;
-    int enc_err;
-    SSL_SESSION *sess;
-    SSL3_RECORD *rr;
-    unsigned int mac_size, orig_len;
-    unsigned char md[EVP_MAX_MD_SIZE];
-
-    rr = &(s->s3->rrec);
-    sess = s->session;
-
-    /*
-     * At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
-     * and we have that many bytes in s->packet
-     */
-    rr->input = &(s->packet[DTLS1_RT_HEADER_LENGTH]);
-
-    /*
-     * ok, we can now read from 's->packet' data into 'rr' rr->input points
-     * at rr->length bytes, which need to be copied into rr->data by either
-     * the decryption or by the decompression When the data is 'copied' into
-     * the rr->data buffer, rr->input will be pointed at the new buffer
-     */
-
-    /*
-     * We now have - encrypted [ MAC [ compressed [ plain ] ] ] rr->length
-     * bytes of encrypted compressed stuff.
-     */
-
-    /* check is not needed I believe */
-    if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
-        al = SSL_AD_RECORD_OVERFLOW;
-        SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
-        goto f_err;
-    }
-
-    /* decrypt in place in 'rr->input' */
-    rr->data = rr->input;
-
-    enc_err = s->method->ssl3_enc->enc(s, 0);
-    /*-
-     * enc_err is:
-     *    0: (in non-constant time) if the record is publically invalid.
-     *    1: if the padding is valid
-     *   -1: if the padding is invalid
-     */
-    if (enc_err == 0) {
-        /* For DTLS we simply ignore bad packets. */
-        rr->length = 0;
-        s->packet_length = 0;
-        goto err;
-    }
-#ifdef TLS_DEBUG
-    printf("dec %d\n", rr->length);
-    {
-        unsigned int z;
-        for (z = 0; z < rr->length; z++)
-            printf("%02X%c", rr->data[z], ((z + 1) % 16) ? ' ' : '\n');
-    }
-    printf("\n");
-#endif
-
-    /* r->length is now the compressed data plus mac */
-    if ((sess != NULL) &&
-        (s->enc_read_ctx != NULL) && (EVP_MD_CTX_md(s->read_hash) != NULL)) {
-        /* s->read_hash != NULL => mac_size != -1 */
-        unsigned char *mac = NULL;
-        unsigned char mac_tmp[EVP_MAX_MD_SIZE];
-        mac_size = EVP_MD_CTX_size(s->read_hash);
-        OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
-
-        /*
-         * kludge: *_cbc_remove_padding passes padding length in rr->type
-         */
-        orig_len = rr->length + ((unsigned int)rr->type >> 8);
-
-        /*
-         * orig_len is the length of the record before any padding was
-         * removed. This is public information, as is the MAC in use,
-         * therefore we can safely process the record in a different amount
-         * of time if it's too short to possibly contain a MAC.
-         */
-        if (orig_len < mac_size ||
-            /* CBC records must have a padding length byte too. */
-            (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
-             orig_len < mac_size + 1)) {
-            al = SSL_AD_DECODE_ERROR;
-            SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_LENGTH_TOO_SHORT);
-            goto f_err;
-        }
-
-        if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
-            /*
-             * We update the length so that the TLS header bytes can be
-             * constructed correctly but we need to extract the MAC in
-             * constant time from within the record, without leaking the
-             * contents of the padding bytes.
-             */
-            mac = mac_tmp;
-            ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
-            rr->length -= mac_size;
-        } else {
-            /*
-             * In this case there's no padding, so |orig_len| equals
-             * |rec->length| and we checked that there's enough bytes for
-             * |mac_size| above.
-             */
-            rr->length -= mac_size;
-            mac = &rr->data[rr->length];
-        }
-
-        i = s->method->ssl3_enc->mac(s, md, 0 /* not send */ );
-        if (i < 0 || mac == NULL
-            || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
-            enc_err = -1;
-        if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
-            enc_err = -1;
-    }
-
-    if (enc_err < 0) {
-        /* decryption failed, silently discard message */
-        rr->length = 0;
-        s->packet_length = 0;
-        goto err;
-    }
-
-    /* r->length is now just compressed */
-    if (s->expand != NULL) {
-        if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) {
-            al = SSL_AD_RECORD_OVERFLOW;
-            SSLerr(SSL_F_DTLS1_PROCESS_RECORD,
-                   SSL_R_COMPRESSED_LENGTH_TOO_LONG);
-            goto f_err;
-        }
-        if (!ssl3_do_uncompress(s)) {
-            al = SSL_AD_DECOMPRESSION_FAILURE;
-            SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_BAD_DECOMPRESSION);
-            goto f_err;
-        }
-    }
-
-    if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
-        al = SSL_AD_RECORD_OVERFLOW;
-        SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);
-        goto f_err;
-    }
-
-    rr->off = 0;
-    /*-
-     * So at this point the following is true
-     * ssl->s3->rrec.type   is the type of record
-     * ssl->s3->rrec.length == number of bytes in record
-     * ssl->s3->rrec.off    == offset to first valid byte
-     * ssl->s3->rrec.data   == where to take bytes from, increment
-     *                         after use :-).
-     */
-
-    /* we have pulled in a full packet so zero things */
-    s->packet_length = 0;
-    return (1);
-
- f_err:
-    ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
-    return (0);
-}
-
-/*-
- * Call this to get a new input record.
- * It will return <= 0 if more data is needed, normally due to an error
- * or non-blocking IO.
- * When it finishes, one packet has been decoded and can be found in
- * ssl->s3->rrec.type    - is the type of record
- * ssl->s3->rrec.data,   - data
- * ssl->s3->rrec.length, - number of bytes
- */
-/* used only by dtls1_read_bytes */
-int dtls1_get_record(SSL *s)
-{
-    int ssl_major, ssl_minor;
-    int i, n;
-    SSL3_RECORD *rr;
-    unsigned char *p = NULL;
-    unsigned short version;
-    DTLS1_BITMAP *bitmap;
-    unsigned int is_next_epoch;
-
-    rr = &(s->s3->rrec);
-
-    /*
-     * The epoch may have changed.  If so, process all the pending records.
-     * This is a non-blocking operation.
-     */
-    if (dtls1_process_buffered_records(s) < 0)
-        return -1;
-
-    /* if we're renegotiating, then there may be buffered records */
-    if (dtls1_get_processed_record(s))
-        return 1;
-
-    /* get something from the wire */
- again:
-    /* check if we have the header */
-    if ((s->rstate != SSL_ST_READ_BODY) ||
-        (s->packet_length < DTLS1_RT_HEADER_LENGTH)) {
-        n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
-        /* read timeout is handled by dtls1_read_bytes */
-        if (n <= 0)
-            return (n);         /* error or non-blocking */
-
-        /* this packet contained a partial record, dump it */
-        if (s->packet_length != DTLS1_RT_HEADER_LENGTH) {
-            s->packet_length = 0;
-            goto again;
-        }
-
-        s->rstate = SSL_ST_READ_BODY;
-
-        p = s->packet;
-
-        /* Pull apart the header into the DTLS1_RECORD */
-        rr->type = *(p++);
-        ssl_major = *(p++);
-        ssl_minor = *(p++);
-        version = (ssl_major << 8) | ssl_minor;
-
-        /* sequence number is 64 bits, with top 2 bytes = epoch */
-        n2s(p, rr->epoch);
-
-        memcpy(&(s->s3->read_sequence[2]), p, 6);
-        p += 6;
-
-        n2s(p, rr->length);
-
-        /* Lets check version */
-        if (!s->first_packet) {
-            if (version != s->version) {
-                /* unexpected version, silently discard */
-                rr->length = 0;
-                s->packet_length = 0;
-                goto again;
-            }
-        }
-
-        if ((version & 0xff00) != (s->version & 0xff00)) {
-            /* wrong version, silently discard record */
-            rr->length = 0;
-            s->packet_length = 0;
-            goto again;
-        }
-
-        if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
-            /* record too long, silently discard it */
-            rr->length = 0;
-            s->packet_length = 0;
-            goto again;
-        }
-
-        /* now s->rstate == SSL_ST_READ_BODY */
-    }
-
-    /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
-
-    if (rr->length > s->packet_length - DTLS1_RT_HEADER_LENGTH) {
-        /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
-        i = rr->length;
-        n = ssl3_read_n(s, i, i, 1);
-        /* this packet contained a partial record, dump it */
-        if (n != i) {
-            rr->length = 0;
-            s->packet_length = 0;
-            goto again;
-        }
-
-        /*
-         * now n == rr->length, and s->packet_length ==
-         * DTLS1_RT_HEADER_LENGTH + rr->length
-         */
-    }
-    s->rstate = SSL_ST_READ_HEADER; /* set state for later operations */
-
-    /* match epochs.  NULL means the packet is dropped on the floor */
-    bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
-    if (bitmap == NULL) {
-        rr->length = 0;
-        s->packet_length = 0;   /* dump this record */
-        goto again;             /* get another record */
-    }
-#ifndef OPENSSL_NO_SCTP
-    /* Only do replay check if no SCTP bio */
-    if (!BIO_dgram_is_sctp(SSL_get_rbio(s))) {
-#endif
-        /*
-         * Check whether this is a repeat, or aged record. Don't check if
-         * we're listening and this message is a ClientHello. They can look
-         * as if they're replayed, since they arrive from different
-         * connections and would be dropped unnecessarily.
-         */
-        if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
-              s->packet_length > DTLS1_RT_HEADER_LENGTH &&
-              s->packet[DTLS1_RT_HEADER_LENGTH] == SSL3_MT_CLIENT_HELLO) &&
-            !dtls1_record_replay_check(s, bitmap)) {
-            rr->length = 0;
-            s->packet_length = 0; /* dump this record */
-            goto again;         /* get another record */
-        }
-#ifndef OPENSSL_NO_SCTP
-    }
-#endif
-
-    /* just read a 0 length packet */
-    if (rr->length == 0)
-        goto again;
-
-    /*
-     * If this record is from the next epoch (either HM or ALERT), and a
-     * handshake is currently in progress, buffer it since it cannot be
-     * processed at this time. However, do not buffer anything while
-     * listening.
-     */
-    if (is_next_epoch) {
-        if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) {
-            if (dtls1_buffer_record
-                (s, &(s->d1->unprocessed_rcds), rr->seq_num) < 0)
-                return -1;
-            /* Mark receipt of record. */
-            dtls1_record_bitmap_update(s, bitmap);
-        }
-        rr->length = 0;
-        s->packet_length = 0;
-        goto again;
-    }
-
-    if (!dtls1_process_record(s)) {
-        rr->length = 0;
-        s->packet_length = 0;   /* dump this record */
-        goto again;             /* get another record */
-    }
-    dtls1_record_bitmap_update(s, bitmap); /* Mark receipt of record. */
-
-    return (1);
-
-}
-
-/*-
- * Return up to 'len' payload bytes received in 'type' records.
- * 'type' is one of the following:
- *
- *   -  SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
- *   -  SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
- *   -  0 (during a shutdown, no data has to be returned)
- *
- * If we don't have stored data to work from, read a SSL/TLS record first
- * (possibly multiple records if we still don't have anything to return).
- *
- * This function must handle any surprises the peer may have for us, such as
- * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
- * a surprise, but handled as if it were), or renegotiation requests.
- * Also if record payloads contain fragments too small to process, we store
- * them until there is enough for the respective protocol (the record protocol
- * may use arbitrary fragmentation and even interleaving):
- *     Change cipher spec protocol
- *             just 1 byte needed, no need for keeping anything stored
- *     Alert protocol
- *             2 bytes needed (AlertLevel, AlertDescription)
- *     Handshake protocol
- *             4 bytes needed (HandshakeType, uint24 length) -- we just have
- *             to detect unexpected Client Hello and Hello Request messages
- *             here, anything else is handled by higher layers
- *     Application data protocol
- *             none of our business
- */
-int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
-{
-    int al, i, j, ret;
-    unsigned int n;
-    SSL3_RECORD *rr;
-    void (*cb) (const SSL *ssl, int type2, int val) = NULL;
-
-    if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
-        if (!ssl3_setup_buffers(s))
-            return (-1);
-
-    /* XXX: check what the second '&& type' is about */
-    if ((type && (type != SSL3_RT_APPLICATION_DATA) &&
-         (type != SSL3_RT_HANDSHAKE) && type) ||
-        (peek && (type != SSL3_RT_APPLICATION_DATA))) {
-        SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
-        return -1;
-    }
-
-    /*
-     * check whether there's a handshake message (client hello?) waiting
-     */
-    if ((ret = have_handshake_fragment(s, type, buf, len, peek)))
-        return ret;
-
-    /*
-     * Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE.
-     */
-
-#ifndef OPENSSL_NO_SCTP
-    /*
-     * Continue handshake if it had to be interrupted to read app data with
-     * SCTP.
-     */
-    if ((!s->in_handshake && SSL_in_init(s)) ||
-        (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
-         (s->state == DTLS1_SCTP_ST_SR_READ_SOCK
-          || s->state == DTLS1_SCTP_ST_CR_READ_SOCK)
-         && s->s3->in_read_app_data != 2))
-#else
-    if (!s->in_handshake && SSL_in_init(s))
-#endif
-    {
-        /* type == SSL3_RT_APPLICATION_DATA */
-        i = s->handshake_func(s);
-        if (i < 0)
-            return (i);
-        if (i == 0) {
-            SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
-            return (-1);
-        }
-    }
-
- start:
-    s->rwstate = SSL_NOTHING;
-
-    /*-
-     * s->s3->rrec.type         - is the type of record
-     * s->s3->rrec.data,    - data
-     * s->s3->rrec.off,     - offset into 'data' for next read
-     * s->s3->rrec.length,  - number of bytes.
-     */
-    rr = &(s->s3->rrec);
-
-    /*
-     * We are not handshaking and have no data yet, so process data buffered
-     * during the last handshake in advance, if any.
-     */
-    if (s->state == SSL_ST_OK && rr->length == 0) {
-        pitem *item;
-        item = pqueue_pop(s->d1->buffered_app_data.q);
-        if (item) {
-#ifndef OPENSSL_NO_SCTP
-            /* Restore bio_dgram_sctp_rcvinfo struct */
-            if (BIO_dgram_is_sctp(SSL_get_rbio(s))) {
-                DTLS1_RECORD_DATA *rdata = (DTLS1_RECORD_DATA *)item->data;
-                BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_SET_RCVINFO,
-                         sizeof(rdata->recordinfo), &rdata->recordinfo);
-            }
-#endif
-
-            dtls1_copy_record(s, item);
-
-            OPENSSL_free(item->data);
-            pitem_free(item);
-        }
-    }
-
-    /* Check for timeout */
-    if (dtls1_handle_timeout(s) > 0)
-        goto start;
-
-    /* get new packet if necessary */
-    if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) {
-        ret = dtls1_get_record(s);
-        if (ret <= 0) {
-            ret = dtls1_read_failed(s, ret);
-            /* anything other than a timeout is an error */
-            if (ret <= 0)
-                return (ret);
-            else
-                goto start;
-        }
-    }
-
-    if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE) {
-        rr->length = 0;
-        goto start;
-    }
-
-    /* we now have a packet which can be read and processed */
-
-    if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
-                                   * reset by ssl3_get_finished */
-        && (rr->type != SSL3_RT_HANDSHAKE)) {
-        /*
-         * We now have application data between CCS and Finished. Most likely
-         * the packets were reordered on their way, so buffer the application
-         * data for later processing rather than dropping the connection.
-         */
-        if (dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num) <
-            0) {
-            SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
-            return -1;
-        }
-        rr->length = 0;
-        goto start;
-    }
-
-    /*
-     * If the other end has shut down, throw anything we read away (even in
-     * 'peek' mode)
-     */
-    if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
-        rr->length = 0;
-        s->rwstate = SSL_NOTHING;
-        return (0);
-    }
-
-    if (type == rr->type) {     /* SSL3_RT_APPLICATION_DATA or
-                                 * SSL3_RT_HANDSHAKE */
-        /*
-         * make sure that we are not getting application data when we are
-         * doing a handshake for the first time
-         */
-        if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
-            (s->enc_read_ctx == NULL)) {
-            al = SSL_AD_UNEXPECTED_MESSAGE;
-            SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE);
-            goto f_err;
-        }
-
-        if (len <= 0)
-            return (len);
-
-        if ((unsigned int)len > rr->length)
-            n = rr->length;
-        else
-            n = (unsigned int)len;
-
-        memcpy(buf, &(rr->data[rr->off]), n);
-        if (!peek) {
-            rr->length -= n;
-            rr->off += n;
-            if (rr->length == 0) {
-                s->rstate = SSL_ST_READ_HEADER;
-                rr->off = 0;
-            }
-        }
-#ifndef OPENSSL_NO_SCTP
-        /*
-         * We were about to renegotiate but had to read belated application
-         * data first, so retry.
-         */
-        if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
-            rr->type == SSL3_RT_APPLICATION_DATA &&
-            (s->state == DTLS1_SCTP_ST_SR_READ_SOCK
-             || s->state == DTLS1_SCTP_ST_CR_READ_SOCK)) {
-            s->rwstate = SSL_READING;
-            BIO_clear_retry_flags(SSL_get_rbio(s));
-            BIO_set_retry_read(SSL_get_rbio(s));
-        }
-
-        /*
-         * We might had to delay a close_notify alert because of reordered
-         * app data. If there was an alert and there is no message to read
-         * anymore, finally set shutdown.
-         */
-        if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
-            s->d1->shutdown_received
-            && !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
-            s->shutdown |= SSL_RECEIVED_SHUTDOWN;
-            return (0);
-        }
-#endif
-        return (n);
-    }
-
-    /*
-     * If we get here, then type != rr->type; if we have a handshake message,
-     * then it was unexpected (Hello Request or Client Hello).
-     */
-
-    /*
-     * In case of record types for which we have 'fragment' storage, fill
-     * that so that we can process the data at a fixed place.
-     */
-    {
-        unsigned int k, dest_maxlen = 0;
-        unsigned char *dest = NULL;
-        unsigned int *dest_len = NULL;
-
-        if (rr->type == SSL3_RT_HANDSHAKE) {
-            dest_maxlen = sizeof s->d1->handshake_fragment;
-            dest = s->d1->handshake_fragment;
-            dest_len = &s->d1->handshake_fragment_len;
-        } else if (rr->type == SSL3_RT_ALERT) {
-            dest_maxlen = sizeof(s->d1->alert_fragment);
-            dest = s->d1->alert_fragment;
-            dest_len = &s->d1->alert_fragment_len;
-        }
-#ifndef OPENSSL_NO_HEARTBEATS
-        else if (rr->type == TLS1_RT_HEARTBEAT) {
-            dtls1_process_heartbeat(s);
-
-            /* Exit and notify application to read again */
-            rr->length = 0;
-            s->rwstate = SSL_READING;
-            BIO_clear_retry_flags(SSL_get_rbio(s));
-            BIO_set_retry_read(SSL_get_rbio(s));
-            return (-1);
-        }
-#endif
-        /* else it's a CCS message, or application data or wrong */
-        else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) {
-            /*
-             * Application data while renegotiating is allowed. Try again
-             * reading.
-             */
-            if (rr->type == SSL3_RT_APPLICATION_DATA) {
-                BIO *bio;
-                s->s3->in_read_app_data = 2;
-                bio = SSL_get_rbio(s);
-                s->rwstate = SSL_READING;
-                BIO_clear_retry_flags(bio);
-                BIO_set_retry_read(bio);
-                return (-1);
-            }
-
-            /* Not certain if this is the right error handling */
-            al = SSL_AD_UNEXPECTED_MESSAGE;
-            SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
-            goto f_err;
-        }
-
-        if (dest_maxlen > 0) {
-            /*
-             * XDTLS: In a pathalogical case, the Client Hello may be
-             * fragmented--don't always expect dest_maxlen bytes
-             */
-            if (rr->length < dest_maxlen) {
-#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
-                /*
-                 * for normal alerts rr->length is 2, while
-                 * dest_maxlen is 7 if we were to handle this
-                 * non-existing alert...
-                 */
-                FIX ME
-#endif
-                 s->rstate = SSL_ST_READ_HEADER;
-                rr->length = 0;
-                goto start;
-            }
-
-            /* now move 'n' bytes: */
-            for (k = 0; k < dest_maxlen; k++) {
-                dest[k] = rr->data[rr->off++];
-                rr->length--;
-            }
-            *dest_len = dest_maxlen;
-        }
-    }
-
-    /*-
-     * s->d1->handshake_fragment_len == 12  iff  rr->type == SSL3_RT_HANDSHAKE;
-     * s->d1->alert_fragment_len == 7      iff  rr->type == SSL3_RT_ALERT.
-     * (Possibly rr is 'empty' now, i.e. rr->length may be 0.)
-     */
-
-    /* If we are a client, check for an incoming 'Hello Request': */
-    if ((!s->server) &&
-        (s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
-        (s->d1->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
-        (s->session != NULL) && (s->session->cipher != NULL)) {
-        s->d1->handshake_fragment_len = 0;
-
-        if ((s->d1->handshake_fragment[1] != 0) ||
-            (s->d1->handshake_fragment[2] != 0) ||
-            (s->d1->handshake_fragment[3] != 0)) {
-            al = SSL_AD_DECODE_ERROR;
-            SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_HELLO_REQUEST);
-            goto f_err;
-        }
-
-        /*
-         * no need to check sequence number on HELLO REQUEST messages
-         */
-
-        if (s->msg_callback)
-            s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
-                            s->d1->handshake_fragment, 4, s,
-                            s->msg_callback_arg);
-
-        if (SSL_is_init_finished(s) &&
-            !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
-            !s->s3->renegotiate) {
-            s->d1->handshake_read_seq++;
-            s->new_session = 1;
-            ssl3_renegotiate(s);
-            if (ssl3_renegotiate_check(s)) {
-                i = s->handshake_func(s);
-                if (i < 0)
-                    return (i);
-                if (i == 0) {
-                    SSLerr(SSL_F_DTLS1_READ_BYTES,
-                           SSL_R_SSL_HANDSHAKE_FAILURE);
-                    return (-1);
-                }
-
-                if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
-                    if (s->s3->rbuf.left == 0) { /* no read-ahead left? */
-                        BIO *bio;
-                        /*
-                         * In the case where we try to read application data,
-                         * but we trigger an SSL handshake, we return -1 with
-                         * the retry option set.  Otherwise renegotiation may
-                         * cause nasty problems in the blocking world
-                         */
-                        s->rwstate = SSL_READING;
-                        bio = SSL_get_rbio(s);
-                        BIO_clear_retry_flags(bio);
-                        BIO_set_retry_read(bio);
-                        return (-1);
-                    }
-                }
-            }
-        }
-        /*
-         * we either finished a handshake or ignored the request, now try
-         * again to obtain the (application) data we were asked for
-         */
-        goto start;
-    }
-
-    if (s->d1->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH) {
-        int alert_level = s->d1->alert_fragment[0];
-        int alert_descr = s->d1->alert_fragment[1];
-
-        s->d1->alert_fragment_len = 0;
-
-        if (s->msg_callback)
-            s->msg_callback(0, s->version, SSL3_RT_ALERT,
-                            s->d1->alert_fragment, 2, s, s->msg_callback_arg);
-
-        if (s->info_callback != NULL)
-            cb = s->info_callback;
-        else if (s->ctx->info_callback != NULL)
-            cb = s->ctx->info_callback;
-
-        if (cb != NULL) {
-            j = (alert_level << 8) | alert_descr;
-            cb(s, SSL_CB_READ_ALERT, j);
-        }
-
-        if (alert_level == SSL3_AL_WARNING) {
-            s->s3->warn_alert = alert_descr;
-            if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
-#ifndef OPENSSL_NO_SCTP
-                /*
-                 * With SCTP and streams the socket may deliver app data
-                 * after a close_notify alert. We have to check this first so
-                 * that nothing gets discarded.
-                 */
-                if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
-                    BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
-                    s->d1->shutdown_received = 1;
-                    s->rwstate = SSL_READING;
-                    BIO_clear_retry_flags(SSL_get_rbio(s));
-                    BIO_set_retry_read(SSL_get_rbio(s));
-                    return -1;
-                }
-#endif
-                s->shutdown |= SSL_RECEIVED_SHUTDOWN;
-                return (0);
-            }
-#if 0
-            /* XXX: this is a possible improvement in the future */
-            /* now check if it's a missing record */
-            if (alert_descr == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) {
-                unsigned short seq;
-                unsigned int frag_off;
-                unsigned char *p = &(s->d1->alert_fragment[2]);
-
-                n2s(p, seq);
-                n2l3(p, frag_off);
-
-                dtls1_retransmit_message(s,
-                                         dtls1_get_queue_priority
-                                         (frag->msg_header.seq, 0), frag_off,
-                                         &found);
-                if (!found && SSL_in_init(s)) {
-                    /*
-                     * fprintf( stderr,"in init = %d\n", SSL_in_init(s));
-                     */
-                    /*
-                     * requested a message not yet sent, send an alert
-                     * ourselves
-                     */
-                    ssl3_send_alert(s, SSL3_AL_WARNING,
-                                    DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
-                }
-            }
-#endif
-        } else if (alert_level == SSL3_AL_FATAL) {
-            char tmp[16];
-
-            s->rwstate = SSL_NOTHING;
-            s->s3->fatal_alert = alert_descr;
-            SSLerr(SSL_F_DTLS1_READ_BYTES,
-                   SSL_AD_REASON_OFFSET + alert_descr);
-            BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
-            ERR_add_error_data(2, "SSL alert number ", tmp);
-            s->shutdown |= SSL_RECEIVED_SHUTDOWN;
-            SSL_CTX_remove_session(s->ctx, s->session);
-            return (0);
-        } else {
-            al = SSL_AD_ILLEGAL_PARAMETER;
-            SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
-            goto f_err;
-        }
-
-        goto start;
-    }
-
-    if (s->shutdown & SSL_SENT_SHUTDOWN) { /* but we have not received a
-                                            * shutdown */
-        s->rwstate = SSL_NOTHING;
-        rr->length = 0;
-        return (0);
-    }
-
-    if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
-        struct ccs_header_st ccs_hdr;
-        unsigned int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;
-
-        dtls1_get_ccs_header(rr->data, &ccs_hdr);
-
-        if (s->version == DTLS1_BAD_VER)
-            ccs_hdr_len = 3;
-
-        /*
-         * 'Change Cipher Spec' is just a single byte, so we know exactly
-         * what the record payload has to look like
-         */
-        /* XDTLS: check that epoch is consistent */
-        if ((rr->length != ccs_hdr_len) ||
-            (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) {
-            i = SSL_AD_ILLEGAL_PARAMETER;
-            SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_CHANGE_CIPHER_SPEC);
-            goto err;
-        }
-
-        rr->length = 0;
-
-        if (s->msg_callback)
-            s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC,
-                            rr->data, 1, s, s->msg_callback_arg);
-
-        /*
-         * We can't process a CCS now, because previous handshake messages
-         * are still missing, so just drop it.
-         */
-        if (!s->d1->change_cipher_spec_ok) {
-            goto start;
-        }
-
-        s->d1->change_cipher_spec_ok = 0;
-
-        s->s3->change_cipher_spec = 1;
-        if (!ssl3_do_change_cipher_spec(s))
-            goto err;
-
-        /* do this whenever CCS is processed */
-        dtls1_reset_seq_numbers(s, SSL3_CC_READ);
-
-        if (s->version == DTLS1_BAD_VER)
-            s->d1->handshake_read_seq++;
-
-#ifndef OPENSSL_NO_SCTP
-        /*
-         * Remember that a CCS has been received, so that an old key of
-         * SCTP-Auth can be deleted when a CCS is sent. Will be ignored if no
-         * SCTP is used
-         */
-        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD, 1, NULL);
-#endif
-
-        goto start;
-    }
-
-    /*
-     * Unexpected handshake message (Client Hello, or protocol violation)
-     */
-    if ((s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
-        !s->in_handshake) {
-        struct hm_header_st msg_hdr;
-
-        /* this may just be a stale retransmit */
-        dtls1_get_message_header(rr->data, &msg_hdr);
-        if (rr->epoch != s->d1->r_epoch) {
-            rr->length = 0;
-            goto start;
-        }
-
-        /*
-         * If we are server, we may have a repeated FINISHED of the client
-         * here, then retransmit our CCS and FINISHED.
-         */
-        if (msg_hdr.type == SSL3_MT_FINISHED) {
-            if (dtls1_check_timeout_num(s) < 0)
-                return -1;
-
-            dtls1_retransmit_buffered_messages(s);
-            rr->length = 0;
-            goto start;
-        }
-
-        if (((s->state & SSL_ST_MASK) == SSL_ST_OK) &&
-            !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
-#if 0                           /* worked only because C operator preferences
-                                 * are not as expected (and because this is
-                                 * not really needed for clients except for
-                                 * detecting protocol violations): */
-            s->state = SSL_ST_BEFORE | (s->server)
-                ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
-#else
-            s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
-#endif
-            s->renegotiate = 1;
-            s->new_session = 1;
-        }
-        i = s->handshake_func(s);
-        if (i < 0)
-            return (i);
-        if (i == 0) {
-            SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
-            return (-1);
-        }
-
-        if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
-            if (s->s3->rbuf.left == 0) { /* no read-ahead left? */
-                BIO *bio;
-                /*
-                 * In the case where we try to read application data, but we
-                 * trigger an SSL handshake, we return -1 with the retry
-                 * option set.  Otherwise renegotiation may cause nasty
-                 * problems in the blocking world
-                 */
-                s->rwstate = SSL_READING;
-                bio = SSL_get_rbio(s);
-                BIO_clear_retry_flags(bio);
-                BIO_set_retry_read(bio);
-                return (-1);
-            }
-        }
-        goto start;
-    }
-
-    switch (rr->type) {
-    default:
-#ifndef OPENSSL_NO_TLS
-        /* TLS just ignores unknown message types */
-        if (s->version == TLS1_VERSION) {
-            rr->length = 0;
-            goto start;
-        }
-#endif
-        al = SSL_AD_UNEXPECTED_MESSAGE;
-        SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
-        goto f_err;
-    case SSL3_RT_CHANGE_CIPHER_SPEC:
-    case SSL3_RT_ALERT:
-    case SSL3_RT_HANDSHAKE:
-        /*
-         * we already handled all of these, with the possible exception of
-         * SSL3_RT_HANDSHAKE when s->in_handshake is set, but that should not
-         * happen when type != rr->type
-         */
-        al = SSL_AD_UNEXPECTED_MESSAGE;
-        SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
-        goto f_err;
-    case SSL3_RT_APPLICATION_DATA:
-        /*
-         * At this point, we were expecting handshake data, but have
-         * application data.  If the library was running inside ssl3_read()
-         * (i.e. in_read_app_data is set) and it makes sense to read
-         * application data at this point (session renegotiation not yet
-         * started), we will indulge it.
-         */
-        if (s->s3->in_read_app_data &&
-            (s->s3->total_renegotiations != 0) &&
-            (((s->state & SSL_ST_CONNECT) &&
-              (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
-              (s->state <= SSL3_ST_CR_SRVR_HELLO_A)
-             ) || ((s->state & SSL_ST_ACCEPT) &&
-                   (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
-                   (s->state >= SSL3_ST_SR_CLNT_HELLO_A)
-             )
-            )) {
-            s->s3->in_read_app_data = 2;
-            return (-1);
-        } else {
-            al = SSL_AD_UNEXPECTED_MESSAGE;
-            SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
-            goto f_err;
-        }
-    }
-    /* not reached */
-
- f_err:
-    ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
-    return (-1);
-}
-
-int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
-{
-    int i;
-
-#ifndef OPENSSL_NO_SCTP
-    /*
-     * Check if we have to continue an interrupted handshake for reading
-     * belated app data with SCTP.
-     */
-    if ((SSL_in_init(s) && !s->in_handshake) ||
-        (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
-         (s->state == DTLS1_SCTP_ST_SR_READ_SOCK
-          || s->state == DTLS1_SCTP_ST_CR_READ_SOCK)))
-#else
-    if (SSL_in_init(s) && !s->in_handshake)
-#endif
-    {
-        i = s->handshake_func(s);
-        if (i < 0)
-            return (i);
-        if (i == 0) {
-            SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,
-                   SSL_R_SSL_HANDSHAKE_FAILURE);
-            return -1;
-        }
-    }
-
-    if (len > SSL3_RT_MAX_PLAIN_LENGTH) {
-        SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES, SSL_R_DTLS_MESSAGE_TOO_BIG);
-        return -1;
-    }
-
-    i = dtls1_write_bytes(s, type, buf_, len);
-    return i;
-}
-
-        /*
-         * this only happens when a client hello is received and a handshake
-         * is started.
-         */
-static int
-have_handshake_fragment(SSL *s, int type, unsigned char *buf,
-                        int len, int peek)
-{
-
-    if ((type == SSL3_RT_HANDSHAKE) && (s->d1->handshake_fragment_len > 0))
-        /* (partially) satisfy request from storage */
-    {
-        unsigned char *src = s->d1->handshake_fragment;
-        unsigned char *dst = buf;
-        unsigned int k, n;
-
-        /* peek == 0 */
-        n = 0;
-        while ((len > 0) && (s->d1->handshake_fragment_len > 0)) {
-            *dst++ = *src++;
-            len--;
-            s->d1->handshake_fragment_len--;
-            n++;
-        }
-        /* move any remaining fragment bytes: */
-        for (k = 0; k < s->d1->handshake_fragment_len; k++)
-            s->d1->handshake_fragment[k] = *src++;
-        return n;
-    }
-
-    return 0;
-}
-
-/*
- * Call this to write data in records of type 'type' It will return <= 0 if
- * not all data has been sent or non-blocking IO.
- */
-int dtls1_write_bytes(SSL *s, int type, const void *buf, int len)
-{
-    int i;
-
-    OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH);
-    s->rwstate = SSL_NOTHING;
-    i = do_dtls1_write(s, type, buf, len, 0);
-    return i;
-}
-
-int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
-                   unsigned int len, int create_empty_fragment)
-{
-    unsigned char *p, *pseq;
-    int i, mac_size, clear = 0;
-    int prefix_len = 0;
-    SSL3_RECORD *wr;
-    SSL3_BUFFER *wb;
-    SSL_SESSION *sess;
-    int bs;
-
-    /*
-     * first check if there is a SSL3_BUFFER still being written out.  This
-     * will happen with non blocking IO
-     */
-    if (s->s3->wbuf.left != 0) {
-        OPENSSL_assert(0);      /* XDTLS: want to see if we ever get here */
-        return (ssl3_write_pending(s, type, buf, len));
-    }
-
-    /* If we have an alert to send, lets send it */
-    if (s->s3->alert_dispatch) {
-        i = s->method->ssl_dispatch_alert(s);
-        if (i <= 0)
-            return (i);
-        /* if it went, fall through and send more stuff */
-    }
-
-    if (len == 0 && !create_empty_fragment)
-        return 0;
-
-    wr = &(s->s3->wrec);
-    wb = &(s->s3->wbuf);
-    sess = s->session;
-
-    if ((sess == NULL) ||
-        (s->enc_write_ctx == NULL) || (EVP_MD_CTX_md(s->write_hash) == NULL))
-        clear = 1;
-
-    if (clear)
-        mac_size = 0;
-    else {
-        mac_size = EVP_MD_CTX_size(s->write_hash);
-        if (mac_size < 0)
-            goto err;
-    }
-
-    /* DTLS implements explicit IV, so no need for empty fragments */
-#if 0
-    /*
-     * 'create_empty_fragment' is true only when this function calls itself
-     */
-    if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done
-        && SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
-    {
-        /*
-         * countermeasure against known-IV weakness in CBC ciphersuites (see
-         * http://www.openssl.org/~bodo/tls-cbc.txt)
-         */
-
-        if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) {
-            /*
-             * recursive function call with 'create_empty_fragment' set; this
-             * prepares and buffers the data for an empty fragment (these
-             * 'prefix_len' bytes are sent out later together with the actual
-             * payload)
-             */
-            prefix_len = s->method->do_ssl_write(s, type, buf, 0, 1);
-            if (prefix_len <= 0)
-                goto err;
-
-            if (s->s3->wbuf.len <
-                (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE) {
-                /* insufficient space */
-                SSLerr(SSL_F_DO_DTLS1_WRITE, ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-        }
-
-        s->s3->empty_fragment_done = 1;
-    }
-#endif
-    p = wb->buf + prefix_len;
-
-    /* write the header */
-
-    *(p++) = type & 0xff;
-    wr->type = type;
-
-    *(p++) = (s->version >> 8);
-    *(p++) = s->version & 0xff;
-
-    /* field where we are to write out packet epoch, seq num and len */
-    pseq = p;
-    p += 10;
-
-    /* lets setup the record stuff. */
-
-    /*
-     * Make space for the explicit IV in case of CBC. (this is a bit of a
-     * boundary violation, but what the heck).
-     */
-    if (s->enc_write_ctx &&
-        (EVP_CIPHER_mode(s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE))
-        bs = EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
-    else
-        bs = 0;
-
-    wr->data = p + bs;          /* make room for IV in case of CBC */
-    wr->length = (int)len;
-    wr->input = (unsigned char *)buf;
-
-    /*
-     * we now 'read' from wr->input, wr->length bytes into wr->data
-     */
-
-    /* first we compress */
-    if (s->compress != NULL) {
-        if (!ssl3_do_compress(s)) {
-            SSLerr(SSL_F_DO_DTLS1_WRITE, SSL_R_COMPRESSION_FAILURE);
-            goto err;
-        }
-    } else {
-        memcpy(wr->data, wr->input, wr->length);
-        wr->input = wr->data;
-    }
-
-    /*
-     * we should still have the output to wr->data and the input from
-     * wr->input.  Length should be wr->length. wr->data still points in the
-     * wb->buf
-     */
-
-    if (mac_size != 0) {
-        if (s->method->ssl3_enc->mac(s, &(p[wr->length + bs]), 1) < 0)
-            goto err;
-        wr->length += mac_size;
-    }
-
-    /* this is true regardless of mac size */
-    wr->input = p;
-    wr->data = p;
-
-    /* ssl3_enc can only have an error on read */
-    if (bs) {                   /* bs != 0 in case of CBC */
-        RAND_pseudo_bytes(p, bs);
-        /*
-         * master IV and last CBC residue stand for the rest of randomness
-         */
-        wr->length += bs;
-    }
-
-    if (s->method->ssl3_enc->enc(s, 1) < 1)
-        goto err;
-
-    /* record length after mac and block padding */
-    /*
-     * if (type == SSL3_RT_APPLICATION_DATA || (type == SSL3_RT_ALERT && !
-     * SSL_in_init(s)))
-     */
-
-    /* there's only one epoch between handshake and app data */
-
-    s2n(s->d1->w_epoch, pseq);
-
-    /* XDTLS: ?? */
-    /*
-     * else s2n(s->d1->handshake_epoch, pseq);
-     */
-
-    memcpy(pseq, &(s->s3->write_sequence[2]), 6);
-    pseq += 6;
-    s2n(wr->length, pseq);
-
-    /*
-     * we should now have wr->data pointing to the encrypted data, which is
-     * wr->length long
-     */
-    wr->type = type;            /* not needed but helps for debugging */
-    wr->length += DTLS1_RT_HEADER_LENGTH;
-
-#if 0                           /* this is now done at the message layer */
-    /* buffer the record, making it easy to handle retransmits */
-    if (type == SSL3_RT_HANDSHAKE || type == SSL3_RT_CHANGE_CIPHER_SPEC)
-        dtls1_buffer_record(s, wr->data, wr->length,
-                            *((PQ_64BIT *) & (s->s3->write_sequence[0])));
-#endif
-
-    ssl3_record_sequence_update(&(s->s3->write_sequence[0]));
-
-    if (create_empty_fragment) {
-        /*
-         * we are in a recursive call; just return the length, don't write
-         * out anything here
-         */
-        return wr->length;
-    }
-
-    /* now let's set up wb */
-    wb->left = prefix_len + wr->length;
-    wb->offset = 0;
-
-    /*
-     * memorize arguments so that ssl3_write_pending can detect bad write
-     * retries later
-     */
-    s->s3->wpend_tot = len;
-    s->s3->wpend_buf = buf;
-    s->s3->wpend_type = type;
-    s->s3->wpend_ret = len;
-
-    /* we now just need to write the buffer */
-    return ssl3_write_pending(s, type, buf, len);
- err:
-    return -1;
-}
-
-static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
-{
-    int cmp;
-    unsigned int shift;
-    const unsigned char *seq = s->s3->read_sequence;
-
-    cmp = satsub64be(seq, bitmap->max_seq_num);
-    if (cmp > 0) {
-        memcpy(s->s3->rrec.seq_num, seq, 8);
-        return 1;               /* this record in new */
-    }
-    shift = -cmp;
-    if (shift >= sizeof(bitmap->map) * 8)
-        return 0;               /* stale, outside the window */
-    else if (bitmap->map & (1UL << shift))
-        return 0;               /* record previously received */
-
-    memcpy(s->s3->rrec.seq_num, seq, 8);
-    return 1;
-}
-
-static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
-{
-    int cmp;
-    unsigned int shift;
-    const unsigned char *seq = s->s3->read_sequence;
-
-    cmp = satsub64be(seq, bitmap->max_seq_num);
-    if (cmp > 0) {
-        shift = cmp;
-        if (shift < sizeof(bitmap->map) * 8)
-            bitmap->map <<= shift, bitmap->map |= 1UL;
-        else
-            bitmap->map = 1UL;
-        memcpy(bitmap->max_seq_num, seq, 8);
-    } else {
-        shift = -cmp;
-        if (shift < sizeof(bitmap->map) * 8)
-            bitmap->map |= 1UL << shift;
-    }
-}
-
-int dtls1_dispatch_alert(SSL *s)
-{
-    int i, j;
-    void (*cb) (const SSL *ssl, int type, int val) = NULL;
-    unsigned char buf[DTLS1_AL_HEADER_LENGTH];
-    unsigned char *ptr = &buf[0];
-
-    s->s3->alert_dispatch = 0;
-
-    memset(buf, 0x00, sizeof(buf));
-    *ptr++ = s->s3->send_alert[0];
-    *ptr++ = s->s3->send_alert[1];
-
-#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
-    if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) {
-        s2n(s->d1->handshake_read_seq, ptr);
-# if 0
-        if (s->d1->r_msg_hdr.frag_off == 0)
-            /*
-             * waiting for a new msg
-             */
-            else
-            s2n(s->d1->r_msg_hdr.seq, ptr); /* partial msg read */
-# endif
-
-# if 0
-        fprintf(stderr,
-                "s->d1->handshake_read_seq = %d, s->d1->r_msg_hdr.seq = %d\n",
-                s->d1->handshake_read_seq, s->d1->r_msg_hdr.seq);
-# endif
-        l2n3(s->d1->r_msg_hdr.frag_off, ptr);
-    }
-#endif
-
-    i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0);
-    if (i <= 0) {
-        s->s3->alert_dispatch = 1;
-        /* fprintf( stderr, "not done with alert\n" ); */
-    } else {
-        if (s->s3->send_alert[0] == SSL3_AL_FATAL
-#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
-            || s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
-#endif
-            )
-            (void)BIO_flush(s->wbio);
-
-        if (s->msg_callback)
-            s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert,
-                            2, s, s->msg_callback_arg);
-
-        if (s->info_callback != NULL)
-            cb = s->info_callback;
-        else if (s->ctx->info_callback != NULL)
-            cb = s->ctx->info_callback;
-
-        if (cb != NULL) {
-            j = (s->s3->send_alert[0] << 8) | s->s3->send_alert[1];
-            cb(s, SSL_CB_WRITE_ALERT, j);
-        }
-    }
-    return (i);
-}
-
-static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
-                                      unsigned int *is_next_epoch)
-{
-
-    *is_next_epoch = 0;
-
-    /* In current epoch, accept HM, CCS, DATA, & ALERT */
-    if (rr->epoch == s->d1->r_epoch)
-        return &s->d1->bitmap;
-
-    /* Only HM and ALERT messages can be from the next epoch */
-    else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) &&
-             (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) {
-        *is_next_epoch = 1;
-        return &s->d1->next_bitmap;
-    }
-
-    return NULL;
-}
-
-#if 0
-static int
-dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr,
-                             unsigned short *priority, unsigned long *offset)
-{
-
-    /* alerts are passed up immediately */
-    if (rr->type == SSL3_RT_APPLICATION_DATA || rr->type == SSL3_RT_ALERT)
-        return 0;
-
-    /*
-     * Only need to buffer if a handshake is underway. (this implies that
-     * Hello Request and Client Hello are passed up immediately)
-     */
-    if (SSL_in_init(s)) {
-        unsigned char *data = rr->data;
-        /* need to extract the HM/CCS sequence number here */
-        if (rr->type == SSL3_RT_HANDSHAKE ||
-            rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
-            unsigned short seq_num;
-            struct hm_header_st msg_hdr;
-            struct ccs_header_st ccs_hdr;
-
-            if (rr->type == SSL3_RT_HANDSHAKE) {
-                dtls1_get_message_header(data, &msg_hdr);
-                seq_num = msg_hdr.seq;
-                *offset = msg_hdr.frag_off;
-            } else {
-                dtls1_get_ccs_header(data, &ccs_hdr);
-                seq_num = ccs_hdr.seq;
-                *offset = 0;
-            }
-
-            /*
-             * this is either a record we're waiting for, or a retransmit of
-             * something we happened to previously receive (higher layers
-             * will drop the repeat silently
-             */
-            if (seq_num < s->d1->handshake_read_seq)
-                return 0;
-            if (rr->type == SSL3_RT_HANDSHAKE &&
-                seq_num == s->d1->handshake_read_seq &&
-                msg_hdr.frag_off < s->d1->r_msg_hdr.frag_off)
-                return 0;
-            else if (seq_num == s->d1->handshake_read_seq &&
-                     (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC ||
-                      msg_hdr.frag_off == s->d1->r_msg_hdr.frag_off))
-                return 0;
-            else {
-                *priority = seq_num;
-                return 1;
-            }
-        } else                  /* unknown record type */
-            return 0;
-    }
-
-    return 0;
-}
-#endif
-
-void dtls1_reset_seq_numbers(SSL *s, int rw)
-{
-    unsigned char *seq;
-    unsigned int seq_bytes = sizeof(s->s3->read_sequence);
-
-    if (rw & SSL3_CC_READ) {
-        seq = s->s3->read_sequence;
-        s->d1->r_epoch++;
-        memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP));
-        memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));
-    } else {
-        seq = s->s3->write_sequence;
-        memcpy(s->d1->last_write_sequence, seq,
-               sizeof(s->s3->write_sequence));
-        s->d1->w_epoch++;
-    }
-
-    memset(seq, 0x00, seq_bytes);
-}

Copied: vendor-crypto/openssl/1.0.1u/ssl/d1_pkt.c (from rev 11605, vendor-crypto/openssl/dist/ssl/d1_pkt.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/ssl/d1_pkt.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/ssl/d1_pkt.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,1967 @@
+/* ssl/d1_pkt.c */
+/*
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "ssl_locl.h"
+#include <openssl/evp.h>
+#include <openssl/buffer.h>
+#include <openssl/pqueue.h>
+#include <openssl/rand.h>
+
+/* mod 128 saturating subtract of two 64-bit values in big-endian order */
+static int satsub64be(const unsigned char *v1, const unsigned char *v2)
+{
+    int ret, sat, brw, i;
+
+    if (sizeof(long) == 8)
+        do {
+            const union {
+                long one;
+                char little;
+            } is_endian = {
+                1
+            };
+            long l;
+
+            if (is_endian.little)
+                break;
+            /* not reached on little-endians */
+            /*
+             * following test is redundant, because input is always aligned,
+             * but I take no chances...
+             */
+            if (((size_t)v1 | (size_t)v2) & 0x7)
+                break;
+
+            l = *((long *)v1);
+            l -= *((long *)v2);
+            if (l > 128)
+                return 128;
+            else if (l < -128)
+                return -128;
+            else
+                return (int)l;
+        } while (0);
+
+    ret = (int)v1[7] - (int)v2[7];
+    sat = 0;
+    brw = ret >> 8;             /* brw is either 0 or -1 */
+    if (ret & 0x80) {
+        for (i = 6; i >= 0; i--) {
+            brw += (int)v1[i] - (int)v2[i];
+            sat |= ~brw;
+            brw >>= 8;
+        }
+    } else {
+        for (i = 6; i >= 0; i--) {
+            brw += (int)v1[i] - (int)v2[i];
+            sat |= brw;
+            brw >>= 8;
+        }
+    }
+    brw <<= 8;                  /* brw is either 0 or -256 */
+
+    if (sat & 0xff)
+        return brw | 0x80;
+    else
+        return brw + (ret & 0xFF);
+}
+
+static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
+                                   int len, int peek);
+static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap);
+static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
+static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
+                                      unsigned int *is_next_epoch);
+#if 0
+static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr,
+                                        unsigned short *priority,
+                                        unsigned long *offset);
+#endif
+static int dtls1_buffer_record(SSL *s, record_pqueue *q,
+                               unsigned char *priority);
+static int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap);
+
+/* copy buffered record into SSL structure */
+static int dtls1_copy_record(SSL *s, pitem *item)
+{
+    DTLS1_RECORD_DATA *rdata;
+
+    rdata = (DTLS1_RECORD_DATA *)item->data;
+
+    if (s->s3->rbuf.buf != NULL)
+        OPENSSL_free(s->s3->rbuf.buf);
+
+    s->packet = rdata->packet;
+    s->packet_length = rdata->packet_length;
+    memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
+    memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
+
+    /* Set proper sequence number for mac calculation */
+    memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6);
+
+    return (1);
+}
+
+static int
+dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
+{
+    DTLS1_RECORD_DATA *rdata;
+    pitem *item;
+
+    /* Limit the size of the queue to prevent DOS attacks */
+    if (pqueue_size(queue->q) >= 100)
+        return 0;
+
+    rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
+    item = pitem_new(priority, rdata);
+    if (rdata == NULL || item == NULL) {
+        if (rdata != NULL)
+            OPENSSL_free(rdata);
+        if (item != NULL)
+            pitem_free(item);
+
+        SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+
+    rdata->packet = s->packet;
+    rdata->packet_length = s->packet_length;
+    memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER));
+    memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD));
+
+    item->data = rdata;
+
+#ifndef OPENSSL_NO_SCTP
+    /* Store bio_dgram_sctp_rcvinfo struct */
+    if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
+        (s->state == SSL3_ST_SR_FINISHED_A
+         || s->state == SSL3_ST_CR_FINISHED_A)) {
+        BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO,
+                 sizeof(rdata->recordinfo), &rdata->recordinfo);
+    }
+#endif
+
+    s->packet = NULL;
+    s->packet_length = 0;
+    memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
+    memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD));
+
+    if (!ssl3_setup_buffers(s)) {
+        SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
+        if (rdata->rbuf.buf != NULL)
+            OPENSSL_free(rdata->rbuf.buf);
+        OPENSSL_free(rdata);
+        pitem_free(item);
+        return (-1);
+    }
+
+    /* insert should not fail, since duplicates are dropped */
+    if (pqueue_insert(queue->q, item) == NULL) {
+        SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
+        if (rdata->rbuf.buf != NULL)
+            OPENSSL_free(rdata->rbuf.buf);
+        OPENSSL_free(rdata);
+        pitem_free(item);
+        return (-1);
+    }
+
+    return (1);
+}
+
+static int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
+{
+    pitem *item;
+
+    item = pqueue_pop(queue->q);
+    if (item) {
+        dtls1_copy_record(s, item);
+
+        OPENSSL_free(item->data);
+        pitem_free(item);
+
+        return (1);
+    }
+
+    return (0);
+}
+
+/*
+ * retrieve a buffered record that belongs to the new epoch, i.e., not
+ * processed yet
+ */
+#define dtls1_get_unprocessed_record(s) \
+                   dtls1_retrieve_buffered_record((s), \
+                   &((s)->d1->unprocessed_rcds))
+
+/*
+ * retrieve a buffered record that belongs to the current epoch, ie,
+ * processed
+ */
+#define dtls1_get_processed_record(s) \
+                   dtls1_retrieve_buffered_record((s), \
+                   &((s)->d1->processed_rcds))
+
+static int dtls1_process_buffered_records(SSL *s)
+{
+    pitem *item;
+    SSL3_BUFFER *rb;
+    SSL3_RECORD *rr;
+    DTLS1_BITMAP *bitmap;
+    unsigned int is_next_epoch;
+    int replayok = 1;
+
+    item = pqueue_peek(s->d1->unprocessed_rcds.q);
+    if (item) {
+        /* Check if epoch is current. */
+        if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
+            return 1;         /* Nothing to do. */
+
+        rr = &s->s3->rrec;
+        rb = &s->s3->rbuf;
+
+        if (rb->left > 0) {
+            /*
+             * We've still got data from the current packet to read. There could
+             * be a record from the new epoch in it - so don't overwrite it
+             * with the unprocessed records yet (we'll do it when we've
+             * finished reading the current packet).
+             */
+            return 1;
+        }
+
+
+        /* Process all the records. */
+        while (pqueue_peek(s->d1->unprocessed_rcds.q)) {
+            dtls1_get_unprocessed_record(s);
+            bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
+            if (bitmap == NULL) {
+                /*
+                 * Should not happen. This will only ever be NULL when the
+                 * current record is from a different epoch. But that cannot
+                 * be the case because we already checked the epoch above
+                 */
+                 SSLerr(SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS,
+                        ERR_R_INTERNAL_ERROR);
+                 return 0;
+            }
+#ifndef OPENSSL_NO_SCTP
+            /* Only do replay check if no SCTP bio */
+            if (!BIO_dgram_is_sctp(SSL_get_rbio(s)))
+#endif
+            {
+                /*
+                 * Check whether this is a repeat, or aged record. We did this
+                 * check once already when we first received the record - but
+                 * we might have updated the window since then due to
+                 * records we subsequently processed.
+                 */
+                replayok = dtls1_record_replay_check(s, bitmap);
+            }
+
+            if (!replayok || !dtls1_process_record(s, bitmap)) {
+                /* dump this record */
+                rr->length = 0;
+                s->packet_length = 0;
+                continue;
+            }
+
+            if (dtls1_buffer_record(s, &(s->d1->processed_rcds),
+                                    s->s3->rrec.seq_num) < 0)
+                return 0;
+        }
+    }
+
+    /*
+     * sync epoch numbers once all the unprocessed records have been
+     * processed
+     */
+    s->d1->processed_rcds.epoch = s->d1->r_epoch;
+    s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1;
+
+    return 1;
+}
+
+#if 0
+
+static int dtls1_get_buffered_record(SSL *s)
+{
+    pitem *item;
+    PQ_64BIT priority =
+        (((PQ_64BIT) s->d1->handshake_read_seq) << 32) |
+        ((PQ_64BIT) s->d1->r_msg_hdr.frag_off);
+
+    /* if we're not (re)negotiating, nothing buffered */
+    if (!SSL_in_init(s))
+        return 0;
+
+    item = pqueue_peek(s->d1->rcvd_records);
+    if (item && item->priority == priority) {
+        /*
+         * Check if we've received the record of interest.  It must be a
+         * handshake record, since data records as passed up without
+         * buffering
+         */
+        DTLS1_RECORD_DATA *rdata;
+        item = pqueue_pop(s->d1->rcvd_records);
+        rdata = (DTLS1_RECORD_DATA *)item->data;
+
+        if (s->s3->rbuf.buf != NULL)
+            OPENSSL_free(s->s3->rbuf.buf);
+
+        s->packet = rdata->packet;
+        s->packet_length = rdata->packet_length;
+        memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
+        memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
+
+        OPENSSL_free(item->data);
+        pitem_free(item);
+
+        /* s->d1->next_expected_seq_num++; */
+        return (1);
+    }
+
+    return 0;
+}
+
+#endif
+
+static int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
+{
+    int i, al;
+    int enc_err;
+    SSL_SESSION *sess;
+    SSL3_RECORD *rr;
+    unsigned int mac_size, orig_len;
+    unsigned char md[EVP_MAX_MD_SIZE];
+
+    rr = &(s->s3->rrec);
+    sess = s->session;
+
+    /*
+     * At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
+     * and we have that many bytes in s->packet
+     */
+    rr->input = &(s->packet[DTLS1_RT_HEADER_LENGTH]);
+
+    /*
+     * ok, we can now read from 's->packet' data into 'rr' rr->input points
+     * at rr->length bytes, which need to be copied into rr->data by either
+     * the decryption or by the decompression When the data is 'copied' into
+     * the rr->data buffer, rr->input will be pointed at the new buffer
+     */
+
+    /*
+     * We now have - encrypted [ MAC [ compressed [ plain ] ] ] rr->length
+     * bytes of encrypted compressed stuff.
+     */
+
+    /* check is not needed I believe */
+    if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
+        al = SSL_AD_RECORD_OVERFLOW;
+        SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
+        goto f_err;
+    }
+
+    /* decrypt in place in 'rr->input' */
+    rr->data = rr->input;
+
+    enc_err = s->method->ssl3_enc->enc(s, 0);
+    /*-
+     * enc_err is:
+     *    0: (in non-constant time) if the record is publically invalid.
+     *    1: if the padding is valid
+     *   -1: if the padding is invalid
+     */
+    if (enc_err == 0) {
+        /* For DTLS we simply ignore bad packets. */
+        rr->length = 0;
+        s->packet_length = 0;
+        goto err;
+    }
+#ifdef TLS_DEBUG
+    printf("dec %d\n", rr->length);
+    {
+        unsigned int z;
+        for (z = 0; z < rr->length; z++)
+            printf("%02X%c", rr->data[z], ((z + 1) % 16) ? ' ' : '\n');
+    }
+    printf("\n");
+#endif
+
+    /* r->length is now the compressed data plus mac */
+    if ((sess != NULL) &&
+        (s->enc_read_ctx != NULL) && (EVP_MD_CTX_md(s->read_hash) != NULL)) {
+        /* s->read_hash != NULL => mac_size != -1 */
+        unsigned char *mac = NULL;
+        unsigned char mac_tmp[EVP_MAX_MD_SIZE];
+        mac_size = EVP_MD_CTX_size(s->read_hash);
+        OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
+
+        /*
+         * kludge: *_cbc_remove_padding passes padding length in rr->type
+         */
+        orig_len = rr->length + ((unsigned int)rr->type >> 8);
+
+        /*
+         * orig_len is the length of the record before any padding was
+         * removed. This is public information, as is the MAC in use,
+         * therefore we can safely process the record in a different amount
+         * of time if it's too short to possibly contain a MAC.
+         */
+        if (orig_len < mac_size ||
+            /* CBC records must have a padding length byte too. */
+            (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
+             orig_len < mac_size + 1)) {
+            al = SSL_AD_DECODE_ERROR;
+            SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_LENGTH_TOO_SHORT);
+            goto f_err;
+        }
+
+        if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
+            /*
+             * We update the length so that the TLS header bytes can be
+             * constructed correctly but we need to extract the MAC in
+             * constant time from within the record, without leaking the
+             * contents of the padding bytes.
+             */
+            mac = mac_tmp;
+            ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
+            rr->length -= mac_size;
+        } else {
+            /*
+             * In this case there's no padding, so |orig_len| equals
+             * |rec->length| and we checked that there's enough bytes for
+             * |mac_size| above.
+             */
+            rr->length -= mac_size;
+            mac = &rr->data[rr->length];
+        }
+
+        i = s->method->ssl3_enc->mac(s, md, 0 /* not send */ );
+        if (i < 0 || mac == NULL
+            || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
+            enc_err = -1;
+        if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
+            enc_err = -1;
+    }
+
+    if (enc_err < 0) {
+        /* decryption failed, silently discard message */
+        rr->length = 0;
+        s->packet_length = 0;
+        goto err;
+    }
+
+    /* r->length is now just compressed */
+    if (s->expand != NULL) {
+        if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) {
+            al = SSL_AD_RECORD_OVERFLOW;
+            SSLerr(SSL_F_DTLS1_PROCESS_RECORD,
+                   SSL_R_COMPRESSED_LENGTH_TOO_LONG);
+            goto f_err;
+        }
+        if (!ssl3_do_uncompress(s)) {
+            al = SSL_AD_DECOMPRESSION_FAILURE;
+            SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_BAD_DECOMPRESSION);
+            goto f_err;
+        }
+    }
+
+    if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
+        al = SSL_AD_RECORD_OVERFLOW;
+        SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);
+        goto f_err;
+    }
+
+    rr->off = 0;
+    /*-
+     * So at this point the following is true
+     * ssl->s3->rrec.type   is the type of record
+     * ssl->s3->rrec.length == number of bytes in record
+     * ssl->s3->rrec.off    == offset to first valid byte
+     * ssl->s3->rrec.data   == where to take bytes from, increment
+     *                         after use :-).
+     */
+
+    /* we have pulled in a full packet so zero things */
+    s->packet_length = 0;
+
+    /* Mark receipt of record. */
+    dtls1_record_bitmap_update(s, bitmap);
+
+    return (1);
+
+ f_err:
+    ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ err:
+    return (0);
+}
+
+/*-
+ * Call this to get a new input record.
+ * It will return <= 0 if more data is needed, normally due to an error
+ * or non-blocking IO.
+ * When it finishes, one packet has been decoded and can be found in
+ * ssl->s3->rrec.type    - is the type of record
+ * ssl->s3->rrec.data,   - data
+ * ssl->s3->rrec.length, - number of bytes
+ */
+/* used only by dtls1_read_bytes */
+int dtls1_get_record(SSL *s)
+{
+    int ssl_major, ssl_minor;
+    int i, n;
+    SSL3_RECORD *rr;
+    unsigned char *p = NULL;
+    unsigned short version;
+    DTLS1_BITMAP *bitmap;
+    unsigned int is_next_epoch;
+
+    rr = &(s->s3->rrec);
+
+ again:
+    /*
+     * The epoch may have changed.  If so, process all the pending records.
+     * This is a non-blocking operation.
+     */
+    if (!dtls1_process_buffered_records(s))
+        return -1;
+
+    /* if we're renegotiating, then there may be buffered records */
+    if (dtls1_get_processed_record(s))
+        return 1;
+
+    /* get something from the wire */
+    /* check if we have the header */
+    if ((s->rstate != SSL_ST_READ_BODY) ||
+        (s->packet_length < DTLS1_RT_HEADER_LENGTH)) {
+        n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
+        /* read timeout is handled by dtls1_read_bytes */
+        if (n <= 0)
+            return (n);         /* error or non-blocking */
+
+        /* this packet contained a partial record, dump it */
+        if (s->packet_length != DTLS1_RT_HEADER_LENGTH) {
+            s->packet_length = 0;
+            goto again;
+        }
+
+        s->rstate = SSL_ST_READ_BODY;
+
+        p = s->packet;
+
+        /* Pull apart the header into the DTLS1_RECORD */
+        rr->type = *(p++);
+        ssl_major = *(p++);
+        ssl_minor = *(p++);
+        version = (ssl_major << 8) | ssl_minor;
+
+        /* sequence number is 64 bits, with top 2 bytes = epoch */
+        n2s(p, rr->epoch);
+
+        memcpy(&(s->s3->read_sequence[2]), p, 6);
+        p += 6;
+
+        n2s(p, rr->length);
+
+        /* Lets check version */
+        if (!s->first_packet) {
+            if (version != s->version) {
+                /* unexpected version, silently discard */
+                rr->length = 0;
+                s->packet_length = 0;
+                goto again;
+            }
+        }
+
+        if ((version & 0xff00) != (s->version & 0xff00)) {
+            /* wrong version, silently discard record */
+            rr->length = 0;
+            s->packet_length = 0;
+            goto again;
+        }
+
+        if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
+            /* record too long, silently discard it */
+            rr->length = 0;
+            s->packet_length = 0;
+            goto again;
+        }
+
+        /* now s->rstate == SSL_ST_READ_BODY */
+    }
+
+    /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
+
+    if (rr->length > s->packet_length - DTLS1_RT_HEADER_LENGTH) {
+        /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
+        i = rr->length;
+        n = ssl3_read_n(s, i, i, 1);
+        /* this packet contained a partial record, dump it */
+        if (n != i) {
+            rr->length = 0;
+            s->packet_length = 0;
+            goto again;
+        }
+
+        /*
+         * now n == rr->length, and s->packet_length ==
+         * DTLS1_RT_HEADER_LENGTH + rr->length
+         */
+    }
+    s->rstate = SSL_ST_READ_HEADER; /* set state for later operations */
+
+    /* match epochs.  NULL means the packet is dropped on the floor */
+    bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
+    if (bitmap == NULL) {
+        rr->length = 0;
+        s->packet_length = 0;   /* dump this record */
+        goto again;             /* get another record */
+    }
+#ifndef OPENSSL_NO_SCTP
+    /* Only do replay check if no SCTP bio */
+    if (!BIO_dgram_is_sctp(SSL_get_rbio(s))) {
+#endif
+        /*
+         * Check whether this is a repeat, or aged record. Don't check if
+         * we're listening and this message is a ClientHello. They can look
+         * as if they're replayed, since they arrive from different
+         * connections and would be dropped unnecessarily.
+         */
+        if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
+              s->packet_length > DTLS1_RT_HEADER_LENGTH &&
+              s->packet[DTLS1_RT_HEADER_LENGTH] == SSL3_MT_CLIENT_HELLO) &&
+            !dtls1_record_replay_check(s, bitmap)) {
+            rr->length = 0;
+            s->packet_length = 0; /* dump this record */
+            goto again;         /* get another record */
+        }
+#ifndef OPENSSL_NO_SCTP
+    }
+#endif
+
+    /* just read a 0 length packet */
+    if (rr->length == 0)
+        goto again;
+
+    /*
+     * If this record is from the next epoch (either HM or ALERT), and a
+     * handshake is currently in progress, buffer it since it cannot be
+     * processed at this time. However, do not buffer anything while
+     * listening.
+     */
+    if (is_next_epoch) {
+        if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) {
+            if (dtls1_buffer_record
+                (s, &(s->d1->unprocessed_rcds), rr->seq_num) < 0)
+                return -1;
+        }
+        rr->length = 0;
+        s->packet_length = 0;
+        goto again;
+    }
+
+    if (!dtls1_process_record(s, bitmap)) {
+        rr->length = 0;
+        s->packet_length = 0;   /* dump this record */
+        goto again;             /* get another record */
+    }
+
+    return (1);
+
+}
+
+/*-
+ * Return up to 'len' payload bytes received in 'type' records.
+ * 'type' is one of the following:
+ *
+ *   -  SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
+ *   -  SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
+ *   -  0 (during a shutdown, no data has to be returned)
+ *
+ * If we don't have stored data to work from, read a SSL/TLS record first
+ * (possibly multiple records if we still don't have anything to return).
+ *
+ * This function must handle any surprises the peer may have for us, such as
+ * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
+ * a surprise, but handled as if it were), or renegotiation requests.
+ * Also if record payloads contain fragments too small to process, we store
+ * them until there is enough for the respective protocol (the record protocol
+ * may use arbitrary fragmentation and even interleaving):
+ *     Change cipher spec protocol
+ *             just 1 byte needed, no need for keeping anything stored
+ *     Alert protocol
+ *             2 bytes needed (AlertLevel, AlertDescription)
+ *     Handshake protocol
+ *             4 bytes needed (HandshakeType, uint24 length) -- we just have
+ *             to detect unexpected Client Hello and Hello Request messages
+ *             here, anything else is handled by higher layers
+ *     Application data protocol
+ *             none of our business
+ */
+int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
+{
+    int al, i, j, ret;
+    unsigned int n;
+    SSL3_RECORD *rr;
+    void (*cb) (const SSL *ssl, int type2, int val) = NULL;
+
+    if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
+        if (!ssl3_setup_buffers(s))
+            return (-1);
+
+    /* XXX: check what the second '&& type' is about */
+    if ((type && (type != SSL3_RT_APPLICATION_DATA) &&
+         (type != SSL3_RT_HANDSHAKE) && type) ||
+        (peek && (type != SSL3_RT_APPLICATION_DATA))) {
+        SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+
+    /*
+     * check whether there's a handshake message (client hello?) waiting
+     */
+    if ((ret = have_handshake_fragment(s, type, buf, len, peek)))
+        return ret;
+
+    /*
+     * Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE.
+     */
+
+#ifndef OPENSSL_NO_SCTP
+    /*
+     * Continue handshake if it had to be interrupted to read app data with
+     * SCTP.
+     */
+    if ((!s->in_handshake && SSL_in_init(s)) ||
+        (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
+         (s->state == DTLS1_SCTP_ST_SR_READ_SOCK
+          || s->state == DTLS1_SCTP_ST_CR_READ_SOCK)
+         && s->s3->in_read_app_data != 2))
+#else
+    if (!s->in_handshake && SSL_in_init(s))
+#endif
+    {
+        /* type == SSL3_RT_APPLICATION_DATA */
+        i = s->handshake_func(s);
+        if (i < 0)
+            return (i);
+        if (i == 0) {
+            SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
+            return (-1);
+        }
+    }
+
+ start:
+    s->rwstate = SSL_NOTHING;
+
+    /*-
+     * s->s3->rrec.type         - is the type of record
+     * s->s3->rrec.data,    - data
+     * s->s3->rrec.off,     - offset into 'data' for next read
+     * s->s3->rrec.length,  - number of bytes.
+     */
+    rr = &(s->s3->rrec);
+
+    /*
+     * We are not handshaking and have no data yet, so process data buffered
+     * during the last handshake in advance, if any.
+     */
+    if (s->state == SSL_ST_OK && rr->length == 0) {
+        pitem *item;
+        item = pqueue_pop(s->d1->buffered_app_data.q);
+        if (item) {
+#ifndef OPENSSL_NO_SCTP
+            /* Restore bio_dgram_sctp_rcvinfo struct */
+            if (BIO_dgram_is_sctp(SSL_get_rbio(s))) {
+                DTLS1_RECORD_DATA *rdata = (DTLS1_RECORD_DATA *)item->data;
+                BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_SET_RCVINFO,
+                         sizeof(rdata->recordinfo), &rdata->recordinfo);
+            }
+#endif
+
+            dtls1_copy_record(s, item);
+
+            OPENSSL_free(item->data);
+            pitem_free(item);
+        }
+    }
+
+    /* Check for timeout */
+    if (dtls1_handle_timeout(s) > 0)
+        goto start;
+
+    /* get new packet if necessary */
+    if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) {
+        ret = dtls1_get_record(s);
+        if (ret <= 0) {
+            ret = dtls1_read_failed(s, ret);
+            /* anything other than a timeout is an error */
+            if (ret <= 0)
+                return (ret);
+            else
+                goto start;
+        }
+    }
+
+    if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE) {
+        rr->length = 0;
+        goto start;
+    }
+
+    /* we now have a packet which can be read and processed */
+
+    if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
+                                   * reset by ssl3_get_finished */
+        && (rr->type != SSL3_RT_HANDSHAKE)) {
+        /*
+         * We now have application data between CCS and Finished. Most likely
+         * the packets were reordered on their way, so buffer the application
+         * data for later processing rather than dropping the connection.
+         */
+        if (dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num) <
+            0) {
+            SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
+        rr->length = 0;
+        goto start;
+    }
+
+    /*
+     * If the other end has shut down, throw anything we read away (even in
+     * 'peek' mode)
+     */
+    if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
+        rr->length = 0;
+        s->rwstate = SSL_NOTHING;
+        return (0);
+    }
+
+    if (type == rr->type) {     /* SSL3_RT_APPLICATION_DATA or
+                                 * SSL3_RT_HANDSHAKE */
+        /*
+         * make sure that we are not getting application data when we are
+         * doing a handshake for the first time
+         */
+        if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
+            (s->enc_read_ctx == NULL)) {
+            al = SSL_AD_UNEXPECTED_MESSAGE;
+            SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE);
+            goto f_err;
+        }
+
+        if (len <= 0)
+            return (len);
+
+        if ((unsigned int)len > rr->length)
+            n = rr->length;
+        else
+            n = (unsigned int)len;
+
+        memcpy(buf, &(rr->data[rr->off]), n);
+        if (!peek) {
+            rr->length -= n;
+            rr->off += n;
+            if (rr->length == 0) {
+                s->rstate = SSL_ST_READ_HEADER;
+                rr->off = 0;
+            }
+        }
+#ifndef OPENSSL_NO_SCTP
+        /*
+         * We were about to renegotiate but had to read belated application
+         * data first, so retry.
+         */
+        if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
+            rr->type == SSL3_RT_APPLICATION_DATA &&
+            (s->state == DTLS1_SCTP_ST_SR_READ_SOCK
+             || s->state == DTLS1_SCTP_ST_CR_READ_SOCK)) {
+            s->rwstate = SSL_READING;
+            BIO_clear_retry_flags(SSL_get_rbio(s));
+            BIO_set_retry_read(SSL_get_rbio(s));
+        }
+
+        /*
+         * We might had to delay a close_notify alert because of reordered
+         * app data. If there was an alert and there is no message to read
+         * anymore, finally set shutdown.
+         */
+        if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
+            s->d1->shutdown_received
+            && !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
+            s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+            return (0);
+        }
+#endif
+        return (n);
+    }
+
+    /*
+     * If we get here, then type != rr->type; if we have a handshake message,
+     * then it was unexpected (Hello Request or Client Hello).
+     */
+
+    /*
+     * In case of record types for which we have 'fragment' storage, fill
+     * that so that we can process the data at a fixed place.
+     */
+    {
+        unsigned int k, dest_maxlen = 0;
+        unsigned char *dest = NULL;
+        unsigned int *dest_len = NULL;
+
+        if (rr->type == SSL3_RT_HANDSHAKE) {
+            dest_maxlen = sizeof s->d1->handshake_fragment;
+            dest = s->d1->handshake_fragment;
+            dest_len = &s->d1->handshake_fragment_len;
+        } else if (rr->type == SSL3_RT_ALERT) {
+            dest_maxlen = sizeof(s->d1->alert_fragment);
+            dest = s->d1->alert_fragment;
+            dest_len = &s->d1->alert_fragment_len;
+        }
+#ifndef OPENSSL_NO_HEARTBEATS
+        else if (rr->type == TLS1_RT_HEARTBEAT) {
+            dtls1_process_heartbeat(s);
+
+            /* Exit and notify application to read again */
+            rr->length = 0;
+            s->rwstate = SSL_READING;
+            BIO_clear_retry_flags(SSL_get_rbio(s));
+            BIO_set_retry_read(SSL_get_rbio(s));
+            return (-1);
+        }
+#endif
+        /* else it's a CCS message, or application data or wrong */
+        else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) {
+            /*
+             * Application data while renegotiating is allowed. Try again
+             * reading.
+             */
+            if (rr->type == SSL3_RT_APPLICATION_DATA) {
+                BIO *bio;
+                s->s3->in_read_app_data = 2;
+                bio = SSL_get_rbio(s);
+                s->rwstate = SSL_READING;
+                BIO_clear_retry_flags(bio);
+                BIO_set_retry_read(bio);
+                return (-1);
+            }
+
+            /* Not certain if this is the right error handling */
+            al = SSL_AD_UNEXPECTED_MESSAGE;
+            SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
+            goto f_err;
+        }
+
+        if (dest_maxlen > 0) {
+            /*
+             * XDTLS: In a pathalogical case, the Client Hello may be
+             * fragmented--don't always expect dest_maxlen bytes
+             */
+            if (rr->length < dest_maxlen) {
+#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
+                /*
+                 * for normal alerts rr->length is 2, while
+                 * dest_maxlen is 7 if we were to handle this
+                 * non-existing alert...
+                 */
+                FIX ME
+#endif
+                 s->rstate = SSL_ST_READ_HEADER;
+                rr->length = 0;
+                goto start;
+            }
+
+            /* now move 'n' bytes: */
+            for (k = 0; k < dest_maxlen; k++) {
+                dest[k] = rr->data[rr->off++];
+                rr->length--;
+            }
+            *dest_len = dest_maxlen;
+        }
+    }
+
+    /*-
+     * s->d1->handshake_fragment_len == 12  iff  rr->type == SSL3_RT_HANDSHAKE;
+     * s->d1->alert_fragment_len == 7      iff  rr->type == SSL3_RT_ALERT.
+     * (Possibly rr is 'empty' now, i.e. rr->length may be 0.)
+     */
+
+    /* If we are a client, check for an incoming 'Hello Request': */
+    if ((!s->server) &&
+        (s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
+        (s->d1->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
+        (s->session != NULL) && (s->session->cipher != NULL)) {
+        s->d1->handshake_fragment_len = 0;
+
+        if ((s->d1->handshake_fragment[1] != 0) ||
+            (s->d1->handshake_fragment[2] != 0) ||
+            (s->d1->handshake_fragment[3] != 0)) {
+            al = SSL_AD_DECODE_ERROR;
+            SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_HELLO_REQUEST);
+            goto f_err;
+        }
+
+        /*
+         * no need to check sequence number on HELLO REQUEST messages
+         */
+
+        if (s->msg_callback)
+            s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
+                            s->d1->handshake_fragment, 4, s,
+                            s->msg_callback_arg);
+
+        if (SSL_is_init_finished(s) &&
+            !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
+            !s->s3->renegotiate) {
+            s->d1->handshake_read_seq++;
+            s->new_session = 1;
+            ssl3_renegotiate(s);
+            if (ssl3_renegotiate_check(s)) {
+                i = s->handshake_func(s);
+                if (i < 0)
+                    return (i);
+                if (i == 0) {
+                    SSLerr(SSL_F_DTLS1_READ_BYTES,
+                           SSL_R_SSL_HANDSHAKE_FAILURE);
+                    return (-1);
+                }
+
+                if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
+                    if (s->s3->rbuf.left == 0) { /* no read-ahead left? */
+                        BIO *bio;
+                        /*
+                         * In the case where we try to read application data,
+                         * but we trigger an SSL handshake, we return -1 with
+                         * the retry option set.  Otherwise renegotiation may
+                         * cause nasty problems in the blocking world
+                         */
+                        s->rwstate = SSL_READING;
+                        bio = SSL_get_rbio(s);
+                        BIO_clear_retry_flags(bio);
+                        BIO_set_retry_read(bio);
+                        return (-1);
+                    }
+                }
+            }
+        }
+        /*
+         * we either finished a handshake or ignored the request, now try
+         * again to obtain the (application) data we were asked for
+         */
+        goto start;
+    }
+
+    if (s->d1->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH) {
+        int alert_level = s->d1->alert_fragment[0];
+        int alert_descr = s->d1->alert_fragment[1];
+
+        s->d1->alert_fragment_len = 0;
+
+        if (s->msg_callback)
+            s->msg_callback(0, s->version, SSL3_RT_ALERT,
+                            s->d1->alert_fragment, 2, s, s->msg_callback_arg);
+
+        if (s->info_callback != NULL)
+            cb = s->info_callback;
+        else if (s->ctx->info_callback != NULL)
+            cb = s->ctx->info_callback;
+
+        if (cb != NULL) {
+            j = (alert_level << 8) | alert_descr;
+            cb(s, SSL_CB_READ_ALERT, j);
+        }
+
+        if (alert_level == SSL3_AL_WARNING) {
+            s->s3->warn_alert = alert_descr;
+            if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
+#ifndef OPENSSL_NO_SCTP
+                /*
+                 * With SCTP and streams the socket may deliver app data
+                 * after a close_notify alert. We have to check this first so
+                 * that nothing gets discarded.
+                 */
+                if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
+                    BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
+                    s->d1->shutdown_received = 1;
+                    s->rwstate = SSL_READING;
+                    BIO_clear_retry_flags(SSL_get_rbio(s));
+                    BIO_set_retry_read(SSL_get_rbio(s));
+                    return -1;
+                }
+#endif
+                s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+                return (0);
+            }
+#if 0
+            /* XXX: this is a possible improvement in the future */
+            /* now check if it's a missing record */
+            if (alert_descr == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) {
+                unsigned short seq;
+                unsigned int frag_off;
+                unsigned char *p = &(s->d1->alert_fragment[2]);
+
+                n2s(p, seq);
+                n2l3(p, frag_off);
+
+                dtls1_retransmit_message(s,
+                                         dtls1_get_queue_priority
+                                         (frag->msg_header.seq, 0), frag_off,
+                                         &found);
+                if (!found && SSL_in_init(s)) {
+                    /*
+                     * fprintf( stderr,"in init = %d\n", SSL_in_init(s));
+                     */
+                    /*
+                     * requested a message not yet sent, send an alert
+                     * ourselves
+                     */
+                    ssl3_send_alert(s, SSL3_AL_WARNING,
+                                    DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
+                }
+            }
+#endif
+        } else if (alert_level == SSL3_AL_FATAL) {
+            char tmp[16];
+
+            s->rwstate = SSL_NOTHING;
+            s->s3->fatal_alert = alert_descr;
+            SSLerr(SSL_F_DTLS1_READ_BYTES,
+                   SSL_AD_REASON_OFFSET + alert_descr);
+            BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
+            ERR_add_error_data(2, "SSL alert number ", tmp);
+            s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+            SSL_CTX_remove_session(s->ctx, s->session);
+            return (0);
+        } else {
+            al = SSL_AD_ILLEGAL_PARAMETER;
+            SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
+            goto f_err;
+        }
+
+        goto start;
+    }
+
+    if (s->shutdown & SSL_SENT_SHUTDOWN) { /* but we have not received a
+                                            * shutdown */
+        s->rwstate = SSL_NOTHING;
+        rr->length = 0;
+        return (0);
+    }
+
+    if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
+        struct ccs_header_st ccs_hdr;
+        unsigned int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;
+
+        dtls1_get_ccs_header(rr->data, &ccs_hdr);
+
+        if (s->version == DTLS1_BAD_VER)
+            ccs_hdr_len = 3;
+
+        /*
+         * 'Change Cipher Spec' is just a single byte, so we know exactly
+         * what the record payload has to look like
+         */
+        /* XDTLS: check that epoch is consistent */
+        if ((rr->length != ccs_hdr_len) ||
+            (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) {
+            i = SSL_AD_ILLEGAL_PARAMETER;
+            SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_CHANGE_CIPHER_SPEC);
+            goto err;
+        }
+
+        rr->length = 0;
+
+        if (s->msg_callback)
+            s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC,
+                            rr->data, 1, s, s->msg_callback_arg);
+
+        /*
+         * We can't process a CCS now, because previous handshake messages
+         * are still missing, so just drop it.
+         */
+        if (!s->d1->change_cipher_spec_ok) {
+            goto start;
+        }
+
+        s->d1->change_cipher_spec_ok = 0;
+
+        s->s3->change_cipher_spec = 1;
+        if (!ssl3_do_change_cipher_spec(s))
+            goto err;
+
+        /* do this whenever CCS is processed */
+        dtls1_reset_seq_numbers(s, SSL3_CC_READ);
+
+        if (s->version == DTLS1_BAD_VER)
+            s->d1->handshake_read_seq++;
+
+#ifndef OPENSSL_NO_SCTP
+        /*
+         * Remember that a CCS has been received, so that an old key of
+         * SCTP-Auth can be deleted when a CCS is sent. Will be ignored if no
+         * SCTP is used
+         */
+        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD, 1, NULL);
+#endif
+
+        goto start;
+    }
+
+    /*
+     * Unexpected handshake message (Client Hello, or protocol violation)
+     */
+    if ((s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
+        !s->in_handshake) {
+        struct hm_header_st msg_hdr;
+
+        /* this may just be a stale retransmit */
+        dtls1_get_message_header(rr->data, &msg_hdr);
+        if (rr->epoch != s->d1->r_epoch) {
+            rr->length = 0;
+            goto start;
+        }
+
+        /*
+         * If we are server, we may have a repeated FINISHED of the client
+         * here, then retransmit our CCS and FINISHED.
+         */
+        if (msg_hdr.type == SSL3_MT_FINISHED) {
+            if (dtls1_check_timeout_num(s) < 0)
+                return -1;
+
+            dtls1_retransmit_buffered_messages(s);
+            rr->length = 0;
+            goto start;
+        }
+
+        if (((s->state & SSL_ST_MASK) == SSL_ST_OK) &&
+            !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
+#if 0                           /* worked only because C operator preferences
+                                 * are not as expected (and because this is
+                                 * not really needed for clients except for
+                                 * detecting protocol violations): */
+            s->state = SSL_ST_BEFORE | (s->server)
+                ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
+#else
+            s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
+#endif
+            s->renegotiate = 1;
+            s->new_session = 1;
+        }
+        i = s->handshake_func(s);
+        if (i < 0)
+            return (i);
+        if (i == 0) {
+            SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
+            return (-1);
+        }
+
+        if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
+            if (s->s3->rbuf.left == 0) { /* no read-ahead left? */
+                BIO *bio;
+                /*
+                 * In the case where we try to read application data, but we
+                 * trigger an SSL handshake, we return -1 with the retry
+                 * option set.  Otherwise renegotiation may cause nasty
+                 * problems in the blocking world
+                 */
+                s->rwstate = SSL_READING;
+                bio = SSL_get_rbio(s);
+                BIO_clear_retry_flags(bio);
+                BIO_set_retry_read(bio);
+                return (-1);
+            }
+        }
+        goto start;
+    }
+
+    switch (rr->type) {
+    default:
+#ifndef OPENSSL_NO_TLS
+        /* TLS just ignores unknown message types */
+        if (s->version == TLS1_VERSION) {
+            rr->length = 0;
+            goto start;
+        }
+#endif
+        al = SSL_AD_UNEXPECTED_MESSAGE;
+        SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
+        goto f_err;
+    case SSL3_RT_CHANGE_CIPHER_SPEC:
+    case SSL3_RT_ALERT:
+    case SSL3_RT_HANDSHAKE:
+        /*
+         * we already handled all of these, with the possible exception of
+         * SSL3_RT_HANDSHAKE when s->in_handshake is set, but that should not
+         * happen when type != rr->type
+         */
+        al = SSL_AD_UNEXPECTED_MESSAGE;
+        SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
+        goto f_err;
+    case SSL3_RT_APPLICATION_DATA:
+        /*
+         * At this point, we were expecting handshake data, but have
+         * application data.  If the library was running inside ssl3_read()
+         * (i.e. in_read_app_data is set) and it makes sense to read
+         * application data at this point (session renegotiation not yet
+         * started), we will indulge it.
+         */
+        if (s->s3->in_read_app_data &&
+            (s->s3->total_renegotiations != 0) &&
+            (((s->state & SSL_ST_CONNECT) &&
+              (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
+              (s->state <= SSL3_ST_CR_SRVR_HELLO_A)
+             ) || ((s->state & SSL_ST_ACCEPT) &&
+                   (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
+                   (s->state >= SSL3_ST_SR_CLNT_HELLO_A)
+             )
+            )) {
+            s->s3->in_read_app_data = 2;
+            return (-1);
+        } else {
+            al = SSL_AD_UNEXPECTED_MESSAGE;
+            SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
+            goto f_err;
+        }
+    }
+    /* not reached */
+
+ f_err:
+    ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ err:
+    return (-1);
+}
+
+int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
+{
+    int i;
+
+#ifndef OPENSSL_NO_SCTP
+    /*
+     * Check if we have to continue an interrupted handshake for reading
+     * belated app data with SCTP.
+     */
+    if ((SSL_in_init(s) && !s->in_handshake) ||
+        (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
+         (s->state == DTLS1_SCTP_ST_SR_READ_SOCK
+          || s->state == DTLS1_SCTP_ST_CR_READ_SOCK)))
+#else
+    if (SSL_in_init(s) && !s->in_handshake)
+#endif
+    {
+        i = s->handshake_func(s);
+        if (i < 0)
+            return (i);
+        if (i == 0) {
+            SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,
+                   SSL_R_SSL_HANDSHAKE_FAILURE);
+            return -1;
+        }
+    }
+
+    if (len > SSL3_RT_MAX_PLAIN_LENGTH) {
+        SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES, SSL_R_DTLS_MESSAGE_TOO_BIG);
+        return -1;
+    }
+
+    i = dtls1_write_bytes(s, type, buf_, len);
+    return i;
+}
+
+        /*
+         * this only happens when a client hello is received and a handshake
+         * is started.
+         */
+static int
+have_handshake_fragment(SSL *s, int type, unsigned char *buf,
+                        int len, int peek)
+{
+
+    if ((type == SSL3_RT_HANDSHAKE) && (s->d1->handshake_fragment_len > 0))
+        /* (partially) satisfy request from storage */
+    {
+        unsigned char *src = s->d1->handshake_fragment;
+        unsigned char *dst = buf;
+        unsigned int k, n;
+
+        /* peek == 0 */
+        n = 0;
+        while ((len > 0) && (s->d1->handshake_fragment_len > 0)) {
+            *dst++ = *src++;
+            len--;
+            s->d1->handshake_fragment_len--;
+            n++;
+        }
+        /* move any remaining fragment bytes: */
+        for (k = 0; k < s->d1->handshake_fragment_len; k++)
+            s->d1->handshake_fragment[k] = *src++;
+        return n;
+    }
+
+    return 0;
+}
+
+/*
+ * Call this to write data in records of type 'type' It will return <= 0 if
+ * not all data has been sent or non-blocking IO.
+ */
+int dtls1_write_bytes(SSL *s, int type, const void *buf, int len)
+{
+    int i;
+
+    OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH);
+    s->rwstate = SSL_NOTHING;
+    i = do_dtls1_write(s, type, buf, len, 0);
+    return i;
+}
+
+int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
+                   unsigned int len, int create_empty_fragment)
+{
+    unsigned char *p, *pseq;
+    int i, mac_size, clear = 0;
+    int prefix_len = 0;
+    SSL3_RECORD *wr;
+    SSL3_BUFFER *wb;
+    SSL_SESSION *sess;
+    int bs;
+
+    /*
+     * first check if there is a SSL3_BUFFER still being written out.  This
+     * will happen with non blocking IO
+     */
+    if (s->s3->wbuf.left != 0) {
+        OPENSSL_assert(0);      /* XDTLS: want to see if we ever get here */
+        return (ssl3_write_pending(s, type, buf, len));
+    }
+
+    /* If we have an alert to send, lets send it */
+    if (s->s3->alert_dispatch) {
+        i = s->method->ssl_dispatch_alert(s);
+        if (i <= 0)
+            return (i);
+        /* if it went, fall through and send more stuff */
+    }
+
+    if (len == 0 && !create_empty_fragment)
+        return 0;
+
+    wr = &(s->s3->wrec);
+    wb = &(s->s3->wbuf);
+    sess = s->session;
+
+    if ((sess == NULL) ||
+        (s->enc_write_ctx == NULL) || (EVP_MD_CTX_md(s->write_hash) == NULL))
+        clear = 1;
+
+    if (clear)
+        mac_size = 0;
+    else {
+        mac_size = EVP_MD_CTX_size(s->write_hash);
+        if (mac_size < 0)
+            goto err;
+    }
+
+    /* DTLS implements explicit IV, so no need for empty fragments */
+#if 0
+    /*
+     * 'create_empty_fragment' is true only when this function calls itself
+     */
+    if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done
+        && SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
+    {
+        /*
+         * countermeasure against known-IV weakness in CBC ciphersuites (see
+         * http://www.openssl.org/~bodo/tls-cbc.txt)
+         */
+
+        if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) {
+            /*
+             * recursive function call with 'create_empty_fragment' set; this
+             * prepares and buffers the data for an empty fragment (these
+             * 'prefix_len' bytes are sent out later together with the actual
+             * payload)
+             */
+            prefix_len = s->method->do_ssl_write(s, type, buf, 0, 1);
+            if (prefix_len <= 0)
+                goto err;
+
+            if (s->s3->wbuf.len <
+                (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE) {
+                /* insufficient space */
+                SSLerr(SSL_F_DO_DTLS1_WRITE, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+        }
+
+        s->s3->empty_fragment_done = 1;
+    }
+#endif
+    p = wb->buf + prefix_len;
+
+    /* write the header */
+
+    *(p++) = type & 0xff;
+    wr->type = type;
+
+    *(p++) = (s->version >> 8);
+    *(p++) = s->version & 0xff;
+
+    /* field where we are to write out packet epoch, seq num and len */
+    pseq = p;
+    p += 10;
+
+    /* lets setup the record stuff. */
+
+    /*
+     * Make space for the explicit IV in case of CBC. (this is a bit of a
+     * boundary violation, but what the heck).
+     */
+    if (s->enc_write_ctx &&
+        (EVP_CIPHER_mode(s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE))
+        bs = EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
+    else
+        bs = 0;
+
+    wr->data = p + bs;          /* make room for IV in case of CBC */
+    wr->length = (int)len;
+    wr->input = (unsigned char *)buf;
+
+    /*
+     * we now 'read' from wr->input, wr->length bytes into wr->data
+     */
+
+    /* first we compress */
+    if (s->compress != NULL) {
+        if (!ssl3_do_compress(s)) {
+            SSLerr(SSL_F_DO_DTLS1_WRITE, SSL_R_COMPRESSION_FAILURE);
+            goto err;
+        }
+    } else {
+        memcpy(wr->data, wr->input, wr->length);
+        wr->input = wr->data;
+    }
+
+    /*
+     * we should still have the output to wr->data and the input from
+     * wr->input.  Length should be wr->length. wr->data still points in the
+     * wb->buf
+     */
+
+    if (mac_size != 0) {
+        if (s->method->ssl3_enc->mac(s, &(p[wr->length + bs]), 1) < 0)
+            goto err;
+        wr->length += mac_size;
+    }
+
+    /* this is true regardless of mac size */
+    wr->input = p;
+    wr->data = p;
+
+    /* ssl3_enc can only have an error on read */
+    if (bs) {                   /* bs != 0 in case of CBC */
+        if (RAND_bytes(p, bs) <= 0)
+            goto err;
+        /*
+         * master IV and last CBC residue stand for the rest of randomness
+         */
+        wr->length += bs;
+    }
+
+    if (s->method->ssl3_enc->enc(s, 1) < 1)
+        goto err;
+
+    /* record length after mac and block padding */
+    /*
+     * if (type == SSL3_RT_APPLICATION_DATA || (type == SSL3_RT_ALERT && !
+     * SSL_in_init(s)))
+     */
+
+    /* there's only one epoch between handshake and app data */
+
+    s2n(s->d1->w_epoch, pseq);
+
+    /* XDTLS: ?? */
+    /*
+     * else s2n(s->d1->handshake_epoch, pseq);
+     */
+
+    memcpy(pseq, &(s->s3->write_sequence[2]), 6);
+    pseq += 6;
+    s2n(wr->length, pseq);
+
+    /*
+     * we should now have wr->data pointing to the encrypted data, which is
+     * wr->length long
+     */
+    wr->type = type;            /* not needed but helps for debugging */
+    wr->length += DTLS1_RT_HEADER_LENGTH;
+
+#if 0                           /* this is now done at the message layer */
+    /* buffer the record, making it easy to handle retransmits */
+    if (type == SSL3_RT_HANDSHAKE || type == SSL3_RT_CHANGE_CIPHER_SPEC)
+        dtls1_buffer_record(s, wr->data, wr->length,
+                            *((PQ_64BIT *) & (s->s3->write_sequence[0])));
+#endif
+
+    ssl3_record_sequence_update(&(s->s3->write_sequence[0]));
+
+    if (create_empty_fragment) {
+        /*
+         * we are in a recursive call; just return the length, don't write
+         * out anything here
+         */
+        return wr->length;
+    }
+
+    /* now let's set up wb */
+    wb->left = prefix_len + wr->length;
+    wb->offset = 0;
+
+    /*
+     * memorize arguments so that ssl3_write_pending can detect bad write
+     * retries later
+     */
+    s->s3->wpend_tot = len;
+    s->s3->wpend_buf = buf;
+    s->s3->wpend_type = type;
+    s->s3->wpend_ret = len;
+
+    /* we now just need to write the buffer */
+    return ssl3_write_pending(s, type, buf, len);
+ err:
+    return -1;
+}
+
+static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
+{
+    int cmp;
+    unsigned int shift;
+    const unsigned char *seq = s->s3->read_sequence;
+
+    cmp = satsub64be(seq, bitmap->max_seq_num);
+    if (cmp > 0) {
+        memcpy(s->s3->rrec.seq_num, seq, 8);
+        return 1;               /* this record in new */
+    }
+    shift = -cmp;
+    if (shift >= sizeof(bitmap->map) * 8)
+        return 0;               /* stale, outside the window */
+    else if (bitmap->map & (1UL << shift))
+        return 0;               /* record previously received */
+
+    memcpy(s->s3->rrec.seq_num, seq, 8);
+    return 1;
+}
+
+static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
+{
+    int cmp;
+    unsigned int shift;
+    const unsigned char *seq = s->s3->read_sequence;
+
+    cmp = satsub64be(seq, bitmap->max_seq_num);
+    if (cmp > 0) {
+        shift = cmp;
+        if (shift < sizeof(bitmap->map) * 8)
+            bitmap->map <<= shift, bitmap->map |= 1UL;
+        else
+            bitmap->map = 1UL;
+        memcpy(bitmap->max_seq_num, seq, 8);
+    } else {
+        shift = -cmp;
+        if (shift < sizeof(bitmap->map) * 8)
+            bitmap->map |= 1UL << shift;
+    }
+}
+
+int dtls1_dispatch_alert(SSL *s)
+{
+    int i, j;
+    void (*cb) (const SSL *ssl, int type, int val) = NULL;
+    unsigned char buf[DTLS1_AL_HEADER_LENGTH];
+    unsigned char *ptr = &buf[0];
+
+    s->s3->alert_dispatch = 0;
+
+    memset(buf, 0x00, sizeof(buf));
+    *ptr++ = s->s3->send_alert[0];
+    *ptr++ = s->s3->send_alert[1];
+
+#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
+    if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) {
+        s2n(s->d1->handshake_read_seq, ptr);
+# if 0
+        if (s->d1->r_msg_hdr.frag_off == 0)
+            /*
+             * waiting for a new msg
+             */
+            else
+            s2n(s->d1->r_msg_hdr.seq, ptr); /* partial msg read */
+# endif
+
+# if 0
+        fprintf(stderr,
+                "s->d1->handshake_read_seq = %d, s->d1->r_msg_hdr.seq = %d\n",
+                s->d1->handshake_read_seq, s->d1->r_msg_hdr.seq);
+# endif
+        l2n3(s->d1->r_msg_hdr.frag_off, ptr);
+    }
+#endif
+
+    i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0);
+    if (i <= 0) {
+        s->s3->alert_dispatch = 1;
+        /* fprintf( stderr, "not done with alert\n" ); */
+    } else {
+        if (s->s3->send_alert[0] == SSL3_AL_FATAL
+#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
+            || s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
+#endif
+            )
+            (void)BIO_flush(s->wbio);
+
+        if (s->msg_callback)
+            s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert,
+                            2, s, s->msg_callback_arg);
+
+        if (s->info_callback != NULL)
+            cb = s->info_callback;
+        else if (s->ctx->info_callback != NULL)
+            cb = s->ctx->info_callback;
+
+        if (cb != NULL) {
+            j = (s->s3->send_alert[0] << 8) | s->s3->send_alert[1];
+            cb(s, SSL_CB_WRITE_ALERT, j);
+        }
+    }
+    return (i);
+}
+
+static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
+                                      unsigned int *is_next_epoch)
+{
+
+    *is_next_epoch = 0;
+
+    /* In current epoch, accept HM, CCS, DATA, & ALERT */
+    if (rr->epoch == s->d1->r_epoch)
+        return &s->d1->bitmap;
+
+    /*
+     * Only HM and ALERT messages can be from the next epoch and only if we
+     * have already processed all of the unprocessed records from the last
+     * epoch
+     */
+    else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) &&
+             s->d1->unprocessed_rcds.epoch != s->d1->r_epoch &&
+             (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) {
+        *is_next_epoch = 1;
+        return &s->d1->next_bitmap;
+    }
+
+    return NULL;
+}
+
+#if 0
+static int
+dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr,
+                             unsigned short *priority, unsigned long *offset)
+{
+
+    /* alerts are passed up immediately */
+    if (rr->type == SSL3_RT_APPLICATION_DATA || rr->type == SSL3_RT_ALERT)
+        return 0;
+
+    /*
+     * Only need to buffer if a handshake is underway. (this implies that
+     * Hello Request and Client Hello are passed up immediately)
+     */
+    if (SSL_in_init(s)) {
+        unsigned char *data = rr->data;
+        /* need to extract the HM/CCS sequence number here */
+        if (rr->type == SSL3_RT_HANDSHAKE ||
+            rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
+            unsigned short seq_num;
+            struct hm_header_st msg_hdr;
+            struct ccs_header_st ccs_hdr;
+
+            if (rr->type == SSL3_RT_HANDSHAKE) {
+                dtls1_get_message_header(data, &msg_hdr);
+                seq_num = msg_hdr.seq;
+                *offset = msg_hdr.frag_off;
+            } else {
+                dtls1_get_ccs_header(data, &ccs_hdr);
+                seq_num = ccs_hdr.seq;
+                *offset = 0;
+            }
+
+            /*
+             * this is either a record we're waiting for, or a retransmit of
+             * something we happened to previously receive (higher layers
+             * will drop the repeat silently
+             */
+            if (seq_num < s->d1->handshake_read_seq)
+                return 0;
+            if (rr->type == SSL3_RT_HANDSHAKE &&
+                seq_num == s->d1->handshake_read_seq &&
+                msg_hdr.frag_off < s->d1->r_msg_hdr.frag_off)
+                return 0;
+            else if (seq_num == s->d1->handshake_read_seq &&
+                     (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC ||
+                      msg_hdr.frag_off == s->d1->r_msg_hdr.frag_off))
+                return 0;
+            else {
+                *priority = seq_num;
+                return 1;
+            }
+        } else                  /* unknown record type */
+            return 0;
+    }
+
+    return 0;
+}
+#endif
+
+void dtls1_reset_seq_numbers(SSL *s, int rw)
+{
+    unsigned char *seq;
+    unsigned int seq_bytes = sizeof(s->s3->read_sequence);
+
+    if (rw & SSL3_CC_READ) {
+        seq = s->s3->read_sequence;
+        s->d1->r_epoch++;
+        memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP));
+        memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));
+
+        /*
+         * We must not use any buffered messages received from the previous
+         * epoch
+         */
+        dtls1_clear_received_buffer(s);
+    } else {
+        seq = s->s3->write_sequence;
+        memcpy(s->d1->last_write_sequence, seq,
+               sizeof(s->s3->write_sequence));
+        s->d1->w_epoch++;
+    }
+
+    memset(seq, 0x00, seq_bytes);
+}

Deleted: vendor-crypto/openssl/1.0.1u/ssl/d1_srvr.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/d1_srvr.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/ssl/d1_srvr.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,1759 +0,0 @@
-/* ssl/d1_srvr.c */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/md5.h>
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
-
-static const SSL_METHOD *dtls1_get_server_method(int ver);
-static int dtls1_send_hello_verify_request(SSL *s);
-
-static const SSL_METHOD *dtls1_get_server_method(int ver)
-{
-    if (ver == DTLS1_VERSION)
-        return (DTLSv1_server_method());
-    else
-        return (NULL);
-}
-
-IMPLEMENT_dtls1_meth_func(DTLSv1_server_method,
-                          dtls1_accept,
-                          ssl_undefined_function, dtls1_get_server_method)
-
-int dtls1_accept(SSL *s)
-{
-    BUF_MEM *buf;
-    unsigned long Time = (unsigned long)time(NULL);
-    void (*cb) (const SSL *ssl, int type, int val) = NULL;
-    unsigned long alg_k;
-    int ret = -1;
-    int new_state, state, skip = 0;
-    int listen;
-#ifndef OPENSSL_NO_SCTP
-    unsigned char sctpauthkey[64];
-    char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
-#endif
-
-    RAND_add(&Time, sizeof(Time), 0);
-    ERR_clear_error();
-    clear_sys_error();
-
-    if (s->info_callback != NULL)
-        cb = s->info_callback;
-    else if (s->ctx->info_callback != NULL)
-        cb = s->ctx->info_callback;
-
-    listen = s->d1->listen;
-
-    /* init things to blank */
-    s->in_handshake++;
-    if (!SSL_in_init(s) || SSL_in_before(s))
-        SSL_clear(s);
-
-    s->d1->listen = listen;
-#ifndef OPENSSL_NO_SCTP
-    /*
-     * Notify SCTP BIO socket to enter handshake mode and prevent stream
-     * identifier other than 0. Will be ignored if no SCTP is used.
-     */
-    BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
-             s->in_handshake, NULL);
-#endif
-
-    if (s->cert == NULL) {
-        SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
-        return (-1);
-    }
-#ifndef OPENSSL_NO_HEARTBEATS
-    /*
-     * If we're awaiting a HeartbeatResponse, pretend we already got and
-     * don't await it anymore, because Heartbeats don't make sense during
-     * handshakes anyway.
-     */
-    if (s->tlsext_hb_pending) {
-        dtls1_stop_timer(s);
-        s->tlsext_hb_pending = 0;
-        s->tlsext_hb_seq++;
-    }
-#endif
-
-    for (;;) {
-        state = s->state;
-
-        switch (s->state) {
-        case SSL_ST_RENEGOTIATE:
-            s->renegotiate = 1;
-            /* s->state=SSL_ST_ACCEPT; */
-
-        case SSL_ST_BEFORE:
-        case SSL_ST_ACCEPT:
-        case SSL_ST_BEFORE | SSL_ST_ACCEPT:
-        case SSL_ST_OK | SSL_ST_ACCEPT:
-
-            s->server = 1;
-            if (cb != NULL)
-                cb(s, SSL_CB_HANDSHAKE_START, 1);
-
-            if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {
-                SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);
-                return -1;
-            }
-            s->type = SSL_ST_ACCEPT;
-
-            if (s->init_buf == NULL) {
-                if ((buf = BUF_MEM_new()) == NULL) {
-                    ret = -1;
-                    s->state = SSL_ST_ERR;
-                    goto end;
-                }
-                if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
-                    BUF_MEM_free(buf);
-                    ret = -1;
-                    s->state = SSL_ST_ERR;
-                    goto end;
-                }
-                s->init_buf = buf;
-            }
-
-            if (!ssl3_setup_buffers(s)) {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-
-            s->init_num = 0;
-            s->d1->change_cipher_spec_ok = 0;
-            /*
-             * Should have been reset by ssl3_get_finished, too.
-             */
-            s->s3->change_cipher_spec = 0;
-
-            if (s->state != SSL_ST_RENEGOTIATE) {
-                /*
-                 * Ok, we now need to push on a buffering BIO so that the
-                 * output is sent in a way that TCP likes :-) ...but not with
-                 * SCTP :-)
-                 */
-#ifndef OPENSSL_NO_SCTP
-                if (!BIO_dgram_is_sctp(SSL_get_wbio(s)))
-#endif
-                    if (!ssl_init_wbio_buffer(s, 1)) {
-                        ret = -1;
-                        s->state = SSL_ST_ERR;
-                        goto end;
-                    }
-
-                ssl3_init_finished_mac(s);
-                s->state = SSL3_ST_SR_CLNT_HELLO_A;
-                s->ctx->stats.sess_accept++;
-            } else if (!s->s3->send_connection_binding &&
-                       !(s->options &
-                         SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
-                /*
-                 * Server attempting to renegotiate with client that doesn't
-                 * support secure renegotiation.
-                 */
-                SSLerr(SSL_F_DTLS1_ACCEPT,
-                       SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            } else {
-                /*
-                 * s->state == SSL_ST_RENEGOTIATE, we will just send a
-                 * HelloRequest
-                 */
-                s->ctx->stats.sess_accept_renegotiate++;
-                s->state = SSL3_ST_SW_HELLO_REQ_A;
-            }
-
-            break;
-
-        case SSL3_ST_SW_HELLO_REQ_A:
-        case SSL3_ST_SW_HELLO_REQ_B:
-
-            s->shutdown = 0;
-            dtls1_clear_record_buffer(s);
-            dtls1_start_timer(s);
-            ret = dtls1_send_hello_request(s);
-            if (ret <= 0)
-                goto end;
-            s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
-            s->state = SSL3_ST_SW_FLUSH;
-            s->init_num = 0;
-
-            ssl3_init_finished_mac(s);
-            break;
-
-        case SSL3_ST_SW_HELLO_REQ_C:
-            s->state = SSL_ST_OK;
-            break;
-
-        case SSL3_ST_SR_CLNT_HELLO_A:
-        case SSL3_ST_SR_CLNT_HELLO_B:
-        case SSL3_ST_SR_CLNT_HELLO_C:
-
-            s->shutdown = 0;
-            ret = ssl3_get_client_hello(s);
-            if (ret <= 0)
-                goto end;
-            dtls1_stop_timer(s);
-
-            if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
-                s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
-            else
-                s->state = SSL3_ST_SW_SRVR_HELLO_A;
-
-            s->init_num = 0;
-
-            /*
-             * Reflect ClientHello sequence to remain stateless while
-             * listening
-             */
-            if (listen) {
-                memcpy(s->s3->write_sequence, s->s3->read_sequence,
-                       sizeof(s->s3->write_sequence));
-            }
-
-            /* If we're just listening, stop here */
-            if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) {
-                ret = 2;
-                s->d1->listen = 0;
-                /*
-                 * Set expected sequence numbers to continue the handshake.
-                 */
-                s->d1->handshake_read_seq = 2;
-                s->d1->handshake_write_seq = 1;
-                s->d1->next_handshake_write_seq = 1;
-                goto end;
-            }
-
-            break;
-
-        case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
-        case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
-
-            ret = dtls1_send_hello_verify_request(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_SW_FLUSH;
-            s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
-
-            /* HelloVerifyRequest resets Finished MAC */
-            if (s->version != DTLS1_BAD_VER)
-                ssl3_init_finished_mac(s);
-            break;
-
-#ifndef OPENSSL_NO_SCTP
-        case DTLS1_SCTP_ST_SR_READ_SOCK:
-
-            if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
-                s->s3->in_read_app_data = 2;
-                s->rwstate = SSL_READING;
-                BIO_clear_retry_flags(SSL_get_rbio(s));
-                BIO_set_retry_read(SSL_get_rbio(s));
-                ret = -1;
-                goto end;
-            }
-
-            s->state = SSL3_ST_SR_FINISHED_A;
-            break;
-
-        case DTLS1_SCTP_ST_SW_WRITE_SOCK:
-            ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
-            if (ret < 0)
-                goto end;
-
-            if (ret == 0) {
-                if (s->d1->next_state != SSL_ST_OK) {
-                    s->s3->in_read_app_data = 2;
-                    s->rwstate = SSL_READING;
-                    BIO_clear_retry_flags(SSL_get_rbio(s));
-                    BIO_set_retry_read(SSL_get_rbio(s));
-                    ret = -1;
-                    goto end;
-                }
-            }
-
-            s->state = s->d1->next_state;
-            break;
-#endif
-
-        case SSL3_ST_SW_SRVR_HELLO_A:
-        case SSL3_ST_SW_SRVR_HELLO_B:
-            s->renegotiate = 2;
-            dtls1_start_timer(s);
-            ret = dtls1_send_server_hello(s);
-            if (ret <= 0)
-                goto end;
-
-            if (s->hit) {
-#ifndef OPENSSL_NO_SCTP
-                /*
-                 * Add new shared key for SCTP-Auth, will be ignored if no
-                 * SCTP used.
-                 */
-                snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
-                         DTLS1_SCTP_AUTH_LABEL);
-
-                if (SSL_export_keying_material(s, sctpauthkey,
-                        sizeof(sctpauthkey), labelbuffer,
-                        sizeof(labelbuffer), NULL, 0, 0) <= 0) {
-                    ret = -1;
-                    s->state = SSL_ST_ERR;
-                    goto end;
-                }
-
-                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
-                         sizeof(sctpauthkey), sctpauthkey);
-#endif
-#ifndef OPENSSL_NO_TLSEXT
-                if (s->tlsext_ticket_expected)
-                    s->state = SSL3_ST_SW_SESSION_TICKET_A;
-                else
-                    s->state = SSL3_ST_SW_CHANGE_A;
-#else
-                s->state = SSL3_ST_SW_CHANGE_A;
-#endif
-            } else
-                s->state = SSL3_ST_SW_CERT_A;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_SW_CERT_A:
-        case SSL3_ST_SW_CERT_B:
-            /* Check if it is anon DH or normal PSK */
-            if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
-                && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
-                dtls1_start_timer(s);
-                ret = dtls1_send_server_certificate(s);
-                if (ret <= 0)
-                    goto end;
-#ifndef OPENSSL_NO_TLSEXT
-                if (s->tlsext_status_expected)
-                    s->state = SSL3_ST_SW_CERT_STATUS_A;
-                else
-                    s->state = SSL3_ST_SW_KEY_EXCH_A;
-            } else {
-                skip = 1;
-                s->state = SSL3_ST_SW_KEY_EXCH_A;
-            }
-#else
-            } else
-                skip = 1;
-
-            s->state = SSL3_ST_SW_KEY_EXCH_A;
-#endif
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_SW_KEY_EXCH_A:
-        case SSL3_ST_SW_KEY_EXCH_B:
-            alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-
-            /*
-             * clear this, it may get reset by
-             * send_server_key_exchange
-             */
-            s->s3->tmp.use_rsa_tmp = 0;
-
-            /*
-             * only send if a DH key exchange or RSA but we have a sign only
-             * certificate
-             */
-            if (0
-                /*
-                 * PSK: send ServerKeyExchange if PSK identity hint if
-                 * provided
-                 */
-#ifndef OPENSSL_NO_PSK
-                || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
-#endif
-                || (alg_k & SSL_kEDH)
-                || (alg_k & SSL_kEECDH)
-                || ((alg_k & SSL_kRSA)
-                    && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
-                        || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
-                            && EVP_PKEY_size(s->cert->pkeys
-                                             [SSL_PKEY_RSA_ENC].privatekey) *
-                            8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
-                        )
-                    )
-                )
-                ) {
-                dtls1_start_timer(s);
-                ret = dtls1_send_server_key_exchange(s);
-                if (ret <= 0)
-                    goto end;
-            } else
-                skip = 1;
-
-            s->state = SSL3_ST_SW_CERT_REQ_A;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_SW_CERT_REQ_A:
-        case SSL3_ST_SW_CERT_REQ_B:
-            if (                /* don't request cert unless asked for it: */
-                   !(s->verify_mode & SSL_VERIFY_PEER) ||
-                   /*
-                    * if SSL_VERIFY_CLIENT_ONCE is set, don't request cert
-                    * during re-negotiation:
-                    */
-                   ((s->session->peer != NULL) &&
-                    (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
-                   /*
-                    * never request cert in anonymous ciphersuites (see
-                    * section "Certificate request" in SSL 3 drafts and in
-                    * RFC 2246):
-                    */
-                   ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
-                    /*
-                     * ... except when the application insists on
-                     * verification (against the specs, but s3_clnt.c accepts
-                     * this for SSL 3)
-                     */
-                    !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
-                   /*
-                    * never request cert in Kerberos ciphersuites
-                    */
-                   (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)
-                   /*
-                    * With normal PSK Certificates and Certificate Requests
-                    * are omitted
-                    */
-                   || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
-                /* no cert request */
-                skip = 1;
-                s->s3->tmp.cert_request = 0;
-                s->state = SSL3_ST_SW_SRVR_DONE_A;
-#ifndef OPENSSL_NO_SCTP
-                if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
-                    s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A;
-                    s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
-                }
-#endif
-            } else {
-                s->s3->tmp.cert_request = 1;
-                dtls1_start_timer(s);
-                ret = dtls1_send_certificate_request(s);
-                if (ret <= 0)
-                    goto end;
-#ifndef NETSCAPE_HANG_BUG
-                s->state = SSL3_ST_SW_SRVR_DONE_A;
-# ifndef OPENSSL_NO_SCTP
-                if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
-                    s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A;
-                    s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
-                }
-# endif
-#else
-                s->state = SSL3_ST_SW_FLUSH;
-                s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
-# ifndef OPENSSL_NO_SCTP
-                if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
-                    s->d1->next_state = s->s3->tmp.next_state;
-                    s->s3->tmp.next_state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
-                }
-# endif
-#endif
-                s->init_num = 0;
-            }
-            break;
-
-        case SSL3_ST_SW_SRVR_DONE_A:
-        case SSL3_ST_SW_SRVR_DONE_B:
-            dtls1_start_timer(s);
-            ret = dtls1_send_server_done(s);
-            if (ret <= 0)
-                goto end;
-            s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
-            s->state = SSL3_ST_SW_FLUSH;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_SW_FLUSH:
-            s->rwstate = SSL_WRITING;
-            if (BIO_flush(s->wbio) <= 0) {
-                /*
-                 * If the write error was fatal, stop trying
-                 */
-                if (!BIO_should_retry(s->wbio)) {
-                    s->rwstate = SSL_NOTHING;
-                    s->state = s->s3->tmp.next_state;
-                }
-
-                ret = -1;
-                goto end;
-            }
-            s->rwstate = SSL_NOTHING;
-            s->state = s->s3->tmp.next_state;
-            break;
-
-        case SSL3_ST_SR_CERT_A:
-        case SSL3_ST_SR_CERT_B:
-            /* Check for second client hello (MS SGC) */
-            ret = ssl3_check_client_hello(s);
-            if (ret <= 0)
-                goto end;
-            if (ret == 2) {
-                dtls1_stop_timer(s);
-                s->state = SSL3_ST_SR_CLNT_HELLO_C;
-            } else {
-                if (s->s3->tmp.cert_request) {
-                    ret = ssl3_get_client_certificate(s);
-                    if (ret <= 0)
-                        goto end;
-                }
-                s->init_num = 0;
-                s->state = SSL3_ST_SR_KEY_EXCH_A;
-            }
-            break;
-
-        case SSL3_ST_SR_KEY_EXCH_A:
-        case SSL3_ST_SR_KEY_EXCH_B:
-            ret = ssl3_get_client_key_exchange(s);
-            if (ret <= 0)
-                goto end;
-#ifndef OPENSSL_NO_SCTP
-            /*
-             * Add new shared key for SCTP-Auth, will be ignored if no SCTP
-             * used.
-             */
-            snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
-                     DTLS1_SCTP_AUTH_LABEL);
-
-            if (SSL_export_keying_material(s, sctpauthkey,
-                                       sizeof(sctpauthkey), labelbuffer,
-                                       sizeof(labelbuffer), NULL, 0, 0) <= 0) {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-
-            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
-                     sizeof(sctpauthkey), sctpauthkey);
-#endif
-
-            s->state = SSL3_ST_SR_CERT_VRFY_A;
-            s->init_num = 0;
-
-            if (ret == 2) {
-                /*
-                 * For the ECDH ciphersuites when the client sends its ECDH
-                 * pub key in a certificate, the CertificateVerify message is
-                 * not sent.
-                 */
-                s->state = SSL3_ST_SR_FINISHED_A;
-                s->init_num = 0;
-            } else {
-                s->state = SSL3_ST_SR_CERT_VRFY_A;
-                s->init_num = 0;
-
-                /*
-                 * We need to get hashes here so if there is a client cert,
-                 * it can be verified
-                 */
-                s->method->ssl3_enc->cert_verify_mac(s,
-                                                     NID_md5,
-                                                     &(s->s3->
-                                                       tmp.cert_verify_md
-                                                       [0]));
-                s->method->ssl3_enc->cert_verify_mac(s, NID_sha1,
-                                                     &(s->s3->
-                                                       tmp.cert_verify_md
-                                                       [MD5_DIGEST_LENGTH]));
-            }
-            break;
-
-        case SSL3_ST_SR_CERT_VRFY_A:
-        case SSL3_ST_SR_CERT_VRFY_B:
-            ret = ssl3_get_cert_verify(s);
-            if (ret <= 0)
-                goto end;
-#ifndef OPENSSL_NO_SCTP
-            if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
-                state == SSL_ST_RENEGOTIATE)
-                s->state = DTLS1_SCTP_ST_SR_READ_SOCK;
-            else
-#endif
-                s->state = SSL3_ST_SR_FINISHED_A;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_SR_FINISHED_A:
-        case SSL3_ST_SR_FINISHED_B:
-            /*
-             * Enable CCS. Receiving a CCS clears the flag, so make
-             * sure not to re-enable it to ban duplicates. This *should* be the
-             * first time we have received one - but we check anyway to be
-             * cautious.
-             * s->s3->change_cipher_spec is set when a CCS is
-             * processed in d1_pkt.c, and remains set until
-             * the client's Finished message is read.
-             */
-            if (!s->s3->change_cipher_spec)
-                s->d1->change_cipher_spec_ok = 1;
-            ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A,
-                                    SSL3_ST_SR_FINISHED_B);
-            if (ret <= 0)
-                goto end;
-            dtls1_stop_timer(s);
-            if (s->hit)
-                s->state = SSL_ST_OK;
-#ifndef OPENSSL_NO_TLSEXT
-            else if (s->tlsext_ticket_expected)
-                s->state = SSL3_ST_SW_SESSION_TICKET_A;
-#endif
-            else
-                s->state = SSL3_ST_SW_CHANGE_A;
-            s->init_num = 0;
-            break;
-
-#ifndef OPENSSL_NO_TLSEXT
-        case SSL3_ST_SW_SESSION_TICKET_A:
-        case SSL3_ST_SW_SESSION_TICKET_B:
-            ret = dtls1_send_newsession_ticket(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_SW_CHANGE_A;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_SW_CERT_STATUS_A:
-        case SSL3_ST_SW_CERT_STATUS_B:
-            ret = ssl3_send_cert_status(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_SW_KEY_EXCH_A;
-            s->init_num = 0;
-            break;
-
-#endif
-
-        case SSL3_ST_SW_CHANGE_A:
-        case SSL3_ST_SW_CHANGE_B:
-
-            s->session->cipher = s->s3->tmp.new_cipher;
-            if (!s->method->ssl3_enc->setup_key_block(s)) {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-
-            ret = dtls1_send_change_cipher_spec(s,
-                                                SSL3_ST_SW_CHANGE_A,
-                                                SSL3_ST_SW_CHANGE_B);
-
-            if (ret <= 0)
-                goto end;
-
-#ifndef OPENSSL_NO_SCTP
-            if (!s->hit) {
-                /*
-                 * Change to new shared key of SCTP-Auth, will be ignored if
-                 * no SCTP used.
-                 */
-                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY,
-                         0, NULL);
-            }
-#endif
-
-            s->state = SSL3_ST_SW_FINISHED_A;
-            s->init_num = 0;
-
-            if (!s->method->ssl3_enc->change_cipher_state(s,
-                                                          SSL3_CHANGE_CIPHER_SERVER_WRITE))
-            {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-
-            dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
-            break;
-
-        case SSL3_ST_SW_FINISHED_A:
-        case SSL3_ST_SW_FINISHED_B:
-            ret = dtls1_send_finished(s,
-                                      SSL3_ST_SW_FINISHED_A,
-                                      SSL3_ST_SW_FINISHED_B,
-                                      s->method->
-                                      ssl3_enc->server_finished_label,
-                                      s->method->
-                                      ssl3_enc->server_finished_label_len);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_SW_FLUSH;
-            if (s->hit) {
-                s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A;
-
-#ifndef OPENSSL_NO_SCTP
-                /*
-                 * Change to new shared key of SCTP-Auth, will be ignored if
-                 * no SCTP used.
-                 */
-                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY,
-                         0, NULL);
-#endif
-            } else {
-                s->s3->tmp.next_state = SSL_ST_OK;
-#ifndef OPENSSL_NO_SCTP
-                if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
-                    s->d1->next_state = s->s3->tmp.next_state;
-                    s->s3->tmp.next_state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
-                }
-#endif
-            }
-            s->init_num = 0;
-            break;
-
-        case SSL_ST_OK:
-            /* clean a few things up */
-            ssl3_cleanup_key_block(s);
-
-#if 0
-            BUF_MEM_free(s->init_buf);
-            s->init_buf = NULL;
-#endif
-
-            /* remove buffering on output */
-            ssl_free_wbio_buffer(s);
-
-            s->init_num = 0;
-
-            if (s->renegotiate == 2) { /* skipped if we just sent a
-                                        * HelloRequest */
-                s->renegotiate = 0;
-                s->new_session = 0;
-
-                ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
-
-                s->ctx->stats.sess_accept_good++;
-                /* s->server=1; */
-                s->handshake_func = dtls1_accept;
-
-                if (cb != NULL)
-                    cb(s, SSL_CB_HANDSHAKE_DONE, 1);
-            }
-
-            ret = 1;
-
-            /* done handshaking, next message is client hello */
-            s->d1->handshake_read_seq = 0;
-            /* next message is server hello */
-            s->d1->handshake_write_seq = 0;
-            s->d1->next_handshake_write_seq = 0;
-            goto end;
-            /* break; */
-
-        case SSL_ST_ERR:
-        default:
-            SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_UNKNOWN_STATE);
-            ret = -1;
-            goto end;
-            /* break; */
-        }
-
-        if (!s->s3->tmp.reuse_message && !skip) {
-            if (s->debug) {
-                if ((ret = BIO_flush(s->wbio)) <= 0)
-                    goto end;
-            }
-
-            if ((cb != NULL) && (s->state != state)) {
-                new_state = s->state;
-                s->state = state;
-                cb(s, SSL_CB_ACCEPT_LOOP, 1);
-                s->state = new_state;
-            }
-        }
-        skip = 0;
-    }
- end:
-    /* BIO_flush(s->wbio); */
-
-    s->in_handshake--;
-#ifndef OPENSSL_NO_SCTP
-    /*
-     * Notify SCTP BIO socket to leave handshake mode and prevent stream
-     * identifier other than 0. Will be ignored if no SCTP is used.
-     */
-    BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
-             s->in_handshake, NULL);
-#endif
-
-    if (cb != NULL)
-        cb(s, SSL_CB_ACCEPT_EXIT, ret);
-    return (ret);
-}
-
-int dtls1_send_hello_request(SSL *s)
-{
-    unsigned char *p;
-
-    if (s->state == SSL3_ST_SW_HELLO_REQ_A) {
-        p = (unsigned char *)s->init_buf->data;
-        p = dtls1_set_message_header(s, p, SSL3_MT_HELLO_REQUEST, 0, 0, 0);
-
-        s->state = SSL3_ST_SW_HELLO_REQ_B;
-        /* number of bytes to write */
-        s->init_num = DTLS1_HM_HEADER_LENGTH;
-        s->init_off = 0;
-
-        /*
-         * no need to buffer this message, since there are no retransmit
-         * requests for it
-         */
-    }
-
-    /* SSL3_ST_SW_HELLO_REQ_B */
-    return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
-}
-
-int dtls1_send_hello_verify_request(SSL *s)
-{
-    unsigned int msg_len;
-    unsigned char *msg, *buf, *p;
-
-    if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {
-        buf = (unsigned char *)s->init_buf->data;
-
-        msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
-        *(p++) = s->version >> 8;
-        *(p++) = s->version & 0xFF;
-
-        if (s->ctx->app_gen_cookie_cb == NULL ||
-            s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
-                                      &(s->d1->cookie_len)) == 0) {
-            SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,
-                   ERR_R_INTERNAL_ERROR);
-            s->state = SSL_ST_ERR;
-            return 0;
-        }
-
-        *(p++) = (unsigned char)s->d1->cookie_len;
-        memcpy(p, s->d1->cookie, s->d1->cookie_len);
-        p += s->d1->cookie_len;
-        msg_len = p - msg;
-
-        dtls1_set_message_header(s, buf,
-                                 DTLS1_MT_HELLO_VERIFY_REQUEST, msg_len, 0,
-                                 msg_len);
-
-        s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
-        /* number of bytes to write */
-        s->init_num = p - buf;
-        s->init_off = 0;
-    }
-
-    /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
-    return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
-}
-
-int dtls1_send_server_hello(SSL *s)
-{
-    unsigned char *buf;
-    unsigned char *p, *d;
-    int i;
-    unsigned int sl;
-    unsigned long l;
-
-    if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {
-        buf = (unsigned char *)s->init_buf->data;
-        p = s->s3->server_random;
-        ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE);
-        /* Do the message type and length last */
-        d = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
-
-        *(p++) = s->version >> 8;
-        *(p++) = s->version & 0xff;
-
-        /* Random stuff */
-        memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
-        p += SSL3_RANDOM_SIZE;
-
-        /*
-         * now in theory we have 3 options to sending back the session id.
-         * If it is a re-use, we send back the old session-id, if it is a new
-         * session, we send back the new session-id or we send back a 0
-         * length session-id if we want it to be single use. Currently I will
-         * not implement the '0' length session-id 12-Jan-98 - I'll now
-         * support the '0' length stuff.
-         */
-        if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER))
-            s->session->session_id_length = 0;
-
-        sl = s->session->session_id_length;
-        if (sl > sizeof s->session->session_id) {
-            SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
-            return -1;
-        }
-        *(p++) = sl;
-        memcpy(p, s->session->session_id, sl);
-        p += sl;
-
-        /* put the cipher */
-        if (s->s3->tmp.new_cipher == NULL)
-            return -1;
-        i = ssl3_put_cipher_by_char(s->s3->tmp.new_cipher, p);
-        p += i;
-
-        /* put the compression method */
-#ifdef OPENSSL_NO_COMP
-        *(p++) = 0;
-#else
-        if (s->s3->tmp.new_compression == NULL)
-            *(p++) = 0;
-        else
-            *(p++) = s->s3->tmp.new_compression->id;
-#endif
-
-#ifndef OPENSSL_NO_TLSEXT
-        if (ssl_prepare_serverhello_tlsext(s) <= 0) {
-            SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, SSL_R_SERVERHELLO_TLSEXT);
-            return -1;
-        }
-        if ((p =
-             ssl_add_serverhello_tlsext(s, p,
-                                        buf + SSL3_RT_MAX_PLAIN_LENGTH)) ==
-            NULL) {
-            SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
-            return -1;
-        }
-#endif
-
-        /* do the header */
-        l = (p - d);
-        d = buf;
-
-        d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l);
-
-        s->state = SSL3_ST_SW_SRVR_HELLO_B;
-        /* number of bytes to write */
-        s->init_num = p - buf;
-        s->init_off = 0;
-
-        /* buffer the message to handle re-xmits */
-        dtls1_buffer_message(s, 0);
-    }
-
-    /* SSL3_ST_SW_SRVR_HELLO_B */
-    return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
-}
-
-int dtls1_send_server_done(SSL *s)
-{
-    unsigned char *p;
-
-    if (s->state == SSL3_ST_SW_SRVR_DONE_A) {
-        p = (unsigned char *)s->init_buf->data;
-
-        /* do the header */
-        p = dtls1_set_message_header(s, p, SSL3_MT_SERVER_DONE, 0, 0, 0);
-
-        s->state = SSL3_ST_SW_SRVR_DONE_B;
-        /* number of bytes to write */
-        s->init_num = DTLS1_HM_HEADER_LENGTH;
-        s->init_off = 0;
-
-        /* buffer the message to handle re-xmits */
-        dtls1_buffer_message(s, 0);
-    }
-
-    /* SSL3_ST_SW_SRVR_DONE_B */
-    return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
-}
-
-int dtls1_send_server_key_exchange(SSL *s)
-{
-#ifndef OPENSSL_NO_RSA
-    unsigned char *q;
-    int j, num;
-    RSA *rsa;
-    unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
-    unsigned int u;
-#endif
-#ifndef OPENSSL_NO_DH
-    DH *dh = NULL, *dhp;
-#endif
-#ifndef OPENSSL_NO_ECDH
-    EC_KEY *ecdh = NULL, *ecdhp;
-    unsigned char *encodedPoint = NULL;
-    int encodedlen = 0;
-    int curve_id = 0;
-    BN_CTX *bn_ctx = NULL;
-#endif
-    EVP_PKEY *pkey;
-    unsigned char *p, *d;
-    int al, i;
-    unsigned long type;
-    int n;
-    CERT *cert;
-    BIGNUM *r[4];
-    int nr[4], kn;
-    BUF_MEM *buf;
-    EVP_MD_CTX md_ctx;
-
-    EVP_MD_CTX_init(&md_ctx);
-    if (s->state == SSL3_ST_SW_KEY_EXCH_A) {
-        type = s->s3->tmp.new_cipher->algorithm_mkey;
-        cert = s->cert;
-
-        buf = s->init_buf;
-
-        r[0] = r[1] = r[2] = r[3] = NULL;
-        n = 0;
-#ifndef OPENSSL_NO_RSA
-        if (type & SSL_kRSA) {
-            rsa = cert->rsa_tmp;
-            if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) {
-                rsa = s->cert->rsa_tmp_cb(s,
-                                          SSL_C_IS_EXPORT(s->s3->
-                                                          tmp.new_cipher),
-                                          SSL_C_EXPORT_PKEYLENGTH(s->s3->
-                                                                  tmp.new_cipher));
-                if (rsa == NULL) {
-                    al = SSL_AD_HANDSHAKE_FAILURE;
-                    SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
-                           SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
-                    goto f_err;
-                }
-                RSA_up_ref(rsa);
-                cert->rsa_tmp = rsa;
-            }
-            if (rsa == NULL) {
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
-                       SSL_R_MISSING_TMP_RSA_KEY);
-                goto f_err;
-            }
-            r[0] = rsa->n;
-            r[1] = rsa->e;
-            s->s3->tmp.use_rsa_tmp = 1;
-        } else
-#endif
-#ifndef OPENSSL_NO_DH
-        if (type & SSL_kEDH) {
-            dhp = cert->dh_tmp;
-            if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
-                dhp = s->cert->dh_tmp_cb(s,
-                                         SSL_C_IS_EXPORT(s->s3->
-                                                         tmp.new_cipher),
-                                         SSL_C_EXPORT_PKEYLENGTH(s->s3->
-                                                                 tmp.new_cipher));
-            if (dhp == NULL) {
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
-                       SSL_R_MISSING_TMP_DH_KEY);
-                goto f_err;
-            }
-
-            if (s->s3->tmp.dh != NULL) {
-                DH_free(dh);
-                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
-                       ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-
-            if ((dh = DHparams_dup(dhp)) == NULL) {
-                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
-                goto err;
-            }
-
-            s->s3->tmp.dh = dh;
-            if ((dhp->pub_key == NULL ||
-                 dhp->priv_key == NULL ||
-                 (s->options & SSL_OP_SINGLE_DH_USE))) {
-                if (!DH_generate_key(dh)) {
-                    SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
-                           ERR_R_DH_LIB);
-                    goto err;
-                }
-            } else {
-                dh->pub_key = BN_dup(dhp->pub_key);
-                dh->priv_key = BN_dup(dhp->priv_key);
-                if ((dh->pub_key == NULL) || (dh->priv_key == NULL)) {
-                    SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
-                           ERR_R_DH_LIB);
-                    goto err;
-                }
-            }
-            r[0] = dh->p;
-            r[1] = dh->g;
-            r[2] = dh->pub_key;
-        } else
-#endif
-#ifndef OPENSSL_NO_ECDH
-        if (type & SSL_kEECDH) {
-            const EC_GROUP *group;
-
-            ecdhp = cert->ecdh_tmp;
-            if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL)) {
-                ecdhp = s->cert->ecdh_tmp_cb(s,
-                                             SSL_C_IS_EXPORT(s->s3->
-                                                             tmp.new_cipher),
-                                             SSL_C_EXPORT_PKEYLENGTH(s->
-                                                                     s3->tmp.new_cipher));
-            }
-            if (ecdhp == NULL) {
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
-                       SSL_R_MISSING_TMP_ECDH_KEY);
-                goto f_err;
-            }
-
-            if (s->s3->tmp.ecdh != NULL) {
-                EC_KEY_free(s->s3->tmp.ecdh);
-                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
-                       ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-
-            /* Duplicate the ECDH structure. */
-            if (ecdhp == NULL) {
-                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
-                goto err;
-            }
-            if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) {
-                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
-                goto err;
-            }
-
-            s->s3->tmp.ecdh = ecdh;
-            if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
-                (EC_KEY_get0_private_key(ecdh) == NULL) ||
-                (s->options & SSL_OP_SINGLE_ECDH_USE)) {
-                if (!EC_KEY_generate_key(ecdh)) {
-                    SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
-                           ERR_R_ECDH_LIB);
-                    goto err;
-                }
-            }
-
-            if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
-                (EC_KEY_get0_public_key(ecdh) == NULL) ||
-                (EC_KEY_get0_private_key(ecdh) == NULL)) {
-                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
-                goto err;
-            }
-
-            if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
-                (EC_GROUP_get_degree(group) > 163)) {
-                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
-                       SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
-                goto err;
-            }
-
-            /*
-             * XXX: For now, we only support ephemeral ECDH keys over named
-             * (not generic) curves. For supported named curves, curve_id is
-             * non-zero.
-             */
-            if ((curve_id =
-                 tls1_ec_nid2curve_id(EC_GROUP_get_curve_name(group)))
-                == 0) {
-                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
-                       SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
-                goto err;
-            }
-
-            /*
-             * Encode the public key. First check the size of encoding and
-             * allocate memory accordingly.
-             */
-            encodedlen = EC_POINT_point2oct(group,
-                                            EC_KEY_get0_public_key(ecdh),
-                                            POINT_CONVERSION_UNCOMPRESSED,
-                                            NULL, 0, NULL);
-
-            encodedPoint = (unsigned char *)
-                OPENSSL_malloc(encodedlen * sizeof(unsigned char));
-            bn_ctx = BN_CTX_new();
-            if ((encodedPoint == NULL) || (bn_ctx == NULL)) {
-                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
-                       ERR_R_MALLOC_FAILURE);
-                goto err;
-            }
-
-            encodedlen = EC_POINT_point2oct(group,
-                                            EC_KEY_get0_public_key(ecdh),
-                                            POINT_CONVERSION_UNCOMPRESSED,
-                                            encodedPoint, encodedlen, bn_ctx);
-
-            if (encodedlen == 0) {
-                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
-                goto err;
-            }
-
-            BN_CTX_free(bn_ctx);
-            bn_ctx = NULL;
-
-            /*
-             * XXX: For now, we only support named (not generic) curves in
-             * ECDH ephemeral key exchanges. In this situation, we need four
-             * additional bytes to encode the entire ServerECDHParams
-             * structure.
-             */
-            n = 4 + encodedlen;
-
-            /*
-             * We'll generate the serverKeyExchange message explicitly so we
-             * can set these to NULLs
-             */
-            r[0] = NULL;
-            r[1] = NULL;
-            r[2] = NULL;
-            r[3] = NULL;
-        } else
-#endif                          /* !OPENSSL_NO_ECDH */
-#ifndef OPENSSL_NO_PSK
-        if (type & SSL_kPSK) {
-            /*
-             * reserve size for record length and PSK identity hint
-             */
-            n += 2 + strlen(s->ctx->psk_identity_hint);
-        } else
-#endif                          /* !OPENSSL_NO_PSK */
-        {
-            al = SSL_AD_HANDSHAKE_FAILURE;
-            SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
-                   SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
-            goto f_err;
-        }
-        for (i = 0; r[i] != NULL; i++) {
-            nr[i] = BN_num_bytes(r[i]);
-            n += 2 + nr[i];
-        }
-
-        if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
-            && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
-            if ((pkey = ssl_get_sign_pkey(s, s->s3->tmp.new_cipher, NULL))
-                == NULL) {
-                al = SSL_AD_DECODE_ERROR;
-                goto f_err;
-            }
-            kn = EVP_PKEY_size(pkey);
-        } else {
-            pkey = NULL;
-            kn = 0;
-        }
-
-        if (!BUF_MEM_grow_clean(buf, n + DTLS1_HM_HEADER_LENGTH + kn)) {
-            SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_BUF);
-            goto err;
-        }
-        d = (unsigned char *)s->init_buf->data;
-        p = &(d[DTLS1_HM_HEADER_LENGTH]);
-
-        for (i = 0; r[i] != NULL; i++) {
-            s2n(nr[i], p);
-            BN_bn2bin(r[i], p);
-            p += nr[i];
-        }
-
-#ifndef OPENSSL_NO_ECDH
-        if (type & SSL_kEECDH) {
-            /*
-             * XXX: For now, we only support named (not generic) curves. In
-             * this situation, the serverKeyExchange message has: [1 byte
-             * CurveType], [2 byte CurveName] [1 byte length of encoded
-             * point], followed by the actual encoded point itself
-             */
-            *p = NAMED_CURVE_TYPE;
-            p += 1;
-            *p = 0;
-            p += 1;
-            *p = curve_id;
-            p += 1;
-            *p = encodedlen;
-            p += 1;
-            memcpy((unsigned char *)p,
-                   (unsigned char *)encodedPoint, encodedlen);
-            OPENSSL_free(encodedPoint);
-            encodedPoint = NULL;
-            p += encodedlen;
-        }
-#endif
-
-#ifndef OPENSSL_NO_PSK
-        if (type & SSL_kPSK) {
-            /* copy PSK identity hint */
-            s2n(strlen(s->ctx->psk_identity_hint), p);
-            strncpy((char *)p, s->ctx->psk_identity_hint,
-                    strlen(s->ctx->psk_identity_hint));
-            p += strlen(s->ctx->psk_identity_hint);
-        }
-#endif
-
-        /* not anonymous */
-        if (pkey != NULL) {
-            /*
-             * n is the length of the params, they start at
-             * &(d[DTLS1_HM_HEADER_LENGTH]) and p points to the space at the
-             * end.
-             */
-#ifndef OPENSSL_NO_RSA
-            if (pkey->type == EVP_PKEY_RSA) {
-                q = md_buf;
-                j = 0;
-                for (num = 2; num > 0; num--) {
-                    EVP_DigestInit_ex(&md_ctx, (num == 2)
-                                      ? s->ctx->md5 : s->ctx->sha1, NULL);
-                    EVP_DigestUpdate(&md_ctx, &(s->s3->client_random[0]),
-                                     SSL3_RANDOM_SIZE);
-                    EVP_DigestUpdate(&md_ctx, &(s->s3->server_random[0]),
-                                     SSL3_RANDOM_SIZE);
-                    EVP_DigestUpdate(&md_ctx, &(d[DTLS1_HM_HEADER_LENGTH]),
-                                     n);
-                    EVP_DigestFinal_ex(&md_ctx, q, (unsigned int *)&i);
-                    q += i;
-                    j += i;
-                }
-                if (RSA_sign(NID_md5_sha1, md_buf, j,
-                             &(p[2]), &u, pkey->pkey.rsa) <= 0) {
-                    SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_RSA);
-                    goto err;
-                }
-                s2n(u, p);
-                n += u + 2;
-            } else
-#endif
-#if !defined(OPENSSL_NO_DSA)
-            if (pkey->type == EVP_PKEY_DSA) {
-                /* lets do DSS */
-                EVP_SignInit_ex(&md_ctx, EVP_dss1(), NULL);
-                EVP_SignUpdate(&md_ctx, &(s->s3->client_random[0]),
-                               SSL3_RANDOM_SIZE);
-                EVP_SignUpdate(&md_ctx, &(s->s3->server_random[0]),
-                               SSL3_RANDOM_SIZE);
-                EVP_SignUpdate(&md_ctx, &(d[DTLS1_HM_HEADER_LENGTH]), n);
-                if (!EVP_SignFinal(&md_ctx, &(p[2]),
-                                   (unsigned int *)&i, pkey)) {
-                    SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_DSA);
-                    goto err;
-                }
-                s2n(i, p);
-                n += i + 2;
-            } else
-#endif
-#if !defined(OPENSSL_NO_ECDSA)
-            if (pkey->type == EVP_PKEY_EC) {
-                /* let's do ECDSA */
-                EVP_SignInit_ex(&md_ctx, EVP_ecdsa(), NULL);
-                EVP_SignUpdate(&md_ctx, &(s->s3->client_random[0]),
-                               SSL3_RANDOM_SIZE);
-                EVP_SignUpdate(&md_ctx, &(s->s3->server_random[0]),
-                               SSL3_RANDOM_SIZE);
-                EVP_SignUpdate(&md_ctx, &(d[DTLS1_HM_HEADER_LENGTH]), n);
-                if (!EVP_SignFinal(&md_ctx, &(p[2]),
-                                   (unsigned int *)&i, pkey)) {
-                    SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
-                           ERR_LIB_ECDSA);
-                    goto err;
-                }
-                s2n(i, p);
-                n += i + 2;
-            } else
-#endif
-            {
-                /* Is this error check actually needed? */
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
-                       SSL_R_UNKNOWN_PKEY_TYPE);
-                goto f_err;
-            }
-        }
-
-        d = dtls1_set_message_header(s, d,
-                                     SSL3_MT_SERVER_KEY_EXCHANGE, n, 0, n);
-
-        /*
-         * we should now have things packed up, so lets send it off
-         */
-        s->init_num = n + DTLS1_HM_HEADER_LENGTH;
-        s->init_off = 0;
-
-        /* buffer the message to handle re-xmits */
-        dtls1_buffer_message(s, 0);
-    }
-
-    s->state = SSL3_ST_SW_KEY_EXCH_B;
-    EVP_MD_CTX_cleanup(&md_ctx);
-    return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
- f_err:
-    ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
-#ifndef OPENSSL_NO_ECDH
-    if (encodedPoint != NULL)
-        OPENSSL_free(encodedPoint);
-    BN_CTX_free(bn_ctx);
-#endif
-    EVP_MD_CTX_cleanup(&md_ctx);
-    return (-1);
-}
-
-int dtls1_send_certificate_request(SSL *s)
-{
-    unsigned char *p, *d;
-    int i, j, nl, off, n;
-    STACK_OF(X509_NAME) *sk = NULL;
-    X509_NAME *name;
-    BUF_MEM *buf;
-    unsigned int msg_len;
-
-    if (s->state == SSL3_ST_SW_CERT_REQ_A) {
-        buf = s->init_buf;
-
-        d = p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
-
-        /* get the list of acceptable cert types */
-        p++;
-        n = ssl3_get_req_cert_type(s, p);
-        d[0] = n;
-        p += n;
-        n++;
-
-        off = n;
-        p += 2;
-        n += 2;
-
-        sk = SSL_get_client_CA_list(s);
-        nl = 0;
-        if (sk != NULL) {
-            for (i = 0; i < sk_X509_NAME_num(sk); i++) {
-                name = sk_X509_NAME_value(sk, i);
-                j = i2d_X509_NAME(name, NULL);
-                if (!BUF_MEM_grow_clean
-                    (buf, DTLS1_HM_HEADER_LENGTH + n + j + 2)) {
-                    SSLerr(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST,
-                           ERR_R_BUF_LIB);
-                    goto err;
-                }
-                p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH + n]);
-                if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) {
-                    s2n(j, p);
-                    i2d_X509_NAME(name, &p);
-                    n += 2 + j;
-                    nl += 2 + j;
-                } else {
-                    d = p;
-                    i2d_X509_NAME(name, &p);
-                    j -= 2;
-                    s2n(j, d);
-                    j += 2;
-                    n += j;
-                    nl += j;
-                }
-            }
-        }
-        /* else no CA names */
-        p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH + off]);
-        s2n(nl, p);
-
-        d = (unsigned char *)buf->data;
-        *(d++) = SSL3_MT_CERTIFICATE_REQUEST;
-        l2n3(n, d);
-        s2n(s->d1->handshake_write_seq, d);
-        s->d1->handshake_write_seq++;
-
-        /*
-         * we should now have things packed up, so lets send it off
-         */
-
-        s->init_num = n + DTLS1_HM_HEADER_LENGTH;
-        s->init_off = 0;
-#ifdef NETSCAPE_HANG_BUG
-/* XXX: what to do about this? */
-        p = (unsigned char *)s->init_buf->data + s->init_num;
-
-        /* do the header */
-        *(p++) = SSL3_MT_SERVER_DONE;
-        *(p++) = 0;
-        *(p++) = 0;
-        *(p++) = 0;
-        s->init_num += 4;
-#endif
-
-        /* XDTLS:  set message header ? */
-        msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
-        dtls1_set_message_header(s, (void *)s->init_buf->data,
-                                 SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0,
-                                 msg_len);
-
-        /* buffer the message to handle re-xmits */
-        dtls1_buffer_message(s, 0);
-
-        s->state = SSL3_ST_SW_CERT_REQ_B;
-    }
-
-    /* SSL3_ST_SW_CERT_REQ_B */
-    return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
- err:
-    return (-1);
-}
-
-int dtls1_send_server_certificate(SSL *s)
-{
-    unsigned long l;
-    X509 *x;
-
-    if (s->state == SSL3_ST_SW_CERT_A) {
-        x = ssl_get_server_send_cert(s);
-        if (x == NULL) {
-            /* VRS: allow null cert if auth == KRB5 */
-            if ((s->s3->tmp.new_cipher->algorithm_mkey != SSL_kKRB5) ||
-                (s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5)) {
-                SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,
-                       ERR_R_INTERNAL_ERROR);
-                return (0);
-            }
-        }
-
-        l = dtls1_output_cert_chain(s, x);
-        if (!l) {
-            SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR);
-            return (0);
-        }
-        s->state = SSL3_ST_SW_CERT_B;
-        s->init_num = (int)l;
-        s->init_off = 0;
-
-        /* buffer the message to handle re-xmits */
-        dtls1_buffer_message(s, 0);
-    }
-
-    /* SSL3_ST_SW_CERT_B */
-    return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
-}
-
-#ifndef OPENSSL_NO_TLSEXT
-int dtls1_send_newsession_ticket(SSL *s)
-{
-    if (s->state == SSL3_ST_SW_SESSION_TICKET_A) {
-        unsigned char *p, *senc, *macstart;
-        int len, slen;
-        unsigned int hlen, msg_len;
-        EVP_CIPHER_CTX ctx;
-        HMAC_CTX hctx;
-        SSL_CTX *tctx = s->initial_ctx;
-        unsigned char iv[EVP_MAX_IV_LENGTH];
-        unsigned char key_name[16];
-
-        /* get session encoding length */
-        slen = i2d_SSL_SESSION(s->session, NULL);
-        /*
-         * Some length values are 16 bits, so forget it if session is too
-         * long
-         */
-        if (slen > 0xFF00)
-            return -1;
-        /*
-         * Grow buffer if need be: the length calculation is as follows 12
-         * (DTLS handshake message header) + 4 (ticket lifetime hint) + 2
-         * (ticket length) + 16 (key name) + max_iv_len (iv length) +
-         * session_length + max_enc_block_size (max encrypted session length)
-         * + max_md_size (HMAC).
-         */
-        if (!BUF_MEM_grow(s->init_buf,
-                          DTLS1_HM_HEADER_LENGTH + 22 + EVP_MAX_IV_LENGTH +
-                          EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen))
-            return -1;
-        senc = OPENSSL_malloc(slen);
-        if (!senc)
-            return -1;
-        p = senc;
-        i2d_SSL_SESSION(s->session, &p);
-
-        p = (unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]);
-        EVP_CIPHER_CTX_init(&ctx);
-        HMAC_CTX_init(&hctx);
-        /*
-         * Initialize HMAC and cipher contexts. If callback present it does
-         * all the work otherwise use generated values from parent ctx.
-         */
-        if (tctx->tlsext_ticket_key_cb) {
-            if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
-                                           &hctx, 1) < 0) {
-                OPENSSL_free(senc);
-                return -1;
-            }
-        } else {
-            RAND_pseudo_bytes(iv, 16);
-            EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
-                               tctx->tlsext_tick_aes_key, iv);
-            HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
-                         tlsext_tick_md(), NULL);
-            memcpy(key_name, tctx->tlsext_tick_key_name, 16);
-        }
-        l2n(s->session->tlsext_tick_lifetime_hint, p);
-        /* Skip ticket length for now */
-        p += 2;
-        /* Output key name */
-        macstart = p;
-        memcpy(p, key_name, 16);
-        p += 16;
-        /* output IV */
-        memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
-        p += EVP_CIPHER_CTX_iv_length(&ctx);
-        /* Encrypt session data */
-        EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
-        p += len;
-        EVP_EncryptFinal(&ctx, p, &len);
-        p += len;
-        EVP_CIPHER_CTX_cleanup(&ctx);
-
-        HMAC_Update(&hctx, macstart, p - macstart);
-        HMAC_Final(&hctx, p, &hlen);
-        HMAC_CTX_cleanup(&hctx);
-
-        p += hlen;
-        /* Now write out lengths: p points to end of data written */
-        /* Total length */
-        len = p - (unsigned char *)(s->init_buf->data);
-        /* Ticket length */
-        p = (unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]) + 4;
-        s2n(len - DTLS1_HM_HEADER_LENGTH - 6, p);
-
-        /* number of bytes to write */
-        s->init_num = len;
-        s->state = SSL3_ST_SW_SESSION_TICKET_B;
-        s->init_off = 0;
-        OPENSSL_free(senc);
-
-        /* XDTLS:  set message header ? */
-        msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
-        dtls1_set_message_header(s, (void *)s->init_buf->data,
-                                 SSL3_MT_NEWSESSION_TICKET, msg_len, 0,
-                                 msg_len);
-
-        /* buffer the message to handle re-xmits */
-        dtls1_buffer_message(s, 0);
-    }
-
-    /* SSL3_ST_SW_SESSION_TICKET_B */
-    return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
-}
-#endif

Copied: vendor-crypto/openssl/1.0.1u/ssl/d1_srvr.c (from rev 11605, vendor-crypto/openssl/dist/ssl/d1_srvr.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/ssl/d1_srvr.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/ssl/d1_srvr.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,1763 @@
+/* ssl/d1_srvr.c */
+/*
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/md5.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+
+static const SSL_METHOD *dtls1_get_server_method(int ver);
+static int dtls1_send_hello_verify_request(SSL *s);
+
+static const SSL_METHOD *dtls1_get_server_method(int ver)
+{
+    if (ver == DTLS1_VERSION)
+        return (DTLSv1_server_method());
+    else
+        return (NULL);
+}
+
+IMPLEMENT_dtls1_meth_func(DTLSv1_server_method,
+                          dtls1_accept,
+                          ssl_undefined_function, dtls1_get_server_method)
+
+int dtls1_accept(SSL *s)
+{
+    BUF_MEM *buf;
+    unsigned long Time = (unsigned long)time(NULL);
+    void (*cb) (const SSL *ssl, int type, int val) = NULL;
+    unsigned long alg_k;
+    int ret = -1;
+    int new_state, state, skip = 0;
+    int listen;
+#ifndef OPENSSL_NO_SCTP
+    unsigned char sctpauthkey[64];
+    char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
+#endif
+
+    RAND_add(&Time, sizeof(Time), 0);
+    ERR_clear_error();
+    clear_sys_error();
+
+    if (s->info_callback != NULL)
+        cb = s->info_callback;
+    else if (s->ctx->info_callback != NULL)
+        cb = s->ctx->info_callback;
+
+    listen = s->d1->listen;
+
+    /* init things to blank */
+    s->in_handshake++;
+    if (!SSL_in_init(s) || SSL_in_before(s))
+        SSL_clear(s);
+
+    s->d1->listen = listen;
+#ifndef OPENSSL_NO_SCTP
+    /*
+     * Notify SCTP BIO socket to enter handshake mode and prevent stream
+     * identifier other than 0. Will be ignored if no SCTP is used.
+     */
+    BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
+             s->in_handshake, NULL);
+#endif
+
+    if (s->cert == NULL) {
+        SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
+        return (-1);
+    }
+#ifndef OPENSSL_NO_HEARTBEATS
+    /*
+     * If we're awaiting a HeartbeatResponse, pretend we already got and
+     * don't await it anymore, because Heartbeats don't make sense during
+     * handshakes anyway.
+     */
+    if (s->tlsext_hb_pending) {
+        dtls1_stop_timer(s);
+        s->tlsext_hb_pending = 0;
+        s->tlsext_hb_seq++;
+    }
+#endif
+
+    for (;;) {
+        state = s->state;
+
+        switch (s->state) {
+        case SSL_ST_RENEGOTIATE:
+            s->renegotiate = 1;
+            /* s->state=SSL_ST_ACCEPT; */
+
+        case SSL_ST_BEFORE:
+        case SSL_ST_ACCEPT:
+        case SSL_ST_BEFORE | SSL_ST_ACCEPT:
+        case SSL_ST_OK | SSL_ST_ACCEPT:
+
+            s->server = 1;
+            if (cb != NULL)
+                cb(s, SSL_CB_HANDSHAKE_START, 1);
+
+            if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {
+                SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);
+                return -1;
+            }
+            s->type = SSL_ST_ACCEPT;
+
+            if (s->init_buf == NULL) {
+                if ((buf = BUF_MEM_new()) == NULL) {
+                    ret = -1;
+                    s->state = SSL_ST_ERR;
+                    goto end;
+                }
+                if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
+                    BUF_MEM_free(buf);
+                    ret = -1;
+                    s->state = SSL_ST_ERR;
+                    goto end;
+                }
+                s->init_buf = buf;
+            }
+
+            if (!ssl3_setup_buffers(s)) {
+                ret = -1;
+                s->state = SSL_ST_ERR;
+                goto end;
+            }
+
+            s->init_num = 0;
+            s->d1->change_cipher_spec_ok = 0;
+            /*
+             * Should have been reset by ssl3_get_finished, too.
+             */
+            s->s3->change_cipher_spec = 0;
+
+            if (s->state != SSL_ST_RENEGOTIATE) {
+                /*
+                 * Ok, we now need to push on a buffering BIO so that the
+                 * output is sent in a way that TCP likes :-) ...but not with
+                 * SCTP :-)
+                 */
+#ifndef OPENSSL_NO_SCTP
+                if (!BIO_dgram_is_sctp(SSL_get_wbio(s)))
+#endif
+                    if (!ssl_init_wbio_buffer(s, 1)) {
+                        ret = -1;
+                        s->state = SSL_ST_ERR;
+                        goto end;
+                    }
+
+                ssl3_init_finished_mac(s);
+                s->state = SSL3_ST_SR_CLNT_HELLO_A;
+                s->ctx->stats.sess_accept++;
+            } else if (!s->s3->send_connection_binding &&
+                       !(s->options &
+                         SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
+                /*
+                 * Server attempting to renegotiate with client that doesn't
+                 * support secure renegotiation.
+                 */
+                SSLerr(SSL_F_DTLS1_ACCEPT,
+                       SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
+                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+                ret = -1;
+                s->state = SSL_ST_ERR;
+                goto end;
+            } else {
+                /*
+                 * s->state == SSL_ST_RENEGOTIATE, we will just send a
+                 * HelloRequest
+                 */
+                s->ctx->stats.sess_accept_renegotiate++;
+                s->state = SSL3_ST_SW_HELLO_REQ_A;
+            }
+
+            break;
+
+        case SSL3_ST_SW_HELLO_REQ_A:
+        case SSL3_ST_SW_HELLO_REQ_B:
+
+            s->shutdown = 0;
+            dtls1_clear_sent_buffer(s);
+            dtls1_start_timer(s);
+            ret = dtls1_send_hello_request(s);
+            if (ret <= 0)
+                goto end;
+            s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
+            s->state = SSL3_ST_SW_FLUSH;
+            s->init_num = 0;
+
+            ssl3_init_finished_mac(s);
+            break;
+
+        case SSL3_ST_SW_HELLO_REQ_C:
+            s->state = SSL_ST_OK;
+            break;
+
+        case SSL3_ST_SR_CLNT_HELLO_A:
+        case SSL3_ST_SR_CLNT_HELLO_B:
+        case SSL3_ST_SR_CLNT_HELLO_C:
+
+            s->shutdown = 0;
+            ret = ssl3_get_client_hello(s);
+            if (ret <= 0)
+                goto end;
+            dtls1_stop_timer(s);
+
+            if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
+                s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
+            else
+                s->state = SSL3_ST_SW_SRVR_HELLO_A;
+
+            s->init_num = 0;
+
+            /*
+             * Reflect ClientHello sequence to remain stateless while
+             * listening
+             */
+            if (listen) {
+                memcpy(s->s3->write_sequence, s->s3->read_sequence,
+                       sizeof(s->s3->write_sequence));
+            }
+
+            /* If we're just listening, stop here */
+            if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) {
+                ret = 2;
+                s->d1->listen = 0;
+                /*
+                 * Set expected sequence numbers to continue the handshake.
+                 */
+                s->d1->handshake_read_seq = 2;
+                s->d1->handshake_write_seq = 1;
+                s->d1->next_handshake_write_seq = 1;
+                goto end;
+            }
+
+            break;
+
+        case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
+        case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
+
+            ret = dtls1_send_hello_verify_request(s);
+            if (ret <= 0)
+                goto end;
+            s->state = SSL3_ST_SW_FLUSH;
+            s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
+
+            /* HelloVerifyRequest resets Finished MAC */
+            if (s->version != DTLS1_BAD_VER)
+                ssl3_init_finished_mac(s);
+            break;
+
+#ifndef OPENSSL_NO_SCTP
+        case DTLS1_SCTP_ST_SR_READ_SOCK:
+
+            if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
+                s->s3->in_read_app_data = 2;
+                s->rwstate = SSL_READING;
+                BIO_clear_retry_flags(SSL_get_rbio(s));
+                BIO_set_retry_read(SSL_get_rbio(s));
+                ret = -1;
+                goto end;
+            }
+
+            s->state = SSL3_ST_SR_FINISHED_A;
+            break;
+
+        case DTLS1_SCTP_ST_SW_WRITE_SOCK:
+            ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
+            if (ret < 0)
+                goto end;
+
+            if (ret == 0) {
+                if (s->d1->next_state != SSL_ST_OK) {
+                    s->s3->in_read_app_data = 2;
+                    s->rwstate = SSL_READING;
+                    BIO_clear_retry_flags(SSL_get_rbio(s));
+                    BIO_set_retry_read(SSL_get_rbio(s));
+                    ret = -1;
+                    goto end;
+                }
+            }
+
+            s->state = s->d1->next_state;
+            break;
+#endif
+
+        case SSL3_ST_SW_SRVR_HELLO_A:
+        case SSL3_ST_SW_SRVR_HELLO_B:
+            s->renegotiate = 2;
+            dtls1_start_timer(s);
+            ret = dtls1_send_server_hello(s);
+            if (ret <= 0)
+                goto end;
+
+            if (s->hit) {
+#ifndef OPENSSL_NO_SCTP
+                /*
+                 * Add new shared key for SCTP-Auth, will be ignored if no
+                 * SCTP used.
+                 */
+                snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
+                         DTLS1_SCTP_AUTH_LABEL);
+
+                if (SSL_export_keying_material(s, sctpauthkey,
+                        sizeof(sctpauthkey), labelbuffer,
+                        sizeof(labelbuffer), NULL, 0, 0) <= 0) {
+                    ret = -1;
+                    s->state = SSL_ST_ERR;
+                    goto end;
+                }
+
+                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
+                         sizeof(sctpauthkey), sctpauthkey);
+#endif
+#ifndef OPENSSL_NO_TLSEXT
+                if (s->tlsext_ticket_expected)
+                    s->state = SSL3_ST_SW_SESSION_TICKET_A;
+                else
+                    s->state = SSL3_ST_SW_CHANGE_A;
+#else
+                s->state = SSL3_ST_SW_CHANGE_A;
+#endif
+            } else
+                s->state = SSL3_ST_SW_CERT_A;
+            s->init_num = 0;
+            break;
+
+        case SSL3_ST_SW_CERT_A:
+        case SSL3_ST_SW_CERT_B:
+            /* Check if it is anon DH or normal PSK */
+            if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
+                && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
+                dtls1_start_timer(s);
+                ret = dtls1_send_server_certificate(s);
+                if (ret <= 0)
+                    goto end;
+#ifndef OPENSSL_NO_TLSEXT
+                if (s->tlsext_status_expected)
+                    s->state = SSL3_ST_SW_CERT_STATUS_A;
+                else
+                    s->state = SSL3_ST_SW_KEY_EXCH_A;
+            } else {
+                skip = 1;
+                s->state = SSL3_ST_SW_KEY_EXCH_A;
+            }
+#else
+            } else
+                skip = 1;
+
+            s->state = SSL3_ST_SW_KEY_EXCH_A;
+#endif
+            s->init_num = 0;
+            break;
+
+        case SSL3_ST_SW_KEY_EXCH_A:
+        case SSL3_ST_SW_KEY_EXCH_B:
+            alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+
+            /*
+             * clear this, it may get reset by
+             * send_server_key_exchange
+             */
+            s->s3->tmp.use_rsa_tmp = 0;
+
+            /*
+             * only send if a DH key exchange or RSA but we have a sign only
+             * certificate
+             */
+            if (0
+                /*
+                 * PSK: send ServerKeyExchange if PSK identity hint if
+                 * provided
+                 */
+#ifndef OPENSSL_NO_PSK
+                || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
+#endif
+                || (alg_k & SSL_kEDH)
+                || (alg_k & SSL_kEECDH)
+                || ((alg_k & SSL_kRSA)
+                    && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
+                        || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
+                            && EVP_PKEY_size(s->cert->pkeys
+                                             [SSL_PKEY_RSA_ENC].privatekey) *
+                            8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
+                        )
+                    )
+                )
+                ) {
+                dtls1_start_timer(s);
+                ret = dtls1_send_server_key_exchange(s);
+                if (ret <= 0)
+                    goto end;
+            } else
+                skip = 1;
+
+            s->state = SSL3_ST_SW_CERT_REQ_A;
+            s->init_num = 0;
+            break;
+
+        case SSL3_ST_SW_CERT_REQ_A:
+        case SSL3_ST_SW_CERT_REQ_B:
+            if (                /* don't request cert unless asked for it: */
+                   !(s->verify_mode & SSL_VERIFY_PEER) ||
+                   /*
+                    * if SSL_VERIFY_CLIENT_ONCE is set, don't request cert
+                    * during re-negotiation:
+                    */
+                   ((s->session->peer != NULL) &&
+                    (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
+                   /*
+                    * never request cert in anonymous ciphersuites (see
+                    * section "Certificate request" in SSL 3 drafts and in
+                    * RFC 2246):
+                    */
+                   ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
+                    /*
+                     * ... except when the application insists on
+                     * verification (against the specs, but s3_clnt.c accepts
+                     * this for SSL 3)
+                     */
+                    !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
+                   /*
+                    * never request cert in Kerberos ciphersuites
+                    */
+                   (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)
+                   /*
+                    * With normal PSK Certificates and Certificate Requests
+                    * are omitted
+                    */
+                   || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
+                /* no cert request */
+                skip = 1;
+                s->s3->tmp.cert_request = 0;
+                s->state = SSL3_ST_SW_SRVR_DONE_A;
+#ifndef OPENSSL_NO_SCTP
+                if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
+                    s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A;
+                    s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
+                }
+#endif
+            } else {
+                s->s3->tmp.cert_request = 1;
+                dtls1_start_timer(s);
+                ret = dtls1_send_certificate_request(s);
+                if (ret <= 0)
+                    goto end;
+#ifndef NETSCAPE_HANG_BUG
+                s->state = SSL3_ST_SW_SRVR_DONE_A;
+# ifndef OPENSSL_NO_SCTP
+                if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
+                    s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A;
+                    s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
+                }
+# endif
+#else
+                s->state = SSL3_ST_SW_FLUSH;
+                s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
+# ifndef OPENSSL_NO_SCTP
+                if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
+                    s->d1->next_state = s->s3->tmp.next_state;
+                    s->s3->tmp.next_state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
+                }
+# endif
+#endif
+                s->init_num = 0;
+            }
+            break;
+
+        case SSL3_ST_SW_SRVR_DONE_A:
+        case SSL3_ST_SW_SRVR_DONE_B:
+            dtls1_start_timer(s);
+            ret = dtls1_send_server_done(s);
+            if (ret <= 0)
+                goto end;
+            s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
+            s->state = SSL3_ST_SW_FLUSH;
+            s->init_num = 0;
+            break;
+
+        case SSL3_ST_SW_FLUSH:
+            s->rwstate = SSL_WRITING;
+            if (BIO_flush(s->wbio) <= 0) {
+                /*
+                 * If the write error was fatal, stop trying
+                 */
+                if (!BIO_should_retry(s->wbio)) {
+                    s->rwstate = SSL_NOTHING;
+                    s->state = s->s3->tmp.next_state;
+                }
+
+                ret = -1;
+                goto end;
+            }
+            s->rwstate = SSL_NOTHING;
+            s->state = s->s3->tmp.next_state;
+            break;
+
+        case SSL3_ST_SR_CERT_A:
+        case SSL3_ST_SR_CERT_B:
+            /* Check for second client hello (MS SGC) */
+            ret = ssl3_check_client_hello(s);
+            if (ret <= 0)
+                goto end;
+            if (ret == 2) {
+                dtls1_stop_timer(s);
+                s->state = SSL3_ST_SR_CLNT_HELLO_C;
+            } else {
+                if (s->s3->tmp.cert_request) {
+                    ret = ssl3_get_client_certificate(s);
+                    if (ret <= 0)
+                        goto end;
+                }
+                s->init_num = 0;
+                s->state = SSL3_ST_SR_KEY_EXCH_A;
+            }
+            break;
+
+        case SSL3_ST_SR_KEY_EXCH_A:
+        case SSL3_ST_SR_KEY_EXCH_B:
+            ret = ssl3_get_client_key_exchange(s);
+            if (ret <= 0)
+                goto end;
+#ifndef OPENSSL_NO_SCTP
+            /*
+             * Add new shared key for SCTP-Auth, will be ignored if no SCTP
+             * used.
+             */
+            snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
+                     DTLS1_SCTP_AUTH_LABEL);
+
+            if (SSL_export_keying_material(s, sctpauthkey,
+                                       sizeof(sctpauthkey), labelbuffer,
+                                       sizeof(labelbuffer), NULL, 0, 0) <= 0) {
+                ret = -1;
+                s->state = SSL_ST_ERR;
+                goto end;
+            }
+
+            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
+                     sizeof(sctpauthkey), sctpauthkey);
+#endif
+
+            s->state = SSL3_ST_SR_CERT_VRFY_A;
+            s->init_num = 0;
+
+            if (ret == 2) {
+                /*
+                 * For the ECDH ciphersuites when the client sends its ECDH
+                 * pub key in a certificate, the CertificateVerify message is
+                 * not sent.
+                 */
+                s->state = SSL3_ST_SR_FINISHED_A;
+                s->init_num = 0;
+            } else {
+                s->state = SSL3_ST_SR_CERT_VRFY_A;
+                s->init_num = 0;
+
+                /*
+                 * We need to get hashes here so if there is a client cert,
+                 * it can be verified
+                 */
+                s->method->ssl3_enc->cert_verify_mac(s,
+                                                     NID_md5,
+                                                     &(s->s3->
+                                                       tmp.cert_verify_md
+                                                       [0]));
+                s->method->ssl3_enc->cert_verify_mac(s, NID_sha1,
+                                                     &(s->s3->
+                                                       tmp.cert_verify_md
+                                                       [MD5_DIGEST_LENGTH]));
+            }
+            break;
+
+        case SSL3_ST_SR_CERT_VRFY_A:
+        case SSL3_ST_SR_CERT_VRFY_B:
+            ret = ssl3_get_cert_verify(s);
+            if (ret <= 0)
+                goto end;
+#ifndef OPENSSL_NO_SCTP
+            if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
+                state == SSL_ST_RENEGOTIATE)
+                s->state = DTLS1_SCTP_ST_SR_READ_SOCK;
+            else
+#endif
+                s->state = SSL3_ST_SR_FINISHED_A;
+            s->init_num = 0;
+            break;
+
+        case SSL3_ST_SR_FINISHED_A:
+        case SSL3_ST_SR_FINISHED_B:
+            /*
+             * Enable CCS. Receiving a CCS clears the flag, so make
+             * sure not to re-enable it to ban duplicates. This *should* be the
+             * first time we have received one - but we check anyway to be
+             * cautious.
+             * s->s3->change_cipher_spec is set when a CCS is
+             * processed in d1_pkt.c, and remains set until
+             * the client's Finished message is read.
+             */
+            if (!s->s3->change_cipher_spec)
+                s->d1->change_cipher_spec_ok = 1;
+            ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A,
+                                    SSL3_ST_SR_FINISHED_B);
+            if (ret <= 0)
+                goto end;
+            dtls1_stop_timer(s);
+            if (s->hit)
+                s->state = SSL_ST_OK;
+#ifndef OPENSSL_NO_TLSEXT
+            else if (s->tlsext_ticket_expected)
+                s->state = SSL3_ST_SW_SESSION_TICKET_A;
+#endif
+            else
+                s->state = SSL3_ST_SW_CHANGE_A;
+            s->init_num = 0;
+            break;
+
+#ifndef OPENSSL_NO_TLSEXT
+        case SSL3_ST_SW_SESSION_TICKET_A:
+        case SSL3_ST_SW_SESSION_TICKET_B:
+            ret = dtls1_send_newsession_ticket(s);
+            if (ret <= 0)
+                goto end;
+            s->state = SSL3_ST_SW_CHANGE_A;
+            s->init_num = 0;
+            break;
+
+        case SSL3_ST_SW_CERT_STATUS_A:
+        case SSL3_ST_SW_CERT_STATUS_B:
+            ret = ssl3_send_cert_status(s);
+            if (ret <= 0)
+                goto end;
+            s->state = SSL3_ST_SW_KEY_EXCH_A;
+            s->init_num = 0;
+            break;
+
+#endif
+
+        case SSL3_ST_SW_CHANGE_A:
+        case SSL3_ST_SW_CHANGE_B:
+
+            s->session->cipher = s->s3->tmp.new_cipher;
+            if (!s->method->ssl3_enc->setup_key_block(s)) {
+                ret = -1;
+                s->state = SSL_ST_ERR;
+                goto end;
+            }
+
+            ret = dtls1_send_change_cipher_spec(s,
+                                                SSL3_ST_SW_CHANGE_A,
+                                                SSL3_ST_SW_CHANGE_B);
+
+            if (ret <= 0)
+                goto end;
+
+#ifndef OPENSSL_NO_SCTP
+            if (!s->hit) {
+                /*
+                 * Change to new shared key of SCTP-Auth, will be ignored if
+                 * no SCTP used.
+                 */
+                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY,
+                         0, NULL);
+            }
+#endif
+
+            s->state = SSL3_ST_SW_FINISHED_A;
+            s->init_num = 0;
+
+            if (!s->method->ssl3_enc->change_cipher_state(s,
+                                                          SSL3_CHANGE_CIPHER_SERVER_WRITE))
+            {
+                ret = -1;
+                s->state = SSL_ST_ERR;
+                goto end;
+            }
+
+            dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
+            break;
+
+        case SSL3_ST_SW_FINISHED_A:
+        case SSL3_ST_SW_FINISHED_B:
+            ret = dtls1_send_finished(s,
+                                      SSL3_ST_SW_FINISHED_A,
+                                      SSL3_ST_SW_FINISHED_B,
+                                      s->method->
+                                      ssl3_enc->server_finished_label,
+                                      s->method->
+                                      ssl3_enc->server_finished_label_len);
+            if (ret <= 0)
+                goto end;
+            s->state = SSL3_ST_SW_FLUSH;
+            if (s->hit) {
+                s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A;
+
+#ifndef OPENSSL_NO_SCTP
+                /*
+                 * Change to new shared key of SCTP-Auth, will be ignored if
+                 * no SCTP used.
+                 */
+                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY,
+                         0, NULL);
+#endif
+            } else {
+                s->s3->tmp.next_state = SSL_ST_OK;
+#ifndef OPENSSL_NO_SCTP
+                if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
+                    s->d1->next_state = s->s3->tmp.next_state;
+                    s->s3->tmp.next_state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
+                }
+#endif
+            }
+            s->init_num = 0;
+            break;
+
+        case SSL_ST_OK:
+            /* clean a few things up */
+            ssl3_cleanup_key_block(s);
+
+#if 0
+            BUF_MEM_free(s->init_buf);
+            s->init_buf = NULL;
+#endif
+
+            /* remove buffering on output */
+            ssl_free_wbio_buffer(s);
+
+            s->init_num = 0;
+
+            if (s->renegotiate == 2) { /* skipped if we just sent a
+                                        * HelloRequest */
+                s->renegotiate = 0;
+                s->new_session = 0;
+
+                ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
+
+                s->ctx->stats.sess_accept_good++;
+                /* s->server=1; */
+                s->handshake_func = dtls1_accept;
+
+                if (cb != NULL)
+                    cb(s, SSL_CB_HANDSHAKE_DONE, 1);
+            }
+
+            ret = 1;
+
+            /* done handshaking, next message is client hello */
+            s->d1->handshake_read_seq = 0;
+            /* next message is server hello */
+            s->d1->handshake_write_seq = 0;
+            s->d1->next_handshake_write_seq = 0;
+            dtls1_clear_received_buffer(s);
+            goto end;
+            /* break; */
+
+        case SSL_ST_ERR:
+        default:
+            SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_UNKNOWN_STATE);
+            ret = -1;
+            goto end;
+            /* break; */
+        }
+
+        if (!s->s3->tmp.reuse_message && !skip) {
+            if (s->debug) {
+                if ((ret = BIO_flush(s->wbio)) <= 0)
+                    goto end;
+            }
+
+            if ((cb != NULL) && (s->state != state)) {
+                new_state = s->state;
+                s->state = state;
+                cb(s, SSL_CB_ACCEPT_LOOP, 1);
+                s->state = new_state;
+            }
+        }
+        skip = 0;
+    }
+ end:
+    /* BIO_flush(s->wbio); */
+
+    s->in_handshake--;
+#ifndef OPENSSL_NO_SCTP
+    /*
+     * Notify SCTP BIO socket to leave handshake mode and prevent stream
+     * identifier other than 0. Will be ignored if no SCTP is used.
+     */
+    BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
+             s->in_handshake, NULL);
+#endif
+
+    if (cb != NULL)
+        cb(s, SSL_CB_ACCEPT_EXIT, ret);
+    return (ret);
+}
+
+int dtls1_send_hello_request(SSL *s)
+{
+    unsigned char *p;
+
+    if (s->state == SSL3_ST_SW_HELLO_REQ_A) {
+        p = (unsigned char *)s->init_buf->data;
+        p = dtls1_set_message_header(s, p, SSL3_MT_HELLO_REQUEST, 0, 0, 0);
+
+        s->state = SSL3_ST_SW_HELLO_REQ_B;
+        /* number of bytes to write */
+        s->init_num = DTLS1_HM_HEADER_LENGTH;
+        s->init_off = 0;
+
+        /*
+         * no need to buffer this message, since there are no retransmit
+         * requests for it
+         */
+    }
+
+    /* SSL3_ST_SW_HELLO_REQ_B */
+    return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+}
+
+int dtls1_send_hello_verify_request(SSL *s)
+{
+    unsigned int msg_len;
+    unsigned char *msg, *buf, *p;
+
+    if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {
+        buf = (unsigned char *)s->init_buf->data;
+
+        msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
+        *(p++) = s->version >> 8;
+        *(p++) = s->version & 0xFF;
+
+        if (s->ctx->app_gen_cookie_cb == NULL ||
+            s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
+                                      &(s->d1->cookie_len)) == 0) {
+            SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,
+                   ERR_R_INTERNAL_ERROR);
+            s->state = SSL_ST_ERR;
+            return 0;
+        }
+
+        *(p++) = (unsigned char)s->d1->cookie_len;
+        memcpy(p, s->d1->cookie, s->d1->cookie_len);
+        p += s->d1->cookie_len;
+        msg_len = p - msg;
+
+        dtls1_set_message_header(s, buf,
+                                 DTLS1_MT_HELLO_VERIFY_REQUEST, msg_len, 0,
+                                 msg_len);
+
+        s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
+        /* number of bytes to write */
+        s->init_num = p - buf;
+        s->init_off = 0;
+    }
+
+    /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
+    return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+}
+
+int dtls1_send_server_hello(SSL *s)
+{
+    unsigned char *buf;
+    unsigned char *p, *d;
+    int i;
+    unsigned int sl;
+    unsigned long l;
+
+    if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {
+        buf = (unsigned char *)s->init_buf->data;
+        p = s->s3->server_random;
+        ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE);
+        /* Do the message type and length last */
+        d = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
+
+        *(p++) = s->version >> 8;
+        *(p++) = s->version & 0xff;
+
+        /* Random stuff */
+        memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
+        p += SSL3_RANDOM_SIZE;
+
+        /*
+         * now in theory we have 3 options to sending back the session id.
+         * If it is a re-use, we send back the old session-id, if it is a new
+         * session, we send back the new session-id or we send back a 0
+         * length session-id if we want it to be single use. Currently I will
+         * not implement the '0' length session-id 12-Jan-98 - I'll now
+         * support the '0' length stuff.
+         */
+        if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER))
+            s->session->session_id_length = 0;
+
+        sl = s->session->session_id_length;
+        if (sl > sizeof s->session->session_id) {
+            SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
+        *(p++) = sl;
+        memcpy(p, s->session->session_id, sl);
+        p += sl;
+
+        /* put the cipher */
+        if (s->s3->tmp.new_cipher == NULL)
+            return -1;
+        i = ssl3_put_cipher_by_char(s->s3->tmp.new_cipher, p);
+        p += i;
+
+        /* put the compression method */
+#ifdef OPENSSL_NO_COMP
+        *(p++) = 0;
+#else
+        if (s->s3->tmp.new_compression == NULL)
+            *(p++) = 0;
+        else
+            *(p++) = s->s3->tmp.new_compression->id;
+#endif
+
+#ifndef OPENSSL_NO_TLSEXT
+        if (ssl_prepare_serverhello_tlsext(s) <= 0) {
+            SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, SSL_R_SERVERHELLO_TLSEXT);
+            return -1;
+        }
+        if ((p =
+             ssl_add_serverhello_tlsext(s, p,
+                                        buf + SSL3_RT_MAX_PLAIN_LENGTH)) ==
+            NULL) {
+            SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
+#endif
+
+        /* do the header */
+        l = (p - d);
+        d = buf;
+
+        d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l);
+
+        s->state = SSL3_ST_SW_SRVR_HELLO_B;
+        /* number of bytes to write */
+        s->init_num = p - buf;
+        s->init_off = 0;
+
+        /* buffer the message to handle re-xmits */
+        dtls1_buffer_message(s, 0);
+    }
+
+    /* SSL3_ST_SW_SRVR_HELLO_B */
+    return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+}
+
+int dtls1_send_server_done(SSL *s)
+{
+    unsigned char *p;
+
+    if (s->state == SSL3_ST_SW_SRVR_DONE_A) {
+        p = (unsigned char *)s->init_buf->data;
+
+        /* do the header */
+        p = dtls1_set_message_header(s, p, SSL3_MT_SERVER_DONE, 0, 0, 0);
+
+        s->state = SSL3_ST_SW_SRVR_DONE_B;
+        /* number of bytes to write */
+        s->init_num = DTLS1_HM_HEADER_LENGTH;
+        s->init_off = 0;
+
+        /* buffer the message to handle re-xmits */
+        dtls1_buffer_message(s, 0);
+    }
+
+    /* SSL3_ST_SW_SRVR_DONE_B */
+    return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+}
+
+int dtls1_send_server_key_exchange(SSL *s)
+{
+#ifndef OPENSSL_NO_RSA
+    unsigned char *q;
+    int j, num;
+    RSA *rsa;
+    unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
+    unsigned int u;
+#endif
+#ifndef OPENSSL_NO_DH
+    DH *dh = NULL, *dhp;
+#endif
+#ifndef OPENSSL_NO_ECDH
+    EC_KEY *ecdh = NULL, *ecdhp;
+    unsigned char *encodedPoint = NULL;
+    int encodedlen = 0;
+    int curve_id = 0;
+    BN_CTX *bn_ctx = NULL;
+#endif
+    EVP_PKEY *pkey;
+    unsigned char *p, *d;
+    int al, i;
+    unsigned long type;
+    int n;
+    CERT *cert;
+    BIGNUM *r[4];
+    int nr[4], kn;
+    BUF_MEM *buf;
+    EVP_MD_CTX md_ctx;
+
+    EVP_MD_CTX_init(&md_ctx);
+    if (s->state == SSL3_ST_SW_KEY_EXCH_A) {
+        type = s->s3->tmp.new_cipher->algorithm_mkey;
+        cert = s->cert;
+
+        buf = s->init_buf;
+
+        r[0] = r[1] = r[2] = r[3] = NULL;
+        n = 0;
+#ifndef OPENSSL_NO_RSA
+        if (type & SSL_kRSA) {
+            rsa = cert->rsa_tmp;
+            if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) {
+                rsa = s->cert->rsa_tmp_cb(s,
+                                          SSL_C_IS_EXPORT(s->s3->
+                                                          tmp.new_cipher),
+                                          SSL_C_EXPORT_PKEYLENGTH(s->s3->
+                                                                  tmp.new_cipher));
+                if (rsa == NULL) {
+                    al = SSL_AD_HANDSHAKE_FAILURE;
+                    SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
+                           SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
+                    goto f_err;
+                }
+                RSA_up_ref(rsa);
+                cert->rsa_tmp = rsa;
+            }
+            if (rsa == NULL) {
+                al = SSL_AD_HANDSHAKE_FAILURE;
+                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
+                       SSL_R_MISSING_TMP_RSA_KEY);
+                goto f_err;
+            }
+            r[0] = rsa->n;
+            r[1] = rsa->e;
+            s->s3->tmp.use_rsa_tmp = 1;
+        } else
+#endif
+#ifndef OPENSSL_NO_DH
+        if (type & SSL_kEDH) {
+            dhp = cert->dh_tmp;
+            if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
+                dhp = s->cert->dh_tmp_cb(s,
+                                         SSL_C_IS_EXPORT(s->s3->
+                                                         tmp.new_cipher),
+                                         SSL_C_EXPORT_PKEYLENGTH(s->s3->
+                                                                 tmp.new_cipher));
+            if (dhp == NULL) {
+                al = SSL_AD_HANDSHAKE_FAILURE;
+                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
+                       SSL_R_MISSING_TMP_DH_KEY);
+                goto f_err;
+            }
+
+            if (s->s3->tmp.dh != NULL) {
+                DH_free(dh);
+                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
+                       ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+
+            if ((dh = DHparams_dup(dhp)) == NULL) {
+                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
+                goto err;
+            }
+
+            s->s3->tmp.dh = dh;
+            if ((dhp->pub_key == NULL ||
+                 dhp->priv_key == NULL ||
+                 (s->options & SSL_OP_SINGLE_DH_USE))) {
+                if (!DH_generate_key(dh)) {
+                    SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
+                           ERR_R_DH_LIB);
+                    goto err;
+                }
+            } else {
+                dh->pub_key = BN_dup(dhp->pub_key);
+                dh->priv_key = BN_dup(dhp->priv_key);
+                if ((dh->pub_key == NULL) || (dh->priv_key == NULL)) {
+                    SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
+                           ERR_R_DH_LIB);
+                    goto err;
+                }
+            }
+            r[0] = dh->p;
+            r[1] = dh->g;
+            r[2] = dh->pub_key;
+        } else
+#endif
+#ifndef OPENSSL_NO_ECDH
+        if (type & SSL_kEECDH) {
+            const EC_GROUP *group;
+
+            ecdhp = cert->ecdh_tmp;
+            if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL)) {
+                ecdhp = s->cert->ecdh_tmp_cb(s,
+                                             SSL_C_IS_EXPORT(s->s3->
+                                                             tmp.new_cipher),
+                                             SSL_C_EXPORT_PKEYLENGTH(s->
+                                                                     s3->tmp.new_cipher));
+            }
+            if (ecdhp == NULL) {
+                al = SSL_AD_HANDSHAKE_FAILURE;
+                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
+                       SSL_R_MISSING_TMP_ECDH_KEY);
+                goto f_err;
+            }
+
+            if (s->s3->tmp.ecdh != NULL) {
+                EC_KEY_free(s->s3->tmp.ecdh);
+                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
+                       ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+
+            /* Duplicate the ECDH structure. */
+            if (ecdhp == NULL) {
+                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
+                goto err;
+            }
+            if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) {
+                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
+                goto err;
+            }
+
+            s->s3->tmp.ecdh = ecdh;
+            if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
+                (EC_KEY_get0_private_key(ecdh) == NULL) ||
+                (s->options & SSL_OP_SINGLE_ECDH_USE)) {
+                if (!EC_KEY_generate_key(ecdh)) {
+                    SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
+                           ERR_R_ECDH_LIB);
+                    goto err;
+                }
+            }
+
+            if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
+                (EC_KEY_get0_public_key(ecdh) == NULL) ||
+                (EC_KEY_get0_private_key(ecdh) == NULL)) {
+                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
+                goto err;
+            }
+
+            if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
+                (EC_GROUP_get_degree(group) > 163)) {
+                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
+                       SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
+                goto err;
+            }
+
+            /*
+             * XXX: For now, we only support ephemeral ECDH keys over named
+             * (not generic) curves. For supported named curves, curve_id is
+             * non-zero.
+             */
+            if ((curve_id =
+                 tls1_ec_nid2curve_id(EC_GROUP_get_curve_name(group)))
+                == 0) {
+                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
+                       SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
+                goto err;
+            }
+
+            /*
+             * Encode the public key. First check the size of encoding and
+             * allocate memory accordingly.
+             */
+            encodedlen = EC_POINT_point2oct(group,
+                                            EC_KEY_get0_public_key(ecdh),
+                                            POINT_CONVERSION_UNCOMPRESSED,
+                                            NULL, 0, NULL);
+
+            encodedPoint = (unsigned char *)
+                OPENSSL_malloc(encodedlen * sizeof(unsigned char));
+            bn_ctx = BN_CTX_new();
+            if ((encodedPoint == NULL) || (bn_ctx == NULL)) {
+                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
+                       ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+
+            encodedlen = EC_POINT_point2oct(group,
+                                            EC_KEY_get0_public_key(ecdh),
+                                            POINT_CONVERSION_UNCOMPRESSED,
+                                            encodedPoint, encodedlen, bn_ctx);
+
+            if (encodedlen == 0) {
+                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
+                goto err;
+            }
+
+            BN_CTX_free(bn_ctx);
+            bn_ctx = NULL;
+
+            /*
+             * XXX: For now, we only support named (not generic) curves in
+             * ECDH ephemeral key exchanges. In this situation, we need four
+             * additional bytes to encode the entire ServerECDHParams
+             * structure.
+             */
+            n = 4 + encodedlen;
+
+            /*
+             * We'll generate the serverKeyExchange message explicitly so we
+             * can set these to NULLs
+             */
+            r[0] = NULL;
+            r[1] = NULL;
+            r[2] = NULL;
+            r[3] = NULL;
+        } else
+#endif                          /* !OPENSSL_NO_ECDH */
+#ifndef OPENSSL_NO_PSK
+        if (type & SSL_kPSK) {
+            /*
+             * reserve size for record length and PSK identity hint
+             */
+            n += 2 + strlen(s->ctx->psk_identity_hint);
+        } else
+#endif                          /* !OPENSSL_NO_PSK */
+        {
+            al = SSL_AD_HANDSHAKE_FAILURE;
+            SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
+                   SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
+            goto f_err;
+        }
+        for (i = 0; r[i] != NULL; i++) {
+            nr[i] = BN_num_bytes(r[i]);
+            n += 2 + nr[i];
+        }
+
+        if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
+            && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
+            if ((pkey = ssl_get_sign_pkey(s, s->s3->tmp.new_cipher, NULL))
+                == NULL) {
+                al = SSL_AD_DECODE_ERROR;
+                goto f_err;
+            }
+            kn = EVP_PKEY_size(pkey);
+        } else {
+            pkey = NULL;
+            kn = 0;
+        }
+
+        if (!BUF_MEM_grow_clean(buf, n + DTLS1_HM_HEADER_LENGTH + kn)) {
+            SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_BUF);
+            goto err;
+        }
+        d = (unsigned char *)s->init_buf->data;
+        p = &(d[DTLS1_HM_HEADER_LENGTH]);
+
+        for (i = 0; r[i] != NULL; i++) {
+            s2n(nr[i], p);
+            BN_bn2bin(r[i], p);
+            p += nr[i];
+        }
+
+#ifndef OPENSSL_NO_ECDH
+        if (type & SSL_kEECDH) {
+            /*
+             * XXX: For now, we only support named (not generic) curves. In
+             * this situation, the serverKeyExchange message has: [1 byte
+             * CurveType], [2 byte CurveName] [1 byte length of encoded
+             * point], followed by the actual encoded point itself
+             */
+            *p = NAMED_CURVE_TYPE;
+            p += 1;
+            *p = 0;
+            p += 1;
+            *p = curve_id;
+            p += 1;
+            *p = encodedlen;
+            p += 1;
+            memcpy((unsigned char *)p,
+                   (unsigned char *)encodedPoint, encodedlen);
+            OPENSSL_free(encodedPoint);
+            encodedPoint = NULL;
+            p += encodedlen;
+        }
+#endif
+
+#ifndef OPENSSL_NO_PSK
+        if (type & SSL_kPSK) {
+            /* copy PSK identity hint */
+            s2n(strlen(s->ctx->psk_identity_hint), p);
+            strncpy((char *)p, s->ctx->psk_identity_hint,
+                    strlen(s->ctx->psk_identity_hint));
+            p += strlen(s->ctx->psk_identity_hint);
+        }
+#endif
+
+        /* not anonymous */
+        if (pkey != NULL) {
+            /*
+             * n is the length of the params, they start at
+             * &(d[DTLS1_HM_HEADER_LENGTH]) and p points to the space at the
+             * end.
+             */
+#ifndef OPENSSL_NO_RSA
+            if (pkey->type == EVP_PKEY_RSA) {
+                q = md_buf;
+                j = 0;
+                for (num = 2; num > 0; num--) {
+                    EVP_DigestInit_ex(&md_ctx, (num == 2)
+                                      ? s->ctx->md5 : s->ctx->sha1, NULL);
+                    EVP_DigestUpdate(&md_ctx, &(s->s3->client_random[0]),
+                                     SSL3_RANDOM_SIZE);
+                    EVP_DigestUpdate(&md_ctx, &(s->s3->server_random[0]),
+                                     SSL3_RANDOM_SIZE);
+                    EVP_DigestUpdate(&md_ctx, &(d[DTLS1_HM_HEADER_LENGTH]),
+                                     n);
+                    EVP_DigestFinal_ex(&md_ctx, q, (unsigned int *)&i);
+                    q += i;
+                    j += i;
+                }
+                if (RSA_sign(NID_md5_sha1, md_buf, j,
+                             &(p[2]), &u, pkey->pkey.rsa) <= 0) {
+                    SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_RSA);
+                    goto err;
+                }
+                s2n(u, p);
+                n += u + 2;
+            } else
+#endif
+#if !defined(OPENSSL_NO_DSA)
+            if (pkey->type == EVP_PKEY_DSA) {
+                /* lets do DSS */
+                EVP_SignInit_ex(&md_ctx, EVP_dss1(), NULL);
+                EVP_SignUpdate(&md_ctx, &(s->s3->client_random[0]),
+                               SSL3_RANDOM_SIZE);
+                EVP_SignUpdate(&md_ctx, &(s->s3->server_random[0]),
+                               SSL3_RANDOM_SIZE);
+                EVP_SignUpdate(&md_ctx, &(d[DTLS1_HM_HEADER_LENGTH]), n);
+                if (!EVP_SignFinal(&md_ctx, &(p[2]),
+                                   (unsigned int *)&i, pkey)) {
+                    SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_DSA);
+                    goto err;
+                }
+                s2n(i, p);
+                n += i + 2;
+            } else
+#endif
+#if !defined(OPENSSL_NO_ECDSA)
+            if (pkey->type == EVP_PKEY_EC) {
+                /* let's do ECDSA */
+                EVP_SignInit_ex(&md_ctx, EVP_ecdsa(), NULL);
+                EVP_SignUpdate(&md_ctx, &(s->s3->client_random[0]),
+                               SSL3_RANDOM_SIZE);
+                EVP_SignUpdate(&md_ctx, &(s->s3->server_random[0]),
+                               SSL3_RANDOM_SIZE);
+                EVP_SignUpdate(&md_ctx, &(d[DTLS1_HM_HEADER_LENGTH]), n);
+                if (!EVP_SignFinal(&md_ctx, &(p[2]),
+                                   (unsigned int *)&i, pkey)) {
+                    SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
+                           ERR_LIB_ECDSA);
+                    goto err;
+                }
+                s2n(i, p);
+                n += i + 2;
+            } else
+#endif
+            {
+                /* Is this error check actually needed? */
+                al = SSL_AD_HANDSHAKE_FAILURE;
+                SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
+                       SSL_R_UNKNOWN_PKEY_TYPE);
+                goto f_err;
+            }
+        }
+
+        d = dtls1_set_message_header(s, d,
+                                     SSL3_MT_SERVER_KEY_EXCHANGE, n, 0, n);
+
+        /*
+         * we should now have things packed up, so lets send it off
+         */
+        s->init_num = n + DTLS1_HM_HEADER_LENGTH;
+        s->init_off = 0;
+
+        /* buffer the message to handle re-xmits */
+        dtls1_buffer_message(s, 0);
+    }
+
+    s->state = SSL3_ST_SW_KEY_EXCH_B;
+    EVP_MD_CTX_cleanup(&md_ctx);
+    return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+ f_err:
+    ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ err:
+#ifndef OPENSSL_NO_ECDH
+    if (encodedPoint != NULL)
+        OPENSSL_free(encodedPoint);
+    BN_CTX_free(bn_ctx);
+#endif
+    EVP_MD_CTX_cleanup(&md_ctx);
+    return (-1);
+}
+
+int dtls1_send_certificate_request(SSL *s)
+{
+    unsigned char *p, *d;
+    int i, j, nl, off, n;
+    STACK_OF(X509_NAME) *sk = NULL;
+    X509_NAME *name;
+    BUF_MEM *buf;
+    unsigned int msg_len;
+
+    if (s->state == SSL3_ST_SW_CERT_REQ_A) {
+        buf = s->init_buf;
+
+        d = p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
+
+        /* get the list of acceptable cert types */
+        p++;
+        n = ssl3_get_req_cert_type(s, p);
+        d[0] = n;
+        p += n;
+        n++;
+
+        off = n;
+        p += 2;
+        n += 2;
+
+        sk = SSL_get_client_CA_list(s);
+        nl = 0;
+        if (sk != NULL) {
+            for (i = 0; i < sk_X509_NAME_num(sk); i++) {
+                name = sk_X509_NAME_value(sk, i);
+                j = i2d_X509_NAME(name, NULL);
+                if (!BUF_MEM_grow_clean
+                    (buf, DTLS1_HM_HEADER_LENGTH + n + j + 2)) {
+                    SSLerr(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST,
+                           ERR_R_BUF_LIB);
+                    goto err;
+                }
+                p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH + n]);
+                if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) {
+                    s2n(j, p);
+                    i2d_X509_NAME(name, &p);
+                    n += 2 + j;
+                    nl += 2 + j;
+                } else {
+                    d = p;
+                    i2d_X509_NAME(name, &p);
+                    j -= 2;
+                    s2n(j, d);
+                    j += 2;
+                    n += j;
+                    nl += j;
+                }
+            }
+        }
+        /* else no CA names */
+        p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH + off]);
+        s2n(nl, p);
+
+        d = (unsigned char *)buf->data;
+        *(d++) = SSL3_MT_CERTIFICATE_REQUEST;
+        l2n3(n, d);
+        s2n(s->d1->handshake_write_seq, d);
+        s->d1->handshake_write_seq++;
+
+        /*
+         * we should now have things packed up, so lets send it off
+         */
+
+        s->init_num = n + DTLS1_HM_HEADER_LENGTH;
+        s->init_off = 0;
+#ifdef NETSCAPE_HANG_BUG
+/* XXX: what to do about this? */
+        p = (unsigned char *)s->init_buf->data + s->init_num;
+
+        /* do the header */
+        *(p++) = SSL3_MT_SERVER_DONE;
+        *(p++) = 0;
+        *(p++) = 0;
+        *(p++) = 0;
+        s->init_num += 4;
+#endif
+
+        /* XDTLS:  set message header ? */
+        msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
+        dtls1_set_message_header(s, (void *)s->init_buf->data,
+                                 SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0,
+                                 msg_len);
+
+        /* buffer the message to handle re-xmits */
+        dtls1_buffer_message(s, 0);
+
+        s->state = SSL3_ST_SW_CERT_REQ_B;
+    }
+
+    /* SSL3_ST_SW_CERT_REQ_B */
+    return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+ err:
+    return (-1);
+}
+
+int dtls1_send_server_certificate(SSL *s)
+{
+    unsigned long l;
+    X509 *x;
+
+    if (s->state == SSL3_ST_SW_CERT_A) {
+        x = ssl_get_server_send_cert(s);
+        if (x == NULL) {
+            /* VRS: allow null cert if auth == KRB5 */
+            if ((s->s3->tmp.new_cipher->algorithm_mkey != SSL_kKRB5) ||
+                (s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5)) {
+                SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,
+                       ERR_R_INTERNAL_ERROR);
+                return (0);
+            }
+        }
+
+        l = dtls1_output_cert_chain(s, x);
+        if (!l) {
+            SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+            return (0);
+        }
+        s->state = SSL3_ST_SW_CERT_B;
+        s->init_num = (int)l;
+        s->init_off = 0;
+
+        /* buffer the message to handle re-xmits */
+        dtls1_buffer_message(s, 0);
+    }
+
+    /* SSL3_ST_SW_CERT_B */
+    return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+}
+
+#ifndef OPENSSL_NO_TLSEXT
+int dtls1_send_newsession_ticket(SSL *s)
+{
+    if (s->state == SSL3_ST_SW_SESSION_TICKET_A) {
+        unsigned char *p, *senc, *macstart;
+        int len, slen;
+        unsigned int hlen, msg_len;
+        EVP_CIPHER_CTX ctx;
+        HMAC_CTX hctx;
+        SSL_CTX *tctx = s->initial_ctx;
+        unsigned char iv[EVP_MAX_IV_LENGTH];
+        unsigned char key_name[16];
+
+        /* get session encoding length */
+        slen = i2d_SSL_SESSION(s->session, NULL);
+        /*
+         * Some length values are 16 bits, so forget it if session is too
+         * long
+         */
+        if (slen > 0xFF00)
+            return -1;
+        /*
+         * Grow buffer if need be: the length calculation is as follows 12
+         * (DTLS handshake message header) + 4 (ticket lifetime hint) + 2
+         * (ticket length) + 16 (key name) + max_iv_len (iv length) +
+         * session_length + max_enc_block_size (max encrypted session length)
+         * + max_md_size (HMAC).
+         */
+        if (!BUF_MEM_grow(s->init_buf,
+                          DTLS1_HM_HEADER_LENGTH + 22 + EVP_MAX_IV_LENGTH +
+                          EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen))
+            return -1;
+        senc = OPENSSL_malloc(slen);
+        if (!senc)
+            return -1;
+        p = senc;
+        i2d_SSL_SESSION(s->session, &p);
+
+        p = (unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]);
+        EVP_CIPHER_CTX_init(&ctx);
+        HMAC_CTX_init(&hctx);
+        /*
+         * Initialize HMAC and cipher contexts. If callback present it does
+         * all the work otherwise use generated values from parent ctx.
+         */
+        if (tctx->tlsext_ticket_key_cb) {
+            if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
+                                           &hctx, 1) < 0) {
+                OPENSSL_free(senc);
+                return -1;
+            }
+        } else {
+            if (RAND_bytes(iv, 16) <= 0) {
+                OPENSSL_free(senc);
+                return -1;
+            }
+            EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
+                               tctx->tlsext_tick_aes_key, iv);
+            HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
+                         tlsext_tick_md(), NULL);
+            memcpy(key_name, tctx->tlsext_tick_key_name, 16);
+        }
+        l2n(s->session->tlsext_tick_lifetime_hint, p);
+        /* Skip ticket length for now */
+        p += 2;
+        /* Output key name */
+        macstart = p;
+        memcpy(p, key_name, 16);
+        p += 16;
+        /* output IV */
+        memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
+        p += EVP_CIPHER_CTX_iv_length(&ctx);
+        /* Encrypt session data */
+        EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
+        p += len;
+        EVP_EncryptFinal(&ctx, p, &len);
+        p += len;
+        EVP_CIPHER_CTX_cleanup(&ctx);
+
+        HMAC_Update(&hctx, macstart, p - macstart);
+        HMAC_Final(&hctx, p, &hlen);
+        HMAC_CTX_cleanup(&hctx);
+
+        p += hlen;
+        /* Now write out lengths: p points to end of data written */
+        /* Total length */
+        len = p - (unsigned char *)(s->init_buf->data);
+        /* Ticket length */
+        p = (unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]) + 4;
+        s2n(len - DTLS1_HM_HEADER_LENGTH - 6, p);
+
+        /* number of bytes to write */
+        s->init_num = len;
+        s->state = SSL3_ST_SW_SESSION_TICKET_B;
+        s->init_off = 0;
+        OPENSSL_free(senc);
+
+        /* XDTLS:  set message header ? */
+        msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
+        dtls1_set_message_header(s, (void *)s->init_buf->data,
+                                 SSL3_MT_NEWSESSION_TICKET, msg_len, 0,
+                                 msg_len);
+
+        /* buffer the message to handle re-xmits */
+        dtls1_buffer_message(s, 0);
+    }
+
+    /* SSL3_ST_SW_SESSION_TICKET_B */
+    return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+}
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/ssl/kssl.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/kssl.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/ssl/kssl.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,2260 +0,0 @@
-/* ssl/kssl.c -*- mode: C; c-file-style: "eay" -*- */
-/*
- * Written by Vern Staats <staatsvr at asc.hpc.mil> for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/*-
- * ssl/kssl.c  --  Routines to support (& debug) Kerberos5 auth for openssl
- *
- *  19990701    VRS     Started.
- *  200011??    Jeffrey Altman, Richard Levitte
- *                      Generalized for Heimdal, Newer MIT, & Win32.
- *                      Integrated into main OpenSSL 0.9.7 snapshots.
- *  20010413    Simon Wilkinson, VRS
- *                      Real RFC2712 KerberosWrapper replaces AP_REQ.
- */
-
-#include <openssl/opensslconf.h>
-
-#include <string.h>
-
-#define KRB5_PRIVATE    1
-
-#include <openssl/ssl.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/krb5_asn.h>
-#include "kssl_lcl.h"
-
-#ifndef OPENSSL_NO_KRB5
-
-# ifndef ENOMEM
-#  define ENOMEM KRB5KRB_ERR_GENERIC
-# endif
-
-/*
- * When OpenSSL is built on Windows, we do not want to require that
- * the Kerberos DLLs be available in order for the OpenSSL DLLs to
- * work.  Therefore, all Kerberos routines are loaded at run time
- * and we do not link to a .LIB file.
- */
-
-# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
-/*
- * The purpose of the following pre-processor statements is to provide
- * compatibility with different releases of MIT Kerberos for Windows.
- * All versions up to 1.2 used macros.  But macros do not allow for
- * a binary compatible interface for DLLs.  Therefore, all macros are
- * being replaced by function calls.  The following code will allow
- * an OpenSSL DLL built on Windows to work whether or not the macro
- * or function form of the routines are utilized.
- */
-#  ifdef  krb5_cc_get_principal
-#   define NO_DEF_KRB5_CCACHE
-#   undef  krb5_cc_get_principal
-#  endif
-#  define krb5_cc_get_principal    kssl_krb5_cc_get_principal
-
-#  define krb5_free_data_contents  kssl_krb5_free_data_contents
-#  define krb5_free_context        kssl_krb5_free_context
-#  define krb5_auth_con_free       kssl_krb5_auth_con_free
-#  define krb5_free_principal      kssl_krb5_free_principal
-#  define krb5_mk_req_extended     kssl_krb5_mk_req_extended
-#  define krb5_get_credentials     kssl_krb5_get_credentials
-#  define krb5_cc_default          kssl_krb5_cc_default
-#  define krb5_sname_to_principal  kssl_krb5_sname_to_principal
-#  define krb5_init_context        kssl_krb5_init_context
-#  define krb5_free_ticket         kssl_krb5_free_ticket
-#  define krb5_rd_req              kssl_krb5_rd_req
-#  define krb5_kt_default          kssl_krb5_kt_default
-#  define krb5_kt_resolve          kssl_krb5_kt_resolve
-/* macros in mit 1.2.2 and earlier; functions in mit 1.2.3 and greater */
-#  ifndef krb5_kt_close
-#   define krb5_kt_close            kssl_krb5_kt_close
-#  endif                        /* krb5_kt_close */
-#  ifndef krb5_kt_get_entry
-#   define krb5_kt_get_entry        kssl_krb5_kt_get_entry
-#  endif                        /* krb5_kt_get_entry */
-#  define krb5_auth_con_init       kssl_krb5_auth_con_init
-
-#  define krb5_principal_compare   kssl_krb5_principal_compare
-#  define krb5_decrypt_tkt_part    kssl_krb5_decrypt_tkt_part
-#  define krb5_timeofday           kssl_krb5_timeofday
-#  define krb5_rc_default          kssl_krb5_rc_default
-
-#  ifdef krb5_rc_initialize
-#   undef krb5_rc_initialize
-#  endif
-#  define krb5_rc_initialize   kssl_krb5_rc_initialize
-
-#  ifdef krb5_rc_get_lifespan
-#   undef krb5_rc_get_lifespan
-#  endif
-#  define krb5_rc_get_lifespan kssl_krb5_rc_get_lifespan
-
-#  ifdef krb5_rc_destroy
-#   undef krb5_rc_destroy
-#  endif
-#  define krb5_rc_destroy      kssl_krb5_rc_destroy
-
-#  define valid_cksumtype      kssl_valid_cksumtype
-#  define krb5_checksum_size   kssl_krb5_checksum_size
-#  define krb5_kt_free_entry   kssl_krb5_kt_free_entry
-#  define krb5_auth_con_setrcache  kssl_krb5_auth_con_setrcache
-#  define krb5_auth_con_getrcache  kssl_krb5_auth_con_getrcache
-#  define krb5_get_server_rcache   kssl_krb5_get_server_rcache
-
-/* Prototypes for built in stubs */
-void kssl_krb5_free_data_contents(krb5_context, krb5_data *);
-void kssl_krb5_free_principal(krb5_context, krb5_principal);
-krb5_error_code kssl_krb5_kt_resolve(krb5_context,
-                                     krb5_const char *, krb5_keytab *);
-krb5_error_code kssl_krb5_kt_default(krb5_context, krb5_keytab *);
-krb5_error_code kssl_krb5_free_ticket(krb5_context, krb5_ticket *);
-krb5_error_code kssl_krb5_rd_req(krb5_context, krb5_auth_context *,
-                                 krb5_const krb5_data *,
-                                 krb5_const_principal, krb5_keytab,
-                                 krb5_flags *, krb5_ticket **);
-
-krb5_boolean kssl_krb5_principal_compare(krb5_context, krb5_const_principal,
-                                         krb5_const_principal);
-krb5_error_code kssl_krb5_mk_req_extended(krb5_context,
-                                          krb5_auth_context *,
-                                          krb5_const krb5_flags,
-                                          krb5_data *,
-                                          krb5_creds *, krb5_data *);
-krb5_error_code kssl_krb5_init_context(krb5_context *);
-void kssl_krb5_free_context(krb5_context);
-krb5_error_code kssl_krb5_cc_default(krb5_context, krb5_ccache *);
-krb5_error_code kssl_krb5_sname_to_principal(krb5_context,
-                                             krb5_const char *,
-                                             krb5_const char *,
-                                             krb5_int32, krb5_principal *);
-krb5_error_code kssl_krb5_get_credentials(krb5_context,
-                                          krb5_const krb5_flags,
-                                          krb5_ccache,
-                                          krb5_creds *, krb5_creds * *);
-krb5_error_code kssl_krb5_auth_con_init(krb5_context, krb5_auth_context *);
-krb5_error_code kssl_krb5_cc_get_principal(krb5_context context,
-                                           krb5_ccache cache,
-                                           krb5_principal *principal);
-krb5_error_code kssl_krb5_auth_con_free(krb5_context, krb5_auth_context);
-size_t kssl_krb5_checksum_size(krb5_context context, krb5_cksumtype ctype);
-krb5_boolean kssl_valid_cksumtype(krb5_cksumtype ctype);
-krb5_error_code krb5_kt_free_entry(krb5_context, krb5_keytab_entry FAR *);
-krb5_error_code kssl_krb5_auth_con_setrcache(krb5_context,
-                                             krb5_auth_context, krb5_rcache);
-krb5_error_code kssl_krb5_get_server_rcache(krb5_context,
-                                            krb5_const krb5_data *,
-                                            krb5_rcache *);
-krb5_error_code kssl_krb5_auth_con_getrcache(krb5_context,
-                                             krb5_auth_context,
-                                             krb5_rcache *);
-
-/* Function pointers (almost all Kerberos functions are _stdcall) */
-static void (_stdcall *p_krb5_free_data_contents) (krb5_context, krb5_data *)
-    = NULL;
-static void (_stdcall *p_krb5_free_principal) (krb5_context, krb5_principal)
-    = NULL;
-static krb5_error_code(_stdcall *p_krb5_kt_resolve)
- (krb5_context, krb5_const char *, krb5_keytab *) = NULL;
-static krb5_error_code(_stdcall *p_krb5_kt_default) (krb5_context,
-                                                     krb5_keytab *) = NULL;
-static krb5_error_code(_stdcall *p_krb5_free_ticket) (krb5_context,
-                                                      krb5_ticket *) = NULL;
-static krb5_error_code(_stdcall *p_krb5_rd_req) (krb5_context,
-                                                 krb5_auth_context *,
-                                                 krb5_const krb5_data *,
-                                                 krb5_const_principal,
-                                                 krb5_keytab, krb5_flags *,
-                                                 krb5_ticket **) = NULL;
-static krb5_error_code(_stdcall *p_krb5_mk_req_extended)
- (krb5_context, krb5_auth_context *,
-  krb5_const krb5_flags, krb5_data *, krb5_creds *, krb5_data *) = NULL;
-static krb5_error_code(_stdcall *p_krb5_init_context) (krb5_context *) = NULL;
-static void (_stdcall *p_krb5_free_context) (krb5_context) = NULL;
-static krb5_error_code(_stdcall *p_krb5_cc_default) (krb5_context,
-                                                     krb5_ccache *) = NULL;
-static krb5_error_code(_stdcall *p_krb5_sname_to_principal)
- (krb5_context, krb5_const char *, krb5_const char *,
-  krb5_int32, krb5_principal *) = NULL;
-static krb5_error_code(_stdcall *p_krb5_get_credentials)
- (krb5_context, krb5_const krb5_flags, krb5_ccache,
-  krb5_creds *, krb5_creds **) = NULL;
-static krb5_error_code(_stdcall *p_krb5_auth_con_init)
- (krb5_context, krb5_auth_context *) = NULL;
-static krb5_error_code(_stdcall *p_krb5_cc_get_principal)
- (krb5_context context, krb5_ccache cache, krb5_principal *principal) = NULL;
-static krb5_error_code(_stdcall *p_krb5_auth_con_free)
- (krb5_context, krb5_auth_context) = NULL;
-static krb5_error_code(_stdcall *p_krb5_decrypt_tkt_part)
- (krb5_context, krb5_const krb5_keyblock *, krb5_ticket *) = NULL;
-static krb5_error_code(_stdcall *p_krb5_timeofday)
- (krb5_context context, krb5_int32 *timeret) = NULL;
-static krb5_error_code(_stdcall *p_krb5_rc_default)
- (krb5_context context, krb5_rcache *rc) = NULL;
-static krb5_error_code(_stdcall *p_krb5_rc_initialize)
- (krb5_context context, krb5_rcache rc, krb5_deltat lifespan) = NULL;
-static krb5_error_code(_stdcall *p_krb5_rc_get_lifespan)
- (krb5_context context, krb5_rcache rc, krb5_deltat *lifespan) = NULL;
-static krb5_error_code(_stdcall *p_krb5_rc_destroy)
- (krb5_context context, krb5_rcache rc) = NULL;
-static krb5_boolean(_stdcall *p_krb5_principal_compare)
- (krb5_context, krb5_const_principal, krb5_const_principal) = NULL;
-static size_t (_stdcall *p_krb5_checksum_size) (krb5_context context,
-                                                krb5_cksumtype ctype) = NULL;
-static krb5_boolean(_stdcall *p_valid_cksumtype) (krb5_cksumtype ctype) =
-    NULL;
-static krb5_error_code(_stdcall *p_krb5_kt_free_entry)
- (krb5_context, krb5_keytab_entry *) = NULL;
-static krb5_error_code(_stdcall *p_krb5_auth_con_setrcache) (krb5_context,
-                                                             krb5_auth_context,
-                                                             krb5_rcache) =
-    NULL;
-static krb5_error_code(_stdcall *p_krb5_get_server_rcache) (krb5_context,
-                                                            krb5_const
-                                                            krb5_data *,
-                                                            krb5_rcache *) =
-    NULL;
-static krb5_error_code(*p_krb5_auth_con_getrcache) (krb5_context,
-                                                    krb5_auth_context,
-                                                    krb5_rcache *) = NULL;
-static krb5_error_code(_stdcall *p_krb5_kt_close) (krb5_context context,
-                                                   krb5_keytab keytab) = NULL;
-static krb5_error_code(_stdcall *p_krb5_kt_get_entry) (krb5_context context,
-                                                       krb5_keytab keytab,
-                                                       krb5_const_principal
-                                                       principal,
-                                                       krb5_kvno vno,
-                                                       krb5_enctype enctype,
-                                                       krb5_keytab_entry
-                                                       *entry) = NULL;
-static int krb5_loaded = 0;     /* only attempt to initialize func ptrs once */
-
-/* Function to Load the Kerberos 5 DLL and initialize function pointers */
-void load_krb5_dll(void)
-{
-    HANDLE hKRB5_32;
-
-    krb5_loaded++;
-    hKRB5_32 = LoadLibrary(TEXT("KRB5_32"));
-    if (!hKRB5_32)
-        return;
-
-    (FARPROC) p_krb5_free_data_contents =
-        GetProcAddress(hKRB5_32, "krb5_free_data_contents");
-    (FARPROC) p_krb5_free_context =
-        GetProcAddress(hKRB5_32, "krb5_free_context");
-    (FARPROC) p_krb5_auth_con_free =
-        GetProcAddress(hKRB5_32, "krb5_auth_con_free");
-    (FARPROC) p_krb5_free_principal =
-        GetProcAddress(hKRB5_32, "krb5_free_principal");
-    (FARPROC) p_krb5_mk_req_extended =
-        GetProcAddress(hKRB5_32, "krb5_mk_req_extended");
-    (FARPROC) p_krb5_get_credentials =
-        GetProcAddress(hKRB5_32, "krb5_get_credentials");
-    (FARPROC) p_krb5_cc_get_principal =
-        GetProcAddress(hKRB5_32, "krb5_cc_get_principal");
-    (FARPROC) p_krb5_cc_default = GetProcAddress(hKRB5_32, "krb5_cc_default");
-    (FARPROC) p_krb5_sname_to_principal =
-        GetProcAddress(hKRB5_32, "krb5_sname_to_principal");
-    (FARPROC) p_krb5_init_context =
-        GetProcAddress(hKRB5_32, "krb5_init_context");
-    (FARPROC) p_krb5_free_ticket =
-        GetProcAddress(hKRB5_32, "krb5_free_ticket");
-    (FARPROC) p_krb5_rd_req = GetProcAddress(hKRB5_32, "krb5_rd_req");
-    (FARPROC) p_krb5_principal_compare =
-        GetProcAddress(hKRB5_32, "krb5_principal_compare");
-    (FARPROC) p_krb5_decrypt_tkt_part =
-        GetProcAddress(hKRB5_32, "krb5_decrypt_tkt_part");
-    (FARPROC) p_krb5_timeofday = GetProcAddress(hKRB5_32, "krb5_timeofday");
-    (FARPROC) p_krb5_rc_default = GetProcAddress(hKRB5_32, "krb5_rc_default");
-    (FARPROC) p_krb5_rc_initialize =
-        GetProcAddress(hKRB5_32, "krb5_rc_initialize");
-    (FARPROC) p_krb5_rc_get_lifespan =
-        GetProcAddress(hKRB5_32, "krb5_rc_get_lifespan");
-    (FARPROC) p_krb5_rc_destroy = GetProcAddress(hKRB5_32, "krb5_rc_destroy");
-    (FARPROC) p_krb5_kt_default = GetProcAddress(hKRB5_32, "krb5_kt_default");
-    (FARPROC) p_krb5_kt_resolve = GetProcAddress(hKRB5_32, "krb5_kt_resolve");
-    (FARPROC) p_krb5_auth_con_init =
-        GetProcAddress(hKRB5_32, "krb5_auth_con_init");
-    (FARPROC) p_valid_cksumtype = GetProcAddress(hKRB5_32, "valid_cksumtype");
-    (FARPROC) p_krb5_checksum_size =
-        GetProcAddress(hKRB5_32, "krb5_checksum_size");
-    (FARPROC) p_krb5_kt_free_entry =
-        GetProcAddress(hKRB5_32, "krb5_kt_free_entry");
-    (FARPROC) p_krb5_auth_con_setrcache =
-        GetProcAddress(hKRB5_32, "krb5_auth_con_setrcache");
-    (FARPROC) p_krb5_get_server_rcache =
-        GetProcAddress(hKRB5_32, "krb5_get_server_rcache");
-    (FARPROC) p_krb5_auth_con_getrcache =
-        GetProcAddress(hKRB5_32, "krb5_auth_con_getrcache");
-    (FARPROC) p_krb5_kt_close = GetProcAddress(hKRB5_32, "krb5_kt_close");
-    (FARPROC) p_krb5_kt_get_entry =
-        GetProcAddress(hKRB5_32, "krb5_kt_get_entry");
-}
-
-/* Stubs for each function to be dynamicly loaded */
-void kssl_krb5_free_data_contents(krb5_context CO, krb5_data *data)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_free_data_contents)
-        p_krb5_free_data_contents(CO, data);
-}
-
-krb5_error_code
-kssl_krb5_mk_req_extended(krb5_context CO,
-                          krb5_auth_context *pACO,
-                          krb5_const krb5_flags F,
-                          krb5_data *pD1, krb5_creds *pC, krb5_data *pD2)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_mk_req_extended)
-        return (p_krb5_mk_req_extended(CO, pACO, F, pD1, pC, pD2));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code
-kssl_krb5_auth_con_init(krb5_context CO, krb5_auth_context *pACO)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_auth_con_init)
-        return (p_krb5_auth_con_init(CO, pACO));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code
-kssl_krb5_auth_con_free(krb5_context CO, krb5_auth_context ACO)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_auth_con_free)
-        return (p_krb5_auth_con_free(CO, ACO));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code
-kssl_krb5_get_credentials(krb5_context CO,
-                          krb5_const krb5_flags F,
-                          krb5_ccache CC, krb5_creds *pCR, krb5_creds **ppCR)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_get_credentials)
-        return (p_krb5_get_credentials(CO, F, CC, pCR, ppCR));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code
-kssl_krb5_sname_to_principal(krb5_context CO,
-                             krb5_const char *pC1,
-                             krb5_const char *pC2,
-                             krb5_int32 I, krb5_principal *pPR)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_sname_to_principal)
-        return (p_krb5_sname_to_principal(CO, pC1, pC2, I, pPR));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code kssl_krb5_cc_default(krb5_context CO, krb5_ccache *pCC)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_cc_default)
-        return (p_krb5_cc_default(CO, pCC));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code kssl_krb5_init_context(krb5_context *pCO)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_init_context)
-        return (p_krb5_init_context(pCO));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-void kssl_krb5_free_context(krb5_context CO)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_free_context)
-        p_krb5_free_context(CO);
-}
-
-void kssl_krb5_free_principal(krb5_context c, krb5_principal p)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_free_principal)
-        p_krb5_free_principal(c, p);
-}
-
-krb5_error_code
-kssl_krb5_kt_resolve(krb5_context con, krb5_const char *sz, krb5_keytab *kt)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_kt_resolve)
-        return (p_krb5_kt_resolve(con, sz, kt));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code kssl_krb5_kt_default(krb5_context con, krb5_keytab *kt)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_kt_default)
-        return (p_krb5_kt_default(con, kt));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code kssl_krb5_free_ticket(krb5_context con, krb5_ticket *kt)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_free_ticket)
-        return (p_krb5_free_ticket(con, kt));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code
-kssl_krb5_rd_req(krb5_context con, krb5_auth_context *pacon,
-                 krb5_const krb5_data *data,
-                 krb5_const_principal princ, krb5_keytab keytab,
-                 krb5_flags *flags, krb5_ticket **pptkt)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_rd_req)
-        return (p_krb5_rd_req(con, pacon, data, princ, keytab, flags, pptkt));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_boolean
-krb5_principal_compare(krb5_context con, krb5_const_principal princ1,
-                       krb5_const_principal princ2)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_principal_compare)
-        return (p_krb5_principal_compare(con, princ1, princ2));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code
-krb5_decrypt_tkt_part(krb5_context con, krb5_const krb5_keyblock *keys,
-                      krb5_ticket *ticket)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_decrypt_tkt_part)
-        return (p_krb5_decrypt_tkt_part(con, keys, ticket));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code krb5_timeofday(krb5_context con, krb5_int32 *timeret)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_timeofday)
-        return (p_krb5_timeofday(con, timeret));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code krb5_rc_default(krb5_context con, krb5_rcache *rc)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_rc_default)
-        return (p_krb5_rc_default(con, rc));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code
-krb5_rc_initialize(krb5_context con, krb5_rcache rc, krb5_deltat lifespan)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_rc_initialize)
-        return (p_krb5_rc_initialize(con, rc, lifespan));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code
-krb5_rc_get_lifespan(krb5_context con, krb5_rcache rc, krb5_deltat *lifespanp)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_rc_get_lifespan)
-        return (p_krb5_rc_get_lifespan(con, rc, lifespanp));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code krb5_rc_destroy(krb5_context con, krb5_rcache rc)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_rc_destroy)
-        return (p_krb5_rc_destroy(con, rc));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-size_t krb5_checksum_size(krb5_context context, krb5_cksumtype ctype)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_checksum_size)
-        return (p_krb5_checksum_size(context, ctype));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_boolean valid_cksumtype(krb5_cksumtype ctype)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_valid_cksumtype)
-        return (p_valid_cksumtype(ctype));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code krb5_kt_free_entry(krb5_context con, krb5_keytab_entry *entry)
-{
-    if (!krb5_loaded)
-        load_krb5_dll();
-
-    if (p_krb5_kt_free_entry)
-        return (p_krb5_kt_free_entry(con, entry));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-/* Structure definitions  */
-#  ifndef NO_DEF_KRB5_CCACHE
-#   ifndef krb5_x
-#    define krb5_x(ptr,args) ((ptr)?((*(ptr)) args):(abort(),1))
-#    define krb5_xc(ptr,args) ((ptr)?((*(ptr)) args):(abort(),(char*)0))
-#   endif
-
-typedef krb5_pointer krb5_cc_cursor; /* cursor for sequential lookup */
-
-typedef struct _krb5_ccache {
-    krb5_magic magic;
-    struct _krb5_cc_ops FAR *ops;
-    krb5_pointer data;
-} *krb5_ccache;
-
-typedef struct _krb5_cc_ops {
-    krb5_magic magic;
-    char *prefix;
-    char *(KRB5_CALLCONV *get_name)
-     (krb5_context, krb5_ccache);
-     krb5_error_code(KRB5_CALLCONV *resolve)
-     (krb5_context, krb5_ccache *, const char *);
-     krb5_error_code(KRB5_CALLCONV *gen_new)
-     (krb5_context, krb5_ccache *);
-     krb5_error_code(KRB5_CALLCONV *init)
-     (krb5_context, krb5_ccache, krb5_principal);
-     krb5_error_code(KRB5_CALLCONV *destroy)
-     (krb5_context, krb5_ccache);
-     krb5_error_code(KRB5_CALLCONV *close)
-     (krb5_context, krb5_ccache);
-     krb5_error_code(KRB5_CALLCONV *store)
-     (krb5_context, krb5_ccache, krb5_creds *);
-     krb5_error_code(KRB5_CALLCONV *retrieve)
-     (krb5_context, krb5_ccache, krb5_flags, krb5_creds *, krb5_creds *);
-     krb5_error_code(KRB5_CALLCONV *get_princ)
-     (krb5_context, krb5_ccache, krb5_principal *);
-     krb5_error_code(KRB5_CALLCONV *get_first)
-     (krb5_context, krb5_ccache, krb5_cc_cursor *);
-     krb5_error_code(KRB5_CALLCONV *get_next)
-     (krb5_context, krb5_ccache, krb5_cc_cursor *, krb5_creds *);
-     krb5_error_code(KRB5_CALLCONV *end_get)
-     (krb5_context, krb5_ccache, krb5_cc_cursor *);
-     krb5_error_code(KRB5_CALLCONV *remove_cred)
-     (krb5_context, krb5_ccache, krb5_flags, krb5_creds *);
-     krb5_error_code(KRB5_CALLCONV *set_flags)
-     (krb5_context, krb5_ccache, krb5_flags);
-} krb5_cc_ops;
-#  endif                        /* NO_DEF_KRB5_CCACHE */
-
-krb5_error_code
-    kssl_krb5_cc_get_principal
-    (krb5_context context, krb5_ccache cache, krb5_principal *principal) {
-    if (p_krb5_cc_get_principal)
-        return (p_krb5_cc_get_principal(context, cache, principal));
-    else
-        return (krb5_x((cache)->ops->get_princ, (context, cache, principal)));
-}
-
-krb5_error_code
-kssl_krb5_auth_con_setrcache(krb5_context con, krb5_auth_context acon,
-                             krb5_rcache rcache)
-{
-    if (p_krb5_auth_con_setrcache)
-        return (p_krb5_auth_con_setrcache(con, acon, rcache));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code
-kssl_krb5_get_server_rcache(krb5_context con, krb5_const krb5_data *data,
-                            krb5_rcache *rcache)
-{
-    if (p_krb5_get_server_rcache)
-        return (p_krb5_get_server_rcache(con, data, rcache));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code
-kssl_krb5_auth_con_getrcache(krb5_context con, krb5_auth_context acon,
-                             krb5_rcache *prcache)
-{
-    if (p_krb5_auth_con_getrcache)
-        return (p_krb5_auth_con_getrcache(con, acon, prcache));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code kssl_krb5_kt_close(krb5_context context, krb5_keytab keytab)
-{
-    if (p_krb5_kt_close)
-        return (p_krb5_kt_close(context, keytab));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-
-krb5_error_code
-kssl_krb5_kt_get_entry(krb5_context context, krb5_keytab keytab,
-                       krb5_const_principal principal, krb5_kvno vno,
-                       krb5_enctype enctype, krb5_keytab_entry *entry)
-{
-    if (p_krb5_kt_get_entry)
-        return (p_krb5_kt_get_entry
-                (context, keytab, principal, vno, enctype, entry));
-    else
-        return KRB5KRB_ERR_GENERIC;
-}
-# endif                         /* OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32 */
-
-/*
- * memory allocation functions for non-temporary storage (e.g. stuff that
- * gets saved into the kssl context)
- */
-static void *kssl_calloc(size_t nmemb, size_t size)
-{
-    void *p;
-
-    p = OPENSSL_malloc(nmemb * size);
-    if (p) {
-        memset(p, 0, nmemb * size);
-    }
-    return p;
-}
-
-# define kssl_malloc(size) OPENSSL_malloc((size))
-# define kssl_realloc(ptr, size) OPENSSL_realloc(ptr, size)
-# define kssl_free(ptr) OPENSSL_free((ptr))
-
-char
-*kstring(char *string)
-{
-    static char *null = "[NULL]";
-
-    return ((string == NULL) ? null : string);
-}
-
-/*
- * Given KRB5 enctype (basically DES or 3DES), return closest match openssl
- * EVP_ encryption algorithm.  Return NULL for unknown or problematic
- * (krb5_dk_encrypt) enctypes.  Assume ENCTYPE_*_RAW (krb5_raw_encrypt) are
- * OK.
- */
-const EVP_CIPHER *kssl_map_enc(krb5_enctype enctype)
-{
-    switch (enctype) {
-    case ENCTYPE_DES_HMAC_SHA1: /* EVP_des_cbc(); */
-    case ENCTYPE_DES_CBC_CRC:
-    case ENCTYPE_DES_CBC_MD4:
-    case ENCTYPE_DES_CBC_MD5:
-    case ENCTYPE_DES_CBC_RAW:
-        return EVP_des_cbc();
-        break;
-    case ENCTYPE_DES3_CBC_SHA1: /* EVP_des_ede3_cbc(); */
-    case ENCTYPE_DES3_CBC_SHA:
-    case ENCTYPE_DES3_CBC_RAW:
-        return EVP_des_ede3_cbc();
-        break;
-    default:
-        return NULL;
-        break;
-    }
-}
-
-/*
- * Return true:1 if p "looks like" the start of the real authenticator
- * described in kssl_skip_confound() below.  The ASN.1 pattern is "62 xx 30
- * yy" (APPLICATION-2, SEQUENCE), where xx-yy =~ 2, and xx and yy are
- * possibly multi-byte length fields.
- */
-static int kssl_test_confound(unsigned char *p)
-{
-    int len = 2;
-    int xx = 0, yy = 0;
-
-    if (*p++ != 0x62)
-        return 0;
-    if (*p > 0x82)
-        return 0;
-    switch (*p) {
-    case 0x82:
-        p++;
-        xx = (*p++ << 8);
-        xx += *p++;
-        break;
-    case 0x81:
-        p++;
-        xx = *p++;
-        break;
-    case 0x80:
-        return 0;
-    default:
-        xx = *p++;
-        break;
-    }
-    if (*p++ != 0x30)
-        return 0;
-    if (*p > 0x82)
-        return 0;
-    switch (*p) {
-    case 0x82:
-        p++;
-        len += 2;
-        yy = (*p++ << 8);
-        yy += *p++;
-        break;
-    case 0x81:
-        p++;
-        len++;
-        yy = *p++;
-        break;
-    case 0x80:
-        return 0;
-    default:
-        yy = *p++;
-        break;
-    }
-
-    return (xx - len == yy) ? 1 : 0;
-}
-
-/*
- * Allocate, fill, and return cksumlens array of checksum lengths.  This
- * array holds just the unique elements from the krb5_cksumarray[].  array[n]
- * == 0 signals end of data.  The krb5_cksumarray[] was an internal variable
- * that has since been replaced by a more general method for storing the
- * data.  It should not be used.  Instead we use real API calls and make a
- * guess for what the highest assigned CKSUMTYPE_ constant is.  As of 1.2.2
- * it is 0x000c (CKSUMTYPE_HMAC_SHA1_DES3).  So we will use 0x0010.
- */
-static size_t *populate_cksumlens(void)
-{
-    int i, j, n;
-    static size_t *cklens = NULL;
-
-# ifdef KRB5_MIT_OLD11
-    n = krb5_max_cksum;
-# else
-    n = 0x0010;
-# endif                         /* KRB5_MIT_OLD11 */
-
-# ifdef KRB5CHECKAUTH
-    if (!cklens && !(cklens = (size_t *)calloc(sizeof(int), n + 1)))
-        return NULL;
-
-    for (i = 0; i < n; i++) {
-        if (!valid_cksumtype(i))
-            continue;           /* array has holes */
-        for (j = 0; j < n; j++) {
-            if (cklens[j] == 0) {
-                cklens[j] = krb5_checksum_size(NULL, i);
-                break;          /* krb5 elem was new: add */
-            }
-            if (cklens[j] == krb5_checksum_size(NULL, i)) {
-                break;          /* ignore duplicate elements */
-            }
-        }
-    }
-# endif                         /* KRB5CHECKAUTH */
-
-    return cklens;
-}
-
-/*-
- *      Return pointer to start of real authenticator within authenticator, or
- *      return NULL on error.
- *      Decrypted authenticator looks like this:
- *              [0 or 8 byte confounder] [4-24 byte checksum] [real authent'r]
- *      This hackery wouldn't be necessary if MIT KRB5 1.0.6 had the
- *      krb5_auth_con_getcksumtype() function advertised in its krb5.h.
- */
-unsigned char *kssl_skip_confound(krb5_enctype etype, unsigned char *a)
-{
-    int i, conlen;
-    size_t cklen;
-    static size_t *cksumlens = NULL;
-    unsigned char *test_auth;
-
-    conlen = (etype) ? 8 : 0;
-
-    if (!cksumlens && !(cksumlens = populate_cksumlens()))
-        return NULL;
-    for (i = 0; (cklen = cksumlens[i]) != 0; i++) {
-        test_auth = a + conlen + cklen;
-        if (kssl_test_confound(test_auth))
-            return test_auth;
-    }
-
-    return NULL;
-}
-
-/*
- * Set kssl_err error info when reason text is a simple string kssl_err =
- * struct { int reason; char text[KSSL_ERR_MAX+1]; }
- */
-void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text)
-{
-    if (kssl_err == NULL)
-        return;
-
-    kssl_err->reason = reason;
-    BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, "%s", text);
-    return;
-}
-
-/*
- * Display contents of krb5_data struct, for debugging
- */
-void print_krb5_data(char *label, krb5_data *kdata)
-{
-    int i;
-
-    fprintf(stderr, "%s[%d] ", label, kdata->length);
-    for (i = 0; i < (int)kdata->length; i++) {
-        if (0 && isprint((int)kdata->data[i]))
-            fprintf(stderr, "%c ", kdata->data[i]);
-        else
-            fprintf(stderr, "%02x ", (unsigned char)kdata->data[i]);
-    }
-    fprintf(stderr, "\n");
-}
-
-/*
- * Display contents of krb5_authdata struct, for debugging
- */
-void print_krb5_authdata(char *label, krb5_authdata **adata)
-{
-    if (adata == NULL) {
-        fprintf(stderr, "%s, authdata==0\n", label);
-        return;
-    }
-    fprintf(stderr, "%s [%p]\n", label, (void *)adata);
-# if 0
-    {
-        int i;
-        fprintf(stderr, "%s[at%d:%d] ", label, adata->ad_type, adata->length);
-        for (i = 0; i < adata->length; i++) {
-            fprintf(stderr, (isprint(adata->contents[i])) ? "%c " : "%02x",
-                    adata->contents[i]);
-        }
-        fprintf(stderr, "\n");
-    }
-# endif
-}
-
-/*
- * Display contents of krb5_keyblock struct, for debugging
- */
-void print_krb5_keyblock(char *label, krb5_keyblock *keyblk)
-{
-    int i;
-
-    if (keyblk == NULL) {
-        fprintf(stderr, "%s, keyblk==0\n", label);
-        return;
-    }
-# ifdef KRB5_HEIMDAL
-    fprintf(stderr, "%s\n\t[et%d:%d]: ", label, keyblk->keytype,
-            keyblk->keyvalue->length);
-    for (i = 0; i < (int)keyblk->keyvalue->length; i++) {
-        fprintf(stderr, "%02x",
-                (unsigned char *)(keyblk->keyvalue->contents)[i]);
-    }
-    fprintf(stderr, "\n");
-# else
-    fprintf(stderr, "%s\n\t[et%d:%d]: ", label, keyblk->enctype,
-            keyblk->length);
-    for (i = 0; i < (int)keyblk->length; i++) {
-        fprintf(stderr, "%02x", keyblk->contents[i]);
-    }
-    fprintf(stderr, "\n");
-# endif
-}
-
-/*
- * Display contents of krb5_principal_data struct, for debugging
- * (krb5_principal is typedef'd == krb5_principal_data *)
- */
-static void print_krb5_princ(char *label, krb5_principal_data *princ)
-{
-    int i, ui, uj;
-
-    fprintf(stderr, "%s principal Realm: ", label);
-    if (princ == NULL)
-        return;
-    for (ui = 0; ui < (int)princ->realm.length; ui++)
-        putchar(princ->realm.data[ui]);
-    fprintf(stderr, " (nametype %d) has %d strings:\n", princ->type,
-            princ->length);
-    for (i = 0; i < (int)princ->length; i++) {
-        fprintf(stderr, "\t%d [%d]: ", i, princ->data[i].length);
-        for (uj = 0; uj < (int)princ->data[i].length; uj++) {
-            putchar(princ->data[i].data[uj]);
-        }
-        fprintf(stderr, "\n");
-    }
-    return;
-}
-
-/*-     Given krb5 service (typically "kssl") and hostname in kssl_ctx,
- *      Return encrypted Kerberos ticket for service @ hostname.
- *      If authenp is non-NULL, also return encrypted authenticator,
- *      whose data should be freed by caller.
- *      (Originally was: Create Kerberos AP_REQ message for SSL Client.)
- *
- *      19990628        VRS     Started; Returns Kerberos AP_REQ message.
- *      20010409        VRS     Modified for RFC2712; Returns enc tkt.
- *      20010606        VRS     May also return optional authenticator.
- */
-krb5_error_code kssl_cget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx,
-                              /*
-                               * OUT
-                               */ krb5_data **enc_ticketp,
-                              /*
-                               * UPDATE
-                               */ krb5_data *authenp,
-                              /*
-                               * OUT
-                               */ KSSL_ERR *kssl_err)
-{
-    krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC;
-    krb5_context krb5context = NULL;
-    krb5_auth_context krb5auth_context = NULL;
-    krb5_ccache krb5ccdef = NULL;
-    krb5_creds krb5creds, *krb5credsp = NULL;
-    krb5_data krb5_app_req;
-
-    kssl_err_set(kssl_err, 0, "");
-    memset((char *)&krb5creds, 0, sizeof(krb5creds));
-
-    if (!kssl_ctx) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, "No kssl_ctx defined.\n");
-        goto err;
-    } else if (!kssl_ctx->service_host) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                     "kssl_ctx service_host undefined.\n");
-        goto err;
-    }
-
-    if ((krb5rc = krb5_init_context(&krb5context)) != 0) {
-        BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
-                     "krb5_init_context() fails: %d\n", krb5rc);
-        kssl_err->reason = SSL_R_KRB5_C_INIT;
-        goto err;
-    }
-
-    if ((krb5rc = krb5_sname_to_principal(krb5context,
-                                          kssl_ctx->service_host,
-                                          (kssl_ctx->service_name) ?
-                                          kssl_ctx->service_name : KRB5SVC,
-                                          KRB5_NT_SRV_HST,
-                                          &krb5creds.server)) != 0) {
-        BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
-                     "krb5_sname_to_principal() fails for %s/%s\n",
-                     kssl_ctx->service_host,
-                     (kssl_ctx->
-                      service_name) ? kssl_ctx->service_name : KRB5SVC);
-        kssl_err->reason = SSL_R_KRB5_C_INIT;
-        goto err;
-    }
-
-    if ((krb5rc = krb5_cc_default(krb5context, &krb5ccdef)) != 0) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_C_CC_PRINC,
-                     "krb5_cc_default fails.\n");
-        goto err;
-    }
-
-    if ((krb5rc = krb5_cc_get_principal(krb5context, krb5ccdef,
-                                        &krb5creds.client)) != 0) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_C_CC_PRINC,
-                     "krb5_cc_get_principal() fails.\n");
-        goto err;
-    }
-
-    if ((krb5rc = krb5_get_credentials(krb5context, 0, krb5ccdef,
-                                       &krb5creds, &krb5credsp)) != 0) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_C_GET_CRED,
-                     "krb5_get_credentials() fails.\n");
-        goto err;
-    }
-
-    *enc_ticketp = &krb5credsp->ticket;
-# ifdef KRB5_HEIMDAL
-    kssl_ctx->enctype = krb5credsp->session.keytype;
-# else
-    kssl_ctx->enctype = krb5credsp->keyblock.enctype;
-# endif
-
-    krb5rc = KRB5KRB_ERR_GENERIC;
-    /*      caller should free data of krb5_app_req  */
-    /*
-     * 20010406 VRS deleted for real KerberosWrapper 20010605 VRS reinstated
-     * to offer Authenticator to KerberosWrapper
-     */
-    krb5_app_req.length = 0;
-    if (authenp) {
-        krb5_data krb5in_data;
-        const unsigned char *p;
-        long arlen;
-        KRB5_APREQBODY *ap_req;
-
-        authenp->length = 0;
-        krb5in_data.data = NULL;
-        krb5in_data.length = 0;
-        if ((krb5rc = krb5_mk_req_extended(krb5context,
-                                           &krb5auth_context, 0, &krb5in_data,
-                                           krb5credsp, &krb5_app_req)) != 0) {
-            kssl_err_set(kssl_err, SSL_R_KRB5_C_MK_REQ,
-                         "krb5_mk_req_extended() fails.\n");
-            goto err;
-        }
-
-        arlen = krb5_app_req.length;
-        p = (unsigned char *)krb5_app_req.data;
-        ap_req = (KRB5_APREQBODY *)d2i_KRB5_APREQ(NULL, &p, arlen);
-        if (ap_req) {
-            authenp->length = i2d_KRB5_ENCDATA(ap_req->authenticator, NULL);
-            if (authenp->length && (authenp->data = malloc(authenp->length))) {
-                unsigned char *adp = (unsigned char *)authenp->data;
-                authenp->length =
-                    i2d_KRB5_ENCDATA(ap_req->authenticator, &adp);
-            }
-        }
-
-        if (ap_req)
-            KRB5_APREQ_free((KRB5_APREQ *) ap_req);
-        if (krb5_app_req.length)
-            kssl_krb5_free_data_contents(krb5context, &krb5_app_req);
-    }
-# ifdef KRB5_HEIMDAL
-    if (kssl_ctx_setkey(kssl_ctx, &krb5credsp->session)) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_C_INIT,
-                     "kssl_ctx_setkey() fails.\n");
-    }
-# else
-    if (kssl_ctx_setkey(kssl_ctx, &krb5credsp->keyblock)) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_C_INIT,
-                     "kssl_ctx_setkey() fails.\n");
-    }
-# endif
-    else
-        krb5rc = 0;
-
- err:
-# ifdef KSSL_DEBUG
-    kssl_ctx_show(kssl_ctx);
-# endif                         /* KSSL_DEBUG */
-
-    if (krb5creds.client)
-        krb5_free_principal(krb5context, krb5creds.client);
-    if (krb5creds.server)
-        krb5_free_principal(krb5context, krb5creds.server);
-    if (krb5auth_context)
-        krb5_auth_con_free(krb5context, krb5auth_context);
-    if (krb5context)
-        krb5_free_context(krb5context);
-    return (krb5rc);
-}
-
-/*-
- *  Given d2i_-decoded asn1ticket, allocate and return a new krb5_ticket.
- *  Return Kerberos error code and kssl_err struct on error.
- *  Allocates krb5_ticket and krb5_principal; caller should free these.
- *
- *      20010410        VRS     Implemented krb5_decode_ticket() as
- *                              old_krb5_decode_ticket(). Missing from MIT1.0.6.
- *      20010615        VRS     Re-cast as openssl/asn1 d2i_*() functions.
- *                              Re-used some of the old krb5_decode_ticket()
- *                              code here.  This tkt should alloc/free just
- *                              like the real thing.
- */
-static krb5_error_code kssl_TKT2tkt( /* IN */ krb5_context krb5context,
-                                    /*
-                                     * IN
-                                     */ KRB5_TKTBODY *asn1ticket,
-                                    /*
-                                     * OUT
-                                     */ krb5_ticket **krb5ticket,
-                                    /*
-                                     * OUT
-                                     */ KSSL_ERR *kssl_err)
-{
-    krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC;
-    krb5_ticket *new5ticket = NULL;
-    ASN1_GENERALSTRING *gstr_svc, *gstr_host;
-
-    *krb5ticket = NULL;
-
-    if (asn1ticket == NULL || asn1ticket->realm == NULL ||
-        asn1ticket->sname == NULL ||
-        sk_ASN1_GENERALSTRING_num(asn1ticket->sname->namestring) < 2) {
-        BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
-                     "Null field in asn1ticket.\n");
-        kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
-        return KRB5KRB_ERR_GENERIC;
-    }
-
-    if ((new5ticket = (krb5_ticket *)calloc(1, sizeof(krb5_ticket))) == NULL) {
-        BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
-                     "Unable to allocate new krb5_ticket.\n");
-        kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
-        return ENOMEM;          /* or KRB5KRB_ERR_GENERIC; */
-    }
-
-    gstr_svc = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 0);
-    gstr_host = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 1);
-
-    if ((krb5rc = kssl_build_principal_2(krb5context,
-                                         &new5ticket->server,
-                                         asn1ticket->realm->length,
-                                         (char *)asn1ticket->realm->data,
-                                         gstr_svc->length,
-                                         (char *)gstr_svc->data,
-                                         gstr_host->length,
-                                         (char *)gstr_host->data)) != 0) {
-        free(new5ticket);
-        BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
-                     "Error building ticket server principal.\n");
-        kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
-        return krb5rc;          /* or KRB5KRB_ERR_GENERIC; */
-    }
-
-    krb5_princ_type(krb5context, new5ticket->server) =
-        asn1ticket->sname->nametype->data[0];
-    new5ticket->enc_part.enctype = asn1ticket->encdata->etype->data[0];
-    new5ticket->enc_part.kvno = asn1ticket->encdata->kvno->data[0];
-    new5ticket->enc_part.ciphertext.length =
-        asn1ticket->encdata->cipher->length;
-    if ((new5ticket->enc_part.ciphertext.data =
-         calloc(1, asn1ticket->encdata->cipher->length)) == NULL) {
-        free(new5ticket);
-        BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
-                     "Error allocating cipher in krb5ticket.\n");
-        kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
-        return KRB5KRB_ERR_GENERIC;
-    } else {
-        memcpy(new5ticket->enc_part.ciphertext.data,
-               asn1ticket->encdata->cipher->data,
-               asn1ticket->encdata->cipher->length);
-    }
-
-    *krb5ticket = new5ticket;
-    return 0;
-}
-
-/*-
- *      Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"),
- *              and krb5 AP_REQ message & message length,
- *      Return Kerberos session key and client principle
- *              to SSL Server in KSSL_CTX *kssl_ctx.
- *
- *      19990702        VRS     Started.
- */
-krb5_error_code kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx,
-                              /*
-                               * IN
-                               */ krb5_data *indata,
-                              /*
-                               * OUT
-                               */ krb5_ticket_times *ttimes,
-                              /*
-                               * OUT
-                               */ KSSL_ERR *kssl_err)
-{
-    krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC;
-    static krb5_context krb5context = NULL;
-    static krb5_auth_context krb5auth_context = NULL;
-    krb5_ticket *krb5ticket = NULL;
-    KRB5_TKTBODY *asn1ticket = NULL;
-    const unsigned char *p;
-    krb5_keytab krb5keytab = NULL;
-    krb5_keytab_entry kt_entry;
-    krb5_principal krb5server;
-    krb5_rcache rcache = NULL;
-
-    kssl_err_set(kssl_err, 0, "");
-
-    if (!kssl_ctx) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, "No kssl_ctx defined.\n");
-        goto err;
-    }
-# ifdef KSSL_DEBUG
-    fprintf(stderr, "in kssl_sget_tkt(%s)\n",
-            kstring(kssl_ctx->service_name));
-# endif                         /* KSSL_DEBUG */
-
-    if (!krb5context && (krb5rc = krb5_init_context(&krb5context))) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                     "krb5_init_context() fails.\n");
-        goto err;
-    }
-    if (krb5auth_context &&
-        (krb5rc = krb5_auth_con_free(krb5context, krb5auth_context))) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                     "krb5_auth_con_free() fails.\n");
-        goto err;
-    } else
-        krb5auth_context = NULL;
-    if (!krb5auth_context &&
-        (krb5rc = krb5_auth_con_init(krb5context, &krb5auth_context))) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                     "krb5_auth_con_init() fails.\n");
-        goto err;
-    }
-
-    if ((krb5rc = krb5_auth_con_getrcache(krb5context, krb5auth_context,
-                                          &rcache))) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                     "krb5_auth_con_getrcache() fails.\n");
-        goto err;
-    }
-
-    if ((krb5rc = krb5_sname_to_principal(krb5context, NULL,
-                                          (kssl_ctx->service_name) ?
-                                          kssl_ctx->service_name : KRB5SVC,
-                                          KRB5_NT_SRV_HST,
-                                          &krb5server)) != 0) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                     "krb5_sname_to_principal() fails.\n");
-        goto err;
-    }
-
-    if (rcache == NULL) {
-        if ((krb5rc = krb5_get_server_rcache(krb5context,
-                                             krb5_princ_component(krb5context,
-                                                                  krb5server,
-                                                                  0),
-                                             &rcache))) {
-            kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                         "krb5_get_server_rcache() fails.\n");
-            goto err;
-        }
-    }
-
-    if ((krb5rc =
-         krb5_auth_con_setrcache(krb5context, krb5auth_context, rcache))) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                     "krb5_auth_con_setrcache() fails.\n");
-        goto err;
-    }
-
-    /*
-     * kssl_ctx->keytab_file == NULL ==> use Kerberos default
-     */
-    if (kssl_ctx->keytab_file) {
-        krb5rc = krb5_kt_resolve(krb5context, kssl_ctx->keytab_file,
-                                 &krb5keytab);
-        if (krb5rc) {
-            kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                         "krb5_kt_resolve() fails.\n");
-            goto err;
-        }
-    } else {
-        krb5rc = krb5_kt_default(krb5context, &krb5keytab);
-        if (krb5rc) {
-            kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                         "krb5_kt_default() fails.\n");
-            goto err;
-        }
-    }
-
-    /*-     Actual Kerberos5 krb5_recvauth() has initial conversation here
-     *      o       check KRB5_SENDAUTH_BADAUTHVERS
-     *              unless KRB5_RECVAUTH_SKIP_VERSION
-     *      o       check KRB5_SENDAUTH_BADAPPLVERS
-     *      o       send "0" msg if all OK
-     */
-
-    /*-
-     * 20010411 was using AP_REQ instead of true KerberosWrapper
-     *
-     *  if ((krb5rc = krb5_rd_req(krb5context, &krb5auth_context,
-     *                      &krb5in_data, krb5server, krb5keytab,
-     *                      &ap_option, &krb5ticket)) != 0)  { Error }
-     */
-
-    p = (unsigned char *)indata->data;
-    if ((asn1ticket = (KRB5_TKTBODY *)d2i_KRB5_TICKET(NULL, &p,
-                                                      (long)indata->length))
-        == NULL) {
-        BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
-                     "d2i_KRB5_TICKET() ASN.1 decode failure.\n");
-        kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
-        goto err;
-    }
-
-    /*
-     * Was: krb5rc = krb5_decode_ticket(krb5in_data,&krb5ticket)) != 0)
-     */
-    if ((krb5rc = kssl_TKT2tkt(krb5context, asn1ticket, &krb5ticket,
-                               kssl_err)) != 0) {
-        BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
-                     "Error converting ASN.1 ticket to krb5_ticket.\n");
-        kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
-        goto err;
-    }
-
-    if (!krb5_principal_compare(krb5context, krb5server, krb5ticket->server)) {
-        krb5rc = KRB5_PRINC_NOMATCH;
-        BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
-                     "server principal != ticket principal\n");
-        kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
-        goto err;
-    }
-    if ((krb5rc = krb5_kt_get_entry(krb5context, krb5keytab,
-                                    krb5ticket->server,
-                                    krb5ticket->enc_part.kvno,
-                                    krb5ticket->enc_part.enctype,
-                                    &kt_entry)) != 0) {
-        BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
-                     "krb5_kt_get_entry() fails with %x.\n", krb5rc);
-        kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
-        goto err;
-    }
-    if ((krb5rc = krb5_decrypt_tkt_part(krb5context, &kt_entry.key,
-                                        krb5ticket)) != 0) {
-        BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
-                     "krb5_decrypt_tkt_part() failed.\n");
-        kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
-        goto err;
-    } else {
-        krb5_kt_free_entry(krb5context, &kt_entry);
-# ifdef KSSL_DEBUG
-        {
-            int i;
-            krb5_address **paddr = krb5ticket->enc_part2->caddrs;
-            fprintf(stderr, "Decrypted ticket fields:\n");
-            fprintf(stderr, "\tflags: %X, transit-type: %X",
-                    krb5ticket->enc_part2->flags,
-                    krb5ticket->enc_part2->transited.tr_type);
-            print_krb5_data("\ttransit-data: ",
-                            &(krb5ticket->enc_part2->transited.tr_contents));
-            fprintf(stderr, "\tcaddrs: %p, authdata: %p\n",
-                    krb5ticket->enc_part2->caddrs,
-                    krb5ticket->enc_part2->authorization_data);
-            if (paddr) {
-                fprintf(stderr, "\tcaddrs:\n");
-                for (i = 0; paddr[i] != NULL; i++) {
-                    krb5_data d;
-                    d.length = paddr[i]->length;
-                    d.data = paddr[i]->contents;
-                    print_krb5_data("\t\tIP: ", &d);
-                }
-            }
-            fprintf(stderr, "\tstart/auth/end times: %d / %d / %d\n",
-                    krb5ticket->enc_part2->times.starttime,
-                    krb5ticket->enc_part2->times.authtime,
-                    krb5ticket->enc_part2->times.endtime);
-        }
-# endif                         /* KSSL_DEBUG */
-    }
-
-    krb5rc = KRB5_NO_TKT_SUPPLIED;
-    if (!krb5ticket || !krb5ticket->enc_part2 ||
-        !krb5ticket->enc_part2->client ||
-        !krb5ticket->enc_part2->client->data ||
-        !krb5ticket->enc_part2->session) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
-                     "bad ticket from krb5_rd_req.\n");
-    } else if (kssl_ctx_setprinc(kssl_ctx, KSSL_CLIENT,
-                                 &krb5ticket->enc_part2->client->realm,
-                                 krb5ticket->enc_part2->client->data,
-                                 krb5ticket->enc_part2->client->length)) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
-                     "kssl_ctx_setprinc() fails.\n");
-    } else if (kssl_ctx_setkey(kssl_ctx, krb5ticket->enc_part2->session)) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
-                     "kssl_ctx_setkey() fails.\n");
-    } else if (krb5ticket->enc_part2->flags & TKT_FLG_INVALID) {
-        krb5rc = KRB5KRB_AP_ERR_TKT_INVALID;
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
-                     "invalid ticket from krb5_rd_req.\n");
-    } else
-        krb5rc = 0;
-
-    kssl_ctx->enctype = krb5ticket->enc_part.enctype;
-    ttimes->authtime = krb5ticket->enc_part2->times.authtime;
-    ttimes->starttime = krb5ticket->enc_part2->times.starttime;
-    ttimes->endtime = krb5ticket->enc_part2->times.endtime;
-    ttimes->renew_till = krb5ticket->enc_part2->times.renew_till;
-
- err:
-# ifdef KSSL_DEBUG
-    kssl_ctx_show(kssl_ctx);
-# endif                         /* KSSL_DEBUG */
-
-    if (asn1ticket)
-        KRB5_TICKET_free((KRB5_TICKET *) asn1ticket);
-    if (krb5keytab)
-        krb5_kt_close(krb5context, krb5keytab);
-    if (krb5ticket)
-        krb5_free_ticket(krb5context, krb5ticket);
-    if (krb5server)
-        krb5_free_principal(krb5context, krb5server);
-    return (krb5rc);
-}
-
-/*
- * Allocate & return a new kssl_ctx struct.
- */
-KSSL_CTX *kssl_ctx_new(void)
-{
-    return ((KSSL_CTX *)kssl_calloc(1, sizeof(KSSL_CTX)));
-}
-
-/*
- * Frees a kssl_ctx struct and any allocated memory it holds.  Returns NULL.
- */
-KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx)
-{
-    if (kssl_ctx == NULL)
-        return kssl_ctx;
-
-    if (kssl_ctx->key)
-        OPENSSL_cleanse(kssl_ctx->key, kssl_ctx->length);
-    if (kssl_ctx->key)
-        kssl_free(kssl_ctx->key);
-    if (kssl_ctx->client_princ)
-        kssl_free(kssl_ctx->client_princ);
-    if (kssl_ctx->service_host)
-        kssl_free(kssl_ctx->service_host);
-    if (kssl_ctx->service_name)
-        kssl_free(kssl_ctx->service_name);
-    if (kssl_ctx->keytab_file)
-        kssl_free(kssl_ctx->keytab_file);
-
-    kssl_free(kssl_ctx);
-    return (KSSL_CTX *)NULL;
-}
-
-/*
- * Given an array of (krb5_data *) entity (and optional realm), set the plain
- * (char *) client_princ or service_host member of the kssl_ctx struct.
- */
-krb5_error_code
-kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
-                  krb5_data *realm, krb5_data *entity, int nentities)
-{
-    char **princ;
-    int length;
-    int i;
-
-    if (kssl_ctx == NULL || entity == NULL)
-        return KSSL_CTX_ERR;
-
-    switch (which) {
-    case KSSL_CLIENT:
-        princ = &kssl_ctx->client_princ;
-        break;
-    case KSSL_SERVER:
-        princ = &kssl_ctx->service_host;
-        break;
-    default:
-        return KSSL_CTX_ERR;
-        break;
-    }
-    if (*princ)
-        kssl_free(*princ);
-
-    /* Add up all the entity->lengths */
-    length = 0;
-    for (i = 0; i < nentities; i++) {
-        length += entity[i].length;
-    }
-    /* Add in space for the '/' character(s) (if any) */
-    length += nentities - 1;
-    /* Space for the ('@'+realm+NULL | NULL) */
-    length += ((realm) ? realm->length + 2 : 1);
-
-    if ((*princ = kssl_calloc(1, length)) == NULL)
-        return KSSL_CTX_ERR;
-    else {
-        for (i = 0; i < nentities; i++) {
-            strncat(*princ, entity[i].data, entity[i].length);
-            if (i < nentities - 1) {
-                strcat(*princ, "/");
-            }
-        }
-        if (realm) {
-            strcat(*princ, "@");
-            (void)strncat(*princ, realm->data, realm->length);
-        }
-    }
-
-    return KSSL_CTX_OK;
-}
-
-/*-     Set one of the plain (char *) string members of the kssl_ctx struct.
- *      Default values should be:
- *              which == KSSL_SERVICE   =>      "khost" (KRB5SVC)
- *              which == KSSL_KEYTAB    =>      "/etc/krb5.keytab" (KRB5KEYTAB)
- */
-krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text)
-{
-    char **string;
-
-    if (!kssl_ctx)
-        return KSSL_CTX_ERR;
-
-    switch (which) {
-    case KSSL_SERVICE:
-        string = &kssl_ctx->service_name;
-        break;
-    case KSSL_SERVER:
-        string = &kssl_ctx->service_host;
-        break;
-    case KSSL_CLIENT:
-        string = &kssl_ctx->client_princ;
-        break;
-    case KSSL_KEYTAB:
-        string = &kssl_ctx->keytab_file;
-        break;
-    default:
-        return KSSL_CTX_ERR;
-        break;
-    }
-    if (*string)
-        kssl_free(*string);
-
-    if (!text) {
-        *string = '\0';
-        return KSSL_CTX_OK;
-    }
-
-    if ((*string = kssl_calloc(1, strlen(text) + 1)) == NULL)
-        return KSSL_CTX_ERR;
-    else
-        strcpy(*string, text);
-
-    return KSSL_CTX_OK;
-}
-
-/*
- * Copy the Kerberos session key from a (krb5_keyblock *) to a kssl_ctx
- * struct.  Clear kssl_ctx->key if Kerberos session key is NULL.
- */
-krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session)
-{
-    int length;
-    krb5_enctype enctype;
-    krb5_octet FAR *contents = NULL;
-
-    if (!kssl_ctx)
-        return KSSL_CTX_ERR;
-
-    if (kssl_ctx->key) {
-        OPENSSL_cleanse(kssl_ctx->key, kssl_ctx->length);
-        kssl_free(kssl_ctx->key);
-    }
-
-    if (session) {
-
-# ifdef KRB5_HEIMDAL
-        length = session->keyvalue->length;
-        enctype = session->keytype;
-        contents = session->keyvalue->contents;
-# else
-        length = session->length;
-        enctype = session->enctype;
-        contents = session->contents;
-# endif
-        kssl_ctx->enctype = enctype;
-        kssl_ctx->length = length;
-    } else {
-        kssl_ctx->enctype = ENCTYPE_UNKNOWN;
-        kssl_ctx->length = 0;
-        return KSSL_CTX_OK;
-    }
-
-    if ((kssl_ctx->key =
-         (krb5_octet FAR *)kssl_calloc(1, kssl_ctx->length)) == NULL) {
-        kssl_ctx->length = 0;
-        return KSSL_CTX_ERR;
-    } else
-        memcpy(kssl_ctx->key, contents, length);
-
-    return KSSL_CTX_OK;
-}
-
-/*
- * Display contents of kssl_ctx struct
- */
-void kssl_ctx_show(KSSL_CTX *kssl_ctx)
-{
-    int i;
-
-    printf("kssl_ctx: ");
-    if (kssl_ctx == NULL) {
-        printf("NULL\n");
-        return;
-    } else
-        printf("%p\n", (void *)kssl_ctx);
-
-    printf("\tservice:\t%s\n",
-           (kssl_ctx->service_name) ? kssl_ctx->service_name : "NULL");
-    printf("\tclient:\t%s\n",
-           (kssl_ctx->client_princ) ? kssl_ctx->client_princ : "NULL");
-    printf("\tserver:\t%s\n",
-           (kssl_ctx->service_host) ? kssl_ctx->service_host : "NULL");
-    printf("\tkeytab:\t%s\n",
-           (kssl_ctx->keytab_file) ? kssl_ctx->keytab_file : "NULL");
-    printf("\tkey [%d:%d]:\t", kssl_ctx->enctype, kssl_ctx->length);
-
-    for (i = 0; i < kssl_ctx->length && kssl_ctx->key; i++) {
-        printf("%02x", kssl_ctx->key[i]);
-    }
-    printf("\n");
-    return;
-}
-
-int kssl_keytab_is_available(KSSL_CTX *kssl_ctx)
-{
-    krb5_context krb5context = NULL;
-    krb5_keytab krb5keytab = NULL;
-    krb5_keytab_entry entry;
-    krb5_principal princ = NULL;
-    krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC;
-    int rc = 0;
-
-    if ((krb5rc = krb5_init_context(&krb5context)))
-        return (0);
-
-    /*
-     * kssl_ctx->keytab_file == NULL ==> use Kerberos default
-     */
-    if (kssl_ctx->keytab_file) {
-        krb5rc = krb5_kt_resolve(krb5context, kssl_ctx->keytab_file,
-                                 &krb5keytab);
-        if (krb5rc)
-            goto exit;
-    } else {
-        krb5rc = krb5_kt_default(krb5context, &krb5keytab);
-        if (krb5rc)
-            goto exit;
-    }
-
-    /* the host key we are looking for */
-    krb5rc = krb5_sname_to_principal(krb5context, NULL,
-                                     kssl_ctx->
-                                     service_name ? kssl_ctx->service_name :
-                                     KRB5SVC, KRB5_NT_SRV_HST, &princ);
-
-    if (krb5rc)
-        goto exit;
-
-    krb5rc = krb5_kt_get_entry(krb5context, krb5keytab, princ,
-                               /* IGNORE_VNO */
-                               0,
-                               /* IGNORE_ENCTYPE */
-                               0, &entry);
-    if (krb5rc == KRB5_KT_NOTFOUND) {
-        rc = 1;
-        goto exit;
-    } else if (krb5rc)
-        goto exit;
-
-    krb5_kt_free_entry(krb5context, &entry);
-    rc = 1;
-
- exit:
-    if (krb5keytab)
-        krb5_kt_close(krb5context, krb5keytab);
-    if (princ)
-        krb5_free_principal(krb5context, princ);
-    if (krb5context)
-        krb5_free_context(krb5context);
-    return (rc);
-}
-
-int kssl_tgt_is_available(KSSL_CTX *kssl_ctx)
-{
-    krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC;
-    krb5_context krb5context = NULL;
-    krb5_ccache krb5ccdef = NULL;
-    krb5_creds krb5creds, *krb5credsp = NULL;
-    int rc = 0;
-
-    memset((char *)&krb5creds, 0, sizeof(krb5creds));
-
-    if (!kssl_ctx)
-        return (0);
-
-    if (!kssl_ctx->service_host)
-        return (0);
-
-    if ((krb5rc = krb5_init_context(&krb5context)) != 0)
-        goto err;
-
-    if ((krb5rc = krb5_sname_to_principal(krb5context,
-                                          kssl_ctx->service_host,
-                                          (kssl_ctx->service_name) ?
-                                          kssl_ctx->service_name : KRB5SVC,
-                                          KRB5_NT_SRV_HST,
-                                          &krb5creds.server)) != 0)
-        goto err;
-
-    if ((krb5rc = krb5_cc_default(krb5context, &krb5ccdef)) != 0)
-        goto err;
-
-    if ((krb5rc = krb5_cc_get_principal(krb5context, krb5ccdef,
-                                        &krb5creds.client)) != 0)
-        goto err;
-
-    if ((krb5rc = krb5_get_credentials(krb5context, 0, krb5ccdef,
-                                       &krb5creds, &krb5credsp)) != 0)
-        goto err;
-
-    rc = 1;
-
- err:
-# ifdef KSSL_DEBUG
-    kssl_ctx_show(kssl_ctx);
-# endif                         /* KSSL_DEBUG */
-
-    if (krb5creds.client)
-        krb5_free_principal(krb5context, krb5creds.client);
-    if (krb5creds.server)
-        krb5_free_principal(krb5context, krb5creds.server);
-    if (krb5context)
-        krb5_free_context(krb5context);
-    return (rc);
-}
-
-# if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_WIN32)
-void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data)
-{
-#  ifdef KRB5_HEIMDAL
-    data->length = 0;
-    if (data->data)
-        free(data->data);
-#  elif defined(KRB5_MIT_OLD11)
-    if (data->data) {
-        krb5_xfree(data->data);
-        data->data = 0;
-    }
-#  else
-    krb5_free_data_contents(NULL, data);
-#  endif
-}
-# endif
-/* !OPENSSL_SYS_WINDOWS && !OPENSSL_SYS_WIN32 */
-
-/*
- * Given pointers to KerberosTime and struct tm structs, convert the
- * KerberosTime string to struct tm.  Note that KerberosTime is a
- * ASN1_GENERALIZEDTIME value, constrained to GMT with no fractional seconds
- * as defined in RFC 1510.  Return pointer to the (partially) filled in
- * struct tm on success, return NULL on failure.
- */
-static struct tm *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm)
-{
-    char c, *p;
-
-    if (!k_tm)
-        return NULL;
-    if (gtime == NULL || gtime->length < 14)
-        return NULL;
-    if (gtime->data == NULL)
-        return NULL;
-
-    p = (char *)&gtime->data[14];
-
-    c = *p;
-    *p = '\0';
-    p -= 2;
-    k_tm->tm_sec = atoi(p);
-    *(p + 2) = c;
-    c = *p;
-    *p = '\0';
-    p -= 2;
-    k_tm->tm_min = atoi(p);
-    *(p + 2) = c;
-    c = *p;
-    *p = '\0';
-    p -= 2;
-    k_tm->tm_hour = atoi(p);
-    *(p + 2) = c;
-    c = *p;
-    *p = '\0';
-    p -= 2;
-    k_tm->tm_mday = atoi(p);
-    *(p + 2) = c;
-    c = *p;
-    *p = '\0';
-    p -= 2;
-    k_tm->tm_mon = atoi(p) - 1;
-    *(p + 2) = c;
-    c = *p;
-    *p = '\0';
-    p -= 4;
-    k_tm->tm_year = atoi(p) - 1900;
-    *(p + 4) = c;
-
-    return k_tm;
-}
-
-/*
- * Helper function for kssl_validate_times().  We need context->clockskew,
- * but krb5_context is an opaque struct.  So we try to sneek the clockskew
- * out through the replay cache.  If that fails just return a likely default
- * (300 seconds).
- */
-static krb5_deltat get_rc_clockskew(krb5_context context)
-{
-    krb5_rcache rc;
-    krb5_deltat clockskew;
-
-    if (krb5_rc_default(context, &rc))
-        return KSSL_CLOCKSKEW;
-    if (krb5_rc_initialize(context, rc, 0))
-        return KSSL_CLOCKSKEW;
-    if (krb5_rc_get_lifespan(context, rc, &clockskew)) {
-        clockskew = KSSL_CLOCKSKEW;
-    }
-    (void)krb5_rc_destroy(context, rc);
-    return clockskew;
-}
-
-/*
- * kssl_validate_times() combines (and more importantly exposes) the MIT KRB5
- * internal function krb5_validate_times() and the in_clock_skew() macro.
- * The authenticator client time is checked to be within clockskew secs of
- * the current time and the current time is checked to be within the ticket
- * start and expire times.  Either check may be omitted by supplying a NULL
- * value.  Returns 0 for valid times, SSL_R_KRB5* error codes otherwise.  See
- * Also: (Kerberos source)/krb5/lib/krb5/krb/valid_times.c 20010420 VRS
- */
-krb5_error_code kssl_validate_times(krb5_timestamp atime,
-                                    krb5_ticket_times *ttimes)
-{
-    krb5_deltat skew;
-    krb5_timestamp start, now;
-    krb5_error_code rc;
-    krb5_context context;
-
-    if ((rc = krb5_init_context(&context)))
-        return SSL_R_KRB5_S_BAD_TICKET;
-    skew = get_rc_clockskew(context);
-    if ((rc = krb5_timeofday(context, &now)))
-        return SSL_R_KRB5_S_BAD_TICKET;
-    krb5_free_context(context);
-
-    if (atime && labs(atime - now) >= skew)
-        return SSL_R_KRB5_S_TKT_SKEW;
-
-    if (!ttimes)
-        return 0;
-
-    start = (ttimes->starttime != 0) ? ttimes->starttime : ttimes->authtime;
-    if (start - now > skew)
-        return SSL_R_KRB5_S_TKT_NYV;
-    if ((now - ttimes->endtime) > skew)
-        return SSL_R_KRB5_S_TKT_EXPIRED;
-
-# ifdef KSSL_DEBUG
-    fprintf(stderr, "kssl_validate_times: %d |<-  | %d - %d | < %d  ->| %d\n",
-            start, atime, now, skew, ttimes->endtime);
-# endif                         /* KSSL_DEBUG */
-
-    return 0;
-}
-
-/*
- * Decode and decrypt given DER-encoded authenticator, then pass
- * authenticator ctime back in *atimep (or 0 if time unavailable).  Returns
- * krb5_error_code and kssl_err on error.  A NULL authenticator
- * (authentp->length == 0) is not considered an error.  Note that
- * kssl_check_authent() makes use of the KRB5 session key; you must call
- * kssl_sget_tkt() to get the key before calling this routine.
- */
-krb5_error_code kssl_check_authent(
-                                      /*
-                                       * IN
-                                       */ KSSL_CTX *kssl_ctx,
-                                      /*
-                                       * IN
-                                       */ krb5_data *authentp,
-                                      /*
-                                       * OUT
-                                       */ krb5_timestamp *atimep,
-                                      /*
-                                       * OUT
-                                       */ KSSL_ERR *kssl_err)
-{
-    krb5_error_code krb5rc = 0;
-    KRB5_ENCDATA *dec_authent = NULL;
-    KRB5_AUTHENTBODY *auth = NULL;
-    krb5_enctype enctype;
-    EVP_CIPHER_CTX ciph_ctx;
-    const EVP_CIPHER *enc = NULL;
-    unsigned char iv[EVP_MAX_IV_LENGTH];
-    const unsigned char *p;
-    unsigned char *unenc_authent;
-    int outl, unencbufsize;
-    struct tm tm_time, *tm_l, *tm_g;
-    time_t now, tl, tg, tr, tz_offset;
-
-    EVP_CIPHER_CTX_init(&ciph_ctx);
-    *atimep = 0;
-    kssl_err_set(kssl_err, 0, "");
-
-# ifndef KRB5CHECKAUTH
-    authentp = NULL;
-# else
-#  if     KRB5CHECKAUTH == 0
-    authentp = NULL;
-#  endif
-# endif                         /* KRB5CHECKAUTH */
-
-    if (authentp == NULL || authentp->length == 0)
-        return 0;
-
-# ifdef KSSL_DEBUG
-    {
-        unsigned int ui;
-        fprintf(stderr, "kssl_check_authent: authenticator[%d]:\n",
-                authentp->length);
-        p = authentp->data;
-        for (ui = 0; ui < authentp->length; ui++)
-            fprintf(stderr, "%02x ", p[ui]);
-        fprintf(stderr, "\n");
-    }
-# endif                         /* KSSL_DEBUG */
-
-    unencbufsize = 2 * authentp->length;
-    if ((unenc_authent = calloc(1, unencbufsize)) == NULL) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                     "Unable to allocate authenticator buffer.\n");
-        krb5rc = KRB5KRB_ERR_GENERIC;
-        goto err;
-    }
-
-    p = (unsigned char *)authentp->data;
-    if ((dec_authent = d2i_KRB5_ENCDATA(NULL, &p,
-                                        (long)authentp->length)) == NULL) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                     "Error decoding authenticator.\n");
-        krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-        goto err;
-    }
-
-    enctype = dec_authent->etype->data[0]; /* should = kssl_ctx->enctype */
-# if !defined(KRB5_MIT_OLD11)
-    switch (enctype) {
-    case ENCTYPE_DES3_CBC_SHA1: /* EVP_des_ede3_cbc(); */
-    case ENCTYPE_DES3_CBC_SHA:
-    case ENCTYPE_DES3_CBC_RAW:
-        krb5rc = 0;             /* Skip, can't handle derived keys */
-        goto err;
-    }
-# endif
-    enc = kssl_map_enc(enctype);
-    memset(iv, 0, sizeof iv);   /* per RFC 1510 */
-
-    if (enc == NULL) {
-        /*
-         * Disable kssl_check_authent for ENCTYPE_DES3_CBC_SHA1.  This
-         * enctype indicates the authenticator was encrypted using key-usage
-         * derived keys which openssl cannot decrypt.
-         */
-        goto err;
-    }
-
-    if (!EVP_CipherInit(&ciph_ctx, enc, kssl_ctx->key, iv, 0)) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                     "EVP_CipherInit error decrypting authenticator.\n");
-        krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-        goto err;
-    }
-    outl = dec_authent->cipher->length;
-    if (!EVP_Cipher
-        (&ciph_ctx, unenc_authent, dec_authent->cipher->data, outl)) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                     "EVP_Cipher error decrypting authenticator.\n");
-        krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-        goto err;
-    }
-    EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-
-# ifdef KSSL_DEBUG
-    {
-        int padl;
-        fprintf(stderr, "kssl_check_authent: decrypted authenticator[%d] =\n",
-                outl);
-        for (padl = 0; padl < outl; padl++)
-            fprintf(stderr, "%02x ", unenc_authent[padl]);
-        fprintf(stderr, "\n");
-    }
-# endif                         /* KSSL_DEBUG */
-
-    if ((p = kssl_skip_confound(enctype, unenc_authent)) == NULL) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                     "confounded by authenticator.\n");
-        krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-        goto err;
-    }
-    outl -= p - unenc_authent;
-
-    if ((auth = (KRB5_AUTHENTBODY *)d2i_KRB5_AUTHENT(NULL, &p,
-                                                     (long)outl)) == NULL) {
-        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                     "Error decoding authenticator body.\n");
-        krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-        goto err;
-    }
-
-    memset(&tm_time, 0, sizeof(struct tm));
-    if (k_gmtime(auth->ctime, &tm_time) &&
-        ((tr = mktime(&tm_time)) != (time_t)(-1))) {
-        now = time(&now);
-        tm_l = localtime(&now);
-        tl = mktime(tm_l);
-        tm_g = gmtime(&now);
-        tg = mktime(tm_g);
-        tz_offset = tg - tl;
-
-        *atimep = (krb5_timestamp)(tr - tz_offset);
-    }
-# ifdef KSSL_DEBUG
-    fprintf(stderr, "kssl_check_authent: returns %d for client time ",
-            *atimep);
-    if (auth && auth->ctime && auth->ctime->length && auth->ctime->data)
-        fprintf(stderr, "%.*s\n", auth->ctime->length, auth->ctime->data);
-    else
-        fprintf(stderr, "NULL\n");
-# endif                         /* KSSL_DEBUG */
-
- err:
-    if (auth)
-        KRB5_AUTHENT_free((KRB5_AUTHENT *) auth);
-    if (dec_authent)
-        KRB5_ENCDATA_free(dec_authent);
-    if (unenc_authent)
-        free(unenc_authent);
-    EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-    return krb5rc;
-}
-
-/*
- * Replaces krb5_build_principal_ext(), with varargs length == 2 (svc, host),
- * because I don't know how to stub varargs.  Returns krb5_error_code ==
- * ENOMEM on alloc error, otherwise passes back newly constructed principal,
- * which should be freed by caller.
- */
-krb5_error_code kssl_build_principal_2(
-                                          /*
-                                           * UPDATE
-                                           */ krb5_context context,
-                                          /*
-                                           * OUT
-                                           */ krb5_principal *princ,
-                                          /*
-                                           * IN
-                                           */ int rlen, const char *realm,
-                                          /*
-                                           * IN
-                                           */ int slen, const char *svc,
-                                          /*
-                                           * IN
-                                           */ int hlen, const char *host)
-{
-    krb5_data *p_data = NULL;
-    krb5_principal new_p = NULL;
-    char *new_r = NULL;
-
-    if ((p_data = (krb5_data *)calloc(2, sizeof(krb5_data))) == NULL ||
-        (new_p = (krb5_principal)calloc(1, sizeof(krb5_principal_data)))
-        == NULL)
-        goto err;
-    new_p->length = 2;
-    new_p->data = p_data;
-
-    if ((new_r = calloc(1, rlen + 1)) == NULL)
-        goto err;
-    memcpy(new_r, realm, rlen);
-    krb5_princ_set_realm_length(context, new_p, rlen);
-    krb5_princ_set_realm_data(context, new_p, new_r);
-
-    if ((new_p->data[0].data = calloc(1, slen + 1)) == NULL)
-        goto err;
-    memcpy(new_p->data[0].data, svc, slen);
-    new_p->data[0].length = slen;
-
-    if ((new_p->data[1].data = calloc(1, hlen + 1)) == NULL)
-        goto err;
-    memcpy(new_p->data[1].data, host, hlen);
-    new_p->data[1].length = hlen;
-
-    krb5_princ_type(context, new_p) = KRB5_NT_UNKNOWN;
-    *princ = new_p;
-    return 0;
-
- err:
-    if (new_p && new_p[0].data)
-        free(new_p[0].data);
-    if (new_p && new_p[1].data)
-        free(new_p[1].data);
-    if (new_p)
-        free(new_p);
-    if (new_r)
-        free(new_r);
-    return ENOMEM;
-}
-
-void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx)
-{
-    s->kssl_ctx = kctx;
-}
-
-KSSL_CTX *SSL_get0_kssl_ctx(SSL *s)
-{
-    return s->kssl_ctx;
-}
-
-char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx)
-{
-    if (kctx)
-        return kctx->client_princ;
-    return NULL;
-}
-
-#else                           /* !OPENSSL_NO_KRB5 */
-
-# if defined(PEDANTIC) || defined(OPENSSL_SYS_VMS)
-static void *dummy = &dummy;
-# endif
-
-#endif                          /* !OPENSSL_NO_KRB5 */

Copied: vendor-crypto/openssl/1.0.1u/ssl/kssl.c (from rev 11605, vendor-crypto/openssl/dist/ssl/kssl.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/ssl/kssl.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/ssl/kssl.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,2260 @@
+/* ssl/kssl.c */
+/*
+ * Written by Vern Staats <staatsvr at asc.hpc.mil> for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*-
+ * ssl/kssl.c  --  Routines to support (& debug) Kerberos5 auth for openssl
+ *
+ *  19990701    VRS     Started.
+ *  200011??    Jeffrey Altman, Richard Levitte
+ *                      Generalized for Heimdal, Newer MIT, & Win32.
+ *                      Integrated into main OpenSSL 0.9.7 snapshots.
+ *  20010413    Simon Wilkinson, VRS
+ *                      Real RFC2712 KerberosWrapper replaces AP_REQ.
+ */
+
+#include <openssl/opensslconf.h>
+
+#include <string.h>
+
+#define KRB5_PRIVATE    1
+
+#include <openssl/ssl.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/krb5_asn.h>
+#include "kssl_lcl.h"
+
+#ifndef OPENSSL_NO_KRB5
+
+# ifndef ENOMEM
+#  define ENOMEM KRB5KRB_ERR_GENERIC
+# endif
+
+/*
+ * When OpenSSL is built on Windows, we do not want to require that
+ * the Kerberos DLLs be available in order for the OpenSSL DLLs to
+ * work.  Therefore, all Kerberos routines are loaded at run time
+ * and we do not link to a .LIB file.
+ */
+
+# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+/*
+ * The purpose of the following pre-processor statements is to provide
+ * compatibility with different releases of MIT Kerberos for Windows.
+ * All versions up to 1.2 used macros.  But macros do not allow for
+ * a binary compatible interface for DLLs.  Therefore, all macros are
+ * being replaced by function calls.  The following code will allow
+ * an OpenSSL DLL built on Windows to work whether or not the macro
+ * or function form of the routines are utilized.
+ */
+#  ifdef  krb5_cc_get_principal
+#   define NO_DEF_KRB5_CCACHE
+#   undef  krb5_cc_get_principal
+#  endif
+#  define krb5_cc_get_principal    kssl_krb5_cc_get_principal
+
+#  define krb5_free_data_contents  kssl_krb5_free_data_contents
+#  define krb5_free_context        kssl_krb5_free_context
+#  define krb5_auth_con_free       kssl_krb5_auth_con_free
+#  define krb5_free_principal      kssl_krb5_free_principal
+#  define krb5_mk_req_extended     kssl_krb5_mk_req_extended
+#  define krb5_get_credentials     kssl_krb5_get_credentials
+#  define krb5_cc_default          kssl_krb5_cc_default
+#  define krb5_sname_to_principal  kssl_krb5_sname_to_principal
+#  define krb5_init_context        kssl_krb5_init_context
+#  define krb5_free_ticket         kssl_krb5_free_ticket
+#  define krb5_rd_req              kssl_krb5_rd_req
+#  define krb5_kt_default          kssl_krb5_kt_default
+#  define krb5_kt_resolve          kssl_krb5_kt_resolve
+/* macros in mit 1.2.2 and earlier; functions in mit 1.2.3 and greater */
+#  ifndef krb5_kt_close
+#   define krb5_kt_close            kssl_krb5_kt_close
+#  endif                        /* krb5_kt_close */
+#  ifndef krb5_kt_get_entry
+#   define krb5_kt_get_entry        kssl_krb5_kt_get_entry
+#  endif                        /* krb5_kt_get_entry */
+#  define krb5_auth_con_init       kssl_krb5_auth_con_init
+
+#  define krb5_principal_compare   kssl_krb5_principal_compare
+#  define krb5_decrypt_tkt_part    kssl_krb5_decrypt_tkt_part
+#  define krb5_timeofday           kssl_krb5_timeofday
+#  define krb5_rc_default          kssl_krb5_rc_default
+
+#  ifdef krb5_rc_initialize
+#   undef krb5_rc_initialize
+#  endif
+#  define krb5_rc_initialize   kssl_krb5_rc_initialize
+
+#  ifdef krb5_rc_get_lifespan
+#   undef krb5_rc_get_lifespan
+#  endif
+#  define krb5_rc_get_lifespan kssl_krb5_rc_get_lifespan
+
+#  ifdef krb5_rc_destroy
+#   undef krb5_rc_destroy
+#  endif
+#  define krb5_rc_destroy      kssl_krb5_rc_destroy
+
+#  define valid_cksumtype      kssl_valid_cksumtype
+#  define krb5_checksum_size   kssl_krb5_checksum_size
+#  define krb5_kt_free_entry   kssl_krb5_kt_free_entry
+#  define krb5_auth_con_setrcache  kssl_krb5_auth_con_setrcache
+#  define krb5_auth_con_getrcache  kssl_krb5_auth_con_getrcache
+#  define krb5_get_server_rcache   kssl_krb5_get_server_rcache
+
+/* Prototypes for built in stubs */
+void kssl_krb5_free_data_contents(krb5_context, krb5_data *);
+void kssl_krb5_free_principal(krb5_context, krb5_principal);
+krb5_error_code kssl_krb5_kt_resolve(krb5_context,
+                                     krb5_const char *, krb5_keytab *);
+krb5_error_code kssl_krb5_kt_default(krb5_context, krb5_keytab *);
+krb5_error_code kssl_krb5_free_ticket(krb5_context, krb5_ticket *);
+krb5_error_code kssl_krb5_rd_req(krb5_context, krb5_auth_context *,
+                                 krb5_const krb5_data *,
+                                 krb5_const_principal, krb5_keytab,
+                                 krb5_flags *, krb5_ticket **);
+
+krb5_boolean kssl_krb5_principal_compare(krb5_context, krb5_const_principal,
+                                         krb5_const_principal);
+krb5_error_code kssl_krb5_mk_req_extended(krb5_context,
+                                          krb5_auth_context *,
+                                          krb5_const krb5_flags,
+                                          krb5_data *,
+                                          krb5_creds *, krb5_data *);
+krb5_error_code kssl_krb5_init_context(krb5_context *);
+void kssl_krb5_free_context(krb5_context);
+krb5_error_code kssl_krb5_cc_default(krb5_context, krb5_ccache *);
+krb5_error_code kssl_krb5_sname_to_principal(krb5_context,
+                                             krb5_const char *,
+                                             krb5_const char *,
+                                             krb5_int32, krb5_principal *);
+krb5_error_code kssl_krb5_get_credentials(krb5_context,
+                                          krb5_const krb5_flags,
+                                          krb5_ccache,
+                                          krb5_creds *, krb5_creds * *);
+krb5_error_code kssl_krb5_auth_con_init(krb5_context, krb5_auth_context *);
+krb5_error_code kssl_krb5_cc_get_principal(krb5_context context,
+                                           krb5_ccache cache,
+                                           krb5_principal *principal);
+krb5_error_code kssl_krb5_auth_con_free(krb5_context, krb5_auth_context);
+size_t kssl_krb5_checksum_size(krb5_context context, krb5_cksumtype ctype);
+krb5_boolean kssl_valid_cksumtype(krb5_cksumtype ctype);
+krb5_error_code krb5_kt_free_entry(krb5_context, krb5_keytab_entry FAR *);
+krb5_error_code kssl_krb5_auth_con_setrcache(krb5_context,
+                                             krb5_auth_context, krb5_rcache);
+krb5_error_code kssl_krb5_get_server_rcache(krb5_context,
+                                            krb5_const krb5_data *,
+                                            krb5_rcache *);
+krb5_error_code kssl_krb5_auth_con_getrcache(krb5_context,
+                                             krb5_auth_context,
+                                             krb5_rcache *);
+
+/* Function pointers (almost all Kerberos functions are _stdcall) */
+static void (_stdcall *p_krb5_free_data_contents) (krb5_context, krb5_data *)
+    = NULL;
+static void (_stdcall *p_krb5_free_principal) (krb5_context, krb5_principal)
+    = NULL;
+static krb5_error_code(_stdcall *p_krb5_kt_resolve)
+ (krb5_context, krb5_const char *, krb5_keytab *) = NULL;
+static krb5_error_code(_stdcall *p_krb5_kt_default) (krb5_context,
+                                                     krb5_keytab *) = NULL;
+static krb5_error_code(_stdcall *p_krb5_free_ticket) (krb5_context,
+                                                      krb5_ticket *) = NULL;
+static krb5_error_code(_stdcall *p_krb5_rd_req) (krb5_context,
+                                                 krb5_auth_context *,
+                                                 krb5_const krb5_data *,
+                                                 krb5_const_principal,
+                                                 krb5_keytab, krb5_flags *,
+                                                 krb5_ticket **) = NULL;
+static krb5_error_code(_stdcall *p_krb5_mk_req_extended)
+ (krb5_context, krb5_auth_context *,
+  krb5_const krb5_flags, krb5_data *, krb5_creds *, krb5_data *) = NULL;
+static krb5_error_code(_stdcall *p_krb5_init_context) (krb5_context *) = NULL;
+static void (_stdcall *p_krb5_free_context) (krb5_context) = NULL;
+static krb5_error_code(_stdcall *p_krb5_cc_default) (krb5_context,
+                                                     krb5_ccache *) = NULL;
+static krb5_error_code(_stdcall *p_krb5_sname_to_principal)
+ (krb5_context, krb5_const char *, krb5_const char *,
+  krb5_int32, krb5_principal *) = NULL;
+static krb5_error_code(_stdcall *p_krb5_get_credentials)
+ (krb5_context, krb5_const krb5_flags, krb5_ccache,
+  krb5_creds *, krb5_creds **) = NULL;
+static krb5_error_code(_stdcall *p_krb5_auth_con_init)
+ (krb5_context, krb5_auth_context *) = NULL;
+static krb5_error_code(_stdcall *p_krb5_cc_get_principal)
+ (krb5_context context, krb5_ccache cache, krb5_principal *principal) = NULL;
+static krb5_error_code(_stdcall *p_krb5_auth_con_free)
+ (krb5_context, krb5_auth_context) = NULL;
+static krb5_error_code(_stdcall *p_krb5_decrypt_tkt_part)
+ (krb5_context, krb5_const krb5_keyblock *, krb5_ticket *) = NULL;
+static krb5_error_code(_stdcall *p_krb5_timeofday)
+ (krb5_context context, krb5_int32 *timeret) = NULL;
+static krb5_error_code(_stdcall *p_krb5_rc_default)
+ (krb5_context context, krb5_rcache *rc) = NULL;
+static krb5_error_code(_stdcall *p_krb5_rc_initialize)
+ (krb5_context context, krb5_rcache rc, krb5_deltat lifespan) = NULL;
+static krb5_error_code(_stdcall *p_krb5_rc_get_lifespan)
+ (krb5_context context, krb5_rcache rc, krb5_deltat *lifespan) = NULL;
+static krb5_error_code(_stdcall *p_krb5_rc_destroy)
+ (krb5_context context, krb5_rcache rc) = NULL;
+static krb5_boolean(_stdcall *p_krb5_principal_compare)
+ (krb5_context, krb5_const_principal, krb5_const_principal) = NULL;
+static size_t (_stdcall *p_krb5_checksum_size) (krb5_context context,
+                                                krb5_cksumtype ctype) = NULL;
+static krb5_boolean(_stdcall *p_valid_cksumtype) (krb5_cksumtype ctype) =
+    NULL;
+static krb5_error_code(_stdcall *p_krb5_kt_free_entry)
+ (krb5_context, krb5_keytab_entry *) = NULL;
+static krb5_error_code(_stdcall *p_krb5_auth_con_setrcache) (krb5_context,
+                                                             krb5_auth_context,
+                                                             krb5_rcache) =
+    NULL;
+static krb5_error_code(_stdcall *p_krb5_get_server_rcache) (krb5_context,
+                                                            krb5_const
+                                                            krb5_data *,
+                                                            krb5_rcache *) =
+    NULL;
+static krb5_error_code(*p_krb5_auth_con_getrcache) (krb5_context,
+                                                    krb5_auth_context,
+                                                    krb5_rcache *) = NULL;
+static krb5_error_code(_stdcall *p_krb5_kt_close) (krb5_context context,
+                                                   krb5_keytab keytab) = NULL;
+static krb5_error_code(_stdcall *p_krb5_kt_get_entry) (krb5_context context,
+                                                       krb5_keytab keytab,
+                                                       krb5_const_principal
+                                                       principal,
+                                                       krb5_kvno vno,
+                                                       krb5_enctype enctype,
+                                                       krb5_keytab_entry
+                                                       *entry) = NULL;
+static int krb5_loaded = 0;     /* only attempt to initialize func ptrs once */
+
+/* Function to Load the Kerberos 5 DLL and initialize function pointers */
+void load_krb5_dll(void)
+{
+    HANDLE hKRB5_32;
+
+    krb5_loaded++;
+    hKRB5_32 = LoadLibrary(TEXT("KRB5_32"));
+    if (!hKRB5_32)
+        return;
+
+    (FARPROC) p_krb5_free_data_contents =
+        GetProcAddress(hKRB5_32, "krb5_free_data_contents");
+    (FARPROC) p_krb5_free_context =
+        GetProcAddress(hKRB5_32, "krb5_free_context");
+    (FARPROC) p_krb5_auth_con_free =
+        GetProcAddress(hKRB5_32, "krb5_auth_con_free");
+    (FARPROC) p_krb5_free_principal =
+        GetProcAddress(hKRB5_32, "krb5_free_principal");
+    (FARPROC) p_krb5_mk_req_extended =
+        GetProcAddress(hKRB5_32, "krb5_mk_req_extended");
+    (FARPROC) p_krb5_get_credentials =
+        GetProcAddress(hKRB5_32, "krb5_get_credentials");
+    (FARPROC) p_krb5_cc_get_principal =
+        GetProcAddress(hKRB5_32, "krb5_cc_get_principal");
+    (FARPROC) p_krb5_cc_default = GetProcAddress(hKRB5_32, "krb5_cc_default");
+    (FARPROC) p_krb5_sname_to_principal =
+        GetProcAddress(hKRB5_32, "krb5_sname_to_principal");
+    (FARPROC) p_krb5_init_context =
+        GetProcAddress(hKRB5_32, "krb5_init_context");
+    (FARPROC) p_krb5_free_ticket =
+        GetProcAddress(hKRB5_32, "krb5_free_ticket");
+    (FARPROC) p_krb5_rd_req = GetProcAddress(hKRB5_32, "krb5_rd_req");
+    (FARPROC) p_krb5_principal_compare =
+        GetProcAddress(hKRB5_32, "krb5_principal_compare");
+    (FARPROC) p_krb5_decrypt_tkt_part =
+        GetProcAddress(hKRB5_32, "krb5_decrypt_tkt_part");
+    (FARPROC) p_krb5_timeofday = GetProcAddress(hKRB5_32, "krb5_timeofday");
+    (FARPROC) p_krb5_rc_default = GetProcAddress(hKRB5_32, "krb5_rc_default");
+    (FARPROC) p_krb5_rc_initialize =
+        GetProcAddress(hKRB5_32, "krb5_rc_initialize");
+    (FARPROC) p_krb5_rc_get_lifespan =
+        GetProcAddress(hKRB5_32, "krb5_rc_get_lifespan");
+    (FARPROC) p_krb5_rc_destroy = GetProcAddress(hKRB5_32, "krb5_rc_destroy");
+    (FARPROC) p_krb5_kt_default = GetProcAddress(hKRB5_32, "krb5_kt_default");
+    (FARPROC) p_krb5_kt_resolve = GetProcAddress(hKRB5_32, "krb5_kt_resolve");
+    (FARPROC) p_krb5_auth_con_init =
+        GetProcAddress(hKRB5_32, "krb5_auth_con_init");
+    (FARPROC) p_valid_cksumtype = GetProcAddress(hKRB5_32, "valid_cksumtype");
+    (FARPROC) p_krb5_checksum_size =
+        GetProcAddress(hKRB5_32, "krb5_checksum_size");
+    (FARPROC) p_krb5_kt_free_entry =
+        GetProcAddress(hKRB5_32, "krb5_kt_free_entry");
+    (FARPROC) p_krb5_auth_con_setrcache =
+        GetProcAddress(hKRB5_32, "krb5_auth_con_setrcache");
+    (FARPROC) p_krb5_get_server_rcache =
+        GetProcAddress(hKRB5_32, "krb5_get_server_rcache");
+    (FARPROC) p_krb5_auth_con_getrcache =
+        GetProcAddress(hKRB5_32, "krb5_auth_con_getrcache");
+    (FARPROC) p_krb5_kt_close = GetProcAddress(hKRB5_32, "krb5_kt_close");
+    (FARPROC) p_krb5_kt_get_entry =
+        GetProcAddress(hKRB5_32, "krb5_kt_get_entry");
+}
+
+/* Stubs for each function to be dynamicly loaded */
+void kssl_krb5_free_data_contents(krb5_context CO, krb5_data *data)
+{
+    if (!krb5_loaded)
+        load_krb5_dll();
+
+    if (p_krb5_free_data_contents)
+        p_krb5_free_data_contents(CO, data);
+}
+
+krb5_error_code
+kssl_krb5_mk_req_extended(krb5_context CO,
+                          krb5_auth_context *pACO,
+                          krb5_const krb5_flags F,
+                          krb5_data *pD1, krb5_creds *pC, krb5_data *pD2)
+{
+    if (!krb5_loaded)
+        load_krb5_dll();
+
+    if (p_krb5_mk_req_extended)
+        return (p_krb5_mk_req_extended(CO, pACO, F, pD1, pC, pD2));
+    else
+        return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code
+kssl_krb5_auth_con_init(krb5_context CO, krb5_auth_context *pACO)
+{
+    if (!krb5_loaded)
+        load_krb5_dll();
+
+    if (p_krb5_auth_con_init)
+        return (p_krb5_auth_con_init(CO, pACO));
+    else
+        return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code
+kssl_krb5_auth_con_free(krb5_context CO, krb5_auth_context ACO)
+{
+    if (!krb5_loaded)
+        load_krb5_dll();
+
+    if (p_krb5_auth_con_free)
+        return (p_krb5_auth_con_free(CO, ACO));
+    else
+        return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code
+kssl_krb5_get_credentials(krb5_context CO,
+                          krb5_const krb5_flags F,
+                          krb5_ccache CC, krb5_creds *pCR, krb5_creds **ppCR)
+{
+    if (!krb5_loaded)
+        load_krb5_dll();
+
+    if (p_krb5_get_credentials)
+        return (p_krb5_get_credentials(CO, F, CC, pCR, ppCR));
+    else
+        return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code
+kssl_krb5_sname_to_principal(krb5_context CO,
+                             krb5_const char *pC1,
+                             krb5_const char *pC2,
+                             krb5_int32 I, krb5_principal *pPR)
+{
+    if (!krb5_loaded)
+        load_krb5_dll();
+
+    if (p_krb5_sname_to_principal)
+        return (p_krb5_sname_to_principal(CO, pC1, pC2, I, pPR));
+    else
+        return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code kssl_krb5_cc_default(krb5_context CO, krb5_ccache *pCC)
+{
+    if (!krb5_loaded)
+        load_krb5_dll();
+
+    if (p_krb5_cc_default)
+        return (p_krb5_cc_default(CO, pCC));
+    else
+        return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code kssl_krb5_init_context(krb5_context *pCO)
+{
+    if (!krb5_loaded)
+        load_krb5_dll();
+
+    if (p_krb5_init_context)
+        return (p_krb5_init_context(pCO));
+    else
+        return KRB5KRB_ERR_GENERIC;
+}
+
+void kssl_krb5_free_context(krb5_context CO)
+{
+    if (!krb5_loaded)
+        load_krb5_dll();
+
+    if (p_krb5_free_context)
+        p_krb5_free_context(CO);
+}
+
+void kssl_krb5_free_principal(krb5_context c, krb5_principal p)
+{
+    if (!krb5_loaded)
+        load_krb5_dll();
+
+    if (p_krb5_free_principal)
+        p_krb5_free_principal(c, p);
+}
+
+krb5_error_code
+kssl_krb5_kt_resolve(krb5_context con, krb5_const char *sz, krb5_keytab *kt)
+{
+    if (!krb5_loaded)
+        load_krb5_dll();
+
+    if (p_krb5_kt_resolve)
+        return (p_krb5_kt_resolve(con, sz, kt));
+    else
+        return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code kssl_krb5_kt_default(krb5_context con, krb5_keytab *kt)
+{
+    if (!krb5_loaded)
+        load_krb5_dll();
+
+    if (p_krb5_kt_default)
+        return (p_krb5_kt_default(con, kt));
+    else
+        return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code kssl_krb5_free_ticket(krb5_context con, krb5_ticket *kt)
+{
+    if (!krb5_loaded)
+        load_krb5_dll();
+
+    if (p_krb5_free_ticket)
+        return (p_krb5_free_ticket(con, kt));
+    else
+        return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code
+kssl_krb5_rd_req(krb5_context con, krb5_auth_context *pacon,
+                 krb5_const krb5_data *data,
+                 krb5_const_principal princ, krb5_keytab keytab,
+                 krb5_flags *flags, krb5_ticket **pptkt)
+{
+    if (!krb5_loaded)
+        load_krb5_dll();
+
+    if (p_krb5_rd_req)
+        return (p_krb5_rd_req(con, pacon, data, princ, keytab, flags, pptkt));
+    else
+        return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_boolean
+krb5_principal_compare(krb5_context con, krb5_const_principal princ1,
+                       krb5_const_principal princ2)
+{
+    if (!krb5_loaded)
+        load_krb5_dll();
+
+    if (p_krb5_principal_compare)
+        return (p_krb5_principal_compare(con, princ1, princ2));
+    else
+        return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code
+krb5_decrypt_tkt_part(krb5_context con, krb5_const krb5_keyblock *keys,
+                      krb5_ticket *ticket)
+{
+    if (!krb5_loaded)
+        load_krb5_dll();
+
+    if (p_krb5_decrypt_tkt_part)
+        return (p_krb5_decrypt_tkt_part(con, keys, ticket));
+    else
+        return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code krb5_timeofday(krb5_context con, krb5_int32 *timeret)
+{
+    if (!krb5_loaded)
+        load_krb5_dll();
+
+    if (p_krb5_timeofday)
+        return (p_krb5_timeofday(con, timeret));
+    else
+        return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code krb5_rc_default(krb5_context con, krb5_rcache *rc)
+{
+    if (!krb5_loaded)
+        load_krb5_dll();
+
+    if (p_krb5_rc_default)
+        return (p_krb5_rc_default(con, rc));
+    else
+        return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code
+krb5_rc_initialize(krb5_context con, krb5_rcache rc, krb5_deltat lifespan)
+{
+    if (!krb5_loaded)
+        load_krb5_dll();
+
+    if (p_krb5_rc_initialize)
+        return (p_krb5_rc_initialize(con, rc, lifespan));
+    else
+        return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code
+krb5_rc_get_lifespan(krb5_context con, krb5_rcache rc, krb5_deltat *lifespanp)
+{
+    if (!krb5_loaded)
+        load_krb5_dll();
+
+    if (p_krb5_rc_get_lifespan)
+        return (p_krb5_rc_get_lifespan(con, rc, lifespanp));
+    else
+        return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code krb5_rc_destroy(krb5_context con, krb5_rcache rc)
+{
+    if (!krb5_loaded)
+        load_krb5_dll();
+
+    if (p_krb5_rc_destroy)
+        return (p_krb5_rc_destroy(con, rc));
+    else
+        return KRB5KRB_ERR_GENERIC;
+}
+
+size_t krb5_checksum_size(krb5_context context, krb5_cksumtype ctype)
+{
+    if (!krb5_loaded)
+        load_krb5_dll();
+
+    if (p_krb5_checksum_size)
+        return (p_krb5_checksum_size(context, ctype));
+    else
+        return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_boolean valid_cksumtype(krb5_cksumtype ctype)
+{
+    if (!krb5_loaded)
+        load_krb5_dll();
+
+    if (p_valid_cksumtype)
+        return (p_valid_cksumtype(ctype));
+    else
+        return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code krb5_kt_free_entry(krb5_context con, krb5_keytab_entry *entry)
+{
+    if (!krb5_loaded)
+        load_krb5_dll();
+
+    if (p_krb5_kt_free_entry)
+        return (p_krb5_kt_free_entry(con, entry));
+    else
+        return KRB5KRB_ERR_GENERIC;
+}
+
+/* Structure definitions  */
+#  ifndef NO_DEF_KRB5_CCACHE
+#   ifndef krb5_x
+#    define krb5_x(ptr,args) ((ptr)?((*(ptr)) args):(abort(),1))
+#    define krb5_xc(ptr,args) ((ptr)?((*(ptr)) args):(abort(),(char*)0))
+#   endif
+
+typedef krb5_pointer krb5_cc_cursor; /* cursor for sequential lookup */
+
+typedef struct _krb5_ccache {
+    krb5_magic magic;
+    struct _krb5_cc_ops FAR *ops;
+    krb5_pointer data;
+} *krb5_ccache;
+
+typedef struct _krb5_cc_ops {
+    krb5_magic magic;
+    char *prefix;
+    char *(KRB5_CALLCONV *get_name)
+     (krb5_context, krb5_ccache);
+     krb5_error_code(KRB5_CALLCONV *resolve)
+     (krb5_context, krb5_ccache *, const char *);
+     krb5_error_code(KRB5_CALLCONV *gen_new)
+     (krb5_context, krb5_ccache *);
+     krb5_error_code(KRB5_CALLCONV *init)
+     (krb5_context, krb5_ccache, krb5_principal);
+     krb5_error_code(KRB5_CALLCONV *destroy)
+     (krb5_context, krb5_ccache);
+     krb5_error_code(KRB5_CALLCONV *close)
+     (krb5_context, krb5_ccache);
+     krb5_error_code(KRB5_CALLCONV *store)
+     (krb5_context, krb5_ccache, krb5_creds *);
+     krb5_error_code(KRB5_CALLCONV *retrieve)
+     (krb5_context, krb5_ccache, krb5_flags, krb5_creds *, krb5_creds *);
+     krb5_error_code(KRB5_CALLCONV *get_princ)
+     (krb5_context, krb5_ccache, krb5_principal *);
+     krb5_error_code(KRB5_CALLCONV *get_first)
+     (krb5_context, krb5_ccache, krb5_cc_cursor *);
+     krb5_error_code(KRB5_CALLCONV *get_next)
+     (krb5_context, krb5_ccache, krb5_cc_cursor *, krb5_creds *);
+     krb5_error_code(KRB5_CALLCONV *end_get)
+     (krb5_context, krb5_ccache, krb5_cc_cursor *);
+     krb5_error_code(KRB5_CALLCONV *remove_cred)
+     (krb5_context, krb5_ccache, krb5_flags, krb5_creds *);
+     krb5_error_code(KRB5_CALLCONV *set_flags)
+     (krb5_context, krb5_ccache, krb5_flags);
+} krb5_cc_ops;
+#  endif                        /* NO_DEF_KRB5_CCACHE */
+
+krb5_error_code
+    kssl_krb5_cc_get_principal
+    (krb5_context context, krb5_ccache cache, krb5_principal *principal) {
+    if (p_krb5_cc_get_principal)
+        return (p_krb5_cc_get_principal(context, cache, principal));
+    else
+        return (krb5_x((cache)->ops->get_princ, (context, cache, principal)));
+}
+
+krb5_error_code
+kssl_krb5_auth_con_setrcache(krb5_context con, krb5_auth_context acon,
+                             krb5_rcache rcache)
+{
+    if (p_krb5_auth_con_setrcache)
+        return (p_krb5_auth_con_setrcache(con, acon, rcache));
+    else
+        return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code
+kssl_krb5_get_server_rcache(krb5_context con, krb5_const krb5_data *data,
+                            krb5_rcache *rcache)
+{
+    if (p_krb5_get_server_rcache)
+        return (p_krb5_get_server_rcache(con, data, rcache));
+    else
+        return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code
+kssl_krb5_auth_con_getrcache(krb5_context con, krb5_auth_context acon,
+                             krb5_rcache *prcache)
+{
+    if (p_krb5_auth_con_getrcache)
+        return (p_krb5_auth_con_getrcache(con, acon, prcache));
+    else
+        return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code kssl_krb5_kt_close(krb5_context context, krb5_keytab keytab)
+{
+    if (p_krb5_kt_close)
+        return (p_krb5_kt_close(context, keytab));
+    else
+        return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code
+kssl_krb5_kt_get_entry(krb5_context context, krb5_keytab keytab,
+                       krb5_const_principal principal, krb5_kvno vno,
+                       krb5_enctype enctype, krb5_keytab_entry *entry)
+{
+    if (p_krb5_kt_get_entry)
+        return (p_krb5_kt_get_entry
+                (context, keytab, principal, vno, enctype, entry));
+    else
+        return KRB5KRB_ERR_GENERIC;
+}
+# endif                         /* OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32 */
+
+/*
+ * memory allocation functions for non-temporary storage (e.g. stuff that
+ * gets saved into the kssl context)
+ */
+static void *kssl_calloc(size_t nmemb, size_t size)
+{
+    void *p;
+
+    p = OPENSSL_malloc(nmemb * size);
+    if (p) {
+        memset(p, 0, nmemb * size);
+    }
+    return p;
+}
+
+# define kssl_malloc(size) OPENSSL_malloc((size))
+# define kssl_realloc(ptr, size) OPENSSL_realloc(ptr, size)
+# define kssl_free(ptr) OPENSSL_free((ptr))
+
+char
+*kstring(char *string)
+{
+    static char *null = "[NULL]";
+
+    return ((string == NULL) ? null : string);
+}
+
+/*
+ * Given KRB5 enctype (basically DES or 3DES), return closest match openssl
+ * EVP_ encryption algorithm.  Return NULL for unknown or problematic
+ * (krb5_dk_encrypt) enctypes.  Assume ENCTYPE_*_RAW (krb5_raw_encrypt) are
+ * OK.
+ */
+const EVP_CIPHER *kssl_map_enc(krb5_enctype enctype)
+{
+    switch (enctype) {
+    case ENCTYPE_DES_HMAC_SHA1: /* EVP_des_cbc(); */
+    case ENCTYPE_DES_CBC_CRC:
+    case ENCTYPE_DES_CBC_MD4:
+    case ENCTYPE_DES_CBC_MD5:
+    case ENCTYPE_DES_CBC_RAW:
+        return EVP_des_cbc();
+        break;
+    case ENCTYPE_DES3_CBC_SHA1: /* EVP_des_ede3_cbc(); */
+    case ENCTYPE_DES3_CBC_SHA:
+    case ENCTYPE_DES3_CBC_RAW:
+        return EVP_des_ede3_cbc();
+        break;
+    default:
+        return NULL;
+        break;
+    }
+}
+
+/*
+ * Return true:1 if p "looks like" the start of the real authenticator
+ * described in kssl_skip_confound() below.  The ASN.1 pattern is "62 xx 30
+ * yy" (APPLICATION-2, SEQUENCE), where xx-yy =~ 2, and xx and yy are
+ * possibly multi-byte length fields.
+ */
+static int kssl_test_confound(unsigned char *p)
+{
+    int len = 2;
+    int xx = 0, yy = 0;
+
+    if (*p++ != 0x62)
+        return 0;
+    if (*p > 0x82)
+        return 0;
+    switch (*p) {
+    case 0x82:
+        p++;
+        xx = (*p++ << 8);
+        xx += *p++;
+        break;
+    case 0x81:
+        p++;
+        xx = *p++;
+        break;
+    case 0x80:
+        return 0;
+    default:
+        xx = *p++;
+        break;
+    }
+    if (*p++ != 0x30)
+        return 0;
+    if (*p > 0x82)
+        return 0;
+    switch (*p) {
+    case 0x82:
+        p++;
+        len += 2;
+        yy = (*p++ << 8);
+        yy += *p++;
+        break;
+    case 0x81:
+        p++;
+        len++;
+        yy = *p++;
+        break;
+    case 0x80:
+        return 0;
+    default:
+        yy = *p++;
+        break;
+    }
+
+    return (xx - len == yy) ? 1 : 0;
+}
+
+/*
+ * Allocate, fill, and return cksumlens array of checksum lengths.  This
+ * array holds just the unique elements from the krb5_cksumarray[].  array[n]
+ * == 0 signals end of data.  The krb5_cksumarray[] was an internal variable
+ * that has since been replaced by a more general method for storing the
+ * data.  It should not be used.  Instead we use real API calls and make a
+ * guess for what the highest assigned CKSUMTYPE_ constant is.  As of 1.2.2
+ * it is 0x000c (CKSUMTYPE_HMAC_SHA1_DES3).  So we will use 0x0010.
+ */
+static size_t *populate_cksumlens(void)
+{
+    int i, j, n;
+    static size_t *cklens = NULL;
+
+# ifdef KRB5_MIT_OLD11
+    n = krb5_max_cksum;
+# else
+    n = 0x0010;
+# endif                         /* KRB5_MIT_OLD11 */
+
+# ifdef KRB5CHECKAUTH
+    if (!cklens && !(cklens = (size_t *)calloc(sizeof(int), n + 1)))
+        return NULL;
+
+    for (i = 0; i < n; i++) {
+        if (!valid_cksumtype(i))
+            continue;           /* array has holes */
+        for (j = 0; j < n; j++) {
+            if (cklens[j] == 0) {
+                cklens[j] = krb5_checksum_size(NULL, i);
+                break;          /* krb5 elem was new: add */
+            }
+            if (cklens[j] == krb5_checksum_size(NULL, i)) {
+                break;          /* ignore duplicate elements */
+            }
+        }
+    }
+# endif                         /* KRB5CHECKAUTH */
+
+    return cklens;
+}
+
+/*-
+ *      Return pointer to start of real authenticator within authenticator, or
+ *      return NULL on error.
+ *      Decrypted authenticator looks like this:
+ *              [0 or 8 byte confounder] [4-24 byte checksum] [real authent'r]
+ *      This hackery wouldn't be necessary if MIT KRB5 1.0.6 had the
+ *      krb5_auth_con_getcksumtype() function advertised in its krb5.h.
+ */
+unsigned char *kssl_skip_confound(krb5_enctype etype, unsigned char *a)
+{
+    int i, conlen;
+    size_t cklen;
+    static size_t *cksumlens = NULL;
+    unsigned char *test_auth;
+
+    conlen = (etype) ? 8 : 0;
+
+    if (!cksumlens && !(cksumlens = populate_cksumlens()))
+        return NULL;
+    for (i = 0; (cklen = cksumlens[i]) != 0; i++) {
+        test_auth = a + conlen + cklen;
+        if (kssl_test_confound(test_auth))
+            return test_auth;
+    }
+
+    return NULL;
+}
+
+/*
+ * Set kssl_err error info when reason text is a simple string kssl_err =
+ * struct { int reason; char text[KSSL_ERR_MAX+1]; }
+ */
+void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text)
+{
+    if (kssl_err == NULL)
+        return;
+
+    kssl_err->reason = reason;
+    BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, "%s", text);
+    return;
+}
+
+/*
+ * Display contents of krb5_data struct, for debugging
+ */
+void print_krb5_data(char *label, krb5_data *kdata)
+{
+    int i;
+
+    fprintf(stderr, "%s[%d] ", label, kdata->length);
+    for (i = 0; i < (int)kdata->length; i++) {
+        if (0 && isprint((int)kdata->data[i]))
+            fprintf(stderr, "%c ", kdata->data[i]);
+        else
+            fprintf(stderr, "%02x ", (unsigned char)kdata->data[i]);
+    }
+    fprintf(stderr, "\n");
+}
+
+/*
+ * Display contents of krb5_authdata struct, for debugging
+ */
+void print_krb5_authdata(char *label, krb5_authdata **adata)
+{
+    if (adata == NULL) {
+        fprintf(stderr, "%s, authdata==0\n", label);
+        return;
+    }
+    fprintf(stderr, "%s [%p]\n", label, (void *)adata);
+# if 0
+    {
+        int i;
+        fprintf(stderr, "%s[at%d:%d] ", label, adata->ad_type, adata->length);
+        for (i = 0; i < adata->length; i++) {
+            fprintf(stderr, (isprint(adata->contents[i])) ? "%c " : "%02x",
+                    adata->contents[i]);
+        }
+        fprintf(stderr, "\n");
+    }
+# endif
+}
+
+/*
+ * Display contents of krb5_keyblock struct, for debugging
+ */
+void print_krb5_keyblock(char *label, krb5_keyblock *keyblk)
+{
+    int i;
+
+    if (keyblk == NULL) {
+        fprintf(stderr, "%s, keyblk==0\n", label);
+        return;
+    }
+# ifdef KRB5_HEIMDAL
+    fprintf(stderr, "%s\n\t[et%d:%d]: ", label, keyblk->keytype,
+            keyblk->keyvalue->length);
+    for (i = 0; i < (int)keyblk->keyvalue->length; i++) {
+        fprintf(stderr, "%02x",
+                (unsigned char *)(keyblk->keyvalue->contents)[i]);
+    }
+    fprintf(stderr, "\n");
+# else
+    fprintf(stderr, "%s\n\t[et%d:%d]: ", label, keyblk->enctype,
+            keyblk->length);
+    for (i = 0; i < (int)keyblk->length; i++) {
+        fprintf(stderr, "%02x", keyblk->contents[i]);
+    }
+    fprintf(stderr, "\n");
+# endif
+}
+
+/*
+ * Display contents of krb5_principal_data struct, for debugging
+ * (krb5_principal is typedef'd == krb5_principal_data *)
+ */
+static void print_krb5_princ(char *label, krb5_principal_data *princ)
+{
+    int i, ui, uj;
+
+    fprintf(stderr, "%s principal Realm: ", label);
+    if (princ == NULL)
+        return;
+    for (ui = 0; ui < (int)princ->realm.length; ui++)
+        putchar(princ->realm.data[ui]);
+    fprintf(stderr, " (nametype %d) has %d strings:\n", princ->type,
+            princ->length);
+    for (i = 0; i < (int)princ->length; i++) {
+        fprintf(stderr, "\t%d [%d]: ", i, princ->data[i].length);
+        for (uj = 0; uj < (int)princ->data[i].length; uj++) {
+            putchar(princ->data[i].data[uj]);
+        }
+        fprintf(stderr, "\n");
+    }
+    return;
+}
+
+/*-     Given krb5 service (typically "kssl") and hostname in kssl_ctx,
+ *      Return encrypted Kerberos ticket for service @ hostname.
+ *      If authenp is non-NULL, also return encrypted authenticator,
+ *      whose data should be freed by caller.
+ *      (Originally was: Create Kerberos AP_REQ message for SSL Client.)
+ *
+ *      19990628        VRS     Started; Returns Kerberos AP_REQ message.
+ *      20010409        VRS     Modified for RFC2712; Returns enc tkt.
+ *      20010606        VRS     May also return optional authenticator.
+ */
+krb5_error_code kssl_cget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx,
+                              /*
+                               * OUT
+                               */ krb5_data **enc_ticketp,
+                              /*
+                               * UPDATE
+                               */ krb5_data *authenp,
+                              /*
+                               * OUT
+                               */ KSSL_ERR *kssl_err)
+{
+    krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC;
+    krb5_context krb5context = NULL;
+    krb5_auth_context krb5auth_context = NULL;
+    krb5_ccache krb5ccdef = NULL;
+    krb5_creds krb5creds, *krb5credsp = NULL;
+    krb5_data krb5_app_req;
+
+    kssl_err_set(kssl_err, 0, "");
+    memset((char *)&krb5creds, 0, sizeof(krb5creds));
+
+    if (!kssl_ctx) {
+        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, "No kssl_ctx defined.\n");
+        goto err;
+    } else if (!kssl_ctx->service_host) {
+        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                     "kssl_ctx service_host undefined.\n");
+        goto err;
+    }
+
+    if ((krb5rc = krb5_init_context(&krb5context)) != 0) {
+        BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+                     "krb5_init_context() fails: %d\n", krb5rc);
+        kssl_err->reason = SSL_R_KRB5_C_INIT;
+        goto err;
+    }
+
+    if ((krb5rc = krb5_sname_to_principal(krb5context,
+                                          kssl_ctx->service_host,
+                                          (kssl_ctx->service_name) ?
+                                          kssl_ctx->service_name : KRB5SVC,
+                                          KRB5_NT_SRV_HST,
+                                          &krb5creds.server)) != 0) {
+        BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+                     "krb5_sname_to_principal() fails for %s/%s\n",
+                     kssl_ctx->service_host,
+                     (kssl_ctx->
+                      service_name) ? kssl_ctx->service_name : KRB5SVC);
+        kssl_err->reason = SSL_R_KRB5_C_INIT;
+        goto err;
+    }
+
+    if ((krb5rc = krb5_cc_default(krb5context, &krb5ccdef)) != 0) {
+        kssl_err_set(kssl_err, SSL_R_KRB5_C_CC_PRINC,
+                     "krb5_cc_default fails.\n");
+        goto err;
+    }
+
+    if ((krb5rc = krb5_cc_get_principal(krb5context, krb5ccdef,
+                                        &krb5creds.client)) != 0) {
+        kssl_err_set(kssl_err, SSL_R_KRB5_C_CC_PRINC,
+                     "krb5_cc_get_principal() fails.\n");
+        goto err;
+    }
+
+    if ((krb5rc = krb5_get_credentials(krb5context, 0, krb5ccdef,
+                                       &krb5creds, &krb5credsp)) != 0) {
+        kssl_err_set(kssl_err, SSL_R_KRB5_C_GET_CRED,
+                     "krb5_get_credentials() fails.\n");
+        goto err;
+    }
+
+    *enc_ticketp = &krb5credsp->ticket;
+# ifdef KRB5_HEIMDAL
+    kssl_ctx->enctype = krb5credsp->session.keytype;
+# else
+    kssl_ctx->enctype = krb5credsp->keyblock.enctype;
+# endif
+
+    krb5rc = KRB5KRB_ERR_GENERIC;
+    /*      caller should free data of krb5_app_req  */
+    /*
+     * 20010406 VRS deleted for real KerberosWrapper 20010605 VRS reinstated
+     * to offer Authenticator to KerberosWrapper
+     */
+    krb5_app_req.length = 0;
+    if (authenp) {
+        krb5_data krb5in_data;
+        const unsigned char *p;
+        long arlen;
+        KRB5_APREQBODY *ap_req;
+
+        authenp->length = 0;
+        krb5in_data.data = NULL;
+        krb5in_data.length = 0;
+        if ((krb5rc = krb5_mk_req_extended(krb5context,
+                                           &krb5auth_context, 0, &krb5in_data,
+                                           krb5credsp, &krb5_app_req)) != 0) {
+            kssl_err_set(kssl_err, SSL_R_KRB5_C_MK_REQ,
+                         "krb5_mk_req_extended() fails.\n");
+            goto err;
+        }
+
+        arlen = krb5_app_req.length;
+        p = (unsigned char *)krb5_app_req.data;
+        ap_req = (KRB5_APREQBODY *)d2i_KRB5_APREQ(NULL, &p, arlen);
+        if (ap_req) {
+            authenp->length = i2d_KRB5_ENCDATA(ap_req->authenticator, NULL);
+            if (authenp->length && (authenp->data = malloc(authenp->length))) {
+                unsigned char *adp = (unsigned char *)authenp->data;
+                authenp->length =
+                    i2d_KRB5_ENCDATA(ap_req->authenticator, &adp);
+            }
+        }
+
+        if (ap_req)
+            KRB5_APREQ_free((KRB5_APREQ *) ap_req);
+        if (krb5_app_req.length)
+            kssl_krb5_free_data_contents(krb5context, &krb5_app_req);
+    }
+# ifdef KRB5_HEIMDAL
+    if (kssl_ctx_setkey(kssl_ctx, &krb5credsp->session)) {
+        kssl_err_set(kssl_err, SSL_R_KRB5_C_INIT,
+                     "kssl_ctx_setkey() fails.\n");
+    }
+# else
+    if (kssl_ctx_setkey(kssl_ctx, &krb5credsp->keyblock)) {
+        kssl_err_set(kssl_err, SSL_R_KRB5_C_INIT,
+                     "kssl_ctx_setkey() fails.\n");
+    }
+# endif
+    else
+        krb5rc = 0;
+
+ err:
+# ifdef KSSL_DEBUG
+    kssl_ctx_show(kssl_ctx);
+# endif                         /* KSSL_DEBUG */
+
+    if (krb5creds.client)
+        krb5_free_principal(krb5context, krb5creds.client);
+    if (krb5creds.server)
+        krb5_free_principal(krb5context, krb5creds.server);
+    if (krb5auth_context)
+        krb5_auth_con_free(krb5context, krb5auth_context);
+    if (krb5context)
+        krb5_free_context(krb5context);
+    return (krb5rc);
+}
+
+/*-
+ *  Given d2i_-decoded asn1ticket, allocate and return a new krb5_ticket.
+ *  Return Kerberos error code and kssl_err struct on error.
+ *  Allocates krb5_ticket and krb5_principal; caller should free these.
+ *
+ *      20010410        VRS     Implemented krb5_decode_ticket() as
+ *                              old_krb5_decode_ticket(). Missing from MIT1.0.6.
+ *      20010615        VRS     Re-cast as openssl/asn1 d2i_*() functions.
+ *                              Re-used some of the old krb5_decode_ticket()
+ *                              code here.  This tkt should alloc/free just
+ *                              like the real thing.
+ */
+static krb5_error_code kssl_TKT2tkt( /* IN */ krb5_context krb5context,
+                                    /*
+                                     * IN
+                                     */ KRB5_TKTBODY *asn1ticket,
+                                    /*
+                                     * OUT
+                                     */ krb5_ticket **krb5ticket,
+                                    /*
+                                     * OUT
+                                     */ KSSL_ERR *kssl_err)
+{
+    krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC;
+    krb5_ticket *new5ticket = NULL;
+    ASN1_GENERALSTRING *gstr_svc, *gstr_host;
+
+    *krb5ticket = NULL;
+
+    if (asn1ticket == NULL || asn1ticket->realm == NULL ||
+        asn1ticket->sname == NULL ||
+        sk_ASN1_GENERALSTRING_num(asn1ticket->sname->namestring) < 2) {
+        BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+                     "Null field in asn1ticket.\n");
+        kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
+        return KRB5KRB_ERR_GENERIC;
+    }
+
+    if ((new5ticket = (krb5_ticket *)calloc(1, sizeof(krb5_ticket))) == NULL) {
+        BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+                     "Unable to allocate new krb5_ticket.\n");
+        kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
+        return ENOMEM;          /* or KRB5KRB_ERR_GENERIC; */
+    }
+
+    gstr_svc = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 0);
+    gstr_host = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 1);
+
+    if ((krb5rc = kssl_build_principal_2(krb5context,
+                                         &new5ticket->server,
+                                         asn1ticket->realm->length,
+                                         (char *)asn1ticket->realm->data,
+                                         gstr_svc->length,
+                                         (char *)gstr_svc->data,
+                                         gstr_host->length,
+                                         (char *)gstr_host->data)) != 0) {
+        free(new5ticket);
+        BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+                     "Error building ticket server principal.\n");
+        kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
+        return krb5rc;          /* or KRB5KRB_ERR_GENERIC; */
+    }
+
+    krb5_princ_type(krb5context, new5ticket->server) =
+        asn1ticket->sname->nametype->data[0];
+    new5ticket->enc_part.enctype = asn1ticket->encdata->etype->data[0];
+    new5ticket->enc_part.kvno = asn1ticket->encdata->kvno->data[0];
+    new5ticket->enc_part.ciphertext.length =
+        asn1ticket->encdata->cipher->length;
+    if ((new5ticket->enc_part.ciphertext.data =
+         calloc(1, asn1ticket->encdata->cipher->length)) == NULL) {
+        free(new5ticket);
+        BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+                     "Error allocating cipher in krb5ticket.\n");
+        kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
+        return KRB5KRB_ERR_GENERIC;
+    } else {
+        memcpy(new5ticket->enc_part.ciphertext.data,
+               asn1ticket->encdata->cipher->data,
+               asn1ticket->encdata->cipher->length);
+    }
+
+    *krb5ticket = new5ticket;
+    return 0;
+}
+
+/*-
+ *      Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"),
+ *              and krb5 AP_REQ message & message length,
+ *      Return Kerberos session key and client principle
+ *              to SSL Server in KSSL_CTX *kssl_ctx.
+ *
+ *      19990702        VRS     Started.
+ */
+krb5_error_code kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx,
+                              /*
+                               * IN
+                               */ krb5_data *indata,
+                              /*
+                               * OUT
+                               */ krb5_ticket_times *ttimes,
+                              /*
+                               * OUT
+                               */ KSSL_ERR *kssl_err)
+{
+    krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC;
+    static krb5_context krb5context = NULL;
+    static krb5_auth_context krb5auth_context = NULL;
+    krb5_ticket *krb5ticket = NULL;
+    KRB5_TKTBODY *asn1ticket = NULL;
+    const unsigned char *p;
+    krb5_keytab krb5keytab = NULL;
+    krb5_keytab_entry kt_entry;
+    krb5_principal krb5server;
+    krb5_rcache rcache = NULL;
+
+    kssl_err_set(kssl_err, 0, "");
+
+    if (!kssl_ctx) {
+        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, "No kssl_ctx defined.\n");
+        goto err;
+    }
+# ifdef KSSL_DEBUG
+    fprintf(stderr, "in kssl_sget_tkt(%s)\n",
+            kstring(kssl_ctx->service_name));
+# endif                         /* KSSL_DEBUG */
+
+    if (!krb5context && (krb5rc = krb5_init_context(&krb5context))) {
+        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                     "krb5_init_context() fails.\n");
+        goto err;
+    }
+    if (krb5auth_context &&
+        (krb5rc = krb5_auth_con_free(krb5context, krb5auth_context))) {
+        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                     "krb5_auth_con_free() fails.\n");
+        goto err;
+    } else
+        krb5auth_context = NULL;
+    if (!krb5auth_context &&
+        (krb5rc = krb5_auth_con_init(krb5context, &krb5auth_context))) {
+        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                     "krb5_auth_con_init() fails.\n");
+        goto err;
+    }
+
+    if ((krb5rc = krb5_auth_con_getrcache(krb5context, krb5auth_context,
+                                          &rcache))) {
+        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                     "krb5_auth_con_getrcache() fails.\n");
+        goto err;
+    }
+
+    if ((krb5rc = krb5_sname_to_principal(krb5context, NULL,
+                                          (kssl_ctx->service_name) ?
+                                          kssl_ctx->service_name : KRB5SVC,
+                                          KRB5_NT_SRV_HST,
+                                          &krb5server)) != 0) {
+        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                     "krb5_sname_to_principal() fails.\n");
+        goto err;
+    }
+
+    if (rcache == NULL) {
+        if ((krb5rc = krb5_get_server_rcache(krb5context,
+                                             krb5_princ_component(krb5context,
+                                                                  krb5server,
+                                                                  0),
+                                             &rcache))) {
+            kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                         "krb5_get_server_rcache() fails.\n");
+            goto err;
+        }
+    }
+
+    if ((krb5rc =
+         krb5_auth_con_setrcache(krb5context, krb5auth_context, rcache))) {
+        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                     "krb5_auth_con_setrcache() fails.\n");
+        goto err;
+    }
+
+    /*
+     * kssl_ctx->keytab_file == NULL ==> use Kerberos default
+     */
+    if (kssl_ctx->keytab_file) {
+        krb5rc = krb5_kt_resolve(krb5context, kssl_ctx->keytab_file,
+                                 &krb5keytab);
+        if (krb5rc) {
+            kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                         "krb5_kt_resolve() fails.\n");
+            goto err;
+        }
+    } else {
+        krb5rc = krb5_kt_default(krb5context, &krb5keytab);
+        if (krb5rc) {
+            kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                         "krb5_kt_default() fails.\n");
+            goto err;
+        }
+    }
+
+    /*-     Actual Kerberos5 krb5_recvauth() has initial conversation here
+     *      o       check KRB5_SENDAUTH_BADAUTHVERS
+     *              unless KRB5_RECVAUTH_SKIP_VERSION
+     *      o       check KRB5_SENDAUTH_BADAPPLVERS
+     *      o       send "0" msg if all OK
+     */
+
+    /*-
+     * 20010411 was using AP_REQ instead of true KerberosWrapper
+     *
+     *  if ((krb5rc = krb5_rd_req(krb5context, &krb5auth_context,
+     *                      &krb5in_data, krb5server, krb5keytab,
+     *                      &ap_option, &krb5ticket)) != 0)  { Error }
+     */
+
+    p = (unsigned char *)indata->data;
+    if ((asn1ticket = (KRB5_TKTBODY *)d2i_KRB5_TICKET(NULL, &p,
+                                                      (long)indata->length))
+        == NULL) {
+        BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+                     "d2i_KRB5_TICKET() ASN.1 decode failure.\n");
+        kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
+        goto err;
+    }
+
+    /*
+     * Was: krb5rc = krb5_decode_ticket(krb5in_data,&krb5ticket)) != 0)
+     */
+    if ((krb5rc = kssl_TKT2tkt(krb5context, asn1ticket, &krb5ticket,
+                               kssl_err)) != 0) {
+        BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+                     "Error converting ASN.1 ticket to krb5_ticket.\n");
+        kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
+        goto err;
+    }
+
+    if (!krb5_principal_compare(krb5context, krb5server, krb5ticket->server)) {
+        krb5rc = KRB5_PRINC_NOMATCH;
+        BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+                     "server principal != ticket principal\n");
+        kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
+        goto err;
+    }
+    if ((krb5rc = krb5_kt_get_entry(krb5context, krb5keytab,
+                                    krb5ticket->server,
+                                    krb5ticket->enc_part.kvno,
+                                    krb5ticket->enc_part.enctype,
+                                    &kt_entry)) != 0) {
+        BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+                     "krb5_kt_get_entry() fails with %x.\n", krb5rc);
+        kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
+        goto err;
+    }
+    if ((krb5rc = krb5_decrypt_tkt_part(krb5context, &kt_entry.key,
+                                        krb5ticket)) != 0) {
+        BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+                     "krb5_decrypt_tkt_part() failed.\n");
+        kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
+        goto err;
+    } else {
+        krb5_kt_free_entry(krb5context, &kt_entry);
+# ifdef KSSL_DEBUG
+        {
+            int i;
+            krb5_address **paddr = krb5ticket->enc_part2->caddrs;
+            fprintf(stderr, "Decrypted ticket fields:\n");
+            fprintf(stderr, "\tflags: %X, transit-type: %X",
+                    krb5ticket->enc_part2->flags,
+                    krb5ticket->enc_part2->transited.tr_type);
+            print_krb5_data("\ttransit-data: ",
+                            &(krb5ticket->enc_part2->transited.tr_contents));
+            fprintf(stderr, "\tcaddrs: %p, authdata: %p\n",
+                    krb5ticket->enc_part2->caddrs,
+                    krb5ticket->enc_part2->authorization_data);
+            if (paddr) {
+                fprintf(stderr, "\tcaddrs:\n");
+                for (i = 0; paddr[i] != NULL; i++) {
+                    krb5_data d;
+                    d.length = paddr[i]->length;
+                    d.data = paddr[i]->contents;
+                    print_krb5_data("\t\tIP: ", &d);
+                }
+            }
+            fprintf(stderr, "\tstart/auth/end times: %d / %d / %d\n",
+                    krb5ticket->enc_part2->times.starttime,
+                    krb5ticket->enc_part2->times.authtime,
+                    krb5ticket->enc_part2->times.endtime);
+        }
+# endif                         /* KSSL_DEBUG */
+    }
+
+    krb5rc = KRB5_NO_TKT_SUPPLIED;
+    if (!krb5ticket || !krb5ticket->enc_part2 ||
+        !krb5ticket->enc_part2->client ||
+        !krb5ticket->enc_part2->client->data ||
+        !krb5ticket->enc_part2->session) {
+        kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
+                     "bad ticket from krb5_rd_req.\n");
+    } else if (kssl_ctx_setprinc(kssl_ctx, KSSL_CLIENT,
+                                 &krb5ticket->enc_part2->client->realm,
+                                 krb5ticket->enc_part2->client->data,
+                                 krb5ticket->enc_part2->client->length)) {
+        kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
+                     "kssl_ctx_setprinc() fails.\n");
+    } else if (kssl_ctx_setkey(kssl_ctx, krb5ticket->enc_part2->session)) {
+        kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
+                     "kssl_ctx_setkey() fails.\n");
+    } else if (krb5ticket->enc_part2->flags & TKT_FLG_INVALID) {
+        krb5rc = KRB5KRB_AP_ERR_TKT_INVALID;
+        kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
+                     "invalid ticket from krb5_rd_req.\n");
+    } else
+        krb5rc = 0;
+
+    kssl_ctx->enctype = krb5ticket->enc_part.enctype;
+    ttimes->authtime = krb5ticket->enc_part2->times.authtime;
+    ttimes->starttime = krb5ticket->enc_part2->times.starttime;
+    ttimes->endtime = krb5ticket->enc_part2->times.endtime;
+    ttimes->renew_till = krb5ticket->enc_part2->times.renew_till;
+
+ err:
+# ifdef KSSL_DEBUG
+    kssl_ctx_show(kssl_ctx);
+# endif                         /* KSSL_DEBUG */
+
+    if (asn1ticket)
+        KRB5_TICKET_free((KRB5_TICKET *) asn1ticket);
+    if (krb5keytab)
+        krb5_kt_close(krb5context, krb5keytab);
+    if (krb5ticket)
+        krb5_free_ticket(krb5context, krb5ticket);
+    if (krb5server)
+        krb5_free_principal(krb5context, krb5server);
+    return (krb5rc);
+}
+
+/*
+ * Allocate & return a new kssl_ctx struct.
+ */
+KSSL_CTX *kssl_ctx_new(void)
+{
+    return ((KSSL_CTX *)kssl_calloc(1, sizeof(KSSL_CTX)));
+}
+
+/*
+ * Frees a kssl_ctx struct and any allocated memory it holds.  Returns NULL.
+ */
+KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx)
+{
+    if (kssl_ctx == NULL)
+        return kssl_ctx;
+
+    if (kssl_ctx->key)
+        OPENSSL_cleanse(kssl_ctx->key, kssl_ctx->length);
+    if (kssl_ctx->key)
+        kssl_free(kssl_ctx->key);
+    if (kssl_ctx->client_princ)
+        kssl_free(kssl_ctx->client_princ);
+    if (kssl_ctx->service_host)
+        kssl_free(kssl_ctx->service_host);
+    if (kssl_ctx->service_name)
+        kssl_free(kssl_ctx->service_name);
+    if (kssl_ctx->keytab_file)
+        kssl_free(kssl_ctx->keytab_file);
+
+    kssl_free(kssl_ctx);
+    return (KSSL_CTX *)NULL;
+}
+
+/*
+ * Given an array of (krb5_data *) entity (and optional realm), set the plain
+ * (char *) client_princ or service_host member of the kssl_ctx struct.
+ */
+krb5_error_code
+kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
+                  krb5_data *realm, krb5_data *entity, int nentities)
+{
+    char **princ;
+    int length;
+    int i;
+
+    if (kssl_ctx == NULL || entity == NULL)
+        return KSSL_CTX_ERR;
+
+    switch (which) {
+    case KSSL_CLIENT:
+        princ = &kssl_ctx->client_princ;
+        break;
+    case KSSL_SERVER:
+        princ = &kssl_ctx->service_host;
+        break;
+    default:
+        return KSSL_CTX_ERR;
+        break;
+    }
+    if (*princ)
+        kssl_free(*princ);
+
+    /* Add up all the entity->lengths */
+    length = 0;
+    for (i = 0; i < nentities; i++) {
+        length += entity[i].length;
+    }
+    /* Add in space for the '/' character(s) (if any) */
+    length += nentities - 1;
+    /* Space for the ('@'+realm+NULL | NULL) */
+    length += ((realm) ? realm->length + 2 : 1);
+
+    if ((*princ = kssl_calloc(1, length)) == NULL)
+        return KSSL_CTX_ERR;
+    else {
+        for (i = 0; i < nentities; i++) {
+            strncat(*princ, entity[i].data, entity[i].length);
+            if (i < nentities - 1) {
+                strcat(*princ, "/");
+            }
+        }
+        if (realm) {
+            strcat(*princ, "@");
+            (void)strncat(*princ, realm->data, realm->length);
+        }
+    }
+
+    return KSSL_CTX_OK;
+}
+
+/*-     Set one of the plain (char *) string members of the kssl_ctx struct.
+ *      Default values should be:
+ *              which == KSSL_SERVICE   =>      "khost" (KRB5SVC)
+ *              which == KSSL_KEYTAB    =>      "/etc/krb5.keytab" (KRB5KEYTAB)
+ */
+krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text)
+{
+    char **string;
+
+    if (!kssl_ctx)
+        return KSSL_CTX_ERR;
+
+    switch (which) {
+    case KSSL_SERVICE:
+        string = &kssl_ctx->service_name;
+        break;
+    case KSSL_SERVER:
+        string = &kssl_ctx->service_host;
+        break;
+    case KSSL_CLIENT:
+        string = &kssl_ctx->client_princ;
+        break;
+    case KSSL_KEYTAB:
+        string = &kssl_ctx->keytab_file;
+        break;
+    default:
+        return KSSL_CTX_ERR;
+        break;
+    }
+    if (*string)
+        kssl_free(*string);
+
+    if (!text) {
+        *string = '\0';
+        return KSSL_CTX_OK;
+    }
+
+    if ((*string = kssl_calloc(1, strlen(text) + 1)) == NULL)
+        return KSSL_CTX_ERR;
+    else
+        strcpy(*string, text);
+
+    return KSSL_CTX_OK;
+}
+
+/*
+ * Copy the Kerberos session key from a (krb5_keyblock *) to a kssl_ctx
+ * struct.  Clear kssl_ctx->key if Kerberos session key is NULL.
+ */
+krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session)
+{
+    int length;
+    krb5_enctype enctype;
+    krb5_octet FAR *contents = NULL;
+
+    if (!kssl_ctx)
+        return KSSL_CTX_ERR;
+
+    if (kssl_ctx->key) {
+        OPENSSL_cleanse(kssl_ctx->key, kssl_ctx->length);
+        kssl_free(kssl_ctx->key);
+    }
+
+    if (session) {
+
+# ifdef KRB5_HEIMDAL
+        length = session->keyvalue->length;
+        enctype = session->keytype;
+        contents = session->keyvalue->contents;
+# else
+        length = session->length;
+        enctype = session->enctype;
+        contents = session->contents;
+# endif
+        kssl_ctx->enctype = enctype;
+        kssl_ctx->length = length;
+    } else {
+        kssl_ctx->enctype = ENCTYPE_UNKNOWN;
+        kssl_ctx->length = 0;
+        return KSSL_CTX_OK;
+    }
+
+    if ((kssl_ctx->key =
+         (krb5_octet FAR *)kssl_calloc(1, kssl_ctx->length)) == NULL) {
+        kssl_ctx->length = 0;
+        return KSSL_CTX_ERR;
+    } else
+        memcpy(kssl_ctx->key, contents, length);
+
+    return KSSL_CTX_OK;
+}
+
+/*
+ * Display contents of kssl_ctx struct
+ */
+void kssl_ctx_show(KSSL_CTX *kssl_ctx)
+{
+    int i;
+
+    printf("kssl_ctx: ");
+    if (kssl_ctx == NULL) {
+        printf("NULL\n");
+        return;
+    } else
+        printf("%p\n", (void *)kssl_ctx);
+
+    printf("\tservice:\t%s\n",
+           (kssl_ctx->service_name) ? kssl_ctx->service_name : "NULL");
+    printf("\tclient:\t%s\n",
+           (kssl_ctx->client_princ) ? kssl_ctx->client_princ : "NULL");
+    printf("\tserver:\t%s\n",
+           (kssl_ctx->service_host) ? kssl_ctx->service_host : "NULL");
+    printf("\tkeytab:\t%s\n",
+           (kssl_ctx->keytab_file) ? kssl_ctx->keytab_file : "NULL");
+    printf("\tkey [%d:%d]:\t", kssl_ctx->enctype, kssl_ctx->length);
+
+    for (i = 0; i < kssl_ctx->length && kssl_ctx->key; i++) {
+        printf("%02x", kssl_ctx->key[i]);
+    }
+    printf("\n");
+    return;
+}
+
+int kssl_keytab_is_available(KSSL_CTX *kssl_ctx)
+{
+    krb5_context krb5context = NULL;
+    krb5_keytab krb5keytab = NULL;
+    krb5_keytab_entry entry;
+    krb5_principal princ = NULL;
+    krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC;
+    int rc = 0;
+
+    if ((krb5rc = krb5_init_context(&krb5context)))
+        return (0);
+
+    /*
+     * kssl_ctx->keytab_file == NULL ==> use Kerberos default
+     */
+    if (kssl_ctx->keytab_file) {
+        krb5rc = krb5_kt_resolve(krb5context, kssl_ctx->keytab_file,
+                                 &krb5keytab);
+        if (krb5rc)
+            goto exit;
+    } else {
+        krb5rc = krb5_kt_default(krb5context, &krb5keytab);
+        if (krb5rc)
+            goto exit;
+    }
+
+    /* the host key we are looking for */
+    krb5rc = krb5_sname_to_principal(krb5context, NULL,
+                                     kssl_ctx->
+                                     service_name ? kssl_ctx->service_name :
+                                     KRB5SVC, KRB5_NT_SRV_HST, &princ);
+
+    if (krb5rc)
+        goto exit;
+
+    krb5rc = krb5_kt_get_entry(krb5context, krb5keytab, princ,
+                               /* IGNORE_VNO */
+                               0,
+                               /* IGNORE_ENCTYPE */
+                               0, &entry);
+    if (krb5rc == KRB5_KT_NOTFOUND) {
+        rc = 1;
+        goto exit;
+    } else if (krb5rc)
+        goto exit;
+
+    krb5_kt_free_entry(krb5context, &entry);
+    rc = 1;
+
+ exit:
+    if (krb5keytab)
+        krb5_kt_close(krb5context, krb5keytab);
+    if (princ)
+        krb5_free_principal(krb5context, princ);
+    if (krb5context)
+        krb5_free_context(krb5context);
+    return (rc);
+}
+
+int kssl_tgt_is_available(KSSL_CTX *kssl_ctx)
+{
+    krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC;
+    krb5_context krb5context = NULL;
+    krb5_ccache krb5ccdef = NULL;
+    krb5_creds krb5creds, *krb5credsp = NULL;
+    int rc = 0;
+
+    memset((char *)&krb5creds, 0, sizeof(krb5creds));
+
+    if (!kssl_ctx)
+        return (0);
+
+    if (!kssl_ctx->service_host)
+        return (0);
+
+    if ((krb5rc = krb5_init_context(&krb5context)) != 0)
+        goto err;
+
+    if ((krb5rc = krb5_sname_to_principal(krb5context,
+                                          kssl_ctx->service_host,
+                                          (kssl_ctx->service_name) ?
+                                          kssl_ctx->service_name : KRB5SVC,
+                                          KRB5_NT_SRV_HST,
+                                          &krb5creds.server)) != 0)
+        goto err;
+
+    if ((krb5rc = krb5_cc_default(krb5context, &krb5ccdef)) != 0)
+        goto err;
+
+    if ((krb5rc = krb5_cc_get_principal(krb5context, krb5ccdef,
+                                        &krb5creds.client)) != 0)
+        goto err;
+
+    if ((krb5rc = krb5_get_credentials(krb5context, 0, krb5ccdef,
+                                       &krb5creds, &krb5credsp)) != 0)
+        goto err;
+
+    rc = 1;
+
+ err:
+# ifdef KSSL_DEBUG
+    kssl_ctx_show(kssl_ctx);
+# endif                         /* KSSL_DEBUG */
+
+    if (krb5creds.client)
+        krb5_free_principal(krb5context, krb5creds.client);
+    if (krb5creds.server)
+        krb5_free_principal(krb5context, krb5creds.server);
+    if (krb5context)
+        krb5_free_context(krb5context);
+    return (rc);
+}
+
+# if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_WIN32)
+void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data)
+{
+#  ifdef KRB5_HEIMDAL
+    data->length = 0;
+    if (data->data)
+        free(data->data);
+#  elif defined(KRB5_MIT_OLD11)
+    if (data->data) {
+        krb5_xfree(data->data);
+        data->data = 0;
+    }
+#  else
+    krb5_free_data_contents(NULL, data);
+#  endif
+}
+# endif
+/* !OPENSSL_SYS_WINDOWS && !OPENSSL_SYS_WIN32 */
+
+/*
+ * Given pointers to KerberosTime and struct tm structs, convert the
+ * KerberosTime string to struct tm.  Note that KerberosTime is a
+ * ASN1_GENERALIZEDTIME value, constrained to GMT with no fractional seconds
+ * as defined in RFC 1510.  Return pointer to the (partially) filled in
+ * struct tm on success, return NULL on failure.
+ */
+static struct tm *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm)
+{
+    char c, *p;
+
+    if (!k_tm)
+        return NULL;
+    if (gtime == NULL || gtime->length < 14)
+        return NULL;
+    if (gtime->data == NULL)
+        return NULL;
+
+    p = (char *)&gtime->data[14];
+
+    c = *p;
+    *p = '\0';
+    p -= 2;
+    k_tm->tm_sec = atoi(p);
+    *(p + 2) = c;
+    c = *p;
+    *p = '\0';
+    p -= 2;
+    k_tm->tm_min = atoi(p);
+    *(p + 2) = c;
+    c = *p;
+    *p = '\0';
+    p -= 2;
+    k_tm->tm_hour = atoi(p);
+    *(p + 2) = c;
+    c = *p;
+    *p = '\0';
+    p -= 2;
+    k_tm->tm_mday = atoi(p);
+    *(p + 2) = c;
+    c = *p;
+    *p = '\0';
+    p -= 2;
+    k_tm->tm_mon = atoi(p) - 1;
+    *(p + 2) = c;
+    c = *p;
+    *p = '\0';
+    p -= 4;
+    k_tm->tm_year = atoi(p) - 1900;
+    *(p + 4) = c;
+
+    return k_tm;
+}
+
+/*
+ * Helper function for kssl_validate_times().  We need context->clockskew,
+ * but krb5_context is an opaque struct.  So we try to sneek the clockskew
+ * out through the replay cache.  If that fails just return a likely default
+ * (300 seconds).
+ */
+static krb5_deltat get_rc_clockskew(krb5_context context)
+{
+    krb5_rcache rc;
+    krb5_deltat clockskew;
+
+    if (krb5_rc_default(context, &rc))
+        return KSSL_CLOCKSKEW;
+    if (krb5_rc_initialize(context, rc, 0))
+        return KSSL_CLOCKSKEW;
+    if (krb5_rc_get_lifespan(context, rc, &clockskew)) {
+        clockskew = KSSL_CLOCKSKEW;
+    }
+    (void)krb5_rc_destroy(context, rc);
+    return clockskew;
+}
+
+/*
+ * kssl_validate_times() combines (and more importantly exposes) the MIT KRB5
+ * internal function krb5_validate_times() and the in_clock_skew() macro.
+ * The authenticator client time is checked to be within clockskew secs of
+ * the current time and the current time is checked to be within the ticket
+ * start and expire times.  Either check may be omitted by supplying a NULL
+ * value.  Returns 0 for valid times, SSL_R_KRB5* error codes otherwise.  See
+ * Also: (Kerberos source)/krb5/lib/krb5/krb/valid_times.c 20010420 VRS
+ */
+krb5_error_code kssl_validate_times(krb5_timestamp atime,
+                                    krb5_ticket_times *ttimes)
+{
+    krb5_deltat skew;
+    krb5_timestamp start, now;
+    krb5_error_code rc;
+    krb5_context context;
+
+    if ((rc = krb5_init_context(&context)))
+        return SSL_R_KRB5_S_BAD_TICKET;
+    skew = get_rc_clockskew(context);
+    if ((rc = krb5_timeofday(context, &now)))
+        return SSL_R_KRB5_S_BAD_TICKET;
+    krb5_free_context(context);
+
+    if (atime && labs(atime - now) >= skew)
+        return SSL_R_KRB5_S_TKT_SKEW;
+
+    if (!ttimes)
+        return 0;
+
+    start = (ttimes->starttime != 0) ? ttimes->starttime : ttimes->authtime;
+    if (start - now > skew)
+        return SSL_R_KRB5_S_TKT_NYV;
+    if ((now - ttimes->endtime) > skew)
+        return SSL_R_KRB5_S_TKT_EXPIRED;
+
+# ifdef KSSL_DEBUG
+    fprintf(stderr, "kssl_validate_times: %d |<-  | %d - %d | < %d  ->| %d\n",
+            start, atime, now, skew, ttimes->endtime);
+# endif                         /* KSSL_DEBUG */
+
+    return 0;
+}
+
+/*
+ * Decode and decrypt given DER-encoded authenticator, then pass
+ * authenticator ctime back in *atimep (or 0 if time unavailable).  Returns
+ * krb5_error_code and kssl_err on error.  A NULL authenticator
+ * (authentp->length == 0) is not considered an error.  Note that
+ * kssl_check_authent() makes use of the KRB5 session key; you must call
+ * kssl_sget_tkt() to get the key before calling this routine.
+ */
+krb5_error_code kssl_check_authent(
+                                      /*
+                                       * IN
+                                       */ KSSL_CTX *kssl_ctx,
+                                      /*
+                                       * IN
+                                       */ krb5_data *authentp,
+                                      /*
+                                       * OUT
+                                       */ krb5_timestamp *atimep,
+                                      /*
+                                       * OUT
+                                       */ KSSL_ERR *kssl_err)
+{
+    krb5_error_code krb5rc = 0;
+    KRB5_ENCDATA *dec_authent = NULL;
+    KRB5_AUTHENTBODY *auth = NULL;
+    krb5_enctype enctype;
+    EVP_CIPHER_CTX ciph_ctx;
+    const EVP_CIPHER *enc = NULL;
+    unsigned char iv[EVP_MAX_IV_LENGTH];
+    const unsigned char *p;
+    unsigned char *unenc_authent;
+    int outl, unencbufsize;
+    struct tm tm_time, *tm_l, *tm_g;
+    time_t now, tl, tg, tr, tz_offset;
+
+    EVP_CIPHER_CTX_init(&ciph_ctx);
+    *atimep = 0;
+    kssl_err_set(kssl_err, 0, "");
+
+# ifndef KRB5CHECKAUTH
+    authentp = NULL;
+# else
+#  if     KRB5CHECKAUTH == 0
+    authentp = NULL;
+#  endif
+# endif                         /* KRB5CHECKAUTH */
+
+    if (authentp == NULL || authentp->length == 0)
+        return 0;
+
+# ifdef KSSL_DEBUG
+    {
+        unsigned int ui;
+        fprintf(stderr, "kssl_check_authent: authenticator[%d]:\n",
+                authentp->length);
+        p = authentp->data;
+        for (ui = 0; ui < authentp->length; ui++)
+            fprintf(stderr, "%02x ", p[ui]);
+        fprintf(stderr, "\n");
+    }
+# endif                         /* KSSL_DEBUG */
+
+    unencbufsize = 2 * authentp->length;
+    if ((unenc_authent = calloc(1, unencbufsize)) == NULL) {
+        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                     "Unable to allocate authenticator buffer.\n");
+        krb5rc = KRB5KRB_ERR_GENERIC;
+        goto err;
+    }
+
+    p = (unsigned char *)authentp->data;
+    if ((dec_authent = d2i_KRB5_ENCDATA(NULL, &p,
+                                        (long)authentp->length)) == NULL) {
+        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                     "Error decoding authenticator.\n");
+        krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+        goto err;
+    }
+
+    enctype = dec_authent->etype->data[0]; /* should = kssl_ctx->enctype */
+# if !defined(KRB5_MIT_OLD11)
+    switch (enctype) {
+    case ENCTYPE_DES3_CBC_SHA1: /* EVP_des_ede3_cbc(); */
+    case ENCTYPE_DES3_CBC_SHA:
+    case ENCTYPE_DES3_CBC_RAW:
+        krb5rc = 0;             /* Skip, can't handle derived keys */
+        goto err;
+    }
+# endif
+    enc = kssl_map_enc(enctype);
+    memset(iv, 0, sizeof iv);   /* per RFC 1510 */
+
+    if (enc == NULL) {
+        /*
+         * Disable kssl_check_authent for ENCTYPE_DES3_CBC_SHA1.  This
+         * enctype indicates the authenticator was encrypted using key-usage
+         * derived keys which openssl cannot decrypt.
+         */
+        goto err;
+    }
+
+    if (!EVP_CipherInit(&ciph_ctx, enc, kssl_ctx->key, iv, 0)) {
+        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                     "EVP_CipherInit error decrypting authenticator.\n");
+        krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+        goto err;
+    }
+    outl = dec_authent->cipher->length;
+    if (!EVP_Cipher
+        (&ciph_ctx, unenc_authent, dec_authent->cipher->data, outl)) {
+        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                     "EVP_Cipher error decrypting authenticator.\n");
+        krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+        goto err;
+    }
+    EVP_CIPHER_CTX_cleanup(&ciph_ctx);
+
+# ifdef KSSL_DEBUG
+    {
+        int padl;
+        fprintf(stderr, "kssl_check_authent: decrypted authenticator[%d] =\n",
+                outl);
+        for (padl = 0; padl < outl; padl++)
+            fprintf(stderr, "%02x ", unenc_authent[padl]);
+        fprintf(stderr, "\n");
+    }
+# endif                         /* KSSL_DEBUG */
+
+    if ((p = kssl_skip_confound(enctype, unenc_authent)) == NULL) {
+        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                     "confounded by authenticator.\n");
+        krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+        goto err;
+    }
+    outl -= p - unenc_authent;
+
+    if ((auth = (KRB5_AUTHENTBODY *)d2i_KRB5_AUTHENT(NULL, &p,
+                                                     (long)outl)) == NULL) {
+        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                     "Error decoding authenticator body.\n");
+        krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+        goto err;
+    }
+
+    memset(&tm_time, 0, sizeof(struct tm));
+    if (k_gmtime(auth->ctime, &tm_time) &&
+        ((tr = mktime(&tm_time)) != (time_t)(-1))) {
+        now = time(&now);
+        tm_l = localtime(&now);
+        tl = mktime(tm_l);
+        tm_g = gmtime(&now);
+        tg = mktime(tm_g);
+        tz_offset = tg - tl;
+
+        *atimep = (krb5_timestamp)(tr - tz_offset);
+    }
+# ifdef KSSL_DEBUG
+    fprintf(stderr, "kssl_check_authent: returns %d for client time ",
+            *atimep);
+    if (auth && auth->ctime && auth->ctime->length && auth->ctime->data)
+        fprintf(stderr, "%.*s\n", auth->ctime->length, auth->ctime->data);
+    else
+        fprintf(stderr, "NULL\n");
+# endif                         /* KSSL_DEBUG */
+
+ err:
+    if (auth)
+        KRB5_AUTHENT_free((KRB5_AUTHENT *) auth);
+    if (dec_authent)
+        KRB5_ENCDATA_free(dec_authent);
+    if (unenc_authent)
+        free(unenc_authent);
+    EVP_CIPHER_CTX_cleanup(&ciph_ctx);
+    return krb5rc;
+}
+
+/*
+ * Replaces krb5_build_principal_ext(), with varargs length == 2 (svc, host),
+ * because I don't know how to stub varargs.  Returns krb5_error_code ==
+ * ENOMEM on alloc error, otherwise passes back newly constructed principal,
+ * which should be freed by caller.
+ */
+krb5_error_code kssl_build_principal_2(
+                                          /*
+                                           * UPDATE
+                                           */ krb5_context context,
+                                          /*
+                                           * OUT
+                                           */ krb5_principal *princ,
+                                          /*
+                                           * IN
+                                           */ int rlen, const char *realm,
+                                          /*
+                                           * IN
+                                           */ int slen, const char *svc,
+                                          /*
+                                           * IN
+                                           */ int hlen, const char *host)
+{
+    krb5_data *p_data = NULL;
+    krb5_principal new_p = NULL;
+    char *new_r = NULL;
+
+    if ((p_data = (krb5_data *)calloc(2, sizeof(krb5_data))) == NULL ||
+        (new_p = (krb5_principal)calloc(1, sizeof(krb5_principal_data)))
+        == NULL)
+        goto err;
+    new_p->length = 2;
+    new_p->data = p_data;
+
+    if ((new_r = calloc(1, rlen + 1)) == NULL)
+        goto err;
+    memcpy(new_r, realm, rlen);
+    krb5_princ_set_realm_length(context, new_p, rlen);
+    krb5_princ_set_realm_data(context, new_p, new_r);
+
+    if ((new_p->data[0].data = calloc(1, slen + 1)) == NULL)
+        goto err;
+    memcpy(new_p->data[0].data, svc, slen);
+    new_p->data[0].length = slen;
+
+    if ((new_p->data[1].data = calloc(1, hlen + 1)) == NULL)
+        goto err;
+    memcpy(new_p->data[1].data, host, hlen);
+    new_p->data[1].length = hlen;
+
+    krb5_princ_type(context, new_p) = KRB5_NT_UNKNOWN;
+    *princ = new_p;
+    return 0;
+
+ err:
+    if (new_p && new_p[0].data)
+        free(new_p[0].data);
+    if (new_p && new_p[1].data)
+        free(new_p[1].data);
+    if (new_p)
+        free(new_p);
+    if (new_r)
+        free(new_r);
+    return ENOMEM;
+}
+
+void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx)
+{
+    s->kssl_ctx = kctx;
+}
+
+KSSL_CTX *SSL_get0_kssl_ctx(SSL *s)
+{
+    return s->kssl_ctx;
+}
+
+char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx)
+{
+    if (kctx)
+        return kctx->client_princ;
+    return NULL;
+}
+
+#else                           /* !OPENSSL_NO_KRB5 */
+
+# if defined(PEDANTIC) || defined(OPENSSL_SYS_VMS)
+static void *dummy = &dummy;
+# endif
+
+#endif                          /* !OPENSSL_NO_KRB5 */

Deleted: vendor-crypto/openssl/1.0.1u/ssl/kssl.h
===================================================================
--- vendor-crypto/openssl/dist/ssl/kssl.h	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/ssl/kssl.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,197 +0,0 @@
-/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */
-/*
- * Written by Vern Staats <staatsvr at asc.hpc.mil> for the OpenSSL project
- * 2000. project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/*
- **      19990701        VRS     Started.
- */
-
-#ifndef KSSL_H
-# define KSSL_H
-
-# include <openssl/opensslconf.h>
-
-# ifndef OPENSSL_NO_KRB5
-
-#  include <stdio.h>
-#  include <ctype.h>
-#  include <krb5.h>
-#  ifdef OPENSSL_SYS_WIN32
-/*
- * These can sometimes get redefined indirectly by krb5 header files after
- * they get undefed in ossl_typ.h
- */
-#   undef X509_NAME
-#   undef X509_EXTENSIONS
-#   undef OCSP_REQUEST
-#   undef OCSP_RESPONSE
-#  endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/*
- *      Depending on which KRB5 implementation used, some types from
- *      the other may be missing.  Resolve that here and now
- */
-#  ifdef KRB5_HEIMDAL
-typedef unsigned char krb5_octet;
-#   define FAR
-#  else
-
-#   ifndef FAR
-#    define FAR
-#   endif
-
-#  endif
-
-/*-
- *      Uncomment this to debug kssl problems or
- *      to trace usage of the Kerberos session key
- *
- *      #define         KSSL_DEBUG
- */
-
-#  ifndef KRB5SVC
-#   define KRB5SVC "host"
-#  endif
-
-#  ifndef KRB5KEYTAB
-#   define KRB5KEYTAB      "/etc/krb5.keytab"
-#  endif
-
-#  ifndef KRB5SENDAUTH
-#   define KRB5SENDAUTH    1
-#  endif
-
-#  ifndef KRB5CHECKAUTH
-#   define KRB5CHECKAUTH   1
-#  endif
-
-#  ifndef KSSL_CLOCKSKEW
-#   define KSSL_CLOCKSKEW  300;
-#  endif
-
-#  define KSSL_ERR_MAX    255
-typedef struct kssl_err_st {
-    int reason;
-    char text[KSSL_ERR_MAX + 1];
-} KSSL_ERR;
-
-/*-     Context for passing
- *              (1) Kerberos session key to SSL, and
- *              (2)     Config data between application and SSL lib
- */
-typedef struct kssl_ctx_st {
-    /*      used by:    disposition:            */
-    char *service_name;         /* C,S default ok (kssl) */
-    char *service_host;         /* C input, REQUIRED */
-    char *client_princ;         /* S output from krb5 ticket */
-    char *keytab_file;          /* S NULL (/etc/krb5.keytab) */
-    char *cred_cache;           /* C NULL (default) */
-    krb5_enctype enctype;
-    int length;
-    krb5_octet FAR *key;
-} KSSL_CTX;
-
-#  define KSSL_CLIENT     1
-#  define KSSL_SERVER     2
-#  define KSSL_SERVICE    3
-#  define KSSL_KEYTAB     4
-
-#  define KSSL_CTX_OK     0
-#  define KSSL_CTX_ERR    1
-#  define KSSL_NOMEM      2
-
-/* Public (for use by applications that use OpenSSL with Kerberos 5 support */
-krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text);
-KSSL_CTX *kssl_ctx_new(void);
-KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx);
-void kssl_ctx_show(KSSL_CTX *kssl_ctx);
-krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
-                                  krb5_data *realm, krb5_data *entity,
-                                  int nentities);
-krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp,
-                              krb5_data *authenp, KSSL_ERR *kssl_err);
-krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata,
-                              krb5_ticket_times *ttimes, KSSL_ERR *kssl_err);
-krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session);
-void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text);
-void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data);
-krb5_error_code kssl_build_principal_2(krb5_context context,
-                                       krb5_principal *princ, int rlen,
-                                       const char *realm, int slen,
-                                       const char *svc, int hlen,
-                                       const char *host);
-krb5_error_code kssl_validate_times(krb5_timestamp atime,
-                                    krb5_ticket_times *ttimes);
-krb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp,
-                                   krb5_timestamp *atimep,
-                                   KSSL_ERR *kssl_err);
-unsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn);
-
-void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx);
-KSSL_CTX *SSL_get0_kssl_ctx(SSL *s);
-char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx);
-
-#ifdef  __cplusplus
-}
-#endif
-# endif                         /* OPENSSL_NO_KRB5 */
-#endif                          /* KSSL_H */

Copied: vendor-crypto/openssl/1.0.1u/ssl/kssl.h (from rev 11605, vendor-crypto/openssl/dist/ssl/kssl.h)
===================================================================
--- vendor-crypto/openssl/1.0.1u/ssl/kssl.h	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/ssl/kssl.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,197 @@
+/* ssl/kssl.h */
+/*
+ * Written by Vern Staats <staatsvr at asc.hpc.mil> for the OpenSSL project
+ * 2000. project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ **      19990701        VRS     Started.
+ */
+
+#ifndef KSSL_H
+# define KSSL_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_KRB5
+
+#  include <stdio.h>
+#  include <ctype.h>
+#  include <krb5.h>
+#  ifdef OPENSSL_SYS_WIN32
+/*
+ * These can sometimes get redefined indirectly by krb5 header files after
+ * they get undefed in ossl_typ.h
+ */
+#   undef X509_NAME
+#   undef X509_EXTENSIONS
+#   undef OCSP_REQUEST
+#   undef OCSP_RESPONSE
+#  endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*
+ *      Depending on which KRB5 implementation used, some types from
+ *      the other may be missing.  Resolve that here and now
+ */
+#  ifdef KRB5_HEIMDAL
+typedef unsigned char krb5_octet;
+#   define FAR
+#  else
+
+#   ifndef FAR
+#    define FAR
+#   endif
+
+#  endif
+
+/*-
+ *      Uncomment this to debug kssl problems or
+ *      to trace usage of the Kerberos session key
+ *
+ *      #define         KSSL_DEBUG
+ */
+
+#  ifndef KRB5SVC
+#   define KRB5SVC "host"
+#  endif
+
+#  ifndef KRB5KEYTAB
+#   define KRB5KEYTAB      "/etc/krb5.keytab"
+#  endif
+
+#  ifndef KRB5SENDAUTH
+#   define KRB5SENDAUTH    1
+#  endif
+
+#  ifndef KRB5CHECKAUTH
+#   define KRB5CHECKAUTH   1
+#  endif
+
+#  ifndef KSSL_CLOCKSKEW
+#   define KSSL_CLOCKSKEW  300;
+#  endif
+
+#  define KSSL_ERR_MAX    255
+typedef struct kssl_err_st {
+    int reason;
+    char text[KSSL_ERR_MAX + 1];
+} KSSL_ERR;
+
+/*-     Context for passing
+ *              (1) Kerberos session key to SSL, and
+ *              (2)     Config data between application and SSL lib
+ */
+typedef struct kssl_ctx_st {
+    /*      used by:    disposition:            */
+    char *service_name;         /* C,S default ok (kssl) */
+    char *service_host;         /* C input, REQUIRED */
+    char *client_princ;         /* S output from krb5 ticket */
+    char *keytab_file;          /* S NULL (/etc/krb5.keytab) */
+    char *cred_cache;           /* C NULL (default) */
+    krb5_enctype enctype;
+    int length;
+    krb5_octet FAR *key;
+} KSSL_CTX;
+
+#  define KSSL_CLIENT     1
+#  define KSSL_SERVER     2
+#  define KSSL_SERVICE    3
+#  define KSSL_KEYTAB     4
+
+#  define KSSL_CTX_OK     0
+#  define KSSL_CTX_ERR    1
+#  define KSSL_NOMEM      2
+
+/* Public (for use by applications that use OpenSSL with Kerberos 5 support */
+krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text);
+KSSL_CTX *kssl_ctx_new(void);
+KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx);
+void kssl_ctx_show(KSSL_CTX *kssl_ctx);
+krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
+                                  krb5_data *realm, krb5_data *entity,
+                                  int nentities);
+krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp,
+                              krb5_data *authenp, KSSL_ERR *kssl_err);
+krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata,
+                              krb5_ticket_times *ttimes, KSSL_ERR *kssl_err);
+krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session);
+void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text);
+void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data);
+krb5_error_code kssl_build_principal_2(krb5_context context,
+                                       krb5_principal *princ, int rlen,
+                                       const char *realm, int slen,
+                                       const char *svc, int hlen,
+                                       const char *host);
+krb5_error_code kssl_validate_times(krb5_timestamp atime,
+                                    krb5_ticket_times *ttimes);
+krb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp,
+                                   krb5_timestamp *atimep,
+                                   KSSL_ERR *kssl_err);
+unsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn);
+
+void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx);
+KSSL_CTX *SSL_get0_kssl_ctx(SSL *s);
+char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx);
+
+#ifdef  __cplusplus
+}
+#endif
+# endif                         /* OPENSSL_NO_KRB5 */
+#endif                          /* KSSL_H */

Deleted: vendor-crypto/openssl/1.0.1u/ssl/kssl_lcl.h
===================================================================
--- vendor-crypto/openssl/dist/ssl/kssl_lcl.h	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/ssl/kssl_lcl.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,88 +0,0 @@
-/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */
-/*
- * Written by Vern Staats <staatsvr at asc.hpc.mil> for the OpenSSL project
- * 2000. project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef KSSL_LCL_H
-# define KSSL_LCL_H
-
-# include <openssl/kssl.h>
-
-# ifndef OPENSSL_NO_KRB5
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Private (internal to OpenSSL) */
-void print_krb5_data(char *label, krb5_data *kdata);
-void print_krb5_authdata(char *label, krb5_authdata **adata);
-void print_krb5_keyblock(char *label, krb5_keyblock *keyblk);
-
-char *kstring(char *string);
-char *knumber(int len, krb5_octet *contents);
-
-const EVP_CIPHER *kssl_map_enc(krb5_enctype enctype);
-
-int kssl_keytab_is_available(KSSL_CTX *kssl_ctx);
-int kssl_tgt_is_available(KSSL_CTX *kssl_ctx);
-
-#ifdef  __cplusplus
-}
-#endif
-# endif                         /* OPENSSL_NO_KRB5 */
-#endif                          /* KSSL_LCL_H */

Copied: vendor-crypto/openssl/1.0.1u/ssl/kssl_lcl.h (from rev 11605, vendor-crypto/openssl/dist/ssl/kssl_lcl.h)
===================================================================
--- vendor-crypto/openssl/1.0.1u/ssl/kssl_lcl.h	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/ssl/kssl_lcl.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,88 @@
+/* ssl/kssl.h */
+/*
+ * Written by Vern Staats <staatsvr at asc.hpc.mil> for the OpenSSL project
+ * 2000. project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef KSSL_LCL_H
+# define KSSL_LCL_H
+
+# include <openssl/kssl.h>
+
+# ifndef OPENSSL_NO_KRB5
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Private (internal to OpenSSL) */
+void print_krb5_data(char *label, krb5_data *kdata);
+void print_krb5_authdata(char *label, krb5_authdata **adata);
+void print_krb5_keyblock(char *label, krb5_keyblock *keyblk);
+
+char *kstring(char *string);
+char *knumber(int len, krb5_octet *contents);
+
+const EVP_CIPHER *kssl_map_enc(krb5_enctype enctype);
+
+int kssl_keytab_is_available(KSSL_CTX *kssl_ctx);
+int kssl_tgt_is_available(KSSL_CTX *kssl_ctx);
+
+#ifdef  __cplusplus
+}
+#endif
+# endif                         /* OPENSSL_NO_KRB5 */
+#endif                          /* KSSL_LCL_H */

Deleted: vendor-crypto/openssl/1.0.1u/ssl/s23_clnt.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/s23_clnt.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/ssl/s23_clnt.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,790 +0,0 @@
-/* ssl/s23_clnt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-
-static const SSL_METHOD *ssl23_get_client_method(int ver);
-static int ssl23_client_hello(SSL *s);
-static int ssl23_get_server_hello(SSL *s);
-static const SSL_METHOD *ssl23_get_client_method(int ver)
-{
-#ifndef OPENSSL_NO_SSL2
-    if (ver == SSL2_VERSION)
-        return (SSLv2_client_method());
-#endif
-#ifndef OPENSSL_NO_SSL3
-    if (ver == SSL3_VERSION)
-        return (SSLv3_client_method());
-#endif
-    if (ver == TLS1_VERSION)
-        return (TLSv1_client_method());
-    else if (ver == TLS1_1_VERSION)
-        return (TLSv1_1_client_method());
-    else if (ver == TLS1_2_VERSION)
-        return (TLSv1_2_client_method());
-    else
-        return (NULL);
-}
-
-IMPLEMENT_ssl23_meth_func(SSLv23_client_method,
-                          ssl_undefined_function,
-                          ssl23_connect, ssl23_get_client_method)
-
-int ssl23_connect(SSL *s)
-{
-    BUF_MEM *buf = NULL;
-    unsigned long Time = (unsigned long)time(NULL);
-    void (*cb) (const SSL *ssl, int type, int val) = NULL;
-    int ret = -1;
-    int new_state, state;
-
-    RAND_add(&Time, sizeof(Time), 0);
-    ERR_clear_error();
-    clear_sys_error();
-
-    if (s->info_callback != NULL)
-        cb = s->info_callback;
-    else if (s->ctx->info_callback != NULL)
-        cb = s->ctx->info_callback;
-
-    s->in_handshake++;
-    if (!SSL_in_init(s) || SSL_in_before(s))
-        SSL_clear(s);
-
-    for (;;) {
-        state = s->state;
-
-        switch (s->state) {
-        case SSL_ST_BEFORE:
-        case SSL_ST_CONNECT:
-        case SSL_ST_BEFORE | SSL_ST_CONNECT:
-        case SSL_ST_OK | SSL_ST_CONNECT:
-
-            if (s->session != NULL) {
-                SSLerr(SSL_F_SSL23_CONNECT,
-                       SSL_R_SSL23_DOING_SESSION_ID_REUSE);
-                ret = -1;
-                goto end;
-            }
-            s->server = 0;
-            if (cb != NULL)
-                cb(s, SSL_CB_HANDSHAKE_START, 1);
-
-            /* s->version=TLS1_VERSION; */
-            s->type = SSL_ST_CONNECT;
-
-            if (s->init_buf == NULL) {
-                if ((buf = BUF_MEM_new()) == NULL) {
-                    ret = -1;
-                    goto end;
-                }
-                if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
-                    ret = -1;
-                    goto end;
-                }
-                s->init_buf = buf;
-                buf = NULL;
-            }
-
-            if (!ssl3_setup_buffers(s)) {
-                ret = -1;
-                goto end;
-            }
-
-            ssl3_init_finished_mac(s);
-
-            s->state = SSL23_ST_CW_CLNT_HELLO_A;
-            s->ctx->stats.sess_connect++;
-            s->init_num = 0;
-            break;
-
-        case SSL23_ST_CW_CLNT_HELLO_A:
-        case SSL23_ST_CW_CLNT_HELLO_B:
-
-            s->shutdown = 0;
-            ret = ssl23_client_hello(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL23_ST_CR_SRVR_HELLO_A;
-            s->init_num = 0;
-
-            break;
-
-        case SSL23_ST_CR_SRVR_HELLO_A:
-        case SSL23_ST_CR_SRVR_HELLO_B:
-            ret = ssl23_get_server_hello(s);
-            if (ret >= 0)
-                cb = NULL;
-            goto end;
-            /* break; */
-
-        default:
-            SSLerr(SSL_F_SSL23_CONNECT, SSL_R_UNKNOWN_STATE);
-            ret = -1;
-            goto end;
-            /* break; */
-        }
-
-        if (s->debug) {
-            (void)BIO_flush(s->wbio);
-        }
-
-        if ((cb != NULL) && (s->state != state)) {
-            new_state = s->state;
-            s->state = state;
-            cb(s, SSL_CB_CONNECT_LOOP, 1);
-            s->state = new_state;
-        }
-    }
- end:
-    s->in_handshake--;
-    if (buf != NULL)
-        BUF_MEM_free(buf);
-    if (cb != NULL)
-        cb(s, SSL_CB_CONNECT_EXIT, ret);
-    return (ret);
-}
-
-static int ssl23_no_ssl2_ciphers(SSL *s)
-{
-    SSL_CIPHER *cipher;
-    STACK_OF(SSL_CIPHER) *ciphers;
-    int i;
-    ciphers = SSL_get_ciphers(s);
-    for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
-        cipher = sk_SSL_CIPHER_value(ciphers, i);
-        if (cipher->algorithm_ssl == SSL_SSLV2)
-            return 0;
-    }
-    return 1;
-}
-
-/*
- * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
- * failure, 1 on success.
- */
-int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
-{
-    int send_time = 0;
-
-    if (len < 4)
-        return 0;
-    if (server)
-        send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
-    else
-        send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
-    if (send_time) {
-        unsigned long Time = (unsigned long)time(NULL);
-        unsigned char *p = result;
-        l2n(Time, p);
-        return RAND_pseudo_bytes(p, len - 4);
-    } else
-        return RAND_pseudo_bytes(result, len);
-}
-
-static int ssl23_client_hello(SSL *s)
-{
-    unsigned char *buf;
-    unsigned char *p, *d;
-    int i, ch_len;
-    unsigned long l;
-    int ssl2_compat;
-    int version = 0, version_major, version_minor;
-#ifndef OPENSSL_NO_COMP
-    int j;
-    SSL_COMP *comp;
-#endif
-    int ret;
-    unsigned long mask, options = s->options;
-
-    ssl2_compat = (options & SSL_OP_NO_SSLv2) ? 0 : 1;
-
-    if (ssl2_compat && ssl23_no_ssl2_ciphers(s))
-        ssl2_compat = 0;
-
-    /*
-     * SSL_OP_NO_X disables all protocols above X *if* there are
-     * some protocols below X enabled. This is required in order
-     * to maintain "version capability" vector contiguous. So
-     * that if application wants to disable TLS1.0 in favour of
-     * TLS1>=1, it would be insufficient to pass SSL_NO_TLSv1, the
-     * answer is SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2.
-     */
-    mask = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1
-#if !defined(OPENSSL_NO_SSL3)
-        | SSL_OP_NO_SSLv3
-#endif
-#if !defined(OPENSSL_NO_SSL2)
-        | (ssl2_compat ? SSL_OP_NO_SSLv2 : 0)
-#endif
-        ;
-#if !defined(OPENSSL_NO_TLS1_2_CLIENT)
-    version = TLS1_2_VERSION;
-
-    if ((options & SSL_OP_NO_TLSv1_2) && (options & mask) != mask)
-        version = TLS1_1_VERSION;
-#else
-    version = TLS1_1_VERSION;
-#endif
-    mask &= ~SSL_OP_NO_TLSv1_1;
-    if ((options & SSL_OP_NO_TLSv1_1) && (options & mask) != mask)
-        version = TLS1_VERSION;
-    mask &= ~SSL_OP_NO_TLSv1;
-#if !defined(OPENSSL_NO_SSL3)
-    if ((options & SSL_OP_NO_TLSv1) && (options & mask) != mask)
-        version = SSL3_VERSION;
-    mask &= ~SSL_OP_NO_SSLv3;
-#endif
-#if !defined(OPENSSL_NO_SSL2)
-    if ((options & SSL_OP_NO_SSLv3) && (options & mask) != mask)
-        version = SSL2_VERSION;
-#endif
-
-#ifndef OPENSSL_NO_TLSEXT
-    if (version != SSL2_VERSION) {
-        /*
-         * have to disable SSL 2.0 compatibility if we need TLS extensions
-         */
-
-        if (s->tlsext_hostname != NULL)
-            ssl2_compat = 0;
-        if (s->tlsext_status_type != -1)
-            ssl2_compat = 0;
-# ifdef TLSEXT_TYPE_opaque_prf_input
-        if (s->ctx->tlsext_opaque_prf_input_callback != 0
-            || s->tlsext_opaque_prf_input != NULL)
-            ssl2_compat = 0;
-# endif
-    }
-#endif
-
-    buf = (unsigned char *)s->init_buf->data;
-    if (s->state == SSL23_ST_CW_CLNT_HELLO_A) {
-        /*
-         * Since we're sending s23 client hello, we're not reusing a session, as
-         * we'd be using the method from the saved session instead
-         */
-        if (!ssl_get_new_session(s, 0)) {
-            return -1;
-        }
-
-        p = s->s3->client_random;
-        if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
-            return -1;
-
-        if (version == TLS1_2_VERSION) {
-            version_major = TLS1_2_VERSION_MAJOR;
-            version_minor = TLS1_2_VERSION_MINOR;
-        } else if (version == TLS1_1_VERSION) {
-            version_major = TLS1_1_VERSION_MAJOR;
-            version_minor = TLS1_1_VERSION_MINOR;
-        } else if (version == TLS1_VERSION) {
-            version_major = TLS1_VERSION_MAJOR;
-            version_minor = TLS1_VERSION_MINOR;
-        }
-#ifdef OPENSSL_FIPS
-        else if (FIPS_mode()) {
-            SSLerr(SSL_F_SSL23_CLIENT_HELLO,
-                   SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
-            return -1;
-        }
-#endif
-        else if (version == SSL3_VERSION) {
-            version_major = SSL3_VERSION_MAJOR;
-            version_minor = SSL3_VERSION_MINOR;
-        } else if (version == SSL2_VERSION) {
-            version_major = SSL2_VERSION_MAJOR;
-            version_minor = SSL2_VERSION_MINOR;
-        } else {
-            SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_PROTOCOLS_AVAILABLE);
-            return (-1);
-        }
-
-        s->client_version = version;
-
-        if (ssl2_compat) {
-            /* create SSL 2.0 compatible Client Hello */
-
-            /* two byte record header will be written last */
-            d = &(buf[2]);
-            p = d + 9;          /* leave space for message type, version,
-                                 * individual length fields */
-
-            *(d++) = SSL2_MT_CLIENT_HELLO;
-            *(d++) = version_major;
-            *(d++) = version_minor;
-
-            /* Ciphers supported */
-            i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), p, 0);
-            if (i == 0) {
-                /* no ciphers */
-                SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
-                return -1;
-            }
-            s2n(i, d);
-            p += i;
-
-            /*
-             * put in the session-id length (zero since there is no reuse)
-             */
-            s2n(0, d);
-
-            if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
-                ch_len = SSL2_CHALLENGE_LENGTH;
-            else
-                ch_len = SSL2_MAX_CHALLENGE_LENGTH;
-
-            /* write out sslv2 challenge */
-            /*
-             * Note that ch_len must be <= SSL3_RANDOM_SIZE (32), because it
-             * is one of SSL2_MAX_CHALLENGE_LENGTH (32) or
-             * SSL2_MAX_CHALLENGE_LENGTH (16), but leave the check in for
-             * futurproofing
-             */
-            if (SSL3_RANDOM_SIZE < ch_len)
-                i = SSL3_RANDOM_SIZE;
-            else
-                i = ch_len;
-            s2n(i, d);
-            memset(&(s->s3->client_random[0]), 0, SSL3_RANDOM_SIZE);
-            if (RAND_pseudo_bytes
-                (&(s->s3->client_random[SSL3_RANDOM_SIZE - i]), i) <= 0)
-                return -1;
-
-            memcpy(p, &(s->s3->client_random[SSL3_RANDOM_SIZE - i]), i);
-            p += i;
-
-            i = p - &(buf[2]);
-            buf[0] = ((i >> 8) & 0xff) | 0x80;
-            buf[1] = (i & 0xff);
-
-            /* number of bytes to write */
-            s->init_num = i + 2;
-            s->init_off = 0;
-
-            ssl3_finish_mac(s, &(buf[2]), i);
-        } else {
-            /* create Client Hello in SSL 3.0/TLS 1.0 format */
-
-            /*
-             * do the record header (5 bytes) and handshake message header (4
-             * bytes) last
-             */
-            d = p = &(buf[9]);
-
-            *(p++) = version_major;
-            *(p++) = version_minor;
-
-            /* Random stuff */
-            memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
-            p += SSL3_RANDOM_SIZE;
-
-            /* Session ID (zero since there is no reuse) */
-            *(p++) = 0;
-
-            /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
-            i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]),
-                                         ssl3_put_cipher_by_char);
-            if (i == 0) {
-                SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
-                return -1;
-            }
-#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH
-            /*
-             * Some servers hang if client hello > 256 bytes as hack
-             * workaround chop number of supported ciphers to keep it well
-             * below this if we use TLS v1.2
-             */
-            if (TLS1_get_version(s) >= TLS1_2_VERSION
-                && i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
-                i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
-#endif
-            s2n(i, p);
-            p += i;
-
-            /* COMPRESSION */
-#ifdef OPENSSL_NO_COMP
-            *(p++) = 1;
-#else
-            if ((s->options & SSL_OP_NO_COMPRESSION)
-                || !s->ctx->comp_methods)
-                j = 0;
-            else
-                j = sk_SSL_COMP_num(s->ctx->comp_methods);
-            *(p++) = 1 + j;
-            for (i = 0; i < j; i++) {
-                comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
-                *(p++) = comp->id;
-            }
-#endif
-            *(p++) = 0;         /* Add the NULL method */
-
-#ifndef OPENSSL_NO_TLSEXT
-            /* TLS extensions */
-            if (ssl_prepare_clienthello_tlsext(s) <= 0) {
-                SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
-                return -1;
-            }
-            if ((p =
-                 ssl_add_clienthello_tlsext(s, p,
-                                            buf +
-                                            SSL3_RT_MAX_PLAIN_LENGTH)) ==
-                NULL) {
-                SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
-                return -1;
-            }
-#endif
-
-            l = p - d;
-
-            /* fill in 4-byte handshake header */
-            d = &(buf[5]);
-            *(d++) = SSL3_MT_CLIENT_HELLO;
-            l2n3(l, d);
-
-            l += 4;
-
-            if (l > SSL3_RT_MAX_PLAIN_LENGTH) {
-                SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
-                return -1;
-            }
-
-            /* fill in 5-byte record header */
-            d = buf;
-            *(d++) = SSL3_RT_HANDSHAKE;
-            *(d++) = version_major;
-            /*
-             * Some servers hang if we use long client hellos and a record
-             * number > TLS 1.0.
-             */
-            if (TLS1_get_client_version(s) > TLS1_VERSION)
-                *(d++) = 1;
-            else
-                *(d++) = version_minor;
-            s2n((int)l, d);
-
-            /* number of bytes to write */
-            s->init_num = p - buf;
-            s->init_off = 0;
-
-            ssl3_finish_mac(s, &(buf[5]), s->init_num - 5);
-        }
-
-        s->state = SSL23_ST_CW_CLNT_HELLO_B;
-        s->init_off = 0;
-    }
-
-    /* SSL3_ST_CW_CLNT_HELLO_B */
-    ret = ssl23_write_bytes(s);
-
-    if ((ret >= 2) && s->msg_callback) {
-        /* Client Hello has been sent; tell msg_callback */
-
-        if (ssl2_compat)
-            s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data + 2,
-                            ret - 2, s, s->msg_callback_arg);
-        else
-            s->msg_callback(1, version, SSL3_RT_HANDSHAKE,
-                            s->init_buf->data + 5, ret - 5, s,
-                            s->msg_callback_arg);
-    }
-
-    return ret;
-}
-
-static int ssl23_get_server_hello(SSL *s)
-{
-    char buf[8];
-    unsigned char *p;
-    int i;
-    int n;
-
-    n = ssl23_read_bytes(s, 7);
-
-    if (n != 7)
-        return (n);
-    p = s->packet;
-
-    memcpy(buf, p, n);
-
-    if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&
-        (p[5] == 0x00) && (p[6] == 0x02)) {
-#ifdef OPENSSL_NO_SSL2
-        SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
-        goto err;
-#else
-        /* we are talking sslv2 */
-        /*
-         * we need to clean up the SSLv3 setup and put in the sslv2 stuff.
-         */
-        int ch_len;
-
-        if (s->options & SSL_OP_NO_SSLv2) {
-            SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
-            goto err;
-        }
-        if (s->s2 == NULL) {
-            if (!ssl2_new(s))
-                goto err;
-        } else
-            ssl2_clear(s);
-
-        if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
-            ch_len = SSL2_CHALLENGE_LENGTH;
-        else
-            ch_len = SSL2_MAX_CHALLENGE_LENGTH;
-
-        /* write out sslv2 challenge */
-        /*
-         * Note that ch_len must be <= SSL3_RANDOM_SIZE (32), because it is
-         * one of SSL2_MAX_CHALLENGE_LENGTH (32) or SSL2_MAX_CHALLENGE_LENGTH
-         * (16), but leave the check in for futurproofing
-         */
-        i = (SSL3_RANDOM_SIZE < ch_len)
-            ? SSL3_RANDOM_SIZE : ch_len;
-        s->s2->challenge_length = i;
-        memcpy(s->s2->challenge,
-               &(s->s3->client_random[SSL3_RANDOM_SIZE - i]), i);
-
-        if (s->s3 != NULL)
-            ssl3_free(s);
-
-        if (!BUF_MEM_grow_clean(s->init_buf,
-                                SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) {
-            SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, ERR_R_BUF_LIB);
-            goto err;
-        }
-
-        s->state = SSL2_ST_GET_SERVER_HELLO_A;
-        if (!(s->client_version == SSL2_VERSION))
-            /*
-             * use special padding (SSL 3.0 draft/RFC 2246, App. E.2)
-             */
-            s->s2->ssl2_rollback = 1;
-
-        /*
-         * setup the 7 bytes we have read so we get them from the sslv2
-         * buffer
-         */
-        s->rstate = SSL_ST_READ_HEADER;
-        s->packet_length = n;
-        s->packet = &(s->s2->rbuf[0]);
-        memcpy(s->packet, buf, n);
-        s->s2->rbuf_left = n;
-        s->s2->rbuf_offs = 0;
-
-        /* we have already written one */
-        s->s2->write_sequence = 1;
-
-        s->method = SSLv2_client_method();
-        s->handshake_func = s->method->ssl_connect;
-#endif
-    } else if (p[1] == SSL3_VERSION_MAJOR &&
-               p[2] <= TLS1_2_VERSION_MINOR &&
-               ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) ||
-                (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2))) {
-        /* we have sslv3 or tls1 (server hello or alert) */
-
-#ifndef OPENSSL_NO_SSL3
-        if ((p[2] == SSL3_VERSION_MINOR) && !(s->options & SSL_OP_NO_SSLv3)) {
-# ifdef OPENSSL_FIPS
-            if (FIPS_mode()) {
-                SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
-                       SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
-                goto err;
-            }
-# endif
-            s->version = SSL3_VERSION;
-            s->method = SSLv3_client_method();
-        } else
-#endif
-        if ((p[2] == TLS1_VERSION_MINOR) && !(s->options & SSL_OP_NO_TLSv1)) {
-            s->version = TLS1_VERSION;
-            s->method = TLSv1_client_method();
-        } else if ((p[2] == TLS1_1_VERSION_MINOR) &&
-                   !(s->options & SSL_OP_NO_TLSv1_1)) {
-            s->version = TLS1_1_VERSION;
-            s->method = TLSv1_1_client_method();
-        } else if ((p[2] == TLS1_2_VERSION_MINOR) &&
-                   !(s->options & SSL_OP_NO_TLSv1_2)) {
-            s->version = TLS1_2_VERSION;
-            s->method = TLSv1_2_client_method();
-        } else {
-            SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
-            goto err;
-        }
-
-        s->session->ssl_version = s->version;
-
-        /* ensure that TLS_MAX_VERSION is up-to-date */
-        OPENSSL_assert(s->version <= TLS_MAX_VERSION);
-
-        if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING) {
-            /* fatal alert */
-
-            void (*cb) (const SSL *ssl, int type, int val) = NULL;
-            int j;
-
-            if (s->info_callback != NULL)
-                cb = s->info_callback;
-            else if (s->ctx->info_callback != NULL)
-                cb = s->ctx->info_callback;
-
-            i = p[5];
-            if (cb != NULL) {
-                j = (i << 8) | p[6];
-                cb(s, SSL_CB_READ_ALERT, j);
-            }
-
-            if (s->msg_callback)
-                s->msg_callback(0, s->version, SSL3_RT_ALERT, p + 5, 2, s,
-                                s->msg_callback_arg);
-
-            s->rwstate = SSL_NOTHING;
-            SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_AD_REASON_OFFSET + p[6]);
-            goto err;
-        }
-
-        if (!ssl_init_wbio_buffer(s, 1))
-            goto err;
-
-        /* we are in this state */
-        s->state = SSL3_ST_CR_SRVR_HELLO_A;
-
-        /*
-         * put the 7 bytes we have read into the input buffer for SSLv3
-         */
-        s->rstate = SSL_ST_READ_HEADER;
-        s->packet_length = n;
-        if (s->s3->rbuf.buf == NULL)
-            if (!ssl3_setup_read_buffer(s))
-                goto err;
-        s->packet = &(s->s3->rbuf.buf[0]);
-        memcpy(s->packet, buf, n);
-        s->s3->rbuf.left = n;
-        s->s3->rbuf.offset = 0;
-
-        s->handshake_func = s->method->ssl_connect;
-    } else {
-        SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNKNOWN_PROTOCOL);
-        goto err;
-    }
-    s->init_num = 0;
-
-    return (SSL_connect(s));
- err:
-    return (-1);
-}

Copied: vendor-crypto/openssl/1.0.1u/ssl/s23_clnt.c (from rev 11605, vendor-crypto/openssl/dist/ssl/s23_clnt.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/ssl/s23_clnt.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/ssl/s23_clnt.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,790 @@
+/* ssl/s23_clnt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+
+static const SSL_METHOD *ssl23_get_client_method(int ver);
+static int ssl23_client_hello(SSL *s);
+static int ssl23_get_server_hello(SSL *s);
+static const SSL_METHOD *ssl23_get_client_method(int ver)
+{
+#ifndef OPENSSL_NO_SSL2
+    if (ver == SSL2_VERSION)
+        return (SSLv2_client_method());
+#endif
+#ifndef OPENSSL_NO_SSL3
+    if (ver == SSL3_VERSION)
+        return (SSLv3_client_method());
+#endif
+    if (ver == TLS1_VERSION)
+        return (TLSv1_client_method());
+    else if (ver == TLS1_1_VERSION)
+        return (TLSv1_1_client_method());
+    else if (ver == TLS1_2_VERSION)
+        return (TLSv1_2_client_method());
+    else
+        return (NULL);
+}
+
+IMPLEMENT_ssl23_meth_func(SSLv23_client_method,
+                          ssl_undefined_function,
+                          ssl23_connect, ssl23_get_client_method)
+
+int ssl23_connect(SSL *s)
+{
+    BUF_MEM *buf = NULL;
+    unsigned long Time = (unsigned long)time(NULL);
+    void (*cb) (const SSL *ssl, int type, int val) = NULL;
+    int ret = -1;
+    int new_state, state;
+
+    RAND_add(&Time, sizeof(Time), 0);
+    ERR_clear_error();
+    clear_sys_error();
+
+    if (s->info_callback != NULL)
+        cb = s->info_callback;
+    else if (s->ctx->info_callback != NULL)
+        cb = s->ctx->info_callback;
+
+    s->in_handshake++;
+    if (!SSL_in_init(s) || SSL_in_before(s))
+        SSL_clear(s);
+
+    for (;;) {
+        state = s->state;
+
+        switch (s->state) {
+        case SSL_ST_BEFORE:
+        case SSL_ST_CONNECT:
+        case SSL_ST_BEFORE | SSL_ST_CONNECT:
+        case SSL_ST_OK | SSL_ST_CONNECT:
+
+            if (s->session != NULL) {
+                SSLerr(SSL_F_SSL23_CONNECT,
+                       SSL_R_SSL23_DOING_SESSION_ID_REUSE);
+                ret = -1;
+                goto end;
+            }
+            s->server = 0;
+            if (cb != NULL)
+                cb(s, SSL_CB_HANDSHAKE_START, 1);
+
+            /* s->version=TLS1_VERSION; */
+            s->type = SSL_ST_CONNECT;
+
+            if (s->init_buf == NULL) {
+                if ((buf = BUF_MEM_new()) == NULL) {
+                    ret = -1;
+                    goto end;
+                }
+                if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
+                    ret = -1;
+                    goto end;
+                }
+                s->init_buf = buf;
+                buf = NULL;
+            }
+
+            if (!ssl3_setup_buffers(s)) {
+                ret = -1;
+                goto end;
+            }
+
+            ssl3_init_finished_mac(s);
+
+            s->state = SSL23_ST_CW_CLNT_HELLO_A;
+            s->ctx->stats.sess_connect++;
+            s->init_num = 0;
+            break;
+
+        case SSL23_ST_CW_CLNT_HELLO_A:
+        case SSL23_ST_CW_CLNT_HELLO_B:
+
+            s->shutdown = 0;
+            ret = ssl23_client_hello(s);
+            if (ret <= 0)
+                goto end;
+            s->state = SSL23_ST_CR_SRVR_HELLO_A;
+            s->init_num = 0;
+
+            break;
+
+        case SSL23_ST_CR_SRVR_HELLO_A:
+        case SSL23_ST_CR_SRVR_HELLO_B:
+            ret = ssl23_get_server_hello(s);
+            if (ret >= 0)
+                cb = NULL;
+            goto end;
+            /* break; */
+
+        default:
+            SSLerr(SSL_F_SSL23_CONNECT, SSL_R_UNKNOWN_STATE);
+            ret = -1;
+            goto end;
+            /* break; */
+        }
+
+        if (s->debug) {
+            (void)BIO_flush(s->wbio);
+        }
+
+        if ((cb != NULL) && (s->state != state)) {
+            new_state = s->state;
+            s->state = state;
+            cb(s, SSL_CB_CONNECT_LOOP, 1);
+            s->state = new_state;
+        }
+    }
+ end:
+    s->in_handshake--;
+    if (buf != NULL)
+        BUF_MEM_free(buf);
+    if (cb != NULL)
+        cb(s, SSL_CB_CONNECT_EXIT, ret);
+    return (ret);
+}
+
+static int ssl23_no_ssl2_ciphers(SSL *s)
+{
+    SSL_CIPHER *cipher;
+    STACK_OF(SSL_CIPHER) *ciphers;
+    int i;
+    ciphers = SSL_get_ciphers(s);
+    for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
+        cipher = sk_SSL_CIPHER_value(ciphers, i);
+        if (cipher->algorithm_ssl == SSL_SSLV2)
+            return 0;
+    }
+    return 1;
+}
+
+/*
+ * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
+ * failure, 1 on success.
+ */
+int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
+{
+    int send_time = 0;
+
+    if (len < 4)
+        return 0;
+    if (server)
+        send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
+    else
+        send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
+    if (send_time) {
+        unsigned long Time = (unsigned long)time(NULL);
+        unsigned char *p = result;
+        l2n(Time, p);
+        return RAND_bytes(p, len - 4);
+    } else
+        return RAND_bytes(result, len);
+}
+
+static int ssl23_client_hello(SSL *s)
+{
+    unsigned char *buf;
+    unsigned char *p, *d;
+    int i, ch_len;
+    unsigned long l;
+    int ssl2_compat;
+    int version = 0, version_major, version_minor;
+#ifndef OPENSSL_NO_COMP
+    int j;
+    SSL_COMP *comp;
+#endif
+    int ret;
+    unsigned long mask, options = s->options;
+
+    ssl2_compat = (options & SSL_OP_NO_SSLv2) ? 0 : 1;
+
+    if (ssl2_compat && ssl23_no_ssl2_ciphers(s))
+        ssl2_compat = 0;
+
+    /*
+     * SSL_OP_NO_X disables all protocols above X *if* there are
+     * some protocols below X enabled. This is required in order
+     * to maintain "version capability" vector contiguous. So
+     * that if application wants to disable TLS1.0 in favour of
+     * TLS1>=1, it would be insufficient to pass SSL_NO_TLSv1, the
+     * answer is SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2.
+     */
+    mask = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1
+#if !defined(OPENSSL_NO_SSL3)
+        | SSL_OP_NO_SSLv3
+#endif
+#if !defined(OPENSSL_NO_SSL2)
+        | (ssl2_compat ? SSL_OP_NO_SSLv2 : 0)
+#endif
+        ;
+#if !defined(OPENSSL_NO_TLS1_2_CLIENT)
+    version = TLS1_2_VERSION;
+
+    if ((options & SSL_OP_NO_TLSv1_2) && (options & mask) != mask)
+        version = TLS1_1_VERSION;
+#else
+    version = TLS1_1_VERSION;
+#endif
+    mask &= ~SSL_OP_NO_TLSv1_1;
+    if ((options & SSL_OP_NO_TLSv1_1) && (options & mask) != mask)
+        version = TLS1_VERSION;
+    mask &= ~SSL_OP_NO_TLSv1;
+#if !defined(OPENSSL_NO_SSL3)
+    if ((options & SSL_OP_NO_TLSv1) && (options & mask) != mask)
+        version = SSL3_VERSION;
+    mask &= ~SSL_OP_NO_SSLv3;
+#endif
+#if !defined(OPENSSL_NO_SSL2)
+    if ((options & SSL_OP_NO_SSLv3) && (options & mask) != mask)
+        version = SSL2_VERSION;
+#endif
+
+#ifndef OPENSSL_NO_TLSEXT
+    if (version != SSL2_VERSION) {
+        /*
+         * have to disable SSL 2.0 compatibility if we need TLS extensions
+         */
+
+        if (s->tlsext_hostname != NULL)
+            ssl2_compat = 0;
+        if (s->tlsext_status_type != -1)
+            ssl2_compat = 0;
+# ifdef TLSEXT_TYPE_opaque_prf_input
+        if (s->ctx->tlsext_opaque_prf_input_callback != 0
+            || s->tlsext_opaque_prf_input != NULL)
+            ssl2_compat = 0;
+# endif
+    }
+#endif
+
+    buf = (unsigned char *)s->init_buf->data;
+    if (s->state == SSL23_ST_CW_CLNT_HELLO_A) {
+        /*
+         * Since we're sending s23 client hello, we're not reusing a session, as
+         * we'd be using the method from the saved session instead
+         */
+        if (!ssl_get_new_session(s, 0)) {
+            return -1;
+        }
+
+        p = s->s3->client_random;
+        if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
+            return -1;
+
+        if (version == TLS1_2_VERSION) {
+            version_major = TLS1_2_VERSION_MAJOR;
+            version_minor = TLS1_2_VERSION_MINOR;
+        } else if (version == TLS1_1_VERSION) {
+            version_major = TLS1_1_VERSION_MAJOR;
+            version_minor = TLS1_1_VERSION_MINOR;
+        } else if (version == TLS1_VERSION) {
+            version_major = TLS1_VERSION_MAJOR;
+            version_minor = TLS1_VERSION_MINOR;
+        }
+#ifdef OPENSSL_FIPS
+        else if (FIPS_mode()) {
+            SSLerr(SSL_F_SSL23_CLIENT_HELLO,
+                   SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+            return -1;
+        }
+#endif
+        else if (version == SSL3_VERSION) {
+            version_major = SSL3_VERSION_MAJOR;
+            version_minor = SSL3_VERSION_MINOR;
+        } else if (version == SSL2_VERSION) {
+            version_major = SSL2_VERSION_MAJOR;
+            version_minor = SSL2_VERSION_MINOR;
+        } else {
+            SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_PROTOCOLS_AVAILABLE);
+            return (-1);
+        }
+
+        s->client_version = version;
+
+        if (ssl2_compat) {
+            /* create SSL 2.0 compatible Client Hello */
+
+            /* two byte record header will be written last */
+            d = &(buf[2]);
+            p = d + 9;          /* leave space for message type, version,
+                                 * individual length fields */
+
+            *(d++) = SSL2_MT_CLIENT_HELLO;
+            *(d++) = version_major;
+            *(d++) = version_minor;
+
+            /* Ciphers supported */
+            i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), p, 0);
+            if (i == 0) {
+                /* no ciphers */
+                SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
+                return -1;
+            }
+            s2n(i, d);
+            p += i;
+
+            /*
+             * put in the session-id length (zero since there is no reuse)
+             */
+            s2n(0, d);
+
+            if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
+                ch_len = SSL2_CHALLENGE_LENGTH;
+            else
+                ch_len = SSL2_MAX_CHALLENGE_LENGTH;
+
+            /* write out sslv2 challenge */
+            /*
+             * Note that ch_len must be <= SSL3_RANDOM_SIZE (32), because it
+             * is one of SSL2_MAX_CHALLENGE_LENGTH (32) or
+             * SSL2_MAX_CHALLENGE_LENGTH (16), but leave the check in for
+             * futurproofing
+             */
+            if (SSL3_RANDOM_SIZE < ch_len)
+                i = SSL3_RANDOM_SIZE;
+            else
+                i = ch_len;
+            s2n(i, d);
+            memset(&(s->s3->client_random[0]), 0, SSL3_RANDOM_SIZE);
+            if (RAND_bytes (&(s->s3->client_random[SSL3_RANDOM_SIZE - i]), i)
+                    <= 0)
+                return -1;
+
+            memcpy(p, &(s->s3->client_random[SSL3_RANDOM_SIZE - i]), i);
+            p += i;
+
+            i = p - &(buf[2]);
+            buf[0] = ((i >> 8) & 0xff) | 0x80;
+            buf[1] = (i & 0xff);
+
+            /* number of bytes to write */
+            s->init_num = i + 2;
+            s->init_off = 0;
+
+            ssl3_finish_mac(s, &(buf[2]), i);
+        } else {
+            /* create Client Hello in SSL 3.0/TLS 1.0 format */
+
+            /*
+             * do the record header (5 bytes) and handshake message header (4
+             * bytes) last
+             */
+            d = p = &(buf[9]);
+
+            *(p++) = version_major;
+            *(p++) = version_minor;
+
+            /* Random stuff */
+            memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
+            p += SSL3_RANDOM_SIZE;
+
+            /* Session ID (zero since there is no reuse) */
+            *(p++) = 0;
+
+            /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
+            i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]),
+                                         ssl3_put_cipher_by_char);
+            if (i == 0) {
+                SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
+                return -1;
+            }
+#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH
+            /*
+             * Some servers hang if client hello > 256 bytes as hack
+             * workaround chop number of supported ciphers to keep it well
+             * below this if we use TLS v1.2
+             */
+            if (TLS1_get_version(s) >= TLS1_2_VERSION
+                && i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
+                i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
+#endif
+            s2n(i, p);
+            p += i;
+
+            /* COMPRESSION */
+#ifdef OPENSSL_NO_COMP
+            *(p++) = 1;
+#else
+            if ((s->options & SSL_OP_NO_COMPRESSION)
+                || !s->ctx->comp_methods)
+                j = 0;
+            else
+                j = sk_SSL_COMP_num(s->ctx->comp_methods);
+            *(p++) = 1 + j;
+            for (i = 0; i < j; i++) {
+                comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
+                *(p++) = comp->id;
+            }
+#endif
+            *(p++) = 0;         /* Add the NULL method */
+
+#ifndef OPENSSL_NO_TLSEXT
+            /* TLS extensions */
+            if (ssl_prepare_clienthello_tlsext(s) <= 0) {
+                SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
+                return -1;
+            }
+            if ((p =
+                 ssl_add_clienthello_tlsext(s, p,
+                                            buf +
+                                            SSL3_RT_MAX_PLAIN_LENGTH)) ==
+                NULL) {
+                SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+                return -1;
+            }
+#endif
+
+            l = p - d;
+
+            /* fill in 4-byte handshake header */
+            d = &(buf[5]);
+            *(d++) = SSL3_MT_CLIENT_HELLO;
+            l2n3(l, d);
+
+            l += 4;
+
+            if (l > SSL3_RT_MAX_PLAIN_LENGTH) {
+                SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+                return -1;
+            }
+
+            /* fill in 5-byte record header */
+            d = buf;
+            *(d++) = SSL3_RT_HANDSHAKE;
+            *(d++) = version_major;
+            /*
+             * Some servers hang if we use long client hellos and a record
+             * number > TLS 1.0.
+             */
+            if (TLS1_get_client_version(s) > TLS1_VERSION)
+                *(d++) = 1;
+            else
+                *(d++) = version_minor;
+            s2n((int)l, d);
+
+            /* number of bytes to write */
+            s->init_num = p - buf;
+            s->init_off = 0;
+
+            ssl3_finish_mac(s, &(buf[5]), s->init_num - 5);
+        }
+
+        s->state = SSL23_ST_CW_CLNT_HELLO_B;
+        s->init_off = 0;
+    }
+
+    /* SSL3_ST_CW_CLNT_HELLO_B */
+    ret = ssl23_write_bytes(s);
+
+    if ((ret >= 2) && s->msg_callback) {
+        /* Client Hello has been sent; tell msg_callback */
+
+        if (ssl2_compat)
+            s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data + 2,
+                            ret - 2, s, s->msg_callback_arg);
+        else
+            s->msg_callback(1, version, SSL3_RT_HANDSHAKE,
+                            s->init_buf->data + 5, ret - 5, s,
+                            s->msg_callback_arg);
+    }
+
+    return ret;
+}
+
+static int ssl23_get_server_hello(SSL *s)
+{
+    char buf[8];
+    unsigned char *p;
+    int i;
+    int n;
+
+    n = ssl23_read_bytes(s, 7);
+
+    if (n != 7)
+        return (n);
+    p = s->packet;
+
+    memcpy(buf, p, n);
+
+    if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&
+        (p[5] == 0x00) && (p[6] == 0x02)) {
+#ifdef OPENSSL_NO_SSL2
+        SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
+        goto err;
+#else
+        /* we are talking sslv2 */
+        /*
+         * we need to clean up the SSLv3 setup and put in the sslv2 stuff.
+         */
+        int ch_len;
+
+        if (s->options & SSL_OP_NO_SSLv2) {
+            SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
+            goto err;
+        }
+        if (s->s2 == NULL) {
+            if (!ssl2_new(s))
+                goto err;
+        } else
+            ssl2_clear(s);
+
+        if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
+            ch_len = SSL2_CHALLENGE_LENGTH;
+        else
+            ch_len = SSL2_MAX_CHALLENGE_LENGTH;
+
+        /* write out sslv2 challenge */
+        /*
+         * Note that ch_len must be <= SSL3_RANDOM_SIZE (32), because it is
+         * one of SSL2_MAX_CHALLENGE_LENGTH (32) or SSL2_MAX_CHALLENGE_LENGTH
+         * (16), but leave the check in for futurproofing
+         */
+        i = (SSL3_RANDOM_SIZE < ch_len)
+            ? SSL3_RANDOM_SIZE : ch_len;
+        s->s2->challenge_length = i;
+        memcpy(s->s2->challenge,
+               &(s->s3->client_random[SSL3_RANDOM_SIZE - i]), i);
+
+        if (s->s3 != NULL)
+            ssl3_free(s);
+
+        if (!BUF_MEM_grow_clean(s->init_buf,
+                                SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) {
+            SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, ERR_R_BUF_LIB);
+            goto err;
+        }
+
+        s->state = SSL2_ST_GET_SERVER_HELLO_A;
+        if (!(s->client_version == SSL2_VERSION))
+            /*
+             * use special padding (SSL 3.0 draft/RFC 2246, App. E.2)
+             */
+            s->s2->ssl2_rollback = 1;
+
+        /*
+         * setup the 7 bytes we have read so we get them from the sslv2
+         * buffer
+         */
+        s->rstate = SSL_ST_READ_HEADER;
+        s->packet_length = n;
+        s->packet = &(s->s2->rbuf[0]);
+        memcpy(s->packet, buf, n);
+        s->s2->rbuf_left = n;
+        s->s2->rbuf_offs = 0;
+
+        /* we have already written one */
+        s->s2->write_sequence = 1;
+
+        s->method = SSLv2_client_method();
+        s->handshake_func = s->method->ssl_connect;
+#endif
+    } else if (p[1] == SSL3_VERSION_MAJOR &&
+               p[2] <= TLS1_2_VERSION_MINOR &&
+               ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) ||
+                (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2))) {
+        /* we have sslv3 or tls1 (server hello or alert) */
+
+#ifndef OPENSSL_NO_SSL3
+        if ((p[2] == SSL3_VERSION_MINOR) && !(s->options & SSL_OP_NO_SSLv3)) {
+# ifdef OPENSSL_FIPS
+            if (FIPS_mode()) {
+                SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
+                       SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+                goto err;
+            }
+# endif
+            s->version = SSL3_VERSION;
+            s->method = SSLv3_client_method();
+        } else
+#endif
+        if ((p[2] == TLS1_VERSION_MINOR) && !(s->options & SSL_OP_NO_TLSv1)) {
+            s->version = TLS1_VERSION;
+            s->method = TLSv1_client_method();
+        } else if ((p[2] == TLS1_1_VERSION_MINOR) &&
+                   !(s->options & SSL_OP_NO_TLSv1_1)) {
+            s->version = TLS1_1_VERSION;
+            s->method = TLSv1_1_client_method();
+        } else if ((p[2] == TLS1_2_VERSION_MINOR) &&
+                   !(s->options & SSL_OP_NO_TLSv1_2)) {
+            s->version = TLS1_2_VERSION;
+            s->method = TLSv1_2_client_method();
+        } else {
+            SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
+            goto err;
+        }
+
+        s->session->ssl_version = s->version;
+
+        /* ensure that TLS_MAX_VERSION is up-to-date */
+        OPENSSL_assert(s->version <= TLS_MAX_VERSION);
+
+        if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING) {
+            /* fatal alert */
+
+            void (*cb) (const SSL *ssl, int type, int val) = NULL;
+            int j;
+
+            if (s->info_callback != NULL)
+                cb = s->info_callback;
+            else if (s->ctx->info_callback != NULL)
+                cb = s->ctx->info_callback;
+
+            i = p[5];
+            if (cb != NULL) {
+                j = (i << 8) | p[6];
+                cb(s, SSL_CB_READ_ALERT, j);
+            }
+
+            if (s->msg_callback)
+                s->msg_callback(0, s->version, SSL3_RT_ALERT, p + 5, 2, s,
+                                s->msg_callback_arg);
+
+            s->rwstate = SSL_NOTHING;
+            SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_AD_REASON_OFFSET + p[6]);
+            goto err;
+        }
+
+        if (!ssl_init_wbio_buffer(s, 1))
+            goto err;
+
+        /* we are in this state */
+        s->state = SSL3_ST_CR_SRVR_HELLO_A;
+
+        /*
+         * put the 7 bytes we have read into the input buffer for SSLv3
+         */
+        s->rstate = SSL_ST_READ_HEADER;
+        s->packet_length = n;
+        if (s->s3->rbuf.buf == NULL)
+            if (!ssl3_setup_read_buffer(s))
+                goto err;
+        s->packet = &(s->s3->rbuf.buf[0]);
+        memcpy(s->packet, buf, n);
+        s->s3->rbuf.left = n;
+        s->s3->rbuf.offset = 0;
+
+        s->handshake_func = s->method->ssl_connect;
+    } else {
+        SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNKNOWN_PROTOCOL);
+        goto err;
+    }
+    s->init_num = 0;
+
+    return (SSL_connect(s));
+ err:
+    return (-1);
+}

Deleted: vendor-crypto/openssl/1.0.1u/ssl/s2_clnt.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/s2_clnt.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/ssl/s2_clnt.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,1094 +0,0 @@
-/* ssl/s2_clnt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_SSL2
-# include <stdio.h>
-# include <openssl/rand.h>
-# include <openssl/buffer.h>
-# include <openssl/objects.h>
-# include <openssl/evp.h>
-
-static const SSL_METHOD *ssl2_get_client_method(int ver);
-static int get_server_finished(SSL *s);
-static int get_server_verify(SSL *s);
-static int get_server_hello(SSL *s);
-static int client_hello(SSL *s);
-static int client_master_key(SSL *s);
-static int client_finished(SSL *s);
-static int client_certificate(SSL *s);
-static int ssl_rsa_public_encrypt(SESS_CERT *sc, int len, unsigned char *from,
-                                  unsigned char *to, int padding);
-# define BREAK   break
-
-static const SSL_METHOD *ssl2_get_client_method(int ver)
-{
-    if (ver == SSL2_VERSION)
-        return (SSLv2_client_method());
-    else
-        return (NULL);
-}
-
-IMPLEMENT_ssl2_meth_func(SSLv2_client_method,
-                         ssl_undefined_function,
-                         ssl2_connect, ssl2_get_client_method)
-
-int ssl2_connect(SSL *s)
-{
-    unsigned long l = (unsigned long)time(NULL);
-    BUF_MEM *buf = NULL;
-    int ret = -1;
-    void (*cb) (const SSL *ssl, int type, int val) = NULL;
-    int new_state, state;
-
-    RAND_add(&l, sizeof(l), 0);
-    ERR_clear_error();
-    clear_sys_error();
-
-    if (s->info_callback != NULL)
-        cb = s->info_callback;
-    else if (s->ctx->info_callback != NULL)
-        cb = s->ctx->info_callback;
-
-    /* init things to blank */
-    s->in_handshake++;
-    if (!SSL_in_init(s) || SSL_in_before(s))
-        SSL_clear(s);
-
-    for (;;) {
-        state = s->state;
-
-        switch (s->state) {
-        case SSL_ST_BEFORE:
-        case SSL_ST_CONNECT:
-        case SSL_ST_BEFORE | SSL_ST_CONNECT:
-        case SSL_ST_OK | SSL_ST_CONNECT:
-
-            s->server = 0;
-            if (cb != NULL)
-                cb(s, SSL_CB_HANDSHAKE_START, 1);
-
-            s->version = SSL2_VERSION;
-            s->type = SSL_ST_CONNECT;
-
-            buf = s->init_buf;
-            if ((buf == NULL) && ((buf = BUF_MEM_new()) == NULL)) {
-                ret = -1;
-                goto end;
-            }
-            if (!BUF_MEM_grow(buf, SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) {
-                if (buf == s->init_buf)
-                    buf = NULL;
-                ret = -1;
-                goto end;
-            }
-            s->init_buf = buf;
-            buf = NULL;
-            s->init_num = 0;
-            s->state = SSL2_ST_SEND_CLIENT_HELLO_A;
-            s->ctx->stats.sess_connect++;
-            s->handshake_func = ssl2_connect;
-            BREAK;
-
-        case SSL2_ST_SEND_CLIENT_HELLO_A:
-        case SSL2_ST_SEND_CLIENT_HELLO_B:
-            s->shutdown = 0;
-            ret = client_hello(s);
-            if (ret <= 0)
-                goto end;
-            s->init_num = 0;
-            s->state = SSL2_ST_GET_SERVER_HELLO_A;
-            BREAK;
-
-        case SSL2_ST_GET_SERVER_HELLO_A:
-        case SSL2_ST_GET_SERVER_HELLO_B:
-            ret = get_server_hello(s);
-            if (ret <= 0)
-                goto end;
-            s->init_num = 0;
-            if (!s->hit) {      /* new session */
-                s->state = SSL2_ST_SEND_CLIENT_MASTER_KEY_A;
-                BREAK;
-            } else {
-                s->state = SSL2_ST_CLIENT_START_ENCRYPTION;
-                break;
-            }
-
-        case SSL2_ST_SEND_CLIENT_MASTER_KEY_A:
-        case SSL2_ST_SEND_CLIENT_MASTER_KEY_B:
-            ret = client_master_key(s);
-            if (ret <= 0)
-                goto end;
-            s->init_num = 0;
-            s->state = SSL2_ST_CLIENT_START_ENCRYPTION;
-            break;
-
-        case SSL2_ST_CLIENT_START_ENCRYPTION:
-            /*
-             * Ok, we now have all the stuff needed to start encrypting, so
-             * lets fire it up :-)
-             */
-            if (!ssl2_enc_init(s, 1)) {
-                ret = -1;
-                goto end;
-            }
-            s->s2->clear_text = 0;
-            s->state = SSL2_ST_SEND_CLIENT_FINISHED_A;
-            break;
-
-        case SSL2_ST_SEND_CLIENT_FINISHED_A:
-        case SSL2_ST_SEND_CLIENT_FINISHED_B:
-            ret = client_finished(s);
-            if (ret <= 0)
-                goto end;
-            s->init_num = 0;
-            s->state = SSL2_ST_GET_SERVER_VERIFY_A;
-            break;
-
-        case SSL2_ST_GET_SERVER_VERIFY_A:
-        case SSL2_ST_GET_SERVER_VERIFY_B:
-            ret = get_server_verify(s);
-            if (ret <= 0)
-                goto end;
-            s->init_num = 0;
-            s->state = SSL2_ST_GET_SERVER_FINISHED_A;
-            break;
-
-        case SSL2_ST_GET_SERVER_FINISHED_A:
-        case SSL2_ST_GET_SERVER_FINISHED_B:
-            ret = get_server_finished(s);
-            if (ret <= 0)
-                goto end;
-            break;
-
-        case SSL2_ST_SEND_CLIENT_CERTIFICATE_A:
-        case SSL2_ST_SEND_CLIENT_CERTIFICATE_B:
-        case SSL2_ST_SEND_CLIENT_CERTIFICATE_C:
-        case SSL2_ST_SEND_CLIENT_CERTIFICATE_D:
-        case SSL2_ST_X509_GET_CLIENT_CERTIFICATE:
-            ret = client_certificate(s);
-            if (ret <= 0)
-                goto end;
-            s->init_num = 0;
-            s->state = SSL2_ST_GET_SERVER_FINISHED_A;
-            break;
-
-        case SSL_ST_OK:
-            if (s->init_buf != NULL) {
-                BUF_MEM_free(s->init_buf);
-                s->init_buf = NULL;
-            }
-            s->init_num = 0;
-            /*      ERR_clear_error(); */
-
-            /*
-             * If we want to cache session-ids in the client and we
-             * successfully add the session-id to the cache, and there is a
-             * callback, then pass it out. 26/11/96 - eay - only add if not a
-             * re-used session.
-             */
-
-            ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
-            if (s->hit)
-                s->ctx->stats.sess_hit++;
-
-            ret = 1;
-            /* s->server=0; */
-            s->ctx->stats.sess_connect_good++;
-
-            if (cb != NULL)
-                cb(s, SSL_CB_HANDSHAKE_DONE, 1);
-
-            goto end;
-            /* break; */
-        default:
-            SSLerr(SSL_F_SSL2_CONNECT, SSL_R_UNKNOWN_STATE);
-            return (-1);
-            /* break; */
-        }
-
-        if ((cb != NULL) && (s->state != state)) {
-            new_state = s->state;
-            s->state = state;
-            cb(s, SSL_CB_CONNECT_LOOP, 1);
-            s->state = new_state;
-        }
-    }
- end:
-    s->in_handshake--;
-    if (buf != NULL)
-        BUF_MEM_free(buf);
-    if (cb != NULL)
-        cb(s, SSL_CB_CONNECT_EXIT, ret);
-    return (ret);
-}
-
-static int get_server_hello(SSL *s)
-{
-    unsigned char *buf;
-    unsigned char *p;
-    int i, j;
-    unsigned long len;
-    STACK_OF(SSL_CIPHER) *sk = NULL, *cl, *prio, *allow;
-
-    buf = (unsigned char *)s->init_buf->data;
-    p = buf;
-    if (s->state == SSL2_ST_GET_SERVER_HELLO_A) {
-        i = ssl2_read(s, (char *)&(buf[s->init_num]), 11 - s->init_num);
-        if (i < (11 - s->init_num))
-            return (ssl2_part_read(s, SSL_F_GET_SERVER_HELLO, i));
-        s->init_num = 11;
-
-        if (*(p++) != SSL2_MT_SERVER_HELLO) {
-            if (p[-1] != SSL2_MT_ERROR) {
-                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-                SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_READ_WRONG_PACKET_TYPE);
-            } else
-                SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_PEER_ERROR);
-            return (-1);
-        }
-# if 0
-        s->hit = (*(p++)) ? 1 : 0;
-        /*
-         * Some [PPC?] compilers fail to increment p in above statement, e.g.
-         * one provided with Rhapsody 5.5, but most recent example XL C 11.1
-         * for AIX, even without optimization flag...
-         */
-# else
-        s->hit = (*p) ? 1 : 0;
-        p++;
-# endif
-        s->s2->tmp.cert_type = *(p++);
-        n2s(p, i);
-        if (i < s->version)
-            s->version = i;
-        n2s(p, i);
-        s->s2->tmp.cert_length = i;
-        n2s(p, i);
-        s->s2->tmp.csl = i;
-        n2s(p, i);
-        s->s2->tmp.conn_id_length = i;
-        s->state = SSL2_ST_GET_SERVER_HELLO_B;
-    }
-
-    /* SSL2_ST_GET_SERVER_HELLO_B */
-    len =
-        11 + (unsigned long)s->s2->tmp.cert_length +
-        (unsigned long)s->s2->tmp.csl +
-        (unsigned long)s->s2->tmp.conn_id_length;
-    if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) {
-        SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_MESSAGE_TOO_LONG);
-        return -1;
-    }
-    j = (int)len - s->init_num;
-    i = ssl2_read(s, (char *)&(buf[s->init_num]), j);
-    if (i != j)
-        return (ssl2_part_read(s, SSL_F_GET_SERVER_HELLO, i));
-    if (s->msg_callback) {
-        /* SERVER-HELLO */
-        s->msg_callback(0, s->version, 0, buf, (size_t)len, s,
-                        s->msg_callback_arg);
-    }
-
-    /* things are looking good */
-
-    p = buf + 11;
-    if (s->hit) {
-        if (s->s2->tmp.cert_length != 0) {
-            SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_REUSE_CERT_LENGTH_NOT_ZERO);
-            return (-1);
-        }
-        if (s->s2->tmp.cert_type != 0) {
-            if (!(s->options & SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG)) {
-                SSLerr(SSL_F_GET_SERVER_HELLO,
-                       SSL_R_REUSE_CERT_TYPE_NOT_ZERO);
-                return (-1);
-            }
-        }
-        if (s->s2->tmp.csl != 0) {
-            SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_REUSE_CIPHER_LIST_NOT_ZERO);
-            return (-1);
-        }
-    } else {
-# ifdef undef
-        /* very bad */
-        memset(s->session->session_id, 0,
-               SSL_MAX_SSL_SESSION_ID_LENGTH_IN_BYTES);
-        s->session->session_id_length = 0;
-        */
-# endif
-            /*
-             * we need to do this in case we were trying to reuse a client
-             * session but others are already reusing it. If this was a new
-             * 'blank' session ID, the session-id length will still be 0
-             */
-            if (s->session->session_id_length > 0) {
-            if (!ssl_get_new_session(s, 0)) {
-                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-                return (-1);
-            }
-        }
-
-        if (ssl2_set_certificate(s, s->s2->tmp.cert_type,
-                                 s->s2->tmp.cert_length, p) <= 0) {
-            ssl2_return_error(s, SSL2_PE_BAD_CERTIFICATE);
-            return (-1);
-        }
-        p += s->s2->tmp.cert_length;
-
-        if (s->s2->tmp.csl == 0) {
-            ssl2_return_error(s, SSL2_PE_NO_CIPHER);
-            SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_NO_CIPHER_LIST);
-            return (-1);
-        }
-
-        /*
-         * We have just received a list of ciphers back from the server.  We
-         * need to get the ones that match, then select the one we want the
-         * most :-).
-         */
-
-        /* load the ciphers */
-        sk = ssl_bytes_to_cipher_list(s, p, s->s2->tmp.csl,
-                                      &s->session->ciphers);
-        p += s->s2->tmp.csl;
-        if (sk == NULL) {
-            ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-            SSLerr(SSL_F_GET_SERVER_HELLO, ERR_R_MALLOC_FAILURE);
-            return (-1);
-        }
-
-        (void)sk_SSL_CIPHER_set_cmp_func(sk, ssl_cipher_ptr_id_cmp);
-
-        /* get the array of ciphers we will accept */
-        cl = SSL_get_ciphers(s);
-        (void)sk_SSL_CIPHER_set_cmp_func(cl, ssl_cipher_ptr_id_cmp);
-
-        /*
-         * If server preference flag set, choose the first
-         * (highest priority) cipher the server sends, otherwise
-         * client preference has priority.
-         */
-        if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
-            prio = sk;
-            allow = cl;
-        } else {
-            prio = cl;
-            allow = sk;
-        }
-        /*
-         * In theory we could have ciphers sent back that we don't want to
-         * use but that does not matter since we will check against the list
-         * we originally sent and for performance reasons we should not
-         * bother to match the two lists up just to check.
-         */
-        for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
-            if (sk_SSL_CIPHER_find(allow, sk_SSL_CIPHER_value(prio, i)) >= 0)
-                break;
-        }
-
-        if (i >= sk_SSL_CIPHER_num(prio)) {
-            ssl2_return_error(s, SSL2_PE_NO_CIPHER);
-            SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_NO_CIPHER_MATCH);
-            return (-1);
-        }
-        s->session->cipher = sk_SSL_CIPHER_value(prio, i);
-
-        if (s->session->peer != NULL) { /* can't happen */
-            ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-            SSLerr(SSL_F_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
-            return (-1);
-        }
-
-        s->session->peer = s->session->sess_cert->peer_key->x509;
-        /* peer_key->x509 has been set by ssl2_set_certificate. */
-        CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509);
-    }
-
-    if (s->session->sess_cert == NULL
-        || s->session->peer != s->session->sess_cert->peer_key->x509)
-        /* can't happen */
-    {
-        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-        SSLerr(SSL_F_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
-        return (-1);
-    }
-
-    s->s2->conn_id_length = s->s2->tmp.conn_id_length;
-    if (s->s2->conn_id_length > sizeof s->s2->conn_id) {
-        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-        SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_SSL2_CONNECTION_ID_TOO_LONG);
-        return -1;
-    }
-    memcpy(s->s2->conn_id, p, s->s2->tmp.conn_id_length);
-    return (1);
-}
-
-static int client_hello(SSL *s)
-{
-    unsigned char *buf;
-    unsigned char *p, *d;
-/*      CIPHER **cipher;*/
-    int i, n, j;
-
-    buf = (unsigned char *)s->init_buf->data;
-    if (s->state == SSL2_ST_SEND_CLIENT_HELLO_A) {
-        if ((s->session == NULL) || (s->session->ssl_version != s->version)) {
-            if (!ssl_get_new_session(s, 0)) {
-                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-                return (-1);
-            }
-        }
-        /* else use the pre-loaded session */
-
-        p = buf;                /* header */
-        d = p + 9;              /* data section */
-        *(p++) = SSL2_MT_CLIENT_HELLO; /* type */
-        s2n(SSL2_VERSION, p);   /* version */
-        n = j = 0;
-
-        n = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), d, 0);
-        d += n;
-
-        if (n == 0) {
-            SSLerr(SSL_F_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
-            return (-1);
-        }
-
-        s2n(n, p);              /* cipher spec num bytes */
-
-        if ((s->session->session_id_length > 0) &&
-            (s->session->session_id_length <=
-             SSL2_MAX_SSL_SESSION_ID_LENGTH)) {
-            i = s->session->session_id_length;
-            s2n(i, p);          /* session id length */
-            memcpy(d, s->session->session_id, (unsigned int)i);
-            d += i;
-        } else {
-            s2n(0, p);
-        }
-
-        s->s2->challenge_length = SSL2_CHALLENGE_LENGTH;
-        s2n(SSL2_CHALLENGE_LENGTH, p); /* challenge length */
-        /*
-         * challenge id data
-         */
-        if (RAND_pseudo_bytes(s->s2->challenge, SSL2_CHALLENGE_LENGTH) <= 0)
-            return -1;
-        memcpy(d, s->s2->challenge, SSL2_CHALLENGE_LENGTH);
-        d += SSL2_CHALLENGE_LENGTH;
-
-        s->state = SSL2_ST_SEND_CLIENT_HELLO_B;
-        s->init_num = d - buf;
-        s->init_off = 0;
-    }
-    /* SSL2_ST_SEND_CLIENT_HELLO_B */
-    return (ssl2_do_write(s));
-}
-
-static int client_master_key(SSL *s)
-{
-    unsigned char *buf;
-    unsigned char *p, *d;
-    int clear, enc, karg, i;
-    SSL_SESSION *sess;
-    const EVP_CIPHER *c;
-    const EVP_MD *md;
-
-    buf = (unsigned char *)s->init_buf->data;
-    if (s->state == SSL2_ST_SEND_CLIENT_MASTER_KEY_A) {
-
-        if (!ssl_cipher_get_evp(s->session, &c, &md, NULL, NULL, NULL)) {
-            ssl2_return_error(s, SSL2_PE_NO_CIPHER);
-            SSLerr(SSL_F_CLIENT_MASTER_KEY,
-                   SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
-            return (-1);
-        }
-        sess = s->session;
-        p = buf;
-        d = p + 10;
-        *(p++) = SSL2_MT_CLIENT_MASTER_KEY; /* type */
-
-        i = ssl_put_cipher_by_char(s, sess->cipher, p);
-        p += i;
-
-        /* make key_arg data */
-        i = EVP_CIPHER_iv_length(c);
-        sess->key_arg_length = i;
-        if (i > SSL_MAX_KEY_ARG_LENGTH) {
-            ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-            SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
-            return -1;
-        }
-        if (i > 0)
-            if (RAND_pseudo_bytes(sess->key_arg, i) <= 0)
-                return -1;
-
-        /* make a master key */
-        i = EVP_CIPHER_key_length(c);
-        sess->master_key_length = i;
-        if (i > 0) {
-            if (i > (int)sizeof(sess->master_key)) {
-                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-                SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
-                return -1;
-            }
-            if (RAND_bytes(sess->master_key, i) <= 0) {
-                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-                return (-1);
-            }
-        }
-
-        if (sess->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
-            enc = 8;
-        else if (SSL_C_IS_EXPORT(sess->cipher))
-            enc = 5;
-        else
-            enc = i;
-
-        if ((int)i < enc) {
-            ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-            SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_CIPHER_TABLE_SRC_ERROR);
-            return (-1);
-        }
-        clear = i - enc;
-        s2n(clear, p);
-        memcpy(d, sess->master_key, (unsigned int)clear);
-        d += clear;
-
-        enc = ssl_rsa_public_encrypt(sess->sess_cert, enc,
-                                     &(sess->master_key[clear]), d,
-                                     (s->
-                                      s2->ssl2_rollback) ? RSA_SSLV23_PADDING
-                                     : RSA_PKCS1_PADDING);
-        if (enc <= 0) {
-            ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-            SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_PUBLIC_KEY_ENCRYPT_ERROR);
-            return (-1);
-        }
-# ifdef PKCS1_CHECK
-        if (s->options & SSL_OP_PKCS1_CHECK_1)
-            d[1]++;
-        if (s->options & SSL_OP_PKCS1_CHECK_2)
-            sess->master_key[clear]++;
-# endif
-        s2n(enc, p);
-        d += enc;
-        karg = sess->key_arg_length;
-        s2n(karg, p);           /* key arg size */
-        if (karg > (int)sizeof(sess->key_arg)) {
-            ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-            SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
-            return -1;
-        }
-        memcpy(d, sess->key_arg, (unsigned int)karg);
-        d += karg;
-
-        s->state = SSL2_ST_SEND_CLIENT_MASTER_KEY_B;
-        s->init_num = d - buf;
-        s->init_off = 0;
-    }
-
-    /* SSL2_ST_SEND_CLIENT_MASTER_KEY_B */
-    return (ssl2_do_write(s));
-}
-
-static int client_finished(SSL *s)
-{
-    unsigned char *p;
-
-    if (s->state == SSL2_ST_SEND_CLIENT_FINISHED_A) {
-        p = (unsigned char *)s->init_buf->data;
-        *(p++) = SSL2_MT_CLIENT_FINISHED;
-        if (s->s2->conn_id_length > sizeof s->s2->conn_id) {
-            SSLerr(SSL_F_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR);
-            return -1;
-        }
-        memcpy(p, s->s2->conn_id, (unsigned int)s->s2->conn_id_length);
-
-        s->state = SSL2_ST_SEND_CLIENT_FINISHED_B;
-        s->init_num = s->s2->conn_id_length + 1;
-        s->init_off = 0;
-    }
-    return (ssl2_do_write(s));
-}
-
-/* read the data and then respond */
-static int client_certificate(SSL *s)
-{
-    unsigned char *buf;
-    unsigned char *p, *d;
-    int i;
-    unsigned int n;
-    int cert_ch_len;
-    unsigned char *cert_ch;
-
-    buf = (unsigned char *)s->init_buf->data;
-
-    /*
-     * We have a cert associated with the SSL, so attach it to the session if
-     * it does not have one
-     */
-
-    if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A) {
-        i = ssl2_read(s, (char *)&(buf[s->init_num]),
-                      SSL2_MAX_CERT_CHALLENGE_LENGTH + 2 - s->init_num);
-        if (i < (SSL2_MIN_CERT_CHALLENGE_LENGTH + 2 - s->init_num))
-            return (ssl2_part_read(s, SSL_F_CLIENT_CERTIFICATE, i));
-        s->init_num += i;
-        if (s->msg_callback) {
-            /* REQUEST-CERTIFICATE */
-            s->msg_callback(0, s->version, 0, buf, (size_t)s->init_num, s,
-                            s->msg_callback_arg);
-        }
-
-        /* type=buf[0]; */
-        /* type eq x509 */
-        if (buf[1] != SSL2_AT_MD5_WITH_RSA_ENCRYPTION) {
-            ssl2_return_error(s, SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE);
-            SSLerr(SSL_F_CLIENT_CERTIFICATE, SSL_R_BAD_AUTHENTICATION_TYPE);
-            return (-1);
-        }
-
-        if ((s->cert == NULL) ||
-            (s->cert->key->x509 == NULL) ||
-            (s->cert->key->privatekey == NULL)) {
-            s->state = SSL2_ST_X509_GET_CLIENT_CERTIFICATE;
-        } else
-            s->state = SSL2_ST_SEND_CLIENT_CERTIFICATE_C;
-    }
-
-    cert_ch = buf + 2;
-    cert_ch_len = s->init_num - 2;
-
-    if (s->state == SSL2_ST_X509_GET_CLIENT_CERTIFICATE) {
-        X509 *x509 = NULL;
-        EVP_PKEY *pkey = NULL;
-
-        /*
-         * If we get an error we need to ssl->rwstate=SSL_X509_LOOKUP;
-         * return(error); We should then be retried when things are ok and we
-         * can get a cert or not
-         */
-
-        i = 0;
-        if (s->ctx->client_cert_cb != NULL) {
-            i = s->ctx->client_cert_cb(s, &(x509), &(pkey));
-        }
-
-        if (i < 0) {
-            s->rwstate = SSL_X509_LOOKUP;
-            return (-1);
-        }
-        s->rwstate = SSL_NOTHING;
-
-        if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
-            s->state = SSL2_ST_SEND_CLIENT_CERTIFICATE_C;
-            if (!SSL_use_certificate(s, x509) || !SSL_use_PrivateKey(s, pkey)) {
-                i = 0;
-            }
-            X509_free(x509);
-            EVP_PKEY_free(pkey);
-        } else if (i == 1) {
-            if (x509 != NULL)
-                X509_free(x509);
-            if (pkey != NULL)
-                EVP_PKEY_free(pkey);
-            SSLerr(SSL_F_CLIENT_CERTIFICATE,
-                   SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
-            i = 0;
-        }
-
-        if (i == 0) {
-            /*
-             * We have no client certificate to respond with so send the
-             * correct error message back
-             */
-            s->state = SSL2_ST_SEND_CLIENT_CERTIFICATE_B;
-            p = buf;
-            *(p++) = SSL2_MT_ERROR;
-            s2n(SSL2_PE_NO_CERTIFICATE, p);
-            s->init_off = 0;
-            s->init_num = 3;
-            /* Write is done at the end */
-        }
-    }
-
-    if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_B) {
-        return (ssl2_do_write(s));
-    }
-
-    if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_C) {
-        EVP_MD_CTX ctx;
-
-        /*
-         * ok, now we calculate the checksum do it first so we can reuse buf
-         * :-)
-         */
-        p = buf;
-        EVP_MD_CTX_init(&ctx);
-        EVP_SignInit_ex(&ctx, s->ctx->rsa_md5, NULL);
-        EVP_SignUpdate(&ctx, s->s2->key_material, s->s2->key_material_length);
-        EVP_SignUpdate(&ctx, cert_ch, (unsigned int)cert_ch_len);
-        i = i2d_X509(s->session->sess_cert->peer_key->x509, &p);
-        /*
-         * Don't update the signature if it fails - FIXME: probably should
-         * handle this better
-         */
-        if (i > 0)
-            EVP_SignUpdate(&ctx, buf, (unsigned int)i);
-
-        p = buf;
-        d = p + 6;
-        *(p++) = SSL2_MT_CLIENT_CERTIFICATE;
-        *(p++) = SSL2_CT_X509_CERTIFICATE;
-        n = i2d_X509(s->cert->key->x509, &d);
-        s2n(n, p);
-
-        if (!EVP_SignFinal(&ctx, d, &n, s->cert->key->privatekey)) {
-            /*
-             * this is not good.  If things have failed it means there so
-             * something wrong with the key. We will continue with a 0 length
-             * signature
-             */
-        }
-        EVP_MD_CTX_cleanup(&ctx);
-        s2n(n, p);
-        d += n;
-
-        s->state = SSL2_ST_SEND_CLIENT_CERTIFICATE_D;
-        s->init_num = d - buf;
-        s->init_off = 0;
-    }
-    /* if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_D) */
-    return (ssl2_do_write(s));
-}
-
-static int get_server_verify(SSL *s)
-{
-    unsigned char *p;
-    int i, n, len;
-
-    p = (unsigned char *)s->init_buf->data;
-    if (s->state == SSL2_ST_GET_SERVER_VERIFY_A) {
-        i = ssl2_read(s, (char *)&(p[s->init_num]), 1 - s->init_num);
-        if (i < (1 - s->init_num))
-            return (ssl2_part_read(s, SSL_F_GET_SERVER_VERIFY, i));
-        s->init_num += i;
-
-        s->state = SSL2_ST_GET_SERVER_VERIFY_B;
-        if (*p != SSL2_MT_SERVER_VERIFY) {
-            if (p[0] != SSL2_MT_ERROR) {
-                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-                SSLerr(SSL_F_GET_SERVER_VERIFY, SSL_R_READ_WRONG_PACKET_TYPE);
-            } else {
-                SSLerr(SSL_F_GET_SERVER_VERIFY, SSL_R_PEER_ERROR);
-                /* try to read the error message */
-                i = ssl2_read(s, (char *)&(p[s->init_num]), 3 - s->init_num);
-                return ssl2_part_read(s, SSL_F_GET_SERVER_VERIFY, i);
-            }
-            return (-1);
-        }
-    }
-
-    p = (unsigned char *)s->init_buf->data;
-    len = 1 + s->s2->challenge_length;
-    n = len - s->init_num;
-    i = ssl2_read(s, (char *)&(p[s->init_num]), n);
-    if (i < n)
-        return (ssl2_part_read(s, SSL_F_GET_SERVER_VERIFY, i));
-    if (s->msg_callback) {
-        /* SERVER-VERIFY */
-        s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg);
-    }
-    p += 1;
-
-    if (CRYPTO_memcmp(p, s->s2->challenge, s->s2->challenge_length) != 0) {
-        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-        SSLerr(SSL_F_GET_SERVER_VERIFY, SSL_R_CHALLENGE_IS_DIFFERENT);
-        return (-1);
-    }
-    return (1);
-}
-
-static int get_server_finished(SSL *s)
-{
-    unsigned char *buf;
-    unsigned char *p;
-    int i, n, len;
-
-    buf = (unsigned char *)s->init_buf->data;
-    p = buf;
-    if (s->state == SSL2_ST_GET_SERVER_FINISHED_A) {
-        i = ssl2_read(s, (char *)&(buf[s->init_num]), 1 - s->init_num);
-        if (i < (1 - s->init_num))
-            return (ssl2_part_read(s, SSL_F_GET_SERVER_FINISHED, i));
-        s->init_num += i;
-
-        if (*p == SSL2_MT_REQUEST_CERTIFICATE) {
-            s->state = SSL2_ST_SEND_CLIENT_CERTIFICATE_A;
-            return (1);
-        } else if (*p != SSL2_MT_SERVER_FINISHED) {
-            if (p[0] != SSL2_MT_ERROR) {
-                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-                SSLerr(SSL_F_GET_SERVER_FINISHED,
-                       SSL_R_READ_WRONG_PACKET_TYPE);
-            } else {
-                SSLerr(SSL_F_GET_SERVER_FINISHED, SSL_R_PEER_ERROR);
-                /* try to read the error message */
-                i = ssl2_read(s, (char *)&(p[s->init_num]), 3 - s->init_num);
-                return ssl2_part_read(s, SSL_F_GET_SERVER_VERIFY, i);
-            }
-            return (-1);
-        }
-        s->state = SSL2_ST_GET_SERVER_FINISHED_B;
-    }
-
-    len = 1 + SSL2_SSL_SESSION_ID_LENGTH;
-    n = len - s->init_num;
-    i = ssl2_read(s, (char *)&(buf[s->init_num]), n);
-    if (i < n) {
-        /*
-         * XXX could be shorter than SSL2_SSL_SESSION_ID_LENGTH,
-         * that's the maximum
-         */
-        return (ssl2_part_read(s, SSL_F_GET_SERVER_FINISHED, i));
-    }
-    s->init_num += i;
-    if (s->msg_callback) {
-        /* SERVER-FINISHED */
-        s->msg_callback(0, s->version, 0, buf, (size_t)s->init_num, s,
-                        s->msg_callback_arg);
-    }
-
-    if (!s->hit) {              /* new session */
-        /* new session-id */
-        /*
-         * Make sure we were not trying to re-use an old SSL_SESSION or bad
-         * things can happen
-         */
-        /* ZZZZZZZZZZZZZ */
-        s->session->session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
-        memcpy(s->session->session_id, p + 1, SSL2_SSL_SESSION_ID_LENGTH);
-    } else {
-        if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) {
-            if ((s->session->session_id_length >
-                 sizeof s->session->session_id)
-                || (0 !=
-                    memcmp(buf + 1, s->session->session_id,
-                           (unsigned int)s->session->session_id_length))) {
-                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-                SSLerr(SSL_F_GET_SERVER_FINISHED,
-                       SSL_R_SSL_SESSION_ID_IS_DIFFERENT);
-                return (-1);
-            }
-        }
-    }
-    s->state = SSL_ST_OK;
-    return (1);
-}
-
-/* loads in the certificate from the server */
-int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data)
-{
-    STACK_OF(X509) *sk = NULL;
-    EVP_PKEY *pkey = NULL;
-    SESS_CERT *sc = NULL;
-    int i;
-    X509 *x509 = NULL;
-    int ret = 0;
-
-    x509 = d2i_X509(NULL, &data, (long)len);
-    if (x509 == NULL) {
-        SSLerr(SSL_F_SSL2_SET_CERTIFICATE, ERR_R_X509_LIB);
-        goto err;
-    }
-
-    if ((sk = sk_X509_new_null()) == NULL || !sk_X509_push(sk, x509)) {
-        SSLerr(SSL_F_SSL2_SET_CERTIFICATE, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    i = ssl_verify_cert_chain(s, sk);
-
-    if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)) {
-        SSLerr(SSL_F_SSL2_SET_CERTIFICATE, SSL_R_CERTIFICATE_VERIFY_FAILED);
-        goto err;
-    }
-    ERR_clear_error();          /* but we keep s->verify_result */
-    s->session->verify_result = s->verify_result;
-
-    /* server's cert for this session */
-    sc = ssl_sess_cert_new();
-    if (sc == NULL) {
-        ret = -1;
-        goto err;
-    }
-    if (s->session->sess_cert)
-        ssl_sess_cert_free(s->session->sess_cert);
-    s->session->sess_cert = sc;
-
-    sc->peer_pkeys[SSL_PKEY_RSA_ENC].x509 = x509;
-    sc->peer_key = &(sc->peer_pkeys[SSL_PKEY_RSA_ENC]);
-
-    pkey = X509_get_pubkey(x509);
-    x509 = NULL;
-    if (pkey == NULL) {
-        SSLerr(SSL_F_SSL2_SET_CERTIFICATE,
-               SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY);
-        goto err;
-    }
-    if (pkey->type != EVP_PKEY_RSA) {
-        SSLerr(SSL_F_SSL2_SET_CERTIFICATE, SSL_R_PUBLIC_KEY_NOT_RSA);
-        goto err;
-    }
-
-    if (!ssl_set_peer_cert_type(sc, SSL2_CT_X509_CERTIFICATE))
-        goto err;
-    ret = 1;
- err:
-    sk_X509_free(sk);
-    X509_free(x509);
-    EVP_PKEY_free(pkey);
-    return (ret);
-}
-
-static int ssl_rsa_public_encrypt(SESS_CERT *sc, int len, unsigned char *from,
-                                  unsigned char *to, int padding)
-{
-    EVP_PKEY *pkey = NULL;
-    int i = -1;
-
-    if ((sc == NULL) || (sc->peer_key->x509 == NULL) ||
-        ((pkey = X509_get_pubkey(sc->peer_key->x509)) == NULL)) {
-        SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT, SSL_R_NO_PUBLICKEY);
-        return (-1);
-    }
-    if (pkey->type != EVP_PKEY_RSA) {
-        SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT, SSL_R_PUBLIC_KEY_IS_NOT_RSA);
-        goto end;
-    }
-
-    /* we have the public key */
-    i = RSA_public_encrypt(len, from, to, pkey->pkey.rsa, padding);
-    if (i < 0)
-        SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT, ERR_R_RSA_LIB);
- end:
-    EVP_PKEY_free(pkey);
-    return (i);
-}
-#else                           /* !OPENSSL_NO_SSL2 */
-
-# if PEDANTIC
-static void *dummy = &dummy;
-# endif
-
-#endif

Copied: vendor-crypto/openssl/1.0.1u/ssl/s2_clnt.c (from rev 11605, vendor-crypto/openssl/dist/ssl/s2_clnt.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/ssl/s2_clnt.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/ssl/s2_clnt.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,1094 @@
+/* ssl/s2_clnt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "ssl_locl.h"
+#ifndef OPENSSL_NO_SSL2
+# include <stdio.h>
+# include <openssl/rand.h>
+# include <openssl/buffer.h>
+# include <openssl/objects.h>
+# include <openssl/evp.h>
+
+static const SSL_METHOD *ssl2_get_client_method(int ver);
+static int get_server_finished(SSL *s);
+static int get_server_verify(SSL *s);
+static int get_server_hello(SSL *s);
+static int client_hello(SSL *s);
+static int client_master_key(SSL *s);
+static int client_finished(SSL *s);
+static int client_certificate(SSL *s);
+static int ssl_rsa_public_encrypt(SESS_CERT *sc, int len, unsigned char *from,
+                                  unsigned char *to, int padding);
+# define BREAK   break
+
+static const SSL_METHOD *ssl2_get_client_method(int ver)
+{
+    if (ver == SSL2_VERSION)
+        return (SSLv2_client_method());
+    else
+        return (NULL);
+}
+
+IMPLEMENT_ssl2_meth_func(SSLv2_client_method,
+                         ssl_undefined_function,
+                         ssl2_connect, ssl2_get_client_method)
+
+int ssl2_connect(SSL *s)
+{
+    unsigned long l = (unsigned long)time(NULL);
+    BUF_MEM *buf = NULL;
+    int ret = -1;
+    void (*cb) (const SSL *ssl, int type, int val) = NULL;
+    int new_state, state;
+
+    RAND_add(&l, sizeof(l), 0);
+    ERR_clear_error();
+    clear_sys_error();
+
+    if (s->info_callback != NULL)
+        cb = s->info_callback;
+    else if (s->ctx->info_callback != NULL)
+        cb = s->ctx->info_callback;
+
+    /* init things to blank */
+    s->in_handshake++;
+    if (!SSL_in_init(s) || SSL_in_before(s))
+        SSL_clear(s);
+
+    for (;;) {
+        state = s->state;
+
+        switch (s->state) {
+        case SSL_ST_BEFORE:
+        case SSL_ST_CONNECT:
+        case SSL_ST_BEFORE | SSL_ST_CONNECT:
+        case SSL_ST_OK | SSL_ST_CONNECT:
+
+            s->server = 0;
+            if (cb != NULL)
+                cb(s, SSL_CB_HANDSHAKE_START, 1);
+
+            s->version = SSL2_VERSION;
+            s->type = SSL_ST_CONNECT;
+
+            buf = s->init_buf;
+            if ((buf == NULL) && ((buf = BUF_MEM_new()) == NULL)) {
+                ret = -1;
+                goto end;
+            }
+            if (!BUF_MEM_grow(buf, SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) {
+                if (buf == s->init_buf)
+                    buf = NULL;
+                ret = -1;
+                goto end;
+            }
+            s->init_buf = buf;
+            buf = NULL;
+            s->init_num = 0;
+            s->state = SSL2_ST_SEND_CLIENT_HELLO_A;
+            s->ctx->stats.sess_connect++;
+            s->handshake_func = ssl2_connect;
+            BREAK;
+
+        case SSL2_ST_SEND_CLIENT_HELLO_A:
+        case SSL2_ST_SEND_CLIENT_HELLO_B:
+            s->shutdown = 0;
+            ret = client_hello(s);
+            if (ret <= 0)
+                goto end;
+            s->init_num = 0;
+            s->state = SSL2_ST_GET_SERVER_HELLO_A;
+            BREAK;
+
+        case SSL2_ST_GET_SERVER_HELLO_A:
+        case SSL2_ST_GET_SERVER_HELLO_B:
+            ret = get_server_hello(s);
+            if (ret <= 0)
+                goto end;
+            s->init_num = 0;
+            if (!s->hit) {      /* new session */
+                s->state = SSL2_ST_SEND_CLIENT_MASTER_KEY_A;
+                BREAK;
+            } else {
+                s->state = SSL2_ST_CLIENT_START_ENCRYPTION;
+                break;
+            }
+
+        case SSL2_ST_SEND_CLIENT_MASTER_KEY_A:
+        case SSL2_ST_SEND_CLIENT_MASTER_KEY_B:
+            ret = client_master_key(s);
+            if (ret <= 0)
+                goto end;
+            s->init_num = 0;
+            s->state = SSL2_ST_CLIENT_START_ENCRYPTION;
+            break;
+
+        case SSL2_ST_CLIENT_START_ENCRYPTION:
+            /*
+             * Ok, we now have all the stuff needed to start encrypting, so
+             * lets fire it up :-)
+             */
+            if (!ssl2_enc_init(s, 1)) {
+                ret = -1;
+                goto end;
+            }
+            s->s2->clear_text = 0;
+            s->state = SSL2_ST_SEND_CLIENT_FINISHED_A;
+            break;
+
+        case SSL2_ST_SEND_CLIENT_FINISHED_A:
+        case SSL2_ST_SEND_CLIENT_FINISHED_B:
+            ret = client_finished(s);
+            if (ret <= 0)
+                goto end;
+            s->init_num = 0;
+            s->state = SSL2_ST_GET_SERVER_VERIFY_A;
+            break;
+
+        case SSL2_ST_GET_SERVER_VERIFY_A:
+        case SSL2_ST_GET_SERVER_VERIFY_B:
+            ret = get_server_verify(s);
+            if (ret <= 0)
+                goto end;
+            s->init_num = 0;
+            s->state = SSL2_ST_GET_SERVER_FINISHED_A;
+            break;
+
+        case SSL2_ST_GET_SERVER_FINISHED_A:
+        case SSL2_ST_GET_SERVER_FINISHED_B:
+            ret = get_server_finished(s);
+            if (ret <= 0)
+                goto end;
+            break;
+
+        case SSL2_ST_SEND_CLIENT_CERTIFICATE_A:
+        case SSL2_ST_SEND_CLIENT_CERTIFICATE_B:
+        case SSL2_ST_SEND_CLIENT_CERTIFICATE_C:
+        case SSL2_ST_SEND_CLIENT_CERTIFICATE_D:
+        case SSL2_ST_X509_GET_CLIENT_CERTIFICATE:
+            ret = client_certificate(s);
+            if (ret <= 0)
+                goto end;
+            s->init_num = 0;
+            s->state = SSL2_ST_GET_SERVER_FINISHED_A;
+            break;
+
+        case SSL_ST_OK:
+            if (s->init_buf != NULL) {
+                BUF_MEM_free(s->init_buf);
+                s->init_buf = NULL;
+            }
+            s->init_num = 0;
+            /*      ERR_clear_error(); */
+
+            /*
+             * If we want to cache session-ids in the client and we
+             * successfully add the session-id to the cache, and there is a
+             * callback, then pass it out. 26/11/96 - eay - only add if not a
+             * re-used session.
+             */
+
+            ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
+            if (s->hit)
+                s->ctx->stats.sess_hit++;
+
+            ret = 1;
+            /* s->server=0; */
+            s->ctx->stats.sess_connect_good++;
+
+            if (cb != NULL)
+                cb(s, SSL_CB_HANDSHAKE_DONE, 1);
+
+            goto end;
+            /* break; */
+        default:
+            SSLerr(SSL_F_SSL2_CONNECT, SSL_R_UNKNOWN_STATE);
+            return (-1);
+            /* break; */
+        }
+
+        if ((cb != NULL) && (s->state != state)) {
+            new_state = s->state;
+            s->state = state;
+            cb(s, SSL_CB_CONNECT_LOOP, 1);
+            s->state = new_state;
+        }
+    }
+ end:
+    s->in_handshake--;
+    if (buf != NULL)
+        BUF_MEM_free(buf);
+    if (cb != NULL)
+        cb(s, SSL_CB_CONNECT_EXIT, ret);
+    return (ret);
+}
+
+static int get_server_hello(SSL *s)
+{
+    unsigned char *buf;
+    unsigned char *p;
+    int i, j;
+    unsigned long len;
+    STACK_OF(SSL_CIPHER) *sk = NULL, *cl, *prio, *allow;
+
+    buf = (unsigned char *)s->init_buf->data;
+    p = buf;
+    if (s->state == SSL2_ST_GET_SERVER_HELLO_A) {
+        i = ssl2_read(s, (char *)&(buf[s->init_num]), 11 - s->init_num);
+        if (i < (11 - s->init_num))
+            return (ssl2_part_read(s, SSL_F_GET_SERVER_HELLO, i));
+        s->init_num = 11;
+
+        if (*(p++) != SSL2_MT_SERVER_HELLO) {
+            if (p[-1] != SSL2_MT_ERROR) {
+                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+                SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_READ_WRONG_PACKET_TYPE);
+            } else
+                SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_PEER_ERROR);
+            return (-1);
+        }
+# if 0
+        s->hit = (*(p++)) ? 1 : 0;
+        /*
+         * Some [PPC?] compilers fail to increment p in above statement, e.g.
+         * one provided with Rhapsody 5.5, but most recent example XL C 11.1
+         * for AIX, even without optimization flag...
+         */
+# else
+        s->hit = (*p) ? 1 : 0;
+        p++;
+# endif
+        s->s2->tmp.cert_type = *(p++);
+        n2s(p, i);
+        if (i < s->version)
+            s->version = i;
+        n2s(p, i);
+        s->s2->tmp.cert_length = i;
+        n2s(p, i);
+        s->s2->tmp.csl = i;
+        n2s(p, i);
+        s->s2->tmp.conn_id_length = i;
+        s->state = SSL2_ST_GET_SERVER_HELLO_B;
+    }
+
+    /* SSL2_ST_GET_SERVER_HELLO_B */
+    len =
+        11 + (unsigned long)s->s2->tmp.cert_length +
+        (unsigned long)s->s2->tmp.csl +
+        (unsigned long)s->s2->tmp.conn_id_length;
+    if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) {
+        SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_MESSAGE_TOO_LONG);
+        return -1;
+    }
+    j = (int)len - s->init_num;
+    i = ssl2_read(s, (char *)&(buf[s->init_num]), j);
+    if (i != j)
+        return (ssl2_part_read(s, SSL_F_GET_SERVER_HELLO, i));
+    if (s->msg_callback) {
+        /* SERVER-HELLO */
+        s->msg_callback(0, s->version, 0, buf, (size_t)len, s,
+                        s->msg_callback_arg);
+    }
+
+    /* things are looking good */
+
+    p = buf + 11;
+    if (s->hit) {
+        if (s->s2->tmp.cert_length != 0) {
+            SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_REUSE_CERT_LENGTH_NOT_ZERO);
+            return (-1);
+        }
+        if (s->s2->tmp.cert_type != 0) {
+            if (!(s->options & SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG)) {
+                SSLerr(SSL_F_GET_SERVER_HELLO,
+                       SSL_R_REUSE_CERT_TYPE_NOT_ZERO);
+                return (-1);
+            }
+        }
+        if (s->s2->tmp.csl != 0) {
+            SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_REUSE_CIPHER_LIST_NOT_ZERO);
+            return (-1);
+        }
+    } else {
+# ifdef undef
+        /* very bad */
+        memset(s->session->session_id, 0,
+               SSL_MAX_SSL_SESSION_ID_LENGTH_IN_BYTES);
+        s->session->session_id_length = 0;
+        */
+# endif
+            /*
+             * we need to do this in case we were trying to reuse a client
+             * session but others are already reusing it. If this was a new
+             * 'blank' session ID, the session-id length will still be 0
+             */
+            if (s->session->session_id_length > 0) {
+            if (!ssl_get_new_session(s, 0)) {
+                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+                return (-1);
+            }
+        }
+
+        if (ssl2_set_certificate(s, s->s2->tmp.cert_type,
+                                 s->s2->tmp.cert_length, p) <= 0) {
+            ssl2_return_error(s, SSL2_PE_BAD_CERTIFICATE);
+            return (-1);
+        }
+        p += s->s2->tmp.cert_length;
+
+        if (s->s2->tmp.csl == 0) {
+            ssl2_return_error(s, SSL2_PE_NO_CIPHER);
+            SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_NO_CIPHER_LIST);
+            return (-1);
+        }
+
+        /*
+         * We have just received a list of ciphers back from the server.  We
+         * need to get the ones that match, then select the one we want the
+         * most :-).
+         */
+
+        /* load the ciphers */
+        sk = ssl_bytes_to_cipher_list(s, p, s->s2->tmp.csl,
+                                      &s->session->ciphers);
+        p += s->s2->tmp.csl;
+        if (sk == NULL) {
+            ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+            SSLerr(SSL_F_GET_SERVER_HELLO, ERR_R_MALLOC_FAILURE);
+            return (-1);
+        }
+
+        (void)sk_SSL_CIPHER_set_cmp_func(sk, ssl_cipher_ptr_id_cmp);
+
+        /* get the array of ciphers we will accept */
+        cl = SSL_get_ciphers(s);
+        (void)sk_SSL_CIPHER_set_cmp_func(cl, ssl_cipher_ptr_id_cmp);
+
+        /*
+         * If server preference flag set, choose the first
+         * (highest priority) cipher the server sends, otherwise
+         * client preference has priority.
+         */
+        if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
+            prio = sk;
+            allow = cl;
+        } else {
+            prio = cl;
+            allow = sk;
+        }
+        /*
+         * In theory we could have ciphers sent back that we don't want to
+         * use but that does not matter since we will check against the list
+         * we originally sent and for performance reasons we should not
+         * bother to match the two lists up just to check.
+         */
+        for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
+            if (sk_SSL_CIPHER_find(allow, sk_SSL_CIPHER_value(prio, i)) >= 0)
+                break;
+        }
+
+        if (i >= sk_SSL_CIPHER_num(prio)) {
+            ssl2_return_error(s, SSL2_PE_NO_CIPHER);
+            SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_NO_CIPHER_MATCH);
+            return (-1);
+        }
+        s->session->cipher = sk_SSL_CIPHER_value(prio, i);
+
+        if (s->session->peer != NULL) { /* can't happen */
+            ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+            SSLerr(SSL_F_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
+            return (-1);
+        }
+
+        s->session->peer = s->session->sess_cert->peer_key->x509;
+        /* peer_key->x509 has been set by ssl2_set_certificate. */
+        CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509);
+    }
+
+    if (s->session->sess_cert == NULL
+        || s->session->peer != s->session->sess_cert->peer_key->x509)
+        /* can't happen */
+    {
+        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+        SSLerr(SSL_F_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
+        return (-1);
+    }
+
+    s->s2->conn_id_length = s->s2->tmp.conn_id_length;
+    if (s->s2->conn_id_length > sizeof s->s2->conn_id) {
+        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+        SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_SSL2_CONNECTION_ID_TOO_LONG);
+        return -1;
+    }
+    memcpy(s->s2->conn_id, p, s->s2->tmp.conn_id_length);
+    return (1);
+}
+
+static int client_hello(SSL *s)
+{
+    unsigned char *buf;
+    unsigned char *p, *d;
+/*      CIPHER **cipher;*/
+    int i, n, j;
+
+    buf = (unsigned char *)s->init_buf->data;
+    if (s->state == SSL2_ST_SEND_CLIENT_HELLO_A) {
+        if ((s->session == NULL) || (s->session->ssl_version != s->version)) {
+            if (!ssl_get_new_session(s, 0)) {
+                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+                return (-1);
+            }
+        }
+        /* else use the pre-loaded session */
+
+        p = buf;                /* header */
+        d = p + 9;              /* data section */
+        *(p++) = SSL2_MT_CLIENT_HELLO; /* type */
+        s2n(SSL2_VERSION, p);   /* version */
+        n = j = 0;
+
+        n = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), d, 0);
+        d += n;
+
+        if (n == 0) {
+            SSLerr(SSL_F_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
+            return (-1);
+        }
+
+        s2n(n, p);              /* cipher spec num bytes */
+
+        if ((s->session->session_id_length > 0) &&
+            (s->session->session_id_length <=
+             SSL2_MAX_SSL_SESSION_ID_LENGTH)) {
+            i = s->session->session_id_length;
+            s2n(i, p);          /* session id length */
+            memcpy(d, s->session->session_id, (unsigned int)i);
+            d += i;
+        } else {
+            s2n(0, p);
+        }
+
+        s->s2->challenge_length = SSL2_CHALLENGE_LENGTH;
+        s2n(SSL2_CHALLENGE_LENGTH, p); /* challenge length */
+        /*
+         * challenge id data
+         */
+        if (RAND_bytes(s->s2->challenge, SSL2_CHALLENGE_LENGTH) <= 0)
+            return -1;
+        memcpy(d, s->s2->challenge, SSL2_CHALLENGE_LENGTH);
+        d += SSL2_CHALLENGE_LENGTH;
+
+        s->state = SSL2_ST_SEND_CLIENT_HELLO_B;
+        s->init_num = d - buf;
+        s->init_off = 0;
+    }
+    /* SSL2_ST_SEND_CLIENT_HELLO_B */
+    return (ssl2_do_write(s));
+}
+
+static int client_master_key(SSL *s)
+{
+    unsigned char *buf;
+    unsigned char *p, *d;
+    int clear, enc, karg, i;
+    SSL_SESSION *sess;
+    const EVP_CIPHER *c;
+    const EVP_MD *md;
+
+    buf = (unsigned char *)s->init_buf->data;
+    if (s->state == SSL2_ST_SEND_CLIENT_MASTER_KEY_A) {
+
+        if (!ssl_cipher_get_evp(s->session, &c, &md, NULL, NULL, NULL)) {
+            ssl2_return_error(s, SSL2_PE_NO_CIPHER);
+            SSLerr(SSL_F_CLIENT_MASTER_KEY,
+                   SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
+            return (-1);
+        }
+        sess = s->session;
+        p = buf;
+        d = p + 10;
+        *(p++) = SSL2_MT_CLIENT_MASTER_KEY; /* type */
+
+        i = ssl_put_cipher_by_char(s, sess->cipher, p);
+        p += i;
+
+        /* make key_arg data */
+        i = EVP_CIPHER_iv_length(c);
+        sess->key_arg_length = i;
+        if (i > SSL_MAX_KEY_ARG_LENGTH) {
+            ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+            SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
+        if (i > 0)
+            if (RAND_bytes(sess->key_arg, i) <= 0)
+                return -1;
+
+        /* make a master key */
+        i = EVP_CIPHER_key_length(c);
+        sess->master_key_length = i;
+        if (i > 0) {
+            if (i > (int)sizeof(sess->master_key)) {
+                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+                SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
+                return -1;
+            }
+            if (RAND_bytes(sess->master_key, i) <= 0) {
+                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+                return (-1);
+            }
+        }
+
+        if (sess->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
+            enc = 8;
+        else if (SSL_C_IS_EXPORT(sess->cipher))
+            enc = 5;
+        else
+            enc = i;
+
+        if ((int)i < enc) {
+            ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+            SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_CIPHER_TABLE_SRC_ERROR);
+            return (-1);
+        }
+        clear = i - enc;
+        s2n(clear, p);
+        memcpy(d, sess->master_key, (unsigned int)clear);
+        d += clear;
+
+        enc = ssl_rsa_public_encrypt(sess->sess_cert, enc,
+                                     &(sess->master_key[clear]), d,
+                                     (s->
+                                      s2->ssl2_rollback) ? RSA_SSLV23_PADDING
+                                     : RSA_PKCS1_PADDING);
+        if (enc <= 0) {
+            ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+            SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_PUBLIC_KEY_ENCRYPT_ERROR);
+            return (-1);
+        }
+# ifdef PKCS1_CHECK
+        if (s->options & SSL_OP_PKCS1_CHECK_1)
+            d[1]++;
+        if (s->options & SSL_OP_PKCS1_CHECK_2)
+            sess->master_key[clear]++;
+# endif
+        s2n(enc, p);
+        d += enc;
+        karg = sess->key_arg_length;
+        s2n(karg, p);           /* key arg size */
+        if (karg > (int)sizeof(sess->key_arg)) {
+            ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+            SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
+        memcpy(d, sess->key_arg, (unsigned int)karg);
+        d += karg;
+
+        s->state = SSL2_ST_SEND_CLIENT_MASTER_KEY_B;
+        s->init_num = d - buf;
+        s->init_off = 0;
+    }
+
+    /* SSL2_ST_SEND_CLIENT_MASTER_KEY_B */
+    return (ssl2_do_write(s));
+}
+
+static int client_finished(SSL *s)
+{
+    unsigned char *p;
+
+    if (s->state == SSL2_ST_SEND_CLIENT_FINISHED_A) {
+        p = (unsigned char *)s->init_buf->data;
+        *(p++) = SSL2_MT_CLIENT_FINISHED;
+        if (s->s2->conn_id_length > sizeof s->s2->conn_id) {
+            SSLerr(SSL_F_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
+        memcpy(p, s->s2->conn_id, (unsigned int)s->s2->conn_id_length);
+
+        s->state = SSL2_ST_SEND_CLIENT_FINISHED_B;
+        s->init_num = s->s2->conn_id_length + 1;
+        s->init_off = 0;
+    }
+    return (ssl2_do_write(s));
+}
+
+/* read the data and then respond */
+static int client_certificate(SSL *s)
+{
+    unsigned char *buf;
+    unsigned char *p, *d;
+    int i;
+    unsigned int n;
+    int cert_ch_len;
+    unsigned char *cert_ch;
+
+    buf = (unsigned char *)s->init_buf->data;
+
+    /*
+     * We have a cert associated with the SSL, so attach it to the session if
+     * it does not have one
+     */
+
+    if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A) {
+        i = ssl2_read(s, (char *)&(buf[s->init_num]),
+                      SSL2_MAX_CERT_CHALLENGE_LENGTH + 2 - s->init_num);
+        if (i < (SSL2_MIN_CERT_CHALLENGE_LENGTH + 2 - s->init_num))
+            return (ssl2_part_read(s, SSL_F_CLIENT_CERTIFICATE, i));
+        s->init_num += i;
+        if (s->msg_callback) {
+            /* REQUEST-CERTIFICATE */
+            s->msg_callback(0, s->version, 0, buf, (size_t)s->init_num, s,
+                            s->msg_callback_arg);
+        }
+
+        /* type=buf[0]; */
+        /* type eq x509 */
+        if (buf[1] != SSL2_AT_MD5_WITH_RSA_ENCRYPTION) {
+            ssl2_return_error(s, SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE);
+            SSLerr(SSL_F_CLIENT_CERTIFICATE, SSL_R_BAD_AUTHENTICATION_TYPE);
+            return (-1);
+        }
+
+        if ((s->cert == NULL) ||
+            (s->cert->key->x509 == NULL) ||
+            (s->cert->key->privatekey == NULL)) {
+            s->state = SSL2_ST_X509_GET_CLIENT_CERTIFICATE;
+        } else
+            s->state = SSL2_ST_SEND_CLIENT_CERTIFICATE_C;
+    }
+
+    cert_ch = buf + 2;
+    cert_ch_len = s->init_num - 2;
+
+    if (s->state == SSL2_ST_X509_GET_CLIENT_CERTIFICATE) {
+        X509 *x509 = NULL;
+        EVP_PKEY *pkey = NULL;
+
+        /*
+         * If we get an error we need to ssl->rwstate=SSL_X509_LOOKUP;
+         * return(error); We should then be retried when things are ok and we
+         * can get a cert or not
+         */
+
+        i = 0;
+        if (s->ctx->client_cert_cb != NULL) {
+            i = s->ctx->client_cert_cb(s, &(x509), &(pkey));
+        }
+
+        if (i < 0) {
+            s->rwstate = SSL_X509_LOOKUP;
+            return (-1);
+        }
+        s->rwstate = SSL_NOTHING;
+
+        if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
+            s->state = SSL2_ST_SEND_CLIENT_CERTIFICATE_C;
+            if (!SSL_use_certificate(s, x509) || !SSL_use_PrivateKey(s, pkey)) {
+                i = 0;
+            }
+            X509_free(x509);
+            EVP_PKEY_free(pkey);
+        } else if (i == 1) {
+            if (x509 != NULL)
+                X509_free(x509);
+            if (pkey != NULL)
+                EVP_PKEY_free(pkey);
+            SSLerr(SSL_F_CLIENT_CERTIFICATE,
+                   SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
+            i = 0;
+        }
+
+        if (i == 0) {
+            /*
+             * We have no client certificate to respond with so send the
+             * correct error message back
+             */
+            s->state = SSL2_ST_SEND_CLIENT_CERTIFICATE_B;
+            p = buf;
+            *(p++) = SSL2_MT_ERROR;
+            s2n(SSL2_PE_NO_CERTIFICATE, p);
+            s->init_off = 0;
+            s->init_num = 3;
+            /* Write is done at the end */
+        }
+    }
+
+    if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_B) {
+        return (ssl2_do_write(s));
+    }
+
+    if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_C) {
+        EVP_MD_CTX ctx;
+
+        /*
+         * ok, now we calculate the checksum do it first so we can reuse buf
+         * :-)
+         */
+        p = buf;
+        EVP_MD_CTX_init(&ctx);
+        EVP_SignInit_ex(&ctx, s->ctx->rsa_md5, NULL);
+        EVP_SignUpdate(&ctx, s->s2->key_material, s->s2->key_material_length);
+        EVP_SignUpdate(&ctx, cert_ch, (unsigned int)cert_ch_len);
+        i = i2d_X509(s->session->sess_cert->peer_key->x509, &p);
+        /*
+         * Don't update the signature if it fails - FIXME: probably should
+         * handle this better
+         */
+        if (i > 0)
+            EVP_SignUpdate(&ctx, buf, (unsigned int)i);
+
+        p = buf;
+        d = p + 6;
+        *(p++) = SSL2_MT_CLIENT_CERTIFICATE;
+        *(p++) = SSL2_CT_X509_CERTIFICATE;
+        n = i2d_X509(s->cert->key->x509, &d);
+        s2n(n, p);
+
+        if (!EVP_SignFinal(&ctx, d, &n, s->cert->key->privatekey)) {
+            /*
+             * this is not good.  If things have failed it means there so
+             * something wrong with the key. We will continue with a 0 length
+             * signature
+             */
+        }
+        EVP_MD_CTX_cleanup(&ctx);
+        s2n(n, p);
+        d += n;
+
+        s->state = SSL2_ST_SEND_CLIENT_CERTIFICATE_D;
+        s->init_num = d - buf;
+        s->init_off = 0;
+    }
+    /* if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_D) */
+    return (ssl2_do_write(s));
+}
+
+static int get_server_verify(SSL *s)
+{
+    unsigned char *p;
+    int i, n, len;
+
+    p = (unsigned char *)s->init_buf->data;
+    if (s->state == SSL2_ST_GET_SERVER_VERIFY_A) {
+        i = ssl2_read(s, (char *)&(p[s->init_num]), 1 - s->init_num);
+        if (i < (1 - s->init_num))
+            return (ssl2_part_read(s, SSL_F_GET_SERVER_VERIFY, i));
+        s->init_num += i;
+
+        s->state = SSL2_ST_GET_SERVER_VERIFY_B;
+        if (*p != SSL2_MT_SERVER_VERIFY) {
+            if (p[0] != SSL2_MT_ERROR) {
+                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+                SSLerr(SSL_F_GET_SERVER_VERIFY, SSL_R_READ_WRONG_PACKET_TYPE);
+            } else {
+                SSLerr(SSL_F_GET_SERVER_VERIFY, SSL_R_PEER_ERROR);
+                /* try to read the error message */
+                i = ssl2_read(s, (char *)&(p[s->init_num]), 3 - s->init_num);
+                return ssl2_part_read(s, SSL_F_GET_SERVER_VERIFY, i);
+            }
+            return (-1);
+        }
+    }
+
+    p = (unsigned char *)s->init_buf->data;
+    len = 1 + s->s2->challenge_length;
+    n = len - s->init_num;
+    i = ssl2_read(s, (char *)&(p[s->init_num]), n);
+    if (i < n)
+        return (ssl2_part_read(s, SSL_F_GET_SERVER_VERIFY, i));
+    if (s->msg_callback) {
+        /* SERVER-VERIFY */
+        s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg);
+    }
+    p += 1;
+
+    if (CRYPTO_memcmp(p, s->s2->challenge, s->s2->challenge_length) != 0) {
+        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+        SSLerr(SSL_F_GET_SERVER_VERIFY, SSL_R_CHALLENGE_IS_DIFFERENT);
+        return (-1);
+    }
+    return (1);
+}
+
+static int get_server_finished(SSL *s)
+{
+    unsigned char *buf;
+    unsigned char *p;
+    int i, n, len;
+
+    buf = (unsigned char *)s->init_buf->data;
+    p = buf;
+    if (s->state == SSL2_ST_GET_SERVER_FINISHED_A) {
+        i = ssl2_read(s, (char *)&(buf[s->init_num]), 1 - s->init_num);
+        if (i < (1 - s->init_num))
+            return (ssl2_part_read(s, SSL_F_GET_SERVER_FINISHED, i));
+        s->init_num += i;
+
+        if (*p == SSL2_MT_REQUEST_CERTIFICATE) {
+            s->state = SSL2_ST_SEND_CLIENT_CERTIFICATE_A;
+            return (1);
+        } else if (*p != SSL2_MT_SERVER_FINISHED) {
+            if (p[0] != SSL2_MT_ERROR) {
+                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+                SSLerr(SSL_F_GET_SERVER_FINISHED,
+                       SSL_R_READ_WRONG_PACKET_TYPE);
+            } else {
+                SSLerr(SSL_F_GET_SERVER_FINISHED, SSL_R_PEER_ERROR);
+                /* try to read the error message */
+                i = ssl2_read(s, (char *)&(p[s->init_num]), 3 - s->init_num);
+                return ssl2_part_read(s, SSL_F_GET_SERVER_VERIFY, i);
+            }
+            return (-1);
+        }
+        s->state = SSL2_ST_GET_SERVER_FINISHED_B;
+    }
+
+    len = 1 + SSL2_SSL_SESSION_ID_LENGTH;
+    n = len - s->init_num;
+    i = ssl2_read(s, (char *)&(buf[s->init_num]), n);
+    if (i < n) {
+        /*
+         * XXX could be shorter than SSL2_SSL_SESSION_ID_LENGTH,
+         * that's the maximum
+         */
+        return (ssl2_part_read(s, SSL_F_GET_SERVER_FINISHED, i));
+    }
+    s->init_num += i;
+    if (s->msg_callback) {
+        /* SERVER-FINISHED */
+        s->msg_callback(0, s->version, 0, buf, (size_t)s->init_num, s,
+                        s->msg_callback_arg);
+    }
+
+    if (!s->hit) {              /* new session */
+        /* new session-id */
+        /*
+         * Make sure we were not trying to re-use an old SSL_SESSION or bad
+         * things can happen
+         */
+        /* ZZZZZZZZZZZZZ */
+        s->session->session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
+        memcpy(s->session->session_id, p + 1, SSL2_SSL_SESSION_ID_LENGTH);
+    } else {
+        if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) {
+            if ((s->session->session_id_length >
+                 sizeof s->session->session_id)
+                || (0 !=
+                    memcmp(buf + 1, s->session->session_id,
+                           (unsigned int)s->session->session_id_length))) {
+                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+                SSLerr(SSL_F_GET_SERVER_FINISHED,
+                       SSL_R_SSL_SESSION_ID_IS_DIFFERENT);
+                return (-1);
+            }
+        }
+    }
+    s->state = SSL_ST_OK;
+    return (1);
+}
+
+/* loads in the certificate from the server */
+int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data)
+{
+    STACK_OF(X509) *sk = NULL;
+    EVP_PKEY *pkey = NULL;
+    SESS_CERT *sc = NULL;
+    int i;
+    X509 *x509 = NULL;
+    int ret = 0;
+
+    x509 = d2i_X509(NULL, &data, (long)len);
+    if (x509 == NULL) {
+        SSLerr(SSL_F_SSL2_SET_CERTIFICATE, ERR_R_X509_LIB);
+        goto err;
+    }
+
+    if ((sk = sk_X509_new_null()) == NULL || !sk_X509_push(sk, x509)) {
+        SSLerr(SSL_F_SSL2_SET_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    i = ssl_verify_cert_chain(s, sk);
+
+    if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)) {
+        SSLerr(SSL_F_SSL2_SET_CERTIFICATE, SSL_R_CERTIFICATE_VERIFY_FAILED);
+        goto err;
+    }
+    ERR_clear_error();          /* but we keep s->verify_result */
+    s->session->verify_result = s->verify_result;
+
+    /* server's cert for this session */
+    sc = ssl_sess_cert_new();
+    if (sc == NULL) {
+        ret = -1;
+        goto err;
+    }
+    if (s->session->sess_cert)
+        ssl_sess_cert_free(s->session->sess_cert);
+    s->session->sess_cert = sc;
+
+    sc->peer_pkeys[SSL_PKEY_RSA_ENC].x509 = x509;
+    sc->peer_key = &(sc->peer_pkeys[SSL_PKEY_RSA_ENC]);
+
+    pkey = X509_get_pubkey(x509);
+    x509 = NULL;
+    if (pkey == NULL) {
+        SSLerr(SSL_F_SSL2_SET_CERTIFICATE,
+               SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY);
+        goto err;
+    }
+    if (pkey->type != EVP_PKEY_RSA) {
+        SSLerr(SSL_F_SSL2_SET_CERTIFICATE, SSL_R_PUBLIC_KEY_NOT_RSA);
+        goto err;
+    }
+
+    if (!ssl_set_peer_cert_type(sc, SSL2_CT_X509_CERTIFICATE))
+        goto err;
+    ret = 1;
+ err:
+    sk_X509_free(sk);
+    X509_free(x509);
+    EVP_PKEY_free(pkey);
+    return (ret);
+}
+
+static int ssl_rsa_public_encrypt(SESS_CERT *sc, int len, unsigned char *from,
+                                  unsigned char *to, int padding)
+{
+    EVP_PKEY *pkey = NULL;
+    int i = -1;
+
+    if ((sc == NULL) || (sc->peer_key->x509 == NULL) ||
+        ((pkey = X509_get_pubkey(sc->peer_key->x509)) == NULL)) {
+        SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT, SSL_R_NO_PUBLICKEY);
+        return (-1);
+    }
+    if (pkey->type != EVP_PKEY_RSA) {
+        SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT, SSL_R_PUBLIC_KEY_IS_NOT_RSA);
+        goto end;
+    }
+
+    /* we have the public key */
+    i = RSA_public_encrypt(len, from, to, pkey->pkey.rsa, padding);
+    if (i < 0)
+        SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT, ERR_R_RSA_LIB);
+ end:
+    EVP_PKEY_free(pkey);
+    return (i);
+}
+#else                           /* !OPENSSL_NO_SSL2 */
+
+# if PEDANTIC
+static void *dummy = &dummy;
+# endif
+
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/ssl/s2_lib.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/s2_lib.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/ssl/s2_lib.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,567 +0,0 @@
-/* ssl/s2_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_SSL2
-# include <stdio.h>
-# include <openssl/objects.h>
-# include <openssl/evp.h>
-# include <openssl/md5.h>
-
-const char ssl2_version_str[] = "SSLv2" OPENSSL_VERSION_PTEXT;
-
-# define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))
-
-/* list of available SSLv2 ciphers (sorted by id) */
-OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
-# if 0
-/* NULL_WITH_MD5 v3 */
-    {
-     1,
-     SSL2_TXT_NULL_WITH_MD5,
-     SSL2_CK_NULL_WITH_MD5,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_eNULL,
-     SSL_MD5,
-     SSL_SSLV2,
-     SSL_EXPORT | SSL_EXP40 | SSL_STRONG_NONE,
-     0,
-     0,
-     0,
-     },
-# endif
-
-/* RC4_128_WITH_MD5 */
-    {
-     1,
-     SSL2_TXT_RC4_128_WITH_MD5,
-     SSL2_CK_RC4_128_WITH_MD5,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_RC4,
-     SSL_MD5,
-     SSL_SSLV2,
-     SSL_NOT_EXP | SSL_MEDIUM,
-     0,
-     128,
-     128,
-     },
-
-/* RC4_128_EXPORT40_WITH_MD5 */
-    {
-     1,
-     SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
-     SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_RC4,
-     SSL_MD5,
-     SSL_SSLV2,
-     SSL_EXPORT | SSL_EXP40,
-     SSL2_CF_5_BYTE_ENC,
-     40,
-     128,
-     },
-
-/* RC2_128_CBC_WITH_MD5 */
-    {
-     1,
-     SSL2_TXT_RC2_128_CBC_WITH_MD5,
-     SSL2_CK_RC2_128_CBC_WITH_MD5,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_RC2,
-     SSL_MD5,
-     SSL_SSLV2,
-     SSL_NOT_EXP | SSL_MEDIUM,
-     0,
-     128,
-     128,
-     },
-
-/* RC2_128_CBC_EXPORT40_WITH_MD5 */
-    {
-     1,
-     SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
-     SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_RC2,
-     SSL_MD5,
-     SSL_SSLV2,
-     SSL_EXPORT | SSL_EXP40,
-     SSL2_CF_5_BYTE_ENC,
-     40,
-     128,
-     },
-
-# ifndef OPENSSL_NO_IDEA
-/* IDEA_128_CBC_WITH_MD5 */
-    {
-     1,
-     SSL2_TXT_IDEA_128_CBC_WITH_MD5,
-     SSL2_CK_IDEA_128_CBC_WITH_MD5,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_IDEA,
-     SSL_MD5,
-     SSL_SSLV2,
-     SSL_NOT_EXP | SSL_MEDIUM,
-     0,
-     128,
-     128,
-     },
-# endif
-
-/* DES_64_CBC_WITH_MD5 */
-    {
-     1,
-     SSL2_TXT_DES_64_CBC_WITH_MD5,
-     SSL2_CK_DES_64_CBC_WITH_MD5,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_DES,
-     SSL_MD5,
-     SSL_SSLV2,
-     SSL_NOT_EXP | SSL_LOW,
-     0,
-     56,
-     56,
-     },
-
-/* DES_192_EDE3_CBC_WITH_MD5 */
-    {
-     1,
-     SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5,
-     SSL2_CK_DES_192_EDE3_CBC_WITH_MD5,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_3DES,
-     SSL_MD5,
-     SSL_SSLV2,
-     SSL_NOT_EXP | SSL_HIGH,
-     0,
-     112,
-     168,
-     },
-
-# if 0
-/* RC4_64_WITH_MD5 */
-    {
-     1,
-     SSL2_TXT_RC4_64_WITH_MD5,
-     SSL2_CK_RC4_64_WITH_MD5,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_RC4,
-     SSL_MD5,
-     SSL_SSLV2,
-     SSL_NOT_EXP | SSL_LOW,
-     SSL2_CF_8_BYTE_ENC,
-     64,
-     64,
-     },
-# endif
-
-# if 0
-/* NULL SSLeay (testing) */
-    {
-     0,
-     SSL2_TXT_NULL,
-     SSL2_CK_NULL,
-     0,
-     0,
-     0,
-     0,
-     SSL_SSLV2,
-     SSL_STRONG_NONE,
-     0,
-     0,
-     0,
-     },
-# endif
-
-/* end of list :-) */
-};
-
-long ssl2_default_timeout(void)
-{
-    return (300);
-}
-
-int ssl2_num_ciphers(void)
-{
-    return (SSL2_NUM_CIPHERS);
-}
-
-const SSL_CIPHER *ssl2_get_cipher(unsigned int u)
-{
-    if (u < SSL2_NUM_CIPHERS)
-        return (&(ssl2_ciphers[SSL2_NUM_CIPHERS - 1 - u]));
-    else
-        return (NULL);
-}
-
-int ssl2_pending(const SSL *s)
-{
-    return SSL_in_init(s) ? 0 : s->s2->ract_data_length;
-}
-
-int ssl2_new(SSL *s)
-{
-    SSL2_STATE *s2;
-
-    if ((s2 = OPENSSL_malloc(sizeof *s2)) == NULL)
-        goto err;
-    memset(s2, 0, sizeof *s2);
-
-# if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2
-#  error "assertion failed"
-# endif
-
-    if ((s2->rbuf =
-         OPENSSL_malloc(SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2)) == NULL)
-        goto err;
-    /*
-     * wbuf needs one byte more because when using two-byte headers, we leave
-     * the first byte unused in do_ssl_write (s2_pkt.c)
-     */
-    if ((s2->wbuf =
-         OPENSSL_malloc(SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 3)) == NULL)
-        goto err;
-    s->s2 = s2;
-
-    ssl2_clear(s);
-    return (1);
- err:
-    if (s2 != NULL) {
-        if (s2->wbuf != NULL)
-            OPENSSL_free(s2->wbuf);
-        if (s2->rbuf != NULL)
-            OPENSSL_free(s2->rbuf);
-        OPENSSL_free(s2);
-    }
-    return (0);
-}
-
-void ssl2_free(SSL *s)
-{
-    SSL2_STATE *s2;
-
-    if (s == NULL)
-        return;
-
-    s2 = s->s2;
-    if (s2->rbuf != NULL)
-        OPENSSL_free(s2->rbuf);
-    if (s2->wbuf != NULL)
-        OPENSSL_free(s2->wbuf);
-    OPENSSL_cleanse(s2, sizeof *s2);
-    OPENSSL_free(s2);
-    s->s2 = NULL;
-}
-
-void ssl2_clear(SSL *s)
-{
-    SSL2_STATE *s2;
-    unsigned char *rbuf, *wbuf;
-
-    s2 = s->s2;
-
-    rbuf = s2->rbuf;
-    wbuf = s2->wbuf;
-
-    memset(s2, 0, sizeof *s2);
-
-    s2->rbuf = rbuf;
-    s2->wbuf = wbuf;
-    s2->clear_text = 1;
-    s->packet = s2->rbuf;
-    s->version = SSL2_VERSION;
-    s->packet_length = 0;
-}
-
-long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg)
-{
-    int ret = 0;
-
-    switch (cmd) {
-    case SSL_CTRL_GET_SESSION_REUSED:
-        ret = s->hit;
-        break;
-    case SSL_CTRL_CHECK_PROTO_VERSION:
-        return ssl3_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, larg, parg);
-    default:
-        break;
-    }
-    return (ret);
-}
-
-long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
-{
-    return (0);
-}
-
-long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
-{
-    return (0);
-}
-
-long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
-{
-    return (0);
-}
-
-/*
- * This function needs to check if the ciphers required are actually
- * available
- */
-const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
-{
-    SSL_CIPHER c;
-    const SSL_CIPHER *cp;
-    unsigned long id;
-
-    id = 0x02000000L | ((unsigned long)p[0] << 16L) |
-        ((unsigned long)p[1] << 8L) | (unsigned long)p[2];
-    c.id = id;
-    cp = OBJ_bsearch_ssl_cipher_id(&c, ssl2_ciphers, SSL2_NUM_CIPHERS);
-    if ((cp == NULL) || (cp->valid == 0))
-        return NULL;
-    else
-        return cp;
-}
-
-int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
-{
-    long l;
-
-    if (p != NULL) {
-        l = c->id;
-        if ((l & 0xff000000) != 0x02000000 && l != SSL3_CK_FALLBACK_SCSV)
-            return (0);
-        p[0] = ((unsigned char)(l >> 16L)) & 0xFF;
-        p[1] = ((unsigned char)(l >> 8L)) & 0xFF;
-        p[2] = ((unsigned char)(l)) & 0xFF;
-    }
-    return (3);
-}
-
-int ssl2_generate_key_material(SSL *s)
-{
-    unsigned int i;
-    EVP_MD_CTX ctx;
-    unsigned char *km;
-    unsigned char c = '0';
-    const EVP_MD *md5;
-    int md_size;
-
-    md5 = EVP_md5();
-
-# ifdef CHARSET_EBCDIC
-    c = os_toascii['0'];        /* Must be an ASCII '0', not EBCDIC '0', see
-                                 * SSLv2 docu */
-# endif
-    EVP_MD_CTX_init(&ctx);
-    km = s->s2->key_material;
-
-    if (s->session->master_key_length < 0 ||
-        s->session->master_key_length > (int)sizeof(s->session->master_key)) {
-        SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
-        return 0;
-    }
-    md_size = EVP_MD_size(md5);
-    if (md_size < 0)
-        return 0;
-    for (i = 0; i < s->s2->key_material_length; i += md_size) {
-        if (((km - s->s2->key_material) + md_size) >
-            (int)sizeof(s->s2->key_material)) {
-            /*
-             * EVP_DigestFinal_ex() below would write beyond buffer
-             */
-            SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
-            return 0;
-        }
-
-        EVP_DigestInit_ex(&ctx, md5, NULL);
-
-        OPENSSL_assert(s->session->master_key_length >= 0
-                       && s->session->master_key_length
-                       <= (int)sizeof(s->session->master_key));
-        EVP_DigestUpdate(&ctx, s->session->master_key,
-                         s->session->master_key_length);
-        EVP_DigestUpdate(&ctx, &c, 1);
-        c++;
-        EVP_DigestUpdate(&ctx, s->s2->challenge, s->s2->challenge_length);
-        EVP_DigestUpdate(&ctx, s->s2->conn_id, s->s2->conn_id_length);
-        EVP_DigestFinal_ex(&ctx, km, NULL);
-        km += md_size;
-    }
-
-    EVP_MD_CTX_cleanup(&ctx);
-    return 1;
-}
-
-void ssl2_return_error(SSL *s, int err)
-{
-    if (!s->error) {
-        s->error = 3;
-        s->error_code = err;
-
-        ssl2_write_error(s);
-    }
-}
-
-void ssl2_write_error(SSL *s)
-{
-    unsigned char buf[3];
-    int i, error;
-
-    buf[0] = SSL2_MT_ERROR;
-    buf[1] = (s->error_code >> 8) & 0xff;
-    buf[2] = (s->error_code) & 0xff;
-
-/*      state=s->rwstate;*/
-
-    error = s->error;           /* number of bytes left to write */
-    s->error = 0;
-    OPENSSL_assert(error >= 0 && error <= (int)sizeof(buf));
-    i = ssl2_write(s, &(buf[3 - error]), error);
-
-/*      if (i == error) s->rwstate=state; */
-
-    if (i < 0)
-        s->error = error;
-    else {
-        s->error = error - i;
-
-        if (s->error == 0)
-            if (s->msg_callback) {
-                /* ERROR */
-                s->msg_callback(1, s->version, 0, buf, 3, s,
-                                s->msg_callback_arg);
-            }
-    }
-}
-
-int ssl2_shutdown(SSL *s)
-{
-    s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
-    return (1);
-}
-#else                           /* !OPENSSL_NO_SSL2 */
-
-# if PEDANTIC
-static void *dummy = &dummy;
-# endif
-
-#endif

Copied: vendor-crypto/openssl/1.0.1u/ssl/s2_lib.c (from rev 11605, vendor-crypto/openssl/dist/ssl/s2_lib.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/ssl/s2_lib.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/ssl/s2_lib.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,573 @@
+/* ssl/s2_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "ssl_locl.h"
+#ifndef OPENSSL_NO_SSL2
+# include <stdio.h>
+# include <openssl/objects.h>
+# include <openssl/evp.h>
+# include <openssl/md5.h>
+
+const char ssl2_version_str[] = "SSLv2" OPENSSL_VERSION_PTEXT;
+
+# define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))
+
+/* list of available SSLv2 ciphers (sorted by id) */
+OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
+# if 0
+/* NULL_WITH_MD5 v3 */
+    {
+     1,
+     SSL2_TXT_NULL_WITH_MD5,
+     SSL2_CK_NULL_WITH_MD5,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_eNULL,
+     SSL_MD5,
+     SSL_SSLV2,
+     SSL_EXPORT | SSL_EXP40 | SSL_STRONG_NONE,
+     0,
+     0,
+     0,
+     },
+# endif
+
+/* RC4_128_WITH_MD5 */
+    {
+     1,
+     SSL2_TXT_RC4_128_WITH_MD5,
+     SSL2_CK_RC4_128_WITH_MD5,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_RC4,
+     SSL_MD5,
+     SSL_SSLV2,
+     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
+     0,
+     128,
+     128,
+     },
+
+# if 0
+/* RC4_128_EXPORT40_WITH_MD5 */
+    {
+     1,
+     SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
+     SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_RC4,
+     SSL_MD5,
+     SSL_SSLV2,
+     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL2_CF_5_BYTE_ENC,
+     40,
+     128,
+     },
+# endif
+
+/* RC2_128_CBC_WITH_MD5 */
+    {
+     1,
+     SSL2_TXT_RC2_128_CBC_WITH_MD5,
+     SSL2_CK_RC2_128_CBC_WITH_MD5,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_RC2,
+     SSL_MD5,
+     SSL_SSLV2,
+     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
+     0,
+     128,
+     128,
+     },
+
+# if 0
+/* RC2_128_CBC_EXPORT40_WITH_MD5 */
+    {
+     1,
+     SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
+     SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_RC2,
+     SSL_MD5,
+     SSL_SSLV2,
+     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL2_CF_5_BYTE_ENC,
+     40,
+     128,
+     },
+# endif
+
+# ifndef OPENSSL_NO_IDEA
+/* IDEA_128_CBC_WITH_MD5 */
+    {
+     1,
+     SSL2_TXT_IDEA_128_CBC_WITH_MD5,
+     SSL2_CK_IDEA_128_CBC_WITH_MD5,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_IDEA,
+     SSL_MD5,
+     SSL_SSLV2,
+     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
+     0,
+     128,
+     128,
+     },
+# endif
+
+# if 0
+/* DES_64_CBC_WITH_MD5 */
+    {
+     1,
+     SSL2_TXT_DES_64_CBC_WITH_MD5,
+     SSL2_CK_DES_64_CBC_WITH_MD5,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_DES,
+     SSL_MD5,
+     SSL_SSLV2,
+     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
+     0,
+     56,
+     56,
+     },
+# endif
+
+/* DES_192_EDE3_CBC_WITH_MD5 */
+    {
+     1,
+     SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5,
+     SSL2_CK_DES_192_EDE3_CBC_WITH_MD5,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_3DES,
+     SSL_MD5,
+     SSL_SSLV2,
+     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH,
+     0,
+     112,
+     168,
+     },
+
+# if 0
+/* RC4_64_WITH_MD5 */
+    {
+     1,
+     SSL2_TXT_RC4_64_WITH_MD5,
+     SSL2_CK_RC4_64_WITH_MD5,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_RC4,
+     SSL_MD5,
+     SSL_SSLV2,
+     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
+     SSL2_CF_8_BYTE_ENC,
+     64,
+     64,
+     },
+# endif
+
+# if 0
+/* NULL SSLeay (testing) */
+    {
+     0,
+     SSL2_TXT_NULL,
+     SSL2_CK_NULL,
+     0,
+     0,
+     0,
+     0,
+     SSL_SSLV2,
+     SSL_STRONG_NONE,
+     0,
+     0,
+     0,
+     },
+# endif
+
+/* end of list :-) */
+};
+
+long ssl2_default_timeout(void)
+{
+    return (300);
+}
+
+int ssl2_num_ciphers(void)
+{
+    return (SSL2_NUM_CIPHERS);
+}
+
+const SSL_CIPHER *ssl2_get_cipher(unsigned int u)
+{
+    if (u < SSL2_NUM_CIPHERS)
+        return (&(ssl2_ciphers[SSL2_NUM_CIPHERS - 1 - u]));
+    else
+        return (NULL);
+}
+
+int ssl2_pending(const SSL *s)
+{
+    return SSL_in_init(s) ? 0 : s->s2->ract_data_length;
+}
+
+int ssl2_new(SSL *s)
+{
+    SSL2_STATE *s2;
+
+    if ((s2 = OPENSSL_malloc(sizeof *s2)) == NULL)
+        goto err;
+    memset(s2, 0, sizeof *s2);
+
+# if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2
+#  error "assertion failed"
+# endif
+
+    if ((s2->rbuf =
+         OPENSSL_malloc(SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2)) == NULL)
+        goto err;
+    /*
+     * wbuf needs one byte more because when using two-byte headers, we leave
+     * the first byte unused in do_ssl_write (s2_pkt.c)
+     */
+    if ((s2->wbuf =
+         OPENSSL_malloc(SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 3)) == NULL)
+        goto err;
+    s->s2 = s2;
+
+    ssl2_clear(s);
+    return (1);
+ err:
+    if (s2 != NULL) {
+        if (s2->wbuf != NULL)
+            OPENSSL_free(s2->wbuf);
+        if (s2->rbuf != NULL)
+            OPENSSL_free(s2->rbuf);
+        OPENSSL_free(s2);
+    }
+    return (0);
+}
+
+void ssl2_free(SSL *s)
+{
+    SSL2_STATE *s2;
+
+    if (s == NULL)
+        return;
+
+    s2 = s->s2;
+    if (s2->rbuf != NULL)
+        OPENSSL_free(s2->rbuf);
+    if (s2->wbuf != NULL)
+        OPENSSL_free(s2->wbuf);
+    OPENSSL_cleanse(s2, sizeof *s2);
+    OPENSSL_free(s2);
+    s->s2 = NULL;
+}
+
+void ssl2_clear(SSL *s)
+{
+    SSL2_STATE *s2;
+    unsigned char *rbuf, *wbuf;
+
+    s2 = s->s2;
+
+    rbuf = s2->rbuf;
+    wbuf = s2->wbuf;
+
+    memset(s2, 0, sizeof *s2);
+
+    s2->rbuf = rbuf;
+    s2->wbuf = wbuf;
+    s2->clear_text = 1;
+    s->packet = s2->rbuf;
+    s->version = SSL2_VERSION;
+    s->packet_length = 0;
+}
+
+long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg)
+{
+    int ret = 0;
+
+    switch (cmd) {
+    case SSL_CTRL_GET_SESSION_REUSED:
+        ret = s->hit;
+        break;
+    case SSL_CTRL_CHECK_PROTO_VERSION:
+        return ssl3_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, larg, parg);
+    default:
+        break;
+    }
+    return (ret);
+}
+
+long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
+{
+    return (0);
+}
+
+long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
+{
+    return (0);
+}
+
+long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
+{
+    return (0);
+}
+
+/*
+ * This function needs to check if the ciphers required are actually
+ * available
+ */
+const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
+{
+    SSL_CIPHER c;
+    const SSL_CIPHER *cp;
+    unsigned long id;
+
+    id = 0x02000000L | ((unsigned long)p[0] << 16L) |
+        ((unsigned long)p[1] << 8L) | (unsigned long)p[2];
+    c.id = id;
+    cp = OBJ_bsearch_ssl_cipher_id(&c, ssl2_ciphers, SSL2_NUM_CIPHERS);
+    if ((cp == NULL) || (cp->valid == 0))
+        return NULL;
+    else
+        return cp;
+}
+
+int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
+{
+    long l;
+
+    if (p != NULL) {
+        l = c->id;
+        if ((l & 0xff000000) != 0x02000000 && l != SSL3_CK_FALLBACK_SCSV)
+            return (0);
+        p[0] = ((unsigned char)(l >> 16L)) & 0xFF;
+        p[1] = ((unsigned char)(l >> 8L)) & 0xFF;
+        p[2] = ((unsigned char)(l)) & 0xFF;
+    }
+    return (3);
+}
+
+int ssl2_generate_key_material(SSL *s)
+{
+    unsigned int i;
+    EVP_MD_CTX ctx;
+    unsigned char *km;
+    unsigned char c = '0';
+    const EVP_MD *md5;
+    int md_size;
+
+    md5 = EVP_md5();
+
+# ifdef CHARSET_EBCDIC
+    c = os_toascii['0'];        /* Must be an ASCII '0', not EBCDIC '0', see
+                                 * SSLv2 docu */
+# endif
+    EVP_MD_CTX_init(&ctx);
+    km = s->s2->key_material;
+
+    if (s->session->master_key_length < 0 ||
+        s->session->master_key_length > (int)sizeof(s->session->master_key)) {
+        SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    md_size = EVP_MD_size(md5);
+    if (md_size < 0)
+        return 0;
+    for (i = 0; i < s->s2->key_material_length; i += md_size) {
+        if (((km - s->s2->key_material) + md_size) >
+            (int)sizeof(s->s2->key_material)) {
+            /*
+             * EVP_DigestFinal_ex() below would write beyond buffer
+             */
+            SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+
+        EVP_DigestInit_ex(&ctx, md5, NULL);
+
+        OPENSSL_assert(s->session->master_key_length >= 0
+                       && s->session->master_key_length
+                       <= (int)sizeof(s->session->master_key));
+        EVP_DigestUpdate(&ctx, s->session->master_key,
+                         s->session->master_key_length);
+        EVP_DigestUpdate(&ctx, &c, 1);
+        c++;
+        EVP_DigestUpdate(&ctx, s->s2->challenge, s->s2->challenge_length);
+        EVP_DigestUpdate(&ctx, s->s2->conn_id, s->s2->conn_id_length);
+        EVP_DigestFinal_ex(&ctx, km, NULL);
+        km += md_size;
+    }
+
+    EVP_MD_CTX_cleanup(&ctx);
+    return 1;
+}
+
+void ssl2_return_error(SSL *s, int err)
+{
+    if (!s->error) {
+        s->error = 3;
+        s->error_code = err;
+
+        ssl2_write_error(s);
+    }
+}
+
+void ssl2_write_error(SSL *s)
+{
+    unsigned char buf[3];
+    int i, error;
+
+    buf[0] = SSL2_MT_ERROR;
+    buf[1] = (s->error_code >> 8) & 0xff;
+    buf[2] = (s->error_code) & 0xff;
+
+/*      state=s->rwstate;*/
+
+    error = s->error;           /* number of bytes left to write */
+    s->error = 0;
+    OPENSSL_assert(error >= 0 && error <= (int)sizeof(buf));
+    i = ssl2_write(s, &(buf[3 - error]), error);
+
+/*      if (i == error) s->rwstate=state; */
+
+    if (i < 0)
+        s->error = error;
+    else {
+        s->error = error - i;
+
+        if (s->error == 0)
+            if (s->msg_callback) {
+                /* ERROR */
+                s->msg_callback(1, s->version, 0, buf, 3, s,
+                                s->msg_callback_arg);
+            }
+    }
+}
+
+int ssl2_shutdown(SSL *s)
+{
+    s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+    return (1);
+}
+#else                           /* !OPENSSL_NO_SSL2 */
+
+# if PEDANTIC
+static void *dummy = &dummy;
+# endif
+
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/ssl/s2_meth.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/s2_meth.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/ssl/s2_meth.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,81 +0,0 @@
-/* ssl/s2_meth.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_SSL2
-# include <stdio.h>
-# include <openssl/objects.h>
-
-static const SSL_METHOD *ssl2_get_method(int ver);
-static const SSL_METHOD *ssl2_get_method(int ver)
-{
-    if (ver == SSL2_VERSION)
-        return (SSLv2_method());
-    else
-        return (NULL);
-}
-
-IMPLEMENT_ssl2_meth_func(SSLv2_method,
-                         ssl2_accept, ssl2_connect, ssl2_get_method)
-#else                           /* !OPENSSL_NO_SSL2 */
-
-# if PEDANTIC
-static void *dummy = &dummy;
-# endif
-
-#endif

Copied: vendor-crypto/openssl/1.0.1u/ssl/s2_meth.c (from rev 11605, vendor-crypto/openssl/dist/ssl/s2_meth.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/ssl/s2_meth.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/ssl/s2_meth.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,91 @@
+/* ssl/s2_meth.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "ssl_locl.h"
+#ifndef OPENSSL_NO_SSL2_METHOD
+# ifndef OPENSSL_NO_SSL2
+# include <stdio.h>
+# include <openssl/objects.h>
+
+static const SSL_METHOD *ssl2_get_method(int ver);
+static const SSL_METHOD *ssl2_get_method(int ver)
+{
+    if (ver == SSL2_VERSION)
+        return (SSLv2_method());
+    else
+        return (NULL);
+}
+
+IMPLEMENT_ssl2_meth_func(SSLv2_method,
+                         ssl2_accept, ssl2_connect, ssl2_get_method)
+
+# else /* !OPENSSL_NO_SSL2 */
+
+const SSL_METHOD *SSLv2_method(void) { return NULL; }
+const SSL_METHOD *SSLv2_client_method(void) { return NULL; }
+const SSL_METHOD *SSLv2_server_method(void) { return NULL; }
+
+# endif
+
+#else /* !OPENSSL_NO_SSL2_METHOD */
+
+# if PEDANTIC
+static void *dummy = &dummy;
+# endif
+
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/ssl/s2_srvr.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/s2_srvr.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/ssl/s2_srvr.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,1155 +0,0 @@
-/* ssl/s2_srvr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_SSL2
-#include "../crypto/constant_time_locl.h"
-# include <stdio.h>
-# include <openssl/bio.h>
-# include <openssl/rand.h>
-# include <openssl/objects.h>
-# include <openssl/evp.h>
-
-static const SSL_METHOD *ssl2_get_server_method(int ver);
-static int get_client_master_key(SSL *s);
-static int get_client_hello(SSL *s);
-static int server_hello(SSL *s);
-static int get_client_finished(SSL *s);
-static int server_verify(SSL *s);
-static int server_finish(SSL *s);
-static int request_certificate(SSL *s);
-static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,
-                                   unsigned char *to, int padding);
-# define BREAK   break
-
-static const SSL_METHOD *ssl2_get_server_method(int ver)
-{
-    if (ver == SSL2_VERSION)
-        return (SSLv2_server_method());
-    else
-        return (NULL);
-}
-
-IMPLEMENT_ssl2_meth_func(SSLv2_server_method,
-                         ssl2_accept,
-                         ssl_undefined_function, ssl2_get_server_method)
-
-int ssl2_accept(SSL *s)
-{
-    unsigned long l = (unsigned long)time(NULL);
-    BUF_MEM *buf = NULL;
-    int ret = -1;
-    long num1;
-    void (*cb) (const SSL *ssl, int type, int val) = NULL;
-    int new_state, state;
-
-    RAND_add(&l, sizeof(l), 0);
-    ERR_clear_error();
-    clear_sys_error();
-
-    if (s->info_callback != NULL)
-        cb = s->info_callback;
-    else if (s->ctx->info_callback != NULL)
-        cb = s->ctx->info_callback;
-
-    /* init things to blank */
-    s->in_handshake++;
-    if (!SSL_in_init(s) || SSL_in_before(s))
-        SSL_clear(s);
-
-    if (s->cert == NULL) {
-        SSLerr(SSL_F_SSL2_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
-        return (-1);
-    }
-
-    clear_sys_error();
-    for (;;) {
-        state = s->state;
-
-        switch (s->state) {
-        case SSL_ST_BEFORE:
-        case SSL_ST_ACCEPT:
-        case SSL_ST_BEFORE | SSL_ST_ACCEPT:
-        case SSL_ST_OK | SSL_ST_ACCEPT:
-
-            s->server = 1;
-            if (cb != NULL)
-                cb(s, SSL_CB_HANDSHAKE_START, 1);
-
-            s->version = SSL2_VERSION;
-            s->type = SSL_ST_ACCEPT;
-
-            if (s->init_buf == NULL) {
-                if ((buf = BUF_MEM_new()) == NULL) {
-                    ret = -1;
-                    goto end;
-                }
-                if (!BUF_MEM_grow
-                    (buf, (int)SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) {
-                    BUF_MEM_free(buf);
-                    ret = -1;
-                    goto end;
-                }
-                s->init_buf = buf;
-            }
-            s->init_num = 0;
-            s->ctx->stats.sess_accept++;
-            s->handshake_func = ssl2_accept;
-            s->state = SSL2_ST_GET_CLIENT_HELLO_A;
-            BREAK;
-
-        case SSL2_ST_GET_CLIENT_HELLO_A:
-        case SSL2_ST_GET_CLIENT_HELLO_B:
-        case SSL2_ST_GET_CLIENT_HELLO_C:
-            s->shutdown = 0;
-            ret = get_client_hello(s);
-            if (ret <= 0)
-                goto end;
-            s->init_num = 0;
-            s->state = SSL2_ST_SEND_SERVER_HELLO_A;
-            BREAK;
-
-        case SSL2_ST_SEND_SERVER_HELLO_A:
-        case SSL2_ST_SEND_SERVER_HELLO_B:
-            ret = server_hello(s);
-            if (ret <= 0)
-                goto end;
-            s->init_num = 0;
-            if (!s->hit) {
-                s->state = SSL2_ST_GET_CLIENT_MASTER_KEY_A;
-                BREAK;
-            } else {
-                s->state = SSL2_ST_SERVER_START_ENCRYPTION;
-                BREAK;
-            }
-        case SSL2_ST_GET_CLIENT_MASTER_KEY_A:
-        case SSL2_ST_GET_CLIENT_MASTER_KEY_B:
-            ret = get_client_master_key(s);
-            if (ret <= 0)
-                goto end;
-            s->init_num = 0;
-            s->state = SSL2_ST_SERVER_START_ENCRYPTION;
-            BREAK;
-
-        case SSL2_ST_SERVER_START_ENCRYPTION:
-            /*
-             * Ok we how have sent all the stuff needed to start encrypting,
-             * the next packet back will be encrypted.
-             */
-            if (!ssl2_enc_init(s, 0)) {
-                ret = -1;
-                goto end;
-            }
-            s->s2->clear_text = 0;
-            s->state = SSL2_ST_SEND_SERVER_VERIFY_A;
-            BREAK;
-
-        case SSL2_ST_SEND_SERVER_VERIFY_A:
-        case SSL2_ST_SEND_SERVER_VERIFY_B:
-            ret = server_verify(s);
-            if (ret <= 0)
-                goto end;
-            s->init_num = 0;
-            if (s->hit) {
-                /*
-                 * If we are in here, we have been buffering the output, so
-                 * we need to flush it and remove buffering from future
-                 * traffic
-                 */
-                s->state = SSL2_ST_SEND_SERVER_VERIFY_C;
-                BREAK;
-            } else {
-                s->state = SSL2_ST_GET_CLIENT_FINISHED_A;
-                break;
-            }
-
-        case SSL2_ST_SEND_SERVER_VERIFY_C:
-            /* get the number of bytes to write */
-            num1 = BIO_ctrl(s->wbio, BIO_CTRL_INFO, 0, NULL);
-            if (num1 > 0) {
-                s->rwstate = SSL_WRITING;
-                num1 = BIO_flush(s->wbio);
-                if (num1 <= 0) {
-                    ret = -1;
-                    goto end;
-                }
-                s->rwstate = SSL_NOTHING;
-            }
-
-            /* flushed and now remove buffering */
-            s->wbio = BIO_pop(s->wbio);
-
-            s->state = SSL2_ST_GET_CLIENT_FINISHED_A;
-            BREAK;
-
-        case SSL2_ST_GET_CLIENT_FINISHED_A:
-        case SSL2_ST_GET_CLIENT_FINISHED_B:
-            ret = get_client_finished(s);
-            if (ret <= 0)
-                goto end;
-            s->init_num = 0;
-            s->state = SSL2_ST_SEND_REQUEST_CERTIFICATE_A;
-            BREAK;
-
-        case SSL2_ST_SEND_REQUEST_CERTIFICATE_A:
-        case SSL2_ST_SEND_REQUEST_CERTIFICATE_B:
-        case SSL2_ST_SEND_REQUEST_CERTIFICATE_C:
-        case SSL2_ST_SEND_REQUEST_CERTIFICATE_D:
-            /*
-             * don't do a 'request certificate' if we don't want to, or we
-             * already have one, and we only want to do it once.
-             */
-            if (!(s->verify_mode & SSL_VERIFY_PEER) ||
-                ((s->session->peer != NULL) &&
-                 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE))) {
-                s->state = SSL2_ST_SEND_SERVER_FINISHED_A;
-                break;
-            } else {
-                ret = request_certificate(s);
-                if (ret <= 0)
-                    goto end;
-                s->init_num = 0;
-                s->state = SSL2_ST_SEND_SERVER_FINISHED_A;
-            }
-            BREAK;
-
-        case SSL2_ST_SEND_SERVER_FINISHED_A:
-        case SSL2_ST_SEND_SERVER_FINISHED_B:
-            ret = server_finish(s);
-            if (ret <= 0)
-                goto end;
-            s->init_num = 0;
-            s->state = SSL_ST_OK;
-            break;
-
-        case SSL_ST_OK:
-            BUF_MEM_free(s->init_buf);
-            ssl_free_wbio_buffer(s);
-            s->init_buf = NULL;
-            s->init_num = 0;
-            /*      ERR_clear_error(); */
-
-            ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
-
-            s->ctx->stats.sess_accept_good++;
-            /* s->server=1; */
-            ret = 1;
-
-            if (cb != NULL)
-                cb(s, SSL_CB_HANDSHAKE_DONE, 1);
-
-            goto end;
-            /* BREAK; */
-
-        default:
-            SSLerr(SSL_F_SSL2_ACCEPT, SSL_R_UNKNOWN_STATE);
-            ret = -1;
-            goto end;
-            /* BREAK; */
-        }
-
-        if ((cb != NULL) && (s->state != state)) {
-            new_state = s->state;
-            s->state = state;
-            cb(s, SSL_CB_ACCEPT_LOOP, 1);
-            s->state = new_state;
-        }
-    }
- end:
-    s->in_handshake--;
-    if (cb != NULL)
-        cb(s, SSL_CB_ACCEPT_EXIT, ret);
-    return (ret);
-}
-
-static int get_client_master_key(SSL *s)
-{
-    int is_export, i, n, keya;
-    unsigned int num_encrypted_key_bytes, key_length;
-    unsigned long len;
-    unsigned char *p;
-    const SSL_CIPHER *cp;
-    const EVP_CIPHER *c;
-    const EVP_MD *md;
-    unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH];
-    unsigned char decrypt_good;
-    size_t j;
-
-    p = (unsigned char *)s->init_buf->data;
-    if (s->state == SSL2_ST_GET_CLIENT_MASTER_KEY_A) {
-        i = ssl2_read(s, (char *)&(p[s->init_num]), 10 - s->init_num);
-
-        if (i < (10 - s->init_num))
-            return (ssl2_part_read(s, SSL_F_GET_CLIENT_MASTER_KEY, i));
-        s->init_num = 10;
-
-        if (*(p++) != SSL2_MT_CLIENT_MASTER_KEY) {
-            if (p[-1] != SSL2_MT_ERROR) {
-                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-                SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
-                       SSL_R_READ_WRONG_PACKET_TYPE);
-            } else
-                SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_PEER_ERROR);
-            return (-1);
-        }
-
-        cp = ssl2_get_cipher_by_char(p);
-        if (cp == NULL) {
-            ssl2_return_error(s, SSL2_PE_NO_CIPHER);
-            SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH);
-            return (-1);
-        }
-        s->session->cipher = cp;
-
-        p += 3;
-        n2s(p, i);
-        s->s2->tmp.clear = i;
-        n2s(p, i);
-        s->s2->tmp.enc = i;
-        n2s(p, i);
-        if (i > SSL_MAX_KEY_ARG_LENGTH) {
-            ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-            SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG);
-            return -1;
-        }
-        s->session->key_arg_length = i;
-        s->state = SSL2_ST_GET_CLIENT_MASTER_KEY_B;
-    }
-
-    /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
-    p = (unsigned char *)s->init_buf->data;
-    if (s->init_buf->length < SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) {
-        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
-        return -1;
-    }
-    keya = s->session->key_arg_length;
-    len =
-        10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc +
-        (unsigned long)keya;
-    if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) {
-        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_MESSAGE_TOO_LONG);
-        return -1;
-    }
-    n = (int)len - s->init_num;
-    i = ssl2_read(s, (char *)&(p[s->init_num]), n);
-    if (i != n)
-        return (ssl2_part_read(s, SSL_F_GET_CLIENT_MASTER_KEY, i));
-    if (s->msg_callback) {
-        /* CLIENT-MASTER-KEY */
-        s->msg_callback(0, s->version, 0, p, (size_t)len, s,
-                        s->msg_callback_arg);
-    }
-    p += 10;
-
-    memcpy(s->session->key_arg, &(p[s->s2->tmp.clear + s->s2->tmp.enc]),
-           (unsigned int)keya);
-
-    if (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) {
-        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_PRIVATEKEY);
-        return (-1);
-    }
-
-    is_export = SSL_C_IS_EXPORT(s->session->cipher);
-
-    if (!ssl_cipher_get_evp(s->session, &c, &md, NULL, NULL, NULL)) {
-        ssl2_return_error(s, SSL2_PE_NO_CIPHER);
-        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
-               SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
-        return (0);
-    }
-
-    /*
-     * The format of the CLIENT-MASTER-KEY message is
-     * 1 byte message type
-     * 3 bytes cipher
-     * 2-byte clear key length (stored in s->s2->tmp.clear)
-     * 2-byte encrypted key length (stored in s->s2->tmp.enc)
-     * 2-byte key args length (IV etc)
-     * clear key
-     * encrypted key
-     * key args
-     *
-     * If the cipher is an export cipher, then the encrypted key bytes
-     * are a fixed portion of the total key (5 or 8 bytes). The size of
-     * this portion is in |num_encrypted_key_bytes|. If the cipher is not an
-     * export cipher, then the entire key material is encrypted (i.e., clear
-     * key length must be zero).
-     */
-    key_length = (unsigned int)EVP_CIPHER_key_length(c);
-    if (key_length > SSL_MAX_MASTER_KEY_LENGTH) {
-        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
-        return -1;
-    }
-
-    if (s->session->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC) {
-        is_export = 1;
-        num_encrypted_key_bytes = 8;
-    } else if (is_export) {
-        num_encrypted_key_bytes = 5;
-    } else {
-        num_encrypted_key_bytes = key_length;
-    }
-
-    if (s->s2->tmp.clear + num_encrypted_key_bytes != key_length) {
-        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH);
-        return -1;
-    }
-    /*
-     * The encrypted blob must decrypt to the encrypted portion of the key.
-     * Decryption can't be expanding, so if we don't have enough encrypted
-     * bytes to fit the key in the buffer, stop now.
-     */
-    if (s->s2->tmp.enc < num_encrypted_key_bytes) {
-        ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT);
-        return -1;
-    }
-
-    /*
-     * We must not leak whether a decryption failure occurs because of
-     * Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see RFC 2246,
-     * section 7.4.7.1). The code follows that advice of the TLS RFC and
-     * generates a random premaster secret for the case that the decrypt
-     * fails. See https://tools.ietf.org/html/rfc5246#section-7.4.7.1
-     */
-
-    /*
-     * should be RAND_bytes, but we cannot work around a failure.
-     */
-    if (RAND_pseudo_bytes(rand_premaster_secret,
-                          (int)num_encrypted_key_bytes) <= 0)
-        return 0;
-
-    i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
-                                &(p[s->s2->tmp.clear]),
-                                &(p[s->s2->tmp.clear]),
-                                (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
-                                RSA_PKCS1_PADDING);
-    ERR_clear_error();
-    /*
-     * If a bad decrypt, continue with protocol but with a random master
-     * secret (Bleichenbacher attack)
-     */
-    decrypt_good = constant_time_eq_int_8(i, (int)num_encrypted_key_bytes);
-    for (j = 0; j < num_encrypted_key_bytes; j++) {
-        p[s->s2->tmp.clear + j] =
-                constant_time_select_8(decrypt_good, p[s->s2->tmp.clear + j],
-                                       rand_premaster_secret[j]);
-    }
-
-    s->session->master_key_length = (int)key_length;
-    memcpy(s->session->master_key, p, key_length);
-    OPENSSL_cleanse(p, key_length);
-
-    return 1;
-}
-
-static int get_client_hello(SSL *s)
-{
-    int i, n;
-    unsigned long len;
-    unsigned char *p;
-    STACK_OF(SSL_CIPHER) *cs;   /* a stack of SSL_CIPHERS */
-    STACK_OF(SSL_CIPHER) *cl;   /* the ones we want to use */
-    STACK_OF(SSL_CIPHER) *prio, *allow;
-    int z;
-
-    /*
-     * This is a bit of a hack to check for the correct packet type the first
-     * time round.
-     */
-    if (s->state == SSL2_ST_GET_CLIENT_HELLO_A) {
-        s->first_packet = 1;
-        s->state = SSL2_ST_GET_CLIENT_HELLO_B;
-    }
-
-    p = (unsigned char *)s->init_buf->data;
-    if (s->state == SSL2_ST_GET_CLIENT_HELLO_B) {
-        i = ssl2_read(s, (char *)&(p[s->init_num]), 9 - s->init_num);
-        if (i < (9 - s->init_num))
-            return (ssl2_part_read(s, SSL_F_GET_CLIENT_HELLO, i));
-        s->init_num = 9;
-
-        if (*(p++) != SSL2_MT_CLIENT_HELLO) {
-            if (p[-1] != SSL2_MT_ERROR) {
-                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-                SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_READ_WRONG_PACKET_TYPE);
-            } else
-                SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_PEER_ERROR);
-            return (-1);
-        }
-        n2s(p, i);
-        if (i < s->version)
-            s->version = i;
-        n2s(p, i);
-        s->s2->tmp.cipher_spec_length = i;
-        n2s(p, i);
-        s->s2->tmp.session_id_length = i;
-        n2s(p, i);
-        s->s2->challenge_length = i;
-        if ((i < SSL2_MIN_CHALLENGE_LENGTH) ||
-            (i > SSL2_MAX_CHALLENGE_LENGTH)) {
-            ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-            SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_INVALID_CHALLENGE_LENGTH);
-            return (-1);
-        }
-        s->state = SSL2_ST_GET_CLIENT_HELLO_C;
-    }
-
-    /* SSL2_ST_GET_CLIENT_HELLO_C */
-    p = (unsigned char *)s->init_buf->data;
-    len =
-        9 + (unsigned long)s->s2->tmp.cipher_spec_length +
-        (unsigned long)s->s2->challenge_length +
-        (unsigned long)s->s2->tmp.session_id_length;
-    if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) {
-        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-        SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_MESSAGE_TOO_LONG);
-        return -1;
-    }
-    n = (int)len - s->init_num;
-    i = ssl2_read(s, (char *)&(p[s->init_num]), n);
-    if (i != n)
-        return (ssl2_part_read(s, SSL_F_GET_CLIENT_HELLO, i));
-    if (s->msg_callback) {
-        /* CLIENT-HELLO */
-        s->msg_callback(0, s->version, 0, p, (size_t)len, s,
-                        s->msg_callback_arg);
-    }
-    p += 9;
-
-    /*
-     * get session-id before cipher stuff so we can get out session structure
-     * if it is cached
-     */
-    /* session-id */
-    if ((s->s2->tmp.session_id_length != 0) &&
-        (s->s2->tmp.session_id_length != SSL2_SSL_SESSION_ID_LENGTH)) {
-        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-        SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_BAD_SSL_SESSION_ID_LENGTH);
-        return (-1);
-    }
-
-    if (s->s2->tmp.session_id_length == 0) {
-        if (!ssl_get_new_session(s, 1)) {
-            ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-            return (-1);
-        }
-    } else {
-        i = ssl_get_prev_session(s, &(p[s->s2->tmp.cipher_spec_length]),
-                                 s->s2->tmp.session_id_length, NULL);
-        if (i == 1) {           /* previous session */
-            s->hit = 1;
-        } else if (i == -1) {
-            ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-            return (-1);
-        } else {
-            if (s->cert == NULL) {
-                ssl2_return_error(s, SSL2_PE_NO_CERTIFICATE);
-                SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_NO_CERTIFICATE_SET);
-                return (-1);
-            }
-
-            if (!ssl_get_new_session(s, 1)) {
-                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-                return (-1);
-            }
-        }
-    }
-
-    if (!s->hit) {
-        cs = ssl_bytes_to_cipher_list(s, p, s->s2->tmp.cipher_spec_length,
-                                      &s->session->ciphers);
-        if (cs == NULL)
-            goto mem_err;
-
-        cl = SSL_get_ciphers(s);
-
-        if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
-            prio = sk_SSL_CIPHER_dup(cl);
-            if (prio == NULL)
-                goto mem_err;
-            allow = cs;
-        } else {
-            prio = cs;
-            allow = cl;
-        }
-        for (z = 0; z < sk_SSL_CIPHER_num(prio); z++) {
-            if (sk_SSL_CIPHER_find(allow, sk_SSL_CIPHER_value(prio, z)) < 0) {
-                (void)sk_SSL_CIPHER_delete(prio, z);
-                z--;
-            }
-        }
-        if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
-            sk_SSL_CIPHER_free(s->session->ciphers);
-            s->session->ciphers = prio;
-        }
-        /*
-         * s->session->ciphers should now have a list of ciphers that are on
-         * both the client and server. This list is ordered by the order the
-         * client sent the ciphers or in the order of the server's preference
-         * if SSL_OP_CIPHER_SERVER_PREFERENCE was set.
-         */
-    }
-    p += s->s2->tmp.cipher_spec_length;
-    /* done cipher selection */
-
-    /* session id extracted already */
-    p += s->s2->tmp.session_id_length;
-
-    /* challenge */
-    if (s->s2->challenge_length > sizeof s->s2->challenge) {
-        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-        SSLerr(SSL_F_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
-        return -1;
-    }
-    memcpy(s->s2->challenge, p, (unsigned int)s->s2->challenge_length);
-    return (1);
- mem_err:
-    SSLerr(SSL_F_GET_CLIENT_HELLO, ERR_R_MALLOC_FAILURE);
-    return (0);
-}
-
-static int server_hello(SSL *s)
-{
-    unsigned char *p, *d;
-    int n, hit;
-
-    p = (unsigned char *)s->init_buf->data;
-    if (s->state == SSL2_ST_SEND_SERVER_HELLO_A) {
-        d = p + 11;
-        *(p++) = SSL2_MT_SERVER_HELLO; /* type */
-        hit = s->hit;
-        *(p++) = (unsigned char)hit;
-# if 1
-        if (!hit) {
-            if (s->session->sess_cert != NULL)
-                /*
-                 * This can't really happen because get_client_hello has
-                 * called ssl_get_new_session, which does not set sess_cert.
-                 */
-                ssl_sess_cert_free(s->session->sess_cert);
-            s->session->sess_cert = ssl_sess_cert_new();
-            if (s->session->sess_cert == NULL) {
-                SSLerr(SSL_F_SERVER_HELLO, ERR_R_MALLOC_FAILURE);
-                return (-1);
-            }
-        }
-        /*
-         * If 'hit' is set, then s->sess_cert may be non-NULL or NULL,
-         * depending on whether it survived in the internal cache or was
-         * retrieved from an external cache. If it is NULL, we cannot put any
-         * useful data in it anyway, so we don't touch it.
-         */
-
-# else                          /* That's what used to be done when cert_st
-                                 * and sess_cert_st were * the same. */
-        if (!hit) {             /* else add cert to session */
-            CRYPTO_add(&s->cert->references, 1, CRYPTO_LOCK_SSL_CERT);
-            if (s->session->sess_cert != NULL)
-                ssl_cert_free(s->session->sess_cert);
-            s->session->sess_cert = s->cert;
-        } else {                /* We have a session id-cache hit, if the *
-                                 * session-id has no certificate listed
-                                 * against * the 'cert' structure, grab the
-                                 * 'old' one * listed against the SSL
-                                 * connection */
-            if (s->session->sess_cert == NULL) {
-                CRYPTO_add(&s->cert->references, 1, CRYPTO_LOCK_SSL_CERT);
-                s->session->sess_cert = s->cert;
-            }
-        }
-# endif
-
-        if (s->cert == NULL) {
-            ssl2_return_error(s, SSL2_PE_NO_CERTIFICATE);
-            SSLerr(SSL_F_SERVER_HELLO, SSL_R_NO_CERTIFICATE_SPECIFIED);
-            return (-1);
-        }
-
-        if (hit) {
-            *(p++) = 0;         /* no certificate type */
-            s2n(s->version, p); /* version */
-            s2n(0, p);          /* cert len */
-            s2n(0, p);          /* ciphers len */
-        } else {
-            /* EAY EAY */
-            /* put certificate type */
-            *(p++) = SSL2_CT_X509_CERTIFICATE;
-            s2n(s->version, p); /* version */
-            n = i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509, NULL);
-            s2n(n, p);          /* certificate length */
-            i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509, &d);
-            n = 0;
-
-            /*
-             * lets send out the ciphers we like in the prefered order
-             */
-            n = ssl_cipher_list_to_bytes(s, s->session->ciphers, d, 0);
-            d += n;
-            s2n(n, p);          /* add cipher length */
-        }
-
-        /* make and send conn_id */
-        s2n(SSL2_CONNECTION_ID_LENGTH, p); /* add conn_id length */
-        s->s2->conn_id_length = SSL2_CONNECTION_ID_LENGTH;
-        if (RAND_pseudo_bytes(s->s2->conn_id, (int)s->s2->conn_id_length) <=
-            0)
-            return -1;
-        memcpy(d, s->s2->conn_id, SSL2_CONNECTION_ID_LENGTH);
-        d += SSL2_CONNECTION_ID_LENGTH;
-
-        s->state = SSL2_ST_SEND_SERVER_HELLO_B;
-        s->init_num = d - (unsigned char *)s->init_buf->data;
-        s->init_off = 0;
-    }
-    /* SSL2_ST_SEND_SERVER_HELLO_B */
-    /*
-     * If we are using TCP/IP, the performance is bad if we do 2 writes
-     * without a read between them.  This occurs when Session-id reuse is
-     * used, so I will put in a buffering module
-     */
-    if (s->hit) {
-        if (!ssl_init_wbio_buffer(s, 1))
-            return (-1);
-    }
-
-    return (ssl2_do_write(s));
-}
-
-static int get_client_finished(SSL *s)
-{
-    unsigned char *p;
-    int i, n;
-    unsigned long len;
-
-    p = (unsigned char *)s->init_buf->data;
-    if (s->state == SSL2_ST_GET_CLIENT_FINISHED_A) {
-        i = ssl2_read(s, (char *)&(p[s->init_num]), 1 - s->init_num);
-        if (i < 1 - s->init_num)
-            return (ssl2_part_read(s, SSL_F_GET_CLIENT_FINISHED, i));
-        s->init_num += i;
-
-        if (*p != SSL2_MT_CLIENT_FINISHED) {
-            if (*p != SSL2_MT_ERROR) {
-                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-                SSLerr(SSL_F_GET_CLIENT_FINISHED,
-                       SSL_R_READ_WRONG_PACKET_TYPE);
-            } else {
-                SSLerr(SSL_F_GET_CLIENT_FINISHED, SSL_R_PEER_ERROR);
-                /* try to read the error message */
-                i = ssl2_read(s, (char *)&(p[s->init_num]), 3 - s->init_num);
-                return ssl2_part_read(s, SSL_F_GET_SERVER_VERIFY, i);
-            }
-            return (-1);
-        }
-        s->state = SSL2_ST_GET_CLIENT_FINISHED_B;
-    }
-
-    /* SSL2_ST_GET_CLIENT_FINISHED_B */
-    if (s->s2->conn_id_length > sizeof s->s2->conn_id) {
-        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-        SSLerr(SSL_F_GET_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR);
-        return -1;
-    }
-    len = 1 + (unsigned long)s->s2->conn_id_length;
-    n = (int)len - s->init_num;
-    i = ssl2_read(s, (char *)&(p[s->init_num]), n);
-    if (i < n) {
-        return (ssl2_part_read(s, SSL_F_GET_CLIENT_FINISHED, i));
-    }
-    if (s->msg_callback) {
-        /* CLIENT-FINISHED */
-        s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg);
-    }
-    p += 1;
-    if (memcmp(p, s->s2->conn_id, s->s2->conn_id_length) != 0) {
-        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-        SSLerr(SSL_F_GET_CLIENT_FINISHED, SSL_R_CONNECTION_ID_IS_DIFFERENT);
-        return (-1);
-    }
-    return (1);
-}
-
-static int server_verify(SSL *s)
-{
-    unsigned char *p;
-
-    if (s->state == SSL2_ST_SEND_SERVER_VERIFY_A) {
-        p = (unsigned char *)s->init_buf->data;
-        *(p++) = SSL2_MT_SERVER_VERIFY;
-        if (s->s2->challenge_length > sizeof s->s2->challenge) {
-            SSLerr(SSL_F_SERVER_VERIFY, ERR_R_INTERNAL_ERROR);
-            return -1;
-        }
-        memcpy(p, s->s2->challenge, (unsigned int)s->s2->challenge_length);
-        /* p+=s->s2->challenge_length; */
-
-        s->state = SSL2_ST_SEND_SERVER_VERIFY_B;
-        s->init_num = s->s2->challenge_length + 1;
-        s->init_off = 0;
-    }
-    return (ssl2_do_write(s));
-}
-
-static int server_finish(SSL *s)
-{
-    unsigned char *p;
-
-    if (s->state == SSL2_ST_SEND_SERVER_FINISHED_A) {
-        p = (unsigned char *)s->init_buf->data;
-        *(p++) = SSL2_MT_SERVER_FINISHED;
-
-        if (s->session->session_id_length > sizeof s->session->session_id) {
-            SSLerr(SSL_F_SERVER_FINISH, ERR_R_INTERNAL_ERROR);
-            return -1;
-        }
-        memcpy(p, s->session->session_id,
-               (unsigned int)s->session->session_id_length);
-        /* p+=s->session->session_id_length; */
-
-        s->state = SSL2_ST_SEND_SERVER_FINISHED_B;
-        s->init_num = s->session->session_id_length + 1;
-        s->init_off = 0;
-    }
-
-    /* SSL2_ST_SEND_SERVER_FINISHED_B */
-    return (ssl2_do_write(s));
-}
-
-/* send the request and check the response */
-static int request_certificate(SSL *s)
-{
-    const unsigned char *cp;
-    unsigned char *p, *p2, *buf2;
-    unsigned char *ccd;
-    int i, j, ctype, ret = -1;
-    unsigned long len;
-    X509 *x509 = NULL;
-    STACK_OF(X509) *sk = NULL;
-
-    ccd = s->s2->tmp.ccl;
-    if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_A) {
-        p = (unsigned char *)s->init_buf->data;
-        *(p++) = SSL2_MT_REQUEST_CERTIFICATE;
-        *(p++) = SSL2_AT_MD5_WITH_RSA_ENCRYPTION;
-        if (RAND_pseudo_bytes(ccd, SSL2_MIN_CERT_CHALLENGE_LENGTH) <= 0)
-            return -1;
-        memcpy(p, ccd, SSL2_MIN_CERT_CHALLENGE_LENGTH);
-
-        s->state = SSL2_ST_SEND_REQUEST_CERTIFICATE_B;
-        s->init_num = SSL2_MIN_CERT_CHALLENGE_LENGTH + 2;
-        s->init_off = 0;
-    }
-
-    if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_B) {
-        i = ssl2_do_write(s);
-        if (i <= 0) {
-            ret = i;
-            goto end;
-        }
-
-        s->init_num = 0;
-        s->state = SSL2_ST_SEND_REQUEST_CERTIFICATE_C;
-    }
-
-    if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_C) {
-        p = (unsigned char *)s->init_buf->data;
-        /* try to read 6 octets ... */
-        i = ssl2_read(s, (char *)&(p[s->init_num]), 6 - s->init_num);
-        /*
-         * ... but don't call ssl2_part_read now if we got at least 3
-         * (probably NO-CERTIFICATE-ERROR)
-         */
-        if (i < 3 - s->init_num) {
-            ret = ssl2_part_read(s, SSL_F_REQUEST_CERTIFICATE, i);
-            goto end;
-        }
-        s->init_num += i;
-
-        if ((s->init_num >= 3) && (p[0] == SSL2_MT_ERROR)) {
-            n2s(p, i);
-            if (i != SSL2_PE_NO_CERTIFICATE) {
-                /*
-                 * not the error message we expected -- let ssl2_part_read
-                 * handle it
-                 */
-                s->init_num -= 3;
-                ret = ssl2_part_read(s, SSL_F_REQUEST_CERTIFICATE, 3);
-                goto end;
-            }
-
-            if (s->msg_callback) {
-                /* ERROR */
-                s->msg_callback(0, s->version, 0, p, 3, s,
-                                s->msg_callback_arg);
-            }
-
-            /*
-             * this is the one place where we can recover from an SSL 2.0
-             * error
-             */
-
-            if (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
-                ssl2_return_error(s, SSL2_PE_BAD_CERTIFICATE);
-                SSLerr(SSL_F_REQUEST_CERTIFICATE,
-                       SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
-                goto end;
-            }
-            ret = 1;
-            goto end;
-        }
-        if ((*(p++) != SSL2_MT_CLIENT_CERTIFICATE) || (s->init_num < 6)) {
-            ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-            SSLerr(SSL_F_REQUEST_CERTIFICATE, SSL_R_SHORT_READ);
-            goto end;
-        }
-        if (s->init_num != 6) {
-            SSLerr(SSL_F_REQUEST_CERTIFICATE, ERR_R_INTERNAL_ERROR);
-            goto end;
-        }
-
-        /* ok we have a response */
-        /* certificate type, there is only one right now. */
-        ctype = *(p++);
-        if (ctype != SSL2_AT_MD5_WITH_RSA_ENCRYPTION) {
-            ssl2_return_error(s, SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE);
-            SSLerr(SSL_F_REQUEST_CERTIFICATE, SSL_R_BAD_RESPONSE_ARGUMENT);
-            goto end;
-        }
-        n2s(p, i);
-        s->s2->tmp.clen = i;
-        n2s(p, i);
-        s->s2->tmp.rlen = i;
-        s->state = SSL2_ST_SEND_REQUEST_CERTIFICATE_D;
-    }
-
-    /* SSL2_ST_SEND_REQUEST_CERTIFICATE_D */
-    p = (unsigned char *)s->init_buf->data;
-    len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen;
-    if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) {
-        SSLerr(SSL_F_REQUEST_CERTIFICATE, SSL_R_MESSAGE_TOO_LONG);
-        goto end;
-    }
-    j = (int)len - s->init_num;
-    i = ssl2_read(s, (char *)&(p[s->init_num]), j);
-    if (i < j) {
-        ret = ssl2_part_read(s, SSL_F_REQUEST_CERTIFICATE, i);
-        goto end;
-    }
-    if (s->msg_callback) {
-        /* CLIENT-CERTIFICATE */
-        s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg);
-    }
-    p += 6;
-
-    cp = p;
-    x509 = (X509 *)d2i_X509(NULL, &cp, (long)s->s2->tmp.clen);
-    if (x509 == NULL) {
-        SSLerr(SSL_F_REQUEST_CERTIFICATE, ERR_R_X509_LIB);
-        goto msg_end;
-    }
-
-    if (((sk = sk_X509_new_null()) == NULL) || (!sk_X509_push(sk, x509))) {
-        SSLerr(SSL_F_REQUEST_CERTIFICATE, ERR_R_MALLOC_FAILURE);
-        goto msg_end;
-    }
-
-    i = ssl_verify_cert_chain(s, sk);
-
-    if (i > 0) {                /* we like the packet, now check the chksum */
-        EVP_MD_CTX ctx;
-        EVP_PKEY *pkey = NULL;
-
-        EVP_MD_CTX_init(&ctx);
-        if (!EVP_VerifyInit_ex(&ctx, s->ctx->rsa_md5, NULL)
-            || !EVP_VerifyUpdate(&ctx, s->s2->key_material,
-                                 s->s2->key_material_length)
-            || !EVP_VerifyUpdate(&ctx, ccd, SSL2_MIN_CERT_CHALLENGE_LENGTH))
-            goto msg_end;
-
-        i = i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509, NULL);
-        buf2 = OPENSSL_malloc((unsigned int)i);
-        if (buf2 == NULL) {
-            SSLerr(SSL_F_REQUEST_CERTIFICATE, ERR_R_MALLOC_FAILURE);
-            goto msg_end;
-        }
-        p2 = buf2;
-        i = i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509, &p2);
-        if (!EVP_VerifyUpdate(&ctx, buf2, (unsigned int)i)) {
-            OPENSSL_free(buf2);
-            goto msg_end;
-        }
-        OPENSSL_free(buf2);
-
-        pkey = X509_get_pubkey(x509);
-        if (pkey == NULL)
-            goto end;
-        i = EVP_VerifyFinal(&ctx, cp, s->s2->tmp.rlen, pkey);
-        EVP_PKEY_free(pkey);
-        EVP_MD_CTX_cleanup(&ctx);
-
-        if (i > 0) {
-            if (s->session->peer != NULL)
-                X509_free(s->session->peer);
-            s->session->peer = x509;
-            CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509);
-            s->session->verify_result = s->verify_result;
-            ret = 1;
-            goto end;
-        } else {
-            SSLerr(SSL_F_REQUEST_CERTIFICATE, SSL_R_BAD_CHECKSUM);
-            goto msg_end;
-        }
-    } else {
- msg_end:
-        ssl2_return_error(s, SSL2_PE_BAD_CERTIFICATE);
-    }
- end:
-    sk_X509_free(sk);
-    X509_free(x509);
-    return (ret);
-}
-
-static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,
-                                   unsigned char *to, int padding)
-{
-    RSA *rsa;
-    int i;
-
-    if ((c == NULL) || (c->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL)) {
-        SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT, SSL_R_NO_PRIVATEKEY);
-        return (-1);
-    }
-    if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey->type != EVP_PKEY_RSA) {
-        SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT, SSL_R_PUBLIC_KEY_IS_NOT_RSA);
-        return (-1);
-    }
-    rsa = c->pkeys[SSL_PKEY_RSA_ENC].privatekey->pkey.rsa;
-
-    /* we have the public key */
-    i = RSA_private_decrypt(len, from, to, rsa, padding);
-    if (i < 0)
-        SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT, ERR_R_RSA_LIB);
-    return (i);
-}
-#else                           /* !OPENSSL_NO_SSL2 */
-
-# if PEDANTIC
-static void *dummy = &dummy;
-# endif
-
-#endif

Copied: vendor-crypto/openssl/1.0.1u/ssl/s2_srvr.c (from rev 11605, vendor-crypto/openssl/dist/ssl/s2_srvr.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/ssl/s2_srvr.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/ssl/s2_srvr.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,1167 @@
+/* ssl/s2_srvr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "ssl_locl.h"
+#ifndef OPENSSL_NO_SSL2
+#include "../crypto/constant_time_locl.h"
+# include <stdio.h>
+# include <openssl/bio.h>
+# include <openssl/rand.h>
+# include <openssl/objects.h>
+# include <openssl/evp.h>
+
+static const SSL_METHOD *ssl2_get_server_method(int ver);
+static int get_client_master_key(SSL *s);
+static int get_client_hello(SSL *s);
+static int server_hello(SSL *s);
+static int get_client_finished(SSL *s);
+static int server_verify(SSL *s);
+static int server_finish(SSL *s);
+static int request_certificate(SSL *s);
+static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,
+                                   unsigned char *to, int padding);
+# define BREAK   break
+
+static const SSL_METHOD *ssl2_get_server_method(int ver)
+{
+    if (ver == SSL2_VERSION)
+        return (SSLv2_server_method());
+    else
+        return (NULL);
+}
+
+IMPLEMENT_ssl2_meth_func(SSLv2_server_method,
+                         ssl2_accept,
+                         ssl_undefined_function, ssl2_get_server_method)
+
+int ssl2_accept(SSL *s)
+{
+    unsigned long l = (unsigned long)time(NULL);
+    BUF_MEM *buf = NULL;
+    int ret = -1;
+    long num1;
+    void (*cb) (const SSL *ssl, int type, int val) = NULL;
+    int new_state, state;
+
+    RAND_add(&l, sizeof(l), 0);
+    ERR_clear_error();
+    clear_sys_error();
+
+    if (s->info_callback != NULL)
+        cb = s->info_callback;
+    else if (s->ctx->info_callback != NULL)
+        cb = s->ctx->info_callback;
+
+    /* init things to blank */
+    s->in_handshake++;
+    if (!SSL_in_init(s) || SSL_in_before(s))
+        SSL_clear(s);
+
+    if (s->cert == NULL) {
+        SSLerr(SSL_F_SSL2_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
+        return (-1);
+    }
+
+    clear_sys_error();
+    for (;;) {
+        state = s->state;
+
+        switch (s->state) {
+        case SSL_ST_BEFORE:
+        case SSL_ST_ACCEPT:
+        case SSL_ST_BEFORE | SSL_ST_ACCEPT:
+        case SSL_ST_OK | SSL_ST_ACCEPT:
+
+            s->server = 1;
+            if (cb != NULL)
+                cb(s, SSL_CB_HANDSHAKE_START, 1);
+
+            s->version = SSL2_VERSION;
+            s->type = SSL_ST_ACCEPT;
+
+            if (s->init_buf == NULL) {
+                if ((buf = BUF_MEM_new()) == NULL) {
+                    ret = -1;
+                    goto end;
+                }
+                if (!BUF_MEM_grow
+                    (buf, (int)SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) {
+                    BUF_MEM_free(buf);
+                    ret = -1;
+                    goto end;
+                }
+                s->init_buf = buf;
+            }
+            s->init_num = 0;
+            s->ctx->stats.sess_accept++;
+            s->handshake_func = ssl2_accept;
+            s->state = SSL2_ST_GET_CLIENT_HELLO_A;
+            BREAK;
+
+        case SSL2_ST_GET_CLIENT_HELLO_A:
+        case SSL2_ST_GET_CLIENT_HELLO_B:
+        case SSL2_ST_GET_CLIENT_HELLO_C:
+            s->shutdown = 0;
+            ret = get_client_hello(s);
+            if (ret <= 0)
+                goto end;
+            s->init_num = 0;
+            s->state = SSL2_ST_SEND_SERVER_HELLO_A;
+            BREAK;
+
+        case SSL2_ST_SEND_SERVER_HELLO_A:
+        case SSL2_ST_SEND_SERVER_HELLO_B:
+            ret = server_hello(s);
+            if (ret <= 0)
+                goto end;
+            s->init_num = 0;
+            if (!s->hit) {
+                s->state = SSL2_ST_GET_CLIENT_MASTER_KEY_A;
+                BREAK;
+            } else {
+                s->state = SSL2_ST_SERVER_START_ENCRYPTION;
+                BREAK;
+            }
+        case SSL2_ST_GET_CLIENT_MASTER_KEY_A:
+        case SSL2_ST_GET_CLIENT_MASTER_KEY_B:
+            ret = get_client_master_key(s);
+            if (ret <= 0)
+                goto end;
+            s->init_num = 0;
+            s->state = SSL2_ST_SERVER_START_ENCRYPTION;
+            BREAK;
+
+        case SSL2_ST_SERVER_START_ENCRYPTION:
+            /*
+             * Ok we how have sent all the stuff needed to start encrypting,
+             * the next packet back will be encrypted.
+             */
+            if (!ssl2_enc_init(s, 0)) {
+                ret = -1;
+                goto end;
+            }
+            s->s2->clear_text = 0;
+            s->state = SSL2_ST_SEND_SERVER_VERIFY_A;
+            BREAK;
+
+        case SSL2_ST_SEND_SERVER_VERIFY_A:
+        case SSL2_ST_SEND_SERVER_VERIFY_B:
+            ret = server_verify(s);
+            if (ret <= 0)
+                goto end;
+            s->init_num = 0;
+            if (s->hit) {
+                /*
+                 * If we are in here, we have been buffering the output, so
+                 * we need to flush it and remove buffering from future
+                 * traffic
+                 */
+                s->state = SSL2_ST_SEND_SERVER_VERIFY_C;
+                BREAK;
+            } else {
+                s->state = SSL2_ST_GET_CLIENT_FINISHED_A;
+                break;
+            }
+
+        case SSL2_ST_SEND_SERVER_VERIFY_C:
+            /* get the number of bytes to write */
+            num1 = BIO_ctrl(s->wbio, BIO_CTRL_INFO, 0, NULL);
+            if (num1 > 0) {
+                s->rwstate = SSL_WRITING;
+                num1 = BIO_flush(s->wbio);
+                if (num1 <= 0) {
+                    ret = -1;
+                    goto end;
+                }
+                s->rwstate = SSL_NOTHING;
+            }
+
+            /* flushed and now remove buffering */
+            s->wbio = BIO_pop(s->wbio);
+
+            s->state = SSL2_ST_GET_CLIENT_FINISHED_A;
+            BREAK;
+
+        case SSL2_ST_GET_CLIENT_FINISHED_A:
+        case SSL2_ST_GET_CLIENT_FINISHED_B:
+            ret = get_client_finished(s);
+            if (ret <= 0)
+                goto end;
+            s->init_num = 0;
+            s->state = SSL2_ST_SEND_REQUEST_CERTIFICATE_A;
+            BREAK;
+
+        case SSL2_ST_SEND_REQUEST_CERTIFICATE_A:
+        case SSL2_ST_SEND_REQUEST_CERTIFICATE_B:
+        case SSL2_ST_SEND_REQUEST_CERTIFICATE_C:
+        case SSL2_ST_SEND_REQUEST_CERTIFICATE_D:
+            /*
+             * don't do a 'request certificate' if we don't want to, or we
+             * already have one, and we only want to do it once.
+             */
+            if (!(s->verify_mode & SSL_VERIFY_PEER) ||
+                ((s->session->peer != NULL) &&
+                 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE))) {
+                s->state = SSL2_ST_SEND_SERVER_FINISHED_A;
+                break;
+            } else {
+                ret = request_certificate(s);
+                if (ret <= 0)
+                    goto end;
+                s->init_num = 0;
+                s->state = SSL2_ST_SEND_SERVER_FINISHED_A;
+            }
+            BREAK;
+
+        case SSL2_ST_SEND_SERVER_FINISHED_A:
+        case SSL2_ST_SEND_SERVER_FINISHED_B:
+            ret = server_finish(s);
+            if (ret <= 0)
+                goto end;
+            s->init_num = 0;
+            s->state = SSL_ST_OK;
+            break;
+
+        case SSL_ST_OK:
+            BUF_MEM_free(s->init_buf);
+            ssl_free_wbio_buffer(s);
+            s->init_buf = NULL;
+            s->init_num = 0;
+            /*      ERR_clear_error(); */
+
+            ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
+
+            s->ctx->stats.sess_accept_good++;
+            /* s->server=1; */
+            ret = 1;
+
+            if (cb != NULL)
+                cb(s, SSL_CB_HANDSHAKE_DONE, 1);
+
+            goto end;
+            /* BREAK; */
+
+        default:
+            SSLerr(SSL_F_SSL2_ACCEPT, SSL_R_UNKNOWN_STATE);
+            ret = -1;
+            goto end;
+            /* BREAK; */
+        }
+
+        if ((cb != NULL) && (s->state != state)) {
+            new_state = s->state;
+            s->state = state;
+            cb(s, SSL_CB_ACCEPT_LOOP, 1);
+            s->state = new_state;
+        }
+    }
+ end:
+    s->in_handshake--;
+    if (cb != NULL)
+        cb(s, SSL_CB_ACCEPT_EXIT, ret);
+    return (ret);
+}
+
+static int get_client_master_key(SSL *s)
+{
+    int is_export, i, n, keya;
+    unsigned int num_encrypted_key_bytes, key_length;
+    unsigned long len;
+    unsigned char *p;
+    const SSL_CIPHER *cp;
+    const EVP_CIPHER *c;
+    const EVP_MD *md;
+    unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH];
+    unsigned char decrypt_good;
+    size_t j;
+
+    p = (unsigned char *)s->init_buf->data;
+    if (s->state == SSL2_ST_GET_CLIENT_MASTER_KEY_A) {
+        i = ssl2_read(s, (char *)&(p[s->init_num]), 10 - s->init_num);
+
+        if (i < (10 - s->init_num))
+            return (ssl2_part_read(s, SSL_F_GET_CLIENT_MASTER_KEY, i));
+        s->init_num = 10;
+
+        if (*(p++) != SSL2_MT_CLIENT_MASTER_KEY) {
+            if (p[-1] != SSL2_MT_ERROR) {
+                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+                SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
+                       SSL_R_READ_WRONG_PACKET_TYPE);
+            } else
+                SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_PEER_ERROR);
+            return (-1);
+        }
+
+        cp = ssl2_get_cipher_by_char(p);
+        if (cp == NULL || sk_SSL_CIPHER_find(s->session->ciphers, cp) < 0) {
+            ssl2_return_error(s, SSL2_PE_NO_CIPHER);
+            SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH);
+            return (-1);
+        }
+        s->session->cipher = cp;
+
+        p += 3;
+        n2s(p, i);
+        s->s2->tmp.clear = i;
+        n2s(p, i);
+        s->s2->tmp.enc = i;
+        n2s(p, i);
+        if (i > SSL_MAX_KEY_ARG_LENGTH) {
+            ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+            SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG);
+            return -1;
+        }
+        s->session->key_arg_length = i;
+        s->state = SSL2_ST_GET_CLIENT_MASTER_KEY_B;
+    }
+
+    /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
+    p = (unsigned char *)s->init_buf->data;
+    if (s->init_buf->length < SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) {
+        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+    keya = s->session->key_arg_length;
+    len =
+        10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc +
+        (unsigned long)keya;
+    if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) {
+        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_MESSAGE_TOO_LONG);
+        return -1;
+    }
+    n = (int)len - s->init_num;
+    i = ssl2_read(s, (char *)&(p[s->init_num]), n);
+    if (i != n)
+        return (ssl2_part_read(s, SSL_F_GET_CLIENT_MASTER_KEY, i));
+    if (s->msg_callback) {
+        /* CLIENT-MASTER-KEY */
+        s->msg_callback(0, s->version, 0, p, (size_t)len, s,
+                        s->msg_callback_arg);
+    }
+    p += 10;
+
+    memcpy(s->session->key_arg, &(p[s->s2->tmp.clear + s->s2->tmp.enc]),
+           (unsigned int)keya);
+
+    if (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) {
+        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_PRIVATEKEY);
+        return (-1);
+    }
+
+    is_export = SSL_C_IS_EXPORT(s->session->cipher);
+
+    if (!ssl_cipher_get_evp(s->session, &c, &md, NULL, NULL, NULL)) {
+        ssl2_return_error(s, SSL2_PE_NO_CIPHER);
+        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
+               SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
+        return (0);
+    }
+
+    /*
+     * The format of the CLIENT-MASTER-KEY message is
+     * 1 byte message type
+     * 3 bytes cipher
+     * 2-byte clear key length (stored in s->s2->tmp.clear)
+     * 2-byte encrypted key length (stored in s->s2->tmp.enc)
+     * 2-byte key args length (IV etc)
+     * clear key
+     * encrypted key
+     * key args
+     *
+     * If the cipher is an export cipher, then the encrypted key bytes
+     * are a fixed portion of the total key (5 or 8 bytes). The size of
+     * this portion is in |num_encrypted_key_bytes|. If the cipher is not an
+     * export cipher, then the entire key material is encrypted (i.e., clear
+     * key length must be zero).
+     */
+    key_length = (unsigned int)EVP_CIPHER_key_length(c);
+    if (key_length > SSL_MAX_MASTER_KEY_LENGTH) {
+        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+
+    if (s->session->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC) {
+        is_export = 1;
+        num_encrypted_key_bytes = 8;
+    } else if (is_export) {
+        num_encrypted_key_bytes = 5;
+    } else {
+        num_encrypted_key_bytes = key_length;
+    }
+
+    if (s->s2->tmp.clear + num_encrypted_key_bytes != key_length) {
+        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH);
+        return -1;
+    }
+    /*
+     * The encrypted blob must decrypt to the encrypted portion of the key.
+     * Decryption can't be expanding, so if we don't have enough encrypted
+     * bytes to fit the key in the buffer, stop now.
+     */
+    if (s->s2->tmp.enc < num_encrypted_key_bytes) {
+        ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT);
+        return -1;
+    }
+
+    /*
+     * We must not leak whether a decryption failure occurs because of
+     * Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see RFC 2246,
+     * section 7.4.7.1). The code follows that advice of the TLS RFC and
+     * generates a random premaster secret for the case that the decrypt
+     * fails. See https://tools.ietf.org/html/rfc5246#section-7.4.7.1
+     */
+
+    if (RAND_bytes(rand_premaster_secret,
+                  (int)num_encrypted_key_bytes) <= 0)
+        return 0;
+
+    i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
+                                &(p[s->s2->tmp.clear]),
+                                &(p[s->s2->tmp.clear]),
+                                (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
+                                RSA_PKCS1_PADDING);
+    ERR_clear_error();
+    /*
+     * If a bad decrypt, continue with protocol but with a random master
+     * secret (Bleichenbacher attack)
+     */
+    decrypt_good = constant_time_eq_int_8(i, (int)num_encrypted_key_bytes);
+    for (j = 0; j < num_encrypted_key_bytes; j++) {
+        p[s->s2->tmp.clear + j] =
+                constant_time_select_8(decrypt_good, p[s->s2->tmp.clear + j],
+                                       rand_premaster_secret[j]);
+    }
+
+    s->session->master_key_length = (int)key_length;
+    memcpy(s->session->master_key, p, key_length);
+    OPENSSL_cleanse(p, key_length);
+
+    return 1;
+}
+
+static int get_client_hello(SSL *s)
+{
+    int i, n;
+    unsigned long len;
+    unsigned char *p;
+    STACK_OF(SSL_CIPHER) *cs;   /* a stack of SSL_CIPHERS */
+    STACK_OF(SSL_CIPHER) *cl;   /* the ones we want to use */
+    STACK_OF(SSL_CIPHER) *prio, *allow;
+    int z;
+
+    /*
+     * This is a bit of a hack to check for the correct packet type the first
+     * time round.
+     */
+    if (s->state == SSL2_ST_GET_CLIENT_HELLO_A) {
+        s->first_packet = 1;
+        s->state = SSL2_ST_GET_CLIENT_HELLO_B;
+    }
+
+    p = (unsigned char *)s->init_buf->data;
+    if (s->state == SSL2_ST_GET_CLIENT_HELLO_B) {
+        i = ssl2_read(s, (char *)&(p[s->init_num]), 9 - s->init_num);
+        if (i < (9 - s->init_num))
+            return (ssl2_part_read(s, SSL_F_GET_CLIENT_HELLO, i));
+        s->init_num = 9;
+
+        if (*(p++) != SSL2_MT_CLIENT_HELLO) {
+            if (p[-1] != SSL2_MT_ERROR) {
+                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+                SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_READ_WRONG_PACKET_TYPE);
+            } else
+                SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_PEER_ERROR);
+            return (-1);
+        }
+        n2s(p, i);
+        if (i < s->version)
+            s->version = i;
+        n2s(p, i);
+        s->s2->tmp.cipher_spec_length = i;
+        n2s(p, i);
+        s->s2->tmp.session_id_length = i;
+        if ((i < 0) || (i > SSL_MAX_SSL_SESSION_ID_LENGTH)) {
+            ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+            SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
+            return -1;
+        }
+        n2s(p, i);
+        s->s2->challenge_length = i;
+        if ((i < SSL2_MIN_CHALLENGE_LENGTH) ||
+            (i > SSL2_MAX_CHALLENGE_LENGTH)) {
+            ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+            SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_INVALID_CHALLENGE_LENGTH);
+            return (-1);
+        }
+        s->state = SSL2_ST_GET_CLIENT_HELLO_C;
+    }
+
+    /* SSL2_ST_GET_CLIENT_HELLO_C */
+    p = (unsigned char *)s->init_buf->data;
+    len =
+        9 + (unsigned long)s->s2->tmp.cipher_spec_length +
+        (unsigned long)s->s2->challenge_length +
+        (unsigned long)s->s2->tmp.session_id_length;
+    if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) {
+        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+        SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_MESSAGE_TOO_LONG);
+        return -1;
+    }
+    n = (int)len - s->init_num;
+    i = ssl2_read(s, (char *)&(p[s->init_num]), n);
+    if (i != n)
+        return (ssl2_part_read(s, SSL_F_GET_CLIENT_HELLO, i));
+    if (s->msg_callback) {
+        /* CLIENT-HELLO */
+        s->msg_callback(0, s->version, 0, p, (size_t)len, s,
+                        s->msg_callback_arg);
+    }
+    p += 9;
+
+    /*
+     * get session-id before cipher stuff so we can get out session structure
+     * if it is cached
+     */
+    /* session-id */
+    if ((s->s2->tmp.session_id_length != 0) &&
+        (s->s2->tmp.session_id_length != SSL2_SSL_SESSION_ID_LENGTH)) {
+        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+        SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_BAD_SSL_SESSION_ID_LENGTH);
+        return (-1);
+    }
+
+    if (s->s2->tmp.session_id_length == 0) {
+        if (!ssl_get_new_session(s, 1)) {
+            ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+            return (-1);
+        }
+    } else {
+        i = ssl_get_prev_session(s, &(p[s->s2->tmp.cipher_spec_length]),
+                                 s->s2->tmp.session_id_length, NULL);
+        if (i == 1) {           /* previous session */
+            s->hit = 1;
+        } else if (i == -1) {
+            ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+            return (-1);
+        } else {
+            if (s->cert == NULL) {
+                ssl2_return_error(s, SSL2_PE_NO_CERTIFICATE);
+                SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_NO_CERTIFICATE_SET);
+                return (-1);
+            }
+
+            if (!ssl_get_new_session(s, 1)) {
+                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+                return (-1);
+            }
+        }
+    }
+
+    if (!s->hit) {
+        cs = ssl_bytes_to_cipher_list(s, p, s->s2->tmp.cipher_spec_length,
+                                      &s->session->ciphers);
+        if (cs == NULL)
+            goto mem_err;
+
+        cl = SSL_get_ciphers(s);
+
+        if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
+            prio = sk_SSL_CIPHER_dup(cl);
+            if (prio == NULL)
+                goto mem_err;
+            allow = cs;
+        } else {
+            prio = cs;
+            allow = cl;
+        }
+
+        /* Generate list of SSLv2 ciphers shared between client and server */
+        for (z = 0; z < sk_SSL_CIPHER_num(prio); z++) {
+            const SSL_CIPHER *cp = sk_SSL_CIPHER_value(prio, z);
+            if ((cp->algorithm_ssl & SSL_SSLV2) == 0 ||
+                sk_SSL_CIPHER_find(allow, cp) < 0) {
+                (void)sk_SSL_CIPHER_delete(prio, z);
+                z--;
+            }
+        }
+        if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
+            sk_SSL_CIPHER_free(s->session->ciphers);
+            s->session->ciphers = prio;
+        }
+
+        /* Make sure we have at least one cipher in common */
+        if (sk_SSL_CIPHER_num(s->session->ciphers) == 0) {
+            ssl2_return_error(s, SSL2_PE_NO_CIPHER);
+            SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_NO_CIPHER_MATCH);
+            return -1;
+        }
+        /*
+         * s->session->ciphers should now have a list of ciphers that are on
+         * both the client and server. This list is ordered by the order the
+         * client sent the ciphers or in the order of the server's preference
+         * if SSL_OP_CIPHER_SERVER_PREFERENCE was set.
+         */
+    }
+    p += s->s2->tmp.cipher_spec_length;
+    /* done cipher selection */
+
+    /* session id extracted already */
+    p += s->s2->tmp.session_id_length;
+
+    /* challenge */
+    if (s->s2->challenge_length > sizeof s->s2->challenge) {
+        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+        SSLerr(SSL_F_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+    memcpy(s->s2->challenge, p, (unsigned int)s->s2->challenge_length);
+    return (1);
+ mem_err:
+    SSLerr(SSL_F_GET_CLIENT_HELLO, ERR_R_MALLOC_FAILURE);
+    return (0);
+}
+
+static int server_hello(SSL *s)
+{
+    unsigned char *p, *d;
+    int n, hit;
+
+    p = (unsigned char *)s->init_buf->data;
+    if (s->state == SSL2_ST_SEND_SERVER_HELLO_A) {
+        d = p + 11;
+        *(p++) = SSL2_MT_SERVER_HELLO; /* type */
+        hit = s->hit;
+        *(p++) = (unsigned char)hit;
+# if 1
+        if (!hit) {
+            if (s->session->sess_cert != NULL)
+                /*
+                 * This can't really happen because get_client_hello has
+                 * called ssl_get_new_session, which does not set sess_cert.
+                 */
+                ssl_sess_cert_free(s->session->sess_cert);
+            s->session->sess_cert = ssl_sess_cert_new();
+            if (s->session->sess_cert == NULL) {
+                SSLerr(SSL_F_SERVER_HELLO, ERR_R_MALLOC_FAILURE);
+                return (-1);
+            }
+        }
+        /*
+         * If 'hit' is set, then s->sess_cert may be non-NULL or NULL,
+         * depending on whether it survived in the internal cache or was
+         * retrieved from an external cache. If it is NULL, we cannot put any
+         * useful data in it anyway, so we don't touch it.
+         */
+
+# else                          /* That's what used to be done when cert_st
+                                 * and sess_cert_st were * the same. */
+        if (!hit) {             /* else add cert to session */
+            CRYPTO_add(&s->cert->references, 1, CRYPTO_LOCK_SSL_CERT);
+            if (s->session->sess_cert != NULL)
+                ssl_cert_free(s->session->sess_cert);
+            s->session->sess_cert = s->cert;
+        } else {                /* We have a session id-cache hit, if the *
+                                 * session-id has no certificate listed
+                                 * against * the 'cert' structure, grab the
+                                 * 'old' one * listed against the SSL
+                                 * connection */
+            if (s->session->sess_cert == NULL) {
+                CRYPTO_add(&s->cert->references, 1, CRYPTO_LOCK_SSL_CERT);
+                s->session->sess_cert = s->cert;
+            }
+        }
+# endif
+
+        if (s->cert == NULL) {
+            ssl2_return_error(s, SSL2_PE_NO_CERTIFICATE);
+            SSLerr(SSL_F_SERVER_HELLO, SSL_R_NO_CERTIFICATE_SPECIFIED);
+            return (-1);
+        }
+
+        if (hit) {
+            *(p++) = 0;         /* no certificate type */
+            s2n(s->version, p); /* version */
+            s2n(0, p);          /* cert len */
+            s2n(0, p);          /* ciphers len */
+        } else {
+            /* EAY EAY */
+            /* put certificate type */
+            *(p++) = SSL2_CT_X509_CERTIFICATE;
+            s2n(s->version, p); /* version */
+            n = i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509, NULL);
+            s2n(n, p);          /* certificate length */
+            i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509, &d);
+            n = 0;
+
+            /*
+             * lets send out the ciphers we like in the prefered order
+             */
+            n = ssl_cipher_list_to_bytes(s, s->session->ciphers, d, 0);
+            d += n;
+            s2n(n, p);          /* add cipher length */
+        }
+
+        /* make and send conn_id */
+        s2n(SSL2_CONNECTION_ID_LENGTH, p); /* add conn_id length */
+        s->s2->conn_id_length = SSL2_CONNECTION_ID_LENGTH;
+        if (RAND_bytes(s->s2->conn_id, (int)s->s2->conn_id_length) <= 0)
+            return -1;
+        memcpy(d, s->s2->conn_id, SSL2_CONNECTION_ID_LENGTH);
+        d += SSL2_CONNECTION_ID_LENGTH;
+
+        s->state = SSL2_ST_SEND_SERVER_HELLO_B;
+        s->init_num = d - (unsigned char *)s->init_buf->data;
+        s->init_off = 0;
+    }
+    /* SSL2_ST_SEND_SERVER_HELLO_B */
+    /*
+     * If we are using TCP/IP, the performance is bad if we do 2 writes
+     * without a read between them.  This occurs when Session-id reuse is
+     * used, so I will put in a buffering module
+     */
+    if (s->hit) {
+        if (!ssl_init_wbio_buffer(s, 1))
+            return (-1);
+    }
+
+    return (ssl2_do_write(s));
+}
+
+static int get_client_finished(SSL *s)
+{
+    unsigned char *p;
+    int i, n;
+    unsigned long len;
+
+    p = (unsigned char *)s->init_buf->data;
+    if (s->state == SSL2_ST_GET_CLIENT_FINISHED_A) {
+        i = ssl2_read(s, (char *)&(p[s->init_num]), 1 - s->init_num);
+        if (i < 1 - s->init_num)
+            return (ssl2_part_read(s, SSL_F_GET_CLIENT_FINISHED, i));
+        s->init_num += i;
+
+        if (*p != SSL2_MT_CLIENT_FINISHED) {
+            if (*p != SSL2_MT_ERROR) {
+                ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+                SSLerr(SSL_F_GET_CLIENT_FINISHED,
+                       SSL_R_READ_WRONG_PACKET_TYPE);
+            } else {
+                SSLerr(SSL_F_GET_CLIENT_FINISHED, SSL_R_PEER_ERROR);
+                /* try to read the error message */
+                i = ssl2_read(s, (char *)&(p[s->init_num]), 3 - s->init_num);
+                return ssl2_part_read(s, SSL_F_GET_SERVER_VERIFY, i);
+            }
+            return (-1);
+        }
+        s->state = SSL2_ST_GET_CLIENT_FINISHED_B;
+    }
+
+    /* SSL2_ST_GET_CLIENT_FINISHED_B */
+    if (s->s2->conn_id_length > sizeof s->s2->conn_id) {
+        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+        SSLerr(SSL_F_GET_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+    len = 1 + (unsigned long)s->s2->conn_id_length;
+    n = (int)len - s->init_num;
+    i = ssl2_read(s, (char *)&(p[s->init_num]), n);
+    if (i < n) {
+        return (ssl2_part_read(s, SSL_F_GET_CLIENT_FINISHED, i));
+    }
+    if (s->msg_callback) {
+        /* CLIENT-FINISHED */
+        s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg);
+    }
+    p += 1;
+    if (memcmp(p, s->s2->conn_id, s->s2->conn_id_length) != 0) {
+        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+        SSLerr(SSL_F_GET_CLIENT_FINISHED, SSL_R_CONNECTION_ID_IS_DIFFERENT);
+        return (-1);
+    }
+    return (1);
+}
+
+static int server_verify(SSL *s)
+{
+    unsigned char *p;
+
+    if (s->state == SSL2_ST_SEND_SERVER_VERIFY_A) {
+        p = (unsigned char *)s->init_buf->data;
+        *(p++) = SSL2_MT_SERVER_VERIFY;
+        if (s->s2->challenge_length > sizeof s->s2->challenge) {
+            SSLerr(SSL_F_SERVER_VERIFY, ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
+        memcpy(p, s->s2->challenge, (unsigned int)s->s2->challenge_length);
+        /* p+=s->s2->challenge_length; */
+
+        s->state = SSL2_ST_SEND_SERVER_VERIFY_B;
+        s->init_num = s->s2->challenge_length + 1;
+        s->init_off = 0;
+    }
+    return (ssl2_do_write(s));
+}
+
+static int server_finish(SSL *s)
+{
+    unsigned char *p;
+
+    if (s->state == SSL2_ST_SEND_SERVER_FINISHED_A) {
+        p = (unsigned char *)s->init_buf->data;
+        *(p++) = SSL2_MT_SERVER_FINISHED;
+
+        if (s->session->session_id_length > sizeof s->session->session_id) {
+            SSLerr(SSL_F_SERVER_FINISH, ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
+        memcpy(p, s->session->session_id,
+               (unsigned int)s->session->session_id_length);
+        /* p+=s->session->session_id_length; */
+
+        s->state = SSL2_ST_SEND_SERVER_FINISHED_B;
+        s->init_num = s->session->session_id_length + 1;
+        s->init_off = 0;
+    }
+
+    /* SSL2_ST_SEND_SERVER_FINISHED_B */
+    return (ssl2_do_write(s));
+}
+
+/* send the request and check the response */
+static int request_certificate(SSL *s)
+{
+    const unsigned char *cp;
+    unsigned char *p, *p2, *buf2;
+    unsigned char *ccd;
+    int i, j, ctype, ret = -1;
+    unsigned long len;
+    X509 *x509 = NULL;
+    STACK_OF(X509) *sk = NULL;
+
+    ccd = s->s2->tmp.ccl;
+    if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_A) {
+        p = (unsigned char *)s->init_buf->data;
+        *(p++) = SSL2_MT_REQUEST_CERTIFICATE;
+        *(p++) = SSL2_AT_MD5_WITH_RSA_ENCRYPTION;
+        if (RAND_bytes(ccd, SSL2_MIN_CERT_CHALLENGE_LENGTH) <= 0)
+            return -1;
+        memcpy(p, ccd, SSL2_MIN_CERT_CHALLENGE_LENGTH);
+
+        s->state = SSL2_ST_SEND_REQUEST_CERTIFICATE_B;
+        s->init_num = SSL2_MIN_CERT_CHALLENGE_LENGTH + 2;
+        s->init_off = 0;
+    }
+
+    if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_B) {
+        i = ssl2_do_write(s);
+        if (i <= 0) {
+            ret = i;
+            goto end;
+        }
+
+        s->init_num = 0;
+        s->state = SSL2_ST_SEND_REQUEST_CERTIFICATE_C;
+    }
+
+    if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_C) {
+        p = (unsigned char *)s->init_buf->data;
+        /* try to read 6 octets ... */
+        i = ssl2_read(s, (char *)&(p[s->init_num]), 6 - s->init_num);
+        /*
+         * ... but don't call ssl2_part_read now if we got at least 3
+         * (probably NO-CERTIFICATE-ERROR)
+         */
+        if (i < 3 - s->init_num) {
+            ret = ssl2_part_read(s, SSL_F_REQUEST_CERTIFICATE, i);
+            goto end;
+        }
+        s->init_num += i;
+
+        if ((s->init_num >= 3) && (p[0] == SSL2_MT_ERROR)) {
+            n2s(p, i);
+            if (i != SSL2_PE_NO_CERTIFICATE) {
+                /*
+                 * not the error message we expected -- let ssl2_part_read
+                 * handle it
+                 */
+                s->init_num -= 3;
+                ret = ssl2_part_read(s, SSL_F_REQUEST_CERTIFICATE, 3);
+                goto end;
+            }
+
+            if (s->msg_callback) {
+                /* ERROR */
+                s->msg_callback(0, s->version, 0, p, 3, s,
+                                s->msg_callback_arg);
+            }
+
+            /*
+             * this is the one place where we can recover from an SSL 2.0
+             * error
+             */
+
+            if (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
+                ssl2_return_error(s, SSL2_PE_BAD_CERTIFICATE);
+                SSLerr(SSL_F_REQUEST_CERTIFICATE,
+                       SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
+                goto end;
+            }
+            ret = 1;
+            goto end;
+        }
+        if ((*(p++) != SSL2_MT_CLIENT_CERTIFICATE) || (s->init_num < 6)) {
+            ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+            SSLerr(SSL_F_REQUEST_CERTIFICATE, SSL_R_SHORT_READ);
+            goto end;
+        }
+        if (s->init_num != 6) {
+            SSLerr(SSL_F_REQUEST_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+            goto end;
+        }
+
+        /* ok we have a response */
+        /* certificate type, there is only one right now. */
+        ctype = *(p++);
+        if (ctype != SSL2_AT_MD5_WITH_RSA_ENCRYPTION) {
+            ssl2_return_error(s, SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE);
+            SSLerr(SSL_F_REQUEST_CERTIFICATE, SSL_R_BAD_RESPONSE_ARGUMENT);
+            goto end;
+        }
+        n2s(p, i);
+        s->s2->tmp.clen = i;
+        n2s(p, i);
+        s->s2->tmp.rlen = i;
+        s->state = SSL2_ST_SEND_REQUEST_CERTIFICATE_D;
+    }
+
+    /* SSL2_ST_SEND_REQUEST_CERTIFICATE_D */
+    p = (unsigned char *)s->init_buf->data;
+    len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen;
+    if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) {
+        SSLerr(SSL_F_REQUEST_CERTIFICATE, SSL_R_MESSAGE_TOO_LONG);
+        goto end;
+    }
+    j = (int)len - s->init_num;
+    i = ssl2_read(s, (char *)&(p[s->init_num]), j);
+    if (i < j) {
+        ret = ssl2_part_read(s, SSL_F_REQUEST_CERTIFICATE, i);
+        goto end;
+    }
+    if (s->msg_callback) {
+        /* CLIENT-CERTIFICATE */
+        s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg);
+    }
+    p += 6;
+
+    cp = p;
+    x509 = (X509 *)d2i_X509(NULL, &cp, (long)s->s2->tmp.clen);
+    if (x509 == NULL) {
+        SSLerr(SSL_F_REQUEST_CERTIFICATE, ERR_R_X509_LIB);
+        goto msg_end;
+    }
+
+    if (((sk = sk_X509_new_null()) == NULL) || (!sk_X509_push(sk, x509))) {
+        SSLerr(SSL_F_REQUEST_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+        goto msg_end;
+    }
+
+    i = ssl_verify_cert_chain(s, sk);
+
+    if (i > 0) {                /* we like the packet, now check the chksum */
+        EVP_MD_CTX ctx;
+        EVP_PKEY *pkey = NULL;
+
+        EVP_MD_CTX_init(&ctx);
+        if (!EVP_VerifyInit_ex(&ctx, s->ctx->rsa_md5, NULL)
+            || !EVP_VerifyUpdate(&ctx, s->s2->key_material,
+                                 s->s2->key_material_length)
+            || !EVP_VerifyUpdate(&ctx, ccd, SSL2_MIN_CERT_CHALLENGE_LENGTH))
+            goto msg_end;
+
+        i = i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509, NULL);
+        buf2 = OPENSSL_malloc((unsigned int)i);
+        if (buf2 == NULL) {
+            SSLerr(SSL_F_REQUEST_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+            goto msg_end;
+        }
+        p2 = buf2;
+        i = i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509, &p2);
+        if (!EVP_VerifyUpdate(&ctx, buf2, (unsigned int)i)) {
+            OPENSSL_free(buf2);
+            goto msg_end;
+        }
+        OPENSSL_free(buf2);
+
+        pkey = X509_get_pubkey(x509);
+        if (pkey == NULL)
+            goto end;
+        i = EVP_VerifyFinal(&ctx, cp, s->s2->tmp.rlen, pkey);
+        EVP_PKEY_free(pkey);
+        EVP_MD_CTX_cleanup(&ctx);
+
+        if (i > 0) {
+            if (s->session->peer != NULL)
+                X509_free(s->session->peer);
+            s->session->peer = x509;
+            CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509);
+            s->session->verify_result = s->verify_result;
+            ret = 1;
+            goto end;
+        } else {
+            SSLerr(SSL_F_REQUEST_CERTIFICATE, SSL_R_BAD_CHECKSUM);
+            goto msg_end;
+        }
+    } else {
+ msg_end:
+        ssl2_return_error(s, SSL2_PE_BAD_CERTIFICATE);
+    }
+ end:
+    sk_X509_free(sk);
+    X509_free(x509);
+    return (ret);
+}
+
+static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,
+                                   unsigned char *to, int padding)
+{
+    RSA *rsa;
+    int i;
+
+    if ((c == NULL) || (c->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL)) {
+        SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT, SSL_R_NO_PRIVATEKEY);
+        return (-1);
+    }
+    if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey->type != EVP_PKEY_RSA) {
+        SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT, SSL_R_PUBLIC_KEY_IS_NOT_RSA);
+        return (-1);
+    }
+    rsa = c->pkeys[SSL_PKEY_RSA_ENC].privatekey->pkey.rsa;
+
+    /* we have the public key */
+    i = RSA_private_decrypt(len, from, to, rsa, padding);
+    if (i < 0)
+        SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT, ERR_R_RSA_LIB);
+    return (i);
+}
+#else                           /* !OPENSSL_NO_SSL2 */
+
+# if PEDANTIC
+static void *dummy = &dummy;
+# endif
+
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/ssl/s3_both.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/s3_both.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/ssl/s3_both.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,818 +0,0 @@
-/* ssl/s3_both.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#include <limits.h>
-#include <string.h>
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-/*
- * send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or
- * SSL3_RT_CHANGE_CIPHER_SPEC)
- */
-int ssl3_do_write(SSL *s, int type)
-{
-    int ret;
-
-    ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off],
-                           s->init_num);
-    if (ret < 0)
-        return (-1);
-    if (type == SSL3_RT_HANDSHAKE)
-        /*
-         * should not be done for 'Hello Request's, but in that case we'll
-         * ignore the result anyway
-         */
-        ssl3_finish_mac(s, (unsigned char *)&s->init_buf->data[s->init_off],
-                        ret);
-
-    if (ret == s->init_num) {
-        if (s->msg_callback)
-            s->msg_callback(1, s->version, type, s->init_buf->data,
-                            (size_t)(s->init_off + s->init_num), s,
-                            s->msg_callback_arg);
-        return (1);
-    }
-    s->init_off += ret;
-    s->init_num -= ret;
-    return (0);
-}
-
-int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
-{
-    unsigned char *p, *d;
-    int i;
-    unsigned long l;
-
-    if (s->state == a) {
-        d = (unsigned char *)s->init_buf->data;
-        p = &(d[4]);
-
-        i = s->method->ssl3_enc->final_finish_mac(s,
-                                                  sender, slen,
-                                                  s->s3->tmp.finish_md);
-        if (i <= 0)
-            return 0;
-        s->s3->tmp.finish_md_len = i;
-        memcpy(p, s->s3->tmp.finish_md, i);
-        p += i;
-        l = i;
-
-        /*
-         * Copy the finished so we can use it for renegotiation checks
-         */
-        if (s->type == SSL_ST_CONNECT) {
-            OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
-            memcpy(s->s3->previous_client_finished, s->s3->tmp.finish_md, i);
-            s->s3->previous_client_finished_len = i;
-        } else {
-            OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
-            memcpy(s->s3->previous_server_finished, s->s3->tmp.finish_md, i);
-            s->s3->previous_server_finished_len = i;
-        }
-
-#ifdef OPENSSL_SYS_WIN16
-        /*
-         * MSVC 1.5 does not clear the top bytes of the word unless I do
-         * this.
-         */
-        l &= 0xffff;
-#endif
-
-        *(d++) = SSL3_MT_FINISHED;
-        l2n3(l, d);
-        s->init_num = (int)l + 4;
-        s->init_off = 0;
-
-        s->state = b;
-    }
-
-    /* SSL3_ST_SEND_xxxxxx_HELLO_B */
-    return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
-}
-
-#ifndef OPENSSL_NO_NEXTPROTONEG
-/*
- * ssl3_take_mac calculates the Finished MAC for the handshakes messages seen
- * to far.
- */
-static void ssl3_take_mac(SSL *s)
-{
-    const char *sender;
-    int slen;
-    /*
-     * If no new cipher setup return immediately: other functions will set
-     * the appropriate error.
-     */
-    if (s->s3->tmp.new_cipher == NULL)
-        return;
-    if (s->state & SSL_ST_CONNECT) {
-        sender = s->method->ssl3_enc->server_finished_label;
-        slen = s->method->ssl3_enc->server_finished_label_len;
-    } else {
-        sender = s->method->ssl3_enc->client_finished_label;
-        slen = s->method->ssl3_enc->client_finished_label_len;
-    }
-
-    s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
-                                                                          sender,
-                                                                          slen,
-                                                                          s->s3->tmp.peer_finish_md);
-}
-#endif
-
-int ssl3_get_finished(SSL *s, int a, int b)
-{
-    int al, i, ok;
-    long n;
-    unsigned char *p;
-
-#ifdef OPENSSL_NO_NEXTPROTONEG
-    /*
-     * the mac has already been generated when we received the change cipher
-     * spec message and is in s->s3->tmp.peer_finish_md.
-     */
-#endif
-
-    /* 64 argument should actually be 36+4 :-) */
-    n = s->method->ssl_get_message(s, a, b, SSL3_MT_FINISHED, 64, &ok);
-
-    if (!ok)
-        return ((int)n);
-
-    /* If this occurs, we have missed a message */
-    if (!s->s3->change_cipher_spec) {
-        al = SSL_AD_UNEXPECTED_MESSAGE;
-        SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_GOT_A_FIN_BEFORE_A_CCS);
-        goto f_err;
-    }
-    s->s3->change_cipher_spec = 0;
-
-    p = (unsigned char *)s->init_msg;
-    i = s->s3->tmp.peer_finish_md_len;
-
-    if (i != n) {
-        al = SSL_AD_DECODE_ERROR;
-        SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
-        goto f_err;
-    }
-
-    if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) {
-        al = SSL_AD_DECRYPT_ERROR;
-        SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_DIGEST_CHECK_FAILED);
-        goto f_err;
-    }
-
-    /*
-     * Copy the finished so we can use it for renegotiation checks
-     */
-    if (s->type == SSL_ST_ACCEPT) {
-        OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
-        memcpy(s->s3->previous_client_finished, s->s3->tmp.peer_finish_md, i);
-        s->s3->previous_client_finished_len = i;
-    } else {
-        OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
-        memcpy(s->s3->previous_server_finished, s->s3->tmp.peer_finish_md, i);
-        s->s3->previous_server_finished_len = i;
-    }
-
-    return (1);
- f_err:
-    ssl3_send_alert(s, SSL3_AL_FATAL, al);
-    return (0);
-}
-
-/*-
- * for these 2 messages, we need to
- * ssl->enc_read_ctx                    re-init
- * ssl->s3->read_sequence               zero
- * ssl->s3->read_mac_secret             re-init
- * ssl->session->read_sym_enc           assign
- * ssl->session->read_compression       assign
- * ssl->session->read_hash              assign
- */
-int ssl3_send_change_cipher_spec(SSL *s, int a, int b)
-{
-    unsigned char *p;
-
-    if (s->state == a) {
-        p = (unsigned char *)s->init_buf->data;
-        *p = SSL3_MT_CCS;
-        s->init_num = 1;
-        s->init_off = 0;
-
-        s->state = b;
-    }
-
-    /* SSL3_ST_CW_CHANGE_B */
-    return (ssl3_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC));
-}
-
-static int ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
-{
-    int n;
-    unsigned char *p;
-
-    n = i2d_X509(x, NULL);
-    if (!BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) {
-        SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
-        return (-1);
-    }
-    p = (unsigned char *)&(buf->data[*l]);
-    l2n3(n, p);
-    i2d_X509(x, &p);
-    *l += n + 3;
-
-    return (0);
-}
-
-unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
-{
-    unsigned char *p;
-    int i;
-    unsigned long l = 7;
-    BUF_MEM *buf;
-    int no_chain;
-
-    if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)
-        no_chain = 1;
-    else
-        no_chain = 0;
-
-    /* TLSv1 sends a chain with nothing in it, instead of an alert */
-    buf = s->init_buf;
-    if (!BUF_MEM_grow_clean(buf, 10)) {
-        SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_BUF_LIB);
-        return (0);
-    }
-    if (x != NULL) {
-        if (no_chain) {
-            if (ssl3_add_cert_to_buf(buf, &l, x))
-                return (0);
-        } else {
-            X509_STORE_CTX xs_ctx;
-
-            if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store, x, NULL)) {
-                SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_X509_LIB);
-                return (0);
-            }
-            X509_verify_cert(&xs_ctx);
-            /* Don't leave errors in the queue */
-            ERR_clear_error();
-            for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) {
-                x = sk_X509_value(xs_ctx.chain, i);
-
-                if (ssl3_add_cert_to_buf(buf, &l, x)) {
-                    X509_STORE_CTX_cleanup(&xs_ctx);
-                    return 0;
-                }
-            }
-            X509_STORE_CTX_cleanup(&xs_ctx);
-        }
-    }
-    /* Thawte special :-) */
-    for (i = 0; i < sk_X509_num(s->ctx->extra_certs); i++) {
-        x = sk_X509_value(s->ctx->extra_certs, i);
-        if (ssl3_add_cert_to_buf(buf, &l, x))
-            return (0);
-    }
-
-    l -= 7;
-    p = (unsigned char *)&(buf->data[4]);
-    l2n3(l, p);
-    l += 3;
-    p = (unsigned char *)&(buf->data[0]);
-    *(p++) = SSL3_MT_CERTIFICATE;
-    l2n3(l, p);
-    l += 4;
-    return (l);
-}
-
-/*
- * Obtain handshake message of message type 'mt' (any if mt == -1), maximum
- * acceptable body length 'max'. The first four bytes (msg_type and length)
- * are read in state 'st1', the body is read in state 'stn'.
- */
-long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
-{
-    unsigned char *p;
-    unsigned long l;
-    long n;
-    int i, al;
-
-    if (s->s3->tmp.reuse_message) {
-        s->s3->tmp.reuse_message = 0;
-        if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
-            al = SSL_AD_UNEXPECTED_MESSAGE;
-            SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
-            goto f_err;
-        }
-        *ok = 1;
-        s->state = stn;
-        s->init_msg = s->init_buf->data + 4;
-        s->init_num = (int)s->s3->tmp.message_size;
-        return s->init_num;
-    }
-
-    p = (unsigned char *)s->init_buf->data;
-
-    if (s->state == st1) {      /* s->init_num < 4 */
-        int skip_message;
-
-        do {
-            while (s->init_num < 4) {
-                i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
-                                              &p[s->init_num],
-                                              4 - s->init_num, 0);
-                if (i <= 0) {
-                    s->rwstate = SSL_READING;
-                    *ok = 0;
-                    return i;
-                }
-                s->init_num += i;
-            }
-
-            skip_message = 0;
-            if (!s->server)
-                if (p[0] == SSL3_MT_HELLO_REQUEST)
-                    /*
-                     * The server may always send 'Hello Request' messages --
-                     * we are doing a handshake anyway now, so ignore them if
-                     * their format is correct. Does not count for 'Finished'
-                     * MAC.
-                     */
-                    if (p[1] == 0 && p[2] == 0 && p[3] == 0) {
-                        s->init_num = 0;
-                        skip_message = 1;
-
-                        if (s->msg_callback)
-                            s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
-                                            p, 4, s, s->msg_callback_arg);
-                    }
-        }
-        while (skip_message);
-
-        /* s->init_num == 4 */
-
-        if ((mt >= 0) && (*p != mt)) {
-            al = SSL_AD_UNEXPECTED_MESSAGE;
-            SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
-            goto f_err;
-        }
-        if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) &&
-            (st1 == SSL3_ST_SR_CERT_A) && (stn == SSL3_ST_SR_CERT_B)) {
-            /*
-             * At this point we have got an MS SGC second client hello (maybe
-             * we should always allow the client to start a new handshake?).
-             * We need to restart the mac. Don't increment
-             * {num,total}_renegotiations because we have not completed the
-             * handshake.
-             */
-            ssl3_init_finished_mac(s);
-        }
-
-        s->s3->tmp.message_type = *(p++);
-
-        n2l3(p, l);
-        if (l > (unsigned long)max) {
-            al = SSL_AD_ILLEGAL_PARAMETER;
-            SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE);
-            goto f_err;
-        }
-        if (l > (INT_MAX - 4)) { /* BUF_MEM_grow takes an 'int' parameter */
-            al = SSL_AD_ILLEGAL_PARAMETER;
-            SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE);
-            goto f_err;
-        }
-        if (l && !BUF_MEM_grow_clean(s->init_buf, (int)l + 4)) {
-            SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB);
-            goto err;
-        }
-        s->s3->tmp.message_size = l;
-        s->state = stn;
-
-        s->init_msg = s->init_buf->data + 4;
-        s->init_num = 0;
-    }
-
-    /* next state (stn) */
-    p = s->init_msg;
-    n = s->s3->tmp.message_size - s->init_num;
-    while (n > 0) {
-        i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &p[s->init_num],
-                                      n, 0);
-        if (i <= 0) {
-            s->rwstate = SSL_READING;
-            *ok = 0;
-            return i;
-        }
-        s->init_num += i;
-        n -= i;
-    }
-
-#ifndef OPENSSL_NO_NEXTPROTONEG
-    /*
-     * If receiving Finished, record MAC of prior handshake messages for
-     * Finished verification.
-     */
-    if (*s->init_buf->data == SSL3_MT_FINISHED)
-        ssl3_take_mac(s);
-#endif
-
-    /* Feed this message into MAC computation. */
-    ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
-    if (s->msg_callback)
-        s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data,
-                        (size_t)s->init_num + 4, s, s->msg_callback_arg);
-    *ok = 1;
-    return s->init_num;
- f_err:
-    ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
-    *ok = 0;
-    return (-1);
-}
-
-int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
-{
-    EVP_PKEY *pk;
-    int ret = -1, i;
-
-    if (pkey == NULL)
-        pk = X509_get_pubkey(x);
-    else
-        pk = pkey;
-    if (pk == NULL)
-        goto err;
-
-    i = pk->type;
-    if (i == EVP_PKEY_RSA) {
-        ret = SSL_PKEY_RSA_ENC;
-    } else if (i == EVP_PKEY_DSA) {
-        ret = SSL_PKEY_DSA_SIGN;
-    }
-#ifndef OPENSSL_NO_EC
-    else if (i == EVP_PKEY_EC) {
-        ret = SSL_PKEY_ECC;
-    }
-#endif
-    else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc) {
-        ret = SSL_PKEY_GOST94;
-    } else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc) {
-        ret = SSL_PKEY_GOST01;
-    }
- err:
-    if (!pkey)
-        EVP_PKEY_free(pk);
-    return (ret);
-}
-
-int ssl_verify_alarm_type(long type)
-{
-    int al;
-
-    switch (type) {
-    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-    case X509_V_ERR_UNABLE_TO_GET_CRL:
-    case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
-        al = SSL_AD_UNKNOWN_CA;
-        break;
-    case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
-    case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
-    case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
-    case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
-    case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
-    case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
-    case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
-    case X509_V_ERR_CERT_NOT_YET_VALID:
-    case X509_V_ERR_CRL_NOT_YET_VALID:
-    case X509_V_ERR_CERT_UNTRUSTED:
-    case X509_V_ERR_CERT_REJECTED:
-        al = SSL_AD_BAD_CERTIFICATE;
-        break;
-    case X509_V_ERR_CERT_SIGNATURE_FAILURE:
-    case X509_V_ERR_CRL_SIGNATURE_FAILURE:
-        al = SSL_AD_DECRYPT_ERROR;
-        break;
-    case X509_V_ERR_CERT_HAS_EXPIRED:
-    case X509_V_ERR_CRL_HAS_EXPIRED:
-        al = SSL_AD_CERTIFICATE_EXPIRED;
-        break;
-    case X509_V_ERR_CERT_REVOKED:
-        al = SSL_AD_CERTIFICATE_REVOKED;
-        break;
-    case X509_V_ERR_OUT_OF_MEM:
-        al = SSL_AD_INTERNAL_ERROR;
-        break;
-    case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
-    case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
-    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
-    case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
-    case X509_V_ERR_CERT_CHAIN_TOO_LONG:
-    case X509_V_ERR_PATH_LENGTH_EXCEEDED:
-    case X509_V_ERR_INVALID_CA:
-        al = SSL_AD_UNKNOWN_CA;
-        break;
-    case X509_V_ERR_APPLICATION_VERIFICATION:
-        al = SSL_AD_HANDSHAKE_FAILURE;
-        break;
-    case X509_V_ERR_INVALID_PURPOSE:
-        al = SSL_AD_UNSUPPORTED_CERTIFICATE;
-        break;
-    default:
-        al = SSL_AD_CERTIFICATE_UNKNOWN;
-        break;
-    }
-    return (al);
-}
-
-#ifndef OPENSSL_NO_BUF_FREELISTS
-/*-
- * On some platforms, malloc() performance is bad enough that you can't just
- * free() and malloc() buffers all the time, so we need to use freelists from
- * unused buffers.  Currently, each freelist holds memory chunks of only a
- * given size (list->chunklen); other sized chunks are freed and malloced.
- * This doesn't help much if you're using many different SSL option settings
- * with a given context.  (The options affecting buffer size are
- * max_send_fragment, read buffer vs write buffer,
- * SSL_OP_MICROSOFT_BIG_WRITE_BUFFER, SSL_OP_NO_COMPRESSION, and
- * SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.)  Using a separate freelist for every
- * possible size is not an option, since max_send_fragment can take on many
- * different values.
- *
- * If you are on a platform with a slow malloc(), and you're using SSL
- * connections with many different settings for these options, and you need to
- * use the SSL_MOD_RELEASE_BUFFERS feature, you have a few options:
- *    - Link against a faster malloc implementation.
- *    - Use a separate SSL_CTX for each option set.
- *    - Improve this code.
- */
-static void *freelist_extract(SSL_CTX *ctx, int for_read, int sz)
-{
-    SSL3_BUF_FREELIST *list;
-    SSL3_BUF_FREELIST_ENTRY *ent = NULL;
-    void *result = NULL;
-
-    CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-    list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
-    if (list != NULL && sz == (int)list->chunklen)
-        ent = list->head;
-    if (ent != NULL) {
-        list->head = ent->next;
-        result = ent;
-        if (--list->len == 0)
-            list->chunklen = 0;
-    }
-    CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-    if (!result)
-        result = OPENSSL_malloc(sz);
-    return result;
-}
-
-static void freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem)
-{
-    SSL3_BUF_FREELIST *list;
-    SSL3_BUF_FREELIST_ENTRY *ent;
-
-    CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-    list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
-    if (list != NULL &&
-        (sz == list->chunklen || list->chunklen == 0) &&
-        list->len < ctx->freelist_max_len && sz >= sizeof(*ent)) {
-        list->chunklen = sz;
-        ent = mem;
-        ent->next = list->head;
-        list->head = ent;
-        ++list->len;
-        mem = NULL;
-    }
-
-    CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-    if (mem)
-        OPENSSL_free(mem);
-}
-#else
-# define freelist_extract(c,fr,sz) OPENSSL_malloc(sz)
-# define freelist_insert(c,fr,sz,m) OPENSSL_free(m)
-#endif
-
-int ssl3_setup_read_buffer(SSL *s)
-{
-    unsigned char *p;
-    size_t len, align = 0, headerlen;
-
-    if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
-        headerlen = DTLS1_RT_HEADER_LENGTH;
-    else
-        headerlen = SSL3_RT_HEADER_LENGTH;
-
-#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
-    align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
-#endif
-
-    if (s->s3->rbuf.buf == NULL) {
-        len = SSL3_RT_MAX_PLAIN_LENGTH
-            + SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
-        if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) {
-            s->s3->init_extra = 1;
-            len += SSL3_RT_MAX_EXTRA;
-        }
-#ifndef OPENSSL_NO_COMP
-        if (!(s->options & SSL_OP_NO_COMPRESSION))
-            len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
-#endif
-        if ((p = freelist_extract(s->ctx, 1, len)) == NULL)
-            goto err;
-        s->s3->rbuf.buf = p;
-        s->s3->rbuf.len = len;
-    }
-
-    s->packet = &(s->s3->rbuf.buf[0]);
-    return 1;
-
- err:
-    SSLerr(SSL_F_SSL3_SETUP_READ_BUFFER, ERR_R_MALLOC_FAILURE);
-    return 0;
-}
-
-int ssl3_setup_write_buffer(SSL *s)
-{
-    unsigned char *p;
-    size_t len, align = 0, headerlen;
-
-    if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
-        headerlen = DTLS1_RT_HEADER_LENGTH + 1;
-    else
-        headerlen = SSL3_RT_HEADER_LENGTH;
-
-#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
-    align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
-#endif
-
-    if (s->s3->wbuf.buf == NULL) {
-        len = s->max_send_fragment
-            + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
-#ifndef OPENSSL_NO_COMP
-        if (!(s->options & SSL_OP_NO_COMPRESSION))
-            len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
-#endif
-        if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
-            len += headerlen + align + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
-
-        if ((p = freelist_extract(s->ctx, 0, len)) == NULL)
-            goto err;
-        s->s3->wbuf.buf = p;
-        s->s3->wbuf.len = len;
-    }
-
-    return 1;
-
- err:
-    SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER, ERR_R_MALLOC_FAILURE);
-    return 0;
-}
-
-int ssl3_setup_buffers(SSL *s)
-{
-    if (!ssl3_setup_read_buffer(s))
-        return 0;
-    if (!ssl3_setup_write_buffer(s))
-        return 0;
-    return 1;
-}
-
-int ssl3_release_write_buffer(SSL *s)
-{
-    if (s->s3->wbuf.buf != NULL) {
-        freelist_insert(s->ctx, 0, s->s3->wbuf.len, s->s3->wbuf.buf);
-        s->s3->wbuf.buf = NULL;
-    }
-    return 1;
-}
-
-int ssl3_release_read_buffer(SSL *s)
-{
-    if (s->s3->rbuf.buf != NULL) {
-        freelist_insert(s->ctx, 1, s->s3->rbuf.len, s->s3->rbuf.buf);
-        s->s3->rbuf.buf = NULL;
-    }
-    return 1;
-}

Copied: vendor-crypto/openssl/1.0.1u/ssl/s3_both.c (from rev 11605, vendor-crypto/openssl/dist/ssl/s3_both.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/ssl/s3_both.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/ssl/s3_both.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,826 @@
+/* ssl/s3_both.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#include <limits.h>
+#include <string.h>
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+/*
+ * send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or
+ * SSL3_RT_CHANGE_CIPHER_SPEC)
+ */
+int ssl3_do_write(SSL *s, int type)
+{
+    int ret;
+
+    ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off],
+                           s->init_num);
+    if (ret < 0)
+        return (-1);
+    if (type == SSL3_RT_HANDSHAKE)
+        /*
+         * should not be done for 'Hello Request's, but in that case we'll
+         * ignore the result anyway
+         */
+        ssl3_finish_mac(s, (unsigned char *)&s->init_buf->data[s->init_off],
+                        ret);
+
+    if (ret == s->init_num) {
+        if (s->msg_callback)
+            s->msg_callback(1, s->version, type, s->init_buf->data,
+                            (size_t)(s->init_off + s->init_num), s,
+                            s->msg_callback_arg);
+        return (1);
+    }
+    s->init_off += ret;
+    s->init_num -= ret;
+    return (0);
+}
+
+int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
+{
+    unsigned char *p, *d;
+    int i;
+    unsigned long l;
+
+    if (s->state == a) {
+        d = (unsigned char *)s->init_buf->data;
+        p = &(d[4]);
+
+        i = s->method->ssl3_enc->final_finish_mac(s,
+                                                  sender, slen,
+                                                  s->s3->tmp.finish_md);
+        if (i <= 0)
+            return 0;
+        s->s3->tmp.finish_md_len = i;
+        memcpy(p, s->s3->tmp.finish_md, i);
+        p += i;
+        l = i;
+
+        /*
+         * Copy the finished so we can use it for renegotiation checks
+         */
+        if (s->type == SSL_ST_CONNECT) {
+            OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
+            memcpy(s->s3->previous_client_finished, s->s3->tmp.finish_md, i);
+            s->s3->previous_client_finished_len = i;
+        } else {
+            OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
+            memcpy(s->s3->previous_server_finished, s->s3->tmp.finish_md, i);
+            s->s3->previous_server_finished_len = i;
+        }
+
+#ifdef OPENSSL_SYS_WIN16
+        /*
+         * MSVC 1.5 does not clear the top bytes of the word unless I do
+         * this.
+         */
+        l &= 0xffff;
+#endif
+
+        *(d++) = SSL3_MT_FINISHED;
+        l2n3(l, d);
+        s->init_num = (int)l + 4;
+        s->init_off = 0;
+
+        s->state = b;
+    }
+
+    /* SSL3_ST_SEND_xxxxxx_HELLO_B */
+    return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+}
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+/*
+ * ssl3_take_mac calculates the Finished MAC for the handshakes messages seen
+ * to far.
+ */
+static void ssl3_take_mac(SSL *s)
+{
+    const char *sender;
+    int slen;
+    /*
+     * If no new cipher setup return immediately: other functions will set
+     * the appropriate error.
+     */
+    if (s->s3->tmp.new_cipher == NULL)
+        return;
+    if (s->state & SSL_ST_CONNECT) {
+        sender = s->method->ssl3_enc->server_finished_label;
+        slen = s->method->ssl3_enc->server_finished_label_len;
+    } else {
+        sender = s->method->ssl3_enc->client_finished_label;
+        slen = s->method->ssl3_enc->client_finished_label_len;
+    }
+
+    s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
+                                                                          sender,
+                                                                          slen,
+                                                                          s->s3->tmp.peer_finish_md);
+}
+#endif
+
+int ssl3_get_finished(SSL *s, int a, int b)
+{
+    int al, i, ok;
+    long n;
+    unsigned char *p;
+
+#ifdef OPENSSL_NO_NEXTPROTONEG
+    /*
+     * the mac has already been generated when we received the change cipher
+     * spec message and is in s->s3->tmp.peer_finish_md.
+     */
+#endif
+
+    /* 64 argument should actually be 36+4 :-) */
+    n = s->method->ssl_get_message(s, a, b, SSL3_MT_FINISHED, 64, &ok);
+
+    if (!ok)
+        return ((int)n);
+
+    /* If this occurs, we have missed a message */
+    if (!s->s3->change_cipher_spec) {
+        al = SSL_AD_UNEXPECTED_MESSAGE;
+        SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_GOT_A_FIN_BEFORE_A_CCS);
+        goto f_err;
+    }
+    s->s3->change_cipher_spec = 0;
+
+    p = (unsigned char *)s->init_msg;
+    i = s->s3->tmp.peer_finish_md_len;
+
+    if (i != n) {
+        al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
+        goto f_err;
+    }
+
+    if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) {
+        al = SSL_AD_DECRYPT_ERROR;
+        SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_DIGEST_CHECK_FAILED);
+        goto f_err;
+    }
+
+    /*
+     * Copy the finished so we can use it for renegotiation checks
+     */
+    if (s->type == SSL_ST_ACCEPT) {
+        OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
+        memcpy(s->s3->previous_client_finished, s->s3->tmp.peer_finish_md, i);
+        s->s3->previous_client_finished_len = i;
+    } else {
+        OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
+        memcpy(s->s3->previous_server_finished, s->s3->tmp.peer_finish_md, i);
+        s->s3->previous_server_finished_len = i;
+    }
+
+    return (1);
+ f_err:
+    ssl3_send_alert(s, SSL3_AL_FATAL, al);
+    return (0);
+}
+
+/*-
+ * for these 2 messages, we need to
+ * ssl->enc_read_ctx                    re-init
+ * ssl->s3->read_sequence               zero
+ * ssl->s3->read_mac_secret             re-init
+ * ssl->session->read_sym_enc           assign
+ * ssl->session->read_compression       assign
+ * ssl->session->read_hash              assign
+ */
+int ssl3_send_change_cipher_spec(SSL *s, int a, int b)
+{
+    unsigned char *p;
+
+    if (s->state == a) {
+        p = (unsigned char *)s->init_buf->data;
+        *p = SSL3_MT_CCS;
+        s->init_num = 1;
+        s->init_off = 0;
+
+        s->state = b;
+    }
+
+    /* SSL3_ST_CW_CHANGE_B */
+    return (ssl3_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC));
+}
+
+static int ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
+{
+    int n;
+    unsigned char *p;
+
+    n = i2d_X509(x, NULL);
+    if (!BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) {
+        SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
+        return (-1);
+    }
+    p = (unsigned char *)&(buf->data[*l]);
+    l2n3(n, p);
+    i2d_X509(x, &p);
+    *l += n + 3;
+
+    return (0);
+}
+
+unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
+{
+    unsigned char *p;
+    int i;
+    unsigned long l = 7;
+    BUF_MEM *buf;
+    int no_chain;
+
+    if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)
+        no_chain = 1;
+    else
+        no_chain = 0;
+
+    /* TLSv1 sends a chain with nothing in it, instead of an alert */
+    buf = s->init_buf;
+    if (!BUF_MEM_grow_clean(buf, 10)) {
+        SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_BUF_LIB);
+        return (0);
+    }
+    if (x != NULL) {
+        if (no_chain) {
+            if (ssl3_add_cert_to_buf(buf, &l, x))
+                return (0);
+        } else {
+            X509_STORE_CTX xs_ctx;
+
+            if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store, x, NULL)) {
+                SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_X509_LIB);
+                return (0);
+            }
+            X509_verify_cert(&xs_ctx);
+            /* Don't leave errors in the queue */
+            ERR_clear_error();
+            for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) {
+                x = sk_X509_value(xs_ctx.chain, i);
+
+                if (ssl3_add_cert_to_buf(buf, &l, x)) {
+                    X509_STORE_CTX_cleanup(&xs_ctx);
+                    return 0;
+                }
+            }
+            X509_STORE_CTX_cleanup(&xs_ctx);
+        }
+    }
+    /* Thawte special :-) */
+    for (i = 0; i < sk_X509_num(s->ctx->extra_certs); i++) {
+        x = sk_X509_value(s->ctx->extra_certs, i);
+        if (ssl3_add_cert_to_buf(buf, &l, x))
+            return (0);
+    }
+
+    l -= 7;
+    p = (unsigned char *)&(buf->data[4]);
+    l2n3(l, p);
+    l += 3;
+    p = (unsigned char *)&(buf->data[0]);
+    *(p++) = SSL3_MT_CERTIFICATE;
+    l2n3(l, p);
+    l += 4;
+    return (l);
+}
+
+/*
+ * Obtain handshake message of message type 'mt' (any if mt == -1), maximum
+ * acceptable body length 'max'. The first four bytes (msg_type and length)
+ * are read in state 'st1', the body is read in state 'stn'.
+ */
+long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
+{
+    unsigned char *p;
+    unsigned long l;
+    long n;
+    int i, al;
+
+    if (s->s3->tmp.reuse_message) {
+        s->s3->tmp.reuse_message = 0;
+        if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
+            al = SSL_AD_UNEXPECTED_MESSAGE;
+            SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
+            goto f_err;
+        }
+        *ok = 1;
+        s->state = stn;
+        s->init_msg = s->init_buf->data + SSL3_HM_HEADER_LENGTH;
+        s->init_num = (int)s->s3->tmp.message_size;
+        return s->init_num;
+    }
+
+    p = (unsigned char *)s->init_buf->data;
+
+    if (s->state == st1) {      /* s->init_num < SSL3_HM_HEADER_LENGTH */
+        int skip_message;
+
+        do {
+            while (s->init_num < SSL3_HM_HEADER_LENGTH) {
+                i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
+                                              &p[s->init_num],
+                                              SSL3_HM_HEADER_LENGTH -
+                                              s->init_num, 0);
+                if (i <= 0) {
+                    s->rwstate = SSL_READING;
+                    *ok = 0;
+                    return i;
+                }
+                s->init_num += i;
+            }
+
+            skip_message = 0;
+            if (!s->server)
+                if (p[0] == SSL3_MT_HELLO_REQUEST)
+                    /*
+                     * The server may always send 'Hello Request' messages --
+                     * we are doing a handshake anyway now, so ignore them if
+                     * their format is correct. Does not count for 'Finished'
+                     * MAC.
+                     */
+                    if (p[1] == 0 && p[2] == 0 && p[3] == 0) {
+                        s->init_num = 0;
+                        skip_message = 1;
+
+                        if (s->msg_callback)
+                            s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
+                                            p, SSL3_HM_HEADER_LENGTH, s,
+                                            s->msg_callback_arg);
+                    }
+        }
+        while (skip_message);
+
+        /* s->init_num == SSL3_HM_HEADER_LENGTH */
+
+        if ((mt >= 0) && (*p != mt)) {
+            al = SSL_AD_UNEXPECTED_MESSAGE;
+            SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
+            goto f_err;
+        }
+        if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) &&
+            (st1 == SSL3_ST_SR_CERT_A) && (stn == SSL3_ST_SR_CERT_B)) {
+            /*
+             * At this point we have got an MS SGC second client hello (maybe
+             * we should always allow the client to start a new handshake?).
+             * We need to restart the mac. Don't increment
+             * {num,total}_renegotiations because we have not completed the
+             * handshake.
+             */
+            ssl3_init_finished_mac(s);
+        }
+
+        s->s3->tmp.message_type = *(p++);
+
+        n2l3(p, l);
+        if (l > (unsigned long)max) {
+            al = SSL_AD_ILLEGAL_PARAMETER;
+            SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE);
+            goto f_err;
+        }
+        /*
+         * Make buffer slightly larger than message length as a precaution
+         * against small OOB reads e.g. CVE-2016-6306
+         */
+        if (l
+            && !BUF_MEM_grow_clean(s->init_buf,
+                                   (int)l + SSL3_HM_HEADER_LENGTH + 16)) {
+            SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB);
+            goto err;
+        }
+        s->s3->tmp.message_size = l;
+        s->state = stn;
+
+        s->init_msg = s->init_buf->data + SSL3_HM_HEADER_LENGTH;
+        s->init_num = 0;
+    }
+
+    /* next state (stn) */
+    p = s->init_msg;
+    n = s->s3->tmp.message_size - s->init_num;
+    while (n > 0) {
+        i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &p[s->init_num],
+                                      n, 0);
+        if (i <= 0) {
+            s->rwstate = SSL_READING;
+            *ok = 0;
+            return i;
+        }
+        s->init_num += i;
+        n -= i;
+    }
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    /*
+     * If receiving Finished, record MAC of prior handshake messages for
+     * Finished verification.
+     */
+    if (*s->init_buf->data == SSL3_MT_FINISHED)
+        ssl3_take_mac(s);
+#endif
+
+    /* Feed this message into MAC computation. */
+    ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
+                    s->init_num + SSL3_HM_HEADER_LENGTH);
+    if (s->msg_callback)
+        s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data,
+                        (size_t)s->init_num + SSL3_HM_HEADER_LENGTH, s,
+                        s->msg_callback_arg);
+    *ok = 1;
+    return s->init_num;
+ f_err:
+    ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ err:
+    *ok = 0;
+    return (-1);
+}
+
+int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
+{
+    EVP_PKEY *pk;
+    int ret = -1, i;
+
+    if (pkey == NULL)
+        pk = X509_get_pubkey(x);
+    else
+        pk = pkey;
+    if (pk == NULL)
+        goto err;
+
+    i = pk->type;
+    if (i == EVP_PKEY_RSA) {
+        ret = SSL_PKEY_RSA_ENC;
+    } else if (i == EVP_PKEY_DSA) {
+        ret = SSL_PKEY_DSA_SIGN;
+    }
+#ifndef OPENSSL_NO_EC
+    else if (i == EVP_PKEY_EC) {
+        ret = SSL_PKEY_ECC;
+    }
+#endif
+    else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc) {
+        ret = SSL_PKEY_GOST94;
+    } else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc) {
+        ret = SSL_PKEY_GOST01;
+    }
+ err:
+    if (!pkey)
+        EVP_PKEY_free(pk);
+    return (ret);
+}
+
+int ssl_verify_alarm_type(long type)
+{
+    int al;
+
+    switch (type) {
+    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+    case X509_V_ERR_UNABLE_TO_GET_CRL:
+    case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
+        al = SSL_AD_UNKNOWN_CA;
+        break;
+    case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
+    case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
+    case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
+    case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+    case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+    case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
+    case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
+    case X509_V_ERR_CERT_NOT_YET_VALID:
+    case X509_V_ERR_CRL_NOT_YET_VALID:
+    case X509_V_ERR_CERT_UNTRUSTED:
+    case X509_V_ERR_CERT_REJECTED:
+        al = SSL_AD_BAD_CERTIFICATE;
+        break;
+    case X509_V_ERR_CERT_SIGNATURE_FAILURE:
+    case X509_V_ERR_CRL_SIGNATURE_FAILURE:
+        al = SSL_AD_DECRYPT_ERROR;
+        break;
+    case X509_V_ERR_CERT_HAS_EXPIRED:
+    case X509_V_ERR_CRL_HAS_EXPIRED:
+        al = SSL_AD_CERTIFICATE_EXPIRED;
+        break;
+    case X509_V_ERR_CERT_REVOKED:
+        al = SSL_AD_CERTIFICATE_REVOKED;
+        break;
+    case X509_V_ERR_UNSPECIFIED:
+    case X509_V_ERR_OUT_OF_MEM:
+    case X509_V_ERR_INVALID_CALL:
+    case X509_V_ERR_STORE_LOOKUP:
+        al = SSL_AD_INTERNAL_ERROR;
+        break;
+    case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+    case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
+    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
+    case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
+    case X509_V_ERR_CERT_CHAIN_TOO_LONG:
+    case X509_V_ERR_PATH_LENGTH_EXCEEDED:
+    case X509_V_ERR_INVALID_CA:
+        al = SSL_AD_UNKNOWN_CA;
+        break;
+    case X509_V_ERR_APPLICATION_VERIFICATION:
+        al = SSL_AD_HANDSHAKE_FAILURE;
+        break;
+    case X509_V_ERR_INVALID_PURPOSE:
+        al = SSL_AD_UNSUPPORTED_CERTIFICATE;
+        break;
+    default:
+        al = SSL_AD_CERTIFICATE_UNKNOWN;
+        break;
+    }
+    return (al);
+}
+
+#ifndef OPENSSL_NO_BUF_FREELISTS
+/*-
+ * On some platforms, malloc() performance is bad enough that you can't just
+ * free() and malloc() buffers all the time, so we need to use freelists from
+ * unused buffers.  Currently, each freelist holds memory chunks of only a
+ * given size (list->chunklen); other sized chunks are freed and malloced.
+ * This doesn't help much if you're using many different SSL option settings
+ * with a given context.  (The options affecting buffer size are
+ * max_send_fragment, read buffer vs write buffer,
+ * SSL_OP_MICROSOFT_BIG_WRITE_BUFFER, SSL_OP_NO_COMPRESSION, and
+ * SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.)  Using a separate freelist for every
+ * possible size is not an option, since max_send_fragment can take on many
+ * different values.
+ *
+ * If you are on a platform with a slow malloc(), and you're using SSL
+ * connections with many different settings for these options, and you need to
+ * use the SSL_MOD_RELEASE_BUFFERS feature, you have a few options:
+ *    - Link against a faster malloc implementation.
+ *    - Use a separate SSL_CTX for each option set.
+ *    - Improve this code.
+ */
+static void *freelist_extract(SSL_CTX *ctx, int for_read, int sz)
+{
+    SSL3_BUF_FREELIST *list;
+    SSL3_BUF_FREELIST_ENTRY *ent = NULL;
+    void *result = NULL;
+
+    CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+    list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
+    if (list != NULL && sz == (int)list->chunklen)
+        ent = list->head;
+    if (ent != NULL) {
+        list->head = ent->next;
+        result = ent;
+        if (--list->len == 0)
+            list->chunklen = 0;
+    }
+    CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+    if (!result)
+        result = OPENSSL_malloc(sz);
+    return result;
+}
+
+static void freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem)
+{
+    SSL3_BUF_FREELIST *list;
+    SSL3_BUF_FREELIST_ENTRY *ent;
+
+    CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+    list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
+    if (list != NULL &&
+        (sz == list->chunklen || list->chunklen == 0) &&
+        list->len < ctx->freelist_max_len && sz >= sizeof(*ent)) {
+        list->chunklen = sz;
+        ent = mem;
+        ent->next = list->head;
+        list->head = ent;
+        ++list->len;
+        mem = NULL;
+    }
+
+    CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+    if (mem)
+        OPENSSL_free(mem);
+}
+#else
+# define freelist_extract(c,fr,sz) OPENSSL_malloc(sz)
+# define freelist_insert(c,fr,sz,m) OPENSSL_free(m)
+#endif
+
+int ssl3_setup_read_buffer(SSL *s)
+{
+    unsigned char *p;
+    size_t len, align = 0, headerlen;
+
+    if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
+        headerlen = DTLS1_RT_HEADER_LENGTH;
+    else
+        headerlen = SSL3_RT_HEADER_LENGTH;
+
+#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
+    align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
+#endif
+
+    if (s->s3->rbuf.buf == NULL) {
+        len = SSL3_RT_MAX_PLAIN_LENGTH
+            + SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
+        if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) {
+            s->s3->init_extra = 1;
+            len += SSL3_RT_MAX_EXTRA;
+        }
+#ifndef OPENSSL_NO_COMP
+        if (!(s->options & SSL_OP_NO_COMPRESSION))
+            len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
+#endif
+        if ((p = freelist_extract(s->ctx, 1, len)) == NULL)
+            goto err;
+        s->s3->rbuf.buf = p;
+        s->s3->rbuf.len = len;
+    }
+
+    s->packet = &(s->s3->rbuf.buf[0]);
+    return 1;
+
+ err:
+    SSLerr(SSL_F_SSL3_SETUP_READ_BUFFER, ERR_R_MALLOC_FAILURE);
+    return 0;
+}
+
+int ssl3_setup_write_buffer(SSL *s)
+{
+    unsigned char *p;
+    size_t len, align = 0, headerlen;
+
+    if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
+        headerlen = DTLS1_RT_HEADER_LENGTH + 1;
+    else
+        headerlen = SSL3_RT_HEADER_LENGTH;
+
+#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
+    align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
+#endif
+
+    if (s->s3->wbuf.buf == NULL) {
+        len = s->max_send_fragment
+            + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
+#ifndef OPENSSL_NO_COMP
+        if (!(s->options & SSL_OP_NO_COMPRESSION))
+            len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
+#endif
+        if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
+            len += headerlen + align + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
+
+        if ((p = freelist_extract(s->ctx, 0, len)) == NULL)
+            goto err;
+        s->s3->wbuf.buf = p;
+        s->s3->wbuf.len = len;
+    }
+
+    return 1;
+
+ err:
+    SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER, ERR_R_MALLOC_FAILURE);
+    return 0;
+}
+
+int ssl3_setup_buffers(SSL *s)
+{
+    if (!ssl3_setup_read_buffer(s))
+        return 0;
+    if (!ssl3_setup_write_buffer(s))
+        return 0;
+    return 1;
+}
+
+int ssl3_release_write_buffer(SSL *s)
+{
+    if (s->s3->wbuf.buf != NULL) {
+        freelist_insert(s->ctx, 0, s->s3->wbuf.len, s->s3->wbuf.buf);
+        s->s3->wbuf.buf = NULL;
+    }
+    return 1;
+}
+
+int ssl3_release_read_buffer(SSL *s)
+{
+    if (s->s3->rbuf.buf != NULL) {
+        freelist_insert(s->ctx, 1, s->s3->rbuf.len, s->s3->rbuf.buf);
+        s->s3->rbuf.buf = NULL;
+    }
+    return 1;
+}

Deleted: vendor-crypto/openssl/1.0.1u/ssl/s3_clnt.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/s3_clnt.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/ssl/s3_clnt.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,3561 +0,0 @@
-/* ssl/s3_clnt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * ECC cipher suite support in OpenSSL originally written by
- * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include "kssl_lcl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/md5.h>
-#ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
-#endif
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
-
-static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b);
-#ifndef OPENSSL_NO_TLSEXT
-static int ssl3_check_finished(SSL *s);
-#endif
-
-#ifndef OPENSSL_NO_SSL3_METHOD
-static const SSL_METHOD *ssl3_get_client_method(int ver)
-{
-    if (ver == SSL3_VERSION)
-        return (SSLv3_client_method());
-    else
-        return (NULL);
-}
-
-IMPLEMENT_ssl3_meth_func(SSLv3_client_method,
-                         ssl_undefined_function,
-                         ssl3_connect, ssl3_get_client_method)
-#endif
-int ssl3_connect(SSL *s)
-{
-    BUF_MEM *buf = NULL;
-    unsigned long Time = (unsigned long)time(NULL);
-    void (*cb) (const SSL *ssl, int type, int val) = NULL;
-    int ret = -1;
-    int new_state, state, skip = 0;
-
-    RAND_add(&Time, sizeof(Time), 0);
-    ERR_clear_error();
-    clear_sys_error();
-
-    if (s->info_callback != NULL)
-        cb = s->info_callback;
-    else if (s->ctx->info_callback != NULL)
-        cb = s->ctx->info_callback;
-
-    s->in_handshake++;
-    if (!SSL_in_init(s) || SSL_in_before(s))
-        SSL_clear(s);
-
-#ifndef OPENSSL_NO_HEARTBEATS
-    /*
-     * If we're awaiting a HeartbeatResponse, pretend we already got and
-     * don't await it anymore, because Heartbeats don't make sense during
-     * handshakes anyway.
-     */
-    if (s->tlsext_hb_pending) {
-        s->tlsext_hb_pending = 0;
-        s->tlsext_hb_seq++;
-    }
-#endif
-
-    for (;;) {
-        state = s->state;
-
-        switch (s->state) {
-        case SSL_ST_RENEGOTIATE:
-            s->renegotiate = 1;
-            s->state = SSL_ST_CONNECT;
-            s->ctx->stats.sess_connect_renegotiate++;
-            /* break */
-        case SSL_ST_BEFORE:
-        case SSL_ST_CONNECT:
-        case SSL_ST_BEFORE | SSL_ST_CONNECT:
-        case SSL_ST_OK | SSL_ST_CONNECT:
-
-            s->server = 0;
-            if (cb != NULL)
-                cb(s, SSL_CB_HANDSHAKE_START, 1);
-
-            if ((s->version & 0xff00) != 0x0300) {
-                SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR);
-                s->state = SSL_ST_ERR;
-                ret = -1;
-                goto end;
-            }
-
-            /* s->version=SSL3_VERSION; */
-            s->type = SSL_ST_CONNECT;
-
-            if (s->init_buf == NULL) {
-                if ((buf = BUF_MEM_new()) == NULL) {
-                    ret = -1;
-                    s->state = SSL_ST_ERR;
-                    goto end;
-                }
-                if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
-                    ret = -1;
-                    s->state = SSL_ST_ERR;
-                    goto end;
-                }
-                s->init_buf = buf;
-                buf = NULL;
-            }
-
-            if (!ssl3_setup_buffers(s)) {
-                ret = -1;
-                goto end;
-            }
-
-            /* setup buffing BIO */
-            if (!ssl_init_wbio_buffer(s, 0)) {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-
-            /* don't push the buffering BIO quite yet */
-
-            ssl3_init_finished_mac(s);
-
-            s->state = SSL3_ST_CW_CLNT_HELLO_A;
-            s->ctx->stats.sess_connect++;
-            s->init_num = 0;
-            s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
-            /*
-             * Should have been reset by ssl3_get_finished, too.
-             */
-            s->s3->change_cipher_spec = 0;
-            break;
-
-        case SSL3_ST_CW_CLNT_HELLO_A:
-        case SSL3_ST_CW_CLNT_HELLO_B:
-
-            s->shutdown = 0;
-            ret = ssl3_client_hello(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_CR_SRVR_HELLO_A;
-            s->init_num = 0;
-
-            /* turn on buffering for the next lot of output */
-            if (s->bbio != s->wbio)
-                s->wbio = BIO_push(s->bbio, s->wbio);
-
-            break;
-
-        case SSL3_ST_CR_SRVR_HELLO_A:
-        case SSL3_ST_CR_SRVR_HELLO_B:
-            ret = ssl3_get_server_hello(s);
-            if (ret <= 0)
-                goto end;
-
-            if (s->hit) {
-                s->state = SSL3_ST_CR_FINISHED_A;
-#ifndef OPENSSL_NO_TLSEXT
-                if (s->tlsext_ticket_expected) {
-                    /* receive renewed session ticket */
-                    s->state = SSL3_ST_CR_SESSION_TICKET_A;
-                }
-#endif
-            } else
-                s->state = SSL3_ST_CR_CERT_A;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_CR_CERT_A:
-        case SSL3_ST_CR_CERT_B:
-#ifndef OPENSSL_NO_TLSEXT
-            /* Noop (ret = 0) for everything but EAP-FAST. */
-            ret = ssl3_check_finished(s);
-            if (ret < 0)
-                goto end;
-            if (ret == 1) {
-                s->hit = 1;
-                s->state = SSL3_ST_CR_FINISHED_A;
-                s->init_num = 0;
-                break;
-            }
-#endif
-            /* Check if it is anon DH/ECDH, SRP auth */
-            /* or PSK */
-            if (!
-                (s->s3->tmp.
-                 new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
-                    && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
-                ret = ssl3_get_server_certificate(s);
-                if (ret <= 0)
-                    goto end;
-#ifndef OPENSSL_NO_TLSEXT
-                if (s->tlsext_status_expected)
-                    s->state = SSL3_ST_CR_CERT_STATUS_A;
-                else
-                    s->state = SSL3_ST_CR_KEY_EXCH_A;
-            } else {
-                skip = 1;
-                s->state = SSL3_ST_CR_KEY_EXCH_A;
-            }
-#else
-            } else
-                skip = 1;
-
-            s->state = SSL3_ST_CR_KEY_EXCH_A;
-#endif
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_CR_KEY_EXCH_A:
-        case SSL3_ST_CR_KEY_EXCH_B:
-            ret = ssl3_get_key_exchange(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_CR_CERT_REQ_A;
-            s->init_num = 0;
-
-            /*
-             * at this point we check that we have the required stuff from
-             * the server
-             */
-            if (!ssl3_check_cert_and_algorithm(s)) {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-            break;
-
-        case SSL3_ST_CR_CERT_REQ_A:
-        case SSL3_ST_CR_CERT_REQ_B:
-            ret = ssl3_get_certificate_request(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_CR_SRVR_DONE_A;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_CR_SRVR_DONE_A:
-        case SSL3_ST_CR_SRVR_DONE_B:
-            ret = ssl3_get_server_done(s);
-            if (ret <= 0)
-                goto end;
-#ifndef OPENSSL_NO_SRP
-            if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) {
-                if ((ret = SRP_Calc_A_param(s)) <= 0) {
-                    SSLerr(SSL_F_SSL3_CONNECT, SSL_R_SRP_A_CALC);
-                    ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
-                    s->state = SSL_ST_ERR;
-                    goto end;
-                }
-            }
-#endif
-            if (s->s3->tmp.cert_req)
-                s->state = SSL3_ST_CW_CERT_A;
-            else
-                s->state = SSL3_ST_CW_KEY_EXCH_A;
-            s->init_num = 0;
-
-            break;
-
-        case SSL3_ST_CW_CERT_A:
-        case SSL3_ST_CW_CERT_B:
-        case SSL3_ST_CW_CERT_C:
-        case SSL3_ST_CW_CERT_D:
-            ret = ssl3_send_client_certificate(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_CW_KEY_EXCH_A;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_CW_KEY_EXCH_A:
-        case SSL3_ST_CW_KEY_EXCH_B:
-            ret = ssl3_send_client_key_exchange(s);
-            if (ret <= 0)
-                goto end;
-            /*
-             * EAY EAY EAY need to check for DH fix cert sent back
-             */
-            /*
-             * For TLS, cert_req is set to 2, so a cert chain of nothing is
-             * sent, but no verify packet is sent
-             */
-            /*
-             * XXX: For now, we do not support client authentication in ECDH
-             * cipher suites with ECDH (rather than ECDSA) certificates. We
-             * need to skip the certificate verify message when client's
-             * ECDH public key is sent inside the client certificate.
-             */
-            if (s->s3->tmp.cert_req == 1) {
-                s->state = SSL3_ST_CW_CERT_VRFY_A;
-            } else {
-                s->state = SSL3_ST_CW_CHANGE_A;
-            }
-            if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
-                s->state = SSL3_ST_CW_CHANGE_A;
-            }
-
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_CW_CERT_VRFY_A:
-        case SSL3_ST_CW_CERT_VRFY_B:
-            ret = ssl3_send_client_verify(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_CW_CHANGE_A;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_CW_CHANGE_A:
-        case SSL3_ST_CW_CHANGE_B:
-            ret = ssl3_send_change_cipher_spec(s,
-                                               SSL3_ST_CW_CHANGE_A,
-                                               SSL3_ST_CW_CHANGE_B);
-            if (ret <= 0)
-                goto end;
-
-#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
-            s->state = SSL3_ST_CW_FINISHED_A;
-#else
-            if (s->s3->next_proto_neg_seen)
-                s->state = SSL3_ST_CW_NEXT_PROTO_A;
-            else
-                s->state = SSL3_ST_CW_FINISHED_A;
-#endif
-            s->init_num = 0;
-
-            s->session->cipher = s->s3->tmp.new_cipher;
-#ifdef OPENSSL_NO_COMP
-            s->session->compress_meth = 0;
-#else
-            if (s->s3->tmp.new_compression == NULL)
-                s->session->compress_meth = 0;
-            else
-                s->session->compress_meth = s->s3->tmp.new_compression->id;
-#endif
-            if (!s->method->ssl3_enc->setup_key_block(s)) {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-
-            if (!s->method->ssl3_enc->change_cipher_state(s,
-                                                          SSL3_CHANGE_CIPHER_CLIENT_WRITE))
-            {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-
-            break;
-
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
-        case SSL3_ST_CW_NEXT_PROTO_A:
-        case SSL3_ST_CW_NEXT_PROTO_B:
-            ret = ssl3_send_next_proto(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_CW_FINISHED_A;
-            break;
-#endif
-
-        case SSL3_ST_CW_FINISHED_A:
-        case SSL3_ST_CW_FINISHED_B:
-            ret = ssl3_send_finished(s,
-                                     SSL3_ST_CW_FINISHED_A,
-                                     SSL3_ST_CW_FINISHED_B,
-                                     s->method->
-                                     ssl3_enc->client_finished_label,
-                                     s->method->
-                                     ssl3_enc->client_finished_label_len);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_CW_FLUSH;
-
-            /* clear flags */
-            s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
-            if (s->hit) {
-                s->s3->tmp.next_state = SSL_ST_OK;
-                if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
-                    s->state = SSL_ST_OK;
-                    s->s3->flags |= SSL3_FLAGS_POP_BUFFER;
-                    s->s3->delay_buf_pop_ret = 0;
-                }
-            } else {
-#ifndef OPENSSL_NO_TLSEXT
-                /*
-                 * Allow NewSessionTicket if ticket expected
-                 */
-                if (s->tlsext_ticket_expected)
-                    s->s3->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A;
-                else
-#endif
-
-                    s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A;
-            }
-            s->init_num = 0;
-            break;
-
-#ifndef OPENSSL_NO_TLSEXT
-        case SSL3_ST_CR_SESSION_TICKET_A:
-        case SSL3_ST_CR_SESSION_TICKET_B:
-            ret = ssl3_get_new_session_ticket(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_CR_FINISHED_A;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_CR_CERT_STATUS_A:
-        case SSL3_ST_CR_CERT_STATUS_B:
-            ret = ssl3_get_cert_status(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_CR_KEY_EXCH_A;
-            s->init_num = 0;
-            break;
-#endif
-
-        case SSL3_ST_CR_FINISHED_A:
-        case SSL3_ST_CR_FINISHED_B:
-            if (!s->s3->change_cipher_spec)
-                s->s3->flags |= SSL3_FLAGS_CCS_OK;
-            ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A,
-                                    SSL3_ST_CR_FINISHED_B);
-            if (ret <= 0)
-                goto end;
-
-            if (s->hit)
-                s->state = SSL3_ST_CW_CHANGE_A;
-            else
-                s->state = SSL_ST_OK;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_CW_FLUSH:
-            s->rwstate = SSL_WRITING;
-            if (BIO_flush(s->wbio) <= 0) {
-                ret = -1;
-                goto end;
-            }
-            s->rwstate = SSL_NOTHING;
-            s->state = s->s3->tmp.next_state;
-            break;
-
-        case SSL_ST_OK:
-            /* clean a few things up */
-            ssl3_cleanup_key_block(s);
-
-            if (s->init_buf != NULL) {
-                BUF_MEM_free(s->init_buf);
-                s->init_buf = NULL;
-            }
-
-            /*
-             * If we are not 'joining' the last two packets, remove the
-             * buffering now
-             */
-            if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
-                ssl_free_wbio_buffer(s);
-            /* else do it later in ssl3_write */
-
-            s->init_num = 0;
-            s->renegotiate = 0;
-            s->new_session = 0;
-
-            ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
-            if (s->hit)
-                s->ctx->stats.sess_hit++;
-
-            ret = 1;
-            /* s->server=0; */
-            s->handshake_func = ssl3_connect;
-            s->ctx->stats.sess_connect_good++;
-
-            if (cb != NULL)
-                cb(s, SSL_CB_HANDSHAKE_DONE, 1);
-
-            goto end;
-            /* break; */
-
-        case SSL_ST_ERR:
-        default:
-            SSLerr(SSL_F_SSL3_CONNECT, SSL_R_UNKNOWN_STATE);
-            ret = -1;
-            goto end;
-            /* break; */
-        }
-
-        /* did we do anything */
-        if (!s->s3->tmp.reuse_message && !skip) {
-            if (s->debug) {
-                if ((ret = BIO_flush(s->wbio)) <= 0)
-                    goto end;
-            }
-
-            if ((cb != NULL) && (s->state != state)) {
-                new_state = s->state;
-                s->state = state;
-                cb(s, SSL_CB_CONNECT_LOOP, 1);
-                s->state = new_state;
-            }
-        }
-        skip = 0;
-    }
- end:
-    s->in_handshake--;
-    if (buf != NULL)
-        BUF_MEM_free(buf);
-    if (cb != NULL)
-        cb(s, SSL_CB_CONNECT_EXIT, ret);
-    return (ret);
-}
-
-int ssl3_client_hello(SSL *s)
-{
-    unsigned char *buf;
-    unsigned char *p, *d;
-    int i;
-    unsigned long l;
-#ifndef OPENSSL_NO_COMP
-    int j;
-    SSL_COMP *comp;
-#endif
-
-    buf = (unsigned char *)s->init_buf->data;
-    if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
-        SSL_SESSION *sess = s->session;
-        if ((sess == NULL) || (sess->ssl_version != s->version) ||
-#ifdef OPENSSL_NO_TLSEXT
-            !sess->session_id_length ||
-#else
-            /*
-             * In the case of EAP-FAST, we can have a pre-shared
-             * "ticket" without a session ID.
-             */
-            (!sess->session_id_length && !sess->tlsext_tick) ||
-#endif
-            (sess->not_resumable)) {
-            if (!ssl_get_new_session(s, 0))
-                goto err;
-        }
-        /* else use the pre-loaded session */
-
-        p = s->s3->client_random;
-
-        if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
-            goto err;
-
-        /* Do the message type and length last */
-        d = p = &(buf[4]);
-
-        /*-
-         * version indicates the negotiated version: for example from
-         * an SSLv2/v3 compatible client hello). The client_version
-         * field is the maximum version we permit and it is also
-         * used in RSA encrypted premaster secrets. Some servers can
-         * choke if we initially report a higher version then
-         * renegotiate to a lower one in the premaster secret. This
-         * didn't happen with TLS 1.0 as most servers supported it
-         * but it can with TLS 1.1 or later if the server only supports
-         * 1.0.
-         *
-         * Possible scenario with previous logic:
-         *      1. Client hello indicates TLS 1.2
-         *      2. Server hello says TLS 1.0
-         *      3. RSA encrypted premaster secret uses 1.2.
-         *      4. Handhaked proceeds using TLS 1.0.
-         *      5. Server sends hello request to renegotiate.
-         *      6. Client hello indicates TLS v1.0 as we now
-         *         know that is maximum server supports.
-         *      7. Server chokes on RSA encrypted premaster secret
-         *         containing version 1.0.
-         *
-         * For interoperability it should be OK to always use the
-         * maximum version we support in client hello and then rely
-         * on the checking of version to ensure the servers isn't
-         * being inconsistent: for example initially negotiating with
-         * TLS 1.0 and renegotiating with TLS 1.2. We do this by using
-         * client_version in client hello and not resetting it to
-         * the negotiated version.
-         */
-#if 0
-        *(p++) = s->version >> 8;
-        *(p++) = s->version & 0xff;
-        s->client_version = s->version;
-#else
-        *(p++) = s->client_version >> 8;
-        *(p++) = s->client_version & 0xff;
-#endif
-
-        /* Random stuff */
-        memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
-        p += SSL3_RANDOM_SIZE;
-
-        /* Session ID */
-        if (s->new_session)
-            i = 0;
-        else
-            i = s->session->session_id_length;
-        *(p++) = i;
-        if (i != 0) {
-            if (i > (int)sizeof(s->session->session_id)) {
-                SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-            memcpy(p, s->session->session_id, i);
-            p += i;
-        }
-
-        /* Ciphers supported */
-        i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0);
-        if (i == 0) {
-            SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
-            goto err;
-        }
-#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH
-        /*
-         * Some servers hang if client hello > 256 bytes as hack workaround
-         * chop number of supported ciphers to keep it well below this if we
-         * use TLS v1.2
-         */
-        if (TLS1_get_version(s) >= TLS1_2_VERSION
-            && i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
-            i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
-#endif
-        s2n(i, p);
-        p += i;
-
-        /* COMPRESSION */
-#ifdef OPENSSL_NO_COMP
-        *(p++) = 1;
-#else
-
-        if ((s->options & SSL_OP_NO_COMPRESSION)
-            || !s->ctx->comp_methods)
-            j = 0;
-        else
-            j = sk_SSL_COMP_num(s->ctx->comp_methods);
-        *(p++) = 1 + j;
-        for (i = 0; i < j; i++) {
-            comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
-            *(p++) = comp->id;
-        }
-#endif
-        *(p++) = 0;             /* Add the NULL method */
-
-#ifndef OPENSSL_NO_TLSEXT
-        /* TLS extensions */
-        if (ssl_prepare_clienthello_tlsext(s) <= 0) {
-            SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
-            goto err;
-        }
-        if ((p =
-             ssl_add_clienthello_tlsext(s, p,
-                                        buf + SSL3_RT_MAX_PLAIN_LENGTH)) ==
-            NULL) {
-            SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
-            goto err;
-        }
-#endif
-
-        l = (p - d);
-        d = buf;
-        *(d++) = SSL3_MT_CLIENT_HELLO;
-        l2n3(l, d);
-
-        s->state = SSL3_ST_CW_CLNT_HELLO_B;
-        /* number of bytes to write */
-        s->init_num = p - buf;
-        s->init_off = 0;
-    }
-
-    /* SSL3_ST_CW_CLNT_HELLO_B */
-    return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
- err:
-    s->state = SSL_ST_ERR;
-    return (-1);
-}
-
-int ssl3_get_server_hello(SSL *s)
-{
-    STACK_OF(SSL_CIPHER) *sk;
-    const SSL_CIPHER *c;
-    unsigned char *p, *d;
-    int i, al, ok;
-    unsigned int j;
-    long n;
-#ifndef OPENSSL_NO_COMP
-    SSL_COMP *comp;
-#endif
-
-    n = s->method->ssl_get_message(s,
-                                   SSL3_ST_CR_SRVR_HELLO_A,
-                                   SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, &ok);
-
-    if (!ok)
-        return ((int)n);
-
-    if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) {
-        if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
-            if (s->d1->send_cookie == 0) {
-                s->s3->tmp.reuse_message = 1;
-                return 1;
-            } else {            /* already sent a cookie */
-
-                al = SSL_AD_UNEXPECTED_MESSAGE;
-                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_MESSAGE_TYPE);
-                goto f_err;
-            }
-        }
-    }
-
-    if (s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO) {
-        al = SSL_AD_UNEXPECTED_MESSAGE;
-        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_MESSAGE_TYPE);
-        goto f_err;
-    }
-
-    d = p = (unsigned char *)s->init_msg;
-
-    if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) {
-        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_SSL_VERSION);
-        s->version = (s->version & 0xff00) | p[1];
-        al = SSL_AD_PROTOCOL_VERSION;
-        goto f_err;
-    }
-    p += 2;
-
-    /* load the server hello data */
-    /* load the server random */
-    memcpy(s->s3->server_random, p, SSL3_RANDOM_SIZE);
-    p += SSL3_RANDOM_SIZE;
-
-    s->hit = 0;
-
-    /* get the session-id */
-    j = *(p++);
-
-    if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE)) {
-        al = SSL_AD_ILLEGAL_PARAMETER;
-        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_SSL3_SESSION_ID_TOO_LONG);
-        goto f_err;
-    }
-#ifndef OPENSSL_NO_TLSEXT
-    /*
-     * Check if we can resume the session based on external pre-shared secret.
-     * EAP-FAST (RFC 4851) supports two types of session resumption.
-     * Resumption based on server-side state works with session IDs.
-     * Resumption based on pre-shared Protected Access Credentials (PACs)
-     * works by overriding the SessionTicket extension at the application
-     * layer, and does not send a session ID. (We do not know whether EAP-FAST
-     * servers would honour the session ID.) Therefore, the session ID alone
-     * is not a reliable indicator of session resumption, so we first check if
-     * we can resume, and later peek at the next handshake message to see if the
-     * server wants to resume.
-     */
-    if (s->version >= TLS1_VERSION && s->tls_session_secret_cb &&
-        s->session->tlsext_tick) {
-        SSL_CIPHER *pref_cipher = NULL;
-        s->session->master_key_length = sizeof(s->session->master_key);
-        if (s->tls_session_secret_cb(s, s->session->master_key,
-                                     &s->session->master_key_length,
-                                     NULL, &pref_cipher,
-                                     s->tls_session_secret_cb_arg)) {
-            s->session->cipher = pref_cipher ?
-                pref_cipher : ssl_get_cipher_by_char(s, p + j);
-        } else {
-            SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
-            al = SSL_AD_INTERNAL_ERROR;
-            goto f_err;
-        }
-    }
-#endif                          /* OPENSSL_NO_TLSEXT */
-
-    if (j != 0 && j == s->session->session_id_length
-        && memcmp(p, s->session->session_id, j) == 0) {
-        if (s->sid_ctx_length != s->session->sid_ctx_length
-            || memcmp(s->session->sid_ctx, s->sid_ctx, s->sid_ctx_length)) {
-            /* actually a client application bug */
-            al = SSL_AD_ILLEGAL_PARAMETER;
-            SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
-                   SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
-            goto f_err;
-        }
-        s->hit = 1;
-    } else {
-        /*
-         * If we were trying for session-id reuse but the server
-         * didn't echo the ID, make a new SSL_SESSION.
-         * In the case of EAP-FAST and PAC, we do not send a session ID,
-         * so the PAC-based session secret is always preserved. It'll be
-         * overwritten if the server refuses resumption.
-         */
-        if (s->session->session_id_length > 0) {
-            if (!ssl_get_new_session(s, 0)) {
-                al = SSL_AD_INTERNAL_ERROR;
-                goto f_err;
-            }
-        }
-        s->session->session_id_length = j;
-        memcpy(s->session->session_id, p, j); /* j could be 0 */
-    }
-    p += j;
-    c = ssl_get_cipher_by_char(s, p);
-    if (c == NULL) {
-        /* unknown cipher */
-        al = SSL_AD_ILLEGAL_PARAMETER;
-        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_UNKNOWN_CIPHER_RETURNED);
-        goto f_err;
-    }
-    /* TLS v1.2 only ciphersuites require v1.2 or later */
-    if ((c->algorithm_ssl & SSL_TLSV1_2) &&
-        (TLS1_get_version(s) < TLS1_2_VERSION)) {
-        al = SSL_AD_ILLEGAL_PARAMETER;
-        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_CIPHER_RETURNED);
-        goto f_err;
-    }
-#ifndef OPENSSL_NO_SRP
-    if (((c->algorithm_mkey & SSL_kSRP) || (c->algorithm_auth & SSL_aSRP)) &&
-        !(s->srp_ctx.srp_Mask & SSL_kSRP)) {
-        al = SSL_AD_ILLEGAL_PARAMETER;
-        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_CIPHER_RETURNED);
-        goto f_err;
-    }
-#endif                          /* OPENSSL_NO_SRP */
-    p += ssl_put_cipher_by_char(s, NULL, NULL);
-
-    sk = ssl_get_ciphers_by_id(s);
-    i = sk_SSL_CIPHER_find(sk, c);
-    if (i < 0) {
-        /* we did not say we would use this cipher */
-        al = SSL_AD_ILLEGAL_PARAMETER;
-        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_CIPHER_RETURNED);
-        goto f_err;
-    }
-
-    /*
-     * Depending on the session caching (internal/external), the cipher
-     * and/or cipher_id values may not be set. Make sure that cipher_id is
-     * set and use it for comparison.
-     */
-    if (s->session->cipher)
-        s->session->cipher_id = s->session->cipher->id;
-    if (s->hit && (s->session->cipher_id != c->id)) {
-/* Workaround is now obsolete */
-#if 0
-        if (!(s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
-#endif
-        {
-            al = SSL_AD_ILLEGAL_PARAMETER;
-            SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
-                   SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
-            goto f_err;
-        }
-    }
-    s->s3->tmp.new_cipher = c;
-    /*
-     * Don't digest cached records if TLS v1.2: we may need them for client
-     * authentication.
-     */
-    if (TLS1_get_version(s) < TLS1_2_VERSION
-        && !ssl3_digest_cached_records(s)) {
-        al = SSL_AD_INTERNAL_ERROR;
-        goto f_err;
-    }
-    /* lets get the compression algorithm */
-    /* COMPRESSION */
-#ifdef OPENSSL_NO_COMP
-    if (*(p++) != 0) {
-        al = SSL_AD_ILLEGAL_PARAMETER;
-        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
-               SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
-        goto f_err;
-    }
-    /*
-     * If compression is disabled we'd better not try to resume a session
-     * using compression.
-     */
-    if (s->session->compress_meth != 0) {
-        al = SSL_AD_INTERNAL_ERROR;
-        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_INCONSISTENT_COMPRESSION);
-        goto f_err;
-    }
-#else
-    j = *(p++);
-    if (s->hit && j != s->session->compress_meth) {
-        al = SSL_AD_ILLEGAL_PARAMETER;
-        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
-               SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED);
-        goto f_err;
-    }
-    if (j == 0)
-        comp = NULL;
-    else if (s->options & SSL_OP_NO_COMPRESSION) {
-        al = SSL_AD_ILLEGAL_PARAMETER;
-        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_COMPRESSION_DISABLED);
-        goto f_err;
-    } else
-        comp = ssl3_comp_find(s->ctx->comp_methods, j);
-
-    if ((j != 0) && (comp == NULL)) {
-        al = SSL_AD_ILLEGAL_PARAMETER;
-        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
-               SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
-        goto f_err;
-    } else {
-        s->s3->tmp.new_compression = comp;
-    }
-#endif
-
-#ifndef OPENSSL_NO_TLSEXT
-    /* TLS extensions */
-    if (s->version >= SSL3_VERSION) {
-        if (!ssl_parse_serverhello_tlsext(s, &p, d, n, &al)) {
-            /* 'al' set by ssl_parse_serverhello_tlsext */
-            SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_PARSE_TLSEXT);
-            goto f_err;
-        }
-        if (ssl_check_serverhello_tlsext(s) <= 0) {
-            SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_SERVERHELLO_TLSEXT);
-            goto err;
-        }
-    }
-#endif
-
-    if (p != (d + n)) {
-        /* wrong packet length */
-        al = SSL_AD_DECODE_ERROR;
-        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_PACKET_LENGTH);
-        goto f_err;
-    }
-
-    return (1);
- f_err:
-    ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
-    s->state = SSL_ST_ERR;
-    return (-1);
-}
-
-int ssl3_get_server_certificate(SSL *s)
-{
-    int al, i, ok, ret = -1;
-    unsigned long n, nc, llen, l;
-    X509 *x = NULL;
-    const unsigned char *q, *p;
-    unsigned char *d;
-    STACK_OF(X509) *sk = NULL;
-    SESS_CERT *sc;
-    EVP_PKEY *pkey = NULL;
-    int need_cert = 1;          /* VRS: 0=> will allow null cert if auth ==
-                                 * KRB5 */
-
-    n = s->method->ssl_get_message(s,
-                                   SSL3_ST_CR_CERT_A,
-                                   SSL3_ST_CR_CERT_B,
-                                   -1, s->max_cert_list, &ok);
-
-    if (!ok)
-        return ((int)n);
-
-    if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) ||
-        ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) &&
-         (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE))) {
-        s->s3->tmp.reuse_message = 1;
-        return (1);
-    }
-
-    if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) {
-        al = SSL_AD_UNEXPECTED_MESSAGE;
-        SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_BAD_MESSAGE_TYPE);
-        goto f_err;
-    }
-    p = d = (unsigned char *)s->init_msg;
-
-    if ((sk = sk_X509_new_null()) == NULL) {
-        SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    n2l3(p, llen);
-    if (llen + 3 != n) {
-        al = SSL_AD_DECODE_ERROR;
-        SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_LENGTH_MISMATCH);
-        goto f_err;
-    }
-    for (nc = 0; nc < llen;) {
-        n2l3(p, l);
-        if ((l + nc + 3) > llen) {
-            al = SSL_AD_DECODE_ERROR;
-            SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
-                   SSL_R_CERT_LENGTH_MISMATCH);
-            goto f_err;
-        }
-
-        q = p;
-        x = d2i_X509(NULL, &q, l);
-        if (x == NULL) {
-            al = SSL_AD_BAD_CERTIFICATE;
-            SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_ASN1_LIB);
-            goto f_err;
-        }
-        if (q != (p + l)) {
-            al = SSL_AD_DECODE_ERROR;
-            SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
-                   SSL_R_CERT_LENGTH_MISMATCH);
-            goto f_err;
-        }
-        if (!sk_X509_push(sk, x)) {
-            SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-        x = NULL;
-        nc += l + 3;
-        p = q;
-    }
-
-    i = ssl_verify_cert_chain(s, sk);
-    if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)
-#ifndef OPENSSL_NO_KRB5
-        && !((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) &&
-             (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
-#endif                          /* OPENSSL_NO_KRB5 */
-        ) {
-        al = ssl_verify_alarm_type(s->verify_result);
-        SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
-               SSL_R_CERTIFICATE_VERIFY_FAILED);
-        goto f_err;
-    }
-    ERR_clear_error();          /* but we keep s->verify_result */
-
-    sc = ssl_sess_cert_new();
-    if (sc == NULL)
-        goto err;
-
-    if (s->session->sess_cert)
-        ssl_sess_cert_free(s->session->sess_cert);
-    s->session->sess_cert = sc;
-
-    sc->cert_chain = sk;
-    /*
-     * Inconsistency alert: cert_chain does include the peer's certificate,
-     * which we don't include in s3_srvr.c
-     */
-    x = sk_X509_value(sk, 0);
-    sk = NULL;
-    /*
-     * VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end
-     */
-
-    pkey = X509_get_pubkey(x);
-
-    /* VRS: allow null cert if auth == KRB5 */
-    need_cert = ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) &&
-                 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
-        ? 0 : 1;
-
-#ifdef KSSL_DEBUG
-    fprintf(stderr, "pkey,x = %p, %p\n", pkey, x);
-    fprintf(stderr, "ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x, pkey));
-    fprintf(stderr, "cipher, alg, nc = %s, %lx, %lx, %d\n",
-            s->s3->tmp.new_cipher->name,
-            s->s3->tmp.new_cipher->algorithm_mkey,
-            s->s3->tmp.new_cipher->algorithm_auth, need_cert);
-#endif                          /* KSSL_DEBUG */
-
-    if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))) {
-        x = NULL;
-        al = SSL3_AL_FATAL;
-        SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
-               SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
-        goto f_err;
-    }
-
-    i = ssl_cert_type(x, pkey);
-    if (need_cert && i < 0) {
-        x = NULL;
-        al = SSL3_AL_FATAL;
-        SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
-               SSL_R_UNKNOWN_CERTIFICATE_TYPE);
-        goto f_err;
-    }
-
-    if (need_cert) {
-        sc->peer_cert_type = i;
-        CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-        /*
-         * Why would the following ever happen? We just created sc a couple
-         * of lines ago.
-         */
-        if (sc->peer_pkeys[i].x509 != NULL)
-            X509_free(sc->peer_pkeys[i].x509);
-        sc->peer_pkeys[i].x509 = x;
-        sc->peer_key = &(sc->peer_pkeys[i]);
-
-        if (s->session->peer != NULL)
-            X509_free(s->session->peer);
-        CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-        s->session->peer = x;
-    } else {
-        sc->peer_cert_type = i;
-        sc->peer_key = NULL;
-
-        if (s->session->peer != NULL)
-            X509_free(s->session->peer);
-        s->session->peer = NULL;
-    }
-    s->session->verify_result = s->verify_result;
-
-    x = NULL;
-    ret = 1;
-
-    if (0) {
- f_err:
-        ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
-        s->state = SSL_ST_ERR;
-    }
-
-    EVP_PKEY_free(pkey);
-    X509_free(x);
-    sk_X509_pop_free(sk, X509_free);
-    return (ret);
-}
-
-int ssl3_get_key_exchange(SSL *s)
-{
-#ifndef OPENSSL_NO_RSA
-    unsigned char *q, md_buf[EVP_MAX_MD_SIZE * 2];
-#endif
-    EVP_MD_CTX md_ctx;
-    unsigned char *param, *p;
-    int al, j, ok;
-    long i, param_len, n, alg_k, alg_a;
-    EVP_PKEY *pkey = NULL;
-    const EVP_MD *md = NULL;
-#ifndef OPENSSL_NO_RSA
-    RSA *rsa = NULL;
-#endif
-#ifndef OPENSSL_NO_DH
-    DH *dh = NULL;
-#endif
-#ifndef OPENSSL_NO_ECDH
-    EC_KEY *ecdh = NULL;
-    BN_CTX *bn_ctx = NULL;
-    EC_POINT *srvr_ecpoint = NULL;
-    int curve_nid = 0;
-    int encoded_pt_len = 0;
-#endif
-
-    EVP_MD_CTX_init(&md_ctx);
-
-    /*
-     * use same message size as in ssl3_get_certificate_request() as
-     * ServerKeyExchange message may be skipped
-     */
-    n = s->method->ssl_get_message(s,
-                                   SSL3_ST_CR_KEY_EXCH_A,
-                                   SSL3_ST_CR_KEY_EXCH_B,
-                                   -1, s->max_cert_list, &ok);
-    if (!ok)
-        return ((int)n);
-
-    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-
-    if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) {
-        /*
-         * Can't skip server key exchange if this is an ephemeral
-         * ciphersuite.
-         */
-        if (alg_k & (SSL_kEDH | SSL_kEECDH)) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
-            al = SSL_AD_UNEXPECTED_MESSAGE;
-            goto f_err;
-        }
-#ifndef OPENSSL_NO_PSK
-        /*
-         * In plain PSK ciphersuite, ServerKeyExchange can be omitted if no
-         * identity hint is sent. Set session->sess_cert anyway to avoid
-         * problems later.
-         */
-        if (alg_k & SSL_kPSK) {
-            s->session->sess_cert = ssl_sess_cert_new();
-            if (s->ctx->psk_identity_hint)
-                OPENSSL_free(s->ctx->psk_identity_hint);
-            s->ctx->psk_identity_hint = NULL;
-        }
-#endif
-        s->s3->tmp.reuse_message = 1;
-        return (1);
-    }
-
-    param = p = (unsigned char *)s->init_msg;
-    if (s->session->sess_cert != NULL) {
-#ifndef OPENSSL_NO_RSA
-        if (s->session->sess_cert->peer_rsa_tmp != NULL) {
-            RSA_free(s->session->sess_cert->peer_rsa_tmp);
-            s->session->sess_cert->peer_rsa_tmp = NULL;
-        }
-#endif
-#ifndef OPENSSL_NO_DH
-        if (s->session->sess_cert->peer_dh_tmp) {
-            DH_free(s->session->sess_cert->peer_dh_tmp);
-            s->session->sess_cert->peer_dh_tmp = NULL;
-        }
-#endif
-#ifndef OPENSSL_NO_ECDH
-        if (s->session->sess_cert->peer_ecdh_tmp) {
-            EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
-            s->session->sess_cert->peer_ecdh_tmp = NULL;
-        }
-#endif
-    } else {
-        s->session->sess_cert = ssl_sess_cert_new();
-    }
-
-    /* Total length of the parameters including the length prefix */
-    param_len = 0;
-
-    alg_a = s->s3->tmp.new_cipher->algorithm_auth;
-
-    al = SSL_AD_DECODE_ERROR;
-
-#ifndef OPENSSL_NO_PSK
-    if (alg_k & SSL_kPSK) {
-        param_len = 2;
-        if (param_len > n) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
-            goto f_err;
-        }
-        n2s(p, i);
-
-        /*
-         * Store PSK identity hint for later use, hint is used in
-         * ssl3_send_client_key_exchange.  Assume that the maximum length of
-         * a PSK identity hint can be as long as the maximum length of a PSK
-         * identity.
-         */
-        if (i > PSK_MAX_IDENTITY_LEN) {
-            al = SSL_AD_HANDSHAKE_FAILURE;
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_DATA_LENGTH_TOO_LONG);
-            goto f_err;
-        }
-        if (i > n - param_len) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
-                   SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH);
-            goto f_err;
-        }
-        param_len += i;
-
-        s->session->psk_identity_hint = BUF_strndup((char *)p, i);
-        if (s->session->psk_identity_hint == NULL) {
-            al = SSL_AD_HANDSHAKE_FAILURE;
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
-            goto f_err;
-        }
-
-        p += i;
-        n -= param_len;
-    } else
-#endif                          /* !OPENSSL_NO_PSK */
-#ifndef OPENSSL_NO_SRP
-    if (alg_k & SSL_kSRP) {
-        param_len = 2;
-        if (param_len > n) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
-            goto f_err;
-        }
-        n2s(p, i);
-
-        if (i > n - param_len) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_N_LENGTH);
-            goto f_err;
-        }
-        param_len += i;
-
-        if (!(s->srp_ctx.N = BN_bin2bn(p, i, NULL))) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
-            goto err;
-        }
-        p += i;
-
-        if (2 > n - param_len) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
-            goto f_err;
-        }
-        param_len += 2;
-
-        n2s(p, i);
-
-        if (i > n - param_len) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_G_LENGTH);
-            goto f_err;
-        }
-        param_len += i;
-
-        if (!(s->srp_ctx.g = BN_bin2bn(p, i, NULL))) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
-            goto err;
-        }
-        p += i;
-
-        if (1 > n - param_len) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
-            goto f_err;
-        }
-        param_len += 1;
-
-        i = (unsigned int)(p[0]);
-        p++;
-
-        if (i > n - param_len) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_S_LENGTH);
-            goto f_err;
-        }
-        param_len += i;
-
-        if (!(s->srp_ctx.s = BN_bin2bn(p, i, NULL))) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
-            goto err;
-        }
-        p += i;
-
-        if (2 > n - param_len) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
-            goto f_err;
-        }
-        param_len += 2;
-
-        n2s(p, i);
-
-        if (i > n - param_len) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_B_LENGTH);
-            goto f_err;
-        }
-        param_len += i;
-
-        if (!(s->srp_ctx.B = BN_bin2bn(p, i, NULL))) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
-            goto err;
-        }
-        p += i;
-        n -= param_len;
-
-        if (!srp_verify_server_param(s, &al)) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_PARAMETERS);
-            goto f_err;
-        }
-
-/* We must check if there is a certificate */
-# ifndef OPENSSL_NO_RSA
-        if (alg_a & SSL_aRSA)
-            pkey =
-                X509_get_pubkey(s->session->
-                                sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-# else
-        if (0) ;
-# endif
-# ifndef OPENSSL_NO_DSA
-        else if (alg_a & SSL_aDSS)
-            pkey =
-                X509_get_pubkey(s->session->
-                                sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].
-                                x509);
-# endif
-    } else
-#endif                          /* !OPENSSL_NO_SRP */
-#ifndef OPENSSL_NO_RSA
-    if (alg_k & SSL_kRSA) {
-        /* Temporary RSA keys only allowed in export ciphersuites */
-        if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)) {
-            al = SSL_AD_UNEXPECTED_MESSAGE;
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
-            goto f_err;
-        }
-        if ((rsa = RSA_new()) == NULL) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-
-        param_len = 2;
-        if (param_len > n) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
-            goto f_err;
-        }
-        n2s(p, i);
-
-        if (i > n - param_len) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_RSA_MODULUS_LENGTH);
-            goto f_err;
-        }
-        param_len += i;
-
-        if (!(rsa->n = BN_bin2bn(p, i, rsa->n))) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
-            goto err;
-        }
-        p += i;
-
-        if (2 > n - param_len) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
-            goto f_err;
-        }
-        param_len += 2;
-
-        n2s(p, i);
-
-        if (i > n - param_len) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_RSA_E_LENGTH);
-            goto f_err;
-        }
-        param_len += i;
-
-        if (!(rsa->e = BN_bin2bn(p, i, rsa->e))) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
-            goto err;
-        }
-        p += i;
-        n -= param_len;
-
-        /* this should be because we are using an export cipher */
-        if (alg_a & SSL_aRSA)
-            pkey =
-                X509_get_pubkey(s->session->
-                                sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-        else {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-            goto err;
-        }
-
-        if (EVP_PKEY_bits(pkey) <= SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
-            al = SSL_AD_UNEXPECTED_MESSAGE;
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
-            goto f_err;
-        }
-
-        s->session->sess_cert->peer_rsa_tmp = rsa;
-        rsa = NULL;
-    }
-#else                           /* OPENSSL_NO_RSA */
-    if (0) ;
-#endif
-#ifndef OPENSSL_NO_DH
-    else if (alg_k & SSL_kEDH) {
-        if ((dh = DH_new()) == NULL) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_DH_LIB);
-            goto err;
-        }
-
-        param_len = 2;
-        if (param_len > n) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
-            goto f_err;
-        }
-        n2s(p, i);
-
-        if (i > n - param_len) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_P_LENGTH);
-            goto f_err;
-        }
-        param_len += i;
-
-        if (!(dh->p = BN_bin2bn(p, i, NULL))) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
-            goto err;
-        }
-        p += i;
-
-        if (BN_is_zero(dh->p)) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_P_VALUE);
-            goto f_err;
-        }
-
-
-        if (2 > n - param_len) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
-            goto f_err;
-        }
-        param_len += 2;
-
-        n2s(p, i);
-
-        if (i > n - param_len) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_G_LENGTH);
-            goto f_err;
-        }
-        param_len += i;
-
-        if (!(dh->g = BN_bin2bn(p, i, NULL))) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
-            goto err;
-        }
-        p += i;
-
-        if (BN_is_zero(dh->g)) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_G_VALUE);
-            goto f_err;
-        }
-
-        if (2 > n - param_len) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
-            goto f_err;
-        }
-        param_len += 2;
-
-        n2s(p, i);
-
-        if (i > n - param_len) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_PUB_KEY_LENGTH);
-            goto f_err;
-        }
-        param_len += i;
-
-        if (!(dh->pub_key = BN_bin2bn(p, i, NULL))) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
-            goto err;
-        }
-        p += i;
-        n -= param_len;
-
-        if (BN_is_zero(dh->pub_key)) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_PUB_KEY_VALUE);
-            goto f_err;
-        }
-
-# ifndef OPENSSL_NO_RSA
-        if (alg_a & SSL_aRSA)
-            pkey =
-                X509_get_pubkey(s->session->
-                                sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-# else
-        if (0) ;
-# endif
-# ifndef OPENSSL_NO_DSA
-        else if (alg_a & SSL_aDSS)
-            pkey =
-                X509_get_pubkey(s->session->
-                                sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].
-                                x509);
-# endif
-        /* else anonymous DH, so no certificate or pkey. */
-
-        s->session->sess_cert->peer_dh_tmp = dh;
-        dh = NULL;
-    } else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd)) {
-        al = SSL_AD_ILLEGAL_PARAMETER;
-        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
-               SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
-        goto f_err;
-    }
-#endif                          /* !OPENSSL_NO_DH */
-
-#ifndef OPENSSL_NO_ECDH
-    else if (alg_k & SSL_kEECDH) {
-        EC_GROUP *ngroup;
-        const EC_GROUP *group;
-
-        if ((ecdh = EC_KEY_new()) == NULL) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-
-        /*
-         * Extract elliptic curve parameters and the server's ephemeral ECDH
-         * public key. Keep accumulating lengths of various components in
-         * param_len and make sure it never exceeds n.
-         */
-
-        /*
-         * XXX: For now we only support named (not generic) curves and the
-         * ECParameters in this case is just three bytes. We also need one
-         * byte for the length of the encoded point
-         */
-        param_len = 4;
-        if (param_len > n) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
-            goto f_err;
-        }
-
-        if ((*p != NAMED_CURVE_TYPE) ||
-            ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0)) {
-            al = SSL_AD_INTERNAL_ERROR;
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
-                   SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
-            goto f_err;
-        }
-
-        ngroup = EC_GROUP_new_by_curve_name(curve_nid);
-        if (ngroup == NULL) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_EC_LIB);
-            goto err;
-        }
-        if (EC_KEY_set_group(ecdh, ngroup) == 0) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_EC_LIB);
-            goto err;
-        }
-        EC_GROUP_free(ngroup);
-
-        group = EC_KEY_get0_group(ecdh);
-
-        if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
-            (EC_GROUP_get_degree(group) > 163)) {
-            al = SSL_AD_EXPORT_RESTRICTION;
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
-                   SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
-            goto f_err;
-        }
-
-        p += 3;
-
-        /* Next, get the encoded ECPoint */
-        if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) ||
-            ((bn_ctx = BN_CTX_new()) == NULL)) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-
-        encoded_pt_len = *p;    /* length of encoded point */
-        p += 1;
-
-        if ((encoded_pt_len > n - param_len) ||
-            (EC_POINT_oct2point(group, srvr_ecpoint,
-                                p, encoded_pt_len, bn_ctx) == 0)) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_ECPOINT);
-            goto f_err;
-        }
-        param_len += encoded_pt_len;
-
-        n -= param_len;
-        p += encoded_pt_len;
-
-        /*
-         * The ECC/TLS specification does not mention the use of DSA to sign
-         * ECParameters in the server key exchange message. We do support RSA
-         * and ECDSA.
-         */
-        if (0) ;
-# ifndef OPENSSL_NO_RSA
-        else if (alg_a & SSL_aRSA)
-            pkey =
-                X509_get_pubkey(s->session->
-                                sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-# endif
-# ifndef OPENSSL_NO_ECDSA
-        else if (alg_a & SSL_aECDSA)
-            pkey =
-                X509_get_pubkey(s->session->
-                                sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
-# endif
-        /* else anonymous ECDH, so no certificate or pkey. */
-        EC_KEY_set_public_key(ecdh, srvr_ecpoint);
-        s->session->sess_cert->peer_ecdh_tmp = ecdh;
-        ecdh = NULL;
-        BN_CTX_free(bn_ctx);
-        bn_ctx = NULL;
-        EC_POINT_free(srvr_ecpoint);
-        srvr_ecpoint = NULL;
-    } else if (alg_k) {
-        al = SSL_AD_UNEXPECTED_MESSAGE;
-        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
-        goto f_err;
-    }
-#endif                          /* !OPENSSL_NO_ECDH */
-
-    /* p points to the next byte, there are 'n' bytes left */
-
-    /* if it was signed, check the signature */
-    if (pkey != NULL) {
-        if (TLS1_get_version(s) >= TLS1_2_VERSION) {
-            int sigalg;
-            if (2 > n) {
-                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
-                goto f_err;
-            }
-
-            sigalg = tls12_get_sigid(pkey);
-            /* Should never happen */
-            if (sigalg == -1) {
-                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-            /* Check key type is consistent with signature */
-            if (sigalg != (int)p[1]) {
-                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
-                       SSL_R_WRONG_SIGNATURE_TYPE);
-                al = SSL_AD_DECODE_ERROR;
-                goto f_err;
-            }
-            md = tls12_get_hash(p[0]);
-            if (md == NULL) {
-                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNKNOWN_DIGEST);
-                goto f_err;
-            }
-#ifdef SSL_DEBUG
-            fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
-#endif
-            p += 2;
-            n -= 2;
-        } else
-            md = EVP_sha1();
-
-        if (2 > n) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
-            goto f_err;
-        }
-        n2s(p, i);
-        n -= 2;
-        j = EVP_PKEY_size(pkey);
-
-        /*
-         * Check signature length. If n is 0 then signature is empty
-         */
-        if ((i != n) || (n > j) || (n <= 0)) {
-            /* wrong packet length */
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_WRONG_SIGNATURE_LENGTH);
-            goto f_err;
-        }
-#ifndef OPENSSL_NO_RSA
-        if (pkey->type == EVP_PKEY_RSA
-            && TLS1_get_version(s) < TLS1_2_VERSION) {
-            int num;
-            unsigned int size;
-
-            j = 0;
-            q = md_buf;
-            for (num = 2; num > 0; num--) {
-                EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-                if (EVP_DigestInit_ex(&md_ctx,
-                                      (num == 2) ? s->ctx->md5 : s->ctx->sha1,
-                                      NULL) <= 0
-                        || EVP_DigestUpdate(&md_ctx, &(s->s3->client_random[0]),
-                                            SSL3_RANDOM_SIZE) <= 0
-                        || EVP_DigestUpdate(&md_ctx, &(s->s3->server_random[0]),
-                                            SSL3_RANDOM_SIZE) <= 0
-                        || EVP_DigestUpdate(&md_ctx, param, param_len) <= 0
-                        || EVP_DigestFinal_ex(&md_ctx, q, &size) <= 0) {
-                    SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
-                           ERR_R_INTERNAL_ERROR);
-                    al = SSL_AD_INTERNAL_ERROR;
-                    goto f_err;
-                }
-                q += size;
-                j += size;
-            }
-            i = RSA_verify(NID_md5_sha1, md_buf, j, p, n, pkey->pkey.rsa);
-            if (i < 0) {
-                al = SSL_AD_DECRYPT_ERROR;
-                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_RSA_DECRYPT);
-                goto f_err;
-            }
-            if (i == 0) {
-                /* bad signature */
-                al = SSL_AD_DECRYPT_ERROR;
-                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SIGNATURE);
-                goto f_err;
-            }
-        } else
-#endif
-        {
-            if (EVP_VerifyInit_ex(&md_ctx, md, NULL) <= 0
-                    || EVP_VerifyUpdate(&md_ctx, &(s->s3->client_random[0]),
-                                        SSL3_RANDOM_SIZE) <= 0
-                    || EVP_VerifyUpdate(&md_ctx, &(s->s3->server_random[0]),
-                                        SSL3_RANDOM_SIZE) <= 0
-                    || EVP_VerifyUpdate(&md_ctx, param, param_len) <= 0) {
-                al = SSL_AD_INTERNAL_ERROR;
-                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_EVP_LIB);
-                goto f_err;
-            }
-            if (EVP_VerifyFinal(&md_ctx, p, (int)n, pkey) <= 0) {
-                /* bad signature */
-                al = SSL_AD_DECRYPT_ERROR;
-                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SIGNATURE);
-                goto f_err;
-            }
-        }
-    } else {
-        /* aNULL, aSRP or kPSK do not need public keys */
-        if (!(alg_a & (SSL_aNULL | SSL_aSRP)) && !(alg_k & SSL_kPSK)) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-            goto err;
-        }
-        /* still data left over */
-        if (n != 0) {
-            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_EXTRA_DATA_IN_MESSAGE);
-            goto f_err;
-        }
-    }
-    EVP_PKEY_free(pkey);
-    EVP_MD_CTX_cleanup(&md_ctx);
-    return (1);
- f_err:
-    ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
-    EVP_PKEY_free(pkey);
-#ifndef OPENSSL_NO_RSA
-    if (rsa != NULL)
-        RSA_free(rsa);
-#endif
-#ifndef OPENSSL_NO_DH
-    if (dh != NULL)
-        DH_free(dh);
-#endif
-#ifndef OPENSSL_NO_ECDH
-    BN_CTX_free(bn_ctx);
-    EC_POINT_free(srvr_ecpoint);
-    if (ecdh != NULL)
-        EC_KEY_free(ecdh);
-#endif
-    EVP_MD_CTX_cleanup(&md_ctx);
-    s->state = SSL_ST_ERR;
-    return (-1);
-}
-
-int ssl3_get_certificate_request(SSL *s)
-{
-    int ok, ret = 0;
-    unsigned long n, nc, l;
-    unsigned int llen, ctype_num, i;
-    X509_NAME *xn = NULL;
-    const unsigned char *p, *q;
-    unsigned char *d;
-    STACK_OF(X509_NAME) *ca_sk = NULL;
-
-    n = s->method->ssl_get_message(s,
-                                   SSL3_ST_CR_CERT_REQ_A,
-                                   SSL3_ST_CR_CERT_REQ_B,
-                                   -1, s->max_cert_list, &ok);
-
-    if (!ok)
-        return ((int)n);
-
-    s->s3->tmp.cert_req = 0;
-
-    if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE) {
-        s->s3->tmp.reuse_message = 1;
-        /*
-         * If we get here we don't need any cached handshake records as we
-         * wont be doing client auth.
-         */
-        if (s->s3->handshake_buffer) {
-            if (!ssl3_digest_cached_records(s))
-                goto err;
-        }
-        return (1);
-    }
-
-    if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) {
-        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
-        SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_WRONG_MESSAGE_TYPE);
-        goto err;
-    }
-
-    /* TLS does not like anon-DH with client cert */
-    if (s->version > SSL3_VERSION) {
-        if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) {
-            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
-            SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
-                   SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
-            goto err;
-        }
-    }
-
-    p = d = (unsigned char *)s->init_msg;
-
-    if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) {
-        SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    /* get the certificate types */
-    ctype_num = *(p++);
-    if (ctype_num > SSL3_CT_NUMBER)
-        ctype_num = SSL3_CT_NUMBER;
-    for (i = 0; i < ctype_num; i++)
-        s->s3->tmp.ctype[i] = p[i];
-    p += ctype_num;
-    if (TLS1_get_version(s) >= TLS1_2_VERSION) {
-        n2s(p, llen);
-        /*
-         * Check we have enough room for signature algorithms and following
-         * length value.
-         */
-        if ((unsigned long)(p - d + llen + 2) > n) {
-            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-            SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
-                   SSL_R_DATA_LENGTH_TOO_LONG);
-            goto err;
-        }
-        if ((llen & 1) || !tls1_process_sigalgs(s, p, llen)) {
-            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-            SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
-                   SSL_R_SIGNATURE_ALGORITHMS_ERROR);
-            goto err;
-        }
-        p += llen;
-    }
-
-    /* get the CA RDNs */
-    n2s(p, llen);
-#if 0
-    {
-        FILE *out;
-        out = fopen("/tmp/vsign.der", "w");
-        fwrite(p, 1, llen, out);
-        fclose(out);
-    }
-#endif
-
-    if ((unsigned long)(p - d + llen) != n) {
-        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-        SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_LENGTH_MISMATCH);
-        goto err;
-    }
-
-    for (nc = 0; nc < llen;) {
-        n2s(p, l);
-        if ((l + nc + 2) > llen) {
-            if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
-                goto cont;      /* netscape bugs */
-            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-            SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_CA_DN_TOO_LONG);
-            goto err;
-        }
-
-        q = p;
-
-        if ((xn = d2i_X509_NAME(NULL, &q, l)) == NULL) {
-            /* If netscape tolerance is on, ignore errors */
-            if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG)
-                goto cont;
-            else {
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-                SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_ASN1_LIB);
-                goto err;
-            }
-        }
-
-        if (q != (p + l)) {
-            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-            SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
-                   SSL_R_CA_DN_LENGTH_MISMATCH);
-            goto err;
-        }
-        if (!sk_X509_NAME_push(ca_sk, xn)) {
-            SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-
-        p += l;
-        nc += l + 2;
-    }
-
-    if (0) {
- cont:
-        ERR_clear_error();
-    }
-
-    /* we should setup a certificate to return.... */
-    s->s3->tmp.cert_req = 1;
-    s->s3->tmp.ctype_num = ctype_num;
-    if (s->s3->tmp.ca_names != NULL)
-        sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
-    s->s3->tmp.ca_names = ca_sk;
-    ca_sk = NULL;
-
-    ret = 1;
-    goto done;
- err:
-    s->state = SSL_ST_ERR;
- done:
-    if (ca_sk != NULL)
-        sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
-    return (ret);
-}
-
-static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
-{
-    return (X509_NAME_cmp(*a, *b));
-}
-
-#ifndef OPENSSL_NO_TLSEXT
-int ssl3_get_new_session_ticket(SSL *s)
-{
-    int ok, al, ret = 0, ticklen;
-    long n;
-    const unsigned char *p;
-    unsigned char *d;
-    unsigned long ticket_lifetime_hint;
-
-    n = s->method->ssl_get_message(s,
-                                   SSL3_ST_CR_SESSION_TICKET_A,
-                                   SSL3_ST_CR_SESSION_TICKET_B,
-                                   SSL3_MT_NEWSESSION_TICKET, 16384, &ok);
-
-    if (!ok)
-        return ((int)n);
-
-    if (n < 6) {
-        /* need at least ticket_lifetime_hint + ticket length */
-        al = SSL_AD_DECODE_ERROR;
-        SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH);
-        goto f_err;
-    }
-
-    p = d = (unsigned char *)s->init_msg;
-
-    n2l(p, ticket_lifetime_hint);
-    n2s(p, ticklen);
-    /* ticket_lifetime_hint + ticket_length + ticket */
-    if (ticklen + 6 != n) {
-        al = SSL_AD_DECODE_ERROR;
-        SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH);
-        goto f_err;
-    }
-
-    /* Server is allowed to change its mind and send an empty ticket. */
-    if (ticklen == 0)
-        return 1;
-
-    if (s->session->session_id_length > 0) {
-        int i = s->session_ctx->session_cache_mode;
-        SSL_SESSION *new_sess;
-        /*
-         * We reused an existing session, so we need to replace it with a new
-         * one
-         */
-        if (i & SSL_SESS_CACHE_CLIENT) {
-            /*
-             * Remove the old session from the cache
-             */
-            if (i & SSL_SESS_CACHE_NO_INTERNAL_STORE) {
-                if (s->session_ctx->remove_session_cb != NULL)
-                    s->session_ctx->remove_session_cb(s->session_ctx,
-                                                      s->session);
-            } else {
-                /* We carry on if this fails */
-                SSL_CTX_remove_session(s->session_ctx, s->session);
-            }
-        }
-
-        if ((new_sess = ssl_session_dup(s->session, 0)) == 0) {
-            al = SSL_AD_INTERNAL_ERROR;
-            SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
-            goto f_err;
-        }
-
-        SSL_SESSION_free(s->session);
-        s->session = new_sess;
-    }
-
-    if (s->session->tlsext_tick) {
-        OPENSSL_free(s->session->tlsext_tick);
-        s->session->tlsext_ticklen = 0;
-    }
-    s->session->tlsext_tick = OPENSSL_malloc(ticklen);
-    if (!s->session->tlsext_tick) {
-        SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    memcpy(s->session->tlsext_tick, p, ticklen);
-    s->session->tlsext_tick_lifetime_hint = ticket_lifetime_hint;
-    s->session->tlsext_ticklen = ticklen;
-    /*
-     * There are two ways to detect a resumed ticket session. One is to set
-     * an appropriate session ID and then the server must return a match in
-     * ServerHello. This allows the normal client session ID matching to work
-     * and we know much earlier that the ticket has been accepted. The
-     * other way is to set zero length session ID when the ticket is
-     * presented and rely on the handshake to determine session resumption.
-     * We choose the former approach because this fits in with assumptions
-     * elsewhere in OpenSSL. The session ID is set to the SHA256 (or SHA1 is
-     * SHA256 is disabled) hash of the ticket.
-     */
-    EVP_Digest(p, ticklen,
-               s->session->session_id, &s->session->session_id_length,
-# ifndef OPENSSL_NO_SHA256
-               EVP_sha256(), NULL);
-# else
-               EVP_sha1(), NULL);
-# endif
-    ret = 1;
-    return (ret);
- f_err:
-    ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
-    s->state = SSL_ST_ERR;
-    return (-1);
-}
-
-int ssl3_get_cert_status(SSL *s)
-{
-    int ok, al;
-    unsigned long resplen, n;
-    const unsigned char *p;
-
-    n = s->method->ssl_get_message(s,
-                                   SSL3_ST_CR_CERT_STATUS_A,
-                                   SSL3_ST_CR_CERT_STATUS_B,
-                                   SSL3_MT_CERTIFICATE_STATUS, 16384, &ok);
-
-    if (!ok)
-        return ((int)n);
-    if (n < 4) {
-        /* need at least status type + length */
-        al = SSL_AD_DECODE_ERROR;
-        SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_LENGTH_MISMATCH);
-        goto f_err;
-    }
-    p = (unsigned char *)s->init_msg;
-    if (*p++ != TLSEXT_STATUSTYPE_ocsp) {
-        al = SSL_AD_DECODE_ERROR;
-        SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_UNSUPPORTED_STATUS_TYPE);
-        goto f_err;
-    }
-    n2l3(p, resplen);
-    if (resplen + 4 != n) {
-        al = SSL_AD_DECODE_ERROR;
-        SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_LENGTH_MISMATCH);
-        goto f_err;
-    }
-    if (s->tlsext_ocsp_resp)
-        OPENSSL_free(s->tlsext_ocsp_resp);
-    s->tlsext_ocsp_resp = BUF_memdup(p, resplen);
-    if (!s->tlsext_ocsp_resp) {
-        al = SSL_AD_INTERNAL_ERROR;
-        SSLerr(SSL_F_SSL3_GET_CERT_STATUS, ERR_R_MALLOC_FAILURE);
-        goto f_err;
-    }
-    s->tlsext_ocsp_resplen = resplen;
-    if (s->ctx->tlsext_status_cb) {
-        int ret;
-        ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
-        if (ret == 0) {
-            al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
-            SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_INVALID_STATUS_RESPONSE);
-            goto f_err;
-        }
-        if (ret < 0) {
-            al = SSL_AD_INTERNAL_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CERT_STATUS, ERR_R_MALLOC_FAILURE);
-            goto f_err;
-        }
-    }
-    return 1;
- f_err:
-    ssl3_send_alert(s, SSL3_AL_FATAL, al);
-    s->state = SSL_ST_ERR;
-    return (-1);
-}
-#endif
-
-int ssl3_get_server_done(SSL *s)
-{
-    int ok, ret = 0;
-    long n;
-
-    /* Second to last param should be very small, like 0 :-) */
-    n = s->method->ssl_get_message(s,
-                                   SSL3_ST_CR_SRVR_DONE_A,
-                                   SSL3_ST_CR_SRVR_DONE_B,
-                                   SSL3_MT_SERVER_DONE, 30, &ok);
-
-    if (!ok)
-        return ((int)n);
-    if (n > 0) {
-        /* should contain no data */
-        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-        SSLerr(SSL_F_SSL3_GET_SERVER_DONE, SSL_R_LENGTH_MISMATCH);
-        s->state = SSL_ST_ERR;
-        return -1;
-    }
-    ret = 1;
-    return (ret);
-}
-
-int ssl3_send_client_key_exchange(SSL *s)
-{
-    unsigned char *p, *d;
-    int n;
-    unsigned long alg_k;
-#ifndef OPENSSL_NO_RSA
-    unsigned char *q;
-    EVP_PKEY *pkey = NULL;
-#endif
-#ifndef OPENSSL_NO_KRB5
-    KSSL_ERR kssl_err;
-#endif                          /* OPENSSL_NO_KRB5 */
-#ifndef OPENSSL_NO_ECDH
-    EC_KEY *clnt_ecdh = NULL;
-    const EC_POINT *srvr_ecpoint = NULL;
-    EVP_PKEY *srvr_pub_pkey = NULL;
-    unsigned char *encodedPoint = NULL;
-    int encoded_pt_len = 0;
-    BN_CTX *bn_ctx = NULL;
-#endif
-
-    if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
-        d = (unsigned char *)s->init_buf->data;
-        p = &(d[4]);
-
-        alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-
-        /* Fool emacs indentation */
-        if (0) {
-        }
-#ifndef OPENSSL_NO_RSA
-        else if (alg_k & SSL_kRSA) {
-            RSA *rsa;
-            unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
-
-            if (s->session->sess_cert == NULL) {
-                /*
-                 * We should always have a server certificate with SSL_kRSA.
-                 */
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-
-            if (s->session->sess_cert->peer_rsa_tmp != NULL)
-                rsa = s->session->sess_cert->peer_rsa_tmp;
-            else {
-                pkey =
-                    X509_get_pubkey(s->session->
-                                    sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].
-                                    x509);
-                if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA)
-                    || (pkey->pkey.rsa == NULL)) {
-                    SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                           ERR_R_INTERNAL_ERROR);
-                    EVP_PKEY_free(pkey);
-                    goto err;
-                }
-                rsa = pkey->pkey.rsa;
-                EVP_PKEY_free(pkey);
-            }
-
-            tmp_buf[0] = s->client_version >> 8;
-            tmp_buf[1] = s->client_version & 0xff;
-            if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0)
-                goto err;
-
-            s->session->master_key_length = sizeof tmp_buf;
-
-            q = p;
-            /* Fix buf for TLS and beyond */
-            if (s->version > SSL3_VERSION)
-                p += 2;
-            n = RSA_public_encrypt(sizeof tmp_buf,
-                                   tmp_buf, p, rsa, RSA_PKCS1_PADDING);
-# ifdef PKCS1_CHECK
-            if (s->options & SSL_OP_PKCS1_CHECK_1)
-                p[1]++;
-            if (s->options & SSL_OP_PKCS1_CHECK_2)
-                tmp_buf[0] = 0x70;
-# endif
-            if (n <= 0) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       SSL_R_BAD_RSA_ENCRYPT);
-                goto err;
-            }
-
-            /* Fix buf for TLS and beyond */
-            if (s->version > SSL3_VERSION) {
-                s2n(n, q);
-                n += 2;
-            }
-
-            s->session->master_key_length =
-                s->method->ssl3_enc->generate_master_secret(s,
-                                                            s->
-                                                            session->master_key,
-                                                            tmp_buf,
-                                                            sizeof tmp_buf);
-            OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
-        }
-#endif
-#ifndef OPENSSL_NO_KRB5
-        else if (alg_k & SSL_kKRB5) {
-            krb5_error_code krb5rc;
-            KSSL_CTX *kssl_ctx = s->kssl_ctx;
-            /*  krb5_data   krb5_ap_req;  */
-            krb5_data *enc_ticket;
-            krb5_data authenticator, *authp = NULL;
-            EVP_CIPHER_CTX ciph_ctx;
-            const EVP_CIPHER *enc = NULL;
-            unsigned char iv[EVP_MAX_IV_LENGTH];
-            unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
-            unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH + EVP_MAX_IV_LENGTH];
-            int padl, outl = sizeof(epms);
-
-            EVP_CIPHER_CTX_init(&ciph_ctx);
-
-# ifdef KSSL_DEBUG
-            fprintf(stderr, "ssl3_send_client_key_exchange(%lx & %lx)\n",
-                    alg_k, SSL_kKRB5);
-# endif                         /* KSSL_DEBUG */
-
-            authp = NULL;
-# ifdef KRB5SENDAUTH
-            if (KRB5SENDAUTH)
-                authp = &authenticator;
-# endif                         /* KRB5SENDAUTH */
-
-            krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, &kssl_err);
-            enc = kssl_map_enc(kssl_ctx->enctype);
-            if (enc == NULL)
-                goto err;
-# ifdef KSSL_DEBUG
-            {
-                fprintf(stderr, "kssl_cget_tkt rtn %d\n", krb5rc);
-                if (krb5rc && kssl_err.text)
-                    fprintf(stderr, "kssl_cget_tkt kssl_err=%s\n",
-                            kssl_err.text);
-            }
-# endif                         /* KSSL_DEBUG */
-
-            if (krb5rc) {
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, kssl_err.reason);
-                goto err;
-            }
-
-            /*-
-             * 20010406 VRS - Earlier versions used KRB5 AP_REQ
-             * in place of RFC 2712 KerberosWrapper, as in:
-             *
-             * Send ticket (copy to *p, set n = length)
-             * n = krb5_ap_req.length;
-             * memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
-             * if (krb5_ap_req.data)
-             *   kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
-             *
-             * Now using real RFC 2712 KerberosWrapper
-             * (Thanks to Simon Wilkinson <sxw at sxw.org.uk>)
-             * Note: 2712 "opaque" types are here replaced
-             * with a 2-byte length followed by the value.
-             * Example:
-             * KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms
-             * Where "xx xx" = length bytes.  Shown here with
-             * optional authenticator omitted.
-             */
-
-            /*  KerberosWrapper.Ticket              */
-            s2n(enc_ticket->length, p);
-            memcpy(p, enc_ticket->data, enc_ticket->length);
-            p += enc_ticket->length;
-            n = enc_ticket->length + 2;
-
-            /*  KerberosWrapper.Authenticator       */
-            if (authp && authp->length) {
-                s2n(authp->length, p);
-                memcpy(p, authp->data, authp->length);
-                p += authp->length;
-                n += authp->length + 2;
-
-                free(authp->data);
-                authp->data = NULL;
-                authp->length = 0;
-            } else {
-                s2n(0, p);      /* null authenticator length */
-                n += 2;
-            }
-
-            tmp_buf[0] = s->client_version >> 8;
-            tmp_buf[1] = s->client_version & 0xff;
-            if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0)
-                goto err;
-
-            /*-
-             * 20010420 VRS.  Tried it this way; failed.
-             *      EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
-             *      EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
-             *                              kssl_ctx->length);
-             *      EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
-             */
-
-            memset(iv, 0, sizeof iv); /* per RFC 1510 */
-            EVP_EncryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv);
-            EVP_EncryptUpdate(&ciph_ctx, epms, &outl, tmp_buf,
-                              sizeof tmp_buf);
-            EVP_EncryptFinal_ex(&ciph_ctx, &(epms[outl]), &padl);
-            outl += padl;
-            if (outl > (int)sizeof epms) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-            EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-
-            /*  KerberosWrapper.EncryptedPreMasterSecret    */
-            s2n(outl, p);
-            memcpy(p, epms, outl);
-            p += outl;
-            n += outl + 2;
-
-            s->session->master_key_length =
-                s->method->ssl3_enc->generate_master_secret(s,
-                                                            s->
-                                                            session->master_key,
-                                                            tmp_buf,
-                                                            sizeof tmp_buf);
-
-            OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
-            OPENSSL_cleanse(epms, outl);
-        }
-#endif
-#ifndef OPENSSL_NO_DH
-        else if (alg_k & (SSL_kEDH | SSL_kDHr | SSL_kDHd)) {
-            DH *dh_srvr, *dh_clnt;
-
-            if (s->session->sess_cert == NULL) {
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       SSL_R_UNEXPECTED_MESSAGE);
-                goto err;
-            }
-
-            if (s->session->sess_cert->peer_dh_tmp != NULL)
-                dh_srvr = s->session->sess_cert->peer_dh_tmp;
-            else {
-                /* we get them from the cert */
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
-                goto err;
-            }
-
-            /* generate a new random key */
-            if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
-                goto err;
-            }
-            if (!DH_generate_key(dh_clnt)) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
-                DH_free(dh_clnt);
-                goto err;
-            }
-
-            /*
-             * use the 'p' output buffer for the DH key, but make sure to
-             * clear it out afterwards
-             */
-
-            n = DH_compute_key(p, dh_srvr->pub_key, dh_clnt);
-
-            if (n <= 0) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
-                DH_free(dh_clnt);
-                goto err;
-            }
-
-            /* generate master key from the result */
-            s->session->master_key_length =
-                s->method->ssl3_enc->generate_master_secret(s,
-                                                            s->
-                                                            session->master_key,
-                                                            p, n);
-            /* clean up */
-            memset(p, 0, n);
-
-            /* send off the data */
-            n = BN_num_bytes(dh_clnt->pub_key);
-            s2n(n, p);
-            BN_bn2bin(dh_clnt->pub_key, p);
-            n += 2;
-
-            DH_free(dh_clnt);
-        }
-#endif
-
-#ifndef OPENSSL_NO_ECDH
-        else if (alg_k & (SSL_kEECDH | SSL_kECDHr | SSL_kECDHe)) {
-            const EC_GROUP *srvr_group = NULL;
-            EC_KEY *tkey;
-            int ecdh_clnt_cert = 0;
-            int field_size = 0;
-
-            if (s->session->sess_cert == NULL) {
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       SSL_R_UNEXPECTED_MESSAGE);
-                goto err;
-            }
-
-            /*
-             * Did we send out the client's ECDH share for use in premaster
-             * computation as part of client certificate? If so, set
-             * ecdh_clnt_cert to 1.
-             */
-            if ((alg_k & (SSL_kECDHr | SSL_kECDHe)) && (s->cert != NULL)) {
-                /*-
-                 * XXX: For now, we do not support client
-                 * authentication using ECDH certificates.
-                 * To add such support, one needs to add
-                 * code that checks for appropriate
-                 * conditions and sets ecdh_clnt_cert to 1.
-                 * For example, the cert have an ECC
-                 * key on the same curve as the server's
-                 * and the key should be authorized for
-                 * key agreement.
-                 *
-                 * One also needs to add code in ssl3_connect
-                 * to skip sending the certificate verify
-                 * message.
-                 *
-                 * if ((s->cert->key->privatekey != NULL) &&
-                 *     (s->cert->key->privatekey->type ==
-                 *      EVP_PKEY_EC) && ...)
-                 * ecdh_clnt_cert = 1;
-                 */
-            }
-
-            if (s->session->sess_cert->peer_ecdh_tmp != NULL) {
-                tkey = s->session->sess_cert->peer_ecdh_tmp;
-            } else {
-                /* Get the Server Public Key from Cert */
-                srvr_pub_pkey =
-                    X509_get_pubkey(s->session->
-                                    sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
-                if ((srvr_pub_pkey == NULL)
-                    || (srvr_pub_pkey->type != EVP_PKEY_EC)
-                    || (srvr_pub_pkey->pkey.ec == NULL)) {
-                    SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                           ERR_R_INTERNAL_ERROR);
-                    goto err;
-                }
-
-                tkey = srvr_pub_pkey->pkey.ec;
-            }
-
-            srvr_group = EC_KEY_get0_group(tkey);
-            srvr_ecpoint = EC_KEY_get0_public_key(tkey);
-
-            if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-
-            if ((clnt_ecdh = EC_KEY_new()) == NULL) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       ERR_R_MALLOC_FAILURE);
-                goto err;
-            }
-
-            if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
-                goto err;
-            }
-            if (ecdh_clnt_cert) {
-                /*
-                 * Reuse key info from our certificate We only need our
-                 * private key to perform the ECDH computation.
-                 */
-                const BIGNUM *priv_key;
-                tkey = s->cert->key->privatekey->pkey.ec;
-                priv_key = EC_KEY_get0_private_key(tkey);
-                if (priv_key == NULL) {
-                    SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                           ERR_R_MALLOC_FAILURE);
-                    goto err;
-                }
-                if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) {
-                    SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
-                    goto err;
-                }
-            } else {
-                /* Generate a new ECDH key pair */
-                if (!(EC_KEY_generate_key(clnt_ecdh))) {
-                    SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                           ERR_R_ECDH_LIB);
-                    goto err;
-                }
-            }
-
-            /*
-             * use the 'p' output buffer for the ECDH key, but make sure to
-             * clear it out afterwards
-             */
-
-            field_size = EC_GROUP_get_degree(srvr_group);
-            if (field_size <= 0) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
-                goto err;
-            }
-            n = ECDH_compute_key(p, (field_size + 7) / 8, srvr_ecpoint,
-                                 clnt_ecdh, NULL);
-            if (n <= 0) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
-                goto err;
-            }
-
-            /* generate master key from the result */
-            s->session->master_key_length =
-                s->method->ssl3_enc->generate_master_secret(s,
-                                                            s->
-                                                            session->master_key,
-                                                            p, n);
-
-            memset(p, 0, n);    /* clean up */
-
-            if (ecdh_clnt_cert) {
-                /* Send empty client key exch message */
-                n = 0;
-            } else {
-                /*
-                 * First check the size of encoding and allocate memory
-                 * accordingly.
-                 */
-                encoded_pt_len =
-                    EC_POINT_point2oct(srvr_group,
-                                       EC_KEY_get0_public_key(clnt_ecdh),
-                                       POINT_CONVERSION_UNCOMPRESSED,
-                                       NULL, 0, NULL);
-
-                encodedPoint = (unsigned char *)
-                    OPENSSL_malloc(encoded_pt_len * sizeof(unsigned char));
-                bn_ctx = BN_CTX_new();
-                if ((encodedPoint == NULL) || (bn_ctx == NULL)) {
-                    SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                           ERR_R_MALLOC_FAILURE);
-                    goto err;
-                }
-
-                /* Encode the public key */
-                n = EC_POINT_point2oct(srvr_group,
-                                       EC_KEY_get0_public_key(clnt_ecdh),
-                                       POINT_CONVERSION_UNCOMPRESSED,
-                                       encodedPoint, encoded_pt_len, bn_ctx);
-
-                *p = n;         /* length of encoded point */
-                /* Encoded point will be copied here */
-                p += 1;
-                /* copy the point */
-                memcpy((unsigned char *)p, encodedPoint, n);
-                /* increment n to account for length field */
-                n += 1;
-            }
-
-            /* Free allocated memory */
-            BN_CTX_free(bn_ctx);
-            if (encodedPoint != NULL)
-                OPENSSL_free(encodedPoint);
-            if (clnt_ecdh != NULL)
-                EC_KEY_free(clnt_ecdh);
-            EVP_PKEY_free(srvr_pub_pkey);
-        }
-#endif                          /* !OPENSSL_NO_ECDH */
-        else if (alg_k & SSL_kGOST) {
-            /* GOST key exchange message creation */
-            EVP_PKEY_CTX *pkey_ctx;
-            X509 *peer_cert;
-            size_t msglen;
-            unsigned int md_len;
-            int keytype;
-            unsigned char premaster_secret[32], shared_ukm[32], tmp[256];
-            EVP_MD_CTX *ukm_hash;
-            EVP_PKEY *pub_key;
-
-            /*
-             * Get server sertificate PKEY and create ctx from it
-             */
-            peer_cert =
-                s->session->
-                sess_cert->peer_pkeys[(keytype = SSL_PKEY_GOST01)].x509;
-            if (!peer_cert)
-                peer_cert =
-                    s->session->
-                    sess_cert->peer_pkeys[(keytype = SSL_PKEY_GOST94)].x509;
-            if (!peer_cert) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
-                goto err;
-            }
-
-            pkey_ctx = EVP_PKEY_CTX_new(pub_key =
-                                        X509_get_pubkey(peer_cert), NULL);
-            if (pkey_ctx == NULL) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       ERR_R_MALLOC_FAILURE);
-                goto err;
-            }
-            /*
-             * If we have send a certificate, and certificate key
-             *
-             * * parameters match those of server certificate, use
-             * certificate key for key exchange
-             */
-
-            /* Otherwise, generate ephemeral key pair */
-
-            if (pkey_ctx == NULL
-                    || EVP_PKEY_encrypt_init(pkey_ctx) <= 0
-                    /* Generate session key */
-                    || RAND_bytes(premaster_secret, 32) <= 0) {
-                EVP_PKEY_CTX_free(pkey_ctx);
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-            /*
-             * If we have client certificate, use its secret as peer key
-             */
-            if (s->s3->tmp.cert_req && s->cert->key->privatekey) {
-                if (EVP_PKEY_derive_set_peer
-                    (pkey_ctx, s->cert->key->privatekey) <= 0) {
-                    /*
-                     * If there was an error - just ignore it. Ephemeral key
-                     * * would be used
-                     */
-                    ERR_clear_error();
-                }
-            }
-            /*
-             * Compute shared IV and store it in algorithm-specific context
-             * data
-             */
-            ukm_hash = EVP_MD_CTX_create();
-            if (EVP_DigestInit(ukm_hash,
-                               EVP_get_digestbynid(NID_id_GostR3411_94)) <= 0
-                    || EVP_DigestUpdate(ukm_hash, s->s3->client_random,
-                                        SSL3_RANDOM_SIZE) <= 0
-                    || EVP_DigestUpdate(ukm_hash, s->s3->server_random,
-                                        SSL3_RANDOM_SIZE) <= 0
-                    || EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len) <= 0) {
-                EVP_MD_CTX_destroy(ukm_hash);
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-            EVP_MD_CTX_destroy(ukm_hash);
-            if (EVP_PKEY_CTX_ctrl
-                (pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, EVP_PKEY_CTRL_SET_IV, 8,
-                 shared_ukm) < 0) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       SSL_R_LIBRARY_BUG);
-                goto err;
-            }
-            /* Make GOST keytransport blob message */
-            /*
-             * Encapsulate it into sequence
-             */
-            *(p++) = V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED;
-            msglen = 255;
-            if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, premaster_secret, 32)
-                <= 0) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       SSL_R_LIBRARY_BUG);
-                goto err;
-            }
-            if (msglen >= 0x80) {
-                *(p++) = 0x81;
-                *(p++) = msglen & 0xff;
-                n = msglen + 3;
-            } else {
-                *(p++) = msglen & 0xff;
-                n = msglen + 2;
-            }
-            memcpy(p, tmp, msglen);
-            /* Check if pubkey from client certificate was used */
-            if (EVP_PKEY_CTX_ctrl
-                (pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0) {
-                /* Set flag "skip certificate verify" */
-                s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
-            }
-            EVP_PKEY_CTX_free(pkey_ctx);
-            s->session->master_key_length =
-                s->method->ssl3_enc->generate_master_secret(s,
-                                                            s->
-                                                            session->master_key,
-                                                            premaster_secret,
-                                                            32);
-            EVP_PKEY_free(pub_key);
-
-        }
-#ifndef OPENSSL_NO_SRP
-        else if (alg_k & SSL_kSRP) {
-            if (s->srp_ctx.A != NULL) {
-                /* send off the data */
-                n = BN_num_bytes(s->srp_ctx.A);
-                s2n(n, p);
-                BN_bn2bin(s->srp_ctx.A, p);
-                n += 2;
-            } else {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-            if (s->session->srp_username != NULL)
-                OPENSSL_free(s->session->srp_username);
-            s->session->srp_username = BUF_strdup(s->srp_ctx.login);
-            if (s->session->srp_username == NULL) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       ERR_R_MALLOC_FAILURE);
-                goto err;
-            }
-
-            if ((s->session->master_key_length =
-                 SRP_generate_client_master_secret(s,
-                                                   s->session->master_key)) <
-                0) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-        }
-#endif
-#ifndef OPENSSL_NO_PSK
-        else if (alg_k & SSL_kPSK) {
-            /*
-             * The callback needs PSK_MAX_IDENTITY_LEN + 1 bytes to return a
-             * \0-terminated identity. The last byte is for us for simulating
-             * strnlen.
-             */
-            char identity[PSK_MAX_IDENTITY_LEN + 2];
-            size_t identity_len;
-            unsigned char *t = NULL;
-            unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN * 2 + 4];
-            unsigned int pre_ms_len = 0, psk_len = 0;
-            int psk_err = 1;
-
-            n = 0;
-            if (s->psk_client_callback == NULL) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       SSL_R_PSK_NO_CLIENT_CB);
-                goto err;
-            }
-
-            memset(identity, 0, sizeof(identity));
-            psk_len = s->psk_client_callback(s, s->session->psk_identity_hint,
-                                             identity, sizeof(identity) - 1,
-                                             psk_or_pre_ms,
-                                             sizeof(psk_or_pre_ms));
-            if (psk_len > PSK_MAX_PSK_LEN) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       ERR_R_INTERNAL_ERROR);
-                goto psk_err;
-            } else if (psk_len == 0) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       SSL_R_PSK_IDENTITY_NOT_FOUND);
-                goto psk_err;
-            }
-            identity[PSK_MAX_IDENTITY_LEN + 1] = '\0';
-            identity_len = strlen(identity);
-            if (identity_len > PSK_MAX_IDENTITY_LEN) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       ERR_R_INTERNAL_ERROR);
-                goto psk_err;
-            }
-            /* create PSK pre_master_secret */
-            pre_ms_len = 2 + psk_len + 2 + psk_len;
-            t = psk_or_pre_ms;
-            memmove(psk_or_pre_ms + psk_len + 4, psk_or_pre_ms, psk_len);
-            s2n(psk_len, t);
-            memset(t, 0, psk_len);
-            t += psk_len;
-            s2n(psk_len, t);
-
-            if (s->session->psk_identity_hint != NULL)
-                OPENSSL_free(s->session->psk_identity_hint);
-            s->session->psk_identity_hint =
-                BUF_strdup(s->ctx->psk_identity_hint);
-            if (s->ctx->psk_identity_hint != NULL
-                && s->session->psk_identity_hint == NULL) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       ERR_R_MALLOC_FAILURE);
-                goto psk_err;
-            }
-
-            if (s->session->psk_identity != NULL)
-                OPENSSL_free(s->session->psk_identity);
-            s->session->psk_identity = BUF_strdup(identity);
-            if (s->session->psk_identity == NULL) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-                       ERR_R_MALLOC_FAILURE);
-                goto psk_err;
-            }
-
-            s->session->master_key_length =
-                s->method->ssl3_enc->generate_master_secret(s,
-                                                            s->
-                                                            session->master_key,
-                                                            psk_or_pre_ms,
-                                                            pre_ms_len);
-            s2n(identity_len, p);
-            memcpy(p, identity, identity_len);
-            n = 2 + identity_len;
-            psk_err = 0;
- psk_err:
-            OPENSSL_cleanse(identity, sizeof(identity));
-            OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
-            if (psk_err != 0) {
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
-                goto err;
-            }
-        }
-#endif
-        else {
-            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
-            SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-            goto err;
-        }
-
-        *(d++) = SSL3_MT_CLIENT_KEY_EXCHANGE;
-        l2n3(n, d);
-
-        s->state = SSL3_ST_CW_KEY_EXCH_B;
-        /* number of bytes to write */
-        s->init_num = n + 4;
-        s->init_off = 0;
-    }
-
-    /* SSL3_ST_CW_KEY_EXCH_B */
-    return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
- err:
-#ifndef OPENSSL_NO_ECDH
-    BN_CTX_free(bn_ctx);
-    if (encodedPoint != NULL)
-        OPENSSL_free(encodedPoint);
-    if (clnt_ecdh != NULL)
-        EC_KEY_free(clnt_ecdh);
-    EVP_PKEY_free(srvr_pub_pkey);
-#endif
-    s->state = SSL_ST_ERR;
-    return (-1);
-}
-
-int ssl3_send_client_verify(SSL *s)
-{
-    unsigned char *p, *d;
-    unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
-    EVP_PKEY *pkey;
-    EVP_PKEY_CTX *pctx = NULL;
-    EVP_MD_CTX mctx;
-    unsigned u = 0;
-    unsigned long n;
-    int j;
-
-    EVP_MD_CTX_init(&mctx);
-
-    if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
-        d = (unsigned char *)s->init_buf->data;
-        p = &(d[4]);
-        pkey = s->cert->key->privatekey;
-/* Create context from key and test if sha1 is allowed as digest */
-        pctx = EVP_PKEY_CTX_new(pkey, NULL);
-        if (pctx == NULL || EVP_PKEY_sign_init(pctx) <= 0) {
-            SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
-            goto err;
-        }
-        if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) {
-            if (TLS1_get_version(s) < TLS1_2_VERSION)
-                s->method->ssl3_enc->cert_verify_mac(s,
-                                                     NID_sha1,
-                                                     &(data
-                                                       [MD5_DIGEST_LENGTH]));
-        } else {
-            ERR_clear_error();
-        }
-        /*
-         * For TLS v1.2 send signature algorithm and signature using agreed
-         * digest and cached handshake records.
-         */
-        if (TLS1_get_version(s) >= TLS1_2_VERSION) {
-            long hdatalen = 0;
-            void *hdata;
-            const EVP_MD *md = s->cert->key->digest;
-            hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
-            if (hdatalen <= 0 || !tls12_get_sigandhash(p, pkey, md)) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-            p += 2;
-#ifdef SSL_DEBUG
-            fprintf(stderr, "Using TLS 1.2 with client alg %s\n",
-                    EVP_MD_name(md));
-#endif
-            if (!EVP_SignInit_ex(&mctx, md, NULL)
-                || !EVP_SignUpdate(&mctx, hdata, hdatalen)
-                || !EVP_SignFinal(&mctx, p + 2, &u, pkey)) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_EVP_LIB);
-                goto err;
-            }
-            s2n(u, p);
-            n = u + 4;
-            if (!ssl3_digest_cached_records(s))
-                goto err;
-        } else
-#ifndef OPENSSL_NO_RSA
-        if (pkey->type == EVP_PKEY_RSA) {
-            s->method->ssl3_enc->cert_verify_mac(s, NID_md5, &(data[0]));
-            if (RSA_sign(NID_md5_sha1, data,
-                         MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
-                         &(p[2]), &u, pkey->pkey.rsa) <= 0) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_RSA_LIB);
-                goto err;
-            }
-            s2n(u, p);
-            n = u + 2;
-        } else
-#endif
-#ifndef OPENSSL_NO_DSA
-        if (pkey->type == EVP_PKEY_DSA) {
-            if (!DSA_sign(pkey->save_type,
-                          &(data[MD5_DIGEST_LENGTH]),
-                          SHA_DIGEST_LENGTH, &(p[2]),
-                          (unsigned int *)&j, pkey->pkey.dsa)) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_DSA_LIB);
-                goto err;
-            }
-            s2n(j, p);
-            n = j + 2;
-        } else
-#endif
-#ifndef OPENSSL_NO_ECDSA
-        if (pkey->type == EVP_PKEY_EC) {
-            if (!ECDSA_sign(pkey->save_type,
-                            &(data[MD5_DIGEST_LENGTH]),
-                            SHA_DIGEST_LENGTH, &(p[2]),
-                            (unsigned int *)&j, pkey->pkey.ec)) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_ECDSA_LIB);
-                goto err;
-            }
-            s2n(j, p);
-            n = j + 2;
-        } else
-#endif
-        if (pkey->type == NID_id_GostR3410_94
-                || pkey->type == NID_id_GostR3410_2001) {
-            unsigned char signbuf[64];
-            int i;
-            size_t sigsize = 64;
-            s->method->ssl3_enc->cert_verify_mac(s,
-                                                 NID_id_GostR3411_94, data);
-            if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) {
-                SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-            for (i = 63, j = 0; i >= 0; j++, i--) {
-                p[2 + j] = signbuf[i];
-            }
-            s2n(j, p);
-            n = j + 2;
-        } else {
-            SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
-            goto err;
-        }
-        *(d++) = SSL3_MT_CERTIFICATE_VERIFY;
-        l2n3(n, d);
-
-        s->state = SSL3_ST_CW_CERT_VRFY_B;
-        s->init_num = (int)n + 4;
-        s->init_off = 0;
-    }
-    EVP_MD_CTX_cleanup(&mctx);
-    EVP_PKEY_CTX_free(pctx);
-    return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
- err:
-    EVP_MD_CTX_cleanup(&mctx);
-    EVP_PKEY_CTX_free(pctx);
-    s->state = SSL_ST_ERR;
-    return (-1);
-}
-
-int ssl3_send_client_certificate(SSL *s)
-{
-    X509 *x509 = NULL;
-    EVP_PKEY *pkey = NULL;
-    int i;
-    unsigned long l;
-
-    if (s->state == SSL3_ST_CW_CERT_A) {
-        if ((s->cert == NULL) ||
-            (s->cert->key->x509 == NULL) ||
-            (s->cert->key->privatekey == NULL))
-            s->state = SSL3_ST_CW_CERT_B;
-        else
-            s->state = SSL3_ST_CW_CERT_C;
-    }
-
-    /* We need to get a client cert */
-    if (s->state == SSL3_ST_CW_CERT_B) {
-        /*
-         * If we get an error, we need to ssl->rwstate=SSL_X509_LOOKUP;
-         * return(-1); We then get retied later
-         */
-        i = ssl_do_client_cert_cb(s, &x509, &pkey);
-        if (i < 0) {
-            s->rwstate = SSL_X509_LOOKUP;
-            return (-1);
-        }
-        s->rwstate = SSL_NOTHING;
-        if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
-            s->state = SSL3_ST_CW_CERT_B;
-            if (!SSL_use_certificate(s, x509) || !SSL_use_PrivateKey(s, pkey))
-                i = 0;
-        } else if (i == 1) {
-            i = 0;
-            SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,
-                   SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
-        }
-
-        if (x509 != NULL)
-            X509_free(x509);
-        if (pkey != NULL)
-            EVP_PKEY_free(pkey);
-        if (i == 0) {
-            if (s->version == SSL3_VERSION) {
-                s->s3->tmp.cert_req = 0;
-                ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_CERTIFICATE);
-                return (1);
-            } else {
-                s->s3->tmp.cert_req = 2;
-            }
-        }
-
-        /* Ok, we have a cert */
-        s->state = SSL3_ST_CW_CERT_C;
-    }
-
-    if (s->state == SSL3_ST_CW_CERT_C) {
-        s->state = SSL3_ST_CW_CERT_D;
-        l = ssl3_output_cert_chain(s,
-                                   (s->s3->tmp.cert_req ==
-                                    2) ? NULL : s->cert->key->x509);
-        if (!l) {
-            SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR);
-            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
-            s->state = SSL_ST_ERR;
-            return 0;
-        }
-        s->init_num = (int)l;
-        s->init_off = 0;
-    }
-    /* SSL3_ST_CW_CERT_D */
-    return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
-}
-
-#define has_bits(i,m)   (((i)&(m)) == (m))
-
-int ssl3_check_cert_and_algorithm(SSL *s)
-{
-    int i, idx;
-    long alg_k, alg_a;
-    EVP_PKEY *pkey = NULL;
-    int pkey_bits;
-    SESS_CERT *sc;
-#ifndef OPENSSL_NO_RSA
-    RSA *rsa;
-#endif
-#ifndef OPENSSL_NO_DH
-    DH *dh;
-#endif
-    int al = SSL_AD_HANDSHAKE_FAILURE;
-
-    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-    alg_a = s->s3->tmp.new_cipher->algorithm_auth;
-
-    /* we don't have a certificate */
-    if ((alg_a & (SSL_aDH | SSL_aNULL | SSL_aKRB5)) || (alg_k & SSL_kPSK))
-        return (1);
-
-    sc = s->session->sess_cert;
-    if (sc == NULL) {
-        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-#ifndef OPENSSL_NO_RSA
-    rsa = s->session->sess_cert->peer_rsa_tmp;
-#endif
-#ifndef OPENSSL_NO_DH
-    dh = s->session->sess_cert->peer_dh_tmp;
-#endif
-
-    /* This is the passed certificate */
-
-    idx = sc->peer_cert_type;
-#ifndef OPENSSL_NO_ECDH
-    if (idx == SSL_PKEY_ECC) {
-        if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509, s) == 0) {
-            /* check failed */
-            SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_BAD_ECC_CERT);
-            goto f_err;
-        } else {
-            return 1;
-        }
-    }
-#endif
-    pkey = X509_get_pubkey(sc->peer_pkeys[idx].x509);
-    pkey_bits = EVP_PKEY_bits(pkey);
-    i = X509_certificate_type(sc->peer_pkeys[idx].x509, pkey);
-    EVP_PKEY_free(pkey);
-
-    /* Check that we have a certificate if we require one */
-    if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA | EVP_PKT_SIGN)) {
-        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
-               SSL_R_MISSING_RSA_SIGNING_CERT);
-        goto f_err;
-    }
-#ifndef OPENSSL_NO_DSA
-    else if ((alg_a & SSL_aDSS) && !has_bits(i, EVP_PK_DSA | EVP_PKT_SIGN)) {
-        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
-               SSL_R_MISSING_DSA_SIGNING_CERT);
-        goto f_err;
-    }
-#endif
-#ifndef OPENSSL_NO_RSA
-    if (alg_k & SSL_kRSA) {
-        if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
-            !has_bits(i, EVP_PK_RSA | EVP_PKT_ENC)) {
-            SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
-                   SSL_R_MISSING_RSA_ENCRYPTING_CERT);
-            goto f_err;
-        } else if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)) {
-            if (pkey_bits <= SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
-                if (!has_bits(i, EVP_PK_RSA | EVP_PKT_ENC)) {
-                    SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
-                           SSL_R_MISSING_RSA_ENCRYPTING_CERT);
-                    goto f_err;
-                }
-                if (rsa != NULL) {
-                    /* server key exchange is not allowed. */
-                    al = SSL_AD_INTERNAL_ERROR;
-                    SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR);
-                    goto f_err;
-                }
-            }
-        }
-    }
-#endif
-#ifndef OPENSSL_NO_DH
-    if ((alg_k & SSL_kEDH) && dh == NULL) {
-        al = SSL_AD_INTERNAL_ERROR;
-        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR);
-        goto f_err;
-    }
-    if ((alg_k & SSL_kDHr) && !has_bits(i, EVP_PK_DH | EVP_PKS_RSA)) {
-        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
-               SSL_R_MISSING_DH_RSA_CERT);
-        goto f_err;
-    }
-# ifndef OPENSSL_NO_DSA
-    if ((alg_k & SSL_kDHd) && !has_bits(i, EVP_PK_DH | EVP_PKS_DSA)) {
-        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
-               SSL_R_MISSING_DH_DSA_CERT);
-        goto f_err;
-    }
-# endif
-
-    /* Check DHE only: static DH not implemented. */
-    if (alg_k & SSL_kEDH) {
-        int dh_size = BN_num_bits(dh->p);
-        if ((!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 768)
-            || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 512)) {
-            SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_DH_KEY_TOO_SMALL);
-            goto f_err;
-        }
-    }
-#endif  /* !OPENSSL_NO_DH */
-
-    if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
-        pkey_bits > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
-#ifndef OPENSSL_NO_RSA
-        if (alg_k & SSL_kRSA) {
-            if (rsa == NULL) {
-                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
-                       SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
-                goto f_err;
-            } else if (BN_num_bits(rsa->n) >
-                SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
-                /* We have a temporary RSA key but it's too large. */
-                al = SSL_AD_EXPORT_RESTRICTION;
-                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
-                       SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
-                goto f_err;
-            }
-        } else
-#endif
-#ifndef OPENSSL_NO_DH
-        if (alg_k & SSL_kEDH) {
-            if (BN_num_bits(dh->p) >
-                SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
-                /* We have a temporary DH key but it's too large. */
-                al = SSL_AD_EXPORT_RESTRICTION;
-                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
-                       SSL_R_MISSING_EXPORT_TMP_DH_KEY);
-                goto f_err;
-            }
-        } else if (alg_k & (SSL_kDHr | SSL_kDHd)) {
-            /* The cert should have had an export DH key. */
-            al = SSL_AD_EXPORT_RESTRICTION;
-            SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
-                   SSL_R_MISSING_EXPORT_TMP_DH_KEY);
-                goto f_err;
-        } else
-#endif
-        {
-            SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
-                   SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
-            goto f_err;
-        }
-    }
-    return (1);
- f_err:
-    ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
-    return (0);
-}
-
-#ifndef OPENSSL_NO_TLSEXT
-/*
- * Normally, we can tell if the server is resuming the session from
- * the session ID. EAP-FAST (RFC 4851), however, relies on the next server
- * message after the ServerHello to determine if the server is resuming.
- * Therefore, we allow EAP-FAST to peek ahead.
- * ssl3_check_finished returns 1 if we are resuming from an external
- * pre-shared secret, we have a "ticket" and the next server handshake message
- * is Finished; and 0 otherwise. It returns -1 upon an error.
- */
-static int ssl3_check_finished(SSL *s)
-{
-    int ok = 0;
-
-    if (s->version < TLS1_VERSION || !s->tls_session_secret_cb ||
-        !s->session->tlsext_tick)
-        return 0;
-
-    /* Need to permit this temporarily, in case the next message is Finished. */
-    s->s3->flags |= SSL3_FLAGS_CCS_OK;
-    /*
-     * This function is called when we might get a Certificate message instead,
-     * so permit appropriate message length.
-     * We ignore the return value as we're only interested in the message type
-     * and not its length.
-     */
-    s->method->ssl_get_message(s,
-                               SSL3_ST_CR_CERT_A,
-                               SSL3_ST_CR_CERT_B,
-                               -1, s->max_cert_list, &ok);
-    s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
-
-    if (!ok)
-        return -1;
-
-    s->s3->tmp.reuse_message = 1;
-
-    if (s->s3->tmp.message_type == SSL3_MT_FINISHED)
-        return 1;
-
-    /* If we're not done, then the CCS arrived early and we should bail. */
-    if (s->s3->change_cipher_spec) {
-        SSLerr(SSL_F_SSL3_CHECK_FINISHED, SSL_R_CCS_RECEIVED_EARLY);
-        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
-        return -1;
-    }
-
-    return 0;
-}
-
-# ifndef OPENSSL_NO_NEXTPROTONEG
-int ssl3_send_next_proto(SSL *s)
-{
-    unsigned int len, padding_len;
-    unsigned char *d;
-
-    if (s->state == SSL3_ST_CW_NEXT_PROTO_A) {
-        len = s->next_proto_negotiated_len;
-        padding_len = 32 - ((len + 2) % 32);
-        d = (unsigned char *)s->init_buf->data;
-        d[4] = len;
-        memcpy(d + 5, s->next_proto_negotiated, len);
-        d[5 + len] = padding_len;
-        memset(d + 6 + len, 0, padding_len);
-        *(d++) = SSL3_MT_NEXT_PROTO;
-        l2n3(2 + len + padding_len, d);
-        s->state = SSL3_ST_CW_NEXT_PROTO_B;
-        s->init_num = 4 + 2 + len + padding_len;
-        s->init_off = 0;
-    }
-
-    return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
-}
-#endif                          /* !OPENSSL_NO_NEXTPROTONEG */
-#endif                          /* !OPENSSL_NO_TLSEXT */
-
-int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
-{
-    int i = 0;
-#ifndef OPENSSL_NO_ENGINE
-    if (s->ctx->client_cert_engine) {
-        i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,
-                                        SSL_get_client_CA_list(s),
-                                        px509, ppkey, NULL, NULL, NULL);
-        if (i != 0)
-            return i;
-    }
-#endif
-    if (s->ctx->client_cert_cb)
-        i = s->ctx->client_cert_cb(s, px509, ppkey);
-    return i;
-}

Copied: vendor-crypto/openssl/1.0.1u/ssl/s3_clnt.c (from rev 11605, vendor-crypto/openssl/dist/ssl/s3_clnt.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/ssl/s3_clnt.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/ssl/s3_clnt.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,3562 @@
+/* ssl/s3_clnt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * ECC cipher suite support in OpenSSL originally written by
+ * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include "kssl_lcl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/md5.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+
+static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b);
+#ifndef OPENSSL_NO_TLSEXT
+static int ssl3_check_finished(SSL *s);
+#endif
+
+#ifndef OPENSSL_NO_SSL3_METHOD
+static const SSL_METHOD *ssl3_get_client_method(int ver)
+{
+    if (ver == SSL3_VERSION)
+        return (SSLv3_client_method());
+    else
+        return (NULL);
+}
+
+IMPLEMENT_ssl3_meth_func(SSLv3_client_method,
+                         ssl_undefined_function,
+                         ssl3_connect, ssl3_get_client_method)
+#endif
+int ssl3_connect(SSL *s)
+{
+    BUF_MEM *buf = NULL;
+    unsigned long Time = (unsigned long)time(NULL);
+    void (*cb) (const SSL *ssl, int type, int val) = NULL;
+    int ret = -1;
+    int new_state, state, skip = 0;
+
+    RAND_add(&Time, sizeof(Time), 0);
+    ERR_clear_error();
+    clear_sys_error();
+
+    if (s->info_callback != NULL)
+        cb = s->info_callback;
+    else if (s->ctx->info_callback != NULL)
+        cb = s->ctx->info_callback;
+
+    s->in_handshake++;
+    if (!SSL_in_init(s) || SSL_in_before(s))
+        SSL_clear(s);
+
+#ifndef OPENSSL_NO_HEARTBEATS
+    /*
+     * If we're awaiting a HeartbeatResponse, pretend we already got and
+     * don't await it anymore, because Heartbeats don't make sense during
+     * handshakes anyway.
+     */
+    if (s->tlsext_hb_pending) {
+        s->tlsext_hb_pending = 0;
+        s->tlsext_hb_seq++;
+    }
+#endif
+
+    for (;;) {
+        state = s->state;
+
+        switch (s->state) {
+        case SSL_ST_RENEGOTIATE:
+            s->renegotiate = 1;
+            s->state = SSL_ST_CONNECT;
+            s->ctx->stats.sess_connect_renegotiate++;
+            /* break */
+        case SSL_ST_BEFORE:
+        case SSL_ST_CONNECT:
+        case SSL_ST_BEFORE | SSL_ST_CONNECT:
+        case SSL_ST_OK | SSL_ST_CONNECT:
+
+            s->server = 0;
+            if (cb != NULL)
+                cb(s, SSL_CB_HANDSHAKE_START, 1);
+
+            if ((s->version & 0xff00) != 0x0300) {
+                SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR);
+                s->state = SSL_ST_ERR;
+                ret = -1;
+                goto end;
+            }
+
+            /* s->version=SSL3_VERSION; */
+            s->type = SSL_ST_CONNECT;
+
+            if (s->init_buf == NULL) {
+                if ((buf = BUF_MEM_new()) == NULL) {
+                    ret = -1;
+                    s->state = SSL_ST_ERR;
+                    goto end;
+                }
+                if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
+                    ret = -1;
+                    s->state = SSL_ST_ERR;
+                    goto end;
+                }
+                s->init_buf = buf;
+                buf = NULL;
+            }
+
+            if (!ssl3_setup_buffers(s)) {
+                ret = -1;
+                goto end;
+            }
+
+            /* setup buffing BIO */
+            if (!ssl_init_wbio_buffer(s, 0)) {
+                ret = -1;
+                s->state = SSL_ST_ERR;
+                goto end;
+            }
+
+            /* don't push the buffering BIO quite yet */
+
+            ssl3_init_finished_mac(s);
+
+            s->state = SSL3_ST_CW_CLNT_HELLO_A;
+            s->ctx->stats.sess_connect++;
+            s->init_num = 0;
+            s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
+            /*
+             * Should have been reset by ssl3_get_finished, too.
+             */
+            s->s3->change_cipher_spec = 0;
+            break;
+
+        case SSL3_ST_CW_CLNT_HELLO_A:
+        case SSL3_ST_CW_CLNT_HELLO_B:
+
+            s->shutdown = 0;
+            ret = ssl3_client_hello(s);
+            if (ret <= 0)
+                goto end;
+            s->state = SSL3_ST_CR_SRVR_HELLO_A;
+            s->init_num = 0;
+
+            /* turn on buffering for the next lot of output */
+            if (s->bbio != s->wbio)
+                s->wbio = BIO_push(s->bbio, s->wbio);
+
+            break;
+
+        case SSL3_ST_CR_SRVR_HELLO_A:
+        case SSL3_ST_CR_SRVR_HELLO_B:
+            ret = ssl3_get_server_hello(s);
+            if (ret <= 0)
+                goto end;
+
+            if (s->hit) {
+                s->state = SSL3_ST_CR_FINISHED_A;
+#ifndef OPENSSL_NO_TLSEXT
+                if (s->tlsext_ticket_expected) {
+                    /* receive renewed session ticket */
+                    s->state = SSL3_ST_CR_SESSION_TICKET_A;
+                }
+#endif
+            } else
+                s->state = SSL3_ST_CR_CERT_A;
+            s->init_num = 0;
+            break;
+
+        case SSL3_ST_CR_CERT_A:
+        case SSL3_ST_CR_CERT_B:
+#ifndef OPENSSL_NO_TLSEXT
+            /* Noop (ret = 0) for everything but EAP-FAST. */
+            ret = ssl3_check_finished(s);
+            if (ret < 0)
+                goto end;
+            if (ret == 1) {
+                s->hit = 1;
+                s->state = SSL3_ST_CR_FINISHED_A;
+                s->init_num = 0;
+                break;
+            }
+#endif
+            /* Check if it is anon DH/ECDH, SRP auth */
+            /* or PSK */
+            if (!
+                (s->s3->tmp.
+                 new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
+                    && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
+                ret = ssl3_get_server_certificate(s);
+                if (ret <= 0)
+                    goto end;
+#ifndef OPENSSL_NO_TLSEXT
+                if (s->tlsext_status_expected)
+                    s->state = SSL3_ST_CR_CERT_STATUS_A;
+                else
+                    s->state = SSL3_ST_CR_KEY_EXCH_A;
+            } else {
+                skip = 1;
+                s->state = SSL3_ST_CR_KEY_EXCH_A;
+            }
+#else
+            } else
+                skip = 1;
+
+            s->state = SSL3_ST_CR_KEY_EXCH_A;
+#endif
+            s->init_num = 0;
+            break;
+
+        case SSL3_ST_CR_KEY_EXCH_A:
+        case SSL3_ST_CR_KEY_EXCH_B:
+            ret = ssl3_get_key_exchange(s);
+            if (ret <= 0)
+                goto end;
+            s->state = SSL3_ST_CR_CERT_REQ_A;
+            s->init_num = 0;
+
+            /*
+             * at this point we check that we have the required stuff from
+             * the server
+             */
+            if (!ssl3_check_cert_and_algorithm(s)) {
+                ret = -1;
+                s->state = SSL_ST_ERR;
+                goto end;
+            }
+            break;
+
+        case SSL3_ST_CR_CERT_REQ_A:
+        case SSL3_ST_CR_CERT_REQ_B:
+            ret = ssl3_get_certificate_request(s);
+            if (ret <= 0)
+                goto end;
+            s->state = SSL3_ST_CR_SRVR_DONE_A;
+            s->init_num = 0;
+            break;
+
+        case SSL3_ST_CR_SRVR_DONE_A:
+        case SSL3_ST_CR_SRVR_DONE_B:
+            ret = ssl3_get_server_done(s);
+            if (ret <= 0)
+                goto end;
+#ifndef OPENSSL_NO_SRP
+            if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) {
+                if ((ret = SRP_Calc_A_param(s)) <= 0) {
+                    SSLerr(SSL_F_SSL3_CONNECT, SSL_R_SRP_A_CALC);
+                    ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+                    s->state = SSL_ST_ERR;
+                    goto end;
+                }
+            }
+#endif
+            if (s->s3->tmp.cert_req)
+                s->state = SSL3_ST_CW_CERT_A;
+            else
+                s->state = SSL3_ST_CW_KEY_EXCH_A;
+            s->init_num = 0;
+
+            break;
+
+        case SSL3_ST_CW_CERT_A:
+        case SSL3_ST_CW_CERT_B:
+        case SSL3_ST_CW_CERT_C:
+        case SSL3_ST_CW_CERT_D:
+            ret = ssl3_send_client_certificate(s);
+            if (ret <= 0)
+                goto end;
+            s->state = SSL3_ST_CW_KEY_EXCH_A;
+            s->init_num = 0;
+            break;
+
+        case SSL3_ST_CW_KEY_EXCH_A:
+        case SSL3_ST_CW_KEY_EXCH_B:
+            ret = ssl3_send_client_key_exchange(s);
+            if (ret <= 0)
+                goto end;
+            /*
+             * EAY EAY EAY need to check for DH fix cert sent back
+             */
+            /*
+             * For TLS, cert_req is set to 2, so a cert chain of nothing is
+             * sent, but no verify packet is sent
+             */
+            /*
+             * XXX: For now, we do not support client authentication in ECDH
+             * cipher suites with ECDH (rather than ECDSA) certificates. We
+             * need to skip the certificate verify message when client's
+             * ECDH public key is sent inside the client certificate.
+             */
+            if (s->s3->tmp.cert_req == 1) {
+                s->state = SSL3_ST_CW_CERT_VRFY_A;
+            } else {
+                s->state = SSL3_ST_CW_CHANGE_A;
+            }
+            if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
+                s->state = SSL3_ST_CW_CHANGE_A;
+            }
+
+            s->init_num = 0;
+            break;
+
+        case SSL3_ST_CW_CERT_VRFY_A:
+        case SSL3_ST_CW_CERT_VRFY_B:
+            ret = ssl3_send_client_verify(s);
+            if (ret <= 0)
+                goto end;
+            s->state = SSL3_ST_CW_CHANGE_A;
+            s->init_num = 0;
+            break;
+
+        case SSL3_ST_CW_CHANGE_A:
+        case SSL3_ST_CW_CHANGE_B:
+            ret = ssl3_send_change_cipher_spec(s,
+                                               SSL3_ST_CW_CHANGE_A,
+                                               SSL3_ST_CW_CHANGE_B);
+            if (ret <= 0)
+                goto end;
+
+#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
+            s->state = SSL3_ST_CW_FINISHED_A;
+#else
+            if (s->s3->next_proto_neg_seen)
+                s->state = SSL3_ST_CW_NEXT_PROTO_A;
+            else
+                s->state = SSL3_ST_CW_FINISHED_A;
+#endif
+            s->init_num = 0;
+
+            s->session->cipher = s->s3->tmp.new_cipher;
+#ifdef OPENSSL_NO_COMP
+            s->session->compress_meth = 0;
+#else
+            if (s->s3->tmp.new_compression == NULL)
+                s->session->compress_meth = 0;
+            else
+                s->session->compress_meth = s->s3->tmp.new_compression->id;
+#endif
+            if (!s->method->ssl3_enc->setup_key_block(s)) {
+                ret = -1;
+                s->state = SSL_ST_ERR;
+                goto end;
+            }
+
+            if (!s->method->ssl3_enc->change_cipher_state(s,
+                                                          SSL3_CHANGE_CIPHER_CLIENT_WRITE))
+            {
+                ret = -1;
+                s->state = SSL_ST_ERR;
+                goto end;
+            }
+
+            break;
+
+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
+        case SSL3_ST_CW_NEXT_PROTO_A:
+        case SSL3_ST_CW_NEXT_PROTO_B:
+            ret = ssl3_send_next_proto(s);
+            if (ret <= 0)
+                goto end;
+            s->state = SSL3_ST_CW_FINISHED_A;
+            break;
+#endif
+
+        case SSL3_ST_CW_FINISHED_A:
+        case SSL3_ST_CW_FINISHED_B:
+            ret = ssl3_send_finished(s,
+                                     SSL3_ST_CW_FINISHED_A,
+                                     SSL3_ST_CW_FINISHED_B,
+                                     s->method->
+                                     ssl3_enc->client_finished_label,
+                                     s->method->
+                                     ssl3_enc->client_finished_label_len);
+            if (ret <= 0)
+                goto end;
+            s->state = SSL3_ST_CW_FLUSH;
+
+            /* clear flags */
+            s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
+            if (s->hit) {
+                s->s3->tmp.next_state = SSL_ST_OK;
+                if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
+                    s->state = SSL_ST_OK;
+                    s->s3->flags |= SSL3_FLAGS_POP_BUFFER;
+                    s->s3->delay_buf_pop_ret = 0;
+                }
+            } else {
+#ifndef OPENSSL_NO_TLSEXT
+                /*
+                 * Allow NewSessionTicket if ticket expected
+                 */
+                if (s->tlsext_ticket_expected)
+                    s->s3->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A;
+                else
+#endif
+
+                    s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A;
+            }
+            s->init_num = 0;
+            break;
+
+#ifndef OPENSSL_NO_TLSEXT
+        case SSL3_ST_CR_SESSION_TICKET_A:
+        case SSL3_ST_CR_SESSION_TICKET_B:
+            ret = ssl3_get_new_session_ticket(s);
+            if (ret <= 0)
+                goto end;
+            s->state = SSL3_ST_CR_FINISHED_A;
+            s->init_num = 0;
+            break;
+
+        case SSL3_ST_CR_CERT_STATUS_A:
+        case SSL3_ST_CR_CERT_STATUS_B:
+            ret = ssl3_get_cert_status(s);
+            if (ret <= 0)
+                goto end;
+            s->state = SSL3_ST_CR_KEY_EXCH_A;
+            s->init_num = 0;
+            break;
+#endif
+
+        case SSL3_ST_CR_FINISHED_A:
+        case SSL3_ST_CR_FINISHED_B:
+            if (!s->s3->change_cipher_spec)
+                s->s3->flags |= SSL3_FLAGS_CCS_OK;
+            ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A,
+                                    SSL3_ST_CR_FINISHED_B);
+            if (ret <= 0)
+                goto end;
+
+            if (s->hit)
+                s->state = SSL3_ST_CW_CHANGE_A;
+            else
+                s->state = SSL_ST_OK;
+            s->init_num = 0;
+            break;
+
+        case SSL3_ST_CW_FLUSH:
+            s->rwstate = SSL_WRITING;
+            if (BIO_flush(s->wbio) <= 0) {
+                ret = -1;
+                goto end;
+            }
+            s->rwstate = SSL_NOTHING;
+            s->state = s->s3->tmp.next_state;
+            break;
+
+        case SSL_ST_OK:
+            /* clean a few things up */
+            ssl3_cleanup_key_block(s);
+
+            if (s->init_buf != NULL) {
+                BUF_MEM_free(s->init_buf);
+                s->init_buf = NULL;
+            }
+
+            /*
+             * If we are not 'joining' the last two packets, remove the
+             * buffering now
+             */
+            if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
+                ssl_free_wbio_buffer(s);
+            /* else do it later in ssl3_write */
+
+            s->init_num = 0;
+            s->renegotiate = 0;
+            s->new_session = 0;
+
+            ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
+            if (s->hit)
+                s->ctx->stats.sess_hit++;
+
+            ret = 1;
+            /* s->server=0; */
+            s->handshake_func = ssl3_connect;
+            s->ctx->stats.sess_connect_good++;
+
+            if (cb != NULL)
+                cb(s, SSL_CB_HANDSHAKE_DONE, 1);
+
+            goto end;
+            /* break; */
+
+        case SSL_ST_ERR:
+        default:
+            SSLerr(SSL_F_SSL3_CONNECT, SSL_R_UNKNOWN_STATE);
+            ret = -1;
+            goto end;
+            /* break; */
+        }
+
+        /* did we do anything */
+        if (!s->s3->tmp.reuse_message && !skip) {
+            if (s->debug) {
+                if ((ret = BIO_flush(s->wbio)) <= 0)
+                    goto end;
+            }
+
+            if ((cb != NULL) && (s->state != state)) {
+                new_state = s->state;
+                s->state = state;
+                cb(s, SSL_CB_CONNECT_LOOP, 1);
+                s->state = new_state;
+            }
+        }
+        skip = 0;
+    }
+ end:
+    s->in_handshake--;
+    if (buf != NULL)
+        BUF_MEM_free(buf);
+    if (cb != NULL)
+        cb(s, SSL_CB_CONNECT_EXIT, ret);
+    return (ret);
+}
+
+int ssl3_client_hello(SSL *s)
+{
+    unsigned char *buf;
+    unsigned char *p, *d;
+    int i;
+    unsigned long l;
+#ifndef OPENSSL_NO_COMP
+    int j;
+    SSL_COMP *comp;
+#endif
+
+    buf = (unsigned char *)s->init_buf->data;
+    if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
+        SSL_SESSION *sess = s->session;
+        if ((sess == NULL) || (sess->ssl_version != s->version) ||
+#ifdef OPENSSL_NO_TLSEXT
+            !sess->session_id_length ||
+#else
+            /*
+             * In the case of EAP-FAST, we can have a pre-shared
+             * "ticket" without a session ID.
+             */
+            (!sess->session_id_length && !sess->tlsext_tick) ||
+#endif
+            (sess->not_resumable)) {
+            if (!ssl_get_new_session(s, 0))
+                goto err;
+        }
+        /* else use the pre-loaded session */
+
+        p = s->s3->client_random;
+
+        if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
+            goto err;
+
+        /* Do the message type and length last */
+        d = p = &(buf[4]);
+
+        /*-
+         * version indicates the negotiated version: for example from
+         * an SSLv2/v3 compatible client hello). The client_version
+         * field is the maximum version we permit and it is also
+         * used in RSA encrypted premaster secrets. Some servers can
+         * choke if we initially report a higher version then
+         * renegotiate to a lower one in the premaster secret. This
+         * didn't happen with TLS 1.0 as most servers supported it
+         * but it can with TLS 1.1 or later if the server only supports
+         * 1.0.
+         *
+         * Possible scenario with previous logic:
+         *      1. Client hello indicates TLS 1.2
+         *      2. Server hello says TLS 1.0
+         *      3. RSA encrypted premaster secret uses 1.2.
+         *      4. Handhaked proceeds using TLS 1.0.
+         *      5. Server sends hello request to renegotiate.
+         *      6. Client hello indicates TLS v1.0 as we now
+         *         know that is maximum server supports.
+         *      7. Server chokes on RSA encrypted premaster secret
+         *         containing version 1.0.
+         *
+         * For interoperability it should be OK to always use the
+         * maximum version we support in client hello and then rely
+         * on the checking of version to ensure the servers isn't
+         * being inconsistent: for example initially negotiating with
+         * TLS 1.0 and renegotiating with TLS 1.2. We do this by using
+         * client_version in client hello and not resetting it to
+         * the negotiated version.
+         */
+#if 0
+        *(p++) = s->version >> 8;
+        *(p++) = s->version & 0xff;
+        s->client_version = s->version;
+#else
+        *(p++) = s->client_version >> 8;
+        *(p++) = s->client_version & 0xff;
+#endif
+
+        /* Random stuff */
+        memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
+        p += SSL3_RANDOM_SIZE;
+
+        /* Session ID */
+        if (s->new_session)
+            i = 0;
+        else
+            i = s->session->session_id_length;
+        *(p++) = i;
+        if (i != 0) {
+            if (i > (int)sizeof(s->session->session_id)) {
+                SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            memcpy(p, s->session->session_id, i);
+            p += i;
+        }
+
+        /* Ciphers supported */
+        i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0);
+        if (i == 0) {
+            SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
+            goto err;
+        }
+#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH
+        /*
+         * Some servers hang if client hello > 256 bytes as hack workaround
+         * chop number of supported ciphers to keep it well below this if we
+         * use TLS v1.2
+         */
+        if (TLS1_get_version(s) >= TLS1_2_VERSION
+            && i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
+            i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
+#endif
+        s2n(i, p);
+        p += i;
+
+        /* COMPRESSION */
+#ifdef OPENSSL_NO_COMP
+        *(p++) = 1;
+#else
+
+        if ((s->options & SSL_OP_NO_COMPRESSION)
+            || !s->ctx->comp_methods)
+            j = 0;
+        else
+            j = sk_SSL_COMP_num(s->ctx->comp_methods);
+        *(p++) = 1 + j;
+        for (i = 0; i < j; i++) {
+            comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
+            *(p++) = comp->id;
+        }
+#endif
+        *(p++) = 0;             /* Add the NULL method */
+
+#ifndef OPENSSL_NO_TLSEXT
+        /* TLS extensions */
+        if (ssl_prepare_clienthello_tlsext(s) <= 0) {
+            SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
+            goto err;
+        }
+        if ((p =
+             ssl_add_clienthello_tlsext(s, p,
+                                        buf + SSL3_RT_MAX_PLAIN_LENGTH)) ==
+            NULL) {
+            SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+#endif
+
+        l = (p - d);
+        d = buf;
+        *(d++) = SSL3_MT_CLIENT_HELLO;
+        l2n3(l, d);
+
+        s->state = SSL3_ST_CW_CLNT_HELLO_B;
+        /* number of bytes to write */
+        s->init_num = p - buf;
+        s->init_off = 0;
+    }
+
+    /* SSL3_ST_CW_CLNT_HELLO_B */
+    return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+ err:
+    s->state = SSL_ST_ERR;
+    return (-1);
+}
+
+int ssl3_get_server_hello(SSL *s)
+{
+    STACK_OF(SSL_CIPHER) *sk;
+    const SSL_CIPHER *c;
+    unsigned char *p, *d;
+    int i, al, ok;
+    unsigned int j;
+    long n;
+#ifndef OPENSSL_NO_COMP
+    SSL_COMP *comp;
+#endif
+
+    n = s->method->ssl_get_message(s,
+                                   SSL3_ST_CR_SRVR_HELLO_A,
+                                   SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, &ok);
+
+    if (!ok)
+        return ((int)n);
+
+    if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) {
+        if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
+            if (s->d1->send_cookie == 0) {
+                s->s3->tmp.reuse_message = 1;
+                return 1;
+            } else {            /* already sent a cookie */
+
+                al = SSL_AD_UNEXPECTED_MESSAGE;
+                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_MESSAGE_TYPE);
+                goto f_err;
+            }
+        }
+    }
+
+    if (s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO) {
+        al = SSL_AD_UNEXPECTED_MESSAGE;
+        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_MESSAGE_TYPE);
+        goto f_err;
+    }
+
+    d = p = (unsigned char *)s->init_msg;
+
+    if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) {
+        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_SSL_VERSION);
+        s->version = (s->version & 0xff00) | p[1];
+        al = SSL_AD_PROTOCOL_VERSION;
+        goto f_err;
+    }
+    p += 2;
+
+    /* load the server hello data */
+    /* load the server random */
+    memcpy(s->s3->server_random, p, SSL3_RANDOM_SIZE);
+    p += SSL3_RANDOM_SIZE;
+
+    s->hit = 0;
+
+    /* get the session-id */
+    j = *(p++);
+
+    if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE)) {
+        al = SSL_AD_ILLEGAL_PARAMETER;
+        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_SSL3_SESSION_ID_TOO_LONG);
+        goto f_err;
+    }
+#ifndef OPENSSL_NO_TLSEXT
+    /*
+     * Check if we can resume the session based on external pre-shared secret.
+     * EAP-FAST (RFC 4851) supports two types of session resumption.
+     * Resumption based on server-side state works with session IDs.
+     * Resumption based on pre-shared Protected Access Credentials (PACs)
+     * works by overriding the SessionTicket extension at the application
+     * layer, and does not send a session ID. (We do not know whether EAP-FAST
+     * servers would honour the session ID.) Therefore, the session ID alone
+     * is not a reliable indicator of session resumption, so we first check if
+     * we can resume, and later peek at the next handshake message to see if the
+     * server wants to resume.
+     */
+    if (s->version >= TLS1_VERSION && s->tls_session_secret_cb &&
+        s->session->tlsext_tick) {
+        SSL_CIPHER *pref_cipher = NULL;
+        s->session->master_key_length = sizeof(s->session->master_key);
+        if (s->tls_session_secret_cb(s, s->session->master_key,
+                                     &s->session->master_key_length,
+                                     NULL, &pref_cipher,
+                                     s->tls_session_secret_cb_arg)) {
+            s->session->cipher = pref_cipher ?
+                pref_cipher : ssl_get_cipher_by_char(s, p + j);
+        } else {
+            SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
+            al = SSL_AD_INTERNAL_ERROR;
+            goto f_err;
+        }
+    }
+#endif                          /* OPENSSL_NO_TLSEXT */
+
+    if (j != 0 && j == s->session->session_id_length
+        && memcmp(p, s->session->session_id, j) == 0) {
+        if (s->sid_ctx_length != s->session->sid_ctx_length
+            || memcmp(s->session->sid_ctx, s->sid_ctx, s->sid_ctx_length)) {
+            /* actually a client application bug */
+            al = SSL_AD_ILLEGAL_PARAMETER;
+            SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
+                   SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+            goto f_err;
+        }
+        s->hit = 1;
+    } else {
+        /*
+         * If we were trying for session-id reuse but the server
+         * didn't echo the ID, make a new SSL_SESSION.
+         * In the case of EAP-FAST and PAC, we do not send a session ID,
+         * so the PAC-based session secret is always preserved. It'll be
+         * overwritten if the server refuses resumption.
+         */
+        if (s->session->session_id_length > 0) {
+            if (!ssl_get_new_session(s, 0)) {
+                al = SSL_AD_INTERNAL_ERROR;
+                goto f_err;
+            }
+        }
+        s->session->session_id_length = j;
+        memcpy(s->session->session_id, p, j); /* j could be 0 */
+    }
+    p += j;
+    c = ssl_get_cipher_by_char(s, p);
+    if (c == NULL) {
+        /* unknown cipher */
+        al = SSL_AD_ILLEGAL_PARAMETER;
+        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_UNKNOWN_CIPHER_RETURNED);
+        goto f_err;
+    }
+    /* TLS v1.2 only ciphersuites require v1.2 or later */
+    if ((c->algorithm_ssl & SSL_TLSV1_2) &&
+        (TLS1_get_version(s) < TLS1_2_VERSION)) {
+        al = SSL_AD_ILLEGAL_PARAMETER;
+        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_CIPHER_RETURNED);
+        goto f_err;
+    }
+#ifndef OPENSSL_NO_SRP
+    if (((c->algorithm_mkey & SSL_kSRP) || (c->algorithm_auth & SSL_aSRP)) &&
+        !(s->srp_ctx.srp_Mask & SSL_kSRP)) {
+        al = SSL_AD_ILLEGAL_PARAMETER;
+        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_CIPHER_RETURNED);
+        goto f_err;
+    }
+#endif                          /* OPENSSL_NO_SRP */
+    p += ssl_put_cipher_by_char(s, NULL, NULL);
+
+    sk = ssl_get_ciphers_by_id(s);
+    i = sk_SSL_CIPHER_find(sk, c);
+    if (i < 0) {
+        /* we did not say we would use this cipher */
+        al = SSL_AD_ILLEGAL_PARAMETER;
+        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_CIPHER_RETURNED);
+        goto f_err;
+    }
+
+    /*
+     * Depending on the session caching (internal/external), the cipher
+     * and/or cipher_id values may not be set. Make sure that cipher_id is
+     * set and use it for comparison.
+     */
+    if (s->session->cipher)
+        s->session->cipher_id = s->session->cipher->id;
+    if (s->hit && (s->session->cipher_id != c->id)) {
+/* Workaround is now obsolete */
+#if 0
+        if (!(s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
+#endif
+        {
+            al = SSL_AD_ILLEGAL_PARAMETER;
+            SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
+                   SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
+            goto f_err;
+        }
+    }
+    s->s3->tmp.new_cipher = c;
+    /*
+     * Don't digest cached records if TLS v1.2: we may need them for client
+     * authentication.
+     */
+    if (TLS1_get_version(s) < TLS1_2_VERSION
+        && !ssl3_digest_cached_records(s)) {
+        al = SSL_AD_INTERNAL_ERROR;
+        goto f_err;
+    }
+    /* lets get the compression algorithm */
+    /* COMPRESSION */
+#ifdef OPENSSL_NO_COMP
+    if (*(p++) != 0) {
+        al = SSL_AD_ILLEGAL_PARAMETER;
+        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
+               SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+        goto f_err;
+    }
+    /*
+     * If compression is disabled we'd better not try to resume a session
+     * using compression.
+     */
+    if (s->session->compress_meth != 0) {
+        al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_INCONSISTENT_COMPRESSION);
+        goto f_err;
+    }
+#else
+    j = *(p++);
+    if (s->hit && j != s->session->compress_meth) {
+        al = SSL_AD_ILLEGAL_PARAMETER;
+        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
+               SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED);
+        goto f_err;
+    }
+    if (j == 0)
+        comp = NULL;
+    else if (s->options & SSL_OP_NO_COMPRESSION) {
+        al = SSL_AD_ILLEGAL_PARAMETER;
+        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_COMPRESSION_DISABLED);
+        goto f_err;
+    } else
+        comp = ssl3_comp_find(s->ctx->comp_methods, j);
+
+    if ((j != 0) && (comp == NULL)) {
+        al = SSL_AD_ILLEGAL_PARAMETER;
+        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
+               SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+        goto f_err;
+    } else {
+        s->s3->tmp.new_compression = comp;
+    }
+#endif
+
+#ifndef OPENSSL_NO_TLSEXT
+    /* TLS extensions */
+    if (s->version >= SSL3_VERSION) {
+        if (!ssl_parse_serverhello_tlsext(s, &p, d, n, &al)) {
+            /* 'al' set by ssl_parse_serverhello_tlsext */
+            SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_PARSE_TLSEXT);
+            goto f_err;
+        }
+        if (ssl_check_serverhello_tlsext(s) <= 0) {
+            SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_SERVERHELLO_TLSEXT);
+            goto err;
+        }
+    }
+#endif
+
+    if (p != (d + n)) {
+        /* wrong packet length */
+        al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_PACKET_LENGTH);
+        goto f_err;
+    }
+
+    return (1);
+ f_err:
+    ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ err:
+    s->state = SSL_ST_ERR;
+    return (-1);
+}
+
+int ssl3_get_server_certificate(SSL *s)
+{
+    int al, i, ok, ret = -1;
+    unsigned long n, nc, llen, l;
+    X509 *x = NULL;
+    const unsigned char *q, *p;
+    unsigned char *d;
+    STACK_OF(X509) *sk = NULL;
+    SESS_CERT *sc;
+    EVP_PKEY *pkey = NULL;
+    int need_cert = 1;          /* VRS: 0=> will allow null cert if auth ==
+                                 * KRB5 */
+
+    n = s->method->ssl_get_message(s,
+                                   SSL3_ST_CR_CERT_A,
+                                   SSL3_ST_CR_CERT_B,
+                                   -1, s->max_cert_list, &ok);
+
+    if (!ok)
+        return ((int)n);
+
+    if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) ||
+        ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) &&
+         (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE))) {
+        s->s3->tmp.reuse_message = 1;
+        return (1);
+    }
+
+    if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) {
+        al = SSL_AD_UNEXPECTED_MESSAGE;
+        SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_BAD_MESSAGE_TYPE);
+        goto f_err;
+    }
+    p = d = (unsigned char *)s->init_msg;
+
+    if ((sk = sk_X509_new_null()) == NULL) {
+        SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    n2l3(p, llen);
+    if (llen + 3 != n) {
+        al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_LENGTH_MISMATCH);
+        goto f_err;
+    }
+    for (nc = 0; nc < llen;) {
+        if (nc + 3 > llen) {
+            al = SSL_AD_DECODE_ERROR;
+            SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
+                   SSL_R_CERT_LENGTH_MISMATCH);
+            goto f_err;
+        }
+        n2l3(p, l);
+        if ((l + nc + 3) > llen) {
+            al = SSL_AD_DECODE_ERROR;
+            SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
+                   SSL_R_CERT_LENGTH_MISMATCH);
+            goto f_err;
+        }
+
+        q = p;
+        x = d2i_X509(NULL, &q, l);
+        if (x == NULL) {
+            al = SSL_AD_BAD_CERTIFICATE;
+            SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_ASN1_LIB);
+            goto f_err;
+        }
+        if (q != (p + l)) {
+            al = SSL_AD_DECODE_ERROR;
+            SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
+                   SSL_R_CERT_LENGTH_MISMATCH);
+            goto f_err;
+        }
+        if (!sk_X509_push(sk, x)) {
+            SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        x = NULL;
+        nc += l + 3;
+        p = q;
+    }
+
+    i = ssl_verify_cert_chain(s, sk);
+    if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)
+#ifndef OPENSSL_NO_KRB5
+        && !((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) &&
+             (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
+#endif                          /* OPENSSL_NO_KRB5 */
+        ) {
+        al = ssl_verify_alarm_type(s->verify_result);
+        SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
+               SSL_R_CERTIFICATE_VERIFY_FAILED);
+        goto f_err;
+    }
+    ERR_clear_error();          /* but we keep s->verify_result */
+
+    sc = ssl_sess_cert_new();
+    if (sc == NULL)
+        goto err;
+
+    if (s->session->sess_cert)
+        ssl_sess_cert_free(s->session->sess_cert);
+    s->session->sess_cert = sc;
+
+    sc->cert_chain = sk;
+    /*
+     * Inconsistency alert: cert_chain does include the peer's certificate,
+     * which we don't include in s3_srvr.c
+     */
+    x = sk_X509_value(sk, 0);
+    sk = NULL;
+    /*
+     * VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end
+     */
+
+    pkey = X509_get_pubkey(x);
+
+    /* VRS: allow null cert if auth == KRB5 */
+    need_cert = ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) &&
+                 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
+        ? 0 : 1;
+
+#ifdef KSSL_DEBUG
+    fprintf(stderr, "pkey,x = %p, %p\n", pkey, x);
+    fprintf(stderr, "ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x, pkey));
+    fprintf(stderr, "cipher, alg, nc = %s, %lx, %lx, %d\n",
+            s->s3->tmp.new_cipher->name,
+            s->s3->tmp.new_cipher->algorithm_mkey,
+            s->s3->tmp.new_cipher->algorithm_auth, need_cert);
+#endif                          /* KSSL_DEBUG */
+
+    if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))) {
+        x = NULL;
+        al = SSL3_AL_FATAL;
+        SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
+               SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
+        goto f_err;
+    }
+
+    i = ssl_cert_type(x, pkey);
+    if (need_cert && i < 0) {
+        x = NULL;
+        al = SSL3_AL_FATAL;
+        SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
+               SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+        goto f_err;
+    }
+
+    if (need_cert) {
+        sc->peer_cert_type = i;
+        CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+        /*
+         * Why would the following ever happen? We just created sc a couple
+         * of lines ago.
+         */
+        if (sc->peer_pkeys[i].x509 != NULL)
+            X509_free(sc->peer_pkeys[i].x509);
+        sc->peer_pkeys[i].x509 = x;
+        sc->peer_key = &(sc->peer_pkeys[i]);
+
+        if (s->session->peer != NULL)
+            X509_free(s->session->peer);
+        CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+        s->session->peer = x;
+    } else {
+        sc->peer_cert_type = i;
+        sc->peer_key = NULL;
+
+        if (s->session->peer != NULL)
+            X509_free(s->session->peer);
+        s->session->peer = NULL;
+    }
+    s->session->verify_result = s->verify_result;
+
+    x = NULL;
+    ret = 1;
+
+    if (0) {
+ f_err:
+        ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ err:
+        s->state = SSL_ST_ERR;
+    }
+
+    EVP_PKEY_free(pkey);
+    X509_free(x);
+    sk_X509_pop_free(sk, X509_free);
+    return (ret);
+}
+
+int ssl3_get_key_exchange(SSL *s)
+{
+#ifndef OPENSSL_NO_RSA
+    unsigned char *q, md_buf[EVP_MAX_MD_SIZE * 2];
+#endif
+    EVP_MD_CTX md_ctx;
+    unsigned char *param, *p;
+    int al, j, ok;
+    long i, param_len, n, alg_k, alg_a;
+    EVP_PKEY *pkey = NULL;
+    const EVP_MD *md = NULL;
+#ifndef OPENSSL_NO_RSA
+    RSA *rsa = NULL;
+#endif
+#ifndef OPENSSL_NO_DH
+    DH *dh = NULL;
+#endif
+#ifndef OPENSSL_NO_ECDH
+    EC_KEY *ecdh = NULL;
+    BN_CTX *bn_ctx = NULL;
+    EC_POINT *srvr_ecpoint = NULL;
+    int curve_nid = 0;
+    int encoded_pt_len = 0;
+#endif
+
+    EVP_MD_CTX_init(&md_ctx);
+
+    /*
+     * use same message size as in ssl3_get_certificate_request() as
+     * ServerKeyExchange message may be skipped
+     */
+    n = s->method->ssl_get_message(s,
+                                   SSL3_ST_CR_KEY_EXCH_A,
+                                   SSL3_ST_CR_KEY_EXCH_B,
+                                   -1, s->max_cert_list, &ok);
+    if (!ok)
+        return ((int)n);
+
+    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+
+    if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) {
+        /*
+         * Can't skip server key exchange if this is an ephemeral
+         * ciphersuite.
+         */
+        if (alg_k & (SSL_kEDH | SSL_kEECDH)) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
+            al = SSL_AD_UNEXPECTED_MESSAGE;
+            goto f_err;
+        }
+#ifndef OPENSSL_NO_PSK
+        /*
+         * In plain PSK ciphersuite, ServerKeyExchange can be omitted if no
+         * identity hint is sent. Set session->sess_cert anyway to avoid
+         * problems later.
+         */
+        if (alg_k & SSL_kPSK) {
+            s->session->sess_cert = ssl_sess_cert_new();
+            if (s->ctx->psk_identity_hint)
+                OPENSSL_free(s->ctx->psk_identity_hint);
+            s->ctx->psk_identity_hint = NULL;
+        }
+#endif
+        s->s3->tmp.reuse_message = 1;
+        return (1);
+    }
+
+    param = p = (unsigned char *)s->init_msg;
+    if (s->session->sess_cert != NULL) {
+#ifndef OPENSSL_NO_RSA
+        if (s->session->sess_cert->peer_rsa_tmp != NULL) {
+            RSA_free(s->session->sess_cert->peer_rsa_tmp);
+            s->session->sess_cert->peer_rsa_tmp = NULL;
+        }
+#endif
+#ifndef OPENSSL_NO_DH
+        if (s->session->sess_cert->peer_dh_tmp) {
+            DH_free(s->session->sess_cert->peer_dh_tmp);
+            s->session->sess_cert->peer_dh_tmp = NULL;
+        }
+#endif
+#ifndef OPENSSL_NO_ECDH
+        if (s->session->sess_cert->peer_ecdh_tmp) {
+            EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
+            s->session->sess_cert->peer_ecdh_tmp = NULL;
+        }
+#endif
+    } else {
+        s->session->sess_cert = ssl_sess_cert_new();
+    }
+
+    /* Total length of the parameters including the length prefix */
+    param_len = 0;
+
+    alg_a = s->s3->tmp.new_cipher->algorithm_auth;
+
+    al = SSL_AD_DECODE_ERROR;
+
+#ifndef OPENSSL_NO_PSK
+    if (alg_k & SSL_kPSK) {
+        param_len = 2;
+        if (param_len > n) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
+            goto f_err;
+        }
+        n2s(p, i);
+
+        /*
+         * Store PSK identity hint for later use, hint is used in
+         * ssl3_send_client_key_exchange.  Assume that the maximum length of
+         * a PSK identity hint can be as long as the maximum length of a PSK
+         * identity.
+         */
+        if (i > PSK_MAX_IDENTITY_LEN) {
+            al = SSL_AD_HANDSHAKE_FAILURE;
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_DATA_LENGTH_TOO_LONG);
+            goto f_err;
+        }
+        if (i > n - param_len) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+                   SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH);
+            goto f_err;
+        }
+        param_len += i;
+
+        s->session->psk_identity_hint = BUF_strndup((char *)p, i);
+        if (s->session->psk_identity_hint == NULL) {
+            al = SSL_AD_HANDSHAKE_FAILURE;
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+            goto f_err;
+        }
+
+        p += i;
+        n -= param_len;
+    } else
+#endif                          /* !OPENSSL_NO_PSK */
+#ifndef OPENSSL_NO_SRP
+    if (alg_k & SSL_kSRP) {
+        param_len = 2;
+        if (param_len > n) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
+            goto f_err;
+        }
+        n2s(p, i);
+
+        if (i > n - param_len) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_N_LENGTH);
+            goto f_err;
+        }
+        param_len += i;
+
+        if (!(s->srp_ctx.N = BN_bin2bn(p, i, NULL))) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
+            goto err;
+        }
+        p += i;
+
+        if (2 > n - param_len) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
+            goto f_err;
+        }
+        param_len += 2;
+
+        n2s(p, i);
+
+        if (i > n - param_len) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_G_LENGTH);
+            goto f_err;
+        }
+        param_len += i;
+
+        if (!(s->srp_ctx.g = BN_bin2bn(p, i, NULL))) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
+            goto err;
+        }
+        p += i;
+
+        if (1 > n - param_len) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
+            goto f_err;
+        }
+        param_len += 1;
+
+        i = (unsigned int)(p[0]);
+        p++;
+
+        if (i > n - param_len) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_S_LENGTH);
+            goto f_err;
+        }
+        param_len += i;
+
+        if (!(s->srp_ctx.s = BN_bin2bn(p, i, NULL))) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
+            goto err;
+        }
+        p += i;
+
+        if (2 > n - param_len) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
+            goto f_err;
+        }
+        param_len += 2;
+
+        n2s(p, i);
+
+        if (i > n - param_len) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_B_LENGTH);
+            goto f_err;
+        }
+        param_len += i;
+
+        if (!(s->srp_ctx.B = BN_bin2bn(p, i, NULL))) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
+            goto err;
+        }
+        p += i;
+        n -= param_len;
+
+        if (!srp_verify_server_param(s, &al)) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SRP_PARAMETERS);
+            goto f_err;
+        }
+
+/* We must check if there is a certificate */
+# ifndef OPENSSL_NO_RSA
+        if (alg_a & SSL_aRSA)
+            pkey =
+                X509_get_pubkey(s->session->
+                                sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
+# else
+        if (0) ;
+# endif
+# ifndef OPENSSL_NO_DSA
+        else if (alg_a & SSL_aDSS)
+            pkey =
+                X509_get_pubkey(s->session->
+                                sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].
+                                x509);
+# endif
+    } else
+#endif                          /* !OPENSSL_NO_SRP */
+#ifndef OPENSSL_NO_RSA
+    if (alg_k & SSL_kRSA) {
+        /* Temporary RSA keys only allowed in export ciphersuites */
+        if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)) {
+            al = SSL_AD_UNEXPECTED_MESSAGE;
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
+            goto f_err;
+        }
+        if ((rsa = RSA_new()) == NULL) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        param_len = 2;
+        if (param_len > n) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
+            goto f_err;
+        }
+        n2s(p, i);
+
+        if (i > n - param_len) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_RSA_MODULUS_LENGTH);
+            goto f_err;
+        }
+        param_len += i;
+
+        if (!(rsa->n = BN_bin2bn(p, i, rsa->n))) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
+            goto err;
+        }
+        p += i;
+
+        if (2 > n - param_len) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
+            goto f_err;
+        }
+        param_len += 2;
+
+        n2s(p, i);
+
+        if (i > n - param_len) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_RSA_E_LENGTH);
+            goto f_err;
+        }
+        param_len += i;
+
+        if (!(rsa->e = BN_bin2bn(p, i, rsa->e))) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
+            goto err;
+        }
+        p += i;
+        n -= param_len;
+
+        /* this should be because we are using an export cipher */
+        if (alg_a & SSL_aRSA)
+            pkey =
+                X509_get_pubkey(s->session->
+                                sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
+        else {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        if (EVP_PKEY_bits(pkey) <= SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
+            al = SSL_AD_UNEXPECTED_MESSAGE;
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
+            goto f_err;
+        }
+
+        s->session->sess_cert->peer_rsa_tmp = rsa;
+        rsa = NULL;
+    }
+#else                           /* OPENSSL_NO_RSA */
+    if (0) ;
+#endif
+#ifndef OPENSSL_NO_DH
+    else if (alg_k & SSL_kEDH) {
+        if ((dh = DH_new()) == NULL) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_DH_LIB);
+            goto err;
+        }
+
+        param_len = 2;
+        if (param_len > n) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
+            goto f_err;
+        }
+        n2s(p, i);
+
+        if (i > n - param_len) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_P_LENGTH);
+            goto f_err;
+        }
+        param_len += i;
+
+        if (!(dh->p = BN_bin2bn(p, i, NULL))) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
+            goto err;
+        }
+        p += i;
+
+        if (BN_is_zero(dh->p)) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_P_VALUE);
+            goto f_err;
+        }
+
+
+        if (2 > n - param_len) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
+            goto f_err;
+        }
+        param_len += 2;
+
+        n2s(p, i);
+
+        if (i > n - param_len) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_G_LENGTH);
+            goto f_err;
+        }
+        param_len += i;
+
+        if (!(dh->g = BN_bin2bn(p, i, NULL))) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
+            goto err;
+        }
+        p += i;
+
+        if (BN_is_zero(dh->g)) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_G_VALUE);
+            goto f_err;
+        }
+
+        if (2 > n - param_len) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
+            goto f_err;
+        }
+        param_len += 2;
+
+        n2s(p, i);
+
+        if (i > n - param_len) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_PUB_KEY_LENGTH);
+            goto f_err;
+        }
+        param_len += i;
+
+        if (!(dh->pub_key = BN_bin2bn(p, i, NULL))) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
+            goto err;
+        }
+        p += i;
+        n -= param_len;
+
+        if (BN_is_zero(dh->pub_key)) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_PUB_KEY_VALUE);
+            goto f_err;
+        }
+
+# ifndef OPENSSL_NO_RSA
+        if (alg_a & SSL_aRSA)
+            pkey =
+                X509_get_pubkey(s->session->
+                                sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
+# else
+        if (0) ;
+# endif
+# ifndef OPENSSL_NO_DSA
+        else if (alg_a & SSL_aDSS)
+            pkey =
+                X509_get_pubkey(s->session->
+                                sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].
+                                x509);
+# endif
+        /* else anonymous DH, so no certificate or pkey. */
+
+        s->session->sess_cert->peer_dh_tmp = dh;
+        dh = NULL;
+    } else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd)) {
+        al = SSL_AD_ILLEGAL_PARAMETER;
+        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+               SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
+        goto f_err;
+    }
+#endif                          /* !OPENSSL_NO_DH */
+
+#ifndef OPENSSL_NO_ECDH
+    else if (alg_k & SSL_kEECDH) {
+        EC_GROUP *ngroup;
+        const EC_GROUP *group;
+
+        if ((ecdh = EC_KEY_new()) == NULL) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        /*
+         * Extract elliptic curve parameters and the server's ephemeral ECDH
+         * public key. Keep accumulating lengths of various components in
+         * param_len and make sure it never exceeds n.
+         */
+
+        /*
+         * XXX: For now we only support named (not generic) curves and the
+         * ECParameters in this case is just three bytes. We also need one
+         * byte for the length of the encoded point
+         */
+        param_len = 4;
+        if (param_len > n) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
+            goto f_err;
+        }
+
+        if ((*p != NAMED_CURVE_TYPE) ||
+            ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0)) {
+            al = SSL_AD_INTERNAL_ERROR;
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+                   SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
+            goto f_err;
+        }
+
+        ngroup = EC_GROUP_new_by_curve_name(curve_nid);
+        if (ngroup == NULL) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_EC_LIB);
+            goto err;
+        }
+        if (EC_KEY_set_group(ecdh, ngroup) == 0) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_EC_LIB);
+            goto err;
+        }
+        EC_GROUP_free(ngroup);
+
+        group = EC_KEY_get0_group(ecdh);
+
+        if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
+            (EC_GROUP_get_degree(group) > 163)) {
+            al = SSL_AD_EXPORT_RESTRICTION;
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+                   SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
+            goto f_err;
+        }
+
+        p += 3;
+
+        /* Next, get the encoded ECPoint */
+        if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) ||
+            ((bn_ctx = BN_CTX_new()) == NULL)) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        encoded_pt_len = *p;    /* length of encoded point */
+        p += 1;
+
+        if ((encoded_pt_len > n - param_len) ||
+            (EC_POINT_oct2point(group, srvr_ecpoint,
+                                p, encoded_pt_len, bn_ctx) == 0)) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_ECPOINT);
+            goto f_err;
+        }
+        param_len += encoded_pt_len;
+
+        n -= param_len;
+        p += encoded_pt_len;
+
+        /*
+         * The ECC/TLS specification does not mention the use of DSA to sign
+         * ECParameters in the server key exchange message. We do support RSA
+         * and ECDSA.
+         */
+        if (0) ;
+# ifndef OPENSSL_NO_RSA
+        else if (alg_a & SSL_aRSA)
+            pkey =
+                X509_get_pubkey(s->session->
+                                sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
+# endif
+# ifndef OPENSSL_NO_ECDSA
+        else if (alg_a & SSL_aECDSA)
+            pkey =
+                X509_get_pubkey(s->session->
+                                sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
+# endif
+        /* else anonymous ECDH, so no certificate or pkey. */
+        EC_KEY_set_public_key(ecdh, srvr_ecpoint);
+        s->session->sess_cert->peer_ecdh_tmp = ecdh;
+        ecdh = NULL;
+        BN_CTX_free(bn_ctx);
+        bn_ctx = NULL;
+        EC_POINT_free(srvr_ecpoint);
+        srvr_ecpoint = NULL;
+    } else if (alg_k) {
+        al = SSL_AD_UNEXPECTED_MESSAGE;
+        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
+        goto f_err;
+    }
+#endif                          /* !OPENSSL_NO_ECDH */
+
+    /* p points to the next byte, there are 'n' bytes left */
+
+    /* if it was signed, check the signature */
+    if (pkey != NULL) {
+        if (TLS1_get_version(s) >= TLS1_2_VERSION) {
+            int sigalg;
+            if (2 > n) {
+                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
+                goto f_err;
+            }
+
+            sigalg = tls12_get_sigid(pkey);
+            /* Should never happen */
+            if (sigalg == -1) {
+                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            /* Check key type is consistent with signature */
+            if (sigalg != (int)p[1]) {
+                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+                       SSL_R_WRONG_SIGNATURE_TYPE);
+                al = SSL_AD_DECODE_ERROR;
+                goto f_err;
+            }
+            md = tls12_get_hash(p[0]);
+            if (md == NULL) {
+                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNKNOWN_DIGEST);
+                goto f_err;
+            }
+#ifdef SSL_DEBUG
+            fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
+#endif
+            p += 2;
+            n -= 2;
+        } else
+            md = EVP_sha1();
+
+        if (2 > n) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
+            goto f_err;
+        }
+        n2s(p, i);
+        n -= 2;
+        j = EVP_PKEY_size(pkey);
+
+        /*
+         * Check signature length. If n is 0 then signature is empty
+         */
+        if ((i != n) || (n > j) || (n <= 0)) {
+            /* wrong packet length */
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_WRONG_SIGNATURE_LENGTH);
+            goto f_err;
+        }
+#ifndef OPENSSL_NO_RSA
+        if (pkey->type == EVP_PKEY_RSA
+            && TLS1_get_version(s) < TLS1_2_VERSION) {
+            int num;
+            unsigned int size;
+
+            j = 0;
+            q = md_buf;
+            for (num = 2; num > 0; num--) {
+                EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+                if (EVP_DigestInit_ex(&md_ctx,
+                                      (num == 2) ? s->ctx->md5 : s->ctx->sha1,
+                                      NULL) <= 0
+                        || EVP_DigestUpdate(&md_ctx, &(s->s3->client_random[0]),
+                                            SSL3_RANDOM_SIZE) <= 0
+                        || EVP_DigestUpdate(&md_ctx, &(s->s3->server_random[0]),
+                                            SSL3_RANDOM_SIZE) <= 0
+                        || EVP_DigestUpdate(&md_ctx, param, param_len) <= 0
+                        || EVP_DigestFinal_ex(&md_ctx, q, &size) <= 0) {
+                    SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+                           ERR_R_INTERNAL_ERROR);
+                    al = SSL_AD_INTERNAL_ERROR;
+                    goto f_err;
+                }
+                q += size;
+                j += size;
+            }
+            i = RSA_verify(NID_md5_sha1, md_buf, j, p, n, pkey->pkey.rsa);
+            if (i < 0) {
+                al = SSL_AD_DECRYPT_ERROR;
+                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_RSA_DECRYPT);
+                goto f_err;
+            }
+            if (i == 0) {
+                /* bad signature */
+                al = SSL_AD_DECRYPT_ERROR;
+                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SIGNATURE);
+                goto f_err;
+            }
+        } else
+#endif
+        {
+            if (EVP_VerifyInit_ex(&md_ctx, md, NULL) <= 0
+                    || EVP_VerifyUpdate(&md_ctx, &(s->s3->client_random[0]),
+                                        SSL3_RANDOM_SIZE) <= 0
+                    || EVP_VerifyUpdate(&md_ctx, &(s->s3->server_random[0]),
+                                        SSL3_RANDOM_SIZE) <= 0
+                    || EVP_VerifyUpdate(&md_ctx, param, param_len) <= 0) {
+                al = SSL_AD_INTERNAL_ERROR;
+                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_EVP_LIB);
+                goto f_err;
+            }
+            if (EVP_VerifyFinal(&md_ctx, p, (int)n, pkey) <= 0) {
+                /* bad signature */
+                al = SSL_AD_DECRYPT_ERROR;
+                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SIGNATURE);
+                goto f_err;
+            }
+        }
+    } else {
+        /* aNULL, aSRP or kPSK do not need public keys */
+        if (!(alg_a & (SSL_aNULL | SSL_aSRP)) && !(alg_k & SSL_kPSK)) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        /* still data left over */
+        if (n != 0) {
+            SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_EXTRA_DATA_IN_MESSAGE);
+            goto f_err;
+        }
+    }
+    EVP_PKEY_free(pkey);
+    EVP_MD_CTX_cleanup(&md_ctx);
+    return (1);
+ f_err:
+    ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ err:
+    EVP_PKEY_free(pkey);
+#ifndef OPENSSL_NO_RSA
+    if (rsa != NULL)
+        RSA_free(rsa);
+#endif
+#ifndef OPENSSL_NO_DH
+    if (dh != NULL)
+        DH_free(dh);
+#endif
+#ifndef OPENSSL_NO_ECDH
+    BN_CTX_free(bn_ctx);
+    EC_POINT_free(srvr_ecpoint);
+    if (ecdh != NULL)
+        EC_KEY_free(ecdh);
+#endif
+    EVP_MD_CTX_cleanup(&md_ctx);
+    s->state = SSL_ST_ERR;
+    return (-1);
+}
+
+int ssl3_get_certificate_request(SSL *s)
+{
+    int ok, ret = 0;
+    unsigned long n, nc, l;
+    unsigned int llen, ctype_num, i;
+    X509_NAME *xn = NULL;
+    const unsigned char *p, *q;
+    unsigned char *d;
+    STACK_OF(X509_NAME) *ca_sk = NULL;
+
+    n = s->method->ssl_get_message(s,
+                                   SSL3_ST_CR_CERT_REQ_A,
+                                   SSL3_ST_CR_CERT_REQ_B,
+                                   -1, s->max_cert_list, &ok);
+
+    if (!ok)
+        return ((int)n);
+
+    s->s3->tmp.cert_req = 0;
+
+    if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE) {
+        s->s3->tmp.reuse_message = 1;
+        /*
+         * If we get here we don't need any cached handshake records as we
+         * wont be doing client auth.
+         */
+        if (s->s3->handshake_buffer) {
+            if (!ssl3_digest_cached_records(s))
+                goto err;
+        }
+        return (1);
+    }
+
+    if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) {
+        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+        SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_WRONG_MESSAGE_TYPE);
+        goto err;
+    }
+
+    /* TLS does not like anon-DH with client cert */
+    if (s->version > SSL3_VERSION) {
+        if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) {
+            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+            SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
+                   SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
+            goto err;
+        }
+    }
+
+    p = d = (unsigned char *)s->init_msg;
+
+    if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) {
+        SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* get the certificate types */
+    ctype_num = *(p++);
+    if (ctype_num > SSL3_CT_NUMBER)
+        ctype_num = SSL3_CT_NUMBER;
+    for (i = 0; i < ctype_num; i++)
+        s->s3->tmp.ctype[i] = p[i];
+    p += ctype_num;
+    if (TLS1_get_version(s) >= TLS1_2_VERSION) {
+        n2s(p, llen);
+        /*
+         * Check we have enough room for signature algorithms and following
+         * length value.
+         */
+        if ((unsigned long)(p - d + llen + 2) > n) {
+            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+            SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
+                   SSL_R_DATA_LENGTH_TOO_LONG);
+            goto err;
+        }
+        if ((llen & 1) || !tls1_process_sigalgs(s, p, llen)) {
+            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+            SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
+                   SSL_R_SIGNATURE_ALGORITHMS_ERROR);
+            goto err;
+        }
+        p += llen;
+    }
+
+    /* get the CA RDNs */
+    n2s(p, llen);
+#if 0
+    {
+        FILE *out;
+        out = fopen("/tmp/vsign.der", "w");
+        fwrite(p, 1, llen, out);
+        fclose(out);
+    }
+#endif
+
+    if ((unsigned long)(p - d + llen) != n) {
+        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+        SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+
+    for (nc = 0; nc < llen;) {
+        if (nc + 2 > llen) {
+            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+            SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_CA_DN_TOO_LONG);
+            goto err;
+        }
+        n2s(p, l);
+        if ((l + nc + 2) > llen) {
+            if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
+                goto cont;      /* netscape bugs */
+            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+            SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_CA_DN_TOO_LONG);
+            goto err;
+        }
+
+        q = p;
+
+        if ((xn = d2i_X509_NAME(NULL, &q, l)) == NULL) {
+            /* If netscape tolerance is on, ignore errors */
+            if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG)
+                goto cont;
+            else {
+                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+                SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_ASN1_LIB);
+                goto err;
+            }
+        }
+
+        if (q != (p + l)) {
+            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+            SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
+                   SSL_R_CA_DN_LENGTH_MISMATCH);
+            goto err;
+        }
+        if (!sk_X509_NAME_push(ca_sk, xn)) {
+            SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        xn = NULL;
+
+        p += l;
+        nc += l + 2;
+    }
+
+    if (0) {
+ cont:
+        ERR_clear_error();
+    }
+
+    /* we should setup a certificate to return.... */
+    s->s3->tmp.cert_req = 1;
+    s->s3->tmp.ctype_num = ctype_num;
+    if (s->s3->tmp.ca_names != NULL)
+        sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
+    s->s3->tmp.ca_names = ca_sk;
+    ca_sk = NULL;
+
+    ret = 1;
+    goto done;
+ err:
+    s->state = SSL_ST_ERR;
+ done:
+    X509_NAME_free(xn);
+    if (ca_sk != NULL)
+        sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
+    return (ret);
+}
+
+static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
+{
+    return (X509_NAME_cmp(*a, *b));
+}
+
+#ifndef OPENSSL_NO_TLSEXT
+int ssl3_get_new_session_ticket(SSL *s)
+{
+    int ok, al, ret = 0, ticklen;
+    long n;
+    const unsigned char *p;
+    unsigned char *d;
+    unsigned long ticket_lifetime_hint;
+
+    n = s->method->ssl_get_message(s,
+                                   SSL3_ST_CR_SESSION_TICKET_A,
+                                   SSL3_ST_CR_SESSION_TICKET_B,
+                                   SSL3_MT_NEWSESSION_TICKET, 16384, &ok);
+
+    if (!ok)
+        return ((int)n);
+
+    if (n < 6) {
+        /* need at least ticket_lifetime_hint + ticket length */
+        al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH);
+        goto f_err;
+    }
+
+    p = d = (unsigned char *)s->init_msg;
+
+    n2l(p, ticket_lifetime_hint);
+    n2s(p, ticklen);
+    /* ticket_lifetime_hint + ticket_length + ticket */
+    if (ticklen + 6 != n) {
+        al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH);
+        goto f_err;
+    }
+
+    /* Server is allowed to change its mind and send an empty ticket. */
+    if (ticklen == 0)
+        return 1;
+
+    if (s->session->session_id_length > 0) {
+        int i = s->session_ctx->session_cache_mode;
+        SSL_SESSION *new_sess;
+        /*
+         * We reused an existing session, so we need to replace it with a new
+         * one
+         */
+        if (i & SSL_SESS_CACHE_CLIENT) {
+            /*
+             * Remove the old session from the cache
+             */
+            if (i & SSL_SESS_CACHE_NO_INTERNAL_STORE) {
+                if (s->session_ctx->remove_session_cb != NULL)
+                    s->session_ctx->remove_session_cb(s->session_ctx,
+                                                      s->session);
+            } else {
+                /* We carry on if this fails */
+                SSL_CTX_remove_session(s->session_ctx, s->session);
+            }
+        }
+
+        if ((new_sess = ssl_session_dup(s->session, 0)) == 0) {
+            al = SSL_AD_INTERNAL_ERROR;
+            SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
+            goto f_err;
+        }
+
+        SSL_SESSION_free(s->session);
+        s->session = new_sess;
+    }
+
+    if (s->session->tlsext_tick) {
+        OPENSSL_free(s->session->tlsext_tick);
+        s->session->tlsext_ticklen = 0;
+    }
+    s->session->tlsext_tick = OPENSSL_malloc(ticklen);
+    if (!s->session->tlsext_tick) {
+        SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    memcpy(s->session->tlsext_tick, p, ticklen);
+    s->session->tlsext_tick_lifetime_hint = ticket_lifetime_hint;
+    s->session->tlsext_ticklen = ticklen;
+    /*
+     * There are two ways to detect a resumed ticket session. One is to set
+     * an appropriate session ID and then the server must return a match in
+     * ServerHello. This allows the normal client session ID matching to work
+     * and we know much earlier that the ticket has been accepted. The
+     * other way is to set zero length session ID when the ticket is
+     * presented and rely on the handshake to determine session resumption.
+     * We choose the former approach because this fits in with assumptions
+     * elsewhere in OpenSSL. The session ID is set to the SHA256 (or SHA1 is
+     * SHA256 is disabled) hash of the ticket.
+     */
+    EVP_Digest(p, ticklen,
+               s->session->session_id, &s->session->session_id_length,
+# ifndef OPENSSL_NO_SHA256
+               EVP_sha256(), NULL);
+# else
+               EVP_sha1(), NULL);
+# endif
+    ret = 1;
+    return (ret);
+ f_err:
+    ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ err:
+    s->state = SSL_ST_ERR;
+    return (-1);
+}
+
+int ssl3_get_cert_status(SSL *s)
+{
+    int ok, al;
+    unsigned long resplen, n;
+    const unsigned char *p;
+
+    n = s->method->ssl_get_message(s,
+                                   SSL3_ST_CR_CERT_STATUS_A,
+                                   SSL3_ST_CR_CERT_STATUS_B,
+                                   -1, 16384, &ok);
+
+    if (!ok)
+        return ((int)n);
+
+    if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_STATUS) {
+        /*
+         * The CertificateStatus message is optional even if
+         * tlsext_status_expected is set
+         */
+        s->s3->tmp.reuse_message = 1;
+    } else {
+        if (n < 4) {
+            /* need at least status type + length */
+            al = SSL_AD_DECODE_ERROR;
+            SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_LENGTH_MISMATCH);
+            goto f_err;
+        }
+        p = (unsigned char *)s->init_msg;
+        if (*p++ != TLSEXT_STATUSTYPE_ocsp) {
+            al = SSL_AD_DECODE_ERROR;
+            SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_UNSUPPORTED_STATUS_TYPE);
+            goto f_err;
+        }
+        n2l3(p, resplen);
+        if (resplen + 4 != n) {
+            al = SSL_AD_DECODE_ERROR;
+            SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_LENGTH_MISMATCH);
+            goto f_err;
+        }
+        s->tlsext_ocsp_resp = BUF_memdup(p, resplen);
+        if (s->tlsext_ocsp_resp == NULL) {
+            al = SSL_AD_INTERNAL_ERROR;
+            SSLerr(SSL_F_SSL3_GET_CERT_STATUS, ERR_R_MALLOC_FAILURE);
+            goto f_err;
+        }
+        s->tlsext_ocsp_resplen = resplen;
+    }
+    if (s->ctx->tlsext_status_cb) {
+        int ret;
+        ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
+        if (ret == 0) {
+            al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
+            SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_INVALID_STATUS_RESPONSE);
+            goto f_err;
+        }
+        if (ret < 0) {
+            al = SSL_AD_INTERNAL_ERROR;
+            SSLerr(SSL_F_SSL3_GET_CERT_STATUS, ERR_R_MALLOC_FAILURE);
+            goto f_err;
+        }
+    }
+    return 1;
+ f_err:
+    ssl3_send_alert(s, SSL3_AL_FATAL, al);
+    s->state = SSL_ST_ERR;
+    return (-1);
+}
+#endif
+
+int ssl3_get_server_done(SSL *s)
+{
+    int ok, ret = 0;
+    long n;
+
+    /* Second to last param should be very small, like 0 :-) */
+    n = s->method->ssl_get_message(s,
+                                   SSL3_ST_CR_SRVR_DONE_A,
+                                   SSL3_ST_CR_SRVR_DONE_B,
+                                   SSL3_MT_SERVER_DONE, 30, &ok);
+
+    if (!ok)
+        return ((int)n);
+    if (n > 0) {
+        /* should contain no data */
+        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+        SSLerr(SSL_F_SSL3_GET_SERVER_DONE, SSL_R_LENGTH_MISMATCH);
+        s->state = SSL_ST_ERR;
+        return -1;
+    }
+    ret = 1;
+    return (ret);
+}
+
+int ssl3_send_client_key_exchange(SSL *s)
+{
+    unsigned char *p, *d;
+    int n;
+    unsigned long alg_k;
+#ifndef OPENSSL_NO_RSA
+    unsigned char *q;
+    EVP_PKEY *pkey = NULL;
+#endif
+#ifndef OPENSSL_NO_KRB5
+    KSSL_ERR kssl_err;
+#endif                          /* OPENSSL_NO_KRB5 */
+#ifndef OPENSSL_NO_ECDH
+    EC_KEY *clnt_ecdh = NULL;
+    const EC_POINT *srvr_ecpoint = NULL;
+    EVP_PKEY *srvr_pub_pkey = NULL;
+    unsigned char *encodedPoint = NULL;
+    int encoded_pt_len = 0;
+    BN_CTX *bn_ctx = NULL;
+#endif
+
+    if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
+        d = (unsigned char *)s->init_buf->data;
+        p = &(d[4]);
+
+        alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+
+        /* Fool emacs indentation */
+        if (0) {
+        }
+#ifndef OPENSSL_NO_RSA
+        else if (alg_k & SSL_kRSA) {
+            RSA *rsa;
+            unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
+
+            if (s->session->sess_cert == NULL) {
+                /*
+                 * We should always have a server certificate with SSL_kRSA.
+                 */
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                       ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+
+            if (s->session->sess_cert->peer_rsa_tmp != NULL)
+                rsa = s->session->sess_cert->peer_rsa_tmp;
+            else {
+                pkey =
+                    X509_get_pubkey(s->session->
+                                    sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].
+                                    x509);
+                if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA)
+                    || (pkey->pkey.rsa == NULL)) {
+                    SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                           ERR_R_INTERNAL_ERROR);
+                    EVP_PKEY_free(pkey);
+                    goto err;
+                }
+                rsa = pkey->pkey.rsa;
+                EVP_PKEY_free(pkey);
+            }
+
+            tmp_buf[0] = s->client_version >> 8;
+            tmp_buf[1] = s->client_version & 0xff;
+            if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0)
+                goto err;
+
+            s->session->master_key_length = sizeof tmp_buf;
+
+            q = p;
+            /* Fix buf for TLS and beyond */
+            if (s->version > SSL3_VERSION)
+                p += 2;
+            n = RSA_public_encrypt(sizeof tmp_buf,
+                                   tmp_buf, p, rsa, RSA_PKCS1_PADDING);
+# ifdef PKCS1_CHECK
+            if (s->options & SSL_OP_PKCS1_CHECK_1)
+                p[1]++;
+            if (s->options & SSL_OP_PKCS1_CHECK_2)
+                tmp_buf[0] = 0x70;
+# endif
+            if (n <= 0) {
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                       SSL_R_BAD_RSA_ENCRYPT);
+                goto err;
+            }
+
+            /* Fix buf for TLS and beyond */
+            if (s->version > SSL3_VERSION) {
+                s2n(n, q);
+                n += 2;
+            }
+
+            s->session->master_key_length =
+                s->method->ssl3_enc->generate_master_secret(s,
+                                                            s->
+                                                            session->master_key,
+                                                            tmp_buf,
+                                                            sizeof tmp_buf);
+            OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
+        }
+#endif
+#ifndef OPENSSL_NO_KRB5
+        else if (alg_k & SSL_kKRB5) {
+            krb5_error_code krb5rc;
+            KSSL_CTX *kssl_ctx = s->kssl_ctx;
+            /*  krb5_data   krb5_ap_req;  */
+            krb5_data *enc_ticket;
+            krb5_data authenticator, *authp = NULL;
+            EVP_CIPHER_CTX ciph_ctx;
+            const EVP_CIPHER *enc = NULL;
+            unsigned char iv[EVP_MAX_IV_LENGTH];
+            unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
+            unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH + EVP_MAX_IV_LENGTH];
+            int padl, outl = sizeof(epms);
+
+            EVP_CIPHER_CTX_init(&ciph_ctx);
+
+# ifdef KSSL_DEBUG
+            fprintf(stderr, "ssl3_send_client_key_exchange(%lx & %lx)\n",
+                    alg_k, SSL_kKRB5);
+# endif                         /* KSSL_DEBUG */
+
+            authp = NULL;
+# ifdef KRB5SENDAUTH
+            if (KRB5SENDAUTH)
+                authp = &authenticator;
+# endif                         /* KRB5SENDAUTH */
+
+            krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, &kssl_err);
+            enc = kssl_map_enc(kssl_ctx->enctype);
+            if (enc == NULL)
+                goto err;
+# ifdef KSSL_DEBUG
+            {
+                fprintf(stderr, "kssl_cget_tkt rtn %d\n", krb5rc);
+                if (krb5rc && kssl_err.text)
+                    fprintf(stderr, "kssl_cget_tkt kssl_err=%s\n",
+                            kssl_err.text);
+            }
+# endif                         /* KSSL_DEBUG */
+
+            if (krb5rc) {
+                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, kssl_err.reason);
+                goto err;
+            }
+
+            /*-
+             * 20010406 VRS - Earlier versions used KRB5 AP_REQ
+             * in place of RFC 2712 KerberosWrapper, as in:
+             *
+             * Send ticket (copy to *p, set n = length)
+             * n = krb5_ap_req.length;
+             * memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
+             * if (krb5_ap_req.data)
+             *   kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
+             *
+             * Now using real RFC 2712 KerberosWrapper
+             * (Thanks to Simon Wilkinson <sxw at sxw.org.uk>)
+             * Note: 2712 "opaque" types are here replaced
+             * with a 2-byte length followed by the value.
+             * Example:
+             * KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms
+             * Where "xx xx" = length bytes.  Shown here with
+             * optional authenticator omitted.
+             */
+
+            /*  KerberosWrapper.Ticket              */
+            s2n(enc_ticket->length, p);
+            memcpy(p, enc_ticket->data, enc_ticket->length);
+            p += enc_ticket->length;
+            n = enc_ticket->length + 2;
+
+            /*  KerberosWrapper.Authenticator       */
+            if (authp && authp->length) {
+                s2n(authp->length, p);
+                memcpy(p, authp->data, authp->length);
+                p += authp->length;
+                n += authp->length + 2;
+
+                free(authp->data);
+                authp->data = NULL;
+                authp->length = 0;
+            } else {
+                s2n(0, p);      /* null authenticator length */
+                n += 2;
+            }
+
+            tmp_buf[0] = s->client_version >> 8;
+            tmp_buf[1] = s->client_version & 0xff;
+            if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0)
+                goto err;
+
+            /*-
+             * 20010420 VRS.  Tried it this way; failed.
+             *      EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
+             *      EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
+             *                              kssl_ctx->length);
+             *      EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
+             */
+
+            memset(iv, 0, sizeof iv); /* per RFC 1510 */
+            EVP_EncryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv);
+            EVP_EncryptUpdate(&ciph_ctx, epms, &outl, tmp_buf,
+                              sizeof tmp_buf);
+            EVP_EncryptFinal_ex(&ciph_ctx, &(epms[outl]), &padl);
+            outl += padl;
+            if (outl > (int)sizeof epms) {
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                       ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            EVP_CIPHER_CTX_cleanup(&ciph_ctx);
+
+            /*  KerberosWrapper.EncryptedPreMasterSecret    */
+            s2n(outl, p);
+            memcpy(p, epms, outl);
+            p += outl;
+            n += outl + 2;
+
+            s->session->master_key_length =
+                s->method->ssl3_enc->generate_master_secret(s,
+                                                            s->
+                                                            session->master_key,
+                                                            tmp_buf,
+                                                            sizeof tmp_buf);
+
+            OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
+            OPENSSL_cleanse(epms, outl);
+        }
+#endif
+#ifndef OPENSSL_NO_DH
+        else if (alg_k & (SSL_kEDH | SSL_kDHr | SSL_kDHd)) {
+            DH *dh_srvr, *dh_clnt;
+
+            if (s->session->sess_cert == NULL) {
+                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                       SSL_R_UNEXPECTED_MESSAGE);
+                goto err;
+            }
+
+            if (s->session->sess_cert->peer_dh_tmp != NULL)
+                dh_srvr = s->session->sess_cert->peer_dh_tmp;
+            else {
+                /* we get them from the cert */
+                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                       SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
+                goto err;
+            }
+
+            /* generate a new random key */
+            if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) {
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
+                goto err;
+            }
+            if (!DH_generate_key(dh_clnt)) {
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
+                DH_free(dh_clnt);
+                goto err;
+            }
+
+            /*
+             * use the 'p' output buffer for the DH key, but make sure to
+             * clear it out afterwards
+             */
+
+            n = DH_compute_key(p, dh_srvr->pub_key, dh_clnt);
+
+            if (n <= 0) {
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
+                DH_free(dh_clnt);
+                goto err;
+            }
+
+            /* generate master key from the result */
+            s->session->master_key_length =
+                s->method->ssl3_enc->generate_master_secret(s,
+                                                            s->
+                                                            session->master_key,
+                                                            p, n);
+            /* clean up */
+            memset(p, 0, n);
+
+            /* send off the data */
+            n = BN_num_bytes(dh_clnt->pub_key);
+            s2n(n, p);
+            BN_bn2bin(dh_clnt->pub_key, p);
+            n += 2;
+
+            DH_free(dh_clnt);
+        }
+#endif
+
+#ifndef OPENSSL_NO_ECDH
+        else if (alg_k & (SSL_kEECDH | SSL_kECDHr | SSL_kECDHe)) {
+            const EC_GROUP *srvr_group = NULL;
+            EC_KEY *tkey;
+            int ecdh_clnt_cert = 0;
+            int field_size = 0;
+
+            if (s->session->sess_cert == NULL) {
+                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                       SSL_R_UNEXPECTED_MESSAGE);
+                goto err;
+            }
+
+            /*
+             * Did we send out the client's ECDH share for use in premaster
+             * computation as part of client certificate? If so, set
+             * ecdh_clnt_cert to 1.
+             */
+            if ((alg_k & (SSL_kECDHr | SSL_kECDHe)) && (s->cert != NULL)) {
+                /*-
+                 * XXX: For now, we do not support client
+                 * authentication using ECDH certificates.
+                 * To add such support, one needs to add
+                 * code that checks for appropriate
+                 * conditions and sets ecdh_clnt_cert to 1.
+                 * For example, the cert have an ECC
+                 * key on the same curve as the server's
+                 * and the key should be authorized for
+                 * key agreement.
+                 *
+                 * One also needs to add code in ssl3_connect
+                 * to skip sending the certificate verify
+                 * message.
+                 *
+                 * if ((s->cert->key->privatekey != NULL) &&
+                 *     (s->cert->key->privatekey->type ==
+                 *      EVP_PKEY_EC) && ...)
+                 * ecdh_clnt_cert = 1;
+                 */
+            }
+
+            if (s->session->sess_cert->peer_ecdh_tmp != NULL) {
+                tkey = s->session->sess_cert->peer_ecdh_tmp;
+            } else {
+                /* Get the Server Public Key from Cert */
+                srvr_pub_pkey =
+                    X509_get_pubkey(s->session->
+                                    sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
+                if ((srvr_pub_pkey == NULL)
+                    || (srvr_pub_pkey->type != EVP_PKEY_EC)
+                    || (srvr_pub_pkey->pkey.ec == NULL)) {
+                    SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                           ERR_R_INTERNAL_ERROR);
+                    goto err;
+                }
+
+                tkey = srvr_pub_pkey->pkey.ec;
+            }
+
+            srvr_group = EC_KEY_get0_group(tkey);
+            srvr_ecpoint = EC_KEY_get0_public_key(tkey);
+
+            if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) {
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                       ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+
+            if ((clnt_ecdh = EC_KEY_new()) == NULL) {
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                       ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+
+            if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) {
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
+                goto err;
+            }
+            if (ecdh_clnt_cert) {
+                /*
+                 * Reuse key info from our certificate We only need our
+                 * private key to perform the ECDH computation.
+                 */
+                const BIGNUM *priv_key;
+                tkey = s->cert->key->privatekey->pkey.ec;
+                priv_key = EC_KEY_get0_private_key(tkey);
+                if (priv_key == NULL) {
+                    SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                           ERR_R_MALLOC_FAILURE);
+                    goto err;
+                }
+                if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) {
+                    SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
+                    goto err;
+                }
+            } else {
+                /* Generate a new ECDH key pair */
+                if (!(EC_KEY_generate_key(clnt_ecdh))) {
+                    SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                           ERR_R_ECDH_LIB);
+                    goto err;
+                }
+            }
+
+            /*
+             * use the 'p' output buffer for the ECDH key, but make sure to
+             * clear it out afterwards
+             */
+
+            field_size = EC_GROUP_get_degree(srvr_group);
+            if (field_size <= 0) {
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
+                goto err;
+            }
+            n = ECDH_compute_key(p, (field_size + 7) / 8, srvr_ecpoint,
+                                 clnt_ecdh, NULL);
+            if (n <= 0) {
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
+                goto err;
+            }
+
+            /* generate master key from the result */
+            s->session->master_key_length =
+                s->method->ssl3_enc->generate_master_secret(s,
+                                                            s->
+                                                            session->master_key,
+                                                            p, n);
+
+            memset(p, 0, n);    /* clean up */
+
+            if (ecdh_clnt_cert) {
+                /* Send empty client key exch message */
+                n = 0;
+            } else {
+                /*
+                 * First check the size of encoding and allocate memory
+                 * accordingly.
+                 */
+                encoded_pt_len =
+                    EC_POINT_point2oct(srvr_group,
+                                       EC_KEY_get0_public_key(clnt_ecdh),
+                                       POINT_CONVERSION_UNCOMPRESSED,
+                                       NULL, 0, NULL);
+
+                encodedPoint = (unsigned char *)
+                    OPENSSL_malloc(encoded_pt_len * sizeof(unsigned char));
+                bn_ctx = BN_CTX_new();
+                if ((encodedPoint == NULL) || (bn_ctx == NULL)) {
+                    SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                           ERR_R_MALLOC_FAILURE);
+                    goto err;
+                }
+
+                /* Encode the public key */
+                n = EC_POINT_point2oct(srvr_group,
+                                       EC_KEY_get0_public_key(clnt_ecdh),
+                                       POINT_CONVERSION_UNCOMPRESSED,
+                                       encodedPoint, encoded_pt_len, bn_ctx);
+
+                *p = n;         /* length of encoded point */
+                /* Encoded point will be copied here */
+                p += 1;
+                /* copy the point */
+                memcpy((unsigned char *)p, encodedPoint, n);
+                /* increment n to account for length field */
+                n += 1;
+            }
+
+            /* Free allocated memory */
+            BN_CTX_free(bn_ctx);
+            if (encodedPoint != NULL)
+                OPENSSL_free(encodedPoint);
+            if (clnt_ecdh != NULL)
+                EC_KEY_free(clnt_ecdh);
+            EVP_PKEY_free(srvr_pub_pkey);
+        }
+#endif                          /* !OPENSSL_NO_ECDH */
+        else if (alg_k & SSL_kGOST) {
+            /* GOST key exchange message creation */
+            EVP_PKEY_CTX *pkey_ctx;
+            X509 *peer_cert;
+            size_t msglen;
+            unsigned int md_len;
+            int keytype;
+            unsigned char premaster_secret[32], shared_ukm[32], tmp[256];
+            EVP_MD_CTX *ukm_hash;
+            EVP_PKEY *pub_key;
+
+            /*
+             * Get server sertificate PKEY and create ctx from it
+             */
+            peer_cert =
+                s->session->
+                sess_cert->peer_pkeys[(keytype = SSL_PKEY_GOST01)].x509;
+            if (!peer_cert)
+                peer_cert =
+                    s->session->
+                    sess_cert->peer_pkeys[(keytype = SSL_PKEY_GOST94)].x509;
+            if (!peer_cert) {
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                       SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
+                goto err;
+            }
+
+            pkey_ctx = EVP_PKEY_CTX_new(pub_key =
+                                        X509_get_pubkey(peer_cert), NULL);
+            if (pkey_ctx == NULL) {
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                       ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            /*
+             * If we have send a certificate, and certificate key
+             *
+             * * parameters match those of server certificate, use
+             * certificate key for key exchange
+             */
+
+            /* Otherwise, generate ephemeral key pair */
+
+            if (pkey_ctx == NULL
+                    || EVP_PKEY_encrypt_init(pkey_ctx) <= 0
+                    /* Generate session key */
+                    || RAND_bytes(premaster_secret, 32) <= 0) {
+                EVP_PKEY_CTX_free(pkey_ctx);
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                       ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            /*
+             * Compute shared IV and store it in algorithm-specific context
+             * data
+             */
+            ukm_hash = EVP_MD_CTX_create();
+            if (EVP_DigestInit(ukm_hash,
+                               EVP_get_digestbynid(NID_id_GostR3411_94)) <= 0
+                    || EVP_DigestUpdate(ukm_hash, s->s3->client_random,
+                                        SSL3_RANDOM_SIZE) <= 0
+                    || EVP_DigestUpdate(ukm_hash, s->s3->server_random,
+                                        SSL3_RANDOM_SIZE) <= 0
+                    || EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len) <= 0) {
+                EVP_MD_CTX_destroy(ukm_hash);
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                       ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            EVP_MD_CTX_destroy(ukm_hash);
+            if (EVP_PKEY_CTX_ctrl
+                (pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, EVP_PKEY_CTRL_SET_IV, 8,
+                 shared_ukm) < 0) {
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                       SSL_R_LIBRARY_BUG);
+                goto err;
+            }
+            /* Make GOST keytransport blob message */
+            /*
+             * Encapsulate it into sequence
+             */
+            *(p++) = V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED;
+            msglen = 255;
+            if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, premaster_secret, 32)
+                <= 0) {
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                       SSL_R_LIBRARY_BUG);
+                goto err;
+            }
+            if (msglen >= 0x80) {
+                *(p++) = 0x81;
+                *(p++) = msglen & 0xff;
+                n = msglen + 3;
+            } else {
+                *(p++) = msglen & 0xff;
+                n = msglen + 2;
+            }
+            memcpy(p, tmp, msglen);
+            EVP_PKEY_CTX_free(pkey_ctx);
+            s->session->master_key_length =
+                s->method->ssl3_enc->generate_master_secret(s,
+                                                            s->
+                                                            session->master_key,
+                                                            premaster_secret,
+                                                            32);
+            EVP_PKEY_free(pub_key);
+
+        }
+#ifndef OPENSSL_NO_SRP
+        else if (alg_k & SSL_kSRP) {
+            if (s->srp_ctx.A != NULL) {
+                /* send off the data */
+                n = BN_num_bytes(s->srp_ctx.A);
+                s2n(n, p);
+                BN_bn2bin(s->srp_ctx.A, p);
+                n += 2;
+            } else {
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                       ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            if (s->session->srp_username != NULL)
+                OPENSSL_free(s->session->srp_username);
+            s->session->srp_username = BUF_strdup(s->srp_ctx.login);
+            if (s->session->srp_username == NULL) {
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                       ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+
+            if ((s->session->master_key_length =
+                 SRP_generate_client_master_secret(s,
+                                                   s->session->master_key)) <
+                0) {
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                       ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+        }
+#endif
+#ifndef OPENSSL_NO_PSK
+        else if (alg_k & SSL_kPSK) {
+            /*
+             * The callback needs PSK_MAX_IDENTITY_LEN + 1 bytes to return a
+             * \0-terminated identity. The last byte is for us for simulating
+             * strnlen.
+             */
+            char identity[PSK_MAX_IDENTITY_LEN + 2];
+            size_t identity_len;
+            unsigned char *t = NULL;
+            unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN * 2 + 4];
+            unsigned int pre_ms_len = 0, psk_len = 0;
+            int psk_err = 1;
+
+            n = 0;
+            if (s->psk_client_callback == NULL) {
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                       SSL_R_PSK_NO_CLIENT_CB);
+                goto err;
+            }
+
+            memset(identity, 0, sizeof(identity));
+            psk_len = s->psk_client_callback(s, s->session->psk_identity_hint,
+                                             identity, sizeof(identity) - 1,
+                                             psk_or_pre_ms,
+                                             sizeof(psk_or_pre_ms));
+            if (psk_len > PSK_MAX_PSK_LEN) {
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                       ERR_R_INTERNAL_ERROR);
+                goto psk_err;
+            } else if (psk_len == 0) {
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                       SSL_R_PSK_IDENTITY_NOT_FOUND);
+                goto psk_err;
+            }
+            identity[PSK_MAX_IDENTITY_LEN + 1] = '\0';
+            identity_len = strlen(identity);
+            if (identity_len > PSK_MAX_IDENTITY_LEN) {
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                       ERR_R_INTERNAL_ERROR);
+                goto psk_err;
+            }
+            /* create PSK pre_master_secret */
+            pre_ms_len = 2 + psk_len + 2 + psk_len;
+            t = psk_or_pre_ms;
+            memmove(psk_or_pre_ms + psk_len + 4, psk_or_pre_ms, psk_len);
+            s2n(psk_len, t);
+            memset(t, 0, psk_len);
+            t += psk_len;
+            s2n(psk_len, t);
+
+            if (s->session->psk_identity_hint != NULL)
+                OPENSSL_free(s->session->psk_identity_hint);
+            s->session->psk_identity_hint =
+                BUF_strdup(s->ctx->psk_identity_hint);
+            if (s->ctx->psk_identity_hint != NULL
+                && s->session->psk_identity_hint == NULL) {
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                       ERR_R_MALLOC_FAILURE);
+                goto psk_err;
+            }
+
+            if (s->session->psk_identity != NULL)
+                OPENSSL_free(s->session->psk_identity);
+            s->session->psk_identity = BUF_strdup(identity);
+            if (s->session->psk_identity == NULL) {
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                       ERR_R_MALLOC_FAILURE);
+                goto psk_err;
+            }
+
+            s->session->master_key_length =
+                s->method->ssl3_enc->generate_master_secret(s,
+                                                            s->
+                                                            session->master_key,
+                                                            psk_or_pre_ms,
+                                                            pre_ms_len);
+            s2n(identity_len, p);
+            memcpy(p, identity, identity_len);
+            n = 2 + identity_len;
+            psk_err = 0;
+ psk_err:
+            OPENSSL_cleanse(identity, sizeof(identity));
+            OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
+            if (psk_err != 0) {
+                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+                goto err;
+            }
+        }
+#endif
+        else {
+            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+            SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        *(d++) = SSL3_MT_CLIENT_KEY_EXCHANGE;
+        l2n3(n, d);
+
+        s->state = SSL3_ST_CW_KEY_EXCH_B;
+        /* number of bytes to write */
+        s->init_num = n + 4;
+        s->init_off = 0;
+    }
+
+    /* SSL3_ST_CW_KEY_EXCH_B */
+    return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+ err:
+#ifndef OPENSSL_NO_ECDH
+    BN_CTX_free(bn_ctx);
+    if (encodedPoint != NULL)
+        OPENSSL_free(encodedPoint);
+    if (clnt_ecdh != NULL)
+        EC_KEY_free(clnt_ecdh);
+    EVP_PKEY_free(srvr_pub_pkey);
+#endif
+    s->state = SSL_ST_ERR;
+    return (-1);
+}
+
+int ssl3_send_client_verify(SSL *s)
+{
+    unsigned char *p, *d;
+    unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
+    EVP_PKEY *pkey;
+    EVP_PKEY_CTX *pctx = NULL;
+    EVP_MD_CTX mctx;
+    unsigned u = 0;
+    unsigned long n;
+    int j;
+
+    EVP_MD_CTX_init(&mctx);
+
+    if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
+        d = (unsigned char *)s->init_buf->data;
+        p = &(d[4]);
+        pkey = s->cert->key->privatekey;
+/* Create context from key and test if sha1 is allowed as digest */
+        pctx = EVP_PKEY_CTX_new(pkey, NULL);
+        if (pctx == NULL || EVP_PKEY_sign_init(pctx) <= 0) {
+            SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) {
+            if (TLS1_get_version(s) < TLS1_2_VERSION)
+                s->method->ssl3_enc->cert_verify_mac(s,
+                                                     NID_sha1,
+                                                     &(data
+                                                       [MD5_DIGEST_LENGTH]));
+        } else {
+            ERR_clear_error();
+        }
+        /*
+         * For TLS v1.2 send signature algorithm and signature using agreed
+         * digest and cached handshake records.
+         */
+        if (TLS1_get_version(s) >= TLS1_2_VERSION) {
+            long hdatalen = 0;
+            void *hdata;
+            const EVP_MD *md = s->cert->key->digest;
+            hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
+            if (hdatalen <= 0 || !tls12_get_sigandhash(p, pkey, md)) {
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            p += 2;
+#ifdef SSL_DEBUG
+            fprintf(stderr, "Using TLS 1.2 with client alg %s\n",
+                    EVP_MD_name(md));
+#endif
+            if (!EVP_SignInit_ex(&mctx, md, NULL)
+                || !EVP_SignUpdate(&mctx, hdata, hdatalen)
+                || !EVP_SignFinal(&mctx, p + 2, &u, pkey)) {
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_EVP_LIB);
+                goto err;
+            }
+            s2n(u, p);
+            n = u + 4;
+            if (!ssl3_digest_cached_records(s))
+                goto err;
+        } else
+#ifndef OPENSSL_NO_RSA
+        if (pkey->type == EVP_PKEY_RSA) {
+            s->method->ssl3_enc->cert_verify_mac(s, NID_md5, &(data[0]));
+            if (RSA_sign(NID_md5_sha1, data,
+                         MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
+                         &(p[2]), &u, pkey->pkey.rsa) <= 0) {
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_RSA_LIB);
+                goto err;
+            }
+            s2n(u, p);
+            n = u + 2;
+        } else
+#endif
+#ifndef OPENSSL_NO_DSA
+        if (pkey->type == EVP_PKEY_DSA) {
+            if (!DSA_sign(pkey->save_type,
+                          &(data[MD5_DIGEST_LENGTH]),
+                          SHA_DIGEST_LENGTH, &(p[2]),
+                          (unsigned int *)&j, pkey->pkey.dsa)) {
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_DSA_LIB);
+                goto err;
+            }
+            s2n(j, p);
+            n = j + 2;
+        } else
+#endif
+#ifndef OPENSSL_NO_ECDSA
+        if (pkey->type == EVP_PKEY_EC) {
+            if (!ECDSA_sign(pkey->save_type,
+                            &(data[MD5_DIGEST_LENGTH]),
+                            SHA_DIGEST_LENGTH, &(p[2]),
+                            (unsigned int *)&j, pkey->pkey.ec)) {
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_ECDSA_LIB);
+                goto err;
+            }
+            s2n(j, p);
+            n = j + 2;
+        } else
+#endif
+        if (pkey->type == NID_id_GostR3410_94
+                || pkey->type == NID_id_GostR3410_2001) {
+            unsigned char signbuf[64];
+            int i;
+            size_t sigsize = 64;
+            s->method->ssl3_enc->cert_verify_mac(s,
+                                                 NID_id_GostR3411_94, data);
+            if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) {
+                SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            for (i = 63, j = 0; i >= 0; j++, i--) {
+                p[2 + j] = signbuf[i];
+            }
+            s2n(j, p);
+            n = j + 2;
+        } else {
+            SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        *(d++) = SSL3_MT_CERTIFICATE_VERIFY;
+        l2n3(n, d);
+
+        s->state = SSL3_ST_CW_CERT_VRFY_B;
+        s->init_num = (int)n + 4;
+        s->init_off = 0;
+    }
+    EVP_MD_CTX_cleanup(&mctx);
+    EVP_PKEY_CTX_free(pctx);
+    return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+ err:
+    EVP_MD_CTX_cleanup(&mctx);
+    EVP_PKEY_CTX_free(pctx);
+    s->state = SSL_ST_ERR;
+    return (-1);
+}
+
+int ssl3_send_client_certificate(SSL *s)
+{
+    X509 *x509 = NULL;
+    EVP_PKEY *pkey = NULL;
+    int i;
+    unsigned long l;
+
+    if (s->state == SSL3_ST_CW_CERT_A) {
+        if ((s->cert == NULL) ||
+            (s->cert->key->x509 == NULL) ||
+            (s->cert->key->privatekey == NULL))
+            s->state = SSL3_ST_CW_CERT_B;
+        else
+            s->state = SSL3_ST_CW_CERT_C;
+    }
+
+    /* We need to get a client cert */
+    if (s->state == SSL3_ST_CW_CERT_B) {
+        /*
+         * If we get an error, we need to ssl->rwstate=SSL_X509_LOOKUP;
+         * return(-1); We then get retied later
+         */
+        i = ssl_do_client_cert_cb(s, &x509, &pkey);
+        if (i < 0) {
+            s->rwstate = SSL_X509_LOOKUP;
+            return (-1);
+        }
+        s->rwstate = SSL_NOTHING;
+        if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
+            s->state = SSL3_ST_CW_CERT_B;
+            if (!SSL_use_certificate(s, x509) || !SSL_use_PrivateKey(s, pkey))
+                i = 0;
+        } else if (i == 1) {
+            i = 0;
+            SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,
+                   SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
+        }
+
+        if (x509 != NULL)
+            X509_free(x509);
+        if (pkey != NULL)
+            EVP_PKEY_free(pkey);
+        if (i == 0) {
+            if (s->version == SSL3_VERSION) {
+                s->s3->tmp.cert_req = 0;
+                ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_CERTIFICATE);
+                return (1);
+            } else {
+                s->s3->tmp.cert_req = 2;
+            }
+        }
+
+        /* Ok, we have a cert */
+        s->state = SSL3_ST_CW_CERT_C;
+    }
+
+    if (s->state == SSL3_ST_CW_CERT_C) {
+        s->state = SSL3_ST_CW_CERT_D;
+        l = ssl3_output_cert_chain(s,
+                                   (s->s3->tmp.cert_req ==
+                                    2) ? NULL : s->cert->key->x509);
+        if (!l) {
+            SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+            ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+            s->state = SSL_ST_ERR;
+            return 0;
+        }
+        s->init_num = (int)l;
+        s->init_off = 0;
+    }
+    /* SSL3_ST_CW_CERT_D */
+    return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+}
+
+#define has_bits(i,m)   (((i)&(m)) == (m))
+
+int ssl3_check_cert_and_algorithm(SSL *s)
+{
+    int i, idx;
+    long alg_k, alg_a;
+    EVP_PKEY *pkey = NULL;
+    int pkey_bits;
+    SESS_CERT *sc;
+#ifndef OPENSSL_NO_RSA
+    RSA *rsa;
+#endif
+#ifndef OPENSSL_NO_DH
+    DH *dh;
+#endif
+    int al = SSL_AD_HANDSHAKE_FAILURE;
+
+    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+    alg_a = s->s3->tmp.new_cipher->algorithm_auth;
+
+    /* we don't have a certificate */
+    if ((alg_a & (SSL_aDH | SSL_aNULL | SSL_aKRB5)) || (alg_k & SSL_kPSK))
+        return (1);
+
+    sc = s->session->sess_cert;
+    if (sc == NULL) {
+        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+#ifndef OPENSSL_NO_RSA
+    rsa = s->session->sess_cert->peer_rsa_tmp;
+#endif
+#ifndef OPENSSL_NO_DH
+    dh = s->session->sess_cert->peer_dh_tmp;
+#endif
+
+    /* This is the passed certificate */
+
+    idx = sc->peer_cert_type;
+#ifndef OPENSSL_NO_ECDH
+    if (idx == SSL_PKEY_ECC) {
+        if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509, s) == 0) {
+            /* check failed */
+            SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_BAD_ECC_CERT);
+            goto f_err;
+        } else {
+            return 1;
+        }
+    }
+#endif
+    pkey = X509_get_pubkey(sc->peer_pkeys[idx].x509);
+    pkey_bits = EVP_PKEY_bits(pkey);
+    i = X509_certificate_type(sc->peer_pkeys[idx].x509, pkey);
+    EVP_PKEY_free(pkey);
+
+    /* Check that we have a certificate if we require one */
+    if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA | EVP_PKT_SIGN)) {
+        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+               SSL_R_MISSING_RSA_SIGNING_CERT);
+        goto f_err;
+    }
+#ifndef OPENSSL_NO_DSA
+    else if ((alg_a & SSL_aDSS) && !has_bits(i, EVP_PK_DSA | EVP_PKT_SIGN)) {
+        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+               SSL_R_MISSING_DSA_SIGNING_CERT);
+        goto f_err;
+    }
+#endif
+#ifndef OPENSSL_NO_RSA
+    if (alg_k & SSL_kRSA) {
+        if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
+            !has_bits(i, EVP_PK_RSA | EVP_PKT_ENC)) {
+            SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+                   SSL_R_MISSING_RSA_ENCRYPTING_CERT);
+            goto f_err;
+        } else if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)) {
+            if (pkey_bits <= SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
+                if (!has_bits(i, EVP_PK_RSA | EVP_PKT_ENC)) {
+                    SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+                           SSL_R_MISSING_RSA_ENCRYPTING_CERT);
+                    goto f_err;
+                }
+                if (rsa != NULL) {
+                    /* server key exchange is not allowed. */
+                    al = SSL_AD_INTERNAL_ERROR;
+                    SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR);
+                    goto f_err;
+                }
+            }
+        }
+    }
+#endif
+#ifndef OPENSSL_NO_DH
+    if ((alg_k & SSL_kEDH) && dh == NULL) {
+        al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR);
+        goto f_err;
+    }
+    if ((alg_k & SSL_kDHr) && !has_bits(i, EVP_PK_DH | EVP_PKS_RSA)) {
+        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+               SSL_R_MISSING_DH_RSA_CERT);
+        goto f_err;
+    }
+# ifndef OPENSSL_NO_DSA
+    if ((alg_k & SSL_kDHd) && !has_bits(i, EVP_PK_DH | EVP_PKS_DSA)) {
+        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+               SSL_R_MISSING_DH_DSA_CERT);
+        goto f_err;
+    }
+# endif
+
+    /* Check DHE only: static DH not implemented. */
+    if (alg_k & SSL_kEDH) {
+        int dh_size = BN_num_bits(dh->p);
+        if ((!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 1024)
+            || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 512)) {
+            SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_DH_KEY_TOO_SMALL);
+            goto f_err;
+        }
+    }
+#endif  /* !OPENSSL_NO_DH */
+
+    if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
+        pkey_bits > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
+#ifndef OPENSSL_NO_RSA
+        if (alg_k & SSL_kRSA) {
+            if (rsa == NULL) {
+                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+                       SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
+                goto f_err;
+            } else if (BN_num_bits(rsa->n) >
+                SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
+                /* We have a temporary RSA key but it's too large. */
+                al = SSL_AD_EXPORT_RESTRICTION;
+                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+                       SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
+                goto f_err;
+            }
+        } else
+#endif
+#ifndef OPENSSL_NO_DH
+        if (alg_k & SSL_kEDH) {
+            if (BN_num_bits(dh->p) >
+                SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
+                /* We have a temporary DH key but it's too large. */
+                al = SSL_AD_EXPORT_RESTRICTION;
+                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+                       SSL_R_MISSING_EXPORT_TMP_DH_KEY);
+                goto f_err;
+            }
+        } else if (alg_k & (SSL_kDHr | SSL_kDHd)) {
+            /* The cert should have had an export DH key. */
+            al = SSL_AD_EXPORT_RESTRICTION;
+            SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+                   SSL_R_MISSING_EXPORT_TMP_DH_KEY);
+                goto f_err;
+        } else
+#endif
+        {
+            SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+                   SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
+            goto f_err;
+        }
+    }
+    return (1);
+ f_err:
+    ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ err:
+    return (0);
+}
+
+#ifndef OPENSSL_NO_TLSEXT
+/*
+ * Normally, we can tell if the server is resuming the session from
+ * the session ID. EAP-FAST (RFC 4851), however, relies on the next server
+ * message after the ServerHello to determine if the server is resuming.
+ * Therefore, we allow EAP-FAST to peek ahead.
+ * ssl3_check_finished returns 1 if we are resuming from an external
+ * pre-shared secret, we have a "ticket" and the next server handshake message
+ * is Finished; and 0 otherwise. It returns -1 upon an error.
+ */
+static int ssl3_check_finished(SSL *s)
+{
+    int ok = 0;
+
+    if (s->version < TLS1_VERSION || !s->tls_session_secret_cb ||
+        !s->session->tlsext_tick)
+        return 0;
+
+    /* Need to permit this temporarily, in case the next message is Finished. */
+    s->s3->flags |= SSL3_FLAGS_CCS_OK;
+    /*
+     * This function is called when we might get a Certificate message instead,
+     * so permit appropriate message length.
+     * We ignore the return value as we're only interested in the message type
+     * and not its length.
+     */
+    s->method->ssl_get_message(s,
+                               SSL3_ST_CR_CERT_A,
+                               SSL3_ST_CR_CERT_B,
+                               -1, s->max_cert_list, &ok);
+    s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
+
+    if (!ok)
+        return -1;
+
+    s->s3->tmp.reuse_message = 1;
+
+    if (s->s3->tmp.message_type == SSL3_MT_FINISHED)
+        return 1;
+
+    /* If we're not done, then the CCS arrived early and we should bail. */
+    if (s->s3->change_cipher_spec) {
+        SSLerr(SSL_F_SSL3_CHECK_FINISHED, SSL_R_CCS_RECEIVED_EARLY);
+        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+        return -1;
+    }
+
+    return 0;
+}
+
+# ifndef OPENSSL_NO_NEXTPROTONEG
+int ssl3_send_next_proto(SSL *s)
+{
+    unsigned int len, padding_len;
+    unsigned char *d;
+
+    if (s->state == SSL3_ST_CW_NEXT_PROTO_A) {
+        len = s->next_proto_negotiated_len;
+        padding_len = 32 - ((len + 2) % 32);
+        d = (unsigned char *)s->init_buf->data;
+        d[4] = len;
+        memcpy(d + 5, s->next_proto_negotiated, len);
+        d[5 + len] = padding_len;
+        memset(d + 6 + len, 0, padding_len);
+        *(d++) = SSL3_MT_NEXT_PROTO;
+        l2n3(2 + len + padding_len, d);
+        s->state = SSL3_ST_CW_NEXT_PROTO_B;
+        s->init_num = 4 + 2 + len + padding_len;
+        s->init_off = 0;
+    }
+
+    return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
+}
+#endif                          /* !OPENSSL_NO_NEXTPROTONEG */
+#endif                          /* !OPENSSL_NO_TLSEXT */
+
+int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
+{
+    int i = 0;
+#ifndef OPENSSL_NO_ENGINE
+    if (s->ctx->client_cert_engine) {
+        i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,
+                                        SSL_get_client_CA_list(s),
+                                        px509, ppkey, NULL, NULL, NULL);
+        if (i != 0)
+            return i;
+    }
+#endif
+    if (s->ctx->client_cert_cb)
+        i = s->ctx->client_cert_cb(s, px509, ppkey);
+    return i;
+}

Deleted: vendor-crypto/openssl/1.0.1u/ssl/s3_lib.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/s3_lib.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/ssl/s3_lib.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,4323 +0,0 @@
-/* ssl/s3_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * ECC cipher suite support in OpenSSL originally written by
- * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-#include "kssl_lcl.h"
-#ifndef OPENSSL_NO_TLSEXT
-# ifndef OPENSSL_NO_EC
-#  include "../crypto/ec/ec_lcl.h"
-# endif                         /* OPENSSL_NO_EC */
-#endif                          /* OPENSSL_NO_TLSEXT */
-#include <openssl/md5.h>
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
-
-const char ssl3_version_str[] = "SSLv3" OPENSSL_VERSION_PTEXT;
-
-#define SSL3_NUM_CIPHERS        (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
-
-/* list of available SSLv3 ciphers (sorted by id) */
-OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
-
-/* The RSA ciphers */
-/* Cipher 01 */
-    {
-     1,
-     SSL3_TXT_RSA_NULL_MD5,
-     SSL3_CK_RSA_NULL_MD5,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_eNULL,
-     SSL_MD5,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_STRONG_NONE,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     0,
-     0,
-     },
-
-/* Cipher 02 */
-    {
-     1,
-     SSL3_TXT_RSA_NULL_SHA,
-     SSL3_CK_RSA_NULL_SHA,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_eNULL,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     0,
-     0,
-     },
-
-/* Cipher 03 */
-    {
-     1,
-     SSL3_TXT_RSA_RC4_40_MD5,
-     SSL3_CK_RSA_RC4_40_MD5,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_RC4,
-     SSL_MD5,
-     SSL_SSLV3,
-     SSL_EXPORT | SSL_EXP40,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     40,
-     128,
-     },
-
-/* Cipher 04 */
-    {
-     1,
-     SSL3_TXT_RSA_RC4_128_MD5,
-     SSL3_CK_RSA_RC4_128_MD5,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_RC4,
-     SSL_MD5,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_MEDIUM,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-/* Cipher 05 */
-    {
-     1,
-     SSL3_TXT_RSA_RC4_128_SHA,
-     SSL3_CK_RSA_RC4_128_SHA,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_RC4,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_MEDIUM,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-/* Cipher 06 */
-    {
-     1,
-     SSL3_TXT_RSA_RC2_40_MD5,
-     SSL3_CK_RSA_RC2_40_MD5,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_RC2,
-     SSL_MD5,
-     SSL_SSLV3,
-     SSL_EXPORT | SSL_EXP40,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     40,
-     128,
-     },
-
-/* Cipher 07 */
-#ifndef OPENSSL_NO_IDEA
-    {
-     1,
-     SSL3_TXT_RSA_IDEA_128_SHA,
-     SSL3_CK_RSA_IDEA_128_SHA,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_IDEA,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_MEDIUM,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-#endif
-
-/* Cipher 08 */
-    {
-     1,
-     SSL3_TXT_RSA_DES_40_CBC_SHA,
-     SSL3_CK_RSA_DES_40_CBC_SHA,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_DES,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_EXPORT | SSL_EXP40,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     40,
-     56,
-     },
-
-/* Cipher 09 */
-    {
-     1,
-     SSL3_TXT_RSA_DES_64_CBC_SHA,
-     SSL3_CK_RSA_DES_64_CBC_SHA,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_DES,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_LOW,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     56,
-     56,
-     },
-
-/* Cipher 0A */
-    {
-     1,
-     SSL3_TXT_RSA_DES_192_CBC3_SHA,
-     SSL3_CK_RSA_DES_192_CBC3_SHA,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_3DES,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     112,
-     168,
-     },
-
-/* The DH ciphers */
-/* Cipher 0B */
-    {
-     0,
-     SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
-     SSL3_CK_DH_DSS_DES_40_CBC_SHA,
-     SSL_kDHd,
-     SSL_aDH,
-     SSL_DES,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_EXPORT | SSL_EXP40,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     40,
-     56,
-     },
-
-/* Cipher 0C */
-    {
-     0,                         /* not implemented (non-ephemeral DH) */
-     SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
-     SSL3_CK_DH_DSS_DES_64_CBC_SHA,
-     SSL_kDHd,
-     SSL_aDH,
-     SSL_DES,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_LOW,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     56,
-     56,
-     },
-
-/* Cipher 0D */
-    {
-     0,                         /* not implemented (non-ephemeral DH) */
-     SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
-     SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
-     SSL_kDHd,
-     SSL_aDH,
-     SSL_3DES,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     112,
-     168,
-     },
-
-/* Cipher 0E */
-    {
-     0,                         /* not implemented (non-ephemeral DH) */
-     SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
-     SSL3_CK_DH_RSA_DES_40_CBC_SHA,
-     SSL_kDHr,
-     SSL_aDH,
-     SSL_DES,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_EXPORT | SSL_EXP40,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     40,
-     56,
-     },
-
-/* Cipher 0F */
-    {
-     0,                         /* not implemented (non-ephemeral DH) */
-     SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
-     SSL3_CK_DH_RSA_DES_64_CBC_SHA,
-     SSL_kDHr,
-     SSL_aDH,
-     SSL_DES,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_LOW,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     56,
-     56,
-     },
-
-/* Cipher 10 */
-    {
-     0,                         /* not implemented (non-ephemeral DH) */
-     SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
-     SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
-     SSL_kDHr,
-     SSL_aDH,
-     SSL_3DES,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     112,
-     168,
-     },
-
-/* The Ephemeral DH ciphers */
-/* Cipher 11 */
-    {
-     1,
-     SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
-     SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
-     SSL_kEDH,
-     SSL_aDSS,
-     SSL_DES,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_EXPORT | SSL_EXP40,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     40,
-     56,
-     },
-
-/* Cipher 12 */
-    {
-     1,
-     SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
-     SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
-     SSL_kEDH,
-     SSL_aDSS,
-     SSL_DES,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_LOW,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     56,
-     56,
-     },
-
-/* Cipher 13 */
-    {
-     1,
-     SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
-     SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
-     SSL_kEDH,
-     SSL_aDSS,
-     SSL_3DES,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     112,
-     168,
-     },
-
-/* Cipher 14 */
-    {
-     1,
-     SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
-     SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
-     SSL_kEDH,
-     SSL_aRSA,
-     SSL_DES,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_EXPORT | SSL_EXP40,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     40,
-     56,
-     },
-
-/* Cipher 15 */
-    {
-     1,
-     SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
-     SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
-     SSL_kEDH,
-     SSL_aRSA,
-     SSL_DES,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_LOW,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     56,
-     56,
-     },
-
-/* Cipher 16 */
-    {
-     1,
-     SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
-     SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
-     SSL_kEDH,
-     SSL_aRSA,
-     SSL_3DES,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     112,
-     168,
-     },
-
-/* Cipher 17 */
-    {
-     1,
-     SSL3_TXT_ADH_RC4_40_MD5,
-     SSL3_CK_ADH_RC4_40_MD5,
-     SSL_kEDH,
-     SSL_aNULL,
-     SSL_RC4,
-     SSL_MD5,
-     SSL_SSLV3,
-     SSL_EXPORT | SSL_EXP40,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     40,
-     128,
-     },
-
-/* Cipher 18 */
-    {
-     1,
-     SSL3_TXT_ADH_RC4_128_MD5,
-     SSL3_CK_ADH_RC4_128_MD5,
-     SSL_kEDH,
-     SSL_aNULL,
-     SSL_RC4,
-     SSL_MD5,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_MEDIUM,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-/* Cipher 19 */
-    {
-     1,
-     SSL3_TXT_ADH_DES_40_CBC_SHA,
-     SSL3_CK_ADH_DES_40_CBC_SHA,
-     SSL_kEDH,
-     SSL_aNULL,
-     SSL_DES,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_EXPORT | SSL_EXP40,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     40,
-     128,
-     },
-
-/* Cipher 1A */
-    {
-     1,
-     SSL3_TXT_ADH_DES_64_CBC_SHA,
-     SSL3_CK_ADH_DES_64_CBC_SHA,
-     SSL_kEDH,
-     SSL_aNULL,
-     SSL_DES,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_LOW,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     56,
-     56,
-     },
-
-/* Cipher 1B */
-    {
-     1,
-     SSL3_TXT_ADH_DES_192_CBC_SHA,
-     SSL3_CK_ADH_DES_192_CBC_SHA,
-     SSL_kEDH,
-     SSL_aNULL,
-     SSL_3DES,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     112,
-     168,
-     },
-
-/* Fortezza ciphersuite from SSL 3.0 spec */
-#if 0
-/* Cipher 1C */
-    {
-     0,
-     SSL3_TXT_FZA_DMS_NULL_SHA,
-     SSL3_CK_FZA_DMS_NULL_SHA,
-     SSL_kFZA,
-     SSL_aFZA,
-     SSL_eNULL,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_STRONG_NONE,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     0,
-     0,
-     },
-
-/* Cipher 1D */
-    {
-     0,
-     SSL3_TXT_FZA_DMS_FZA_SHA,
-     SSL3_CK_FZA_DMS_FZA_SHA,
-     SSL_kFZA,
-     SSL_aFZA,
-     SSL_eFZA,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_STRONG_NONE,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     0,
-     0,
-     },
-
-/* Cipher 1E */
-    {
-     0,
-     SSL3_TXT_FZA_DMS_RC4_SHA,
-     SSL3_CK_FZA_DMS_RC4_SHA,
-     SSL_kFZA,
-     SSL_aFZA,
-     SSL_RC4,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_MEDIUM,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-#endif
-
-#ifndef OPENSSL_NO_KRB5
-/* The Kerberos ciphers*/
-/* Cipher 1E */
-    {
-     1,
-     SSL3_TXT_KRB5_DES_64_CBC_SHA,
-     SSL3_CK_KRB5_DES_64_CBC_SHA,
-     SSL_kKRB5,
-     SSL_aKRB5,
-     SSL_DES,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_LOW,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     56,
-     56,
-     },
-
-/* Cipher 1F */
-    {
-     1,
-     SSL3_TXT_KRB5_DES_192_CBC3_SHA,
-     SSL3_CK_KRB5_DES_192_CBC3_SHA,
-     SSL_kKRB5,
-     SSL_aKRB5,
-     SSL_3DES,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     112,
-     168,
-     },
-
-/* Cipher 20 */
-    {
-     1,
-     SSL3_TXT_KRB5_RC4_128_SHA,
-     SSL3_CK_KRB5_RC4_128_SHA,
-     SSL_kKRB5,
-     SSL_aKRB5,
-     SSL_RC4,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_MEDIUM,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-/* Cipher 21 */
-    {
-     1,
-     SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
-     SSL3_CK_KRB5_IDEA_128_CBC_SHA,
-     SSL_kKRB5,
-     SSL_aKRB5,
-     SSL_IDEA,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_MEDIUM,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-/* Cipher 22 */
-    {
-     1,
-     SSL3_TXT_KRB5_DES_64_CBC_MD5,
-     SSL3_CK_KRB5_DES_64_CBC_MD5,
-     SSL_kKRB5,
-     SSL_aKRB5,
-     SSL_DES,
-     SSL_MD5,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_LOW,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     56,
-     56,
-     },
-
-/* Cipher 23 */
-    {
-     1,
-     SSL3_TXT_KRB5_DES_192_CBC3_MD5,
-     SSL3_CK_KRB5_DES_192_CBC3_MD5,
-     SSL_kKRB5,
-     SSL_aKRB5,
-     SSL_3DES,
-     SSL_MD5,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     112,
-     168,
-     },
-
-/* Cipher 24 */
-    {
-     1,
-     SSL3_TXT_KRB5_RC4_128_MD5,
-     SSL3_CK_KRB5_RC4_128_MD5,
-     SSL_kKRB5,
-     SSL_aKRB5,
-     SSL_RC4,
-     SSL_MD5,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_MEDIUM,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-/* Cipher 25 */
-    {
-     1,
-     SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
-     SSL3_CK_KRB5_IDEA_128_CBC_MD5,
-     SSL_kKRB5,
-     SSL_aKRB5,
-     SSL_IDEA,
-     SSL_MD5,
-     SSL_SSLV3,
-     SSL_NOT_EXP | SSL_MEDIUM,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-/* Cipher 26 */
-    {
-     1,
-     SSL3_TXT_KRB5_DES_40_CBC_SHA,
-     SSL3_CK_KRB5_DES_40_CBC_SHA,
-     SSL_kKRB5,
-     SSL_aKRB5,
-     SSL_DES,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_EXPORT | SSL_EXP40,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     40,
-     56,
-     },
-
-/* Cipher 27 */
-    {
-     1,
-     SSL3_TXT_KRB5_RC2_40_CBC_SHA,
-     SSL3_CK_KRB5_RC2_40_CBC_SHA,
-     SSL_kKRB5,
-     SSL_aKRB5,
-     SSL_RC2,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_EXPORT | SSL_EXP40,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     40,
-     128,
-     },
-
-/* Cipher 28 */
-    {
-     1,
-     SSL3_TXT_KRB5_RC4_40_SHA,
-     SSL3_CK_KRB5_RC4_40_SHA,
-     SSL_kKRB5,
-     SSL_aKRB5,
-     SSL_RC4,
-     SSL_SHA1,
-     SSL_SSLV3,
-     SSL_EXPORT | SSL_EXP40,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     40,
-     128,
-     },
-
-/* Cipher 29 */
-    {
-     1,
-     SSL3_TXT_KRB5_DES_40_CBC_MD5,
-     SSL3_CK_KRB5_DES_40_CBC_MD5,
-     SSL_kKRB5,
-     SSL_aKRB5,
-     SSL_DES,
-     SSL_MD5,
-     SSL_SSLV3,
-     SSL_EXPORT | SSL_EXP40,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     40,
-     56,
-     },
-
-/* Cipher 2A */
-    {
-     1,
-     SSL3_TXT_KRB5_RC2_40_CBC_MD5,
-     SSL3_CK_KRB5_RC2_40_CBC_MD5,
-     SSL_kKRB5,
-     SSL_aKRB5,
-     SSL_RC2,
-     SSL_MD5,
-     SSL_SSLV3,
-     SSL_EXPORT | SSL_EXP40,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     40,
-     128,
-     },
-
-/* Cipher 2B */
-    {
-     1,
-     SSL3_TXT_KRB5_RC4_40_MD5,
-     SSL3_CK_KRB5_RC4_40_MD5,
-     SSL_kKRB5,
-     SSL_aKRB5,
-     SSL_RC4,
-     SSL_MD5,
-     SSL_SSLV3,
-     SSL_EXPORT | SSL_EXP40,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     40,
-     128,
-     },
-#endif                          /* OPENSSL_NO_KRB5 */
-
-/* New AES ciphersuites */
-/* Cipher 2F */
-    {
-     1,
-     TLS1_TXT_RSA_WITH_AES_128_SHA,
-     TLS1_CK_RSA_WITH_AES_128_SHA,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_AES128,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-/* Cipher 30 */
-    {
-     0,
-     TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
-     TLS1_CK_DH_DSS_WITH_AES_128_SHA,
-     SSL_kDHd,
-     SSL_aDH,
-     SSL_AES128,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-/* Cipher 31 */
-    {
-     0,
-     TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
-     TLS1_CK_DH_RSA_WITH_AES_128_SHA,
-     SSL_kDHr,
-     SSL_aDH,
-     SSL_AES128,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-/* Cipher 32 */
-    {
-     1,
-     TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
-     TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
-     SSL_kEDH,
-     SSL_aDSS,
-     SSL_AES128,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-/* Cipher 33 */
-    {
-     1,
-     TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
-     TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
-     SSL_kEDH,
-     SSL_aRSA,
-     SSL_AES128,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-/* Cipher 34 */
-    {
-     1,
-     TLS1_TXT_ADH_WITH_AES_128_SHA,
-     TLS1_CK_ADH_WITH_AES_128_SHA,
-     SSL_kEDH,
-     SSL_aNULL,
-     SSL_AES128,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-/* Cipher 35 */
-    {
-     1,
-     TLS1_TXT_RSA_WITH_AES_256_SHA,
-     TLS1_CK_RSA_WITH_AES_256_SHA,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_AES256,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
-     },
-/* Cipher 36 */
-    {
-     0,
-     TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
-     TLS1_CK_DH_DSS_WITH_AES_256_SHA,
-     SSL_kDHd,
-     SSL_aDH,
-     SSL_AES256,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
-     },
-
-/* Cipher 37 */
-    {
-     0,                         /* not implemented (non-ephemeral DH) */
-     TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
-     TLS1_CK_DH_RSA_WITH_AES_256_SHA,
-     SSL_kDHr,
-     SSL_aDH,
-     SSL_AES256,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
-     },
-
-/* Cipher 38 */
-    {
-     1,
-     TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
-     TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
-     SSL_kEDH,
-     SSL_aDSS,
-     SSL_AES256,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
-     },
-
-/* Cipher 39 */
-    {
-     1,
-     TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
-     TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
-     SSL_kEDH,
-     SSL_aRSA,
-     SSL_AES256,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
-     },
-
-    /* Cipher 3A */
-    {
-     1,
-     TLS1_TXT_ADH_WITH_AES_256_SHA,
-     TLS1_CK_ADH_WITH_AES_256_SHA,
-     SSL_kEDH,
-     SSL_aNULL,
-     SSL_AES256,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
-     },
-
-    /* TLS v1.2 ciphersuites */
-    /* Cipher 3B */
-    {
-     1,
-     TLS1_TXT_RSA_WITH_NULL_SHA256,
-     TLS1_CK_RSA_WITH_NULL_SHA256,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_eNULL,
-     SSL_SHA256,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     0,
-     0,
-     },
-
-    /* Cipher 3C */
-    {
-     1,
-     TLS1_TXT_RSA_WITH_AES_128_SHA256,
-     TLS1_CK_RSA_WITH_AES_128_SHA256,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_AES128,
-     SSL_SHA256,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-    /* Cipher 3D */
-    {
-     1,
-     TLS1_TXT_RSA_WITH_AES_256_SHA256,
-     TLS1_CK_RSA_WITH_AES_256_SHA256,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_AES256,
-     SSL_SHA256,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
-     },
-
-    /* Cipher 3E */
-    {
-     0,                         /* not implemented (non-ephemeral DH) */
-     TLS1_TXT_DH_DSS_WITH_AES_128_SHA256,
-     TLS1_CK_DH_DSS_WITH_AES_128_SHA256,
-     SSL_kDHd,
-     SSL_aDH,
-     SSL_AES128,
-     SSL_SHA256,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-    /* Cipher 3F */
-    {
-     0,                         /* not implemented (non-ephemeral DH) */
-     TLS1_TXT_DH_RSA_WITH_AES_128_SHA256,
-     TLS1_CK_DH_RSA_WITH_AES_128_SHA256,
-     SSL_kDHr,
-     SSL_aDH,
-     SSL_AES128,
-     SSL_SHA256,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-    /* Cipher 40 */
-    {
-     1,
-     TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
-     TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
-     SSL_kEDH,
-     SSL_aDSS,
-     SSL_AES128,
-     SSL_SHA256,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-#ifndef OPENSSL_NO_CAMELLIA
-    /* Camellia ciphersuites from RFC4132 (128-bit portion) */
-
-    /* Cipher 41 */
-    {
-     1,
-     TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
-     TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_CAMELLIA128,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-    /* Cipher 42 */
-    {
-     0,                         /* not implemented (non-ephemeral DH) */
-     TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
-     TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
-     SSL_kDHd,
-     SSL_aDH,
-     SSL_CAMELLIA128,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-    /* Cipher 43 */
-    {
-     0,                         /* not implemented (non-ephemeral DH) */
-     TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
-     TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
-     SSL_kDHr,
-     SSL_aDH,
-     SSL_CAMELLIA128,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-    /* Cipher 44 */
-    {
-     1,
-     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
-     TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
-     SSL_kEDH,
-     SSL_aDSS,
-     SSL_CAMELLIA128,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-    /* Cipher 45 */
-    {
-     1,
-     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
-     TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
-     SSL_kEDH,
-     SSL_aRSA,
-     SSL_CAMELLIA128,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-    /* Cipher 46 */
-    {
-     1,
-     TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
-     TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
-     SSL_kEDH,
-     SSL_aNULL,
-     SSL_CAMELLIA128,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-#endif                          /* OPENSSL_NO_CAMELLIA */
-
-#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
-    /* New TLS Export CipherSuites from expired ID */
-# if 0
-    /* Cipher 60 */
-    {
-     1,
-     TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
-     TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_RC4,
-     SSL_MD5,
-     SSL_TLSV1,
-     SSL_EXPORT | SSL_EXP56,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     56,
-     128,
-     },
-
-    /* Cipher 61 */
-    {
-     1,
-     TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
-     TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_RC2,
-     SSL_MD5,
-     SSL_TLSV1,
-     SSL_EXPORT | SSL_EXP56,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     56,
-     128,
-     },
-# endif
-
-    /* Cipher 62 */
-    {
-     1,
-     TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
-     TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_DES,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_EXPORT | SSL_EXP56,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     56,
-     56,
-     },
-
-    /* Cipher 63 */
-    {
-     1,
-     TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
-     TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
-     SSL_kEDH,
-     SSL_aDSS,
-     SSL_DES,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_EXPORT | SSL_EXP56,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     56,
-     56,
-     },
-
-    /* Cipher 64 */
-    {
-     1,
-     TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
-     TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_RC4,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_EXPORT | SSL_EXP56,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     56,
-     128,
-     },
-
-    /* Cipher 65 */
-    {
-     1,
-     TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
-     TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
-     SSL_kEDH,
-     SSL_aDSS,
-     SSL_RC4,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_EXPORT | SSL_EXP56,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     56,
-     128,
-     },
-
-    /* Cipher 66 */
-    {
-     1,
-     TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
-     TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
-     SSL_kEDH,
-     SSL_aDSS,
-     SSL_RC4,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_MEDIUM,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-#endif
-
-    /* TLS v1.2 ciphersuites */
-    /* Cipher 67 */
-    {
-     1,
-     TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
-     TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
-     SSL_kEDH,
-     SSL_aRSA,
-     SSL_AES128,
-     SSL_SHA256,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-    /* Cipher 68 */
-    {
-     0,                         /* not implemented (non-ephemeral DH) */
-     TLS1_TXT_DH_DSS_WITH_AES_256_SHA256,
-     TLS1_CK_DH_DSS_WITH_AES_256_SHA256,
-     SSL_kDHd,
-     SSL_aDH,
-     SSL_AES256,
-     SSL_SHA256,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
-     },
-
-    /* Cipher 69 */
-    {
-     0,                         /* not implemented (non-ephemeral DH) */
-     TLS1_TXT_DH_RSA_WITH_AES_256_SHA256,
-     TLS1_CK_DH_RSA_WITH_AES_256_SHA256,
-     SSL_kDHr,
-     SSL_aDH,
-     SSL_AES256,
-     SSL_SHA256,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
-     },
-
-    /* Cipher 6A */
-    {
-     1,
-     TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
-     TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
-     SSL_kEDH,
-     SSL_aDSS,
-     SSL_AES256,
-     SSL_SHA256,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
-     },
-
-    /* Cipher 6B */
-    {
-     1,
-     TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
-     TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
-     SSL_kEDH,
-     SSL_aRSA,
-     SSL_AES256,
-     SSL_SHA256,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
-     },
-
-    /* Cipher 6C */
-    {
-     1,
-     TLS1_TXT_ADH_WITH_AES_128_SHA256,
-     TLS1_CK_ADH_WITH_AES_128_SHA256,
-     SSL_kEDH,
-     SSL_aNULL,
-     SSL_AES128,
-     SSL_SHA256,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-    /* Cipher 6D */
-    {
-     1,
-     TLS1_TXT_ADH_WITH_AES_256_SHA256,
-     TLS1_CK_ADH_WITH_AES_256_SHA256,
-     SSL_kEDH,
-     SSL_aNULL,
-     SSL_AES256,
-     SSL_SHA256,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
-     },
-
-    /* GOST Ciphersuites */
-
-    {
-     1,
-     "GOST94-GOST89-GOST89",
-     0x3000080,
-     SSL_kGOST,
-     SSL_aGOST94,
-     SSL_eGOST2814789CNT,
-     SSL_GOST89MAC,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
-     256,
-     256},
-    {
-     1,
-     "GOST2001-GOST89-GOST89",
-     0x3000081,
-     SSL_kGOST,
-     SSL_aGOST01,
-     SSL_eGOST2814789CNT,
-     SSL_GOST89MAC,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
-     256,
-     256},
-    {
-     1,
-     "GOST94-NULL-GOST94",
-     0x3000082,
-     SSL_kGOST,
-     SSL_aGOST94,
-     SSL_eNULL,
-     SSL_GOST94,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_STRONG_NONE,
-     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
-     0,
-     0},
-    {
-     1,
-     "GOST2001-NULL-GOST94",
-     0x3000083,
-     SSL_kGOST,
-     SSL_aGOST01,
-     SSL_eNULL,
-     SSL_GOST94,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_STRONG_NONE,
-     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
-     0,
-     0},
-
-#ifndef OPENSSL_NO_CAMELLIA
-    /* Camellia ciphersuites from RFC4132 (256-bit portion) */
-
-    /* Cipher 84 */
-    {
-     1,
-     TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
-     TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_CAMELLIA256,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
-     },
-    /* Cipher 85 */
-    {
-     0,                         /* not implemented (non-ephemeral DH) */
-     TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
-     TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
-     SSL_kDHd,
-     SSL_aDH,
-     SSL_CAMELLIA256,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
-     },
-
-    /* Cipher 86 */
-    {
-     0,                         /* not implemented (non-ephemeral DH) */
-     TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
-     TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
-     SSL_kDHr,
-     SSL_aDH,
-     SSL_CAMELLIA256,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
-     },
-
-    /* Cipher 87 */
-    {
-     1,
-     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
-     TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
-     SSL_kEDH,
-     SSL_aDSS,
-     SSL_CAMELLIA256,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
-     },
-
-    /* Cipher 88 */
-    {
-     1,
-     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
-     TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
-     SSL_kEDH,
-     SSL_aRSA,
-     SSL_CAMELLIA256,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
-     },
-
-    /* Cipher 89 */
-    {
-     1,
-     TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
-     TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
-     SSL_kEDH,
-     SSL_aNULL,
-     SSL_CAMELLIA256,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
-     },
-#endif                          /* OPENSSL_NO_CAMELLIA */
-
-#ifndef OPENSSL_NO_PSK
-    /* Cipher 8A */
-    {
-     1,
-     TLS1_TXT_PSK_WITH_RC4_128_SHA,
-     TLS1_CK_PSK_WITH_RC4_128_SHA,
-     SSL_kPSK,
-     SSL_aPSK,
-     SSL_RC4,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_MEDIUM,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-    /* Cipher 8B */
-    {
-     1,
-     TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
-     TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
-     SSL_kPSK,
-     SSL_aPSK,
-     SSL_3DES,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     112,
-     168,
-     },
-
-    /* Cipher 8C */
-    {
-     1,
-     TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
-     TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
-     SSL_kPSK,
-     SSL_aPSK,
-     SSL_AES128,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-    /* Cipher 8D */
-    {
-     1,
-     TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
-     TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
-     SSL_kPSK,
-     SSL_aPSK,
-     SSL_AES256,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
-     },
-#endif                          /* OPENSSL_NO_PSK */
-
-#ifndef OPENSSL_NO_SEED
-    /* SEED ciphersuites from RFC4162 */
-
-    /* Cipher 96 */
-    {
-     1,
-     TLS1_TXT_RSA_WITH_SEED_SHA,
-     TLS1_CK_RSA_WITH_SEED_SHA,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_SEED,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_MEDIUM,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-    /* Cipher 97 */
-    {
-     0,                         /* not implemented (non-ephemeral DH) */
-     TLS1_TXT_DH_DSS_WITH_SEED_SHA,
-     TLS1_CK_DH_DSS_WITH_SEED_SHA,
-     SSL_kDHd,
-     SSL_aDH,
-     SSL_SEED,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_MEDIUM,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-    /* Cipher 98 */
-    {
-     0,                         /* not implemented (non-ephemeral DH) */
-     TLS1_TXT_DH_RSA_WITH_SEED_SHA,
-     TLS1_CK_DH_RSA_WITH_SEED_SHA,
-     SSL_kDHr,
-     SSL_aDH,
-     SSL_SEED,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_MEDIUM,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-    /* Cipher 99 */
-    {
-     1,
-     TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
-     TLS1_CK_DHE_DSS_WITH_SEED_SHA,
-     SSL_kEDH,
-     SSL_aDSS,
-     SSL_SEED,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_MEDIUM,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-    /* Cipher 9A */
-    {
-     1,
-     TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
-     TLS1_CK_DHE_RSA_WITH_SEED_SHA,
-     SSL_kEDH,
-     SSL_aRSA,
-     SSL_SEED,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_MEDIUM,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-    /* Cipher 9B */
-    {
-     1,
-     TLS1_TXT_ADH_WITH_SEED_SHA,
-     TLS1_CK_ADH_WITH_SEED_SHA,
-     SSL_kEDH,
-     SSL_aNULL,
-     SSL_SEED,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_MEDIUM,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-#endif                          /* OPENSSL_NO_SEED */
-
-    /* GCM ciphersuites from RFC5288 */
-
-    /* Cipher 9C */
-    {
-     1,
-     TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
-     TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_AES128GCM,
-     SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
-     128,
-     128,
-     },
-
-    /* Cipher 9D */
-    {
-     1,
-     TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
-     TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_AES256GCM,
-     SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
-     256,
-     256,
-     },
-
-    /* Cipher 9E */
-    {
-     1,
-     TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
-     TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
-     SSL_kEDH,
-     SSL_aRSA,
-     SSL_AES128GCM,
-     SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
-     128,
-     128,
-     },
-
-    /* Cipher 9F */
-    {
-     1,
-     TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
-     TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
-     SSL_kEDH,
-     SSL_aRSA,
-     SSL_AES256GCM,
-     SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
-     256,
-     256,
-     },
-
-    /* Cipher A0 */
-    {
-     0,
-     TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256,
-     TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256,
-     SSL_kDHr,
-     SSL_aDH,
-     SSL_AES128GCM,
-     SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
-     128,
-     128,
-     },
-
-    /* Cipher A1 */
-    {
-     0,
-     TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384,
-     TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384,
-     SSL_kDHr,
-     SSL_aDH,
-     SSL_AES256GCM,
-     SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
-     256,
-     256,
-     },
-
-    /* Cipher A2 */
-    {
-     1,
-     TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
-     TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
-     SSL_kEDH,
-     SSL_aDSS,
-     SSL_AES128GCM,
-     SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
-     128,
-     128,
-     },
-
-    /* Cipher A3 */
-    {
-     1,
-     TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
-     TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
-     SSL_kEDH,
-     SSL_aDSS,
-     SSL_AES256GCM,
-     SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
-     256,
-     256,
-     },
-
-    /* Cipher A4 */
-    {
-     0,
-     TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256,
-     TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256,
-     SSL_kDHd,
-     SSL_aDH,
-     SSL_AES128GCM,
-     SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
-     128,
-     128,
-     },
-
-    /* Cipher A5 */
-    {
-     0,
-     TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384,
-     TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384,
-     SSL_kDHd,
-     SSL_aDH,
-     SSL_AES256GCM,
-     SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
-     256,
-     256,
-     },
-
-    /* Cipher A6 */
-    {
-     1,
-     TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
-     TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
-     SSL_kEDH,
-     SSL_aNULL,
-     SSL_AES128GCM,
-     SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
-     128,
-     128,
-     },
-
-    /* Cipher A7 */
-    {
-     1,
-     TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
-     TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
-     SSL_kEDH,
-     SSL_aNULL,
-     SSL_AES256GCM,
-     SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
-     256,
-     256,
-     },
-
-#ifndef OPENSSL_NO_ECDH
-    /* Cipher C001 */
-    {
-     1,
-     TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
-     TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
-     SSL_kECDHe,
-     SSL_aECDH,
-     SSL_eNULL,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     0,
-     0,
-     },
-
-    /* Cipher C002 */
-    {
-     1,
-     TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
-     TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
-     SSL_kECDHe,
-     SSL_aECDH,
-     SSL_RC4,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_MEDIUM,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-    /* Cipher C003 */
-    {
-     1,
-     TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
-     TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
-     SSL_kECDHe,
-     SSL_aECDH,
-     SSL_3DES,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     112,
-     168,
-     },
-
-    /* Cipher C004 */
-    {
-     1,
-     TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
-     TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
-     SSL_kECDHe,
-     SSL_aECDH,
-     SSL_AES128,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-    /* Cipher C005 */
-    {
-     1,
-     TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
-     TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
-     SSL_kECDHe,
-     SSL_aECDH,
-     SSL_AES256,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
-     },
-
-    /* Cipher C006 */
-    {
-     1,
-     TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
-     TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
-     SSL_kEECDH,
-     SSL_aECDSA,
-     SSL_eNULL,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     0,
-     0,
-     },
-
-    /* Cipher C007 */
-    {
-     1,
-     TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
-     TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
-     SSL_kEECDH,
-     SSL_aECDSA,
-     SSL_RC4,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_MEDIUM,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-    /* Cipher C008 */
-    {
-     1,
-     TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
-     TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
-     SSL_kEECDH,
-     SSL_aECDSA,
-     SSL_3DES,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     112,
-     168,
-     },
-
-    /* Cipher C009 */
-    {
-     1,
-     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-     SSL_kEECDH,
-     SSL_aECDSA,
-     SSL_AES128,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-    /* Cipher C00A */
-    {
-     1,
-     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-     SSL_kEECDH,
-     SSL_aECDSA,
-     SSL_AES256,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
-     },
-
-    /* Cipher C00B */
-    {
-     1,
-     TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
-     TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
-     SSL_kECDHr,
-     SSL_aECDH,
-     SSL_eNULL,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     0,
-     0,
-     },
-
-    /* Cipher C00C */
-    {
-     1,
-     TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
-     TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
-     SSL_kECDHr,
-     SSL_aECDH,
-     SSL_RC4,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_MEDIUM,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-    /* Cipher C00D */
-    {
-     1,
-     TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
-     TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
-     SSL_kECDHr,
-     SSL_aECDH,
-     SSL_3DES,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     112,
-     168,
-     },
-
-    /* Cipher C00E */
-    {
-     1,
-     TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
-     TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
-     SSL_kECDHr,
-     SSL_aECDH,
-     SSL_AES128,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-    /* Cipher C00F */
-    {
-     1,
-     TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
-     TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
-     SSL_kECDHr,
-     SSL_aECDH,
-     SSL_AES256,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
-     },
-
-    /* Cipher C010 */
-    {
-     1,
-     TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
-     TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
-     SSL_kEECDH,
-     SSL_aRSA,
-     SSL_eNULL,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     0,
-     0,
-     },
-
-    /* Cipher C011 */
-    {
-     1,
-     TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
-     TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
-     SSL_kEECDH,
-     SSL_aRSA,
-     SSL_RC4,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_MEDIUM,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-    /* Cipher C012 */
-    {
-     1,
-     TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
-     TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
-     SSL_kEECDH,
-     SSL_aRSA,
-     SSL_3DES,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     112,
-     168,
-     },
-
-    /* Cipher C013 */
-    {
-     1,
-     TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-     TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-     SSL_kEECDH,
-     SSL_aRSA,
-     SSL_AES128,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-    /* Cipher C014 */
-    {
-     1,
-     TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-     TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-     SSL_kEECDH,
-     SSL_aRSA,
-     SSL_AES256,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
-     },
-
-    /* Cipher C015 */
-    {
-     1,
-     TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
-     TLS1_CK_ECDH_anon_WITH_NULL_SHA,
-     SSL_kEECDH,
-     SSL_aNULL,
-     SSL_eNULL,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     0,
-     0,
-     },
-
-    /* Cipher C016 */
-    {
-     1,
-     TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
-     TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
-     SSL_kEECDH,
-     SSL_aNULL,
-     SSL_RC4,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_MEDIUM,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-    /* Cipher C017 */
-    {
-     1,
-     TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
-     TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
-     SSL_kEECDH,
-     SSL_aNULL,
-     SSL_3DES,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     112,
-     168,
-     },
-
-    /* Cipher C018 */
-    {
-     1,
-     TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
-     TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
-     SSL_kEECDH,
-     SSL_aNULL,
-     SSL_AES128,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-    /* Cipher C019 */
-    {
-     1,
-     TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
-     TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
-     SSL_kEECDH,
-     SSL_aNULL,
-     SSL_AES256,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
-     },
-#endif                          /* OPENSSL_NO_ECDH */
-
-#ifndef OPENSSL_NO_SRP
-    /* Cipher C01A */
-    {
-     1,
-     TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
-     TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
-     SSL_kSRP,
-     SSL_aSRP,
-     SSL_3DES,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     112,
-     168,
-     },
-
-    /* Cipher C01B */
-    {
-     1,
-     TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
-     TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
-     SSL_kSRP,
-     SSL_aRSA,
-     SSL_3DES,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     112,
-     168,
-     },
-
-    /* Cipher C01C */
-    {
-     1,
-     TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
-     TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
-     SSL_kSRP,
-     SSL_aDSS,
-     SSL_3DES,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     112,
-     168,
-     },
-
-    /* Cipher C01D */
-    {
-     1,
-     TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
-     TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
-     SSL_kSRP,
-     SSL_aSRP,
-     SSL_AES128,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-    /* Cipher C01E */
-    {
-     1,
-     TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
-     TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
-     SSL_kSRP,
-     SSL_aRSA,
-     SSL_AES128,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-    /* Cipher C01F */
-    {
-     1,
-     TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
-     TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
-     SSL_kSRP,
-     SSL_aDSS,
-     SSL_AES128,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     128,
-     128,
-     },
-
-    /* Cipher C020 */
-    {
-     1,
-     TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
-     TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
-     SSL_kSRP,
-     SSL_aSRP,
-     SSL_AES256,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
-     },
-
-    /* Cipher C021 */
-    {
-     1,
-     TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
-     TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
-     SSL_kSRP,
-     SSL_aRSA,
-     SSL_AES256,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
-     },
-
-    /* Cipher C022 */
-    {
-     1,
-     TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
-     TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
-     SSL_kSRP,
-     SSL_aDSS,
-     SSL_AES256,
-     SSL_SHA1,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
-     },
-#endif                          /* OPENSSL_NO_SRP */
-#ifndef OPENSSL_NO_ECDH
-
-    /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
-
-    /* Cipher C023 */
-    {
-     1,
-     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
-     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
-     SSL_kEECDH,
-     SSL_aECDSA,
-     SSL_AES128,
-     SSL_SHA256,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
-     128,
-     128,
-     },
-
-    /* Cipher C024 */
-    {
-     1,
-     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
-     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
-     SSL_kEECDH,
-     SSL_aECDSA,
-     SSL_AES256,
-     SSL_SHA384,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
-     256,
-     256,
-     },
-
-    /* Cipher C025 */
-    {
-     1,
-     TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
-     TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
-     SSL_kECDHe,
-     SSL_aECDH,
-     SSL_AES128,
-     SSL_SHA256,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
-     128,
-     128,
-     },
-
-    /* Cipher C026 */
-    {
-     1,
-     TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
-     TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
-     SSL_kECDHe,
-     SSL_aECDH,
-     SSL_AES256,
-     SSL_SHA384,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
-     256,
-     256,
-     },
-
-    /* Cipher C027 */
-    {
-     1,
-     TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
-     TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
-     SSL_kEECDH,
-     SSL_aRSA,
-     SSL_AES128,
-     SSL_SHA256,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
-     128,
-     128,
-     },
-
-    /* Cipher C028 */
-    {
-     1,
-     TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
-     TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
-     SSL_kEECDH,
-     SSL_aRSA,
-     SSL_AES256,
-     SSL_SHA384,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
-     256,
-     256,
-     },
-
-    /* Cipher C029 */
-    {
-     1,
-     TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
-     TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
-     SSL_kECDHr,
-     SSL_aECDH,
-     SSL_AES128,
-     SSL_SHA256,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
-     128,
-     128,
-     },
-
-    /* Cipher C02A */
-    {
-     1,
-     TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
-     TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
-     SSL_kECDHr,
-     SSL_aECDH,
-     SSL_AES256,
-     SSL_SHA384,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
-     256,
-     256,
-     },
-
-    /* GCM based TLS v1.2 ciphersuites from RFC5289 */
-
-    /* Cipher C02B */
-    {
-     1,
-     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-     SSL_kEECDH,
-     SSL_aECDSA,
-     SSL_AES128GCM,
-     SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
-     128,
-     128,
-     },
-
-    /* Cipher C02C */
-    {
-     1,
-     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-     SSL_kEECDH,
-     SSL_aECDSA,
-     SSL_AES256GCM,
-     SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
-     256,
-     256,
-     },
-
-    /* Cipher C02D */
-    {
-     1,
-     TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
-     TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
-     SSL_kECDHe,
-     SSL_aECDH,
-     SSL_AES128GCM,
-     SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
-     128,
-     128,
-     },
-
-    /* Cipher C02E */
-    {
-     1,
-     TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
-     TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
-     SSL_kECDHe,
-     SSL_aECDH,
-     SSL_AES256GCM,
-     SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
-     256,
-     256,
-     },
-
-    /* Cipher C02F */
-    {
-     1,
-     TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-     TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-     SSL_kEECDH,
-     SSL_aRSA,
-     SSL_AES128GCM,
-     SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
-     128,
-     128,
-     },
-
-    /* Cipher C030 */
-    {
-     1,
-     TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-     TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-     SSL_kEECDH,
-     SSL_aRSA,
-     SSL_AES256GCM,
-     SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
-     256,
-     256,
-     },
-
-    /* Cipher C031 */
-    {
-     1,
-     TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
-     TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
-     SSL_kECDHr,
-     SSL_aECDH,
-     SSL_AES128GCM,
-     SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
-     128,
-     128,
-     },
-
-    /* Cipher C032 */
-    {
-     1,
-     TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
-     TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
-     SSL_kECDHr,
-     SSL_aECDH,
-     SSL_AES256GCM,
-     SSL_AEAD,
-     SSL_TLSV1_2,
-     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
-     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
-     256,
-     256,
-     },
-
-#endif                          /* OPENSSL_NO_ECDH */
-
-#ifdef TEMP_GOST_TLS
-/* Cipher FF00 */
-    {
-     1,
-     "GOST-MD5",
-     0x0300ff00,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_eGOST2814789CNT,
-     SSL_MD5,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256,
-     },
-    {
-     1,
-     "GOST-GOST94",
-     0x0300ff01,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_eGOST2814789CNT,
-     SSL_GOST94,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256},
-    {
-     1,
-     "GOST-GOST89MAC",
-     0x0300ff02,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_eGOST2814789CNT,
-     SSL_GOST89MAC,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
-     256,
-     256},
-    {
-     1,
-     "GOST-GOST89STREAM",
-     0x0300ff03,
-     SSL_kRSA,
-     SSL_aRSA,
-     SSL_eGOST2814789CNT,
-     SSL_GOST89MAC,
-     SSL_TLSV1,
-     SSL_NOT_EXP | SSL_HIGH,
-     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF | TLS1_STREAM_MAC,
-     256,
-     256},
-#endif
-
-/* end of list */
-};
-
-SSL3_ENC_METHOD SSLv3_enc_data = {
-    ssl3_enc,
-    n_ssl3_mac,
-    ssl3_setup_key_block,
-    ssl3_generate_master_secret,
-    ssl3_change_cipher_state,
-    ssl3_final_finish_mac,
-    MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
-    ssl3_cert_verify_mac,
-    SSL3_MD_CLIENT_FINISHED_CONST, 4,
-    SSL3_MD_SERVER_FINISHED_CONST, 4,
-    ssl3_alert_code,
-    (int (*)(SSL *, unsigned char *, size_t, const char *,
-             size_t, const unsigned char *, size_t,
-             int use_context))ssl_undefined_function,
-};
-
-long ssl3_default_timeout(void)
-{
-    /*
-     * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
-     * http, the cache would over fill
-     */
-    return (60 * 60 * 2);
-}
-
-int ssl3_num_ciphers(void)
-{
-    return (SSL3_NUM_CIPHERS);
-}
-
-const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
-{
-    if (u < SSL3_NUM_CIPHERS)
-        return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
-    else
-        return (NULL);
-}
-
-int ssl3_pending(const SSL *s)
-{
-    if (s->rstate == SSL_ST_READ_BODY)
-        return 0;
-
-    return (s->s3->rrec.type ==
-            SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
-}
-
-int ssl3_new(SSL *s)
-{
-    SSL3_STATE *s3;
-
-    if ((s3 = OPENSSL_malloc(sizeof *s3)) == NULL)
-        goto err;
-    memset(s3, 0, sizeof *s3);
-    memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num));
-    memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num));
-
-    s->s3 = s3;
-
-#ifndef OPENSSL_NO_SRP
-    SSL_SRP_CTX_init(s);
-#endif
-    s->method->ssl_clear(s);
-    return (1);
- err:
-    return (0);
-}
-
-void ssl3_free(SSL *s)
-{
-    if (s == NULL || s->s3 == NULL)
-        return;
-
-#ifdef TLSEXT_TYPE_opaque_prf_input
-    if (s->s3->client_opaque_prf_input != NULL)
-        OPENSSL_free(s->s3->client_opaque_prf_input);
-    if (s->s3->server_opaque_prf_input != NULL)
-        OPENSSL_free(s->s3->server_opaque_prf_input);
-#endif
-
-    ssl3_cleanup_key_block(s);
-    if (s->s3->rbuf.buf != NULL)
-        ssl3_release_read_buffer(s);
-    if (s->s3->wbuf.buf != NULL)
-        ssl3_release_write_buffer(s);
-    if (s->s3->rrec.comp != NULL)
-        OPENSSL_free(s->s3->rrec.comp);
-#ifndef OPENSSL_NO_DH
-    if (s->s3->tmp.dh != NULL)
-        DH_free(s->s3->tmp.dh);
-#endif
-#ifndef OPENSSL_NO_ECDH
-    if (s->s3->tmp.ecdh != NULL)
-        EC_KEY_free(s->s3->tmp.ecdh);
-#endif
-
-    if (s->s3->tmp.ca_names != NULL)
-        sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
-    if (s->s3->handshake_buffer) {
-        BIO_free(s->s3->handshake_buffer);
-    }
-    if (s->s3->handshake_dgst)
-        ssl3_free_digest_list(s);
-#ifndef OPENSSL_NO_SRP
-    SSL_SRP_CTX_free(s);
-#endif
-    OPENSSL_cleanse(s->s3, sizeof *s->s3);
-    OPENSSL_free(s->s3);
-    s->s3 = NULL;
-}
-
-void ssl3_clear(SSL *s)
-{
-    unsigned char *rp, *wp;
-    size_t rlen, wlen;
-    int init_extra;
-
-#ifdef TLSEXT_TYPE_opaque_prf_input
-    if (s->s3->client_opaque_prf_input != NULL)
-        OPENSSL_free(s->s3->client_opaque_prf_input);
-    s->s3->client_opaque_prf_input = NULL;
-    if (s->s3->server_opaque_prf_input != NULL)
-        OPENSSL_free(s->s3->server_opaque_prf_input);
-    s->s3->server_opaque_prf_input = NULL;
-#endif
-
-    ssl3_cleanup_key_block(s);
-    if (s->s3->tmp.ca_names != NULL)
-        sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
-
-    if (s->s3->rrec.comp != NULL) {
-        OPENSSL_free(s->s3->rrec.comp);
-        s->s3->rrec.comp = NULL;
-    }
-#ifndef OPENSSL_NO_DH
-    if (s->s3->tmp.dh != NULL) {
-        DH_free(s->s3->tmp.dh);
-        s->s3->tmp.dh = NULL;
-    }
-#endif
-#ifndef OPENSSL_NO_ECDH
-    if (s->s3->tmp.ecdh != NULL) {
-        EC_KEY_free(s->s3->tmp.ecdh);
-        s->s3->tmp.ecdh = NULL;
-    }
-#endif
-#ifndef OPENSSL_NO_TLSEXT
-# ifndef OPENSSL_NO_EC
-    s->s3->is_probably_safari = 0;
-# endif                         /* !OPENSSL_NO_EC */
-#endif                          /* !OPENSSL_NO_TLSEXT */
-
-    rp = s->s3->rbuf.buf;
-    wp = s->s3->wbuf.buf;
-    rlen = s->s3->rbuf.len;
-    wlen = s->s3->wbuf.len;
-    init_extra = s->s3->init_extra;
-    if (s->s3->handshake_buffer) {
-        BIO_free(s->s3->handshake_buffer);
-        s->s3->handshake_buffer = NULL;
-    }
-    if (s->s3->handshake_dgst) {
-        ssl3_free_digest_list(s);
-    }
-    memset(s->s3, 0, sizeof *s->s3);
-    s->s3->rbuf.buf = rp;
-    s->s3->wbuf.buf = wp;
-    s->s3->rbuf.len = rlen;
-    s->s3->wbuf.len = wlen;
-    s->s3->init_extra = init_extra;
-
-    ssl_free_wbio_buffer(s);
-
-    s->packet_length = 0;
-    s->s3->renegotiate = 0;
-    s->s3->total_renegotiations = 0;
-    s->s3->num_renegotiations = 0;
-    s->s3->in_read_app_data = 0;
-    s->version = SSL3_VERSION;
-
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
-    if (s->next_proto_negotiated) {
-        OPENSSL_free(s->next_proto_negotiated);
-        s->next_proto_negotiated = NULL;
-        s->next_proto_negotiated_len = 0;
-    }
-#endif
-}
-
-#ifndef OPENSSL_NO_SRP
-static char *MS_CALLBACK srp_password_from_info_cb(SSL *s, void *arg)
-{
-    return BUF_strdup(s->srp_ctx.info);
-}
-#endif
-
-long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
-{
-    int ret = 0;
-
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
-    if (
-# ifndef OPENSSL_NO_RSA
-           cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB ||
-# endif
-# ifndef OPENSSL_NO_DSA
-           cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB ||
-# endif
-           0) {
-        if (!ssl_cert_inst(&s->cert)) {
-            SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
-            return (0);
-        }
-    }
-#endif
-
-    switch (cmd) {
-    case SSL_CTRL_GET_SESSION_REUSED:
-        ret = s->hit;
-        break;
-    case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
-        break;
-    case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
-        ret = s->s3->num_renegotiations;
-        break;
-    case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
-        ret = s->s3->num_renegotiations;
-        s->s3->num_renegotiations = 0;
-        break;
-    case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
-        ret = s->s3->total_renegotiations;
-        break;
-    case SSL_CTRL_GET_FLAGS:
-        ret = (int)(s->s3->flags);
-        break;
-#ifndef OPENSSL_NO_RSA
-    case SSL_CTRL_NEED_TMP_RSA:
-        if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
-            ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
-             (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) >
-              (512 / 8))))
-            ret = 1;
-        break;
-    case SSL_CTRL_SET_TMP_RSA:
-        {
-            RSA *rsa = (RSA *)parg;
-            if (rsa == NULL) {
-                SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-                return (ret);
-            }
-            if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) {
-                SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
-                return (ret);
-            }
-            if (s->cert->rsa_tmp != NULL)
-                RSA_free(s->cert->rsa_tmp);
-            s->cert->rsa_tmp = rsa;
-            ret = 1;
-        }
-        break;
-    case SSL_CTRL_SET_TMP_RSA_CB:
-        {
-            SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-            return (ret);
-        }
-        break;
-#endif
-#ifndef OPENSSL_NO_DH
-    case SSL_CTRL_SET_TMP_DH:
-        {
-            DH *dh = (DH *)parg;
-            if (dh == NULL) {
-                SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-                return (ret);
-            }
-            if ((dh = DHparams_dup(dh)) == NULL) {
-                SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
-                return (ret);
-            }
-            if (!(s->options & SSL_OP_SINGLE_DH_USE)) {
-                if (!DH_generate_key(dh)) {
-                    DH_free(dh);
-                    SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
-                    return (ret);
-                }
-            }
-            if (s->cert->dh_tmp != NULL)
-                DH_free(s->cert->dh_tmp);
-            s->cert->dh_tmp = dh;
-            ret = 1;
-        }
-        break;
-    case SSL_CTRL_SET_TMP_DH_CB:
-        {
-            SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-            return (ret);
-        }
-        break;
-#endif
-#ifndef OPENSSL_NO_ECDH
-    case SSL_CTRL_SET_TMP_ECDH:
-        {
-            EC_KEY *ecdh = NULL;
-
-            if (parg == NULL) {
-                SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-                return (ret);
-            }
-            if (!EC_KEY_up_ref((EC_KEY *)parg)) {
-                SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB);
-                return (ret);
-            }
-            ecdh = (EC_KEY *)parg;
-            if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) {
-                if (!EC_KEY_generate_key(ecdh)) {
-                    EC_KEY_free(ecdh);
-                    SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB);
-                    return (ret);
-                }
-            }
-            if (s->cert->ecdh_tmp != NULL)
-                EC_KEY_free(s->cert->ecdh_tmp);
-            s->cert->ecdh_tmp = ecdh;
-            ret = 1;
-        }
-        break;
-    case SSL_CTRL_SET_TMP_ECDH_CB:
-        {
-            SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-            return (ret);
-        }
-        break;
-#endif                          /* !OPENSSL_NO_ECDH */
-#ifndef OPENSSL_NO_TLSEXT
-    case SSL_CTRL_SET_TLSEXT_HOSTNAME:
-        if (larg == TLSEXT_NAMETYPE_host_name) {
-            if (s->tlsext_hostname != NULL)
-                OPENSSL_free(s->tlsext_hostname);
-            s->tlsext_hostname = NULL;
-
-            ret = 1;
-            if (parg == NULL)
-                break;
-            if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) {
-                SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
-                return 0;
-            }
-            if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL) {
-                SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
-                return 0;
-            }
-        } else {
-            SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
-            return 0;
-        }
-        break;
-    case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
-        s->tlsext_debug_arg = parg;
-        ret = 1;
-        break;
-
-# ifdef TLSEXT_TYPE_opaque_prf_input
-    case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
-        if (larg > 12288) {     /* actual internal limit is 2^16 for the
-                                 * complete hello message * (including the
-                                 * cert chain and everything) */
-            SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
-            break;
-        }
-        if (s->tlsext_opaque_prf_input != NULL)
-            OPENSSL_free(s->tlsext_opaque_prf_input);
-        if ((size_t)larg == 0)
-            s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte
-                                                             * just to get
-                                                             * non-NULL */
-        else
-            s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
-        if (s->tlsext_opaque_prf_input != NULL) {
-            s->tlsext_opaque_prf_input_len = (size_t)larg;
-            ret = 1;
-        } else
-            s->tlsext_opaque_prf_input_len = 0;
-        break;
-# endif
-
-    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
-        s->tlsext_status_type = larg;
-        ret = 1;
-        break;
-
-    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
-        *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
-        ret = 1;
-        break;
-
-    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
-        s->tlsext_ocsp_exts = parg;
-        ret = 1;
-        break;
-
-    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
-        *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
-        ret = 1;
-        break;
-
-    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
-        s->tlsext_ocsp_ids = parg;
-        ret = 1;
-        break;
-
-    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
-        *(unsigned char **)parg = s->tlsext_ocsp_resp;
-        return s->tlsext_ocsp_resplen;
-
-    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
-        if (s->tlsext_ocsp_resp)
-            OPENSSL_free(s->tlsext_ocsp_resp);
-        s->tlsext_ocsp_resp = parg;
-        s->tlsext_ocsp_resplen = larg;
-        ret = 1;
-        break;
-
-# ifndef OPENSSL_NO_HEARTBEATS
-    case SSL_CTRL_TLS_EXT_SEND_HEARTBEAT:
-        if (SSL_version(s) == DTLS1_VERSION
-            || SSL_version(s) == DTLS1_BAD_VER)
-            ret = dtls1_heartbeat(s);
-        else
-            ret = tls1_heartbeat(s);
-        break;
-
-    case SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING:
-        ret = s->tlsext_hb_pending;
-        break;
-
-    case SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS:
-        if (larg)
-            s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
-        else
-            s->tlsext_heartbeat &= ~SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
-        ret = 1;
-        break;
-# endif
-
-#endif                          /* !OPENSSL_NO_TLSEXT */
-
-    case SSL_CTRL_CHECK_PROTO_VERSION:
-        /*
-         * For library-internal use; checks that the current protocol is the
-         * highest enabled version (according to s->ctx->method, as version
-         * negotiation may have changed s->method).
-         */
-        if (s->version == s->ctx->method->version)
-            return 1;
-        /*
-         * Apparently we're using a version-flexible SSL_METHOD (not at its
-         * highest protocol version).
-         */
-        if (s->ctx->method->version == SSLv23_method()->version) {
-#if TLS_MAX_VERSION != TLS1_2_VERSION
-# error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION.
-#endif
-            if (!(s->options & SSL_OP_NO_TLSv1_2))
-                return s->version == TLS1_2_VERSION;
-            if (!(s->options & SSL_OP_NO_TLSv1_1))
-                return s->version == TLS1_1_VERSION;
-            if (!(s->options & SSL_OP_NO_TLSv1))
-                return s->version == TLS1_VERSION;
-            if (!(s->options & SSL_OP_NO_SSLv3))
-                return s->version == SSL3_VERSION;
-            if (!(s->options & SSL_OP_NO_SSLv2))
-                return s->version == SSL2_VERSION;
-        }
-        return 0;               /* Unexpected state; fail closed. */
-
-    default:
-        break;
-    }
-    return (ret);
-}
-
-long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
-{
-    int ret = 0;
-
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
-    if (
-# ifndef OPENSSL_NO_RSA
-           cmd == SSL_CTRL_SET_TMP_RSA_CB ||
-# endif
-# ifndef OPENSSL_NO_DSA
-           cmd == SSL_CTRL_SET_TMP_DH_CB ||
-# endif
-           0) {
-        if (!ssl_cert_inst(&s->cert)) {
-            SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
-            return (0);
-        }
-    }
-#endif
-
-    switch (cmd) {
-#ifndef OPENSSL_NO_RSA
-    case SSL_CTRL_SET_TMP_RSA_CB:
-        {
-            s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
-        }
-        break;
-#endif
-#ifndef OPENSSL_NO_DH
-    case SSL_CTRL_SET_TMP_DH_CB:
-        {
-            s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
-        }
-        break;
-#endif
-#ifndef OPENSSL_NO_ECDH
-    case SSL_CTRL_SET_TMP_ECDH_CB:
-        {
-            s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
-        }
-        break;
-#endif
-#ifndef OPENSSL_NO_TLSEXT
-    case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
-        s->tlsext_debug_cb = (void (*)(SSL *, int, int,
-                                       unsigned char *, int, void *))fp;
-        break;
-#endif
-    default:
-        break;
-    }
-    return (ret);
-}
-
-long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
-{
-    CERT *cert;
-
-    cert = ctx->cert;
-
-    switch (cmd) {
-#ifndef OPENSSL_NO_RSA
-    case SSL_CTRL_NEED_TMP_RSA:
-        if ((cert->rsa_tmp == NULL) &&
-            ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
-             (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) >
-              (512 / 8)))
-            )
-            return (1);
-        else
-            return (0);
-        /* break; */
-    case SSL_CTRL_SET_TMP_RSA:
-        {
-            RSA *rsa;
-            int i;
-
-            rsa = (RSA *)parg;
-            i = 1;
-            if (rsa == NULL)
-                i = 0;
-            else {
-                if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
-                    i = 0;
-            }
-            if (!i) {
-                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_RSA_LIB);
-                return (0);
-            } else {
-                if (cert->rsa_tmp != NULL)
-                    RSA_free(cert->rsa_tmp);
-                cert->rsa_tmp = rsa;
-                return (1);
-            }
-        }
-        /* break; */
-    case SSL_CTRL_SET_TMP_RSA_CB:
-        {
-            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-            return (0);
-        }
-        break;
-#endif
-#ifndef OPENSSL_NO_DH
-    case SSL_CTRL_SET_TMP_DH:
-        {
-            DH *new = NULL, *dh;
-
-            dh = (DH *)parg;
-            if ((new = DHparams_dup(dh)) == NULL) {
-                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
-                return 0;
-            }
-            if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) {
-                if (!DH_generate_key(new)) {
-                    SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
-                    DH_free(new);
-                    return 0;
-                }
-            }
-            if (cert->dh_tmp != NULL)
-                DH_free(cert->dh_tmp);
-            cert->dh_tmp = new;
-            return 1;
-        }
-        /*
-         * break;
-         */
-    case SSL_CTRL_SET_TMP_DH_CB:
-        {
-            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-            return (0);
-        }
-        break;
-#endif
-#ifndef OPENSSL_NO_ECDH
-    case SSL_CTRL_SET_TMP_ECDH:
-        {
-            EC_KEY *ecdh = NULL;
-
-            if (parg == NULL) {
-                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB);
-                return 0;
-            }
-            ecdh = EC_KEY_dup((EC_KEY *)parg);
-            if (ecdh == NULL) {
-                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_EC_LIB);
-                return 0;
-            }
-            if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) {
-                if (!EC_KEY_generate_key(ecdh)) {
-                    EC_KEY_free(ecdh);
-                    SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB);
-                    return 0;
-                }
-            }
-
-            if (cert->ecdh_tmp != NULL) {
-                EC_KEY_free(cert->ecdh_tmp);
-            }
-            cert->ecdh_tmp = ecdh;
-            return 1;
-        }
-        /* break; */
-    case SSL_CTRL_SET_TMP_ECDH_CB:
-        {
-            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-            return (0);
-        }
-        break;
-#endif                          /* !OPENSSL_NO_ECDH */
-#ifndef OPENSSL_NO_TLSEXT
-    case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
-        ctx->tlsext_servername_arg = parg;
-        break;
-    case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
-    case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
-        {
-            unsigned char *keys = parg;
-            if (!keys)
-                return 48;
-            if (larg != 48) {
-                SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
-                return 0;
-            }
-            if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
-                memcpy(ctx->tlsext_tick_key_name, keys, 16);
-                memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
-                memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
-            } else {
-                memcpy(keys, ctx->tlsext_tick_key_name, 16);
-                memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
-                memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
-            }
-            return 1;
-        }
-
-# ifdef TLSEXT_TYPE_opaque_prf_input
-    case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
-        ctx->tlsext_opaque_prf_input_callback_arg = parg;
-        return 1;
-# endif
-
-    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
-        ctx->tlsext_status_arg = parg;
-        return 1;
-        break;
-
-# ifndef OPENSSL_NO_SRP
-    case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
-        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
-        if (ctx->srp_ctx.login != NULL)
-            OPENSSL_free(ctx->srp_ctx.login);
-        ctx->srp_ctx.login = NULL;
-        if (parg == NULL)
-            break;
-        if (strlen((const char *)parg) > 255
-            || strlen((const char *)parg) < 1) {
-            SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
-            return 0;
-        }
-        if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL) {
-            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
-            return 0;
-        }
-        break;
-    case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
-        ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
-            srp_password_from_info_cb;
-        ctx->srp_ctx.info = parg;
-        break;
-    case SSL_CTRL_SET_SRP_ARG:
-        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
-        ctx->srp_ctx.SRP_cb_arg = parg;
-        break;
-
-    case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
-        ctx->srp_ctx.strength = larg;
-        break;
-# endif
-#endif                          /* !OPENSSL_NO_TLSEXT */
-
-        /* A Thawte special :-) */
-    case SSL_CTRL_EXTRA_CHAIN_CERT:
-        if (ctx->extra_certs == NULL) {
-            if ((ctx->extra_certs = sk_X509_new_null()) == NULL)
-                return (0);
-        }
-        sk_X509_push(ctx->extra_certs, (X509 *)parg);
-        break;
-
-    case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
-        *(STACK_OF(X509) **)parg = ctx->extra_certs;
-        break;
-
-    case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
-        if (ctx->extra_certs) {
-            sk_X509_pop_free(ctx->extra_certs, X509_free);
-            ctx->extra_certs = NULL;
-        }
-        break;
-
-    default:
-        return (0);
-    }
-    return (1);
-}
-
-long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
-{
-    CERT *cert;
-
-    cert = ctx->cert;
-
-    switch (cmd) {
-#ifndef OPENSSL_NO_RSA
-    case SSL_CTRL_SET_TMP_RSA_CB:
-        {
-            cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
-        }
-        break;
-#endif
-#ifndef OPENSSL_NO_DH
-    case SSL_CTRL_SET_TMP_DH_CB:
-        {
-            cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
-        }
-        break;
-#endif
-#ifndef OPENSSL_NO_ECDH
-    case SSL_CTRL_SET_TMP_ECDH_CB:
-        {
-            cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
-        }
-        break;
-#endif
-#ifndef OPENSSL_NO_TLSEXT
-    case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
-        ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp;
-        break;
-
-# ifdef TLSEXT_TYPE_opaque_prf_input
-    case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
-        ctx->tlsext_opaque_prf_input_callback =
-            (int (*)(SSL *, void *, size_t, void *))fp;
-        break;
-# endif
-
-    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
-        ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
-        break;
-
-    case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
-        ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *,
-                                             unsigned char *,
-                                             EVP_CIPHER_CTX *,
-                                             HMAC_CTX *, int))fp;
-        break;
-
-# ifndef OPENSSL_NO_SRP
-    case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
-        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
-        ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
-        break;
-    case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
-        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
-        ctx->srp_ctx.TLS_ext_srp_username_callback =
-            (int (*)(SSL *, int *, void *))fp;
-        break;
-    case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
-        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
-        ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
-            (char *(*)(SSL *, void *))fp;
-        break;
-# endif
-#endif
-
-    default:
-        return (0);
-    }
-    return (1);
-}
-
-/*
- * This function needs to check if the ciphers required are actually
- * available
- */
-const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
-{
-    SSL_CIPHER c;
-    const SSL_CIPHER *cp;
-    unsigned long id;
-
-    id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1];
-    c.id = id;
-    cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
-#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
-    if (cp == NULL)
-        fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]);
-#endif
-    if (cp == NULL || cp->valid == 0)
-        return NULL;
-    else
-        return cp;
-}
-
-int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
-{
-    long l;
-
-    if (p != NULL) {
-        l = c->id;
-        if ((l & 0xff000000) != 0x03000000)
-            return (0);
-        p[0] = ((unsigned char)(l >> 8L)) & 0xFF;
-        p[1] = ((unsigned char)(l)) & 0xFF;
-    }
-    return (2);
-}
-
-SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
-                               STACK_OF(SSL_CIPHER) *srvr)
-{
-    SSL_CIPHER *c, *ret = NULL;
-    STACK_OF(SSL_CIPHER) *prio, *allow;
-    int i, ii, ok;
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
-    unsigned int j;
-    int ec_ok, ec_nid;
-    unsigned char ec_search1 = 0, ec_search2 = 0;
-#endif
-    CERT *cert;
-    unsigned long alg_k, alg_a, mask_k, mask_a, emask_k, emask_a;
-
-    /* Let's see which ciphers we can support */
-    cert = s->cert;
-
-#if 0
-    /*
-     * Do not set the compare functions, because this may lead to a
-     * reordering by "id". We want to keep the original ordering. We may pay
-     * a price in performance during sk_SSL_CIPHER_find(), but would have to
-     * pay with the price of sk_SSL_CIPHER_dup().
-     */
-    sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
-    sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
-#endif
-
-#ifdef CIPHER_DEBUG
-    fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
-            (void *)srvr);
-    for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
-        c = sk_SSL_CIPHER_value(srvr, i);
-        fprintf(stderr, "%p:%s\n", (void *)c, c->name);
-    }
-    fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
-            (void *)clnt);
-    for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
-        c = sk_SSL_CIPHER_value(clnt, i);
-        fprintf(stderr, "%p:%s\n", (void *)c, c->name);
-    }
-#endif
-
-    if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
-        prio = srvr;
-        allow = clnt;
-    } else {
-        prio = clnt;
-        allow = srvr;
-    }
-
-    for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
-        c = sk_SSL_CIPHER_value(prio, i);
-
-        /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
-        if ((c->algorithm_ssl & SSL_TLSV1_2) &&
-            (TLS1_get_version(s) < TLS1_2_VERSION))
-            continue;
-
-        ssl_set_cert_masks(cert, c);
-        mask_k = cert->mask_k;
-        mask_a = cert->mask_a;
-        emask_k = cert->export_mask_k;
-        emask_a = cert->export_mask_a;
-#ifndef OPENSSL_NO_SRP
-        if (s->srp_ctx.srp_Mask & SSL_kSRP) {
-            mask_k |= SSL_kSRP;
-            emask_k |= SSL_kSRP;
-            mask_a |= SSL_aSRP;
-            emask_a |= SSL_aSRP;
-        }
-#endif
-
-#ifdef KSSL_DEBUG
-        /*
-         * fprintf(stderr,"ssl3_choose_cipher %d alg= %lx\n",
-         * i,c->algorithms);
-         */
-#endif                          /* KSSL_DEBUG */
-
-        alg_k = c->algorithm_mkey;
-        alg_a = c->algorithm_auth;
-
-#ifndef OPENSSL_NO_KRB5
-        if (alg_k & SSL_kKRB5) {
-            if (!kssl_keytab_is_available(s->kssl_ctx))
-                continue;
-        }
-#endif                          /* OPENSSL_NO_KRB5 */
-#ifndef OPENSSL_NO_PSK
-        /* with PSK there must be server callback set */
-        if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
-            continue;
-#endif                          /* OPENSSL_NO_PSK */
-
-        if (SSL_C_IS_EXPORT(c)) {
-            ok = (alg_k & emask_k) && (alg_a & emask_a);
-#ifdef CIPHER_DEBUG
-            fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",
-                    ok, alg_k, alg_a, emask_k, emask_a, (void *)c, c->name);
-#endif
-        } else {
-            ok = (alg_k & mask_k) && (alg_a & mask_a);
-#ifdef CIPHER_DEBUG
-            fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
-                    alg_a, mask_k, mask_a, (void *)c, c->name);
-#endif
-        }
-
-#ifndef OPENSSL_NO_TLSEXT
-# ifndef OPENSSL_NO_EC
-        if (
-               /*
-                * if we are considering an ECC cipher suite that uses our
-                * certificate
-                */
-               (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
-               /* and we have an ECC certificate */
-               && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
-               /*
-                * and the client specified a Supported Point Formats
-                * extension
-                */
-               && ((s->session->tlsext_ecpointformatlist_length > 0)
-                   && (s->session->tlsext_ecpointformatlist != NULL))
-               /* and our certificate's point is compressed */
-               && ((s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
-                   && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key !=
-                       NULL)
-                   && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->
-                       key->public_key != NULL)
-                   && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->
-                       key->public_key->data != NULL)
-                   &&
-                   ((*
-                     (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->
-                      key->public_key->data) == POINT_CONVERSION_COMPRESSED)
-                    ||
-                    (*
-                     (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->
-                      key->public_key->data) ==
-                     POINT_CONVERSION_COMPRESSED + 1)
-                   )
-               )
-            ) {
-            ec_ok = 0;
-            /*
-             * if our certificate's curve is over a field type that the
-             * client does not support then do not allow this cipher suite to
-             * be negotiated
-             */
-            if ((s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
-                && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group !=
-                    NULL)
-                && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->
-                    group->meth != NULL)
-                &&
-                (EC_METHOD_get_field_type
-                 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->
-                  group->meth) == NID_X9_62_prime_field)
-                ) {
-                for (j = 0; j < s->session->tlsext_ecpointformatlist_length;
-                     j++) {
-                    if (s->session->tlsext_ecpointformatlist[j] ==
-                        TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime) {
-                        ec_ok = 1;
-                        break;
-                    }
-                }
-            } else
-                if (EC_METHOD_get_field_type
-                    (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->
-                     group->meth) == NID_X9_62_characteristic_two_field) {
-                for (j = 0; j < s->session->tlsext_ecpointformatlist_length;
-                     j++) {
-                    if (s->session->tlsext_ecpointformatlist[j] ==
-                        TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2) {
-                        ec_ok = 1;
-                        break;
-                    }
-                }
-            }
-            ok = ok && ec_ok;
-        }
-        if (
-               /*
-                * if we are considering an ECC cipher suite that uses our
-                * certificate
-                */
-               (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
-               /* and we have an ECC certificate */
-               && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
-               /*
-                * and the client specified an EllipticCurves extension
-                */
-               && ((s->session->tlsext_ellipticcurvelist_length > 0)
-                   && (s->session->tlsext_ellipticcurvelist != NULL))
-            ) {
-            ec_ok = 0;
-            if ((s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
-                && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group !=
-                    NULL)
-                ) {
-                ec_nid =
-                    EC_GROUP_get_curve_name(s->cert->
-                                            pkeys[SSL_PKEY_ECC].privatekey->
-                                            pkey.ec->group);
-                if ((ec_nid == 0)
-                    && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.
-                        ec->group->meth != NULL)
-                    ) {
-                    if (EC_METHOD_get_field_type
-                        (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.
-                         ec->group->meth) == NID_X9_62_prime_field) {
-                        ec_search1 = 0xFF;
-                        ec_search2 = 0x01;
-                    } else
-                        if (EC_METHOD_get_field_type
-                            (s->cert->pkeys[SSL_PKEY_ECC].privatekey->
-                             pkey.ec->group->meth) ==
-                            NID_X9_62_characteristic_two_field) {
-                        ec_search1 = 0xFF;
-                        ec_search2 = 0x02;
-                    }
-                } else {
-                    ec_search1 = 0x00;
-                    ec_search2 = tls1_ec_nid2curve_id(ec_nid);
-                }
-                if ((ec_search1 != 0) || (ec_search2 != 0)) {
-                    for (j = 0;
-                         j < s->session->tlsext_ellipticcurvelist_length / 2;
-                         j++) {
-                        if ((s->session->tlsext_ellipticcurvelist[2 * j] ==
-                             ec_search1)
-                            && (s->session->tlsext_ellipticcurvelist[2 * j +
-                                                                     1] ==
-                                ec_search2)) {
-                            ec_ok = 1;
-                            break;
-                        }
-                    }
-                }
-            }
-            ok = ok && ec_ok;
-        }
-#  ifndef OPENSSL_NO_ECDH
-        if (
-               /*
-                * if we are considering an ECC cipher suite that uses an
-                * ephemeral EC key
-                */
-               (alg_k & SSL_kEECDH)
-               /* and we have an ephemeral EC key */
-               && (s->cert->ecdh_tmp != NULL)
-               /*
-                * and the client specified an EllipticCurves extension
-                */
-               && ((s->session->tlsext_ellipticcurvelist_length > 0)
-                   && (s->session->tlsext_ellipticcurvelist != NULL))
-            ) {
-            ec_ok = 0;
-            if (s->cert->ecdh_tmp->group != NULL) {
-                ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group);
-                if ((ec_nid == 0)
-                    && (s->cert->ecdh_tmp->group->meth != NULL)
-                    ) {
-                    if (EC_METHOD_get_field_type
-                        (s->cert->ecdh_tmp->group->meth) ==
-                        NID_X9_62_prime_field) {
-                        ec_search1 = 0xFF;
-                        ec_search2 = 0x01;
-                    } else
-                        if (EC_METHOD_get_field_type
-                            (s->cert->ecdh_tmp->group->meth) ==
-                            NID_X9_62_characteristic_two_field) {
-                        ec_search1 = 0xFF;
-                        ec_search2 = 0x02;
-                    }
-                } else {
-                    ec_search1 = 0x00;
-                    ec_search2 = tls1_ec_nid2curve_id(ec_nid);
-                }
-                if ((ec_search1 != 0) || (ec_search2 != 0)) {
-                    for (j = 0;
-                         j < s->session->tlsext_ellipticcurvelist_length / 2;
-                         j++) {
-                        if ((s->session->tlsext_ellipticcurvelist[2 * j] ==
-                             ec_search1)
-                            && (s->session->tlsext_ellipticcurvelist[2 * j +
-                                                                     1] ==
-                                ec_search2)) {
-                            ec_ok = 1;
-                            break;
-                        }
-                    }
-                }
-            }
-            ok = ok && ec_ok;
-        }
-#  endif                        /* OPENSSL_NO_ECDH */
-# endif                         /* OPENSSL_NO_EC */
-#endif                          /* OPENSSL_NO_TLSEXT */
-
-        if (!ok)
-            continue;
-        ii = sk_SSL_CIPHER_find(allow, c);
-        if (ii >= 0) {
-#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
-            if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA)
-                && s->s3->is_probably_safari) {
-                if (!ret)
-                    ret = sk_SSL_CIPHER_value(allow, ii);
-                continue;
-            }
-#endif
-            ret = sk_SSL_CIPHER_value(allow, ii);
-            break;
-        }
-    }
-    return (ret);
-}
-
-int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
-{
-    int ret = 0;
-    unsigned long alg_k;
-
-    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-
-#ifndef OPENSSL_NO_GOST
-    if (s->version >= TLS1_VERSION) {
-        if (alg_k & SSL_kGOST) {
-            p[ret++] = TLS_CT_GOST94_SIGN;
-            p[ret++] = TLS_CT_GOST01_SIGN;
-            return (ret);
-        }
-    }
-#endif
-
-#ifndef OPENSSL_NO_DH
-    if (alg_k & (SSL_kDHr | SSL_kEDH)) {
-# ifndef OPENSSL_NO_RSA
-        p[ret++] = SSL3_CT_RSA_FIXED_DH;
-# endif
-# ifndef OPENSSL_NO_DSA
-        p[ret++] = SSL3_CT_DSS_FIXED_DH;
-# endif
-    }
-    if ((s->version == SSL3_VERSION) &&
-        (alg_k & (SSL_kEDH | SSL_kDHd | SSL_kDHr))) {
-# ifndef OPENSSL_NO_RSA
-        p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
-# endif
-# ifndef OPENSSL_NO_DSA
-        p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
-# endif
-    }
-#endif                          /* !OPENSSL_NO_DH */
-#ifndef OPENSSL_NO_RSA
-    p[ret++] = SSL3_CT_RSA_SIGN;
-#endif
-#ifndef OPENSSL_NO_DSA
-    p[ret++] = SSL3_CT_DSS_SIGN;
-#endif
-#ifndef OPENSSL_NO_ECDH
-    if ((alg_k & (SSL_kECDHr | SSL_kECDHe)) && (s->version >= TLS1_VERSION)) {
-        p[ret++] = TLS_CT_RSA_FIXED_ECDH;
-        p[ret++] = TLS_CT_ECDSA_FIXED_ECDH;
-    }
-#endif
-
-#ifndef OPENSSL_NO_ECDSA
-    /*
-     * ECDSA certs can be used with RSA cipher suites as well so we don't
-     * need to check for SSL_kECDH or SSL_kEECDH
-     */
-    if (s->version >= TLS1_VERSION) {
-        p[ret++] = TLS_CT_ECDSA_SIGN;
-    }
-#endif
-    return (ret);
-}
-
-int ssl3_shutdown(SSL *s)
-{
-    int ret;
-
-    /*
-     * Don't do anything much if we have not done the handshake or we don't
-     * want to send messages :-)
-     */
-    if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) {
-        s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
-        return (1);
-    }
-
-    if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
-        s->shutdown |= SSL_SENT_SHUTDOWN;
-#if 1
-        ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
-#endif
-        /*
-         * our shutdown alert has been sent now, and if it still needs to be
-         * written, s->s3->alert_dispatch will be true
-         */
-        if (s->s3->alert_dispatch)
-            return (-1);        /* return WANT_WRITE */
-    } else if (s->s3->alert_dispatch) {
-        /* resend it if not sent */
-#if 1
-        ret = s->method->ssl_dispatch_alert(s);
-        if (ret == -1) {
-            /*
-             * we only get to return -1 here the 2nd/Nth invocation, we must
-             * have already signalled return 0 upon a previous invoation,
-             * return WANT_WRITE
-             */
-            return (ret);
-        }
-#endif
-    } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
-        /*
-         * If we are waiting for a close from our peer, we are closed
-         */
-        s->method->ssl_read_bytes(s, 0, NULL, 0, 0);
-        if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
-            return (-1);        /* return WANT_READ */
-        }
-    }
-
-    if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
-        !s->s3->alert_dispatch)
-        return (1);
-    else
-        return (0);
-}
-
-int ssl3_write(SSL *s, const void *buf, int len)
-{
-    int ret, n;
-
-#if 0
-    if (s->shutdown & SSL_SEND_SHUTDOWN) {
-        s->rwstate = SSL_NOTHING;
-        return (0);
-    }
-#endif
-    clear_sys_error();
-    if (s->s3->renegotiate)
-        ssl3_renegotiate_check(s);
-
-    /*
-     * This is an experimental flag that sends the last handshake message in
-     * the same packet as the first use data - used to see if it helps the
-     * TCP protocol during session-id reuse
-     */
-    /* The second test is because the buffer may have been removed */
-    if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) {
-        /* First time through, we write into the buffer */
-        if (s->s3->delay_buf_pop_ret == 0) {
-            ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len);
-            if (ret <= 0)
-                return (ret);
-
-            s->s3->delay_buf_pop_ret = ret;
-        }
-
-        s->rwstate = SSL_WRITING;
-        n = BIO_flush(s->wbio);
-        if (n <= 0)
-            return (n);
-        s->rwstate = SSL_NOTHING;
-
-        /* We have flushed the buffer, so remove it */
-        ssl_free_wbio_buffer(s);
-        s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
-
-        ret = s->s3->delay_buf_pop_ret;
-        s->s3->delay_buf_pop_ret = 0;
-    } else {
-        ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
-                                         buf, len);
-        if (ret <= 0)
-            return (ret);
-    }
-
-    return (ret);
-}
-
-static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
-{
-    int ret;
-
-    clear_sys_error();
-    if (s->s3->renegotiate)
-        ssl3_renegotiate_check(s);
-    s->s3->in_read_app_data = 1;
-    ret =
-        s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
-                                  peek);
-    if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
-        /*
-         * ssl3_read_bytes decided to call s->handshake_func, which called
-         * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
-         * actually found application data and thinks that application data
-         * makes sense here; so disable handshake processing and try to read
-         * application data again.
-         */
-        s->in_handshake++;
-        ret =
-            s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
-                                      peek);
-        s->in_handshake--;
-    } else
-        s->s3->in_read_app_data = 0;
-
-    return (ret);
-}
-
-int ssl3_read(SSL *s, void *buf, int len)
-{
-    return ssl3_read_internal(s, buf, len, 0);
-}
-
-int ssl3_peek(SSL *s, void *buf, int len)
-{
-    return ssl3_read_internal(s, buf, len, 1);
-}
-
-int ssl3_renegotiate(SSL *s)
-{
-    if (s->handshake_func == NULL)
-        return (1);
-
-    if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
-        return (0);
-
-    s->s3->renegotiate = 1;
-    return (1);
-}
-
-int ssl3_renegotiate_check(SSL *s)
-{
-    int ret = 0;
-
-    if (s->s3->renegotiate) {
-        if ((s->s3->rbuf.left == 0) &&
-            (s->s3->wbuf.left == 0) && !SSL_in_init(s)) {
-            /*
-             * if we are the server, and we have sent a 'RENEGOTIATE'
-             * message, we need to go to SSL_ST_ACCEPT.
-             */
-            /* SSL_ST_ACCEPT */
-            s->state = SSL_ST_RENEGOTIATE;
-            s->s3->renegotiate = 0;
-            s->s3->num_renegotiations++;
-            s->s3->total_renegotiations++;
-            ret = 1;
-        }
-    }
-    return (ret);
-}
-
-/*
- * If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch
- * to new SHA256 PRF and handshake macs
- */
-long ssl_get_algorithm2(SSL *s)
-{
-    long alg2 = s->s3->tmp.new_cipher->algorithm2;
-    if (s->method->version == TLS1_2_VERSION &&
-        alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
-        return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
-    return alg2;
-}

Copied: vendor-crypto/openssl/1.0.1u/ssl/s3_lib.c (from rev 11605, vendor-crypto/openssl/dist/ssl/s3_lib.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/ssl/s3_lib.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/ssl/s3_lib.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,4366 @@
+/* ssl/s3_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * ECC cipher suite support in OpenSSL originally written by
+ * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
+
+#include <stdio.h>
+#include <openssl/objects.h>
+#include "ssl_locl.h"
+#include "kssl_lcl.h"
+#ifndef OPENSSL_NO_TLSEXT
+# ifndef OPENSSL_NO_EC
+#  include "../crypto/ec/ec_lcl.h"
+# endif                         /* OPENSSL_NO_EC */
+#endif                          /* OPENSSL_NO_TLSEXT */
+#include <openssl/md5.h>
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+
+const char ssl3_version_str[] = "SSLv3" OPENSSL_VERSION_PTEXT;
+
+#define SSL3_NUM_CIPHERS        (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
+
+/* list of available SSLv3 ciphers (sorted by id) */
+OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+
+/* The RSA ciphers */
+/* Cipher 01 */
+    {
+     1,
+     SSL3_TXT_RSA_NULL_MD5,
+     SSL3_CK_RSA_NULL_MD5,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_eNULL,
+     SSL_MD5,
+     SSL_SSLV3,
+     SSL_NOT_EXP | SSL_STRONG_NONE,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+
+/* Cipher 02 */
+    {
+     1,
+     SSL3_TXT_RSA_NULL_SHA,
+     SSL3_CK_RSA_NULL_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_eNULL,
+     SSL_SHA1,
+     SSL_SSLV3,
+     SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+
+/* Cipher 03 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     SSL3_TXT_RSA_RC4_40_MD5,
+     SSL3_CK_RSA_RC4_40_MD5,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_RC4,
+     SSL_MD5,
+     SSL_SSLV3,
+     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     40,
+     128,
+     },
+#endif
+
+/* Cipher 04 */
+    {
+     1,
+     SSL3_TXT_RSA_RC4_128_MD5,
+     SSL3_CK_RSA_RC4_128_MD5,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_RC4,
+     SSL_MD5,
+     SSL_SSLV3,
+     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+/* Cipher 05 */
+    {
+     1,
+     SSL3_TXT_RSA_RC4_128_SHA,
+     SSL3_CK_RSA_RC4_128_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_RC4,
+     SSL_SHA1,
+     SSL_SSLV3,
+     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+/* Cipher 06 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     SSL3_TXT_RSA_RC2_40_MD5,
+     SSL3_CK_RSA_RC2_40_MD5,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_RC2,
+     SSL_MD5,
+     SSL_SSLV3,
+     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     40,
+     128,
+     },
+#endif
+
+/* Cipher 07 */
+#ifndef OPENSSL_NO_IDEA
+    {
+     1,
+     SSL3_TXT_RSA_IDEA_128_SHA,
+     SSL3_CK_RSA_IDEA_128_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_IDEA,
+     SSL_SHA1,
+     SSL_SSLV3,
+     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+#endif
+
+/* Cipher 08 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     SSL3_TXT_RSA_DES_40_CBC_SHA,
+     SSL3_CK_RSA_DES_40_CBC_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_DES,
+     SSL_SHA1,
+     SSL_SSLV3,
+     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     40,
+     56,
+     },
+#endif
+
+/* Cipher 09 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     SSL3_TXT_RSA_DES_64_CBC_SHA,
+     SSL3_CK_RSA_DES_64_CBC_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_DES,
+     SSL_SHA1,
+     SSL_SSLV3,
+     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     56,
+     56,
+     },
+#endif
+
+/* Cipher 0A */
+    {
+     1,
+     SSL3_TXT_RSA_DES_192_CBC3_SHA,
+     SSL3_CK_RSA_DES_192_CBC3_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL_SSLV3,
+     SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+
+/* The DH ciphers */
+/* Cipher 0B */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     0,
+     SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
+     SSL3_CK_DH_DSS_DES_40_CBC_SHA,
+     SSL_kDHd,
+     SSL_aDH,
+     SSL_DES,
+     SSL_SHA1,
+     SSL_SSLV3,
+     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     40,
+     56,
+     },
+#endif
+
+/* Cipher 0C */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     0,                         /* not implemented (non-ephemeral DH) */
+     SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
+     SSL3_CK_DH_DSS_DES_64_CBC_SHA,
+     SSL_kDHd,
+     SSL_aDH,
+     SSL_DES,
+     SSL_SHA1,
+     SSL_SSLV3,
+     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     56,
+     56,
+     },
+#endif
+
+/* Cipher 0D */
+    {
+     0,                         /* not implemented (non-ephemeral DH) */
+     SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
+     SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
+     SSL_kDHd,
+     SSL_aDH,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL_SSLV3,
+     SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+
+/* Cipher 0E */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     0,                         /* not implemented (non-ephemeral DH) */
+     SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
+     SSL3_CK_DH_RSA_DES_40_CBC_SHA,
+     SSL_kDHr,
+     SSL_aDH,
+     SSL_DES,
+     SSL_SHA1,
+     SSL_SSLV3,
+     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     40,
+     56,
+     },
+#endif
+
+/* Cipher 0F */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     0,                         /* not implemented (non-ephemeral DH) */
+     SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
+     SSL3_CK_DH_RSA_DES_64_CBC_SHA,
+     SSL_kDHr,
+     SSL_aDH,
+     SSL_DES,
+     SSL_SHA1,
+     SSL_SSLV3,
+     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     56,
+     56,
+     },
+#endif
+
+/* Cipher 10 */
+    {
+     0,                         /* not implemented (non-ephemeral DH) */
+     SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
+     SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
+     SSL_kDHr,
+     SSL_aDH,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL_SSLV3,
+     SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+
+/* The Ephemeral DH ciphers */
+/* Cipher 11 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
+     SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
+     SSL_kEDH,
+     SSL_aDSS,
+     SSL_DES,
+     SSL_SHA1,
+     SSL_SSLV3,
+     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     40,
+     56,
+     },
+#endif
+
+/* Cipher 12 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
+     SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
+     SSL_kEDH,
+     SSL_aDSS,
+     SSL_DES,
+     SSL_SHA1,
+     SSL_SSLV3,
+     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     56,
+     56,
+     },
+#endif
+
+/* Cipher 13 */
+    {
+     1,
+     SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
+     SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
+     SSL_kEDH,
+     SSL_aDSS,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL_SSLV3,
+     SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+
+/* Cipher 14 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
+     SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
+     SSL_kEDH,
+     SSL_aRSA,
+     SSL_DES,
+     SSL_SHA1,
+     SSL_SSLV3,
+     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     40,
+     56,
+     },
+#endif
+
+/* Cipher 15 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
+     SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
+     SSL_kEDH,
+     SSL_aRSA,
+     SSL_DES,
+     SSL_SHA1,
+     SSL_SSLV3,
+     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     56,
+     56,
+     },
+#endif
+
+/* Cipher 16 */
+    {
+     1,
+     SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
+     SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
+     SSL_kEDH,
+     SSL_aRSA,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL_SSLV3,
+     SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+
+/* Cipher 17 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     SSL3_TXT_ADH_RC4_40_MD5,
+     SSL3_CK_ADH_RC4_40_MD5,
+     SSL_kEDH,
+     SSL_aNULL,
+     SSL_RC4,
+     SSL_MD5,
+     SSL_SSLV3,
+     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     40,
+     128,
+     },
+#endif
+
+/* Cipher 18 */
+    {
+     1,
+     SSL3_TXT_ADH_RC4_128_MD5,
+     SSL3_CK_ADH_RC4_128_MD5,
+     SSL_kEDH,
+     SSL_aNULL,
+     SSL_RC4,
+     SSL_MD5,
+     SSL_SSLV3,
+     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+/* Cipher 19 */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     SSL3_TXT_ADH_DES_40_CBC_SHA,
+     SSL3_CK_ADH_DES_40_CBC_SHA,
+     SSL_kEDH,
+     SSL_aNULL,
+     SSL_DES,
+     SSL_SHA1,
+     SSL_SSLV3,
+     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     40,
+     128,
+     },
+#endif
+
+/* Cipher 1A */
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     SSL3_TXT_ADH_DES_64_CBC_SHA,
+     SSL3_CK_ADH_DES_64_CBC_SHA,
+     SSL_kEDH,
+     SSL_aNULL,
+     SSL_DES,
+     SSL_SHA1,
+     SSL_SSLV3,
+     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     56,
+     56,
+     },
+#endif
+
+/* Cipher 1B */
+    {
+     1,
+     SSL3_TXT_ADH_DES_192_CBC_SHA,
+     SSL3_CK_ADH_DES_192_CBC_SHA,
+     SSL_kEDH,
+     SSL_aNULL,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL_SSLV3,
+     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+
+/* Fortezza ciphersuite from SSL 3.0 spec */
+#if 0
+/* Cipher 1C */
+    {
+     0,
+     SSL3_TXT_FZA_DMS_NULL_SHA,
+     SSL3_CK_FZA_DMS_NULL_SHA,
+     SSL_kFZA,
+     SSL_aFZA,
+     SSL_eNULL,
+     SSL_SHA1,
+     SSL_SSLV3,
+     SSL_NOT_EXP | SSL_STRONG_NONE,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+
+/* Cipher 1D */
+    {
+     0,
+     SSL3_TXT_FZA_DMS_FZA_SHA,
+     SSL3_CK_FZA_DMS_FZA_SHA,
+     SSL_kFZA,
+     SSL_aFZA,
+     SSL_eFZA,
+     SSL_SHA1,
+     SSL_SSLV3,
+     SSL_NOT_EXP | SSL_STRONG_NONE,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+
+/* Cipher 1E */
+    {
+     0,
+     SSL3_TXT_FZA_DMS_RC4_SHA,
+     SSL3_CK_FZA_DMS_RC4_SHA,
+     SSL_kFZA,
+     SSL_aFZA,
+     SSL_RC4,
+     SSL_SHA1,
+     SSL_SSLV3,
+     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+#endif
+
+#ifndef OPENSSL_NO_KRB5
+/* The Kerberos ciphers*/
+/* Cipher 1E */
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     SSL3_TXT_KRB5_DES_64_CBC_SHA,
+     SSL3_CK_KRB5_DES_64_CBC_SHA,
+     SSL_kKRB5,
+     SSL_aKRB5,
+     SSL_DES,
+     SSL_SHA1,
+     SSL_SSLV3,
+     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     56,
+     56,
+     },
+# endif
+
+/* Cipher 1F */
+    {
+     1,
+     SSL3_TXT_KRB5_DES_192_CBC3_SHA,
+     SSL3_CK_KRB5_DES_192_CBC3_SHA,
+     SSL_kKRB5,
+     SSL_aKRB5,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL_SSLV3,
+     SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+
+/* Cipher 20 */
+    {
+     1,
+     SSL3_TXT_KRB5_RC4_128_SHA,
+     SSL3_CK_KRB5_RC4_128_SHA,
+     SSL_kKRB5,
+     SSL_aKRB5,
+     SSL_RC4,
+     SSL_SHA1,
+     SSL_SSLV3,
+     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+/* Cipher 21 */
+    {
+     1,
+     SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
+     SSL3_CK_KRB5_IDEA_128_CBC_SHA,
+     SSL_kKRB5,
+     SSL_aKRB5,
+     SSL_IDEA,
+     SSL_SHA1,
+     SSL_SSLV3,
+     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+/* Cipher 22 */
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     SSL3_TXT_KRB5_DES_64_CBC_MD5,
+     SSL3_CK_KRB5_DES_64_CBC_MD5,
+     SSL_kKRB5,
+     SSL_aKRB5,
+     SSL_DES,
+     SSL_MD5,
+     SSL_SSLV3,
+     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     56,
+     56,
+     },
+# endif
+
+/* Cipher 23 */
+    {
+     1,
+     SSL3_TXT_KRB5_DES_192_CBC3_MD5,
+     SSL3_CK_KRB5_DES_192_CBC3_MD5,
+     SSL_kKRB5,
+     SSL_aKRB5,
+     SSL_3DES,
+     SSL_MD5,
+     SSL_SSLV3,
+     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+
+/* Cipher 24 */
+    {
+     1,
+     SSL3_TXT_KRB5_RC4_128_MD5,
+     SSL3_CK_KRB5_RC4_128_MD5,
+     SSL_kKRB5,
+     SSL_aKRB5,
+     SSL_RC4,
+     SSL_MD5,
+     SSL_SSLV3,
+     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+/* Cipher 25 */
+    {
+     1,
+     SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
+     SSL3_CK_KRB5_IDEA_128_CBC_MD5,
+     SSL_kKRB5,
+     SSL_aKRB5,
+     SSL_IDEA,
+     SSL_MD5,
+     SSL_SSLV3,
+     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+/* Cipher 26 */
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     SSL3_TXT_KRB5_DES_40_CBC_SHA,
+     SSL3_CK_KRB5_DES_40_CBC_SHA,
+     SSL_kKRB5,
+     SSL_aKRB5,
+     SSL_DES,
+     SSL_SHA1,
+     SSL_SSLV3,
+     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     40,
+     56,
+     },
+# endif
+
+/* Cipher 27 */
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     SSL3_TXT_KRB5_RC2_40_CBC_SHA,
+     SSL3_CK_KRB5_RC2_40_CBC_SHA,
+     SSL_kKRB5,
+     SSL_aKRB5,
+     SSL_RC2,
+     SSL_SHA1,
+     SSL_SSLV3,
+     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     40,
+     128,
+     },
+# endif
+
+/* Cipher 28 */
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     SSL3_TXT_KRB5_RC4_40_SHA,
+     SSL3_CK_KRB5_RC4_40_SHA,
+     SSL_kKRB5,
+     SSL_aKRB5,
+     SSL_RC4,
+     SSL_SHA1,
+     SSL_SSLV3,
+     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     40,
+     128,
+     },
+# endif
+
+/* Cipher 29 */
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     SSL3_TXT_KRB5_DES_40_CBC_MD5,
+     SSL3_CK_KRB5_DES_40_CBC_MD5,
+     SSL_kKRB5,
+     SSL_aKRB5,
+     SSL_DES,
+     SSL_MD5,
+     SSL_SSLV3,
+     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     40,
+     56,
+     },
+# endif
+
+/* Cipher 2A */
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     SSL3_TXT_KRB5_RC2_40_CBC_MD5,
+     SSL3_CK_KRB5_RC2_40_CBC_MD5,
+     SSL_kKRB5,
+     SSL_aKRB5,
+     SSL_RC2,
+     SSL_MD5,
+     SSL_SSLV3,
+     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     40,
+     128,
+     },
+# endif
+
+/* Cipher 2B */
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     SSL3_TXT_KRB5_RC4_40_MD5,
+     SSL3_CK_KRB5_RC4_40_MD5,
+     SSL_kKRB5,
+     SSL_aKRB5,
+     SSL_RC4,
+     SSL_MD5,
+     SSL_SSLV3,
+     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     40,
+     128,
+     },
+# endif
+#endif                          /* OPENSSL_NO_KRB5 */
+
+/* New AES ciphersuites */
+/* Cipher 2F */
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_128_SHA,
+     TLS1_CK_RSA_WITH_AES_128_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+/* Cipher 30 */
+    {
+     0,
+     TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
+     TLS1_CK_DH_DSS_WITH_AES_128_SHA,
+     SSL_kDHd,
+     SSL_aDH,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+/* Cipher 31 */
+    {
+     0,
+     TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
+     TLS1_CK_DH_RSA_WITH_AES_128_SHA,
+     SSL_kDHr,
+     SSL_aDH,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+/* Cipher 32 */
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
+     TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
+     SSL_kEDH,
+     SSL_aDSS,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+/* Cipher 33 */
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
+     TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
+     SSL_kEDH,
+     SSL_aRSA,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+/* Cipher 34 */
+    {
+     1,
+     TLS1_TXT_ADH_WITH_AES_128_SHA,
+     TLS1_CK_ADH_WITH_AES_128_SHA,
+     SSL_kEDH,
+     SSL_aNULL,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+/* Cipher 35 */
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_256_SHA,
+     TLS1_CK_RSA_WITH_AES_256_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+/* Cipher 36 */
+    {
+     0,
+     TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
+     TLS1_CK_DH_DSS_WITH_AES_256_SHA,
+     SSL_kDHd,
+     SSL_aDH,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+
+/* Cipher 37 */
+    {
+     0,                         /* not implemented (non-ephemeral DH) */
+     TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
+     TLS1_CK_DH_RSA_WITH_AES_256_SHA,
+     SSL_kDHr,
+     SSL_aDH,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+
+/* Cipher 38 */
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
+     TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
+     SSL_kEDH,
+     SSL_aDSS,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+
+/* Cipher 39 */
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
+     TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
+     SSL_kEDH,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+
+    /* Cipher 3A */
+    {
+     1,
+     TLS1_TXT_ADH_WITH_AES_256_SHA,
+     TLS1_CK_ADH_WITH_AES_256_SHA,
+     SSL_kEDH,
+     SSL_aNULL,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+
+    /* TLS v1.2 ciphersuites */
+    /* Cipher 3B */
+    {
+     1,
+     TLS1_TXT_RSA_WITH_NULL_SHA256,
+     TLS1_CK_RSA_WITH_NULL_SHA256,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_eNULL,
+     SSL_SHA256,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+
+    /* Cipher 3C */
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_128_SHA256,
+     TLS1_CK_RSA_WITH_AES_128_SHA256,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES128,
+     SSL_SHA256,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+    /* Cipher 3D */
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_256_SHA256,
+     TLS1_CK_RSA_WITH_AES_256_SHA256,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA256,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+
+    /* Cipher 3E */
+    {
+     0,                         /* not implemented (non-ephemeral DH) */
+     TLS1_TXT_DH_DSS_WITH_AES_128_SHA256,
+     TLS1_CK_DH_DSS_WITH_AES_128_SHA256,
+     SSL_kDHd,
+     SSL_aDH,
+     SSL_AES128,
+     SSL_SHA256,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+    /* Cipher 3F */
+    {
+     0,                         /* not implemented (non-ephemeral DH) */
+     TLS1_TXT_DH_RSA_WITH_AES_128_SHA256,
+     TLS1_CK_DH_RSA_WITH_AES_128_SHA256,
+     SSL_kDHr,
+     SSL_aDH,
+     SSL_AES128,
+     SSL_SHA256,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+    /* Cipher 40 */
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
+     TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
+     SSL_kEDH,
+     SSL_aDSS,
+     SSL_AES128,
+     SSL_SHA256,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+#ifndef OPENSSL_NO_CAMELLIA
+    /* Camellia ciphersuites from RFC4132 (128-bit portion) */
+
+    /* Cipher 41 */
+    {
+     1,
+     TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_CAMELLIA128,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+    /* Cipher 42 */
+    {
+     0,                         /* not implemented (non-ephemeral DH) */
+     TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
+     SSL_kDHd,
+     SSL_aDH,
+     SSL_CAMELLIA128,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+    /* Cipher 43 */
+    {
+     0,                         /* not implemented (non-ephemeral DH) */
+     TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
+     SSL_kDHr,
+     SSL_aDH,
+     SSL_CAMELLIA128,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+    /* Cipher 44 */
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+     SSL_kEDH,
+     SSL_aDSS,
+     SSL_CAMELLIA128,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+    /* Cipher 45 */
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+     SSL_kEDH,
+     SSL_aRSA,
+     SSL_CAMELLIA128,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+    /* Cipher 46 */
+    {
+     1,
+     TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
+     SSL_kEDH,
+     SSL_aNULL,
+     SSL_CAMELLIA128,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+#endif                          /* OPENSSL_NO_CAMELLIA */
+
+#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
+    /* New TLS Export CipherSuites from expired ID */
+# if 0
+    /* Cipher 60 */
+    {
+     1,
+     TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
+     TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_RC4,
+     SSL_MD5,
+     SSL_TLSV1,
+     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP56,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     56,
+     128,
+     },
+
+    /* Cipher 61 */
+    {
+     1,
+     TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
+     TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_RC2,
+     SSL_MD5,
+     SSL_TLSV1,
+     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP56,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     56,
+     128,
+     },
+# endif
+
+    /* Cipher 62 */
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
+     TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_DES,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP56,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     56,
+     56,
+     },
+# endif
+
+    /* Cipher 63 */
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
+     TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
+     SSL_kEDH,
+     SSL_aDSS,
+     SSL_DES,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP56,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     56,
+     56,
+     },
+# endif
+
+    /* Cipher 64 */
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
+     TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_RC4,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP56,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     56,
+     128,
+     },
+# endif
+
+    /* Cipher 65 */
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
+     TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
+     SSL_kEDH,
+     SSL_aDSS,
+     SSL_RC4,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP56,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     56,
+     128,
+     },
+# endif
+
+    /* Cipher 66 */
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
+     TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
+     SSL_kEDH,
+     SSL_aDSS,
+     SSL_RC4,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+#endif
+
+    /* TLS v1.2 ciphersuites */
+    /* Cipher 67 */
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
+     TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
+     SSL_kEDH,
+     SSL_aRSA,
+     SSL_AES128,
+     SSL_SHA256,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+    /* Cipher 68 */
+    {
+     0,                         /* not implemented (non-ephemeral DH) */
+     TLS1_TXT_DH_DSS_WITH_AES_256_SHA256,
+     TLS1_CK_DH_DSS_WITH_AES_256_SHA256,
+     SSL_kDHd,
+     SSL_aDH,
+     SSL_AES256,
+     SSL_SHA256,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+
+    /* Cipher 69 */
+    {
+     0,                         /* not implemented (non-ephemeral DH) */
+     TLS1_TXT_DH_RSA_WITH_AES_256_SHA256,
+     TLS1_CK_DH_RSA_WITH_AES_256_SHA256,
+     SSL_kDHr,
+     SSL_aDH,
+     SSL_AES256,
+     SSL_SHA256,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+
+    /* Cipher 6A */
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
+     TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
+     SSL_kEDH,
+     SSL_aDSS,
+     SSL_AES256,
+     SSL_SHA256,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+
+    /* Cipher 6B */
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
+     TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
+     SSL_kEDH,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA256,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+
+    /* Cipher 6C */
+    {
+     1,
+     TLS1_TXT_ADH_WITH_AES_128_SHA256,
+     TLS1_CK_ADH_WITH_AES_128_SHA256,
+     SSL_kEDH,
+     SSL_aNULL,
+     SSL_AES128,
+     SSL_SHA256,
+     SSL_TLSV1_2,
+     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+    /* Cipher 6D */
+    {
+     1,
+     TLS1_TXT_ADH_WITH_AES_256_SHA256,
+     TLS1_CK_ADH_WITH_AES_256_SHA256,
+     SSL_kEDH,
+     SSL_aNULL,
+     SSL_AES256,
+     SSL_SHA256,
+     SSL_TLSV1_2,
+     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+
+    /* GOST Ciphersuites */
+
+    {
+     1,
+     "GOST94-GOST89-GOST89",
+     0x3000080,
+     SSL_kGOST,
+     SSL_aGOST94,
+     SSL_eGOST2814789CNT,
+     SSL_GOST89MAC,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
+     256,
+     256},
+    {
+     1,
+     "GOST2001-GOST89-GOST89",
+     0x3000081,
+     SSL_kGOST,
+     SSL_aGOST01,
+     SSL_eGOST2814789CNT,
+     SSL_GOST89MAC,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
+     256,
+     256},
+    {
+     1,
+     "GOST94-NULL-GOST94",
+     0x3000082,
+     SSL_kGOST,
+     SSL_aGOST94,
+     SSL_eNULL,
+     SSL_GOST94,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_STRONG_NONE,
+     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
+     0,
+     0},
+    {
+     1,
+     "GOST2001-NULL-GOST94",
+     0x3000083,
+     SSL_kGOST,
+     SSL_aGOST01,
+     SSL_eNULL,
+     SSL_GOST94,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_STRONG_NONE,
+     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
+     0,
+     0},
+
+#ifndef OPENSSL_NO_CAMELLIA
+    /* Camellia ciphersuites from RFC4132 (256-bit portion) */
+
+    /* Cipher 84 */
+    {
+     1,
+     TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_CAMELLIA256,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    /* Cipher 85 */
+    {
+     0,                         /* not implemented (non-ephemeral DH) */
+     TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
+     SSL_kDHd,
+     SSL_aDH,
+     SSL_CAMELLIA256,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+
+    /* Cipher 86 */
+    {
+     0,                         /* not implemented (non-ephemeral DH) */
+     TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
+     SSL_kDHr,
+     SSL_aDH,
+     SSL_CAMELLIA256,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+
+    /* Cipher 87 */
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+     SSL_kEDH,
+     SSL_aDSS,
+     SSL_CAMELLIA256,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+
+    /* Cipher 88 */
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+     SSL_kEDH,
+     SSL_aRSA,
+     SSL_CAMELLIA256,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+
+    /* Cipher 89 */
+    {
+     1,
+     TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
+     SSL_kEDH,
+     SSL_aNULL,
+     SSL_CAMELLIA256,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+#endif                          /* OPENSSL_NO_CAMELLIA */
+
+#ifndef OPENSSL_NO_PSK
+    /* Cipher 8A */
+    {
+     1,
+     TLS1_TXT_PSK_WITH_RC4_128_SHA,
+     TLS1_CK_PSK_WITH_RC4_128_SHA,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_RC4,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+    /* Cipher 8B */
+    {
+     1,
+     TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+
+    /* Cipher 8C */
+    {
+     1,
+     TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+    /* Cipher 8D */
+    {
+     1,
+     TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+#endif                          /* OPENSSL_NO_PSK */
+
+#ifndef OPENSSL_NO_SEED
+    /* SEED ciphersuites from RFC4162 */
+
+    /* Cipher 96 */
+    {
+     1,
+     TLS1_TXT_RSA_WITH_SEED_SHA,
+     TLS1_CK_RSA_WITH_SEED_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_SEED,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+    /* Cipher 97 */
+    {
+     0,                         /* not implemented (non-ephemeral DH) */
+     TLS1_TXT_DH_DSS_WITH_SEED_SHA,
+     TLS1_CK_DH_DSS_WITH_SEED_SHA,
+     SSL_kDHd,
+     SSL_aDH,
+     SSL_SEED,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+    /* Cipher 98 */
+    {
+     0,                         /* not implemented (non-ephemeral DH) */
+     TLS1_TXT_DH_RSA_WITH_SEED_SHA,
+     TLS1_CK_DH_RSA_WITH_SEED_SHA,
+     SSL_kDHr,
+     SSL_aDH,
+     SSL_SEED,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+    /* Cipher 99 */
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
+     TLS1_CK_DHE_DSS_WITH_SEED_SHA,
+     SSL_kEDH,
+     SSL_aDSS,
+     SSL_SEED,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+    /* Cipher 9A */
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
+     TLS1_CK_DHE_RSA_WITH_SEED_SHA,
+     SSL_kEDH,
+     SSL_aRSA,
+     SSL_SEED,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+    /* Cipher 9B */
+    {
+     1,
+     TLS1_TXT_ADH_WITH_SEED_SHA,
+     TLS1_CK_ADH_WITH_SEED_SHA,
+     SSL_kEDH,
+     SSL_aNULL,
+     SSL_SEED,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+#endif                          /* OPENSSL_NO_SEED */
+
+    /* GCM ciphersuites from RFC5288 */
+
+    /* Cipher 9C */
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+
+    /* Cipher 9D */
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+
+    /* Cipher 9E */
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
+     SSL_kEDH,
+     SSL_aRSA,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+
+    /* Cipher 9F */
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
+     SSL_kEDH,
+     SSL_aRSA,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+
+    /* Cipher A0 */
+    {
+     0,
+     TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256,
+     SSL_kDHr,
+     SSL_aDH,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+
+    /* Cipher A1 */
+    {
+     0,
+     TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384,
+     SSL_kDHr,
+     SSL_aDH,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+
+    /* Cipher A2 */
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
+     SSL_kEDH,
+     SSL_aDSS,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+
+    /* Cipher A3 */
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
+     SSL_kEDH,
+     SSL_aDSS,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+
+    /* Cipher A4 */
+    {
+     0,
+     TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256,
+     SSL_kDHd,
+     SSL_aDH,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+
+    /* Cipher A5 */
+    {
+     0,
+     TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384,
+     SSL_kDHd,
+     SSL_aDH,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+
+    /* Cipher A6 */
+    {
+     1,
+     TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
+     SSL_kEDH,
+     SSL_aNULL,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     SSL_TLSV1_2,
+     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+
+    /* Cipher A7 */
+    {
+     1,
+     TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
+     SSL_kEDH,
+     SSL_aNULL,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     SSL_TLSV1_2,
+     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+
+#ifndef OPENSSL_NO_ECDH
+    /* Cipher C001 */
+    {
+     1,
+     TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
+     TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
+     SSL_kECDHe,
+     SSL_aECDH,
+     SSL_eNULL,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+
+    /* Cipher C002 */
+    {
+     1,
+     TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
+     TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
+     SSL_kECDHe,
+     SSL_aECDH,
+     SSL_RC4,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+    /* Cipher C003 */
+    {
+     1,
+     TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
+     TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
+     SSL_kECDHe,
+     SSL_aECDH,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+
+    /* Cipher C004 */
+    {
+     1,
+     TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
+     TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
+     SSL_kECDHe,
+     SSL_aECDH,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+    /* Cipher C005 */
+    {
+     1,
+     TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
+     TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
+     SSL_kECDHe,
+     SSL_aECDH,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+
+    /* Cipher C006 */
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
+     TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
+     SSL_kEECDH,
+     SSL_aECDSA,
+     SSL_eNULL,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+
+    /* Cipher C007 */
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
+     TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
+     SSL_kEECDH,
+     SSL_aECDSA,
+     SSL_RC4,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+    /* Cipher C008 */
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
+     TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
+     SSL_kEECDH,
+     SSL_aECDSA,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+
+    /* Cipher C009 */
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+     SSL_kEECDH,
+     SSL_aECDSA,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+    /* Cipher C00A */
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+     SSL_kEECDH,
+     SSL_aECDSA,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+
+    /* Cipher C00B */
+    {
+     1,
+     TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
+     TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
+     SSL_kECDHr,
+     SSL_aECDH,
+     SSL_eNULL,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+
+    /* Cipher C00C */
+    {
+     1,
+     TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
+     TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
+     SSL_kECDHr,
+     SSL_aECDH,
+     SSL_RC4,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+    /* Cipher C00D */
+    {
+     1,
+     TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
+     TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
+     SSL_kECDHr,
+     SSL_aECDH,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+
+    /* Cipher C00E */
+    {
+     1,
+     TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
+     TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
+     SSL_kECDHr,
+     SSL_aECDH,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+    /* Cipher C00F */
+    {
+     1,
+     TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
+     TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
+     SSL_kECDHr,
+     SSL_aECDH,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+
+    /* Cipher C010 */
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
+     TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
+     SSL_kEECDH,
+     SSL_aRSA,
+     SSL_eNULL,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+
+    /* Cipher C011 */
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
+     TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
+     SSL_kEECDH,
+     SSL_aRSA,
+     SSL_RC4,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+    /* Cipher C012 */
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
+     TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
+     SSL_kEECDH,
+     SSL_aRSA,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+
+    /* Cipher C013 */
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+     TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+     SSL_kEECDH,
+     SSL_aRSA,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+    /* Cipher C014 */
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+     TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+     SSL_kEECDH,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+
+    /* Cipher C015 */
+    {
+     1,
+     TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
+     TLS1_CK_ECDH_anon_WITH_NULL_SHA,
+     SSL_kEECDH,
+     SSL_aNULL,
+     SSL_eNULL,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+
+    /* Cipher C016 */
+    {
+     1,
+     TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
+     TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
+     SSL_kEECDH,
+     SSL_aNULL,
+     SSL_RC4,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+    /* Cipher C017 */
+    {
+     1,
+     TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
+     TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
+     SSL_kEECDH,
+     SSL_aNULL,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+
+    /* Cipher C018 */
+    {
+     1,
+     TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
+     TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
+     SSL_kEECDH,
+     SSL_aNULL,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+    /* Cipher C019 */
+    {
+     1,
+     TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
+     TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
+     SSL_kEECDH,
+     SSL_aNULL,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+#endif                          /* OPENSSL_NO_ECDH */
+
+#ifndef OPENSSL_NO_SRP
+    /* Cipher C01A */
+    {
+     1,
+     TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
+     TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
+     SSL_kSRP,
+     SSL_aSRP,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+
+    /* Cipher C01B */
+    {
+     1,
+     TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
+     TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
+     SSL_kSRP,
+     SSL_aRSA,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+
+    /* Cipher C01C */
+    {
+     1,
+     TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
+     TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
+     SSL_kSRP,
+     SSL_aDSS,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+
+    /* Cipher C01D */
+    {
+     1,
+     TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
+     TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
+     SSL_kSRP,
+     SSL_aSRP,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+    /* Cipher C01E */
+    {
+     1,
+     TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
+     TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
+     SSL_kSRP,
+     SSL_aRSA,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+    /* Cipher C01F */
+    {
+     1,
+     TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
+     TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
+     SSL_kSRP,
+     SSL_aDSS,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+
+    /* Cipher C020 */
+    {
+     1,
+     TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
+     TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
+     SSL_kSRP,
+     SSL_aSRP,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+
+    /* Cipher C021 */
+    {
+     1,
+     TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
+     TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
+     SSL_kSRP,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+
+    /* Cipher C022 */
+    {
+     1,
+     TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
+     TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
+     SSL_kSRP,
+     SSL_aDSS,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+#endif                          /* OPENSSL_NO_SRP */
+#ifndef OPENSSL_NO_ECDH
+
+    /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
+
+    /* Cipher C023 */
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
+     SSL_kEECDH,
+     SSL_aECDSA,
+     SSL_AES128,
+     SSL_SHA256,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+
+    /* Cipher C024 */
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
+     SSL_kEECDH,
+     SSL_aECDSA,
+     SSL_AES256,
+     SSL_SHA384,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+
+    /* Cipher C025 */
+    {
+     1,
+     TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
+     TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
+     SSL_kECDHe,
+     SSL_aECDH,
+     SSL_AES128,
+     SSL_SHA256,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+
+    /* Cipher C026 */
+    {
+     1,
+     TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
+     TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
+     SSL_kECDHe,
+     SSL_aECDH,
+     SSL_AES256,
+     SSL_SHA384,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+
+    /* Cipher C027 */
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
+     TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
+     SSL_kEECDH,
+     SSL_aRSA,
+     SSL_AES128,
+     SSL_SHA256,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+
+    /* Cipher C028 */
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
+     TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
+     SSL_kEECDH,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA384,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+
+    /* Cipher C029 */
+    {
+     1,
+     TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
+     TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
+     SSL_kECDHr,
+     SSL_aECDH,
+     SSL_AES128,
+     SSL_SHA256,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+
+    /* Cipher C02A */
+    {
+     1,
+     TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
+     TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
+     SSL_kECDHr,
+     SSL_aECDH,
+     SSL_AES256,
+     SSL_SHA384,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+
+    /* GCM based TLS v1.2 ciphersuites from RFC5289 */
+
+    /* Cipher C02B */
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+     SSL_kEECDH,
+     SSL_aECDSA,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+
+    /* Cipher C02C */
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+     SSL_kEECDH,
+     SSL_aECDSA,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+
+    /* Cipher C02D */
+    {
+     1,
+     TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
+     SSL_kECDHe,
+     SSL_aECDH,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+
+    /* Cipher C02E */
+    {
+     1,
+     TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
+     SSL_kECDHe,
+     SSL_aECDH,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+
+    /* Cipher C02F */
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+     SSL_kEECDH,
+     SSL_aRSA,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+
+    /* Cipher C030 */
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+     SSL_kEECDH,
+     SSL_aRSA,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+
+    /* Cipher C031 */
+    {
+     1,
+     TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
+     SSL_kECDHr,
+     SSL_aECDH,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+
+    /* Cipher C032 */
+    {
+     1,
+     TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
+     SSL_kECDHr,
+     SSL_aECDH,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     SSL_TLSV1_2,
+     SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+
+#endif                          /* OPENSSL_NO_ECDH */
+
+#ifdef TEMP_GOST_TLS
+/* Cipher FF00 */
+    {
+     1,
+     "GOST-MD5",
+     0x0300ff00,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_eGOST2814789CNT,
+     SSL_MD5,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     "GOST-GOST94",
+     0x0300ff01,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_eGOST2814789CNT,
+     SSL_GOST94,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256},
+    {
+     1,
+     "GOST-GOST89MAC",
+     0x0300ff02,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_eGOST2814789CNT,
+     SSL_GOST89MAC,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256},
+    {
+     1,
+     "GOST-GOST89STREAM",
+     0x0300ff03,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_eGOST2814789CNT,
+     SSL_GOST89MAC,
+     SSL_TLSV1,
+     SSL_NOT_EXP | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF | TLS1_STREAM_MAC,
+     256,
+     256},
+#endif
+
+/* end of list */
+};
+
+SSL3_ENC_METHOD SSLv3_enc_data = {
+    ssl3_enc,
+    n_ssl3_mac,
+    ssl3_setup_key_block,
+    ssl3_generate_master_secret,
+    ssl3_change_cipher_state,
+    ssl3_final_finish_mac,
+    MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
+    ssl3_cert_verify_mac,
+    SSL3_MD_CLIENT_FINISHED_CONST, 4,
+    SSL3_MD_SERVER_FINISHED_CONST, 4,
+    ssl3_alert_code,
+    (int (*)(SSL *, unsigned char *, size_t, const char *,
+             size_t, const unsigned char *, size_t,
+             int use_context))ssl_undefined_function,
+};
+
+long ssl3_default_timeout(void)
+{
+    /*
+     * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
+     * http, the cache would over fill
+     */
+    return (60 * 60 * 2);
+}
+
+int ssl3_num_ciphers(void)
+{
+    return (SSL3_NUM_CIPHERS);
+}
+
+const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
+{
+    if (u < SSL3_NUM_CIPHERS)
+        return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
+    else
+        return (NULL);
+}
+
+int ssl3_pending(const SSL *s)
+{
+    if (s->rstate == SSL_ST_READ_BODY)
+        return 0;
+
+    return (s->s3->rrec.type ==
+            SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
+}
+
+int ssl3_new(SSL *s)
+{
+    SSL3_STATE *s3;
+
+    if ((s3 = OPENSSL_malloc(sizeof *s3)) == NULL)
+        goto err;
+    memset(s3, 0, sizeof *s3);
+    memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num));
+    memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num));
+
+    s->s3 = s3;
+
+#ifndef OPENSSL_NO_SRP
+    SSL_SRP_CTX_init(s);
+#endif
+    s->method->ssl_clear(s);
+    return (1);
+ err:
+    return (0);
+}
+
+void ssl3_free(SSL *s)
+{
+    if (s == NULL || s->s3 == NULL)
+        return;
+
+#ifdef TLSEXT_TYPE_opaque_prf_input
+    if (s->s3->client_opaque_prf_input != NULL)
+        OPENSSL_free(s->s3->client_opaque_prf_input);
+    if (s->s3->server_opaque_prf_input != NULL)
+        OPENSSL_free(s->s3->server_opaque_prf_input);
+#endif
+
+    ssl3_cleanup_key_block(s);
+    if (s->s3->rbuf.buf != NULL)
+        ssl3_release_read_buffer(s);
+    if (s->s3->wbuf.buf != NULL)
+        ssl3_release_write_buffer(s);
+    if (s->s3->rrec.comp != NULL)
+        OPENSSL_free(s->s3->rrec.comp);
+#ifndef OPENSSL_NO_DH
+    if (s->s3->tmp.dh != NULL)
+        DH_free(s->s3->tmp.dh);
+#endif
+#ifndef OPENSSL_NO_ECDH
+    if (s->s3->tmp.ecdh != NULL)
+        EC_KEY_free(s->s3->tmp.ecdh);
+#endif
+
+    if (s->s3->tmp.ca_names != NULL)
+        sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
+    if (s->s3->handshake_buffer) {
+        BIO_free(s->s3->handshake_buffer);
+    }
+    if (s->s3->handshake_dgst)
+        ssl3_free_digest_list(s);
+#ifndef OPENSSL_NO_SRP
+    SSL_SRP_CTX_free(s);
+#endif
+    OPENSSL_cleanse(s->s3, sizeof *s->s3);
+    OPENSSL_free(s->s3);
+    s->s3 = NULL;
+}
+
+void ssl3_clear(SSL *s)
+{
+    unsigned char *rp, *wp;
+    size_t rlen, wlen;
+    int init_extra;
+
+#ifdef TLSEXT_TYPE_opaque_prf_input
+    if (s->s3->client_opaque_prf_input != NULL)
+        OPENSSL_free(s->s3->client_opaque_prf_input);
+    s->s3->client_opaque_prf_input = NULL;
+    if (s->s3->server_opaque_prf_input != NULL)
+        OPENSSL_free(s->s3->server_opaque_prf_input);
+    s->s3->server_opaque_prf_input = NULL;
+#endif
+
+    ssl3_cleanup_key_block(s);
+    if (s->s3->tmp.ca_names != NULL)
+        sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
+
+    if (s->s3->rrec.comp != NULL) {
+        OPENSSL_free(s->s3->rrec.comp);
+        s->s3->rrec.comp = NULL;
+    }
+#ifndef OPENSSL_NO_DH
+    if (s->s3->tmp.dh != NULL) {
+        DH_free(s->s3->tmp.dh);
+        s->s3->tmp.dh = NULL;
+    }
+#endif
+#ifndef OPENSSL_NO_ECDH
+    if (s->s3->tmp.ecdh != NULL) {
+        EC_KEY_free(s->s3->tmp.ecdh);
+        s->s3->tmp.ecdh = NULL;
+    }
+#endif
+#ifndef OPENSSL_NO_TLSEXT
+# ifndef OPENSSL_NO_EC
+    s->s3->is_probably_safari = 0;
+# endif                         /* !OPENSSL_NO_EC */
+#endif                          /* !OPENSSL_NO_TLSEXT */
+
+    rp = s->s3->rbuf.buf;
+    wp = s->s3->wbuf.buf;
+    rlen = s->s3->rbuf.len;
+    wlen = s->s3->wbuf.len;
+    init_extra = s->s3->init_extra;
+    if (s->s3->handshake_buffer) {
+        BIO_free(s->s3->handshake_buffer);
+        s->s3->handshake_buffer = NULL;
+    }
+    if (s->s3->handshake_dgst) {
+        ssl3_free_digest_list(s);
+    }
+    memset(s->s3, 0, sizeof *s->s3);
+    s->s3->rbuf.buf = rp;
+    s->s3->wbuf.buf = wp;
+    s->s3->rbuf.len = rlen;
+    s->s3->wbuf.len = wlen;
+    s->s3->init_extra = init_extra;
+
+    ssl_free_wbio_buffer(s);
+
+    s->packet_length = 0;
+    s->s3->renegotiate = 0;
+    s->s3->total_renegotiations = 0;
+    s->s3->num_renegotiations = 0;
+    s->s3->in_read_app_data = 0;
+    s->version = SSL3_VERSION;
+
+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
+    if (s->next_proto_negotiated) {
+        OPENSSL_free(s->next_proto_negotiated);
+        s->next_proto_negotiated = NULL;
+        s->next_proto_negotiated_len = 0;
+    }
+#endif
+}
+
+#ifndef OPENSSL_NO_SRP
+static char *MS_CALLBACK srp_password_from_info_cb(SSL *s, void *arg)
+{
+    return BUF_strdup(s->srp_ctx.info);
+}
+#endif
+
+long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
+{
+    int ret = 0;
+
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
+    if (
+# ifndef OPENSSL_NO_RSA
+           cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB ||
+# endif
+# ifndef OPENSSL_NO_DSA
+           cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB ||
+# endif
+           0) {
+        if (!ssl_cert_inst(&s->cert)) {
+            SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
+            return (0);
+        }
+    }
+#endif
+
+    switch (cmd) {
+    case SSL_CTRL_GET_SESSION_REUSED:
+        ret = s->hit;
+        break;
+    case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
+        break;
+    case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
+        ret = s->s3->num_renegotiations;
+        break;
+    case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
+        ret = s->s3->num_renegotiations;
+        s->s3->num_renegotiations = 0;
+        break;
+    case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
+        ret = s->s3->total_renegotiations;
+        break;
+    case SSL_CTRL_GET_FLAGS:
+        ret = (int)(s->s3->flags);
+        break;
+#ifndef OPENSSL_NO_RSA
+    case SSL_CTRL_NEED_TMP_RSA:
+        if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
+            ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
+             (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) >
+              (512 / 8))))
+            ret = 1;
+        break;
+    case SSL_CTRL_SET_TMP_RSA:
+        {
+            RSA *rsa = (RSA *)parg;
+            if (rsa == NULL) {
+                SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+                return (ret);
+            }
+            if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) {
+                SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
+                return (ret);
+            }
+            if (s->cert->rsa_tmp != NULL)
+                RSA_free(s->cert->rsa_tmp);
+            s->cert->rsa_tmp = rsa;
+            ret = 1;
+        }
+        break;
+    case SSL_CTRL_SET_TMP_RSA_CB:
+        {
+            SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+            return (ret);
+        }
+        break;
+#endif
+#ifndef OPENSSL_NO_DH
+    case SSL_CTRL_SET_TMP_DH:
+        {
+            DH *dh = (DH *)parg;
+            if (dh == NULL) {
+                SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+                return (ret);
+            }
+            if ((dh = DHparams_dup(dh)) == NULL) {
+                SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
+                return (ret);
+            }
+            if (s->cert->dh_tmp != NULL)
+                DH_free(s->cert->dh_tmp);
+            s->cert->dh_tmp = dh;
+            ret = 1;
+        }
+        break;
+    case SSL_CTRL_SET_TMP_DH_CB:
+        {
+            SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+            return (ret);
+        }
+        break;
+#endif
+#ifndef OPENSSL_NO_ECDH
+    case SSL_CTRL_SET_TMP_ECDH:
+        {
+            EC_KEY *ecdh = NULL;
+
+            if (parg == NULL) {
+                SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+                return (ret);
+            }
+            if (!EC_KEY_up_ref((EC_KEY *)parg)) {
+                SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB);
+                return (ret);
+            }
+            ecdh = (EC_KEY *)parg;
+            if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) {
+                if (!EC_KEY_generate_key(ecdh)) {
+                    EC_KEY_free(ecdh);
+                    SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB);
+                    return (ret);
+                }
+            }
+            if (s->cert->ecdh_tmp != NULL)
+                EC_KEY_free(s->cert->ecdh_tmp);
+            s->cert->ecdh_tmp = ecdh;
+            ret = 1;
+        }
+        break;
+    case SSL_CTRL_SET_TMP_ECDH_CB:
+        {
+            SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+            return (ret);
+        }
+        break;
+#endif                          /* !OPENSSL_NO_ECDH */
+#ifndef OPENSSL_NO_TLSEXT
+    case SSL_CTRL_SET_TLSEXT_HOSTNAME:
+        if (larg == TLSEXT_NAMETYPE_host_name) {
+            size_t len;
+
+            if (s->tlsext_hostname != NULL)
+                OPENSSL_free(s->tlsext_hostname);
+            s->tlsext_hostname = NULL;
+
+            ret = 1;
+            if (parg == NULL)
+                break;
+            len = strlen((char *)parg);
+            if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
+                SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
+                return 0;
+            }
+            if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL) {
+                SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+        } else {
+            SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
+            return 0;
+        }
+        break;
+    case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
+        s->tlsext_debug_arg = parg;
+        ret = 1;
+        break;
+
+# ifdef TLSEXT_TYPE_opaque_prf_input
+    case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
+        if (larg > 12288) {     /* actual internal limit is 2^16 for the
+                                 * complete hello message * (including the
+                                 * cert chain and everything) */
+            SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
+            break;
+        }
+        if (s->tlsext_opaque_prf_input != NULL)
+            OPENSSL_free(s->tlsext_opaque_prf_input);
+        if ((size_t)larg == 0)
+            s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte
+                                                             * just to get
+                                                             * non-NULL */
+        else
+            s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
+        if (s->tlsext_opaque_prf_input != NULL) {
+            s->tlsext_opaque_prf_input_len = (size_t)larg;
+            ret = 1;
+        } else
+            s->tlsext_opaque_prf_input_len = 0;
+        break;
+# endif
+
+    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
+        s->tlsext_status_type = larg;
+        ret = 1;
+        break;
+
+    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
+        *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
+        ret = 1;
+        break;
+
+    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
+        s->tlsext_ocsp_exts = parg;
+        ret = 1;
+        break;
+
+    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
+        *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
+        ret = 1;
+        break;
+
+    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
+        s->tlsext_ocsp_ids = parg;
+        ret = 1;
+        break;
+
+    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
+        *(unsigned char **)parg = s->tlsext_ocsp_resp;
+        return s->tlsext_ocsp_resplen;
+
+    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
+        if (s->tlsext_ocsp_resp)
+            OPENSSL_free(s->tlsext_ocsp_resp);
+        s->tlsext_ocsp_resp = parg;
+        s->tlsext_ocsp_resplen = larg;
+        ret = 1;
+        break;
+
+# ifndef OPENSSL_NO_HEARTBEATS
+    case SSL_CTRL_TLS_EXT_SEND_HEARTBEAT:
+        if (SSL_version(s) == DTLS1_VERSION
+            || SSL_version(s) == DTLS1_BAD_VER)
+            ret = dtls1_heartbeat(s);
+        else
+            ret = tls1_heartbeat(s);
+        break;
+
+    case SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING:
+        ret = s->tlsext_hb_pending;
+        break;
+
+    case SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS:
+        if (larg)
+            s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
+        else
+            s->tlsext_heartbeat &= ~SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
+        ret = 1;
+        break;
+# endif
+
+#endif                          /* !OPENSSL_NO_TLSEXT */
+
+    case SSL_CTRL_CHECK_PROTO_VERSION:
+        /*
+         * For library-internal use; checks that the current protocol is the
+         * highest enabled version (according to s->ctx->method, as version
+         * negotiation may have changed s->method).
+         */
+        if (s->version == s->ctx->method->version)
+            return 1;
+        /*
+         * Apparently we're using a version-flexible SSL_METHOD (not at its
+         * highest protocol version).
+         */
+        if (s->ctx->method->version == SSLv23_method()->version) {
+#if TLS_MAX_VERSION != TLS1_2_VERSION
+# error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION.
+#endif
+            if (!(s->options & SSL_OP_NO_TLSv1_2))
+                return s->version == TLS1_2_VERSION;
+            if (!(s->options & SSL_OP_NO_TLSv1_1))
+                return s->version == TLS1_1_VERSION;
+            if (!(s->options & SSL_OP_NO_TLSv1))
+                return s->version == TLS1_VERSION;
+            if (!(s->options & SSL_OP_NO_SSLv3))
+                return s->version == SSL3_VERSION;
+            if (!(s->options & SSL_OP_NO_SSLv2))
+                return s->version == SSL2_VERSION;
+        }
+        return 0;               /* Unexpected state; fail closed. */
+
+    default:
+        break;
+    }
+    return (ret);
+}
+
+long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
+{
+    int ret = 0;
+
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
+    if (
+# ifndef OPENSSL_NO_RSA
+           cmd == SSL_CTRL_SET_TMP_RSA_CB ||
+# endif
+# ifndef OPENSSL_NO_DSA
+           cmd == SSL_CTRL_SET_TMP_DH_CB ||
+# endif
+           0) {
+        if (!ssl_cert_inst(&s->cert)) {
+            SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
+            return (0);
+        }
+    }
+#endif
+
+    switch (cmd) {
+#ifndef OPENSSL_NO_RSA
+    case SSL_CTRL_SET_TMP_RSA_CB:
+        {
+            s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
+        }
+        break;
+#endif
+#ifndef OPENSSL_NO_DH
+    case SSL_CTRL_SET_TMP_DH_CB:
+        {
+            s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
+        }
+        break;
+#endif
+#ifndef OPENSSL_NO_ECDH
+    case SSL_CTRL_SET_TMP_ECDH_CB:
+        {
+            s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
+        }
+        break;
+#endif
+#ifndef OPENSSL_NO_TLSEXT
+    case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
+        s->tlsext_debug_cb = (void (*)(SSL *, int, int,
+                                       unsigned char *, int, void *))fp;
+        break;
+#endif
+    default:
+        break;
+    }
+    return (ret);
+}
+
+long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
+{
+    CERT *cert;
+
+    cert = ctx->cert;
+
+    switch (cmd) {
+#ifndef OPENSSL_NO_RSA
+    case SSL_CTRL_NEED_TMP_RSA:
+        if ((cert->rsa_tmp == NULL) &&
+            ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
+             (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) >
+              (512 / 8)))
+            )
+            return (1);
+        else
+            return (0);
+        /* break; */
+    case SSL_CTRL_SET_TMP_RSA:
+        {
+            RSA *rsa;
+            int i;
+
+            rsa = (RSA *)parg;
+            i = 1;
+            if (rsa == NULL)
+                i = 0;
+            else {
+                if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
+                    i = 0;
+            }
+            if (!i) {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_RSA_LIB);
+                return (0);
+            } else {
+                if (cert->rsa_tmp != NULL)
+                    RSA_free(cert->rsa_tmp);
+                cert->rsa_tmp = rsa;
+                return (1);
+            }
+        }
+        /* break; */
+    case SSL_CTRL_SET_TMP_RSA_CB:
+        {
+            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+            return (0);
+        }
+        break;
+#endif
+#ifndef OPENSSL_NO_DH
+    case SSL_CTRL_SET_TMP_DH:
+        {
+            DH *new = NULL, *dh;
+
+            dh = (DH *)parg;
+            if ((new = DHparams_dup(dh)) == NULL) {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
+                return 0;
+            }
+            if (cert->dh_tmp != NULL)
+                DH_free(cert->dh_tmp);
+            cert->dh_tmp = new;
+            return 1;
+        }
+        /*
+         * break;
+         */
+    case SSL_CTRL_SET_TMP_DH_CB:
+        {
+            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+            return (0);
+        }
+        break;
+#endif
+#ifndef OPENSSL_NO_ECDH
+    case SSL_CTRL_SET_TMP_ECDH:
+        {
+            EC_KEY *ecdh = NULL;
+
+            if (parg == NULL) {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB);
+                return 0;
+            }
+            ecdh = EC_KEY_dup((EC_KEY *)parg);
+            if (ecdh == NULL) {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_EC_LIB);
+                return 0;
+            }
+            if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) {
+                if (!EC_KEY_generate_key(ecdh)) {
+                    EC_KEY_free(ecdh);
+                    SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB);
+                    return 0;
+                }
+            }
+
+            if (cert->ecdh_tmp != NULL) {
+                EC_KEY_free(cert->ecdh_tmp);
+            }
+            cert->ecdh_tmp = ecdh;
+            return 1;
+        }
+        /* break; */
+    case SSL_CTRL_SET_TMP_ECDH_CB:
+        {
+            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+            return (0);
+        }
+        break;
+#endif                          /* !OPENSSL_NO_ECDH */
+#ifndef OPENSSL_NO_TLSEXT
+    case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
+        ctx->tlsext_servername_arg = parg;
+        break;
+    case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
+    case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
+        {
+            unsigned char *keys = parg;
+            if (!keys)
+                return 48;
+            if (larg != 48) {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
+                return 0;
+            }
+            if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
+                memcpy(ctx->tlsext_tick_key_name, keys, 16);
+                memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
+                memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
+            } else {
+                memcpy(keys, ctx->tlsext_tick_key_name, 16);
+                memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
+                memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
+            }
+            return 1;
+        }
+
+# ifdef TLSEXT_TYPE_opaque_prf_input
+    case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
+        ctx->tlsext_opaque_prf_input_callback_arg = parg;
+        return 1;
+# endif
+
+    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
+        ctx->tlsext_status_arg = parg;
+        return 1;
+        break;
+
+# ifndef OPENSSL_NO_SRP
+    case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
+        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
+        if (ctx->srp_ctx.login != NULL)
+            OPENSSL_free(ctx->srp_ctx.login);
+        ctx->srp_ctx.login = NULL;
+        if (parg == NULL)
+            break;
+        if (strlen((const char *)parg) > 255
+            || strlen((const char *)parg) < 1) {
+            SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
+            return 0;
+        }
+        if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL) {
+            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        break;
+    case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
+        ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
+            srp_password_from_info_cb;
+        ctx->srp_ctx.info = parg;
+        break;
+    case SSL_CTRL_SET_SRP_ARG:
+        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
+        ctx->srp_ctx.SRP_cb_arg = parg;
+        break;
+
+    case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
+        ctx->srp_ctx.strength = larg;
+        break;
+# endif
+#endif                          /* !OPENSSL_NO_TLSEXT */
+
+        /* A Thawte special :-) */
+    case SSL_CTRL_EXTRA_CHAIN_CERT:
+        if (ctx->extra_certs == NULL) {
+            if ((ctx->extra_certs = sk_X509_new_null()) == NULL)
+                return (0);
+        }
+        sk_X509_push(ctx->extra_certs, (X509 *)parg);
+        break;
+
+    case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
+        *(STACK_OF(X509) **)parg = ctx->extra_certs;
+        break;
+
+    case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
+        if (ctx->extra_certs) {
+            sk_X509_pop_free(ctx->extra_certs, X509_free);
+            ctx->extra_certs = NULL;
+        }
+        break;
+
+    default:
+        return (0);
+    }
+    return (1);
+}
+
+long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
+{
+    CERT *cert;
+
+    cert = ctx->cert;
+
+    switch (cmd) {
+#ifndef OPENSSL_NO_RSA
+    case SSL_CTRL_SET_TMP_RSA_CB:
+        {
+            cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
+        }
+        break;
+#endif
+#ifndef OPENSSL_NO_DH
+    case SSL_CTRL_SET_TMP_DH_CB:
+        {
+            cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
+        }
+        break;
+#endif
+#ifndef OPENSSL_NO_ECDH
+    case SSL_CTRL_SET_TMP_ECDH_CB:
+        {
+            cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
+        }
+        break;
+#endif
+#ifndef OPENSSL_NO_TLSEXT
+    case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
+        ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp;
+        break;
+
+# ifdef TLSEXT_TYPE_opaque_prf_input
+    case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
+        ctx->tlsext_opaque_prf_input_callback =
+            (int (*)(SSL *, void *, size_t, void *))fp;
+        break;
+# endif
+
+    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
+        ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
+        break;
+
+    case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
+        ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *,
+                                             unsigned char *,
+                                             EVP_CIPHER_CTX *,
+                                             HMAC_CTX *, int))fp;
+        break;
+
+# ifndef OPENSSL_NO_SRP
+    case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
+        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
+        ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
+        break;
+    case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
+        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
+        ctx->srp_ctx.TLS_ext_srp_username_callback =
+            (int (*)(SSL *, int *, void *))fp;
+        break;
+    case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
+        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
+        ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
+            (char *(*)(SSL *, void *))fp;
+        break;
+# endif
+#endif
+
+    default:
+        return (0);
+    }
+    return (1);
+}
+
+/*
+ * This function needs to check if the ciphers required are actually
+ * available
+ */
+const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
+{
+    SSL_CIPHER c;
+    const SSL_CIPHER *cp;
+    unsigned long id;
+
+    id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1];
+    c.id = id;
+    cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
+#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
+    if (cp == NULL)
+        fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]);
+#endif
+    if (cp == NULL || cp->valid == 0)
+        return NULL;
+    else
+        return cp;
+}
+
+int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
+{
+    long l;
+
+    if (p != NULL) {
+        l = c->id;
+        if ((l & 0xff000000) != 0x03000000)
+            return (0);
+        p[0] = ((unsigned char)(l >> 8L)) & 0xFF;
+        p[1] = ((unsigned char)(l)) & 0xFF;
+    }
+    return (2);
+}
+
+SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
+                               STACK_OF(SSL_CIPHER) *srvr)
+{
+    SSL_CIPHER *c, *ret = NULL;
+    STACK_OF(SSL_CIPHER) *prio, *allow;
+    int i, ii, ok;
+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
+    unsigned int j;
+    int ec_ok, ec_nid;
+    unsigned char ec_search1 = 0, ec_search2 = 0;
+#endif
+    CERT *cert;
+    unsigned long alg_k, alg_a, mask_k, mask_a, emask_k, emask_a;
+
+    /* Let's see which ciphers we can support */
+    cert = s->cert;
+
+#if 0
+    /*
+     * Do not set the compare functions, because this may lead to a
+     * reordering by "id". We want to keep the original ordering. We may pay
+     * a price in performance during sk_SSL_CIPHER_find(), but would have to
+     * pay with the price of sk_SSL_CIPHER_dup().
+     */
+    sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
+    sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
+#endif
+
+#ifdef CIPHER_DEBUG
+    fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
+            (void *)srvr);
+    for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
+        c = sk_SSL_CIPHER_value(srvr, i);
+        fprintf(stderr, "%p:%s\n", (void *)c, c->name);
+    }
+    fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
+            (void *)clnt);
+    for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
+        c = sk_SSL_CIPHER_value(clnt, i);
+        fprintf(stderr, "%p:%s\n", (void *)c, c->name);
+    }
+#endif
+
+    if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
+        prio = srvr;
+        allow = clnt;
+    } else {
+        prio = clnt;
+        allow = srvr;
+    }
+
+    for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
+        c = sk_SSL_CIPHER_value(prio, i);
+
+        /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
+        if ((c->algorithm_ssl & SSL_TLSV1_2) &&
+            (TLS1_get_version(s) < TLS1_2_VERSION))
+            continue;
+
+        ssl_set_cert_masks(cert, c);
+        mask_k = cert->mask_k;
+        mask_a = cert->mask_a;
+        emask_k = cert->export_mask_k;
+        emask_a = cert->export_mask_a;
+#ifndef OPENSSL_NO_SRP
+        if (s->srp_ctx.srp_Mask & SSL_kSRP) {
+            mask_k |= SSL_kSRP;
+            emask_k |= SSL_kSRP;
+            mask_a |= SSL_aSRP;
+            emask_a |= SSL_aSRP;
+        }
+#endif
+
+#ifdef KSSL_DEBUG
+        /*
+         * fprintf(stderr,"ssl3_choose_cipher %d alg= %lx\n",
+         * i,c->algorithms);
+         */
+#endif                          /* KSSL_DEBUG */
+
+        alg_k = c->algorithm_mkey;
+        alg_a = c->algorithm_auth;
+
+#ifndef OPENSSL_NO_KRB5
+        if (alg_k & SSL_kKRB5) {
+            if (!kssl_keytab_is_available(s->kssl_ctx))
+                continue;
+        }
+#endif                          /* OPENSSL_NO_KRB5 */
+#ifndef OPENSSL_NO_PSK
+        /* with PSK there must be server callback set */
+        if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
+            continue;
+#endif                          /* OPENSSL_NO_PSK */
+
+        if (SSL_C_IS_EXPORT(c)) {
+            ok = (alg_k & emask_k) && (alg_a & emask_a);
+#ifdef CIPHER_DEBUG
+            fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",
+                    ok, alg_k, alg_a, emask_k, emask_a, (void *)c, c->name);
+#endif
+        } else {
+            ok = (alg_k & mask_k) && (alg_a & mask_a);
+#ifdef CIPHER_DEBUG
+            fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
+                    alg_a, mask_k, mask_a, (void *)c, c->name);
+#endif
+        }
+
+#ifndef OPENSSL_NO_TLSEXT
+# ifndef OPENSSL_NO_EC
+        if (
+               /*
+                * if we are considering an ECC cipher suite that uses our
+                * certificate
+                */
+               (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
+               /* and we have an ECC certificate */
+               && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
+               /*
+                * and the client specified a Supported Point Formats
+                * extension
+                */
+               && ((s->session->tlsext_ecpointformatlist_length > 0)
+                   && (s->session->tlsext_ecpointformatlist != NULL))
+               /* and our certificate's point is compressed */
+               && ((s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
+                   && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key !=
+                       NULL)
+                   && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->
+                       key->public_key != NULL)
+                   && (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->
+                       key->public_key->data != NULL)
+                   &&
+                   ((*
+                     (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->
+                      key->public_key->data) == POINT_CONVERSION_COMPRESSED)
+                    ||
+                    (*
+                     (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->
+                      key->public_key->data) ==
+                     POINT_CONVERSION_COMPRESSED + 1)
+                   )
+               )
+            ) {
+            ec_ok = 0;
+            /*
+             * if our certificate's curve is over a field type that the
+             * client does not support then do not allow this cipher suite to
+             * be negotiated
+             */
+            if ((s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
+                && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group !=
+                    NULL)
+                && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->
+                    group->meth != NULL)
+                &&
+                (EC_METHOD_get_field_type
+                 (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->
+                  group->meth) == NID_X9_62_prime_field)
+                ) {
+                for (j = 0; j < s->session->tlsext_ecpointformatlist_length;
+                     j++) {
+                    if (s->session->tlsext_ecpointformatlist[j] ==
+                        TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime) {
+                        ec_ok = 1;
+                        break;
+                    }
+                }
+            } else
+                if (EC_METHOD_get_field_type
+                    (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->
+                     group->meth) == NID_X9_62_characteristic_two_field) {
+                for (j = 0; j < s->session->tlsext_ecpointformatlist_length;
+                     j++) {
+                    if (s->session->tlsext_ecpointformatlist[j] ==
+                        TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2) {
+                        ec_ok = 1;
+                        break;
+                    }
+                }
+            }
+            ok = ok && ec_ok;
+        }
+        if (
+               /*
+                * if we are considering an ECC cipher suite that uses our
+                * certificate
+                */
+               (alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
+               /* and we have an ECC certificate */
+               && (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
+               /*
+                * and the client specified an EllipticCurves extension
+                */
+               && ((s->session->tlsext_ellipticcurvelist_length > 0)
+                   && (s->session->tlsext_ellipticcurvelist != NULL))
+            ) {
+            ec_ok = 0;
+            if ((s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
+                && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group !=
+                    NULL)
+                ) {
+                ec_nid =
+                    EC_GROUP_get_curve_name(s->cert->
+                                            pkeys[SSL_PKEY_ECC].privatekey->
+                                            pkey.ec->group);
+                if ((ec_nid == 0)
+                    && (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.
+                        ec->group->meth != NULL)
+                    ) {
+                    if (EC_METHOD_get_field_type
+                        (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.
+                         ec->group->meth) == NID_X9_62_prime_field) {
+                        ec_search1 = 0xFF;
+                        ec_search2 = 0x01;
+                    } else
+                        if (EC_METHOD_get_field_type
+                            (s->cert->pkeys[SSL_PKEY_ECC].privatekey->
+                             pkey.ec->group->meth) ==
+                            NID_X9_62_characteristic_two_field) {
+                        ec_search1 = 0xFF;
+                        ec_search2 = 0x02;
+                    }
+                } else {
+                    ec_search1 = 0x00;
+                    ec_search2 = tls1_ec_nid2curve_id(ec_nid);
+                }
+                if ((ec_search1 != 0) || (ec_search2 != 0)) {
+                    for (j = 0;
+                         j < s->session->tlsext_ellipticcurvelist_length / 2;
+                         j++) {
+                        if ((s->session->tlsext_ellipticcurvelist[2 * j] ==
+                             ec_search1)
+                            && (s->session->tlsext_ellipticcurvelist[2 * j +
+                                                                     1] ==
+                                ec_search2)) {
+                            ec_ok = 1;
+                            break;
+                        }
+                    }
+                }
+            }
+            ok = ok && ec_ok;
+        }
+#  ifndef OPENSSL_NO_ECDH
+        if (
+               /*
+                * if we are considering an ECC cipher suite that uses an
+                * ephemeral EC key
+                */
+               (alg_k & SSL_kEECDH)
+               /* and we have an ephemeral EC key */
+               && (s->cert->ecdh_tmp != NULL)
+               /*
+                * and the client specified an EllipticCurves extension
+                */
+               && ((s->session->tlsext_ellipticcurvelist_length > 0)
+                   && (s->session->tlsext_ellipticcurvelist != NULL))
+            ) {
+            ec_ok = 0;
+            if (s->cert->ecdh_tmp->group != NULL) {
+                ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group);
+                if ((ec_nid == 0)
+                    && (s->cert->ecdh_tmp->group->meth != NULL)
+                    ) {
+                    if (EC_METHOD_get_field_type
+                        (s->cert->ecdh_tmp->group->meth) ==
+                        NID_X9_62_prime_field) {
+                        ec_search1 = 0xFF;
+                        ec_search2 = 0x01;
+                    } else
+                        if (EC_METHOD_get_field_type
+                            (s->cert->ecdh_tmp->group->meth) ==
+                            NID_X9_62_characteristic_two_field) {
+                        ec_search1 = 0xFF;
+                        ec_search2 = 0x02;
+                    }
+                } else {
+                    ec_search1 = 0x00;
+                    ec_search2 = tls1_ec_nid2curve_id(ec_nid);
+                }
+                if ((ec_search1 != 0) || (ec_search2 != 0)) {
+                    for (j = 0;
+                         j < s->session->tlsext_ellipticcurvelist_length / 2;
+                         j++) {
+                        if ((s->session->tlsext_ellipticcurvelist[2 * j] ==
+                             ec_search1)
+                            && (s->session->tlsext_ellipticcurvelist[2 * j +
+                                                                     1] ==
+                                ec_search2)) {
+                            ec_ok = 1;
+                            break;
+                        }
+                    }
+                }
+            }
+            ok = ok && ec_ok;
+        }
+#  endif                        /* OPENSSL_NO_ECDH */
+# endif                         /* OPENSSL_NO_EC */
+#endif                          /* OPENSSL_NO_TLSEXT */
+
+        if (!ok)
+            continue;
+        ii = sk_SSL_CIPHER_find(allow, c);
+        if (ii >= 0) {
+#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
+            if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA)
+                && s->s3->is_probably_safari) {
+                if (!ret)
+                    ret = sk_SSL_CIPHER_value(allow, ii);
+                continue;
+            }
+#endif
+            ret = sk_SSL_CIPHER_value(allow, ii);
+            break;
+        }
+    }
+    return (ret);
+}
+
+int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
+{
+    int ret = 0;
+    unsigned long alg_k;
+
+    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+
+#ifndef OPENSSL_NO_GOST
+    if (s->version >= TLS1_VERSION) {
+        if (alg_k & SSL_kGOST) {
+            p[ret++] = TLS_CT_GOST94_SIGN;
+            p[ret++] = TLS_CT_GOST01_SIGN;
+            return (ret);
+        }
+    }
+#endif
+
+#ifndef OPENSSL_NO_DH
+    if (alg_k & (SSL_kDHr | SSL_kEDH)) {
+# ifndef OPENSSL_NO_RSA
+        p[ret++] = SSL3_CT_RSA_FIXED_DH;
+# endif
+# ifndef OPENSSL_NO_DSA
+        p[ret++] = SSL3_CT_DSS_FIXED_DH;
+# endif
+    }
+    if ((s->version == SSL3_VERSION) &&
+        (alg_k & (SSL_kEDH | SSL_kDHd | SSL_kDHr))) {
+# ifndef OPENSSL_NO_RSA
+        p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
+# endif
+# ifndef OPENSSL_NO_DSA
+        p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
+# endif
+    }
+#endif                          /* !OPENSSL_NO_DH */
+#ifndef OPENSSL_NO_RSA
+    p[ret++] = SSL3_CT_RSA_SIGN;
+#endif
+#ifndef OPENSSL_NO_DSA
+    p[ret++] = SSL3_CT_DSS_SIGN;
+#endif
+#ifndef OPENSSL_NO_ECDH
+    if ((alg_k & (SSL_kECDHr | SSL_kECDHe)) && (s->version >= TLS1_VERSION)) {
+        p[ret++] = TLS_CT_RSA_FIXED_ECDH;
+        p[ret++] = TLS_CT_ECDSA_FIXED_ECDH;
+    }
+#endif
+
+#ifndef OPENSSL_NO_ECDSA
+    /*
+     * ECDSA certs can be used with RSA cipher suites as well so we don't
+     * need to check for SSL_kECDH or SSL_kEECDH
+     */
+    if (s->version >= TLS1_VERSION) {
+        p[ret++] = TLS_CT_ECDSA_SIGN;
+    }
+#endif
+    return (ret);
+}
+
+int ssl3_shutdown(SSL *s)
+{
+    int ret;
+
+    /*
+     * Don't do anything much if we have not done the handshake or we don't
+     * want to send messages :-)
+     */
+    if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) {
+        s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+        return (1);
+    }
+
+    if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
+        s->shutdown |= SSL_SENT_SHUTDOWN;
+#if 1
+        ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
+#endif
+        /*
+         * our shutdown alert has been sent now, and if it still needs to be
+         * written, s->s3->alert_dispatch will be true
+         */
+        if (s->s3->alert_dispatch)
+            return (-1);        /* return WANT_WRITE */
+    } else if (s->s3->alert_dispatch) {
+        /* resend it if not sent */
+#if 1
+        ret = s->method->ssl_dispatch_alert(s);
+        if (ret == -1) {
+            /*
+             * we only get to return -1 here the 2nd/Nth invocation, we must
+             * have already signalled return 0 upon a previous invoation,
+             * return WANT_WRITE
+             */
+            return (ret);
+        }
+#endif
+    } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
+        /*
+         * If we are waiting for a close from our peer, we are closed
+         */
+        s->method->ssl_read_bytes(s, 0, NULL, 0, 0);
+        if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
+            return (-1);        /* return WANT_READ */
+        }
+    }
+
+    if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
+        !s->s3->alert_dispatch)
+        return (1);
+    else
+        return (0);
+}
+
+int ssl3_write(SSL *s, const void *buf, int len)
+{
+    int ret, n;
+
+#if 0
+    if (s->shutdown & SSL_SEND_SHUTDOWN) {
+        s->rwstate = SSL_NOTHING;
+        return (0);
+    }
+#endif
+    clear_sys_error();
+    if (s->s3->renegotiate)
+        ssl3_renegotiate_check(s);
+
+    /*
+     * This is an experimental flag that sends the last handshake message in
+     * the same packet as the first use data - used to see if it helps the
+     * TCP protocol during session-id reuse
+     */
+    /* The second test is because the buffer may have been removed */
+    if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) {
+        /* First time through, we write into the buffer */
+        if (s->s3->delay_buf_pop_ret == 0) {
+            ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len);
+            if (ret <= 0)
+                return (ret);
+
+            s->s3->delay_buf_pop_ret = ret;
+        }
+
+        s->rwstate = SSL_WRITING;
+        n = BIO_flush(s->wbio);
+        if (n <= 0)
+            return (n);
+        s->rwstate = SSL_NOTHING;
+
+        /* We have flushed the buffer, so remove it */
+        ssl_free_wbio_buffer(s);
+        s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
+
+        ret = s->s3->delay_buf_pop_ret;
+        s->s3->delay_buf_pop_ret = 0;
+    } else {
+        ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
+                                         buf, len);
+        if (ret <= 0)
+            return (ret);
+    }
+
+    return (ret);
+}
+
+static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
+{
+    int ret;
+
+    clear_sys_error();
+    if (s->s3->renegotiate)
+        ssl3_renegotiate_check(s);
+    s->s3->in_read_app_data = 1;
+    ret =
+        s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
+                                  peek);
+    if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
+        /*
+         * ssl3_read_bytes decided to call s->handshake_func, which called
+         * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
+         * actually found application data and thinks that application data
+         * makes sense here; so disable handshake processing and try to read
+         * application data again.
+         */
+        s->in_handshake++;
+        ret =
+            s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
+                                      peek);
+        s->in_handshake--;
+    } else
+        s->s3->in_read_app_data = 0;
+
+    return (ret);
+}
+
+int ssl3_read(SSL *s, void *buf, int len)
+{
+    return ssl3_read_internal(s, buf, len, 0);
+}
+
+int ssl3_peek(SSL *s, void *buf, int len)
+{
+    return ssl3_read_internal(s, buf, len, 1);
+}
+
+int ssl3_renegotiate(SSL *s)
+{
+    if (s->handshake_func == NULL)
+        return (1);
+
+    if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
+        return (0);
+
+    s->s3->renegotiate = 1;
+    return (1);
+}
+
+int ssl3_renegotiate_check(SSL *s)
+{
+    int ret = 0;
+
+    if (s->s3->renegotiate) {
+        if ((s->s3->rbuf.left == 0) &&
+            (s->s3->wbuf.left == 0) && !SSL_in_init(s)) {
+            /*
+             * if we are the server, and we have sent a 'RENEGOTIATE'
+             * message, we need to go to SSL_ST_ACCEPT.
+             */
+            /* SSL_ST_ACCEPT */
+            s->state = SSL_ST_RENEGOTIATE;
+            s->s3->renegotiate = 0;
+            s->s3->num_renegotiations++;
+            s->s3->total_renegotiations++;
+            ret = 1;
+        }
+    }
+    return (ret);
+}
+
+/*
+ * If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch
+ * to new SHA256 PRF and handshake macs
+ */
+long ssl_get_algorithm2(SSL *s)
+{
+    long alg2 = s->s3->tmp.new_cipher->algorithm2;
+    if (s->method->version == TLS1_2_VERSION &&
+        alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
+        return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
+    return alg2;
+}

Deleted: vendor-crypto/openssl/1.0.1u/ssl/s3_srvr.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/s3_srvr.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/ssl/s3_srvr.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,3654 +0,0 @@
-/* ssl/s3_srvr.c -*- mode:C; c-file-style: "eay" -*- */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * ECC cipher suite support in OpenSSL originally written by
- * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#define REUSE_CIPHER_BUG
-#define NETSCAPE_HANG_BUG
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include "kssl_lcl.h"
-#include "../crypto/constant_time_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/x509.h>
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_KRB5
-# include <openssl/krb5_asn.h>
-#endif
-#include <openssl/md5.h>
-
-#ifndef OPENSSL_NO_SSL3_METHOD
-static const SSL_METHOD *ssl3_get_server_method(int ver);
-
-static const SSL_METHOD *ssl3_get_server_method(int ver)
-{
-    if (ver == SSL3_VERSION)
-        return (SSLv3_server_method());
-    else
-        return (NULL);
-}
-
-IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
-                         ssl3_accept,
-                         ssl_undefined_function, ssl3_get_server_method)
-#endif
-#ifndef OPENSSL_NO_SRP
-static int ssl_check_srp_ext_ClientHello(SSL *s, int *al)
-{
-    int ret = SSL_ERROR_NONE;
-
-    *al = SSL_AD_UNRECOGNIZED_NAME;
-
-    if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) &&
-        (s->srp_ctx.TLS_ext_srp_username_callback != NULL)) {
-        if (s->srp_ctx.login == NULL) {
-            /*
-             * RFC 5054 says SHOULD reject, we do so if There is no srp
-             * login name
-             */
-            ret = SSL3_AL_FATAL;
-            *al = SSL_AD_UNKNOWN_PSK_IDENTITY;
-        } else {
-            ret = SSL_srp_server_param_with_username(s, al);
-        }
-    }
-    return ret;
-}
-#endif
-
-int ssl3_accept(SSL *s)
-{
-    BUF_MEM *buf;
-    unsigned long alg_k, Time = (unsigned long)time(NULL);
-    void (*cb) (const SSL *ssl, int type, int val) = NULL;
-    int ret = -1;
-    int new_state, state, skip = 0;
-
-    RAND_add(&Time, sizeof(Time), 0);
-    ERR_clear_error();
-    clear_sys_error();
-
-    if (s->info_callback != NULL)
-        cb = s->info_callback;
-    else if (s->ctx->info_callback != NULL)
-        cb = s->ctx->info_callback;
-
-    /* init things to blank */
-    s->in_handshake++;
-    if (!SSL_in_init(s) || SSL_in_before(s))
-        SSL_clear(s);
-
-    if (s->cert == NULL) {
-        SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
-        return (-1);
-    }
-#ifndef OPENSSL_NO_HEARTBEATS
-    /*
-     * If we're awaiting a HeartbeatResponse, pretend we already got and
-     * don't await it anymore, because Heartbeats don't make sense during
-     * handshakes anyway.
-     */
-    if (s->tlsext_hb_pending) {
-        s->tlsext_hb_pending = 0;
-        s->tlsext_hb_seq++;
-    }
-#endif
-
-    for (;;) {
-        state = s->state;
-
-        switch (s->state) {
-        case SSL_ST_RENEGOTIATE:
-            s->renegotiate = 1;
-            /* s->state=SSL_ST_ACCEPT; */
-
-        case SSL_ST_BEFORE:
-        case SSL_ST_ACCEPT:
-        case SSL_ST_BEFORE | SSL_ST_ACCEPT:
-        case SSL_ST_OK | SSL_ST_ACCEPT:
-
-            s->server = 1;
-            if (cb != NULL)
-                cb(s, SSL_CB_HANDSHAKE_START, 1);
-
-            if ((s->version >> 8) != 3) {
-                SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);
-                s->state = SSL_ST_ERR;
-                return -1;
-            }
-            s->type = SSL_ST_ACCEPT;
-
-            if (s->init_buf == NULL) {
-                if ((buf = BUF_MEM_new()) == NULL) {
-                    ret = -1;
-                    s->state = SSL_ST_ERR;
-                    goto end;
-                }
-                if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
-                    BUF_MEM_free(buf);
-                    ret = -1;
-                    s->state = SSL_ST_ERR;
-                    goto end;
-                }
-                s->init_buf = buf;
-            }
-
-            if (!ssl3_setup_buffers(s)) {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-
-            s->init_num = 0;
-            s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE;
-            s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
-            /*
-             * Should have been reset by ssl3_get_finished, too.
-             */
-            s->s3->change_cipher_spec = 0;
-
-            if (s->state != SSL_ST_RENEGOTIATE) {
-                /*
-                 * Ok, we now need to push on a buffering BIO so that the
-                 * output is sent in a way that TCP likes :-)
-                 */
-                if (!ssl_init_wbio_buffer(s, 1)) {
-                    ret = -1;
-                    s->state = SSL_ST_ERR;
-                    goto end;
-                }
-
-                ssl3_init_finished_mac(s);
-                s->state = SSL3_ST_SR_CLNT_HELLO_A;
-                s->ctx->stats.sess_accept++;
-            } else if (!s->s3->send_connection_binding &&
-                       !(s->options &
-                         SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
-                /*
-                 * Server attempting to renegotiate with client that doesn't
-                 * support secure renegotiation.
-                 */
-                SSLerr(SSL_F_SSL3_ACCEPT,
-                       SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            } else {
-                /*
-                 * s->state == SSL_ST_RENEGOTIATE, we will just send a
-                 * HelloRequest
-                 */
-                s->ctx->stats.sess_accept_renegotiate++;
-                s->state = SSL3_ST_SW_HELLO_REQ_A;
-            }
-            break;
-
-        case SSL3_ST_SW_HELLO_REQ_A:
-        case SSL3_ST_SW_HELLO_REQ_B:
-
-            s->shutdown = 0;
-            ret = ssl3_send_hello_request(s);
-            if (ret <= 0)
-                goto end;
-            s->s3->tmp.next_state = SSL3_ST_SW_HELLO_REQ_C;
-            s->state = SSL3_ST_SW_FLUSH;
-            s->init_num = 0;
-
-            ssl3_init_finished_mac(s);
-            break;
-
-        case SSL3_ST_SW_HELLO_REQ_C:
-            s->state = SSL_ST_OK;
-            break;
-
-        case SSL3_ST_SR_CLNT_HELLO_A:
-        case SSL3_ST_SR_CLNT_HELLO_B:
-        case SSL3_ST_SR_CLNT_HELLO_C:
-
-            s->shutdown = 0;
-            if (s->rwstate != SSL_X509_LOOKUP) {
-                ret = ssl3_get_client_hello(s);
-                if (ret <= 0)
-                    goto end;
-            }
-#ifndef OPENSSL_NO_SRP
-            {
-                int al;
-                if ((ret = ssl_check_srp_ext_ClientHello(s, &al)) < 0) {
-                    /*
-                     * callback indicates firther work to be done
-                     */
-                    s->rwstate = SSL_X509_LOOKUP;
-                    goto end;
-                }
-                if (ret != SSL_ERROR_NONE) {
-                    ssl3_send_alert(s, SSL3_AL_FATAL, al);
-                    /*
-                     * This is not really an error but the only means to for
-                     * a client to detect whether srp is supported.
-                     */
-                    if (al != TLS1_AD_UNKNOWN_PSK_IDENTITY)
-                        SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_CLIENTHELLO_TLSEXT);
-                    ret = -1;
-                    s->state = SSL_ST_ERR;
-                    goto end;
-                }
-            }
-#endif
-
-            s->renegotiate = 2;
-            s->state = SSL3_ST_SW_SRVR_HELLO_A;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_SW_SRVR_HELLO_A:
-        case SSL3_ST_SW_SRVR_HELLO_B:
-            ret = ssl3_send_server_hello(s);
-            if (ret <= 0)
-                goto end;
-#ifndef OPENSSL_NO_TLSEXT
-            if (s->hit) {
-                if (s->tlsext_ticket_expected)
-                    s->state = SSL3_ST_SW_SESSION_TICKET_A;
-                else
-                    s->state = SSL3_ST_SW_CHANGE_A;
-            }
-#else
-            if (s->hit)
-                s->state = SSL3_ST_SW_CHANGE_A;
-#endif
-            else
-                s->state = SSL3_ST_SW_CERT_A;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_SW_CERT_A:
-        case SSL3_ST_SW_CERT_B:
-            /* Check if it is anon DH or anon ECDH, */
-            /* normal PSK or KRB5 or SRP */
-            if (!
-                (s->s3->tmp.
-                 new_cipher->algorithm_auth & (SSL_aNULL | SSL_aKRB5 |
-                                               SSL_aSRP))
-&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
-                ret = ssl3_send_server_certificate(s);
-                if (ret <= 0)
-                    goto end;
-#ifndef OPENSSL_NO_TLSEXT
-                if (s->tlsext_status_expected)
-                    s->state = SSL3_ST_SW_CERT_STATUS_A;
-                else
-                    s->state = SSL3_ST_SW_KEY_EXCH_A;
-            } else {
-                skip = 1;
-                s->state = SSL3_ST_SW_KEY_EXCH_A;
-            }
-#else
-            } else
-                skip = 1;
-
-            s->state = SSL3_ST_SW_KEY_EXCH_A;
-#endif
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_SW_KEY_EXCH_A:
-        case SSL3_ST_SW_KEY_EXCH_B:
-            alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-
-            /*
-             * clear this, it may get reset by
-             * send_server_key_exchange
-             */
-            s->s3->tmp.use_rsa_tmp = 0;
-
-            /*
-             * only send if a DH key exchange, fortezza or RSA but we have a
-             * sign only certificate PSK: may send PSK identity hints For
-             * ECC ciphersuites, we send a serverKeyExchange message only if
-             * the cipher suite is either ECDH-anon or ECDHE. In other cases,
-             * the server certificate contains the server's public key for
-             * key exchange.
-             */
-            if (0
-                /*
-                 * PSK: send ServerKeyExchange if PSK identity hint if
-                 * provided
-                 */
-#ifndef OPENSSL_NO_PSK
-                || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
-#endif
-#ifndef OPENSSL_NO_SRP
-                /* SRP: send ServerKeyExchange */
-                || (alg_k & SSL_kSRP)
-#endif
-                || (alg_k & (SSL_kDHr | SSL_kDHd | SSL_kEDH))
-                || (alg_k & SSL_kEECDH)
-                || ((alg_k & SSL_kRSA)
-                    && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
-                        || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
-                            && EVP_PKEY_size(s->cert->pkeys
-                                             [SSL_PKEY_RSA_ENC].privatekey) *
-                            8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
-                        )
-                    )
-                )
-                ) {
-                ret = ssl3_send_server_key_exchange(s);
-                if (ret <= 0)
-                    goto end;
-            } else
-                skip = 1;
-
-            s->state = SSL3_ST_SW_CERT_REQ_A;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_SW_CERT_REQ_A:
-        case SSL3_ST_SW_CERT_REQ_B:
-            if (                /* don't request cert unless asked for it: */
-                   !(s->verify_mode & SSL_VERIFY_PEER) ||
-                   /*
-                    * if SSL_VERIFY_CLIENT_ONCE is set, don't request cert
-                    * during re-negotiation:
-                    */
-                   ((s->session->peer != NULL) &&
-                    (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
-                   /*
-                    * never request cert in anonymous ciphersuites (see
-                    * section "Certificate request" in SSL 3 drafts and in
-                    * RFC 2246):
-                    */
-                   ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
-                    /*
-                     * ... except when the application insists on
-                     * verification (against the specs, but s3_clnt.c accepts
-                     * this for SSL 3)
-                     */
-                    !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
-                   /*
-                    * never request cert in Kerberos ciphersuites
-                    */
-                   (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) ||
-                   /* don't request certificate for SRP auth */
-                   (s->s3->tmp.new_cipher->algorithm_auth & SSL_aSRP)
-                   /*
-                    * With normal PSK Certificates and Certificate Requests
-                    * are omitted
-                    */
-                   || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
-                /* no cert request */
-                skip = 1;
-                s->s3->tmp.cert_request = 0;
-                s->state = SSL3_ST_SW_SRVR_DONE_A;
-                if (s->s3->handshake_buffer) {
-                    if (!ssl3_digest_cached_records(s)) {
-                        s->state = SSL_ST_ERR;
-                        return -1;
-                    }
-                }
-            } else {
-                s->s3->tmp.cert_request = 1;
-                ret = ssl3_send_certificate_request(s);
-                if (ret <= 0)
-                    goto end;
-#ifndef NETSCAPE_HANG_BUG
-                s->state = SSL3_ST_SW_SRVR_DONE_A;
-#else
-                s->state = SSL3_ST_SW_FLUSH;
-                s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
-#endif
-                s->init_num = 0;
-            }
-            break;
-
-        case SSL3_ST_SW_SRVR_DONE_A:
-        case SSL3_ST_SW_SRVR_DONE_B:
-            ret = ssl3_send_server_done(s);
-            if (ret <= 0)
-                goto end;
-            s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
-            s->state = SSL3_ST_SW_FLUSH;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_SW_FLUSH:
-
-            /*
-             * This code originally checked to see if any data was pending
-             * using BIO_CTRL_INFO and then flushed. This caused problems as
-             * documented in PR#1939. The proposed fix doesn't completely
-             * resolve this issue as buggy implementations of
-             * BIO_CTRL_PENDING still exist. So instead we just flush
-             * unconditionally.
-             */
-
-            s->rwstate = SSL_WRITING;
-            if (BIO_flush(s->wbio) <= 0) {
-                ret = -1;
-                goto end;
-            }
-            s->rwstate = SSL_NOTHING;
-
-            s->state = s->s3->tmp.next_state;
-            break;
-
-        case SSL3_ST_SR_CERT_A:
-        case SSL3_ST_SR_CERT_B:
-            /* Check for second client hello (MS SGC) */
-            ret = ssl3_check_client_hello(s);
-            if (ret <= 0)
-                goto end;
-            if (ret == 2)
-                s->state = SSL3_ST_SR_CLNT_HELLO_C;
-            else {
-                if (s->s3->tmp.cert_request) {
-                    ret = ssl3_get_client_certificate(s);
-                    if (ret <= 0)
-                        goto end;
-                }
-                s->init_num = 0;
-                s->state = SSL3_ST_SR_KEY_EXCH_A;
-            }
-            break;
-
-        case SSL3_ST_SR_KEY_EXCH_A:
-        case SSL3_ST_SR_KEY_EXCH_B:
-            ret = ssl3_get_client_key_exchange(s);
-            if (ret <= 0)
-                goto end;
-            if (ret == 2) {
-                /*
-                 * For the ECDH ciphersuites when the client sends its ECDH
-                 * pub key in a certificate, the CertificateVerify message is
-                 * not sent. Also for GOST ciphersuites when the client uses
-                 * its key from the certificate for key exchange.
-                 */
-#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
-                s->state = SSL3_ST_SR_FINISHED_A;
-#else
-                if (s->s3->next_proto_neg_seen)
-                    s->state = SSL3_ST_SR_NEXT_PROTO_A;
-                else
-                    s->state = SSL3_ST_SR_FINISHED_A;
-#endif
-                s->init_num = 0;
-            } else if (TLS1_get_version(s) >= TLS1_2_VERSION) {
-                s->state = SSL3_ST_SR_CERT_VRFY_A;
-                s->init_num = 0;
-                if (!s->session->peer)
-                    break;
-                /*
-                 * For TLS v1.2 freeze the handshake buffer at this point and
-                 * digest cached records.
-                 */
-                if (!s->s3->handshake_buffer) {
-                    SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);
-                    s->state = SSL_ST_ERR;
-                    return -1;
-                }
-                s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
-                if (!ssl3_digest_cached_records(s)) {
-                    s->state = SSL_ST_ERR;
-                    return -1;
-                }
-            } else {
-                int offset = 0;
-                int dgst_num;
-
-                s->state = SSL3_ST_SR_CERT_VRFY_A;
-                s->init_num = 0;
-
-                /*
-                 * We need to get hashes here so if there is a client cert,
-                 * it can be verified FIXME - digest processing for
-                 * CertificateVerify should be generalized. But it is next
-                 * step
-                 */
-                if (s->s3->handshake_buffer) {
-                    if (!ssl3_digest_cached_records(s)) {
-                        s->state = SSL_ST_ERR;
-                        return -1;
-                    }
-                }
-                for (dgst_num = 0; dgst_num < SSL_MAX_DIGEST; dgst_num++)
-                    if (s->s3->handshake_dgst[dgst_num]) {
-                        int dgst_size;
-
-                        s->method->ssl3_enc->cert_verify_mac(s,
-                                                             EVP_MD_CTX_type
-                                                             (s->
-                                                              s3->handshake_dgst
-                                                              [dgst_num]),
-                                                             &(s->s3->
-                                                               tmp.cert_verify_md
-                                                               [offset]));
-                        dgst_size =
-                            EVP_MD_CTX_size(s->s3->handshake_dgst[dgst_num]);
-                        if (dgst_size < 0) {
-                            s->state = SSL_ST_ERR;
-                            ret = -1;
-                            goto end;
-                        }
-                        offset += dgst_size;
-                    }
-            }
-            break;
-
-        case SSL3_ST_SR_CERT_VRFY_A:
-        case SSL3_ST_SR_CERT_VRFY_B:
-            ret = ssl3_get_cert_verify(s);
-            if (ret <= 0)
-                goto end;
-
-#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
-            s->state = SSL3_ST_SR_FINISHED_A;
-#else
-            if (s->s3->next_proto_neg_seen)
-                s->state = SSL3_ST_SR_NEXT_PROTO_A;
-            else
-                s->state = SSL3_ST_SR_FINISHED_A;
-#endif
-            s->init_num = 0;
-            break;
-
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
-        case SSL3_ST_SR_NEXT_PROTO_A:
-        case SSL3_ST_SR_NEXT_PROTO_B:
-            /*
-             * Enable CCS for NPN. Receiving a CCS clears the flag, so make
-             * sure not to re-enable it to ban duplicates. This *should* be the
-             * first time we have received one - but we check anyway to be
-             * cautious.
-             * s->s3->change_cipher_spec is set when a CCS is
-             * processed in s3_pkt.c, and remains set until
-             * the client's Finished message is read.
-             */
-            if (!s->s3->change_cipher_spec)
-                s->s3->flags |= SSL3_FLAGS_CCS_OK;
-
-            ret = ssl3_get_next_proto(s);
-            if (ret <= 0)
-                goto end;
-            s->init_num = 0;
-            s->state = SSL3_ST_SR_FINISHED_A;
-            break;
-#endif
-
-        case SSL3_ST_SR_FINISHED_A:
-        case SSL3_ST_SR_FINISHED_B:
-            /*
-             * Enable CCS for handshakes without NPN. In NPN the CCS flag has
-             * already been set. Receiving a CCS clears the flag, so make
-             * sure not to re-enable it to ban duplicates.
-             * s->s3->change_cipher_spec is set when a CCS is
-             * processed in s3_pkt.c, and remains set until
-             * the client's Finished message is read.
-             */
-            if (!s->s3->change_cipher_spec)
-                s->s3->flags |= SSL3_FLAGS_CCS_OK;
-            ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A,
-                                    SSL3_ST_SR_FINISHED_B);
-            if (ret <= 0)
-                goto end;
-            if (s->hit)
-                s->state = SSL_ST_OK;
-#ifndef OPENSSL_NO_TLSEXT
-            else if (s->tlsext_ticket_expected)
-                s->state = SSL3_ST_SW_SESSION_TICKET_A;
-#endif
-            else
-                s->state = SSL3_ST_SW_CHANGE_A;
-            s->init_num = 0;
-            break;
-
-#ifndef OPENSSL_NO_TLSEXT
-        case SSL3_ST_SW_SESSION_TICKET_A:
-        case SSL3_ST_SW_SESSION_TICKET_B:
-            ret = ssl3_send_newsession_ticket(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_SW_CHANGE_A;
-            s->init_num = 0;
-            break;
-
-        case SSL3_ST_SW_CERT_STATUS_A:
-        case SSL3_ST_SW_CERT_STATUS_B:
-            ret = ssl3_send_cert_status(s);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_SW_KEY_EXCH_A;
-            s->init_num = 0;
-            break;
-
-#endif
-
-        case SSL3_ST_SW_CHANGE_A:
-        case SSL3_ST_SW_CHANGE_B:
-
-            s->session->cipher = s->s3->tmp.new_cipher;
-            if (!s->method->ssl3_enc->setup_key_block(s)) {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-
-            ret = ssl3_send_change_cipher_spec(s,
-                                               SSL3_ST_SW_CHANGE_A,
-                                               SSL3_ST_SW_CHANGE_B);
-
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_SW_FINISHED_A;
-            s->init_num = 0;
-
-            if (!s->method->ssl3_enc->change_cipher_state(s,
-                                                          SSL3_CHANGE_CIPHER_SERVER_WRITE))
-            {
-                ret = -1;
-                s->state = SSL_ST_ERR;
-                goto end;
-            }
-
-            break;
-
-        case SSL3_ST_SW_FINISHED_A:
-        case SSL3_ST_SW_FINISHED_B:
-            ret = ssl3_send_finished(s,
-                                     SSL3_ST_SW_FINISHED_A,
-                                     SSL3_ST_SW_FINISHED_B,
-                                     s->method->
-                                     ssl3_enc->server_finished_label,
-                                     s->method->
-                                     ssl3_enc->server_finished_label_len);
-            if (ret <= 0)
-                goto end;
-            s->state = SSL3_ST_SW_FLUSH;
-            if (s->hit) {
-#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
-                s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A;
-#else
-                if (s->s3->next_proto_neg_seen) {
-                    s->s3->tmp.next_state = SSL3_ST_SR_NEXT_PROTO_A;
-                } else
-                    s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A;
-#endif
-            } else
-                s->s3->tmp.next_state = SSL_ST_OK;
-            s->init_num = 0;
-            break;
-
-        case SSL_ST_OK:
-            /* clean a few things up */
-            ssl3_cleanup_key_block(s);
-
-            BUF_MEM_free(s->init_buf);
-            s->init_buf = NULL;
-
-            /* remove buffering on output */
-            ssl_free_wbio_buffer(s);
-
-            s->init_num = 0;
-
-            if (s->renegotiate == 2) { /* skipped if we just sent a
-                                        * HelloRequest */
-                s->renegotiate = 0;
-                s->new_session = 0;
-
-                ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
-
-                s->ctx->stats.sess_accept_good++;
-                /* s->server=1; */
-                s->handshake_func = ssl3_accept;
-
-                if (cb != NULL)
-                    cb(s, SSL_CB_HANDSHAKE_DONE, 1);
-            }
-
-            ret = 1;
-            goto end;
-            /* break; */
-
-        case SSL_ST_ERR:
-        default:
-            SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNKNOWN_STATE);
-            ret = -1;
-            goto end;
-            /* break; */
-        }
-
-        if (!s->s3->tmp.reuse_message && !skip) {
-            if (s->debug) {
-                if ((ret = BIO_flush(s->wbio)) <= 0)
-                    goto end;
-            }
-
-            if ((cb != NULL) && (s->state != state)) {
-                new_state = s->state;
-                s->state = state;
-                cb(s, SSL_CB_ACCEPT_LOOP, 1);
-                s->state = new_state;
-            }
-        }
-        skip = 0;
-    }
- end:
-    /* BIO_flush(s->wbio); */
-
-    s->in_handshake--;
-    if (cb != NULL)
-        cb(s, SSL_CB_ACCEPT_EXIT, ret);
-    return (ret);
-}
-
-int ssl3_send_hello_request(SSL *s)
-{
-    unsigned char *p;
-
-    if (s->state == SSL3_ST_SW_HELLO_REQ_A) {
-        p = (unsigned char *)s->init_buf->data;
-        *(p++) = SSL3_MT_HELLO_REQUEST;
-        *(p++) = 0;
-        *(p++) = 0;
-        *(p++) = 0;
-
-        s->state = SSL3_ST_SW_HELLO_REQ_B;
-        /* number of bytes to write */
-        s->init_num = 4;
-        s->init_off = 0;
-    }
-
-    /* SSL3_ST_SW_HELLO_REQ_B */
-    return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
-}
-
-int ssl3_check_client_hello(SSL *s)
-{
-    int ok;
-    long n;
-
-    /*
-     * this function is called when we really expect a Certificate message,
-     * so permit appropriate message length
-     */
-    n = s->method->ssl_get_message(s,
-                                   SSL3_ST_SR_CERT_A,
-                                   SSL3_ST_SR_CERT_B,
-                                   -1, s->max_cert_list, &ok);
-    if (!ok)
-        return ((int)n);
-    s->s3->tmp.reuse_message = 1;
-    if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO) {
-        /*
-         * We only allow the client to restart the handshake once per
-         * negotiation.
-         */
-        if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE) {
-            SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO,
-                   SSL_R_MULTIPLE_SGC_RESTARTS);
-            return -1;
-        }
-        /*
-         * Throw away what we have done so far in the current handshake,
-         * which will now be aborted. (A full SSL_clear would be too much.)
-         */
-#ifndef OPENSSL_NO_DH
-        if (s->s3->tmp.dh != NULL) {
-            DH_free(s->s3->tmp.dh);
-            s->s3->tmp.dh = NULL;
-        }
-#endif
-#ifndef OPENSSL_NO_ECDH
-        if (s->s3->tmp.ecdh != NULL) {
-            EC_KEY_free(s->s3->tmp.ecdh);
-            s->s3->tmp.ecdh = NULL;
-        }
-#endif
-        s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE;
-        return 2;
-    }
-    return 1;
-}
-
-int ssl3_get_client_hello(SSL *s)
-{
-    int i, j, ok, al, ret = -1, cookie_valid = 0;
-    unsigned int cookie_len;
-    long n;
-    unsigned long id;
-    unsigned char *p, *d, *q;
-    SSL_CIPHER *c;
-#ifndef OPENSSL_NO_COMP
-    SSL_COMP *comp = NULL;
-#endif
-    STACK_OF(SSL_CIPHER) *ciphers = NULL;
-
-    /*
-     * We do this so that we will respond with our native type. If we are
-     * TLSv1 and we get SSLv3, we will respond with TLSv1, This down
-     * switching should be handled by a different method. If we are SSLv3, we
-     * will respond with SSLv3, even if prompted with TLSv1.
-     */
-    if (s->state == SSL3_ST_SR_CLNT_HELLO_A) {
-        s->state = SSL3_ST_SR_CLNT_HELLO_B;
-    }
-    s->first_packet = 1;
-    n = s->method->ssl_get_message(s,
-                                   SSL3_ST_SR_CLNT_HELLO_B,
-                                   SSL3_ST_SR_CLNT_HELLO_C,
-                                   SSL3_MT_CLIENT_HELLO,
-                                   SSL3_RT_MAX_PLAIN_LENGTH, &ok);
-
-    if (!ok)
-        return ((int)n);
-    s->first_packet = 0;
-    d = p = (unsigned char *)s->init_msg;
-
-    /*
-     * 2 bytes for client version, SSL3_RANDOM_SIZE bytes for random, 1 byte
-     * for session id length
-     */
-    if (n < 2 + SSL3_RANDOM_SIZE + 1) {
-        al = SSL_AD_DECODE_ERROR;
-        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
-        goto f_err;
-    }
-
-    /*
-     * use version from inside client hello, not from record header (may
-     * differ: see RFC 2246, Appendix E, second paragraph)
-     */
-    s->client_version = (((int)p[0]) << 8) | (int)p[1];
-    p += 2;
-
-    if ((s->version == DTLS1_VERSION && s->client_version > s->version) ||
-        (s->version != DTLS1_VERSION && s->client_version < s->version)) {
-        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
-        if ((s->client_version >> 8) == SSL3_VERSION_MAJOR &&
-            !s->enc_write_ctx && !s->write_hash) {
-            /*
-             * similar to ssl3_get_record, send alert using remote version
-             * number
-             */
-            s->version = s->client_version;
-        }
-        al = SSL_AD_PROTOCOL_VERSION;
-        goto f_err;
-    }
-
-    /*
-     * If we require cookies and this ClientHello doesn't contain one, just
-     * return since we do not want to allocate any memory yet. So check
-     * cookie length...
-     */
-    if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
-        unsigned int session_length, cookie_length;
-
-        session_length = *(p + SSL3_RANDOM_SIZE);
-
-        if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) {
-            al = SSL_AD_DECODE_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
-            goto f_err;
-        }
-        cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1);
-
-        if (cookie_length == 0)
-            return 1;
-    }
-
-    /* load the client random */
-    memcpy(s->s3->client_random, p, SSL3_RANDOM_SIZE);
-    p += SSL3_RANDOM_SIZE;
-
-    /* get the session-id */
-    j = *(p++);
-
-    if (p + j > d + n) {
-        al = SSL_AD_DECODE_ERROR;
-        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
-        goto f_err;
-    }
-
-    s->hit = 0;
-    /*
-     * Versions before 0.9.7 always allow clients to resume sessions in
-     * renegotiation. 0.9.7 and later allow this by default, but optionally
-     * ignore resumption requests with flag
-     * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (it's a new flag rather
-     * than a change to default behavior so that applications relying on this
-     * for security won't even compile against older library versions).
-     * 1.0.1 and later also have a function SSL_renegotiate_abbreviated() to
-     * request renegotiation but not a new session (s->new_session remains
-     * unset): for servers, this essentially just means that the
-     * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION setting will be ignored.
-     */
-    if ((s->new_session
-         && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) {
-        if (!ssl_get_new_session(s, 1))
-            goto err;
-    } else {
-        i = ssl_get_prev_session(s, p, j, d + n);
-        /*
-         * Only resume if the session's version matches the negotiated
-         * version.
-         * RFC 5246 does not provide much useful advice on resumption
-         * with a different protocol version. It doesn't forbid it but
-         * the sanity of such behaviour would be questionable.
-         * In practice, clients do not accept a version mismatch and
-         * will abort the handshake with an error.
-         */
-        if (i == 1 && s->version == s->session->ssl_version) { /* previous
-                                                                * session */
-            s->hit = 1;
-        } else if (i == -1)
-            goto err;
-        else {                  /* i == 0 */
-
-            if (!ssl_get_new_session(s, 1))
-                goto err;
-        }
-    }
-
-    p += j;
-
-    if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) {
-        /* cookie stuff */
-        if (p + 1 > d + n) {
-            al = SSL_AD_DECODE_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
-            goto f_err;
-        }
-        cookie_len = *(p++);
-
-        if (p + cookie_len > d + n) {
-            al = SSL_AD_DECODE_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
-            goto f_err;
-        }
-
-        /*
-         * The ClientHello may contain a cookie even if the
-         * HelloVerify message has not been sent--make sure that it
-         * does not cause an overflow.
-         */
-        if (cookie_len > sizeof(s->d1->rcvd_cookie)) {
-            /* too much data */
-            al = SSL_AD_DECODE_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
-            goto f_err;
-        }
-
-        /* verify the cookie if appropriate option is set. */
-        if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) && cookie_len > 0) {
-            memcpy(s->d1->rcvd_cookie, p, cookie_len);
-
-            if (s->ctx->app_verify_cookie_cb != NULL) {
-                if (s->ctx->app_verify_cookie_cb(s, s->d1->rcvd_cookie,
-                                                 cookie_len) == 0) {
-                    al = SSL_AD_HANDSHAKE_FAILURE;
-                    SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
-                           SSL_R_COOKIE_MISMATCH);
-                    goto f_err;
-                }
-                /* else cookie verification succeeded */
-            }
-            /* default verification */
-            else if (memcmp(s->d1->rcvd_cookie, s->d1->cookie,
-                            s->d1->cookie_len) != 0) {
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
-                goto f_err;
-            }
-            cookie_valid = 1;
-        }
-
-        p += cookie_len;
-    }
-
-    if (p + 2 > d + n) {
-        al = SSL_AD_DECODE_ERROR;
-        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
-        goto f_err;
-    }
-    n2s(p, i);
-
-    if (i == 0) {
-        al = SSL_AD_ILLEGAL_PARAMETER;
-        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_CIPHERS_SPECIFIED);
-        goto f_err;
-    }
-
-    /* i bytes of cipher data + 1 byte for compression length later */
-    if ((p + i + 1) > (d + n)) {
-        /* not enough data */
-        al = SSL_AD_DECODE_ERROR;
-        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
-        goto f_err;
-    }
-    if (ssl_bytes_to_cipher_list(s, p, i, &(ciphers)) == NULL) {
-        goto err;
-    }
-    p += i;
-
-    /* If it is a hit, check that the cipher is in the list */
-    if (s->hit) {
-        j = 0;
-        id = s->session->cipher->id;
-
-#ifdef CIPHER_DEBUG
-        fprintf(stderr, "client sent %d ciphers\n",
-                sk_SSL_CIPHER_num(ciphers));
-#endif
-        for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
-            c = sk_SSL_CIPHER_value(ciphers, i);
-#ifdef CIPHER_DEBUG
-            fprintf(stderr, "client [%2d of %2d]:%s\n",
-                    i, sk_SSL_CIPHER_num(ciphers), SSL_CIPHER_get_name(c));
-#endif
-            if (c->id == id) {
-                j = 1;
-                break;
-            }
-        }
-        /*
-         * Disabled because it can be used in a ciphersuite downgrade attack:
-         * CVE-2010-4180.
-         */
-#if 0
-        if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)
-            && (sk_SSL_CIPHER_num(ciphers) == 1)) {
-            /*
-             * Special case as client bug workaround: the previously used
-             * cipher may not be in the current list, the client instead
-             * might be trying to continue using a cipher that before wasn't
-             * chosen due to server preferences.  We'll have to reject the
-             * connection if the cipher is not enabled, though.
-             */
-            c = sk_SSL_CIPHER_value(ciphers, 0);
-            if (sk_SSL_CIPHER_find(SSL_get_ciphers(s), c) >= 0) {
-                s->session->cipher = c;
-                j = 1;
-            }
-        }
-#endif
-        if (j == 0) {
-            /*
-             * we need to have the cipher in the cipher list if we are asked
-             * to reuse it
-             */
-            al = SSL_AD_ILLEGAL_PARAMETER;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
-                   SSL_R_REQUIRED_CIPHER_MISSING);
-            goto f_err;
-        }
-    }
-
-    /* compression */
-    i = *(p++);
-    if ((p + i) > (d + n)) {
-        /* not enough data */
-        al = SSL_AD_DECODE_ERROR;
-        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
-        goto f_err;
-    }
-    q = p;
-    for (j = 0; j < i; j++) {
-        if (p[j] == 0)
-            break;
-    }
-
-    p += i;
-    if (j >= i) {
-        /* no compress */
-        al = SSL_AD_DECODE_ERROR;
-        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_COMPRESSION_SPECIFIED);
-        goto f_err;
-    }
-#ifndef OPENSSL_NO_TLSEXT
-    /* TLS extensions */
-    if (s->version >= SSL3_VERSION) {
-        if (!ssl_parse_clienthello_tlsext(s, &p, d + n, &al)) {
-            /* 'al' set by ssl_parse_clienthello_tlsext */
-            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_PARSE_TLSEXT);
-            goto f_err;
-        }
-    }
-    if (ssl_check_clienthello_tlsext_early(s) <= 0) {
-        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
-        goto err;
-    }
-
-    /*
-     * Check if we want to use external pre-shared secret for this handshake
-     * for not reused session only. We need to generate server_random before
-     * calling tls_session_secret_cb in order to allow SessionTicket
-     * processing to use it in key derivation.
-     */
-    {
-        unsigned char *pos;
-        pos = s->s3->server_random;
-        if (ssl_fill_hello_random(s, 1, pos, SSL3_RANDOM_SIZE) <= 0) {
-            al = SSL_AD_INTERNAL_ERROR;
-            goto f_err;
-        }
-    }
-
-    if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb) {
-        SSL_CIPHER *pref_cipher = NULL;
-
-        s->session->master_key_length = sizeof(s->session->master_key);
-        if (s->tls_session_secret_cb(s, s->session->master_key,
-                                     &s->session->master_key_length, ciphers,
-                                     &pref_cipher,
-                                     s->tls_session_secret_cb_arg)) {
-            s->hit = 1;
-            s->session->ciphers = ciphers;
-            s->session->verify_result = X509_V_OK;
-
-            ciphers = NULL;
-
-            /* check if some cipher was preferred by call back */
-            pref_cipher =
-                pref_cipher ? pref_cipher : ssl3_choose_cipher(s,
-                                                               s->
-                                                               session->ciphers,
-                                                               SSL_get_ciphers
-                                                               (s));
-            if (pref_cipher == NULL) {
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_SHARED_CIPHER);
-                goto f_err;
-            }
-
-            s->session->cipher = pref_cipher;
-
-            if (s->cipher_list)
-                sk_SSL_CIPHER_free(s->cipher_list);
-
-            if (s->cipher_list_by_id)
-                sk_SSL_CIPHER_free(s->cipher_list_by_id);
-
-            s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers);
-            s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
-        }
-    }
-#endif
-
-    /*
-     * Worst case, we will use the NULL compression, but if we have other
-     * options, we will now look for them.  We have i-1 compression
-     * algorithms from the client, starting at q.
-     */
-    s->s3->tmp.new_compression = NULL;
-#ifndef OPENSSL_NO_COMP
-    /* This only happens if we have a cache hit */
-    if (s->session->compress_meth != 0) {
-        int m, comp_id = s->session->compress_meth;
-        /* Perform sanity checks on resumed compression algorithm */
-        /* Can't disable compression */
-        if (s->options & SSL_OP_NO_COMPRESSION) {
-            al = SSL_AD_INTERNAL_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
-                   SSL_R_INCONSISTENT_COMPRESSION);
-            goto f_err;
-        }
-        /* Look for resumed compression method */
-        for (m = 0; m < sk_SSL_COMP_num(s->ctx->comp_methods); m++) {
-            comp = sk_SSL_COMP_value(s->ctx->comp_methods, m);
-            if (comp_id == comp->id) {
-                s->s3->tmp.new_compression = comp;
-                break;
-            }
-        }
-        if (s->s3->tmp.new_compression == NULL) {
-            al = SSL_AD_INTERNAL_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
-                   SSL_R_INVALID_COMPRESSION_ALGORITHM);
-            goto f_err;
-        }
-        /* Look for resumed method in compression list */
-        for (m = 0; m < i; m++) {
-            if (q[m] == comp_id)
-                break;
-        }
-        if (m >= i) {
-            al = SSL_AD_ILLEGAL_PARAMETER;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
-                   SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING);
-            goto f_err;
-        }
-    } else if (s->hit)
-        comp = NULL;
-    else if (!(s->options & SSL_OP_NO_COMPRESSION) && s->ctx->comp_methods) {
-        /* See if we have a match */
-        int m, nn, o, v, done = 0;
-
-        nn = sk_SSL_COMP_num(s->ctx->comp_methods);
-        for (m = 0; m < nn; m++) {
-            comp = sk_SSL_COMP_value(s->ctx->comp_methods, m);
-            v = comp->id;
-            for (o = 0; o < i; o++) {
-                if (v == q[o]) {
-                    done = 1;
-                    break;
-                }
-            }
-            if (done)
-                break;
-        }
-        if (done)
-            s->s3->tmp.new_compression = comp;
-        else
-            comp = NULL;
-    }
-#else
-    /*
-     * If compression is disabled we'd better not try to resume a session
-     * using compression.
-     */
-    if (s->session->compress_meth != 0) {
-        al = SSL_AD_INTERNAL_ERROR;
-        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_INCONSISTENT_COMPRESSION);
-        goto f_err;
-    }
-#endif
-
-    /*
-     * Given s->session->ciphers and SSL_get_ciphers, we must pick a cipher
-     */
-
-    if (!s->hit) {
-#ifdef OPENSSL_NO_COMP
-        s->session->compress_meth = 0;
-#else
-        s->session->compress_meth = (comp == NULL) ? 0 : comp->id;
-#endif
-        if (s->session->ciphers != NULL)
-            sk_SSL_CIPHER_free(s->session->ciphers);
-        s->session->ciphers = ciphers;
-        if (ciphers == NULL) {
-            al = SSL_AD_INTERNAL_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
-            goto f_err;
-        }
-        ciphers = NULL;
-        c = ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s));
-
-        if (c == NULL) {
-            al = SSL_AD_HANDSHAKE_FAILURE;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_SHARED_CIPHER);
-            goto f_err;
-        }
-        s->s3->tmp.new_cipher = c;
-    } else {
-        /* Session-id reuse */
-#ifdef REUSE_CIPHER_BUG
-        STACK_OF(SSL_CIPHER) *sk;
-        SSL_CIPHER *nc = NULL;
-        SSL_CIPHER *ec = NULL;
-
-        if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG) {
-            sk = s->session->ciphers;
-            for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
-                c = sk_SSL_CIPHER_value(sk, i);
-                if (c->algorithm_enc & SSL_eNULL)
-                    nc = c;
-                if (SSL_C_IS_EXPORT(c))
-                    ec = c;
-            }
-            if (nc != NULL)
-                s->s3->tmp.new_cipher = nc;
-            else if (ec != NULL)
-                s->s3->tmp.new_cipher = ec;
-            else
-                s->s3->tmp.new_cipher = s->session->cipher;
-        } else
-#endif
-            s->s3->tmp.new_cipher = s->session->cipher;
-    }
-
-    if (TLS1_get_version(s) < TLS1_2_VERSION
-        || !(s->verify_mode & SSL_VERIFY_PEER)) {
-        if (!ssl3_digest_cached_records(s)) {
-            al = SSL_AD_INTERNAL_ERROR;
-            goto f_err;
-        }
-    }
-
-    /*-
-     * we now have the following setup.
-     * client_random
-     * cipher_list          - our prefered list of ciphers
-     * ciphers              - the clients prefered list of ciphers
-     * compression          - basically ignored right now
-     * ssl version is set   - sslv3
-     * s->session           - The ssl session has been setup.
-     * s->hit               - session reuse flag
-     * s->tmp.new_cipher    - the new cipher to use.
-     */
-
-    /* Handles TLS extensions that we couldn't check earlier */
-    if (s->version >= SSL3_VERSION) {
-        if (ssl_check_clienthello_tlsext_late(s) <= 0) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
-            goto err;
-        }
-    }
-
-    ret = cookie_valid ? 2 : 1;
-    if (0) {
- f_err:
-        ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
-        s->state = SSL_ST_ERR;
-    }
-
-    if (ciphers != NULL)
-        sk_SSL_CIPHER_free(ciphers);
-    return ret;
-}
-
-int ssl3_send_server_hello(SSL *s)
-{
-    unsigned char *buf;
-    unsigned char *p, *d;
-    int i, sl;
-    unsigned long l;
-
-    if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {
-        buf = (unsigned char *)s->init_buf->data;
-#ifdef OPENSSL_NO_TLSEXT
-        p = s->s3->server_random;
-        if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0) {
-            s->state = SSL_ST_ERR;
-            return -1;
-        }
-#endif
-        /* Do the message type and length last */
-        d = p = &(buf[4]);
-
-        *(p++) = s->version >> 8;
-        *(p++) = s->version & 0xff;
-
-        /* Random stuff */
-        memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
-        p += SSL3_RANDOM_SIZE;
-
-        /*-
-         * There are several cases for the session ID to send
-         * back in the server hello:
-         * - For session reuse from the session cache,
-         *   we send back the old session ID.
-         * - If stateless session reuse (using a session ticket)
-         *   is successful, we send back the client's "session ID"
-         *   (which doesn't actually identify the session).
-         * - If it is a new session, we send back the new
-         *   session ID.
-         * - However, if we want the new session to be single-use,
-         *   we send back a 0-length session ID.
-         * s->hit is non-zero in either case of session reuse,
-         * so the following won't overwrite an ID that we're supposed
-         * to send back.
-         */
-        if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
-            && !s->hit)
-            s->session->session_id_length = 0;
-
-        sl = s->session->session_id_length;
-        if (sl > (int)sizeof(s->session->session_id)) {
-            SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
-            s->state = SSL_ST_ERR;
-            return -1;
-        }
-        *(p++) = sl;
-        memcpy(p, s->session->session_id, sl);
-        p += sl;
-
-        /* put the cipher */
-        i = ssl3_put_cipher_by_char(s->s3->tmp.new_cipher, p);
-        p += i;
-
-        /* put the compression method */
-#ifdef OPENSSL_NO_COMP
-        *(p++) = 0;
-#else
-        if (s->s3->tmp.new_compression == NULL)
-            *(p++) = 0;
-        else
-            *(p++) = s->s3->tmp.new_compression->id;
-#endif
-#ifndef OPENSSL_NO_TLSEXT
-        if (ssl_prepare_serverhello_tlsext(s) <= 0) {
-            SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, SSL_R_SERVERHELLO_TLSEXT);
-            s->state = SSL_ST_ERR;
-            return -1;
-        }
-        if ((p =
-             ssl_add_serverhello_tlsext(s, p,
-                                        buf + SSL3_RT_MAX_PLAIN_LENGTH)) ==
-            NULL) {
-            SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
-            s->state = SSL_ST_ERR;
-            return -1;
-        }
-#endif
-        /* do the header */
-        l = (p - d);
-        d = buf;
-        *(d++) = SSL3_MT_SERVER_HELLO;
-        l2n3(l, d);
-
-        s->state = SSL3_ST_SW_SRVR_HELLO_B;
-        /* number of bytes to write */
-        s->init_num = p - buf;
-        s->init_off = 0;
-    }
-
-    /* SSL3_ST_SW_SRVR_HELLO_B */
-    return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
-}
-
-int ssl3_send_server_done(SSL *s)
-{
-    unsigned char *p;
-
-    if (s->state == SSL3_ST_SW_SRVR_DONE_A) {
-        p = (unsigned char *)s->init_buf->data;
-
-        /* do the header */
-        *(p++) = SSL3_MT_SERVER_DONE;
-        *(p++) = 0;
-        *(p++) = 0;
-        *(p++) = 0;
-
-        s->state = SSL3_ST_SW_SRVR_DONE_B;
-        /* number of bytes to write */
-        s->init_num = 4;
-        s->init_off = 0;
-    }
-
-    /* SSL3_ST_SW_SRVR_DONE_B */
-    return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
-}
-
-int ssl3_send_server_key_exchange(SSL *s)
-{
-#ifndef OPENSSL_NO_RSA
-    unsigned char *q;
-    int j, num;
-    RSA *rsa;
-    unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
-    unsigned int u;
-#endif
-#ifndef OPENSSL_NO_DH
-    DH *dh = NULL, *dhp;
-#endif
-#ifndef OPENSSL_NO_ECDH
-    EC_KEY *ecdh = NULL, *ecdhp;
-    unsigned char *encodedPoint = NULL;
-    int encodedlen = 0;
-    int curve_id = 0;
-    BN_CTX *bn_ctx = NULL;
-#endif
-    EVP_PKEY *pkey;
-    const EVP_MD *md = NULL;
-    unsigned char *p, *d;
-    int al, i;
-    unsigned long type;
-    int n;
-    CERT *cert;
-    BIGNUM *r[4];
-    int nr[4], kn;
-    BUF_MEM *buf;
-    EVP_MD_CTX md_ctx;
-
-    EVP_MD_CTX_init(&md_ctx);
-    if (s->state == SSL3_ST_SW_KEY_EXCH_A) {
-        type = s->s3->tmp.new_cipher->algorithm_mkey;
-        cert = s->cert;
-
-        buf = s->init_buf;
-
-        r[0] = r[1] = r[2] = r[3] = NULL;
-        n = 0;
-#ifndef OPENSSL_NO_RSA
-        if (type & SSL_kRSA) {
-            rsa = cert->rsa_tmp;
-            if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) {
-                rsa = s->cert->rsa_tmp_cb(s,
-                                          SSL_C_IS_EXPORT(s->s3->
-                                                          tmp.new_cipher),
-                                          SSL_C_EXPORT_PKEYLENGTH(s->s3->
-                                                                  tmp.new_cipher));
-                if (rsa == NULL) {
-                    al = SSL_AD_HANDSHAKE_FAILURE;
-                    SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                           SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
-                    goto f_err;
-                }
-                RSA_up_ref(rsa);
-                cert->rsa_tmp = rsa;
-            }
-            if (rsa == NULL) {
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                       SSL_R_MISSING_TMP_RSA_KEY);
-                goto f_err;
-            }
-            r[0] = rsa->n;
-            r[1] = rsa->e;
-            s->s3->tmp.use_rsa_tmp = 1;
-        } else
-#endif
-#ifndef OPENSSL_NO_DH
-        if (type & SSL_kEDH) {
-            dhp = cert->dh_tmp;
-            if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
-                dhp = s->cert->dh_tmp_cb(s,
-                                         SSL_C_IS_EXPORT(s->s3->
-                                                         tmp.new_cipher),
-                                         SSL_C_EXPORT_PKEYLENGTH(s->s3->
-                                                                 tmp.new_cipher));
-            if (dhp == NULL) {
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                       SSL_R_MISSING_TMP_DH_KEY);
-                goto f_err;
-            }
-
-            if (s->s3->tmp.dh != NULL) {
-                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                       ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-
-            if ((dh = DHparams_dup(dhp)) == NULL) {
-                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
-                goto err;
-            }
-
-            s->s3->tmp.dh = dh;
-            if ((dhp->pub_key == NULL ||
-                 dhp->priv_key == NULL ||
-                 (s->options & SSL_OP_SINGLE_DH_USE))) {
-                if (!DH_generate_key(dh)) {
-                    SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
-                    goto err;
-                }
-            } else {
-                dh->pub_key = BN_dup(dhp->pub_key);
-                dh->priv_key = BN_dup(dhp->priv_key);
-                if ((dh->pub_key == NULL) || (dh->priv_key == NULL)) {
-                    SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
-                    goto err;
-                }
-            }
-            r[0] = dh->p;
-            r[1] = dh->g;
-            r[2] = dh->pub_key;
-        } else
-#endif
-#ifndef OPENSSL_NO_ECDH
-        if (type & SSL_kEECDH) {
-            const EC_GROUP *group;
-
-            ecdhp = cert->ecdh_tmp;
-            if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL)) {
-                ecdhp = s->cert->ecdh_tmp_cb(s,
-                                             SSL_C_IS_EXPORT(s->s3->
-                                                             tmp.new_cipher),
-                                             SSL_C_EXPORT_PKEYLENGTH(s->
-                                                                     s3->tmp.new_cipher));
-            }
-            if (ecdhp == NULL) {
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                       SSL_R_MISSING_TMP_ECDH_KEY);
-                goto f_err;
-            }
-
-            if (s->s3->tmp.ecdh != NULL) {
-                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                       ERR_R_INTERNAL_ERROR);
-                goto err;
-            }
-
-            /* Duplicate the ECDH structure. */
-            if (ecdhp == NULL) {
-                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
-                goto err;
-            }
-            if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) {
-                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
-                goto err;
-            }
-
-            s->s3->tmp.ecdh = ecdh;
-            if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
-                (EC_KEY_get0_private_key(ecdh) == NULL) ||
-                (s->options & SSL_OP_SINGLE_ECDH_USE)) {
-                if (!EC_KEY_generate_key(ecdh)) {
-                    SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                           ERR_R_ECDH_LIB);
-                    goto err;
-                }
-            }
-
-            if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
-                (EC_KEY_get0_public_key(ecdh) == NULL) ||
-                (EC_KEY_get0_private_key(ecdh) == NULL)) {
-                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
-                goto err;
-            }
-
-            if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
-                (EC_GROUP_get_degree(group) > 163)) {
-                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                       SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
-                goto err;
-            }
-
-            /*
-             * XXX: For now, we only support ephemeral ECDH keys over named
-             * (not generic) curves. For supported named curves, curve_id is
-             * non-zero.
-             */
-            if ((curve_id =
-                 tls1_ec_nid2curve_id(EC_GROUP_get_curve_name(group)))
-                == 0) {
-                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                       SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
-                goto err;
-            }
-
-            /*
-             * Encode the public key. First check the size of encoding and
-             * allocate memory accordingly.
-             */
-            encodedlen = EC_POINT_point2oct(group,
-                                            EC_KEY_get0_public_key(ecdh),
-                                            POINT_CONVERSION_UNCOMPRESSED,
-                                            NULL, 0, NULL);
-
-            encodedPoint = (unsigned char *)
-                OPENSSL_malloc(encodedlen * sizeof(unsigned char));
-            bn_ctx = BN_CTX_new();
-            if ((encodedPoint == NULL) || (bn_ctx == NULL)) {
-                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                       ERR_R_MALLOC_FAILURE);
-                goto err;
-            }
-
-            encodedlen = EC_POINT_point2oct(group,
-                                            EC_KEY_get0_public_key(ecdh),
-                                            POINT_CONVERSION_UNCOMPRESSED,
-                                            encodedPoint, encodedlen, bn_ctx);
-
-            if (encodedlen == 0) {
-                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
-                goto err;
-            }
-
-            BN_CTX_free(bn_ctx);
-            bn_ctx = NULL;
-
-            /*
-             * XXX: For now, we only support named (not generic) curves in
-             * ECDH ephemeral key exchanges. In this situation, we need four
-             * additional bytes to encode the entire ServerECDHParams
-             * structure.
-             */
-            n = 4 + encodedlen;
-
-            /*
-             * We'll generate the serverKeyExchange message explicitly so we
-             * can set these to NULLs
-             */
-            r[0] = NULL;
-            r[1] = NULL;
-            r[2] = NULL;
-            r[3] = NULL;
-        } else
-#endif                          /* !OPENSSL_NO_ECDH */
-#ifndef OPENSSL_NO_PSK
-        if (type & SSL_kPSK) {
-            /*
-             * reserve size for record length and PSK identity hint
-             */
-            n += 2 + strlen(s->ctx->psk_identity_hint);
-        } else
-#endif                          /* !OPENSSL_NO_PSK */
-#ifndef OPENSSL_NO_SRP
-        if (type & SSL_kSRP) {
-            if ((s->srp_ctx.N == NULL) ||
-                (s->srp_ctx.g == NULL) ||
-                (s->srp_ctx.s == NULL) || (s->srp_ctx.B == NULL)) {
-                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                       SSL_R_MISSING_SRP_PARAM);
-                goto err;
-            }
-            r[0] = s->srp_ctx.N;
-            r[1] = s->srp_ctx.g;
-            r[2] = s->srp_ctx.s;
-            r[3] = s->srp_ctx.B;
-        } else
-#endif
-        {
-            al = SSL_AD_HANDSHAKE_FAILURE;
-            SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                   SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
-            goto f_err;
-        }
-        for (i = 0; i < 4 && r[i] != NULL; i++) {
-            nr[i] = BN_num_bytes(r[i]);
-#ifndef OPENSSL_NO_SRP
-            if ((i == 2) && (type & SSL_kSRP))
-                n += 1 + nr[i];
-            else
-#endif
-                n += 2 + nr[i];
-        }
-
-        if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
-            && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
-            if ((pkey = ssl_get_sign_pkey(s, s->s3->tmp.new_cipher, &md))
-                == NULL) {
-                al = SSL_AD_DECODE_ERROR;
-                goto f_err;
-            }
-            kn = EVP_PKEY_size(pkey);
-        } else {
-            pkey = NULL;
-            kn = 0;
-        }
-
-        if (!BUF_MEM_grow_clean(buf, n + 4 + kn)) {
-            SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_BUF);
-            goto err;
-        }
-        d = (unsigned char *)s->init_buf->data;
-        p = &(d[4]);
-
-        for (i = 0; i < 4 && r[i] != NULL; i++) {
-#ifndef OPENSSL_NO_SRP
-            if ((i == 2) && (type & SSL_kSRP)) {
-                *p = nr[i];
-                p++;
-            } else
-#endif
-                s2n(nr[i], p);
-            BN_bn2bin(r[i], p);
-            p += nr[i];
-        }
-
-#ifndef OPENSSL_NO_ECDH
-        if (type & SSL_kEECDH) {
-            /*
-             * XXX: For now, we only support named (not generic) curves. In
-             * this situation, the serverKeyExchange message has: [1 byte
-             * CurveType], [2 byte CurveName] [1 byte length of encoded
-             * point], followed by the actual encoded point itself
-             */
-            *p = NAMED_CURVE_TYPE;
-            p += 1;
-            *p = 0;
-            p += 1;
-            *p = curve_id;
-            p += 1;
-            *p = encodedlen;
-            p += 1;
-            memcpy((unsigned char *)p,
-                   (unsigned char *)encodedPoint, encodedlen);
-            OPENSSL_free(encodedPoint);
-            encodedPoint = NULL;
-            p += encodedlen;
-        }
-#endif
-
-#ifndef OPENSSL_NO_PSK
-        if (type & SSL_kPSK) {
-            /* copy PSK identity hint */
-            s2n(strlen(s->ctx->psk_identity_hint), p);
-            strncpy((char *)p, s->ctx->psk_identity_hint,
-                    strlen(s->ctx->psk_identity_hint));
-            p += strlen(s->ctx->psk_identity_hint);
-        }
-#endif
-
-        /* not anonymous */
-        if (pkey != NULL) {
-            /*
-             * n is the length of the params, they start at &(d[4]) and p
-             * points to the space at the end.
-             */
-#ifndef OPENSSL_NO_RSA
-            if (pkey->type == EVP_PKEY_RSA
-                && TLS1_get_version(s) < TLS1_2_VERSION) {
-                q = md_buf;
-                j = 0;
-                for (num = 2; num > 0; num--) {
-                    EVP_MD_CTX_set_flags(&md_ctx,
-                                         EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-                    if (EVP_DigestInit_ex(&md_ctx,
-                                          (num == 2) ? s->ctx->md5
-                                                     : s->ctx->sha1,
-                                          NULL) <= 0
-                        || EVP_DigestUpdate(&md_ctx, &(s->s3->client_random[0]),
-                                            SSL3_RANDOM_SIZE) <= 0
-                        || EVP_DigestUpdate(&md_ctx, &(s->s3->server_random[0]),
-                                            SSL3_RANDOM_SIZE) <= 0
-                        || EVP_DigestUpdate(&md_ctx, &(d[4]), n) <= 0
-                        || EVP_DigestFinal_ex(&md_ctx, q,
-                                              (unsigned int *)&i) <= 0) {
-                        SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                               ERR_LIB_EVP);
-                        al = SSL_AD_INTERNAL_ERROR;
-                        goto f_err;
-                    }
-                    q += i;
-                    j += i;
-                }
-                if (RSA_sign(NID_md5_sha1, md_buf, j,
-                             &(p[2]), &u, pkey->pkey.rsa) <= 0) {
-                    SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_RSA);
-                    goto err;
-                }
-                s2n(u, p);
-                n += u + 2;
-            } else
-#endif
-            if (md) {
-                /*
-                 * For TLS1.2 and later send signature algorithm
-                 */
-                if (TLS1_get_version(s) >= TLS1_2_VERSION) {
-                    if (!tls12_get_sigandhash(p, pkey, md)) {
-                        /* Should never happen */
-                        al = SSL_AD_INTERNAL_ERROR;
-                        SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                               ERR_R_INTERNAL_ERROR);
-                        goto f_err;
-                    }
-                    p += 2;
-                }
-#ifdef SSL_DEBUG
-                fprintf(stderr, "Using hash %s\n", EVP_MD_name(md));
-#endif
-                if (EVP_SignInit_ex(&md_ctx, md, NULL) <= 0
-                        || EVP_SignUpdate(&md_ctx, &(s->s3->client_random[0]),
-                                          SSL3_RANDOM_SIZE) <= 0
-                        || EVP_SignUpdate(&md_ctx, &(s->s3->server_random[0]),
-                                          SSL3_RANDOM_SIZE) <= 0
-                        || EVP_SignUpdate(&md_ctx, &(d[4]), n) <= 0
-                        || EVP_SignFinal(&md_ctx, &(p[2]),
-                                         (unsigned int *)&i, pkey) <= 0) {
-                    SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_EVP);
-                    al = SSL_AD_INTERNAL_ERROR;
-                    goto f_err;
-                }
-                s2n(i, p);
-                n += i + 2;
-                if (TLS1_get_version(s) >= TLS1_2_VERSION)
-                    n += 2;
-            } else {
-                /* Is this error check actually needed? */
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-                       SSL_R_UNKNOWN_PKEY_TYPE);
-                goto f_err;
-            }
-        }
-
-        *(d++) = SSL3_MT_SERVER_KEY_EXCHANGE;
-        l2n3(n, d);
-
-        /*
-         * we should now have things packed up, so lets send it off
-         */
-        s->init_num = n + 4;
-        s->init_off = 0;
-    }
-
-    s->state = SSL3_ST_SW_KEY_EXCH_B;
-    EVP_MD_CTX_cleanup(&md_ctx);
-    return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
- f_err:
-    ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
-#ifndef OPENSSL_NO_ECDH
-    if (encodedPoint != NULL)
-        OPENSSL_free(encodedPoint);
-    BN_CTX_free(bn_ctx);
-#endif
-    EVP_MD_CTX_cleanup(&md_ctx);
-    s->state = SSL_ST_ERR;
-    return (-1);
-}
-
-int ssl3_send_certificate_request(SSL *s)
-{
-    unsigned char *p, *d;
-    int i, j, nl, off, n;
-    STACK_OF(X509_NAME) *sk = NULL;
-    X509_NAME *name;
-    BUF_MEM *buf;
-
-    if (s->state == SSL3_ST_SW_CERT_REQ_A) {
-        buf = s->init_buf;
-
-        d = p = (unsigned char *)&(buf->data[4]);
-
-        /* get the list of acceptable cert types */
-        p++;
-        n = ssl3_get_req_cert_type(s, p);
-        d[0] = n;
-        p += n;
-        n++;
-
-        if (TLS1_get_version(s) >= TLS1_2_VERSION) {
-            nl = tls12_get_req_sig_algs(s, p + 2);
-            s2n(nl, p);
-            p += nl + 2;
-            n += nl + 2;
-        }
-
-        off = n;
-        p += 2;
-        n += 2;
-
-        sk = SSL_get_client_CA_list(s);
-        nl = 0;
-        if (sk != NULL) {
-            for (i = 0; i < sk_X509_NAME_num(sk); i++) {
-                name = sk_X509_NAME_value(sk, i);
-                j = i2d_X509_NAME(name, NULL);
-                if (!BUF_MEM_grow_clean(buf, 4 + n + j + 2)) {
-                    SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,
-                           ERR_R_BUF_LIB);
-                    goto err;
-                }
-                p = (unsigned char *)&(buf->data[4 + n]);
-                if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) {
-                    s2n(j, p);
-                    i2d_X509_NAME(name, &p);
-                    n += 2 + j;
-                    nl += 2 + j;
-                } else {
-                    d = p;
-                    i2d_X509_NAME(name, &p);
-                    j -= 2;
-                    s2n(j, d);
-                    j += 2;
-                    n += j;
-                    nl += j;
-                }
-            }
-        }
-        /* else no CA names */
-        p = (unsigned char *)&(buf->data[4 + off]);
-        s2n(nl, p);
-
-        d = (unsigned char *)buf->data;
-        *(d++) = SSL3_MT_CERTIFICATE_REQUEST;
-        l2n3(n, d);
-
-        /*
-         * we should now have things packed up, so lets send it off
-         */
-
-        s->init_num = n + 4;
-        s->init_off = 0;
-#ifdef NETSCAPE_HANG_BUG
-        if (!BUF_MEM_grow_clean(buf, s->init_num + 4)) {
-            SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST, ERR_R_BUF_LIB);
-            goto err;
-        }
-        p = (unsigned char *)s->init_buf->data + s->init_num;
-
-        /* do the header */
-        *(p++) = SSL3_MT_SERVER_DONE;
-        *(p++) = 0;
-        *(p++) = 0;
-        *(p++) = 0;
-        s->init_num += 4;
-#endif
-
-        s->state = SSL3_ST_SW_CERT_REQ_B;
-    }
-
-    /* SSL3_ST_SW_CERT_REQ_B */
-    return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
- err:
-    s->state = SSL_ST_ERR;
-    return (-1);
-}
-
-int ssl3_get_client_key_exchange(SSL *s)
-{
-    int i, al, ok;
-    long n;
-    unsigned long alg_k;
-    unsigned char *p;
-#ifndef OPENSSL_NO_RSA
-    RSA *rsa = NULL;
-    EVP_PKEY *pkey = NULL;
-#endif
-#ifndef OPENSSL_NO_DH
-    BIGNUM *pub = NULL;
-    DH *dh_srvr;
-#endif
-#ifndef OPENSSL_NO_KRB5
-    KSSL_ERR kssl_err;
-#endif                          /* OPENSSL_NO_KRB5 */
-
-#ifndef OPENSSL_NO_ECDH
-    EC_KEY *srvr_ecdh = NULL;
-    EVP_PKEY *clnt_pub_pkey = NULL;
-    EC_POINT *clnt_ecpoint = NULL;
-    BN_CTX *bn_ctx = NULL;
-#endif
-
-    n = s->method->ssl_get_message(s,
-                                   SSL3_ST_SR_KEY_EXCH_A,
-                                   SSL3_ST_SR_KEY_EXCH_B,
-                                   SSL3_MT_CLIENT_KEY_EXCHANGE, 2048, &ok);
-
-    if (!ok)
-        return ((int)n);
-    p = (unsigned char *)s->init_msg;
-
-    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-
-#ifndef OPENSSL_NO_RSA
-    if (alg_k & SSL_kRSA) {
-        unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH];
-        int decrypt_len;
-        unsigned char decrypt_good, version_good;
-        size_t j;
-
-        /* FIX THIS UP EAY EAY EAY EAY */
-        if (s->s3->tmp.use_rsa_tmp) {
-            if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL))
-                rsa = s->cert->rsa_tmp;
-            /*
-             * Don't do a callback because rsa_tmp should be sent already
-             */
-            if (rsa == NULL) {
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                       SSL_R_MISSING_TMP_RSA_PKEY);
-                goto f_err;
-
-            }
-        } else {
-            pkey = s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey;
-            if ((pkey == NULL) ||
-                (pkey->type != EVP_PKEY_RSA) || (pkey->pkey.rsa == NULL)) {
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                       SSL_R_MISSING_RSA_CERTIFICATE);
-                goto f_err;
-            }
-            rsa = pkey->pkey.rsa;
-        }
-
-        /* TLS and [incidentally] DTLS{0xFEFF} */
-        if (s->version > SSL3_VERSION && s->version != DTLS1_BAD_VER) {
-            n2s(p, i);
-            if (n != i + 2) {
-                if (!(s->options & SSL_OP_TLS_D5_BUG)) {
-                    al = SSL_AD_DECODE_ERROR;
-                    SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                           SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
-                    goto f_err;
-                } else
-                    p -= 2;
-            } else
-                n = i;
-        }
-
-        /*
-         * Reject overly short RSA ciphertext because we want to be sure
-         * that the buffer size makes it safe to iterate over the entire
-         * size of a premaster secret (SSL_MAX_MASTER_KEY_LENGTH). The
-         * actual expected size is larger due to RSA padding, but the
-         * bound is sufficient to be safe.
-         */
-        if (n < SSL_MAX_MASTER_KEY_LENGTH) {
-            al = SSL_AD_DECRYPT_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
-            goto f_err;
-        }
-
-        /*
-         * We must not leak whether a decryption failure occurs because of
-         * Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see RFC 2246,
-         * section 7.4.7.1). The code follows that advice of the TLS RFC and
-         * generates a random premaster secret for the case that the decrypt
-         * fails. See https://tools.ietf.org/html/rfc5246#section-7.4.7.1
-         */
-
-        /*
-         * should be RAND_bytes, but we cannot work around a failure.
-         */
-        if (RAND_pseudo_bytes(rand_premaster_secret,
-                              sizeof(rand_premaster_secret)) <= 0)
-            goto err;
-        decrypt_len =
-            RSA_private_decrypt((int)n, p, p, rsa, RSA_PKCS1_PADDING);
-        ERR_clear_error();
-
-        /*
-         * decrypt_len should be SSL_MAX_MASTER_KEY_LENGTH. decrypt_good will
-         * be 0xff if so and zero otherwise.
-         */
-        decrypt_good =
-            constant_time_eq_int_8(decrypt_len, SSL_MAX_MASTER_KEY_LENGTH);
-
-        /*
-         * If the version in the decrypted pre-master secret is correct then
-         * version_good will be 0xff, otherwise it'll be zero. The
-         * Klima-Pokorny-Rosa extension of Bleichenbacher's attack
-         * (http://eprint.iacr.org/2003/052/) exploits the version number
-         * check as a "bad version oracle". Thus version checks are done in
-         * constant time and are treated like any other decryption error.
-         */
-        version_good =
-            constant_time_eq_8(p[0], (unsigned)(s->client_version >> 8));
-        version_good &=
-            constant_time_eq_8(p[1], (unsigned)(s->client_version & 0xff));
-
-        /*
-         * The premaster secret must contain the same version number as the
-         * ClientHello to detect version rollback attacks (strangely, the
-         * protocol does not offer such protection for DH ciphersuites).
-         * However, buggy clients exist that send the negotiated protocol
-         * version instead if the server does not support the requested
-         * protocol version. If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such
-         * clients.
-         */
-        if (s->options & SSL_OP_TLS_ROLLBACK_BUG) {
-            unsigned char workaround_good;
-            workaround_good =
-                constant_time_eq_8(p[0], (unsigned)(s->version >> 8));
-            workaround_good &=
-                constant_time_eq_8(p[1], (unsigned)(s->version & 0xff));
-            version_good |= workaround_good;
-        }
-
-        /*
-         * Both decryption and version must be good for decrypt_good to
-         * remain non-zero (0xff).
-         */
-        decrypt_good &= version_good;
-
-        /*
-         * Now copy rand_premaster_secret over from p using
-         * decrypt_good_mask. If decryption failed, then p does not
-         * contain valid plaintext, however, a check above guarantees
-         * it is still sufficiently large to read from.
-         */
-        for (j = 0; j < sizeof(rand_premaster_secret); j++) {
-            p[j] = constant_time_select_8(decrypt_good, p[j],
-                                          rand_premaster_secret[j]);
-        }
-
-        s->session->master_key_length =
-            s->method->ssl3_enc->generate_master_secret(s,
-                                                        s->
-                                                        session->master_key,
-                                                        p,
-                                                        sizeof
-                                                        (rand_premaster_secret));
-        OPENSSL_cleanse(p, sizeof(rand_premaster_secret));
-    } else
-#endif
-#ifndef OPENSSL_NO_DH
-    if (alg_k & (SSL_kEDH | SSL_kDHr | SSL_kDHd)) {
-        n2s(p, i);
-        if (n != i + 2) {
-            if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) {
-                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                       SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
-                goto err;
-            } else {
-                p -= 2;
-                i = (int)n;
-            }
-        }
-
-        if (n == 0L) {          /* the parameters are in the cert */
-            al = SSL_AD_HANDSHAKE_FAILURE;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_UNABLE_TO_DECODE_DH_CERTS);
-            goto f_err;
-        } else {
-            if (s->s3->tmp.dh == NULL) {
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                       SSL_R_MISSING_TMP_DH_KEY);
-                goto f_err;
-            } else
-                dh_srvr = s->s3->tmp.dh;
-        }
-
-        pub = BN_bin2bn(p, i, NULL);
-        if (pub == NULL) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_BN_LIB);
-            goto err;
-        }
-
-        i = DH_compute_key(p, pub, dh_srvr);
-
-        if (i <= 0) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
-            BN_clear_free(pub);
-            goto err;
-        }
-
-        DH_free(s->s3->tmp.dh);
-        s->s3->tmp.dh = NULL;
-
-        BN_clear_free(pub);
-        pub = NULL;
-        s->session->master_key_length =
-            s->method->ssl3_enc->generate_master_secret(s,
-                                                        s->
-                                                        session->master_key,
-                                                        p, i);
-        OPENSSL_cleanse(p, i);
-    } else
-#endif
-#ifndef OPENSSL_NO_KRB5
-    if (alg_k & SSL_kKRB5) {
-        krb5_error_code krb5rc;
-        krb5_data enc_ticket;
-        krb5_data authenticator;
-        krb5_data enc_pms;
-        KSSL_CTX *kssl_ctx = s->kssl_ctx;
-        EVP_CIPHER_CTX ciph_ctx;
-        const EVP_CIPHER *enc = NULL;
-        unsigned char iv[EVP_MAX_IV_LENGTH];
-        unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH + EVP_MAX_BLOCK_LENGTH];
-        int padl, outl;
-        krb5_timestamp authtime = 0;
-        krb5_ticket_times ttimes;
-        int kerr = 0;
-
-        EVP_CIPHER_CTX_init(&ciph_ctx);
-
-        if (!kssl_ctx)
-            kssl_ctx = kssl_ctx_new();
-
-        n2s(p, i);
-        enc_ticket.length = i;
-
-        if (n < (long)(enc_ticket.length + 6)) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_DATA_LENGTH_TOO_LONG);
-            goto err;
-        }
-
-        enc_ticket.data = (char *)p;
-        p += enc_ticket.length;
-
-        n2s(p, i);
-        authenticator.length = i;
-
-        if (n < (long)(enc_ticket.length + authenticator.length + 6)) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_DATA_LENGTH_TOO_LONG);
-            goto err;
-        }
-
-        authenticator.data = (char *)p;
-        p += authenticator.length;
-
-        n2s(p, i);
-        enc_pms.length = i;
-        enc_pms.data = (char *)p;
-        p += enc_pms.length;
-
-        /*
-         * Note that the length is checked again below, ** after decryption
-         */
-        if (enc_pms.length > sizeof pms) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_DATA_LENGTH_TOO_LONG);
-            goto err;
-        }
-
-        if (n != (long)(enc_ticket.length + authenticator.length +
-                        enc_pms.length + 6)) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_DATA_LENGTH_TOO_LONG);
-            goto err;
-        }
-
-        if ((krb5rc = kssl_sget_tkt(kssl_ctx, &enc_ticket, &ttimes,
-                                    &kssl_err)) != 0) {
-# ifdef KSSL_DEBUG
-            fprintf(stderr, "kssl_sget_tkt rtn %d [%d]\n",
-                    krb5rc, kssl_err.reason);
-            if (kssl_err.text)
-                fprintf(stderr, "kssl_err text= %s\n", kssl_err.text);
-# endif                         /* KSSL_DEBUG */
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, kssl_err.reason);
-            goto err;
-        }
-
-        /*
-         * Note: no authenticator is not considered an error, ** but will
-         * return authtime == 0.
-         */
-        if ((krb5rc = kssl_check_authent(kssl_ctx, &authenticator,
-                                         &authtime, &kssl_err)) != 0) {
-# ifdef KSSL_DEBUG
-            fprintf(stderr, "kssl_check_authent rtn %d [%d]\n",
-                    krb5rc, kssl_err.reason);
-            if (kssl_err.text)
-                fprintf(stderr, "kssl_err text= %s\n", kssl_err.text);
-# endif                         /* KSSL_DEBUG */
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, kssl_err.reason);
-            goto err;
-        }
-
-        if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, krb5rc);
-            goto err;
-        }
-# ifdef KSSL_DEBUG
-        kssl_ctx_show(kssl_ctx);
-# endif                         /* KSSL_DEBUG */
-
-        enc = kssl_map_enc(kssl_ctx->enctype);
-        if (enc == NULL)
-            goto err;
-
-        memset(iv, 0, sizeof iv); /* per RFC 1510 */
-
-        if (!EVP_DecryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv)) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_DECRYPTION_FAILED);
-            goto err;
-        }
-        if (!EVP_DecryptUpdate(&ciph_ctx, pms, &outl,
-                               (unsigned char *)enc_pms.data, enc_pms.length))
-        {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_DECRYPTION_FAILED);
-            kerr = 1;
-            goto kclean;
-        }
-        if (outl > SSL_MAX_MASTER_KEY_LENGTH) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_DATA_LENGTH_TOO_LONG);
-            kerr = 1;
-            goto kclean;
-        }
-        if (!EVP_DecryptFinal_ex(&ciph_ctx, &(pms[outl]), &padl)) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_DECRYPTION_FAILED);
-            kerr = 1;
-            goto kclean;
-        }
-        outl += padl;
-        if (outl > SSL_MAX_MASTER_KEY_LENGTH) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_DATA_LENGTH_TOO_LONG);
-            kerr = 1;
-            goto kclean;
-        }
-        if (!((pms[0] == (s->client_version >> 8))
-              && (pms[1] == (s->client_version & 0xff)))) {
-            /*
-             * The premaster secret must contain the same version number as
-             * the ClientHello to detect version rollback attacks (strangely,
-             * the protocol does not offer such protection for DH
-             * ciphersuites). However, buggy clients exist that send random
-             * bytes instead of the protocol version. If
-             * SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients.
-             * (Perhaps we should have a separate BUG value for the Kerberos
-             * cipher)
-             */
-            if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG)) {
-                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                       SSL_AD_DECODE_ERROR);
-                kerr = 1;
-                goto kclean;
-            }
-        }
-
-        EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-
-        s->session->master_key_length =
-            s->method->ssl3_enc->generate_master_secret(s,
-                                                        s->
-                                                        session->master_key,
-                                                        pms, outl);
-
-        if (kssl_ctx->client_princ) {
-            size_t len = strlen(kssl_ctx->client_princ);
-            if (len < SSL_MAX_KRB5_PRINCIPAL_LENGTH) {
-                s->session->krb5_client_princ_len = len;
-                memcpy(s->session->krb5_client_princ, kssl_ctx->client_princ,
-                       len);
-            }
-        }
-
-        /*- Was doing kssl_ctx_free() here,
-         *  but it caused problems for apache.
-         *  kssl_ctx = kssl_ctx_free(kssl_ctx);
-         *  if (s->kssl_ctx)  s->kssl_ctx = NULL;
-         */
-
- kclean:
-        OPENSSL_cleanse(pms, sizeof(pms));
-        if (kerr)
-            goto err;
-    } else
-#endif                          /* OPENSSL_NO_KRB5 */
-
-#ifndef OPENSSL_NO_ECDH
-    if (alg_k & (SSL_kEECDH | SSL_kECDHr | SSL_kECDHe)) {
-        int ret = 1;
-        int field_size = 0;
-        const EC_KEY *tkey;
-        const EC_GROUP *group;
-        const BIGNUM *priv_key;
-
-        /* initialize structures for server's ECDH key pair */
-        if ((srvr_ecdh = EC_KEY_new()) == NULL) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-
-        /* Let's get server private key and group information */
-        if (alg_k & (SSL_kECDHr | SSL_kECDHe)) {
-            /* use the certificate */
-            tkey = s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec;
-        } else {
-            /*
-             * use the ephermeral values we saved when generating the
-             * ServerKeyExchange msg.
-             */
-            tkey = s->s3->tmp.ecdh;
-        }
-
-        group = EC_KEY_get0_group(tkey);
-        priv_key = EC_KEY_get0_private_key(tkey);
-
-        if (!EC_KEY_set_group(srvr_ecdh, group) ||
-            !EC_KEY_set_private_key(srvr_ecdh, priv_key)) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
-            goto err;
-        }
-
-        /* Let's get client's public key */
-        if ((clnt_ecpoint = EC_POINT_new(group)) == NULL) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-
-        if (n == 0L) {
-            /* Client Publickey was in Client Certificate */
-
-            if (alg_k & SSL_kEECDH) {
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                       SSL_R_MISSING_TMP_ECDH_KEY);
-                goto f_err;
-            }
-            if (((clnt_pub_pkey = X509_get_pubkey(s->session->peer))
-                 == NULL) || (clnt_pub_pkey->type != EVP_PKEY_EC)) {
-                /*
-                 * XXX: For now, we do not support client authentication
-                 * using ECDH certificates so this branch (n == 0L) of the
-                 * code is never executed. When that support is added, we
-                 * ought to ensure the key received in the certificate is
-                 * authorized for key agreement. ECDH_compute_key implicitly
-                 * checks that the two ECDH shares are for the same group.
-                 */
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                       SSL_R_UNABLE_TO_DECODE_ECDH_CERTS);
-                goto f_err;
-            }
-
-            if (EC_POINT_copy(clnt_ecpoint,
-                              EC_KEY_get0_public_key(clnt_pub_pkey->
-                                                     pkey.ec)) == 0) {
-                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
-                goto err;
-            }
-            ret = 2;            /* Skip certificate verify processing */
-        } else {
-            /*
-             * Get client's public key from encoded point in the
-             * ClientKeyExchange message.
-             */
-            if ((bn_ctx = BN_CTX_new()) == NULL) {
-                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                       ERR_R_MALLOC_FAILURE);
-                goto err;
-            }
-
-            /* Get encoded point length */
-            i = *p;
-            p += 1;
-            if (n != 1 + i) {
-                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
-                goto err;
-            }
-            if (EC_POINT_oct2point(group, clnt_ecpoint, p, i, bn_ctx) == 0) {
-                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
-                goto err;
-            }
-            /*
-             * p is pointing to somewhere in the buffer currently, so set it
-             * to the start
-             */
-            p = (unsigned char *)s->init_buf->data;
-        }
-
-        /* Compute the shared pre-master secret */
-        field_size = EC_GROUP_get_degree(group);
-        if (field_size <= 0) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
-            goto err;
-        }
-        i = ECDH_compute_key(p, (field_size + 7) / 8, clnt_ecpoint, srvr_ecdh,
-                             NULL);
-        if (i <= 0) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
-            goto err;
-        }
-
-        EVP_PKEY_free(clnt_pub_pkey);
-        EC_POINT_free(clnt_ecpoint);
-        EC_KEY_free(srvr_ecdh);
-        BN_CTX_free(bn_ctx);
-        EC_KEY_free(s->s3->tmp.ecdh);
-        s->s3->tmp.ecdh = NULL;
-
-        /* Compute the master secret */
-        s->session->master_key_length =
-            s->method->ssl3_enc->generate_master_secret(s,
-                                                        s->
-                                                        session->master_key,
-                                                        p, i);
-
-        OPENSSL_cleanse(p, i);
-        return (ret);
-    } else
-#endif
-#ifndef OPENSSL_NO_PSK
-    if (alg_k & SSL_kPSK) {
-        unsigned char *t = NULL;
-        unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN * 2 + 4];
-        unsigned int pre_ms_len = 0, psk_len = 0;
-        int psk_err = 1;
-        char tmp_id[PSK_MAX_IDENTITY_LEN + 1];
-
-        al = SSL_AD_HANDSHAKE_FAILURE;
-
-        n2s(p, i);
-        if (n != i + 2) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
-            goto psk_err;
-        }
-        if (i > PSK_MAX_IDENTITY_LEN) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_DATA_LENGTH_TOO_LONG);
-            goto psk_err;
-        }
-        if (s->psk_server_callback == NULL) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_PSK_NO_SERVER_CB);
-            goto psk_err;
-        }
-
-        /*
-         * Create guaranteed NULL-terminated identity string for the callback
-         */
-        memcpy(tmp_id, p, i);
-        memset(tmp_id + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i);
-        psk_len = s->psk_server_callback(s, tmp_id,
-                                         psk_or_pre_ms,
-                                         sizeof(psk_or_pre_ms));
-        OPENSSL_cleanse(tmp_id, PSK_MAX_IDENTITY_LEN + 1);
-
-        if (psk_len > PSK_MAX_PSK_LEN) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-            goto psk_err;
-        } else if (psk_len == 0) {
-            /*
-             * PSK related to the given identity not found
-             */
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_PSK_IDENTITY_NOT_FOUND);
-            al = SSL_AD_UNKNOWN_PSK_IDENTITY;
-            goto psk_err;
-        }
-
-        /* create PSK pre_master_secret */
-        pre_ms_len = 2 + psk_len + 2 + psk_len;
-        t = psk_or_pre_ms;
-        memmove(psk_or_pre_ms + psk_len + 4, psk_or_pre_ms, psk_len);
-        s2n(psk_len, t);
-        memset(t, 0, psk_len);
-        t += psk_len;
-        s2n(psk_len, t);
-
-        if (s->session->psk_identity != NULL)
-            OPENSSL_free(s->session->psk_identity);
-        s->session->psk_identity = BUF_strndup((char *)p, i);
-        if (s->session->psk_identity == NULL) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
-            goto psk_err;
-        }
-
-        if (s->session->psk_identity_hint != NULL)
-            OPENSSL_free(s->session->psk_identity_hint);
-        s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
-        if (s->ctx->psk_identity_hint != NULL &&
-            s->session->psk_identity_hint == NULL) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
-            goto psk_err;
-        }
-
-        s->session->master_key_length =
-            s->method->ssl3_enc->generate_master_secret(s,
-                                                        s->
-                                                        session->master_key,
-                                                        psk_or_pre_ms,
-                                                        pre_ms_len);
-        psk_err = 0;
- psk_err:
-        OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
-        if (psk_err != 0)
-            goto f_err;
-    } else
-#endif
-#ifndef OPENSSL_NO_SRP
-    if (alg_k & SSL_kSRP) {
-        int param_len;
-
-        n2s(p, i);
-        param_len = i + 2;
-        if (param_len > n) {
-            al = SSL_AD_DECODE_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_BAD_SRP_A_LENGTH);
-            goto f_err;
-        }
-        if (!(s->srp_ctx.A = BN_bin2bn(p, i, NULL))) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_BN_LIB);
-            goto err;
-        }
-        if (BN_ucmp(s->srp_ctx.A, s->srp_ctx.N) >= 0
-            || BN_is_zero(s->srp_ctx.A)) {
-            al = SSL_AD_ILLEGAL_PARAMETER;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_BAD_SRP_PARAMETERS);
-            goto f_err;
-        }
-        if (s->session->srp_username != NULL)
-            OPENSSL_free(s->session->srp_username);
-        s->session->srp_username = BUF_strdup(s->srp_ctx.login);
-        if (s->session->srp_username == NULL) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-
-        if ((s->session->master_key_length =
-             SRP_generate_server_master_secret(s,
-                                               s->session->master_key)) < 0) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-            goto err;
-        }
-
-        p += i;
-    } else
-#endif                          /* OPENSSL_NO_SRP */
-    if (alg_k & SSL_kGOST) {
-        int ret = 0;
-        EVP_PKEY_CTX *pkey_ctx;
-        EVP_PKEY *client_pub_pkey = NULL, *pk = NULL;
-        unsigned char premaster_secret[32], *start;
-        size_t outlen = 32, inlen;
-        unsigned long alg_a;
-        int Ttag, Tclass;
-        long Tlen;
-
-        /* Get our certificate private key */
-        alg_a = s->s3->tmp.new_cipher->algorithm_auth;
-        if (alg_a & SSL_aGOST94)
-            pk = s->cert->pkeys[SSL_PKEY_GOST94].privatekey;
-        else if (alg_a & SSL_aGOST01)
-            pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
-
-        pkey_ctx = EVP_PKEY_CTX_new(pk, NULL);
-        if (pkey_ctx == NULL) {
-            al = SSL_AD_INTERNAL_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
-            goto f_err;
-        }
-        if (EVP_PKEY_decrypt_init(pkey_ctx) <= 0) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-            goto gerr;
-        }
-        /*
-         * If client certificate is present and is of the same type, maybe
-         * use it for key exchange.  Don't mind errors from
-         * EVP_PKEY_derive_set_peer, because it is completely valid to use a
-         * client certificate for authorization only.
-         */
-        client_pub_pkey = X509_get_pubkey(s->session->peer);
-        if (client_pub_pkey) {
-            if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pub_pkey) <= 0)
-                ERR_clear_error();
-        }
-        /* Decrypt session key */
-        if (ASN1_get_object
-            ((const unsigned char **)&p, &Tlen, &Ttag, &Tclass,
-             n) != V_ASN1_CONSTRUCTED || Ttag != V_ASN1_SEQUENCE
-            || Tclass != V_ASN1_UNIVERSAL) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_DECRYPTION_FAILED);
-            goto gerr;
-        }
-        start = p;
-        inlen = Tlen;
-        if (EVP_PKEY_decrypt
-            (pkey_ctx, premaster_secret, &outlen, start, inlen) <= 0) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-                   SSL_R_DECRYPTION_FAILED);
-            goto gerr;
-        }
-        /* Generate master secret */
-        s->session->master_key_length =
-            s->method->ssl3_enc->generate_master_secret(s,
-                                                        s->
-                                                        session->master_key,
-                                                        premaster_secret, 32);
-        OPENSSL_cleanse(premaster_secret, sizeof(premaster_secret));
-        /* Check if pubkey from client certificate was used */
-        if (EVP_PKEY_CTX_ctrl
-            (pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
-            ret = 2;
-        else
-            ret = 1;
- gerr:
-        EVP_PKEY_free(client_pub_pkey);
-        EVP_PKEY_CTX_free(pkey_ctx);
-        if (ret)
-            return ret;
-        else
-            goto err;
-    } else {
-        al = SSL_AD_HANDSHAKE_FAILURE;
-        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_UNKNOWN_CIPHER_TYPE);
-        goto f_err;
-    }
-
-    return (1);
- f_err:
-    ssl3_send_alert(s, SSL3_AL_FATAL, al);
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_ECDH) || defined(OPENSSL_NO_SRP)
- err:
-#endif
-#ifndef OPENSSL_NO_ECDH
-    EVP_PKEY_free(clnt_pub_pkey);
-    EC_POINT_free(clnt_ecpoint);
-    if (srvr_ecdh != NULL)
-        EC_KEY_free(srvr_ecdh);
-    BN_CTX_free(bn_ctx);
-#endif
-    s->state = SSL_ST_ERR;
-    return (-1);
-}
-
-int ssl3_get_cert_verify(SSL *s)
-{
-    EVP_PKEY *pkey = NULL;
-    unsigned char *p;
-    int al, ok, ret = 0;
-    long n;
-    int type = 0, i, j;
-    X509 *peer;
-    const EVP_MD *md = NULL;
-    EVP_MD_CTX mctx;
-    EVP_MD_CTX_init(&mctx);
-
-    /*
-     * We should only process a CertificateVerify message if we have received
-     * a Certificate from the client. If so then |s->session->peer| will be non
-     * NULL. In some instances a CertificateVerify message is not required even
-     * if the peer has sent a Certificate (e.g. such as in the case of static
-     * DH). In that case the ClientKeyExchange processing will skip the
-     * CertificateVerify state so we should not arrive here.
-     */
-    if (s->session->peer == NULL) {
-        ret = 1;
-        goto end;
-    }
-
-    n = s->method->ssl_get_message(s,
-                                   SSL3_ST_SR_CERT_VRFY_A,
-                                   SSL3_ST_SR_CERT_VRFY_B,
-                                   SSL3_MT_CERTIFICATE_VERIFY,
-                                   SSL3_RT_MAX_PLAIN_LENGTH, &ok);
-
-    if (!ok)
-        return ((int)n);
-
-    peer = s->session->peer;
-    pkey = X509_get_pubkey(peer);
-    type = X509_certificate_type(peer, pkey);
-
-    if (!(type & EVP_PKT_SIGN)) {
-        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
-               SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
-        al = SSL_AD_ILLEGAL_PARAMETER;
-        goto f_err;
-    }
-
-    /* we now have a signature that we need to verify */
-    p = (unsigned char *)s->init_msg;
-    /* Check for broken implementations of GOST ciphersuites */
-    /*
-     * If key is GOST and n is exactly 64, it is bare signature without
-     * length field
-     */
-    if (n == 64 && (pkey->type == NID_id_GostR3410_94 ||
-                    pkey->type == NID_id_GostR3410_2001)) {
-        i = 64;
-    } else {
-        if (TLS1_get_version(s) >= TLS1_2_VERSION) {
-            int sigalg = tls12_get_sigid(pkey);
-            /* Should never happen */
-            if (sigalg == -1) {
-                SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_INTERNAL_ERROR);
-                al = SSL_AD_INTERNAL_ERROR;
-                goto f_err;
-            }
-            /* Check key type is consistent with signature */
-            if (sigalg != (int)p[1]) {
-                SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
-                       SSL_R_WRONG_SIGNATURE_TYPE);
-                al = SSL_AD_DECODE_ERROR;
-                goto f_err;
-            }
-            md = tls12_get_hash(p[0]);
-            if (md == NULL) {
-                SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_UNKNOWN_DIGEST);
-                al = SSL_AD_DECODE_ERROR;
-                goto f_err;
-            }
-#ifdef SSL_DEBUG
-            fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
-#endif
-            p += 2;
-            n -= 2;
-        }
-        n2s(p, i);
-        n -= 2;
-        if (i > n) {
-            SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_LENGTH_MISMATCH);
-            al = SSL_AD_DECODE_ERROR;
-            goto f_err;
-        }
-    }
-    j = EVP_PKEY_size(pkey);
-    if ((i > j) || (n > j) || (n <= 0)) {
-        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_WRONG_SIGNATURE_SIZE);
-        al = SSL_AD_DECODE_ERROR;
-        goto f_err;
-    }
-
-    if (TLS1_get_version(s) >= TLS1_2_VERSION) {
-        long hdatalen = 0;
-        void *hdata;
-        hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
-        if (hdatalen <= 0) {
-            SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_INTERNAL_ERROR);
-            al = SSL_AD_INTERNAL_ERROR;
-            goto f_err;
-        }
-#ifdef SSL_DEBUG
-        fprintf(stderr, "Using TLS 1.2 with client verify alg %s\n",
-                EVP_MD_name(md));
-#endif
-        if (!EVP_VerifyInit_ex(&mctx, md, NULL)
-            || !EVP_VerifyUpdate(&mctx, hdata, hdatalen)) {
-            SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_EVP_LIB);
-            al = SSL_AD_INTERNAL_ERROR;
-            goto f_err;
-        }
-
-        if (EVP_VerifyFinal(&mctx, p, i, pkey) <= 0) {
-            al = SSL_AD_DECRYPT_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_SIGNATURE);
-            goto f_err;
-        }
-    } else
-#ifndef OPENSSL_NO_RSA
-    if (pkey->type == EVP_PKEY_RSA) {
-        i = RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
-                       MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, p, i,
-                       pkey->pkey.rsa);
-        if (i < 0) {
-            al = SSL_AD_DECRYPT_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_RSA_DECRYPT);
-            goto f_err;
-        }
-        if (i == 0) {
-            al = SSL_AD_DECRYPT_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_RSA_SIGNATURE);
-            goto f_err;
-        }
-    } else
-#endif
-#ifndef OPENSSL_NO_DSA
-    if (pkey->type == EVP_PKEY_DSA) {
-        j = DSA_verify(pkey->save_type,
-                       &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
-                       SHA_DIGEST_LENGTH, p, i, pkey->pkey.dsa);
-        if (j <= 0) {
-            /* bad signature */
-            al = SSL_AD_DECRYPT_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_DSA_SIGNATURE);
-            goto f_err;
-        }
-    } else
-#endif
-#ifndef OPENSSL_NO_ECDSA
-    if (pkey->type == EVP_PKEY_EC) {
-        j = ECDSA_verify(pkey->save_type,
-                         &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
-                         SHA_DIGEST_LENGTH, p, i, pkey->pkey.ec);
-        if (j <= 0) {
-            /* bad signature */
-            al = SSL_AD_DECRYPT_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_ECDSA_SIGNATURE);
-            goto f_err;
-        }
-    } else
-#endif
-    if (pkey->type == NID_id_GostR3410_94
-            || pkey->type == NID_id_GostR3410_2001) {
-        unsigned char signature[64];
-        int idx;
-        EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL);
-        if (pctx == NULL) {
-            al = SSL_AD_INTERNAL_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_MALLOC_FAILURE);
-            goto f_err;
-        }
-        if (EVP_PKEY_verify_init(pctx) <= 0) {
-            EVP_PKEY_CTX_free(pctx);
-            al = SSL_AD_INTERNAL_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_INTERNAL_ERROR);
-            goto f_err;
-        }
-        if (i != 64) {
-            fprintf(stderr, "GOST signature length is %d", i);
-        }
-        for (idx = 0; idx < 64; idx++) {
-            signature[63 - idx] = p[idx];
-        }
-        j = EVP_PKEY_verify(pctx, signature, 64, s->s3->tmp.cert_verify_md,
-                            32);
-        EVP_PKEY_CTX_free(pctx);
-        if (j <= 0) {
-            al = SSL_AD_DECRYPT_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_ECDSA_SIGNATURE);
-            goto f_err;
-        }
-    } else {
-        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_INTERNAL_ERROR);
-        al = SSL_AD_UNSUPPORTED_CERTIFICATE;
-        goto f_err;
-    }
-
-    ret = 1;
-    if (0) {
- f_err:
-        ssl3_send_alert(s, SSL3_AL_FATAL, al);
-        s->state = SSL_ST_ERR;
-    }
- end:
-    if (s->s3->handshake_buffer) {
-        BIO_free(s->s3->handshake_buffer);
-        s->s3->handshake_buffer = NULL;
-        s->s3->flags &= ~TLS1_FLAGS_KEEP_HANDSHAKE;
-    }
-    EVP_MD_CTX_cleanup(&mctx);
-    EVP_PKEY_free(pkey);
-    return (ret);
-}
-
-int ssl3_get_client_certificate(SSL *s)
-{
-    int i, ok, al, ret = -1;
-    X509 *x = NULL;
-    unsigned long l, nc, llen, n;
-    const unsigned char *p, *q;
-    unsigned char *d;
-    STACK_OF(X509) *sk = NULL;
-
-    n = s->method->ssl_get_message(s,
-                                   SSL3_ST_SR_CERT_A,
-                                   SSL3_ST_SR_CERT_B,
-                                   -1, s->max_cert_list, &ok);
-
-    if (!ok)
-        return ((int)n);
-
-    if (s->s3->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) {
-        if ((s->verify_mode & SSL_VERIFY_PEER) &&
-            (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
-                   SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
-            al = SSL_AD_HANDSHAKE_FAILURE;
-            goto f_err;
-        }
-        /*
-         * If tls asked for a client cert, the client must return a 0 list
-         */
-        if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
-                   SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST);
-            al = SSL_AD_UNEXPECTED_MESSAGE;
-            goto f_err;
-        }
-        s->s3->tmp.reuse_message = 1;
-        return (1);
-    }
-
-    if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) {
-        al = SSL_AD_UNEXPECTED_MESSAGE;
-        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, SSL_R_WRONG_MESSAGE_TYPE);
-        goto f_err;
-    }
-    p = d = (unsigned char *)s->init_msg;
-
-    if ((sk = sk_X509_new_null()) == NULL) {
-        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    n2l3(p, llen);
-    if (llen + 3 != n) {
-        al = SSL_AD_DECODE_ERROR;
-        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, SSL_R_LENGTH_MISMATCH);
-        goto f_err;
-    }
-    for (nc = 0; nc < llen;) {
-        n2l3(p, l);
-        if ((l + nc + 3) > llen) {
-            al = SSL_AD_DECODE_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
-                   SSL_R_CERT_LENGTH_MISMATCH);
-            goto f_err;
-        }
-
-        q = p;
-        x = d2i_X509(NULL, &p, l);
-        if (x == NULL) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_ASN1_LIB);
-            goto err;
-        }
-        if (p != (q + l)) {
-            al = SSL_AD_DECODE_ERROR;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
-                   SSL_R_CERT_LENGTH_MISMATCH);
-            goto f_err;
-        }
-        if (!sk_X509_push(sk, x)) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-        x = NULL;
-        nc += l + 3;
-    }
-
-    if (sk_X509_num(sk) <= 0) {
-        /* TLS does not mind 0 certs returned */
-        if (s->version == SSL3_VERSION) {
-            al = SSL_AD_HANDSHAKE_FAILURE;
-            SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
-                   SSL_R_NO_CERTIFICATES_RETURNED);
-            goto f_err;
-        }
-        /* Fail for TLS only if we required a certificate */
-        else if ((s->verify_mode & SSL_VERIFY_PEER) &&
-                 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
-                   SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
-            al = SSL_AD_HANDSHAKE_FAILURE;
-            goto f_err;
-        }
-        /* No client certificate so digest cached records */
-        if (s->s3->handshake_buffer && !ssl3_digest_cached_records(s)) {
-            al = SSL_AD_INTERNAL_ERROR;
-            goto f_err;
-        }
-    } else {
-        i = ssl_verify_cert_chain(s, sk);
-        if (i <= 0) {
-            al = ssl_verify_alarm_type(s->verify_result);
-            SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
-                   SSL_R_NO_CERTIFICATE_RETURNED);
-            goto f_err;
-        }
-    }
-
-    if (s->session->peer != NULL) /* This should not be needed */
-        X509_free(s->session->peer);
-    s->session->peer = sk_X509_shift(sk);
-    s->session->verify_result = s->verify_result;
-
-    /*
-     * With the current implementation, sess_cert will always be NULL when we
-     * arrive here.
-     */
-    if (s->session->sess_cert == NULL) {
-        s->session->sess_cert = ssl_sess_cert_new();
-        if (s->session->sess_cert == NULL) {
-            SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);
-            goto err;
-        }
-    }
-    if (s->session->sess_cert->cert_chain != NULL)
-        sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
-    s->session->sess_cert->cert_chain = sk;
-    /*
-     * Inconsistency alert: cert_chain does *not* include the peer's own
-     * certificate, while we do include it in s3_clnt.c
-     */
-
-    sk = NULL;
-
-    ret = 1;
-    if (0) {
- f_err:
-        ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
-        s->state = SSL_ST_ERR;
-    }
-
-    if (x != NULL)
-        X509_free(x);
-    if (sk != NULL)
-        sk_X509_pop_free(sk, X509_free);
-    return (ret);
-}
-
-int ssl3_send_server_certificate(SSL *s)
-{
-    unsigned long l;
-    X509 *x;
-
-    if (s->state == SSL3_ST_SW_CERT_A) {
-        x = ssl_get_server_send_cert(s);
-        if (x == NULL) {
-            /* VRS: allow null cert if auth == KRB5 */
-            if ((s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5) ||
-                (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5)) {
-                SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,
-                       ERR_R_INTERNAL_ERROR);
-                s->state = SSL_ST_ERR;
-                return (0);
-            }
-        }
-
-        l = ssl3_output_cert_chain(s, x);
-        if (!l) {
-            SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR);
-            s->state = SSL_ST_ERR;
-            return (0);
-        }
-        s->state = SSL3_ST_SW_CERT_B;
-        s->init_num = (int)l;
-        s->init_off = 0;
-    }
-
-    /* SSL3_ST_SW_CERT_B */
-    return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
-}
-
-#ifndef OPENSSL_NO_TLSEXT
-/* send a new session ticket (not necessarily for a new session) */
-int ssl3_send_newsession_ticket(SSL *s)
-{
-    unsigned char *senc = NULL;
-    EVP_CIPHER_CTX ctx;
-    HMAC_CTX hctx;
-
-    if (s->state == SSL3_ST_SW_SESSION_TICKET_A) {
-        unsigned char *p, *macstart;
-        const unsigned char *const_p;
-        int len, slen_full, slen;
-        SSL_SESSION *sess;
-        unsigned int hlen;
-        SSL_CTX *tctx = s->initial_ctx;
-        unsigned char iv[EVP_MAX_IV_LENGTH];
-        unsigned char key_name[16];
-
-        /* get session encoding length */
-        slen_full = i2d_SSL_SESSION(s->session, NULL);
-        /*
-         * Some length values are 16 bits, so forget it if session is too
-         * long
-         */
-        if (slen_full == 0 || slen_full > 0xFF00) {
-            s->state = SSL_ST_ERR;
-            return -1;
-        }
-        senc = OPENSSL_malloc(slen_full);
-        if (!senc) {
-            s->state = SSL_ST_ERR;
-            return -1;
-        }
-
-        EVP_CIPHER_CTX_init(&ctx);
-        HMAC_CTX_init(&hctx);
-
-        p = senc;
-        if (!i2d_SSL_SESSION(s->session, &p))
-            goto err;
-
-        /*
-         * create a fresh copy (not shared with other threads) to clean up
-         */
-        const_p = senc;
-        sess = d2i_SSL_SESSION(NULL, &const_p, slen_full);
-        if (sess == NULL)
-            goto err;
-        sess->session_id_length = 0; /* ID is irrelevant for the ticket */
-
-        slen = i2d_SSL_SESSION(sess, NULL);
-        if (slen == 0 || slen > slen_full) { /* shouldn't ever happen */
-            SSL_SESSION_free(sess);
-            goto err;
-        }
-        p = senc;
-        if (!i2d_SSL_SESSION(sess, &p)) {
-            SSL_SESSION_free(sess);
-            goto err;
-        }
-        SSL_SESSION_free(sess);
-
-        /*-
-         * Grow buffer if need be: the length calculation is as
-         * follows 1 (size of message name) + 3 (message length
-         * bytes) + 4 (ticket lifetime hint) + 2 (ticket length) +
-         * 16 (key name) + max_iv_len (iv length) +
-         * session_length + max_enc_block_size (max encrypted session
-         * length) + max_md_size (HMAC).
-         */
-        if (!BUF_MEM_grow(s->init_buf,
-                          26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH +
-                          EVP_MAX_MD_SIZE + slen))
-            goto err;
-
-        p = (unsigned char *)s->init_buf->data;
-        /* do the header */
-        *(p++) = SSL3_MT_NEWSESSION_TICKET;
-        /* Skip message length for now */
-        p += 3;
-        /*
-         * Initialize HMAC and cipher contexts. If callback present it does
-         * all the work otherwise use generated values from parent ctx.
-         */
-        if (tctx->tlsext_ticket_key_cb) {
-            if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
-                                           &hctx, 1) < 0)
-                goto err;
-        } else {
-            if (RAND_bytes(iv, 16) <= 0)
-                goto err;
-            if (!EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
-                                    tctx->tlsext_tick_aes_key, iv))
-                goto err;
-            if (!HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
-                              tlsext_tick_md(), NULL))
-                goto err;
-            memcpy(key_name, tctx->tlsext_tick_key_name, 16);
-        }
-
-        /*
-         * Ticket lifetime hint (advisory only): We leave this unspecified
-         * for resumed session (for simplicity), and guess that tickets for
-         * new sessions will live as long as their sessions.
-         */
-        l2n(s->hit ? 0 : s->session->timeout, p);
-
-        /* Skip ticket length for now */
-        p += 2;
-        /* Output key name */
-        macstart = p;
-        memcpy(p, key_name, 16);
-        p += 16;
-        /* output IV */
-        memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
-        p += EVP_CIPHER_CTX_iv_length(&ctx);
-        /* Encrypt session data */
-        if (!EVP_EncryptUpdate(&ctx, p, &len, senc, slen))
-            goto err;
-        p += len;
-        if (!EVP_EncryptFinal(&ctx, p, &len))
-            goto err;
-        p += len;
-
-        if (!HMAC_Update(&hctx, macstart, p - macstart))
-            goto err;
-        if (!HMAC_Final(&hctx, p, &hlen))
-            goto err;
-
-        EVP_CIPHER_CTX_cleanup(&ctx);
-        HMAC_CTX_cleanup(&hctx);
-
-        p += hlen;
-        /* Now write out lengths: p points to end of data written */
-        /* Total length */
-        len = p - (unsigned char *)s->init_buf->data;
-        p = (unsigned char *)s->init_buf->data + 1;
-        l2n3(len - 4, p);       /* Message length */
-        p += 4;
-        s2n(len - 10, p);       /* Ticket length */
-
-        /* number of bytes to write */
-        s->init_num = len;
-        s->state = SSL3_ST_SW_SESSION_TICKET_B;
-        s->init_off = 0;
-        OPENSSL_free(senc);
-    }
-
-    /* SSL3_ST_SW_SESSION_TICKET_B */
-    return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
- err:
-    if (senc)
-        OPENSSL_free(senc);
-    EVP_CIPHER_CTX_cleanup(&ctx);
-    HMAC_CTX_cleanup(&hctx);
-    s->state = SSL_ST_ERR;
-    return -1;
-}
-
-int ssl3_send_cert_status(SSL *s)
-{
-    if (s->state == SSL3_ST_SW_CERT_STATUS_A) {
-        unsigned char *p;
-        /*-
-         * Grow buffer if need be: the length calculation is as
-         * follows 1 (message type) + 3 (message length) +
-         * 1 (ocsp response type) + 3 (ocsp response length)
-         * + (ocsp response)
-         */
-        if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen)) {
-            s->state = SSL_ST_ERR;
-            return -1;
-        }
-
-        p = (unsigned char *)s->init_buf->data;
-
-        /* do the header */
-        *(p++) = SSL3_MT_CERTIFICATE_STATUS;
-        /* message length */
-        l2n3(s->tlsext_ocsp_resplen + 4, p);
-        /* status type */
-        *(p++) = s->tlsext_status_type;
-        /* length of OCSP response */
-        l2n3(s->tlsext_ocsp_resplen, p);
-        /* actual response */
-        memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen);
-        /* number of bytes to write */
-        s->init_num = 8 + s->tlsext_ocsp_resplen;
-        s->state = SSL3_ST_SW_CERT_STATUS_B;
-        s->init_off = 0;
-    }
-
-    /* SSL3_ST_SW_CERT_STATUS_B */
-    return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
-}
-
-# ifndef OPENSSL_NO_NEXTPROTONEG
-/*
- * ssl3_get_next_proto reads a Next Protocol Negotiation handshake message.
- * It sets the next_proto member in s if found
- */
-int ssl3_get_next_proto(SSL *s)
-{
-    int ok;
-    int proto_len, padding_len;
-    long n;
-    const unsigned char *p;
-
-    /*
-     * Clients cannot send a NextProtocol message if we didn't see the
-     * extension in their ClientHello
-     */
-    if (!s->s3->next_proto_neg_seen) {
-        SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,
-               SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION);
-        s->state = SSL_ST_ERR;
-        return -1;
-    }
-
-    /* See the payload format below */
-    n = s->method->ssl_get_message(s,
-                                   SSL3_ST_SR_NEXT_PROTO_A,
-                                   SSL3_ST_SR_NEXT_PROTO_B,
-                                   SSL3_MT_NEXT_PROTO, 514, &ok);
-
-    if (!ok)
-        return ((int)n);
-
-    /*
-     * s->state doesn't reflect whether ChangeCipherSpec has been received in
-     * this handshake, but s->s3->change_cipher_spec does (will be reset by
-     * ssl3_get_finished).
-     */
-    if (!s->s3->change_cipher_spec) {
-        SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS);
-        s->state = SSL_ST_ERR;
-        return -1;
-    }
-
-    if (n < 2) {
-        s->state = SSL_ST_ERR;
-        return 0;               /* The body must be > 1 bytes long */
-    }
-
-    p = (unsigned char *)s->init_msg;
-
-    /*-
-     * The payload looks like:
-     *   uint8 proto_len;
-     *   uint8 proto[proto_len];
-     *   uint8 padding_len;
-     *   uint8 padding[padding_len];
-     */
-    proto_len = p[0];
-    if (proto_len + 2 > s->init_num) {
-        s->state = SSL_ST_ERR;
-        return 0;
-    }
-    padding_len = p[proto_len + 1];
-    if (proto_len + padding_len + 2 != s->init_num) {
-        s->state = SSL_ST_ERR;
-        return 0;
-    }
-
-    s->next_proto_negotiated = OPENSSL_malloc(proto_len);
-    if (!s->next_proto_negotiated) {
-        SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, ERR_R_MALLOC_FAILURE);
-        s->state = SSL_ST_ERR;
-        return 0;
-    }
-    memcpy(s->next_proto_negotiated, p + 1, proto_len);
-    s->next_proto_negotiated_len = proto_len;
-
-    return 1;
-}
-# endif
-#endif

Copied: vendor-crypto/openssl/1.0.1u/ssl/s3_srvr.c (from rev 11605, vendor-crypto/openssl/dist/ssl/s3_srvr.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/ssl/s3_srvr.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/ssl/s3_srvr.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,3652 @@
+/* ssl/s3_srvr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * ECC cipher suite support in OpenSSL originally written by
+ * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
+
+#define REUSE_CIPHER_BUG
+#define NETSCAPE_HANG_BUG
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include "kssl_lcl.h"
+#include "../crypto/constant_time_locl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/x509.h>
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_KRB5
+# include <openssl/krb5_asn.h>
+#endif
+#include <openssl/md5.h>
+
+#ifndef OPENSSL_NO_SSL3_METHOD
+static const SSL_METHOD *ssl3_get_server_method(int ver);
+
+static const SSL_METHOD *ssl3_get_server_method(int ver)
+{
+    if (ver == SSL3_VERSION)
+        return (SSLv3_server_method());
+    else
+        return (NULL);
+}
+
+IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
+                         ssl3_accept,
+                         ssl_undefined_function, ssl3_get_server_method)
+#endif
+#ifndef OPENSSL_NO_SRP
+static int ssl_check_srp_ext_ClientHello(SSL *s, int *al)
+{
+    int ret = SSL_ERROR_NONE;
+
+    *al = SSL_AD_UNRECOGNIZED_NAME;
+
+    if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) &&
+        (s->srp_ctx.TLS_ext_srp_username_callback != NULL)) {
+        if (s->srp_ctx.login == NULL) {
+            /*
+             * RFC 5054 says SHOULD reject, we do so if There is no srp
+             * login name
+             */
+            ret = SSL3_AL_FATAL;
+            *al = SSL_AD_UNKNOWN_PSK_IDENTITY;
+        } else {
+            ret = SSL_srp_server_param_with_username(s, al);
+        }
+    }
+    return ret;
+}
+#endif
+
+int ssl3_accept(SSL *s)
+{
+    BUF_MEM *buf;
+    unsigned long alg_k, Time = (unsigned long)time(NULL);
+    void (*cb) (const SSL *ssl, int type, int val) = NULL;
+    int ret = -1;
+    int new_state, state, skip = 0;
+
+    RAND_add(&Time, sizeof(Time), 0);
+    ERR_clear_error();
+    clear_sys_error();
+
+    if (s->info_callback != NULL)
+        cb = s->info_callback;
+    else if (s->ctx->info_callback != NULL)
+        cb = s->ctx->info_callback;
+
+    /* init things to blank */
+    s->in_handshake++;
+    if (!SSL_in_init(s) || SSL_in_before(s))
+        SSL_clear(s);
+
+    if (s->cert == NULL) {
+        SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
+        return (-1);
+    }
+#ifndef OPENSSL_NO_HEARTBEATS
+    /*
+     * If we're awaiting a HeartbeatResponse, pretend we already got and
+     * don't await it anymore, because Heartbeats don't make sense during
+     * handshakes anyway.
+     */
+    if (s->tlsext_hb_pending) {
+        s->tlsext_hb_pending = 0;
+        s->tlsext_hb_seq++;
+    }
+#endif
+
+    for (;;) {
+        state = s->state;
+
+        switch (s->state) {
+        case SSL_ST_RENEGOTIATE:
+            s->renegotiate = 1;
+            /* s->state=SSL_ST_ACCEPT; */
+
+        case SSL_ST_BEFORE:
+        case SSL_ST_ACCEPT:
+        case SSL_ST_BEFORE | SSL_ST_ACCEPT:
+        case SSL_ST_OK | SSL_ST_ACCEPT:
+
+            s->server = 1;
+            if (cb != NULL)
+                cb(s, SSL_CB_HANDSHAKE_START, 1);
+
+            if ((s->version >> 8) != 3) {
+                SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);
+                s->state = SSL_ST_ERR;
+                return -1;
+            }
+            s->type = SSL_ST_ACCEPT;
+
+            if (s->init_buf == NULL) {
+                if ((buf = BUF_MEM_new()) == NULL) {
+                    ret = -1;
+                    s->state = SSL_ST_ERR;
+                    goto end;
+                }
+                if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
+                    BUF_MEM_free(buf);
+                    ret = -1;
+                    s->state = SSL_ST_ERR;
+                    goto end;
+                }
+                s->init_buf = buf;
+            }
+
+            if (!ssl3_setup_buffers(s)) {
+                ret = -1;
+                s->state = SSL_ST_ERR;
+                goto end;
+            }
+
+            s->init_num = 0;
+            s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE;
+            s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
+            /*
+             * Should have been reset by ssl3_get_finished, too.
+             */
+            s->s3->change_cipher_spec = 0;
+
+            if (s->state != SSL_ST_RENEGOTIATE) {
+                /*
+                 * Ok, we now need to push on a buffering BIO so that the
+                 * output is sent in a way that TCP likes :-)
+                 */
+                if (!ssl_init_wbio_buffer(s, 1)) {
+                    ret = -1;
+                    s->state = SSL_ST_ERR;
+                    goto end;
+                }
+
+                ssl3_init_finished_mac(s);
+                s->state = SSL3_ST_SR_CLNT_HELLO_A;
+                s->ctx->stats.sess_accept++;
+            } else if (!s->s3->send_connection_binding &&
+                       !(s->options &
+                         SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
+                /*
+                 * Server attempting to renegotiate with client that doesn't
+                 * support secure renegotiation.
+                 */
+                SSLerr(SSL_F_SSL3_ACCEPT,
+                       SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
+                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+                ret = -1;
+                s->state = SSL_ST_ERR;
+                goto end;
+            } else {
+                /*
+                 * s->state == SSL_ST_RENEGOTIATE, we will just send a
+                 * HelloRequest
+                 */
+                s->ctx->stats.sess_accept_renegotiate++;
+                s->state = SSL3_ST_SW_HELLO_REQ_A;
+            }
+            break;
+
+        case SSL3_ST_SW_HELLO_REQ_A:
+        case SSL3_ST_SW_HELLO_REQ_B:
+
+            s->shutdown = 0;
+            ret = ssl3_send_hello_request(s);
+            if (ret <= 0)
+                goto end;
+            s->s3->tmp.next_state = SSL3_ST_SW_HELLO_REQ_C;
+            s->state = SSL3_ST_SW_FLUSH;
+            s->init_num = 0;
+
+            ssl3_init_finished_mac(s);
+            break;
+
+        case SSL3_ST_SW_HELLO_REQ_C:
+            s->state = SSL_ST_OK;
+            break;
+
+        case SSL3_ST_SR_CLNT_HELLO_A:
+        case SSL3_ST_SR_CLNT_HELLO_B:
+        case SSL3_ST_SR_CLNT_HELLO_C:
+
+            s->shutdown = 0;
+            if (s->rwstate != SSL_X509_LOOKUP) {
+                ret = ssl3_get_client_hello(s);
+                if (ret <= 0)
+                    goto end;
+            }
+#ifndef OPENSSL_NO_SRP
+            {
+                int al;
+                if ((ret = ssl_check_srp_ext_ClientHello(s, &al)) < 0) {
+                    /*
+                     * callback indicates firther work to be done
+                     */
+                    s->rwstate = SSL_X509_LOOKUP;
+                    goto end;
+                }
+                if (ret != SSL_ERROR_NONE) {
+                    ssl3_send_alert(s, SSL3_AL_FATAL, al);
+                    /*
+                     * This is not really an error but the only means to for
+                     * a client to detect whether srp is supported.
+                     */
+                    if (al != TLS1_AD_UNKNOWN_PSK_IDENTITY)
+                        SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_CLIENTHELLO_TLSEXT);
+                    ret = -1;
+                    s->state = SSL_ST_ERR;
+                    goto end;
+                }
+            }
+#endif
+
+            s->renegotiate = 2;
+            s->state = SSL3_ST_SW_SRVR_HELLO_A;
+            s->init_num = 0;
+            break;
+
+        case SSL3_ST_SW_SRVR_HELLO_A:
+        case SSL3_ST_SW_SRVR_HELLO_B:
+            ret = ssl3_send_server_hello(s);
+            if (ret <= 0)
+                goto end;
+#ifndef OPENSSL_NO_TLSEXT
+            if (s->hit) {
+                if (s->tlsext_ticket_expected)
+                    s->state = SSL3_ST_SW_SESSION_TICKET_A;
+                else
+                    s->state = SSL3_ST_SW_CHANGE_A;
+            }
+#else
+            if (s->hit)
+                s->state = SSL3_ST_SW_CHANGE_A;
+#endif
+            else
+                s->state = SSL3_ST_SW_CERT_A;
+            s->init_num = 0;
+            break;
+
+        case SSL3_ST_SW_CERT_A:
+        case SSL3_ST_SW_CERT_B:
+            /* Check if it is anon DH or anon ECDH, */
+            /* normal PSK or KRB5 or SRP */
+            if (!
+                (s->s3->tmp.
+                 new_cipher->algorithm_auth & (SSL_aNULL | SSL_aKRB5 |
+                                               SSL_aSRP))
+&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
+                ret = ssl3_send_server_certificate(s);
+                if (ret <= 0)
+                    goto end;
+#ifndef OPENSSL_NO_TLSEXT
+                if (s->tlsext_status_expected)
+                    s->state = SSL3_ST_SW_CERT_STATUS_A;
+                else
+                    s->state = SSL3_ST_SW_KEY_EXCH_A;
+            } else {
+                skip = 1;
+                s->state = SSL3_ST_SW_KEY_EXCH_A;
+            }
+#else
+            } else
+                skip = 1;
+
+            s->state = SSL3_ST_SW_KEY_EXCH_A;
+#endif
+            s->init_num = 0;
+            break;
+
+        case SSL3_ST_SW_KEY_EXCH_A:
+        case SSL3_ST_SW_KEY_EXCH_B:
+            alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+
+            /*
+             * clear this, it may get reset by
+             * send_server_key_exchange
+             */
+            s->s3->tmp.use_rsa_tmp = 0;
+
+            /*
+             * only send if a DH key exchange, fortezza or RSA but we have a
+             * sign only certificate PSK: may send PSK identity hints For
+             * ECC ciphersuites, we send a serverKeyExchange message only if
+             * the cipher suite is either ECDH-anon or ECDHE. In other cases,
+             * the server certificate contains the server's public key for
+             * key exchange.
+             */
+            if (0
+                /*
+                 * PSK: send ServerKeyExchange if PSK identity hint if
+                 * provided
+                 */
+#ifndef OPENSSL_NO_PSK
+                || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
+#endif
+#ifndef OPENSSL_NO_SRP
+                /* SRP: send ServerKeyExchange */
+                || (alg_k & SSL_kSRP)
+#endif
+                || (alg_k & (SSL_kDHr | SSL_kDHd | SSL_kEDH))
+                || (alg_k & SSL_kEECDH)
+                || ((alg_k & SSL_kRSA)
+                    && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
+                        || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
+                            && EVP_PKEY_size(s->cert->pkeys
+                                             [SSL_PKEY_RSA_ENC].privatekey) *
+                            8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
+                        )
+                    )
+                )
+                ) {
+                ret = ssl3_send_server_key_exchange(s);
+                if (ret <= 0)
+                    goto end;
+            } else
+                skip = 1;
+
+            s->state = SSL3_ST_SW_CERT_REQ_A;
+            s->init_num = 0;
+            break;
+
+        case SSL3_ST_SW_CERT_REQ_A:
+        case SSL3_ST_SW_CERT_REQ_B:
+            if (                /* don't request cert unless asked for it: */
+                   !(s->verify_mode & SSL_VERIFY_PEER) ||
+                   /*
+                    * if SSL_VERIFY_CLIENT_ONCE is set, don't request cert
+                    * during re-negotiation:
+                    */
+                   ((s->session->peer != NULL) &&
+                    (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
+                   /*
+                    * never request cert in anonymous ciphersuites (see
+                    * section "Certificate request" in SSL 3 drafts and in
+                    * RFC 2246):
+                    */
+                   ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
+                    /*
+                     * ... except when the application insists on
+                     * verification (against the specs, but s3_clnt.c accepts
+                     * this for SSL 3)
+                     */
+                    !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
+                   /*
+                    * never request cert in Kerberos ciphersuites
+                    */
+                   (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) ||
+                   /* don't request certificate for SRP auth */
+                   (s->s3->tmp.new_cipher->algorithm_auth & SSL_aSRP)
+                   /*
+                    * With normal PSK Certificates and Certificate Requests
+                    * are omitted
+                    */
+                   || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
+                /* no cert request */
+                skip = 1;
+                s->s3->tmp.cert_request = 0;
+                s->state = SSL3_ST_SW_SRVR_DONE_A;
+                if (s->s3->handshake_buffer) {
+                    if (!ssl3_digest_cached_records(s)) {
+                        s->state = SSL_ST_ERR;
+                        return -1;
+                    }
+                }
+            } else {
+                s->s3->tmp.cert_request = 1;
+                ret = ssl3_send_certificate_request(s);
+                if (ret <= 0)
+                    goto end;
+#ifndef NETSCAPE_HANG_BUG
+                s->state = SSL3_ST_SW_SRVR_DONE_A;
+#else
+                s->state = SSL3_ST_SW_FLUSH;
+                s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
+#endif
+                s->init_num = 0;
+            }
+            break;
+
+        case SSL3_ST_SW_SRVR_DONE_A:
+        case SSL3_ST_SW_SRVR_DONE_B:
+            ret = ssl3_send_server_done(s);
+            if (ret <= 0)
+                goto end;
+            s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
+            s->state = SSL3_ST_SW_FLUSH;
+            s->init_num = 0;
+            break;
+
+        case SSL3_ST_SW_FLUSH:
+
+            /*
+             * This code originally checked to see if any data was pending
+             * using BIO_CTRL_INFO and then flushed. This caused problems as
+             * documented in PR#1939. The proposed fix doesn't completely
+             * resolve this issue as buggy implementations of
+             * BIO_CTRL_PENDING still exist. So instead we just flush
+             * unconditionally.
+             */
+
+            s->rwstate = SSL_WRITING;
+            if (BIO_flush(s->wbio) <= 0) {
+                ret = -1;
+                goto end;
+            }
+            s->rwstate = SSL_NOTHING;
+
+            s->state = s->s3->tmp.next_state;
+            break;
+
+        case SSL3_ST_SR_CERT_A:
+        case SSL3_ST_SR_CERT_B:
+            /* Check for second client hello (MS SGC) */
+            ret = ssl3_check_client_hello(s);
+            if (ret <= 0)
+                goto end;
+            if (ret == 2)
+                s->state = SSL3_ST_SR_CLNT_HELLO_C;
+            else {
+                if (s->s3->tmp.cert_request) {
+                    ret = ssl3_get_client_certificate(s);
+                    if (ret <= 0)
+                        goto end;
+                }
+                s->init_num = 0;
+                s->state = SSL3_ST_SR_KEY_EXCH_A;
+            }
+            break;
+
+        case SSL3_ST_SR_KEY_EXCH_A:
+        case SSL3_ST_SR_KEY_EXCH_B:
+            ret = ssl3_get_client_key_exchange(s);
+            if (ret <= 0)
+                goto end;
+            if (ret == 2) {
+                /*
+                 * For the ECDH ciphersuites when the client sends its ECDH
+                 * pub key in a certificate, the CertificateVerify message is
+                 * not sent. Also for GOST ciphersuites when the client uses
+                 * its key from the certificate for key exchange.
+                 */
+#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
+                s->state = SSL3_ST_SR_FINISHED_A;
+#else
+                if (s->s3->next_proto_neg_seen)
+                    s->state = SSL3_ST_SR_NEXT_PROTO_A;
+                else
+                    s->state = SSL3_ST_SR_FINISHED_A;
+#endif
+                s->init_num = 0;
+            } else if (TLS1_get_version(s) >= TLS1_2_VERSION) {
+                s->state = SSL3_ST_SR_CERT_VRFY_A;
+                s->init_num = 0;
+                if (!s->session->peer)
+                    break;
+                /*
+                 * For TLS v1.2 freeze the handshake buffer at this point and
+                 * digest cached records.
+                 */
+                if (!s->s3->handshake_buffer) {
+                    SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);
+                    s->state = SSL_ST_ERR;
+                    return -1;
+                }
+                s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
+                if (!ssl3_digest_cached_records(s)) {
+                    s->state = SSL_ST_ERR;
+                    return -1;
+                }
+            } else {
+                int offset = 0;
+                int dgst_num;
+
+                s->state = SSL3_ST_SR_CERT_VRFY_A;
+                s->init_num = 0;
+
+                /*
+                 * We need to get hashes here so if there is a client cert,
+                 * it can be verified FIXME - digest processing for
+                 * CertificateVerify should be generalized. But it is next
+                 * step
+                 */
+                if (s->s3->handshake_buffer) {
+                    if (!ssl3_digest_cached_records(s)) {
+                        s->state = SSL_ST_ERR;
+                        return -1;
+                    }
+                }
+                for (dgst_num = 0; dgst_num < SSL_MAX_DIGEST; dgst_num++)
+                    if (s->s3->handshake_dgst[dgst_num]) {
+                        int dgst_size;
+
+                        s->method->ssl3_enc->cert_verify_mac(s,
+                                                             EVP_MD_CTX_type
+                                                             (s->
+                                                              s3->handshake_dgst
+                                                              [dgst_num]),
+                                                             &(s->s3->
+                                                               tmp.cert_verify_md
+                                                               [offset]));
+                        dgst_size =
+                            EVP_MD_CTX_size(s->s3->handshake_dgst[dgst_num]);
+                        if (dgst_size < 0) {
+                            s->state = SSL_ST_ERR;
+                            ret = -1;
+                            goto end;
+                        }
+                        offset += dgst_size;
+                    }
+            }
+            break;
+
+        case SSL3_ST_SR_CERT_VRFY_A:
+        case SSL3_ST_SR_CERT_VRFY_B:
+            ret = ssl3_get_cert_verify(s);
+            if (ret <= 0)
+                goto end;
+
+#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
+            s->state = SSL3_ST_SR_FINISHED_A;
+#else
+            if (s->s3->next_proto_neg_seen)
+                s->state = SSL3_ST_SR_NEXT_PROTO_A;
+            else
+                s->state = SSL3_ST_SR_FINISHED_A;
+#endif
+            s->init_num = 0;
+            break;
+
+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
+        case SSL3_ST_SR_NEXT_PROTO_A:
+        case SSL3_ST_SR_NEXT_PROTO_B:
+            /*
+             * Enable CCS for NPN. Receiving a CCS clears the flag, so make
+             * sure not to re-enable it to ban duplicates. This *should* be the
+             * first time we have received one - but we check anyway to be
+             * cautious.
+             * s->s3->change_cipher_spec is set when a CCS is
+             * processed in s3_pkt.c, and remains set until
+             * the client's Finished message is read.
+             */
+            if (!s->s3->change_cipher_spec)
+                s->s3->flags |= SSL3_FLAGS_CCS_OK;
+
+            ret = ssl3_get_next_proto(s);
+            if (ret <= 0)
+                goto end;
+            s->init_num = 0;
+            s->state = SSL3_ST_SR_FINISHED_A;
+            break;
+#endif
+
+        case SSL3_ST_SR_FINISHED_A:
+        case SSL3_ST_SR_FINISHED_B:
+            /*
+             * Enable CCS for handshakes without NPN. In NPN the CCS flag has
+             * already been set. Receiving a CCS clears the flag, so make
+             * sure not to re-enable it to ban duplicates.
+             * s->s3->change_cipher_spec is set when a CCS is
+             * processed in s3_pkt.c, and remains set until
+             * the client's Finished message is read.
+             */
+            if (!s->s3->change_cipher_spec)
+                s->s3->flags |= SSL3_FLAGS_CCS_OK;
+            ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A,
+                                    SSL3_ST_SR_FINISHED_B);
+            if (ret <= 0)
+                goto end;
+            if (s->hit)
+                s->state = SSL_ST_OK;
+#ifndef OPENSSL_NO_TLSEXT
+            else if (s->tlsext_ticket_expected)
+                s->state = SSL3_ST_SW_SESSION_TICKET_A;
+#endif
+            else
+                s->state = SSL3_ST_SW_CHANGE_A;
+            s->init_num = 0;
+            break;
+
+#ifndef OPENSSL_NO_TLSEXT
+        case SSL3_ST_SW_SESSION_TICKET_A:
+        case SSL3_ST_SW_SESSION_TICKET_B:
+            ret = ssl3_send_newsession_ticket(s);
+            if (ret <= 0)
+                goto end;
+            s->state = SSL3_ST_SW_CHANGE_A;
+            s->init_num = 0;
+            break;
+
+        case SSL3_ST_SW_CERT_STATUS_A:
+        case SSL3_ST_SW_CERT_STATUS_B:
+            ret = ssl3_send_cert_status(s);
+            if (ret <= 0)
+                goto end;
+            s->state = SSL3_ST_SW_KEY_EXCH_A;
+            s->init_num = 0;
+            break;
+
+#endif
+
+        case SSL3_ST_SW_CHANGE_A:
+        case SSL3_ST_SW_CHANGE_B:
+
+            s->session->cipher = s->s3->tmp.new_cipher;
+            if (!s->method->ssl3_enc->setup_key_block(s)) {
+                ret = -1;
+                s->state = SSL_ST_ERR;
+                goto end;
+            }
+
+            ret = ssl3_send_change_cipher_spec(s,
+                                               SSL3_ST_SW_CHANGE_A,
+                                               SSL3_ST_SW_CHANGE_B);
+
+            if (ret <= 0)
+                goto end;
+            s->state = SSL3_ST_SW_FINISHED_A;
+            s->init_num = 0;
+
+            if (!s->method->ssl3_enc->change_cipher_state(s,
+                                                          SSL3_CHANGE_CIPHER_SERVER_WRITE))
+            {
+                ret = -1;
+                s->state = SSL_ST_ERR;
+                goto end;
+            }
+
+            break;
+
+        case SSL3_ST_SW_FINISHED_A:
+        case SSL3_ST_SW_FINISHED_B:
+            ret = ssl3_send_finished(s,
+                                     SSL3_ST_SW_FINISHED_A,
+                                     SSL3_ST_SW_FINISHED_B,
+                                     s->method->
+                                     ssl3_enc->server_finished_label,
+                                     s->method->
+                                     ssl3_enc->server_finished_label_len);
+            if (ret <= 0)
+                goto end;
+            s->state = SSL3_ST_SW_FLUSH;
+            if (s->hit) {
+#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
+                s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A;
+#else
+                if (s->s3->next_proto_neg_seen) {
+                    s->s3->tmp.next_state = SSL3_ST_SR_NEXT_PROTO_A;
+                } else
+                    s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A;
+#endif
+            } else
+                s->s3->tmp.next_state = SSL_ST_OK;
+            s->init_num = 0;
+            break;
+
+        case SSL_ST_OK:
+            /* clean a few things up */
+            ssl3_cleanup_key_block(s);
+
+            BUF_MEM_free(s->init_buf);
+            s->init_buf = NULL;
+
+            /* remove buffering on output */
+            ssl_free_wbio_buffer(s);
+
+            s->init_num = 0;
+
+            if (s->renegotiate == 2) { /* skipped if we just sent a
+                                        * HelloRequest */
+                s->renegotiate = 0;
+                s->new_session = 0;
+
+                ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
+
+                s->ctx->stats.sess_accept_good++;
+                /* s->server=1; */
+                s->handshake_func = ssl3_accept;
+
+                if (cb != NULL)
+                    cb(s, SSL_CB_HANDSHAKE_DONE, 1);
+            }
+
+            ret = 1;
+            goto end;
+            /* break; */
+
+        case SSL_ST_ERR:
+        default:
+            SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNKNOWN_STATE);
+            ret = -1;
+            goto end;
+            /* break; */
+        }
+
+        if (!s->s3->tmp.reuse_message && !skip) {
+            if (s->debug) {
+                if ((ret = BIO_flush(s->wbio)) <= 0)
+                    goto end;
+            }
+
+            if ((cb != NULL) && (s->state != state)) {
+                new_state = s->state;
+                s->state = state;
+                cb(s, SSL_CB_ACCEPT_LOOP, 1);
+                s->state = new_state;
+            }
+        }
+        skip = 0;
+    }
+ end:
+    /* BIO_flush(s->wbio); */
+
+    s->in_handshake--;
+    if (cb != NULL)
+        cb(s, SSL_CB_ACCEPT_EXIT, ret);
+    return (ret);
+}
+
+int ssl3_send_hello_request(SSL *s)
+{
+    unsigned char *p;
+
+    if (s->state == SSL3_ST_SW_HELLO_REQ_A) {
+        p = (unsigned char *)s->init_buf->data;
+        *(p++) = SSL3_MT_HELLO_REQUEST;
+        *(p++) = 0;
+        *(p++) = 0;
+        *(p++) = 0;
+
+        s->state = SSL3_ST_SW_HELLO_REQ_B;
+        /* number of bytes to write */
+        s->init_num = 4;
+        s->init_off = 0;
+    }
+
+    /* SSL3_ST_SW_HELLO_REQ_B */
+    return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+}
+
+int ssl3_check_client_hello(SSL *s)
+{
+    int ok;
+    long n;
+
+    /*
+     * this function is called when we really expect a Certificate message,
+     * so permit appropriate message length
+     */
+    n = s->method->ssl_get_message(s,
+                                   SSL3_ST_SR_CERT_A,
+                                   SSL3_ST_SR_CERT_B,
+                                   -1, s->max_cert_list, &ok);
+    if (!ok)
+        return ((int)n);
+    s->s3->tmp.reuse_message = 1;
+    if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO) {
+        /*
+         * We only allow the client to restart the handshake once per
+         * negotiation.
+         */
+        if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE) {
+            SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO,
+                   SSL_R_MULTIPLE_SGC_RESTARTS);
+            return -1;
+        }
+        /*
+         * Throw away what we have done so far in the current handshake,
+         * which will now be aborted. (A full SSL_clear would be too much.)
+         */
+#ifndef OPENSSL_NO_DH
+        if (s->s3->tmp.dh != NULL) {
+            DH_free(s->s3->tmp.dh);
+            s->s3->tmp.dh = NULL;
+        }
+#endif
+#ifndef OPENSSL_NO_ECDH
+        if (s->s3->tmp.ecdh != NULL) {
+            EC_KEY_free(s->s3->tmp.ecdh);
+            s->s3->tmp.ecdh = NULL;
+        }
+#endif
+        s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE;
+        return 2;
+    }
+    return 1;
+}
+
+int ssl3_get_client_hello(SSL *s)
+{
+    int i, j, ok, al, ret = -1, cookie_valid = 0;
+    unsigned int cookie_len;
+    long n;
+    unsigned long id;
+    unsigned char *p, *d, *q;
+    SSL_CIPHER *c;
+#ifndef OPENSSL_NO_COMP
+    SSL_COMP *comp = NULL;
+#endif
+    STACK_OF(SSL_CIPHER) *ciphers = NULL;
+
+    /*
+     * We do this so that we will respond with our native type. If we are
+     * TLSv1 and we get SSLv3, we will respond with TLSv1, This down
+     * switching should be handled by a different method. If we are SSLv3, we
+     * will respond with SSLv3, even if prompted with TLSv1.
+     */
+    if (s->state == SSL3_ST_SR_CLNT_HELLO_A) {
+        s->state = SSL3_ST_SR_CLNT_HELLO_B;
+    }
+    s->first_packet = 1;
+    n = s->method->ssl_get_message(s,
+                                   SSL3_ST_SR_CLNT_HELLO_B,
+                                   SSL3_ST_SR_CLNT_HELLO_C,
+                                   SSL3_MT_CLIENT_HELLO,
+                                   SSL3_RT_MAX_PLAIN_LENGTH, &ok);
+
+    if (!ok)
+        return ((int)n);
+    s->first_packet = 0;
+    d = p = (unsigned char *)s->init_msg;
+
+    /*
+     * 2 bytes for client version, SSL3_RANDOM_SIZE bytes for random, 1 byte
+     * for session id length
+     */
+    if (n < 2 + SSL3_RANDOM_SIZE + 1) {
+        al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+        goto f_err;
+    }
+
+    /*
+     * use version from inside client hello, not from record header (may
+     * differ: see RFC 2246, Appendix E, second paragraph)
+     */
+    s->client_version = (((int)p[0]) << 8) | (int)p[1];
+    p += 2;
+
+    if ((s->version == DTLS1_VERSION && s->client_version > s->version) ||
+        (s->version != DTLS1_VERSION && s->client_version < s->version)) {
+        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
+        if ((s->client_version >> 8) == SSL3_VERSION_MAJOR &&
+            !s->enc_write_ctx && !s->write_hash) {
+            /*
+             * similar to ssl3_get_record, send alert using remote version
+             * number
+             */
+            s->version = s->client_version;
+        }
+        al = SSL_AD_PROTOCOL_VERSION;
+        goto f_err;
+    }
+
+    /*
+     * If we require cookies and this ClientHello doesn't contain one, just
+     * return since we do not want to allocate any memory yet. So check
+     * cookie length...
+     */
+    if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
+        unsigned int session_length, cookie_length;
+
+        session_length = *(p + SSL3_RANDOM_SIZE);
+
+        if (SSL3_RANDOM_SIZE + session_length + 1 >= (d + n) - p) {
+            al = SSL_AD_DECODE_ERROR;
+            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+            goto f_err;
+        }
+        cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1);
+
+        if (cookie_length == 0)
+            return 1;
+    }
+
+    /* load the client random */
+    memcpy(s->s3->client_random, p, SSL3_RANDOM_SIZE);
+    p += SSL3_RANDOM_SIZE;
+
+    /* get the session-id */
+    j = *(p++);
+
+    if ((d + n) - p < j) {
+        al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+        goto f_err;
+    }
+
+    if ((j < 0) || (j > SSL_MAX_SSL_SESSION_ID_LENGTH)) {
+        al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
+        goto f_err;
+    }
+
+    s->hit = 0;
+    /*
+     * Versions before 0.9.7 always allow clients to resume sessions in
+     * renegotiation. 0.9.7 and later allow this by default, but optionally
+     * ignore resumption requests with flag
+     * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (it's a new flag rather
+     * than a change to default behavior so that applications relying on this
+     * for security won't even compile against older library versions).
+     * 1.0.1 and later also have a function SSL_renegotiate_abbreviated() to
+     * request renegotiation but not a new session (s->new_session remains
+     * unset): for servers, this essentially just means that the
+     * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION setting will be ignored.
+     */
+    if ((s->new_session
+         && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) {
+        if (!ssl_get_new_session(s, 1))
+            goto err;
+    } else {
+        i = ssl_get_prev_session(s, p, j, d + n);
+        /*
+         * Only resume if the session's version matches the negotiated
+         * version.
+         * RFC 5246 does not provide much useful advice on resumption
+         * with a different protocol version. It doesn't forbid it but
+         * the sanity of such behaviour would be questionable.
+         * In practice, clients do not accept a version mismatch and
+         * will abort the handshake with an error.
+         */
+        if (i == 1 && s->version == s->session->ssl_version) { /* previous
+                                                                * session */
+            s->hit = 1;
+        } else if (i == -1)
+            goto err;
+        else {                  /* i == 0 */
+
+            if (!ssl_get_new_session(s, 1))
+                goto err;
+        }
+    }
+
+    p += j;
+
+    if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) {
+        /* cookie stuff */
+        if ((d + n) - p < 1) {
+            al = SSL_AD_DECODE_ERROR;
+            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+            goto f_err;
+        }
+        cookie_len = *(p++);
+
+        if ((d + n ) - p < cookie_len) {
+            al = SSL_AD_DECODE_ERROR;
+            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+            goto f_err;
+        }
+
+        /*
+         * The ClientHello may contain a cookie even if the
+         * HelloVerify message has not been sent--make sure that it
+         * does not cause an overflow.
+         */
+        if (cookie_len > sizeof(s->d1->rcvd_cookie)) {
+            /* too much data */
+            al = SSL_AD_DECODE_ERROR;
+            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
+            goto f_err;
+        }
+
+        /* verify the cookie if appropriate option is set. */
+        if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) && cookie_len > 0) {
+            memcpy(s->d1->rcvd_cookie, p, cookie_len);
+
+            if (s->ctx->app_verify_cookie_cb != NULL) {
+                if (s->ctx->app_verify_cookie_cb(s, s->d1->rcvd_cookie,
+                                                 cookie_len) == 0) {
+                    al = SSL_AD_HANDSHAKE_FAILURE;
+                    SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
+                           SSL_R_COOKIE_MISMATCH);
+                    goto f_err;
+                }
+                /* else cookie verification succeeded */
+            }
+            /* default verification */
+            else if (memcmp(s->d1->rcvd_cookie, s->d1->cookie,
+                            s->d1->cookie_len) != 0) {
+                al = SSL_AD_HANDSHAKE_FAILURE;
+                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
+                goto f_err;
+            }
+            cookie_valid = 1;
+        }
+
+        p += cookie_len;
+    }
+
+    if ((d + n ) - p < 2) {
+        al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+        goto f_err;
+    }
+    n2s(p, i);
+
+    if (i == 0) {
+        al = SSL_AD_ILLEGAL_PARAMETER;
+        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_CIPHERS_SPECIFIED);
+        goto f_err;
+    }
+
+    /* i bytes of cipher data + 1 byte for compression length later */
+    if ((d + n) - p < i + 1) {
+        /* not enough data */
+        al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
+        goto f_err;
+    }
+    if (ssl_bytes_to_cipher_list(s, p, i, &(ciphers)) == NULL) {
+        goto err;
+    }
+    p += i;
+
+    /* If it is a hit, check that the cipher is in the list */
+    if (s->hit) {
+        j = 0;
+        id = s->session->cipher->id;
+
+#ifdef CIPHER_DEBUG
+        fprintf(stderr, "client sent %d ciphers\n",
+                sk_SSL_CIPHER_num(ciphers));
+#endif
+        for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
+            c = sk_SSL_CIPHER_value(ciphers, i);
+#ifdef CIPHER_DEBUG
+            fprintf(stderr, "client [%2d of %2d]:%s\n",
+                    i, sk_SSL_CIPHER_num(ciphers), SSL_CIPHER_get_name(c));
+#endif
+            if (c->id == id) {
+                j = 1;
+                break;
+            }
+        }
+        /*
+         * Disabled because it can be used in a ciphersuite downgrade attack:
+         * CVE-2010-4180.
+         */
+#if 0
+        if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)
+            && (sk_SSL_CIPHER_num(ciphers) == 1)) {
+            /*
+             * Special case as client bug workaround: the previously used
+             * cipher may not be in the current list, the client instead
+             * might be trying to continue using a cipher that before wasn't
+             * chosen due to server preferences.  We'll have to reject the
+             * connection if the cipher is not enabled, though.
+             */
+            c = sk_SSL_CIPHER_value(ciphers, 0);
+            if (sk_SSL_CIPHER_find(SSL_get_ciphers(s), c) >= 0) {
+                s->session->cipher = c;
+                j = 1;
+            }
+        }
+#endif
+        if (j == 0) {
+            /*
+             * we need to have the cipher in the cipher list if we are asked
+             * to reuse it
+             */
+            al = SSL_AD_ILLEGAL_PARAMETER;
+            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
+                   SSL_R_REQUIRED_CIPHER_MISSING);
+            goto f_err;
+        }
+    }
+
+    /* compression */
+    i = *(p++);
+    if ((d + n) - p < i) {
+        /* not enough data */
+        al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
+        goto f_err;
+    }
+    q = p;
+    for (j = 0; j < i; j++) {
+        if (p[j] == 0)
+            break;
+    }
+
+    p += i;
+    if (j >= i) {
+        /* no compress */
+        al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_COMPRESSION_SPECIFIED);
+        goto f_err;
+    }
+#ifndef OPENSSL_NO_TLSEXT
+    /* TLS extensions */
+    if (s->version >= SSL3_VERSION) {
+        if (!ssl_parse_clienthello_tlsext(s, &p, d + n, &al)) {
+            /* 'al' set by ssl_parse_clienthello_tlsext */
+            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_PARSE_TLSEXT);
+            goto f_err;
+        }
+    }
+    if (ssl_check_clienthello_tlsext_early(s) <= 0) {
+        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
+        goto err;
+    }
+
+    /*
+     * Check if we want to use external pre-shared secret for this handshake
+     * for not reused session only. We need to generate server_random before
+     * calling tls_session_secret_cb in order to allow SessionTicket
+     * processing to use it in key derivation.
+     */
+    {
+        unsigned char *pos;
+        pos = s->s3->server_random;
+        if (ssl_fill_hello_random(s, 1, pos, SSL3_RANDOM_SIZE) <= 0) {
+            al = SSL_AD_INTERNAL_ERROR;
+            goto f_err;
+        }
+    }
+
+    if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb) {
+        SSL_CIPHER *pref_cipher = NULL;
+
+        s->session->master_key_length = sizeof(s->session->master_key);
+        if (s->tls_session_secret_cb(s, s->session->master_key,
+                                     &s->session->master_key_length, ciphers,
+                                     &pref_cipher,
+                                     s->tls_session_secret_cb_arg)) {
+            s->hit = 1;
+            s->session->ciphers = ciphers;
+            s->session->verify_result = X509_V_OK;
+
+            ciphers = NULL;
+
+            /* check if some cipher was preferred by call back */
+            pref_cipher =
+                pref_cipher ? pref_cipher : ssl3_choose_cipher(s,
+                                                               s->
+                                                               session->ciphers,
+                                                               SSL_get_ciphers
+                                                               (s));
+            if (pref_cipher == NULL) {
+                al = SSL_AD_HANDSHAKE_FAILURE;
+                SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_SHARED_CIPHER);
+                goto f_err;
+            }
+
+            s->session->cipher = pref_cipher;
+
+            if (s->cipher_list)
+                sk_SSL_CIPHER_free(s->cipher_list);
+
+            if (s->cipher_list_by_id)
+                sk_SSL_CIPHER_free(s->cipher_list_by_id);
+
+            s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers);
+            s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
+        }
+    }
+#endif
+
+    /*
+     * Worst case, we will use the NULL compression, but if we have other
+     * options, we will now look for them.  We have i-1 compression
+     * algorithms from the client, starting at q.
+     */
+    s->s3->tmp.new_compression = NULL;
+#ifndef OPENSSL_NO_COMP
+    /* This only happens if we have a cache hit */
+    if (s->session->compress_meth != 0) {
+        int m, comp_id = s->session->compress_meth;
+        /* Perform sanity checks on resumed compression algorithm */
+        /* Can't disable compression */
+        if (s->options & SSL_OP_NO_COMPRESSION) {
+            al = SSL_AD_INTERNAL_ERROR;
+            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
+                   SSL_R_INCONSISTENT_COMPRESSION);
+            goto f_err;
+        }
+        /* Look for resumed compression method */
+        for (m = 0; m < sk_SSL_COMP_num(s->ctx->comp_methods); m++) {
+            comp = sk_SSL_COMP_value(s->ctx->comp_methods, m);
+            if (comp_id == comp->id) {
+                s->s3->tmp.new_compression = comp;
+                break;
+            }
+        }
+        if (s->s3->tmp.new_compression == NULL) {
+            al = SSL_AD_INTERNAL_ERROR;
+            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
+                   SSL_R_INVALID_COMPRESSION_ALGORITHM);
+            goto f_err;
+        }
+        /* Look for resumed method in compression list */
+        for (m = 0; m < i; m++) {
+            if (q[m] == comp_id)
+                break;
+        }
+        if (m >= i) {
+            al = SSL_AD_ILLEGAL_PARAMETER;
+            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
+                   SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING);
+            goto f_err;
+        }
+    } else if (s->hit)
+        comp = NULL;
+    else if (!(s->options & SSL_OP_NO_COMPRESSION) && s->ctx->comp_methods) {
+        /* See if we have a match */
+        int m, nn, o, v, done = 0;
+
+        nn = sk_SSL_COMP_num(s->ctx->comp_methods);
+        for (m = 0; m < nn; m++) {
+            comp = sk_SSL_COMP_value(s->ctx->comp_methods, m);
+            v = comp->id;
+            for (o = 0; o < i; o++) {
+                if (v == q[o]) {
+                    done = 1;
+                    break;
+                }
+            }
+            if (done)
+                break;
+        }
+        if (done)
+            s->s3->tmp.new_compression = comp;
+        else
+            comp = NULL;
+    }
+#else
+    /*
+     * If compression is disabled we'd better not try to resume a session
+     * using compression.
+     */
+    if (s->session->compress_meth != 0) {
+        al = SSL_AD_INTERNAL_ERROR;
+        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_INCONSISTENT_COMPRESSION);
+        goto f_err;
+    }
+#endif
+
+    /*
+     * Given s->session->ciphers and SSL_get_ciphers, we must pick a cipher
+     */
+
+    if (!s->hit) {
+#ifdef OPENSSL_NO_COMP
+        s->session->compress_meth = 0;
+#else
+        s->session->compress_meth = (comp == NULL) ? 0 : comp->id;
+#endif
+        if (s->session->ciphers != NULL)
+            sk_SSL_CIPHER_free(s->session->ciphers);
+        s->session->ciphers = ciphers;
+        if (ciphers == NULL) {
+            al = SSL_AD_INTERNAL_ERROR;
+            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+            goto f_err;
+        }
+        ciphers = NULL;
+        c = ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s));
+
+        if (c == NULL) {
+            al = SSL_AD_HANDSHAKE_FAILURE;
+            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_SHARED_CIPHER);
+            goto f_err;
+        }
+        s->s3->tmp.new_cipher = c;
+    } else {
+        /* Session-id reuse */
+#ifdef REUSE_CIPHER_BUG
+        STACK_OF(SSL_CIPHER) *sk;
+        SSL_CIPHER *nc = NULL;
+        SSL_CIPHER *ec = NULL;
+
+        if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG) {
+            sk = s->session->ciphers;
+            for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
+                c = sk_SSL_CIPHER_value(sk, i);
+                if (c->algorithm_enc & SSL_eNULL)
+                    nc = c;
+                if (SSL_C_IS_EXPORT(c))
+                    ec = c;
+            }
+            if (nc != NULL)
+                s->s3->tmp.new_cipher = nc;
+            else if (ec != NULL)
+                s->s3->tmp.new_cipher = ec;
+            else
+                s->s3->tmp.new_cipher = s->session->cipher;
+        } else
+#endif
+            s->s3->tmp.new_cipher = s->session->cipher;
+    }
+
+    if (TLS1_get_version(s) < TLS1_2_VERSION
+        || !(s->verify_mode & SSL_VERIFY_PEER)) {
+        if (!ssl3_digest_cached_records(s)) {
+            al = SSL_AD_INTERNAL_ERROR;
+            goto f_err;
+        }
+    }
+
+    /*-
+     * we now have the following setup.
+     * client_random
+     * cipher_list          - our prefered list of ciphers
+     * ciphers              - the clients prefered list of ciphers
+     * compression          - basically ignored right now
+     * ssl version is set   - sslv3
+     * s->session           - The ssl session has been setup.
+     * s->hit               - session reuse flag
+     * s->tmp.new_cipher    - the new cipher to use.
+     */
+
+    /* Handles TLS extensions that we couldn't check earlier */
+    if (s->version >= SSL3_VERSION) {
+        if (ssl_check_clienthello_tlsext_late(s) <= 0) {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
+            goto err;
+        }
+    }
+
+    ret = cookie_valid ? 2 : 1;
+    if (0) {
+ f_err:
+        ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ err:
+        s->state = SSL_ST_ERR;
+    }
+
+    if (ciphers != NULL)
+        sk_SSL_CIPHER_free(ciphers);
+    return ret;
+}
+
+int ssl3_send_server_hello(SSL *s)
+{
+    unsigned char *buf;
+    unsigned char *p, *d;
+    int i, sl;
+    unsigned long l;
+
+    if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {
+        buf = (unsigned char *)s->init_buf->data;
+#ifdef OPENSSL_NO_TLSEXT
+        p = s->s3->server_random;
+        if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0) {
+            s->state = SSL_ST_ERR;
+            return -1;
+        }
+#endif
+        /* Do the message type and length last */
+        d = p = &(buf[4]);
+
+        *(p++) = s->version >> 8;
+        *(p++) = s->version & 0xff;
+
+        /* Random stuff */
+        memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
+        p += SSL3_RANDOM_SIZE;
+
+        /*-
+         * There are several cases for the session ID to send
+         * back in the server hello:
+         * - For session reuse from the session cache,
+         *   we send back the old session ID.
+         * - If stateless session reuse (using a session ticket)
+         *   is successful, we send back the client's "session ID"
+         *   (which doesn't actually identify the session).
+         * - If it is a new session, we send back the new
+         *   session ID.
+         * - However, if we want the new session to be single-use,
+         *   we send back a 0-length session ID.
+         * s->hit is non-zero in either case of session reuse,
+         * so the following won't overwrite an ID that we're supposed
+         * to send back.
+         */
+        if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
+            && !s->hit)
+            s->session->session_id_length = 0;
+
+        sl = s->session->session_id_length;
+        if (sl > (int)sizeof(s->session->session_id)) {
+            SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
+            s->state = SSL_ST_ERR;
+            return -1;
+        }
+        *(p++) = sl;
+        memcpy(p, s->session->session_id, sl);
+        p += sl;
+
+        /* put the cipher */
+        i = ssl3_put_cipher_by_char(s->s3->tmp.new_cipher, p);
+        p += i;
+
+        /* put the compression method */
+#ifdef OPENSSL_NO_COMP
+        *(p++) = 0;
+#else
+        if (s->s3->tmp.new_compression == NULL)
+            *(p++) = 0;
+        else
+            *(p++) = s->s3->tmp.new_compression->id;
+#endif
+#ifndef OPENSSL_NO_TLSEXT
+        if (ssl_prepare_serverhello_tlsext(s) <= 0) {
+            SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, SSL_R_SERVERHELLO_TLSEXT);
+            s->state = SSL_ST_ERR;
+            return -1;
+        }
+        if ((p =
+             ssl_add_serverhello_tlsext(s, p,
+                                        buf + SSL3_RT_MAX_PLAIN_LENGTH)) ==
+            NULL) {
+            SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
+            s->state = SSL_ST_ERR;
+            return -1;
+        }
+#endif
+        /* do the header */
+        l = (p - d);
+        d = buf;
+        *(d++) = SSL3_MT_SERVER_HELLO;
+        l2n3(l, d);
+
+        s->state = SSL3_ST_SW_SRVR_HELLO_B;
+        /* number of bytes to write */
+        s->init_num = p - buf;
+        s->init_off = 0;
+    }
+
+    /* SSL3_ST_SW_SRVR_HELLO_B */
+    return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+}
+
+int ssl3_send_server_done(SSL *s)
+{
+    unsigned char *p;
+
+    if (s->state == SSL3_ST_SW_SRVR_DONE_A) {
+        p = (unsigned char *)s->init_buf->data;
+
+        /* do the header */
+        *(p++) = SSL3_MT_SERVER_DONE;
+        *(p++) = 0;
+        *(p++) = 0;
+        *(p++) = 0;
+
+        s->state = SSL3_ST_SW_SRVR_DONE_B;
+        /* number of bytes to write */
+        s->init_num = 4;
+        s->init_off = 0;
+    }
+
+    /* SSL3_ST_SW_SRVR_DONE_B */
+    return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+}
+
+int ssl3_send_server_key_exchange(SSL *s)
+{
+#ifndef OPENSSL_NO_RSA
+    unsigned char *q;
+    int j, num;
+    RSA *rsa;
+    unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
+    unsigned int u;
+#endif
+#ifndef OPENSSL_NO_DH
+    DH *dh = NULL, *dhp;
+#endif
+#ifndef OPENSSL_NO_ECDH
+    EC_KEY *ecdh = NULL, *ecdhp;
+    unsigned char *encodedPoint = NULL;
+    int encodedlen = 0;
+    int curve_id = 0;
+    BN_CTX *bn_ctx = NULL;
+#endif
+    EVP_PKEY *pkey;
+    const EVP_MD *md = NULL;
+    unsigned char *p, *d;
+    int al, i;
+    unsigned long type;
+    int n;
+    CERT *cert;
+    BIGNUM *r[4];
+    int nr[4], kn;
+    BUF_MEM *buf;
+    EVP_MD_CTX md_ctx;
+
+    EVP_MD_CTX_init(&md_ctx);
+    if (s->state == SSL3_ST_SW_KEY_EXCH_A) {
+        type = s->s3->tmp.new_cipher->algorithm_mkey;
+        cert = s->cert;
+
+        buf = s->init_buf;
+
+        r[0] = r[1] = r[2] = r[3] = NULL;
+        n = 0;
+#ifndef OPENSSL_NO_RSA
+        if (type & SSL_kRSA) {
+            rsa = cert->rsa_tmp;
+            if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) {
+                rsa = s->cert->rsa_tmp_cb(s,
+                                          SSL_C_IS_EXPORT(s->s3->
+                                                          tmp.new_cipher),
+                                          SSL_C_EXPORT_PKEYLENGTH(s->s3->
+                                                                  tmp.new_cipher));
+                if (rsa == NULL) {
+                    al = SSL_AD_HANDSHAKE_FAILURE;
+                    SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+                           SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
+                    goto f_err;
+                }
+                RSA_up_ref(rsa);
+                cert->rsa_tmp = rsa;
+            }
+            if (rsa == NULL) {
+                al = SSL_AD_HANDSHAKE_FAILURE;
+                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+                       SSL_R_MISSING_TMP_RSA_KEY);
+                goto f_err;
+            }
+            r[0] = rsa->n;
+            r[1] = rsa->e;
+            s->s3->tmp.use_rsa_tmp = 1;
+        } else
+#endif
+#ifndef OPENSSL_NO_DH
+        if (type & SSL_kEDH) {
+            dhp = cert->dh_tmp;
+            if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
+                dhp = s->cert->dh_tmp_cb(s,
+                                         SSL_C_IS_EXPORT(s->s3->
+                                                         tmp.new_cipher),
+                                         SSL_C_EXPORT_PKEYLENGTH(s->s3->
+                                                                 tmp.new_cipher));
+            if (dhp == NULL) {
+                al = SSL_AD_HANDSHAKE_FAILURE;
+                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+                       SSL_R_MISSING_TMP_DH_KEY);
+                goto f_err;
+            }
+
+            if (s->s3->tmp.dh != NULL) {
+                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+                       ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+
+            if ((dh = DHparams_dup(dhp)) == NULL) {
+                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
+                goto err;
+            }
+
+            s->s3->tmp.dh = dh;
+            if (!DH_generate_key(dh)) {
+                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
+                goto err;
+            }
+            r[0] = dh->p;
+            r[1] = dh->g;
+            r[2] = dh->pub_key;
+        } else
+#endif
+#ifndef OPENSSL_NO_ECDH
+        if (type & SSL_kEECDH) {
+            const EC_GROUP *group;
+
+            ecdhp = cert->ecdh_tmp;
+            if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL)) {
+                ecdhp = s->cert->ecdh_tmp_cb(s,
+                                             SSL_C_IS_EXPORT(s->s3->
+                                                             tmp.new_cipher),
+                                             SSL_C_EXPORT_PKEYLENGTH(s->
+                                                                     s3->tmp.new_cipher));
+            }
+            if (ecdhp == NULL) {
+                al = SSL_AD_HANDSHAKE_FAILURE;
+                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+                       SSL_R_MISSING_TMP_ECDH_KEY);
+                goto f_err;
+            }
+
+            if (s->s3->tmp.ecdh != NULL) {
+                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+                       ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+
+            /* Duplicate the ECDH structure. */
+            if (ecdhp == NULL) {
+                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
+                goto err;
+            }
+            if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) {
+                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
+                goto err;
+            }
+
+            s->s3->tmp.ecdh = ecdh;
+            if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
+                (EC_KEY_get0_private_key(ecdh) == NULL) ||
+                (s->options & SSL_OP_SINGLE_ECDH_USE)) {
+                if (!EC_KEY_generate_key(ecdh)) {
+                    SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+                           ERR_R_ECDH_LIB);
+                    goto err;
+                }
+            }
+
+            if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
+                (EC_KEY_get0_public_key(ecdh) == NULL) ||
+                (EC_KEY_get0_private_key(ecdh) == NULL)) {
+                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
+                goto err;
+            }
+
+            if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
+                (EC_GROUP_get_degree(group) > 163)) {
+                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+                       SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
+                goto err;
+            }
+
+            /*
+             * XXX: For now, we only support ephemeral ECDH keys over named
+             * (not generic) curves. For supported named curves, curve_id is
+             * non-zero.
+             */
+            if ((curve_id =
+                 tls1_ec_nid2curve_id(EC_GROUP_get_curve_name(group)))
+                == 0) {
+                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+                       SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
+                goto err;
+            }
+
+            /*
+             * Encode the public key. First check the size of encoding and
+             * allocate memory accordingly.
+             */
+            encodedlen = EC_POINT_point2oct(group,
+                                            EC_KEY_get0_public_key(ecdh),
+                                            POINT_CONVERSION_UNCOMPRESSED,
+                                            NULL, 0, NULL);
+
+            encodedPoint = (unsigned char *)
+                OPENSSL_malloc(encodedlen * sizeof(unsigned char));
+            bn_ctx = BN_CTX_new();
+            if ((encodedPoint == NULL) || (bn_ctx == NULL)) {
+                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+                       ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+
+            encodedlen = EC_POINT_point2oct(group,
+                                            EC_KEY_get0_public_key(ecdh),
+                                            POINT_CONVERSION_UNCOMPRESSED,
+                                            encodedPoint, encodedlen, bn_ctx);
+
+            if (encodedlen == 0) {
+                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
+                goto err;
+            }
+
+            BN_CTX_free(bn_ctx);
+            bn_ctx = NULL;
+
+            /*
+             * XXX: For now, we only support named (not generic) curves in
+             * ECDH ephemeral key exchanges. In this situation, we need four
+             * additional bytes to encode the entire ServerECDHParams
+             * structure.
+             */
+            n = 4 + encodedlen;
+
+            /*
+             * We'll generate the serverKeyExchange message explicitly so we
+             * can set these to NULLs
+             */
+            r[0] = NULL;
+            r[1] = NULL;
+            r[2] = NULL;
+            r[3] = NULL;
+        } else
+#endif                          /* !OPENSSL_NO_ECDH */
+#ifndef OPENSSL_NO_PSK
+        if (type & SSL_kPSK) {
+            /*
+             * reserve size for record length and PSK identity hint
+             */
+            n += 2 + strlen(s->ctx->psk_identity_hint);
+        } else
+#endif                          /* !OPENSSL_NO_PSK */
+#ifndef OPENSSL_NO_SRP
+        if (type & SSL_kSRP) {
+            if ((s->srp_ctx.N == NULL) ||
+                (s->srp_ctx.g == NULL) ||
+                (s->srp_ctx.s == NULL) || (s->srp_ctx.B == NULL)) {
+                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+                       SSL_R_MISSING_SRP_PARAM);
+                goto err;
+            }
+            r[0] = s->srp_ctx.N;
+            r[1] = s->srp_ctx.g;
+            r[2] = s->srp_ctx.s;
+            r[3] = s->srp_ctx.B;
+        } else
+#endif
+        {
+            al = SSL_AD_HANDSHAKE_FAILURE;
+            SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+                   SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
+            goto f_err;
+        }
+        for (i = 0; i < 4 && r[i] != NULL; i++) {
+            nr[i] = BN_num_bytes(r[i]);
+#ifndef OPENSSL_NO_SRP
+            if ((i == 2) && (type & SSL_kSRP))
+                n += 1 + nr[i];
+            else
+#endif
+                n += 2 + nr[i];
+        }
+
+        if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
+            && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
+            if ((pkey = ssl_get_sign_pkey(s, s->s3->tmp.new_cipher, &md))
+                == NULL) {
+                al = SSL_AD_DECODE_ERROR;
+                goto f_err;
+            }
+            kn = EVP_PKEY_size(pkey);
+        } else {
+            pkey = NULL;
+            kn = 0;
+        }
+
+        if (!BUF_MEM_grow_clean(buf, n + 4 + kn)) {
+            SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_BUF);
+            goto err;
+        }
+        d = (unsigned char *)s->init_buf->data;
+        p = &(d[4]);
+
+        for (i = 0; i < 4 && r[i] != NULL; i++) {
+#ifndef OPENSSL_NO_SRP
+            if ((i == 2) && (type & SSL_kSRP)) {
+                *p = nr[i];
+                p++;
+            } else
+#endif
+                s2n(nr[i], p);
+            BN_bn2bin(r[i], p);
+            p += nr[i];
+        }
+
+#ifndef OPENSSL_NO_ECDH
+        if (type & SSL_kEECDH) {
+            /*
+             * XXX: For now, we only support named (not generic) curves. In
+             * this situation, the serverKeyExchange message has: [1 byte
+             * CurveType], [2 byte CurveName] [1 byte length of encoded
+             * point], followed by the actual encoded point itself
+             */
+            *p = NAMED_CURVE_TYPE;
+            p += 1;
+            *p = 0;
+            p += 1;
+            *p = curve_id;
+            p += 1;
+            *p = encodedlen;
+            p += 1;
+            memcpy((unsigned char *)p,
+                   (unsigned char *)encodedPoint, encodedlen);
+            OPENSSL_free(encodedPoint);
+            encodedPoint = NULL;
+            p += encodedlen;
+        }
+#endif
+
+#ifndef OPENSSL_NO_PSK
+        if (type & SSL_kPSK) {
+            /* copy PSK identity hint */
+            s2n(strlen(s->ctx->psk_identity_hint), p);
+            strncpy((char *)p, s->ctx->psk_identity_hint,
+                    strlen(s->ctx->psk_identity_hint));
+            p += strlen(s->ctx->psk_identity_hint);
+        }
+#endif
+
+        /* not anonymous */
+        if (pkey != NULL) {
+            /*
+             * n is the length of the params, they start at &(d[4]) and p
+             * points to the space at the end.
+             */
+#ifndef OPENSSL_NO_RSA
+            if (pkey->type == EVP_PKEY_RSA
+                && TLS1_get_version(s) < TLS1_2_VERSION) {
+                q = md_buf;
+                j = 0;
+                for (num = 2; num > 0; num--) {
+                    EVP_MD_CTX_set_flags(&md_ctx,
+                                         EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+                    if (EVP_DigestInit_ex(&md_ctx,
+                                          (num == 2) ? s->ctx->md5
+                                                     : s->ctx->sha1,
+                                          NULL) <= 0
+                        || EVP_DigestUpdate(&md_ctx, &(s->s3->client_random[0]),
+                                            SSL3_RANDOM_SIZE) <= 0
+                        || EVP_DigestUpdate(&md_ctx, &(s->s3->server_random[0]),
+                                            SSL3_RANDOM_SIZE) <= 0
+                        || EVP_DigestUpdate(&md_ctx, &(d[4]), n) <= 0
+                        || EVP_DigestFinal_ex(&md_ctx, q,
+                                              (unsigned int *)&i) <= 0) {
+                        SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+                               ERR_LIB_EVP);
+                        al = SSL_AD_INTERNAL_ERROR;
+                        goto f_err;
+                    }
+                    q += i;
+                    j += i;
+                }
+                if (RSA_sign(NID_md5_sha1, md_buf, j,
+                             &(p[2]), &u, pkey->pkey.rsa) <= 0) {
+                    SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_RSA);
+                    goto err;
+                }
+                s2n(u, p);
+                n += u + 2;
+            } else
+#endif
+            if (md) {
+                /*
+                 * For TLS1.2 and later send signature algorithm
+                 */
+                if (TLS1_get_version(s) >= TLS1_2_VERSION) {
+                    if (!tls12_get_sigandhash(p, pkey, md)) {
+                        /* Should never happen */
+                        al = SSL_AD_INTERNAL_ERROR;
+                        SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+                               ERR_R_INTERNAL_ERROR);
+                        goto f_err;
+                    }
+                    p += 2;
+                }
+#ifdef SSL_DEBUG
+                fprintf(stderr, "Using hash %s\n", EVP_MD_name(md));
+#endif
+                if (EVP_SignInit_ex(&md_ctx, md, NULL) <= 0
+                        || EVP_SignUpdate(&md_ctx, &(s->s3->client_random[0]),
+                                          SSL3_RANDOM_SIZE) <= 0
+                        || EVP_SignUpdate(&md_ctx, &(s->s3->server_random[0]),
+                                          SSL3_RANDOM_SIZE) <= 0
+                        || EVP_SignUpdate(&md_ctx, &(d[4]), n) <= 0
+                        || EVP_SignFinal(&md_ctx, &(p[2]),
+                                         (unsigned int *)&i, pkey) <= 0) {
+                    SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_EVP);
+                    al = SSL_AD_INTERNAL_ERROR;
+                    goto f_err;
+                }
+                s2n(i, p);
+                n += i + 2;
+                if (TLS1_get_version(s) >= TLS1_2_VERSION)
+                    n += 2;
+            } else {
+                /* Is this error check actually needed? */
+                al = SSL_AD_HANDSHAKE_FAILURE;
+                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+                       SSL_R_UNKNOWN_PKEY_TYPE);
+                goto f_err;
+            }
+        }
+
+        *(d++) = SSL3_MT_SERVER_KEY_EXCHANGE;
+        l2n3(n, d);
+
+        /*
+         * we should now have things packed up, so lets send it off
+         */
+        s->init_num = n + 4;
+        s->init_off = 0;
+    }
+
+    s->state = SSL3_ST_SW_KEY_EXCH_B;
+    EVP_MD_CTX_cleanup(&md_ctx);
+    return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+ f_err:
+    ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ err:
+#ifndef OPENSSL_NO_ECDH
+    if (encodedPoint != NULL)
+        OPENSSL_free(encodedPoint);
+    BN_CTX_free(bn_ctx);
+#endif
+    EVP_MD_CTX_cleanup(&md_ctx);
+    s->state = SSL_ST_ERR;
+    return (-1);
+}
+
+int ssl3_send_certificate_request(SSL *s)
+{
+    unsigned char *p, *d;
+    int i, j, nl, off, n;
+    STACK_OF(X509_NAME) *sk = NULL;
+    X509_NAME *name;
+    BUF_MEM *buf;
+
+    if (s->state == SSL3_ST_SW_CERT_REQ_A) {
+        buf = s->init_buf;
+
+        d = p = (unsigned char *)&(buf->data[4]);
+
+        /* get the list of acceptable cert types */
+        p++;
+        n = ssl3_get_req_cert_type(s, p);
+        d[0] = n;
+        p += n;
+        n++;
+
+        if (TLS1_get_version(s) >= TLS1_2_VERSION) {
+            nl = tls12_get_req_sig_algs(s, p + 2);
+            s2n(nl, p);
+            p += nl + 2;
+            n += nl + 2;
+        }
+
+        off = n;
+        p += 2;
+        n += 2;
+
+        sk = SSL_get_client_CA_list(s);
+        nl = 0;
+        if (sk != NULL) {
+            for (i = 0; i < sk_X509_NAME_num(sk); i++) {
+                name = sk_X509_NAME_value(sk, i);
+                j = i2d_X509_NAME(name, NULL);
+                if (!BUF_MEM_grow_clean(buf, 4 + n + j + 2)) {
+                    SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,
+                           ERR_R_BUF_LIB);
+                    goto err;
+                }
+                p = (unsigned char *)&(buf->data[4 + n]);
+                if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) {
+                    s2n(j, p);
+                    i2d_X509_NAME(name, &p);
+                    n += 2 + j;
+                    nl += 2 + j;
+                } else {
+                    d = p;
+                    i2d_X509_NAME(name, &p);
+                    j -= 2;
+                    s2n(j, d);
+                    j += 2;
+                    n += j;
+                    nl += j;
+                }
+            }
+        }
+        /* else no CA names */
+        p = (unsigned char *)&(buf->data[4 + off]);
+        s2n(nl, p);
+
+        d = (unsigned char *)buf->data;
+        *(d++) = SSL3_MT_CERTIFICATE_REQUEST;
+        l2n3(n, d);
+
+        /*
+         * we should now have things packed up, so lets send it off
+         */
+
+        s->init_num = n + 4;
+        s->init_off = 0;
+#ifdef NETSCAPE_HANG_BUG
+        if (!BUF_MEM_grow_clean(buf, s->init_num + 4)) {
+            SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST, ERR_R_BUF_LIB);
+            goto err;
+        }
+        p = (unsigned char *)s->init_buf->data + s->init_num;
+
+        /* do the header */
+        *(p++) = SSL3_MT_SERVER_DONE;
+        *(p++) = 0;
+        *(p++) = 0;
+        *(p++) = 0;
+        s->init_num += 4;
+#endif
+
+        s->state = SSL3_ST_SW_CERT_REQ_B;
+    }
+
+    /* SSL3_ST_SW_CERT_REQ_B */
+    return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+ err:
+    s->state = SSL_ST_ERR;
+    return (-1);
+}
+
+int ssl3_get_client_key_exchange(SSL *s)
+{
+    int i, al, ok;
+    long n;
+    unsigned long alg_k;
+    unsigned char *p;
+#ifndef OPENSSL_NO_RSA
+    RSA *rsa = NULL;
+    EVP_PKEY *pkey = NULL;
+#endif
+#ifndef OPENSSL_NO_DH
+    BIGNUM *pub = NULL;
+    DH *dh_srvr;
+#endif
+#ifndef OPENSSL_NO_KRB5
+    KSSL_ERR kssl_err;
+#endif                          /* OPENSSL_NO_KRB5 */
+
+#ifndef OPENSSL_NO_ECDH
+    EC_KEY *srvr_ecdh = NULL;
+    EVP_PKEY *clnt_pub_pkey = NULL;
+    EC_POINT *clnt_ecpoint = NULL;
+    BN_CTX *bn_ctx = NULL;
+#endif
+
+    n = s->method->ssl_get_message(s,
+                                   SSL3_ST_SR_KEY_EXCH_A,
+                                   SSL3_ST_SR_KEY_EXCH_B,
+                                   SSL3_MT_CLIENT_KEY_EXCHANGE, 2048, &ok);
+
+    if (!ok)
+        return ((int)n);
+    p = (unsigned char *)s->init_msg;
+
+    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+
+#ifndef OPENSSL_NO_RSA
+    if (alg_k & SSL_kRSA) {
+        unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH];
+        int decrypt_len;
+        unsigned char decrypt_good, version_good;
+        size_t j;
+
+        /* FIX THIS UP EAY EAY EAY EAY */
+        if (s->s3->tmp.use_rsa_tmp) {
+            if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL))
+                rsa = s->cert->rsa_tmp;
+            /*
+             * Don't do a callback because rsa_tmp should be sent already
+             */
+            if (rsa == NULL) {
+                al = SSL_AD_HANDSHAKE_FAILURE;
+                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                       SSL_R_MISSING_TMP_RSA_PKEY);
+                goto f_err;
+
+            }
+        } else {
+            pkey = s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey;
+            if ((pkey == NULL) ||
+                (pkey->type != EVP_PKEY_RSA) || (pkey->pkey.rsa == NULL)) {
+                al = SSL_AD_HANDSHAKE_FAILURE;
+                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                       SSL_R_MISSING_RSA_CERTIFICATE);
+                goto f_err;
+            }
+            rsa = pkey->pkey.rsa;
+        }
+
+        /* TLS and [incidentally] DTLS{0xFEFF} */
+        if (s->version > SSL3_VERSION && s->version != DTLS1_BAD_VER) {
+            n2s(p, i);
+            if (n != i + 2) {
+                if (!(s->options & SSL_OP_TLS_D5_BUG)) {
+                    al = SSL_AD_DECODE_ERROR;
+                    SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                           SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
+                    goto f_err;
+                } else
+                    p -= 2;
+            } else
+                n = i;
+        }
+
+        /*
+         * Reject overly short RSA ciphertext because we want to be sure
+         * that the buffer size makes it safe to iterate over the entire
+         * size of a premaster secret (SSL_MAX_MASTER_KEY_LENGTH). The
+         * actual expected size is larger due to RSA padding, but the
+         * bound is sufficient to be safe.
+         */
+        if (n < SSL_MAX_MASTER_KEY_LENGTH) {
+            al = SSL_AD_DECRYPT_ERROR;
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                   SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
+            goto f_err;
+        }
+
+        /*
+         * We must not leak whether a decryption failure occurs because of
+         * Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see RFC 2246,
+         * section 7.4.7.1). The code follows that advice of the TLS RFC and
+         * generates a random premaster secret for the case that the decrypt
+         * fails. See https://tools.ietf.org/html/rfc5246#section-7.4.7.1
+         */
+
+        if (RAND_bytes(rand_premaster_secret,
+                       sizeof(rand_premaster_secret)) <= 0)
+            goto err;
+        decrypt_len =
+            RSA_private_decrypt((int)n, p, p, rsa, RSA_PKCS1_PADDING);
+        ERR_clear_error();
+
+        /*
+         * decrypt_len should be SSL_MAX_MASTER_KEY_LENGTH. decrypt_good will
+         * be 0xff if so and zero otherwise.
+         */
+        decrypt_good =
+            constant_time_eq_int_8(decrypt_len, SSL_MAX_MASTER_KEY_LENGTH);
+
+        /*
+         * If the version in the decrypted pre-master secret is correct then
+         * version_good will be 0xff, otherwise it'll be zero. The
+         * Klima-Pokorny-Rosa extension of Bleichenbacher's attack
+         * (http://eprint.iacr.org/2003/052/) exploits the version number
+         * check as a "bad version oracle". Thus version checks are done in
+         * constant time and are treated like any other decryption error.
+         */
+        version_good =
+            constant_time_eq_8(p[0], (unsigned)(s->client_version >> 8));
+        version_good &=
+            constant_time_eq_8(p[1], (unsigned)(s->client_version & 0xff));
+
+        /*
+         * The premaster secret must contain the same version number as the
+         * ClientHello to detect version rollback attacks (strangely, the
+         * protocol does not offer such protection for DH ciphersuites).
+         * However, buggy clients exist that send the negotiated protocol
+         * version instead if the server does not support the requested
+         * protocol version. If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such
+         * clients.
+         */
+        if (s->options & SSL_OP_TLS_ROLLBACK_BUG) {
+            unsigned char workaround_good;
+            workaround_good =
+                constant_time_eq_8(p[0], (unsigned)(s->version >> 8));
+            workaround_good &=
+                constant_time_eq_8(p[1], (unsigned)(s->version & 0xff));
+            version_good |= workaround_good;
+        }
+
+        /*
+         * Both decryption and version must be good for decrypt_good to
+         * remain non-zero (0xff).
+         */
+        decrypt_good &= version_good;
+
+        /*
+         * Now copy rand_premaster_secret over from p using
+         * decrypt_good_mask. If decryption failed, then p does not
+         * contain valid plaintext, however, a check above guarantees
+         * it is still sufficiently large to read from.
+         */
+        for (j = 0; j < sizeof(rand_premaster_secret); j++) {
+            p[j] = constant_time_select_8(decrypt_good, p[j],
+                                          rand_premaster_secret[j]);
+        }
+
+        s->session->master_key_length =
+            s->method->ssl3_enc->generate_master_secret(s,
+                                                        s->
+                                                        session->master_key,
+                                                        p,
+                                                        sizeof
+                                                        (rand_premaster_secret));
+        OPENSSL_cleanse(p, sizeof(rand_premaster_secret));
+    } else
+#endif
+#ifndef OPENSSL_NO_DH
+    if (alg_k & (SSL_kEDH | SSL_kDHr | SSL_kDHd)) {
+        n2s(p, i);
+        if (n != i + 2) {
+            if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) {
+                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                       SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
+                goto err;
+            } else {
+                p -= 2;
+                i = (int)n;
+            }
+        }
+
+        if (n == 0L) {          /* the parameters are in the cert */
+            al = SSL_AD_HANDSHAKE_FAILURE;
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                   SSL_R_UNABLE_TO_DECODE_DH_CERTS);
+            goto f_err;
+        } else {
+            if (s->s3->tmp.dh == NULL) {
+                al = SSL_AD_HANDSHAKE_FAILURE;
+                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                       SSL_R_MISSING_TMP_DH_KEY);
+                goto f_err;
+            } else
+                dh_srvr = s->s3->tmp.dh;
+        }
+
+        pub = BN_bin2bn(p, i, NULL);
+        if (pub == NULL) {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_BN_LIB);
+            goto err;
+        }
+
+        i = DH_compute_key(p, pub, dh_srvr);
+
+        if (i <= 0) {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
+            BN_clear_free(pub);
+            goto err;
+        }
+
+        DH_free(s->s3->tmp.dh);
+        s->s3->tmp.dh = NULL;
+
+        BN_clear_free(pub);
+        pub = NULL;
+        s->session->master_key_length =
+            s->method->ssl3_enc->generate_master_secret(s,
+                                                        s->
+                                                        session->master_key,
+                                                        p, i);
+        OPENSSL_cleanse(p, i);
+    } else
+#endif
+#ifndef OPENSSL_NO_KRB5
+    if (alg_k & SSL_kKRB5) {
+        krb5_error_code krb5rc;
+        krb5_data enc_ticket;
+        krb5_data authenticator;
+        krb5_data enc_pms;
+        KSSL_CTX *kssl_ctx = s->kssl_ctx;
+        EVP_CIPHER_CTX ciph_ctx;
+        const EVP_CIPHER *enc = NULL;
+        unsigned char iv[EVP_MAX_IV_LENGTH];
+        unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH + EVP_MAX_BLOCK_LENGTH];
+        int padl, outl;
+        krb5_timestamp authtime = 0;
+        krb5_ticket_times ttimes;
+        int kerr = 0;
+
+        EVP_CIPHER_CTX_init(&ciph_ctx);
+
+        if (!kssl_ctx)
+            kssl_ctx = kssl_ctx_new();
+
+        n2s(p, i);
+        enc_ticket.length = i;
+
+        if (n < (long)(enc_ticket.length + 6)) {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                   SSL_R_DATA_LENGTH_TOO_LONG);
+            goto err;
+        }
+
+        enc_ticket.data = (char *)p;
+        p += enc_ticket.length;
+
+        n2s(p, i);
+        authenticator.length = i;
+
+        if (n < (long)(enc_ticket.length + authenticator.length + 6)) {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                   SSL_R_DATA_LENGTH_TOO_LONG);
+            goto err;
+        }
+
+        authenticator.data = (char *)p;
+        p += authenticator.length;
+
+        n2s(p, i);
+        enc_pms.length = i;
+        enc_pms.data = (char *)p;
+        p += enc_pms.length;
+
+        /*
+         * Note that the length is checked again below, ** after decryption
+         */
+        if (enc_pms.length > sizeof pms) {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                   SSL_R_DATA_LENGTH_TOO_LONG);
+            goto err;
+        }
+
+        if (n != (long)(enc_ticket.length + authenticator.length +
+                        enc_pms.length + 6)) {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                   SSL_R_DATA_LENGTH_TOO_LONG);
+            goto err;
+        }
+
+        if ((krb5rc = kssl_sget_tkt(kssl_ctx, &enc_ticket, &ttimes,
+                                    &kssl_err)) != 0) {
+# ifdef KSSL_DEBUG
+            fprintf(stderr, "kssl_sget_tkt rtn %d [%d]\n",
+                    krb5rc, kssl_err.reason);
+            if (kssl_err.text)
+                fprintf(stderr, "kssl_err text= %s\n", kssl_err.text);
+# endif                         /* KSSL_DEBUG */
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, kssl_err.reason);
+            goto err;
+        }
+
+        /*
+         * Note: no authenticator is not considered an error, ** but will
+         * return authtime == 0.
+         */
+        if ((krb5rc = kssl_check_authent(kssl_ctx, &authenticator,
+                                         &authtime, &kssl_err)) != 0) {
+# ifdef KSSL_DEBUG
+            fprintf(stderr, "kssl_check_authent rtn %d [%d]\n",
+                    krb5rc, kssl_err.reason);
+            if (kssl_err.text)
+                fprintf(stderr, "kssl_err text= %s\n", kssl_err.text);
+# endif                         /* KSSL_DEBUG */
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, kssl_err.reason);
+            goto err;
+        }
+
+        if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0) {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, krb5rc);
+            goto err;
+        }
+# ifdef KSSL_DEBUG
+        kssl_ctx_show(kssl_ctx);
+# endif                         /* KSSL_DEBUG */
+
+        enc = kssl_map_enc(kssl_ctx->enctype);
+        if (enc == NULL)
+            goto err;
+
+        memset(iv, 0, sizeof iv); /* per RFC 1510 */
+
+        if (!EVP_DecryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv)) {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                   SSL_R_DECRYPTION_FAILED);
+            goto err;
+        }
+        if (!EVP_DecryptUpdate(&ciph_ctx, pms, &outl,
+                               (unsigned char *)enc_pms.data, enc_pms.length))
+        {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                   SSL_R_DECRYPTION_FAILED);
+            kerr = 1;
+            goto kclean;
+        }
+        if (outl > SSL_MAX_MASTER_KEY_LENGTH) {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                   SSL_R_DATA_LENGTH_TOO_LONG);
+            kerr = 1;
+            goto kclean;
+        }
+        if (!EVP_DecryptFinal_ex(&ciph_ctx, &(pms[outl]), &padl)) {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                   SSL_R_DECRYPTION_FAILED);
+            kerr = 1;
+            goto kclean;
+        }
+        outl += padl;
+        if (outl > SSL_MAX_MASTER_KEY_LENGTH) {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                   SSL_R_DATA_LENGTH_TOO_LONG);
+            kerr = 1;
+            goto kclean;
+        }
+        if (!((pms[0] == (s->client_version >> 8))
+              && (pms[1] == (s->client_version & 0xff)))) {
+            /*
+             * The premaster secret must contain the same version number as
+             * the ClientHello to detect version rollback attacks (strangely,
+             * the protocol does not offer such protection for DH
+             * ciphersuites). However, buggy clients exist that send random
+             * bytes instead of the protocol version. If
+             * SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients.
+             * (Perhaps we should have a separate BUG value for the Kerberos
+             * cipher)
+             */
+            if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG)) {
+                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                       SSL_AD_DECODE_ERROR);
+                kerr = 1;
+                goto kclean;
+            }
+        }
+
+        EVP_CIPHER_CTX_cleanup(&ciph_ctx);
+
+        s->session->master_key_length =
+            s->method->ssl3_enc->generate_master_secret(s,
+                                                        s->
+                                                        session->master_key,
+                                                        pms, outl);
+
+        if (kssl_ctx->client_princ) {
+            size_t len = strlen(kssl_ctx->client_princ);
+            if (len < SSL_MAX_KRB5_PRINCIPAL_LENGTH) {
+                s->session->krb5_client_princ_len = len;
+                memcpy(s->session->krb5_client_princ, kssl_ctx->client_princ,
+                       len);
+            }
+        }
+
+        /*- Was doing kssl_ctx_free() here,
+         *  but it caused problems for apache.
+         *  kssl_ctx = kssl_ctx_free(kssl_ctx);
+         *  if (s->kssl_ctx)  s->kssl_ctx = NULL;
+         */
+
+ kclean:
+        OPENSSL_cleanse(pms, sizeof(pms));
+        if (kerr)
+            goto err;
+    } else
+#endif                          /* OPENSSL_NO_KRB5 */
+
+#ifndef OPENSSL_NO_ECDH
+    if (alg_k & (SSL_kEECDH | SSL_kECDHr | SSL_kECDHe)) {
+        int ret = 1;
+        int field_size = 0;
+        const EC_KEY *tkey;
+        const EC_GROUP *group;
+        const BIGNUM *priv_key;
+
+        /* initialize structures for server's ECDH key pair */
+        if ((srvr_ecdh = EC_KEY_new()) == NULL) {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        /* Let's get server private key and group information */
+        if (alg_k & (SSL_kECDHr | SSL_kECDHe)) {
+            /* use the certificate */
+            tkey = s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec;
+        } else {
+            /*
+             * use the ephermeral values we saved when generating the
+             * ServerKeyExchange msg.
+             */
+            tkey = s->s3->tmp.ecdh;
+        }
+
+        group = EC_KEY_get0_group(tkey);
+        priv_key = EC_KEY_get0_private_key(tkey);
+
+        if (!EC_KEY_set_group(srvr_ecdh, group) ||
+            !EC_KEY_set_private_key(srvr_ecdh, priv_key)) {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
+            goto err;
+        }
+
+        /* Let's get client's public key */
+        if ((clnt_ecpoint = EC_POINT_new(group)) == NULL) {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        if (n == 0L) {
+            /* Client Publickey was in Client Certificate */
+
+            if (alg_k & SSL_kEECDH) {
+                al = SSL_AD_HANDSHAKE_FAILURE;
+                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                       SSL_R_MISSING_TMP_ECDH_KEY);
+                goto f_err;
+            }
+            if (((clnt_pub_pkey = X509_get_pubkey(s->session->peer))
+                 == NULL) || (clnt_pub_pkey->type != EVP_PKEY_EC)) {
+                /*
+                 * XXX: For now, we do not support client authentication
+                 * using ECDH certificates so this branch (n == 0L) of the
+                 * code is never executed. When that support is added, we
+                 * ought to ensure the key received in the certificate is
+                 * authorized for key agreement. ECDH_compute_key implicitly
+                 * checks that the two ECDH shares are for the same group.
+                 */
+                al = SSL_AD_HANDSHAKE_FAILURE;
+                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                       SSL_R_UNABLE_TO_DECODE_ECDH_CERTS);
+                goto f_err;
+            }
+
+            if (EC_POINT_copy(clnt_ecpoint,
+                              EC_KEY_get0_public_key(clnt_pub_pkey->
+                                                     pkey.ec)) == 0) {
+                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
+                goto err;
+            }
+            ret = 2;            /* Skip certificate verify processing */
+        } else {
+            /*
+             * Get client's public key from encoded point in the
+             * ClientKeyExchange message.
+             */
+            if ((bn_ctx = BN_CTX_new()) == NULL) {
+                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                       ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+
+            /* Get encoded point length */
+            i = *p;
+            p += 1;
+            if (n != 1 + i) {
+                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
+                goto err;
+            }
+            if (EC_POINT_oct2point(group, clnt_ecpoint, p, i, bn_ctx) == 0) {
+                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
+                goto err;
+            }
+            /*
+             * p is pointing to somewhere in the buffer currently, so set it
+             * to the start
+             */
+            p = (unsigned char *)s->init_buf->data;
+        }
+
+        /* Compute the shared pre-master secret */
+        field_size = EC_GROUP_get_degree(group);
+        if (field_size <= 0) {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
+            goto err;
+        }
+        i = ECDH_compute_key(p, (field_size + 7) / 8, clnt_ecpoint, srvr_ecdh,
+                             NULL);
+        if (i <= 0) {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
+            goto err;
+        }
+
+        EVP_PKEY_free(clnt_pub_pkey);
+        EC_POINT_free(clnt_ecpoint);
+        EC_KEY_free(srvr_ecdh);
+        BN_CTX_free(bn_ctx);
+        EC_KEY_free(s->s3->tmp.ecdh);
+        s->s3->tmp.ecdh = NULL;
+
+        /* Compute the master secret */
+        s->session->master_key_length =
+            s->method->ssl3_enc->generate_master_secret(s,
+                                                        s->
+                                                        session->master_key,
+                                                        p, i);
+
+        OPENSSL_cleanse(p, i);
+        return (ret);
+    } else
+#endif
+#ifndef OPENSSL_NO_PSK
+    if (alg_k & SSL_kPSK) {
+        unsigned char *t = NULL;
+        unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN * 2 + 4];
+        unsigned int pre_ms_len = 0, psk_len = 0;
+        int psk_err = 1;
+        char tmp_id[PSK_MAX_IDENTITY_LEN + 1];
+
+        al = SSL_AD_HANDSHAKE_FAILURE;
+
+        n2s(p, i);
+        if (n != i + 2) {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH);
+            goto psk_err;
+        }
+        if (i > PSK_MAX_IDENTITY_LEN) {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                   SSL_R_DATA_LENGTH_TOO_LONG);
+            goto psk_err;
+        }
+        if (s->psk_server_callback == NULL) {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                   SSL_R_PSK_NO_SERVER_CB);
+            goto psk_err;
+        }
+
+        /*
+         * Create guaranteed NULL-terminated identity string for the callback
+         */
+        memcpy(tmp_id, p, i);
+        memset(tmp_id + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i);
+        psk_len = s->psk_server_callback(s, tmp_id,
+                                         psk_or_pre_ms,
+                                         sizeof(psk_or_pre_ms));
+        OPENSSL_cleanse(tmp_id, PSK_MAX_IDENTITY_LEN + 1);
+
+        if (psk_len > PSK_MAX_PSK_LEN) {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+            goto psk_err;
+        } else if (psk_len == 0) {
+            /*
+             * PSK related to the given identity not found
+             */
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                   SSL_R_PSK_IDENTITY_NOT_FOUND);
+            al = SSL_AD_UNKNOWN_PSK_IDENTITY;
+            goto psk_err;
+        }
+
+        /* create PSK pre_master_secret */
+        pre_ms_len = 2 + psk_len + 2 + psk_len;
+        t = psk_or_pre_ms;
+        memmove(psk_or_pre_ms + psk_len + 4, psk_or_pre_ms, psk_len);
+        s2n(psk_len, t);
+        memset(t, 0, psk_len);
+        t += psk_len;
+        s2n(psk_len, t);
+
+        if (s->session->psk_identity != NULL)
+            OPENSSL_free(s->session->psk_identity);
+        s->session->psk_identity = BUF_strndup((char *)p, i);
+        if (s->session->psk_identity == NULL) {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+            goto psk_err;
+        }
+
+        if (s->session->psk_identity_hint != NULL)
+            OPENSSL_free(s->session->psk_identity_hint);
+        s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
+        if (s->ctx->psk_identity_hint != NULL &&
+            s->session->psk_identity_hint == NULL) {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+            goto psk_err;
+        }
+
+        s->session->master_key_length =
+            s->method->ssl3_enc->generate_master_secret(s,
+                                                        s->
+                                                        session->master_key,
+                                                        psk_or_pre_ms,
+                                                        pre_ms_len);
+        psk_err = 0;
+ psk_err:
+        OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
+        if (psk_err != 0)
+            goto f_err;
+    } else
+#endif
+#ifndef OPENSSL_NO_SRP
+    if (alg_k & SSL_kSRP) {
+        int param_len;
+
+        n2s(p, i);
+        param_len = i + 2;
+        if (param_len > n) {
+            al = SSL_AD_DECODE_ERROR;
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                   SSL_R_BAD_SRP_A_LENGTH);
+            goto f_err;
+        }
+        if (!(s->srp_ctx.A = BN_bin2bn(p, i, NULL))) {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_BN_LIB);
+            goto err;
+        }
+        if (BN_ucmp(s->srp_ctx.A, s->srp_ctx.N) >= 0
+            || BN_is_zero(s->srp_ctx.A)) {
+            al = SSL_AD_ILLEGAL_PARAMETER;
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                   SSL_R_BAD_SRP_PARAMETERS);
+            goto f_err;
+        }
+        if (s->session->srp_username != NULL)
+            OPENSSL_free(s->session->srp_username);
+        s->session->srp_username = BUF_strdup(s->srp_ctx.login);
+        if (s->session->srp_username == NULL) {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        if ((s->session->master_key_length =
+             SRP_generate_server_master_secret(s,
+                                               s->session->master_key)) < 0) {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        p += i;
+    } else
+#endif                          /* OPENSSL_NO_SRP */
+    if (alg_k & SSL_kGOST) {
+        int ret = 0;
+        EVP_PKEY_CTX *pkey_ctx;
+        EVP_PKEY *client_pub_pkey = NULL, *pk = NULL;
+        unsigned char premaster_secret[32], *start;
+        size_t outlen = 32, inlen;
+        unsigned long alg_a;
+        int Ttag, Tclass;
+        long Tlen;
+
+        /* Get our certificate private key */
+        alg_a = s->s3->tmp.new_cipher->algorithm_auth;
+        if (alg_a & SSL_aGOST94)
+            pk = s->cert->pkeys[SSL_PKEY_GOST94].privatekey;
+        else if (alg_a & SSL_aGOST01)
+            pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
+
+        pkey_ctx = EVP_PKEY_CTX_new(pk, NULL);
+        if (pkey_ctx == NULL) {
+            al = SSL_AD_INTERNAL_ERROR;
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+            goto f_err;
+        }
+        if (EVP_PKEY_decrypt_init(pkey_ctx) <= 0) {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+            goto gerr;
+        }
+        /*
+         * If client certificate is present and is of the same type, maybe
+         * use it for key exchange.  Don't mind errors from
+         * EVP_PKEY_derive_set_peer, because it is completely valid to use a
+         * client certificate for authorization only.
+         */
+        client_pub_pkey = X509_get_pubkey(s->session->peer);
+        if (client_pub_pkey) {
+            if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pub_pkey) <= 0)
+                ERR_clear_error();
+        }
+        /* Decrypt session key */
+        if (ASN1_get_object
+            ((const unsigned char **)&p, &Tlen, &Ttag, &Tclass,
+             n) != V_ASN1_CONSTRUCTED || Ttag != V_ASN1_SEQUENCE
+            || Tclass != V_ASN1_UNIVERSAL) {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                   SSL_R_DECRYPTION_FAILED);
+            goto gerr;
+        }
+        start = p;
+        inlen = Tlen;
+        if (EVP_PKEY_decrypt
+            (pkey_ctx, premaster_secret, &outlen, start, inlen) <= 0) {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                   SSL_R_DECRYPTION_FAILED);
+            goto gerr;
+        }
+        /* Generate master secret */
+        s->session->master_key_length =
+            s->method->ssl3_enc->generate_master_secret(s,
+                                                        s->
+                                                        session->master_key,
+                                                        premaster_secret, 32);
+        OPENSSL_cleanse(premaster_secret, sizeof(premaster_secret));
+        /* Check if pubkey from client certificate was used */
+        if (EVP_PKEY_CTX_ctrl
+            (pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
+            ret = 2;
+        else
+            ret = 1;
+ gerr:
+        EVP_PKEY_free(client_pub_pkey);
+        EVP_PKEY_CTX_free(pkey_ctx);
+        if (ret)
+            return ret;
+        else
+            goto err;
+    } else {
+        al = SSL_AD_HANDSHAKE_FAILURE;
+        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_UNKNOWN_CIPHER_TYPE);
+        goto f_err;
+    }
+
+    return (1);
+ f_err:
+    ssl3_send_alert(s, SSL3_AL_FATAL, al);
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_ECDH) || defined(OPENSSL_NO_SRP)
+ err:
+#endif
+#ifndef OPENSSL_NO_ECDH
+    EVP_PKEY_free(clnt_pub_pkey);
+    EC_POINT_free(clnt_ecpoint);
+    if (srvr_ecdh != NULL)
+        EC_KEY_free(srvr_ecdh);
+    BN_CTX_free(bn_ctx);
+#endif
+    s->state = SSL_ST_ERR;
+    return (-1);
+}
+
+int ssl3_get_cert_verify(SSL *s)
+{
+    EVP_PKEY *pkey = NULL;
+    unsigned char *p;
+    int al, ok, ret = 0;
+    long n;
+    int type = 0, i, j;
+    X509 *peer;
+    const EVP_MD *md = NULL;
+    EVP_MD_CTX mctx;
+    EVP_MD_CTX_init(&mctx);
+
+    /*
+     * We should only process a CertificateVerify message if we have received
+     * a Certificate from the client. If so then |s->session->peer| will be non
+     * NULL. In some instances a CertificateVerify message is not required even
+     * if the peer has sent a Certificate (e.g. such as in the case of static
+     * DH). In that case the ClientKeyExchange processing will skip the
+     * CertificateVerify state so we should not arrive here.
+     */
+    if (s->session->peer == NULL) {
+        ret = 1;
+        goto end;
+    }
+
+    n = s->method->ssl_get_message(s,
+                                   SSL3_ST_SR_CERT_VRFY_A,
+                                   SSL3_ST_SR_CERT_VRFY_B,
+                                   SSL3_MT_CERTIFICATE_VERIFY,
+                                   SSL3_RT_MAX_PLAIN_LENGTH, &ok);
+
+    if (!ok)
+        return ((int)n);
+
+    peer = s->session->peer;
+    pkey = X509_get_pubkey(peer);
+    type = X509_certificate_type(peer, pkey);
+
+    if (!(type & EVP_PKT_SIGN)) {
+        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+               SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
+        al = SSL_AD_ILLEGAL_PARAMETER;
+        goto f_err;
+    }
+
+    /* we now have a signature that we need to verify */
+    p = (unsigned char *)s->init_msg;
+    /* Check for broken implementations of GOST ciphersuites */
+    /*
+     * If key is GOST and n is exactly 64, it is bare signature without
+     * length field
+     */
+    if (n == 64 && (pkey->type == NID_id_GostR3410_94 ||
+                    pkey->type == NID_id_GostR3410_2001)) {
+        i = 64;
+    } else {
+        if (TLS1_get_version(s) >= TLS1_2_VERSION) {
+            int sigalg = tls12_get_sigid(pkey);
+            /* Should never happen */
+            if (sigalg == -1) {
+                SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_INTERNAL_ERROR);
+                al = SSL_AD_INTERNAL_ERROR;
+                goto f_err;
+            }
+            /* Check key type is consistent with signature */
+            if (sigalg != (int)p[1]) {
+                SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+                       SSL_R_WRONG_SIGNATURE_TYPE);
+                al = SSL_AD_DECODE_ERROR;
+                goto f_err;
+            }
+            md = tls12_get_hash(p[0]);
+            if (md == NULL) {
+                SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_UNKNOWN_DIGEST);
+                al = SSL_AD_DECODE_ERROR;
+                goto f_err;
+            }
+#ifdef SSL_DEBUG
+            fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
+#endif
+            p += 2;
+            n -= 2;
+        }
+        n2s(p, i);
+        n -= 2;
+        if (i > n) {
+            SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_LENGTH_MISMATCH);
+            al = SSL_AD_DECODE_ERROR;
+            goto f_err;
+        }
+    }
+    j = EVP_PKEY_size(pkey);
+    if ((i > j) || (n > j) || (n <= 0)) {
+        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_WRONG_SIGNATURE_SIZE);
+        al = SSL_AD_DECODE_ERROR;
+        goto f_err;
+    }
+
+    if (TLS1_get_version(s) >= TLS1_2_VERSION) {
+        long hdatalen = 0;
+        void *hdata;
+        hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
+        if (hdatalen <= 0) {
+            SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_INTERNAL_ERROR);
+            al = SSL_AD_INTERNAL_ERROR;
+            goto f_err;
+        }
+#ifdef SSL_DEBUG
+        fprintf(stderr, "Using TLS 1.2 with client verify alg %s\n",
+                EVP_MD_name(md));
+#endif
+        if (!EVP_VerifyInit_ex(&mctx, md, NULL)
+            || !EVP_VerifyUpdate(&mctx, hdata, hdatalen)) {
+            SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_EVP_LIB);
+            al = SSL_AD_INTERNAL_ERROR;
+            goto f_err;
+        }
+
+        if (EVP_VerifyFinal(&mctx, p, i, pkey) <= 0) {
+            al = SSL_AD_DECRYPT_ERROR;
+            SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_SIGNATURE);
+            goto f_err;
+        }
+    } else
+#ifndef OPENSSL_NO_RSA
+    if (pkey->type == EVP_PKEY_RSA) {
+        i = RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
+                       MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, p, i,
+                       pkey->pkey.rsa);
+        if (i < 0) {
+            al = SSL_AD_DECRYPT_ERROR;
+            SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_RSA_DECRYPT);
+            goto f_err;
+        }
+        if (i == 0) {
+            al = SSL_AD_DECRYPT_ERROR;
+            SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_RSA_SIGNATURE);
+            goto f_err;
+        }
+    } else
+#endif
+#ifndef OPENSSL_NO_DSA
+    if (pkey->type == EVP_PKEY_DSA) {
+        j = DSA_verify(pkey->save_type,
+                       &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
+                       SHA_DIGEST_LENGTH, p, i, pkey->pkey.dsa);
+        if (j <= 0) {
+            /* bad signature */
+            al = SSL_AD_DECRYPT_ERROR;
+            SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_DSA_SIGNATURE);
+            goto f_err;
+        }
+    } else
+#endif
+#ifndef OPENSSL_NO_ECDSA
+    if (pkey->type == EVP_PKEY_EC) {
+        j = ECDSA_verify(pkey->save_type,
+                         &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
+                         SHA_DIGEST_LENGTH, p, i, pkey->pkey.ec);
+        if (j <= 0) {
+            /* bad signature */
+            al = SSL_AD_DECRYPT_ERROR;
+            SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_ECDSA_SIGNATURE);
+            goto f_err;
+        }
+    } else
+#endif
+    if (pkey->type == NID_id_GostR3410_94
+            || pkey->type == NID_id_GostR3410_2001) {
+        unsigned char signature[64];
+        int idx;
+        EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL);
+        if (pctx == NULL) {
+            al = SSL_AD_INTERNAL_ERROR;
+            SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_MALLOC_FAILURE);
+            goto f_err;
+        }
+        if (EVP_PKEY_verify_init(pctx) <= 0) {
+            EVP_PKEY_CTX_free(pctx);
+            al = SSL_AD_INTERNAL_ERROR;
+            SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_INTERNAL_ERROR);
+            goto f_err;
+        }
+        if (i != 64) {
+            fprintf(stderr, "GOST signature length is %d", i);
+        }
+        for (idx = 0; idx < 64; idx++) {
+            signature[63 - idx] = p[idx];
+        }
+        j = EVP_PKEY_verify(pctx, signature, 64, s->s3->tmp.cert_verify_md,
+                            32);
+        EVP_PKEY_CTX_free(pctx);
+        if (j <= 0) {
+            al = SSL_AD_DECRYPT_ERROR;
+            SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_ECDSA_SIGNATURE);
+            goto f_err;
+        }
+    } else {
+        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_INTERNAL_ERROR);
+        al = SSL_AD_UNSUPPORTED_CERTIFICATE;
+        goto f_err;
+    }
+
+    ret = 1;
+    if (0) {
+ f_err:
+        ssl3_send_alert(s, SSL3_AL_FATAL, al);
+        s->state = SSL_ST_ERR;
+    }
+ end:
+    if (s->s3->handshake_buffer) {
+        BIO_free(s->s3->handshake_buffer);
+        s->s3->handshake_buffer = NULL;
+        s->s3->flags &= ~TLS1_FLAGS_KEEP_HANDSHAKE;
+    }
+    EVP_MD_CTX_cleanup(&mctx);
+    EVP_PKEY_free(pkey);
+    return (ret);
+}
+
+int ssl3_get_client_certificate(SSL *s)
+{
+    int i, ok, al, ret = -1;
+    X509 *x = NULL;
+    unsigned long l, nc, llen, n;
+    const unsigned char *p, *q;
+    unsigned char *d;
+    STACK_OF(X509) *sk = NULL;
+
+    n = s->method->ssl_get_message(s,
+                                   SSL3_ST_SR_CERT_A,
+                                   SSL3_ST_SR_CERT_B,
+                                   -1, s->max_cert_list, &ok);
+
+    if (!ok)
+        return ((int)n);
+
+    if (s->s3->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) {
+        if ((s->verify_mode & SSL_VERIFY_PEER) &&
+            (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
+                   SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
+            al = SSL_AD_HANDSHAKE_FAILURE;
+            goto f_err;
+        }
+        /*
+         * If tls asked for a client cert, the client must return a 0 list
+         */
+        if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request) {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
+                   SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST);
+            al = SSL_AD_UNEXPECTED_MESSAGE;
+            goto f_err;
+        }
+        s->s3->tmp.reuse_message = 1;
+        return (1);
+    }
+
+    if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) {
+        al = SSL_AD_UNEXPECTED_MESSAGE;
+        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, SSL_R_WRONG_MESSAGE_TYPE);
+        goto f_err;
+    }
+    p = d = (unsigned char *)s->init_msg;
+
+    if ((sk = sk_X509_new_null()) == NULL) {
+        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    n2l3(p, llen);
+    if (llen + 3 != n) {
+        al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, SSL_R_LENGTH_MISMATCH);
+        goto f_err;
+    }
+    for (nc = 0; nc < llen;) {
+        if (nc + 3 > llen) {
+            al = SSL_AD_DECODE_ERROR;
+            SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
+                   SSL_R_CERT_LENGTH_MISMATCH);
+            goto f_err;
+        }
+        n2l3(p, l);
+        if ((l + nc + 3) > llen) {
+            al = SSL_AD_DECODE_ERROR;
+            SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
+                   SSL_R_CERT_LENGTH_MISMATCH);
+            goto f_err;
+        }
+
+        q = p;
+        x = d2i_X509(NULL, &p, l);
+        if (x == NULL) {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_ASN1_LIB);
+            goto err;
+        }
+        if (p != (q + l)) {
+            al = SSL_AD_DECODE_ERROR;
+            SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
+                   SSL_R_CERT_LENGTH_MISMATCH);
+            goto f_err;
+        }
+        if (!sk_X509_push(sk, x)) {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        x = NULL;
+        nc += l + 3;
+    }
+
+    if (sk_X509_num(sk) <= 0) {
+        /* TLS does not mind 0 certs returned */
+        if (s->version == SSL3_VERSION) {
+            al = SSL_AD_HANDSHAKE_FAILURE;
+            SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
+                   SSL_R_NO_CERTIFICATES_RETURNED);
+            goto f_err;
+        }
+        /* Fail for TLS only if we required a certificate */
+        else if ((s->verify_mode & SSL_VERIFY_PEER) &&
+                 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
+                   SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
+            al = SSL_AD_HANDSHAKE_FAILURE;
+            goto f_err;
+        }
+        /* No client certificate so digest cached records */
+        if (s->s3->handshake_buffer && !ssl3_digest_cached_records(s)) {
+            al = SSL_AD_INTERNAL_ERROR;
+            goto f_err;
+        }
+    } else {
+        i = ssl_verify_cert_chain(s, sk);
+        if (i <= 0) {
+            al = ssl_verify_alarm_type(s->verify_result);
+            SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
+                   SSL_R_NO_CERTIFICATE_RETURNED);
+            goto f_err;
+        }
+    }
+
+    if (s->session->peer != NULL) /* This should not be needed */
+        X509_free(s->session->peer);
+    s->session->peer = sk_X509_shift(sk);
+    s->session->verify_result = s->verify_result;
+
+    /*
+     * With the current implementation, sess_cert will always be NULL when we
+     * arrive here.
+     */
+    if (s->session->sess_cert == NULL) {
+        s->session->sess_cert = ssl_sess_cert_new();
+        if (s->session->sess_cert == NULL) {
+            SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+    if (s->session->sess_cert->cert_chain != NULL)
+        sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
+    s->session->sess_cert->cert_chain = sk;
+    /*
+     * Inconsistency alert: cert_chain does *not* include the peer's own
+     * certificate, while we do include it in s3_clnt.c
+     */
+
+    sk = NULL;
+
+    ret = 1;
+    if (0) {
+ f_err:
+        ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ err:
+        s->state = SSL_ST_ERR;
+    }
+
+    if (x != NULL)
+        X509_free(x);
+    if (sk != NULL)
+        sk_X509_pop_free(sk, X509_free);
+    return (ret);
+}
+
+int ssl3_send_server_certificate(SSL *s)
+{
+    unsigned long l;
+    X509 *x;
+
+    if (s->state == SSL3_ST_SW_CERT_A) {
+        x = ssl_get_server_send_cert(s);
+        if (x == NULL) {
+            /* VRS: allow null cert if auth == KRB5 */
+            if ((s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5) ||
+                (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5)) {
+                SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,
+                       ERR_R_INTERNAL_ERROR);
+                s->state = SSL_ST_ERR;
+                return (0);
+            }
+        }
+
+        l = ssl3_output_cert_chain(s, x);
+        if (!l) {
+            SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+            s->state = SSL_ST_ERR;
+            return (0);
+        }
+        s->state = SSL3_ST_SW_CERT_B;
+        s->init_num = (int)l;
+        s->init_off = 0;
+    }
+
+    /* SSL3_ST_SW_CERT_B */
+    return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+}
+
+#ifndef OPENSSL_NO_TLSEXT
+/* send a new session ticket (not necessarily for a new session) */
+int ssl3_send_newsession_ticket(SSL *s)
+{
+    unsigned char *senc = NULL;
+    EVP_CIPHER_CTX ctx;
+    HMAC_CTX hctx;
+
+    if (s->state == SSL3_ST_SW_SESSION_TICKET_A) {
+        unsigned char *p, *macstart;
+        const unsigned char *const_p;
+        int len, slen_full, slen;
+        SSL_SESSION *sess;
+        unsigned int hlen;
+        SSL_CTX *tctx = s->initial_ctx;
+        unsigned char iv[EVP_MAX_IV_LENGTH];
+        unsigned char key_name[16];
+
+        /* get session encoding length */
+        slen_full = i2d_SSL_SESSION(s->session, NULL);
+        /*
+         * Some length values are 16 bits, so forget it if session is too
+         * long
+         */
+        if (slen_full == 0 || slen_full > 0xFF00) {
+            s->state = SSL_ST_ERR;
+            return -1;
+        }
+        senc = OPENSSL_malloc(slen_full);
+        if (!senc) {
+            s->state = SSL_ST_ERR;
+            return -1;
+        }
+
+        EVP_CIPHER_CTX_init(&ctx);
+        HMAC_CTX_init(&hctx);
+
+        p = senc;
+        if (!i2d_SSL_SESSION(s->session, &p))
+            goto err;
+
+        /*
+         * create a fresh copy (not shared with other threads) to clean up
+         */
+        const_p = senc;
+        sess = d2i_SSL_SESSION(NULL, &const_p, slen_full);
+        if (sess == NULL)
+            goto err;
+        sess->session_id_length = 0; /* ID is irrelevant for the ticket */
+
+        slen = i2d_SSL_SESSION(sess, NULL);
+        if (slen == 0 || slen > slen_full) { /* shouldn't ever happen */
+            SSL_SESSION_free(sess);
+            goto err;
+        }
+        p = senc;
+        if (!i2d_SSL_SESSION(sess, &p)) {
+            SSL_SESSION_free(sess);
+            goto err;
+        }
+        SSL_SESSION_free(sess);
+
+        /*-
+         * Grow buffer if need be: the length calculation is as
+         * follows 1 (size of message name) + 3 (message length
+         * bytes) + 4 (ticket lifetime hint) + 2 (ticket length) +
+         * 16 (key name) + max_iv_len (iv length) +
+         * session_length + max_enc_block_size (max encrypted session
+         * length) + max_md_size (HMAC).
+         */
+        if (!BUF_MEM_grow(s->init_buf,
+                          26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH +
+                          EVP_MAX_MD_SIZE + slen))
+            goto err;
+
+        p = (unsigned char *)s->init_buf->data;
+        /* do the header */
+        *(p++) = SSL3_MT_NEWSESSION_TICKET;
+        /* Skip message length for now */
+        p += 3;
+        /*
+         * Initialize HMAC and cipher contexts. If callback present it does
+         * all the work otherwise use generated values from parent ctx.
+         */
+        if (tctx->tlsext_ticket_key_cb) {
+            if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
+                                           &hctx, 1) < 0)
+                goto err;
+        } else {
+            if (RAND_bytes(iv, 16) <= 0)
+                goto err;
+            if (!EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
+                                    tctx->tlsext_tick_aes_key, iv))
+                goto err;
+            if (!HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
+                              tlsext_tick_md(), NULL))
+                goto err;
+            memcpy(key_name, tctx->tlsext_tick_key_name, 16);
+        }
+
+        /*
+         * Ticket lifetime hint (advisory only): We leave this unspecified
+         * for resumed session (for simplicity), and guess that tickets for
+         * new sessions will live as long as their sessions.
+         */
+        l2n(s->hit ? 0 : s->session->timeout, p);
+
+        /* Skip ticket length for now */
+        p += 2;
+        /* Output key name */
+        macstart = p;
+        memcpy(p, key_name, 16);
+        p += 16;
+        /* output IV */
+        memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
+        p += EVP_CIPHER_CTX_iv_length(&ctx);
+        /* Encrypt session data */
+        if (!EVP_EncryptUpdate(&ctx, p, &len, senc, slen))
+            goto err;
+        p += len;
+        if (!EVP_EncryptFinal(&ctx, p, &len))
+            goto err;
+        p += len;
+
+        if (!HMAC_Update(&hctx, macstart, p - macstart))
+            goto err;
+        if (!HMAC_Final(&hctx, p, &hlen))
+            goto err;
+
+        EVP_CIPHER_CTX_cleanup(&ctx);
+        HMAC_CTX_cleanup(&hctx);
+
+        p += hlen;
+        /* Now write out lengths: p points to end of data written */
+        /* Total length */
+        len = p - (unsigned char *)s->init_buf->data;
+        p = (unsigned char *)s->init_buf->data + 1;
+        l2n3(len - 4, p);       /* Message length */
+        p += 4;
+        s2n(len - 10, p);       /* Ticket length */
+
+        /* number of bytes to write */
+        s->init_num = len;
+        s->state = SSL3_ST_SW_SESSION_TICKET_B;
+        s->init_off = 0;
+        OPENSSL_free(senc);
+    }
+
+    /* SSL3_ST_SW_SESSION_TICKET_B */
+    return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+ err:
+    if (senc)
+        OPENSSL_free(senc);
+    EVP_CIPHER_CTX_cleanup(&ctx);
+    HMAC_CTX_cleanup(&hctx);
+    s->state = SSL_ST_ERR;
+    return -1;
+}
+
+int ssl3_send_cert_status(SSL *s)
+{
+    if (s->state == SSL3_ST_SW_CERT_STATUS_A) {
+        unsigned char *p;
+        /*-
+         * Grow buffer if need be: the length calculation is as
+         * follows 1 (message type) + 3 (message length) +
+         * 1 (ocsp response type) + 3 (ocsp response length)
+         * + (ocsp response)
+         */
+        if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen)) {
+            s->state = SSL_ST_ERR;
+            return -1;
+        }
+
+        p = (unsigned char *)s->init_buf->data;
+
+        /* do the header */
+        *(p++) = SSL3_MT_CERTIFICATE_STATUS;
+        /* message length */
+        l2n3(s->tlsext_ocsp_resplen + 4, p);
+        /* status type */
+        *(p++) = s->tlsext_status_type;
+        /* length of OCSP response */
+        l2n3(s->tlsext_ocsp_resplen, p);
+        /* actual response */
+        memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen);
+        /* number of bytes to write */
+        s->init_num = 8 + s->tlsext_ocsp_resplen;
+        s->state = SSL3_ST_SW_CERT_STATUS_B;
+        s->init_off = 0;
+    }
+
+    /* SSL3_ST_SW_CERT_STATUS_B */
+    return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+}
+
+# ifndef OPENSSL_NO_NEXTPROTONEG
+/*
+ * ssl3_get_next_proto reads a Next Protocol Negotiation handshake message.
+ * It sets the next_proto member in s if found
+ */
+int ssl3_get_next_proto(SSL *s)
+{
+    int ok;
+    int proto_len, padding_len;
+    long n;
+    const unsigned char *p;
+
+    /*
+     * Clients cannot send a NextProtocol message if we didn't see the
+     * extension in their ClientHello
+     */
+    if (!s->s3->next_proto_neg_seen) {
+        SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,
+               SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION);
+        s->state = SSL_ST_ERR;
+        return -1;
+    }
+
+    /* See the payload format below */
+    n = s->method->ssl_get_message(s,
+                                   SSL3_ST_SR_NEXT_PROTO_A,
+                                   SSL3_ST_SR_NEXT_PROTO_B,
+                                   SSL3_MT_NEXT_PROTO, 514, &ok);
+
+    if (!ok)
+        return ((int)n);
+
+    /*
+     * s->state doesn't reflect whether ChangeCipherSpec has been received in
+     * this handshake, but s->s3->change_cipher_spec does (will be reset by
+     * ssl3_get_finished).
+     */
+    if (!s->s3->change_cipher_spec) {
+        SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS);
+        s->state = SSL_ST_ERR;
+        return -1;
+    }
+
+    if (n < 2) {
+        s->state = SSL_ST_ERR;
+        return 0;               /* The body must be > 1 bytes long */
+    }
+
+    p = (unsigned char *)s->init_msg;
+
+    /*-
+     * The payload looks like:
+     *   uint8 proto_len;
+     *   uint8 proto[proto_len];
+     *   uint8 padding_len;
+     *   uint8 padding[padding_len];
+     */
+    proto_len = p[0];
+    if (proto_len + 2 > s->init_num) {
+        s->state = SSL_ST_ERR;
+        return 0;
+    }
+    padding_len = p[proto_len + 1];
+    if (proto_len + padding_len + 2 != s->init_num) {
+        s->state = SSL_ST_ERR;
+        return 0;
+    }
+
+    s->next_proto_negotiated = OPENSSL_malloc(proto_len);
+    if (!s->next_proto_negotiated) {
+        SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, ERR_R_MALLOC_FAILURE);
+        s->state = SSL_ST_ERR;
+        return 0;
+    }
+    memcpy(s->next_proto_negotiated, p + 1, proto_len);
+    s->next_proto_negotiated_len = proto_len;
+
+    return 1;
+}
+# endif
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/ssl/ssl.h
===================================================================
--- vendor-crypto/openssl/dist/ssl/ssl.h	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/ssl/ssl.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,2770 +0,0 @@
-/* ssl/ssl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#ifndef HEADER_SSL_H
-# define HEADER_SSL_H
-
-# include <openssl/e_os2.h>
-
-# ifndef OPENSSL_NO_COMP
-#  include <openssl/comp.h>
-# endif
-# ifndef OPENSSL_NO_BIO
-#  include <openssl/bio.h>
-# endif
-# ifndef OPENSSL_NO_DEPRECATED
-#  ifndef OPENSSL_NO_X509
-#   include <openssl/x509.h>
-#  endif
-#  include <openssl/crypto.h>
-#  include <openssl/lhash.h>
-#  include <openssl/buffer.h>
-# endif
-# include <openssl/pem.h>
-# include <openssl/hmac.h>
-
-# include <openssl/kssl.h>
-# include <openssl/safestack.h>
-# include <openssl/symhacks.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* SSLeay version number for ASN.1 encoding of the session information */
-/*-
- * Version 0 - initial version
- * Version 1 - added the optional peer certificate
- */
-# define SSL_SESSION_ASN1_VERSION 0x0001
-
-/* text strings for the ciphers */
-# define SSL_TXT_NULL_WITH_MD5           SSL2_TXT_NULL_WITH_MD5
-# define SSL_TXT_RC4_128_WITH_MD5        SSL2_TXT_RC4_128_WITH_MD5
-# define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5
-# define SSL_TXT_RC2_128_CBC_WITH_MD5    SSL2_TXT_RC2_128_CBC_WITH_MD5
-# define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5
-# define SSL_TXT_IDEA_128_CBC_WITH_MD5   SSL2_TXT_IDEA_128_CBC_WITH_MD5
-# define SSL_TXT_DES_64_CBC_WITH_MD5     SSL2_TXT_DES_64_CBC_WITH_MD5
-# define SSL_TXT_DES_64_CBC_WITH_SHA     SSL2_TXT_DES_64_CBC_WITH_SHA
-# define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5
-# define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA
-
-/*
- * VRS Additional Kerberos5 entries
- */
-# define SSL_TXT_KRB5_DES_64_CBC_SHA   SSL3_TXT_KRB5_DES_64_CBC_SHA
-# define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
-# define SSL_TXT_KRB5_RC4_128_SHA      SSL3_TXT_KRB5_RC4_128_SHA
-# define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA
-# define SSL_TXT_KRB5_DES_64_CBC_MD5   SSL3_TXT_KRB5_DES_64_CBC_MD5
-# define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
-# define SSL_TXT_KRB5_RC4_128_MD5      SSL3_TXT_KRB5_RC4_128_MD5
-# define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5
-
-# define SSL_TXT_KRB5_DES_40_CBC_SHA   SSL3_TXT_KRB5_DES_40_CBC_SHA
-# define SSL_TXT_KRB5_RC2_40_CBC_SHA   SSL3_TXT_KRB5_RC2_40_CBC_SHA
-# define SSL_TXT_KRB5_RC4_40_SHA       SSL3_TXT_KRB5_RC4_40_SHA
-# define SSL_TXT_KRB5_DES_40_CBC_MD5   SSL3_TXT_KRB5_DES_40_CBC_MD5
-# define SSL_TXT_KRB5_RC2_40_CBC_MD5   SSL3_TXT_KRB5_RC2_40_CBC_MD5
-# define SSL_TXT_KRB5_RC4_40_MD5       SSL3_TXT_KRB5_RC4_40_MD5
-
-# define SSL_TXT_KRB5_DES_40_CBC_SHA   SSL3_TXT_KRB5_DES_40_CBC_SHA
-# define SSL_TXT_KRB5_DES_40_CBC_MD5   SSL3_TXT_KRB5_DES_40_CBC_MD5
-# define SSL_TXT_KRB5_DES_64_CBC_SHA   SSL3_TXT_KRB5_DES_64_CBC_SHA
-# define SSL_TXT_KRB5_DES_64_CBC_MD5   SSL3_TXT_KRB5_DES_64_CBC_MD5
-# define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
-# define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
-# define SSL_MAX_KRB5_PRINCIPAL_LENGTH  256
-
-# define SSL_MAX_SSL_SESSION_ID_LENGTH           32
-# define SSL_MAX_SID_CTX_LENGTH                  32
-
-# define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES     (512/8)
-# define SSL_MAX_KEY_ARG_LENGTH                  8
-# define SSL_MAX_MASTER_KEY_LENGTH               48
-
-/* These are used to specify which ciphers to use and not to use */
-
-# define SSL_TXT_EXP40           "EXPORT40"
-# define SSL_TXT_EXP56           "EXPORT56"
-# define SSL_TXT_LOW             "LOW"
-# define SSL_TXT_MEDIUM          "MEDIUM"
-# define SSL_TXT_HIGH            "HIGH"
-# define SSL_TXT_FIPS            "FIPS"
-
-# define SSL_TXT_kFZA            "kFZA"/* unused! */
-# define SSL_TXT_aFZA            "aFZA"/* unused! */
-# define SSL_TXT_eFZA            "eFZA"/* unused! */
-# define SSL_TXT_FZA             "FZA"/* unused! */
-
-# define SSL_TXT_aNULL           "aNULL"
-# define SSL_TXT_eNULL           "eNULL"
-# define SSL_TXT_NULL            "NULL"
-
-# define SSL_TXT_kRSA            "kRSA"
-# define SSL_TXT_kDHr            "kDHr"/* no such ciphersuites supported! */
-# define SSL_TXT_kDHd            "kDHd"/* no such ciphersuites supported! */
-# define SSL_TXT_kDH             "kDH"/* no such ciphersuites supported! */
-# define SSL_TXT_kEDH            "kEDH"
-# define SSL_TXT_kKRB5           "kKRB5"
-# define SSL_TXT_kECDHr          "kECDHr"
-# define SSL_TXT_kECDHe          "kECDHe"
-# define SSL_TXT_kECDH           "kECDH"
-# define SSL_TXT_kEECDH          "kEECDH"
-# define SSL_TXT_kPSK            "kPSK"
-# define SSL_TXT_kGOST           "kGOST"
-# define SSL_TXT_kSRP            "kSRP"
-
-# define SSL_TXT_aRSA            "aRSA"
-# define SSL_TXT_aDSS            "aDSS"
-# define SSL_TXT_aDH             "aDH"/* no such ciphersuites supported! */
-# define SSL_TXT_aECDH           "aECDH"
-# define SSL_TXT_aKRB5           "aKRB5"
-# define SSL_TXT_aECDSA          "aECDSA"
-# define SSL_TXT_aPSK            "aPSK"
-# define SSL_TXT_aGOST94 "aGOST94"
-# define SSL_TXT_aGOST01 "aGOST01"
-# define SSL_TXT_aGOST  "aGOST"
-# define SSL_TXT_aSRP            "aSRP"
-
-# define SSL_TXT_DSS             "DSS"
-# define SSL_TXT_DH              "DH"
-# define SSL_TXT_EDH             "EDH"/* same as "kEDH:-ADH" */
-# define SSL_TXT_ADH             "ADH"
-# define SSL_TXT_RSA             "RSA"
-# define SSL_TXT_ECDH            "ECDH"
-# define SSL_TXT_EECDH           "EECDH"/* same as "kEECDH:-AECDH" */
-# define SSL_TXT_AECDH           "AECDH"
-# define SSL_TXT_ECDSA           "ECDSA"
-# define SSL_TXT_KRB5            "KRB5"
-# define SSL_TXT_PSK             "PSK"
-# define SSL_TXT_SRP             "SRP"
-
-# define SSL_TXT_DES             "DES"
-# define SSL_TXT_3DES            "3DES"
-# define SSL_TXT_RC4             "RC4"
-# define SSL_TXT_RC2             "RC2"
-# define SSL_TXT_IDEA            "IDEA"
-# define SSL_TXT_SEED            "SEED"
-# define SSL_TXT_AES128          "AES128"
-# define SSL_TXT_AES256          "AES256"
-# define SSL_TXT_AES             "AES"
-# define SSL_TXT_AES_GCM         "AESGCM"
-# define SSL_TXT_CAMELLIA128     "CAMELLIA128"
-# define SSL_TXT_CAMELLIA256     "CAMELLIA256"
-# define SSL_TXT_CAMELLIA        "CAMELLIA"
-
-# define SSL_TXT_MD5             "MD5"
-# define SSL_TXT_SHA1            "SHA1"
-# define SSL_TXT_SHA             "SHA"/* same as "SHA1" */
-# define SSL_TXT_GOST94          "GOST94"
-# define SSL_TXT_GOST89MAC               "GOST89MAC"
-# define SSL_TXT_SHA256          "SHA256"
-# define SSL_TXT_SHA384          "SHA384"
-
-# define SSL_TXT_SSLV2           "SSLv2"
-# define SSL_TXT_SSLV3           "SSLv3"
-# define SSL_TXT_TLSV1           "TLSv1"
-# define SSL_TXT_TLSV1_1         "TLSv1.1"
-# define SSL_TXT_TLSV1_2         "TLSv1.2"
-
-# define SSL_TXT_EXP             "EXP"
-# define SSL_TXT_EXPORT          "EXPORT"
-
-# define SSL_TXT_ALL             "ALL"
-
-/*-
- * COMPLEMENTOF* definitions. These identifiers are used to (de-select)
- * ciphers normally not being used.
- * Example: "RC4" will activate all ciphers using RC4 including ciphers
- * without authentication, which would normally disabled by DEFAULT (due
- * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT"
- * will make sure that it is also disabled in the specific selection.
- * COMPLEMENTOF* identifiers are portable between version, as adjustments
- * to the default cipher setup will also be included here.
- *
- * COMPLEMENTOFDEFAULT does not experience the same special treatment that
- * DEFAULT gets, as only selection is being done and no sorting as needed
- * for DEFAULT.
- */
-# define SSL_TXT_CMPALL          "COMPLEMENTOFALL"
-# define SSL_TXT_CMPDEF          "COMPLEMENTOFDEFAULT"
-
-/*
- * The following cipher list is used by default. It also is substituted when
- * an application-defined cipher list string starts with 'DEFAULT'.
- */
-# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2"
-/*
- * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
- * starts with a reasonable order, and all we have to do for DEFAULT is
- * throwing out anonymous and unencrypted ciphersuites! (The latter are not
- * actually enabled by ALL, but "ALL:RSA" would enable some of them.)
- */
-
-/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
-# define SSL_SENT_SHUTDOWN       1
-# define SSL_RECEIVED_SHUTDOWN   2
-
-#ifdef __cplusplus
-}
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-# if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2)
-#  define OPENSSL_NO_SSL2
-# endif
-
-# define SSL_FILETYPE_ASN1       X509_FILETYPE_ASN1
-# define SSL_FILETYPE_PEM        X509_FILETYPE_PEM
-
-/*
- * This is needed to stop compilers complaining about the 'struct ssl_st *'
- * function parameters used to prototype callbacks in SSL_CTX.
- */
-typedef struct ssl_st *ssl_crock_st;
-typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
-typedef struct ssl_method_st SSL_METHOD;
-typedef struct ssl_cipher_st SSL_CIPHER;
-typedef struct ssl_session_st SSL_SESSION;
-
-DECLARE_STACK_OF(SSL_CIPHER)
-
-/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/
-typedef struct srtp_protection_profile_st {
-    const char *name;
-    unsigned long id;
-} SRTP_PROTECTION_PROFILE;
-
-DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE)
-
-typedef int (*tls_session_ticket_ext_cb_fn) (SSL *s,
-                                             const unsigned char *data,
-                                             int len, void *arg);
-typedef int (*tls_session_secret_cb_fn) (SSL *s, void *secret,
-                                         int *secret_len,
-                                         STACK_OF(SSL_CIPHER) *peer_ciphers,
-                                         SSL_CIPHER **cipher, void *arg);
-
-# ifndef OPENSSL_NO_SSL_INTERN
-
-/* used to hold info on the particular ciphers used */
-struct ssl_cipher_st {
-    int valid;
-    const char *name;           /* text name */
-    unsigned long id;           /* id, 4 bytes, first is version */
-    /*
-     * changed in 0.9.9: these four used to be portions of a single value
-     * 'algorithms'
-     */
-    unsigned long algorithm_mkey; /* key exchange algorithm */
-    unsigned long algorithm_auth; /* server authentication */
-    unsigned long algorithm_enc; /* symmetric encryption */
-    unsigned long algorithm_mac; /* symmetric authentication */
-    unsigned long algorithm_ssl; /* (major) protocol version */
-    unsigned long algo_strength; /* strength and export flags */
-    unsigned long algorithm2;   /* Extra flags */
-    int strength_bits;          /* Number of bits really used */
-    int alg_bits;               /* Number of bits for algorithm */
-};
-
-/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
-struct ssl_method_st {
-    int version;
-    int (*ssl_new) (SSL *s);
-    void (*ssl_clear) (SSL *s);
-    void (*ssl_free) (SSL *s);
-    int (*ssl_accept) (SSL *s);
-    int (*ssl_connect) (SSL *s);
-    int (*ssl_read) (SSL *s, void *buf, int len);
-    int (*ssl_peek) (SSL *s, void *buf, int len);
-    int (*ssl_write) (SSL *s, const void *buf, int len);
-    int (*ssl_shutdown) (SSL *s);
-    int (*ssl_renegotiate) (SSL *s);
-    int (*ssl_renegotiate_check) (SSL *s);
-    long (*ssl_get_message) (SSL *s, int st1, int stn, int mt, long
-                             max, int *ok);
-    int (*ssl_read_bytes) (SSL *s, int type, unsigned char *buf, int len,
-                           int peek);
-    int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, int len);
-    int (*ssl_dispatch_alert) (SSL *s);
-    long (*ssl_ctrl) (SSL *s, int cmd, long larg, void *parg);
-    long (*ssl_ctx_ctrl) (SSL_CTX *ctx, int cmd, long larg, void *parg);
-    const SSL_CIPHER *(*get_cipher_by_char) (const unsigned char *ptr);
-    int (*put_cipher_by_char) (const SSL_CIPHER *cipher, unsigned char *ptr);
-    int (*ssl_pending) (const SSL *s);
-    int (*num_ciphers) (void);
-    const SSL_CIPHER *(*get_cipher) (unsigned ncipher);
-    const struct ssl_method_st *(*get_ssl_method) (int version);
-    long (*get_timeout) (void);
-    struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
-    int (*ssl_version) (void);
-    long (*ssl_callback_ctrl) (SSL *s, int cb_id, void (*fp) (void));
-    long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void));
-};
-
-/*-
- * Lets make this into an ASN.1 type structure as follows
- * SSL_SESSION_ID ::= SEQUENCE {
- *      version                 INTEGER,        -- structure version number
- *      SSLversion              INTEGER,        -- SSL version number
- *      Cipher                  OCTET STRING,   -- the 3 byte cipher ID
- *      Session_ID              OCTET STRING,   -- the Session ID
- *      Master_key              OCTET STRING,   -- the master key
- *      KRB5_principal          OCTET STRING    -- optional Kerberos principal
- *      Key_Arg [ 0 ] IMPLICIT  OCTET STRING,   -- the optional Key argument
- *      Time [ 1 ] EXPLICIT     INTEGER,        -- optional Start Time
- *      Timeout [ 2 ] EXPLICIT  INTEGER,        -- optional Timeout ins seconds
- *      Peer [ 3 ] EXPLICIT     X509,           -- optional Peer Certificate
- *      Session_ID_context [ 4 ] EXPLICIT OCTET STRING,   -- the Session ID context
- *      Verify_result [ 5 ] EXPLICIT INTEGER,   -- X509_V_... code for `Peer'
- *      HostName [ 6 ] EXPLICIT OCTET STRING,   -- optional HostName from servername TLS extension
- *      PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
- *      PSK_identity [ 8 ] EXPLICIT OCTET STRING,  -- optional PSK identity
- *      Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket
- *      Ticket [10]             EXPLICIT OCTET STRING, -- session ticket (clients only)
- *      Compression_meth [11]   EXPLICIT OCTET STRING, -- optional compression method
- *      SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username
- *      }
- * Look in ssl/ssl_asn1.c for more details
- * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
- */
-struct ssl_session_st {
-    int ssl_version;            /* what ssl version session info is being
-                                 * kept in here? */
-    /* only really used in SSLv2 */
-    unsigned int key_arg_length;
-    unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH];
-    int master_key_length;
-    unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
-    /* session_id - valid? */
-    unsigned int session_id_length;
-    unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
-    /*
-     * this is used to determine whether the session is being reused in the
-     * appropriate context. It is up to the application to set this, via
-     * SSL_new
-     */
-    unsigned int sid_ctx_length;
-    unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-#  ifndef OPENSSL_NO_KRB5
-    unsigned int krb5_client_princ_len;
-    unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
-#  endif                        /* OPENSSL_NO_KRB5 */
-#  ifndef OPENSSL_NO_PSK
-    char *psk_identity_hint;
-    char *psk_identity;
-#  endif
-    /*
-     * Used to indicate that session resumption is not allowed. Applications
-     * can also set this bit for a new session via not_resumable_session_cb
-     * to disable session caching and tickets.
-     */
-    int not_resumable;
-    /* The cert is the certificate used to establish this connection */
-    struct sess_cert_st /* SESS_CERT */ *sess_cert;
-    /*
-     * This is the cert for the other end. On clients, it will be the same as
-     * sess_cert->peer_key->x509 (the latter is not enough as sess_cert is
-     * not retained in the external representation of sessions, see
-     * ssl_asn1.c).
-     */
-    X509 *peer;
-    /*
-     * when app_verify_callback accepts a session where the peer's
-     * certificate is not ok, we must remember the error for session reuse:
-     */
-    long verify_result;         /* only for servers */
-    int references;
-    long timeout;
-    long time;
-    unsigned int compress_meth; /* Need to lookup the method */
-    const SSL_CIPHER *cipher;
-    unsigned long cipher_id;    /* when ASN.1 loaded, this needs to be used
-                                 * to load the 'cipher' structure */
-    STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
-    CRYPTO_EX_DATA ex_data;     /* application specific data */
-    /*
-     * These are used to make removal of session-ids more efficient and to
-     * implement a maximum cache size.
-     */
-    struct ssl_session_st *prev, *next;
-#  ifndef OPENSSL_NO_TLSEXT
-    char *tlsext_hostname;
-#   ifndef OPENSSL_NO_EC
-    size_t tlsext_ecpointformatlist_length;
-    unsigned char *tlsext_ecpointformatlist; /* peer's list */
-    size_t tlsext_ellipticcurvelist_length;
-    unsigned char *tlsext_ellipticcurvelist; /* peer's list */
-#   endif                       /* OPENSSL_NO_EC */
-    /* RFC4507 info */
-    unsigned char *tlsext_tick; /* Session ticket */
-    size_t tlsext_ticklen;      /* Session ticket length */
-    long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
-#  endif
-#  ifndef OPENSSL_NO_SRP
-    char *srp_username;
-#  endif
-};
-
-# endif
-
-# define SSL_OP_MICROSOFT_SESS_ID_BUG                    0x00000001L
-# define SSL_OP_NETSCAPE_CHALLENGE_BUG                   0x00000002L
-/* Allow initial connection to servers that don't support RI */
-# define SSL_OP_LEGACY_SERVER_CONNECT                    0x00000004L
-# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG         0x00000008L
-# define SSL_OP_TLSEXT_PADDING                           0x00000010L
-# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER               0x00000020L
-# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG                   0x00000040L
-# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                 0x00000080L
-# define SSL_OP_TLS_D5_BUG                               0x00000100L
-# define SSL_OP_TLS_BLOCK_PADDING_BUG                    0x00000200L
-
-/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */
-# define SSL_OP_MSIE_SSLV2_RSA_PADDING                   0x0
-/* Refers to ancient SSLREF and SSLv2, retained for compatibility */
-# define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG              0x0
-
-/*
- * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added in
- * OpenSSL 0.9.6d.  Usually (depending on the application protocol) the
- * workaround is not needed.  Unfortunately some broken SSL/TLS
- * implementations cannot handle it at all, which is why we include it in
- * SSL_OP_ALL.
- */
-/* added in 0.9.6e */
-# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS              0x00000800L
-
-/*
- * SSL_OP_ALL: various bug workarounds that should be rather harmless.  This
- * used to be 0x000FFFFFL before 0.9.7.
- */
-# define SSL_OP_ALL                                      0x80000BFFL
-
-/* DTLS options */
-# define SSL_OP_NO_QUERY_MTU                 0x00001000L
-/* Turn on Cookie Exchange (on relevant for servers) */
-# define SSL_OP_COOKIE_EXCHANGE              0x00002000L
-/* Don't use RFC4507 ticket extension */
-# define SSL_OP_NO_TICKET                    0x00004000L
-/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client)  */
-# define SSL_OP_CISCO_ANYCONNECT             0x00008000L
-
-/* As server, disallow session resumption on renegotiation */
-# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION   0x00010000L
-/* Don't use compression even if supported */
-# define SSL_OP_NO_COMPRESSION                           0x00020000L
-/* Permit unsafe legacy renegotiation */
-# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION        0x00040000L
-/* If set, always create a new key when using tmp_ecdh parameters */
-# define SSL_OP_SINGLE_ECDH_USE                          0x00080000L
-/* If set, always create a new key when using tmp_dh parameters */
-# define SSL_OP_SINGLE_DH_USE                            0x00100000L
-/* Does nothing: retained for compatibiity */
-# define SSL_OP_EPHEMERAL_RSA                            0x0
-/*
- * Set on servers to choose the cipher according to the server's preferences
- */
-# define SSL_OP_CIPHER_SERVER_PREFERENCE                 0x00400000L
-/*
- * If set, a server will allow a client to issue a SSLv3.0 version number as
- * latest version supported in the premaster secret, even when TLSv1.0
- * (version 3.1) was announced in the client hello. Normally this is
- * forbidden to prevent version rollback attacks.
- */
-# define SSL_OP_TLS_ROLLBACK_BUG                         0x00800000L
-
-# define SSL_OP_NO_SSLv2                                 0x01000000L
-# define SSL_OP_NO_SSLv3                                 0x02000000L
-# define SSL_OP_NO_TLSv1                                 0x04000000L
-# define SSL_OP_NO_TLSv1_2                               0x08000000L
-# define SSL_OP_NO_TLSv1_1                               0x10000000L
-
-/*
- * These next two were never actually used for anything since SSLeay zap so
- * we have some more flags.
- */
-/*
- * The next flag deliberately changes the ciphertest, this is a check for the
- * PKCS#1 attack
- */
-# define SSL_OP_PKCS1_CHECK_1                            0x0
-# define SSL_OP_PKCS1_CHECK_2                            0x0
-
-# define SSL_OP_NETSCAPE_CA_DN_BUG                       0x20000000L
-# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG          0x40000000L
-/*
- * Make server add server-hello extension from early version of cryptopro
- * draft, when GOST ciphersuite is negotiated. Required for interoperability
- * with CryptoPro CSP 3.x
- */
-# define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     0x80000000L
-
-/*
- * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
- * when just a single record has been written):
- */
-# define SSL_MODE_ENABLE_PARTIAL_WRITE       0x00000001L
-/*
- * Make it possible to retry SSL_write() with changed buffer location (buffer
- * contents must stay the same!); this is not the default to avoid the
- * misconception that non-blocking SSL_write() behaves like non-blocking
- * write():
- */
-# define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
-/*
- * Never bother the application with retries if the transport is blocking:
- */
-# define SSL_MODE_AUTO_RETRY 0x00000004L
-/* Don't attempt to automatically build certificate chain */
-# define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
-/*
- * Save RAM by releasing read and write buffers when they're empty. (SSL3 and
- * TLS only.) "Released" buffers are put onto a free-list in the context or
- * just freed (depending on the context's setting for freelist_max_len).
- */
-# define SSL_MODE_RELEASE_BUFFERS 0x00000010L
-/*
- * Send the current time in the Random fields of the ClientHello and
- * ServerHello records for compatibility with hypothetical implementations
- * that require it.
- */
-# define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L
-# define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L
-/*
- * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications
- * that reconnect with a downgraded protocol version; see
- * draft-ietf-tls-downgrade-scsv-00 for details. DO NOT ENABLE THIS if your
- * application attempts a normal handshake. Only use this in explicit
- * fallback retries, following the guidance in
- * draft-ietf-tls-downgrade-scsv-00.
- */
-# define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L
-
-/*
- * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they
- * cannot be used to clear bits.
- */
-
-# define SSL_CTX_set_options(ctx,op) \
-        SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
-# define SSL_CTX_clear_options(ctx,op) \
-        SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
-# define SSL_CTX_get_options(ctx) \
-        SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)
-# define SSL_set_options(ssl,op) \
-        SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)
-# define SSL_clear_options(ssl,op) \
-        SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
-# define SSL_get_options(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)
-
-# define SSL_CTX_set_mode(ctx,op) \
-        SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
-# define SSL_CTX_clear_mode(ctx,op) \
-        SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL)
-# define SSL_CTX_get_mode(ctx) \
-        SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
-# define SSL_clear_mode(ssl,op) \
-        SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL)
-# define SSL_set_mode(ssl,op) \
-        SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
-# define SSL_get_mode(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
-# define SSL_set_mtu(ssl, mtu) \
-        SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
-# define DTLS_set_link_mtu(ssl, mtu) \
-        SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL)
-# define DTLS_get_link_min_mtu(ssl) \
-        SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL)
-
-# define SSL_get_secure_renegotiation_support(ssl) \
-        SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
-
-# ifndef OPENSSL_NO_HEARTBEATS
-#  define SSL_heartbeat(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_TLS_EXT_SEND_HEARTBEAT,0,NULL)
-# endif
-
-void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
-                              void (*cb) (int write_p, int version,
-                                          int content_type, const void *buf,
-                                          size_t len, SSL *ssl, void *arg));
-void SSL_set_msg_callback(SSL *ssl,
-                          void (*cb) (int write_p, int version,
-                                      int content_type, const void *buf,
-                                      size_t len, SSL *ssl, void *arg));
-# define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
-# define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
-
-# ifndef OPENSSL_NO_SRP
-
-#  ifndef OPENSSL_NO_SSL_INTERN
-
-typedef struct srp_ctx_st {
-    /* param for all the callbacks */
-    void *SRP_cb_arg;
-    /* set client Hello login callback */
-    int (*TLS_ext_srp_username_callback) (SSL *, int *, void *);
-    /* set SRP N/g param callback for verification */
-    int (*SRP_verify_param_callback) (SSL *, void *);
-    /* set SRP client passwd callback */
-    char *(*SRP_give_srp_client_pwd_callback) (SSL *, void *);
-    char *login;
-    BIGNUM *N, *g, *s, *B, *A;
-    BIGNUM *a, *b, *v;
-    char *info;
-    int strength;
-    unsigned long srp_Mask;
-} SRP_CTX;
-
-#  endif
-
-/* see tls_srp.c */
-int SSL_SRP_CTX_init(SSL *s);
-int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx);
-int SSL_SRP_CTX_free(SSL *ctx);
-int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx);
-int SSL_srp_server_param_with_username(SSL *s, int *ad);
-int SRP_generate_server_master_secret(SSL *s, unsigned char *master_key);
-int SRP_Calc_A_param(SSL *s);
-int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key);
-
-# endif
-
-# if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
-#  define SSL_MAX_CERT_LIST_DEFAULT 1024*30
-                                          /* 30k max cert list :-) */
-# else
-#  define SSL_MAX_CERT_LIST_DEFAULT 1024*100
-                                           /* 100k max cert list :-) */
-# endif
-
-# define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT      (1024*20)
-
-/*
- * This callback type is used inside SSL_CTX, SSL, and in the functions that
- * set them. It is used to override the generation of SSL/TLS session IDs in
- * a server. Return value should be zero on an error, non-zero to proceed.
- * Also, callbacks should themselves check if the id they generate is unique
- * otherwise the SSL handshake will fail with an error - callbacks can do
- * this using the 'ssl' value they're passed by;
- * SSL_has_matching_session_id(ssl, id, *id_len) The length value passed in
- * is set at the maximum size the session ID can be. In SSLv2 this is 16
- * bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback can alter this
- * length to be less if desired, but under SSLv2 session IDs are supposed to
- * be fixed at 16 bytes so the id will be padded after the callback returns
- * in this case. It is also an error for the callback to set the size to
- * zero.
- */
-typedef int (*GEN_SESSION_CB) (const SSL *ssl, unsigned char *id,
-                               unsigned int *id_len);
-
-typedef struct ssl_comp_st SSL_COMP;
-
-# ifndef OPENSSL_NO_SSL_INTERN
-
-struct ssl_comp_st {
-    int id;
-    const char *name;
-#  ifndef OPENSSL_NO_COMP
-    COMP_METHOD *method;
-#  else
-    char *method;
-#  endif
-};
-
-DECLARE_STACK_OF(SSL_COMP)
-DECLARE_LHASH_OF(SSL_SESSION);
-
-struct ssl_ctx_st {
-    const SSL_METHOD *method;
-    STACK_OF(SSL_CIPHER) *cipher_list;
-    /* same as above but sorted for lookup */
-    STACK_OF(SSL_CIPHER) *cipher_list_by_id;
-    struct x509_store_st /* X509_STORE */ *cert_store;
-    LHASH_OF(SSL_SESSION) *sessions;
-    /*
-     * Most session-ids that will be cached, default is
-     * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited.
-     */
-    unsigned long session_cache_size;
-    struct ssl_session_st *session_cache_head;
-    struct ssl_session_st *session_cache_tail;
-    /*
-     * This can have one of 2 values, ored together, SSL_SESS_CACHE_CLIENT,
-     * SSL_SESS_CACHE_SERVER, Default is SSL_SESSION_CACHE_SERVER, which
-     * means only SSL_accept which cache SSL_SESSIONS.
-     */
-    int session_cache_mode;
-    /*
-     * If timeout is not 0, it is the default timeout value set when
-     * SSL_new() is called.  This has been put in to make life easier to set
-     * things up
-     */
-    long session_timeout;
-    /*
-     * If this callback is not null, it will be called each time a session id
-     * is added to the cache.  If this function returns 1, it means that the
-     * callback will do a SSL_SESSION_free() when it has finished using it.
-     * Otherwise, on 0, it means the callback has finished with it. If
-     * remove_session_cb is not null, it will be called when a session-id is
-     * removed from the cache.  After the call, OpenSSL will
-     * SSL_SESSION_free() it.
-     */
-    int (*new_session_cb) (struct ssl_st *ssl, SSL_SESSION *sess);
-    void (*remove_session_cb) (struct ssl_ctx_st *ctx, SSL_SESSION *sess);
-    SSL_SESSION *(*get_session_cb) (struct ssl_st *ssl,
-                                    unsigned char *data, int len, int *copy);
-    struct {
-        int sess_connect;       /* SSL new conn - started */
-        int sess_connect_renegotiate; /* SSL reneg - requested */
-        int sess_connect_good;  /* SSL new conne/reneg - finished */
-        int sess_accept;        /* SSL new accept - started */
-        int sess_accept_renegotiate; /* SSL reneg - requested */
-        int sess_accept_good;   /* SSL accept/reneg - finished */
-        int sess_miss;          /* session lookup misses */
-        int sess_timeout;       /* reuse attempt on timeouted session */
-        int sess_cache_full;    /* session removed due to full cache */
-        int sess_hit;           /* session reuse actually done */
-        int sess_cb_hit;        /* session-id that was not in the cache was
-                                 * passed back via the callback.  This
-                                 * indicates that the application is
-                                 * supplying session-id's from other
-                                 * processes - spooky :-) */
-    } stats;
-
-    int references;
-
-    /* if defined, these override the X509_verify_cert() calls */
-    int (*app_verify_callback) (X509_STORE_CTX *, void *);
-    void *app_verify_arg;
-    /*
-     * before OpenSSL 0.9.7, 'app_verify_arg' was ignored
-     * ('app_verify_callback' was called with just one argument)
-     */
-
-    /* Default password callback. */
-    pem_password_cb *default_passwd_callback;
-
-    /* Default password callback user data. */
-    void *default_passwd_callback_userdata;
-
-    /* get client cert callback */
-    int (*client_cert_cb) (SSL *ssl, X509 **x509, EVP_PKEY **pkey);
-
-    /* cookie generate callback */
-    int (*app_gen_cookie_cb) (SSL *ssl, unsigned char *cookie,
-                              unsigned int *cookie_len);
-
-    /* verify cookie callback */
-    int (*app_verify_cookie_cb) (SSL *ssl, unsigned char *cookie,
-                                 unsigned int cookie_len);
-
-    CRYPTO_EX_DATA ex_data;
-
-    const EVP_MD *rsa_md5;      /* For SSLv2 - name is 'ssl2-md5' */
-    const EVP_MD *md5;          /* For SSLv3/TLSv1 'ssl3-md5' */
-    const EVP_MD *sha1;         /* For SSLv3/TLSv1 'ssl3->sha1' */
-
-    STACK_OF(X509) *extra_certs;
-    STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
-
-    /* Default values used when no per-SSL value is defined follow */
-
-    /* used if SSL's info_callback is NULL */
-    void (*info_callback) (const SSL *ssl, int type, int val);
-
-    /* what we put in client cert requests */
-    STACK_OF(X509_NAME) *client_CA;
-
-    /*
-     * Default values to use in SSL structures follow (these are copied by
-     * SSL_new)
-     */
-
-    unsigned long options;
-    unsigned long mode;
-    long max_cert_list;
-
-    struct cert_st /* CERT */ *cert;
-    int read_ahead;
-
-    /* callback that allows applications to peek at protocol messages */
-    void (*msg_callback) (int write_p, int version, int content_type,
-                          const void *buf, size_t len, SSL *ssl, void *arg);
-    void *msg_callback_arg;
-
-    int verify_mode;
-    unsigned int sid_ctx_length;
-    unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-    /* called 'verify_callback' in the SSL */
-    int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx);
-
-    /* Default generate session ID callback. */
-    GEN_SESSION_CB generate_session_id;
-
-    X509_VERIFY_PARAM *param;
-
-#  if 0
-    int purpose;                /* Purpose setting */
-    int trust;                  /* Trust setting */
-#  endif
-
-    int quiet_shutdown;
-
-    /*
-     * Maximum amount of data to send in one fragment. actual record size can
-     * be more than this due to padding and MAC overheads.
-     */
-    unsigned int max_send_fragment;
-
-#  ifndef OPENSSL_NO_ENGINE
-    /*
-     * Engine to pass requests for client certs to
-     */
-    ENGINE *client_cert_engine;
-#  endif
-
-#  ifndef OPENSSL_NO_TLSEXT
-    /* TLS extensions servername callback */
-    int (*tlsext_servername_callback) (SSL *, int *, void *);
-    void *tlsext_servername_arg;
-    /* RFC 4507 session ticket keys */
-    unsigned char tlsext_tick_key_name[16];
-    unsigned char tlsext_tick_hmac_key[16];
-    unsigned char tlsext_tick_aes_key[16];
-    /* Callback to support customisation of ticket key setting */
-    int (*tlsext_ticket_key_cb) (SSL *ssl,
-                                 unsigned char *name, unsigned char *iv,
-                                 EVP_CIPHER_CTX *ectx,
-                                 HMAC_CTX *hctx, int enc);
-
-    /* certificate status request info */
-    /* Callback for status request */
-    int (*tlsext_status_cb) (SSL *ssl, void *arg);
-    void *tlsext_status_arg;
-
-    /* draft-rescorla-tls-opaque-prf-input-00.txt information */
-    int (*tlsext_opaque_prf_input_callback) (SSL *, void *peerinput,
-                                             size_t len, void *arg);
-    void *tlsext_opaque_prf_input_callback_arg;
-#  endif
-
-#  ifndef OPENSSL_NO_PSK
-    char *psk_identity_hint;
-    unsigned int (*psk_client_callback) (SSL *ssl, const char *hint,
-                                         char *identity,
-                                         unsigned int max_identity_len,
-                                         unsigned char *psk,
-                                         unsigned int max_psk_len);
-    unsigned int (*psk_server_callback) (SSL *ssl, const char *identity,
-                                         unsigned char *psk,
-                                         unsigned int max_psk_len);
-#  endif
-
-#  ifndef OPENSSL_NO_BUF_FREELISTS
-#   define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32
-    unsigned int freelist_max_len;
-    struct ssl3_buf_freelist_st *wbuf_freelist;
-    struct ssl3_buf_freelist_st *rbuf_freelist;
-#  endif
-#  ifndef OPENSSL_NO_SRP
-    SRP_CTX srp_ctx;            /* ctx for SRP authentication */
-#  endif
-
-#  ifndef OPENSSL_NO_TLSEXT
-
-#   ifndef OPENSSL_NO_NEXTPROTONEG
-    /* Next protocol negotiation information */
-    /* (for experimental NPN extension). */
-
-    /*
-     * For a server, this contains a callback function by which the set of
-     * advertised protocols can be provided.
-     */
-    int (*next_protos_advertised_cb) (SSL *s, const unsigned char **buf,
-                                      unsigned int *len, void *arg);
-    void *next_protos_advertised_cb_arg;
-    /*
-     * For a client, this contains a callback function that selects the next
-     * protocol from the list provided by the server.
-     */
-    int (*next_proto_select_cb) (SSL *s, unsigned char **out,
-                                 unsigned char *outlen,
-                                 const unsigned char *in,
-                                 unsigned int inlen, void *arg);
-    void *next_proto_select_cb_arg;
-#   endif
-    /* SRTP profiles we are willing to do from RFC 5764 */
-    STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
-#  endif
-};
-
-# endif
-
-# define SSL_SESS_CACHE_OFF                      0x0000
-# define SSL_SESS_CACHE_CLIENT                   0x0001
-# define SSL_SESS_CACHE_SERVER                   0x0002
-# define SSL_SESS_CACHE_BOTH     (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
-# define SSL_SESS_CACHE_NO_AUTO_CLEAR            0x0080
-/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
-# define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP       0x0100
-# define SSL_SESS_CACHE_NO_INTERNAL_STORE        0x0200
-# define SSL_SESS_CACHE_NO_INTERNAL \
-        (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
-
-LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx);
-# define SSL_CTX_sess_number(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
-# define SSL_CTX_sess_connect(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
-# define SSL_CTX_sess_connect_good(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
-# define SSL_CTX_sess_connect_renegotiate(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
-# define SSL_CTX_sess_accept(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
-# define SSL_CTX_sess_accept_renegotiate(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
-# define SSL_CTX_sess_accept_good(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
-# define SSL_CTX_sess_hits(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
-# define SSL_CTX_sess_cb_hits(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
-# define SSL_CTX_sess_misses(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
-# define SSL_CTX_sess_timeouts(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
-# define SSL_CTX_sess_cache_full(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
-
-void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
-                             int (*new_session_cb) (struct ssl_st *ssl,
-                                                    SSL_SESSION *sess));
-int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (struct ssl_st *ssl,
-                                              SSL_SESSION *sess);
-void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
-                                void (*remove_session_cb) (struct ssl_ctx_st
-                                                           *ctx,
-                                                           SSL_SESSION
-                                                           *sess));
-void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (struct ssl_ctx_st *ctx,
-                                                  SSL_SESSION *sess);
-void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
-                             SSL_SESSION *(*get_session_cb) (struct ssl_st
-                                                             *ssl,
-                                                             unsigned char
-                                                             *data, int len,
-                                                             int *copy));
-SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (struct ssl_st *ssl,
-                                                       unsigned char *Data,
-                                                       int len, int *copy);
-void SSL_CTX_set_info_callback(SSL_CTX *ctx,
-                               void (*cb) (const SSL *ssl, int type,
-                                           int val));
-void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type,
-                                                 int val);
-void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
-                                int (*client_cert_cb) (SSL *ssl, X509 **x509,
-                                                       EVP_PKEY **pkey));
-int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509,
-                                                 EVP_PKEY **pkey);
-# ifndef OPENSSL_NO_ENGINE
-int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
-# endif
-void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
-                                    int (*app_gen_cookie_cb) (SSL *ssl,
-                                                              unsigned char
-                                                              *cookie,
-                                                              unsigned int
-                                                              *cookie_len));
-void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
-                                  int (*app_verify_cookie_cb) (SSL *ssl,
-                                                               unsigned char
-                                                               *cookie,
-                                                               unsigned int
-                                                               cookie_len));
-# ifndef OPENSSL_NO_NEXTPROTONEG
-void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,
-                                           int (*cb) (SSL *ssl,
-                                                      const unsigned char
-                                                      **out,
-                                                      unsigned int *outlen,
-                                                      void *arg), void *arg);
-void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
-                                      int (*cb) (SSL *ssl,
-                                                 unsigned char **out,
-                                                 unsigned char *outlen,
-                                                 const unsigned char *in,
-                                                 unsigned int inlen,
-                                                 void *arg), void *arg);
-
-int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
-                          const unsigned char *in, unsigned int inlen,
-                          const unsigned char *client,
-                          unsigned int client_len);
-void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
-                                    unsigned *len);
-
-#  define OPENSSL_NPN_UNSUPPORTED 0
-#  define OPENSSL_NPN_NEGOTIATED  1
-#  define OPENSSL_NPN_NO_OVERLAP  2
-# endif
-
-# ifndef OPENSSL_NO_PSK
-/*
- * the maximum length of the buffer given to callbacks containing the
- * resulting identity/psk
- */
-#  define PSK_MAX_IDENTITY_LEN 128
-#  define PSK_MAX_PSK_LEN 256
-void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
-                                     unsigned int (*psk_client_callback) (SSL
-                                                                          *ssl,
-                                                                          const
-                                                                          char
-                                                                          *hint,
-                                                                          char
-                                                                          *identity,
-                                                                          unsigned
-                                                                          int
-                                                                          max_identity_len,
-                                                                          unsigned
-                                                                          char
-                                                                          *psk,
-                                                                          unsigned
-                                                                          int
-                                                                          max_psk_len));
-void SSL_set_psk_client_callback(SSL *ssl,
-                                 unsigned int (*psk_client_callback) (SSL
-                                                                      *ssl,
-                                                                      const
-                                                                      char
-                                                                      *hint,
-                                                                      char
-                                                                      *identity,
-                                                                      unsigned
-                                                                      int
-                                                                      max_identity_len,
-                                                                      unsigned
-                                                                      char
-                                                                      *psk,
-                                                                      unsigned
-                                                                      int
-                                                                      max_psk_len));
-void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
-                                     unsigned int (*psk_server_callback) (SSL
-                                                                          *ssl,
-                                                                          const
-                                                                          char
-                                                                          *identity,
-                                                                          unsigned
-                                                                          char
-                                                                          *psk,
-                                                                          unsigned
-                                                                          int
-                                                                          max_psk_len));
-void SSL_set_psk_server_callback(SSL *ssl,
-                                 unsigned int (*psk_server_callback) (SSL
-                                                                      *ssl,
-                                                                      const
-                                                                      char
-                                                                      *identity,
-                                                                      unsigned
-                                                                      char
-                                                                      *psk,
-                                                                      unsigned
-                                                                      int
-                                                                      max_psk_len));
-int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint);
-int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint);
-const char *SSL_get_psk_identity_hint(const SSL *s);
-const char *SSL_get_psk_identity(const SSL *s);
-# endif
-
-# define SSL_NOTHING     1
-# define SSL_WRITING     2
-# define SSL_READING     3
-# define SSL_X509_LOOKUP 4
-
-/* These will only be used when doing non-blocking IO */
-# define SSL_want_nothing(s)     (SSL_want(s) == SSL_NOTHING)
-# define SSL_want_read(s)        (SSL_want(s) == SSL_READING)
-# define SSL_want_write(s)       (SSL_want(s) == SSL_WRITING)
-# define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
-
-# define SSL_MAC_FLAG_READ_MAC_STREAM 1
-# define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
-
-# ifndef OPENSSL_NO_SSL_INTERN
-
-struct ssl_st {
-    /*
-     * protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION,
-     * DTLS1_VERSION)
-     */
-    int version;
-    /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
-    int type;
-    /* SSLv3 */
-    const SSL_METHOD *method;
-    /*
-     * There are 2 BIO's even though they are normally both the same.  This
-     * is so data can be read and written to different handlers
-     */
-#  ifndef OPENSSL_NO_BIO
-    /* used by SSL_read */
-    BIO *rbio;
-    /* used by SSL_write */
-    BIO *wbio;
-    /* used during session-id reuse to concatenate messages */
-    BIO *bbio;
-#  else
-    /* used by SSL_read */
-    char *rbio;
-    /* used by SSL_write */
-    char *wbio;
-    char *bbio;
-#  endif
-    /*
-     * This holds a variable that indicates what we were doing when a 0 or -1
-     * is returned.  This is needed for non-blocking IO so we know what
-     * request needs re-doing when in SSL_accept or SSL_connect
-     */
-    int rwstate;
-    /* true when we are actually in SSL_accept() or SSL_connect() */
-    int in_handshake;
-    int (*handshake_func) (SSL *);
-    /*
-     * Imagine that here's a boolean member "init" that is switched as soon
-     * as SSL_set_{accept/connect}_state is called for the first time, so
-     * that "state" and "handshake_func" are properly initialized.  But as
-     * handshake_func is == 0 until then, we use this test instead of an
-     * "init" member.
-     */
-    /* are we the server side? - mostly used by SSL_clear */
-    int server;
-    /*
-     * Generate a new session or reuse an old one.
-     * NB: For servers, the 'new' session may actually be a previously
-     * cached session or even the previous session unless
-     * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set
-     */
-    int new_session;
-    /* don't send shutdown packets */
-    int quiet_shutdown;
-    /* we have shut things down, 0x01 sent, 0x02 for received */
-    int shutdown;
-    /* where we are */
-    int state;
-    /* where we are when reading */
-    int rstate;
-    BUF_MEM *init_buf;          /* buffer used during init */
-    void *init_msg;             /* pointer to handshake message body, set by
-                                 * ssl3_get_message() */
-    int init_num;               /* amount read/written */
-    int init_off;               /* amount read/written */
-    /* used internally to point at a raw packet */
-    unsigned char *packet;
-    unsigned int packet_length;
-    struct ssl2_state_st *s2;   /* SSLv2 variables */
-    struct ssl3_state_st *s3;   /* SSLv3 variables */
-    struct dtls1_state_st *d1;  /* DTLSv1 variables */
-    int read_ahead;             /* Read as many input bytes as possible (for
-                                 * non-blocking reads) */
-    /* callback that allows applications to peek at protocol messages */
-    void (*msg_callback) (int write_p, int version, int content_type,
-                          const void *buf, size_t len, SSL *ssl, void *arg);
-    void *msg_callback_arg;
-    int hit;                    /* reusing a previous session */
-    X509_VERIFY_PARAM *param;
-#  if 0
-    int purpose;                /* Purpose setting */
-    int trust;                  /* Trust setting */
-#  endif
-    /* crypto */
-    STACK_OF(SSL_CIPHER) *cipher_list;
-    STACK_OF(SSL_CIPHER) *cipher_list_by_id;
-    /*
-     * These are the ones being used, the ones in SSL_SESSION are the ones to
-     * be 'copied' into these ones
-     */
-    int mac_flags;
-    EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
-    EVP_MD_CTX *read_hash;      /* used for mac generation */
-#  ifndef OPENSSL_NO_COMP
-    COMP_CTX *expand;           /* uncompress */
-#  else
-    char *expand;
-#  endif
-    EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
-    EVP_MD_CTX *write_hash;     /* used for mac generation */
-#  ifndef OPENSSL_NO_COMP
-    COMP_CTX *compress;         /* compression */
-#  else
-    char *compress;
-#  endif
-    /* session info */
-    /* client cert? */
-    /* This is used to hold the server certificate used */
-    struct cert_st /* CERT */ *cert;
-    /*
-     * the session_id_context is used to ensure sessions are only reused in
-     * the appropriate context
-     */
-    unsigned int sid_ctx_length;
-    unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-    /* This can also be in the session once a session is established */
-    SSL_SESSION *session;
-    /* Default generate session ID callback. */
-    GEN_SESSION_CB generate_session_id;
-    /* Used in SSL2 and SSL3 */
-    /*
-     * 0 don't care about verify failure.
-     * 1 fail if verify fails
-     */
-    int verify_mode;
-    /* fail if callback returns 0 */
-    int (*verify_callback) (int ok, X509_STORE_CTX *ctx);
-    /* optional informational callback */
-    void (*info_callback) (const SSL *ssl, int type, int val);
-    /* error bytes to be written */
-    int error;
-    /* actual code */
-    int error_code;
-#  ifndef OPENSSL_NO_KRB5
-    /* Kerberos 5 context */
-    KSSL_CTX *kssl_ctx;
-#  endif                        /* OPENSSL_NO_KRB5 */
-#  ifndef OPENSSL_NO_PSK
-    unsigned int (*psk_client_callback) (SSL *ssl, const char *hint,
-                                         char *identity,
-                                         unsigned int max_identity_len,
-                                         unsigned char *psk,
-                                         unsigned int max_psk_len);
-    unsigned int (*psk_server_callback) (SSL *ssl, const char *identity,
-                                         unsigned char *psk,
-                                         unsigned int max_psk_len);
-#  endif
-    SSL_CTX *ctx;
-    /*
-     * set this flag to 1 and a sleep(1) is put into all SSL_read() and
-     * SSL_write() calls, good for nbio debuging :-)
-     */
-    int debug;
-    /* extra application data */
-    long verify_result;
-    CRYPTO_EX_DATA ex_data;
-    /* for server side, keep the list of CA_dn we can use */
-    STACK_OF(X509_NAME) *client_CA;
-    int references;
-    /* protocol behaviour */
-    unsigned long options;
-    /* API behaviour */
-    unsigned long mode;
-    long max_cert_list;
-    int first_packet;
-    /* what was passed, used for SSLv3/TLS rollback check */
-    int client_version;
-    unsigned int max_send_fragment;
-#  ifndef OPENSSL_NO_TLSEXT
-    /* TLS extension debug callback */
-    void (*tlsext_debug_cb) (SSL *s, int client_server, int type,
-                             unsigned char *data, int len, void *arg);
-    void *tlsext_debug_arg;
-    char *tlsext_hostname;
-    /*-
-     * no further mod of servername
-     * 0 : call the servername extension callback.
-     * 1 : prepare 2, allow last ack just after in server callback.
-     * 2 : don't call servername callback, no ack in server hello
-     */
-    int servername_done;
-    /* certificate status request info */
-    /* Status type or -1 if no status type */
-    int tlsext_status_type;
-    /* Expect OCSP CertificateStatus message */
-    int tlsext_status_expected;
-    /* OCSP status request only */
-    STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids;
-    X509_EXTENSIONS *tlsext_ocsp_exts;
-    /* OCSP response received or to be sent */
-    unsigned char *tlsext_ocsp_resp;
-    int tlsext_ocsp_resplen;
-    /* RFC4507 session ticket expected to be received or sent */
-    int tlsext_ticket_expected;
-#   ifndef OPENSSL_NO_EC
-    size_t tlsext_ecpointformatlist_length;
-    /* our list */
-    unsigned char *tlsext_ecpointformatlist;
-    size_t tlsext_ellipticcurvelist_length;
-    /* our list */
-    unsigned char *tlsext_ellipticcurvelist;
-#   endif                       /* OPENSSL_NO_EC */
-    /*
-     * draft-rescorla-tls-opaque-prf-input-00.txt information to be used for
-     * handshakes
-     */
-    void *tlsext_opaque_prf_input;
-    size_t tlsext_opaque_prf_input_len;
-    /* TLS Session Ticket extension override */
-    TLS_SESSION_TICKET_EXT *tlsext_session_ticket;
-    /* TLS Session Ticket extension callback */
-    tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb;
-    void *tls_session_ticket_ext_cb_arg;
-    /* TLS pre-shared secret session resumption */
-    tls_session_secret_cb_fn tls_session_secret_cb;
-    void *tls_session_secret_cb_arg;
-    SSL_CTX *initial_ctx;       /* initial ctx, used to store sessions */
-#   ifndef OPENSSL_NO_NEXTPROTONEG
-    /*
-     * Next protocol negotiation. For the client, this is the protocol that
-     * we sent in NextProtocol and is set when handling ServerHello
-     * extensions. For a server, this is the client's selected_protocol from
-     * NextProtocol and is set when handling the NextProtocol message, before
-     * the Finished message.
-     */
-    unsigned char *next_proto_negotiated;
-    unsigned char next_proto_negotiated_len;
-#   endif
-#   define session_ctx initial_ctx
-    /* What we'll do */
-    STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
-    /* What's been chosen */
-    SRTP_PROTECTION_PROFILE *srtp_profile;
-        /*-
-         * Is use of the Heartbeat extension negotiated?
-         * 0: disabled
-         * 1: enabled
-         * 2: enabled, but not allowed to send Requests
-         */
-    unsigned int tlsext_heartbeat;
-    /* Indicates if a HeartbeatRequest is in flight */
-    unsigned int tlsext_hb_pending;
-    /* HeartbeatRequest sequence number */
-    unsigned int tlsext_hb_seq;
-#  else
-#   define session_ctx ctx
-#  endif                        /* OPENSSL_NO_TLSEXT */
-    /*-
-     * 1 if we are renegotiating.
-     * 2 if we are a server and are inside a handshake
-     * (i.e. not just sending a HelloRequest)
-     */
-    int renegotiate;
-#  ifndef OPENSSL_NO_SRP
-    /* ctx for SRP authentication */
-    SRP_CTX srp_ctx;
-#  endif
-};
-
-# endif
-
-#ifdef __cplusplus
-}
-#endif
-
-# include <openssl/ssl2.h>
-# include <openssl/ssl3.h>
-# include <openssl/tls1.h>      /* This is mostly sslv3 with a few tweaks */
-# include <openssl/dtls1.h>     /* Datagram TLS */
-# include <openssl/ssl23.h>
-# include <openssl/srtp.h>      /* Support for the use_srtp extension */
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* compatibility */
-# define SSL_set_app_data(s,arg)         (SSL_set_ex_data(s,0,(char *)arg))
-# define SSL_get_app_data(s)             (SSL_get_ex_data(s,0))
-# define SSL_SESSION_set_app_data(s,a)   (SSL_SESSION_set_ex_data(s,0,(char *)a))
-# define SSL_SESSION_get_app_data(s)     (SSL_SESSION_get_ex_data(s,0))
-# define SSL_CTX_get_app_data(ctx)       (SSL_CTX_get_ex_data(ctx,0))
-# define SSL_CTX_set_app_data(ctx,arg)   (SSL_CTX_set_ex_data(ctx,0,(char *)arg))
-
-/*
- * The following are the possible values for ssl->state are are used to
- * indicate where we are up to in the SSL connection establishment. The
- * macros that follow are about the only things you should need to use and
- * even then, only when using non-blocking IO. It can also be useful to work
- * out where you were when the connection failed
- */
-
-# define SSL_ST_CONNECT                  0x1000
-# define SSL_ST_ACCEPT                   0x2000
-# define SSL_ST_MASK                     0x0FFF
-# define SSL_ST_INIT                     (SSL_ST_CONNECT|SSL_ST_ACCEPT)
-# define SSL_ST_BEFORE                   0x4000
-# define SSL_ST_OK                       0x03
-# define SSL_ST_RENEGOTIATE              (0x04|SSL_ST_INIT)
-# define SSL_ST_ERR                      0x05
-
-# define SSL_CB_LOOP                     0x01
-# define SSL_CB_EXIT                     0x02
-# define SSL_CB_READ                     0x04
-# define SSL_CB_WRITE                    0x08
-# define SSL_CB_ALERT                    0x4000/* used in callback */
-# define SSL_CB_READ_ALERT               (SSL_CB_ALERT|SSL_CB_READ)
-# define SSL_CB_WRITE_ALERT              (SSL_CB_ALERT|SSL_CB_WRITE)
-# define SSL_CB_ACCEPT_LOOP              (SSL_ST_ACCEPT|SSL_CB_LOOP)
-# define SSL_CB_ACCEPT_EXIT              (SSL_ST_ACCEPT|SSL_CB_EXIT)
-# define SSL_CB_CONNECT_LOOP             (SSL_ST_CONNECT|SSL_CB_LOOP)
-# define SSL_CB_CONNECT_EXIT             (SSL_ST_CONNECT|SSL_CB_EXIT)
-# define SSL_CB_HANDSHAKE_START          0x10
-# define SSL_CB_HANDSHAKE_DONE           0x20
-
-/* Is the SSL_connection established? */
-# define SSL_get_state(a)                SSL_state(a)
-# define SSL_is_init_finished(a)         (SSL_state(a) == SSL_ST_OK)
-# define SSL_in_init(a)                  (SSL_state(a)&SSL_ST_INIT)
-# define SSL_in_before(a)                (SSL_state(a)&SSL_ST_BEFORE)
-# define SSL_in_connect_init(a)          (SSL_state(a)&SSL_ST_CONNECT)
-# define SSL_in_accept_init(a)           (SSL_state(a)&SSL_ST_ACCEPT)
-
-/*
- * The following 2 states are kept in ssl->rstate when reads fail, you should
- * not need these
- */
-# define SSL_ST_READ_HEADER                      0xF0
-# define SSL_ST_READ_BODY                        0xF1
-# define SSL_ST_READ_DONE                        0xF2
-
-/*-
- * Obtain latest Finished message
- *   -- that we sent (SSL_get_finished)
- *   -- that we expected from peer (SSL_get_peer_finished).
- * Returns length (0 == no Finished so far), copies up to 'count' bytes.
- */
-size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
-size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
-
-/*
- * use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options are
- * 'ored' with SSL_VERIFY_PEER if they are desired
- */
-# define SSL_VERIFY_NONE                 0x00
-# define SSL_VERIFY_PEER                 0x01
-# define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
-# define SSL_VERIFY_CLIENT_ONCE          0x04
-
-# define OpenSSL_add_ssl_algorithms()    SSL_library_init()
-# define SSLeay_add_ssl_algorithms()     SSL_library_init()
-
-/* this is for backward compatibility */
-# if 0                          /* NEW_SSLEAY */
-#  define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c)
-#  define SSL_set_pref_cipher(c,n)        SSL_set_cipher_list(c,n)
-#  define SSL_add_session(a,b)            SSL_CTX_add_session((a),(b))
-#  define SSL_remove_session(a,b)         SSL_CTX_remove_session((a),(b))
-#  define SSL_flush_sessions(a,b)         SSL_CTX_flush_sessions((a),(b))
-# endif
-/* More backward compatibility */
-# define SSL_get_cipher(s) \
-                SSL_CIPHER_get_name(SSL_get_current_cipher(s))
-# define SSL_get_cipher_bits(s,np) \
-                SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
-# define SSL_get_cipher_version(s) \
-                SSL_CIPHER_get_version(SSL_get_current_cipher(s))
-# define SSL_get_cipher_name(s) \
-                SSL_CIPHER_get_name(SSL_get_current_cipher(s))
-# define SSL_get_time(a)         SSL_SESSION_get_time(a)
-# define SSL_set_time(a,b)       SSL_SESSION_set_time((a),(b))
-# define SSL_get_timeout(a)      SSL_SESSION_get_timeout(a)
-# define SSL_set_timeout(a,b)    SSL_SESSION_set_timeout((a),(b))
-
-# define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id)
-# define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id)
-
-DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
-# define SSL_AD_REASON_OFFSET            1000/* offset to get SSL_R_... value
-                                              * from SSL_AD_... */
-/* These alert types are for SSLv3 and TLSv1 */
-# define SSL_AD_CLOSE_NOTIFY             SSL3_AD_CLOSE_NOTIFY
-/* fatal */
-# define SSL_AD_UNEXPECTED_MESSAGE       SSL3_AD_UNEXPECTED_MESSAGE
-/* fatal */
-# define SSL_AD_BAD_RECORD_MAC           SSL3_AD_BAD_RECORD_MAC
-# define SSL_AD_DECRYPTION_FAILED        TLS1_AD_DECRYPTION_FAILED
-# define SSL_AD_RECORD_OVERFLOW          TLS1_AD_RECORD_OVERFLOW
-/* fatal */
-# define SSL_AD_DECOMPRESSION_FAILURE    SSL3_AD_DECOMPRESSION_FAILURE
-/* fatal */
-# define SSL_AD_HANDSHAKE_FAILURE        SSL3_AD_HANDSHAKE_FAILURE
-/* Not for TLS */
-# define SSL_AD_NO_CERTIFICATE           SSL3_AD_NO_CERTIFICATE
-# define SSL_AD_BAD_CERTIFICATE          SSL3_AD_BAD_CERTIFICATE
-# define SSL_AD_UNSUPPORTED_CERTIFICATE  SSL3_AD_UNSUPPORTED_CERTIFICATE
-# define SSL_AD_CERTIFICATE_REVOKED      SSL3_AD_CERTIFICATE_REVOKED
-# define SSL_AD_CERTIFICATE_EXPIRED      SSL3_AD_CERTIFICATE_EXPIRED
-# define SSL_AD_CERTIFICATE_UNKNOWN      SSL3_AD_CERTIFICATE_UNKNOWN
-/* fatal */
-# define SSL_AD_ILLEGAL_PARAMETER        SSL3_AD_ILLEGAL_PARAMETER
-/* fatal */
-# define SSL_AD_UNKNOWN_CA               TLS1_AD_UNKNOWN_CA
-/* fatal */
-# define SSL_AD_ACCESS_DENIED            TLS1_AD_ACCESS_DENIED
-/* fatal */
-# define SSL_AD_DECODE_ERROR             TLS1_AD_DECODE_ERROR
-# define SSL_AD_DECRYPT_ERROR            TLS1_AD_DECRYPT_ERROR
-/* fatal */
-# define SSL_AD_EXPORT_RESTRICTION       TLS1_AD_EXPORT_RESTRICTION
-/* fatal */
-# define SSL_AD_PROTOCOL_VERSION         TLS1_AD_PROTOCOL_VERSION
-/* fatal */
-# define SSL_AD_INSUFFICIENT_SECURITY    TLS1_AD_INSUFFICIENT_SECURITY
-/* fatal */
-# define SSL_AD_INTERNAL_ERROR           TLS1_AD_INTERNAL_ERROR
-# define SSL_AD_USER_CANCELLED           TLS1_AD_USER_CANCELLED
-# define SSL_AD_NO_RENEGOTIATION         TLS1_AD_NO_RENEGOTIATION
-# define SSL_AD_UNSUPPORTED_EXTENSION    TLS1_AD_UNSUPPORTED_EXTENSION
-# define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
-# define SSL_AD_UNRECOGNIZED_NAME        TLS1_AD_UNRECOGNIZED_NAME
-# define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
-# define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
-/* fatal */
-# define SSL_AD_UNKNOWN_PSK_IDENTITY     TLS1_AD_UNKNOWN_PSK_IDENTITY
-/* fatal */
-# define SSL_AD_INAPPROPRIATE_FALLBACK   TLS1_AD_INAPPROPRIATE_FALLBACK
-# define SSL_ERROR_NONE                  0
-# define SSL_ERROR_SSL                   1
-# define SSL_ERROR_WANT_READ             2
-# define SSL_ERROR_WANT_WRITE            3
-# define SSL_ERROR_WANT_X509_LOOKUP      4
-# define SSL_ERROR_SYSCALL               5/* look at error stack/return
-                                           * value/errno */
-# define SSL_ERROR_ZERO_RETURN           6
-# define SSL_ERROR_WANT_CONNECT          7
-# define SSL_ERROR_WANT_ACCEPT           8
-# define SSL_CTRL_NEED_TMP_RSA                   1
-# define SSL_CTRL_SET_TMP_RSA                    2
-# define SSL_CTRL_SET_TMP_DH                     3
-# define SSL_CTRL_SET_TMP_ECDH                   4
-# define SSL_CTRL_SET_TMP_RSA_CB                 5
-# define SSL_CTRL_SET_TMP_DH_CB                  6
-# define SSL_CTRL_SET_TMP_ECDH_CB                7
-# define SSL_CTRL_GET_SESSION_REUSED             8
-# define SSL_CTRL_GET_CLIENT_CERT_REQUEST        9
-# define SSL_CTRL_GET_NUM_RENEGOTIATIONS         10
-# define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS       11
-# define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS       12
-# define SSL_CTRL_GET_FLAGS                      13
-# define SSL_CTRL_EXTRA_CHAIN_CERT               14
-# define SSL_CTRL_SET_MSG_CALLBACK               15
-# define SSL_CTRL_SET_MSG_CALLBACK_ARG           16
-/* only applies to datagram connections */
-# define SSL_CTRL_SET_MTU                17
-/* Stats */
-# define SSL_CTRL_SESS_NUMBER                    20
-# define SSL_CTRL_SESS_CONNECT                   21
-# define SSL_CTRL_SESS_CONNECT_GOOD              22
-# define SSL_CTRL_SESS_CONNECT_RENEGOTIATE       23
-# define SSL_CTRL_SESS_ACCEPT                    24
-# define SSL_CTRL_SESS_ACCEPT_GOOD               25
-# define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE        26
-# define SSL_CTRL_SESS_HIT                       27
-# define SSL_CTRL_SESS_CB_HIT                    28
-# define SSL_CTRL_SESS_MISSES                    29
-# define SSL_CTRL_SESS_TIMEOUTS                  30
-# define SSL_CTRL_SESS_CACHE_FULL                31
-# define SSL_CTRL_OPTIONS                        32
-# define SSL_CTRL_MODE                           33
-# define SSL_CTRL_GET_READ_AHEAD                 40
-# define SSL_CTRL_SET_READ_AHEAD                 41
-# define SSL_CTRL_SET_SESS_CACHE_SIZE            42
-# define SSL_CTRL_GET_SESS_CACHE_SIZE            43
-# define SSL_CTRL_SET_SESS_CACHE_MODE            44
-# define SSL_CTRL_GET_SESS_CACHE_MODE            45
-# define SSL_CTRL_GET_MAX_CERT_LIST              50
-# define SSL_CTRL_SET_MAX_CERT_LIST              51
-# define SSL_CTRL_SET_MAX_SEND_FRAGMENT          52
-/* see tls1.h for macros based on these */
-# ifndef OPENSSL_NO_TLSEXT
-#  define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB       53
-#  define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG      54
-#  define SSL_CTRL_SET_TLSEXT_HOSTNAME            55
-#  define SSL_CTRL_SET_TLSEXT_DEBUG_CB            56
-#  define SSL_CTRL_SET_TLSEXT_DEBUG_ARG           57
-#  define SSL_CTRL_GET_TLSEXT_TICKET_KEYS         58
-#  define SSL_CTRL_SET_TLSEXT_TICKET_KEYS         59
-#  define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT    60
-#  define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61
-#  define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62
-#  define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB       63
-#  define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG   64
-#  define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE     65
-#  define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS     66
-#  define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS     67
-#  define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS      68
-#  define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS      69
-#  define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP        70
-#  define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP        71
-#  define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB       72
-#  define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB    75
-#  define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB                76
-#  define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB             77
-#  define SSL_CTRL_SET_SRP_ARG            78
-#  define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME               79
-#  define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH               80
-#  define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD               81
-#  ifndef OPENSSL_NO_HEARTBEATS
-#   define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT                         85
-#   define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING          86
-#   define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS      87
-#  endif
-# endif
-# define DTLS_CTRL_GET_TIMEOUT           73
-# define DTLS_CTRL_HANDLE_TIMEOUT        74
-# define DTLS_CTRL_LISTEN                        75
-# define SSL_CTRL_GET_RI_SUPPORT                 76
-# define SSL_CTRL_CLEAR_OPTIONS                  77
-# define SSL_CTRL_CLEAR_MODE                     78
-# define SSL_CTRL_GET_EXTRA_CHAIN_CERTS          82
-# define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS        83
-# define SSL_CTRL_CHECK_PROTO_VERSION            119
-# define DTLS_CTRL_SET_LINK_MTU                  120
-# define DTLS_CTRL_GET_LINK_MIN_MTU              121
-# define DTLSv1_get_timeout(ssl, arg) \
-        SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
-# define DTLSv1_handle_timeout(ssl) \
-        SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL)
-# define DTLSv1_listen(ssl, peer) \
-        SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer)
-# define SSL_session_reused(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
-# define SSL_num_renegotiations(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)
-# define SSL_clear_num_renegotiations(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
-# define SSL_total_renegotiations(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
-# define SSL_CTX_need_tmp_RSA(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL)
-# define SSL_CTX_set_tmp_rsa(ctx,rsa) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
-# define SSL_CTX_set_tmp_dh(ctx,dh) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
-# define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
-# define SSL_need_tmp_RSA(ssl) \
-        SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL)
-# define SSL_set_tmp_rsa(ssl,rsa) \
-        SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
-# define SSL_set_tmp_dh(ssl,dh) \
-        SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
-# define SSL_set_tmp_ecdh(ssl,ecdh) \
-        SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
-# define SSL_CTX_add_extra_chain_cert(ctx,x509) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
-# define SSL_CTX_get_extra_chain_certs(ctx,px509) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509)
-# define SSL_CTX_clear_extra_chain_certs(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
-# ifndef OPENSSL_NO_BIO
-BIO_METHOD *BIO_f_ssl(void);
-BIO *BIO_new_ssl(SSL_CTX *ctx, int client);
-BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
-BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
-int BIO_ssl_copy_session_id(BIO *to, BIO *from);
-void BIO_ssl_shutdown(BIO *ssl_bio);
-
-# endif
-
-int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str);
-SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
-void SSL_CTX_free(SSL_CTX *);
-long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
-long SSL_CTX_get_timeout(const SSL_CTX *ctx);
-X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
-void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *);
-int SSL_want(const SSL *s);
-int SSL_clear(SSL *s);
-
-void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
-
-const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
-int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
-char *SSL_CIPHER_get_version(const SSL_CIPHER *c);
-const char *SSL_CIPHER_get_name(const SSL_CIPHER *c);
-unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c);
-
-int SSL_get_fd(const SSL *s);
-int SSL_get_rfd(const SSL *s);
-int SSL_get_wfd(const SSL *s);
-const char *SSL_get_cipher_list(const SSL *s, int n);
-char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
-int SSL_get_read_ahead(const SSL *s);
-int SSL_pending(const SSL *s);
-# ifndef OPENSSL_NO_SOCK
-int SSL_set_fd(SSL *s, int fd);
-int SSL_set_rfd(SSL *s, int fd);
-int SSL_set_wfd(SSL *s, int fd);
-# endif
-# ifndef OPENSSL_NO_BIO
-void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio);
-BIO *SSL_get_rbio(const SSL *s);
-BIO *SSL_get_wbio(const SSL *s);
-# endif
-int SSL_set_cipher_list(SSL *s, const char *str);
-void SSL_set_read_ahead(SSL *s, int yes);
-int SSL_get_verify_mode(const SSL *s);
-int SSL_get_verify_depth(const SSL *s);
-int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *);
-void SSL_set_verify(SSL *s, int mode,
-                    int (*callback) (int ok, X509_STORE_CTX *ctx));
-void SSL_set_verify_depth(SSL *s, int depth);
-# ifndef OPENSSL_NO_RSA
-int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
-# endif
-int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
-int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
-int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d,
-                            long len);
-int SSL_use_certificate(SSL *ssl, X509 *x);
-int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
-
-# ifndef OPENSSL_NO_STDIO
-int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
-int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
-int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
-int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
-int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
-int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
-/* PEM type */
-int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
-STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
-int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
-                                        const char *file);
-#  ifndef OPENSSL_SYS_VMS
-/* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */
-#   ifndef OPENSSL_SYS_MACINTOSH_CLASSIC
-int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
-                                       const char *dir);
-#   endif
-#  endif
-
-# endif
-
-void SSL_load_error_strings(void);
-const char *SSL_state_string(const SSL *s);
-const char *SSL_rstate_string(const SSL *s);
-const char *SSL_state_string_long(const SSL *s);
-const char *SSL_rstate_string_long(const SSL *s);
-long SSL_SESSION_get_time(const SSL_SESSION *s);
-long SSL_SESSION_set_time(SSL_SESSION *s, long t);
-long SSL_SESSION_get_timeout(const SSL_SESSION *s);
-long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
-void SSL_copy_session_id(SSL *to, const SSL *from);
-X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
-int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
-                                unsigned int sid_ctx_len);
-
-SSL_SESSION *SSL_SESSION_new(void);
-const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
-                                        unsigned int *len);
-unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
-# ifndef OPENSSL_NO_FP_API
-int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses);
-# endif
-# ifndef OPENSSL_NO_BIO
-int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses);
-# endif
-void SSL_SESSION_free(SSL_SESSION *ses);
-int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
-int SSL_set_session(SSL *to, SSL_SESSION *session);
-int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
-int SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c);
-int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
-int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
-int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
-                                unsigned int id_len);
-SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
-                             long length);
-
-# ifdef HEADER_X509_H
-X509 *SSL_get_peer_certificate(const SSL *s);
-# endif
-
-STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);
-
-int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
-int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
-int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int,
-                                                        X509_STORE_CTX *);
-void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
-                        int (*callback) (int, X509_STORE_CTX *));
-void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth);
-void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
-                                      int (*cb) (X509_STORE_CTX *, void *),
-                                      void *arg);
-# ifndef OPENSSL_NO_RSA
-int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
-# endif
-int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d,
-                                   long len);
-int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
-int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx,
-                                const unsigned char *d, long len);
-int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
-int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
-                                 const unsigned char *d);
-
-void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
-void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
-
-int SSL_CTX_check_private_key(const SSL_CTX *ctx);
-int SSL_check_private_key(const SSL *ctx);
-
-int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
-                                   unsigned int sid_ctx_len);
-
-SSL *SSL_new(SSL_CTX *ctx);
-int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
-                               unsigned int sid_ctx_len);
-
-int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
-int SSL_set_purpose(SSL *s, int purpose);
-int SSL_CTX_set_trust(SSL_CTX *s, int trust);
-int SSL_set_trust(SSL *s, int trust);
-
-int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
-int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
-
-# ifndef OPENSSL_NO_SRP
-int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name);
-int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password);
-int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength);
-int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx,
-                                        char *(*cb) (SSL *, void *));
-int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx,
-                                          int (*cb) (SSL *, void *));
-int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx,
-                                      int (*cb) (SSL *, int *, void *));
-int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg);
-
-int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
-                             BIGNUM *sa, BIGNUM *v, char *info);
-int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
-                                const char *grp);
-
-BIGNUM *SSL_get_srp_g(SSL *s);
-BIGNUM *SSL_get_srp_N(SSL *s);
-
-char *SSL_get_srp_username(SSL *s);
-char *SSL_get_srp_userinfo(SSL *s);
-# endif
-
-void SSL_free(SSL *ssl);
-int SSL_accept(SSL *ssl);
-int SSL_connect(SSL *ssl);
-int SSL_read(SSL *ssl, void *buf, int num);
-int SSL_peek(SSL *ssl, void *buf, int num);
-int SSL_write(SSL *ssl, const void *buf, int num);
-long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
-long SSL_callback_ctrl(SSL *, int, void (*)(void));
-long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
-long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));
-
-int SSL_get_error(const SSL *s, int ret_code);
-const char *SSL_get_version(const SSL *s);
-
-/* This sets the 'default' SSL version that SSL_new() will create */
-int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
-
-# ifndef OPENSSL_NO_SSL2
-const SSL_METHOD *SSLv2_method(void); /* SSLv2 */
-const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
-const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
-# endif
-
-# ifndef OPENSSL_NO_SSL3_METHOD
-const SSL_METHOD *SSLv3_method(void); /* SSLv3 */
-const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
-const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */
-# endif
-
-const SSL_METHOD *SSLv23_method(void); /* Negotiate highest available SSL/TLS
-                                        * version */
-const SSL_METHOD *SSLv23_server_method(void); /* Negotiate highest available
-                                               * SSL/TLS version */
-const SSL_METHOD *SSLv23_client_method(void); /* Negotiate highest available
-                                               * SSL/TLS version */
-
-const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */
-const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */
-const SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */
-
-const SSL_METHOD *TLSv1_1_method(void); /* TLSv1.1 */
-const SSL_METHOD *TLSv1_1_server_method(void); /* TLSv1.1 */
-const SSL_METHOD *TLSv1_1_client_method(void); /* TLSv1.1 */
-
-const SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */
-const SSL_METHOD *TLSv1_2_server_method(void); /* TLSv1.2 */
-const SSL_METHOD *TLSv1_2_client_method(void); /* TLSv1.2 */
-
-const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */
-const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */
-const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */
-
-STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
-
-int SSL_do_handshake(SSL *s);
-int SSL_renegotiate(SSL *s);
-int SSL_renegotiate_abbreviated(SSL *s);
-int SSL_renegotiate_pending(SSL *s);
-int SSL_shutdown(SSL *s);
-
-const SSL_METHOD *SSL_get_ssl_method(SSL *s);
-int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
-const char *SSL_alert_type_string_long(int value);
-const char *SSL_alert_type_string(int value);
-const char *SSL_alert_desc_string_long(int value);
-const char *SSL_alert_desc_string(int value);
-
-void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
-void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
-STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
-STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
-int SSL_add_client_CA(SSL *ssl, X509 *x);
-int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);
-
-void SSL_set_connect_state(SSL *s);
-void SSL_set_accept_state(SSL *s);
-
-long SSL_get_default_timeout(const SSL *s);
-
-int SSL_library_init(void);
-
-char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size);
-STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
-
-SSL *SSL_dup(SSL *ssl);
-
-X509 *SSL_get_certificate(const SSL *ssl);
-/*
- * EVP_PKEY
- */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl);
-
-void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);
-int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
-void SSL_set_quiet_shutdown(SSL *ssl, int mode);
-int SSL_get_quiet_shutdown(const SSL *ssl);
-void SSL_set_shutdown(SSL *ssl, int mode);
-int SSL_get_shutdown(const SSL *ssl);
-int SSL_version(const SSL *ssl);
-int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
-int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
-                                  const char *CApath);
-# define SSL_get0_session SSL_get_session/* just peek at pointer */
-SSL_SESSION *SSL_get_session(const SSL *ssl);
-SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
-SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
-SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx);
-void SSL_set_info_callback(SSL *ssl,
-                           void (*cb) (const SSL *ssl, int type, int val));
-void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type,
-                                               int val);
-int SSL_state(const SSL *ssl);
-void SSL_set_state(SSL *ssl, int state);
-
-void SSL_set_verify_result(SSL *ssl, long v);
-long SSL_get_verify_result(const SSL *ssl);
-
-int SSL_set_ex_data(SSL *ssl, int idx, void *data);
-void *SSL_get_ex_data(const SSL *ssl, int idx);
-int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-                         CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-
-int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data);
-void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx);
-int SSL_SESSION_get_ex_new_index(long argl, void *argp,
-                                 CRYPTO_EX_new *new_func,
-                                 CRYPTO_EX_dup *dup_func,
-                                 CRYPTO_EX_free *free_func);
-
-int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data);
-void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx);
-int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-                             CRYPTO_EX_dup *dup_func,
-                             CRYPTO_EX_free *free_func);
-
-int SSL_get_ex_data_X509_STORE_CTX_idx(void);
-
-# define SSL_CTX_sess_set_cache_size(ctx,t) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
-# define SSL_CTX_sess_get_cache_size(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
-# define SSL_CTX_set_session_cache_mode(ctx,m) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
-# define SSL_CTX_get_session_cache_mode(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)
-
-# define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
-# define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)
-# define SSL_CTX_get_read_ahead(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
-# define SSL_CTX_set_read_ahead(ctx,m) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)
-# define SSL_CTX_get_max_cert_list(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
-# define SSL_CTX_set_max_cert_list(ctx,m) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
-# define SSL_get_max_cert_list(ssl) \
-        SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
-# define SSL_set_max_cert_list(ssl,m) \
-        SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
-
-# define SSL_CTX_set_max_send_fragment(ctx,m) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
-# define SSL_set_max_send_fragment(ssl,m) \
-        SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
-
-     /* NB: the keylength is only applicable when is_export is true */
-# ifndef OPENSSL_NO_RSA
-void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
-                                  RSA *(*cb) (SSL *ssl, int is_export,
-                                              int keylength));
-
-void SSL_set_tmp_rsa_callback(SSL *ssl,
-                              RSA *(*cb) (SSL *ssl, int is_export,
-                                          int keylength));
-# endif
-# ifndef OPENSSL_NO_DH
-void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
-                                 DH *(*dh) (SSL *ssl, int is_export,
-                                            int keylength));
-void SSL_set_tmp_dh_callback(SSL *ssl,
-                             DH *(*dh) (SSL *ssl, int is_export,
-                                        int keylength));
-# endif
-# ifndef OPENSSL_NO_ECDH
-void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
-                                   EC_KEY *(*ecdh) (SSL *ssl, int is_export,
-                                                    int keylength));
-void SSL_set_tmp_ecdh_callback(SSL *ssl,
-                               EC_KEY *(*ecdh) (SSL *ssl, int is_export,
-                                                int keylength));
-# endif
-
-# ifndef OPENSSL_NO_COMP
-const COMP_METHOD *SSL_get_current_compression(SSL *s);
-const COMP_METHOD *SSL_get_current_expansion(SSL *s);
-const char *SSL_COMP_get_name(const COMP_METHOD *comp);
-STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
-int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
-# else
-const void *SSL_get_current_compression(SSL *s);
-const void *SSL_get_current_expansion(SSL *s);
-const char *SSL_COMP_get_name(const void *comp);
-void *SSL_COMP_get_compression_methods(void);
-int SSL_COMP_add_compression_method(int id, void *cm);
-# endif
-
-/* TLS extensions functions */
-int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
-
-int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
-                                  void *arg);
-
-/* Pre-shared secret session resumption functions */
-int SSL_set_session_secret_cb(SSL *s,
-                              tls_session_secret_cb_fn tls_session_secret_cb,
-                              void *arg);
-
-void SSL_set_debug(SSL *s, int debug);
-int SSL_cache_hit(SSL *s);
-
-# ifndef OPENSSL_NO_UNIT_TEST
-const struct openssl_ssl_test_functions *SSL_test_functions(void);
-# endif
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_SSL_strings(void);
-
-/* Error codes for the SSL functions. */
-
-/* Function codes. */
-# define SSL_F_CLIENT_CERTIFICATE                         100
-# define SSL_F_CLIENT_FINISHED                            167
-# define SSL_F_CLIENT_HELLO                               101
-# define SSL_F_CLIENT_MASTER_KEY                          102
-# define SSL_F_D2I_SSL_SESSION                            103
-# define SSL_F_DO_DTLS1_WRITE                             245
-# define SSL_F_DO_SSL3_WRITE                              104
-# define SSL_F_DTLS1_ACCEPT                               246
-# define SSL_F_DTLS1_ADD_CERT_TO_BUF                      295
-# define SSL_F_DTLS1_BUFFER_RECORD                        247
-# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM                    316
-# define SSL_F_DTLS1_CLIENT_HELLO                         248
-# define SSL_F_DTLS1_CONNECT                              249
-# define SSL_F_DTLS1_ENC                                  250
-# define SSL_F_DTLS1_GET_HELLO_VERIFY                     251
-# define SSL_F_DTLS1_GET_MESSAGE                          252
-# define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT                 253
-# define SSL_F_DTLS1_GET_RECORD                           254
-# define SSL_F_DTLS1_HANDLE_TIMEOUT                       297
-# define SSL_F_DTLS1_HEARTBEAT                            305
-# define SSL_F_DTLS1_OUTPUT_CERT_CHAIN                    255
-# define SSL_F_DTLS1_PREPROCESS_FRAGMENT                  288
-# define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE           256
-# define SSL_F_DTLS1_PROCESS_RECORD                       257
-# define SSL_F_DTLS1_READ_BYTES                           258
-# define SSL_F_DTLS1_READ_FAILED                          259
-# define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST             260
-# define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE              261
-# define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE             262
-# define SSL_F_DTLS1_SEND_CLIENT_VERIFY                   263
-# define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST            264
-# define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE              265
-# define SSL_F_DTLS1_SEND_SERVER_HELLO                    266
-# define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE             267
-# define SSL_F_DTLS1_WRITE_APP_DATA_BYTES                 268
-# define SSL_F_GET_CLIENT_FINISHED                        105
-# define SSL_F_GET_CLIENT_HELLO                           106
-# define SSL_F_GET_CLIENT_MASTER_KEY                      107
-# define SSL_F_GET_SERVER_FINISHED                        108
-# define SSL_F_GET_SERVER_HELLO                           109
-# define SSL_F_GET_SERVER_VERIFY                          110
-# define SSL_F_I2D_SSL_SESSION                            111
-# define SSL_F_READ_N                                     112
-# define SSL_F_REQUEST_CERTIFICATE                        113
-# define SSL_F_SERVER_FINISH                              239
-# define SSL_F_SERVER_HELLO                               114
-# define SSL_F_SERVER_VERIFY                              240
-# define SSL_F_SSL23_ACCEPT                               115
-# define SSL_F_SSL23_CLIENT_HELLO                         116
-# define SSL_F_SSL23_CONNECT                              117
-# define SSL_F_SSL23_GET_CLIENT_HELLO                     118
-# define SSL_F_SSL23_GET_SERVER_HELLO                     119
-# define SSL_F_SSL23_PEEK                                 237
-# define SSL_F_SSL23_READ                                 120
-# define SSL_F_SSL23_WRITE                                121
-# define SSL_F_SSL2_ACCEPT                                122
-# define SSL_F_SSL2_CONNECT                               123
-# define SSL_F_SSL2_ENC_INIT                              124
-# define SSL_F_SSL2_GENERATE_KEY_MATERIAL                 241
-# define SSL_F_SSL2_PEEK                                  234
-# define SSL_F_SSL2_READ                                  125
-# define SSL_F_SSL2_READ_INTERNAL                         236
-# define SSL_F_SSL2_SET_CERTIFICATE                       126
-# define SSL_F_SSL2_WRITE                                 127
-# define SSL_F_SSL3_ACCEPT                                128
-# define SSL_F_SSL3_ADD_CERT_TO_BUF                       296
-# define SSL_F_SSL3_CALLBACK_CTRL                         233
-# define SSL_F_SSL3_CHANGE_CIPHER_STATE                   129
-# define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM              130
-# define SSL_F_SSL3_CHECK_CLIENT_HELLO                    304
-# define SSL_F_SSL3_CHECK_FINISHED                        339
-# define SSL_F_SSL3_CLIENT_HELLO                          131
-# define SSL_F_SSL3_CONNECT                               132
-# define SSL_F_SSL3_CTRL                                  213
-# define SSL_F_SSL3_CTX_CTRL                              133
-# define SSL_F_SSL3_DIGEST_CACHED_RECORDS                 293
-# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC                 292
-# define SSL_F_SSL3_ENC                                   134
-# define SSL_F_SSL3_GENERATE_KEY_BLOCK                    238
-# define SSL_F_SSL3_GENERATE_MASTER_SECRET                388
-# define SSL_F_SSL3_GET_CERTIFICATE_REQUEST               135
-# define SSL_F_SSL3_GET_CERT_STATUS                       289
-# define SSL_F_SSL3_GET_CERT_VERIFY                       136
-# define SSL_F_SSL3_GET_CLIENT_CERTIFICATE                137
-# define SSL_F_SSL3_GET_CLIENT_HELLO                      138
-# define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE               139
-# define SSL_F_SSL3_GET_FINISHED                          140
-# define SSL_F_SSL3_GET_KEY_EXCHANGE                      141
-# define SSL_F_SSL3_GET_MESSAGE                           142
-# define SSL_F_SSL3_GET_NEW_SESSION_TICKET                283
-# define SSL_F_SSL3_GET_NEXT_PROTO                        306
-# define SSL_F_SSL3_GET_RECORD                            143
-# define SSL_F_SSL3_GET_SERVER_CERTIFICATE                144
-# define SSL_F_SSL3_GET_SERVER_DONE                       145
-# define SSL_F_SSL3_GET_SERVER_HELLO                      146
-# define SSL_F_SSL3_HANDSHAKE_MAC                         285
-# define SSL_F_SSL3_NEW_SESSION_TICKET                    287
-# define SSL_F_SSL3_OUTPUT_CERT_CHAIN                     147
-# define SSL_F_SSL3_PEEK                                  235
-# define SSL_F_SSL3_READ_BYTES                            148
-# define SSL_F_SSL3_READ_N                                149
-# define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST              150
-# define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE               151
-# define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE              152
-# define SSL_F_SSL3_SEND_CLIENT_VERIFY                    153
-# define SSL_F_SSL3_SEND_SERVER_CERTIFICATE               154
-# define SSL_F_SSL3_SEND_SERVER_HELLO                     242
-# define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE              155
-# define SSL_F_SSL3_SETUP_KEY_BLOCK                       157
-# define SSL_F_SSL3_SETUP_READ_BUFFER                     156
-# define SSL_F_SSL3_SETUP_WRITE_BUFFER                    291
-# define SSL_F_SSL3_WRITE_BYTES                           158
-# define SSL_F_SSL3_WRITE_PENDING                         159
-# define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT        298
-# define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT                 277
-# define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT           307
-# define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK         215
-# define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK        216
-# define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT        299
-# define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT                 278
-# define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT           308
-# define SSL_F_SSL_BAD_METHOD                             160
-# define SSL_F_SSL_BYTES_TO_CIPHER_LIST                   161
-# define SSL_F_SSL_CERT_DUP                               221
-# define SSL_F_SSL_CERT_INST                              222
-# define SSL_F_SSL_CERT_INSTANTIATE                       214
-# define SSL_F_SSL_CERT_NEW                               162
-# define SSL_F_SSL_CHECK_PRIVATE_KEY                      163
-# define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT               280
-# define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG            279
-# define SSL_F_SSL_CIPHER_PROCESS_RULESTR                 230
-# define SSL_F_SSL_CIPHER_STRENGTH_SORT                   231
-# define SSL_F_SSL_CLEAR                                  164
-# define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD            165
-# define SSL_F_SSL_CREATE_CIPHER_LIST                     166
-# define SSL_F_SSL_CTRL                                   232
-# define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY                  168
-# define SSL_F_SSL_CTX_MAKE_PROFILES                      309
-# define SSL_F_SSL_CTX_NEW                                169
-# define SSL_F_SSL_CTX_SET_CIPHER_LIST                    269
-# define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE             290
-# define SSL_F_SSL_CTX_SET_PURPOSE                        226
-# define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT             219
-# define SSL_F_SSL_CTX_SET_SSL_VERSION                    170
-# define SSL_F_SSL_CTX_SET_TRUST                          229
-# define SSL_F_SSL_CTX_USE_CERTIFICATE                    171
-# define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1               172
-# define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE         220
-# define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE               173
-# define SSL_F_SSL_CTX_USE_PRIVATEKEY                     174
-# define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1                175
-# define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE                176
-# define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT              272
-# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY                  177
-# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1             178
-# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE             179
-# define SSL_F_SSL_DO_HANDSHAKE                           180
-# define SSL_F_SSL_GET_NEW_SESSION                        181
-# define SSL_F_SSL_GET_PREV_SESSION                       217
-# define SSL_F_SSL_GET_SERVER_SEND_CERT                   182
-# define SSL_F_SSL_GET_SERVER_SEND_PKEY                   317
-# define SSL_F_SSL_GET_SIGN_PKEY                          183
-# define SSL_F_SSL_INIT_WBIO_BUFFER                       184
-# define SSL_F_SSL_LOAD_CLIENT_CA_FILE                    185
-# define SSL_F_SSL_NEW                                    186
-# define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT      300
-# define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT               302
-# define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT         310
-# define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT      301
-# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT               303
-# define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT         311
-# define SSL_F_SSL_PEEK                                   270
-# define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT             281
-# define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT             282
-# define SSL_F_SSL_READ                                   223
-# define SSL_F_SSL_RSA_PRIVATE_DECRYPT                    187
-# define SSL_F_SSL_RSA_PUBLIC_ENCRYPT                     188
-# define SSL_F_SSL_SESSION_DUP                            348
-# define SSL_F_SSL_SESSION_NEW                            189
-# define SSL_F_SSL_SESSION_PRINT_FP                       190
-# define SSL_F_SSL_SESSION_SET1_ID_CONTEXT                312
-# define SSL_F_SSL_SESS_CERT_NEW                          225
-# define SSL_F_SSL_SET_CERT                               191
-# define SSL_F_SSL_SET_CIPHER_LIST                        271
-# define SSL_F_SSL_SET_FD                                 192
-# define SSL_F_SSL_SET_PKEY                               193
-# define SSL_F_SSL_SET_PURPOSE                            227
-# define SSL_F_SSL_SET_RFD                                194
-# define SSL_F_SSL_SET_SESSION                            195
-# define SSL_F_SSL_SET_SESSION_ID_CONTEXT                 218
-# define SSL_F_SSL_SET_SESSION_TICKET_EXT                 294
-# define SSL_F_SSL_SET_TRUST                              228
-# define SSL_F_SSL_SET_WFD                                196
-# define SSL_F_SSL_SHUTDOWN                               224
-# define SSL_F_SSL_SRP_CTX_INIT                           313
-# define SSL_F_SSL_UNDEFINED_CONST_FUNCTION               243
-# define SSL_F_SSL_UNDEFINED_FUNCTION                     197
-# define SSL_F_SSL_UNDEFINED_VOID_FUNCTION                244
-# define SSL_F_SSL_USE_CERTIFICATE                        198
-# define SSL_F_SSL_USE_CERTIFICATE_ASN1                   199
-# define SSL_F_SSL_USE_CERTIFICATE_FILE                   200
-# define SSL_F_SSL_USE_PRIVATEKEY                         201
-# define SSL_F_SSL_USE_PRIVATEKEY_ASN1                    202
-# define SSL_F_SSL_USE_PRIVATEKEY_FILE                    203
-# define SSL_F_SSL_USE_PSK_IDENTITY_HINT                  273
-# define SSL_F_SSL_USE_RSAPRIVATEKEY                      204
-# define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1                 205
-# define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE                 206
-# define SSL_F_SSL_VERIFY_CERT_CHAIN                      207
-# define SSL_F_SSL_WRITE                                  208
-# define SSL_F_TLS1_CERT_VERIFY_MAC                       286
-# define SSL_F_TLS1_CHANGE_CIPHER_STATE                   209
-# define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT              274
-# define SSL_F_TLS1_ENC                                   210
-# define SSL_F_TLS1_EXPORT_KEYING_MATERIAL                314
-# define SSL_F_TLS1_HEARTBEAT                             315
-# define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT            275
-# define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT            276
-# define SSL_F_TLS1_PRF                                   284
-# define SSL_F_TLS1_SETUP_KEY_BLOCK                       211
-# define SSL_F_WRITE_PENDING                              212
-
-/* Reason codes. */
-# define SSL_R_APP_DATA_IN_HANDSHAKE                      100
-# define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
-# define SSL_R_BAD_ALERT_RECORD                           101
-# define SSL_R_BAD_AUTHENTICATION_TYPE                    102
-# define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
-# define SSL_R_BAD_CHECKSUM                               104
-# define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
-# define SSL_R_BAD_DECOMPRESSION                          107
-# define SSL_R_BAD_DH_G_LENGTH                            108
-# define SSL_R_BAD_DH_G_VALUE                             375
-# define SSL_R_BAD_DH_PUB_KEY_LENGTH                      109
-# define SSL_R_BAD_DH_PUB_KEY_VALUE                       393
-# define SSL_R_BAD_DH_P_LENGTH                            110
-# define SSL_R_BAD_DH_P_VALUE                             395
-# define SSL_R_BAD_DIGEST_LENGTH                          111
-# define SSL_R_BAD_DSA_SIGNATURE                          112
-# define SSL_R_BAD_ECC_CERT                               304
-# define SSL_R_BAD_ECDSA_SIGNATURE                        305
-# define SSL_R_BAD_ECPOINT                                306
-# define SSL_R_BAD_HANDSHAKE_LENGTH                       332
-# define SSL_R_BAD_HELLO_REQUEST                          105
-# define SSL_R_BAD_LENGTH                                 271
-# define SSL_R_BAD_MAC_DECODE                             113
-# define SSL_R_BAD_MAC_LENGTH                             333
-# define SSL_R_BAD_MESSAGE_TYPE                           114
-# define SSL_R_BAD_PACKET_LENGTH                          115
-# define SSL_R_BAD_PROTOCOL_VERSION_NUMBER                116
-# define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH               316
-# define SSL_R_BAD_RESPONSE_ARGUMENT                      117
-# define SSL_R_BAD_RSA_DECRYPT                            118
-# define SSL_R_BAD_RSA_ENCRYPT                            119
-# define SSL_R_BAD_RSA_E_LENGTH                           120
-# define SSL_R_BAD_RSA_MODULUS_LENGTH                     121
-# define SSL_R_BAD_RSA_SIGNATURE                          122
-# define SSL_R_BAD_SIGNATURE                              123
-# define SSL_R_BAD_SRP_A_LENGTH                           347
-# define SSL_R_BAD_SRP_B_LENGTH                           348
-# define SSL_R_BAD_SRP_G_LENGTH                           349
-# define SSL_R_BAD_SRP_N_LENGTH                           350
-# define SSL_R_BAD_SRP_PARAMETERS                         371
-# define SSL_R_BAD_SRP_S_LENGTH                           351
-# define SSL_R_BAD_SRTP_MKI_VALUE                         352
-# define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST           353
-# define SSL_R_BAD_SSL_FILETYPE                           124
-# define SSL_R_BAD_SSL_SESSION_ID_LENGTH                  125
-# define SSL_R_BAD_STATE                                  126
-# define SSL_R_BAD_WRITE_RETRY                            127
-# define SSL_R_BIO_NOT_SET                                128
-# define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG                  129
-# define SSL_R_BN_LIB                                     130
-# define SSL_R_CA_DN_LENGTH_MISMATCH                      131
-# define SSL_R_CA_DN_TOO_LONG                             132
-# define SSL_R_CCS_RECEIVED_EARLY                         133
-# define SSL_R_CERTIFICATE_VERIFY_FAILED                  134
-# define SSL_R_CERT_LENGTH_MISMATCH                       135
-# define SSL_R_CHALLENGE_IS_DIFFERENT                     136
-# define SSL_R_CIPHER_CODE_WRONG_LENGTH                   137
-# define SSL_R_CIPHER_OR_HASH_UNAVAILABLE                 138
-# define SSL_R_CIPHER_TABLE_SRC_ERROR                     139
-# define SSL_R_CLIENTHELLO_TLSEXT                         226
-# define SSL_R_COMPRESSED_LENGTH_TOO_LONG                 140
-# define SSL_R_COMPRESSION_DISABLED                       343
-# define SSL_R_COMPRESSION_FAILURE                        141
-# define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
-# define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
-# define SSL_R_CONNECTION_ID_IS_DIFFERENT                 143
-# define SSL_R_CONNECTION_TYPE_NOT_SET                    144
-# define SSL_R_COOKIE_MISMATCH                            308
-# define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED              145
-# define SSL_R_DATA_LENGTH_TOO_LONG                       146
-# define SSL_R_DECRYPTION_FAILED                          147
-# define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC        281
-# define SSL_R_DH_KEY_TOO_SMALL                           372
-# define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG            148
-# define SSL_R_DIGEST_CHECK_FAILED                        149
-# define SSL_R_DTLS_MESSAGE_TOO_BIG                       334
-# define SSL_R_DUPLICATE_COMPRESSION_ID                   309
-# define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT             317
-# define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
-# define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE         322
-# define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE        323
-# define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER               310
-# define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
-# define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
-# define SSL_R_ERROR_GENERATING_TMP_RSA_KEY               282
-# define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
-# define SSL_R_EXCESSIVE_MESSAGE_SIZE                     152
-# define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
-# define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
-# define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS                355
-# define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION           356
-# define SSL_R_HTTPS_PROXY_REQUEST                        155
-# define SSL_R_HTTP_REQUEST                               156
-# define SSL_R_ILLEGAL_PADDING                            283
-# define SSL_R_INAPPROPRIATE_FALLBACK                     373
-# define SSL_R_INCONSISTENT_COMPRESSION                   340
-# define SSL_R_INVALID_CHALLENGE_LENGTH                   158
-# define SSL_R_INVALID_COMMAND                            280
-# define SSL_R_INVALID_COMPRESSION_ALGORITHM              341
-# define SSL_R_INVALID_PURPOSE                            278
-# define SSL_R_INVALID_SRP_USERNAME                       357
-# define SSL_R_INVALID_STATUS_RESPONSE                    328
-# define SSL_R_INVALID_TICKET_KEYS_LENGTH                 325
-# define SSL_R_INVALID_TRUST                              279
-# define SSL_R_KEY_ARG_TOO_LONG                           284
-# define SSL_R_KRB5                                       285
-# define SSL_R_KRB5_C_CC_PRINC                            286
-# define SSL_R_KRB5_C_GET_CRED                            287
-# define SSL_R_KRB5_C_INIT                                288
-# define SSL_R_KRB5_C_MK_REQ                              289
-# define SSL_R_KRB5_S_BAD_TICKET                          290
-# define SSL_R_KRB5_S_INIT                                291
-# define SSL_R_KRB5_S_RD_REQ                              292
-# define SSL_R_KRB5_S_TKT_EXPIRED                         293
-# define SSL_R_KRB5_S_TKT_NYV                             294
-# define SSL_R_KRB5_S_TKT_SKEW                            295
-# define SSL_R_LENGTH_MISMATCH                            159
-# define SSL_R_LENGTH_TOO_SHORT                           160
-# define SSL_R_LIBRARY_BUG                                274
-# define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
-# define SSL_R_MESSAGE_TOO_LONG                           296
-# define SSL_R_MISSING_DH_DSA_CERT                        162
-# define SSL_R_MISSING_DH_KEY                             163
-# define SSL_R_MISSING_DH_RSA_CERT                        164
-# define SSL_R_MISSING_DSA_SIGNING_CERT                   165
-# define SSL_R_MISSING_EXPORT_TMP_DH_KEY                  166
-# define SSL_R_MISSING_EXPORT_TMP_RSA_KEY                 167
-# define SSL_R_MISSING_RSA_CERTIFICATE                    168
-# define SSL_R_MISSING_RSA_ENCRYPTING_CERT                169
-# define SSL_R_MISSING_RSA_SIGNING_CERT                   170
-# define SSL_R_MISSING_SRP_PARAM                          358
-# define SSL_R_MISSING_TMP_DH_KEY                         171
-# define SSL_R_MISSING_TMP_ECDH_KEY                       311
-# define SSL_R_MISSING_TMP_RSA_KEY                        172
-# define SSL_R_MISSING_TMP_RSA_PKEY                       173
-# define SSL_R_MISSING_VERIFY_MESSAGE                     174
-# define SSL_R_MULTIPLE_SGC_RESTARTS                      346
-# define SSL_R_NON_SSLV2_INITIAL_PACKET                   175
-# define SSL_R_NO_CERTIFICATES_RETURNED                   176
-# define SSL_R_NO_CERTIFICATE_ASSIGNED                    177
-# define SSL_R_NO_CERTIFICATE_RETURNED                    178
-# define SSL_R_NO_CERTIFICATE_SET                         179
-# define SSL_R_NO_CERTIFICATE_SPECIFIED                   180
-# define SSL_R_NO_CIPHERS_AVAILABLE                       181
-# define SSL_R_NO_CIPHERS_PASSED                          182
-# define SSL_R_NO_CIPHERS_SPECIFIED                       183
-# define SSL_R_NO_CIPHER_LIST                             184
-# define SSL_R_NO_CIPHER_MATCH                            185
-# define SSL_R_NO_CLIENT_CERT_METHOD                      331
-# define SSL_R_NO_CLIENT_CERT_RECEIVED                    186
-# define SSL_R_NO_COMPRESSION_SPECIFIED                   187
-# define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER           330
-# define SSL_R_NO_METHOD_SPECIFIED                        188
-# define SSL_R_NO_PRIVATEKEY                              189
-# define SSL_R_NO_PRIVATE_KEY_ASSIGNED                    190
-# define SSL_R_NO_PROTOCOLS_AVAILABLE                     191
-# define SSL_R_NO_PUBLICKEY                               192
-# define SSL_R_NO_RENEGOTIATION                           339
-# define SSL_R_NO_REQUIRED_DIGEST                         324
-# define SSL_R_NO_SHARED_CIPHER                           193
-# define SSL_R_NO_SRTP_PROFILES                           359
-# define SSL_R_NO_VERIFY_CALLBACK                         194
-# define SSL_R_NULL_SSL_CTX                               195
-# define SSL_R_NULL_SSL_METHOD_PASSED                     196
-# define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED            197
-# define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
-# define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE              297
-# define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG                  327
-# define SSL_R_PACKET_LENGTH_TOO_LONG                     198
-# define SSL_R_PARSE_TLSEXT                               227
-# define SSL_R_PATH_TOO_LONG                              270
-# define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE          199
-# define SSL_R_PEER_ERROR                                 200
-# define SSL_R_PEER_ERROR_CERTIFICATE                     201
-# define SSL_R_PEER_ERROR_NO_CERTIFICATE                  202
-# define SSL_R_PEER_ERROR_NO_CIPHER                       203
-# define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE    204
-# define SSL_R_PRE_MAC_LENGTH_TOO_LONG                    205
-# define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS          206
-# define SSL_R_PROTOCOL_IS_SHUTDOWN                       207
-# define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
-# define SSL_R_PSK_NO_CLIENT_CB                           224
-# define SSL_R_PSK_NO_SERVER_CB                           225
-# define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR                   208
-# define SSL_R_PUBLIC_KEY_IS_NOT_RSA                      209
-# define SSL_R_PUBLIC_KEY_NOT_RSA                         210
-# define SSL_R_READ_BIO_NOT_SET                           211
-# define SSL_R_READ_TIMEOUT_EXPIRED                       312
-# define SSL_R_READ_WRONG_PACKET_TYPE                     212
-# define SSL_R_RECORD_LENGTH_MISMATCH                     213
-# define SSL_R_RECORD_TOO_LARGE                           214
-# define SSL_R_RECORD_TOO_SMALL                           298
-# define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
-# define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
-# define SSL_R_RENEGOTIATION_MISMATCH                     337
-# define SSL_R_REQUIRED_CIPHER_MISSING                    215
-# define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING    342
-# define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO                 216
-# define SSL_R_REUSE_CERT_TYPE_NOT_ZERO                   217
-# define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO                 218
-# define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
-# define SSL_R_SERVERHELLO_TLSEXT                         275
-# define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
-# define SSL_R_SHORT_READ                                 219
-# define SSL_R_SIGNATURE_ALGORITHMS_ERROR                 360
-# define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE      220
-# define SSL_R_SRP_A_CALC                                 361
-# define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES           362
-# define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG      363
-# define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE            364
-# define SSL_R_SSL23_DOING_SESSION_ID_REUSE               221
-# define SSL_R_SSL2_CONNECTION_ID_TOO_LONG                299
-# define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT             321
-# define SSL_R_SSL3_EXT_INVALID_SERVERNAME                319
-# define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE           320
-# define SSL_R_SSL3_SESSION_ID_TOO_LONG                   300
-# define SSL_R_SSL3_SESSION_ID_TOO_SHORT                  222
-# define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE                1042
-# define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC                 1020
-# define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED            1045
-# define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED            1044
-# define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN            1046
-# define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE          1030
-# define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE              1040
-# define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER              1047
-# define SSL_R_SSLV3_ALERT_NO_CERTIFICATE                 1041
-# define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE             1010
-# define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE        1043
-# define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION         228
-# define SSL_R_SSL_HANDSHAKE_FAILURE                      229
-# define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS                 230
-# define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED             301
-# define SSL_R_SSL_SESSION_ID_CONFLICT                    302
-# define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG            273
-# define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH              303
-# define SSL_R_SSL_SESSION_ID_IS_DIFFERENT                231
-# define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
-# define SSL_R_TLSV1_ALERT_DECODE_ERROR                   1050
-# define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED              1021
-# define SSL_R_TLSV1_ALERT_DECRYPT_ERROR                  1051
-# define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION             1060
-# define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK         1086
-# define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY          1071
-# define SSL_R_TLSV1_ALERT_INTERNAL_ERROR                 1080
-# define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION               1100
-# define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION               1070
-# define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW                1022
-# define SSL_R_TLSV1_ALERT_UNKNOWN_CA                     1048
-# define SSL_R_TLSV1_ALERT_USER_CANCELLED                 1090
-# define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE           1114
-# define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE      1113
-# define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE             1111
-# define SSL_R_TLSV1_UNRECOGNIZED_NAME                    1112
-# define SSL_R_TLSV1_UNSUPPORTED_EXTENSION                1110
-# define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER       232
-# define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT           365
-# define SSL_R_TLS_HEARTBEAT_PENDING                      366
-# define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL                 367
-# define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST             157
-# define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
-# define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG    234
-# define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER            235
-# define SSL_R_UNABLE_TO_DECODE_DH_CERTS                  236
-# define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS                313
-# define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY               237
-# define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS               238
-# define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS             314
-# define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS       239
-# define SSL_R_UNABLE_TO_FIND_SSL_METHOD                  240
-# define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES           241
-# define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES           242
-# define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES          243
-# define SSL_R_UNEXPECTED_MESSAGE                         244
-# define SSL_R_UNEXPECTED_RECORD                          245
-# define SSL_R_UNINITIALIZED                              276
-# define SSL_R_UNKNOWN_ALERT_TYPE                         246
-# define SSL_R_UNKNOWN_CERTIFICATE_TYPE                   247
-# define SSL_R_UNKNOWN_CIPHER_RETURNED                    248
-# define SSL_R_UNKNOWN_CIPHER_TYPE                        249
-# define SSL_R_UNKNOWN_DIGEST                             368
-# define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
-# define SSL_R_UNKNOWN_PKEY_TYPE                          251
-# define SSL_R_UNKNOWN_PROTOCOL                           252
-# define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE                  253
-# define SSL_R_UNKNOWN_SSL_VERSION                        254
-# define SSL_R_UNKNOWN_STATE                              255
-# define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED       338
-# define SSL_R_UNSUPPORTED_CIPHER                         256
-# define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM          257
-# define SSL_R_UNSUPPORTED_DIGEST_TYPE                    326
-# define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE                 315
-# define SSL_R_UNSUPPORTED_PROTOCOL                       258
-# define SSL_R_UNSUPPORTED_SSL_VERSION                    259
-# define SSL_R_UNSUPPORTED_STATUS_TYPE                    329
-# define SSL_R_USE_SRTP_NOT_NEGOTIATED                    369
-# define SSL_R_WRITE_BIO_NOT_SET                          260
-# define SSL_R_WRONG_CIPHER_RETURNED                      261
-# define SSL_R_WRONG_MESSAGE_TYPE                         262
-# define SSL_R_WRONG_NUMBER_OF_KEY_BITS                   263
-# define SSL_R_WRONG_SIGNATURE_LENGTH                     264
-# define SSL_R_WRONG_SIGNATURE_SIZE                       265
-# define SSL_R_WRONG_SIGNATURE_TYPE                       370
-# define SSL_R_WRONG_SSL_VERSION                          266
-# define SSL_R_WRONG_VERSION_NUMBER                       267
-# define SSL_R_X509_LIB                                   268
-# define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS           269
-
-#ifdef  __cplusplus
-}
-#endif
-#endif

Copied: vendor-crypto/openssl/1.0.1u/ssl/ssl.h (from rev 11605, vendor-crypto/openssl/dist/ssl/ssl.h)
===================================================================
--- vendor-crypto/openssl/1.0.1u/ssl/ssl.h	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/ssl/ssl.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,2771 @@
+/* ssl/ssl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
+
+#ifndef HEADER_SSL_H
+# define HEADER_SSL_H
+
+# include <openssl/e_os2.h>
+
+# ifndef OPENSSL_NO_COMP
+#  include <openssl/comp.h>
+# endif
+# ifndef OPENSSL_NO_BIO
+#  include <openssl/bio.h>
+# endif
+# ifndef OPENSSL_NO_DEPRECATED
+#  ifndef OPENSSL_NO_X509
+#   include <openssl/x509.h>
+#  endif
+#  include <openssl/crypto.h>
+#  include <openssl/lhash.h>
+#  include <openssl/buffer.h>
+# endif
+# include <openssl/pem.h>
+# include <openssl/hmac.h>
+
+# include <openssl/kssl.h>
+# include <openssl/safestack.h>
+# include <openssl/symhacks.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* SSLeay version number for ASN.1 encoding of the session information */
+/*-
+ * Version 0 - initial version
+ * Version 1 - added the optional peer certificate
+ */
+# define SSL_SESSION_ASN1_VERSION 0x0001
+
+/* text strings for the ciphers */
+# define SSL_TXT_NULL_WITH_MD5           SSL2_TXT_NULL_WITH_MD5
+# define SSL_TXT_RC4_128_WITH_MD5        SSL2_TXT_RC4_128_WITH_MD5
+# define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5
+# define SSL_TXT_RC2_128_CBC_WITH_MD5    SSL2_TXT_RC2_128_CBC_WITH_MD5
+# define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5
+# define SSL_TXT_IDEA_128_CBC_WITH_MD5   SSL2_TXT_IDEA_128_CBC_WITH_MD5
+# define SSL_TXT_DES_64_CBC_WITH_MD5     SSL2_TXT_DES_64_CBC_WITH_MD5
+# define SSL_TXT_DES_64_CBC_WITH_SHA     SSL2_TXT_DES_64_CBC_WITH_SHA
+# define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5
+# define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA
+
+/*
+ * VRS Additional Kerberos5 entries
+ */
+# define SSL_TXT_KRB5_DES_64_CBC_SHA   SSL3_TXT_KRB5_DES_64_CBC_SHA
+# define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
+# define SSL_TXT_KRB5_RC4_128_SHA      SSL3_TXT_KRB5_RC4_128_SHA
+# define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA
+# define SSL_TXT_KRB5_DES_64_CBC_MD5   SSL3_TXT_KRB5_DES_64_CBC_MD5
+# define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
+# define SSL_TXT_KRB5_RC4_128_MD5      SSL3_TXT_KRB5_RC4_128_MD5
+# define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5
+
+# define SSL_TXT_KRB5_DES_40_CBC_SHA   SSL3_TXT_KRB5_DES_40_CBC_SHA
+# define SSL_TXT_KRB5_RC2_40_CBC_SHA   SSL3_TXT_KRB5_RC2_40_CBC_SHA
+# define SSL_TXT_KRB5_RC4_40_SHA       SSL3_TXT_KRB5_RC4_40_SHA
+# define SSL_TXT_KRB5_DES_40_CBC_MD5   SSL3_TXT_KRB5_DES_40_CBC_MD5
+# define SSL_TXT_KRB5_RC2_40_CBC_MD5   SSL3_TXT_KRB5_RC2_40_CBC_MD5
+# define SSL_TXT_KRB5_RC4_40_MD5       SSL3_TXT_KRB5_RC4_40_MD5
+
+# define SSL_TXT_KRB5_DES_40_CBC_SHA   SSL3_TXT_KRB5_DES_40_CBC_SHA
+# define SSL_TXT_KRB5_DES_40_CBC_MD5   SSL3_TXT_KRB5_DES_40_CBC_MD5
+# define SSL_TXT_KRB5_DES_64_CBC_SHA   SSL3_TXT_KRB5_DES_64_CBC_SHA
+# define SSL_TXT_KRB5_DES_64_CBC_MD5   SSL3_TXT_KRB5_DES_64_CBC_MD5
+# define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
+# define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
+# define SSL_MAX_KRB5_PRINCIPAL_LENGTH  256
+
+# define SSL_MAX_SSL_SESSION_ID_LENGTH           32
+# define SSL_MAX_SID_CTX_LENGTH                  32
+
+# define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES     (512/8)
+# define SSL_MAX_KEY_ARG_LENGTH                  8
+# define SSL_MAX_MASTER_KEY_LENGTH               48
+
+/* These are used to specify which ciphers to use and not to use */
+
+# define SSL_TXT_EXP40           "EXPORT40"
+# define SSL_TXT_EXP56           "EXPORT56"
+# define SSL_TXT_LOW             "LOW"
+# define SSL_TXT_MEDIUM          "MEDIUM"
+# define SSL_TXT_HIGH            "HIGH"
+# define SSL_TXT_FIPS            "FIPS"
+
+# define SSL_TXT_kFZA            "kFZA"/* unused! */
+# define SSL_TXT_aFZA            "aFZA"/* unused! */
+# define SSL_TXT_eFZA            "eFZA"/* unused! */
+# define SSL_TXT_FZA             "FZA"/* unused! */
+
+# define SSL_TXT_aNULL           "aNULL"
+# define SSL_TXT_eNULL           "eNULL"
+# define SSL_TXT_NULL            "NULL"
+
+# define SSL_TXT_kRSA            "kRSA"
+# define SSL_TXT_kDHr            "kDHr"/* no such ciphersuites supported! */
+# define SSL_TXT_kDHd            "kDHd"/* no such ciphersuites supported! */
+# define SSL_TXT_kDH             "kDH"/* no such ciphersuites supported! */
+# define SSL_TXT_kEDH            "kEDH"
+# define SSL_TXT_kKRB5           "kKRB5"
+# define SSL_TXT_kECDHr          "kECDHr"
+# define SSL_TXT_kECDHe          "kECDHe"
+# define SSL_TXT_kECDH           "kECDH"
+# define SSL_TXT_kEECDH          "kEECDH"
+# define SSL_TXT_kPSK            "kPSK"
+# define SSL_TXT_kGOST           "kGOST"
+# define SSL_TXT_kSRP            "kSRP"
+
+# define SSL_TXT_aRSA            "aRSA"
+# define SSL_TXT_aDSS            "aDSS"
+# define SSL_TXT_aDH             "aDH"/* no such ciphersuites supported! */
+# define SSL_TXT_aECDH           "aECDH"
+# define SSL_TXT_aKRB5           "aKRB5"
+# define SSL_TXT_aECDSA          "aECDSA"
+# define SSL_TXT_aPSK            "aPSK"
+# define SSL_TXT_aGOST94 "aGOST94"
+# define SSL_TXT_aGOST01 "aGOST01"
+# define SSL_TXT_aGOST  "aGOST"
+# define SSL_TXT_aSRP            "aSRP"
+
+# define SSL_TXT_DSS             "DSS"
+# define SSL_TXT_DH              "DH"
+# define SSL_TXT_EDH             "EDH"/* same as "kEDH:-ADH" */
+# define SSL_TXT_ADH             "ADH"
+# define SSL_TXT_RSA             "RSA"
+# define SSL_TXT_ECDH            "ECDH"
+# define SSL_TXT_EECDH           "EECDH"/* same as "kEECDH:-AECDH" */
+# define SSL_TXT_AECDH           "AECDH"
+# define SSL_TXT_ECDSA           "ECDSA"
+# define SSL_TXT_KRB5            "KRB5"
+# define SSL_TXT_PSK             "PSK"
+# define SSL_TXT_SRP             "SRP"
+
+# define SSL_TXT_DES             "DES"
+# define SSL_TXT_3DES            "3DES"
+# define SSL_TXT_RC4             "RC4"
+# define SSL_TXT_RC2             "RC2"
+# define SSL_TXT_IDEA            "IDEA"
+# define SSL_TXT_SEED            "SEED"
+# define SSL_TXT_AES128          "AES128"
+# define SSL_TXT_AES256          "AES256"
+# define SSL_TXT_AES             "AES"
+# define SSL_TXT_AES_GCM         "AESGCM"
+# define SSL_TXT_CAMELLIA128     "CAMELLIA128"
+# define SSL_TXT_CAMELLIA256     "CAMELLIA256"
+# define SSL_TXT_CAMELLIA        "CAMELLIA"
+
+# define SSL_TXT_MD5             "MD5"
+# define SSL_TXT_SHA1            "SHA1"
+# define SSL_TXT_SHA             "SHA"/* same as "SHA1" */
+# define SSL_TXT_GOST94          "GOST94"
+# define SSL_TXT_GOST89MAC               "GOST89MAC"
+# define SSL_TXT_SHA256          "SHA256"
+# define SSL_TXT_SHA384          "SHA384"
+
+# define SSL_TXT_SSLV2           "SSLv2"
+# define SSL_TXT_SSLV3           "SSLv3"
+# define SSL_TXT_TLSV1           "TLSv1"
+# define SSL_TXT_TLSV1_1         "TLSv1.1"
+# define SSL_TXT_TLSV1_2         "TLSv1.2"
+
+# define SSL_TXT_EXP             "EXP"
+# define SSL_TXT_EXPORT          "EXPORT"
+
+# define SSL_TXT_ALL             "ALL"
+
+/*-
+ * COMPLEMENTOF* definitions. These identifiers are used to (de-select)
+ * ciphers normally not being used.
+ * Example: "RC4" will activate all ciphers using RC4 including ciphers
+ * without authentication, which would normally disabled by DEFAULT (due
+ * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT"
+ * will make sure that it is also disabled in the specific selection.
+ * COMPLEMENTOF* identifiers are portable between version, as adjustments
+ * to the default cipher setup will also be included here.
+ *
+ * COMPLEMENTOFDEFAULT does not experience the same special treatment that
+ * DEFAULT gets, as only selection is being done and no sorting as needed
+ * for DEFAULT.
+ */
+# define SSL_TXT_CMPALL          "COMPLEMENTOFALL"
+# define SSL_TXT_CMPDEF          "COMPLEMENTOFDEFAULT"
+
+/*
+ * The following cipher list is used by default. It also is substituted when
+ * an application-defined cipher list string starts with 'DEFAULT'.
+ */
+# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2"
+/*
+ * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
+ * starts with a reasonable order, and all we have to do for DEFAULT is
+ * throwing out anonymous and unencrypted ciphersuites! (The latter are not
+ * actually enabled by ALL, but "ALL:RSA" would enable some of them.)
+ */
+
+/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
+# define SSL_SENT_SHUTDOWN       1
+# define SSL_RECEIVED_SHUTDOWN   2
+
+#ifdef __cplusplus
+}
+#endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2)
+#  define OPENSSL_NO_SSL2
+# endif
+
+# define SSL_FILETYPE_ASN1       X509_FILETYPE_ASN1
+# define SSL_FILETYPE_PEM        X509_FILETYPE_PEM
+
+/*
+ * This is needed to stop compilers complaining about the 'struct ssl_st *'
+ * function parameters used to prototype callbacks in SSL_CTX.
+ */
+typedef struct ssl_st *ssl_crock_st;
+typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
+typedef struct ssl_method_st SSL_METHOD;
+typedef struct ssl_cipher_st SSL_CIPHER;
+typedef struct ssl_session_st SSL_SESSION;
+
+DECLARE_STACK_OF(SSL_CIPHER)
+
+/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/
+typedef struct srtp_protection_profile_st {
+    const char *name;
+    unsigned long id;
+} SRTP_PROTECTION_PROFILE;
+
+DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE)
+
+typedef int (*tls_session_ticket_ext_cb_fn) (SSL *s,
+                                             const unsigned char *data,
+                                             int len, void *arg);
+typedef int (*tls_session_secret_cb_fn) (SSL *s, void *secret,
+                                         int *secret_len,
+                                         STACK_OF(SSL_CIPHER) *peer_ciphers,
+                                         SSL_CIPHER **cipher, void *arg);
+
+# ifndef OPENSSL_NO_SSL_INTERN
+
+/* used to hold info on the particular ciphers used */
+struct ssl_cipher_st {
+    int valid;
+    const char *name;           /* text name */
+    unsigned long id;           /* id, 4 bytes, first is version */
+    /*
+     * changed in 0.9.9: these four used to be portions of a single value
+     * 'algorithms'
+     */
+    unsigned long algorithm_mkey; /* key exchange algorithm */
+    unsigned long algorithm_auth; /* server authentication */
+    unsigned long algorithm_enc; /* symmetric encryption */
+    unsigned long algorithm_mac; /* symmetric authentication */
+    unsigned long algorithm_ssl; /* (major) protocol version */
+    unsigned long algo_strength; /* strength and export flags */
+    unsigned long algorithm2;   /* Extra flags */
+    int strength_bits;          /* Number of bits really used */
+    int alg_bits;               /* Number of bits for algorithm */
+};
+
+/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
+struct ssl_method_st {
+    int version;
+    int (*ssl_new) (SSL *s);
+    void (*ssl_clear) (SSL *s);
+    void (*ssl_free) (SSL *s);
+    int (*ssl_accept) (SSL *s);
+    int (*ssl_connect) (SSL *s);
+    int (*ssl_read) (SSL *s, void *buf, int len);
+    int (*ssl_peek) (SSL *s, void *buf, int len);
+    int (*ssl_write) (SSL *s, const void *buf, int len);
+    int (*ssl_shutdown) (SSL *s);
+    int (*ssl_renegotiate) (SSL *s);
+    int (*ssl_renegotiate_check) (SSL *s);
+    long (*ssl_get_message) (SSL *s, int st1, int stn, int mt, long
+                             max, int *ok);
+    int (*ssl_read_bytes) (SSL *s, int type, unsigned char *buf, int len,
+                           int peek);
+    int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, int len);
+    int (*ssl_dispatch_alert) (SSL *s);
+    long (*ssl_ctrl) (SSL *s, int cmd, long larg, void *parg);
+    long (*ssl_ctx_ctrl) (SSL_CTX *ctx, int cmd, long larg, void *parg);
+    const SSL_CIPHER *(*get_cipher_by_char) (const unsigned char *ptr);
+    int (*put_cipher_by_char) (const SSL_CIPHER *cipher, unsigned char *ptr);
+    int (*ssl_pending) (const SSL *s);
+    int (*num_ciphers) (void);
+    const SSL_CIPHER *(*get_cipher) (unsigned ncipher);
+    const struct ssl_method_st *(*get_ssl_method) (int version);
+    long (*get_timeout) (void);
+    struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
+    int (*ssl_version) (void);
+    long (*ssl_callback_ctrl) (SSL *s, int cb_id, void (*fp) (void));
+    long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void));
+};
+
+/*-
+ * Lets make this into an ASN.1 type structure as follows
+ * SSL_SESSION_ID ::= SEQUENCE {
+ *      version                 INTEGER,        -- structure version number
+ *      SSLversion              INTEGER,        -- SSL version number
+ *      Cipher                  OCTET STRING,   -- the 3 byte cipher ID
+ *      Session_ID              OCTET STRING,   -- the Session ID
+ *      Master_key              OCTET STRING,   -- the master key
+ *      KRB5_principal          OCTET STRING    -- optional Kerberos principal
+ *      Key_Arg [ 0 ] IMPLICIT  OCTET STRING,   -- the optional Key argument
+ *      Time [ 1 ] EXPLICIT     INTEGER,        -- optional Start Time
+ *      Timeout [ 2 ] EXPLICIT  INTEGER,        -- optional Timeout ins seconds
+ *      Peer [ 3 ] EXPLICIT     X509,           -- optional Peer Certificate
+ *      Session_ID_context [ 4 ] EXPLICIT OCTET STRING,   -- the Session ID context
+ *      Verify_result [ 5 ] EXPLICIT INTEGER,   -- X509_V_... code for `Peer'
+ *      HostName [ 6 ] EXPLICIT OCTET STRING,   -- optional HostName from servername TLS extension
+ *      PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
+ *      PSK_identity [ 8 ] EXPLICIT OCTET STRING,  -- optional PSK identity
+ *      Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket
+ *      Ticket [10]             EXPLICIT OCTET STRING, -- session ticket (clients only)
+ *      Compression_meth [11]   EXPLICIT OCTET STRING, -- optional compression method
+ *      SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username
+ *      }
+ * Look in ssl/ssl_asn1.c for more details
+ * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
+ */
+struct ssl_session_st {
+    int ssl_version;            /* what ssl version session info is being
+                                 * kept in here? */
+    /* only really used in SSLv2 */
+    unsigned int key_arg_length;
+    unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH];
+    int master_key_length;
+    unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
+    /* session_id - valid? */
+    unsigned int session_id_length;
+    unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
+    /*
+     * this is used to determine whether the session is being reused in the
+     * appropriate context. It is up to the application to set this, via
+     * SSL_new
+     */
+    unsigned int sid_ctx_length;
+    unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+#  ifndef OPENSSL_NO_KRB5
+    unsigned int krb5_client_princ_len;
+    unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
+#  endif                        /* OPENSSL_NO_KRB5 */
+#  ifndef OPENSSL_NO_PSK
+    char *psk_identity_hint;
+    char *psk_identity;
+#  endif
+    /*
+     * Used to indicate that session resumption is not allowed. Applications
+     * can also set this bit for a new session via not_resumable_session_cb
+     * to disable session caching and tickets.
+     */
+    int not_resumable;
+    /* The cert is the certificate used to establish this connection */
+    struct sess_cert_st /* SESS_CERT */ *sess_cert;
+    /*
+     * This is the cert for the other end. On clients, it will be the same as
+     * sess_cert->peer_key->x509 (the latter is not enough as sess_cert is
+     * not retained in the external representation of sessions, see
+     * ssl_asn1.c).
+     */
+    X509 *peer;
+    /*
+     * when app_verify_callback accepts a session where the peer's
+     * certificate is not ok, we must remember the error for session reuse:
+     */
+    long verify_result;         /* only for servers */
+    int references;
+    long timeout;
+    long time;
+    unsigned int compress_meth; /* Need to lookup the method */
+    const SSL_CIPHER *cipher;
+    unsigned long cipher_id;    /* when ASN.1 loaded, this needs to be used
+                                 * to load the 'cipher' structure */
+    STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
+    CRYPTO_EX_DATA ex_data;     /* application specific data */
+    /*
+     * These are used to make removal of session-ids more efficient and to
+     * implement a maximum cache size.
+     */
+    struct ssl_session_st *prev, *next;
+#  ifndef OPENSSL_NO_TLSEXT
+    char *tlsext_hostname;
+#   ifndef OPENSSL_NO_EC
+    size_t tlsext_ecpointformatlist_length;
+    unsigned char *tlsext_ecpointformatlist; /* peer's list */
+    size_t tlsext_ellipticcurvelist_length;
+    unsigned char *tlsext_ellipticcurvelist; /* peer's list */
+#   endif                       /* OPENSSL_NO_EC */
+    /* RFC4507 info */
+    unsigned char *tlsext_tick; /* Session ticket */
+    size_t tlsext_ticklen;      /* Session ticket length */
+    long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
+#  endif
+#  ifndef OPENSSL_NO_SRP
+    char *srp_username;
+#  endif
+};
+
+# endif
+
+# define SSL_OP_MICROSOFT_SESS_ID_BUG                    0x00000001L
+# define SSL_OP_NETSCAPE_CHALLENGE_BUG                   0x00000002L
+/* Allow initial connection to servers that don't support RI */
+# define SSL_OP_LEGACY_SERVER_CONNECT                    0x00000004L
+# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG         0x00000008L
+# define SSL_OP_TLSEXT_PADDING                           0x00000010L
+# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER               0x00000020L
+# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG                   0x00000040L
+# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                 0x00000080L
+# define SSL_OP_TLS_D5_BUG                               0x00000100L
+# define SSL_OP_TLS_BLOCK_PADDING_BUG                    0x00000200L
+
+/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */
+# define SSL_OP_MSIE_SSLV2_RSA_PADDING                   0x0
+/* Refers to ancient SSLREF and SSLv2, retained for compatibility */
+# define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG              0x0
+
+/*
+ * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added in
+ * OpenSSL 0.9.6d.  Usually (depending on the application protocol) the
+ * workaround is not needed.  Unfortunately some broken SSL/TLS
+ * implementations cannot handle it at all, which is why we include it in
+ * SSL_OP_ALL.
+ */
+/* added in 0.9.6e */
+# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS              0x00000800L
+
+/*
+ * SSL_OP_ALL: various bug workarounds that should be rather harmless.  This
+ * used to be 0x000FFFFFL before 0.9.7.
+ */
+# define SSL_OP_ALL                                      0x80000BFFL
+
+/* DTLS options */
+# define SSL_OP_NO_QUERY_MTU                 0x00001000L
+/* Turn on Cookie Exchange (on relevant for servers) */
+# define SSL_OP_COOKIE_EXCHANGE              0x00002000L
+/* Don't use RFC4507 ticket extension */
+# define SSL_OP_NO_TICKET                    0x00004000L
+/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client)  */
+# define SSL_OP_CISCO_ANYCONNECT             0x00008000L
+
+/* As server, disallow session resumption on renegotiation */
+# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION   0x00010000L
+/* Don't use compression even if supported */
+# define SSL_OP_NO_COMPRESSION                           0x00020000L
+/* Permit unsafe legacy renegotiation */
+# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION        0x00040000L
+/* If set, always create a new key when using tmp_ecdh parameters */
+# define SSL_OP_SINGLE_ECDH_USE                          0x00080000L
+/* Does nothing: retained for compatibility */
+# define SSL_OP_SINGLE_DH_USE                            0x00100000L
+/* Does nothing: retained for compatibiity */
+# define SSL_OP_EPHEMERAL_RSA                            0x0
+/*
+ * Set on servers to choose the cipher according to the server's preferences
+ */
+# define SSL_OP_CIPHER_SERVER_PREFERENCE                 0x00400000L
+/*
+ * If set, a server will allow a client to issue a SSLv3.0 version number as
+ * latest version supported in the premaster secret, even when TLSv1.0
+ * (version 3.1) was announced in the client hello. Normally this is
+ * forbidden to prevent version rollback attacks.
+ */
+# define SSL_OP_TLS_ROLLBACK_BUG                         0x00800000L
+
+# define SSL_OP_NO_SSLv2                                 0x01000000L
+# define SSL_OP_NO_SSLv3                                 0x02000000L
+# define SSL_OP_NO_TLSv1                                 0x04000000L
+# define SSL_OP_NO_TLSv1_2                               0x08000000L
+# define SSL_OP_NO_TLSv1_1                               0x10000000L
+
+/*
+ * These next two were never actually used for anything since SSLeay zap so
+ * we have some more flags.
+ */
+/*
+ * The next flag deliberately changes the ciphertest, this is a check for the
+ * PKCS#1 attack
+ */
+# define SSL_OP_PKCS1_CHECK_1                            0x0
+# define SSL_OP_PKCS1_CHECK_2                            0x0
+
+# define SSL_OP_NETSCAPE_CA_DN_BUG                       0x20000000L
+# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG          0x40000000L
+/*
+ * Make server add server-hello extension from early version of cryptopro
+ * draft, when GOST ciphersuite is negotiated. Required for interoperability
+ * with CryptoPro CSP 3.x
+ */
+# define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     0x80000000L
+
+/*
+ * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
+ * when just a single record has been written):
+ */
+# define SSL_MODE_ENABLE_PARTIAL_WRITE       0x00000001L
+/*
+ * Make it possible to retry SSL_write() with changed buffer location (buffer
+ * contents must stay the same!); this is not the default to avoid the
+ * misconception that non-blocking SSL_write() behaves like non-blocking
+ * write():
+ */
+# define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
+/*
+ * Never bother the application with retries if the transport is blocking:
+ */
+# define SSL_MODE_AUTO_RETRY 0x00000004L
+/* Don't attempt to automatically build certificate chain */
+# define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
+/*
+ * Save RAM by releasing read and write buffers when they're empty. (SSL3 and
+ * TLS only.) "Released" buffers are put onto a free-list in the context or
+ * just freed (depending on the context's setting for freelist_max_len).
+ */
+# define SSL_MODE_RELEASE_BUFFERS 0x00000010L
+/*
+ * Send the current time in the Random fields of the ClientHello and
+ * ServerHello records for compatibility with hypothetical implementations
+ * that require it.
+ */
+# define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L
+# define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L
+/*
+ * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications
+ * that reconnect with a downgraded protocol version; see
+ * draft-ietf-tls-downgrade-scsv-00 for details. DO NOT ENABLE THIS if your
+ * application attempts a normal handshake. Only use this in explicit
+ * fallback retries, following the guidance in
+ * draft-ietf-tls-downgrade-scsv-00.
+ */
+# define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L
+
+/*
+ * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they
+ * cannot be used to clear bits.
+ */
+
+# define SSL_CTX_set_options(ctx,op) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
+# define SSL_CTX_clear_options(ctx,op) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
+# define SSL_CTX_get_options(ctx) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)
+# define SSL_set_options(ssl,op) \
+        SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)
+# define SSL_clear_options(ssl,op) \
+        SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
+# define SSL_get_options(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)
+
+# define SSL_CTX_set_mode(ctx,op) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
+# define SSL_CTX_clear_mode(ctx,op) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL)
+# define SSL_CTX_get_mode(ctx) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
+# define SSL_clear_mode(ssl,op) \
+        SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL)
+# define SSL_set_mode(ssl,op) \
+        SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
+# define SSL_get_mode(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
+# define SSL_set_mtu(ssl, mtu) \
+        SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
+# define DTLS_set_link_mtu(ssl, mtu) \
+        SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL)
+# define DTLS_get_link_min_mtu(ssl) \
+        SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL)
+
+# define SSL_get_secure_renegotiation_support(ssl) \
+        SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
+
+# ifndef OPENSSL_NO_HEARTBEATS
+#  define SSL_heartbeat(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_TLS_EXT_SEND_HEARTBEAT,0,NULL)
+# endif
+
+void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
+                              void (*cb) (int write_p, int version,
+                                          int content_type, const void *buf,
+                                          size_t len, SSL *ssl, void *arg));
+void SSL_set_msg_callback(SSL *ssl,
+                          void (*cb) (int write_p, int version,
+                                      int content_type, const void *buf,
+                                      size_t len, SSL *ssl, void *arg));
+# define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
+# define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
+
+# ifndef OPENSSL_NO_SRP
+
+#  ifndef OPENSSL_NO_SSL_INTERN
+
+typedef struct srp_ctx_st {
+    /* param for all the callbacks */
+    void *SRP_cb_arg;
+    /* set client Hello login callback */
+    int (*TLS_ext_srp_username_callback) (SSL *, int *, void *);
+    /* set SRP N/g param callback for verification */
+    int (*SRP_verify_param_callback) (SSL *, void *);
+    /* set SRP client passwd callback */
+    char *(*SRP_give_srp_client_pwd_callback) (SSL *, void *);
+    char *login;
+    BIGNUM *N, *g, *s, *B, *A;
+    BIGNUM *a, *b, *v;
+    char *info;
+    int strength;
+    unsigned long srp_Mask;
+} SRP_CTX;
+
+#  endif
+
+/* see tls_srp.c */
+int SSL_SRP_CTX_init(SSL *s);
+int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx);
+int SSL_SRP_CTX_free(SSL *ctx);
+int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx);
+int SSL_srp_server_param_with_username(SSL *s, int *ad);
+int SRP_generate_server_master_secret(SSL *s, unsigned char *master_key);
+int SRP_Calc_A_param(SSL *s);
+int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key);
+
+# endif
+
+# if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
+#  define SSL_MAX_CERT_LIST_DEFAULT 1024*30
+                                          /* 30k max cert list :-) */
+# else
+#  define SSL_MAX_CERT_LIST_DEFAULT 1024*100
+                                           /* 100k max cert list :-) */
+# endif
+
+# define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT      (1024*20)
+
+/*
+ * This callback type is used inside SSL_CTX, SSL, and in the functions that
+ * set them. It is used to override the generation of SSL/TLS session IDs in
+ * a server. Return value should be zero on an error, non-zero to proceed.
+ * Also, callbacks should themselves check if the id they generate is unique
+ * otherwise the SSL handshake will fail with an error - callbacks can do
+ * this using the 'ssl' value they're passed by;
+ * SSL_has_matching_session_id(ssl, id, *id_len) The length value passed in
+ * is set at the maximum size the session ID can be. In SSLv2 this is 16
+ * bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback can alter this
+ * length to be less if desired, but under SSLv2 session IDs are supposed to
+ * be fixed at 16 bytes so the id will be padded after the callback returns
+ * in this case. It is also an error for the callback to set the size to
+ * zero.
+ */
+typedef int (*GEN_SESSION_CB) (const SSL *ssl, unsigned char *id,
+                               unsigned int *id_len);
+
+typedef struct ssl_comp_st SSL_COMP;
+
+# ifndef OPENSSL_NO_SSL_INTERN
+
+struct ssl_comp_st {
+    int id;
+    const char *name;
+#  ifndef OPENSSL_NO_COMP
+    COMP_METHOD *method;
+#  else
+    char *method;
+#  endif
+};
+
+DECLARE_STACK_OF(SSL_COMP)
+DECLARE_LHASH_OF(SSL_SESSION);
+
+struct ssl_ctx_st {
+    const SSL_METHOD *method;
+    STACK_OF(SSL_CIPHER) *cipher_list;
+    /* same as above but sorted for lookup */
+    STACK_OF(SSL_CIPHER) *cipher_list_by_id;
+    struct x509_store_st /* X509_STORE */ *cert_store;
+    LHASH_OF(SSL_SESSION) *sessions;
+    /*
+     * Most session-ids that will be cached, default is
+     * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited.
+     */
+    unsigned long session_cache_size;
+    struct ssl_session_st *session_cache_head;
+    struct ssl_session_st *session_cache_tail;
+    /*
+     * This can have one of 2 values, ored together, SSL_SESS_CACHE_CLIENT,
+     * SSL_SESS_CACHE_SERVER, Default is SSL_SESSION_CACHE_SERVER, which
+     * means only SSL_accept which cache SSL_SESSIONS.
+     */
+    int session_cache_mode;
+    /*
+     * If timeout is not 0, it is the default timeout value set when
+     * SSL_new() is called.  This has been put in to make life easier to set
+     * things up
+     */
+    long session_timeout;
+    /*
+     * If this callback is not null, it will be called each time a session id
+     * is added to the cache.  If this function returns 1, it means that the
+     * callback will do a SSL_SESSION_free() when it has finished using it.
+     * Otherwise, on 0, it means the callback has finished with it. If
+     * remove_session_cb is not null, it will be called when a session-id is
+     * removed from the cache.  After the call, OpenSSL will
+     * SSL_SESSION_free() it.
+     */
+    int (*new_session_cb) (struct ssl_st *ssl, SSL_SESSION *sess);
+    void (*remove_session_cb) (struct ssl_ctx_st *ctx, SSL_SESSION *sess);
+    SSL_SESSION *(*get_session_cb) (struct ssl_st *ssl,
+                                    unsigned char *data, int len, int *copy);
+    struct {
+        int sess_connect;       /* SSL new conn - started */
+        int sess_connect_renegotiate; /* SSL reneg - requested */
+        int sess_connect_good;  /* SSL new conne/reneg - finished */
+        int sess_accept;        /* SSL new accept - started */
+        int sess_accept_renegotiate; /* SSL reneg - requested */
+        int sess_accept_good;   /* SSL accept/reneg - finished */
+        int sess_miss;          /* session lookup misses */
+        int sess_timeout;       /* reuse attempt on timeouted session */
+        int sess_cache_full;    /* session removed due to full cache */
+        int sess_hit;           /* session reuse actually done */
+        int sess_cb_hit;        /* session-id that was not in the cache was
+                                 * passed back via the callback.  This
+                                 * indicates that the application is
+                                 * supplying session-id's from other
+                                 * processes - spooky :-) */
+    } stats;
+
+    int references;
+
+    /* if defined, these override the X509_verify_cert() calls */
+    int (*app_verify_callback) (X509_STORE_CTX *, void *);
+    void *app_verify_arg;
+    /*
+     * before OpenSSL 0.9.7, 'app_verify_arg' was ignored
+     * ('app_verify_callback' was called with just one argument)
+     */
+
+    /* Default password callback. */
+    pem_password_cb *default_passwd_callback;
+
+    /* Default password callback user data. */
+    void *default_passwd_callback_userdata;
+
+    /* get client cert callback */
+    int (*client_cert_cb) (SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+
+    /* cookie generate callback */
+    int (*app_gen_cookie_cb) (SSL *ssl, unsigned char *cookie,
+                              unsigned int *cookie_len);
+
+    /* verify cookie callback */
+    int (*app_verify_cookie_cb) (SSL *ssl, unsigned char *cookie,
+                                 unsigned int cookie_len);
+
+    CRYPTO_EX_DATA ex_data;
+
+    const EVP_MD *rsa_md5;      /* For SSLv2 - name is 'ssl2-md5' */
+    const EVP_MD *md5;          /* For SSLv3/TLSv1 'ssl3-md5' */
+    const EVP_MD *sha1;         /* For SSLv3/TLSv1 'ssl3->sha1' */
+
+    STACK_OF(X509) *extra_certs;
+    STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
+
+    /* Default values used when no per-SSL value is defined follow */
+
+    /* used if SSL's info_callback is NULL */
+    void (*info_callback) (const SSL *ssl, int type, int val);
+
+    /* what we put in client cert requests */
+    STACK_OF(X509_NAME) *client_CA;
+
+    /*
+     * Default values to use in SSL structures follow (these are copied by
+     * SSL_new)
+     */
+
+    unsigned long options;
+    unsigned long mode;
+    long max_cert_list;
+
+    struct cert_st /* CERT */ *cert;
+    int read_ahead;
+
+    /* callback that allows applications to peek at protocol messages */
+    void (*msg_callback) (int write_p, int version, int content_type,
+                          const void *buf, size_t len, SSL *ssl, void *arg);
+    void *msg_callback_arg;
+
+    int verify_mode;
+    unsigned int sid_ctx_length;
+    unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+    /* called 'verify_callback' in the SSL */
+    int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx);
+
+    /* Default generate session ID callback. */
+    GEN_SESSION_CB generate_session_id;
+
+    X509_VERIFY_PARAM *param;
+
+#  if 0
+    int purpose;                /* Purpose setting */
+    int trust;                  /* Trust setting */
+#  endif
+
+    int quiet_shutdown;
+
+    /*
+     * Maximum amount of data to send in one fragment. actual record size can
+     * be more than this due to padding and MAC overheads.
+     */
+    unsigned int max_send_fragment;
+
+#  ifndef OPENSSL_NO_ENGINE
+    /*
+     * Engine to pass requests for client certs to
+     */
+    ENGINE *client_cert_engine;
+#  endif
+
+#  ifndef OPENSSL_NO_TLSEXT
+    /* TLS extensions servername callback */
+    int (*tlsext_servername_callback) (SSL *, int *, void *);
+    void *tlsext_servername_arg;
+    /* RFC 4507 session ticket keys */
+    unsigned char tlsext_tick_key_name[16];
+    unsigned char tlsext_tick_hmac_key[16];
+    unsigned char tlsext_tick_aes_key[16];
+    /* Callback to support customisation of ticket key setting */
+    int (*tlsext_ticket_key_cb) (SSL *ssl,
+                                 unsigned char *name, unsigned char *iv,
+                                 EVP_CIPHER_CTX *ectx,
+                                 HMAC_CTX *hctx, int enc);
+
+    /* certificate status request info */
+    /* Callback for status request */
+    int (*tlsext_status_cb) (SSL *ssl, void *arg);
+    void *tlsext_status_arg;
+
+    /* draft-rescorla-tls-opaque-prf-input-00.txt information */
+    int (*tlsext_opaque_prf_input_callback) (SSL *, void *peerinput,
+                                             size_t len, void *arg);
+    void *tlsext_opaque_prf_input_callback_arg;
+#  endif
+
+#  ifndef OPENSSL_NO_PSK
+    char *psk_identity_hint;
+    unsigned int (*psk_client_callback) (SSL *ssl, const char *hint,
+                                         char *identity,
+                                         unsigned int max_identity_len,
+                                         unsigned char *psk,
+                                         unsigned int max_psk_len);
+    unsigned int (*psk_server_callback) (SSL *ssl, const char *identity,
+                                         unsigned char *psk,
+                                         unsigned int max_psk_len);
+#  endif
+
+#  ifndef OPENSSL_NO_BUF_FREELISTS
+#   define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32
+    unsigned int freelist_max_len;
+    struct ssl3_buf_freelist_st *wbuf_freelist;
+    struct ssl3_buf_freelist_st *rbuf_freelist;
+#  endif
+#  ifndef OPENSSL_NO_SRP
+    SRP_CTX srp_ctx;            /* ctx for SRP authentication */
+#  endif
+
+#  ifndef OPENSSL_NO_TLSEXT
+
+#   ifndef OPENSSL_NO_NEXTPROTONEG
+    /* Next protocol negotiation information */
+    /* (for experimental NPN extension). */
+
+    /*
+     * For a server, this contains a callback function by which the set of
+     * advertised protocols can be provided.
+     */
+    int (*next_protos_advertised_cb) (SSL *s, const unsigned char **buf,
+                                      unsigned int *len, void *arg);
+    void *next_protos_advertised_cb_arg;
+    /*
+     * For a client, this contains a callback function that selects the next
+     * protocol from the list provided by the server.
+     */
+    int (*next_proto_select_cb) (SSL *s, unsigned char **out,
+                                 unsigned char *outlen,
+                                 const unsigned char *in,
+                                 unsigned int inlen, void *arg);
+    void *next_proto_select_cb_arg;
+#   endif
+    /* SRTP profiles we are willing to do from RFC 5764 */
+    STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
+#  endif
+};
+
+# endif
+
+# define SSL_SESS_CACHE_OFF                      0x0000
+# define SSL_SESS_CACHE_CLIENT                   0x0001
+# define SSL_SESS_CACHE_SERVER                   0x0002
+# define SSL_SESS_CACHE_BOTH     (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
+# define SSL_SESS_CACHE_NO_AUTO_CLEAR            0x0080
+/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
+# define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP       0x0100
+# define SSL_SESS_CACHE_NO_INTERNAL_STORE        0x0200
+# define SSL_SESS_CACHE_NO_INTERNAL \
+        (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
+
+LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx);
+# define SSL_CTX_sess_number(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
+# define SSL_CTX_sess_connect(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
+# define SSL_CTX_sess_connect_good(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
+# define SSL_CTX_sess_connect_renegotiate(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
+# define SSL_CTX_sess_accept(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
+# define SSL_CTX_sess_accept_renegotiate(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
+# define SSL_CTX_sess_accept_good(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
+# define SSL_CTX_sess_hits(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
+# define SSL_CTX_sess_cb_hits(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
+# define SSL_CTX_sess_misses(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
+# define SSL_CTX_sess_timeouts(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
+# define SSL_CTX_sess_cache_full(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
+
+void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
+                             int (*new_session_cb) (struct ssl_st *ssl,
+                                                    SSL_SESSION *sess));
+int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (struct ssl_st *ssl,
+                                              SSL_SESSION *sess);
+void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
+                                void (*remove_session_cb) (struct ssl_ctx_st
+                                                           *ctx,
+                                                           SSL_SESSION
+                                                           *sess));
+void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (struct ssl_ctx_st *ctx,
+                                                  SSL_SESSION *sess);
+void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
+                             SSL_SESSION *(*get_session_cb) (struct ssl_st
+                                                             *ssl,
+                                                             unsigned char
+                                                             *data, int len,
+                                                             int *copy));
+SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (struct ssl_st *ssl,
+                                                       unsigned char *Data,
+                                                       int len, int *copy);
+void SSL_CTX_set_info_callback(SSL_CTX *ctx,
+                               void (*cb) (const SSL *ssl, int type,
+                                           int val));
+void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type,
+                                                 int val);
+void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
+                                int (*client_cert_cb) (SSL *ssl, X509 **x509,
+                                                       EVP_PKEY **pkey));
+int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509,
+                                                 EVP_PKEY **pkey);
+# ifndef OPENSSL_NO_ENGINE
+int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
+# endif
+void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
+                                    int (*app_gen_cookie_cb) (SSL *ssl,
+                                                              unsigned char
+                                                              *cookie,
+                                                              unsigned int
+                                                              *cookie_len));
+void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
+                                  int (*app_verify_cookie_cb) (SSL *ssl,
+                                                               unsigned char
+                                                               *cookie,
+                                                               unsigned int
+                                                               cookie_len));
+# ifndef OPENSSL_NO_NEXTPROTONEG
+void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,
+                                           int (*cb) (SSL *ssl,
+                                                      const unsigned char
+                                                      **out,
+                                                      unsigned int *outlen,
+                                                      void *arg), void *arg);
+void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
+                                      int (*cb) (SSL *ssl,
+                                                 unsigned char **out,
+                                                 unsigned char *outlen,
+                                                 const unsigned char *in,
+                                                 unsigned int inlen,
+                                                 void *arg), void *arg);
+
+int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
+                          const unsigned char *in, unsigned int inlen,
+                          const unsigned char *client,
+                          unsigned int client_len);
+void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
+                                    unsigned *len);
+
+#  define OPENSSL_NPN_UNSUPPORTED 0
+#  define OPENSSL_NPN_NEGOTIATED  1
+#  define OPENSSL_NPN_NO_OVERLAP  2
+# endif
+
+# ifndef OPENSSL_NO_PSK
+/*
+ * the maximum length of the buffer given to callbacks containing the
+ * resulting identity/psk
+ */
+#  define PSK_MAX_IDENTITY_LEN 128
+#  define PSK_MAX_PSK_LEN 256
+void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
+                                     unsigned int (*psk_client_callback) (SSL
+                                                                          *ssl,
+                                                                          const
+                                                                          char
+                                                                          *hint,
+                                                                          char
+                                                                          *identity,
+                                                                          unsigned
+                                                                          int
+                                                                          max_identity_len,
+                                                                          unsigned
+                                                                          char
+                                                                          *psk,
+                                                                          unsigned
+                                                                          int
+                                                                          max_psk_len));
+void SSL_set_psk_client_callback(SSL *ssl,
+                                 unsigned int (*psk_client_callback) (SSL
+                                                                      *ssl,
+                                                                      const
+                                                                      char
+                                                                      *hint,
+                                                                      char
+                                                                      *identity,
+                                                                      unsigned
+                                                                      int
+                                                                      max_identity_len,
+                                                                      unsigned
+                                                                      char
+                                                                      *psk,
+                                                                      unsigned
+                                                                      int
+                                                                      max_psk_len));
+void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
+                                     unsigned int (*psk_server_callback) (SSL
+                                                                          *ssl,
+                                                                          const
+                                                                          char
+                                                                          *identity,
+                                                                          unsigned
+                                                                          char
+                                                                          *psk,
+                                                                          unsigned
+                                                                          int
+                                                                          max_psk_len));
+void SSL_set_psk_server_callback(SSL *ssl,
+                                 unsigned int (*psk_server_callback) (SSL
+                                                                      *ssl,
+                                                                      const
+                                                                      char
+                                                                      *identity,
+                                                                      unsigned
+                                                                      char
+                                                                      *psk,
+                                                                      unsigned
+                                                                      int
+                                                                      max_psk_len));
+int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint);
+int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint);
+const char *SSL_get_psk_identity_hint(const SSL *s);
+const char *SSL_get_psk_identity(const SSL *s);
+# endif
+
+# define SSL_NOTHING     1
+# define SSL_WRITING     2
+# define SSL_READING     3
+# define SSL_X509_LOOKUP 4
+
+/* These will only be used when doing non-blocking IO */
+# define SSL_want_nothing(s)     (SSL_want(s) == SSL_NOTHING)
+# define SSL_want_read(s)        (SSL_want(s) == SSL_READING)
+# define SSL_want_write(s)       (SSL_want(s) == SSL_WRITING)
+# define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
+
+# define SSL_MAC_FLAG_READ_MAC_STREAM 1
+# define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
+
+# ifndef OPENSSL_NO_SSL_INTERN
+
+struct ssl_st {
+    /*
+     * protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION,
+     * DTLS1_VERSION)
+     */
+    int version;
+    /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
+    int type;
+    /* SSLv3 */
+    const SSL_METHOD *method;
+    /*
+     * There are 2 BIO's even though they are normally both the same.  This
+     * is so data can be read and written to different handlers
+     */
+#  ifndef OPENSSL_NO_BIO
+    /* used by SSL_read */
+    BIO *rbio;
+    /* used by SSL_write */
+    BIO *wbio;
+    /* used during session-id reuse to concatenate messages */
+    BIO *bbio;
+#  else
+    /* used by SSL_read */
+    char *rbio;
+    /* used by SSL_write */
+    char *wbio;
+    char *bbio;
+#  endif
+    /*
+     * This holds a variable that indicates what we were doing when a 0 or -1
+     * is returned.  This is needed for non-blocking IO so we know what
+     * request needs re-doing when in SSL_accept or SSL_connect
+     */
+    int rwstate;
+    /* true when we are actually in SSL_accept() or SSL_connect() */
+    int in_handshake;
+    int (*handshake_func) (SSL *);
+    /*
+     * Imagine that here's a boolean member "init" that is switched as soon
+     * as SSL_set_{accept/connect}_state is called for the first time, so
+     * that "state" and "handshake_func" are properly initialized.  But as
+     * handshake_func is == 0 until then, we use this test instead of an
+     * "init" member.
+     */
+    /* are we the server side? - mostly used by SSL_clear */
+    int server;
+    /*
+     * Generate a new session or reuse an old one.
+     * NB: For servers, the 'new' session may actually be a previously
+     * cached session or even the previous session unless
+     * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set
+     */
+    int new_session;
+    /* don't send shutdown packets */
+    int quiet_shutdown;
+    /* we have shut things down, 0x01 sent, 0x02 for received */
+    int shutdown;
+    /* where we are */
+    int state;
+    /* where we are when reading */
+    int rstate;
+    BUF_MEM *init_buf;          /* buffer used during init */
+    void *init_msg;             /* pointer to handshake message body, set by
+                                 * ssl3_get_message() */
+    int init_num;               /* amount read/written */
+    int init_off;               /* amount read/written */
+    /* used internally to point at a raw packet */
+    unsigned char *packet;
+    unsigned int packet_length;
+    struct ssl2_state_st *s2;   /* SSLv2 variables */
+    struct ssl3_state_st *s3;   /* SSLv3 variables */
+    struct dtls1_state_st *d1;  /* DTLSv1 variables */
+    int read_ahead;             /* Read as many input bytes as possible (for
+                                 * non-blocking reads) */
+    /* callback that allows applications to peek at protocol messages */
+    void (*msg_callback) (int write_p, int version, int content_type,
+                          const void *buf, size_t len, SSL *ssl, void *arg);
+    void *msg_callback_arg;
+    int hit;                    /* reusing a previous session */
+    X509_VERIFY_PARAM *param;
+#  if 0
+    int purpose;                /* Purpose setting */
+    int trust;                  /* Trust setting */
+#  endif
+    /* crypto */
+    STACK_OF(SSL_CIPHER) *cipher_list;
+    STACK_OF(SSL_CIPHER) *cipher_list_by_id;
+    /*
+     * These are the ones being used, the ones in SSL_SESSION are the ones to
+     * be 'copied' into these ones
+     */
+    int mac_flags;
+    EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
+    EVP_MD_CTX *read_hash;      /* used for mac generation */
+#  ifndef OPENSSL_NO_COMP
+    COMP_CTX *expand;           /* uncompress */
+#  else
+    char *expand;
+#  endif
+    EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
+    EVP_MD_CTX *write_hash;     /* used for mac generation */
+#  ifndef OPENSSL_NO_COMP
+    COMP_CTX *compress;         /* compression */
+#  else
+    char *compress;
+#  endif
+    /* session info */
+    /* client cert? */
+    /* This is used to hold the server certificate used */
+    struct cert_st /* CERT */ *cert;
+    /*
+     * the session_id_context is used to ensure sessions are only reused in
+     * the appropriate context
+     */
+    unsigned int sid_ctx_length;
+    unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+    /* This can also be in the session once a session is established */
+    SSL_SESSION *session;
+    /* Default generate session ID callback. */
+    GEN_SESSION_CB generate_session_id;
+    /* Used in SSL2 and SSL3 */
+    /*
+     * 0 don't care about verify failure.
+     * 1 fail if verify fails
+     */
+    int verify_mode;
+    /* fail if callback returns 0 */
+    int (*verify_callback) (int ok, X509_STORE_CTX *ctx);
+    /* optional informational callback */
+    void (*info_callback) (const SSL *ssl, int type, int val);
+    /* error bytes to be written */
+    int error;
+    /* actual code */
+    int error_code;
+#  ifndef OPENSSL_NO_KRB5
+    /* Kerberos 5 context */
+    KSSL_CTX *kssl_ctx;
+#  endif                        /* OPENSSL_NO_KRB5 */
+#  ifndef OPENSSL_NO_PSK
+    unsigned int (*psk_client_callback) (SSL *ssl, const char *hint,
+                                         char *identity,
+                                         unsigned int max_identity_len,
+                                         unsigned char *psk,
+                                         unsigned int max_psk_len);
+    unsigned int (*psk_server_callback) (SSL *ssl, const char *identity,
+                                         unsigned char *psk,
+                                         unsigned int max_psk_len);
+#  endif
+    SSL_CTX *ctx;
+    /*
+     * set this flag to 1 and a sleep(1) is put into all SSL_read() and
+     * SSL_write() calls, good for nbio debuging :-)
+     */
+    int debug;
+    /* extra application data */
+    long verify_result;
+    CRYPTO_EX_DATA ex_data;
+    /* for server side, keep the list of CA_dn we can use */
+    STACK_OF(X509_NAME) *client_CA;
+    int references;
+    /* protocol behaviour */
+    unsigned long options;
+    /* API behaviour */
+    unsigned long mode;
+    long max_cert_list;
+    int first_packet;
+    /* what was passed, used for SSLv3/TLS rollback check */
+    int client_version;
+    unsigned int max_send_fragment;
+#  ifndef OPENSSL_NO_TLSEXT
+    /* TLS extension debug callback */
+    void (*tlsext_debug_cb) (SSL *s, int client_server, int type,
+                             unsigned char *data, int len, void *arg);
+    void *tlsext_debug_arg;
+    char *tlsext_hostname;
+    /*-
+     * no further mod of servername
+     * 0 : call the servername extension callback.
+     * 1 : prepare 2, allow last ack just after in server callback.
+     * 2 : don't call servername callback, no ack in server hello
+     */
+    int servername_done;
+    /* certificate status request info */
+    /* Status type or -1 if no status type */
+    int tlsext_status_type;
+    /* Expect OCSP CertificateStatus message */
+    int tlsext_status_expected;
+    /* OCSP status request only */
+    STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids;
+    X509_EXTENSIONS *tlsext_ocsp_exts;
+    /* OCSP response received or to be sent */
+    unsigned char *tlsext_ocsp_resp;
+    int tlsext_ocsp_resplen;
+    /* RFC4507 session ticket expected to be received or sent */
+    int tlsext_ticket_expected;
+#   ifndef OPENSSL_NO_EC
+    size_t tlsext_ecpointformatlist_length;
+    /* our list */
+    unsigned char *tlsext_ecpointformatlist;
+    size_t tlsext_ellipticcurvelist_length;
+    /* our list */
+    unsigned char *tlsext_ellipticcurvelist;
+#   endif                       /* OPENSSL_NO_EC */
+    /*
+     * draft-rescorla-tls-opaque-prf-input-00.txt information to be used for
+     * handshakes
+     */
+    void *tlsext_opaque_prf_input;
+    size_t tlsext_opaque_prf_input_len;
+    /* TLS Session Ticket extension override */
+    TLS_SESSION_TICKET_EXT *tlsext_session_ticket;
+    /* TLS Session Ticket extension callback */
+    tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb;
+    void *tls_session_ticket_ext_cb_arg;
+    /* TLS pre-shared secret session resumption */
+    tls_session_secret_cb_fn tls_session_secret_cb;
+    void *tls_session_secret_cb_arg;
+    SSL_CTX *initial_ctx;       /* initial ctx, used to store sessions */
+#   ifndef OPENSSL_NO_NEXTPROTONEG
+    /*
+     * Next protocol negotiation. For the client, this is the protocol that
+     * we sent in NextProtocol and is set when handling ServerHello
+     * extensions. For a server, this is the client's selected_protocol from
+     * NextProtocol and is set when handling the NextProtocol message, before
+     * the Finished message.
+     */
+    unsigned char *next_proto_negotiated;
+    unsigned char next_proto_negotiated_len;
+#   endif
+#   define session_ctx initial_ctx
+    /* What we'll do */
+    STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
+    /* What's been chosen */
+    SRTP_PROTECTION_PROFILE *srtp_profile;
+        /*-
+         * Is use of the Heartbeat extension negotiated?
+         * 0: disabled
+         * 1: enabled
+         * 2: enabled, but not allowed to send Requests
+         */
+    unsigned int tlsext_heartbeat;
+    /* Indicates if a HeartbeatRequest is in flight */
+    unsigned int tlsext_hb_pending;
+    /* HeartbeatRequest sequence number */
+    unsigned int tlsext_hb_seq;
+#  else
+#   define session_ctx ctx
+#  endif                        /* OPENSSL_NO_TLSEXT */
+    /*-
+     * 1 if we are renegotiating.
+     * 2 if we are a server and are inside a handshake
+     * (i.e. not just sending a HelloRequest)
+     */
+    int renegotiate;
+#  ifndef OPENSSL_NO_SRP
+    /* ctx for SRP authentication */
+    SRP_CTX srp_ctx;
+#  endif
+};
+
+# endif
+
+#ifdef __cplusplus
+}
+#endif
+
+# include <openssl/ssl2.h>
+# include <openssl/ssl3.h>
+# include <openssl/tls1.h>      /* This is mostly sslv3 with a few tweaks */
+# include <openssl/dtls1.h>     /* Datagram TLS */
+# include <openssl/ssl23.h>
+# include <openssl/srtp.h>      /* Support for the use_srtp extension */
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* compatibility */
+# define SSL_set_app_data(s,arg)         (SSL_set_ex_data(s,0,(char *)arg))
+# define SSL_get_app_data(s)             (SSL_get_ex_data(s,0))
+# define SSL_SESSION_set_app_data(s,a)   (SSL_SESSION_set_ex_data(s,0,(char *)a))
+# define SSL_SESSION_get_app_data(s)     (SSL_SESSION_get_ex_data(s,0))
+# define SSL_CTX_get_app_data(ctx)       (SSL_CTX_get_ex_data(ctx,0))
+# define SSL_CTX_set_app_data(ctx,arg)   (SSL_CTX_set_ex_data(ctx,0,(char *)arg))
+
+/*
+ * The following are the possible values for ssl->state are are used to
+ * indicate where we are up to in the SSL connection establishment. The
+ * macros that follow are about the only things you should need to use and
+ * even then, only when using non-blocking IO. It can also be useful to work
+ * out where you were when the connection failed
+ */
+
+# define SSL_ST_CONNECT                  0x1000
+# define SSL_ST_ACCEPT                   0x2000
+# define SSL_ST_MASK                     0x0FFF
+# define SSL_ST_INIT                     (SSL_ST_CONNECT|SSL_ST_ACCEPT)
+# define SSL_ST_BEFORE                   0x4000
+# define SSL_ST_OK                       0x03
+# define SSL_ST_RENEGOTIATE              (0x04|SSL_ST_INIT)
+# define SSL_ST_ERR                      0x05
+
+# define SSL_CB_LOOP                     0x01
+# define SSL_CB_EXIT                     0x02
+# define SSL_CB_READ                     0x04
+# define SSL_CB_WRITE                    0x08
+# define SSL_CB_ALERT                    0x4000/* used in callback */
+# define SSL_CB_READ_ALERT               (SSL_CB_ALERT|SSL_CB_READ)
+# define SSL_CB_WRITE_ALERT              (SSL_CB_ALERT|SSL_CB_WRITE)
+# define SSL_CB_ACCEPT_LOOP              (SSL_ST_ACCEPT|SSL_CB_LOOP)
+# define SSL_CB_ACCEPT_EXIT              (SSL_ST_ACCEPT|SSL_CB_EXIT)
+# define SSL_CB_CONNECT_LOOP             (SSL_ST_CONNECT|SSL_CB_LOOP)
+# define SSL_CB_CONNECT_EXIT             (SSL_ST_CONNECT|SSL_CB_EXIT)
+# define SSL_CB_HANDSHAKE_START          0x10
+# define SSL_CB_HANDSHAKE_DONE           0x20
+
+/* Is the SSL_connection established? */
+# define SSL_get_state(a)                SSL_state(a)
+# define SSL_is_init_finished(a)         (SSL_state(a) == SSL_ST_OK)
+# define SSL_in_init(a)                  (SSL_state(a)&SSL_ST_INIT)
+# define SSL_in_before(a)                (SSL_state(a)&SSL_ST_BEFORE)
+# define SSL_in_connect_init(a)          (SSL_state(a)&SSL_ST_CONNECT)
+# define SSL_in_accept_init(a)           (SSL_state(a)&SSL_ST_ACCEPT)
+
+/*
+ * The following 2 states are kept in ssl->rstate when reads fail, you should
+ * not need these
+ */
+# define SSL_ST_READ_HEADER                      0xF0
+# define SSL_ST_READ_BODY                        0xF1
+# define SSL_ST_READ_DONE                        0xF2
+
+/*-
+ * Obtain latest Finished message
+ *   -- that we sent (SSL_get_finished)
+ *   -- that we expected from peer (SSL_get_peer_finished).
+ * Returns length (0 == no Finished so far), copies up to 'count' bytes.
+ */
+size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
+size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
+
+/*
+ * use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options are
+ * 'ored' with SSL_VERIFY_PEER if they are desired
+ */
+# define SSL_VERIFY_NONE                 0x00
+# define SSL_VERIFY_PEER                 0x01
+# define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
+# define SSL_VERIFY_CLIENT_ONCE          0x04
+
+# define OpenSSL_add_ssl_algorithms()    SSL_library_init()
+# define SSLeay_add_ssl_algorithms()     SSL_library_init()
+
+/* this is for backward compatibility */
+# if 0                          /* NEW_SSLEAY */
+#  define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c)
+#  define SSL_set_pref_cipher(c,n)        SSL_set_cipher_list(c,n)
+#  define SSL_add_session(a,b)            SSL_CTX_add_session((a),(b))
+#  define SSL_remove_session(a,b)         SSL_CTX_remove_session((a),(b))
+#  define SSL_flush_sessions(a,b)         SSL_CTX_flush_sessions((a),(b))
+# endif
+/* More backward compatibility */
+# define SSL_get_cipher(s) \
+                SSL_CIPHER_get_name(SSL_get_current_cipher(s))
+# define SSL_get_cipher_bits(s,np) \
+                SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
+# define SSL_get_cipher_version(s) \
+                SSL_CIPHER_get_version(SSL_get_current_cipher(s))
+# define SSL_get_cipher_name(s) \
+                SSL_CIPHER_get_name(SSL_get_current_cipher(s))
+# define SSL_get_time(a)         SSL_SESSION_get_time(a)
+# define SSL_set_time(a,b)       SSL_SESSION_set_time((a),(b))
+# define SSL_get_timeout(a)      SSL_SESSION_get_timeout(a)
+# define SSL_set_timeout(a,b)    SSL_SESSION_set_timeout((a),(b))
+
+# define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id)
+# define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id)
+
+DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
+# define SSL_AD_REASON_OFFSET            1000/* offset to get SSL_R_... value
+                                              * from SSL_AD_... */
+/* These alert types are for SSLv3 and TLSv1 */
+# define SSL_AD_CLOSE_NOTIFY             SSL3_AD_CLOSE_NOTIFY
+/* fatal */
+# define SSL_AD_UNEXPECTED_MESSAGE       SSL3_AD_UNEXPECTED_MESSAGE
+/* fatal */
+# define SSL_AD_BAD_RECORD_MAC           SSL3_AD_BAD_RECORD_MAC
+# define SSL_AD_DECRYPTION_FAILED        TLS1_AD_DECRYPTION_FAILED
+# define SSL_AD_RECORD_OVERFLOW          TLS1_AD_RECORD_OVERFLOW
+/* fatal */
+# define SSL_AD_DECOMPRESSION_FAILURE    SSL3_AD_DECOMPRESSION_FAILURE
+/* fatal */
+# define SSL_AD_HANDSHAKE_FAILURE        SSL3_AD_HANDSHAKE_FAILURE
+/* Not for TLS */
+# define SSL_AD_NO_CERTIFICATE           SSL3_AD_NO_CERTIFICATE
+# define SSL_AD_BAD_CERTIFICATE          SSL3_AD_BAD_CERTIFICATE
+# define SSL_AD_UNSUPPORTED_CERTIFICATE  SSL3_AD_UNSUPPORTED_CERTIFICATE
+# define SSL_AD_CERTIFICATE_REVOKED      SSL3_AD_CERTIFICATE_REVOKED
+# define SSL_AD_CERTIFICATE_EXPIRED      SSL3_AD_CERTIFICATE_EXPIRED
+# define SSL_AD_CERTIFICATE_UNKNOWN      SSL3_AD_CERTIFICATE_UNKNOWN
+/* fatal */
+# define SSL_AD_ILLEGAL_PARAMETER        SSL3_AD_ILLEGAL_PARAMETER
+/* fatal */
+# define SSL_AD_UNKNOWN_CA               TLS1_AD_UNKNOWN_CA
+/* fatal */
+# define SSL_AD_ACCESS_DENIED            TLS1_AD_ACCESS_DENIED
+/* fatal */
+# define SSL_AD_DECODE_ERROR             TLS1_AD_DECODE_ERROR
+# define SSL_AD_DECRYPT_ERROR            TLS1_AD_DECRYPT_ERROR
+/* fatal */
+# define SSL_AD_EXPORT_RESTRICTION       TLS1_AD_EXPORT_RESTRICTION
+/* fatal */
+# define SSL_AD_PROTOCOL_VERSION         TLS1_AD_PROTOCOL_VERSION
+/* fatal */
+# define SSL_AD_INSUFFICIENT_SECURITY    TLS1_AD_INSUFFICIENT_SECURITY
+/* fatal */
+# define SSL_AD_INTERNAL_ERROR           TLS1_AD_INTERNAL_ERROR
+# define SSL_AD_USER_CANCELLED           TLS1_AD_USER_CANCELLED
+# define SSL_AD_NO_RENEGOTIATION         TLS1_AD_NO_RENEGOTIATION
+# define SSL_AD_UNSUPPORTED_EXTENSION    TLS1_AD_UNSUPPORTED_EXTENSION
+# define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
+# define SSL_AD_UNRECOGNIZED_NAME        TLS1_AD_UNRECOGNIZED_NAME
+# define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
+# define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
+/* fatal */
+# define SSL_AD_UNKNOWN_PSK_IDENTITY     TLS1_AD_UNKNOWN_PSK_IDENTITY
+/* fatal */
+# define SSL_AD_INAPPROPRIATE_FALLBACK   TLS1_AD_INAPPROPRIATE_FALLBACK
+# define SSL_ERROR_NONE                  0
+# define SSL_ERROR_SSL                   1
+# define SSL_ERROR_WANT_READ             2
+# define SSL_ERROR_WANT_WRITE            3
+# define SSL_ERROR_WANT_X509_LOOKUP      4
+# define SSL_ERROR_SYSCALL               5/* look at error stack/return
+                                           * value/errno */
+# define SSL_ERROR_ZERO_RETURN           6
+# define SSL_ERROR_WANT_CONNECT          7
+# define SSL_ERROR_WANT_ACCEPT           8
+# define SSL_CTRL_NEED_TMP_RSA                   1
+# define SSL_CTRL_SET_TMP_RSA                    2
+# define SSL_CTRL_SET_TMP_DH                     3
+# define SSL_CTRL_SET_TMP_ECDH                   4
+# define SSL_CTRL_SET_TMP_RSA_CB                 5
+# define SSL_CTRL_SET_TMP_DH_CB                  6
+# define SSL_CTRL_SET_TMP_ECDH_CB                7
+# define SSL_CTRL_GET_SESSION_REUSED             8
+# define SSL_CTRL_GET_CLIENT_CERT_REQUEST        9
+# define SSL_CTRL_GET_NUM_RENEGOTIATIONS         10
+# define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS       11
+# define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS       12
+# define SSL_CTRL_GET_FLAGS                      13
+# define SSL_CTRL_EXTRA_CHAIN_CERT               14
+# define SSL_CTRL_SET_MSG_CALLBACK               15
+# define SSL_CTRL_SET_MSG_CALLBACK_ARG           16
+/* only applies to datagram connections */
+# define SSL_CTRL_SET_MTU                17
+/* Stats */
+# define SSL_CTRL_SESS_NUMBER                    20
+# define SSL_CTRL_SESS_CONNECT                   21
+# define SSL_CTRL_SESS_CONNECT_GOOD              22
+# define SSL_CTRL_SESS_CONNECT_RENEGOTIATE       23
+# define SSL_CTRL_SESS_ACCEPT                    24
+# define SSL_CTRL_SESS_ACCEPT_GOOD               25
+# define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE        26
+# define SSL_CTRL_SESS_HIT                       27
+# define SSL_CTRL_SESS_CB_HIT                    28
+# define SSL_CTRL_SESS_MISSES                    29
+# define SSL_CTRL_SESS_TIMEOUTS                  30
+# define SSL_CTRL_SESS_CACHE_FULL                31
+# define SSL_CTRL_OPTIONS                        32
+# define SSL_CTRL_MODE                           33
+# define SSL_CTRL_GET_READ_AHEAD                 40
+# define SSL_CTRL_SET_READ_AHEAD                 41
+# define SSL_CTRL_SET_SESS_CACHE_SIZE            42
+# define SSL_CTRL_GET_SESS_CACHE_SIZE            43
+# define SSL_CTRL_SET_SESS_CACHE_MODE            44
+# define SSL_CTRL_GET_SESS_CACHE_MODE            45
+# define SSL_CTRL_GET_MAX_CERT_LIST              50
+# define SSL_CTRL_SET_MAX_CERT_LIST              51
+# define SSL_CTRL_SET_MAX_SEND_FRAGMENT          52
+/* see tls1.h for macros based on these */
+# ifndef OPENSSL_NO_TLSEXT
+#  define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB       53
+#  define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG      54
+#  define SSL_CTRL_SET_TLSEXT_HOSTNAME            55
+#  define SSL_CTRL_SET_TLSEXT_DEBUG_CB            56
+#  define SSL_CTRL_SET_TLSEXT_DEBUG_ARG           57
+#  define SSL_CTRL_GET_TLSEXT_TICKET_KEYS         58
+#  define SSL_CTRL_SET_TLSEXT_TICKET_KEYS         59
+#  define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT    60
+#  define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61
+#  define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62
+#  define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB       63
+#  define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG   64
+#  define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE     65
+#  define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS     66
+#  define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS     67
+#  define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS      68
+#  define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS      69
+#  define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP        70
+#  define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP        71
+#  define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB       72
+#  define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB    75
+#  define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB                76
+#  define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB             77
+#  define SSL_CTRL_SET_SRP_ARG            78
+#  define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME               79
+#  define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH               80
+#  define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD               81
+#  ifndef OPENSSL_NO_HEARTBEATS
+#   define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT                         85
+#   define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING          86
+#   define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS      87
+#  endif
+# endif
+# define DTLS_CTRL_GET_TIMEOUT           73
+# define DTLS_CTRL_HANDLE_TIMEOUT        74
+# define DTLS_CTRL_LISTEN                        75
+# define SSL_CTRL_GET_RI_SUPPORT                 76
+# define SSL_CTRL_CLEAR_OPTIONS                  77
+# define SSL_CTRL_CLEAR_MODE                     78
+# define SSL_CTRL_GET_EXTRA_CHAIN_CERTS          82
+# define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS        83
+# define SSL_CTRL_CHECK_PROTO_VERSION            119
+# define DTLS_CTRL_SET_LINK_MTU                  120
+# define DTLS_CTRL_GET_LINK_MIN_MTU              121
+# define DTLSv1_get_timeout(ssl, arg) \
+        SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
+# define DTLSv1_handle_timeout(ssl) \
+        SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL)
+# define DTLSv1_listen(ssl, peer) \
+        SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer)
+# define SSL_session_reused(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
+# define SSL_num_renegotiations(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)
+# define SSL_clear_num_renegotiations(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
+# define SSL_total_renegotiations(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
+# define SSL_CTX_need_tmp_RSA(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL)
+# define SSL_CTX_set_tmp_rsa(ctx,rsa) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
+# define SSL_CTX_set_tmp_dh(ctx,dh) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
+# define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
+# define SSL_need_tmp_RSA(ssl) \
+        SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL)
+# define SSL_set_tmp_rsa(ssl,rsa) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
+# define SSL_set_tmp_dh(ssl,dh) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
+# define SSL_set_tmp_ecdh(ssl,ecdh) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
+# define SSL_CTX_add_extra_chain_cert(ctx,x509) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
+# define SSL_CTX_get_extra_chain_certs(ctx,px509) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509)
+# define SSL_CTX_clear_extra_chain_certs(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
+# ifndef OPENSSL_NO_BIO
+BIO_METHOD *BIO_f_ssl(void);
+BIO *BIO_new_ssl(SSL_CTX *ctx, int client);
+BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
+BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
+int BIO_ssl_copy_session_id(BIO *to, BIO *from);
+void BIO_ssl_shutdown(BIO *ssl_bio);
+
+# endif
+
+int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str);
+SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
+void SSL_CTX_free(SSL_CTX *);
+long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
+long SSL_CTX_get_timeout(const SSL_CTX *ctx);
+X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
+void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *);
+int SSL_want(const SSL *s);
+int SSL_clear(SSL *s);
+
+void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
+
+const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
+int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
+char *SSL_CIPHER_get_version(const SSL_CIPHER *c);
+const char *SSL_CIPHER_get_name(const SSL_CIPHER *c);
+unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c);
+
+int SSL_get_fd(const SSL *s);
+int SSL_get_rfd(const SSL *s);
+int SSL_get_wfd(const SSL *s);
+const char *SSL_get_cipher_list(const SSL *s, int n);
+char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
+int SSL_get_read_ahead(const SSL *s);
+int SSL_pending(const SSL *s);
+# ifndef OPENSSL_NO_SOCK
+int SSL_set_fd(SSL *s, int fd);
+int SSL_set_rfd(SSL *s, int fd);
+int SSL_set_wfd(SSL *s, int fd);
+# endif
+# ifndef OPENSSL_NO_BIO
+void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio);
+BIO *SSL_get_rbio(const SSL *s);
+BIO *SSL_get_wbio(const SSL *s);
+# endif
+int SSL_set_cipher_list(SSL *s, const char *str);
+void SSL_set_read_ahead(SSL *s, int yes);
+int SSL_get_verify_mode(const SSL *s);
+int SSL_get_verify_depth(const SSL *s);
+int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *);
+void SSL_set_verify(SSL *s, int mode,
+                    int (*callback) (int ok, X509_STORE_CTX *ctx));
+void SSL_set_verify_depth(SSL *s, int depth);
+# ifndef OPENSSL_NO_RSA
+int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
+# endif
+int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
+int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
+int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d,
+                            long len);
+int SSL_use_certificate(SSL *ssl, X509 *x);
+int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
+
+# ifndef OPENSSL_NO_STDIO
+int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
+int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
+int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
+int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
+/* PEM type */
+int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
+STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
+int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
+                                        const char *file);
+#  ifndef OPENSSL_SYS_VMS
+/* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */
+#   ifndef OPENSSL_SYS_MACINTOSH_CLASSIC
+int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
+                                       const char *dir);
+#   endif
+#  endif
+
+# endif
+
+void SSL_load_error_strings(void);
+const char *SSL_state_string(const SSL *s);
+const char *SSL_rstate_string(const SSL *s);
+const char *SSL_state_string_long(const SSL *s);
+const char *SSL_rstate_string_long(const SSL *s);
+long SSL_SESSION_get_time(const SSL_SESSION *s);
+long SSL_SESSION_set_time(SSL_SESSION *s, long t);
+long SSL_SESSION_get_timeout(const SSL_SESSION *s);
+long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
+void SSL_copy_session_id(SSL *to, const SSL *from);
+X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
+int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
+                                unsigned int sid_ctx_len);
+
+SSL_SESSION *SSL_SESSION_new(void);
+const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
+                                        unsigned int *len);
+unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
+# ifndef OPENSSL_NO_FP_API
+int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses);
+# endif
+# ifndef OPENSSL_NO_BIO
+int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses);
+# endif
+void SSL_SESSION_free(SSL_SESSION *ses);
+int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
+int SSL_set_session(SSL *to, SSL_SESSION *session);
+int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
+int SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c);
+int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
+int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
+int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
+                                unsigned int id_len);
+SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
+                             long length);
+
+# ifdef HEADER_X509_H
+X509 *SSL_get_peer_certificate(const SSL *s);
+# endif
+
+STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);
+
+int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
+int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
+int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int,
+                                                        X509_STORE_CTX *);
+void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
+                        int (*callback) (int, X509_STORE_CTX *));
+void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth);
+void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
+                                      int (*cb) (X509_STORE_CTX *, void *),
+                                      void *arg);
+# ifndef OPENSSL_NO_RSA
+int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
+# endif
+int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d,
+                                   long len);
+int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
+int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx,
+                                const unsigned char *d, long len);
+int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
+int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
+                                 const unsigned char *d);
+
+void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
+void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
+
+int SSL_CTX_check_private_key(const SSL_CTX *ctx);
+int SSL_check_private_key(const SSL *ctx);
+
+int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
+                                   unsigned int sid_ctx_len);
+
+SSL *SSL_new(SSL_CTX *ctx);
+int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
+                               unsigned int sid_ctx_len);
+
+int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
+int SSL_set_purpose(SSL *s, int purpose);
+int SSL_CTX_set_trust(SSL_CTX *s, int trust);
+int SSL_set_trust(SSL *s, int trust);
+
+int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
+int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
+
+# ifndef OPENSSL_NO_SRP
+int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name);
+int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password);
+int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength);
+int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx,
+                                        char *(*cb) (SSL *, void *));
+int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx,
+                                          int (*cb) (SSL *, void *));
+int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx,
+                                      int (*cb) (SSL *, int *, void *));
+int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg);
+
+int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
+                             BIGNUM *sa, BIGNUM *v, char *info);
+int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
+                                const char *grp);
+
+BIGNUM *SSL_get_srp_g(SSL *s);
+BIGNUM *SSL_get_srp_N(SSL *s);
+
+char *SSL_get_srp_username(SSL *s);
+char *SSL_get_srp_userinfo(SSL *s);
+# endif
+
+void SSL_free(SSL *ssl);
+int SSL_accept(SSL *ssl);
+int SSL_connect(SSL *ssl);
+int SSL_read(SSL *ssl, void *buf, int num);
+int SSL_peek(SSL *ssl, void *buf, int num);
+int SSL_write(SSL *ssl, const void *buf, int num);
+long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
+long SSL_callback_ctrl(SSL *, int, void (*)(void));
+long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
+long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));
+
+int SSL_get_error(const SSL *s, int ret_code);
+const char *SSL_get_version(const SSL *s);
+
+/* This sets the 'default' SSL version that SSL_new() will create */
+int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
+
+# ifndef OPENSSL_NO_SSL2_METHOD
+const SSL_METHOD *SSLv2_method(void); /* SSLv2 */
+const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
+const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
+# endif
+
+# ifndef OPENSSL_NO_SSL3_METHOD
+const SSL_METHOD *SSLv3_method(void); /* SSLv3 */
+const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
+const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */
+# endif
+
+const SSL_METHOD *SSLv23_method(void); /* Negotiate highest available SSL/TLS
+                                        * version */
+const SSL_METHOD *SSLv23_server_method(void); /* Negotiate highest available
+                                               * SSL/TLS version */
+const SSL_METHOD *SSLv23_client_method(void); /* Negotiate highest available
+                                               * SSL/TLS version */
+
+const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */
+const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */
+const SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */
+
+const SSL_METHOD *TLSv1_1_method(void); /* TLSv1.1 */
+const SSL_METHOD *TLSv1_1_server_method(void); /* TLSv1.1 */
+const SSL_METHOD *TLSv1_1_client_method(void); /* TLSv1.1 */
+
+const SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */
+const SSL_METHOD *TLSv1_2_server_method(void); /* TLSv1.2 */
+const SSL_METHOD *TLSv1_2_client_method(void); /* TLSv1.2 */
+
+const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */
+const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */
+const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */
+
+STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
+
+int SSL_do_handshake(SSL *s);
+int SSL_renegotiate(SSL *s);
+int SSL_renegotiate_abbreviated(SSL *s);
+int SSL_renegotiate_pending(SSL *s);
+int SSL_shutdown(SSL *s);
+
+const SSL_METHOD *SSL_get_ssl_method(SSL *s);
+int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
+const char *SSL_alert_type_string_long(int value);
+const char *SSL_alert_type_string(int value);
+const char *SSL_alert_desc_string_long(int value);
+const char *SSL_alert_desc_string(int value);
+
+void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
+void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
+STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
+STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
+int SSL_add_client_CA(SSL *ssl, X509 *x);
+int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);
+
+void SSL_set_connect_state(SSL *s);
+void SSL_set_accept_state(SSL *s);
+
+long SSL_get_default_timeout(const SSL *s);
+
+int SSL_library_init(void);
+
+char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size);
+STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
+
+SSL *SSL_dup(SSL *ssl);
+
+X509 *SSL_get_certificate(const SSL *ssl);
+/*
+ * EVP_PKEY
+ */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl);
+
+void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);
+int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
+void SSL_set_quiet_shutdown(SSL *ssl, int mode);
+int SSL_get_quiet_shutdown(const SSL *ssl);
+void SSL_set_shutdown(SSL *ssl, int mode);
+int SSL_get_shutdown(const SSL *ssl);
+int SSL_version(const SSL *ssl);
+int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
+int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+                                  const char *CApath);
+# define SSL_get0_session SSL_get_session/* just peek at pointer */
+SSL_SESSION *SSL_get_session(const SSL *ssl);
+SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
+SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
+SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx);
+void SSL_set_info_callback(SSL *ssl,
+                           void (*cb) (const SSL *ssl, int type, int val));
+void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type,
+                                               int val);
+int SSL_state(const SSL *ssl);
+void SSL_set_state(SSL *ssl, int state);
+
+void SSL_set_verify_result(SSL *ssl, long v);
+long SSL_get_verify_result(const SSL *ssl);
+
+int SSL_set_ex_data(SSL *ssl, int idx, void *data);
+void *SSL_get_ex_data(const SSL *ssl, int idx);
+int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+                         CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+
+int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data);
+void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx);
+int SSL_SESSION_get_ex_new_index(long argl, void *argp,
+                                 CRYPTO_EX_new *new_func,
+                                 CRYPTO_EX_dup *dup_func,
+                                 CRYPTO_EX_free *free_func);
+
+int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data);
+void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx);
+int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+                             CRYPTO_EX_dup *dup_func,
+                             CRYPTO_EX_free *free_func);
+
+int SSL_get_ex_data_X509_STORE_CTX_idx(void);
+
+# define SSL_CTX_sess_set_cache_size(ctx,t) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
+# define SSL_CTX_sess_get_cache_size(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
+# define SSL_CTX_set_session_cache_mode(ctx,m) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
+# define SSL_CTX_get_session_cache_mode(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)
+
+# define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
+# define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)
+# define SSL_CTX_get_read_ahead(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
+# define SSL_CTX_set_read_ahead(ctx,m) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)
+# define SSL_CTX_get_max_cert_list(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
+# define SSL_CTX_set_max_cert_list(ctx,m) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
+# define SSL_get_max_cert_list(ssl) \
+        SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
+# define SSL_set_max_cert_list(ssl,m) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
+
+# define SSL_CTX_set_max_send_fragment(ctx,m) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
+# define SSL_set_max_send_fragment(ssl,m) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
+
+     /* NB: the keylength is only applicable when is_export is true */
+# ifndef OPENSSL_NO_RSA
+void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
+                                  RSA *(*cb) (SSL *ssl, int is_export,
+                                              int keylength));
+
+void SSL_set_tmp_rsa_callback(SSL *ssl,
+                              RSA *(*cb) (SSL *ssl, int is_export,
+                                          int keylength));
+# endif
+# ifndef OPENSSL_NO_DH
+void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
+                                 DH *(*dh) (SSL *ssl, int is_export,
+                                            int keylength));
+void SSL_set_tmp_dh_callback(SSL *ssl,
+                             DH *(*dh) (SSL *ssl, int is_export,
+                                        int keylength));
+# endif
+# ifndef OPENSSL_NO_ECDH
+void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
+                                   EC_KEY *(*ecdh) (SSL *ssl, int is_export,
+                                                    int keylength));
+void SSL_set_tmp_ecdh_callback(SSL *ssl,
+                               EC_KEY *(*ecdh) (SSL *ssl, int is_export,
+                                                int keylength));
+# endif
+
+# ifndef OPENSSL_NO_COMP
+const COMP_METHOD *SSL_get_current_compression(SSL *s);
+const COMP_METHOD *SSL_get_current_expansion(SSL *s);
+const char *SSL_COMP_get_name(const COMP_METHOD *comp);
+STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
+int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
+# else
+const void *SSL_get_current_compression(SSL *s);
+const void *SSL_get_current_expansion(SSL *s);
+const char *SSL_COMP_get_name(const void *comp);
+void *SSL_COMP_get_compression_methods(void);
+int SSL_COMP_add_compression_method(int id, void *cm);
+# endif
+
+/* TLS extensions functions */
+int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
+
+int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
+                                  void *arg);
+
+/* Pre-shared secret session resumption functions */
+int SSL_set_session_secret_cb(SSL *s,
+                              tls_session_secret_cb_fn tls_session_secret_cb,
+                              void *arg);
+
+void SSL_set_debug(SSL *s, int debug);
+int SSL_cache_hit(SSL *s);
+
+# ifndef OPENSSL_NO_UNIT_TEST
+const struct openssl_ssl_test_functions *SSL_test_functions(void);
+# endif
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_SSL_strings(void);
+
+/* Error codes for the SSL functions. */
+
+/* Function codes. */
+# define SSL_F_CLIENT_CERTIFICATE                         100
+# define SSL_F_CLIENT_FINISHED                            167
+# define SSL_F_CLIENT_HELLO                               101
+# define SSL_F_CLIENT_MASTER_KEY                          102
+# define SSL_F_D2I_SSL_SESSION                            103
+# define SSL_F_DO_DTLS1_WRITE                             245
+# define SSL_F_DO_SSL3_WRITE                              104
+# define SSL_F_DTLS1_ACCEPT                               246
+# define SSL_F_DTLS1_ADD_CERT_TO_BUF                      295
+# define SSL_F_DTLS1_BUFFER_RECORD                        247
+# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM                    316
+# define SSL_F_DTLS1_CLIENT_HELLO                         248
+# define SSL_F_DTLS1_CONNECT                              249
+# define SSL_F_DTLS1_ENC                                  250
+# define SSL_F_DTLS1_GET_HELLO_VERIFY                     251
+# define SSL_F_DTLS1_GET_MESSAGE                          252
+# define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT                 253
+# define SSL_F_DTLS1_GET_RECORD                           254
+# define SSL_F_DTLS1_HANDLE_TIMEOUT                       297
+# define SSL_F_DTLS1_HEARTBEAT                            305
+# define SSL_F_DTLS1_OUTPUT_CERT_CHAIN                    255
+# define SSL_F_DTLS1_PREPROCESS_FRAGMENT                  288
+# define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS             424
+# define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE           256
+# define SSL_F_DTLS1_PROCESS_RECORD                       257
+# define SSL_F_DTLS1_READ_BYTES                           258
+# define SSL_F_DTLS1_READ_FAILED                          259
+# define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST             260
+# define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE              261
+# define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE             262
+# define SSL_F_DTLS1_SEND_CLIENT_VERIFY                   263
+# define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST            264
+# define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE              265
+# define SSL_F_DTLS1_SEND_SERVER_HELLO                    266
+# define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE             267
+# define SSL_F_DTLS1_WRITE_APP_DATA_BYTES                 268
+# define SSL_F_GET_CLIENT_FINISHED                        105
+# define SSL_F_GET_CLIENT_HELLO                           106
+# define SSL_F_GET_CLIENT_MASTER_KEY                      107
+# define SSL_F_GET_SERVER_FINISHED                        108
+# define SSL_F_GET_SERVER_HELLO                           109
+# define SSL_F_GET_SERVER_VERIFY                          110
+# define SSL_F_I2D_SSL_SESSION                            111
+# define SSL_F_READ_N                                     112
+# define SSL_F_REQUEST_CERTIFICATE                        113
+# define SSL_F_SERVER_FINISH                              239
+# define SSL_F_SERVER_HELLO                               114
+# define SSL_F_SERVER_VERIFY                              240
+# define SSL_F_SSL23_ACCEPT                               115
+# define SSL_F_SSL23_CLIENT_HELLO                         116
+# define SSL_F_SSL23_CONNECT                              117
+# define SSL_F_SSL23_GET_CLIENT_HELLO                     118
+# define SSL_F_SSL23_GET_SERVER_HELLO                     119
+# define SSL_F_SSL23_PEEK                                 237
+# define SSL_F_SSL23_READ                                 120
+# define SSL_F_SSL23_WRITE                                121
+# define SSL_F_SSL2_ACCEPT                                122
+# define SSL_F_SSL2_CONNECT                               123
+# define SSL_F_SSL2_ENC_INIT                              124
+# define SSL_F_SSL2_GENERATE_KEY_MATERIAL                 241
+# define SSL_F_SSL2_PEEK                                  234
+# define SSL_F_SSL2_READ                                  125
+# define SSL_F_SSL2_READ_INTERNAL                         236
+# define SSL_F_SSL2_SET_CERTIFICATE                       126
+# define SSL_F_SSL2_WRITE                                 127
+# define SSL_F_SSL3_ACCEPT                                128
+# define SSL_F_SSL3_ADD_CERT_TO_BUF                       296
+# define SSL_F_SSL3_CALLBACK_CTRL                         233
+# define SSL_F_SSL3_CHANGE_CIPHER_STATE                   129
+# define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM              130
+# define SSL_F_SSL3_CHECK_CLIENT_HELLO                    304
+# define SSL_F_SSL3_CHECK_FINISHED                        339
+# define SSL_F_SSL3_CLIENT_HELLO                          131
+# define SSL_F_SSL3_CONNECT                               132
+# define SSL_F_SSL3_CTRL                                  213
+# define SSL_F_SSL3_CTX_CTRL                              133
+# define SSL_F_SSL3_DIGEST_CACHED_RECORDS                 293
+# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC                 292
+# define SSL_F_SSL3_ENC                                   134
+# define SSL_F_SSL3_GENERATE_KEY_BLOCK                    238
+# define SSL_F_SSL3_GENERATE_MASTER_SECRET                388
+# define SSL_F_SSL3_GET_CERTIFICATE_REQUEST               135
+# define SSL_F_SSL3_GET_CERT_STATUS                       289
+# define SSL_F_SSL3_GET_CERT_VERIFY                       136
+# define SSL_F_SSL3_GET_CLIENT_CERTIFICATE                137
+# define SSL_F_SSL3_GET_CLIENT_HELLO                      138
+# define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE               139
+# define SSL_F_SSL3_GET_FINISHED                          140
+# define SSL_F_SSL3_GET_KEY_EXCHANGE                      141
+# define SSL_F_SSL3_GET_MESSAGE                           142
+# define SSL_F_SSL3_GET_NEW_SESSION_TICKET                283
+# define SSL_F_SSL3_GET_NEXT_PROTO                        306
+# define SSL_F_SSL3_GET_RECORD                            143
+# define SSL_F_SSL3_GET_SERVER_CERTIFICATE                144
+# define SSL_F_SSL3_GET_SERVER_DONE                       145
+# define SSL_F_SSL3_GET_SERVER_HELLO                      146
+# define SSL_F_SSL3_HANDSHAKE_MAC                         285
+# define SSL_F_SSL3_NEW_SESSION_TICKET                    287
+# define SSL_F_SSL3_OUTPUT_CERT_CHAIN                     147
+# define SSL_F_SSL3_PEEK                                  235
+# define SSL_F_SSL3_READ_BYTES                            148
+# define SSL_F_SSL3_READ_N                                149
+# define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST              150
+# define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE               151
+# define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE              152
+# define SSL_F_SSL3_SEND_CLIENT_VERIFY                    153
+# define SSL_F_SSL3_SEND_SERVER_CERTIFICATE               154
+# define SSL_F_SSL3_SEND_SERVER_HELLO                     242
+# define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE              155
+# define SSL_F_SSL3_SETUP_KEY_BLOCK                       157
+# define SSL_F_SSL3_SETUP_READ_BUFFER                     156
+# define SSL_F_SSL3_SETUP_WRITE_BUFFER                    291
+# define SSL_F_SSL3_WRITE_BYTES                           158
+# define SSL_F_SSL3_WRITE_PENDING                         159
+# define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT        298
+# define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT                 277
+# define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT           307
+# define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK         215
+# define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK        216
+# define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT        299
+# define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT                 278
+# define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT           308
+# define SSL_F_SSL_BAD_METHOD                             160
+# define SSL_F_SSL_BYTES_TO_CIPHER_LIST                   161
+# define SSL_F_SSL_CERT_DUP                               221
+# define SSL_F_SSL_CERT_INST                              222
+# define SSL_F_SSL_CERT_INSTANTIATE                       214
+# define SSL_F_SSL_CERT_NEW                               162
+# define SSL_F_SSL_CHECK_PRIVATE_KEY                      163
+# define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT               280
+# define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG            279
+# define SSL_F_SSL_CIPHER_PROCESS_RULESTR                 230
+# define SSL_F_SSL_CIPHER_STRENGTH_SORT                   231
+# define SSL_F_SSL_CLEAR                                  164
+# define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD            165
+# define SSL_F_SSL_CREATE_CIPHER_LIST                     166
+# define SSL_F_SSL_CTRL                                   232
+# define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY                  168
+# define SSL_F_SSL_CTX_MAKE_PROFILES                      309
+# define SSL_F_SSL_CTX_NEW                                169
+# define SSL_F_SSL_CTX_SET_CIPHER_LIST                    269
+# define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE             290
+# define SSL_F_SSL_CTX_SET_PURPOSE                        226
+# define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT             219
+# define SSL_F_SSL_CTX_SET_SSL_VERSION                    170
+# define SSL_F_SSL_CTX_SET_TRUST                          229
+# define SSL_F_SSL_CTX_USE_CERTIFICATE                    171
+# define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1               172
+# define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE         220
+# define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE               173
+# define SSL_F_SSL_CTX_USE_PRIVATEKEY                     174
+# define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1                175
+# define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE                176
+# define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT              272
+# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY                  177
+# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1             178
+# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE             179
+# define SSL_F_SSL_DO_HANDSHAKE                           180
+# define SSL_F_SSL_GET_NEW_SESSION                        181
+# define SSL_F_SSL_GET_PREV_SESSION                       217
+# define SSL_F_SSL_GET_SERVER_SEND_CERT                   182
+# define SSL_F_SSL_GET_SERVER_SEND_PKEY                   317
+# define SSL_F_SSL_GET_SIGN_PKEY                          183
+# define SSL_F_SSL_INIT_WBIO_BUFFER                       184
+# define SSL_F_SSL_LOAD_CLIENT_CA_FILE                    185
+# define SSL_F_SSL_NEW                                    186
+# define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT      300
+# define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT               302
+# define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT         310
+# define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT      301
+# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT               303
+# define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT         311
+# define SSL_F_SSL_PEEK                                   270
+# define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT             281
+# define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT             282
+# define SSL_F_SSL_READ                                   223
+# define SSL_F_SSL_RSA_PRIVATE_DECRYPT                    187
+# define SSL_F_SSL_RSA_PUBLIC_ENCRYPT                     188
+# define SSL_F_SSL_SESSION_DUP                            348
+# define SSL_F_SSL_SESSION_NEW                            189
+# define SSL_F_SSL_SESSION_PRINT_FP                       190
+# define SSL_F_SSL_SESSION_SET1_ID_CONTEXT                312
+# define SSL_F_SSL_SESS_CERT_NEW                          225
+# define SSL_F_SSL_SET_CERT                               191
+# define SSL_F_SSL_SET_CIPHER_LIST                        271
+# define SSL_F_SSL_SET_FD                                 192
+# define SSL_F_SSL_SET_PKEY                               193
+# define SSL_F_SSL_SET_PURPOSE                            227
+# define SSL_F_SSL_SET_RFD                                194
+# define SSL_F_SSL_SET_SESSION                            195
+# define SSL_F_SSL_SET_SESSION_ID_CONTEXT                 218
+# define SSL_F_SSL_SET_SESSION_TICKET_EXT                 294
+# define SSL_F_SSL_SET_TRUST                              228
+# define SSL_F_SSL_SET_WFD                                196
+# define SSL_F_SSL_SHUTDOWN                               224
+# define SSL_F_SSL_SRP_CTX_INIT                           313
+# define SSL_F_SSL_UNDEFINED_CONST_FUNCTION               243
+# define SSL_F_SSL_UNDEFINED_FUNCTION                     197
+# define SSL_F_SSL_UNDEFINED_VOID_FUNCTION                244
+# define SSL_F_SSL_USE_CERTIFICATE                        198
+# define SSL_F_SSL_USE_CERTIFICATE_ASN1                   199
+# define SSL_F_SSL_USE_CERTIFICATE_FILE                   200
+# define SSL_F_SSL_USE_PRIVATEKEY                         201
+# define SSL_F_SSL_USE_PRIVATEKEY_ASN1                    202
+# define SSL_F_SSL_USE_PRIVATEKEY_FILE                    203
+# define SSL_F_SSL_USE_PSK_IDENTITY_HINT                  273
+# define SSL_F_SSL_USE_RSAPRIVATEKEY                      204
+# define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1                 205
+# define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE                 206
+# define SSL_F_SSL_VERIFY_CERT_CHAIN                      207
+# define SSL_F_SSL_WRITE                                  208
+# define SSL_F_TLS1_CERT_VERIFY_MAC                       286
+# define SSL_F_TLS1_CHANGE_CIPHER_STATE                   209
+# define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT              274
+# define SSL_F_TLS1_ENC                                   210
+# define SSL_F_TLS1_EXPORT_KEYING_MATERIAL                314
+# define SSL_F_TLS1_HEARTBEAT                             315
+# define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT            275
+# define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT            276
+# define SSL_F_TLS1_PRF                                   284
+# define SSL_F_TLS1_SETUP_KEY_BLOCK                       211
+# define SSL_F_WRITE_PENDING                              212
+
+/* Reason codes. */
+# define SSL_R_APP_DATA_IN_HANDSHAKE                      100
+# define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
+# define SSL_R_BAD_ALERT_RECORD                           101
+# define SSL_R_BAD_AUTHENTICATION_TYPE                    102
+# define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
+# define SSL_R_BAD_CHECKSUM                               104
+# define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
+# define SSL_R_BAD_DECOMPRESSION                          107
+# define SSL_R_BAD_DH_G_LENGTH                            108
+# define SSL_R_BAD_DH_G_VALUE                             375
+# define SSL_R_BAD_DH_PUB_KEY_LENGTH                      109
+# define SSL_R_BAD_DH_PUB_KEY_VALUE                       393
+# define SSL_R_BAD_DH_P_LENGTH                            110
+# define SSL_R_BAD_DH_P_VALUE                             395
+# define SSL_R_BAD_DIGEST_LENGTH                          111
+# define SSL_R_BAD_DSA_SIGNATURE                          112
+# define SSL_R_BAD_ECC_CERT                               304
+# define SSL_R_BAD_ECDSA_SIGNATURE                        305
+# define SSL_R_BAD_ECPOINT                                306
+# define SSL_R_BAD_HANDSHAKE_LENGTH                       332
+# define SSL_R_BAD_HELLO_REQUEST                          105
+# define SSL_R_BAD_LENGTH                                 271
+# define SSL_R_BAD_MAC_DECODE                             113
+# define SSL_R_BAD_MAC_LENGTH                             333
+# define SSL_R_BAD_MESSAGE_TYPE                           114
+# define SSL_R_BAD_PACKET_LENGTH                          115
+# define SSL_R_BAD_PROTOCOL_VERSION_NUMBER                116
+# define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH               316
+# define SSL_R_BAD_RESPONSE_ARGUMENT                      117
+# define SSL_R_BAD_RSA_DECRYPT                            118
+# define SSL_R_BAD_RSA_ENCRYPT                            119
+# define SSL_R_BAD_RSA_E_LENGTH                           120
+# define SSL_R_BAD_RSA_MODULUS_LENGTH                     121
+# define SSL_R_BAD_RSA_SIGNATURE                          122
+# define SSL_R_BAD_SIGNATURE                              123
+# define SSL_R_BAD_SRP_A_LENGTH                           347
+# define SSL_R_BAD_SRP_B_LENGTH                           348
+# define SSL_R_BAD_SRP_G_LENGTH                           349
+# define SSL_R_BAD_SRP_N_LENGTH                           350
+# define SSL_R_BAD_SRP_PARAMETERS                         371
+# define SSL_R_BAD_SRP_S_LENGTH                           351
+# define SSL_R_BAD_SRTP_MKI_VALUE                         352
+# define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST           353
+# define SSL_R_BAD_SSL_FILETYPE                           124
+# define SSL_R_BAD_SSL_SESSION_ID_LENGTH                  125
+# define SSL_R_BAD_STATE                                  126
+# define SSL_R_BAD_WRITE_RETRY                            127
+# define SSL_R_BIO_NOT_SET                                128
+# define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG                  129
+# define SSL_R_BN_LIB                                     130
+# define SSL_R_CA_DN_LENGTH_MISMATCH                      131
+# define SSL_R_CA_DN_TOO_LONG                             132
+# define SSL_R_CCS_RECEIVED_EARLY                         133
+# define SSL_R_CERTIFICATE_VERIFY_FAILED                  134
+# define SSL_R_CERT_LENGTH_MISMATCH                       135
+# define SSL_R_CHALLENGE_IS_DIFFERENT                     136
+# define SSL_R_CIPHER_CODE_WRONG_LENGTH                   137
+# define SSL_R_CIPHER_OR_HASH_UNAVAILABLE                 138
+# define SSL_R_CIPHER_TABLE_SRC_ERROR                     139
+# define SSL_R_CLIENTHELLO_TLSEXT                         226
+# define SSL_R_COMPRESSED_LENGTH_TOO_LONG                 140
+# define SSL_R_COMPRESSION_DISABLED                       343
+# define SSL_R_COMPRESSION_FAILURE                        141
+# define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
+# define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
+# define SSL_R_CONNECTION_ID_IS_DIFFERENT                 143
+# define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+# define SSL_R_COOKIE_MISMATCH                            308
+# define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED              145
+# define SSL_R_DATA_LENGTH_TOO_LONG                       146
+# define SSL_R_DECRYPTION_FAILED                          147
+# define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC        281
+# define SSL_R_DH_KEY_TOO_SMALL                           372
+# define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG            148
+# define SSL_R_DIGEST_CHECK_FAILED                        149
+# define SSL_R_DTLS_MESSAGE_TOO_BIG                       334
+# define SSL_R_DUPLICATE_COMPRESSION_ID                   309
+# define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT             317
+# define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
+# define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE         322
+# define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE        323
+# define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER               310
+# define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
+# define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
+# define SSL_R_ERROR_GENERATING_TMP_RSA_KEY               282
+# define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
+# define SSL_R_EXCESSIVE_MESSAGE_SIZE                     152
+# define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
+# define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
+# define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS                355
+# define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION           356
+# define SSL_R_HTTPS_PROXY_REQUEST                        155
+# define SSL_R_HTTP_REQUEST                               156
+# define SSL_R_ILLEGAL_PADDING                            283
+# define SSL_R_INAPPROPRIATE_FALLBACK                     373
+# define SSL_R_INCONSISTENT_COMPRESSION                   340
+# define SSL_R_INVALID_CHALLENGE_LENGTH                   158
+# define SSL_R_INVALID_COMMAND                            280
+# define SSL_R_INVALID_COMPRESSION_ALGORITHM              341
+# define SSL_R_INVALID_PURPOSE                            278
+# define SSL_R_INVALID_SRP_USERNAME                       357
+# define SSL_R_INVALID_STATUS_RESPONSE                    328
+# define SSL_R_INVALID_TICKET_KEYS_LENGTH                 325
+# define SSL_R_INVALID_TRUST                              279
+# define SSL_R_KEY_ARG_TOO_LONG                           284
+# define SSL_R_KRB5                                       285
+# define SSL_R_KRB5_C_CC_PRINC                            286
+# define SSL_R_KRB5_C_GET_CRED                            287
+# define SSL_R_KRB5_C_INIT                                288
+# define SSL_R_KRB5_C_MK_REQ                              289
+# define SSL_R_KRB5_S_BAD_TICKET                          290
+# define SSL_R_KRB5_S_INIT                                291
+# define SSL_R_KRB5_S_RD_REQ                              292
+# define SSL_R_KRB5_S_TKT_EXPIRED                         293
+# define SSL_R_KRB5_S_TKT_NYV                             294
+# define SSL_R_KRB5_S_TKT_SKEW                            295
+# define SSL_R_LENGTH_MISMATCH                            159
+# define SSL_R_LENGTH_TOO_SHORT                           160
+# define SSL_R_LIBRARY_BUG                                274
+# define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+# define SSL_R_MESSAGE_TOO_LONG                           296
+# define SSL_R_MISSING_DH_DSA_CERT                        162
+# define SSL_R_MISSING_DH_KEY                             163
+# define SSL_R_MISSING_DH_RSA_CERT                        164
+# define SSL_R_MISSING_DSA_SIGNING_CERT                   165
+# define SSL_R_MISSING_EXPORT_TMP_DH_KEY                  166
+# define SSL_R_MISSING_EXPORT_TMP_RSA_KEY                 167
+# define SSL_R_MISSING_RSA_CERTIFICATE                    168
+# define SSL_R_MISSING_RSA_ENCRYPTING_CERT                169
+# define SSL_R_MISSING_RSA_SIGNING_CERT                   170
+# define SSL_R_MISSING_SRP_PARAM                          358
+# define SSL_R_MISSING_TMP_DH_KEY                         171
+# define SSL_R_MISSING_TMP_ECDH_KEY                       311
+# define SSL_R_MISSING_TMP_RSA_KEY                        172
+# define SSL_R_MISSING_TMP_RSA_PKEY                       173
+# define SSL_R_MISSING_VERIFY_MESSAGE                     174
+# define SSL_R_MULTIPLE_SGC_RESTARTS                      346
+# define SSL_R_NON_SSLV2_INITIAL_PACKET                   175
+# define SSL_R_NO_CERTIFICATES_RETURNED                   176
+# define SSL_R_NO_CERTIFICATE_ASSIGNED                    177
+# define SSL_R_NO_CERTIFICATE_RETURNED                    178
+# define SSL_R_NO_CERTIFICATE_SET                         179
+# define SSL_R_NO_CERTIFICATE_SPECIFIED                   180
+# define SSL_R_NO_CIPHERS_AVAILABLE                       181
+# define SSL_R_NO_CIPHERS_PASSED                          182
+# define SSL_R_NO_CIPHERS_SPECIFIED                       183
+# define SSL_R_NO_CIPHER_LIST                             184
+# define SSL_R_NO_CIPHER_MATCH                            185
+# define SSL_R_NO_CLIENT_CERT_METHOD                      331
+# define SSL_R_NO_CLIENT_CERT_RECEIVED                    186
+# define SSL_R_NO_COMPRESSION_SPECIFIED                   187
+# define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER           330
+# define SSL_R_NO_METHOD_SPECIFIED                        188
+# define SSL_R_NO_PRIVATEKEY                              189
+# define SSL_R_NO_PRIVATE_KEY_ASSIGNED                    190
+# define SSL_R_NO_PROTOCOLS_AVAILABLE                     191
+# define SSL_R_NO_PUBLICKEY                               192
+# define SSL_R_NO_RENEGOTIATION                           339
+# define SSL_R_NO_REQUIRED_DIGEST                         324
+# define SSL_R_NO_SHARED_CIPHER                           193
+# define SSL_R_NO_SRTP_PROFILES                           359
+# define SSL_R_NO_VERIFY_CALLBACK                         194
+# define SSL_R_NULL_SSL_CTX                               195
+# define SSL_R_NULL_SSL_METHOD_PASSED                     196
+# define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED            197
+# define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
+# define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE              297
+# define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG                  327
+# define SSL_R_PACKET_LENGTH_TOO_LONG                     198
+# define SSL_R_PARSE_TLSEXT                               227
+# define SSL_R_PATH_TOO_LONG                              270
+# define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE          199
+# define SSL_R_PEER_ERROR                                 200
+# define SSL_R_PEER_ERROR_CERTIFICATE                     201
+# define SSL_R_PEER_ERROR_NO_CERTIFICATE                  202
+# define SSL_R_PEER_ERROR_NO_CIPHER                       203
+# define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE    204
+# define SSL_R_PRE_MAC_LENGTH_TOO_LONG                    205
+# define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS          206
+# define SSL_R_PROTOCOL_IS_SHUTDOWN                       207
+# define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
+# define SSL_R_PSK_NO_CLIENT_CB                           224
+# define SSL_R_PSK_NO_SERVER_CB                           225
+# define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR                   208
+# define SSL_R_PUBLIC_KEY_IS_NOT_RSA                      209
+# define SSL_R_PUBLIC_KEY_NOT_RSA                         210
+# define SSL_R_READ_BIO_NOT_SET                           211
+# define SSL_R_READ_TIMEOUT_EXPIRED                       312
+# define SSL_R_READ_WRONG_PACKET_TYPE                     212
+# define SSL_R_RECORD_LENGTH_MISMATCH                     213
+# define SSL_R_RECORD_TOO_LARGE                           214
+# define SSL_R_RECORD_TOO_SMALL                           298
+# define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
+# define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
+# define SSL_R_RENEGOTIATION_MISMATCH                     337
+# define SSL_R_REQUIRED_CIPHER_MISSING                    215
+# define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING    342
+# define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO                 216
+# define SSL_R_REUSE_CERT_TYPE_NOT_ZERO                   217
+# define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO                 218
+# define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
+# define SSL_R_SERVERHELLO_TLSEXT                         275
+# define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
+# define SSL_R_SHORT_READ                                 219
+# define SSL_R_SIGNATURE_ALGORITHMS_ERROR                 360
+# define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE      220
+# define SSL_R_SRP_A_CALC                                 361
+# define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES           362
+# define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG      363
+# define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE            364
+# define SSL_R_SSL23_DOING_SESSION_ID_REUSE               221
+# define SSL_R_SSL2_CONNECTION_ID_TOO_LONG                299
+# define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT             321
+# define SSL_R_SSL3_EXT_INVALID_SERVERNAME                319
+# define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE           320
+# define SSL_R_SSL3_SESSION_ID_TOO_LONG                   300
+# define SSL_R_SSL3_SESSION_ID_TOO_SHORT                  222
+# define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE                1042
+# define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC                 1020
+# define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED            1045
+# define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED            1044
+# define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN            1046
+# define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE          1030
+# define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE              1040
+# define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER              1047
+# define SSL_R_SSLV3_ALERT_NO_CERTIFICATE                 1041
+# define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE             1010
+# define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE        1043
+# define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION         228
+# define SSL_R_SSL_HANDSHAKE_FAILURE                      229
+# define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS                 230
+# define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED             301
+# define SSL_R_SSL_SESSION_ID_CONFLICT                    302
+# define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG            273
+# define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH              303
+# define SSL_R_SSL_SESSION_ID_IS_DIFFERENT                231
+# define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
+# define SSL_R_TLSV1_ALERT_DECODE_ERROR                   1050
+# define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED              1021
+# define SSL_R_TLSV1_ALERT_DECRYPT_ERROR                  1051
+# define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION             1060
+# define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK         1086
+# define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY          1071
+# define SSL_R_TLSV1_ALERT_INTERNAL_ERROR                 1080
+# define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION               1100
+# define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION               1070
+# define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW                1022
+# define SSL_R_TLSV1_ALERT_UNKNOWN_CA                     1048
+# define SSL_R_TLSV1_ALERT_USER_CANCELLED                 1090
+# define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE           1114
+# define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE      1113
+# define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE             1111
+# define SSL_R_TLSV1_UNRECOGNIZED_NAME                    1112
+# define SSL_R_TLSV1_UNSUPPORTED_EXTENSION                1110
+# define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER       232
+# define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT           365
+# define SSL_R_TLS_HEARTBEAT_PENDING                      366
+# define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL                 367
+# define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST             157
+# define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
+# define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG    234
+# define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER            235
+# define SSL_R_UNABLE_TO_DECODE_DH_CERTS                  236
+# define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS                313
+# define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY               237
+# define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS               238
+# define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS             314
+# define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS       239
+# define SSL_R_UNABLE_TO_FIND_SSL_METHOD                  240
+# define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES           241
+# define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES           242
+# define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES          243
+# define SSL_R_UNEXPECTED_MESSAGE                         244
+# define SSL_R_UNEXPECTED_RECORD                          245
+# define SSL_R_UNINITIALIZED                              276
+# define SSL_R_UNKNOWN_ALERT_TYPE                         246
+# define SSL_R_UNKNOWN_CERTIFICATE_TYPE                   247
+# define SSL_R_UNKNOWN_CIPHER_RETURNED                    248
+# define SSL_R_UNKNOWN_CIPHER_TYPE                        249
+# define SSL_R_UNKNOWN_DIGEST                             368
+# define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
+# define SSL_R_UNKNOWN_PKEY_TYPE                          251
+# define SSL_R_UNKNOWN_PROTOCOL                           252
+# define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE                  253
+# define SSL_R_UNKNOWN_SSL_VERSION                        254
+# define SSL_R_UNKNOWN_STATE                              255
+# define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED       338
+# define SSL_R_UNSUPPORTED_CIPHER                         256
+# define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM          257
+# define SSL_R_UNSUPPORTED_DIGEST_TYPE                    326
+# define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE                 315
+# define SSL_R_UNSUPPORTED_PROTOCOL                       258
+# define SSL_R_UNSUPPORTED_SSL_VERSION                    259
+# define SSL_R_UNSUPPORTED_STATUS_TYPE                    329
+# define SSL_R_USE_SRTP_NOT_NEGOTIATED                    369
+# define SSL_R_WRITE_BIO_NOT_SET                          260
+# define SSL_R_WRONG_CIPHER_RETURNED                      261
+# define SSL_R_WRONG_MESSAGE_TYPE                         262
+# define SSL_R_WRONG_NUMBER_OF_KEY_BITS                   263
+# define SSL_R_WRONG_SIGNATURE_LENGTH                     264
+# define SSL_R_WRONG_SIGNATURE_SIZE                       265
+# define SSL_R_WRONG_SIGNATURE_TYPE                       370
+# define SSL_R_WRONG_SSL_VERSION                          266
+# define SSL_R_WRONG_VERSION_NUMBER                       267
+# define SSL_R_X509_LIB                                   268
+# define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS           269
+
+#ifdef  __cplusplus
+}
+#endif
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/ssl/ssl_ciph.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/ssl_ciph.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/ssl/ssl_ciph.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,1911 +0,0 @@
-/* ssl/ssl_ciph.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#ifndef OPENSSL_NO_COMP
-# include <openssl/comp.h>
-#endif
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
-#include "ssl_locl.h"
-
-#define SSL_ENC_DES_IDX         0
-#define SSL_ENC_3DES_IDX        1
-#define SSL_ENC_RC4_IDX         2
-#define SSL_ENC_RC2_IDX         3
-#define SSL_ENC_IDEA_IDX        4
-#define SSL_ENC_NULL_IDX        5
-#define SSL_ENC_AES128_IDX      6
-#define SSL_ENC_AES256_IDX      7
-#define SSL_ENC_CAMELLIA128_IDX 8
-#define SSL_ENC_CAMELLIA256_IDX 9
-#define SSL_ENC_GOST89_IDX      10
-#define SSL_ENC_SEED_IDX        11
-#define SSL_ENC_AES128GCM_IDX   12
-#define SSL_ENC_AES256GCM_IDX   13
-#define SSL_ENC_NUM_IDX         14
-
-static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = {
-    NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
-    NULL, NULL
-};
-
-#define SSL_COMP_NULL_IDX       0
-#define SSL_COMP_ZLIB_IDX       1
-#define SSL_COMP_NUM_IDX        2
-
-static STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
-
-#define SSL_MD_MD5_IDX  0
-#define SSL_MD_SHA1_IDX 1
-#define SSL_MD_GOST94_IDX 2
-#define SSL_MD_GOST89MAC_IDX 3
-#define SSL_MD_SHA256_IDX 4
-#define SSL_MD_SHA384_IDX 5
-/*
- * Constant SSL_MAX_DIGEST equal to size of digests array should be defined
- * in the ssl_locl.h
- */
-#define SSL_MD_NUM_IDX  SSL_MAX_DIGEST
-static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = {
-    NULL, NULL, NULL, NULL, NULL, NULL
-};
-
-/*
- * PKEY_TYPE for GOST89MAC is known in advance, but, because implementation
- * is engine-provided, we'll fill it only if corresponding EVP_PKEY_METHOD is
- * found
- */
-static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = {
-    EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef,
-    EVP_PKEY_HMAC, EVP_PKEY_HMAC
-};
-
-static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = {
-    0, 0, 0, 0, 0, 0
-};
-
-static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = {
-    SSL_HANDSHAKE_MAC_MD5, SSL_HANDSHAKE_MAC_SHA,
-    SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256,
-    SSL_HANDSHAKE_MAC_SHA384
-};
-
-#define CIPHER_ADD      1
-#define CIPHER_KILL     2
-#define CIPHER_DEL      3
-#define CIPHER_ORD      4
-#define CIPHER_SPECIAL  5
-
-typedef struct cipher_order_st {
-    const SSL_CIPHER *cipher;
-    int active;
-    int dead;
-    struct cipher_order_st *next, *prev;
-} CIPHER_ORDER;
-
-static const SSL_CIPHER cipher_aliases[] = {
-    /* "ALL" doesn't include eNULL (must be specifically enabled) */
-    {0, SSL_TXT_ALL, 0, 0, 0, ~SSL_eNULL, 0, 0, 0, 0, 0, 0},
-    /* "COMPLEMENTOFALL" */
-    {0, SSL_TXT_CMPALL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0},
-
-    /*
-     * "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in
-     * ALL!)
-     */
-    {0, SSL_TXT_CMPDEF, 0, 0, SSL_aNULL, ~SSL_eNULL, 0, ~SSL_SSLV2,
-     SSL_EXP_MASK, 0, 0, 0},
-
-    /*
-     * key exchange aliases (some of those using only a single bit here
-     * combine multiple key exchange algs according to the RFCs, e.g. kEDH
-     * combines DHE_DSS and DHE_RSA)
-     */
-    {0, SSL_TXT_kRSA, 0, SSL_kRSA, 0, 0, 0, 0, 0, 0, 0, 0},
-
-    /* no such ciphersuites supported! */
-    {0, SSL_TXT_kDHr, 0, SSL_kDHr, 0, 0, 0, 0, 0, 0, 0, 0},
-    /* no such ciphersuites supported! */
-    {0, SSL_TXT_kDHd, 0, SSL_kDHd, 0, 0, 0, 0, 0, 0, 0, 0},
-    /* no such ciphersuites supported! */
-    {0, SSL_TXT_kDH, 0, SSL_kDHr | SSL_kDHd, 0, 0, 0, 0, 0, 0, 0, 0},
-        {0, SSL_TXT_kEDH, 0, SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_DH, 0, SSL_kDHr | SSL_kDHd | SSL_kEDH, 0, 0, 0, 0, 0, 0, 0,
-     0},
-
-    {0, SSL_TXT_kKRB5, 0, SSL_kKRB5, 0, 0, 0, 0, 0, 0, 0, 0},
-
-    {0, SSL_TXT_kECDHr, 0, SSL_kECDHr, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_kECDHe, 0, SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_kECDH, 0, SSL_kECDHr | SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_kEECDH, 0, SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_ECDH, 0, SSL_kECDHr | SSL_kECDHe | SSL_kEECDH, 0, 0, 0, 0, 0,
-     0, 0, 0},
-
-    {0, SSL_TXT_kPSK, 0, SSL_kPSK, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_kSRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_kGOST, 0, SSL_kGOST, 0, 0, 0, 0, 0, 0, 0, 0},
-
-    /* server authentication aliases */
-    {0, SSL_TXT_aRSA, 0, 0, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_aDSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_DSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_aKRB5, 0, 0, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_aNULL, 0, 0, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
-    /* no such ciphersuites supported! */
-    {0, SSL_TXT_aDH, 0, 0, SSL_aDH, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_aECDH, 0, 0, SSL_aECDH, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_aPSK, 0, 0, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_aGOST94, 0, 0, SSL_aGOST94, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_aGOST01, 0, 0, SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST94 | SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_aSRP, 0, 0, SSL_aSRP, 0, 0, 0, 0, 0, 0, 0},
-
-    /* aliases combining key exchange and server authentication */
-    {0, SSL_TXT_EDH, 0, SSL_kEDH, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_EECDH, 0, SSL_kEECDH, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_NULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_KRB5, 0, SSL_kKRB5, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_ADH, 0, SSL_kEDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_AECDH, 0, SSL_kEECDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_PSK, 0, SSL_kPSK, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_SRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0},
-
-    /* symmetric encryption aliases */
-    {0, SSL_TXT_DES, 0, 0, 0, SSL_DES, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_3DES, 0, 0, 0, SSL_3DES, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_RC4, 0, 0, 0, SSL_RC4, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_RC2, 0, 0, 0, SSL_RC2, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_IDEA, 0, 0, 0, SSL_IDEA, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_SEED, 0, 0, 0, SSL_SEED, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_AES128, 0, 0, 0, SSL_AES128 | SSL_AES128GCM, 0, 0, 0, 0, 0,
-     0},
-    {0, SSL_TXT_AES256, 0, 0, 0, SSL_AES256 | SSL_AES256GCM, 0, 0, 0, 0, 0,
-     0},
-    {0, SSL_TXT_AES, 0, 0, 0, SSL_AES, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM, 0, 0, 0, 0,
-     0, 0},
-    {0, SSL_TXT_CAMELLIA128, 0, 0, 0, SSL_CAMELLIA128, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_CAMELLIA, 0, 0, 0, SSL_CAMELLIA128 | SSL_CAMELLIA256, 0, 0, 0,
-     0, 0, 0},
-
-    /* MAC aliases */
-    {0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_SHA1, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_SHA, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_GOST94, 0, 0, 0, 0, SSL_GOST94, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_GOST89MAC, 0, 0, 0, 0, SSL_GOST89MAC, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_SHA256, 0, 0, 0, 0, SSL_SHA256, 0, 0, 0, 0, 0},
-    {0, SSL_TXT_SHA384, 0, 0, 0, 0, SSL_SHA384, 0, 0, 0, 0, 0},
-
-    /* protocol version aliases */
-    {0, SSL_TXT_SSLV2, 0, 0, 0, 0, 0, SSL_SSLV2, 0, 0, 0, 0},
-    {0, SSL_TXT_SSLV3, 0, 0, 0, 0, 0, SSL_SSLV3, 0, 0, 0, 0},
-    {0, SSL_TXT_TLSV1, 0, 0, 0, 0, 0, SSL_TLSV1, 0, 0, 0, 0},
-    {0, SSL_TXT_TLSV1_2, 0, 0, 0, 0, 0, SSL_TLSV1_2, 0, 0, 0, 0},
-
-    /* export flag */
-    {0, SSL_TXT_EXP, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0},
-    {0, SSL_TXT_EXPORT, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0},
-
-    /* strength classes */
-    {0, SSL_TXT_EXP40, 0, 0, 0, 0, 0, 0, SSL_EXP40, 0, 0, 0},
-    {0, SSL_TXT_EXP56, 0, 0, 0, 0, 0, 0, SSL_EXP56, 0, 0, 0},
-    {0, SSL_TXT_LOW, 0, 0, 0, 0, 0, 0, SSL_LOW, 0, 0, 0},
-    {0, SSL_TXT_MEDIUM, 0, 0, 0, 0, 0, 0, SSL_MEDIUM, 0, 0, 0},
-    {0, SSL_TXT_HIGH, 0, 0, 0, 0, 0, 0, SSL_HIGH, 0, 0, 0},
-    /* FIPS 140-2 approved ciphersuite */
-    {0, SSL_TXT_FIPS, 0, 0, 0, ~SSL_eNULL, 0, 0, SSL_FIPS, 0, 0, 0},
-};
-
-/*
- * Search for public key algorithm with given name and return its pkey_id if
- * it is available. Otherwise return 0
- */
-#ifdef OPENSSL_NO_ENGINE
-
-static int get_optional_pkey_id(const char *pkey_name)
-{
-    const EVP_PKEY_ASN1_METHOD *ameth;
-    int pkey_id = 0;
-    ameth = EVP_PKEY_asn1_find_str(NULL, pkey_name, -1);
-    if (ameth && EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL,
-                                         ameth) > 0) {
-        return pkey_id;
-    }
-    return 0;
-}
-
-#else
-
-static int get_optional_pkey_id(const char *pkey_name)
-{
-    const EVP_PKEY_ASN1_METHOD *ameth;
-    ENGINE *tmpeng = NULL;
-    int pkey_id = 0;
-    ameth = EVP_PKEY_asn1_find_str(&tmpeng, pkey_name, -1);
-    if (ameth) {
-        if (EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL,
-                                    ameth) <= 0)
-            pkey_id = 0;
-    }
-    if (tmpeng)
-        ENGINE_finish(tmpeng);
-    return pkey_id;
-}
-
-#endif
-
-void ssl_load_ciphers(void)
-{
-    ssl_cipher_methods[SSL_ENC_DES_IDX] = EVP_get_cipherbyname(SN_des_cbc);
-    ssl_cipher_methods[SSL_ENC_3DES_IDX] =
-        EVP_get_cipherbyname(SN_des_ede3_cbc);
-    ssl_cipher_methods[SSL_ENC_RC4_IDX] = EVP_get_cipherbyname(SN_rc4);
-    ssl_cipher_methods[SSL_ENC_RC2_IDX] = EVP_get_cipherbyname(SN_rc2_cbc);
-#ifndef OPENSSL_NO_IDEA
-    ssl_cipher_methods[SSL_ENC_IDEA_IDX] = EVP_get_cipherbyname(SN_idea_cbc);
-#else
-    ssl_cipher_methods[SSL_ENC_IDEA_IDX] = NULL;
-#endif
-    ssl_cipher_methods[SSL_ENC_AES128_IDX] =
-        EVP_get_cipherbyname(SN_aes_128_cbc);
-    ssl_cipher_methods[SSL_ENC_AES256_IDX] =
-        EVP_get_cipherbyname(SN_aes_256_cbc);
-    ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] =
-        EVP_get_cipherbyname(SN_camellia_128_cbc);
-    ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] =
-        EVP_get_cipherbyname(SN_camellia_256_cbc);
-    ssl_cipher_methods[SSL_ENC_GOST89_IDX] =
-        EVP_get_cipherbyname(SN_gost89_cnt);
-    ssl_cipher_methods[SSL_ENC_SEED_IDX] = EVP_get_cipherbyname(SN_seed_cbc);
-
-    ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] =
-        EVP_get_cipherbyname(SN_aes_128_gcm);
-    ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] =
-        EVP_get_cipherbyname(SN_aes_256_gcm);
-
-    ssl_digest_methods[SSL_MD_MD5_IDX] = EVP_get_digestbyname(SN_md5);
-    ssl_mac_secret_size[SSL_MD_MD5_IDX] =
-        EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]);
-    OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0);
-    ssl_digest_methods[SSL_MD_SHA1_IDX] = EVP_get_digestbyname(SN_sha1);
-    ssl_mac_secret_size[SSL_MD_SHA1_IDX] =
-        EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]);
-    OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0);
-    ssl_digest_methods[SSL_MD_GOST94_IDX] =
-        EVP_get_digestbyname(SN_id_GostR3411_94);
-    if (ssl_digest_methods[SSL_MD_GOST94_IDX]) {
-        ssl_mac_secret_size[SSL_MD_GOST94_IDX] =
-            EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]);
-        OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0);
-    }
-    ssl_digest_methods[SSL_MD_GOST89MAC_IDX] =
-        EVP_get_digestbyname(SN_id_Gost28147_89_MAC);
-    ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac");
-    if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) {
-        ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32;
-    }
-
-    ssl_digest_methods[SSL_MD_SHA256_IDX] = EVP_get_digestbyname(SN_sha256);
-    ssl_mac_secret_size[SSL_MD_SHA256_IDX] =
-        EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]);
-    ssl_digest_methods[SSL_MD_SHA384_IDX] = EVP_get_digestbyname(SN_sha384);
-    ssl_mac_secret_size[SSL_MD_SHA384_IDX] =
-        EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]);
-}
-
-#ifndef OPENSSL_NO_COMP
-
-static int sk_comp_cmp(const SSL_COMP *const *a, const SSL_COMP *const *b)
-{
-    return ((*a)->id - (*b)->id);
-}
-
-static void load_builtin_compressions(void)
-{
-    int got_write_lock = 0;
-
-    CRYPTO_r_lock(CRYPTO_LOCK_SSL);
-    if (ssl_comp_methods == NULL) {
-        CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
-        CRYPTO_w_lock(CRYPTO_LOCK_SSL);
-        got_write_lock = 1;
-
-        if (ssl_comp_methods == NULL) {
-            SSL_COMP *comp = NULL;
-
-            MemCheck_off();
-            ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp);
-            if (ssl_comp_methods != NULL) {
-                comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
-                if (comp != NULL) {
-                    comp->method = COMP_zlib();
-                    if (comp->method && comp->method->type == NID_undef)
-                        OPENSSL_free(comp);
-                    else {
-                        comp->id = SSL_COMP_ZLIB_IDX;
-                        comp->name = comp->method->name;
-                        sk_SSL_COMP_push(ssl_comp_methods, comp);
-                    }
-                }
-                sk_SSL_COMP_sort(ssl_comp_methods);
-            }
-            MemCheck_on();
-        }
-    }
-
-    if (got_write_lock)
-        CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
-    else
-        CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
-}
-#endif
-
-int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
-                       const EVP_MD **md, int *mac_pkey_type,
-                       int *mac_secret_size, SSL_COMP **comp)
-{
-    int i;
-    const SSL_CIPHER *c;
-
-    c = s->cipher;
-    if (c == NULL)
-        return (0);
-    if (comp != NULL) {
-        SSL_COMP ctmp;
-#ifndef OPENSSL_NO_COMP
-        load_builtin_compressions();
-#endif
-
-        *comp = NULL;
-        ctmp.id = s->compress_meth;
-        if (ssl_comp_methods != NULL) {
-            i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp);
-            if (i >= 0)
-                *comp = sk_SSL_COMP_value(ssl_comp_methods, i);
-            else
-                *comp = NULL;
-        }
-    }
-
-    if ((enc == NULL) || (md == NULL))
-        return (0);
-
-    switch (c->algorithm_enc) {
-    case SSL_DES:
-        i = SSL_ENC_DES_IDX;
-        break;
-    case SSL_3DES:
-        i = SSL_ENC_3DES_IDX;
-        break;
-    case SSL_RC4:
-        i = SSL_ENC_RC4_IDX;
-        break;
-    case SSL_RC2:
-        i = SSL_ENC_RC2_IDX;
-        break;
-    case SSL_IDEA:
-        i = SSL_ENC_IDEA_IDX;
-        break;
-    case SSL_eNULL:
-        i = SSL_ENC_NULL_IDX;
-        break;
-    case SSL_AES128:
-        i = SSL_ENC_AES128_IDX;
-        break;
-    case SSL_AES256:
-        i = SSL_ENC_AES256_IDX;
-        break;
-    case SSL_CAMELLIA128:
-        i = SSL_ENC_CAMELLIA128_IDX;
-        break;
-    case SSL_CAMELLIA256:
-        i = SSL_ENC_CAMELLIA256_IDX;
-        break;
-    case SSL_eGOST2814789CNT:
-        i = SSL_ENC_GOST89_IDX;
-        break;
-    case SSL_SEED:
-        i = SSL_ENC_SEED_IDX;
-        break;
-    case SSL_AES128GCM:
-        i = SSL_ENC_AES128GCM_IDX;
-        break;
-    case SSL_AES256GCM:
-        i = SSL_ENC_AES256GCM_IDX;
-        break;
-    default:
-        i = -1;
-        break;
-    }
-
-    if ((i < 0) || (i >= SSL_ENC_NUM_IDX))
-        *enc = NULL;
-    else {
-        if (i == SSL_ENC_NULL_IDX)
-            *enc = EVP_enc_null();
-        else
-            *enc = ssl_cipher_methods[i];
-    }
-
-    switch (c->algorithm_mac) {
-    case SSL_MD5:
-        i = SSL_MD_MD5_IDX;
-        break;
-    case SSL_SHA1:
-        i = SSL_MD_SHA1_IDX;
-        break;
-    case SSL_SHA256:
-        i = SSL_MD_SHA256_IDX;
-        break;
-    case SSL_SHA384:
-        i = SSL_MD_SHA384_IDX;
-        break;
-    case SSL_GOST94:
-        i = SSL_MD_GOST94_IDX;
-        break;
-    case SSL_GOST89MAC:
-        i = SSL_MD_GOST89MAC_IDX;
-        break;
-    default:
-        i = -1;
-        break;
-    }
-    if ((i < 0) || (i >= SSL_MD_NUM_IDX)) {
-        *md = NULL;
-        if (mac_pkey_type != NULL)
-            *mac_pkey_type = NID_undef;
-        if (mac_secret_size != NULL)
-            *mac_secret_size = 0;
-        if (c->algorithm_mac == SSL_AEAD)
-            mac_pkey_type = NULL;
-    } else {
-        *md = ssl_digest_methods[i];
-        if (mac_pkey_type != NULL)
-            *mac_pkey_type = ssl_mac_pkey_id[i];
-        if (mac_secret_size != NULL)
-            *mac_secret_size = ssl_mac_secret_size[i];
-    }
-
-    if ((*enc != NULL) &&
-        (*md != NULL || (EVP_CIPHER_flags(*enc) & EVP_CIPH_FLAG_AEAD_CIPHER))
-        && (!mac_pkey_type || *mac_pkey_type != NID_undef)) {
-        const EVP_CIPHER *evp;
-
-        if (s->ssl_version >> 8 != TLS1_VERSION_MAJOR ||
-            s->ssl_version < TLS1_VERSION)
-            return 1;
-
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode())
-            return 1;
-#endif
-
-        if (c->algorithm_enc == SSL_RC4 &&
-            c->algorithm_mac == SSL_MD5 &&
-            (evp = EVP_get_cipherbyname("RC4-HMAC-MD5")))
-            *enc = evp, *md = NULL;
-        else if (c->algorithm_enc == SSL_AES128 &&
-                 c->algorithm_mac == SSL_SHA1 &&
-                 (evp = EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
-            *enc = evp, *md = NULL;
-        else if (c->algorithm_enc == SSL_AES256 &&
-                 c->algorithm_mac == SSL_SHA1 &&
-                 (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
-            *enc = evp, *md = NULL;
-        return (1);
-    } else
-        return (0);
-}
-
-int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md)
-{
-    if (idx < 0 || idx >= SSL_MD_NUM_IDX) {
-        return 0;
-    }
-    *mask = ssl_handshake_digest_flag[idx];
-    if (*mask)
-        *md = ssl_digest_methods[idx];
-    else
-        *md = NULL;
-    return 1;
-}
-
-#define ITEM_SEP(a) \
-        (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
-
-static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
-                           CIPHER_ORDER **tail)
-{
-    if (curr == *tail)
-        return;
-    if (curr == *head)
-        *head = curr->next;
-    if (curr->prev != NULL)
-        curr->prev->next = curr->next;
-    if (curr->next != NULL)
-        curr->next->prev = curr->prev;
-    (*tail)->next = curr;
-    curr->prev = *tail;
-    curr->next = NULL;
-    *tail = curr;
-}
-
-static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
-                           CIPHER_ORDER **tail)
-{
-    if (curr == *head)
-        return;
-    if (curr == *tail)
-        *tail = curr->prev;
-    if (curr->next != NULL)
-        curr->next->prev = curr->prev;
-    if (curr->prev != NULL)
-        curr->prev->next = curr->next;
-    (*head)->prev = curr;
-    curr->next = *head;
-    curr->prev = NULL;
-    *head = curr;
-}
-
-static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth,
-                                    unsigned long *enc, unsigned long *mac,
-                                    unsigned long *ssl)
-{
-    *mkey = 0;
-    *auth = 0;
-    *enc = 0;
-    *mac = 0;
-    *ssl = 0;
-
-#ifdef OPENSSL_NO_RSA
-    *mkey |= SSL_kRSA;
-    *auth |= SSL_aRSA;
-#endif
-#ifdef OPENSSL_NO_DSA
-    *auth |= SSL_aDSS;
-#endif
-    *mkey |= SSL_kDHr | SSL_kDHd; /* no such ciphersuites supported! */
-    *auth |= SSL_aDH;
-#ifdef OPENSSL_NO_DH
-    *mkey |= SSL_kDHr | SSL_kDHd | SSL_kEDH;
-    *auth |= SSL_aDH;
-#endif
-#ifdef OPENSSL_NO_KRB5
-    *mkey |= SSL_kKRB5;
-    *auth |= SSL_aKRB5;
-#endif
-#ifdef OPENSSL_NO_ECDSA
-    *auth |= SSL_aECDSA;
-#endif
-#ifdef OPENSSL_NO_ECDH
-    *mkey |= SSL_kECDHe | SSL_kECDHr;
-    *auth |= SSL_aECDH;
-#endif
-#ifdef OPENSSL_NO_PSK
-    *mkey |= SSL_kPSK;
-    *auth |= SSL_aPSK;
-#endif
-#ifdef OPENSSL_NO_SRP
-    *mkey |= SSL_kSRP;
-#endif
-    /*
-     * Check for presence of GOST 34.10 algorithms, and if they do not
-     * present, disable appropriate auth and key exchange
-     */
-    if (!get_optional_pkey_id("gost94")) {
-        *auth |= SSL_aGOST94;
-    }
-    if (!get_optional_pkey_id("gost2001")) {
-        *auth |= SSL_aGOST01;
-    }
-    /*
-     * Disable GOST key exchange if no GOST signature algs are available *
-     */
-    if ((*auth & (SSL_aGOST94 | SSL_aGOST01)) == (SSL_aGOST94 | SSL_aGOST01)) {
-        *mkey |= SSL_kGOST;
-    }
-#ifdef SSL_FORBID_ENULL
-    *enc |= SSL_eNULL;
-#endif
-
-    *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX] == NULL) ? SSL_DES : 0;
-    *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES : 0;
-    *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX] == NULL) ? SSL_RC4 : 0;
-    *enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX] == NULL) ? SSL_RC2 : 0;
-    *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA : 0;
-    *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128 : 0;
-    *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256 : 0;
-    *enc |=
-        (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] ==
-         NULL) ? SSL_AES128GCM : 0;
-    *enc |=
-        (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] ==
-         NULL) ? SSL_AES256GCM : 0;
-    *enc |=
-        (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] ==
-         NULL) ? SSL_CAMELLIA128 : 0;
-    *enc |=
-        (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] ==
-         NULL) ? SSL_CAMELLIA256 : 0;
-    *enc |=
-        (ssl_cipher_methods[SSL_ENC_GOST89_IDX] ==
-         NULL) ? SSL_eGOST2814789CNT : 0;
-    *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED : 0;
-
-    *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX] == NULL) ? SSL_MD5 : 0;
-    *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1 : 0;
-    *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256 : 0;
-    *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384 : 0;
-    *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94 : 0;
-    *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL
-             || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] ==
-             NID_undef) ? SSL_GOST89MAC : 0;
-
-}
-
-static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
-                                       int num_of_ciphers,
-                                       unsigned long disabled_mkey,
-                                       unsigned long disabled_auth,
-                                       unsigned long disabled_enc,
-                                       unsigned long disabled_mac,
-                                       unsigned long disabled_ssl,
-                                       CIPHER_ORDER *co_list,
-                                       CIPHER_ORDER **head_p,
-                                       CIPHER_ORDER **tail_p)
-{
-    int i, co_list_num;
-    const SSL_CIPHER *c;
-
-    /*
-     * We have num_of_ciphers descriptions compiled in, depending on the
-     * method selected (SSLv2 and/or SSLv3, TLSv1 etc).
-     * These will later be sorted in a linked list with at most num
-     * entries.
-     */
-
-    /* Get the initial list of ciphers */
-    co_list_num = 0;            /* actual count of ciphers */
-    for (i = 0; i < num_of_ciphers; i++) {
-        c = ssl_method->get_cipher(i);
-        /* drop those that use any of that is not available */
-        if ((c != NULL) && c->valid &&
-#ifdef OPENSSL_FIPS
-            (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) &&
-#endif
-            !(c->algorithm_mkey & disabled_mkey) &&
-            !(c->algorithm_auth & disabled_auth) &&
-            !(c->algorithm_enc & disabled_enc) &&
-            !(c->algorithm_mac & disabled_mac) &&
-            !(c->algorithm_ssl & disabled_ssl)) {
-            co_list[co_list_num].cipher = c;
-            co_list[co_list_num].next = NULL;
-            co_list[co_list_num].prev = NULL;
-            co_list[co_list_num].active = 0;
-            co_list_num++;
-#ifdef KSSL_DEBUG
-            fprintf(stderr, "\t%d: %s %lx %lx %lx\n", i, c->name, c->id,
-                    c->algorithm_mkey, c->algorithm_auth);
-#endif                          /* KSSL_DEBUG */
-            /*
-             * if (!sk_push(ca_list,(char *)c)) goto err;
-             */
-        }
-    }
-
-    /*
-     * Prepare linked list from list entries
-     */
-    if (co_list_num > 0) {
-        co_list[0].prev = NULL;
-
-        if (co_list_num > 1) {
-            co_list[0].next = &co_list[1];
-
-            for (i = 1; i < co_list_num - 1; i++) {
-                co_list[i].prev = &co_list[i - 1];
-                co_list[i].next = &co_list[i + 1];
-            }
-
-            co_list[co_list_num - 1].prev = &co_list[co_list_num - 2];
-        }
-
-        co_list[co_list_num - 1].next = NULL;
-
-        *head_p = &co_list[0];
-        *tail_p = &co_list[co_list_num - 1];
-    }
-}
-
-static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
-                                       int num_of_group_aliases,
-                                       unsigned long disabled_mkey,
-                                       unsigned long disabled_auth,
-                                       unsigned long disabled_enc,
-                                       unsigned long disabled_mac,
-                                       unsigned long disabled_ssl,
-                                       CIPHER_ORDER *head)
-{
-    CIPHER_ORDER *ciph_curr;
-    const SSL_CIPHER **ca_curr;
-    int i;
-    unsigned long mask_mkey = ~disabled_mkey;
-    unsigned long mask_auth = ~disabled_auth;
-    unsigned long mask_enc = ~disabled_enc;
-    unsigned long mask_mac = ~disabled_mac;
-    unsigned long mask_ssl = ~disabled_ssl;
-
-    /*
-     * First, add the real ciphers as already collected
-     */
-    ciph_curr = head;
-    ca_curr = ca_list;
-    while (ciph_curr != NULL) {
-        *ca_curr = ciph_curr->cipher;
-        ca_curr++;
-        ciph_curr = ciph_curr->next;
-    }
-
-    /*
-     * Now we add the available ones from the cipher_aliases[] table.
-     * They represent either one or more algorithms, some of which
-     * in any affected category must be supported (set in enabled_mask),
-     * or represent a cipher strength value (will be added in any case because algorithms=0).
-     */
-    for (i = 0; i < num_of_group_aliases; i++) {
-        unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey;
-        unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth;
-        unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc;
-        unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac;
-        unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl;
-
-        if (algorithm_mkey)
-            if ((algorithm_mkey & mask_mkey) == 0)
-                continue;
-
-        if (algorithm_auth)
-            if ((algorithm_auth & mask_auth) == 0)
-                continue;
-
-        if (algorithm_enc)
-            if ((algorithm_enc & mask_enc) == 0)
-                continue;
-
-        if (algorithm_mac)
-            if ((algorithm_mac & mask_mac) == 0)
-                continue;
-
-        if (algorithm_ssl)
-            if ((algorithm_ssl & mask_ssl) == 0)
-                continue;
-
-        *ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
-        ca_curr++;
-    }
-
-    *ca_curr = NULL;            /* end of list */
-}
-
-static void ssl_cipher_apply_rule(unsigned long cipher_id,
-                                  unsigned long alg_mkey,
-                                  unsigned long alg_auth,
-                                  unsigned long alg_enc,
-                                  unsigned long alg_mac,
-                                  unsigned long alg_ssl,
-                                  unsigned long algo_strength, int rule,
-                                  int strength_bits, CIPHER_ORDER **head_p,
-                                  CIPHER_ORDER **tail_p)
-{
-    CIPHER_ORDER *head, *tail, *curr, *next, *last;
-    const SSL_CIPHER *cp;
-    int reverse = 0;
-
-#ifdef CIPHER_DEBUG
-    fprintf(stderr,
-            "Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n",
-            rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl,
-            algo_strength, strength_bits);
-#endif
-
-    if (rule == CIPHER_DEL)
-        reverse = 1;            /* needed to maintain sorting between
-                                 * currently deleted ciphers */
-
-    head = *head_p;
-    tail = *tail_p;
-
-    if (reverse) {
-        next = tail;
-        last = head;
-    } else {
-        next = head;
-        last = tail;
-    }
-
-    curr = NULL;
-    for (;;) {
-        if (curr == last)
-            break;
-
-        curr = next;
-
-        if (curr == NULL)
-            break;
-
-        next = reverse ? curr->prev : curr->next;
-
-        cp = curr->cipher;
-
-        /*
-         * Selection criteria is either the value of strength_bits
-         * or the algorithms used.
-         */
-        if (strength_bits >= 0) {
-            if (strength_bits != cp->strength_bits)
-                continue;
-        } else {
-#ifdef CIPHER_DEBUG
-            fprintf(stderr,
-                    "\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n",
-                    cp->name, cp->algorithm_mkey, cp->algorithm_auth,
-                    cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl,
-                    cp->algo_strength);
-#endif
-            if (algo_strength == SSL_EXP_MASK && SSL_C_IS_EXPORT(cp))
-                goto ok;
-            if (alg_ssl == ~SSL_SSLV2 && cp->algorithm_ssl == SSL_SSLV2)
-                goto ok;
-            if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
-                continue;
-            if (alg_auth && !(alg_auth & cp->algorithm_auth))
-                continue;
-            if (alg_enc && !(alg_enc & cp->algorithm_enc))
-                continue;
-            if (alg_mac && !(alg_mac & cp->algorithm_mac))
-                continue;
-            if (alg_ssl && !(alg_ssl & cp->algorithm_ssl))
-                continue;
-            if ((algo_strength & SSL_EXP_MASK)
-                && !(algo_strength & SSL_EXP_MASK & cp->algo_strength))
-                continue;
-            if ((algo_strength & SSL_STRONG_MASK)
-                && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
-                continue;
-        }
-
-    ok:
-
-#ifdef CIPHER_DEBUG
-        fprintf(stderr, "Action = %d\n", rule);
-#endif
-
-        /* add the cipher if it has not been added yet. */
-        if (rule == CIPHER_ADD) {
-            /* reverse == 0 */
-            if (!curr->active) {
-                ll_append_tail(&head, curr, &tail);
-                curr->active = 1;
-            }
-        }
-        /* Move the added cipher to this location */
-        else if (rule == CIPHER_ORD) {
-            /* reverse == 0 */
-            if (curr->active) {
-                ll_append_tail(&head, curr, &tail);
-            }
-        } else if (rule == CIPHER_DEL) {
-            /* reverse == 1 */
-            if (curr->active) {
-                /*
-                 * most recently deleted ciphersuites get best positions for
-                 * any future CIPHER_ADD (note that the CIPHER_DEL loop works
-                 * in reverse to maintain the order)
-                 */
-                ll_append_head(&head, curr, &tail);
-                curr->active = 0;
-            }
-        } else if (rule == CIPHER_KILL) {
-            /* reverse == 0 */
-            if (head == curr)
-                head = curr->next;
-            else
-                curr->prev->next = curr->next;
-            if (tail == curr)
-                tail = curr->prev;
-            curr->active = 0;
-            if (curr->next != NULL)
-                curr->next->prev = curr->prev;
-            if (curr->prev != NULL)
-                curr->prev->next = curr->next;
-            curr->next = NULL;
-            curr->prev = NULL;
-        }
-    }
-
-    *head_p = head;
-    *tail_p = tail;
-}
-
-static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
-                                    CIPHER_ORDER **tail_p)
-{
-    int max_strength_bits, i, *number_uses;
-    CIPHER_ORDER *curr;
-
-    /*
-     * This routine sorts the ciphers with descending strength. The sorting
-     * must keep the pre-sorted sequence, so we apply the normal sorting
-     * routine as '+' movement to the end of the list.
-     */
-    max_strength_bits = 0;
-    curr = *head_p;
-    while (curr != NULL) {
-        if (curr->active && (curr->cipher->strength_bits > max_strength_bits))
-            max_strength_bits = curr->cipher->strength_bits;
-        curr = curr->next;
-    }
-
-    number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int));
-    if (!number_uses) {
-        SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE);
-        return (0);
-    }
-    memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int));
-
-    /*
-     * Now find the strength_bits values actually used
-     */
-    curr = *head_p;
-    while (curr != NULL) {
-        if (curr->active)
-            number_uses[curr->cipher->strength_bits]++;
-        curr = curr->next;
-    }
-    /*
-     * Go through the list of used strength_bits values in descending
-     * order.
-     */
-    for (i = max_strength_bits; i >= 0; i--)
-        if (number_uses[i] > 0)
-            ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p,
-                                  tail_p);
-
-    OPENSSL_free(number_uses);
-    return (1);
-}
-
-static int ssl_cipher_process_rulestr(const char *rule_str,
-                                      CIPHER_ORDER **head_p,
-                                      CIPHER_ORDER **tail_p,
-                                      const SSL_CIPHER **ca_list)
-{
-    unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl,
-        algo_strength;
-    const char *l, *buf;
-    int j, multi, found, rule, retval, ok, buflen;
-    unsigned long cipher_id = 0;
-    char ch;
-
-    retval = 1;
-    l = rule_str;
-    for (;;) {
-        ch = *l;
-
-        if (ch == '\0')
-            break;              /* done */
-        if (ch == '-') {
-            rule = CIPHER_DEL;
-            l++;
-        } else if (ch == '+') {
-            rule = CIPHER_ORD;
-            l++;
-        } else if (ch == '!') {
-            rule = CIPHER_KILL;
-            l++;
-        } else if (ch == '@') {
-            rule = CIPHER_SPECIAL;
-            l++;
-        } else {
-            rule = CIPHER_ADD;
-        }
-
-        if (ITEM_SEP(ch)) {
-            l++;
-            continue;
-        }
-
-        alg_mkey = 0;
-        alg_auth = 0;
-        alg_enc = 0;
-        alg_mac = 0;
-        alg_ssl = 0;
-        algo_strength = 0;
-
-        for (;;) {
-            ch = *l;
-            buf = l;
-            buflen = 0;
-#ifndef CHARSET_EBCDIC
-            while (((ch >= 'A') && (ch <= 'Z')) ||
-                   ((ch >= '0') && (ch <= '9')) ||
-                   ((ch >= 'a') && (ch <= 'z')) || (ch == '-') || (ch == '.'))
-#else
-            while (isalnum(ch) || (ch == '-') || (ch == '.'))
-#endif
-            {
-                ch = *(++l);
-                buflen++;
-            }
-
-            if (buflen == 0) {
-                /*
-                 * We hit something we cannot deal with,
-                 * it is no command or separator nor
-                 * alphanumeric, so we call this an error.
-                 */
-                SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
-                       SSL_R_INVALID_COMMAND);
-                retval = found = 0;
-                l++;
-                break;
-            }
-
-            if (rule == CIPHER_SPECIAL) {
-                found = 0;      /* unused -- avoid compiler warning */
-                break;          /* special treatment */
-            }
-
-            /* check for multi-part specification */
-            if (ch == '+') {
-                multi = 1;
-                l++;
-            } else
-                multi = 0;
-
-            /*
-             * Now search for the cipher alias in the ca_list. Be careful
-             * with the strncmp, because the "buflen" limitation
-             * will make the rule "ADH:SOME" and the cipher
-             * "ADH-MY-CIPHER" look like a match for buflen=3.
-             * So additionally check whether the cipher name found
-             * has the correct length. We can save a strlen() call:
-             * just checking for the '\0' at the right place is
-             * sufficient, we have to strncmp() anyway. (We cannot
-             * use strcmp(), because buf is not '\0' terminated.)
-             */
-            j = found = 0;
-            cipher_id = 0;
-            while (ca_list[j]) {
-                if (!strncmp(buf, ca_list[j]->name, buflen) &&
-                    (ca_list[j]->name[buflen] == '\0')) {
-                    found = 1;
-                    break;
-                } else
-                    j++;
-            }
-
-            if (!found)
-                break;          /* ignore this entry */
-
-            if (ca_list[j]->algorithm_mkey) {
-                if (alg_mkey) {
-                    alg_mkey &= ca_list[j]->algorithm_mkey;
-                    if (!alg_mkey) {
-                        found = 0;
-                        break;
-                    }
-                } else
-                    alg_mkey = ca_list[j]->algorithm_mkey;
-            }
-
-            if (ca_list[j]->algorithm_auth) {
-                if (alg_auth) {
-                    alg_auth &= ca_list[j]->algorithm_auth;
-                    if (!alg_auth) {
-                        found = 0;
-                        break;
-                    }
-                } else
-                    alg_auth = ca_list[j]->algorithm_auth;
-            }
-
-            if (ca_list[j]->algorithm_enc) {
-                if (alg_enc) {
-                    alg_enc &= ca_list[j]->algorithm_enc;
-                    if (!alg_enc) {
-                        found = 0;
-                        break;
-                    }
-                } else
-                    alg_enc = ca_list[j]->algorithm_enc;
-            }
-
-            if (ca_list[j]->algorithm_mac) {
-                if (alg_mac) {
-                    alg_mac &= ca_list[j]->algorithm_mac;
-                    if (!alg_mac) {
-                        found = 0;
-                        break;
-                    }
-                } else
-                    alg_mac = ca_list[j]->algorithm_mac;
-            }
-
-            if (ca_list[j]->algo_strength & SSL_EXP_MASK) {
-                if (algo_strength & SSL_EXP_MASK) {
-                    algo_strength &=
-                        (ca_list[j]->algo_strength & SSL_EXP_MASK) |
-                        ~SSL_EXP_MASK;
-                    if (!(algo_strength & SSL_EXP_MASK)) {
-                        found = 0;
-                        break;
-                    }
-                } else
-                    algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK;
-            }
-
-            if (ca_list[j]->algo_strength & SSL_STRONG_MASK) {
-                if (algo_strength & SSL_STRONG_MASK) {
-                    algo_strength &=
-                        (ca_list[j]->algo_strength & SSL_STRONG_MASK) |
-                        ~SSL_STRONG_MASK;
-                    if (!(algo_strength & SSL_STRONG_MASK)) {
-                        found = 0;
-                        break;
-                    }
-                } else
-                    algo_strength |=
-                        ca_list[j]->algo_strength & SSL_STRONG_MASK;
-            }
-
-            if (ca_list[j]->valid) {
-                /*
-                 * explicit ciphersuite found; its protocol version does not
-                 * become part of the search pattern!
-                 */
-
-                cipher_id = ca_list[j]->id;
-            } else {
-                /*
-                 * not an explicit ciphersuite; only in this case, the
-                 * protocol version is considered part of the search pattern
-                 */
-
-                if (ca_list[j]->algorithm_ssl) {
-                    if (alg_ssl) {
-                        alg_ssl &= ca_list[j]->algorithm_ssl;
-                        if (!alg_ssl) {
-                            found = 0;
-                            break;
-                        }
-                    } else
-                        alg_ssl = ca_list[j]->algorithm_ssl;
-                }
-            }
-
-            if (!multi)
-                break;
-        }
-
-        /*
-         * Ok, we have the rule, now apply it
-         */
-        if (rule == CIPHER_SPECIAL) { /* special command */
-            ok = 0;
-            if ((buflen == 8) && !strncmp(buf, "STRENGTH", 8))
-                ok = ssl_cipher_strength_sort(head_p, tail_p);
-            else
-                SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
-                       SSL_R_INVALID_COMMAND);
-            if (ok == 0)
-                retval = 0;
-            /*
-             * We do not support any "multi" options
-             * together with "@", so throw away the
-             * rest of the command, if any left, until
-             * end or ':' is found.
-             */
-            while ((*l != '\0') && !ITEM_SEP(*l))
-                l++;
-        } else if (found) {
-            ssl_cipher_apply_rule(cipher_id,
-                                  alg_mkey, alg_auth, alg_enc, alg_mac,
-                                  alg_ssl, algo_strength, rule, -1, head_p,
-                                  tail_p);
-        } else {
-            while ((*l != '\0') && !ITEM_SEP(*l))
-                l++;
-        }
-        if (*l == '\0')
-            break;              /* done */
-    }
-
-    return (retval);
-}
-
-STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK_OF(SSL_CIPHER)
-                                             **cipher_list, STACK_OF(SSL_CIPHER)
-                                             **cipher_list_by_id,
-                                             const char *rule_str)
-{
-    int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
-    unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac,
-        disabled_ssl;
-    STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
-    const char *rule_p;
-    CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
-    const SSL_CIPHER **ca_list = NULL;
-
-    /*
-     * Return with error if nothing to do.
-     */
-    if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
-        return NULL;
-
-    /*
-     * To reduce the work to do we only want to process the compiled
-     * in algorithms, so we first get the mask of disabled ciphers.
-     */
-    ssl_cipher_get_disabled(&disabled_mkey, &disabled_auth, &disabled_enc,
-                            &disabled_mac, &disabled_ssl);
-
-    /*
-     * Now we have to collect the available ciphers from the compiled
-     * in ciphers. We cannot get more than the number compiled in, so
-     * it is used for allocation.
-     */
-    num_of_ciphers = ssl_method->num_ciphers();
-#ifdef KSSL_DEBUG
-    fprintf(stderr, "ssl_create_cipher_list() for %d ciphers\n",
-            num_of_ciphers);
-#endif                          /* KSSL_DEBUG */
-    co_list =
-        (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
-    if (co_list == NULL) {
-        SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
-        return (NULL);          /* Failure */
-    }
-
-    ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
-                               disabled_mkey, disabled_auth, disabled_enc,
-                               disabled_mac, disabled_ssl, co_list, &head,
-                               &tail);
-
-    /* Now arrange all ciphers by preference: */
-
-    /*
-     * Everything else being equal, prefer ephemeral ECDH over other key
-     * exchange mechanisms
-     */
-    ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head,
-                          &tail);
-    ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head,
-                          &tail);
-
-    /* AES is our preferred symmetric cipher */
-    ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head,
-                          &tail);
-
-    /* Temporarily enable everything else for sorting */
-    ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
-
-    /* Low priority for MD5 */
-    ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head,
-                          &tail);
-
-    /*
-     * Move anonymous ciphers to the end.  Usually, these will remain
-     * disabled. (For applications that allow them, they aren't too bad, but
-     * we prefer authenticated ciphers.)
-     */
-    ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
-                          &tail);
-
-    /* Move ciphers without forward secrecy to the end */
-    ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
-                          &tail);
-    /*
-     * ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1,
-     * &head, &tail);
-     */
-    ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
-                          &tail);
-    ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
-                          &tail);
-    ssl_cipher_apply_rule(0, SSL_kKRB5, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
-                          &tail);
-
-    /* RC4 is sort-of broken -- move the the end */
-    ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head,
-                          &tail);
-
-    /*
-     * Now sort by symmetric encryption strength.  The above ordering remains
-     * in force within each class
-     */
-    if (!ssl_cipher_strength_sort(&head, &tail)) {
-        OPENSSL_free(co_list);
-        return NULL;
-    }
-
-    /* Now disable everything (maintaining the ordering!) */
-    ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
-
-    /*
-     * We also need cipher aliases for selecting based on the rule_str.
-     * There might be two types of entries in the rule_str: 1) names
-     * of ciphers themselves 2) aliases for groups of ciphers.
-     * For 1) we need the available ciphers and for 2) the cipher
-     * groups of cipher_aliases added together in one list (otherwise
-     * we would be happy with just the cipher_aliases table).
-     */
-    num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
-    num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
-    ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
-    if (ca_list == NULL) {
-        OPENSSL_free(co_list);
-        SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
-        return (NULL);          /* Failure */
-    }
-    ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
-                               disabled_mkey, disabled_auth, disabled_enc,
-                               disabled_mac, disabled_ssl, head);
-
-    /*
-     * If the rule_string begins with DEFAULT, apply the default rule
-     * before using the (possibly available) additional rules.
-     */
-    ok = 1;
-    rule_p = rule_str;
-    if (strncmp(rule_str, "DEFAULT", 7) == 0) {
-        ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
-                                        &head, &tail, ca_list);
-        rule_p += 7;
-        if (*rule_p == ':')
-            rule_p++;
-    }
-
-    if (ok && (strlen(rule_p) > 0))
-        ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list);
-
-    OPENSSL_free((void *)ca_list); /* Not needed anymore */
-
-    if (!ok) {                  /* Rule processing failure */
-        OPENSSL_free(co_list);
-        return (NULL);
-    }
-
-    /*
-     * Allocate new "cipherstack" for the result, return with error
-     * if we cannot get one.
-     */
-    if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
-        OPENSSL_free(co_list);
-        return (NULL);
-    }
-
-    /*
-     * The cipher selection for the list is done. The ciphers are added
-     * to the resulting precedence to the STACK_OF(SSL_CIPHER).
-     */
-    for (curr = head; curr != NULL; curr = curr->next) {
-#ifdef OPENSSL_FIPS
-        if (curr->active
-            && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
-#else
-        if (curr->active)
-#endif
-        {
-            sk_SSL_CIPHER_push(cipherstack, curr->cipher);
-#ifdef CIPHER_DEBUG
-            fprintf(stderr, "<%s>\n", curr->cipher->name);
-#endif
-        }
-    }
-    OPENSSL_free(co_list);      /* Not needed any longer */
-
-    tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
-    if (tmp_cipher_list == NULL) {
-        sk_SSL_CIPHER_free(cipherstack);
-        return NULL;
-    }
-    if (*cipher_list != NULL)
-        sk_SSL_CIPHER_free(*cipher_list);
-    *cipher_list = cipherstack;
-    if (*cipher_list_by_id != NULL)
-        sk_SSL_CIPHER_free(*cipher_list_by_id);
-    *cipher_list_by_id = tmp_cipher_list;
-    (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,
-                                     ssl_cipher_ptr_id_cmp);
-
-    sk_SSL_CIPHER_sort(*cipher_list_by_id);
-    return (cipherstack);
-}
-
-char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
-{
-    int is_export, pkl, kl;
-    const char *ver, *exp_str;
-    const char *kx, *au, *enc, *mac;
-    unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, alg2;
-#ifdef KSSL_DEBUG
-    static const char *format =
-        "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n";
-#else
-    static const char *format =
-        "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
-#endif                          /* KSSL_DEBUG */
-
-    alg_mkey = cipher->algorithm_mkey;
-    alg_auth = cipher->algorithm_auth;
-    alg_enc = cipher->algorithm_enc;
-    alg_mac = cipher->algorithm_mac;
-    alg_ssl = cipher->algorithm_ssl;
-
-    alg2 = cipher->algorithm2;
-
-    is_export = SSL_C_IS_EXPORT(cipher);
-    pkl = SSL_C_EXPORT_PKEYLENGTH(cipher);
-    kl = SSL_C_EXPORT_KEYLENGTH(cipher);
-    exp_str = is_export ? " export" : "";
-
-    if (alg_ssl & SSL_SSLV2)
-        ver = "SSLv2";
-    else if (alg_ssl & SSL_SSLV3)
-        ver = "SSLv3";
-    else if (alg_ssl & SSL_TLSV1_2)
-        ver = "TLSv1.2";
-    else
-        ver = "unknown";
-
-    switch (alg_mkey) {
-    case SSL_kRSA:
-        kx = is_export ? (pkl == 512 ? "RSA(512)" : "RSA(1024)") : "RSA";
-        break;
-    case SSL_kDHr:
-        kx = "DH/RSA";
-        break;
-    case SSL_kDHd:
-        kx = "DH/DSS";
-        break;
-    case SSL_kKRB5:
-        kx = "KRB5";
-        break;
-    case SSL_kEDH:
-        kx = is_export ? (pkl == 512 ? "DH(512)" : "DH(1024)") : "DH";
-        break;
-    case SSL_kECDHr:
-        kx = "ECDH/RSA";
-        break;
-    case SSL_kECDHe:
-        kx = "ECDH/ECDSA";
-        break;
-    case SSL_kEECDH:
-        kx = "ECDH";
-        break;
-    case SSL_kPSK:
-        kx = "PSK";
-        break;
-    case SSL_kSRP:
-        kx = "SRP";
-        break;
-    case SSL_kGOST:
-        kx = "GOST";
-        break;
-    default:
-        kx = "unknown";
-    }
-
-    switch (alg_auth) {
-    case SSL_aRSA:
-        au = "RSA";
-        break;
-    case SSL_aDSS:
-        au = "DSS";
-        break;
-    case SSL_aDH:
-        au = "DH";
-        break;
-    case SSL_aKRB5:
-        au = "KRB5";
-        break;
-    case SSL_aECDH:
-        au = "ECDH";
-        break;
-    case SSL_aNULL:
-        au = "None";
-        break;
-    case SSL_aECDSA:
-        au = "ECDSA";
-        break;
-    case SSL_aPSK:
-        au = "PSK";
-        break;
-    case SSL_aSRP:
-        au = "SRP";
-        break;
-    case SSL_aGOST94:
-        au = "GOST94";
-        break;
-    case SSL_aGOST01:
-        au = "GOST01";
-        break;
-    default:
-        au = "unknown";
-        break;
-    }
-
-    switch (alg_enc) {
-    case SSL_DES:
-        enc = (is_export && kl == 5) ? "DES(40)" : "DES(56)";
-        break;
-    case SSL_3DES:
-        enc = "3DES(168)";
-        break;
-    case SSL_RC4:
-        enc = is_export ? (kl == 5 ? "RC4(40)" : "RC4(56)")
-            : ((alg2 & SSL2_CF_8_BYTE_ENC) ? "RC4(64)" : "RC4(128)");
-        break;
-    case SSL_RC2:
-        enc = is_export ? (kl == 5 ? "RC2(40)" : "RC2(56)") : "RC2(128)";
-        break;
-    case SSL_IDEA:
-        enc = "IDEA(128)";
-        break;
-    case SSL_eNULL:
-        enc = "None";
-        break;
-    case SSL_AES128:
-        enc = "AES(128)";
-        break;
-    case SSL_AES256:
-        enc = "AES(256)";
-        break;
-    case SSL_AES128GCM:
-        enc = "AESGCM(128)";
-        break;
-    case SSL_AES256GCM:
-        enc = "AESGCM(256)";
-        break;
-    case SSL_CAMELLIA128:
-        enc = "Camellia(128)";
-        break;
-    case SSL_CAMELLIA256:
-        enc = "Camellia(256)";
-        break;
-    case SSL_SEED:
-        enc = "SEED(128)";
-        break;
-    case SSL_eGOST2814789CNT:
-        enc = "GOST89(256)";
-        break;
-    default:
-        enc = "unknown";
-        break;
-    }
-
-    switch (alg_mac) {
-    case SSL_MD5:
-        mac = "MD5";
-        break;
-    case SSL_SHA1:
-        mac = "SHA1";
-        break;
-    case SSL_SHA256:
-        mac = "SHA256";
-        break;
-    case SSL_SHA384:
-        mac = "SHA384";
-        break;
-    case SSL_AEAD:
-        mac = "AEAD";
-        break;
-    case SSL_GOST89MAC:
-        mac = "GOST89";
-        break;
-    case SSL_GOST94:
-        mac = "GOST94";
-        break;
-    default:
-        mac = "unknown";
-        break;
-    }
-
-    if (buf == NULL) {
-        len = 128;
-        buf = OPENSSL_malloc(len);
-        if (buf == NULL)
-            return ("OPENSSL_malloc Error");
-    } else if (len < 128)
-        return ("Buffer too small");
-
-#ifdef KSSL_DEBUG
-    BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac,
-                 exp_str, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl);
-#else
-    BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac,
-                 exp_str);
-#endif                          /* KSSL_DEBUG */
-    return (buf);
-}
-
-char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
-{
-    int i;
-
-    if (c == NULL)
-        return ("(NONE)");
-    i = (int)(c->id >> 24L);
-    if (i == 3)
-        return ("TLSv1/SSLv3");
-    else if (i == 2)
-        return ("SSLv2");
-    else
-        return ("unknown");
-}
-
-/* return the actual cipher being used */
-const char *SSL_CIPHER_get_name(const SSL_CIPHER *c)
-{
-    if (c != NULL)
-        return (c->name);
-    return ("(NONE)");
-}
-
-/* number of bits for symmetric cipher */
-int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
-{
-    int ret = 0;
-
-    if (c != NULL) {
-        if (alg_bits != NULL)
-            *alg_bits = c->alg_bits;
-        ret = c->strength_bits;
-    }
-    return (ret);
-}
-
-unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c)
-{
-    return c->id;
-}
-
-SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
-{
-    SSL_COMP *ctmp;
-    int i, nn;
-
-    if ((n == 0) || (sk == NULL))
-        return (NULL);
-    nn = sk_SSL_COMP_num(sk);
-    for (i = 0; i < nn; i++) {
-        ctmp = sk_SSL_COMP_value(sk, i);
-        if (ctmp->id == n)
-            return (ctmp);
-    }
-    return (NULL);
-}
-
-#ifdef OPENSSL_NO_COMP
-void *SSL_COMP_get_compression_methods(void)
-{
-    return NULL;
-}
-
-int SSL_COMP_add_compression_method(int id, void *cm)
-{
-    return 1;
-}
-
-const char *SSL_COMP_get_name(const void *comp)
-{
-    return NULL;
-}
-#else
-STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
-{
-    load_builtin_compressions();
-    return (ssl_comp_methods);
-}
-
-int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
-{
-    SSL_COMP *comp;
-
-    if (cm == NULL || cm->type == NID_undef)
-        return 1;
-
-    /*-
-     * According to draft-ietf-tls-compression-04.txt, the
-     * compression number ranges should be the following:
-     *
-     *   0 to  63:  methods defined by the IETF
-     *  64 to 192:  external party methods assigned by IANA
-     * 193 to 255:  reserved for private use
-     */
-    if (id < 193 || id > 255) {
-        SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
-               SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
-        return 0;
-    }
-
-    MemCheck_off();
-    comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
-    comp->id = id;
-    comp->method = cm;
-    load_builtin_compressions();
-    if (ssl_comp_methods && sk_SSL_COMP_find(ssl_comp_methods, comp) >= 0) {
-        OPENSSL_free(comp);
-        MemCheck_on();
-        SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
-               SSL_R_DUPLICATE_COMPRESSION_ID);
-        return (1);
-    } else if ((ssl_comp_methods == NULL)
-               || !sk_SSL_COMP_push(ssl_comp_methods, comp)) {
-        OPENSSL_free(comp);
-        MemCheck_on();
-        SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
-        return (1);
-    } else {
-        MemCheck_on();
-        return (0);
-    }
-}
-
-const char *SSL_COMP_get_name(const COMP_METHOD *comp)
-{
-    if (comp)
-        return comp->name;
-    return NULL;
-}
-
-#endif

Copied: vendor-crypto/openssl/1.0.1u/ssl/ssl_ciph.c (from rev 11605, vendor-crypto/openssl/dist/ssl/ssl_ciph.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/ssl/ssl_ciph.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/ssl/ssl_ciph.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,1911 @@
+/* ssl/ssl_ciph.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
+
+#include <stdio.h>
+#include <openssl/objects.h>
+#ifndef OPENSSL_NO_COMP
+# include <openssl/comp.h>
+#endif
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+#include "ssl_locl.h"
+
+#define SSL_ENC_DES_IDX         0
+#define SSL_ENC_3DES_IDX        1
+#define SSL_ENC_RC4_IDX         2
+#define SSL_ENC_RC2_IDX         3
+#define SSL_ENC_IDEA_IDX        4
+#define SSL_ENC_NULL_IDX        5
+#define SSL_ENC_AES128_IDX      6
+#define SSL_ENC_AES256_IDX      7
+#define SSL_ENC_CAMELLIA128_IDX 8
+#define SSL_ENC_CAMELLIA256_IDX 9
+#define SSL_ENC_GOST89_IDX      10
+#define SSL_ENC_SEED_IDX        11
+#define SSL_ENC_AES128GCM_IDX   12
+#define SSL_ENC_AES256GCM_IDX   13
+#define SSL_ENC_NUM_IDX         14
+
+static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = {
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
+    NULL, NULL
+};
+
+#define SSL_COMP_NULL_IDX       0
+#define SSL_COMP_ZLIB_IDX       1
+#define SSL_COMP_NUM_IDX        2
+
+static STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
+
+#define SSL_MD_MD5_IDX  0
+#define SSL_MD_SHA1_IDX 1
+#define SSL_MD_GOST94_IDX 2
+#define SSL_MD_GOST89MAC_IDX 3
+#define SSL_MD_SHA256_IDX 4
+#define SSL_MD_SHA384_IDX 5
+/*
+ * Constant SSL_MAX_DIGEST equal to size of digests array should be defined
+ * in the ssl_locl.h
+ */
+#define SSL_MD_NUM_IDX  SSL_MAX_DIGEST
+static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = {
+    NULL, NULL, NULL, NULL, NULL, NULL
+};
+
+/*
+ * PKEY_TYPE for GOST89MAC is known in advance, but, because implementation
+ * is engine-provided, we'll fill it only if corresponding EVP_PKEY_METHOD is
+ * found
+ */
+static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = {
+    EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef,
+    EVP_PKEY_HMAC, EVP_PKEY_HMAC
+};
+
+static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = {
+    0, 0, 0, 0, 0, 0
+};
+
+static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = {
+    SSL_HANDSHAKE_MAC_MD5, SSL_HANDSHAKE_MAC_SHA,
+    SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256,
+    SSL_HANDSHAKE_MAC_SHA384
+};
+
+#define CIPHER_ADD      1
+#define CIPHER_KILL     2
+#define CIPHER_DEL      3
+#define CIPHER_ORD      4
+#define CIPHER_SPECIAL  5
+
+typedef struct cipher_order_st {
+    const SSL_CIPHER *cipher;
+    int active;
+    int dead;
+    struct cipher_order_st *next, *prev;
+} CIPHER_ORDER;
+
+static const SSL_CIPHER cipher_aliases[] = {
+    /* "ALL" doesn't include eNULL (must be specifically enabled) */
+    {0, SSL_TXT_ALL, 0, 0, 0, ~SSL_eNULL, 0, 0, 0, 0, 0, 0},
+    /* "COMPLEMENTOFALL" */
+    {0, SSL_TXT_CMPALL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0},
+
+    /*
+     * "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in
+     * ALL!)
+     */
+    {0, SSL_TXT_CMPDEF, 0, 0, 0, 0, 0, 0, SSL_NOT_DEFAULT, 0, 0, 0},
+
+    /*
+     * key exchange aliases (some of those using only a single bit here
+     * combine multiple key exchange algs according to the RFCs, e.g. kEDH
+     * combines DHE_DSS and DHE_RSA)
+     */
+    {0, SSL_TXT_kRSA, 0, SSL_kRSA, 0, 0, 0, 0, 0, 0, 0, 0},
+
+    /* no such ciphersuites supported! */
+    {0, SSL_TXT_kDHr, 0, SSL_kDHr, 0, 0, 0, 0, 0, 0, 0, 0},
+    /* no such ciphersuites supported! */
+    {0, SSL_TXT_kDHd, 0, SSL_kDHd, 0, 0, 0, 0, 0, 0, 0, 0},
+    /* no such ciphersuites supported! */
+    {0, SSL_TXT_kDH, 0, SSL_kDHr | SSL_kDHd, 0, 0, 0, 0, 0, 0, 0, 0},
+        {0, SSL_TXT_kEDH, 0, SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_DH, 0, SSL_kDHr | SSL_kDHd | SSL_kEDH, 0, 0, 0, 0, 0, 0, 0,
+     0},
+
+    {0, SSL_TXT_kKRB5, 0, SSL_kKRB5, 0, 0, 0, 0, 0, 0, 0, 0},
+
+    {0, SSL_TXT_kECDHr, 0, SSL_kECDHr, 0, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_kECDHe, 0, SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_kECDH, 0, SSL_kECDHr | SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_kEECDH, 0, SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_ECDH, 0, SSL_kECDHr | SSL_kECDHe | SSL_kEECDH, 0, 0, 0, 0, 0,
+     0, 0, 0},
+
+    {0, SSL_TXT_kPSK, 0, SSL_kPSK, 0, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_kSRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_kGOST, 0, SSL_kGOST, 0, 0, 0, 0, 0, 0, 0, 0},
+
+    /* server authentication aliases */
+    {0, SSL_TXT_aRSA, 0, 0, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_aDSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_DSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_aKRB5, 0, 0, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_aNULL, 0, 0, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
+    /* no such ciphersuites supported! */
+    {0, SSL_TXT_aDH, 0, 0, SSL_aDH, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_aECDH, 0, 0, SSL_aECDH, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_aECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_ECDSA, 0, 0, SSL_aECDSA, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_aPSK, 0, 0, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_aGOST94, 0, 0, SSL_aGOST94, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_aGOST01, 0, 0, SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_aGOST, 0, 0, SSL_aGOST94 | SSL_aGOST01, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_aSRP, 0, 0, SSL_aSRP, 0, 0, 0, 0, 0, 0, 0},
+
+    /* aliases combining key exchange and server authentication */
+    {0, SSL_TXT_EDH, 0, SSL_kEDH, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_EECDH, 0, SSL_kEECDH, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_NULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_KRB5, 0, SSL_kKRB5, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_ADH, 0, SSL_kEDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_AECDH, 0, SSL_kEECDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_PSK, 0, SSL_kPSK, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_SRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0},
+
+    /* symmetric encryption aliases */
+    {0, SSL_TXT_DES, 0, 0, 0, SSL_DES, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_3DES, 0, 0, 0, SSL_3DES, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_RC4, 0, 0, 0, SSL_RC4, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_RC2, 0, 0, 0, SSL_RC2, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_IDEA, 0, 0, 0, SSL_IDEA, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_SEED, 0, 0, 0, SSL_SEED, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_AES128, 0, 0, 0, SSL_AES128 | SSL_AES128GCM, 0, 0, 0, 0, 0,
+     0},
+    {0, SSL_TXT_AES256, 0, 0, 0, SSL_AES256 | SSL_AES256GCM, 0, 0, 0, 0, 0,
+     0},
+    {0, SSL_TXT_AES, 0, 0, 0, SSL_AES, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM, 0, 0, 0, 0,
+     0, 0},
+    {0, SSL_TXT_CAMELLIA128, 0, 0, 0, SSL_CAMELLIA128, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_CAMELLIA, 0, 0, 0, SSL_CAMELLIA128 | SSL_CAMELLIA256, 0, 0, 0,
+     0, 0, 0},
+
+    /* MAC aliases */
+    {0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_SHA1, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_SHA, 0, 0, 0, 0, SSL_SHA1, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_GOST94, 0, 0, 0, 0, SSL_GOST94, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_GOST89MAC, 0, 0, 0, 0, SSL_GOST89MAC, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_SHA256, 0, 0, 0, 0, SSL_SHA256, 0, 0, 0, 0, 0},
+    {0, SSL_TXT_SHA384, 0, 0, 0, 0, SSL_SHA384, 0, 0, 0, 0, 0},
+
+    /* protocol version aliases */
+    {0, SSL_TXT_SSLV2, 0, 0, 0, 0, 0, SSL_SSLV2, 0, 0, 0, 0},
+    {0, SSL_TXT_SSLV3, 0, 0, 0, 0, 0, SSL_SSLV3, 0, 0, 0, 0},
+    {0, SSL_TXT_TLSV1, 0, 0, 0, 0, 0, SSL_TLSV1, 0, 0, 0, 0},
+    {0, SSL_TXT_TLSV1_2, 0, 0, 0, 0, 0, SSL_TLSV1_2, 0, 0, 0, 0},
+
+    /* export flag */
+    {0, SSL_TXT_EXP, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0},
+    {0, SSL_TXT_EXPORT, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0},
+
+    /* strength classes */
+    {0, SSL_TXT_EXP40, 0, 0, 0, 0, 0, 0, SSL_EXP40, 0, 0, 0},
+    {0, SSL_TXT_EXP56, 0, 0, 0, 0, 0, 0, SSL_EXP56, 0, 0, 0},
+    {0, SSL_TXT_LOW, 0, 0, 0, 0, 0, 0, SSL_LOW, 0, 0, 0},
+    {0, SSL_TXT_MEDIUM, 0, 0, 0, 0, 0, 0, SSL_MEDIUM, 0, 0, 0},
+    {0, SSL_TXT_HIGH, 0, 0, 0, 0, 0, 0, SSL_HIGH, 0, 0, 0},
+    /* FIPS 140-2 approved ciphersuite */
+    {0, SSL_TXT_FIPS, 0, 0, 0, ~SSL_eNULL, 0, 0, SSL_FIPS, 0, 0, 0},
+};
+
+/*
+ * Search for public key algorithm with given name and return its pkey_id if
+ * it is available. Otherwise return 0
+ */
+#ifdef OPENSSL_NO_ENGINE
+
+static int get_optional_pkey_id(const char *pkey_name)
+{
+    const EVP_PKEY_ASN1_METHOD *ameth;
+    int pkey_id = 0;
+    ameth = EVP_PKEY_asn1_find_str(NULL, pkey_name, -1);
+    if (ameth && EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL,
+                                         ameth) > 0) {
+        return pkey_id;
+    }
+    return 0;
+}
+
+#else
+
+static int get_optional_pkey_id(const char *pkey_name)
+{
+    const EVP_PKEY_ASN1_METHOD *ameth;
+    ENGINE *tmpeng = NULL;
+    int pkey_id = 0;
+    ameth = EVP_PKEY_asn1_find_str(&tmpeng, pkey_name, -1);
+    if (ameth) {
+        if (EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL,
+                                    ameth) <= 0)
+            pkey_id = 0;
+    }
+    if (tmpeng)
+        ENGINE_finish(tmpeng);
+    return pkey_id;
+}
+
+#endif
+
+void ssl_load_ciphers(void)
+{
+    ssl_cipher_methods[SSL_ENC_DES_IDX] = EVP_get_cipherbyname(SN_des_cbc);
+    ssl_cipher_methods[SSL_ENC_3DES_IDX] =
+        EVP_get_cipherbyname(SN_des_ede3_cbc);
+    ssl_cipher_methods[SSL_ENC_RC4_IDX] = EVP_get_cipherbyname(SN_rc4);
+    ssl_cipher_methods[SSL_ENC_RC2_IDX] = EVP_get_cipherbyname(SN_rc2_cbc);
+#ifndef OPENSSL_NO_IDEA
+    ssl_cipher_methods[SSL_ENC_IDEA_IDX] = EVP_get_cipherbyname(SN_idea_cbc);
+#else
+    ssl_cipher_methods[SSL_ENC_IDEA_IDX] = NULL;
+#endif
+    ssl_cipher_methods[SSL_ENC_AES128_IDX] =
+        EVP_get_cipherbyname(SN_aes_128_cbc);
+    ssl_cipher_methods[SSL_ENC_AES256_IDX] =
+        EVP_get_cipherbyname(SN_aes_256_cbc);
+    ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] =
+        EVP_get_cipherbyname(SN_camellia_128_cbc);
+    ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] =
+        EVP_get_cipherbyname(SN_camellia_256_cbc);
+    ssl_cipher_methods[SSL_ENC_GOST89_IDX] =
+        EVP_get_cipherbyname(SN_gost89_cnt);
+    ssl_cipher_methods[SSL_ENC_SEED_IDX] = EVP_get_cipherbyname(SN_seed_cbc);
+
+    ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] =
+        EVP_get_cipherbyname(SN_aes_128_gcm);
+    ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] =
+        EVP_get_cipherbyname(SN_aes_256_gcm);
+
+    ssl_digest_methods[SSL_MD_MD5_IDX] = EVP_get_digestbyname(SN_md5);
+    ssl_mac_secret_size[SSL_MD_MD5_IDX] =
+        EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]);
+    OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0);
+    ssl_digest_methods[SSL_MD_SHA1_IDX] = EVP_get_digestbyname(SN_sha1);
+    ssl_mac_secret_size[SSL_MD_SHA1_IDX] =
+        EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]);
+    OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0);
+    ssl_digest_methods[SSL_MD_GOST94_IDX] =
+        EVP_get_digestbyname(SN_id_GostR3411_94);
+    if (ssl_digest_methods[SSL_MD_GOST94_IDX]) {
+        ssl_mac_secret_size[SSL_MD_GOST94_IDX] =
+            EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]);
+        OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0);
+    }
+    ssl_digest_methods[SSL_MD_GOST89MAC_IDX] =
+        EVP_get_digestbyname(SN_id_Gost28147_89_MAC);
+    ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac");
+    if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) {
+        ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32;
+    }
+
+    ssl_digest_methods[SSL_MD_SHA256_IDX] = EVP_get_digestbyname(SN_sha256);
+    ssl_mac_secret_size[SSL_MD_SHA256_IDX] =
+        EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]);
+    ssl_digest_methods[SSL_MD_SHA384_IDX] = EVP_get_digestbyname(SN_sha384);
+    ssl_mac_secret_size[SSL_MD_SHA384_IDX] =
+        EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]);
+}
+
+#ifndef OPENSSL_NO_COMP
+
+static int sk_comp_cmp(const SSL_COMP *const *a, const SSL_COMP *const *b)
+{
+    return ((*a)->id - (*b)->id);
+}
+
+static void load_builtin_compressions(void)
+{
+    int got_write_lock = 0;
+
+    CRYPTO_r_lock(CRYPTO_LOCK_SSL);
+    if (ssl_comp_methods == NULL) {
+        CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
+        CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+        got_write_lock = 1;
+
+        if (ssl_comp_methods == NULL) {
+            SSL_COMP *comp = NULL;
+
+            MemCheck_off();
+            ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp);
+            if (ssl_comp_methods != NULL) {
+                comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
+                if (comp != NULL) {
+                    comp->method = COMP_zlib();
+                    if (comp->method && comp->method->type == NID_undef)
+                        OPENSSL_free(comp);
+                    else {
+                        comp->id = SSL_COMP_ZLIB_IDX;
+                        comp->name = comp->method->name;
+                        sk_SSL_COMP_push(ssl_comp_methods, comp);
+                    }
+                }
+                sk_SSL_COMP_sort(ssl_comp_methods);
+            }
+            MemCheck_on();
+        }
+    }
+
+    if (got_write_lock)
+        CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+    else
+        CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
+}
+#endif
+
+int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+                       const EVP_MD **md, int *mac_pkey_type,
+                       int *mac_secret_size, SSL_COMP **comp)
+{
+    int i;
+    const SSL_CIPHER *c;
+
+    c = s->cipher;
+    if (c == NULL)
+        return (0);
+    if (comp != NULL) {
+        SSL_COMP ctmp;
+#ifndef OPENSSL_NO_COMP
+        load_builtin_compressions();
+#endif
+
+        *comp = NULL;
+        ctmp.id = s->compress_meth;
+        if (ssl_comp_methods != NULL) {
+            i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp);
+            if (i >= 0)
+                *comp = sk_SSL_COMP_value(ssl_comp_methods, i);
+            else
+                *comp = NULL;
+        }
+    }
+
+    if ((enc == NULL) || (md == NULL))
+        return (0);
+
+    switch (c->algorithm_enc) {
+    case SSL_DES:
+        i = SSL_ENC_DES_IDX;
+        break;
+    case SSL_3DES:
+        i = SSL_ENC_3DES_IDX;
+        break;
+    case SSL_RC4:
+        i = SSL_ENC_RC4_IDX;
+        break;
+    case SSL_RC2:
+        i = SSL_ENC_RC2_IDX;
+        break;
+    case SSL_IDEA:
+        i = SSL_ENC_IDEA_IDX;
+        break;
+    case SSL_eNULL:
+        i = SSL_ENC_NULL_IDX;
+        break;
+    case SSL_AES128:
+        i = SSL_ENC_AES128_IDX;
+        break;
+    case SSL_AES256:
+        i = SSL_ENC_AES256_IDX;
+        break;
+    case SSL_CAMELLIA128:
+        i = SSL_ENC_CAMELLIA128_IDX;
+        break;
+    case SSL_CAMELLIA256:
+        i = SSL_ENC_CAMELLIA256_IDX;
+        break;
+    case SSL_eGOST2814789CNT:
+        i = SSL_ENC_GOST89_IDX;
+        break;
+    case SSL_SEED:
+        i = SSL_ENC_SEED_IDX;
+        break;
+    case SSL_AES128GCM:
+        i = SSL_ENC_AES128GCM_IDX;
+        break;
+    case SSL_AES256GCM:
+        i = SSL_ENC_AES256GCM_IDX;
+        break;
+    default:
+        i = -1;
+        break;
+    }
+
+    if ((i < 0) || (i >= SSL_ENC_NUM_IDX))
+        *enc = NULL;
+    else {
+        if (i == SSL_ENC_NULL_IDX)
+            *enc = EVP_enc_null();
+        else
+            *enc = ssl_cipher_methods[i];
+    }
+
+    switch (c->algorithm_mac) {
+    case SSL_MD5:
+        i = SSL_MD_MD5_IDX;
+        break;
+    case SSL_SHA1:
+        i = SSL_MD_SHA1_IDX;
+        break;
+    case SSL_SHA256:
+        i = SSL_MD_SHA256_IDX;
+        break;
+    case SSL_SHA384:
+        i = SSL_MD_SHA384_IDX;
+        break;
+    case SSL_GOST94:
+        i = SSL_MD_GOST94_IDX;
+        break;
+    case SSL_GOST89MAC:
+        i = SSL_MD_GOST89MAC_IDX;
+        break;
+    default:
+        i = -1;
+        break;
+    }
+    if ((i < 0) || (i >= SSL_MD_NUM_IDX)) {
+        *md = NULL;
+        if (mac_pkey_type != NULL)
+            *mac_pkey_type = NID_undef;
+        if (mac_secret_size != NULL)
+            *mac_secret_size = 0;
+        if (c->algorithm_mac == SSL_AEAD)
+            mac_pkey_type = NULL;
+    } else {
+        *md = ssl_digest_methods[i];
+        if (mac_pkey_type != NULL)
+            *mac_pkey_type = ssl_mac_pkey_id[i];
+        if (mac_secret_size != NULL)
+            *mac_secret_size = ssl_mac_secret_size[i];
+    }
+
+    if ((*enc != NULL) &&
+        (*md != NULL || (EVP_CIPHER_flags(*enc) & EVP_CIPH_FLAG_AEAD_CIPHER))
+        && (!mac_pkey_type || *mac_pkey_type != NID_undef)) {
+        const EVP_CIPHER *evp;
+
+        if (s->ssl_version >> 8 != TLS1_VERSION_MAJOR ||
+            s->ssl_version < TLS1_VERSION)
+            return 1;
+
+#ifdef OPENSSL_FIPS
+        if (FIPS_mode())
+            return 1;
+#endif
+
+        if (c->algorithm_enc == SSL_RC4 &&
+            c->algorithm_mac == SSL_MD5 &&
+            (evp = EVP_get_cipherbyname("RC4-HMAC-MD5")))
+            *enc = evp, *md = NULL;
+        else if (c->algorithm_enc == SSL_AES128 &&
+                 c->algorithm_mac == SSL_SHA1 &&
+                 (evp = EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
+            *enc = evp, *md = NULL;
+        else if (c->algorithm_enc == SSL_AES256 &&
+                 c->algorithm_mac == SSL_SHA1 &&
+                 (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
+            *enc = evp, *md = NULL;
+        return (1);
+    } else
+        return (0);
+}
+
+int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md)
+{
+    if (idx < 0 || idx >= SSL_MD_NUM_IDX) {
+        return 0;
+    }
+    *mask = ssl_handshake_digest_flag[idx];
+    if (*mask)
+        *md = ssl_digest_methods[idx];
+    else
+        *md = NULL;
+    return 1;
+}
+
+#define ITEM_SEP(a) \
+        (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
+
+static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
+                           CIPHER_ORDER **tail)
+{
+    if (curr == *tail)
+        return;
+    if (curr == *head)
+        *head = curr->next;
+    if (curr->prev != NULL)
+        curr->prev->next = curr->next;
+    if (curr->next != NULL)
+        curr->next->prev = curr->prev;
+    (*tail)->next = curr;
+    curr->prev = *tail;
+    curr->next = NULL;
+    *tail = curr;
+}
+
+static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
+                           CIPHER_ORDER **tail)
+{
+    if (curr == *head)
+        return;
+    if (curr == *tail)
+        *tail = curr->prev;
+    if (curr->next != NULL)
+        curr->next->prev = curr->prev;
+    if (curr->prev != NULL)
+        curr->prev->next = curr->next;
+    (*head)->prev = curr;
+    curr->next = *head;
+    curr->prev = NULL;
+    *head = curr;
+}
+
+static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth,
+                                    unsigned long *enc, unsigned long *mac,
+                                    unsigned long *ssl)
+{
+    *mkey = 0;
+    *auth = 0;
+    *enc = 0;
+    *mac = 0;
+    *ssl = 0;
+
+#ifdef OPENSSL_NO_RSA
+    *mkey |= SSL_kRSA;
+    *auth |= SSL_aRSA;
+#endif
+#ifdef OPENSSL_NO_DSA
+    *auth |= SSL_aDSS;
+#endif
+    *mkey |= SSL_kDHr | SSL_kDHd; /* no such ciphersuites supported! */
+    *auth |= SSL_aDH;
+#ifdef OPENSSL_NO_DH
+    *mkey |= SSL_kDHr | SSL_kDHd | SSL_kEDH;
+    *auth |= SSL_aDH;
+#endif
+#ifdef OPENSSL_NO_KRB5
+    *mkey |= SSL_kKRB5;
+    *auth |= SSL_aKRB5;
+#endif
+#ifdef OPENSSL_NO_ECDSA
+    *auth |= SSL_aECDSA;
+#endif
+#ifdef OPENSSL_NO_ECDH
+    *mkey |= SSL_kECDHe | SSL_kECDHr;
+    *auth |= SSL_aECDH;
+#endif
+#ifdef OPENSSL_NO_PSK
+    *mkey |= SSL_kPSK;
+    *auth |= SSL_aPSK;
+#endif
+#ifdef OPENSSL_NO_SRP
+    *mkey |= SSL_kSRP;
+#endif
+    /*
+     * Check for presence of GOST 34.10 algorithms, and if they do not
+     * present, disable appropriate auth and key exchange
+     */
+    if (!get_optional_pkey_id("gost94")) {
+        *auth |= SSL_aGOST94;
+    }
+    if (!get_optional_pkey_id("gost2001")) {
+        *auth |= SSL_aGOST01;
+    }
+    /*
+     * Disable GOST key exchange if no GOST signature algs are available *
+     */
+    if ((*auth & (SSL_aGOST94 | SSL_aGOST01)) == (SSL_aGOST94 | SSL_aGOST01)) {
+        *mkey |= SSL_kGOST;
+    }
+#ifdef SSL_FORBID_ENULL
+    *enc |= SSL_eNULL;
+#endif
+
+    *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX] == NULL) ? SSL_DES : 0;
+    *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES : 0;
+    *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX] == NULL) ? SSL_RC4 : 0;
+    *enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX] == NULL) ? SSL_RC2 : 0;
+    *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA : 0;
+    *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128 : 0;
+    *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256 : 0;
+    *enc |=
+        (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] ==
+         NULL) ? SSL_AES128GCM : 0;
+    *enc |=
+        (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] ==
+         NULL) ? SSL_AES256GCM : 0;
+    *enc |=
+        (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] ==
+         NULL) ? SSL_CAMELLIA128 : 0;
+    *enc |=
+        (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] ==
+         NULL) ? SSL_CAMELLIA256 : 0;
+    *enc |=
+        (ssl_cipher_methods[SSL_ENC_GOST89_IDX] ==
+         NULL) ? SSL_eGOST2814789CNT : 0;
+    *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED : 0;
+
+    *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX] == NULL) ? SSL_MD5 : 0;
+    *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1 : 0;
+    *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256 : 0;
+    *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384 : 0;
+    *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94 : 0;
+    *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL
+             || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] ==
+             NID_undef) ? SSL_GOST89MAC : 0;
+
+}
+
+static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
+                                       int num_of_ciphers,
+                                       unsigned long disabled_mkey,
+                                       unsigned long disabled_auth,
+                                       unsigned long disabled_enc,
+                                       unsigned long disabled_mac,
+                                       unsigned long disabled_ssl,
+                                       CIPHER_ORDER *co_list,
+                                       CIPHER_ORDER **head_p,
+                                       CIPHER_ORDER **tail_p)
+{
+    int i, co_list_num;
+    const SSL_CIPHER *c;
+
+    /*
+     * We have num_of_ciphers descriptions compiled in, depending on the
+     * method selected (SSLv2 and/or SSLv3, TLSv1 etc).
+     * These will later be sorted in a linked list with at most num
+     * entries.
+     */
+
+    /* Get the initial list of ciphers */
+    co_list_num = 0;            /* actual count of ciphers */
+    for (i = 0; i < num_of_ciphers; i++) {
+        c = ssl_method->get_cipher(i);
+        /* drop those that use any of that is not available */
+        if ((c != NULL) && c->valid &&
+#ifdef OPENSSL_FIPS
+            (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) &&
+#endif
+            !(c->algorithm_mkey & disabled_mkey) &&
+            !(c->algorithm_auth & disabled_auth) &&
+            !(c->algorithm_enc & disabled_enc) &&
+            !(c->algorithm_mac & disabled_mac) &&
+            !(c->algorithm_ssl & disabled_ssl)) {
+            co_list[co_list_num].cipher = c;
+            co_list[co_list_num].next = NULL;
+            co_list[co_list_num].prev = NULL;
+            co_list[co_list_num].active = 0;
+            co_list_num++;
+#ifdef KSSL_DEBUG
+            fprintf(stderr, "\t%d: %s %lx %lx %lx\n", i, c->name, c->id,
+                    c->algorithm_mkey, c->algorithm_auth);
+#endif                          /* KSSL_DEBUG */
+            /*
+             * if (!sk_push(ca_list,(char *)c)) goto err;
+             */
+        }
+    }
+
+    /*
+     * Prepare linked list from list entries
+     */
+    if (co_list_num > 0) {
+        co_list[0].prev = NULL;
+
+        if (co_list_num > 1) {
+            co_list[0].next = &co_list[1];
+
+            for (i = 1; i < co_list_num - 1; i++) {
+                co_list[i].prev = &co_list[i - 1];
+                co_list[i].next = &co_list[i + 1];
+            }
+
+            co_list[co_list_num - 1].prev = &co_list[co_list_num - 2];
+        }
+
+        co_list[co_list_num - 1].next = NULL;
+
+        *head_p = &co_list[0];
+        *tail_p = &co_list[co_list_num - 1];
+    }
+}
+
+static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
+                                       int num_of_group_aliases,
+                                       unsigned long disabled_mkey,
+                                       unsigned long disabled_auth,
+                                       unsigned long disabled_enc,
+                                       unsigned long disabled_mac,
+                                       unsigned long disabled_ssl,
+                                       CIPHER_ORDER *head)
+{
+    CIPHER_ORDER *ciph_curr;
+    const SSL_CIPHER **ca_curr;
+    int i;
+    unsigned long mask_mkey = ~disabled_mkey;
+    unsigned long mask_auth = ~disabled_auth;
+    unsigned long mask_enc = ~disabled_enc;
+    unsigned long mask_mac = ~disabled_mac;
+    unsigned long mask_ssl = ~disabled_ssl;
+
+    /*
+     * First, add the real ciphers as already collected
+     */
+    ciph_curr = head;
+    ca_curr = ca_list;
+    while (ciph_curr != NULL) {
+        *ca_curr = ciph_curr->cipher;
+        ca_curr++;
+        ciph_curr = ciph_curr->next;
+    }
+
+    /*
+     * Now we add the available ones from the cipher_aliases[] table.
+     * They represent either one or more algorithms, some of which
+     * in any affected category must be supported (set in enabled_mask),
+     * or represent a cipher strength value (will be added in any case because algorithms=0).
+     */
+    for (i = 0; i < num_of_group_aliases; i++) {
+        unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey;
+        unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth;
+        unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc;
+        unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac;
+        unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl;
+
+        if (algorithm_mkey)
+            if ((algorithm_mkey & mask_mkey) == 0)
+                continue;
+
+        if (algorithm_auth)
+            if ((algorithm_auth & mask_auth) == 0)
+                continue;
+
+        if (algorithm_enc)
+            if ((algorithm_enc & mask_enc) == 0)
+                continue;
+
+        if (algorithm_mac)
+            if ((algorithm_mac & mask_mac) == 0)
+                continue;
+
+        if (algorithm_ssl)
+            if ((algorithm_ssl & mask_ssl) == 0)
+                continue;
+
+        *ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
+        ca_curr++;
+    }
+
+    *ca_curr = NULL;            /* end of list */
+}
+
+static void ssl_cipher_apply_rule(unsigned long cipher_id,
+                                  unsigned long alg_mkey,
+                                  unsigned long alg_auth,
+                                  unsigned long alg_enc,
+                                  unsigned long alg_mac,
+                                  unsigned long alg_ssl,
+                                  unsigned long algo_strength, int rule,
+                                  int strength_bits, CIPHER_ORDER **head_p,
+                                  CIPHER_ORDER **tail_p)
+{
+    CIPHER_ORDER *head, *tail, *curr, *next, *last;
+    const SSL_CIPHER *cp;
+    int reverse = 0;
+
+#ifdef CIPHER_DEBUG
+    fprintf(stderr,
+            "Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n",
+            rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl,
+            algo_strength, strength_bits);
+#endif
+
+    if (rule == CIPHER_DEL)
+        reverse = 1;            /* needed to maintain sorting between
+                                 * currently deleted ciphers */
+
+    head = *head_p;
+    tail = *tail_p;
+
+    if (reverse) {
+        next = tail;
+        last = head;
+    } else {
+        next = head;
+        last = tail;
+    }
+
+    curr = NULL;
+    for (;;) {
+        if (curr == last)
+            break;
+
+        curr = next;
+
+        if (curr == NULL)
+            break;
+
+        next = reverse ? curr->prev : curr->next;
+
+        cp = curr->cipher;
+
+        /*
+         * Selection criteria is either the value of strength_bits
+         * or the algorithms used.
+         */
+        if (strength_bits >= 0) {
+            if (strength_bits != cp->strength_bits)
+                continue;
+        } else {
+#ifdef CIPHER_DEBUG
+            fprintf(stderr,
+                    "\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n",
+                    cp->name, cp->algorithm_mkey, cp->algorithm_auth,
+                    cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl,
+                    cp->algo_strength);
+#endif
+            if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
+                continue;
+            if (alg_auth && !(alg_auth & cp->algorithm_auth))
+                continue;
+            if (alg_enc && !(alg_enc & cp->algorithm_enc))
+                continue;
+            if (alg_mac && !(alg_mac & cp->algorithm_mac))
+                continue;
+            if (alg_ssl && !(alg_ssl & cp->algorithm_ssl))
+                continue;
+            if ((algo_strength & SSL_EXP_MASK)
+                && !(algo_strength & SSL_EXP_MASK & cp->algo_strength))
+                continue;
+            if ((algo_strength & SSL_STRONG_MASK)
+                && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
+                continue;
+            if ((algo_strength & SSL_NOT_DEFAULT)
+                && !(cp->algo_strength & SSL_NOT_DEFAULT))
+                continue;
+        }
+
+#ifdef CIPHER_DEBUG
+        fprintf(stderr, "Action = %d\n", rule);
+#endif
+
+        /* add the cipher if it has not been added yet. */
+        if (rule == CIPHER_ADD) {
+            /* reverse == 0 */
+            if (!curr->active) {
+                ll_append_tail(&head, curr, &tail);
+                curr->active = 1;
+            }
+        }
+        /* Move the added cipher to this location */
+        else if (rule == CIPHER_ORD) {
+            /* reverse == 0 */
+            if (curr->active) {
+                ll_append_tail(&head, curr, &tail);
+            }
+        } else if (rule == CIPHER_DEL) {
+            /* reverse == 1 */
+            if (curr->active) {
+                /*
+                 * most recently deleted ciphersuites get best positions for
+                 * any future CIPHER_ADD (note that the CIPHER_DEL loop works
+                 * in reverse to maintain the order)
+                 */
+                ll_append_head(&head, curr, &tail);
+                curr->active = 0;
+            }
+        } else if (rule == CIPHER_KILL) {
+            /* reverse == 0 */
+            if (head == curr)
+                head = curr->next;
+            else
+                curr->prev->next = curr->next;
+            if (tail == curr)
+                tail = curr->prev;
+            curr->active = 0;
+            if (curr->next != NULL)
+                curr->next->prev = curr->prev;
+            if (curr->prev != NULL)
+                curr->prev->next = curr->next;
+            curr->next = NULL;
+            curr->prev = NULL;
+        }
+    }
+
+    *head_p = head;
+    *tail_p = tail;
+}
+
+static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
+                                    CIPHER_ORDER **tail_p)
+{
+    int max_strength_bits, i, *number_uses;
+    CIPHER_ORDER *curr;
+
+    /*
+     * This routine sorts the ciphers with descending strength. The sorting
+     * must keep the pre-sorted sequence, so we apply the normal sorting
+     * routine as '+' movement to the end of the list.
+     */
+    max_strength_bits = 0;
+    curr = *head_p;
+    while (curr != NULL) {
+        if (curr->active && (curr->cipher->strength_bits > max_strength_bits))
+            max_strength_bits = curr->cipher->strength_bits;
+        curr = curr->next;
+    }
+
+    number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int));
+    if (!number_uses) {
+        SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE);
+        return (0);
+    }
+    memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int));
+
+    /*
+     * Now find the strength_bits values actually used
+     */
+    curr = *head_p;
+    while (curr != NULL) {
+        if (curr->active)
+            number_uses[curr->cipher->strength_bits]++;
+        curr = curr->next;
+    }
+    /*
+     * Go through the list of used strength_bits values in descending
+     * order.
+     */
+    for (i = max_strength_bits; i >= 0; i--)
+        if (number_uses[i] > 0)
+            ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p,
+                                  tail_p);
+
+    OPENSSL_free(number_uses);
+    return (1);
+}
+
+static int ssl_cipher_process_rulestr(const char *rule_str,
+                                      CIPHER_ORDER **head_p,
+                                      CIPHER_ORDER **tail_p,
+                                      const SSL_CIPHER **ca_list)
+{
+    unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl,
+        algo_strength;
+    const char *l, *buf;
+    int j, multi, found, rule, retval, ok, buflen;
+    unsigned long cipher_id = 0;
+    char ch;
+
+    retval = 1;
+    l = rule_str;
+    for (;;) {
+        ch = *l;
+
+        if (ch == '\0')
+            break;              /* done */
+        if (ch == '-') {
+            rule = CIPHER_DEL;
+            l++;
+        } else if (ch == '+') {
+            rule = CIPHER_ORD;
+            l++;
+        } else if (ch == '!') {
+            rule = CIPHER_KILL;
+            l++;
+        } else if (ch == '@') {
+            rule = CIPHER_SPECIAL;
+            l++;
+        } else {
+            rule = CIPHER_ADD;
+        }
+
+        if (ITEM_SEP(ch)) {
+            l++;
+            continue;
+        }
+
+        alg_mkey = 0;
+        alg_auth = 0;
+        alg_enc = 0;
+        alg_mac = 0;
+        alg_ssl = 0;
+        algo_strength = 0;
+
+        for (;;) {
+            ch = *l;
+            buf = l;
+            buflen = 0;
+#ifndef CHARSET_EBCDIC
+            while (((ch >= 'A') && (ch <= 'Z')) ||
+                   ((ch >= '0') && (ch <= '9')) ||
+                   ((ch >= 'a') && (ch <= 'z')) || (ch == '-') || (ch == '.'))
+#else
+            while (isalnum(ch) || (ch == '-') || (ch == '.'))
+#endif
+            {
+                ch = *(++l);
+                buflen++;
+            }
+
+            if (buflen == 0) {
+                /*
+                 * We hit something we cannot deal with,
+                 * it is no command or separator nor
+                 * alphanumeric, so we call this an error.
+                 */
+                SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
+                       SSL_R_INVALID_COMMAND);
+                retval = found = 0;
+                l++;
+                break;
+            }
+
+            if (rule == CIPHER_SPECIAL) {
+                found = 0;      /* unused -- avoid compiler warning */
+                break;          /* special treatment */
+            }
+
+            /* check for multi-part specification */
+            if (ch == '+') {
+                multi = 1;
+                l++;
+            } else
+                multi = 0;
+
+            /*
+             * Now search for the cipher alias in the ca_list. Be careful
+             * with the strncmp, because the "buflen" limitation
+             * will make the rule "ADH:SOME" and the cipher
+             * "ADH-MY-CIPHER" look like a match for buflen=3.
+             * So additionally check whether the cipher name found
+             * has the correct length. We can save a strlen() call:
+             * just checking for the '\0' at the right place is
+             * sufficient, we have to strncmp() anyway. (We cannot
+             * use strcmp(), because buf is not '\0' terminated.)
+             */
+            j = found = 0;
+            cipher_id = 0;
+            while (ca_list[j]) {
+                if (!strncmp(buf, ca_list[j]->name, buflen) &&
+                    (ca_list[j]->name[buflen] == '\0')) {
+                    found = 1;
+                    break;
+                } else
+                    j++;
+            }
+
+            if (!found)
+                break;          /* ignore this entry */
+
+            if (ca_list[j]->algorithm_mkey) {
+                if (alg_mkey) {
+                    alg_mkey &= ca_list[j]->algorithm_mkey;
+                    if (!alg_mkey) {
+                        found = 0;
+                        break;
+                    }
+                } else
+                    alg_mkey = ca_list[j]->algorithm_mkey;
+            }
+
+            if (ca_list[j]->algorithm_auth) {
+                if (alg_auth) {
+                    alg_auth &= ca_list[j]->algorithm_auth;
+                    if (!alg_auth) {
+                        found = 0;
+                        break;
+                    }
+                } else
+                    alg_auth = ca_list[j]->algorithm_auth;
+            }
+
+            if (ca_list[j]->algorithm_enc) {
+                if (alg_enc) {
+                    alg_enc &= ca_list[j]->algorithm_enc;
+                    if (!alg_enc) {
+                        found = 0;
+                        break;
+                    }
+                } else
+                    alg_enc = ca_list[j]->algorithm_enc;
+            }
+
+            if (ca_list[j]->algorithm_mac) {
+                if (alg_mac) {
+                    alg_mac &= ca_list[j]->algorithm_mac;
+                    if (!alg_mac) {
+                        found = 0;
+                        break;
+                    }
+                } else
+                    alg_mac = ca_list[j]->algorithm_mac;
+            }
+
+            if (ca_list[j]->algo_strength & SSL_EXP_MASK) {
+                if (algo_strength & SSL_EXP_MASK) {
+                    algo_strength &=
+                        (ca_list[j]->algo_strength & SSL_EXP_MASK) |
+                        ~SSL_EXP_MASK;
+                    if (!(algo_strength & SSL_EXP_MASK)) {
+                        found = 0;
+                        break;
+                    }
+                } else
+                    algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK;
+            }
+
+            if (ca_list[j]->algo_strength & SSL_STRONG_MASK) {
+                if (algo_strength & SSL_STRONG_MASK) {
+                    algo_strength &=
+                        (ca_list[j]->algo_strength & SSL_STRONG_MASK) |
+                        ~SSL_STRONG_MASK;
+                    if (!(algo_strength & SSL_STRONG_MASK)) {
+                        found = 0;
+                        break;
+                    }
+                } else
+                    algo_strength |=
+                        ca_list[j]->algo_strength & SSL_STRONG_MASK;
+            }
+
+            if (ca_list[j]->algo_strength & SSL_NOT_DEFAULT) {
+                algo_strength |= SSL_NOT_DEFAULT;
+            }
+
+            if (ca_list[j]->valid) {
+                /*
+                 * explicit ciphersuite found; its protocol version does not
+                 * become part of the search pattern!
+                 */
+
+                cipher_id = ca_list[j]->id;
+            } else {
+                /*
+                 * not an explicit ciphersuite; only in this case, the
+                 * protocol version is considered part of the search pattern
+                 */
+
+                if (ca_list[j]->algorithm_ssl) {
+                    if (alg_ssl) {
+                        alg_ssl &= ca_list[j]->algorithm_ssl;
+                        if (!alg_ssl) {
+                            found = 0;
+                            break;
+                        }
+                    } else
+                        alg_ssl = ca_list[j]->algorithm_ssl;
+                }
+            }
+
+            if (!multi)
+                break;
+        }
+
+        /*
+         * Ok, we have the rule, now apply it
+         */
+        if (rule == CIPHER_SPECIAL) { /* special command */
+            ok = 0;
+            if ((buflen == 8) && !strncmp(buf, "STRENGTH", 8))
+                ok = ssl_cipher_strength_sort(head_p, tail_p);
+            else
+                SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
+                       SSL_R_INVALID_COMMAND);
+            if (ok == 0)
+                retval = 0;
+            /*
+             * We do not support any "multi" options
+             * together with "@", so throw away the
+             * rest of the command, if any left, until
+             * end or ':' is found.
+             */
+            while ((*l != '\0') && !ITEM_SEP(*l))
+                l++;
+        } else if (found) {
+            ssl_cipher_apply_rule(cipher_id,
+                                  alg_mkey, alg_auth, alg_enc, alg_mac,
+                                  alg_ssl, algo_strength, rule, -1, head_p,
+                                  tail_p);
+        } else {
+            while ((*l != '\0') && !ITEM_SEP(*l))
+                l++;
+        }
+        if (*l == '\0')
+            break;              /* done */
+    }
+
+    return (retval);
+}
+
+STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK_OF(SSL_CIPHER)
+                                             **cipher_list, STACK_OF(SSL_CIPHER)
+                                             **cipher_list_by_id,
+                                             const char *rule_str)
+{
+    int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
+    unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac,
+        disabled_ssl;
+    STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
+    const char *rule_p;
+    CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
+    const SSL_CIPHER **ca_list = NULL;
+
+    /*
+     * Return with error if nothing to do.
+     */
+    if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
+        return NULL;
+
+    /*
+     * To reduce the work to do we only want to process the compiled
+     * in algorithms, so we first get the mask of disabled ciphers.
+     */
+    ssl_cipher_get_disabled(&disabled_mkey, &disabled_auth, &disabled_enc,
+                            &disabled_mac, &disabled_ssl);
+
+    /*
+     * Now we have to collect the available ciphers from the compiled
+     * in ciphers. We cannot get more than the number compiled in, so
+     * it is used for allocation.
+     */
+    num_of_ciphers = ssl_method->num_ciphers();
+#ifdef KSSL_DEBUG
+    fprintf(stderr, "ssl_create_cipher_list() for %d ciphers\n",
+            num_of_ciphers);
+#endif                          /* KSSL_DEBUG */
+    co_list =
+        (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
+    if (co_list == NULL) {
+        SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+        return (NULL);          /* Failure */
+    }
+
+    ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
+                               disabled_mkey, disabled_auth, disabled_enc,
+                               disabled_mac, disabled_ssl, co_list, &head,
+                               &tail);
+
+    /* Now arrange all ciphers by preference: */
+
+    /*
+     * Everything else being equal, prefer ephemeral ECDH over other key
+     * exchange mechanisms
+     */
+    ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head,
+                          &tail);
+    ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head,
+                          &tail);
+
+    /* AES is our preferred symmetric cipher */
+    ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head,
+                          &tail);
+
+    /* Temporarily enable everything else for sorting */
+    ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
+
+    /* Low priority for MD5 */
+    ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head,
+                          &tail);
+
+    /*
+     * Move anonymous ciphers to the end.  Usually, these will remain
+     * disabled. (For applications that allow them, they aren't too bad, but
+     * we prefer authenticated ciphers.)
+     */
+    ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
+                          &tail);
+
+    /* Move ciphers without forward secrecy to the end */
+    ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
+                          &tail);
+    /*
+     * ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1,
+     * &head, &tail);
+     */
+    ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
+                          &tail);
+    ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
+                          &tail);
+    ssl_cipher_apply_rule(0, SSL_kKRB5, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
+                          &tail);
+
+    /* RC4 is sort-of broken -- move the the end */
+    ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head,
+                          &tail);
+
+    /*
+     * Now sort by symmetric encryption strength.  The above ordering remains
+     * in force within each class
+     */
+    if (!ssl_cipher_strength_sort(&head, &tail)) {
+        OPENSSL_free(co_list);
+        return NULL;
+    }
+
+    /* Now disable everything (maintaining the ordering!) */
+    ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
+
+    /*
+     * We also need cipher aliases for selecting based on the rule_str.
+     * There might be two types of entries in the rule_str: 1) names
+     * of ciphers themselves 2) aliases for groups of ciphers.
+     * For 1) we need the available ciphers and for 2) the cipher
+     * groups of cipher_aliases added together in one list (otherwise
+     * we would be happy with just the cipher_aliases table).
+     */
+    num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
+    num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
+    ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
+    if (ca_list == NULL) {
+        OPENSSL_free(co_list);
+        SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+        return (NULL);          /* Failure */
+    }
+    ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
+                               disabled_mkey, disabled_auth, disabled_enc,
+                               disabled_mac, disabled_ssl, head);
+
+    /*
+     * If the rule_string begins with DEFAULT, apply the default rule
+     * before using the (possibly available) additional rules.
+     */
+    ok = 1;
+    rule_p = rule_str;
+    if (strncmp(rule_str, "DEFAULT", 7) == 0) {
+        ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
+                                        &head, &tail, ca_list);
+        rule_p += 7;
+        if (*rule_p == ':')
+            rule_p++;
+    }
+
+    if (ok && (strlen(rule_p) > 0))
+        ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list);
+
+    OPENSSL_free((void *)ca_list); /* Not needed anymore */
+
+    if (!ok) {                  /* Rule processing failure */
+        OPENSSL_free(co_list);
+        return (NULL);
+    }
+
+    /*
+     * Allocate new "cipherstack" for the result, return with error
+     * if we cannot get one.
+     */
+    if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
+        OPENSSL_free(co_list);
+        return (NULL);
+    }
+
+    /*
+     * The cipher selection for the list is done. The ciphers are added
+     * to the resulting precedence to the STACK_OF(SSL_CIPHER).
+     */
+    for (curr = head; curr != NULL; curr = curr->next) {
+#ifdef OPENSSL_FIPS
+        if (curr->active
+            && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
+#else
+        if (curr->active)
+#endif
+        {
+            sk_SSL_CIPHER_push(cipherstack, curr->cipher);
+#ifdef CIPHER_DEBUG
+            fprintf(stderr, "<%s>\n", curr->cipher->name);
+#endif
+        }
+    }
+    OPENSSL_free(co_list);      /* Not needed any longer */
+
+    tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
+    if (tmp_cipher_list == NULL) {
+        sk_SSL_CIPHER_free(cipherstack);
+        return NULL;
+    }
+    if (*cipher_list != NULL)
+        sk_SSL_CIPHER_free(*cipher_list);
+    *cipher_list = cipherstack;
+    if (*cipher_list_by_id != NULL)
+        sk_SSL_CIPHER_free(*cipher_list_by_id);
+    *cipher_list_by_id = tmp_cipher_list;
+    (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,
+                                     ssl_cipher_ptr_id_cmp);
+
+    sk_SSL_CIPHER_sort(*cipher_list_by_id);
+    return (cipherstack);
+}
+
+char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
+{
+    int is_export, pkl, kl;
+    const char *ver, *exp_str;
+    const char *kx, *au, *enc, *mac;
+    unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, alg2;
+#ifdef KSSL_DEBUG
+    static const char *format =
+        "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n";
+#else
+    static const char *format =
+        "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
+#endif                          /* KSSL_DEBUG */
+
+    alg_mkey = cipher->algorithm_mkey;
+    alg_auth = cipher->algorithm_auth;
+    alg_enc = cipher->algorithm_enc;
+    alg_mac = cipher->algorithm_mac;
+    alg_ssl = cipher->algorithm_ssl;
+
+    alg2 = cipher->algorithm2;
+
+    is_export = SSL_C_IS_EXPORT(cipher);
+    pkl = SSL_C_EXPORT_PKEYLENGTH(cipher);
+    kl = SSL_C_EXPORT_KEYLENGTH(cipher);
+    exp_str = is_export ? " export" : "";
+
+    if (alg_ssl & SSL_SSLV2)
+        ver = "SSLv2";
+    else if (alg_ssl & SSL_SSLV3)
+        ver = "SSLv3";
+    else if (alg_ssl & SSL_TLSV1_2)
+        ver = "TLSv1.2";
+    else
+        ver = "unknown";
+
+    switch (alg_mkey) {
+    case SSL_kRSA:
+        kx = is_export ? (pkl == 512 ? "RSA(512)" : "RSA(1024)") : "RSA";
+        break;
+    case SSL_kDHr:
+        kx = "DH/RSA";
+        break;
+    case SSL_kDHd:
+        kx = "DH/DSS";
+        break;
+    case SSL_kKRB5:
+        kx = "KRB5";
+        break;
+    case SSL_kEDH:
+        kx = is_export ? (pkl == 512 ? "DH(512)" : "DH(1024)") : "DH";
+        break;
+    case SSL_kECDHr:
+        kx = "ECDH/RSA";
+        break;
+    case SSL_kECDHe:
+        kx = "ECDH/ECDSA";
+        break;
+    case SSL_kEECDH:
+        kx = "ECDH";
+        break;
+    case SSL_kPSK:
+        kx = "PSK";
+        break;
+    case SSL_kSRP:
+        kx = "SRP";
+        break;
+    case SSL_kGOST:
+        kx = "GOST";
+        break;
+    default:
+        kx = "unknown";
+    }
+
+    switch (alg_auth) {
+    case SSL_aRSA:
+        au = "RSA";
+        break;
+    case SSL_aDSS:
+        au = "DSS";
+        break;
+    case SSL_aDH:
+        au = "DH";
+        break;
+    case SSL_aKRB5:
+        au = "KRB5";
+        break;
+    case SSL_aECDH:
+        au = "ECDH";
+        break;
+    case SSL_aNULL:
+        au = "None";
+        break;
+    case SSL_aECDSA:
+        au = "ECDSA";
+        break;
+    case SSL_aPSK:
+        au = "PSK";
+        break;
+    case SSL_aSRP:
+        au = "SRP";
+        break;
+    case SSL_aGOST94:
+        au = "GOST94";
+        break;
+    case SSL_aGOST01:
+        au = "GOST01";
+        break;
+    default:
+        au = "unknown";
+        break;
+    }
+
+    switch (alg_enc) {
+    case SSL_DES:
+        enc = (is_export && kl == 5) ? "DES(40)" : "DES(56)";
+        break;
+    case SSL_3DES:
+        enc = "3DES(168)";
+        break;
+    case SSL_RC4:
+        enc = is_export ? (kl == 5 ? "RC4(40)" : "RC4(56)")
+            : ((alg2 & SSL2_CF_8_BYTE_ENC) ? "RC4(64)" : "RC4(128)");
+        break;
+    case SSL_RC2:
+        enc = is_export ? (kl == 5 ? "RC2(40)" : "RC2(56)") : "RC2(128)";
+        break;
+    case SSL_IDEA:
+        enc = "IDEA(128)";
+        break;
+    case SSL_eNULL:
+        enc = "None";
+        break;
+    case SSL_AES128:
+        enc = "AES(128)";
+        break;
+    case SSL_AES256:
+        enc = "AES(256)";
+        break;
+    case SSL_AES128GCM:
+        enc = "AESGCM(128)";
+        break;
+    case SSL_AES256GCM:
+        enc = "AESGCM(256)";
+        break;
+    case SSL_CAMELLIA128:
+        enc = "Camellia(128)";
+        break;
+    case SSL_CAMELLIA256:
+        enc = "Camellia(256)";
+        break;
+    case SSL_SEED:
+        enc = "SEED(128)";
+        break;
+    case SSL_eGOST2814789CNT:
+        enc = "GOST89(256)";
+        break;
+    default:
+        enc = "unknown";
+        break;
+    }
+
+    switch (alg_mac) {
+    case SSL_MD5:
+        mac = "MD5";
+        break;
+    case SSL_SHA1:
+        mac = "SHA1";
+        break;
+    case SSL_SHA256:
+        mac = "SHA256";
+        break;
+    case SSL_SHA384:
+        mac = "SHA384";
+        break;
+    case SSL_AEAD:
+        mac = "AEAD";
+        break;
+    case SSL_GOST89MAC:
+        mac = "GOST89";
+        break;
+    case SSL_GOST94:
+        mac = "GOST94";
+        break;
+    default:
+        mac = "unknown";
+        break;
+    }
+
+    if (buf == NULL) {
+        len = 128;
+        buf = OPENSSL_malloc(len);
+        if (buf == NULL)
+            return ("OPENSSL_malloc Error");
+    } else if (len < 128)
+        return ("Buffer too small");
+
+#ifdef KSSL_DEBUG
+    BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac,
+                 exp_str, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl);
+#else
+    BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac,
+                 exp_str);
+#endif                          /* KSSL_DEBUG */
+    return (buf);
+}
+
+char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
+{
+    int i;
+
+    if (c == NULL)
+        return ("(NONE)");
+    i = (int)(c->id >> 24L);
+    if (i == 3)
+        return ("TLSv1/SSLv3");
+    else if (i == 2)
+        return ("SSLv2");
+    else
+        return ("unknown");
+}
+
+/* return the actual cipher being used */
+const char *SSL_CIPHER_get_name(const SSL_CIPHER *c)
+{
+    if (c != NULL)
+        return (c->name);
+    return ("(NONE)");
+}
+
+/* number of bits for symmetric cipher */
+int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
+{
+    int ret = 0;
+
+    if (c != NULL) {
+        if (alg_bits != NULL)
+            *alg_bits = c->alg_bits;
+        ret = c->strength_bits;
+    }
+    return (ret);
+}
+
+unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c)
+{
+    return c->id;
+}
+
+SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
+{
+    SSL_COMP *ctmp;
+    int i, nn;
+
+    if ((n == 0) || (sk == NULL))
+        return (NULL);
+    nn = sk_SSL_COMP_num(sk);
+    for (i = 0; i < nn; i++) {
+        ctmp = sk_SSL_COMP_value(sk, i);
+        if (ctmp->id == n)
+            return (ctmp);
+    }
+    return (NULL);
+}
+
+#ifdef OPENSSL_NO_COMP
+void *SSL_COMP_get_compression_methods(void)
+{
+    return NULL;
+}
+
+int SSL_COMP_add_compression_method(int id, void *cm)
+{
+    return 1;
+}
+
+const char *SSL_COMP_get_name(const void *comp)
+{
+    return NULL;
+}
+#else
+STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
+{
+    load_builtin_compressions();
+    return (ssl_comp_methods);
+}
+
+int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
+{
+    SSL_COMP *comp;
+
+    if (cm == NULL || cm->type == NID_undef)
+        return 1;
+
+    /*-
+     * According to draft-ietf-tls-compression-04.txt, the
+     * compression number ranges should be the following:
+     *
+     *   0 to  63:  methods defined by the IETF
+     *  64 to 192:  external party methods assigned by IANA
+     * 193 to 255:  reserved for private use
+     */
+    if (id < 193 || id > 255) {
+        SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
+               SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
+        return 0;
+    }
+
+    MemCheck_off();
+    comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
+    comp->id = id;
+    comp->method = cm;
+    load_builtin_compressions();
+    if (ssl_comp_methods && sk_SSL_COMP_find(ssl_comp_methods, comp) >= 0) {
+        OPENSSL_free(comp);
+        MemCheck_on();
+        SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
+               SSL_R_DUPLICATE_COMPRESSION_ID);
+        return (1);
+    } else if ((ssl_comp_methods == NULL)
+               || !sk_SSL_COMP_push(ssl_comp_methods, comp)) {
+        OPENSSL_free(comp);
+        MemCheck_on();
+        SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
+        return (1);
+    } else {
+        MemCheck_on();
+        return (0);
+    }
+}
+
+const char *SSL_COMP_get_name(const COMP_METHOD *comp)
+{
+    if (comp)
+        return comp->name;
+    return NULL;
+}
+
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/ssl/ssl_err.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/ssl_err.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/ssl/ssl_err.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,797 +0,0 @@
-/* ssl/ssl_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason)
-
-static ERR_STRING_DATA SSL_str_functs[] = {
-    {ERR_FUNC(SSL_F_CLIENT_CERTIFICATE), "CLIENT_CERTIFICATE"},
-    {ERR_FUNC(SSL_F_CLIENT_FINISHED), "CLIENT_FINISHED"},
-    {ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"},
-    {ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"},
-    {ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"},
-    {ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "DO_DTLS1_WRITE"},
-    {ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"},
-    {ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"},
-    {ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF), "DTLS1_ADD_CERT_TO_BUF"},
-    {ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"},
-    {ERR_FUNC(SSL_F_DTLS1_CHECK_TIMEOUT_NUM), "DTLS1_CHECK_TIMEOUT_NUM"},
-    {ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "DTLS1_CLIENT_HELLO"},
-    {ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"},
-    {ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"},
-    {ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"},
-    {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "DTLS1_GET_MESSAGE"},
-    {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT),
-     "DTLS1_GET_MESSAGE_FRAGMENT"},
-    {ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "DTLS1_GET_RECORD"},
-    {ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT), "DTLS1_HANDLE_TIMEOUT"},
-    {ERR_FUNC(SSL_F_DTLS1_HEARTBEAT), "DTLS1_HEARTBEAT"},
-    {ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"},
-    {ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"},
-    {ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE),
-     "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"},
-    {ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"},
-    {ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "DTLS1_READ_BYTES"},
-    {ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "DTLS1_READ_FAILED"},
-    {ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST),
-     "DTLS1_SEND_CERTIFICATE_REQUEST"},
-    {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE),
-     "DTLS1_SEND_CLIENT_CERTIFICATE"},
-    {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE),
-     "DTLS1_SEND_CLIENT_KEY_EXCHANGE"},
-    {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY), "DTLS1_SEND_CLIENT_VERIFY"},
-    {ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST),
-     "DTLS1_SEND_HELLO_VERIFY_REQUEST"},
-    {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE),
-     "DTLS1_SEND_SERVER_CERTIFICATE"},
-    {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO), "DTLS1_SEND_SERVER_HELLO"},
-    {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE),
-     "DTLS1_SEND_SERVER_KEY_EXCHANGE"},
-    {ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES),
-     "DTLS1_WRITE_APP_DATA_BYTES"},
-    {ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"},
-    {ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"},
-    {ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"},
-    {ERR_FUNC(SSL_F_GET_SERVER_FINISHED), "GET_SERVER_FINISHED"},
-    {ERR_FUNC(SSL_F_GET_SERVER_HELLO), "GET_SERVER_HELLO"},
-    {ERR_FUNC(SSL_F_GET_SERVER_VERIFY), "GET_SERVER_VERIFY"},
-    {ERR_FUNC(SSL_F_I2D_SSL_SESSION), "i2d_SSL_SESSION"},
-    {ERR_FUNC(SSL_F_READ_N), "READ_N"},
-    {ERR_FUNC(SSL_F_REQUEST_CERTIFICATE), "REQUEST_CERTIFICATE"},
-    {ERR_FUNC(SSL_F_SERVER_FINISH), "SERVER_FINISH"},
-    {ERR_FUNC(SSL_F_SERVER_HELLO), "SERVER_HELLO"},
-    {ERR_FUNC(SSL_F_SERVER_VERIFY), "SERVER_VERIFY"},
-    {ERR_FUNC(SSL_F_SSL23_ACCEPT), "SSL23_ACCEPT"},
-    {ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"},
-    {ERR_FUNC(SSL_F_SSL23_CONNECT), "SSL23_CONNECT"},
-    {ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO), "SSL23_GET_CLIENT_HELLO"},
-    {ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO), "SSL23_GET_SERVER_HELLO"},
-    {ERR_FUNC(SSL_F_SSL23_PEEK), "SSL23_PEEK"},
-    {ERR_FUNC(SSL_F_SSL23_READ), "SSL23_READ"},
-    {ERR_FUNC(SSL_F_SSL23_WRITE), "SSL23_WRITE"},
-    {ERR_FUNC(SSL_F_SSL2_ACCEPT), "SSL2_ACCEPT"},
-    {ERR_FUNC(SSL_F_SSL2_CONNECT), "SSL2_CONNECT"},
-    {ERR_FUNC(SSL_F_SSL2_ENC_INIT), "SSL2_ENC_INIT"},
-    {ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL),
-     "SSL2_GENERATE_KEY_MATERIAL"},
-    {ERR_FUNC(SSL_F_SSL2_PEEK), "SSL2_PEEK"},
-    {ERR_FUNC(SSL_F_SSL2_READ), "SSL2_READ"},
-    {ERR_FUNC(SSL_F_SSL2_READ_INTERNAL), "SSL2_READ_INTERNAL"},
-    {ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE), "SSL2_SET_CERTIFICATE"},
-    {ERR_FUNC(SSL_F_SSL2_WRITE), "SSL2_WRITE"},
-    {ERR_FUNC(SSL_F_SSL3_ACCEPT), "SSL3_ACCEPT"},
-    {ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF), "SSL3_ADD_CERT_TO_BUF"},
-    {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"},
-    {ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"},
-    {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM),
-     "SSL3_CHECK_CERT_AND_ALGORITHM"},
-    {ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "SSL3_CHECK_CLIENT_HELLO"},
-    {ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"},
-    {ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"},
-    {ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"},
-    {ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"},
-    {ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS),
-     "SSL3_DIGEST_CACHED_RECORDS"},
-    {ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC),
-     "SSL3_DO_CHANGE_CIPHER_SPEC"},
-    {ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"},
-    {ERR_FUNC(SSL_F_SSL3_CHECK_FINISHED), "SSL3_CHECK_FINISHED"},
-    {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"},
-    {ERR_FUNC(SSL_F_SSL3_GENERATE_MASTER_SECRET),
-     "ssl3_generate_master_secret"},
-    {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST),
-     "SSL3_GET_CERTIFICATE_REQUEST"},
-    {ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"},
-    {ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"},
-    {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE),
-     "SSL3_GET_CLIENT_CERTIFICATE"},
-    {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"},
-    {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE),
-     "SSL3_GET_CLIENT_KEY_EXCHANGE"},
-    {ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"},
-    {ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"},
-    {ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"},
-    {ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET),
-     "SSL3_GET_NEW_SESSION_TICKET"},
-    {ERR_FUNC(SSL_F_SSL3_GET_NEXT_PROTO), "SSL3_GET_NEXT_PROTO"},
-    {ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"},
-    {ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE),
-     "SSL3_GET_SERVER_CERTIFICATE"},
-    {ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"},
-    {ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"},
-    {ERR_FUNC(SSL_F_SSL3_HANDSHAKE_MAC), "ssl3_handshake_mac"},
-    {ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET), "SSL3_NEW_SESSION_TICKET"},
-    {ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"},
-    {ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"},
-    {ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"},
-    {ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"},
-    {ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST),
-     "SSL3_SEND_CERTIFICATE_REQUEST"},
-    {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE),
-     "SSL3_SEND_CLIENT_CERTIFICATE"},
-    {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE),
-     "SSL3_SEND_CLIENT_KEY_EXCHANGE"},
-    {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"},
-    {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE),
-     "SSL3_SEND_SERVER_CERTIFICATE"},
-    {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "SSL3_SEND_SERVER_HELLO"},
-    {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE),
-     "SSL3_SEND_SERVER_KEY_EXCHANGE"},
-    {ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"},
-    {ERR_FUNC(SSL_F_SSL3_SETUP_READ_BUFFER), "SSL3_SETUP_READ_BUFFER"},
-    {ERR_FUNC(SSL_F_SSL3_SETUP_WRITE_BUFFER), "SSL3_SETUP_WRITE_BUFFER"},
-    {ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"},
-    {ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"},
-    {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT),
-     "SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT"},
-    {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT),
-     "SSL_ADD_CLIENTHELLO_TLSEXT"},
-    {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT),
-     "SSL_ADD_CLIENTHELLO_USE_SRTP_EXT"},
-    {ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK),
-     "SSL_add_dir_cert_subjects_to_stack"},
-    {ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK),
-     "SSL_add_file_cert_subjects_to_stack"},
-    {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT),
-     "SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT"},
-    {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT),
-     "SSL_ADD_SERVERHELLO_TLSEXT"},
-    {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT),
-     "SSL_ADD_SERVERHELLO_USE_SRTP_EXT"},
-    {ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"},
-    {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"},
-    {ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"},
-    {ERR_FUNC(SSL_F_SSL_CERT_INST), "SSL_CERT_INST"},
-    {ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"},
-    {ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"},
-    {ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"},
-    {ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT),
-     "SSL_CHECK_SERVERHELLO_TLSEXT"},
-    {ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG),
-     "SSL_CHECK_SRVR_ECC_CERT_AND_ALG"},
-    {ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR),
-     "SSL_CIPHER_PROCESS_RULESTR"},
-    {ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"},
-    {ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"},
-    {ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD),
-     "SSL_COMP_add_compression_method"},
-    {ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "SSL_CREATE_CIPHER_LIST"},
-    {ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"},
-    {ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"},
-    {ERR_FUNC(SSL_F_SSL_CTX_MAKE_PROFILES), "SSL_CTX_MAKE_PROFILES"},
-    {ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"},
-    {ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"},
-    {ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE),
-     "SSL_CTX_set_client_cert_engine"},
-    {ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"},
-    {ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT),
-     "SSL_CTX_set_session_id_context"},
-    {ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"},
-    {ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST), "SSL_CTX_set_trust"},
-    {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"},
-    {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1),
-     "SSL_CTX_use_certificate_ASN1"},
-    {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE),
-     "SSL_CTX_use_certificate_chain_file"},
-    {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE),
-     "SSL_CTX_use_certificate_file"},
-    {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"},
-    {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1),
-     "SSL_CTX_use_PrivateKey_ASN1"},
-    {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE),
-     "SSL_CTX_use_PrivateKey_file"},
-    {ERR_FUNC(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT),
-     "SSL_CTX_use_psk_identity_hint"},
-    {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"},
-    {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1),
-     "SSL_CTX_use_RSAPrivateKey_ASN1"},
-    {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE),
-     "SSL_CTX_use_RSAPrivateKey_file"},
-    {ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"},
-    {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"},
-    {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"},
-    {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"},
-    {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY), "SSL_GET_SERVER_SEND_PKEY"},
-    {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"},
-    {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"},
-    {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"},
-    {ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"},
-    {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT),
-     "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"},
-    {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT),
-     "SSL_PARSE_CLIENTHELLO_TLSEXT"},
-    {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT),
-     "SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT"},
-    {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT),
-     "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"},
-    {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT),
-     "SSL_PARSE_SERVERHELLO_TLSEXT"},
-    {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT),
-     "SSL_PARSE_SERVERHELLO_USE_SRTP_EXT"},
-    {ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"},
-    {ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT),
-     "SSL_PREPARE_CLIENTHELLO_TLSEXT"},
-    {ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT),
-     "SSL_PREPARE_SERVERHELLO_TLSEXT"},
-    {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"},
-    {ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"},
-    {ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"},
-    {ERR_FUNC(SSL_F_SSL_SESSION_DUP), "ssl_session_dup"},
-    {ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"},
-    {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"},
-    {ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT),
-     "SSL_SESSION_set1_id_context"},
-    {ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"},
-    {ERR_FUNC(SSL_F_SSL_SET_CERT), "SSL_SET_CERT"},
-    {ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"},
-    {ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"},
-    {ERR_FUNC(SSL_F_SSL_SET_PKEY), "SSL_SET_PKEY"},
-    {ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"},
-    {ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"},
-    {ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"},
-    {ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT),
-     "SSL_set_session_id_context"},
-    {ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT),
-     "SSL_set_session_ticket_ext"},
-    {ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"},
-    {ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"},
-    {ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"},
-    {ERR_FUNC(SSL_F_SSL_SRP_CTX_INIT), "SSL_SRP_CTX_init"},
-    {ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION),
-     "SSL_UNDEFINED_CONST_FUNCTION"},
-    {ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"},
-    {ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION),
-     "SSL_UNDEFINED_VOID_FUNCTION"},
-    {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"},
-    {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"},
-    {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"},
-    {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"},
-    {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"},
-    {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"},
-    {ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT), "SSL_use_psk_identity_hint"},
-    {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"},
-    {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1),
-     "SSL_use_RSAPrivateKey_ASN1"},
-    {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE),
-     "SSL_use_RSAPrivateKey_file"},
-    {ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "SSL_VERIFY_CERT_CHAIN"},
-    {ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"},
-    {ERR_FUNC(SSL_F_TLS1_CERT_VERIFY_MAC), "tls1_cert_verify_mac"},
-    {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "TLS1_CHANGE_CIPHER_STATE"},
-    {ERR_FUNC(SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT),
-     "TLS1_CHECK_SERVERHELLO_TLSEXT"},
-    {ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"},
-    {ERR_FUNC(SSL_F_TLS1_EXPORT_KEYING_MATERIAL),
-     "TLS1_EXPORT_KEYING_MATERIAL"},
-    {ERR_FUNC(SSL_F_TLS1_HEARTBEAT), "SSL_F_TLS1_HEARTBEAT"},
-    {ERR_FUNC(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT),
-     "TLS1_PREPARE_CLIENTHELLO_TLSEXT"},
-    {ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT),
-     "TLS1_PREPARE_SERVERHELLO_TLSEXT"},
-    {ERR_FUNC(SSL_F_TLS1_PRF), "tls1_prf"},
-    {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"},
-    {ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"},
-    {0, NULL}
-};
-
-static ERR_STRING_DATA SSL_str_reasons[] = {
-    {ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE), "app data in handshake"},
-    {ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT),
-     "attempt to reuse session in different context"},
-    {ERR_REASON(SSL_R_BAD_ALERT_RECORD), "bad alert record"},
-    {ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE), "bad authentication type"},
-    {ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC), "bad change cipher spec"},
-    {ERR_REASON(SSL_R_BAD_CHECKSUM), "bad checksum"},
-    {ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),
-     "bad data returned by callback"},
-    {ERR_REASON(SSL_R_BAD_DECOMPRESSION), "bad decompression"},
-    {ERR_REASON(SSL_R_BAD_DH_G_LENGTH), "bad dh g length"},
-    {ERR_REASON(SSL_R_BAD_DH_G_VALUE), "bad dh g value"},
-    {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH), "bad dh pub key length"},
-    {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_VALUE), "bad dh pub key value"},
-    {ERR_REASON(SSL_R_BAD_DH_P_LENGTH), "bad dh p length"},
-    {ERR_REASON(SSL_R_BAD_DH_P_VALUE), "bad dh p value"},
-    {ERR_REASON(SSL_R_BAD_DIGEST_LENGTH), "bad digest length"},
-    {ERR_REASON(SSL_R_BAD_DSA_SIGNATURE), "bad dsa signature"},
-    {ERR_REASON(SSL_R_BAD_ECC_CERT), "bad ecc cert"},
-    {ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE), "bad ecdsa signature"},
-    {ERR_REASON(SSL_R_BAD_ECPOINT), "bad ecpoint"},
-    {ERR_REASON(SSL_R_BAD_HANDSHAKE_LENGTH), "bad handshake length"},
-    {ERR_REASON(SSL_R_BAD_HELLO_REQUEST), "bad hello request"},
-    {ERR_REASON(SSL_R_BAD_LENGTH), "bad length"},
-    {ERR_REASON(SSL_R_BAD_MAC_DECODE), "bad mac decode"},
-    {ERR_REASON(SSL_R_BAD_MAC_LENGTH), "bad mac length"},
-    {ERR_REASON(SSL_R_BAD_MESSAGE_TYPE), "bad message type"},
-    {ERR_REASON(SSL_R_BAD_PACKET_LENGTH), "bad packet length"},
-    {ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER),
-     "bad protocol version number"},
-    {ERR_REASON(SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH),
-     "bad psk identity hint length"},
-    {ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT), "bad response argument"},
-    {ERR_REASON(SSL_R_BAD_RSA_DECRYPT), "bad rsa decrypt"},
-    {ERR_REASON(SSL_R_BAD_RSA_ENCRYPT), "bad rsa encrypt"},
-    {ERR_REASON(SSL_R_BAD_RSA_E_LENGTH), "bad rsa e length"},
-    {ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH), "bad rsa modulus length"},
-    {ERR_REASON(SSL_R_BAD_RSA_SIGNATURE), "bad rsa signature"},
-    {ERR_REASON(SSL_R_BAD_SIGNATURE), "bad signature"},
-    {ERR_REASON(SSL_R_BAD_SRP_A_LENGTH), "bad srp a length"},
-    {ERR_REASON(SSL_R_BAD_SRP_B_LENGTH), "bad srp b length"},
-    {ERR_REASON(SSL_R_BAD_SRP_G_LENGTH), "bad srp g length"},
-    {ERR_REASON(SSL_R_BAD_SRP_N_LENGTH), "bad srp n length"},
-    {ERR_REASON(SSL_R_BAD_SRP_PARAMETERS), "bad srp parameters"},
-    {ERR_REASON(SSL_R_BAD_SRP_S_LENGTH), "bad srp s length"},
-    {ERR_REASON(SSL_R_BAD_SRTP_MKI_VALUE), "bad srtp mki value"},
-    {ERR_REASON(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST),
-     "bad srtp protection profile list"},
-    {ERR_REASON(SSL_R_BAD_SSL_FILETYPE), "bad ssl filetype"},
-    {ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH),
-     "bad ssl session id length"},
-    {ERR_REASON(SSL_R_BAD_STATE), "bad state"},
-    {ERR_REASON(SSL_R_BAD_WRITE_RETRY), "bad write retry"},
-    {ERR_REASON(SSL_R_BIO_NOT_SET), "bio not set"},
-    {ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),
-     "block cipher pad is wrong"},
-    {ERR_REASON(SSL_R_BN_LIB), "bn lib"},
-    {ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH), "ca dn length mismatch"},
-    {ERR_REASON(SSL_R_CA_DN_TOO_LONG), "ca dn too long"},
-    {ERR_REASON(SSL_R_CCS_RECEIVED_EARLY), "ccs received early"},
-    {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),
-     "certificate verify failed"},
-    {ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH), "cert length mismatch"},
-    {ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT), "challenge is different"},
-    {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH), "cipher code wrong length"},
-    {ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),
-     "cipher or hash unavailable"},
-    {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR), "cipher table src error"},
-    {ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT), "clienthello tlsext"},
-    {ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),
-     "compressed length too long"},
-    {ERR_REASON(SSL_R_COMPRESSION_DISABLED), "compression disabled"},
-    {ERR_REASON(SSL_R_COMPRESSION_FAILURE), "compression failure"},
-    {ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),
-     "compression id not within private range"},
-    {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),
-     "compression library error"},
-    {ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),
-     "connection id is different"},
-    {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET), "connection type not set"},
-    {ERR_REASON(SSL_R_COOKIE_MISMATCH), "cookie mismatch"},
-    {ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),
-     "data between ccs and finished"},
-    {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG), "data length too long"},
-    {ERR_REASON(SSL_R_DECRYPTION_FAILED), "decryption failed"},
-    {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),
-     "decryption failed or bad record mac"},
-    {ERR_REASON(SSL_R_DH_KEY_TOO_SMALL), "dh key too small"},
-    {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),
-     "dh public value length is wrong"},
-    {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED), "digest check failed"},
-    {ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG), "dtls message too big"},
-    {ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID), "duplicate compression id"},
-    {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT),
-     "ecc cert not for key agreement"},
-    {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING), "ecc cert not for signing"},
-    {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE),
-     "ecc cert should have rsa signature"},
-    {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE),
-     "ecc cert should have sha1 signature"},
-    {ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),
-     "ecgroup too large for cipher"},
-    {ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST),
-     "empty srtp protection profile list"},
-    {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),
-     "encrypted length too long"},
-    {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),
-     "error generating tmp rsa key"},
-    {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),
-     "error in received cipher list"},
-    {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE), "excessive message size"},
-    {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE), "extra data in message"},
-    {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS), "got a fin before a ccs"},
-    {ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS),
-     "got next proto before a ccs"},
-    {ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION),
-     "got next proto without seeing extension"},
-    {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST), "https proxy request"},
-    {ERR_REASON(SSL_R_HTTP_REQUEST), "http request"},
-    {ERR_REASON(SSL_R_ILLEGAL_PADDING), "illegal padding"},
-    {ERR_REASON(SSL_R_INAPPROPRIATE_FALLBACK), "inappropriate fallback"},
-    {ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION), "inconsistent compression"},
-    {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH), "invalid challenge length"},
-    {ERR_REASON(SSL_R_INVALID_COMMAND), "invalid command"},
-    {ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM),
-     "invalid compression algorithm"},
-    {ERR_REASON(SSL_R_INVALID_PURPOSE), "invalid purpose"},
-    {ERR_REASON(SSL_R_INVALID_SRP_USERNAME), "invalid srp username"},
-    {ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE), "invalid status response"},
-    {ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),
-     "invalid ticket keys length"},
-    {ERR_REASON(SSL_R_INVALID_TRUST), "invalid trust"},
-    {ERR_REASON(SSL_R_KEY_ARG_TOO_LONG), "key arg too long"},
-    {ERR_REASON(SSL_R_KRB5), "krb5"},
-    {ERR_REASON(SSL_R_KRB5_C_CC_PRINC), "krb5 client cc principal (no tkt?)"},
-    {ERR_REASON(SSL_R_KRB5_C_GET_CRED), "krb5 client get cred"},
-    {ERR_REASON(SSL_R_KRB5_C_INIT), "krb5 client init"},
-    {ERR_REASON(SSL_R_KRB5_C_MK_REQ), "krb5 client mk_req (expired tkt?)"},
-    {ERR_REASON(SSL_R_KRB5_S_BAD_TICKET), "krb5 server bad ticket"},
-    {ERR_REASON(SSL_R_KRB5_S_INIT), "krb5 server init"},
-    {ERR_REASON(SSL_R_KRB5_S_RD_REQ), "krb5 server rd_req (keytab perms?)"},
-    {ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED), "krb5 server tkt expired"},
-    {ERR_REASON(SSL_R_KRB5_S_TKT_NYV), "krb5 server tkt not yet valid"},
-    {ERR_REASON(SSL_R_KRB5_S_TKT_SKEW), "krb5 server tkt skew"},
-    {ERR_REASON(SSL_R_LENGTH_MISMATCH), "length mismatch"},
-    {ERR_REASON(SSL_R_LENGTH_TOO_SHORT), "length too short"},
-    {ERR_REASON(SSL_R_LIBRARY_BUG), "library bug"},
-    {ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS), "library has no ciphers"},
-    {ERR_REASON(SSL_R_MESSAGE_TOO_LONG), "message too long"},
-    {ERR_REASON(SSL_R_MISSING_DH_DSA_CERT), "missing dh dsa cert"},
-    {ERR_REASON(SSL_R_MISSING_DH_KEY), "missing dh key"},
-    {ERR_REASON(SSL_R_MISSING_DH_RSA_CERT), "missing dh rsa cert"},
-    {ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT), "missing dsa signing cert"},
-    {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY),
-     "missing export tmp dh key"},
-    {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY),
-     "missing export tmp rsa key"},
-    {ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE), "missing rsa certificate"},
-    {ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),
-     "missing rsa encrypting cert"},
-    {ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT), "missing rsa signing cert"},
-    {ERR_REASON(SSL_R_MISSING_SRP_PARAM), "can't find SRP server param"},
-    {ERR_REASON(SSL_R_MISSING_TMP_DH_KEY), "missing tmp dh key"},
-    {ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY), "missing tmp ecdh key"},
-    {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY), "missing tmp rsa key"},
-    {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY), "missing tmp rsa pkey"},
-    {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE), "missing verify message"},
-    {ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS), "multiple sgc restarts"},
-    {ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET), "non sslv2 initial packet"},
-    {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED), "no certificates returned"},
-    {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED), "no certificate assigned"},
-    {ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED), "no certificate returned"},
-    {ERR_REASON(SSL_R_NO_CERTIFICATE_SET), "no certificate set"},
-    {ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED), "no certificate specified"},
-    {ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE), "no ciphers available"},
-    {ERR_REASON(SSL_R_NO_CIPHERS_PASSED), "no ciphers passed"},
-    {ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED), "no ciphers specified"},
-    {ERR_REASON(SSL_R_NO_CIPHER_LIST), "no cipher list"},
-    {ERR_REASON(SSL_R_NO_CIPHER_MATCH), "no cipher match"},
-    {ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD), "no client cert method"},
-    {ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED), "no client cert received"},
-    {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED), "no compression specified"},
-    {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),
-     "Peer haven't sent GOST certificate, required for selected ciphersuite"},
-    {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED), "no method specified"},
-    {ERR_REASON(SSL_R_NO_PRIVATEKEY), "no privatekey"},
-    {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED), "no private key assigned"},
-    {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE), "no protocols available"},
-    {ERR_REASON(SSL_R_NO_PUBLICKEY), "no publickey"},
-    {ERR_REASON(SSL_R_NO_RENEGOTIATION), "no renegotiation"},
-    {ERR_REASON(SSL_R_NO_REQUIRED_DIGEST),
-     "digest requred for handshake isn't computed"},
-    {ERR_REASON(SSL_R_NO_SHARED_CIPHER), "no shared cipher"},
-    {ERR_REASON(SSL_R_NO_SRTP_PROFILES), "no srtp profiles"},
-    {ERR_REASON(SSL_R_NO_VERIFY_CALLBACK), "no verify callback"},
-    {ERR_REASON(SSL_R_NULL_SSL_CTX), "null ssl ctx"},
-    {ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED), "null ssl method passed"},
-    {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),
-     "old session cipher not returned"},
-    {ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),
-     "old session compression algorithm not returned"},
-    {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),
-     "only tls allowed in fips mode"},
-    {ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG),
-     "opaque PRF input too long"},
-    {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG), "packet length too long"},
-    {ERR_REASON(SSL_R_PARSE_TLSEXT), "parse tlsext"},
-    {ERR_REASON(SSL_R_PATH_TOO_LONG), "path too long"},
-    {ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),
-     "peer did not return a certificate"},
-    {ERR_REASON(SSL_R_PEER_ERROR), "peer error"},
-    {ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE), "peer error certificate"},
-    {ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE),
-     "peer error no certificate"},
-    {ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER), "peer error no cipher"},
-    {ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE),
-     "peer error unsupported certificate type"},
-    {ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG), "pre mac length too long"},
-    {ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS),
-     "problems mapping cipher functions"},
-    {ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN), "protocol is shutdown"},
-    {ERR_REASON(SSL_R_PSK_IDENTITY_NOT_FOUND), "psk identity not found"},
-    {ERR_REASON(SSL_R_PSK_NO_CLIENT_CB), "psk no client cb"},
-    {ERR_REASON(SSL_R_PSK_NO_SERVER_CB), "psk no server cb"},
-    {ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR), "public key encrypt error"},
-    {ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA), "public key is not rsa"},
-    {ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"},
-    {ERR_REASON(SSL_R_READ_BIO_NOT_SET), "read bio not set"},
-    {ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED), "read timeout expired"},
-    {ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE), "read wrong packet type"},
-    {ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH), "record length mismatch"},
-    {ERR_REASON(SSL_R_RECORD_TOO_LARGE), "record too large"},
-    {ERR_REASON(SSL_R_RECORD_TOO_SMALL), "record too small"},
-    {ERR_REASON(SSL_R_RENEGOTIATE_EXT_TOO_LONG), "renegotiate ext too long"},
-    {ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR),
-     "renegotiation encoding err"},
-    {ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH), "renegotiation mismatch"},
-    {ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING), "required cipher missing"},
-    {ERR_REASON(SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING),
-     "required compresssion algorithm missing"},
-    {ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),
-     "reuse cert length not zero"},
-    {ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO), "reuse cert type not zero"},
-    {ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),
-     "reuse cipher list not zero"},
-    {ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),
-     "scsv received when renegotiating"},
-    {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT), "serverhello tlsext"},
-    {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),
-     "session id context uninitialized"},
-    {ERR_REASON(SSL_R_SHORT_READ), "short read"},
-    {ERR_REASON(SSL_R_SIGNATURE_ALGORITHMS_ERROR),
-     "signature algorithms error"},
-    {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),
-     "signature for non signing certificate"},
-    {ERR_REASON(SSL_R_SRP_A_CALC), "error with the srp params"},
-    {ERR_REASON(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES),
-     "srtp could not allocate profiles"},
-    {ERR_REASON(SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG),
-     "srtp protection profile list too long"},
-    {ERR_REASON(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE),
-     "srtp unknown protection profile"},
-    {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),
-     "ssl23 doing session id reuse"},
-    {ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),
-     "ssl2 connection id too long"},
-    {ERR_REASON(SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT),
-     "ssl3 ext invalid ecpointformat"},
-    {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME),
-     "ssl3 ext invalid servername"},
-    {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),
-     "ssl3 ext invalid servername type"},
-    {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG), "ssl3 session id too long"},
-    {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT),
-     "ssl3 session id too short"},
-    {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),
-     "sslv3 alert bad certificate"},
-    {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),
-     "sslv3 alert bad record mac"},
-    {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),
-     "sslv3 alert certificate expired"},
-    {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),
-     "sslv3 alert certificate revoked"},
-    {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),
-     "sslv3 alert certificate unknown"},
-    {ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),
-     "sslv3 alert decompression failure"},
-    {ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),
-     "sslv3 alert handshake failure"},
-    {ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),
-     "sslv3 alert illegal parameter"},
-    {ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE),
-     "sslv3 alert no certificate"},
-    {ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),
-     "sslv3 alert unexpected message"},
-    {ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),
-     "sslv3 alert unsupported certificate"},
-    {ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),
-     "ssl ctx has no default ssl version"},
-    {ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE), "ssl handshake failure"},
-    {ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS),
-     "ssl library has no ciphers"},
-    {ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED),
-     "ssl session id callback failed"},
-    {ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT), "ssl session id conflict"},
-    {ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG),
-     "ssl session id context too long"},
-    {ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH),
-     "ssl session id has bad length"},
-    {ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT),
-     "ssl session id is different"},
-    {ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED),
-     "tlsv1 alert access denied"},
-    {ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR), "tlsv1 alert decode error"},
-    {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),
-     "tlsv1 alert decryption failed"},
-    {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),
-     "tlsv1 alert decrypt error"},
-    {ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),
-     "tlsv1 alert export restriction"},
-    {ERR_REASON(SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK),
-     "tlsv1 alert inappropriate fallback"},
-    {ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),
-     "tlsv1 alert insufficient security"},
-    {ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),
-     "tlsv1 alert internal error"},
-    {ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),
-     "tlsv1 alert no renegotiation"},
-    {ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),
-     "tlsv1 alert protocol version"},
-    {ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),
-     "tlsv1 alert record overflow"},
-    {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA), "tlsv1 alert unknown ca"},
-    {ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),
-     "tlsv1 alert user cancelled"},
-    {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE),
-     "tlsv1 bad certificate hash value"},
-    {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE),
-     "tlsv1 bad certificate status response"},
-    {ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE),
-     "tlsv1 certificate unobtainable"},
-    {ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME), "tlsv1 unrecognized name"},
-    {ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION),
-     "tlsv1 unsupported extension"},
-    {ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),
-     "tls client cert req with anon cipher"},
-    {ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT),
-     "peer does not accept heartbeats"},
-    {ERR_REASON(SSL_R_TLS_HEARTBEAT_PENDING),
-     "heartbeat request already pending"},
-    {ERR_REASON(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL),
-     "tls illegal exporter label"},
-    {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),
-     "tls invalid ecpointformat list"},
-    {ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),
-     "tls peer did not respond with certificate list"},
-    {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),
-     "tls rsa encrypted value length is wrong"},
-    {ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),
-     "tried to use unsupported cipher"},
-    {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS),
-     "unable to decode dh certs"},
-    {ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS),
-     "unable to decode ecdh certs"},
-    {ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY),
-     "unable to extract public key"},
-    {ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS),
-     "unable to find dh parameters"},
-    {ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS),
-     "unable to find ecdh parameters"},
-    {ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),
-     "unable to find public key parameters"},
-    {ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD),
-     "unable to find ssl method"},
-    {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES),
-     "unable to load ssl2 md5 routines"},
-    {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),
-     "unable to load ssl3 md5 routines"},
-    {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),
-     "unable to load ssl3 sha1 routines"},
-    {ERR_REASON(SSL_R_UNEXPECTED_MESSAGE), "unexpected message"},
-    {ERR_REASON(SSL_R_UNEXPECTED_RECORD), "unexpected record"},
-    {ERR_REASON(SSL_R_UNINITIALIZED), "uninitialized"},
-    {ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"},
-    {ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE), "unknown certificate type"},
-    {ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED), "unknown cipher returned"},
-    {ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE), "unknown cipher type"},
-    {ERR_REASON(SSL_R_UNKNOWN_DIGEST), "unknown digest"},
-    {ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE),
-     "unknown key exchange type"},
-    {ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE), "unknown pkey type"},
-    {ERR_REASON(SSL_R_UNKNOWN_PROTOCOL), "unknown protocol"},
-    {ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),
-     "unknown remote error type"},
-    {ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION), "unknown ssl version"},
-    {ERR_REASON(SSL_R_UNKNOWN_STATE), "unknown state"},
-    {ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED),
-     "unsafe legacy renegotiation disabled"},
-    {ERR_REASON(SSL_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
-    {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),
-     "unsupported compression algorithm"},
-    {ERR_REASON(SSL_R_UNSUPPORTED_DIGEST_TYPE), "unsupported digest type"},
-    {ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),
-     "unsupported elliptic curve"},
-    {ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL), "unsupported protocol"},
-    {ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION), "unsupported ssl version"},
-    {ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE), "unsupported status type"},
-    {ERR_REASON(SSL_R_USE_SRTP_NOT_NEGOTIATED), "use srtp not negotiated"},
-    {ERR_REASON(SSL_R_WRITE_BIO_NOT_SET), "write bio not set"},
-    {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED), "wrong cipher returned"},
-    {ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE), "wrong message type"},
-    {ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS), "wrong number of key bits"},
-    {ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"},
-    {ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE), "wrong signature size"},
-    {ERR_REASON(SSL_R_WRONG_SIGNATURE_TYPE), "wrong signature type"},
-    {ERR_REASON(SSL_R_WRONG_SSL_VERSION), "wrong ssl version"},
-    {ERR_REASON(SSL_R_WRONG_VERSION_NUMBER), "wrong version number"},
-    {ERR_REASON(SSL_R_X509_LIB), "x509 lib"},
-    {ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),
-     "x509 verification setup problems"},
-    {0, NULL}
-};
-
-#endif
-
-void ERR_load_SSL_strings(void)
-{
-#ifndef OPENSSL_NO_ERR
-
-    if (ERR_func_error_string(SSL_str_functs[0].error) == NULL) {
-        ERR_load_strings(0, SSL_str_functs);
-        ERR_load_strings(0, SSL_str_reasons);
-    }
-#endif
-}

Copied: vendor-crypto/openssl/1.0.1u/ssl/ssl_err.c (from rev 11605, vendor-crypto/openssl/dist/ssl/ssl_err.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/ssl/ssl_err.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/ssl/ssl_err.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,799 @@
+/* ssl/ssl_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2016 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason)
+
+static ERR_STRING_DATA SSL_str_functs[] = {
+    {ERR_FUNC(SSL_F_CLIENT_CERTIFICATE), "CLIENT_CERTIFICATE"},
+    {ERR_FUNC(SSL_F_CLIENT_FINISHED), "CLIENT_FINISHED"},
+    {ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"},
+    {ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"},
+    {ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"},
+    {ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "DO_DTLS1_WRITE"},
+    {ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"},
+    {ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"},
+    {ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF), "DTLS1_ADD_CERT_TO_BUF"},
+    {ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"},
+    {ERR_FUNC(SSL_F_DTLS1_CHECK_TIMEOUT_NUM), "DTLS1_CHECK_TIMEOUT_NUM"},
+    {ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "DTLS1_CLIENT_HELLO"},
+    {ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"},
+    {ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"},
+    {ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"},
+    {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "DTLS1_GET_MESSAGE"},
+    {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT),
+     "DTLS1_GET_MESSAGE_FRAGMENT"},
+    {ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "DTLS1_GET_RECORD"},
+    {ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT), "DTLS1_HANDLE_TIMEOUT"},
+    {ERR_FUNC(SSL_F_DTLS1_HEARTBEAT), "DTLS1_HEARTBEAT"},
+    {ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"},
+    {ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"},
+    {ERR_FUNC(SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS),
+     "DTLS1_PROCESS_BUFFERED_RECORDS"},
+    {ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE),
+     "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"},
+    {ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"},
+    {ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "DTLS1_READ_BYTES"},
+    {ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "DTLS1_READ_FAILED"},
+    {ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST),
+     "DTLS1_SEND_CERTIFICATE_REQUEST"},
+    {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE),
+     "DTLS1_SEND_CLIENT_CERTIFICATE"},
+    {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE),
+     "DTLS1_SEND_CLIENT_KEY_EXCHANGE"},
+    {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY), "DTLS1_SEND_CLIENT_VERIFY"},
+    {ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST),
+     "DTLS1_SEND_HELLO_VERIFY_REQUEST"},
+    {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE),
+     "DTLS1_SEND_SERVER_CERTIFICATE"},
+    {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO), "DTLS1_SEND_SERVER_HELLO"},
+    {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE),
+     "DTLS1_SEND_SERVER_KEY_EXCHANGE"},
+    {ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES),
+     "DTLS1_WRITE_APP_DATA_BYTES"},
+    {ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"},
+    {ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"},
+    {ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"},
+    {ERR_FUNC(SSL_F_GET_SERVER_FINISHED), "GET_SERVER_FINISHED"},
+    {ERR_FUNC(SSL_F_GET_SERVER_HELLO), "GET_SERVER_HELLO"},
+    {ERR_FUNC(SSL_F_GET_SERVER_VERIFY), "GET_SERVER_VERIFY"},
+    {ERR_FUNC(SSL_F_I2D_SSL_SESSION), "i2d_SSL_SESSION"},
+    {ERR_FUNC(SSL_F_READ_N), "READ_N"},
+    {ERR_FUNC(SSL_F_REQUEST_CERTIFICATE), "REQUEST_CERTIFICATE"},
+    {ERR_FUNC(SSL_F_SERVER_FINISH), "SERVER_FINISH"},
+    {ERR_FUNC(SSL_F_SERVER_HELLO), "SERVER_HELLO"},
+    {ERR_FUNC(SSL_F_SERVER_VERIFY), "SERVER_VERIFY"},
+    {ERR_FUNC(SSL_F_SSL23_ACCEPT), "SSL23_ACCEPT"},
+    {ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"},
+    {ERR_FUNC(SSL_F_SSL23_CONNECT), "SSL23_CONNECT"},
+    {ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO), "SSL23_GET_CLIENT_HELLO"},
+    {ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO), "SSL23_GET_SERVER_HELLO"},
+    {ERR_FUNC(SSL_F_SSL23_PEEK), "SSL23_PEEK"},
+    {ERR_FUNC(SSL_F_SSL23_READ), "SSL23_READ"},
+    {ERR_FUNC(SSL_F_SSL23_WRITE), "SSL23_WRITE"},
+    {ERR_FUNC(SSL_F_SSL2_ACCEPT), "SSL2_ACCEPT"},
+    {ERR_FUNC(SSL_F_SSL2_CONNECT), "SSL2_CONNECT"},
+    {ERR_FUNC(SSL_F_SSL2_ENC_INIT), "SSL2_ENC_INIT"},
+    {ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL),
+     "SSL2_GENERATE_KEY_MATERIAL"},
+    {ERR_FUNC(SSL_F_SSL2_PEEK), "SSL2_PEEK"},
+    {ERR_FUNC(SSL_F_SSL2_READ), "SSL2_READ"},
+    {ERR_FUNC(SSL_F_SSL2_READ_INTERNAL), "SSL2_READ_INTERNAL"},
+    {ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE), "SSL2_SET_CERTIFICATE"},
+    {ERR_FUNC(SSL_F_SSL2_WRITE), "SSL2_WRITE"},
+    {ERR_FUNC(SSL_F_SSL3_ACCEPT), "SSL3_ACCEPT"},
+    {ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF), "SSL3_ADD_CERT_TO_BUF"},
+    {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"},
+    {ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"},
+    {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM),
+     "SSL3_CHECK_CERT_AND_ALGORITHM"},
+    {ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "SSL3_CHECK_CLIENT_HELLO"},
+    {ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"},
+    {ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"},
+    {ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"},
+    {ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"},
+    {ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS),
+     "SSL3_DIGEST_CACHED_RECORDS"},
+    {ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC),
+     "SSL3_DO_CHANGE_CIPHER_SPEC"},
+    {ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"},
+    {ERR_FUNC(SSL_F_SSL3_CHECK_FINISHED), "SSL3_CHECK_FINISHED"},
+    {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"},
+    {ERR_FUNC(SSL_F_SSL3_GENERATE_MASTER_SECRET),
+     "ssl3_generate_master_secret"},
+    {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST),
+     "SSL3_GET_CERTIFICATE_REQUEST"},
+    {ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"},
+    {ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"},
+    {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE),
+     "SSL3_GET_CLIENT_CERTIFICATE"},
+    {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"},
+    {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE),
+     "SSL3_GET_CLIENT_KEY_EXCHANGE"},
+    {ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"},
+    {ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"},
+    {ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"},
+    {ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET),
+     "SSL3_GET_NEW_SESSION_TICKET"},
+    {ERR_FUNC(SSL_F_SSL3_GET_NEXT_PROTO), "SSL3_GET_NEXT_PROTO"},
+    {ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"},
+    {ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE),
+     "SSL3_GET_SERVER_CERTIFICATE"},
+    {ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"},
+    {ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"},
+    {ERR_FUNC(SSL_F_SSL3_HANDSHAKE_MAC), "ssl3_handshake_mac"},
+    {ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET), "SSL3_NEW_SESSION_TICKET"},
+    {ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"},
+    {ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"},
+    {ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"},
+    {ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"},
+    {ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST),
+     "SSL3_SEND_CERTIFICATE_REQUEST"},
+    {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE),
+     "SSL3_SEND_CLIENT_CERTIFICATE"},
+    {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE),
+     "SSL3_SEND_CLIENT_KEY_EXCHANGE"},
+    {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"},
+    {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE),
+     "SSL3_SEND_SERVER_CERTIFICATE"},
+    {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "SSL3_SEND_SERVER_HELLO"},
+    {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE),
+     "SSL3_SEND_SERVER_KEY_EXCHANGE"},
+    {ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"},
+    {ERR_FUNC(SSL_F_SSL3_SETUP_READ_BUFFER), "SSL3_SETUP_READ_BUFFER"},
+    {ERR_FUNC(SSL_F_SSL3_SETUP_WRITE_BUFFER), "SSL3_SETUP_WRITE_BUFFER"},
+    {ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"},
+    {ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"},
+    {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT),
+     "SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT"},
+    {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT),
+     "SSL_ADD_CLIENTHELLO_TLSEXT"},
+    {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT),
+     "SSL_ADD_CLIENTHELLO_USE_SRTP_EXT"},
+    {ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK),
+     "SSL_add_dir_cert_subjects_to_stack"},
+    {ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK),
+     "SSL_add_file_cert_subjects_to_stack"},
+    {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT),
+     "SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT"},
+    {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT),
+     "SSL_ADD_SERVERHELLO_TLSEXT"},
+    {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT),
+     "SSL_ADD_SERVERHELLO_USE_SRTP_EXT"},
+    {ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"},
+    {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"},
+    {ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"},
+    {ERR_FUNC(SSL_F_SSL_CERT_INST), "SSL_CERT_INST"},
+    {ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"},
+    {ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"},
+    {ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"},
+    {ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT),
+     "SSL_CHECK_SERVERHELLO_TLSEXT"},
+    {ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG),
+     "SSL_CHECK_SRVR_ECC_CERT_AND_ALG"},
+    {ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR),
+     "SSL_CIPHER_PROCESS_RULESTR"},
+    {ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"},
+    {ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"},
+    {ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD),
+     "SSL_COMP_add_compression_method"},
+    {ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "SSL_CREATE_CIPHER_LIST"},
+    {ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"},
+    {ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"},
+    {ERR_FUNC(SSL_F_SSL_CTX_MAKE_PROFILES), "SSL_CTX_MAKE_PROFILES"},
+    {ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"},
+    {ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"},
+    {ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE),
+     "SSL_CTX_set_client_cert_engine"},
+    {ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"},
+    {ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT),
+     "SSL_CTX_set_session_id_context"},
+    {ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"},
+    {ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST), "SSL_CTX_set_trust"},
+    {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"},
+    {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1),
+     "SSL_CTX_use_certificate_ASN1"},
+    {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE),
+     "SSL_CTX_use_certificate_chain_file"},
+    {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE),
+     "SSL_CTX_use_certificate_file"},
+    {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"},
+    {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1),
+     "SSL_CTX_use_PrivateKey_ASN1"},
+    {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE),
+     "SSL_CTX_use_PrivateKey_file"},
+    {ERR_FUNC(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT),
+     "SSL_CTX_use_psk_identity_hint"},
+    {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"},
+    {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1),
+     "SSL_CTX_use_RSAPrivateKey_ASN1"},
+    {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE),
+     "SSL_CTX_use_RSAPrivateKey_file"},
+    {ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"},
+    {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"},
+    {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"},
+    {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"},
+    {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY), "SSL_GET_SERVER_SEND_PKEY"},
+    {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"},
+    {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"},
+    {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"},
+    {ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"},
+    {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT),
+     "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"},
+    {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT),
+     "SSL_PARSE_CLIENTHELLO_TLSEXT"},
+    {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT),
+     "SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT"},
+    {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT),
+     "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"},
+    {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT),
+     "SSL_PARSE_SERVERHELLO_TLSEXT"},
+    {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT),
+     "SSL_PARSE_SERVERHELLO_USE_SRTP_EXT"},
+    {ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"},
+    {ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT),
+     "SSL_PREPARE_CLIENTHELLO_TLSEXT"},
+    {ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT),
+     "SSL_PREPARE_SERVERHELLO_TLSEXT"},
+    {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"},
+    {ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"},
+    {ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"},
+    {ERR_FUNC(SSL_F_SSL_SESSION_DUP), "ssl_session_dup"},
+    {ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"},
+    {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"},
+    {ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT),
+     "SSL_SESSION_set1_id_context"},
+    {ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"},
+    {ERR_FUNC(SSL_F_SSL_SET_CERT), "SSL_SET_CERT"},
+    {ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"},
+    {ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"},
+    {ERR_FUNC(SSL_F_SSL_SET_PKEY), "SSL_SET_PKEY"},
+    {ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"},
+    {ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"},
+    {ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"},
+    {ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT),
+     "SSL_set_session_id_context"},
+    {ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT),
+     "SSL_set_session_ticket_ext"},
+    {ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"},
+    {ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"},
+    {ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"},
+    {ERR_FUNC(SSL_F_SSL_SRP_CTX_INIT), "SSL_SRP_CTX_init"},
+    {ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION),
+     "SSL_UNDEFINED_CONST_FUNCTION"},
+    {ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"},
+    {ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION),
+     "SSL_UNDEFINED_VOID_FUNCTION"},
+    {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"},
+    {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"},
+    {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"},
+    {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"},
+    {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"},
+    {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"},
+    {ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT), "SSL_use_psk_identity_hint"},
+    {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"},
+    {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1),
+     "SSL_use_RSAPrivateKey_ASN1"},
+    {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE),
+     "SSL_use_RSAPrivateKey_file"},
+    {ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "SSL_VERIFY_CERT_CHAIN"},
+    {ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"},
+    {ERR_FUNC(SSL_F_TLS1_CERT_VERIFY_MAC), "tls1_cert_verify_mac"},
+    {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "TLS1_CHANGE_CIPHER_STATE"},
+    {ERR_FUNC(SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT),
+     "TLS1_CHECK_SERVERHELLO_TLSEXT"},
+    {ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"},
+    {ERR_FUNC(SSL_F_TLS1_EXPORT_KEYING_MATERIAL),
+     "TLS1_EXPORT_KEYING_MATERIAL"},
+    {ERR_FUNC(SSL_F_TLS1_HEARTBEAT), "SSL_F_TLS1_HEARTBEAT"},
+    {ERR_FUNC(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT),
+     "TLS1_PREPARE_CLIENTHELLO_TLSEXT"},
+    {ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT),
+     "TLS1_PREPARE_SERVERHELLO_TLSEXT"},
+    {ERR_FUNC(SSL_F_TLS1_PRF), "tls1_prf"},
+    {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"},
+    {ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA SSL_str_reasons[] = {
+    {ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE), "app data in handshake"},
+    {ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT),
+     "attempt to reuse session in different context"},
+    {ERR_REASON(SSL_R_BAD_ALERT_RECORD), "bad alert record"},
+    {ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE), "bad authentication type"},
+    {ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC), "bad change cipher spec"},
+    {ERR_REASON(SSL_R_BAD_CHECKSUM), "bad checksum"},
+    {ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),
+     "bad data returned by callback"},
+    {ERR_REASON(SSL_R_BAD_DECOMPRESSION), "bad decompression"},
+    {ERR_REASON(SSL_R_BAD_DH_G_LENGTH), "bad dh g length"},
+    {ERR_REASON(SSL_R_BAD_DH_G_VALUE), "bad dh g value"},
+    {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH), "bad dh pub key length"},
+    {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_VALUE), "bad dh pub key value"},
+    {ERR_REASON(SSL_R_BAD_DH_P_LENGTH), "bad dh p length"},
+    {ERR_REASON(SSL_R_BAD_DH_P_VALUE), "bad dh p value"},
+    {ERR_REASON(SSL_R_BAD_DIGEST_LENGTH), "bad digest length"},
+    {ERR_REASON(SSL_R_BAD_DSA_SIGNATURE), "bad dsa signature"},
+    {ERR_REASON(SSL_R_BAD_ECC_CERT), "bad ecc cert"},
+    {ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE), "bad ecdsa signature"},
+    {ERR_REASON(SSL_R_BAD_ECPOINT), "bad ecpoint"},
+    {ERR_REASON(SSL_R_BAD_HANDSHAKE_LENGTH), "bad handshake length"},
+    {ERR_REASON(SSL_R_BAD_HELLO_REQUEST), "bad hello request"},
+    {ERR_REASON(SSL_R_BAD_LENGTH), "bad length"},
+    {ERR_REASON(SSL_R_BAD_MAC_DECODE), "bad mac decode"},
+    {ERR_REASON(SSL_R_BAD_MAC_LENGTH), "bad mac length"},
+    {ERR_REASON(SSL_R_BAD_MESSAGE_TYPE), "bad message type"},
+    {ERR_REASON(SSL_R_BAD_PACKET_LENGTH), "bad packet length"},
+    {ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER),
+     "bad protocol version number"},
+    {ERR_REASON(SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH),
+     "bad psk identity hint length"},
+    {ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT), "bad response argument"},
+    {ERR_REASON(SSL_R_BAD_RSA_DECRYPT), "bad rsa decrypt"},
+    {ERR_REASON(SSL_R_BAD_RSA_ENCRYPT), "bad rsa encrypt"},
+    {ERR_REASON(SSL_R_BAD_RSA_E_LENGTH), "bad rsa e length"},
+    {ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH), "bad rsa modulus length"},
+    {ERR_REASON(SSL_R_BAD_RSA_SIGNATURE), "bad rsa signature"},
+    {ERR_REASON(SSL_R_BAD_SIGNATURE), "bad signature"},
+    {ERR_REASON(SSL_R_BAD_SRP_A_LENGTH), "bad srp a length"},
+    {ERR_REASON(SSL_R_BAD_SRP_B_LENGTH), "bad srp b length"},
+    {ERR_REASON(SSL_R_BAD_SRP_G_LENGTH), "bad srp g length"},
+    {ERR_REASON(SSL_R_BAD_SRP_N_LENGTH), "bad srp n length"},
+    {ERR_REASON(SSL_R_BAD_SRP_PARAMETERS), "bad srp parameters"},
+    {ERR_REASON(SSL_R_BAD_SRP_S_LENGTH), "bad srp s length"},
+    {ERR_REASON(SSL_R_BAD_SRTP_MKI_VALUE), "bad srtp mki value"},
+    {ERR_REASON(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST),
+     "bad srtp protection profile list"},
+    {ERR_REASON(SSL_R_BAD_SSL_FILETYPE), "bad ssl filetype"},
+    {ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH),
+     "bad ssl session id length"},
+    {ERR_REASON(SSL_R_BAD_STATE), "bad state"},
+    {ERR_REASON(SSL_R_BAD_WRITE_RETRY), "bad write retry"},
+    {ERR_REASON(SSL_R_BIO_NOT_SET), "bio not set"},
+    {ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),
+     "block cipher pad is wrong"},
+    {ERR_REASON(SSL_R_BN_LIB), "bn lib"},
+    {ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH), "ca dn length mismatch"},
+    {ERR_REASON(SSL_R_CA_DN_TOO_LONG), "ca dn too long"},
+    {ERR_REASON(SSL_R_CCS_RECEIVED_EARLY), "ccs received early"},
+    {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),
+     "certificate verify failed"},
+    {ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH), "cert length mismatch"},
+    {ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT), "challenge is different"},
+    {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH), "cipher code wrong length"},
+    {ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),
+     "cipher or hash unavailable"},
+    {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR), "cipher table src error"},
+    {ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT), "clienthello tlsext"},
+    {ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),
+     "compressed length too long"},
+    {ERR_REASON(SSL_R_COMPRESSION_DISABLED), "compression disabled"},
+    {ERR_REASON(SSL_R_COMPRESSION_FAILURE), "compression failure"},
+    {ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),
+     "compression id not within private range"},
+    {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),
+     "compression library error"},
+    {ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),
+     "connection id is different"},
+    {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET), "connection type not set"},
+    {ERR_REASON(SSL_R_COOKIE_MISMATCH), "cookie mismatch"},
+    {ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),
+     "data between ccs and finished"},
+    {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG), "data length too long"},
+    {ERR_REASON(SSL_R_DECRYPTION_FAILED), "decryption failed"},
+    {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),
+     "decryption failed or bad record mac"},
+    {ERR_REASON(SSL_R_DH_KEY_TOO_SMALL), "dh key too small"},
+    {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),
+     "dh public value length is wrong"},
+    {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED), "digest check failed"},
+    {ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG), "dtls message too big"},
+    {ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID), "duplicate compression id"},
+    {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT),
+     "ecc cert not for key agreement"},
+    {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING), "ecc cert not for signing"},
+    {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE),
+     "ecc cert should have rsa signature"},
+    {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE),
+     "ecc cert should have sha1 signature"},
+    {ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),
+     "ecgroup too large for cipher"},
+    {ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST),
+     "empty srtp protection profile list"},
+    {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),
+     "encrypted length too long"},
+    {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),
+     "error generating tmp rsa key"},
+    {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),
+     "error in received cipher list"},
+    {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE), "excessive message size"},
+    {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE), "extra data in message"},
+    {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS), "got a fin before a ccs"},
+    {ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS),
+     "got next proto before a ccs"},
+    {ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION),
+     "got next proto without seeing extension"},
+    {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST), "https proxy request"},
+    {ERR_REASON(SSL_R_HTTP_REQUEST), "http request"},
+    {ERR_REASON(SSL_R_ILLEGAL_PADDING), "illegal padding"},
+    {ERR_REASON(SSL_R_INAPPROPRIATE_FALLBACK), "inappropriate fallback"},
+    {ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION), "inconsistent compression"},
+    {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH), "invalid challenge length"},
+    {ERR_REASON(SSL_R_INVALID_COMMAND), "invalid command"},
+    {ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM),
+     "invalid compression algorithm"},
+    {ERR_REASON(SSL_R_INVALID_PURPOSE), "invalid purpose"},
+    {ERR_REASON(SSL_R_INVALID_SRP_USERNAME), "invalid srp username"},
+    {ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE), "invalid status response"},
+    {ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),
+     "invalid ticket keys length"},
+    {ERR_REASON(SSL_R_INVALID_TRUST), "invalid trust"},
+    {ERR_REASON(SSL_R_KEY_ARG_TOO_LONG), "key arg too long"},
+    {ERR_REASON(SSL_R_KRB5), "krb5"},
+    {ERR_REASON(SSL_R_KRB5_C_CC_PRINC), "krb5 client cc principal (no tkt?)"},
+    {ERR_REASON(SSL_R_KRB5_C_GET_CRED), "krb5 client get cred"},
+    {ERR_REASON(SSL_R_KRB5_C_INIT), "krb5 client init"},
+    {ERR_REASON(SSL_R_KRB5_C_MK_REQ), "krb5 client mk_req (expired tkt?)"},
+    {ERR_REASON(SSL_R_KRB5_S_BAD_TICKET), "krb5 server bad ticket"},
+    {ERR_REASON(SSL_R_KRB5_S_INIT), "krb5 server init"},
+    {ERR_REASON(SSL_R_KRB5_S_RD_REQ), "krb5 server rd_req (keytab perms?)"},
+    {ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED), "krb5 server tkt expired"},
+    {ERR_REASON(SSL_R_KRB5_S_TKT_NYV), "krb5 server tkt not yet valid"},
+    {ERR_REASON(SSL_R_KRB5_S_TKT_SKEW), "krb5 server tkt skew"},
+    {ERR_REASON(SSL_R_LENGTH_MISMATCH), "length mismatch"},
+    {ERR_REASON(SSL_R_LENGTH_TOO_SHORT), "length too short"},
+    {ERR_REASON(SSL_R_LIBRARY_BUG), "library bug"},
+    {ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS), "library has no ciphers"},
+    {ERR_REASON(SSL_R_MESSAGE_TOO_LONG), "message too long"},
+    {ERR_REASON(SSL_R_MISSING_DH_DSA_CERT), "missing dh dsa cert"},
+    {ERR_REASON(SSL_R_MISSING_DH_KEY), "missing dh key"},
+    {ERR_REASON(SSL_R_MISSING_DH_RSA_CERT), "missing dh rsa cert"},
+    {ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT), "missing dsa signing cert"},
+    {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY),
+     "missing export tmp dh key"},
+    {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY),
+     "missing export tmp rsa key"},
+    {ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE), "missing rsa certificate"},
+    {ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),
+     "missing rsa encrypting cert"},
+    {ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT), "missing rsa signing cert"},
+    {ERR_REASON(SSL_R_MISSING_SRP_PARAM), "can't find SRP server param"},
+    {ERR_REASON(SSL_R_MISSING_TMP_DH_KEY), "missing tmp dh key"},
+    {ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY), "missing tmp ecdh key"},
+    {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY), "missing tmp rsa key"},
+    {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY), "missing tmp rsa pkey"},
+    {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE), "missing verify message"},
+    {ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS), "multiple sgc restarts"},
+    {ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET), "non sslv2 initial packet"},
+    {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED), "no certificates returned"},
+    {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED), "no certificate assigned"},
+    {ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED), "no certificate returned"},
+    {ERR_REASON(SSL_R_NO_CERTIFICATE_SET), "no certificate set"},
+    {ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED), "no certificate specified"},
+    {ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE), "no ciphers available"},
+    {ERR_REASON(SSL_R_NO_CIPHERS_PASSED), "no ciphers passed"},
+    {ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED), "no ciphers specified"},
+    {ERR_REASON(SSL_R_NO_CIPHER_LIST), "no cipher list"},
+    {ERR_REASON(SSL_R_NO_CIPHER_MATCH), "no cipher match"},
+    {ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD), "no client cert method"},
+    {ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED), "no client cert received"},
+    {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED), "no compression specified"},
+    {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),
+     "Peer haven't sent GOST certificate, required for selected ciphersuite"},
+    {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED), "no method specified"},
+    {ERR_REASON(SSL_R_NO_PRIVATEKEY), "no privatekey"},
+    {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED), "no private key assigned"},
+    {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE), "no protocols available"},
+    {ERR_REASON(SSL_R_NO_PUBLICKEY), "no publickey"},
+    {ERR_REASON(SSL_R_NO_RENEGOTIATION), "no renegotiation"},
+    {ERR_REASON(SSL_R_NO_REQUIRED_DIGEST),
+     "digest requred for handshake isn't computed"},
+    {ERR_REASON(SSL_R_NO_SHARED_CIPHER), "no shared cipher"},
+    {ERR_REASON(SSL_R_NO_SRTP_PROFILES), "no srtp profiles"},
+    {ERR_REASON(SSL_R_NO_VERIFY_CALLBACK), "no verify callback"},
+    {ERR_REASON(SSL_R_NULL_SSL_CTX), "null ssl ctx"},
+    {ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED), "null ssl method passed"},
+    {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),
+     "old session cipher not returned"},
+    {ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),
+     "old session compression algorithm not returned"},
+    {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),
+     "only tls allowed in fips mode"},
+    {ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG),
+     "opaque PRF input too long"},
+    {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG), "packet length too long"},
+    {ERR_REASON(SSL_R_PARSE_TLSEXT), "parse tlsext"},
+    {ERR_REASON(SSL_R_PATH_TOO_LONG), "path too long"},
+    {ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),
+     "peer did not return a certificate"},
+    {ERR_REASON(SSL_R_PEER_ERROR), "peer error"},
+    {ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE), "peer error certificate"},
+    {ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE),
+     "peer error no certificate"},
+    {ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER), "peer error no cipher"},
+    {ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE),
+     "peer error unsupported certificate type"},
+    {ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG), "pre mac length too long"},
+    {ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS),
+     "problems mapping cipher functions"},
+    {ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN), "protocol is shutdown"},
+    {ERR_REASON(SSL_R_PSK_IDENTITY_NOT_FOUND), "psk identity not found"},
+    {ERR_REASON(SSL_R_PSK_NO_CLIENT_CB), "psk no client cb"},
+    {ERR_REASON(SSL_R_PSK_NO_SERVER_CB), "psk no server cb"},
+    {ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR), "public key encrypt error"},
+    {ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA), "public key is not rsa"},
+    {ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"},
+    {ERR_REASON(SSL_R_READ_BIO_NOT_SET), "read bio not set"},
+    {ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED), "read timeout expired"},
+    {ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE), "read wrong packet type"},
+    {ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH), "record length mismatch"},
+    {ERR_REASON(SSL_R_RECORD_TOO_LARGE), "record too large"},
+    {ERR_REASON(SSL_R_RECORD_TOO_SMALL), "record too small"},
+    {ERR_REASON(SSL_R_RENEGOTIATE_EXT_TOO_LONG), "renegotiate ext too long"},
+    {ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR),
+     "renegotiation encoding err"},
+    {ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH), "renegotiation mismatch"},
+    {ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING), "required cipher missing"},
+    {ERR_REASON(SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING),
+     "required compresssion algorithm missing"},
+    {ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),
+     "reuse cert length not zero"},
+    {ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO), "reuse cert type not zero"},
+    {ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),
+     "reuse cipher list not zero"},
+    {ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),
+     "scsv received when renegotiating"},
+    {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT), "serverhello tlsext"},
+    {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),
+     "session id context uninitialized"},
+    {ERR_REASON(SSL_R_SHORT_READ), "short read"},
+    {ERR_REASON(SSL_R_SIGNATURE_ALGORITHMS_ERROR),
+     "signature algorithms error"},
+    {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),
+     "signature for non signing certificate"},
+    {ERR_REASON(SSL_R_SRP_A_CALC), "error with the srp params"},
+    {ERR_REASON(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES),
+     "srtp could not allocate profiles"},
+    {ERR_REASON(SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG),
+     "srtp protection profile list too long"},
+    {ERR_REASON(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE),
+     "srtp unknown protection profile"},
+    {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),
+     "ssl23 doing session id reuse"},
+    {ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),
+     "ssl2 connection id too long"},
+    {ERR_REASON(SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT),
+     "ssl3 ext invalid ecpointformat"},
+    {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME),
+     "ssl3 ext invalid servername"},
+    {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),
+     "ssl3 ext invalid servername type"},
+    {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG), "ssl3 session id too long"},
+    {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT),
+     "ssl3 session id too short"},
+    {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),
+     "sslv3 alert bad certificate"},
+    {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),
+     "sslv3 alert bad record mac"},
+    {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),
+     "sslv3 alert certificate expired"},
+    {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),
+     "sslv3 alert certificate revoked"},
+    {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),
+     "sslv3 alert certificate unknown"},
+    {ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),
+     "sslv3 alert decompression failure"},
+    {ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),
+     "sslv3 alert handshake failure"},
+    {ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),
+     "sslv3 alert illegal parameter"},
+    {ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE),
+     "sslv3 alert no certificate"},
+    {ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),
+     "sslv3 alert unexpected message"},
+    {ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),
+     "sslv3 alert unsupported certificate"},
+    {ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),
+     "ssl ctx has no default ssl version"},
+    {ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE), "ssl handshake failure"},
+    {ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS),
+     "ssl library has no ciphers"},
+    {ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED),
+     "ssl session id callback failed"},
+    {ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT), "ssl session id conflict"},
+    {ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG),
+     "ssl session id context too long"},
+    {ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH),
+     "ssl session id has bad length"},
+    {ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT),
+     "ssl session id is different"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED),
+     "tlsv1 alert access denied"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR), "tlsv1 alert decode error"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),
+     "tlsv1 alert decryption failed"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),
+     "tlsv1 alert decrypt error"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),
+     "tlsv1 alert export restriction"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK),
+     "tlsv1 alert inappropriate fallback"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),
+     "tlsv1 alert insufficient security"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),
+     "tlsv1 alert internal error"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),
+     "tlsv1 alert no renegotiation"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),
+     "tlsv1 alert protocol version"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),
+     "tlsv1 alert record overflow"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA), "tlsv1 alert unknown ca"},
+    {ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),
+     "tlsv1 alert user cancelled"},
+    {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE),
+     "tlsv1 bad certificate hash value"},
+    {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE),
+     "tlsv1 bad certificate status response"},
+    {ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE),
+     "tlsv1 certificate unobtainable"},
+    {ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME), "tlsv1 unrecognized name"},
+    {ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION),
+     "tlsv1 unsupported extension"},
+    {ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),
+     "tls client cert req with anon cipher"},
+    {ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT),
+     "peer does not accept heartbeats"},
+    {ERR_REASON(SSL_R_TLS_HEARTBEAT_PENDING),
+     "heartbeat request already pending"},
+    {ERR_REASON(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL),
+     "tls illegal exporter label"},
+    {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),
+     "tls invalid ecpointformat list"},
+    {ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),
+     "tls peer did not respond with certificate list"},
+    {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),
+     "tls rsa encrypted value length is wrong"},
+    {ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),
+     "tried to use unsupported cipher"},
+    {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS),
+     "unable to decode dh certs"},
+    {ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS),
+     "unable to decode ecdh certs"},
+    {ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY),
+     "unable to extract public key"},
+    {ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS),
+     "unable to find dh parameters"},
+    {ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS),
+     "unable to find ecdh parameters"},
+    {ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),
+     "unable to find public key parameters"},
+    {ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD),
+     "unable to find ssl method"},
+    {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES),
+     "unable to load ssl2 md5 routines"},
+    {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),
+     "unable to load ssl3 md5 routines"},
+    {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),
+     "unable to load ssl3 sha1 routines"},
+    {ERR_REASON(SSL_R_UNEXPECTED_MESSAGE), "unexpected message"},
+    {ERR_REASON(SSL_R_UNEXPECTED_RECORD), "unexpected record"},
+    {ERR_REASON(SSL_R_UNINITIALIZED), "uninitialized"},
+    {ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"},
+    {ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE), "unknown certificate type"},
+    {ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED), "unknown cipher returned"},
+    {ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE), "unknown cipher type"},
+    {ERR_REASON(SSL_R_UNKNOWN_DIGEST), "unknown digest"},
+    {ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE),
+     "unknown key exchange type"},
+    {ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE), "unknown pkey type"},
+    {ERR_REASON(SSL_R_UNKNOWN_PROTOCOL), "unknown protocol"},
+    {ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),
+     "unknown remote error type"},
+    {ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION), "unknown ssl version"},
+    {ERR_REASON(SSL_R_UNKNOWN_STATE), "unknown state"},
+    {ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED),
+     "unsafe legacy renegotiation disabled"},
+    {ERR_REASON(SSL_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
+    {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),
+     "unsupported compression algorithm"},
+    {ERR_REASON(SSL_R_UNSUPPORTED_DIGEST_TYPE), "unsupported digest type"},
+    {ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),
+     "unsupported elliptic curve"},
+    {ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL), "unsupported protocol"},
+    {ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION), "unsupported ssl version"},
+    {ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE), "unsupported status type"},
+    {ERR_REASON(SSL_R_USE_SRTP_NOT_NEGOTIATED), "use srtp not negotiated"},
+    {ERR_REASON(SSL_R_WRITE_BIO_NOT_SET), "write bio not set"},
+    {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED), "wrong cipher returned"},
+    {ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE), "wrong message type"},
+    {ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS), "wrong number of key bits"},
+    {ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"},
+    {ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE), "wrong signature size"},
+    {ERR_REASON(SSL_R_WRONG_SIGNATURE_TYPE), "wrong signature type"},
+    {ERR_REASON(SSL_R_WRONG_SSL_VERSION), "wrong ssl version"},
+    {ERR_REASON(SSL_R_WRONG_VERSION_NUMBER), "wrong version number"},
+    {ERR_REASON(SSL_R_X509_LIB), "x509 lib"},
+    {ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),
+     "x509 verification setup problems"},
+    {0, NULL}
+};
+
+#endif
+
+void ERR_load_SSL_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(SSL_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, SSL_str_functs);
+        ERR_load_strings(0, SSL_str_reasons);
+    }
+#endif
+}

Deleted: vendor-crypto/openssl/1.0.1u/ssl/ssl_lib.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/ssl_lib.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/ssl/ssl_lib.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,3318 +0,0 @@
-/*
- * ! \file ssl/ssl_lib.c \brief Version independent SSL functions.
- */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#ifdef REF_CHECK
-# include <assert.h>
-#endif
-#include <stdio.h>
-#include "ssl_locl.h"
-#include "kssl_lcl.h"
-#include <openssl/objects.h>
-#include <openssl/lhash.h>
-#include <openssl/x509v3.h>
-#include <openssl/rand.h>
-#include <openssl/ocsp.h>
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
-
-const char *SSL_version_str = OPENSSL_VERSION_TEXT;
-
-SSL3_ENC_METHOD ssl3_undef_enc_method = {
-    /*
-     * evil casts, but these functions are only called if there's a library
-     * bug
-     */
-    (int (*)(SSL *, int))ssl_undefined_function,
-    (int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
-    ssl_undefined_function,
-    (int (*)(SSL *, unsigned char *, unsigned char *, int))
-        ssl_undefined_function,
-    (int (*)(SSL *, int))ssl_undefined_function,
-    (int (*)(SSL *, const char *, int, unsigned char *))
-        ssl_undefined_function,
-    0,                          /* finish_mac_length */
-    (int (*)(SSL *, int, unsigned char *))ssl_undefined_function,
-    NULL,                       /* client_finished_label */
-    0,                          /* client_finished_label_len */
-    NULL,                       /* server_finished_label */
-    0,                          /* server_finished_label_len */
-    (int (*)(int))ssl_undefined_function,
-    (int (*)(SSL *, unsigned char *, size_t, const char *,
-             size_t, const unsigned char *, size_t,
-             int use_context))ssl_undefined_function,
-};
-
-int SSL_clear(SSL *s)
-{
-
-    if (s->method == NULL) {
-        SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED);
-        return (0);
-    }
-
-    if (ssl_clear_bad_session(s)) {
-        SSL_SESSION_free(s->session);
-        s->session = NULL;
-    }
-
-    s->error = 0;
-    s->hit = 0;
-    s->shutdown = 0;
-
-#if 0
-    /*
-     * Disabled since version 1.10 of this file (early return not
-     * needed because SSL_clear is not called when doing renegotiation)
-     */
-    /*
-     * This is set if we are doing dynamic renegotiation so keep
-     * the old cipher.  It is sort of a SSL_clear_lite :-)
-     */
-    if (s->renegotiate)
-        return (1);
-#else
-    if (s->renegotiate) {
-        SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR);
-        return 0;
-    }
-#endif
-
-    s->type = 0;
-
-    s->state = SSL_ST_BEFORE | ((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);
-
-    s->version = s->method->version;
-    s->client_version = s->version;
-    s->rwstate = SSL_NOTHING;
-    s->rstate = SSL_ST_READ_HEADER;
-#if 0
-    s->read_ahead = s->ctx->read_ahead;
-#endif
-
-    if (s->init_buf != NULL) {
-        BUF_MEM_free(s->init_buf);
-        s->init_buf = NULL;
-    }
-
-    ssl_clear_cipher_ctx(s);
-    ssl_clear_hash_ctx(&s->read_hash);
-    ssl_clear_hash_ctx(&s->write_hash);
-
-    s->first_packet = 0;
-
-#if 1
-    /*
-     * Check to see if we were changed into a different method, if so, revert
-     * back if we are not doing session-id reuse.
-     */
-    if (!s->in_handshake && (s->session == NULL)
-        && (s->method != s->ctx->method)) {
-        s->method->ssl_free(s);
-        s->method = s->ctx->method;
-        if (!s->method->ssl_new(s))
-            return (0);
-    } else
-#endif
-        s->method->ssl_clear(s);
-    return (1);
-}
-
-/** Used to change an SSL_CTXs default SSL method type */
-int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
-{
-    STACK_OF(SSL_CIPHER) *sk;
-
-    ctx->method = meth;
-
-    sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list),
-                                &(ctx->cipher_list_by_id),
-                                meth->version ==
-                                SSL2_VERSION ? "SSLv2" :
-                                SSL_DEFAULT_CIPHER_LIST);
-    if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
-        SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,
-               SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
-        return (0);
-    }
-    return (1);
-}
-
-SSL *SSL_new(SSL_CTX *ctx)
-{
-    SSL *s;
-
-    if (ctx == NULL) {
-        SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX);
-        return (NULL);
-    }
-    if (ctx->method == NULL) {
-        SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
-        return (NULL);
-    }
-
-    s = (SSL *)OPENSSL_malloc(sizeof(SSL));
-    if (s == NULL)
-        goto err;
-    memset(s, 0, sizeof(SSL));
-
-#ifndef OPENSSL_NO_KRB5
-    s->kssl_ctx = kssl_ctx_new();
-#endif                          /* OPENSSL_NO_KRB5 */
-
-    s->options = ctx->options;
-    s->mode = ctx->mode;
-    s->max_cert_list = ctx->max_cert_list;
-    s->references = 1;
-
-    if (ctx->cert != NULL) {
-        /*
-         * Earlier library versions used to copy the pointer to the CERT, not
-         * its contents; only when setting new parameters for the per-SSL
-         * copy, ssl_cert_new would be called (and the direct reference to
-         * the per-SSL_CTX settings would be lost, but those still were
-         * indirectly accessed for various purposes, and for that reason they
-         * used to be known as s->ctx->default_cert). Now we don't look at the
-         * SSL_CTX's CERT after having duplicated it once.
-         */
-
-        s->cert = ssl_cert_dup(ctx->cert);
-        if (s->cert == NULL)
-            goto err;
-    } else
-        s->cert = NULL;         /* Cannot really happen (see SSL_CTX_new) */
-
-    s->read_ahead = ctx->read_ahead;
-    s->msg_callback = ctx->msg_callback;
-    s->msg_callback_arg = ctx->msg_callback_arg;
-    s->verify_mode = ctx->verify_mode;
-#if 0
-    s->verify_depth = ctx->verify_depth;
-#endif
-    s->sid_ctx_length = ctx->sid_ctx_length;
-    OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
-    memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
-    s->verify_callback = ctx->default_verify_callback;
-    s->generate_session_id = ctx->generate_session_id;
-
-    s->param = X509_VERIFY_PARAM_new();
-    if (!s->param)
-        goto err;
-    X509_VERIFY_PARAM_inherit(s->param, ctx->param);
-#if 0
-    s->purpose = ctx->purpose;
-    s->trust = ctx->trust;
-#endif
-    s->quiet_shutdown = ctx->quiet_shutdown;
-    s->max_send_fragment = ctx->max_send_fragment;
-
-    CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
-    s->ctx = ctx;
-#ifndef OPENSSL_NO_TLSEXT
-    s->tlsext_debug_cb = 0;
-    s->tlsext_debug_arg = NULL;
-    s->tlsext_ticket_expected = 0;
-    s->tlsext_status_type = -1;
-    s->tlsext_status_expected = 0;
-    s->tlsext_ocsp_ids = NULL;
-    s->tlsext_ocsp_exts = NULL;
-    s->tlsext_ocsp_resp = NULL;
-    s->tlsext_ocsp_resplen = -1;
-    CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
-    s->initial_ctx = ctx;
-# ifndef OPENSSL_NO_NEXTPROTONEG
-    s->next_proto_negotiated = NULL;
-# endif
-#endif
-
-    s->verify_result = X509_V_OK;
-
-    s->method = ctx->method;
-
-    if (!s->method->ssl_new(s))
-        goto err;
-
-    s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
-
-    SSL_clear(s);
-
-    CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
-
-#ifndef OPENSSL_NO_PSK
-    s->psk_client_callback = ctx->psk_client_callback;
-    s->psk_server_callback = ctx->psk_server_callback;
-#endif
-
-    return (s);
- err:
-    if (s != NULL)
-        SSL_free(s);
-    SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
-    return (NULL);
-}
-
-int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
-                                   unsigned int sid_ctx_len)
-{
-    if (sid_ctx_len > sizeof ctx->sid_ctx) {
-        SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,
-               SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
-        return 0;
-    }
-    ctx->sid_ctx_length = sid_ctx_len;
-    memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
-
-    return 1;
-}
-
-int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
-                               unsigned int sid_ctx_len)
-{
-    if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
-        SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,
-               SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
-        return 0;
-    }
-    ssl->sid_ctx_length = sid_ctx_len;
-    memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len);
-
-    return 1;
-}
-
-int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
-{
-    CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-    ctx->generate_session_id = cb;
-    CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-    return 1;
-}
-
-int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
-{
-    CRYPTO_w_lock(CRYPTO_LOCK_SSL);
-    ssl->generate_session_id = cb;
-    CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
-    return 1;
-}
-
-int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
-                                unsigned int id_len)
-{
-    /*
-     * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
-     * we can "construct" a session to give us the desired check - ie. to
-     * find if there's a session in the hash table that would conflict with
-     * any new session built out of this id/id_len and the ssl_version in use
-     * by this SSL.
-     */
-    SSL_SESSION r, *p;
-
-    if (id_len > sizeof r.session_id)
-        return 0;
-
-    r.ssl_version = ssl->version;
-    r.session_id_length = id_len;
-    memcpy(r.session_id, id, id_len);
-    /*
-     * NB: SSLv2 always uses a fixed 16-byte session ID, so even if a
-     * callback is calling us to check the uniqueness of a shorter ID, it
-     * must be compared as a padded-out ID because that is what it will be
-     * converted to when the callback has finished choosing it.
-     */
-    if ((r.ssl_version == SSL2_VERSION) &&
-        (id_len < SSL2_SSL_SESSION_ID_LENGTH)) {
-        memset(r.session_id + id_len, 0, SSL2_SSL_SESSION_ID_LENGTH - id_len);
-        r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
-    }
-
-    CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
-    p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
-    CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
-    return (p != NULL);
-}
-
-int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
-{
-    return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
-}
-
-int SSL_set_purpose(SSL *s, int purpose)
-{
-    return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
-}
-
-int SSL_CTX_set_trust(SSL_CTX *s, int trust)
-{
-    return X509_VERIFY_PARAM_set_trust(s->param, trust);
-}
-
-int SSL_set_trust(SSL *s, int trust)
-{
-    return X509_VERIFY_PARAM_set_trust(s->param, trust);
-}
-
-int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
-{
-    return X509_VERIFY_PARAM_set1(ctx->param, vpm);
-}
-
-int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
-{
-    return X509_VERIFY_PARAM_set1(ssl->param, vpm);
-}
-
-void SSL_free(SSL *s)
-{
-    int i;
-
-    if (s == NULL)
-        return;
-
-    i = CRYPTO_add(&s->references, -1, CRYPTO_LOCK_SSL);
-#ifdef REF_PRINT
-    REF_PRINT("SSL", s);
-#endif
-    if (i > 0)
-        return;
-#ifdef REF_CHECK
-    if (i < 0) {
-        fprintf(stderr, "SSL_free, bad reference count\n");
-        abort();                /* ok */
-    }
-#endif
-
-    if (s->param)
-        X509_VERIFY_PARAM_free(s->param);
-
-    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
-
-    if (s->bbio != NULL) {
-        /* If the buffering BIO is in place, pop it off */
-        if (s->bbio == s->wbio) {
-            s->wbio = BIO_pop(s->wbio);
-        }
-        BIO_free(s->bbio);
-        s->bbio = NULL;
-    }
-    if (s->rbio != NULL)
-        BIO_free_all(s->rbio);
-    if ((s->wbio != NULL) && (s->wbio != s->rbio))
-        BIO_free_all(s->wbio);
-
-    if (s->init_buf != NULL)
-        BUF_MEM_free(s->init_buf);
-
-    /* add extra stuff */
-    if (s->cipher_list != NULL)
-        sk_SSL_CIPHER_free(s->cipher_list);
-    if (s->cipher_list_by_id != NULL)
-        sk_SSL_CIPHER_free(s->cipher_list_by_id);
-
-    /* Make the next call work :-) */
-    if (s->session != NULL) {
-        ssl_clear_bad_session(s);
-        SSL_SESSION_free(s->session);
-    }
-
-    ssl_clear_cipher_ctx(s);
-    ssl_clear_hash_ctx(&s->read_hash);
-    ssl_clear_hash_ctx(&s->write_hash);
-
-    if (s->cert != NULL)
-        ssl_cert_free(s->cert);
-    /* Free up if allocated */
-
-#ifndef OPENSSL_NO_TLSEXT
-    if (s->tlsext_hostname)
-        OPENSSL_free(s->tlsext_hostname);
-    if (s->initial_ctx)
-        SSL_CTX_free(s->initial_ctx);
-# ifndef OPENSSL_NO_EC
-    if (s->tlsext_ecpointformatlist)
-        OPENSSL_free(s->tlsext_ecpointformatlist);
-    if (s->tlsext_ellipticcurvelist)
-        OPENSSL_free(s->tlsext_ellipticcurvelist);
-# endif                         /* OPENSSL_NO_EC */
-    if (s->tlsext_opaque_prf_input)
-        OPENSSL_free(s->tlsext_opaque_prf_input);
-    if (s->tlsext_ocsp_exts)
-        sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free);
-    if (s->tlsext_ocsp_ids)
-        sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
-    if (s->tlsext_ocsp_resp)
-        OPENSSL_free(s->tlsext_ocsp_resp);
-#endif
-
-    if (s->client_CA != NULL)
-        sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free);
-
-    if (s->method != NULL)
-        s->method->ssl_free(s);
-
-    if (s->ctx)
-        SSL_CTX_free(s->ctx);
-
-#ifndef OPENSSL_NO_KRB5
-    if (s->kssl_ctx != NULL)
-        kssl_ctx_free(s->kssl_ctx);
-#endif                          /* OPENSSL_NO_KRB5 */
-
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
-    if (s->next_proto_negotiated)
-        OPENSSL_free(s->next_proto_negotiated);
-#endif
-
-#ifndef OPENSSL_NO_SRTP
-    if (s->srtp_profiles)
-        sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
-#endif
-
-    OPENSSL_free(s);
-}
-
-void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
-{
-    /*
-     * If the output buffering BIO is still in place, remove it
-     */
-    if (s->bbio != NULL) {
-        if (s->wbio == s->bbio) {
-            s->wbio = s->wbio->next_bio;
-            s->bbio->next_bio = NULL;
-        }
-    }
-    if ((s->rbio != NULL) && (s->rbio != rbio))
-        BIO_free_all(s->rbio);
-    if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio))
-        BIO_free_all(s->wbio);
-    s->rbio = rbio;
-    s->wbio = wbio;
-}
-
-BIO *SSL_get_rbio(const SSL *s)
-{
-    return (s->rbio);
-}
-
-BIO *SSL_get_wbio(const SSL *s)
-{
-    return (s->wbio);
-}
-
-int SSL_get_fd(const SSL *s)
-{
-    return (SSL_get_rfd(s));
-}
-
-int SSL_get_rfd(const SSL *s)
-{
-    int ret = -1;
-    BIO *b, *r;
-
-    b = SSL_get_rbio(s);
-    r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
-    if (r != NULL)
-        BIO_get_fd(r, &ret);
-    return (ret);
-}
-
-int SSL_get_wfd(const SSL *s)
-{
-    int ret = -1;
-    BIO *b, *r;
-
-    b = SSL_get_wbio(s);
-    r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
-    if (r != NULL)
-        BIO_get_fd(r, &ret);
-    return (ret);
-}
-
-#ifndef OPENSSL_NO_SOCK
-int SSL_set_fd(SSL *s, int fd)
-{
-    int ret = 0;
-    BIO *bio = NULL;
-
-    bio = BIO_new(BIO_s_socket());
-
-    if (bio == NULL) {
-        SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
-        goto err;
-    }
-    BIO_set_fd(bio, fd, BIO_NOCLOSE);
-    SSL_set_bio(s, bio, bio);
-    ret = 1;
- err:
-    return (ret);
-}
-
-int SSL_set_wfd(SSL *s, int fd)
-{
-    int ret = 0;
-    BIO *bio = NULL;
-
-    if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
-        || ((int)BIO_get_fd(s->rbio, NULL) != fd)) {
-        bio = BIO_new(BIO_s_socket());
-
-        if (bio == NULL) {
-            SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB);
-            goto err;
-        }
-        BIO_set_fd(bio, fd, BIO_NOCLOSE);
-        SSL_set_bio(s, SSL_get_rbio(s), bio);
-    } else
-        SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s));
-    ret = 1;
- err:
-    return (ret);
-}
-
-int SSL_set_rfd(SSL *s, int fd)
-{
-    int ret = 0;
-    BIO *bio = NULL;
-
-    if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
-        || ((int)BIO_get_fd(s->wbio, NULL) != fd)) {
-        bio = BIO_new(BIO_s_socket());
-
-        if (bio == NULL) {
-            SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB);
-            goto err;
-        }
-        BIO_set_fd(bio, fd, BIO_NOCLOSE);
-        SSL_set_bio(s, bio, SSL_get_wbio(s));
-    } else
-        SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s));
-    ret = 1;
- err:
-    return (ret);
-}
-#endif
-
-/* return length of latest Finished message we sent, copy to 'buf' */
-size_t SSL_get_finished(const SSL *s, void *buf, size_t count)
-{
-    size_t ret = 0;
-
-    if (s->s3 != NULL) {
-        ret = s->s3->tmp.finish_md_len;
-        if (count > ret)
-            count = ret;
-        memcpy(buf, s->s3->tmp.finish_md, count);
-    }
-    return ret;
-}
-
-/* return length of latest Finished message we expected, copy to 'buf' */
-size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
-{
-    size_t ret = 0;
-
-    if (s->s3 != NULL) {
-        ret = s->s3->tmp.peer_finish_md_len;
-        if (count > ret)
-            count = ret;
-        memcpy(buf, s->s3->tmp.peer_finish_md, count);
-    }
-    return ret;
-}
-
-int SSL_get_verify_mode(const SSL *s)
-{
-    return (s->verify_mode);
-}
-
-int SSL_get_verify_depth(const SSL *s)
-{
-    return X509_VERIFY_PARAM_get_depth(s->param);
-}
-
-int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *) {
-    return (s->verify_callback);
-}
-
-int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
-{
-    return (ctx->verify_mode);
-}
-
-int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
-{
-    return X509_VERIFY_PARAM_get_depth(ctx->param);
-}
-
-int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, X509_STORE_CTX *) {
-    return (ctx->default_verify_callback);
-}
-
-void SSL_set_verify(SSL *s, int mode,
-                    int (*callback) (int ok, X509_STORE_CTX *ctx))
-{
-    s->verify_mode = mode;
-    if (callback != NULL)
-        s->verify_callback = callback;
-}
-
-void SSL_set_verify_depth(SSL *s, int depth)
-{
-    X509_VERIFY_PARAM_set_depth(s->param, depth);
-}
-
-void SSL_set_read_ahead(SSL *s, int yes)
-{
-    s->read_ahead = yes;
-}
-
-int SSL_get_read_ahead(const SSL *s)
-{
-    return (s->read_ahead);
-}
-
-int SSL_pending(const SSL *s)
-{
-    /*
-     * SSL_pending cannot work properly if read-ahead is enabled
-     * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), and it is
-     * impossible to fix since SSL_pending cannot report errors that may be
-     * observed while scanning the new data. (Note that SSL_pending() is
-     * often used as a boolean value, so we'd better not return -1.)
-     */
-    return (s->method->ssl_pending(s));
-}
-
-X509 *SSL_get_peer_certificate(const SSL *s)
-{
-    X509 *r;
-
-    if ((s == NULL) || (s->session == NULL))
-        r = NULL;
-    else
-        r = s->session->peer;
-
-    if (r == NULL)
-        return (r);
-
-    CRYPTO_add(&r->references, 1, CRYPTO_LOCK_X509);
-
-    return (r);
-}
-
-STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
-{
-    STACK_OF(X509) *r;
-
-    if ((s == NULL) || (s->session == NULL)
-        || (s->session->sess_cert == NULL))
-        r = NULL;
-    else
-        r = s->session->sess_cert->cert_chain;
-
-    /*
-     * If we are a client, cert_chain includes the peer's own certificate; if
-     * we are a server, it does not.
-     */
-
-    return (r);
-}
-
-/*
- * Now in theory, since the calling process own 't' it should be safe to
- * modify.  We need to be able to read f without being hassled
- */
-void SSL_copy_session_id(SSL *t, const SSL *f)
-{
-    CERT *tmp;
-
-    /* Do we need to to SSL locking? */
-    SSL_set_session(t, SSL_get_session(f));
-
-    /*
-     * what if we are setup as SSLv2 but want to talk SSLv3 or vice-versa
-     */
-    if (t->method != f->method) {
-        t->method->ssl_free(t); /* cleanup current */
-        t->method = f->method;  /* change method */
-        t->method->ssl_new(t);  /* setup new */
-    }
-
-    tmp = t->cert;
-    if (f->cert != NULL) {
-        CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT);
-        t->cert = f->cert;
-    } else
-        t->cert = NULL;
-    if (tmp != NULL)
-        ssl_cert_free(tmp);
-    SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length);
-}
-
-/* Fix this so it checks all the valid key/cert options */
-int SSL_CTX_check_private_key(const SSL_CTX *ctx)
-{
-    if ((ctx == NULL) ||
-        (ctx->cert == NULL) || (ctx->cert->key->x509 == NULL)) {
-        SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,
-               SSL_R_NO_CERTIFICATE_ASSIGNED);
-        return (0);
-    }
-    if (ctx->cert->key->privatekey == NULL) {
-        SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,
-               SSL_R_NO_PRIVATE_KEY_ASSIGNED);
-        return (0);
-    }
-    return (X509_check_private_key
-            (ctx->cert->key->x509, ctx->cert->key->privatekey));
-}
-
-/* Fix this function so that it takes an optional type parameter */
-int SSL_check_private_key(const SSL *ssl)
-{
-    if (ssl == NULL) {
-        SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
-        return (0);
-    }
-    if (ssl->cert == NULL) {
-        SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
-        return 0;
-    }
-    if (ssl->cert->key->x509 == NULL) {
-        SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
-        return (0);
-    }
-    if (ssl->cert->key->privatekey == NULL) {
-        SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
-        return (0);
-    }
-    return (X509_check_private_key(ssl->cert->key->x509,
-                                   ssl->cert->key->privatekey));
-}
-
-int SSL_accept(SSL *s)
-{
-    if (s->handshake_func == 0)
-        /* Not properly initialized yet */
-        SSL_set_accept_state(s);
-
-    return (s->method->ssl_accept(s));
-}
-
-int SSL_connect(SSL *s)
-{
-    if (s->handshake_func == 0)
-        /* Not properly initialized yet */
-        SSL_set_connect_state(s);
-
-    return (s->method->ssl_connect(s));
-}
-
-long SSL_get_default_timeout(const SSL *s)
-{
-    return (s->method->get_timeout());
-}
-
-int SSL_read(SSL *s, void *buf, int num)
-{
-    if (s->handshake_func == 0) {
-        SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
-        return -1;
-    }
-
-    if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
-        s->rwstate = SSL_NOTHING;
-        return (0);
-    }
-    return (s->method->ssl_read(s, buf, num));
-}
-
-int SSL_peek(SSL *s, void *buf, int num)
-{
-    if (s->handshake_func == 0) {
-        SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED);
-        return -1;
-    }
-
-    if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
-        return (0);
-    }
-    return (s->method->ssl_peek(s, buf, num));
-}
-
-int SSL_write(SSL *s, const void *buf, int num)
-{
-    if (s->handshake_func == 0) {
-        SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED);
-        return -1;
-    }
-
-    if (s->shutdown & SSL_SENT_SHUTDOWN) {
-        s->rwstate = SSL_NOTHING;
-        SSLerr(SSL_F_SSL_WRITE, SSL_R_PROTOCOL_IS_SHUTDOWN);
-        return (-1);
-    }
-    return (s->method->ssl_write(s, buf, num));
-}
-
-int SSL_shutdown(SSL *s)
-{
-    /*
-     * Note that this function behaves differently from what one might
-     * expect.  Return values are 0 for no success (yet), 1 for success; but
-     * calling it once is usually not enough, even if blocking I/O is used
-     * (see ssl3_shutdown).
-     */
-
-    if (s->handshake_func == 0) {
-        SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
-        return -1;
-    }
-
-    if ((s != NULL) && !SSL_in_init(s))
-        return (s->method->ssl_shutdown(s));
-    else
-        return (1);
-}
-
-int SSL_renegotiate(SSL *s)
-{
-    if (s->renegotiate == 0)
-        s->renegotiate = 1;
-
-    s->new_session = 1;
-
-    return (s->method->ssl_renegotiate(s));
-}
-
-int SSL_renegotiate_abbreviated(SSL *s)
-{
-    if (s->renegotiate == 0)
-        s->renegotiate = 1;
-
-    s->new_session = 0;
-
-    return (s->method->ssl_renegotiate(s));
-}
-
-int SSL_renegotiate_pending(SSL *s)
-{
-    /*
-     * becomes true when negotiation is requested; false again once a
-     * handshake has finished
-     */
-    return (s->renegotiate != 0);
-}
-
-long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
-{
-    long l;
-
-    switch (cmd) {
-    case SSL_CTRL_GET_READ_AHEAD:
-        return (s->read_ahead);
-    case SSL_CTRL_SET_READ_AHEAD:
-        l = s->read_ahead;
-        s->read_ahead = larg;
-        return (l);
-
-    case SSL_CTRL_SET_MSG_CALLBACK_ARG:
-        s->msg_callback_arg = parg;
-        return 1;
-
-    case SSL_CTRL_OPTIONS:
-        return (s->options |= larg);
-    case SSL_CTRL_CLEAR_OPTIONS:
-        return (s->options &= ~larg);
-    case SSL_CTRL_MODE:
-        return (s->mode |= larg);
-    case SSL_CTRL_CLEAR_MODE:
-        return (s->mode &= ~larg);
-    case SSL_CTRL_GET_MAX_CERT_LIST:
-        return (s->max_cert_list);
-    case SSL_CTRL_SET_MAX_CERT_LIST:
-        l = s->max_cert_list;
-        s->max_cert_list = larg;
-        return (l);
-    case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
-        if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
-            return 0;
-        s->max_send_fragment = larg;
-        return 1;
-    case SSL_CTRL_GET_RI_SUPPORT:
-        if (s->s3)
-            return s->s3->send_connection_binding;
-        else
-            return 0;
-    default:
-        return (s->method->ssl_ctrl(s, cmd, larg, parg));
-    }
-}
-
-long SSL_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
-{
-    switch (cmd) {
-    case SSL_CTRL_SET_MSG_CALLBACK:
-        s->msg_callback = (void (*)
-                           (int write_p, int version, int content_type,
-                            const void *buf, size_t len, SSL *ssl,
-                            void *arg))(fp);
-        return 1;
-
-    default:
-        return (s->method->ssl_callback_ctrl(s, cmd, fp));
-    }
-}
-
-LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx)
-{
-    return ctx->sessions;
-}
-
-long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
-{
-    long l;
-
-    switch (cmd) {
-    case SSL_CTRL_GET_READ_AHEAD:
-        return (ctx->read_ahead);
-    case SSL_CTRL_SET_READ_AHEAD:
-        l = ctx->read_ahead;
-        ctx->read_ahead = larg;
-        return (l);
-
-    case SSL_CTRL_SET_MSG_CALLBACK_ARG:
-        ctx->msg_callback_arg = parg;
-        return 1;
-
-    case SSL_CTRL_GET_MAX_CERT_LIST:
-        return (ctx->max_cert_list);
-    case SSL_CTRL_SET_MAX_CERT_LIST:
-        l = ctx->max_cert_list;
-        ctx->max_cert_list = larg;
-        return (l);
-
-    case SSL_CTRL_SET_SESS_CACHE_SIZE:
-        l = ctx->session_cache_size;
-        ctx->session_cache_size = larg;
-        return (l);
-    case SSL_CTRL_GET_SESS_CACHE_SIZE:
-        return (ctx->session_cache_size);
-    case SSL_CTRL_SET_SESS_CACHE_MODE:
-        l = ctx->session_cache_mode;
-        ctx->session_cache_mode = larg;
-        return (l);
-    case SSL_CTRL_GET_SESS_CACHE_MODE:
-        return (ctx->session_cache_mode);
-
-    case SSL_CTRL_SESS_NUMBER:
-        return (lh_SSL_SESSION_num_items(ctx->sessions));
-    case SSL_CTRL_SESS_CONNECT:
-        return (ctx->stats.sess_connect);
-    case SSL_CTRL_SESS_CONNECT_GOOD:
-        return (ctx->stats.sess_connect_good);
-    case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
-        return (ctx->stats.sess_connect_renegotiate);
-    case SSL_CTRL_SESS_ACCEPT:
-        return (ctx->stats.sess_accept);
-    case SSL_CTRL_SESS_ACCEPT_GOOD:
-        return (ctx->stats.sess_accept_good);
-    case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
-        return (ctx->stats.sess_accept_renegotiate);
-    case SSL_CTRL_SESS_HIT:
-        return (ctx->stats.sess_hit);
-    case SSL_CTRL_SESS_CB_HIT:
-        return (ctx->stats.sess_cb_hit);
-    case SSL_CTRL_SESS_MISSES:
-        return (ctx->stats.sess_miss);
-    case SSL_CTRL_SESS_TIMEOUTS:
-        return (ctx->stats.sess_timeout);
-    case SSL_CTRL_SESS_CACHE_FULL:
-        return (ctx->stats.sess_cache_full);
-    case SSL_CTRL_OPTIONS:
-        return (ctx->options |= larg);
-    case SSL_CTRL_CLEAR_OPTIONS:
-        return (ctx->options &= ~larg);
-    case SSL_CTRL_MODE:
-        return (ctx->mode |= larg);
-    case SSL_CTRL_CLEAR_MODE:
-        return (ctx->mode &= ~larg);
-    case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
-        if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
-            return 0;
-        ctx->max_send_fragment = larg;
-        return 1;
-    default:
-        return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg));
-    }
-}
-
-long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
-{
-    switch (cmd) {
-    case SSL_CTRL_SET_MSG_CALLBACK:
-        ctx->msg_callback = (void (*)
-                             (int write_p, int version, int content_type,
-                              const void *buf, size_t len, SSL *ssl,
-                              void *arg))(fp);
-        return 1;
-
-    default:
-        return (ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp));
-    }
-}
-
-int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
-{
-    long l;
-
-    l = a->id - b->id;
-    if (l == 0L)
-        return (0);
-    else
-        return ((l > 0) ? 1 : -1);
-}
-
-int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
-                          const SSL_CIPHER *const *bp)
-{
-    long l;
-
-    l = (*ap)->id - (*bp)->id;
-    if (l == 0L)
-        return (0);
-    else
-        return ((l > 0) ? 1 : -1);
-}
-
-/** return a STACK of the ciphers available for the SSL and in order of
- * preference */
-STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
-{
-    if (s != NULL) {
-        if (s->cipher_list != NULL) {
-            return (s->cipher_list);
-        } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) {
-            return (s->ctx->cipher_list);
-        }
-    }
-    return (NULL);
-}
-
-/** return a STACK of the ciphers available for the SSL and in order of
- * algorithm id */
-STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
-{
-    if (s != NULL) {
-        if (s->cipher_list_by_id != NULL) {
-            return (s->cipher_list_by_id);
-        } else if ((s->ctx != NULL) && (s->ctx->cipher_list_by_id != NULL)) {
-            return (s->ctx->cipher_list_by_id);
-        }
-    }
-    return (NULL);
-}
-
-/** The old interface to get the same thing as SSL_get_ciphers() */
-const char *SSL_get_cipher_list(const SSL *s, int n)
-{
-    SSL_CIPHER *c;
-    STACK_OF(SSL_CIPHER) *sk;
-
-    if (s == NULL)
-        return (NULL);
-    sk = SSL_get_ciphers(s);
-    if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
-        return (NULL);
-    c = sk_SSL_CIPHER_value(sk, n);
-    if (c == NULL)
-        return (NULL);
-    return (c->name);
-}
-
-/** specify the ciphers to be used by default by the SSL_CTX */
-int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
-{
-    STACK_OF(SSL_CIPHER) *sk;
-
-    sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list,
-                                &ctx->cipher_list_by_id, str);
-    /*
-     * ssl_create_cipher_list may return an empty stack if it was unable to
-     * find a cipher matching the given rule string (for example if the rule
-     * string specifies a cipher which has been disabled). This is not an
-     * error as far as ssl_create_cipher_list is concerned, and hence
-     * ctx->cipher_list and ctx->cipher_list_by_id has been updated.
-     */
-    if (sk == NULL)
-        return 0;
-    else if (sk_SSL_CIPHER_num(sk) == 0) {
-        SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
-        return 0;
-    }
-    return 1;
-}
-
-/** specify the ciphers to be used by the SSL */
-int SSL_set_cipher_list(SSL *s, const char *str)
-{
-    STACK_OF(SSL_CIPHER) *sk;
-
-    sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list,
-                                &s->cipher_list_by_id, str);
-    /* see comment in SSL_CTX_set_cipher_list */
-    if (sk == NULL)
-        return 0;
-    else if (sk_SSL_CIPHER_num(sk) == 0) {
-        SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
-        return 0;
-    }
-    return 1;
-}
-
-/* works well for SSLv2, not so good for SSLv3 */
-char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
-{
-    char *p;
-    STACK_OF(SSL_CIPHER) *sk;
-    SSL_CIPHER *c;
-    int i;
-
-    if ((s->session == NULL) || (s->session->ciphers == NULL) || (len < 2))
-        return (NULL);
-
-    p = buf;
-    sk = s->session->ciphers;
-
-    if (sk_SSL_CIPHER_num(sk) == 0)
-        return NULL;
-
-    for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
-        int n;
-
-        c = sk_SSL_CIPHER_value(sk, i);
-        n = strlen(c->name);
-        if (n + 1 > len) {
-            if (p != buf)
-                --p;
-            *p = '\0';
-            return buf;
-        }
-        strcpy(p, c->name);
-        p += n;
-        *(p++) = ':';
-        len -= n + 1;
-    }
-    p[-1] = '\0';
-    return (buf);
-}
-
-int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
-                             unsigned char *p,
-                             int (*put_cb) (const SSL_CIPHER *,
-                                            unsigned char *))
-{
-    int i, j = 0;
-    SSL_CIPHER *c;
-    unsigned char *q;
-#ifndef OPENSSL_NO_KRB5
-    int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx);
-#endif                          /* OPENSSL_NO_KRB5 */
-
-    if (sk == NULL)
-        return (0);
-    q = p;
-    if (put_cb == NULL)
-        put_cb = s->method->put_cipher_by_char;
-
-    for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
-        c = sk_SSL_CIPHER_value(sk, i);
-        /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
-        if ((c->algorithm_ssl & SSL_TLSV1_2) &&
-            (TLS1_get_client_version(s) < TLS1_2_VERSION))
-            continue;
-#ifndef OPENSSL_NO_KRB5
-        if (((c->algorithm_mkey & SSL_kKRB5)
-             || (c->algorithm_auth & SSL_aKRB5)) && nokrb5)
-            continue;
-#endif                          /* OPENSSL_NO_KRB5 */
-#ifndef OPENSSL_NO_PSK
-        /* with PSK there must be client callback set */
-        if (((c->algorithm_mkey & SSL_kPSK) || (c->algorithm_auth & SSL_aPSK))
-            && s->psk_client_callback == NULL)
-            continue;
-#endif                          /* OPENSSL_NO_PSK */
-#ifndef OPENSSL_NO_SRP
-        if (((c->algorithm_mkey & SSL_kSRP) || (c->algorithm_auth & SSL_aSRP))
-            && !(s->srp_ctx.srp_Mask & SSL_kSRP))
-            continue;
-#endif                          /* OPENSSL_NO_SRP */
-        j = put_cb(c, p);
-        p += j;
-    }
-    /*
-     * If p == q, no ciphers; caller indicates an error. Otherwise, add
-     * applicable SCSVs.
-     */
-    if (p != q) {
-        if (!s->renegotiate) {
-            static SSL_CIPHER scsv = {
-                0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
-            };
-            j = put_cb(&scsv, p);
-            p += j;
-#ifdef OPENSSL_RI_DEBUG
-            fprintf(stderr,
-                    "TLS_EMPTY_RENEGOTIATION_INFO_SCSV sent by client\n");
-#endif
-        }
-
-        if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) {
-            static SSL_CIPHER scsv = {
-                0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
-            };
-            j = put_cb(&scsv, p);
-            p += j;
-        }
-    }
-
-    return (p - q);
-}
-
-STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p,
-                                               int num,
-                                               STACK_OF(SSL_CIPHER) **skp)
-{
-    const SSL_CIPHER *c;
-    STACK_OF(SSL_CIPHER) *sk;
-    int i, n;
-
-    if (s->s3)
-        s->s3->send_connection_binding = 0;
-
-    n = ssl_put_cipher_by_char(s, NULL, NULL);
-    if (n == 0 || (num % n) != 0) {
-        SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
-               SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
-        return (NULL);
-    }
-    if ((skp == NULL) || (*skp == NULL)) {
-        sk = sk_SSL_CIPHER_new_null(); /* change perhaps later */
-        if(sk == NULL) {
-            SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
-            return NULL;
-        }
-    } else {
-        sk = *skp;
-        sk_SSL_CIPHER_zero(sk);
-    }
-
-    for (i = 0; i < num; i += n) {
-        /* Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV */
-        if (s->s3 && (n != 3 || !p[0]) &&
-            (p[n - 2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
-            (p[n - 1] == (SSL3_CK_SCSV & 0xff))) {
-            /* SCSV fatal if renegotiating */
-            if (s->renegotiate) {
-                SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
-                       SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
-                goto err;
-            }
-            s->s3->send_connection_binding = 1;
-            p += n;
-#ifdef OPENSSL_RI_DEBUG
-            fprintf(stderr, "SCSV received by server\n");
-#endif
-            continue;
-        }
-
-        /* Check for TLS_FALLBACK_SCSV */
-        if ((n != 3 || !p[0]) &&
-            (p[n - 2] == ((SSL3_CK_FALLBACK_SCSV >> 8) & 0xff)) &&
-            (p[n - 1] == (SSL3_CK_FALLBACK_SCSV & 0xff))) {
-            /*
-             * The SCSV indicates that the client previously tried a higher
-             * version. Fail if the current version is an unexpected
-             * downgrade.
-             */
-            if (!SSL_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, 0, NULL)) {
-                SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
-                       SSL_R_INAPPROPRIATE_FALLBACK);
-                if (s->s3)
-                    ssl3_send_alert(s, SSL3_AL_FATAL,
-                                    SSL_AD_INAPPROPRIATE_FALLBACK);
-                goto err;
-            }
-            p += n;
-            continue;
-        }
-
-        c = ssl_get_cipher_by_char(s, p);
-        p += n;
-        if (c != NULL) {
-            if (!sk_SSL_CIPHER_push(sk, c)) {
-                SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
-                goto err;
-            }
-        }
-    }
-
-    if (skp != NULL)
-        *skp = sk;
-    return (sk);
- err:
-    if ((skp == NULL) || (*skp == NULL))
-        sk_SSL_CIPHER_free(sk);
-    return (NULL);
-}
-
-#ifndef OPENSSL_NO_TLSEXT
-/** return a servername extension value if provided in Client Hello, or NULL.
- * So far, only host_name types are defined (RFC 3546).
- */
-
-const char *SSL_get_servername(const SSL *s, const int type)
-{
-    if (type != TLSEXT_NAMETYPE_host_name)
-        return NULL;
-
-    return s->session && !s->tlsext_hostname ?
-        s->session->tlsext_hostname : s->tlsext_hostname;
-}
-
-int SSL_get_servername_type(const SSL *s)
-{
-    if (s->session
-        && (!s->tlsext_hostname ? s->session->
-            tlsext_hostname : s->tlsext_hostname))
-        return TLSEXT_NAMETYPE_host_name;
-    return -1;
-}
-
-# ifndef OPENSSL_NO_NEXTPROTONEG
-/*
- * SSL_select_next_proto implements the standard protocol selection. It is
- * expected that this function is called from the callback set by
- * SSL_CTX_set_next_proto_select_cb. The protocol data is assumed to be a
- * vector of 8-bit, length prefixed byte strings. The length byte itself is
- * not included in the length. A byte string of length 0 is invalid. No byte
- * string may be truncated. The current, but experimental algorithm for
- * selecting the protocol is: 1) If the server doesn't support NPN then this
- * is indicated to the callback. In this case, the client application has to
- * abort the connection or have a default application level protocol. 2) If
- * the server supports NPN, but advertises an empty list then the client
- * selects the first protcol in its list, but indicates via the API that this
- * fallback case was enacted. 3) Otherwise, the client finds the first
- * protocol in the server's list that it supports and selects this protocol.
- * This is because it's assumed that the server has better information about
- * which protocol a client should use. 4) If the client doesn't support any
- * of the server's advertised protocols, then this is treated the same as
- * case 2. It returns either OPENSSL_NPN_NEGOTIATED if a common protocol was
- * found, or OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
- */
-int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
-                          const unsigned char *server,
-                          unsigned int server_len,
-                          const unsigned char *client,
-                          unsigned int client_len)
-{
-    unsigned int i, j;
-    const unsigned char *result;
-    int status = OPENSSL_NPN_UNSUPPORTED;
-
-    /*
-     * For each protocol in server preference order, see if we support it.
-     */
-    for (i = 0; i < server_len;) {
-        for (j = 0; j < client_len;) {
-            if (server[i] == client[j] &&
-                memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) {
-                /* We found a match */
-                result = &server[i];
-                status = OPENSSL_NPN_NEGOTIATED;
-                goto found;
-            }
-            j += client[j];
-            j++;
-        }
-        i += server[i];
-        i++;
-    }
-
-    /* There's no overlap between our protocols and the server's list. */
-    result = client;
-    status = OPENSSL_NPN_NO_OVERLAP;
-
- found:
-    *out = (unsigned char *)result + 1;
-    *outlen = result[0];
-    return status;
-}
-
-/*
- * SSL_get0_next_proto_negotiated sets *data and *len to point to the
- * client's requested protocol for this connection and returns 0. If the
- * client didn't request any protocol, then *data is set to NULL. Note that
- * the client can request any protocol it chooses. The value returned from
- * this function need not be a member of the list of supported protocols
- * provided by the callback.
- */
-void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
-                                    unsigned *len)
-{
-    *data = s->next_proto_negotiated;
-    if (!*data) {
-        *len = 0;
-    } else {
-        *len = s->next_proto_negotiated_len;
-    }
-}
-
-/*
- * SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when
- * a TLS server needs a list of supported protocols for Next Protocol
- * Negotiation. The returned list must be in wire format.  The list is
- * returned by setting |out| to point to it and |outlen| to its length. This
- * memory will not be modified, but one should assume that the SSL* keeps a
- * reference to it. The callback should return SSL_TLSEXT_ERR_OK if it
- * wishes to advertise. Otherwise, no such extension will be included in the
- * ServerHello.
- */
-void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx,
-                                           int (*cb) (SSL *ssl,
-                                                      const unsigned char
-                                                      **out,
-                                                      unsigned int *outlen,
-                                                      void *arg), void *arg)
-{
-    ctx->next_protos_advertised_cb = cb;
-    ctx->next_protos_advertised_cb_arg = arg;
-}
-
-/*
- * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
- * client needs to select a protocol from the server's provided list. |out|
- * must be set to point to the selected protocol (which may be within |in|).
- * The length of the protocol name must be written into |outlen|. The
- * server's advertised protocols are provided in |in| and |inlen|. The
- * callback can assume that |in| is syntactically valid. The client must
- * select a protocol. It is fatal to the connection if this callback returns
- * a value other than SSL_TLSEXT_ERR_OK.
- */
-void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx,
-                                      int (*cb) (SSL *s, unsigned char **out,
-                                                 unsigned char *outlen,
-                                                 const unsigned char *in,
-                                                 unsigned int inlen,
-                                                 void *arg), void *arg)
-{
-    ctx->next_proto_select_cb = cb;
-    ctx->next_proto_select_cb_arg = arg;
-}
-# endif
-#endif
-
-int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
-                               const char *label, size_t llen,
-                               const unsigned char *p, size_t plen,
-                               int use_context)
-{
-    if (s->version < TLS1_VERSION)
-        return -1;
-
-    return s->method->ssl3_enc->export_keying_material(s, out, olen, label,
-                                                       llen, p, plen,
-                                                       use_context);
-}
-
-static unsigned long ssl_session_hash(const SSL_SESSION *a)
-{
-    unsigned long l;
-
-    l = (unsigned long)
-        ((unsigned int)a->session_id[0]) |
-        ((unsigned int)a->session_id[1] << 8L) |
-        ((unsigned long)a->session_id[2] << 16L) |
-        ((unsigned long)a->session_id[3] << 24L);
-    return (l);
-}
-
-/*
- * NB: If this function (or indeed the hash function which uses a sort of
- * coarser function than this one) is changed, ensure
- * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on
- * being able to construct an SSL_SESSION that will collide with any existing
- * session with a matching session ID.
- */
-static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
-{
-    if (a->ssl_version != b->ssl_version)
-        return (1);
-    if (a->session_id_length != b->session_id_length)
-        return (1);
-    return (memcmp(a->session_id, b->session_id, a->session_id_length));
-}
-
-/*
- * These wrapper functions should remain rather than redeclaring
- * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
- * variable. The reason is that the functions aren't static, they're exposed
- * via ssl.h.
- */
-static IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION)
-static IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION)
-
-SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
-{
-    SSL_CTX *ret = NULL;
-
-    if (meth == NULL) {
-        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED);
-        return (NULL);
-    }
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode() && (meth->version < TLS1_VERSION)) {
-        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
-        return NULL;
-    }
-#endif
-
-    if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
-        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
-        goto err;
-    }
-    ret = (SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX));
-    if (ret == NULL)
-        goto err;
-
-    memset(ret, 0, sizeof(SSL_CTX));
-
-    ret->method = meth;
-
-    ret->cert_store = NULL;
-    ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
-    ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
-    ret->session_cache_head = NULL;
-    ret->session_cache_tail = NULL;
-
-    /* We take the system default */
-    ret->session_timeout = meth->get_timeout();
-
-    ret->new_session_cb = 0;
-    ret->remove_session_cb = 0;
-    ret->get_session_cb = 0;
-    ret->generate_session_id = 0;
-
-    memset((char *)&ret->stats, 0, sizeof(ret->stats));
-
-    ret->references = 1;
-    ret->quiet_shutdown = 0;
-
-/*  ret->cipher=NULL;*/
-/*-
-    ret->s2->challenge=NULL;
-    ret->master_key=NULL;
-    ret->key_arg=NULL;
-    ret->s2->conn_id=NULL; */
-
-    ret->info_callback = NULL;
-
-    ret->app_verify_callback = 0;
-    ret->app_verify_arg = NULL;
-
-    ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
-    ret->read_ahead = 0;
-    ret->msg_callback = 0;
-    ret->msg_callback_arg = NULL;
-    ret->verify_mode = SSL_VERIFY_NONE;
-#if 0
-    ret->verify_depth = -1;     /* Don't impose a limit (but x509_lu.c does) */
-#endif
-    ret->sid_ctx_length = 0;
-    ret->default_verify_callback = NULL;
-    if ((ret->cert = ssl_cert_new()) == NULL)
-        goto err;
-
-    ret->default_passwd_callback = 0;
-    ret->default_passwd_callback_userdata = NULL;
-    ret->client_cert_cb = 0;
-    ret->app_gen_cookie_cb = 0;
-    ret->app_verify_cookie_cb = 0;
-
-    ret->sessions = lh_SSL_SESSION_new();
-    if (ret->sessions == NULL)
-        goto err;
-    ret->cert_store = X509_STORE_new();
-    if (ret->cert_store == NULL)
-        goto err;
-
-    ssl_create_cipher_list(ret->method,
-                           &ret->cipher_list, &ret->cipher_list_by_id,
-                           meth->version ==
-                           SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
-    if (ret->cipher_list == NULL || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
-        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
-        goto err2;
-    }
-
-    ret->param = X509_VERIFY_PARAM_new();
-    if (!ret->param)
-        goto err;
-
-    if ((ret->rsa_md5 = EVP_get_digestbyname("ssl2-md5")) == NULL) {
-        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);
-        goto err2;
-    }
-    if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
-        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
-        goto err2;
-    }
-    if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) {
-        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
-        goto err2;
-    }
-
-    if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL)
-        goto err;
-
-    CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
-
-    ret->extra_certs = NULL;
-    /* No compression for DTLS */
-    if (meth->version != DTLS1_VERSION)
-        ret->comp_methods = SSL_COMP_get_compression_methods();
-
-    ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
-
-#ifndef OPENSSL_NO_TLSEXT
-    ret->tlsext_servername_callback = 0;
-    ret->tlsext_servername_arg = NULL;
-    /* Setup RFC4507 ticket keys */
-    if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0)
-        || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0)
-        || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0))
-        ret->options |= SSL_OP_NO_TICKET;
-
-    ret->tlsext_status_cb = 0;
-    ret->tlsext_status_arg = NULL;
-
-# ifndef OPENSSL_NO_NEXTPROTONEG
-    ret->next_protos_advertised_cb = 0;
-    ret->next_proto_select_cb = 0;
-# endif
-#endif
-#ifndef OPENSSL_NO_PSK
-    ret->psk_identity_hint = NULL;
-    ret->psk_client_callback = NULL;
-    ret->psk_server_callback = NULL;
-#endif
-#ifndef OPENSSL_NO_SRP
-    SSL_CTX_SRP_CTX_init(ret);
-#endif
-#ifndef OPENSSL_NO_BUF_FREELISTS
-    ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT;
-    ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
-    if (!ret->rbuf_freelist)
-        goto err;
-    ret->rbuf_freelist->chunklen = 0;
-    ret->rbuf_freelist->len = 0;
-    ret->rbuf_freelist->head = NULL;
-    ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
-    if (!ret->wbuf_freelist) {
-        OPENSSL_free(ret->rbuf_freelist);
-        goto err;
-    }
-    ret->wbuf_freelist->chunklen = 0;
-    ret->wbuf_freelist->len = 0;
-    ret->wbuf_freelist->head = NULL;
-#endif
-#ifndef OPENSSL_NO_ENGINE
-    ret->client_cert_engine = NULL;
-# ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
-#  define eng_strx(x)     #x
-#  define eng_str(x)      eng_strx(x)
-    /* Use specific client engine automatically... ignore errors */
-    {
-        ENGINE *eng;
-        eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
-        if (!eng) {
-            ERR_clear_error();
-            ENGINE_load_builtin_engines();
-            eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
-        }
-        if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
-            ERR_clear_error();
-    }
-# endif
-#endif
-    /*
-     * Default is to connect to non-RI servers. When RI is more widely
-     * deployed might change this.
-     */
-    ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
-
-    return (ret);
- err:
-    SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
- err2:
-    if (ret != NULL)
-        SSL_CTX_free(ret);
-    return (NULL);
-}
-
-#if 0
-static void SSL_COMP_free(SSL_COMP *comp)
-{
-    OPENSSL_free(comp);
-}
-#endif
-
-#ifndef OPENSSL_NO_BUF_FREELISTS
-static void ssl_buf_freelist_free(SSL3_BUF_FREELIST *list)
-{
-    SSL3_BUF_FREELIST_ENTRY *ent, *next;
-    for (ent = list->head; ent; ent = next) {
-        next = ent->next;
-        OPENSSL_free(ent);
-    }
-    OPENSSL_free(list);
-}
-#endif
-
-void SSL_CTX_free(SSL_CTX *a)
-{
-    int i;
-
-    if (a == NULL)
-        return;
-
-    i = CRYPTO_add(&a->references, -1, CRYPTO_LOCK_SSL_CTX);
-#ifdef REF_PRINT
-    REF_PRINT("SSL_CTX", a);
-#endif
-    if (i > 0)
-        return;
-#ifdef REF_CHECK
-    if (i < 0) {
-        fprintf(stderr, "SSL_CTX_free, bad reference count\n");
-        abort();                /* ok */
-    }
-#endif
-
-    if (a->param)
-        X509_VERIFY_PARAM_free(a->param);
-
-    /*
-     * Free internal session cache. However: the remove_cb() may reference
-     * the ex_data of SSL_CTX, thus the ex_data store can only be removed
-     * after the sessions were flushed.
-     * As the ex_data handling routines might also touch the session cache,
-     * the most secure solution seems to be: empty (flush) the cache, then
-     * free ex_data, then finally free the cache.
-     * (See ticket [openssl.org #212].)
-     */
-    if (a->sessions != NULL)
-        SSL_CTX_flush_sessions(a, 0);
-
-    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
-
-    if (a->sessions != NULL)
-        lh_SSL_SESSION_free(a->sessions);
-
-    if (a->cert_store != NULL)
-        X509_STORE_free(a->cert_store);
-    if (a->cipher_list != NULL)
-        sk_SSL_CIPHER_free(a->cipher_list);
-    if (a->cipher_list_by_id != NULL)
-        sk_SSL_CIPHER_free(a->cipher_list_by_id);
-    if (a->cert != NULL)
-        ssl_cert_free(a->cert);
-    if (a->client_CA != NULL)
-        sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free);
-    if (a->extra_certs != NULL)
-        sk_X509_pop_free(a->extra_certs, X509_free);
-#if 0                           /* This should never be done, since it
-                                 * removes a global database */
-    if (a->comp_methods != NULL)
-        sk_SSL_COMP_pop_free(a->comp_methods, SSL_COMP_free);
-#else
-    a->comp_methods = NULL;
-#endif
-
-#ifndef OPENSSL_NO_SRTP
-    if (a->srtp_profiles)
-        sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
-#endif
-
-#ifndef OPENSSL_NO_PSK
-    if (a->psk_identity_hint)
-        OPENSSL_free(a->psk_identity_hint);
-#endif
-#ifndef OPENSSL_NO_SRP
-    SSL_CTX_SRP_CTX_free(a);
-#endif
-#ifndef OPENSSL_NO_ENGINE
-    if (a->client_cert_engine)
-        ENGINE_finish(a->client_cert_engine);
-#endif
-
-#ifndef OPENSSL_NO_BUF_FREELISTS
-    if (a->wbuf_freelist)
-        ssl_buf_freelist_free(a->wbuf_freelist);
-    if (a->rbuf_freelist)
-        ssl_buf_freelist_free(a->rbuf_freelist);
-#endif
-
-    OPENSSL_free(a);
-}
-
-void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
-{
-    ctx->default_passwd_callback = cb;
-}
-
-void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
-{
-    ctx->default_passwd_callback_userdata = u;
-}
-
-void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
-                                      int (*cb) (X509_STORE_CTX *, void *),
-                                      void *arg)
-{
-    ctx->app_verify_callback = cb;
-    ctx->app_verify_arg = arg;
-}
-
-void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
-                        int (*cb) (int, X509_STORE_CTX *))
-{
-    ctx->verify_mode = mode;
-    ctx->default_verify_callback = cb;
-}
-
-void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
-{
-    X509_VERIFY_PARAM_set_depth(ctx->param, depth);
-}
-
-void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
-{
-    CERT_PKEY *cpk;
-    int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign;
-    int rsa_enc_export, dh_rsa_export, dh_dsa_export;
-    int rsa_tmp_export, dh_tmp_export, kl;
-    unsigned long mask_k, mask_a, emask_k, emask_a;
-#ifndef OPENSSL_NO_ECDSA
-    int have_ecc_cert, ecdsa_ok, ecc_pkey_size;
-#endif
-#ifndef OPENSSL_NO_ECDH
-    int have_ecdh_tmp, ecdh_ok;
-#endif
-#ifndef OPENSSL_NO_EC
-    X509 *x = NULL;
-    EVP_PKEY *ecc_pkey = NULL;
-    int signature_nid = 0, pk_nid = 0, md_nid = 0;
-#endif
-    if (c == NULL)
-        return;
-
-    kl = SSL_C_EXPORT_PKEYLENGTH(cipher);
-
-#ifndef OPENSSL_NO_RSA
-    rsa_tmp = (c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
-    rsa_tmp_export = (c->rsa_tmp_cb != NULL ||
-                      (rsa_tmp && RSA_size(c->rsa_tmp) * 8 <= kl));
-#else
-    rsa_tmp = rsa_tmp_export = 0;
-#endif
-#ifndef OPENSSL_NO_DH
-    dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
-    dh_tmp_export = (c->dh_tmp_cb != NULL ||
-                     (dh_tmp && DH_size(c->dh_tmp) * 8 <= kl));
-#else
-    dh_tmp = dh_tmp_export = 0;
-#endif
-
-#ifndef OPENSSL_NO_ECDH
-    have_ecdh_tmp = (c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL);
-#endif
-    cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]);
-    rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL);
-    rsa_enc_export = (rsa_enc && EVP_PKEY_size(cpk->privatekey) * 8 <= kl);
-    cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]);
-    rsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL);
-    cpk = &(c->pkeys[SSL_PKEY_DSA_SIGN]);
-    dsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL);
-    cpk = &(c->pkeys[SSL_PKEY_DH_RSA]);
-    dh_rsa = (cpk->x509 != NULL && cpk->privatekey != NULL);
-    dh_rsa_export = (dh_rsa && EVP_PKEY_size(cpk->privatekey) * 8 <= kl);
-    cpk = &(c->pkeys[SSL_PKEY_DH_DSA]);
-/* FIX THIS EAY EAY EAY */
-    dh_dsa = (cpk->x509 != NULL && cpk->privatekey != NULL);
-    dh_dsa_export = (dh_dsa && EVP_PKEY_size(cpk->privatekey) * 8 <= kl);
-    cpk = &(c->pkeys[SSL_PKEY_ECC]);
-#ifndef OPENSSL_NO_EC
-    have_ecc_cert = (cpk->x509 != NULL && cpk->privatekey != NULL);
-#endif
-    mask_k = 0;
-    mask_a = 0;
-    emask_k = 0;
-    emask_a = 0;
-
-#ifdef CIPHER_DEBUG
-    fprintf(stderr,
-            "rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
-            rsa_tmp, rsa_tmp_export, dh_tmp, have_ecdh_tmp, rsa_enc,
-            rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa);
-#endif
-
-    cpk = &(c->pkeys[SSL_PKEY_GOST01]);
-    if (cpk->x509 != NULL && cpk->privatekey != NULL) {
-        mask_k |= SSL_kGOST;
-        mask_a |= SSL_aGOST01;
-    }
-    cpk = &(c->pkeys[SSL_PKEY_GOST94]);
-    if (cpk->x509 != NULL && cpk->privatekey != NULL) {
-        mask_k |= SSL_kGOST;
-        mask_a |= SSL_aGOST94;
-    }
-
-    if (rsa_enc || (rsa_tmp && rsa_sign))
-        mask_k |= SSL_kRSA;
-    if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc)))
-        emask_k |= SSL_kRSA;
-
-#if 0
-    /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
-    if ((dh_tmp || dh_rsa || dh_dsa) && (rsa_enc || rsa_sign || dsa_sign))
-        mask_k |= SSL_kEDH;
-    if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
-        (rsa_enc || rsa_sign || dsa_sign))
-        emask_k |= SSL_kEDH;
-#endif
-
-    if (dh_tmp_export)
-        emask_k |= SSL_kEDH;
-
-    if (dh_tmp)
-        mask_k |= SSL_kEDH;
-
-    if (dh_rsa)
-        mask_k |= SSL_kDHr;
-    if (dh_rsa_export)
-        emask_k |= SSL_kDHr;
-
-    if (dh_dsa)
-        mask_k |= SSL_kDHd;
-    if (dh_dsa_export)
-        emask_k |= SSL_kDHd;
-
-    if (rsa_enc || rsa_sign) {
-        mask_a |= SSL_aRSA;
-        emask_a |= SSL_aRSA;
-    }
-
-    if (dsa_sign) {
-        mask_a |= SSL_aDSS;
-        emask_a |= SSL_aDSS;
-    }
-
-    mask_a |= SSL_aNULL;
-    emask_a |= SSL_aNULL;
-
-#ifndef OPENSSL_NO_KRB5
-    mask_k |= SSL_kKRB5;
-    mask_a |= SSL_aKRB5;
-    emask_k |= SSL_kKRB5;
-    emask_a |= SSL_aKRB5;
-#endif
-
-    /*
-     * An ECC certificate may be usable for ECDH and/or ECDSA cipher suites
-     * depending on the key usage extension.
-     */
-#ifndef OPENSSL_NO_EC
-    if (have_ecc_cert) {
-        /* This call populates extension flags (ex_flags) */
-        x = (c->pkeys[SSL_PKEY_ECC]).x509;
-        X509_check_purpose(x, -1, 0);
-        ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
-            (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1;
-        ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
-            (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
-        ecc_pkey = X509_get_pubkey(x);
-        ecc_pkey_size = (ecc_pkey != NULL) ? EVP_PKEY_bits(ecc_pkey) : 0;
-        EVP_PKEY_free(ecc_pkey);
-        if ((x->sig_alg) && (x->sig_alg->algorithm)) {
-            signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
-            OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
-        }
-#ifndef OPENSSL_NO_ECDH
-        if (ecdh_ok) {
-
-            if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) {
-                mask_k |= SSL_kECDHr;
-                mask_a |= SSL_aECDH;
-                if (ecc_pkey_size <= 163) {
-                    emask_k |= SSL_kECDHr;
-                    emask_a |= SSL_aECDH;
-                }
-            }
-
-            if (pk_nid == NID_X9_62_id_ecPublicKey) {
-                mask_k |= SSL_kECDHe;
-                mask_a |= SSL_aECDH;
-                if (ecc_pkey_size <= 163) {
-                    emask_k |= SSL_kECDHe;
-                    emask_a |= SSL_aECDH;
-                }
-            }
-        }
-#endif
-#ifndef OPENSSL_NO_ECDSA
-        if (ecdsa_ok) {
-            mask_a |= SSL_aECDSA;
-            emask_a |= SSL_aECDSA;
-        }
-#endif
-    }
-#endif
-#ifndef OPENSSL_NO_ECDH
-    if (have_ecdh_tmp) {
-        mask_k |= SSL_kEECDH;
-        emask_k |= SSL_kEECDH;
-    }
-#endif
-
-#ifndef OPENSSL_NO_PSK
-    mask_k |= SSL_kPSK;
-    mask_a |= SSL_aPSK;
-    emask_k |= SSL_kPSK;
-    emask_a |= SSL_aPSK;
-#endif
-
-    c->mask_k = mask_k;
-    c->mask_a = mask_a;
-    c->export_mask_k = emask_k;
-    c->export_mask_a = emask_a;
-    c->valid = 1;
-}
-
-/* This handy macro borrowed from crypto/x509v3/v3_purp.c */
-#define ku_reject(x, usage) \
-        (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
-
-#ifndef OPENSSL_NO_EC
-
-int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
-{
-    unsigned long alg_k, alg_a;
-    EVP_PKEY *pkey = NULL;
-    int keysize = 0;
-    int signature_nid = 0, md_nid = 0, pk_nid = 0;
-    const SSL_CIPHER *cs = s->s3->tmp.new_cipher;
-
-    alg_k = cs->algorithm_mkey;
-    alg_a = cs->algorithm_auth;
-
-    if (SSL_C_IS_EXPORT(cs)) {
-        /* ECDH key length in export ciphers must be <= 163 bits */
-        pkey = X509_get_pubkey(x);
-        if (pkey == NULL)
-            return 0;
-        keysize = EVP_PKEY_bits(pkey);
-        EVP_PKEY_free(pkey);
-        if (keysize > 163)
-            return 0;
-    }
-
-    /* This call populates the ex_flags field correctly */
-    X509_check_purpose(x, -1, 0);
-    if ((x->sig_alg) && (x->sig_alg->algorithm)) {
-        signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
-        OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
-    }
-    if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) {
-        /* key usage, if present, must allow key agreement */
-        if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) {
-            SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
-                   SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
-            return 0;
-        }
-        if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION) {
-            /* signature alg must be ECDSA */
-            if (pk_nid != NID_X9_62_id_ecPublicKey) {
-                SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
-                       SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
-                return 0;
-            }
-        }
-        if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION) {
-            /* signature alg must be RSA */
-
-            if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) {
-                SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
-                       SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
-                return 0;
-            }
-        }
-    }
-    if (alg_a & SSL_aECDSA) {
-        /* key usage, if present, must allow signing */
-        if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) {
-            SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
-                   SSL_R_ECC_CERT_NOT_FOR_SIGNING);
-            return 0;
-        }
-    }
-
-    return 1;                   /* all checks are ok */
-}
-
-#endif
-
-/* THIS NEEDS CLEANING UP */
-CERT_PKEY *ssl_get_server_send_pkey(const SSL *s)
-{
-    unsigned long alg_k, alg_a;
-    CERT *c;
-    int i;
-
-    c = s->cert;
-    ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
-
-    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-    alg_a = s->s3->tmp.new_cipher->algorithm_auth;
-
-    if (alg_k & (SSL_kECDHr | SSL_kECDHe)) {
-        /*
-         * we don't need to look at SSL_kEECDH since no certificate is needed
-         * for anon ECDH and for authenticated EECDH, the check for the auth
-         * algorithm will set i correctly NOTE: For ECDH-RSA, we need an ECC
-         * not an RSA cert but for EECDH-RSA we need an RSA cert. Placing the
-         * checks for SSL_kECDH before RSA checks ensures the correct cert is
-         * chosen.
-         */
-        i = SSL_PKEY_ECC;
-    } else if (alg_a & SSL_aECDSA) {
-        i = SSL_PKEY_ECC;
-    } else if (alg_k & SSL_kDHr)
-        i = SSL_PKEY_DH_RSA;
-    else if (alg_k & SSL_kDHd)
-        i = SSL_PKEY_DH_DSA;
-    else if (alg_a & SSL_aDSS)
-        i = SSL_PKEY_DSA_SIGN;
-    else if (alg_a & SSL_aRSA) {
-        if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
-            i = SSL_PKEY_RSA_SIGN;
-        else
-            i = SSL_PKEY_RSA_ENC;
-    } else if (alg_a & SSL_aKRB5) {
-        /* VRS something else here? */
-        return (NULL);
-    } else if (alg_a & SSL_aGOST94)
-        i = SSL_PKEY_GOST94;
-    else if (alg_a & SSL_aGOST01)
-        i = SSL_PKEY_GOST01;
-    else {                      /* if (alg_a & SSL_aNULL) */
-
-        SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY, ERR_R_INTERNAL_ERROR);
-        return (NULL);
-    }
-
-    return c->pkeys + i;
-}
-
-X509 *ssl_get_server_send_cert(const SSL *s)
-{
-    CERT_PKEY *cpk;
-    cpk = ssl_get_server_send_pkey(s);
-    if (!cpk)
-        return NULL;
-    return cpk->x509;
-}
-
-EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher,
-                            const EVP_MD **pmd)
-{
-    unsigned long alg_a;
-    CERT *c;
-    int idx = -1;
-
-    alg_a = cipher->algorithm_auth;
-    c = s->cert;
-
-    if ((alg_a & SSL_aDSS) &&
-        (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
-        idx = SSL_PKEY_DSA_SIGN;
-    else if (alg_a & SSL_aRSA) {
-        if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
-            idx = SSL_PKEY_RSA_SIGN;
-        else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
-            idx = SSL_PKEY_RSA_ENC;
-    } else if ((alg_a & SSL_aECDSA) &&
-               (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
-        idx = SSL_PKEY_ECC;
-    if (idx == -1) {
-        SSLerr(SSL_F_SSL_GET_SIGN_PKEY, ERR_R_INTERNAL_ERROR);
-        return (NULL);
-    }
-    if (pmd)
-        *pmd = c->pkeys[idx].digest;
-    return c->pkeys[idx].privatekey;
-}
-
-void ssl_update_cache(SSL *s, int mode)
-{
-    int i;
-
-    /*
-     * If the session_id_length is 0, we are not supposed to cache it, and it
-     * would be rather hard to do anyway :-)
-     */
-    if (s->session->session_id_length == 0)
-        return;
-
-    i = s->session_ctx->session_cache_mode;
-    if ((i & mode) && (!s->hit)
-        && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
-            || SSL_CTX_add_session(s->session_ctx, s->session))
-        && (s->session_ctx->new_session_cb != NULL)) {
-        CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION);
-        if (!s->session_ctx->new_session_cb(s, s->session))
-            SSL_SESSION_free(s->session);
-    }
-
-    /* auto flush every 255 connections */
-    if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) {
-        if ((((mode & SSL_SESS_CACHE_CLIENT)
-              ? s->session_ctx->stats.sess_connect_good
-              : s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) {
-            SSL_CTX_flush_sessions(s->session_ctx, (unsigned long)time(NULL));
-        }
-    }
-}
-
-const SSL_METHOD *SSL_get_ssl_method(SSL *s)
-{
-    return (s->method);
-}
-
-int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
-{
-    int conn = -1;
-    int ret = 1;
-
-    if (s->method != meth) {
-        if (s->handshake_func != NULL)
-            conn = (s->handshake_func == s->method->ssl_connect);
-
-        if (s->method->version == meth->version)
-            s->method = meth;
-        else {
-            s->method->ssl_free(s);
-            s->method = meth;
-            ret = s->method->ssl_new(s);
-        }
-
-        if (conn == 1)
-            s->handshake_func = meth->ssl_connect;
-        else if (conn == 0)
-            s->handshake_func = meth->ssl_accept;
-    }
-    return (ret);
-}
-
-int SSL_get_error(const SSL *s, int i)
-{
-    int reason;
-    unsigned long l;
-    BIO *bio;
-
-    if (i > 0)
-        return (SSL_ERROR_NONE);
-
-    /*
-     * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc,
-     * where we do encode the error
-     */
-    if ((l = ERR_peek_error()) != 0) {
-        if (ERR_GET_LIB(l) == ERR_LIB_SYS)
-            return (SSL_ERROR_SYSCALL);
-        else
-            return (SSL_ERROR_SSL);
-    }
-
-    if ((i < 0) && SSL_want_read(s)) {
-        bio = SSL_get_rbio(s);
-        if (BIO_should_read(bio))
-            return (SSL_ERROR_WANT_READ);
-        else if (BIO_should_write(bio))
-            /*
-             * This one doesn't make too much sense ... We never try to write
-             * to the rbio, and an application program where rbio and wbio
-             * are separate couldn't even know what it should wait for.
-             * However if we ever set s->rwstate incorrectly (so that we have
-             * SSL_want_read(s) instead of SSL_want_write(s)) and rbio and
-             * wbio *are* the same, this test works around that bug; so it
-             * might be safer to keep it.
-             */
-            return (SSL_ERROR_WANT_WRITE);
-        else if (BIO_should_io_special(bio)) {
-            reason = BIO_get_retry_reason(bio);
-            if (reason == BIO_RR_CONNECT)
-                return (SSL_ERROR_WANT_CONNECT);
-            else if (reason == BIO_RR_ACCEPT)
-                return (SSL_ERROR_WANT_ACCEPT);
-            else
-                return (SSL_ERROR_SYSCALL); /* unknown */
-        }
-    }
-
-    if ((i < 0) && SSL_want_write(s)) {
-        bio = SSL_get_wbio(s);
-        if (BIO_should_write(bio))
-            return (SSL_ERROR_WANT_WRITE);
-        else if (BIO_should_read(bio))
-            /*
-             * See above (SSL_want_read(s) with BIO_should_write(bio))
-             */
-            return (SSL_ERROR_WANT_READ);
-        else if (BIO_should_io_special(bio)) {
-            reason = BIO_get_retry_reason(bio);
-            if (reason == BIO_RR_CONNECT)
-                return (SSL_ERROR_WANT_CONNECT);
-            else if (reason == BIO_RR_ACCEPT)
-                return (SSL_ERROR_WANT_ACCEPT);
-            else
-                return (SSL_ERROR_SYSCALL);
-        }
-    }
-    if ((i < 0) && SSL_want_x509_lookup(s)) {
-        return (SSL_ERROR_WANT_X509_LOOKUP);
-    }
-
-    if (i == 0) {
-        if (s->version == SSL2_VERSION) {
-            /* assume it is the socket being closed */
-            return (SSL_ERROR_ZERO_RETURN);
-        } else {
-            if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
-                (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
-                return (SSL_ERROR_ZERO_RETURN);
-        }
-    }
-    return (SSL_ERROR_SYSCALL);
-}
-
-int SSL_do_handshake(SSL *s)
-{
-    int ret = 1;
-
-    if (s->handshake_func == NULL) {
-        SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET);
-        return (-1);
-    }
-
-    s->method->ssl_renegotiate_check(s);
-
-    if (SSL_in_init(s) || SSL_in_before(s)) {
-        ret = s->handshake_func(s);
-    }
-    return (ret);
-}
-
-/*
- * For the next 2 functions, SSL_clear() sets shutdown and so one of these
- * calls will reset it
- */
-void SSL_set_accept_state(SSL *s)
-{
-    s->server = 1;
-    s->shutdown = 0;
-    s->state = SSL_ST_ACCEPT | SSL_ST_BEFORE;
-    s->handshake_func = s->method->ssl_accept;
-    /* clear the current cipher */
-    ssl_clear_cipher_ctx(s);
-    ssl_clear_hash_ctx(&s->read_hash);
-    ssl_clear_hash_ctx(&s->write_hash);
-}
-
-void SSL_set_connect_state(SSL *s)
-{
-    s->server = 0;
-    s->shutdown = 0;
-    s->state = SSL_ST_CONNECT | SSL_ST_BEFORE;
-    s->handshake_func = s->method->ssl_connect;
-    /* clear the current cipher */
-    ssl_clear_cipher_ctx(s);
-    ssl_clear_hash_ctx(&s->read_hash);
-    ssl_clear_hash_ctx(&s->write_hash);
-}
-
-int ssl_undefined_function(SSL *s)
-{
-    SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-    return (0);
-}
-
-int ssl_undefined_void_function(void)
-{
-    SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,
-           ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-    return (0);
-}
-
-int ssl_undefined_const_function(const SSL *s)
-{
-    SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,
-           ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-    return (0);
-}
-
-SSL_METHOD *ssl_bad_method(int ver)
-{
-    SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-    return (NULL);
-}
-
-const char *SSL_get_version(const SSL *s)
-{
-    if (s->version == TLS1_2_VERSION)
-        return ("TLSv1.2");
-    else if (s->version == TLS1_1_VERSION)
-        return ("TLSv1.1");
-    else if (s->version == TLS1_VERSION)
-        return ("TLSv1");
-    else if (s->version == SSL3_VERSION)
-        return ("SSLv3");
-    else if (s->version == SSL2_VERSION)
-        return ("SSLv2");
-    else
-        return ("unknown");
-}
-
-SSL *SSL_dup(SSL *s)
-{
-    STACK_OF(X509_NAME) *sk;
-    X509_NAME *xn;
-    SSL *ret;
-    int i;
-
-    if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
-        return (NULL);
-
-    ret->version = s->version;
-    ret->type = s->type;
-    ret->method = s->method;
-
-    if (s->session != NULL) {
-        /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
-        SSL_copy_session_id(ret, s);
-    } else {
-        /*
-         * No session has been established yet, so we have to expect that
-         * s->cert or ret->cert will be changed later -- they should not both
-         * point to the same object, and thus we can't use
-         * SSL_copy_session_id.
-         */
-
-        ret->method->ssl_free(ret);
-        ret->method = s->method;
-        ret->method->ssl_new(ret);
-
-        if (s->cert != NULL) {
-            if (ret->cert != NULL) {
-                ssl_cert_free(ret->cert);
-            }
-            ret->cert = ssl_cert_dup(s->cert);
-            if (ret->cert == NULL)
-                goto err;
-        }
-
-        SSL_set_session_id_context(ret, s->sid_ctx, s->sid_ctx_length);
-    }
-
-    ret->options = s->options;
-    ret->mode = s->mode;
-    SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
-    SSL_set_read_ahead(ret, SSL_get_read_ahead(s));
-    ret->msg_callback = s->msg_callback;
-    ret->msg_callback_arg = s->msg_callback_arg;
-    SSL_set_verify(ret, SSL_get_verify_mode(s), SSL_get_verify_callback(s));
-    SSL_set_verify_depth(ret, SSL_get_verify_depth(s));
-    ret->generate_session_id = s->generate_session_id;
-
-    SSL_set_info_callback(ret, SSL_get_info_callback(s));
-
-    ret->debug = s->debug;
-
-    /* copy app data, a little dangerous perhaps */
-    if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
-        goto err;
-
-    /* setup rbio, and wbio */
-    if (s->rbio != NULL) {
-        if (!BIO_dup_state(s->rbio, (char *)&ret->rbio))
-            goto err;
-    }
-    if (s->wbio != NULL) {
-        if (s->wbio != s->rbio) {
-            if (!BIO_dup_state(s->wbio, (char *)&ret->wbio))
-                goto err;
-        } else
-            ret->wbio = ret->rbio;
-    }
-    ret->rwstate = s->rwstate;
-    ret->in_handshake = s->in_handshake;
-    ret->handshake_func = s->handshake_func;
-    ret->server = s->server;
-    ret->renegotiate = s->renegotiate;
-    ret->new_session = s->new_session;
-    ret->quiet_shutdown = s->quiet_shutdown;
-    ret->shutdown = s->shutdown;
-    ret->state = s->state;      /* SSL_dup does not really work at any state,
-                                 * though */
-    ret->rstate = s->rstate;
-    ret->init_num = 0;          /* would have to copy ret->init_buf,
-                                 * ret->init_msg, ret->init_num,
-                                 * ret->init_off */
-    ret->hit = s->hit;
-
-    X509_VERIFY_PARAM_inherit(ret->param, s->param);
-
-    /* dup the cipher_list and cipher_list_by_id stacks */
-    if (s->cipher_list != NULL) {
-        if ((ret->cipher_list = sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
-            goto err;
-    }
-    if (s->cipher_list_by_id != NULL)
-        if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id))
-            == NULL)
-            goto err;
-
-    /* Dup the client_CA list */
-    if (s->client_CA != NULL) {
-        if ((sk = sk_X509_NAME_dup(s->client_CA)) == NULL)
-            goto err;
-        ret->client_CA = sk;
-        for (i = 0; i < sk_X509_NAME_num(sk); i++) {
-            xn = sk_X509_NAME_value(sk, i);
-            if (sk_X509_NAME_set(sk, i, X509_NAME_dup(xn)) == NULL) {
-                X509_NAME_free(xn);
-                goto err;
-            }
-        }
-    }
-
-    if (0) {
- err:
-        if (ret != NULL)
-            SSL_free(ret);
-        ret = NULL;
-    }
-    return (ret);
-}
-
-void ssl_clear_cipher_ctx(SSL *s)
-{
-    if (s->enc_read_ctx != NULL) {
-        EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
-        OPENSSL_free(s->enc_read_ctx);
-        s->enc_read_ctx = NULL;
-    }
-    if (s->enc_write_ctx != NULL) {
-        EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
-        OPENSSL_free(s->enc_write_ctx);
-        s->enc_write_ctx = NULL;
-    }
-#ifndef OPENSSL_NO_COMP
-    if (s->expand != NULL) {
-        COMP_CTX_free(s->expand);
-        s->expand = NULL;
-    }
-    if (s->compress != NULL) {
-        COMP_CTX_free(s->compress);
-        s->compress = NULL;
-    }
-#endif
-}
-
-/* Fix this function so that it takes an optional type parameter */
-X509 *SSL_get_certificate(const SSL *s)
-{
-    if (s->cert != NULL)
-        return (s->cert->key->x509);
-    else
-        return (NULL);
-}
-
-/* Fix this function so that it takes an optional type parameter */
-EVP_PKEY *SSL_get_privatekey(SSL *s)
-{
-    if (s->cert != NULL)
-        return (s->cert->key->privatekey);
-    else
-        return (NULL);
-}
-
-const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
-{
-    if ((s->session != NULL) && (s->session->cipher != NULL))
-        return (s->session->cipher);
-    return (NULL);
-}
-
-#ifdef OPENSSL_NO_COMP
-const void *SSL_get_current_compression(SSL *s)
-{
-    return NULL;
-}
-
-const void *SSL_get_current_expansion(SSL *s)
-{
-    return NULL;
-}
-#else
-
-const COMP_METHOD *SSL_get_current_compression(SSL *s)
-{
-    if (s->compress != NULL)
-        return (s->compress->meth);
-    return (NULL);
-}
-
-const COMP_METHOD *SSL_get_current_expansion(SSL *s)
-{
-    if (s->expand != NULL)
-        return (s->expand->meth);
-    return (NULL);
-}
-#endif
-
-int ssl_init_wbio_buffer(SSL *s, int push)
-{
-    BIO *bbio;
-
-    if (s->bbio == NULL) {
-        bbio = BIO_new(BIO_f_buffer());
-        if (bbio == NULL)
-            return (0);
-        s->bbio = bbio;
-    } else {
-        bbio = s->bbio;
-        if (s->bbio == s->wbio)
-            s->wbio = BIO_pop(s->wbio);
-    }
-    (void)BIO_reset(bbio);
-/*      if (!BIO_set_write_buffer_size(bbio,16*1024)) */
-    if (!BIO_set_read_buffer_size(bbio, 1)) {
-        SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB);
-        return (0);
-    }
-    if (push) {
-        if (s->wbio != bbio)
-            s->wbio = BIO_push(bbio, s->wbio);
-    } else {
-        if (s->wbio == bbio)
-            s->wbio = BIO_pop(bbio);
-    }
-    return (1);
-}
-
-void ssl_free_wbio_buffer(SSL *s)
-{
-    if (s->bbio == NULL)
-        return;
-
-    if (s->bbio == s->wbio) {
-        /* remove buffering */
-        s->wbio = BIO_pop(s->wbio);
-#ifdef REF_CHECK                /* not the usual REF_CHECK, but this avoids
-                                 * adding one more preprocessor symbol */
-        assert(s->wbio != NULL);
-#endif
-    }
-    BIO_free(s->bbio);
-    s->bbio = NULL;
-}
-
-void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
-{
-    ctx->quiet_shutdown = mode;
-}
-
-int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
-{
-    return (ctx->quiet_shutdown);
-}
-
-void SSL_set_quiet_shutdown(SSL *s, int mode)
-{
-    s->quiet_shutdown = mode;
-}
-
-int SSL_get_quiet_shutdown(const SSL *s)
-{
-    return (s->quiet_shutdown);
-}
-
-void SSL_set_shutdown(SSL *s, int mode)
-{
-    s->shutdown = mode;
-}
-
-int SSL_get_shutdown(const SSL *s)
-{
-    return (s->shutdown);
-}
-
-int SSL_version(const SSL *s)
-{
-    return (s->version);
-}
-
-SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
-{
-    return (ssl->ctx);
-}
-
-SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
-{
-    CERT *ocert = ssl->cert;
-    if (ssl->ctx == ctx)
-        return ssl->ctx;
-#ifndef OPENSSL_NO_TLSEXT
-    if (ctx == NULL)
-        ctx = ssl->initial_ctx;
-#endif
-    ssl->cert = ssl_cert_dup(ctx->cert);
-    if (ocert != NULL) {
-        int i;
-        /* Copy negotiated digests from original */
-        for (i = 0; i < SSL_PKEY_NUM; i++) {
-            CERT_PKEY *cpk = ocert->pkeys + i;
-            CERT_PKEY *rpk = ssl->cert->pkeys + i;
-            rpk->digest = cpk->digest;
-        }
-        ssl_cert_free(ocert);
-    }
-
-    /*
-     * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH),
-     * so setter APIs must prevent invalid lengths from entering the system.
-     */
-    OPENSSL_assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx));
-
-    /*
-     * If the session ID context matches that of the parent SSL_CTX,
-     * inherit it from the new SSL_CTX as well. If however the context does
-     * not match (i.e., it was set per-ssl with SSL_set_session_id_context),
-     * leave it unchanged.
-     */
-    if ((ssl->ctx != NULL) &&
-        (ssl->sid_ctx_length == ssl->ctx->sid_ctx_length) &&
-        (memcmp(ssl->sid_ctx, ssl->ctx->sid_ctx, ssl->sid_ctx_length) == 0)) {
-        ssl->sid_ctx_length = ctx->sid_ctx_length;
-        memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx));
-    }
-
-    CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
-    if (ssl->ctx != NULL)
-        SSL_CTX_free(ssl->ctx); /* decrement reference count */
-    ssl->ctx = ctx;
-
-    return (ssl->ctx);
-}
-
-#ifndef OPENSSL_NO_STDIO
-int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
-{
-    return (X509_STORE_set_default_paths(ctx->cert_store));
-}
-
-int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
-                                  const char *CApath)
-{
-    return (X509_STORE_load_locations(ctx->cert_store, CAfile, CApath));
-}
-#endif
-
-void SSL_set_info_callback(SSL *ssl,
-                           void (*cb) (const SSL *ssl, int type, int val))
-{
-    ssl->info_callback = cb;
-}
-
-/*
- * One compiler (Diab DCC) doesn't like argument names in returned function
- * pointer.
- */
-void (*SSL_get_info_callback(const SSL *ssl)) (const SSL * /* ssl */ ,
-                                               int /* type */ ,
-                                               int /* val */ ) {
-    return ssl->info_callback;
-}
-
-int SSL_state(const SSL *ssl)
-{
-    return (ssl->state);
-}
-
-void SSL_set_state(SSL *ssl, int state)
-{
-    ssl->state = state;
-}
-
-void SSL_set_verify_result(SSL *ssl, long arg)
-{
-    ssl->verify_result = arg;
-}
-
-long SSL_get_verify_result(const SSL *ssl)
-{
-    return (ssl->verify_result);
-}
-
-int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-                         CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-{
-    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
-                                   new_func, dup_func, free_func);
-}
-
-int SSL_set_ex_data(SSL *s, int idx, void *arg)
-{
-    return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
-}
-
-void *SSL_get_ex_data(const SSL *s, int idx)
-{
-    return (CRYPTO_get_ex_data(&s->ex_data, idx));
-}
-
-int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-                             CRYPTO_EX_dup *dup_func,
-                             CRYPTO_EX_free *free_func)
-{
-    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
-                                   new_func, dup_func, free_func);
-}
-
-int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
-{
-    return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
-}
-
-void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)
-{
-    return (CRYPTO_get_ex_data(&s->ex_data, idx));
-}
-
-int ssl_ok(SSL *s)
-{
-    return (1);
-}
-
-X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)
-{
-    return (ctx->cert_store);
-}
-
-void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
-{
-    if (ctx->cert_store != NULL)
-        X509_STORE_free(ctx->cert_store);
-    ctx->cert_store = store;
-}
-
-int SSL_want(const SSL *s)
-{
-    return (s->rwstate);
-}
-
-/**
- * \brief Set the callback for generating temporary RSA keys.
- * \param ctx the SSL context.
- * \param cb the callback
- */
-
-#ifndef OPENSSL_NO_RSA
-void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb) (SSL *ssl,
-                                                            int is_export,
-                                                            int keylength))
-{
-    SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB, (void (*)(void))cb);
-}
-
-void SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb) (SSL *ssl,
-                                                    int is_export,
-                                                    int keylength))
-{
-    SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB, (void (*)(void))cb);
-}
-#endif
-
-#ifdef DOXYGEN
-/**
- * \brief The RSA temporary key callback function.
- * \param ssl the SSL session.
- * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite.
- * \param keylength if \c is_export is \c TRUE, then \c keylength is the size
- * of the required key in bits.
- * \return the temporary RSA key.
- * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback
- */
-
-RSA *cb(SSL *ssl, int is_export, int keylength)
-{
-}
-#endif
-
-/**
- * \brief Set the callback for generating temporary DH keys.
- * \param ctx the SSL context.
- * \param dh the callback
- */
-
-#ifndef OPENSSL_NO_DH
-void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
-                                 DH *(*dh) (SSL *ssl, int is_export,
-                                            int keylength))
-{
-    SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
-}
-
-void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export,
-                                                  int keylength))
-{
-    SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
-}
-#endif
-
-#ifndef OPENSSL_NO_ECDH
-void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
-                                   EC_KEY *(*ecdh) (SSL *ssl, int is_export,
-                                                    int keylength))
-{
-    SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB,
-                          (void (*)(void))ecdh);
-}
-
-void SSL_set_tmp_ecdh_callback(SSL *ssl,
-                               EC_KEY *(*ecdh) (SSL *ssl, int is_export,
-                                                int keylength))
-{
-    SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB, (void (*)(void))ecdh);
-}
-#endif
-
-#ifndef OPENSSL_NO_PSK
-int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
-{
-    if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
-        SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT,
-               SSL_R_DATA_LENGTH_TOO_LONG);
-        return 0;
-    }
-    if (ctx->psk_identity_hint != NULL)
-        OPENSSL_free(ctx->psk_identity_hint);
-    if (identity_hint != NULL) {
-        ctx->psk_identity_hint = BUF_strdup(identity_hint);
-        if (ctx->psk_identity_hint == NULL)
-            return 0;
-    } else
-        ctx->psk_identity_hint = NULL;
-    return 1;
-}
-
-int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
-{
-    if (s == NULL)
-        return 0;
-
-    if (s->session == NULL)
-        return 1;               /* session not created yet, ignored */
-
-    if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
-        SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
-        return 0;
-    }
-    if (s->session->psk_identity_hint != NULL)
-        OPENSSL_free(s->session->psk_identity_hint);
-    if (identity_hint != NULL) {
-        s->session->psk_identity_hint = BUF_strdup(identity_hint);
-        if (s->session->psk_identity_hint == NULL)
-            return 0;
-    } else
-        s->session->psk_identity_hint = NULL;
-    return 1;
-}
-
-const char *SSL_get_psk_identity_hint(const SSL *s)
-{
-    if (s == NULL || s->session == NULL)
-        return NULL;
-    return (s->session->psk_identity_hint);
-}
-
-const char *SSL_get_psk_identity(const SSL *s)
-{
-    if (s == NULL || s->session == NULL)
-        return NULL;
-    return (s->session->psk_identity);
-}
-
-void SSL_set_psk_client_callback(SSL *s,
-                                 unsigned int (*cb) (SSL *ssl,
-                                                     const char *hint,
-                                                     char *identity,
-                                                     unsigned int
-                                                     max_identity_len,
-                                                     unsigned char *psk,
-                                                     unsigned int
-                                                     max_psk_len))
-{
-    s->psk_client_callback = cb;
-}
-
-void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
-                                     unsigned int (*cb) (SSL *ssl,
-                                                         const char *hint,
-                                                         char *identity,
-                                                         unsigned int
-                                                         max_identity_len,
-                                                         unsigned char *psk,
-                                                         unsigned int
-                                                         max_psk_len))
-{
-    ctx->psk_client_callback = cb;
-}
-
-void SSL_set_psk_server_callback(SSL *s,
-                                 unsigned int (*cb) (SSL *ssl,
-                                                     const char *identity,
-                                                     unsigned char *psk,
-                                                     unsigned int
-                                                     max_psk_len))
-{
-    s->psk_server_callback = cb;
-}
-
-void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
-                                     unsigned int (*cb) (SSL *ssl,
-                                                         const char *identity,
-                                                         unsigned char *psk,
-                                                         unsigned int
-                                                         max_psk_len))
-{
-    ctx->psk_server_callback = cb;
-}
-#endif
-
-void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
-                              void (*cb) (int write_p, int version,
-                                          int content_type, const void *buf,
-                                          size_t len, SSL *ssl, void *arg))
-{
-    SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
-}
-
-void SSL_set_msg_callback(SSL *ssl,
-                          void (*cb) (int write_p, int version,
-                                      int content_type, const void *buf,
-                                      size_t len, SSL *ssl, void *arg))
-{
-    SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
-}
-
-/*
- * Allocates new EVP_MD_CTX and sets pointer to it into given pointer
- * vairable, freeing EVP_MD_CTX previously stored in that variable, if any.
- * If EVP_MD pointer is passed, initializes ctx with this md Returns newly
- * allocated ctx;
- */
-
-EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)
-{
-    ssl_clear_hash_ctx(hash);
-    *hash = EVP_MD_CTX_create();
-    if (*hash == NULL || (md && EVP_DigestInit_ex(*hash, md, NULL) <= 0)) {
-        EVP_MD_CTX_destroy(*hash);
-        *hash = NULL;
-        return NULL;
-    }
-    return *hash;
-}
-
-void ssl_clear_hash_ctx(EVP_MD_CTX **hash)
-{
-
-    if (*hash)
-        EVP_MD_CTX_destroy(*hash);
-    *hash = NULL;
-}
-
-void SSL_set_debug(SSL *s, int debug)
-{
-    s->debug = debug;
-}
-
-int SSL_cache_hit(SSL *s)
-{
-    return s->hit;
-}
-
-#if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16)
-# include "../crypto/bio/bss_file.c"
-#endif
-
-IMPLEMENT_STACK_OF(SSL_CIPHER)
-IMPLEMENT_STACK_OF(SSL_COMP)
-IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);

Copied: vendor-crypto/openssl/1.0.1u/ssl/ssl_lib.c (from rev 11605, vendor-crypto/openssl/dist/ssl/ssl_lib.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/ssl/ssl_lib.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/ssl/ssl_lib.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,3325 @@
+/*
+ * ! \file ssl/ssl_lib.c \brief Version independent SSL functions.
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
+
+#ifdef REF_CHECK
+# include <assert.h>
+#endif
+#include <stdio.h>
+#include "ssl_locl.h"
+#include "kssl_lcl.h"
+#include <openssl/objects.h>
+#include <openssl/lhash.h>
+#include <openssl/x509v3.h>
+#include <openssl/rand.h>
+#include <openssl/ocsp.h>
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+
+const char *SSL_version_str = OPENSSL_VERSION_TEXT;
+
+SSL3_ENC_METHOD ssl3_undef_enc_method = {
+    /*
+     * evil casts, but these functions are only called if there's a library
+     * bug
+     */
+    (int (*)(SSL *, int))ssl_undefined_function,
+    (int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
+    ssl_undefined_function,
+    (int (*)(SSL *, unsigned char *, unsigned char *, int))
+        ssl_undefined_function,
+    (int (*)(SSL *, int))ssl_undefined_function,
+    (int (*)(SSL *, const char *, int, unsigned char *))
+        ssl_undefined_function,
+    0,                          /* finish_mac_length */
+    (int (*)(SSL *, int, unsigned char *))ssl_undefined_function,
+    NULL,                       /* client_finished_label */
+    0,                          /* client_finished_label_len */
+    NULL,                       /* server_finished_label */
+    0,                          /* server_finished_label_len */
+    (int (*)(int))ssl_undefined_function,
+    (int (*)(SSL *, unsigned char *, size_t, const char *,
+             size_t, const unsigned char *, size_t,
+             int use_context))ssl_undefined_function,
+};
+
+int SSL_clear(SSL *s)
+{
+
+    if (s->method == NULL) {
+        SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED);
+        return (0);
+    }
+
+    if (ssl_clear_bad_session(s)) {
+        SSL_SESSION_free(s->session);
+        s->session = NULL;
+    }
+
+    s->error = 0;
+    s->hit = 0;
+    s->shutdown = 0;
+
+#if 0
+    /*
+     * Disabled since version 1.10 of this file (early return not
+     * needed because SSL_clear is not called when doing renegotiation)
+     */
+    /*
+     * This is set if we are doing dynamic renegotiation so keep
+     * the old cipher.  It is sort of a SSL_clear_lite :-)
+     */
+    if (s->renegotiate)
+        return (1);
+#else
+    if (s->renegotiate) {
+        SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+#endif
+
+    s->type = 0;
+
+    s->state = SSL_ST_BEFORE | ((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);
+
+    s->version = s->method->version;
+    s->client_version = s->version;
+    s->rwstate = SSL_NOTHING;
+    s->rstate = SSL_ST_READ_HEADER;
+#if 0
+    s->read_ahead = s->ctx->read_ahead;
+#endif
+
+    if (s->init_buf != NULL) {
+        BUF_MEM_free(s->init_buf);
+        s->init_buf = NULL;
+    }
+
+    ssl_clear_cipher_ctx(s);
+    ssl_clear_hash_ctx(&s->read_hash);
+    ssl_clear_hash_ctx(&s->write_hash);
+
+    s->first_packet = 0;
+
+#if 1
+    /*
+     * Check to see if we were changed into a different method, if so, revert
+     * back if we are not doing session-id reuse.
+     */
+    if (!s->in_handshake && (s->session == NULL)
+        && (s->method != s->ctx->method)) {
+        s->method->ssl_free(s);
+        s->method = s->ctx->method;
+        if (!s->method->ssl_new(s))
+            return (0);
+    } else
+#endif
+        s->method->ssl_clear(s);
+    return (1);
+}
+
+/** Used to change an SSL_CTXs default SSL method type */
+int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
+{
+    STACK_OF(SSL_CIPHER) *sk;
+
+    ctx->method = meth;
+
+    sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list),
+                                &(ctx->cipher_list_by_id),
+                                meth->version ==
+                                SSL2_VERSION ? "SSLv2" :
+                                SSL_DEFAULT_CIPHER_LIST);
+    if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
+        SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,
+               SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
+        return (0);
+    }
+    return (1);
+}
+
+SSL *SSL_new(SSL_CTX *ctx)
+{
+    SSL *s;
+
+    if (ctx == NULL) {
+        SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX);
+        return (NULL);
+    }
+    if (ctx->method == NULL) {
+        SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
+        return (NULL);
+    }
+
+    s = (SSL *)OPENSSL_malloc(sizeof(SSL));
+    if (s == NULL)
+        goto err;
+    memset(s, 0, sizeof(SSL));
+
+#ifndef OPENSSL_NO_KRB5
+    s->kssl_ctx = kssl_ctx_new();
+#endif                          /* OPENSSL_NO_KRB5 */
+
+    s->options = ctx->options;
+    s->mode = ctx->mode;
+    s->max_cert_list = ctx->max_cert_list;
+    s->references = 1;
+
+    if (ctx->cert != NULL) {
+        /*
+         * Earlier library versions used to copy the pointer to the CERT, not
+         * its contents; only when setting new parameters for the per-SSL
+         * copy, ssl_cert_new would be called (and the direct reference to
+         * the per-SSL_CTX settings would be lost, but those still were
+         * indirectly accessed for various purposes, and for that reason they
+         * used to be known as s->ctx->default_cert). Now we don't look at the
+         * SSL_CTX's CERT after having duplicated it once.
+         */
+
+        s->cert = ssl_cert_dup(ctx->cert);
+        if (s->cert == NULL)
+            goto err;
+    } else
+        s->cert = NULL;         /* Cannot really happen (see SSL_CTX_new) */
+
+    s->read_ahead = ctx->read_ahead;
+    s->msg_callback = ctx->msg_callback;
+    s->msg_callback_arg = ctx->msg_callback_arg;
+    s->verify_mode = ctx->verify_mode;
+#if 0
+    s->verify_depth = ctx->verify_depth;
+#endif
+    s->sid_ctx_length = ctx->sid_ctx_length;
+    OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
+    memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
+    s->verify_callback = ctx->default_verify_callback;
+    s->generate_session_id = ctx->generate_session_id;
+
+    s->param = X509_VERIFY_PARAM_new();
+    if (!s->param)
+        goto err;
+    X509_VERIFY_PARAM_inherit(s->param, ctx->param);
+#if 0
+    s->purpose = ctx->purpose;
+    s->trust = ctx->trust;
+#endif
+    s->quiet_shutdown = ctx->quiet_shutdown;
+    s->max_send_fragment = ctx->max_send_fragment;
+
+    CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
+    s->ctx = ctx;
+#ifndef OPENSSL_NO_TLSEXT
+    s->tlsext_debug_cb = 0;
+    s->tlsext_debug_arg = NULL;
+    s->tlsext_ticket_expected = 0;
+    s->tlsext_status_type = -1;
+    s->tlsext_status_expected = 0;
+    s->tlsext_ocsp_ids = NULL;
+    s->tlsext_ocsp_exts = NULL;
+    s->tlsext_ocsp_resp = NULL;
+    s->tlsext_ocsp_resplen = -1;
+    CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
+    s->initial_ctx = ctx;
+# ifndef OPENSSL_NO_NEXTPROTONEG
+    s->next_proto_negotiated = NULL;
+# endif
+#endif
+
+    s->verify_result = X509_V_OK;
+
+    s->method = ctx->method;
+
+    if (!s->method->ssl_new(s))
+        goto err;
+
+    s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
+
+    SSL_clear(s);
+
+    CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
+
+#ifndef OPENSSL_NO_PSK
+    s->psk_client_callback = ctx->psk_client_callback;
+    s->psk_server_callback = ctx->psk_server_callback;
+#endif
+
+    return (s);
+ err:
+    if (s != NULL)
+        SSL_free(s);
+    SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
+    return (NULL);
+}
+
+int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
+                                   unsigned int sid_ctx_len)
+{
+    if (sid_ctx_len > sizeof ctx->sid_ctx) {
+        SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,
+               SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
+        return 0;
+    }
+    ctx->sid_ctx_length = sid_ctx_len;
+    memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
+
+    return 1;
+}
+
+int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
+                               unsigned int sid_ctx_len)
+{
+    if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
+        SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,
+               SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
+        return 0;
+    }
+    ssl->sid_ctx_length = sid_ctx_len;
+    memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len);
+
+    return 1;
+}
+
+int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
+{
+    CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+    ctx->generate_session_id = cb;
+    CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+    return 1;
+}
+
+int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
+{
+    CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+    ssl->generate_session_id = cb;
+    CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+    return 1;
+}
+
+int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
+                                unsigned int id_len)
+{
+    /*
+     * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
+     * we can "construct" a session to give us the desired check - ie. to
+     * find if there's a session in the hash table that would conflict with
+     * any new session built out of this id/id_len and the ssl_version in use
+     * by this SSL.
+     */
+    SSL_SESSION r, *p;
+
+    if (id_len > sizeof r.session_id)
+        return 0;
+
+    r.ssl_version = ssl->version;
+    r.session_id_length = id_len;
+    memcpy(r.session_id, id, id_len);
+    /*
+     * NB: SSLv2 always uses a fixed 16-byte session ID, so even if a
+     * callback is calling us to check the uniqueness of a shorter ID, it
+     * must be compared as a padded-out ID because that is what it will be
+     * converted to when the callback has finished choosing it.
+     */
+    if ((r.ssl_version == SSL2_VERSION) &&
+        (id_len < SSL2_SSL_SESSION_ID_LENGTH)) {
+        memset(r.session_id + id_len, 0, SSL2_SSL_SESSION_ID_LENGTH - id_len);
+        r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
+    }
+
+    CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
+    p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
+    CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
+    return (p != NULL);
+}
+
+int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
+{
+    return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
+}
+
+int SSL_set_purpose(SSL *s, int purpose)
+{
+    return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
+}
+
+int SSL_CTX_set_trust(SSL_CTX *s, int trust)
+{
+    return X509_VERIFY_PARAM_set_trust(s->param, trust);
+}
+
+int SSL_set_trust(SSL *s, int trust)
+{
+    return X509_VERIFY_PARAM_set_trust(s->param, trust);
+}
+
+int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
+{
+    return X509_VERIFY_PARAM_set1(ctx->param, vpm);
+}
+
+int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
+{
+    return X509_VERIFY_PARAM_set1(ssl->param, vpm);
+}
+
+void SSL_free(SSL *s)
+{
+    int i;
+
+    if (s == NULL)
+        return;
+
+    i = CRYPTO_add(&s->references, -1, CRYPTO_LOCK_SSL);
+#ifdef REF_PRINT
+    REF_PRINT("SSL", s);
+#endif
+    if (i > 0)
+        return;
+#ifdef REF_CHECK
+    if (i < 0) {
+        fprintf(stderr, "SSL_free, bad reference count\n");
+        abort();                /* ok */
+    }
+#endif
+
+    if (s->param)
+        X509_VERIFY_PARAM_free(s->param);
+
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
+
+    if (s->bbio != NULL) {
+        /* If the buffering BIO is in place, pop it off */
+        if (s->bbio == s->wbio) {
+            s->wbio = BIO_pop(s->wbio);
+        }
+        BIO_free(s->bbio);
+        s->bbio = NULL;
+    }
+    if (s->rbio != NULL)
+        BIO_free_all(s->rbio);
+    if ((s->wbio != NULL) && (s->wbio != s->rbio))
+        BIO_free_all(s->wbio);
+
+    if (s->init_buf != NULL)
+        BUF_MEM_free(s->init_buf);
+
+    /* add extra stuff */
+    if (s->cipher_list != NULL)
+        sk_SSL_CIPHER_free(s->cipher_list);
+    if (s->cipher_list_by_id != NULL)
+        sk_SSL_CIPHER_free(s->cipher_list_by_id);
+
+    /* Make the next call work :-) */
+    if (s->session != NULL) {
+        ssl_clear_bad_session(s);
+        SSL_SESSION_free(s->session);
+    }
+
+    ssl_clear_cipher_ctx(s);
+    ssl_clear_hash_ctx(&s->read_hash);
+    ssl_clear_hash_ctx(&s->write_hash);
+
+    if (s->cert != NULL)
+        ssl_cert_free(s->cert);
+    /* Free up if allocated */
+
+#ifndef OPENSSL_NO_TLSEXT
+    if (s->tlsext_hostname)
+        OPENSSL_free(s->tlsext_hostname);
+    if (s->initial_ctx)
+        SSL_CTX_free(s->initial_ctx);
+# ifndef OPENSSL_NO_EC
+    if (s->tlsext_ecpointformatlist)
+        OPENSSL_free(s->tlsext_ecpointformatlist);
+    if (s->tlsext_ellipticcurvelist)
+        OPENSSL_free(s->tlsext_ellipticcurvelist);
+# endif                         /* OPENSSL_NO_EC */
+    if (s->tlsext_opaque_prf_input)
+        OPENSSL_free(s->tlsext_opaque_prf_input);
+    if (s->tlsext_ocsp_exts)
+        sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free);
+    if (s->tlsext_ocsp_ids)
+        sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
+    if (s->tlsext_ocsp_resp)
+        OPENSSL_free(s->tlsext_ocsp_resp);
+#endif
+
+    if (s->client_CA != NULL)
+        sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free);
+
+    if (s->method != NULL)
+        s->method->ssl_free(s);
+
+    if (s->ctx)
+        SSL_CTX_free(s->ctx);
+
+#ifndef OPENSSL_NO_KRB5
+    if (s->kssl_ctx != NULL)
+        kssl_ctx_free(s->kssl_ctx);
+#endif                          /* OPENSSL_NO_KRB5 */
+
+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
+    if (s->next_proto_negotiated)
+        OPENSSL_free(s->next_proto_negotiated);
+#endif
+
+#ifndef OPENSSL_NO_SRTP
+    if (s->srtp_profiles)
+        sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
+#endif
+
+    OPENSSL_free(s);
+}
+
+void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
+{
+    /*
+     * If the output buffering BIO is still in place, remove it
+     */
+    if (s->bbio != NULL) {
+        if (s->wbio == s->bbio) {
+            s->wbio = s->wbio->next_bio;
+            s->bbio->next_bio = NULL;
+        }
+    }
+    if ((s->rbio != NULL) && (s->rbio != rbio))
+        BIO_free_all(s->rbio);
+    if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio))
+        BIO_free_all(s->wbio);
+    s->rbio = rbio;
+    s->wbio = wbio;
+}
+
+BIO *SSL_get_rbio(const SSL *s)
+{
+    return (s->rbio);
+}
+
+BIO *SSL_get_wbio(const SSL *s)
+{
+    return (s->wbio);
+}
+
+int SSL_get_fd(const SSL *s)
+{
+    return (SSL_get_rfd(s));
+}
+
+int SSL_get_rfd(const SSL *s)
+{
+    int ret = -1;
+    BIO *b, *r;
+
+    b = SSL_get_rbio(s);
+    r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
+    if (r != NULL)
+        BIO_get_fd(r, &ret);
+    return (ret);
+}
+
+int SSL_get_wfd(const SSL *s)
+{
+    int ret = -1;
+    BIO *b, *r;
+
+    b = SSL_get_wbio(s);
+    r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
+    if (r != NULL)
+        BIO_get_fd(r, &ret);
+    return (ret);
+}
+
+#ifndef OPENSSL_NO_SOCK
+int SSL_set_fd(SSL *s, int fd)
+{
+    int ret = 0;
+    BIO *bio = NULL;
+
+    bio = BIO_new(BIO_s_socket());
+
+    if (bio == NULL) {
+        SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
+        goto err;
+    }
+    BIO_set_fd(bio, fd, BIO_NOCLOSE);
+    SSL_set_bio(s, bio, bio);
+    ret = 1;
+ err:
+    return (ret);
+}
+
+int SSL_set_wfd(SSL *s, int fd)
+{
+    int ret = 0;
+    BIO *bio = NULL;
+
+    if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
+        || ((int)BIO_get_fd(s->rbio, NULL) != fd)) {
+        bio = BIO_new(BIO_s_socket());
+
+        if (bio == NULL) {
+            SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB);
+            goto err;
+        }
+        BIO_set_fd(bio, fd, BIO_NOCLOSE);
+        SSL_set_bio(s, SSL_get_rbio(s), bio);
+    } else
+        SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s));
+    ret = 1;
+ err:
+    return (ret);
+}
+
+int SSL_set_rfd(SSL *s, int fd)
+{
+    int ret = 0;
+    BIO *bio = NULL;
+
+    if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
+        || ((int)BIO_get_fd(s->wbio, NULL) != fd)) {
+        bio = BIO_new(BIO_s_socket());
+
+        if (bio == NULL) {
+            SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB);
+            goto err;
+        }
+        BIO_set_fd(bio, fd, BIO_NOCLOSE);
+        SSL_set_bio(s, bio, SSL_get_wbio(s));
+    } else
+        SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s));
+    ret = 1;
+ err:
+    return (ret);
+}
+#endif
+
+/* return length of latest Finished message we sent, copy to 'buf' */
+size_t SSL_get_finished(const SSL *s, void *buf, size_t count)
+{
+    size_t ret = 0;
+
+    if (s->s3 != NULL) {
+        ret = s->s3->tmp.finish_md_len;
+        if (count > ret)
+            count = ret;
+        memcpy(buf, s->s3->tmp.finish_md, count);
+    }
+    return ret;
+}
+
+/* return length of latest Finished message we expected, copy to 'buf' */
+size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
+{
+    size_t ret = 0;
+
+    if (s->s3 != NULL) {
+        ret = s->s3->tmp.peer_finish_md_len;
+        if (count > ret)
+            count = ret;
+        memcpy(buf, s->s3->tmp.peer_finish_md, count);
+    }
+    return ret;
+}
+
+int SSL_get_verify_mode(const SSL *s)
+{
+    return (s->verify_mode);
+}
+
+int SSL_get_verify_depth(const SSL *s)
+{
+    return X509_VERIFY_PARAM_get_depth(s->param);
+}
+
+int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *) {
+    return (s->verify_callback);
+}
+
+int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
+{
+    return (ctx->verify_mode);
+}
+
+int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
+{
+    return X509_VERIFY_PARAM_get_depth(ctx->param);
+}
+
+int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, X509_STORE_CTX *) {
+    return (ctx->default_verify_callback);
+}
+
+void SSL_set_verify(SSL *s, int mode,
+                    int (*callback) (int ok, X509_STORE_CTX *ctx))
+{
+    s->verify_mode = mode;
+    if (callback != NULL)
+        s->verify_callback = callback;
+}
+
+void SSL_set_verify_depth(SSL *s, int depth)
+{
+    X509_VERIFY_PARAM_set_depth(s->param, depth);
+}
+
+void SSL_set_read_ahead(SSL *s, int yes)
+{
+    s->read_ahead = yes;
+}
+
+int SSL_get_read_ahead(const SSL *s)
+{
+    return (s->read_ahead);
+}
+
+int SSL_pending(const SSL *s)
+{
+    /*
+     * SSL_pending cannot work properly if read-ahead is enabled
+     * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), and it is
+     * impossible to fix since SSL_pending cannot report errors that may be
+     * observed while scanning the new data. (Note that SSL_pending() is
+     * often used as a boolean value, so we'd better not return -1.)
+     */
+    return (s->method->ssl_pending(s));
+}
+
+X509 *SSL_get_peer_certificate(const SSL *s)
+{
+    X509 *r;
+
+    if ((s == NULL) || (s->session == NULL))
+        r = NULL;
+    else
+        r = s->session->peer;
+
+    if (r == NULL)
+        return (r);
+
+    CRYPTO_add(&r->references, 1, CRYPTO_LOCK_X509);
+
+    return (r);
+}
+
+STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
+{
+    STACK_OF(X509) *r;
+
+    if ((s == NULL) || (s->session == NULL)
+        || (s->session->sess_cert == NULL))
+        r = NULL;
+    else
+        r = s->session->sess_cert->cert_chain;
+
+    /*
+     * If we are a client, cert_chain includes the peer's own certificate; if
+     * we are a server, it does not.
+     */
+
+    return (r);
+}
+
+/*
+ * Now in theory, since the calling process own 't' it should be safe to
+ * modify.  We need to be able to read f without being hassled
+ */
+void SSL_copy_session_id(SSL *t, const SSL *f)
+{
+    CERT *tmp;
+
+    /* Do we need to to SSL locking? */
+    SSL_set_session(t, SSL_get_session(f));
+
+    /*
+     * what if we are setup as SSLv2 but want to talk SSLv3 or vice-versa
+     */
+    if (t->method != f->method) {
+        t->method->ssl_free(t); /* cleanup current */
+        t->method = f->method;  /* change method */
+        t->method->ssl_new(t);  /* setup new */
+    }
+
+    tmp = t->cert;
+    if (f->cert != NULL) {
+        CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT);
+        t->cert = f->cert;
+    } else
+        t->cert = NULL;
+    if (tmp != NULL)
+        ssl_cert_free(tmp);
+    SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length);
+}
+
+/* Fix this so it checks all the valid key/cert options */
+int SSL_CTX_check_private_key(const SSL_CTX *ctx)
+{
+    if ((ctx == NULL) ||
+        (ctx->cert == NULL) || (ctx->cert->key->x509 == NULL)) {
+        SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,
+               SSL_R_NO_CERTIFICATE_ASSIGNED);
+        return (0);
+    }
+    if (ctx->cert->key->privatekey == NULL) {
+        SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,
+               SSL_R_NO_PRIVATE_KEY_ASSIGNED);
+        return (0);
+    }
+    return (X509_check_private_key
+            (ctx->cert->key->x509, ctx->cert->key->privatekey));
+}
+
+/* Fix this function so that it takes an optional type parameter */
+int SSL_check_private_key(const SSL *ssl)
+{
+    if (ssl == NULL) {
+        SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
+        return (0);
+    }
+    if (ssl->cert == NULL) {
+        SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
+        return 0;
+    }
+    if (ssl->cert->key->x509 == NULL) {
+        SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
+        return (0);
+    }
+    if (ssl->cert->key->privatekey == NULL) {
+        SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
+        return (0);
+    }
+    return (X509_check_private_key(ssl->cert->key->x509,
+                                   ssl->cert->key->privatekey));
+}
+
+int SSL_accept(SSL *s)
+{
+    if (s->handshake_func == 0)
+        /* Not properly initialized yet */
+        SSL_set_accept_state(s);
+
+    return (s->method->ssl_accept(s));
+}
+
+int SSL_connect(SSL *s)
+{
+    if (s->handshake_func == 0)
+        /* Not properly initialized yet */
+        SSL_set_connect_state(s);
+
+    return (s->method->ssl_connect(s));
+}
+
+long SSL_get_default_timeout(const SSL *s)
+{
+    return (s->method->get_timeout());
+}
+
+int SSL_read(SSL *s, void *buf, int num)
+{
+    if (s->handshake_func == 0) {
+        SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
+        return -1;
+    }
+
+    if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
+        s->rwstate = SSL_NOTHING;
+        return (0);
+    }
+    return (s->method->ssl_read(s, buf, num));
+}
+
+int SSL_peek(SSL *s, void *buf, int num)
+{
+    if (s->handshake_func == 0) {
+        SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED);
+        return -1;
+    }
+
+    if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
+        return (0);
+    }
+    return (s->method->ssl_peek(s, buf, num));
+}
+
+int SSL_write(SSL *s, const void *buf, int num)
+{
+    if (s->handshake_func == 0) {
+        SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED);
+        return -1;
+    }
+
+    if (s->shutdown & SSL_SENT_SHUTDOWN) {
+        s->rwstate = SSL_NOTHING;
+        SSLerr(SSL_F_SSL_WRITE, SSL_R_PROTOCOL_IS_SHUTDOWN);
+        return (-1);
+    }
+    return (s->method->ssl_write(s, buf, num));
+}
+
+int SSL_shutdown(SSL *s)
+{
+    /*
+     * Note that this function behaves differently from what one might
+     * expect.  Return values are 0 for no success (yet), 1 for success; but
+     * calling it once is usually not enough, even if blocking I/O is used
+     * (see ssl3_shutdown).
+     */
+
+    if (s->handshake_func == 0) {
+        SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
+        return -1;
+    }
+
+    if ((s != NULL) && !SSL_in_init(s))
+        return (s->method->ssl_shutdown(s));
+    else
+        return (1);
+}
+
+int SSL_renegotiate(SSL *s)
+{
+    if (s->renegotiate == 0)
+        s->renegotiate = 1;
+
+    s->new_session = 1;
+
+    return (s->method->ssl_renegotiate(s));
+}
+
+int SSL_renegotiate_abbreviated(SSL *s)
+{
+    if (s->renegotiate == 0)
+        s->renegotiate = 1;
+
+    s->new_session = 0;
+
+    return (s->method->ssl_renegotiate(s));
+}
+
+int SSL_renegotiate_pending(SSL *s)
+{
+    /*
+     * becomes true when negotiation is requested; false again once a
+     * handshake has finished
+     */
+    return (s->renegotiate != 0);
+}
+
+long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
+{
+    long l;
+
+    switch (cmd) {
+    case SSL_CTRL_GET_READ_AHEAD:
+        return (s->read_ahead);
+    case SSL_CTRL_SET_READ_AHEAD:
+        l = s->read_ahead;
+        s->read_ahead = larg;
+        return (l);
+
+    case SSL_CTRL_SET_MSG_CALLBACK_ARG:
+        s->msg_callback_arg = parg;
+        return 1;
+
+    case SSL_CTRL_OPTIONS:
+        return (s->options |= larg);
+    case SSL_CTRL_CLEAR_OPTIONS:
+        return (s->options &= ~larg);
+    case SSL_CTRL_MODE:
+        return (s->mode |= larg);
+    case SSL_CTRL_CLEAR_MODE:
+        return (s->mode &= ~larg);
+    case SSL_CTRL_GET_MAX_CERT_LIST:
+        return (s->max_cert_list);
+    case SSL_CTRL_SET_MAX_CERT_LIST:
+        l = s->max_cert_list;
+        s->max_cert_list = larg;
+        return (l);
+    case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
+        if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
+            return 0;
+        s->max_send_fragment = larg;
+        return 1;
+    case SSL_CTRL_GET_RI_SUPPORT:
+        if (s->s3)
+            return s->s3->send_connection_binding;
+        else
+            return 0;
+    default:
+        return (s->method->ssl_ctrl(s, cmd, larg, parg));
+    }
+}
+
+long SSL_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
+{
+    switch (cmd) {
+    case SSL_CTRL_SET_MSG_CALLBACK:
+        s->msg_callback = (void (*)
+                           (int write_p, int version, int content_type,
+                            const void *buf, size_t len, SSL *ssl,
+                            void *arg))(fp);
+        return 1;
+
+    default:
+        return (s->method->ssl_callback_ctrl(s, cmd, fp));
+    }
+}
+
+LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx)
+{
+    return ctx->sessions;
+}
+
+long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
+{
+    long l;
+
+    switch (cmd) {
+    case SSL_CTRL_GET_READ_AHEAD:
+        return (ctx->read_ahead);
+    case SSL_CTRL_SET_READ_AHEAD:
+        l = ctx->read_ahead;
+        ctx->read_ahead = larg;
+        return (l);
+
+    case SSL_CTRL_SET_MSG_CALLBACK_ARG:
+        ctx->msg_callback_arg = parg;
+        return 1;
+
+    case SSL_CTRL_GET_MAX_CERT_LIST:
+        return (ctx->max_cert_list);
+    case SSL_CTRL_SET_MAX_CERT_LIST:
+        l = ctx->max_cert_list;
+        ctx->max_cert_list = larg;
+        return (l);
+
+    case SSL_CTRL_SET_SESS_CACHE_SIZE:
+        l = ctx->session_cache_size;
+        ctx->session_cache_size = larg;
+        return (l);
+    case SSL_CTRL_GET_SESS_CACHE_SIZE:
+        return (ctx->session_cache_size);
+    case SSL_CTRL_SET_SESS_CACHE_MODE:
+        l = ctx->session_cache_mode;
+        ctx->session_cache_mode = larg;
+        return (l);
+    case SSL_CTRL_GET_SESS_CACHE_MODE:
+        return (ctx->session_cache_mode);
+
+    case SSL_CTRL_SESS_NUMBER:
+        return (lh_SSL_SESSION_num_items(ctx->sessions));
+    case SSL_CTRL_SESS_CONNECT:
+        return (ctx->stats.sess_connect);
+    case SSL_CTRL_SESS_CONNECT_GOOD:
+        return (ctx->stats.sess_connect_good);
+    case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
+        return (ctx->stats.sess_connect_renegotiate);
+    case SSL_CTRL_SESS_ACCEPT:
+        return (ctx->stats.sess_accept);
+    case SSL_CTRL_SESS_ACCEPT_GOOD:
+        return (ctx->stats.sess_accept_good);
+    case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
+        return (ctx->stats.sess_accept_renegotiate);
+    case SSL_CTRL_SESS_HIT:
+        return (ctx->stats.sess_hit);
+    case SSL_CTRL_SESS_CB_HIT:
+        return (ctx->stats.sess_cb_hit);
+    case SSL_CTRL_SESS_MISSES:
+        return (ctx->stats.sess_miss);
+    case SSL_CTRL_SESS_TIMEOUTS:
+        return (ctx->stats.sess_timeout);
+    case SSL_CTRL_SESS_CACHE_FULL:
+        return (ctx->stats.sess_cache_full);
+    case SSL_CTRL_OPTIONS:
+        return (ctx->options |= larg);
+    case SSL_CTRL_CLEAR_OPTIONS:
+        return (ctx->options &= ~larg);
+    case SSL_CTRL_MODE:
+        return (ctx->mode |= larg);
+    case SSL_CTRL_CLEAR_MODE:
+        return (ctx->mode &= ~larg);
+    case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
+        if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
+            return 0;
+        ctx->max_send_fragment = larg;
+        return 1;
+    default:
+        return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg));
+    }
+}
+
+long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
+{
+    switch (cmd) {
+    case SSL_CTRL_SET_MSG_CALLBACK:
+        ctx->msg_callback = (void (*)
+                             (int write_p, int version, int content_type,
+                              const void *buf, size_t len, SSL *ssl,
+                              void *arg))(fp);
+        return 1;
+
+    default:
+        return (ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp));
+    }
+}
+
+int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
+{
+    long l;
+
+    l = a->id - b->id;
+    if (l == 0L)
+        return (0);
+    else
+        return ((l > 0) ? 1 : -1);
+}
+
+int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
+                          const SSL_CIPHER *const *bp)
+{
+    long l;
+
+    l = (*ap)->id - (*bp)->id;
+    if (l == 0L)
+        return (0);
+    else
+        return ((l > 0) ? 1 : -1);
+}
+
+/** return a STACK of the ciphers available for the SSL and in order of
+ * preference */
+STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
+{
+    if (s != NULL) {
+        if (s->cipher_list != NULL) {
+            return (s->cipher_list);
+        } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) {
+            return (s->ctx->cipher_list);
+        }
+    }
+    return (NULL);
+}
+
+/** return a STACK of the ciphers available for the SSL and in order of
+ * algorithm id */
+STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
+{
+    if (s != NULL) {
+        if (s->cipher_list_by_id != NULL) {
+            return (s->cipher_list_by_id);
+        } else if ((s->ctx != NULL) && (s->ctx->cipher_list_by_id != NULL)) {
+            return (s->ctx->cipher_list_by_id);
+        }
+    }
+    return (NULL);
+}
+
+/** The old interface to get the same thing as SSL_get_ciphers() */
+const char *SSL_get_cipher_list(const SSL *s, int n)
+{
+    SSL_CIPHER *c;
+    STACK_OF(SSL_CIPHER) *sk;
+
+    if (s == NULL)
+        return (NULL);
+    sk = SSL_get_ciphers(s);
+    if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
+        return (NULL);
+    c = sk_SSL_CIPHER_value(sk, n);
+    if (c == NULL)
+        return (NULL);
+    return (c->name);
+}
+
+/** specify the ciphers to be used by default by the SSL_CTX */
+int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
+{
+    STACK_OF(SSL_CIPHER) *sk;
+
+    sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list,
+                                &ctx->cipher_list_by_id, str);
+    /*
+     * ssl_create_cipher_list may return an empty stack if it was unable to
+     * find a cipher matching the given rule string (for example if the rule
+     * string specifies a cipher which has been disabled). This is not an
+     * error as far as ssl_create_cipher_list is concerned, and hence
+     * ctx->cipher_list and ctx->cipher_list_by_id has been updated.
+     */
+    if (sk == NULL)
+        return 0;
+    else if (sk_SSL_CIPHER_num(sk) == 0) {
+        SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
+        return 0;
+    }
+    return 1;
+}
+
+/** specify the ciphers to be used by the SSL */
+int SSL_set_cipher_list(SSL *s, const char *str)
+{
+    STACK_OF(SSL_CIPHER) *sk;
+
+    sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list,
+                                &s->cipher_list_by_id, str);
+    /* see comment in SSL_CTX_set_cipher_list */
+    if (sk == NULL)
+        return 0;
+    else if (sk_SSL_CIPHER_num(sk) == 0) {
+        SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
+        return 0;
+    }
+    return 1;
+}
+
+/* works well for SSLv2, not so good for SSLv3 */
+char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
+{
+    char *p;
+    STACK_OF(SSL_CIPHER) *sk;
+    SSL_CIPHER *c;
+    int i;
+
+    if ((s->session == NULL) || (s->session->ciphers == NULL) || (len < 2))
+        return (NULL);
+
+    p = buf;
+    sk = s->session->ciphers;
+
+    if (sk_SSL_CIPHER_num(sk) == 0)
+        return NULL;
+
+    for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
+        int n;
+
+        c = sk_SSL_CIPHER_value(sk, i);
+        n = strlen(c->name);
+        if (n + 1 > len) {
+            if (p != buf)
+                --p;
+            *p = '\0';
+            return buf;
+        }
+        strcpy(p, c->name);
+        p += n;
+        *(p++) = ':';
+        len -= n + 1;
+    }
+    p[-1] = '\0';
+    return (buf);
+}
+
+int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
+                             unsigned char *p,
+                             int (*put_cb) (const SSL_CIPHER *,
+                                            unsigned char *))
+{
+    int i, j = 0;
+    SSL_CIPHER *c;
+    unsigned char *q;
+#ifndef OPENSSL_NO_KRB5
+    int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx);
+#endif                          /* OPENSSL_NO_KRB5 */
+
+    if (sk == NULL)
+        return (0);
+    q = p;
+    if (put_cb == NULL)
+        put_cb = s->method->put_cipher_by_char;
+
+    for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
+        c = sk_SSL_CIPHER_value(sk, i);
+        /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
+        if ((c->algorithm_ssl & SSL_TLSV1_2) &&
+            (TLS1_get_client_version(s) < TLS1_2_VERSION))
+            continue;
+#ifndef OPENSSL_NO_KRB5
+        if (((c->algorithm_mkey & SSL_kKRB5)
+             || (c->algorithm_auth & SSL_aKRB5)) && nokrb5)
+            continue;
+#endif                          /* OPENSSL_NO_KRB5 */
+#ifndef OPENSSL_NO_PSK
+        /* with PSK there must be client callback set */
+        if (((c->algorithm_mkey & SSL_kPSK) || (c->algorithm_auth & SSL_aPSK))
+            && s->psk_client_callback == NULL)
+            continue;
+#endif                          /* OPENSSL_NO_PSK */
+#ifndef OPENSSL_NO_SRP
+        if (((c->algorithm_mkey & SSL_kSRP) || (c->algorithm_auth & SSL_aSRP))
+            && !(s->srp_ctx.srp_Mask & SSL_kSRP))
+            continue;
+#endif                          /* OPENSSL_NO_SRP */
+        j = put_cb(c, p);
+        p += j;
+    }
+    /*
+     * If p == q, no ciphers; caller indicates an error. Otherwise, add
+     * applicable SCSVs.
+     */
+    if (p != q) {
+        if (!s->renegotiate) {
+            static SSL_CIPHER scsv = {
+                0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
+            };
+            j = put_cb(&scsv, p);
+            p += j;
+#ifdef OPENSSL_RI_DEBUG
+            fprintf(stderr,
+                    "TLS_EMPTY_RENEGOTIATION_INFO_SCSV sent by client\n");
+#endif
+        }
+
+        if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) {
+            static SSL_CIPHER scsv = {
+                0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
+            };
+            j = put_cb(&scsv, p);
+            p += j;
+        }
+    }
+
+    return (p - q);
+}
+
+STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p,
+                                               int num,
+                                               STACK_OF(SSL_CIPHER) **skp)
+{
+    const SSL_CIPHER *c;
+    STACK_OF(SSL_CIPHER) *sk;
+    int i, n;
+
+    if (s->s3)
+        s->s3->send_connection_binding = 0;
+
+    n = ssl_put_cipher_by_char(s, NULL, NULL);
+    if (n == 0 || (num % n) != 0) {
+        SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
+               SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
+        return (NULL);
+    }
+    if ((skp == NULL) || (*skp == NULL)) {
+        sk = sk_SSL_CIPHER_new_null(); /* change perhaps later */
+        if(sk == NULL) {
+            SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    } else {
+        sk = *skp;
+        sk_SSL_CIPHER_zero(sk);
+    }
+
+    for (i = 0; i < num; i += n) {
+        /* Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV */
+        if (s->s3 && (n != 3 || !p[0]) &&
+            (p[n - 2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
+            (p[n - 1] == (SSL3_CK_SCSV & 0xff))) {
+            /* SCSV fatal if renegotiating */
+            if (s->renegotiate) {
+                SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
+                       SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
+                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+                goto err;
+            }
+            s->s3->send_connection_binding = 1;
+            p += n;
+#ifdef OPENSSL_RI_DEBUG
+            fprintf(stderr, "SCSV received by server\n");
+#endif
+            continue;
+        }
+
+        /* Check for TLS_FALLBACK_SCSV */
+        if ((n != 3 || !p[0]) &&
+            (p[n - 2] == ((SSL3_CK_FALLBACK_SCSV >> 8) & 0xff)) &&
+            (p[n - 1] == (SSL3_CK_FALLBACK_SCSV & 0xff))) {
+            /*
+             * The SCSV indicates that the client previously tried a higher
+             * version. Fail if the current version is an unexpected
+             * downgrade.
+             */
+            if (!SSL_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, 0, NULL)) {
+                SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
+                       SSL_R_INAPPROPRIATE_FALLBACK);
+                if (s->s3)
+                    ssl3_send_alert(s, SSL3_AL_FATAL,
+                                    SSL_AD_INAPPROPRIATE_FALLBACK);
+                goto err;
+            }
+            p += n;
+            continue;
+        }
+
+        c = ssl_get_cipher_by_char(s, p);
+        p += n;
+        if (c != NULL) {
+            if (!sk_SSL_CIPHER_push(sk, c)) {
+                SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        }
+    }
+
+    if (skp != NULL)
+        *skp = sk;
+    return (sk);
+ err:
+    if ((skp == NULL) || (*skp == NULL))
+        sk_SSL_CIPHER_free(sk);
+    return (NULL);
+}
+
+#ifndef OPENSSL_NO_TLSEXT
+/** return a servername extension value if provided in Client Hello, or NULL.
+ * So far, only host_name types are defined (RFC 3546).
+ */
+
+const char *SSL_get_servername(const SSL *s, const int type)
+{
+    if (type != TLSEXT_NAMETYPE_host_name)
+        return NULL;
+
+    return s->session && !s->tlsext_hostname ?
+        s->session->tlsext_hostname : s->tlsext_hostname;
+}
+
+int SSL_get_servername_type(const SSL *s)
+{
+    if (s->session
+        && (!s->tlsext_hostname ? s->session->
+            tlsext_hostname : s->tlsext_hostname))
+        return TLSEXT_NAMETYPE_host_name;
+    return -1;
+}
+
+# ifndef OPENSSL_NO_NEXTPROTONEG
+/*
+ * SSL_select_next_proto implements the standard protocol selection. It is
+ * expected that this function is called from the callback set by
+ * SSL_CTX_set_next_proto_select_cb. The protocol data is assumed to be a
+ * vector of 8-bit, length prefixed byte strings. The length byte itself is
+ * not included in the length. A byte string of length 0 is invalid. No byte
+ * string may be truncated. The current, but experimental algorithm for
+ * selecting the protocol is: 1) If the server doesn't support NPN then this
+ * is indicated to the callback. In this case, the client application has to
+ * abort the connection or have a default application level protocol. 2) If
+ * the server supports NPN, but advertises an empty list then the client
+ * selects the first protcol in its list, but indicates via the API that this
+ * fallback case was enacted. 3) Otherwise, the client finds the first
+ * protocol in the server's list that it supports and selects this protocol.
+ * This is because it's assumed that the server has better information about
+ * which protocol a client should use. 4) If the client doesn't support any
+ * of the server's advertised protocols, then this is treated the same as
+ * case 2. It returns either OPENSSL_NPN_NEGOTIATED if a common protocol was
+ * found, or OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
+ */
+int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
+                          const unsigned char *server,
+                          unsigned int server_len,
+                          const unsigned char *client,
+                          unsigned int client_len)
+{
+    unsigned int i, j;
+    const unsigned char *result;
+    int status = OPENSSL_NPN_UNSUPPORTED;
+
+    /*
+     * For each protocol in server preference order, see if we support it.
+     */
+    for (i = 0; i < server_len;) {
+        for (j = 0; j < client_len;) {
+            if (server[i] == client[j] &&
+                memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) {
+                /* We found a match */
+                result = &server[i];
+                status = OPENSSL_NPN_NEGOTIATED;
+                goto found;
+            }
+            j += client[j];
+            j++;
+        }
+        i += server[i];
+        i++;
+    }
+
+    /* There's no overlap between our protocols and the server's list. */
+    result = client;
+    status = OPENSSL_NPN_NO_OVERLAP;
+
+ found:
+    *out = (unsigned char *)result + 1;
+    *outlen = result[0];
+    return status;
+}
+
+/*
+ * SSL_get0_next_proto_negotiated sets *data and *len to point to the
+ * client's requested protocol for this connection and returns 0. If the
+ * client didn't request any protocol, then *data is set to NULL. Note that
+ * the client can request any protocol it chooses. The value returned from
+ * this function need not be a member of the list of supported protocols
+ * provided by the callback.
+ */
+void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
+                                    unsigned *len)
+{
+    *data = s->next_proto_negotiated;
+    if (!*data) {
+        *len = 0;
+    } else {
+        *len = s->next_proto_negotiated_len;
+    }
+}
+
+/*
+ * SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when
+ * a TLS server needs a list of supported protocols for Next Protocol
+ * Negotiation. The returned list must be in wire format.  The list is
+ * returned by setting |out| to point to it and |outlen| to its length. This
+ * memory will not be modified, but one should assume that the SSL* keeps a
+ * reference to it. The callback should return SSL_TLSEXT_ERR_OK if it
+ * wishes to advertise. Otherwise, no such extension will be included in the
+ * ServerHello.
+ */
+void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx,
+                                           int (*cb) (SSL *ssl,
+                                                      const unsigned char
+                                                      **out,
+                                                      unsigned int *outlen,
+                                                      void *arg), void *arg)
+{
+    ctx->next_protos_advertised_cb = cb;
+    ctx->next_protos_advertised_cb_arg = arg;
+}
+
+/*
+ * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
+ * client needs to select a protocol from the server's provided list. |out|
+ * must be set to point to the selected protocol (which may be within |in|).
+ * The length of the protocol name must be written into |outlen|. The
+ * server's advertised protocols are provided in |in| and |inlen|. The
+ * callback can assume that |in| is syntactically valid. The client must
+ * select a protocol. It is fatal to the connection if this callback returns
+ * a value other than SSL_TLSEXT_ERR_OK.
+ */
+void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx,
+                                      int (*cb) (SSL *s, unsigned char **out,
+                                                 unsigned char *outlen,
+                                                 const unsigned char *in,
+                                                 unsigned int inlen,
+                                                 void *arg), void *arg)
+{
+    ctx->next_proto_select_cb = cb;
+    ctx->next_proto_select_cb_arg = arg;
+}
+# endif
+#endif
+
+int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+                               const char *label, size_t llen,
+                               const unsigned char *p, size_t plen,
+                               int use_context)
+{
+    if (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER)
+        return -1;
+
+    return s->method->ssl3_enc->export_keying_material(s, out, olen, label,
+                                                       llen, p, plen,
+                                                       use_context);
+}
+
+static unsigned long ssl_session_hash(const SSL_SESSION *a)
+{
+    unsigned long l;
+
+    l = (unsigned long)
+        ((unsigned int)a->session_id[0]) |
+        ((unsigned int)a->session_id[1] << 8L) |
+        ((unsigned long)a->session_id[2] << 16L) |
+        ((unsigned long)a->session_id[3] << 24L);
+    return (l);
+}
+
+/*
+ * NB: If this function (or indeed the hash function which uses a sort of
+ * coarser function than this one) is changed, ensure
+ * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on
+ * being able to construct an SSL_SESSION that will collide with any existing
+ * session with a matching session ID.
+ */
+static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
+{
+    if (a->ssl_version != b->ssl_version)
+        return (1);
+    if (a->session_id_length != b->session_id_length)
+        return (1);
+    return (memcmp(a->session_id, b->session_id, a->session_id_length));
+}
+
+/*
+ * These wrapper functions should remain rather than redeclaring
+ * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
+ * variable. The reason is that the functions aren't static, they're exposed
+ * via ssl.h.
+ */
+static IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION)
+static IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION)
+
+SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
+{
+    SSL_CTX *ret = NULL;
+
+    if (meth == NULL) {
+        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED);
+        return (NULL);
+    }
+#ifdef OPENSSL_FIPS
+    if (FIPS_mode() && (meth->version < TLS1_VERSION)) {
+        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+        return NULL;
+    }
+#endif
+
+    if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
+        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
+        goto err;
+    }
+    ret = (SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX));
+    if (ret == NULL)
+        goto err;
+
+    memset(ret, 0, sizeof(SSL_CTX));
+
+    ret->method = meth;
+
+    ret->cert_store = NULL;
+    ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
+    ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
+    ret->session_cache_head = NULL;
+    ret->session_cache_tail = NULL;
+
+    /* We take the system default */
+    ret->session_timeout = meth->get_timeout();
+
+    ret->new_session_cb = 0;
+    ret->remove_session_cb = 0;
+    ret->get_session_cb = 0;
+    ret->generate_session_id = 0;
+
+    memset((char *)&ret->stats, 0, sizeof(ret->stats));
+
+    ret->references = 1;
+    ret->quiet_shutdown = 0;
+
+/*  ret->cipher=NULL;*/
+/*-
+    ret->s2->challenge=NULL;
+    ret->master_key=NULL;
+    ret->key_arg=NULL;
+    ret->s2->conn_id=NULL; */
+
+    ret->info_callback = NULL;
+
+    ret->app_verify_callback = 0;
+    ret->app_verify_arg = NULL;
+
+    ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
+    ret->read_ahead = 0;
+    ret->msg_callback = 0;
+    ret->msg_callback_arg = NULL;
+    ret->verify_mode = SSL_VERIFY_NONE;
+#if 0
+    ret->verify_depth = -1;     /* Don't impose a limit (but x509_lu.c does) */
+#endif
+    ret->sid_ctx_length = 0;
+    ret->default_verify_callback = NULL;
+    if ((ret->cert = ssl_cert_new()) == NULL)
+        goto err;
+
+    ret->default_passwd_callback = 0;
+    ret->default_passwd_callback_userdata = NULL;
+    ret->client_cert_cb = 0;
+    ret->app_gen_cookie_cb = 0;
+    ret->app_verify_cookie_cb = 0;
+
+    ret->sessions = lh_SSL_SESSION_new();
+    if (ret->sessions == NULL)
+        goto err;
+    ret->cert_store = X509_STORE_new();
+    if (ret->cert_store == NULL)
+        goto err;
+
+    ssl_create_cipher_list(ret->method,
+                           &ret->cipher_list, &ret->cipher_list_by_id,
+                           meth->version ==
+                           SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
+    if (ret->cipher_list == NULL || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
+        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
+        goto err2;
+    }
+
+    ret->param = X509_VERIFY_PARAM_new();
+    if (!ret->param)
+        goto err;
+
+    if ((ret->rsa_md5 = EVP_get_digestbyname("ssl2-md5")) == NULL) {
+        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);
+        goto err2;
+    }
+    if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
+        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
+        goto err2;
+    }
+    if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) {
+        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
+        goto err2;
+    }
+
+    if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL)
+        goto err;
+
+    CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
+
+    ret->extra_certs = NULL;
+    /* No compression for DTLS */
+    if (meth->version != DTLS1_VERSION)
+        ret->comp_methods = SSL_COMP_get_compression_methods();
+
+    ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
+
+#ifndef OPENSSL_NO_TLSEXT
+    ret->tlsext_servername_callback = 0;
+    ret->tlsext_servername_arg = NULL;
+    /* Setup RFC4507 ticket keys */
+    if ((RAND_bytes(ret->tlsext_tick_key_name, 16) <= 0)
+        || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0)
+        || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0))
+        ret->options |= SSL_OP_NO_TICKET;
+
+    ret->tlsext_status_cb = 0;
+    ret->tlsext_status_arg = NULL;
+
+# ifndef OPENSSL_NO_NEXTPROTONEG
+    ret->next_protos_advertised_cb = 0;
+    ret->next_proto_select_cb = 0;
+# endif
+#endif
+#ifndef OPENSSL_NO_PSK
+    ret->psk_identity_hint = NULL;
+    ret->psk_client_callback = NULL;
+    ret->psk_server_callback = NULL;
+#endif
+#ifndef OPENSSL_NO_SRP
+    SSL_CTX_SRP_CTX_init(ret);
+#endif
+#ifndef OPENSSL_NO_BUF_FREELISTS
+    ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT;
+    ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
+    if (!ret->rbuf_freelist)
+        goto err;
+    ret->rbuf_freelist->chunklen = 0;
+    ret->rbuf_freelist->len = 0;
+    ret->rbuf_freelist->head = NULL;
+    ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
+    if (!ret->wbuf_freelist) {
+        OPENSSL_free(ret->rbuf_freelist);
+        goto err;
+    }
+    ret->wbuf_freelist->chunklen = 0;
+    ret->wbuf_freelist->len = 0;
+    ret->wbuf_freelist->head = NULL;
+#endif
+#ifndef OPENSSL_NO_ENGINE
+    ret->client_cert_engine = NULL;
+# ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
+#  define eng_strx(x)     #x
+#  define eng_str(x)      eng_strx(x)
+    /* Use specific client engine automatically... ignore errors */
+    {
+        ENGINE *eng;
+        eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
+        if (!eng) {
+            ERR_clear_error();
+            ENGINE_load_builtin_engines();
+            eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
+        }
+        if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
+            ERR_clear_error();
+    }
+# endif
+#endif
+    /*
+     * Default is to connect to non-RI servers. When RI is more widely
+     * deployed might change this.
+     */
+    ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
+
+    /*
+     * Disable SSLv2 by default, callers that want to enable SSLv2 will have to
+     * explicitly clear this option via either of SSL_CTX_clear_options() or
+     * SSL_clear_options().
+     */
+    ret->options |= SSL_OP_NO_SSLv2;
+
+    return (ret);
+ err:
+    SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
+ err2:
+    if (ret != NULL)
+        SSL_CTX_free(ret);
+    return (NULL);
+}
+
+#if 0
+static void SSL_COMP_free(SSL_COMP *comp)
+{
+    OPENSSL_free(comp);
+}
+#endif
+
+#ifndef OPENSSL_NO_BUF_FREELISTS
+static void ssl_buf_freelist_free(SSL3_BUF_FREELIST *list)
+{
+    SSL3_BUF_FREELIST_ENTRY *ent, *next;
+    for (ent = list->head; ent; ent = next) {
+        next = ent->next;
+        OPENSSL_free(ent);
+    }
+    OPENSSL_free(list);
+}
+#endif
+
+void SSL_CTX_free(SSL_CTX *a)
+{
+    int i;
+
+    if (a == NULL)
+        return;
+
+    i = CRYPTO_add(&a->references, -1, CRYPTO_LOCK_SSL_CTX);
+#ifdef REF_PRINT
+    REF_PRINT("SSL_CTX", a);
+#endif
+    if (i > 0)
+        return;
+#ifdef REF_CHECK
+    if (i < 0) {
+        fprintf(stderr, "SSL_CTX_free, bad reference count\n");
+        abort();                /* ok */
+    }
+#endif
+
+    if (a->param)
+        X509_VERIFY_PARAM_free(a->param);
+
+    /*
+     * Free internal session cache. However: the remove_cb() may reference
+     * the ex_data of SSL_CTX, thus the ex_data store can only be removed
+     * after the sessions were flushed.
+     * As the ex_data handling routines might also touch the session cache,
+     * the most secure solution seems to be: empty (flush) the cache, then
+     * free ex_data, then finally free the cache.
+     * (See ticket [openssl.org #212].)
+     */
+    if (a->sessions != NULL)
+        SSL_CTX_flush_sessions(a, 0);
+
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
+
+    if (a->sessions != NULL)
+        lh_SSL_SESSION_free(a->sessions);
+
+    if (a->cert_store != NULL)
+        X509_STORE_free(a->cert_store);
+    if (a->cipher_list != NULL)
+        sk_SSL_CIPHER_free(a->cipher_list);
+    if (a->cipher_list_by_id != NULL)
+        sk_SSL_CIPHER_free(a->cipher_list_by_id);
+    if (a->cert != NULL)
+        ssl_cert_free(a->cert);
+    if (a->client_CA != NULL)
+        sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free);
+    if (a->extra_certs != NULL)
+        sk_X509_pop_free(a->extra_certs, X509_free);
+#if 0                           /* This should never be done, since it
+                                 * removes a global database */
+    if (a->comp_methods != NULL)
+        sk_SSL_COMP_pop_free(a->comp_methods, SSL_COMP_free);
+#else
+    a->comp_methods = NULL;
+#endif
+
+#ifndef OPENSSL_NO_SRTP
+    if (a->srtp_profiles)
+        sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
+#endif
+
+#ifndef OPENSSL_NO_PSK
+    if (a->psk_identity_hint)
+        OPENSSL_free(a->psk_identity_hint);
+#endif
+#ifndef OPENSSL_NO_SRP
+    SSL_CTX_SRP_CTX_free(a);
+#endif
+#ifndef OPENSSL_NO_ENGINE
+    if (a->client_cert_engine)
+        ENGINE_finish(a->client_cert_engine);
+#endif
+
+#ifndef OPENSSL_NO_BUF_FREELISTS
+    if (a->wbuf_freelist)
+        ssl_buf_freelist_free(a->wbuf_freelist);
+    if (a->rbuf_freelist)
+        ssl_buf_freelist_free(a->rbuf_freelist);
+#endif
+
+    OPENSSL_free(a);
+}
+
+void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
+{
+    ctx->default_passwd_callback = cb;
+}
+
+void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
+{
+    ctx->default_passwd_callback_userdata = u;
+}
+
+void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
+                                      int (*cb) (X509_STORE_CTX *, void *),
+                                      void *arg)
+{
+    ctx->app_verify_callback = cb;
+    ctx->app_verify_arg = arg;
+}
+
+void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
+                        int (*cb) (int, X509_STORE_CTX *))
+{
+    ctx->verify_mode = mode;
+    ctx->default_verify_callback = cb;
+}
+
+void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
+{
+    X509_VERIFY_PARAM_set_depth(ctx->param, depth);
+}
+
+void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
+{
+    CERT_PKEY *cpk;
+    int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign;
+    int rsa_enc_export, dh_rsa_export, dh_dsa_export;
+    int rsa_tmp_export, dh_tmp_export, kl;
+    unsigned long mask_k, mask_a, emask_k, emask_a;
+#ifndef OPENSSL_NO_ECDSA
+    int have_ecc_cert, ecdsa_ok, ecc_pkey_size;
+#endif
+#ifndef OPENSSL_NO_ECDH
+    int have_ecdh_tmp, ecdh_ok;
+#endif
+#ifndef OPENSSL_NO_EC
+    X509 *x = NULL;
+    EVP_PKEY *ecc_pkey = NULL;
+    int signature_nid = 0, pk_nid = 0, md_nid = 0;
+#endif
+    if (c == NULL)
+        return;
+
+    kl = SSL_C_EXPORT_PKEYLENGTH(cipher);
+
+#ifndef OPENSSL_NO_RSA
+    rsa_tmp = (c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
+    rsa_tmp_export = (c->rsa_tmp_cb != NULL ||
+                      (rsa_tmp && RSA_size(c->rsa_tmp) * 8 <= kl));
+#else
+    rsa_tmp = rsa_tmp_export = 0;
+#endif
+#ifndef OPENSSL_NO_DH
+    dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
+    dh_tmp_export = (c->dh_tmp_cb != NULL ||
+                     (dh_tmp && DH_size(c->dh_tmp) * 8 <= kl));
+#else
+    dh_tmp = dh_tmp_export = 0;
+#endif
+
+#ifndef OPENSSL_NO_ECDH
+    have_ecdh_tmp = (c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL);
+#endif
+    cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]);
+    rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL);
+    rsa_enc_export = (rsa_enc && EVP_PKEY_size(cpk->privatekey) * 8 <= kl);
+    cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]);
+    rsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL);
+    cpk = &(c->pkeys[SSL_PKEY_DSA_SIGN]);
+    dsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL);
+    cpk = &(c->pkeys[SSL_PKEY_DH_RSA]);
+    dh_rsa = (cpk->x509 != NULL && cpk->privatekey != NULL);
+    dh_rsa_export = (dh_rsa && EVP_PKEY_size(cpk->privatekey) * 8 <= kl);
+    cpk = &(c->pkeys[SSL_PKEY_DH_DSA]);
+/* FIX THIS EAY EAY EAY */
+    dh_dsa = (cpk->x509 != NULL && cpk->privatekey != NULL);
+    dh_dsa_export = (dh_dsa && EVP_PKEY_size(cpk->privatekey) * 8 <= kl);
+    cpk = &(c->pkeys[SSL_PKEY_ECC]);
+#ifndef OPENSSL_NO_EC
+    have_ecc_cert = (cpk->x509 != NULL && cpk->privatekey != NULL);
+#endif
+    mask_k = 0;
+    mask_a = 0;
+    emask_k = 0;
+    emask_a = 0;
+
+#ifdef CIPHER_DEBUG
+    fprintf(stderr,
+            "rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
+            rsa_tmp, rsa_tmp_export, dh_tmp, have_ecdh_tmp, rsa_enc,
+            rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa);
+#endif
+
+    cpk = &(c->pkeys[SSL_PKEY_GOST01]);
+    if (cpk->x509 != NULL && cpk->privatekey != NULL) {
+        mask_k |= SSL_kGOST;
+        mask_a |= SSL_aGOST01;
+    }
+    cpk = &(c->pkeys[SSL_PKEY_GOST94]);
+    if (cpk->x509 != NULL && cpk->privatekey != NULL) {
+        mask_k |= SSL_kGOST;
+        mask_a |= SSL_aGOST94;
+    }
+
+    if (rsa_enc || (rsa_tmp && rsa_sign))
+        mask_k |= SSL_kRSA;
+    if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc)))
+        emask_k |= SSL_kRSA;
+
+#if 0
+    /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
+    if ((dh_tmp || dh_rsa || dh_dsa) && (rsa_enc || rsa_sign || dsa_sign))
+        mask_k |= SSL_kEDH;
+    if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
+        (rsa_enc || rsa_sign || dsa_sign))
+        emask_k |= SSL_kEDH;
+#endif
+
+    if (dh_tmp_export)
+        emask_k |= SSL_kEDH;
+
+    if (dh_tmp)
+        mask_k |= SSL_kEDH;
+
+    if (dh_rsa)
+        mask_k |= SSL_kDHr;
+    if (dh_rsa_export)
+        emask_k |= SSL_kDHr;
+
+    if (dh_dsa)
+        mask_k |= SSL_kDHd;
+    if (dh_dsa_export)
+        emask_k |= SSL_kDHd;
+
+    if (rsa_enc || rsa_sign) {
+        mask_a |= SSL_aRSA;
+        emask_a |= SSL_aRSA;
+    }
+
+    if (dsa_sign) {
+        mask_a |= SSL_aDSS;
+        emask_a |= SSL_aDSS;
+    }
+
+    mask_a |= SSL_aNULL;
+    emask_a |= SSL_aNULL;
+
+#ifndef OPENSSL_NO_KRB5
+    mask_k |= SSL_kKRB5;
+    mask_a |= SSL_aKRB5;
+    emask_k |= SSL_kKRB5;
+    emask_a |= SSL_aKRB5;
+#endif
+
+    /*
+     * An ECC certificate may be usable for ECDH and/or ECDSA cipher suites
+     * depending on the key usage extension.
+     */
+#ifndef OPENSSL_NO_EC
+    if (have_ecc_cert) {
+        /* This call populates extension flags (ex_flags) */
+        x = (c->pkeys[SSL_PKEY_ECC]).x509;
+        X509_check_purpose(x, -1, 0);
+        ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
+            (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1;
+        ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
+            (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
+        ecc_pkey = X509_get_pubkey(x);
+        ecc_pkey_size = (ecc_pkey != NULL) ? EVP_PKEY_bits(ecc_pkey) : 0;
+        EVP_PKEY_free(ecc_pkey);
+        if ((x->sig_alg) && (x->sig_alg->algorithm)) {
+            signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
+            OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
+        }
+#ifndef OPENSSL_NO_ECDH
+        if (ecdh_ok) {
+
+            if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) {
+                mask_k |= SSL_kECDHr;
+                mask_a |= SSL_aECDH;
+                if (ecc_pkey_size <= 163) {
+                    emask_k |= SSL_kECDHr;
+                    emask_a |= SSL_aECDH;
+                }
+            }
+
+            if (pk_nid == NID_X9_62_id_ecPublicKey) {
+                mask_k |= SSL_kECDHe;
+                mask_a |= SSL_aECDH;
+                if (ecc_pkey_size <= 163) {
+                    emask_k |= SSL_kECDHe;
+                    emask_a |= SSL_aECDH;
+                }
+            }
+        }
+#endif
+#ifndef OPENSSL_NO_ECDSA
+        if (ecdsa_ok) {
+            mask_a |= SSL_aECDSA;
+            emask_a |= SSL_aECDSA;
+        }
+#endif
+    }
+#endif
+#ifndef OPENSSL_NO_ECDH
+    if (have_ecdh_tmp) {
+        mask_k |= SSL_kEECDH;
+        emask_k |= SSL_kEECDH;
+    }
+#endif
+
+#ifndef OPENSSL_NO_PSK
+    mask_k |= SSL_kPSK;
+    mask_a |= SSL_aPSK;
+    emask_k |= SSL_kPSK;
+    emask_a |= SSL_aPSK;
+#endif
+
+    c->mask_k = mask_k;
+    c->mask_a = mask_a;
+    c->export_mask_k = emask_k;
+    c->export_mask_a = emask_a;
+    c->valid = 1;
+}
+
+/* This handy macro borrowed from crypto/x509v3/v3_purp.c */
+#define ku_reject(x, usage) \
+        (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
+
+#ifndef OPENSSL_NO_EC
+
+int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
+{
+    unsigned long alg_k, alg_a;
+    EVP_PKEY *pkey = NULL;
+    int keysize = 0;
+    int signature_nid = 0, md_nid = 0, pk_nid = 0;
+    const SSL_CIPHER *cs = s->s3->tmp.new_cipher;
+
+    alg_k = cs->algorithm_mkey;
+    alg_a = cs->algorithm_auth;
+
+    if (SSL_C_IS_EXPORT(cs)) {
+        /* ECDH key length in export ciphers must be <= 163 bits */
+        pkey = X509_get_pubkey(x);
+        if (pkey == NULL)
+            return 0;
+        keysize = EVP_PKEY_bits(pkey);
+        EVP_PKEY_free(pkey);
+        if (keysize > 163)
+            return 0;
+    }
+
+    /* This call populates the ex_flags field correctly */
+    X509_check_purpose(x, -1, 0);
+    if ((x->sig_alg) && (x->sig_alg->algorithm)) {
+        signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
+        OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
+    }
+    if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) {
+        /* key usage, if present, must allow key agreement */
+        if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) {
+            SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
+                   SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
+            return 0;
+        }
+        if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION) {
+            /* signature alg must be ECDSA */
+            if (pk_nid != NID_X9_62_id_ecPublicKey) {
+                SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
+                       SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
+                return 0;
+            }
+        }
+        if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION) {
+            /* signature alg must be RSA */
+
+            if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa) {
+                SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
+                       SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
+                return 0;
+            }
+        }
+    }
+    if (alg_a & SSL_aECDSA) {
+        /* key usage, if present, must allow signing */
+        if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) {
+            SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
+                   SSL_R_ECC_CERT_NOT_FOR_SIGNING);
+            return 0;
+        }
+    }
+
+    return 1;                   /* all checks are ok */
+}
+
+#endif
+
+/* THIS NEEDS CLEANING UP */
+CERT_PKEY *ssl_get_server_send_pkey(const SSL *s)
+{
+    unsigned long alg_k, alg_a;
+    CERT *c;
+    int i;
+
+    c = s->cert;
+    ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
+
+    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+    alg_a = s->s3->tmp.new_cipher->algorithm_auth;
+
+    if (alg_k & (SSL_kECDHr | SSL_kECDHe)) {
+        /*
+         * we don't need to look at SSL_kEECDH since no certificate is needed
+         * for anon ECDH and for authenticated EECDH, the check for the auth
+         * algorithm will set i correctly NOTE: For ECDH-RSA, we need an ECC
+         * not an RSA cert but for EECDH-RSA we need an RSA cert. Placing the
+         * checks for SSL_kECDH before RSA checks ensures the correct cert is
+         * chosen.
+         */
+        i = SSL_PKEY_ECC;
+    } else if (alg_a & SSL_aECDSA) {
+        i = SSL_PKEY_ECC;
+    } else if (alg_k & SSL_kDHr)
+        i = SSL_PKEY_DH_RSA;
+    else if (alg_k & SSL_kDHd)
+        i = SSL_PKEY_DH_DSA;
+    else if (alg_a & SSL_aDSS)
+        i = SSL_PKEY_DSA_SIGN;
+    else if (alg_a & SSL_aRSA) {
+        if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
+            i = SSL_PKEY_RSA_SIGN;
+        else
+            i = SSL_PKEY_RSA_ENC;
+    } else if (alg_a & SSL_aKRB5) {
+        /* VRS something else here? */
+        return (NULL);
+    } else if (alg_a & SSL_aGOST94)
+        i = SSL_PKEY_GOST94;
+    else if (alg_a & SSL_aGOST01)
+        i = SSL_PKEY_GOST01;
+    else {                      /* if (alg_a & SSL_aNULL) */
+
+        SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY, ERR_R_INTERNAL_ERROR);
+        return (NULL);
+    }
+
+    return c->pkeys + i;
+}
+
+X509 *ssl_get_server_send_cert(const SSL *s)
+{
+    CERT_PKEY *cpk;
+    cpk = ssl_get_server_send_pkey(s);
+    if (!cpk)
+        return NULL;
+    return cpk->x509;
+}
+
+EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher,
+                            const EVP_MD **pmd)
+{
+    unsigned long alg_a;
+    CERT *c;
+    int idx = -1;
+
+    alg_a = cipher->algorithm_auth;
+    c = s->cert;
+
+    if ((alg_a & SSL_aDSS) &&
+        (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
+        idx = SSL_PKEY_DSA_SIGN;
+    else if (alg_a & SSL_aRSA) {
+        if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
+            idx = SSL_PKEY_RSA_SIGN;
+        else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
+            idx = SSL_PKEY_RSA_ENC;
+    } else if ((alg_a & SSL_aECDSA) &&
+               (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
+        idx = SSL_PKEY_ECC;
+    if (idx == -1) {
+        SSLerr(SSL_F_SSL_GET_SIGN_PKEY, ERR_R_INTERNAL_ERROR);
+        return (NULL);
+    }
+    if (pmd)
+        *pmd = c->pkeys[idx].digest;
+    return c->pkeys[idx].privatekey;
+}
+
+void ssl_update_cache(SSL *s, int mode)
+{
+    int i;
+
+    /*
+     * If the session_id_length is 0, we are not supposed to cache it, and it
+     * would be rather hard to do anyway :-)
+     */
+    if (s->session->session_id_length == 0)
+        return;
+
+    i = s->session_ctx->session_cache_mode;
+    if ((i & mode) && (!s->hit)
+        && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
+            || SSL_CTX_add_session(s->session_ctx, s->session))
+        && (s->session_ctx->new_session_cb != NULL)) {
+        CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION);
+        if (!s->session_ctx->new_session_cb(s, s->session))
+            SSL_SESSION_free(s->session);
+    }
+
+    /* auto flush every 255 connections */
+    if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) {
+        if ((((mode & SSL_SESS_CACHE_CLIENT)
+              ? s->session_ctx->stats.sess_connect_good
+              : s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff) {
+            SSL_CTX_flush_sessions(s->session_ctx, (unsigned long)time(NULL));
+        }
+    }
+}
+
+const SSL_METHOD *SSL_get_ssl_method(SSL *s)
+{
+    return (s->method);
+}
+
+int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
+{
+    int conn = -1;
+    int ret = 1;
+
+    if (s->method != meth) {
+        if (s->handshake_func != NULL)
+            conn = (s->handshake_func == s->method->ssl_connect);
+
+        if (s->method->version == meth->version)
+            s->method = meth;
+        else {
+            s->method->ssl_free(s);
+            s->method = meth;
+            ret = s->method->ssl_new(s);
+        }
+
+        if (conn == 1)
+            s->handshake_func = meth->ssl_connect;
+        else if (conn == 0)
+            s->handshake_func = meth->ssl_accept;
+    }
+    return (ret);
+}
+
+int SSL_get_error(const SSL *s, int i)
+{
+    int reason;
+    unsigned long l;
+    BIO *bio;
+
+    if (i > 0)
+        return (SSL_ERROR_NONE);
+
+    /*
+     * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc,
+     * where we do encode the error
+     */
+    if ((l = ERR_peek_error()) != 0) {
+        if (ERR_GET_LIB(l) == ERR_LIB_SYS)
+            return (SSL_ERROR_SYSCALL);
+        else
+            return (SSL_ERROR_SSL);
+    }
+
+    if ((i < 0) && SSL_want_read(s)) {
+        bio = SSL_get_rbio(s);
+        if (BIO_should_read(bio))
+            return (SSL_ERROR_WANT_READ);
+        else if (BIO_should_write(bio))
+            /*
+             * This one doesn't make too much sense ... We never try to write
+             * to the rbio, and an application program where rbio and wbio
+             * are separate couldn't even know what it should wait for.
+             * However if we ever set s->rwstate incorrectly (so that we have
+             * SSL_want_read(s) instead of SSL_want_write(s)) and rbio and
+             * wbio *are* the same, this test works around that bug; so it
+             * might be safer to keep it.
+             */
+            return (SSL_ERROR_WANT_WRITE);
+        else if (BIO_should_io_special(bio)) {
+            reason = BIO_get_retry_reason(bio);
+            if (reason == BIO_RR_CONNECT)
+                return (SSL_ERROR_WANT_CONNECT);
+            else if (reason == BIO_RR_ACCEPT)
+                return (SSL_ERROR_WANT_ACCEPT);
+            else
+                return (SSL_ERROR_SYSCALL); /* unknown */
+        }
+    }
+
+    if ((i < 0) && SSL_want_write(s)) {
+        bio = SSL_get_wbio(s);
+        if (BIO_should_write(bio))
+            return (SSL_ERROR_WANT_WRITE);
+        else if (BIO_should_read(bio))
+            /*
+             * See above (SSL_want_read(s) with BIO_should_write(bio))
+             */
+            return (SSL_ERROR_WANT_READ);
+        else if (BIO_should_io_special(bio)) {
+            reason = BIO_get_retry_reason(bio);
+            if (reason == BIO_RR_CONNECT)
+                return (SSL_ERROR_WANT_CONNECT);
+            else if (reason == BIO_RR_ACCEPT)
+                return (SSL_ERROR_WANT_ACCEPT);
+            else
+                return (SSL_ERROR_SYSCALL);
+        }
+    }
+    if ((i < 0) && SSL_want_x509_lookup(s)) {
+        return (SSL_ERROR_WANT_X509_LOOKUP);
+    }
+
+    if (i == 0) {
+        if (s->version == SSL2_VERSION) {
+            /* assume it is the socket being closed */
+            return (SSL_ERROR_ZERO_RETURN);
+        } else {
+            if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
+                (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
+                return (SSL_ERROR_ZERO_RETURN);
+        }
+    }
+    return (SSL_ERROR_SYSCALL);
+}
+
+int SSL_do_handshake(SSL *s)
+{
+    int ret = 1;
+
+    if (s->handshake_func == NULL) {
+        SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET);
+        return (-1);
+    }
+
+    s->method->ssl_renegotiate_check(s);
+
+    if (SSL_in_init(s) || SSL_in_before(s)) {
+        ret = s->handshake_func(s);
+    }
+    return (ret);
+}
+
+/*
+ * For the next 2 functions, SSL_clear() sets shutdown and so one of these
+ * calls will reset it
+ */
+void SSL_set_accept_state(SSL *s)
+{
+    s->server = 1;
+    s->shutdown = 0;
+    s->state = SSL_ST_ACCEPT | SSL_ST_BEFORE;
+    s->handshake_func = s->method->ssl_accept;
+    /* clear the current cipher */
+    ssl_clear_cipher_ctx(s);
+    ssl_clear_hash_ctx(&s->read_hash);
+    ssl_clear_hash_ctx(&s->write_hash);
+}
+
+void SSL_set_connect_state(SSL *s)
+{
+    s->server = 0;
+    s->shutdown = 0;
+    s->state = SSL_ST_CONNECT | SSL_ST_BEFORE;
+    s->handshake_func = s->method->ssl_connect;
+    /* clear the current cipher */
+    ssl_clear_cipher_ctx(s);
+    ssl_clear_hash_ctx(&s->read_hash);
+    ssl_clear_hash_ctx(&s->write_hash);
+}
+
+int ssl_undefined_function(SSL *s)
+{
+    SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+    return (0);
+}
+
+int ssl_undefined_void_function(void)
+{
+    SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,
+           ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+    return (0);
+}
+
+int ssl_undefined_const_function(const SSL *s)
+{
+    SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,
+           ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+    return (0);
+}
+
+SSL_METHOD *ssl_bad_method(int ver)
+{
+    SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+    return (NULL);
+}
+
+const char *SSL_get_version(const SSL *s)
+{
+    if (s->version == TLS1_2_VERSION)
+        return ("TLSv1.2");
+    else if (s->version == TLS1_1_VERSION)
+        return ("TLSv1.1");
+    else if (s->version == TLS1_VERSION)
+        return ("TLSv1");
+    else if (s->version == SSL3_VERSION)
+        return ("SSLv3");
+    else if (s->version == SSL2_VERSION)
+        return ("SSLv2");
+    else
+        return ("unknown");
+}
+
+SSL *SSL_dup(SSL *s)
+{
+    STACK_OF(X509_NAME) *sk;
+    X509_NAME *xn;
+    SSL *ret;
+    int i;
+
+    if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
+        return (NULL);
+
+    ret->version = s->version;
+    ret->type = s->type;
+    ret->method = s->method;
+
+    if (s->session != NULL) {
+        /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
+        SSL_copy_session_id(ret, s);
+    } else {
+        /*
+         * No session has been established yet, so we have to expect that
+         * s->cert or ret->cert will be changed later -- they should not both
+         * point to the same object, and thus we can't use
+         * SSL_copy_session_id.
+         */
+
+        ret->method->ssl_free(ret);
+        ret->method = s->method;
+        ret->method->ssl_new(ret);
+
+        if (s->cert != NULL) {
+            if (ret->cert != NULL) {
+                ssl_cert_free(ret->cert);
+            }
+            ret->cert = ssl_cert_dup(s->cert);
+            if (ret->cert == NULL)
+                goto err;
+        }
+
+        SSL_set_session_id_context(ret, s->sid_ctx, s->sid_ctx_length);
+    }
+
+    ret->options = s->options;
+    ret->mode = s->mode;
+    SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
+    SSL_set_read_ahead(ret, SSL_get_read_ahead(s));
+    ret->msg_callback = s->msg_callback;
+    ret->msg_callback_arg = s->msg_callback_arg;
+    SSL_set_verify(ret, SSL_get_verify_mode(s), SSL_get_verify_callback(s));
+    SSL_set_verify_depth(ret, SSL_get_verify_depth(s));
+    ret->generate_session_id = s->generate_session_id;
+
+    SSL_set_info_callback(ret, SSL_get_info_callback(s));
+
+    ret->debug = s->debug;
+
+    /* copy app data, a little dangerous perhaps */
+    if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
+        goto err;
+
+    /* setup rbio, and wbio */
+    if (s->rbio != NULL) {
+        if (!BIO_dup_state(s->rbio, (char *)&ret->rbio))
+            goto err;
+    }
+    if (s->wbio != NULL) {
+        if (s->wbio != s->rbio) {
+            if (!BIO_dup_state(s->wbio, (char *)&ret->wbio))
+                goto err;
+        } else
+            ret->wbio = ret->rbio;
+    }
+    ret->rwstate = s->rwstate;
+    ret->in_handshake = s->in_handshake;
+    ret->handshake_func = s->handshake_func;
+    ret->server = s->server;
+    ret->renegotiate = s->renegotiate;
+    ret->new_session = s->new_session;
+    ret->quiet_shutdown = s->quiet_shutdown;
+    ret->shutdown = s->shutdown;
+    ret->state = s->state;      /* SSL_dup does not really work at any state,
+                                 * though */
+    ret->rstate = s->rstate;
+    ret->init_num = 0;          /* would have to copy ret->init_buf,
+                                 * ret->init_msg, ret->init_num,
+                                 * ret->init_off */
+    ret->hit = s->hit;
+
+    X509_VERIFY_PARAM_inherit(ret->param, s->param);
+
+    /* dup the cipher_list and cipher_list_by_id stacks */
+    if (s->cipher_list != NULL) {
+        if ((ret->cipher_list = sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
+            goto err;
+    }
+    if (s->cipher_list_by_id != NULL)
+        if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id))
+            == NULL)
+            goto err;
+
+    /* Dup the client_CA list */
+    if (s->client_CA != NULL) {
+        if ((sk = sk_X509_NAME_dup(s->client_CA)) == NULL)
+            goto err;
+        ret->client_CA = sk;
+        for (i = 0; i < sk_X509_NAME_num(sk); i++) {
+            xn = sk_X509_NAME_value(sk, i);
+            if (sk_X509_NAME_set(sk, i, X509_NAME_dup(xn)) == NULL) {
+                X509_NAME_free(xn);
+                goto err;
+            }
+        }
+    }
+
+    if (0) {
+ err:
+        if (ret != NULL)
+            SSL_free(ret);
+        ret = NULL;
+    }
+    return (ret);
+}
+
+void ssl_clear_cipher_ctx(SSL *s)
+{
+    if (s->enc_read_ctx != NULL) {
+        EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
+        OPENSSL_free(s->enc_read_ctx);
+        s->enc_read_ctx = NULL;
+    }
+    if (s->enc_write_ctx != NULL) {
+        EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
+        OPENSSL_free(s->enc_write_ctx);
+        s->enc_write_ctx = NULL;
+    }
+#ifndef OPENSSL_NO_COMP
+    if (s->expand != NULL) {
+        COMP_CTX_free(s->expand);
+        s->expand = NULL;
+    }
+    if (s->compress != NULL) {
+        COMP_CTX_free(s->compress);
+        s->compress = NULL;
+    }
+#endif
+}
+
+/* Fix this function so that it takes an optional type parameter */
+X509 *SSL_get_certificate(const SSL *s)
+{
+    if (s->cert != NULL)
+        return (s->cert->key->x509);
+    else
+        return (NULL);
+}
+
+/* Fix this function so that it takes an optional type parameter */
+EVP_PKEY *SSL_get_privatekey(SSL *s)
+{
+    if (s->cert != NULL)
+        return (s->cert->key->privatekey);
+    else
+        return (NULL);
+}
+
+const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
+{
+    if ((s->session != NULL) && (s->session->cipher != NULL))
+        return (s->session->cipher);
+    return (NULL);
+}
+
+#ifdef OPENSSL_NO_COMP
+const void *SSL_get_current_compression(SSL *s)
+{
+    return NULL;
+}
+
+const void *SSL_get_current_expansion(SSL *s)
+{
+    return NULL;
+}
+#else
+
+const COMP_METHOD *SSL_get_current_compression(SSL *s)
+{
+    if (s->compress != NULL)
+        return (s->compress->meth);
+    return (NULL);
+}
+
+const COMP_METHOD *SSL_get_current_expansion(SSL *s)
+{
+    if (s->expand != NULL)
+        return (s->expand->meth);
+    return (NULL);
+}
+#endif
+
+int ssl_init_wbio_buffer(SSL *s, int push)
+{
+    BIO *bbio;
+
+    if (s->bbio == NULL) {
+        bbio = BIO_new(BIO_f_buffer());
+        if (bbio == NULL)
+            return (0);
+        s->bbio = bbio;
+    } else {
+        bbio = s->bbio;
+        if (s->bbio == s->wbio)
+            s->wbio = BIO_pop(s->wbio);
+    }
+    (void)BIO_reset(bbio);
+/*      if (!BIO_set_write_buffer_size(bbio,16*1024)) */
+    if (!BIO_set_read_buffer_size(bbio, 1)) {
+        SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB);
+        return (0);
+    }
+    if (push) {
+        if (s->wbio != bbio)
+            s->wbio = BIO_push(bbio, s->wbio);
+    } else {
+        if (s->wbio == bbio)
+            s->wbio = BIO_pop(bbio);
+    }
+    return (1);
+}
+
+void ssl_free_wbio_buffer(SSL *s)
+{
+    if (s->bbio == NULL)
+        return;
+
+    if (s->bbio == s->wbio) {
+        /* remove buffering */
+        s->wbio = BIO_pop(s->wbio);
+#ifdef REF_CHECK                /* not the usual REF_CHECK, but this avoids
+                                 * adding one more preprocessor symbol */
+        assert(s->wbio != NULL);
+#endif
+    }
+    BIO_free(s->bbio);
+    s->bbio = NULL;
+}
+
+void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
+{
+    ctx->quiet_shutdown = mode;
+}
+
+int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
+{
+    return (ctx->quiet_shutdown);
+}
+
+void SSL_set_quiet_shutdown(SSL *s, int mode)
+{
+    s->quiet_shutdown = mode;
+}
+
+int SSL_get_quiet_shutdown(const SSL *s)
+{
+    return (s->quiet_shutdown);
+}
+
+void SSL_set_shutdown(SSL *s, int mode)
+{
+    s->shutdown = mode;
+}
+
+int SSL_get_shutdown(const SSL *s)
+{
+    return (s->shutdown);
+}
+
+int SSL_version(const SSL *s)
+{
+    return (s->version);
+}
+
+SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
+{
+    return (ssl->ctx);
+}
+
+SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
+{
+    CERT *ocert = ssl->cert;
+    if (ssl->ctx == ctx)
+        return ssl->ctx;
+#ifndef OPENSSL_NO_TLSEXT
+    if (ctx == NULL)
+        ctx = ssl->initial_ctx;
+#endif
+    ssl->cert = ssl_cert_dup(ctx->cert);
+    if (ocert != NULL) {
+        int i;
+        /* Copy negotiated digests from original */
+        for (i = 0; i < SSL_PKEY_NUM; i++) {
+            CERT_PKEY *cpk = ocert->pkeys + i;
+            CERT_PKEY *rpk = ssl->cert->pkeys + i;
+            rpk->digest = cpk->digest;
+        }
+        ssl_cert_free(ocert);
+    }
+
+    /*
+     * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH),
+     * so setter APIs must prevent invalid lengths from entering the system.
+     */
+    OPENSSL_assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx));
+
+    /*
+     * If the session ID context matches that of the parent SSL_CTX,
+     * inherit it from the new SSL_CTX as well. If however the context does
+     * not match (i.e., it was set per-ssl with SSL_set_session_id_context),
+     * leave it unchanged.
+     */
+    if ((ssl->ctx != NULL) &&
+        (ssl->sid_ctx_length == ssl->ctx->sid_ctx_length) &&
+        (memcmp(ssl->sid_ctx, ssl->ctx->sid_ctx, ssl->sid_ctx_length) == 0)) {
+        ssl->sid_ctx_length = ctx->sid_ctx_length;
+        memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx));
+    }
+
+    CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
+    if (ssl->ctx != NULL)
+        SSL_CTX_free(ssl->ctx); /* decrement reference count */
+    ssl->ctx = ctx;
+
+    return (ssl->ctx);
+}
+
+#ifndef OPENSSL_NO_STDIO
+int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
+{
+    return (X509_STORE_set_default_paths(ctx->cert_store));
+}
+
+int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+                                  const char *CApath)
+{
+    return (X509_STORE_load_locations(ctx->cert_store, CAfile, CApath));
+}
+#endif
+
+void SSL_set_info_callback(SSL *ssl,
+                           void (*cb) (const SSL *ssl, int type, int val))
+{
+    ssl->info_callback = cb;
+}
+
+/*
+ * One compiler (Diab DCC) doesn't like argument names in returned function
+ * pointer.
+ */
+void (*SSL_get_info_callback(const SSL *ssl)) (const SSL * /* ssl */ ,
+                                               int /* type */ ,
+                                               int /* val */ ) {
+    return ssl->info_callback;
+}
+
+int SSL_state(const SSL *ssl)
+{
+    return (ssl->state);
+}
+
+void SSL_set_state(SSL *ssl, int state)
+{
+    ssl->state = state;
+}
+
+void SSL_set_verify_result(SSL *ssl, long arg)
+{
+    ssl->verify_result = arg;
+}
+
+long SSL_get_verify_result(const SSL *ssl)
+{
+    return (ssl->verify_result);
+}
+
+int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+                         CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+{
+    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
+                                   new_func, dup_func, free_func);
+}
+
+int SSL_set_ex_data(SSL *s, int idx, void *arg)
+{
+    return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
+}
+
+void *SSL_get_ex_data(const SSL *s, int idx)
+{
+    return (CRYPTO_get_ex_data(&s->ex_data, idx));
+}
+
+int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+                             CRYPTO_EX_dup *dup_func,
+                             CRYPTO_EX_free *free_func)
+{
+    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
+                                   new_func, dup_func, free_func);
+}
+
+int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
+{
+    return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
+}
+
+void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)
+{
+    return (CRYPTO_get_ex_data(&s->ex_data, idx));
+}
+
+int ssl_ok(SSL *s)
+{
+    return (1);
+}
+
+X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)
+{
+    return (ctx->cert_store);
+}
+
+void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
+{
+    if (ctx->cert_store != NULL)
+        X509_STORE_free(ctx->cert_store);
+    ctx->cert_store = store;
+}
+
+int SSL_want(const SSL *s)
+{
+    return (s->rwstate);
+}
+
+/**
+ * \brief Set the callback for generating temporary RSA keys.
+ * \param ctx the SSL context.
+ * \param cb the callback
+ */
+
+#ifndef OPENSSL_NO_RSA
+void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb) (SSL *ssl,
+                                                            int is_export,
+                                                            int keylength))
+{
+    SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB, (void (*)(void))cb);
+}
+
+void SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb) (SSL *ssl,
+                                                    int is_export,
+                                                    int keylength))
+{
+    SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB, (void (*)(void))cb);
+}
+#endif
+
+#ifdef DOXYGEN
+/**
+ * \brief The RSA temporary key callback function.
+ * \param ssl the SSL session.
+ * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite.
+ * \param keylength if \c is_export is \c TRUE, then \c keylength is the size
+ * of the required key in bits.
+ * \return the temporary RSA key.
+ * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback
+ */
+
+RSA *cb(SSL *ssl, int is_export, int keylength)
+{
+}
+#endif
+
+/**
+ * \brief Set the callback for generating temporary DH keys.
+ * \param ctx the SSL context.
+ * \param dh the callback
+ */
+
+#ifndef OPENSSL_NO_DH
+void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
+                                 DH *(*dh) (SSL *ssl, int is_export,
+                                            int keylength))
+{
+    SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
+}
+
+void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export,
+                                                  int keylength))
+{
+    SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
+}
+#endif
+
+#ifndef OPENSSL_NO_ECDH
+void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
+                                   EC_KEY *(*ecdh) (SSL *ssl, int is_export,
+                                                    int keylength))
+{
+    SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB,
+                          (void (*)(void))ecdh);
+}
+
+void SSL_set_tmp_ecdh_callback(SSL *ssl,
+                               EC_KEY *(*ecdh) (SSL *ssl, int is_export,
+                                                int keylength))
+{
+    SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB, (void (*)(void))ecdh);
+}
+#endif
+
+#ifndef OPENSSL_NO_PSK
+int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
+{
+    if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
+        SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT,
+               SSL_R_DATA_LENGTH_TOO_LONG);
+        return 0;
+    }
+    if (ctx->psk_identity_hint != NULL)
+        OPENSSL_free(ctx->psk_identity_hint);
+    if (identity_hint != NULL) {
+        ctx->psk_identity_hint = BUF_strdup(identity_hint);
+        if (ctx->psk_identity_hint == NULL)
+            return 0;
+    } else
+        ctx->psk_identity_hint = NULL;
+    return 1;
+}
+
+int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
+{
+    if (s == NULL)
+        return 0;
+
+    if (s->session == NULL)
+        return 1;               /* session not created yet, ignored */
+
+    if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
+        SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
+        return 0;
+    }
+    if (s->session->psk_identity_hint != NULL)
+        OPENSSL_free(s->session->psk_identity_hint);
+    if (identity_hint != NULL) {
+        s->session->psk_identity_hint = BUF_strdup(identity_hint);
+        if (s->session->psk_identity_hint == NULL)
+            return 0;
+    } else
+        s->session->psk_identity_hint = NULL;
+    return 1;
+}
+
+const char *SSL_get_psk_identity_hint(const SSL *s)
+{
+    if (s == NULL || s->session == NULL)
+        return NULL;
+    return (s->session->psk_identity_hint);
+}
+
+const char *SSL_get_psk_identity(const SSL *s)
+{
+    if (s == NULL || s->session == NULL)
+        return NULL;
+    return (s->session->psk_identity);
+}
+
+void SSL_set_psk_client_callback(SSL *s,
+                                 unsigned int (*cb) (SSL *ssl,
+                                                     const char *hint,
+                                                     char *identity,
+                                                     unsigned int
+                                                     max_identity_len,
+                                                     unsigned char *psk,
+                                                     unsigned int
+                                                     max_psk_len))
+{
+    s->psk_client_callback = cb;
+}
+
+void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
+                                     unsigned int (*cb) (SSL *ssl,
+                                                         const char *hint,
+                                                         char *identity,
+                                                         unsigned int
+                                                         max_identity_len,
+                                                         unsigned char *psk,
+                                                         unsigned int
+                                                         max_psk_len))
+{
+    ctx->psk_client_callback = cb;
+}
+
+void SSL_set_psk_server_callback(SSL *s,
+                                 unsigned int (*cb) (SSL *ssl,
+                                                     const char *identity,
+                                                     unsigned char *psk,
+                                                     unsigned int
+                                                     max_psk_len))
+{
+    s->psk_server_callback = cb;
+}
+
+void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
+                                     unsigned int (*cb) (SSL *ssl,
+                                                         const char *identity,
+                                                         unsigned char *psk,
+                                                         unsigned int
+                                                         max_psk_len))
+{
+    ctx->psk_server_callback = cb;
+}
+#endif
+
+void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
+                              void (*cb) (int write_p, int version,
+                                          int content_type, const void *buf,
+                                          size_t len, SSL *ssl, void *arg))
+{
+    SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
+}
+
+void SSL_set_msg_callback(SSL *ssl,
+                          void (*cb) (int write_p, int version,
+                                      int content_type, const void *buf,
+                                      size_t len, SSL *ssl, void *arg))
+{
+    SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
+}
+
+/*
+ * Allocates new EVP_MD_CTX and sets pointer to it into given pointer
+ * vairable, freeing EVP_MD_CTX previously stored in that variable, if any.
+ * If EVP_MD pointer is passed, initializes ctx with this md Returns newly
+ * allocated ctx;
+ */
+
+EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)
+{
+    ssl_clear_hash_ctx(hash);
+    *hash = EVP_MD_CTX_create();
+    if (*hash == NULL || (md && EVP_DigestInit_ex(*hash, md, NULL) <= 0)) {
+        EVP_MD_CTX_destroy(*hash);
+        *hash = NULL;
+        return NULL;
+    }
+    return *hash;
+}
+
+void ssl_clear_hash_ctx(EVP_MD_CTX **hash)
+{
+
+    if (*hash)
+        EVP_MD_CTX_destroy(*hash);
+    *hash = NULL;
+}
+
+void SSL_set_debug(SSL *s, int debug)
+{
+    s->debug = debug;
+}
+
+int SSL_cache_hit(SSL *s)
+{
+    return s->hit;
+}
+
+#if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16)
+# include "../crypto/bio/bss_file.c"
+#endif
+
+IMPLEMENT_STACK_OF(SSL_CIPHER)
+IMPLEMENT_STACK_OF(SSL_COMP)
+IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);

Deleted: vendor-crypto/openssl/1.0.1u/ssl/ssl_locl.h
===================================================================
--- vendor-crypto/openssl/dist/ssl/ssl_locl.h	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/ssl/ssl_locl.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,1245 +0,0 @@
-/* ssl/ssl_locl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#ifndef HEADER_SSL_LOCL_H
-# define HEADER_SSL_LOCL_H
-# include <stdlib.h>
-# include <time.h>
-# include <string.h>
-# include <errno.h>
-
-# include "e_os.h"
-
-# include <openssl/buffer.h>
-# ifndef OPENSSL_NO_COMP
-#  include <openssl/comp.h>
-# endif
-# include <openssl/bio.h>
-# include <openssl/stack.h>
-# ifndef OPENSSL_NO_RSA
-#  include <openssl/rsa.h>
-# endif
-# ifndef OPENSSL_NO_DSA
-#  include <openssl/dsa.h>
-# endif
-# include <openssl/err.h>
-# include <openssl/ssl.h>
-# include <openssl/symhacks.h>
-
-# ifdef OPENSSL_BUILD_SHLIBSSL
-#  undef OPENSSL_EXTERN
-#  define OPENSSL_EXTERN OPENSSL_EXPORT
-# endif
-
-# undef PKCS1_CHECK
-
-# define c2l(c,l)        (l = ((unsigned long)(*((c)++)))     , \
-                         l|=(((unsigned long)(*((c)++)))<< 8), \
-                         l|=(((unsigned long)(*((c)++)))<<16), \
-                         l|=(((unsigned long)(*((c)++)))<<24))
-
-/* NOTE - c is not incremented as per c2l */
-# define c2ln(c,l1,l2,n) { \
-                        c+=n; \
-                        l1=l2=0; \
-                        switch (n) { \
-                        case 8: l2 =((unsigned long)(*(--(c))))<<24; \
-                        case 7: l2|=((unsigned long)(*(--(c))))<<16; \
-                        case 6: l2|=((unsigned long)(*(--(c))))<< 8; \
-                        case 5: l2|=((unsigned long)(*(--(c))));     \
-                        case 4: l1 =((unsigned long)(*(--(c))))<<24; \
-                        case 3: l1|=((unsigned long)(*(--(c))))<<16; \
-                        case 2: l1|=((unsigned long)(*(--(c))))<< 8; \
-                        case 1: l1|=((unsigned long)(*(--(c))));     \
-                                } \
-                        }
-
-# define l2c(l,c)        (*((c)++)=(unsigned char)(((l)    )&0xff), \
-                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>24)&0xff))
-
-# define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24, \
-                         l|=((unsigned long)(*((c)++)))<<16, \
-                         l|=((unsigned long)(*((c)++)))<< 8, \
-                         l|=((unsigned long)(*((c)++))))
-
-# define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
-                         *((c)++)=(unsigned char)(((l)    )&0xff))
-
-# define l2n6(l,c)       (*((c)++)=(unsigned char)(((l)>>40)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>32)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>24)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
-                         *((c)++)=(unsigned char)(((l)    )&0xff))
-
-# define l2n8(l,c)       (*((c)++)=(unsigned char)(((l)>>56)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>48)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>40)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>32)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>24)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
-                         *((c)++)=(unsigned char)(((l)    )&0xff))
-
-# define n2l6(c,l)       (l =((BN_ULLONG)(*((c)++)))<<40, \
-                         l|=((BN_ULLONG)(*((c)++)))<<32, \
-                         l|=((BN_ULLONG)(*((c)++)))<<24, \
-                         l|=((BN_ULLONG)(*((c)++)))<<16, \
-                         l|=((BN_ULLONG)(*((c)++)))<< 8, \
-                         l|=((BN_ULLONG)(*((c)++))))
-
-/* NOTE - c is not incremented as per l2c */
-# define l2cn(l1,l2,c,n) { \
-                        c+=n; \
-                        switch (n) { \
-                        case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
-                        case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
-                        case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
-                        case 5: *(--(c))=(unsigned char)(((l2)    )&0xff); \
-                        case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
-                        case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
-                        case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
-                        case 1: *(--(c))=(unsigned char)(((l1)    )&0xff); \
-                                } \
-                        }
-
-# define n2s(c,s)        ((s=(((unsigned int)(c[0]))<< 8)| \
-                            (((unsigned int)(c[1]))    )),c+=2)
-# define s2n(s,c)        ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
-                          c[1]=(unsigned char)(((s)    )&0xff)),c+=2)
-
-# define n2l3(c,l)       ((l =(((unsigned long)(c[0]))<<16)| \
-                             (((unsigned long)(c[1]))<< 8)| \
-                             (((unsigned long)(c[2]))    )),c+=3)
-
-# define l2n3(l,c)       ((c[0]=(unsigned char)(((l)>>16)&0xff), \
-                          c[1]=(unsigned char)(((l)>> 8)&0xff), \
-                          c[2]=(unsigned char)(((l)    )&0xff)),c+=3)
-
-/* LOCAL STUFF */
-
-# define SSL_DECRYPT     0
-# define SSL_ENCRYPT     1
-
-# define TWO_BYTE_BIT    0x80
-# define SEC_ESC_BIT     0x40
-# define TWO_BYTE_MASK   0x7fff
-# define THREE_BYTE_MASK 0x3fff
-
-# define INC32(a)        ((a)=((a)+1)&0xffffffffL)
-# define DEC32(a)        ((a)=((a)-1)&0xffffffffL)
-# define MAX_MAC_SIZE    20     /* up from 16 for SSLv3 */
-
-/*
- * Define the Bitmasks for SSL_CIPHER.algorithms.
- * This bits are used packed as dense as possible. If new methods/ciphers
- * etc will be added, the bits a likely to change, so this information
- * is for internal library use only, even though SSL_CIPHER.algorithms
- * can be publicly accessed.
- * Use the according functions for cipher management instead.
- *
- * The bit mask handling in the selection and sorting scheme in
- * ssl_create_cipher_list() has only limited capabilities, reflecting
- * that the different entities within are mutually exclusive:
- * ONLY ONE BIT PER MASK CAN BE SET AT A TIME.
- */
-
-/* Bits for algorithm_mkey (key exchange algorithm) */
-/* RSA key exchange */
-# define SSL_kRSA                0x00000001L
-/* DH cert, RSA CA cert */
-/* no such ciphersuites supported! */
-# define SSL_kDHr                0x00000002L
-/* DH cert, DSA CA cert */
-/* no such ciphersuite supported! */
-# define SSL_kDHd                0x00000004L
-/* tmp DH key no DH cert */
-# define SSL_kEDH                0x00000008L
-/* Kerberos5 key exchange */
-# define SSL_kKRB5               0x00000010L
-/* ECDH cert, RSA CA cert */
-# define SSL_kECDHr              0x00000020L
-/* ECDH cert, ECDSA CA cert */
-# define SSL_kECDHe              0x00000040L
-/* ephemeral ECDH */
-# define SSL_kEECDH              0x00000080L
-/* PSK */
-# define SSL_kPSK                0x00000100L
-/* GOST key exchange */
-# define SSL_kGOST       0x00000200L
-/* SRP */
-# define SSL_kSRP        0x00000400L
-
-/* Bits for algorithm_auth (server authentication) */
-/* RSA auth */
-# define SSL_aRSA                0x00000001L
-/* DSS auth */
-# define SSL_aDSS                0x00000002L
-/* no auth (i.e. use ADH or AECDH) */
-# define SSL_aNULL               0x00000004L
-/* Fixed DH auth (kDHd or kDHr) */
-/* no such ciphersuites supported! */
-# define SSL_aDH                 0x00000008L
-/* Fixed ECDH auth (kECDHe or kECDHr) */
-# define SSL_aECDH               0x00000010L
-/* KRB5 auth */
-# define SSL_aKRB5               0x00000020L
-/* ECDSA auth*/
-# define SSL_aECDSA              0x00000040L
-/* PSK auth */
-# define SSL_aPSK                0x00000080L
-/* GOST R 34.10-94 signature auth */
-# define SSL_aGOST94                             0x00000100L
-/* GOST R 34.10-2001 signature auth */
-# define SSL_aGOST01                     0x00000200L
-/* SRP auth */
-# define SSL_aSRP                0x00000400L
-
-/* Bits for algorithm_enc (symmetric encryption) */
-# define SSL_DES                 0x00000001L
-# define SSL_3DES                0x00000002L
-# define SSL_RC4                 0x00000004L
-# define SSL_RC2                 0x00000008L
-# define SSL_IDEA                0x00000010L
-# define SSL_eNULL               0x00000020L
-# define SSL_AES128              0x00000040L
-# define SSL_AES256              0x00000080L
-# define SSL_CAMELLIA128         0x00000100L
-# define SSL_CAMELLIA256         0x00000200L
-# define SSL_eGOST2814789CNT     0x00000400L
-# define SSL_SEED                0x00000800L
-# define SSL_AES128GCM           0x00001000L
-# define SSL_AES256GCM           0x00002000L
-
-# define SSL_AES                 (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM)
-# define SSL_CAMELLIA            (SSL_CAMELLIA128|SSL_CAMELLIA256)
-
-/* Bits for algorithm_mac (symmetric authentication) */
-
-# define SSL_MD5                 0x00000001L
-# define SSL_SHA1                0x00000002L
-# define SSL_GOST94      0x00000004L
-# define SSL_GOST89MAC   0x00000008L
-# define SSL_SHA256              0x00000010L
-# define SSL_SHA384              0x00000020L
-/* Not a real MAC, just an indication it is part of cipher */
-# define SSL_AEAD                0x00000040L
-
-/* Bits for algorithm_ssl (protocol version) */
-# define SSL_SSLV2               0x00000001UL
-# define SSL_SSLV3               0x00000002UL
-# define SSL_TLSV1               SSL_SSLV3/* for now */
-# define SSL_TLSV1_2             0x00000004UL
-
-/* Bits for algorithm2 (handshake digests and other extra flags) */
-
-# define SSL_HANDSHAKE_MAC_MD5 0x10
-# define SSL_HANDSHAKE_MAC_SHA 0x20
-# define SSL_HANDSHAKE_MAC_GOST94 0x40
-# define SSL_HANDSHAKE_MAC_SHA256 0x80
-# define SSL_HANDSHAKE_MAC_SHA384 0x100
-# define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA)
-
-/*
- * When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX make
- * sure to update this constant too
- */
-# define SSL_MAX_DIGEST 6
-
-# define TLS1_PRF_DGST_MASK      (0xff << TLS1_PRF_DGST_SHIFT)
-
-# define TLS1_PRF_DGST_SHIFT 10
-# define TLS1_PRF_MD5 (SSL_HANDSHAKE_MAC_MD5 << TLS1_PRF_DGST_SHIFT)
-# define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT)
-# define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT)
-# define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT)
-# define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT)
-# define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1)
-
-/*
- * Stream MAC for GOST ciphersuites from cryptopro draft (currently this also
- * goes into algorithm2)
- */
-# define TLS1_STREAM_MAC 0x04
-
-/*
- * Export and cipher strength information. For each cipher we have to decide
- * whether it is exportable or not. This information is likely to change
- * over time, since the export control rules are no static technical issue.
- *
- * Independent of the export flag the cipher strength is sorted into classes.
- * SSL_EXP40 was denoting the 40bit US export limit of past times, which now
- * is at 56bit (SSL_EXP56). If the exportable cipher class is going to change
- * again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more,
- * since SSL_EXP64 could be similar to SSL_LOW.
- * For this reason SSL_MICRO and SSL_MINI macros are included to widen the
- * namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed
- * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would
- * be possible.
- */
-# define SSL_EXP_MASK            0x00000003L
-# define SSL_STRONG_MASK         0x000001fcL
-
-# define SSL_NOT_EXP             0x00000001L
-# define SSL_EXPORT              0x00000002L
-
-# define SSL_STRONG_NONE         0x00000004L
-# define SSL_EXP40               0x00000008L
-# define SSL_MICRO               (SSL_EXP40)
-# define SSL_EXP56               0x00000010L
-# define SSL_MINI                (SSL_EXP56)
-# define SSL_LOW                 0x00000020L
-# define SSL_MEDIUM              0x00000040L
-# define SSL_HIGH                0x00000080L
-# define SSL_FIPS                0x00000100L
-
-/* we have used 000001ff - 23 bits left to go */
-
-/*-
- * Macros to check the export status and cipher strength for export ciphers.
- * Even though the macros for EXPORT and EXPORT40/56 have similar names,
- * their meaning is different:
- * *_EXPORT macros check the 'exportable' status.
- * *_EXPORT40/56 macros are used to check whether a certain cipher strength
- *          is given.
- * Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct
- * algorithm structure element to be passed (algorithms, algo_strength) and no
- * typechecking can be done as they are all of type unsigned long, their
- * direct usage is discouraged.
- * Use the SSL_C_* macros instead.
- */
-# define SSL_IS_EXPORT(a)        ((a)&SSL_EXPORT)
-# define SSL_IS_EXPORT56(a)      ((a)&SSL_EXP56)
-# define SSL_IS_EXPORT40(a)      ((a)&SSL_EXP40)
-# define SSL_C_IS_EXPORT(c)      SSL_IS_EXPORT((c)->algo_strength)
-# define SSL_C_IS_EXPORT56(c)    SSL_IS_EXPORT56((c)->algo_strength)
-# define SSL_C_IS_EXPORT40(c)    SSL_IS_EXPORT40((c)->algo_strength)
-
-# define SSL_EXPORT_KEYLENGTH(a,s)       (SSL_IS_EXPORT40(s) ? 5 : \
-                                 (a) == SSL_DES ? 8 : 7)
-# define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
-# define SSL_C_EXPORT_KEYLENGTH(c)       SSL_EXPORT_KEYLENGTH((c)->algorithm_enc, \
-                                (c)->algo_strength)
-# define SSL_C_EXPORT_PKEYLENGTH(c)      SSL_EXPORT_PKEYLENGTH((c)->algo_strength)
-
-/* Mostly for SSLv3 */
-# define SSL_PKEY_RSA_ENC        0
-# define SSL_PKEY_RSA_SIGN       1
-# define SSL_PKEY_DSA_SIGN       2
-# define SSL_PKEY_DH_RSA         3
-# define SSL_PKEY_DH_DSA         4
-# define SSL_PKEY_ECC            5
-# define SSL_PKEY_GOST94         6
-# define SSL_PKEY_GOST01         7
-# define SSL_PKEY_NUM            8
-
-/*-
- * SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
- *          <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
- * SSL_kDH  <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
- * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN
- * SSL_aRSA <- RSA_ENC | RSA_SIGN
- * SSL_aDSS <- DSA_SIGN
- */
-
-/*-
-#define CERT_INVALID            0
-#define CERT_PUBLIC_KEY         1
-#define CERT_PRIVATE_KEY        2
-*/
-
-# ifndef OPENSSL_NO_EC
-/*
- * From ECC-TLS draft, used in encoding the curve type in ECParameters
- */
-#  define EXPLICIT_PRIME_CURVE_TYPE  1
-#  define EXPLICIT_CHAR2_CURVE_TYPE  2
-#  define NAMED_CURVE_TYPE           3
-# endif                         /* OPENSSL_NO_EC */
-
-typedef struct cert_pkey_st {
-    X509 *x509;
-    EVP_PKEY *privatekey;
-    /* Digest to use when signing */
-    const EVP_MD *digest;
-} CERT_PKEY;
-
-typedef struct cert_st {
-    /* Current active set */
-    /*
-     * ALWAYS points to an element of the pkeys array
-     * Probably it would make more sense to store
-     * an index, not a pointer.
-     */
-    CERT_PKEY *key;
-    /*
-     * The following masks are for the key and auth algorithms that are
-     * supported by the certs below
-     */
-    int valid;
-    unsigned long mask_k;
-    unsigned long mask_a;
-    unsigned long export_mask_k;
-    unsigned long export_mask_a;
-# ifndef OPENSSL_NO_RSA
-    RSA *rsa_tmp;
-    RSA *(*rsa_tmp_cb) (SSL *ssl, int is_export, int keysize);
-# endif
-# ifndef OPENSSL_NO_DH
-    DH *dh_tmp;
-    DH *(*dh_tmp_cb) (SSL *ssl, int is_export, int keysize);
-# endif
-# ifndef OPENSSL_NO_ECDH
-    EC_KEY *ecdh_tmp;
-    /* Callback for generating ephemeral ECDH keys */
-    EC_KEY *(*ecdh_tmp_cb) (SSL *ssl, int is_export, int keysize);
-# endif
-    CERT_PKEY pkeys[SSL_PKEY_NUM];
-    int references;             /* >1 only if SSL_copy_session_id is used */
-} CERT;
-
-typedef struct sess_cert_st {
-    STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */
-    /* The 'peer_...' members are used only by clients. */
-    int peer_cert_type;
-    CERT_PKEY *peer_key;        /* points to an element of peer_pkeys (never
-                                 * NULL!) */
-    CERT_PKEY peer_pkeys[SSL_PKEY_NUM];
-    /*
-     * Obviously we don't have the private keys of these, so maybe we
-     * shouldn't even use the CERT_PKEY type here.
-     */
-# ifndef OPENSSL_NO_RSA
-    RSA *peer_rsa_tmp;          /* not used for SSL 2 */
-# endif
-# ifndef OPENSSL_NO_DH
-    DH *peer_dh_tmp;            /* not used for SSL 2 */
-# endif
-# ifndef OPENSSL_NO_ECDH
-    EC_KEY *peer_ecdh_tmp;
-# endif
-    int references;             /* actually always 1 at the moment */
-} SESS_CERT;
-
-/*
- * #define MAC_DEBUG
- */
-
-/*
- * #define ERR_DEBUG
- */
-/*
- * #define ABORT_DEBUG
- */
-/*
- * #define PKT_DEBUG 1
- */
-/*
- * #define DES_DEBUG
- */
-/*
- * #define DES_OFB_DEBUG
- */
-/*
- * #define SSL_DEBUG
- */
-/*
- * #define RSA_DEBUG
- */
-/*
- * #define IDEA_DEBUG
- */
-
-# define FP_ICC  (int (*)(const void *,const void *))
-# define ssl_put_cipher_by_char(ssl,ciph,ptr) \
-                ((ssl)->method->put_cipher_by_char((ciph),(ptr)))
-# define ssl_get_cipher_by_char(ssl,ptr) \
-                ((ssl)->method->get_cipher_by_char(ptr))
-
-/*
- * This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff It is a bit
- * of a mess of functions, but hell, think of it as an opaque structure :-)
- */
-typedef struct ssl3_enc_method {
-    int (*enc) (SSL *, int);
-    int (*mac) (SSL *, unsigned char *, int);
-    int (*setup_key_block) (SSL *);
-    int (*generate_master_secret) (SSL *, unsigned char *, unsigned char *,
-                                   int);
-    int (*change_cipher_state) (SSL *, int);
-    int (*final_finish_mac) (SSL *, const char *, int, unsigned char *);
-    int finish_mac_length;
-    int (*cert_verify_mac) (SSL *, int, unsigned char *);
-    const char *client_finished_label;
-    int client_finished_label_len;
-    const char *server_finished_label;
-    int server_finished_label_len;
-    int (*alert_value) (int);
-    int (*export_keying_material) (SSL *, unsigned char *, size_t,
-                                   const char *, size_t,
-                                   const unsigned char *, size_t,
-                                   int use_context);
-} SSL3_ENC_METHOD;
-
-# ifndef OPENSSL_NO_COMP
-/* Used for holding the relevant compression methods loaded into SSL_CTX */
-typedef struct ssl3_comp_st {
-    int comp_id;                /* The identifier byte for this compression
-                                 * type */
-    char *name;                 /* Text name used for the compression type */
-    COMP_METHOD *method;        /* The method :-) */
-} SSL3_COMP;
-# endif
-
-# ifndef OPENSSL_NO_BUF_FREELISTS
-typedef struct ssl3_buf_freelist_st {
-    size_t chunklen;
-    unsigned int len;
-    struct ssl3_buf_freelist_entry_st *head;
-} SSL3_BUF_FREELIST;
-
-typedef struct ssl3_buf_freelist_entry_st {
-    struct ssl3_buf_freelist_entry_st *next;
-} SSL3_BUF_FREELIST_ENTRY;
-# endif
-
-extern SSL3_ENC_METHOD ssl3_undef_enc_method;
-OPENSSL_EXTERN const SSL_CIPHER ssl2_ciphers[];
-OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
-
-SSL_METHOD *ssl_bad_method(int ver);
-
-extern SSL3_ENC_METHOD TLSv1_enc_data;
-extern SSL3_ENC_METHOD SSLv3_enc_data;
-extern SSL3_ENC_METHOD DTLSv1_enc_data;
-
-# define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION)
-
-# define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
-                                s_get_meth) \
-const SSL_METHOD *func_name(void)  \
-        { \
-        static const SSL_METHOD func_name##_data= { \
-                version, \
-                tls1_new, \
-                tls1_clear, \
-                tls1_free, \
-                s_accept, \
-                s_connect, \
-                ssl3_read, \
-                ssl3_peek, \
-                ssl3_write, \
-                ssl3_shutdown, \
-                ssl3_renegotiate, \
-                ssl3_renegotiate_check, \
-                ssl3_get_message, \
-                ssl3_read_bytes, \
-                ssl3_write_bytes, \
-                ssl3_dispatch_alert, \
-                ssl3_ctrl, \
-                ssl3_ctx_ctrl, \
-                ssl3_get_cipher_by_char, \
-                ssl3_put_cipher_by_char, \
-                ssl3_pending, \
-                ssl3_num_ciphers, \
-                ssl3_get_cipher, \
-                s_get_meth, \
-                tls1_default_timeout, \
-                &TLSv1_enc_data, \
-                ssl_undefined_void_function, \
-                ssl3_callback_ctrl, \
-                ssl3_ctx_callback_ctrl, \
-        }; \
-        return &func_name##_data; \
-        }
-
-# define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect, s_get_meth) \
-const SSL_METHOD *func_name(void)  \
-        { \
-        static const SSL_METHOD func_name##_data= { \
-                SSL3_VERSION, \
-                ssl3_new, \
-                ssl3_clear, \
-                ssl3_free, \
-                s_accept, \
-                s_connect, \
-                ssl3_read, \
-                ssl3_peek, \
-                ssl3_write, \
-                ssl3_shutdown, \
-                ssl3_renegotiate, \
-                ssl3_renegotiate_check, \
-                ssl3_get_message, \
-                ssl3_read_bytes, \
-                ssl3_write_bytes, \
-                ssl3_dispatch_alert, \
-                ssl3_ctrl, \
-                ssl3_ctx_ctrl, \
-                ssl3_get_cipher_by_char, \
-                ssl3_put_cipher_by_char, \
-                ssl3_pending, \
-                ssl3_num_ciphers, \
-                ssl3_get_cipher, \
-                s_get_meth, \
-                ssl3_default_timeout, \
-                &SSLv3_enc_data, \
-                ssl_undefined_void_function, \
-                ssl3_callback_ctrl, \
-                ssl3_ctx_callback_ctrl, \
-        }; \
-        return &func_name##_data; \
-        }
-
-# define IMPLEMENT_ssl23_meth_func(func_name, s_accept, s_connect, s_get_meth) \
-const SSL_METHOD *func_name(void)  \
-        { \
-        static const SSL_METHOD func_name##_data= { \
-        TLS1_2_VERSION, \
-        tls1_new, \
-        tls1_clear, \
-        tls1_free, \
-        s_accept, \
-        s_connect, \
-        ssl23_read, \
-        ssl23_peek, \
-        ssl23_write, \
-        ssl_undefined_function, \
-        ssl_undefined_function, \
-        ssl_ok, \
-        ssl3_get_message, \
-        ssl3_read_bytes, \
-        ssl3_write_bytes, \
-        ssl3_dispatch_alert, \
-        ssl3_ctrl, \
-        ssl3_ctx_ctrl, \
-        ssl23_get_cipher_by_char, \
-        ssl23_put_cipher_by_char, \
-        ssl_undefined_const_function, \
-        ssl23_num_ciphers, \
-        ssl23_get_cipher, \
-        s_get_meth, \
-        ssl23_default_timeout, \
-        &ssl3_undef_enc_method, \
-        ssl_undefined_void_function, \
-        ssl3_callback_ctrl, \
-        ssl3_ctx_callback_ctrl, \
-        }; \
-        return &func_name##_data; \
-        }
-
-# define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \
-const SSL_METHOD *func_name(void)  \
-        { \
-        static const SSL_METHOD func_name##_data= { \
-                SSL2_VERSION, \
-                ssl2_new,       /* local */ \
-                ssl2_clear,     /* local */ \
-                ssl2_free,      /* local */ \
-                s_accept, \
-                s_connect, \
-                ssl2_read, \
-                ssl2_peek, \
-                ssl2_write, \
-                ssl2_shutdown, \
-                ssl_ok, /* NULL - renegotiate */ \
-                ssl_ok, /* NULL - check renegotiate */ \
-                NULL, /* NULL - ssl_get_message */ \
-                NULL, /* NULL - ssl_get_record */ \
-                NULL, /* NULL - ssl_write_bytes */ \
-                NULL, /* NULL - dispatch_alert */ \
-                ssl2_ctrl,      /* local */ \
-                ssl2_ctx_ctrl,  /* local */ \
-                ssl2_get_cipher_by_char, \
-                ssl2_put_cipher_by_char, \
-                ssl2_pending, \
-                ssl2_num_ciphers, \
-                ssl2_get_cipher, \
-                s_get_meth, \
-                ssl2_default_timeout, \
-                &ssl3_undef_enc_method, \
-                ssl_undefined_void_function, \
-                ssl2_callback_ctrl,     /* local */ \
-                ssl2_ctx_callback_ctrl, /* local */ \
-        }; \
-        return &func_name##_data; \
-        }
-
-# define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
-const SSL_METHOD *func_name(void)  \
-        { \
-        static const SSL_METHOD func_name##_data= { \
-                DTLS1_VERSION, \
-                dtls1_new, \
-                dtls1_clear, \
-                dtls1_free, \
-                s_accept, \
-                s_connect, \
-                ssl3_read, \
-                ssl3_peek, \
-                ssl3_write, \
-                dtls1_shutdown, \
-                ssl3_renegotiate, \
-                ssl3_renegotiate_check, \
-                dtls1_get_message, \
-                dtls1_read_bytes, \
-                dtls1_write_app_data_bytes, \
-                dtls1_dispatch_alert, \
-                dtls1_ctrl, \
-                ssl3_ctx_ctrl, \
-                ssl3_get_cipher_by_char, \
-                ssl3_put_cipher_by_char, \
-                ssl3_pending, \
-                ssl3_num_ciphers, \
-                dtls1_get_cipher, \
-                s_get_meth, \
-                dtls1_default_timeout, \
-                &DTLSv1_enc_data, \
-                ssl_undefined_void_function, \
-                ssl3_callback_ctrl, \
-                ssl3_ctx_callback_ctrl, \
-        }; \
-        return &func_name##_data; \
-        }
-
-struct openssl_ssl_test_functions {
-    int (*p_ssl_init_wbio_buffer) (SSL *s, int push);
-    int (*p_ssl3_setup_buffers) (SSL *s);
-    int (*p_tls1_process_heartbeat) (SSL *s);
-    int (*p_dtls1_process_heartbeat) (SSL *s);
-};
-
-# ifndef OPENSSL_UNIT_TEST
-
-void ssl_clear_cipher_ctx(SSL *s);
-int ssl_clear_bad_session(SSL *s);
-CERT *ssl_cert_new(void);
-CERT *ssl_cert_dup(CERT *cert);
-int ssl_cert_inst(CERT **o);
-void ssl_cert_free(CERT *c);
-SESS_CERT *ssl_sess_cert_new(void);
-void ssl_sess_cert_free(SESS_CERT *sc);
-int ssl_set_peer_cert_type(SESS_CERT *c, int type);
-int ssl_get_new_session(SSL *s, int session);
-int ssl_get_prev_session(SSL *s, unsigned char *session, int len,
-                         const unsigned char *limit);
-SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket);
-int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b);
-DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
-int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
-                          const SSL_CIPHER *const *bp);
-STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p,
-                                               int num,
-                                               STACK_OF(SSL_CIPHER) **skp);
-int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
-                             unsigned char *p,
-                             int (*put_cb) (const SSL_CIPHER *,
-                                            unsigned char *));
-STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
-                                             STACK_OF(SSL_CIPHER) **pref,
-                                             STACK_OF(SSL_CIPHER) **sorted,
-                                             const char *rule_str);
-void ssl_update_cache(SSL *s, int mode);
-int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
-                       const EVP_MD **md, int *mac_pkey_type,
-                       int *mac_secret_size, SSL_COMP **comp);
-int ssl_get_handshake_digest(int i, long *mask, const EVP_MD **md);
-int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk);
-int ssl_undefined_function(SSL *s);
-int ssl_undefined_void_function(void);
-int ssl_undefined_const_function(const SSL *s);
-CERT_PKEY *ssl_get_server_send_pkey(const SSL *s);
-X509 *ssl_get_server_send_cert(const SSL *);
-EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c, const EVP_MD **pmd);
-int ssl_cert_type(X509 *x, EVP_PKEY *pkey);
-void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
-STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
-int ssl_verify_alarm_type(long type);
-void ssl_load_ciphers(void);
-int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len);
-
-int ssl2_enc_init(SSL *s, int client);
-int ssl2_generate_key_material(SSL *s);
-int ssl2_enc(SSL *s, int send_data);
-void ssl2_mac(SSL *s, unsigned char *mac, int send_data);
-const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
-int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
-int ssl2_part_read(SSL *s, unsigned long f, int i);
-int ssl2_do_write(SSL *s);
-int ssl2_set_certificate(SSL *s, int type, int len,
-                         const unsigned char *data);
-void ssl2_return_error(SSL *s, int reason);
-void ssl2_write_error(SSL *s);
-int ssl2_num_ciphers(void);
-const SSL_CIPHER *ssl2_get_cipher(unsigned int u);
-int ssl2_new(SSL *s);
-void ssl2_free(SSL *s);
-int ssl2_accept(SSL *s);
-int ssl2_connect(SSL *s);
-int ssl2_read(SSL *s, void *buf, int len);
-int ssl2_peek(SSL *s, void *buf, int len);
-int ssl2_write(SSL *s, const void *buf, int len);
-int ssl2_shutdown(SSL *s);
-void ssl2_clear(SSL *s);
-long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg);
-long ssl2_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg);
-long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp) (void));
-long ssl2_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp) (void));
-int ssl2_pending(const SSL *s);
-long ssl2_default_timeout(void);
-
-const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
-int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
-void ssl3_init_finished_mac(SSL *s);
-int ssl3_send_server_certificate(SSL *s);
-int ssl3_send_newsession_ticket(SSL *s);
-int ssl3_send_cert_status(SSL *s);
-int ssl3_get_finished(SSL *s, int state_a, int state_b);
-int ssl3_setup_key_block(SSL *s);
-int ssl3_send_change_cipher_spec(SSL *s, int state_a, int state_b);
-int ssl3_change_cipher_state(SSL *s, int which);
-void ssl3_cleanup_key_block(SSL *s);
-int ssl3_do_write(SSL *s, int type);
-int ssl3_send_alert(SSL *s, int level, int desc);
-int ssl3_generate_master_secret(SSL *s, unsigned char *out,
-                                unsigned char *p, int len);
-int ssl3_get_req_cert_type(SSL *s, unsigned char *p);
-long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
-int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen);
-int ssl3_num_ciphers(void);
-const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
-int ssl3_renegotiate(SSL *ssl);
-int ssl3_renegotiate_check(SSL *ssl);
-int ssl3_dispatch_alert(SSL *s);
-int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
-int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
-int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,
-                          unsigned char *p);
-int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
-void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
-int ssl3_enc(SSL *s, int send_data);
-int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
-void ssl3_free_digest_list(SSL *s);
-unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
-SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt,
-                               STACK_OF(SSL_CIPHER) *srvr);
-int ssl3_setup_buffers(SSL *s);
-int ssl3_setup_read_buffer(SSL *s);
-int ssl3_setup_write_buffer(SSL *s);
-int ssl3_release_read_buffer(SSL *s);
-int ssl3_release_write_buffer(SSL *s);
-int ssl3_digest_cached_records(SSL *s);
-int ssl3_new(SSL *s);
-void ssl3_free(SSL *s);
-int ssl3_accept(SSL *s);
-int ssl3_connect(SSL *s);
-int ssl3_read(SSL *s, void *buf, int len);
-int ssl3_peek(SSL *s, void *buf, int len);
-int ssl3_write(SSL *s, const void *buf, int len);
-int ssl3_shutdown(SSL *s);
-void ssl3_clear(SSL *s);
-long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg);
-long ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg);
-long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void));
-long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp) (void));
-int ssl3_pending(const SSL *s);
-
-void ssl3_record_sequence_update(unsigned char *seq);
-int ssl3_do_change_cipher_spec(SSL *ssl);
-long ssl3_default_timeout(void);
-
-int ssl23_num_ciphers(void);
-const SSL_CIPHER *ssl23_get_cipher(unsigned int u);
-int ssl23_read(SSL *s, void *buf, int len);
-int ssl23_peek(SSL *s, void *buf, int len);
-int ssl23_write(SSL *s, const void *buf, int len);
-int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
-const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
-long ssl23_default_timeout(void);
-
-long tls1_default_timeout(void);
-int dtls1_do_write(SSL *s, int type);
-int ssl3_read_n(SSL *s, int n, int max, int extend);
-int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
-int ssl3_do_compress(SSL *ssl);
-int ssl3_do_uncompress(SSL *ssl);
-int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
-                       unsigned int len);
-unsigned char *dtls1_set_message_header(SSL *s,
-                                        unsigned char *p, unsigned char mt,
-                                        unsigned long len,
-                                        unsigned long frag_off,
-                                        unsigned long frag_len);
-
-int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len);
-int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
-
-int dtls1_send_change_cipher_spec(SSL *s, int a, int b);
-int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen);
-unsigned long dtls1_output_cert_chain(SSL *s, X509 *x);
-int dtls1_read_failed(SSL *s, int code);
-int dtls1_buffer_message(SSL *s, int ccs);
-int dtls1_retransmit_message(SSL *s, unsigned short seq,
-                             unsigned long frag_off, int *found);
-int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
-int dtls1_retransmit_buffered_messages(SSL *s);
-void dtls1_clear_record_buffer(SSL *s);
-void dtls1_get_message_header(unsigned char *data,
-                              struct hm_header_st *msg_hdr);
-void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
-void dtls1_reset_seq_numbers(SSL *s, int rw);
-long dtls1_default_timeout(void);
-struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft);
-int dtls1_check_timeout_num(SSL *s);
-int dtls1_handle_timeout(SSL *s);
-const SSL_CIPHER *dtls1_get_cipher(unsigned int u);
-void dtls1_start_timer(SSL *s);
-void dtls1_stop_timer(SSL *s);
-int dtls1_is_timer_expired(SSL *s);
-void dtls1_double_timeout(SSL *s);
-int dtls1_send_newsession_ticket(SSL *s);
-unsigned int dtls1_min_mtu(SSL *s);
-unsigned int dtls1_link_min_mtu(void);
-void dtls1_hm_fragment_free(hm_fragment *frag);
-
-/* some client-only functions */
-int ssl3_client_hello(SSL *s);
-int ssl3_get_server_hello(SSL *s);
-int ssl3_get_certificate_request(SSL *s);
-int ssl3_get_new_session_ticket(SSL *s);
-int ssl3_get_cert_status(SSL *s);
-int ssl3_get_server_done(SSL *s);
-int ssl3_send_client_verify(SSL *s);
-int ssl3_send_client_certificate(SSL *s);
-int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
-int ssl3_send_client_key_exchange(SSL *s);
-int ssl3_get_key_exchange(SSL *s);
-int ssl3_get_server_certificate(SSL *s);
-int ssl3_check_cert_and_algorithm(SSL *s);
-#  ifndef OPENSSL_NO_TLSEXT
-#   ifndef OPENSSL_NO_NEXTPROTONEG
-int ssl3_send_next_proto(SSL *s);
-#   endif
-#  endif
-
-int dtls1_client_hello(SSL *s);
-int dtls1_send_client_certificate(SSL *s);
-int dtls1_send_client_key_exchange(SSL *s);
-int dtls1_send_client_verify(SSL *s);
-
-/* some server-only functions */
-int ssl3_get_client_hello(SSL *s);
-int ssl3_send_server_hello(SSL *s);
-int ssl3_send_hello_request(SSL *s);
-int ssl3_send_server_key_exchange(SSL *s);
-int ssl3_send_certificate_request(SSL *s);
-int ssl3_send_server_done(SSL *s);
-int ssl3_check_client_hello(SSL *s);
-int ssl3_get_client_certificate(SSL *s);
-int ssl3_get_client_key_exchange(SSL *s);
-int ssl3_get_cert_verify(SSL *s);
-#  ifndef OPENSSL_NO_NEXTPROTONEG
-int ssl3_get_next_proto(SSL *s);
-#  endif
-
-int dtls1_send_hello_request(SSL *s);
-int dtls1_send_server_hello(SSL *s);
-int dtls1_send_server_certificate(SSL *s);
-int dtls1_send_server_key_exchange(SSL *s);
-int dtls1_send_certificate_request(SSL *s);
-int dtls1_send_server_done(SSL *s);
-
-int ssl23_accept(SSL *s);
-int ssl23_connect(SSL *s);
-int ssl23_read_bytes(SSL *s, int n);
-int ssl23_write_bytes(SSL *s);
-
-int tls1_new(SSL *s);
-void tls1_free(SSL *s);
-void tls1_clear(SSL *s);
-long tls1_ctrl(SSL *s, int cmd, long larg, void *parg);
-long tls1_callback_ctrl(SSL *s, int cmd, void (*fp) (void));
-
-int dtls1_new(SSL *s);
-int dtls1_accept(SSL *s);
-int dtls1_connect(SSL *s);
-void dtls1_free(SSL *s);
-void dtls1_clear(SSL *s);
-long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg);
-int dtls1_shutdown(SSL *s);
-
-long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
-int dtls1_get_record(SSL *s);
-int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
-                   unsigned int len, int create_empty_fragement);
-int dtls1_dispatch_alert(SSL *s);
-int dtls1_enc(SSL *s, int snd);
-
-int ssl_init_wbio_buffer(SSL *s, int push);
-void ssl_free_wbio_buffer(SSL *s);
-
-int tls1_change_cipher_state(SSL *s, int which);
-int tls1_setup_key_block(SSL *s);
-int tls1_enc(SSL *s, int snd);
-int tls1_final_finish_mac(SSL *s,
-                          const char *str, int slen, unsigned char *p);
-int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
-int tls1_mac(SSL *ssl, unsigned char *md, int snd);
-int tls1_generate_master_secret(SSL *s, unsigned char *out,
-                                unsigned char *p, int len);
-int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
-                                const char *label, size_t llen,
-                                const unsigned char *p, size_t plen,
-                                int use_context);
-int tls1_alert_code(int code);
-int ssl3_alert_code(int code);
-int ssl_ok(SSL *s);
-
-#  ifndef OPENSSL_NO_ECDH
-int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);
-#  endif
-
-SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
-
-#  ifndef OPENSSL_NO_EC
-int tls1_ec_curve_id2nid(int curve_id);
-int tls1_ec_nid2curve_id(int nid);
-#  endif                        /* OPENSSL_NO_EC */
-
-#  ifndef OPENSSL_NO_TLSEXT
-unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
-                                          unsigned char *limit);
-unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
-                                          unsigned char *limit);
-int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data,
-                                 unsigned char *limit, int *al);
-int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data,
-                                 unsigned char *d, int n, int *al);
-int ssl_prepare_clienthello_tlsext(SSL *s);
-int ssl_prepare_serverhello_tlsext(SSL *s);
-int ssl_check_clienthello_tlsext_early(SSL *s);
-int ssl_check_clienthello_tlsext_late(SSL *s);
-int ssl_check_serverhello_tlsext(SSL *s);
-
-#   ifndef OPENSSL_NO_HEARTBEATS
-int tls1_heartbeat(SSL *s);
-int dtls1_heartbeat(SSL *s);
-int tls1_process_heartbeat(SSL *s);
-int dtls1_process_heartbeat(SSL *s);
-#   endif
-
-#   ifdef OPENSSL_NO_SHA256
-#    define tlsext_tick_md  EVP_sha1
-#   else
-#    define tlsext_tick_md  EVP_sha256
-#   endif
-int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
-                        const unsigned char *limit, SSL_SESSION **ret);
-
-int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
-                         const EVP_MD *md);
-int tls12_get_sigid(const EVP_PKEY *pk);
-const EVP_MD *tls12_get_hash(unsigned char hash_alg);
-
-#  endif
-EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md);
-void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
-int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
-                                        int maxlen);
-int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
-                                          int *al);
-int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
-                                        int maxlen);
-int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
-                                          int *al);
-long ssl_get_algorithm2(SSL *s);
-int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize);
-int tls12_get_req_sig_algs(SSL *s, unsigned char *p);
-
-int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len,
-                                     int maxlen);
-int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,
-                                       int *al);
-int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len,
-                                     int maxlen);
-int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,
-                                       int *al);
-
-/* s3_cbc.c */
-void ssl3_cbc_copy_mac(unsigned char *out,
-                       const SSL3_RECORD *rec,
-                       unsigned md_size, unsigned orig_len);
-int ssl3_cbc_remove_padding(const SSL *s,
-                            SSL3_RECORD *rec,
-                            unsigned block_size, unsigned mac_size);
-int tls1_cbc_remove_padding(const SSL *s,
-                            SSL3_RECORD *rec,
-                            unsigned block_size, unsigned mac_size);
-char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
-int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
-                           unsigned char *md_out,
-                           size_t *md_out_size,
-                           const unsigned char header[13],
-                           const unsigned char *data,
-                           size_t data_plus_mac_size,
-                           size_t data_plus_mac_plus_padding_size,
-                           const unsigned char *mac_secret,
-                           unsigned mac_secret_length, char is_sslv3);
-
-void tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx,
-                           EVP_MD_CTX *mac_ctx, const unsigned char *data,
-                           size_t data_len, size_t orig_len);
-
-int srp_verify_server_param(SSL *s, int *al);
-
-# else
-
-#  define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer
-#  define ssl3_setup_buffers SSL_test_functions()->p_ssl3_setup_buffers
-#  define tls1_process_heartbeat SSL_test_functions()->p_tls1_process_heartbeat
-#  define dtls1_process_heartbeat SSL_test_functions()->p_dtls1_process_heartbeat
-
-# endif
-#endif

Copied: vendor-crypto/openssl/1.0.1u/ssl/ssl_locl.h (from rev 11605, vendor-crypto/openssl/dist/ssl/ssl_locl.h)
===================================================================
--- vendor-crypto/openssl/1.0.1u/ssl/ssl_locl.h	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/ssl/ssl_locl.h	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,1247 @@
+/* ssl/ssl_locl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
+
+#ifndef HEADER_SSL_LOCL_H
+# define HEADER_SSL_LOCL_H
+# include <stdlib.h>
+# include <time.h>
+# include <string.h>
+# include <errno.h>
+
+# include "e_os.h"
+
+# include <openssl/buffer.h>
+# ifndef OPENSSL_NO_COMP
+#  include <openssl/comp.h>
+# endif
+# include <openssl/bio.h>
+# include <openssl/stack.h>
+# ifndef OPENSSL_NO_RSA
+#  include <openssl/rsa.h>
+# endif
+# ifndef OPENSSL_NO_DSA
+#  include <openssl/dsa.h>
+# endif
+# include <openssl/err.h>
+# include <openssl/ssl.h>
+# include <openssl/symhacks.h>
+
+# ifdef OPENSSL_BUILD_SHLIBSSL
+#  undef OPENSSL_EXTERN
+#  define OPENSSL_EXTERN OPENSSL_EXPORT
+# endif
+
+# undef PKCS1_CHECK
+
+# define c2l(c,l)        (l = ((unsigned long)(*((c)++)))     , \
+                         l|=(((unsigned long)(*((c)++)))<< 8), \
+                         l|=(((unsigned long)(*((c)++)))<<16), \
+                         l|=(((unsigned long)(*((c)++)))<<24))
+
+/* NOTE - c is not incremented as per c2l */
+# define c2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))<<24; \
+                        case 7: l2|=((unsigned long)(*(--(c))))<<16; \
+                        case 6: l2|=((unsigned long)(*(--(c))))<< 8; \
+                        case 5: l2|=((unsigned long)(*(--(c))));     \
+                        case 4: l1 =((unsigned long)(*(--(c))))<<24; \
+                        case 3: l1|=((unsigned long)(*(--(c))))<<16; \
+                        case 2: l1|=((unsigned long)(*(--(c))))<< 8; \
+                        case 1: l1|=((unsigned long)(*(--(c))));     \
+                                } \
+                        }
+
+# define l2c(l,c)        (*((c)++)=(unsigned char)(((l)    )&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24)&0xff))
+
+# define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24, \
+                         l|=((unsigned long)(*((c)++)))<<16, \
+                         l|=((unsigned long)(*((c)++)))<< 8, \
+                         l|=((unsigned long)(*((c)++))))
+
+# define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                         *((c)++)=(unsigned char)(((l)    )&0xff))
+
+# define l2n6(l,c)       (*((c)++)=(unsigned char)(((l)>>40)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>32)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                         *((c)++)=(unsigned char)(((l)    )&0xff))
+
+# define l2n8(l,c)       (*((c)++)=(unsigned char)(((l)>>56)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>48)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>40)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>32)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                         *((c)++)=(unsigned char)(((l)    )&0xff))
+
+# define n2l6(c,l)       (l =((BN_ULLONG)(*((c)++)))<<40, \
+                         l|=((BN_ULLONG)(*((c)++)))<<32, \
+                         l|=((BN_ULLONG)(*((c)++)))<<24, \
+                         l|=((BN_ULLONG)(*((c)++)))<<16, \
+                         l|=((BN_ULLONG)(*((c)++)))<< 8, \
+                         l|=((BN_ULLONG)(*((c)++))))
+
+/* NOTE - c is not incremented as per l2c */
+# define l2cn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+                        case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+                        case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+                        case 5: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+                        case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+                        case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+                        case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+                        case 1: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+                                } \
+                        }
+
+# define n2s(c,s)        ((s=(((unsigned int)(c[0]))<< 8)| \
+                            (((unsigned int)(c[1]))    )),c+=2)
+# define s2n(s,c)        ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
+                          c[1]=(unsigned char)(((s)    )&0xff)),c+=2)
+
+# define n2l3(c,l)       ((l =(((unsigned long)(c[0]))<<16)| \
+                             (((unsigned long)(c[1]))<< 8)| \
+                             (((unsigned long)(c[2]))    )),c+=3)
+
+# define l2n3(l,c)       ((c[0]=(unsigned char)(((l)>>16)&0xff), \
+                          c[1]=(unsigned char)(((l)>> 8)&0xff), \
+                          c[2]=(unsigned char)(((l)    )&0xff)),c+=3)
+
+/* LOCAL STUFF */
+
+# define SSL_DECRYPT     0
+# define SSL_ENCRYPT     1
+
+# define TWO_BYTE_BIT    0x80
+# define SEC_ESC_BIT     0x40
+# define TWO_BYTE_MASK   0x7fff
+# define THREE_BYTE_MASK 0x3fff
+
+# define INC32(a)        ((a)=((a)+1)&0xffffffffL)
+# define DEC32(a)        ((a)=((a)-1)&0xffffffffL)
+# define MAX_MAC_SIZE    20     /* up from 16 for SSLv3 */
+
+/*
+ * Define the Bitmasks for SSL_CIPHER.algorithms.
+ * This bits are used packed as dense as possible. If new methods/ciphers
+ * etc will be added, the bits a likely to change, so this information
+ * is for internal library use only, even though SSL_CIPHER.algorithms
+ * can be publicly accessed.
+ * Use the according functions for cipher management instead.
+ *
+ * The bit mask handling in the selection and sorting scheme in
+ * ssl_create_cipher_list() has only limited capabilities, reflecting
+ * that the different entities within are mutually exclusive:
+ * ONLY ONE BIT PER MASK CAN BE SET AT A TIME.
+ */
+
+/* Bits for algorithm_mkey (key exchange algorithm) */
+/* RSA key exchange */
+# define SSL_kRSA                0x00000001L
+/* DH cert, RSA CA cert */
+/* no such ciphersuites supported! */
+# define SSL_kDHr                0x00000002L
+/* DH cert, DSA CA cert */
+/* no such ciphersuite supported! */
+# define SSL_kDHd                0x00000004L
+/* tmp DH key no DH cert */
+# define SSL_kEDH                0x00000008L
+/* Kerberos5 key exchange */
+# define SSL_kKRB5               0x00000010L
+/* ECDH cert, RSA CA cert */
+# define SSL_kECDHr              0x00000020L
+/* ECDH cert, ECDSA CA cert */
+# define SSL_kECDHe              0x00000040L
+/* ephemeral ECDH */
+# define SSL_kEECDH              0x00000080L
+/* PSK */
+# define SSL_kPSK                0x00000100L
+/* GOST key exchange */
+# define SSL_kGOST       0x00000200L
+/* SRP */
+# define SSL_kSRP        0x00000400L
+
+/* Bits for algorithm_auth (server authentication) */
+/* RSA auth */
+# define SSL_aRSA                0x00000001L
+/* DSS auth */
+# define SSL_aDSS                0x00000002L
+/* no auth (i.e. use ADH or AECDH) */
+# define SSL_aNULL               0x00000004L
+/* Fixed DH auth (kDHd or kDHr) */
+/* no such ciphersuites supported! */
+# define SSL_aDH                 0x00000008L
+/* Fixed ECDH auth (kECDHe or kECDHr) */
+# define SSL_aECDH               0x00000010L
+/* KRB5 auth */
+# define SSL_aKRB5               0x00000020L
+/* ECDSA auth*/
+# define SSL_aECDSA              0x00000040L
+/* PSK auth */
+# define SSL_aPSK                0x00000080L
+/* GOST R 34.10-94 signature auth */
+# define SSL_aGOST94                             0x00000100L
+/* GOST R 34.10-2001 signature auth */
+# define SSL_aGOST01                     0x00000200L
+/* SRP auth */
+# define SSL_aSRP                0x00000400L
+
+/* Bits for algorithm_enc (symmetric encryption) */
+# define SSL_DES                 0x00000001L
+# define SSL_3DES                0x00000002L
+# define SSL_RC4                 0x00000004L
+# define SSL_RC2                 0x00000008L
+# define SSL_IDEA                0x00000010L
+# define SSL_eNULL               0x00000020L
+# define SSL_AES128              0x00000040L
+# define SSL_AES256              0x00000080L
+# define SSL_CAMELLIA128         0x00000100L
+# define SSL_CAMELLIA256         0x00000200L
+# define SSL_eGOST2814789CNT     0x00000400L
+# define SSL_SEED                0x00000800L
+# define SSL_AES128GCM           0x00001000L
+# define SSL_AES256GCM           0x00002000L
+
+# define SSL_AES                 (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM)
+# define SSL_CAMELLIA            (SSL_CAMELLIA128|SSL_CAMELLIA256)
+
+/* Bits for algorithm_mac (symmetric authentication) */
+
+# define SSL_MD5                 0x00000001L
+# define SSL_SHA1                0x00000002L
+# define SSL_GOST94      0x00000004L
+# define SSL_GOST89MAC   0x00000008L
+# define SSL_SHA256              0x00000010L
+# define SSL_SHA384              0x00000020L
+/* Not a real MAC, just an indication it is part of cipher */
+# define SSL_AEAD                0x00000040L
+
+/* Bits for algorithm_ssl (protocol version) */
+# define SSL_SSLV2               0x00000001UL
+# define SSL_SSLV3               0x00000002UL
+# define SSL_TLSV1               SSL_SSLV3/* for now */
+# define SSL_TLSV1_2             0x00000004UL
+
+/* Bits for algorithm2 (handshake digests and other extra flags) */
+
+# define SSL_HANDSHAKE_MAC_MD5 0x10
+# define SSL_HANDSHAKE_MAC_SHA 0x20
+# define SSL_HANDSHAKE_MAC_GOST94 0x40
+# define SSL_HANDSHAKE_MAC_SHA256 0x80
+# define SSL_HANDSHAKE_MAC_SHA384 0x100
+# define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA)
+
+/*
+ * When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX make
+ * sure to update this constant too
+ */
+# define SSL_MAX_DIGEST 6
+
+# define TLS1_PRF_DGST_MASK      (0xff << TLS1_PRF_DGST_SHIFT)
+
+# define TLS1_PRF_DGST_SHIFT 10
+# define TLS1_PRF_MD5 (SSL_HANDSHAKE_MAC_MD5 << TLS1_PRF_DGST_SHIFT)
+# define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT)
+# define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT)
+# define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT)
+# define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT)
+# define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1)
+
+/*
+ * Stream MAC for GOST ciphersuites from cryptopro draft (currently this also
+ * goes into algorithm2)
+ */
+# define TLS1_STREAM_MAC 0x04
+
+/*
+ * Export and cipher strength information. For each cipher we have to decide
+ * whether it is exportable or not. This information is likely to change
+ * over time, since the export control rules are no static technical issue.
+ *
+ * Independent of the export flag the cipher strength is sorted into classes.
+ * SSL_EXP40 was denoting the 40bit US export limit of past times, which now
+ * is at 56bit (SSL_EXP56). If the exportable cipher class is going to change
+ * again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more,
+ * since SSL_EXP64 could be similar to SSL_LOW.
+ * For this reason SSL_MICRO and SSL_MINI macros are included to widen the
+ * namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed
+ * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would
+ * be possible.
+ */
+# define SSL_EXP_MASK            0x00000003L
+# define SSL_STRONG_MASK         0x000001fcL
+
+# define SSL_NOT_EXP             0x00000001L
+# define SSL_EXPORT              0x00000002L
+
+# define SSL_STRONG_NONE         0x00000004L
+# define SSL_EXP40               0x00000008L
+# define SSL_MICRO               (SSL_EXP40)
+# define SSL_EXP56               0x00000010L
+# define SSL_MINI                (SSL_EXP56)
+# define SSL_LOW                 0x00000020L
+# define SSL_MEDIUM              0x00000040L
+# define SSL_HIGH                0x00000080L
+# define SSL_FIPS                0x00000100L
+# define SSL_NOT_DEFAULT         0x00000200L
+
+/* we have used 000003ff - 22 bits left to go */
+
+/*-
+ * Macros to check the export status and cipher strength for export ciphers.
+ * Even though the macros for EXPORT and EXPORT40/56 have similar names,
+ * their meaning is different:
+ * *_EXPORT macros check the 'exportable' status.
+ * *_EXPORT40/56 macros are used to check whether a certain cipher strength
+ *          is given.
+ * Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct
+ * algorithm structure element to be passed (algorithms, algo_strength) and no
+ * typechecking can be done as they are all of type unsigned long, their
+ * direct usage is discouraged.
+ * Use the SSL_C_* macros instead.
+ */
+# define SSL_IS_EXPORT(a)        ((a)&SSL_EXPORT)
+# define SSL_IS_EXPORT56(a)      ((a)&SSL_EXP56)
+# define SSL_IS_EXPORT40(a)      ((a)&SSL_EXP40)
+# define SSL_C_IS_EXPORT(c)      SSL_IS_EXPORT((c)->algo_strength)
+# define SSL_C_IS_EXPORT56(c)    SSL_IS_EXPORT56((c)->algo_strength)
+# define SSL_C_IS_EXPORT40(c)    SSL_IS_EXPORT40((c)->algo_strength)
+
+# define SSL_EXPORT_KEYLENGTH(a,s)       (SSL_IS_EXPORT40(s) ? 5 : \
+                                 (a) == SSL_DES ? 8 : 7)
+# define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
+# define SSL_C_EXPORT_KEYLENGTH(c)       SSL_EXPORT_KEYLENGTH((c)->algorithm_enc, \
+                                (c)->algo_strength)
+# define SSL_C_EXPORT_PKEYLENGTH(c)      SSL_EXPORT_PKEYLENGTH((c)->algo_strength)
+
+/* Mostly for SSLv3 */
+# define SSL_PKEY_RSA_ENC        0
+# define SSL_PKEY_RSA_SIGN       1
+# define SSL_PKEY_DSA_SIGN       2
+# define SSL_PKEY_DH_RSA         3
+# define SSL_PKEY_DH_DSA         4
+# define SSL_PKEY_ECC            5
+# define SSL_PKEY_GOST94         6
+# define SSL_PKEY_GOST01         7
+# define SSL_PKEY_NUM            8
+
+/*-
+ * SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
+ *          <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
+ * SSL_kDH  <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
+ * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN
+ * SSL_aRSA <- RSA_ENC | RSA_SIGN
+ * SSL_aDSS <- DSA_SIGN
+ */
+
+/*-
+#define CERT_INVALID            0
+#define CERT_PUBLIC_KEY         1
+#define CERT_PRIVATE_KEY        2
+*/
+
+# ifndef OPENSSL_NO_EC
+/*
+ * From ECC-TLS draft, used in encoding the curve type in ECParameters
+ */
+#  define EXPLICIT_PRIME_CURVE_TYPE  1
+#  define EXPLICIT_CHAR2_CURVE_TYPE  2
+#  define NAMED_CURVE_TYPE           3
+# endif                         /* OPENSSL_NO_EC */
+
+typedef struct cert_pkey_st {
+    X509 *x509;
+    EVP_PKEY *privatekey;
+    /* Digest to use when signing */
+    const EVP_MD *digest;
+} CERT_PKEY;
+
+typedef struct cert_st {
+    /* Current active set */
+    /*
+     * ALWAYS points to an element of the pkeys array
+     * Probably it would make more sense to store
+     * an index, not a pointer.
+     */
+    CERT_PKEY *key;
+    /*
+     * The following masks are for the key and auth algorithms that are
+     * supported by the certs below
+     */
+    int valid;
+    unsigned long mask_k;
+    unsigned long mask_a;
+    unsigned long export_mask_k;
+    unsigned long export_mask_a;
+# ifndef OPENSSL_NO_RSA
+    RSA *rsa_tmp;
+    RSA *(*rsa_tmp_cb) (SSL *ssl, int is_export, int keysize);
+# endif
+# ifndef OPENSSL_NO_DH
+    DH *dh_tmp;
+    DH *(*dh_tmp_cb) (SSL *ssl, int is_export, int keysize);
+# endif
+# ifndef OPENSSL_NO_ECDH
+    EC_KEY *ecdh_tmp;
+    /* Callback for generating ephemeral ECDH keys */
+    EC_KEY *(*ecdh_tmp_cb) (SSL *ssl, int is_export, int keysize);
+# endif
+    CERT_PKEY pkeys[SSL_PKEY_NUM];
+    int references;             /* >1 only if SSL_copy_session_id is used */
+} CERT;
+
+typedef struct sess_cert_st {
+    STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */
+    /* The 'peer_...' members are used only by clients. */
+    int peer_cert_type;
+    CERT_PKEY *peer_key;        /* points to an element of peer_pkeys (never
+                                 * NULL!) */
+    CERT_PKEY peer_pkeys[SSL_PKEY_NUM];
+    /*
+     * Obviously we don't have the private keys of these, so maybe we
+     * shouldn't even use the CERT_PKEY type here.
+     */
+# ifndef OPENSSL_NO_RSA
+    RSA *peer_rsa_tmp;          /* not used for SSL 2 */
+# endif
+# ifndef OPENSSL_NO_DH
+    DH *peer_dh_tmp;            /* not used for SSL 2 */
+# endif
+# ifndef OPENSSL_NO_ECDH
+    EC_KEY *peer_ecdh_tmp;
+# endif
+    int references;             /* actually always 1 at the moment */
+} SESS_CERT;
+
+/*
+ * #define MAC_DEBUG
+ */
+
+/*
+ * #define ERR_DEBUG
+ */
+/*
+ * #define ABORT_DEBUG
+ */
+/*
+ * #define PKT_DEBUG 1
+ */
+/*
+ * #define DES_DEBUG
+ */
+/*
+ * #define DES_OFB_DEBUG
+ */
+/*
+ * #define SSL_DEBUG
+ */
+/*
+ * #define RSA_DEBUG
+ */
+/*
+ * #define IDEA_DEBUG
+ */
+
+# define FP_ICC  (int (*)(const void *,const void *))
+# define ssl_put_cipher_by_char(ssl,ciph,ptr) \
+                ((ssl)->method->put_cipher_by_char((ciph),(ptr)))
+# define ssl_get_cipher_by_char(ssl,ptr) \
+                ((ssl)->method->get_cipher_by_char(ptr))
+
+/*
+ * This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff It is a bit
+ * of a mess of functions, but hell, think of it as an opaque structure :-)
+ */
+typedef struct ssl3_enc_method {
+    int (*enc) (SSL *, int);
+    int (*mac) (SSL *, unsigned char *, int);
+    int (*setup_key_block) (SSL *);
+    int (*generate_master_secret) (SSL *, unsigned char *, unsigned char *,
+                                   int);
+    int (*change_cipher_state) (SSL *, int);
+    int (*final_finish_mac) (SSL *, const char *, int, unsigned char *);
+    int finish_mac_length;
+    int (*cert_verify_mac) (SSL *, int, unsigned char *);
+    const char *client_finished_label;
+    int client_finished_label_len;
+    const char *server_finished_label;
+    int server_finished_label_len;
+    int (*alert_value) (int);
+    int (*export_keying_material) (SSL *, unsigned char *, size_t,
+                                   const char *, size_t,
+                                   const unsigned char *, size_t,
+                                   int use_context);
+} SSL3_ENC_METHOD;
+
+# ifndef OPENSSL_NO_COMP
+/* Used for holding the relevant compression methods loaded into SSL_CTX */
+typedef struct ssl3_comp_st {
+    int comp_id;                /* The identifier byte for this compression
+                                 * type */
+    char *name;                 /* Text name used for the compression type */
+    COMP_METHOD *method;        /* The method :-) */
+} SSL3_COMP;
+# endif
+
+# ifndef OPENSSL_NO_BUF_FREELISTS
+typedef struct ssl3_buf_freelist_st {
+    size_t chunklen;
+    unsigned int len;
+    struct ssl3_buf_freelist_entry_st *head;
+} SSL3_BUF_FREELIST;
+
+typedef struct ssl3_buf_freelist_entry_st {
+    struct ssl3_buf_freelist_entry_st *next;
+} SSL3_BUF_FREELIST_ENTRY;
+# endif
+
+extern SSL3_ENC_METHOD ssl3_undef_enc_method;
+OPENSSL_EXTERN const SSL_CIPHER ssl2_ciphers[];
+OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
+
+SSL_METHOD *ssl_bad_method(int ver);
+
+extern SSL3_ENC_METHOD TLSv1_enc_data;
+extern SSL3_ENC_METHOD SSLv3_enc_data;
+extern SSL3_ENC_METHOD DTLSv1_enc_data;
+
+# define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION)
+
+# define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
+                                s_get_meth) \
+const SSL_METHOD *func_name(void)  \
+        { \
+        static const SSL_METHOD func_name##_data= { \
+                version, \
+                tls1_new, \
+                tls1_clear, \
+                tls1_free, \
+                s_accept, \
+                s_connect, \
+                ssl3_read, \
+                ssl3_peek, \
+                ssl3_write, \
+                ssl3_shutdown, \
+                ssl3_renegotiate, \
+                ssl3_renegotiate_check, \
+                ssl3_get_message, \
+                ssl3_read_bytes, \
+                ssl3_write_bytes, \
+                ssl3_dispatch_alert, \
+                ssl3_ctrl, \
+                ssl3_ctx_ctrl, \
+                ssl3_get_cipher_by_char, \
+                ssl3_put_cipher_by_char, \
+                ssl3_pending, \
+                ssl3_num_ciphers, \
+                ssl3_get_cipher, \
+                s_get_meth, \
+                tls1_default_timeout, \
+                &TLSv1_enc_data, \
+                ssl_undefined_void_function, \
+                ssl3_callback_ctrl, \
+                ssl3_ctx_callback_ctrl, \
+        }; \
+        return &func_name##_data; \
+        }
+
+# define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect, s_get_meth) \
+const SSL_METHOD *func_name(void)  \
+        { \
+        static const SSL_METHOD func_name##_data= { \
+                SSL3_VERSION, \
+                ssl3_new, \
+                ssl3_clear, \
+                ssl3_free, \
+                s_accept, \
+                s_connect, \
+                ssl3_read, \
+                ssl3_peek, \
+                ssl3_write, \
+                ssl3_shutdown, \
+                ssl3_renegotiate, \
+                ssl3_renegotiate_check, \
+                ssl3_get_message, \
+                ssl3_read_bytes, \
+                ssl3_write_bytes, \
+                ssl3_dispatch_alert, \
+                ssl3_ctrl, \
+                ssl3_ctx_ctrl, \
+                ssl3_get_cipher_by_char, \
+                ssl3_put_cipher_by_char, \
+                ssl3_pending, \
+                ssl3_num_ciphers, \
+                ssl3_get_cipher, \
+                s_get_meth, \
+                ssl3_default_timeout, \
+                &SSLv3_enc_data, \
+                ssl_undefined_void_function, \
+                ssl3_callback_ctrl, \
+                ssl3_ctx_callback_ctrl, \
+        }; \
+        return &func_name##_data; \
+        }
+
+# define IMPLEMENT_ssl23_meth_func(func_name, s_accept, s_connect, s_get_meth) \
+const SSL_METHOD *func_name(void)  \
+        { \
+        static const SSL_METHOD func_name##_data= { \
+        TLS1_2_VERSION, \
+        tls1_new, \
+        tls1_clear, \
+        tls1_free, \
+        s_accept, \
+        s_connect, \
+        ssl23_read, \
+        ssl23_peek, \
+        ssl23_write, \
+        ssl_undefined_function, \
+        ssl_undefined_function, \
+        ssl_ok, \
+        ssl3_get_message, \
+        ssl3_read_bytes, \
+        ssl3_write_bytes, \
+        ssl3_dispatch_alert, \
+        ssl3_ctrl, \
+        ssl3_ctx_ctrl, \
+        ssl23_get_cipher_by_char, \
+        ssl23_put_cipher_by_char, \
+        ssl_undefined_const_function, \
+        ssl23_num_ciphers, \
+        ssl23_get_cipher, \
+        s_get_meth, \
+        ssl23_default_timeout, \
+        &ssl3_undef_enc_method, \
+        ssl_undefined_void_function, \
+        ssl3_callback_ctrl, \
+        ssl3_ctx_callback_ctrl, \
+        }; \
+        return &func_name##_data; \
+        }
+
+# define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \
+const SSL_METHOD *func_name(void)  \
+        { \
+        static const SSL_METHOD func_name##_data= { \
+                SSL2_VERSION, \
+                ssl2_new,       /* local */ \
+                ssl2_clear,     /* local */ \
+                ssl2_free,      /* local */ \
+                s_accept, \
+                s_connect, \
+                ssl2_read, \
+                ssl2_peek, \
+                ssl2_write, \
+                ssl2_shutdown, \
+                ssl_ok, /* NULL - renegotiate */ \
+                ssl_ok, /* NULL - check renegotiate */ \
+                NULL, /* NULL - ssl_get_message */ \
+                NULL, /* NULL - ssl_get_record */ \
+                NULL, /* NULL - ssl_write_bytes */ \
+                NULL, /* NULL - dispatch_alert */ \
+                ssl2_ctrl,      /* local */ \
+                ssl2_ctx_ctrl,  /* local */ \
+                ssl2_get_cipher_by_char, \
+                ssl2_put_cipher_by_char, \
+                ssl2_pending, \
+                ssl2_num_ciphers, \
+                ssl2_get_cipher, \
+                s_get_meth, \
+                ssl2_default_timeout, \
+                &ssl3_undef_enc_method, \
+                ssl_undefined_void_function, \
+                ssl2_callback_ctrl,     /* local */ \
+                ssl2_ctx_callback_ctrl, /* local */ \
+        }; \
+        return &func_name##_data; \
+        }
+
+# define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
+const SSL_METHOD *func_name(void)  \
+        { \
+        static const SSL_METHOD func_name##_data= { \
+                DTLS1_VERSION, \
+                dtls1_new, \
+                dtls1_clear, \
+                dtls1_free, \
+                s_accept, \
+                s_connect, \
+                ssl3_read, \
+                ssl3_peek, \
+                ssl3_write, \
+                dtls1_shutdown, \
+                ssl3_renegotiate, \
+                ssl3_renegotiate_check, \
+                dtls1_get_message, \
+                dtls1_read_bytes, \
+                dtls1_write_app_data_bytes, \
+                dtls1_dispatch_alert, \
+                dtls1_ctrl, \
+                ssl3_ctx_ctrl, \
+                ssl3_get_cipher_by_char, \
+                ssl3_put_cipher_by_char, \
+                ssl3_pending, \
+                ssl3_num_ciphers, \
+                dtls1_get_cipher, \
+                s_get_meth, \
+                dtls1_default_timeout, \
+                &DTLSv1_enc_data, \
+                ssl_undefined_void_function, \
+                ssl3_callback_ctrl, \
+                ssl3_ctx_callback_ctrl, \
+        }; \
+        return &func_name##_data; \
+        }
+
+struct openssl_ssl_test_functions {
+    int (*p_ssl_init_wbio_buffer) (SSL *s, int push);
+    int (*p_ssl3_setup_buffers) (SSL *s);
+    int (*p_tls1_process_heartbeat) (SSL *s);
+    int (*p_dtls1_process_heartbeat) (SSL *s);
+};
+
+# ifndef OPENSSL_UNIT_TEST
+
+void ssl_clear_cipher_ctx(SSL *s);
+int ssl_clear_bad_session(SSL *s);
+CERT *ssl_cert_new(void);
+CERT *ssl_cert_dup(CERT *cert);
+int ssl_cert_inst(CERT **o);
+void ssl_cert_free(CERT *c);
+SESS_CERT *ssl_sess_cert_new(void);
+void ssl_sess_cert_free(SESS_CERT *sc);
+int ssl_set_peer_cert_type(SESS_CERT *c, int type);
+int ssl_get_new_session(SSL *s, int session);
+int ssl_get_prev_session(SSL *s, unsigned char *session, int len,
+                         const unsigned char *limit);
+SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket);
+int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b);
+DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
+int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
+                          const SSL_CIPHER *const *bp);
+STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p,
+                                               int num,
+                                               STACK_OF(SSL_CIPHER) **skp);
+int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
+                             unsigned char *p,
+                             int (*put_cb) (const SSL_CIPHER *,
+                                            unsigned char *));
+STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
+                                             STACK_OF(SSL_CIPHER) **pref,
+                                             STACK_OF(SSL_CIPHER) **sorted,
+                                             const char *rule_str);
+void ssl_update_cache(SSL *s, int mode);
+int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+                       const EVP_MD **md, int *mac_pkey_type,
+                       int *mac_secret_size, SSL_COMP **comp);
+int ssl_get_handshake_digest(int i, long *mask, const EVP_MD **md);
+int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk);
+int ssl_undefined_function(SSL *s);
+int ssl_undefined_void_function(void);
+int ssl_undefined_const_function(const SSL *s);
+CERT_PKEY *ssl_get_server_send_pkey(const SSL *s);
+X509 *ssl_get_server_send_cert(const SSL *);
+EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c, const EVP_MD **pmd);
+int ssl_cert_type(X509 *x, EVP_PKEY *pkey);
+void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
+STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
+int ssl_verify_alarm_type(long type);
+void ssl_load_ciphers(void);
+int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len);
+
+int ssl2_enc_init(SSL *s, int client);
+int ssl2_generate_key_material(SSL *s);
+int ssl2_enc(SSL *s, int send_data);
+void ssl2_mac(SSL *s, unsigned char *mac, int send_data);
+const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
+int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
+int ssl2_part_read(SSL *s, unsigned long f, int i);
+int ssl2_do_write(SSL *s);
+int ssl2_set_certificate(SSL *s, int type, int len,
+                         const unsigned char *data);
+void ssl2_return_error(SSL *s, int reason);
+void ssl2_write_error(SSL *s);
+int ssl2_num_ciphers(void);
+const SSL_CIPHER *ssl2_get_cipher(unsigned int u);
+int ssl2_new(SSL *s);
+void ssl2_free(SSL *s);
+int ssl2_accept(SSL *s);
+int ssl2_connect(SSL *s);
+int ssl2_read(SSL *s, void *buf, int len);
+int ssl2_peek(SSL *s, void *buf, int len);
+int ssl2_write(SSL *s, const void *buf, int len);
+int ssl2_shutdown(SSL *s);
+void ssl2_clear(SSL *s);
+long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg);
+long ssl2_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg);
+long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp) (void));
+long ssl2_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp) (void));
+int ssl2_pending(const SSL *s);
+long ssl2_default_timeout(void);
+
+const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
+int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
+void ssl3_init_finished_mac(SSL *s);
+int ssl3_send_server_certificate(SSL *s);
+int ssl3_send_newsession_ticket(SSL *s);
+int ssl3_send_cert_status(SSL *s);
+int ssl3_get_finished(SSL *s, int state_a, int state_b);
+int ssl3_setup_key_block(SSL *s);
+int ssl3_send_change_cipher_spec(SSL *s, int state_a, int state_b);
+int ssl3_change_cipher_state(SSL *s, int which);
+void ssl3_cleanup_key_block(SSL *s);
+int ssl3_do_write(SSL *s, int type);
+int ssl3_send_alert(SSL *s, int level, int desc);
+int ssl3_generate_master_secret(SSL *s, unsigned char *out,
+                                unsigned char *p, int len);
+int ssl3_get_req_cert_type(SSL *s, unsigned char *p);
+long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
+int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen);
+int ssl3_num_ciphers(void);
+const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
+int ssl3_renegotiate(SSL *ssl);
+int ssl3_renegotiate_check(SSL *ssl);
+int ssl3_dispatch_alert(SSL *s);
+int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
+int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
+int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,
+                          unsigned char *p);
+int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
+void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
+int ssl3_enc(SSL *s, int send_data);
+int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
+void ssl3_free_digest_list(SSL *s);
+unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
+SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt,
+                               STACK_OF(SSL_CIPHER) *srvr);
+int ssl3_setup_buffers(SSL *s);
+int ssl3_setup_read_buffer(SSL *s);
+int ssl3_setup_write_buffer(SSL *s);
+int ssl3_release_read_buffer(SSL *s);
+int ssl3_release_write_buffer(SSL *s);
+int ssl3_digest_cached_records(SSL *s);
+int ssl3_new(SSL *s);
+void ssl3_free(SSL *s);
+int ssl3_accept(SSL *s);
+int ssl3_connect(SSL *s);
+int ssl3_read(SSL *s, void *buf, int len);
+int ssl3_peek(SSL *s, void *buf, int len);
+int ssl3_write(SSL *s, const void *buf, int len);
+int ssl3_shutdown(SSL *s);
+void ssl3_clear(SSL *s);
+long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg);
+long ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg);
+long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void));
+long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp) (void));
+int ssl3_pending(const SSL *s);
+
+void ssl3_record_sequence_update(unsigned char *seq);
+int ssl3_do_change_cipher_spec(SSL *ssl);
+long ssl3_default_timeout(void);
+
+int ssl23_num_ciphers(void);
+const SSL_CIPHER *ssl23_get_cipher(unsigned int u);
+int ssl23_read(SSL *s, void *buf, int len);
+int ssl23_peek(SSL *s, void *buf, int len);
+int ssl23_write(SSL *s, const void *buf, int len);
+int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
+const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
+long ssl23_default_timeout(void);
+
+long tls1_default_timeout(void);
+int dtls1_do_write(SSL *s, int type);
+int ssl3_read_n(SSL *s, int n, int max, int extend);
+int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
+int ssl3_do_compress(SSL *ssl);
+int ssl3_do_uncompress(SSL *ssl);
+int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
+                       unsigned int len);
+unsigned char *dtls1_set_message_header(SSL *s,
+                                        unsigned char *p, unsigned char mt,
+                                        unsigned long len,
+                                        unsigned long frag_off,
+                                        unsigned long frag_len);
+
+int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len);
+int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
+
+int dtls1_send_change_cipher_spec(SSL *s, int a, int b);
+int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen);
+unsigned long dtls1_output_cert_chain(SSL *s, X509 *x);
+int dtls1_read_failed(SSL *s, int code);
+int dtls1_buffer_message(SSL *s, int ccs);
+int dtls1_retransmit_message(SSL *s, unsigned short seq,
+                             unsigned long frag_off, int *found);
+int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
+int dtls1_retransmit_buffered_messages(SSL *s);
+void dtls1_clear_received_buffer(SSL *s);
+void dtls1_clear_sent_buffer(SSL *s);
+void dtls1_get_message_header(unsigned char *data,
+                              struct hm_header_st *msg_hdr);
+void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
+void dtls1_reset_seq_numbers(SSL *s, int rw);
+long dtls1_default_timeout(void);
+struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft);
+int dtls1_check_timeout_num(SSL *s);
+int dtls1_handle_timeout(SSL *s);
+const SSL_CIPHER *dtls1_get_cipher(unsigned int u);
+void dtls1_start_timer(SSL *s);
+void dtls1_stop_timer(SSL *s);
+int dtls1_is_timer_expired(SSL *s);
+void dtls1_double_timeout(SSL *s);
+int dtls1_send_newsession_ticket(SSL *s);
+unsigned int dtls1_min_mtu(SSL *s);
+unsigned int dtls1_link_min_mtu(void);
+void dtls1_hm_fragment_free(hm_fragment *frag);
+
+/* some client-only functions */
+int ssl3_client_hello(SSL *s);
+int ssl3_get_server_hello(SSL *s);
+int ssl3_get_certificate_request(SSL *s);
+int ssl3_get_new_session_ticket(SSL *s);
+int ssl3_get_cert_status(SSL *s);
+int ssl3_get_server_done(SSL *s);
+int ssl3_send_client_verify(SSL *s);
+int ssl3_send_client_certificate(SSL *s);
+int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
+int ssl3_send_client_key_exchange(SSL *s);
+int ssl3_get_key_exchange(SSL *s);
+int ssl3_get_server_certificate(SSL *s);
+int ssl3_check_cert_and_algorithm(SSL *s);
+#  ifndef OPENSSL_NO_TLSEXT
+#   ifndef OPENSSL_NO_NEXTPROTONEG
+int ssl3_send_next_proto(SSL *s);
+#   endif
+#  endif
+
+int dtls1_client_hello(SSL *s);
+int dtls1_send_client_certificate(SSL *s);
+int dtls1_send_client_key_exchange(SSL *s);
+int dtls1_send_client_verify(SSL *s);
+
+/* some server-only functions */
+int ssl3_get_client_hello(SSL *s);
+int ssl3_send_server_hello(SSL *s);
+int ssl3_send_hello_request(SSL *s);
+int ssl3_send_server_key_exchange(SSL *s);
+int ssl3_send_certificate_request(SSL *s);
+int ssl3_send_server_done(SSL *s);
+int ssl3_check_client_hello(SSL *s);
+int ssl3_get_client_certificate(SSL *s);
+int ssl3_get_client_key_exchange(SSL *s);
+int ssl3_get_cert_verify(SSL *s);
+#  ifndef OPENSSL_NO_NEXTPROTONEG
+int ssl3_get_next_proto(SSL *s);
+#  endif
+
+int dtls1_send_hello_request(SSL *s);
+int dtls1_send_server_hello(SSL *s);
+int dtls1_send_server_certificate(SSL *s);
+int dtls1_send_server_key_exchange(SSL *s);
+int dtls1_send_certificate_request(SSL *s);
+int dtls1_send_server_done(SSL *s);
+
+int ssl23_accept(SSL *s);
+int ssl23_connect(SSL *s);
+int ssl23_read_bytes(SSL *s, int n);
+int ssl23_write_bytes(SSL *s);
+
+int tls1_new(SSL *s);
+void tls1_free(SSL *s);
+void tls1_clear(SSL *s);
+long tls1_ctrl(SSL *s, int cmd, long larg, void *parg);
+long tls1_callback_ctrl(SSL *s, int cmd, void (*fp) (void));
+
+int dtls1_new(SSL *s);
+int dtls1_accept(SSL *s);
+int dtls1_connect(SSL *s);
+void dtls1_free(SSL *s);
+void dtls1_clear(SSL *s);
+long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg);
+int dtls1_shutdown(SSL *s);
+
+long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
+int dtls1_get_record(SSL *s);
+int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
+                   unsigned int len, int create_empty_fragement);
+int dtls1_dispatch_alert(SSL *s);
+int dtls1_enc(SSL *s, int snd);
+
+int ssl_init_wbio_buffer(SSL *s, int push);
+void ssl_free_wbio_buffer(SSL *s);
+
+int tls1_change_cipher_state(SSL *s, int which);
+int tls1_setup_key_block(SSL *s);
+int tls1_enc(SSL *s, int snd);
+int tls1_final_finish_mac(SSL *s,
+                          const char *str, int slen, unsigned char *p);
+int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
+int tls1_mac(SSL *ssl, unsigned char *md, int snd);
+int tls1_generate_master_secret(SSL *s, unsigned char *out,
+                                unsigned char *p, int len);
+int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+                                const char *label, size_t llen,
+                                const unsigned char *p, size_t plen,
+                                int use_context);
+int tls1_alert_code(int code);
+int ssl3_alert_code(int code);
+int ssl_ok(SSL *s);
+
+#  ifndef OPENSSL_NO_ECDH
+int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);
+#  endif
+
+SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
+
+#  ifndef OPENSSL_NO_EC
+int tls1_ec_curve_id2nid(int curve_id);
+int tls1_ec_nid2curve_id(int nid);
+#  endif                        /* OPENSSL_NO_EC */
+
+#  ifndef OPENSSL_NO_TLSEXT
+unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
+                                          unsigned char *limit);
+unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
+                                          unsigned char *limit);
+int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data,
+                                 unsigned char *limit, int *al);
+int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data,
+                                 unsigned char *d, int n, int *al);
+int ssl_prepare_clienthello_tlsext(SSL *s);
+int ssl_prepare_serverhello_tlsext(SSL *s);
+int ssl_check_clienthello_tlsext_early(SSL *s);
+int ssl_check_clienthello_tlsext_late(SSL *s);
+int ssl_check_serverhello_tlsext(SSL *s);
+
+#   ifndef OPENSSL_NO_HEARTBEATS
+int tls1_heartbeat(SSL *s);
+int dtls1_heartbeat(SSL *s);
+int tls1_process_heartbeat(SSL *s);
+int dtls1_process_heartbeat(SSL *s);
+#   endif
+
+#   ifdef OPENSSL_NO_SHA256
+#    define tlsext_tick_md  EVP_sha1
+#   else
+#    define tlsext_tick_md  EVP_sha256
+#   endif
+int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
+                        const unsigned char *limit, SSL_SESSION **ret);
+
+int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
+                         const EVP_MD *md);
+int tls12_get_sigid(const EVP_PKEY *pk);
+const EVP_MD *tls12_get_hash(unsigned char hash_alg);
+
+#  endif
+EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md);
+void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
+int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
+                                        int maxlen);
+int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
+                                          int *al);
+int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
+                                        int maxlen);
+int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
+                                          int *al);
+long ssl_get_algorithm2(SSL *s);
+int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize);
+int tls12_get_req_sig_algs(SSL *s, unsigned char *p);
+
+int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len,
+                                     int maxlen);
+int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,
+                                       int *al);
+int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len,
+                                     int maxlen);
+int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,
+                                       int *al);
+
+/* s3_cbc.c */
+void ssl3_cbc_copy_mac(unsigned char *out,
+                       const SSL3_RECORD *rec,
+                       unsigned md_size, unsigned orig_len);
+int ssl3_cbc_remove_padding(const SSL *s,
+                            SSL3_RECORD *rec,
+                            unsigned block_size, unsigned mac_size);
+int tls1_cbc_remove_padding(const SSL *s,
+                            SSL3_RECORD *rec,
+                            unsigned block_size, unsigned mac_size);
+char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
+int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
+                           unsigned char *md_out,
+                           size_t *md_out_size,
+                           const unsigned char header[13],
+                           const unsigned char *data,
+                           size_t data_plus_mac_size,
+                           size_t data_plus_mac_plus_padding_size,
+                           const unsigned char *mac_secret,
+                           unsigned mac_secret_length, char is_sslv3);
+
+void tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx,
+                           EVP_MD_CTX *mac_ctx, const unsigned char *data,
+                           size_t data_len, size_t orig_len);
+
+int srp_verify_server_param(SSL *s, int *al);
+
+# else
+
+#  define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer
+#  define ssl3_setup_buffers SSL_test_functions()->p_ssl3_setup_buffers
+#  define tls1_process_heartbeat SSL_test_functions()->p_tls1_process_heartbeat
+#  define dtls1_process_heartbeat SSL_test_functions()->p_dtls1_process_heartbeat
+
+# endif
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/ssl/ssl_sess.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/ssl_sess.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/ssl/ssl_sess.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,1305 +0,0 @@
-/* ssl/ssl_sess.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#include <stdio.h>
-#include <openssl/lhash.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
-#include "ssl_locl.h"
-
-static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
-static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s);
-static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
-
-SSL_SESSION *SSL_get_session(const SSL *ssl)
-/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
-{
-    return (ssl->session);
-}
-
-SSL_SESSION *SSL_get1_session(SSL *ssl)
-/* variant of SSL_get_session: caller really gets something */
-{
-    SSL_SESSION *sess;
-    /*
-     * Need to lock this all up rather than just use CRYPTO_add so that
-     * somebody doesn't free ssl->session between when we check it's non-null
-     * and when we up the reference count.
-     */
-    CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION);
-    sess = ssl->session;
-    if (sess)
-        sess->references++;
-    CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION);
-    return (sess);
-}
-
-int SSL_SESSION_get_ex_new_index(long argl, void *argp,
-                                 CRYPTO_EX_new *new_func,
-                                 CRYPTO_EX_dup *dup_func,
-                                 CRYPTO_EX_free *free_func)
-{
-    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp,
-                                   new_func, dup_func, free_func);
-}
-
-int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
-{
-    return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
-}
-
-void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx)
-{
-    return (CRYPTO_get_ex_data(&s->ex_data, idx));
-}
-
-SSL_SESSION *SSL_SESSION_new(void)
-{
-    SSL_SESSION *ss;
-
-    ss = (SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION));
-    if (ss == NULL) {
-        SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE);
-        return (0);
-    }
-    memset(ss, 0, sizeof(SSL_SESSION));
-
-    ss->verify_result = 1;      /* avoid 0 (= X509_V_OK) just in case */
-    ss->references = 1;
-    ss->timeout = 60 * 5 + 4;   /* 5 minute timeout by default */
-    ss->time = (unsigned long)time(NULL);
-    ss->prev = NULL;
-    ss->next = NULL;
-    ss->compress_meth = 0;
-#ifndef OPENSSL_NO_TLSEXT
-    ss->tlsext_hostname = NULL;
-# ifndef OPENSSL_NO_EC
-    ss->tlsext_ecpointformatlist_length = 0;
-    ss->tlsext_ecpointformatlist = NULL;
-    ss->tlsext_ellipticcurvelist_length = 0;
-    ss->tlsext_ellipticcurvelist = NULL;
-# endif
-#endif
-    CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
-#ifndef OPENSSL_NO_PSK
-    ss->psk_identity_hint = NULL;
-    ss->psk_identity = NULL;
-#endif
-#ifndef OPENSSL_NO_SRP
-    ss->srp_username = NULL;
-#endif
-    return (ss);
-}
-
-/*
- * Create a new SSL_SESSION and duplicate the contents of |src| into it. If
- * ticket == 0 then no ticket information is duplicated, otherwise it is.
- */
-SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
-{
-    SSL_SESSION *dest;
-
-    dest = OPENSSL_malloc(sizeof(*src));
-    if (dest == NULL) {
-        goto err;
-    }
-    memcpy(dest, src, sizeof(*dest));
-
-    /*
-     * Set the various pointers to NULL so that we can call SSL_SESSION_free in
-     * the case of an error whilst halfway through constructing dest
-     */
-#ifndef OPENSSL_NO_PSK
-    dest->psk_identity_hint = NULL;
-    dest->psk_identity = NULL;
-#endif
-    dest->ciphers = NULL;
-#ifndef OPENSSL_NO_TLSEXT
-    dest->tlsext_hostname = NULL;
-# ifndef OPENSSL_NO_EC
-    dest->tlsext_ecpointformatlist = NULL;
-    dest->tlsext_ellipticcurvelist = NULL;
-# endif
-    dest->tlsext_tick = NULL;
-#endif
-#ifndef OPENSSL_NO_SRP
-    dest->srp_username = NULL;
-#endif
-    memset(&dest->ex_data, 0, sizeof(dest->ex_data));
-
-    /* We deliberately don't copy the prev and next pointers */
-    dest->prev = NULL;
-    dest->next = NULL;
-
-    dest->references = 1;
-
-    if (src->sess_cert != NULL)
-        CRYPTO_add(&src->sess_cert->references, 1, CRYPTO_LOCK_SSL_SESS_CERT);
-
-    if (src->peer != NULL)
-        CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509);
-
-#ifndef OPENSSL_NO_PSK
-    if (src->psk_identity_hint) {
-        dest->psk_identity_hint = BUF_strdup(src->psk_identity_hint);
-        if (dest->psk_identity_hint == NULL) {
-            goto err;
-        }
-    }
-    if (src->psk_identity) {
-        dest->psk_identity = BUF_strdup(src->psk_identity);
-        if (dest->psk_identity == NULL) {
-            goto err;
-        }
-    }
-#endif
-
-    if(src->ciphers != NULL) {
-        dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers);
-        if (dest->ciphers == NULL)
-            goto err;
-    }
-
-    if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION,
-                                            &dest->ex_data, &src->ex_data)) {
-        goto err;
-    }
-
-#ifndef OPENSSL_NO_TLSEXT
-    if (src->tlsext_hostname) {
-        dest->tlsext_hostname = BUF_strdup(src->tlsext_hostname);
-        if (dest->tlsext_hostname == NULL) {
-            goto err;
-        }
-    }
-# ifndef OPENSSL_NO_EC
-    if (src->tlsext_ecpointformatlist) {
-        dest->tlsext_ecpointformatlist =
-            BUF_memdup(src->tlsext_ecpointformatlist,
-                       src->tlsext_ecpointformatlist_length);
-        if (dest->tlsext_ecpointformatlist == NULL)
-            goto err;
-    }
-    if (src->tlsext_ellipticcurvelist) {
-        dest->tlsext_ellipticcurvelist =
-            BUF_memdup(src->tlsext_ellipticcurvelist,
-                       src->tlsext_ellipticcurvelist_length);
-        if (dest->tlsext_ellipticcurvelist == NULL)
-            goto err;
-    }
-# endif
-
-    if (ticket != 0) {
-        dest->tlsext_tick = BUF_memdup(src->tlsext_tick, src->tlsext_ticklen);
-        if(dest->tlsext_tick == NULL)
-            goto err;
-    } else {
-        dest->tlsext_tick_lifetime_hint = 0;
-        dest->tlsext_ticklen = 0;
-    }
-#endif
-
-#ifndef OPENSSL_NO_SRP
-    if (src->srp_username) {
-        dest->srp_username = BUF_strdup(src->srp_username);
-        if (dest->srp_username == NULL) {
-            goto err;
-        }
-    }
-#endif
-
-    return dest;
-err:
-    SSLerr(SSL_F_SSL_SESSION_DUP, ERR_R_MALLOC_FAILURE);
-    SSL_SESSION_free(dest);
-    return NULL;
-}
-
-const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
-                                        unsigned int *len)
-{
-    if (len)
-        *len = s->session_id_length;
-    return s->session_id;
-}
-
-unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s)
-{
-    return s->compress_meth;
-}
-
-/*
- * Even with SSLv2, we have 16 bytes (128 bits) of session ID space.
- * SSLv3/TLSv1 has 32 bytes (256 bits). As such, filling the ID with random
- * gunk repeatedly until we have no conflict is going to complete in one
- * iteration pretty much "most" of the time (btw: understatement). So, if it
- * takes us 10 iterations and we still can't avoid a conflict - well that's a
- * reasonable point to call it quits. Either the RAND code is broken or
- * someone is trying to open roughly very close to 2^128 (or 2^256) SSL
- * sessions to our server. How you might store that many sessions is perhaps
- * a more interesting question ...
- */
-
-#define MAX_SESS_ID_ATTEMPTS 10
-static int def_generate_session_id(const SSL *ssl, unsigned char *id,
-                                   unsigned int *id_len)
-{
-    unsigned int retry = 0;
-    do
-        if (RAND_pseudo_bytes(id, *id_len) <= 0)
-            return 0;
-    while (SSL_has_matching_session_id(ssl, id, *id_len) &&
-           (++retry < MAX_SESS_ID_ATTEMPTS)) ;
-    if (retry < MAX_SESS_ID_ATTEMPTS)
-        return 1;
-    /* else - woops a session_id match */
-    /*
-     * XXX We should also check the external cache -- but the probability of
-     * a collision is negligible, and we could not prevent the concurrent
-     * creation of sessions with identical IDs since we currently don't have
-     * means to atomically check whether a session ID already exists and make
-     * a reservation for it if it does not (this problem applies to the
-     * internal cache as well).
-     */
-    return 0;
-}
-
-int ssl_get_new_session(SSL *s, int session)
-{
-    /* This gets used by clients and servers. */
-
-    unsigned int tmp;
-    SSL_SESSION *ss = NULL;
-    GEN_SESSION_CB cb = def_generate_session_id;
-
-    if ((ss = SSL_SESSION_new()) == NULL)
-        return (0);
-
-    /* If the context has a default timeout, use it */
-    if (s->session_ctx->session_timeout == 0)
-        ss->timeout = SSL_get_default_timeout(s);
-    else
-        ss->timeout = s->session_ctx->session_timeout;
-
-    if (s->session != NULL) {
-        SSL_SESSION_free(s->session);
-        s->session = NULL;
-    }
-
-    if (session) {
-        if (s->version == SSL2_VERSION) {
-            ss->ssl_version = SSL2_VERSION;
-            ss->session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
-        } else if (s->version == SSL3_VERSION) {
-            ss->ssl_version = SSL3_VERSION;
-            ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
-        } else if (s->version == TLS1_VERSION) {
-            ss->ssl_version = TLS1_VERSION;
-            ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
-        } else if (s->version == TLS1_1_VERSION) {
-            ss->ssl_version = TLS1_1_VERSION;
-            ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
-        } else if (s->version == TLS1_2_VERSION) {
-            ss->ssl_version = TLS1_2_VERSION;
-            ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
-        } else if (s->version == DTLS1_BAD_VER) {
-            ss->ssl_version = DTLS1_BAD_VER;
-            ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
-        } else if (s->version == DTLS1_VERSION) {
-            ss->ssl_version = DTLS1_VERSION;
-            ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
-        } else {
-            SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_UNSUPPORTED_SSL_VERSION);
-            SSL_SESSION_free(ss);
-            return (0);
-        }
-#ifndef OPENSSL_NO_TLSEXT
-        /*-
-         * If RFC5077 ticket, use empty session ID (as server).
-         * Note that:
-         * (a) ssl_get_prev_session() does lookahead into the
-         *     ClientHello extensions to find the session ticket.
-         *     When ssl_get_prev_session() fails, s3_srvr.c calls
-         *     ssl_get_new_session() in ssl3_get_client_hello().
-         *     At that point, it has not yet parsed the extensions,
-         *     however, because of the lookahead, it already knows
-         *     whether a ticket is expected or not.
-         *
-         * (b) s3_clnt.c calls ssl_get_new_session() before parsing
-         *     ServerHello extensions, and before recording the session
-         *     ID received from the server, so this block is a noop.
-         */
-        if (s->tlsext_ticket_expected) {
-            ss->session_id_length = 0;
-            goto sess_id_done;
-        }
-#endif
-        /* Choose which callback will set the session ID */
-        CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
-        if (s->generate_session_id)
-            cb = s->generate_session_id;
-        else if (s->session_ctx->generate_session_id)
-            cb = s->session_ctx->generate_session_id;
-        CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
-        /* Choose a session ID */
-        tmp = ss->session_id_length;
-        if (!cb(s, ss->session_id, &tmp)) {
-            /* The callback failed */
-            SSLerr(SSL_F_SSL_GET_NEW_SESSION,
-                   SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
-            SSL_SESSION_free(ss);
-            return (0);
-        }
-        /*
-         * Don't allow the callback to set the session length to zero. nor
-         * set it higher than it was.
-         */
-        if (!tmp || (tmp > ss->session_id_length)) {
-            /* The callback set an illegal length */
-            SSLerr(SSL_F_SSL_GET_NEW_SESSION,
-                   SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
-            SSL_SESSION_free(ss);
-            return (0);
-        }
-        /* If the session length was shrunk and we're SSLv2, pad it */
-        if ((tmp < ss->session_id_length) && (s->version == SSL2_VERSION))
-            memset(ss->session_id + tmp, 0, ss->session_id_length - tmp);
-        else
-            ss->session_id_length = tmp;
-        /* Finally, check for a conflict */
-        if (SSL_has_matching_session_id(s, ss->session_id,
-                                        ss->session_id_length)) {
-            SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_SSL_SESSION_ID_CONFLICT);
-            SSL_SESSION_free(ss);
-            return (0);
-        }
-#ifndef OPENSSL_NO_TLSEXT
- sess_id_done:
-        if (s->tlsext_hostname) {
-            ss->tlsext_hostname = BUF_strdup(s->tlsext_hostname);
-            if (ss->tlsext_hostname == NULL) {
-                SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
-                SSL_SESSION_free(ss);
-                return 0;
-            }
-        }
-# ifndef OPENSSL_NO_EC
-        if (s->tlsext_ecpointformatlist) {
-            if (ss->tlsext_ecpointformatlist != NULL)
-                OPENSSL_free(ss->tlsext_ecpointformatlist);
-            if ((ss->tlsext_ecpointformatlist =
-                 OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) ==
-                NULL) {
-                SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE);
-                SSL_SESSION_free(ss);
-                return 0;
-            }
-            ss->tlsext_ecpointformatlist_length =
-                s->tlsext_ecpointformatlist_length;
-            memcpy(ss->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist,
-                   s->tlsext_ecpointformatlist_length);
-        }
-        if (s->tlsext_ellipticcurvelist) {
-            if (ss->tlsext_ellipticcurvelist != NULL)
-                OPENSSL_free(ss->tlsext_ellipticcurvelist);
-            if ((ss->tlsext_ellipticcurvelist =
-                 OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) ==
-                NULL) {
-                SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE);
-                SSL_SESSION_free(ss);
-                return 0;
-            }
-            ss->tlsext_ellipticcurvelist_length =
-                s->tlsext_ellipticcurvelist_length;
-            memcpy(ss->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist,
-                   s->tlsext_ellipticcurvelist_length);
-        }
-# endif
-#endif
-    } else {
-        ss->session_id_length = 0;
-    }
-
-    if (s->sid_ctx_length > sizeof ss->sid_ctx) {
-        SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
-        SSL_SESSION_free(ss);
-        return 0;
-    }
-    memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length);
-    ss->sid_ctx_length = s->sid_ctx_length;
-    s->session = ss;
-    ss->ssl_version = s->version;
-    ss->verify_result = X509_V_OK;
-
-    return (1);
-}
-
-/*-
- * ssl_get_prev attempts to find an SSL_SESSION to be used to resume this
- * connection. It is only called by servers.
- *
- *   session_id: points at the session ID in the ClientHello. This code will
- *       read past the end of this in order to parse out the session ticket
- *       extension, if any.
- *   len: the length of the session ID.
- *   limit: a pointer to the first byte after the ClientHello.
- *
- * Returns:
- *   -1: error
- *    0: a session may have been found.
- *
- * Side effects:
- *   - If a session is found then s->session is pointed at it (after freeing an
- *     existing session if need be) and s->verify_result is set from the session.
- *   - Both for new and resumed sessions, s->tlsext_ticket_expected is set to 1
- *     if the server should issue a new session ticket (to 0 otherwise).
- */
-int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
-                         const unsigned char *limit)
-{
-    /* This is used only by servers. */
-
-    SSL_SESSION *ret = NULL;
-    int fatal = 0;
-    int try_session_cache = 1;
-#ifndef OPENSSL_NO_TLSEXT
-    int r;
-#endif
-
-    if (len < 0 || len > SSL_MAX_SSL_SESSION_ID_LENGTH)
-        goto err;
-
-    if (session_id + len > limit) {
-        fatal = 1;
-        goto err;
-    }
-
-    if (len == 0)
-        try_session_cache = 0;
-
-#ifndef OPENSSL_NO_TLSEXT
-    /* sets s->tlsext_ticket_expected */
-    r = tls1_process_ticket(s, session_id, len, limit, &ret);
-    switch (r) {
-    case -1:                   /* Error during processing */
-        fatal = 1;
-        goto err;
-    case 0:                    /* No ticket found */
-    case 1:                    /* Zero length ticket found */
-        break;                  /* Ok to carry on processing session id. */
-    case 2:                    /* Ticket found but not decrypted. */
-    case 3:                    /* Ticket decrypted, *ret has been set. */
-        try_session_cache = 0;
-        break;
-    default:
-        abort();
-    }
-#endif
-
-    if (try_session_cache &&
-        ret == NULL &&
-        !(s->session_ctx->session_cache_mode &
-          SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) {
-        SSL_SESSION data;
-        data.ssl_version = s->version;
-        data.session_id_length = len;
-        if (len == 0)
-            return 0;
-        memcpy(data.session_id, session_id, len);
-        CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
-        ret = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data);
-        if (ret != NULL) {
-            /* don't allow other threads to steal it: */
-            CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_SSL_SESSION);
-        }
-        CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
-        if (ret == NULL)
-            s->session_ctx->stats.sess_miss++;
-    }
-
-    if (try_session_cache &&
-        ret == NULL && s->session_ctx->get_session_cb != NULL) {
-        int copy = 1;
-
-        if ((ret = s->session_ctx->get_session_cb(s, session_id, len, &copy))) {
-            s->session_ctx->stats.sess_cb_hit++;
-
-            /*
-             * Increment reference count now if the session callback asks us
-             * to do so (note that if the session structures returned by the
-             * callback are shared between threads, it must handle the
-             * reference count itself [i.e. copy == 0], or things won't be
-             * thread-safe).
-             */
-            if (copy)
-                CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_SSL_SESSION);
-
-            /*
-             * Add the externally cached session to the internal cache as
-             * well if and only if we are supposed to.
-             */
-            if (!
-                (s->session_ctx->session_cache_mode &
-                 SSL_SESS_CACHE_NO_INTERNAL_STORE))
-                /*
-                 * The following should not return 1, otherwise, things are
-                 * very strange
-                 */
-                SSL_CTX_add_session(s->session_ctx, ret);
-        }
-    }
-
-    if (ret == NULL)
-        goto err;
-
-    /* Now ret is non-NULL and we own one of its reference counts. */
-
-    if (ret->sid_ctx_length != s->sid_ctx_length
-        || memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {
-        /*
-         * We have the session requested by the client, but we don't want to
-         * use it in this context.
-         */
-        goto err;               /* treat like cache miss */
-    }
-
-    if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) {
-        /*
-         * We can't be sure if this session is being used out of context,
-         * which is especially important for SSL_VERIFY_PEER. The application
-         * should have used SSL[_CTX]_set_session_id_context. For this error
-         * case, we generate an error instead of treating the event like a
-         * cache miss (otherwise it would be easy for applications to
-         * effectively disable the session cache by accident without anyone
-         * noticing).
-         */
-
-        SSLerr(SSL_F_SSL_GET_PREV_SESSION,
-               SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
-        fatal = 1;
-        goto err;
-    }
-
-    if (ret->cipher == NULL) {
-        unsigned char buf[5], *p;
-        unsigned long l;
-
-        p = buf;
-        l = ret->cipher_id;
-        l2n(l, p);
-        if ((ret->ssl_version >> 8) >= SSL3_VERSION_MAJOR)
-            ret->cipher = ssl_get_cipher_by_char(s, &(buf[2]));
-        else
-            ret->cipher = ssl_get_cipher_by_char(s, &(buf[1]));
-        if (ret->cipher == NULL)
-            goto err;
-    }
-
-    if (ret->timeout < (long)(time(NULL) - ret->time)) { /* timeout */
-        s->session_ctx->stats.sess_timeout++;
-        if (try_session_cache) {
-            /* session was from the cache, so remove it */
-            SSL_CTX_remove_session(s->session_ctx, ret);
-        }
-        goto err;
-    }
-
-    s->session_ctx->stats.sess_hit++;
-
-    if (s->session != NULL)
-        SSL_SESSION_free(s->session);
-    s->session = ret;
-    s->verify_result = s->session->verify_result;
-    return 1;
-
- err:
-    if (ret != NULL) {
-        SSL_SESSION_free(ret);
-#ifndef OPENSSL_NO_TLSEXT
-        if (!try_session_cache) {
-            /*
-             * The session was from a ticket, so we should issue a ticket for
-             * the new session
-             */
-            s->tlsext_ticket_expected = 1;
-        }
-#endif
-    }
-    if (fatal)
-        return -1;
-    else
-        return 0;
-}
-
-int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
-{
-    int ret = 0;
-    SSL_SESSION *s;
-
-    /*
-     * add just 1 reference count for the SSL_CTX's session cache even though
-     * it has two ways of access: each session is in a doubly linked list and
-     * an lhash
-     */
-    CRYPTO_add(&c->references, 1, CRYPTO_LOCK_SSL_SESSION);
-    /*
-     * if session c is in already in cache, we take back the increment later
-     */
-
-    CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-    s = lh_SSL_SESSION_insert(ctx->sessions, c);
-
-    /*
-     * s != NULL iff we already had a session with the given PID. In this
-     * case, s == c should hold (then we did not really modify
-     * ctx->sessions), or we're in trouble.
-     */
-    if (s != NULL && s != c) {
-        /* We *are* in trouble ... */
-        SSL_SESSION_list_remove(ctx, s);
-        SSL_SESSION_free(s);
-        /*
-         * ... so pretend the other session did not exist in cache (we cannot
-         * handle two SSL_SESSION structures with identical session ID in the
-         * same cache, which could happen e.g. when two threads concurrently
-         * obtain the same session from an external cache)
-         */
-        s = NULL;
-    }
-
-    /* Put at the head of the queue unless it is already in the cache */
-    if (s == NULL)
-        SSL_SESSION_list_add(ctx, c);
-
-    if (s != NULL) {
-        /*
-         * existing cache entry -- decrement previously incremented reference
-         * count because it already takes into account the cache
-         */
-
-        SSL_SESSION_free(s);    /* s == c */
-        ret = 0;
-    } else {
-        /*
-         * new cache entry -- remove old ones if cache has become too large
-         */
-
-        ret = 1;
-
-        if (SSL_CTX_sess_get_cache_size(ctx) > 0) {
-            while (SSL_CTX_sess_number(ctx) >
-                   SSL_CTX_sess_get_cache_size(ctx)) {
-                if (!remove_session_lock(ctx, ctx->session_cache_tail, 0))
-                    break;
-                else
-                    ctx->stats.sess_cache_full++;
-            }
-        }
-    }
-    CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-    return (ret);
-}
-
-int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)
-{
-    return remove_session_lock(ctx, c, 1);
-}
-
-static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
-{
-    SSL_SESSION *r;
-    int ret = 0;
-
-    if ((c != NULL) && (c->session_id_length != 0)) {
-        if (lck)
-            CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-        if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) == c) {
-            ret = 1;
-            r = lh_SSL_SESSION_delete(ctx->sessions, c);
-            SSL_SESSION_list_remove(ctx, c);
-        }
-
-        if (lck)
-            CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-
-        if (ret) {
-            r->not_resumable = 1;
-            if (ctx->remove_session_cb != NULL)
-                ctx->remove_session_cb(ctx, r);
-            SSL_SESSION_free(r);
-        }
-    } else
-        ret = 0;
-    return (ret);
-}
-
-void SSL_SESSION_free(SSL_SESSION *ss)
-{
-    int i;
-
-    if (ss == NULL)
-        return;
-
-    i = CRYPTO_add(&ss->references, -1, CRYPTO_LOCK_SSL_SESSION);
-#ifdef REF_PRINT
-    REF_PRINT("SSL_SESSION", ss);
-#endif
-    if (i > 0)
-        return;
-#ifdef REF_CHECK
-    if (i < 0) {
-        fprintf(stderr, "SSL_SESSION_free, bad reference count\n");
-        abort();                /* ok */
-    }
-#endif
-
-    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
-
-    OPENSSL_cleanse(ss->key_arg, sizeof ss->key_arg);
-    OPENSSL_cleanse(ss->master_key, sizeof ss->master_key);
-    OPENSSL_cleanse(ss->session_id, sizeof ss->session_id);
-    if (ss->sess_cert != NULL)
-        ssl_sess_cert_free(ss->sess_cert);
-    if (ss->peer != NULL)
-        X509_free(ss->peer);
-    if (ss->ciphers != NULL)
-        sk_SSL_CIPHER_free(ss->ciphers);
-#ifndef OPENSSL_NO_TLSEXT
-    if (ss->tlsext_hostname != NULL)
-        OPENSSL_free(ss->tlsext_hostname);
-    if (ss->tlsext_tick != NULL)
-        OPENSSL_free(ss->tlsext_tick);
-# ifndef OPENSSL_NO_EC
-    ss->tlsext_ecpointformatlist_length = 0;
-    if (ss->tlsext_ecpointformatlist != NULL)
-        OPENSSL_free(ss->tlsext_ecpointformatlist);
-    ss->tlsext_ellipticcurvelist_length = 0;
-    if (ss->tlsext_ellipticcurvelist != NULL)
-        OPENSSL_free(ss->tlsext_ellipticcurvelist);
-# endif                         /* OPENSSL_NO_EC */
-#endif
-#ifndef OPENSSL_NO_PSK
-    if (ss->psk_identity_hint != NULL)
-        OPENSSL_free(ss->psk_identity_hint);
-    if (ss->psk_identity != NULL)
-        OPENSSL_free(ss->psk_identity);
-#endif
-#ifndef OPENSSL_NO_SRP
-    if (ss->srp_username != NULL)
-        OPENSSL_free(ss->srp_username);
-#endif
-    OPENSSL_cleanse(ss, sizeof(*ss));
-    OPENSSL_free(ss);
-}
-
-int SSL_set_session(SSL *s, SSL_SESSION *session)
-{
-    int ret = 0;
-    const SSL_METHOD *meth;
-
-    if (session != NULL) {
-        meth = s->ctx->method->get_ssl_method(session->ssl_version);
-        if (meth == NULL)
-            meth = s->method->get_ssl_method(session->ssl_version);
-        if (meth == NULL) {
-            SSLerr(SSL_F_SSL_SET_SESSION, SSL_R_UNABLE_TO_FIND_SSL_METHOD);
-            return (0);
-        }
-
-        if (meth != s->method) {
-            if (!SSL_set_ssl_method(s, meth))
-                return (0);
-        }
-#ifndef OPENSSL_NO_KRB5
-        if (s->kssl_ctx && !s->kssl_ctx->client_princ &&
-            session->krb5_client_princ_len > 0) {
-            s->kssl_ctx->client_princ =
-                (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1);
-            memcpy(s->kssl_ctx->client_princ, session->krb5_client_princ,
-                   session->krb5_client_princ_len);
-            s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0';
-        }
-#endif                          /* OPENSSL_NO_KRB5 */
-
-        /* CRYPTO_w_lock(CRYPTO_LOCK_SSL); */
-        CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION);
-        if (s->session != NULL)
-            SSL_SESSION_free(s->session);
-        s->session = session;
-        s->verify_result = s->session->verify_result;
-        /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL); */
-        ret = 1;
-    } else {
-        if (s->session != NULL) {
-            SSL_SESSION_free(s->session);
-            s->session = NULL;
-        }
-
-        meth = s->ctx->method;
-        if (meth != s->method) {
-            if (!SSL_set_ssl_method(s, meth))
-                return (0);
-        }
-        ret = 1;
-    }
-    return (ret);
-}
-
-long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
-{
-    if (s == NULL)
-        return (0);
-    s->timeout = t;
-    return (1);
-}
-
-long SSL_SESSION_get_timeout(const SSL_SESSION *s)
-{
-    if (s == NULL)
-        return (0);
-    return (s->timeout);
-}
-
-long SSL_SESSION_get_time(const SSL_SESSION *s)
-{
-    if (s == NULL)
-        return (0);
-    return (s->time);
-}
-
-long SSL_SESSION_set_time(SSL_SESSION *s, long t)
-{
-    if (s == NULL)
-        return (0);
-    s->time = t;
-    return (t);
-}
-
-X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
-{
-    return s->peer;
-}
-
-int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
-                                unsigned int sid_ctx_len)
-{
-    if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
-        SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT,
-               SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
-        return 0;
-    }
-    s->sid_ctx_length = sid_ctx_len;
-    memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);
-
-    return 1;
-}
-
-long SSL_CTX_set_timeout(SSL_CTX *s, long t)
-{
-    long l;
-    if (s == NULL)
-        return (0);
-    l = s->session_timeout;
-    s->session_timeout = t;
-    return (l);
-}
-
-long SSL_CTX_get_timeout(const SSL_CTX *s)
-{
-    if (s == NULL)
-        return (0);
-    return (s->session_timeout);
-}
-
-#ifndef OPENSSL_NO_TLSEXT
-int SSL_set_session_secret_cb(SSL *s,
-                              int (*tls_session_secret_cb) (SSL *s,
-                                                            void *secret,
-                                                            int *secret_len,
-                                                            STACK_OF(SSL_CIPHER)
-                                                            *peer_ciphers,
-                                                            SSL_CIPHER
-                                                            **cipher,
-                                                            void *arg),
-                              void *arg)
-{
-    if (s == NULL)
-        return (0);
-    s->tls_session_secret_cb = tls_session_secret_cb;
-    s->tls_session_secret_cb_arg = arg;
-    return (1);
-}
-
-int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
-                                  void *arg)
-{
-    if (s == NULL)
-        return (0);
-    s->tls_session_ticket_ext_cb = cb;
-    s->tls_session_ticket_ext_cb_arg = arg;
-    return (1);
-}
-
-int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
-{
-    if (s->version >= TLS1_VERSION) {
-        if (s->tlsext_session_ticket) {
-            OPENSSL_free(s->tlsext_session_ticket);
-            s->tlsext_session_ticket = NULL;
-        }
-
-        s->tlsext_session_ticket =
-            OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
-        if (!s->tlsext_session_ticket) {
-            SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE);
-            return 0;
-        }
-
-        if (ext_data) {
-            s->tlsext_session_ticket->length = ext_len;
-            s->tlsext_session_ticket->data = s->tlsext_session_ticket + 1;
-            memcpy(s->tlsext_session_ticket->data, ext_data, ext_len);
-        } else {
-            s->tlsext_session_ticket->length = 0;
-            s->tlsext_session_ticket->data = NULL;
-        }
-
-        return 1;
-    }
-
-    return 0;
-}
-#endif                          /* OPENSSL_NO_TLSEXT */
-
-typedef struct timeout_param_st {
-    SSL_CTX *ctx;
-    long time;
-    LHASH_OF(SSL_SESSION) *cache;
-} TIMEOUT_PARAM;
-
-static void timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p)
-{
-    if ((p->time == 0) || (p->time > (s->time + s->timeout))) { /* timeout */
-        /*
-         * The reason we don't call SSL_CTX_remove_session() is to save on
-         * locking overhead
-         */
-        (void)lh_SSL_SESSION_delete(p->cache, s);
-        SSL_SESSION_list_remove(p->ctx, s);
-        s->not_resumable = 1;
-        if (p->ctx->remove_session_cb != NULL)
-            p->ctx->remove_session_cb(p->ctx, s);
-        SSL_SESSION_free(s);
-    }
-}
-
-static IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM)
-
-void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
-{
-    unsigned long i;
-    TIMEOUT_PARAM tp;
-
-    tp.ctx = s;
-    tp.cache = s->sessions;
-    if (tp.cache == NULL)
-        return;
-    tp.time = t;
-    CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-    i = CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load;
-    CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = 0;
-    lh_SSL_SESSION_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout),
-                             TIMEOUT_PARAM, &tp);
-    CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = i;
-    CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-}
-
-int ssl_clear_bad_session(SSL *s)
-{
-    if ((s->session != NULL) &&
-        !(s->shutdown & SSL_SENT_SHUTDOWN) &&
-        !(SSL_in_init(s) || SSL_in_before(s))) {
-        SSL_CTX_remove_session(s->ctx, s->session);
-        return (1);
-    } else
-        return (0);
-}
-
-/* locked by SSL_CTX in the calling function */
-static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
-{
-    if ((s->next == NULL) || (s->prev == NULL))
-        return;
-
-    if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) {
-        /* last element in list */
-        if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
-            /* only one element in list */
-            ctx->session_cache_head = NULL;
-            ctx->session_cache_tail = NULL;
-        } else {
-            ctx->session_cache_tail = s->prev;
-            s->prev->next = (SSL_SESSION *)&(ctx->session_cache_tail);
-        }
-    } else {
-        if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
-            /* first element in list */
-            ctx->session_cache_head = s->next;
-            s->next->prev = (SSL_SESSION *)&(ctx->session_cache_head);
-        } else {
-            /* middle of list */
-            s->next->prev = s->prev;
-            s->prev->next = s->next;
-        }
-    }
-    s->prev = s->next = NULL;
-}
-
-static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
-{
-    if ((s->next != NULL) && (s->prev != NULL))
-        SSL_SESSION_list_remove(ctx, s);
-
-    if (ctx->session_cache_head == NULL) {
-        ctx->session_cache_head = s;
-        ctx->session_cache_tail = s;
-        s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
-        s->next = (SSL_SESSION *)&(ctx->session_cache_tail);
-    } else {
-        s->next = ctx->session_cache_head;
-        s->next->prev = s;
-        s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
-        ctx->session_cache_head = s;
-    }
-}
-
-void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
-                             int (*cb) (struct ssl_st *ssl,
-                                        SSL_SESSION *sess))
-{
-    ctx->new_session_cb = cb;
-}
-
-int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (SSL *ssl, SSL_SESSION *sess) {
-    return ctx->new_session_cb;
-}
-
-void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
-                                void (*cb) (SSL_CTX *ctx, SSL_SESSION *sess))
-{
-    ctx->remove_session_cb = cb;
-}
-
-void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (SSL_CTX *ctx,
-                                                  SSL_SESSION *sess) {
-    return ctx->remove_session_cb;
-}
-
-void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
-                             SSL_SESSION *(*cb) (struct ssl_st *ssl,
-                                                 unsigned char *data, int len,
-                                                 int *copy))
-{
-    ctx->get_session_cb = cb;
-}
-
-SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (SSL *ssl,
-                                                       unsigned char *data,
-                                                       int len, int *copy) {
-    return ctx->get_session_cb;
-}
-
-void SSL_CTX_set_info_callback(SSL_CTX *ctx,
-                               void (*cb) (const SSL *ssl, int type, int val))
-{
-    ctx->info_callback = cb;
-}
-
-void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type,
-                                                 int val) {
-    return ctx->info_callback;
-}
-
-void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
-                                int (*cb) (SSL *ssl, X509 **x509,
-                                           EVP_PKEY **pkey))
-{
-    ctx->client_cert_cb = cb;
-}
-
-int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509,
-                                                 EVP_PKEY **pkey) {
-    return ctx->client_cert_cb;
-}
-
-#ifndef OPENSSL_NO_ENGINE
-int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
-{
-    if (!ENGINE_init(e)) {
-        SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB);
-        return 0;
-    }
-    if (!ENGINE_get_ssl_client_cert_function(e)) {
-        SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE,
-               SSL_R_NO_CLIENT_CERT_METHOD);
-        ENGINE_finish(e);
-        return 0;
-    }
-    ctx->client_cert_engine = e;
-    return 1;
-}
-#endif
-
-void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
-                                    int (*cb) (SSL *ssl,
-                                               unsigned char *cookie,
-                                               unsigned int *cookie_len))
-{
-    ctx->app_gen_cookie_cb = cb;
-}
-
-void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
-                                  int (*cb) (SSL *ssl, unsigned char *cookie,
-                                             unsigned int cookie_len))
-{
-    ctx->app_verify_cookie_cb = cb;
-}
-
-IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION,
-                 SSL_SESSION)

Copied: vendor-crypto/openssl/1.0.1u/ssl/ssl_sess.c (from rev 11605, vendor-crypto/openssl/dist/ssl/ssl_sess.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/ssl/ssl_sess.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/ssl/ssl_sess.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,1302 @@
+/* ssl/ssl_sess.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
+
+#include <stdio.h>
+#include <openssl/lhash.h>
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+#include "ssl_locl.h"
+
+static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
+static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s);
+static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
+
+SSL_SESSION *SSL_get_session(const SSL *ssl)
+/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
+{
+    return (ssl->session);
+}
+
+SSL_SESSION *SSL_get1_session(SSL *ssl)
+/* variant of SSL_get_session: caller really gets something */
+{
+    SSL_SESSION *sess;
+    /*
+     * Need to lock this all up rather than just use CRYPTO_add so that
+     * somebody doesn't free ssl->session between when we check it's non-null
+     * and when we up the reference count.
+     */
+    CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION);
+    sess = ssl->session;
+    if (sess)
+        sess->references++;
+    CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION);
+    return (sess);
+}
+
+int SSL_SESSION_get_ex_new_index(long argl, void *argp,
+                                 CRYPTO_EX_new *new_func,
+                                 CRYPTO_EX_dup *dup_func,
+                                 CRYPTO_EX_free *free_func)
+{
+    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp,
+                                   new_func, dup_func, free_func);
+}
+
+int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
+{
+    return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
+}
+
+void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx)
+{
+    return (CRYPTO_get_ex_data(&s->ex_data, idx));
+}
+
+SSL_SESSION *SSL_SESSION_new(void)
+{
+    SSL_SESSION *ss;
+
+    ss = (SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION));
+    if (ss == NULL) {
+        SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE);
+        return (0);
+    }
+    memset(ss, 0, sizeof(SSL_SESSION));
+
+    ss->verify_result = 1;      /* avoid 0 (= X509_V_OK) just in case */
+    ss->references = 1;
+    ss->timeout = 60 * 5 + 4;   /* 5 minute timeout by default */
+    ss->time = (unsigned long)time(NULL);
+    ss->prev = NULL;
+    ss->next = NULL;
+    ss->compress_meth = 0;
+#ifndef OPENSSL_NO_TLSEXT
+    ss->tlsext_hostname = NULL;
+# ifndef OPENSSL_NO_EC
+    ss->tlsext_ecpointformatlist_length = 0;
+    ss->tlsext_ecpointformatlist = NULL;
+    ss->tlsext_ellipticcurvelist_length = 0;
+    ss->tlsext_ellipticcurvelist = NULL;
+# endif
+#endif
+    CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
+#ifndef OPENSSL_NO_PSK
+    ss->psk_identity_hint = NULL;
+    ss->psk_identity = NULL;
+#endif
+#ifndef OPENSSL_NO_SRP
+    ss->srp_username = NULL;
+#endif
+    return (ss);
+}
+
+/*
+ * Create a new SSL_SESSION and duplicate the contents of |src| into it. If
+ * ticket == 0 then no ticket information is duplicated, otherwise it is.
+ */
+SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
+{
+    SSL_SESSION *dest;
+
+    dest = OPENSSL_malloc(sizeof(*src));
+    if (dest == NULL) {
+        goto err;
+    }
+    memcpy(dest, src, sizeof(*dest));
+
+    /*
+     * Set the various pointers to NULL so that we can call SSL_SESSION_free in
+     * the case of an error whilst halfway through constructing dest
+     */
+#ifndef OPENSSL_NO_PSK
+    dest->psk_identity_hint = NULL;
+    dest->psk_identity = NULL;
+#endif
+    dest->ciphers = NULL;
+#ifndef OPENSSL_NO_TLSEXT
+    dest->tlsext_hostname = NULL;
+# ifndef OPENSSL_NO_EC
+    dest->tlsext_ecpointformatlist = NULL;
+    dest->tlsext_ellipticcurvelist = NULL;
+# endif
+    dest->tlsext_tick = NULL;
+#endif
+#ifndef OPENSSL_NO_SRP
+    dest->srp_username = NULL;
+#endif
+    memset(&dest->ex_data, 0, sizeof(dest->ex_data));
+
+    /* We deliberately don't copy the prev and next pointers */
+    dest->prev = NULL;
+    dest->next = NULL;
+
+    dest->references = 1;
+
+    if (src->sess_cert != NULL)
+        CRYPTO_add(&src->sess_cert->references, 1, CRYPTO_LOCK_SSL_SESS_CERT);
+
+    if (src->peer != NULL)
+        CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509);
+
+#ifndef OPENSSL_NO_PSK
+    if (src->psk_identity_hint) {
+        dest->psk_identity_hint = BUF_strdup(src->psk_identity_hint);
+        if (dest->psk_identity_hint == NULL) {
+            goto err;
+        }
+    }
+    if (src->psk_identity) {
+        dest->psk_identity = BUF_strdup(src->psk_identity);
+        if (dest->psk_identity == NULL) {
+            goto err;
+        }
+    }
+#endif
+
+    if(src->ciphers != NULL) {
+        dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers);
+        if (dest->ciphers == NULL)
+            goto err;
+    }
+
+    if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION,
+                                            &dest->ex_data, &src->ex_data)) {
+        goto err;
+    }
+
+#ifndef OPENSSL_NO_TLSEXT
+    if (src->tlsext_hostname) {
+        dest->tlsext_hostname = BUF_strdup(src->tlsext_hostname);
+        if (dest->tlsext_hostname == NULL) {
+            goto err;
+        }
+    }
+# ifndef OPENSSL_NO_EC
+    if (src->tlsext_ecpointformatlist) {
+        dest->tlsext_ecpointformatlist =
+            BUF_memdup(src->tlsext_ecpointformatlist,
+                       src->tlsext_ecpointformatlist_length);
+        if (dest->tlsext_ecpointformatlist == NULL)
+            goto err;
+    }
+    if (src->tlsext_ellipticcurvelist) {
+        dest->tlsext_ellipticcurvelist =
+            BUF_memdup(src->tlsext_ellipticcurvelist,
+                       src->tlsext_ellipticcurvelist_length);
+        if (dest->tlsext_ellipticcurvelist == NULL)
+            goto err;
+    }
+# endif
+
+    if (ticket != 0) {
+        dest->tlsext_tick = BUF_memdup(src->tlsext_tick, src->tlsext_ticklen);
+        if(dest->tlsext_tick == NULL)
+            goto err;
+    } else {
+        dest->tlsext_tick_lifetime_hint = 0;
+        dest->tlsext_ticklen = 0;
+    }
+#endif
+
+#ifndef OPENSSL_NO_SRP
+    if (src->srp_username) {
+        dest->srp_username = BUF_strdup(src->srp_username);
+        if (dest->srp_username == NULL) {
+            goto err;
+        }
+    }
+#endif
+
+    return dest;
+err:
+    SSLerr(SSL_F_SSL_SESSION_DUP, ERR_R_MALLOC_FAILURE);
+    SSL_SESSION_free(dest);
+    return NULL;
+}
+
+const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
+                                        unsigned int *len)
+{
+    if (len)
+        *len = s->session_id_length;
+    return s->session_id;
+}
+
+unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s)
+{
+    return s->compress_meth;
+}
+
+/*
+ * Even with SSLv2, we have 16 bytes (128 bits) of session ID space.
+ * SSLv3/TLSv1 has 32 bytes (256 bits). As such, filling the ID with random
+ * gunk repeatedly until we have no conflict is going to complete in one
+ * iteration pretty much "most" of the time (btw: understatement). So, if it
+ * takes us 10 iterations and we still can't avoid a conflict - well that's a
+ * reasonable point to call it quits. Either the RAND code is broken or
+ * someone is trying to open roughly very close to 2^128 (or 2^256) SSL
+ * sessions to our server. How you might store that many sessions is perhaps
+ * a more interesting question ...
+ */
+
+#define MAX_SESS_ID_ATTEMPTS 10
+static int def_generate_session_id(const SSL *ssl, unsigned char *id,
+                                   unsigned int *id_len)
+{
+    unsigned int retry = 0;
+    do
+        if (RAND_bytes(id, *id_len) <= 0)
+            return 0;
+    while (SSL_has_matching_session_id(ssl, id, *id_len) &&
+           (++retry < MAX_SESS_ID_ATTEMPTS)) ;
+    if (retry < MAX_SESS_ID_ATTEMPTS)
+        return 1;
+    /* else - woops a session_id match */
+    /*
+     * XXX We should also check the external cache -- but the probability of
+     * a collision is negligible, and we could not prevent the concurrent
+     * creation of sessions with identical IDs since we currently don't have
+     * means to atomically check whether a session ID already exists and make
+     * a reservation for it if it does not (this problem applies to the
+     * internal cache as well).
+     */
+    return 0;
+}
+
+int ssl_get_new_session(SSL *s, int session)
+{
+    /* This gets used by clients and servers. */
+
+    unsigned int tmp;
+    SSL_SESSION *ss = NULL;
+    GEN_SESSION_CB cb = def_generate_session_id;
+
+    if ((ss = SSL_SESSION_new()) == NULL)
+        return (0);
+
+    /* If the context has a default timeout, use it */
+    if (s->session_ctx->session_timeout == 0)
+        ss->timeout = SSL_get_default_timeout(s);
+    else
+        ss->timeout = s->session_ctx->session_timeout;
+
+    if (s->session != NULL) {
+        SSL_SESSION_free(s->session);
+        s->session = NULL;
+    }
+
+    if (session) {
+        if (s->version == SSL2_VERSION) {
+            ss->ssl_version = SSL2_VERSION;
+            ss->session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
+        } else if (s->version == SSL3_VERSION) {
+            ss->ssl_version = SSL3_VERSION;
+            ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
+        } else if (s->version == TLS1_VERSION) {
+            ss->ssl_version = TLS1_VERSION;
+            ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
+        } else if (s->version == TLS1_1_VERSION) {
+            ss->ssl_version = TLS1_1_VERSION;
+            ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
+        } else if (s->version == TLS1_2_VERSION) {
+            ss->ssl_version = TLS1_2_VERSION;
+            ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
+        } else if (s->version == DTLS1_BAD_VER) {
+            ss->ssl_version = DTLS1_BAD_VER;
+            ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
+        } else if (s->version == DTLS1_VERSION) {
+            ss->ssl_version = DTLS1_VERSION;
+            ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
+        } else {
+            SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_UNSUPPORTED_SSL_VERSION);
+            SSL_SESSION_free(ss);
+            return (0);
+        }
+#ifndef OPENSSL_NO_TLSEXT
+        /*-
+         * If RFC5077 ticket, use empty session ID (as server).
+         * Note that:
+         * (a) ssl_get_prev_session() does lookahead into the
+         *     ClientHello extensions to find the session ticket.
+         *     When ssl_get_prev_session() fails, s3_srvr.c calls
+         *     ssl_get_new_session() in ssl3_get_client_hello().
+         *     At that point, it has not yet parsed the extensions,
+         *     however, because of the lookahead, it already knows
+         *     whether a ticket is expected or not.
+         *
+         * (b) s3_clnt.c calls ssl_get_new_session() before parsing
+         *     ServerHello extensions, and before recording the session
+         *     ID received from the server, so this block is a noop.
+         */
+        if (s->tlsext_ticket_expected) {
+            ss->session_id_length = 0;
+            goto sess_id_done;
+        }
+#endif
+        /* Choose which callback will set the session ID */
+        CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
+        if (s->generate_session_id)
+            cb = s->generate_session_id;
+        else if (s->session_ctx->generate_session_id)
+            cb = s->session_ctx->generate_session_id;
+        CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
+        /* Choose a session ID */
+        tmp = ss->session_id_length;
+        if (!cb(s, ss->session_id, &tmp)) {
+            /* The callback failed */
+            SSLerr(SSL_F_SSL_GET_NEW_SESSION,
+                   SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
+            SSL_SESSION_free(ss);
+            return (0);
+        }
+        /*
+         * Don't allow the callback to set the session length to zero. nor
+         * set it higher than it was.
+         */
+        if (!tmp || (tmp > ss->session_id_length)) {
+            /* The callback set an illegal length */
+            SSLerr(SSL_F_SSL_GET_NEW_SESSION,
+                   SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
+            SSL_SESSION_free(ss);
+            return (0);
+        }
+        /* If the session length was shrunk and we're SSLv2, pad it */
+        if ((tmp < ss->session_id_length) && (s->version == SSL2_VERSION))
+            memset(ss->session_id + tmp, 0, ss->session_id_length - tmp);
+        else
+            ss->session_id_length = tmp;
+        /* Finally, check for a conflict */
+        if (SSL_has_matching_session_id(s, ss->session_id,
+                                        ss->session_id_length)) {
+            SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_SSL_SESSION_ID_CONFLICT);
+            SSL_SESSION_free(ss);
+            return (0);
+        }
+#ifndef OPENSSL_NO_TLSEXT
+ sess_id_done:
+        if (s->tlsext_hostname) {
+            ss->tlsext_hostname = BUF_strdup(s->tlsext_hostname);
+            if (ss->tlsext_hostname == NULL) {
+                SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
+                SSL_SESSION_free(ss);
+                return 0;
+            }
+        }
+# ifndef OPENSSL_NO_EC
+        if (s->tlsext_ecpointformatlist) {
+            if (ss->tlsext_ecpointformatlist != NULL)
+                OPENSSL_free(ss->tlsext_ecpointformatlist);
+            if ((ss->tlsext_ecpointformatlist =
+                 OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) ==
+                NULL) {
+                SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE);
+                SSL_SESSION_free(ss);
+                return 0;
+            }
+            ss->tlsext_ecpointformatlist_length =
+                s->tlsext_ecpointformatlist_length;
+            memcpy(ss->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist,
+                   s->tlsext_ecpointformatlist_length);
+        }
+        if (s->tlsext_ellipticcurvelist) {
+            if (ss->tlsext_ellipticcurvelist != NULL)
+                OPENSSL_free(ss->tlsext_ellipticcurvelist);
+            if ((ss->tlsext_ellipticcurvelist =
+                 OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) ==
+                NULL) {
+                SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE);
+                SSL_SESSION_free(ss);
+                return 0;
+            }
+            ss->tlsext_ellipticcurvelist_length =
+                s->tlsext_ellipticcurvelist_length;
+            memcpy(ss->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist,
+                   s->tlsext_ellipticcurvelist_length);
+        }
+# endif
+#endif
+    } else {
+        ss->session_id_length = 0;
+    }
+
+    if (s->sid_ctx_length > sizeof ss->sid_ctx) {
+        SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
+        SSL_SESSION_free(ss);
+        return 0;
+    }
+    memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length);
+    ss->sid_ctx_length = s->sid_ctx_length;
+    s->session = ss;
+    ss->ssl_version = s->version;
+    ss->verify_result = X509_V_OK;
+
+    return (1);
+}
+
+/*-
+ * ssl_get_prev attempts to find an SSL_SESSION to be used to resume this
+ * connection. It is only called by servers.
+ *
+ *   session_id: points at the session ID in the ClientHello. This code will
+ *       read past the end of this in order to parse out the session ticket
+ *       extension, if any.
+ *   len: the length of the session ID.
+ *   limit: a pointer to the first byte after the ClientHello.
+ *
+ * Returns:
+ *   -1: error
+ *    0: a session may have been found.
+ *
+ * Side effects:
+ *   - If a session is found then s->session is pointed at it (after freeing an
+ *     existing session if need be) and s->verify_result is set from the session.
+ *   - Both for new and resumed sessions, s->tlsext_ticket_expected is set to 1
+ *     if the server should issue a new session ticket (to 0 otherwise).
+ */
+int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
+                         const unsigned char *limit)
+{
+    /* This is used only by servers. */
+
+    SSL_SESSION *ret = NULL;
+    int fatal = 0;
+    int try_session_cache = 1;
+#ifndef OPENSSL_NO_TLSEXT
+    int r;
+#endif
+
+    if (limit - session_id < len) {
+        fatal = 1;
+        goto err;
+    }
+
+    if (len == 0)
+        try_session_cache = 0;
+
+#ifndef OPENSSL_NO_TLSEXT
+    /* sets s->tlsext_ticket_expected */
+    r = tls1_process_ticket(s, session_id, len, limit, &ret);
+    switch (r) {
+    case -1:                   /* Error during processing */
+        fatal = 1;
+        goto err;
+    case 0:                    /* No ticket found */
+    case 1:                    /* Zero length ticket found */
+        break;                  /* Ok to carry on processing session id. */
+    case 2:                    /* Ticket found but not decrypted. */
+    case 3:                    /* Ticket decrypted, *ret has been set. */
+        try_session_cache = 0;
+        break;
+    default:
+        abort();
+    }
+#endif
+
+    if (try_session_cache &&
+        ret == NULL &&
+        !(s->session_ctx->session_cache_mode &
+          SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) {
+        SSL_SESSION data;
+        data.ssl_version = s->version;
+        data.session_id_length = len;
+        if (len == 0)
+            return 0;
+        memcpy(data.session_id, session_id, len);
+        CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
+        ret = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data);
+        if (ret != NULL) {
+            /* don't allow other threads to steal it: */
+            CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_SSL_SESSION);
+        }
+        CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
+        if (ret == NULL)
+            s->session_ctx->stats.sess_miss++;
+    }
+
+    if (try_session_cache &&
+        ret == NULL && s->session_ctx->get_session_cb != NULL) {
+        int copy = 1;
+
+        if ((ret = s->session_ctx->get_session_cb(s, session_id, len, &copy))) {
+            s->session_ctx->stats.sess_cb_hit++;
+
+            /*
+             * Increment reference count now if the session callback asks us
+             * to do so (note that if the session structures returned by the
+             * callback are shared between threads, it must handle the
+             * reference count itself [i.e. copy == 0], or things won't be
+             * thread-safe).
+             */
+            if (copy)
+                CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_SSL_SESSION);
+
+            /*
+             * Add the externally cached session to the internal cache as
+             * well if and only if we are supposed to.
+             */
+            if (!
+                (s->session_ctx->session_cache_mode &
+                 SSL_SESS_CACHE_NO_INTERNAL_STORE))
+                /*
+                 * The following should not return 1, otherwise, things are
+                 * very strange
+                 */
+                SSL_CTX_add_session(s->session_ctx, ret);
+        }
+    }
+
+    if (ret == NULL)
+        goto err;
+
+    /* Now ret is non-NULL and we own one of its reference counts. */
+
+    if (ret->sid_ctx_length != s->sid_ctx_length
+        || memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {
+        /*
+         * We have the session requested by the client, but we don't want to
+         * use it in this context.
+         */
+        goto err;               /* treat like cache miss */
+    }
+
+    if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) {
+        /*
+         * We can't be sure if this session is being used out of context,
+         * which is especially important for SSL_VERIFY_PEER. The application
+         * should have used SSL[_CTX]_set_session_id_context. For this error
+         * case, we generate an error instead of treating the event like a
+         * cache miss (otherwise it would be easy for applications to
+         * effectively disable the session cache by accident without anyone
+         * noticing).
+         */
+
+        SSLerr(SSL_F_SSL_GET_PREV_SESSION,
+               SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
+        fatal = 1;
+        goto err;
+    }
+
+    if (ret->cipher == NULL) {
+        unsigned char buf[5], *p;
+        unsigned long l;
+
+        p = buf;
+        l = ret->cipher_id;
+        l2n(l, p);
+        if ((ret->ssl_version >> 8) >= SSL3_VERSION_MAJOR)
+            ret->cipher = ssl_get_cipher_by_char(s, &(buf[2]));
+        else
+            ret->cipher = ssl_get_cipher_by_char(s, &(buf[1]));
+        if (ret->cipher == NULL)
+            goto err;
+    }
+
+    if (ret->timeout < (long)(time(NULL) - ret->time)) { /* timeout */
+        s->session_ctx->stats.sess_timeout++;
+        if (try_session_cache) {
+            /* session was from the cache, so remove it */
+            SSL_CTX_remove_session(s->session_ctx, ret);
+        }
+        goto err;
+    }
+
+    s->session_ctx->stats.sess_hit++;
+
+    if (s->session != NULL)
+        SSL_SESSION_free(s->session);
+    s->session = ret;
+    s->verify_result = s->session->verify_result;
+    return 1;
+
+ err:
+    if (ret != NULL) {
+        SSL_SESSION_free(ret);
+#ifndef OPENSSL_NO_TLSEXT
+        if (!try_session_cache) {
+            /*
+             * The session was from a ticket, so we should issue a ticket for
+             * the new session
+             */
+            s->tlsext_ticket_expected = 1;
+        }
+#endif
+    }
+    if (fatal)
+        return -1;
+    else
+        return 0;
+}
+
+int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
+{
+    int ret = 0;
+    SSL_SESSION *s;
+
+    /*
+     * add just 1 reference count for the SSL_CTX's session cache even though
+     * it has two ways of access: each session is in a doubly linked list and
+     * an lhash
+     */
+    CRYPTO_add(&c->references, 1, CRYPTO_LOCK_SSL_SESSION);
+    /*
+     * if session c is in already in cache, we take back the increment later
+     */
+
+    CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+    s = lh_SSL_SESSION_insert(ctx->sessions, c);
+
+    /*
+     * s != NULL iff we already had a session with the given PID. In this
+     * case, s == c should hold (then we did not really modify
+     * ctx->sessions), or we're in trouble.
+     */
+    if (s != NULL && s != c) {
+        /* We *are* in trouble ... */
+        SSL_SESSION_list_remove(ctx, s);
+        SSL_SESSION_free(s);
+        /*
+         * ... so pretend the other session did not exist in cache (we cannot
+         * handle two SSL_SESSION structures with identical session ID in the
+         * same cache, which could happen e.g. when two threads concurrently
+         * obtain the same session from an external cache)
+         */
+        s = NULL;
+    }
+
+    /* Put at the head of the queue unless it is already in the cache */
+    if (s == NULL)
+        SSL_SESSION_list_add(ctx, c);
+
+    if (s != NULL) {
+        /*
+         * existing cache entry -- decrement previously incremented reference
+         * count because it already takes into account the cache
+         */
+
+        SSL_SESSION_free(s);    /* s == c */
+        ret = 0;
+    } else {
+        /*
+         * new cache entry -- remove old ones if cache has become too large
+         */
+
+        ret = 1;
+
+        if (SSL_CTX_sess_get_cache_size(ctx) > 0) {
+            while (SSL_CTX_sess_number(ctx) >
+                   SSL_CTX_sess_get_cache_size(ctx)) {
+                if (!remove_session_lock(ctx, ctx->session_cache_tail, 0))
+                    break;
+                else
+                    ctx->stats.sess_cache_full++;
+            }
+        }
+    }
+    CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+    return (ret);
+}
+
+int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)
+{
+    return remove_session_lock(ctx, c, 1);
+}
+
+static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
+{
+    SSL_SESSION *r;
+    int ret = 0;
+
+    if ((c != NULL) && (c->session_id_length != 0)) {
+        if (lck)
+            CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+        if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) == c) {
+            ret = 1;
+            r = lh_SSL_SESSION_delete(ctx->sessions, c);
+            SSL_SESSION_list_remove(ctx, c);
+        }
+
+        if (lck)
+            CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+
+        if (ret) {
+            r->not_resumable = 1;
+            if (ctx->remove_session_cb != NULL)
+                ctx->remove_session_cb(ctx, r);
+            SSL_SESSION_free(r);
+        }
+    } else
+        ret = 0;
+    return (ret);
+}
+
+void SSL_SESSION_free(SSL_SESSION *ss)
+{
+    int i;
+
+    if (ss == NULL)
+        return;
+
+    i = CRYPTO_add(&ss->references, -1, CRYPTO_LOCK_SSL_SESSION);
+#ifdef REF_PRINT
+    REF_PRINT("SSL_SESSION", ss);
+#endif
+    if (i > 0)
+        return;
+#ifdef REF_CHECK
+    if (i < 0) {
+        fprintf(stderr, "SSL_SESSION_free, bad reference count\n");
+        abort();                /* ok */
+    }
+#endif
+
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
+
+    OPENSSL_cleanse(ss->key_arg, sizeof ss->key_arg);
+    OPENSSL_cleanse(ss->master_key, sizeof ss->master_key);
+    OPENSSL_cleanse(ss->session_id, sizeof ss->session_id);
+    if (ss->sess_cert != NULL)
+        ssl_sess_cert_free(ss->sess_cert);
+    if (ss->peer != NULL)
+        X509_free(ss->peer);
+    if (ss->ciphers != NULL)
+        sk_SSL_CIPHER_free(ss->ciphers);
+#ifndef OPENSSL_NO_TLSEXT
+    if (ss->tlsext_hostname != NULL)
+        OPENSSL_free(ss->tlsext_hostname);
+    if (ss->tlsext_tick != NULL)
+        OPENSSL_free(ss->tlsext_tick);
+# ifndef OPENSSL_NO_EC
+    ss->tlsext_ecpointformatlist_length = 0;
+    if (ss->tlsext_ecpointformatlist != NULL)
+        OPENSSL_free(ss->tlsext_ecpointformatlist);
+    ss->tlsext_ellipticcurvelist_length = 0;
+    if (ss->tlsext_ellipticcurvelist != NULL)
+        OPENSSL_free(ss->tlsext_ellipticcurvelist);
+# endif                         /* OPENSSL_NO_EC */
+#endif
+#ifndef OPENSSL_NO_PSK
+    if (ss->psk_identity_hint != NULL)
+        OPENSSL_free(ss->psk_identity_hint);
+    if (ss->psk_identity != NULL)
+        OPENSSL_free(ss->psk_identity);
+#endif
+#ifndef OPENSSL_NO_SRP
+    if (ss->srp_username != NULL)
+        OPENSSL_free(ss->srp_username);
+#endif
+    OPENSSL_cleanse(ss, sizeof(*ss));
+    OPENSSL_free(ss);
+}
+
+int SSL_set_session(SSL *s, SSL_SESSION *session)
+{
+    int ret = 0;
+    const SSL_METHOD *meth;
+
+    if (session != NULL) {
+        meth = s->ctx->method->get_ssl_method(session->ssl_version);
+        if (meth == NULL)
+            meth = s->method->get_ssl_method(session->ssl_version);
+        if (meth == NULL) {
+            SSLerr(SSL_F_SSL_SET_SESSION, SSL_R_UNABLE_TO_FIND_SSL_METHOD);
+            return (0);
+        }
+
+        if (meth != s->method) {
+            if (!SSL_set_ssl_method(s, meth))
+                return (0);
+        }
+#ifndef OPENSSL_NO_KRB5
+        if (s->kssl_ctx && !s->kssl_ctx->client_princ &&
+            session->krb5_client_princ_len > 0) {
+            s->kssl_ctx->client_princ =
+                (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1);
+            memcpy(s->kssl_ctx->client_princ, session->krb5_client_princ,
+                   session->krb5_client_princ_len);
+            s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0';
+        }
+#endif                          /* OPENSSL_NO_KRB5 */
+
+        /* CRYPTO_w_lock(CRYPTO_LOCK_SSL); */
+        CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION);
+        if (s->session != NULL)
+            SSL_SESSION_free(s->session);
+        s->session = session;
+        s->verify_result = s->session->verify_result;
+        /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL); */
+        ret = 1;
+    } else {
+        if (s->session != NULL) {
+            SSL_SESSION_free(s->session);
+            s->session = NULL;
+        }
+
+        meth = s->ctx->method;
+        if (meth != s->method) {
+            if (!SSL_set_ssl_method(s, meth))
+                return (0);
+        }
+        ret = 1;
+    }
+    return (ret);
+}
+
+long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
+{
+    if (s == NULL)
+        return (0);
+    s->timeout = t;
+    return (1);
+}
+
+long SSL_SESSION_get_timeout(const SSL_SESSION *s)
+{
+    if (s == NULL)
+        return (0);
+    return (s->timeout);
+}
+
+long SSL_SESSION_get_time(const SSL_SESSION *s)
+{
+    if (s == NULL)
+        return (0);
+    return (s->time);
+}
+
+long SSL_SESSION_set_time(SSL_SESSION *s, long t)
+{
+    if (s == NULL)
+        return (0);
+    s->time = t;
+    return (t);
+}
+
+X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
+{
+    return s->peer;
+}
+
+int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
+                                unsigned int sid_ctx_len)
+{
+    if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
+        SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT,
+               SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
+        return 0;
+    }
+    s->sid_ctx_length = sid_ctx_len;
+    memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);
+
+    return 1;
+}
+
+long SSL_CTX_set_timeout(SSL_CTX *s, long t)
+{
+    long l;
+    if (s == NULL)
+        return (0);
+    l = s->session_timeout;
+    s->session_timeout = t;
+    return (l);
+}
+
+long SSL_CTX_get_timeout(const SSL_CTX *s)
+{
+    if (s == NULL)
+        return (0);
+    return (s->session_timeout);
+}
+
+#ifndef OPENSSL_NO_TLSEXT
+int SSL_set_session_secret_cb(SSL *s,
+                              int (*tls_session_secret_cb) (SSL *s,
+                                                            void *secret,
+                                                            int *secret_len,
+                                                            STACK_OF(SSL_CIPHER)
+                                                            *peer_ciphers,
+                                                            SSL_CIPHER
+                                                            **cipher,
+                                                            void *arg),
+                              void *arg)
+{
+    if (s == NULL)
+        return (0);
+    s->tls_session_secret_cb = tls_session_secret_cb;
+    s->tls_session_secret_cb_arg = arg;
+    return (1);
+}
+
+int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
+                                  void *arg)
+{
+    if (s == NULL)
+        return (0);
+    s->tls_session_ticket_ext_cb = cb;
+    s->tls_session_ticket_ext_cb_arg = arg;
+    return (1);
+}
+
+int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
+{
+    if (s->version >= TLS1_VERSION) {
+        if (s->tlsext_session_ticket) {
+            OPENSSL_free(s->tlsext_session_ticket);
+            s->tlsext_session_ticket = NULL;
+        }
+
+        s->tlsext_session_ticket =
+            OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
+        if (!s->tlsext_session_ticket) {
+            SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+
+        if (ext_data) {
+            s->tlsext_session_ticket->length = ext_len;
+            s->tlsext_session_ticket->data = s->tlsext_session_ticket + 1;
+            memcpy(s->tlsext_session_ticket->data, ext_data, ext_len);
+        } else {
+            s->tlsext_session_ticket->length = 0;
+            s->tlsext_session_ticket->data = NULL;
+        }
+
+        return 1;
+    }
+
+    return 0;
+}
+#endif                          /* OPENSSL_NO_TLSEXT */
+
+typedef struct timeout_param_st {
+    SSL_CTX *ctx;
+    long time;
+    LHASH_OF(SSL_SESSION) *cache;
+} TIMEOUT_PARAM;
+
+static void timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p)
+{
+    if ((p->time == 0) || (p->time > (s->time + s->timeout))) { /* timeout */
+        /*
+         * The reason we don't call SSL_CTX_remove_session() is to save on
+         * locking overhead
+         */
+        (void)lh_SSL_SESSION_delete(p->cache, s);
+        SSL_SESSION_list_remove(p->ctx, s);
+        s->not_resumable = 1;
+        if (p->ctx->remove_session_cb != NULL)
+            p->ctx->remove_session_cb(p->ctx, s);
+        SSL_SESSION_free(s);
+    }
+}
+
+static IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM)
+
+void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
+{
+    unsigned long i;
+    TIMEOUT_PARAM tp;
+
+    tp.ctx = s;
+    tp.cache = s->sessions;
+    if (tp.cache == NULL)
+        return;
+    tp.time = t;
+    CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+    i = CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load;
+    CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = 0;
+    lh_SSL_SESSION_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout),
+                             TIMEOUT_PARAM, &tp);
+    CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = i;
+    CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+}
+
+int ssl_clear_bad_session(SSL *s)
+{
+    if ((s->session != NULL) &&
+        !(s->shutdown & SSL_SENT_SHUTDOWN) &&
+        !(SSL_in_init(s) || SSL_in_before(s))) {
+        SSL_CTX_remove_session(s->ctx, s->session);
+        return (1);
+    } else
+        return (0);
+}
+
+/* locked by SSL_CTX in the calling function */
+static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
+{
+    if ((s->next == NULL) || (s->prev == NULL))
+        return;
+
+    if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) {
+        /* last element in list */
+        if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
+            /* only one element in list */
+            ctx->session_cache_head = NULL;
+            ctx->session_cache_tail = NULL;
+        } else {
+            ctx->session_cache_tail = s->prev;
+            s->prev->next = (SSL_SESSION *)&(ctx->session_cache_tail);
+        }
+    } else {
+        if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
+            /* first element in list */
+            ctx->session_cache_head = s->next;
+            s->next->prev = (SSL_SESSION *)&(ctx->session_cache_head);
+        } else {
+            /* middle of list */
+            s->next->prev = s->prev;
+            s->prev->next = s->next;
+        }
+    }
+    s->prev = s->next = NULL;
+}
+
+static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
+{
+    if ((s->next != NULL) && (s->prev != NULL))
+        SSL_SESSION_list_remove(ctx, s);
+
+    if (ctx->session_cache_head == NULL) {
+        ctx->session_cache_head = s;
+        ctx->session_cache_tail = s;
+        s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
+        s->next = (SSL_SESSION *)&(ctx->session_cache_tail);
+    } else {
+        s->next = ctx->session_cache_head;
+        s->next->prev = s;
+        s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
+        ctx->session_cache_head = s;
+    }
+}
+
+void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
+                             int (*cb) (struct ssl_st *ssl,
+                                        SSL_SESSION *sess))
+{
+    ctx->new_session_cb = cb;
+}
+
+int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (SSL *ssl, SSL_SESSION *sess) {
+    return ctx->new_session_cb;
+}
+
+void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
+                                void (*cb) (SSL_CTX *ctx, SSL_SESSION *sess))
+{
+    ctx->remove_session_cb = cb;
+}
+
+void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (SSL_CTX *ctx,
+                                                  SSL_SESSION *sess) {
+    return ctx->remove_session_cb;
+}
+
+void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
+                             SSL_SESSION *(*cb) (struct ssl_st *ssl,
+                                                 unsigned char *data, int len,
+                                                 int *copy))
+{
+    ctx->get_session_cb = cb;
+}
+
+SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (SSL *ssl,
+                                                       unsigned char *data,
+                                                       int len, int *copy) {
+    return ctx->get_session_cb;
+}
+
+void SSL_CTX_set_info_callback(SSL_CTX *ctx,
+                               void (*cb) (const SSL *ssl, int type, int val))
+{
+    ctx->info_callback = cb;
+}
+
+void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type,
+                                                 int val) {
+    return ctx->info_callback;
+}
+
+void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
+                                int (*cb) (SSL *ssl, X509 **x509,
+                                           EVP_PKEY **pkey))
+{
+    ctx->client_cert_cb = cb;
+}
+
+int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509,
+                                                 EVP_PKEY **pkey) {
+    return ctx->client_cert_cb;
+}
+
+#ifndef OPENSSL_NO_ENGINE
+int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
+{
+    if (!ENGINE_init(e)) {
+        SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB);
+        return 0;
+    }
+    if (!ENGINE_get_ssl_client_cert_function(e)) {
+        SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE,
+               SSL_R_NO_CLIENT_CERT_METHOD);
+        ENGINE_finish(e);
+        return 0;
+    }
+    ctx->client_cert_engine = e;
+    return 1;
+}
+#endif
+
+void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
+                                    int (*cb) (SSL *ssl,
+                                               unsigned char *cookie,
+                                               unsigned int *cookie_len))
+{
+    ctx->app_gen_cookie_cb = cb;
+}
+
+void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
+                                  int (*cb) (SSL *ssl, unsigned char *cookie,
+                                             unsigned int cookie_len))
+{
+    ctx->app_verify_cookie_cb = cb;
+}
+
+IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION,
+                 SSL_SESSION)

Deleted: vendor-crypto/openssl/1.0.1u/ssl/t1_enc.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/t1_enc.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/ssl/t1_enc.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,1343 +0,0 @@
-/* ssl/t1_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_COMP
-# include <openssl/comp.h>
-#endif
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/md5.h>
-#include <openssl/rand.h>
-#ifdef KSSL_DEBUG
-# include <openssl/des.h>
-#endif
-
-/* seed1 through seed5 are virtually concatenated */
-static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
-                       int sec_len,
-                       const void *seed1, int seed1_len,
-                       const void *seed2, int seed2_len,
-                       const void *seed3, int seed3_len,
-                       const void *seed4, int seed4_len,
-                       const void *seed5, int seed5_len,
-                       unsigned char *out, int olen)
-{
-    int chunk;
-    size_t j;
-    EVP_MD_CTX ctx, ctx_tmp;
-    EVP_PKEY *mac_key;
-    unsigned char A1[EVP_MAX_MD_SIZE];
-    size_t A1_len;
-    int ret = 0;
-
-    chunk = EVP_MD_size(md);
-    OPENSSL_assert(chunk >= 0);
-
-    EVP_MD_CTX_init(&ctx);
-    EVP_MD_CTX_init(&ctx_tmp);
-    EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-    EVP_MD_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-    mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
-    if (!mac_key)
-        goto err;
-    if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key))
-        goto err;
-    if (!EVP_DigestSignInit(&ctx_tmp, NULL, md, NULL, mac_key))
-        goto err;
-    if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len))
-        goto err;
-    if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len))
-        goto err;
-    if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len))
-        goto err;
-    if (seed4 && !EVP_DigestSignUpdate(&ctx, seed4, seed4_len))
-        goto err;
-    if (seed5 && !EVP_DigestSignUpdate(&ctx, seed5, seed5_len))
-        goto err;
-    if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
-        goto err;
-
-    for (;;) {
-        /* Reinit mac contexts */
-        if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key))
-            goto err;
-        if (!EVP_DigestSignInit(&ctx_tmp, NULL, md, NULL, mac_key))
-            goto err;
-        if (!EVP_DigestSignUpdate(&ctx, A1, A1_len))
-            goto err;
-        if (!EVP_DigestSignUpdate(&ctx_tmp, A1, A1_len))
-            goto err;
-        if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len))
-            goto err;
-        if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len))
-            goto err;
-        if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len))
-            goto err;
-        if (seed4 && !EVP_DigestSignUpdate(&ctx, seed4, seed4_len))
-            goto err;
-        if (seed5 && !EVP_DigestSignUpdate(&ctx, seed5, seed5_len))
-            goto err;
-
-        if (olen > chunk) {
-            if (!EVP_DigestSignFinal(&ctx, out, &j))
-                goto err;
-            out += j;
-            olen -= j;
-            /* calc the next A1 value */
-            if (!EVP_DigestSignFinal(&ctx_tmp, A1, &A1_len))
-                goto err;
-        } else {                /* last one */
-
-            if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
-                goto err;
-            memcpy(out, A1, olen);
-            break;
-        }
-    }
-    ret = 1;
- err:
-    EVP_PKEY_free(mac_key);
-    EVP_MD_CTX_cleanup(&ctx);
-    EVP_MD_CTX_cleanup(&ctx_tmp);
-    OPENSSL_cleanse(A1, sizeof(A1));
-    return ret;
-}
-
-/* seed1 through seed5 are virtually concatenated */
-static int tls1_PRF(long digest_mask,
-                    const void *seed1, int seed1_len,
-                    const void *seed2, int seed2_len,
-                    const void *seed3, int seed3_len,
-                    const void *seed4, int seed4_len,
-                    const void *seed5, int seed5_len,
-                    const unsigned char *sec, int slen,
-                    unsigned char *out1, unsigned char *out2, int olen)
-{
-    int len, i, idx, count;
-    const unsigned char *S1;
-    long m;
-    const EVP_MD *md;
-    int ret = 0;
-
-    /* Count number of digests and partition sec evenly */
-    count = 0;
-    for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) {
-        if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask)
-            count++;
-    }
-    if (!count) {
-        /* Should never happen */
-        SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-    len = slen / count;
-    if (count == 1)
-        slen = 0;
-    S1 = sec;
-    memset(out1, 0, olen);
-    for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) {
-        if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) {
-            if (!md) {
-                SSLerr(SSL_F_TLS1_PRF, SSL_R_UNSUPPORTED_DIGEST_TYPE);
-                goto err;
-            }
-            if (!tls1_P_hash(md, S1, len + (slen & 1),
-                             seed1, seed1_len, seed2, seed2_len, seed3,
-                             seed3_len, seed4, seed4_len, seed5, seed5_len,
-                             out2, olen))
-                goto err;
-            S1 += len;
-            for (i = 0; i < olen; i++) {
-                out1[i] ^= out2[i];
-            }
-        }
-    }
-    ret = 1;
- err:
-    return ret;
-}
-
-static int tls1_generate_key_block(SSL *s, unsigned char *km,
-                                   unsigned char *tmp, int num)
-{
-    int ret;
-    ret = tls1_PRF(ssl_get_algorithm2(s),
-                   TLS_MD_KEY_EXPANSION_CONST,
-                   TLS_MD_KEY_EXPANSION_CONST_SIZE, s->s3->server_random,
-                   SSL3_RANDOM_SIZE, s->s3->client_random, SSL3_RANDOM_SIZE,
-                   NULL, 0, NULL, 0, s->session->master_key,
-                   s->session->master_key_length, km, tmp, num);
-#ifdef KSSL_DEBUG
-    fprintf(stderr, "tls1_generate_key_block() ==> %d byte master_key =\n\t",
-            s->session->master_key_length);
-    {
-        int i;
-        for (i = 0; i < s->session->master_key_length; i++) {
-            fprintf(stderr, "%02X", s->session->master_key[i]);
-        }
-        fprintf(stderr, "\n");
-    }
-#endif                          /* KSSL_DEBUG */
-    return ret;
-}
-
-int tls1_change_cipher_state(SSL *s, int which)
-{
-    static const unsigned char empty[] = "";
-    unsigned char *p, *mac_secret;
-    unsigned char *exp_label;
-    unsigned char tmp1[EVP_MAX_KEY_LENGTH];
-    unsigned char tmp2[EVP_MAX_KEY_LENGTH];
-    unsigned char iv1[EVP_MAX_IV_LENGTH * 2];
-    unsigned char iv2[EVP_MAX_IV_LENGTH * 2];
-    unsigned char *ms, *key, *iv;
-    int client_write;
-    EVP_CIPHER_CTX *dd;
-    const EVP_CIPHER *c;
-#ifndef OPENSSL_NO_COMP
-    const SSL_COMP *comp;
-#endif
-    const EVP_MD *m;
-    int mac_type;
-    int *mac_secret_size;
-    EVP_MD_CTX *mac_ctx;
-    EVP_PKEY *mac_key;
-    int is_export, n, i, j, k, exp_label_len, cl;
-    int reuse_dd = 0;
-
-    is_export = SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
-    c = s->s3->tmp.new_sym_enc;
-    m = s->s3->tmp.new_hash;
-    mac_type = s->s3->tmp.new_mac_pkey_type;
-#ifndef OPENSSL_NO_COMP
-    comp = s->s3->tmp.new_compression;
-#endif
-
-#ifdef KSSL_DEBUG
-    fprintf(stderr, "tls1_change_cipher_state(which= %d) w/\n", which);
-    fprintf(stderr, "\talg= %ld/%ld, comp= %p\n",
-            s->s3->tmp.new_cipher->algorithm_mkey,
-            s->s3->tmp.new_cipher->algorithm_auth, comp);
-    fprintf(stderr, "\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c);
-    fprintf(stderr, "\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",
-            c->nid, c->block_size, c->key_len, c->iv_len);
-    fprintf(stderr, "\tkey_block: len= %d, data= ",
-            s->s3->tmp.key_block_length);
-    {
-        int i;
-        for (i = 0; i < s->s3->tmp.key_block_length; i++)
-            fprintf(stderr, "%02x", s->s3->tmp.key_block[i]);
-        fprintf(stderr, "\n");
-    }
-#endif                          /* KSSL_DEBUG */
-
-    if (which & SSL3_CC_READ) {
-        if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
-            s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;
-        else
-            s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;
-
-        if (s->enc_read_ctx != NULL)
-            reuse_dd = 1;
-        else if ((s->enc_read_ctx =
-                  OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
-            goto err;
-        else
-            /*
-             * make sure it's intialized in case we exit later with an error
-             */
-            EVP_CIPHER_CTX_init(s->enc_read_ctx);
-        dd = s->enc_read_ctx;
-        mac_ctx = ssl_replace_hash(&s->read_hash, NULL);
-        if (mac_ctx == NULL)
-            goto err;
-#ifndef OPENSSL_NO_COMP
-        if (s->expand != NULL) {
-            COMP_CTX_free(s->expand);
-            s->expand = NULL;
-        }
-        if (comp != NULL) {
-            s->expand = COMP_CTX_new(comp->method);
-            if (s->expand == NULL) {
-                SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,
-                       SSL_R_COMPRESSION_LIBRARY_ERROR);
-                goto err2;
-            }
-            if (s->s3->rrec.comp == NULL)
-                s->s3->rrec.comp = (unsigned char *)
-                    OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
-            if (s->s3->rrec.comp == NULL)
-                goto err;
-        }
-#endif
-        /*
-         * this is done by dtls1_reset_seq_numbers for DTLS1_VERSION
-         */
-        if (s->version != DTLS1_VERSION)
-            memset(&(s->s3->read_sequence[0]), 0, 8);
-        mac_secret = &(s->s3->read_mac_secret[0]);
-        mac_secret_size = &(s->s3->read_mac_secret_size);
-    } else {
-        if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
-            s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
-        else
-            s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
-        if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s))
-            reuse_dd = 1;
-        else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL)
-            goto err;
-        dd = s->enc_write_ctx;
-        if (SSL_IS_DTLS(s)) {
-            mac_ctx = EVP_MD_CTX_create();
-            if (mac_ctx == NULL)
-                goto err;
-            s->write_hash = mac_ctx;
-        } else {
-            mac_ctx = ssl_replace_hash(&s->write_hash, NULL);
-            if (mac_ctx == NULL)
-                goto err;
-        }
-#ifndef OPENSSL_NO_COMP
-        if (s->compress != NULL) {
-            COMP_CTX_free(s->compress);
-            s->compress = NULL;
-        }
-        if (comp != NULL) {
-            s->compress = COMP_CTX_new(comp->method);
-            if (s->compress == NULL) {
-                SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,
-                       SSL_R_COMPRESSION_LIBRARY_ERROR);
-                goto err2;
-            }
-        }
-#endif
-        /*
-         * this is done by dtls1_reset_seq_numbers for DTLS1_VERSION
-         */
-        if (s->version != DTLS1_VERSION)
-            memset(&(s->s3->write_sequence[0]), 0, 8);
-        mac_secret = &(s->s3->write_mac_secret[0]);
-        mac_secret_size = &(s->s3->write_mac_secret_size);
-    }
-
-    if (reuse_dd)
-        EVP_CIPHER_CTX_cleanup(dd);
-
-    p = s->s3->tmp.key_block;
-    i = *mac_secret_size = s->s3->tmp.new_mac_secret_size;
-
-    cl = EVP_CIPHER_key_length(c);
-    j = is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
-                     cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
-    /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
-    /* If GCM mode only part of IV comes from PRF */
-    if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
-        k = EVP_GCM_TLS_FIXED_IV_LEN;
-    else
-        k = EVP_CIPHER_iv_length(c);
-    if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
-        (which == SSL3_CHANGE_CIPHER_SERVER_READ)) {
-        ms = &(p[0]);
-        n = i + i;
-        key = &(p[n]);
-        n += j + j;
-        iv = &(p[n]);
-        n += k + k;
-        exp_label = (unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST;
-        exp_label_len = TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE;
-        client_write = 1;
-    } else {
-        n = i;
-        ms = &(p[n]);
-        n += i + j;
-        key = &(p[n]);
-        n += j + k;
-        iv = &(p[n]);
-        n += k;
-        exp_label = (unsigned char *)TLS_MD_SERVER_WRITE_KEY_CONST;
-        exp_label_len = TLS_MD_SERVER_WRITE_KEY_CONST_SIZE;
-        client_write = 0;
-    }
-
-    if (n > s->s3->tmp.key_block_length) {
-        SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
-        goto err2;
-    }
-
-    memcpy(mac_secret, ms, i);
-
-    if (!(EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) {
-        mac_key = EVP_PKEY_new_mac_key(mac_type, NULL,
-                                       mac_secret, *mac_secret_size);
-        if (mac_key == NULL
-                || EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key) <= 0) {
-            EVP_PKEY_free(mac_key);
-            SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
-            goto err2;
-        }
-        EVP_PKEY_free(mac_key);
-    }
-#ifdef TLS_DEBUG
-    printf("which = %04X\nmac key=", which);
-    {
-        int z;
-        for (z = 0; z < i; z++)
-            printf("%02X%c", ms[z], ((z + 1) % 16) ? ' ' : '\n');
-    }
-#endif
-    if (is_export) {
-        /*
-         * In here I set both the read and write key/iv to the same value
-         * since only the correct one will be used :-).
-         */
-        if (!tls1_PRF(ssl_get_algorithm2(s),
-                      exp_label, exp_label_len,
-                      s->s3->client_random, SSL3_RANDOM_SIZE,
-                      s->s3->server_random, SSL3_RANDOM_SIZE,
-                      NULL, 0, NULL, 0,
-                      key, j, tmp1, tmp2, EVP_CIPHER_key_length(c)))
-            goto err2;
-        key = tmp1;
-
-        if (k > 0) {
-            if (!tls1_PRF(ssl_get_algorithm2(s),
-                          TLS_MD_IV_BLOCK_CONST, TLS_MD_IV_BLOCK_CONST_SIZE,
-                          s->s3->client_random, SSL3_RANDOM_SIZE,
-                          s->s3->server_random, SSL3_RANDOM_SIZE,
-                          NULL, 0, NULL, 0, empty, 0, iv1, iv2, k * 2))
-                goto err2;
-            if (client_write)
-                iv = iv1;
-            else
-                iv = &(iv1[k]);
-        }
-    }
-
-    s->session->key_arg_length = 0;
-#ifdef KSSL_DEBUG
-    {
-        int i;
-        fprintf(stderr, "EVP_CipherInit_ex(dd,c,key=,iv=,which)\n");
-        fprintf(stderr, "\tkey= ");
-        for (i = 0; i < c->key_len; i++)
-            fprintf(stderr, "%02x", key[i]);
-        fprintf(stderr, "\n");
-        fprintf(stderr, "\t iv= ");
-        for (i = 0; i < c->iv_len; i++)
-            fprintf(stderr, "%02x", iv[i]);
-        fprintf(stderr, "\n");
-    }
-#endif                          /* KSSL_DEBUG */
-
-    if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) {
-        if (!EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE))
-            || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, k, iv)) {
-            SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
-            goto err2;
-        }
-    } else {
-        if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) {
-            SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
-            goto err2;
-        }
-    }
-    /* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */
-    if ((EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size
-        && !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY,
-                                *mac_secret_size, mac_secret)) {
-        SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
-        goto err2;
-    }
-
-#ifdef TLS_DEBUG
-    printf("which = %04X\nkey=", which);
-    {
-        int z;
-        for (z = 0; z < EVP_CIPHER_key_length(c); z++)
-            printf("%02X%c", key[z], ((z + 1) % 16) ? ' ' : '\n');
-    }
-    printf("\niv=");
-    {
-        int z;
-        for (z = 0; z < k; z++)
-            printf("%02X%c", iv[z], ((z + 1) % 16) ? ' ' : '\n');
-    }
-    printf("\n");
-#endif
-
-    OPENSSL_cleanse(tmp1, sizeof(tmp1));
-    OPENSSL_cleanse(tmp2, sizeof(tmp1));
-    OPENSSL_cleanse(iv1, sizeof(iv1));
-    OPENSSL_cleanse(iv2, sizeof(iv2));
-    return (1);
- err:
-    SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
- err2:
-    return (0);
-}
-
-int tls1_setup_key_block(SSL *s)
-{
-    unsigned char *p1, *p2 = NULL;
-    const EVP_CIPHER *c;
-    const EVP_MD *hash;
-    int num;
-    SSL_COMP *comp;
-    int mac_type = NID_undef, mac_secret_size = 0;
-    int ret = 0;
-
-#ifdef KSSL_DEBUG
-    fprintf(stderr, "tls1_setup_key_block()\n");
-#endif                          /* KSSL_DEBUG */
-
-    if (s->s3->tmp.key_block_length != 0)
-        return (1);
-
-    if (!ssl_cipher_get_evp
-        (s->session, &c, &hash, &mac_type, &mac_secret_size, &comp)) {
-        SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
-        return (0);
-    }
-
-    s->s3->tmp.new_sym_enc = c;
-    s->s3->tmp.new_hash = hash;
-    s->s3->tmp.new_mac_pkey_type = mac_type;
-    s->s3->tmp.new_mac_secret_size = mac_secret_size;
-    num =
-        EVP_CIPHER_key_length(c) + mac_secret_size + EVP_CIPHER_iv_length(c);
-    num *= 2;
-
-    ssl3_cleanup_key_block(s);
-
-    if ((p1 = (unsigned char *)OPENSSL_malloc(num)) == NULL) {
-        SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    s->s3->tmp.key_block_length = num;
-    s->s3->tmp.key_block = p1;
-
-    if ((p2 = (unsigned char *)OPENSSL_malloc(num)) == NULL) {
-        SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE);
-        OPENSSL_free(p1);
-        goto err;
-    }
-#ifdef TLS_DEBUG
-    printf("client random\n");
-    {
-        int z;
-        for (z = 0; z < SSL3_RANDOM_SIZE; z++)
-            printf("%02X%c", s->s3->client_random[z],
-                   ((z + 1) % 16) ? ' ' : '\n');
-    }
-    printf("server random\n");
-    {
-        int z;
-        for (z = 0; z < SSL3_RANDOM_SIZE; z++)
-            printf("%02X%c", s->s3->server_random[z],
-                   ((z + 1) % 16) ? ' ' : '\n');
-    }
-    printf("pre-master\n");
-    {
-        int z;
-        for (z = 0; z < s->session->master_key_length; z++)
-            printf("%02X%c", s->session->master_key[z],
-                   ((z + 1) % 16) ? ' ' : '\n');
-    }
-#endif
-    if (!tls1_generate_key_block(s, p1, p2, num))
-        goto err;
-#ifdef TLS_DEBUG
-    printf("\nkey block\n");
-    {
-        int z;
-        for (z = 0; z < num; z++)
-            printf("%02X%c", p1[z], ((z + 1) % 16) ? ' ' : '\n');
-    }
-#endif
-
-    if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
-        && s->method->version <= TLS1_VERSION) {
-        /*
-         * enable vulnerability countermeasure for CBC ciphers with known-IV
-         * problem (http://www.openssl.org/~bodo/tls-cbc.txt)
-         */
-        s->s3->need_empty_fragments = 1;
-
-        if (s->session->cipher != NULL) {
-            if (s->session->cipher->algorithm_enc == SSL_eNULL)
-                s->s3->need_empty_fragments = 0;
-
-#ifndef OPENSSL_NO_RC4
-            if (s->session->cipher->algorithm_enc == SSL_RC4)
-                s->s3->need_empty_fragments = 0;
-#endif
-        }
-    }
-
-    ret = 1;
- err:
-    if (p2) {
-        OPENSSL_cleanse(p2, num);
-        OPENSSL_free(p2);
-    }
-    return (ret);
-}
-
-/*-
- * tls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
- *
- * Returns:
- *   0: (in non-constant time) if the record is publically invalid (i.e. too
- *       short etc).
- *   1: if the record's padding is valid / the encryption was successful.
- *   -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
- *       an internal error occured.
- */
-int tls1_enc(SSL *s, int send)
-{
-    SSL3_RECORD *rec;
-    EVP_CIPHER_CTX *ds;
-    unsigned long l;
-    int bs, i, j, k, pad = 0, ret, mac_size = 0;
-    const EVP_CIPHER *enc;
-
-    if (send) {
-        if (EVP_MD_CTX_md(s->write_hash)) {
-            int n = EVP_MD_CTX_size(s->write_hash);
-            OPENSSL_assert(n >= 0);
-        }
-        ds = s->enc_write_ctx;
-        rec = &(s->s3->wrec);
-        if (s->enc_write_ctx == NULL)
-            enc = NULL;
-        else {
-            int ivlen;
-            enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
-            /* For TLSv1.1 and later explicit IV */
-            if (s->version >= TLS1_1_VERSION
-                && EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE)
-                ivlen = EVP_CIPHER_iv_length(enc);
-            else
-                ivlen = 0;
-            if (ivlen > 1) {
-                if (rec->data != rec->input)
-                    /*
-                     * we can't write into the input stream: Can this ever
-                     * happen?? (steve)
-                     */
-                    fprintf(stderr,
-                            "%s:%d: rec->data != rec->input\n",
-                            __FILE__, __LINE__);
-                else if (RAND_bytes(rec->input, ivlen) <= 0)
-                    return -1;
-            }
-        }
-    } else {
-        if (EVP_MD_CTX_md(s->read_hash)) {
-            int n = EVP_MD_CTX_size(s->read_hash);
-            OPENSSL_assert(n >= 0);
-        }
-        ds = s->enc_read_ctx;
-        rec = &(s->s3->rrec);
-        if (s->enc_read_ctx == NULL)
-            enc = NULL;
-        else
-            enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
-    }
-
-#ifdef KSSL_DEBUG
-    fprintf(stderr, "tls1_enc(%d)\n", send);
-#endif                          /* KSSL_DEBUG */
-
-    if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
-        memmove(rec->data, rec->input, rec->length);
-        rec->input = rec->data;
-        ret = 1;
-    } else {
-        l = rec->length;
-        bs = EVP_CIPHER_block_size(ds->cipher);
-
-        if (EVP_CIPHER_flags(ds->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
-            unsigned char buf[EVP_AEAD_TLS1_AAD_LEN], *seq;
-
-            seq = send ? s->s3->write_sequence : s->s3->read_sequence;
-
-            if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) {
-                unsigned char dtlsseq[9], *p = dtlsseq;
-
-                s2n(send ? s->d1->w_epoch : s->d1->r_epoch, p);
-                memcpy(p, &seq[2], 6);
-                memcpy(buf, dtlsseq, 8);
-            } else {
-                memcpy(buf, seq, 8);
-                for (i = 7; i >= 0; i--) { /* increment */
-                    ++seq[i];
-                    if (seq[i] != 0)
-                        break;
-                }
-            }
-
-            buf[8] = rec->type;
-            buf[9] = (unsigned char)(s->version >> 8);
-            buf[10] = (unsigned char)(s->version);
-            buf[11] = rec->length >> 8;
-            buf[12] = rec->length & 0xff;
-            pad = EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_AEAD_TLS1_AAD,
-                                      EVP_AEAD_TLS1_AAD_LEN, buf);
-            if (pad <= 0)
-                return -1;
-            if (send) {
-                l += pad;
-                rec->length += pad;
-            }
-        } else if ((bs != 1) && send) {
-            i = bs - ((int)l % bs);
-
-            /* Add weird padding of upto 256 bytes */
-
-            /* we need to add 'i' padding bytes of value j */
-            j = i - 1;
-            if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) {
-                if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
-                    j++;
-            }
-            for (k = (int)l; k < (int)(l + i); k++)
-                rec->input[k] = j;
-            l += i;
-            rec->length += i;
-        }
-#ifdef KSSL_DEBUG
-        {
-            unsigned long ui;
-            fprintf(stderr,
-                    "EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
-                    ds, rec->data, rec->input, l);
-            fprintf(stderr,
-                    "\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%lu %lu], %d iv_len\n",
-                    ds->buf_len, ds->cipher->key_len, DES_KEY_SZ,
-                    DES_SCHEDULE_SZ, ds->cipher->iv_len);
-            fprintf(stderr, "\t\tIV: ");
-            for (i = 0; i < ds->cipher->iv_len; i++)
-                fprintf(stderr, "%02X", ds->iv[i]);
-            fprintf(stderr, "\n");
-            fprintf(stderr, "\trec->input=");
-            for (ui = 0; ui < l; ui++)
-                fprintf(stderr, " %02x", rec->input[ui]);
-            fprintf(stderr, "\n");
-        }
-#endif                          /* KSSL_DEBUG */
-
-        if (!send) {
-            if (l == 0 || l % bs != 0)
-                return 0;
-        }
-
-        i = EVP_Cipher(ds, rec->data, rec->input, l);
-        if ((EVP_CIPHER_flags(ds->cipher) & EVP_CIPH_FLAG_CUSTOM_CIPHER)
-            ? (i < 0)
-            : (i == 0))
-            return -1;          /* AEAD can fail to verify MAC */
-        if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE && !send) {
-            rec->data += EVP_GCM_TLS_EXPLICIT_IV_LEN;
-            rec->input += EVP_GCM_TLS_EXPLICIT_IV_LEN;
-            rec->length -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
-        }
-#ifdef KSSL_DEBUG
-        {
-            unsigned long i;
-            fprintf(stderr, "\trec->data=");
-            for (i = 0; i < l; i++)
-                fprintf(stderr, " %02x", rec->data[i]);
-            fprintf(stderr, "\n");
-        }
-#endif                          /* KSSL_DEBUG */
-
-        ret = 1;
-        if (EVP_MD_CTX_md(s->read_hash) != NULL)
-            mac_size = EVP_MD_CTX_size(s->read_hash);
-        if ((bs != 1) && !send)
-            ret = tls1_cbc_remove_padding(s, rec, bs, mac_size);
-        if (pad && !send)
-            rec->length -= pad;
-    }
-    return ret;
-}
-
-int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
-{
-    unsigned int ret;
-    EVP_MD_CTX ctx, *d = NULL;
-    int i;
-
-    if (s->s3->handshake_buffer)
-        if (!ssl3_digest_cached_records(s))
-            return 0;
-
-    for (i = 0; i < SSL_MAX_DIGEST; i++) {
-        if (s->s3->handshake_dgst[i]
-            && EVP_MD_CTX_type(s->s3->handshake_dgst[i]) == md_nid) {
-            d = s->s3->handshake_dgst[i];
-            break;
-        }
-    }
-    if (!d) {
-        SSLerr(SSL_F_TLS1_CERT_VERIFY_MAC, SSL_R_NO_REQUIRED_DIGEST);
-        return 0;
-    }
-
-    EVP_MD_CTX_init(&ctx);
-    if (EVP_MD_CTX_copy_ex(&ctx, d) <=0
-            || EVP_DigestFinal_ex(&ctx, out, &ret) <= 0)
-        ret = 0;
-    EVP_MD_CTX_cleanup(&ctx);
-    return ((int)ret);
-}
-
-int tls1_final_finish_mac(SSL *s,
-                          const char *str, int slen, unsigned char *out)
-{
-    unsigned int i;
-    EVP_MD_CTX ctx;
-    unsigned char buf[2 * EVP_MAX_MD_SIZE];
-    unsigned char *q, buf2[12];
-    int idx;
-    long mask;
-    int err = 0;
-    const EVP_MD *md;
-
-    q = buf;
-
-    if (s->s3->handshake_buffer)
-        if (!ssl3_digest_cached_records(s))
-            return 0;
-
-    EVP_MD_CTX_init(&ctx);
-
-    for (idx = 0; ssl_get_handshake_digest(idx, &mask, &md); idx++) {
-        if (mask & ssl_get_algorithm2(s)) {
-            int hashsize = EVP_MD_size(md);
-            EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];
-            if (!hdgst || hashsize < 0
-                || hashsize > (int)(sizeof buf - (size_t)(q - buf))) {
-                /*
-                 * internal error: 'buf' is too small for this cipersuite!
-                 */
-                err = 1;
-            } else {
-                if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
-                    !EVP_DigestFinal_ex(&ctx, q, &i) ||
-                    (i != (unsigned int)hashsize))
-                    err = 1;
-                q += hashsize;
-            }
-        }
-    }
-
-    if (!tls1_PRF(ssl_get_algorithm2(s),
-                  str, slen, buf, (int)(q - buf), NULL, 0, NULL, 0, NULL, 0,
-                  s->session->master_key, s->session->master_key_length,
-                  out, buf2, sizeof buf2))
-        err = 1;
-    EVP_MD_CTX_cleanup(&ctx);
-
-    OPENSSL_cleanse(buf, (int)(q - buf));
-    OPENSSL_cleanse(buf2, sizeof(buf2));
-    if (err)
-        return 0;
-    else
-        return sizeof buf2;
-}
-
-int tls1_mac(SSL *ssl, unsigned char *md, int send)
-{
-    SSL3_RECORD *rec;
-    unsigned char *seq;
-    EVP_MD_CTX *hash;
-    size_t md_size, orig_len;
-    int i;
-    EVP_MD_CTX hmac, *mac_ctx;
-    unsigned char header[13];
-    int stream_mac = (send ? (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM)
-                      : (ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM));
-    int t;
-
-    if (send) {
-        rec = &(ssl->s3->wrec);
-        seq = &(ssl->s3->write_sequence[0]);
-        hash = ssl->write_hash;
-    } else {
-        rec = &(ssl->s3->rrec);
-        seq = &(ssl->s3->read_sequence[0]);
-        hash = ssl->read_hash;
-    }
-
-    t = EVP_MD_CTX_size(hash);
-    OPENSSL_assert(t >= 0);
-    md_size = t;
-
-    /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
-    if (stream_mac) {
-        mac_ctx = hash;
-    } else {
-        if (!EVP_MD_CTX_copy(&hmac, hash))
-            return -1;
-        mac_ctx = &hmac;
-    }
-
-    if (ssl->version == DTLS1_VERSION || ssl->version == DTLS1_BAD_VER) {
-        unsigned char dtlsseq[8], *p = dtlsseq;
-
-        s2n(send ? ssl->d1->w_epoch : ssl->d1->r_epoch, p);
-        memcpy(p, &seq[2], 6);
-
-        memcpy(header, dtlsseq, 8);
-    } else
-        memcpy(header, seq, 8);
-
-    /*
-     * kludge: tls1_cbc_remove_padding passes padding length in rec->type
-     */
-    orig_len = rec->length + md_size + ((unsigned int)rec->type >> 8);
-    rec->type &= 0xff;
-
-    header[8] = rec->type;
-    header[9] = (unsigned char)(ssl->version >> 8);
-    header[10] = (unsigned char)(ssl->version);
-    header[11] = (rec->length) >> 8;
-    header[12] = (rec->length) & 0xff;
-
-    if (!send &&
-        EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
-        ssl3_cbc_record_digest_supported(mac_ctx)) {
-        /*
-         * This is a CBC-encrypted record. We must avoid leaking any
-         * timing-side channel information about how many blocks of data we
-         * are hashing because that gives an attacker a timing-oracle.
-         */
-        /* Final param == not SSLv3 */
-        if (ssl3_cbc_digest_record(mac_ctx,
-                                   md, &md_size,
-                                   header, rec->input,
-                                   rec->length + md_size, orig_len,
-                                   ssl->s3->read_mac_secret,
-                                   ssl->s3->read_mac_secret_size, 0) <= 0) {
-            if (!stream_mac)
-                EVP_MD_CTX_cleanup(&hmac);
-            return -1;
-        }
-    } else {
-        if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0
-                || EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0
-                || EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) {
-            if (!stream_mac)
-                EVP_MD_CTX_cleanup(&hmac);
-            return -1;
-        }
-#ifdef OPENSSL_FIPS
-        if (!send && FIPS_mode())
-            tls_fips_digest_extra(ssl->enc_read_ctx,
-                                  mac_ctx, rec->input, rec->length, orig_len);
-#endif
-    }
-
-    if (!stream_mac)
-        EVP_MD_CTX_cleanup(&hmac);
-#ifdef TLS_DEBUG
-    fprintf(stderr, "seq=");
-    {
-        int z;
-        for (z = 0; z < 8; z++)
-            fprintf(stderr, "%02X ", seq[z]);
-        fprintf(stderr, "\n");
-    }
-    fprintf(stderr, "rec=");
-    {
-        unsigned int z;
-        for (z = 0; z < rec->length; z++)
-            fprintf(stderr, "%02X ", rec->data[z]);
-        fprintf(stderr, "\n");
-    }
-#endif
-
-    if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER) {
-        for (i = 7; i >= 0; i--) {
-            ++seq[i];
-            if (seq[i] != 0)
-                break;
-        }
-    }
-#ifdef TLS_DEBUG
-    {
-        unsigned int z;
-        for (z = 0; z < md_size; z++)
-            fprintf(stderr, "%02X ", md[z]);
-        fprintf(stderr, "\n");
-    }
-#endif
-    return (md_size);
-}
-
-int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
-                                int len)
-{
-    unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
-    const void *co = NULL, *so = NULL;
-    int col = 0, sol = 0;
-
-#ifdef KSSL_DEBUG
-    fprintf(stderr, "tls1_generate_master_secret(%p,%p, %p, %d)\n", s, out, p,
-            len);
-#endif                          /* KSSL_DEBUG */
-
-#ifdef TLSEXT_TYPE_opaque_prf_input
-    if (s->s3->client_opaque_prf_input != NULL
-        && s->s3->server_opaque_prf_input != NULL
-        && s->s3->client_opaque_prf_input_len > 0
-        && s->s3->client_opaque_prf_input_len ==
-        s->s3->server_opaque_prf_input_len) {
-        co = s->s3->client_opaque_prf_input;
-        col = s->s3->server_opaque_prf_input_len;
-        so = s->s3->server_opaque_prf_input;
-        /*
-         * must be same as col (see
-         * draft-resc-00.txts-opaque-prf-input-00.txt, section 3.1)
-         */
-        sol = s->s3->client_opaque_prf_input_len;
-    }
-#endif
-
-    tls1_PRF(ssl_get_algorithm2(s),
-             TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE,
-             s->s3->client_random, SSL3_RANDOM_SIZE,
-             co, col,
-             s->s3->server_random, SSL3_RANDOM_SIZE,
-             so, sol, p, len, s->session->master_key, buff, sizeof buff);
-    OPENSSL_cleanse(buff, sizeof buff);
-#ifdef SSL_DEBUG
-    fprintf(stderr, "Premaster Secret:\n");
-    BIO_dump_fp(stderr, (char *)p, len);
-    fprintf(stderr, "Client Random:\n");
-    BIO_dump_fp(stderr, (char *)s->s3->client_random, SSL3_RANDOM_SIZE);
-    fprintf(stderr, "Server Random:\n");
-    BIO_dump_fp(stderr, (char *)s->s3->server_random, SSL3_RANDOM_SIZE);
-    fprintf(stderr, "Master Secret:\n");
-    BIO_dump_fp(stderr, (char *)s->session->master_key,
-                SSL3_MASTER_SECRET_SIZE);
-#endif
-
-#ifdef KSSL_DEBUG
-    fprintf(stderr, "tls1_generate_master_secret() complete\n");
-#endif                          /* KSSL_DEBUG */
-    return (SSL3_MASTER_SECRET_SIZE);
-}
-
-int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
-                                const char *label, size_t llen,
-                                const unsigned char *context,
-                                size_t contextlen, int use_context)
-{
-    unsigned char *buff;
-    unsigned char *val = NULL;
-    size_t vallen, currentvalpos;
-    int rv;
-
-#ifdef KSSL_DEBUG
-    fprintf(stderr, "tls1_export_keying_material(%p,%p,%lu,%s,%lu,%p,%lu)\n",
-            s, out, olen, label, llen, context, contextlen);
-#endif                          /* KSSL_DEBUG */
-
-    buff = OPENSSL_malloc(olen);
-    if (buff == NULL)
-        goto err2;
-
-    /*
-     * construct PRF arguments we construct the PRF argument ourself rather
-     * than passing separate values into the TLS PRF to ensure that the
-     * concatenation of values does not create a prohibited label.
-     */
-    vallen = llen + SSL3_RANDOM_SIZE * 2;
-    if (use_context) {
-        vallen += 2 + contextlen;
-    }
-
-    val = OPENSSL_malloc(vallen);
-    if (val == NULL)
-        goto err2;
-    currentvalpos = 0;
-    memcpy(val + currentvalpos, (unsigned char *)label, llen);
-    currentvalpos += llen;
-    memcpy(val + currentvalpos, s->s3->client_random, SSL3_RANDOM_SIZE);
-    currentvalpos += SSL3_RANDOM_SIZE;
-    memcpy(val + currentvalpos, s->s3->server_random, SSL3_RANDOM_SIZE);
-    currentvalpos += SSL3_RANDOM_SIZE;
-
-    if (use_context) {
-        val[currentvalpos] = (contextlen >> 8) & 0xff;
-        currentvalpos++;
-        val[currentvalpos] = contextlen & 0xff;
-        currentvalpos++;
-        if ((contextlen > 0) || (context != NULL)) {
-            memcpy(val + currentvalpos, context, contextlen);
-        }
-    }
-
-    /*
-     * disallow prohibited labels note that SSL3_RANDOM_SIZE > max(prohibited
-     * label len) = 15, so size of val > max(prohibited label len) = 15 and
-     * the comparisons won't have buffer overflow
-     */
-    if (memcmp(val, TLS_MD_CLIENT_FINISH_CONST,
-               TLS_MD_CLIENT_FINISH_CONST_SIZE) == 0)
-        goto err1;
-    if (memcmp(val, TLS_MD_SERVER_FINISH_CONST,
-               TLS_MD_SERVER_FINISH_CONST_SIZE) == 0)
-        goto err1;
-    if (memcmp(val, TLS_MD_MASTER_SECRET_CONST,
-               TLS_MD_MASTER_SECRET_CONST_SIZE) == 0)
-        goto err1;
-    if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST,
-               TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0)
-        goto err1;
-
-    rv = tls1_PRF(ssl_get_algorithm2(s),
-                  val, vallen,
-                  NULL, 0,
-                  NULL, 0,
-                  NULL, 0,
-                  NULL, 0,
-                  s->session->master_key, s->session->master_key_length,
-                  out, buff, olen);
-    OPENSSL_cleanse(val, vallen);
-    OPENSSL_cleanse(buff, olen);
-
-#ifdef KSSL_DEBUG
-    fprintf(stderr, "tls1_export_keying_material() complete\n");
-#endif                          /* KSSL_DEBUG */
-    goto ret;
- err1:
-    SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL,
-           SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
-    rv = 0;
-    goto ret;
- err2:
-    SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, ERR_R_MALLOC_FAILURE);
-    rv = 0;
- ret:
-    if (buff != NULL)
-        OPENSSL_free(buff);
-    if (val != NULL)
-        OPENSSL_free(val);
-    return (rv);
-}
-
-int tls1_alert_code(int code)
-{
-    switch (code) {
-    case SSL_AD_CLOSE_NOTIFY:
-        return (SSL3_AD_CLOSE_NOTIFY);
-    case SSL_AD_UNEXPECTED_MESSAGE:
-        return (SSL3_AD_UNEXPECTED_MESSAGE);
-    case SSL_AD_BAD_RECORD_MAC:
-        return (SSL3_AD_BAD_RECORD_MAC);
-    case SSL_AD_DECRYPTION_FAILED:
-        return (TLS1_AD_DECRYPTION_FAILED);
-    case SSL_AD_RECORD_OVERFLOW:
-        return (TLS1_AD_RECORD_OVERFLOW);
-    case SSL_AD_DECOMPRESSION_FAILURE:
-        return (SSL3_AD_DECOMPRESSION_FAILURE);
-    case SSL_AD_HANDSHAKE_FAILURE:
-        return (SSL3_AD_HANDSHAKE_FAILURE);
-    case SSL_AD_NO_CERTIFICATE:
-        return (-1);
-    case SSL_AD_BAD_CERTIFICATE:
-        return (SSL3_AD_BAD_CERTIFICATE);
-    case SSL_AD_UNSUPPORTED_CERTIFICATE:
-        return (SSL3_AD_UNSUPPORTED_CERTIFICATE);
-    case SSL_AD_CERTIFICATE_REVOKED:
-        return (SSL3_AD_CERTIFICATE_REVOKED);
-    case SSL_AD_CERTIFICATE_EXPIRED:
-        return (SSL3_AD_CERTIFICATE_EXPIRED);
-    case SSL_AD_CERTIFICATE_UNKNOWN:
-        return (SSL3_AD_CERTIFICATE_UNKNOWN);
-    case SSL_AD_ILLEGAL_PARAMETER:
-        return (SSL3_AD_ILLEGAL_PARAMETER);
-    case SSL_AD_UNKNOWN_CA:
-        return (TLS1_AD_UNKNOWN_CA);
-    case SSL_AD_ACCESS_DENIED:
-        return (TLS1_AD_ACCESS_DENIED);
-    case SSL_AD_DECODE_ERROR:
-        return (TLS1_AD_DECODE_ERROR);
-    case SSL_AD_DECRYPT_ERROR:
-        return (TLS1_AD_DECRYPT_ERROR);
-    case SSL_AD_EXPORT_RESTRICTION:
-        return (TLS1_AD_EXPORT_RESTRICTION);
-    case SSL_AD_PROTOCOL_VERSION:
-        return (TLS1_AD_PROTOCOL_VERSION);
-    case SSL_AD_INSUFFICIENT_SECURITY:
-        return (TLS1_AD_INSUFFICIENT_SECURITY);
-    case SSL_AD_INTERNAL_ERROR:
-        return (TLS1_AD_INTERNAL_ERROR);
-    case SSL_AD_USER_CANCELLED:
-        return (TLS1_AD_USER_CANCELLED);
-    case SSL_AD_NO_RENEGOTIATION:
-        return (TLS1_AD_NO_RENEGOTIATION);
-    case SSL_AD_UNSUPPORTED_EXTENSION:
-        return (TLS1_AD_UNSUPPORTED_EXTENSION);
-    case SSL_AD_CERTIFICATE_UNOBTAINABLE:
-        return (TLS1_AD_CERTIFICATE_UNOBTAINABLE);
-    case SSL_AD_UNRECOGNIZED_NAME:
-        return (TLS1_AD_UNRECOGNIZED_NAME);
-    case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
-        return (TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE);
-    case SSL_AD_BAD_CERTIFICATE_HASH_VALUE:
-        return (TLS1_AD_BAD_CERTIFICATE_HASH_VALUE);
-    case SSL_AD_UNKNOWN_PSK_IDENTITY:
-        return (TLS1_AD_UNKNOWN_PSK_IDENTITY);
-    case SSL_AD_INAPPROPRIATE_FALLBACK:
-        return (TLS1_AD_INAPPROPRIATE_FALLBACK);
-#if 0
-        /* not appropriate for TLS, not used for DTLS */
-    case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE:
-        return (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
-#endif
-    default:
-        return (-1);
-    }
-}

Copied: vendor-crypto/openssl/1.0.1u/ssl/t1_enc.c (from rev 11605, vendor-crypto/openssl/dist/ssl/t1_enc.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/ssl/t1_enc.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/ssl/t1_enc.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,1343 @@
+/* ssl/t1_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#ifndef OPENSSL_NO_COMP
+# include <openssl/comp.h>
+#endif
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/md5.h>
+#include <openssl/rand.h>
+#ifdef KSSL_DEBUG
+# include <openssl/des.h>
+#endif
+
+/* seed1 through seed5 are virtually concatenated */
+static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
+                       int sec_len,
+                       const void *seed1, int seed1_len,
+                       const void *seed2, int seed2_len,
+                       const void *seed3, int seed3_len,
+                       const void *seed4, int seed4_len,
+                       const void *seed5, int seed5_len,
+                       unsigned char *out, int olen)
+{
+    int chunk;
+    size_t j;
+    EVP_MD_CTX ctx, ctx_tmp;
+    EVP_PKEY *mac_key;
+    unsigned char A1[EVP_MAX_MD_SIZE];
+    size_t A1_len;
+    int ret = 0;
+
+    chunk = EVP_MD_size(md);
+    OPENSSL_assert(chunk >= 0);
+
+    EVP_MD_CTX_init(&ctx);
+    EVP_MD_CTX_init(&ctx_tmp);
+    EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+    EVP_MD_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+    mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
+    if (!mac_key)
+        goto err;
+    if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key))
+        goto err;
+    if (!EVP_DigestSignInit(&ctx_tmp, NULL, md, NULL, mac_key))
+        goto err;
+    if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len))
+        goto err;
+    if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len))
+        goto err;
+    if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len))
+        goto err;
+    if (seed4 && !EVP_DigestSignUpdate(&ctx, seed4, seed4_len))
+        goto err;
+    if (seed5 && !EVP_DigestSignUpdate(&ctx, seed5, seed5_len))
+        goto err;
+    if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
+        goto err;
+
+    for (;;) {
+        /* Reinit mac contexts */
+        if (!EVP_DigestSignInit(&ctx, NULL, md, NULL, mac_key))
+            goto err;
+        if (!EVP_DigestSignInit(&ctx_tmp, NULL, md, NULL, mac_key))
+            goto err;
+        if (!EVP_DigestSignUpdate(&ctx, A1, A1_len))
+            goto err;
+        if (!EVP_DigestSignUpdate(&ctx_tmp, A1, A1_len))
+            goto err;
+        if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len))
+            goto err;
+        if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len))
+            goto err;
+        if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len))
+            goto err;
+        if (seed4 && !EVP_DigestSignUpdate(&ctx, seed4, seed4_len))
+            goto err;
+        if (seed5 && !EVP_DigestSignUpdate(&ctx, seed5, seed5_len))
+            goto err;
+
+        if (olen > chunk) {
+            if (!EVP_DigestSignFinal(&ctx, out, &j))
+                goto err;
+            out += j;
+            olen -= j;
+            /* calc the next A1 value */
+            if (!EVP_DigestSignFinal(&ctx_tmp, A1, &A1_len))
+                goto err;
+        } else {                /* last one */
+
+            if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
+                goto err;
+            memcpy(out, A1, olen);
+            break;
+        }
+    }
+    ret = 1;
+ err:
+    EVP_PKEY_free(mac_key);
+    EVP_MD_CTX_cleanup(&ctx);
+    EVP_MD_CTX_cleanup(&ctx_tmp);
+    OPENSSL_cleanse(A1, sizeof(A1));
+    return ret;
+}
+
+/* seed1 through seed5 are virtually concatenated */
+static int tls1_PRF(long digest_mask,
+                    const void *seed1, int seed1_len,
+                    const void *seed2, int seed2_len,
+                    const void *seed3, int seed3_len,
+                    const void *seed4, int seed4_len,
+                    const void *seed5, int seed5_len,
+                    const unsigned char *sec, int slen,
+                    unsigned char *out1, unsigned char *out2, int olen)
+{
+    int len, i, idx, count;
+    const unsigned char *S1;
+    long m;
+    const EVP_MD *md;
+    int ret = 0;
+
+    /* Count number of digests and partition sec evenly */
+    count = 0;
+    for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) {
+        if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask)
+            count++;
+    }
+    if (!count) {
+        /* Should never happen */
+        SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    len = slen / count;
+    if (count == 1)
+        slen = 0;
+    S1 = sec;
+    memset(out1, 0, olen);
+    for (idx = 0; ssl_get_handshake_digest(idx, &m, &md); idx++) {
+        if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) {
+            if (!md) {
+                SSLerr(SSL_F_TLS1_PRF, SSL_R_UNSUPPORTED_DIGEST_TYPE);
+                goto err;
+            }
+            if (!tls1_P_hash(md, S1, len + (slen & 1),
+                             seed1, seed1_len, seed2, seed2_len, seed3,
+                             seed3_len, seed4, seed4_len, seed5, seed5_len,
+                             out2, olen))
+                goto err;
+            S1 += len;
+            for (i = 0; i < olen; i++) {
+                out1[i] ^= out2[i];
+            }
+        }
+    }
+    ret = 1;
+ err:
+    return ret;
+}
+
+static int tls1_generate_key_block(SSL *s, unsigned char *km,
+                                   unsigned char *tmp, int num)
+{
+    int ret;
+    ret = tls1_PRF(ssl_get_algorithm2(s),
+                   TLS_MD_KEY_EXPANSION_CONST,
+                   TLS_MD_KEY_EXPANSION_CONST_SIZE, s->s3->server_random,
+                   SSL3_RANDOM_SIZE, s->s3->client_random, SSL3_RANDOM_SIZE,
+                   NULL, 0, NULL, 0, s->session->master_key,
+                   s->session->master_key_length, km, tmp, num);
+#ifdef KSSL_DEBUG
+    fprintf(stderr, "tls1_generate_key_block() ==> %d byte master_key =\n\t",
+            s->session->master_key_length);
+    {
+        int i;
+        for (i = 0; i < s->session->master_key_length; i++) {
+            fprintf(stderr, "%02X", s->session->master_key[i]);
+        }
+        fprintf(stderr, "\n");
+    }
+#endif                          /* KSSL_DEBUG */
+    return ret;
+}
+
+int tls1_change_cipher_state(SSL *s, int which)
+{
+    static const unsigned char empty[] = "";
+    unsigned char *p, *mac_secret;
+    unsigned char *exp_label;
+    unsigned char tmp1[EVP_MAX_KEY_LENGTH];
+    unsigned char tmp2[EVP_MAX_KEY_LENGTH];
+    unsigned char iv1[EVP_MAX_IV_LENGTH * 2];
+    unsigned char iv2[EVP_MAX_IV_LENGTH * 2];
+    unsigned char *ms, *key, *iv;
+    int client_write;
+    EVP_CIPHER_CTX *dd;
+    const EVP_CIPHER *c;
+#ifndef OPENSSL_NO_COMP
+    const SSL_COMP *comp;
+#endif
+    const EVP_MD *m;
+    int mac_type;
+    int *mac_secret_size;
+    EVP_MD_CTX *mac_ctx;
+    EVP_PKEY *mac_key;
+    int is_export, n, i, j, k, exp_label_len, cl;
+    int reuse_dd = 0;
+
+    is_export = SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
+    c = s->s3->tmp.new_sym_enc;
+    m = s->s3->tmp.new_hash;
+    mac_type = s->s3->tmp.new_mac_pkey_type;
+#ifndef OPENSSL_NO_COMP
+    comp = s->s3->tmp.new_compression;
+#endif
+
+#ifdef KSSL_DEBUG
+    fprintf(stderr, "tls1_change_cipher_state(which= %d) w/\n", which);
+    fprintf(stderr, "\talg= %ld/%ld, comp= %p\n",
+            s->s3->tmp.new_cipher->algorithm_mkey,
+            s->s3->tmp.new_cipher->algorithm_auth, comp);
+    fprintf(stderr, "\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c);
+    fprintf(stderr, "\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",
+            c->nid, c->block_size, c->key_len, c->iv_len);
+    fprintf(stderr, "\tkey_block: len= %d, data= ",
+            s->s3->tmp.key_block_length);
+    {
+        int i;
+        for (i = 0; i < s->s3->tmp.key_block_length; i++)
+            fprintf(stderr, "%02x", s->s3->tmp.key_block[i]);
+        fprintf(stderr, "\n");
+    }
+#endif                          /* KSSL_DEBUG */
+
+    if (which & SSL3_CC_READ) {
+        if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
+            s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;
+        else
+            s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;
+
+        if (s->enc_read_ctx != NULL)
+            reuse_dd = 1;
+        else if ((s->enc_read_ctx =
+                  OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
+            goto err;
+        else
+            /*
+             * make sure it's intialized in case we exit later with an error
+             */
+            EVP_CIPHER_CTX_init(s->enc_read_ctx);
+        dd = s->enc_read_ctx;
+        mac_ctx = ssl_replace_hash(&s->read_hash, NULL);
+        if (mac_ctx == NULL)
+            goto err;
+#ifndef OPENSSL_NO_COMP
+        if (s->expand != NULL) {
+            COMP_CTX_free(s->expand);
+            s->expand = NULL;
+        }
+        if (comp != NULL) {
+            s->expand = COMP_CTX_new(comp->method);
+            if (s->expand == NULL) {
+                SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                       SSL_R_COMPRESSION_LIBRARY_ERROR);
+                goto err2;
+            }
+            if (s->s3->rrec.comp == NULL)
+                s->s3->rrec.comp = (unsigned char *)
+                    OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
+            if (s->s3->rrec.comp == NULL)
+                goto err;
+        }
+#endif
+        /*
+         * this is done by dtls1_reset_seq_numbers for DTLS1_VERSION
+         */
+        if (s->version != DTLS1_VERSION)
+            memset(&(s->s3->read_sequence[0]), 0, 8);
+        mac_secret = &(s->s3->read_mac_secret[0]);
+        mac_secret_size = &(s->s3->read_mac_secret_size);
+    } else {
+        if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
+            s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
+        else
+            s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
+        if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s))
+            reuse_dd = 1;
+        else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL)
+            goto err;
+        dd = s->enc_write_ctx;
+        if (SSL_IS_DTLS(s)) {
+            mac_ctx = EVP_MD_CTX_create();
+            if (mac_ctx == NULL)
+                goto err;
+            s->write_hash = mac_ctx;
+        } else {
+            mac_ctx = ssl_replace_hash(&s->write_hash, NULL);
+            if (mac_ctx == NULL)
+                goto err;
+        }
+#ifndef OPENSSL_NO_COMP
+        if (s->compress != NULL) {
+            COMP_CTX_free(s->compress);
+            s->compress = NULL;
+        }
+        if (comp != NULL) {
+            s->compress = COMP_CTX_new(comp->method);
+            if (s->compress == NULL) {
+                SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                       SSL_R_COMPRESSION_LIBRARY_ERROR);
+                goto err2;
+            }
+        }
+#endif
+        /*
+         * this is done by dtls1_reset_seq_numbers for DTLS1_VERSION
+         */
+        if (s->version != DTLS1_VERSION)
+            memset(&(s->s3->write_sequence[0]), 0, 8);
+        mac_secret = &(s->s3->write_mac_secret[0]);
+        mac_secret_size = &(s->s3->write_mac_secret_size);
+    }
+
+    if (reuse_dd)
+        EVP_CIPHER_CTX_cleanup(dd);
+
+    p = s->s3->tmp.key_block;
+    i = *mac_secret_size = s->s3->tmp.new_mac_secret_size;
+
+    cl = EVP_CIPHER_key_length(c);
+    j = is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
+                     cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
+    /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
+    /* If GCM mode only part of IV comes from PRF */
+    if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
+        k = EVP_GCM_TLS_FIXED_IV_LEN;
+    else
+        k = EVP_CIPHER_iv_length(c);
+    if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
+        (which == SSL3_CHANGE_CIPHER_SERVER_READ)) {
+        ms = &(p[0]);
+        n = i + i;
+        key = &(p[n]);
+        n += j + j;
+        iv = &(p[n]);
+        n += k + k;
+        exp_label = (unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST;
+        exp_label_len = TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE;
+        client_write = 1;
+    } else {
+        n = i;
+        ms = &(p[n]);
+        n += i + j;
+        key = &(p[n]);
+        n += j + k;
+        iv = &(p[n]);
+        n += k;
+        exp_label = (unsigned char *)TLS_MD_SERVER_WRITE_KEY_CONST;
+        exp_label_len = TLS_MD_SERVER_WRITE_KEY_CONST_SIZE;
+        client_write = 0;
+    }
+
+    if (n > s->s3->tmp.key_block_length) {
+        SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+        goto err2;
+    }
+
+    memcpy(mac_secret, ms, i);
+
+    if (!(EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) {
+        mac_key = EVP_PKEY_new_mac_key(mac_type, NULL,
+                                       mac_secret, *mac_secret_size);
+        if (mac_key == NULL
+                || EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key) <= 0) {
+            EVP_PKEY_free(mac_key);
+            SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+            goto err2;
+        }
+        EVP_PKEY_free(mac_key);
+    }
+#ifdef TLS_DEBUG
+    printf("which = %04X\nmac key=", which);
+    {
+        int z;
+        for (z = 0; z < i; z++)
+            printf("%02X%c", ms[z], ((z + 1) % 16) ? ' ' : '\n');
+    }
+#endif
+    if (is_export) {
+        /*
+         * In here I set both the read and write key/iv to the same value
+         * since only the correct one will be used :-).
+         */
+        if (!tls1_PRF(ssl_get_algorithm2(s),
+                      exp_label, exp_label_len,
+                      s->s3->client_random, SSL3_RANDOM_SIZE,
+                      s->s3->server_random, SSL3_RANDOM_SIZE,
+                      NULL, 0, NULL, 0,
+                      key, j, tmp1, tmp2, EVP_CIPHER_key_length(c)))
+            goto err2;
+        key = tmp1;
+
+        if (k > 0) {
+            if (!tls1_PRF(ssl_get_algorithm2(s),
+                          TLS_MD_IV_BLOCK_CONST, TLS_MD_IV_BLOCK_CONST_SIZE,
+                          s->s3->client_random, SSL3_RANDOM_SIZE,
+                          s->s3->server_random, SSL3_RANDOM_SIZE,
+                          NULL, 0, NULL, 0, empty, 0, iv1, iv2, k * 2))
+                goto err2;
+            if (client_write)
+                iv = iv1;
+            else
+                iv = &(iv1[k]);
+        }
+    }
+
+    s->session->key_arg_length = 0;
+#ifdef KSSL_DEBUG
+    {
+        int i;
+        fprintf(stderr, "EVP_CipherInit_ex(dd,c,key=,iv=,which)\n");
+        fprintf(stderr, "\tkey= ");
+        for (i = 0; i < c->key_len; i++)
+            fprintf(stderr, "%02x", key[i]);
+        fprintf(stderr, "\n");
+        fprintf(stderr, "\t iv= ");
+        for (i = 0; i < c->iv_len; i++)
+            fprintf(stderr, "%02x", iv[i]);
+        fprintf(stderr, "\n");
+    }
+#endif                          /* KSSL_DEBUG */
+
+    if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) {
+        if (!EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE))
+            || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, k, iv)) {
+            SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+            goto err2;
+        }
+    } else {
+        if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) {
+            SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+            goto err2;
+        }
+    }
+    /* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */
+    if ((EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size
+        && !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY,
+                                *mac_secret_size, mac_secret)) {
+        SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+        goto err2;
+    }
+
+#ifdef TLS_DEBUG
+    printf("which = %04X\nkey=", which);
+    {
+        int z;
+        for (z = 0; z < EVP_CIPHER_key_length(c); z++)
+            printf("%02X%c", key[z], ((z + 1) % 16) ? ' ' : '\n');
+    }
+    printf("\niv=");
+    {
+        int z;
+        for (z = 0; z < k; z++)
+            printf("%02X%c", iv[z], ((z + 1) % 16) ? ' ' : '\n');
+    }
+    printf("\n");
+#endif
+
+    OPENSSL_cleanse(tmp1, sizeof(tmp1));
+    OPENSSL_cleanse(tmp2, sizeof(tmp1));
+    OPENSSL_cleanse(iv1, sizeof(iv1));
+    OPENSSL_cleanse(iv2, sizeof(iv2));
+    return (1);
+ err:
+    SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
+ err2:
+    return (0);
+}
+
+int tls1_setup_key_block(SSL *s)
+{
+    unsigned char *p1, *p2 = NULL;
+    const EVP_CIPHER *c;
+    const EVP_MD *hash;
+    int num;
+    SSL_COMP *comp;
+    int mac_type = NID_undef, mac_secret_size = 0;
+    int ret = 0;
+
+#ifdef KSSL_DEBUG
+    fprintf(stderr, "tls1_setup_key_block()\n");
+#endif                          /* KSSL_DEBUG */
+
+    if (s->s3->tmp.key_block_length != 0)
+        return (1);
+
+    if (!ssl_cipher_get_evp
+        (s->session, &c, &hash, &mac_type, &mac_secret_size, &comp)) {
+        SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+        return (0);
+    }
+
+    s->s3->tmp.new_sym_enc = c;
+    s->s3->tmp.new_hash = hash;
+    s->s3->tmp.new_mac_pkey_type = mac_type;
+    s->s3->tmp.new_mac_secret_size = mac_secret_size;
+    num =
+        EVP_CIPHER_key_length(c) + mac_secret_size + EVP_CIPHER_iv_length(c);
+    num *= 2;
+
+    ssl3_cleanup_key_block(s);
+
+    if ((p1 = (unsigned char *)OPENSSL_malloc(num)) == NULL) {
+        SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    s->s3->tmp.key_block_length = num;
+    s->s3->tmp.key_block = p1;
+
+    if ((p2 = (unsigned char *)OPENSSL_malloc(num)) == NULL) {
+        SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(p1);
+        goto err;
+    }
+#ifdef TLS_DEBUG
+    printf("client random\n");
+    {
+        int z;
+        for (z = 0; z < SSL3_RANDOM_SIZE; z++)
+            printf("%02X%c", s->s3->client_random[z],
+                   ((z + 1) % 16) ? ' ' : '\n');
+    }
+    printf("server random\n");
+    {
+        int z;
+        for (z = 0; z < SSL3_RANDOM_SIZE; z++)
+            printf("%02X%c", s->s3->server_random[z],
+                   ((z + 1) % 16) ? ' ' : '\n');
+    }
+    printf("pre-master\n");
+    {
+        int z;
+        for (z = 0; z < s->session->master_key_length; z++)
+            printf("%02X%c", s->session->master_key[z],
+                   ((z + 1) % 16) ? ' ' : '\n');
+    }
+#endif
+    if (!tls1_generate_key_block(s, p1, p2, num))
+        goto err;
+#ifdef TLS_DEBUG
+    printf("\nkey block\n");
+    {
+        int z;
+        for (z = 0; z < num; z++)
+            printf("%02X%c", p1[z], ((z + 1) % 16) ? ' ' : '\n');
+    }
+#endif
+
+    if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
+        && s->method->version <= TLS1_VERSION) {
+        /*
+         * enable vulnerability countermeasure for CBC ciphers with known-IV
+         * problem (http://www.openssl.org/~bodo/tls-cbc.txt)
+         */
+        s->s3->need_empty_fragments = 1;
+
+        if (s->session->cipher != NULL) {
+            if (s->session->cipher->algorithm_enc == SSL_eNULL)
+                s->s3->need_empty_fragments = 0;
+
+#ifndef OPENSSL_NO_RC4
+            if (s->session->cipher->algorithm_enc == SSL_RC4)
+                s->s3->need_empty_fragments = 0;
+#endif
+        }
+    }
+
+    ret = 1;
+ err:
+    if (p2) {
+        OPENSSL_cleanse(p2, num);
+        OPENSSL_free(p2);
+    }
+    return (ret);
+}
+
+/*-
+ * tls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
+ *
+ * Returns:
+ *   0: (in non-constant time) if the record is publically invalid (i.e. too
+ *       short etc).
+ *   1: if the record's padding is valid / the encryption was successful.
+ *   -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
+ *       an internal error occured.
+ */
+int tls1_enc(SSL *s, int send)
+{
+    SSL3_RECORD *rec;
+    EVP_CIPHER_CTX *ds;
+    unsigned long l;
+    int bs, i, j, k, pad = 0, ret, mac_size = 0;
+    const EVP_CIPHER *enc;
+
+    if (send) {
+        if (EVP_MD_CTX_md(s->write_hash)) {
+            int n = EVP_MD_CTX_size(s->write_hash);
+            OPENSSL_assert(n >= 0);
+        }
+        ds = s->enc_write_ctx;
+        rec = &(s->s3->wrec);
+        if (s->enc_write_ctx == NULL)
+            enc = NULL;
+        else {
+            int ivlen;
+            enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
+            /* For TLSv1.1 and later explicit IV */
+            if (s->version >= TLS1_1_VERSION
+                && EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE)
+                ivlen = EVP_CIPHER_iv_length(enc);
+            else
+                ivlen = 0;
+            if (ivlen > 1) {
+                if (rec->data != rec->input)
+                    /*
+                     * we can't write into the input stream: Can this ever
+                     * happen?? (steve)
+                     */
+                    fprintf(stderr,
+                            "%s:%d: rec->data != rec->input\n",
+                            __FILE__, __LINE__);
+                else if (RAND_bytes(rec->input, ivlen) <= 0)
+                    return -1;
+            }
+        }
+    } else {
+        if (EVP_MD_CTX_md(s->read_hash)) {
+            int n = EVP_MD_CTX_size(s->read_hash);
+            OPENSSL_assert(n >= 0);
+        }
+        ds = s->enc_read_ctx;
+        rec = &(s->s3->rrec);
+        if (s->enc_read_ctx == NULL)
+            enc = NULL;
+        else
+            enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
+    }
+
+#ifdef KSSL_DEBUG
+    fprintf(stderr, "tls1_enc(%d)\n", send);
+#endif                          /* KSSL_DEBUG */
+
+    if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
+        memmove(rec->data, rec->input, rec->length);
+        rec->input = rec->data;
+        ret = 1;
+    } else {
+        l = rec->length;
+        bs = EVP_CIPHER_block_size(ds->cipher);
+
+        if (EVP_CIPHER_flags(ds->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
+            unsigned char buf[EVP_AEAD_TLS1_AAD_LEN], *seq;
+
+            seq = send ? s->s3->write_sequence : s->s3->read_sequence;
+
+            if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) {
+                unsigned char dtlsseq[9], *p = dtlsseq;
+
+                s2n(send ? s->d1->w_epoch : s->d1->r_epoch, p);
+                memcpy(p, &seq[2], 6);
+                memcpy(buf, dtlsseq, 8);
+            } else {
+                memcpy(buf, seq, 8);
+                for (i = 7; i >= 0; i--) { /* increment */
+                    ++seq[i];
+                    if (seq[i] != 0)
+                        break;
+                }
+            }
+
+            buf[8] = rec->type;
+            buf[9] = (unsigned char)(s->version >> 8);
+            buf[10] = (unsigned char)(s->version);
+            buf[11] = rec->length >> 8;
+            buf[12] = rec->length & 0xff;
+            pad = EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_AEAD_TLS1_AAD,
+                                      EVP_AEAD_TLS1_AAD_LEN, buf);
+            if (pad <= 0)
+                return -1;
+            if (send) {
+                l += pad;
+                rec->length += pad;
+            }
+        } else if ((bs != 1) && send) {
+            i = bs - ((int)l % bs);
+
+            /* Add weird padding of upto 256 bytes */
+
+            /* we need to add 'i' padding bytes of value j */
+            j = i - 1;
+            if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) {
+                if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
+                    j++;
+            }
+            for (k = (int)l; k < (int)(l + i); k++)
+                rec->input[k] = j;
+            l += i;
+            rec->length += i;
+        }
+#ifdef KSSL_DEBUG
+        {
+            unsigned long ui;
+            fprintf(stderr,
+                    "EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
+                    ds, rec->data, rec->input, l);
+            fprintf(stderr,
+                    "\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%lu %lu], %d iv_len\n",
+                    ds->buf_len, ds->cipher->key_len, DES_KEY_SZ,
+                    DES_SCHEDULE_SZ, ds->cipher->iv_len);
+            fprintf(stderr, "\t\tIV: ");
+            for (i = 0; i < ds->cipher->iv_len; i++)
+                fprintf(stderr, "%02X", ds->iv[i]);
+            fprintf(stderr, "\n");
+            fprintf(stderr, "\trec->input=");
+            for (ui = 0; ui < l; ui++)
+                fprintf(stderr, " %02x", rec->input[ui]);
+            fprintf(stderr, "\n");
+        }
+#endif                          /* KSSL_DEBUG */
+
+        if (!send) {
+            if (l == 0 || l % bs != 0)
+                return 0;
+        }
+
+        i = EVP_Cipher(ds, rec->data, rec->input, l);
+        if ((EVP_CIPHER_flags(ds->cipher) & EVP_CIPH_FLAG_CUSTOM_CIPHER)
+            ? (i < 0)
+            : (i == 0))
+            return -1;          /* AEAD can fail to verify MAC */
+        if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE && !send) {
+            rec->data += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+            rec->input += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+            rec->length -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
+        }
+#ifdef KSSL_DEBUG
+        {
+            unsigned long i;
+            fprintf(stderr, "\trec->data=");
+            for (i = 0; i < l; i++)
+                fprintf(stderr, " %02x", rec->data[i]);
+            fprintf(stderr, "\n");
+        }
+#endif                          /* KSSL_DEBUG */
+
+        ret = 1;
+        if (EVP_MD_CTX_md(s->read_hash) != NULL)
+            mac_size = EVP_MD_CTX_size(s->read_hash);
+        if ((bs != 1) && !send)
+            ret = tls1_cbc_remove_padding(s, rec, bs, mac_size);
+        if (pad && !send)
+            rec->length -= pad;
+    }
+    return ret;
+}
+
+int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
+{
+    unsigned int ret;
+    EVP_MD_CTX ctx, *d = NULL;
+    int i;
+
+    if (s->s3->handshake_buffer)
+        if (!ssl3_digest_cached_records(s))
+            return 0;
+
+    for (i = 0; i < SSL_MAX_DIGEST; i++) {
+        if (s->s3->handshake_dgst[i]
+            && EVP_MD_CTX_type(s->s3->handshake_dgst[i]) == md_nid) {
+            d = s->s3->handshake_dgst[i];
+            break;
+        }
+    }
+    if (!d) {
+        SSLerr(SSL_F_TLS1_CERT_VERIFY_MAC, SSL_R_NO_REQUIRED_DIGEST);
+        return 0;
+    }
+
+    EVP_MD_CTX_init(&ctx);
+    if (EVP_MD_CTX_copy_ex(&ctx, d) <=0
+            || EVP_DigestFinal_ex(&ctx, out, &ret) <= 0)
+        ret = 0;
+    EVP_MD_CTX_cleanup(&ctx);
+    return ((int)ret);
+}
+
+int tls1_final_finish_mac(SSL *s,
+                          const char *str, int slen, unsigned char *out)
+{
+    unsigned int i;
+    EVP_MD_CTX ctx;
+    unsigned char buf[2 * EVP_MAX_MD_SIZE];
+    unsigned char *q, buf2[12];
+    int idx;
+    long mask;
+    int err = 0;
+    const EVP_MD *md;
+
+    q = buf;
+
+    if (s->s3->handshake_buffer)
+        if (!ssl3_digest_cached_records(s))
+            return 0;
+
+    EVP_MD_CTX_init(&ctx);
+
+    for (idx = 0; ssl_get_handshake_digest(idx, &mask, &md); idx++) {
+        if (mask & ssl_get_algorithm2(s)) {
+            int hashsize = EVP_MD_size(md);
+            EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];
+            if (!hdgst || hashsize < 0
+                || hashsize > (int)(sizeof buf - (size_t)(q - buf))) {
+                /*
+                 * internal error: 'buf' is too small for this cipersuite!
+                 */
+                err = 1;
+            } else {
+                if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
+                    !EVP_DigestFinal_ex(&ctx, q, &i) ||
+                    (i != (unsigned int)hashsize))
+                    err = 1;
+                q += hashsize;
+            }
+        }
+    }
+
+    if (!tls1_PRF(ssl_get_algorithm2(s),
+                  str, slen, buf, (int)(q - buf), NULL, 0, NULL, 0, NULL, 0,
+                  s->session->master_key, s->session->master_key_length,
+                  out, buf2, sizeof buf2))
+        err = 1;
+    EVP_MD_CTX_cleanup(&ctx);
+
+    OPENSSL_cleanse(buf, (int)(q - buf));
+    OPENSSL_cleanse(buf2, sizeof(buf2));
+    if (err)
+        return 0;
+    else
+        return sizeof buf2;
+}
+
+int tls1_mac(SSL *ssl, unsigned char *md, int send)
+{
+    SSL3_RECORD *rec;
+    unsigned char *seq;
+    EVP_MD_CTX *hash;
+    size_t md_size, orig_len;
+    int i;
+    EVP_MD_CTX hmac, *mac_ctx;
+    unsigned char header[13];
+    int stream_mac = (send ? (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM)
+                      : (ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM));
+    int t;
+
+    if (send) {
+        rec = &(ssl->s3->wrec);
+        seq = &(ssl->s3->write_sequence[0]);
+        hash = ssl->write_hash;
+    } else {
+        rec = &(ssl->s3->rrec);
+        seq = &(ssl->s3->read_sequence[0]);
+        hash = ssl->read_hash;
+    }
+
+    t = EVP_MD_CTX_size(hash);
+    OPENSSL_assert(t >= 0);
+    md_size = t;
+
+    /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
+    if (stream_mac) {
+        mac_ctx = hash;
+    } else {
+        if (!EVP_MD_CTX_copy(&hmac, hash))
+            return -1;
+        mac_ctx = &hmac;
+    }
+
+    if (ssl->version == DTLS1_VERSION || ssl->version == DTLS1_BAD_VER) {
+        unsigned char dtlsseq[8], *p = dtlsseq;
+
+        s2n(send ? ssl->d1->w_epoch : ssl->d1->r_epoch, p);
+        memcpy(p, &seq[2], 6);
+
+        memcpy(header, dtlsseq, 8);
+    } else
+        memcpy(header, seq, 8);
+
+    /*
+     * kludge: tls1_cbc_remove_padding passes padding length in rec->type
+     */
+    orig_len = rec->length + md_size + ((unsigned int)rec->type >> 8);
+    rec->type &= 0xff;
+
+    header[8] = rec->type;
+    header[9] = (unsigned char)(ssl->version >> 8);
+    header[10] = (unsigned char)(ssl->version);
+    header[11] = (rec->length) >> 8;
+    header[12] = (rec->length) & 0xff;
+
+    if (!send &&
+        EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
+        ssl3_cbc_record_digest_supported(mac_ctx)) {
+        /*
+         * This is a CBC-encrypted record. We must avoid leaking any
+         * timing-side channel information about how many blocks of data we
+         * are hashing because that gives an attacker a timing-oracle.
+         */
+        /* Final param == not SSLv3 */
+        if (ssl3_cbc_digest_record(mac_ctx,
+                                   md, &md_size,
+                                   header, rec->input,
+                                   rec->length + md_size, orig_len,
+                                   ssl->s3->read_mac_secret,
+                                   ssl->s3->read_mac_secret_size, 0) <= 0) {
+            if (!stream_mac)
+                EVP_MD_CTX_cleanup(&hmac);
+            return -1;
+        }
+    } else {
+        if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0
+                || EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0
+                || EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) {
+            if (!stream_mac)
+                EVP_MD_CTX_cleanup(&hmac);
+            return -1;
+        }
+#ifdef OPENSSL_FIPS
+        if (!send && FIPS_mode())
+            tls_fips_digest_extra(ssl->enc_read_ctx,
+                                  mac_ctx, rec->input, rec->length, orig_len);
+#endif
+    }
+
+    if (!stream_mac)
+        EVP_MD_CTX_cleanup(&hmac);
+#ifdef TLS_DEBUG
+    fprintf(stderr, "seq=");
+    {
+        int z;
+        for (z = 0; z < 8; z++)
+            fprintf(stderr, "%02X ", seq[z]);
+        fprintf(stderr, "\n");
+    }
+    fprintf(stderr, "rec=");
+    {
+        unsigned int z;
+        for (z = 0; z < rec->length; z++)
+            fprintf(stderr, "%02X ", rec->data[z]);
+        fprintf(stderr, "\n");
+    }
+#endif
+
+    if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER) {
+        for (i = 7; i >= 0; i--) {
+            ++seq[i];
+            if (seq[i] != 0)
+                break;
+        }
+    }
+#ifdef TLS_DEBUG
+    {
+        unsigned int z;
+        for (z = 0; z < md_size; z++)
+            fprintf(stderr, "%02X ", md[z]);
+        fprintf(stderr, "\n");
+    }
+#endif
+    return (md_size);
+}
+
+int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
+                                int len)
+{
+    unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
+    const void *co = NULL, *so = NULL;
+    int col = 0, sol = 0;
+
+#ifdef KSSL_DEBUG
+    fprintf(stderr, "tls1_generate_master_secret(%p,%p, %p, %d)\n", s, out, p,
+            len);
+#endif                          /* KSSL_DEBUG */
+
+#ifdef TLSEXT_TYPE_opaque_prf_input
+    if (s->s3->client_opaque_prf_input != NULL
+        && s->s3->server_opaque_prf_input != NULL
+        && s->s3->client_opaque_prf_input_len > 0
+        && s->s3->client_opaque_prf_input_len ==
+        s->s3->server_opaque_prf_input_len) {
+        co = s->s3->client_opaque_prf_input;
+        col = s->s3->server_opaque_prf_input_len;
+        so = s->s3->server_opaque_prf_input;
+        /*
+         * must be same as col (see
+         * draft-rescorla-tls-opaque-prf-input-00.txt, section 3.1)
+         */
+        sol = s->s3->client_opaque_prf_input_len;
+    }
+#endif
+
+    tls1_PRF(ssl_get_algorithm2(s),
+             TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE,
+             s->s3->client_random, SSL3_RANDOM_SIZE,
+             co, col,
+             s->s3->server_random, SSL3_RANDOM_SIZE,
+             so, sol, p, len, s->session->master_key, buff, sizeof buff);
+    OPENSSL_cleanse(buff, sizeof buff);
+#ifdef SSL_DEBUG
+    fprintf(stderr, "Premaster Secret:\n");
+    BIO_dump_fp(stderr, (char *)p, len);
+    fprintf(stderr, "Client Random:\n");
+    BIO_dump_fp(stderr, (char *)s->s3->client_random, SSL3_RANDOM_SIZE);
+    fprintf(stderr, "Server Random:\n");
+    BIO_dump_fp(stderr, (char *)s->s3->server_random, SSL3_RANDOM_SIZE);
+    fprintf(stderr, "Master Secret:\n");
+    BIO_dump_fp(stderr, (char *)s->session->master_key,
+                SSL3_MASTER_SECRET_SIZE);
+#endif
+
+#ifdef KSSL_DEBUG
+    fprintf(stderr, "tls1_generate_master_secret() complete\n");
+#endif                          /* KSSL_DEBUG */
+    return (SSL3_MASTER_SECRET_SIZE);
+}
+
+int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+                                const char *label, size_t llen,
+                                const unsigned char *context,
+                                size_t contextlen, int use_context)
+{
+    unsigned char *buff;
+    unsigned char *val = NULL;
+    size_t vallen, currentvalpos;
+    int rv;
+
+#ifdef KSSL_DEBUG
+    fprintf(stderr, "tls1_export_keying_material(%p,%p,%lu,%s,%lu,%p,%lu)\n",
+            s, out, olen, label, llen, context, contextlen);
+#endif                          /* KSSL_DEBUG */
+
+    buff = OPENSSL_malloc(olen);
+    if (buff == NULL)
+        goto err2;
+
+    /*
+     * construct PRF arguments we construct the PRF argument ourself rather
+     * than passing separate values into the TLS PRF to ensure that the
+     * concatenation of values does not create a prohibited label.
+     */
+    vallen = llen + SSL3_RANDOM_SIZE * 2;
+    if (use_context) {
+        vallen += 2 + contextlen;
+    }
+
+    val = OPENSSL_malloc(vallen);
+    if (val == NULL)
+        goto err2;
+    currentvalpos = 0;
+    memcpy(val + currentvalpos, (unsigned char *)label, llen);
+    currentvalpos += llen;
+    memcpy(val + currentvalpos, s->s3->client_random, SSL3_RANDOM_SIZE);
+    currentvalpos += SSL3_RANDOM_SIZE;
+    memcpy(val + currentvalpos, s->s3->server_random, SSL3_RANDOM_SIZE);
+    currentvalpos += SSL3_RANDOM_SIZE;
+
+    if (use_context) {
+        val[currentvalpos] = (contextlen >> 8) & 0xff;
+        currentvalpos++;
+        val[currentvalpos] = contextlen & 0xff;
+        currentvalpos++;
+        if ((contextlen > 0) || (context != NULL)) {
+            memcpy(val + currentvalpos, context, contextlen);
+        }
+    }
+
+    /*
+     * disallow prohibited labels note that SSL3_RANDOM_SIZE > max(prohibited
+     * label len) = 15, so size of val > max(prohibited label len) = 15 and
+     * the comparisons won't have buffer overflow
+     */
+    if (memcmp(val, TLS_MD_CLIENT_FINISH_CONST,
+               TLS_MD_CLIENT_FINISH_CONST_SIZE) == 0)
+        goto err1;
+    if (memcmp(val, TLS_MD_SERVER_FINISH_CONST,
+               TLS_MD_SERVER_FINISH_CONST_SIZE) == 0)
+        goto err1;
+    if (memcmp(val, TLS_MD_MASTER_SECRET_CONST,
+               TLS_MD_MASTER_SECRET_CONST_SIZE) == 0)
+        goto err1;
+    if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST,
+               TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0)
+        goto err1;
+
+    rv = tls1_PRF(ssl_get_algorithm2(s),
+                  val, vallen,
+                  NULL, 0,
+                  NULL, 0,
+                  NULL, 0,
+                  NULL, 0,
+                  s->session->master_key, s->session->master_key_length,
+                  out, buff, olen);
+    OPENSSL_cleanse(val, vallen);
+    OPENSSL_cleanse(buff, olen);
+
+#ifdef KSSL_DEBUG
+    fprintf(stderr, "tls1_export_keying_material() complete\n");
+#endif                          /* KSSL_DEBUG */
+    goto ret;
+ err1:
+    SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL,
+           SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
+    rv = 0;
+    goto ret;
+ err2:
+    SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, ERR_R_MALLOC_FAILURE);
+    rv = 0;
+ ret:
+    if (buff != NULL)
+        OPENSSL_free(buff);
+    if (val != NULL)
+        OPENSSL_free(val);
+    return (rv);
+}
+
+int tls1_alert_code(int code)
+{
+    switch (code) {
+    case SSL_AD_CLOSE_NOTIFY:
+        return (SSL3_AD_CLOSE_NOTIFY);
+    case SSL_AD_UNEXPECTED_MESSAGE:
+        return (SSL3_AD_UNEXPECTED_MESSAGE);
+    case SSL_AD_BAD_RECORD_MAC:
+        return (SSL3_AD_BAD_RECORD_MAC);
+    case SSL_AD_DECRYPTION_FAILED:
+        return (TLS1_AD_DECRYPTION_FAILED);
+    case SSL_AD_RECORD_OVERFLOW:
+        return (TLS1_AD_RECORD_OVERFLOW);
+    case SSL_AD_DECOMPRESSION_FAILURE:
+        return (SSL3_AD_DECOMPRESSION_FAILURE);
+    case SSL_AD_HANDSHAKE_FAILURE:
+        return (SSL3_AD_HANDSHAKE_FAILURE);
+    case SSL_AD_NO_CERTIFICATE:
+        return (-1);
+    case SSL_AD_BAD_CERTIFICATE:
+        return (SSL3_AD_BAD_CERTIFICATE);
+    case SSL_AD_UNSUPPORTED_CERTIFICATE:
+        return (SSL3_AD_UNSUPPORTED_CERTIFICATE);
+    case SSL_AD_CERTIFICATE_REVOKED:
+        return (SSL3_AD_CERTIFICATE_REVOKED);
+    case SSL_AD_CERTIFICATE_EXPIRED:
+        return (SSL3_AD_CERTIFICATE_EXPIRED);
+    case SSL_AD_CERTIFICATE_UNKNOWN:
+        return (SSL3_AD_CERTIFICATE_UNKNOWN);
+    case SSL_AD_ILLEGAL_PARAMETER:
+        return (SSL3_AD_ILLEGAL_PARAMETER);
+    case SSL_AD_UNKNOWN_CA:
+        return (TLS1_AD_UNKNOWN_CA);
+    case SSL_AD_ACCESS_DENIED:
+        return (TLS1_AD_ACCESS_DENIED);
+    case SSL_AD_DECODE_ERROR:
+        return (TLS1_AD_DECODE_ERROR);
+    case SSL_AD_DECRYPT_ERROR:
+        return (TLS1_AD_DECRYPT_ERROR);
+    case SSL_AD_EXPORT_RESTRICTION:
+        return (TLS1_AD_EXPORT_RESTRICTION);
+    case SSL_AD_PROTOCOL_VERSION:
+        return (TLS1_AD_PROTOCOL_VERSION);
+    case SSL_AD_INSUFFICIENT_SECURITY:
+        return (TLS1_AD_INSUFFICIENT_SECURITY);
+    case SSL_AD_INTERNAL_ERROR:
+        return (TLS1_AD_INTERNAL_ERROR);
+    case SSL_AD_USER_CANCELLED:
+        return (TLS1_AD_USER_CANCELLED);
+    case SSL_AD_NO_RENEGOTIATION:
+        return (TLS1_AD_NO_RENEGOTIATION);
+    case SSL_AD_UNSUPPORTED_EXTENSION:
+        return (TLS1_AD_UNSUPPORTED_EXTENSION);
+    case SSL_AD_CERTIFICATE_UNOBTAINABLE:
+        return (TLS1_AD_CERTIFICATE_UNOBTAINABLE);
+    case SSL_AD_UNRECOGNIZED_NAME:
+        return (TLS1_AD_UNRECOGNIZED_NAME);
+    case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
+        return (TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE);
+    case SSL_AD_BAD_CERTIFICATE_HASH_VALUE:
+        return (TLS1_AD_BAD_CERTIFICATE_HASH_VALUE);
+    case SSL_AD_UNKNOWN_PSK_IDENTITY:
+        return (TLS1_AD_UNKNOWN_PSK_IDENTITY);
+    case SSL_AD_INAPPROPRIATE_FALLBACK:
+        return (TLS1_AD_INAPPROPRIATE_FALLBACK);
+#if 0
+        /* not appropriate for TLS, not used for DTLS */
+    case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE:
+        return (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
+#endif
+    default:
+        return (-1);
+    }
+}

Deleted: vendor-crypto/openssl/1.0.1u/ssl/t1_lib.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/t1_lib.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/ssl/t1_lib.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,2704 +0,0 @@
-/* ssl/t1_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay at cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/ocsp.h>
-#include <openssl/rand.h>
-#include "ssl_locl.h"
-
-const char tls1_version_str[] = "TLSv1" OPENSSL_VERSION_PTEXT;
-
-#ifndef OPENSSL_NO_TLSEXT
-static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen,
-                              const unsigned char *sess_id, int sesslen,
-                              SSL_SESSION **psess);
-#endif
-
-SSL3_ENC_METHOD TLSv1_enc_data = {
-    tls1_enc,
-    tls1_mac,
-    tls1_setup_key_block,
-    tls1_generate_master_secret,
-    tls1_change_cipher_state,
-    tls1_final_finish_mac,
-    TLS1_FINISH_MAC_LENGTH,
-    tls1_cert_verify_mac,
-    TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
-    TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
-    tls1_alert_code,
-    tls1_export_keying_material,
-};
-
-long tls1_default_timeout(void)
-{
-    /*
-     * 2 hours, the 24 hours mentioned in the TLSv1 spec is way too long for
-     * http, the cache would over fill
-     */
-    return (60 * 60 * 2);
-}
-
-int tls1_new(SSL *s)
-{
-    if (!ssl3_new(s))
-        return (0);
-    s->method->ssl_clear(s);
-    return (1);
-}
-
-void tls1_free(SSL *s)
-{
-#ifndef OPENSSL_NO_TLSEXT
-    if (s->tlsext_session_ticket) {
-        OPENSSL_free(s->tlsext_session_ticket);
-    }
-#endif                          /* OPENSSL_NO_TLSEXT */
-    ssl3_free(s);
-}
-
-void tls1_clear(SSL *s)
-{
-    ssl3_clear(s);
-    s->version = s->method->version;
-}
-
-#ifndef OPENSSL_NO_EC
-
-static int nid_list[] = {
-    NID_sect163k1,              /* sect163k1 (1) */
-    NID_sect163r1,              /* sect163r1 (2) */
-    NID_sect163r2,              /* sect163r2 (3) */
-    NID_sect193r1,              /* sect193r1 (4) */
-    NID_sect193r2,              /* sect193r2 (5) */
-    NID_sect233k1,              /* sect233k1 (6) */
-    NID_sect233r1,              /* sect233r1 (7) */
-    NID_sect239k1,              /* sect239k1 (8) */
-    NID_sect283k1,              /* sect283k1 (9) */
-    NID_sect283r1,              /* sect283r1 (10) */
-    NID_sect409k1,              /* sect409k1 (11) */
-    NID_sect409r1,              /* sect409r1 (12) */
-    NID_sect571k1,              /* sect571k1 (13) */
-    NID_sect571r1,              /* sect571r1 (14) */
-    NID_secp160k1,              /* secp160k1 (15) */
-    NID_secp160r1,              /* secp160r1 (16) */
-    NID_secp160r2,              /* secp160r2 (17) */
-    NID_secp192k1,              /* secp192k1 (18) */
-    NID_X9_62_prime192v1,       /* secp192r1 (19) */
-    NID_secp224k1,              /* secp224k1 (20) */
-    NID_secp224r1,              /* secp224r1 (21) */
-    NID_secp256k1,              /* secp256k1 (22) */
-    NID_X9_62_prime256v1,       /* secp256r1 (23) */
-    NID_secp384r1,              /* secp384r1 (24) */
-    NID_secp521r1               /* secp521r1 (25) */
-};
-
-static int pref_list[] = {
-# ifndef OPENSSL_NO_EC2M
-    NID_sect571r1,              /* sect571r1 (14) */
-    NID_sect571k1,              /* sect571k1 (13) */
-# endif
-    NID_secp521r1,              /* secp521r1 (25) */
-# ifndef OPENSSL_NO_EC2M
-    NID_sect409k1,              /* sect409k1 (11) */
-    NID_sect409r1,              /* sect409r1 (12) */
-# endif
-    NID_secp384r1,              /* secp384r1 (24) */
-# ifndef OPENSSL_NO_EC2M
-    NID_sect283k1,              /* sect283k1 (9) */
-    NID_sect283r1,              /* sect283r1 (10) */
-# endif
-    NID_secp256k1,              /* secp256k1 (22) */
-    NID_X9_62_prime256v1,       /* secp256r1 (23) */
-# ifndef OPENSSL_NO_EC2M
-    NID_sect239k1,              /* sect239k1 (8) */
-    NID_sect233k1,              /* sect233k1 (6) */
-    NID_sect233r1,              /* sect233r1 (7) */
-# endif
-    NID_secp224k1,              /* secp224k1 (20) */
-    NID_secp224r1,              /* secp224r1 (21) */
-# ifndef OPENSSL_NO_EC2M
-    NID_sect193r1,              /* sect193r1 (4) */
-    NID_sect193r2,              /* sect193r2 (5) */
-# endif
-    NID_secp192k1,              /* secp192k1 (18) */
-    NID_X9_62_prime192v1,       /* secp192r1 (19) */
-# ifndef OPENSSL_NO_EC2M
-    NID_sect163k1,              /* sect163k1 (1) */
-    NID_sect163r1,              /* sect163r1 (2) */
-    NID_sect163r2,              /* sect163r2 (3) */
-# endif
-    NID_secp160k1,              /* secp160k1 (15) */
-    NID_secp160r1,              /* secp160r1 (16) */
-    NID_secp160r2,              /* secp160r2 (17) */
-};
-
-int tls1_ec_curve_id2nid(int curve_id)
-{
-    /* ECC curves from RFC 4492 */
-    if ((curve_id < 1) || ((unsigned int)curve_id >
-                           sizeof(nid_list) / sizeof(nid_list[0])))
-        return 0;
-    return nid_list[curve_id - 1];
-}
-
-int tls1_ec_nid2curve_id(int nid)
-{
-    /* ECC curves from RFC 4492 */
-    switch (nid) {
-    case NID_sect163k1:        /* sect163k1 (1) */
-        return 1;
-    case NID_sect163r1:        /* sect163r1 (2) */
-        return 2;
-    case NID_sect163r2:        /* sect163r2 (3) */
-        return 3;
-    case NID_sect193r1:        /* sect193r1 (4) */
-        return 4;
-    case NID_sect193r2:        /* sect193r2 (5) */
-        return 5;
-    case NID_sect233k1:        /* sect233k1 (6) */
-        return 6;
-    case NID_sect233r1:        /* sect233r1 (7) */
-        return 7;
-    case NID_sect239k1:        /* sect239k1 (8) */
-        return 8;
-    case NID_sect283k1:        /* sect283k1 (9) */
-        return 9;
-    case NID_sect283r1:        /* sect283r1 (10) */
-        return 10;
-    case NID_sect409k1:        /* sect409k1 (11) */
-        return 11;
-    case NID_sect409r1:        /* sect409r1 (12) */
-        return 12;
-    case NID_sect571k1:        /* sect571k1 (13) */
-        return 13;
-    case NID_sect571r1:        /* sect571r1 (14) */
-        return 14;
-    case NID_secp160k1:        /* secp160k1 (15) */
-        return 15;
-    case NID_secp160r1:        /* secp160r1 (16) */
-        return 16;
-    case NID_secp160r2:        /* secp160r2 (17) */
-        return 17;
-    case NID_secp192k1:        /* secp192k1 (18) */
-        return 18;
-    case NID_X9_62_prime192v1: /* secp192r1 (19) */
-        return 19;
-    case NID_secp224k1:        /* secp224k1 (20) */
-        return 20;
-    case NID_secp224r1:        /* secp224r1 (21) */
-        return 21;
-    case NID_secp256k1:        /* secp256k1 (22) */
-        return 22;
-    case NID_X9_62_prime256v1: /* secp256r1 (23) */
-        return 23;
-    case NID_secp384r1:        /* secp384r1 (24) */
-        return 24;
-    case NID_secp521r1:        /* secp521r1 (25) */
-        return 25;
-    default:
-        return 0;
-    }
-}
-#endif                          /* OPENSSL_NO_EC */
-
-#ifndef OPENSSL_NO_TLSEXT
-
-/*
- * List of supported signature algorithms and hashes. Should make this
- * customisable at some point, for now include everything we support.
- */
-
-# ifdef OPENSSL_NO_RSA
-#  define tlsext_sigalg_rsa(md) /* */
-# else
-#  define tlsext_sigalg_rsa(md) md, TLSEXT_signature_rsa,
-# endif
-
-# ifdef OPENSSL_NO_DSA
-#  define tlsext_sigalg_dsa(md) /* */
-# else
-#  define tlsext_sigalg_dsa(md) md, TLSEXT_signature_dsa,
-# endif
-
-# ifdef OPENSSL_NO_ECDSA
-#  define tlsext_sigalg_ecdsa(md)
-                                /* */
-# else
-#  define tlsext_sigalg_ecdsa(md) md, TLSEXT_signature_ecdsa,
-# endif
-
-# define tlsext_sigalg(md) \
-                tlsext_sigalg_rsa(md) \
-                tlsext_sigalg_dsa(md) \
-                tlsext_sigalg_ecdsa(md)
-
-static unsigned char tls12_sigalgs[] = {
-# ifndef OPENSSL_NO_SHA512
-    tlsext_sigalg(TLSEXT_hash_sha512)
-        tlsext_sigalg(TLSEXT_hash_sha384)
-# endif
-# ifndef OPENSSL_NO_SHA256
-        tlsext_sigalg(TLSEXT_hash_sha256)
-        tlsext_sigalg(TLSEXT_hash_sha224)
-# endif
-# ifndef OPENSSL_NO_SHA
-        tlsext_sigalg(TLSEXT_hash_sha1)
-# endif
-};
-
-int tls12_get_req_sig_algs(SSL *s, unsigned char *p)
-{
-    size_t slen = sizeof(tls12_sigalgs);
-    if (p)
-        memcpy(p, tls12_sigalgs, slen);
-    return (int)slen;
-}
-
-unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
-                                          unsigned char *limit)
-{
-    int extdatalen = 0;
-    unsigned char *orig = buf;
-    unsigned char *ret = buf;
-
-    /* don't add extensions for SSLv3 unless doing secure renegotiation */
-    if (s->client_version == SSL3_VERSION && !s->s3->send_connection_binding)
-        return orig;
-
-    ret += 2;
-
-    if (ret >= limit)
-        return NULL;            /* this really never occurs, but ... */
-
-    if (s->tlsext_hostname != NULL) {
-        /* Add TLS extension servername to the Client Hello message */
-        unsigned long size_str;
-        long lenmax;
-
-        /*-
-         * check for enough space.
-         * 4 for the servername type and entension length
-         * 2 for servernamelist length
-         * 1 for the hostname type
-         * 2 for hostname length
-         * + hostname length
-         */
-
-        if ((lenmax = limit - ret - 9) < 0
-            || (size_str =
-                strlen(s->tlsext_hostname)) > (unsigned long)lenmax)
-            return NULL;
-
-        /* extension type and length */
-        s2n(TLSEXT_TYPE_server_name, ret);
-        s2n(size_str + 5, ret);
-
-        /* length of servername list */
-        s2n(size_str + 3, ret);
-
-        /* hostname type, length and hostname */
-        *(ret++) = (unsigned char)TLSEXT_NAMETYPE_host_name;
-        s2n(size_str, ret);
-        memcpy(ret, s->tlsext_hostname, size_str);
-        ret += size_str;
-    }
-
-    /* Add RI if renegotiating */
-    if (s->renegotiate) {
-        int el;
-
-        if (!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) {
-            SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-            return NULL;
-        }
-
-        if ((limit - ret - 4 - el) < 0)
-            return NULL;
-
-        s2n(TLSEXT_TYPE_renegotiate, ret);
-        s2n(el, ret);
-
-        if (!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) {
-            SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-            return NULL;
-        }
-
-        ret += el;
-    }
-# ifndef OPENSSL_NO_SRP
-    /* Add SRP username if there is one */
-    if (s->srp_ctx.login != NULL) { /* Add TLS extension SRP username to the
-                                     * Client Hello message */
-
-        int login_len = strlen(s->srp_ctx.login);
-        if (login_len > 255 || login_len == 0) {
-            SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-            return NULL;
-        }
-
-        /*-
-         * check for enough space.
-         * 4 for the srp type type and entension length
-         * 1 for the srp user identity
-         * + srp user identity length
-         */
-        if ((limit - ret - 5 - login_len) < 0)
-            return NULL;
-
-        /* fill in the extension */
-        s2n(TLSEXT_TYPE_srp, ret);
-        s2n(login_len + 1, ret);
-        (*ret++) = (unsigned char)login_len;
-        memcpy(ret, s->srp_ctx.login, login_len);
-        ret += login_len;
-    }
-# endif
-
-# ifndef OPENSSL_NO_EC
-    if (s->tlsext_ecpointformatlist != NULL) {
-        /*
-         * Add TLS extension ECPointFormats to the ClientHello message
-         */
-        long lenmax;
-
-        if ((lenmax = limit - ret - 5) < 0)
-            return NULL;
-        if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax)
-            return NULL;
-        if (s->tlsext_ecpointformatlist_length > 255) {
-            SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-            return NULL;
-        }
-
-        s2n(TLSEXT_TYPE_ec_point_formats, ret);
-        s2n(s->tlsext_ecpointformatlist_length + 1, ret);
-        *(ret++) = (unsigned char)s->tlsext_ecpointformatlist_length;
-        memcpy(ret, s->tlsext_ecpointformatlist,
-               s->tlsext_ecpointformatlist_length);
-        ret += s->tlsext_ecpointformatlist_length;
-    }
-    if (s->tlsext_ellipticcurvelist != NULL) {
-        /*
-         * Add TLS extension EllipticCurves to the ClientHello message
-         */
-        long lenmax;
-
-        if ((lenmax = limit - ret - 6) < 0)
-            return NULL;
-        if (s->tlsext_ellipticcurvelist_length > (unsigned long)lenmax)
-            return NULL;
-        if (s->tlsext_ellipticcurvelist_length > 65532) {
-            SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-            return NULL;
-        }
-
-        s2n(TLSEXT_TYPE_elliptic_curves, ret);
-        s2n(s->tlsext_ellipticcurvelist_length + 2, ret);
-
-        s2n(s->tlsext_ellipticcurvelist_length, ret);
-        memcpy(ret, s->tlsext_ellipticcurvelist,
-               s->tlsext_ellipticcurvelist_length);
-        ret += s->tlsext_ellipticcurvelist_length;
-    }
-# endif                         /* OPENSSL_NO_EC */
-
-    if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) {
-        int ticklen;
-        if (!s->new_session && s->session && s->session->tlsext_tick)
-            ticklen = s->session->tlsext_ticklen;
-        else if (s->session && s->tlsext_session_ticket &&
-                 s->tlsext_session_ticket->data) {
-            ticklen = s->tlsext_session_ticket->length;
-            s->session->tlsext_tick = OPENSSL_malloc(ticklen);
-            if (!s->session->tlsext_tick)
-                return NULL;
-            memcpy(s->session->tlsext_tick,
-                   s->tlsext_session_ticket->data, ticklen);
-            s->session->tlsext_ticklen = ticklen;
-        } else
-            ticklen = 0;
-        if (ticklen == 0 && s->tlsext_session_ticket &&
-            s->tlsext_session_ticket->data == NULL)
-            goto skip_ext;
-        /*
-         * Check for enough room 2 for extension type, 2 for len rest for
-         * ticket
-         */
-        if ((long)(limit - ret - 4 - ticklen) < 0)
-            return NULL;
-        s2n(TLSEXT_TYPE_session_ticket, ret);
-        s2n(ticklen, ret);
-        if (ticklen) {
-            memcpy(ret, s->session->tlsext_tick, ticklen);
-            ret += ticklen;
-        }
-    }
- skip_ext:
-
-    if (TLS1_get_client_version(s) >= TLS1_2_VERSION) {
-        if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6)
-            return NULL;
-        s2n(TLSEXT_TYPE_signature_algorithms, ret);
-        s2n(sizeof(tls12_sigalgs) + 2, ret);
-        s2n(sizeof(tls12_sigalgs), ret);
-        memcpy(ret, tls12_sigalgs, sizeof(tls12_sigalgs));
-        ret += sizeof(tls12_sigalgs);
-    }
-# ifdef TLSEXT_TYPE_opaque_prf_input
-    if (s->s3->client_opaque_prf_input != NULL && s->version != DTLS1_VERSION) {
-        size_t col = s->s3->client_opaque_prf_input_len;
-
-        if ((long)(limit - ret - 6 - col < 0))
-            return NULL;
-        if (col > 0xFFFD)       /* can't happen */
-            return NULL;
-
-        s2n(TLSEXT_TYPE_opaque_prf_input, ret);
-        s2n(col + 2, ret);
-        s2n(col, ret);
-        memcpy(ret, s->s3->client_opaque_prf_input, col);
-        ret += col;
-    }
-# endif
-
-    if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&
-        s->version != DTLS1_VERSION) {
-        int i;
-        long extlen, idlen, itmp;
-        OCSP_RESPID *id;
-
-        idlen = 0;
-        for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) {
-            id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
-            itmp = i2d_OCSP_RESPID(id, NULL);
-            if (itmp <= 0)
-                return NULL;
-            idlen += itmp + 2;
-        }
-
-        if (s->tlsext_ocsp_exts) {
-            extlen = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL);
-            if (extlen < 0)
-                return NULL;
-        } else
-            extlen = 0;
-
-        if ((long)(limit - ret - 7 - extlen - idlen) < 0)
-            return NULL;
-        s2n(TLSEXT_TYPE_status_request, ret);
-        if (extlen + idlen > 0xFFF0)
-            return NULL;
-        s2n(extlen + idlen + 5, ret);
-        *(ret++) = TLSEXT_STATUSTYPE_ocsp;
-        s2n(idlen, ret);
-        for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) {
-            /* save position of id len */
-            unsigned char *q = ret;
-            id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
-            /* skip over id len */
-            ret += 2;
-            itmp = i2d_OCSP_RESPID(id, &ret);
-            /* write id len */
-            s2n(itmp, q);
-        }
-        s2n(extlen, ret);
-        if (extlen > 0)
-            i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret);
-    }
-# ifndef OPENSSL_NO_HEARTBEATS
-    /* Add Heartbeat extension */
-    if ((limit - ret - 4 - 1) < 0)
-        return NULL;
-    s2n(TLSEXT_TYPE_heartbeat, ret);
-    s2n(1, ret);
-    /*-
-     * Set mode:
-     * 1: peer may send requests
-     * 2: peer not allowed to send requests
-     */
-    if (s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_RECV_REQUESTS)
-        *(ret++) = SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
-    else
-        *(ret++) = SSL_TLSEXT_HB_ENABLED;
-# endif
-
-# ifndef OPENSSL_NO_NEXTPROTONEG
-    if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) {
-        /*
-         * The client advertises an emtpy extension to indicate its support
-         * for Next Protocol Negotiation
-         */
-        if (limit - ret - 4 < 0)
-            return NULL;
-        s2n(TLSEXT_TYPE_next_proto_neg, ret);
-        s2n(0, ret);
-    }
-# endif
-
-# ifndef OPENSSL_NO_SRTP
-    if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)) {
-        int el;
-
-        ssl_add_clienthello_use_srtp_ext(s, 0, &el, 0);
-
-        if ((limit - ret - 4 - el) < 0)
-            return NULL;
-
-        s2n(TLSEXT_TYPE_use_srtp, ret);
-        s2n(el, ret);
-
-        if (ssl_add_clienthello_use_srtp_ext(s, ret, &el, el)) {
-            SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-            return NULL;
-        }
-        ret += el;
-    }
-# endif
-    /*
-     * Add padding to workaround bugs in F5 terminators. See
-     * https://tools.ietf.org/html/draft-agl-tls-padding-03 NB: because this
-     * code works out the length of all existing extensions it MUST always
-     * appear last.
-     */
-    if (s->options & SSL_OP_TLSEXT_PADDING) {
-        int hlen = ret - (unsigned char *)s->init_buf->data;
-        /*
-         * The code in s23_clnt.c to build ClientHello messages includes the
-         * 5-byte record header in the buffer, while the code in s3_clnt.c
-         * does not.
-         */
-        if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
-            hlen -= 5;
-        if (hlen > 0xff && hlen < 0x200) {
-            hlen = 0x200 - hlen;
-            if (hlen >= 4)
-                hlen -= 4;
-            else
-                hlen = 0;
-
-            s2n(TLSEXT_TYPE_padding, ret);
-            s2n(hlen, ret);
-            memset(ret, 0, hlen);
-            ret += hlen;
-        }
-    }
-
-    if ((extdatalen = ret - orig - 2) == 0)
-        return orig;
-
-    s2n(extdatalen, orig);
-    return ret;
-}
-
-unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
-                                          unsigned char *limit)
-{
-    int extdatalen = 0;
-    unsigned char *orig = buf;
-    unsigned char *ret = buf;
-# ifndef OPENSSL_NO_NEXTPROTONEG
-    int next_proto_neg_seen;
-# endif
-
-    /*
-     * don't add extensions for SSLv3, unless doing secure renegotiation
-     */
-    if (s->version == SSL3_VERSION && !s->s3->send_connection_binding)
-        return orig;
-
-    ret += 2;
-    if (ret >= limit)
-        return NULL;            /* this really never occurs, but ... */
-
-    if (!s->hit && s->servername_done == 1
-        && s->session->tlsext_hostname != NULL) {
-        if ((long)(limit - ret - 4) < 0)
-            return NULL;
-
-        s2n(TLSEXT_TYPE_server_name, ret);
-        s2n(0, ret);
-    }
-
-    if (s->s3->send_connection_binding) {
-        int el;
-
-        if (!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) {
-            SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-            return NULL;
-        }
-
-        if ((limit - ret - 4 - el) < 0)
-            return NULL;
-
-        s2n(TLSEXT_TYPE_renegotiate, ret);
-        s2n(el, ret);
-
-        if (!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) {
-            SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-            return NULL;
-        }
-
-        ret += el;
-    }
-# ifndef OPENSSL_NO_EC
-    if (s->tlsext_ecpointformatlist != NULL) {
-        /*
-         * Add TLS extension ECPointFormats to the ServerHello message
-         */
-        long lenmax;
-
-        if ((lenmax = limit - ret - 5) < 0)
-            return NULL;
-        if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax)
-            return NULL;
-        if (s->tlsext_ecpointformatlist_length > 255) {
-            SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-            return NULL;
-        }
-
-        s2n(TLSEXT_TYPE_ec_point_formats, ret);
-        s2n(s->tlsext_ecpointformatlist_length + 1, ret);
-        *(ret++) = (unsigned char)s->tlsext_ecpointformatlist_length;
-        memcpy(ret, s->tlsext_ecpointformatlist,
-               s->tlsext_ecpointformatlist_length);
-        ret += s->tlsext_ecpointformatlist_length;
-
-    }
-    /*
-     * Currently the server should not respond with a SupportedCurves
-     * extension
-     */
-# endif                         /* OPENSSL_NO_EC */
-
-    if (s->tlsext_ticket_expected && !(SSL_get_options(s) & SSL_OP_NO_TICKET)) {
-        if ((long)(limit - ret - 4) < 0)
-            return NULL;
-        s2n(TLSEXT_TYPE_session_ticket, ret);
-        s2n(0, ret);
-    }
-
-    if (s->tlsext_status_expected) {
-        if ((long)(limit - ret - 4) < 0)
-            return NULL;
-        s2n(TLSEXT_TYPE_status_request, ret);
-        s2n(0, ret);
-    }
-# ifdef TLSEXT_TYPE_opaque_prf_input
-    if (s->s3->server_opaque_prf_input != NULL && s->version != DTLS1_VERSION) {
-        size_t sol = s->s3->server_opaque_prf_input_len;
-
-        if ((long)(limit - ret - 6 - sol) < 0)
-            return NULL;
-        if (sol > 0xFFFD)       /* can't happen */
-            return NULL;
-
-        s2n(TLSEXT_TYPE_opaque_prf_input, ret);
-        s2n(sol + 2, ret);
-        s2n(sol, ret);
-        memcpy(ret, s->s3->server_opaque_prf_input, sol);
-        ret += sol;
-    }
-# endif
-
-# ifndef OPENSSL_NO_SRTP
-    if (SSL_IS_DTLS(s) && s->srtp_profile) {
-        int el;
-
-        ssl_add_serverhello_use_srtp_ext(s, 0, &el, 0);
-
-        if ((limit - ret - 4 - el) < 0)
-            return NULL;
-
-        s2n(TLSEXT_TYPE_use_srtp, ret);
-        s2n(el, ret);
-
-        if (ssl_add_serverhello_use_srtp_ext(s, ret, &el, el)) {
-            SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-            return NULL;
-        }
-        ret += el;
-    }
-# endif
-
-    if (((s->s3->tmp.new_cipher->id & 0xFFFF) == 0x80
-         || (s->s3->tmp.new_cipher->id & 0xFFFF) == 0x81)
-        && (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG)) {
-        const unsigned char cryptopro_ext[36] = {
-            0xfd, 0xe8,         /* 65000 */
-            0x00, 0x20,         /* 32 bytes length */
-            0x30, 0x1e, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85,
-            0x03, 0x02, 0x02, 0x09, 0x30, 0x08, 0x06, 0x06,
-            0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08,
-            0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17
-        };
-        if (limit - ret < 36)
-            return NULL;
-        memcpy(ret, cryptopro_ext, 36);
-        ret += 36;
-
-    }
-# ifndef OPENSSL_NO_HEARTBEATS
-    /* Add Heartbeat extension if we've received one */
-    if (s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) {
-        if ((limit - ret - 4 - 1) < 0)
-            return NULL;
-        s2n(TLSEXT_TYPE_heartbeat, ret);
-        s2n(1, ret);
-        /*-
-         * Set mode:
-         * 1: peer may send requests
-         * 2: peer not allowed to send requests
-         */
-        if (s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_RECV_REQUESTS)
-            *(ret++) = SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
-        else
-            *(ret++) = SSL_TLSEXT_HB_ENABLED;
-
-    }
-# endif
-
-# ifndef OPENSSL_NO_NEXTPROTONEG
-    next_proto_neg_seen = s->s3->next_proto_neg_seen;
-    s->s3->next_proto_neg_seen = 0;
-    if (next_proto_neg_seen && s->ctx->next_protos_advertised_cb) {
-        const unsigned char *npa;
-        unsigned int npalen;
-        int r;
-
-        r = s->ctx->next_protos_advertised_cb(s, &npa, &npalen,
-                                              s->
-                                              ctx->next_protos_advertised_cb_arg);
-        if (r == SSL_TLSEXT_ERR_OK) {
-            if ((long)(limit - ret - 4 - npalen) < 0)
-                return NULL;
-            s2n(TLSEXT_TYPE_next_proto_neg, ret);
-            s2n(npalen, ret);
-            memcpy(ret, npa, npalen);
-            ret += npalen;
-            s->s3->next_proto_neg_seen = 1;
-        }
-    }
-# endif
-
-    if ((extdatalen = ret - orig - 2) == 0)
-        return orig;
-
-    s2n(extdatalen, orig);
-    return ret;
-}
-
-# ifndef OPENSSL_NO_EC
-/*-
- * ssl_check_for_safari attempts to fingerprint Safari using OS X
- * SecureTransport using the TLS extension block in |d|, of length |n|.
- * Safari, since 10.6, sends exactly these extensions, in this order:
- *   SNI,
- *   elliptic_curves
- *   ec_point_formats
- *
- * We wish to fingerprint Safari because they broke ECDHE-ECDSA support in 10.8,
- * but they advertise support. So enabling ECDHE-ECDSA ciphers breaks them.
- * Sadly we cannot differentiate 10.6, 10.7 and 10.8.4 (which work), from
- * 10.8..10.8.3 (which don't work).
- */
-static void ssl_check_for_safari(SSL *s, const unsigned char *data,
-                                 const unsigned char *limit)
-{
-    unsigned short type, size;
-    static const unsigned char kSafariExtensionsBlock[] = {
-        0x00, 0x0a,             /* elliptic_curves extension */
-        0x00, 0x08,             /* 8 bytes */
-        0x00, 0x06,             /* 6 bytes of curve ids */
-        0x00, 0x17,             /* P-256 */
-        0x00, 0x18,             /* P-384 */
-        0x00, 0x19,             /* P-521 */
-
-        0x00, 0x0b,             /* ec_point_formats */
-        0x00, 0x02,             /* 2 bytes */
-        0x01,                   /* 1 point format */
-        0x00,                   /* uncompressed */
-    };
-
-    /* The following is only present in TLS 1.2 */
-    static const unsigned char kSafariTLS12ExtensionsBlock[] = {
-        0x00, 0x0d,             /* signature_algorithms */
-        0x00, 0x0c,             /* 12 bytes */
-        0x00, 0x0a,             /* 10 bytes */
-        0x05, 0x01,             /* SHA-384/RSA */
-        0x04, 0x01,             /* SHA-256/RSA */
-        0x02, 0x01,             /* SHA-1/RSA */
-        0x04, 0x03,             /* SHA-256/ECDSA */
-        0x02, 0x03,             /* SHA-1/ECDSA */
-    };
-
-    if (data >= (limit - 2))
-        return;
-    data += 2;
-
-    if (data > (limit - 4))
-        return;
-    n2s(data, type);
-    n2s(data, size);
-
-    if (type != TLSEXT_TYPE_server_name)
-        return;
-
-    if (data + size > limit)
-        return;
-    data += size;
-
-    if (TLS1_get_client_version(s) >= TLS1_2_VERSION) {
-        const size_t len1 = sizeof(kSafariExtensionsBlock);
-        const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock);
-
-        if (data + len1 + len2 != limit)
-            return;
-        if (memcmp(data, kSafariExtensionsBlock, len1) != 0)
-            return;
-        if (memcmp(data + len1, kSafariTLS12ExtensionsBlock, len2) != 0)
-            return;
-    } else {
-        const size_t len = sizeof(kSafariExtensionsBlock);
-
-        if (data + len != limit)
-            return;
-        if (memcmp(data, kSafariExtensionsBlock, len) != 0)
-            return;
-    }
-
-    s->s3->is_probably_safari = 1;
-}
-# endif                         /* !OPENSSL_NO_EC */
-
-int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p,
-                                 unsigned char *limit, int *al)
-{
-    unsigned short type;
-    unsigned short size;
-    unsigned short len;
-    unsigned char *data = *p;
-    int renegotiate_seen = 0;
-    int sigalg_seen = 0;
-
-    s->servername_done = 0;
-    s->tlsext_status_type = -1;
-# ifndef OPENSSL_NO_NEXTPROTONEG
-    s->s3->next_proto_neg_seen = 0;
-# endif
-
-# ifndef OPENSSL_NO_HEARTBEATS
-    s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED |
-                             SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
-# endif
-
-# ifndef OPENSSL_NO_EC
-    if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
-        ssl_check_for_safari(s, data, limit);
-# endif                         /* !OPENSSL_NO_EC */
-
-# ifndef OPENSSL_NO_SRP
-    if (s->srp_ctx.login != NULL) {
-        OPENSSL_free(s->srp_ctx.login);
-        s->srp_ctx.login = NULL;
-    }
-# endif
-
-    s->srtp_profile = NULL;
-
-    if (data == limit)
-        goto ri_check;
-
-    if (data > (limit - 2))
-        goto err;
-
-    n2s(data, len);
-
-    if (data + len != limit)
-        goto err;
-
-    while (data <= (limit - 4)) {
-        n2s(data, type);
-        n2s(data, size);
-
-        if (data + size > (limit))
-            goto err;
-# if 0
-        fprintf(stderr, "Received extension type %d size %d\n", type, size);
-# endif
-        if (s->tlsext_debug_cb)
-            s->tlsext_debug_cb(s, 0, type, data, size, s->tlsext_debug_arg);
-/*-
- * The servername extension is treated as follows:
- *
- * - Only the hostname type is supported with a maximum length of 255.
- * - The servername is rejected if too long or if it contains zeros,
- *   in which case an fatal alert is generated.
- * - The servername field is maintained together with the session cache.
- * - When a session is resumed, the servername call back invoked in order
- *   to allow the application to position itself to the right context.
- * - The servername is acknowledged if it is new for a session or when
- *   it is identical to a previously used for the same session.
- *   Applications can control the behaviour.  They can at any time
- *   set a 'desirable' servername for a new SSL object. This can be the
- *   case for example with HTTPS when a Host: header field is received and
- *   a renegotiation is requested. In this case, a possible servername
- *   presented in the new client hello is only acknowledged if it matches
- *   the value of the Host: field.
- * - Applications must  use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
- *   if they provide for changing an explicit servername context for the
- *   session, i.e. when the session has been established with a servername
- *   extension.
- * - On session reconnect, the servername extension may be absent.
- *
- */
-
-        if (type == TLSEXT_TYPE_server_name) {
-            unsigned char *sdata;
-            int servname_type;
-            int dsize;
-
-            if (size < 2)
-                goto err;
-            n2s(data, dsize);
-            size -= 2;
-            if (dsize > size)
-                goto err;
-
-            sdata = data;
-            while (dsize > 3) {
-                servname_type = *(sdata++);
-                n2s(sdata, len);
-                dsize -= 3;
-
-                if (len > dsize)
-                    goto err;
-
-                if (s->servername_done == 0)
-                    switch (servname_type) {
-                    case TLSEXT_NAMETYPE_host_name:
-                        if (!s->hit) {
-                            if (s->session->tlsext_hostname)
-                                goto err;
-
-                            if (len > TLSEXT_MAXLEN_host_name) {
-                                *al = TLS1_AD_UNRECOGNIZED_NAME;
-                                return 0;
-                            }
-                            if ((s->session->tlsext_hostname =
-                                 OPENSSL_malloc(len + 1)) == NULL) {
-                                *al = TLS1_AD_INTERNAL_ERROR;
-                                return 0;
-                            }
-                            memcpy(s->session->tlsext_hostname, sdata, len);
-                            s->session->tlsext_hostname[len] = '\0';
-                            if (strlen(s->session->tlsext_hostname) != len) {
-                                OPENSSL_free(s->session->tlsext_hostname);
-                                s->session->tlsext_hostname = NULL;
-                                *al = TLS1_AD_UNRECOGNIZED_NAME;
-                                return 0;
-                            }
-                            s->servername_done = 1;
-
-                        } else
-                            s->servername_done = s->session->tlsext_hostname
-                                && strlen(s->session->tlsext_hostname) == len
-                                && strncmp(s->session->tlsext_hostname,
-                                           (char *)sdata, len) == 0;
-
-                        break;
-
-                    default:
-                        break;
-                    }
-
-                dsize -= len;
-            }
-            if (dsize != 0)
-                goto err;
-
-        }
-# ifndef OPENSSL_NO_SRP
-        else if (type == TLSEXT_TYPE_srp) {
-            if (size == 0 || ((len = data[0])) != (size - 1))
-                goto err;
-            if (s->srp_ctx.login != NULL)
-                goto err;
-            if ((s->srp_ctx.login = OPENSSL_malloc(len + 1)) == NULL)
-                return -1;
-            memcpy(s->srp_ctx.login, &data[1], len);
-            s->srp_ctx.login[len] = '\0';
-
-            if (strlen(s->srp_ctx.login) != len)
-                goto err;
-        }
-# endif
-
-# ifndef OPENSSL_NO_EC
-        else if (type == TLSEXT_TYPE_ec_point_formats) {
-            unsigned char *sdata = data;
-            int ecpointformatlist_length = *(sdata++);
-
-            if (ecpointformatlist_length != size - 1)
-                goto err;
-            if (!s->hit) {
-                if (s->session->tlsext_ecpointformatlist) {
-                    OPENSSL_free(s->session->tlsext_ecpointformatlist);
-                    s->session->tlsext_ecpointformatlist = NULL;
-                }
-                s->session->tlsext_ecpointformatlist_length = 0;
-                if ((s->session->tlsext_ecpointformatlist =
-                     OPENSSL_malloc(ecpointformatlist_length)) == NULL) {
-                    *al = TLS1_AD_INTERNAL_ERROR;
-                    return 0;
-                }
-                s->session->tlsext_ecpointformatlist_length =
-                    ecpointformatlist_length;
-                memcpy(s->session->tlsext_ecpointformatlist, sdata,
-                       ecpointformatlist_length);
-            }
-#  if 0
-            fprintf(stderr,
-                    "ssl_parse_clienthello_tlsext s->session->tlsext_ecpointformatlist (length=%i) ",
-                    s->session->tlsext_ecpointformatlist_length);
-            sdata = s->session->tlsext_ecpointformatlist;
-            for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++)
-                fprintf(stderr, "%i ", *(sdata++));
-            fprintf(stderr, "\n");
-#  endif
-        } else if (type == TLSEXT_TYPE_elliptic_curves) {
-            unsigned char *sdata = data;
-            int ellipticcurvelist_length = (*(sdata++) << 8);
-            ellipticcurvelist_length += (*(sdata++));
-
-            if (ellipticcurvelist_length != size - 2 ||
-                ellipticcurvelist_length < 1 ||
-                /* Each NamedCurve is 2 bytes. */
-                ellipticcurvelist_length & 1)
-                    goto err;
-
-            if (!s->hit) {
-                if (s->session->tlsext_ellipticcurvelist)
-                    goto err;
-
-                s->session->tlsext_ellipticcurvelist_length = 0;
-                if ((s->session->tlsext_ellipticcurvelist =
-                     OPENSSL_malloc(ellipticcurvelist_length)) == NULL) {
-                    *al = TLS1_AD_INTERNAL_ERROR;
-                    return 0;
-                }
-                s->session->tlsext_ellipticcurvelist_length =
-                    ellipticcurvelist_length;
-                memcpy(s->session->tlsext_ellipticcurvelist, sdata,
-                       ellipticcurvelist_length);
-            }
-#  if 0
-            fprintf(stderr,
-                    "ssl_parse_clienthello_tlsext s->session->tlsext_ellipticcurvelist (length=%i) ",
-                    s->session->tlsext_ellipticcurvelist_length);
-            sdata = s->session->tlsext_ellipticcurvelist;
-            for (i = 0; i < s->session->tlsext_ellipticcurvelist_length; i++)
-                fprintf(stderr, "%i ", *(sdata++));
-            fprintf(stderr, "\n");
-#  endif
-        }
-# endif                         /* OPENSSL_NO_EC */
-# ifdef TLSEXT_TYPE_opaque_prf_input
-        else if (type == TLSEXT_TYPE_opaque_prf_input &&
-                 s->version != DTLS1_VERSION) {
-            unsigned char *sdata = data;
-
-            if (size < 2) {
-                *al = SSL_AD_DECODE_ERROR;
-                return 0;
-            }
-            n2s(sdata, s->s3->client_opaque_prf_input_len);
-            if (s->s3->client_opaque_prf_input_len != size - 2) {
-                *al = SSL_AD_DECODE_ERROR;
-                return 0;
-            }
-
-            if (s->s3->client_opaque_prf_input != NULL) {
-                /* shouldn't really happen */
-                OPENSSL_free(s->s3->client_opaque_prf_input);
-            }
-
-            /* dummy byte just to get non-NULL */
-            if (s->s3->client_opaque_prf_input_len == 0)
-                s->s3->client_opaque_prf_input = OPENSSL_malloc(1);
-            else
-                s->s3->client_opaque_prf_input =
-                    BUF_memdup(sdata, s->s3->client_opaque_prf_input_len);
-            if (s->s3->client_opaque_prf_input == NULL) {
-                *al = TLS1_AD_INTERNAL_ERROR;
-                return 0;
-            }
-        }
-# endif
-        else if (type == TLSEXT_TYPE_session_ticket) {
-            if (s->tls_session_ticket_ext_cb &&
-                !s->tls_session_ticket_ext_cb(s, data, size,
-                                              s->tls_session_ticket_ext_cb_arg))
-            {
-                *al = TLS1_AD_INTERNAL_ERROR;
-                return 0;
-            }
-        } else if (type == TLSEXT_TYPE_renegotiate) {
-            if (!ssl_parse_clienthello_renegotiate_ext(s, data, size, al))
-                return 0;
-            renegotiate_seen = 1;
-        } else if (type == TLSEXT_TYPE_signature_algorithms) {
-            int dsize;
-            if (sigalg_seen || size < 2)
-                goto err;
-            sigalg_seen = 1;
-            n2s(data, dsize);
-            size -= 2;
-            if (dsize != size || dsize & 1)
-                goto err;
-            if (!tls1_process_sigalgs(s, data, dsize))
-                goto err;
-        } else if (type == TLSEXT_TYPE_status_request &&
-                   s->version != DTLS1_VERSION) {
-
-            if (size < 5)
-                goto err;
-
-            s->tlsext_status_type = *data++;
-            size--;
-            if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) {
-                const unsigned char *sdata;
-                int dsize;
-                /* Read in responder_id_list */
-                n2s(data, dsize);
-                size -= 2;
-                if (dsize > size)
-                    goto err;
-                while (dsize > 0) {
-                    OCSP_RESPID *id;
-                    int idsize;
-                    if (dsize < 4)
-                        goto err;
-                    n2s(data, idsize);
-                    dsize -= 2 + idsize;
-                    size -= 2 + idsize;
-                    if (dsize < 0)
-                        goto err;
-                    sdata = data;
-                    data += idsize;
-                    id = d2i_OCSP_RESPID(NULL, &sdata, idsize);
-                    if (!id)
-                        goto err;
-                    if (data != sdata) {
-                        OCSP_RESPID_free(id);
-                        goto err;
-                    }
-                    if (!s->tlsext_ocsp_ids
-                        && !(s->tlsext_ocsp_ids =
-                             sk_OCSP_RESPID_new_null())) {
-                        OCSP_RESPID_free(id);
-                        *al = SSL_AD_INTERNAL_ERROR;
-                        return 0;
-                    }
-                    if (!sk_OCSP_RESPID_push(s->tlsext_ocsp_ids, id)) {
-                        OCSP_RESPID_free(id);
-                        *al = SSL_AD_INTERNAL_ERROR;
-                        return 0;
-                    }
-                }
-
-                /* Read in request_extensions */
-                if (size < 2)
-                    goto err;
-                n2s(data, dsize);
-                size -= 2;
-                if (dsize != size)
-                    goto err;
-                sdata = data;
-                if (dsize > 0) {
-                    if (s->tlsext_ocsp_exts) {
-                        sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
-                                                   X509_EXTENSION_free);
-                    }
-
-                    s->tlsext_ocsp_exts =
-                        d2i_X509_EXTENSIONS(NULL, &sdata, dsize);
-                    if (!s->tlsext_ocsp_exts || (data + dsize != sdata))
-                        goto err;
-                }
-            }
-            /*
-             * We don't know what to do with any other type * so ignore it.
-             */
-            else
-                s->tlsext_status_type = -1;
-        }
-# ifndef OPENSSL_NO_HEARTBEATS
-        else if (type == TLSEXT_TYPE_heartbeat) {
-            switch (data[0]) {
-            case 0x01:         /* Client allows us to send HB requests */
-                s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
-                break;
-            case 0x02:         /* Client doesn't accept HB requests */
-                s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
-                s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
-                break;
-            default:
-                *al = SSL_AD_ILLEGAL_PARAMETER;
-                return 0;
-            }
-        }
-# endif
-# ifndef OPENSSL_NO_NEXTPROTONEG
-        else if (type == TLSEXT_TYPE_next_proto_neg &&
-                 s->s3->tmp.finish_md_len == 0) {
-            /*-
-             * We shouldn't accept this extension on a
-             * renegotiation.
-             *
-             * s->new_session will be set on renegotiation, but we
-             * probably shouldn't rely that it couldn't be set on
-             * the initial renegotation too in certain cases (when
-             * there's some other reason to disallow resuming an
-             * earlier session -- the current code won't be doing
-             * anything like that, but this might change).
-             *
-             * A valid sign that there's been a previous handshake
-             * in this connection is if s->s3->tmp.finish_md_len >
-             * 0.  (We are talking about a check that will happen
-             * in the Hello protocol round, well before a new
-             * Finished message could have been computed.)
-             */
-            s->s3->next_proto_neg_seen = 1;
-        }
-# endif
-
-        /* session ticket processed earlier */
-# ifndef OPENSSL_NO_SRTP
-        else if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)
-                 && type == TLSEXT_TYPE_use_srtp) {
-            if (ssl_parse_clienthello_use_srtp_ext(s, data, size, al))
-                return 0;
-        }
-# endif
-
-        data += size;
-    }
-
-    /* Spurious data on the end */
-    if (data != limit)
-        goto err;
-
-    *p = data;
-
- ri_check:
-
-    /* Need RI if renegotiating */
-
-    if (!renegotiate_seen && s->renegotiate &&
-        !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
-        *al = SSL_AD_HANDSHAKE_FAILURE;
-        SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT,
-               SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
-        return 0;
-    }
-
-    return 1;
-err:
-    *al = SSL_AD_DECODE_ERROR;
-    return 0;
-}
-
-# ifndef OPENSSL_NO_NEXTPROTONEG
-/*
- * ssl_next_proto_validate validates a Next Protocol Negotiation block. No
- * elements of zero length are allowed and the set of elements must exactly
- * fill the length of the block.
- */
-static char ssl_next_proto_validate(unsigned char *d, unsigned len)
-{
-    unsigned int off = 0;
-
-    while (off < len) {
-        if (d[off] == 0)
-            return 0;
-        off += d[off];
-        off++;
-    }
-
-    return off == len;
-}
-# endif
-
-int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
-                                 int n, int *al)
-{
-    unsigned short length;
-    unsigned short type;
-    unsigned short size;
-    unsigned char *data = *p;
-    int tlsext_servername = 0;
-    int renegotiate_seen = 0;
-
-# ifndef OPENSSL_NO_NEXTPROTONEG
-    s->s3->next_proto_neg_seen = 0;
-# endif
-    s->tlsext_ticket_expected = 0;
-
-# ifndef OPENSSL_NO_HEARTBEATS
-    s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED |
-                             SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
-# endif
-
-    if (data >= (d + n - 2))
-        goto ri_check;
-
-    n2s(data, length);
-    if (data + length != d + n) {
-        *al = SSL_AD_DECODE_ERROR;
-        return 0;
-    }
-
-    while (data <= (d + n - 4)) {
-        n2s(data, type);
-        n2s(data, size);
-
-        if (data + size > (d + n))
-            goto ri_check;
-
-        if (s->tlsext_debug_cb)
-            s->tlsext_debug_cb(s, 1, type, data, size, s->tlsext_debug_arg);
-
-        if (type == TLSEXT_TYPE_server_name) {
-            if (s->tlsext_hostname == NULL || size > 0) {
-                *al = TLS1_AD_UNRECOGNIZED_NAME;
-                return 0;
-            }
-            tlsext_servername = 1;
-        }
-# ifndef OPENSSL_NO_EC
-        else if (type == TLSEXT_TYPE_ec_point_formats) {
-            unsigned char *sdata = data;
-            int ecpointformatlist_length = *(sdata++);
-
-            if (ecpointformatlist_length != size - 1 ||
-                ecpointformatlist_length < 1) {
-                *al = TLS1_AD_DECODE_ERROR;
-                return 0;
-            }
-            if (!s->hit) {
-                s->session->tlsext_ecpointformatlist_length = 0;
-                if (s->session->tlsext_ecpointformatlist != NULL)
-                    OPENSSL_free(s->session->tlsext_ecpointformatlist);
-                if ((s->session->tlsext_ecpointformatlist =
-                     OPENSSL_malloc(ecpointformatlist_length)) == NULL) {
-                    *al = TLS1_AD_INTERNAL_ERROR;
-                    return 0;
-                }
-                s->session->tlsext_ecpointformatlist_length =
-                    ecpointformatlist_length;
-                memcpy(s->session->tlsext_ecpointformatlist, sdata,
-                       ecpointformatlist_length);
-            }
-#  if 0
-            fprintf(stderr,
-                    "ssl_parse_serverhello_tlsext s->session->tlsext_ecpointformatlist ");
-            sdata = s->session->tlsext_ecpointformatlist;
-            for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++)
-                fprintf(stderr, "%i ", *(sdata++));
-            fprintf(stderr, "\n");
-#  endif
-        }
-# endif                         /* OPENSSL_NO_EC */
-
-        else if (type == TLSEXT_TYPE_session_ticket) {
-            if (s->tls_session_ticket_ext_cb &&
-                !s->tls_session_ticket_ext_cb(s, data, size,
-                                              s->tls_session_ticket_ext_cb_arg))
-            {
-                *al = TLS1_AD_INTERNAL_ERROR;
-                return 0;
-            }
-            if ((SSL_get_options(s) & SSL_OP_NO_TICKET)
-                || (size > 0)) {
-                *al = TLS1_AD_UNSUPPORTED_EXTENSION;
-                return 0;
-            }
-            s->tlsext_ticket_expected = 1;
-        }
-# ifdef TLSEXT_TYPE_opaque_prf_input
-        else if (type == TLSEXT_TYPE_opaque_prf_input &&
-                 s->version != DTLS1_VERSION) {
-            unsigned char *sdata = data;
-
-            if (size < 2) {
-                *al = SSL_AD_DECODE_ERROR;
-                return 0;
-            }
-            n2s(sdata, s->s3->server_opaque_prf_input_len);
-            if (s->s3->server_opaque_prf_input_len != size - 2) {
-                *al = SSL_AD_DECODE_ERROR;
-                return 0;
-            }
-
-            if (s->s3->server_opaque_prf_input != NULL) {
-                /* shouldn't really happen */
-                OPENSSL_free(s->s3->server_opaque_prf_input);
-            }
-            if (s->s3->server_opaque_prf_input_len == 0) {
-                /* dummy byte just to get non-NULL */
-                s->s3->server_opaque_prf_input = OPENSSL_malloc(1);
-            } else {
-                s->s3->server_opaque_prf_input =
-                    BUF_memdup(sdata, s->s3->server_opaque_prf_input_len);
-            }
-
-            if (s->s3->server_opaque_prf_input == NULL) {
-                *al = TLS1_AD_INTERNAL_ERROR;
-                return 0;
-            }
-        }
-# endif
-        else if (type == TLSEXT_TYPE_status_request &&
-                 s->version != DTLS1_VERSION) {
-            /*
-             * MUST be empty and only sent if we've requested a status
-             * request message.
-             */
-            if ((s->tlsext_status_type == -1) || (size > 0)) {
-                *al = TLS1_AD_UNSUPPORTED_EXTENSION;
-                return 0;
-            }
-            /* Set flag to expect CertificateStatus message */
-            s->tlsext_status_expected = 1;
-        }
-# ifndef OPENSSL_NO_NEXTPROTONEG
-        else if (type == TLSEXT_TYPE_next_proto_neg &&
-                 s->s3->tmp.finish_md_len == 0) {
-            unsigned char *selected;
-            unsigned char selected_len;
-
-            /* We must have requested it. */
-            if (s->ctx->next_proto_select_cb == NULL) {
-                *al = TLS1_AD_UNSUPPORTED_EXTENSION;
-                return 0;
-            }
-            /* The data must be valid */
-            if (!ssl_next_proto_validate(data, size)) {
-                *al = TLS1_AD_DECODE_ERROR;
-                return 0;
-            }
-            if (s->
-                ctx->next_proto_select_cb(s, &selected, &selected_len, data,
-                                          size,
-                                          s->ctx->next_proto_select_cb_arg) !=
-                SSL_TLSEXT_ERR_OK) {
-                *al = TLS1_AD_INTERNAL_ERROR;
-                return 0;
-            }
-            s->next_proto_negotiated = OPENSSL_malloc(selected_len);
-            if (!s->next_proto_negotiated) {
-                *al = TLS1_AD_INTERNAL_ERROR;
-                return 0;
-            }
-            memcpy(s->next_proto_negotiated, selected, selected_len);
-            s->next_proto_negotiated_len = selected_len;
-            s->s3->next_proto_neg_seen = 1;
-        }
-# endif
-        else if (type == TLSEXT_TYPE_renegotiate) {
-            if (!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))
-                return 0;
-            renegotiate_seen = 1;
-        }
-# ifndef OPENSSL_NO_HEARTBEATS
-        else if (type == TLSEXT_TYPE_heartbeat) {
-            switch (data[0]) {
-            case 0x01:         /* Server allows us to send HB requests */
-                s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
-                break;
-            case 0x02:         /* Server doesn't accept HB requests */
-                s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
-                s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
-                break;
-            default:
-                *al = SSL_AD_ILLEGAL_PARAMETER;
-                return 0;
-            }
-        }
-# endif
-# ifndef OPENSSL_NO_SRTP
-        else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp) {
-            if (ssl_parse_serverhello_use_srtp_ext(s, data, size, al))
-                return 0;
-        }
-# endif
-
-        data += size;
-    }
-
-    if (data != d + n) {
-        *al = SSL_AD_DECODE_ERROR;
-        return 0;
-    }
-
-    if (!s->hit && tlsext_servername == 1) {
-        if (s->tlsext_hostname) {
-            if (s->session->tlsext_hostname == NULL) {
-                s->session->tlsext_hostname = BUF_strdup(s->tlsext_hostname);
-                if (!s->session->tlsext_hostname) {
-                    *al = SSL_AD_UNRECOGNIZED_NAME;
-                    return 0;
-                }
-            } else {
-                *al = SSL_AD_DECODE_ERROR;
-                return 0;
-            }
-        }
-    }
-
-    *p = data;
-
- ri_check:
-
-    /*
-     * Determine if we need to see RI. Strictly speaking if we want to avoid
-     * an attack we should *always* see RI even on initial server hello
-     * because the client doesn't see any renegotiation during an attack.
-     * However this would mean we could not connect to any server which
-     * doesn't support RI so for the immediate future tolerate RI absence on
-     * initial connect only.
-     */
-    if (!renegotiate_seen && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)
-        && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
-        *al = SSL_AD_HANDSHAKE_FAILURE;
-        SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT,
-               SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
-        return 0;
-    }
-
-    return 1;
-}
-
-int ssl_prepare_clienthello_tlsext(SSL *s)
-{
-# ifndef OPENSSL_NO_EC
-    /*
-     * If we are client and using an elliptic curve cryptography cipher
-     * suite, send the point formats and elliptic curves we support.
-     */
-    int using_ecc = 0;
-    int i;
-    unsigned char *j;
-    unsigned long alg_k, alg_a;
-    STACK_OF(SSL_CIPHER) *cipher_stack = SSL_get_ciphers(s);
-
-    for (i = 0; i < sk_SSL_CIPHER_num(cipher_stack); i++) {
-        SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i);
-
-        alg_k = c->algorithm_mkey;
-        alg_a = c->algorithm_auth;
-        if ((alg_k & (SSL_kEECDH | SSL_kECDHr | SSL_kECDHe)
-             || (alg_a & SSL_aECDSA))) {
-            using_ecc = 1;
-            break;
-        }
-    }
-    using_ecc = using_ecc && (s->version >= TLS1_VERSION);
-    if (using_ecc) {
-        if (s->tlsext_ecpointformatlist != NULL)
-            OPENSSL_free(s->tlsext_ecpointformatlist);
-        if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL) {
-            SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,
-                   ERR_R_MALLOC_FAILURE);
-            return -1;
-        }
-        s->tlsext_ecpointformatlist_length = 3;
-        s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed;
-        s->tlsext_ecpointformatlist[1] =
-            TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
-        s->tlsext_ecpointformatlist[2] =
-            TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
-
-        /* we support all named elliptic curves in RFC 4492 */
-        if (s->tlsext_ellipticcurvelist != NULL)
-            OPENSSL_free(s->tlsext_ellipticcurvelist);
-        s->tlsext_ellipticcurvelist_length =
-            sizeof(pref_list) / sizeof(pref_list[0]) * 2;
-        if ((s->tlsext_ellipticcurvelist =
-             OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL) {
-            s->tlsext_ellipticcurvelist_length = 0;
-            SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,
-                   ERR_R_MALLOC_FAILURE);
-            return -1;
-        }
-        for (i = 0, j = s->tlsext_ellipticcurvelist; (unsigned int)i <
-             sizeof(pref_list) / sizeof(pref_list[0]); i++) {
-            int id = tls1_ec_nid2curve_id(pref_list[i]);
-            s2n(id, j);
-        }
-    }
-# endif                         /* OPENSSL_NO_EC */
-
-# ifdef TLSEXT_TYPE_opaque_prf_input
-    {
-        int r = 1;
-
-        if (s->ctx->tlsext_opaque_prf_input_callback != 0) {
-            r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0,
-                                                         s->
-                                                         ctx->tlsext_opaque_prf_input_callback_arg);
-            if (!r)
-                return -1;
-        }
-
-        if (s->tlsext_opaque_prf_input != NULL) {
-            if (s->s3->client_opaque_prf_input != NULL) {
-                /* shouldn't really happen */
-                OPENSSL_free(s->s3->client_opaque_prf_input);
-            }
-
-            if (s->tlsext_opaque_prf_input_len == 0) {
-                /* dummy byte just to get non-NULL */
-                s->s3->client_opaque_prf_input = OPENSSL_malloc(1);
-            } else {
-                s->s3->client_opaque_prf_input =
-                    BUF_memdup(s->tlsext_opaque_prf_input,
-                               s->tlsext_opaque_prf_input_len);
-            }
-            if (s->s3->client_opaque_prf_input == NULL) {
-                SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,
-                       ERR_R_MALLOC_FAILURE);
-                return -1;
-            }
-            s->s3->client_opaque_prf_input_len =
-                s->tlsext_opaque_prf_input_len;
-        }
-
-        if (r == 2)
-            /*
-             * at callback's request, insist on receiving an appropriate
-             * server opaque PRF input
-             */
-            s->s3->server_opaque_prf_input_len =
-                s->tlsext_opaque_prf_input_len;
-    }
-# endif
-
-    return 1;
-}
-
-int ssl_prepare_serverhello_tlsext(SSL *s)
-{
-# ifndef OPENSSL_NO_EC
-    /*
-     * If we are server and using an ECC cipher suite, send the point formats
-     * we support if the client sent us an ECPointsFormat extension.  Note
-     * that the server is not supposed to send an EllipticCurves extension.
-     */
-
-    unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-    unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
-    int using_ecc = (alg_k & (SSL_kEECDH | SSL_kECDHr | SSL_kECDHe))
-        || (alg_a & SSL_aECDSA);
-    using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
-
-    if (using_ecc) {
-        if (s->tlsext_ecpointformatlist != NULL)
-            OPENSSL_free(s->tlsext_ecpointformatlist);
-        if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL) {
-            SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT,
-                   ERR_R_MALLOC_FAILURE);
-            return -1;
-        }
-        s->tlsext_ecpointformatlist_length = 3;
-        s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed;
-        s->tlsext_ecpointformatlist[1] =
-            TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
-        s->tlsext_ecpointformatlist[2] =
-            TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
-    }
-# endif                         /* OPENSSL_NO_EC */
-
-    return 1;
-}
-
-int ssl_check_clienthello_tlsext_early(SSL *s)
-{
-    int ret = SSL_TLSEXT_ERR_NOACK;
-    int al = SSL_AD_UNRECOGNIZED_NAME;
-
-# ifndef OPENSSL_NO_EC
-    /*
-     * The handling of the ECPointFormats extension is done elsewhere, namely
-     * in ssl3_choose_cipher in s3_lib.c.
-     */
-    /*
-     * The handling of the EllipticCurves extension is done elsewhere, namely
-     * in ssl3_choose_cipher in s3_lib.c.
-     */
-# endif
-
-    if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
-        ret =
-            s->ctx->tlsext_servername_callback(s, &al,
-                                               s->ctx->tlsext_servername_arg);
-    else if (s->initial_ctx != NULL
-             && s->initial_ctx->tlsext_servername_callback != 0)
-        ret =
-            s->initial_ctx->tlsext_servername_callback(s, &al,
-                                                       s->
-                                                       initial_ctx->tlsext_servername_arg);
-
-# ifdef TLSEXT_TYPE_opaque_prf_input
-    {
-        /*
-         * This sort of belongs into ssl_prepare_serverhello_tlsext(), but we
-         * might be sending an alert in response to the client hello, so this
-         * has to happen here in ssl_check_clienthello_tlsext_early().
-         */
-
-        int r = 1;
-
-        if (s->ctx->tlsext_opaque_prf_input_callback != 0) {
-            r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0,
-                                                         s->
-                                                         ctx->tlsext_opaque_prf_input_callback_arg);
-            if (!r) {
-                ret = SSL_TLSEXT_ERR_ALERT_FATAL;
-                al = SSL_AD_INTERNAL_ERROR;
-                goto err;
-            }
-        }
-
-        if (s->s3->server_opaque_prf_input != NULL) {
-            /* shouldn't really happen */
-            OPENSSL_free(s->s3->server_opaque_prf_input);
-        }
-        s->s3->server_opaque_prf_input = NULL;
-
-        if (s->tlsext_opaque_prf_input != NULL) {
-            if (s->s3->client_opaque_prf_input != NULL &&
-                s->s3->client_opaque_prf_input_len ==
-                s->tlsext_opaque_prf_input_len) {
-                /*
-                 * can only use this extension if we have a server opaque PRF
-                 * input of the same length as the client opaque PRF input!
-                 */
-
-                if (s->tlsext_opaque_prf_input_len == 0) {
-                    /* dummy byte just to get non-NULL */
-                    s->s3->server_opaque_prf_input = OPENSSL_malloc(1);
-                } else {
-                    s->s3->server_opaque_prf_input =
-                        BUF_memdup(s->tlsext_opaque_prf_input,
-                                   s->tlsext_opaque_prf_input_len);
-                }
-                if (s->s3->server_opaque_prf_input == NULL) {
-                    ret = SSL_TLSEXT_ERR_ALERT_FATAL;
-                    al = SSL_AD_INTERNAL_ERROR;
-                    goto err;
-                }
-                s->s3->server_opaque_prf_input_len =
-                    s->tlsext_opaque_prf_input_len;
-            }
-        }
-
-        if (r == 2 && s->s3->server_opaque_prf_input == NULL) {
-            /*
-             * The callback wants to enforce use of the extension, but we
-             * can't do that with the client opaque PRF input; abort the
-             * handshake.
-             */
-            ret = SSL_TLSEXT_ERR_ALERT_FATAL;
-            al = SSL_AD_HANDSHAKE_FAILURE;
-        }
-    }
-
- err:
-# endif
-    switch (ret) {
-    case SSL_TLSEXT_ERR_ALERT_FATAL:
-        ssl3_send_alert(s, SSL3_AL_FATAL, al);
-        return -1;
-
-    case SSL_TLSEXT_ERR_ALERT_WARNING:
-        ssl3_send_alert(s, SSL3_AL_WARNING, al);
-        return 1;
-
-    case SSL_TLSEXT_ERR_NOACK:
-        s->servername_done = 0;
-    default:
-        return 1;
-    }
-}
-
-int ssl_check_clienthello_tlsext_late(SSL *s)
-{
-    int ret = SSL_TLSEXT_ERR_OK;
-    int al;
-
-    /*
-     * If status request then ask callback what to do. Note: this must be
-     * called after servername callbacks in case the certificate has
-     * changed, and must be called after the cipher has been chosen because
-     * this may influence which certificate is sent
-     */
-    if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb) {
-        int r;
-        CERT_PKEY *certpkey;
-        certpkey = ssl_get_server_send_pkey(s);
-        /* If no certificate can't return certificate status */
-        if (certpkey == NULL) {
-            s->tlsext_status_expected = 0;
-            return 1;
-        }
-        /*
-         * Set current certificate to one we will use so SSL_get_certificate
-         * et al can pick it up.
-         */
-        s->cert->key = certpkey;
-        r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
-        switch (r) {
-            /* We don't want to send a status request response */
-        case SSL_TLSEXT_ERR_NOACK:
-            s->tlsext_status_expected = 0;
-            break;
-            /* status request response should be sent */
-        case SSL_TLSEXT_ERR_OK:
-            if (s->tlsext_ocsp_resp)
-                s->tlsext_status_expected = 1;
-            else
-                s->tlsext_status_expected = 0;
-            break;
-            /* something bad happened */
-        case SSL_TLSEXT_ERR_ALERT_FATAL:
-            ret = SSL_TLSEXT_ERR_ALERT_FATAL;
-            al = SSL_AD_INTERNAL_ERROR;
-            goto err;
-        }
-    } else
-        s->tlsext_status_expected = 0;
-
- err:
-    switch (ret) {
-    case SSL_TLSEXT_ERR_ALERT_FATAL:
-        ssl3_send_alert(s, SSL3_AL_FATAL, al);
-        return -1;
-
-    case SSL_TLSEXT_ERR_ALERT_WARNING:
-        ssl3_send_alert(s, SSL3_AL_WARNING, al);
-        return 1;
-
-    default:
-        return 1;
-    }
-}
-
-int ssl_check_serverhello_tlsext(SSL *s)
-{
-    int ret = SSL_TLSEXT_ERR_NOACK;
-    int al = SSL_AD_UNRECOGNIZED_NAME;
-
-# ifndef OPENSSL_NO_EC
-    /*
-     * If we are client and using an elliptic curve cryptography cipher
-     * suite, then if server returns an EC point formats lists extension it
-     * must contain uncompressed.
-     */
-    unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-    unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
-    if ((s->tlsext_ecpointformatlist != NULL)
-        && (s->tlsext_ecpointformatlist_length > 0)
-        && (s->session->tlsext_ecpointformatlist != NULL)
-        && (s->session->tlsext_ecpointformatlist_length > 0)
-        && ((alg_k & (SSL_kEECDH | SSL_kECDHr | SSL_kECDHe))
-            || (alg_a & SSL_aECDSA))) {
-        /* we are using an ECC cipher */
-        size_t i;
-        unsigned char *list;
-        int found_uncompressed = 0;
-        list = s->session->tlsext_ecpointformatlist;
-        for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) {
-            if (*(list++) == TLSEXT_ECPOINTFORMAT_uncompressed) {
-                found_uncompressed = 1;
-                break;
-            }
-        }
-        if (!found_uncompressed) {
-            SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT,
-                   SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
-            return -1;
-        }
-    }
-    ret = SSL_TLSEXT_ERR_OK;
-# endif                         /* OPENSSL_NO_EC */
-
-    if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
-        ret =
-            s->ctx->tlsext_servername_callback(s, &al,
-                                               s->ctx->tlsext_servername_arg);
-    else if (s->initial_ctx != NULL
-             && s->initial_ctx->tlsext_servername_callback != 0)
-        ret =
-            s->initial_ctx->tlsext_servername_callback(s, &al,
-                                                       s->
-                                                       initial_ctx->tlsext_servername_arg);
-
-# ifdef TLSEXT_TYPE_opaque_prf_input
-    if (s->s3->server_opaque_prf_input_len > 0) {
-        /*
-         * This case may indicate that we, as a client, want to insist on
-         * using opaque PRF inputs. So first verify that we really have a
-         * value from the server too.
-         */
-
-        if (s->s3->server_opaque_prf_input == NULL) {
-            ret = SSL_TLSEXT_ERR_ALERT_FATAL;
-            al = SSL_AD_HANDSHAKE_FAILURE;
-        }
-
-        /*
-         * Anytime the server *has* sent an opaque PRF input, we need to
-         * check that we have a client opaque PRF input of the same size.
-         */
-        if (s->s3->client_opaque_prf_input == NULL ||
-            s->s3->client_opaque_prf_input_len !=
-            s->s3->server_opaque_prf_input_len) {
-            ret = SSL_TLSEXT_ERR_ALERT_FATAL;
-            al = SSL_AD_ILLEGAL_PARAMETER;
-        }
-    }
-# endif
-
-    /*
-     * If we've requested certificate status and we wont get one tell the
-     * callback
-     */
-    if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected)
-        && s->ctx && s->ctx->tlsext_status_cb) {
-        int r;
-        /*
-         * Set resp to NULL, resplen to -1 so callback knows there is no
-         * response.
-         */
-        if (s->tlsext_ocsp_resp) {
-            OPENSSL_free(s->tlsext_ocsp_resp);
-            s->tlsext_ocsp_resp = NULL;
-        }
-        s->tlsext_ocsp_resplen = -1;
-        r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
-        if (r == 0) {
-            al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
-            ret = SSL_TLSEXT_ERR_ALERT_FATAL;
-        }
-        if (r < 0) {
-            al = SSL_AD_INTERNAL_ERROR;
-            ret = SSL_TLSEXT_ERR_ALERT_FATAL;
-        }
-    }
-
-    switch (ret) {
-    case SSL_TLSEXT_ERR_ALERT_FATAL:
-        ssl3_send_alert(s, SSL3_AL_FATAL, al);
-        return -1;
-
-    case SSL_TLSEXT_ERR_ALERT_WARNING:
-        ssl3_send_alert(s, SSL3_AL_WARNING, al);
-        return 1;
-
-    case SSL_TLSEXT_ERR_NOACK:
-        s->servername_done = 0;
-    default:
-        return 1;
-    }
-}
-
-/*-
- * Since the server cache lookup is done early on in the processing of the
- * ClientHello, and other operations depend on the result, we need to handle
- * any TLS session ticket extension at the same time.
- *
- *   session_id: points at the session ID in the ClientHello. This code will
- *       read past the end of this in order to parse out the session ticket
- *       extension, if any.
- *   len: the length of the session ID.
- *   limit: a pointer to the first byte after the ClientHello.
- *   ret: (output) on return, if a ticket was decrypted, then this is set to
- *       point to the resulting session.
- *
- * If s->tls_session_secret_cb is set then we are expecting a pre-shared key
- * ciphersuite, in which case we have no use for session tickets and one will
- * never be decrypted, nor will s->tlsext_ticket_expected be set to 1.
- *
- * Returns:
- *   -1: fatal error, either from parsing or decrypting the ticket.
- *    0: no ticket was found (or was ignored, based on settings).
- *    1: a zero length extension was found, indicating that the client supports
- *       session tickets but doesn't currently have one to offer.
- *    2: either s->tls_session_secret_cb was set, or a ticket was offered but
- *       couldn't be decrypted because of a non-fatal error.
- *    3: a ticket was successfully decrypted and *ret was set.
- *
- * Side effects:
- *   Sets s->tlsext_ticket_expected to 1 if the server will have to issue
- *   a new session ticket to the client because the client indicated support
- *   (and s->tls_session_secret_cb is NULL) but the client either doesn't have
- *   a session ticket or we couldn't use the one it gave us, or if
- *   s->ctx->tlsext_ticket_key_cb asked to renew the client's ticket.
- *   Otherwise, s->tlsext_ticket_expected is set to 0.
- */
-int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
-                        const unsigned char *limit, SSL_SESSION **ret)
-{
-    /* Point after session ID in client hello */
-    const unsigned char *p = session_id + len;
-    unsigned short i;
-
-    *ret = NULL;
-    s->tlsext_ticket_expected = 0;
-
-    /*
-     * If tickets disabled behave as if no ticket present to permit stateful
-     * resumption.
-     */
-    if (SSL_get_options(s) & SSL_OP_NO_TICKET)
-        return 0;
-    if ((s->version <= SSL3_VERSION) || !limit)
-        return 0;
-    if (p >= limit)
-        return -1;
-    /* Skip past DTLS cookie */
-    if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) {
-        i = *(p++);
-        p += i;
-        if (p >= limit)
-            return -1;
-    }
-    /* Skip past cipher list */
-    n2s(p, i);
-    p += i;
-    if (p >= limit)
-        return -1;
-    /* Skip past compression algorithm list */
-    i = *(p++);
-    p += i;
-    if (p > limit)
-        return -1;
-    /* Now at start of extensions */
-    if ((p + 2) >= limit)
-        return 0;
-    n2s(p, i);
-    while ((p + 4) <= limit) {
-        unsigned short type, size;
-        n2s(p, type);
-        n2s(p, size);
-        if (p + size > limit)
-            return 0;
-        if (type == TLSEXT_TYPE_session_ticket) {
-            int r;
-            if (size == 0) {
-                /*
-                 * The client will accept a ticket but doesn't currently have
-                 * one.
-                 */
-                s->tlsext_ticket_expected = 1;
-                return 1;
-            }
-            if (s->tls_session_secret_cb) {
-                /*
-                 * Indicate that the ticket couldn't be decrypted rather than
-                 * generating the session from ticket now, trigger
-                 * abbreviated handshake based on external mechanism to
-                 * calculate the master secret later.
-                 */
-                return 2;
-            }
-            r = tls_decrypt_ticket(s, p, size, session_id, len, ret);
-            switch (r) {
-            case 2:            /* ticket couldn't be decrypted */
-                s->tlsext_ticket_expected = 1;
-                return 2;
-            case 3:            /* ticket was decrypted */
-                return r;
-            case 4:            /* ticket decrypted but need to renew */
-                s->tlsext_ticket_expected = 1;
-                return 3;
-            default:           /* fatal error */
-                return -1;
-            }
-        }
-        p += size;
-    }
-    return 0;
-}
-
-/*-
- * tls_decrypt_ticket attempts to decrypt a session ticket.
- *
- *   etick: points to the body of the session ticket extension.
- *   eticklen: the length of the session tickets extenion.
- *   sess_id: points at the session ID.
- *   sesslen: the length of the session ID.
- *   psess: (output) on return, if a ticket was decrypted, then this is set to
- *       point to the resulting session.
- *
- * Returns:
- *   -1: fatal error, either from parsing or decrypting the ticket.
- *    2: the ticket couldn't be decrypted.
- *    3: a ticket was successfully decrypted and *psess was set.
- *    4: same as 3, but the ticket needs to be renewed.
- */
-static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
-                              int eticklen, const unsigned char *sess_id,
-                              int sesslen, SSL_SESSION **psess)
-{
-    SSL_SESSION *sess;
-    unsigned char *sdec;
-    const unsigned char *p;
-    int slen, mlen, renew_ticket = 0;
-    unsigned char tick_hmac[EVP_MAX_MD_SIZE];
-    HMAC_CTX hctx;
-    EVP_CIPHER_CTX ctx;
-    SSL_CTX *tctx = s->initial_ctx;
-    /* Need at least keyname + iv + some encrypted data */
-    if (eticklen < 48)
-        return 2;
-    /* Initialize session ticket encryption and HMAC contexts */
-    HMAC_CTX_init(&hctx);
-    EVP_CIPHER_CTX_init(&ctx);
-    if (tctx->tlsext_ticket_key_cb) {
-        unsigned char *nctick = (unsigned char *)etick;
-        int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16,
-                                            &ctx, &hctx, 0);
-        if (rv < 0)
-            return -1;
-        if (rv == 0)
-            return 2;
-        if (rv == 2)
-            renew_ticket = 1;
-    } else {
-        /* Check key name matches */
-        if (memcmp(etick, tctx->tlsext_tick_key_name, 16))
-            return 2;
-        if (HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
-                         tlsext_tick_md(), NULL) <= 0
-                || EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
-                                      tctx->tlsext_tick_aes_key,
-                                      etick + 16) <= 0) {
-            goto err;
-       }
-    }
-    /*
-     * Attempt to process session ticket, first conduct sanity and integrity
-     * checks on ticket.
-     */
-    mlen = HMAC_size(&hctx);
-    if (mlen < 0) {
-        goto err;
-    }
-    eticklen -= mlen;
-    /* Check HMAC of encrypted ticket */
-    if (HMAC_Update(&hctx, etick, eticklen) <= 0
-            || HMAC_Final(&hctx, tick_hmac, NULL) <= 0) {
-        goto err;
-    }
-    HMAC_CTX_cleanup(&hctx);
-    if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) {
-        EVP_CIPHER_CTX_cleanup(&ctx);
-        return 2;
-    }
-    /* Attempt to decrypt session data */
-    /* Move p after IV to start of encrypted ticket, update length */
-    p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);
-    eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx);
-    sdec = OPENSSL_malloc(eticklen);
-    if (!sdec || EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen) <= 0) {
-        EVP_CIPHER_CTX_cleanup(&ctx);
-        return -1;
-    }
-    if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) {
-        EVP_CIPHER_CTX_cleanup(&ctx);
-        OPENSSL_free(sdec);
-        return 2;
-    }
-    slen += mlen;
-    EVP_CIPHER_CTX_cleanup(&ctx);
-    p = sdec;
-
-    sess = d2i_SSL_SESSION(NULL, &p, slen);
-    OPENSSL_free(sdec);
-    if (sess) {
-        /*
-         * The session ID, if non-empty, is used by some clients to detect
-         * that the ticket has been accepted. So we copy it to the session
-         * structure. If it is empty set length to zero as required by
-         * standard.
-         */
-        if (sesslen)
-            memcpy(sess->session_id, sess_id, sesslen);
-        sess->session_id_length = sesslen;
-        *psess = sess;
-        if (renew_ticket)
-            return 4;
-        else
-            return 3;
-    }
-    ERR_clear_error();
-    /*
-     * For session parse failure, indicate that we need to send a new ticket.
-     */
-    return 2;
-err:
-    EVP_CIPHER_CTX_cleanup(&ctx);
-    HMAC_CTX_cleanup(&hctx);
-    return -1;
-}
-
-/* Tables to translate from NIDs to TLS v1.2 ids */
-
-typedef struct {
-    int nid;
-    int id;
-} tls12_lookup;
-
-static tls12_lookup tls12_md[] = {
-# ifndef OPENSSL_NO_MD5
-    {NID_md5, TLSEXT_hash_md5},
-# endif
-# ifndef OPENSSL_NO_SHA
-    {NID_sha1, TLSEXT_hash_sha1},
-# endif
-# ifndef OPENSSL_NO_SHA256
-    {NID_sha224, TLSEXT_hash_sha224},
-    {NID_sha256, TLSEXT_hash_sha256},
-# endif
-# ifndef OPENSSL_NO_SHA512
-    {NID_sha384, TLSEXT_hash_sha384},
-    {NID_sha512, TLSEXT_hash_sha512}
-# endif
-};
-
-static tls12_lookup tls12_sig[] = {
-# ifndef OPENSSL_NO_RSA
-    {EVP_PKEY_RSA, TLSEXT_signature_rsa},
-# endif
-# ifndef OPENSSL_NO_DSA
-    {EVP_PKEY_DSA, TLSEXT_signature_dsa},
-# endif
-# ifndef OPENSSL_NO_ECDSA
-    {EVP_PKEY_EC, TLSEXT_signature_ecdsa}
-# endif
-};
-
-static int tls12_find_id(int nid, tls12_lookup *table, size_t tlen)
-{
-    size_t i;
-    for (i = 0; i < tlen; i++) {
-        if (table[i].nid == nid)
-            return table[i].id;
-    }
-    return -1;
-}
-
-# if 0
-static int tls12_find_nid(int id, tls12_lookup *table, size_t tlen)
-{
-    size_t i;
-    for (i = 0; i < tlen; i++) {
-        if (table[i].id == id)
-            return table[i].nid;
-    }
-    return -1;
-}
-# endif
-
-int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
-                         const EVP_MD *md)
-{
-    int sig_id, md_id;
-    if (!md)
-        return 0;
-    md_id = tls12_find_id(EVP_MD_type(md), tls12_md,
-                          sizeof(tls12_md) / sizeof(tls12_lookup));
-    if (md_id == -1)
-        return 0;
-    sig_id = tls12_get_sigid(pk);
-    if (sig_id == -1)
-        return 0;
-    p[0] = (unsigned char)md_id;
-    p[1] = (unsigned char)sig_id;
-    return 1;
-}
-
-int tls12_get_sigid(const EVP_PKEY *pk)
-{
-    return tls12_find_id(pk->type, tls12_sig,
-                         sizeof(tls12_sig) / sizeof(tls12_lookup));
-}
-
-const EVP_MD *tls12_get_hash(unsigned char hash_alg)
-{
-    switch (hash_alg) {
-# ifndef OPENSSL_NO_SHA
-    case TLSEXT_hash_sha1:
-        return EVP_sha1();
-# endif
-# ifndef OPENSSL_NO_SHA256
-    case TLSEXT_hash_sha224:
-        return EVP_sha224();
-
-    case TLSEXT_hash_sha256:
-        return EVP_sha256();
-# endif
-# ifndef OPENSSL_NO_SHA512
-    case TLSEXT_hash_sha384:
-        return EVP_sha384();
-
-    case TLSEXT_hash_sha512:
-        return EVP_sha512();
-# endif
-    default:
-        return NULL;
-
-    }
-}
-
-/* Set preferred digest for each key type */
-
-int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
-{
-    int i, idx;
-    const EVP_MD *md;
-    CERT *c = s->cert;
-    /* Extension ignored for TLS versions below 1.2 */
-    if (TLS1_get_version(s) < TLS1_2_VERSION)
-        return 1;
-    /* Should never happen */
-    if (!c)
-        return 0;
-
-    c->pkeys[SSL_PKEY_DSA_SIGN].digest = NULL;
-    c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL;
-    c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL;
-    c->pkeys[SSL_PKEY_ECC].digest = NULL;
-
-    for (i = 0; i < dsize; i += 2) {
-        unsigned char hash_alg = data[i], sig_alg = data[i + 1];
-
-        switch (sig_alg) {
-# ifndef OPENSSL_NO_RSA
-        case TLSEXT_signature_rsa:
-            idx = SSL_PKEY_RSA_SIGN;
-            break;
-# endif
-# ifndef OPENSSL_NO_DSA
-        case TLSEXT_signature_dsa:
-            idx = SSL_PKEY_DSA_SIGN;
-            break;
-# endif
-# ifndef OPENSSL_NO_ECDSA
-        case TLSEXT_signature_ecdsa:
-            idx = SSL_PKEY_ECC;
-            break;
-# endif
-        default:
-            continue;
-        }
-
-        if (c->pkeys[idx].digest == NULL) {
-            md = tls12_get_hash(hash_alg);
-            if (md) {
-                c->pkeys[idx].digest = md;
-                if (idx == SSL_PKEY_RSA_SIGN)
-                    c->pkeys[SSL_PKEY_RSA_ENC].digest = md;
-            }
-        }
-
-    }
-
-    /*
-     * Set any remaining keys to default values. NOTE: if alg is not
-     * supported it stays as NULL.
-     */
-# ifndef OPENSSL_NO_DSA
-    if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest)
-        c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
-# endif
-# ifndef OPENSSL_NO_RSA
-    if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest) {
-        c->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
-        c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
-    }
-# endif
-# ifndef OPENSSL_NO_ECDSA
-    if (!c->pkeys[SSL_PKEY_ECC].digest)
-        c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
-# endif
-    return 1;
-}
-
-#endif
-
-#ifndef OPENSSL_NO_HEARTBEATS
-int tls1_process_heartbeat(SSL *s)
-{
-    unsigned char *p = &s->s3->rrec.data[0], *pl;
-    unsigned short hbtype;
-    unsigned int payload;
-    unsigned int padding = 16;  /* Use minimum padding */
-
-    if (s->msg_callback)
-        s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
-                        &s->s3->rrec.data[0], s->s3->rrec.length,
-                        s, s->msg_callback_arg);
-
-    /* Read type and payload length first */
-    if (1 + 2 + 16 > s->s3->rrec.length)
-        return 0;               /* silently discard */
-    hbtype = *p++;
-    n2s(p, payload);
-    if (1 + 2 + payload + 16 > s->s3->rrec.length)
-        return 0;               /* silently discard per RFC 6520 sec. 4 */
-    pl = p;
-
-    if (hbtype == TLS1_HB_REQUEST) {
-        unsigned char *buffer, *bp;
-        int r;
-
-        /*
-         * Allocate memory for the response, size is 1 bytes message type,
-         * plus 2 bytes payload length, plus payload, plus padding
-         */
-        buffer = OPENSSL_malloc(1 + 2 + payload + padding);
-        bp = buffer;
-
-        /* Enter response type, length and copy payload */
-        *bp++ = TLS1_HB_RESPONSE;
-        s2n(payload, bp);
-        memcpy(bp, pl, payload);
-        bp += payload;
-        /* Random padding */
-        if (RAND_pseudo_bytes(bp, padding) < 0) {
-            OPENSSL_free(buffer);
-            return -1;
-        }
-
-        r = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buffer,
-                             3 + payload + padding);
-
-        if (r >= 0 && s->msg_callback)
-            s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
-                            buffer, 3 + payload + padding,
-                            s, s->msg_callback_arg);
-
-        OPENSSL_free(buffer);
-
-        if (r < 0)
-            return r;
-    } else if (hbtype == TLS1_HB_RESPONSE) {
-        unsigned int seq;
-
-        /*
-         * We only send sequence numbers (2 bytes unsigned int), and 16
-         * random bytes, so we just try to read the sequence number
-         */
-        n2s(pl, seq);
-
-        if (payload == 18 && seq == s->tlsext_hb_seq) {
-            s->tlsext_hb_seq++;
-            s->tlsext_hb_pending = 0;
-        }
-    }
-
-    return 0;
-}
-
-int tls1_heartbeat(SSL *s)
-{
-    unsigned char *buf, *p;
-    int ret = -1;
-    unsigned int payload = 18;  /* Sequence number + random bytes */
-    unsigned int padding = 16;  /* Use minimum padding */
-
-    /* Only send if peer supports and accepts HB requests... */
-    if (!(s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) ||
-        s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS) {
-        SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT);
-        return -1;
-    }
-
-    /* ...and there is none in flight yet... */
-    if (s->tlsext_hb_pending) {
-        SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PENDING);
-        return -1;
-    }
-
-    /* ...and no handshake in progress. */
-    if (SSL_in_init(s) || s->in_handshake) {
-        SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_UNEXPECTED_MESSAGE);
-        return -1;
-    }
-
-    /*
-     * Check if padding is too long, payload and padding must not exceed 2^14
-     * - 3 = 16381 bytes in total.
-     */
-    OPENSSL_assert(payload + padding <= 16381);
-
-    /*-
-     * Create HeartBeat message, we just use a sequence number
-     * as payload to distuingish different messages and add
-     * some random stuff.
-     *  - Message Type, 1 byte
-     *  - Payload Length, 2 bytes (unsigned int)
-     *  - Payload, the sequence number (2 bytes uint)
-     *  - Payload, random bytes (16 bytes uint)
-     *  - Padding
-     */
-    buf = OPENSSL_malloc(1 + 2 + payload + padding);
-    p = buf;
-    /* Message Type */
-    *p++ = TLS1_HB_REQUEST;
-    /* Payload length (18 bytes here) */
-    s2n(payload, p);
-    /* Sequence number */
-    s2n(s->tlsext_hb_seq, p);
-    /* 16 random bytes */
-    if (RAND_pseudo_bytes(p, 16) < 0) {
-        SSLerr(SSL_F_TLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-    p += 16;
-    /* Random padding */
-    if (RAND_pseudo_bytes(p, padding) < 0) {
-        SSLerr(SSL_F_TLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR);
-        goto err;
-    }
-
-    ret = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding);
-    if (ret >= 0) {
-        if (s->msg_callback)
-            s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
-                            buf, 3 + payload + padding,
-                            s, s->msg_callback_arg);
-
-        s->tlsext_hb_pending = 1;
-    }
-
-err:
-    OPENSSL_free(buf);
-
-    return ret;
-}
-#endif

Copied: vendor-crypto/openssl/1.0.1u/ssl/t1_lib.c (from rev 11605, vendor-crypto/openssl/dist/ssl/t1_lib.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/ssl/t1_lib.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/ssl/t1_lib.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,2725 @@
+/* ssl/t1_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay at cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/ocsp.h>
+#include <openssl/rand.h>
+#include "ssl_locl.h"
+
+const char tls1_version_str[] = "TLSv1" OPENSSL_VERSION_PTEXT;
+
+#ifndef OPENSSL_NO_TLSEXT
+static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen,
+                              const unsigned char *sess_id, int sesslen,
+                              SSL_SESSION **psess);
+#endif
+
+SSL3_ENC_METHOD TLSv1_enc_data = {
+    tls1_enc,
+    tls1_mac,
+    tls1_setup_key_block,
+    tls1_generate_master_secret,
+    tls1_change_cipher_state,
+    tls1_final_finish_mac,
+    TLS1_FINISH_MAC_LENGTH,
+    tls1_cert_verify_mac,
+    TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
+    TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
+    tls1_alert_code,
+    tls1_export_keying_material,
+};
+
+long tls1_default_timeout(void)
+{
+    /*
+     * 2 hours, the 24 hours mentioned in the TLSv1 spec is way too long for
+     * http, the cache would over fill
+     */
+    return (60 * 60 * 2);
+}
+
+int tls1_new(SSL *s)
+{
+    if (!ssl3_new(s))
+        return (0);
+    s->method->ssl_clear(s);
+    return (1);
+}
+
+void tls1_free(SSL *s)
+{
+#ifndef OPENSSL_NO_TLSEXT
+    if (s->tlsext_session_ticket) {
+        OPENSSL_free(s->tlsext_session_ticket);
+    }
+#endif                          /* OPENSSL_NO_TLSEXT */
+    ssl3_free(s);
+}
+
+void tls1_clear(SSL *s)
+{
+    ssl3_clear(s);
+    s->version = s->method->version;
+}
+
+#ifndef OPENSSL_NO_EC
+
+static int nid_list[] = {
+    NID_sect163k1,              /* sect163k1 (1) */
+    NID_sect163r1,              /* sect163r1 (2) */
+    NID_sect163r2,              /* sect163r2 (3) */
+    NID_sect193r1,              /* sect193r1 (4) */
+    NID_sect193r2,              /* sect193r2 (5) */
+    NID_sect233k1,              /* sect233k1 (6) */
+    NID_sect233r1,              /* sect233r1 (7) */
+    NID_sect239k1,              /* sect239k1 (8) */
+    NID_sect283k1,              /* sect283k1 (9) */
+    NID_sect283r1,              /* sect283r1 (10) */
+    NID_sect409k1,              /* sect409k1 (11) */
+    NID_sect409r1,              /* sect409r1 (12) */
+    NID_sect571k1,              /* sect571k1 (13) */
+    NID_sect571r1,              /* sect571r1 (14) */
+    NID_secp160k1,              /* secp160k1 (15) */
+    NID_secp160r1,              /* secp160r1 (16) */
+    NID_secp160r2,              /* secp160r2 (17) */
+    NID_secp192k1,              /* secp192k1 (18) */
+    NID_X9_62_prime192v1,       /* secp192r1 (19) */
+    NID_secp224k1,              /* secp224k1 (20) */
+    NID_secp224r1,              /* secp224r1 (21) */
+    NID_secp256k1,              /* secp256k1 (22) */
+    NID_X9_62_prime256v1,       /* secp256r1 (23) */
+    NID_secp384r1,              /* secp384r1 (24) */
+    NID_secp521r1               /* secp521r1 (25) */
+};
+
+static int pref_list[] = {
+# ifndef OPENSSL_NO_EC2M
+    NID_sect571r1,              /* sect571r1 (14) */
+    NID_sect571k1,              /* sect571k1 (13) */
+# endif
+    NID_secp521r1,              /* secp521r1 (25) */
+# ifndef OPENSSL_NO_EC2M
+    NID_sect409k1,              /* sect409k1 (11) */
+    NID_sect409r1,              /* sect409r1 (12) */
+# endif
+    NID_secp384r1,              /* secp384r1 (24) */
+# ifndef OPENSSL_NO_EC2M
+    NID_sect283k1,              /* sect283k1 (9) */
+    NID_sect283r1,              /* sect283r1 (10) */
+# endif
+    NID_secp256k1,              /* secp256k1 (22) */
+    NID_X9_62_prime256v1,       /* secp256r1 (23) */
+# ifndef OPENSSL_NO_EC2M
+    NID_sect239k1,              /* sect239k1 (8) */
+    NID_sect233k1,              /* sect233k1 (6) */
+    NID_sect233r1,              /* sect233r1 (7) */
+# endif
+    NID_secp224k1,              /* secp224k1 (20) */
+    NID_secp224r1,              /* secp224r1 (21) */
+# ifndef OPENSSL_NO_EC2M
+    NID_sect193r1,              /* sect193r1 (4) */
+    NID_sect193r2,              /* sect193r2 (5) */
+# endif
+    NID_secp192k1,              /* secp192k1 (18) */
+    NID_X9_62_prime192v1,       /* secp192r1 (19) */
+# ifndef OPENSSL_NO_EC2M
+    NID_sect163k1,              /* sect163k1 (1) */
+    NID_sect163r1,              /* sect163r1 (2) */
+    NID_sect163r2,              /* sect163r2 (3) */
+# endif
+    NID_secp160k1,              /* secp160k1 (15) */
+    NID_secp160r1,              /* secp160r1 (16) */
+    NID_secp160r2,              /* secp160r2 (17) */
+};
+
+int tls1_ec_curve_id2nid(int curve_id)
+{
+    /* ECC curves from RFC 4492 */
+    if ((curve_id < 1) || ((unsigned int)curve_id >
+                           sizeof(nid_list) / sizeof(nid_list[0])))
+        return 0;
+    return nid_list[curve_id - 1];
+}
+
+int tls1_ec_nid2curve_id(int nid)
+{
+    /* ECC curves from RFC 4492 */
+    switch (nid) {
+    case NID_sect163k1:        /* sect163k1 (1) */
+        return 1;
+    case NID_sect163r1:        /* sect163r1 (2) */
+        return 2;
+    case NID_sect163r2:        /* sect163r2 (3) */
+        return 3;
+    case NID_sect193r1:        /* sect193r1 (4) */
+        return 4;
+    case NID_sect193r2:        /* sect193r2 (5) */
+        return 5;
+    case NID_sect233k1:        /* sect233k1 (6) */
+        return 6;
+    case NID_sect233r1:        /* sect233r1 (7) */
+        return 7;
+    case NID_sect239k1:        /* sect239k1 (8) */
+        return 8;
+    case NID_sect283k1:        /* sect283k1 (9) */
+        return 9;
+    case NID_sect283r1:        /* sect283r1 (10) */
+        return 10;
+    case NID_sect409k1:        /* sect409k1 (11) */
+        return 11;
+    case NID_sect409r1:        /* sect409r1 (12) */
+        return 12;
+    case NID_sect571k1:        /* sect571k1 (13) */
+        return 13;
+    case NID_sect571r1:        /* sect571r1 (14) */
+        return 14;
+    case NID_secp160k1:        /* secp160k1 (15) */
+        return 15;
+    case NID_secp160r1:        /* secp160r1 (16) */
+        return 16;
+    case NID_secp160r2:        /* secp160r2 (17) */
+        return 17;
+    case NID_secp192k1:        /* secp192k1 (18) */
+        return 18;
+    case NID_X9_62_prime192v1: /* secp192r1 (19) */
+        return 19;
+    case NID_secp224k1:        /* secp224k1 (20) */
+        return 20;
+    case NID_secp224r1:        /* secp224r1 (21) */
+        return 21;
+    case NID_secp256k1:        /* secp256k1 (22) */
+        return 22;
+    case NID_X9_62_prime256v1: /* secp256r1 (23) */
+        return 23;
+    case NID_secp384r1:        /* secp384r1 (24) */
+        return 24;
+    case NID_secp521r1:        /* secp521r1 (25) */
+        return 25;
+    default:
+        return 0;
+    }
+}
+#endif                          /* OPENSSL_NO_EC */
+
+#ifndef OPENSSL_NO_TLSEXT
+
+/*
+ * List of supported signature algorithms and hashes. Should make this
+ * customisable at some point, for now include everything we support.
+ */
+
+# ifdef OPENSSL_NO_RSA
+#  define tlsext_sigalg_rsa(md) /* */
+# else
+#  define tlsext_sigalg_rsa(md) md, TLSEXT_signature_rsa,
+# endif
+
+# ifdef OPENSSL_NO_DSA
+#  define tlsext_sigalg_dsa(md) /* */
+# else
+#  define tlsext_sigalg_dsa(md) md, TLSEXT_signature_dsa,
+# endif
+
+# ifdef OPENSSL_NO_ECDSA
+#  define tlsext_sigalg_ecdsa(md)
+                                /* */
+# else
+#  define tlsext_sigalg_ecdsa(md) md, TLSEXT_signature_ecdsa,
+# endif
+
+# define tlsext_sigalg(md) \
+                tlsext_sigalg_rsa(md) \
+                tlsext_sigalg_dsa(md) \
+                tlsext_sigalg_ecdsa(md)
+
+static unsigned char tls12_sigalgs[] = {
+# ifndef OPENSSL_NO_SHA512
+    tlsext_sigalg(TLSEXT_hash_sha512)
+        tlsext_sigalg(TLSEXT_hash_sha384)
+# endif
+# ifndef OPENSSL_NO_SHA256
+        tlsext_sigalg(TLSEXT_hash_sha256)
+        tlsext_sigalg(TLSEXT_hash_sha224)
+# endif
+# ifndef OPENSSL_NO_SHA
+        tlsext_sigalg(TLSEXT_hash_sha1)
+# endif
+};
+
+int tls12_get_req_sig_algs(SSL *s, unsigned char *p)
+{
+    size_t slen = sizeof(tls12_sigalgs);
+    if (p)
+        memcpy(p, tls12_sigalgs, slen);
+    return (int)slen;
+}
+
+unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
+                                          unsigned char *limit)
+{
+    int extdatalen = 0;
+    unsigned char *orig = buf;
+    unsigned char *ret = buf;
+
+    /* don't add extensions for SSLv3 unless doing secure renegotiation */
+    if (s->client_version == SSL3_VERSION && !s->s3->send_connection_binding)
+        return orig;
+
+    ret += 2;
+
+    if (ret >= limit)
+        return NULL;            /* this really never occurs, but ... */
+
+    if (s->tlsext_hostname != NULL) {
+        /* Add TLS extension servername to the Client Hello message */
+        unsigned long size_str;
+        long lenmax;
+
+        /*-
+         * check for enough space.
+         * 4 for the servername type and entension length
+         * 2 for servernamelist length
+         * 1 for the hostname type
+         * 2 for hostname length
+         * + hostname length
+         */
+
+        if ((lenmax = limit - ret - 9) < 0
+            || (size_str =
+                strlen(s->tlsext_hostname)) > (unsigned long)lenmax)
+            return NULL;
+
+        /* extension type and length */
+        s2n(TLSEXT_TYPE_server_name, ret);
+        s2n(size_str + 5, ret);
+
+        /* length of servername list */
+        s2n(size_str + 3, ret);
+
+        /* hostname type, length and hostname */
+        *(ret++) = (unsigned char)TLSEXT_NAMETYPE_host_name;
+        s2n(size_str, ret);
+        memcpy(ret, s->tlsext_hostname, size_str);
+        ret += size_str;
+    }
+
+    /* Add RI if renegotiating */
+    if (s->renegotiate) {
+        int el;
+
+        if (!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) {
+            SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+            return NULL;
+        }
+
+        if ((limit - ret - 4 - el) < 0)
+            return NULL;
+
+        s2n(TLSEXT_TYPE_renegotiate, ret);
+        s2n(el, ret);
+
+        if (!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) {
+            SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+            return NULL;
+        }
+
+        ret += el;
+    }
+# ifndef OPENSSL_NO_SRP
+    /* Add SRP username if there is one */
+    if (s->srp_ctx.login != NULL) { /* Add TLS extension SRP username to the
+                                     * Client Hello message */
+
+        int login_len = strlen(s->srp_ctx.login);
+        if (login_len > 255 || login_len == 0) {
+            SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+            return NULL;
+        }
+
+        /*-
+         * check for enough space.
+         * 4 for the srp type type and entension length
+         * 1 for the srp user identity
+         * + srp user identity length
+         */
+        if ((limit - ret - 5 - login_len) < 0)
+            return NULL;
+
+        /* fill in the extension */
+        s2n(TLSEXT_TYPE_srp, ret);
+        s2n(login_len + 1, ret);
+        (*ret++) = (unsigned char)login_len;
+        memcpy(ret, s->srp_ctx.login, login_len);
+        ret += login_len;
+    }
+# endif
+
+# ifndef OPENSSL_NO_EC
+    if (s->tlsext_ecpointformatlist != NULL) {
+        /*
+         * Add TLS extension ECPointFormats to the ClientHello message
+         */
+        long lenmax;
+
+        if ((lenmax = limit - ret - 5) < 0)
+            return NULL;
+        if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax)
+            return NULL;
+        if (s->tlsext_ecpointformatlist_length > 255) {
+            SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+            return NULL;
+        }
+
+        s2n(TLSEXT_TYPE_ec_point_formats, ret);
+        s2n(s->tlsext_ecpointformatlist_length + 1, ret);
+        *(ret++) = (unsigned char)s->tlsext_ecpointformatlist_length;
+        memcpy(ret, s->tlsext_ecpointformatlist,
+               s->tlsext_ecpointformatlist_length);
+        ret += s->tlsext_ecpointformatlist_length;
+    }
+    if (s->tlsext_ellipticcurvelist != NULL) {
+        /*
+         * Add TLS extension EllipticCurves to the ClientHello message
+         */
+        long lenmax;
+
+        if ((lenmax = limit - ret - 6) < 0)
+            return NULL;
+        if (s->tlsext_ellipticcurvelist_length > (unsigned long)lenmax)
+            return NULL;
+        if (s->tlsext_ellipticcurvelist_length > 65532) {
+            SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+            return NULL;
+        }
+
+        s2n(TLSEXT_TYPE_elliptic_curves, ret);
+        s2n(s->tlsext_ellipticcurvelist_length + 2, ret);
+
+        s2n(s->tlsext_ellipticcurvelist_length, ret);
+        memcpy(ret, s->tlsext_ellipticcurvelist,
+               s->tlsext_ellipticcurvelist_length);
+        ret += s->tlsext_ellipticcurvelist_length;
+    }
+# endif                         /* OPENSSL_NO_EC */
+
+    if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) {
+        int ticklen;
+        if (!s->new_session && s->session && s->session->tlsext_tick)
+            ticklen = s->session->tlsext_ticklen;
+        else if (s->session && s->tlsext_session_ticket &&
+                 s->tlsext_session_ticket->data) {
+            ticklen = s->tlsext_session_ticket->length;
+            s->session->tlsext_tick = OPENSSL_malloc(ticklen);
+            if (!s->session->tlsext_tick)
+                return NULL;
+            memcpy(s->session->tlsext_tick,
+                   s->tlsext_session_ticket->data, ticklen);
+            s->session->tlsext_ticklen = ticklen;
+        } else
+            ticklen = 0;
+        if (ticklen == 0 && s->tlsext_session_ticket &&
+            s->tlsext_session_ticket->data == NULL)
+            goto skip_ext;
+        /*
+         * Check for enough room 2 for extension type, 2 for len rest for
+         * ticket
+         */
+        if ((long)(limit - ret - 4 - ticklen) < 0)
+            return NULL;
+        s2n(TLSEXT_TYPE_session_ticket, ret);
+        s2n(ticklen, ret);
+        if (ticklen) {
+            memcpy(ret, s->session->tlsext_tick, ticklen);
+            ret += ticklen;
+        }
+    }
+ skip_ext:
+
+    if (TLS1_get_client_version(s) >= TLS1_2_VERSION) {
+        if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6)
+            return NULL;
+        s2n(TLSEXT_TYPE_signature_algorithms, ret);
+        s2n(sizeof(tls12_sigalgs) + 2, ret);
+        s2n(sizeof(tls12_sigalgs), ret);
+        memcpy(ret, tls12_sigalgs, sizeof(tls12_sigalgs));
+        ret += sizeof(tls12_sigalgs);
+    }
+# ifdef TLSEXT_TYPE_opaque_prf_input
+    if (s->s3->client_opaque_prf_input != NULL && s->version != DTLS1_VERSION) {
+        size_t col = s->s3->client_opaque_prf_input_len;
+
+        if ((long)(limit - ret - 6 - col < 0))
+            return NULL;
+        if (col > 0xFFFD)       /* can't happen */
+            return NULL;
+
+        s2n(TLSEXT_TYPE_opaque_prf_input, ret);
+        s2n(col + 2, ret);
+        s2n(col, ret);
+        memcpy(ret, s->s3->client_opaque_prf_input, col);
+        ret += col;
+    }
+# endif
+
+    if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&
+        s->version != DTLS1_VERSION) {
+        int i;
+        long extlen, idlen, itmp;
+        OCSP_RESPID *id;
+
+        idlen = 0;
+        for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) {
+            id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
+            itmp = i2d_OCSP_RESPID(id, NULL);
+            if (itmp <= 0)
+                return NULL;
+            idlen += itmp + 2;
+        }
+
+        if (s->tlsext_ocsp_exts) {
+            extlen = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL);
+            if (extlen < 0)
+                return NULL;
+        } else
+            extlen = 0;
+
+        if ((long)(limit - ret - 7 - extlen - idlen) < 0)
+            return NULL;
+        s2n(TLSEXT_TYPE_status_request, ret);
+        if (extlen + idlen > 0xFFF0)
+            return NULL;
+        s2n(extlen + idlen + 5, ret);
+        *(ret++) = TLSEXT_STATUSTYPE_ocsp;
+        s2n(idlen, ret);
+        for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) {
+            /* save position of id len */
+            unsigned char *q = ret;
+            id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
+            /* skip over id len */
+            ret += 2;
+            itmp = i2d_OCSP_RESPID(id, &ret);
+            /* write id len */
+            s2n(itmp, q);
+        }
+        s2n(extlen, ret);
+        if (extlen > 0)
+            i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret);
+    }
+# ifndef OPENSSL_NO_HEARTBEATS
+    /* Add Heartbeat extension */
+    if ((limit - ret - 4 - 1) < 0)
+        return NULL;
+    s2n(TLSEXT_TYPE_heartbeat, ret);
+    s2n(1, ret);
+    /*-
+     * Set mode:
+     * 1: peer may send requests
+     * 2: peer not allowed to send requests
+     */
+    if (s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_RECV_REQUESTS)
+        *(ret++) = SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
+    else
+        *(ret++) = SSL_TLSEXT_HB_ENABLED;
+# endif
+
+# ifndef OPENSSL_NO_NEXTPROTONEG
+    if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) {
+        /*
+         * The client advertises an emtpy extension to indicate its support
+         * for Next Protocol Negotiation
+         */
+        if (limit - ret - 4 < 0)
+            return NULL;
+        s2n(TLSEXT_TYPE_next_proto_neg, ret);
+        s2n(0, ret);
+    }
+# endif
+
+# ifndef OPENSSL_NO_SRTP
+    if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)) {
+        int el;
+
+        ssl_add_clienthello_use_srtp_ext(s, 0, &el, 0);
+
+        if ((limit - ret - 4 - el) < 0)
+            return NULL;
+
+        s2n(TLSEXT_TYPE_use_srtp, ret);
+        s2n(el, ret);
+
+        if (ssl_add_clienthello_use_srtp_ext(s, ret, &el, el)) {
+            SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+            return NULL;
+        }
+        ret += el;
+    }
+# endif
+    /*
+     * Add padding to workaround bugs in F5 terminators. See
+     * https://tools.ietf.org/html/draft-agl-tls-padding-03 NB: because this
+     * code works out the length of all existing extensions it MUST always
+     * appear last.
+     */
+    if (s->options & SSL_OP_TLSEXT_PADDING) {
+        int hlen = ret - (unsigned char *)s->init_buf->data;
+        /*
+         * The code in s23_clnt.c to build ClientHello messages includes the
+         * 5-byte record header in the buffer, while the code in s3_clnt.c
+         * does not.
+         */
+        if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
+            hlen -= 5;
+        if (hlen > 0xff && hlen < 0x200) {
+            hlen = 0x200 - hlen;
+            if (hlen >= 4)
+                hlen -= 4;
+            else
+                hlen = 0;
+
+            s2n(TLSEXT_TYPE_padding, ret);
+            s2n(hlen, ret);
+            memset(ret, 0, hlen);
+            ret += hlen;
+        }
+    }
+
+    if ((extdatalen = ret - orig - 2) == 0)
+        return orig;
+
+    s2n(extdatalen, orig);
+    return ret;
+}
+
+unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
+                                          unsigned char *limit)
+{
+    int extdatalen = 0;
+    unsigned char *orig = buf;
+    unsigned char *ret = buf;
+# ifndef OPENSSL_NO_NEXTPROTONEG
+    int next_proto_neg_seen;
+# endif
+
+    /*
+     * don't add extensions for SSLv3, unless doing secure renegotiation
+     */
+    if (s->version == SSL3_VERSION && !s->s3->send_connection_binding)
+        return orig;
+
+    ret += 2;
+    if (ret >= limit)
+        return NULL;            /* this really never occurs, but ... */
+
+    if (!s->hit && s->servername_done == 1
+        && s->session->tlsext_hostname != NULL) {
+        if ((long)(limit - ret - 4) < 0)
+            return NULL;
+
+        s2n(TLSEXT_TYPE_server_name, ret);
+        s2n(0, ret);
+    }
+
+    if (s->s3->send_connection_binding) {
+        int el;
+
+        if (!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) {
+            SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+            return NULL;
+        }
+
+        if ((limit - ret - 4 - el) < 0)
+            return NULL;
+
+        s2n(TLSEXT_TYPE_renegotiate, ret);
+        s2n(el, ret);
+
+        if (!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) {
+            SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+            return NULL;
+        }
+
+        ret += el;
+    }
+# ifndef OPENSSL_NO_EC
+    if (s->tlsext_ecpointformatlist != NULL) {
+        /*
+         * Add TLS extension ECPointFormats to the ServerHello message
+         */
+        long lenmax;
+
+        if ((lenmax = limit - ret - 5) < 0)
+            return NULL;
+        if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax)
+            return NULL;
+        if (s->tlsext_ecpointformatlist_length > 255) {
+            SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+            return NULL;
+        }
+
+        s2n(TLSEXT_TYPE_ec_point_formats, ret);
+        s2n(s->tlsext_ecpointformatlist_length + 1, ret);
+        *(ret++) = (unsigned char)s->tlsext_ecpointformatlist_length;
+        memcpy(ret, s->tlsext_ecpointformatlist,
+               s->tlsext_ecpointformatlist_length);
+        ret += s->tlsext_ecpointformatlist_length;
+
+    }
+    /*
+     * Currently the server should not respond with a SupportedCurves
+     * extension
+     */
+# endif                         /* OPENSSL_NO_EC */
+
+    if (s->tlsext_ticket_expected && !(SSL_get_options(s) & SSL_OP_NO_TICKET)) {
+        if ((long)(limit - ret - 4) < 0)
+            return NULL;
+        s2n(TLSEXT_TYPE_session_ticket, ret);
+        s2n(0, ret);
+    }
+
+    if (s->tlsext_status_expected) {
+        if ((long)(limit - ret - 4) < 0)
+            return NULL;
+        s2n(TLSEXT_TYPE_status_request, ret);
+        s2n(0, ret);
+    }
+# ifdef TLSEXT_TYPE_opaque_prf_input
+    if (s->s3->server_opaque_prf_input != NULL && s->version != DTLS1_VERSION) {
+        size_t sol = s->s3->server_opaque_prf_input_len;
+
+        if ((long)(limit - ret - 6 - sol) < 0)
+            return NULL;
+        if (sol > 0xFFFD)       /* can't happen */
+            return NULL;
+
+        s2n(TLSEXT_TYPE_opaque_prf_input, ret);
+        s2n(sol + 2, ret);
+        s2n(sol, ret);
+        memcpy(ret, s->s3->server_opaque_prf_input, sol);
+        ret += sol;
+    }
+# endif
+
+# ifndef OPENSSL_NO_SRTP
+    if (SSL_IS_DTLS(s) && s->srtp_profile) {
+        int el;
+
+        ssl_add_serverhello_use_srtp_ext(s, 0, &el, 0);
+
+        if ((limit - ret - 4 - el) < 0)
+            return NULL;
+
+        s2n(TLSEXT_TYPE_use_srtp, ret);
+        s2n(el, ret);
+
+        if (ssl_add_serverhello_use_srtp_ext(s, ret, &el, el)) {
+            SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+            return NULL;
+        }
+        ret += el;
+    }
+# endif
+
+    if (((s->s3->tmp.new_cipher->id & 0xFFFF) == 0x80
+         || (s->s3->tmp.new_cipher->id & 0xFFFF) == 0x81)
+        && (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG)) {
+        const unsigned char cryptopro_ext[36] = {
+            0xfd, 0xe8,         /* 65000 */
+            0x00, 0x20,         /* 32 bytes length */
+            0x30, 0x1e, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85,
+            0x03, 0x02, 0x02, 0x09, 0x30, 0x08, 0x06, 0x06,
+            0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08,
+            0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17
+        };
+        if (limit - ret < 36)
+            return NULL;
+        memcpy(ret, cryptopro_ext, 36);
+        ret += 36;
+
+    }
+# ifndef OPENSSL_NO_HEARTBEATS
+    /* Add Heartbeat extension if we've received one */
+    if (s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) {
+        if ((limit - ret - 4 - 1) < 0)
+            return NULL;
+        s2n(TLSEXT_TYPE_heartbeat, ret);
+        s2n(1, ret);
+        /*-
+         * Set mode:
+         * 1: peer may send requests
+         * 2: peer not allowed to send requests
+         */
+        if (s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_RECV_REQUESTS)
+            *(ret++) = SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
+        else
+            *(ret++) = SSL_TLSEXT_HB_ENABLED;
+
+    }
+# endif
+
+# ifndef OPENSSL_NO_NEXTPROTONEG
+    next_proto_neg_seen = s->s3->next_proto_neg_seen;
+    s->s3->next_proto_neg_seen = 0;
+    if (next_proto_neg_seen && s->ctx->next_protos_advertised_cb) {
+        const unsigned char *npa;
+        unsigned int npalen;
+        int r;
+
+        r = s->ctx->next_protos_advertised_cb(s, &npa, &npalen,
+                                              s->
+                                              ctx->next_protos_advertised_cb_arg);
+        if (r == SSL_TLSEXT_ERR_OK) {
+            if ((long)(limit - ret - 4 - npalen) < 0)
+                return NULL;
+            s2n(TLSEXT_TYPE_next_proto_neg, ret);
+            s2n(npalen, ret);
+            memcpy(ret, npa, npalen);
+            ret += npalen;
+            s->s3->next_proto_neg_seen = 1;
+        }
+    }
+# endif
+
+    if ((extdatalen = ret - orig - 2) == 0)
+        return orig;
+
+    s2n(extdatalen, orig);
+    return ret;
+}
+
+# ifndef OPENSSL_NO_EC
+/*-
+ * ssl_check_for_safari attempts to fingerprint Safari using OS X
+ * SecureTransport using the TLS extension block in |d|, of length |n|.
+ * Safari, since 10.6, sends exactly these extensions, in this order:
+ *   SNI,
+ *   elliptic_curves
+ *   ec_point_formats
+ *
+ * We wish to fingerprint Safari because they broke ECDHE-ECDSA support in 10.8,
+ * but they advertise support. So enabling ECDHE-ECDSA ciphers breaks them.
+ * Sadly we cannot differentiate 10.6, 10.7 and 10.8.4 (which work), from
+ * 10.8..10.8.3 (which don't work).
+ */
+static void ssl_check_for_safari(SSL *s, const unsigned char *data,
+                                 const unsigned char *limit)
+{
+    unsigned short type, size;
+    static const unsigned char kSafariExtensionsBlock[] = {
+        0x00, 0x0a,             /* elliptic_curves extension */
+        0x00, 0x08,             /* 8 bytes */
+        0x00, 0x06,             /* 6 bytes of curve ids */
+        0x00, 0x17,             /* P-256 */
+        0x00, 0x18,             /* P-384 */
+        0x00, 0x19,             /* P-521 */
+
+        0x00, 0x0b,             /* ec_point_formats */
+        0x00, 0x02,             /* 2 bytes */
+        0x01,                   /* 1 point format */
+        0x00,                   /* uncompressed */
+    };
+
+    /* The following is only present in TLS 1.2 */
+    static const unsigned char kSafariTLS12ExtensionsBlock[] = {
+        0x00, 0x0d,             /* signature_algorithms */
+        0x00, 0x0c,             /* 12 bytes */
+        0x00, 0x0a,             /* 10 bytes */
+        0x05, 0x01,             /* SHA-384/RSA */
+        0x04, 0x01,             /* SHA-256/RSA */
+        0x02, 0x01,             /* SHA-1/RSA */
+        0x04, 0x03,             /* SHA-256/ECDSA */
+        0x02, 0x03,             /* SHA-1/ECDSA */
+    };
+
+    if (limit - data <= 2)
+        return;
+    data += 2;
+
+    if (limit - data < 4)
+        return;
+    n2s(data, type);
+    n2s(data, size);
+
+    if (type != TLSEXT_TYPE_server_name)
+        return;
+
+    if (limit - data < size)
+        return;
+    data += size;
+
+    if (TLS1_get_client_version(s) >= TLS1_2_VERSION) {
+        const size_t len1 = sizeof(kSafariExtensionsBlock);
+        const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock);
+
+        if (limit - data != (int)(len1 + len2))
+            return;
+        if (memcmp(data, kSafariExtensionsBlock, len1) != 0)
+            return;
+        if (memcmp(data + len1, kSafariTLS12ExtensionsBlock, len2) != 0)
+            return;
+    } else {
+        const size_t len = sizeof(kSafariExtensionsBlock);
+
+        if (limit - data != (int)(len))
+            return;
+        if (memcmp(data, kSafariExtensionsBlock, len) != 0)
+            return;
+    }
+
+    s->s3->is_probably_safari = 1;
+}
+# endif                         /* !OPENSSL_NO_EC */
+
+int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p,
+                                 unsigned char *limit, int *al)
+{
+    unsigned short type;
+    unsigned short size;
+    unsigned short len;
+    unsigned char *data = *p;
+    int renegotiate_seen = 0;
+    int sigalg_seen = 0;
+
+    s->servername_done = 0;
+    s->tlsext_status_type = -1;
+# ifndef OPENSSL_NO_NEXTPROTONEG
+    s->s3->next_proto_neg_seen = 0;
+# endif
+
+# ifndef OPENSSL_NO_HEARTBEATS
+    s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED |
+                             SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
+# endif
+
+# ifndef OPENSSL_NO_EC
+    if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
+        ssl_check_for_safari(s, data, limit);
+# endif                         /* !OPENSSL_NO_EC */
+
+# ifndef OPENSSL_NO_SRP
+    if (s->srp_ctx.login != NULL) {
+        OPENSSL_free(s->srp_ctx.login);
+        s->srp_ctx.login = NULL;
+    }
+# endif
+
+    s->srtp_profile = NULL;
+
+    if (data == limit)
+        goto ri_check;
+
+    if (limit - data < 2)
+        goto err;
+
+    n2s(data, len);
+
+    if (limit - data != len)
+        goto err;
+
+    while (limit - data >= 4) {
+        n2s(data, type);
+        n2s(data, size);
+
+        if (limit - data < size)
+            goto err;
+# if 0
+        fprintf(stderr, "Received extension type %d size %d\n", type, size);
+# endif
+        if (s->tlsext_debug_cb)
+            s->tlsext_debug_cb(s, 0, type, data, size, s->tlsext_debug_arg);
+/*-
+ * The servername extension is treated as follows:
+ *
+ * - Only the hostname type is supported with a maximum length of 255.
+ * - The servername is rejected if too long or if it contains zeros,
+ *   in which case an fatal alert is generated.
+ * - The servername field is maintained together with the session cache.
+ * - When a session is resumed, the servername call back invoked in order
+ *   to allow the application to position itself to the right context.
+ * - The servername is acknowledged if it is new for a session or when
+ *   it is identical to a previously used for the same session.
+ *   Applications can control the behaviour.  They can at any time
+ *   set a 'desirable' servername for a new SSL object. This can be the
+ *   case for example with HTTPS when a Host: header field is received and
+ *   a renegotiation is requested. In this case, a possible servername
+ *   presented in the new client hello is only acknowledged if it matches
+ *   the value of the Host: field.
+ * - Applications must  use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+ *   if they provide for changing an explicit servername context for the
+ *   session, i.e. when the session has been established with a servername
+ *   extension.
+ * - On session reconnect, the servername extension may be absent.
+ *
+ */
+
+        if (type == TLSEXT_TYPE_server_name) {
+            unsigned char *sdata;
+            int servname_type;
+            int dsize;
+
+            if (size < 2)
+                goto err;
+            n2s(data, dsize);
+            size -= 2;
+            if (dsize > size)
+                goto err;
+
+            sdata = data;
+            while (dsize > 3) {
+                servname_type = *(sdata++);
+                n2s(sdata, len);
+                dsize -= 3;
+
+                if (len > dsize)
+                    goto err;
+
+                if (s->servername_done == 0)
+                    switch (servname_type) {
+                    case TLSEXT_NAMETYPE_host_name:
+                        if (!s->hit) {
+                            if (s->session->tlsext_hostname)
+                                goto err;
+
+                            if (len > TLSEXT_MAXLEN_host_name) {
+                                *al = TLS1_AD_UNRECOGNIZED_NAME;
+                                return 0;
+                            }
+                            if ((s->session->tlsext_hostname =
+                                 OPENSSL_malloc(len + 1)) == NULL) {
+                                *al = TLS1_AD_INTERNAL_ERROR;
+                                return 0;
+                            }
+                            memcpy(s->session->tlsext_hostname, sdata, len);
+                            s->session->tlsext_hostname[len] = '\0';
+                            if (strlen(s->session->tlsext_hostname) != len) {
+                                OPENSSL_free(s->session->tlsext_hostname);
+                                s->session->tlsext_hostname = NULL;
+                                *al = TLS1_AD_UNRECOGNIZED_NAME;
+                                return 0;
+                            }
+                            s->servername_done = 1;
+
+                        } else
+                            s->servername_done = s->session->tlsext_hostname
+                                && strlen(s->session->tlsext_hostname) == len
+                                && strncmp(s->session->tlsext_hostname,
+                                           (char *)sdata, len) == 0;
+
+                        break;
+
+                    default:
+                        break;
+                    }
+
+                dsize -= len;
+            }
+            if (dsize != 0)
+                goto err;
+
+        }
+# ifndef OPENSSL_NO_SRP
+        else if (type == TLSEXT_TYPE_srp) {
+            if (size == 0 || ((len = data[0])) != (size - 1))
+                goto err;
+            if (s->srp_ctx.login != NULL)
+                goto err;
+            if ((s->srp_ctx.login = OPENSSL_malloc(len + 1)) == NULL)
+                return -1;
+            memcpy(s->srp_ctx.login, &data[1], len);
+            s->srp_ctx.login[len] = '\0';
+
+            if (strlen(s->srp_ctx.login) != len)
+                goto err;
+        }
+# endif
+
+# ifndef OPENSSL_NO_EC
+        else if (type == TLSEXT_TYPE_ec_point_formats) {
+            unsigned char *sdata = data;
+            int ecpointformatlist_length = *(sdata++);
+
+            if (ecpointformatlist_length != size - 1)
+                goto err;
+            if (!s->hit) {
+                if (s->session->tlsext_ecpointformatlist) {
+                    OPENSSL_free(s->session->tlsext_ecpointformatlist);
+                    s->session->tlsext_ecpointformatlist = NULL;
+                }
+                s->session->tlsext_ecpointformatlist_length = 0;
+                if ((s->session->tlsext_ecpointformatlist =
+                     OPENSSL_malloc(ecpointformatlist_length)) == NULL) {
+                    *al = TLS1_AD_INTERNAL_ERROR;
+                    return 0;
+                }
+                s->session->tlsext_ecpointformatlist_length =
+                    ecpointformatlist_length;
+                memcpy(s->session->tlsext_ecpointformatlist, sdata,
+                       ecpointformatlist_length);
+            }
+#  if 0
+            fprintf(stderr,
+                    "ssl_parse_clienthello_tlsext s->session->tlsext_ecpointformatlist (length=%i) ",
+                    s->session->tlsext_ecpointformatlist_length);
+            sdata = s->session->tlsext_ecpointformatlist;
+            for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++)
+                fprintf(stderr, "%i ", *(sdata++));
+            fprintf(stderr, "\n");
+#  endif
+        } else if (type == TLSEXT_TYPE_elliptic_curves) {
+            unsigned char *sdata = data;
+            int ellipticcurvelist_length = (*(sdata++) << 8);
+            ellipticcurvelist_length += (*(sdata++));
+
+            if (ellipticcurvelist_length != size - 2 ||
+                ellipticcurvelist_length < 1 ||
+                /* Each NamedCurve is 2 bytes. */
+                ellipticcurvelist_length & 1)
+                    goto err;
+
+            if (!s->hit) {
+                if (s->session->tlsext_ellipticcurvelist)
+                    goto err;
+
+                s->session->tlsext_ellipticcurvelist_length = 0;
+                if ((s->session->tlsext_ellipticcurvelist =
+                     OPENSSL_malloc(ellipticcurvelist_length)) == NULL) {
+                    *al = TLS1_AD_INTERNAL_ERROR;
+                    return 0;
+                }
+                s->session->tlsext_ellipticcurvelist_length =
+                    ellipticcurvelist_length;
+                memcpy(s->session->tlsext_ellipticcurvelist, sdata,
+                       ellipticcurvelist_length);
+            }
+#  if 0
+            fprintf(stderr,
+                    "ssl_parse_clienthello_tlsext s->session->tlsext_ellipticcurvelist (length=%i) ",
+                    s->session->tlsext_ellipticcurvelist_length);
+            sdata = s->session->tlsext_ellipticcurvelist;
+            for (i = 0; i < s->session->tlsext_ellipticcurvelist_length; i++)
+                fprintf(stderr, "%i ", *(sdata++));
+            fprintf(stderr, "\n");
+#  endif
+        }
+# endif                         /* OPENSSL_NO_EC */
+# ifdef TLSEXT_TYPE_opaque_prf_input
+        else if (type == TLSEXT_TYPE_opaque_prf_input &&
+                 s->version != DTLS1_VERSION) {
+            unsigned char *sdata = data;
+
+            if (size < 2) {
+                *al = SSL_AD_DECODE_ERROR;
+                return 0;
+            }
+            n2s(sdata, s->s3->client_opaque_prf_input_len);
+            if (s->s3->client_opaque_prf_input_len != size - 2) {
+                *al = SSL_AD_DECODE_ERROR;
+                return 0;
+            }
+
+            if (s->s3->client_opaque_prf_input != NULL) {
+                /* shouldn't really happen */
+                OPENSSL_free(s->s3->client_opaque_prf_input);
+            }
+
+            /* dummy byte just to get non-NULL */
+            if (s->s3->client_opaque_prf_input_len == 0)
+                s->s3->client_opaque_prf_input = OPENSSL_malloc(1);
+            else
+                s->s3->client_opaque_prf_input =
+                    BUF_memdup(sdata, s->s3->client_opaque_prf_input_len);
+            if (s->s3->client_opaque_prf_input == NULL) {
+                *al = TLS1_AD_INTERNAL_ERROR;
+                return 0;
+            }
+        }
+# endif
+        else if (type == TLSEXT_TYPE_session_ticket) {
+            if (s->tls_session_ticket_ext_cb &&
+                !s->tls_session_ticket_ext_cb(s, data, size,
+                                              s->tls_session_ticket_ext_cb_arg))
+            {
+                *al = TLS1_AD_INTERNAL_ERROR;
+                return 0;
+            }
+        } else if (type == TLSEXT_TYPE_renegotiate) {
+            if (!ssl_parse_clienthello_renegotiate_ext(s, data, size, al))
+                return 0;
+            renegotiate_seen = 1;
+        } else if (type == TLSEXT_TYPE_signature_algorithms) {
+            int dsize;
+            if (sigalg_seen || size < 2)
+                goto err;
+            sigalg_seen = 1;
+            n2s(data, dsize);
+            size -= 2;
+            if (dsize != size || dsize & 1)
+                goto err;
+            if (!tls1_process_sigalgs(s, data, dsize))
+                goto err;
+        } else if (type == TLSEXT_TYPE_status_request &&
+                   s->version != DTLS1_VERSION) {
+
+            if (size < 5)
+                goto err;
+
+            s->tlsext_status_type = *data++;
+            size--;
+            if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) {
+                const unsigned char *sdata;
+                int dsize;
+                /* Read in responder_id_list */
+                n2s(data, dsize);
+                size -= 2;
+                if (dsize > size)
+                    goto err;
+
+                /*
+                 * We remove any OCSP_RESPIDs from a previous handshake
+                 * to prevent unbounded memory growth - CVE-2016-6304
+                 */
+                sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids,
+                                        OCSP_RESPID_free);
+                if (dsize > 0) {
+                    s->tlsext_ocsp_ids = sk_OCSP_RESPID_new_null();
+                    if (s->tlsext_ocsp_ids == NULL) {
+                        *al = SSL_AD_INTERNAL_ERROR;
+                        return 0;
+                    }
+                } else {
+                    s->tlsext_ocsp_ids = NULL;
+                }
+
+                while (dsize > 0) {
+                    OCSP_RESPID *id;
+                    int idsize;
+                    if (dsize < 4)
+                        goto err;
+                    n2s(data, idsize);
+                    dsize -= 2 + idsize;
+                    size -= 2 + idsize;
+                    if (dsize < 0)
+                        goto err;
+                    sdata = data;
+                    data += idsize;
+                    id = d2i_OCSP_RESPID(NULL, &sdata, idsize);
+                    if (!id)
+                        goto err;
+                    if (data != sdata) {
+                        OCSP_RESPID_free(id);
+                        goto err;
+                    }
+                    if (!sk_OCSP_RESPID_push(s->tlsext_ocsp_ids, id)) {
+                        OCSP_RESPID_free(id);
+                        *al = SSL_AD_INTERNAL_ERROR;
+                        return 0;
+                    }
+                }
+
+                /* Read in request_extensions */
+                if (size < 2)
+                    goto err;
+                n2s(data, dsize);
+                size -= 2;
+                if (dsize != size)
+                    goto err;
+                sdata = data;
+                if (dsize > 0) {
+                    if (s->tlsext_ocsp_exts) {
+                        sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
+                                                   X509_EXTENSION_free);
+                    }
+
+                    s->tlsext_ocsp_exts =
+                        d2i_X509_EXTENSIONS(NULL, &sdata, dsize);
+                    if (!s->tlsext_ocsp_exts || (data + dsize != sdata))
+                        goto err;
+                }
+            }
+            /*
+             * We don't know what to do with any other type * so ignore it.
+             */
+            else
+                s->tlsext_status_type = -1;
+        }
+# ifndef OPENSSL_NO_HEARTBEATS
+        else if (type == TLSEXT_TYPE_heartbeat) {
+            switch (data[0]) {
+            case 0x01:         /* Client allows us to send HB requests */
+                s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
+                break;
+            case 0x02:         /* Client doesn't accept HB requests */
+                s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
+                s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
+                break;
+            default:
+                *al = SSL_AD_ILLEGAL_PARAMETER;
+                return 0;
+            }
+        }
+# endif
+# ifndef OPENSSL_NO_NEXTPROTONEG
+        else if (type == TLSEXT_TYPE_next_proto_neg &&
+                 s->s3->tmp.finish_md_len == 0) {
+            /*-
+             * We shouldn't accept this extension on a
+             * renegotiation.
+             *
+             * s->new_session will be set on renegotiation, but we
+             * probably shouldn't rely that it couldn't be set on
+             * the initial renegotation too in certain cases (when
+             * there's some other reason to disallow resuming an
+             * earlier session -- the current code won't be doing
+             * anything like that, but this might change).
+             *
+             * A valid sign that there's been a previous handshake
+             * in this connection is if s->s3->tmp.finish_md_len >
+             * 0.  (We are talking about a check that will happen
+             * in the Hello protocol round, well before a new
+             * Finished message could have been computed.)
+             */
+            s->s3->next_proto_neg_seen = 1;
+        }
+# endif
+
+        /* session ticket processed earlier */
+# ifndef OPENSSL_NO_SRTP
+        else if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)
+                 && type == TLSEXT_TYPE_use_srtp) {
+            if (ssl_parse_clienthello_use_srtp_ext(s, data, size, al))
+                return 0;
+        }
+# endif
+
+        data += size;
+    }
+
+    /* Spurious data on the end */
+    if (data != limit)
+        goto err;
+
+    *p = data;
+
+ ri_check:
+
+    /* Need RI if renegotiating */
+
+    if (!renegotiate_seen && s->renegotiate &&
+        !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
+        *al = SSL_AD_HANDSHAKE_FAILURE;
+        SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT,
+               SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
+        return 0;
+    }
+
+    return 1;
+err:
+    *al = SSL_AD_DECODE_ERROR;
+    return 0;
+}
+
+# ifndef OPENSSL_NO_NEXTPROTONEG
+/*
+ * ssl_next_proto_validate validates a Next Protocol Negotiation block. No
+ * elements of zero length are allowed and the set of elements must exactly
+ * fill the length of the block.
+ */
+static char ssl_next_proto_validate(unsigned char *d, unsigned len)
+{
+    unsigned int off = 0;
+
+    while (off < len) {
+        if (d[off] == 0)
+            return 0;
+        off += d[off];
+        off++;
+    }
+
+    return off == len;
+}
+# endif
+
+int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
+                                 int n, int *al)
+{
+    unsigned short length;
+    unsigned short type;
+    unsigned short size;
+    unsigned char *data = *p;
+    int tlsext_servername = 0;
+    int renegotiate_seen = 0;
+
+# ifndef OPENSSL_NO_NEXTPROTONEG
+    s->s3->next_proto_neg_seen = 0;
+# endif
+    s->tlsext_ticket_expected = 0;
+
+# ifndef OPENSSL_NO_HEARTBEATS
+    s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED |
+                             SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
+# endif
+
+    if ((d + n) - data <= 2)
+        goto ri_check;
+
+    n2s(data, length);
+    if ((d + n) - data != length) {
+        *al = SSL_AD_DECODE_ERROR;
+        return 0;
+    }
+
+    while ((d + n) - data >= 4) {
+        n2s(data, type);
+        n2s(data, size);
+
+        if ((d + n) - data < size)
+            goto ri_check;
+
+        if (s->tlsext_debug_cb)
+            s->tlsext_debug_cb(s, 1, type, data, size, s->tlsext_debug_arg);
+
+        if (type == TLSEXT_TYPE_server_name) {
+            if (s->tlsext_hostname == NULL || size > 0) {
+                *al = TLS1_AD_UNRECOGNIZED_NAME;
+                return 0;
+            }
+            tlsext_servername = 1;
+        }
+# ifndef OPENSSL_NO_EC
+        else if (type == TLSEXT_TYPE_ec_point_formats) {
+            unsigned char *sdata = data;
+            int ecpointformatlist_length = *(sdata++);
+
+            if (ecpointformatlist_length != size - 1 ||
+                ecpointformatlist_length < 1) {
+                *al = TLS1_AD_DECODE_ERROR;
+                return 0;
+            }
+            if (!s->hit) {
+                s->session->tlsext_ecpointformatlist_length = 0;
+                if (s->session->tlsext_ecpointformatlist != NULL)
+                    OPENSSL_free(s->session->tlsext_ecpointformatlist);
+                if ((s->session->tlsext_ecpointformatlist =
+                     OPENSSL_malloc(ecpointformatlist_length)) == NULL) {
+                    *al = TLS1_AD_INTERNAL_ERROR;
+                    return 0;
+                }
+                s->session->tlsext_ecpointformatlist_length =
+                    ecpointformatlist_length;
+                memcpy(s->session->tlsext_ecpointformatlist, sdata,
+                       ecpointformatlist_length);
+            }
+#  if 0
+            fprintf(stderr,
+                    "ssl_parse_serverhello_tlsext s->session->tlsext_ecpointformatlist ");
+            sdata = s->session->tlsext_ecpointformatlist;
+            for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++)
+                fprintf(stderr, "%i ", *(sdata++));
+            fprintf(stderr, "\n");
+#  endif
+        }
+# endif                         /* OPENSSL_NO_EC */
+
+        else if (type == TLSEXT_TYPE_session_ticket) {
+            if (s->tls_session_ticket_ext_cb &&
+                !s->tls_session_ticket_ext_cb(s, data, size,
+                                              s->tls_session_ticket_ext_cb_arg))
+            {
+                *al = TLS1_AD_INTERNAL_ERROR;
+                return 0;
+            }
+            if ((SSL_get_options(s) & SSL_OP_NO_TICKET)
+                || (size > 0)) {
+                *al = TLS1_AD_UNSUPPORTED_EXTENSION;
+                return 0;
+            }
+            s->tlsext_ticket_expected = 1;
+        }
+# ifdef TLSEXT_TYPE_opaque_prf_input
+        else if (type == TLSEXT_TYPE_opaque_prf_input &&
+                 s->version != DTLS1_VERSION) {
+            unsigned char *sdata = data;
+
+            if (size < 2) {
+                *al = SSL_AD_DECODE_ERROR;
+                return 0;
+            }
+            n2s(sdata, s->s3->server_opaque_prf_input_len);
+            if (s->s3->server_opaque_prf_input_len != size - 2) {
+                *al = SSL_AD_DECODE_ERROR;
+                return 0;
+            }
+
+            if (s->s3->server_opaque_prf_input != NULL) {
+                /* shouldn't really happen */
+                OPENSSL_free(s->s3->server_opaque_prf_input);
+            }
+            if (s->s3->server_opaque_prf_input_len == 0) {
+                /* dummy byte just to get non-NULL */
+                s->s3->server_opaque_prf_input = OPENSSL_malloc(1);
+            } else {
+                s->s3->server_opaque_prf_input =
+                    BUF_memdup(sdata, s->s3->server_opaque_prf_input_len);
+            }
+
+            if (s->s3->server_opaque_prf_input == NULL) {
+                *al = TLS1_AD_INTERNAL_ERROR;
+                return 0;
+            }
+        }
+# endif
+        else if (type == TLSEXT_TYPE_status_request &&
+                 s->version != DTLS1_VERSION) {
+            /*
+             * MUST be empty and only sent if we've requested a status
+             * request message.
+             */
+            if ((s->tlsext_status_type == -1) || (size > 0)) {
+                *al = TLS1_AD_UNSUPPORTED_EXTENSION;
+                return 0;
+            }
+            /* Set flag to expect CertificateStatus message */
+            s->tlsext_status_expected = 1;
+        }
+# ifndef OPENSSL_NO_NEXTPROTONEG
+        else if (type == TLSEXT_TYPE_next_proto_neg &&
+                 s->s3->tmp.finish_md_len == 0) {
+            unsigned char *selected;
+            unsigned char selected_len;
+
+            /* We must have requested it. */
+            if (s->ctx->next_proto_select_cb == NULL) {
+                *al = TLS1_AD_UNSUPPORTED_EXTENSION;
+                return 0;
+            }
+            /* The data must be valid */
+            if (!ssl_next_proto_validate(data, size)) {
+                *al = TLS1_AD_DECODE_ERROR;
+                return 0;
+            }
+            if (s->
+                ctx->next_proto_select_cb(s, &selected, &selected_len, data,
+                                          size,
+                                          s->ctx->next_proto_select_cb_arg) !=
+                SSL_TLSEXT_ERR_OK) {
+                *al = TLS1_AD_INTERNAL_ERROR;
+                return 0;
+            }
+            s->next_proto_negotiated = OPENSSL_malloc(selected_len);
+            if (!s->next_proto_negotiated) {
+                *al = TLS1_AD_INTERNAL_ERROR;
+                return 0;
+            }
+            memcpy(s->next_proto_negotiated, selected, selected_len);
+            s->next_proto_negotiated_len = selected_len;
+            s->s3->next_proto_neg_seen = 1;
+        }
+# endif
+        else if (type == TLSEXT_TYPE_renegotiate) {
+            if (!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))
+                return 0;
+            renegotiate_seen = 1;
+        }
+# ifndef OPENSSL_NO_HEARTBEATS
+        else if (type == TLSEXT_TYPE_heartbeat) {
+            switch (data[0]) {
+            case 0x01:         /* Server allows us to send HB requests */
+                s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
+                break;
+            case 0x02:         /* Server doesn't accept HB requests */
+                s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
+                s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
+                break;
+            default:
+                *al = SSL_AD_ILLEGAL_PARAMETER;
+                return 0;
+            }
+        }
+# endif
+# ifndef OPENSSL_NO_SRTP
+        else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp) {
+            if (ssl_parse_serverhello_use_srtp_ext(s, data, size, al))
+                return 0;
+        }
+# endif
+
+        data += size;
+    }
+
+    if (data != d + n) {
+        *al = SSL_AD_DECODE_ERROR;
+        return 0;
+    }
+
+    if (!s->hit && tlsext_servername == 1) {
+        if (s->tlsext_hostname) {
+            if (s->session->tlsext_hostname == NULL) {
+                s->session->tlsext_hostname = BUF_strdup(s->tlsext_hostname);
+                if (!s->session->tlsext_hostname) {
+                    *al = SSL_AD_UNRECOGNIZED_NAME;
+                    return 0;
+                }
+            } else {
+                *al = SSL_AD_DECODE_ERROR;
+                return 0;
+            }
+        }
+    }
+
+    *p = data;
+
+ ri_check:
+
+    /*
+     * Determine if we need to see RI. Strictly speaking if we want to avoid
+     * an attack we should *always* see RI even on initial server hello
+     * because the client doesn't see any renegotiation during an attack.
+     * However this would mean we could not connect to any server which
+     * doesn't support RI so for the immediate future tolerate RI absence on
+     * initial connect only.
+     */
+    if (!renegotiate_seen && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)
+        && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
+        *al = SSL_AD_HANDSHAKE_FAILURE;
+        SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT,
+               SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
+        return 0;
+    }
+
+    return 1;
+}
+
+int ssl_prepare_clienthello_tlsext(SSL *s)
+{
+# ifndef OPENSSL_NO_EC
+    /*
+     * If we are client and using an elliptic curve cryptography cipher
+     * suite, send the point formats and elliptic curves we support.
+     */
+    int using_ecc = 0;
+    int i;
+    unsigned char *j;
+    unsigned long alg_k, alg_a;
+    STACK_OF(SSL_CIPHER) *cipher_stack = SSL_get_ciphers(s);
+
+    for (i = 0; i < sk_SSL_CIPHER_num(cipher_stack); i++) {
+        SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i);
+
+        alg_k = c->algorithm_mkey;
+        alg_a = c->algorithm_auth;
+        if ((alg_k & (SSL_kEECDH | SSL_kECDHr | SSL_kECDHe)
+             || (alg_a & SSL_aECDSA))) {
+            using_ecc = 1;
+            break;
+        }
+    }
+    using_ecc = using_ecc && (s->version >= TLS1_VERSION);
+    if (using_ecc) {
+        if (s->tlsext_ecpointformatlist != NULL)
+            OPENSSL_free(s->tlsext_ecpointformatlist);
+        if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL) {
+            SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,
+                   ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+        s->tlsext_ecpointformatlist_length = 3;
+        s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed;
+        s->tlsext_ecpointformatlist[1] =
+            TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
+        s->tlsext_ecpointformatlist[2] =
+            TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
+
+        /* we support all named elliptic curves in RFC 4492 */
+        if (s->tlsext_ellipticcurvelist != NULL)
+            OPENSSL_free(s->tlsext_ellipticcurvelist);
+        s->tlsext_ellipticcurvelist_length =
+            sizeof(pref_list) / sizeof(pref_list[0]) * 2;
+        if ((s->tlsext_ellipticcurvelist =
+             OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL) {
+            s->tlsext_ellipticcurvelist_length = 0;
+            SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,
+                   ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+        for (i = 0, j = s->tlsext_ellipticcurvelist; (unsigned int)i <
+             sizeof(pref_list) / sizeof(pref_list[0]); i++) {
+            int id = tls1_ec_nid2curve_id(pref_list[i]);
+            s2n(id, j);
+        }
+    }
+# endif                         /* OPENSSL_NO_EC */
+
+# ifdef TLSEXT_TYPE_opaque_prf_input
+    {
+        int r = 1;
+
+        if (s->ctx->tlsext_opaque_prf_input_callback != 0) {
+            r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0,
+                                                         s->
+                                                         ctx->tlsext_opaque_prf_input_callback_arg);
+            if (!r)
+                return -1;
+        }
+
+        if (s->tlsext_opaque_prf_input != NULL) {
+            if (s->s3->client_opaque_prf_input != NULL) {
+                /* shouldn't really happen */
+                OPENSSL_free(s->s3->client_opaque_prf_input);
+            }
+
+            if (s->tlsext_opaque_prf_input_len == 0) {
+                /* dummy byte just to get non-NULL */
+                s->s3->client_opaque_prf_input = OPENSSL_malloc(1);
+            } else {
+                s->s3->client_opaque_prf_input =
+                    BUF_memdup(s->tlsext_opaque_prf_input,
+                               s->tlsext_opaque_prf_input_len);
+            }
+            if (s->s3->client_opaque_prf_input == NULL) {
+                SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,
+                       ERR_R_MALLOC_FAILURE);
+                return -1;
+            }
+            s->s3->client_opaque_prf_input_len =
+                s->tlsext_opaque_prf_input_len;
+        }
+
+        if (r == 2)
+            /*
+             * at callback's request, insist on receiving an appropriate
+             * server opaque PRF input
+             */
+            s->s3->server_opaque_prf_input_len =
+                s->tlsext_opaque_prf_input_len;
+    }
+# endif
+
+    return 1;
+}
+
+int ssl_prepare_serverhello_tlsext(SSL *s)
+{
+# ifndef OPENSSL_NO_EC
+    /*
+     * If we are server and using an ECC cipher suite, send the point formats
+     * we support if the client sent us an ECPointsFormat extension.  Note
+     * that the server is not supposed to send an EllipticCurves extension.
+     */
+
+    unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+    unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
+    int using_ecc = (alg_k & (SSL_kEECDH | SSL_kECDHr | SSL_kECDHe))
+        || (alg_a & SSL_aECDSA);
+    using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
+
+    if (using_ecc) {
+        if (s->tlsext_ecpointformatlist != NULL)
+            OPENSSL_free(s->tlsext_ecpointformatlist);
+        if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL) {
+            SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT,
+                   ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+        s->tlsext_ecpointformatlist_length = 3;
+        s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed;
+        s->tlsext_ecpointformatlist[1] =
+            TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
+        s->tlsext_ecpointformatlist[2] =
+            TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
+    }
+# endif                         /* OPENSSL_NO_EC */
+
+    return 1;
+}
+
+int ssl_check_clienthello_tlsext_early(SSL *s)
+{
+    int ret = SSL_TLSEXT_ERR_NOACK;
+    int al = SSL_AD_UNRECOGNIZED_NAME;
+
+# ifndef OPENSSL_NO_EC
+    /*
+     * The handling of the ECPointFormats extension is done elsewhere, namely
+     * in ssl3_choose_cipher in s3_lib.c.
+     */
+    /*
+     * The handling of the EllipticCurves extension is done elsewhere, namely
+     * in ssl3_choose_cipher in s3_lib.c.
+     */
+# endif
+
+    if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
+        ret =
+            s->ctx->tlsext_servername_callback(s, &al,
+                                               s->ctx->tlsext_servername_arg);
+    else if (s->initial_ctx != NULL
+             && s->initial_ctx->tlsext_servername_callback != 0)
+        ret =
+            s->initial_ctx->tlsext_servername_callback(s, &al,
+                                                       s->
+                                                       initial_ctx->tlsext_servername_arg);
+
+# ifdef TLSEXT_TYPE_opaque_prf_input
+    {
+        /*
+         * This sort of belongs into ssl_prepare_serverhello_tlsext(), but we
+         * might be sending an alert in response to the client hello, so this
+         * has to happen here in ssl_check_clienthello_tlsext_early().
+         */
+
+        int r = 1;
+
+        if (s->ctx->tlsext_opaque_prf_input_callback != 0) {
+            r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0,
+                                                         s->
+                                                         ctx->tlsext_opaque_prf_input_callback_arg);
+            if (!r) {
+                ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+                al = SSL_AD_INTERNAL_ERROR;
+                goto err;
+            }
+        }
+
+        if (s->s3->server_opaque_prf_input != NULL) {
+            /* shouldn't really happen */
+            OPENSSL_free(s->s3->server_opaque_prf_input);
+        }
+        s->s3->server_opaque_prf_input = NULL;
+
+        if (s->tlsext_opaque_prf_input != NULL) {
+            if (s->s3->client_opaque_prf_input != NULL &&
+                s->s3->client_opaque_prf_input_len ==
+                s->tlsext_opaque_prf_input_len) {
+                /*
+                 * can only use this extension if we have a server opaque PRF
+                 * input of the same length as the client opaque PRF input!
+                 */
+
+                if (s->tlsext_opaque_prf_input_len == 0) {
+                    /* dummy byte just to get non-NULL */
+                    s->s3->server_opaque_prf_input = OPENSSL_malloc(1);
+                } else {
+                    s->s3->server_opaque_prf_input =
+                        BUF_memdup(s->tlsext_opaque_prf_input,
+                                   s->tlsext_opaque_prf_input_len);
+                }
+                if (s->s3->server_opaque_prf_input == NULL) {
+                    ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+                    al = SSL_AD_INTERNAL_ERROR;
+                    goto err;
+                }
+                s->s3->server_opaque_prf_input_len =
+                    s->tlsext_opaque_prf_input_len;
+            }
+        }
+
+        if (r == 2 && s->s3->server_opaque_prf_input == NULL) {
+            /*
+             * The callback wants to enforce use of the extension, but we
+             * can't do that with the client opaque PRF input; abort the
+             * handshake.
+             */
+            ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+            al = SSL_AD_HANDSHAKE_FAILURE;
+        }
+    }
+
+ err:
+# endif
+    switch (ret) {
+    case SSL_TLSEXT_ERR_ALERT_FATAL:
+        ssl3_send_alert(s, SSL3_AL_FATAL, al);
+        return -1;
+
+    case SSL_TLSEXT_ERR_ALERT_WARNING:
+        ssl3_send_alert(s, SSL3_AL_WARNING, al);
+        return 1;
+
+    case SSL_TLSEXT_ERR_NOACK:
+        s->servername_done = 0;
+    default:
+        return 1;
+    }
+}
+
+int ssl_check_clienthello_tlsext_late(SSL *s)
+{
+    int ret = SSL_TLSEXT_ERR_OK;
+    int al;
+
+    /*
+     * If status request then ask callback what to do. Note: this must be
+     * called after servername callbacks in case the certificate has
+     * changed, and must be called after the cipher has been chosen because
+     * this may influence which certificate is sent
+     */
+    if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb) {
+        int r;
+        CERT_PKEY *certpkey;
+        certpkey = ssl_get_server_send_pkey(s);
+        /* If no certificate can't return certificate status */
+        if (certpkey == NULL) {
+            s->tlsext_status_expected = 0;
+            return 1;
+        }
+        /*
+         * Set current certificate to one we will use so SSL_get_certificate
+         * et al can pick it up.
+         */
+        s->cert->key = certpkey;
+        r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
+        switch (r) {
+            /* We don't want to send a status request response */
+        case SSL_TLSEXT_ERR_NOACK:
+            s->tlsext_status_expected = 0;
+            break;
+            /* status request response should be sent */
+        case SSL_TLSEXT_ERR_OK:
+            if (s->tlsext_ocsp_resp)
+                s->tlsext_status_expected = 1;
+            else
+                s->tlsext_status_expected = 0;
+            break;
+            /* something bad happened */
+        case SSL_TLSEXT_ERR_ALERT_FATAL:
+            ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+            al = SSL_AD_INTERNAL_ERROR;
+            goto err;
+        }
+    } else
+        s->tlsext_status_expected = 0;
+
+ err:
+    switch (ret) {
+    case SSL_TLSEXT_ERR_ALERT_FATAL:
+        ssl3_send_alert(s, SSL3_AL_FATAL, al);
+        return -1;
+
+    case SSL_TLSEXT_ERR_ALERT_WARNING:
+        ssl3_send_alert(s, SSL3_AL_WARNING, al);
+        return 1;
+
+    default:
+        return 1;
+    }
+}
+
+int ssl_check_serverhello_tlsext(SSL *s)
+{
+    int ret = SSL_TLSEXT_ERR_NOACK;
+    int al = SSL_AD_UNRECOGNIZED_NAME;
+
+# ifndef OPENSSL_NO_EC
+    /*
+     * If we are client and using an elliptic curve cryptography cipher
+     * suite, then if server returns an EC point formats lists extension it
+     * must contain uncompressed.
+     */
+    unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+    unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
+    if ((s->tlsext_ecpointformatlist != NULL)
+        && (s->tlsext_ecpointformatlist_length > 0)
+        && (s->session->tlsext_ecpointformatlist != NULL)
+        && (s->session->tlsext_ecpointformatlist_length > 0)
+        && ((alg_k & (SSL_kEECDH | SSL_kECDHr | SSL_kECDHe))
+            || (alg_a & SSL_aECDSA))) {
+        /* we are using an ECC cipher */
+        size_t i;
+        unsigned char *list;
+        int found_uncompressed = 0;
+        list = s->session->tlsext_ecpointformatlist;
+        for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) {
+            if (*(list++) == TLSEXT_ECPOINTFORMAT_uncompressed) {
+                found_uncompressed = 1;
+                break;
+            }
+        }
+        if (!found_uncompressed) {
+            SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT,
+                   SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
+            return -1;
+        }
+    }
+    ret = SSL_TLSEXT_ERR_OK;
+# endif                         /* OPENSSL_NO_EC */
+
+    if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
+        ret =
+            s->ctx->tlsext_servername_callback(s, &al,
+                                               s->ctx->tlsext_servername_arg);
+    else if (s->initial_ctx != NULL
+             && s->initial_ctx->tlsext_servername_callback != 0)
+        ret =
+            s->initial_ctx->tlsext_servername_callback(s, &al,
+                                                       s->
+                                                       initial_ctx->tlsext_servername_arg);
+
+# ifdef TLSEXT_TYPE_opaque_prf_input
+    if (s->s3->server_opaque_prf_input_len > 0) {
+        /*
+         * This case may indicate that we, as a client, want to insist on
+         * using opaque PRF inputs. So first verify that we really have a
+         * value from the server too.
+         */
+
+        if (s->s3->server_opaque_prf_input == NULL) {
+            ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+            al = SSL_AD_HANDSHAKE_FAILURE;
+        }
+
+        /*
+         * Anytime the server *has* sent an opaque PRF input, we need to
+         * check that we have a client opaque PRF input of the same size.
+         */
+        if (s->s3->client_opaque_prf_input == NULL ||
+            s->s3->client_opaque_prf_input_len !=
+            s->s3->server_opaque_prf_input_len) {
+            ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+            al = SSL_AD_ILLEGAL_PARAMETER;
+        }
+    }
+# endif
+
+    OPENSSL_free(s->tlsext_ocsp_resp);
+    s->tlsext_ocsp_resp = NULL;
+    s->tlsext_ocsp_resplen = -1;
+    /*
+     * If we've requested certificate status and we wont get one tell the
+     * callback
+     */
+    if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected)
+        && !(s->hit) && s->ctx && s->ctx->tlsext_status_cb) {
+        int r;
+        /*
+         * Call callback with resp == NULL and resplen == -1 so callback
+         * knows there is no response
+         */
+        r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
+        if (r == 0) {
+            al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
+            ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+        }
+        if (r < 0) {
+            al = SSL_AD_INTERNAL_ERROR;
+            ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+        }
+    }
+
+    switch (ret) {
+    case SSL_TLSEXT_ERR_ALERT_FATAL:
+        ssl3_send_alert(s, SSL3_AL_FATAL, al);
+        return -1;
+
+    case SSL_TLSEXT_ERR_ALERT_WARNING:
+        ssl3_send_alert(s, SSL3_AL_WARNING, al);
+        return 1;
+
+    case SSL_TLSEXT_ERR_NOACK:
+        s->servername_done = 0;
+    default:
+        return 1;
+    }
+}
+
+/*-
+ * Since the server cache lookup is done early on in the processing of the
+ * ClientHello, and other operations depend on the result, we need to handle
+ * any TLS session ticket extension at the same time.
+ *
+ *   session_id: points at the session ID in the ClientHello. This code will
+ *       read past the end of this in order to parse out the session ticket
+ *       extension, if any.
+ *   len: the length of the session ID.
+ *   limit: a pointer to the first byte after the ClientHello.
+ *   ret: (output) on return, if a ticket was decrypted, then this is set to
+ *       point to the resulting session.
+ *
+ * If s->tls_session_secret_cb is set then we are expecting a pre-shared key
+ * ciphersuite, in which case we have no use for session tickets and one will
+ * never be decrypted, nor will s->tlsext_ticket_expected be set to 1.
+ *
+ * Returns:
+ *   -1: fatal error, either from parsing or decrypting the ticket.
+ *    0: no ticket was found (or was ignored, based on settings).
+ *    1: a zero length extension was found, indicating that the client supports
+ *       session tickets but doesn't currently have one to offer.
+ *    2: either s->tls_session_secret_cb was set, or a ticket was offered but
+ *       couldn't be decrypted because of a non-fatal error.
+ *    3: a ticket was successfully decrypted and *ret was set.
+ *
+ * Side effects:
+ *   Sets s->tlsext_ticket_expected to 1 if the server will have to issue
+ *   a new session ticket to the client because the client indicated support
+ *   (and s->tls_session_secret_cb is NULL) but the client either doesn't have
+ *   a session ticket or we couldn't use the one it gave us, or if
+ *   s->ctx->tlsext_ticket_key_cb asked to renew the client's ticket.
+ *   Otherwise, s->tlsext_ticket_expected is set to 0.
+ */
+int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
+                        const unsigned char *limit, SSL_SESSION **ret)
+{
+    /* Point after session ID in client hello */
+    const unsigned char *p = session_id + len;
+    unsigned short i;
+
+    *ret = NULL;
+    s->tlsext_ticket_expected = 0;
+
+    /*
+     * If tickets disabled behave as if no ticket present to permit stateful
+     * resumption.
+     */
+    if (SSL_get_options(s) & SSL_OP_NO_TICKET)
+        return 0;
+    if ((s->version <= SSL3_VERSION) || !limit)
+        return 0;
+    if (p >= limit)
+        return -1;
+    /* Skip past DTLS cookie */
+    if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) {
+        i = *(p++);
+
+        if (limit - p <= i)
+            return -1;
+
+        p += i;
+    }
+    /* Skip past cipher list */
+    n2s(p, i);
+    if (limit - p <= i)
+        return -1;
+    p += i;
+
+    /* Skip past compression algorithm list */
+    i = *(p++);
+    if (limit - p < i)
+        return -1;
+    p += i;
+
+    /* Now at start of extensions */
+    if (limit - p <= 2)
+        return 0;
+    n2s(p, i);
+    while (limit - p >= 4) {
+        unsigned short type, size;
+        n2s(p, type);
+        n2s(p, size);
+        if (limit - p < size)
+            return 0;
+        if (type == TLSEXT_TYPE_session_ticket) {
+            int r;
+            if (size == 0) {
+                /*
+                 * The client will accept a ticket but doesn't currently have
+                 * one.
+                 */
+                s->tlsext_ticket_expected = 1;
+                return 1;
+            }
+            if (s->tls_session_secret_cb) {
+                /*
+                 * Indicate that the ticket couldn't be decrypted rather than
+                 * generating the session from ticket now, trigger
+                 * abbreviated handshake based on external mechanism to
+                 * calculate the master secret later.
+                 */
+                return 2;
+            }
+            r = tls_decrypt_ticket(s, p, size, session_id, len, ret);
+            switch (r) {
+            case 2:            /* ticket couldn't be decrypted */
+                s->tlsext_ticket_expected = 1;
+                return 2;
+            case 3:            /* ticket was decrypted */
+                return r;
+            case 4:            /* ticket decrypted but need to renew */
+                s->tlsext_ticket_expected = 1;
+                return 3;
+            default:           /* fatal error */
+                return -1;
+            }
+        }
+        p += size;
+    }
+    return 0;
+}
+
+/*-
+ * tls_decrypt_ticket attempts to decrypt a session ticket.
+ *
+ *   etick: points to the body of the session ticket extension.
+ *   eticklen: the length of the session tickets extenion.
+ *   sess_id: points at the session ID.
+ *   sesslen: the length of the session ID.
+ *   psess: (output) on return, if a ticket was decrypted, then this is set to
+ *       point to the resulting session.
+ *
+ * Returns:
+ *   -1: fatal error, either from parsing or decrypting the ticket.
+ *    2: the ticket couldn't be decrypted.
+ *    3: a ticket was successfully decrypted and *psess was set.
+ *    4: same as 3, but the ticket needs to be renewed.
+ */
+static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
+                              int eticklen, const unsigned char *sess_id,
+                              int sesslen, SSL_SESSION **psess)
+{
+    SSL_SESSION *sess;
+    unsigned char *sdec;
+    const unsigned char *p;
+    int slen, mlen, renew_ticket = 0;
+    unsigned char tick_hmac[EVP_MAX_MD_SIZE];
+    HMAC_CTX hctx;
+    EVP_CIPHER_CTX ctx;
+    SSL_CTX *tctx = s->initial_ctx;
+
+    /* Initialize session ticket encryption and HMAC contexts */
+    HMAC_CTX_init(&hctx);
+    EVP_CIPHER_CTX_init(&ctx);
+    if (tctx->tlsext_ticket_key_cb) {
+        unsigned char *nctick = (unsigned char *)etick;
+        int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16,
+                                            &ctx, &hctx, 0);
+        if (rv < 0)
+            return -1;
+        if (rv == 0)
+            return 2;
+        if (rv == 2)
+            renew_ticket = 1;
+    } else {
+        /* Check key name matches */
+        if (memcmp(etick, tctx->tlsext_tick_key_name, 16))
+            return 2;
+        if (HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
+                         tlsext_tick_md(), NULL) <= 0
+                || EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
+                                      tctx->tlsext_tick_aes_key,
+                                      etick + 16) <= 0) {
+            goto err;
+       }
+    }
+    /*
+     * Attempt to process session ticket, first conduct sanity and integrity
+     * checks on ticket.
+     */
+    mlen = HMAC_size(&hctx);
+    if (mlen < 0) {
+        goto err;
+    }
+    /* Sanity check ticket length: must exceed keyname + IV + HMAC */
+    if (eticklen <= 16 + EVP_CIPHER_CTX_iv_length(&ctx) + mlen) {
+        HMAC_CTX_cleanup(&hctx);
+        EVP_CIPHER_CTX_cleanup(&ctx);
+        return 2;
+    }
+
+    eticklen -= mlen;
+    /* Check HMAC of encrypted ticket */
+    if (HMAC_Update(&hctx, etick, eticklen) <= 0
+            || HMAC_Final(&hctx, tick_hmac, NULL) <= 0) {
+        goto err;
+    }
+    HMAC_CTX_cleanup(&hctx);
+    if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) {
+        EVP_CIPHER_CTX_cleanup(&ctx);
+        return 2;
+    }
+    /* Attempt to decrypt session data */
+    /* Move p after IV to start of encrypted ticket, update length */
+    p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);
+    eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx);
+    sdec = OPENSSL_malloc(eticklen);
+    if (sdec == NULL
+            || EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen) <= 0) {
+        EVP_CIPHER_CTX_cleanup(&ctx);
+        OPENSSL_free(sdec);
+        return -1;
+    }
+    if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) {
+        EVP_CIPHER_CTX_cleanup(&ctx);
+        OPENSSL_free(sdec);
+        return 2;
+    }
+    slen += mlen;
+    EVP_CIPHER_CTX_cleanup(&ctx);
+    p = sdec;
+
+    sess = d2i_SSL_SESSION(NULL, &p, slen);
+    OPENSSL_free(sdec);
+    if (sess) {
+        /*
+         * The session ID, if non-empty, is used by some clients to detect
+         * that the ticket has been accepted. So we copy it to the session
+         * structure. If it is empty set length to zero as required by
+         * standard.
+         */
+        if (sesslen)
+            memcpy(sess->session_id, sess_id, sesslen);
+        sess->session_id_length = sesslen;
+        *psess = sess;
+        if (renew_ticket)
+            return 4;
+        else
+            return 3;
+    }
+    ERR_clear_error();
+    /*
+     * For session parse failure, indicate that we need to send a new ticket.
+     */
+    return 2;
+err:
+    EVP_CIPHER_CTX_cleanup(&ctx);
+    HMAC_CTX_cleanup(&hctx);
+    return -1;
+}
+
+/* Tables to translate from NIDs to TLS v1.2 ids */
+
+typedef struct {
+    int nid;
+    int id;
+} tls12_lookup;
+
+static tls12_lookup tls12_md[] = {
+# ifndef OPENSSL_NO_MD5
+    {NID_md5, TLSEXT_hash_md5},
+# endif
+# ifndef OPENSSL_NO_SHA
+    {NID_sha1, TLSEXT_hash_sha1},
+# endif
+# ifndef OPENSSL_NO_SHA256
+    {NID_sha224, TLSEXT_hash_sha224},
+    {NID_sha256, TLSEXT_hash_sha256},
+# endif
+# ifndef OPENSSL_NO_SHA512
+    {NID_sha384, TLSEXT_hash_sha384},
+    {NID_sha512, TLSEXT_hash_sha512}
+# endif
+};
+
+static tls12_lookup tls12_sig[] = {
+# ifndef OPENSSL_NO_RSA
+    {EVP_PKEY_RSA, TLSEXT_signature_rsa},
+# endif
+# ifndef OPENSSL_NO_DSA
+    {EVP_PKEY_DSA, TLSEXT_signature_dsa},
+# endif
+# ifndef OPENSSL_NO_ECDSA
+    {EVP_PKEY_EC, TLSEXT_signature_ecdsa}
+# endif
+};
+
+static int tls12_find_id(int nid, tls12_lookup *table, size_t tlen)
+{
+    size_t i;
+    for (i = 0; i < tlen; i++) {
+        if (table[i].nid == nid)
+            return table[i].id;
+    }
+    return -1;
+}
+
+# if 0
+static int tls12_find_nid(int id, tls12_lookup *table, size_t tlen)
+{
+    size_t i;
+    for (i = 0; i < tlen; i++) {
+        if (table[i].id == id)
+            return table[i].nid;
+    }
+    return -1;
+}
+# endif
+
+int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
+                         const EVP_MD *md)
+{
+    int sig_id, md_id;
+    if (!md)
+        return 0;
+    md_id = tls12_find_id(EVP_MD_type(md), tls12_md,
+                          sizeof(tls12_md) / sizeof(tls12_lookup));
+    if (md_id == -1)
+        return 0;
+    sig_id = tls12_get_sigid(pk);
+    if (sig_id == -1)
+        return 0;
+    p[0] = (unsigned char)md_id;
+    p[1] = (unsigned char)sig_id;
+    return 1;
+}
+
+int tls12_get_sigid(const EVP_PKEY *pk)
+{
+    return tls12_find_id(pk->type, tls12_sig,
+                         sizeof(tls12_sig) / sizeof(tls12_lookup));
+}
+
+const EVP_MD *tls12_get_hash(unsigned char hash_alg)
+{
+    switch (hash_alg) {
+# ifndef OPENSSL_NO_SHA
+    case TLSEXT_hash_sha1:
+        return EVP_sha1();
+# endif
+# ifndef OPENSSL_NO_SHA256
+    case TLSEXT_hash_sha224:
+        return EVP_sha224();
+
+    case TLSEXT_hash_sha256:
+        return EVP_sha256();
+# endif
+# ifndef OPENSSL_NO_SHA512
+    case TLSEXT_hash_sha384:
+        return EVP_sha384();
+
+    case TLSEXT_hash_sha512:
+        return EVP_sha512();
+# endif
+    default:
+        return NULL;
+
+    }
+}
+
+/* Set preferred digest for each key type */
+
+int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
+{
+    int i, idx;
+    const EVP_MD *md;
+    CERT *c = s->cert;
+    /* Extension ignored for TLS versions below 1.2 */
+    if (TLS1_get_version(s) < TLS1_2_VERSION)
+        return 1;
+    /* Should never happen */
+    if (!c)
+        return 0;
+
+    c->pkeys[SSL_PKEY_DSA_SIGN].digest = NULL;
+    c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL;
+    c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL;
+    c->pkeys[SSL_PKEY_ECC].digest = NULL;
+
+    for (i = 0; i < dsize; i += 2) {
+        unsigned char hash_alg = data[i], sig_alg = data[i + 1];
+
+        switch (sig_alg) {
+# ifndef OPENSSL_NO_RSA
+        case TLSEXT_signature_rsa:
+            idx = SSL_PKEY_RSA_SIGN;
+            break;
+# endif
+# ifndef OPENSSL_NO_DSA
+        case TLSEXT_signature_dsa:
+            idx = SSL_PKEY_DSA_SIGN;
+            break;
+# endif
+# ifndef OPENSSL_NO_ECDSA
+        case TLSEXT_signature_ecdsa:
+            idx = SSL_PKEY_ECC;
+            break;
+# endif
+        default:
+            continue;
+        }
+
+        if (c->pkeys[idx].digest == NULL) {
+            md = tls12_get_hash(hash_alg);
+            if (md) {
+                c->pkeys[idx].digest = md;
+                if (idx == SSL_PKEY_RSA_SIGN)
+                    c->pkeys[SSL_PKEY_RSA_ENC].digest = md;
+            }
+        }
+
+    }
+
+    /*
+     * Set any remaining keys to default values. NOTE: if alg is not
+     * supported it stays as NULL.
+     */
+# ifndef OPENSSL_NO_DSA
+    if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest)
+        c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
+# endif
+# ifndef OPENSSL_NO_RSA
+    if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest) {
+        c->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
+        c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
+    }
+# endif
+# ifndef OPENSSL_NO_ECDSA
+    if (!c->pkeys[SSL_PKEY_ECC].digest)
+        c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
+# endif
+    return 1;
+}
+
+#endif
+
+#ifndef OPENSSL_NO_HEARTBEATS
+int tls1_process_heartbeat(SSL *s)
+{
+    unsigned char *p = &s->s3->rrec.data[0], *pl;
+    unsigned short hbtype;
+    unsigned int payload;
+    unsigned int padding = 16;  /* Use minimum padding */
+
+    if (s->msg_callback)
+        s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
+                        &s->s3->rrec.data[0], s->s3->rrec.length,
+                        s, s->msg_callback_arg);
+
+    /* Read type and payload length first */
+    if (1 + 2 + 16 > s->s3->rrec.length)
+        return 0;               /* silently discard */
+    hbtype = *p++;
+    n2s(p, payload);
+    if (1 + 2 + payload + 16 > s->s3->rrec.length)
+        return 0;               /* silently discard per RFC 6520 sec. 4 */
+    pl = p;
+
+    if (hbtype == TLS1_HB_REQUEST) {
+        unsigned char *buffer, *bp;
+        int r;
+
+        /*
+         * Allocate memory for the response, size is 1 bytes message type,
+         * plus 2 bytes payload length, plus payload, plus padding
+         */
+        buffer = OPENSSL_malloc(1 + 2 + payload + padding);
+        if (buffer == NULL)
+            return -1;
+        bp = buffer;
+
+        /* Enter response type, length and copy payload */
+        *bp++ = TLS1_HB_RESPONSE;
+        s2n(payload, bp);
+        memcpy(bp, pl, payload);
+        bp += payload;
+        /* Random padding */
+        if (RAND_bytes(bp, padding) <= 0) {
+            OPENSSL_free(buffer);
+            return -1;
+        }
+
+        r = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buffer,
+                             3 + payload + padding);
+
+        if (r >= 0 && s->msg_callback)
+            s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
+                            buffer, 3 + payload + padding,
+                            s, s->msg_callback_arg);
+
+        OPENSSL_free(buffer);
+
+        if (r < 0)
+            return r;
+    } else if (hbtype == TLS1_HB_RESPONSE) {
+        unsigned int seq;
+
+        /*
+         * We only send sequence numbers (2 bytes unsigned int), and 16
+         * random bytes, so we just try to read the sequence number
+         */
+        n2s(pl, seq);
+
+        if (payload == 18 && seq == s->tlsext_hb_seq) {
+            s->tlsext_hb_seq++;
+            s->tlsext_hb_pending = 0;
+        }
+    }
+
+    return 0;
+}
+
+int tls1_heartbeat(SSL *s)
+{
+    unsigned char *buf, *p;
+    int ret = -1;
+    unsigned int payload = 18;  /* Sequence number + random bytes */
+    unsigned int padding = 16;  /* Use minimum padding */
+
+    /* Only send if peer supports and accepts HB requests... */
+    if (!(s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) ||
+        s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS) {
+        SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT);
+        return -1;
+    }
+
+    /* ...and there is none in flight yet... */
+    if (s->tlsext_hb_pending) {
+        SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PENDING);
+        return -1;
+    }
+
+    /* ...and no handshake in progress. */
+    if (SSL_in_init(s) || s->in_handshake) {
+        SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_UNEXPECTED_MESSAGE);
+        return -1;
+    }
+
+    /*
+     * Check if padding is too long, payload and padding must not exceed 2^14
+     * - 3 = 16381 bytes in total.
+     */
+    OPENSSL_assert(payload + padding <= 16381);
+
+    /*-
+     * Create HeartBeat message, we just use a sequence number
+     * as payload to distuingish different messages and add
+     * some random stuff.
+     *  - Message Type, 1 byte
+     *  - Payload Length, 2 bytes (unsigned int)
+     *  - Payload, the sequence number (2 bytes uint)
+     *  - Payload, random bytes (16 bytes uint)
+     *  - Padding
+     */
+    buf = OPENSSL_malloc(1 + 2 + payload + padding);
+    p = buf;
+    /* Message Type */
+    *p++ = TLS1_HB_REQUEST;
+    /* Payload length (18 bytes here) */
+    s2n(payload, p);
+    /* Sequence number */
+    s2n(s->tlsext_hb_seq, p);
+    /* 16 random bytes */
+    if (RAND_bytes(p, 16) <= 0) {
+        SSLerr(SSL_F_TLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    p += 16;
+    /* Random padding */
+    if (RAND_bytes(p, padding) <= 0) {
+        SSLerr(SSL_F_TLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    ret = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding);
+    if (ret >= 0) {
+        if (s->msg_callback)
+            s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
+                            buf, 3 + payload + padding,
+                            s, s->msg_callback_arg);
+
+        s->tlsext_hb_pending = 1;
+    }
+
+err:
+    OPENSSL_free(buf);
+
+    return ret;
+}
+#endif

Deleted: vendor-crypto/openssl/1.0.1u/test/bftest.c
===================================================================
--- vendor-crypto/openssl/dist/test/bftest.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/bftest.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/../crypto/bf/bftest.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/test/bntest.c
===================================================================
--- vendor-crypto/openssl/dist/test/bntest.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/bntest.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/../crypto/bn/bntest.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/test/casttest.c
===================================================================
--- vendor-crypto/openssl/dist/test/casttest.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/casttest.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/../crypto/cast/casttest.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/test/clienthellotest.c
===================================================================
--- vendor-crypto/openssl/dist/test/clienthellotest.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/clienthellotest.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/../ssl/clienthellotest.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/test/constant_time_test.c
===================================================================
--- vendor-crypto/openssl/dist/test/constant_time_test.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/constant_time_test.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/../crypto/constant_time_test.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/test/destest.c
===================================================================
--- vendor-crypto/openssl/dist/test/destest.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/destest.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/../crypto/des/destest.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/test/dhtest.c
===================================================================
--- vendor-crypto/openssl/dist/test/dhtest.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/dhtest.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/../crypto/dh/dhtest.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/test/dsatest.c
===================================================================
--- vendor-crypto/openssl/dist/test/dsatest.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/dsatest.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/../crypto/dsa/dsatest.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/test/ecdhtest.c
===================================================================
--- vendor-crypto/openssl/dist/test/ecdhtest.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/ecdhtest.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/../crypto/ecdh/ecdhtest.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/test/ecdsatest.c
===================================================================
--- vendor-crypto/openssl/dist/test/ecdsatest.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/ecdsatest.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/../crypto/ecdsa/ecdsatest.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/test/ectest.c
===================================================================
--- vendor-crypto/openssl/dist/test/ectest.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/ectest.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/../crypto/ec/ectest.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/test/enginetest.c
===================================================================
--- vendor-crypto/openssl/dist/test/enginetest.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/enginetest.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/../crypto/engine/enginetest.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/test/evp_extra_test.c
===================================================================
--- vendor-crypto/openssl/dist/test/evp_extra_test.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/evp_extra_test.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/../crypto/evp/evp_extra_test.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/test/evp_test.c
===================================================================
--- vendor-crypto/openssl/dist/test/evp_test.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/evp_test.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/../crypto/evp/evp_test.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/test/exptest.c
===================================================================
--- vendor-crypto/openssl/dist/test/exptest.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/exptest.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/../crypto/bn/exptest.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/test/heartbeat_test.c
===================================================================
--- vendor-crypto/openssl/dist/test/heartbeat_test.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/heartbeat_test.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/../ssl/heartbeat_test.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/test/hmactest.c
===================================================================
--- vendor-crypto/openssl/dist/test/hmactest.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/hmactest.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/../crypto/hmac/hmactest.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/test/ideatest.c
===================================================================
--- vendor-crypto/openssl/dist/test/ideatest.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/ideatest.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/../crypto/idea/ideatest.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/test/igetest.c
===================================================================
--- vendor-crypto/openssl/dist/test/igetest.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/igetest.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,484 +0,0 @@
-/* test/igetest.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/aes.h>
-#include <openssl/rand.h>
-#include <stdio.h>
-#include <string.h>
-#include <assert.h>
-
-#define TEST_SIZE       128
-#define BIG_TEST_SIZE 10240
-
-static void hexdump(FILE *f, const char *title, const unsigned char *s, int l)
-{
-    int n = 0;
-
-    fprintf(f, "%s", title);
-    for (; n < l; ++n) {
-        if ((n % 16) == 0)
-            fprintf(f, "\n%04x", n);
-        fprintf(f, " %02x", s[n]);
-    }
-    fprintf(f, "\n");
-}
-
-#define MAX_VECTOR_SIZE 64
-
-struct ige_test {
-    const unsigned char key[16];
-    const unsigned char iv[32];
-    const unsigned char in[MAX_VECTOR_SIZE];
-    const unsigned char out[MAX_VECTOR_SIZE];
-    const size_t length;
-    const int encrypt;
-};
-
-static struct ige_test const ige_test_vectors[] = {
-    {{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-      0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, /* key */
-     {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-      0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
-      0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-      0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}, /* iv */
-     {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /* in */
-     {0x1a, 0x85, 0x19, 0xa6, 0x55, 0x7b, 0xe6, 0x52,
-      0xe9, 0xda, 0x8e, 0x43, 0xda, 0x4e, 0xf4, 0x45,
-      0x3c, 0xf4, 0x56, 0xb4, 0xca, 0x48, 0x8a, 0xa3,
-      0x83, 0xc7, 0x9c, 0x98, 0xb3, 0x47, 0x97, 0xcb}, /* out */
-     32, AES_ENCRYPT},          /* test vector 0 */
-
-    {{0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
-      0x61, 0x6e, 0x20, 0x69, 0x6d, 0x70, 0x6c, 0x65}, /* key */
-     {0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f,
-      0x6e, 0x20, 0x6f, 0x66, 0x20, 0x49, 0x47, 0x45,
-      0x20, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x66, 0x6f,
-      0x72, 0x20, 0x4f, 0x70, 0x65, 0x6e, 0x53, 0x53}, /* iv */
-     {0x4c, 0x2e, 0x20, 0x4c, 0x65, 0x74, 0x27, 0x73,
-      0x20, 0x68, 0x6f, 0x70, 0x65, 0x20, 0x42, 0x65,
-      0x6e, 0x20, 0x67, 0x6f, 0x74, 0x20, 0x69, 0x74,
-      0x20, 0x72, 0x69, 0x67, 0x68, 0x74, 0x21, 0x0a}, /* in */
-     {0x99, 0x70, 0x64, 0x87, 0xa1, 0xcd, 0xe6, 0x13,
-      0xbc, 0x6d, 0xe0, 0xb6, 0xf2, 0x4b, 0x1c, 0x7a,
-      0xa4, 0x48, 0xc8, 0xb9, 0xc3, 0x40, 0x3e, 0x34,
-      0x67, 0xa8, 0xca, 0xd8, 0x93, 0x40, 0xf5, 0x3b}, /* out */
-     32, AES_DECRYPT},          /* test vector 1 */
-};
-
-struct bi_ige_test {
-    const unsigned char key1[32];
-    const unsigned char key2[32];
-    const unsigned char iv[64];
-    const unsigned char in[MAX_VECTOR_SIZE];
-    const unsigned char out[MAX_VECTOR_SIZE];
-    const size_t keysize;
-    const size_t length;
-    const int encrypt;
-};
-
-static struct bi_ige_test const bi_ige_test_vectors[] = {
-    {{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-      0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, /* key1 */
-     {0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-      0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}, /* key2 */
-     {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-      0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
-      0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-      0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
-      0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-      0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
-      0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-      0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f}, /* iv */
-     {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /* in */
-     {0x14, 0x40, 0x6f, 0xae, 0xa2, 0x79, 0xf2, 0x56,
-      0x1f, 0x86, 0xeb, 0x3b, 0x7d, 0xff, 0x53, 0xdc,
-      0x4e, 0x27, 0x0c, 0x03, 0xde, 0x7c, 0xe5, 0x16,
-      0x6a, 0x9c, 0x20, 0x33, 0x9d, 0x33, 0xfe, 0x12}, /* out */
-     16, 32, AES_ENCRYPT},      /* test vector 0 */
-    {{0x58, 0x0a, 0x06, 0xe9, 0x97, 0x07, 0x59, 0x5c,
-      0x9e, 0x19, 0xd2, 0xa7, 0xbb, 0x40, 0x2b, 0x7a,
-      0xc7, 0xd8, 0x11, 0x9e, 0x4c, 0x51, 0x35, 0x75,
-      0x64, 0x28, 0x0f, 0x23, 0xad, 0x74, 0xac, 0x37}, /* key1 */
-     {0xd1, 0x80, 0xa0, 0x31, 0x47, 0xa3, 0x11, 0x13,
-      0x86, 0x26, 0x9e, 0x6d, 0xff, 0xaf, 0x72, 0x74,
-      0x5b, 0xa2, 0x35, 0x81, 0xd2, 0xa6, 0x3d, 0x21,
-      0x67, 0x7b, 0x58, 0xa8, 0x18, 0xf9, 0x72, 0xe4}, /* key2 */
-     {0x80, 0x3d, 0xbd, 0x4c, 0xe6, 0x7b, 0x06, 0xa9,
-      0x53, 0x35, 0xd5, 0x7e, 0x71, 0xc1, 0x70, 0x70,
-      0x74, 0x9a, 0x00, 0x28, 0x0c, 0xbf, 0x6c, 0x42,
-      0x9b, 0xa4, 0xdd, 0x65, 0x11, 0x77, 0x7c, 0x67,
-      0xfe, 0x76, 0x0a, 0xf0, 0xd5, 0xc6, 0x6e, 0x6a,
-      0xe7, 0x5e, 0x4c, 0xf2, 0x7e, 0x9e, 0xf9, 0x20,
-      0x0e, 0x54, 0x6f, 0x2d, 0x8a, 0x8d, 0x7e, 0xbd,
-      0x48, 0x79, 0x37, 0x99, 0xff, 0x27, 0x93, 0xa3}, /* iv */
-     {0xf1, 0x54, 0x3d, 0xca, 0xfe, 0xb5, 0xef, 0x1c,
-      0x4f, 0xa6, 0x43, 0xf6, 0xe6, 0x48, 0x57, 0xf0,
-      0xee, 0x15, 0x7f, 0xe3, 0xe7, 0x2f, 0xd0, 0x2f,
-      0x11, 0x95, 0x7a, 0x17, 0x00, 0xab, 0xa7, 0x0b,
-      0xbe, 0x44, 0x09, 0x9c, 0xcd, 0xac, 0xa8, 0x52,
-      0xa1, 0x8e, 0x7b, 0x75, 0xbc, 0xa4, 0x92, 0x5a,
-      0xab, 0x46, 0xd3, 0x3a, 0xa0, 0xd5, 0x35, 0x1c,
-      0x55, 0xa4, 0xb3, 0xa8, 0x40, 0x81, 0xa5, 0x0b}, /* in */
-     {0x42, 0xe5, 0x28, 0x30, 0x31, 0xc2, 0xa0, 0x23,
-      0x68, 0x49, 0x4e, 0xb3, 0x24, 0x59, 0x92, 0x79,
-      0xc1, 0xa5, 0xcc, 0xe6, 0x76, 0x53, 0xb1, 0xcf,
-      0x20, 0x86, 0x23, 0xe8, 0x72, 0x55, 0x99, 0x92,
-      0x0d, 0x16, 0x1c, 0x5a, 0x2f, 0xce, 0xcb, 0x51,
-      0xe2, 0x67, 0xfa, 0x10, 0xec, 0xcd, 0x3d, 0x67,
-      0xa5, 0xe6, 0xf7, 0x31, 0x26, 0xb0, 0x0d, 0x76,
-      0x5e, 0x28, 0xdc, 0x7f, 0x01, 0xc5, 0xa5, 0x4c}, /* out */
-     32, 64, AES_ENCRYPT},      /* test vector 1 */
-
-};
-
-static int run_test_vectors(void)
-{
-    unsigned int n;
-    int errs = 0;
-
-    for (n = 0; n < sizeof(ige_test_vectors) / sizeof(ige_test_vectors[0]);
-         ++n) {
-        const struct ige_test *const v = &ige_test_vectors[n];
-        AES_KEY key;
-        unsigned char buf[MAX_VECTOR_SIZE];
-        unsigned char iv[AES_BLOCK_SIZE * 2];
-
-        assert(v->length <= MAX_VECTOR_SIZE);
-
-        if (v->encrypt == AES_ENCRYPT)
-            AES_set_encrypt_key(v->key, 8 * sizeof v->key, &key);
-        else
-            AES_set_decrypt_key(v->key, 8 * sizeof v->key, &key);
-        memcpy(iv, v->iv, sizeof iv);
-        AES_ige_encrypt(v->in, buf, v->length, &key, iv, v->encrypt);
-
-        if (memcmp(v->out, buf, v->length)) {
-            printf("IGE test vector %d failed\n", n);
-            hexdump(stdout, "key", v->key, sizeof v->key);
-            hexdump(stdout, "iv", v->iv, sizeof v->iv);
-            hexdump(stdout, "in", v->in, v->length);
-            hexdump(stdout, "expected", v->out, v->length);
-            hexdump(stdout, "got", buf, v->length);
-
-            ++errs;
-        }
-
-        /* try with in == out */
-        memcpy(iv, v->iv, sizeof iv);
-        memcpy(buf, v->in, v->length);
-        AES_ige_encrypt(buf, buf, v->length, &key, iv, v->encrypt);
-
-        if (memcmp(v->out, buf, v->length)) {
-            printf("IGE test vector %d failed (with in == out)\n", n);
-            hexdump(stdout, "key", v->key, sizeof v->key);
-            hexdump(stdout, "iv", v->iv, sizeof v->iv);
-            hexdump(stdout, "in", v->in, v->length);
-            hexdump(stdout, "expected", v->out, v->length);
-            hexdump(stdout, "got", buf, v->length);
-
-            ++errs;
-        }
-    }
-
-    for (n = 0;
-         n < sizeof(bi_ige_test_vectors) / sizeof(bi_ige_test_vectors[0]);
-         ++n) {
-        const struct bi_ige_test *const v = &bi_ige_test_vectors[n];
-        AES_KEY key1;
-        AES_KEY key2;
-        unsigned char buf[MAX_VECTOR_SIZE];
-
-        assert(v->length <= MAX_VECTOR_SIZE);
-
-        if (v->encrypt == AES_ENCRYPT) {
-            AES_set_encrypt_key(v->key1, 8 * v->keysize, &key1);
-            AES_set_encrypt_key(v->key2, 8 * v->keysize, &key2);
-        } else {
-            AES_set_decrypt_key(v->key1, 8 * v->keysize, &key1);
-            AES_set_decrypt_key(v->key2, 8 * v->keysize, &key2);
-        }
-
-        AES_bi_ige_encrypt(v->in, buf, v->length, &key1, &key2, v->iv,
-                           v->encrypt);
-
-        if (memcmp(v->out, buf, v->length)) {
-            printf("Bidirectional IGE test vector %d failed\n", n);
-            hexdump(stdout, "key 1", v->key1, sizeof v->key1);
-            hexdump(stdout, "key 2", v->key2, sizeof v->key2);
-            hexdump(stdout, "iv", v->iv, sizeof v->iv);
-            hexdump(stdout, "in", v->in, v->length);
-            hexdump(stdout, "expected", v->out, v->length);
-            hexdump(stdout, "got", buf, v->length);
-
-            ++errs;
-        }
-    }
-
-    return errs;
-}
-
-int main(int argc, char **argv)
-{
-    unsigned char rkey[16];
-    unsigned char rkey2[16];
-    AES_KEY key;
-    AES_KEY key2;
-    unsigned char plaintext[BIG_TEST_SIZE];
-    unsigned char ciphertext[BIG_TEST_SIZE];
-    unsigned char checktext[BIG_TEST_SIZE];
-    unsigned char iv[AES_BLOCK_SIZE * 4];
-    unsigned char saved_iv[AES_BLOCK_SIZE * 4];
-    int err = 0;
-    unsigned int n;
-    unsigned matches;
-
-    assert(BIG_TEST_SIZE >= TEST_SIZE);
-
-    RAND_pseudo_bytes(rkey, sizeof rkey);
-    RAND_pseudo_bytes(plaintext, sizeof plaintext);
-    RAND_pseudo_bytes(iv, sizeof iv);
-    memcpy(saved_iv, iv, sizeof saved_iv);
-
-    /* Forward IGE only... */
-
-    /* Straight encrypt/decrypt */
-    AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
-    AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, iv, AES_ENCRYPT);
-
-    AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
-    memcpy(iv, saved_iv, sizeof iv);
-    AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv, AES_DECRYPT);
-
-    if (memcmp(checktext, plaintext, TEST_SIZE)) {
-        printf("Encrypt+decrypt doesn't match\n");
-        hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
-        hexdump(stdout, "Checktext", checktext, TEST_SIZE);
-        ++err;
-    }
-
-    /* Now check encrypt chaining works */
-    AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
-    memcpy(iv, saved_iv, sizeof iv);
-    AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE / 2, &key, iv,
-                    AES_ENCRYPT);
-    AES_ige_encrypt(plaintext + TEST_SIZE / 2,
-                    ciphertext + TEST_SIZE / 2, TEST_SIZE / 2,
-                    &key, iv, AES_ENCRYPT);
-
-    AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
-    memcpy(iv, saved_iv, sizeof iv);
-    AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv, AES_DECRYPT);
-
-    if (memcmp(checktext, plaintext, TEST_SIZE)) {
-        printf("Chained encrypt+decrypt doesn't match\n");
-        hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
-        hexdump(stdout, "Checktext", checktext, TEST_SIZE);
-        ++err;
-    }
-
-    /* And check decrypt chaining */
-    AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
-    memcpy(iv, saved_iv, sizeof iv);
-    AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE / 2, &key, iv,
-                    AES_ENCRYPT);
-    AES_ige_encrypt(plaintext + TEST_SIZE / 2,
-                    ciphertext + TEST_SIZE / 2, TEST_SIZE / 2,
-                    &key, iv, AES_ENCRYPT);
-
-    AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
-    memcpy(iv, saved_iv, sizeof iv);
-    AES_ige_encrypt(ciphertext, checktext, TEST_SIZE / 2, &key, iv,
-                    AES_DECRYPT);
-    AES_ige_encrypt(ciphertext + TEST_SIZE / 2,
-                    checktext + TEST_SIZE / 2, TEST_SIZE / 2, &key, iv,
-                    AES_DECRYPT);
-
-    if (memcmp(checktext, plaintext, TEST_SIZE)) {
-        printf("Chained encrypt+chained decrypt doesn't match\n");
-        hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
-        hexdump(stdout, "Checktext", checktext, TEST_SIZE);
-        ++err;
-    }
-
-    /* make sure garble extends forwards only */
-    AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
-    memcpy(iv, saved_iv, sizeof iv);
-    AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
-                    AES_ENCRYPT);
-
-    /* corrupt halfway through */
-    ++ciphertext[sizeof ciphertext / 2];
-    AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
-    memcpy(iv, saved_iv, sizeof iv);
-    AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
-                    AES_DECRYPT);
-
-    matches = 0;
-    for (n = 0; n < sizeof checktext; ++n)
-        if (checktext[n] == plaintext[n])
-            ++matches;
-
-    if (matches > sizeof checktext / 2 + sizeof checktext / 100) {
-        printf("More than 51%% matches after garbling\n");
-        ++err;
-    }
-
-    if (matches < sizeof checktext / 2) {
-        printf("Garble extends backwards!\n");
-        ++err;
-    }
-
-    /* Bi-directional IGE */
-
-    /*
-     * Note that we don't have to recover the IV, because chaining isn't
-     */
-    /* possible with biIGE, so the IV is not updated. */
-
-    RAND_pseudo_bytes(rkey2, sizeof rkey2);
-
-    /* Straight encrypt/decrypt */
-    AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
-    AES_set_encrypt_key(rkey2, 8 * sizeof rkey2, &key2);
-    AES_bi_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, &key2, iv,
-                       AES_ENCRYPT);
-
-    AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
-    AES_set_decrypt_key(rkey2, 8 * sizeof rkey2, &key2);
-    AES_bi_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, &key2, iv,
-                       AES_DECRYPT);
-
-    if (memcmp(checktext, plaintext, TEST_SIZE)) {
-        printf("Encrypt+decrypt doesn't match\n");
-        hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
-        hexdump(stdout, "Checktext", checktext, TEST_SIZE);
-        ++err;
-    }
-
-    /* make sure garble extends both ways */
-    AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
-    AES_set_encrypt_key(rkey2, 8 * sizeof rkey2, &key2);
-    AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
-                    AES_ENCRYPT);
-
-    /* corrupt halfway through */
-    ++ciphertext[sizeof ciphertext / 2];
-    AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
-    AES_set_decrypt_key(rkey2, 8 * sizeof rkey2, &key2);
-    AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
-                    AES_DECRYPT);
-
-    matches = 0;
-    for (n = 0; n < sizeof checktext; ++n)
-        if (checktext[n] == plaintext[n])
-            ++matches;
-
-    if (matches > sizeof checktext / 100) {
-        printf("More than 1%% matches after bidirectional garbling\n");
-        ++err;
-    }
-
-    /* make sure garble extends both ways (2) */
-    AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
-    AES_set_encrypt_key(rkey2, 8 * sizeof rkey2, &key2);
-    AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
-                    AES_ENCRYPT);
-
-    /* corrupt right at the end */
-    ++ciphertext[sizeof ciphertext - 1];
-    AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
-    AES_set_decrypt_key(rkey2, 8 * sizeof rkey2, &key2);
-    AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
-                    AES_DECRYPT);
-
-    matches = 0;
-    for (n = 0; n < sizeof checktext; ++n)
-        if (checktext[n] == plaintext[n])
-            ++matches;
-
-    if (matches > sizeof checktext / 100) {
-        printf("More than 1%% matches after bidirectional garbling (2)\n");
-        ++err;
-    }
-
-    /* make sure garble extends both ways (3) */
-    AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
-    AES_set_encrypt_key(rkey2, 8 * sizeof rkey2, &key2);
-    AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
-                    AES_ENCRYPT);
-
-    /* corrupt right at the start */
-    ++ciphertext[0];
-    AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
-    AES_set_decrypt_key(rkey2, 8 * sizeof rkey2, &key2);
-    AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
-                    AES_DECRYPT);
-
-    matches = 0;
-    for (n = 0; n < sizeof checktext; ++n)
-        if (checktext[n] == plaintext[n])
-            ++matches;
-
-    if (matches > sizeof checktext / 100) {
-        printf("More than 1%% matches after bidirectional garbling (3)\n");
-        ++err;
-    }
-
-    err += run_test_vectors();
-
-    return err;
-}

Copied: vendor-crypto/openssl/1.0.1u/test/igetest.c (from rev 11605, vendor-crypto/openssl/dist/test/igetest.c)
===================================================================
--- vendor-crypto/openssl/1.0.1u/test/igetest.c	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/test/igetest.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,484 @@
+/* test/igetest.c */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <openssl/aes.h>
+#include <openssl/rand.h>
+#include <stdio.h>
+#include <string.h>
+#include <assert.h>
+
+#define TEST_SIZE       128
+#define BIG_TEST_SIZE 10240
+
+static void hexdump(FILE *f, const char *title, const unsigned char *s, int l)
+{
+    int n = 0;
+
+    fprintf(f, "%s", title);
+    for (; n < l; ++n) {
+        if ((n % 16) == 0)
+            fprintf(f, "\n%04x", n);
+        fprintf(f, " %02x", s[n]);
+    }
+    fprintf(f, "\n");
+}
+
+#define MAX_VECTOR_SIZE 64
+
+struct ige_test {
+    const unsigned char key[16];
+    const unsigned char iv[32];
+    const unsigned char in[MAX_VECTOR_SIZE];
+    const unsigned char out[MAX_VECTOR_SIZE];
+    const size_t length;
+    const int encrypt;
+};
+
+static struct ige_test const ige_test_vectors[] = {
+    {{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+      0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, /* key */
+     {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+      0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+      0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+      0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}, /* iv */
+     {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /* in */
+     {0x1a, 0x85, 0x19, 0xa6, 0x55, 0x7b, 0xe6, 0x52,
+      0xe9, 0xda, 0x8e, 0x43, 0xda, 0x4e, 0xf4, 0x45,
+      0x3c, 0xf4, 0x56, 0xb4, 0xca, 0x48, 0x8a, 0xa3,
+      0x83, 0xc7, 0x9c, 0x98, 0xb3, 0x47, 0x97, 0xcb}, /* out */
+     32, AES_ENCRYPT},          /* test vector 0 */
+
+    {{0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
+      0x61, 0x6e, 0x20, 0x69, 0x6d, 0x70, 0x6c, 0x65}, /* key */
+     {0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f,
+      0x6e, 0x20, 0x6f, 0x66, 0x20, 0x49, 0x47, 0x45,
+      0x20, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x66, 0x6f,
+      0x72, 0x20, 0x4f, 0x70, 0x65, 0x6e, 0x53, 0x53}, /* iv */
+     {0x4c, 0x2e, 0x20, 0x4c, 0x65, 0x74, 0x27, 0x73,
+      0x20, 0x68, 0x6f, 0x70, 0x65, 0x20, 0x42, 0x65,
+      0x6e, 0x20, 0x67, 0x6f, 0x74, 0x20, 0x69, 0x74,
+      0x20, 0x72, 0x69, 0x67, 0x68, 0x74, 0x21, 0x0a}, /* in */
+     {0x99, 0x70, 0x64, 0x87, 0xa1, 0xcd, 0xe6, 0x13,
+      0xbc, 0x6d, 0xe0, 0xb6, 0xf2, 0x4b, 0x1c, 0x7a,
+      0xa4, 0x48, 0xc8, 0xb9, 0xc3, 0x40, 0x3e, 0x34,
+      0x67, 0xa8, 0xca, 0xd8, 0x93, 0x40, 0xf5, 0x3b}, /* out */
+     32, AES_DECRYPT},          /* test vector 1 */
+};
+
+struct bi_ige_test {
+    const unsigned char key1[32];
+    const unsigned char key2[32];
+    const unsigned char iv[64];
+    const unsigned char in[MAX_VECTOR_SIZE];
+    const unsigned char out[MAX_VECTOR_SIZE];
+    const size_t keysize;
+    const size_t length;
+    const int encrypt;
+};
+
+static struct bi_ige_test const bi_ige_test_vectors[] = {
+    {{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+      0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, /* key1 */
+     {0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+      0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}, /* key2 */
+     {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+      0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+      0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+      0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+      0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+      0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+      0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+      0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f}, /* iv */
+     {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /* in */
+     {0x14, 0x40, 0x6f, 0xae, 0xa2, 0x79, 0xf2, 0x56,
+      0x1f, 0x86, 0xeb, 0x3b, 0x7d, 0xff, 0x53, 0xdc,
+      0x4e, 0x27, 0x0c, 0x03, 0xde, 0x7c, 0xe5, 0x16,
+      0x6a, 0x9c, 0x20, 0x33, 0x9d, 0x33, 0xfe, 0x12}, /* out */
+     16, 32, AES_ENCRYPT},      /* test vector 0 */
+    {{0x58, 0x0a, 0x06, 0xe9, 0x97, 0x07, 0x59, 0x5c,
+      0x9e, 0x19, 0xd2, 0xa7, 0xbb, 0x40, 0x2b, 0x7a,
+      0xc7, 0xd8, 0x11, 0x9e, 0x4c, 0x51, 0x35, 0x75,
+      0x64, 0x28, 0x0f, 0x23, 0xad, 0x74, 0xac, 0x37}, /* key1 */
+     {0xd1, 0x80, 0xa0, 0x31, 0x47, 0xa3, 0x11, 0x13,
+      0x86, 0x26, 0x9e, 0x6d, 0xff, 0xaf, 0x72, 0x74,
+      0x5b, 0xa2, 0x35, 0x81, 0xd2, 0xa6, 0x3d, 0x21,
+      0x67, 0x7b, 0x58, 0xa8, 0x18, 0xf9, 0x72, 0xe4}, /* key2 */
+     {0x80, 0x3d, 0xbd, 0x4c, 0xe6, 0x7b, 0x06, 0xa9,
+      0x53, 0x35, 0xd5, 0x7e, 0x71, 0xc1, 0x70, 0x70,
+      0x74, 0x9a, 0x00, 0x28, 0x0c, 0xbf, 0x6c, 0x42,
+      0x9b, 0xa4, 0xdd, 0x65, 0x11, 0x77, 0x7c, 0x67,
+      0xfe, 0x76, 0x0a, 0xf0, 0xd5, 0xc6, 0x6e, 0x6a,
+      0xe7, 0x5e, 0x4c, 0xf2, 0x7e, 0x9e, 0xf9, 0x20,
+      0x0e, 0x54, 0x6f, 0x2d, 0x8a, 0x8d, 0x7e, 0xbd,
+      0x48, 0x79, 0x37, 0x99, 0xff, 0x27, 0x93, 0xa3}, /* iv */
+     {0xf1, 0x54, 0x3d, 0xca, 0xfe, 0xb5, 0xef, 0x1c,
+      0x4f, 0xa6, 0x43, 0xf6, 0xe6, 0x48, 0x57, 0xf0,
+      0xee, 0x15, 0x7f, 0xe3, 0xe7, 0x2f, 0xd0, 0x2f,
+      0x11, 0x95, 0x7a, 0x17, 0x00, 0xab, 0xa7, 0x0b,
+      0xbe, 0x44, 0x09, 0x9c, 0xcd, 0xac, 0xa8, 0x52,
+      0xa1, 0x8e, 0x7b, 0x75, 0xbc, 0xa4, 0x92, 0x5a,
+      0xab, 0x46, 0xd3, 0x3a, 0xa0, 0xd5, 0x35, 0x1c,
+      0x55, 0xa4, 0xb3, 0xa8, 0x40, 0x81, 0xa5, 0x0b}, /* in */
+     {0x42, 0xe5, 0x28, 0x30, 0x31, 0xc2, 0xa0, 0x23,
+      0x68, 0x49, 0x4e, 0xb3, 0x24, 0x59, 0x92, 0x79,
+      0xc1, 0xa5, 0xcc, 0xe6, 0x76, 0x53, 0xb1, 0xcf,
+      0x20, 0x86, 0x23, 0xe8, 0x72, 0x55, 0x99, 0x92,
+      0x0d, 0x16, 0x1c, 0x5a, 0x2f, 0xce, 0xcb, 0x51,
+      0xe2, 0x67, 0xfa, 0x10, 0xec, 0xcd, 0x3d, 0x67,
+      0xa5, 0xe6, 0xf7, 0x31, 0x26, 0xb0, 0x0d, 0x76,
+      0x5e, 0x28, 0xdc, 0x7f, 0x01, 0xc5, 0xa5, 0x4c}, /* out */
+     32, 64, AES_ENCRYPT},      /* test vector 1 */
+
+};
+
+static int run_test_vectors(void)
+{
+    unsigned int n;
+    int errs = 0;
+
+    for (n = 0; n < sizeof(ige_test_vectors) / sizeof(ige_test_vectors[0]);
+         ++n) {
+        const struct ige_test *const v = &ige_test_vectors[n];
+        AES_KEY key;
+        unsigned char buf[MAX_VECTOR_SIZE];
+        unsigned char iv[AES_BLOCK_SIZE * 2];
+
+        assert(v->length <= MAX_VECTOR_SIZE);
+
+        if (v->encrypt == AES_ENCRYPT)
+            AES_set_encrypt_key(v->key, 8 * sizeof v->key, &key);
+        else
+            AES_set_decrypt_key(v->key, 8 * sizeof v->key, &key);
+        memcpy(iv, v->iv, sizeof iv);
+        AES_ige_encrypt(v->in, buf, v->length, &key, iv, v->encrypt);
+
+        if (memcmp(v->out, buf, v->length)) {
+            printf("IGE test vector %d failed\n", n);
+            hexdump(stdout, "key", v->key, sizeof v->key);
+            hexdump(stdout, "iv", v->iv, sizeof v->iv);
+            hexdump(stdout, "in", v->in, v->length);
+            hexdump(stdout, "expected", v->out, v->length);
+            hexdump(stdout, "got", buf, v->length);
+
+            ++errs;
+        }
+
+        /* try with in == out */
+        memcpy(iv, v->iv, sizeof iv);
+        memcpy(buf, v->in, v->length);
+        AES_ige_encrypt(buf, buf, v->length, &key, iv, v->encrypt);
+
+        if (memcmp(v->out, buf, v->length)) {
+            printf("IGE test vector %d failed (with in == out)\n", n);
+            hexdump(stdout, "key", v->key, sizeof v->key);
+            hexdump(stdout, "iv", v->iv, sizeof v->iv);
+            hexdump(stdout, "in", v->in, v->length);
+            hexdump(stdout, "expected", v->out, v->length);
+            hexdump(stdout, "got", buf, v->length);
+
+            ++errs;
+        }
+    }
+
+    for (n = 0;
+         n < sizeof(bi_ige_test_vectors) / sizeof(bi_ige_test_vectors[0]);
+         ++n) {
+        const struct bi_ige_test *const v = &bi_ige_test_vectors[n];
+        AES_KEY key1;
+        AES_KEY key2;
+        unsigned char buf[MAX_VECTOR_SIZE];
+
+        assert(v->length <= MAX_VECTOR_SIZE);
+
+        if (v->encrypt == AES_ENCRYPT) {
+            AES_set_encrypt_key(v->key1, 8 * v->keysize, &key1);
+            AES_set_encrypt_key(v->key2, 8 * v->keysize, &key2);
+        } else {
+            AES_set_decrypt_key(v->key1, 8 * v->keysize, &key1);
+            AES_set_decrypt_key(v->key2, 8 * v->keysize, &key2);
+        }
+
+        AES_bi_ige_encrypt(v->in, buf, v->length, &key1, &key2, v->iv,
+                           v->encrypt);
+
+        if (memcmp(v->out, buf, v->length)) {
+            printf("Bidirectional IGE test vector %d failed\n", n);
+            hexdump(stdout, "key 1", v->key1, sizeof v->key1);
+            hexdump(stdout, "key 2", v->key2, sizeof v->key2);
+            hexdump(stdout, "iv", v->iv, sizeof v->iv);
+            hexdump(stdout, "in", v->in, v->length);
+            hexdump(stdout, "expected", v->out, v->length);
+            hexdump(stdout, "got", buf, v->length);
+
+            ++errs;
+        }
+    }
+
+    return errs;
+}
+
+int main(int argc, char **argv)
+{
+    unsigned char rkey[16];
+    unsigned char rkey2[16];
+    AES_KEY key;
+    AES_KEY key2;
+    unsigned char plaintext[BIG_TEST_SIZE];
+    unsigned char ciphertext[BIG_TEST_SIZE];
+    unsigned char checktext[BIG_TEST_SIZE];
+    unsigned char iv[AES_BLOCK_SIZE * 4];
+    unsigned char saved_iv[AES_BLOCK_SIZE * 4];
+    int err = 0;
+    unsigned int n;
+    unsigned matches;
+
+    assert(BIG_TEST_SIZE >= TEST_SIZE);
+
+    RAND_pseudo_bytes(rkey, sizeof rkey);
+    RAND_pseudo_bytes(plaintext, sizeof plaintext);
+    RAND_pseudo_bytes(iv, sizeof iv);
+    memcpy(saved_iv, iv, sizeof saved_iv);
+
+    /* Forward IGE only... */
+
+    /* Straight encrypt/decrypt */
+    AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
+    AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, iv, AES_ENCRYPT);
+
+    AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
+    memcpy(iv, saved_iv, sizeof iv);
+    AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv, AES_DECRYPT);
+
+    if (memcmp(checktext, plaintext, TEST_SIZE)) {
+        printf("Encrypt+decrypt doesn't match\n");
+        hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
+        hexdump(stdout, "Checktext", checktext, TEST_SIZE);
+        ++err;
+    }
+
+    /* Now check encrypt chaining works */
+    AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
+    memcpy(iv, saved_iv, sizeof iv);
+    AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE / 2, &key, iv,
+                    AES_ENCRYPT);
+    AES_ige_encrypt(plaintext + TEST_SIZE / 2,
+                    ciphertext + TEST_SIZE / 2, TEST_SIZE / 2,
+                    &key, iv, AES_ENCRYPT);
+
+    AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
+    memcpy(iv, saved_iv, sizeof iv);
+    AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv, AES_DECRYPT);
+
+    if (memcmp(checktext, plaintext, TEST_SIZE)) {
+        printf("Chained encrypt+decrypt doesn't match\n");
+        hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
+        hexdump(stdout, "Checktext", checktext, TEST_SIZE);
+        ++err;
+    }
+
+    /* And check decrypt chaining */
+    AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
+    memcpy(iv, saved_iv, sizeof iv);
+    AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE / 2, &key, iv,
+                    AES_ENCRYPT);
+    AES_ige_encrypt(plaintext + TEST_SIZE / 2,
+                    ciphertext + TEST_SIZE / 2, TEST_SIZE / 2,
+                    &key, iv, AES_ENCRYPT);
+
+    AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
+    memcpy(iv, saved_iv, sizeof iv);
+    AES_ige_encrypt(ciphertext, checktext, TEST_SIZE / 2, &key, iv,
+                    AES_DECRYPT);
+    AES_ige_encrypt(ciphertext + TEST_SIZE / 2,
+                    checktext + TEST_SIZE / 2, TEST_SIZE / 2, &key, iv,
+                    AES_DECRYPT);
+
+    if (memcmp(checktext, plaintext, TEST_SIZE)) {
+        printf("Chained encrypt+chained decrypt doesn't match\n");
+        hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
+        hexdump(stdout, "Checktext", checktext, TEST_SIZE);
+        ++err;
+    }
+
+    /* make sure garble extends forwards only */
+    AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
+    memcpy(iv, saved_iv, sizeof iv);
+    AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
+                    AES_ENCRYPT);
+
+    /* corrupt halfway through */
+    ++ciphertext[sizeof ciphertext / 2];
+    AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
+    memcpy(iv, saved_iv, sizeof iv);
+    AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
+                    AES_DECRYPT);
+
+    matches = 0;
+    for (n = 0; n < sizeof checktext; ++n)
+        if (checktext[n] == plaintext[n])
+            ++matches;
+
+    if (matches > sizeof checktext / 2 + sizeof checktext / 100) {
+        printf("More than 51%% matches after garbling\n");
+        ++err;
+    }
+
+    if (matches < sizeof checktext / 2) {
+        printf("Garble extends backwards!\n");
+        ++err;
+    }
+
+    /* Bi-directional IGE */
+
+    /*
+     * Note that we don't have to recover the IV, because chaining isn't
+     */
+    /* possible with biIGE, so the IV is not updated. */
+
+    RAND_pseudo_bytes(rkey2, sizeof rkey2);
+
+    /* Straight encrypt/decrypt */
+    AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
+    AES_set_encrypt_key(rkey2, 8 * sizeof rkey2, &key2);
+    AES_bi_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, &key2, iv,
+                       AES_ENCRYPT);
+
+    AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
+    AES_set_decrypt_key(rkey2, 8 * sizeof rkey2, &key2);
+    AES_bi_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, &key2, iv,
+                       AES_DECRYPT);
+
+    if (memcmp(checktext, plaintext, TEST_SIZE)) {
+        printf("Encrypt+decrypt doesn't match\n");
+        hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
+        hexdump(stdout, "Checktext", checktext, TEST_SIZE);
+        ++err;
+    }
+
+    /* make sure garble extends both ways */
+    AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
+    AES_set_encrypt_key(rkey2, 8 * sizeof rkey2, &key2);
+    AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
+                    AES_ENCRYPT);
+
+    /* corrupt halfway through */
+    ++ciphertext[sizeof ciphertext / 2];
+    AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
+    AES_set_decrypt_key(rkey2, 8 * sizeof rkey2, &key2);
+    AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
+                    AES_DECRYPT);
+
+    matches = 0;
+    for (n = 0; n < sizeof checktext; ++n)
+        if (checktext[n] == plaintext[n])
+            ++matches;
+
+    if (matches > sizeof checktext / 100) {
+        printf("More than 1%% matches after bidirectional garbling\n");
+        ++err;
+    }
+
+    /* make sure garble extends both ways (2) */
+    AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
+    AES_set_encrypt_key(rkey2, 8 * sizeof rkey2, &key2);
+    AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
+                    AES_ENCRYPT);
+
+    /* corrupt right at the end */
+    ++ciphertext[sizeof ciphertext - 1];
+    AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
+    AES_set_decrypt_key(rkey2, 8 * sizeof rkey2, &key2);
+    AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
+                    AES_DECRYPT);
+
+    matches = 0;
+    for (n = 0; n < sizeof checktext; ++n)
+        if (checktext[n] == plaintext[n])
+            ++matches;
+
+    if (matches > sizeof checktext / 100) {
+        printf("More than 1%% matches after bidirectional garbling (2)\n");
+        ++err;
+    }
+
+    /* make sure garble extends both ways (3) */
+    AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
+    AES_set_encrypt_key(rkey2, 8 * sizeof rkey2, &key2);
+    AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
+                    AES_ENCRYPT);
+
+    /* corrupt right at the start */
+    ++ciphertext[0];
+    AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
+    AES_set_decrypt_key(rkey2, 8 * sizeof rkey2, &key2);
+    AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
+                    AES_DECRYPT);
+
+    matches = 0;
+    for (n = 0; n < sizeof checktext; ++n)
+        if (checktext[n] == plaintext[n])
+            ++matches;
+
+    if (matches > sizeof checktext / 100) {
+        printf("More than 1%% matches after bidirectional garbling (3)\n");
+        ++err;
+    }
+
+    err += run_test_vectors();
+
+    return err;
+}

Deleted: vendor-crypto/openssl/1.0.1u/test/jpaketest.c
===================================================================
--- vendor-crypto/openssl/dist/test/jpaketest.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/jpaketest.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/dummytest.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/test/md2test.c
===================================================================
--- vendor-crypto/openssl/dist/test/md2test.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/md2test.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/dummytest.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/test/md4test.c
===================================================================
--- vendor-crypto/openssl/dist/test/md4test.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/md4test.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/../crypto/md4/md4test.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/test/md5test.c
===================================================================
--- vendor-crypto/openssl/dist/test/md5test.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/md5test.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/../crypto/md5/md5test.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/test/mdc2test.c
===================================================================
--- vendor-crypto/openssl/dist/test/mdc2test.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/mdc2test.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/../crypto/mdc2/mdc2test.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/test/randtest.c
===================================================================
--- vendor-crypto/openssl/dist/test/randtest.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/randtest.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/../crypto/rand/randtest.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/test/rc2test.c
===================================================================
--- vendor-crypto/openssl/dist/test/rc2test.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/rc2test.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/../crypto/rc2/rc2test.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/test/rc4test.c
===================================================================
--- vendor-crypto/openssl/dist/test/rc4test.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/rc4test.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/../crypto/rc4/rc4test.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/test/rc5test.c
===================================================================
--- vendor-crypto/openssl/dist/test/rc5test.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/rc5test.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/dummytest.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/test/rmdtest.c
===================================================================
--- vendor-crypto/openssl/dist/test/rmdtest.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/rmdtest.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/../crypto/ripemd/rmdtest.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/test/rsa_test.c
===================================================================
--- vendor-crypto/openssl/dist/test/rsa_test.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/rsa_test.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/../crypto/rsa/rsa_test.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/test/sha1test.c
===================================================================
--- vendor-crypto/openssl/dist/test/sha1test.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/sha1test.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/../crypto/sha/sha1test.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/test/sha256t.c
===================================================================
--- vendor-crypto/openssl/dist/test/sha256t.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/sha256t.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/../crypto/sha/sha256t.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/test/sha512t.c
===================================================================
--- vendor-crypto/openssl/dist/test/sha512t.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/sha512t.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/../crypto/sha/sha512t.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/test/shatest.c
===================================================================
--- vendor-crypto/openssl/dist/test/shatest.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/shatest.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/../crypto/sha/shatest.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/test/smime-certs/smdsa1.pem
===================================================================
--- vendor-crypto/openssl/dist/test/smime-certs/smdsa1.pem	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/smime-certs/smdsa1.pem	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,34 +0,0 @@
------BEGIN DSA PRIVATE KEY-----
-MIIBuwIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3
-OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt
-GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J
-jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt
-wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK
-+FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z
-SJCBQw5zAoGATQlPPF+OeU8nu3rsdXGDiZdJzOkuCce3KQfTABA9C+Dk4CVcvBdd
-YRLGpnykumkNTO1sTO+4/Gphsuje1ujK9td4UEhdYqylCe5QjEMrszDlJtelDQF9
-C0yhdjKGTP0kxofLhsGckcuQvcKEKffT2pDDKJIy4vWQO0UyJl1vjLcCFG2uiGGx
-9fMUZq1v0ePD4Wo0Xkxo
------END DSA PRIVATE KEY-----
------BEGIN CERTIFICATE-----
-MIIDpDCCAw2gAwIBAgIJAMtotfHYdEsWMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
-BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
-TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx
-CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
-ZXN0IFMvTUlNRSBFRSBEU0EgIzEwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7
-CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ
-mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2
-jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB
-CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV
-kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D
-xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhAACgYBN
-CU88X455Tye7eux1cYOJl0nM6S4Jx7cpB9MAED0L4OTgJVy8F11hEsamfKS6aQ1M
-7WxM77j8amGy6N7W6Mr213hQSF1irKUJ7lCMQyuzMOUm16UNAX0LTKF2MoZM/STG
-h8uGwZyRy5C9woQp99PakMMokjLi9ZA7RTImXW+Mt6OBgzCBgDAdBgNVHQ4EFgQU
-4Qfbhpi5yqXaXuCLXj427mR25MkwHwYDVR0jBBgwFoAUE89Lp7uJLrM4Vxd2xput
-aFvl7RcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwIAYDVR0RBBkwF4EV
-c21pbWVkc2ExQG9wZW5zc2wub3JnMA0GCSqGSIb3DQEBBQUAA4GBAFrdUzKK1pWO
-kd02S423KUBc4GWWyiGlVoEO7WxVhHLJ8sm67X7OtJOwe0UGt+Nc5qLtyJYSirw8
-phjiTdNpQCTJ8+Kc56tWkJ6H7NAI4vTJtPL5BM/EmeYrVSU9JI9xhqpyKw9IBD+n
-hRJ79W9FaiJRvaAOX+TkyTukJrxAWRyv
------END CERTIFICATE-----

Copied: vendor-crypto/openssl/1.0.1u/test/smime-certs/smdsa1.pem (from rev 11605, vendor-crypto/openssl/dist/test/smime-certs/smdsa1.pem)
===================================================================
--- vendor-crypto/openssl/1.0.1u/test/smime-certs/smdsa1.pem	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/test/smime-certs/smdsa1.pem	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,47 @@
+-----BEGIN PRIVATE KEY-----
+MIICZQIBADCCAjkGByqGSM44BAEwggIsAoIBAQCQfLlNdehPnTrGIMhw4rk0uua6
+k1nCG3zcyfXli17BdB2k0HBPaTA3a3ZHfOt1Awy0Uu0wZ3gdPr9z0I64hnJXIGou
+zIanZ7nYRImHtX5JMFbXeyxo1Owd2Zs3oEk9nQUoUsMxvmYC/ghPL5Zx1pPxcHCO
+wzWxoG4yZMjimXOc1/W7zvK/4/g/Cz9fItD3zdcydfgM/hK0/CeYQ21xfhqf4mjK
+v9plnCcWgToGI+7H8VK80MFbkO2QKRz3vP1/TjK6PRm9sEeB5b10+SvGv2j2w+CC
+0fXL4s6n7PtBlm/bww8xL1/Az8kwejUcII1Dc8uNwwISwGbwaGBvl7IHpm21AiEA
+rodZi+nCKZdTL8IgCjX3n0DuhPRkVQPjz/B6VweLW9MCggEAfimkUNwnsGFp7mKM
+zJKhHoQkMB1qJzyIHjDzQ/J1xjfoF6i27afw1/WKboND5eseZhlhA2TO5ZJB6nGx
+DOE9lVQxYVml++cQj6foHh1TVJAgGl4mWuveW/Rz+NEhpK4zVeEsfMrbkBypPByy
+xzF1Z49t568xdIo+e8jLI8FjEdXOIUg4ehB3NY6SL8r4oJ49j/sJWfHcDoWH/LK9
+ZaBF8NpflJe3F40S8RDvM8j2HC+y2Q4QyKk1DXGiH+7yQLGWzr3M73kC3UBnnH0h
+Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+
+TQMsxQQjAiEAkolGvb/76X3vm5Ov09ezqyBYt9cdj/FLH7DyMkxO7X0=
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIFkDCCBHigAwIBAgIJANk5lu6mSyBDMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
+TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEUx
+CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
+ZXN0IFMvTUlNRSBFRSBEU0EgIzEwggNGMIICOQYHKoZIzjgEATCCAiwCggEBAJB8
+uU116E+dOsYgyHDiuTS65rqTWcIbfNzJ9eWLXsF0HaTQcE9pMDdrdkd863UDDLRS
+7TBneB0+v3PQjriGclcgai7MhqdnudhEiYe1fkkwVtd7LGjU7B3ZmzegST2dBShS
+wzG+ZgL+CE8vlnHWk/FwcI7DNbGgbjJkyOKZc5zX9bvO8r/j+D8LP18i0PfN1zJ1
++Az+ErT8J5hDbXF+Gp/iaMq/2mWcJxaBOgYj7sfxUrzQwVuQ7ZApHPe8/X9OMro9
+Gb2wR4HlvXT5K8a/aPbD4ILR9cvizqfs+0GWb9vDDzEvX8DPyTB6NRwgjUNzy43D
+AhLAZvBoYG+XsgembbUCIQCuh1mL6cIpl1MvwiAKNfefQO6E9GRVA+PP8HpXB4tb
+0wKCAQB+KaRQ3CewYWnuYozMkqEehCQwHWonPIgeMPND8nXGN+gXqLbtp/DX9Ypu
+g0Pl6x5mGWEDZM7lkkHqcbEM4T2VVDFhWaX75xCPp+geHVNUkCAaXiZa695b9HP4
+0SGkrjNV4Sx8ytuQHKk8HLLHMXVnj23nrzF0ij57yMsjwWMR1c4hSDh6EHc1jpIv
+yvignj2P+wlZ8dwOhYf8sr1loEXw2l+Ul7cXjRLxEO8zyPYcL7LZDhDIqTUNcaIf
+7vJAsZbOvczveQLdQGecfSEfFvshIMJPt0LD+UfWcJtUUE4zQBIjbpJKwVJdCu8P
+aSvJFxNnQqTLKGGg84NalT5NAyzFA4IBBQACggEAGXSQADbuRIZBjiQ6NikwZl+x
+EDEffIE0RWbvwf1tfWxw4ZvanO/djyz5FePO0AIJDBCLUjr9D32nkmIG1Hu3dWgV
+86knQsM6uFiMSzY9nkJGZOlH3w4NHLE78pk75xR1sg1MEZr4x/t+a/ea9Y4AXklE
+DCcaHtpMGeAx3ZAqSKec+zQOOA73JWP1/gYHGdYyTQpQtwRTsh0Gi5mOOdpoJ0vp
+O83xYbFCZ+ZZKX1RWOjJe2OQBRtw739q1nRga1VMLAT/LFSQsSE3IOp8hiWbjnit
+1SE6q3II2a/aHZH/x4OzszfmtQfmerty3eQSq3bgajfxCsccnRjSbLeNiazRSKNg
+MF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFNHQYTOO
+xaZ/N68OpxqjHKuatw6sMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZs
+MA0GCSqGSIb3DQEBBQUAA4IBAQAAiLociMMXcLkO/uKjAjCIQMrsghrOrxn4ZGBx
+d/mCTeqPxhcrX2UorwxVCKI2+Dmz5dTC2xKprtvkiIadJamJmxYYzeF1pgRriFN3
+MkmMMkTbe/ekSvSeMtHQ2nHDCAJIaA/k9akWfA0+26Ec25/JKMrl3LttllsJMK1z
+Xj7TcQpAIWORKWSNxY/ezM34+9ABHDZB2waubFqS+irlZsn38aZRuUI0K67fuuIt
+17vMUBqQpe2hfNAjpZ8dIpEdAGjQ6izV2uwP1lXbiaK9U4dvUqmwyCIPniX7Hpaf
+0VnX0mEViXMT6vWZTjLBUv0oKmO7xBkWHIaaX6oyF32pK5AO
+-----END CERTIFICATE-----

Deleted: vendor-crypto/openssl/1.0.1u/test/smime-certs/smdsa2.pem
===================================================================
--- vendor-crypto/openssl/dist/test/smime-certs/smdsa2.pem	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/smime-certs/smdsa2.pem	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,34 +0,0 @@
------BEGIN DSA PRIVATE KEY-----
-MIIBvAIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3
-OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt
-GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J
-jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt
-wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK
-+FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z
-SJCBQw5zAoGBAIPmO8BtJ+Yac58trrPwq9b/6VW3jQTWzTLWSH84/QQdqQa+Pz3v
-It/+hHM0daNF5uls8ICsPL1aLXmRx0pHvIyb0aAzYae4T4Jv/COPDMTdKbA1uitJ
-VbkGZrm+LIrs7I9lOkb4T0vI6kL/XdOCXY1469zsqCgJ/O2ibn6mq0nWAhR716o2
-Nf8SimTZYB0/CKje6M5ufA==
------END DSA PRIVATE KEY-----
------BEGIN CERTIFICATE-----
-MIIDpTCCAw6gAwIBAgIJAMtotfHYdEsXMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
-BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
-TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx
-CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
-ZXN0IFMvTUlNRSBFRSBEU0EgIzIwggG4MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7
-CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ
-mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2
-jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB
-CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV
-kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D
-xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhQACgYEA
-g+Y7wG0n5hpzny2us/Cr1v/pVbeNBNbNMtZIfzj9BB2pBr4/Pe8i3/6EczR1o0Xm
-6WzwgKw8vVoteZHHSke8jJvRoDNhp7hPgm/8I48MxN0psDW6K0lVuQZmub4siuzs
-j2U6RvhPS8jqQv9d04JdjXjr3OyoKAn87aJufqarSdajgYMwgYAwHQYDVR0OBBYE
-FHsAGNfVltSYUq4hC+YVYwsYtA+dMB8GA1UdIwQYMBaAFBPPS6e7iS6zOFcXdsab
-rWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgbAMCAGA1UdEQQZMBeB
-FXNtaW1lZHNhMkBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQCx9BtCbaYF
-FXjLClkuKXbESaDZA1biPgY25i00FsUzARuhCpqD2v+0tu5c33ZzIhL6xlvBRU5l
-6Atw/xpZhae+hdBEtxPJoGekLLrHOau7Md3XwDjV4lFgcEJkWZoaSOOIK+4D5jF0
-jZWtHjnwEzuLYlo7ScHSsbcQfjH0M1TP5A==
------END CERTIFICATE-----

Copied: vendor-crypto/openssl/1.0.1u/test/smime-certs/smdsa2.pem (from rev 11605, vendor-crypto/openssl/dist/test/smime-certs/smdsa2.pem)
===================================================================
--- vendor-crypto/openssl/1.0.1u/test/smime-certs/smdsa2.pem	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/test/smime-certs/smdsa2.pem	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,47 @@
+-----BEGIN PRIVATE KEY-----
+MIICZAIBADCCAjkGByqGSM44BAEwggIsAoIBAQCQfLlNdehPnTrGIMhw4rk0uua6
+k1nCG3zcyfXli17BdB2k0HBPaTA3a3ZHfOt1Awy0Uu0wZ3gdPr9z0I64hnJXIGou
+zIanZ7nYRImHtX5JMFbXeyxo1Owd2Zs3oEk9nQUoUsMxvmYC/ghPL5Zx1pPxcHCO
+wzWxoG4yZMjimXOc1/W7zvK/4/g/Cz9fItD3zdcydfgM/hK0/CeYQ21xfhqf4mjK
+v9plnCcWgToGI+7H8VK80MFbkO2QKRz3vP1/TjK6PRm9sEeB5b10+SvGv2j2w+CC
+0fXL4s6n7PtBlm/bww8xL1/Az8kwejUcII1Dc8uNwwISwGbwaGBvl7IHpm21AiEA
+rodZi+nCKZdTL8IgCjX3n0DuhPRkVQPjz/B6VweLW9MCggEAfimkUNwnsGFp7mKM
+zJKhHoQkMB1qJzyIHjDzQ/J1xjfoF6i27afw1/WKboND5eseZhlhA2TO5ZJB6nGx
+DOE9lVQxYVml++cQj6foHh1TVJAgGl4mWuveW/Rz+NEhpK4zVeEsfMrbkBypPByy
+xzF1Z49t568xdIo+e8jLI8FjEdXOIUg4ehB3NY6SL8r4oJ49j/sJWfHcDoWH/LK9
+ZaBF8NpflJe3F40S8RDvM8j2HC+y2Q4QyKk1DXGiH+7yQLGWzr3M73kC3UBnnH0h
+Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+
+TQMsxQQiAiAdCUJ5n2Q9hIynN8BMpnRcdfH696BKejGx+2Mr2kfnnA==
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIFkDCCBHigAwIBAgIJANk5lu6mSyBEMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
+TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEUx
+CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
+ZXN0IFMvTUlNRSBFRSBEU0EgIzIwggNGMIICOQYHKoZIzjgEATCCAiwCggEBAJB8
+uU116E+dOsYgyHDiuTS65rqTWcIbfNzJ9eWLXsF0HaTQcE9pMDdrdkd863UDDLRS
+7TBneB0+v3PQjriGclcgai7MhqdnudhEiYe1fkkwVtd7LGjU7B3ZmzegST2dBShS
+wzG+ZgL+CE8vlnHWk/FwcI7DNbGgbjJkyOKZc5zX9bvO8r/j+D8LP18i0PfN1zJ1
++Az+ErT8J5hDbXF+Gp/iaMq/2mWcJxaBOgYj7sfxUrzQwVuQ7ZApHPe8/X9OMro9
+Gb2wR4HlvXT5K8a/aPbD4ILR9cvizqfs+0GWb9vDDzEvX8DPyTB6NRwgjUNzy43D
+AhLAZvBoYG+XsgembbUCIQCuh1mL6cIpl1MvwiAKNfefQO6E9GRVA+PP8HpXB4tb
+0wKCAQB+KaRQ3CewYWnuYozMkqEehCQwHWonPIgeMPND8nXGN+gXqLbtp/DX9Ypu
+g0Pl6x5mGWEDZM7lkkHqcbEM4T2VVDFhWaX75xCPp+geHVNUkCAaXiZa695b9HP4
+0SGkrjNV4Sx8ytuQHKk8HLLHMXVnj23nrzF0ij57yMsjwWMR1c4hSDh6EHc1jpIv
+yvignj2P+wlZ8dwOhYf8sr1loEXw2l+Ul7cXjRLxEO8zyPYcL7LZDhDIqTUNcaIf
+7vJAsZbOvczveQLdQGecfSEfFvshIMJPt0LD+UfWcJtUUE4zQBIjbpJKwVJdCu8P
+aSvJFxNnQqTLKGGg84NalT5NAyzFA4IBBQACggEAItQlFu0t7Mw1HHROuuwKLS+E
+h2WNNZP96MLQTygOVlqgaJY+1mJLzvl/51LLH6YezX0t89Z2Dm/3SOJEdNrdbIEt
+tbu5rzymXxFhc8uaIYZFhST38oQwJOjM8wFitAQESe6/9HZjkexMqSqx/r5aEKTa
+LBinqA1BJRI72So1/1dv8P99FavPADdj8V7fAccReKEQKnfnwA7mrnD+OlIqFKFn
+3wCGk8Sw7tSJ9g6jgCI+zFwrKn2w+w+iot/Ogxl9yMAtKmAd689IAZr5GPPvV2y0
+KOogCiUYgSTSawZhr+rjyFavfI5dBWzMq4tKx/zAi6MJ+6hGJjJ8jHoT9JAPmaNg
+MF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFGaxw04k
+qpufeGZC+TTBq8oMnXyrMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZs
+MA0GCSqGSIb3DQEBBQUAA4IBAQCk2Xob1ICsdHYx/YsBzY6E1eEwcI4RZbZ3hEXp
+VA72/Mbz60gjv1OwE5Ay4j+xG7IpTio6y2A9ZNepGpzidYcsL/Lx9Sv1LlN0Ukzb
+uk6Czd2sZJp+PFMTTrgCd5rXKnZs/0D84Vci611vGMA1hnUnbAnBBmgLXe9pDNRV
+6mhmCLLjJ4GOr5Wxt/hhknr7V2e1VMx3Q47GZhc0o/gExfhxXA8+gicM0nEYNakD
+2A1F0qDhQGakjuofANHhjdUDqKJ1sxurAy80fqb0ddzJt2el89iXKN+aXx/zEX96
+GI5ON7z/bkVwIi549lUOpWb2Mved61NBzCLKVP7HSuEIsC/I
+-----END CERTIFICATE-----

Deleted: vendor-crypto/openssl/1.0.1u/test/smime-certs/smdsa3.pem
===================================================================
--- vendor-crypto/openssl/dist/test/smime-certs/smdsa3.pem	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/smime-certs/smdsa3.pem	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,34 +0,0 @@
------BEGIN DSA PRIVATE KEY-----
-MIIBvAIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3
-OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt
-GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J
-jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt
-wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK
-+FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z
-SJCBQw5zAoGAYzOpPmh8Je1IDauEXhgaLz14wqYUHHcrj2VWVJ6fRm8GhdQFJSI7
-GUk08pgKZSKic2lNqxuzW7/vFxKQ/nvzfytY16b+2i+BR4Q6yvMzCebE1hHVg0Ju
-TwfUMwoFEOhYP6ZwHSUiQl9IBMH9TNJCMwYMxfY+VOrURFsjGTRUgpwCFQCIGt5g
-Y+XZd0Sv69CatDIRYWvaIA==
------END DSA PRIVATE KEY-----
------BEGIN CERTIFICATE-----
-MIIDpDCCAw2gAwIBAgIJAMtotfHYdEsYMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
-BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
-TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx
-CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
-ZXN0IFMvTUlNRSBFRSBEU0EgIzMwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7
-CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ
-mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2
-jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB
-CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV
-kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D
-xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhAACgYBj
-M6k+aHwl7UgNq4ReGBovPXjCphQcdyuPZVZUnp9GbwaF1AUlIjsZSTTymAplIqJz
-aU2rG7Nbv+8XEpD+e/N/K1jXpv7aL4FHhDrK8zMJ5sTWEdWDQm5PB9QzCgUQ6Fg/
-pnAdJSJCX0gEwf1M0kIzBgzF9j5U6tREWyMZNFSCnKOBgzCBgDAdBgNVHQ4EFgQU
-VhpVXqQ/EzUMdxLvP7o9EhJ8h70wHwYDVR0jBBgwFoAUE89Lp7uJLrM4Vxd2xput
-aFvl7RcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwIAYDVR0RBBkwF4EV
-c21pbWVkc2EzQG9wZW5zc2wub3JnMA0GCSqGSIb3DQEBBQUAA4GBACM9e75EQa8m
-k/AZkH/tROqf3yeqijULl9x8FjFatqoY+29OM6oMGM425IqSkKd2ipz7OxO0SShu
-rE0O3edS7DvYBwvhWPviRaYBMyZ4iFJVup+fOzoYK/j/bASxS3BHQBwb2r4rhe25
-OlTyyFEk7DJyW18YFOG97S1P52oQ5f5x
------END CERTIFICATE-----

Copied: vendor-crypto/openssl/1.0.1u/test/smime-certs/smdsa3.pem (from rev 11605, vendor-crypto/openssl/dist/test/smime-certs/smdsa3.pem)
===================================================================
--- vendor-crypto/openssl/1.0.1u/test/smime-certs/smdsa3.pem	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/test/smime-certs/smdsa3.pem	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,47 @@
+-----BEGIN PRIVATE KEY-----
+MIICZQIBADCCAjkGByqGSM44BAEwggIsAoIBAQCQfLlNdehPnTrGIMhw4rk0uua6
+k1nCG3zcyfXli17BdB2k0HBPaTA3a3ZHfOt1Awy0Uu0wZ3gdPr9z0I64hnJXIGou
+zIanZ7nYRImHtX5JMFbXeyxo1Owd2Zs3oEk9nQUoUsMxvmYC/ghPL5Zx1pPxcHCO
+wzWxoG4yZMjimXOc1/W7zvK/4/g/Cz9fItD3zdcydfgM/hK0/CeYQ21xfhqf4mjK
+v9plnCcWgToGI+7H8VK80MFbkO2QKRz3vP1/TjK6PRm9sEeB5b10+SvGv2j2w+CC
+0fXL4s6n7PtBlm/bww8xL1/Az8kwejUcII1Dc8uNwwISwGbwaGBvl7IHpm21AiEA
+rodZi+nCKZdTL8IgCjX3n0DuhPRkVQPjz/B6VweLW9MCggEAfimkUNwnsGFp7mKM
+zJKhHoQkMB1qJzyIHjDzQ/J1xjfoF6i27afw1/WKboND5eseZhlhA2TO5ZJB6nGx
+DOE9lVQxYVml++cQj6foHh1TVJAgGl4mWuveW/Rz+NEhpK4zVeEsfMrbkBypPByy
+xzF1Z49t568xdIo+e8jLI8FjEdXOIUg4ehB3NY6SL8r4oJ49j/sJWfHcDoWH/LK9
+ZaBF8NpflJe3F40S8RDvM8j2HC+y2Q4QyKk1DXGiH+7yQLGWzr3M73kC3UBnnH0h
+Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+
+TQMsxQQjAiEArJr6p2zTbhRppQurHGTdmdYHqrDdZH4MCsD9tQCw1xY=
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIFkDCCBHigAwIBAgIJANk5lu6mSyBFMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
+TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEUx
+CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
+ZXN0IFMvTUlNRSBFRSBEU0EgIzMwggNGMIICOQYHKoZIzjgEATCCAiwCggEBAJB8
+uU116E+dOsYgyHDiuTS65rqTWcIbfNzJ9eWLXsF0HaTQcE9pMDdrdkd863UDDLRS
+7TBneB0+v3PQjriGclcgai7MhqdnudhEiYe1fkkwVtd7LGjU7B3ZmzegST2dBShS
+wzG+ZgL+CE8vlnHWk/FwcI7DNbGgbjJkyOKZc5zX9bvO8r/j+D8LP18i0PfN1zJ1
++Az+ErT8J5hDbXF+Gp/iaMq/2mWcJxaBOgYj7sfxUrzQwVuQ7ZApHPe8/X9OMro9
+Gb2wR4HlvXT5K8a/aPbD4ILR9cvizqfs+0GWb9vDDzEvX8DPyTB6NRwgjUNzy43D
+AhLAZvBoYG+XsgembbUCIQCuh1mL6cIpl1MvwiAKNfefQO6E9GRVA+PP8HpXB4tb
+0wKCAQB+KaRQ3CewYWnuYozMkqEehCQwHWonPIgeMPND8nXGN+gXqLbtp/DX9Ypu
+g0Pl6x5mGWEDZM7lkkHqcbEM4T2VVDFhWaX75xCPp+geHVNUkCAaXiZa695b9HP4
+0SGkrjNV4Sx8ytuQHKk8HLLHMXVnj23nrzF0ij57yMsjwWMR1c4hSDh6EHc1jpIv
+yvignj2P+wlZ8dwOhYf8sr1loEXw2l+Ul7cXjRLxEO8zyPYcL7LZDhDIqTUNcaIf
+7vJAsZbOvczveQLdQGecfSEfFvshIMJPt0LD+UfWcJtUUE4zQBIjbpJKwVJdCu8P
+aSvJFxNnQqTLKGGg84NalT5NAyzFA4IBBQACggEAcXvtfiJfIZ0wgGpN72ZeGrJ9
+msUXOxow7w3fDbP8r8nfVkBNbfha8rx0eY6fURFVZzIOd8EHGKypcH1gS6eZNucf
+zgsH1g5r5cRahMZmgGXBEBsWrh2IaDG7VSKt+9ghz27EKgjAQCzyHQL5FCJgR2p7
+cv0V4SRqgiAGYlJ191k2WtLOsVd8kX//jj1l8TUgE7TqpuSEpaSyQ4nzJROpZWZp
+N1RwFmCURReykABU/Nzin/+rZnvZrp8WoXSXEqxeB4mShRSaH57xFnJCpRwKJ4qS
+2uhATzJaKH7vu63k3DjftbSBVh+32YXwtHc+BGjs8S2aDtCW3FtDA7Z6J8BIxaNg
+MF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFMJxatDE
+FCEFGl4uoiQQ1050Ju9RMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZs
+MA0GCSqGSIb3DQEBBQUAA4IBAQBGZD1JnMep39KMOhD0iBTmyjhtcnRemckvRask
+pS/CqPwo+M+lPNdxpLU2w9b0QhPnj0yAS/BS1yBjsLGY4DP156k4Q3QOhwsrTmrK
+YOxg0w7DOpkv5g11YLJpHsjSOwg5uIMoefL8mjQK6XOFOmQXHJrUtGulu+fs6FlM
+khGJcW4xYVPK0x/mHvTT8tQaTTkgTdVHObHF5Dyx/F9NMpB3RFguQPk2kT4lJc4i
+Up8T9mLzaxz6xc4wwh8h70Zw81lkGYhX+LRk3sfd/REq9x4QXQNP9t9qU1CgrBzv
+4orzt9cda4r+rleSg2XjWnXzMydE6DuwPVPZlqnLbSYUy660
+-----END CERTIFICATE-----

Deleted: vendor-crypto/openssl/1.0.1u/test/smime-certs/smroot.pem
===================================================================
--- vendor-crypto/openssl/dist/test/smime-certs/smroot.pem	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/smime-certs/smroot.pem	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,30 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDBV1Z/Q5gPF7lojc8pKUdyz5+Jf2B3vs4he6egekugWnoJduki
-9Lnae/JchB/soIX0co3nLc11NuFFlnAWJNMDJr08l5AHAJLYNHevF5l/f9oDQwvZ
-speKh1xpIAJNqCTzVeQ/ZLx6/GccIXV/xDuKIiovqJTPgR5WPkYKaw++lQIDAQAB
-AoGALXnUj5SflJU4+B2652ydMKUjWl0KnL/VjkyejgGV/j6py8Ybaixz9q8Gv7oY
-JDlRqMC1HfZJCFQDQrHy5VJ+CywA/H9WrqKo/Ch9U4tJAZtkig1Cmay/BAYixVu0
-xBeim10aKF6hxHH4Chg9We+OCuzWBWJhqveNjuDedL/i7JUCQQDlejovcwBUCbhJ
-U12qKOwlaboolWbl7yF3XdckTJZg7+1UqQHZH5jYZlLZyZxiaC92SNV0SyTLJZnS
-Jh5CO+VDAkEA16/pPcuVtMMz/R6SSPpRSIAa1stLs0mFSs3NpR4pdm0n42mu05pO
-1tJEt3a1g7zkreQBf53+Dwb+lA841EkjRwJBAIFmt0DifKDnCkBu/jZh9SfzwsH3
-3Zpzik+hXxxdA7+ODCrdUul449vDd5zQD5t+XKU61QNLDGhxv5e9XvrCg7kCQH/a
-3ldsVF0oDaxxL+QkxoREtCQ5tLEd1u7F2q6Tl56FDE0pe6Ih6bQ8RtG+g9EI60IN
-U7oTrOO5kLWx5E0q4ccCQAZVgoenn9MhRU1agKOCuM6LT2DxReTu4XztJzynej+8
-0J93n3ebanB1MlRpn1XJwhQ7gAC8ImaQKLJK5jdJzFc=
------END RSA PRIVATE KEY-----
------BEGIN CERTIFICATE-----
-MIICaTCCAdKgAwIBAgIJAP6VN47boiXRMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
-BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
-TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDdaFw0xNjA1MTExMzUzMDdaMEQx
-CzAJBgNVBAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRU
-ZXN0IFMvTUlNRSBSU0EgUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-wVdWf0OYDxe5aI3PKSlHcs+fiX9gd77OIXunoHpLoFp6CXbpIvS52nvyXIQf7KCF
-9HKN5y3NdTbhRZZwFiTTAya9PJeQBwCS2DR3rxeZf3/aA0ML2bKXiodcaSACTagk
-81XkP2S8evxnHCF1f8Q7iiIqL6iUz4EeVj5GCmsPvpUCAwEAAaNjMGEwHQYDVR0O
-BBYEFBPPS6e7iS6zOFcXdsabrWhb5e0XMB8GA1UdIwQYMBaAFBPPS6e7iS6zOFcX
-dsabrWhb5e0XMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqG
-SIb3DQEBBQUAA4GBAIECprq5viDvnDbkyOaiSr9ubMUmWqvycfAJMdPZRKcOZczS
-l+L9R9lF3JSqbt3knOe9u6bGDBOTY2285PdCCuHRVMk2Af1f6El1fqAlRUwNqipp
-r68sWFuRqrcRNtk6QQvXfkOhrqQBuDa7te/OVQLa2lGN9Dr2mQsD8ijctatG
------END CERTIFICATE-----

Copied: vendor-crypto/openssl/1.0.1u/test/smime-certs/smroot.pem (from rev 11605, vendor-crypto/openssl/dist/test/smime-certs/smroot.pem)
===================================================================
--- vendor-crypto/openssl/1.0.1u/test/smime-certs/smroot.pem	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/test/smime-certs/smroot.pem	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,49 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCyyQXED5HyVWwq
+nXyzmY317yMUJrIfsKvREG2C691dJNHgNg+oq5sjt/fzkyS84AvdOiicAsao4cYL
+DulthaLpbC7msEBhvwAil0FNb5g3ERupe1KuTdUV1UuD/i6S2VoaNXUBBn1rD9Wc
+BBc0lnx/4Wt92eQTI6925pt7ZHPQw2Olp7TQDElyi5qPxCem4uT0g3zbZsWqmmsI
+MXbu+K3dEprzqA1ucKXbxUmZNkMwVs2XCmlLxrRUj8C3/zENtH17HWCznhR/IVcV
+kgIuklkeiDsEhbWvUQumVXR7oPh/CPZAbjGqq5mVueHSHrp7brBVZKHZvoUka28Q
+LWitq1W5AgMBAAECggEASkRnOMKfBeOmQy2Yl6K57eeg0sYgSDnDpd0FINWJ5x9c
+b58FcjOXBodtYKlHIY6QXx3BsM0WaSEge4d+QBi7S+u8r+eXVwNYswXSArDQsk9R
+Bl5MQkvisGciL3pvLmFLpIeASyS/BLJXMbAhU58PqK+jT2wr6idwxBuXivJ3ichu
+ISdT1s2aMmnD86ulCD2DruZ4g0mmk5ffV+Cdj+WWkyvEaJW2GRYov2qdaqwSOxV4
+Yve9qStvEIWAf2cISQjbnw2Ww6Z5ebrqlOz9etkmwIly6DTbrIneBnoqJlFFWGlF
+ghuzc5RE2w1GbcKSOt0qXH44MTf/j0r86dlu7UIxgQKBgQDq0pEaiZuXHi9OQAOp
+PsDEIznCU1bcTDJewANHag5DPEnMKLltTNyLaBRulMypI+CrDbou0nDr29VOzfXx
+mNvi/c7RttOBOx7kXKvu0JUFKe2oIWRsg0KsyMX7UFMVaHFgrW+8DhQc7HK7URiw
+nitOnA7YwIHRF9BMmcWcLFEYBQKBgQDC6LPbXV8COKO0YCfGXPnE7EZGD/p0Q92Z
+8CoSefphEScSdO1IpxFXG7fOZ4x2GQb9q7D3IvaeKAqNjUjkuyxdB30lIWDBwSWw
+fFgsa2SZwD5P60G/ar50YJr6LiF333aUMDVmC9swFfZERAEmGUz2NTrPWQdIx/lu
+PyDtUR75JQKBgHaoCCJ8vl5SJl1IA5GV4Bo8IoeLTSzsY9d09zMy6BoZcMD1Ix2T
+5S2cXhayoegl9PT6bsYSGHVWFCdJ86ktMI826TcXRzDaCvYhzc9THroJQcnfdbtP
+aHWezkv7fsAmkoPjn75K7ubeo+r7Q5qbkg6a1PW58N8TRXIvkackzaVxAoGBALAq
+qh3U+AHG9dgbrPeyo6KkuCOtX39ks8/mbfCDRZYkbb9V5f5r2tVz3R93IlK/7jyr
+yWimtmde46Lrl33922w+T5OW5qBZllo9GWkUrDn3s5qClcuQjJIdmxYTSfbSCJiK
+NkmE39lHkG5FVRB9f71tgTlWS6ox7TYDYxx83NTtAoGAUJPAkGt4yGAN4Pdebv53
+bSEpAAULBHntiqDEOu3lVColHuZIucml/gbTpQDruE4ww4wE7dOhY8Q4wEBVYbRI
+vHkSiWpJUvZCuKG8Foh5pm9hU0qb+rbQV7NhLJ02qn1AMGO3F/WKrHPPY8/b9YhQ
+KfvPCYimQwBjVrEnSntLPR0=
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDbjCCAlagAwIBAgIJAMc+8VKBJ/S9MA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
+TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MjlaFw0yMzA3MTUxNzI4MjlaMEQx
+CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU
+ZXN0IFMvTUlNRSBSU0EgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALLJBcQPkfJVbCqdfLOZjfXvIxQmsh+wq9EQbYLr3V0k0eA2D6irmyO39/OT
+JLzgC906KJwCxqjhxgsO6W2FoulsLuawQGG/ACKXQU1vmDcRG6l7Uq5N1RXVS4P+
+LpLZWho1dQEGfWsP1ZwEFzSWfH/ha33Z5BMjr3bmm3tkc9DDY6WntNAMSXKLmo/E
+J6bi5PSDfNtmxaqaawgxdu74rd0SmvOoDW5wpdvFSZk2QzBWzZcKaUvGtFSPwLf/
+MQ20fXsdYLOeFH8hVxWSAi6SWR6IOwSFta9RC6ZVdHug+H8I9kBuMaqrmZW54dIe
+untusFVkodm+hSRrbxAtaK2rVbkCAwEAAaNjMGEwHQYDVR0OBBYEFMmRUwpjexZb
+i71E8HaIqSTm5bZsMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA8G
+A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IB
+AQAwpIVWQey2u/XoQSMSu0jd0EZvU+lhLaFrDy/AHQeG3yX1+SAOM6f6w+efPvyb
+Op1NPI9UkMPb4PCg9YC7jgYokBkvAcI7J4FcuDKMVhyCD3cljp0ouuKruvEf4FBl
+zyQ9pLqA97TuG8g1hLTl8G90NzTRcmKpmhs18BmCxiqHcTfoIpb3QvPkDX8R7LVt
+9BUGgPY+8ELCgw868TuHh/Cnc67gBtRjBp0sCYVzGZmKsO5f1XdHrAZKYN5mEp0C
+7/OqcDoFqORTquLeycg1At/9GqhDEgxNrqA+YEsPbLGAfsNuXUsXs2ubpGsOZxKt
+Emsny2ah6fU2z7PztrUy/A80
+-----END CERTIFICATE-----

Deleted: vendor-crypto/openssl/1.0.1u/test/smime-certs/smrsa1.pem
===================================================================
--- vendor-crypto/openssl/dist/test/smime-certs/smrsa1.pem	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/smime-certs/smrsa1.pem	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,31 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQC6A978j4pmPgUtUQqF+bjh6vdhwGOGZSD7xXgFTMjm88twfv+E
-ixkq2KXSDjD0ZXoQbdOaSbvGRQrIJpG2NGiKAFdYNrP025kCCdh5wF/aEI7KLEm7
-JlHwXpQsuj4wkMgmkFjL3Ty4Z55aNH+2pPQIa0k+ENJXm2gDuhqgBmduAwIDAQAB
-AoGBAJMuYu51aO2THyeHGwt81uOytcCbqGP7eoib62ZOJhxPRGYjpmuqX+R9/V5i
-KiwGavm63JYUx0WO9YP+uIZxm1BUATzkgkS74u5LP6ajhkZh6/Bck1oIYYkbVOXl
-JVrdENuH6U7nupznsyYgONByo+ykFPVUGmutgiaC7NMVo/MxAkEA6KLejWXdCIEn
-xr7hGph9NlvY9xuRIMexRV/WrddcFfCdjI1PciIupgrIkR65M9yr7atm1iU6/aRf
-KOr8rLZsSQJBAMyyXN71NsDNx4BP6rtJ/LJMP0BylznWkA7zWfGCbAYn9VhZVlSY
-Eu9Gyr7quD1ix7G3kInKVYOEEOpockBLz+sCQQCedyMmKjcQLfpMVYW8uhbAynvW
-h36qV5yXZxszO7nMcCTBsxhk5IfmLv5EbCs3+p9avCDGyoGOeUMg+kC33WORAkAg
-oUIarH4o5+SoeJTTfCzTA0KF9H5U0vYt2+73h7HOnWoHxl3zqDZEfEVvf50U8/0f
-QELDJETTbScBJtsnkq43AkEA38etvoZ2i4FJvvo7R/9gWBHVEcrGzcsCBYrNnIR1
-SZLRwHEGaiOK1wxMsWzqp7PJwL9z/M8A8DyOFBx3GPOniA==
------END RSA PRIVATE KEY-----
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIJAMtotfHYdEsTMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
-BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
-TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDhaFw0xNjA1MTAxMzUzMDhaMEUx
-CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
-ZXN0IFMvTUlNRSBFRSBSU0EgIzEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-ALoD3vyPimY+BS1RCoX5uOHq92HAY4ZlIPvFeAVMyObzy3B+/4SLGSrYpdIOMPRl
-ehBt05pJu8ZFCsgmkbY0aIoAV1g2s/TbmQIJ2HnAX9oQjsosSbsmUfBelCy6PjCQ
-yCaQWMvdPLhnnlo0f7ak9AhrST4Q0lebaAO6GqAGZ24DAgMBAAGjgYMwgYAwHQYD
-VR0OBBYEFE2vMvKz5jrC7Lbdg68XwZ95iL/QMB8GA1UdIwQYMBaAFBPPS6e7iS6z
-OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud
-EQQZMBeBFXNtaW1lcnNhMUBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQAi
-O3GOkUl646oLnOimc36i9wxZ1tejsqs8vMjJ0Pym6Uq9FE2JoGzJ6OhB1GOsEVmj
-9cQ5UNQcRYL3cqOFtl6f4Dpu/lhzfbaqgmLjv29G1mS0uuTZrixhlyCXjwcbOkNC
-I/+wvHHENYIK5+T/79M9LaZ2Qk4F9MNE1VMljdz9Qw==
------END CERTIFICATE-----

Copied: vendor-crypto/openssl/1.0.1u/test/smime-certs/smrsa1.pem (from rev 11605, vendor-crypto/openssl/dist/test/smime-certs/smrsa1.pem)
===================================================================
--- vendor-crypto/openssl/1.0.1u/test/smime-certs/smrsa1.pem	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/test/smime-certs/smrsa1.pem	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,49 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDXr9uzB/20QXKC
+xhkfNnJvl2xl1hzdOcrQmAqo+AAAcA/D49ImuJDVQRaK2bcj54XB26i1kXuOrxID
+3/etUb8yudfx8OAVwh8G0xVA4zhr8uXW85W2tBr4v0Lt+W6lSd6Hmfrk4GmE9LTU
+/vzl9HUPW6SZShN1G0nY6oeUXvLi0vasEUKv3a51T6JFYg4c7qt5RCk/w8kwrQ0D
+orQwCdkOPEIiC4b+nPStF12SVm5bx8rbYzioxuY/PdSebvt0APeqgRxSpCxqYnHs
+CoNeHzSrGXcP0COzFeUOz2tdrhmH09JLbGZs4nbojPxMkjpJSv3/ekDG2CHYxXSH
+XxpJstxZAgMBAAECggEASY4xsJaTEPwY3zxLqPdag2/yibBBW7ivz/9p80HQTlXp
+KnbxXj8nNXLjCytAZ8A3P2t316PrrTdLP4ML5lGwkM4MNPhek00GY79syhozTa0i
+cPHVJt+5Kwee/aVI9JmCiGAczh0yHyOM3+6ttIZvvXMVaSl4BUHvJ0ikQBc5YdzL
+s6VM2gCOR6K6n+39QHDI/T7WwO9FFSNnpWFOCHwAWtyBMlleVj+xeZX8OZ/aT+35
+27yjsGNBftWKku29VDineiQC+o+fZGJs6w4JZHoBSP8TfxP8fRCFVNA281G78Xak
+cEnKXwZ54bpoSa3ThKl+56J6NHkkfRGb8Rgt/ipJYQKBgQD5DKb82mLw85iReqsT
+8bkp408nPOBGz7KYnQsZqAVNGfehM02+dcN5z+w0jOj6GMPLPg5whlEo/O+rt9ze
+j6c2+8/+B4Bt5oqCKoOCIndH68jl65+oUxFkcHYxa3zYKGC9Uvb+x2BtBmYgvDRG
+ew6I2Q3Zyd2ThZhJygUZpsjsbQKBgQDdtNiGTkgWOm+WuqBI1LT5cQfoPfgI7/da
+ZA+37NBUQRe0cM7ddEcNqx7E3uUa1JJOoOYv65VyGI33Ul+evI8h5WE5bupcCEFk
+LolzbMc4YQUlsySY9eUXM8jQtfVtaWhuQaABt97l+9oADkrhA+YNdEu2yiz3T6W+
+msI5AnvkHQKBgDEjuPMdF/aY6dqSjJzjzfgg3KZOUaZHJuML4XvPdjRPUlfhKo7Q
+55/qUZ3Qy8tFBaTderXjGrJurc+A+LiFOaYUq2ZhDosguOWUA9yydjyfnkUXZ6or
+sbvSoM+BeOGhnezdKNT+e90nLRF6cQoTD7war6vwM6L+8hxlGvqDuRNFAoGAD4K8
+d0D4yB1Uez4ZQp8m/iCLRhM3zCBFtNw1QU/fD1Xye5w8zL96zRkAsRNLAgKHLdsR
+355iuTXAkOIBcJCOjveGQsdgvAmT0Zdz5FBi663V91o+IDlryqDD1t40CnCKbtRG
+hng/ruVczg4x7OYh7SUKuwIP/UlkNh6LogNreX0CgYBQF9troLex6X94VTi1V5hu
+iCwzDT6AJj63cS3VRO2ait3ZiLdpKdSNNW2WrlZs8FZr/mVutGEcWho8BugGMWST
+1iZkYwly9Xfjnpd0I00ZIlr2/B3+ZsK8w5cOW5Lpb7frol6+BkDnBjbNZI5kQndn
+zQpuMJliRlrq/5JkIbH6SA==
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDbDCCAlSgAwIBAgIJANk5lu6mSyBAMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
+TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzBaFw0yMzA1MjYxNzI4MzBaMEUx
+CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
+ZXN0IFMvTUlNRSBFRSBSU0EgIzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDXr9uzB/20QXKCxhkfNnJvl2xl1hzdOcrQmAqo+AAAcA/D49ImuJDVQRaK
+2bcj54XB26i1kXuOrxID3/etUb8yudfx8OAVwh8G0xVA4zhr8uXW85W2tBr4v0Lt
++W6lSd6Hmfrk4GmE9LTU/vzl9HUPW6SZShN1G0nY6oeUXvLi0vasEUKv3a51T6JF
+Yg4c7qt5RCk/w8kwrQ0DorQwCdkOPEIiC4b+nPStF12SVm5bx8rbYzioxuY/PdSe
+bvt0APeqgRxSpCxqYnHsCoNeHzSrGXcP0COzFeUOz2tdrhmH09JLbGZs4nbojPxM
+kjpJSv3/ekDG2CHYxXSHXxpJstxZAgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYD
+VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBTmjc+lrTQuYx/VBOBGjMvufajvhDAfBgNV
+HSMEGDAWgBTJkVMKY3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEA
+dr2IRXcFtlF16kKWs1VTaFIHHNQrfSVHBkhKblPX3f/0s/i3eXgwKUu7Hnb6T3/o
+E8L+e4ioQNhahTLt9ruJNHWA/QDwOfkqM3tshCs2xOD1Cpy7Bd3Dn0YBrHKyNXRK
+WelGp+HetSXJGW4IZJP7iES7Um0DGktLabhZbe25EnthRDBjNnaAmcofHECWESZp
+lEHczGZfS9tRbzOCofxvgLbF64H7wYSyjAe6R8aain0VRbIusiD4tCHX/lOMh9xT
+GNBW8zTL+tV9H1unjPMORLnT0YQ3oAyEND0jCu0ACA1qGl+rzxhF6bQcTUNEbRMu
+9Hjq6s316fk4Ne0EUF3PbA==
+-----END CERTIFICATE-----

Deleted: vendor-crypto/openssl/1.0.1u/test/smime-certs/smrsa2.pem
===================================================================
--- vendor-crypto/openssl/dist/test/smime-certs/smrsa2.pem	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/smime-certs/smrsa2.pem	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,31 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICWwIBAAKBgQCwBfryW4Vu5U9wNIDKspJO/N9YF4CcTlrCUyzVlKgb+8urHlSe
-59i5verR9IOCCXkemjOzZ/3nALTGqYZlnEvHp0Rjk+KdKXnKBIB+SRPpeu3LcXMT
-WPgsThPa0UQxedNKG0g6aG+kLhsDlFBCoxd09jJtSpb9jmroJOq0ZYEHLwIDAQAB
-AoGAKa/w4677Je1W5+r3SYoLDnvi5TkDs4D3C6ipKJgBTEdQz+DqB4w/DpZE4551
-+rkFn1LDxcxuHGRVa+tAMhZW97fwq9YUbjVZEyOz79qrX+BMyl/NbHkf1lIKDo3q
-dWalzQvop7nbzeLC+VmmviwZfLQUbA61AQl3jm4dswT4XykCQQDloDadEv/28NTx
-bvvywvyGuvJkCkEIycm4JrIInvwsd76h/chZ3oymrqzc7hkEtK6kThqlS5y+WXl6
-QzPruTKTAkEAxD2ro/VUoN+scIVaLmn0RBmZ67+9Pdn6pNSfjlK3s0T0EM6/iUWS
-M06l6L9wFS3/ceu1tIifsh9BeqOGTa+udQJARIFnybTBaIqw/NZ/lA1YCVn8tpvY
-iyaoZ6gjtS65TQrsdKeh/i3HCHNUXxUpoZ3F/H7QtD+6o49ODou+EbVOwQJAVmex
-A2gp8wuJKaINqxIL81AybZLnCCzKJ3lXJ5tUNyLNM/lUbGStktm2Q1zHRQwTxV07
-jFn7trn8YrtNjzcjYQJAUKIJRt38A8Jw3HoPT+D0WS2IgxjVL0eYGsZX1lyeammG
-6rfnQ3u5uP7mEK2EH2o8mDUpAE0gclWBU9UkKxJsGA==
------END RSA PRIVATE KEY-----
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIJAMtotfHYdEsUMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
-BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
-TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDhaFw0xNjA1MTAxMzUzMDhaMEUx
-CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
-ZXN0IFMvTUlNRSBFRSBSU0EgIzIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-ALAF+vJbhW7lT3A0gMqykk7831gXgJxOWsJTLNWUqBv7y6seVJ7n2Lm96tH0g4IJ
-eR6aM7Nn/ecAtMaphmWcS8enRGOT4p0pecoEgH5JE+l67ctxcxNY+CxOE9rRRDF5
-00obSDpob6QuGwOUUEKjF3T2Mm1Klv2Oaugk6rRlgQcvAgMBAAGjgYMwgYAwHQYD
-VR0OBBYEFIL/u+mEvaw7RuKLRuElfVkxSQjYMB8GA1UdIwQYMBaAFBPPS6e7iS6z
-OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud
-EQQZMBeBFXNtaW1lcnNhMkBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQC2
-rXR5bm/9RtOMQPleNpd3y6uUX3oy+0CafK5Yl3PMnItjjnKJ0l1/DbLbDj2twehe
-ewaB8CROcBCA3AMLSmGvPKgUCFMGtWam3328M4fBHzon5ka7qDXzM+imkAly/Yx2
-YNdR/aNOug+5sXygHmTSKqiCpQjOIClzXoPVVeEVHw==
------END CERTIFICATE-----

Copied: vendor-crypto/openssl/1.0.1u/test/smime-certs/smrsa2.pem (from rev 11605, vendor-crypto/openssl/dist/test/smime-certs/smrsa2.pem)
===================================================================
--- vendor-crypto/openssl/1.0.1u/test/smime-certs/smrsa2.pem	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/test/smime-certs/smrsa2.pem	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,49 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDcYC4tS2Uvn1Z2
+iDgtfkJA5tAqgbN6X4yK02RtVH5xekV9+6+eTt/9S+iFAzAnwqR/UB1R67ETrsWq
+V8u9xLg5fHIwIkmu9/6P31UU9cghO7J1lcrhHvooHaFpcXepPWQacpuBq2VvcKRD
+lDfVmdM5z6eS3dSZPTOMMP/xk4nhZB8mcw27qiccPieS0PZ9EZB63T1gmwaK1Rd5
+U94Pl0+zpDqhViuXmBfiIDWjjz0BzHnHSz5Rg4S3oXF1NcojhptIWyI0r7dgn5J3
+NxC4kgKdjzysxo6iWd0nLgz7h0jUdj79EOis4fg9G4f0EFWyQf7iDxGaA93Y9ePB
+Jv5iFZVZAgMBAAECggEBAILIPX856EHb0KclbhlpfY4grFcdg9LS04grrcTISQW1
+J3p9nBpZ+snKe6I8Yx6lf5PiipPsSLlCliHiWpIzJZVQCkAQiSPiHttpEYgP2IYI
+dH8dtznkdVbLRthZs0bnnPmpHCpW+iqpcYJ9eqkz0cvUNUGOjjWmwWmoRqwp/8CW
+3S1qbkQiCh0Mk2fQeGar76R06kXQ9MKDEj14zyS3rJX+cokjEoMSlH8Sbmdh2mJz
+XlNZcvqmeGJZwQWgbVVHOMUuZaKJiFa+lqvOdppbqSx0AsCRq6vjmjEYQEoOefYK
+3IJM9IvqW5UNx0Cy4kQdjhZFFwMO/ALD3QyF21iP4gECgYEA+isQiaWdaY4UYxwK
+Dg+pnSCKD7UGZUaCUIv9ds3CbntMOONFe0FxPsgcc4jRYQYj1rpQiFB8F11+qXGa
+P/IHcnjr2+mTrNY4I9Bt1Lg+pHSS8QCgzeueFybYMLaSsXUo7tGwpvw6UUb6/YWI
+LNCzZbrCLg1KZjGODhhxtvN45ZkCgYEA4YNSe+GMZlxgsvxbLs86WOm6DzJUPvxN
+bWmni0+Oe0cbevgGEUjDVc895uMFnpvlgO49/C0AYJ+VVbStjIMgAeMnWj6OZoSX
+q49rI8KmKUxKgORZiiaMqGWQ7Rxv68+4S8WANsjFxoUrE6dNV3uYDIUsiSLbZeI8
+38KVTcLohcECgYEAiOdyWHGq0G4xl/9rPUCzCMsa4velNV09yYiiwBZgVgfhsawm
+hQpOSBZJA60XMGqkyEkT81VgY4UF4QLLcD0qeCnWoXWVHFvrQyY4RNZDacpl87/t
+QGO2E2NtolL3umesa+2TJ/8Whw46Iu2llSjtVDm9NGiPk5eA7xPPf1iEi9kCgYAb
+0EmVE91wJoaarLtGS7LDkpgrFacEWbPnAbfzW62UENIX2Y1OBm5pH/Vfi7J+vHWS
+8E9e0eIRCL2vY2hgQy/oa67H151SkZnvQ/IP6Ar8Xvd1bDSK8HQ6tMQqKm63Y9g0
+KDjHCP4znOsSMnk8h/bZ3HcAtvbeWwftBR/LBnYNQQKBgA1leIXLLHRoX0VtS/7e
+y7Xmn7gepj+gDbSuCs5wGtgw0RB/1z/S3QoS2TCbZzKPBo20+ivoRP7gcuFhduFR
+hT8V87esr/QzLVpjLedQDW8Xb7GiO3BsU/gVC9VcngenbL7JObl3NgvdreIYo6+n
+yrLyf+8hjm6H6zkjqiOkHAl+
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDbDCCAlSgAwIBAgIJANk5lu6mSyBBMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
+TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzBaFw0yMzA1MjYxNzI4MzBaMEUx
+CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
+ZXN0IFMvTUlNRSBFRSBSU0EgIzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDcYC4tS2Uvn1Z2iDgtfkJA5tAqgbN6X4yK02RtVH5xekV9+6+eTt/9S+iF
+AzAnwqR/UB1R67ETrsWqV8u9xLg5fHIwIkmu9/6P31UU9cghO7J1lcrhHvooHaFp
+cXepPWQacpuBq2VvcKRDlDfVmdM5z6eS3dSZPTOMMP/xk4nhZB8mcw27qiccPieS
+0PZ9EZB63T1gmwaK1Rd5U94Pl0+zpDqhViuXmBfiIDWjjz0BzHnHSz5Rg4S3oXF1
+NcojhptIWyI0r7dgn5J3NxC4kgKdjzysxo6iWd0nLgz7h0jUdj79EOis4fg9G4f0
+EFWyQf7iDxGaA93Y9ePBJv5iFZVZAgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYD
+VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBT0arpyYMHXDPVL7MvzE+lx71L7sjAfBgNV
+HSMEGDAWgBTJkVMKY3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEA
+I8nM42am3aImkZyrw8iGkaGhKyi/dfajSWx6B9izBUh+3FleBnUxxOA+mn7M8C47
+Ne18iaaWK8vEux9KYTIY8BzXQZL1AuZ896cXEc6bGKsME37JSsocfuB5BIGWlYLv
+/ON5/SJ0iVFj4fAp8z7Vn5qxRJj9BhZDxaO1Raa6cz6pm0imJy9v8y01TI6HsK8c
+XJQLs7/U4Qb91K+IDNX/lgW3hzWjifNpIpT5JyY3DUgbkD595LFV5DDMZd0UOqcv
+6cyN42zkX8a0TWr3i5wu7pw4k1oD19RbUyljyleEp0DBauIct4GARdBGgi5y1H2i
+NzYzLAPBkHCMY0Is3KKIBw==
+-----END CERTIFICATE-----

Deleted: vendor-crypto/openssl/1.0.1u/test/smime-certs/smrsa3.pem
===================================================================
--- vendor-crypto/openssl/dist/test/smime-certs/smrsa3.pem	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/smime-certs/smrsa3.pem	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,31 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQC6syTZtZNe1hRScFc4PUVyVLsr7+C1HDIZnOHmwFoLayX6RHwy
-ep/TkdwiPHnemVLuwvpSjLMLZkXy/J764kSHJrNeVl3UvmCVCOm40hAtK1+F39pM
-h8phkbPPD7i+hwq4/Vs79o46nzwbVKmzgoZBJhZ+codujUSYM3LjJ4aq+wIDAQAB
-AoGAE1Zixrnr3bLGwBMqtYSDIOhtyos59whImCaLr17U9MHQWS+mvYO98if1aQZi
-iQ/QazJ+wvYXxWJ+dEB+JvYwqrGeuAU6He/rAb4OShG4FPVU2D19gzRnaButWMeT
-/1lgXV08hegGBL7RQNaN7b0viFYMcKnSghleMP0/q+Y/oaECQQDkXEwDYJW13X9p
-ijS20ykWdY5lLknjkHRhhOYux0rlhOqsyMZjoUmwI2m0qj9yrIysKhrk4MZaM/uC
-hy0xp3hdAkEA0Uv/UY0Kwsgc+W6YxeypECtg1qCE6FBib8n4iFy/6VcWqhvE5xrs
-OdhKv9/p6aLjLneGd1sU+F8eS9LGyKIbNwJBAJPgbNzXA7uUZriqZb5qeTXxBDfj
-RLfXSHYKAKEULxz3+JvRHB9SR4yHMiFrCdExiZrHXUkPgYLSHLGG5a4824UCQD6T
-9XvhquUARkGCAuWy0/3Eqoihp/t6BWSdQ9Upviu7YUhtUxsyXo0REZB7F4pGrJx5
-GlhXgFaewgUzuUHFzlMCQCzJMMWslWpoLntnR6sMhBMhBFHSw+Y5CbxBmFrdtSkd
-VdtNO1VuDCTxjjW7W3Khj7LX4KZ1ye/5jfAgnnnXisc=
------END RSA PRIVATE KEY-----
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIJAMtotfHYdEsVMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
-BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
-TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx
-CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
-ZXN0IFMvTUlNRSBFRSBSU0EgIzMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-ALqzJNm1k17WFFJwVzg9RXJUuyvv4LUcMhmc4ebAWgtrJfpEfDJ6n9OR3CI8ed6Z
-Uu7C+lKMswtmRfL8nvriRIcms15WXdS+YJUI6bjSEC0rX4Xf2kyHymGRs88PuL6H
-Crj9Wzv2jjqfPBtUqbOChkEmFn5yh26NRJgzcuMnhqr7AgMBAAGjgYMwgYAwHQYD
-VR0OBBYEFDsSFjNtYZzd0tTHafNS7tneQQj6MB8GA1UdIwQYMBaAFBPPS6e7iS6z
-OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud
-EQQZMBeBFXNtaW1lcnNhM0BvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQBE
-tUDB+1Dqigu4p1xtdq7JRK6S+gfA7RWmhz0j2scb2zhpS12h37JLHsidGeKAzZYq
-jUjOrH/j3xcV5AnuJoqImJaN23nzzxtR4qGGX2mrq6EtObzdEGgCUaizsGM+0slJ
-PYxcy8KeY/63B1BpYhj2RjGkL6HrvuAaxVORa3acoA==
------END CERTIFICATE-----

Copied: vendor-crypto/openssl/1.0.1u/test/smime-certs/smrsa3.pem (from rev 11605, vendor-crypto/openssl/dist/test/smime-certs/smrsa3.pem)
===================================================================
--- vendor-crypto/openssl/1.0.1u/test/smime-certs/smrsa3.pem	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/test/smime-certs/smrsa3.pem	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,49 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCyK+BTAOJKJjji
+OhY60NeZjzGGZxEBfCm62n0mwkzusW/V/e63uwj6uOVCFoVBz5doMf3M6QIS2jL3
+Aw6Qs5+vcuLA0gHrqIwjYQz1UZ5ETLKLKbQw6YOIVfsFSTxytUVpfcByrubWiLKX
+63theG1/IVokDK/9/k52Kyt+wcCjuRb7AJQFj2OLDRuWm/gavozkK103gQ+dUq4H
+XamZMtTq1EhQOfc0IUeCOEL6xz4jzlHHfzLdkvb7Enhav2sXDfOmZp/DYf9IqS7l
+vFkkINPVbYFBTexaPZlFwmpGRjkmoyH/w+Jlcpzs+w6p1diWRpaSn62bbkRN49j6
+L2dVb+DfAgMBAAECggEAciwDl6zdVT6g/PbT/+SMA+7qgYHSN+1koEQaJpgjzGEP
+lUUfj8TewCtzXaIoyj9IepBuXryBg6snNXpT/w3bqgYon/7zFBvxkUpDj4A5tvKf
+BuY2fZFlpBvUu1Ju1eKrFCptBBBoA9mc+BUB/ze4ktrAdJFcxZoMlVScjqGB3GdR
+OHw2x9BdWGCJBhiu9VHhAAb/LVWi6xgDumYSWZwN2yovg+7J91t5bsENeBRHycK+
+i5dNFh1umIK9N0SH6bpHPnLHrCRchrQ6ZRRxL4ZBKA9jFRDeI7OOsJuCvhGyJ1se
+snsLjr/Ahg00aiHCcC1SPQ6pmXAVBCG7hf4AX82V4QKBgQDaFDE+Fcpv84mFo4s9
+wn4CZ8ymoNIaf5zPl/gpH7MGots4NT5+Ns+6zzJQ6TEpDjTPx+vDaabP7QGXwVZn
+8NAHYvCQK37b+u9HrOt256YYRDOmnJFSbsJdmqzMEzpTNmQ8GuI37cZCS9CmSMv+
+ab/plcwuv0cJRSC83NN2AFyu1QKBgQDRJzKIBQlpprF9rA0D5ZjLVW4OH18A0Mmm
+oanw7qVutBaM4taFN4M851WnNIROyYIlkk2fNgW57Y4M8LER4zLrjU5HY4lB0BMX
+LQWDbyz4Y7L4lVnnEKfQxWFt9avNZwiCxCxEKy/n/icmVCzc91j9uwKcupdzrN6E
+yzPd1s5y4wKBgQCkJvzmAdsOp9/Fg1RFWcgmIWHvrzBXl+U+ceLveZf1j9K5nYJ7
+2OBGer4iH1XM1I+2M4No5XcWHg3L4FEdDixY0wXHT6Y/CcThS+015Kqmq3fBmyrc
+RNjzQoF9X5/QkSmkAIx1kvpgXtcgw70htRIrToGSUpKzDKDW6NYXhbA+PQKBgDJK
+KH5IJ8E9kYPUMLT1Kc4KVpISvPcnPLVSPdhuqVx69MkfadFSTb4BKbkwiXegQCjk
+isFzbeEM25EE9q6EYKP+sAm+RyyJ6W0zKBY4TynSXyAiWSGUAaXTL+AOqCaVVZiL
+rtEdSUGQ/LzclIT0/HLV2oTw4KWxtTdc3LXEhpNdAoGBAM3LckiHENqtoeK2gVNw
+IPeEuruEqoN4n+XltbEEv6Ymhxrs6T6HSKsEsLhqsUiIvIzH43KMm45SNYTn5eZh
+yzYMXLmervN7c1jJe2Y2MYv6hE+Ypj1xGW4w7s8WNKmVzLv97beisD9AZrS7sXfF
+RvOAi5wVkYylDxV4238MAZIq
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDbDCCAlSgAwIBAgIJANk5lu6mSyBCMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
+BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv
+TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzBaFw0yMzA1MjYxNzI4MzBaMEUx
+CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
+ZXN0IFMvTUlNRSBFRSBSU0EgIzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCyK+BTAOJKJjjiOhY60NeZjzGGZxEBfCm62n0mwkzusW/V/e63uwj6uOVC
+FoVBz5doMf3M6QIS2jL3Aw6Qs5+vcuLA0gHrqIwjYQz1UZ5ETLKLKbQw6YOIVfsF
+STxytUVpfcByrubWiLKX63theG1/IVokDK/9/k52Kyt+wcCjuRb7AJQFj2OLDRuW
+m/gavozkK103gQ+dUq4HXamZMtTq1EhQOfc0IUeCOEL6xz4jzlHHfzLdkvb7Enha
+v2sXDfOmZp/DYf9IqS7lvFkkINPVbYFBTexaPZlFwmpGRjkmoyH/w+Jlcpzs+w6p
+1diWRpaSn62bbkRN49j6L2dVb+DfAgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYD
+VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBQ6CkW5sa6HrBsWvuPOvMjyL5AnsDAfBgNV
+HSMEGDAWgBTJkVMKY3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEA
+JhcrD7AKafVzlncA3cZ6epAruj1xwcfiE+EbuAaeWEGjoSltmevcjgoIxvijRVcp
+sCbNmHJZ/siQlqzWjjf3yoERvLDqngJZZpQeocMIbLRQf4wgLAuiBcvT52wTE+sa
+VexeETDy5J1OW3wE4A3rkdBp6hLaymlijFNnd5z/bP6w3AcIMWm45yPm0skM8RVr
+O3UstEFYD/iy+p+Y/YZDoxYQSW5Vl+NkpGmc5bzet8gQz4JeXtH3z5zUGoDM4XK7
+tXP3yUi2eecCbyjh/wgaQiVdylr1Kv3mxXcTl+cFO22asDkh0R/y72nTCu5fSILY
+CscFo2Z2pYROGtZDmYqhRw==
+-----END CERTIFICATE-----

Deleted: vendor-crypto/openssl/1.0.1u/test/srptest.c
===================================================================
--- vendor-crypto/openssl/dist/test/srptest.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/srptest.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/../crypto/srp/srptest.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/test/ssltest.c
===================================================================
--- vendor-crypto/openssl/dist/test/ssltest.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/ssltest.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/../ssl/ssltest.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/test/testfipsssl
===================================================================
--- vendor-crypto/openssl/dist/test/testfipsssl	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/testfipsssl	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,113 +0,0 @@
-#!/bin/sh
-
-if [ "$1" = "" ]; then
-  key=../apps/server.pem
-else
-  key="$1"
-fi
-if [ "$2" = "" ]; then
-  cert=../apps/server.pem
-else
-  cert="$2"
-fi
-
-ciphers="DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA"
-
-ssltest="../util/shlib_wrap.sh ./ssltest -F -key $key -cert $cert -c_key $key -c_cert $cert -cipher $ciphers"
-
-if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
-  dsa_cert=YES
-else
-  dsa_cert=NO
-fi
-
-if [ "$3" = "" ]; then
-  CA="-CApath ../certs"
-else
-  CA="-CAfile $3"
-fi
-
-if [ "$4" = "" ]; then
-  extra=""
-else
-  extra="$4"
-fi
-
-#############################################################################
-
-echo test ssl3 is forbidden in FIPS mode
-$ssltest -ssl3 $extra && exit 1
-
-echo test ssl2 is forbidden in FIPS mode
-$ssltest -ssl2 $extra && exit 1
-
-echo test tls1
-$ssltest -tls1 $extra || exit 1
-
-echo test tls1 with server authentication
-$ssltest -tls1 -server_auth $CA $extra || exit 1
-
-echo test tls1 with client authentication
-$ssltest -tls1 -client_auth $CA $extra || exit 1
-
-echo test tls1 with both client and server authentication
-$ssltest -tls1 -server_auth -client_auth $CA $extra || exit 1
-
-echo test tls1 via BIO pair
-$ssltest -bio_pair -tls1 $extra || exit 1
-
-echo test tls1 with server authentication via BIO pair
-$ssltest -bio_pair -tls1 -server_auth $CA $extra || exit 1
-
-echo test tls1 with client authentication via BIO pair
-$ssltest -bio_pair -tls1 -client_auth $CA $extra || exit 1
-
-echo test tls1 with both client and server authentication via BIO pair
-$ssltest -bio_pair -tls1 -server_auth -client_auth $CA $extra || exit 1
-
-# note that all the below actually choose TLS...
-
-if [ $dsa_cert = NO ]; then
-  echo test sslv2/sslv3 w/o DHE via BIO pair
-  $ssltest -bio_pair -no_dhe $extra || exit 1
-fi
-
-echo test sslv2/sslv3 with 1024bit DHE via BIO pair
-$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
-
-echo test sslv2/sslv3 with server authentication
-$ssltest -bio_pair -server_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 with client authentication via BIO pair
-$ssltest -bio_pair -client_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 with both client and server authentication via BIO pair
-$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
-$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
-
-#############################################################################
-
-if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
-  echo skipping anonymous DH tests
-else
-  echo test tls1 with 1024bit anonymous DH, multiple handshakes
-  $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
-fi
-
-if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
-  echo skipping RSA tests
-else
-  echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
-  ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1
-
-  if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
-    echo skipping RSA+DHE tests
-  else
-    echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
-    ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
-  fi
-fi
-
-exit 0

Copied: vendor-crypto/openssl/1.0.1u/test/testfipsssl (from rev 11605, vendor-crypto/openssl/dist/test/testfipsssl)
===================================================================
--- vendor-crypto/openssl/1.0.1u/test/testfipsssl	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/test/testfipsssl	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,117 @@
+#!/bin/sh
+
+if [ "$1" = "" ]; then
+  key=../apps/server.pem
+else
+  key="$1"
+fi
+if [ "$2" = "" ]; then
+  cert=../apps/server.pem
+else
+  cert="$2"
+fi
+
+ciphers="DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA"
+
+ssltest="../util/shlib_wrap.sh ./ssltest -F -key $key -cert $cert -c_key $key -c_cert $cert -cipher $ciphers"
+
+if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
+  dsa_cert=YES
+else
+  dsa_cert=NO
+fi
+
+if [ "$3" = "" ]; then
+  CA="-CApath ../certs"
+else
+  CA="-CAfile $3"
+fi
+
+if [ "$4" = "" ]; then
+  extra=""
+else
+  extra="$4"
+fi
+
+#############################################################################
+
+echo test ssl3 is forbidden in FIPS mode
+$ssltest -ssl3 $extra && exit 1
+
+if ../util/shlib_wrap.sh ../apps/openssl ciphers SSLv2 >/dev/null 2>&1; then
+    echo test ssl2 is forbidden in FIPS mode
+    $ssltest -ssl2 $extra && exit 1
+else
+    echo ssl2 disabled: skipping test
+fi
+
+echo test tls1
+$ssltest -tls1 $extra || exit 1
+
+echo test tls1 with server authentication
+$ssltest -tls1 -server_auth $CA $extra || exit 1
+
+echo test tls1 with client authentication
+$ssltest -tls1 -client_auth $CA $extra || exit 1
+
+echo test tls1 with both client and server authentication
+$ssltest -tls1 -server_auth -client_auth $CA $extra || exit 1
+
+echo test tls1 via BIO pair
+$ssltest -bio_pair -tls1 $extra || exit 1
+
+echo test tls1 with server authentication via BIO pair
+$ssltest -bio_pair -tls1 -server_auth $CA $extra || exit 1
+
+echo test tls1 with client authentication via BIO pair
+$ssltest -bio_pair -tls1 -client_auth $CA $extra || exit 1
+
+echo test tls1 with both client and server authentication via BIO pair
+$ssltest -bio_pair -tls1 -server_auth -client_auth $CA $extra || exit 1
+
+# note that all the below actually choose TLS...
+
+if [ $dsa_cert = NO ]; then
+  echo test sslv2/sslv3 w/o DHE via BIO pair
+  $ssltest -bio_pair -no_dhe $extra || exit 1
+fi
+
+echo test sslv2/sslv3 with 1024bit DHE via BIO pair
+$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
+
+echo test sslv2/sslv3 with server authentication
+$ssltest -bio_pair -server_auth $CA $extra || exit 1
+
+echo test sslv2/sslv3 with client authentication via BIO pair
+$ssltest -bio_pair -client_auth $CA $extra || exit 1
+
+echo test sslv2/sslv3 with both client and server authentication via BIO pair
+$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
+
+echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
+$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
+
+#############################################################################
+
+if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
+  echo skipping anonymous DH tests
+else
+  echo test tls1 with 1024bit anonymous DH, multiple handshakes
+  $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
+fi
+
+if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
+  echo skipping RSA tests
+else
+  echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
+  ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1
+
+  if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
+    echo skipping RSA+DHE tests
+  else
+    echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
+    ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
+  fi
+fi
+
+exit 0

Deleted: vendor-crypto/openssl/1.0.1u/test/verify_extra_test.c
===================================================================
--- vendor-crypto/openssl/dist/test/verify_extra_test.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/verify_extra_test.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/../crypto/x509/verify_extra_test.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/test/wp_test.c
===================================================================
--- vendor-crypto/openssl/dist/test/wp_test.c	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/test/wp_test.c	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1 +0,0 @@
-link openssl-1.0.1q/../crypto/whrlpool/wp_test.c
\ No newline at end of file

Deleted: vendor-crypto/openssl/1.0.1u/util/libeay.num
===================================================================
--- vendor-crypto/openssl/dist/util/libeay.num	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/util/libeay.num	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,4316 +0,0 @@
-SSLeay                                  1	EXIST::FUNCTION:
-SSLeay_version                          2	EXIST::FUNCTION:
-ASN1_BIT_STRING_asn1_meth               3	NOEXIST::FUNCTION:
-ASN1_HEADER_free                        4	NOEXIST::FUNCTION:
-ASN1_HEADER_new                         5	NOEXIST::FUNCTION:
-ASN1_IA5STRING_asn1_meth                6	NOEXIST::FUNCTION:
-ASN1_INTEGER_get                        7	EXIST::FUNCTION:
-ASN1_INTEGER_set                        8	EXIST::FUNCTION:
-ASN1_INTEGER_to_BN                      9	EXIST::FUNCTION:
-ASN1_OBJECT_create                      10	EXIST::FUNCTION:
-ASN1_OBJECT_free                        11	EXIST::FUNCTION:
-ASN1_OBJECT_new                         12	EXIST::FUNCTION:
-ASN1_PRINTABLE_type                     13	EXIST::FUNCTION:
-ASN1_STRING_cmp                         14	EXIST::FUNCTION:
-ASN1_STRING_dup                         15	EXIST::FUNCTION:
-ASN1_STRING_free                        16	EXIST::FUNCTION:
-ASN1_STRING_new                         17	EXIST::FUNCTION:
-ASN1_STRING_print                       18	EXIST::FUNCTION:BIO
-ASN1_STRING_set                         19	EXIST::FUNCTION:
-ASN1_STRING_type_new                    20	EXIST::FUNCTION:
-ASN1_TYPE_free                          21	EXIST::FUNCTION:
-ASN1_TYPE_new                           22	EXIST::FUNCTION:
-ASN1_UNIVERSALSTRING_to_string          23	EXIST::FUNCTION:
-ASN1_UTCTIME_check                      24	EXIST::FUNCTION:
-ASN1_UTCTIME_print                      25	EXIST::FUNCTION:BIO
-ASN1_UTCTIME_set                        26	EXIST::FUNCTION:
-ASN1_check_infinite_end                 27	EXIST::FUNCTION:
-ASN1_d2i_bio                            28	EXIST::FUNCTION:BIO
-ASN1_d2i_fp                             29	EXIST::FUNCTION:FP_API
-ASN1_digest                             30	EXIST::FUNCTION:EVP
-ASN1_dup                                31	EXIST::FUNCTION:
-ASN1_get_object                         32	EXIST::FUNCTION:
-ASN1_i2d_bio                            33	EXIST::FUNCTION:BIO
-ASN1_i2d_fp                             34	EXIST::FUNCTION:FP_API
-ASN1_object_size                        35	EXIST::FUNCTION:
-ASN1_parse                              36	EXIST::FUNCTION:BIO
-ASN1_put_object                         37	EXIST::FUNCTION:
-ASN1_sign                               38	EXIST::FUNCTION:EVP
-ASN1_verify                             39	EXIST::FUNCTION:EVP
-BF_cbc_encrypt                          40	EXIST::FUNCTION:BF
-BF_cfb64_encrypt                        41	EXIST::FUNCTION:BF
-BF_ecb_encrypt                          42	EXIST::FUNCTION:BF
-BF_encrypt                              43	EXIST::FUNCTION:BF
-BF_ofb64_encrypt                        44	EXIST::FUNCTION:BF
-BF_options                              45	EXIST::FUNCTION:BF
-BF_set_key                              46	EXIST::FUNCTION:BF
-BIO_CONNECT_free                        47	NOEXIST::FUNCTION:
-BIO_CONNECT_new                         48	NOEXIST::FUNCTION:
-BIO_accept                              51	EXIST::FUNCTION:
-BIO_ctrl                                52	EXIST::FUNCTION:
-BIO_int_ctrl                            53	EXIST::FUNCTION:
-BIO_debug_callback                      54	EXIST::FUNCTION:
-BIO_dump                                55	EXIST::FUNCTION:
-BIO_dup_chain                           56	EXIST::FUNCTION:
-BIO_f_base64                            57	EXIST::FUNCTION:BIO
-BIO_f_buffer                            58	EXIST::FUNCTION:
-BIO_f_cipher                            59	EXIST::FUNCTION:BIO
-BIO_f_md                                60	EXIST::FUNCTION:BIO
-BIO_f_null                              61	EXIST::FUNCTION:
-BIO_f_proxy_server                      62	NOEXIST::FUNCTION:
-BIO_fd_non_fatal_error                  63	EXIST::FUNCTION:
-BIO_fd_should_retry                     64	EXIST::FUNCTION:
-BIO_find_type                           65	EXIST::FUNCTION:
-BIO_free                                66	EXIST::FUNCTION:
-BIO_free_all                            67	EXIST::FUNCTION:
-BIO_get_accept_socket                   69	EXIST::FUNCTION:
-BIO_get_filter_bio                      70	NOEXIST::FUNCTION:
-BIO_get_host_ip                         71	EXIST::FUNCTION:
-BIO_get_port                            72	EXIST::FUNCTION:
-BIO_get_retry_BIO                       73	EXIST::FUNCTION:
-BIO_get_retry_reason                    74	EXIST::FUNCTION:
-BIO_gethostbyname                       75	EXIST::FUNCTION:
-BIO_gets                                76	EXIST::FUNCTION:
-BIO_new                                 78	EXIST::FUNCTION:
-BIO_new_accept                          79	EXIST::FUNCTION:
-BIO_new_connect                         80	EXIST::FUNCTION:
-BIO_new_fd                              81	EXIST::FUNCTION:
-BIO_new_file                            82	EXIST::FUNCTION:FP_API
-BIO_new_fp                              83	EXIST::FUNCTION:FP_API
-BIO_new_socket                          84	EXIST::FUNCTION:
-BIO_pop                                 85	EXIST::FUNCTION:
-BIO_printf                              86	EXIST::FUNCTION:
-BIO_push                                87	EXIST::FUNCTION:
-BIO_puts                                88	EXIST::FUNCTION:
-BIO_read                                89	EXIST::FUNCTION:
-BIO_s_accept                            90	EXIST::FUNCTION:
-BIO_s_connect                           91	EXIST::FUNCTION:
-BIO_s_fd                                92	EXIST::FUNCTION:
-BIO_s_file                              93	EXIST::FUNCTION:FP_API
-BIO_s_mem                               95	EXIST::FUNCTION:
-BIO_s_null                              96	EXIST::FUNCTION:
-BIO_s_proxy_client                      97	NOEXIST::FUNCTION:
-BIO_s_socket                            98	EXIST::FUNCTION:
-BIO_set                                 100	EXIST::FUNCTION:
-BIO_set_cipher                          101	EXIST::FUNCTION:BIO
-BIO_set_tcp_ndelay                      102	EXIST::FUNCTION:
-BIO_sock_cleanup                        103	EXIST::FUNCTION:
-BIO_sock_error                          104	EXIST::FUNCTION:
-BIO_sock_init                           105	EXIST::FUNCTION:
-BIO_sock_non_fatal_error                106	EXIST::FUNCTION:
-BIO_sock_should_retry                   107	EXIST::FUNCTION:
-BIO_socket_ioctl                        108	EXIST::FUNCTION:
-BIO_write                               109	EXIST::FUNCTION:
-BN_CTX_free                             110	EXIST::FUNCTION:
-BN_CTX_new                              111	EXIST::FUNCTION:
-BN_MONT_CTX_free                        112	EXIST::FUNCTION:
-BN_MONT_CTX_new                         113	EXIST::FUNCTION:
-BN_MONT_CTX_set                         114	EXIST::FUNCTION:
-BN_add                                  115	EXIST::FUNCTION:
-BN_add_word                             116	EXIST::FUNCTION:
-BN_hex2bn                               117	EXIST::FUNCTION:
-BN_bin2bn                               118	EXIST::FUNCTION:
-BN_bn2hex                               119	EXIST::FUNCTION:
-BN_bn2bin                               120	EXIST::FUNCTION:
-BN_clear                                121	EXIST::FUNCTION:
-BN_clear_bit                            122	EXIST::FUNCTION:
-BN_clear_free                           123	EXIST::FUNCTION:
-BN_cmp                                  124	EXIST::FUNCTION:
-BN_copy                                 125	EXIST::FUNCTION:
-BN_div                                  126	EXIST::FUNCTION:
-BN_div_word                             127	EXIST::FUNCTION:
-BN_dup                                  128	EXIST::FUNCTION:
-BN_free                                 129	EXIST::FUNCTION:
-BN_from_montgomery                      130	EXIST::FUNCTION:
-BN_gcd                                  131	EXIST::FUNCTION:
-BN_generate_prime                       132	EXIST::FUNCTION:DEPRECATED
-BN_get_word                             133	EXIST::FUNCTION:
-BN_is_bit_set                           134	EXIST::FUNCTION:
-BN_is_prime                             135	EXIST::FUNCTION:DEPRECATED
-BN_lshift                               136	EXIST::FUNCTION:
-BN_lshift1                              137	EXIST::FUNCTION:
-BN_mask_bits                            138	EXIST::FUNCTION:
-BN_mod                                  139	NOEXIST::FUNCTION:
-BN_mod_exp                              140	EXIST::FUNCTION:
-BN_mod_exp_mont                         141	EXIST::FUNCTION:
-BN_mod_exp_simple                       143	EXIST::FUNCTION:
-BN_mod_inverse                          144	EXIST::FUNCTION:
-BN_mod_mul                              145	EXIST::FUNCTION:
-BN_mod_mul_montgomery                   146	EXIST::FUNCTION:
-BN_mod_word                             148	EXIST::FUNCTION:
-BN_mul                                  149	EXIST::FUNCTION:
-BN_new                                  150	EXIST::FUNCTION:
-BN_num_bits                             151	EXIST::FUNCTION:
-BN_num_bits_word                        152	EXIST::FUNCTION:
-BN_options                              153	EXIST::FUNCTION:
-BN_print                                154	EXIST::FUNCTION:
-BN_print_fp                             155	EXIST::FUNCTION:FP_API
-BN_rand                                 156	EXIST::FUNCTION:
-BN_reciprocal                           157	EXIST::FUNCTION:
-BN_rshift                               158	EXIST::FUNCTION:
-BN_rshift1                              159	EXIST::FUNCTION:
-BN_set_bit                              160	EXIST::FUNCTION:
-BN_set_word                             161	EXIST::FUNCTION:
-BN_sqr                                  162	EXIST::FUNCTION:
-BN_sub                                  163	EXIST::FUNCTION:
-BN_to_ASN1_INTEGER                      164	EXIST::FUNCTION:
-BN_ucmp                                 165	EXIST::FUNCTION:
-BN_value_one                            166	EXIST::FUNCTION:
-BUF_MEM_free                            167	EXIST::FUNCTION:
-BUF_MEM_grow                            168	EXIST::FUNCTION:
-BUF_MEM_new                             169	EXIST::FUNCTION:
-BUF_strdup                              170	EXIST::FUNCTION:
-CONF_free                               171	EXIST::FUNCTION:
-CONF_get_number                         172	EXIST::FUNCTION:
-CONF_get_section                        173	EXIST::FUNCTION:
-CONF_get_string                         174	EXIST::FUNCTION:
-CONF_load                               175	EXIST::FUNCTION:
-CRYPTO_add_lock                         176	EXIST::FUNCTION:
-CRYPTO_dbg_free                         177	EXIST::FUNCTION:
-CRYPTO_dbg_malloc                       178	EXIST::FUNCTION:
-CRYPTO_dbg_realloc                      179	EXIST::FUNCTION:
-CRYPTO_dbg_remalloc                     180	NOEXIST::FUNCTION:
-CRYPTO_free                             181	EXIST::FUNCTION:
-CRYPTO_get_add_lock_callback            182	EXIST::FUNCTION:
-CRYPTO_get_id_callback                  183	EXIST::FUNCTION:DEPRECATED
-CRYPTO_get_lock_name                    184	EXIST::FUNCTION:
-CRYPTO_get_locking_callback             185	EXIST::FUNCTION:
-CRYPTO_get_mem_functions                186	EXIST::FUNCTION:
-CRYPTO_lock                             187	EXIST::FUNCTION:
-CRYPTO_malloc                           188	EXIST::FUNCTION:
-CRYPTO_mem_ctrl                         189	EXIST::FUNCTION:
-CRYPTO_mem_leaks                        190	EXIST::FUNCTION:
-CRYPTO_mem_leaks_cb                     191	EXIST::FUNCTION:
-CRYPTO_mem_leaks_fp                     192	EXIST::FUNCTION:FP_API
-CRYPTO_realloc                          193	EXIST::FUNCTION:
-CRYPTO_remalloc                         194	EXIST::FUNCTION:
-CRYPTO_set_add_lock_callback            195	EXIST::FUNCTION:
-CRYPTO_set_id_callback                  196	EXIST::FUNCTION:DEPRECATED
-CRYPTO_set_locking_callback             197	EXIST::FUNCTION:
-CRYPTO_set_mem_functions                198	EXIST::FUNCTION:
-CRYPTO_thread_id                        199	EXIST::FUNCTION:DEPRECATED
-DH_check                                200	EXIST::FUNCTION:DH
-DH_compute_key                          201	EXIST::FUNCTION:DH
-DH_free                                 202	EXIST::FUNCTION:DH
-DH_generate_key                         203	EXIST::FUNCTION:DH
-DH_generate_parameters                  204	EXIST::FUNCTION:DEPRECATED,DH
-DH_new                                  205	EXIST::FUNCTION:DH
-DH_size                                 206	EXIST::FUNCTION:DH
-DHparams_print                          207	EXIST::FUNCTION:BIO,DH
-DHparams_print_fp                       208	EXIST::FUNCTION:DH,FP_API
-DSA_free                                209	EXIST::FUNCTION:DSA
-DSA_generate_key                        210	EXIST::FUNCTION:DSA
-DSA_generate_parameters                 211	EXIST::FUNCTION:DEPRECATED,DSA
-DSA_is_prime                            212	NOEXIST::FUNCTION:
-DSA_new                                 213	EXIST::FUNCTION:DSA
-DSA_print                               214	EXIST::FUNCTION:BIO,DSA
-DSA_print_fp                            215	EXIST::FUNCTION:DSA,FP_API
-DSA_sign                                216	EXIST::FUNCTION:DSA
-DSA_sign_setup                          217	EXIST::FUNCTION:DSA
-DSA_size                                218	EXIST::FUNCTION:DSA
-DSA_verify                              219	EXIST::FUNCTION:DSA
-DSAparams_print                         220	EXIST::FUNCTION:BIO,DSA
-DSAparams_print_fp                      221	EXIST::FUNCTION:DSA,FP_API
-ERR_clear_error                         222	EXIST::FUNCTION:
-ERR_error_string                        223	EXIST::FUNCTION:
-ERR_free_strings                        224	EXIST::FUNCTION:
-ERR_func_error_string                   225	EXIST::FUNCTION:
-ERR_get_err_state_table                 226	EXIST::FUNCTION:LHASH
-ERR_get_error                           227	EXIST::FUNCTION:
-ERR_get_error_line                      228	EXIST::FUNCTION:
-ERR_get_state                           229	EXIST::FUNCTION:
-ERR_get_string_table                    230	EXIST::FUNCTION:LHASH
-ERR_lib_error_string                    231	EXIST::FUNCTION:
-ERR_load_ASN1_strings                   232	EXIST::FUNCTION:
-ERR_load_BIO_strings                    233	EXIST::FUNCTION:
-ERR_load_BN_strings                     234	EXIST::FUNCTION:
-ERR_load_BUF_strings                    235	EXIST::FUNCTION:
-ERR_load_CONF_strings                   236	EXIST::FUNCTION:
-ERR_load_DH_strings                     237	EXIST::FUNCTION:DH
-ERR_load_DSA_strings                    238	EXIST::FUNCTION:DSA
-ERR_load_ERR_strings                    239	EXIST::FUNCTION:
-ERR_load_EVP_strings                    240	EXIST::FUNCTION:
-ERR_load_OBJ_strings                    241	EXIST::FUNCTION:
-ERR_load_PEM_strings                    242	EXIST::FUNCTION:
-ERR_load_PROXY_strings                  243	NOEXIST::FUNCTION:
-ERR_load_RSA_strings                    244	EXIST::FUNCTION:RSA
-ERR_load_X509_strings                   245	EXIST::FUNCTION:
-ERR_load_crypto_strings                 246	EXIST::FUNCTION:
-ERR_load_strings                        247	EXIST::FUNCTION:
-ERR_peek_error                          248	EXIST::FUNCTION:
-ERR_peek_error_line                     249	EXIST::FUNCTION:
-ERR_print_errors                        250	EXIST::FUNCTION:BIO
-ERR_print_errors_fp                     251	EXIST::FUNCTION:FP_API
-ERR_put_error                           252	EXIST::FUNCTION:
-ERR_reason_error_string                 253	EXIST::FUNCTION:
-ERR_remove_state                        254	EXIST::FUNCTION:DEPRECATED
-EVP_BytesToKey                          255	EXIST::FUNCTION:
-EVP_CIPHER_CTX_cleanup                  256	EXIST::FUNCTION:
-EVP_CipherFinal                         257	EXIST::FUNCTION:
-EVP_CipherInit                          258	EXIST::FUNCTION:
-EVP_CipherUpdate                        259	EXIST::FUNCTION:
-EVP_DecodeBlock                         260	EXIST::FUNCTION:
-EVP_DecodeFinal                         261	EXIST::FUNCTION:
-EVP_DecodeInit                          262	EXIST::FUNCTION:
-EVP_DecodeUpdate                        263	EXIST::FUNCTION:
-EVP_DecryptFinal                        264	EXIST::FUNCTION:
-EVP_DecryptInit                         265	EXIST::FUNCTION:
-EVP_DecryptUpdate                       266	EXIST::FUNCTION:
-EVP_DigestFinal                         267	EXIST::FUNCTION:
-EVP_DigestInit                          268	EXIST::FUNCTION:
-EVP_DigestUpdate                        269	EXIST::FUNCTION:
-EVP_EncodeBlock                         270	EXIST::FUNCTION:
-EVP_EncodeFinal                         271	EXIST::FUNCTION:
-EVP_EncodeInit                          272	EXIST::FUNCTION:
-EVP_EncodeUpdate                        273	EXIST::FUNCTION:
-EVP_EncryptFinal                        274	EXIST::FUNCTION:
-EVP_EncryptInit                         275	EXIST::FUNCTION:
-EVP_EncryptUpdate                       276	EXIST::FUNCTION:
-EVP_OpenFinal                           277	EXIST::FUNCTION:RSA
-EVP_OpenInit                            278	EXIST::FUNCTION:RSA
-EVP_PKEY_assign                         279	EXIST::FUNCTION:
-EVP_PKEY_copy_parameters                280	EXIST::FUNCTION:
-EVP_PKEY_free                           281	EXIST::FUNCTION:
-EVP_PKEY_missing_parameters             282	EXIST::FUNCTION:
-EVP_PKEY_new                            283	EXIST::FUNCTION:
-EVP_PKEY_save_parameters                284	EXIST::FUNCTION:
-EVP_PKEY_size                           285	EXIST::FUNCTION:
-EVP_PKEY_type                           286	EXIST::FUNCTION:
-EVP_SealFinal                           287	EXIST::FUNCTION:RSA
-EVP_SealInit                            288	EXIST::FUNCTION:RSA
-EVP_SignFinal                           289	EXIST::FUNCTION:
-EVP_VerifyFinal                         290	EXIST::FUNCTION:
-EVP_add_alias                           291	NOEXIST::FUNCTION:
-EVP_add_cipher                          292	EXIST::FUNCTION:
-EVP_add_digest                          293	EXIST::FUNCTION:
-EVP_bf_cbc                              294	EXIST::FUNCTION:BF
-EVP_bf_cfb64                            295	EXIST::FUNCTION:BF
-EVP_bf_ecb                              296	EXIST::FUNCTION:BF
-EVP_bf_ofb                              297	EXIST::FUNCTION:BF
-EVP_cleanup                             298	EXIST::FUNCTION:
-EVP_des_cbc                             299	EXIST::FUNCTION:DES
-EVP_des_cfb64                           300	EXIST::FUNCTION:DES
-EVP_des_ecb                             301	EXIST::FUNCTION:DES
-EVP_des_ede                             302	EXIST::FUNCTION:DES
-EVP_des_ede3                            303	EXIST::FUNCTION:DES
-EVP_des_ede3_cbc                        304	EXIST::FUNCTION:DES
-EVP_des_ede3_cfb64                      305	EXIST::FUNCTION:DES
-EVP_des_ede3_ofb                        306	EXIST::FUNCTION:DES
-EVP_des_ede_cbc                         307	EXIST::FUNCTION:DES
-EVP_des_ede_cfb64                       308	EXIST::FUNCTION:DES
-EVP_des_ede_ofb                         309	EXIST::FUNCTION:DES
-EVP_des_ofb                             310	EXIST::FUNCTION:DES
-EVP_desx_cbc                            311	EXIST::FUNCTION:DES
-EVP_dss                                 312	EXIST::FUNCTION:DSA,SHA
-EVP_dss1                                313	EXIST::FUNCTION:DSA,SHA
-EVP_enc_null                            314	EXIST::FUNCTION:
-EVP_get_cipherbyname                    315	EXIST::FUNCTION:
-EVP_get_digestbyname                    316	EXIST::FUNCTION:
-EVP_get_pw_prompt                       317	EXIST::FUNCTION:
-EVP_idea_cbc                            318	EXIST::FUNCTION:IDEA
-EVP_idea_cfb64                          319	EXIST::FUNCTION:IDEA
-EVP_idea_ecb                            320	EXIST::FUNCTION:IDEA
-EVP_idea_ofb                            321	EXIST::FUNCTION:IDEA
-EVP_md2                                 322	EXIST::FUNCTION:MD2
-EVP_md5                                 323	EXIST::FUNCTION:MD5
-EVP_md_null                             324	EXIST::FUNCTION:
-EVP_rc2_cbc                             325	EXIST::FUNCTION:RC2
-EVP_rc2_cfb64                           326	EXIST::FUNCTION:RC2
-EVP_rc2_ecb                             327	EXIST::FUNCTION:RC2
-EVP_rc2_ofb                             328	EXIST::FUNCTION:RC2
-EVP_rc4                                 329	EXIST::FUNCTION:RC4
-EVP_read_pw_string                      330	EXIST::FUNCTION:
-EVP_set_pw_prompt                       331	EXIST::FUNCTION:
-EVP_sha                                 332	EXIST::FUNCTION:SHA
-EVP_sha1                                333	EXIST::FUNCTION:SHA
-MD2                                     334	EXIST::FUNCTION:MD2
-MD2_Final                               335	EXIST::FUNCTION:MD2
-MD2_Init                                336	EXIST::FUNCTION:MD2
-MD2_Update                              337	EXIST::FUNCTION:MD2
-MD2_options                             338	EXIST::FUNCTION:MD2
-MD5                                     339	EXIST::FUNCTION:MD5
-MD5_Final                               340	EXIST::FUNCTION:MD5
-MD5_Init                                341	EXIST::FUNCTION:MD5
-MD5_Update                              342	EXIST::FUNCTION:MD5
-MDC2                                    343	EXIST::FUNCTION:MDC2
-MDC2_Final                              344	EXIST::FUNCTION:MDC2
-MDC2_Init                               345	EXIST::FUNCTION:MDC2
-MDC2_Update                             346	EXIST::FUNCTION:MDC2
-NETSCAPE_SPKAC_free                     347	EXIST::FUNCTION:
-NETSCAPE_SPKAC_new                      348	EXIST::FUNCTION:
-NETSCAPE_SPKI_free                      349	EXIST::FUNCTION:
-NETSCAPE_SPKI_new                       350	EXIST::FUNCTION:
-NETSCAPE_SPKI_sign                      351	EXIST::FUNCTION:EVP
-NETSCAPE_SPKI_verify                    352	EXIST::FUNCTION:EVP
-OBJ_add_object                          353	EXIST::FUNCTION:
-OBJ_bsearch                             354	NOEXIST::FUNCTION:
-OBJ_cleanup                             355	EXIST::FUNCTION:
-OBJ_cmp                                 356	EXIST::FUNCTION:
-OBJ_create                              357	EXIST::FUNCTION:
-OBJ_dup                                 358	EXIST::FUNCTION:
-OBJ_ln2nid                              359	EXIST::FUNCTION:
-OBJ_new_nid                             360	EXIST::FUNCTION:
-OBJ_nid2ln                              361	EXIST::FUNCTION:
-OBJ_nid2obj                             362	EXIST::FUNCTION:
-OBJ_nid2sn                              363	EXIST::FUNCTION:
-OBJ_obj2nid                             364	EXIST::FUNCTION:
-OBJ_sn2nid                              365	EXIST::FUNCTION:
-OBJ_txt2nid                             366	EXIST::FUNCTION:
-PEM_ASN1_read                           367	EXIST::FUNCTION:
-PEM_ASN1_read_bio                       368	EXIST::FUNCTION:BIO
-PEM_ASN1_write                          369	EXIST::FUNCTION:
-PEM_ASN1_write_bio                      370	EXIST::FUNCTION:BIO
-PEM_SealFinal                           371	EXIST::FUNCTION:RSA
-PEM_SealInit                            372	EXIST::FUNCTION:RSA
-PEM_SealUpdate                          373	EXIST::FUNCTION:RSA
-PEM_SignFinal                           374	EXIST::FUNCTION:
-PEM_SignInit                            375	EXIST::FUNCTION:
-PEM_SignUpdate                          376	EXIST::FUNCTION:
-PEM_X509_INFO_read                      377	EXIST::FUNCTION:
-PEM_X509_INFO_read_bio                  378	EXIST::FUNCTION:BIO
-PEM_X509_INFO_write_bio                 379	EXIST::FUNCTION:BIO
-PEM_dek_info                            380	EXIST::FUNCTION:
-PEM_do_header                           381	EXIST::FUNCTION:
-PEM_get_EVP_CIPHER_INFO                 382	EXIST::FUNCTION:
-PEM_proc_type                           383	EXIST::FUNCTION:
-PEM_read                                384	EXIST::FUNCTION:
-PEM_read_DHparams                       385	EXIST:!WIN16:FUNCTION:DH
-PEM_read_DSAPrivateKey                  386	EXIST:!WIN16:FUNCTION:DSA
-PEM_read_DSAparams                      387	EXIST:!WIN16:FUNCTION:DSA
-PEM_read_PKCS7                          388	EXIST:!WIN16:FUNCTION:
-PEM_read_PrivateKey                     389	EXIST:!WIN16:FUNCTION:
-PEM_read_RSAPrivateKey                  390	EXIST:!WIN16:FUNCTION:RSA
-PEM_read_X509                           391	EXIST:!WIN16:FUNCTION:
-PEM_read_X509_CRL                       392	EXIST:!WIN16:FUNCTION:
-PEM_read_X509_REQ                       393	EXIST:!WIN16:FUNCTION:
-PEM_read_bio                            394	EXIST::FUNCTION:BIO
-PEM_read_bio_DHparams                   395	EXIST::FUNCTION:DH
-PEM_read_bio_DSAPrivateKey              396	EXIST::FUNCTION:DSA
-PEM_read_bio_DSAparams                  397	EXIST::FUNCTION:DSA
-PEM_read_bio_PKCS7                      398	EXIST::FUNCTION:
-PEM_read_bio_PrivateKey                 399	EXIST::FUNCTION:
-PEM_read_bio_RSAPrivateKey              400	EXIST::FUNCTION:RSA
-PEM_read_bio_X509                       401	EXIST::FUNCTION:
-PEM_read_bio_X509_CRL                   402	EXIST::FUNCTION:
-PEM_read_bio_X509_REQ                   403	EXIST::FUNCTION:
-PEM_write                               404	EXIST::FUNCTION:
-PEM_write_DHparams                      405	EXIST:!WIN16:FUNCTION:DH
-PEM_write_DSAPrivateKey                 406	EXIST:!WIN16:FUNCTION:DSA
-PEM_write_DSAparams                     407	EXIST:!WIN16:FUNCTION:DSA
-PEM_write_PKCS7                         408	EXIST:!WIN16:FUNCTION:
-PEM_write_PrivateKey                    409	EXIST:!WIN16:FUNCTION:
-PEM_write_RSAPrivateKey                 410	EXIST:!WIN16:FUNCTION:RSA
-PEM_write_X509                          411	EXIST:!WIN16:FUNCTION:
-PEM_write_X509_CRL                      412	EXIST:!WIN16:FUNCTION:
-PEM_write_X509_REQ                      413	EXIST:!WIN16:FUNCTION:
-PEM_write_bio                           414	EXIST::FUNCTION:BIO
-PEM_write_bio_DHparams                  415	EXIST::FUNCTION:DH
-PEM_write_bio_DSAPrivateKey             416	EXIST::FUNCTION:DSA
-PEM_write_bio_DSAparams                 417	EXIST::FUNCTION:DSA
-PEM_write_bio_PKCS7                     418	EXIST::FUNCTION:
-PEM_write_bio_PrivateKey                419	EXIST::FUNCTION:
-PEM_write_bio_RSAPrivateKey             420	EXIST::FUNCTION:RSA
-PEM_write_bio_X509                      421	EXIST::FUNCTION:
-PEM_write_bio_X509_CRL                  422	EXIST::FUNCTION:
-PEM_write_bio_X509_REQ                  423	EXIST::FUNCTION:
-PKCS7_DIGEST_free                       424	EXIST::FUNCTION:
-PKCS7_DIGEST_new                        425	EXIST::FUNCTION:
-PKCS7_ENCRYPT_free                      426	EXIST::FUNCTION:
-PKCS7_ENCRYPT_new                       427	EXIST::FUNCTION:
-PKCS7_ENC_CONTENT_free                  428	EXIST::FUNCTION:
-PKCS7_ENC_CONTENT_new                   429	EXIST::FUNCTION:
-PKCS7_ENVELOPE_free                     430	EXIST::FUNCTION:
-PKCS7_ENVELOPE_new                      431	EXIST::FUNCTION:
-PKCS7_ISSUER_AND_SERIAL_digest          432	EXIST::FUNCTION:
-PKCS7_ISSUER_AND_SERIAL_free            433	EXIST::FUNCTION:
-PKCS7_ISSUER_AND_SERIAL_new             434	EXIST::FUNCTION:
-PKCS7_RECIP_INFO_free                   435	EXIST::FUNCTION:
-PKCS7_RECIP_INFO_new                    436	EXIST::FUNCTION:
-PKCS7_SIGNED_free                       437	EXIST::FUNCTION:
-PKCS7_SIGNED_new                        438	EXIST::FUNCTION:
-PKCS7_SIGNER_INFO_free                  439	EXIST::FUNCTION:
-PKCS7_SIGNER_INFO_new                   440	EXIST::FUNCTION:
-PKCS7_SIGN_ENVELOPE_free                441	EXIST::FUNCTION:
-PKCS7_SIGN_ENVELOPE_new                 442	EXIST::FUNCTION:
-PKCS7_dup                               443	EXIST::FUNCTION:
-PKCS7_free                              444	EXIST::FUNCTION:
-PKCS7_new                               445	EXIST::FUNCTION:
-PROXY_ENTRY_add_noproxy                 446	NOEXIST::FUNCTION:
-PROXY_ENTRY_clear_noproxy               447	NOEXIST::FUNCTION:
-PROXY_ENTRY_free                        448	NOEXIST::FUNCTION:
-PROXY_ENTRY_get_noproxy                 449	NOEXIST::FUNCTION:
-PROXY_ENTRY_new                         450	NOEXIST::FUNCTION:
-PROXY_ENTRY_set_server                  451	NOEXIST::FUNCTION:
-PROXY_add_noproxy                       452	NOEXIST::FUNCTION:
-PROXY_add_server                        453	NOEXIST::FUNCTION:
-PROXY_check_by_host                     454	NOEXIST::FUNCTION:
-PROXY_check_url                         455	NOEXIST::FUNCTION:
-PROXY_clear_noproxy                     456	NOEXIST::FUNCTION:
-PROXY_free                              457	NOEXIST::FUNCTION:
-PROXY_get_noproxy                       458	NOEXIST::FUNCTION:
-PROXY_get_proxies                       459	NOEXIST::FUNCTION:
-PROXY_get_proxy_entry                   460	NOEXIST::FUNCTION:
-PROXY_load_conf                         461	NOEXIST::FUNCTION:
-PROXY_new                               462	NOEXIST::FUNCTION:
-PROXY_print                             463	NOEXIST::FUNCTION:
-RAND_bytes                              464	EXIST::FUNCTION:
-RAND_cleanup                            465	EXIST::FUNCTION:
-RAND_file_name                          466	EXIST::FUNCTION:
-RAND_load_file                          467	EXIST::FUNCTION:
-RAND_screen                             468	EXIST:WIN32:FUNCTION:
-RAND_seed                               469	EXIST::FUNCTION:
-RAND_write_file                         470	EXIST::FUNCTION:
-RC2_cbc_encrypt                         471	EXIST::FUNCTION:RC2
-RC2_cfb64_encrypt                       472	EXIST::FUNCTION:RC2
-RC2_ecb_encrypt                         473	EXIST::FUNCTION:RC2
-RC2_encrypt                             474	EXIST::FUNCTION:RC2
-RC2_ofb64_encrypt                       475	EXIST::FUNCTION:RC2
-RC2_set_key                             476	EXIST::FUNCTION:RC2
-RC4                                     477	EXIST::FUNCTION:RC4
-RC4_options                             478	EXIST::FUNCTION:RC4
-RC4_set_key                             479	EXIST::FUNCTION:RC4
-RSAPrivateKey_asn1_meth                 480	NOEXIST::FUNCTION:
-RSAPrivateKey_dup                       481	EXIST::FUNCTION:RSA
-RSAPublicKey_dup                        482	EXIST::FUNCTION:RSA
-RSA_PKCS1_SSLeay                        483	EXIST::FUNCTION:RSA
-RSA_free                                484	EXIST::FUNCTION:RSA
-RSA_generate_key                        485	EXIST::FUNCTION:DEPRECATED,RSA
-RSA_new                                 486	EXIST::FUNCTION:RSA
-RSA_new_method                          487	EXIST::FUNCTION:RSA
-RSA_print                               488	EXIST::FUNCTION:BIO,RSA
-RSA_print_fp                            489	EXIST::FUNCTION:FP_API,RSA
-RSA_private_decrypt                     490	EXIST::FUNCTION:RSA
-RSA_private_encrypt                     491	EXIST::FUNCTION:RSA
-RSA_public_decrypt                      492	EXIST::FUNCTION:RSA
-RSA_public_encrypt                      493	EXIST::FUNCTION:RSA
-RSA_set_default_method                  494	EXIST::FUNCTION:RSA
-RSA_sign                                495	EXIST::FUNCTION:RSA
-RSA_sign_ASN1_OCTET_STRING              496	EXIST::FUNCTION:RSA
-RSA_size                                497	EXIST::FUNCTION:RSA
-RSA_verify                              498	EXIST::FUNCTION:RSA
-RSA_verify_ASN1_OCTET_STRING            499	EXIST::FUNCTION:RSA
-SHA                                     500	EXIST::FUNCTION:SHA,SHA0
-SHA1                                    501	EXIST::FUNCTION:SHA,SHA1
-SHA1_Final                              502	EXIST::FUNCTION:SHA,SHA1
-SHA1_Init                               503	EXIST::FUNCTION:SHA,SHA1
-SHA1_Update                             504	EXIST::FUNCTION:SHA,SHA1
-SHA_Final                               505	EXIST::FUNCTION:SHA,SHA0
-SHA_Init                                506	EXIST::FUNCTION:SHA,SHA0
-SHA_Update                              507	EXIST::FUNCTION:SHA,SHA0
-OpenSSL_add_all_algorithms              508	NOEXIST::FUNCTION:
-OpenSSL_add_all_ciphers                 509	EXIST::FUNCTION:
-OpenSSL_add_all_digests                 510	EXIST::FUNCTION:
-TXT_DB_create_index                     511	EXIST::FUNCTION:
-TXT_DB_free                             512	EXIST::FUNCTION:
-TXT_DB_get_by_index                     513	EXIST::FUNCTION:
-TXT_DB_insert                           514	EXIST::FUNCTION:
-TXT_DB_read                             515	EXIST::FUNCTION:BIO
-TXT_DB_write                            516	EXIST::FUNCTION:BIO
-X509_ALGOR_free                         517	EXIST::FUNCTION:
-X509_ALGOR_new                          518	EXIST::FUNCTION:
-X509_ATTRIBUTE_free                     519	EXIST::FUNCTION:
-X509_ATTRIBUTE_new                      520	EXIST::FUNCTION:
-X509_CINF_free                          521	EXIST::FUNCTION:
-X509_CINF_new                           522	EXIST::FUNCTION:
-X509_CRL_INFO_free                      523	EXIST::FUNCTION:
-X509_CRL_INFO_new                       524	EXIST::FUNCTION:
-X509_CRL_add_ext                        525	EXIST::FUNCTION:
-X509_CRL_cmp                            526	EXIST::FUNCTION:
-X509_CRL_delete_ext                     527	EXIST::FUNCTION:
-X509_CRL_dup                            528	EXIST::FUNCTION:
-X509_CRL_free                           529	EXIST::FUNCTION:
-X509_CRL_get_ext                        530	EXIST::FUNCTION:
-X509_CRL_get_ext_by_NID                 531	EXIST::FUNCTION:
-X509_CRL_get_ext_by_OBJ                 532	EXIST::FUNCTION:
-X509_CRL_get_ext_by_critical            533	EXIST::FUNCTION:
-X509_CRL_get_ext_count                  534	EXIST::FUNCTION:
-X509_CRL_new                            535	EXIST::FUNCTION:
-X509_CRL_sign                           536	EXIST::FUNCTION:EVP
-X509_CRL_verify                         537	EXIST::FUNCTION:EVP
-X509_EXTENSION_create_by_NID            538	EXIST::FUNCTION:
-X509_EXTENSION_create_by_OBJ            539	EXIST::FUNCTION:
-X509_EXTENSION_dup                      540	EXIST::FUNCTION:
-X509_EXTENSION_free                     541	EXIST::FUNCTION:
-X509_EXTENSION_get_critical             542	EXIST::FUNCTION:
-X509_EXTENSION_get_data                 543	EXIST::FUNCTION:
-X509_EXTENSION_get_object               544	EXIST::FUNCTION:
-X509_EXTENSION_new                      545	EXIST::FUNCTION:
-X509_EXTENSION_set_critical             546	EXIST::FUNCTION:
-X509_EXTENSION_set_data                 547	EXIST::FUNCTION:
-X509_EXTENSION_set_object               548	EXIST::FUNCTION:
-X509_INFO_free                          549	EXIST::FUNCTION:EVP
-X509_INFO_new                           550	EXIST::FUNCTION:EVP
-X509_LOOKUP_by_alias                    551	EXIST::FUNCTION:
-X509_LOOKUP_by_fingerprint              552	EXIST::FUNCTION:
-X509_LOOKUP_by_issuer_serial            553	EXIST::FUNCTION:
-X509_LOOKUP_by_subject                  554	EXIST::FUNCTION:
-X509_LOOKUP_ctrl                        555	EXIST::FUNCTION:
-X509_LOOKUP_file                        556	EXIST::FUNCTION:
-X509_LOOKUP_free                        557	EXIST::FUNCTION:
-X509_LOOKUP_hash_dir                    558	EXIST::FUNCTION:
-X509_LOOKUP_init                        559	EXIST::FUNCTION:
-X509_LOOKUP_new                         560	EXIST::FUNCTION:
-X509_LOOKUP_shutdown                    561	EXIST::FUNCTION:
-X509_NAME_ENTRY_create_by_NID           562	EXIST::FUNCTION:
-X509_NAME_ENTRY_create_by_OBJ           563	EXIST::FUNCTION:
-X509_NAME_ENTRY_dup                     564	EXIST::FUNCTION:
-X509_NAME_ENTRY_free                    565	EXIST::FUNCTION:
-X509_NAME_ENTRY_get_data                566	EXIST::FUNCTION:
-X509_NAME_ENTRY_get_object              567	EXIST::FUNCTION:
-X509_NAME_ENTRY_new                     568	EXIST::FUNCTION:
-X509_NAME_ENTRY_set_data                569	EXIST::FUNCTION:
-X509_NAME_ENTRY_set_object              570	EXIST::FUNCTION:
-X509_NAME_add_entry                     571	EXIST::FUNCTION:
-X509_NAME_cmp                           572	EXIST::FUNCTION:
-X509_NAME_delete_entry                  573	EXIST::FUNCTION:
-X509_NAME_digest                        574	EXIST::FUNCTION:EVP
-X509_NAME_dup                           575	EXIST::FUNCTION:
-X509_NAME_entry_count                   576	EXIST::FUNCTION:
-X509_NAME_free                          577	EXIST::FUNCTION:
-X509_NAME_get_entry                     578	EXIST::FUNCTION:
-X509_NAME_get_index_by_NID              579	EXIST::FUNCTION:
-X509_NAME_get_index_by_OBJ              580	EXIST::FUNCTION:
-X509_NAME_get_text_by_NID               581	EXIST::FUNCTION:
-X509_NAME_get_text_by_OBJ               582	EXIST::FUNCTION:
-X509_NAME_hash                          583	EXIST::FUNCTION:
-X509_NAME_new                           584	EXIST::FUNCTION:
-X509_NAME_oneline                       585	EXIST::FUNCTION:EVP
-X509_NAME_print                         586	EXIST::FUNCTION:BIO
-X509_NAME_set                           587	EXIST::FUNCTION:
-X509_OBJECT_free_contents               588	EXIST::FUNCTION:
-X509_OBJECT_retrieve_by_subject         589	EXIST::FUNCTION:
-X509_OBJECT_up_ref_count                590	EXIST::FUNCTION:
-X509_PKEY_free                          591	EXIST::FUNCTION:
-X509_PKEY_new                           592	EXIST::FUNCTION:
-X509_PUBKEY_free                        593	EXIST::FUNCTION:
-X509_PUBKEY_get                         594	EXIST::FUNCTION:
-X509_PUBKEY_new                         595	EXIST::FUNCTION:
-X509_PUBKEY_set                         596	EXIST::FUNCTION:
-X509_REQ_INFO_free                      597	EXIST::FUNCTION:
-X509_REQ_INFO_new                       598	EXIST::FUNCTION:
-X509_REQ_dup                            599	EXIST::FUNCTION:
-X509_REQ_free                           600	EXIST::FUNCTION:
-X509_REQ_get_pubkey                     601	EXIST::FUNCTION:
-X509_REQ_new                            602	EXIST::FUNCTION:
-X509_REQ_print                          603	EXIST::FUNCTION:BIO
-X509_REQ_print_fp                       604	EXIST::FUNCTION:FP_API
-X509_REQ_set_pubkey                     605	EXIST::FUNCTION:
-X509_REQ_set_subject_name               606	EXIST::FUNCTION:
-X509_REQ_set_version                    607	EXIST::FUNCTION:
-X509_REQ_sign                           608	EXIST::FUNCTION:EVP
-X509_REQ_to_X509                        609	EXIST::FUNCTION:
-X509_REQ_verify                         610	EXIST::FUNCTION:EVP
-X509_REVOKED_add_ext                    611	EXIST::FUNCTION:
-X509_REVOKED_delete_ext                 612	EXIST::FUNCTION:
-X509_REVOKED_free                       613	EXIST::FUNCTION:
-X509_REVOKED_get_ext                    614	EXIST::FUNCTION:
-X509_REVOKED_get_ext_by_NID             615	EXIST::FUNCTION:
-X509_REVOKED_get_ext_by_OBJ             616	EXIST::FUNCTION:
-X509_REVOKED_get_ext_by_critical        617	EXIST:!VMS:FUNCTION:
-X509_REVOKED_get_ext_by_critic          617	EXIST:VMS:FUNCTION:
-X509_REVOKED_get_ext_count              618	EXIST::FUNCTION:
-X509_REVOKED_new                        619	EXIST::FUNCTION:
-X509_SIG_free                           620	EXIST::FUNCTION:
-X509_SIG_new                            621	EXIST::FUNCTION:
-X509_STORE_CTX_cleanup                  622	EXIST::FUNCTION:
-X509_STORE_CTX_init                     623	EXIST::FUNCTION:
-X509_STORE_add_cert                     624	EXIST::FUNCTION:
-X509_STORE_add_lookup                   625	EXIST::FUNCTION:
-X509_STORE_free                         626	EXIST::FUNCTION:
-X509_STORE_get_by_subject               627	EXIST::FUNCTION:
-X509_STORE_load_locations               628	EXIST::FUNCTION:STDIO
-X509_STORE_new                          629	EXIST::FUNCTION:
-X509_STORE_set_default_paths            630	EXIST::FUNCTION:STDIO
-X509_VAL_free                           631	EXIST::FUNCTION:
-X509_VAL_new                            632	EXIST::FUNCTION:
-X509_add_ext                            633	EXIST::FUNCTION:
-X509_asn1_meth                          634	NOEXIST::FUNCTION:
-X509_certificate_type                   635	EXIST::FUNCTION:
-X509_check_private_key                  636	EXIST::FUNCTION:
-X509_cmp_current_time                   637	EXIST::FUNCTION:
-X509_delete_ext                         638	EXIST::FUNCTION:
-X509_digest                             639	EXIST::FUNCTION:EVP
-X509_dup                                640	EXIST::FUNCTION:
-X509_free                               641	EXIST::FUNCTION:
-X509_get_default_cert_area              642	EXIST::FUNCTION:
-X509_get_default_cert_dir               643	EXIST::FUNCTION:
-X509_get_default_cert_dir_env           644	EXIST::FUNCTION:
-X509_get_default_cert_file              645	EXIST::FUNCTION:
-X509_get_default_cert_file_env          646	EXIST::FUNCTION:
-X509_get_default_private_dir            647	EXIST::FUNCTION:
-X509_get_ext                            648	EXIST::FUNCTION:
-X509_get_ext_by_NID                     649	EXIST::FUNCTION:
-X509_get_ext_by_OBJ                     650	EXIST::FUNCTION:
-X509_get_ext_by_critical                651	EXIST::FUNCTION:
-X509_get_ext_count                      652	EXIST::FUNCTION:
-X509_get_issuer_name                    653	EXIST::FUNCTION:
-X509_get_pubkey                         654	EXIST::FUNCTION:
-X509_get_pubkey_parameters              655	EXIST::FUNCTION:
-X509_get_serialNumber                   656	EXIST::FUNCTION:
-X509_get_subject_name                   657	EXIST::FUNCTION:
-X509_gmtime_adj                         658	EXIST::FUNCTION:
-X509_issuer_and_serial_cmp              659	EXIST::FUNCTION:
-X509_issuer_and_serial_hash             660	EXIST::FUNCTION:
-X509_issuer_name_cmp                    661	EXIST::FUNCTION:
-X509_issuer_name_hash                   662	EXIST::FUNCTION:
-X509_load_cert_file                     663	EXIST::FUNCTION:STDIO
-X509_new                                664	EXIST::FUNCTION:
-X509_print                              665	EXIST::FUNCTION:BIO
-X509_print_fp                           666	EXIST::FUNCTION:FP_API
-X509_set_issuer_name                    667	EXIST::FUNCTION:
-X509_set_notAfter                       668	EXIST::FUNCTION:
-X509_set_notBefore                      669	EXIST::FUNCTION:
-X509_set_pubkey                         670	EXIST::FUNCTION:
-X509_set_serialNumber                   671	EXIST::FUNCTION:
-X509_set_subject_name                   672	EXIST::FUNCTION:
-X509_set_version                        673	EXIST::FUNCTION:
-X509_sign                               674	EXIST::FUNCTION:EVP
-X509_subject_name_cmp                   675	EXIST::FUNCTION:
-X509_subject_name_hash                  676	EXIST::FUNCTION:
-X509_to_X509_REQ                        677	EXIST::FUNCTION:
-X509_verify                             678	EXIST::FUNCTION:EVP
-X509_verify_cert                        679	EXIST::FUNCTION:
-X509_verify_cert_error_string           680	EXIST::FUNCTION:
-X509v3_add_ext                          681	EXIST::FUNCTION:
-X509v3_add_extension                    682	NOEXIST::FUNCTION:
-X509v3_add_netscape_extensions          683	NOEXIST::FUNCTION:
-X509v3_add_standard_extensions          684	NOEXIST::FUNCTION:
-X509v3_cleanup_extensions               685	NOEXIST::FUNCTION:
-X509v3_data_type_by_NID                 686	NOEXIST::FUNCTION:
-X509v3_data_type_by_OBJ                 687	NOEXIST::FUNCTION:
-X509v3_delete_ext                       688	EXIST::FUNCTION:
-X509v3_get_ext                          689	EXIST::FUNCTION:
-X509v3_get_ext_by_NID                   690	EXIST::FUNCTION:
-X509v3_get_ext_by_OBJ                   691	EXIST::FUNCTION:
-X509v3_get_ext_by_critical              692	EXIST::FUNCTION:
-X509v3_get_ext_count                    693	EXIST::FUNCTION:
-X509v3_pack_string                      694	NOEXIST::FUNCTION:
-X509v3_pack_type_by_NID                 695	NOEXIST::FUNCTION:
-X509v3_pack_type_by_OBJ                 696	NOEXIST::FUNCTION:
-X509v3_unpack_string                    697	NOEXIST::FUNCTION:
-_des_crypt                              698	NOEXIST::FUNCTION:
-a2d_ASN1_OBJECT                         699	EXIST::FUNCTION:
-a2i_ASN1_INTEGER                        700	EXIST::FUNCTION:BIO
-a2i_ASN1_STRING                         701	EXIST::FUNCTION:BIO
-asn1_Finish                             702	EXIST::FUNCTION:
-asn1_GetSequence                        703	EXIST::FUNCTION:
-bn_div_words                            704	EXIST::FUNCTION:
-bn_expand2                              705	EXIST::FUNCTION:
-bn_mul_add_words                        706	EXIST::FUNCTION:
-bn_mul_words                            707	EXIST::FUNCTION:
-BN_uadd                                 708	EXIST::FUNCTION:
-BN_usub                                 709	EXIST::FUNCTION:
-bn_sqr_words                            710	EXIST::FUNCTION:
-_ossl_old_crypt                         711	EXIST:!NeXT,!PERL5:FUNCTION:DES
-d2i_ASN1_BIT_STRING                     712	EXIST::FUNCTION:
-d2i_ASN1_BOOLEAN                        713	EXIST::FUNCTION:
-d2i_ASN1_HEADER                         714	NOEXIST::FUNCTION:
-d2i_ASN1_IA5STRING                      715	EXIST::FUNCTION:
-d2i_ASN1_INTEGER                        716	EXIST::FUNCTION:
-d2i_ASN1_OBJECT                         717	EXIST::FUNCTION:
-d2i_ASN1_OCTET_STRING                   718	EXIST::FUNCTION:
-d2i_ASN1_PRINTABLE                      719	EXIST::FUNCTION:
-d2i_ASN1_PRINTABLESTRING                720	EXIST::FUNCTION:
-d2i_ASN1_SET                            721	EXIST::FUNCTION:
-d2i_ASN1_T61STRING                      722	EXIST::FUNCTION:
-d2i_ASN1_TYPE                           723	EXIST::FUNCTION:
-d2i_ASN1_UTCTIME                        724	EXIST::FUNCTION:
-d2i_ASN1_bytes                          725	EXIST::FUNCTION:
-d2i_ASN1_type_bytes                     726	EXIST::FUNCTION:
-d2i_DHparams                            727	EXIST::FUNCTION:DH
-d2i_DSAPrivateKey                       728	EXIST::FUNCTION:DSA
-d2i_DSAPrivateKey_bio                   729	EXIST::FUNCTION:BIO,DSA
-d2i_DSAPrivateKey_fp                    730	EXIST::FUNCTION:DSA,FP_API
-d2i_DSAPublicKey                        731	EXIST::FUNCTION:DSA
-d2i_DSAparams                           732	EXIST::FUNCTION:DSA
-d2i_NETSCAPE_SPKAC                      733	EXIST::FUNCTION:
-d2i_NETSCAPE_SPKI                       734	EXIST::FUNCTION:
-d2i_Netscape_RSA                        735	EXIST::FUNCTION:RC4,RSA
-d2i_PKCS7                               736	EXIST::FUNCTION:
-d2i_PKCS7_DIGEST                        737	EXIST::FUNCTION:
-d2i_PKCS7_ENCRYPT                       738	EXIST::FUNCTION:
-d2i_PKCS7_ENC_CONTENT                   739	EXIST::FUNCTION:
-d2i_PKCS7_ENVELOPE                      740	EXIST::FUNCTION:
-d2i_PKCS7_ISSUER_AND_SERIAL             741	EXIST::FUNCTION:
-d2i_PKCS7_RECIP_INFO                    742	EXIST::FUNCTION:
-d2i_PKCS7_SIGNED                        743	EXIST::FUNCTION:
-d2i_PKCS7_SIGNER_INFO                   744	EXIST::FUNCTION:
-d2i_PKCS7_SIGN_ENVELOPE                 745	EXIST::FUNCTION:
-d2i_PKCS7_bio                           746	EXIST::FUNCTION:
-d2i_PKCS7_fp                            747	EXIST::FUNCTION:FP_API
-d2i_PrivateKey                          748	EXIST::FUNCTION:
-d2i_PublicKey                           749	EXIST::FUNCTION:
-d2i_RSAPrivateKey                       750	EXIST::FUNCTION:RSA
-d2i_RSAPrivateKey_bio                   751	EXIST::FUNCTION:BIO,RSA
-d2i_RSAPrivateKey_fp                    752	EXIST::FUNCTION:FP_API,RSA
-d2i_RSAPublicKey                        753	EXIST::FUNCTION:RSA
-d2i_X509                                754	EXIST::FUNCTION:
-d2i_X509_ALGOR                          755	EXIST::FUNCTION:
-d2i_X509_ATTRIBUTE                      756	EXIST::FUNCTION:
-d2i_X509_CINF                           757	EXIST::FUNCTION:
-d2i_X509_CRL                            758	EXIST::FUNCTION:
-d2i_X509_CRL_INFO                       759	EXIST::FUNCTION:
-d2i_X509_CRL_bio                        760	EXIST::FUNCTION:BIO
-d2i_X509_CRL_fp                         761	EXIST::FUNCTION:FP_API
-d2i_X509_EXTENSION                      762	EXIST::FUNCTION:
-d2i_X509_NAME                           763	EXIST::FUNCTION:
-d2i_X509_NAME_ENTRY                     764	EXIST::FUNCTION:
-d2i_X509_PKEY                           765	EXIST::FUNCTION:
-d2i_X509_PUBKEY                         766	EXIST::FUNCTION:
-d2i_X509_REQ                            767	EXIST::FUNCTION:
-d2i_X509_REQ_INFO                       768	EXIST::FUNCTION:
-d2i_X509_REQ_bio                        769	EXIST::FUNCTION:BIO
-d2i_X509_REQ_fp                         770	EXIST::FUNCTION:FP_API
-d2i_X509_REVOKED                        771	EXIST::FUNCTION:
-d2i_X509_SIG                            772	EXIST::FUNCTION:
-d2i_X509_VAL                            773	EXIST::FUNCTION:
-d2i_X509_bio                            774	EXIST::FUNCTION:BIO
-d2i_X509_fp                             775	EXIST::FUNCTION:FP_API
-DES_cbc_cksum                           777	EXIST::FUNCTION:DES
-DES_cbc_encrypt                         778	EXIST::FUNCTION:DES
-DES_cblock_print_file                   779	NOEXIST::FUNCTION:
-DES_cfb64_encrypt                       780	EXIST::FUNCTION:DES
-DES_cfb_encrypt                         781	EXIST::FUNCTION:DES
-DES_decrypt3                            782	EXIST::FUNCTION:DES
-DES_ecb3_encrypt                        783	EXIST::FUNCTION:DES
-DES_ecb_encrypt                         784	EXIST::FUNCTION:DES
-DES_ede3_cbc_encrypt                    785	EXIST::FUNCTION:DES
-DES_ede3_cfb64_encrypt                  786	EXIST::FUNCTION:DES
-DES_ede3_ofb64_encrypt                  787	EXIST::FUNCTION:DES
-DES_enc_read                            788	EXIST::FUNCTION:DES
-DES_enc_write                           789	EXIST::FUNCTION:DES
-DES_encrypt1                            790	EXIST::FUNCTION:DES
-DES_encrypt2                            791	EXIST::FUNCTION:DES
-DES_encrypt3                            792	EXIST::FUNCTION:DES
-DES_fcrypt                              793	EXIST::FUNCTION:DES
-DES_is_weak_key                         794	EXIST::FUNCTION:DES
-DES_key_sched                           795	EXIST::FUNCTION:DES
-DES_ncbc_encrypt                        796	EXIST::FUNCTION:DES
-DES_ofb64_encrypt                       797	EXIST::FUNCTION:DES
-DES_ofb_encrypt                         798	EXIST::FUNCTION:DES
-DES_options                             799	EXIST::FUNCTION:DES
-DES_pcbc_encrypt                        800	EXIST::FUNCTION:DES
-DES_quad_cksum                          801	EXIST::FUNCTION:DES
-DES_random_key                          802	EXIST::FUNCTION:DES
-_ossl_old_des_random_seed               803	EXIST::FUNCTION:DES
-_ossl_old_des_read_2passwords           804	EXIST::FUNCTION:DES
-_ossl_old_des_read_password             805	EXIST::FUNCTION:DES
-_ossl_old_des_read_pw                   806	EXIST::FUNCTION:
-_ossl_old_des_read_pw_string            807	EXIST::FUNCTION:
-DES_set_key                             808	EXIST::FUNCTION:DES
-DES_set_odd_parity                      809	EXIST::FUNCTION:DES
-DES_string_to_2keys                     810	EXIST::FUNCTION:DES
-DES_string_to_key                       811	EXIST::FUNCTION:DES
-DES_xcbc_encrypt                        812	EXIST::FUNCTION:DES
-DES_xwhite_in2out                       813	NOEXIST::FUNCTION:
-fcrypt_body                             814	NOEXIST::FUNCTION:
-i2a_ASN1_INTEGER                        815	EXIST::FUNCTION:BIO
-i2a_ASN1_OBJECT                         816	EXIST::FUNCTION:BIO
-i2a_ASN1_STRING                         817	EXIST::FUNCTION:BIO
-i2d_ASN1_BIT_STRING                     818	EXIST::FUNCTION:
-i2d_ASN1_BOOLEAN                        819	EXIST::FUNCTION:
-i2d_ASN1_HEADER                         820	NOEXIST::FUNCTION:
-i2d_ASN1_IA5STRING                      821	EXIST::FUNCTION:
-i2d_ASN1_INTEGER                        822	EXIST::FUNCTION:
-i2d_ASN1_OBJECT                         823	EXIST::FUNCTION:
-i2d_ASN1_OCTET_STRING                   824	EXIST::FUNCTION:
-i2d_ASN1_PRINTABLE                      825	EXIST::FUNCTION:
-i2d_ASN1_SET                            826	EXIST::FUNCTION:
-i2d_ASN1_TYPE                           827	EXIST::FUNCTION:
-i2d_ASN1_UTCTIME                        828	EXIST::FUNCTION:
-i2d_ASN1_bytes                          829	EXIST::FUNCTION:
-i2d_DHparams                            830	EXIST::FUNCTION:DH
-i2d_DSAPrivateKey                       831	EXIST::FUNCTION:DSA
-i2d_DSAPrivateKey_bio                   832	EXIST::FUNCTION:BIO,DSA
-i2d_DSAPrivateKey_fp                    833	EXIST::FUNCTION:DSA,FP_API
-i2d_DSAPublicKey                        834	EXIST::FUNCTION:DSA
-i2d_DSAparams                           835	EXIST::FUNCTION:DSA
-i2d_NETSCAPE_SPKAC                      836	EXIST::FUNCTION:
-i2d_NETSCAPE_SPKI                       837	EXIST::FUNCTION:
-i2d_Netscape_RSA                        838	EXIST::FUNCTION:RC4,RSA
-i2d_PKCS7                               839	EXIST::FUNCTION:
-i2d_PKCS7_DIGEST                        840	EXIST::FUNCTION:
-i2d_PKCS7_ENCRYPT                       841	EXIST::FUNCTION:
-i2d_PKCS7_ENC_CONTENT                   842	EXIST::FUNCTION:
-i2d_PKCS7_ENVELOPE                      843	EXIST::FUNCTION:
-i2d_PKCS7_ISSUER_AND_SERIAL             844	EXIST::FUNCTION:
-i2d_PKCS7_RECIP_INFO                    845	EXIST::FUNCTION:
-i2d_PKCS7_SIGNED                        846	EXIST::FUNCTION:
-i2d_PKCS7_SIGNER_INFO                   847	EXIST::FUNCTION:
-i2d_PKCS7_SIGN_ENVELOPE                 848	EXIST::FUNCTION:
-i2d_PKCS7_bio                           849	EXIST::FUNCTION:
-i2d_PKCS7_fp                            850	EXIST::FUNCTION:FP_API
-i2d_PrivateKey                          851	EXIST::FUNCTION:
-i2d_PublicKey                           852	EXIST::FUNCTION:
-i2d_RSAPrivateKey                       853	EXIST::FUNCTION:RSA
-i2d_RSAPrivateKey_bio                   854	EXIST::FUNCTION:BIO,RSA
-i2d_RSAPrivateKey_fp                    855	EXIST::FUNCTION:FP_API,RSA
-i2d_RSAPublicKey                        856	EXIST::FUNCTION:RSA
-i2d_X509                                857	EXIST::FUNCTION:
-i2d_X509_ALGOR                          858	EXIST::FUNCTION:
-i2d_X509_ATTRIBUTE                      859	EXIST::FUNCTION:
-i2d_X509_CINF                           860	EXIST::FUNCTION:
-i2d_X509_CRL                            861	EXIST::FUNCTION:
-i2d_X509_CRL_INFO                       862	EXIST::FUNCTION:
-i2d_X509_CRL_bio                        863	EXIST::FUNCTION:BIO
-i2d_X509_CRL_fp                         864	EXIST::FUNCTION:FP_API
-i2d_X509_EXTENSION                      865	EXIST::FUNCTION:
-i2d_X509_NAME                           866	EXIST::FUNCTION:
-i2d_X509_NAME_ENTRY                     867	EXIST::FUNCTION:
-i2d_X509_PKEY                           868	EXIST::FUNCTION:
-i2d_X509_PUBKEY                         869	EXIST::FUNCTION:
-i2d_X509_REQ                            870	EXIST::FUNCTION:
-i2d_X509_REQ_INFO                       871	EXIST::FUNCTION:
-i2d_X509_REQ_bio                        872	EXIST::FUNCTION:BIO
-i2d_X509_REQ_fp                         873	EXIST::FUNCTION:FP_API
-i2d_X509_REVOKED                        874	EXIST::FUNCTION:
-i2d_X509_SIG                            875	EXIST::FUNCTION:
-i2d_X509_VAL                            876	EXIST::FUNCTION:
-i2d_X509_bio                            877	EXIST::FUNCTION:BIO
-i2d_X509_fp                             878	EXIST::FUNCTION:FP_API
-idea_cbc_encrypt                        879	EXIST::FUNCTION:IDEA
-idea_cfb64_encrypt                      880	EXIST::FUNCTION:IDEA
-idea_ecb_encrypt                        881	EXIST::FUNCTION:IDEA
-idea_encrypt                            882	EXIST::FUNCTION:IDEA
-idea_ofb64_encrypt                      883	EXIST::FUNCTION:IDEA
-idea_options                            884	EXIST::FUNCTION:IDEA
-idea_set_decrypt_key                    885	EXIST::FUNCTION:IDEA
-idea_set_encrypt_key                    886	EXIST::FUNCTION:IDEA
-lh_delete                               887	EXIST::FUNCTION:
-lh_doall                                888	EXIST::FUNCTION:
-lh_doall_arg                            889	EXIST::FUNCTION:
-lh_free                                 890	EXIST::FUNCTION:
-lh_insert                               891	EXIST::FUNCTION:
-lh_new                                  892	EXIST::FUNCTION:
-lh_node_stats                           893	EXIST::FUNCTION:FP_API
-lh_node_stats_bio                       894	EXIST::FUNCTION:BIO
-lh_node_usage_stats                     895	EXIST::FUNCTION:FP_API
-lh_node_usage_stats_bio                 896	EXIST::FUNCTION:BIO
-lh_retrieve                             897	EXIST::FUNCTION:
-lh_stats                                898	EXIST::FUNCTION:FP_API
-lh_stats_bio                            899	EXIST::FUNCTION:BIO
-lh_strhash                              900	EXIST::FUNCTION:
-sk_delete                               901	EXIST::FUNCTION:
-sk_delete_ptr                           902	EXIST::FUNCTION:
-sk_dup                                  903	EXIST::FUNCTION:
-sk_find                                 904	EXIST::FUNCTION:
-sk_free                                 905	EXIST::FUNCTION:
-sk_insert                               906	EXIST::FUNCTION:
-sk_new                                  907	EXIST::FUNCTION:
-sk_pop                                  908	EXIST::FUNCTION:
-sk_pop_free                             909	EXIST::FUNCTION:
-sk_push                                 910	EXIST::FUNCTION:
-sk_set_cmp_func                         911	EXIST::FUNCTION:
-sk_shift                                912	EXIST::FUNCTION:
-sk_unshift                              913	EXIST::FUNCTION:
-sk_zero                                 914	EXIST::FUNCTION:
-BIO_f_nbio_test                         915	EXIST::FUNCTION:
-ASN1_TYPE_get                           916	EXIST::FUNCTION:
-ASN1_TYPE_set                           917	EXIST::FUNCTION:
-PKCS7_content_free                      918	NOEXIST::FUNCTION:
-ERR_load_PKCS7_strings                  919	EXIST::FUNCTION:
-X509_find_by_issuer_and_serial          920	EXIST::FUNCTION:
-X509_find_by_subject                    921	EXIST::FUNCTION:
-PKCS7_ctrl                              927	EXIST::FUNCTION:
-PKCS7_set_type                          928	EXIST::FUNCTION:
-PKCS7_set_content                       929	EXIST::FUNCTION:
-PKCS7_SIGNER_INFO_set                   930	EXIST::FUNCTION:
-PKCS7_add_signer                        931	EXIST::FUNCTION:
-PKCS7_add_certificate                   932	EXIST::FUNCTION:
-PKCS7_add_crl                           933	EXIST::FUNCTION:
-PKCS7_content_new                       934	EXIST::FUNCTION:
-PKCS7_dataSign                          935	NOEXIST::FUNCTION:
-PKCS7_dataVerify                        936	EXIST::FUNCTION:
-PKCS7_dataInit                          937	EXIST::FUNCTION:
-PKCS7_add_signature                     938	EXIST::FUNCTION:
-PKCS7_cert_from_signer_info             939	EXIST::FUNCTION:
-PKCS7_get_signer_info                   940	EXIST::FUNCTION:
-EVP_delete_alias                        941	NOEXIST::FUNCTION:
-EVP_mdc2                                942	EXIST::FUNCTION:MDC2
-PEM_read_bio_RSAPublicKey               943	EXIST::FUNCTION:RSA
-PEM_write_bio_RSAPublicKey              944	EXIST::FUNCTION:RSA
-d2i_RSAPublicKey_bio                    945	EXIST::FUNCTION:BIO,RSA
-i2d_RSAPublicKey_bio                    946	EXIST::FUNCTION:BIO,RSA
-PEM_read_RSAPublicKey                   947	EXIST:!WIN16:FUNCTION:RSA
-PEM_write_RSAPublicKey                  949	EXIST:!WIN16:FUNCTION:RSA
-d2i_RSAPublicKey_fp                     952	EXIST::FUNCTION:FP_API,RSA
-i2d_RSAPublicKey_fp                     954	EXIST::FUNCTION:FP_API,RSA
-BIO_copy_next_retry                     955	EXIST::FUNCTION:
-RSA_flags                               956	EXIST::FUNCTION:RSA
-X509_STORE_add_crl                      957	EXIST::FUNCTION:
-X509_load_crl_file                      958	EXIST::FUNCTION:STDIO
-EVP_rc2_40_cbc                          959	EXIST::FUNCTION:RC2
-EVP_rc4_40                              960	EXIST::FUNCTION:RC4
-EVP_CIPHER_CTX_init                     961	EXIST::FUNCTION:
-HMAC                                    962	EXIST::FUNCTION:HMAC
-HMAC_Init                               963	EXIST::FUNCTION:HMAC
-HMAC_Update                             964	EXIST::FUNCTION:HMAC
-HMAC_Final                              965	EXIST::FUNCTION:HMAC
-ERR_get_next_error_library              966	EXIST::FUNCTION:
-EVP_PKEY_cmp_parameters                 967	EXIST::FUNCTION:
-HMAC_cleanup                            968	NOEXIST::FUNCTION:
-BIO_ptr_ctrl                            969	EXIST::FUNCTION:
-BIO_new_file_internal                   970	NOEXIST::FUNCTION:
-BIO_new_fp_internal                     971	NOEXIST::FUNCTION:
-BIO_s_file_internal                     972	NOEXIST::FUNCTION:
-BN_BLINDING_convert                     973	EXIST::FUNCTION:
-BN_BLINDING_invert                      974	EXIST::FUNCTION:
-BN_BLINDING_update                      975	EXIST::FUNCTION:
-RSA_blinding_on                         977	EXIST::FUNCTION:RSA
-RSA_blinding_off                        978	EXIST::FUNCTION:RSA
-i2t_ASN1_OBJECT                         979	EXIST::FUNCTION:
-BN_BLINDING_new                         980	EXIST::FUNCTION:
-BN_BLINDING_free                        981	EXIST::FUNCTION:
-EVP_cast5_cbc                           983	EXIST::FUNCTION:CAST
-EVP_cast5_cfb64                         984	EXIST::FUNCTION:CAST
-EVP_cast5_ecb                           985	EXIST::FUNCTION:CAST
-EVP_cast5_ofb                           986	EXIST::FUNCTION:CAST
-BF_decrypt                              987	EXIST::FUNCTION:BF
-CAST_set_key                            988	EXIST::FUNCTION:CAST
-CAST_encrypt                            989	EXIST::FUNCTION:CAST
-CAST_decrypt                            990	EXIST::FUNCTION:CAST
-CAST_ecb_encrypt                        991	EXIST::FUNCTION:CAST
-CAST_cbc_encrypt                        992	EXIST::FUNCTION:CAST
-CAST_cfb64_encrypt                      993	EXIST::FUNCTION:CAST
-CAST_ofb64_encrypt                      994	EXIST::FUNCTION:CAST
-RC2_decrypt                             995	EXIST::FUNCTION:RC2
-OBJ_create_objects                      997	EXIST::FUNCTION:
-BN_exp                                  998	EXIST::FUNCTION:
-BN_mul_word                             999	EXIST::FUNCTION:
-BN_sub_word                             1000	EXIST::FUNCTION:
-BN_dec2bn                               1001	EXIST::FUNCTION:
-BN_bn2dec                               1002	EXIST::FUNCTION:
-BIO_ghbn_ctrl                           1003	NOEXIST::FUNCTION:
-CRYPTO_free_ex_data                     1004	EXIST::FUNCTION:
-CRYPTO_get_ex_data                      1005	EXIST::FUNCTION:
-CRYPTO_set_ex_data                      1007	EXIST::FUNCTION:
-ERR_load_CRYPTO_strings                 1009	EXIST:!OS2,!VMS:FUNCTION:
-ERR_load_CRYPTOlib_strings              1009	EXIST:OS2,VMS:FUNCTION:
-EVP_PKEY_bits                           1010	EXIST::FUNCTION:
-MD5_Transform                           1011	EXIST::FUNCTION:MD5
-SHA1_Transform                          1012	EXIST::FUNCTION:SHA,SHA1
-SHA_Transform                           1013	EXIST::FUNCTION:SHA,SHA0
-X509_STORE_CTX_get_chain                1014	EXIST::FUNCTION:
-X509_STORE_CTX_get_current_cert         1015	EXIST::FUNCTION:
-X509_STORE_CTX_get_error                1016	EXIST::FUNCTION:
-X509_STORE_CTX_get_error_depth          1017	EXIST::FUNCTION:
-X509_STORE_CTX_get_ex_data              1018	EXIST::FUNCTION:
-X509_STORE_CTX_set_cert                 1020	EXIST::FUNCTION:
-X509_STORE_CTX_set_chain                1021	EXIST::FUNCTION:
-X509_STORE_CTX_set_error                1022	EXIST::FUNCTION:
-X509_STORE_CTX_set_ex_data              1023	EXIST::FUNCTION:
-CRYPTO_dup_ex_data                      1025	EXIST::FUNCTION:
-CRYPTO_get_new_lockid                   1026	EXIST::FUNCTION:
-CRYPTO_new_ex_data                      1027	EXIST::FUNCTION:
-RSA_set_ex_data                         1028	EXIST::FUNCTION:RSA
-RSA_get_ex_data                         1029	EXIST::FUNCTION:RSA
-RSA_get_ex_new_index                    1030	EXIST::FUNCTION:RSA
-RSA_padding_add_PKCS1_type_1            1031	EXIST::FUNCTION:RSA
-RSA_padding_add_PKCS1_type_2            1032	EXIST::FUNCTION:RSA
-RSA_padding_add_SSLv23                  1033	EXIST::FUNCTION:RSA
-RSA_padding_add_none                    1034	EXIST::FUNCTION:RSA
-RSA_padding_check_PKCS1_type_1          1035	EXIST::FUNCTION:RSA
-RSA_padding_check_PKCS1_type_2          1036	EXIST::FUNCTION:RSA
-RSA_padding_check_SSLv23                1037	EXIST::FUNCTION:RSA
-RSA_padding_check_none                  1038	EXIST::FUNCTION:RSA
-bn_add_words                            1039	EXIST::FUNCTION:
-d2i_Netscape_RSA_2                      1040	NOEXIST::FUNCTION:
-CRYPTO_get_ex_new_index                 1041	EXIST::FUNCTION:
-RIPEMD160_Init                          1042	EXIST::FUNCTION:RIPEMD
-RIPEMD160_Update                        1043	EXIST::FUNCTION:RIPEMD
-RIPEMD160_Final                         1044	EXIST::FUNCTION:RIPEMD
-RIPEMD160                               1045	EXIST::FUNCTION:RIPEMD
-RIPEMD160_Transform                     1046	EXIST::FUNCTION:RIPEMD
-RC5_32_set_key                          1047	EXIST::FUNCTION:RC5
-RC5_32_ecb_encrypt                      1048	EXIST::FUNCTION:RC5
-RC5_32_encrypt                          1049	EXIST::FUNCTION:RC5
-RC5_32_decrypt                          1050	EXIST::FUNCTION:RC5
-RC5_32_cbc_encrypt                      1051	EXIST::FUNCTION:RC5
-RC5_32_cfb64_encrypt                    1052	EXIST::FUNCTION:RC5
-RC5_32_ofb64_encrypt                    1053	EXIST::FUNCTION:RC5
-BN_bn2mpi                               1058	EXIST::FUNCTION:
-BN_mpi2bn                               1059	EXIST::FUNCTION:
-ASN1_BIT_STRING_get_bit                 1060	EXIST::FUNCTION:
-ASN1_BIT_STRING_set_bit                 1061	EXIST::FUNCTION:
-BIO_get_ex_data                         1062	EXIST::FUNCTION:
-BIO_get_ex_new_index                    1063	EXIST::FUNCTION:
-BIO_set_ex_data                         1064	EXIST::FUNCTION:
-X509v3_get_key_usage                    1066	NOEXIST::FUNCTION:
-X509v3_set_key_usage                    1067	NOEXIST::FUNCTION:
-a2i_X509v3_key_usage                    1068	NOEXIST::FUNCTION:
-i2a_X509v3_key_usage                    1069	NOEXIST::FUNCTION:
-EVP_PKEY_decrypt                        1070	EXIST::FUNCTION:
-EVP_PKEY_encrypt                        1071	EXIST::FUNCTION:
-PKCS7_RECIP_INFO_set                    1072	EXIST::FUNCTION:
-PKCS7_add_recipient                     1073	EXIST::FUNCTION:
-PKCS7_add_recipient_info                1074	EXIST::FUNCTION:
-PKCS7_set_cipher                        1075	EXIST::FUNCTION:
-ASN1_TYPE_get_int_octetstring           1076	EXIST::FUNCTION:
-ASN1_TYPE_get_octetstring               1077	EXIST::FUNCTION:
-ASN1_TYPE_set_int_octetstring           1078	EXIST::FUNCTION:
-ASN1_TYPE_set_octetstring               1079	EXIST::FUNCTION:
-ASN1_UTCTIME_set_string                 1080	EXIST::FUNCTION:
-ERR_add_error_data                      1081	EXIST::FUNCTION:
-ERR_set_error_data                      1082	EXIST::FUNCTION:
-EVP_CIPHER_asn1_to_param                1083	EXIST::FUNCTION:
-EVP_CIPHER_param_to_asn1                1084	EXIST::FUNCTION:
-EVP_CIPHER_get_asn1_iv                  1085	EXIST::FUNCTION:
-EVP_CIPHER_set_asn1_iv                  1086	EXIST::FUNCTION:
-EVP_rc5_32_12_16_cbc                    1087	EXIST::FUNCTION:RC5
-EVP_rc5_32_12_16_cfb64                  1088	EXIST::FUNCTION:RC5
-EVP_rc5_32_12_16_ecb                    1089	EXIST::FUNCTION:RC5
-EVP_rc5_32_12_16_ofb                    1090	EXIST::FUNCTION:RC5
-asn1_add_error                          1091	EXIST::FUNCTION:
-d2i_ASN1_BMPSTRING                      1092	EXIST::FUNCTION:
-i2d_ASN1_BMPSTRING                      1093	EXIST::FUNCTION:
-BIO_f_ber                               1094	NOEXIST::FUNCTION:
-BN_init                                 1095	EXIST::FUNCTION:
-COMP_CTX_new                            1096	EXIST::FUNCTION:
-COMP_CTX_free                           1097	EXIST::FUNCTION:
-COMP_CTX_compress_block                 1098	NOEXIST::FUNCTION:
-COMP_CTX_expand_block                   1099	NOEXIST::FUNCTION:
-X509_STORE_CTX_get_ex_new_index         1100	EXIST::FUNCTION:
-OBJ_NAME_add                            1101	EXIST::FUNCTION:
-BIO_socket_nbio                         1102	EXIST::FUNCTION:
-EVP_rc2_64_cbc                          1103	EXIST::FUNCTION:RC2
-OBJ_NAME_cleanup                        1104	EXIST::FUNCTION:
-OBJ_NAME_get                            1105	EXIST::FUNCTION:
-OBJ_NAME_init                           1106	EXIST::FUNCTION:
-OBJ_NAME_new_index                      1107	EXIST::FUNCTION:
-OBJ_NAME_remove                         1108	EXIST::FUNCTION:
-BN_MONT_CTX_copy                        1109	EXIST::FUNCTION:
-BIO_new_socks4a_connect                 1110	NOEXIST::FUNCTION:
-BIO_s_socks4a_connect                   1111	NOEXIST::FUNCTION:
-PROXY_set_connect_mode                  1112	NOEXIST::FUNCTION:
-RAND_SSLeay                             1113	EXIST::FUNCTION:
-RAND_set_rand_method                    1114	EXIST::FUNCTION:
-RSA_memory_lock                         1115	EXIST::FUNCTION:RSA
-bn_sub_words                            1116	EXIST::FUNCTION:
-bn_mul_normal                           1117	NOEXIST::FUNCTION:
-bn_mul_comba8                           1118	NOEXIST::FUNCTION:
-bn_mul_comba4                           1119	NOEXIST::FUNCTION:
-bn_sqr_normal                           1120	NOEXIST::FUNCTION:
-bn_sqr_comba8                           1121	NOEXIST::FUNCTION:
-bn_sqr_comba4                           1122	NOEXIST::FUNCTION:
-bn_cmp_words                            1123	NOEXIST::FUNCTION:
-bn_mul_recursive                        1124	NOEXIST::FUNCTION:
-bn_mul_part_recursive                   1125	NOEXIST::FUNCTION:
-bn_sqr_recursive                        1126	NOEXIST::FUNCTION:
-bn_mul_low_normal                       1127	NOEXIST::FUNCTION:
-BN_RECP_CTX_init                        1128	EXIST::FUNCTION:
-BN_RECP_CTX_new                         1129	EXIST::FUNCTION:
-BN_RECP_CTX_free                        1130	EXIST::FUNCTION:
-BN_RECP_CTX_set                         1131	EXIST::FUNCTION:
-BN_mod_mul_reciprocal                   1132	EXIST::FUNCTION:
-BN_mod_exp_recp                         1133	EXIST::FUNCTION:
-BN_div_recp                             1134	EXIST::FUNCTION:
-BN_CTX_init                             1135	EXIST::FUNCTION:DEPRECATED
-BN_MONT_CTX_init                        1136	EXIST::FUNCTION:
-RAND_get_rand_method                    1137	EXIST::FUNCTION:
-PKCS7_add_attribute                     1138	EXIST::FUNCTION:
-PKCS7_add_signed_attribute              1139	EXIST::FUNCTION:
-PKCS7_digest_from_attributes            1140	EXIST::FUNCTION:
-PKCS7_get_attribute                     1141	EXIST::FUNCTION:
-PKCS7_get_issuer_and_serial             1142	EXIST::FUNCTION:
-PKCS7_get_signed_attribute              1143	EXIST::FUNCTION:
-COMP_compress_block                     1144	EXIST::FUNCTION:
-COMP_expand_block                       1145	EXIST::FUNCTION:
-COMP_rle                                1146	EXIST::FUNCTION:
-COMP_zlib                               1147	EXIST::FUNCTION:
-ms_time_diff                            1148	NOEXIST::FUNCTION:
-ms_time_new                             1149	NOEXIST::FUNCTION:
-ms_time_free                            1150	NOEXIST::FUNCTION:
-ms_time_cmp                             1151	NOEXIST::FUNCTION:
-ms_time_get                             1152	NOEXIST::FUNCTION:
-PKCS7_set_attributes                    1153	EXIST::FUNCTION:
-PKCS7_set_signed_attributes             1154	EXIST::FUNCTION:
-X509_ATTRIBUTE_create                   1155	EXIST::FUNCTION:
-X509_ATTRIBUTE_dup                      1156	EXIST::FUNCTION:
-ASN1_GENERALIZEDTIME_check              1157	EXIST::FUNCTION:
-ASN1_GENERALIZEDTIME_print              1158	EXIST::FUNCTION:BIO
-ASN1_GENERALIZEDTIME_set                1159	EXIST::FUNCTION:
-ASN1_GENERALIZEDTIME_set_string         1160	EXIST::FUNCTION:
-ASN1_TIME_print                         1161	EXIST::FUNCTION:BIO
-BASIC_CONSTRAINTS_free                  1162	EXIST::FUNCTION:
-BASIC_CONSTRAINTS_new                   1163	EXIST::FUNCTION:
-ERR_load_X509V3_strings                 1164	EXIST::FUNCTION:
-NETSCAPE_CERT_SEQUENCE_free             1165	EXIST::FUNCTION:
-NETSCAPE_CERT_SEQUENCE_new              1166	EXIST::FUNCTION:
-OBJ_txt2obj                             1167	EXIST::FUNCTION:
-PEM_read_NETSCAPE_CERT_SEQUENCE         1168	EXIST:!VMS,!WIN16:FUNCTION:
-PEM_read_NS_CERT_SEQ                    1168	EXIST:VMS:FUNCTION:
-PEM_read_bio_NETSCAPE_CERT_SEQUENCE     1169	EXIST:!VMS:FUNCTION:
-PEM_read_bio_NS_CERT_SEQ                1169	EXIST:VMS:FUNCTION:
-PEM_write_NETSCAPE_CERT_SEQUENCE        1170	EXIST:!VMS,!WIN16:FUNCTION:
-PEM_write_NS_CERT_SEQ                   1170	EXIST:VMS:FUNCTION:
-PEM_write_bio_NETSCAPE_CERT_SEQUENCE    1171	EXIST:!VMS:FUNCTION:
-PEM_write_bio_NS_CERT_SEQ               1171	EXIST:VMS:FUNCTION:
-X509V3_EXT_add                          1172	EXIST::FUNCTION:
-X509V3_EXT_add_alias                    1173	EXIST::FUNCTION:
-X509V3_EXT_add_conf                     1174	EXIST::FUNCTION:
-X509V3_EXT_cleanup                      1175	EXIST::FUNCTION:
-X509V3_EXT_conf                         1176	EXIST::FUNCTION:
-X509V3_EXT_conf_nid                     1177	EXIST::FUNCTION:
-X509V3_EXT_get                          1178	EXIST::FUNCTION:
-X509V3_EXT_get_nid                      1179	EXIST::FUNCTION:
-X509V3_EXT_print                        1180	EXIST::FUNCTION:
-X509V3_EXT_print_fp                     1181	EXIST::FUNCTION:
-X509V3_add_standard_extensions          1182	EXIST::FUNCTION:
-X509V3_add_value                        1183	EXIST::FUNCTION:
-X509V3_add_value_bool                   1184	EXIST::FUNCTION:
-X509V3_add_value_int                    1185	EXIST::FUNCTION:
-X509V3_conf_free                        1186	EXIST::FUNCTION:
-X509V3_get_value_bool                   1187	EXIST::FUNCTION:
-X509V3_get_value_int                    1188	EXIST::FUNCTION:
-X509V3_parse_list                       1189	EXIST::FUNCTION:
-d2i_ASN1_GENERALIZEDTIME                1190	EXIST::FUNCTION:
-d2i_ASN1_TIME                           1191	EXIST::FUNCTION:
-d2i_BASIC_CONSTRAINTS                   1192	EXIST::FUNCTION:
-d2i_NETSCAPE_CERT_SEQUENCE              1193	EXIST::FUNCTION:
-d2i_ext_ku                              1194	NOEXIST::FUNCTION:
-ext_ku_free                             1195	NOEXIST::FUNCTION:
-ext_ku_new                              1196	NOEXIST::FUNCTION:
-i2d_ASN1_GENERALIZEDTIME                1197	EXIST::FUNCTION:
-i2d_ASN1_TIME                           1198	EXIST::FUNCTION:
-i2d_BASIC_CONSTRAINTS                   1199	EXIST::FUNCTION:
-i2d_NETSCAPE_CERT_SEQUENCE              1200	EXIST::FUNCTION:
-i2d_ext_ku                              1201	NOEXIST::FUNCTION:
-EVP_MD_CTX_copy                         1202	EXIST::FUNCTION:
-i2d_ASN1_ENUMERATED                     1203	EXIST::FUNCTION:
-d2i_ASN1_ENUMERATED                     1204	EXIST::FUNCTION:
-ASN1_ENUMERATED_set                     1205	EXIST::FUNCTION:
-ASN1_ENUMERATED_get                     1206	EXIST::FUNCTION:
-BN_to_ASN1_ENUMERATED                   1207	EXIST::FUNCTION:
-ASN1_ENUMERATED_to_BN                   1208	EXIST::FUNCTION:
-i2a_ASN1_ENUMERATED                     1209	EXIST::FUNCTION:BIO
-a2i_ASN1_ENUMERATED                     1210	EXIST::FUNCTION:BIO
-i2d_GENERAL_NAME                        1211	EXIST::FUNCTION:
-d2i_GENERAL_NAME                        1212	EXIST::FUNCTION:
-GENERAL_NAME_new                        1213	EXIST::FUNCTION:
-GENERAL_NAME_free                       1214	EXIST::FUNCTION:
-GENERAL_NAMES_new                       1215	EXIST::FUNCTION:
-GENERAL_NAMES_free                      1216	EXIST::FUNCTION:
-d2i_GENERAL_NAMES                       1217	EXIST::FUNCTION:
-i2d_GENERAL_NAMES                       1218	EXIST::FUNCTION:
-i2v_GENERAL_NAMES                       1219	EXIST::FUNCTION:
-i2s_ASN1_OCTET_STRING                   1220	EXIST::FUNCTION:
-s2i_ASN1_OCTET_STRING                   1221	EXIST::FUNCTION:
-X509V3_EXT_check_conf                   1222	NOEXIST::FUNCTION:
-hex_to_string                           1223	EXIST::FUNCTION:
-string_to_hex                           1224	EXIST::FUNCTION:
-DES_ede3_cbcm_encrypt                   1225	EXIST::FUNCTION:DES
-RSA_padding_add_PKCS1_OAEP              1226	EXIST::FUNCTION:RSA
-RSA_padding_check_PKCS1_OAEP            1227	EXIST::FUNCTION:RSA
-X509_CRL_print_fp                       1228	EXIST::FUNCTION:FP_API
-X509_CRL_print                          1229	EXIST::FUNCTION:BIO
-i2v_GENERAL_NAME                        1230	EXIST::FUNCTION:
-v2i_GENERAL_NAME                        1231	EXIST::FUNCTION:
-i2d_PKEY_USAGE_PERIOD                   1232	EXIST::FUNCTION:
-d2i_PKEY_USAGE_PERIOD                   1233	EXIST::FUNCTION:
-PKEY_USAGE_PERIOD_new                   1234	EXIST::FUNCTION:
-PKEY_USAGE_PERIOD_free                  1235	EXIST::FUNCTION:
-v2i_GENERAL_NAMES                       1236	EXIST::FUNCTION:
-i2s_ASN1_INTEGER                        1237	EXIST::FUNCTION:
-X509V3_EXT_d2i                          1238	EXIST::FUNCTION:
-name_cmp                                1239	EXIST::FUNCTION:
-str_dup                                 1240	NOEXIST::FUNCTION:
-i2s_ASN1_ENUMERATED                     1241	EXIST::FUNCTION:
-i2s_ASN1_ENUMERATED_TABLE               1242	EXIST::FUNCTION:
-BIO_s_log                               1243	EXIST:!OS2,!WIN16,!WIN32,!macintosh:FUNCTION:
-BIO_f_reliable                          1244	EXIST::FUNCTION:BIO
-PKCS7_dataFinal                         1245	EXIST::FUNCTION:
-PKCS7_dataDecode                        1246	EXIST::FUNCTION:
-X509V3_EXT_CRL_add_conf                 1247	EXIST::FUNCTION:
-BN_set_params                           1248	EXIST::FUNCTION:DEPRECATED
-BN_get_params                           1249	EXIST::FUNCTION:DEPRECATED
-BIO_get_ex_num                          1250	NOEXIST::FUNCTION:
-BIO_set_ex_free_func                    1251	NOEXIST::FUNCTION:
-EVP_ripemd160                           1252	EXIST::FUNCTION:RIPEMD
-ASN1_TIME_set                           1253	EXIST::FUNCTION:
-i2d_AUTHORITY_KEYID                     1254	EXIST::FUNCTION:
-d2i_AUTHORITY_KEYID                     1255	EXIST::FUNCTION:
-AUTHORITY_KEYID_new                     1256	EXIST::FUNCTION:
-AUTHORITY_KEYID_free                    1257	EXIST::FUNCTION:
-ASN1_seq_unpack                         1258	EXIST::FUNCTION:
-ASN1_seq_pack                           1259	EXIST::FUNCTION:
-ASN1_unpack_string                      1260	EXIST::FUNCTION:
-ASN1_pack_string                        1261	EXIST::FUNCTION:
-PKCS12_pack_safebag                     1262	NOEXIST::FUNCTION:
-PKCS12_MAKE_KEYBAG                      1263	EXIST::FUNCTION:
-PKCS8_encrypt                           1264	EXIST::FUNCTION:
-PKCS12_MAKE_SHKEYBAG                    1265	EXIST::FUNCTION:
-PKCS12_pack_p7data                      1266	EXIST::FUNCTION:
-PKCS12_pack_p7encdata                   1267	EXIST::FUNCTION:
-PKCS12_add_localkeyid                   1268	EXIST::FUNCTION:
-PKCS12_add_friendlyname_asc             1269	EXIST::FUNCTION:
-PKCS12_add_friendlyname_uni             1270	EXIST::FUNCTION:
-PKCS12_get_friendlyname                 1271	EXIST::FUNCTION:
-PKCS12_pbe_crypt                        1272	EXIST::FUNCTION:
-PKCS12_decrypt_d2i                      1273	NOEXIST::FUNCTION:
-PKCS12_i2d_encrypt                      1274	NOEXIST::FUNCTION:
-PKCS12_init                             1275	EXIST::FUNCTION:
-PKCS12_key_gen_asc                      1276	EXIST::FUNCTION:
-PKCS12_key_gen_uni                      1277	EXIST::FUNCTION:
-PKCS12_gen_mac                          1278	EXIST::FUNCTION:
-PKCS12_verify_mac                       1279	EXIST::FUNCTION:
-PKCS12_set_mac                          1280	EXIST::FUNCTION:
-PKCS12_setup_mac                        1281	EXIST::FUNCTION:
-OPENSSL_asc2uni                         1282	EXIST::FUNCTION:
-OPENSSL_uni2asc                         1283	EXIST::FUNCTION:
-i2d_PKCS12_BAGS                         1284	EXIST::FUNCTION:
-PKCS12_BAGS_new                         1285	EXIST::FUNCTION:
-d2i_PKCS12_BAGS                         1286	EXIST::FUNCTION:
-PKCS12_BAGS_free                        1287	EXIST::FUNCTION:
-i2d_PKCS12                              1288	EXIST::FUNCTION:
-d2i_PKCS12                              1289	EXIST::FUNCTION:
-PKCS12_new                              1290	EXIST::FUNCTION:
-PKCS12_free                             1291	EXIST::FUNCTION:
-i2d_PKCS12_MAC_DATA                     1292	EXIST::FUNCTION:
-PKCS12_MAC_DATA_new                     1293	EXIST::FUNCTION:
-d2i_PKCS12_MAC_DATA                     1294	EXIST::FUNCTION:
-PKCS12_MAC_DATA_free                    1295	EXIST::FUNCTION:
-i2d_PKCS12_SAFEBAG                      1296	EXIST::FUNCTION:
-PKCS12_SAFEBAG_new                      1297	EXIST::FUNCTION:
-d2i_PKCS12_SAFEBAG                      1298	EXIST::FUNCTION:
-PKCS12_SAFEBAG_free                     1299	EXIST::FUNCTION:
-ERR_load_PKCS12_strings                 1300	EXIST::FUNCTION:
-PKCS12_PBE_add                          1301	EXIST::FUNCTION:
-PKCS8_add_keyusage                      1302	EXIST::FUNCTION:
-PKCS12_get_attr_gen                     1303	EXIST::FUNCTION:
-PKCS12_parse                            1304	EXIST::FUNCTION:
-PKCS12_create                           1305	EXIST::FUNCTION:
-i2d_PKCS12_bio                          1306	EXIST::FUNCTION:
-i2d_PKCS12_fp                           1307	EXIST::FUNCTION:
-d2i_PKCS12_bio                          1308	EXIST::FUNCTION:
-d2i_PKCS12_fp                           1309	EXIST::FUNCTION:
-i2d_PBEPARAM                            1310	EXIST::FUNCTION:
-PBEPARAM_new                            1311	EXIST::FUNCTION:
-d2i_PBEPARAM                            1312	EXIST::FUNCTION:
-PBEPARAM_free                           1313	EXIST::FUNCTION:
-i2d_PKCS8_PRIV_KEY_INFO                 1314	EXIST::FUNCTION:
-PKCS8_PRIV_KEY_INFO_new                 1315	EXIST::FUNCTION:
-d2i_PKCS8_PRIV_KEY_INFO                 1316	EXIST::FUNCTION:
-PKCS8_PRIV_KEY_INFO_free                1317	EXIST::FUNCTION:
-EVP_PKCS82PKEY                          1318	EXIST::FUNCTION:
-EVP_PKEY2PKCS8                          1319	EXIST::FUNCTION:
-PKCS8_set_broken                        1320	EXIST::FUNCTION:
-EVP_PBE_ALGOR_CipherInit                1321	NOEXIST::FUNCTION:
-EVP_PBE_alg_add                         1322	EXIST::FUNCTION:
-PKCS5_pbe_set                           1323	EXIST::FUNCTION:
-EVP_PBE_cleanup                         1324	EXIST::FUNCTION:
-i2d_SXNET                               1325	EXIST::FUNCTION:
-d2i_SXNET                               1326	EXIST::FUNCTION:
-SXNET_new                               1327	EXIST::FUNCTION:
-SXNET_free                              1328	EXIST::FUNCTION:
-i2d_SXNETID                             1329	EXIST::FUNCTION:
-d2i_SXNETID                             1330	EXIST::FUNCTION:
-SXNETID_new                             1331	EXIST::FUNCTION:
-SXNETID_free                            1332	EXIST::FUNCTION:
-DSA_SIG_new                             1333	EXIST::FUNCTION:DSA
-DSA_SIG_free                            1334	EXIST::FUNCTION:DSA
-DSA_do_sign                             1335	EXIST::FUNCTION:DSA
-DSA_do_verify                           1336	EXIST::FUNCTION:DSA
-d2i_DSA_SIG                             1337	EXIST::FUNCTION:DSA
-i2d_DSA_SIG                             1338	EXIST::FUNCTION:DSA
-i2d_ASN1_VISIBLESTRING                  1339	EXIST::FUNCTION:
-d2i_ASN1_VISIBLESTRING                  1340	EXIST::FUNCTION:
-i2d_ASN1_UTF8STRING                     1341	EXIST::FUNCTION:
-d2i_ASN1_UTF8STRING                     1342	EXIST::FUNCTION:
-i2d_DIRECTORYSTRING                     1343	EXIST::FUNCTION:
-d2i_DIRECTORYSTRING                     1344	EXIST::FUNCTION:
-i2d_DISPLAYTEXT                         1345	EXIST::FUNCTION:
-d2i_DISPLAYTEXT                         1346	EXIST::FUNCTION:
-d2i_ASN1_SET_OF_X509                    1379	NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_X509                    1380	NOEXIST::FUNCTION:
-i2d_PBKDF2PARAM                         1397	EXIST::FUNCTION:
-PBKDF2PARAM_new                         1398	EXIST::FUNCTION:
-d2i_PBKDF2PARAM                         1399	EXIST::FUNCTION:
-PBKDF2PARAM_free                        1400	EXIST::FUNCTION:
-i2d_PBE2PARAM                           1401	EXIST::FUNCTION:
-PBE2PARAM_new                           1402	EXIST::FUNCTION:
-d2i_PBE2PARAM                           1403	EXIST::FUNCTION:
-PBE2PARAM_free                          1404	EXIST::FUNCTION:
-d2i_ASN1_SET_OF_GENERAL_NAME            1421	NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_GENERAL_NAME            1422	NOEXIST::FUNCTION:
-d2i_ASN1_SET_OF_SXNETID                 1439	NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_SXNETID                 1440	NOEXIST::FUNCTION:
-d2i_ASN1_SET_OF_POLICYQUALINFO          1457	NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_POLICYQUALINFO          1458	NOEXIST::FUNCTION:
-d2i_ASN1_SET_OF_POLICYINFO              1475	NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_POLICYINFO              1476	NOEXIST::FUNCTION:
-SXNET_add_id_asc                        1477	EXIST::FUNCTION:
-SXNET_add_id_ulong                      1478	EXIST::FUNCTION:
-SXNET_add_id_INTEGER                    1479	EXIST::FUNCTION:
-SXNET_get_id_asc                        1480	EXIST::FUNCTION:
-SXNET_get_id_ulong                      1481	EXIST::FUNCTION:
-SXNET_get_id_INTEGER                    1482	EXIST::FUNCTION:
-X509V3_set_conf_lhash                   1483	EXIST::FUNCTION:
-i2d_CERTIFICATEPOLICIES                 1484	EXIST::FUNCTION:
-CERTIFICATEPOLICIES_new                 1485	EXIST::FUNCTION:
-CERTIFICATEPOLICIES_free                1486	EXIST::FUNCTION:
-d2i_CERTIFICATEPOLICIES                 1487	EXIST::FUNCTION:
-i2d_POLICYINFO                          1488	EXIST::FUNCTION:
-POLICYINFO_new                          1489	EXIST::FUNCTION:
-d2i_POLICYINFO                          1490	EXIST::FUNCTION:
-POLICYINFO_free                         1491	EXIST::FUNCTION:
-i2d_POLICYQUALINFO                      1492	EXIST::FUNCTION:
-POLICYQUALINFO_new                      1493	EXIST::FUNCTION:
-d2i_POLICYQUALINFO                      1494	EXIST::FUNCTION:
-POLICYQUALINFO_free                     1495	EXIST::FUNCTION:
-i2d_USERNOTICE                          1496	EXIST::FUNCTION:
-USERNOTICE_new                          1497	EXIST::FUNCTION:
-d2i_USERNOTICE                          1498	EXIST::FUNCTION:
-USERNOTICE_free                         1499	EXIST::FUNCTION:
-i2d_NOTICEREF                           1500	EXIST::FUNCTION:
-NOTICEREF_new                           1501	EXIST::FUNCTION:
-d2i_NOTICEREF                           1502	EXIST::FUNCTION:
-NOTICEREF_free                          1503	EXIST::FUNCTION:
-X509V3_get_string                       1504	EXIST::FUNCTION:
-X509V3_get_section                      1505	EXIST::FUNCTION:
-X509V3_string_free                      1506	EXIST::FUNCTION:
-X509V3_section_free                     1507	EXIST::FUNCTION:
-X509V3_set_ctx                          1508	EXIST::FUNCTION:
-s2i_ASN1_INTEGER                        1509	EXIST::FUNCTION:
-CRYPTO_set_locked_mem_functions         1510	EXIST::FUNCTION:
-CRYPTO_get_locked_mem_functions         1511	EXIST::FUNCTION:
-CRYPTO_malloc_locked                    1512	EXIST::FUNCTION:
-CRYPTO_free_locked                      1513	EXIST::FUNCTION:
-BN_mod_exp2_mont                        1514	EXIST::FUNCTION:
-ERR_get_error_line_data                 1515	EXIST::FUNCTION:
-ERR_peek_error_line_data                1516	EXIST::FUNCTION:
-PKCS12_PBE_keyivgen                     1517	EXIST::FUNCTION:
-X509_ALGOR_dup                          1518	EXIST::FUNCTION:
-d2i_ASN1_SET_OF_DIST_POINT              1535	NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_DIST_POINT              1536	NOEXIST::FUNCTION:
-i2d_CRL_DIST_POINTS                     1537	EXIST::FUNCTION:
-CRL_DIST_POINTS_new                     1538	EXIST::FUNCTION:
-CRL_DIST_POINTS_free                    1539	EXIST::FUNCTION:
-d2i_CRL_DIST_POINTS                     1540	EXIST::FUNCTION:
-i2d_DIST_POINT                          1541	EXIST::FUNCTION:
-DIST_POINT_new                          1542	EXIST::FUNCTION:
-d2i_DIST_POINT                          1543	EXIST::FUNCTION:
-DIST_POINT_free                         1544	EXIST::FUNCTION:
-i2d_DIST_POINT_NAME                     1545	EXIST::FUNCTION:
-DIST_POINT_NAME_new                     1546	EXIST::FUNCTION:
-DIST_POINT_NAME_free                    1547	EXIST::FUNCTION:
-d2i_DIST_POINT_NAME                     1548	EXIST::FUNCTION:
-X509V3_add_value_uchar                  1549	EXIST::FUNCTION:
-d2i_ASN1_SET_OF_X509_ATTRIBUTE          1555	NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_ASN1_TYPE               1560	NOEXIST::FUNCTION:
-d2i_ASN1_SET_OF_X509_EXTENSION          1567	NOEXIST::FUNCTION:
-d2i_ASN1_SET_OF_X509_NAME_ENTRY         1574	NOEXIST::FUNCTION:
-d2i_ASN1_SET_OF_ASN1_TYPE               1589	NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_X509_ATTRIBUTE          1615	NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_X509_EXTENSION          1624	NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_X509_NAME_ENTRY         1633	NOEXIST::FUNCTION:
-X509V3_EXT_i2d                          1646	EXIST::FUNCTION:
-X509V3_EXT_val_prn                      1647	EXIST::FUNCTION:
-X509V3_EXT_add_list                     1648	EXIST::FUNCTION:
-EVP_CIPHER_type                         1649	EXIST::FUNCTION:
-EVP_PBE_CipherInit                      1650	EXIST::FUNCTION:
-X509V3_add_value_bool_nf                1651	EXIST::FUNCTION:
-d2i_ASN1_UINTEGER                       1652	EXIST::FUNCTION:
-sk_value                                1653	EXIST::FUNCTION:
-sk_num                                  1654	EXIST::FUNCTION:
-sk_set                                  1655	EXIST::FUNCTION:
-i2d_ASN1_SET_OF_X509_REVOKED            1661	NOEXIST::FUNCTION:
-sk_sort                                 1671	EXIST::FUNCTION:
-d2i_ASN1_SET_OF_X509_REVOKED            1674	NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_X509_ALGOR              1682	NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_X509_CRL                1685	NOEXIST::FUNCTION:
-d2i_ASN1_SET_OF_X509_ALGOR              1696	NOEXIST::FUNCTION:
-d2i_ASN1_SET_OF_X509_CRL                1702	NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO       1723	NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_PKCS7_RECIP_INFO        1738	NOEXIST::FUNCTION:
-d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO       1748	NOEXIST::FUNCTION:
-d2i_ASN1_SET_OF_PKCS7_RECIP_INFO        1753	NOEXIST::FUNCTION:
-PKCS5_PBE_add                           1775	EXIST::FUNCTION:
-PEM_write_bio_PKCS8                     1776	EXIST::FUNCTION:
-i2d_PKCS8_fp                            1777	EXIST::FUNCTION:FP_API
-PEM_read_bio_PKCS8_PRIV_KEY_INFO        1778	EXIST:!VMS:FUNCTION:
-PEM_read_bio_P8_PRIV_KEY_INFO           1778	EXIST:VMS:FUNCTION:
-d2i_PKCS8_bio                           1779	EXIST::FUNCTION:BIO
-d2i_PKCS8_PRIV_KEY_INFO_fp              1780	EXIST::FUNCTION:FP_API
-PEM_write_bio_PKCS8_PRIV_KEY_INFO       1781	EXIST:!VMS:FUNCTION:
-PEM_write_bio_P8_PRIV_KEY_INFO          1781	EXIST:VMS:FUNCTION:
-PEM_read_PKCS8                          1782	EXIST:!WIN16:FUNCTION:
-d2i_PKCS8_PRIV_KEY_INFO_bio             1783	EXIST::FUNCTION:BIO
-d2i_PKCS8_fp                            1784	EXIST::FUNCTION:FP_API
-PEM_write_PKCS8                         1785	EXIST:!WIN16:FUNCTION:
-PEM_read_PKCS8_PRIV_KEY_INFO            1786	EXIST:!VMS,!WIN16:FUNCTION:
-PEM_read_P8_PRIV_KEY_INFO               1786	EXIST:VMS:FUNCTION:
-PEM_read_bio_PKCS8                      1787	EXIST::FUNCTION:
-PEM_write_PKCS8_PRIV_KEY_INFO           1788	EXIST:!VMS,!WIN16:FUNCTION:
-PEM_write_P8_PRIV_KEY_INFO              1788	EXIST:VMS:FUNCTION:
-PKCS5_PBE_keyivgen                      1789	EXIST::FUNCTION:
-i2d_PKCS8_bio                           1790	EXIST::FUNCTION:BIO
-i2d_PKCS8_PRIV_KEY_INFO_fp              1791	EXIST::FUNCTION:FP_API
-i2d_PKCS8_PRIV_KEY_INFO_bio             1792	EXIST::FUNCTION:BIO
-BIO_s_bio                               1793	EXIST::FUNCTION:
-PKCS5_pbe2_set                          1794	EXIST::FUNCTION:
-PKCS5_PBKDF2_HMAC_SHA1                  1795	EXIST::FUNCTION:
-PKCS5_v2_PBE_keyivgen                   1796	EXIST::FUNCTION:
-PEM_write_bio_PKCS8PrivateKey           1797	EXIST::FUNCTION:
-PEM_write_PKCS8PrivateKey               1798	EXIST::FUNCTION:
-BIO_ctrl_get_read_request               1799	EXIST::FUNCTION:
-BIO_ctrl_pending                        1800	EXIST::FUNCTION:
-BIO_ctrl_wpending                       1801	EXIST::FUNCTION:
-BIO_new_bio_pair                        1802	EXIST::FUNCTION:
-BIO_ctrl_get_write_guarantee            1803	EXIST::FUNCTION:
-CRYPTO_num_locks                        1804	EXIST::FUNCTION:
-CONF_load_bio                           1805	EXIST::FUNCTION:
-CONF_load_fp                            1806	EXIST::FUNCTION:FP_API
-i2d_ASN1_SET_OF_ASN1_OBJECT             1837	NOEXIST::FUNCTION:
-d2i_ASN1_SET_OF_ASN1_OBJECT             1844	NOEXIST::FUNCTION:
-PKCS7_signatureVerify                   1845	EXIST::FUNCTION:
-RSA_set_method                          1846	EXIST::FUNCTION:RSA
-RSA_get_method                          1847	EXIST::FUNCTION:RSA
-RSA_get_default_method                  1848	EXIST::FUNCTION:RSA
-RSA_check_key                           1869	EXIST::FUNCTION:RSA
-OBJ_obj2txt                             1870	EXIST::FUNCTION:
-DSA_dup_DH                              1871	EXIST::FUNCTION:DH,DSA
-X509_REQ_get_extensions                 1872	EXIST::FUNCTION:
-X509_REQ_set_extension_nids             1873	EXIST::FUNCTION:
-BIO_nwrite                              1874	EXIST::FUNCTION:
-X509_REQ_extension_nid                  1875	EXIST::FUNCTION:
-BIO_nread                               1876	EXIST::FUNCTION:
-X509_REQ_get_extension_nids             1877	EXIST::FUNCTION:
-BIO_nwrite0                             1878	EXIST::FUNCTION:
-X509_REQ_add_extensions_nid             1879	EXIST::FUNCTION:
-BIO_nread0                              1880	EXIST::FUNCTION:
-X509_REQ_add_extensions                 1881	EXIST::FUNCTION:
-BIO_new_mem_buf                         1882	EXIST::FUNCTION:
-DH_set_ex_data                          1883	EXIST::FUNCTION:DH
-DH_set_method                           1884	EXIST::FUNCTION:DH
-DSA_OpenSSL                             1885	EXIST::FUNCTION:DSA
-DH_get_ex_data                          1886	EXIST::FUNCTION:DH
-DH_get_ex_new_index                     1887	EXIST::FUNCTION:DH
-DSA_new_method                          1888	EXIST::FUNCTION:DSA
-DH_new_method                           1889	EXIST::FUNCTION:DH
-DH_OpenSSL                              1890	EXIST::FUNCTION:DH
-DSA_get_ex_new_index                    1891	EXIST::FUNCTION:DSA
-DH_get_default_method                   1892	EXIST::FUNCTION:DH
-DSA_set_ex_data                         1893	EXIST::FUNCTION:DSA
-DH_set_default_method                   1894	EXIST::FUNCTION:DH
-DSA_get_ex_data                         1895	EXIST::FUNCTION:DSA
-X509V3_EXT_REQ_add_conf                 1896	EXIST::FUNCTION:
-NETSCAPE_SPKI_print                     1897	EXIST::FUNCTION:EVP
-NETSCAPE_SPKI_set_pubkey                1898	EXIST::FUNCTION:EVP
-NETSCAPE_SPKI_b64_encode                1899	EXIST::FUNCTION:EVP
-NETSCAPE_SPKI_get_pubkey                1900	EXIST::FUNCTION:EVP
-NETSCAPE_SPKI_b64_decode                1901	EXIST::FUNCTION:EVP
-UTF8_putc                               1902	EXIST::FUNCTION:
-UTF8_getc                               1903	EXIST::FUNCTION:
-RSA_null_method                         1904	EXIST::FUNCTION:RSA
-ASN1_tag2str                            1905	EXIST::FUNCTION:
-BIO_ctrl_reset_read_request             1906	EXIST::FUNCTION:
-DISPLAYTEXT_new                         1907	EXIST::FUNCTION:
-ASN1_GENERALIZEDTIME_free               1908	EXIST::FUNCTION:
-X509_REVOKED_get_ext_d2i                1909	EXIST::FUNCTION:
-X509_set_ex_data                        1910	EXIST::FUNCTION:
-X509_reject_set_bit_asc                 1911	NOEXIST::FUNCTION:
-X509_NAME_add_entry_by_txt              1912	EXIST::FUNCTION:
-X509_NAME_add_entry_by_NID              1914	EXIST::FUNCTION:
-X509_PURPOSE_get0                       1915	EXIST::FUNCTION:
-PEM_read_X509_AUX                       1917	EXIST:!WIN16:FUNCTION:
-d2i_AUTHORITY_INFO_ACCESS               1918	EXIST::FUNCTION:
-PEM_write_PUBKEY                        1921	EXIST:!WIN16:FUNCTION:
-ACCESS_DESCRIPTION_new                  1925	EXIST::FUNCTION:
-X509_CERT_AUX_free                      1926	EXIST::FUNCTION:
-d2i_ACCESS_DESCRIPTION                  1927	EXIST::FUNCTION:
-X509_trust_clear                        1928	EXIST::FUNCTION:
-X509_TRUST_add                          1931	EXIST::FUNCTION:
-ASN1_VISIBLESTRING_new                  1932	EXIST::FUNCTION:
-X509_alias_set1                         1933	EXIST::FUNCTION:
-ASN1_PRINTABLESTRING_free               1934	EXIST::FUNCTION:
-EVP_PKEY_get1_DSA                       1935	EXIST::FUNCTION:DSA
-ASN1_BMPSTRING_new                      1936	EXIST::FUNCTION:
-ASN1_mbstring_copy                      1937	EXIST::FUNCTION:
-ASN1_UTF8STRING_new                     1938	EXIST::FUNCTION:
-DSA_get_default_method                  1941	EXIST::FUNCTION:DSA
-i2d_ASN1_SET_OF_ACCESS_DESCRIPTION      1945	NOEXIST::FUNCTION:
-ASN1_T61STRING_free                     1946	EXIST::FUNCTION:
-DSA_set_method                          1949	EXIST::FUNCTION:DSA
-X509_get_ex_data                        1950	EXIST::FUNCTION:
-ASN1_STRING_type                        1951	EXIST::FUNCTION:
-X509_PURPOSE_get_by_sname               1952	EXIST::FUNCTION:
-ASN1_TIME_free                          1954	EXIST::FUNCTION:
-ASN1_OCTET_STRING_cmp                   1955	EXIST::FUNCTION:
-ASN1_BIT_STRING_new                     1957	EXIST::FUNCTION:
-X509_get_ext_d2i                        1958	EXIST::FUNCTION:
-PEM_read_bio_X509_AUX                   1959	EXIST::FUNCTION:
-ASN1_STRING_set_default_mask_asc        1960	EXIST:!VMS:FUNCTION:
-ASN1_STRING_set_def_mask_asc            1960	EXIST:VMS:FUNCTION:
-PEM_write_bio_RSA_PUBKEY                1961	EXIST::FUNCTION:RSA
-ASN1_INTEGER_cmp                        1963	EXIST::FUNCTION:
-d2i_RSA_PUBKEY_fp                       1964	EXIST::FUNCTION:FP_API,RSA
-X509_trust_set_bit_asc                  1967	NOEXIST::FUNCTION:
-PEM_write_bio_DSA_PUBKEY                1968	EXIST::FUNCTION:DSA
-X509_STORE_CTX_free                     1969	EXIST::FUNCTION:
-EVP_PKEY_set1_DSA                       1970	EXIST::FUNCTION:DSA
-i2d_DSA_PUBKEY_fp                       1971	EXIST::FUNCTION:DSA,FP_API
-X509_load_cert_crl_file                 1972	EXIST::FUNCTION:STDIO
-ASN1_TIME_new                           1973	EXIST::FUNCTION:
-i2d_RSA_PUBKEY                          1974	EXIST::FUNCTION:RSA
-X509_STORE_CTX_purpose_inherit          1976	EXIST::FUNCTION:
-PEM_read_RSA_PUBKEY                     1977	EXIST:!WIN16:FUNCTION:RSA
-d2i_X509_AUX                            1980	EXIST::FUNCTION:
-i2d_DSA_PUBKEY                          1981	EXIST::FUNCTION:DSA
-X509_CERT_AUX_print                     1982	EXIST::FUNCTION:BIO
-PEM_read_DSA_PUBKEY                     1984	EXIST:!WIN16:FUNCTION:DSA
-i2d_RSA_PUBKEY_bio                      1985	EXIST::FUNCTION:BIO,RSA
-ASN1_BIT_STRING_num_asc                 1986	EXIST::FUNCTION:
-i2d_PUBKEY                              1987	EXIST::FUNCTION:
-ASN1_UTCTIME_free                       1988	EXIST::FUNCTION:
-DSA_set_default_method                  1989	EXIST::FUNCTION:DSA
-X509_PURPOSE_get_by_id                  1990	EXIST::FUNCTION:
-ACCESS_DESCRIPTION_free                 1994	EXIST::FUNCTION:
-PEM_read_bio_PUBKEY                     1995	EXIST::FUNCTION:
-ASN1_STRING_set_by_NID                  1996	EXIST::FUNCTION:
-X509_PURPOSE_get_id                     1997	EXIST::FUNCTION:
-DISPLAYTEXT_free                        1998	EXIST::FUNCTION:
-OTHERNAME_new                           1999	EXIST::FUNCTION:
-X509_CERT_AUX_new                       2001	EXIST::FUNCTION:
-X509_TRUST_cleanup                      2007	EXIST::FUNCTION:
-X509_NAME_add_entry_by_OBJ              2008	EXIST::FUNCTION:
-X509_CRL_get_ext_d2i                    2009	EXIST::FUNCTION:
-X509_PURPOSE_get0_name                  2011	EXIST::FUNCTION:
-PEM_read_PUBKEY                         2012	EXIST:!WIN16:FUNCTION:
-i2d_DSA_PUBKEY_bio                      2014	EXIST::FUNCTION:BIO,DSA
-i2d_OTHERNAME                           2015	EXIST::FUNCTION:
-ASN1_OCTET_STRING_free                  2016	EXIST::FUNCTION:
-ASN1_BIT_STRING_set_asc                 2017	EXIST::FUNCTION:
-X509_get_ex_new_index                   2019	EXIST::FUNCTION:
-ASN1_STRING_TABLE_cleanup               2020	EXIST::FUNCTION:
-X509_TRUST_get_by_id                    2021	EXIST::FUNCTION:
-X509_PURPOSE_get_trust                  2022	EXIST::FUNCTION:
-ASN1_STRING_length                      2023	EXIST::FUNCTION:
-d2i_ASN1_SET_OF_ACCESS_DESCRIPTION      2024	NOEXIST::FUNCTION:
-ASN1_PRINTABLESTRING_new                2025	EXIST::FUNCTION:
-X509V3_get_d2i                          2026	EXIST::FUNCTION:
-ASN1_ENUMERATED_free                    2027	EXIST::FUNCTION:
-i2d_X509_CERT_AUX                       2028	EXIST::FUNCTION:
-X509_STORE_CTX_set_trust                2030	EXIST::FUNCTION:
-ASN1_STRING_set_default_mask            2032	EXIST::FUNCTION:
-X509_STORE_CTX_new                      2033	EXIST::FUNCTION:
-EVP_PKEY_get1_RSA                       2034	EXIST::FUNCTION:RSA
-DIRECTORYSTRING_free                    2038	EXIST::FUNCTION:
-PEM_write_X509_AUX                      2039	EXIST:!WIN16:FUNCTION:
-ASN1_OCTET_STRING_set                   2040	EXIST::FUNCTION:
-d2i_DSA_PUBKEY_fp                       2041	EXIST::FUNCTION:DSA,FP_API
-d2i_RSA_PUBKEY                          2044	EXIST::FUNCTION:RSA
-X509_TRUST_get0_name                    2046	EXIST::FUNCTION:
-X509_TRUST_get0                         2047	EXIST::FUNCTION:
-AUTHORITY_INFO_ACCESS_free              2048	EXIST::FUNCTION:
-ASN1_IA5STRING_new                      2049	EXIST::FUNCTION:
-d2i_DSA_PUBKEY                          2050	EXIST::FUNCTION:DSA
-X509_check_purpose                      2051	EXIST::FUNCTION:
-ASN1_ENUMERATED_new                     2052	EXIST::FUNCTION:
-d2i_RSA_PUBKEY_bio                      2053	EXIST::FUNCTION:BIO,RSA
-d2i_PUBKEY                              2054	EXIST::FUNCTION:
-X509_TRUST_get_trust                    2055	EXIST::FUNCTION:
-X509_TRUST_get_flags                    2056	EXIST::FUNCTION:
-ASN1_BMPSTRING_free                     2057	EXIST::FUNCTION:
-ASN1_T61STRING_new                      2058	EXIST::FUNCTION:
-ASN1_UTCTIME_new                        2060	EXIST::FUNCTION:
-i2d_AUTHORITY_INFO_ACCESS               2062	EXIST::FUNCTION:
-EVP_PKEY_set1_RSA                       2063	EXIST::FUNCTION:RSA
-X509_STORE_CTX_set_purpose              2064	EXIST::FUNCTION:
-ASN1_IA5STRING_free                     2065	EXIST::FUNCTION:
-PEM_write_bio_X509_AUX                  2066	EXIST::FUNCTION:
-X509_PURPOSE_get_count                  2067	EXIST::FUNCTION:
-CRYPTO_add_info                         2068	NOEXIST::FUNCTION:
-X509_NAME_ENTRY_create_by_txt           2071	EXIST::FUNCTION:
-ASN1_STRING_get_default_mask            2072	EXIST::FUNCTION:
-X509_alias_get0                         2074	EXIST::FUNCTION:
-ASN1_STRING_data                        2075	EXIST::FUNCTION:
-i2d_ACCESS_DESCRIPTION                  2077	EXIST::FUNCTION:
-X509_trust_set_bit                      2078	NOEXIST::FUNCTION:
-ASN1_BIT_STRING_free                    2080	EXIST::FUNCTION:
-PEM_read_bio_RSA_PUBKEY                 2081	EXIST::FUNCTION:RSA
-X509_add1_reject_object                 2082	EXIST::FUNCTION:
-X509_check_trust                        2083	EXIST::FUNCTION:
-PEM_read_bio_DSA_PUBKEY                 2088	EXIST::FUNCTION:DSA
-X509_PURPOSE_add                        2090	EXIST::FUNCTION:
-ASN1_STRING_TABLE_get                   2091	EXIST::FUNCTION:
-ASN1_UTF8STRING_free                    2092	EXIST::FUNCTION:
-d2i_DSA_PUBKEY_bio                      2093	EXIST::FUNCTION:BIO,DSA
-PEM_write_RSA_PUBKEY                    2095	EXIST:!WIN16:FUNCTION:RSA
-d2i_OTHERNAME                           2096	EXIST::FUNCTION:
-X509_reject_set_bit                     2098	NOEXIST::FUNCTION:
-PEM_write_DSA_PUBKEY                    2101	EXIST:!WIN16:FUNCTION:DSA
-X509_PURPOSE_get0_sname                 2105	EXIST::FUNCTION:
-EVP_PKEY_set1_DH                        2107	EXIST::FUNCTION:DH
-ASN1_OCTET_STRING_dup                   2108	EXIST::FUNCTION:
-ASN1_BIT_STRING_set                     2109	EXIST::FUNCTION:
-X509_TRUST_get_count                    2110	EXIST::FUNCTION:
-ASN1_INTEGER_free                       2111	EXIST::FUNCTION:
-OTHERNAME_free                          2112	EXIST::FUNCTION:
-i2d_RSA_PUBKEY_fp                       2113	EXIST::FUNCTION:FP_API,RSA
-ASN1_INTEGER_dup                        2114	EXIST::FUNCTION:
-d2i_X509_CERT_AUX                       2115	EXIST::FUNCTION:
-PEM_write_bio_PUBKEY                    2117	EXIST::FUNCTION:
-ASN1_VISIBLESTRING_free                 2118	EXIST::FUNCTION:
-X509_PURPOSE_cleanup                    2119	EXIST::FUNCTION:
-ASN1_mbstring_ncopy                     2123	EXIST::FUNCTION:
-ASN1_GENERALIZEDTIME_new                2126	EXIST::FUNCTION:
-EVP_PKEY_get1_DH                        2128	EXIST::FUNCTION:DH
-ASN1_OCTET_STRING_new                   2130	EXIST::FUNCTION:
-ASN1_INTEGER_new                        2131	EXIST::FUNCTION:
-i2d_X509_AUX                            2132	EXIST::FUNCTION:
-ASN1_BIT_STRING_name_print              2134	EXIST::FUNCTION:BIO
-X509_cmp                                2135	EXIST::FUNCTION:
-ASN1_STRING_length_set                  2136	EXIST::FUNCTION:
-DIRECTORYSTRING_new                     2137	EXIST::FUNCTION:
-X509_add1_trust_object                  2140	EXIST::FUNCTION:
-PKCS12_newpass                          2141	EXIST::FUNCTION:
-SMIME_write_PKCS7                       2142	EXIST::FUNCTION:
-SMIME_read_PKCS7                        2143	EXIST::FUNCTION:
-DES_set_key_checked                     2144	EXIST::FUNCTION:DES
-PKCS7_verify                            2145	EXIST::FUNCTION:
-PKCS7_encrypt                           2146	EXIST::FUNCTION:
-DES_set_key_unchecked                   2147	EXIST::FUNCTION:DES
-SMIME_crlf_copy                         2148	EXIST::FUNCTION:
-i2d_ASN1_PRINTABLESTRING                2149	EXIST::FUNCTION:
-PKCS7_get0_signers                      2150	EXIST::FUNCTION:
-PKCS7_decrypt                           2151	EXIST::FUNCTION:
-SMIME_text                              2152	EXIST::FUNCTION:
-PKCS7_simple_smimecap                   2153	EXIST::FUNCTION:
-PKCS7_get_smimecap                      2154	EXIST::FUNCTION:
-PKCS7_sign                              2155	EXIST::FUNCTION:
-PKCS7_add_attrib_smimecap               2156	EXIST::FUNCTION:
-CRYPTO_dbg_set_options                  2157	EXIST::FUNCTION:
-CRYPTO_remove_all_info                  2158	EXIST::FUNCTION:
-CRYPTO_get_mem_debug_functions          2159	EXIST::FUNCTION:
-CRYPTO_is_mem_check_on                  2160	EXIST::FUNCTION:
-CRYPTO_set_mem_debug_functions          2161	EXIST::FUNCTION:
-CRYPTO_pop_info                         2162	EXIST::FUNCTION:
-CRYPTO_push_info_                       2163	EXIST::FUNCTION:
-CRYPTO_set_mem_debug_options            2164	EXIST::FUNCTION:
-PEM_write_PKCS8PrivateKey_nid           2165	EXIST::FUNCTION:
-PEM_write_bio_PKCS8PrivateKey_nid       2166	EXIST:!VMS:FUNCTION:
-PEM_write_bio_PKCS8PrivKey_nid          2166	EXIST:VMS:FUNCTION:
-d2i_PKCS8PrivateKey_bio                 2167	EXIST::FUNCTION:
-ASN1_NULL_free                          2168	EXIST::FUNCTION:
-d2i_ASN1_NULL                           2169	EXIST::FUNCTION:
-ASN1_NULL_new                           2170	EXIST::FUNCTION:
-i2d_PKCS8PrivateKey_bio                 2171	EXIST::FUNCTION:
-i2d_PKCS8PrivateKey_fp                  2172	EXIST::FUNCTION:
-i2d_ASN1_NULL                           2173	EXIST::FUNCTION:
-i2d_PKCS8PrivateKey_nid_fp              2174	EXIST::FUNCTION:
-d2i_PKCS8PrivateKey_fp                  2175	EXIST::FUNCTION:
-i2d_PKCS8PrivateKey_nid_bio             2176	EXIST::FUNCTION:
-i2d_PKCS8PrivateKeyInfo_fp              2177	EXIST::FUNCTION:FP_API
-i2d_PKCS8PrivateKeyInfo_bio             2178	EXIST::FUNCTION:BIO
-PEM_cb                                  2179	NOEXIST::FUNCTION:
-i2d_PrivateKey_fp                       2180	EXIST::FUNCTION:FP_API
-d2i_PrivateKey_bio                      2181	EXIST::FUNCTION:BIO
-d2i_PrivateKey_fp                       2182	EXIST::FUNCTION:FP_API
-i2d_PrivateKey_bio                      2183	EXIST::FUNCTION:BIO
-X509_reject_clear                       2184	EXIST::FUNCTION:
-X509_TRUST_set_default                  2185	EXIST::FUNCTION:
-d2i_AutoPrivateKey                      2186	EXIST::FUNCTION:
-X509_ATTRIBUTE_get0_type                2187	EXIST::FUNCTION:
-X509_ATTRIBUTE_set1_data                2188	EXIST::FUNCTION:
-X509at_get_attr                         2189	EXIST::FUNCTION:
-X509at_get_attr_count                   2190	EXIST::FUNCTION:
-X509_ATTRIBUTE_create_by_NID            2191	EXIST::FUNCTION:
-X509_ATTRIBUTE_set1_object              2192	EXIST::FUNCTION:
-X509_ATTRIBUTE_count                    2193	EXIST::FUNCTION:
-X509_ATTRIBUTE_create_by_OBJ            2194	EXIST::FUNCTION:
-X509_ATTRIBUTE_get0_object              2195	EXIST::FUNCTION:
-X509at_get_attr_by_NID                  2196	EXIST::FUNCTION:
-X509at_add1_attr                        2197	EXIST::FUNCTION:
-X509_ATTRIBUTE_get0_data                2198	EXIST::FUNCTION:
-X509at_delete_attr                      2199	EXIST::FUNCTION:
-X509at_get_attr_by_OBJ                  2200	EXIST::FUNCTION:
-RAND_add                                2201	EXIST::FUNCTION:
-BIO_number_written                      2202	EXIST::FUNCTION:
-BIO_number_read                         2203	EXIST::FUNCTION:
-X509_STORE_CTX_get1_chain               2204	EXIST::FUNCTION:
-ERR_load_RAND_strings                   2205	EXIST::FUNCTION:
-RAND_pseudo_bytes                       2206	EXIST::FUNCTION:
-X509_REQ_get_attr_by_NID                2207	EXIST::FUNCTION:
-X509_REQ_get_attr                       2208	EXIST::FUNCTION:
-X509_REQ_add1_attr_by_NID               2209	EXIST::FUNCTION:
-X509_REQ_get_attr_by_OBJ                2210	EXIST::FUNCTION:
-X509at_add1_attr_by_NID                 2211	EXIST::FUNCTION:
-X509_REQ_add1_attr_by_OBJ               2212	EXIST::FUNCTION:
-X509_REQ_get_attr_count                 2213	EXIST::FUNCTION:
-X509_REQ_add1_attr                      2214	EXIST::FUNCTION:
-X509_REQ_delete_attr                    2215	EXIST::FUNCTION:
-X509at_add1_attr_by_OBJ                 2216	EXIST::FUNCTION:
-X509_REQ_add1_attr_by_txt               2217	EXIST::FUNCTION:
-X509_ATTRIBUTE_create_by_txt            2218	EXIST::FUNCTION:
-X509at_add1_attr_by_txt                 2219	EXIST::FUNCTION:
-BN_pseudo_rand                          2239	EXIST::FUNCTION:
-BN_is_prime_fasttest                    2240	EXIST::FUNCTION:DEPRECATED
-BN_CTX_end                              2241	EXIST::FUNCTION:
-BN_CTX_start                            2242	EXIST::FUNCTION:
-BN_CTX_get                              2243	EXIST::FUNCTION:
-EVP_PKEY2PKCS8_broken                   2244	EXIST::FUNCTION:
-ASN1_STRING_TABLE_add                   2245	EXIST::FUNCTION:
-CRYPTO_dbg_get_options                  2246	EXIST::FUNCTION:
-AUTHORITY_INFO_ACCESS_new               2247	EXIST::FUNCTION:
-CRYPTO_get_mem_debug_options            2248	EXIST::FUNCTION:
-DES_crypt                               2249	EXIST::FUNCTION:DES
-PEM_write_bio_X509_REQ_NEW              2250	EXIST::FUNCTION:
-PEM_write_X509_REQ_NEW                  2251	EXIST:!WIN16:FUNCTION:
-BIO_callback_ctrl                       2252	EXIST::FUNCTION:
-RAND_egd                                2253	EXIST::FUNCTION:
-RAND_status                             2254	EXIST::FUNCTION:
-bn_dump1                                2255	NOEXIST::FUNCTION:
-DES_check_key_parity                    2256	EXIST::FUNCTION:DES
-lh_num_items                            2257	EXIST::FUNCTION:
-RAND_event                              2258	EXIST:WIN32:FUNCTION:
-DSO_new                                 2259	EXIST::FUNCTION:
-DSO_new_method                          2260	EXIST::FUNCTION:
-DSO_free                                2261	EXIST::FUNCTION:
-DSO_flags                               2262	EXIST::FUNCTION:
-DSO_up                                  2263	NOEXIST::FUNCTION:
-DSO_set_default_method                  2264	EXIST::FUNCTION:
-DSO_get_default_method                  2265	EXIST::FUNCTION:
-DSO_get_method                          2266	EXIST::FUNCTION:
-DSO_set_method                          2267	EXIST::FUNCTION:
-DSO_load                                2268	EXIST::FUNCTION:
-DSO_bind_var                            2269	EXIST::FUNCTION:
-DSO_METHOD_null                         2270	EXIST::FUNCTION:
-DSO_METHOD_openssl                      2271	EXIST::FUNCTION:
-DSO_METHOD_dlfcn                        2272	EXIST::FUNCTION:
-DSO_METHOD_win32                        2273	EXIST::FUNCTION:
-ERR_load_DSO_strings                    2274	EXIST::FUNCTION:
-DSO_METHOD_dl                           2275	EXIST::FUNCTION:
-NCONF_load                              2276	EXIST::FUNCTION:
-NCONF_load_fp                           2278	EXIST::FUNCTION:FP_API
-NCONF_new                               2279	EXIST::FUNCTION:
-NCONF_get_string                        2280	EXIST::FUNCTION:
-NCONF_free                              2281	EXIST::FUNCTION:
-NCONF_get_number                        2282	NOEXIST::FUNCTION:
-CONF_dump_fp                            2283	EXIST::FUNCTION:
-NCONF_load_bio                          2284	EXIST::FUNCTION:
-NCONF_dump_fp                           2285	EXIST::FUNCTION:
-NCONF_get_section                       2286	EXIST::FUNCTION:
-NCONF_dump_bio                          2287	EXIST::FUNCTION:
-CONF_dump_bio                           2288	EXIST::FUNCTION:
-NCONF_free_data                         2289	EXIST::FUNCTION:
-CONF_set_default_method                 2290	EXIST::FUNCTION:
-ERR_error_string_n                      2291	EXIST::FUNCTION:
-BIO_snprintf                            2292	EXIST::FUNCTION:
-DSO_ctrl                                2293	EXIST::FUNCTION:
-i2d_ASN1_SET_OF_ASN1_INTEGER            2317	NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_PKCS12_SAFEBAG          2320	NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_PKCS7                   2328	NOEXIST::FUNCTION:
-BIO_vfree                               2334	EXIST::FUNCTION:
-d2i_ASN1_SET_OF_ASN1_INTEGER            2339	NOEXIST::FUNCTION:
-d2i_ASN1_SET_OF_PKCS12_SAFEBAG          2341	NOEXIST::FUNCTION:
-ASN1_UTCTIME_get                        2350	NOEXIST::FUNCTION:
-X509_REQ_digest                         2362	EXIST::FUNCTION:EVP
-X509_CRL_digest                         2391	EXIST::FUNCTION:EVP
-ASN1_STRING_clear_free                  2392	EXIST::FUNCTION:
-d2i_ASN1_SET_OF_PKCS7                   2397	NOEXIST::FUNCTION:
-X509_ALGOR_cmp                          2398	EXIST::FUNCTION:
-EVP_CIPHER_CTX_set_key_length           2399	EXIST::FUNCTION:
-EVP_CIPHER_CTX_ctrl                     2400	EXIST::FUNCTION:
-BN_mod_exp_mont_word                    2401	EXIST::FUNCTION:
-RAND_egd_bytes                          2402	EXIST::FUNCTION:
-X509_REQ_get1_email                     2403	EXIST::FUNCTION:
-X509_get1_email                         2404	EXIST::FUNCTION:
-X509_email_free                         2405	EXIST::FUNCTION:
-i2d_RSA_NET                             2406	EXIST::FUNCTION:RC4,RSA
-d2i_RSA_NET_2                           2407	NOEXIST::FUNCTION:
-d2i_RSA_NET                             2408	EXIST::FUNCTION:RC4,RSA
-DSO_bind_func                           2409	EXIST::FUNCTION:
-CRYPTO_get_new_dynlockid                2410	EXIST::FUNCTION:
-sk_new_null                             2411	EXIST::FUNCTION:
-CRYPTO_set_dynlock_destroy_callback     2412	EXIST:!VMS:FUNCTION:
-CRYPTO_set_dynlock_destroy_cb           2412	EXIST:VMS:FUNCTION:
-CRYPTO_destroy_dynlockid                2413	EXIST::FUNCTION:
-CRYPTO_set_dynlock_size                 2414	NOEXIST::FUNCTION:
-CRYPTO_set_dynlock_create_callback      2415	EXIST:!VMS:FUNCTION:
-CRYPTO_set_dynlock_create_cb            2415	EXIST:VMS:FUNCTION:
-CRYPTO_set_dynlock_lock_callback        2416	EXIST:!VMS:FUNCTION:
-CRYPTO_set_dynlock_lock_cb              2416	EXIST:VMS:FUNCTION:
-CRYPTO_get_dynlock_lock_callback        2417	EXIST:!VMS:FUNCTION:
-CRYPTO_get_dynlock_lock_cb              2417	EXIST:VMS:FUNCTION:
-CRYPTO_get_dynlock_destroy_callback     2418	EXIST:!VMS:FUNCTION:
-CRYPTO_get_dynlock_destroy_cb           2418	EXIST:VMS:FUNCTION:
-CRYPTO_get_dynlock_value                2419	EXIST::FUNCTION:
-CRYPTO_get_dynlock_create_callback      2420	EXIST:!VMS:FUNCTION:
-CRYPTO_get_dynlock_create_cb            2420	EXIST:VMS:FUNCTION:
-c2i_ASN1_BIT_STRING                     2421	EXIST::FUNCTION:
-i2c_ASN1_BIT_STRING                     2422	EXIST::FUNCTION:
-RAND_poll                               2423	EXIST::FUNCTION:
-c2i_ASN1_INTEGER                        2424	EXIST::FUNCTION:
-i2c_ASN1_INTEGER                        2425	EXIST::FUNCTION:
-BIO_dump_indent                         2426	EXIST::FUNCTION:
-ASN1_parse_dump                         2427	EXIST::FUNCTION:BIO
-c2i_ASN1_OBJECT                         2428	EXIST::FUNCTION:
-X509_NAME_print_ex_fp                   2429	EXIST::FUNCTION:FP_API
-ASN1_STRING_print_ex_fp                 2430	EXIST::FUNCTION:FP_API
-X509_NAME_print_ex                      2431	EXIST::FUNCTION:BIO
-ASN1_STRING_print_ex                    2432	EXIST::FUNCTION:BIO
-MD4                                     2433	EXIST::FUNCTION:MD4
-MD4_Transform                           2434	EXIST::FUNCTION:MD4
-MD4_Final                               2435	EXIST::FUNCTION:MD4
-MD4_Update                              2436	EXIST::FUNCTION:MD4
-MD4_Init                                2437	EXIST::FUNCTION:MD4
-EVP_md4                                 2438	EXIST::FUNCTION:MD4
-i2d_PUBKEY_bio                          2439	EXIST::FUNCTION:BIO
-i2d_PUBKEY_fp                           2440	EXIST::FUNCTION:FP_API
-d2i_PUBKEY_bio                          2441	EXIST::FUNCTION:BIO
-ASN1_STRING_to_UTF8                     2442	EXIST::FUNCTION:
-BIO_vprintf                             2443	EXIST::FUNCTION:
-BIO_vsnprintf                           2444	EXIST::FUNCTION:
-d2i_PUBKEY_fp                           2445	EXIST::FUNCTION:FP_API
-X509_cmp_time                           2446	EXIST::FUNCTION:
-X509_STORE_CTX_set_time                 2447	EXIST::FUNCTION:
-X509_STORE_CTX_get1_issuer              2448	EXIST::FUNCTION:
-X509_OBJECT_retrieve_match              2449	EXIST::FUNCTION:
-X509_OBJECT_idx_by_subject              2450	EXIST::FUNCTION:
-X509_STORE_CTX_set_flags                2451	EXIST::FUNCTION:
-X509_STORE_CTX_trusted_stack            2452	EXIST::FUNCTION:
-X509_time_adj                           2453	EXIST::FUNCTION:
-X509_check_issued                       2454	EXIST::FUNCTION:
-ASN1_UTCTIME_cmp_time_t                 2455	EXIST::FUNCTION:
-DES_set_weak_key_flag                   2456	NOEXIST::FUNCTION:
-DES_check_key                           2457	NOEXIST::FUNCTION:
-DES_rw_mode                             2458	NOEXIST::FUNCTION:
-RSA_PKCS1_RSAref                        2459	NOEXIST::FUNCTION:
-X509_keyid_set1                         2460	EXIST::FUNCTION:
-BIO_next                                2461	EXIST::FUNCTION:
-DSO_METHOD_vms                          2462	EXIST::FUNCTION:
-BIO_f_linebuffer                        2463	EXIST:VMS:FUNCTION:
-BN_bntest_rand                          2464	EXIST::FUNCTION:
-OPENSSL_issetugid                       2465	EXIST::FUNCTION:
-BN_rand_range                           2466	EXIST::FUNCTION:
-ERR_load_ENGINE_strings                 2467	EXIST::FUNCTION:ENGINE
-ENGINE_set_DSA                          2468	EXIST::FUNCTION:ENGINE
-ENGINE_get_finish_function              2469	EXIST::FUNCTION:ENGINE
-ENGINE_get_default_RSA                  2470	EXIST::FUNCTION:ENGINE
-ENGINE_get_BN_mod_exp                   2471	NOEXIST::FUNCTION:
-DSA_get_default_openssl_method          2472	NOEXIST::FUNCTION:
-ENGINE_set_DH                           2473	EXIST::FUNCTION:ENGINE
-ENGINE_set_def_BN_mod_exp_crt           2474	NOEXIST::FUNCTION:
-ENGINE_set_default_BN_mod_exp_crt       2474	NOEXIST::FUNCTION:
-ENGINE_init                             2475	EXIST::FUNCTION:ENGINE
-DH_get_default_openssl_method           2476	NOEXIST::FUNCTION:
-RSA_set_default_openssl_method          2477	NOEXIST::FUNCTION:
-ENGINE_finish                           2478	EXIST::FUNCTION:ENGINE
-ENGINE_load_public_key                  2479	EXIST::FUNCTION:ENGINE
-ENGINE_get_DH                           2480	EXIST::FUNCTION:ENGINE
-ENGINE_ctrl                             2481	EXIST::FUNCTION:ENGINE
-ENGINE_get_init_function                2482	EXIST::FUNCTION:ENGINE
-ENGINE_set_init_function                2483	EXIST::FUNCTION:ENGINE
-ENGINE_set_default_DSA                  2484	EXIST::FUNCTION:ENGINE
-ENGINE_get_name                         2485	EXIST::FUNCTION:ENGINE
-ENGINE_get_last                         2486	EXIST::FUNCTION:ENGINE
-ENGINE_get_prev                         2487	EXIST::FUNCTION:ENGINE
-ENGINE_get_default_DH                   2488	EXIST::FUNCTION:ENGINE
-ENGINE_get_RSA                          2489	EXIST::FUNCTION:ENGINE
-ENGINE_set_default                      2490	EXIST::FUNCTION:ENGINE
-ENGINE_get_RAND                         2491	EXIST::FUNCTION:ENGINE
-ENGINE_get_first                        2492	EXIST::FUNCTION:ENGINE
-ENGINE_by_id                            2493	EXIST::FUNCTION:ENGINE
-ENGINE_set_finish_function              2494	EXIST::FUNCTION:ENGINE
-ENGINE_get_def_BN_mod_exp_crt           2495	NOEXIST::FUNCTION:
-ENGINE_get_default_BN_mod_exp_crt       2495	NOEXIST::FUNCTION:
-RSA_get_default_openssl_method          2496	NOEXIST::FUNCTION:
-ENGINE_set_RSA                          2497	EXIST::FUNCTION:ENGINE
-ENGINE_load_private_key                 2498	EXIST::FUNCTION:ENGINE
-ENGINE_set_default_RAND                 2499	EXIST::FUNCTION:ENGINE
-ENGINE_set_BN_mod_exp                   2500	NOEXIST::FUNCTION:
-ENGINE_remove                           2501	EXIST::FUNCTION:ENGINE
-ENGINE_free                             2502	EXIST::FUNCTION:ENGINE
-ENGINE_get_BN_mod_exp_crt               2503	NOEXIST::FUNCTION:
-ENGINE_get_next                         2504	EXIST::FUNCTION:ENGINE
-ENGINE_set_name                         2505	EXIST::FUNCTION:ENGINE
-ENGINE_get_default_DSA                  2506	EXIST::FUNCTION:ENGINE
-ENGINE_set_default_BN_mod_exp           2507	NOEXIST::FUNCTION:
-ENGINE_set_default_RSA                  2508	EXIST::FUNCTION:ENGINE
-ENGINE_get_default_RAND                 2509	EXIST::FUNCTION:ENGINE
-ENGINE_get_default_BN_mod_exp           2510	NOEXIST::FUNCTION:
-ENGINE_set_RAND                         2511	EXIST::FUNCTION:ENGINE
-ENGINE_set_id                           2512	EXIST::FUNCTION:ENGINE
-ENGINE_set_BN_mod_exp_crt               2513	NOEXIST::FUNCTION:
-ENGINE_set_default_DH                   2514	EXIST::FUNCTION:ENGINE
-ENGINE_new                              2515	EXIST::FUNCTION:ENGINE
-ENGINE_get_id                           2516	EXIST::FUNCTION:ENGINE
-DSA_set_default_openssl_method          2517	NOEXIST::FUNCTION:
-ENGINE_add                              2518	EXIST::FUNCTION:ENGINE
-DH_set_default_openssl_method           2519	NOEXIST::FUNCTION:
-ENGINE_get_DSA                          2520	EXIST::FUNCTION:ENGINE
-ENGINE_get_ctrl_function                2521	EXIST::FUNCTION:ENGINE
-ENGINE_set_ctrl_function                2522	EXIST::FUNCTION:ENGINE
-BN_pseudo_rand_range                    2523	EXIST::FUNCTION:
-X509_STORE_CTX_set_verify_cb            2524	EXIST::FUNCTION:
-ERR_load_COMP_strings                   2525	EXIST::FUNCTION:
-PKCS12_item_decrypt_d2i                 2526	EXIST::FUNCTION:
-ASN1_UTF8STRING_it                      2527	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_UTF8STRING_it                      2527	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_unregister_ciphers               2528	EXIST::FUNCTION:ENGINE
-ENGINE_get_ciphers                      2529	EXIST::FUNCTION:ENGINE
-d2i_OCSP_BASICRESP                      2530	EXIST::FUNCTION:
-KRB5_CHECKSUM_it                        2531	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-KRB5_CHECKSUM_it                        2531	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EC_POINT_add                            2532	EXIST::FUNCTION:EC
-ASN1_item_ex_i2d                        2533	EXIST::FUNCTION:
-OCSP_CERTID_it                          2534	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_CERTID_it                          2534	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-d2i_OCSP_RESPBYTES                      2535	EXIST::FUNCTION:
-X509V3_add1_i2d                         2536	EXIST::FUNCTION:
-PKCS7_ENVELOPE_it                       2537	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS7_ENVELOPE_it                       2537	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_add_input_boolean                    2538	EXIST::FUNCTION:
-ENGINE_unregister_RSA                   2539	EXIST::FUNCTION:ENGINE
-X509V3_EXT_nconf                        2540	EXIST::FUNCTION:
-ASN1_GENERALSTRING_free                 2541	EXIST::FUNCTION:
-d2i_OCSP_CERTSTATUS                     2542	EXIST::FUNCTION:
-X509_REVOKED_set_serialNumber           2543	EXIST::FUNCTION:
-X509_print_ex                           2544	EXIST::FUNCTION:BIO
-OCSP_ONEREQ_get1_ext_d2i                2545	EXIST::FUNCTION:
-ENGINE_register_all_RAND                2546	EXIST::FUNCTION:ENGINE
-ENGINE_load_dynamic                     2547	EXIST::FUNCTION:ENGINE
-PBKDF2PARAM_it                          2548	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PBKDF2PARAM_it                          2548	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EXTENDED_KEY_USAGE_new                  2549	EXIST::FUNCTION:
-EC_GROUP_clear_free                     2550	EXIST::FUNCTION:EC
-OCSP_sendreq_bio                        2551	EXIST::FUNCTION:
-ASN1_item_digest                        2552	EXIST::FUNCTION:EVP
-OCSP_BASICRESP_delete_ext               2553	EXIST::FUNCTION:
-OCSP_SIGNATURE_it                       2554	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_SIGNATURE_it                       2554	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-X509_CRL_it                             2555	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_CRL_it                             2555	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_BASICRESP_add_ext                  2556	EXIST::FUNCTION:
-KRB5_ENCKEY_it                          2557	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-KRB5_ENCKEY_it                          2557	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_method_set_closer                    2558	EXIST::FUNCTION:
-X509_STORE_set_purpose                  2559	EXIST::FUNCTION:
-i2d_ASN1_GENERALSTRING                  2560	EXIST::FUNCTION:
-OCSP_response_status                    2561	EXIST::FUNCTION:
-i2d_OCSP_SERVICELOC                     2562	EXIST::FUNCTION:
-ENGINE_get_digest_engine                2563	EXIST::FUNCTION:ENGINE
-EC_GROUP_set_curve_GFp                  2564	EXIST::FUNCTION:EC
-OCSP_REQUEST_get_ext_by_OBJ             2565	EXIST::FUNCTION:
-_ossl_old_des_random_key                2566	EXIST::FUNCTION:DES
-ASN1_T61STRING_it                       2567	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_T61STRING_it                       2567	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EC_GROUP_method_of                      2568	EXIST::FUNCTION:EC
-i2d_KRB5_APREQ                          2569	EXIST::FUNCTION:
-_ossl_old_des_encrypt                   2570	EXIST::FUNCTION:DES
-ASN1_PRINTABLE_new                      2571	EXIST::FUNCTION:
-HMAC_Init_ex                            2572	EXIST::FUNCTION:HMAC
-d2i_KRB5_AUTHENT                        2573	EXIST::FUNCTION:
-OCSP_archive_cutoff_new                 2574	EXIST::FUNCTION:
-EC_POINT_set_Jprojective_coordinates_GFp 2575	EXIST:!VMS:FUNCTION:EC
-EC_POINT_set_Jproj_coords_GFp           2575	EXIST:VMS:FUNCTION:EC
-_ossl_old_des_is_weak_key               2576	EXIST::FUNCTION:DES
-OCSP_BASICRESP_get_ext_by_OBJ           2577	EXIST::FUNCTION:
-EC_POINT_oct2point                      2578	EXIST::FUNCTION:EC
-OCSP_SINGLERESP_get_ext_count           2579	EXIST::FUNCTION:
-UI_ctrl                                 2580	EXIST::FUNCTION:
-_shadow_DES_rw_mode                     2581	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES
-_shadow_DES_rw_mode                     2581	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES
-asn1_do_adb                             2582	EXIST::FUNCTION:
-ASN1_template_i2d                       2583	EXIST::FUNCTION:
-ENGINE_register_DH                      2584	EXIST::FUNCTION:ENGINE
-UI_construct_prompt                     2585	EXIST::FUNCTION:
-X509_STORE_set_trust                    2586	EXIST::FUNCTION:
-UI_dup_input_string                     2587	EXIST::FUNCTION:
-d2i_KRB5_APREQ                          2588	EXIST::FUNCTION:
-EVP_MD_CTX_copy_ex                      2589	EXIST::FUNCTION:
-OCSP_request_is_signed                  2590	EXIST::FUNCTION:
-i2d_OCSP_REQINFO                        2591	EXIST::FUNCTION:
-KRB5_ENCKEY_free                        2592	EXIST::FUNCTION:
-OCSP_resp_get0                          2593	EXIST::FUNCTION:
-GENERAL_NAME_it                         2594	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-GENERAL_NAME_it                         2594	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ASN1_GENERALIZEDTIME_it                 2595	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_GENERALIZEDTIME_it                 2595	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-X509_STORE_set_flags                    2596	EXIST::FUNCTION:
-EC_POINT_set_compressed_coordinates_GFp 2597	EXIST:!VMS:FUNCTION:EC
-EC_POINT_set_compr_coords_GFp           2597	EXIST:VMS:FUNCTION:EC
-OCSP_response_status_str                2598	EXIST::FUNCTION:
-d2i_OCSP_REVOKEDINFO                    2599	EXIST::FUNCTION:
-OCSP_basic_add1_cert                    2600	EXIST::FUNCTION:
-ERR_get_implementation                  2601	EXIST::FUNCTION:
-EVP_CipherFinal_ex                      2602	EXIST::FUNCTION:
-OCSP_CERTSTATUS_new                     2603	EXIST::FUNCTION:
-CRYPTO_cleanup_all_ex_data              2604	EXIST::FUNCTION:
-OCSP_resp_find                          2605	EXIST::FUNCTION:
-BN_nnmod                                2606	EXIST::FUNCTION:
-X509_CRL_sort                           2607	EXIST::FUNCTION:
-X509_REVOKED_set_revocationDate         2608	EXIST::FUNCTION:
-ENGINE_register_RAND                    2609	EXIST::FUNCTION:ENGINE
-OCSP_SERVICELOC_new                     2610	EXIST::FUNCTION:
-EC_POINT_set_affine_coordinates_GFp     2611	EXIST:!VMS:FUNCTION:EC
-EC_POINT_set_affine_coords_GFp          2611	EXIST:VMS:FUNCTION:EC
-_ossl_old_des_options                   2612	EXIST::FUNCTION:DES
-SXNET_it                                2613	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-SXNET_it                                2613	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_dup_input_boolean                    2614	EXIST::FUNCTION:
-PKCS12_add_CSPName_asc                  2615	EXIST::FUNCTION:
-EC_POINT_is_at_infinity                 2616	EXIST::FUNCTION:EC
-ENGINE_load_cryptodev                   2617	EXIST::FUNCTION:ENGINE
-DSO_convert_filename                    2618	EXIST::FUNCTION:
-POLICYQUALINFO_it                       2619	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-POLICYQUALINFO_it                       2619	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_register_ciphers                 2620	EXIST::FUNCTION:ENGINE
-BN_mod_lshift_quick                     2621	EXIST::FUNCTION:
-DSO_set_filename                        2622	EXIST::FUNCTION:
-ASN1_item_free                          2623	EXIST::FUNCTION:
-KRB5_TKTBODY_free                       2624	EXIST::FUNCTION:
-AUTHORITY_KEYID_it                      2625	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-AUTHORITY_KEYID_it                      2625	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-KRB5_APREQBODY_new                      2626	EXIST::FUNCTION:
-X509V3_EXT_REQ_add_nconf                2627	EXIST::FUNCTION:
-ENGINE_ctrl_cmd_string                  2628	EXIST::FUNCTION:ENGINE
-i2d_OCSP_RESPDATA                       2629	EXIST::FUNCTION:
-EVP_MD_CTX_init                         2630	EXIST::FUNCTION:
-EXTENDED_KEY_USAGE_free                 2631	EXIST::FUNCTION:
-PKCS7_ATTR_SIGN_it                      2632	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS7_ATTR_SIGN_it                      2632	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_add_error_string                     2633	EXIST::FUNCTION:
-KRB5_CHECKSUM_free                      2634	EXIST::FUNCTION:
-OCSP_REQUEST_get_ext                    2635	EXIST::FUNCTION:
-ENGINE_load_ubsec                       2636	EXIST::FUNCTION:ENGINE,STATIC_ENGINE
-ENGINE_register_all_digests             2637	EXIST::FUNCTION:ENGINE
-PKEY_USAGE_PERIOD_it                    2638	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKEY_USAGE_PERIOD_it                    2638	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-PKCS12_unpack_authsafes                 2639	EXIST::FUNCTION:
-ASN1_item_unpack                        2640	EXIST::FUNCTION:
-NETSCAPE_SPKAC_it                       2641	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-NETSCAPE_SPKAC_it                       2641	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-X509_REVOKED_it                         2642	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_REVOKED_it                         2642	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ASN1_STRING_encode                      2643	NOEXIST::FUNCTION:
-EVP_aes_128_ecb                         2644	EXIST::FUNCTION:AES
-KRB5_AUTHENT_free                       2645	EXIST::FUNCTION:
-OCSP_BASICRESP_get_ext_by_critical      2646	EXIST:!VMS:FUNCTION:
-OCSP_BASICRESP_get_ext_by_crit          2646	EXIST:VMS:FUNCTION:
-OCSP_cert_status_str                    2647	EXIST::FUNCTION:
-d2i_OCSP_REQUEST                        2648	EXIST::FUNCTION:
-UI_dup_info_string                      2649	EXIST::FUNCTION:
-_ossl_old_des_xwhite_in2out             2650	NOEXIST::FUNCTION:
-PKCS12_it                               2651	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS12_it                               2651	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_SINGLERESP_get_ext_by_critical     2652	EXIST:!VMS:FUNCTION:
-OCSP_SINGLERESP_get_ext_by_crit         2652	EXIST:VMS:FUNCTION:
-OCSP_CERTSTATUS_free                    2653	EXIST::FUNCTION:
-_ossl_old_des_crypt                     2654	EXIST::FUNCTION:DES
-ASN1_item_i2d                           2655	EXIST::FUNCTION:
-EVP_DecryptFinal_ex                     2656	EXIST::FUNCTION:
-ENGINE_load_openssl                     2657	EXIST::FUNCTION:ENGINE
-ENGINE_get_cmd_defns                    2658	EXIST::FUNCTION:ENGINE
-ENGINE_set_load_privkey_function        2659	EXIST:!VMS:FUNCTION:ENGINE
-ENGINE_set_load_privkey_fn              2659	EXIST:VMS:FUNCTION:ENGINE
-EVP_EncryptFinal_ex                     2660	EXIST::FUNCTION:
-ENGINE_set_default_digests              2661	EXIST::FUNCTION:ENGINE
-X509_get0_pubkey_bitstr                 2662	EXIST::FUNCTION:
-asn1_ex_i2c                             2663	EXIST::FUNCTION:
-ENGINE_register_RSA                     2664	EXIST::FUNCTION:ENGINE
-ENGINE_unregister_DSA                   2665	EXIST::FUNCTION:ENGINE
-_ossl_old_des_key_sched                 2666	EXIST::FUNCTION:DES
-X509_EXTENSION_it                       2667	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_EXTENSION_it                       2667	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-i2d_KRB5_AUTHENT                        2668	EXIST::FUNCTION:
-SXNETID_it                              2669	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-SXNETID_it                              2669	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-d2i_OCSP_SINGLERESP                     2670	EXIST::FUNCTION:
-EDIPARTYNAME_new                        2671	EXIST::FUNCTION:
-PKCS12_certbag2x509                     2672	EXIST::FUNCTION:
-_ossl_old_des_ofb64_encrypt             2673	EXIST::FUNCTION:DES
-d2i_EXTENDED_KEY_USAGE                  2674	EXIST::FUNCTION:
-ERR_print_errors_cb                     2675	EXIST::FUNCTION:
-ENGINE_set_ciphers                      2676	EXIST::FUNCTION:ENGINE
-d2i_KRB5_APREQBODY                      2677	EXIST::FUNCTION:
-UI_method_get_flusher                   2678	EXIST::FUNCTION:
-X509_PUBKEY_it                          2679	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_PUBKEY_it                          2679	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-_ossl_old_des_enc_read                  2680	EXIST::FUNCTION:DES
-PKCS7_ENCRYPT_it                        2681	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS7_ENCRYPT_it                        2681	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-i2d_OCSP_RESPONSE                       2682	EXIST::FUNCTION:
-EC_GROUP_get_cofactor                   2683	EXIST::FUNCTION:EC
-PKCS12_unpack_p7data                    2684	EXIST::FUNCTION:
-d2i_KRB5_AUTHDATA                       2685	EXIST::FUNCTION:
-OCSP_copy_nonce                         2686	EXIST::FUNCTION:
-KRB5_AUTHDATA_new                       2687	EXIST::FUNCTION:
-OCSP_RESPDATA_new                       2688	EXIST::FUNCTION:
-EC_GFp_mont_method                      2689	EXIST::FUNCTION:EC
-OCSP_REVOKEDINFO_free                   2690	EXIST::FUNCTION:
-UI_get_ex_data                          2691	EXIST::FUNCTION:
-KRB5_APREQBODY_free                     2692	EXIST::FUNCTION:
-EC_GROUP_get0_generator                 2693	EXIST::FUNCTION:EC
-UI_get_default_method                   2694	EXIST::FUNCTION:
-X509V3_set_nconf                        2695	EXIST::FUNCTION:
-PKCS12_item_i2d_encrypt                 2696	EXIST::FUNCTION:
-X509_add1_ext_i2d                       2697	EXIST::FUNCTION:
-PKCS7_SIGNER_INFO_it                    2698	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS7_SIGNER_INFO_it                    2698	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-KRB5_PRINCNAME_new                      2699	EXIST::FUNCTION:
-PKCS12_SAFEBAG_it                       2700	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS12_SAFEBAG_it                       2700	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EC_GROUP_get_order                      2701	EXIST::FUNCTION:EC
-d2i_OCSP_RESPID                         2702	EXIST::FUNCTION:
-OCSP_request_verify                     2703	EXIST::FUNCTION:
-NCONF_get_number_e                      2704	EXIST::FUNCTION:
-_ossl_old_des_decrypt3                  2705	EXIST::FUNCTION:DES
-X509_signature_print                    2706	EXIST::FUNCTION:EVP
-OCSP_SINGLERESP_free                    2707	EXIST::FUNCTION:
-ENGINE_load_builtin_engines             2708	EXIST::FUNCTION:ENGINE
-i2d_OCSP_ONEREQ                         2709	EXIST::FUNCTION:
-OCSP_REQUEST_add_ext                    2710	EXIST::FUNCTION:
-OCSP_RESPBYTES_new                      2711	EXIST::FUNCTION:
-EVP_MD_CTX_create                       2712	EXIST::FUNCTION:
-OCSP_resp_find_status                   2713	EXIST::FUNCTION:
-X509_ALGOR_it                           2714	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_ALGOR_it                           2714	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ASN1_TIME_it                            2715	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_TIME_it                            2715	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_request_set1_name                  2716	EXIST::FUNCTION:
-OCSP_ONEREQ_get_ext_count               2717	EXIST::FUNCTION:
-UI_get0_result                          2718	EXIST::FUNCTION:
-PKCS12_AUTHSAFES_it                     2719	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS12_AUTHSAFES_it                     2719	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EVP_aes_256_ecb                         2720	EXIST::FUNCTION:AES
-PKCS12_pack_authsafes                   2721	EXIST::FUNCTION:
-ASN1_IA5STRING_it                       2722	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_IA5STRING_it                       2722	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_get_input_flags                      2723	EXIST::FUNCTION:
-EC_GROUP_set_generator                  2724	EXIST::FUNCTION:EC
-_ossl_old_des_string_to_2keys           2725	EXIST::FUNCTION:DES
-OCSP_CERTID_free                        2726	EXIST::FUNCTION:
-X509_CERT_AUX_it                        2727	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_CERT_AUX_it                        2727	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-CERTIFICATEPOLICIES_it                  2728	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-CERTIFICATEPOLICIES_it                  2728	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-_ossl_old_des_ede3_cbc_encrypt          2729	EXIST::FUNCTION:DES
-RAND_set_rand_engine                    2730	EXIST::FUNCTION:ENGINE
-DSO_get_loaded_filename                 2731	EXIST::FUNCTION:
-X509_ATTRIBUTE_it                       2732	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_ATTRIBUTE_it                       2732	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_ONEREQ_get_ext_by_NID              2733	EXIST::FUNCTION:
-PKCS12_decrypt_skey                     2734	EXIST::FUNCTION:
-KRB5_AUTHENT_it                         2735	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-KRB5_AUTHENT_it                         2735	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_dup_error_string                     2736	EXIST::FUNCTION:
-RSAPublicKey_it                         2737	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
-RSAPublicKey_it                         2737	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
-i2d_OCSP_REQUEST                        2738	EXIST::FUNCTION:
-PKCS12_x509crl2certbag                  2739	EXIST::FUNCTION:
-OCSP_SERVICELOC_it                      2740	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_SERVICELOC_it                      2740	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ASN1_item_sign                          2741	EXIST::FUNCTION:EVP
-X509_CRL_set_issuer_name                2742	EXIST::FUNCTION:
-OBJ_NAME_do_all_sorted                  2743	EXIST::FUNCTION:
-i2d_OCSP_BASICRESP                      2744	EXIST::FUNCTION:
-i2d_OCSP_RESPBYTES                      2745	EXIST::FUNCTION:
-PKCS12_unpack_p7encdata                 2746	EXIST::FUNCTION:
-HMAC_CTX_init                           2747	EXIST::FUNCTION:HMAC
-ENGINE_get_digest                       2748	EXIST::FUNCTION:ENGINE
-OCSP_RESPONSE_print                     2749	EXIST::FUNCTION:
-KRB5_TKTBODY_it                         2750	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-KRB5_TKTBODY_it                         2750	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ACCESS_DESCRIPTION_it                   2751	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ACCESS_DESCRIPTION_it                   2751	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-PKCS7_ISSUER_AND_SERIAL_it              2752	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS7_ISSUER_AND_SERIAL_it              2752	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-PBE2PARAM_it                            2753	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PBE2PARAM_it                            2753	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-PKCS12_certbag2x509crl                  2754	EXIST::FUNCTION:
-PKCS7_SIGNED_it                         2755	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS7_SIGNED_it                         2755	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_get_cipher                       2756	EXIST::FUNCTION:ENGINE
-i2d_OCSP_CRLID                          2757	EXIST::FUNCTION:
-OCSP_SINGLERESP_new                     2758	EXIST::FUNCTION:
-ENGINE_cmd_is_executable                2759	EXIST::FUNCTION:ENGINE
-RSA_up_ref                              2760	EXIST::FUNCTION:RSA
-ASN1_GENERALSTRING_it                   2761	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_GENERALSTRING_it                   2761	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_register_DSA                     2762	EXIST::FUNCTION:ENGINE
-X509V3_EXT_add_nconf_sk                 2763	EXIST::FUNCTION:
-ENGINE_set_load_pubkey_function         2764	EXIST::FUNCTION:ENGINE
-PKCS8_decrypt                           2765	EXIST::FUNCTION:
-PEM_bytes_read_bio                      2766	EXIST::FUNCTION:BIO
-DIRECTORYSTRING_it                      2767	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-DIRECTORYSTRING_it                      2767	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-d2i_OCSP_CRLID                          2768	EXIST::FUNCTION:
-EC_POINT_is_on_curve                    2769	EXIST::FUNCTION:EC
-CRYPTO_set_locked_mem_ex_functions      2770	EXIST:!VMS:FUNCTION:
-CRYPTO_set_locked_mem_ex_funcs          2770	EXIST:VMS:FUNCTION:
-d2i_KRB5_CHECKSUM                       2771	EXIST::FUNCTION:
-ASN1_item_dup                           2772	EXIST::FUNCTION:
-X509_it                                 2773	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_it                                 2773	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-BN_mod_add                              2774	EXIST::FUNCTION:
-KRB5_AUTHDATA_free                      2775	EXIST::FUNCTION:
-_ossl_old_des_cbc_cksum                 2776	EXIST::FUNCTION:DES
-ASN1_item_verify                        2777	EXIST::FUNCTION:EVP
-CRYPTO_set_mem_ex_functions             2778	EXIST::FUNCTION:
-EC_POINT_get_Jprojective_coordinates_GFp 2779	EXIST:!VMS:FUNCTION:EC
-EC_POINT_get_Jproj_coords_GFp           2779	EXIST:VMS:FUNCTION:EC
-ZLONG_it                                2780	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ZLONG_it                                2780	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-CRYPTO_get_locked_mem_ex_functions      2781	EXIST:!VMS:FUNCTION:
-CRYPTO_get_locked_mem_ex_funcs          2781	EXIST:VMS:FUNCTION:
-ASN1_TIME_check                         2782	EXIST::FUNCTION:
-UI_get0_user_data                       2783	EXIST::FUNCTION:
-HMAC_CTX_cleanup                        2784	EXIST::FUNCTION:HMAC
-DSA_up_ref                              2785	EXIST::FUNCTION:DSA
-_ossl_old_des_ede3_cfb64_encrypt        2786	EXIST:!VMS:FUNCTION:DES
-_ossl_odes_ede3_cfb64_encrypt           2786	EXIST:VMS:FUNCTION:DES
-ASN1_BMPSTRING_it                       2787	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_BMPSTRING_it                       2787	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ASN1_tag2bit                            2788	EXIST::FUNCTION:
-UI_method_set_flusher                   2789	EXIST::FUNCTION:
-X509_ocspid_print                       2790	EXIST::FUNCTION:BIO
-KRB5_ENCDATA_it                         2791	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-KRB5_ENCDATA_it                         2791	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_get_load_pubkey_function         2792	EXIST::FUNCTION:ENGINE
-UI_add_user_data                        2793	EXIST::FUNCTION:
-OCSP_REQUEST_delete_ext                 2794	EXIST::FUNCTION:
-UI_get_method                           2795	EXIST::FUNCTION:
-OCSP_ONEREQ_free                        2796	EXIST::FUNCTION:
-ASN1_PRINTABLESTRING_it                 2797	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_PRINTABLESTRING_it                 2797	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-X509_CRL_set_nextUpdate                 2798	EXIST::FUNCTION:
-OCSP_REQUEST_it                         2799	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_REQUEST_it                         2799	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_BASICRESP_it                       2800	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_BASICRESP_it                       2800	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-AES_ecb_encrypt                         2801	EXIST::FUNCTION:AES
-BN_mod_sqr                              2802	EXIST::FUNCTION:
-NETSCAPE_CERT_SEQUENCE_it               2803	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-NETSCAPE_CERT_SEQUENCE_it               2803	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-GENERAL_NAMES_it                        2804	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-GENERAL_NAMES_it                        2804	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-AUTHORITY_INFO_ACCESS_it                2805	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-AUTHORITY_INFO_ACCESS_it                2805	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ASN1_FBOOLEAN_it                        2806	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_FBOOLEAN_it                        2806	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_set_ex_data                          2807	EXIST::FUNCTION:
-_ossl_old_des_string_to_key             2808	EXIST::FUNCTION:DES
-ENGINE_register_all_RSA                 2809	EXIST::FUNCTION:ENGINE
-d2i_KRB5_PRINCNAME                      2810	EXIST::FUNCTION:
-OCSP_RESPBYTES_it                       2811	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_RESPBYTES_it                       2811	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-X509_CINF_it                            2812	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_CINF_it                            2812	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_unregister_digests               2813	EXIST::FUNCTION:ENGINE
-d2i_EDIPARTYNAME                        2814	EXIST::FUNCTION:
-d2i_OCSP_SERVICELOC                     2815	EXIST::FUNCTION:
-ENGINE_get_digests                      2816	EXIST::FUNCTION:ENGINE
-_ossl_old_des_set_odd_parity            2817	EXIST::FUNCTION:DES
-OCSP_RESPDATA_free                      2818	EXIST::FUNCTION:
-d2i_KRB5_TICKET                         2819	EXIST::FUNCTION:
-OTHERNAME_it                            2820	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OTHERNAME_it                            2820	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EVP_MD_CTX_cleanup                      2821	EXIST::FUNCTION:
-d2i_ASN1_GENERALSTRING                  2822	EXIST::FUNCTION:
-X509_CRL_set_version                    2823	EXIST::FUNCTION:
-BN_mod_sub                              2824	EXIST::FUNCTION:
-OCSP_SINGLERESP_get_ext_by_NID          2825	EXIST::FUNCTION:
-ENGINE_get_ex_new_index                 2826	EXIST::FUNCTION:ENGINE
-OCSP_REQUEST_free                       2827	EXIST::FUNCTION:
-OCSP_REQUEST_add1_ext_i2d               2828	EXIST::FUNCTION:
-X509_VAL_it                             2829	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_VAL_it                             2829	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EC_POINTs_make_affine                   2830	EXIST::FUNCTION:EC
-EC_POINT_mul                            2831	EXIST::FUNCTION:EC
-X509V3_EXT_add_nconf                    2832	EXIST::FUNCTION:
-X509_TRUST_set                          2833	EXIST::FUNCTION:
-X509_CRL_add1_ext_i2d                   2834	EXIST::FUNCTION:
-_ossl_old_des_fcrypt                    2835	EXIST::FUNCTION:DES
-DISPLAYTEXT_it                          2836	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-DISPLAYTEXT_it                          2836	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-X509_CRL_set_lastUpdate                 2837	EXIST::FUNCTION:
-OCSP_BASICRESP_free                     2838	EXIST::FUNCTION:
-OCSP_BASICRESP_add1_ext_i2d             2839	EXIST::FUNCTION:
-d2i_KRB5_AUTHENTBODY                    2840	EXIST::FUNCTION:
-CRYPTO_set_ex_data_implementation       2841	EXIST:!VMS:FUNCTION:
-CRYPTO_set_ex_data_impl                 2841	EXIST:VMS:FUNCTION:
-KRB5_ENCDATA_new                        2842	EXIST::FUNCTION:
-DSO_up_ref                              2843	EXIST::FUNCTION:
-OCSP_crl_reason_str                     2844	EXIST::FUNCTION:
-UI_get0_result_string                   2845	EXIST::FUNCTION:
-ASN1_GENERALSTRING_new                  2846	EXIST::FUNCTION:
-X509_SIG_it                             2847	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_SIG_it                             2847	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ERR_set_implementation                  2848	EXIST::FUNCTION:
-ERR_load_EC_strings                     2849	EXIST::FUNCTION:EC
-UI_get0_action_string                   2850	EXIST::FUNCTION:
-OCSP_ONEREQ_get_ext                     2851	EXIST::FUNCTION:
-EC_POINT_method_of                      2852	EXIST::FUNCTION:EC
-i2d_KRB5_APREQBODY                      2853	EXIST::FUNCTION:
-_ossl_old_des_ecb3_encrypt              2854	EXIST::FUNCTION:DES
-CRYPTO_get_mem_ex_functions             2855	EXIST::FUNCTION:
-ENGINE_get_ex_data                      2856	EXIST::FUNCTION:ENGINE
-UI_destroy_method                       2857	EXIST::FUNCTION:
-ASN1_item_i2d_bio                       2858	EXIST::FUNCTION:BIO
-OCSP_ONEREQ_get_ext_by_OBJ              2859	EXIST::FUNCTION:
-ASN1_primitive_new                      2860	EXIST::FUNCTION:
-ASN1_PRINTABLE_it                       2861	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_PRINTABLE_it                       2861	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EVP_aes_192_ecb                         2862	EXIST::FUNCTION:AES
-OCSP_SIGNATURE_new                      2863	EXIST::FUNCTION:
-LONG_it                                 2864	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-LONG_it                                 2864	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ASN1_VISIBLESTRING_it                   2865	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_VISIBLESTRING_it                   2865	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_SINGLERESP_add1_ext_i2d            2866	EXIST::FUNCTION:
-d2i_OCSP_CERTID                         2867	EXIST::FUNCTION:
-ASN1_item_d2i_fp                        2868	EXIST::FUNCTION:FP_API
-CRL_DIST_POINTS_it                      2869	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-CRL_DIST_POINTS_it                      2869	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-GENERAL_NAME_print                      2870	EXIST::FUNCTION:
-OCSP_SINGLERESP_delete_ext              2871	EXIST::FUNCTION:
-PKCS12_SAFEBAGS_it                      2872	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS12_SAFEBAGS_it                      2872	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-d2i_OCSP_SIGNATURE                      2873	EXIST::FUNCTION:
-OCSP_request_add1_nonce                 2874	EXIST::FUNCTION:
-ENGINE_set_cmd_defns                    2875	EXIST::FUNCTION:ENGINE
-OCSP_SERVICELOC_free                    2876	EXIST::FUNCTION:
-EC_GROUP_free                           2877	EXIST::FUNCTION:EC
-ASN1_BIT_STRING_it                      2878	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_BIT_STRING_it                      2878	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-X509_REQ_it                             2879	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_REQ_it                             2879	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-_ossl_old_des_cbc_encrypt               2880	EXIST::FUNCTION:DES
-ERR_unload_strings                      2881	EXIST::FUNCTION:
-PKCS7_SIGN_ENVELOPE_it                  2882	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS7_SIGN_ENVELOPE_it                  2882	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EDIPARTYNAME_free                       2883	EXIST::FUNCTION:
-OCSP_REQINFO_free                       2884	EXIST::FUNCTION:
-EC_GROUP_new_curve_GFp                  2885	EXIST::FUNCTION:EC
-OCSP_REQUEST_get1_ext_d2i               2886	EXIST::FUNCTION:
-PKCS12_item_pack_safebag                2887	EXIST::FUNCTION:
-asn1_ex_c2i                             2888	EXIST::FUNCTION:
-ENGINE_register_digests                 2889	EXIST::FUNCTION:ENGINE
-i2d_OCSP_REVOKEDINFO                    2890	EXIST::FUNCTION:
-asn1_enc_restore                        2891	EXIST::FUNCTION:
-UI_free                                 2892	EXIST::FUNCTION:
-UI_new_method                           2893	EXIST::FUNCTION:
-EVP_EncryptInit_ex                      2894	EXIST::FUNCTION:
-X509_pubkey_digest                      2895	EXIST::FUNCTION:EVP
-EC_POINT_invert                         2896	EXIST::FUNCTION:EC
-OCSP_basic_sign                         2897	EXIST::FUNCTION:
-i2d_OCSP_RESPID                         2898	EXIST::FUNCTION:
-OCSP_check_nonce                        2899	EXIST::FUNCTION:
-ENGINE_ctrl_cmd                         2900	EXIST::FUNCTION:ENGINE
-d2i_KRB5_ENCKEY                         2901	EXIST::FUNCTION:
-OCSP_parse_url                          2902	EXIST::FUNCTION:
-OCSP_SINGLERESP_get_ext                 2903	EXIST::FUNCTION:
-OCSP_CRLID_free                         2904	EXIST::FUNCTION:
-OCSP_BASICRESP_get1_ext_d2i             2905	EXIST::FUNCTION:
-RSAPrivateKey_it                        2906	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
-RSAPrivateKey_it                        2906	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
-ENGINE_register_all_DH                  2907	EXIST::FUNCTION:ENGINE
-i2d_EDIPARTYNAME                        2908	EXIST::FUNCTION:
-EC_POINT_get_affine_coordinates_GFp     2909	EXIST:!VMS:FUNCTION:EC
-EC_POINT_get_affine_coords_GFp          2909	EXIST:VMS:FUNCTION:EC
-OCSP_CRLID_new                          2910	EXIST::FUNCTION:
-ENGINE_get_flags                        2911	EXIST::FUNCTION:ENGINE
-OCSP_ONEREQ_it                          2912	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_ONEREQ_it                          2912	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_process                              2913	EXIST::FUNCTION:
-ASN1_INTEGER_it                         2914	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_INTEGER_it                         2914	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EVP_CipherInit_ex                       2915	EXIST::FUNCTION:
-UI_get_string_type                      2916	EXIST::FUNCTION:
-ENGINE_unregister_DH                    2917	EXIST::FUNCTION:ENGINE
-ENGINE_register_all_DSA                 2918	EXIST::FUNCTION:ENGINE
-OCSP_ONEREQ_get_ext_by_critical         2919	EXIST::FUNCTION:
-bn_dup_expand                           2920	EXIST::FUNCTION:DEPRECATED
-OCSP_cert_id_new                        2921	EXIST::FUNCTION:
-BASIC_CONSTRAINTS_it                    2922	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-BASIC_CONSTRAINTS_it                    2922	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-BN_mod_add_quick                        2923	EXIST::FUNCTION:
-EC_POINT_new                            2924	EXIST::FUNCTION:EC
-EVP_MD_CTX_destroy                      2925	EXIST::FUNCTION:
-OCSP_RESPBYTES_free                     2926	EXIST::FUNCTION:
-EVP_aes_128_cbc                         2927	EXIST::FUNCTION:AES
-OCSP_SINGLERESP_get1_ext_d2i            2928	EXIST::FUNCTION:
-EC_POINT_free                           2929	EXIST::FUNCTION:EC
-DH_up_ref                               2930	EXIST::FUNCTION:DH
-X509_NAME_ENTRY_it                      2931	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_NAME_ENTRY_it                      2931	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_get_ex_new_index                     2932	EXIST::FUNCTION:
-BN_mod_sub_quick                        2933	EXIST::FUNCTION:
-OCSP_ONEREQ_add_ext                     2934	EXIST::FUNCTION:
-OCSP_request_sign                       2935	EXIST::FUNCTION:
-EVP_DigestFinal_ex                      2936	EXIST::FUNCTION:
-ENGINE_set_digests                      2937	EXIST::FUNCTION:ENGINE
-OCSP_id_issuer_cmp                      2938	EXIST::FUNCTION:
-OBJ_NAME_do_all                         2939	EXIST::FUNCTION:
-EC_POINTs_mul                           2940	EXIST::FUNCTION:EC
-ENGINE_register_complete                2941	EXIST::FUNCTION:ENGINE
-X509V3_EXT_nconf_nid                    2942	EXIST::FUNCTION:
-ASN1_SEQUENCE_it                        2943	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_SEQUENCE_it                        2943	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_set_default_method                   2944	EXIST::FUNCTION:
-RAND_query_egd_bytes                    2945	EXIST::FUNCTION:
-UI_method_get_writer                    2946	EXIST::FUNCTION:
-UI_OpenSSL                              2947	EXIST::FUNCTION:
-PEM_def_callback                        2948	EXIST::FUNCTION:
-ENGINE_cleanup                          2949	EXIST::FUNCTION:ENGINE
-DIST_POINT_it                           2950	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-DIST_POINT_it                           2950	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_SINGLERESP_it                      2951	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_SINGLERESP_it                      2951	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-d2i_KRB5_TKTBODY                        2952	EXIST::FUNCTION:
-EC_POINT_cmp                            2953	EXIST::FUNCTION:EC
-OCSP_REVOKEDINFO_new                    2954	EXIST::FUNCTION:
-i2d_OCSP_CERTSTATUS                     2955	EXIST::FUNCTION:
-OCSP_basic_add1_nonce                   2956	EXIST::FUNCTION:
-ASN1_item_ex_d2i                        2957	EXIST::FUNCTION:
-BN_mod_lshift1_quick                    2958	EXIST::FUNCTION:
-UI_set_method                           2959	EXIST::FUNCTION:
-OCSP_id_get0_info                       2960	EXIST::FUNCTION:
-BN_mod_sqrt                             2961	EXIST::FUNCTION:
-EC_GROUP_copy                           2962	EXIST::FUNCTION:EC
-KRB5_ENCDATA_free                       2963	EXIST::FUNCTION:
-_ossl_old_des_cfb_encrypt               2964	EXIST::FUNCTION:DES
-OCSP_SINGLERESP_get_ext_by_OBJ          2965	EXIST::FUNCTION:
-OCSP_cert_to_id                         2966	EXIST::FUNCTION:
-OCSP_RESPID_new                         2967	EXIST::FUNCTION:
-OCSP_RESPDATA_it                        2968	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_RESPDATA_it                        2968	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-d2i_OCSP_RESPDATA                       2969	EXIST::FUNCTION:
-ENGINE_register_all_complete            2970	EXIST::FUNCTION:ENGINE
-OCSP_check_validity                     2971	EXIST::FUNCTION:
-PKCS12_BAGS_it                          2972	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS12_BAGS_it                          2972	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_url_svcloc_new                     2973	EXIST::FUNCTION:
-ASN1_template_free                      2974	EXIST::FUNCTION:
-OCSP_SINGLERESP_add_ext                 2975	EXIST::FUNCTION:
-KRB5_AUTHENTBODY_it                     2976	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-KRB5_AUTHENTBODY_it                     2976	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-X509_supported_extension                2977	EXIST::FUNCTION:
-i2d_KRB5_AUTHDATA                       2978	EXIST::FUNCTION:
-UI_method_get_opener                    2979	EXIST::FUNCTION:
-ENGINE_set_ex_data                      2980	EXIST::FUNCTION:ENGINE
-OCSP_REQUEST_print                      2981	EXIST::FUNCTION:
-CBIGNUM_it                              2982	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-CBIGNUM_it                              2982	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-KRB5_TICKET_new                         2983	EXIST::FUNCTION:
-KRB5_APREQ_new                          2984	EXIST::FUNCTION:
-EC_GROUP_get_curve_GFp                  2985	EXIST::FUNCTION:EC
-KRB5_ENCKEY_new                         2986	EXIST::FUNCTION:
-ASN1_template_d2i                       2987	EXIST::FUNCTION:
-_ossl_old_des_quad_cksum                2988	EXIST::FUNCTION:DES
-OCSP_single_get0_status                 2989	EXIST::FUNCTION:
-BN_swap                                 2990	EXIST::FUNCTION:
-POLICYINFO_it                           2991	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-POLICYINFO_it                           2991	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_set_destroy_function             2992	EXIST::FUNCTION:ENGINE
-asn1_enc_free                           2993	EXIST::FUNCTION:
-OCSP_RESPID_it                          2994	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_RESPID_it                          2994	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EC_GROUP_new                            2995	EXIST::FUNCTION:EC
-EVP_aes_256_cbc                         2996	EXIST::FUNCTION:AES
-i2d_KRB5_PRINCNAME                      2997	EXIST::FUNCTION:
-_ossl_old_des_encrypt2                  2998	EXIST::FUNCTION:DES
-_ossl_old_des_encrypt3                  2999	EXIST::FUNCTION:DES
-PKCS8_PRIV_KEY_INFO_it                  3000	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS8_PRIV_KEY_INFO_it                  3000	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_REQINFO_it                         3001	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_REQINFO_it                         3001	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-PBEPARAM_it                             3002	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PBEPARAM_it                             3002	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-KRB5_AUTHENTBODY_new                    3003	EXIST::FUNCTION:
-X509_CRL_add0_revoked                   3004	EXIST::FUNCTION:
-EDIPARTYNAME_it                         3005	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-EDIPARTYNAME_it                         3005	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-NETSCAPE_SPKI_it                        3006	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-NETSCAPE_SPKI_it                        3006	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_get0_test_string                     3007	EXIST::FUNCTION:
-ENGINE_get_cipher_engine                3008	EXIST::FUNCTION:ENGINE
-ENGINE_register_all_ciphers             3009	EXIST::FUNCTION:ENGINE
-EC_POINT_copy                           3010	EXIST::FUNCTION:EC
-BN_kronecker                            3011	EXIST::FUNCTION:
-_ossl_old_des_ede3_ofb64_encrypt        3012	EXIST:!VMS:FUNCTION:DES
-_ossl_odes_ede3_ofb64_encrypt           3012	EXIST:VMS:FUNCTION:DES
-UI_method_get_reader                    3013	EXIST::FUNCTION:
-OCSP_BASICRESP_get_ext_count            3014	EXIST::FUNCTION:
-ASN1_ENUMERATED_it                      3015	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_ENUMERATED_it                      3015	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_set_result                           3016	EXIST::FUNCTION:
-i2d_KRB5_TICKET                         3017	EXIST::FUNCTION:
-X509_print_ex_fp                        3018	EXIST::FUNCTION:FP_API
-EVP_CIPHER_CTX_set_padding              3019	EXIST::FUNCTION:
-d2i_OCSP_RESPONSE                       3020	EXIST::FUNCTION:
-ASN1_UTCTIME_it                         3021	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_UTCTIME_it                         3021	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-_ossl_old_des_enc_write                 3022	EXIST::FUNCTION:DES
-OCSP_RESPONSE_new                       3023	EXIST::FUNCTION:
-AES_set_encrypt_key                     3024	EXIST::FUNCTION:AES
-OCSP_resp_count                         3025	EXIST::FUNCTION:
-KRB5_CHECKSUM_new                       3026	EXIST::FUNCTION:
-ENGINE_load_cswift                      3027	EXIST::FUNCTION:ENGINE,STATIC_ENGINE
-OCSP_onereq_get0_id                     3028	EXIST::FUNCTION:
-ENGINE_set_default_ciphers              3029	EXIST::FUNCTION:ENGINE
-NOTICEREF_it                            3030	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-NOTICEREF_it                            3030	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-X509V3_EXT_CRL_add_nconf                3031	EXIST::FUNCTION:
-OCSP_REVOKEDINFO_it                     3032	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_REVOKEDINFO_it                     3032	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-AES_encrypt                             3033	EXIST::FUNCTION:AES
-OCSP_REQUEST_new                        3034	EXIST::FUNCTION:
-ASN1_ANY_it                             3035	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_ANY_it                             3035	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-CRYPTO_ex_data_new_class                3036	EXIST::FUNCTION:
-_ossl_old_des_ncbc_encrypt              3037	EXIST::FUNCTION:DES
-i2d_KRB5_TKTBODY                        3038	EXIST::FUNCTION:
-EC_POINT_clear_free                     3039	EXIST::FUNCTION:EC
-AES_decrypt                             3040	EXIST::FUNCTION:AES
-asn1_enc_init                           3041	EXIST::FUNCTION:
-UI_get_result_maxsize                   3042	EXIST::FUNCTION:
-OCSP_CERTID_new                         3043	EXIST::FUNCTION:
-ENGINE_unregister_RAND                  3044	EXIST::FUNCTION:ENGINE
-UI_method_get_closer                    3045	EXIST::FUNCTION:
-d2i_KRB5_ENCDATA                        3046	EXIST::FUNCTION:
-OCSP_request_onereq_count               3047	EXIST::FUNCTION:
-OCSP_basic_verify                       3048	EXIST::FUNCTION:
-KRB5_AUTHENTBODY_free                   3049	EXIST::FUNCTION:
-ASN1_item_d2i                           3050	EXIST::FUNCTION:
-ASN1_primitive_free                     3051	EXIST::FUNCTION:
-i2d_EXTENDED_KEY_USAGE                  3052	EXIST::FUNCTION:
-i2d_OCSP_SIGNATURE                      3053	EXIST::FUNCTION:
-asn1_enc_save                           3054	EXIST::FUNCTION:
-ENGINE_load_nuron                       3055	EXIST::FUNCTION:ENGINE,STATIC_ENGINE
-_ossl_old_des_pcbc_encrypt              3056	EXIST::FUNCTION:DES
-PKCS12_MAC_DATA_it                      3057	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS12_MAC_DATA_it                      3057	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_accept_responses_new               3058	EXIST::FUNCTION:
-asn1_do_lock                            3059	EXIST::FUNCTION:
-PKCS7_ATTR_VERIFY_it                    3060	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS7_ATTR_VERIFY_it                    3060	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-KRB5_APREQBODY_it                       3061	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-KRB5_APREQBODY_it                       3061	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-i2d_OCSP_SINGLERESP                     3062	EXIST::FUNCTION:
-ASN1_item_ex_new                        3063	EXIST::FUNCTION:
-UI_add_verify_string                    3064	EXIST::FUNCTION:
-_ossl_old_des_set_key                   3065	EXIST::FUNCTION:DES
-KRB5_PRINCNAME_it                       3066	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-KRB5_PRINCNAME_it                       3066	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EVP_DecryptInit_ex                      3067	EXIST::FUNCTION:
-i2d_OCSP_CERTID                         3068	EXIST::FUNCTION:
-ASN1_item_d2i_bio                       3069	EXIST::FUNCTION:BIO
-EC_POINT_dbl                            3070	EXIST::FUNCTION:EC
-asn1_get_choice_selector                3071	EXIST::FUNCTION:
-i2d_KRB5_CHECKSUM                       3072	EXIST::FUNCTION:
-ENGINE_set_table_flags                  3073	EXIST::FUNCTION:ENGINE
-AES_options                             3074	EXIST::FUNCTION:AES
-ENGINE_load_chil                        3075	EXIST::FUNCTION:ENGINE,STATIC_ENGINE
-OCSP_id_cmp                             3076	EXIST::FUNCTION:
-OCSP_BASICRESP_new                      3077	EXIST::FUNCTION:
-OCSP_REQUEST_get_ext_by_NID             3078	EXIST::FUNCTION:
-KRB5_APREQ_it                           3079	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-KRB5_APREQ_it                           3079	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_get_destroy_function             3080	EXIST::FUNCTION:ENGINE
-CONF_set_nconf                          3081	EXIST::FUNCTION:
-ASN1_PRINTABLE_free                     3082	EXIST::FUNCTION:
-OCSP_BASICRESP_get_ext_by_NID           3083	EXIST::FUNCTION:
-DIST_POINT_NAME_it                      3084	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-DIST_POINT_NAME_it                      3084	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-X509V3_extensions_print                 3085	EXIST::FUNCTION:
-_ossl_old_des_cfb64_encrypt             3086	EXIST::FUNCTION:DES
-X509_REVOKED_add1_ext_i2d               3087	EXIST::FUNCTION:
-_ossl_old_des_ofb_encrypt               3088	EXIST::FUNCTION:DES
-KRB5_TKTBODY_new                        3089	EXIST::FUNCTION:
-ASN1_OCTET_STRING_it                    3090	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_OCTET_STRING_it                    3090	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ERR_load_UI_strings                     3091	EXIST::FUNCTION:
-i2d_KRB5_ENCKEY                         3092	EXIST::FUNCTION:
-ASN1_template_new                       3093	EXIST::FUNCTION:
-OCSP_SIGNATURE_free                     3094	EXIST::FUNCTION:
-ASN1_item_i2d_fp                        3095	EXIST::FUNCTION:FP_API
-KRB5_PRINCNAME_free                     3096	EXIST::FUNCTION:
-PKCS7_RECIP_INFO_it                     3097	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS7_RECIP_INFO_it                     3097	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EXTENDED_KEY_USAGE_it                   3098	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-EXTENDED_KEY_USAGE_it                   3098	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EC_GFp_simple_method                    3099	EXIST::FUNCTION:EC
-EC_GROUP_precompute_mult                3100	EXIST::FUNCTION:EC
-OCSP_request_onereq_get0                3101	EXIST::FUNCTION:
-UI_method_set_writer                    3102	EXIST::FUNCTION:
-KRB5_AUTHENT_new                        3103	EXIST::FUNCTION:
-X509_CRL_INFO_it                        3104	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_CRL_INFO_it                        3104	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-DSO_set_name_converter                  3105	EXIST::FUNCTION:
-AES_set_decrypt_key                     3106	EXIST::FUNCTION:AES
-PKCS7_DIGEST_it                         3107	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS7_DIGEST_it                         3107	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-PKCS12_x5092certbag                     3108	EXIST::FUNCTION:
-EVP_DigestInit_ex                       3109	EXIST::FUNCTION:
-i2a_ACCESS_DESCRIPTION                  3110	EXIST::FUNCTION:
-OCSP_RESPONSE_it                        3111	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_RESPONSE_it                        3111	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-PKCS7_ENC_CONTENT_it                    3112	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS7_ENC_CONTENT_it                    3112	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_request_add0_id                    3113	EXIST::FUNCTION:
-EC_POINT_make_affine                    3114	EXIST::FUNCTION:EC
-DSO_get_filename                        3115	EXIST::FUNCTION:
-OCSP_CERTSTATUS_it                      3116	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_CERTSTATUS_it                      3116	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_request_add1_cert                  3117	EXIST::FUNCTION:
-UI_get0_output_string                   3118	EXIST::FUNCTION:
-UI_dup_verify_string                    3119	EXIST::FUNCTION:
-BN_mod_lshift                           3120	EXIST::FUNCTION:
-KRB5_AUTHDATA_it                        3121	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-KRB5_AUTHDATA_it                        3121	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-asn1_set_choice_selector                3122	EXIST::FUNCTION:
-OCSP_basic_add1_status                  3123	EXIST::FUNCTION:
-OCSP_RESPID_free                        3124	EXIST::FUNCTION:
-asn1_get_field_ptr                      3125	EXIST::FUNCTION:
-UI_add_input_string                     3126	EXIST::FUNCTION:
-OCSP_CRLID_it                           3127	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_CRLID_it                           3127	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-i2d_KRB5_AUTHENTBODY                    3128	EXIST::FUNCTION:
-OCSP_REQUEST_get_ext_count              3129	EXIST::FUNCTION:
-ENGINE_load_atalla                      3130	EXIST::FUNCTION:ENGINE,STATIC_ENGINE
-X509_NAME_it                            3131	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_NAME_it                            3131	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-USERNOTICE_it                           3132	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-USERNOTICE_it                           3132	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_REQINFO_new                        3133	EXIST::FUNCTION:
-OCSP_BASICRESP_get_ext                  3134	EXIST::FUNCTION:
-CRYPTO_get_ex_data_implementation       3135	EXIST:!VMS:FUNCTION:
-CRYPTO_get_ex_data_impl                 3135	EXIST:VMS:FUNCTION:
-ASN1_item_pack                          3136	EXIST::FUNCTION:
-i2d_KRB5_ENCDATA                        3137	EXIST::FUNCTION:
-X509_PURPOSE_set                        3138	EXIST::FUNCTION:
-X509_REQ_INFO_it                        3139	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_REQ_INFO_it                        3139	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_method_set_opener                    3140	EXIST::FUNCTION:
-ASN1_item_ex_free                       3141	EXIST::FUNCTION:
-ASN1_BOOLEAN_it                         3142	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_BOOLEAN_it                         3142	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_get_table_flags                  3143	EXIST::FUNCTION:ENGINE
-UI_create_method                        3144	EXIST::FUNCTION:
-OCSP_ONEREQ_add1_ext_i2d                3145	EXIST::FUNCTION:
-_shadow_DES_check_key                   3146	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES
-_shadow_DES_check_key                   3146	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES
-d2i_OCSP_REQINFO                        3147	EXIST::FUNCTION:
-UI_add_info_string                      3148	EXIST::FUNCTION:
-UI_get_result_minsize                   3149	EXIST::FUNCTION:
-ASN1_NULL_it                            3150	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_NULL_it                            3150	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-BN_mod_lshift1                          3151	EXIST::FUNCTION:
-d2i_OCSP_ONEREQ                         3152	EXIST::FUNCTION:
-OCSP_ONEREQ_new                         3153	EXIST::FUNCTION:
-KRB5_TICKET_it                          3154	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-KRB5_TICKET_it                          3154	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EVP_aes_192_cbc                         3155	EXIST::FUNCTION:AES
-KRB5_TICKET_free                        3156	EXIST::FUNCTION:
-UI_new                                  3157	EXIST::FUNCTION:
-OCSP_response_create                    3158	EXIST::FUNCTION:
-_ossl_old_des_xcbc_encrypt              3159	EXIST::FUNCTION:DES
-PKCS7_it                                3160	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS7_it                                3160	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_REQUEST_get_ext_by_critical        3161	EXIST:!VMS:FUNCTION:
-OCSP_REQUEST_get_ext_by_crit            3161	EXIST:VMS:FUNCTION:
-ENGINE_set_flags                        3162	EXIST::FUNCTION:ENGINE
-_ossl_old_des_ecb_encrypt               3163	EXIST::FUNCTION:DES
-OCSP_response_get1_basic                3164	EXIST::FUNCTION:
-EVP_Digest                              3165	EXIST::FUNCTION:
-OCSP_ONEREQ_delete_ext                  3166	EXIST::FUNCTION:
-ASN1_TBOOLEAN_it                        3167	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_TBOOLEAN_it                        3167	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ASN1_item_new                           3168	EXIST::FUNCTION:
-ASN1_TIME_to_generalizedtime            3169	EXIST::FUNCTION:
-BIGNUM_it                               3170	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-BIGNUM_it                               3170	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-AES_cbc_encrypt                         3171	EXIST::FUNCTION:AES
-ENGINE_get_load_privkey_function        3172	EXIST:!VMS:FUNCTION:ENGINE
-ENGINE_get_load_privkey_fn              3172	EXIST:VMS:FUNCTION:ENGINE
-OCSP_RESPONSE_free                      3173	EXIST::FUNCTION:
-UI_method_set_reader                    3174	EXIST::FUNCTION:
-i2d_ASN1_T61STRING                      3175	EXIST::FUNCTION:
-EC_POINT_set_to_infinity                3176	EXIST::FUNCTION:EC
-ERR_load_OCSP_strings                   3177	EXIST::FUNCTION:
-EC_POINT_point2oct                      3178	EXIST::FUNCTION:EC
-KRB5_APREQ_free                         3179	EXIST::FUNCTION:
-ASN1_OBJECT_it                          3180	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_OBJECT_it                          3180	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_crlID_new                          3181	EXIST:!OS2,!VMS:FUNCTION:
-OCSP_crlID2_new                         3181	EXIST:OS2,VMS:FUNCTION:
-CONF_modules_load_file                  3182	EXIST::FUNCTION:
-CONF_imodule_set_usr_data               3183	EXIST::FUNCTION:
-ENGINE_set_default_string               3184	EXIST::FUNCTION:ENGINE
-CONF_module_get_usr_data                3185	EXIST::FUNCTION:
-ASN1_add_oid_module                     3186	EXIST::FUNCTION:
-CONF_modules_finish                     3187	EXIST::FUNCTION:
-OPENSSL_config                          3188	EXIST::FUNCTION:
-CONF_modules_unload                     3189	EXIST::FUNCTION:
-CONF_imodule_get_value                  3190	EXIST::FUNCTION:
-CONF_module_set_usr_data                3191	EXIST::FUNCTION:
-CONF_parse_list                         3192	EXIST::FUNCTION:
-CONF_module_add                         3193	EXIST::FUNCTION:
-CONF_get1_default_config_file           3194	EXIST::FUNCTION:
-CONF_imodule_get_flags                  3195	EXIST::FUNCTION:
-CONF_imodule_get_module                 3196	EXIST::FUNCTION:
-CONF_modules_load                       3197	EXIST::FUNCTION:
-CONF_imodule_get_name                   3198	EXIST::FUNCTION:
-ERR_peek_top_error                      3199	NOEXIST::FUNCTION:
-CONF_imodule_get_usr_data               3200	EXIST::FUNCTION:
-CONF_imodule_set_flags                  3201	EXIST::FUNCTION:
-ENGINE_add_conf_module                  3202	EXIST::FUNCTION:ENGINE
-ERR_peek_last_error_line                3203	EXIST::FUNCTION:
-ERR_peek_last_error_line_data           3204	EXIST::FUNCTION:
-ERR_peek_last_error                     3205	EXIST::FUNCTION:
-DES_read_2passwords                     3206	EXIST::FUNCTION:DES
-DES_read_password                       3207	EXIST::FUNCTION:DES
-UI_UTIL_read_pw                         3208	EXIST::FUNCTION:
-UI_UTIL_read_pw_string                  3209	EXIST::FUNCTION:
-ENGINE_load_aep                         3210	EXIST::FUNCTION:ENGINE,STATIC_ENGINE
-ENGINE_load_sureware                    3211	EXIST::FUNCTION:ENGINE,STATIC_ENGINE
-OPENSSL_add_all_algorithms_noconf       3212	EXIST:!VMS:FUNCTION:
-OPENSSL_add_all_algo_noconf             3212	EXIST:VMS:FUNCTION:
-OPENSSL_add_all_algorithms_conf         3213	EXIST:!VMS:FUNCTION:
-OPENSSL_add_all_algo_conf               3213	EXIST:VMS:FUNCTION:
-OPENSSL_load_builtin_modules            3214	EXIST::FUNCTION:
-AES_ofb128_encrypt                      3215	EXIST::FUNCTION:AES
-AES_ctr128_encrypt                      3216	EXIST::FUNCTION:AES
-AES_cfb128_encrypt                      3217	EXIST::FUNCTION:AES
-ENGINE_load_4758cca                     3218	EXIST::FUNCTION:ENGINE,STATIC_ENGINE
-_ossl_096_des_random_seed               3219	EXIST::FUNCTION:DES
-EVP_aes_256_ofb                         3220	EXIST::FUNCTION:AES
-EVP_aes_192_ofb                         3221	EXIST::FUNCTION:AES
-EVP_aes_128_cfb128                      3222	EXIST::FUNCTION:AES
-EVP_aes_256_cfb128                      3223	EXIST::FUNCTION:AES
-EVP_aes_128_ofb                         3224	EXIST::FUNCTION:AES
-EVP_aes_192_cfb128                      3225	EXIST::FUNCTION:AES
-CONF_modules_free                       3226	EXIST::FUNCTION:
-NCONF_default                           3227	EXIST::FUNCTION:
-OPENSSL_no_config                       3228	EXIST::FUNCTION:
-NCONF_WIN32                             3229	EXIST::FUNCTION:
-ASN1_UNIVERSALSTRING_new                3230	EXIST::FUNCTION:
-EVP_des_ede_ecb                         3231	EXIST::FUNCTION:DES
-i2d_ASN1_UNIVERSALSTRING                3232	EXIST::FUNCTION:
-ASN1_UNIVERSALSTRING_free               3233	EXIST::FUNCTION:
-ASN1_UNIVERSALSTRING_it                 3234	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_UNIVERSALSTRING_it                 3234	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-d2i_ASN1_UNIVERSALSTRING                3235	EXIST::FUNCTION:
-EVP_des_ede3_ecb                        3236	EXIST::FUNCTION:DES
-X509_REQ_print_ex                       3237	EXIST::FUNCTION:BIO
-ENGINE_up_ref                           3238	EXIST::FUNCTION:ENGINE
-BUF_MEM_grow_clean                      3239	EXIST::FUNCTION:
-CRYPTO_realloc_clean                    3240	EXIST::FUNCTION:
-BUF_strlcat                             3241	EXIST::FUNCTION:
-BIO_indent                              3242	EXIST::FUNCTION:
-BUF_strlcpy                             3243	EXIST::FUNCTION:
-OpenSSLDie                              3244	EXIST::FUNCTION:
-OPENSSL_cleanse                         3245	EXIST::FUNCTION:
-ENGINE_setup_bsd_cryptodev              3246	EXIST:__FreeBSD__:FUNCTION:ENGINE
-ERR_release_err_state_table             3247	EXIST::FUNCTION:LHASH
-EVP_aes_128_cfb8                        3248	EXIST::FUNCTION:AES
-FIPS_corrupt_rsa                        3249	NOEXIST::FUNCTION:
-FIPS_selftest_des                       3250	NOEXIST::FUNCTION:
-EVP_aes_128_cfb1                        3251	EXIST::FUNCTION:AES
-EVP_aes_192_cfb8                        3252	EXIST::FUNCTION:AES
-FIPS_mode_set                           3253	EXIST::FUNCTION:
-FIPS_selftest_dsa                       3254	NOEXIST::FUNCTION:
-EVP_aes_256_cfb8                        3255	EXIST::FUNCTION:AES
-FIPS_allow_md5                          3256	NOEXIST::FUNCTION:
-DES_ede3_cfb_encrypt                    3257	EXIST::FUNCTION:DES
-EVP_des_ede3_cfb8                       3258	EXIST::FUNCTION:DES
-FIPS_rand_seeded                        3259	NOEXIST::FUNCTION:
-AES_cfbr_encrypt_block                  3260	NOEXIST::FUNCTION:
-AES_cfb8_encrypt                        3261	EXIST::FUNCTION:AES
-FIPS_rand_seed                          3262	NOEXIST::FUNCTION:
-FIPS_corrupt_des                        3263	NOEXIST::FUNCTION:
-EVP_aes_192_cfb1                        3264	EXIST::FUNCTION:AES
-FIPS_selftest_aes                       3265	NOEXIST::FUNCTION:
-FIPS_set_prng_key                       3266	NOEXIST::FUNCTION:
-EVP_des_cfb8                            3267	EXIST::FUNCTION:DES
-FIPS_corrupt_dsa                        3268	NOEXIST::FUNCTION:
-FIPS_test_mode                          3269	NOEXIST::FUNCTION:
-FIPS_rand_method                        3270	NOEXIST::FUNCTION:
-EVP_aes_256_cfb1                        3271	EXIST::FUNCTION:AES
-ERR_load_FIPS_strings                   3272	NOEXIST::FUNCTION:
-FIPS_corrupt_aes                        3273	NOEXIST::FUNCTION:
-FIPS_selftest_sha1                      3274	NOEXIST::FUNCTION:
-FIPS_selftest_rsa                       3275	NOEXIST::FUNCTION:
-FIPS_corrupt_sha1                       3276	NOEXIST::FUNCTION:
-EVP_des_cfb1                            3277	EXIST::FUNCTION:DES
-FIPS_dsa_check                          3278	NOEXIST::FUNCTION:
-AES_cfb1_encrypt                        3279	EXIST::FUNCTION:AES
-EVP_des_ede3_cfb1                       3280	EXIST::FUNCTION:DES
-FIPS_rand_check                         3281	NOEXIST::FUNCTION:
-FIPS_md5_allowed                        3282	NOEXIST::FUNCTION:
-FIPS_mode                               3283	EXIST::FUNCTION:
-FIPS_selftest_failed                    3284	NOEXIST::FUNCTION:
-sk_is_sorted                            3285	EXIST::FUNCTION:
-X509_check_ca                           3286	EXIST::FUNCTION:
-private_idea_set_encrypt_key            3287	EXIST:OPENSSL_FIPS:FUNCTION:IDEA
-HMAC_CTX_set_flags                      3288	EXIST::FUNCTION:HMAC
-private_SHA_Init                        3289	EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA0
-private_CAST_set_key                    3290	EXIST:OPENSSL_FIPS:FUNCTION:CAST
-private_RIPEMD160_Init                  3291	EXIST:OPENSSL_FIPS:FUNCTION:RIPEMD
-private_RC5_32_set_key                  3292	NOEXIST::FUNCTION:
-private_MD5_Init                        3293	EXIST:OPENSSL_FIPS:FUNCTION:MD5
-private_RC4_set_key                     3294	EXIST::FUNCTION:RC4
-private_MDC2_Init                       3295	EXIST:OPENSSL_FIPS:FUNCTION:MDC2
-private_RC2_set_key                     3296	EXIST:OPENSSL_FIPS:FUNCTION:RC2
-private_MD4_Init                        3297	EXIST:OPENSSL_FIPS:FUNCTION:MD4
-private_BF_set_key                      3298	EXIST:OPENSSL_FIPS:FUNCTION:BF
-private_MD2_Init                        3299	EXIST:OPENSSL_FIPS:FUNCTION:MD2
-d2i_PROXY_CERT_INFO_EXTENSION           3300	EXIST::FUNCTION:
-PROXY_POLICY_it                         3301	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PROXY_POLICY_it                         3301	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-i2d_PROXY_POLICY                        3302	EXIST::FUNCTION:
-i2d_PROXY_CERT_INFO_EXTENSION           3303	EXIST::FUNCTION:
-d2i_PROXY_POLICY                        3304	EXIST::FUNCTION:
-PROXY_CERT_INFO_EXTENSION_new           3305	EXIST::FUNCTION:
-PROXY_CERT_INFO_EXTENSION_free          3306	EXIST::FUNCTION:
-PROXY_CERT_INFO_EXTENSION_it            3307	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PROXY_CERT_INFO_EXTENSION_it            3307	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-PROXY_POLICY_free                       3308	EXIST::FUNCTION:
-PROXY_POLICY_new                        3309	EXIST::FUNCTION:
-BN_MONT_CTX_set_locked                  3310	EXIST::FUNCTION:
-FIPS_selftest_rng                       3311	NOEXIST::FUNCTION:
-EVP_sha384                              3312	EXIST:!VMSVAX:FUNCTION:SHA,SHA512
-EVP_sha512                              3313	EXIST:!VMSVAX:FUNCTION:SHA,SHA512
-EVP_sha224                              3314	EXIST::FUNCTION:SHA,SHA256
-EVP_sha256                              3315	EXIST::FUNCTION:SHA,SHA256
-FIPS_selftest_hmac                      3316	NOEXIST::FUNCTION:
-FIPS_corrupt_rng                        3317	NOEXIST::FUNCTION:
-BN_mod_exp_mont_consttime               3318	EXIST::FUNCTION:
-RSA_X931_hash_id                        3319	EXIST::FUNCTION:RSA
-RSA_padding_check_X931                  3320	EXIST::FUNCTION:RSA
-RSA_verify_PKCS1_PSS                    3321	EXIST::FUNCTION:RSA
-RSA_padding_add_X931                    3322	EXIST::FUNCTION:RSA
-RSA_padding_add_PKCS1_PSS               3323	EXIST::FUNCTION:RSA
-PKCS1_MGF1                              3324	EXIST::FUNCTION:RSA
-BN_X931_generate_Xpq                    3325	EXIST::FUNCTION:
-RSA_X931_generate_key                   3326	NOEXIST::FUNCTION:
-BN_X931_derive_prime                    3327	NOEXIST::FUNCTION:
-BN_X931_generate_prime                  3328	NOEXIST::FUNCTION:
-RSA_X931_derive                         3329	NOEXIST::FUNCTION:
-BIO_new_dgram                           3330	EXIST::FUNCTION:
-BN_get0_nist_prime_384                  3331	EXIST::FUNCTION:
-ERR_set_mark                            3332	EXIST::FUNCTION:
-X509_STORE_CTX_set0_crls                3333	EXIST::FUNCTION:
-ENGINE_set_STORE                        3334	EXIST::FUNCTION:ENGINE
-ENGINE_register_ECDSA                   3335	EXIST::FUNCTION:ENGINE
-STORE_meth_set_list_start_fn            3336	NOEXIST::FUNCTION:
-STORE_method_set_list_start_function    3336	NOEXIST::FUNCTION:
-BN_BLINDING_invert_ex                   3337	EXIST::FUNCTION:
-NAME_CONSTRAINTS_free                   3338	EXIST::FUNCTION:
-STORE_ATTR_INFO_set_number              3339	NOEXIST::FUNCTION:
-BN_BLINDING_get_thread_id               3340	EXIST::FUNCTION:DEPRECATED
-X509_STORE_CTX_set0_param               3341	EXIST::FUNCTION:
-POLICY_MAPPING_it                       3342	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-POLICY_MAPPING_it                       3342	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-STORE_parse_attrs_start                 3343	NOEXIST::FUNCTION:
-POLICY_CONSTRAINTS_free                 3344	EXIST::FUNCTION:
-EVP_PKEY_add1_attr_by_NID               3345	EXIST::FUNCTION:
-BN_nist_mod_192                         3346	EXIST::FUNCTION:
-EC_GROUP_get_trinomial_basis            3347	EXIST::FUNCTION:EC,EC2M
-STORE_set_method                        3348	NOEXIST::FUNCTION:
-GENERAL_SUBTREE_free                    3349	EXIST::FUNCTION:
-NAME_CONSTRAINTS_it                     3350	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-NAME_CONSTRAINTS_it                     3350	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ECDH_get_default_method                 3351	EXIST::FUNCTION:ECDH
-PKCS12_add_safe                         3352	EXIST::FUNCTION:
-EC_KEY_new_by_curve_name                3353	EXIST::FUNCTION:EC
-STORE_meth_get_update_store_fn          3354	NOEXIST::FUNCTION:
-STORE_method_get_update_store_function  3354	NOEXIST::FUNCTION:
-ENGINE_register_ECDH                    3355	EXIST::FUNCTION:ENGINE
-SHA512_Update                           3356	EXIST:!VMSVAX:FUNCTION:SHA,SHA512
-i2d_ECPrivateKey                        3357	EXIST::FUNCTION:EC
-BN_get0_nist_prime_192                  3358	EXIST::FUNCTION:
-STORE_modify_certificate                3359	NOEXIST::FUNCTION:
-EC_POINT_set_affine_coordinates_GF2m    3360	EXIST:!VMS:FUNCTION:EC,EC2M
-EC_POINT_set_affine_coords_GF2m         3360	EXIST:VMS:FUNCTION:EC,EC2M
-BN_GF2m_mod_exp_arr                     3361	EXIST::FUNCTION:EC2M
-STORE_ATTR_INFO_modify_number           3362	NOEXIST::FUNCTION:
-X509_keyid_get0                         3363	EXIST::FUNCTION:
-ENGINE_load_gmp                         3364	EXIST::FUNCTION:ENGINE,GMP,STATIC_ENGINE
-pitem_new                               3365	EXIST::FUNCTION:
-BN_GF2m_mod_mul_arr                     3366	EXIST::FUNCTION:EC2M
-STORE_list_public_key_endp              3367	NOEXIST::FUNCTION:
-o2i_ECPublicKey                         3368	EXIST::FUNCTION:EC
-EC_KEY_copy                             3369	EXIST::FUNCTION:EC
-BIO_dump_fp                             3370	EXIST::FUNCTION:FP_API
-X509_policy_node_get0_parent            3371	EXIST::FUNCTION:
-EC_GROUP_check_discriminant             3372	EXIST::FUNCTION:EC
-i2o_ECPublicKey                         3373	EXIST::FUNCTION:EC
-EC_KEY_precompute_mult                  3374	EXIST::FUNCTION:EC
-a2i_IPADDRESS                           3375	EXIST::FUNCTION:
-STORE_meth_set_initialise_fn            3376	NOEXIST::FUNCTION:
-STORE_method_set_initialise_function    3376	NOEXIST::FUNCTION:
-X509_STORE_CTX_set_depth                3377	EXIST::FUNCTION:
-X509_VERIFY_PARAM_inherit               3378	EXIST::FUNCTION:
-EC_POINT_point2bn                       3379	EXIST::FUNCTION:EC
-STORE_ATTR_INFO_set_dn                  3380	NOEXIST::FUNCTION:
-X509_policy_tree_get0_policies          3381	EXIST::FUNCTION:
-EC_GROUP_new_curve_GF2m                 3382	EXIST::FUNCTION:EC,EC2M
-STORE_destroy_method                    3383	NOEXIST::FUNCTION:
-ENGINE_unregister_STORE                 3384	EXIST::FUNCTION:ENGINE
-EVP_PKEY_get1_EC_KEY                    3385	EXIST::FUNCTION:EC
-STORE_ATTR_INFO_get0_number             3386	NOEXIST::FUNCTION:
-ENGINE_get_default_ECDH                 3387	EXIST::FUNCTION:ENGINE
-EC_KEY_get_conv_form                    3388	EXIST::FUNCTION:EC
-ASN1_OCTET_STRING_NDEF_it               3389	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_OCTET_STRING_NDEF_it               3389	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-STORE_delete_public_key                 3390	NOEXIST::FUNCTION:
-STORE_get_public_key                    3391	NOEXIST::FUNCTION:
-STORE_modify_arbitrary                  3392	NOEXIST::FUNCTION:
-ENGINE_get_static_state                 3393	EXIST::FUNCTION:ENGINE
-pqueue_iterator                         3394	EXIST::FUNCTION:
-ECDSA_SIG_new                           3395	EXIST::FUNCTION:ECDSA
-OPENSSL_DIR_end                         3396	EXIST::FUNCTION:
-BN_GF2m_mod_sqr                         3397	EXIST::FUNCTION:EC2M
-EC_POINT_bn2point                       3398	EXIST::FUNCTION:EC
-X509_VERIFY_PARAM_set_depth             3399	EXIST::FUNCTION:
-EC_KEY_set_asn1_flag                    3400	EXIST::FUNCTION:EC
-STORE_get_method                        3401	NOEXIST::FUNCTION:
-EC_KEY_get_key_method_data              3402	EXIST::FUNCTION:EC
-ECDSA_sign_ex                           3403	EXIST::FUNCTION:ECDSA
-STORE_parse_attrs_end                   3404	NOEXIST::FUNCTION:
-EC_GROUP_get_point_conversion_form      3405	EXIST:!VMS:FUNCTION:EC
-EC_GROUP_get_point_conv_form            3405	EXIST:VMS:FUNCTION:EC
-STORE_method_set_store_function         3406	NOEXIST::FUNCTION:
-STORE_ATTR_INFO_in                      3407	NOEXIST::FUNCTION:
-PEM_read_bio_ECPKParameters             3408	EXIST::FUNCTION:EC
-EC_GROUP_get_pentanomial_basis          3409	EXIST::FUNCTION:EC,EC2M
-EVP_PKEY_add1_attr_by_txt               3410	EXIST::FUNCTION:
-BN_BLINDING_set_flags                   3411	EXIST::FUNCTION:
-X509_VERIFY_PARAM_set1_policies         3412	EXIST::FUNCTION:
-X509_VERIFY_PARAM_set1_name             3413	EXIST::FUNCTION:
-X509_VERIFY_PARAM_set_purpose           3414	EXIST::FUNCTION:
-STORE_get_number                        3415	NOEXIST::FUNCTION:
-ECDSA_sign_setup                        3416	EXIST::FUNCTION:ECDSA
-BN_GF2m_mod_solve_quad_arr              3417	EXIST::FUNCTION:EC2M
-EC_KEY_up_ref                           3418	EXIST::FUNCTION:EC
-POLICY_MAPPING_free                     3419	EXIST::FUNCTION:
-BN_GF2m_mod_div                         3420	EXIST::FUNCTION:EC2M
-X509_VERIFY_PARAM_set_flags             3421	EXIST::FUNCTION:
-EC_KEY_free                             3422	EXIST::FUNCTION:EC
-STORE_meth_set_list_next_fn             3423	NOEXIST::FUNCTION:
-STORE_method_set_list_next_function     3423	NOEXIST::FUNCTION:
-PEM_write_bio_ECPrivateKey              3424	EXIST::FUNCTION:EC
-d2i_EC_PUBKEY                           3425	EXIST::FUNCTION:EC
-STORE_meth_get_generate_fn              3426	NOEXIST::FUNCTION:
-STORE_method_get_generate_function      3426	NOEXIST::FUNCTION:
-STORE_meth_set_list_end_fn              3427	NOEXIST::FUNCTION:
-STORE_method_set_list_end_function      3427	NOEXIST::FUNCTION:
-pqueue_print                            3428	EXIST::FUNCTION:
-EC_GROUP_have_precompute_mult           3429	EXIST::FUNCTION:EC
-EC_KEY_print_fp                         3430	EXIST::FUNCTION:EC,FP_API
-BN_GF2m_mod_arr                         3431	EXIST::FUNCTION:EC2M
-PEM_write_bio_X509_CERT_PAIR            3432	EXIST::FUNCTION:
-EVP_PKEY_cmp                            3433	EXIST::FUNCTION:
-X509_policy_level_node_count            3434	EXIST::FUNCTION:
-STORE_new_engine                        3435	NOEXIST::FUNCTION:
-STORE_list_public_key_start             3436	NOEXIST::FUNCTION:
-X509_VERIFY_PARAM_new                   3437	EXIST::FUNCTION:
-ECDH_get_ex_data                        3438	EXIST::FUNCTION:ECDH
-EVP_PKEY_get_attr                       3439	EXIST::FUNCTION:
-ECDSA_do_sign                           3440	EXIST::FUNCTION:ECDSA
-ENGINE_unregister_ECDH                  3441	EXIST::FUNCTION:ENGINE
-ECDH_OpenSSL                            3442	EXIST::FUNCTION:ECDH
-EC_KEY_set_conv_form                    3443	EXIST::FUNCTION:EC
-EC_POINT_dup                            3444	EXIST::FUNCTION:EC
-GENERAL_SUBTREE_new                     3445	EXIST::FUNCTION:
-STORE_list_crl_endp                     3446	NOEXIST::FUNCTION:
-EC_get_builtin_curves                   3447	EXIST::FUNCTION:EC
-X509_policy_node_get0_qualifiers        3448	EXIST:!VMS:FUNCTION:
-X509_pcy_node_get0_qualifiers           3448	EXIST:VMS:FUNCTION:
-STORE_list_crl_end                      3449	NOEXIST::FUNCTION:
-EVP_PKEY_set1_EC_KEY                    3450	EXIST::FUNCTION:EC
-BN_GF2m_mod_sqrt_arr                    3451	EXIST::FUNCTION:EC2M
-i2d_ECPrivateKey_bio                    3452	EXIST::FUNCTION:BIO,EC
-ECPKParameters_print_fp                 3453	EXIST::FUNCTION:EC,FP_API
-pqueue_find                             3454	EXIST::FUNCTION:
-ECDSA_SIG_free                          3455	EXIST::FUNCTION:ECDSA
-PEM_write_bio_ECPKParameters            3456	EXIST::FUNCTION:EC
-STORE_method_set_ctrl_function          3457	NOEXIST::FUNCTION:
-STORE_list_public_key_end               3458	NOEXIST::FUNCTION:
-EC_KEY_set_private_key                  3459	EXIST::FUNCTION:EC
-pqueue_peek                             3460	EXIST::FUNCTION:
-STORE_get_arbitrary                     3461	NOEXIST::FUNCTION:
-STORE_store_crl                         3462	NOEXIST::FUNCTION:
-X509_policy_node_get0_policy            3463	EXIST::FUNCTION:
-PKCS12_add_safes                        3464	EXIST::FUNCTION:
-BN_BLINDING_convert_ex                  3465	EXIST::FUNCTION:
-X509_policy_tree_free                   3466	EXIST::FUNCTION:
-OPENSSL_ia32cap_loc                     3467	EXIST::FUNCTION:
-BN_GF2m_poly2arr                        3468	EXIST::FUNCTION:EC2M
-STORE_ctrl                              3469	NOEXIST::FUNCTION:
-STORE_ATTR_INFO_compare                 3470	NOEXIST::FUNCTION:
-BN_get0_nist_prime_224                  3471	EXIST::FUNCTION:
-i2d_ECParameters                        3472	EXIST::FUNCTION:EC
-i2d_ECPKParameters                      3473	EXIST::FUNCTION:EC
-BN_GENCB_call                           3474	EXIST::FUNCTION:
-d2i_ECPKParameters                      3475	EXIST::FUNCTION:EC
-STORE_meth_set_generate_fn              3476	NOEXIST::FUNCTION:
-STORE_method_set_generate_function      3476	NOEXIST::FUNCTION:
-ENGINE_set_ECDH                         3477	EXIST::FUNCTION:ENGINE
-NAME_CONSTRAINTS_new                    3478	EXIST::FUNCTION:
-SHA256_Init                             3479	EXIST::FUNCTION:SHA,SHA256
-EC_KEY_get0_public_key                  3480	EXIST::FUNCTION:EC
-PEM_write_bio_EC_PUBKEY                 3481	EXIST::FUNCTION:EC
-STORE_ATTR_INFO_set_cstr                3482	NOEXIST::FUNCTION:
-STORE_list_crl_next                     3483	NOEXIST::FUNCTION:
-STORE_ATTR_INFO_in_range                3484	NOEXIST::FUNCTION:
-ECParameters_print                      3485	EXIST::FUNCTION:BIO,EC
-STORE_meth_set_delete_fn                3486	NOEXIST::FUNCTION:
-STORE_method_set_delete_function        3486	NOEXIST::FUNCTION:
-STORE_list_certificate_next             3487	NOEXIST::FUNCTION:
-ASN1_generate_nconf                     3488	EXIST::FUNCTION:
-BUF_memdup                              3489	EXIST::FUNCTION:
-BN_GF2m_mod_mul                         3490	EXIST::FUNCTION:EC2M
-STORE_meth_get_list_next_fn             3491	NOEXIST::FUNCTION:
-STORE_method_get_list_next_function     3491	NOEXIST::FUNCTION:
-STORE_ATTR_INFO_get0_dn                 3492	NOEXIST::FUNCTION:
-STORE_list_private_key_next             3493	NOEXIST::FUNCTION:
-EC_GROUP_set_seed                       3494	EXIST::FUNCTION:EC
-X509_VERIFY_PARAM_set_trust             3495	EXIST::FUNCTION:
-STORE_ATTR_INFO_free                    3496	NOEXIST::FUNCTION:
-STORE_get_private_key                   3497	NOEXIST::FUNCTION:
-EVP_PKEY_get_attr_count                 3498	EXIST::FUNCTION:
-STORE_ATTR_INFO_new                     3499	NOEXIST::FUNCTION:
-EC_GROUP_get_curve_GF2m                 3500	EXIST::FUNCTION:EC,EC2M
-STORE_meth_set_revoke_fn                3501	NOEXIST::FUNCTION:
-STORE_method_set_revoke_function        3501	NOEXIST::FUNCTION:
-STORE_store_number                      3502	NOEXIST::FUNCTION:
-BN_is_prime_ex                          3503	EXIST::FUNCTION:
-STORE_revoke_public_key                 3504	NOEXIST::FUNCTION:
-X509_STORE_CTX_get0_param               3505	EXIST::FUNCTION:
-STORE_delete_arbitrary                  3506	NOEXIST::FUNCTION:
-PEM_read_X509_CERT_PAIR                 3507	EXIST:!WIN16:FUNCTION:
-X509_STORE_set_depth                    3508	EXIST::FUNCTION:
-ECDSA_get_ex_data                       3509	EXIST::FUNCTION:ECDSA
-SHA224                                  3510	EXIST::FUNCTION:SHA,SHA256
-BIO_dump_indent_fp                      3511	EXIST::FUNCTION:FP_API
-EC_KEY_set_group                        3512	EXIST::FUNCTION:EC
-BUF_strndup                             3513	EXIST::FUNCTION:
-STORE_list_certificate_start            3514	NOEXIST::FUNCTION:
-BN_GF2m_mod                             3515	EXIST::FUNCTION:EC2M
-X509_REQ_check_private_key              3516	EXIST::FUNCTION:
-EC_GROUP_get_seed_len                   3517	EXIST::FUNCTION:EC
-ERR_load_STORE_strings                  3518	NOEXIST::FUNCTION:
-PEM_read_bio_EC_PUBKEY                  3519	EXIST::FUNCTION:EC
-STORE_list_private_key_end              3520	NOEXIST::FUNCTION:
-i2d_EC_PUBKEY                           3521	EXIST::FUNCTION:EC
-ECDSA_get_default_method                3522	EXIST::FUNCTION:ECDSA
-ASN1_put_eoc                            3523	EXIST::FUNCTION:
-X509_STORE_CTX_get_explicit_policy      3524	EXIST:!VMS:FUNCTION:
-X509_STORE_CTX_get_expl_policy          3524	EXIST:VMS:FUNCTION:
-X509_VERIFY_PARAM_table_cleanup         3525	EXIST::FUNCTION:
-STORE_modify_private_key                3526	NOEXIST::FUNCTION:
-X509_VERIFY_PARAM_free                  3527	EXIST::FUNCTION:
-EC_METHOD_get_field_type                3528	EXIST::FUNCTION:EC
-EC_GFp_nist_method                      3529	EXIST::FUNCTION:EC
-STORE_meth_set_modify_fn                3530	NOEXIST::FUNCTION:
-STORE_method_set_modify_function        3530	NOEXIST::FUNCTION:
-STORE_parse_attrs_next                  3531	NOEXIST::FUNCTION:
-ENGINE_load_padlock                     3532	EXIST::FUNCTION:ENGINE,STATIC_ENGINE
-EC_GROUP_set_curve_name                 3533	EXIST::FUNCTION:EC
-X509_CERT_PAIR_it                       3534	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_CERT_PAIR_it                       3534	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-STORE_meth_get_revoke_fn                3535	NOEXIST::FUNCTION:
-STORE_method_get_revoke_function        3535	NOEXIST::FUNCTION:
-STORE_method_set_get_function           3536	NOEXIST::FUNCTION:
-STORE_modify_number                     3537	NOEXIST::FUNCTION:
-STORE_method_get_store_function         3538	NOEXIST::FUNCTION:
-STORE_store_private_key                 3539	NOEXIST::FUNCTION:
-BN_GF2m_mod_sqr_arr                     3540	EXIST::FUNCTION:EC2M
-RSA_setup_blinding                      3541	EXIST::FUNCTION:RSA
-BIO_s_datagram                          3542	EXIST::FUNCTION:DGRAM
-STORE_Memory                            3543	NOEXIST::FUNCTION:
-sk_find_ex                              3544	EXIST::FUNCTION:
-EC_GROUP_set_curve_GF2m                 3545	EXIST::FUNCTION:EC,EC2M
-ENGINE_set_default_ECDSA                3546	EXIST::FUNCTION:ENGINE
-POLICY_CONSTRAINTS_new                  3547	EXIST::FUNCTION:
-BN_GF2m_mod_sqrt                        3548	EXIST::FUNCTION:EC2M
-ECDH_set_default_method                 3549	EXIST::FUNCTION:ECDH
-EC_KEY_generate_key                     3550	EXIST::FUNCTION:EC
-SHA384_Update                           3551	EXIST:!VMSVAX:FUNCTION:SHA,SHA512
-BN_GF2m_arr2poly                        3552	EXIST::FUNCTION:EC2M
-STORE_method_get_get_function           3553	NOEXIST::FUNCTION:
-STORE_meth_set_cleanup_fn               3554	NOEXIST::FUNCTION:
-STORE_method_set_cleanup_function       3554	NOEXIST::FUNCTION:
-EC_GROUP_check                          3555	EXIST::FUNCTION:EC
-d2i_ECPrivateKey_bio                    3556	EXIST::FUNCTION:BIO,EC
-EC_KEY_insert_key_method_data           3557	EXIST::FUNCTION:EC
-STORE_meth_get_lock_store_fn            3558	NOEXIST::FUNCTION:
-STORE_method_get_lock_store_function    3558	NOEXIST::FUNCTION:
-X509_VERIFY_PARAM_get_depth             3559	EXIST::FUNCTION:
-SHA224_Final                            3560	EXIST::FUNCTION:SHA,SHA256
-STORE_meth_set_update_store_fn          3561	NOEXIST::FUNCTION:
-STORE_method_set_update_store_function  3561	NOEXIST::FUNCTION:
-SHA224_Update                           3562	EXIST::FUNCTION:SHA,SHA256
-d2i_ECPrivateKey                        3563	EXIST::FUNCTION:EC
-ASN1_item_ndef_i2d                      3564	EXIST::FUNCTION:
-STORE_delete_private_key                3565	NOEXIST::FUNCTION:
-ERR_pop_to_mark                         3566	EXIST::FUNCTION:
-ENGINE_register_all_STORE               3567	EXIST::FUNCTION:ENGINE
-X509_policy_level_get0_node             3568	EXIST::FUNCTION:
-i2d_PKCS7_NDEF                          3569	EXIST::FUNCTION:
-EC_GROUP_get_degree                     3570	EXIST::FUNCTION:EC
-ASN1_generate_v3                        3571	EXIST::FUNCTION:
-STORE_ATTR_INFO_modify_cstr             3572	NOEXIST::FUNCTION:
-X509_policy_tree_level_count            3573	EXIST::FUNCTION:
-BN_GF2m_add                             3574	EXIST::FUNCTION:EC2M
-EC_KEY_get0_group                       3575	EXIST::FUNCTION:EC
-STORE_generate_crl                      3576	NOEXIST::FUNCTION:
-STORE_store_public_key                  3577	NOEXIST::FUNCTION:
-X509_CERT_PAIR_free                     3578	EXIST::FUNCTION:
-STORE_revoke_private_key                3579	NOEXIST::FUNCTION:
-BN_nist_mod_224                         3580	EXIST::FUNCTION:
-SHA512_Final                            3581	EXIST:!VMSVAX:FUNCTION:SHA,SHA512
-STORE_ATTR_INFO_modify_dn               3582	NOEXIST::FUNCTION:
-STORE_meth_get_initialise_fn            3583	NOEXIST::FUNCTION:
-STORE_method_get_initialise_function    3583	NOEXIST::FUNCTION:
-STORE_delete_number                     3584	NOEXIST::FUNCTION:
-i2d_EC_PUBKEY_bio                       3585	EXIST::FUNCTION:BIO,EC
-BIO_dgram_non_fatal_error               3586	EXIST::FUNCTION:
-EC_GROUP_get_asn1_flag                  3587	EXIST::FUNCTION:EC
-STORE_ATTR_INFO_in_ex                   3588	NOEXIST::FUNCTION:
-STORE_list_crl_start                    3589	NOEXIST::FUNCTION:
-ECDH_get_ex_new_index                   3590	EXIST::FUNCTION:ECDH
-STORE_meth_get_modify_fn                3591	NOEXIST::FUNCTION:
-STORE_method_get_modify_function        3591	NOEXIST::FUNCTION:
-v2i_ASN1_BIT_STRING                     3592	EXIST::FUNCTION:
-STORE_store_certificate                 3593	NOEXIST::FUNCTION:
-OBJ_bsearch_ex                          3594	NOEXIST::FUNCTION:
-X509_STORE_CTX_set_default              3595	EXIST::FUNCTION:
-STORE_ATTR_INFO_set_sha1str             3596	NOEXIST::FUNCTION:
-BN_GF2m_mod_inv                         3597	EXIST::FUNCTION:EC2M
-BN_GF2m_mod_exp                         3598	EXIST::FUNCTION:EC2M
-STORE_modify_public_key                 3599	NOEXIST::FUNCTION:
-STORE_meth_get_list_start_fn            3600	NOEXIST::FUNCTION:
-STORE_method_get_list_start_function    3600	NOEXIST::FUNCTION:
-EC_GROUP_get0_seed                      3601	EXIST::FUNCTION:EC
-STORE_store_arbitrary                   3602	NOEXIST::FUNCTION:
-STORE_meth_set_unlock_store_fn          3603	NOEXIST::FUNCTION:
-STORE_method_set_unlock_store_function  3603	NOEXIST::FUNCTION:
-BN_GF2m_mod_div_arr                     3604	EXIST::FUNCTION:EC2M
-ENGINE_set_ECDSA                        3605	EXIST::FUNCTION:ENGINE
-STORE_create_method                     3606	NOEXIST::FUNCTION:
-ECPKParameters_print                    3607	EXIST::FUNCTION:BIO,EC
-EC_KEY_get0_private_key                 3608	EXIST::FUNCTION:EC
-PEM_write_EC_PUBKEY                     3609	EXIST:!WIN16:FUNCTION:EC
-X509_VERIFY_PARAM_set1                  3610	EXIST::FUNCTION:
-ECDH_set_method                         3611	EXIST::FUNCTION:ECDH
-v2i_GENERAL_NAME_ex                     3612	EXIST::FUNCTION:
-ECDH_set_ex_data                        3613	EXIST::FUNCTION:ECDH
-STORE_generate_key                      3614	NOEXIST::FUNCTION:
-BN_nist_mod_521                         3615	EXIST::FUNCTION:
-X509_policy_tree_get0_level             3616	EXIST::FUNCTION:
-EC_GROUP_set_point_conversion_form      3617	EXIST:!VMS:FUNCTION:EC
-EC_GROUP_set_point_conv_form            3617	EXIST:VMS:FUNCTION:EC
-PEM_read_EC_PUBKEY                      3618	EXIST:!WIN16:FUNCTION:EC
-i2d_ECDSA_SIG                           3619	EXIST::FUNCTION:ECDSA
-ECDSA_OpenSSL                           3620	EXIST::FUNCTION:ECDSA
-STORE_delete_crl                        3621	NOEXIST::FUNCTION:
-EC_KEY_get_enc_flags                    3622	EXIST::FUNCTION:EC
-ASN1_const_check_infinite_end           3623	EXIST::FUNCTION:
-EVP_PKEY_delete_attr                    3624	EXIST::FUNCTION:
-ECDSA_set_default_method                3625	EXIST::FUNCTION:ECDSA
-EC_POINT_set_compressed_coordinates_GF2m 3626	EXIST:!VMS:FUNCTION:EC,EC2M
-EC_POINT_set_compr_coords_GF2m          3626	EXIST:VMS:FUNCTION:EC,EC2M
-EC_GROUP_cmp                            3627	EXIST::FUNCTION:EC
-STORE_revoke_certificate                3628	NOEXIST::FUNCTION:
-BN_get0_nist_prime_256                  3629	EXIST::FUNCTION:
-STORE_meth_get_delete_fn                3630	NOEXIST::FUNCTION:
-STORE_method_get_delete_function        3630	NOEXIST::FUNCTION:
-SHA224_Init                             3631	EXIST::FUNCTION:SHA,SHA256
-PEM_read_ECPrivateKey                   3632	EXIST:!WIN16:FUNCTION:EC
-SHA512_Init                             3633	EXIST:!VMSVAX:FUNCTION:SHA,SHA512
-STORE_parse_attrs_endp                  3634	NOEXIST::FUNCTION:
-BN_set_negative                         3635	EXIST::FUNCTION:
-ERR_load_ECDSA_strings                  3636	EXIST::FUNCTION:ECDSA
-EC_GROUP_get_basis_type                 3637	EXIST::FUNCTION:EC
-STORE_list_public_key_next              3638	NOEXIST::FUNCTION:
-i2v_ASN1_BIT_STRING                     3639	EXIST::FUNCTION:
-STORE_OBJECT_free                       3640	NOEXIST::FUNCTION:
-BN_nist_mod_384                         3641	EXIST::FUNCTION:
-i2d_X509_CERT_PAIR                      3642	EXIST::FUNCTION:
-PEM_write_ECPKParameters                3643	EXIST:!WIN16:FUNCTION:EC
-ECDH_compute_key                        3644	EXIST::FUNCTION:ECDH
-STORE_ATTR_INFO_get0_sha1str            3645	NOEXIST::FUNCTION:
-ENGINE_register_all_ECDH                3646	EXIST::FUNCTION:ENGINE
-pqueue_pop                              3647	EXIST::FUNCTION:
-STORE_ATTR_INFO_get0_cstr               3648	NOEXIST::FUNCTION:
-POLICY_CONSTRAINTS_it                   3649	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-POLICY_CONSTRAINTS_it                   3649	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-STORE_get_ex_new_index                  3650	NOEXIST::FUNCTION:
-EVP_PKEY_get_attr_by_OBJ                3651	EXIST::FUNCTION:
-X509_VERIFY_PARAM_add0_policy           3652	EXIST::FUNCTION:
-BN_GF2m_mod_solve_quad                  3653	EXIST::FUNCTION:EC2M
-SHA256                                  3654	EXIST::FUNCTION:SHA,SHA256
-i2d_ECPrivateKey_fp                     3655	EXIST::FUNCTION:EC,FP_API
-X509_policy_tree_get0_user_policies     3656	EXIST:!VMS:FUNCTION:
-X509_pcy_tree_get0_usr_policies         3656	EXIST:VMS:FUNCTION:
-OPENSSL_DIR_read                        3657	EXIST::FUNCTION:
-ENGINE_register_all_ECDSA               3658	EXIST::FUNCTION:ENGINE
-X509_VERIFY_PARAM_lookup                3659	EXIST::FUNCTION:
-EC_POINT_get_affine_coordinates_GF2m    3660	EXIST:!VMS:FUNCTION:EC,EC2M
-EC_POINT_get_affine_coords_GF2m         3660	EXIST:VMS:FUNCTION:EC,EC2M
-EC_GROUP_dup                            3661	EXIST::FUNCTION:EC
-ENGINE_get_default_ECDSA                3662	EXIST::FUNCTION:ENGINE
-EC_KEY_new                              3663	EXIST::FUNCTION:EC
-SHA256_Transform                        3664	EXIST::FUNCTION:SHA,SHA256
-EC_KEY_set_enc_flags                    3665	EXIST::FUNCTION:EC
-ECDSA_verify                            3666	EXIST::FUNCTION:ECDSA
-EC_POINT_point2hex                      3667	EXIST::FUNCTION:EC
-ENGINE_get_STORE                        3668	EXIST::FUNCTION:ENGINE
-SHA512                                  3669	EXIST:!VMSVAX:FUNCTION:SHA,SHA512
-STORE_get_certificate                   3670	NOEXIST::FUNCTION:
-ECDSA_do_sign_ex                        3671	EXIST::FUNCTION:ECDSA
-ECDSA_do_verify                         3672	EXIST::FUNCTION:ECDSA
-d2i_ECPrivateKey_fp                     3673	EXIST::FUNCTION:EC,FP_API
-STORE_delete_certificate                3674	NOEXIST::FUNCTION:
-SHA512_Transform                        3675	EXIST:!VMSVAX:FUNCTION:SHA,SHA512
-X509_STORE_set1_param                   3676	EXIST::FUNCTION:
-STORE_method_get_ctrl_function          3677	NOEXIST::FUNCTION:
-STORE_free                              3678	NOEXIST::FUNCTION:
-PEM_write_ECPrivateKey                  3679	EXIST:!WIN16:FUNCTION:EC
-STORE_meth_get_unlock_store_fn          3680	NOEXIST::FUNCTION:
-STORE_method_get_unlock_store_function  3680	NOEXIST::FUNCTION:
-STORE_get_ex_data                       3681	NOEXIST::FUNCTION:
-EC_KEY_set_public_key                   3682	EXIST::FUNCTION:EC
-PEM_read_ECPKParameters                 3683	EXIST:!WIN16:FUNCTION:EC
-X509_CERT_PAIR_new                      3684	EXIST::FUNCTION:
-ENGINE_register_STORE                   3685	EXIST::FUNCTION:ENGINE
-RSA_generate_key_ex                     3686	EXIST::FUNCTION:RSA
-DSA_generate_parameters_ex              3687	EXIST::FUNCTION:DSA
-ECParameters_print_fp                   3688	EXIST::FUNCTION:EC,FP_API
-X509V3_NAME_from_section                3689	EXIST::FUNCTION:
-EVP_PKEY_add1_attr                      3690	EXIST::FUNCTION:
-STORE_modify_crl                        3691	NOEXIST::FUNCTION:
-STORE_list_private_key_start            3692	NOEXIST::FUNCTION:
-POLICY_MAPPINGS_it                      3693	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-POLICY_MAPPINGS_it                      3693	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-GENERAL_SUBTREE_it                      3694	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-GENERAL_SUBTREE_it                      3694	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EC_GROUP_get_curve_name                 3695	EXIST::FUNCTION:EC
-PEM_write_X509_CERT_PAIR                3696	EXIST:!WIN16:FUNCTION:
-BIO_dump_indent_cb                      3697	EXIST::FUNCTION:
-d2i_X509_CERT_PAIR                      3698	EXIST::FUNCTION:
-STORE_list_private_key_endp             3699	NOEXIST::FUNCTION:
-asn1_const_Finish                       3700	EXIST::FUNCTION:
-i2d_EC_PUBKEY_fp                        3701	EXIST::FUNCTION:EC,FP_API
-BN_nist_mod_256                         3702	EXIST::FUNCTION:
-X509_VERIFY_PARAM_add0_table            3703	EXIST::FUNCTION:
-pqueue_free                             3704	EXIST::FUNCTION:
-BN_BLINDING_create_param                3705	EXIST::FUNCTION:
-ECDSA_size                              3706	EXIST::FUNCTION:ECDSA
-d2i_EC_PUBKEY_bio                       3707	EXIST::FUNCTION:BIO,EC
-BN_get0_nist_prime_521                  3708	EXIST::FUNCTION:
-STORE_ATTR_INFO_modify_sha1str          3709	NOEXIST::FUNCTION:
-BN_generate_prime_ex                    3710	EXIST::FUNCTION:
-EC_GROUP_new_by_curve_name              3711	EXIST::FUNCTION:EC
-SHA256_Final                            3712	EXIST::FUNCTION:SHA,SHA256
-DH_generate_parameters_ex               3713	EXIST::FUNCTION:DH
-PEM_read_bio_ECPrivateKey               3714	EXIST::FUNCTION:EC
-STORE_meth_get_cleanup_fn               3715	NOEXIST::FUNCTION:
-STORE_method_get_cleanup_function       3715	NOEXIST::FUNCTION:
-ENGINE_get_ECDH                         3716	EXIST::FUNCTION:ENGINE
-d2i_ECDSA_SIG                           3717	EXIST::FUNCTION:ECDSA
-BN_is_prime_fasttest_ex                 3718	EXIST::FUNCTION:
-ECDSA_sign                              3719	EXIST::FUNCTION:ECDSA
-X509_policy_check                       3720	EXIST::FUNCTION:
-EVP_PKEY_get_attr_by_NID                3721	EXIST::FUNCTION:
-STORE_set_ex_data                       3722	NOEXIST::FUNCTION:
-ENGINE_get_ECDSA                        3723	EXIST::FUNCTION:ENGINE
-EVP_ecdsa                               3724	EXIST::FUNCTION:SHA
-BN_BLINDING_get_flags                   3725	EXIST::FUNCTION:
-PKCS12_add_cert                         3726	EXIST::FUNCTION:
-STORE_OBJECT_new                        3727	NOEXIST::FUNCTION:
-ERR_load_ECDH_strings                   3728	EXIST::FUNCTION:ECDH
-EC_KEY_dup                              3729	EXIST::FUNCTION:EC
-EVP_CIPHER_CTX_rand_key                 3730	EXIST::FUNCTION:
-ECDSA_set_method                        3731	EXIST::FUNCTION:ECDSA
-a2i_IPADDRESS_NC                        3732	EXIST::FUNCTION:
-d2i_ECParameters                        3733	EXIST::FUNCTION:EC
-STORE_list_certificate_end              3734	NOEXIST::FUNCTION:
-STORE_get_crl                           3735	NOEXIST::FUNCTION:
-X509_POLICY_NODE_print                  3736	EXIST::FUNCTION:
-SHA384_Init                             3737	EXIST:!VMSVAX:FUNCTION:SHA,SHA512
-EC_GF2m_simple_method                   3738	EXIST::FUNCTION:EC,EC2M
-ECDSA_set_ex_data                       3739	EXIST::FUNCTION:ECDSA
-SHA384_Final                            3740	EXIST:!VMSVAX:FUNCTION:SHA,SHA512
-PKCS7_set_digest                        3741	EXIST::FUNCTION:
-EC_KEY_print                            3742	EXIST::FUNCTION:BIO,EC
-STORE_meth_set_lock_store_fn            3743	NOEXIST::FUNCTION:
-STORE_method_set_lock_store_function    3743	NOEXIST::FUNCTION:
-ECDSA_get_ex_new_index                  3744	EXIST::FUNCTION:ECDSA
-SHA384                                  3745	EXIST:!VMSVAX:FUNCTION:SHA,SHA512
-POLICY_MAPPING_new                      3746	EXIST::FUNCTION:
-STORE_list_certificate_endp             3747	NOEXIST::FUNCTION:
-X509_STORE_CTX_get0_policy_tree         3748	EXIST::FUNCTION:
-EC_GROUP_set_asn1_flag                  3749	EXIST::FUNCTION:EC
-EC_KEY_check_key                        3750	EXIST::FUNCTION:EC
-d2i_EC_PUBKEY_fp                        3751	EXIST::FUNCTION:EC,FP_API
-PKCS7_set0_type_other                   3752	EXIST::FUNCTION:
-PEM_read_bio_X509_CERT_PAIR             3753	EXIST::FUNCTION:
-pqueue_next                             3754	EXIST::FUNCTION:
-STORE_meth_get_list_end_fn              3755	NOEXIST::FUNCTION:
-STORE_method_get_list_end_function      3755	NOEXIST::FUNCTION:
-EVP_PKEY_add1_attr_by_OBJ               3756	EXIST::FUNCTION:
-X509_VERIFY_PARAM_set_time              3757	EXIST::FUNCTION:
-pqueue_new                              3758	EXIST::FUNCTION:
-ENGINE_set_default_ECDH                 3759	EXIST::FUNCTION:ENGINE
-STORE_new_method                        3760	NOEXIST::FUNCTION:
-PKCS12_add_key                          3761	EXIST::FUNCTION:
-DSO_merge                               3762	EXIST::FUNCTION:
-EC_POINT_hex2point                      3763	EXIST::FUNCTION:EC
-BIO_dump_cb                             3764	EXIST::FUNCTION:
-SHA256_Update                           3765	EXIST::FUNCTION:SHA,SHA256
-pqueue_insert                           3766	EXIST::FUNCTION:
-pitem_free                              3767	EXIST::FUNCTION:
-BN_GF2m_mod_inv_arr                     3768	EXIST::FUNCTION:EC2M
-ENGINE_unregister_ECDSA                 3769	EXIST::FUNCTION:ENGINE
-BN_BLINDING_set_thread_id               3770	EXIST::FUNCTION:DEPRECATED
-get_rfc3526_prime_8192                  3771	EXIST::FUNCTION:
-X509_VERIFY_PARAM_clear_flags           3772	EXIST::FUNCTION:
-get_rfc2409_prime_1024                  3773	EXIST::FUNCTION:
-DH_check_pub_key                        3774	EXIST::FUNCTION:DH
-get_rfc3526_prime_2048                  3775	EXIST::FUNCTION:
-get_rfc3526_prime_6144                  3776	EXIST::FUNCTION:
-get_rfc3526_prime_1536                  3777	EXIST::FUNCTION:
-get_rfc3526_prime_3072                  3778	EXIST::FUNCTION:
-get_rfc3526_prime_4096                  3779	EXIST::FUNCTION:
-get_rfc2409_prime_768                   3780	EXIST::FUNCTION:
-X509_VERIFY_PARAM_get_flags             3781	EXIST::FUNCTION:
-EVP_CIPHER_CTX_new                      3782	EXIST::FUNCTION:
-EVP_CIPHER_CTX_free                     3783	EXIST::FUNCTION:
-Camellia_cbc_encrypt                    3784	EXIST::FUNCTION:CAMELLIA
-Camellia_cfb128_encrypt                 3785	EXIST::FUNCTION:CAMELLIA
-Camellia_cfb1_encrypt                   3786	EXIST::FUNCTION:CAMELLIA
-Camellia_cfb8_encrypt                   3787	EXIST::FUNCTION:CAMELLIA
-Camellia_ctr128_encrypt                 3788	EXIST::FUNCTION:CAMELLIA
-Camellia_cfbr_encrypt_block             3789	NOEXIST::FUNCTION:
-Camellia_decrypt                        3790	EXIST::FUNCTION:CAMELLIA
-Camellia_ecb_encrypt                    3791	EXIST::FUNCTION:CAMELLIA
-Camellia_encrypt                        3792	EXIST::FUNCTION:CAMELLIA
-Camellia_ofb128_encrypt                 3793	EXIST::FUNCTION:CAMELLIA
-Camellia_set_key                        3794	EXIST::FUNCTION:CAMELLIA
-EVP_camellia_128_cbc                    3795	EXIST::FUNCTION:CAMELLIA
-EVP_camellia_128_cfb128                 3796	EXIST::FUNCTION:CAMELLIA
-EVP_camellia_128_cfb1                   3797	EXIST::FUNCTION:CAMELLIA
-EVP_camellia_128_cfb8                   3798	EXIST::FUNCTION:CAMELLIA
-EVP_camellia_128_ecb                    3799	EXIST::FUNCTION:CAMELLIA
-EVP_camellia_128_ofb                    3800	EXIST::FUNCTION:CAMELLIA
-EVP_camellia_192_cbc                    3801	EXIST::FUNCTION:CAMELLIA
-EVP_camellia_192_cfb128                 3802	EXIST::FUNCTION:CAMELLIA
-EVP_camellia_192_cfb1                   3803	EXIST::FUNCTION:CAMELLIA
-EVP_camellia_192_cfb8                   3804	EXIST::FUNCTION:CAMELLIA
-EVP_camellia_192_ecb                    3805	EXIST::FUNCTION:CAMELLIA
-EVP_camellia_192_ofb                    3806	EXIST::FUNCTION:CAMELLIA
-EVP_camellia_256_cbc                    3807	EXIST::FUNCTION:CAMELLIA
-EVP_camellia_256_cfb128                 3808	EXIST::FUNCTION:CAMELLIA
-EVP_camellia_256_cfb1                   3809	EXIST::FUNCTION:CAMELLIA
-EVP_camellia_256_cfb8                   3810	EXIST::FUNCTION:CAMELLIA
-EVP_camellia_256_ecb                    3811	EXIST::FUNCTION:CAMELLIA
-EVP_camellia_256_ofb                    3812	EXIST::FUNCTION:CAMELLIA
-a2i_ipadd                               3813	EXIST::FUNCTION:
-ASIdentifiers_free                      3814	EXIST::FUNCTION:RFC3779
-i2d_ASIdOrRange                         3815	EXIST::FUNCTION:RFC3779
-EVP_CIPHER_block_size                   3816	EXIST::FUNCTION:
-v3_asid_is_canonical                    3817	EXIST::FUNCTION:RFC3779
-IPAddressChoice_free                    3818	EXIST::FUNCTION:RFC3779
-EVP_CIPHER_CTX_set_app_data             3819	EXIST::FUNCTION:
-BIO_set_callback_arg                    3820	EXIST::FUNCTION:
-v3_addr_add_prefix                      3821	EXIST::FUNCTION:RFC3779
-IPAddressOrRange_it                     3822	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
-IPAddressOrRange_it                     3822	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
-BIO_set_flags                           3823	EXIST::FUNCTION:
-ASIdentifiers_it                        3824	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
-ASIdentifiers_it                        3824	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
-v3_addr_get_range                       3825	EXIST::FUNCTION:RFC3779
-BIO_method_type                         3826	EXIST::FUNCTION:
-v3_addr_inherits                        3827	EXIST::FUNCTION:RFC3779
-IPAddressChoice_it                      3828	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
-IPAddressChoice_it                      3828	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
-AES_ige_encrypt                         3829	EXIST::FUNCTION:AES
-v3_addr_add_range                       3830	EXIST::FUNCTION:RFC3779
-EVP_CIPHER_CTX_nid                      3831	EXIST::FUNCTION:
-d2i_ASRange                             3832	EXIST::FUNCTION:RFC3779
-v3_addr_add_inherit                     3833	EXIST::FUNCTION:RFC3779
-v3_asid_add_id_or_range                 3834	EXIST::FUNCTION:RFC3779
-v3_addr_validate_resource_set           3835	EXIST::FUNCTION:RFC3779
-EVP_CIPHER_iv_length                    3836	EXIST::FUNCTION:
-EVP_MD_type                             3837	EXIST::FUNCTION:
-v3_asid_canonize                        3838	EXIST::FUNCTION:RFC3779
-IPAddressRange_free                     3839	EXIST::FUNCTION:RFC3779
-v3_asid_add_inherit                     3840	EXIST::FUNCTION:RFC3779
-EVP_CIPHER_CTX_key_length               3841	EXIST::FUNCTION:
-IPAddressRange_new                      3842	EXIST::FUNCTION:RFC3779
-ASIdOrRange_new                         3843	EXIST::FUNCTION:RFC3779
-EVP_MD_size                             3844	EXIST::FUNCTION:
-EVP_MD_CTX_test_flags                   3845	EXIST::FUNCTION:
-BIO_clear_flags                         3846	EXIST::FUNCTION:
-i2d_ASRange                             3847	EXIST::FUNCTION:RFC3779
-IPAddressRange_it                       3848	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
-IPAddressRange_it                       3848	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
-IPAddressChoice_new                     3849	EXIST::FUNCTION:RFC3779
-ASIdentifierChoice_new                  3850	EXIST::FUNCTION:RFC3779
-ASRange_free                            3851	EXIST::FUNCTION:RFC3779
-EVP_MD_pkey_type                        3852	EXIST::FUNCTION:
-EVP_MD_CTX_clear_flags                  3853	EXIST::FUNCTION:
-IPAddressFamily_free                    3854	EXIST::FUNCTION:RFC3779
-i2d_IPAddressFamily                     3855	EXIST::FUNCTION:RFC3779
-IPAddressOrRange_new                    3856	EXIST::FUNCTION:RFC3779
-EVP_CIPHER_flags                        3857	EXIST::FUNCTION:
-v3_asid_validate_resource_set           3858	EXIST::FUNCTION:RFC3779
-d2i_IPAddressRange                      3859	EXIST::FUNCTION:RFC3779
-AES_bi_ige_encrypt                      3860	EXIST::FUNCTION:AES
-BIO_get_callback                        3861	EXIST::FUNCTION:
-IPAddressOrRange_free                   3862	EXIST::FUNCTION:RFC3779
-v3_addr_subset                          3863	EXIST::FUNCTION:RFC3779
-d2i_IPAddressFamily                     3864	EXIST::FUNCTION:RFC3779
-v3_asid_subset                          3865	EXIST::FUNCTION:RFC3779
-BIO_test_flags                          3866	EXIST::FUNCTION:
-i2d_ASIdentifierChoice                  3867	EXIST::FUNCTION:RFC3779
-ASRange_it                              3868	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
-ASRange_it                              3868	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
-d2i_ASIdentifiers                       3869	EXIST::FUNCTION:RFC3779
-ASRange_new                             3870	EXIST::FUNCTION:RFC3779
-d2i_IPAddressChoice                     3871	EXIST::FUNCTION:RFC3779
-v3_addr_get_afi                         3872	EXIST::FUNCTION:RFC3779
-EVP_CIPHER_key_length                   3873	EXIST::FUNCTION:
-EVP_Cipher                              3874	EXIST::FUNCTION:
-i2d_IPAddressOrRange                    3875	EXIST::FUNCTION:RFC3779
-ASIdOrRange_it                          3876	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
-ASIdOrRange_it                          3876	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
-EVP_CIPHER_nid                          3877	EXIST::FUNCTION:
-i2d_IPAddressChoice                     3878	EXIST::FUNCTION:RFC3779
-EVP_CIPHER_CTX_block_size               3879	EXIST::FUNCTION:
-ASIdentifiers_new                       3880	EXIST::FUNCTION:RFC3779
-v3_addr_validate_path                   3881	EXIST::FUNCTION:RFC3779
-IPAddressFamily_new                     3882	EXIST::FUNCTION:RFC3779
-EVP_MD_CTX_set_flags                    3883	EXIST::FUNCTION:
-v3_addr_is_canonical                    3884	EXIST::FUNCTION:RFC3779
-i2d_IPAddressRange                      3885	EXIST::FUNCTION:RFC3779
-IPAddressFamily_it                      3886	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
-IPAddressFamily_it                      3886	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
-v3_asid_inherits                        3887	EXIST::FUNCTION:RFC3779
-EVP_CIPHER_CTX_cipher                   3888	EXIST::FUNCTION:
-EVP_CIPHER_CTX_get_app_data             3889	EXIST::FUNCTION:
-EVP_MD_block_size                       3890	EXIST::FUNCTION:
-EVP_CIPHER_CTX_flags                    3891	EXIST::FUNCTION:
-v3_asid_validate_path                   3892	EXIST::FUNCTION:RFC3779
-d2i_IPAddressOrRange                    3893	EXIST::FUNCTION:RFC3779
-v3_addr_canonize                        3894	EXIST::FUNCTION:RFC3779
-ASIdentifierChoice_it                   3895	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
-ASIdentifierChoice_it                   3895	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
-EVP_MD_CTX_md                           3896	EXIST::FUNCTION:
-d2i_ASIdentifierChoice                  3897	EXIST::FUNCTION:RFC3779
-BIO_method_name                         3898	EXIST::FUNCTION:
-EVP_CIPHER_CTX_iv_length                3899	EXIST::FUNCTION:
-ASIdOrRange_free                        3900	EXIST::FUNCTION:RFC3779
-ASIdentifierChoice_free                 3901	EXIST::FUNCTION:RFC3779
-BIO_get_callback_arg                    3902	EXIST::FUNCTION:
-BIO_set_callback                        3903	EXIST::FUNCTION:
-d2i_ASIdOrRange                         3904	EXIST::FUNCTION:RFC3779
-i2d_ASIdentifiers                       3905	EXIST::FUNCTION:RFC3779
-CRYPTO_memcmp                           3906	EXIST::FUNCTION:
-BN_consttime_swap                       3907	EXIST::FUNCTION:
-SEED_decrypt                            3908	EXIST::FUNCTION:SEED
-SEED_encrypt                            3909	EXIST::FUNCTION:SEED
-SEED_cbc_encrypt                        3910	EXIST::FUNCTION:SEED
-EVP_seed_ofb                            3911	EXIST::FUNCTION:SEED
-SEED_cfb128_encrypt                     3912	EXIST::FUNCTION:SEED
-SEED_ofb128_encrypt                     3913	EXIST::FUNCTION:SEED
-EVP_seed_cbc                            3914	EXIST::FUNCTION:SEED
-SEED_ecb_encrypt                        3915	EXIST::FUNCTION:SEED
-EVP_seed_ecb                            3916	EXIST::FUNCTION:SEED
-SEED_set_key                            3917	EXIST::FUNCTION:SEED
-EVP_seed_cfb128                         3918	EXIST::FUNCTION:SEED
-X509_EXTENSIONS_it                      3919	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_EXTENSIONS_it                      3919	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-X509_get1_ocsp                          3920	EXIST::FUNCTION:
-OCSP_REQ_CTX_free                       3921	EXIST::FUNCTION:
-i2d_X509_EXTENSIONS                     3922	EXIST::FUNCTION:
-OCSP_sendreq_nbio                       3923	EXIST::FUNCTION:
-OCSP_sendreq_new                        3924	EXIST::FUNCTION:
-d2i_X509_EXTENSIONS                     3925	EXIST::FUNCTION:
-X509_ALGORS_it                          3926	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_ALGORS_it                          3926	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-X509_ALGOR_get0                         3927	EXIST::FUNCTION:
-X509_ALGOR_set0                         3928	EXIST::FUNCTION:
-AES_unwrap_key                          3929	EXIST::FUNCTION:AES
-AES_wrap_key                            3930	EXIST::FUNCTION:AES
-X509at_get0_data_by_OBJ                 3931	EXIST::FUNCTION:
-ASN1_TYPE_set1                          3932	EXIST::FUNCTION:
-ASN1_STRING_set0                        3933	EXIST::FUNCTION:
-i2d_X509_ALGORS                         3934	EXIST::FUNCTION:
-BIO_f_zlib                              3935	EXIST:ZLIB:FUNCTION:
-COMP_zlib_cleanup                       3936	EXIST::FUNCTION:
-d2i_X509_ALGORS                         3937	EXIST::FUNCTION:
-CMS_ReceiptRequest_free                 3938	EXIST::FUNCTION:CMS
-PEM_write_CMS                           3939	EXIST:!WIN16:FUNCTION:CMS
-CMS_add0_CertificateChoices             3940	EXIST::FUNCTION:CMS
-CMS_unsigned_add1_attr_by_OBJ           3941	EXIST::FUNCTION:CMS
-ERR_load_CMS_strings                    3942	EXIST::FUNCTION:CMS
-CMS_sign_receipt                        3943	EXIST::FUNCTION:CMS
-i2d_CMS_ContentInfo                     3944	EXIST::FUNCTION:CMS
-CMS_signed_delete_attr                  3945	EXIST::FUNCTION:CMS
-d2i_CMS_bio                             3946	EXIST::FUNCTION:CMS
-CMS_unsigned_get_attr_by_NID            3947	EXIST::FUNCTION:CMS
-CMS_verify                              3948	EXIST::FUNCTION:CMS
-SMIME_read_CMS                          3949	EXIST::FUNCTION:CMS
-CMS_decrypt_set1_key                    3950	EXIST::FUNCTION:CMS
-CMS_SignerInfo_get0_algs                3951	EXIST::FUNCTION:CMS
-CMS_add1_cert                           3952	EXIST::FUNCTION:CMS
-CMS_set_detached                        3953	EXIST::FUNCTION:CMS
-CMS_encrypt                             3954	EXIST::FUNCTION:CMS
-CMS_EnvelopedData_create                3955	EXIST::FUNCTION:CMS
-CMS_uncompress                          3956	EXIST::FUNCTION:CMS
-CMS_add0_crl                            3957	EXIST::FUNCTION:CMS
-CMS_SignerInfo_verify_content           3958	EXIST::FUNCTION:CMS
-CMS_unsigned_get0_data_by_OBJ           3959	EXIST::FUNCTION:CMS
-PEM_write_bio_CMS                       3960	EXIST::FUNCTION:CMS
-CMS_unsigned_get_attr                   3961	EXIST::FUNCTION:CMS
-CMS_RecipientInfo_ktri_cert_cmp         3962	EXIST::FUNCTION:CMS
-CMS_RecipientInfo_ktri_get0_algs        3963	EXIST:!VMS:FUNCTION:CMS
-CMS_RecipInfo_ktri_get0_algs            3963	EXIST:VMS:FUNCTION:CMS
-CMS_ContentInfo_free                    3964	EXIST::FUNCTION:CMS
-CMS_final                               3965	EXIST::FUNCTION:CMS
-CMS_add_simple_smimecap                 3966	EXIST::FUNCTION:CMS
-CMS_SignerInfo_verify                   3967	EXIST::FUNCTION:CMS
-CMS_data                                3968	EXIST::FUNCTION:CMS
-CMS_ContentInfo_it                      3969	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMS
-CMS_ContentInfo_it                      3969	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CMS
-d2i_CMS_ReceiptRequest                  3970	EXIST::FUNCTION:CMS
-CMS_compress                            3971	EXIST::FUNCTION:CMS
-CMS_digest_create                       3972	EXIST::FUNCTION:CMS
-CMS_SignerInfo_cert_cmp                 3973	EXIST::FUNCTION:CMS
-CMS_SignerInfo_sign                     3974	EXIST::FUNCTION:CMS
-CMS_data_create                         3975	EXIST::FUNCTION:CMS
-i2d_CMS_bio                             3976	EXIST::FUNCTION:CMS
-CMS_EncryptedData_set1_key              3977	EXIST::FUNCTION:CMS
-CMS_decrypt                             3978	EXIST::FUNCTION:CMS
-int_smime_write_ASN1                    3979	NOEXIST::FUNCTION:
-CMS_unsigned_delete_attr                3980	EXIST::FUNCTION:CMS
-CMS_unsigned_get_attr_count             3981	EXIST::FUNCTION:CMS
-CMS_add_smimecap                        3982	EXIST::FUNCTION:CMS
-PEM_read_CMS                            3983	EXIST:!WIN16:FUNCTION:CMS
-CMS_signed_get_attr_by_OBJ              3984	EXIST::FUNCTION:CMS
-d2i_CMS_ContentInfo                     3985	EXIST::FUNCTION:CMS
-CMS_add_standard_smimecap               3986	EXIST::FUNCTION:CMS
-CMS_ContentInfo_new                     3987	EXIST::FUNCTION:CMS
-CMS_RecipientInfo_type                  3988	EXIST::FUNCTION:CMS
-CMS_get0_type                           3989	EXIST::FUNCTION:CMS
-CMS_is_detached                         3990	EXIST::FUNCTION:CMS
-CMS_sign                                3991	EXIST::FUNCTION:CMS
-CMS_signed_add1_attr                    3992	EXIST::FUNCTION:CMS
-CMS_unsigned_get_attr_by_OBJ            3993	EXIST::FUNCTION:CMS
-SMIME_write_CMS                         3994	EXIST::FUNCTION:CMS
-CMS_EncryptedData_decrypt               3995	EXIST::FUNCTION:CMS
-CMS_get0_RecipientInfos                 3996	EXIST::FUNCTION:CMS
-CMS_add0_RevocationInfoChoice           3997	EXIST::FUNCTION:CMS
-CMS_decrypt_set1_pkey                   3998	EXIST::FUNCTION:CMS
-CMS_SignerInfo_set1_signer_cert         3999	EXIST::FUNCTION:CMS
-CMS_get0_signers                        4000	EXIST::FUNCTION:CMS
-CMS_ReceiptRequest_get0_values          4001	EXIST::FUNCTION:CMS
-CMS_signed_get0_data_by_OBJ             4002	EXIST::FUNCTION:CMS
-CMS_get0_SignerInfos                    4003	EXIST::FUNCTION:CMS
-CMS_add0_cert                           4004	EXIST::FUNCTION:CMS
-CMS_EncryptedData_encrypt               4005	EXIST::FUNCTION:CMS
-CMS_digest_verify                       4006	EXIST::FUNCTION:CMS
-CMS_set1_signers_certs                  4007	EXIST::FUNCTION:CMS
-CMS_signed_get_attr                     4008	EXIST::FUNCTION:CMS
-CMS_RecipientInfo_set0_key              4009	EXIST::FUNCTION:CMS
-CMS_SignedData_init                     4010	EXIST::FUNCTION:CMS
-CMS_RecipientInfo_kekri_get0_id         4011	EXIST::FUNCTION:CMS
-CMS_verify_receipt                      4012	EXIST::FUNCTION:CMS
-CMS_ReceiptRequest_it                   4013	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMS
-CMS_ReceiptRequest_it                   4013	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CMS
-PEM_read_bio_CMS                        4014	EXIST::FUNCTION:CMS
-CMS_get1_crls                           4015	EXIST::FUNCTION:CMS
-CMS_add0_recipient_key                  4016	EXIST::FUNCTION:CMS
-SMIME_read_ASN1                         4017	EXIST::FUNCTION:
-CMS_ReceiptRequest_new                  4018	EXIST::FUNCTION:CMS
-CMS_get0_content                        4019	EXIST::FUNCTION:CMS
-CMS_get1_ReceiptRequest                 4020	EXIST::FUNCTION:CMS
-CMS_signed_add1_attr_by_OBJ             4021	EXIST::FUNCTION:CMS
-CMS_RecipientInfo_kekri_id_cmp          4022	EXIST::FUNCTION:CMS
-CMS_add1_ReceiptRequest                 4023	EXIST::FUNCTION:CMS
-CMS_SignerInfo_get0_signer_id           4024	EXIST::FUNCTION:CMS
-CMS_unsigned_add1_attr_by_NID           4025	EXIST::FUNCTION:CMS
-CMS_unsigned_add1_attr                  4026	EXIST::FUNCTION:CMS
-CMS_signed_get_attr_by_NID              4027	EXIST::FUNCTION:CMS
-CMS_get1_certs                          4028	EXIST::FUNCTION:CMS
-CMS_signed_add1_attr_by_NID             4029	EXIST::FUNCTION:CMS
-CMS_unsigned_add1_attr_by_txt           4030	EXIST::FUNCTION:CMS
-CMS_dataFinal                           4031	EXIST::FUNCTION:CMS
-CMS_RecipientInfo_ktri_get0_signer_id   4032	EXIST:!VMS:FUNCTION:CMS
-CMS_RecipInfo_ktri_get0_sigr_id         4032	EXIST:VMS:FUNCTION:CMS
-i2d_CMS_ReceiptRequest                  4033	EXIST::FUNCTION:CMS
-CMS_add1_recipient_cert                 4034	EXIST::FUNCTION:CMS
-CMS_dataInit                            4035	EXIST::FUNCTION:CMS
-CMS_signed_add1_attr_by_txt             4036	EXIST::FUNCTION:CMS
-CMS_RecipientInfo_decrypt               4037	EXIST::FUNCTION:CMS
-CMS_signed_get_attr_count               4038	EXIST::FUNCTION:CMS
-CMS_get0_eContentType                   4039	EXIST::FUNCTION:CMS
-CMS_set1_eContentType                   4040	EXIST::FUNCTION:CMS
-CMS_ReceiptRequest_create0              4041	EXIST::FUNCTION:CMS
-CMS_add1_signer                         4042	EXIST::FUNCTION:CMS
-CMS_RecipientInfo_set0_pkey             4043	EXIST::FUNCTION:CMS
-ENGINE_set_load_ssl_client_cert_function 4044	EXIST:!VMS:FUNCTION:ENGINE
-ENGINE_set_ld_ssl_clnt_cert_fn          4044	EXIST:VMS:FUNCTION:ENGINE
-ENGINE_get_ssl_client_cert_function     4045	EXIST:!VMS:FUNCTION:ENGINE
-ENGINE_get_ssl_client_cert_fn           4045	EXIST:VMS:FUNCTION:ENGINE
-ENGINE_load_ssl_client_cert             4046	EXIST::FUNCTION:ENGINE
-ENGINE_load_capi                        4047	EXIST::FUNCTION:ENGINE,STATIC_ENGINE
-OPENSSL_isservice                       4048	EXIST::FUNCTION:
-FIPS_dsa_sig_decode                     4049	NOEXIST::FUNCTION:
-EVP_CIPHER_CTX_clear_flags              4050	EXIST::FUNCTION:
-FIPS_rand_status                        4051	NOEXIST::FUNCTION:
-FIPS_rand_set_key                       4052	NOEXIST::FUNCTION:
-CRYPTO_set_mem_info_functions           4053	NOEXIST::FUNCTION:
-RSA_X931_generate_key_ex                4054	NOEXIST::FUNCTION:
-int_ERR_set_state_func                  4055	NOEXIST::FUNCTION:
-int_EVP_MD_set_engine_callbacks         4056	NOEXIST::FUNCTION:
-int_CRYPTO_set_do_dynlock_callback      4057	NOEXIST::FUNCTION:
-FIPS_rng_stick                          4058	NOEXIST::FUNCTION:
-EVP_CIPHER_CTX_set_flags                4059	EXIST::FUNCTION:
-BN_X931_generate_prime_ex               4060	EXIST::FUNCTION:
-FIPS_selftest_check                     4061	NOEXIST::FUNCTION:
-FIPS_rand_set_dt                        4062	NOEXIST::FUNCTION:
-CRYPTO_dbg_pop_info                     4063	NOEXIST::FUNCTION:
-FIPS_dsa_free                           4064	NOEXIST::FUNCTION:
-RSA_X931_derive_ex                      4065	NOEXIST::FUNCTION:
-FIPS_rsa_new                            4066	NOEXIST::FUNCTION:
-FIPS_rand_bytes                         4067	NOEXIST::FUNCTION:
-fips_cipher_test                        4068	NOEXIST::FUNCTION:
-EVP_CIPHER_CTX_test_flags               4069	EXIST::FUNCTION:
-CRYPTO_malloc_debug_init                4070	NOEXIST::FUNCTION:
-CRYPTO_dbg_push_info                    4071	NOEXIST::FUNCTION:
-FIPS_corrupt_rsa_keygen                 4072	NOEXIST::FUNCTION:
-FIPS_dh_new                             4073	NOEXIST::FUNCTION:
-FIPS_corrupt_dsa_keygen                 4074	NOEXIST::FUNCTION:
-FIPS_dh_free                            4075	NOEXIST::FUNCTION:
-fips_pkey_signature_test                4076	NOEXIST::FUNCTION:
-EVP_add_alg_module                      4077	EXIST::FUNCTION:
-int_RAND_init_engine_callbacks          4078	NOEXIST::FUNCTION:
-int_EVP_CIPHER_set_engine_callbacks     4079	NOEXIST::FUNCTION:
-int_EVP_MD_init_engine_callbacks        4080	NOEXIST::FUNCTION:
-FIPS_rand_test_mode                     4081	NOEXIST::FUNCTION:
-FIPS_rand_reset                         4082	NOEXIST::FUNCTION:
-FIPS_dsa_new                            4083	NOEXIST::FUNCTION:
-int_RAND_set_callbacks                  4084	NOEXIST::FUNCTION:
-BN_X931_derive_prime_ex                 4085	EXIST::FUNCTION:
-int_ERR_lib_init                        4086	NOEXIST::FUNCTION:
-int_EVP_CIPHER_init_engine_callbacks    4087	NOEXIST::FUNCTION:
-FIPS_rsa_free                           4088	NOEXIST::FUNCTION:
-FIPS_dsa_sig_encode                     4089	NOEXIST::FUNCTION:
-CRYPTO_dbg_remove_all_info              4090	NOEXIST::FUNCTION:
-OPENSSL_init                            4091	EXIST::FUNCTION:
-private_Camellia_set_key                4092	EXIST:OPENSSL_FIPS:FUNCTION:CAMELLIA
-CRYPTO_strdup                           4093	EXIST::FUNCTION:
-JPAKE_STEP3A_process                    4094	EXIST::FUNCTION:JPAKE
-JPAKE_STEP1_release                     4095	EXIST::FUNCTION:JPAKE
-JPAKE_get_shared_key                    4096	EXIST::FUNCTION:JPAKE
-JPAKE_STEP3B_init                       4097	EXIST::FUNCTION:JPAKE
-JPAKE_STEP1_generate                    4098	EXIST::FUNCTION:JPAKE
-JPAKE_STEP1_init                        4099	EXIST::FUNCTION:JPAKE
-JPAKE_STEP3B_process                    4100	EXIST::FUNCTION:JPAKE
-JPAKE_STEP2_generate                    4101	EXIST::FUNCTION:JPAKE
-JPAKE_CTX_new                           4102	EXIST::FUNCTION:JPAKE
-JPAKE_CTX_free                          4103	EXIST::FUNCTION:JPAKE
-JPAKE_STEP3B_release                    4104	EXIST::FUNCTION:JPAKE
-JPAKE_STEP3A_release                    4105	EXIST::FUNCTION:JPAKE
-JPAKE_STEP2_process                     4106	EXIST::FUNCTION:JPAKE
-JPAKE_STEP3B_generate                   4107	EXIST::FUNCTION:JPAKE
-JPAKE_STEP1_process                     4108	EXIST::FUNCTION:JPAKE
-JPAKE_STEP3A_generate                   4109	EXIST::FUNCTION:JPAKE
-JPAKE_STEP2_release                     4110	EXIST::FUNCTION:JPAKE
-JPAKE_STEP3A_init                       4111	EXIST::FUNCTION:JPAKE
-ERR_load_JPAKE_strings                  4112	EXIST::FUNCTION:JPAKE
-JPAKE_STEP2_init                        4113	EXIST::FUNCTION:JPAKE
-pqueue_size                             4114	EXIST::FUNCTION:
-i2d_TS_ACCURACY                         4115	EXIST::FUNCTION:
-i2d_TS_MSG_IMPRINT_fp                   4116	EXIST::FUNCTION:
-i2d_TS_MSG_IMPRINT                      4117	EXIST::FUNCTION:
-EVP_PKEY_print_public                   4118	EXIST::FUNCTION:
-EVP_PKEY_CTX_new                        4119	EXIST::FUNCTION:
-i2d_TS_TST_INFO                         4120	EXIST::FUNCTION:
-EVP_PKEY_asn1_find                      4121	EXIST::FUNCTION:
-DSO_METHOD_beos                         4122	EXIST::FUNCTION:
-TS_CONF_load_cert                       4123	EXIST::FUNCTION:
-TS_REQ_get_ext                          4124	EXIST::FUNCTION:
-EVP_PKEY_sign_init                      4125	EXIST::FUNCTION:
-ASN1_item_print                         4126	EXIST::FUNCTION:
-TS_TST_INFO_set_nonce                   4127	EXIST::FUNCTION:
-TS_RESP_dup                             4128	EXIST::FUNCTION:
-ENGINE_register_pkey_meths              4129	EXIST::FUNCTION:ENGINE
-EVP_PKEY_asn1_add0                      4130	EXIST::FUNCTION:
-PKCS7_add0_attrib_signing_time          4131	EXIST::FUNCTION:
-i2d_TS_TST_INFO_fp                      4132	EXIST::FUNCTION:
-BIO_asn1_get_prefix                     4133	EXIST::FUNCTION:
-TS_TST_INFO_set_time                    4134	EXIST::FUNCTION:
-EVP_PKEY_meth_set_decrypt               4135	EXIST::FUNCTION:
-EVP_PKEY_set_type_str                   4136	EXIST::FUNCTION:
-EVP_PKEY_CTX_get_keygen_info            4137	EXIST::FUNCTION:
-TS_REQ_set_policy_id                    4138	EXIST::FUNCTION:
-d2i_TS_RESP_fp                          4139	EXIST::FUNCTION:
-ENGINE_get_pkey_asn1_meth_engine        4140	EXIST:!VMS:FUNCTION:ENGINE
-ENGINE_get_pkey_asn1_meth_eng           4140	EXIST:VMS:FUNCTION:ENGINE
-WHIRLPOOL_Init                          4141	EXIST:!VMSVAX:FUNCTION:WHIRLPOOL
-TS_RESP_set_status_info                 4142	EXIST::FUNCTION:
-EVP_PKEY_keygen                         4143	EXIST::FUNCTION:
-EVP_DigestSignInit                      4144	EXIST::FUNCTION:
-TS_ACCURACY_set_millis                  4145	EXIST::FUNCTION:
-TS_REQ_dup                              4146	EXIST::FUNCTION:
-GENERAL_NAME_dup                        4147	EXIST::FUNCTION:
-ASN1_SEQUENCE_ANY_it                    4148	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_SEQUENCE_ANY_it                    4148	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-WHIRLPOOL                               4149	EXIST:!VMSVAX:FUNCTION:WHIRLPOOL
-X509_STORE_get1_crls                    4150	EXIST::FUNCTION:
-ENGINE_get_pkey_asn1_meth               4151	EXIST::FUNCTION:ENGINE
-EVP_PKEY_asn1_new                       4152	EXIST::FUNCTION:
-BIO_new_NDEF                            4153	EXIST::FUNCTION:
-ENGINE_get_pkey_meth                    4154	EXIST::FUNCTION:ENGINE
-TS_MSG_IMPRINT_set_algo                 4155	EXIST::FUNCTION:
-i2d_TS_TST_INFO_bio                     4156	EXIST::FUNCTION:
-TS_TST_INFO_set_ordering                4157	EXIST::FUNCTION:
-TS_TST_INFO_get_ext_by_OBJ              4158	EXIST::FUNCTION:
-CRYPTO_THREADID_set_pointer             4159	EXIST::FUNCTION:
-TS_CONF_get_tsa_section                 4160	EXIST::FUNCTION:
-SMIME_write_ASN1                        4161	EXIST::FUNCTION:
-TS_RESP_CTX_set_signer_key              4162	EXIST::FUNCTION:
-EVP_PKEY_encrypt_old                    4163	EXIST::FUNCTION:
-EVP_PKEY_encrypt_init                   4164	EXIST::FUNCTION:
-CRYPTO_THREADID_cpy                     4165	EXIST::FUNCTION:
-ASN1_PCTX_get_cert_flags                4166	EXIST::FUNCTION:
-i2d_ESS_SIGNING_CERT                    4167	EXIST::FUNCTION:
-TS_CONF_load_key                        4168	EXIST::FUNCTION:
-i2d_ASN1_SEQUENCE_ANY                   4169	EXIST::FUNCTION:
-d2i_TS_MSG_IMPRINT_bio                  4170	EXIST::FUNCTION:
-EVP_PKEY_asn1_set_public                4171	EXIST::FUNCTION:
-b2i_PublicKey_bio                       4172	EXIST::FUNCTION:
-BIO_asn1_set_prefix                     4173	EXIST::FUNCTION:
-EVP_PKEY_new_mac_key                    4174	EXIST::FUNCTION:
-BIO_new_CMS                             4175	EXIST::FUNCTION:CMS
-CRYPTO_THREADID_cmp                     4176	EXIST::FUNCTION:
-TS_REQ_ext_free                         4177	EXIST::FUNCTION:
-EVP_PKEY_asn1_set_free                  4178	EXIST::FUNCTION:
-EVP_PKEY_get0_asn1                      4179	EXIST::FUNCTION:
-d2i_NETSCAPE_X509                       4180	EXIST::FUNCTION:
-EVP_PKEY_verify_recover_init            4181	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_data                   4182	EXIST::FUNCTION:
-EVP_PKEY_keygen_init                    4183	EXIST::FUNCTION:
-TS_RESP_CTX_set_status_info             4184	EXIST::FUNCTION:
-TS_MSG_IMPRINT_get_algo                 4185	EXIST::FUNCTION:
-TS_REQ_print_bio                        4186	EXIST::FUNCTION:
-EVP_PKEY_CTX_ctrl_str                   4187	EXIST::FUNCTION:
-EVP_PKEY_get_default_digest_nid         4188	EXIST::FUNCTION:
-PEM_write_bio_PKCS7_stream              4189	EXIST::FUNCTION:
-TS_MSG_IMPRINT_print_bio                4190	EXIST::FUNCTION:
-BN_asc2bn                               4191	EXIST::FUNCTION:
-TS_REQ_get_policy_id                    4192	EXIST::FUNCTION:
-ENGINE_set_default_pkey_asn1_meths      4193	EXIST:!VMS:FUNCTION:ENGINE
-ENGINE_set_def_pkey_asn1_meths          4193	EXIST:VMS:FUNCTION:ENGINE
-d2i_TS_ACCURACY                         4194	EXIST::FUNCTION:
-DSO_global_lookup                       4195	EXIST::FUNCTION:
-TS_CONF_set_tsa_name                    4196	EXIST::FUNCTION:
-i2d_ASN1_SET_ANY                        4197	EXIST::FUNCTION:
-ENGINE_load_gost                        4198	EXIST::FUNCTION:ENGINE,GOST,STATIC_ENGINE
-WHIRLPOOL_BitUpdate                     4199	EXIST:!VMSVAX:FUNCTION:WHIRLPOOL
-ASN1_PCTX_get_flags                     4200	EXIST::FUNCTION:
-TS_TST_INFO_get_ext_by_NID              4201	EXIST::FUNCTION:
-TS_RESP_new                             4202	EXIST::FUNCTION:
-ESS_CERT_ID_dup                         4203	EXIST::FUNCTION:
-TS_STATUS_INFO_dup                      4204	EXIST::FUNCTION:
-TS_REQ_delete_ext                       4205	EXIST::FUNCTION:
-EVP_DigestVerifyFinal                   4206	EXIST::FUNCTION:
-EVP_PKEY_print_params                   4207	EXIST::FUNCTION:
-i2d_CMS_bio_stream                      4208	EXIST::FUNCTION:CMS
-TS_REQ_get_msg_imprint                  4209	EXIST::FUNCTION:
-OBJ_find_sigid_by_algs                  4210	EXIST::FUNCTION:
-TS_TST_INFO_get_serial                  4211	EXIST::FUNCTION:
-TS_REQ_get_nonce                        4212	EXIST::FUNCTION:
-X509_PUBKEY_set0_param                  4213	EXIST::FUNCTION:
-EVP_PKEY_CTX_set0_keygen_info           4214	EXIST::FUNCTION:
-DIST_POINT_set_dpname                   4215	EXIST::FUNCTION:
-i2d_ISSUING_DIST_POINT                  4216	EXIST::FUNCTION:
-ASN1_SET_ANY_it                         4217	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_SET_ANY_it                         4217	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EVP_PKEY_CTX_get_data                   4218	EXIST::FUNCTION:
-TS_STATUS_INFO_print_bio                4219	EXIST::FUNCTION:
-EVP_PKEY_derive_init                    4220	EXIST::FUNCTION:
-d2i_TS_TST_INFO                         4221	EXIST::FUNCTION:
-EVP_PKEY_asn1_add_alias                 4222	EXIST::FUNCTION:
-d2i_TS_RESP_bio                         4223	EXIST::FUNCTION:
-OTHERNAME_cmp                           4224	EXIST::FUNCTION:
-GENERAL_NAME_set0_value                 4225	EXIST::FUNCTION:
-PKCS7_RECIP_INFO_get0_alg               4226	EXIST::FUNCTION:
-TS_RESP_CTX_new                         4227	EXIST::FUNCTION:
-TS_RESP_set_tst_info                    4228	EXIST::FUNCTION:
-PKCS7_final                             4229	EXIST::FUNCTION:
-EVP_PKEY_base_id                        4230	EXIST::FUNCTION:
-TS_RESP_CTX_set_signer_cert             4231	EXIST::FUNCTION:
-TS_REQ_set_msg_imprint                  4232	EXIST::FUNCTION:
-EVP_PKEY_CTX_ctrl                       4233	EXIST::FUNCTION:
-TS_CONF_set_digests                     4234	EXIST::FUNCTION:
-d2i_TS_MSG_IMPRINT                      4235	EXIST::FUNCTION:
-EVP_PKEY_meth_set_ctrl                  4236	EXIST::FUNCTION:
-TS_REQ_get_ext_by_NID                   4237	EXIST::FUNCTION:
-PKCS5_pbe_set0_algor                    4238	EXIST::FUNCTION:
-BN_BLINDING_thread_id                   4239	EXIST::FUNCTION:
-TS_ACCURACY_new                         4240	EXIST::FUNCTION:
-X509_CRL_METHOD_free                    4241	EXIST::FUNCTION:
-ASN1_PCTX_get_nm_flags                  4242	EXIST::FUNCTION:
-EVP_PKEY_meth_set_sign                  4243	EXIST::FUNCTION:
-CRYPTO_THREADID_current                 4244	EXIST::FUNCTION:
-EVP_PKEY_decrypt_init                   4245	EXIST::FUNCTION:
-NETSCAPE_X509_free                      4246	EXIST::FUNCTION:
-i2b_PVK_bio                             4247	EXIST::FUNCTION:RC4
-EVP_PKEY_print_private                  4248	EXIST::FUNCTION:
-GENERAL_NAME_get0_value                 4249	EXIST::FUNCTION:
-b2i_PVK_bio                             4250	EXIST::FUNCTION:RC4
-ASN1_UTCTIME_adj                        4251	EXIST::FUNCTION:
-TS_TST_INFO_new                         4252	EXIST::FUNCTION:
-EVP_MD_do_all_sorted                    4253	EXIST::FUNCTION:
-TS_CONF_set_default_engine              4254	EXIST::FUNCTION:
-TS_ACCURACY_set_seconds                 4255	EXIST::FUNCTION:
-TS_TST_INFO_get_time                    4256	EXIST::FUNCTION:
-PKCS8_pkey_get0                         4257	EXIST::FUNCTION:
-EVP_PKEY_asn1_get0                      4258	EXIST::FUNCTION:
-OBJ_add_sigid                           4259	EXIST::FUNCTION:
-PKCS7_SIGNER_INFO_sign                  4260	EXIST::FUNCTION:
-EVP_PKEY_paramgen_init                  4261	EXIST::FUNCTION:
-EVP_PKEY_sign                           4262	EXIST::FUNCTION:
-OBJ_sigid_free                          4263	EXIST::FUNCTION:
-EVP_PKEY_meth_set_init                  4264	EXIST::FUNCTION:
-d2i_ESS_ISSUER_SERIAL                   4265	EXIST::FUNCTION:
-ISSUING_DIST_POINT_new                  4266	EXIST::FUNCTION:
-ASN1_TIME_adj                           4267	EXIST::FUNCTION:
-TS_OBJ_print_bio                        4268	EXIST::FUNCTION:
-EVP_PKEY_meth_set_verify_recover        4269	EXIST:!VMS:FUNCTION:
-EVP_PKEY_meth_set_vrfy_recover          4269	EXIST:VMS:FUNCTION:
-TS_RESP_get_status_info                 4270	EXIST::FUNCTION:
-CMS_stream                              4271	EXIST::FUNCTION:CMS
-EVP_PKEY_CTX_set_cb                     4272	EXIST::FUNCTION:
-PKCS7_to_TS_TST_INFO                    4273	EXIST::FUNCTION:
-ASN1_PCTX_get_oid_flags                 4274	EXIST::FUNCTION:
-TS_TST_INFO_add_ext                     4275	EXIST::FUNCTION:
-EVP_PKEY_meth_set_derive                4276	EXIST::FUNCTION:
-i2d_TS_RESP_fp                          4277	EXIST::FUNCTION:
-i2d_TS_MSG_IMPRINT_bio                  4278	EXIST::FUNCTION:
-TS_RESP_CTX_set_accuracy                4279	EXIST::FUNCTION:
-TS_REQ_set_nonce                        4280	EXIST::FUNCTION:
-ESS_CERT_ID_new                         4281	EXIST::FUNCTION:
-ENGINE_pkey_asn1_find_str               4282	EXIST::FUNCTION:ENGINE
-TS_REQ_get_ext_count                    4283	EXIST::FUNCTION:
-BUF_reverse                             4284	EXIST::FUNCTION:
-TS_TST_INFO_print_bio                   4285	EXIST::FUNCTION:
-d2i_ISSUING_DIST_POINT                  4286	EXIST::FUNCTION:
-ENGINE_get_pkey_meths                   4287	EXIST::FUNCTION:ENGINE
-i2b_PrivateKey_bio                      4288	EXIST::FUNCTION:
-i2d_TS_RESP                             4289	EXIST::FUNCTION:
-b2i_PublicKey                           4290	EXIST::FUNCTION:
-TS_VERIFY_CTX_cleanup                   4291	EXIST::FUNCTION:
-TS_STATUS_INFO_free                     4292	EXIST::FUNCTION:
-TS_RESP_verify_token                    4293	EXIST::FUNCTION:
-OBJ_bsearch_ex_                         4294	EXIST::FUNCTION:
-ASN1_bn_print                           4295	EXIST::FUNCTION:BIO
-EVP_PKEY_asn1_get_count                 4296	EXIST::FUNCTION:
-ENGINE_register_pkey_asn1_meths         4297	EXIST::FUNCTION:ENGINE
-ASN1_PCTX_set_nm_flags                  4298	EXIST::FUNCTION:
-EVP_DigestVerifyInit                    4299	EXIST::FUNCTION:
-ENGINE_set_default_pkey_meths           4300	EXIST::FUNCTION:ENGINE
-TS_TST_INFO_get_policy_id               4301	EXIST::FUNCTION:
-TS_REQ_get_cert_req                     4302	EXIST::FUNCTION:
-X509_CRL_set_meth_data                  4303	EXIST::FUNCTION:
-PKCS8_pkey_set0                         4304	EXIST::FUNCTION:
-ASN1_STRING_copy                        4305	EXIST::FUNCTION:
-d2i_TS_TST_INFO_fp                      4306	EXIST::FUNCTION:
-X509_CRL_match                          4307	EXIST::FUNCTION:
-EVP_PKEY_asn1_set_private               4308	EXIST::FUNCTION:
-TS_TST_INFO_get_ext_d2i                 4309	EXIST::FUNCTION:
-TS_RESP_CTX_add_policy                  4310	EXIST::FUNCTION:
-d2i_TS_RESP                             4311	EXIST::FUNCTION:
-TS_CONF_load_certs                      4312	EXIST::FUNCTION:
-TS_TST_INFO_get_msg_imprint             4313	EXIST::FUNCTION:
-ERR_load_TS_strings                     4314	EXIST::FUNCTION:
-TS_TST_INFO_get_version                 4315	EXIST::FUNCTION:
-EVP_PKEY_CTX_dup                        4316	EXIST::FUNCTION:
-EVP_PKEY_meth_set_verify                4317	EXIST::FUNCTION:
-i2b_PublicKey_bio                       4318	EXIST::FUNCTION:
-TS_CONF_set_certs                       4319	EXIST::FUNCTION:
-EVP_PKEY_asn1_get0_info                 4320	EXIST::FUNCTION:
-TS_VERIFY_CTX_free                      4321	EXIST::FUNCTION:
-TS_REQ_get_ext_by_critical              4322	EXIST::FUNCTION:
-TS_RESP_CTX_set_serial_cb               4323	EXIST::FUNCTION:
-X509_CRL_get_meth_data                  4324	EXIST::FUNCTION:
-TS_RESP_CTX_set_time_cb                 4325	EXIST::FUNCTION:
-TS_MSG_IMPRINT_get_msg                  4326	EXIST::FUNCTION:
-TS_TST_INFO_ext_free                    4327	EXIST::FUNCTION:
-TS_REQ_get_version                      4328	EXIST::FUNCTION:
-TS_REQ_add_ext                          4329	EXIST::FUNCTION:
-EVP_PKEY_CTX_set_app_data               4330	EXIST::FUNCTION:
-OBJ_bsearch_                            4331	EXIST::FUNCTION:
-EVP_PKEY_meth_set_verifyctx             4332	EXIST::FUNCTION:
-i2d_PKCS7_bio_stream                    4333	EXIST::FUNCTION:
-CRYPTO_THREADID_set_numeric             4334	EXIST::FUNCTION:
-PKCS7_sign_add_signer                   4335	EXIST::FUNCTION:
-d2i_TS_TST_INFO_bio                     4336	EXIST::FUNCTION:
-TS_TST_INFO_get_ordering                4337	EXIST::FUNCTION:
-TS_RESP_print_bio                       4338	EXIST::FUNCTION:
-TS_TST_INFO_get_exts                    4339	EXIST::FUNCTION:
-HMAC_CTX_copy                           4340	EXIST::FUNCTION:HMAC
-PKCS5_pbe2_set_iv                       4341	EXIST::FUNCTION:
-ENGINE_get_pkey_asn1_meths              4342	EXIST::FUNCTION:ENGINE
-b2i_PrivateKey                          4343	EXIST::FUNCTION:
-EVP_PKEY_CTX_get_app_data               4344	EXIST::FUNCTION:
-TS_REQ_set_cert_req                     4345	EXIST::FUNCTION:
-CRYPTO_THREADID_set_callback            4346	EXIST::FUNCTION:
-TS_CONF_set_serial                      4347	EXIST::FUNCTION:
-TS_TST_INFO_free                        4348	EXIST::FUNCTION:
-d2i_TS_REQ_fp                           4349	EXIST::FUNCTION:
-TS_RESP_verify_response                 4350	EXIST::FUNCTION:
-i2d_ESS_ISSUER_SERIAL                   4351	EXIST::FUNCTION:
-TS_ACCURACY_get_seconds                 4352	EXIST::FUNCTION:
-EVP_CIPHER_do_all                       4353	EXIST::FUNCTION:
-b2i_PrivateKey_bio                      4354	EXIST::FUNCTION:
-OCSP_CERTID_dup                         4355	EXIST::FUNCTION:
-X509_PUBKEY_get0_param                  4356	EXIST::FUNCTION:
-TS_MSG_IMPRINT_dup                      4357	EXIST::FUNCTION:
-PKCS7_print_ctx                         4358	EXIST::FUNCTION:
-i2d_TS_REQ_bio                          4359	EXIST::FUNCTION:
-EVP_whirlpool                           4360	EXIST:!VMSVAX:FUNCTION:WHIRLPOOL
-EVP_PKEY_asn1_set_param                 4361	EXIST::FUNCTION:
-EVP_PKEY_meth_set_encrypt               4362	EXIST::FUNCTION:
-ASN1_PCTX_set_flags                     4363	EXIST::FUNCTION:
-i2d_ESS_CERT_ID                         4364	EXIST::FUNCTION:
-TS_VERIFY_CTX_new                       4365	EXIST::FUNCTION:
-TS_RESP_CTX_set_extension_cb            4366	EXIST::FUNCTION:
-ENGINE_register_all_pkey_meths          4367	EXIST::FUNCTION:ENGINE
-TS_RESP_CTX_set_status_info_cond        4368	EXIST:!VMS:FUNCTION:
-TS_RESP_CTX_set_stat_info_cond          4368	EXIST:VMS:FUNCTION:
-EVP_PKEY_verify                         4369	EXIST::FUNCTION:
-WHIRLPOOL_Final                         4370	EXIST:!VMSVAX:FUNCTION:WHIRLPOOL
-X509_CRL_METHOD_new                     4371	EXIST::FUNCTION:
-EVP_DigestSignFinal                     4372	EXIST::FUNCTION:
-TS_RESP_CTX_set_def_policy              4373	EXIST::FUNCTION:
-NETSCAPE_X509_it                        4374	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-NETSCAPE_X509_it                        4374	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-TS_RESP_create_response                 4375	EXIST::FUNCTION:
-PKCS7_SIGNER_INFO_get0_algs             4376	EXIST::FUNCTION:
-TS_TST_INFO_get_nonce                   4377	EXIST::FUNCTION:
-EVP_PKEY_decrypt_old                    4378	EXIST::FUNCTION:
-TS_TST_INFO_set_policy_id               4379	EXIST::FUNCTION:
-TS_CONF_set_ess_cert_id_chain           4380	EXIST::FUNCTION:
-EVP_PKEY_CTX_get0_pkey                  4381	EXIST::FUNCTION:
-d2i_TS_REQ                              4382	EXIST::FUNCTION:
-EVP_PKEY_asn1_find_str                  4383	EXIST::FUNCTION:
-BIO_f_asn1                              4384	EXIST::FUNCTION:
-ESS_SIGNING_CERT_new                    4385	EXIST::FUNCTION:
-EVP_PBE_find                            4386	EXIST::FUNCTION:
-X509_CRL_get0_by_cert                   4387	EXIST::FUNCTION:
-EVP_PKEY_derive                         4388	EXIST::FUNCTION:
-i2d_TS_REQ                              4389	EXIST::FUNCTION:
-TS_TST_INFO_delete_ext                  4390	EXIST::FUNCTION:
-ESS_ISSUER_SERIAL_free                  4391	EXIST::FUNCTION:
-ASN1_PCTX_set_str_flags                 4392	EXIST::FUNCTION:
-ENGINE_get_pkey_asn1_meth_str           4393	EXIST::FUNCTION:ENGINE
-TS_CONF_set_signer_key                  4394	EXIST::FUNCTION:
-TS_ACCURACY_get_millis                  4395	EXIST::FUNCTION:
-TS_RESP_get_token                       4396	EXIST::FUNCTION:
-TS_ACCURACY_dup                         4397	EXIST::FUNCTION:
-ENGINE_register_all_pkey_asn1_meths     4398	EXIST:!VMS:FUNCTION:ENGINE
-ENGINE_reg_all_pkey_asn1_meths          4398	EXIST:VMS:FUNCTION:ENGINE
-X509_CRL_set_default_method             4399	EXIST::FUNCTION:
-CRYPTO_THREADID_hash                    4400	EXIST::FUNCTION:
-CMS_ContentInfo_print_ctx               4401	EXIST::FUNCTION:CMS
-TS_RESP_free                            4402	EXIST::FUNCTION:
-ISSUING_DIST_POINT_free                 4403	EXIST::FUNCTION:
-ESS_ISSUER_SERIAL_new                   4404	EXIST::FUNCTION:
-CMS_add1_crl                            4405	EXIST::FUNCTION:CMS
-PKCS7_add1_attrib_digest                4406	EXIST::FUNCTION:
-TS_RESP_CTX_add_md                      4407	EXIST::FUNCTION:
-TS_TST_INFO_dup                         4408	EXIST::FUNCTION:
-ENGINE_set_pkey_asn1_meths              4409	EXIST::FUNCTION:ENGINE
-PEM_write_bio_Parameters                4410	EXIST::FUNCTION:
-TS_TST_INFO_get_accuracy                4411	EXIST::FUNCTION:
-X509_CRL_get0_by_serial                 4412	EXIST::FUNCTION:
-TS_TST_INFO_set_version                 4413	EXIST::FUNCTION:
-TS_RESP_CTX_get_tst_info                4414	EXIST::FUNCTION:
-TS_RESP_verify_signature                4415	EXIST::FUNCTION:
-CRYPTO_THREADID_get_callback            4416	EXIST::FUNCTION:
-TS_TST_INFO_get_tsa                     4417	EXIST::FUNCTION:
-TS_STATUS_INFO_new                      4418	EXIST::FUNCTION:
-EVP_PKEY_CTX_get_cb                     4419	EXIST::FUNCTION:
-TS_REQ_get_ext_d2i                      4420	EXIST::FUNCTION:
-GENERAL_NAME_set0_othername             4421	EXIST::FUNCTION:
-TS_TST_INFO_get_ext_count               4422	EXIST::FUNCTION:
-TS_RESP_CTX_get_request                 4423	EXIST::FUNCTION:
-i2d_NETSCAPE_X509                       4424	EXIST::FUNCTION:
-ENGINE_get_pkey_meth_engine             4425	EXIST::FUNCTION:ENGINE
-EVP_PKEY_meth_set_signctx               4426	EXIST::FUNCTION:
-EVP_PKEY_asn1_copy                      4427	EXIST::FUNCTION:
-ASN1_TYPE_cmp                           4428	EXIST::FUNCTION:
-EVP_CIPHER_do_all_sorted                4429	EXIST::FUNCTION:
-EVP_PKEY_CTX_free                       4430	EXIST::FUNCTION:
-ISSUING_DIST_POINT_it                   4431	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ISSUING_DIST_POINT_it                   4431	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-d2i_TS_MSG_IMPRINT_fp                   4432	EXIST::FUNCTION:
-X509_STORE_get1_certs                   4433	EXIST::FUNCTION:
-EVP_PKEY_CTX_get_operation              4434	EXIST::FUNCTION:
-d2i_ESS_SIGNING_CERT                    4435	EXIST::FUNCTION:
-TS_CONF_set_ordering                    4436	EXIST::FUNCTION:
-EVP_PBE_alg_add_type                    4437	EXIST::FUNCTION:
-TS_REQ_set_version                      4438	EXIST::FUNCTION:
-EVP_PKEY_get0                           4439	EXIST::FUNCTION:
-BIO_asn1_set_suffix                     4440	EXIST::FUNCTION:
-i2d_TS_STATUS_INFO                      4441	EXIST::FUNCTION:
-EVP_MD_do_all                           4442	EXIST::FUNCTION:
-TS_TST_INFO_set_accuracy                4443	EXIST::FUNCTION:
-PKCS7_add_attrib_content_type           4444	EXIST::FUNCTION:
-ERR_remove_thread_state                 4445	EXIST::FUNCTION:
-EVP_PKEY_meth_add0                      4446	EXIST::FUNCTION:
-TS_TST_INFO_set_tsa                     4447	EXIST::FUNCTION:
-EVP_PKEY_meth_new                       4448	EXIST::FUNCTION:
-WHIRLPOOL_Update                        4449	EXIST:!VMSVAX:FUNCTION:WHIRLPOOL
-TS_CONF_set_accuracy                    4450	EXIST::FUNCTION:
-ASN1_PCTX_set_oid_flags                 4451	EXIST::FUNCTION:
-ESS_SIGNING_CERT_dup                    4452	EXIST::FUNCTION:
-d2i_TS_REQ_bio                          4453	EXIST::FUNCTION:
-X509_time_adj_ex                        4454	EXIST::FUNCTION:
-TS_RESP_CTX_add_flags                   4455	EXIST::FUNCTION:
-d2i_TS_STATUS_INFO                      4456	EXIST::FUNCTION:
-TS_MSG_IMPRINT_set_msg                  4457	EXIST::FUNCTION:
-BIO_asn1_get_suffix                     4458	EXIST::FUNCTION:
-TS_REQ_free                             4459	EXIST::FUNCTION:
-EVP_PKEY_meth_free                      4460	EXIST::FUNCTION:
-TS_REQ_get_exts                         4461	EXIST::FUNCTION:
-TS_RESP_CTX_set_clock_precision_digits  4462	EXIST:!VMS:FUNCTION:
-TS_RESP_CTX_set_clk_prec_digits         4462	EXIST:VMS:FUNCTION:
-TS_RESP_CTX_add_failure_info            4463	EXIST::FUNCTION:
-i2d_TS_RESP_bio                         4464	EXIST::FUNCTION:
-EVP_PKEY_CTX_get0_peerkey               4465	EXIST::FUNCTION:
-PEM_write_bio_CMS_stream                4466	EXIST::FUNCTION:CMS
-TS_REQ_new                              4467	EXIST::FUNCTION:
-TS_MSG_IMPRINT_new                      4468	EXIST::FUNCTION:
-EVP_PKEY_meth_find                      4469	EXIST::FUNCTION:
-EVP_PKEY_id                             4470	EXIST::FUNCTION:
-TS_TST_INFO_set_serial                  4471	EXIST::FUNCTION:
-a2i_GENERAL_NAME                        4472	EXIST::FUNCTION:
-TS_CONF_set_crypto_device               4473	EXIST::FUNCTION:
-EVP_PKEY_verify_init                    4474	EXIST::FUNCTION:
-TS_CONF_set_policies                    4475	EXIST::FUNCTION:
-ASN1_PCTX_new                           4476	EXIST::FUNCTION:
-ESS_CERT_ID_free                        4477	EXIST::FUNCTION:
-ENGINE_unregister_pkey_meths            4478	EXIST::FUNCTION:ENGINE
-TS_MSG_IMPRINT_free                     4479	EXIST::FUNCTION:
-TS_VERIFY_CTX_init                      4480	EXIST::FUNCTION:
-PKCS7_stream                            4481	EXIST::FUNCTION:
-TS_RESP_CTX_set_certs                   4482	EXIST::FUNCTION:
-TS_CONF_set_def_policy                  4483	EXIST::FUNCTION:
-ASN1_GENERALIZEDTIME_adj                4484	EXIST::FUNCTION:
-NETSCAPE_X509_new                       4485	EXIST::FUNCTION:
-TS_ACCURACY_free                        4486	EXIST::FUNCTION:
-TS_RESP_get_tst_info                    4487	EXIST::FUNCTION:
-EVP_PKEY_derive_set_peer                4488	EXIST::FUNCTION:
-PEM_read_bio_Parameters                 4489	EXIST::FUNCTION:
-TS_CONF_set_clock_precision_digits      4490	EXIST:!VMS:FUNCTION:
-TS_CONF_set_clk_prec_digits             4490	EXIST:VMS:FUNCTION:
-ESS_ISSUER_SERIAL_dup                   4491	EXIST::FUNCTION:
-TS_ACCURACY_get_micros                  4492	EXIST::FUNCTION:
-ASN1_PCTX_get_str_flags                 4493	EXIST::FUNCTION:
-NAME_CONSTRAINTS_check                  4494	EXIST::FUNCTION:
-ASN1_BIT_STRING_check                   4495	EXIST::FUNCTION:
-X509_check_akid                         4496	EXIST::FUNCTION:
-ENGINE_unregister_pkey_asn1_meths       4497	EXIST:!VMS:FUNCTION:ENGINE
-ENGINE_unreg_pkey_asn1_meths            4497	EXIST:VMS:FUNCTION:ENGINE
-ASN1_PCTX_free                          4498	EXIST::FUNCTION:
-PEM_write_bio_ASN1_stream               4499	EXIST::FUNCTION:
-i2d_ASN1_bio_stream                     4500	EXIST::FUNCTION:
-TS_X509_ALGOR_print_bio                 4501	EXIST::FUNCTION:
-EVP_PKEY_meth_set_cleanup               4502	EXIST::FUNCTION:
-EVP_PKEY_asn1_free                      4503	EXIST::FUNCTION:
-ESS_SIGNING_CERT_free                   4504	EXIST::FUNCTION:
-TS_TST_INFO_set_msg_imprint             4505	EXIST::FUNCTION:
-GENERAL_NAME_cmp                        4506	EXIST::FUNCTION:
-d2i_ASN1_SET_ANY                        4507	EXIST::FUNCTION:
-ENGINE_set_pkey_meths                   4508	EXIST::FUNCTION:ENGINE
-i2d_TS_REQ_fp                           4509	EXIST::FUNCTION:
-d2i_ASN1_SEQUENCE_ANY                   4510	EXIST::FUNCTION:
-GENERAL_NAME_get0_otherName             4511	EXIST::FUNCTION:
-d2i_ESS_CERT_ID                         4512	EXIST::FUNCTION:
-OBJ_find_sigid_algs                     4513	EXIST::FUNCTION:
-EVP_PKEY_meth_set_keygen                4514	EXIST::FUNCTION:
-PKCS5_PBKDF2_HMAC                       4515	EXIST::FUNCTION:
-EVP_PKEY_paramgen                       4516	EXIST::FUNCTION:
-EVP_PKEY_meth_set_paramgen              4517	EXIST::FUNCTION:
-BIO_new_PKCS7                           4518	EXIST::FUNCTION:
-EVP_PKEY_verify_recover                 4519	EXIST::FUNCTION:
-TS_ext_print_bio                        4520	EXIST::FUNCTION:
-TS_ASN1_INTEGER_print_bio               4521	EXIST::FUNCTION:
-check_defer                             4522	EXIST::FUNCTION:
-DSO_pathbyaddr                          4523	EXIST::FUNCTION:
-EVP_PKEY_set_type                       4524	EXIST::FUNCTION:
-TS_ACCURACY_set_micros                  4525	EXIST::FUNCTION:
-TS_REQ_to_TS_VERIFY_CTX                 4526	EXIST::FUNCTION:
-EVP_PKEY_meth_set_copy                  4527	EXIST::FUNCTION:
-ASN1_PCTX_set_cert_flags                4528	EXIST::FUNCTION:
-TS_TST_INFO_get_ext                     4529	EXIST::FUNCTION:
-EVP_PKEY_asn1_set_ctrl                  4530	EXIST::FUNCTION:
-TS_TST_INFO_get_ext_by_critical         4531	EXIST::FUNCTION:
-EVP_PKEY_CTX_new_id                     4532	EXIST::FUNCTION:
-TS_REQ_get_ext_by_OBJ                   4533	EXIST::FUNCTION:
-TS_CONF_set_signer_cert                 4534	EXIST::FUNCTION:
-X509_NAME_hash_old                      4535	EXIST::FUNCTION:
-ASN1_TIME_set_string                    4536	EXIST::FUNCTION:
-EVP_MD_flags                            4537	EXIST::FUNCTION:
-TS_RESP_CTX_free                        4538	EXIST::FUNCTION:
-DSAparams_dup                           4539	EXIST::FUNCTION:DSA
-DHparams_dup                            4540	EXIST::FUNCTION:DH
-OCSP_REQ_CTX_add1_header                4541	EXIST::FUNCTION:
-OCSP_REQ_CTX_set1_req                   4542	EXIST::FUNCTION:
-X509_STORE_set_verify_cb                4543	EXIST::FUNCTION:
-X509_STORE_CTX_get0_current_crl         4544	EXIST::FUNCTION:
-X509_STORE_CTX_get0_parent_ctx          4545	EXIST::FUNCTION:
-X509_STORE_CTX_get0_current_issuer      4546	EXIST:!VMS:FUNCTION:
-X509_STORE_CTX_get0_cur_issuer          4546	EXIST:VMS:FUNCTION:
-X509_issuer_name_hash_old               4547	EXIST::FUNCTION:MD5
-X509_subject_name_hash_old              4548	EXIST::FUNCTION:MD5
-EVP_CIPHER_CTX_copy                     4549	EXIST::FUNCTION:
-UI_method_get_prompt_constructor        4550	EXIST:!VMS:FUNCTION:
-UI_method_get_prompt_constructr         4550	EXIST:VMS:FUNCTION:
-UI_method_set_prompt_constructor        4551	EXIST:!VMS:FUNCTION:
-UI_method_set_prompt_constructr         4551	EXIST:VMS:FUNCTION:
-EVP_read_pw_string_min                  4552	EXIST::FUNCTION:
-CRYPTO_cts128_encrypt                   4553	EXIST::FUNCTION:
-CRYPTO_cts128_decrypt_block             4554	EXIST::FUNCTION:
-CRYPTO_cfb128_1_encrypt                 4555	EXIST::FUNCTION:
-CRYPTO_cbc128_encrypt                   4556	EXIST::FUNCTION:
-CRYPTO_ctr128_encrypt                   4557	EXIST::FUNCTION:
-CRYPTO_ofb128_encrypt                   4558	EXIST::FUNCTION:
-CRYPTO_cts128_decrypt                   4559	EXIST::FUNCTION:
-CRYPTO_cts128_encrypt_block             4560	EXIST::FUNCTION:
-CRYPTO_cbc128_decrypt                   4561	EXIST::FUNCTION:
-CRYPTO_cfb128_encrypt                   4562	EXIST::FUNCTION:
-CRYPTO_cfb128_8_encrypt                 4563	EXIST::FUNCTION:
-OPENSSL_strcasecmp                      4564	EXIST::FUNCTION:
-OPENSSL_memcmp                          4565	EXIST::FUNCTION:
-OPENSSL_strncasecmp                     4566	EXIST::FUNCTION:
-OPENSSL_gmtime                          4567	EXIST::FUNCTION:
-OPENSSL_gmtime_adj                      4568	EXIST::FUNCTION:
-SRP_VBASE_get_by_user                   4569	EXIST::FUNCTION:SRP
-SRP_Calc_server_key                     4570	EXIST::FUNCTION:SRP
-SRP_create_verifier                     4571	EXIST::FUNCTION:SRP
-SRP_create_verifier_BN                  4572	EXIST::FUNCTION:SRP
-SRP_Calc_u                              4573	EXIST::FUNCTION:SRP
-SRP_VBASE_free                          4574	EXIST::FUNCTION:SRP
-SRP_Calc_client_key                     4575	EXIST::FUNCTION:SRP
-SRP_get_default_gN                      4576	EXIST::FUNCTION:SRP
-SRP_Calc_x                              4577	EXIST::FUNCTION:SRP
-SRP_Calc_B                              4578	EXIST::FUNCTION:SRP
-SRP_VBASE_new                           4579	EXIST::FUNCTION:SRP
-SRP_check_known_gN_param                4580	EXIST::FUNCTION:SRP
-SRP_Calc_A                              4581	EXIST::FUNCTION:SRP
-SRP_Verify_A_mod_N                      4582	EXIST::FUNCTION:SRP
-SRP_VBASE_init                          4583	EXIST::FUNCTION:SRP
-SRP_Verify_B_mod_N                      4584	EXIST::FUNCTION:SRP
-EC_KEY_set_public_key_affine_coordinates 4585	EXIST:!VMS:FUNCTION:EC
-EC_KEY_set_pub_key_aff_coords           4585	EXIST:VMS:FUNCTION:EC
-EVP_aes_192_ctr                         4586	EXIST::FUNCTION:AES
-EVP_PKEY_meth_get0_info                 4587	EXIST::FUNCTION:
-EVP_PKEY_meth_copy                      4588	EXIST::FUNCTION:
-ERR_add_error_vdata                     4589	EXIST::FUNCTION:
-EVP_aes_128_ctr                         4590	EXIST::FUNCTION:AES
-EVP_aes_256_ctr                         4591	EXIST::FUNCTION:AES
-EC_GFp_nistp224_method                  4592	EXIST::FUNCTION:EC,EC_NISTP_64_GCC_128
-EC_KEY_get_flags                        4593	EXIST::FUNCTION:EC
-RSA_padding_add_PKCS1_PSS_mgf1          4594	EXIST::FUNCTION:RSA
-EVP_aes_128_xts                         4595	EXIST::FUNCTION:AES
-private_SHA224_Init                     4596	EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
-private_AES_set_decrypt_key             4597	EXIST::FUNCTION:AES
-private_WHIRLPOOL_Init                  4598	EXIST:OPENSSL_FIPS:FUNCTION:WHIRLPOOL
-EVP_aes_256_xts                         4599	EXIST::FUNCTION:AES
-private_SHA512_Init                     4600	EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
-EVP_aes_128_gcm                         4601	EXIST::FUNCTION:AES
-EC_KEY_clear_flags                      4602	EXIST::FUNCTION:EC
-EC_KEY_set_flags                        4603	EXIST::FUNCTION:EC
-private_DES_set_key_unchecked           4604	EXIST:OPENSSL_FIPS:FUNCTION:DES
-EVP_aes_256_ccm                         4605	EXIST::FUNCTION:AES
-private_AES_set_encrypt_key             4606	EXIST::FUNCTION:AES
-RSA_verify_PKCS1_PSS_mgf1               4607	EXIST::FUNCTION:RSA
-private_SHA1_Init                       4608	EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA1
-EVP_aes_128_ccm                         4609	EXIST::FUNCTION:AES
-private_SEED_set_key                    4610	EXIST:OPENSSL_FIPS:FUNCTION:SEED
-EVP_aes_192_gcm                         4611	EXIST::FUNCTION:AES
-X509_ALGOR_set_md                       4612	EXIST::FUNCTION:
-private_SHA256_Init                     4613	EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
-RAND_init_fips                          4614	EXIST:OPENSSL_FIPS:FUNCTION:
-EVP_aes_256_gcm                         4615	EXIST::FUNCTION:AES
-private_SHA384_Init                     4616	EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
-EVP_aes_192_ccm                         4617	EXIST::FUNCTION:AES
-CMAC_CTX_copy                           4618	EXIST::FUNCTION:
-CMAC_CTX_free                           4619	EXIST::FUNCTION:
-CMAC_CTX_get0_cipher_ctx                4620	EXIST::FUNCTION:
-CMAC_CTX_cleanup                        4621	EXIST::FUNCTION:
-CMAC_Init                               4622	EXIST::FUNCTION:
-CMAC_Update                             4623	EXIST::FUNCTION:
-CMAC_resume                             4624	EXIST::FUNCTION:
-CMAC_CTX_new                            4625	EXIST::FUNCTION:
-CMAC_Final                              4626	EXIST::FUNCTION:
-CRYPTO_ctr128_encrypt_ctr32             4627	EXIST::FUNCTION:
-CRYPTO_gcm128_release                   4628	EXIST::FUNCTION:
-CRYPTO_ccm128_decrypt_ccm64             4629	EXIST::FUNCTION:
-CRYPTO_ccm128_encrypt                   4630	EXIST::FUNCTION:
-CRYPTO_gcm128_encrypt                   4631	EXIST::FUNCTION:
-CRYPTO_xts128_encrypt                   4632	EXIST::FUNCTION:
-EVP_rc4_hmac_md5                        4633	EXIST::FUNCTION:MD5,RC4
-CRYPTO_nistcts128_decrypt_block         4634	EXIST::FUNCTION:
-CRYPTO_gcm128_setiv                     4635	EXIST::FUNCTION:
-CRYPTO_nistcts128_encrypt               4636	EXIST::FUNCTION:
-EVP_aes_128_cbc_hmac_sha1               4637	EXIST::FUNCTION:AES,SHA,SHA1
-CRYPTO_gcm128_tag                       4638	EXIST::FUNCTION:
-CRYPTO_ccm128_encrypt_ccm64             4639	EXIST::FUNCTION:
-ENGINE_load_rdrand                      4640	EXIST::FUNCTION:ENGINE
-CRYPTO_ccm128_setiv                     4641	EXIST::FUNCTION:
-CRYPTO_nistcts128_encrypt_block         4642	EXIST::FUNCTION:
-CRYPTO_gcm128_aad                       4643	EXIST::FUNCTION:
-CRYPTO_ccm128_init                      4644	EXIST::FUNCTION:
-CRYPTO_nistcts128_decrypt               4645	EXIST::FUNCTION:
-CRYPTO_gcm128_new                       4646	EXIST::FUNCTION:
-CRYPTO_ccm128_tag                       4647	EXIST::FUNCTION:
-CRYPTO_ccm128_decrypt                   4648	EXIST::FUNCTION:
-CRYPTO_ccm128_aad                       4649	EXIST::FUNCTION:
-CRYPTO_gcm128_init                      4650	EXIST::FUNCTION:
-CRYPTO_gcm128_decrypt                   4651	EXIST::FUNCTION:
-ENGINE_load_rsax                        4652	EXIST::FUNCTION:ENGINE
-CRYPTO_gcm128_decrypt_ctr32             4653	EXIST::FUNCTION:
-CRYPTO_gcm128_encrypt_ctr32             4654	EXIST::FUNCTION:
-CRYPTO_gcm128_finish                    4655	EXIST::FUNCTION:
-EVP_aes_256_cbc_hmac_sha1               4656	EXIST::FUNCTION:AES,SHA,SHA1
-PKCS5_pbkdf2_set                        4657	EXIST::FUNCTION:
-CMS_add0_recipient_password             4658	EXIST::FUNCTION:CMS
-CMS_decrypt_set1_password               4659	EXIST::FUNCTION:CMS
-CMS_RecipientInfo_set0_password         4660	EXIST::FUNCTION:CMS
-RAND_set_fips_drbg_type                 4661	EXIST:OPENSSL_FIPS:FUNCTION:
-X509_REQ_sign_ctx                       4662	EXIST::FUNCTION:EVP
-RSA_PSS_PARAMS_new                      4663	EXIST::FUNCTION:RSA
-X509_CRL_sign_ctx                       4664	EXIST::FUNCTION:EVP
-X509_signature_dump                     4665	EXIST::FUNCTION:EVP
-d2i_RSA_PSS_PARAMS                      4666	EXIST::FUNCTION:RSA
-RSA_PSS_PARAMS_it                       4667	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
-RSA_PSS_PARAMS_it                       4667	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
-RSA_PSS_PARAMS_free                     4668	EXIST::FUNCTION:RSA
-X509_sign_ctx                           4669	EXIST::FUNCTION:EVP
-i2d_RSA_PSS_PARAMS                      4670	EXIST::FUNCTION:RSA
-ASN1_item_sign_ctx                      4671	EXIST::FUNCTION:EVP
-EC_GFp_nistp521_method                  4672	EXIST::FUNCTION:EC,EC_NISTP_64_GCC_128
-EC_GFp_nistp256_method                  4673	EXIST::FUNCTION:EC,EC_NISTP_64_GCC_128
-OPENSSL_stderr                          4674	EXIST::FUNCTION:
-OPENSSL_cpuid_setup                     4675	EXIST::FUNCTION:
-OPENSSL_showfatal                       4676	EXIST::FUNCTION:
-BIO_new_dgram_sctp                      4677	EXIST::FUNCTION:SCTP
-BIO_dgram_sctp_msg_waiting              4678	EXIST::FUNCTION:SCTP
-BIO_dgram_sctp_wait_for_dry             4679	EXIST::FUNCTION:SCTP
-BIO_s_datagram_sctp                     4680	EXIST::FUNCTION:DGRAM,SCTP
-BIO_dgram_is_sctp                       4681	EXIST::FUNCTION:SCTP
-BIO_dgram_sctp_notification_cb          4682	EXIST::FUNCTION:SCTP

Copied: vendor-crypto/openssl/1.0.1u/util/libeay.num (from rev 11605, vendor-crypto/openssl/dist/util/libeay.num)
===================================================================
--- vendor-crypto/openssl/1.0.1u/util/libeay.num	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/util/libeay.num	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,4318 @@
+SSLeay                                  1	EXIST::FUNCTION:
+SSLeay_version                          2	EXIST::FUNCTION:
+ASN1_BIT_STRING_asn1_meth               3	NOEXIST::FUNCTION:
+ASN1_HEADER_free                        4	NOEXIST::FUNCTION:
+ASN1_HEADER_new                         5	NOEXIST::FUNCTION:
+ASN1_IA5STRING_asn1_meth                6	NOEXIST::FUNCTION:
+ASN1_INTEGER_get                        7	EXIST::FUNCTION:
+ASN1_INTEGER_set                        8	EXIST::FUNCTION:
+ASN1_INTEGER_to_BN                      9	EXIST::FUNCTION:
+ASN1_OBJECT_create                      10	EXIST::FUNCTION:
+ASN1_OBJECT_free                        11	EXIST::FUNCTION:
+ASN1_OBJECT_new                         12	EXIST::FUNCTION:
+ASN1_PRINTABLE_type                     13	EXIST::FUNCTION:
+ASN1_STRING_cmp                         14	EXIST::FUNCTION:
+ASN1_STRING_dup                         15	EXIST::FUNCTION:
+ASN1_STRING_free                        16	EXIST::FUNCTION:
+ASN1_STRING_new                         17	EXIST::FUNCTION:
+ASN1_STRING_print                       18	EXIST::FUNCTION:BIO
+ASN1_STRING_set                         19	EXIST::FUNCTION:
+ASN1_STRING_type_new                    20	EXIST::FUNCTION:
+ASN1_TYPE_free                          21	EXIST::FUNCTION:
+ASN1_TYPE_new                           22	EXIST::FUNCTION:
+ASN1_UNIVERSALSTRING_to_string          23	EXIST::FUNCTION:
+ASN1_UTCTIME_check                      24	EXIST::FUNCTION:
+ASN1_UTCTIME_print                      25	EXIST::FUNCTION:BIO
+ASN1_UTCTIME_set                        26	EXIST::FUNCTION:
+ASN1_check_infinite_end                 27	EXIST::FUNCTION:
+ASN1_d2i_bio                            28	EXIST::FUNCTION:BIO
+ASN1_d2i_fp                             29	EXIST::FUNCTION:FP_API
+ASN1_digest                             30	EXIST::FUNCTION:EVP
+ASN1_dup                                31	EXIST::FUNCTION:
+ASN1_get_object                         32	EXIST::FUNCTION:
+ASN1_i2d_bio                            33	EXIST::FUNCTION:BIO
+ASN1_i2d_fp                             34	EXIST::FUNCTION:FP_API
+ASN1_object_size                        35	EXIST::FUNCTION:
+ASN1_parse                              36	EXIST::FUNCTION:BIO
+ASN1_put_object                         37	EXIST::FUNCTION:
+ASN1_sign                               38	EXIST::FUNCTION:EVP
+ASN1_verify                             39	EXIST::FUNCTION:EVP
+BF_cbc_encrypt                          40	EXIST::FUNCTION:BF
+BF_cfb64_encrypt                        41	EXIST::FUNCTION:BF
+BF_ecb_encrypt                          42	EXIST::FUNCTION:BF
+BF_encrypt                              43	EXIST::FUNCTION:BF
+BF_ofb64_encrypt                        44	EXIST::FUNCTION:BF
+BF_options                              45	EXIST::FUNCTION:BF
+BF_set_key                              46	EXIST::FUNCTION:BF
+BIO_CONNECT_free                        47	NOEXIST::FUNCTION:
+BIO_CONNECT_new                         48	NOEXIST::FUNCTION:
+BIO_accept                              51	EXIST::FUNCTION:
+BIO_ctrl                                52	EXIST::FUNCTION:
+BIO_int_ctrl                            53	EXIST::FUNCTION:
+BIO_debug_callback                      54	EXIST::FUNCTION:
+BIO_dump                                55	EXIST::FUNCTION:
+BIO_dup_chain                           56	EXIST::FUNCTION:
+BIO_f_base64                            57	EXIST::FUNCTION:BIO
+BIO_f_buffer                            58	EXIST::FUNCTION:
+BIO_f_cipher                            59	EXIST::FUNCTION:BIO
+BIO_f_md                                60	EXIST::FUNCTION:BIO
+BIO_f_null                              61	EXIST::FUNCTION:
+BIO_f_proxy_server                      62	NOEXIST::FUNCTION:
+BIO_fd_non_fatal_error                  63	EXIST::FUNCTION:
+BIO_fd_should_retry                     64	EXIST::FUNCTION:
+BIO_find_type                           65	EXIST::FUNCTION:
+BIO_free                                66	EXIST::FUNCTION:
+BIO_free_all                            67	EXIST::FUNCTION:
+BIO_get_accept_socket                   69	EXIST::FUNCTION:
+BIO_get_filter_bio                      70	NOEXIST::FUNCTION:
+BIO_get_host_ip                         71	EXIST::FUNCTION:
+BIO_get_port                            72	EXIST::FUNCTION:
+BIO_get_retry_BIO                       73	EXIST::FUNCTION:
+BIO_get_retry_reason                    74	EXIST::FUNCTION:
+BIO_gethostbyname                       75	EXIST::FUNCTION:
+BIO_gets                                76	EXIST::FUNCTION:
+BIO_new                                 78	EXIST::FUNCTION:
+BIO_new_accept                          79	EXIST::FUNCTION:
+BIO_new_connect                         80	EXIST::FUNCTION:
+BIO_new_fd                              81	EXIST::FUNCTION:
+BIO_new_file                            82	EXIST::FUNCTION:FP_API
+BIO_new_fp                              83	EXIST::FUNCTION:FP_API
+BIO_new_socket                          84	EXIST::FUNCTION:
+BIO_pop                                 85	EXIST::FUNCTION:
+BIO_printf                              86	EXIST::FUNCTION:
+BIO_push                                87	EXIST::FUNCTION:
+BIO_puts                                88	EXIST::FUNCTION:
+BIO_read                                89	EXIST::FUNCTION:
+BIO_s_accept                            90	EXIST::FUNCTION:
+BIO_s_connect                           91	EXIST::FUNCTION:
+BIO_s_fd                                92	EXIST::FUNCTION:
+BIO_s_file                              93	EXIST::FUNCTION:FP_API
+BIO_s_mem                               95	EXIST::FUNCTION:
+BIO_s_null                              96	EXIST::FUNCTION:
+BIO_s_proxy_client                      97	NOEXIST::FUNCTION:
+BIO_s_socket                            98	EXIST::FUNCTION:
+BIO_set                                 100	EXIST::FUNCTION:
+BIO_set_cipher                          101	EXIST::FUNCTION:BIO
+BIO_set_tcp_ndelay                      102	EXIST::FUNCTION:
+BIO_sock_cleanup                        103	EXIST::FUNCTION:
+BIO_sock_error                          104	EXIST::FUNCTION:
+BIO_sock_init                           105	EXIST::FUNCTION:
+BIO_sock_non_fatal_error                106	EXIST::FUNCTION:
+BIO_sock_should_retry                   107	EXIST::FUNCTION:
+BIO_socket_ioctl                        108	EXIST::FUNCTION:
+BIO_write                               109	EXIST::FUNCTION:
+BN_CTX_free                             110	EXIST::FUNCTION:
+BN_CTX_new                              111	EXIST::FUNCTION:
+BN_MONT_CTX_free                        112	EXIST::FUNCTION:
+BN_MONT_CTX_new                         113	EXIST::FUNCTION:
+BN_MONT_CTX_set                         114	EXIST::FUNCTION:
+BN_add                                  115	EXIST::FUNCTION:
+BN_add_word                             116	EXIST::FUNCTION:
+BN_hex2bn                               117	EXIST::FUNCTION:
+BN_bin2bn                               118	EXIST::FUNCTION:
+BN_bn2hex                               119	EXIST::FUNCTION:
+BN_bn2bin                               120	EXIST::FUNCTION:
+BN_clear                                121	EXIST::FUNCTION:
+BN_clear_bit                            122	EXIST::FUNCTION:
+BN_clear_free                           123	EXIST::FUNCTION:
+BN_cmp                                  124	EXIST::FUNCTION:
+BN_copy                                 125	EXIST::FUNCTION:
+BN_div                                  126	EXIST::FUNCTION:
+BN_div_word                             127	EXIST::FUNCTION:
+BN_dup                                  128	EXIST::FUNCTION:
+BN_free                                 129	EXIST::FUNCTION:
+BN_from_montgomery                      130	EXIST::FUNCTION:
+BN_gcd                                  131	EXIST::FUNCTION:
+BN_generate_prime                       132	EXIST::FUNCTION:DEPRECATED
+BN_get_word                             133	EXIST::FUNCTION:
+BN_is_bit_set                           134	EXIST::FUNCTION:
+BN_is_prime                             135	EXIST::FUNCTION:DEPRECATED
+BN_lshift                               136	EXIST::FUNCTION:
+BN_lshift1                              137	EXIST::FUNCTION:
+BN_mask_bits                            138	EXIST::FUNCTION:
+BN_mod                                  139	NOEXIST::FUNCTION:
+BN_mod_exp                              140	EXIST::FUNCTION:
+BN_mod_exp_mont                         141	EXIST::FUNCTION:
+BN_mod_exp_simple                       143	EXIST::FUNCTION:
+BN_mod_inverse                          144	EXIST::FUNCTION:
+BN_mod_mul                              145	EXIST::FUNCTION:
+BN_mod_mul_montgomery                   146	EXIST::FUNCTION:
+BN_mod_word                             148	EXIST::FUNCTION:
+BN_mul                                  149	EXIST::FUNCTION:
+BN_new                                  150	EXIST::FUNCTION:
+BN_num_bits                             151	EXIST::FUNCTION:
+BN_num_bits_word                        152	EXIST::FUNCTION:
+BN_options                              153	EXIST::FUNCTION:
+BN_print                                154	EXIST::FUNCTION:
+BN_print_fp                             155	EXIST::FUNCTION:FP_API
+BN_rand                                 156	EXIST::FUNCTION:
+BN_reciprocal                           157	EXIST::FUNCTION:
+BN_rshift                               158	EXIST::FUNCTION:
+BN_rshift1                              159	EXIST::FUNCTION:
+BN_set_bit                              160	EXIST::FUNCTION:
+BN_set_word                             161	EXIST::FUNCTION:
+BN_sqr                                  162	EXIST::FUNCTION:
+BN_sub                                  163	EXIST::FUNCTION:
+BN_to_ASN1_INTEGER                      164	EXIST::FUNCTION:
+BN_ucmp                                 165	EXIST::FUNCTION:
+BN_value_one                            166	EXIST::FUNCTION:
+BUF_MEM_free                            167	EXIST::FUNCTION:
+BUF_MEM_grow                            168	EXIST::FUNCTION:
+BUF_MEM_new                             169	EXIST::FUNCTION:
+BUF_strdup                              170	EXIST::FUNCTION:
+CONF_free                               171	EXIST::FUNCTION:
+CONF_get_number                         172	EXIST::FUNCTION:
+CONF_get_section                        173	EXIST::FUNCTION:
+CONF_get_string                         174	EXIST::FUNCTION:
+CONF_load                               175	EXIST::FUNCTION:
+CRYPTO_add_lock                         176	EXIST::FUNCTION:
+CRYPTO_dbg_free                         177	EXIST::FUNCTION:
+CRYPTO_dbg_malloc                       178	EXIST::FUNCTION:
+CRYPTO_dbg_realloc                      179	EXIST::FUNCTION:
+CRYPTO_dbg_remalloc                     180	NOEXIST::FUNCTION:
+CRYPTO_free                             181	EXIST::FUNCTION:
+CRYPTO_get_add_lock_callback            182	EXIST::FUNCTION:
+CRYPTO_get_id_callback                  183	EXIST::FUNCTION:DEPRECATED
+CRYPTO_get_lock_name                    184	EXIST::FUNCTION:
+CRYPTO_get_locking_callback             185	EXIST::FUNCTION:
+CRYPTO_get_mem_functions                186	EXIST::FUNCTION:
+CRYPTO_lock                             187	EXIST::FUNCTION:
+CRYPTO_malloc                           188	EXIST::FUNCTION:
+CRYPTO_mem_ctrl                         189	EXIST::FUNCTION:
+CRYPTO_mem_leaks                        190	EXIST::FUNCTION:
+CRYPTO_mem_leaks_cb                     191	EXIST::FUNCTION:
+CRYPTO_mem_leaks_fp                     192	EXIST::FUNCTION:FP_API
+CRYPTO_realloc                          193	EXIST::FUNCTION:
+CRYPTO_remalloc                         194	EXIST::FUNCTION:
+CRYPTO_set_add_lock_callback            195	EXIST::FUNCTION:
+CRYPTO_set_id_callback                  196	EXIST::FUNCTION:DEPRECATED
+CRYPTO_set_locking_callback             197	EXIST::FUNCTION:
+CRYPTO_set_mem_functions                198	EXIST::FUNCTION:
+CRYPTO_thread_id                        199	EXIST::FUNCTION:DEPRECATED
+DH_check                                200	EXIST::FUNCTION:DH
+DH_compute_key                          201	EXIST::FUNCTION:DH
+DH_free                                 202	EXIST::FUNCTION:DH
+DH_generate_key                         203	EXIST::FUNCTION:DH
+DH_generate_parameters                  204	EXIST::FUNCTION:DEPRECATED,DH
+DH_new                                  205	EXIST::FUNCTION:DH
+DH_size                                 206	EXIST::FUNCTION:DH
+DHparams_print                          207	EXIST::FUNCTION:BIO,DH
+DHparams_print_fp                       208	EXIST::FUNCTION:DH,FP_API
+DSA_free                                209	EXIST::FUNCTION:DSA
+DSA_generate_key                        210	EXIST::FUNCTION:DSA
+DSA_generate_parameters                 211	EXIST::FUNCTION:DEPRECATED,DSA
+DSA_is_prime                            212	NOEXIST::FUNCTION:
+DSA_new                                 213	EXIST::FUNCTION:DSA
+DSA_print                               214	EXIST::FUNCTION:BIO,DSA
+DSA_print_fp                            215	EXIST::FUNCTION:DSA,FP_API
+DSA_sign                                216	EXIST::FUNCTION:DSA
+DSA_sign_setup                          217	EXIST::FUNCTION:DSA
+DSA_size                                218	EXIST::FUNCTION:DSA
+DSA_verify                              219	EXIST::FUNCTION:DSA
+DSAparams_print                         220	EXIST::FUNCTION:BIO,DSA
+DSAparams_print_fp                      221	EXIST::FUNCTION:DSA,FP_API
+ERR_clear_error                         222	EXIST::FUNCTION:
+ERR_error_string                        223	EXIST::FUNCTION:
+ERR_free_strings                        224	EXIST::FUNCTION:
+ERR_func_error_string                   225	EXIST::FUNCTION:
+ERR_get_err_state_table                 226	EXIST::FUNCTION:LHASH
+ERR_get_error                           227	EXIST::FUNCTION:
+ERR_get_error_line                      228	EXIST::FUNCTION:
+ERR_get_state                           229	EXIST::FUNCTION:
+ERR_get_string_table                    230	EXIST::FUNCTION:LHASH
+ERR_lib_error_string                    231	EXIST::FUNCTION:
+ERR_load_ASN1_strings                   232	EXIST::FUNCTION:
+ERR_load_BIO_strings                    233	EXIST::FUNCTION:
+ERR_load_BN_strings                     234	EXIST::FUNCTION:
+ERR_load_BUF_strings                    235	EXIST::FUNCTION:
+ERR_load_CONF_strings                   236	EXIST::FUNCTION:
+ERR_load_DH_strings                     237	EXIST::FUNCTION:DH
+ERR_load_DSA_strings                    238	EXIST::FUNCTION:DSA
+ERR_load_ERR_strings                    239	EXIST::FUNCTION:
+ERR_load_EVP_strings                    240	EXIST::FUNCTION:
+ERR_load_OBJ_strings                    241	EXIST::FUNCTION:
+ERR_load_PEM_strings                    242	EXIST::FUNCTION:
+ERR_load_PROXY_strings                  243	NOEXIST::FUNCTION:
+ERR_load_RSA_strings                    244	EXIST::FUNCTION:RSA
+ERR_load_X509_strings                   245	EXIST::FUNCTION:
+ERR_load_crypto_strings                 246	EXIST::FUNCTION:
+ERR_load_strings                        247	EXIST::FUNCTION:
+ERR_peek_error                          248	EXIST::FUNCTION:
+ERR_peek_error_line                     249	EXIST::FUNCTION:
+ERR_print_errors                        250	EXIST::FUNCTION:BIO
+ERR_print_errors_fp                     251	EXIST::FUNCTION:FP_API
+ERR_put_error                           252	EXIST::FUNCTION:
+ERR_reason_error_string                 253	EXIST::FUNCTION:
+ERR_remove_state                        254	EXIST::FUNCTION:DEPRECATED
+EVP_BytesToKey                          255	EXIST::FUNCTION:
+EVP_CIPHER_CTX_cleanup                  256	EXIST::FUNCTION:
+EVP_CipherFinal                         257	EXIST::FUNCTION:
+EVP_CipherInit                          258	EXIST::FUNCTION:
+EVP_CipherUpdate                        259	EXIST::FUNCTION:
+EVP_DecodeBlock                         260	EXIST::FUNCTION:
+EVP_DecodeFinal                         261	EXIST::FUNCTION:
+EVP_DecodeInit                          262	EXIST::FUNCTION:
+EVP_DecodeUpdate                        263	EXIST::FUNCTION:
+EVP_DecryptFinal                        264	EXIST::FUNCTION:
+EVP_DecryptInit                         265	EXIST::FUNCTION:
+EVP_DecryptUpdate                       266	EXIST::FUNCTION:
+EVP_DigestFinal                         267	EXIST::FUNCTION:
+EVP_DigestInit                          268	EXIST::FUNCTION:
+EVP_DigestUpdate                        269	EXIST::FUNCTION:
+EVP_EncodeBlock                         270	EXIST::FUNCTION:
+EVP_EncodeFinal                         271	EXIST::FUNCTION:
+EVP_EncodeInit                          272	EXIST::FUNCTION:
+EVP_EncodeUpdate                        273	EXIST::FUNCTION:
+EVP_EncryptFinal                        274	EXIST::FUNCTION:
+EVP_EncryptInit                         275	EXIST::FUNCTION:
+EVP_EncryptUpdate                       276	EXIST::FUNCTION:
+EVP_OpenFinal                           277	EXIST::FUNCTION:RSA
+EVP_OpenInit                            278	EXIST::FUNCTION:RSA
+EVP_PKEY_assign                         279	EXIST::FUNCTION:
+EVP_PKEY_copy_parameters                280	EXIST::FUNCTION:
+EVP_PKEY_free                           281	EXIST::FUNCTION:
+EVP_PKEY_missing_parameters             282	EXIST::FUNCTION:
+EVP_PKEY_new                            283	EXIST::FUNCTION:
+EVP_PKEY_save_parameters                284	EXIST::FUNCTION:
+EVP_PKEY_size                           285	EXIST::FUNCTION:
+EVP_PKEY_type                           286	EXIST::FUNCTION:
+EVP_SealFinal                           287	EXIST::FUNCTION:RSA
+EVP_SealInit                            288	EXIST::FUNCTION:RSA
+EVP_SignFinal                           289	EXIST::FUNCTION:
+EVP_VerifyFinal                         290	EXIST::FUNCTION:
+EVP_add_alias                           291	NOEXIST::FUNCTION:
+EVP_add_cipher                          292	EXIST::FUNCTION:
+EVP_add_digest                          293	EXIST::FUNCTION:
+EVP_bf_cbc                              294	EXIST::FUNCTION:BF
+EVP_bf_cfb64                            295	EXIST::FUNCTION:BF
+EVP_bf_ecb                              296	EXIST::FUNCTION:BF
+EVP_bf_ofb                              297	EXIST::FUNCTION:BF
+EVP_cleanup                             298	EXIST::FUNCTION:
+EVP_des_cbc                             299	EXIST::FUNCTION:DES
+EVP_des_cfb64                           300	EXIST::FUNCTION:DES
+EVP_des_ecb                             301	EXIST::FUNCTION:DES
+EVP_des_ede                             302	EXIST::FUNCTION:DES
+EVP_des_ede3                            303	EXIST::FUNCTION:DES
+EVP_des_ede3_cbc                        304	EXIST::FUNCTION:DES
+EVP_des_ede3_cfb64                      305	EXIST::FUNCTION:DES
+EVP_des_ede3_ofb                        306	EXIST::FUNCTION:DES
+EVP_des_ede_cbc                         307	EXIST::FUNCTION:DES
+EVP_des_ede_cfb64                       308	EXIST::FUNCTION:DES
+EVP_des_ede_ofb                         309	EXIST::FUNCTION:DES
+EVP_des_ofb                             310	EXIST::FUNCTION:DES
+EVP_desx_cbc                            311	EXIST::FUNCTION:DES
+EVP_dss                                 312	EXIST::FUNCTION:DSA,SHA
+EVP_dss1                                313	EXIST::FUNCTION:DSA,SHA
+EVP_enc_null                            314	EXIST::FUNCTION:
+EVP_get_cipherbyname                    315	EXIST::FUNCTION:
+EVP_get_digestbyname                    316	EXIST::FUNCTION:
+EVP_get_pw_prompt                       317	EXIST::FUNCTION:
+EVP_idea_cbc                            318	EXIST::FUNCTION:IDEA
+EVP_idea_cfb64                          319	EXIST::FUNCTION:IDEA
+EVP_idea_ecb                            320	EXIST::FUNCTION:IDEA
+EVP_idea_ofb                            321	EXIST::FUNCTION:IDEA
+EVP_md2                                 322	EXIST::FUNCTION:MD2
+EVP_md5                                 323	EXIST::FUNCTION:MD5
+EVP_md_null                             324	EXIST::FUNCTION:
+EVP_rc2_cbc                             325	EXIST::FUNCTION:RC2
+EVP_rc2_cfb64                           326	EXIST::FUNCTION:RC2
+EVP_rc2_ecb                             327	EXIST::FUNCTION:RC2
+EVP_rc2_ofb                             328	EXIST::FUNCTION:RC2
+EVP_rc4                                 329	EXIST::FUNCTION:RC4
+EVP_read_pw_string                      330	EXIST::FUNCTION:
+EVP_set_pw_prompt                       331	EXIST::FUNCTION:
+EVP_sha                                 332	EXIST::FUNCTION:SHA
+EVP_sha1                                333	EXIST::FUNCTION:SHA
+MD2                                     334	EXIST::FUNCTION:MD2
+MD2_Final                               335	EXIST::FUNCTION:MD2
+MD2_Init                                336	EXIST::FUNCTION:MD2
+MD2_Update                              337	EXIST::FUNCTION:MD2
+MD2_options                             338	EXIST::FUNCTION:MD2
+MD5                                     339	EXIST::FUNCTION:MD5
+MD5_Final                               340	EXIST::FUNCTION:MD5
+MD5_Init                                341	EXIST::FUNCTION:MD5
+MD5_Update                              342	EXIST::FUNCTION:MD5
+MDC2                                    343	EXIST::FUNCTION:MDC2
+MDC2_Final                              344	EXIST::FUNCTION:MDC2
+MDC2_Init                               345	EXIST::FUNCTION:MDC2
+MDC2_Update                             346	EXIST::FUNCTION:MDC2
+NETSCAPE_SPKAC_free                     347	EXIST::FUNCTION:
+NETSCAPE_SPKAC_new                      348	EXIST::FUNCTION:
+NETSCAPE_SPKI_free                      349	EXIST::FUNCTION:
+NETSCAPE_SPKI_new                       350	EXIST::FUNCTION:
+NETSCAPE_SPKI_sign                      351	EXIST::FUNCTION:EVP
+NETSCAPE_SPKI_verify                    352	EXIST::FUNCTION:EVP
+OBJ_add_object                          353	EXIST::FUNCTION:
+OBJ_bsearch                             354	NOEXIST::FUNCTION:
+OBJ_cleanup                             355	EXIST::FUNCTION:
+OBJ_cmp                                 356	EXIST::FUNCTION:
+OBJ_create                              357	EXIST::FUNCTION:
+OBJ_dup                                 358	EXIST::FUNCTION:
+OBJ_ln2nid                              359	EXIST::FUNCTION:
+OBJ_new_nid                             360	EXIST::FUNCTION:
+OBJ_nid2ln                              361	EXIST::FUNCTION:
+OBJ_nid2obj                             362	EXIST::FUNCTION:
+OBJ_nid2sn                              363	EXIST::FUNCTION:
+OBJ_obj2nid                             364	EXIST::FUNCTION:
+OBJ_sn2nid                              365	EXIST::FUNCTION:
+OBJ_txt2nid                             366	EXIST::FUNCTION:
+PEM_ASN1_read                           367	EXIST::FUNCTION:
+PEM_ASN1_read_bio                       368	EXIST::FUNCTION:BIO
+PEM_ASN1_write                          369	EXIST::FUNCTION:
+PEM_ASN1_write_bio                      370	EXIST::FUNCTION:BIO
+PEM_SealFinal                           371	EXIST::FUNCTION:RSA
+PEM_SealInit                            372	EXIST::FUNCTION:RSA
+PEM_SealUpdate                          373	EXIST::FUNCTION:RSA
+PEM_SignFinal                           374	EXIST::FUNCTION:
+PEM_SignInit                            375	EXIST::FUNCTION:
+PEM_SignUpdate                          376	EXIST::FUNCTION:
+PEM_X509_INFO_read                      377	EXIST::FUNCTION:
+PEM_X509_INFO_read_bio                  378	EXIST::FUNCTION:BIO
+PEM_X509_INFO_write_bio                 379	EXIST::FUNCTION:BIO
+PEM_dek_info                            380	EXIST::FUNCTION:
+PEM_do_header                           381	EXIST::FUNCTION:
+PEM_get_EVP_CIPHER_INFO                 382	EXIST::FUNCTION:
+PEM_proc_type                           383	EXIST::FUNCTION:
+PEM_read                                384	EXIST::FUNCTION:
+PEM_read_DHparams                       385	EXIST:!WIN16:FUNCTION:DH
+PEM_read_DSAPrivateKey                  386	EXIST:!WIN16:FUNCTION:DSA
+PEM_read_DSAparams                      387	EXIST:!WIN16:FUNCTION:DSA
+PEM_read_PKCS7                          388	EXIST:!WIN16:FUNCTION:
+PEM_read_PrivateKey                     389	EXIST:!WIN16:FUNCTION:
+PEM_read_RSAPrivateKey                  390	EXIST:!WIN16:FUNCTION:RSA
+PEM_read_X509                           391	EXIST:!WIN16:FUNCTION:
+PEM_read_X509_CRL                       392	EXIST:!WIN16:FUNCTION:
+PEM_read_X509_REQ                       393	EXIST:!WIN16:FUNCTION:
+PEM_read_bio                            394	EXIST::FUNCTION:BIO
+PEM_read_bio_DHparams                   395	EXIST::FUNCTION:DH
+PEM_read_bio_DSAPrivateKey              396	EXIST::FUNCTION:DSA
+PEM_read_bio_DSAparams                  397	EXIST::FUNCTION:DSA
+PEM_read_bio_PKCS7                      398	EXIST::FUNCTION:
+PEM_read_bio_PrivateKey                 399	EXIST::FUNCTION:
+PEM_read_bio_RSAPrivateKey              400	EXIST::FUNCTION:RSA
+PEM_read_bio_X509                       401	EXIST::FUNCTION:
+PEM_read_bio_X509_CRL                   402	EXIST::FUNCTION:
+PEM_read_bio_X509_REQ                   403	EXIST::FUNCTION:
+PEM_write                               404	EXIST::FUNCTION:
+PEM_write_DHparams                      405	EXIST:!WIN16:FUNCTION:DH
+PEM_write_DSAPrivateKey                 406	EXIST:!WIN16:FUNCTION:DSA
+PEM_write_DSAparams                     407	EXIST:!WIN16:FUNCTION:DSA
+PEM_write_PKCS7                         408	EXIST:!WIN16:FUNCTION:
+PEM_write_PrivateKey                    409	EXIST:!WIN16:FUNCTION:
+PEM_write_RSAPrivateKey                 410	EXIST:!WIN16:FUNCTION:RSA
+PEM_write_X509                          411	EXIST:!WIN16:FUNCTION:
+PEM_write_X509_CRL                      412	EXIST:!WIN16:FUNCTION:
+PEM_write_X509_REQ                      413	EXIST:!WIN16:FUNCTION:
+PEM_write_bio                           414	EXIST::FUNCTION:BIO
+PEM_write_bio_DHparams                  415	EXIST::FUNCTION:DH
+PEM_write_bio_DSAPrivateKey             416	EXIST::FUNCTION:DSA
+PEM_write_bio_DSAparams                 417	EXIST::FUNCTION:DSA
+PEM_write_bio_PKCS7                     418	EXIST::FUNCTION:
+PEM_write_bio_PrivateKey                419	EXIST::FUNCTION:
+PEM_write_bio_RSAPrivateKey             420	EXIST::FUNCTION:RSA
+PEM_write_bio_X509                      421	EXIST::FUNCTION:
+PEM_write_bio_X509_CRL                  422	EXIST::FUNCTION:
+PEM_write_bio_X509_REQ                  423	EXIST::FUNCTION:
+PKCS7_DIGEST_free                       424	EXIST::FUNCTION:
+PKCS7_DIGEST_new                        425	EXIST::FUNCTION:
+PKCS7_ENCRYPT_free                      426	EXIST::FUNCTION:
+PKCS7_ENCRYPT_new                       427	EXIST::FUNCTION:
+PKCS7_ENC_CONTENT_free                  428	EXIST::FUNCTION:
+PKCS7_ENC_CONTENT_new                   429	EXIST::FUNCTION:
+PKCS7_ENVELOPE_free                     430	EXIST::FUNCTION:
+PKCS7_ENVELOPE_new                      431	EXIST::FUNCTION:
+PKCS7_ISSUER_AND_SERIAL_digest          432	EXIST::FUNCTION:
+PKCS7_ISSUER_AND_SERIAL_free            433	EXIST::FUNCTION:
+PKCS7_ISSUER_AND_SERIAL_new             434	EXIST::FUNCTION:
+PKCS7_RECIP_INFO_free                   435	EXIST::FUNCTION:
+PKCS7_RECIP_INFO_new                    436	EXIST::FUNCTION:
+PKCS7_SIGNED_free                       437	EXIST::FUNCTION:
+PKCS7_SIGNED_new                        438	EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_free                  439	EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_new                   440	EXIST::FUNCTION:
+PKCS7_SIGN_ENVELOPE_free                441	EXIST::FUNCTION:
+PKCS7_SIGN_ENVELOPE_new                 442	EXIST::FUNCTION:
+PKCS7_dup                               443	EXIST::FUNCTION:
+PKCS7_free                              444	EXIST::FUNCTION:
+PKCS7_new                               445	EXIST::FUNCTION:
+PROXY_ENTRY_add_noproxy                 446	NOEXIST::FUNCTION:
+PROXY_ENTRY_clear_noproxy               447	NOEXIST::FUNCTION:
+PROXY_ENTRY_free                        448	NOEXIST::FUNCTION:
+PROXY_ENTRY_get_noproxy                 449	NOEXIST::FUNCTION:
+PROXY_ENTRY_new                         450	NOEXIST::FUNCTION:
+PROXY_ENTRY_set_server                  451	NOEXIST::FUNCTION:
+PROXY_add_noproxy                       452	NOEXIST::FUNCTION:
+PROXY_add_server                        453	NOEXIST::FUNCTION:
+PROXY_check_by_host                     454	NOEXIST::FUNCTION:
+PROXY_check_url                         455	NOEXIST::FUNCTION:
+PROXY_clear_noproxy                     456	NOEXIST::FUNCTION:
+PROXY_free                              457	NOEXIST::FUNCTION:
+PROXY_get_noproxy                       458	NOEXIST::FUNCTION:
+PROXY_get_proxies                       459	NOEXIST::FUNCTION:
+PROXY_get_proxy_entry                   460	NOEXIST::FUNCTION:
+PROXY_load_conf                         461	NOEXIST::FUNCTION:
+PROXY_new                               462	NOEXIST::FUNCTION:
+PROXY_print                             463	NOEXIST::FUNCTION:
+RAND_bytes                              464	EXIST::FUNCTION:
+RAND_cleanup                            465	EXIST::FUNCTION:
+RAND_file_name                          466	EXIST::FUNCTION:
+RAND_load_file                          467	EXIST::FUNCTION:
+RAND_screen                             468	EXIST:WIN32:FUNCTION:
+RAND_seed                               469	EXIST::FUNCTION:
+RAND_write_file                         470	EXIST::FUNCTION:
+RC2_cbc_encrypt                         471	EXIST::FUNCTION:RC2
+RC2_cfb64_encrypt                       472	EXIST::FUNCTION:RC2
+RC2_ecb_encrypt                         473	EXIST::FUNCTION:RC2
+RC2_encrypt                             474	EXIST::FUNCTION:RC2
+RC2_ofb64_encrypt                       475	EXIST::FUNCTION:RC2
+RC2_set_key                             476	EXIST::FUNCTION:RC2
+RC4                                     477	EXIST::FUNCTION:RC4
+RC4_options                             478	EXIST::FUNCTION:RC4
+RC4_set_key                             479	EXIST::FUNCTION:RC4
+RSAPrivateKey_asn1_meth                 480	NOEXIST::FUNCTION:
+RSAPrivateKey_dup                       481	EXIST::FUNCTION:RSA
+RSAPublicKey_dup                        482	EXIST::FUNCTION:RSA
+RSA_PKCS1_SSLeay                        483	EXIST::FUNCTION:RSA
+RSA_free                                484	EXIST::FUNCTION:RSA
+RSA_generate_key                        485	EXIST::FUNCTION:DEPRECATED,RSA
+RSA_new                                 486	EXIST::FUNCTION:RSA
+RSA_new_method                          487	EXIST::FUNCTION:RSA
+RSA_print                               488	EXIST::FUNCTION:BIO,RSA
+RSA_print_fp                            489	EXIST::FUNCTION:FP_API,RSA
+RSA_private_decrypt                     490	EXIST::FUNCTION:RSA
+RSA_private_encrypt                     491	EXIST::FUNCTION:RSA
+RSA_public_decrypt                      492	EXIST::FUNCTION:RSA
+RSA_public_encrypt                      493	EXIST::FUNCTION:RSA
+RSA_set_default_method                  494	EXIST::FUNCTION:RSA
+RSA_sign                                495	EXIST::FUNCTION:RSA
+RSA_sign_ASN1_OCTET_STRING              496	EXIST::FUNCTION:RSA
+RSA_size                                497	EXIST::FUNCTION:RSA
+RSA_verify                              498	EXIST::FUNCTION:RSA
+RSA_verify_ASN1_OCTET_STRING            499	EXIST::FUNCTION:RSA
+SHA                                     500	EXIST::FUNCTION:SHA,SHA0
+SHA1                                    501	EXIST::FUNCTION:SHA,SHA1
+SHA1_Final                              502	EXIST::FUNCTION:SHA,SHA1
+SHA1_Init                               503	EXIST::FUNCTION:SHA,SHA1
+SHA1_Update                             504	EXIST::FUNCTION:SHA,SHA1
+SHA_Final                               505	EXIST::FUNCTION:SHA,SHA0
+SHA_Init                                506	EXIST::FUNCTION:SHA,SHA0
+SHA_Update                              507	EXIST::FUNCTION:SHA,SHA0
+OpenSSL_add_all_algorithms              508	NOEXIST::FUNCTION:
+OpenSSL_add_all_ciphers                 509	EXIST::FUNCTION:
+OpenSSL_add_all_digests                 510	EXIST::FUNCTION:
+TXT_DB_create_index                     511	EXIST::FUNCTION:
+TXT_DB_free                             512	EXIST::FUNCTION:
+TXT_DB_get_by_index                     513	EXIST::FUNCTION:
+TXT_DB_insert                           514	EXIST::FUNCTION:
+TXT_DB_read                             515	EXIST::FUNCTION:BIO
+TXT_DB_write                            516	EXIST::FUNCTION:BIO
+X509_ALGOR_free                         517	EXIST::FUNCTION:
+X509_ALGOR_new                          518	EXIST::FUNCTION:
+X509_ATTRIBUTE_free                     519	EXIST::FUNCTION:
+X509_ATTRIBUTE_new                      520	EXIST::FUNCTION:
+X509_CINF_free                          521	EXIST::FUNCTION:
+X509_CINF_new                           522	EXIST::FUNCTION:
+X509_CRL_INFO_free                      523	EXIST::FUNCTION:
+X509_CRL_INFO_new                       524	EXIST::FUNCTION:
+X509_CRL_add_ext                        525	EXIST::FUNCTION:
+X509_CRL_cmp                            526	EXIST::FUNCTION:
+X509_CRL_delete_ext                     527	EXIST::FUNCTION:
+X509_CRL_dup                            528	EXIST::FUNCTION:
+X509_CRL_free                           529	EXIST::FUNCTION:
+X509_CRL_get_ext                        530	EXIST::FUNCTION:
+X509_CRL_get_ext_by_NID                 531	EXIST::FUNCTION:
+X509_CRL_get_ext_by_OBJ                 532	EXIST::FUNCTION:
+X509_CRL_get_ext_by_critical            533	EXIST::FUNCTION:
+X509_CRL_get_ext_count                  534	EXIST::FUNCTION:
+X509_CRL_new                            535	EXIST::FUNCTION:
+X509_CRL_sign                           536	EXIST::FUNCTION:EVP
+X509_CRL_verify                         537	EXIST::FUNCTION:EVP
+X509_EXTENSION_create_by_NID            538	EXIST::FUNCTION:
+X509_EXTENSION_create_by_OBJ            539	EXIST::FUNCTION:
+X509_EXTENSION_dup                      540	EXIST::FUNCTION:
+X509_EXTENSION_free                     541	EXIST::FUNCTION:
+X509_EXTENSION_get_critical             542	EXIST::FUNCTION:
+X509_EXTENSION_get_data                 543	EXIST::FUNCTION:
+X509_EXTENSION_get_object               544	EXIST::FUNCTION:
+X509_EXTENSION_new                      545	EXIST::FUNCTION:
+X509_EXTENSION_set_critical             546	EXIST::FUNCTION:
+X509_EXTENSION_set_data                 547	EXIST::FUNCTION:
+X509_EXTENSION_set_object               548	EXIST::FUNCTION:
+X509_INFO_free                          549	EXIST::FUNCTION:EVP
+X509_INFO_new                           550	EXIST::FUNCTION:EVP
+X509_LOOKUP_by_alias                    551	EXIST::FUNCTION:
+X509_LOOKUP_by_fingerprint              552	EXIST::FUNCTION:
+X509_LOOKUP_by_issuer_serial            553	EXIST::FUNCTION:
+X509_LOOKUP_by_subject                  554	EXIST::FUNCTION:
+X509_LOOKUP_ctrl                        555	EXIST::FUNCTION:
+X509_LOOKUP_file                        556	EXIST::FUNCTION:
+X509_LOOKUP_free                        557	EXIST::FUNCTION:
+X509_LOOKUP_hash_dir                    558	EXIST::FUNCTION:
+X509_LOOKUP_init                        559	EXIST::FUNCTION:
+X509_LOOKUP_new                         560	EXIST::FUNCTION:
+X509_LOOKUP_shutdown                    561	EXIST::FUNCTION:
+X509_NAME_ENTRY_create_by_NID           562	EXIST::FUNCTION:
+X509_NAME_ENTRY_create_by_OBJ           563	EXIST::FUNCTION:
+X509_NAME_ENTRY_dup                     564	EXIST::FUNCTION:
+X509_NAME_ENTRY_free                    565	EXIST::FUNCTION:
+X509_NAME_ENTRY_get_data                566	EXIST::FUNCTION:
+X509_NAME_ENTRY_get_object              567	EXIST::FUNCTION:
+X509_NAME_ENTRY_new                     568	EXIST::FUNCTION:
+X509_NAME_ENTRY_set_data                569	EXIST::FUNCTION:
+X509_NAME_ENTRY_set_object              570	EXIST::FUNCTION:
+X509_NAME_add_entry                     571	EXIST::FUNCTION:
+X509_NAME_cmp                           572	EXIST::FUNCTION:
+X509_NAME_delete_entry                  573	EXIST::FUNCTION:
+X509_NAME_digest                        574	EXIST::FUNCTION:EVP
+X509_NAME_dup                           575	EXIST::FUNCTION:
+X509_NAME_entry_count                   576	EXIST::FUNCTION:
+X509_NAME_free                          577	EXIST::FUNCTION:
+X509_NAME_get_entry                     578	EXIST::FUNCTION:
+X509_NAME_get_index_by_NID              579	EXIST::FUNCTION:
+X509_NAME_get_index_by_OBJ              580	EXIST::FUNCTION:
+X509_NAME_get_text_by_NID               581	EXIST::FUNCTION:
+X509_NAME_get_text_by_OBJ               582	EXIST::FUNCTION:
+X509_NAME_hash                          583	EXIST::FUNCTION:
+X509_NAME_new                           584	EXIST::FUNCTION:
+X509_NAME_oneline                       585	EXIST::FUNCTION:EVP
+X509_NAME_print                         586	EXIST::FUNCTION:BIO
+X509_NAME_set                           587	EXIST::FUNCTION:
+X509_OBJECT_free_contents               588	EXIST::FUNCTION:
+X509_OBJECT_retrieve_by_subject         589	EXIST::FUNCTION:
+X509_OBJECT_up_ref_count                590	EXIST::FUNCTION:
+X509_PKEY_free                          591	EXIST::FUNCTION:
+X509_PKEY_new                           592	EXIST::FUNCTION:
+X509_PUBKEY_free                        593	EXIST::FUNCTION:
+X509_PUBKEY_get                         594	EXIST::FUNCTION:
+X509_PUBKEY_new                         595	EXIST::FUNCTION:
+X509_PUBKEY_set                         596	EXIST::FUNCTION:
+X509_REQ_INFO_free                      597	EXIST::FUNCTION:
+X509_REQ_INFO_new                       598	EXIST::FUNCTION:
+X509_REQ_dup                            599	EXIST::FUNCTION:
+X509_REQ_free                           600	EXIST::FUNCTION:
+X509_REQ_get_pubkey                     601	EXIST::FUNCTION:
+X509_REQ_new                            602	EXIST::FUNCTION:
+X509_REQ_print                          603	EXIST::FUNCTION:BIO
+X509_REQ_print_fp                       604	EXIST::FUNCTION:FP_API
+X509_REQ_set_pubkey                     605	EXIST::FUNCTION:
+X509_REQ_set_subject_name               606	EXIST::FUNCTION:
+X509_REQ_set_version                    607	EXIST::FUNCTION:
+X509_REQ_sign                           608	EXIST::FUNCTION:EVP
+X509_REQ_to_X509                        609	EXIST::FUNCTION:
+X509_REQ_verify                         610	EXIST::FUNCTION:EVP
+X509_REVOKED_add_ext                    611	EXIST::FUNCTION:
+X509_REVOKED_delete_ext                 612	EXIST::FUNCTION:
+X509_REVOKED_free                       613	EXIST::FUNCTION:
+X509_REVOKED_get_ext                    614	EXIST::FUNCTION:
+X509_REVOKED_get_ext_by_NID             615	EXIST::FUNCTION:
+X509_REVOKED_get_ext_by_OBJ             616	EXIST::FUNCTION:
+X509_REVOKED_get_ext_by_critical        617	EXIST:!VMS:FUNCTION:
+X509_REVOKED_get_ext_by_critic          617	EXIST:VMS:FUNCTION:
+X509_REVOKED_get_ext_count              618	EXIST::FUNCTION:
+X509_REVOKED_new                        619	EXIST::FUNCTION:
+X509_SIG_free                           620	EXIST::FUNCTION:
+X509_SIG_new                            621	EXIST::FUNCTION:
+X509_STORE_CTX_cleanup                  622	EXIST::FUNCTION:
+X509_STORE_CTX_init                     623	EXIST::FUNCTION:
+X509_STORE_add_cert                     624	EXIST::FUNCTION:
+X509_STORE_add_lookup                   625	EXIST::FUNCTION:
+X509_STORE_free                         626	EXIST::FUNCTION:
+X509_STORE_get_by_subject               627	EXIST::FUNCTION:
+X509_STORE_load_locations               628	EXIST::FUNCTION:STDIO
+X509_STORE_new                          629	EXIST::FUNCTION:
+X509_STORE_set_default_paths            630	EXIST::FUNCTION:STDIO
+X509_VAL_free                           631	EXIST::FUNCTION:
+X509_VAL_new                            632	EXIST::FUNCTION:
+X509_add_ext                            633	EXIST::FUNCTION:
+X509_asn1_meth                          634	NOEXIST::FUNCTION:
+X509_certificate_type                   635	EXIST::FUNCTION:
+X509_check_private_key                  636	EXIST::FUNCTION:
+X509_cmp_current_time                   637	EXIST::FUNCTION:
+X509_delete_ext                         638	EXIST::FUNCTION:
+X509_digest                             639	EXIST::FUNCTION:EVP
+X509_dup                                640	EXIST::FUNCTION:
+X509_free                               641	EXIST::FUNCTION:
+X509_get_default_cert_area              642	EXIST::FUNCTION:
+X509_get_default_cert_dir               643	EXIST::FUNCTION:
+X509_get_default_cert_dir_env           644	EXIST::FUNCTION:
+X509_get_default_cert_file              645	EXIST::FUNCTION:
+X509_get_default_cert_file_env          646	EXIST::FUNCTION:
+X509_get_default_private_dir            647	EXIST::FUNCTION:
+X509_get_ext                            648	EXIST::FUNCTION:
+X509_get_ext_by_NID                     649	EXIST::FUNCTION:
+X509_get_ext_by_OBJ                     650	EXIST::FUNCTION:
+X509_get_ext_by_critical                651	EXIST::FUNCTION:
+X509_get_ext_count                      652	EXIST::FUNCTION:
+X509_get_issuer_name                    653	EXIST::FUNCTION:
+X509_get_pubkey                         654	EXIST::FUNCTION:
+X509_get_pubkey_parameters              655	EXIST::FUNCTION:
+X509_get_serialNumber                   656	EXIST::FUNCTION:
+X509_get_subject_name                   657	EXIST::FUNCTION:
+X509_gmtime_adj                         658	EXIST::FUNCTION:
+X509_issuer_and_serial_cmp              659	EXIST::FUNCTION:
+X509_issuer_and_serial_hash             660	EXIST::FUNCTION:
+X509_issuer_name_cmp                    661	EXIST::FUNCTION:
+X509_issuer_name_hash                   662	EXIST::FUNCTION:
+X509_load_cert_file                     663	EXIST::FUNCTION:STDIO
+X509_new                                664	EXIST::FUNCTION:
+X509_print                              665	EXIST::FUNCTION:BIO
+X509_print_fp                           666	EXIST::FUNCTION:FP_API
+X509_set_issuer_name                    667	EXIST::FUNCTION:
+X509_set_notAfter                       668	EXIST::FUNCTION:
+X509_set_notBefore                      669	EXIST::FUNCTION:
+X509_set_pubkey                         670	EXIST::FUNCTION:
+X509_set_serialNumber                   671	EXIST::FUNCTION:
+X509_set_subject_name                   672	EXIST::FUNCTION:
+X509_set_version                        673	EXIST::FUNCTION:
+X509_sign                               674	EXIST::FUNCTION:EVP
+X509_subject_name_cmp                   675	EXIST::FUNCTION:
+X509_subject_name_hash                  676	EXIST::FUNCTION:
+X509_to_X509_REQ                        677	EXIST::FUNCTION:
+X509_verify                             678	EXIST::FUNCTION:EVP
+X509_verify_cert                        679	EXIST::FUNCTION:
+X509_verify_cert_error_string           680	EXIST::FUNCTION:
+X509v3_add_ext                          681	EXIST::FUNCTION:
+X509v3_add_extension                    682	NOEXIST::FUNCTION:
+X509v3_add_netscape_extensions          683	NOEXIST::FUNCTION:
+X509v3_add_standard_extensions          684	NOEXIST::FUNCTION:
+X509v3_cleanup_extensions               685	NOEXIST::FUNCTION:
+X509v3_data_type_by_NID                 686	NOEXIST::FUNCTION:
+X509v3_data_type_by_OBJ                 687	NOEXIST::FUNCTION:
+X509v3_delete_ext                       688	EXIST::FUNCTION:
+X509v3_get_ext                          689	EXIST::FUNCTION:
+X509v3_get_ext_by_NID                   690	EXIST::FUNCTION:
+X509v3_get_ext_by_OBJ                   691	EXIST::FUNCTION:
+X509v3_get_ext_by_critical              692	EXIST::FUNCTION:
+X509v3_get_ext_count                    693	EXIST::FUNCTION:
+X509v3_pack_string                      694	NOEXIST::FUNCTION:
+X509v3_pack_type_by_NID                 695	NOEXIST::FUNCTION:
+X509v3_pack_type_by_OBJ                 696	NOEXIST::FUNCTION:
+X509v3_unpack_string                    697	NOEXIST::FUNCTION:
+_des_crypt                              698	NOEXIST::FUNCTION:
+a2d_ASN1_OBJECT                         699	EXIST::FUNCTION:
+a2i_ASN1_INTEGER                        700	EXIST::FUNCTION:BIO
+a2i_ASN1_STRING                         701	EXIST::FUNCTION:BIO
+asn1_Finish                             702	EXIST::FUNCTION:
+asn1_GetSequence                        703	EXIST::FUNCTION:
+bn_div_words                            704	EXIST::FUNCTION:
+bn_expand2                              705	EXIST::FUNCTION:
+bn_mul_add_words                        706	EXIST::FUNCTION:
+bn_mul_words                            707	EXIST::FUNCTION:
+BN_uadd                                 708	EXIST::FUNCTION:
+BN_usub                                 709	EXIST::FUNCTION:
+bn_sqr_words                            710	EXIST::FUNCTION:
+_ossl_old_crypt                         711	EXIST:!NeXT,!PERL5:FUNCTION:DES
+d2i_ASN1_BIT_STRING                     712	EXIST::FUNCTION:
+d2i_ASN1_BOOLEAN                        713	EXIST::FUNCTION:
+d2i_ASN1_HEADER                         714	NOEXIST::FUNCTION:
+d2i_ASN1_IA5STRING                      715	EXIST::FUNCTION:
+d2i_ASN1_INTEGER                        716	EXIST::FUNCTION:
+d2i_ASN1_OBJECT                         717	EXIST::FUNCTION:
+d2i_ASN1_OCTET_STRING                   718	EXIST::FUNCTION:
+d2i_ASN1_PRINTABLE                      719	EXIST::FUNCTION:
+d2i_ASN1_PRINTABLESTRING                720	EXIST::FUNCTION:
+d2i_ASN1_SET                            721	EXIST::FUNCTION:
+d2i_ASN1_T61STRING                      722	EXIST::FUNCTION:
+d2i_ASN1_TYPE                           723	EXIST::FUNCTION:
+d2i_ASN1_UTCTIME                        724	EXIST::FUNCTION:
+d2i_ASN1_bytes                          725	EXIST::FUNCTION:
+d2i_ASN1_type_bytes                     726	EXIST::FUNCTION:
+d2i_DHparams                            727	EXIST::FUNCTION:DH
+d2i_DSAPrivateKey                       728	EXIST::FUNCTION:DSA
+d2i_DSAPrivateKey_bio                   729	EXIST::FUNCTION:BIO,DSA
+d2i_DSAPrivateKey_fp                    730	EXIST::FUNCTION:DSA,FP_API
+d2i_DSAPublicKey                        731	EXIST::FUNCTION:DSA
+d2i_DSAparams                           732	EXIST::FUNCTION:DSA
+d2i_NETSCAPE_SPKAC                      733	EXIST::FUNCTION:
+d2i_NETSCAPE_SPKI                       734	EXIST::FUNCTION:
+d2i_Netscape_RSA                        735	EXIST::FUNCTION:RC4,RSA
+d2i_PKCS7                               736	EXIST::FUNCTION:
+d2i_PKCS7_DIGEST                        737	EXIST::FUNCTION:
+d2i_PKCS7_ENCRYPT                       738	EXIST::FUNCTION:
+d2i_PKCS7_ENC_CONTENT                   739	EXIST::FUNCTION:
+d2i_PKCS7_ENVELOPE                      740	EXIST::FUNCTION:
+d2i_PKCS7_ISSUER_AND_SERIAL             741	EXIST::FUNCTION:
+d2i_PKCS7_RECIP_INFO                    742	EXIST::FUNCTION:
+d2i_PKCS7_SIGNED                        743	EXIST::FUNCTION:
+d2i_PKCS7_SIGNER_INFO                   744	EXIST::FUNCTION:
+d2i_PKCS7_SIGN_ENVELOPE                 745	EXIST::FUNCTION:
+d2i_PKCS7_bio                           746	EXIST::FUNCTION:
+d2i_PKCS7_fp                            747	EXIST::FUNCTION:FP_API
+d2i_PrivateKey                          748	EXIST::FUNCTION:
+d2i_PublicKey                           749	EXIST::FUNCTION:
+d2i_RSAPrivateKey                       750	EXIST::FUNCTION:RSA
+d2i_RSAPrivateKey_bio                   751	EXIST::FUNCTION:BIO,RSA
+d2i_RSAPrivateKey_fp                    752	EXIST::FUNCTION:FP_API,RSA
+d2i_RSAPublicKey                        753	EXIST::FUNCTION:RSA
+d2i_X509                                754	EXIST::FUNCTION:
+d2i_X509_ALGOR                          755	EXIST::FUNCTION:
+d2i_X509_ATTRIBUTE                      756	EXIST::FUNCTION:
+d2i_X509_CINF                           757	EXIST::FUNCTION:
+d2i_X509_CRL                            758	EXIST::FUNCTION:
+d2i_X509_CRL_INFO                       759	EXIST::FUNCTION:
+d2i_X509_CRL_bio                        760	EXIST::FUNCTION:BIO
+d2i_X509_CRL_fp                         761	EXIST::FUNCTION:FP_API
+d2i_X509_EXTENSION                      762	EXIST::FUNCTION:
+d2i_X509_NAME                           763	EXIST::FUNCTION:
+d2i_X509_NAME_ENTRY                     764	EXIST::FUNCTION:
+d2i_X509_PKEY                           765	EXIST::FUNCTION:
+d2i_X509_PUBKEY                         766	EXIST::FUNCTION:
+d2i_X509_REQ                            767	EXIST::FUNCTION:
+d2i_X509_REQ_INFO                       768	EXIST::FUNCTION:
+d2i_X509_REQ_bio                        769	EXIST::FUNCTION:BIO
+d2i_X509_REQ_fp                         770	EXIST::FUNCTION:FP_API
+d2i_X509_REVOKED                        771	EXIST::FUNCTION:
+d2i_X509_SIG                            772	EXIST::FUNCTION:
+d2i_X509_VAL                            773	EXIST::FUNCTION:
+d2i_X509_bio                            774	EXIST::FUNCTION:BIO
+d2i_X509_fp                             775	EXIST::FUNCTION:FP_API
+DES_cbc_cksum                           777	EXIST::FUNCTION:DES
+DES_cbc_encrypt                         778	EXIST::FUNCTION:DES
+DES_cblock_print_file                   779	NOEXIST::FUNCTION:
+DES_cfb64_encrypt                       780	EXIST::FUNCTION:DES
+DES_cfb_encrypt                         781	EXIST::FUNCTION:DES
+DES_decrypt3                            782	EXIST::FUNCTION:DES
+DES_ecb3_encrypt                        783	EXIST::FUNCTION:DES
+DES_ecb_encrypt                         784	EXIST::FUNCTION:DES
+DES_ede3_cbc_encrypt                    785	EXIST::FUNCTION:DES
+DES_ede3_cfb64_encrypt                  786	EXIST::FUNCTION:DES
+DES_ede3_ofb64_encrypt                  787	EXIST::FUNCTION:DES
+DES_enc_read                            788	EXIST::FUNCTION:DES
+DES_enc_write                           789	EXIST::FUNCTION:DES
+DES_encrypt1                            790	EXIST::FUNCTION:DES
+DES_encrypt2                            791	EXIST::FUNCTION:DES
+DES_encrypt3                            792	EXIST::FUNCTION:DES
+DES_fcrypt                              793	EXIST::FUNCTION:DES
+DES_is_weak_key                         794	EXIST::FUNCTION:DES
+DES_key_sched                           795	EXIST::FUNCTION:DES
+DES_ncbc_encrypt                        796	EXIST::FUNCTION:DES
+DES_ofb64_encrypt                       797	EXIST::FUNCTION:DES
+DES_ofb_encrypt                         798	EXIST::FUNCTION:DES
+DES_options                             799	EXIST::FUNCTION:DES
+DES_pcbc_encrypt                        800	EXIST::FUNCTION:DES
+DES_quad_cksum                          801	EXIST::FUNCTION:DES
+DES_random_key                          802	EXIST::FUNCTION:DES
+_ossl_old_des_random_seed               803	EXIST::FUNCTION:DES
+_ossl_old_des_read_2passwords           804	EXIST::FUNCTION:DES
+_ossl_old_des_read_password             805	EXIST::FUNCTION:DES
+_ossl_old_des_read_pw                   806	EXIST::FUNCTION:
+_ossl_old_des_read_pw_string            807	EXIST::FUNCTION:
+DES_set_key                             808	EXIST::FUNCTION:DES
+DES_set_odd_parity                      809	EXIST::FUNCTION:DES
+DES_string_to_2keys                     810	EXIST::FUNCTION:DES
+DES_string_to_key                       811	EXIST::FUNCTION:DES
+DES_xcbc_encrypt                        812	EXIST::FUNCTION:DES
+DES_xwhite_in2out                       813	NOEXIST::FUNCTION:
+fcrypt_body                             814	NOEXIST::FUNCTION:
+i2a_ASN1_INTEGER                        815	EXIST::FUNCTION:BIO
+i2a_ASN1_OBJECT                         816	EXIST::FUNCTION:BIO
+i2a_ASN1_STRING                         817	EXIST::FUNCTION:BIO
+i2d_ASN1_BIT_STRING                     818	EXIST::FUNCTION:
+i2d_ASN1_BOOLEAN                        819	EXIST::FUNCTION:
+i2d_ASN1_HEADER                         820	NOEXIST::FUNCTION:
+i2d_ASN1_IA5STRING                      821	EXIST::FUNCTION:
+i2d_ASN1_INTEGER                        822	EXIST::FUNCTION:
+i2d_ASN1_OBJECT                         823	EXIST::FUNCTION:
+i2d_ASN1_OCTET_STRING                   824	EXIST::FUNCTION:
+i2d_ASN1_PRINTABLE                      825	EXIST::FUNCTION:
+i2d_ASN1_SET                            826	EXIST::FUNCTION:
+i2d_ASN1_TYPE                           827	EXIST::FUNCTION:
+i2d_ASN1_UTCTIME                        828	EXIST::FUNCTION:
+i2d_ASN1_bytes                          829	EXIST::FUNCTION:
+i2d_DHparams                            830	EXIST::FUNCTION:DH
+i2d_DSAPrivateKey                       831	EXIST::FUNCTION:DSA
+i2d_DSAPrivateKey_bio                   832	EXIST::FUNCTION:BIO,DSA
+i2d_DSAPrivateKey_fp                    833	EXIST::FUNCTION:DSA,FP_API
+i2d_DSAPublicKey                        834	EXIST::FUNCTION:DSA
+i2d_DSAparams                           835	EXIST::FUNCTION:DSA
+i2d_NETSCAPE_SPKAC                      836	EXIST::FUNCTION:
+i2d_NETSCAPE_SPKI                       837	EXIST::FUNCTION:
+i2d_Netscape_RSA                        838	EXIST::FUNCTION:RC4,RSA
+i2d_PKCS7                               839	EXIST::FUNCTION:
+i2d_PKCS7_DIGEST                        840	EXIST::FUNCTION:
+i2d_PKCS7_ENCRYPT                       841	EXIST::FUNCTION:
+i2d_PKCS7_ENC_CONTENT                   842	EXIST::FUNCTION:
+i2d_PKCS7_ENVELOPE                      843	EXIST::FUNCTION:
+i2d_PKCS7_ISSUER_AND_SERIAL             844	EXIST::FUNCTION:
+i2d_PKCS7_RECIP_INFO                    845	EXIST::FUNCTION:
+i2d_PKCS7_SIGNED                        846	EXIST::FUNCTION:
+i2d_PKCS7_SIGNER_INFO                   847	EXIST::FUNCTION:
+i2d_PKCS7_SIGN_ENVELOPE                 848	EXIST::FUNCTION:
+i2d_PKCS7_bio                           849	EXIST::FUNCTION:
+i2d_PKCS7_fp                            850	EXIST::FUNCTION:FP_API
+i2d_PrivateKey                          851	EXIST::FUNCTION:
+i2d_PublicKey                           852	EXIST::FUNCTION:
+i2d_RSAPrivateKey                       853	EXIST::FUNCTION:RSA
+i2d_RSAPrivateKey_bio                   854	EXIST::FUNCTION:BIO,RSA
+i2d_RSAPrivateKey_fp                    855	EXIST::FUNCTION:FP_API,RSA
+i2d_RSAPublicKey                        856	EXIST::FUNCTION:RSA
+i2d_X509                                857	EXIST::FUNCTION:
+i2d_X509_ALGOR                          858	EXIST::FUNCTION:
+i2d_X509_ATTRIBUTE                      859	EXIST::FUNCTION:
+i2d_X509_CINF                           860	EXIST::FUNCTION:
+i2d_X509_CRL                            861	EXIST::FUNCTION:
+i2d_X509_CRL_INFO                       862	EXIST::FUNCTION:
+i2d_X509_CRL_bio                        863	EXIST::FUNCTION:BIO
+i2d_X509_CRL_fp                         864	EXIST::FUNCTION:FP_API
+i2d_X509_EXTENSION                      865	EXIST::FUNCTION:
+i2d_X509_NAME                           866	EXIST::FUNCTION:
+i2d_X509_NAME_ENTRY                     867	EXIST::FUNCTION:
+i2d_X509_PKEY                           868	EXIST::FUNCTION:
+i2d_X509_PUBKEY                         869	EXIST::FUNCTION:
+i2d_X509_REQ                            870	EXIST::FUNCTION:
+i2d_X509_REQ_INFO                       871	EXIST::FUNCTION:
+i2d_X509_REQ_bio                        872	EXIST::FUNCTION:BIO
+i2d_X509_REQ_fp                         873	EXIST::FUNCTION:FP_API
+i2d_X509_REVOKED                        874	EXIST::FUNCTION:
+i2d_X509_SIG                            875	EXIST::FUNCTION:
+i2d_X509_VAL                            876	EXIST::FUNCTION:
+i2d_X509_bio                            877	EXIST::FUNCTION:BIO
+i2d_X509_fp                             878	EXIST::FUNCTION:FP_API
+idea_cbc_encrypt                        879	EXIST::FUNCTION:IDEA
+idea_cfb64_encrypt                      880	EXIST::FUNCTION:IDEA
+idea_ecb_encrypt                        881	EXIST::FUNCTION:IDEA
+idea_encrypt                            882	EXIST::FUNCTION:IDEA
+idea_ofb64_encrypt                      883	EXIST::FUNCTION:IDEA
+idea_options                            884	EXIST::FUNCTION:IDEA
+idea_set_decrypt_key                    885	EXIST::FUNCTION:IDEA
+idea_set_encrypt_key                    886	EXIST::FUNCTION:IDEA
+lh_delete                               887	EXIST::FUNCTION:
+lh_doall                                888	EXIST::FUNCTION:
+lh_doall_arg                            889	EXIST::FUNCTION:
+lh_free                                 890	EXIST::FUNCTION:
+lh_insert                               891	EXIST::FUNCTION:
+lh_new                                  892	EXIST::FUNCTION:
+lh_node_stats                           893	EXIST::FUNCTION:FP_API
+lh_node_stats_bio                       894	EXIST::FUNCTION:BIO
+lh_node_usage_stats                     895	EXIST::FUNCTION:FP_API
+lh_node_usage_stats_bio                 896	EXIST::FUNCTION:BIO
+lh_retrieve                             897	EXIST::FUNCTION:
+lh_stats                                898	EXIST::FUNCTION:FP_API
+lh_stats_bio                            899	EXIST::FUNCTION:BIO
+lh_strhash                              900	EXIST::FUNCTION:
+sk_delete                               901	EXIST::FUNCTION:
+sk_delete_ptr                           902	EXIST::FUNCTION:
+sk_dup                                  903	EXIST::FUNCTION:
+sk_find                                 904	EXIST::FUNCTION:
+sk_free                                 905	EXIST::FUNCTION:
+sk_insert                               906	EXIST::FUNCTION:
+sk_new                                  907	EXIST::FUNCTION:
+sk_pop                                  908	EXIST::FUNCTION:
+sk_pop_free                             909	EXIST::FUNCTION:
+sk_push                                 910	EXIST::FUNCTION:
+sk_set_cmp_func                         911	EXIST::FUNCTION:
+sk_shift                                912	EXIST::FUNCTION:
+sk_unshift                              913	EXIST::FUNCTION:
+sk_zero                                 914	EXIST::FUNCTION:
+BIO_f_nbio_test                         915	EXIST::FUNCTION:
+ASN1_TYPE_get                           916	EXIST::FUNCTION:
+ASN1_TYPE_set                           917	EXIST::FUNCTION:
+PKCS7_content_free                      918	NOEXIST::FUNCTION:
+ERR_load_PKCS7_strings                  919	EXIST::FUNCTION:
+X509_find_by_issuer_and_serial          920	EXIST::FUNCTION:
+X509_find_by_subject                    921	EXIST::FUNCTION:
+PKCS7_ctrl                              927	EXIST::FUNCTION:
+PKCS7_set_type                          928	EXIST::FUNCTION:
+PKCS7_set_content                       929	EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_set                   930	EXIST::FUNCTION:
+PKCS7_add_signer                        931	EXIST::FUNCTION:
+PKCS7_add_certificate                   932	EXIST::FUNCTION:
+PKCS7_add_crl                           933	EXIST::FUNCTION:
+PKCS7_content_new                       934	EXIST::FUNCTION:
+PKCS7_dataSign                          935	NOEXIST::FUNCTION:
+PKCS7_dataVerify                        936	EXIST::FUNCTION:
+PKCS7_dataInit                          937	EXIST::FUNCTION:
+PKCS7_add_signature                     938	EXIST::FUNCTION:
+PKCS7_cert_from_signer_info             939	EXIST::FUNCTION:
+PKCS7_get_signer_info                   940	EXIST::FUNCTION:
+EVP_delete_alias                        941	NOEXIST::FUNCTION:
+EVP_mdc2                                942	EXIST::FUNCTION:MDC2
+PEM_read_bio_RSAPublicKey               943	EXIST::FUNCTION:RSA
+PEM_write_bio_RSAPublicKey              944	EXIST::FUNCTION:RSA
+d2i_RSAPublicKey_bio                    945	EXIST::FUNCTION:BIO,RSA
+i2d_RSAPublicKey_bio                    946	EXIST::FUNCTION:BIO,RSA
+PEM_read_RSAPublicKey                   947	EXIST:!WIN16:FUNCTION:RSA
+PEM_write_RSAPublicKey                  949	EXIST:!WIN16:FUNCTION:RSA
+d2i_RSAPublicKey_fp                     952	EXIST::FUNCTION:FP_API,RSA
+i2d_RSAPublicKey_fp                     954	EXIST::FUNCTION:FP_API,RSA
+BIO_copy_next_retry                     955	EXIST::FUNCTION:
+RSA_flags                               956	EXIST::FUNCTION:RSA
+X509_STORE_add_crl                      957	EXIST::FUNCTION:
+X509_load_crl_file                      958	EXIST::FUNCTION:STDIO
+EVP_rc2_40_cbc                          959	EXIST::FUNCTION:RC2
+EVP_rc4_40                              960	EXIST::FUNCTION:RC4
+EVP_CIPHER_CTX_init                     961	EXIST::FUNCTION:
+HMAC                                    962	EXIST::FUNCTION:HMAC
+HMAC_Init                               963	EXIST::FUNCTION:HMAC
+HMAC_Update                             964	EXIST::FUNCTION:HMAC
+HMAC_Final                              965	EXIST::FUNCTION:HMAC
+ERR_get_next_error_library              966	EXIST::FUNCTION:
+EVP_PKEY_cmp_parameters                 967	EXIST::FUNCTION:
+HMAC_cleanup                            968	NOEXIST::FUNCTION:
+BIO_ptr_ctrl                            969	EXIST::FUNCTION:
+BIO_new_file_internal                   970	NOEXIST::FUNCTION:
+BIO_new_fp_internal                     971	NOEXIST::FUNCTION:
+BIO_s_file_internal                     972	NOEXIST::FUNCTION:
+BN_BLINDING_convert                     973	EXIST::FUNCTION:
+BN_BLINDING_invert                      974	EXIST::FUNCTION:
+BN_BLINDING_update                      975	EXIST::FUNCTION:
+RSA_blinding_on                         977	EXIST::FUNCTION:RSA
+RSA_blinding_off                        978	EXIST::FUNCTION:RSA
+i2t_ASN1_OBJECT                         979	EXIST::FUNCTION:
+BN_BLINDING_new                         980	EXIST::FUNCTION:
+BN_BLINDING_free                        981	EXIST::FUNCTION:
+EVP_cast5_cbc                           983	EXIST::FUNCTION:CAST
+EVP_cast5_cfb64                         984	EXIST::FUNCTION:CAST
+EVP_cast5_ecb                           985	EXIST::FUNCTION:CAST
+EVP_cast5_ofb                           986	EXIST::FUNCTION:CAST
+BF_decrypt                              987	EXIST::FUNCTION:BF
+CAST_set_key                            988	EXIST::FUNCTION:CAST
+CAST_encrypt                            989	EXIST::FUNCTION:CAST
+CAST_decrypt                            990	EXIST::FUNCTION:CAST
+CAST_ecb_encrypt                        991	EXIST::FUNCTION:CAST
+CAST_cbc_encrypt                        992	EXIST::FUNCTION:CAST
+CAST_cfb64_encrypt                      993	EXIST::FUNCTION:CAST
+CAST_ofb64_encrypt                      994	EXIST::FUNCTION:CAST
+RC2_decrypt                             995	EXIST::FUNCTION:RC2
+OBJ_create_objects                      997	EXIST::FUNCTION:
+BN_exp                                  998	EXIST::FUNCTION:
+BN_mul_word                             999	EXIST::FUNCTION:
+BN_sub_word                             1000	EXIST::FUNCTION:
+BN_dec2bn                               1001	EXIST::FUNCTION:
+BN_bn2dec                               1002	EXIST::FUNCTION:
+BIO_ghbn_ctrl                           1003	NOEXIST::FUNCTION:
+CRYPTO_free_ex_data                     1004	EXIST::FUNCTION:
+CRYPTO_get_ex_data                      1005	EXIST::FUNCTION:
+CRYPTO_set_ex_data                      1007	EXIST::FUNCTION:
+ERR_load_CRYPTO_strings                 1009	EXIST:!OS2,!VMS:FUNCTION:
+ERR_load_CRYPTOlib_strings              1009	EXIST:OS2,VMS:FUNCTION:
+EVP_PKEY_bits                           1010	EXIST::FUNCTION:
+MD5_Transform                           1011	EXIST::FUNCTION:MD5
+SHA1_Transform                          1012	EXIST::FUNCTION:SHA,SHA1
+SHA_Transform                           1013	EXIST::FUNCTION:SHA,SHA0
+X509_STORE_CTX_get_chain                1014	EXIST::FUNCTION:
+X509_STORE_CTX_get_current_cert         1015	EXIST::FUNCTION:
+X509_STORE_CTX_get_error                1016	EXIST::FUNCTION:
+X509_STORE_CTX_get_error_depth          1017	EXIST::FUNCTION:
+X509_STORE_CTX_get_ex_data              1018	EXIST::FUNCTION:
+X509_STORE_CTX_set_cert                 1020	EXIST::FUNCTION:
+X509_STORE_CTX_set_chain                1021	EXIST::FUNCTION:
+X509_STORE_CTX_set_error                1022	EXIST::FUNCTION:
+X509_STORE_CTX_set_ex_data              1023	EXIST::FUNCTION:
+CRYPTO_dup_ex_data                      1025	EXIST::FUNCTION:
+CRYPTO_get_new_lockid                   1026	EXIST::FUNCTION:
+CRYPTO_new_ex_data                      1027	EXIST::FUNCTION:
+RSA_set_ex_data                         1028	EXIST::FUNCTION:RSA
+RSA_get_ex_data                         1029	EXIST::FUNCTION:RSA
+RSA_get_ex_new_index                    1030	EXIST::FUNCTION:RSA
+RSA_padding_add_PKCS1_type_1            1031	EXIST::FUNCTION:RSA
+RSA_padding_add_PKCS1_type_2            1032	EXIST::FUNCTION:RSA
+RSA_padding_add_SSLv23                  1033	EXIST::FUNCTION:RSA
+RSA_padding_add_none                    1034	EXIST::FUNCTION:RSA
+RSA_padding_check_PKCS1_type_1          1035	EXIST::FUNCTION:RSA
+RSA_padding_check_PKCS1_type_2          1036	EXIST::FUNCTION:RSA
+RSA_padding_check_SSLv23                1037	EXIST::FUNCTION:RSA
+RSA_padding_check_none                  1038	EXIST::FUNCTION:RSA
+bn_add_words                            1039	EXIST::FUNCTION:
+d2i_Netscape_RSA_2                      1040	NOEXIST::FUNCTION:
+CRYPTO_get_ex_new_index                 1041	EXIST::FUNCTION:
+RIPEMD160_Init                          1042	EXIST::FUNCTION:RIPEMD
+RIPEMD160_Update                        1043	EXIST::FUNCTION:RIPEMD
+RIPEMD160_Final                         1044	EXIST::FUNCTION:RIPEMD
+RIPEMD160                               1045	EXIST::FUNCTION:RIPEMD
+RIPEMD160_Transform                     1046	EXIST::FUNCTION:RIPEMD
+RC5_32_set_key                          1047	EXIST::FUNCTION:RC5
+RC5_32_ecb_encrypt                      1048	EXIST::FUNCTION:RC5
+RC5_32_encrypt                          1049	EXIST::FUNCTION:RC5
+RC5_32_decrypt                          1050	EXIST::FUNCTION:RC5
+RC5_32_cbc_encrypt                      1051	EXIST::FUNCTION:RC5
+RC5_32_cfb64_encrypt                    1052	EXIST::FUNCTION:RC5
+RC5_32_ofb64_encrypt                    1053	EXIST::FUNCTION:RC5
+BN_bn2mpi                               1058	EXIST::FUNCTION:
+BN_mpi2bn                               1059	EXIST::FUNCTION:
+ASN1_BIT_STRING_get_bit                 1060	EXIST::FUNCTION:
+ASN1_BIT_STRING_set_bit                 1061	EXIST::FUNCTION:
+BIO_get_ex_data                         1062	EXIST::FUNCTION:
+BIO_get_ex_new_index                    1063	EXIST::FUNCTION:
+BIO_set_ex_data                         1064	EXIST::FUNCTION:
+X509v3_get_key_usage                    1066	NOEXIST::FUNCTION:
+X509v3_set_key_usage                    1067	NOEXIST::FUNCTION:
+a2i_X509v3_key_usage                    1068	NOEXIST::FUNCTION:
+i2a_X509v3_key_usage                    1069	NOEXIST::FUNCTION:
+EVP_PKEY_decrypt                        1070	EXIST::FUNCTION:
+EVP_PKEY_encrypt                        1071	EXIST::FUNCTION:
+PKCS7_RECIP_INFO_set                    1072	EXIST::FUNCTION:
+PKCS7_add_recipient                     1073	EXIST::FUNCTION:
+PKCS7_add_recipient_info                1074	EXIST::FUNCTION:
+PKCS7_set_cipher                        1075	EXIST::FUNCTION:
+ASN1_TYPE_get_int_octetstring           1076	EXIST::FUNCTION:
+ASN1_TYPE_get_octetstring               1077	EXIST::FUNCTION:
+ASN1_TYPE_set_int_octetstring           1078	EXIST::FUNCTION:
+ASN1_TYPE_set_octetstring               1079	EXIST::FUNCTION:
+ASN1_UTCTIME_set_string                 1080	EXIST::FUNCTION:
+ERR_add_error_data                      1081	EXIST::FUNCTION:
+ERR_set_error_data                      1082	EXIST::FUNCTION:
+EVP_CIPHER_asn1_to_param                1083	EXIST::FUNCTION:
+EVP_CIPHER_param_to_asn1                1084	EXIST::FUNCTION:
+EVP_CIPHER_get_asn1_iv                  1085	EXIST::FUNCTION:
+EVP_CIPHER_set_asn1_iv                  1086	EXIST::FUNCTION:
+EVP_rc5_32_12_16_cbc                    1087	EXIST::FUNCTION:RC5
+EVP_rc5_32_12_16_cfb64                  1088	EXIST::FUNCTION:RC5
+EVP_rc5_32_12_16_ecb                    1089	EXIST::FUNCTION:RC5
+EVP_rc5_32_12_16_ofb                    1090	EXIST::FUNCTION:RC5
+asn1_add_error                          1091	EXIST::FUNCTION:
+d2i_ASN1_BMPSTRING                      1092	EXIST::FUNCTION:
+i2d_ASN1_BMPSTRING                      1093	EXIST::FUNCTION:
+BIO_f_ber                               1094	NOEXIST::FUNCTION:
+BN_init                                 1095	EXIST::FUNCTION:
+COMP_CTX_new                            1096	EXIST::FUNCTION:COMP
+COMP_CTX_free                           1097	EXIST::FUNCTION:COMP
+COMP_CTX_compress_block                 1098	NOEXIST::FUNCTION:
+COMP_CTX_expand_block                   1099	NOEXIST::FUNCTION:
+X509_STORE_CTX_get_ex_new_index         1100	EXIST::FUNCTION:
+OBJ_NAME_add                            1101	EXIST::FUNCTION:
+BIO_socket_nbio                         1102	EXIST::FUNCTION:
+EVP_rc2_64_cbc                          1103	EXIST::FUNCTION:RC2
+OBJ_NAME_cleanup                        1104	EXIST::FUNCTION:
+OBJ_NAME_get                            1105	EXIST::FUNCTION:
+OBJ_NAME_init                           1106	EXIST::FUNCTION:
+OBJ_NAME_new_index                      1107	EXIST::FUNCTION:
+OBJ_NAME_remove                         1108	EXIST::FUNCTION:
+BN_MONT_CTX_copy                        1109	EXIST::FUNCTION:
+BIO_new_socks4a_connect                 1110	NOEXIST::FUNCTION:
+BIO_s_socks4a_connect                   1111	NOEXIST::FUNCTION:
+PROXY_set_connect_mode                  1112	NOEXIST::FUNCTION:
+RAND_SSLeay                             1113	EXIST::FUNCTION:
+RAND_set_rand_method                    1114	EXIST::FUNCTION:
+RSA_memory_lock                         1115	EXIST::FUNCTION:RSA
+bn_sub_words                            1116	EXIST::FUNCTION:
+bn_mul_normal                           1117	NOEXIST::FUNCTION:
+bn_mul_comba8                           1118	NOEXIST::FUNCTION:
+bn_mul_comba4                           1119	NOEXIST::FUNCTION:
+bn_sqr_normal                           1120	NOEXIST::FUNCTION:
+bn_sqr_comba8                           1121	NOEXIST::FUNCTION:
+bn_sqr_comba4                           1122	NOEXIST::FUNCTION:
+bn_cmp_words                            1123	NOEXIST::FUNCTION:
+bn_mul_recursive                        1124	NOEXIST::FUNCTION:
+bn_mul_part_recursive                   1125	NOEXIST::FUNCTION:
+bn_sqr_recursive                        1126	NOEXIST::FUNCTION:
+bn_mul_low_normal                       1127	NOEXIST::FUNCTION:
+BN_RECP_CTX_init                        1128	EXIST::FUNCTION:
+BN_RECP_CTX_new                         1129	EXIST::FUNCTION:
+BN_RECP_CTX_free                        1130	EXIST::FUNCTION:
+BN_RECP_CTX_set                         1131	EXIST::FUNCTION:
+BN_mod_mul_reciprocal                   1132	EXIST::FUNCTION:
+BN_mod_exp_recp                         1133	EXIST::FUNCTION:
+BN_div_recp                             1134	EXIST::FUNCTION:
+BN_CTX_init                             1135	EXIST::FUNCTION:DEPRECATED
+BN_MONT_CTX_init                        1136	EXIST::FUNCTION:
+RAND_get_rand_method                    1137	EXIST::FUNCTION:
+PKCS7_add_attribute                     1138	EXIST::FUNCTION:
+PKCS7_add_signed_attribute              1139	EXIST::FUNCTION:
+PKCS7_digest_from_attributes            1140	EXIST::FUNCTION:
+PKCS7_get_attribute                     1141	EXIST::FUNCTION:
+PKCS7_get_issuer_and_serial             1142	EXIST::FUNCTION:
+PKCS7_get_signed_attribute              1143	EXIST::FUNCTION:
+COMP_compress_block                     1144	EXIST::FUNCTION:COMP
+COMP_expand_block                       1145	EXIST::FUNCTION:COMP
+COMP_rle                                1146	EXIST::FUNCTION:COMP
+COMP_zlib                               1147	EXIST::FUNCTION:COMP
+ms_time_diff                            1148	NOEXIST::FUNCTION:
+ms_time_new                             1149	NOEXIST::FUNCTION:
+ms_time_free                            1150	NOEXIST::FUNCTION:
+ms_time_cmp                             1151	NOEXIST::FUNCTION:
+ms_time_get                             1152	NOEXIST::FUNCTION:
+PKCS7_set_attributes                    1153	EXIST::FUNCTION:
+PKCS7_set_signed_attributes             1154	EXIST::FUNCTION:
+X509_ATTRIBUTE_create                   1155	EXIST::FUNCTION:
+X509_ATTRIBUTE_dup                      1156	EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_check              1157	EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_print              1158	EXIST::FUNCTION:BIO
+ASN1_GENERALIZEDTIME_set                1159	EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_set_string         1160	EXIST::FUNCTION:
+ASN1_TIME_print                         1161	EXIST::FUNCTION:BIO
+BASIC_CONSTRAINTS_free                  1162	EXIST::FUNCTION:
+BASIC_CONSTRAINTS_new                   1163	EXIST::FUNCTION:
+ERR_load_X509V3_strings                 1164	EXIST::FUNCTION:
+NETSCAPE_CERT_SEQUENCE_free             1165	EXIST::FUNCTION:
+NETSCAPE_CERT_SEQUENCE_new              1166	EXIST::FUNCTION:
+OBJ_txt2obj                             1167	EXIST::FUNCTION:
+PEM_read_NETSCAPE_CERT_SEQUENCE         1168	EXIST:!VMS,!WIN16:FUNCTION:
+PEM_read_NS_CERT_SEQ                    1168	EXIST:VMS:FUNCTION:
+PEM_read_bio_NETSCAPE_CERT_SEQUENCE     1169	EXIST:!VMS:FUNCTION:
+PEM_read_bio_NS_CERT_SEQ                1169	EXIST:VMS:FUNCTION:
+PEM_write_NETSCAPE_CERT_SEQUENCE        1170	EXIST:!VMS,!WIN16:FUNCTION:
+PEM_write_NS_CERT_SEQ                   1170	EXIST:VMS:FUNCTION:
+PEM_write_bio_NETSCAPE_CERT_SEQUENCE    1171	EXIST:!VMS:FUNCTION:
+PEM_write_bio_NS_CERT_SEQ               1171	EXIST:VMS:FUNCTION:
+X509V3_EXT_add                          1172	EXIST::FUNCTION:
+X509V3_EXT_add_alias                    1173	EXIST::FUNCTION:
+X509V3_EXT_add_conf                     1174	EXIST::FUNCTION:
+X509V3_EXT_cleanup                      1175	EXIST::FUNCTION:
+X509V3_EXT_conf                         1176	EXIST::FUNCTION:
+X509V3_EXT_conf_nid                     1177	EXIST::FUNCTION:
+X509V3_EXT_get                          1178	EXIST::FUNCTION:
+X509V3_EXT_get_nid                      1179	EXIST::FUNCTION:
+X509V3_EXT_print                        1180	EXIST::FUNCTION:
+X509V3_EXT_print_fp                     1181	EXIST::FUNCTION:
+X509V3_add_standard_extensions          1182	EXIST::FUNCTION:
+X509V3_add_value                        1183	EXIST::FUNCTION:
+X509V3_add_value_bool                   1184	EXIST::FUNCTION:
+X509V3_add_value_int                    1185	EXIST::FUNCTION:
+X509V3_conf_free                        1186	EXIST::FUNCTION:
+X509V3_get_value_bool                   1187	EXIST::FUNCTION:
+X509V3_get_value_int                    1188	EXIST::FUNCTION:
+X509V3_parse_list                       1189	EXIST::FUNCTION:
+d2i_ASN1_GENERALIZEDTIME                1190	EXIST::FUNCTION:
+d2i_ASN1_TIME                           1191	EXIST::FUNCTION:
+d2i_BASIC_CONSTRAINTS                   1192	EXIST::FUNCTION:
+d2i_NETSCAPE_CERT_SEQUENCE              1193	EXIST::FUNCTION:
+d2i_ext_ku                              1194	NOEXIST::FUNCTION:
+ext_ku_free                             1195	NOEXIST::FUNCTION:
+ext_ku_new                              1196	NOEXIST::FUNCTION:
+i2d_ASN1_GENERALIZEDTIME                1197	EXIST::FUNCTION:
+i2d_ASN1_TIME                           1198	EXIST::FUNCTION:
+i2d_BASIC_CONSTRAINTS                   1199	EXIST::FUNCTION:
+i2d_NETSCAPE_CERT_SEQUENCE              1200	EXIST::FUNCTION:
+i2d_ext_ku                              1201	NOEXIST::FUNCTION:
+EVP_MD_CTX_copy                         1202	EXIST::FUNCTION:
+i2d_ASN1_ENUMERATED                     1203	EXIST::FUNCTION:
+d2i_ASN1_ENUMERATED                     1204	EXIST::FUNCTION:
+ASN1_ENUMERATED_set                     1205	EXIST::FUNCTION:
+ASN1_ENUMERATED_get                     1206	EXIST::FUNCTION:
+BN_to_ASN1_ENUMERATED                   1207	EXIST::FUNCTION:
+ASN1_ENUMERATED_to_BN                   1208	EXIST::FUNCTION:
+i2a_ASN1_ENUMERATED                     1209	EXIST::FUNCTION:BIO
+a2i_ASN1_ENUMERATED                     1210	EXIST::FUNCTION:BIO
+i2d_GENERAL_NAME                        1211	EXIST::FUNCTION:
+d2i_GENERAL_NAME                        1212	EXIST::FUNCTION:
+GENERAL_NAME_new                        1213	EXIST::FUNCTION:
+GENERAL_NAME_free                       1214	EXIST::FUNCTION:
+GENERAL_NAMES_new                       1215	EXIST::FUNCTION:
+GENERAL_NAMES_free                      1216	EXIST::FUNCTION:
+d2i_GENERAL_NAMES                       1217	EXIST::FUNCTION:
+i2d_GENERAL_NAMES                       1218	EXIST::FUNCTION:
+i2v_GENERAL_NAMES                       1219	EXIST::FUNCTION:
+i2s_ASN1_OCTET_STRING                   1220	EXIST::FUNCTION:
+s2i_ASN1_OCTET_STRING                   1221	EXIST::FUNCTION:
+X509V3_EXT_check_conf                   1222	NOEXIST::FUNCTION:
+hex_to_string                           1223	EXIST::FUNCTION:
+string_to_hex                           1224	EXIST::FUNCTION:
+DES_ede3_cbcm_encrypt                   1225	EXIST::FUNCTION:DES
+RSA_padding_add_PKCS1_OAEP              1226	EXIST::FUNCTION:RSA
+RSA_padding_check_PKCS1_OAEP            1227	EXIST::FUNCTION:RSA
+X509_CRL_print_fp                       1228	EXIST::FUNCTION:FP_API
+X509_CRL_print                          1229	EXIST::FUNCTION:BIO
+i2v_GENERAL_NAME                        1230	EXIST::FUNCTION:
+v2i_GENERAL_NAME                        1231	EXIST::FUNCTION:
+i2d_PKEY_USAGE_PERIOD                   1232	EXIST::FUNCTION:
+d2i_PKEY_USAGE_PERIOD                   1233	EXIST::FUNCTION:
+PKEY_USAGE_PERIOD_new                   1234	EXIST::FUNCTION:
+PKEY_USAGE_PERIOD_free                  1235	EXIST::FUNCTION:
+v2i_GENERAL_NAMES                       1236	EXIST::FUNCTION:
+i2s_ASN1_INTEGER                        1237	EXIST::FUNCTION:
+X509V3_EXT_d2i                          1238	EXIST::FUNCTION:
+name_cmp                                1239	EXIST::FUNCTION:
+str_dup                                 1240	NOEXIST::FUNCTION:
+i2s_ASN1_ENUMERATED                     1241	EXIST::FUNCTION:
+i2s_ASN1_ENUMERATED_TABLE               1242	EXIST::FUNCTION:
+BIO_s_log                               1243	EXIST:!OS2,!WIN16,!WIN32,!macintosh:FUNCTION:
+BIO_f_reliable                          1244	EXIST::FUNCTION:BIO
+PKCS7_dataFinal                         1245	EXIST::FUNCTION:
+PKCS7_dataDecode                        1246	EXIST::FUNCTION:
+X509V3_EXT_CRL_add_conf                 1247	EXIST::FUNCTION:
+BN_set_params                           1248	EXIST::FUNCTION:DEPRECATED
+BN_get_params                           1249	EXIST::FUNCTION:DEPRECATED
+BIO_get_ex_num                          1250	NOEXIST::FUNCTION:
+BIO_set_ex_free_func                    1251	NOEXIST::FUNCTION:
+EVP_ripemd160                           1252	EXIST::FUNCTION:RIPEMD
+ASN1_TIME_set                           1253	EXIST::FUNCTION:
+i2d_AUTHORITY_KEYID                     1254	EXIST::FUNCTION:
+d2i_AUTHORITY_KEYID                     1255	EXIST::FUNCTION:
+AUTHORITY_KEYID_new                     1256	EXIST::FUNCTION:
+AUTHORITY_KEYID_free                    1257	EXIST::FUNCTION:
+ASN1_seq_unpack                         1258	EXIST::FUNCTION:
+ASN1_seq_pack                           1259	EXIST::FUNCTION:
+ASN1_unpack_string                      1260	EXIST::FUNCTION:
+ASN1_pack_string                        1261	EXIST::FUNCTION:
+PKCS12_pack_safebag                     1262	NOEXIST::FUNCTION:
+PKCS12_MAKE_KEYBAG                      1263	EXIST::FUNCTION:
+PKCS8_encrypt                           1264	EXIST::FUNCTION:
+PKCS12_MAKE_SHKEYBAG                    1265	EXIST::FUNCTION:
+PKCS12_pack_p7data                      1266	EXIST::FUNCTION:
+PKCS12_pack_p7encdata                   1267	EXIST::FUNCTION:
+PKCS12_add_localkeyid                   1268	EXIST::FUNCTION:
+PKCS12_add_friendlyname_asc             1269	EXIST::FUNCTION:
+PKCS12_add_friendlyname_uni             1270	EXIST::FUNCTION:
+PKCS12_get_friendlyname                 1271	EXIST::FUNCTION:
+PKCS12_pbe_crypt                        1272	EXIST::FUNCTION:
+PKCS12_decrypt_d2i                      1273	NOEXIST::FUNCTION:
+PKCS12_i2d_encrypt                      1274	NOEXIST::FUNCTION:
+PKCS12_init                             1275	EXIST::FUNCTION:
+PKCS12_key_gen_asc                      1276	EXIST::FUNCTION:
+PKCS12_key_gen_uni                      1277	EXIST::FUNCTION:
+PKCS12_gen_mac                          1278	EXIST::FUNCTION:
+PKCS12_verify_mac                       1279	EXIST::FUNCTION:
+PKCS12_set_mac                          1280	EXIST::FUNCTION:
+PKCS12_setup_mac                        1281	EXIST::FUNCTION:
+OPENSSL_asc2uni                         1282	EXIST::FUNCTION:
+OPENSSL_uni2asc                         1283	EXIST::FUNCTION:
+i2d_PKCS12_BAGS                         1284	EXIST::FUNCTION:
+PKCS12_BAGS_new                         1285	EXIST::FUNCTION:
+d2i_PKCS12_BAGS                         1286	EXIST::FUNCTION:
+PKCS12_BAGS_free                        1287	EXIST::FUNCTION:
+i2d_PKCS12                              1288	EXIST::FUNCTION:
+d2i_PKCS12                              1289	EXIST::FUNCTION:
+PKCS12_new                              1290	EXIST::FUNCTION:
+PKCS12_free                             1291	EXIST::FUNCTION:
+i2d_PKCS12_MAC_DATA                     1292	EXIST::FUNCTION:
+PKCS12_MAC_DATA_new                     1293	EXIST::FUNCTION:
+d2i_PKCS12_MAC_DATA                     1294	EXIST::FUNCTION:
+PKCS12_MAC_DATA_free                    1295	EXIST::FUNCTION:
+i2d_PKCS12_SAFEBAG                      1296	EXIST::FUNCTION:
+PKCS12_SAFEBAG_new                      1297	EXIST::FUNCTION:
+d2i_PKCS12_SAFEBAG                      1298	EXIST::FUNCTION:
+PKCS12_SAFEBAG_free                     1299	EXIST::FUNCTION:
+ERR_load_PKCS12_strings                 1300	EXIST::FUNCTION:
+PKCS12_PBE_add                          1301	EXIST::FUNCTION:
+PKCS8_add_keyusage                      1302	EXIST::FUNCTION:
+PKCS12_get_attr_gen                     1303	EXIST::FUNCTION:
+PKCS12_parse                            1304	EXIST::FUNCTION:
+PKCS12_create                           1305	EXIST::FUNCTION:
+i2d_PKCS12_bio                          1306	EXIST::FUNCTION:
+i2d_PKCS12_fp                           1307	EXIST::FUNCTION:
+d2i_PKCS12_bio                          1308	EXIST::FUNCTION:
+d2i_PKCS12_fp                           1309	EXIST::FUNCTION:
+i2d_PBEPARAM                            1310	EXIST::FUNCTION:
+PBEPARAM_new                            1311	EXIST::FUNCTION:
+d2i_PBEPARAM                            1312	EXIST::FUNCTION:
+PBEPARAM_free                           1313	EXIST::FUNCTION:
+i2d_PKCS8_PRIV_KEY_INFO                 1314	EXIST::FUNCTION:
+PKCS8_PRIV_KEY_INFO_new                 1315	EXIST::FUNCTION:
+d2i_PKCS8_PRIV_KEY_INFO                 1316	EXIST::FUNCTION:
+PKCS8_PRIV_KEY_INFO_free                1317	EXIST::FUNCTION:
+EVP_PKCS82PKEY                          1318	EXIST::FUNCTION:
+EVP_PKEY2PKCS8                          1319	EXIST::FUNCTION:
+PKCS8_set_broken                        1320	EXIST::FUNCTION:
+EVP_PBE_ALGOR_CipherInit                1321	NOEXIST::FUNCTION:
+EVP_PBE_alg_add                         1322	EXIST::FUNCTION:
+PKCS5_pbe_set                           1323	EXIST::FUNCTION:
+EVP_PBE_cleanup                         1324	EXIST::FUNCTION:
+i2d_SXNET                               1325	EXIST::FUNCTION:
+d2i_SXNET                               1326	EXIST::FUNCTION:
+SXNET_new                               1327	EXIST::FUNCTION:
+SXNET_free                              1328	EXIST::FUNCTION:
+i2d_SXNETID                             1329	EXIST::FUNCTION:
+d2i_SXNETID                             1330	EXIST::FUNCTION:
+SXNETID_new                             1331	EXIST::FUNCTION:
+SXNETID_free                            1332	EXIST::FUNCTION:
+DSA_SIG_new                             1333	EXIST::FUNCTION:DSA
+DSA_SIG_free                            1334	EXIST::FUNCTION:DSA
+DSA_do_sign                             1335	EXIST::FUNCTION:DSA
+DSA_do_verify                           1336	EXIST::FUNCTION:DSA
+d2i_DSA_SIG                             1337	EXIST::FUNCTION:DSA
+i2d_DSA_SIG                             1338	EXIST::FUNCTION:DSA
+i2d_ASN1_VISIBLESTRING                  1339	EXIST::FUNCTION:
+d2i_ASN1_VISIBLESTRING                  1340	EXIST::FUNCTION:
+i2d_ASN1_UTF8STRING                     1341	EXIST::FUNCTION:
+d2i_ASN1_UTF8STRING                     1342	EXIST::FUNCTION:
+i2d_DIRECTORYSTRING                     1343	EXIST::FUNCTION:
+d2i_DIRECTORYSTRING                     1344	EXIST::FUNCTION:
+i2d_DISPLAYTEXT                         1345	EXIST::FUNCTION:
+d2i_DISPLAYTEXT                         1346	EXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509                    1379	NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509                    1380	NOEXIST::FUNCTION:
+i2d_PBKDF2PARAM                         1397	EXIST::FUNCTION:
+PBKDF2PARAM_new                         1398	EXIST::FUNCTION:
+d2i_PBKDF2PARAM                         1399	EXIST::FUNCTION:
+PBKDF2PARAM_free                        1400	EXIST::FUNCTION:
+i2d_PBE2PARAM                           1401	EXIST::FUNCTION:
+PBE2PARAM_new                           1402	EXIST::FUNCTION:
+d2i_PBE2PARAM                           1403	EXIST::FUNCTION:
+PBE2PARAM_free                          1404	EXIST::FUNCTION:
+d2i_ASN1_SET_OF_GENERAL_NAME            1421	NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_GENERAL_NAME            1422	NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_SXNETID                 1439	NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_SXNETID                 1440	NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_POLICYQUALINFO          1457	NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_POLICYQUALINFO          1458	NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_POLICYINFO              1475	NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_POLICYINFO              1476	NOEXIST::FUNCTION:
+SXNET_add_id_asc                        1477	EXIST::FUNCTION:
+SXNET_add_id_ulong                      1478	EXIST::FUNCTION:
+SXNET_add_id_INTEGER                    1479	EXIST::FUNCTION:
+SXNET_get_id_asc                        1480	EXIST::FUNCTION:
+SXNET_get_id_ulong                      1481	EXIST::FUNCTION:
+SXNET_get_id_INTEGER                    1482	EXIST::FUNCTION:
+X509V3_set_conf_lhash                   1483	EXIST::FUNCTION:
+i2d_CERTIFICATEPOLICIES                 1484	EXIST::FUNCTION:
+CERTIFICATEPOLICIES_new                 1485	EXIST::FUNCTION:
+CERTIFICATEPOLICIES_free                1486	EXIST::FUNCTION:
+d2i_CERTIFICATEPOLICIES                 1487	EXIST::FUNCTION:
+i2d_POLICYINFO                          1488	EXIST::FUNCTION:
+POLICYINFO_new                          1489	EXIST::FUNCTION:
+d2i_POLICYINFO                          1490	EXIST::FUNCTION:
+POLICYINFO_free                         1491	EXIST::FUNCTION:
+i2d_POLICYQUALINFO                      1492	EXIST::FUNCTION:
+POLICYQUALINFO_new                      1493	EXIST::FUNCTION:
+d2i_POLICYQUALINFO                      1494	EXIST::FUNCTION:
+POLICYQUALINFO_free                     1495	EXIST::FUNCTION:
+i2d_USERNOTICE                          1496	EXIST::FUNCTION:
+USERNOTICE_new                          1497	EXIST::FUNCTION:
+d2i_USERNOTICE                          1498	EXIST::FUNCTION:
+USERNOTICE_free                         1499	EXIST::FUNCTION:
+i2d_NOTICEREF                           1500	EXIST::FUNCTION:
+NOTICEREF_new                           1501	EXIST::FUNCTION:
+d2i_NOTICEREF                           1502	EXIST::FUNCTION:
+NOTICEREF_free                          1503	EXIST::FUNCTION:
+X509V3_get_string                       1504	EXIST::FUNCTION:
+X509V3_get_section                      1505	EXIST::FUNCTION:
+X509V3_string_free                      1506	EXIST::FUNCTION:
+X509V3_section_free                     1507	EXIST::FUNCTION:
+X509V3_set_ctx                          1508	EXIST::FUNCTION:
+s2i_ASN1_INTEGER                        1509	EXIST::FUNCTION:
+CRYPTO_set_locked_mem_functions         1510	EXIST::FUNCTION:
+CRYPTO_get_locked_mem_functions         1511	EXIST::FUNCTION:
+CRYPTO_malloc_locked                    1512	EXIST::FUNCTION:
+CRYPTO_free_locked                      1513	EXIST::FUNCTION:
+BN_mod_exp2_mont                        1514	EXIST::FUNCTION:
+ERR_get_error_line_data                 1515	EXIST::FUNCTION:
+ERR_peek_error_line_data                1516	EXIST::FUNCTION:
+PKCS12_PBE_keyivgen                     1517	EXIST::FUNCTION:
+X509_ALGOR_dup                          1518	EXIST::FUNCTION:
+d2i_ASN1_SET_OF_DIST_POINT              1535	NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_DIST_POINT              1536	NOEXIST::FUNCTION:
+i2d_CRL_DIST_POINTS                     1537	EXIST::FUNCTION:
+CRL_DIST_POINTS_new                     1538	EXIST::FUNCTION:
+CRL_DIST_POINTS_free                    1539	EXIST::FUNCTION:
+d2i_CRL_DIST_POINTS                     1540	EXIST::FUNCTION:
+i2d_DIST_POINT                          1541	EXIST::FUNCTION:
+DIST_POINT_new                          1542	EXIST::FUNCTION:
+d2i_DIST_POINT                          1543	EXIST::FUNCTION:
+DIST_POINT_free                         1544	EXIST::FUNCTION:
+i2d_DIST_POINT_NAME                     1545	EXIST::FUNCTION:
+DIST_POINT_NAME_new                     1546	EXIST::FUNCTION:
+DIST_POINT_NAME_free                    1547	EXIST::FUNCTION:
+d2i_DIST_POINT_NAME                     1548	EXIST::FUNCTION:
+X509V3_add_value_uchar                  1549	EXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509_ATTRIBUTE          1555	NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_ASN1_TYPE               1560	NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509_EXTENSION          1567	NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509_NAME_ENTRY         1574	NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_ASN1_TYPE               1589	NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509_ATTRIBUTE          1615	NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509_EXTENSION          1624	NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509_NAME_ENTRY         1633	NOEXIST::FUNCTION:
+X509V3_EXT_i2d                          1646	EXIST::FUNCTION:
+X509V3_EXT_val_prn                      1647	EXIST::FUNCTION:
+X509V3_EXT_add_list                     1648	EXIST::FUNCTION:
+EVP_CIPHER_type                         1649	EXIST::FUNCTION:
+EVP_PBE_CipherInit                      1650	EXIST::FUNCTION:
+X509V3_add_value_bool_nf                1651	EXIST::FUNCTION:
+d2i_ASN1_UINTEGER                       1652	EXIST::FUNCTION:
+sk_value                                1653	EXIST::FUNCTION:
+sk_num                                  1654	EXIST::FUNCTION:
+sk_set                                  1655	EXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509_REVOKED            1661	NOEXIST::FUNCTION:
+sk_sort                                 1671	EXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509_REVOKED            1674	NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509_ALGOR              1682	NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509_CRL                1685	NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509_ALGOR              1696	NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509_CRL                1702	NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO       1723	NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_PKCS7_RECIP_INFO        1738	NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO       1748	NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_PKCS7_RECIP_INFO        1753	NOEXIST::FUNCTION:
+PKCS5_PBE_add                           1775	EXIST::FUNCTION:
+PEM_write_bio_PKCS8                     1776	EXIST::FUNCTION:
+i2d_PKCS8_fp                            1777	EXIST::FUNCTION:FP_API
+PEM_read_bio_PKCS8_PRIV_KEY_INFO        1778	EXIST:!VMS:FUNCTION:
+PEM_read_bio_P8_PRIV_KEY_INFO           1778	EXIST:VMS:FUNCTION:
+d2i_PKCS8_bio                           1779	EXIST::FUNCTION:BIO
+d2i_PKCS8_PRIV_KEY_INFO_fp              1780	EXIST::FUNCTION:FP_API
+PEM_write_bio_PKCS8_PRIV_KEY_INFO       1781	EXIST:!VMS:FUNCTION:
+PEM_write_bio_P8_PRIV_KEY_INFO          1781	EXIST:VMS:FUNCTION:
+PEM_read_PKCS8                          1782	EXIST:!WIN16:FUNCTION:
+d2i_PKCS8_PRIV_KEY_INFO_bio             1783	EXIST::FUNCTION:BIO
+d2i_PKCS8_fp                            1784	EXIST::FUNCTION:FP_API
+PEM_write_PKCS8                         1785	EXIST:!WIN16:FUNCTION:
+PEM_read_PKCS8_PRIV_KEY_INFO            1786	EXIST:!VMS,!WIN16:FUNCTION:
+PEM_read_P8_PRIV_KEY_INFO               1786	EXIST:VMS:FUNCTION:
+PEM_read_bio_PKCS8                      1787	EXIST::FUNCTION:
+PEM_write_PKCS8_PRIV_KEY_INFO           1788	EXIST:!VMS,!WIN16:FUNCTION:
+PEM_write_P8_PRIV_KEY_INFO              1788	EXIST:VMS:FUNCTION:
+PKCS5_PBE_keyivgen                      1789	EXIST::FUNCTION:
+i2d_PKCS8_bio                           1790	EXIST::FUNCTION:BIO
+i2d_PKCS8_PRIV_KEY_INFO_fp              1791	EXIST::FUNCTION:FP_API
+i2d_PKCS8_PRIV_KEY_INFO_bio             1792	EXIST::FUNCTION:BIO
+BIO_s_bio                               1793	EXIST::FUNCTION:
+PKCS5_pbe2_set                          1794	EXIST::FUNCTION:
+PKCS5_PBKDF2_HMAC_SHA1                  1795	EXIST::FUNCTION:
+PKCS5_v2_PBE_keyivgen                   1796	EXIST::FUNCTION:
+PEM_write_bio_PKCS8PrivateKey           1797	EXIST::FUNCTION:
+PEM_write_PKCS8PrivateKey               1798	EXIST::FUNCTION:
+BIO_ctrl_get_read_request               1799	EXIST::FUNCTION:
+BIO_ctrl_pending                        1800	EXIST::FUNCTION:
+BIO_ctrl_wpending                       1801	EXIST::FUNCTION:
+BIO_new_bio_pair                        1802	EXIST::FUNCTION:
+BIO_ctrl_get_write_guarantee            1803	EXIST::FUNCTION:
+CRYPTO_num_locks                        1804	EXIST::FUNCTION:
+CONF_load_bio                           1805	EXIST::FUNCTION:
+CONF_load_fp                            1806	EXIST::FUNCTION:FP_API
+i2d_ASN1_SET_OF_ASN1_OBJECT             1837	NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_ASN1_OBJECT             1844	NOEXIST::FUNCTION:
+PKCS7_signatureVerify                   1845	EXIST::FUNCTION:
+RSA_set_method                          1846	EXIST::FUNCTION:RSA
+RSA_get_method                          1847	EXIST::FUNCTION:RSA
+RSA_get_default_method                  1848	EXIST::FUNCTION:RSA
+RSA_check_key                           1869	EXIST::FUNCTION:RSA
+OBJ_obj2txt                             1870	EXIST::FUNCTION:
+DSA_dup_DH                              1871	EXIST::FUNCTION:DH,DSA
+X509_REQ_get_extensions                 1872	EXIST::FUNCTION:
+X509_REQ_set_extension_nids             1873	EXIST::FUNCTION:
+BIO_nwrite                              1874	EXIST::FUNCTION:
+X509_REQ_extension_nid                  1875	EXIST::FUNCTION:
+BIO_nread                               1876	EXIST::FUNCTION:
+X509_REQ_get_extension_nids             1877	EXIST::FUNCTION:
+BIO_nwrite0                             1878	EXIST::FUNCTION:
+X509_REQ_add_extensions_nid             1879	EXIST::FUNCTION:
+BIO_nread0                              1880	EXIST::FUNCTION:
+X509_REQ_add_extensions                 1881	EXIST::FUNCTION:
+BIO_new_mem_buf                         1882	EXIST::FUNCTION:
+DH_set_ex_data                          1883	EXIST::FUNCTION:DH
+DH_set_method                           1884	EXIST::FUNCTION:DH
+DSA_OpenSSL                             1885	EXIST::FUNCTION:DSA
+DH_get_ex_data                          1886	EXIST::FUNCTION:DH
+DH_get_ex_new_index                     1887	EXIST::FUNCTION:DH
+DSA_new_method                          1888	EXIST::FUNCTION:DSA
+DH_new_method                           1889	EXIST::FUNCTION:DH
+DH_OpenSSL                              1890	EXIST::FUNCTION:DH
+DSA_get_ex_new_index                    1891	EXIST::FUNCTION:DSA
+DH_get_default_method                   1892	EXIST::FUNCTION:DH
+DSA_set_ex_data                         1893	EXIST::FUNCTION:DSA
+DH_set_default_method                   1894	EXIST::FUNCTION:DH
+DSA_get_ex_data                         1895	EXIST::FUNCTION:DSA
+X509V3_EXT_REQ_add_conf                 1896	EXIST::FUNCTION:
+NETSCAPE_SPKI_print                     1897	EXIST::FUNCTION:EVP
+NETSCAPE_SPKI_set_pubkey                1898	EXIST::FUNCTION:EVP
+NETSCAPE_SPKI_b64_encode                1899	EXIST::FUNCTION:EVP
+NETSCAPE_SPKI_get_pubkey                1900	EXIST::FUNCTION:EVP
+NETSCAPE_SPKI_b64_decode                1901	EXIST::FUNCTION:EVP
+UTF8_putc                               1902	EXIST::FUNCTION:
+UTF8_getc                               1903	EXIST::FUNCTION:
+RSA_null_method                         1904	EXIST::FUNCTION:RSA
+ASN1_tag2str                            1905	EXIST::FUNCTION:
+BIO_ctrl_reset_read_request             1906	EXIST::FUNCTION:
+DISPLAYTEXT_new                         1907	EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_free               1908	EXIST::FUNCTION:
+X509_REVOKED_get_ext_d2i                1909	EXIST::FUNCTION:
+X509_set_ex_data                        1910	EXIST::FUNCTION:
+X509_reject_set_bit_asc                 1911	NOEXIST::FUNCTION:
+X509_NAME_add_entry_by_txt              1912	EXIST::FUNCTION:
+X509_NAME_add_entry_by_NID              1914	EXIST::FUNCTION:
+X509_PURPOSE_get0                       1915	EXIST::FUNCTION:
+PEM_read_X509_AUX                       1917	EXIST:!WIN16:FUNCTION:
+d2i_AUTHORITY_INFO_ACCESS               1918	EXIST::FUNCTION:
+PEM_write_PUBKEY                        1921	EXIST:!WIN16:FUNCTION:
+ACCESS_DESCRIPTION_new                  1925	EXIST::FUNCTION:
+X509_CERT_AUX_free                      1926	EXIST::FUNCTION:
+d2i_ACCESS_DESCRIPTION                  1927	EXIST::FUNCTION:
+X509_trust_clear                        1928	EXIST::FUNCTION:
+X509_TRUST_add                          1931	EXIST::FUNCTION:
+ASN1_VISIBLESTRING_new                  1932	EXIST::FUNCTION:
+X509_alias_set1                         1933	EXIST::FUNCTION:
+ASN1_PRINTABLESTRING_free               1934	EXIST::FUNCTION:
+EVP_PKEY_get1_DSA                       1935	EXIST::FUNCTION:DSA
+ASN1_BMPSTRING_new                      1936	EXIST::FUNCTION:
+ASN1_mbstring_copy                      1937	EXIST::FUNCTION:
+ASN1_UTF8STRING_new                     1938	EXIST::FUNCTION:
+DSA_get_default_method                  1941	EXIST::FUNCTION:DSA
+i2d_ASN1_SET_OF_ACCESS_DESCRIPTION      1945	NOEXIST::FUNCTION:
+ASN1_T61STRING_free                     1946	EXIST::FUNCTION:
+DSA_set_method                          1949	EXIST::FUNCTION:DSA
+X509_get_ex_data                        1950	EXIST::FUNCTION:
+ASN1_STRING_type                        1951	EXIST::FUNCTION:
+X509_PURPOSE_get_by_sname               1952	EXIST::FUNCTION:
+ASN1_TIME_free                          1954	EXIST::FUNCTION:
+ASN1_OCTET_STRING_cmp                   1955	EXIST::FUNCTION:
+ASN1_BIT_STRING_new                     1957	EXIST::FUNCTION:
+X509_get_ext_d2i                        1958	EXIST::FUNCTION:
+PEM_read_bio_X509_AUX                   1959	EXIST::FUNCTION:
+ASN1_STRING_set_default_mask_asc        1960	EXIST:!VMS:FUNCTION:
+ASN1_STRING_set_def_mask_asc            1960	EXIST:VMS:FUNCTION:
+PEM_write_bio_RSA_PUBKEY                1961	EXIST::FUNCTION:RSA
+ASN1_INTEGER_cmp                        1963	EXIST::FUNCTION:
+d2i_RSA_PUBKEY_fp                       1964	EXIST::FUNCTION:FP_API,RSA
+X509_trust_set_bit_asc                  1967	NOEXIST::FUNCTION:
+PEM_write_bio_DSA_PUBKEY                1968	EXIST::FUNCTION:DSA
+X509_STORE_CTX_free                     1969	EXIST::FUNCTION:
+EVP_PKEY_set1_DSA                       1970	EXIST::FUNCTION:DSA
+i2d_DSA_PUBKEY_fp                       1971	EXIST::FUNCTION:DSA,FP_API
+X509_load_cert_crl_file                 1972	EXIST::FUNCTION:STDIO
+ASN1_TIME_new                           1973	EXIST::FUNCTION:
+i2d_RSA_PUBKEY                          1974	EXIST::FUNCTION:RSA
+X509_STORE_CTX_purpose_inherit          1976	EXIST::FUNCTION:
+PEM_read_RSA_PUBKEY                     1977	EXIST:!WIN16:FUNCTION:RSA
+d2i_X509_AUX                            1980	EXIST::FUNCTION:
+i2d_DSA_PUBKEY                          1981	EXIST::FUNCTION:DSA
+X509_CERT_AUX_print                     1982	EXIST::FUNCTION:BIO
+PEM_read_DSA_PUBKEY                     1984	EXIST:!WIN16:FUNCTION:DSA
+i2d_RSA_PUBKEY_bio                      1985	EXIST::FUNCTION:BIO,RSA
+ASN1_BIT_STRING_num_asc                 1986	EXIST::FUNCTION:
+i2d_PUBKEY                              1987	EXIST::FUNCTION:
+ASN1_UTCTIME_free                       1988	EXIST::FUNCTION:
+DSA_set_default_method                  1989	EXIST::FUNCTION:DSA
+X509_PURPOSE_get_by_id                  1990	EXIST::FUNCTION:
+ACCESS_DESCRIPTION_free                 1994	EXIST::FUNCTION:
+PEM_read_bio_PUBKEY                     1995	EXIST::FUNCTION:
+ASN1_STRING_set_by_NID                  1996	EXIST::FUNCTION:
+X509_PURPOSE_get_id                     1997	EXIST::FUNCTION:
+DISPLAYTEXT_free                        1998	EXIST::FUNCTION:
+OTHERNAME_new                           1999	EXIST::FUNCTION:
+X509_CERT_AUX_new                       2001	EXIST::FUNCTION:
+X509_TRUST_cleanup                      2007	EXIST::FUNCTION:
+X509_NAME_add_entry_by_OBJ              2008	EXIST::FUNCTION:
+X509_CRL_get_ext_d2i                    2009	EXIST::FUNCTION:
+X509_PURPOSE_get0_name                  2011	EXIST::FUNCTION:
+PEM_read_PUBKEY                         2012	EXIST:!WIN16:FUNCTION:
+i2d_DSA_PUBKEY_bio                      2014	EXIST::FUNCTION:BIO,DSA
+i2d_OTHERNAME                           2015	EXIST::FUNCTION:
+ASN1_OCTET_STRING_free                  2016	EXIST::FUNCTION:
+ASN1_BIT_STRING_set_asc                 2017	EXIST::FUNCTION:
+X509_get_ex_new_index                   2019	EXIST::FUNCTION:
+ASN1_STRING_TABLE_cleanup               2020	EXIST::FUNCTION:
+X509_TRUST_get_by_id                    2021	EXIST::FUNCTION:
+X509_PURPOSE_get_trust                  2022	EXIST::FUNCTION:
+ASN1_STRING_length                      2023	EXIST::FUNCTION:
+d2i_ASN1_SET_OF_ACCESS_DESCRIPTION      2024	NOEXIST::FUNCTION:
+ASN1_PRINTABLESTRING_new                2025	EXIST::FUNCTION:
+X509V3_get_d2i                          2026	EXIST::FUNCTION:
+ASN1_ENUMERATED_free                    2027	EXIST::FUNCTION:
+i2d_X509_CERT_AUX                       2028	EXIST::FUNCTION:
+X509_STORE_CTX_set_trust                2030	EXIST::FUNCTION:
+ASN1_STRING_set_default_mask            2032	EXIST::FUNCTION:
+X509_STORE_CTX_new                      2033	EXIST::FUNCTION:
+EVP_PKEY_get1_RSA                       2034	EXIST::FUNCTION:RSA
+DIRECTORYSTRING_free                    2038	EXIST::FUNCTION:
+PEM_write_X509_AUX                      2039	EXIST:!WIN16:FUNCTION:
+ASN1_OCTET_STRING_set                   2040	EXIST::FUNCTION:
+d2i_DSA_PUBKEY_fp                       2041	EXIST::FUNCTION:DSA,FP_API
+d2i_RSA_PUBKEY                          2044	EXIST::FUNCTION:RSA
+X509_TRUST_get0_name                    2046	EXIST::FUNCTION:
+X509_TRUST_get0                         2047	EXIST::FUNCTION:
+AUTHORITY_INFO_ACCESS_free              2048	EXIST::FUNCTION:
+ASN1_IA5STRING_new                      2049	EXIST::FUNCTION:
+d2i_DSA_PUBKEY                          2050	EXIST::FUNCTION:DSA
+X509_check_purpose                      2051	EXIST::FUNCTION:
+ASN1_ENUMERATED_new                     2052	EXIST::FUNCTION:
+d2i_RSA_PUBKEY_bio                      2053	EXIST::FUNCTION:BIO,RSA
+d2i_PUBKEY                              2054	EXIST::FUNCTION:
+X509_TRUST_get_trust                    2055	EXIST::FUNCTION:
+X509_TRUST_get_flags                    2056	EXIST::FUNCTION:
+ASN1_BMPSTRING_free                     2057	EXIST::FUNCTION:
+ASN1_T61STRING_new                      2058	EXIST::FUNCTION:
+ASN1_UTCTIME_new                        2060	EXIST::FUNCTION:
+i2d_AUTHORITY_INFO_ACCESS               2062	EXIST::FUNCTION:
+EVP_PKEY_set1_RSA                       2063	EXIST::FUNCTION:RSA
+X509_STORE_CTX_set_purpose              2064	EXIST::FUNCTION:
+ASN1_IA5STRING_free                     2065	EXIST::FUNCTION:
+PEM_write_bio_X509_AUX                  2066	EXIST::FUNCTION:
+X509_PURPOSE_get_count                  2067	EXIST::FUNCTION:
+CRYPTO_add_info                         2068	NOEXIST::FUNCTION:
+X509_NAME_ENTRY_create_by_txt           2071	EXIST::FUNCTION:
+ASN1_STRING_get_default_mask            2072	EXIST::FUNCTION:
+X509_alias_get0                         2074	EXIST::FUNCTION:
+ASN1_STRING_data                        2075	EXIST::FUNCTION:
+i2d_ACCESS_DESCRIPTION                  2077	EXIST::FUNCTION:
+X509_trust_set_bit                      2078	NOEXIST::FUNCTION:
+ASN1_BIT_STRING_free                    2080	EXIST::FUNCTION:
+PEM_read_bio_RSA_PUBKEY                 2081	EXIST::FUNCTION:RSA
+X509_add1_reject_object                 2082	EXIST::FUNCTION:
+X509_check_trust                        2083	EXIST::FUNCTION:
+PEM_read_bio_DSA_PUBKEY                 2088	EXIST::FUNCTION:DSA
+X509_PURPOSE_add                        2090	EXIST::FUNCTION:
+ASN1_STRING_TABLE_get                   2091	EXIST::FUNCTION:
+ASN1_UTF8STRING_free                    2092	EXIST::FUNCTION:
+d2i_DSA_PUBKEY_bio                      2093	EXIST::FUNCTION:BIO,DSA
+PEM_write_RSA_PUBKEY                    2095	EXIST:!WIN16:FUNCTION:RSA
+d2i_OTHERNAME                           2096	EXIST::FUNCTION:
+X509_reject_set_bit                     2098	NOEXIST::FUNCTION:
+PEM_write_DSA_PUBKEY                    2101	EXIST:!WIN16:FUNCTION:DSA
+X509_PURPOSE_get0_sname                 2105	EXIST::FUNCTION:
+EVP_PKEY_set1_DH                        2107	EXIST::FUNCTION:DH
+ASN1_OCTET_STRING_dup                   2108	EXIST::FUNCTION:
+ASN1_BIT_STRING_set                     2109	EXIST::FUNCTION:
+X509_TRUST_get_count                    2110	EXIST::FUNCTION:
+ASN1_INTEGER_free                       2111	EXIST::FUNCTION:
+OTHERNAME_free                          2112	EXIST::FUNCTION:
+i2d_RSA_PUBKEY_fp                       2113	EXIST::FUNCTION:FP_API,RSA
+ASN1_INTEGER_dup                        2114	EXIST::FUNCTION:
+d2i_X509_CERT_AUX                       2115	EXIST::FUNCTION:
+PEM_write_bio_PUBKEY                    2117	EXIST::FUNCTION:
+ASN1_VISIBLESTRING_free                 2118	EXIST::FUNCTION:
+X509_PURPOSE_cleanup                    2119	EXIST::FUNCTION:
+ASN1_mbstring_ncopy                     2123	EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_new                2126	EXIST::FUNCTION:
+EVP_PKEY_get1_DH                        2128	EXIST::FUNCTION:DH
+ASN1_OCTET_STRING_new                   2130	EXIST::FUNCTION:
+ASN1_INTEGER_new                        2131	EXIST::FUNCTION:
+i2d_X509_AUX                            2132	EXIST::FUNCTION:
+ASN1_BIT_STRING_name_print              2134	EXIST::FUNCTION:BIO
+X509_cmp                                2135	EXIST::FUNCTION:
+ASN1_STRING_length_set                  2136	EXIST::FUNCTION:
+DIRECTORYSTRING_new                     2137	EXIST::FUNCTION:
+X509_add1_trust_object                  2140	EXIST::FUNCTION:
+PKCS12_newpass                          2141	EXIST::FUNCTION:
+SMIME_write_PKCS7                       2142	EXIST::FUNCTION:
+SMIME_read_PKCS7                        2143	EXIST::FUNCTION:
+DES_set_key_checked                     2144	EXIST::FUNCTION:DES
+PKCS7_verify                            2145	EXIST::FUNCTION:
+PKCS7_encrypt                           2146	EXIST::FUNCTION:
+DES_set_key_unchecked                   2147	EXIST::FUNCTION:DES
+SMIME_crlf_copy                         2148	EXIST::FUNCTION:
+i2d_ASN1_PRINTABLESTRING                2149	EXIST::FUNCTION:
+PKCS7_get0_signers                      2150	EXIST::FUNCTION:
+PKCS7_decrypt                           2151	EXIST::FUNCTION:
+SMIME_text                              2152	EXIST::FUNCTION:
+PKCS7_simple_smimecap                   2153	EXIST::FUNCTION:
+PKCS7_get_smimecap                      2154	EXIST::FUNCTION:
+PKCS7_sign                              2155	EXIST::FUNCTION:
+PKCS7_add_attrib_smimecap               2156	EXIST::FUNCTION:
+CRYPTO_dbg_set_options                  2157	EXIST::FUNCTION:
+CRYPTO_remove_all_info                  2158	EXIST::FUNCTION:
+CRYPTO_get_mem_debug_functions          2159	EXIST::FUNCTION:
+CRYPTO_is_mem_check_on                  2160	EXIST::FUNCTION:
+CRYPTO_set_mem_debug_functions          2161	EXIST::FUNCTION:
+CRYPTO_pop_info                         2162	EXIST::FUNCTION:
+CRYPTO_push_info_                       2163	EXIST::FUNCTION:
+CRYPTO_set_mem_debug_options            2164	EXIST::FUNCTION:
+PEM_write_PKCS8PrivateKey_nid           2165	EXIST::FUNCTION:
+PEM_write_bio_PKCS8PrivateKey_nid       2166	EXIST:!VMS:FUNCTION:
+PEM_write_bio_PKCS8PrivKey_nid          2166	EXIST:VMS:FUNCTION:
+d2i_PKCS8PrivateKey_bio                 2167	EXIST::FUNCTION:
+ASN1_NULL_free                          2168	EXIST::FUNCTION:
+d2i_ASN1_NULL                           2169	EXIST::FUNCTION:
+ASN1_NULL_new                           2170	EXIST::FUNCTION:
+i2d_PKCS8PrivateKey_bio                 2171	EXIST::FUNCTION:
+i2d_PKCS8PrivateKey_fp                  2172	EXIST::FUNCTION:
+i2d_ASN1_NULL                           2173	EXIST::FUNCTION:
+i2d_PKCS8PrivateKey_nid_fp              2174	EXIST::FUNCTION:
+d2i_PKCS8PrivateKey_fp                  2175	EXIST::FUNCTION:
+i2d_PKCS8PrivateKey_nid_bio             2176	EXIST::FUNCTION:
+i2d_PKCS8PrivateKeyInfo_fp              2177	EXIST::FUNCTION:FP_API
+i2d_PKCS8PrivateKeyInfo_bio             2178	EXIST::FUNCTION:BIO
+PEM_cb                                  2179	NOEXIST::FUNCTION:
+i2d_PrivateKey_fp                       2180	EXIST::FUNCTION:FP_API
+d2i_PrivateKey_bio                      2181	EXIST::FUNCTION:BIO
+d2i_PrivateKey_fp                       2182	EXIST::FUNCTION:FP_API
+i2d_PrivateKey_bio                      2183	EXIST::FUNCTION:BIO
+X509_reject_clear                       2184	EXIST::FUNCTION:
+X509_TRUST_set_default                  2185	EXIST::FUNCTION:
+d2i_AutoPrivateKey                      2186	EXIST::FUNCTION:
+X509_ATTRIBUTE_get0_type                2187	EXIST::FUNCTION:
+X509_ATTRIBUTE_set1_data                2188	EXIST::FUNCTION:
+X509at_get_attr                         2189	EXIST::FUNCTION:
+X509at_get_attr_count                   2190	EXIST::FUNCTION:
+X509_ATTRIBUTE_create_by_NID            2191	EXIST::FUNCTION:
+X509_ATTRIBUTE_set1_object              2192	EXIST::FUNCTION:
+X509_ATTRIBUTE_count                    2193	EXIST::FUNCTION:
+X509_ATTRIBUTE_create_by_OBJ            2194	EXIST::FUNCTION:
+X509_ATTRIBUTE_get0_object              2195	EXIST::FUNCTION:
+X509at_get_attr_by_NID                  2196	EXIST::FUNCTION:
+X509at_add1_attr                        2197	EXIST::FUNCTION:
+X509_ATTRIBUTE_get0_data                2198	EXIST::FUNCTION:
+X509at_delete_attr                      2199	EXIST::FUNCTION:
+X509at_get_attr_by_OBJ                  2200	EXIST::FUNCTION:
+RAND_add                                2201	EXIST::FUNCTION:
+BIO_number_written                      2202	EXIST::FUNCTION:
+BIO_number_read                         2203	EXIST::FUNCTION:
+X509_STORE_CTX_get1_chain               2204	EXIST::FUNCTION:
+ERR_load_RAND_strings                   2205	EXIST::FUNCTION:
+RAND_pseudo_bytes                       2206	EXIST::FUNCTION:
+X509_REQ_get_attr_by_NID                2207	EXIST::FUNCTION:
+X509_REQ_get_attr                       2208	EXIST::FUNCTION:
+X509_REQ_add1_attr_by_NID               2209	EXIST::FUNCTION:
+X509_REQ_get_attr_by_OBJ                2210	EXIST::FUNCTION:
+X509at_add1_attr_by_NID                 2211	EXIST::FUNCTION:
+X509_REQ_add1_attr_by_OBJ               2212	EXIST::FUNCTION:
+X509_REQ_get_attr_count                 2213	EXIST::FUNCTION:
+X509_REQ_add1_attr                      2214	EXIST::FUNCTION:
+X509_REQ_delete_attr                    2215	EXIST::FUNCTION:
+X509at_add1_attr_by_OBJ                 2216	EXIST::FUNCTION:
+X509_REQ_add1_attr_by_txt               2217	EXIST::FUNCTION:
+X509_ATTRIBUTE_create_by_txt            2218	EXIST::FUNCTION:
+X509at_add1_attr_by_txt                 2219	EXIST::FUNCTION:
+BN_pseudo_rand                          2239	EXIST::FUNCTION:
+BN_is_prime_fasttest                    2240	EXIST::FUNCTION:DEPRECATED
+BN_CTX_end                              2241	EXIST::FUNCTION:
+BN_CTX_start                            2242	EXIST::FUNCTION:
+BN_CTX_get                              2243	EXIST::FUNCTION:
+EVP_PKEY2PKCS8_broken                   2244	EXIST::FUNCTION:
+ASN1_STRING_TABLE_add                   2245	EXIST::FUNCTION:
+CRYPTO_dbg_get_options                  2246	EXIST::FUNCTION:
+AUTHORITY_INFO_ACCESS_new               2247	EXIST::FUNCTION:
+CRYPTO_get_mem_debug_options            2248	EXIST::FUNCTION:
+DES_crypt                               2249	EXIST::FUNCTION:DES
+PEM_write_bio_X509_REQ_NEW              2250	EXIST::FUNCTION:
+PEM_write_X509_REQ_NEW                  2251	EXIST:!WIN16:FUNCTION:
+BIO_callback_ctrl                       2252	EXIST::FUNCTION:
+RAND_egd                                2253	EXIST::FUNCTION:
+RAND_status                             2254	EXIST::FUNCTION:
+bn_dump1                                2255	NOEXIST::FUNCTION:
+DES_check_key_parity                    2256	EXIST::FUNCTION:DES
+lh_num_items                            2257	EXIST::FUNCTION:
+RAND_event                              2258	EXIST:WIN32:FUNCTION:
+DSO_new                                 2259	EXIST::FUNCTION:
+DSO_new_method                          2260	EXIST::FUNCTION:
+DSO_free                                2261	EXIST::FUNCTION:
+DSO_flags                               2262	EXIST::FUNCTION:
+DSO_up                                  2263	NOEXIST::FUNCTION:
+DSO_set_default_method                  2264	EXIST::FUNCTION:
+DSO_get_default_method                  2265	EXIST::FUNCTION:
+DSO_get_method                          2266	EXIST::FUNCTION:
+DSO_set_method                          2267	EXIST::FUNCTION:
+DSO_load                                2268	EXIST::FUNCTION:
+DSO_bind_var                            2269	EXIST::FUNCTION:
+DSO_METHOD_null                         2270	EXIST::FUNCTION:
+DSO_METHOD_openssl                      2271	EXIST::FUNCTION:
+DSO_METHOD_dlfcn                        2272	EXIST::FUNCTION:
+DSO_METHOD_win32                        2273	EXIST::FUNCTION:
+ERR_load_DSO_strings                    2274	EXIST::FUNCTION:
+DSO_METHOD_dl                           2275	EXIST::FUNCTION:
+NCONF_load                              2276	EXIST::FUNCTION:
+NCONF_load_fp                           2278	EXIST::FUNCTION:FP_API
+NCONF_new                               2279	EXIST::FUNCTION:
+NCONF_get_string                        2280	EXIST::FUNCTION:
+NCONF_free                              2281	EXIST::FUNCTION:
+NCONF_get_number                        2282	NOEXIST::FUNCTION:
+CONF_dump_fp                            2283	EXIST::FUNCTION:
+NCONF_load_bio                          2284	EXIST::FUNCTION:
+NCONF_dump_fp                           2285	EXIST::FUNCTION:
+NCONF_get_section                       2286	EXIST::FUNCTION:
+NCONF_dump_bio                          2287	EXIST::FUNCTION:
+CONF_dump_bio                           2288	EXIST::FUNCTION:
+NCONF_free_data                         2289	EXIST::FUNCTION:
+CONF_set_default_method                 2290	EXIST::FUNCTION:
+ERR_error_string_n                      2291	EXIST::FUNCTION:
+BIO_snprintf                            2292	EXIST::FUNCTION:
+DSO_ctrl                                2293	EXIST::FUNCTION:
+i2d_ASN1_SET_OF_ASN1_INTEGER            2317	NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_PKCS12_SAFEBAG          2320	NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_PKCS7                   2328	NOEXIST::FUNCTION:
+BIO_vfree                               2334	EXIST::FUNCTION:
+d2i_ASN1_SET_OF_ASN1_INTEGER            2339	NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_PKCS12_SAFEBAG          2341	NOEXIST::FUNCTION:
+ASN1_UTCTIME_get                        2350	NOEXIST::FUNCTION:
+X509_REQ_digest                         2362	EXIST::FUNCTION:EVP
+X509_CRL_digest                         2391	EXIST::FUNCTION:EVP
+ASN1_STRING_clear_free                  2392	EXIST::FUNCTION:
+SRP_VBASE_get1_by_user                  2393	EXIST::FUNCTION:SRP
+SRP_user_pwd_free                       2394	EXIST::FUNCTION:SRP
+d2i_ASN1_SET_OF_PKCS7                   2397	NOEXIST::FUNCTION:
+X509_ALGOR_cmp                          2398	EXIST::FUNCTION:
+EVP_CIPHER_CTX_set_key_length           2399	EXIST::FUNCTION:
+EVP_CIPHER_CTX_ctrl                     2400	EXIST::FUNCTION:
+BN_mod_exp_mont_word                    2401	EXIST::FUNCTION:
+RAND_egd_bytes                          2402	EXIST::FUNCTION:
+X509_REQ_get1_email                     2403	EXIST::FUNCTION:
+X509_get1_email                         2404	EXIST::FUNCTION:
+X509_email_free                         2405	EXIST::FUNCTION:
+i2d_RSA_NET                             2406	EXIST::FUNCTION:RC4,RSA
+d2i_RSA_NET_2                           2407	NOEXIST::FUNCTION:
+d2i_RSA_NET                             2408	EXIST::FUNCTION:RC4,RSA
+DSO_bind_func                           2409	EXIST::FUNCTION:
+CRYPTO_get_new_dynlockid                2410	EXIST::FUNCTION:
+sk_new_null                             2411	EXIST::FUNCTION:
+CRYPTO_set_dynlock_destroy_callback     2412	EXIST:!VMS:FUNCTION:
+CRYPTO_set_dynlock_destroy_cb           2412	EXIST:VMS:FUNCTION:
+CRYPTO_destroy_dynlockid                2413	EXIST::FUNCTION:
+CRYPTO_set_dynlock_size                 2414	NOEXIST::FUNCTION:
+CRYPTO_set_dynlock_create_callback      2415	EXIST:!VMS:FUNCTION:
+CRYPTO_set_dynlock_create_cb            2415	EXIST:VMS:FUNCTION:
+CRYPTO_set_dynlock_lock_callback        2416	EXIST:!VMS:FUNCTION:
+CRYPTO_set_dynlock_lock_cb              2416	EXIST:VMS:FUNCTION:
+CRYPTO_get_dynlock_lock_callback        2417	EXIST:!VMS:FUNCTION:
+CRYPTO_get_dynlock_lock_cb              2417	EXIST:VMS:FUNCTION:
+CRYPTO_get_dynlock_destroy_callback     2418	EXIST:!VMS:FUNCTION:
+CRYPTO_get_dynlock_destroy_cb           2418	EXIST:VMS:FUNCTION:
+CRYPTO_get_dynlock_value                2419	EXIST::FUNCTION:
+CRYPTO_get_dynlock_create_callback      2420	EXIST:!VMS:FUNCTION:
+CRYPTO_get_dynlock_create_cb            2420	EXIST:VMS:FUNCTION:
+c2i_ASN1_BIT_STRING                     2421	EXIST::FUNCTION:
+i2c_ASN1_BIT_STRING                     2422	EXIST::FUNCTION:
+RAND_poll                               2423	EXIST::FUNCTION:
+c2i_ASN1_INTEGER                        2424	EXIST::FUNCTION:
+i2c_ASN1_INTEGER                        2425	EXIST::FUNCTION:
+BIO_dump_indent                         2426	EXIST::FUNCTION:
+ASN1_parse_dump                         2427	EXIST::FUNCTION:BIO
+c2i_ASN1_OBJECT                         2428	EXIST::FUNCTION:
+X509_NAME_print_ex_fp                   2429	EXIST::FUNCTION:FP_API
+ASN1_STRING_print_ex_fp                 2430	EXIST::FUNCTION:FP_API
+X509_NAME_print_ex                      2431	EXIST::FUNCTION:BIO
+ASN1_STRING_print_ex                    2432	EXIST::FUNCTION:BIO
+MD4                                     2433	EXIST::FUNCTION:MD4
+MD4_Transform                           2434	EXIST::FUNCTION:MD4
+MD4_Final                               2435	EXIST::FUNCTION:MD4
+MD4_Update                              2436	EXIST::FUNCTION:MD4
+MD4_Init                                2437	EXIST::FUNCTION:MD4
+EVP_md4                                 2438	EXIST::FUNCTION:MD4
+i2d_PUBKEY_bio                          2439	EXIST::FUNCTION:BIO
+i2d_PUBKEY_fp                           2440	EXIST::FUNCTION:FP_API
+d2i_PUBKEY_bio                          2441	EXIST::FUNCTION:BIO
+ASN1_STRING_to_UTF8                     2442	EXIST::FUNCTION:
+BIO_vprintf                             2443	EXIST::FUNCTION:
+BIO_vsnprintf                           2444	EXIST::FUNCTION:
+d2i_PUBKEY_fp                           2445	EXIST::FUNCTION:FP_API
+X509_cmp_time                           2446	EXIST::FUNCTION:
+X509_STORE_CTX_set_time                 2447	EXIST::FUNCTION:
+X509_STORE_CTX_get1_issuer              2448	EXIST::FUNCTION:
+X509_OBJECT_retrieve_match              2449	EXIST::FUNCTION:
+X509_OBJECT_idx_by_subject              2450	EXIST::FUNCTION:
+X509_STORE_CTX_set_flags                2451	EXIST::FUNCTION:
+X509_STORE_CTX_trusted_stack            2452	EXIST::FUNCTION:
+X509_time_adj                           2453	EXIST::FUNCTION:
+X509_check_issued                       2454	EXIST::FUNCTION:
+ASN1_UTCTIME_cmp_time_t                 2455	EXIST::FUNCTION:
+DES_set_weak_key_flag                   2456	NOEXIST::FUNCTION:
+DES_check_key                           2457	NOEXIST::FUNCTION:
+DES_rw_mode                             2458	NOEXIST::FUNCTION:
+RSA_PKCS1_RSAref                        2459	NOEXIST::FUNCTION:
+X509_keyid_set1                         2460	EXIST::FUNCTION:
+BIO_next                                2461	EXIST::FUNCTION:
+DSO_METHOD_vms                          2462	EXIST::FUNCTION:
+BIO_f_linebuffer                        2463	EXIST:VMS:FUNCTION:
+BN_bntest_rand                          2464	EXIST::FUNCTION:
+OPENSSL_issetugid                       2465	EXIST::FUNCTION:
+BN_rand_range                           2466	EXIST::FUNCTION:
+ERR_load_ENGINE_strings                 2467	EXIST::FUNCTION:ENGINE
+ENGINE_set_DSA                          2468	EXIST::FUNCTION:ENGINE
+ENGINE_get_finish_function              2469	EXIST::FUNCTION:ENGINE
+ENGINE_get_default_RSA                  2470	EXIST::FUNCTION:ENGINE
+ENGINE_get_BN_mod_exp                   2471	NOEXIST::FUNCTION:
+DSA_get_default_openssl_method          2472	NOEXIST::FUNCTION:
+ENGINE_set_DH                           2473	EXIST::FUNCTION:ENGINE
+ENGINE_set_def_BN_mod_exp_crt           2474	NOEXIST::FUNCTION:
+ENGINE_set_default_BN_mod_exp_crt       2474	NOEXIST::FUNCTION:
+ENGINE_init                             2475	EXIST::FUNCTION:ENGINE
+DH_get_default_openssl_method           2476	NOEXIST::FUNCTION:
+RSA_set_default_openssl_method          2477	NOEXIST::FUNCTION:
+ENGINE_finish                           2478	EXIST::FUNCTION:ENGINE
+ENGINE_load_public_key                  2479	EXIST::FUNCTION:ENGINE
+ENGINE_get_DH                           2480	EXIST::FUNCTION:ENGINE
+ENGINE_ctrl                             2481	EXIST::FUNCTION:ENGINE
+ENGINE_get_init_function                2482	EXIST::FUNCTION:ENGINE
+ENGINE_set_init_function                2483	EXIST::FUNCTION:ENGINE
+ENGINE_set_default_DSA                  2484	EXIST::FUNCTION:ENGINE
+ENGINE_get_name                         2485	EXIST::FUNCTION:ENGINE
+ENGINE_get_last                         2486	EXIST::FUNCTION:ENGINE
+ENGINE_get_prev                         2487	EXIST::FUNCTION:ENGINE
+ENGINE_get_default_DH                   2488	EXIST::FUNCTION:ENGINE
+ENGINE_get_RSA                          2489	EXIST::FUNCTION:ENGINE
+ENGINE_set_default                      2490	EXIST::FUNCTION:ENGINE
+ENGINE_get_RAND                         2491	EXIST::FUNCTION:ENGINE
+ENGINE_get_first                        2492	EXIST::FUNCTION:ENGINE
+ENGINE_by_id                            2493	EXIST::FUNCTION:ENGINE
+ENGINE_set_finish_function              2494	EXIST::FUNCTION:ENGINE
+ENGINE_get_def_BN_mod_exp_crt           2495	NOEXIST::FUNCTION:
+ENGINE_get_default_BN_mod_exp_crt       2495	NOEXIST::FUNCTION:
+RSA_get_default_openssl_method          2496	NOEXIST::FUNCTION:
+ENGINE_set_RSA                          2497	EXIST::FUNCTION:ENGINE
+ENGINE_load_private_key                 2498	EXIST::FUNCTION:ENGINE
+ENGINE_set_default_RAND                 2499	EXIST::FUNCTION:ENGINE
+ENGINE_set_BN_mod_exp                   2500	NOEXIST::FUNCTION:
+ENGINE_remove                           2501	EXIST::FUNCTION:ENGINE
+ENGINE_free                             2502	EXIST::FUNCTION:ENGINE
+ENGINE_get_BN_mod_exp_crt               2503	NOEXIST::FUNCTION:
+ENGINE_get_next                         2504	EXIST::FUNCTION:ENGINE
+ENGINE_set_name                         2505	EXIST::FUNCTION:ENGINE
+ENGINE_get_default_DSA                  2506	EXIST::FUNCTION:ENGINE
+ENGINE_set_default_BN_mod_exp           2507	NOEXIST::FUNCTION:
+ENGINE_set_default_RSA                  2508	EXIST::FUNCTION:ENGINE
+ENGINE_get_default_RAND                 2509	EXIST::FUNCTION:ENGINE
+ENGINE_get_default_BN_mod_exp           2510	NOEXIST::FUNCTION:
+ENGINE_set_RAND                         2511	EXIST::FUNCTION:ENGINE
+ENGINE_set_id                           2512	EXIST::FUNCTION:ENGINE
+ENGINE_set_BN_mod_exp_crt               2513	NOEXIST::FUNCTION:
+ENGINE_set_default_DH                   2514	EXIST::FUNCTION:ENGINE
+ENGINE_new                              2515	EXIST::FUNCTION:ENGINE
+ENGINE_get_id                           2516	EXIST::FUNCTION:ENGINE
+DSA_set_default_openssl_method          2517	NOEXIST::FUNCTION:
+ENGINE_add                              2518	EXIST::FUNCTION:ENGINE
+DH_set_default_openssl_method           2519	NOEXIST::FUNCTION:
+ENGINE_get_DSA                          2520	EXIST::FUNCTION:ENGINE
+ENGINE_get_ctrl_function                2521	EXIST::FUNCTION:ENGINE
+ENGINE_set_ctrl_function                2522	EXIST::FUNCTION:ENGINE
+BN_pseudo_rand_range                    2523	EXIST::FUNCTION:
+X509_STORE_CTX_set_verify_cb            2524	EXIST::FUNCTION:
+ERR_load_COMP_strings                   2525	EXIST::FUNCTION:COMP
+PKCS12_item_decrypt_d2i                 2526	EXIST::FUNCTION:
+ASN1_UTF8STRING_it                      2527	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_UTF8STRING_it                      2527	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_unregister_ciphers               2528	EXIST::FUNCTION:ENGINE
+ENGINE_get_ciphers                      2529	EXIST::FUNCTION:ENGINE
+d2i_OCSP_BASICRESP                      2530	EXIST::FUNCTION:
+KRB5_CHECKSUM_it                        2531	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_CHECKSUM_it                        2531	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_POINT_add                            2532	EXIST::FUNCTION:EC
+ASN1_item_ex_i2d                        2533	EXIST::FUNCTION:
+OCSP_CERTID_it                          2534	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_CERTID_it                          2534	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_OCSP_RESPBYTES                      2535	EXIST::FUNCTION:
+X509V3_add1_i2d                         2536	EXIST::FUNCTION:
+PKCS7_ENVELOPE_it                       2537	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ENVELOPE_it                       2537	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_add_input_boolean                    2538	EXIST::FUNCTION:
+ENGINE_unregister_RSA                   2539	EXIST::FUNCTION:ENGINE
+X509V3_EXT_nconf                        2540	EXIST::FUNCTION:
+ASN1_GENERALSTRING_free                 2541	EXIST::FUNCTION:
+d2i_OCSP_CERTSTATUS                     2542	EXIST::FUNCTION:
+X509_REVOKED_set_serialNumber           2543	EXIST::FUNCTION:
+X509_print_ex                           2544	EXIST::FUNCTION:BIO
+OCSP_ONEREQ_get1_ext_d2i                2545	EXIST::FUNCTION:
+ENGINE_register_all_RAND                2546	EXIST::FUNCTION:ENGINE
+ENGINE_load_dynamic                     2547	EXIST::FUNCTION:ENGINE
+PBKDF2PARAM_it                          2548	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PBKDF2PARAM_it                          2548	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EXTENDED_KEY_USAGE_new                  2549	EXIST::FUNCTION:
+EC_GROUP_clear_free                     2550	EXIST::FUNCTION:EC
+OCSP_sendreq_bio                        2551	EXIST::FUNCTION:
+ASN1_item_digest                        2552	EXIST::FUNCTION:EVP
+OCSP_BASICRESP_delete_ext               2553	EXIST::FUNCTION:
+OCSP_SIGNATURE_it                       2554	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_SIGNATURE_it                       2554	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_CRL_it                             2555	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CRL_it                             2555	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_BASICRESP_add_ext                  2556	EXIST::FUNCTION:
+KRB5_ENCKEY_it                          2557	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_ENCKEY_it                          2557	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_method_set_closer                    2558	EXIST::FUNCTION:
+X509_STORE_set_purpose                  2559	EXIST::FUNCTION:
+i2d_ASN1_GENERALSTRING                  2560	EXIST::FUNCTION:
+OCSP_response_status                    2561	EXIST::FUNCTION:
+i2d_OCSP_SERVICELOC                     2562	EXIST::FUNCTION:
+ENGINE_get_digest_engine                2563	EXIST::FUNCTION:ENGINE
+EC_GROUP_set_curve_GFp                  2564	EXIST::FUNCTION:EC
+OCSP_REQUEST_get_ext_by_OBJ             2565	EXIST::FUNCTION:
+_ossl_old_des_random_key                2566	EXIST::FUNCTION:DES
+ASN1_T61STRING_it                       2567	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_T61STRING_it                       2567	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_GROUP_method_of                      2568	EXIST::FUNCTION:EC
+i2d_KRB5_APREQ                          2569	EXIST::FUNCTION:
+_ossl_old_des_encrypt                   2570	EXIST::FUNCTION:DES
+ASN1_PRINTABLE_new                      2571	EXIST::FUNCTION:
+HMAC_Init_ex                            2572	EXIST::FUNCTION:HMAC
+d2i_KRB5_AUTHENT                        2573	EXIST::FUNCTION:
+OCSP_archive_cutoff_new                 2574	EXIST::FUNCTION:
+EC_POINT_set_Jprojective_coordinates_GFp 2575	EXIST:!VMS:FUNCTION:EC
+EC_POINT_set_Jproj_coords_GFp           2575	EXIST:VMS:FUNCTION:EC
+_ossl_old_des_is_weak_key               2576	EXIST::FUNCTION:DES
+OCSP_BASICRESP_get_ext_by_OBJ           2577	EXIST::FUNCTION:
+EC_POINT_oct2point                      2578	EXIST::FUNCTION:EC
+OCSP_SINGLERESP_get_ext_count           2579	EXIST::FUNCTION:
+UI_ctrl                                 2580	EXIST::FUNCTION:
+_shadow_DES_rw_mode                     2581	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES
+_shadow_DES_rw_mode                     2581	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES
+asn1_do_adb                             2582	EXIST::FUNCTION:
+ASN1_template_i2d                       2583	EXIST::FUNCTION:
+ENGINE_register_DH                      2584	EXIST::FUNCTION:ENGINE
+UI_construct_prompt                     2585	EXIST::FUNCTION:
+X509_STORE_set_trust                    2586	EXIST::FUNCTION:
+UI_dup_input_string                     2587	EXIST::FUNCTION:
+d2i_KRB5_APREQ                          2588	EXIST::FUNCTION:
+EVP_MD_CTX_copy_ex                      2589	EXIST::FUNCTION:
+OCSP_request_is_signed                  2590	EXIST::FUNCTION:
+i2d_OCSP_REQINFO                        2591	EXIST::FUNCTION:
+KRB5_ENCKEY_free                        2592	EXIST::FUNCTION:
+OCSP_resp_get0                          2593	EXIST::FUNCTION:
+GENERAL_NAME_it                         2594	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+GENERAL_NAME_it                         2594	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_GENERALIZEDTIME_it                 2595	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_GENERALIZEDTIME_it                 2595	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_STORE_set_flags                    2596	EXIST::FUNCTION:
+EC_POINT_set_compressed_coordinates_GFp 2597	EXIST:!VMS:FUNCTION:EC
+EC_POINT_set_compr_coords_GFp           2597	EXIST:VMS:FUNCTION:EC
+OCSP_response_status_str                2598	EXIST::FUNCTION:
+d2i_OCSP_REVOKEDINFO                    2599	EXIST::FUNCTION:
+OCSP_basic_add1_cert                    2600	EXIST::FUNCTION:
+ERR_get_implementation                  2601	EXIST::FUNCTION:
+EVP_CipherFinal_ex                      2602	EXIST::FUNCTION:
+OCSP_CERTSTATUS_new                     2603	EXIST::FUNCTION:
+CRYPTO_cleanup_all_ex_data              2604	EXIST::FUNCTION:
+OCSP_resp_find                          2605	EXIST::FUNCTION:
+BN_nnmod                                2606	EXIST::FUNCTION:
+X509_CRL_sort                           2607	EXIST::FUNCTION:
+X509_REVOKED_set_revocationDate         2608	EXIST::FUNCTION:
+ENGINE_register_RAND                    2609	EXIST::FUNCTION:ENGINE
+OCSP_SERVICELOC_new                     2610	EXIST::FUNCTION:
+EC_POINT_set_affine_coordinates_GFp     2611	EXIST:!VMS:FUNCTION:EC
+EC_POINT_set_affine_coords_GFp          2611	EXIST:VMS:FUNCTION:EC
+_ossl_old_des_options                   2612	EXIST::FUNCTION:DES
+SXNET_it                                2613	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+SXNET_it                                2613	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_dup_input_boolean                    2614	EXIST::FUNCTION:
+PKCS12_add_CSPName_asc                  2615	EXIST::FUNCTION:
+EC_POINT_is_at_infinity                 2616	EXIST::FUNCTION:EC
+ENGINE_load_cryptodev                   2617	EXIST::FUNCTION:ENGINE
+DSO_convert_filename                    2618	EXIST::FUNCTION:
+POLICYQUALINFO_it                       2619	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICYQUALINFO_it                       2619	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_register_ciphers                 2620	EXIST::FUNCTION:ENGINE
+BN_mod_lshift_quick                     2621	EXIST::FUNCTION:
+DSO_set_filename                        2622	EXIST::FUNCTION:
+ASN1_item_free                          2623	EXIST::FUNCTION:
+KRB5_TKTBODY_free                       2624	EXIST::FUNCTION:
+AUTHORITY_KEYID_it                      2625	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+AUTHORITY_KEYID_it                      2625	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+KRB5_APREQBODY_new                      2626	EXIST::FUNCTION:
+X509V3_EXT_REQ_add_nconf                2627	EXIST::FUNCTION:
+ENGINE_ctrl_cmd_string                  2628	EXIST::FUNCTION:ENGINE
+i2d_OCSP_RESPDATA                       2629	EXIST::FUNCTION:
+EVP_MD_CTX_init                         2630	EXIST::FUNCTION:
+EXTENDED_KEY_USAGE_free                 2631	EXIST::FUNCTION:
+PKCS7_ATTR_SIGN_it                      2632	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ATTR_SIGN_it                      2632	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_add_error_string                     2633	EXIST::FUNCTION:
+KRB5_CHECKSUM_free                      2634	EXIST::FUNCTION:
+OCSP_REQUEST_get_ext                    2635	EXIST::FUNCTION:
+ENGINE_load_ubsec                       2636	EXIST::FUNCTION:ENGINE,STATIC_ENGINE
+ENGINE_register_all_digests             2637	EXIST::FUNCTION:ENGINE
+PKEY_USAGE_PERIOD_it                    2638	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKEY_USAGE_PERIOD_it                    2638	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS12_unpack_authsafes                 2639	EXIST::FUNCTION:
+ASN1_item_unpack                        2640	EXIST::FUNCTION:
+NETSCAPE_SPKAC_it                       2641	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NETSCAPE_SPKAC_it                       2641	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_REVOKED_it                         2642	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_REVOKED_it                         2642	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_STRING_encode                      2643	NOEXIST::FUNCTION:
+EVP_aes_128_ecb                         2644	EXIST::FUNCTION:AES
+KRB5_AUTHENT_free                       2645	EXIST::FUNCTION:
+OCSP_BASICRESP_get_ext_by_critical      2646	EXIST:!VMS:FUNCTION:
+OCSP_BASICRESP_get_ext_by_crit          2646	EXIST:VMS:FUNCTION:
+OCSP_cert_status_str                    2647	EXIST::FUNCTION:
+d2i_OCSP_REQUEST                        2648	EXIST::FUNCTION:
+UI_dup_info_string                      2649	EXIST::FUNCTION:
+_ossl_old_des_xwhite_in2out             2650	NOEXIST::FUNCTION:
+PKCS12_it                               2651	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_it                               2651	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_SINGLERESP_get_ext_by_critical     2652	EXIST:!VMS:FUNCTION:
+OCSP_SINGLERESP_get_ext_by_crit         2652	EXIST:VMS:FUNCTION:
+OCSP_CERTSTATUS_free                    2653	EXIST::FUNCTION:
+_ossl_old_des_crypt                     2654	EXIST::FUNCTION:DES
+ASN1_item_i2d                           2655	EXIST::FUNCTION:
+EVP_DecryptFinal_ex                     2656	EXIST::FUNCTION:
+ENGINE_load_openssl                     2657	EXIST::FUNCTION:ENGINE
+ENGINE_get_cmd_defns                    2658	EXIST::FUNCTION:ENGINE
+ENGINE_set_load_privkey_function        2659	EXIST:!VMS:FUNCTION:ENGINE
+ENGINE_set_load_privkey_fn              2659	EXIST:VMS:FUNCTION:ENGINE
+EVP_EncryptFinal_ex                     2660	EXIST::FUNCTION:
+ENGINE_set_default_digests              2661	EXIST::FUNCTION:ENGINE
+X509_get0_pubkey_bitstr                 2662	EXIST::FUNCTION:
+asn1_ex_i2c                             2663	EXIST::FUNCTION:
+ENGINE_register_RSA                     2664	EXIST::FUNCTION:ENGINE
+ENGINE_unregister_DSA                   2665	EXIST::FUNCTION:ENGINE
+_ossl_old_des_key_sched                 2666	EXIST::FUNCTION:DES
+X509_EXTENSION_it                       2667	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_EXTENSION_it                       2667	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_KRB5_AUTHENT                        2668	EXIST::FUNCTION:
+SXNETID_it                              2669	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+SXNETID_it                              2669	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_OCSP_SINGLERESP                     2670	EXIST::FUNCTION:
+EDIPARTYNAME_new                        2671	EXIST::FUNCTION:
+PKCS12_certbag2x509                     2672	EXIST::FUNCTION:
+_ossl_old_des_ofb64_encrypt             2673	EXIST::FUNCTION:DES
+d2i_EXTENDED_KEY_USAGE                  2674	EXIST::FUNCTION:
+ERR_print_errors_cb                     2675	EXIST::FUNCTION:
+ENGINE_set_ciphers                      2676	EXIST::FUNCTION:ENGINE
+d2i_KRB5_APREQBODY                      2677	EXIST::FUNCTION:
+UI_method_get_flusher                   2678	EXIST::FUNCTION:
+X509_PUBKEY_it                          2679	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_PUBKEY_it                          2679	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+_ossl_old_des_enc_read                  2680	EXIST::FUNCTION:DES
+PKCS7_ENCRYPT_it                        2681	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ENCRYPT_it                        2681	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_OCSP_RESPONSE                       2682	EXIST::FUNCTION:
+EC_GROUP_get_cofactor                   2683	EXIST::FUNCTION:EC
+PKCS12_unpack_p7data                    2684	EXIST::FUNCTION:
+d2i_KRB5_AUTHDATA                       2685	EXIST::FUNCTION:
+OCSP_copy_nonce                         2686	EXIST::FUNCTION:
+KRB5_AUTHDATA_new                       2687	EXIST::FUNCTION:
+OCSP_RESPDATA_new                       2688	EXIST::FUNCTION:
+EC_GFp_mont_method                      2689	EXIST::FUNCTION:EC
+OCSP_REVOKEDINFO_free                   2690	EXIST::FUNCTION:
+UI_get_ex_data                          2691	EXIST::FUNCTION:
+KRB5_APREQBODY_free                     2692	EXIST::FUNCTION:
+EC_GROUP_get0_generator                 2693	EXIST::FUNCTION:EC
+UI_get_default_method                   2694	EXIST::FUNCTION:
+X509V3_set_nconf                        2695	EXIST::FUNCTION:
+PKCS12_item_i2d_encrypt                 2696	EXIST::FUNCTION:
+X509_add1_ext_i2d                       2697	EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_it                    2698	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_SIGNER_INFO_it                    2698	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+KRB5_PRINCNAME_new                      2699	EXIST::FUNCTION:
+PKCS12_SAFEBAG_it                       2700	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_SAFEBAG_it                       2700	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_GROUP_get_order                      2701	EXIST::FUNCTION:EC
+d2i_OCSP_RESPID                         2702	EXIST::FUNCTION:
+OCSP_request_verify                     2703	EXIST::FUNCTION:
+NCONF_get_number_e                      2704	EXIST::FUNCTION:
+_ossl_old_des_decrypt3                  2705	EXIST::FUNCTION:DES
+X509_signature_print                    2706	EXIST::FUNCTION:EVP
+OCSP_SINGLERESP_free                    2707	EXIST::FUNCTION:
+ENGINE_load_builtin_engines             2708	EXIST::FUNCTION:ENGINE
+i2d_OCSP_ONEREQ                         2709	EXIST::FUNCTION:
+OCSP_REQUEST_add_ext                    2710	EXIST::FUNCTION:
+OCSP_RESPBYTES_new                      2711	EXIST::FUNCTION:
+EVP_MD_CTX_create                       2712	EXIST::FUNCTION:
+OCSP_resp_find_status                   2713	EXIST::FUNCTION:
+X509_ALGOR_it                           2714	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_ALGOR_it                           2714	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_TIME_it                            2715	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_TIME_it                            2715	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_request_set1_name                  2716	EXIST::FUNCTION:
+OCSP_ONEREQ_get_ext_count               2717	EXIST::FUNCTION:
+UI_get0_result                          2718	EXIST::FUNCTION:
+PKCS12_AUTHSAFES_it                     2719	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_AUTHSAFES_it                     2719	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_aes_256_ecb                         2720	EXIST::FUNCTION:AES
+PKCS12_pack_authsafes                   2721	EXIST::FUNCTION:
+ASN1_IA5STRING_it                       2722	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_IA5STRING_it                       2722	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_get_input_flags                      2723	EXIST::FUNCTION:
+EC_GROUP_set_generator                  2724	EXIST::FUNCTION:EC
+_ossl_old_des_string_to_2keys           2725	EXIST::FUNCTION:DES
+OCSP_CERTID_free                        2726	EXIST::FUNCTION:
+X509_CERT_AUX_it                        2727	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CERT_AUX_it                        2727	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CERTIFICATEPOLICIES_it                  2728	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+CERTIFICATEPOLICIES_it                  2728	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+_ossl_old_des_ede3_cbc_encrypt          2729	EXIST::FUNCTION:DES
+RAND_set_rand_engine                    2730	EXIST::FUNCTION:ENGINE
+DSO_get_loaded_filename                 2731	EXIST::FUNCTION:
+X509_ATTRIBUTE_it                       2732	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_ATTRIBUTE_it                       2732	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_ONEREQ_get_ext_by_NID              2733	EXIST::FUNCTION:
+PKCS12_decrypt_skey                     2734	EXIST::FUNCTION:
+KRB5_AUTHENT_it                         2735	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_AUTHENT_it                         2735	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_dup_error_string                     2736	EXIST::FUNCTION:
+RSAPublicKey_it                         2737	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
+RSAPublicKey_it                         2737	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
+i2d_OCSP_REQUEST                        2738	EXIST::FUNCTION:
+PKCS12_x509crl2certbag                  2739	EXIST::FUNCTION:
+OCSP_SERVICELOC_it                      2740	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_SERVICELOC_it                      2740	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_item_sign                          2741	EXIST::FUNCTION:EVP
+X509_CRL_set_issuer_name                2742	EXIST::FUNCTION:
+OBJ_NAME_do_all_sorted                  2743	EXIST::FUNCTION:
+i2d_OCSP_BASICRESP                      2744	EXIST::FUNCTION:
+i2d_OCSP_RESPBYTES                      2745	EXIST::FUNCTION:
+PKCS12_unpack_p7encdata                 2746	EXIST::FUNCTION:
+HMAC_CTX_init                           2747	EXIST::FUNCTION:HMAC
+ENGINE_get_digest                       2748	EXIST::FUNCTION:ENGINE
+OCSP_RESPONSE_print                     2749	EXIST::FUNCTION:
+KRB5_TKTBODY_it                         2750	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_TKTBODY_it                         2750	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ACCESS_DESCRIPTION_it                   2751	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ACCESS_DESCRIPTION_it                   2751	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS7_ISSUER_AND_SERIAL_it              2752	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ISSUER_AND_SERIAL_it              2752	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PBE2PARAM_it                            2753	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PBE2PARAM_it                            2753	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS12_certbag2x509crl                  2754	EXIST::FUNCTION:
+PKCS7_SIGNED_it                         2755	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_SIGNED_it                         2755	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_get_cipher                       2756	EXIST::FUNCTION:ENGINE
+i2d_OCSP_CRLID                          2757	EXIST::FUNCTION:
+OCSP_SINGLERESP_new                     2758	EXIST::FUNCTION:
+ENGINE_cmd_is_executable                2759	EXIST::FUNCTION:ENGINE
+RSA_up_ref                              2760	EXIST::FUNCTION:RSA
+ASN1_GENERALSTRING_it                   2761	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_GENERALSTRING_it                   2761	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_register_DSA                     2762	EXIST::FUNCTION:ENGINE
+X509V3_EXT_add_nconf_sk                 2763	EXIST::FUNCTION:
+ENGINE_set_load_pubkey_function         2764	EXIST::FUNCTION:ENGINE
+PKCS8_decrypt                           2765	EXIST::FUNCTION:
+PEM_bytes_read_bio                      2766	EXIST::FUNCTION:BIO
+DIRECTORYSTRING_it                      2767	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+DIRECTORYSTRING_it                      2767	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_OCSP_CRLID                          2768	EXIST::FUNCTION:
+EC_POINT_is_on_curve                    2769	EXIST::FUNCTION:EC
+CRYPTO_set_locked_mem_ex_functions      2770	EXIST:!VMS:FUNCTION:
+CRYPTO_set_locked_mem_ex_funcs          2770	EXIST:VMS:FUNCTION:
+d2i_KRB5_CHECKSUM                       2771	EXIST::FUNCTION:
+ASN1_item_dup                           2772	EXIST::FUNCTION:
+X509_it                                 2773	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_it                                 2773	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BN_mod_add                              2774	EXIST::FUNCTION:
+KRB5_AUTHDATA_free                      2775	EXIST::FUNCTION:
+_ossl_old_des_cbc_cksum                 2776	EXIST::FUNCTION:DES
+ASN1_item_verify                        2777	EXIST::FUNCTION:EVP
+CRYPTO_set_mem_ex_functions             2778	EXIST::FUNCTION:
+EC_POINT_get_Jprojective_coordinates_GFp 2779	EXIST:!VMS:FUNCTION:EC
+EC_POINT_get_Jproj_coords_GFp           2779	EXIST:VMS:FUNCTION:EC
+ZLONG_it                                2780	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ZLONG_it                                2780	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CRYPTO_get_locked_mem_ex_functions      2781	EXIST:!VMS:FUNCTION:
+CRYPTO_get_locked_mem_ex_funcs          2781	EXIST:VMS:FUNCTION:
+ASN1_TIME_check                         2782	EXIST::FUNCTION:
+UI_get0_user_data                       2783	EXIST::FUNCTION:
+HMAC_CTX_cleanup                        2784	EXIST::FUNCTION:HMAC
+DSA_up_ref                              2785	EXIST::FUNCTION:DSA
+_ossl_old_des_ede3_cfb64_encrypt        2786	EXIST:!VMS:FUNCTION:DES
+_ossl_odes_ede3_cfb64_encrypt           2786	EXIST:VMS:FUNCTION:DES
+ASN1_BMPSTRING_it                       2787	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_BMPSTRING_it                       2787	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_tag2bit                            2788	EXIST::FUNCTION:
+UI_method_set_flusher                   2789	EXIST::FUNCTION:
+X509_ocspid_print                       2790	EXIST::FUNCTION:BIO
+KRB5_ENCDATA_it                         2791	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_ENCDATA_it                         2791	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_get_load_pubkey_function         2792	EXIST::FUNCTION:ENGINE
+UI_add_user_data                        2793	EXIST::FUNCTION:
+OCSP_REQUEST_delete_ext                 2794	EXIST::FUNCTION:
+UI_get_method                           2795	EXIST::FUNCTION:
+OCSP_ONEREQ_free                        2796	EXIST::FUNCTION:
+ASN1_PRINTABLESTRING_it                 2797	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_PRINTABLESTRING_it                 2797	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_CRL_set_nextUpdate                 2798	EXIST::FUNCTION:
+OCSP_REQUEST_it                         2799	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_REQUEST_it                         2799	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_BASICRESP_it                       2800	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_BASICRESP_it                       2800	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+AES_ecb_encrypt                         2801	EXIST::FUNCTION:AES
+BN_mod_sqr                              2802	EXIST::FUNCTION:
+NETSCAPE_CERT_SEQUENCE_it               2803	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NETSCAPE_CERT_SEQUENCE_it               2803	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+GENERAL_NAMES_it                        2804	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+GENERAL_NAMES_it                        2804	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+AUTHORITY_INFO_ACCESS_it                2805	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+AUTHORITY_INFO_ACCESS_it                2805	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_FBOOLEAN_it                        2806	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_FBOOLEAN_it                        2806	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_set_ex_data                          2807	EXIST::FUNCTION:
+_ossl_old_des_string_to_key             2808	EXIST::FUNCTION:DES
+ENGINE_register_all_RSA                 2809	EXIST::FUNCTION:ENGINE
+d2i_KRB5_PRINCNAME                      2810	EXIST::FUNCTION:
+OCSP_RESPBYTES_it                       2811	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_RESPBYTES_it                       2811	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_CINF_it                            2812	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CINF_it                            2812	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_unregister_digests               2813	EXIST::FUNCTION:ENGINE
+d2i_EDIPARTYNAME                        2814	EXIST::FUNCTION:
+d2i_OCSP_SERVICELOC                     2815	EXIST::FUNCTION:
+ENGINE_get_digests                      2816	EXIST::FUNCTION:ENGINE
+_ossl_old_des_set_odd_parity            2817	EXIST::FUNCTION:DES
+OCSP_RESPDATA_free                      2818	EXIST::FUNCTION:
+d2i_KRB5_TICKET                         2819	EXIST::FUNCTION:
+OTHERNAME_it                            2820	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OTHERNAME_it                            2820	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_MD_CTX_cleanup                      2821	EXIST::FUNCTION:
+d2i_ASN1_GENERALSTRING                  2822	EXIST::FUNCTION:
+X509_CRL_set_version                    2823	EXIST::FUNCTION:
+BN_mod_sub                              2824	EXIST::FUNCTION:
+OCSP_SINGLERESP_get_ext_by_NID          2825	EXIST::FUNCTION:
+ENGINE_get_ex_new_index                 2826	EXIST::FUNCTION:ENGINE
+OCSP_REQUEST_free                       2827	EXIST::FUNCTION:
+OCSP_REQUEST_add1_ext_i2d               2828	EXIST::FUNCTION:
+X509_VAL_it                             2829	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_VAL_it                             2829	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_POINTs_make_affine                   2830	EXIST::FUNCTION:EC
+EC_POINT_mul                            2831	EXIST::FUNCTION:EC
+X509V3_EXT_add_nconf                    2832	EXIST::FUNCTION:
+X509_TRUST_set                          2833	EXIST::FUNCTION:
+X509_CRL_add1_ext_i2d                   2834	EXIST::FUNCTION:
+_ossl_old_des_fcrypt                    2835	EXIST::FUNCTION:DES
+DISPLAYTEXT_it                          2836	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+DISPLAYTEXT_it                          2836	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_CRL_set_lastUpdate                 2837	EXIST::FUNCTION:
+OCSP_BASICRESP_free                     2838	EXIST::FUNCTION:
+OCSP_BASICRESP_add1_ext_i2d             2839	EXIST::FUNCTION:
+d2i_KRB5_AUTHENTBODY                    2840	EXIST::FUNCTION:
+CRYPTO_set_ex_data_implementation       2841	EXIST:!VMS:FUNCTION:
+CRYPTO_set_ex_data_impl                 2841	EXIST:VMS:FUNCTION:
+KRB5_ENCDATA_new                        2842	EXIST::FUNCTION:
+DSO_up_ref                              2843	EXIST::FUNCTION:
+OCSP_crl_reason_str                     2844	EXIST::FUNCTION:
+UI_get0_result_string                   2845	EXIST::FUNCTION:
+ASN1_GENERALSTRING_new                  2846	EXIST::FUNCTION:
+X509_SIG_it                             2847	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_SIG_it                             2847	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ERR_set_implementation                  2848	EXIST::FUNCTION:
+ERR_load_EC_strings                     2849	EXIST::FUNCTION:EC
+UI_get0_action_string                   2850	EXIST::FUNCTION:
+OCSP_ONEREQ_get_ext                     2851	EXIST::FUNCTION:
+EC_POINT_method_of                      2852	EXIST::FUNCTION:EC
+i2d_KRB5_APREQBODY                      2853	EXIST::FUNCTION:
+_ossl_old_des_ecb3_encrypt              2854	EXIST::FUNCTION:DES
+CRYPTO_get_mem_ex_functions             2855	EXIST::FUNCTION:
+ENGINE_get_ex_data                      2856	EXIST::FUNCTION:ENGINE
+UI_destroy_method                       2857	EXIST::FUNCTION:
+ASN1_item_i2d_bio                       2858	EXIST::FUNCTION:BIO
+OCSP_ONEREQ_get_ext_by_OBJ              2859	EXIST::FUNCTION:
+ASN1_primitive_new                      2860	EXIST::FUNCTION:
+ASN1_PRINTABLE_it                       2861	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_PRINTABLE_it                       2861	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_aes_192_ecb                         2862	EXIST::FUNCTION:AES
+OCSP_SIGNATURE_new                      2863	EXIST::FUNCTION:
+LONG_it                                 2864	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+LONG_it                                 2864	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_VISIBLESTRING_it                   2865	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_VISIBLESTRING_it                   2865	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_SINGLERESP_add1_ext_i2d            2866	EXIST::FUNCTION:
+d2i_OCSP_CERTID                         2867	EXIST::FUNCTION:
+ASN1_item_d2i_fp                        2868	EXIST::FUNCTION:FP_API
+CRL_DIST_POINTS_it                      2869	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+CRL_DIST_POINTS_it                      2869	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+GENERAL_NAME_print                      2870	EXIST::FUNCTION:
+OCSP_SINGLERESP_delete_ext              2871	EXIST::FUNCTION:
+PKCS12_SAFEBAGS_it                      2872	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_SAFEBAGS_it                      2872	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_OCSP_SIGNATURE                      2873	EXIST::FUNCTION:
+OCSP_request_add1_nonce                 2874	EXIST::FUNCTION:
+ENGINE_set_cmd_defns                    2875	EXIST::FUNCTION:ENGINE
+OCSP_SERVICELOC_free                    2876	EXIST::FUNCTION:
+EC_GROUP_free                           2877	EXIST::FUNCTION:EC
+ASN1_BIT_STRING_it                      2878	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_BIT_STRING_it                      2878	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_REQ_it                             2879	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_REQ_it                             2879	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+_ossl_old_des_cbc_encrypt               2880	EXIST::FUNCTION:DES
+ERR_unload_strings                      2881	EXIST::FUNCTION:
+PKCS7_SIGN_ENVELOPE_it                  2882	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_SIGN_ENVELOPE_it                  2882	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EDIPARTYNAME_free                       2883	EXIST::FUNCTION:
+OCSP_REQINFO_free                       2884	EXIST::FUNCTION:
+EC_GROUP_new_curve_GFp                  2885	EXIST::FUNCTION:EC
+OCSP_REQUEST_get1_ext_d2i               2886	EXIST::FUNCTION:
+PKCS12_item_pack_safebag                2887	EXIST::FUNCTION:
+asn1_ex_c2i                             2888	EXIST::FUNCTION:
+ENGINE_register_digests                 2889	EXIST::FUNCTION:ENGINE
+i2d_OCSP_REVOKEDINFO                    2890	EXIST::FUNCTION:
+asn1_enc_restore                        2891	EXIST::FUNCTION:
+UI_free                                 2892	EXIST::FUNCTION:
+UI_new_method                           2893	EXIST::FUNCTION:
+EVP_EncryptInit_ex                      2894	EXIST::FUNCTION:
+X509_pubkey_digest                      2895	EXIST::FUNCTION:EVP
+EC_POINT_invert                         2896	EXIST::FUNCTION:EC
+OCSP_basic_sign                         2897	EXIST::FUNCTION:
+i2d_OCSP_RESPID                         2898	EXIST::FUNCTION:
+OCSP_check_nonce                        2899	EXIST::FUNCTION:
+ENGINE_ctrl_cmd                         2900	EXIST::FUNCTION:ENGINE
+d2i_KRB5_ENCKEY                         2901	EXIST::FUNCTION:
+OCSP_parse_url                          2902	EXIST::FUNCTION:
+OCSP_SINGLERESP_get_ext                 2903	EXIST::FUNCTION:
+OCSP_CRLID_free                         2904	EXIST::FUNCTION:
+OCSP_BASICRESP_get1_ext_d2i             2905	EXIST::FUNCTION:
+RSAPrivateKey_it                        2906	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
+RSAPrivateKey_it                        2906	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
+ENGINE_register_all_DH                  2907	EXIST::FUNCTION:ENGINE
+i2d_EDIPARTYNAME                        2908	EXIST::FUNCTION:
+EC_POINT_get_affine_coordinates_GFp     2909	EXIST:!VMS:FUNCTION:EC
+EC_POINT_get_affine_coords_GFp          2909	EXIST:VMS:FUNCTION:EC
+OCSP_CRLID_new                          2910	EXIST::FUNCTION:
+ENGINE_get_flags                        2911	EXIST::FUNCTION:ENGINE
+OCSP_ONEREQ_it                          2912	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_ONEREQ_it                          2912	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_process                              2913	EXIST::FUNCTION:
+ASN1_INTEGER_it                         2914	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_INTEGER_it                         2914	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_CipherInit_ex                       2915	EXIST::FUNCTION:
+UI_get_string_type                      2916	EXIST::FUNCTION:
+ENGINE_unregister_DH                    2917	EXIST::FUNCTION:ENGINE
+ENGINE_register_all_DSA                 2918	EXIST::FUNCTION:ENGINE
+OCSP_ONEREQ_get_ext_by_critical         2919	EXIST::FUNCTION:
+bn_dup_expand                           2920	EXIST::FUNCTION:DEPRECATED
+OCSP_cert_id_new                        2921	EXIST::FUNCTION:
+BASIC_CONSTRAINTS_it                    2922	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+BASIC_CONSTRAINTS_it                    2922	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BN_mod_add_quick                        2923	EXIST::FUNCTION:
+EC_POINT_new                            2924	EXIST::FUNCTION:EC
+EVP_MD_CTX_destroy                      2925	EXIST::FUNCTION:
+OCSP_RESPBYTES_free                     2926	EXIST::FUNCTION:
+EVP_aes_128_cbc                         2927	EXIST::FUNCTION:AES
+OCSP_SINGLERESP_get1_ext_d2i            2928	EXIST::FUNCTION:
+EC_POINT_free                           2929	EXIST::FUNCTION:EC
+DH_up_ref                               2930	EXIST::FUNCTION:DH
+X509_NAME_ENTRY_it                      2931	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_NAME_ENTRY_it                      2931	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_get_ex_new_index                     2932	EXIST::FUNCTION:
+BN_mod_sub_quick                        2933	EXIST::FUNCTION:
+OCSP_ONEREQ_add_ext                     2934	EXIST::FUNCTION:
+OCSP_request_sign                       2935	EXIST::FUNCTION:
+EVP_DigestFinal_ex                      2936	EXIST::FUNCTION:
+ENGINE_set_digests                      2937	EXIST::FUNCTION:ENGINE
+OCSP_id_issuer_cmp                      2938	EXIST::FUNCTION:
+OBJ_NAME_do_all                         2939	EXIST::FUNCTION:
+EC_POINTs_mul                           2940	EXIST::FUNCTION:EC
+ENGINE_register_complete                2941	EXIST::FUNCTION:ENGINE
+X509V3_EXT_nconf_nid                    2942	EXIST::FUNCTION:
+ASN1_SEQUENCE_it                        2943	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_SEQUENCE_it                        2943	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_set_default_method                   2944	EXIST::FUNCTION:
+RAND_query_egd_bytes                    2945	EXIST::FUNCTION:
+UI_method_get_writer                    2946	EXIST::FUNCTION:
+UI_OpenSSL                              2947	EXIST::FUNCTION:
+PEM_def_callback                        2948	EXIST::FUNCTION:
+ENGINE_cleanup                          2949	EXIST::FUNCTION:ENGINE
+DIST_POINT_it                           2950	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+DIST_POINT_it                           2950	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_SINGLERESP_it                      2951	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_SINGLERESP_it                      2951	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_KRB5_TKTBODY                        2952	EXIST::FUNCTION:
+EC_POINT_cmp                            2953	EXIST::FUNCTION:EC
+OCSP_REVOKEDINFO_new                    2954	EXIST::FUNCTION:
+i2d_OCSP_CERTSTATUS                     2955	EXIST::FUNCTION:
+OCSP_basic_add1_nonce                   2956	EXIST::FUNCTION:
+ASN1_item_ex_d2i                        2957	EXIST::FUNCTION:
+BN_mod_lshift1_quick                    2958	EXIST::FUNCTION:
+UI_set_method                           2959	EXIST::FUNCTION:
+OCSP_id_get0_info                       2960	EXIST::FUNCTION:
+BN_mod_sqrt                             2961	EXIST::FUNCTION:
+EC_GROUP_copy                           2962	EXIST::FUNCTION:EC
+KRB5_ENCDATA_free                       2963	EXIST::FUNCTION:
+_ossl_old_des_cfb_encrypt               2964	EXIST::FUNCTION:DES
+OCSP_SINGLERESP_get_ext_by_OBJ          2965	EXIST::FUNCTION:
+OCSP_cert_to_id                         2966	EXIST::FUNCTION:
+OCSP_RESPID_new                         2967	EXIST::FUNCTION:
+OCSP_RESPDATA_it                        2968	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_RESPDATA_it                        2968	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_OCSP_RESPDATA                       2969	EXIST::FUNCTION:
+ENGINE_register_all_complete            2970	EXIST::FUNCTION:ENGINE
+OCSP_check_validity                     2971	EXIST::FUNCTION:
+PKCS12_BAGS_it                          2972	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_BAGS_it                          2972	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_url_svcloc_new                     2973	EXIST::FUNCTION:
+ASN1_template_free                      2974	EXIST::FUNCTION:
+OCSP_SINGLERESP_add_ext                 2975	EXIST::FUNCTION:
+KRB5_AUTHENTBODY_it                     2976	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_AUTHENTBODY_it                     2976	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_supported_extension                2977	EXIST::FUNCTION:
+i2d_KRB5_AUTHDATA                       2978	EXIST::FUNCTION:
+UI_method_get_opener                    2979	EXIST::FUNCTION:
+ENGINE_set_ex_data                      2980	EXIST::FUNCTION:ENGINE
+OCSP_REQUEST_print                      2981	EXIST::FUNCTION:
+CBIGNUM_it                              2982	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+CBIGNUM_it                              2982	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+KRB5_TICKET_new                         2983	EXIST::FUNCTION:
+KRB5_APREQ_new                          2984	EXIST::FUNCTION:
+EC_GROUP_get_curve_GFp                  2985	EXIST::FUNCTION:EC
+KRB5_ENCKEY_new                         2986	EXIST::FUNCTION:
+ASN1_template_d2i                       2987	EXIST::FUNCTION:
+_ossl_old_des_quad_cksum                2988	EXIST::FUNCTION:DES
+OCSP_single_get0_status                 2989	EXIST::FUNCTION:
+BN_swap                                 2990	EXIST::FUNCTION:
+POLICYINFO_it                           2991	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICYINFO_it                           2991	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_set_destroy_function             2992	EXIST::FUNCTION:ENGINE
+asn1_enc_free                           2993	EXIST::FUNCTION:
+OCSP_RESPID_it                          2994	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_RESPID_it                          2994	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_GROUP_new                            2995	EXIST::FUNCTION:EC
+EVP_aes_256_cbc                         2996	EXIST::FUNCTION:AES
+i2d_KRB5_PRINCNAME                      2997	EXIST::FUNCTION:
+_ossl_old_des_encrypt2                  2998	EXIST::FUNCTION:DES
+_ossl_old_des_encrypt3                  2999	EXIST::FUNCTION:DES
+PKCS8_PRIV_KEY_INFO_it                  3000	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS8_PRIV_KEY_INFO_it                  3000	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_REQINFO_it                         3001	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_REQINFO_it                         3001	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PBEPARAM_it                             3002	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PBEPARAM_it                             3002	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+KRB5_AUTHENTBODY_new                    3003	EXIST::FUNCTION:
+X509_CRL_add0_revoked                   3004	EXIST::FUNCTION:
+EDIPARTYNAME_it                         3005	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+EDIPARTYNAME_it                         3005	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+NETSCAPE_SPKI_it                        3006	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NETSCAPE_SPKI_it                        3006	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_get0_test_string                     3007	EXIST::FUNCTION:
+ENGINE_get_cipher_engine                3008	EXIST::FUNCTION:ENGINE
+ENGINE_register_all_ciphers             3009	EXIST::FUNCTION:ENGINE
+EC_POINT_copy                           3010	EXIST::FUNCTION:EC
+BN_kronecker                            3011	EXIST::FUNCTION:
+_ossl_old_des_ede3_ofb64_encrypt        3012	EXIST:!VMS:FUNCTION:DES
+_ossl_odes_ede3_ofb64_encrypt           3012	EXIST:VMS:FUNCTION:DES
+UI_method_get_reader                    3013	EXIST::FUNCTION:
+OCSP_BASICRESP_get_ext_count            3014	EXIST::FUNCTION:
+ASN1_ENUMERATED_it                      3015	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_ENUMERATED_it                      3015	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_set_result                           3016	EXIST::FUNCTION:
+i2d_KRB5_TICKET                         3017	EXIST::FUNCTION:
+X509_print_ex_fp                        3018	EXIST::FUNCTION:FP_API
+EVP_CIPHER_CTX_set_padding              3019	EXIST::FUNCTION:
+d2i_OCSP_RESPONSE                       3020	EXIST::FUNCTION:
+ASN1_UTCTIME_it                         3021	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_UTCTIME_it                         3021	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+_ossl_old_des_enc_write                 3022	EXIST::FUNCTION:DES
+OCSP_RESPONSE_new                       3023	EXIST::FUNCTION:
+AES_set_encrypt_key                     3024	EXIST::FUNCTION:AES
+OCSP_resp_count                         3025	EXIST::FUNCTION:
+KRB5_CHECKSUM_new                       3026	EXIST::FUNCTION:
+ENGINE_load_cswift                      3027	EXIST::FUNCTION:ENGINE,STATIC_ENGINE
+OCSP_onereq_get0_id                     3028	EXIST::FUNCTION:
+ENGINE_set_default_ciphers              3029	EXIST::FUNCTION:ENGINE
+NOTICEREF_it                            3030	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NOTICEREF_it                            3030	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509V3_EXT_CRL_add_nconf                3031	EXIST::FUNCTION:
+OCSP_REVOKEDINFO_it                     3032	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_REVOKEDINFO_it                     3032	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+AES_encrypt                             3033	EXIST::FUNCTION:AES
+OCSP_REQUEST_new                        3034	EXIST::FUNCTION:
+ASN1_ANY_it                             3035	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_ANY_it                             3035	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CRYPTO_ex_data_new_class                3036	EXIST::FUNCTION:
+_ossl_old_des_ncbc_encrypt              3037	EXIST::FUNCTION:DES
+i2d_KRB5_TKTBODY                        3038	EXIST::FUNCTION:
+EC_POINT_clear_free                     3039	EXIST::FUNCTION:EC
+AES_decrypt                             3040	EXIST::FUNCTION:AES
+asn1_enc_init                           3041	EXIST::FUNCTION:
+UI_get_result_maxsize                   3042	EXIST::FUNCTION:
+OCSP_CERTID_new                         3043	EXIST::FUNCTION:
+ENGINE_unregister_RAND                  3044	EXIST::FUNCTION:ENGINE
+UI_method_get_closer                    3045	EXIST::FUNCTION:
+d2i_KRB5_ENCDATA                        3046	EXIST::FUNCTION:
+OCSP_request_onereq_count               3047	EXIST::FUNCTION:
+OCSP_basic_verify                       3048	EXIST::FUNCTION:
+KRB5_AUTHENTBODY_free                   3049	EXIST::FUNCTION:
+ASN1_item_d2i                           3050	EXIST::FUNCTION:
+ASN1_primitive_free                     3051	EXIST::FUNCTION:
+i2d_EXTENDED_KEY_USAGE                  3052	EXIST::FUNCTION:
+i2d_OCSP_SIGNATURE                      3053	EXIST::FUNCTION:
+asn1_enc_save                           3054	EXIST::FUNCTION:
+ENGINE_load_nuron                       3055	EXIST::FUNCTION:ENGINE,STATIC_ENGINE
+_ossl_old_des_pcbc_encrypt              3056	EXIST::FUNCTION:DES
+PKCS12_MAC_DATA_it                      3057	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_MAC_DATA_it                      3057	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_accept_responses_new               3058	EXIST::FUNCTION:
+asn1_do_lock                            3059	EXIST::FUNCTION:
+PKCS7_ATTR_VERIFY_it                    3060	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ATTR_VERIFY_it                    3060	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+KRB5_APREQBODY_it                       3061	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_APREQBODY_it                       3061	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_OCSP_SINGLERESP                     3062	EXIST::FUNCTION:
+ASN1_item_ex_new                        3063	EXIST::FUNCTION:
+UI_add_verify_string                    3064	EXIST::FUNCTION:
+_ossl_old_des_set_key                   3065	EXIST::FUNCTION:DES
+KRB5_PRINCNAME_it                       3066	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_PRINCNAME_it                       3066	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_DecryptInit_ex                      3067	EXIST::FUNCTION:
+i2d_OCSP_CERTID                         3068	EXIST::FUNCTION:
+ASN1_item_d2i_bio                       3069	EXIST::FUNCTION:BIO
+EC_POINT_dbl                            3070	EXIST::FUNCTION:EC
+asn1_get_choice_selector                3071	EXIST::FUNCTION:
+i2d_KRB5_CHECKSUM                       3072	EXIST::FUNCTION:
+ENGINE_set_table_flags                  3073	EXIST::FUNCTION:ENGINE
+AES_options                             3074	EXIST::FUNCTION:AES
+ENGINE_load_chil                        3075	EXIST::FUNCTION:ENGINE,STATIC_ENGINE
+OCSP_id_cmp                             3076	EXIST::FUNCTION:
+OCSP_BASICRESP_new                      3077	EXIST::FUNCTION:
+OCSP_REQUEST_get_ext_by_NID             3078	EXIST::FUNCTION:
+KRB5_APREQ_it                           3079	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_APREQ_it                           3079	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_get_destroy_function             3080	EXIST::FUNCTION:ENGINE
+CONF_set_nconf                          3081	EXIST::FUNCTION:
+ASN1_PRINTABLE_free                     3082	EXIST::FUNCTION:
+OCSP_BASICRESP_get_ext_by_NID           3083	EXIST::FUNCTION:
+DIST_POINT_NAME_it                      3084	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+DIST_POINT_NAME_it                      3084	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509V3_extensions_print                 3085	EXIST::FUNCTION:
+_ossl_old_des_cfb64_encrypt             3086	EXIST::FUNCTION:DES
+X509_REVOKED_add1_ext_i2d               3087	EXIST::FUNCTION:
+_ossl_old_des_ofb_encrypt               3088	EXIST::FUNCTION:DES
+KRB5_TKTBODY_new                        3089	EXIST::FUNCTION:
+ASN1_OCTET_STRING_it                    3090	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_OCTET_STRING_it                    3090	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ERR_load_UI_strings                     3091	EXIST::FUNCTION:
+i2d_KRB5_ENCKEY                         3092	EXIST::FUNCTION:
+ASN1_template_new                       3093	EXIST::FUNCTION:
+OCSP_SIGNATURE_free                     3094	EXIST::FUNCTION:
+ASN1_item_i2d_fp                        3095	EXIST::FUNCTION:FP_API
+KRB5_PRINCNAME_free                     3096	EXIST::FUNCTION:
+PKCS7_RECIP_INFO_it                     3097	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_RECIP_INFO_it                     3097	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EXTENDED_KEY_USAGE_it                   3098	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+EXTENDED_KEY_USAGE_it                   3098	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_GFp_simple_method                    3099	EXIST::FUNCTION:EC
+EC_GROUP_precompute_mult                3100	EXIST::FUNCTION:EC
+OCSP_request_onereq_get0                3101	EXIST::FUNCTION:
+UI_method_set_writer                    3102	EXIST::FUNCTION:
+KRB5_AUTHENT_new                        3103	EXIST::FUNCTION:
+X509_CRL_INFO_it                        3104	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CRL_INFO_it                        3104	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+DSO_set_name_converter                  3105	EXIST::FUNCTION:
+AES_set_decrypt_key                     3106	EXIST::FUNCTION:AES
+PKCS7_DIGEST_it                         3107	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_DIGEST_it                         3107	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS12_x5092certbag                     3108	EXIST::FUNCTION:
+EVP_DigestInit_ex                       3109	EXIST::FUNCTION:
+i2a_ACCESS_DESCRIPTION                  3110	EXIST::FUNCTION:
+OCSP_RESPONSE_it                        3111	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_RESPONSE_it                        3111	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS7_ENC_CONTENT_it                    3112	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ENC_CONTENT_it                    3112	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_request_add0_id                    3113	EXIST::FUNCTION:
+EC_POINT_make_affine                    3114	EXIST::FUNCTION:EC
+DSO_get_filename                        3115	EXIST::FUNCTION:
+OCSP_CERTSTATUS_it                      3116	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_CERTSTATUS_it                      3116	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_request_add1_cert                  3117	EXIST::FUNCTION:
+UI_get0_output_string                   3118	EXIST::FUNCTION:
+UI_dup_verify_string                    3119	EXIST::FUNCTION:
+BN_mod_lshift                           3120	EXIST::FUNCTION:
+KRB5_AUTHDATA_it                        3121	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_AUTHDATA_it                        3121	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+asn1_set_choice_selector                3122	EXIST::FUNCTION:
+OCSP_basic_add1_status                  3123	EXIST::FUNCTION:
+OCSP_RESPID_free                        3124	EXIST::FUNCTION:
+asn1_get_field_ptr                      3125	EXIST::FUNCTION:
+UI_add_input_string                     3126	EXIST::FUNCTION:
+OCSP_CRLID_it                           3127	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_CRLID_it                           3127	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_KRB5_AUTHENTBODY                    3128	EXIST::FUNCTION:
+OCSP_REQUEST_get_ext_count              3129	EXIST::FUNCTION:
+ENGINE_load_atalla                      3130	EXIST::FUNCTION:ENGINE,STATIC_ENGINE
+X509_NAME_it                            3131	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_NAME_it                            3131	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+USERNOTICE_it                           3132	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+USERNOTICE_it                           3132	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_REQINFO_new                        3133	EXIST::FUNCTION:
+OCSP_BASICRESP_get_ext                  3134	EXIST::FUNCTION:
+CRYPTO_get_ex_data_implementation       3135	EXIST:!VMS:FUNCTION:
+CRYPTO_get_ex_data_impl                 3135	EXIST:VMS:FUNCTION:
+ASN1_item_pack                          3136	EXIST::FUNCTION:
+i2d_KRB5_ENCDATA                        3137	EXIST::FUNCTION:
+X509_PURPOSE_set                        3138	EXIST::FUNCTION:
+X509_REQ_INFO_it                        3139	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_REQ_INFO_it                        3139	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_method_set_opener                    3140	EXIST::FUNCTION:
+ASN1_item_ex_free                       3141	EXIST::FUNCTION:
+ASN1_BOOLEAN_it                         3142	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_BOOLEAN_it                         3142	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_get_table_flags                  3143	EXIST::FUNCTION:ENGINE
+UI_create_method                        3144	EXIST::FUNCTION:
+OCSP_ONEREQ_add1_ext_i2d                3145	EXIST::FUNCTION:
+_shadow_DES_check_key                   3146	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES
+_shadow_DES_check_key                   3146	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES
+d2i_OCSP_REQINFO                        3147	EXIST::FUNCTION:
+UI_add_info_string                      3148	EXIST::FUNCTION:
+UI_get_result_minsize                   3149	EXIST::FUNCTION:
+ASN1_NULL_it                            3150	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_NULL_it                            3150	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BN_mod_lshift1                          3151	EXIST::FUNCTION:
+d2i_OCSP_ONEREQ                         3152	EXIST::FUNCTION:
+OCSP_ONEREQ_new                         3153	EXIST::FUNCTION:
+KRB5_TICKET_it                          3154	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_TICKET_it                          3154	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_aes_192_cbc                         3155	EXIST::FUNCTION:AES
+KRB5_TICKET_free                        3156	EXIST::FUNCTION:
+UI_new                                  3157	EXIST::FUNCTION:
+OCSP_response_create                    3158	EXIST::FUNCTION:
+_ossl_old_des_xcbc_encrypt              3159	EXIST::FUNCTION:DES
+PKCS7_it                                3160	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_it                                3160	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_REQUEST_get_ext_by_critical        3161	EXIST:!VMS:FUNCTION:
+OCSP_REQUEST_get_ext_by_crit            3161	EXIST:VMS:FUNCTION:
+ENGINE_set_flags                        3162	EXIST::FUNCTION:ENGINE
+_ossl_old_des_ecb_encrypt               3163	EXIST::FUNCTION:DES
+OCSP_response_get1_basic                3164	EXIST::FUNCTION:
+EVP_Digest                              3165	EXIST::FUNCTION:
+OCSP_ONEREQ_delete_ext                  3166	EXIST::FUNCTION:
+ASN1_TBOOLEAN_it                        3167	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_TBOOLEAN_it                        3167	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_item_new                           3168	EXIST::FUNCTION:
+ASN1_TIME_to_generalizedtime            3169	EXIST::FUNCTION:
+BIGNUM_it                               3170	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+BIGNUM_it                               3170	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+AES_cbc_encrypt                         3171	EXIST::FUNCTION:AES
+ENGINE_get_load_privkey_function        3172	EXIST:!VMS:FUNCTION:ENGINE
+ENGINE_get_load_privkey_fn              3172	EXIST:VMS:FUNCTION:ENGINE
+OCSP_RESPONSE_free                      3173	EXIST::FUNCTION:
+UI_method_set_reader                    3174	EXIST::FUNCTION:
+i2d_ASN1_T61STRING                      3175	EXIST::FUNCTION:
+EC_POINT_set_to_infinity                3176	EXIST::FUNCTION:EC
+ERR_load_OCSP_strings                   3177	EXIST::FUNCTION:
+EC_POINT_point2oct                      3178	EXIST::FUNCTION:EC
+KRB5_APREQ_free                         3179	EXIST::FUNCTION:
+ASN1_OBJECT_it                          3180	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_OBJECT_it                          3180	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_crlID_new                          3181	EXIST:!OS2,!VMS:FUNCTION:
+OCSP_crlID2_new                         3181	EXIST:OS2,VMS:FUNCTION:
+CONF_modules_load_file                  3182	EXIST::FUNCTION:
+CONF_imodule_set_usr_data               3183	EXIST::FUNCTION:
+ENGINE_set_default_string               3184	EXIST::FUNCTION:ENGINE
+CONF_module_get_usr_data                3185	EXIST::FUNCTION:
+ASN1_add_oid_module                     3186	EXIST::FUNCTION:
+CONF_modules_finish                     3187	EXIST::FUNCTION:
+OPENSSL_config                          3188	EXIST::FUNCTION:
+CONF_modules_unload                     3189	EXIST::FUNCTION:
+CONF_imodule_get_value                  3190	EXIST::FUNCTION:
+CONF_module_set_usr_data                3191	EXIST::FUNCTION:
+CONF_parse_list                         3192	EXIST::FUNCTION:
+CONF_module_add                         3193	EXIST::FUNCTION:
+CONF_get1_default_config_file           3194	EXIST::FUNCTION:
+CONF_imodule_get_flags                  3195	EXIST::FUNCTION:
+CONF_imodule_get_module                 3196	EXIST::FUNCTION:
+CONF_modules_load                       3197	EXIST::FUNCTION:
+CONF_imodule_get_name                   3198	EXIST::FUNCTION:
+ERR_peek_top_error                      3199	NOEXIST::FUNCTION:
+CONF_imodule_get_usr_data               3200	EXIST::FUNCTION:
+CONF_imodule_set_flags                  3201	EXIST::FUNCTION:
+ENGINE_add_conf_module                  3202	EXIST::FUNCTION:ENGINE
+ERR_peek_last_error_line                3203	EXIST::FUNCTION:
+ERR_peek_last_error_line_data           3204	EXIST::FUNCTION:
+ERR_peek_last_error                     3205	EXIST::FUNCTION:
+DES_read_2passwords                     3206	EXIST::FUNCTION:DES
+DES_read_password                       3207	EXIST::FUNCTION:DES
+UI_UTIL_read_pw                         3208	EXIST::FUNCTION:
+UI_UTIL_read_pw_string                  3209	EXIST::FUNCTION:
+ENGINE_load_aep                         3210	EXIST::FUNCTION:ENGINE,STATIC_ENGINE
+ENGINE_load_sureware                    3211	EXIST::FUNCTION:ENGINE,STATIC_ENGINE
+OPENSSL_add_all_algorithms_noconf       3212	EXIST:!VMS:FUNCTION:
+OPENSSL_add_all_algo_noconf             3212	EXIST:VMS:FUNCTION:
+OPENSSL_add_all_algorithms_conf         3213	EXIST:!VMS:FUNCTION:
+OPENSSL_add_all_algo_conf               3213	EXIST:VMS:FUNCTION:
+OPENSSL_load_builtin_modules            3214	EXIST::FUNCTION:
+AES_ofb128_encrypt                      3215	EXIST::FUNCTION:AES
+AES_ctr128_encrypt                      3216	EXIST::FUNCTION:AES
+AES_cfb128_encrypt                      3217	EXIST::FUNCTION:AES
+ENGINE_load_4758cca                     3218	EXIST::FUNCTION:ENGINE,STATIC_ENGINE
+_ossl_096_des_random_seed               3219	EXIST::FUNCTION:DES
+EVP_aes_256_ofb                         3220	EXIST::FUNCTION:AES
+EVP_aes_192_ofb                         3221	EXIST::FUNCTION:AES
+EVP_aes_128_cfb128                      3222	EXIST::FUNCTION:AES
+EVP_aes_256_cfb128                      3223	EXIST::FUNCTION:AES
+EVP_aes_128_ofb                         3224	EXIST::FUNCTION:AES
+EVP_aes_192_cfb128                      3225	EXIST::FUNCTION:AES
+CONF_modules_free                       3226	EXIST::FUNCTION:
+NCONF_default                           3227	EXIST::FUNCTION:
+OPENSSL_no_config                       3228	EXIST::FUNCTION:
+NCONF_WIN32                             3229	EXIST::FUNCTION:
+ASN1_UNIVERSALSTRING_new                3230	EXIST::FUNCTION:
+EVP_des_ede_ecb                         3231	EXIST::FUNCTION:DES
+i2d_ASN1_UNIVERSALSTRING                3232	EXIST::FUNCTION:
+ASN1_UNIVERSALSTRING_free               3233	EXIST::FUNCTION:
+ASN1_UNIVERSALSTRING_it                 3234	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_UNIVERSALSTRING_it                 3234	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_ASN1_UNIVERSALSTRING                3235	EXIST::FUNCTION:
+EVP_des_ede3_ecb                        3236	EXIST::FUNCTION:DES
+X509_REQ_print_ex                       3237	EXIST::FUNCTION:BIO
+ENGINE_up_ref                           3238	EXIST::FUNCTION:ENGINE
+BUF_MEM_grow_clean                      3239	EXIST::FUNCTION:
+CRYPTO_realloc_clean                    3240	EXIST::FUNCTION:
+BUF_strlcat                             3241	EXIST::FUNCTION:
+BIO_indent                              3242	EXIST::FUNCTION:
+BUF_strlcpy                             3243	EXIST::FUNCTION:
+OpenSSLDie                              3244	EXIST::FUNCTION:
+OPENSSL_cleanse                         3245	EXIST::FUNCTION:
+ENGINE_setup_bsd_cryptodev              3246	EXIST:__FreeBSD__:FUNCTION:ENGINE
+ERR_release_err_state_table             3247	EXIST::FUNCTION:LHASH
+EVP_aes_128_cfb8                        3248	EXIST::FUNCTION:AES
+FIPS_corrupt_rsa                        3249	NOEXIST::FUNCTION:
+FIPS_selftest_des                       3250	NOEXIST::FUNCTION:
+EVP_aes_128_cfb1                        3251	EXIST::FUNCTION:AES
+EVP_aes_192_cfb8                        3252	EXIST::FUNCTION:AES
+FIPS_mode_set                           3253	EXIST::FUNCTION:
+FIPS_selftest_dsa                       3254	NOEXIST::FUNCTION:
+EVP_aes_256_cfb8                        3255	EXIST::FUNCTION:AES
+FIPS_allow_md5                          3256	NOEXIST::FUNCTION:
+DES_ede3_cfb_encrypt                    3257	EXIST::FUNCTION:DES
+EVP_des_ede3_cfb8                       3258	EXIST::FUNCTION:DES
+FIPS_rand_seeded                        3259	NOEXIST::FUNCTION:
+AES_cfbr_encrypt_block                  3260	NOEXIST::FUNCTION:
+AES_cfb8_encrypt                        3261	EXIST::FUNCTION:AES
+FIPS_rand_seed                          3262	NOEXIST::FUNCTION:
+FIPS_corrupt_des                        3263	NOEXIST::FUNCTION:
+EVP_aes_192_cfb1                        3264	EXIST::FUNCTION:AES
+FIPS_selftest_aes                       3265	NOEXIST::FUNCTION:
+FIPS_set_prng_key                       3266	NOEXIST::FUNCTION:
+EVP_des_cfb8                            3267	EXIST::FUNCTION:DES
+FIPS_corrupt_dsa                        3268	NOEXIST::FUNCTION:
+FIPS_test_mode                          3269	NOEXIST::FUNCTION:
+FIPS_rand_method                        3270	NOEXIST::FUNCTION:
+EVP_aes_256_cfb1                        3271	EXIST::FUNCTION:AES
+ERR_load_FIPS_strings                   3272	NOEXIST::FUNCTION:
+FIPS_corrupt_aes                        3273	NOEXIST::FUNCTION:
+FIPS_selftest_sha1                      3274	NOEXIST::FUNCTION:
+FIPS_selftest_rsa                       3275	NOEXIST::FUNCTION:
+FIPS_corrupt_sha1                       3276	NOEXIST::FUNCTION:
+EVP_des_cfb1                            3277	EXIST::FUNCTION:DES
+FIPS_dsa_check                          3278	NOEXIST::FUNCTION:
+AES_cfb1_encrypt                        3279	EXIST::FUNCTION:AES
+EVP_des_ede3_cfb1                       3280	EXIST::FUNCTION:DES
+FIPS_rand_check                         3281	NOEXIST::FUNCTION:
+FIPS_md5_allowed                        3282	NOEXIST::FUNCTION:
+FIPS_mode                               3283	EXIST::FUNCTION:
+FIPS_selftest_failed                    3284	NOEXIST::FUNCTION:
+sk_is_sorted                            3285	EXIST::FUNCTION:
+X509_check_ca                           3286	EXIST::FUNCTION:
+private_idea_set_encrypt_key            3287	EXIST:OPENSSL_FIPS:FUNCTION:IDEA
+HMAC_CTX_set_flags                      3288	EXIST::FUNCTION:HMAC
+private_SHA_Init                        3289	EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA0
+private_CAST_set_key                    3290	EXIST:OPENSSL_FIPS:FUNCTION:CAST
+private_RIPEMD160_Init                  3291	EXIST:OPENSSL_FIPS:FUNCTION:RIPEMD
+private_RC5_32_set_key                  3292	NOEXIST::FUNCTION:
+private_MD5_Init                        3293	EXIST:OPENSSL_FIPS:FUNCTION:MD5
+private_RC4_set_key                     3294	EXIST::FUNCTION:RC4
+private_MDC2_Init                       3295	EXIST:OPENSSL_FIPS:FUNCTION:MDC2
+private_RC2_set_key                     3296	EXIST:OPENSSL_FIPS:FUNCTION:RC2
+private_MD4_Init                        3297	EXIST:OPENSSL_FIPS:FUNCTION:MD4
+private_BF_set_key                      3298	EXIST:OPENSSL_FIPS:FUNCTION:BF
+private_MD2_Init                        3299	EXIST:OPENSSL_FIPS:FUNCTION:MD2
+d2i_PROXY_CERT_INFO_EXTENSION           3300	EXIST::FUNCTION:
+PROXY_POLICY_it                         3301	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PROXY_POLICY_it                         3301	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_PROXY_POLICY                        3302	EXIST::FUNCTION:
+i2d_PROXY_CERT_INFO_EXTENSION           3303	EXIST::FUNCTION:
+d2i_PROXY_POLICY                        3304	EXIST::FUNCTION:
+PROXY_CERT_INFO_EXTENSION_new           3305	EXIST::FUNCTION:
+PROXY_CERT_INFO_EXTENSION_free          3306	EXIST::FUNCTION:
+PROXY_CERT_INFO_EXTENSION_it            3307	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PROXY_CERT_INFO_EXTENSION_it            3307	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PROXY_POLICY_free                       3308	EXIST::FUNCTION:
+PROXY_POLICY_new                        3309	EXIST::FUNCTION:
+BN_MONT_CTX_set_locked                  3310	EXIST::FUNCTION:
+FIPS_selftest_rng                       3311	NOEXIST::FUNCTION:
+EVP_sha384                              3312	EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+EVP_sha512                              3313	EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+EVP_sha224                              3314	EXIST::FUNCTION:SHA,SHA256
+EVP_sha256                              3315	EXIST::FUNCTION:SHA,SHA256
+FIPS_selftest_hmac                      3316	NOEXIST::FUNCTION:
+FIPS_corrupt_rng                        3317	NOEXIST::FUNCTION:
+BN_mod_exp_mont_consttime               3318	EXIST::FUNCTION:
+RSA_X931_hash_id                        3319	EXIST::FUNCTION:RSA
+RSA_padding_check_X931                  3320	EXIST::FUNCTION:RSA
+RSA_verify_PKCS1_PSS                    3321	EXIST::FUNCTION:RSA
+RSA_padding_add_X931                    3322	EXIST::FUNCTION:RSA
+RSA_padding_add_PKCS1_PSS               3323	EXIST::FUNCTION:RSA
+PKCS1_MGF1                              3324	EXIST::FUNCTION:RSA
+BN_X931_generate_Xpq                    3325	EXIST::FUNCTION:
+RSA_X931_generate_key                   3326	NOEXIST::FUNCTION:
+BN_X931_derive_prime                    3327	NOEXIST::FUNCTION:
+BN_X931_generate_prime                  3328	NOEXIST::FUNCTION:
+RSA_X931_derive                         3329	NOEXIST::FUNCTION:
+BIO_new_dgram                           3330	EXIST::FUNCTION:
+BN_get0_nist_prime_384                  3331	EXIST::FUNCTION:
+ERR_set_mark                            3332	EXIST::FUNCTION:
+X509_STORE_CTX_set0_crls                3333	EXIST::FUNCTION:
+ENGINE_set_STORE                        3334	EXIST::FUNCTION:ENGINE
+ENGINE_register_ECDSA                   3335	EXIST::FUNCTION:ENGINE
+STORE_meth_set_list_start_fn            3336	NOEXIST::FUNCTION:
+STORE_method_set_list_start_function    3336	NOEXIST::FUNCTION:
+BN_BLINDING_invert_ex                   3337	EXIST::FUNCTION:
+NAME_CONSTRAINTS_free                   3338	EXIST::FUNCTION:
+STORE_ATTR_INFO_set_number              3339	NOEXIST::FUNCTION:
+BN_BLINDING_get_thread_id               3340	EXIST::FUNCTION:DEPRECATED
+X509_STORE_CTX_set0_param               3341	EXIST::FUNCTION:
+POLICY_MAPPING_it                       3342	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICY_MAPPING_it                       3342	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+STORE_parse_attrs_start                 3343	NOEXIST::FUNCTION:
+POLICY_CONSTRAINTS_free                 3344	EXIST::FUNCTION:
+EVP_PKEY_add1_attr_by_NID               3345	EXIST::FUNCTION:
+BN_nist_mod_192                         3346	EXIST::FUNCTION:
+EC_GROUP_get_trinomial_basis            3347	EXIST::FUNCTION:EC,EC2M
+STORE_set_method                        3348	NOEXIST::FUNCTION:
+GENERAL_SUBTREE_free                    3349	EXIST::FUNCTION:
+NAME_CONSTRAINTS_it                     3350	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NAME_CONSTRAINTS_it                     3350	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ECDH_get_default_method                 3351	EXIST::FUNCTION:ECDH
+PKCS12_add_safe                         3352	EXIST::FUNCTION:
+EC_KEY_new_by_curve_name                3353	EXIST::FUNCTION:EC
+STORE_meth_get_update_store_fn          3354	NOEXIST::FUNCTION:
+STORE_method_get_update_store_function  3354	NOEXIST::FUNCTION:
+ENGINE_register_ECDH                    3355	EXIST::FUNCTION:ENGINE
+SHA512_Update                           3356	EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+i2d_ECPrivateKey                        3357	EXIST::FUNCTION:EC
+BN_get0_nist_prime_192                  3358	EXIST::FUNCTION:
+STORE_modify_certificate                3359	NOEXIST::FUNCTION:
+EC_POINT_set_affine_coordinates_GF2m    3360	EXIST:!VMS:FUNCTION:EC,EC2M
+EC_POINT_set_affine_coords_GF2m         3360	EXIST:VMS:FUNCTION:EC,EC2M
+BN_GF2m_mod_exp_arr                     3361	EXIST::FUNCTION:EC2M
+STORE_ATTR_INFO_modify_number           3362	NOEXIST::FUNCTION:
+X509_keyid_get0                         3363	EXIST::FUNCTION:
+ENGINE_load_gmp                         3364	EXIST::FUNCTION:ENGINE,GMP,STATIC_ENGINE
+pitem_new                               3365	EXIST::FUNCTION:
+BN_GF2m_mod_mul_arr                     3366	EXIST::FUNCTION:EC2M
+STORE_list_public_key_endp              3367	NOEXIST::FUNCTION:
+o2i_ECPublicKey                         3368	EXIST::FUNCTION:EC
+EC_KEY_copy                             3369	EXIST::FUNCTION:EC
+BIO_dump_fp                             3370	EXIST::FUNCTION:FP_API
+X509_policy_node_get0_parent            3371	EXIST::FUNCTION:
+EC_GROUP_check_discriminant             3372	EXIST::FUNCTION:EC
+i2o_ECPublicKey                         3373	EXIST::FUNCTION:EC
+EC_KEY_precompute_mult                  3374	EXIST::FUNCTION:EC
+a2i_IPADDRESS                           3375	EXIST::FUNCTION:
+STORE_meth_set_initialise_fn            3376	NOEXIST::FUNCTION:
+STORE_method_set_initialise_function    3376	NOEXIST::FUNCTION:
+X509_STORE_CTX_set_depth                3377	EXIST::FUNCTION:
+X509_VERIFY_PARAM_inherit               3378	EXIST::FUNCTION:
+EC_POINT_point2bn                       3379	EXIST::FUNCTION:EC
+STORE_ATTR_INFO_set_dn                  3380	NOEXIST::FUNCTION:
+X509_policy_tree_get0_policies          3381	EXIST::FUNCTION:
+EC_GROUP_new_curve_GF2m                 3382	EXIST::FUNCTION:EC,EC2M
+STORE_destroy_method                    3383	NOEXIST::FUNCTION:
+ENGINE_unregister_STORE                 3384	EXIST::FUNCTION:ENGINE
+EVP_PKEY_get1_EC_KEY                    3385	EXIST::FUNCTION:EC
+STORE_ATTR_INFO_get0_number             3386	NOEXIST::FUNCTION:
+ENGINE_get_default_ECDH                 3387	EXIST::FUNCTION:ENGINE
+EC_KEY_get_conv_form                    3388	EXIST::FUNCTION:EC
+ASN1_OCTET_STRING_NDEF_it               3389	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_OCTET_STRING_NDEF_it               3389	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+STORE_delete_public_key                 3390	NOEXIST::FUNCTION:
+STORE_get_public_key                    3391	NOEXIST::FUNCTION:
+STORE_modify_arbitrary                  3392	NOEXIST::FUNCTION:
+ENGINE_get_static_state                 3393	EXIST::FUNCTION:ENGINE
+pqueue_iterator                         3394	EXIST::FUNCTION:
+ECDSA_SIG_new                           3395	EXIST::FUNCTION:ECDSA
+OPENSSL_DIR_end                         3396	EXIST::FUNCTION:
+BN_GF2m_mod_sqr                         3397	EXIST::FUNCTION:EC2M
+EC_POINT_bn2point                       3398	EXIST::FUNCTION:EC
+X509_VERIFY_PARAM_set_depth             3399	EXIST::FUNCTION:
+EC_KEY_set_asn1_flag                    3400	EXIST::FUNCTION:EC
+STORE_get_method                        3401	NOEXIST::FUNCTION:
+EC_KEY_get_key_method_data              3402	EXIST::FUNCTION:EC
+ECDSA_sign_ex                           3403	EXIST::FUNCTION:ECDSA
+STORE_parse_attrs_end                   3404	NOEXIST::FUNCTION:
+EC_GROUP_get_point_conversion_form      3405	EXIST:!VMS:FUNCTION:EC
+EC_GROUP_get_point_conv_form            3405	EXIST:VMS:FUNCTION:EC
+STORE_method_set_store_function         3406	NOEXIST::FUNCTION:
+STORE_ATTR_INFO_in                      3407	NOEXIST::FUNCTION:
+PEM_read_bio_ECPKParameters             3408	EXIST::FUNCTION:EC
+EC_GROUP_get_pentanomial_basis          3409	EXIST::FUNCTION:EC,EC2M
+EVP_PKEY_add1_attr_by_txt               3410	EXIST::FUNCTION:
+BN_BLINDING_set_flags                   3411	EXIST::FUNCTION:
+X509_VERIFY_PARAM_set1_policies         3412	EXIST::FUNCTION:
+X509_VERIFY_PARAM_set1_name             3413	EXIST::FUNCTION:
+X509_VERIFY_PARAM_set_purpose           3414	EXIST::FUNCTION:
+STORE_get_number                        3415	NOEXIST::FUNCTION:
+ECDSA_sign_setup                        3416	EXIST::FUNCTION:ECDSA
+BN_GF2m_mod_solve_quad_arr              3417	EXIST::FUNCTION:EC2M
+EC_KEY_up_ref                           3418	EXIST::FUNCTION:EC
+POLICY_MAPPING_free                     3419	EXIST::FUNCTION:
+BN_GF2m_mod_div                         3420	EXIST::FUNCTION:EC2M
+X509_VERIFY_PARAM_set_flags             3421	EXIST::FUNCTION:
+EC_KEY_free                             3422	EXIST::FUNCTION:EC
+STORE_meth_set_list_next_fn             3423	NOEXIST::FUNCTION:
+STORE_method_set_list_next_function     3423	NOEXIST::FUNCTION:
+PEM_write_bio_ECPrivateKey              3424	EXIST::FUNCTION:EC
+d2i_EC_PUBKEY                           3425	EXIST::FUNCTION:EC
+STORE_meth_get_generate_fn              3426	NOEXIST::FUNCTION:
+STORE_method_get_generate_function      3426	NOEXIST::FUNCTION:
+STORE_meth_set_list_end_fn              3427	NOEXIST::FUNCTION:
+STORE_method_set_list_end_function      3427	NOEXIST::FUNCTION:
+pqueue_print                            3428	EXIST::FUNCTION:
+EC_GROUP_have_precompute_mult           3429	EXIST::FUNCTION:EC
+EC_KEY_print_fp                         3430	EXIST::FUNCTION:EC,FP_API
+BN_GF2m_mod_arr                         3431	EXIST::FUNCTION:EC2M
+PEM_write_bio_X509_CERT_PAIR            3432	EXIST::FUNCTION:
+EVP_PKEY_cmp                            3433	EXIST::FUNCTION:
+X509_policy_level_node_count            3434	EXIST::FUNCTION:
+STORE_new_engine                        3435	NOEXIST::FUNCTION:
+STORE_list_public_key_start             3436	NOEXIST::FUNCTION:
+X509_VERIFY_PARAM_new                   3437	EXIST::FUNCTION:
+ECDH_get_ex_data                        3438	EXIST::FUNCTION:ECDH
+EVP_PKEY_get_attr                       3439	EXIST::FUNCTION:
+ECDSA_do_sign                           3440	EXIST::FUNCTION:ECDSA
+ENGINE_unregister_ECDH                  3441	EXIST::FUNCTION:ENGINE
+ECDH_OpenSSL                            3442	EXIST::FUNCTION:ECDH
+EC_KEY_set_conv_form                    3443	EXIST::FUNCTION:EC
+EC_POINT_dup                            3444	EXIST::FUNCTION:EC
+GENERAL_SUBTREE_new                     3445	EXIST::FUNCTION:
+STORE_list_crl_endp                     3446	NOEXIST::FUNCTION:
+EC_get_builtin_curves                   3447	EXIST::FUNCTION:EC
+X509_policy_node_get0_qualifiers        3448	EXIST:!VMS:FUNCTION:
+X509_pcy_node_get0_qualifiers           3448	EXIST:VMS:FUNCTION:
+STORE_list_crl_end                      3449	NOEXIST::FUNCTION:
+EVP_PKEY_set1_EC_KEY                    3450	EXIST::FUNCTION:EC
+BN_GF2m_mod_sqrt_arr                    3451	EXIST::FUNCTION:EC2M
+i2d_ECPrivateKey_bio                    3452	EXIST::FUNCTION:BIO,EC
+ECPKParameters_print_fp                 3453	EXIST::FUNCTION:EC,FP_API
+pqueue_find                             3454	EXIST::FUNCTION:
+ECDSA_SIG_free                          3455	EXIST::FUNCTION:ECDSA
+PEM_write_bio_ECPKParameters            3456	EXIST::FUNCTION:EC
+STORE_method_set_ctrl_function          3457	NOEXIST::FUNCTION:
+STORE_list_public_key_end               3458	NOEXIST::FUNCTION:
+EC_KEY_set_private_key                  3459	EXIST::FUNCTION:EC
+pqueue_peek                             3460	EXIST::FUNCTION:
+STORE_get_arbitrary                     3461	NOEXIST::FUNCTION:
+STORE_store_crl                         3462	NOEXIST::FUNCTION:
+X509_policy_node_get0_policy            3463	EXIST::FUNCTION:
+PKCS12_add_safes                        3464	EXIST::FUNCTION:
+BN_BLINDING_convert_ex                  3465	EXIST::FUNCTION:
+X509_policy_tree_free                   3466	EXIST::FUNCTION:
+OPENSSL_ia32cap_loc                     3467	EXIST::FUNCTION:
+BN_GF2m_poly2arr                        3468	EXIST::FUNCTION:EC2M
+STORE_ctrl                              3469	NOEXIST::FUNCTION:
+STORE_ATTR_INFO_compare                 3470	NOEXIST::FUNCTION:
+BN_get0_nist_prime_224                  3471	EXIST::FUNCTION:
+i2d_ECParameters                        3472	EXIST::FUNCTION:EC
+i2d_ECPKParameters                      3473	EXIST::FUNCTION:EC
+BN_GENCB_call                           3474	EXIST::FUNCTION:
+d2i_ECPKParameters                      3475	EXIST::FUNCTION:EC
+STORE_meth_set_generate_fn              3476	NOEXIST::FUNCTION:
+STORE_method_set_generate_function      3476	NOEXIST::FUNCTION:
+ENGINE_set_ECDH                         3477	EXIST::FUNCTION:ENGINE
+NAME_CONSTRAINTS_new                    3478	EXIST::FUNCTION:
+SHA256_Init                             3479	EXIST::FUNCTION:SHA,SHA256
+EC_KEY_get0_public_key                  3480	EXIST::FUNCTION:EC
+PEM_write_bio_EC_PUBKEY                 3481	EXIST::FUNCTION:EC
+STORE_ATTR_INFO_set_cstr                3482	NOEXIST::FUNCTION:
+STORE_list_crl_next                     3483	NOEXIST::FUNCTION:
+STORE_ATTR_INFO_in_range                3484	NOEXIST::FUNCTION:
+ECParameters_print                      3485	EXIST::FUNCTION:BIO,EC
+STORE_meth_set_delete_fn                3486	NOEXIST::FUNCTION:
+STORE_method_set_delete_function        3486	NOEXIST::FUNCTION:
+STORE_list_certificate_next             3487	NOEXIST::FUNCTION:
+ASN1_generate_nconf                     3488	EXIST::FUNCTION:
+BUF_memdup                              3489	EXIST::FUNCTION:
+BN_GF2m_mod_mul                         3490	EXIST::FUNCTION:EC2M
+STORE_meth_get_list_next_fn             3491	NOEXIST::FUNCTION:
+STORE_method_get_list_next_function     3491	NOEXIST::FUNCTION:
+STORE_ATTR_INFO_get0_dn                 3492	NOEXIST::FUNCTION:
+STORE_list_private_key_next             3493	NOEXIST::FUNCTION:
+EC_GROUP_set_seed                       3494	EXIST::FUNCTION:EC
+X509_VERIFY_PARAM_set_trust             3495	EXIST::FUNCTION:
+STORE_ATTR_INFO_free                    3496	NOEXIST::FUNCTION:
+STORE_get_private_key                   3497	NOEXIST::FUNCTION:
+EVP_PKEY_get_attr_count                 3498	EXIST::FUNCTION:
+STORE_ATTR_INFO_new                     3499	NOEXIST::FUNCTION:
+EC_GROUP_get_curve_GF2m                 3500	EXIST::FUNCTION:EC,EC2M
+STORE_meth_set_revoke_fn                3501	NOEXIST::FUNCTION:
+STORE_method_set_revoke_function        3501	NOEXIST::FUNCTION:
+STORE_store_number                      3502	NOEXIST::FUNCTION:
+BN_is_prime_ex                          3503	EXIST::FUNCTION:
+STORE_revoke_public_key                 3504	NOEXIST::FUNCTION:
+X509_STORE_CTX_get0_param               3505	EXIST::FUNCTION:
+STORE_delete_arbitrary                  3506	NOEXIST::FUNCTION:
+PEM_read_X509_CERT_PAIR                 3507	EXIST:!WIN16:FUNCTION:
+X509_STORE_set_depth                    3508	EXIST::FUNCTION:
+ECDSA_get_ex_data                       3509	EXIST::FUNCTION:ECDSA
+SHA224                                  3510	EXIST::FUNCTION:SHA,SHA256
+BIO_dump_indent_fp                      3511	EXIST::FUNCTION:FP_API
+EC_KEY_set_group                        3512	EXIST::FUNCTION:EC
+BUF_strndup                             3513	EXIST::FUNCTION:
+STORE_list_certificate_start            3514	NOEXIST::FUNCTION:
+BN_GF2m_mod                             3515	EXIST::FUNCTION:EC2M
+X509_REQ_check_private_key              3516	EXIST::FUNCTION:
+EC_GROUP_get_seed_len                   3517	EXIST::FUNCTION:EC
+ERR_load_STORE_strings                  3518	NOEXIST::FUNCTION:
+PEM_read_bio_EC_PUBKEY                  3519	EXIST::FUNCTION:EC
+STORE_list_private_key_end              3520	NOEXIST::FUNCTION:
+i2d_EC_PUBKEY                           3521	EXIST::FUNCTION:EC
+ECDSA_get_default_method                3522	EXIST::FUNCTION:ECDSA
+ASN1_put_eoc                            3523	EXIST::FUNCTION:
+X509_STORE_CTX_get_explicit_policy      3524	EXIST:!VMS:FUNCTION:
+X509_STORE_CTX_get_expl_policy          3524	EXIST:VMS:FUNCTION:
+X509_VERIFY_PARAM_table_cleanup         3525	EXIST::FUNCTION:
+STORE_modify_private_key                3526	NOEXIST::FUNCTION:
+X509_VERIFY_PARAM_free                  3527	EXIST::FUNCTION:
+EC_METHOD_get_field_type                3528	EXIST::FUNCTION:EC
+EC_GFp_nist_method                      3529	EXIST::FUNCTION:EC
+STORE_meth_set_modify_fn                3530	NOEXIST::FUNCTION:
+STORE_method_set_modify_function        3530	NOEXIST::FUNCTION:
+STORE_parse_attrs_next                  3531	NOEXIST::FUNCTION:
+ENGINE_load_padlock                     3532	EXIST::FUNCTION:ENGINE,STATIC_ENGINE
+EC_GROUP_set_curve_name                 3533	EXIST::FUNCTION:EC
+X509_CERT_PAIR_it                       3534	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CERT_PAIR_it                       3534	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+STORE_meth_get_revoke_fn                3535	NOEXIST::FUNCTION:
+STORE_method_get_revoke_function        3535	NOEXIST::FUNCTION:
+STORE_method_set_get_function           3536	NOEXIST::FUNCTION:
+STORE_modify_number                     3537	NOEXIST::FUNCTION:
+STORE_method_get_store_function         3538	NOEXIST::FUNCTION:
+STORE_store_private_key                 3539	NOEXIST::FUNCTION:
+BN_GF2m_mod_sqr_arr                     3540	EXIST::FUNCTION:EC2M
+RSA_setup_blinding                      3541	EXIST::FUNCTION:RSA
+BIO_s_datagram                          3542	EXIST::FUNCTION:DGRAM
+STORE_Memory                            3543	NOEXIST::FUNCTION:
+sk_find_ex                              3544	EXIST::FUNCTION:
+EC_GROUP_set_curve_GF2m                 3545	EXIST::FUNCTION:EC,EC2M
+ENGINE_set_default_ECDSA                3546	EXIST::FUNCTION:ENGINE
+POLICY_CONSTRAINTS_new                  3547	EXIST::FUNCTION:
+BN_GF2m_mod_sqrt                        3548	EXIST::FUNCTION:EC2M
+ECDH_set_default_method                 3549	EXIST::FUNCTION:ECDH
+EC_KEY_generate_key                     3550	EXIST::FUNCTION:EC
+SHA384_Update                           3551	EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+BN_GF2m_arr2poly                        3552	EXIST::FUNCTION:EC2M
+STORE_method_get_get_function           3553	NOEXIST::FUNCTION:
+STORE_meth_set_cleanup_fn               3554	NOEXIST::FUNCTION:
+STORE_method_set_cleanup_function       3554	NOEXIST::FUNCTION:
+EC_GROUP_check                          3555	EXIST::FUNCTION:EC
+d2i_ECPrivateKey_bio                    3556	EXIST::FUNCTION:BIO,EC
+EC_KEY_insert_key_method_data           3557	EXIST::FUNCTION:EC
+STORE_meth_get_lock_store_fn            3558	NOEXIST::FUNCTION:
+STORE_method_get_lock_store_function    3558	NOEXIST::FUNCTION:
+X509_VERIFY_PARAM_get_depth             3559	EXIST::FUNCTION:
+SHA224_Final                            3560	EXIST::FUNCTION:SHA,SHA256
+STORE_meth_set_update_store_fn          3561	NOEXIST::FUNCTION:
+STORE_method_set_update_store_function  3561	NOEXIST::FUNCTION:
+SHA224_Update                           3562	EXIST::FUNCTION:SHA,SHA256
+d2i_ECPrivateKey                        3563	EXIST::FUNCTION:EC
+ASN1_item_ndef_i2d                      3564	EXIST::FUNCTION:
+STORE_delete_private_key                3565	NOEXIST::FUNCTION:
+ERR_pop_to_mark                         3566	EXIST::FUNCTION:
+ENGINE_register_all_STORE               3567	EXIST::FUNCTION:ENGINE
+X509_policy_level_get0_node             3568	EXIST::FUNCTION:
+i2d_PKCS7_NDEF                          3569	EXIST::FUNCTION:
+EC_GROUP_get_degree                     3570	EXIST::FUNCTION:EC
+ASN1_generate_v3                        3571	EXIST::FUNCTION:
+STORE_ATTR_INFO_modify_cstr             3572	NOEXIST::FUNCTION:
+X509_policy_tree_level_count            3573	EXIST::FUNCTION:
+BN_GF2m_add                             3574	EXIST::FUNCTION:EC2M
+EC_KEY_get0_group                       3575	EXIST::FUNCTION:EC
+STORE_generate_crl                      3576	NOEXIST::FUNCTION:
+STORE_store_public_key                  3577	NOEXIST::FUNCTION:
+X509_CERT_PAIR_free                     3578	EXIST::FUNCTION:
+STORE_revoke_private_key                3579	NOEXIST::FUNCTION:
+BN_nist_mod_224                         3580	EXIST::FUNCTION:
+SHA512_Final                            3581	EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+STORE_ATTR_INFO_modify_dn               3582	NOEXIST::FUNCTION:
+STORE_meth_get_initialise_fn            3583	NOEXIST::FUNCTION:
+STORE_method_get_initialise_function    3583	NOEXIST::FUNCTION:
+STORE_delete_number                     3584	NOEXIST::FUNCTION:
+i2d_EC_PUBKEY_bio                       3585	EXIST::FUNCTION:BIO,EC
+BIO_dgram_non_fatal_error               3586	EXIST::FUNCTION:
+EC_GROUP_get_asn1_flag                  3587	EXIST::FUNCTION:EC
+STORE_ATTR_INFO_in_ex                   3588	NOEXIST::FUNCTION:
+STORE_list_crl_start                    3589	NOEXIST::FUNCTION:
+ECDH_get_ex_new_index                   3590	EXIST::FUNCTION:ECDH
+STORE_meth_get_modify_fn                3591	NOEXIST::FUNCTION:
+STORE_method_get_modify_function        3591	NOEXIST::FUNCTION:
+v2i_ASN1_BIT_STRING                     3592	EXIST::FUNCTION:
+STORE_store_certificate                 3593	NOEXIST::FUNCTION:
+OBJ_bsearch_ex                          3594	NOEXIST::FUNCTION:
+X509_STORE_CTX_set_default              3595	EXIST::FUNCTION:
+STORE_ATTR_INFO_set_sha1str             3596	NOEXIST::FUNCTION:
+BN_GF2m_mod_inv                         3597	EXIST::FUNCTION:EC2M
+BN_GF2m_mod_exp                         3598	EXIST::FUNCTION:EC2M
+STORE_modify_public_key                 3599	NOEXIST::FUNCTION:
+STORE_meth_get_list_start_fn            3600	NOEXIST::FUNCTION:
+STORE_method_get_list_start_function    3600	NOEXIST::FUNCTION:
+EC_GROUP_get0_seed                      3601	EXIST::FUNCTION:EC
+STORE_store_arbitrary                   3602	NOEXIST::FUNCTION:
+STORE_meth_set_unlock_store_fn          3603	NOEXIST::FUNCTION:
+STORE_method_set_unlock_store_function  3603	NOEXIST::FUNCTION:
+BN_GF2m_mod_div_arr                     3604	EXIST::FUNCTION:EC2M
+ENGINE_set_ECDSA                        3605	EXIST::FUNCTION:ENGINE
+STORE_create_method                     3606	NOEXIST::FUNCTION:
+ECPKParameters_print                    3607	EXIST::FUNCTION:BIO,EC
+EC_KEY_get0_private_key                 3608	EXIST::FUNCTION:EC
+PEM_write_EC_PUBKEY                     3609	EXIST:!WIN16:FUNCTION:EC
+X509_VERIFY_PARAM_set1                  3610	EXIST::FUNCTION:
+ECDH_set_method                         3611	EXIST::FUNCTION:ECDH
+v2i_GENERAL_NAME_ex                     3612	EXIST::FUNCTION:
+ECDH_set_ex_data                        3613	EXIST::FUNCTION:ECDH
+STORE_generate_key                      3614	NOEXIST::FUNCTION:
+BN_nist_mod_521                         3615	EXIST::FUNCTION:
+X509_policy_tree_get0_level             3616	EXIST::FUNCTION:
+EC_GROUP_set_point_conversion_form      3617	EXIST:!VMS:FUNCTION:EC
+EC_GROUP_set_point_conv_form            3617	EXIST:VMS:FUNCTION:EC
+PEM_read_EC_PUBKEY                      3618	EXIST:!WIN16:FUNCTION:EC
+i2d_ECDSA_SIG                           3619	EXIST::FUNCTION:ECDSA
+ECDSA_OpenSSL                           3620	EXIST::FUNCTION:ECDSA
+STORE_delete_crl                        3621	NOEXIST::FUNCTION:
+EC_KEY_get_enc_flags                    3622	EXIST::FUNCTION:EC
+ASN1_const_check_infinite_end           3623	EXIST::FUNCTION:
+EVP_PKEY_delete_attr                    3624	EXIST::FUNCTION:
+ECDSA_set_default_method                3625	EXIST::FUNCTION:ECDSA
+EC_POINT_set_compressed_coordinates_GF2m 3626	EXIST:!VMS:FUNCTION:EC,EC2M
+EC_POINT_set_compr_coords_GF2m          3626	EXIST:VMS:FUNCTION:EC,EC2M
+EC_GROUP_cmp                            3627	EXIST::FUNCTION:EC
+STORE_revoke_certificate                3628	NOEXIST::FUNCTION:
+BN_get0_nist_prime_256                  3629	EXIST::FUNCTION:
+STORE_meth_get_delete_fn                3630	NOEXIST::FUNCTION:
+STORE_method_get_delete_function        3630	NOEXIST::FUNCTION:
+SHA224_Init                             3631	EXIST::FUNCTION:SHA,SHA256
+PEM_read_ECPrivateKey                   3632	EXIST:!WIN16:FUNCTION:EC
+SHA512_Init                             3633	EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+STORE_parse_attrs_endp                  3634	NOEXIST::FUNCTION:
+BN_set_negative                         3635	EXIST::FUNCTION:
+ERR_load_ECDSA_strings                  3636	EXIST::FUNCTION:ECDSA
+EC_GROUP_get_basis_type                 3637	EXIST::FUNCTION:EC
+STORE_list_public_key_next              3638	NOEXIST::FUNCTION:
+i2v_ASN1_BIT_STRING                     3639	EXIST::FUNCTION:
+STORE_OBJECT_free                       3640	NOEXIST::FUNCTION:
+BN_nist_mod_384                         3641	EXIST::FUNCTION:
+i2d_X509_CERT_PAIR                      3642	EXIST::FUNCTION:
+PEM_write_ECPKParameters                3643	EXIST:!WIN16:FUNCTION:EC
+ECDH_compute_key                        3644	EXIST::FUNCTION:ECDH
+STORE_ATTR_INFO_get0_sha1str            3645	NOEXIST::FUNCTION:
+ENGINE_register_all_ECDH                3646	EXIST::FUNCTION:ENGINE
+pqueue_pop                              3647	EXIST::FUNCTION:
+STORE_ATTR_INFO_get0_cstr               3648	NOEXIST::FUNCTION:
+POLICY_CONSTRAINTS_it                   3649	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICY_CONSTRAINTS_it                   3649	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+STORE_get_ex_new_index                  3650	NOEXIST::FUNCTION:
+EVP_PKEY_get_attr_by_OBJ                3651	EXIST::FUNCTION:
+X509_VERIFY_PARAM_add0_policy           3652	EXIST::FUNCTION:
+BN_GF2m_mod_solve_quad                  3653	EXIST::FUNCTION:EC2M
+SHA256                                  3654	EXIST::FUNCTION:SHA,SHA256
+i2d_ECPrivateKey_fp                     3655	EXIST::FUNCTION:EC,FP_API
+X509_policy_tree_get0_user_policies     3656	EXIST:!VMS:FUNCTION:
+X509_pcy_tree_get0_usr_policies         3656	EXIST:VMS:FUNCTION:
+OPENSSL_DIR_read                        3657	EXIST::FUNCTION:
+ENGINE_register_all_ECDSA               3658	EXIST::FUNCTION:ENGINE
+X509_VERIFY_PARAM_lookup                3659	EXIST::FUNCTION:
+EC_POINT_get_affine_coordinates_GF2m    3660	EXIST:!VMS:FUNCTION:EC,EC2M
+EC_POINT_get_affine_coords_GF2m         3660	EXIST:VMS:FUNCTION:EC,EC2M
+EC_GROUP_dup                            3661	EXIST::FUNCTION:EC
+ENGINE_get_default_ECDSA                3662	EXIST::FUNCTION:ENGINE
+EC_KEY_new                              3663	EXIST::FUNCTION:EC
+SHA256_Transform                        3664	EXIST::FUNCTION:SHA,SHA256
+EC_KEY_set_enc_flags                    3665	EXIST::FUNCTION:EC
+ECDSA_verify                            3666	EXIST::FUNCTION:ECDSA
+EC_POINT_point2hex                      3667	EXIST::FUNCTION:EC
+ENGINE_get_STORE                        3668	EXIST::FUNCTION:ENGINE
+SHA512                                  3669	EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+STORE_get_certificate                   3670	NOEXIST::FUNCTION:
+ECDSA_do_sign_ex                        3671	EXIST::FUNCTION:ECDSA
+ECDSA_do_verify                         3672	EXIST::FUNCTION:ECDSA
+d2i_ECPrivateKey_fp                     3673	EXIST::FUNCTION:EC,FP_API
+STORE_delete_certificate                3674	NOEXIST::FUNCTION:
+SHA512_Transform                        3675	EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+X509_STORE_set1_param                   3676	EXIST::FUNCTION:
+STORE_method_get_ctrl_function          3677	NOEXIST::FUNCTION:
+STORE_free                              3678	NOEXIST::FUNCTION:
+PEM_write_ECPrivateKey                  3679	EXIST:!WIN16:FUNCTION:EC
+STORE_meth_get_unlock_store_fn          3680	NOEXIST::FUNCTION:
+STORE_method_get_unlock_store_function  3680	NOEXIST::FUNCTION:
+STORE_get_ex_data                       3681	NOEXIST::FUNCTION:
+EC_KEY_set_public_key                   3682	EXIST::FUNCTION:EC
+PEM_read_ECPKParameters                 3683	EXIST:!WIN16:FUNCTION:EC
+X509_CERT_PAIR_new                      3684	EXIST::FUNCTION:
+ENGINE_register_STORE                   3685	EXIST::FUNCTION:ENGINE
+RSA_generate_key_ex                     3686	EXIST::FUNCTION:RSA
+DSA_generate_parameters_ex              3687	EXIST::FUNCTION:DSA
+ECParameters_print_fp                   3688	EXIST::FUNCTION:EC,FP_API
+X509V3_NAME_from_section                3689	EXIST::FUNCTION:
+EVP_PKEY_add1_attr                      3690	EXIST::FUNCTION:
+STORE_modify_crl                        3691	NOEXIST::FUNCTION:
+STORE_list_private_key_start            3692	NOEXIST::FUNCTION:
+POLICY_MAPPINGS_it                      3693	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICY_MAPPINGS_it                      3693	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+GENERAL_SUBTREE_it                      3694	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+GENERAL_SUBTREE_it                      3694	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_GROUP_get_curve_name                 3695	EXIST::FUNCTION:EC
+PEM_write_X509_CERT_PAIR                3696	EXIST:!WIN16:FUNCTION:
+BIO_dump_indent_cb                      3697	EXIST::FUNCTION:
+d2i_X509_CERT_PAIR                      3698	EXIST::FUNCTION:
+STORE_list_private_key_endp             3699	NOEXIST::FUNCTION:
+asn1_const_Finish                       3700	EXIST::FUNCTION:
+i2d_EC_PUBKEY_fp                        3701	EXIST::FUNCTION:EC,FP_API
+BN_nist_mod_256                         3702	EXIST::FUNCTION:
+X509_VERIFY_PARAM_add0_table            3703	EXIST::FUNCTION:
+pqueue_free                             3704	EXIST::FUNCTION:
+BN_BLINDING_create_param                3705	EXIST::FUNCTION:
+ECDSA_size                              3706	EXIST::FUNCTION:ECDSA
+d2i_EC_PUBKEY_bio                       3707	EXIST::FUNCTION:BIO,EC
+BN_get0_nist_prime_521                  3708	EXIST::FUNCTION:
+STORE_ATTR_INFO_modify_sha1str          3709	NOEXIST::FUNCTION:
+BN_generate_prime_ex                    3710	EXIST::FUNCTION:
+EC_GROUP_new_by_curve_name              3711	EXIST::FUNCTION:EC
+SHA256_Final                            3712	EXIST::FUNCTION:SHA,SHA256
+DH_generate_parameters_ex               3713	EXIST::FUNCTION:DH
+PEM_read_bio_ECPrivateKey               3714	EXIST::FUNCTION:EC
+STORE_meth_get_cleanup_fn               3715	NOEXIST::FUNCTION:
+STORE_method_get_cleanup_function       3715	NOEXIST::FUNCTION:
+ENGINE_get_ECDH                         3716	EXIST::FUNCTION:ENGINE
+d2i_ECDSA_SIG                           3717	EXIST::FUNCTION:ECDSA
+BN_is_prime_fasttest_ex                 3718	EXIST::FUNCTION:
+ECDSA_sign                              3719	EXIST::FUNCTION:ECDSA
+X509_policy_check                       3720	EXIST::FUNCTION:
+EVP_PKEY_get_attr_by_NID                3721	EXIST::FUNCTION:
+STORE_set_ex_data                       3722	NOEXIST::FUNCTION:
+ENGINE_get_ECDSA                        3723	EXIST::FUNCTION:ENGINE
+EVP_ecdsa                               3724	EXIST::FUNCTION:SHA
+BN_BLINDING_get_flags                   3725	EXIST::FUNCTION:
+PKCS12_add_cert                         3726	EXIST::FUNCTION:
+STORE_OBJECT_new                        3727	NOEXIST::FUNCTION:
+ERR_load_ECDH_strings                   3728	EXIST::FUNCTION:ECDH
+EC_KEY_dup                              3729	EXIST::FUNCTION:EC
+EVP_CIPHER_CTX_rand_key                 3730	EXIST::FUNCTION:
+ECDSA_set_method                        3731	EXIST::FUNCTION:ECDSA
+a2i_IPADDRESS_NC                        3732	EXIST::FUNCTION:
+d2i_ECParameters                        3733	EXIST::FUNCTION:EC
+STORE_list_certificate_end              3734	NOEXIST::FUNCTION:
+STORE_get_crl                           3735	NOEXIST::FUNCTION:
+X509_POLICY_NODE_print                  3736	EXIST::FUNCTION:
+SHA384_Init                             3737	EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+EC_GF2m_simple_method                   3738	EXIST::FUNCTION:EC,EC2M
+ECDSA_set_ex_data                       3739	EXIST::FUNCTION:ECDSA
+SHA384_Final                            3740	EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+PKCS7_set_digest                        3741	EXIST::FUNCTION:
+EC_KEY_print                            3742	EXIST::FUNCTION:BIO,EC
+STORE_meth_set_lock_store_fn            3743	NOEXIST::FUNCTION:
+STORE_method_set_lock_store_function    3743	NOEXIST::FUNCTION:
+ECDSA_get_ex_new_index                  3744	EXIST::FUNCTION:ECDSA
+SHA384                                  3745	EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+POLICY_MAPPING_new                      3746	EXIST::FUNCTION:
+STORE_list_certificate_endp             3747	NOEXIST::FUNCTION:
+X509_STORE_CTX_get0_policy_tree         3748	EXIST::FUNCTION:
+EC_GROUP_set_asn1_flag                  3749	EXIST::FUNCTION:EC
+EC_KEY_check_key                        3750	EXIST::FUNCTION:EC
+d2i_EC_PUBKEY_fp                        3751	EXIST::FUNCTION:EC,FP_API
+PKCS7_set0_type_other                   3752	EXIST::FUNCTION:
+PEM_read_bio_X509_CERT_PAIR             3753	EXIST::FUNCTION:
+pqueue_next                             3754	EXIST::FUNCTION:
+STORE_meth_get_list_end_fn              3755	NOEXIST::FUNCTION:
+STORE_method_get_list_end_function      3755	NOEXIST::FUNCTION:
+EVP_PKEY_add1_attr_by_OBJ               3756	EXIST::FUNCTION:
+X509_VERIFY_PARAM_set_time              3757	EXIST::FUNCTION:
+pqueue_new                              3758	EXIST::FUNCTION:
+ENGINE_set_default_ECDH                 3759	EXIST::FUNCTION:ENGINE
+STORE_new_method                        3760	NOEXIST::FUNCTION:
+PKCS12_add_key                          3761	EXIST::FUNCTION:
+DSO_merge                               3762	EXIST::FUNCTION:
+EC_POINT_hex2point                      3763	EXIST::FUNCTION:EC
+BIO_dump_cb                             3764	EXIST::FUNCTION:
+SHA256_Update                           3765	EXIST::FUNCTION:SHA,SHA256
+pqueue_insert                           3766	EXIST::FUNCTION:
+pitem_free                              3767	EXIST::FUNCTION:
+BN_GF2m_mod_inv_arr                     3768	EXIST::FUNCTION:EC2M
+ENGINE_unregister_ECDSA                 3769	EXIST::FUNCTION:ENGINE
+BN_BLINDING_set_thread_id               3770	EXIST::FUNCTION:DEPRECATED
+get_rfc3526_prime_8192                  3771	EXIST::FUNCTION:
+X509_VERIFY_PARAM_clear_flags           3772	EXIST::FUNCTION:
+get_rfc2409_prime_1024                  3773	EXIST::FUNCTION:
+DH_check_pub_key                        3774	EXIST::FUNCTION:DH
+get_rfc3526_prime_2048                  3775	EXIST::FUNCTION:
+get_rfc3526_prime_6144                  3776	EXIST::FUNCTION:
+get_rfc3526_prime_1536                  3777	EXIST::FUNCTION:
+get_rfc3526_prime_3072                  3778	EXIST::FUNCTION:
+get_rfc3526_prime_4096                  3779	EXIST::FUNCTION:
+get_rfc2409_prime_768                   3780	EXIST::FUNCTION:
+X509_VERIFY_PARAM_get_flags             3781	EXIST::FUNCTION:
+EVP_CIPHER_CTX_new                      3782	EXIST::FUNCTION:
+EVP_CIPHER_CTX_free                     3783	EXIST::FUNCTION:
+Camellia_cbc_encrypt                    3784	EXIST::FUNCTION:CAMELLIA
+Camellia_cfb128_encrypt                 3785	EXIST::FUNCTION:CAMELLIA
+Camellia_cfb1_encrypt                   3786	EXIST::FUNCTION:CAMELLIA
+Camellia_cfb8_encrypt                   3787	EXIST::FUNCTION:CAMELLIA
+Camellia_ctr128_encrypt                 3788	EXIST::FUNCTION:CAMELLIA
+Camellia_cfbr_encrypt_block             3789	NOEXIST::FUNCTION:
+Camellia_decrypt                        3790	EXIST::FUNCTION:CAMELLIA
+Camellia_ecb_encrypt                    3791	EXIST::FUNCTION:CAMELLIA
+Camellia_encrypt                        3792	EXIST::FUNCTION:CAMELLIA
+Camellia_ofb128_encrypt                 3793	EXIST::FUNCTION:CAMELLIA
+Camellia_set_key                        3794	EXIST::FUNCTION:CAMELLIA
+EVP_camellia_128_cbc                    3795	EXIST::FUNCTION:CAMELLIA
+EVP_camellia_128_cfb128                 3796	EXIST::FUNCTION:CAMELLIA
+EVP_camellia_128_cfb1                   3797	EXIST::FUNCTION:CAMELLIA
+EVP_camellia_128_cfb8                   3798	EXIST::FUNCTION:CAMELLIA
+EVP_camellia_128_ecb                    3799	EXIST::FUNCTION:CAMELLIA
+EVP_camellia_128_ofb                    3800	EXIST::FUNCTION:CAMELLIA
+EVP_camellia_192_cbc                    3801	EXIST::FUNCTION:CAMELLIA
+EVP_camellia_192_cfb128                 3802	EXIST::FUNCTION:CAMELLIA
+EVP_camellia_192_cfb1                   3803	EXIST::FUNCTION:CAMELLIA
+EVP_camellia_192_cfb8                   3804	EXIST::FUNCTION:CAMELLIA
+EVP_camellia_192_ecb                    3805	EXIST::FUNCTION:CAMELLIA
+EVP_camellia_192_ofb                    3806	EXIST::FUNCTION:CAMELLIA
+EVP_camellia_256_cbc                    3807	EXIST::FUNCTION:CAMELLIA
+EVP_camellia_256_cfb128                 3808	EXIST::FUNCTION:CAMELLIA
+EVP_camellia_256_cfb1                   3809	EXIST::FUNCTION:CAMELLIA
+EVP_camellia_256_cfb8                   3810	EXIST::FUNCTION:CAMELLIA
+EVP_camellia_256_ecb                    3811	EXIST::FUNCTION:CAMELLIA
+EVP_camellia_256_ofb                    3812	EXIST::FUNCTION:CAMELLIA
+a2i_ipadd                               3813	EXIST::FUNCTION:
+ASIdentifiers_free                      3814	EXIST::FUNCTION:RFC3779
+i2d_ASIdOrRange                         3815	EXIST::FUNCTION:RFC3779
+EVP_CIPHER_block_size                   3816	EXIST::FUNCTION:
+v3_asid_is_canonical                    3817	EXIST::FUNCTION:RFC3779
+IPAddressChoice_free                    3818	EXIST::FUNCTION:RFC3779
+EVP_CIPHER_CTX_set_app_data             3819	EXIST::FUNCTION:
+BIO_set_callback_arg                    3820	EXIST::FUNCTION:
+v3_addr_add_prefix                      3821	EXIST::FUNCTION:RFC3779
+IPAddressOrRange_it                     3822	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+IPAddressOrRange_it                     3822	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+BIO_set_flags                           3823	EXIST::FUNCTION:
+ASIdentifiers_it                        3824	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+ASIdentifiers_it                        3824	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+v3_addr_get_range                       3825	EXIST::FUNCTION:RFC3779
+BIO_method_type                         3826	EXIST::FUNCTION:
+v3_addr_inherits                        3827	EXIST::FUNCTION:RFC3779
+IPAddressChoice_it                      3828	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+IPAddressChoice_it                      3828	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+AES_ige_encrypt                         3829	EXIST::FUNCTION:AES
+v3_addr_add_range                       3830	EXIST::FUNCTION:RFC3779
+EVP_CIPHER_CTX_nid                      3831	EXIST::FUNCTION:
+d2i_ASRange                             3832	EXIST::FUNCTION:RFC3779
+v3_addr_add_inherit                     3833	EXIST::FUNCTION:RFC3779
+v3_asid_add_id_or_range                 3834	EXIST::FUNCTION:RFC3779
+v3_addr_validate_resource_set           3835	EXIST::FUNCTION:RFC3779
+EVP_CIPHER_iv_length                    3836	EXIST::FUNCTION:
+EVP_MD_type                             3837	EXIST::FUNCTION:
+v3_asid_canonize                        3838	EXIST::FUNCTION:RFC3779
+IPAddressRange_free                     3839	EXIST::FUNCTION:RFC3779
+v3_asid_add_inherit                     3840	EXIST::FUNCTION:RFC3779
+EVP_CIPHER_CTX_key_length               3841	EXIST::FUNCTION:
+IPAddressRange_new                      3842	EXIST::FUNCTION:RFC3779
+ASIdOrRange_new                         3843	EXIST::FUNCTION:RFC3779
+EVP_MD_size                             3844	EXIST::FUNCTION:
+EVP_MD_CTX_test_flags                   3845	EXIST::FUNCTION:
+BIO_clear_flags                         3846	EXIST::FUNCTION:
+i2d_ASRange                             3847	EXIST::FUNCTION:RFC3779
+IPAddressRange_it                       3848	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+IPAddressRange_it                       3848	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+IPAddressChoice_new                     3849	EXIST::FUNCTION:RFC3779
+ASIdentifierChoice_new                  3850	EXIST::FUNCTION:RFC3779
+ASRange_free                            3851	EXIST::FUNCTION:RFC3779
+EVP_MD_pkey_type                        3852	EXIST::FUNCTION:
+EVP_MD_CTX_clear_flags                  3853	EXIST::FUNCTION:
+IPAddressFamily_free                    3854	EXIST::FUNCTION:RFC3779
+i2d_IPAddressFamily                     3855	EXIST::FUNCTION:RFC3779
+IPAddressOrRange_new                    3856	EXIST::FUNCTION:RFC3779
+EVP_CIPHER_flags                        3857	EXIST::FUNCTION:
+v3_asid_validate_resource_set           3858	EXIST::FUNCTION:RFC3779
+d2i_IPAddressRange                      3859	EXIST::FUNCTION:RFC3779
+AES_bi_ige_encrypt                      3860	EXIST::FUNCTION:AES
+BIO_get_callback                        3861	EXIST::FUNCTION:
+IPAddressOrRange_free                   3862	EXIST::FUNCTION:RFC3779
+v3_addr_subset                          3863	EXIST::FUNCTION:RFC3779
+d2i_IPAddressFamily                     3864	EXIST::FUNCTION:RFC3779
+v3_asid_subset                          3865	EXIST::FUNCTION:RFC3779
+BIO_test_flags                          3866	EXIST::FUNCTION:
+i2d_ASIdentifierChoice                  3867	EXIST::FUNCTION:RFC3779
+ASRange_it                              3868	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+ASRange_it                              3868	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+d2i_ASIdentifiers                       3869	EXIST::FUNCTION:RFC3779
+ASRange_new                             3870	EXIST::FUNCTION:RFC3779
+d2i_IPAddressChoice                     3871	EXIST::FUNCTION:RFC3779
+v3_addr_get_afi                         3872	EXIST::FUNCTION:RFC3779
+EVP_CIPHER_key_length                   3873	EXIST::FUNCTION:
+EVP_Cipher                              3874	EXIST::FUNCTION:
+i2d_IPAddressOrRange                    3875	EXIST::FUNCTION:RFC3779
+ASIdOrRange_it                          3876	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+ASIdOrRange_it                          3876	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+EVP_CIPHER_nid                          3877	EXIST::FUNCTION:
+i2d_IPAddressChoice                     3878	EXIST::FUNCTION:RFC3779
+EVP_CIPHER_CTX_block_size               3879	EXIST::FUNCTION:
+ASIdentifiers_new                       3880	EXIST::FUNCTION:RFC3779
+v3_addr_validate_path                   3881	EXIST::FUNCTION:RFC3779
+IPAddressFamily_new                     3882	EXIST::FUNCTION:RFC3779
+EVP_MD_CTX_set_flags                    3883	EXIST::FUNCTION:
+v3_addr_is_canonical                    3884	EXIST::FUNCTION:RFC3779
+i2d_IPAddressRange                      3885	EXIST::FUNCTION:RFC3779
+IPAddressFamily_it                      3886	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+IPAddressFamily_it                      3886	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+v3_asid_inherits                        3887	EXIST::FUNCTION:RFC3779
+EVP_CIPHER_CTX_cipher                   3888	EXIST::FUNCTION:
+EVP_CIPHER_CTX_get_app_data             3889	EXIST::FUNCTION:
+EVP_MD_block_size                       3890	EXIST::FUNCTION:
+EVP_CIPHER_CTX_flags                    3891	EXIST::FUNCTION:
+v3_asid_validate_path                   3892	EXIST::FUNCTION:RFC3779
+d2i_IPAddressOrRange                    3893	EXIST::FUNCTION:RFC3779
+v3_addr_canonize                        3894	EXIST::FUNCTION:RFC3779
+ASIdentifierChoice_it                   3895	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+ASIdentifierChoice_it                   3895	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+EVP_MD_CTX_md                           3896	EXIST::FUNCTION:
+d2i_ASIdentifierChoice                  3897	EXIST::FUNCTION:RFC3779
+BIO_method_name                         3898	EXIST::FUNCTION:
+EVP_CIPHER_CTX_iv_length                3899	EXIST::FUNCTION:
+ASIdOrRange_free                        3900	EXIST::FUNCTION:RFC3779
+ASIdentifierChoice_free                 3901	EXIST::FUNCTION:RFC3779
+BIO_get_callback_arg                    3902	EXIST::FUNCTION:
+BIO_set_callback                        3903	EXIST::FUNCTION:
+d2i_ASIdOrRange                         3904	EXIST::FUNCTION:RFC3779
+i2d_ASIdentifiers                       3905	EXIST::FUNCTION:RFC3779
+CRYPTO_memcmp                           3906	EXIST::FUNCTION:
+BN_consttime_swap                       3907	EXIST::FUNCTION:
+SEED_decrypt                            3908	EXIST::FUNCTION:SEED
+SEED_encrypt                            3909	EXIST::FUNCTION:SEED
+SEED_cbc_encrypt                        3910	EXIST::FUNCTION:SEED
+EVP_seed_ofb                            3911	EXIST::FUNCTION:SEED
+SEED_cfb128_encrypt                     3912	EXIST::FUNCTION:SEED
+SEED_ofb128_encrypt                     3913	EXIST::FUNCTION:SEED
+EVP_seed_cbc                            3914	EXIST::FUNCTION:SEED
+SEED_ecb_encrypt                        3915	EXIST::FUNCTION:SEED
+EVP_seed_ecb                            3916	EXIST::FUNCTION:SEED
+SEED_set_key                            3917	EXIST::FUNCTION:SEED
+EVP_seed_cfb128                         3918	EXIST::FUNCTION:SEED
+X509_EXTENSIONS_it                      3919	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_EXTENSIONS_it                      3919	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_get1_ocsp                          3920	EXIST::FUNCTION:
+OCSP_REQ_CTX_free                       3921	EXIST::FUNCTION:
+i2d_X509_EXTENSIONS                     3922	EXIST::FUNCTION:
+OCSP_sendreq_nbio                       3923	EXIST::FUNCTION:
+OCSP_sendreq_new                        3924	EXIST::FUNCTION:
+d2i_X509_EXTENSIONS                     3925	EXIST::FUNCTION:
+X509_ALGORS_it                          3926	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_ALGORS_it                          3926	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_ALGOR_get0                         3927	EXIST::FUNCTION:
+X509_ALGOR_set0                         3928	EXIST::FUNCTION:
+AES_unwrap_key                          3929	EXIST::FUNCTION:AES
+AES_wrap_key                            3930	EXIST::FUNCTION:AES
+X509at_get0_data_by_OBJ                 3931	EXIST::FUNCTION:
+ASN1_TYPE_set1                          3932	EXIST::FUNCTION:
+ASN1_STRING_set0                        3933	EXIST::FUNCTION:
+i2d_X509_ALGORS                         3934	EXIST::FUNCTION:
+BIO_f_zlib                              3935	EXIST:ZLIB:FUNCTION:COMP
+COMP_zlib_cleanup                       3936	EXIST::FUNCTION:COMP
+d2i_X509_ALGORS                         3937	EXIST::FUNCTION:
+CMS_ReceiptRequest_free                 3938	EXIST::FUNCTION:CMS
+PEM_write_CMS                           3939	EXIST:!WIN16:FUNCTION:CMS
+CMS_add0_CertificateChoices             3940	EXIST::FUNCTION:CMS
+CMS_unsigned_add1_attr_by_OBJ           3941	EXIST::FUNCTION:CMS
+ERR_load_CMS_strings                    3942	EXIST::FUNCTION:CMS
+CMS_sign_receipt                        3943	EXIST::FUNCTION:CMS
+i2d_CMS_ContentInfo                     3944	EXIST::FUNCTION:CMS
+CMS_signed_delete_attr                  3945	EXIST::FUNCTION:CMS
+d2i_CMS_bio                             3946	EXIST::FUNCTION:CMS
+CMS_unsigned_get_attr_by_NID            3947	EXIST::FUNCTION:CMS
+CMS_verify                              3948	EXIST::FUNCTION:CMS
+SMIME_read_CMS                          3949	EXIST::FUNCTION:CMS
+CMS_decrypt_set1_key                    3950	EXIST::FUNCTION:CMS
+CMS_SignerInfo_get0_algs                3951	EXIST::FUNCTION:CMS
+CMS_add1_cert                           3952	EXIST::FUNCTION:CMS
+CMS_set_detached                        3953	EXIST::FUNCTION:CMS
+CMS_encrypt                             3954	EXIST::FUNCTION:CMS
+CMS_EnvelopedData_create                3955	EXIST::FUNCTION:CMS
+CMS_uncompress                          3956	EXIST::FUNCTION:CMS
+CMS_add0_crl                            3957	EXIST::FUNCTION:CMS
+CMS_SignerInfo_verify_content           3958	EXIST::FUNCTION:CMS
+CMS_unsigned_get0_data_by_OBJ           3959	EXIST::FUNCTION:CMS
+PEM_write_bio_CMS                       3960	EXIST::FUNCTION:CMS
+CMS_unsigned_get_attr                   3961	EXIST::FUNCTION:CMS
+CMS_RecipientInfo_ktri_cert_cmp         3962	EXIST::FUNCTION:CMS
+CMS_RecipientInfo_ktri_get0_algs        3963	EXIST:!VMS:FUNCTION:CMS
+CMS_RecipInfo_ktri_get0_algs            3963	EXIST:VMS:FUNCTION:CMS
+CMS_ContentInfo_free                    3964	EXIST::FUNCTION:CMS
+CMS_final                               3965	EXIST::FUNCTION:CMS
+CMS_add_simple_smimecap                 3966	EXIST::FUNCTION:CMS
+CMS_SignerInfo_verify                   3967	EXIST::FUNCTION:CMS
+CMS_data                                3968	EXIST::FUNCTION:CMS
+CMS_ContentInfo_it                      3969	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMS
+CMS_ContentInfo_it                      3969	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CMS
+d2i_CMS_ReceiptRequest                  3970	EXIST::FUNCTION:CMS
+CMS_compress                            3971	EXIST::FUNCTION:CMS
+CMS_digest_create                       3972	EXIST::FUNCTION:CMS
+CMS_SignerInfo_cert_cmp                 3973	EXIST::FUNCTION:CMS
+CMS_SignerInfo_sign                     3974	EXIST::FUNCTION:CMS
+CMS_data_create                         3975	EXIST::FUNCTION:CMS
+i2d_CMS_bio                             3976	EXIST::FUNCTION:CMS
+CMS_EncryptedData_set1_key              3977	EXIST::FUNCTION:CMS
+CMS_decrypt                             3978	EXIST::FUNCTION:CMS
+int_smime_write_ASN1                    3979	NOEXIST::FUNCTION:
+CMS_unsigned_delete_attr                3980	EXIST::FUNCTION:CMS
+CMS_unsigned_get_attr_count             3981	EXIST::FUNCTION:CMS
+CMS_add_smimecap                        3982	EXIST::FUNCTION:CMS
+PEM_read_CMS                            3983	EXIST:!WIN16:FUNCTION:CMS
+CMS_signed_get_attr_by_OBJ              3984	EXIST::FUNCTION:CMS
+d2i_CMS_ContentInfo                     3985	EXIST::FUNCTION:CMS
+CMS_add_standard_smimecap               3986	EXIST::FUNCTION:CMS
+CMS_ContentInfo_new                     3987	EXIST::FUNCTION:CMS
+CMS_RecipientInfo_type                  3988	EXIST::FUNCTION:CMS
+CMS_get0_type                           3989	EXIST::FUNCTION:CMS
+CMS_is_detached                         3990	EXIST::FUNCTION:CMS
+CMS_sign                                3991	EXIST::FUNCTION:CMS
+CMS_signed_add1_attr                    3992	EXIST::FUNCTION:CMS
+CMS_unsigned_get_attr_by_OBJ            3993	EXIST::FUNCTION:CMS
+SMIME_write_CMS                         3994	EXIST::FUNCTION:CMS
+CMS_EncryptedData_decrypt               3995	EXIST::FUNCTION:CMS
+CMS_get0_RecipientInfos                 3996	EXIST::FUNCTION:CMS
+CMS_add0_RevocationInfoChoice           3997	EXIST::FUNCTION:CMS
+CMS_decrypt_set1_pkey                   3998	EXIST::FUNCTION:CMS
+CMS_SignerInfo_set1_signer_cert         3999	EXIST::FUNCTION:CMS
+CMS_get0_signers                        4000	EXIST::FUNCTION:CMS
+CMS_ReceiptRequest_get0_values          4001	EXIST::FUNCTION:CMS
+CMS_signed_get0_data_by_OBJ             4002	EXIST::FUNCTION:CMS
+CMS_get0_SignerInfos                    4003	EXIST::FUNCTION:CMS
+CMS_add0_cert                           4004	EXIST::FUNCTION:CMS
+CMS_EncryptedData_encrypt               4005	EXIST::FUNCTION:CMS
+CMS_digest_verify                       4006	EXIST::FUNCTION:CMS
+CMS_set1_signers_certs                  4007	EXIST::FUNCTION:CMS
+CMS_signed_get_attr                     4008	EXIST::FUNCTION:CMS
+CMS_RecipientInfo_set0_key              4009	EXIST::FUNCTION:CMS
+CMS_SignedData_init                     4010	EXIST::FUNCTION:CMS
+CMS_RecipientInfo_kekri_get0_id         4011	EXIST::FUNCTION:CMS
+CMS_verify_receipt                      4012	EXIST::FUNCTION:CMS
+CMS_ReceiptRequest_it                   4013	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMS
+CMS_ReceiptRequest_it                   4013	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CMS
+PEM_read_bio_CMS                        4014	EXIST::FUNCTION:CMS
+CMS_get1_crls                           4015	EXIST::FUNCTION:CMS
+CMS_add0_recipient_key                  4016	EXIST::FUNCTION:CMS
+SMIME_read_ASN1                         4017	EXIST::FUNCTION:
+CMS_ReceiptRequest_new                  4018	EXIST::FUNCTION:CMS
+CMS_get0_content                        4019	EXIST::FUNCTION:CMS
+CMS_get1_ReceiptRequest                 4020	EXIST::FUNCTION:CMS
+CMS_signed_add1_attr_by_OBJ             4021	EXIST::FUNCTION:CMS
+CMS_RecipientInfo_kekri_id_cmp          4022	EXIST::FUNCTION:CMS
+CMS_add1_ReceiptRequest                 4023	EXIST::FUNCTION:CMS
+CMS_SignerInfo_get0_signer_id           4024	EXIST::FUNCTION:CMS
+CMS_unsigned_add1_attr_by_NID           4025	EXIST::FUNCTION:CMS
+CMS_unsigned_add1_attr                  4026	EXIST::FUNCTION:CMS
+CMS_signed_get_attr_by_NID              4027	EXIST::FUNCTION:CMS
+CMS_get1_certs                          4028	EXIST::FUNCTION:CMS
+CMS_signed_add1_attr_by_NID             4029	EXIST::FUNCTION:CMS
+CMS_unsigned_add1_attr_by_txt           4030	EXIST::FUNCTION:CMS
+CMS_dataFinal                           4031	EXIST::FUNCTION:CMS
+CMS_RecipientInfo_ktri_get0_signer_id   4032	EXIST:!VMS:FUNCTION:CMS
+CMS_RecipInfo_ktri_get0_sigr_id         4032	EXIST:VMS:FUNCTION:CMS
+i2d_CMS_ReceiptRequest                  4033	EXIST::FUNCTION:CMS
+CMS_add1_recipient_cert                 4034	EXIST::FUNCTION:CMS
+CMS_dataInit                            4035	EXIST::FUNCTION:CMS
+CMS_signed_add1_attr_by_txt             4036	EXIST::FUNCTION:CMS
+CMS_RecipientInfo_decrypt               4037	EXIST::FUNCTION:CMS
+CMS_signed_get_attr_count               4038	EXIST::FUNCTION:CMS
+CMS_get0_eContentType                   4039	EXIST::FUNCTION:CMS
+CMS_set1_eContentType                   4040	EXIST::FUNCTION:CMS
+CMS_ReceiptRequest_create0              4041	EXIST::FUNCTION:CMS
+CMS_add1_signer                         4042	EXIST::FUNCTION:CMS
+CMS_RecipientInfo_set0_pkey             4043	EXIST::FUNCTION:CMS
+ENGINE_set_load_ssl_client_cert_function 4044	EXIST:!VMS:FUNCTION:ENGINE
+ENGINE_set_ld_ssl_clnt_cert_fn          4044	EXIST:VMS:FUNCTION:ENGINE
+ENGINE_get_ssl_client_cert_function     4045	EXIST:!VMS:FUNCTION:ENGINE
+ENGINE_get_ssl_client_cert_fn           4045	EXIST:VMS:FUNCTION:ENGINE
+ENGINE_load_ssl_client_cert             4046	EXIST::FUNCTION:ENGINE
+ENGINE_load_capi                        4047	EXIST::FUNCTION:ENGINE,STATIC_ENGINE
+OPENSSL_isservice                       4048	EXIST::FUNCTION:
+FIPS_dsa_sig_decode                     4049	NOEXIST::FUNCTION:
+EVP_CIPHER_CTX_clear_flags              4050	EXIST::FUNCTION:
+FIPS_rand_status                        4051	NOEXIST::FUNCTION:
+FIPS_rand_set_key                       4052	NOEXIST::FUNCTION:
+CRYPTO_set_mem_info_functions           4053	NOEXIST::FUNCTION:
+RSA_X931_generate_key_ex                4054	NOEXIST::FUNCTION:
+int_ERR_set_state_func                  4055	NOEXIST::FUNCTION:
+int_EVP_MD_set_engine_callbacks         4056	NOEXIST::FUNCTION:
+int_CRYPTO_set_do_dynlock_callback      4057	NOEXIST::FUNCTION:
+FIPS_rng_stick                          4058	NOEXIST::FUNCTION:
+EVP_CIPHER_CTX_set_flags                4059	EXIST::FUNCTION:
+BN_X931_generate_prime_ex               4060	EXIST::FUNCTION:
+FIPS_selftest_check                     4061	NOEXIST::FUNCTION:
+FIPS_rand_set_dt                        4062	NOEXIST::FUNCTION:
+CRYPTO_dbg_pop_info                     4063	NOEXIST::FUNCTION:
+FIPS_dsa_free                           4064	NOEXIST::FUNCTION:
+RSA_X931_derive_ex                      4065	NOEXIST::FUNCTION:
+FIPS_rsa_new                            4066	NOEXIST::FUNCTION:
+FIPS_rand_bytes                         4067	NOEXIST::FUNCTION:
+fips_cipher_test                        4068	NOEXIST::FUNCTION:
+EVP_CIPHER_CTX_test_flags               4069	EXIST::FUNCTION:
+CRYPTO_malloc_debug_init                4070	NOEXIST::FUNCTION:
+CRYPTO_dbg_push_info                    4071	NOEXIST::FUNCTION:
+FIPS_corrupt_rsa_keygen                 4072	NOEXIST::FUNCTION:
+FIPS_dh_new                             4073	NOEXIST::FUNCTION:
+FIPS_corrupt_dsa_keygen                 4074	NOEXIST::FUNCTION:
+FIPS_dh_free                            4075	NOEXIST::FUNCTION:
+fips_pkey_signature_test                4076	NOEXIST::FUNCTION:
+EVP_add_alg_module                      4077	EXIST::FUNCTION:
+int_RAND_init_engine_callbacks          4078	NOEXIST::FUNCTION:
+int_EVP_CIPHER_set_engine_callbacks     4079	NOEXIST::FUNCTION:
+int_EVP_MD_init_engine_callbacks        4080	NOEXIST::FUNCTION:
+FIPS_rand_test_mode                     4081	NOEXIST::FUNCTION:
+FIPS_rand_reset                         4082	NOEXIST::FUNCTION:
+FIPS_dsa_new                            4083	NOEXIST::FUNCTION:
+int_RAND_set_callbacks                  4084	NOEXIST::FUNCTION:
+BN_X931_derive_prime_ex                 4085	EXIST::FUNCTION:
+int_ERR_lib_init                        4086	NOEXIST::FUNCTION:
+int_EVP_CIPHER_init_engine_callbacks    4087	NOEXIST::FUNCTION:
+FIPS_rsa_free                           4088	NOEXIST::FUNCTION:
+FIPS_dsa_sig_encode                     4089	NOEXIST::FUNCTION:
+CRYPTO_dbg_remove_all_info              4090	NOEXIST::FUNCTION:
+OPENSSL_init                            4091	EXIST::FUNCTION:
+private_Camellia_set_key                4092	EXIST:OPENSSL_FIPS:FUNCTION:CAMELLIA
+CRYPTO_strdup                           4093	EXIST::FUNCTION:
+JPAKE_STEP3A_process                    4094	EXIST::FUNCTION:JPAKE
+JPAKE_STEP1_release                     4095	EXIST::FUNCTION:JPAKE
+JPAKE_get_shared_key                    4096	EXIST::FUNCTION:JPAKE
+JPAKE_STEP3B_init                       4097	EXIST::FUNCTION:JPAKE
+JPAKE_STEP1_generate                    4098	EXIST::FUNCTION:JPAKE
+JPAKE_STEP1_init                        4099	EXIST::FUNCTION:JPAKE
+JPAKE_STEP3B_process                    4100	EXIST::FUNCTION:JPAKE
+JPAKE_STEP2_generate                    4101	EXIST::FUNCTION:JPAKE
+JPAKE_CTX_new                           4102	EXIST::FUNCTION:JPAKE
+JPAKE_CTX_free                          4103	EXIST::FUNCTION:JPAKE
+JPAKE_STEP3B_release                    4104	EXIST::FUNCTION:JPAKE
+JPAKE_STEP3A_release                    4105	EXIST::FUNCTION:JPAKE
+JPAKE_STEP2_process                     4106	EXIST::FUNCTION:JPAKE
+JPAKE_STEP3B_generate                   4107	EXIST::FUNCTION:JPAKE
+JPAKE_STEP1_process                     4108	EXIST::FUNCTION:JPAKE
+JPAKE_STEP3A_generate                   4109	EXIST::FUNCTION:JPAKE
+JPAKE_STEP2_release                     4110	EXIST::FUNCTION:JPAKE
+JPAKE_STEP3A_init                       4111	EXIST::FUNCTION:JPAKE
+ERR_load_JPAKE_strings                  4112	EXIST::FUNCTION:JPAKE
+JPAKE_STEP2_init                        4113	EXIST::FUNCTION:JPAKE
+pqueue_size                             4114	EXIST::FUNCTION:
+i2d_TS_ACCURACY                         4115	EXIST::FUNCTION:
+i2d_TS_MSG_IMPRINT_fp                   4116	EXIST::FUNCTION:
+i2d_TS_MSG_IMPRINT                      4117	EXIST::FUNCTION:
+EVP_PKEY_print_public                   4118	EXIST::FUNCTION:
+EVP_PKEY_CTX_new                        4119	EXIST::FUNCTION:
+i2d_TS_TST_INFO                         4120	EXIST::FUNCTION:
+EVP_PKEY_asn1_find                      4121	EXIST::FUNCTION:
+DSO_METHOD_beos                         4122	EXIST::FUNCTION:
+TS_CONF_load_cert                       4123	EXIST::FUNCTION:
+TS_REQ_get_ext                          4124	EXIST::FUNCTION:
+EVP_PKEY_sign_init                      4125	EXIST::FUNCTION:
+ASN1_item_print                         4126	EXIST::FUNCTION:
+TS_TST_INFO_set_nonce                   4127	EXIST::FUNCTION:
+TS_RESP_dup                             4128	EXIST::FUNCTION:
+ENGINE_register_pkey_meths              4129	EXIST::FUNCTION:ENGINE
+EVP_PKEY_asn1_add0                      4130	EXIST::FUNCTION:
+PKCS7_add0_attrib_signing_time          4131	EXIST::FUNCTION:
+i2d_TS_TST_INFO_fp                      4132	EXIST::FUNCTION:
+BIO_asn1_get_prefix                     4133	EXIST::FUNCTION:
+TS_TST_INFO_set_time                    4134	EXIST::FUNCTION:
+EVP_PKEY_meth_set_decrypt               4135	EXIST::FUNCTION:
+EVP_PKEY_set_type_str                   4136	EXIST::FUNCTION:
+EVP_PKEY_CTX_get_keygen_info            4137	EXIST::FUNCTION:
+TS_REQ_set_policy_id                    4138	EXIST::FUNCTION:
+d2i_TS_RESP_fp                          4139	EXIST::FUNCTION:
+ENGINE_get_pkey_asn1_meth_engine        4140	EXIST:!VMS:FUNCTION:ENGINE
+ENGINE_get_pkey_asn1_meth_eng           4140	EXIST:VMS:FUNCTION:ENGINE
+WHIRLPOOL_Init                          4141	EXIST:!VMSVAX:FUNCTION:WHIRLPOOL
+TS_RESP_set_status_info                 4142	EXIST::FUNCTION:
+EVP_PKEY_keygen                         4143	EXIST::FUNCTION:
+EVP_DigestSignInit                      4144	EXIST::FUNCTION:
+TS_ACCURACY_set_millis                  4145	EXIST::FUNCTION:
+TS_REQ_dup                              4146	EXIST::FUNCTION:
+GENERAL_NAME_dup                        4147	EXIST::FUNCTION:
+ASN1_SEQUENCE_ANY_it                    4148	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_SEQUENCE_ANY_it                    4148	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+WHIRLPOOL                               4149	EXIST:!VMSVAX:FUNCTION:WHIRLPOOL
+X509_STORE_get1_crls                    4150	EXIST::FUNCTION:
+ENGINE_get_pkey_asn1_meth               4151	EXIST::FUNCTION:ENGINE
+EVP_PKEY_asn1_new                       4152	EXIST::FUNCTION:
+BIO_new_NDEF                            4153	EXIST::FUNCTION:
+ENGINE_get_pkey_meth                    4154	EXIST::FUNCTION:ENGINE
+TS_MSG_IMPRINT_set_algo                 4155	EXIST::FUNCTION:
+i2d_TS_TST_INFO_bio                     4156	EXIST::FUNCTION:
+TS_TST_INFO_set_ordering                4157	EXIST::FUNCTION:
+TS_TST_INFO_get_ext_by_OBJ              4158	EXIST::FUNCTION:
+CRYPTO_THREADID_set_pointer             4159	EXIST::FUNCTION:
+TS_CONF_get_tsa_section                 4160	EXIST::FUNCTION:
+SMIME_write_ASN1                        4161	EXIST::FUNCTION:
+TS_RESP_CTX_set_signer_key              4162	EXIST::FUNCTION:
+EVP_PKEY_encrypt_old                    4163	EXIST::FUNCTION:
+EVP_PKEY_encrypt_init                   4164	EXIST::FUNCTION:
+CRYPTO_THREADID_cpy                     4165	EXIST::FUNCTION:
+ASN1_PCTX_get_cert_flags                4166	EXIST::FUNCTION:
+i2d_ESS_SIGNING_CERT                    4167	EXIST::FUNCTION:
+TS_CONF_load_key                        4168	EXIST::FUNCTION:
+i2d_ASN1_SEQUENCE_ANY                   4169	EXIST::FUNCTION:
+d2i_TS_MSG_IMPRINT_bio                  4170	EXIST::FUNCTION:
+EVP_PKEY_asn1_set_public                4171	EXIST::FUNCTION:
+b2i_PublicKey_bio                       4172	EXIST::FUNCTION:
+BIO_asn1_set_prefix                     4173	EXIST::FUNCTION:
+EVP_PKEY_new_mac_key                    4174	EXIST::FUNCTION:
+BIO_new_CMS                             4175	EXIST::FUNCTION:CMS
+CRYPTO_THREADID_cmp                     4176	EXIST::FUNCTION:
+TS_REQ_ext_free                         4177	EXIST::FUNCTION:
+EVP_PKEY_asn1_set_free                  4178	EXIST::FUNCTION:
+EVP_PKEY_get0_asn1                      4179	EXIST::FUNCTION:
+d2i_NETSCAPE_X509                       4180	EXIST::FUNCTION:
+EVP_PKEY_verify_recover_init            4181	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_data                   4182	EXIST::FUNCTION:
+EVP_PKEY_keygen_init                    4183	EXIST::FUNCTION:
+TS_RESP_CTX_set_status_info             4184	EXIST::FUNCTION:
+TS_MSG_IMPRINT_get_algo                 4185	EXIST::FUNCTION:
+TS_REQ_print_bio                        4186	EXIST::FUNCTION:
+EVP_PKEY_CTX_ctrl_str                   4187	EXIST::FUNCTION:
+EVP_PKEY_get_default_digest_nid         4188	EXIST::FUNCTION:
+PEM_write_bio_PKCS7_stream              4189	EXIST::FUNCTION:
+TS_MSG_IMPRINT_print_bio                4190	EXIST::FUNCTION:
+BN_asc2bn                               4191	EXIST::FUNCTION:
+TS_REQ_get_policy_id                    4192	EXIST::FUNCTION:
+ENGINE_set_default_pkey_asn1_meths      4193	EXIST:!VMS:FUNCTION:ENGINE
+ENGINE_set_def_pkey_asn1_meths          4193	EXIST:VMS:FUNCTION:ENGINE
+d2i_TS_ACCURACY                         4194	EXIST::FUNCTION:
+DSO_global_lookup                       4195	EXIST::FUNCTION:
+TS_CONF_set_tsa_name                    4196	EXIST::FUNCTION:
+i2d_ASN1_SET_ANY                        4197	EXIST::FUNCTION:
+ENGINE_load_gost                        4198	EXIST::FUNCTION:ENGINE,GOST,STATIC_ENGINE
+WHIRLPOOL_BitUpdate                     4199	EXIST:!VMSVAX:FUNCTION:WHIRLPOOL
+ASN1_PCTX_get_flags                     4200	EXIST::FUNCTION:
+TS_TST_INFO_get_ext_by_NID              4201	EXIST::FUNCTION:
+TS_RESP_new                             4202	EXIST::FUNCTION:
+ESS_CERT_ID_dup                         4203	EXIST::FUNCTION:
+TS_STATUS_INFO_dup                      4204	EXIST::FUNCTION:
+TS_REQ_delete_ext                       4205	EXIST::FUNCTION:
+EVP_DigestVerifyFinal                   4206	EXIST::FUNCTION:
+EVP_PKEY_print_params                   4207	EXIST::FUNCTION:
+i2d_CMS_bio_stream                      4208	EXIST::FUNCTION:CMS
+TS_REQ_get_msg_imprint                  4209	EXIST::FUNCTION:
+OBJ_find_sigid_by_algs                  4210	EXIST::FUNCTION:
+TS_TST_INFO_get_serial                  4211	EXIST::FUNCTION:
+TS_REQ_get_nonce                        4212	EXIST::FUNCTION:
+X509_PUBKEY_set0_param                  4213	EXIST::FUNCTION:
+EVP_PKEY_CTX_set0_keygen_info           4214	EXIST::FUNCTION:
+DIST_POINT_set_dpname                   4215	EXIST::FUNCTION:
+i2d_ISSUING_DIST_POINT                  4216	EXIST::FUNCTION:
+ASN1_SET_ANY_it                         4217	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_SET_ANY_it                         4217	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_PKEY_CTX_get_data                   4218	EXIST::FUNCTION:
+TS_STATUS_INFO_print_bio                4219	EXIST::FUNCTION:
+EVP_PKEY_derive_init                    4220	EXIST::FUNCTION:
+d2i_TS_TST_INFO                         4221	EXIST::FUNCTION:
+EVP_PKEY_asn1_add_alias                 4222	EXIST::FUNCTION:
+d2i_TS_RESP_bio                         4223	EXIST::FUNCTION:
+OTHERNAME_cmp                           4224	EXIST::FUNCTION:
+GENERAL_NAME_set0_value                 4225	EXIST::FUNCTION:
+PKCS7_RECIP_INFO_get0_alg               4226	EXIST::FUNCTION:
+TS_RESP_CTX_new                         4227	EXIST::FUNCTION:
+TS_RESP_set_tst_info                    4228	EXIST::FUNCTION:
+PKCS7_final                             4229	EXIST::FUNCTION:
+EVP_PKEY_base_id                        4230	EXIST::FUNCTION:
+TS_RESP_CTX_set_signer_cert             4231	EXIST::FUNCTION:
+TS_REQ_set_msg_imprint                  4232	EXIST::FUNCTION:
+EVP_PKEY_CTX_ctrl                       4233	EXIST::FUNCTION:
+TS_CONF_set_digests                     4234	EXIST::FUNCTION:
+d2i_TS_MSG_IMPRINT                      4235	EXIST::FUNCTION:
+EVP_PKEY_meth_set_ctrl                  4236	EXIST::FUNCTION:
+TS_REQ_get_ext_by_NID                   4237	EXIST::FUNCTION:
+PKCS5_pbe_set0_algor                    4238	EXIST::FUNCTION:
+BN_BLINDING_thread_id                   4239	EXIST::FUNCTION:
+TS_ACCURACY_new                         4240	EXIST::FUNCTION:
+X509_CRL_METHOD_free                    4241	EXIST::FUNCTION:
+ASN1_PCTX_get_nm_flags                  4242	EXIST::FUNCTION:
+EVP_PKEY_meth_set_sign                  4243	EXIST::FUNCTION:
+CRYPTO_THREADID_current                 4244	EXIST::FUNCTION:
+EVP_PKEY_decrypt_init                   4245	EXIST::FUNCTION:
+NETSCAPE_X509_free                      4246	EXIST::FUNCTION:
+i2b_PVK_bio                             4247	EXIST::FUNCTION:RC4
+EVP_PKEY_print_private                  4248	EXIST::FUNCTION:
+GENERAL_NAME_get0_value                 4249	EXIST::FUNCTION:
+b2i_PVK_bio                             4250	EXIST::FUNCTION:RC4
+ASN1_UTCTIME_adj                        4251	EXIST::FUNCTION:
+TS_TST_INFO_new                         4252	EXIST::FUNCTION:
+EVP_MD_do_all_sorted                    4253	EXIST::FUNCTION:
+TS_CONF_set_default_engine              4254	EXIST::FUNCTION:
+TS_ACCURACY_set_seconds                 4255	EXIST::FUNCTION:
+TS_TST_INFO_get_time                    4256	EXIST::FUNCTION:
+PKCS8_pkey_get0                         4257	EXIST::FUNCTION:
+EVP_PKEY_asn1_get0                      4258	EXIST::FUNCTION:
+OBJ_add_sigid                           4259	EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_sign                  4260	EXIST::FUNCTION:
+EVP_PKEY_paramgen_init                  4261	EXIST::FUNCTION:
+EVP_PKEY_sign                           4262	EXIST::FUNCTION:
+OBJ_sigid_free                          4263	EXIST::FUNCTION:
+EVP_PKEY_meth_set_init                  4264	EXIST::FUNCTION:
+d2i_ESS_ISSUER_SERIAL                   4265	EXIST::FUNCTION:
+ISSUING_DIST_POINT_new                  4266	EXIST::FUNCTION:
+ASN1_TIME_adj                           4267	EXIST::FUNCTION:
+TS_OBJ_print_bio                        4268	EXIST::FUNCTION:
+EVP_PKEY_meth_set_verify_recover        4269	EXIST:!VMS:FUNCTION:
+EVP_PKEY_meth_set_vrfy_recover          4269	EXIST:VMS:FUNCTION:
+TS_RESP_get_status_info                 4270	EXIST::FUNCTION:
+CMS_stream                              4271	EXIST::FUNCTION:CMS
+EVP_PKEY_CTX_set_cb                     4272	EXIST::FUNCTION:
+PKCS7_to_TS_TST_INFO                    4273	EXIST::FUNCTION:
+ASN1_PCTX_get_oid_flags                 4274	EXIST::FUNCTION:
+TS_TST_INFO_add_ext                     4275	EXIST::FUNCTION:
+EVP_PKEY_meth_set_derive                4276	EXIST::FUNCTION:
+i2d_TS_RESP_fp                          4277	EXIST::FUNCTION:
+i2d_TS_MSG_IMPRINT_bio                  4278	EXIST::FUNCTION:
+TS_RESP_CTX_set_accuracy                4279	EXIST::FUNCTION:
+TS_REQ_set_nonce                        4280	EXIST::FUNCTION:
+ESS_CERT_ID_new                         4281	EXIST::FUNCTION:
+ENGINE_pkey_asn1_find_str               4282	EXIST::FUNCTION:ENGINE
+TS_REQ_get_ext_count                    4283	EXIST::FUNCTION:
+BUF_reverse                             4284	EXIST::FUNCTION:
+TS_TST_INFO_print_bio                   4285	EXIST::FUNCTION:
+d2i_ISSUING_DIST_POINT                  4286	EXIST::FUNCTION:
+ENGINE_get_pkey_meths                   4287	EXIST::FUNCTION:ENGINE
+i2b_PrivateKey_bio                      4288	EXIST::FUNCTION:
+i2d_TS_RESP                             4289	EXIST::FUNCTION:
+b2i_PublicKey                           4290	EXIST::FUNCTION:
+TS_VERIFY_CTX_cleanup                   4291	EXIST::FUNCTION:
+TS_STATUS_INFO_free                     4292	EXIST::FUNCTION:
+TS_RESP_verify_token                    4293	EXIST::FUNCTION:
+OBJ_bsearch_ex_                         4294	EXIST::FUNCTION:
+ASN1_bn_print                           4295	EXIST::FUNCTION:BIO
+EVP_PKEY_asn1_get_count                 4296	EXIST::FUNCTION:
+ENGINE_register_pkey_asn1_meths         4297	EXIST::FUNCTION:ENGINE
+ASN1_PCTX_set_nm_flags                  4298	EXIST::FUNCTION:
+EVP_DigestVerifyInit                    4299	EXIST::FUNCTION:
+ENGINE_set_default_pkey_meths           4300	EXIST::FUNCTION:ENGINE
+TS_TST_INFO_get_policy_id               4301	EXIST::FUNCTION:
+TS_REQ_get_cert_req                     4302	EXIST::FUNCTION:
+X509_CRL_set_meth_data                  4303	EXIST::FUNCTION:
+PKCS8_pkey_set0                         4304	EXIST::FUNCTION:
+ASN1_STRING_copy                        4305	EXIST::FUNCTION:
+d2i_TS_TST_INFO_fp                      4306	EXIST::FUNCTION:
+X509_CRL_match                          4307	EXIST::FUNCTION:
+EVP_PKEY_asn1_set_private               4308	EXIST::FUNCTION:
+TS_TST_INFO_get_ext_d2i                 4309	EXIST::FUNCTION:
+TS_RESP_CTX_add_policy                  4310	EXIST::FUNCTION:
+d2i_TS_RESP                             4311	EXIST::FUNCTION:
+TS_CONF_load_certs                      4312	EXIST::FUNCTION:
+TS_TST_INFO_get_msg_imprint             4313	EXIST::FUNCTION:
+ERR_load_TS_strings                     4314	EXIST::FUNCTION:
+TS_TST_INFO_get_version                 4315	EXIST::FUNCTION:
+EVP_PKEY_CTX_dup                        4316	EXIST::FUNCTION:
+EVP_PKEY_meth_set_verify                4317	EXIST::FUNCTION:
+i2b_PublicKey_bio                       4318	EXIST::FUNCTION:
+TS_CONF_set_certs                       4319	EXIST::FUNCTION:
+EVP_PKEY_asn1_get0_info                 4320	EXIST::FUNCTION:
+TS_VERIFY_CTX_free                      4321	EXIST::FUNCTION:
+TS_REQ_get_ext_by_critical              4322	EXIST::FUNCTION:
+TS_RESP_CTX_set_serial_cb               4323	EXIST::FUNCTION:
+X509_CRL_get_meth_data                  4324	EXIST::FUNCTION:
+TS_RESP_CTX_set_time_cb                 4325	EXIST::FUNCTION:
+TS_MSG_IMPRINT_get_msg                  4326	EXIST::FUNCTION:
+TS_TST_INFO_ext_free                    4327	EXIST::FUNCTION:
+TS_REQ_get_version                      4328	EXIST::FUNCTION:
+TS_REQ_add_ext                          4329	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_app_data               4330	EXIST::FUNCTION:
+OBJ_bsearch_                            4331	EXIST::FUNCTION:
+EVP_PKEY_meth_set_verifyctx             4332	EXIST::FUNCTION:
+i2d_PKCS7_bio_stream                    4333	EXIST::FUNCTION:
+CRYPTO_THREADID_set_numeric             4334	EXIST::FUNCTION:
+PKCS7_sign_add_signer                   4335	EXIST::FUNCTION:
+d2i_TS_TST_INFO_bio                     4336	EXIST::FUNCTION:
+TS_TST_INFO_get_ordering                4337	EXIST::FUNCTION:
+TS_RESP_print_bio                       4338	EXIST::FUNCTION:
+TS_TST_INFO_get_exts                    4339	EXIST::FUNCTION:
+HMAC_CTX_copy                           4340	EXIST::FUNCTION:HMAC
+PKCS5_pbe2_set_iv                       4341	EXIST::FUNCTION:
+ENGINE_get_pkey_asn1_meths              4342	EXIST::FUNCTION:ENGINE
+b2i_PrivateKey                          4343	EXIST::FUNCTION:
+EVP_PKEY_CTX_get_app_data               4344	EXIST::FUNCTION:
+TS_REQ_set_cert_req                     4345	EXIST::FUNCTION:
+CRYPTO_THREADID_set_callback            4346	EXIST::FUNCTION:
+TS_CONF_set_serial                      4347	EXIST::FUNCTION:
+TS_TST_INFO_free                        4348	EXIST::FUNCTION:
+d2i_TS_REQ_fp                           4349	EXIST::FUNCTION:
+TS_RESP_verify_response                 4350	EXIST::FUNCTION:
+i2d_ESS_ISSUER_SERIAL                   4351	EXIST::FUNCTION:
+TS_ACCURACY_get_seconds                 4352	EXIST::FUNCTION:
+EVP_CIPHER_do_all                       4353	EXIST::FUNCTION:
+b2i_PrivateKey_bio                      4354	EXIST::FUNCTION:
+OCSP_CERTID_dup                         4355	EXIST::FUNCTION:
+X509_PUBKEY_get0_param                  4356	EXIST::FUNCTION:
+TS_MSG_IMPRINT_dup                      4357	EXIST::FUNCTION:
+PKCS7_print_ctx                         4358	EXIST::FUNCTION:
+i2d_TS_REQ_bio                          4359	EXIST::FUNCTION:
+EVP_whirlpool                           4360	EXIST:!VMSVAX:FUNCTION:WHIRLPOOL
+EVP_PKEY_asn1_set_param                 4361	EXIST::FUNCTION:
+EVP_PKEY_meth_set_encrypt               4362	EXIST::FUNCTION:
+ASN1_PCTX_set_flags                     4363	EXIST::FUNCTION:
+i2d_ESS_CERT_ID                         4364	EXIST::FUNCTION:
+TS_VERIFY_CTX_new                       4365	EXIST::FUNCTION:
+TS_RESP_CTX_set_extension_cb            4366	EXIST::FUNCTION:
+ENGINE_register_all_pkey_meths          4367	EXIST::FUNCTION:ENGINE
+TS_RESP_CTX_set_status_info_cond        4368	EXIST:!VMS:FUNCTION:
+TS_RESP_CTX_set_stat_info_cond          4368	EXIST:VMS:FUNCTION:
+EVP_PKEY_verify                         4369	EXIST::FUNCTION:
+WHIRLPOOL_Final                         4370	EXIST:!VMSVAX:FUNCTION:WHIRLPOOL
+X509_CRL_METHOD_new                     4371	EXIST::FUNCTION:
+EVP_DigestSignFinal                     4372	EXIST::FUNCTION:
+TS_RESP_CTX_set_def_policy              4373	EXIST::FUNCTION:
+NETSCAPE_X509_it                        4374	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NETSCAPE_X509_it                        4374	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+TS_RESP_create_response                 4375	EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_get0_algs             4376	EXIST::FUNCTION:
+TS_TST_INFO_get_nonce                   4377	EXIST::FUNCTION:
+EVP_PKEY_decrypt_old                    4378	EXIST::FUNCTION:
+TS_TST_INFO_set_policy_id               4379	EXIST::FUNCTION:
+TS_CONF_set_ess_cert_id_chain           4380	EXIST::FUNCTION:
+EVP_PKEY_CTX_get0_pkey                  4381	EXIST::FUNCTION:
+d2i_TS_REQ                              4382	EXIST::FUNCTION:
+EVP_PKEY_asn1_find_str                  4383	EXIST::FUNCTION:
+BIO_f_asn1                              4384	EXIST::FUNCTION:
+ESS_SIGNING_CERT_new                    4385	EXIST::FUNCTION:
+EVP_PBE_find                            4386	EXIST::FUNCTION:
+X509_CRL_get0_by_cert                   4387	EXIST::FUNCTION:
+EVP_PKEY_derive                         4388	EXIST::FUNCTION:
+i2d_TS_REQ                              4389	EXIST::FUNCTION:
+TS_TST_INFO_delete_ext                  4390	EXIST::FUNCTION:
+ESS_ISSUER_SERIAL_free                  4391	EXIST::FUNCTION:
+ASN1_PCTX_set_str_flags                 4392	EXIST::FUNCTION:
+ENGINE_get_pkey_asn1_meth_str           4393	EXIST::FUNCTION:ENGINE
+TS_CONF_set_signer_key                  4394	EXIST::FUNCTION:
+TS_ACCURACY_get_millis                  4395	EXIST::FUNCTION:
+TS_RESP_get_token                       4396	EXIST::FUNCTION:
+TS_ACCURACY_dup                         4397	EXIST::FUNCTION:
+ENGINE_register_all_pkey_asn1_meths     4398	EXIST:!VMS:FUNCTION:ENGINE
+ENGINE_reg_all_pkey_asn1_meths          4398	EXIST:VMS:FUNCTION:ENGINE
+X509_CRL_set_default_method             4399	EXIST::FUNCTION:
+CRYPTO_THREADID_hash                    4400	EXIST::FUNCTION:
+CMS_ContentInfo_print_ctx               4401	EXIST::FUNCTION:CMS
+TS_RESP_free                            4402	EXIST::FUNCTION:
+ISSUING_DIST_POINT_free                 4403	EXIST::FUNCTION:
+ESS_ISSUER_SERIAL_new                   4404	EXIST::FUNCTION:
+CMS_add1_crl                            4405	EXIST::FUNCTION:CMS
+PKCS7_add1_attrib_digest                4406	EXIST::FUNCTION:
+TS_RESP_CTX_add_md                      4407	EXIST::FUNCTION:
+TS_TST_INFO_dup                         4408	EXIST::FUNCTION:
+ENGINE_set_pkey_asn1_meths              4409	EXIST::FUNCTION:ENGINE
+PEM_write_bio_Parameters                4410	EXIST::FUNCTION:
+TS_TST_INFO_get_accuracy                4411	EXIST::FUNCTION:
+X509_CRL_get0_by_serial                 4412	EXIST::FUNCTION:
+TS_TST_INFO_set_version                 4413	EXIST::FUNCTION:
+TS_RESP_CTX_get_tst_info                4414	EXIST::FUNCTION:
+TS_RESP_verify_signature                4415	EXIST::FUNCTION:
+CRYPTO_THREADID_get_callback            4416	EXIST::FUNCTION:
+TS_TST_INFO_get_tsa                     4417	EXIST::FUNCTION:
+TS_STATUS_INFO_new                      4418	EXIST::FUNCTION:
+EVP_PKEY_CTX_get_cb                     4419	EXIST::FUNCTION:
+TS_REQ_get_ext_d2i                      4420	EXIST::FUNCTION:
+GENERAL_NAME_set0_othername             4421	EXIST::FUNCTION:
+TS_TST_INFO_get_ext_count               4422	EXIST::FUNCTION:
+TS_RESP_CTX_get_request                 4423	EXIST::FUNCTION:
+i2d_NETSCAPE_X509                       4424	EXIST::FUNCTION:
+ENGINE_get_pkey_meth_engine             4425	EXIST::FUNCTION:ENGINE
+EVP_PKEY_meth_set_signctx               4426	EXIST::FUNCTION:
+EVP_PKEY_asn1_copy                      4427	EXIST::FUNCTION:
+ASN1_TYPE_cmp                           4428	EXIST::FUNCTION:
+EVP_CIPHER_do_all_sorted                4429	EXIST::FUNCTION:
+EVP_PKEY_CTX_free                       4430	EXIST::FUNCTION:
+ISSUING_DIST_POINT_it                   4431	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ISSUING_DIST_POINT_it                   4431	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_TS_MSG_IMPRINT_fp                   4432	EXIST::FUNCTION:
+X509_STORE_get1_certs                   4433	EXIST::FUNCTION:
+EVP_PKEY_CTX_get_operation              4434	EXIST::FUNCTION:
+d2i_ESS_SIGNING_CERT                    4435	EXIST::FUNCTION:
+TS_CONF_set_ordering                    4436	EXIST::FUNCTION:
+EVP_PBE_alg_add_type                    4437	EXIST::FUNCTION:
+TS_REQ_set_version                      4438	EXIST::FUNCTION:
+EVP_PKEY_get0                           4439	EXIST::FUNCTION:
+BIO_asn1_set_suffix                     4440	EXIST::FUNCTION:
+i2d_TS_STATUS_INFO                      4441	EXIST::FUNCTION:
+EVP_MD_do_all                           4442	EXIST::FUNCTION:
+TS_TST_INFO_set_accuracy                4443	EXIST::FUNCTION:
+PKCS7_add_attrib_content_type           4444	EXIST::FUNCTION:
+ERR_remove_thread_state                 4445	EXIST::FUNCTION:
+EVP_PKEY_meth_add0                      4446	EXIST::FUNCTION:
+TS_TST_INFO_set_tsa                     4447	EXIST::FUNCTION:
+EVP_PKEY_meth_new                       4448	EXIST::FUNCTION:
+WHIRLPOOL_Update                        4449	EXIST:!VMSVAX:FUNCTION:WHIRLPOOL
+TS_CONF_set_accuracy                    4450	EXIST::FUNCTION:
+ASN1_PCTX_set_oid_flags                 4451	EXIST::FUNCTION:
+ESS_SIGNING_CERT_dup                    4452	EXIST::FUNCTION:
+d2i_TS_REQ_bio                          4453	EXIST::FUNCTION:
+X509_time_adj_ex                        4454	EXIST::FUNCTION:
+TS_RESP_CTX_add_flags                   4455	EXIST::FUNCTION:
+d2i_TS_STATUS_INFO                      4456	EXIST::FUNCTION:
+TS_MSG_IMPRINT_set_msg                  4457	EXIST::FUNCTION:
+BIO_asn1_get_suffix                     4458	EXIST::FUNCTION:
+TS_REQ_free                             4459	EXIST::FUNCTION:
+EVP_PKEY_meth_free                      4460	EXIST::FUNCTION:
+TS_REQ_get_exts                         4461	EXIST::FUNCTION:
+TS_RESP_CTX_set_clock_precision_digits  4462	EXIST:!VMS:FUNCTION:
+TS_RESP_CTX_set_clk_prec_digits         4462	EXIST:VMS:FUNCTION:
+TS_RESP_CTX_add_failure_info            4463	EXIST::FUNCTION:
+i2d_TS_RESP_bio                         4464	EXIST::FUNCTION:
+EVP_PKEY_CTX_get0_peerkey               4465	EXIST::FUNCTION:
+PEM_write_bio_CMS_stream                4466	EXIST::FUNCTION:CMS
+TS_REQ_new                              4467	EXIST::FUNCTION:
+TS_MSG_IMPRINT_new                      4468	EXIST::FUNCTION:
+EVP_PKEY_meth_find                      4469	EXIST::FUNCTION:
+EVP_PKEY_id                             4470	EXIST::FUNCTION:
+TS_TST_INFO_set_serial                  4471	EXIST::FUNCTION:
+a2i_GENERAL_NAME                        4472	EXIST::FUNCTION:
+TS_CONF_set_crypto_device               4473	EXIST::FUNCTION:
+EVP_PKEY_verify_init                    4474	EXIST::FUNCTION:
+TS_CONF_set_policies                    4475	EXIST::FUNCTION:
+ASN1_PCTX_new                           4476	EXIST::FUNCTION:
+ESS_CERT_ID_free                        4477	EXIST::FUNCTION:
+ENGINE_unregister_pkey_meths            4478	EXIST::FUNCTION:ENGINE
+TS_MSG_IMPRINT_free                     4479	EXIST::FUNCTION:
+TS_VERIFY_CTX_init                      4480	EXIST::FUNCTION:
+PKCS7_stream                            4481	EXIST::FUNCTION:
+TS_RESP_CTX_set_certs                   4482	EXIST::FUNCTION:
+TS_CONF_set_def_policy                  4483	EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_adj                4484	EXIST::FUNCTION:
+NETSCAPE_X509_new                       4485	EXIST::FUNCTION:
+TS_ACCURACY_free                        4486	EXIST::FUNCTION:
+TS_RESP_get_tst_info                    4487	EXIST::FUNCTION:
+EVP_PKEY_derive_set_peer                4488	EXIST::FUNCTION:
+PEM_read_bio_Parameters                 4489	EXIST::FUNCTION:
+TS_CONF_set_clock_precision_digits      4490	EXIST:!VMS:FUNCTION:
+TS_CONF_set_clk_prec_digits             4490	EXIST:VMS:FUNCTION:
+ESS_ISSUER_SERIAL_dup                   4491	EXIST::FUNCTION:
+TS_ACCURACY_get_micros                  4492	EXIST::FUNCTION:
+ASN1_PCTX_get_str_flags                 4493	EXIST::FUNCTION:
+NAME_CONSTRAINTS_check                  4494	EXIST::FUNCTION:
+ASN1_BIT_STRING_check                   4495	EXIST::FUNCTION:
+X509_check_akid                         4496	EXIST::FUNCTION:
+ENGINE_unregister_pkey_asn1_meths       4497	EXIST:!VMS:FUNCTION:ENGINE
+ENGINE_unreg_pkey_asn1_meths            4497	EXIST:VMS:FUNCTION:ENGINE
+ASN1_PCTX_free                          4498	EXIST::FUNCTION:
+PEM_write_bio_ASN1_stream               4499	EXIST::FUNCTION:
+i2d_ASN1_bio_stream                     4500	EXIST::FUNCTION:
+TS_X509_ALGOR_print_bio                 4501	EXIST::FUNCTION:
+EVP_PKEY_meth_set_cleanup               4502	EXIST::FUNCTION:
+EVP_PKEY_asn1_free                      4503	EXIST::FUNCTION:
+ESS_SIGNING_CERT_free                   4504	EXIST::FUNCTION:
+TS_TST_INFO_set_msg_imprint             4505	EXIST::FUNCTION:
+GENERAL_NAME_cmp                        4506	EXIST::FUNCTION:
+d2i_ASN1_SET_ANY                        4507	EXIST::FUNCTION:
+ENGINE_set_pkey_meths                   4508	EXIST::FUNCTION:ENGINE
+i2d_TS_REQ_fp                           4509	EXIST::FUNCTION:
+d2i_ASN1_SEQUENCE_ANY                   4510	EXIST::FUNCTION:
+GENERAL_NAME_get0_otherName             4511	EXIST::FUNCTION:
+d2i_ESS_CERT_ID                         4512	EXIST::FUNCTION:
+OBJ_find_sigid_algs                     4513	EXIST::FUNCTION:
+EVP_PKEY_meth_set_keygen                4514	EXIST::FUNCTION:
+PKCS5_PBKDF2_HMAC                       4515	EXIST::FUNCTION:
+EVP_PKEY_paramgen                       4516	EXIST::FUNCTION:
+EVP_PKEY_meth_set_paramgen              4517	EXIST::FUNCTION:
+BIO_new_PKCS7                           4518	EXIST::FUNCTION:
+EVP_PKEY_verify_recover                 4519	EXIST::FUNCTION:
+TS_ext_print_bio                        4520	EXIST::FUNCTION:
+TS_ASN1_INTEGER_print_bio               4521	EXIST::FUNCTION:
+check_defer                             4522	EXIST::FUNCTION:
+DSO_pathbyaddr                          4523	EXIST::FUNCTION:
+EVP_PKEY_set_type                       4524	EXIST::FUNCTION:
+TS_ACCURACY_set_micros                  4525	EXIST::FUNCTION:
+TS_REQ_to_TS_VERIFY_CTX                 4526	EXIST::FUNCTION:
+EVP_PKEY_meth_set_copy                  4527	EXIST::FUNCTION:
+ASN1_PCTX_set_cert_flags                4528	EXIST::FUNCTION:
+TS_TST_INFO_get_ext                     4529	EXIST::FUNCTION:
+EVP_PKEY_asn1_set_ctrl                  4530	EXIST::FUNCTION:
+TS_TST_INFO_get_ext_by_critical         4531	EXIST::FUNCTION:
+EVP_PKEY_CTX_new_id                     4532	EXIST::FUNCTION:
+TS_REQ_get_ext_by_OBJ                   4533	EXIST::FUNCTION:
+TS_CONF_set_signer_cert                 4534	EXIST::FUNCTION:
+X509_NAME_hash_old                      4535	EXIST::FUNCTION:
+ASN1_TIME_set_string                    4536	EXIST::FUNCTION:
+EVP_MD_flags                            4537	EXIST::FUNCTION:
+TS_RESP_CTX_free                        4538	EXIST::FUNCTION:
+DSAparams_dup                           4539	EXIST::FUNCTION:DSA
+DHparams_dup                            4540	EXIST::FUNCTION:DH
+OCSP_REQ_CTX_add1_header                4541	EXIST::FUNCTION:
+OCSP_REQ_CTX_set1_req                   4542	EXIST::FUNCTION:
+X509_STORE_set_verify_cb                4543	EXIST::FUNCTION:
+X509_STORE_CTX_get0_current_crl         4544	EXIST::FUNCTION:
+X509_STORE_CTX_get0_parent_ctx          4545	EXIST::FUNCTION:
+X509_STORE_CTX_get0_current_issuer      4546	EXIST:!VMS:FUNCTION:
+X509_STORE_CTX_get0_cur_issuer          4546	EXIST:VMS:FUNCTION:
+X509_issuer_name_hash_old               4547	EXIST::FUNCTION:MD5
+X509_subject_name_hash_old              4548	EXIST::FUNCTION:MD5
+EVP_CIPHER_CTX_copy                     4549	EXIST::FUNCTION:
+UI_method_get_prompt_constructor        4550	EXIST:!VMS:FUNCTION:
+UI_method_get_prompt_constructr         4550	EXIST:VMS:FUNCTION:
+UI_method_set_prompt_constructor        4551	EXIST:!VMS:FUNCTION:
+UI_method_set_prompt_constructr         4551	EXIST:VMS:FUNCTION:
+EVP_read_pw_string_min                  4552	EXIST::FUNCTION:
+CRYPTO_cts128_encrypt                   4553	EXIST::FUNCTION:
+CRYPTO_cts128_decrypt_block             4554	EXIST::FUNCTION:
+CRYPTO_cfb128_1_encrypt                 4555	EXIST::FUNCTION:
+CRYPTO_cbc128_encrypt                   4556	EXIST::FUNCTION:
+CRYPTO_ctr128_encrypt                   4557	EXIST::FUNCTION:
+CRYPTO_ofb128_encrypt                   4558	EXIST::FUNCTION:
+CRYPTO_cts128_decrypt                   4559	EXIST::FUNCTION:
+CRYPTO_cts128_encrypt_block             4560	EXIST::FUNCTION:
+CRYPTO_cbc128_decrypt                   4561	EXIST::FUNCTION:
+CRYPTO_cfb128_encrypt                   4562	EXIST::FUNCTION:
+CRYPTO_cfb128_8_encrypt                 4563	EXIST::FUNCTION:
+OPENSSL_strcasecmp                      4564	EXIST::FUNCTION:
+OPENSSL_memcmp                          4565	EXIST::FUNCTION:
+OPENSSL_strncasecmp                     4566	EXIST::FUNCTION:
+OPENSSL_gmtime                          4567	EXIST::FUNCTION:
+OPENSSL_gmtime_adj                      4568	EXIST::FUNCTION:
+SRP_VBASE_get_by_user                   4569	EXIST::FUNCTION:SRP
+SRP_Calc_server_key                     4570	EXIST::FUNCTION:SRP
+SRP_create_verifier                     4571	EXIST::FUNCTION:SRP
+SRP_create_verifier_BN                  4572	EXIST::FUNCTION:SRP
+SRP_Calc_u                              4573	EXIST::FUNCTION:SRP
+SRP_VBASE_free                          4574	EXIST::FUNCTION:SRP
+SRP_Calc_client_key                     4575	EXIST::FUNCTION:SRP
+SRP_get_default_gN                      4576	EXIST::FUNCTION:SRP
+SRP_Calc_x                              4577	EXIST::FUNCTION:SRP
+SRP_Calc_B                              4578	EXIST::FUNCTION:SRP
+SRP_VBASE_new                           4579	EXIST::FUNCTION:SRP
+SRP_check_known_gN_param                4580	EXIST::FUNCTION:SRP
+SRP_Calc_A                              4581	EXIST::FUNCTION:SRP
+SRP_Verify_A_mod_N                      4582	EXIST::FUNCTION:SRP
+SRP_VBASE_init                          4583	EXIST::FUNCTION:SRP
+SRP_Verify_B_mod_N                      4584	EXIST::FUNCTION:SRP
+EC_KEY_set_public_key_affine_coordinates 4585	EXIST:!VMS:FUNCTION:EC
+EC_KEY_set_pub_key_aff_coords           4585	EXIST:VMS:FUNCTION:EC
+EVP_aes_192_ctr                         4586	EXIST::FUNCTION:AES
+EVP_PKEY_meth_get0_info                 4587	EXIST::FUNCTION:
+EVP_PKEY_meth_copy                      4588	EXIST::FUNCTION:
+ERR_add_error_vdata                     4589	EXIST::FUNCTION:
+EVP_aes_128_ctr                         4590	EXIST::FUNCTION:AES
+EVP_aes_256_ctr                         4591	EXIST::FUNCTION:AES
+EC_GFp_nistp224_method                  4592	EXIST::FUNCTION:EC,EC_NISTP_64_GCC_128
+EC_KEY_get_flags                        4593	EXIST::FUNCTION:EC
+RSA_padding_add_PKCS1_PSS_mgf1          4594	EXIST::FUNCTION:RSA
+EVP_aes_128_xts                         4595	EXIST::FUNCTION:AES
+private_SHA224_Init                     4596	EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+private_AES_set_decrypt_key             4597	EXIST::FUNCTION:AES
+private_WHIRLPOOL_Init                  4598	EXIST:OPENSSL_FIPS:FUNCTION:WHIRLPOOL
+EVP_aes_256_xts                         4599	EXIST::FUNCTION:AES
+private_SHA512_Init                     4600	EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+EVP_aes_128_gcm                         4601	EXIST::FUNCTION:AES
+EC_KEY_clear_flags                      4602	EXIST::FUNCTION:EC
+EC_KEY_set_flags                        4603	EXIST::FUNCTION:EC
+private_DES_set_key_unchecked           4604	EXIST:OPENSSL_FIPS:FUNCTION:DES
+EVP_aes_256_ccm                         4605	EXIST::FUNCTION:AES
+private_AES_set_encrypt_key             4606	EXIST::FUNCTION:AES
+RSA_verify_PKCS1_PSS_mgf1               4607	EXIST::FUNCTION:RSA
+private_SHA1_Init                       4608	EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA1
+EVP_aes_128_ccm                         4609	EXIST::FUNCTION:AES
+private_SEED_set_key                    4610	EXIST:OPENSSL_FIPS:FUNCTION:SEED
+EVP_aes_192_gcm                         4611	EXIST::FUNCTION:AES
+X509_ALGOR_set_md                       4612	EXIST::FUNCTION:
+private_SHA256_Init                     4613	EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+RAND_init_fips                          4614	EXIST:OPENSSL_FIPS:FUNCTION:
+EVP_aes_256_gcm                         4615	EXIST::FUNCTION:AES
+private_SHA384_Init                     4616	EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+EVP_aes_192_ccm                         4617	EXIST::FUNCTION:AES
+CMAC_CTX_copy                           4618	EXIST::FUNCTION:
+CMAC_CTX_free                           4619	EXIST::FUNCTION:
+CMAC_CTX_get0_cipher_ctx                4620	EXIST::FUNCTION:
+CMAC_CTX_cleanup                        4621	EXIST::FUNCTION:
+CMAC_Init                               4622	EXIST::FUNCTION:
+CMAC_Update                             4623	EXIST::FUNCTION:
+CMAC_resume                             4624	EXIST::FUNCTION:
+CMAC_CTX_new                            4625	EXIST::FUNCTION:
+CMAC_Final                              4626	EXIST::FUNCTION:
+CRYPTO_ctr128_encrypt_ctr32             4627	EXIST::FUNCTION:
+CRYPTO_gcm128_release                   4628	EXIST::FUNCTION:
+CRYPTO_ccm128_decrypt_ccm64             4629	EXIST::FUNCTION:
+CRYPTO_ccm128_encrypt                   4630	EXIST::FUNCTION:
+CRYPTO_gcm128_encrypt                   4631	EXIST::FUNCTION:
+CRYPTO_xts128_encrypt                   4632	EXIST::FUNCTION:
+EVP_rc4_hmac_md5                        4633	EXIST::FUNCTION:MD5,RC4
+CRYPTO_nistcts128_decrypt_block         4634	EXIST::FUNCTION:
+CRYPTO_gcm128_setiv                     4635	EXIST::FUNCTION:
+CRYPTO_nistcts128_encrypt               4636	EXIST::FUNCTION:
+EVP_aes_128_cbc_hmac_sha1               4637	EXIST::FUNCTION:AES,SHA,SHA1
+CRYPTO_gcm128_tag                       4638	EXIST::FUNCTION:
+CRYPTO_ccm128_encrypt_ccm64             4639	EXIST::FUNCTION:
+ENGINE_load_rdrand                      4640	EXIST::FUNCTION:ENGINE
+CRYPTO_ccm128_setiv                     4641	EXIST::FUNCTION:
+CRYPTO_nistcts128_encrypt_block         4642	EXIST::FUNCTION:
+CRYPTO_gcm128_aad                       4643	EXIST::FUNCTION:
+CRYPTO_ccm128_init                      4644	EXIST::FUNCTION:
+CRYPTO_nistcts128_decrypt               4645	EXIST::FUNCTION:
+CRYPTO_gcm128_new                       4646	EXIST::FUNCTION:
+CRYPTO_ccm128_tag                       4647	EXIST::FUNCTION:
+CRYPTO_ccm128_decrypt                   4648	EXIST::FUNCTION:
+CRYPTO_ccm128_aad                       4649	EXIST::FUNCTION:
+CRYPTO_gcm128_init                      4650	EXIST::FUNCTION:
+CRYPTO_gcm128_decrypt                   4651	EXIST::FUNCTION:
+ENGINE_load_rsax                        4652	EXIST::FUNCTION:ENGINE
+CRYPTO_gcm128_decrypt_ctr32             4653	EXIST::FUNCTION:
+CRYPTO_gcm128_encrypt_ctr32             4654	EXIST::FUNCTION:
+CRYPTO_gcm128_finish                    4655	EXIST::FUNCTION:
+EVP_aes_256_cbc_hmac_sha1               4656	EXIST::FUNCTION:AES,SHA,SHA1
+PKCS5_pbkdf2_set                        4657	EXIST::FUNCTION:
+CMS_add0_recipient_password             4658	EXIST::FUNCTION:CMS
+CMS_decrypt_set1_password               4659	EXIST::FUNCTION:CMS
+CMS_RecipientInfo_set0_password         4660	EXIST::FUNCTION:CMS
+RAND_set_fips_drbg_type                 4661	EXIST:OPENSSL_FIPS:FUNCTION:
+X509_REQ_sign_ctx                       4662	EXIST::FUNCTION:EVP
+RSA_PSS_PARAMS_new                      4663	EXIST::FUNCTION:RSA
+X509_CRL_sign_ctx                       4664	EXIST::FUNCTION:EVP
+X509_signature_dump                     4665	EXIST::FUNCTION:EVP
+d2i_RSA_PSS_PARAMS                      4666	EXIST::FUNCTION:RSA
+RSA_PSS_PARAMS_it                       4667	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
+RSA_PSS_PARAMS_it                       4667	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
+RSA_PSS_PARAMS_free                     4668	EXIST::FUNCTION:RSA
+X509_sign_ctx                           4669	EXIST::FUNCTION:EVP
+i2d_RSA_PSS_PARAMS                      4670	EXIST::FUNCTION:RSA
+ASN1_item_sign_ctx                      4671	EXIST::FUNCTION:EVP
+EC_GFp_nistp521_method                  4672	EXIST::FUNCTION:EC,EC_NISTP_64_GCC_128
+EC_GFp_nistp256_method                  4673	EXIST::FUNCTION:EC,EC_NISTP_64_GCC_128
+OPENSSL_stderr                          4674	EXIST::FUNCTION:
+OPENSSL_cpuid_setup                     4675	EXIST::FUNCTION:
+OPENSSL_showfatal                       4676	EXIST::FUNCTION:
+BIO_new_dgram_sctp                      4677	EXIST::FUNCTION:SCTP
+BIO_dgram_sctp_msg_waiting              4678	EXIST::FUNCTION:SCTP
+BIO_dgram_sctp_wait_for_dry             4679	EXIST::FUNCTION:SCTP
+BIO_s_datagram_sctp                     4680	EXIST::FUNCTION:DGRAM,SCTP
+BIO_dgram_is_sctp                       4681	EXIST::FUNCTION:SCTP
+BIO_dgram_sctp_notification_cb          4682	EXIST::FUNCTION:SCTP

Deleted: vendor-crypto/openssl/1.0.1u/util/mk1mf.pl
===================================================================
--- vendor-crypto/openssl/dist/util/mk1mf.pl	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/util/mk1mf.pl	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,1233 +0,0 @@
-#!/usr/local/bin/perl
-# A bit of an evil hack but it post processes the file ../MINFO which
-# is generated by `make files` in the top directory.
-# This script outputs one mega makefile that has no shell stuff or any
-# funny stuff
-#
-
-$INSTALLTOP="/usr/local/ssl";
-$OPENSSLDIR="/usr/local/ssl";
-$OPTIONS="";
-$ssl_version="";
-$banner="\t\@echo Building OpenSSL";
-
-my $no_static_engine = 1;
-my $engines = "";
-my $otherlibs = "";
-local $zlib_opt = 0;	# 0 = no zlib, 1 = static, 2 = dynamic
-local $zlib_lib = "";
-local $perl_asm = 0;	# 1 to autobuild asm files from perl scripts
-
-my $ex_l_libs = "";
-
-# Options to import from top level Makefile
-
-my %mf_import = (
-	VERSION	       => \$ssl_version,
-	OPTIONS        => \$OPTIONS,
-	INSTALLTOP     => \$INSTALLTOP,
-	OPENSSLDIR     => \$OPENSSLDIR,
-	PLATFORM       => \$mf_platform,
-	CFLAG	       => \$mf_cflag,
-	DEPFLAG	       => \$mf_depflag,
-	CPUID_OBJ      => \$mf_cpuid_asm,
-	BN_ASM	       => \$mf_bn_asm,
-	DES_ENC	       => \$mf_des_asm,
-	AES_ENC        => \$mf_aes_asm,
-	BF_ENC	       => \$mf_bf_asm,
-	CAST_ENC       => \$mf_cast_asm,
-	RC4_ENC	       => \$mf_rc4_asm,
-	RC5_ENC        => \$mf_rc5_asm,
-	MD5_ASM_OBJ    => \$mf_md5_asm,
-	SHA1_ASM_OBJ   => \$mf_sha_asm,
-	RMD160_ASM_OBJ => \$mf_rmd_asm,
-	WP_ASM_OBJ     => \$mf_wp_asm,
-	CMLL_ENC       => \$mf_cm_asm,
-	BASEADDR       => \$baseaddr,
-	FIPSDIR        => \$fipsdir,
-);
-
-
-open(IN,"<Makefile") || die "unable to open Makefile!\n";
-while(<IN>) {
-    my ($mf_opt, $mf_ref);
-    while (($mf_opt, $mf_ref) = each %mf_import) {
-    	if (/^$mf_opt\s*=\s*(.*)$/) {
-	   $$mf_ref = $1;
-	}
-    }
-}
-close(IN);
-
-$debug = 1 if $mf_platform =~ /^debug-/;
-
-die "Makefile is not the toplevel Makefile!\n" if $ssl_version eq "";
-
-$infile="MINFO";
-
-%ops=(
-	"VC-WIN32",   "Microsoft Visual C++ [4-6] - Windows NT or 9X",
-	"VC-WIN64I",  "Microsoft C/C++ - Win64/IA-64",
-	"VC-WIN64A",  "Microsoft C/C++ - Win64/x64",
-	"VC-CE",   "Microsoft eMbedded Visual C++ 3.0 - Windows CE ONLY",
-	"VC-NT",   "Microsoft Visual C++ [4-6] - Windows NT ONLY",
-	"Mingw32", "GNU C++ - Windows NT or 9x",
-	"Mingw32-files", "Create files with DOS copy ...",
-	"BC-NT",   "Borland C++ 4.5 - Windows NT",
-	"linux-elf","Linux elf",
-	"ultrix-mips","DEC mips ultrix",
-	"FreeBSD","FreeBSD distribution",
-	"OS2-EMX", "EMX GCC OS/2",
-	"netware-clib", "CodeWarrior for NetWare - CLib - with WinSock Sockets",
-	"netware-clib-bsdsock", "CodeWarrior for NetWare - CLib - with BSD Sockets",
-	"netware-libc", "CodeWarrior for NetWare - LibC - with WinSock Sockets",
-	"netware-libc-bsdsock", "CodeWarrior for NetWare - LibC - with BSD Sockets",
-	"default","cc under unix",
-	"auto", "auto detect from top level Makefile"
-	);
-
-$platform="";
-my $xcflags="";
-foreach (@ARGV)
-	{
-	if (!&read_options && !defined($ops{$_}))
-		{
-		print STDERR "unknown option - $_\n";
-		print STDERR "usage: perl mk1mf.pl [options] [system]\n";
-		print STDERR "\nwhere [system] can be one of the following\n";
-		foreach $i (sort keys %ops)
-		{ printf STDERR "\t%-10s\t%s\n",$i,$ops{$i}; }
-		print STDERR <<"EOF";
-and [options] can be one of
-	no-md2 no-md4 no-md5 no-sha no-mdc2	- Skip this digest
-	no-ripemd
-	no-rc2 no-rc4 no-rc5 no-idea no-des     - Skip this symetric cipher
-	no-bf no-cast no-aes no-camellia no-seed
-	no-rsa no-dsa no-dh			- Skip this public key cipher
-	no-ssl2 no-ssl3				- Skip this version of SSL
-	just-ssl				- remove all non-ssl keys/digest
-	no-asm 					- No x86 asm
-	no-krb5					- No KRB5
-	no-srp					- No SRP
-	no-ec					- No EC
-	no-ecdsa				- No ECDSA
-	no-ecdh					- No ECDH
-	no-engine				- No engine
-	no-hw					- No hw
-	nasm 					- Use NASM for x86 asm
-	nw-nasm					- Use NASM x86 asm for NetWare
-	nw-mwasm				- Use Metrowerks x86 asm for NetWare
-	gaswin					- Use GNU as with Mingw32
-	no-socks				- No socket code
-	no-err					- No error strings
-	dll/shlib				- Build shared libraries (MS)
-	debug					- Debug build
-        profile                                 - Profiling build
-	gcc					- Use Gcc (unix)
-
-Values that can be set
-TMP=tmpdir OUT=outdir SRC=srcdir BIN=binpath INC=header-outdir CC=C-compiler
-
--L<ex_lib_path> -l<ex_lib>			- extra library flags (unix)
--<ex_cc_flags>					- extra 'cc' flags,
-						  added (MS), or replace (unix)
-EOF
-		exit(1);
-		}
-	$platform=$_;
-	}
-foreach (grep(!/^$/, split(/ /, $OPTIONS)))
-	{
-	print STDERR "unknown option - $_\n" if !&read_options;
-	}
-
-$no_static_engine = 0 if (!$shlib);
-
-$no_mdc2=1 if ($no_des);
-
-$no_ssl3=1 if ($no_md5 || $no_sha);
-$no_ssl3=1 if ($no_rsa && $no_dh);
-
-$no_ssl2=1 if ($no_md5);
-$no_ssl2=1 if ($no_rsa);
-
-$out_def="out";
-$inc_def="outinc";
-$tmp_def="tmp";
-
-$perl="perl" unless defined $perl;
-$mkdir="-mkdir" unless defined $mkdir;
-
-($ssl,$crypto)=("ssl","crypto");
-$ranlib="echo ranlib";
-
-$cc=(defined($VARS{'CC'}))?$VARS{'CC'}:'cc';
-$src_dir=(defined($VARS{'SRC'}))?$VARS{'SRC'}:'.';
-$bin_dir=(defined($VARS{'BIN'}))?$VARS{'BIN'}:'';
-
-# $bin_dir.=$o causes a core dump on my sparc :-(
-
-
-$NT=0;
-
-push(@INC,"util/pl","pl");
-
-if ($platform eq "auto") {
-	$platform = $mf_platform;
-	print STDERR "Imported platform $mf_platform\n";
-}
-
-if (($platform =~ /VC-(.+)/))
-	{
-	$FLAVOR=$1;
-	$NT = 1 if $1 eq "NT";
-	require 'VC-32.pl';
-	}
-elsif ($platform eq "Mingw32")
-	{
-	require 'Mingw32.pl';
-	}
-elsif ($platform eq "Mingw32-files")
-	{
-	require 'Mingw32f.pl';
-	}
-elsif ($platform eq "BC-NT")
-	{
-	$bc=1;
-	require 'BC-32.pl';
-	}
-elsif ($platform eq "FreeBSD")
-	{
-	require 'unix.pl';
-	$cflags='-DTERMIO -D_ANSI_SOURCE -O2 -fomit-frame-pointer';
-	}
-elsif ($platform eq "linux-elf")
-	{
-	require "unix.pl";
-	require "linux.pl";
-	$unix=1;
-	}
-elsif ($platform eq "ultrix-mips")
-	{
-	require "unix.pl";
-	require "ultrix.pl";
-	$unix=1;
-	}
-elsif ($platform eq "OS2-EMX")
-	{
-	$wc=1;
-	require 'OS2-EMX.pl';
-	}
-elsif (($platform eq "netware-clib") || ($platform eq "netware-libc") ||
-       ($platform eq "netware-clib-bsdsock") || ($platform eq "netware-libc-bsdsock"))
-	{
-	$LIBC=1 if $platform eq "netware-libc" || $platform eq "netware-libc-bsdsock";
-	$BSDSOCK=1 if ($platform eq "netware-libc-bsdsock") || ($platform eq "netware-clib-bsdsock");
-	require 'netware.pl';
-	}
-else
-	{
-	require "unix.pl";
-
-	$unix=1;
-	$cflags.=' -DTERMIO';
-	}
-
-$fipsdir =~ s/\//${o}/g;
-
-$out_dir=(defined($VARS{'OUT'}))?$VARS{'OUT'}:$out_def.($debug?".dbg":"");
-$tmp_dir=(defined($VARS{'TMP'}))?$VARS{'TMP'}:$tmp_def.($debug?".dbg":"");
-$inc_dir=(defined($VARS{'INC'}))?$VARS{'INC'}:$inc_def;
-
-$bin_dir=$bin_dir.$o unless ((substr($bin_dir,-1,1) eq $o) || ($bin_dir eq ''));
-
-$cflags= "$xcflags$cflags" if $xcflags ne "";
-
-$cflags.=" -DOPENSSL_NO_IDEA" if $no_idea;
-$cflags.=" -DOPENSSL_NO_AES"  if $no_aes;
-$cflags.=" -DOPENSSL_NO_CAMELLIA"  if $no_camellia;
-$cflags.=" -DOPENSSL_NO_SEED" if $no_seed;
-$cflags.=" -DOPENSSL_NO_RC2"  if $no_rc2;
-$cflags.=" -DOPENSSL_NO_RC4"  if $no_rc4;
-$cflags.=" -DOPENSSL_NO_RC5"  if $no_rc5;
-$cflags.=" -DOPENSSL_NO_MD2"  if $no_md2;
-$cflags.=" -DOPENSSL_NO_MD4"  if $no_md4;
-$cflags.=" -DOPENSSL_NO_MD5"  if $no_md5;
-$cflags.=" -DOPENSSL_NO_SHA"  if $no_sha;
-$cflags.=" -DOPENSSL_NO_SHA1" if $no_sha1;
-$cflags.=" -DOPENSSL_NO_RIPEMD" if $no_ripemd;
-$cflags.=" -DOPENSSL_NO_MDC2" if $no_mdc2;
-$cflags.=" -DOPENSSL_NO_BF"  if $no_bf;
-$cflags.=" -DOPENSSL_NO_CAST" if $no_cast;
-$cflags.=" -DOPENSSL_NO_DES"  if $no_des;
-$cflags.=" -DOPENSSL_NO_RSA"  if $no_rsa;
-$cflags.=" -DOPENSSL_NO_DSA"  if $no_dsa;
-$cflags.=" -DOPENSSL_NO_DH"   if $no_dh;
-$cflags.=" -DOPENSSL_NO_WHIRLPOOL"   if $no_whirlpool;
-$cflags.=" -DOPENSSL_NO_SOCK" if $no_sock;
-$cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2;
-$cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3;
-$cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext;
-$cflags.=" -DOPENSSL_NO_SRP" if $no_srp;
-$cflags.=" -DOPENSSL_NO_CMS" if $no_cms;
-$cflags.=" -DOPENSSL_NO_ERR"  if $no_err;
-$cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5;
-$cflags.=" -DOPENSSL_NO_EC"   if $no_ec;
-$cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa;
-$cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh;
-$cflags.=" -DOPENSSL_NO_GOST" if $no_gost;
-$cflags.=" -DOPENSSL_NO_ENGINE"   if $no_engine;
-$cflags.=" -DOPENSSL_NO_HW"   if $no_hw;
-$cflags.=" -DOPENSSL_FIPS"    if $fips;
-$cflags.=" -DOPENSSL_NO_JPAKE"    if $no_jpake;
-$cflags.=" -DOPENSSL_NO_EC2M"    if $no_ec2m;
-$cflags.= " -DZLIB" if $zlib_opt;
-$cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;
-
-if ($no_static_engine)
-	{
-	$cflags .= " -DOPENSSL_NO_STATIC_ENGINE";
-	}
-else
-	{
-	$cflags .= " -DOPENSSL_NO_DYNAMIC_ENGINE";
-	}
-
-#$cflags.=" -DRSAref"  if $rsaref ne "";
-
-## if ($unix)
-##	{ $cflags="$c_flags" if ($c_flags ne ""); }
-##else
-	{ $cflags="$c_flags$cflags" if ($c_flags ne ""); }
-
-$ex_libs="$l_flags$ex_libs" if ($l_flags ne "");
-
-
-%shlib_ex_cflags=("SSL" => " -DOPENSSL_BUILD_SHLIBSSL",
-		  "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO");
-
-if ($msdos)
-	{
-	$banner ="\t\@echo Make sure you have run 'perl Configure $platform' in the\n";
-	$banner.="\t\@echo top level directory, if you don't have perl, you will\n";
-	$banner.="\t\@echo need to probably edit crypto/bn/bn.h, check the\n";
-	$banner.="\t\@echo documentation for details.\n";
-	}
-
-# have to do this to allow $(CC) under unix
-$link="$bin_dir$link" if ($link !~ /^\$/);
-
-$INSTALLTOP =~ s|/|$o|g;
-$OPENSSLDIR =~ s|/|$o|g;
-
-#############################################
-# We parse in input file and 'store' info for later printing.
-open(IN,"<$infile") || die "unable to open $infile:$!\n";
-$_=<IN>;
-for (;;)
-	{
-	s/\s*$//; # was chop, didn't work in mixture of perls for Windows...
-
-	($key,$val)=/^([^=]+)=(.*)/;
-	if ($key eq "RELATIVE_DIRECTORY")
-		{
-		if ($lib ne "")
-			{
-			$uc=$lib;
-			$uc =~ s/^lib(.*)\.a/$1/;
-			$uc =~ tr/a-z/A-Z/;
-			$lib_nam{$uc}=$uc;
-			$lib_obj{$uc}.=$libobj." ";
-			}
-		last if ($val eq "FINISHED");
-		$lib="";
-		$libobj="";
-		$dir=$val;
-		}
-
-	if ($key eq "KRB5_INCLUDES")
-		{ $cflags .= " $val";}
-
-	if ($key eq "ZLIB_INCLUDE")
-		{ $cflags .= " $val" if $val ne "";}
-
-	if ($key eq "LIBZLIB")
-		{ $zlib_lib = "$val" if $val ne "";}
-
-	if ($key eq "LIBKRB5")
-		{ $ex_libs .= " $val" if $val ne "";}
-
-	if ($key eq "TEST")
-		{ $test.=&var_add($dir,$val, 0); }
-
-	if (($key eq "PROGS") || ($key eq "E_OBJ"))
-		{ $e_exe.=&var_add($dir,$val, 0); }
-
-	if ($key eq "LIB")
-		{
-		$lib=$val;
-		$lib =~ s/^.*\/([^\/]+)$/$1/;
-		}
-	if ($key eq "LIBNAME" && $no_static_engine)
-		{
-		$lib=$val;
-		$lib =~ s/^.*\/([^\/]+)$/$1/;
-		$otherlibs .= " $lib";
-		}
-
-	if ($key eq "EXHEADER")
-		{ $exheader.=&var_add($dir,$val, 1); }
-
-	if ($key eq "HEADER")
-		{ $header.=&var_add($dir,$val, 1); }
-
-	if ($key eq "LIBOBJ" && ($dir ne "engines" || !$no_static_engine))
-		{ $libobj=&var_add($dir,$val, 0); }
-	if ($key eq "LIBNAMES" && $dir eq "engines" && $no_static_engine)
- 		{ $engines.=$val }
-
-	if (!($_=<IN>))
-		{ $_="RELATIVE_DIRECTORY=FINISHED\n"; }
-	}
-close(IN);
-
-if ($shlib)
-	{
-	$extra_install= <<"EOF";
-	\$(CP) \"\$(O_SSL)\" \"\$(INSTALLTOP)${o}bin\"
-	\$(CP) \"\$(O_CRYPTO)\" \"\$(INSTALLTOP)${o}bin\"
-	\$(CP) \"\$(L_SSL)\" \"\$(INSTALLTOP)${o}lib\"
-	\$(CP) \"\$(L_CRYPTO)\" \"\$(INSTALLTOP)${o}lib\"
-EOF
-	if ($no_static_engine)
-		{
-		$extra_install .= <<"EOF"
-	\$(MKDIR) \"\$(INSTALLTOP)${o}lib${o}engines\"
-	\$(CP) \"\$(E_SHLIB)\" \"\$(INSTALLTOP)${o}lib${o}engines\"
-EOF
-		}
-	}
-else
-	{
-	$extra_install= <<"EOF";
-	\$(CP) \"\$(O_SSL)\" \"\$(INSTALLTOP)${o}lib\"
-	\$(CP) \"\$(O_CRYPTO)\" \"\$(INSTALLTOP)${o}lib\"
-EOF
-	$ex_libs .= " $zlib_lib" if $zlib_opt == 1;
-	if ($fips)
-		{
-		$build_targets .= " \$(LIB_D)$o$crypto_compat \$(PREMAIN_DSO_EXE)";
-		$ex_l_libs .= " \$(O_FIPSCANISTER)";
-		}
-	}
-
-$defs= <<"EOF";
-# This makefile has been automatically generated from the OpenSSL distribution.
-# This single makefile will build the complete OpenSSL distribution and
-# by default leave the 'interesting' output files in .${o}out and the stuff
-# that needs deleting in .${o}tmp.
-# The file was generated by running 'make makefile.one', which
-# does a 'make files', which writes all the environment variables from all
-# the makefiles to the file call MINFO.  This file is used by
-# util${o}mk1mf.pl to generate makefile.one.
-# The 'makefile per directory' system suites me when developing this
-# library and also so I can 'distribute' indervidual library sections.
-# The one monster makefile better suits building in non-unix
-# environments.
-
-EOF
-
-$defs .= $preamble if defined $preamble;
-
-$defs.= <<"EOF";
-INSTALLTOP=$INSTALLTOP
-OPENSSLDIR=$OPENSSLDIR
-
-# Set your compiler options
-PLATFORM=$platform
-CC=$bin_dir${cc}
-CFLAG=$cflags
-APP_CFLAG=$app_cflag
-LIB_CFLAG=$lib_cflag
-SHLIB_CFLAG=$shl_cflag
-APP_EX_OBJ=$app_ex_obj
-SHLIB_EX_OBJ=$shlib_ex_obj
-# add extra libraries to this define, for solaris -lsocket -lnsl would
-# be added
-EX_LIBS=$ex_libs
-
-# The OpenSSL directory
-SRC_D=$src_dir
-
-LINK=$link
-LFLAGS=$lflags
-RSC=$rsc
-
-# The output directory for everything intersting
-OUT_D=$out_dir
-# The output directory for all the temporary muck
-TMP_D=$tmp_dir
-# The output directory for the header files
-INC_D=$inc_dir
-INCO_D=$inc_dir${o}openssl
-
-PERL=$perl
-CP=$cp
-RM=$rm
-RANLIB=$ranlib
-MKDIR=$mkdir
-MKLIB=$bin_dir$mklib
-MLFLAGS=$mlflags
-ASM=$bin_dir$asm
-
-# FIPS validated module and support file locations
-
-FIPSDIR=$fipsdir
-BASEADDR=$baseaddr
-FIPSLIB_D=\$(FIPSDIR)${o}lib
-FIPS_PREMAIN_SRC=\$(FIPSLIB_D)${o}fips_premain.c
-O_FIPSCANISTER=\$(FIPSLIB_D)${o}fipscanister.lib
-FIPS_SHA1_EXE=\$(FIPSDIR)${o}bin${o}fips_standalone_sha1${exep}
-E_PREMAIN_DSO=fips_premain_dso
-PREMAIN_DSO_EXE=\$(BIN_D)${o}fips_premain_dso$exep
-FIPSLINK=\$(PERL) \$(FIPSDIR)${o}bin${o}fipslink.pl
-
-######################################################
-# You should not need to touch anything below this point
-######################################################
-
-E_EXE=openssl
-SSL=$ssl
-CRYPTO=$crypto
-
-# BIN_D  - Binary output directory
-# TEST_D - Binary test file output directory
-# LIB_D  - library output directory
-# ENG_D  - dynamic engine output directory
-# Note: if you change these point to different directories then uncomment out
-# the lines around the 'NB' comment below.
-# 
-BIN_D=\$(OUT_D)
-TEST_D=\$(OUT_D)
-LIB_D=\$(OUT_D)
-ENG_D=\$(OUT_D)
-
-# INCL_D - local library directory
-# OBJ_D  - temp object file directory
-OBJ_D=\$(TMP_D)
-INCL_D=\$(TMP_D)
-
-O_SSL=     \$(LIB_D)$o$plib\$(SSL)$shlibp
-O_CRYPTO=  \$(LIB_D)$o$plib\$(CRYPTO)$shlibp
-SO_SSL=    $plib\$(SSL)$so_shlibp
-SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp
-L_SSL=     \$(LIB_D)$o$plib\$(SSL)$libp
-L_CRYPTO=  \$(LIB_D)$o$plib\$(CRYPTO)$libp
-
-L_LIBS= \$(L_SSL) \$(L_CRYPTO) $ex_l_libs
-
-######################################################
-# Don't touch anything below this point
-######################################################
-
-INC=-I\$(INC_D) -I\$(INCL_D)
-APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG)
-LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG)
-SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG)
-LIBS_DEP=\$(O_CRYPTO) \$(O_SSL)
-
-#############################################
-EOF
-
-$rules=<<"EOF";
-all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe $build_targets
-
-banner:
-$banner
-
-\$(TMP_D):
-	\$(MKDIR) \"\$(TMP_D)\"
-# NB: uncomment out these lines if BIN_D, TEST_D and LIB_D are different
-#\$(BIN_D):
-#	\$(MKDIR) \$(BIN_D)
-#
-#\$(TEST_D):
-#	\$(MKDIR) \$(TEST_D)
-
-\$(LIB_D):
-	\$(MKDIR) \"\$(LIB_D)\"
-
-\$(INCO_D): \$(INC_D)
-	\$(MKDIR) \"\$(INCO_D)\"
-
-\$(INC_D):
-	\$(MKDIR) \"\$(INC_D)\"
-
-headers: \$(HEADER) \$(EXHEADER)
-	@
-
-lib: \$(LIBS_DEP) \$(E_SHLIB)
-
-exe: \$(T_EXE) \$(BIN_D)$o\$(E_EXE)$exep
-
-install: all
-	\$(MKDIR) \"\$(INSTALLTOP)\"
-	\$(MKDIR) \"\$(INSTALLTOP)${o}bin\"
-	\$(MKDIR) \"\$(INSTALLTOP)${o}include\"
-	\$(MKDIR) \"\$(INSTALLTOP)${o}include${o}openssl\"
-	\$(MKDIR) \"\$(INSTALLTOP)${o}lib\"
-	\$(CP) \"\$(INCO_D)${o}*.\[ch\]\" \"\$(INSTALLTOP)${o}include${o}openssl\"
-	\$(CP) \"\$(BIN_D)$o\$(E_EXE)$exep \$(INSTALLTOP)${o}bin\"
-	\$(MKDIR) \"\$(OPENSSLDIR)\"
-	\$(CP) apps${o}openssl.cnf \"\$(OPENSSLDIR)\"
-$extra_install
-
-
-test: \$(T_EXE)
-	cd \$(BIN_D)
-	..${o}ms${o}test
-
-clean:
-	\$(RM) \$(TMP_D)$o*.*
-
-vclean:
-	\$(RM) \$(TMP_D)$o*.*
-	\$(RM) \$(OUT_D)$o*.*
-
-EOF
-    
-my $platform_cpp_symbol = "MK1MF_PLATFORM_$platform";
-$platform_cpp_symbol =~ s/-/_/g;
-if (open(IN,"crypto/buildinf.h"))
-	{
-	# Remove entry for this platform in existing file buildinf.h.
-
-	my $old_buildinf_h = "";
-	while (<IN>)
-		{
-		if (/^\#ifdef $platform_cpp_symbol$/)
-			{
-			while (<IN>) { last if (/^\#endif/); }
-			}
-		else
-			{
-			$old_buildinf_h .= $_;
-			}
-		}
-	close(IN);
-
-	open(OUT,">crypto/buildinf.h") || die "Can't open buildinf.h";
-	print OUT $old_buildinf_h;
-	close(OUT);
-	}
-
-open (OUT,">>crypto/buildinf.h") || die "Can't open buildinf.h";
-printf OUT <<EOF;
-#ifdef $platform_cpp_symbol
-  /* auto-generated/updated by util/mk1mf.pl for crypto/cversion.c */
-  #define CFLAGS "compiler: $cc $cflags"
-  #define PLATFORM "$platform"
-EOF
-printf OUT "  #define DATE \"%s\"\n", scalar gmtime();
-printf OUT "#endif\n";
-close(OUT);
-
-# Strip of trailing ' '
-foreach (keys %lib_obj) { $lib_obj{$_}=&clean_up_ws($lib_obj{$_}); }
-$test=&clean_up_ws($test);
-$e_exe=&clean_up_ws($e_exe);
-$exheader=&clean_up_ws($exheader);
-$header=&clean_up_ws($header);
-
-# First we strip the exheaders from the headers list
-foreach (split(/\s+/,$exheader)){ $h{$_}=1; }
-foreach (split(/\s+/,$header))	{ $h.=$_." " unless $h{$_}; }
-chop($h); $header=$h;
-
-$defs.=&do_defs("HEADER",$header,"\$(INCL_D)","");
-$rules.=&do_copy_rule("\$(INCL_D)",$header,"");
-
-$defs.=&do_defs("EXHEADER",$exheader,"\$(INCO_D)","");
-$rules.=&do_copy_rule("\$(INCO_D)",$exheader,"");
-
-$defs.=&do_defs("T_OBJ",$test,"\$(OBJ_D)",$obj);
-$rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)");
-
-$defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj);
-$rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)');
-
-# Special case rule for fips_premain_dso
-
-if ($fips)
-	{
-	$rules.=&cc_compile_target("\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj",
-		"\$(FIPS_PREMAIN_SRC)",
-		"-DFINGERPRINT_PREMAIN_DSO_LOAD \$(SHLIB_CFLAGS)", "");
-	$rules.=&do_link_rule("\$(PREMAIN_DSO_EXE)","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(CRYPTOOBJ) \$(O_FIPSCANISTER)","","\$(EX_LIBS)", 1);
-	}
-
-foreach (values %lib_nam)
-	{
-	$lib_obj=$lib_obj{$_};
-	local($slib)=$shlib;
-
-	$defs.=&do_defs(${_}."OBJ",$lib_obj,"\$(OBJ_D)",$obj);
-	$lib=($slib)?" \$(SHLIB_CFLAGS)".$shlib_ex_cflags{$_}:" \$(LIB_CFLAGS)";
-	$rules.=&do_compile_rule("\$(OBJ_D)",$lib_obj{$_},$lib);
-	}
-
-# hack to add version info on MSVC
-if (($platform eq "VC-WIN32") || ($platform eq "VC-WIN64A")
-	|| ($platform eq "VC-WIN64I") || ($platform eq "VC-NT")) {
-    $rules.= <<"EOF";
-\$(OBJ_D)\\\$(CRYPTO).res: ms\\version32.rc
-	\$(RSC) /fo"\$(OBJ_D)\\\$(CRYPTO).res" /d CRYPTO ms\\version32.rc
-
-\$(OBJ_D)\\\$(SSL).res: ms\\version32.rc
-	\$(RSC) /fo"\$(OBJ_D)\\\$(SSL).res" /d SSL ms\\version32.rc
-
-EOF
-}
-
-$defs.=&do_defs("T_EXE",$test,"\$(TEST_D)",$exep);
-foreach (split(/\s+/,$test))
-	{
-	$t=&bname($_);
-	$tt="\$(OBJ_D)${o}$t${obj}";
-	$rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
-	}
-
-$defs.=&do_defs("E_SHLIB",$engines . $otherlibs,"\$(ENG_D)",$shlibp);
-
-foreach (split(/\s+/,$engines))
-	{
-	$rules.=&do_compile_rule("\$(OBJ_D)","engines${o}e_$_",$lib);
-	$rules.= &do_lib_rule("\$(OBJ_D)${o}e_${_}.obj","\$(ENG_D)$o$_$shlibp","",$shlib,"");
-	}
-
-
-
-$rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)");
-
-if ($fips)
-	{
-	if ($shlib)
-		{
-		$rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
-				"\$(O_CRYPTO)", "$crypto",
-				$shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)");
-		}
-	else
-		{
-		$rules.= &do_lib_rule("\$(CRYPTOOBJ)",
-			"\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", "");
-		$rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
-			"\$(LIB_D)$o$crypto_compat",$crypto,$shlib,"\$(SO_CRYPTO)", "");
-		}
-	}
-	else
-	{
-	$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,
-							"\$(SO_CRYPTO)");
-	}
-
-foreach (split(" ",$otherlibs))
-	{
-	my $uc = $_;
-	$uc =~ tr /a-z/A-Z/;	
-	$rules.= &do_lib_rule("\$(${uc}OBJ)","\$(ENG_D)$o$_$shlibp", "", $shlib, "");
-
-	}
-
-$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)", ($fips && !$shlib) ? 2 : 0);
-
-print $defs;
-
-if ($platform eq "linux-elf") {
-    print <<"EOF";
-# Generate perlasm output files
-%.cpp:
-	(cd \$(\@D)/..; PERL=perl make -f Makefile asm/\$(\@F))
-EOF
-}
-print "###################################################################\n";
-print $rules;
-
-###############################################
-# strip off any trailing .[och] and append the relative directory
-# also remembering to do nothing if we are in one of the dropped
-# directories
-sub var_add
-	{
-	local($dir,$val,$keepext)=@_;
-	local(@a,$_,$ret);
-
-	return("") if $no_engine && $dir =~ /\/engine/;
-	return("") if $no_hw   && $dir =~ /\/hw/;
-	return("") if $no_idea && $dir =~ /\/idea/;
-	return("") if $no_aes  && $dir =~ /\/aes/;
-	return("") if $no_camellia  && $dir =~ /\/camellia/;
-	return("") if $no_seed && $dir =~ /\/seed/;
-	return("") if $no_rc2  && $dir =~ /\/rc2/;
-	return("") if $no_rc4  && $dir =~ /\/rc4/;
-	return("") if $no_rc5  && $dir =~ /\/rc5/;
-	return("") if $no_rsa  && $dir =~ /\/rsa/;
-	return("") if $no_rsa  && $dir =~ /^rsaref/;
-	return("") if $no_dsa  && $dir =~ /\/dsa/;
-	return("") if $no_dh   && $dir =~ /\/dh/;
-	return("") if $no_ec   && $dir =~ /\/ec/;
-	return("") if $no_gost   && $dir =~ /\/ccgost/;
-	return("") if $no_cms  && $dir =~ /\/cms/;
-	return("") if $no_jpake  && $dir =~ /\/jpake/;
-	if ($no_des && $dir =~ /\/des/)
-		{
-		if ($val =~ /read_pwd/)
-			{ return("$dir/read_pwd "); }
-		else
-			{ return(""); }
-		}
-	return("") if $no_mdc2 && $dir =~ /\/mdc2/;
-	return("") if $no_sock && $dir =~ /\/proxy/;
-	return("") if $no_bf   && $dir =~ /\/bf/;
-	return("") if $no_cast && $dir =~ /\/cast/;
-	return("") if $no_whirlpool && $dir =~ /\/whrlpool/;
-
-	$val =~ s/^\s*(.*)\s*$/$1/;
-	@a=split(/\s+/,$val);
-	grep(s/\.[och]$//, at a) unless $keepext;
-
-	@a=grep(!/^e_.*_3d$/, at a) if $no_des;
-	@a=grep(!/^e_.*_d$/, at a) if $no_des;
-	@a=grep(!/^e_.*_ae$/, at a) if $no_idea;
-	@a=grep(!/^e_.*_i$/, at a) if $no_aes;
-	@a=grep(!/^e_.*_r2$/, at a) if $no_rc2;
-	@a=grep(!/^e_.*_r5$/, at a) if $no_rc5;
-	@a=grep(!/^e_.*_bf$/, at a) if $no_bf;
-	@a=grep(!/^e_.*_c$/, at a) if $no_cast;
-	@a=grep(!/^e_rc4$/, at a) if $no_rc4;
-	@a=grep(!/^e_camellia$/, at a) if $no_camellia;
-	@a=grep(!/^e_seed$/, at a) if $no_seed;
-
-	#@a=grep(!/(^s2_)|(^s23_)/, at a) if $no_ssl2;
-	#@a=grep(!/(^s3_)|(^s23_)/, at a) if $no_ssl3;
-
-	@a=grep(!/(_sock$)|(_acpt$)|(_conn$)|(^pxy_)/, at a) if $no_sock;
-
-	@a=grep(!/(^md2)|(_md2$)/, at a) if $no_md2;
-	@a=grep(!/(^md4)|(_md4$)/, at a) if $no_md4;
-	@a=grep(!/(^md5)|(_md5$)/, at a) if $no_md5;
-	@a=grep(!/(rmd)|(ripemd)/, at a) if $no_ripemd;
-
-	@a=grep(!/(^d2i_r_)|(^i2d_r_)/, at a) if $no_rsa;
-	@a=grep(!/(^p_open$)|(^p_seal$)/, at a) if $no_rsa;
-	@a=grep(!/(^pem_seal$)/, at a) if $no_rsa;
-
-	@a=grep(!/(m_dss$)|(m_dss1$)/, at a) if $no_dsa;
-	@a=grep(!/(^d2i_s_)|(^i2d_s_)|(_dsap$)/, at a) if $no_dsa;
-
-	@a=grep(!/^n_pkey$/, at a) if $no_rsa || $no_rc4;
-
-	@a=grep(!/_dhp$/, at a) if $no_dh;
-
-	@a=grep(!/(^sha[^1])|(_sha$)|(m_dss$)/, at a) if $no_sha;
-	@a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/, at a) if $no_sha1;
-	@a=grep(!/_mdc2$/, at a) if $no_mdc2;
-
-	@a=grep(!/(srp)/, at a) if $no_srp;
-
-	@a=grep(!/^engine$/, at a) if $no_engine;
-	@a=grep(!/^hw$/, at a) if $no_hw;
-	@a=grep(!/(^rsa$)|(^genrsa$)/, at a) if $no_rsa;
-	@a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/, at a) if $no_dsa;
-	@a=grep(!/^gendsa$/, at a) if $no_sha1;
-	@a=grep(!/(^dh$)|(^gendh$)/, at a) if $no_dh;
-
-	@a=grep(!/(^dh)|(_sha1$)|(m_dss1$)/, at a) if $no_sha1;
-
-	grep($_="$dir/$_", at a);
-	@a=grep(!/(^|\/)s_/, at a) if $no_sock;
-	@a=grep(!/(^|\/)bio_sock/, at a) if $no_sock;
-	$ret=join(' ', at a)." ";
-	return($ret);
-	}
-
-# change things so that each 'token' is only separated by one space
-sub clean_up_ws
-	{
-	local($w)=@_;
-
-	$w =~ s/^\s*(.*)\s*$/$1/;
-	$w =~ s/\s+/ /g;
-	return($w);
-	}
-
-sub do_defs
-	{
-	local($var,$files,$location,$postfix)=@_;
-	local($_,$ret,$pf);
-	local(*OUT,$tmp,$t);
-
-	$files =~ s/\//$o/g if $o ne '/';
-	$ret="$var="; 
-	$n=1;
-	$Vars{$var}.="";
-	foreach (split(/ /,$files))
-		{
-		$orig=$_;
-		$_=&bname($_) unless /^\$/;
-		if ($n++ == 2)
-			{
-			$n=0;
-			$ret.="\\\n\t";
-			}
-		if (($_ =~ /bss_file/) && ($postfix eq ".h"))
-			{ $pf=".c"; }
-		else	{ $pf=$postfix; }
-		if ($_ =~ /BN_ASM/)	{ $t="$_ "; }
-		elsif ($_ =~ /BNCO_ASM/){ $t="$_ "; }
-		elsif ($_ =~ /AES_ASM/){ $t="$_ "; }
-		elsif ($_ =~ /DES_ENC/)	{ $t="$_ "; }
-		elsif ($_ =~ /BF_ENC/)	{ $t="$_ "; }
-		elsif ($_ =~ /CAST_ENC/){ $t="$_ "; }
-		elsif ($_ =~ /RC4_ENC/)	{ $t="$_ "; }
-		elsif ($_ =~ /RC5_ENC/)	{ $t="$_ "; }
-		elsif ($_ =~ /MD5_ASM/)	{ $t="$_ "; }
-		elsif ($_ =~ /SHA1_ASM/){ $t="$_ "; }
-		elsif ($_ =~ /RMD160_ASM/){ $t="$_ "; }
-		elsif ($_ =~ /WHIRLPOOL_ASM/){ $t="$_ "; }
-		elsif ($_ =~ /CPUID_ASM/){ $t="$_ "; }
-		else	{ $t="$location${o}$_$pf "; }
-
-		$Vars{$var}.="$t ";
-		$ret.=$t;
-		}
-	# hack to add version info on MSVC
-	if ($shlib && (($platform eq "VC-WIN32") || ($platfrom eq "VC-WIN64I") || ($platform eq "VC-WIN64A") || ($platform eq "VC-NT")))
-		{
-		if ($var eq "CRYPTOOBJ")
-			{ $ret.="\$(OBJ_D)\\\$(CRYPTO).res "; }
-		elsif ($var eq "SSLOBJ")
-			{ $ret.="\$(OBJ_D)\\\$(SSL).res "; }
-		}
-	chomp($ret);
-	$ret.="\n\n";
-	return($ret);
-	}
-
-# return the name with the leading path removed
-sub bname
-	{
-	local($ret)=@_;
-	$ret =~ s/^.*[\\\/]([^\\\/]+)$/$1/;
-	return($ret);
-	}
-
-# return the leading path
-sub dname
-	{
-	my $ret=shift;
-	$ret =~ s/(^.*)[\\\/][^\\\/]+$/$1/;
-	return($ret);
-	}
-
-##############################################################
-# do a rule for each file that says 'compile' to new direcory
-# compile the files in '$files' into $to
-sub do_compile_rule
-	{
-	local($to,$files,$ex)=@_;
-	local($ret,$_,$n,$d,$s);
-
-	$files =~ s/\//$o/g if $o ne '/';
-	foreach (split(/\s+/,$files))
-		{
-		$n=&bname($_);
-		$d=&dname($_);
-		if (-f "${_}.c")
-			{
-			$ret.=&cc_compile_target("$to${o}$n$obj","${_}.c",$ex)
-			}
-		elsif (-f ($s="${d}${o}asm${o}${n}.pl") or
-		       ($s=~s/sha256/sha512/ and -f $s) or
-		       -f ($s="${d}${o}${n}.pl"))
-			{
-			$ret.=&perlasm_compile_target("$to${o}$n$obj",$s,$n);
-			}
-		elsif (-f ($s="${d}${o}asm${o}${n}.S") or
-		       -f ($s="${d}${o}${n}.S"))
-			{
-			$ret.=&Sasm_compile_target("$to${o}$n$obj",$s,$n);
-			}
-		else	{ die "no rule for $_"; }
-		}
-	return($ret);
-	}
-
-##############################################################
-# do a rule for each file that says 'compile' to new direcory
-sub perlasm_compile_target
-	{
-	my($target,$source,$bname)=@_;
-	my($ret);
-
-	$bname =~ s/(.*)\.[^\.]$/$1/;
-	$ret ="\$(TMP_D)$o$bname.asm: $source\n";
-	$ret.="\t\$(PERL) $source $asmtype \$(CFLAG) >\$\@\n\n";
-	$ret.="$target: \$(TMP_D)$o$bname.asm\n";
-	$ret.="\t\$(ASM) $afile\$\@ \$(TMP_D)$o$bname.asm\n\n";
-	return($ret);
-	}
-
-sub Sasm_compile_target
-	{
-	my($target,$source,$bname)=@_;
-	my($ret);
-
-	$bname =~ s/(.*)\.[^\.]$/$1/;
-	$ret ="\$(TMP_D)$o$bname.asm: $source\n";
-	$ret.="\t\$(CC) -E \$(CFLAG) $source >\$\@\n\n";
-	$ret.="$target: \$(TMP_D)$o$bname.asm\n";
-	$ret.="\t\$(ASM) $afile\$\@ \$(TMP_D)$o$bname.asm\n\n";
-	return($ret);
-	}
-
-sub cc_compile_target
-	{
-	local($target,$source,$ex_flags, $srcd)=@_;
-	local($ret);
-	
-	$ex_flags.=" -DMK1MF_BUILD -D$platform_cpp_symbol" if ($source =~ /cversion/);
-	$target =~ s/\//$o/g if $o ne "/";
-	$source =~ s/\//$o/g if $o ne "/";
-	$srcd = "\$(SRC_D)$o" unless defined $srcd;
-	$ret ="$target: $srcd$source\n\t";
-	$ret.="\$(CC) ${ofile}$target $ex_flags -c $srcd$source\n\n";
-	return($ret);
-	}
-
-##############################################################
-sub do_asm_rule
-	{
-	local($target,$src)=@_;
-	local($ret, at s, at t,$i);
-
-	$target =~ s/\//$o/g if $o ne "/";
-	$src =~ s/\//$o/g if $o ne "/";
-
-	@t=split(/\s+/,$target);
-	@s=split(/\s+/,$src);
-
-
-	for ($i=0; $i<=$#s; $i++)
-		{
-		my $objfile = $t[$i];
-		my $srcfile = $s[$i];
-
-		if ($perl_asm == 1)
-			{
-			my $plasm = $objfile;
-			$plasm =~ s/${obj}/.pl/;
-			$ret.="$srcfile: $plasm\n";
-			$ret.="\t\$(PERL) $plasm $asmtype \$(CFLAG) >$srcfile\n\n";
-			}
-
-		$ret.="$objfile: $srcfile\n";
-		$ret.="\t\$(ASM) $afile$objfile \$(SRC_D)$o$srcfile\n\n";
-		}
-	return($ret);
-	}
-
-sub do_shlib_rule
-	{
-	local($n,$def)=@_;
-	local($ret,$nn);
-	local($t);
-
-	($nn=$n) =~ tr/a-z/A-Z/;
-	$ret.="$n.dll: \$(${nn}OBJ)\n";
-	if ($vc && $w32)
-		{
-		$ret.="\t\$(MKSHLIB) $efile$n.dll $def @<<\n  \$(${nn}OBJ_F)\n<<\n";
-		}
-	$ret.="\n";
-	return($ret);
-	}
-
-# do a rule for each file that says 'copy' to new direcory on change
-sub do_copy_rule
-	{
-	local($to,$files,$p)=@_;
-	local($ret,$_,$n,$pp);
-	
-	$files =~ s/\//$o/g if $o ne '/';
-	foreach (split(/\s+/,$files))
-		{
-		$n=&bname($_);
-		if ($n =~ /bss_file/)
-			{ $pp=".c"; }
-		else	{ $pp=$p; }
-		$ret.="$to${o}$n$pp: \$(SRC_D)$o$_$pp\n\t\$(CP) \"\$(SRC_D)$o$_$pp\" \"$to${o}$n$pp\"\n\n";
-		}
-	return($ret);
-	}
-
-# Options picked up from the OPTIONS line in the top level Makefile
-# generated by Configure.
-
-sub read_options
-	{
-	# Many options are handled in a similar way. In particular
-	# no-xxx sets zero or more scalars to 1.
-	# Process these using the %valid_options hash containing the option
-	# name and reference to the scalars to set. In some cases the option
-	# needs no special handling and can be ignored: this is done by
-	# setting the value to 0.
-
-	my %valid_options = (
-		"no-rc2" => \$no_rc2,
-		"no-rc4" => \$no_rc4,
-		"no-rc5" => \$no_rc5,
-		"no-idea" => \$no_idea,
-		"no-aes" => \$no_aes,
-		"no-camellia" => \$no_camellia,
-		"no-seed" => \$no_seed,
-		"no-des" => \$no_des,
-		"no-bf" => \$no_bf,
-		"no-cast" => \$no_cast,
-		"no-md2" => \$no_md2,
-		"no-md4" => \$no_md4,
-		"no-md5" => \$no_md5,
-		"no-sha" => \$no_sha,
-		"no-sha1" => \$no_sha1,
-		"no-ripemd" => \$no_ripemd,
-		"no-mdc2" => \$no_mdc2,
-		"no-whirlpool" => \$no_whirlpool,
-		"no-patents" => 
-			[\$no_rc2, \$no_rc4, \$no_rc5, \$no_idea, \$no_rsa],
-		"no-rsa" => \$no_rsa,
-		"no-dsa" => \$no_dsa,
-		"no-dh" => \$no_dh,
-		"no-hmac" => \$no_hmac,
-		"no-asm" => \$no_asm,
-		"nasm" => \$nasm,
-		"nw-nasm" => \$nw_nasm,
-		"nw-mwasm" => \$nw_mwasm,
-		"gaswin" => \$gaswin,
-		"no-ssl2" => \$no_ssl2,
-		"no-ssl3" => \$no_ssl3,
-		"no-ssl3-method" => 0,
-		"no-tlsext" => \$no_tlsext,
-		"no-srp" => \$no_srp,
-		"no-cms" => \$no_cms,
-		"no-ec2m" => \$no_ec2m,
-		"no-jpake" => \$no_jpake,
-		"no-ec_nistp_64_gcc_128" => 0,
-		"no-err" => \$no_err,
-		"no-sock" => \$no_sock,
-		"no-krb5" => \$no_krb5,
-		"no-ec" => \$no_ec,
-		"no-ecdsa" => \$no_ecdsa,
-		"no-ecdh" => \$no_ecdh,
-		"no-gost" => \$no_gost,
-		"no-engine" => \$no_engine,
-		"no-hw" => \$no_hw,
-		"no-rsax" => 0,
-		"just-ssl" =>
-			[\$no_rc2, \$no_idea, \$no_des, \$no_bf, \$no_cast,
-			  \$no_md2, \$no_sha, \$no_mdc2, \$no_dsa, \$no_dh,
-			  \$no_ssl2, \$no_err, \$no_ripemd, \$no_rc5,
-			  \$no_aes, \$no_camellia, \$no_seed, \$no_srp],
-		"rsaref" => 0,
-		"gcc" => \$gcc,
-		"debug" => \$debug,
-		"profile" => \$profile,
-		"shlib" => \$shlib,
-		"dll" => \$shlib,
-		"shared" => 0,
-		"no-sctp" => 0,
-		"no-srtp" => 0,
-		"no-gmp" => 0,
-		"no-rfc3779" => 0,
-		"no-montasm" => 0,
-		"no-shared" => 0,
-		"no-store" => 0,
-		"no-unit-test" => 0,
-		"no-zlib" => 0,
-		"no-zlib-dynamic" => 0,
-		"fips" => \$fips
-		);
-
-	if (exists $valid_options{$_})
-		{
-		my $r = $valid_options{$_};
-		if ( ref $r eq "SCALAR")
-			{ $$r = 1;}
-		elsif ( ref $r eq "ARRAY")
-			{
-			my $r2;
-			foreach $r2 (@$r)
-				{
-				$$r2 = 1;
-				}
-			}
-		}
-	elsif (/^no-comp$/) { $xcflags = "-DOPENSSL_NO_COMP $xcflags"; }
-	elsif (/^enable-zlib$/) { $zlib_opt = 1 if $zlib_opt == 0 }
-	elsif (/^enable-zlib-dynamic$/)
-		{
-		$zlib_opt = 2;
-		}
-	elsif (/^no-static-engine/)
-		{
-		$no_static_engine = 1;
-		}
-	elsif (/^enable-static-engine/)
-		{
-		$no_static_engine = 0;
-		}
-	# There are also enable-xxx options which correspond to
-	# the no-xxx. Since the scalars are enabled by default
-	# these can be ignored.
-	elsif (/^enable-/)
-		{
-		my $t = $_;
-		$t =~ s/^enable/no/;
-		if (exists $valid_options{$t})
-			{return 1;}
-		return 0;
-		}
-	# experimental-xxx is mostly like enable-xxx, but opensslconf.v
-	# will still set OPENSSL_NO_xxx unless we set OPENSSL_EXPERIMENTAL_xxx.
-	# (No need to fail if we don't know the algorithm -- this is for adventurous users only.)
-	elsif (/^experimental-/)
-		{
-		my $algo, $ALGO;
-		($algo = $_) =~ s/^experimental-//;
-		($ALGO = $algo) =~ tr/[a-z]/[A-Z]/;
-
-		$xcflags="-DOPENSSL_EXPERIMENTAL_$ALGO $xcflags";
-		
-		}
-	elsif (/^--with-krb5-flavor=(.*)$/)
-		{
-		my $krb5_flavor = $1;
-		if ($krb5_flavor =~ /^force-[Hh]eimdal$/)
-			{
-			$xcflags="-DKRB5_HEIMDAL $xcflags";
-			}
-		elsif ($krb5_flavor =~ /^MIT/i)
-			{
-			$xcflags="-DKRB5_MIT $xcflags";
-		 	if ($krb5_flavor =~ /^MIT[._-]*1[._-]*[01]/i)
-				{
-				$xcflags="-DKRB5_MIT_OLD11 $xcflags"
-				}
-			}
-		}
-	elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
-	elsif (/^-[lL].*$/)	{ $l_flags.="$_ "; }
-	elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/)
-		{ $c_flags.="$_ "; }
-	else { return(0); }
-	return(1);
-	}

Copied: vendor-crypto/openssl/1.0.1u/util/mk1mf.pl (from rev 11605, vendor-crypto/openssl/dist/util/mk1mf.pl)
===================================================================
--- vendor-crypto/openssl/1.0.1u/util/mk1mf.pl	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/util/mk1mf.pl	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,1238 @@
+#!/usr/local/bin/perl
+# A bit of an evil hack but it post processes the file ../MINFO which
+# is generated by `make files` in the top directory.
+# This script outputs one mega makefile that has no shell stuff or any
+# funny stuff
+#
+
+$INSTALLTOP="/usr/local/ssl";
+$OPENSSLDIR="/usr/local/ssl";
+$OPTIONS="";
+$ssl_version="";
+$banner="\t\@echo Building OpenSSL";
+
+my $no_static_engine = 1;
+my $engines = "";
+my $otherlibs = "";
+local $zlib_opt = 0;	# 0 = no zlib, 1 = static, 2 = dynamic
+local $zlib_lib = "";
+local $perl_asm = 0;	# 1 to autobuild asm files from perl scripts
+
+my $ex_l_libs = "";
+
+# Options to import from top level Makefile
+
+my %mf_import = (
+	VERSION	       => \$ssl_version,
+	OPTIONS        => \$OPTIONS,
+	INSTALLTOP     => \$INSTALLTOP,
+	OPENSSLDIR     => \$OPENSSLDIR,
+	PLATFORM       => \$mf_platform,
+	CFLAG	       => \$mf_cflag,
+	DEPFLAG	       => \$mf_depflag,
+	CPUID_OBJ      => \$mf_cpuid_asm,
+	BN_ASM	       => \$mf_bn_asm,
+	DES_ENC	       => \$mf_des_asm,
+	AES_ENC        => \$mf_aes_asm,
+	BF_ENC	       => \$mf_bf_asm,
+	CAST_ENC       => \$mf_cast_asm,
+	RC4_ENC	       => \$mf_rc4_asm,
+	RC5_ENC        => \$mf_rc5_asm,
+	MD5_ASM_OBJ    => \$mf_md5_asm,
+	SHA1_ASM_OBJ   => \$mf_sha_asm,
+	RMD160_ASM_OBJ => \$mf_rmd_asm,
+	WP_ASM_OBJ     => \$mf_wp_asm,
+	CMLL_ENC       => \$mf_cm_asm,
+	BASEADDR       => \$baseaddr,
+	FIPSDIR        => \$fipsdir,
+);
+
+
+open(IN,"<Makefile") || die "unable to open Makefile!\n";
+while(<IN>) {
+    my ($mf_opt, $mf_ref);
+    while (($mf_opt, $mf_ref) = each %mf_import) {
+    	if (/^$mf_opt\s*=\s*(.*)$/) {
+	   $$mf_ref = $1;
+	}
+    }
+}
+close(IN);
+
+$debug = 1 if $mf_platform =~ /^debug-/;
+
+die "Makefile is not the toplevel Makefile!\n" if $ssl_version eq "";
+
+$infile="MINFO";
+
+%ops=(
+	"VC-WIN32",   "Microsoft Visual C++ [4-6] - Windows NT or 9X",
+	"VC-WIN64I",  "Microsoft C/C++ - Win64/IA-64",
+	"VC-WIN64A",  "Microsoft C/C++ - Win64/x64",
+	"VC-CE",   "Microsoft eMbedded Visual C++ 3.0 - Windows CE ONLY",
+	"VC-NT",   "Microsoft Visual C++ [4-6] - Windows NT ONLY",
+	"Mingw32", "GNU C++ - Windows NT or 9x",
+	"Mingw32-files", "Create files with DOS copy ...",
+	"BC-NT",   "Borland C++ 4.5 - Windows NT",
+	"linux-elf","Linux elf",
+	"ultrix-mips","DEC mips ultrix",
+	"FreeBSD","FreeBSD distribution",
+	"OS2-EMX", "EMX GCC OS/2",
+	"netware-clib", "CodeWarrior for NetWare - CLib - with WinSock Sockets",
+	"netware-clib-bsdsock", "CodeWarrior for NetWare - CLib - with BSD Sockets",
+	"netware-libc", "CodeWarrior for NetWare - LibC - with WinSock Sockets",
+	"netware-libc-bsdsock", "CodeWarrior for NetWare - LibC - with BSD Sockets",
+	"default","cc under unix",
+	"auto", "auto detect from top level Makefile"
+	);
+
+$platform="";
+my $xcflags="";
+foreach (@ARGV)
+	{
+	if (!&read_options && !defined($ops{$_}))
+		{
+		print STDERR "unknown option - $_\n";
+		print STDERR "usage: perl mk1mf.pl [options] [system]\n";
+		print STDERR "\nwhere [system] can be one of the following\n";
+		foreach $i (sort keys %ops)
+		{ printf STDERR "\t%-10s\t%s\n",$i,$ops{$i}; }
+		print STDERR <<"EOF";
+and [options] can be one of
+	no-md2 no-md4 no-md5 no-sha no-mdc2	- Skip this digest
+	no-ripemd
+	no-rc2 no-rc4 no-rc5 no-idea no-des     - Skip this symetric cipher
+	no-bf no-cast no-aes no-camellia no-seed
+	no-rsa no-dsa no-dh			- Skip this public key cipher
+	no-ssl2 no-ssl3				- Skip this version of SSL
+	just-ssl				- remove all non-ssl keys/digest
+	no-asm 					- No x86 asm
+	no-krb5					- No KRB5
+	no-srp					- No SRP
+	no-ec					- No EC
+	no-ecdsa				- No ECDSA
+	no-ecdh					- No ECDH
+	no-engine				- No engine
+	no-hw					- No hw
+	nasm 					- Use NASM for x86 asm
+	nw-nasm					- Use NASM x86 asm for NetWare
+	nw-mwasm				- Use Metrowerks x86 asm for NetWare
+	gaswin					- Use GNU as with Mingw32
+	no-socks				- No socket code
+	no-err					- No error strings
+	dll/shlib				- Build shared libraries (MS)
+	debug					- Debug build
+        profile                                 - Profiling build
+	gcc					- Use Gcc (unix)
+
+Values that can be set
+TMP=tmpdir OUT=outdir SRC=srcdir BIN=binpath INC=header-outdir CC=C-compiler
+
+-L<ex_lib_path> -l<ex_lib>			- extra library flags (unix)
+-<ex_cc_flags>					- extra 'cc' flags,
+						  added (MS), or replace (unix)
+EOF
+		exit(1);
+		}
+	$platform=$_;
+	}
+foreach (grep(!/^$/, split(/ /, $OPTIONS)))
+	{
+	print STDERR "unknown option - $_\n" if !&read_options;
+	}
+
+$no_static_engine = 0 if (!$shlib);
+
+$no_mdc2=1 if ($no_des);
+
+$no_ssl3=1 if ($no_md5 || $no_sha);
+$no_ssl3=1 if ($no_rsa && $no_dh);
+
+$no_ssl2=1 if ($no_md5);
+$no_ssl2=1 if ($no_rsa);
+
+$out_def="out";
+$inc_def="outinc";
+$tmp_def="tmp";
+
+$perl="perl" unless defined $perl;
+$mkdir="-mkdir" unless defined $mkdir;
+
+($ssl,$crypto)=("ssl","crypto");
+$ranlib="echo ranlib";
+
+$cc=(defined($VARS{'CC'}))?$VARS{'CC'}:'cc';
+$src_dir=(defined($VARS{'SRC'}))?$VARS{'SRC'}:'.';
+$bin_dir=(defined($VARS{'BIN'}))?$VARS{'BIN'}:'';
+
+# $bin_dir.=$o causes a core dump on my sparc :-(
+
+
+$NT=0;
+
+push(@INC,"util/pl","pl");
+
+if ($platform eq "auto") {
+	$platform = $mf_platform;
+	print STDERR "Imported platform $mf_platform\n";
+}
+
+if (($platform =~ /VC-(.+)/))
+	{
+	$FLAVOR=$1;
+	$NT = 1 if $1 eq "NT";
+	require 'VC-32.pl';
+	}
+elsif ($platform eq "Mingw32")
+	{
+	require 'Mingw32.pl';
+	}
+elsif ($platform eq "Mingw32-files")
+	{
+	require 'Mingw32f.pl';
+	}
+elsif ($platform eq "BC-NT")
+	{
+	$bc=1;
+	require 'BC-32.pl';
+	}
+elsif ($platform eq "FreeBSD")
+	{
+	require 'unix.pl';
+	$cflags='-DTERMIO -D_ANSI_SOURCE -O2 -fomit-frame-pointer';
+	}
+elsif ($platform eq "linux-elf")
+	{
+	require "unix.pl";
+	require "linux.pl";
+	$unix=1;
+	}
+elsif ($platform eq "ultrix-mips")
+	{
+	require "unix.pl";
+	require "ultrix.pl";
+	$unix=1;
+	}
+elsif ($platform eq "OS2-EMX")
+	{
+	$wc=1;
+	require 'OS2-EMX.pl';
+	}
+elsif (($platform eq "netware-clib") || ($platform eq "netware-libc") ||
+       ($platform eq "netware-clib-bsdsock") || ($platform eq "netware-libc-bsdsock"))
+	{
+	$LIBC=1 if $platform eq "netware-libc" || $platform eq "netware-libc-bsdsock";
+	$BSDSOCK=1 if ($platform eq "netware-libc-bsdsock") || ($platform eq "netware-clib-bsdsock");
+	require 'netware.pl';
+	}
+else
+	{
+	require "unix.pl";
+
+	$unix=1;
+	$cflags.=' -DTERMIO';
+	}
+
+$fipsdir =~ s/\//${o}/g;
+
+$out_dir=(defined($VARS{'OUT'}))?$VARS{'OUT'}:$out_def.($debug?".dbg":"");
+$tmp_dir=(defined($VARS{'TMP'}))?$VARS{'TMP'}:$tmp_def.($debug?".dbg":"");
+$inc_dir=(defined($VARS{'INC'}))?$VARS{'INC'}:$inc_def;
+
+$bin_dir=$bin_dir.$o unless ((substr($bin_dir,-1,1) eq $o) || ($bin_dir eq ''));
+
+$cflags= "$xcflags$cflags" if $xcflags ne "";
+
+$cflags.=" -DOPENSSL_NO_IDEA" if $no_idea;
+$cflags.=" -DOPENSSL_NO_AES"  if $no_aes;
+$cflags.=" -DOPENSSL_NO_CAMELLIA"  if $no_camellia;
+$cflags.=" -DOPENSSL_NO_SEED" if $no_seed;
+$cflags.=" -DOPENSSL_NO_RC2"  if $no_rc2;
+$cflags.=" -DOPENSSL_NO_RC4"  if $no_rc4;
+$cflags.=" -DOPENSSL_NO_RC5"  if $no_rc5;
+$cflags.=" -DOPENSSL_NO_MD2"  if $no_md2;
+$cflags.=" -DOPENSSL_NO_MD4"  if $no_md4;
+$cflags.=" -DOPENSSL_NO_MD5"  if $no_md5;
+$cflags.=" -DOPENSSL_NO_SHA"  if $no_sha;
+$cflags.=" -DOPENSSL_NO_SHA1" if $no_sha1;
+$cflags.=" -DOPENSSL_NO_RIPEMD" if $no_ripemd;
+$cflags.=" -DOPENSSL_NO_MDC2" if $no_mdc2;
+$cflags.=" -DOPENSSL_NO_BF"  if $no_bf;
+$cflags.=" -DOPENSSL_NO_CAST" if $no_cast;
+$cflags.=" -DOPENSSL_NO_DES"  if $no_des;
+$cflags.=" -DOPENSSL_NO_RSA"  if $no_rsa;
+$cflags.=" -DOPENSSL_NO_DSA"  if $no_dsa;
+$cflags.=" -DOPENSSL_NO_DH"   if $no_dh;
+$cflags.=" -DOPENSSL_NO_WHIRLPOOL"   if $no_whirlpool;
+$cflags.=" -DOPENSSL_NO_SOCK" if $no_sock;
+$cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2;
+$cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3;
+$cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext;
+$cflags.=" -DOPENSSL_NO_SRP" if $no_srp;
+$cflags.=" -DOPENSSL_NO_CMS" if $no_cms;
+$cflags.=" -DOPENSSL_NO_ERR"  if $no_err;
+$cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5;
+$cflags.=" -DOPENSSL_NO_EC"   if $no_ec;
+$cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa;
+$cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh;
+$cflags.=" -DOPENSSL_NO_GOST" if $no_gost;
+$cflags.=" -DOPENSSL_NO_ENGINE"   if $no_engine;
+$cflags.=" -DOPENSSL_NO_HW"   if $no_hw;
+$cflags.=" -DOPENSSL_FIPS"    if $fips;
+$cflags.=" -DOPENSSL_NO_JPAKE"    if $no_jpake;
+$cflags.=" -DOPENSSL_NO_EC2M"    if $no_ec2m;
+$cflags.=" -DOPENSSL_NO_WEAK_SSL_CIPHERS"   if $no_weak_ssl;
+$cflags.=" -DZLIB" if $zlib_opt;
+$cflags.=" -DZLIB_SHARED" if $zlib_opt == 2;
+$cflags.=" -DOPENSSL_NO_COMP" if $no_comp;
+
+if ($no_static_engine)
+	{
+	$cflags .= " -DOPENSSL_NO_STATIC_ENGINE";
+	}
+else
+	{
+	$cflags .= " -DOPENSSL_NO_DYNAMIC_ENGINE";
+	}
+
+#$cflags.=" -DRSAref"  if $rsaref ne "";
+
+## if ($unix)
+##	{ $cflags="$c_flags" if ($c_flags ne ""); }
+##else
+	{ $cflags="$c_flags$cflags" if ($c_flags ne ""); }
+
+$ex_libs="$l_flags$ex_libs" if ($l_flags ne "");
+
+
+%shlib_ex_cflags=("SSL" => " -DOPENSSL_BUILD_SHLIBSSL",
+		  "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO");
+
+if ($msdos)
+	{
+	$banner ="\t\@echo Make sure you have run 'perl Configure $platform' in the\n";
+	$banner.="\t\@echo top level directory, if you don't have perl, you will\n";
+	$banner.="\t\@echo need to probably edit crypto/bn/bn.h, check the\n";
+	$banner.="\t\@echo documentation for details.\n";
+	}
+
+# have to do this to allow $(CC) under unix
+$link="$bin_dir$link" if ($link !~ /^\$/);
+
+$INSTALLTOP =~ s|/|$o|g;
+$OPENSSLDIR =~ s|/|$o|g;
+
+#############################################
+# We parse in input file and 'store' info for later printing.
+open(IN,"<$infile") || die "unable to open $infile:$!\n";
+$_=<IN>;
+for (;;)
+	{
+	s/\s*$//; # was chop, didn't work in mixture of perls for Windows...
+
+	($key,$val)=/^([^=]+)=(.*)/;
+	if ($key eq "RELATIVE_DIRECTORY")
+		{
+		if ($lib ne "")
+			{
+			$uc=$lib;
+			$uc =~ s/^lib(.*)\.a/$1/;
+			$uc =~ tr/a-z/A-Z/;
+			$lib_nam{$uc}=$uc;
+			$lib_obj{$uc}.=$libobj." ";
+			}
+		last if ($val eq "FINISHED");
+		$lib="";
+		$libobj="";
+		$dir=$val;
+		}
+
+	if ($key eq "KRB5_INCLUDES")
+		{ $cflags .= " $val";}
+
+	if ($key eq "ZLIB_INCLUDE")
+		{ $cflags .= " $val" if $val ne "";}
+
+	if ($key eq "LIBZLIB")
+		{ $zlib_lib = "$val" if $val ne "";}
+
+	if ($key eq "LIBKRB5")
+		{ $ex_libs .= " $val" if $val ne "";}
+
+	if ($key eq "TEST")
+		{ $test.=&var_add($dir,$val, 0); }
+
+	if (($key eq "PROGS") || ($key eq "E_OBJ"))
+		{ $e_exe.=&var_add($dir,$val, 0); }
+
+	if ($key eq "LIB")
+		{
+		$lib=$val;
+		$lib =~ s/^.*\/([^\/]+)$/$1/;
+		}
+	if ($key eq "LIBNAME" && $no_static_engine)
+		{
+		$lib=$val;
+		$lib =~ s/^.*\/([^\/]+)$/$1/;
+		$otherlibs .= " $lib";
+		}
+
+	if ($key eq "EXHEADER")
+		{ $exheader.=&var_add($dir,$val, 1); }
+
+	if ($key eq "HEADER")
+		{ $header.=&var_add($dir,$val, 1); }
+
+	if ($key eq "LIBOBJ" && ($dir ne "engines" || !$no_static_engine))
+		{ $libobj=&var_add($dir,$val, 0); }
+	if ($key eq "LIBNAMES" && $dir eq "engines" && $no_static_engine)
+ 		{ $engines.=$val }
+
+	if (!($_=<IN>))
+		{ $_="RELATIVE_DIRECTORY=FINISHED\n"; }
+	}
+close(IN);
+
+if ($shlib)
+	{
+	$extra_install= <<"EOF";
+	\$(CP) \"\$(O_SSL)\" \"\$(INSTALLTOP)${o}bin\"
+	\$(CP) \"\$(O_CRYPTO)\" \"\$(INSTALLTOP)${o}bin\"
+	\$(CP) \"\$(L_SSL)\" \"\$(INSTALLTOP)${o}lib\"
+	\$(CP) \"\$(L_CRYPTO)\" \"\$(INSTALLTOP)${o}lib\"
+EOF
+	if ($no_static_engine)
+		{
+		$extra_install .= <<"EOF"
+	\$(MKDIR) \"\$(INSTALLTOP)${o}lib${o}engines\"
+	\$(CP) \"\$(E_SHLIB)\" \"\$(INSTALLTOP)${o}lib${o}engines\"
+EOF
+		}
+	}
+else
+	{
+	$extra_install= <<"EOF";
+	\$(CP) \"\$(O_SSL)\" \"\$(INSTALLTOP)${o}lib\"
+	\$(CP) \"\$(O_CRYPTO)\" \"\$(INSTALLTOP)${o}lib\"
+EOF
+	$ex_libs .= " $zlib_lib" if $zlib_opt == 1;
+	if ($fips)
+		{
+		$build_targets .= " \$(LIB_D)$o$crypto_compat \$(PREMAIN_DSO_EXE)";
+		$ex_l_libs .= " \$(O_FIPSCANISTER)";
+		}
+	}
+
+$defs= <<"EOF";
+# This makefile has been automatically generated from the OpenSSL distribution.
+# This single makefile will build the complete OpenSSL distribution and
+# by default leave the 'interesting' output files in .${o}out and the stuff
+# that needs deleting in .${o}tmp.
+# The file was generated by running 'make makefile.one', which
+# does a 'make files', which writes all the environment variables from all
+# the makefiles to the file call MINFO.  This file is used by
+# util${o}mk1mf.pl to generate makefile.one.
+# The 'makefile per directory' system suites me when developing this
+# library and also so I can 'distribute' indervidual library sections.
+# The one monster makefile better suits building in non-unix
+# environments.
+
+EOF
+
+$defs .= $preamble if defined $preamble;
+
+$defs.= <<"EOF";
+INSTALLTOP=$INSTALLTOP
+OPENSSLDIR=$OPENSSLDIR
+
+# Set your compiler options
+PLATFORM=$platform
+CC=$bin_dir${cc}
+CFLAG=$cflags
+APP_CFLAG=$app_cflag
+LIB_CFLAG=$lib_cflag
+SHLIB_CFLAG=$shl_cflag
+APP_EX_OBJ=$app_ex_obj
+SHLIB_EX_OBJ=$shlib_ex_obj
+# add extra libraries to this define, for solaris -lsocket -lnsl would
+# be added
+EX_LIBS=$ex_libs
+
+# The OpenSSL directory
+SRC_D=$src_dir
+
+LINK_CMD=$link
+LFLAGS=$lflags
+RSC=$rsc
+
+# The output directory for everything intersting
+OUT_D=$out_dir
+# The output directory for all the temporary muck
+TMP_D=$tmp_dir
+# The output directory for the header files
+INC_D=$inc_dir
+INCO_D=$inc_dir${o}openssl
+
+PERL=$perl
+CP=$cp
+RM=$rm
+RANLIB=$ranlib
+MKDIR=$mkdir
+MKLIB=$bin_dir$mklib
+MLFLAGS=$mlflags
+ASM=$bin_dir$asm
+
+# FIPS validated module and support file locations
+
+FIPSDIR=$fipsdir
+BASEADDR=$baseaddr
+FIPSLIB_D=\$(FIPSDIR)${o}lib
+FIPS_PREMAIN_SRC=\$(FIPSLIB_D)${o}fips_premain.c
+O_FIPSCANISTER=\$(FIPSLIB_D)${o}fipscanister.lib
+FIPS_SHA1_EXE=\$(FIPSDIR)${o}bin${o}fips_standalone_sha1${exep}
+E_PREMAIN_DSO=fips_premain_dso
+PREMAIN_DSO_EXE=\$(BIN_D)${o}fips_premain_dso$exep
+FIPSLINK=\$(PERL) \$(FIPSDIR)${o}bin${o}fipslink.pl
+
+######################################################
+# You should not need to touch anything below this point
+######################################################
+
+E_EXE=openssl
+SSL=$ssl
+CRYPTO=$crypto
+
+# BIN_D  - Binary output directory
+# TEST_D - Binary test file output directory
+# LIB_D  - library output directory
+# ENG_D  - dynamic engine output directory
+# Note: if you change these point to different directories then uncomment out
+# the lines around the 'NB' comment below.
+# 
+BIN_D=\$(OUT_D)
+TEST_D=\$(OUT_D)
+LIB_D=\$(OUT_D)
+ENG_D=\$(OUT_D)
+
+# INCL_D - local library directory
+# OBJ_D  - temp object file directory
+OBJ_D=\$(TMP_D)
+INCL_D=\$(TMP_D)
+
+O_SSL=     \$(LIB_D)$o$plib\$(SSL)$shlibp
+O_CRYPTO=  \$(LIB_D)$o$plib\$(CRYPTO)$shlibp
+SO_SSL=    $plib\$(SSL)$so_shlibp
+SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp
+L_SSL=     \$(LIB_D)$o$plib\$(SSL)$libp
+L_CRYPTO=  \$(LIB_D)$o$plib\$(CRYPTO)$libp
+
+L_LIBS= \$(L_SSL) \$(L_CRYPTO) $ex_l_libs
+
+######################################################
+# Don't touch anything below this point
+######################################################
+
+INC=-I\$(INC_D) -I\$(INCL_D)
+APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG)
+LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG)
+SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG)
+LIBS_DEP=\$(O_CRYPTO) \$(O_SSL)
+
+#############################################
+EOF
+
+$rules=<<"EOF";
+all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe $build_targets
+
+banner:
+$banner
+
+\$(TMP_D):
+	\$(MKDIR) \"\$(TMP_D)\"
+# NB: uncomment out these lines if BIN_D, TEST_D and LIB_D are different
+#\$(BIN_D):
+#	\$(MKDIR) \$(BIN_D)
+#
+#\$(TEST_D):
+#	\$(MKDIR) \$(TEST_D)
+
+\$(LIB_D):
+	\$(MKDIR) \"\$(LIB_D)\"
+
+\$(INCO_D): \$(INC_D)
+	\$(MKDIR) \"\$(INCO_D)\"
+
+\$(INC_D):
+	\$(MKDIR) \"\$(INC_D)\"
+
+headers: \$(HEADER) \$(EXHEADER)
+	@
+
+lib: \$(LIBS_DEP) \$(E_SHLIB)
+
+exe: \$(T_EXE) \$(BIN_D)$o\$(E_EXE)$exep
+
+install: all
+	\$(MKDIR) \"\$(INSTALLTOP)\"
+	\$(MKDIR) \"\$(INSTALLTOP)${o}bin\"
+	\$(MKDIR) \"\$(INSTALLTOP)${o}include\"
+	\$(MKDIR) \"\$(INSTALLTOP)${o}include${o}openssl\"
+	\$(MKDIR) \"\$(INSTALLTOP)${o}lib\"
+	\$(CP) \"\$(INCO_D)${o}*.\[ch\]\" \"\$(INSTALLTOP)${o}include${o}openssl\"
+	\$(CP) \"\$(BIN_D)$o\$(E_EXE)$exep \$(INSTALLTOP)${o}bin\"
+	\$(MKDIR) \"\$(OPENSSLDIR)\"
+	\$(CP) apps${o}openssl.cnf \"\$(OPENSSLDIR)\"
+$extra_install
+
+
+test: \$(T_EXE)
+	cd \$(BIN_D)
+	..${o}ms${o}test
+
+clean:
+	\$(RM) \$(TMP_D)$o*.*
+
+vclean:
+	\$(RM) \$(TMP_D)$o*.*
+	\$(RM) \$(OUT_D)$o*.*
+
+EOF
+    
+my $platform_cpp_symbol = "MK1MF_PLATFORM_$platform";
+$platform_cpp_symbol =~ s/-/_/g;
+if (open(IN,"crypto/buildinf.h"))
+	{
+	# Remove entry for this platform in existing file buildinf.h.
+
+	my $old_buildinf_h = "";
+	while (<IN>)
+		{
+		if (/^\#ifdef $platform_cpp_symbol$/)
+			{
+			while (<IN>) { last if (/^\#endif/); }
+			}
+		else
+			{
+			$old_buildinf_h .= $_;
+			}
+		}
+	close(IN);
+
+	open(OUT,">crypto/buildinf.h") || die "Can't open buildinf.h";
+	print OUT $old_buildinf_h;
+	close(OUT);
+	}
+
+open (OUT,">>crypto/buildinf.h") || die "Can't open buildinf.h";
+printf OUT <<EOF;
+#ifdef $platform_cpp_symbol
+  /* auto-generated/updated by util/mk1mf.pl for crypto/cversion.c */
+  #define CFLAGS "compiler: $cc $cflags"
+  #define PLATFORM "$platform"
+EOF
+printf OUT "  #define DATE \"%s\"\n", scalar gmtime();
+printf OUT "#endif\n";
+close(OUT);
+
+# Strip of trailing ' '
+foreach (keys %lib_obj) { $lib_obj{$_}=&clean_up_ws($lib_obj{$_}); }
+$test=&clean_up_ws($test);
+$e_exe=&clean_up_ws($e_exe);
+$exheader=&clean_up_ws($exheader);
+$header=&clean_up_ws($header);
+
+# First we strip the exheaders from the headers list
+foreach (split(/\s+/,$exheader)){ $h{$_}=1; }
+foreach (split(/\s+/,$header))	{ $h.=$_." " unless $h{$_}; }
+chop($h); $header=$h;
+
+$defs.=&do_defs("HEADER",$header,"\$(INCL_D)","");
+$rules.=&do_copy_rule("\$(INCL_D)",$header,"");
+
+$defs.=&do_defs("EXHEADER",$exheader,"\$(INCO_D)","");
+$rules.=&do_copy_rule("\$(INCO_D)",$exheader,"");
+
+$defs.=&do_defs("T_OBJ",$test,"\$(OBJ_D)",$obj);
+$rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)");
+
+$defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj);
+$rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)');
+
+# Special case rule for fips_premain_dso
+
+if ($fips)
+	{
+	$rules.=&cc_compile_target("\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj",
+		"\$(FIPS_PREMAIN_SRC)",
+		"-DFINGERPRINT_PREMAIN_DSO_LOAD \$(SHLIB_CFLAGS)", "");
+	$rules.=&do_link_rule("\$(PREMAIN_DSO_EXE)","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(CRYPTOOBJ) \$(O_FIPSCANISTER)","","\$(EX_LIBS)", 1);
+	}
+
+foreach (values %lib_nam)
+	{
+	$lib_obj=$lib_obj{$_};
+	local($slib)=$shlib;
+
+	$defs.=&do_defs(${_}."OBJ",$lib_obj,"\$(OBJ_D)",$obj);
+	$lib=($slib)?" \$(SHLIB_CFLAGS)".$shlib_ex_cflags{$_}:" \$(LIB_CFLAGS)";
+	$rules.=&do_compile_rule("\$(OBJ_D)",$lib_obj{$_},$lib);
+	}
+
+# hack to add version info on MSVC
+if (($platform eq "VC-WIN32") || ($platform eq "VC-WIN64A")
+	|| ($platform eq "VC-WIN64I") || ($platform eq "VC-NT")) {
+    $rules.= <<"EOF";
+\$(OBJ_D)\\\$(CRYPTO).res: ms\\version32.rc
+	\$(RSC) /fo"\$(OBJ_D)\\\$(CRYPTO).res" /d CRYPTO ms\\version32.rc
+
+\$(OBJ_D)\\\$(SSL).res: ms\\version32.rc
+	\$(RSC) /fo"\$(OBJ_D)\\\$(SSL).res" /d SSL ms\\version32.rc
+
+EOF
+}
+
+$defs.=&do_defs("T_EXE",$test,"\$(TEST_D)",$exep);
+foreach (split(/\s+/,$test))
+	{
+	$t=&bname($_);
+	$tt="\$(OBJ_D)${o}$t${obj}";
+	$rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
+	}
+
+$defs.=&do_defs("E_SHLIB",$engines . $otherlibs,"\$(ENG_D)",$shlibp);
+
+foreach (split(/\s+/,$engines))
+	{
+	$rules.=&do_compile_rule("\$(OBJ_D)","engines${o}e_$_",$lib);
+	$rules.= &do_lib_rule("\$(OBJ_D)${o}e_${_}.obj","\$(ENG_D)$o$_$shlibp","",$shlib,"");
+	}
+
+
+
+$rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)");
+
+if ($fips)
+	{
+	if ($shlib)
+		{
+		$rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
+				"\$(O_CRYPTO)", "$crypto",
+				$shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)");
+		}
+	else
+		{
+		$rules.= &do_lib_rule("\$(CRYPTOOBJ)",
+			"\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", "");
+		$rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
+			"\$(LIB_D)$o$crypto_compat",$crypto,$shlib,"\$(SO_CRYPTO)", "");
+		}
+	}
+	else
+	{
+	$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,
+							"\$(SO_CRYPTO)");
+	}
+
+foreach (split(" ",$otherlibs))
+	{
+	my $uc = $_;
+	$uc =~ tr /a-z/A-Z/;	
+	$rules.= &do_lib_rule("\$(${uc}OBJ)","\$(ENG_D)$o$_$shlibp", "", $shlib, "");
+
+	}
+
+$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)", ($fips && !$shlib) ? 2 : 0);
+
+print $defs;
+
+if ($platform eq "linux-elf") {
+    print <<"EOF";
+# Generate perlasm output files
+%.cpp:
+	(cd \$(\@D)/..; PERL=perl make -f Makefile asm/\$(\@F))
+EOF
+}
+print "###################################################################\n";
+print $rules;
+
+###############################################
+# strip off any trailing .[och] and append the relative directory
+# also remembering to do nothing if we are in one of the dropped
+# directories
+sub var_add
+	{
+	local($dir,$val,$keepext)=@_;
+	local(@a,$_,$ret);
+
+	return("") if $no_engine && $dir =~ /\/engine/;
+	return("") if $no_hw   && $dir =~ /\/hw/;
+	return("") if $no_idea && $dir =~ /\/idea/;
+	return("") if $no_aes  && $dir =~ /\/aes/;
+	return("") if $no_camellia  && $dir =~ /\/camellia/;
+	return("") if $no_seed && $dir =~ /\/seed/;
+	return("") if $no_rc2  && $dir =~ /\/rc2/;
+	return("") if $no_rc4  && $dir =~ /\/rc4/;
+	return("") if $no_rc5  && $dir =~ /\/rc5/;
+	return("") if $no_rsa  && $dir =~ /\/rsa/;
+	return("") if $no_rsa  && $dir =~ /^rsaref/;
+	return("") if $no_dsa  && $dir =~ /\/dsa/;
+	return("") if $no_dh   && $dir =~ /\/dh/;
+	return("") if $no_ec   && $dir =~ /\/ec/;
+	return("") if $no_gost   && $dir =~ /\/ccgost/;
+	return("") if $no_cms  && $dir =~ /\/cms/;
+	return("") if $no_jpake  && $dir =~ /\/jpake/;
+	return("") if $no_comp && $dir =~ /\/comp/;
+	if ($no_des && $dir =~ /\/des/)
+		{
+		if ($val =~ /read_pwd/)
+			{ return("$dir/read_pwd "); }
+		else
+			{ return(""); }
+		}
+	return("") if $no_mdc2 && $dir =~ /\/mdc2/;
+	return("") if $no_sock && $dir =~ /\/proxy/;
+	return("") if $no_bf   && $dir =~ /\/bf/;
+	return("") if $no_cast && $dir =~ /\/cast/;
+	return("") if $no_whirlpool && $dir =~ /\/whrlpool/;
+
+	$val =~ s/^\s*(.*)\s*$/$1/;
+	@a=split(/\s+/,$val);
+	grep(s/\.[och]$//, at a) unless $keepext;
+
+	@a=grep(!/^e_.*_3d$/, at a) if $no_des;
+	@a=grep(!/^e_.*_d$/, at a) if $no_des;
+	@a=grep(!/^e_.*_ae$/, at a) if $no_idea;
+	@a=grep(!/^e_.*_i$/, at a) if $no_aes;
+	@a=grep(!/^e_.*_r2$/, at a) if $no_rc2;
+	@a=grep(!/^e_.*_r5$/, at a) if $no_rc5;
+	@a=grep(!/^e_.*_bf$/, at a) if $no_bf;
+	@a=grep(!/^e_.*_c$/, at a) if $no_cast;
+	@a=grep(!/^e_rc4$/, at a) if $no_rc4;
+	@a=grep(!/^e_camellia$/, at a) if $no_camellia;
+	@a=grep(!/^e_seed$/, at a) if $no_seed;
+
+	#@a=grep(!/(^s2_)|(^s23_)/, at a) if $no_ssl2;
+	#@a=grep(!/(^s3_)|(^s23_)/, at a) if $no_ssl3;
+
+	@a=grep(!/(_sock$)|(_acpt$)|(_conn$)|(^pxy_)/, at a) if $no_sock;
+
+	@a=grep(!/(^md2)|(_md2$)/, at a) if $no_md2;
+	@a=grep(!/(^md4)|(_md4$)/, at a) if $no_md4;
+	@a=grep(!/(^md5)|(_md5$)/, at a) if $no_md5;
+	@a=grep(!/(rmd)|(ripemd)/, at a) if $no_ripemd;
+
+	@a=grep(!/(^d2i_r_)|(^i2d_r_)/, at a) if $no_rsa;
+	@a=grep(!/(^p_open$)|(^p_seal$)/, at a) if $no_rsa;
+	@a=grep(!/(^pem_seal$)/, at a) if $no_rsa;
+
+	@a=grep(!/(m_dss$)|(m_dss1$)/, at a) if $no_dsa;
+	@a=grep(!/(^d2i_s_)|(^i2d_s_)|(_dsap$)/, at a) if $no_dsa;
+
+	@a=grep(!/^n_pkey$/, at a) if $no_rsa || $no_rc4;
+
+	@a=grep(!/_dhp$/, at a) if $no_dh;
+
+	@a=grep(!/(^sha[^1])|(_sha$)|(m_dss$)/, at a) if $no_sha;
+	@a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/, at a) if $no_sha1;
+	@a=grep(!/_mdc2$/, at a) if $no_mdc2;
+
+	@a=grep(!/(srp)/, at a) if $no_srp;
+
+	@a=grep(!/^engine$/, at a) if $no_engine;
+	@a=grep(!/^hw$/, at a) if $no_hw;
+	@a=grep(!/(^rsa$)|(^genrsa$)/, at a) if $no_rsa;
+	@a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/, at a) if $no_dsa;
+	@a=grep(!/^gendsa$/, at a) if $no_sha1;
+	@a=grep(!/(^dh$)|(^gendh$)/, at a) if $no_dh;
+
+	@a=grep(!/(^dh)|(_sha1$)|(m_dss1$)/, at a) if $no_sha1;
+
+	grep($_="$dir/$_", at a);
+	@a=grep(!/(^|\/)s_/, at a) if $no_sock;
+	@a=grep(!/(^|\/)bio_sock/, at a) if $no_sock;
+	$ret=join(' ', at a)." ";
+	return($ret);
+	}
+
+# change things so that each 'token' is only separated by one space
+sub clean_up_ws
+	{
+	local($w)=@_;
+
+	$w =~ s/^\s*(.*)\s*$/$1/;
+	$w =~ s/\s+/ /g;
+	return($w);
+	}
+
+sub do_defs
+	{
+	local($var,$files,$location,$postfix)=@_;
+	local($_,$ret,$pf);
+	local(*OUT,$tmp,$t);
+
+	$files =~ s/\//$o/g if $o ne '/';
+	$ret="$var="; 
+	$n=1;
+	$Vars{$var}.="";
+	foreach (split(/ /,$files))
+		{
+		$orig=$_;
+		$_=&bname($_) unless /^\$/;
+		if ($n++ == 2)
+			{
+			$n=0;
+			$ret.="\\\n\t";
+			}
+		if (($_ =~ /bss_file/) && ($postfix eq ".h"))
+			{ $pf=".c"; }
+		else	{ $pf=$postfix; }
+		if ($_ =~ /BN_ASM/)	{ $t="$_ "; }
+		elsif ($_ =~ /BNCO_ASM/){ $t="$_ "; }
+		elsif ($_ =~ /AES_ASM/){ $t="$_ "; }
+		elsif ($_ =~ /DES_ENC/)	{ $t="$_ "; }
+		elsif ($_ =~ /BF_ENC/)	{ $t="$_ "; }
+		elsif ($_ =~ /CAST_ENC/){ $t="$_ "; }
+		elsif ($_ =~ /RC4_ENC/)	{ $t="$_ "; }
+		elsif ($_ =~ /RC5_ENC/)	{ $t="$_ "; }
+		elsif ($_ =~ /MD5_ASM/)	{ $t="$_ "; }
+		elsif ($_ =~ /SHA1_ASM/){ $t="$_ "; }
+		elsif ($_ =~ /RMD160_ASM/){ $t="$_ "; }
+		elsif ($_ =~ /WHIRLPOOL_ASM/){ $t="$_ "; }
+		elsif ($_ =~ /CPUID_ASM/){ $t="$_ "; }
+		else	{ $t="$location${o}$_$pf "; }
+
+		$Vars{$var}.="$t ";
+		$ret.=$t;
+		}
+	# hack to add version info on MSVC
+	if ($shlib && (($platform eq "VC-WIN32") || ($platfrom eq "VC-WIN64I") || ($platform eq "VC-WIN64A") || ($platform eq "VC-NT")))
+		{
+		if ($var eq "CRYPTOOBJ")
+			{ $ret.="\$(OBJ_D)\\\$(CRYPTO).res "; }
+		elsif ($var eq "SSLOBJ")
+			{ $ret.="\$(OBJ_D)\\\$(SSL).res "; }
+		}
+	chomp($ret);
+	$ret.="\n\n";
+	return($ret);
+	}
+
+# return the name with the leading path removed
+sub bname
+	{
+	local($ret)=@_;
+	$ret =~ s/^.*[\\\/]([^\\\/]+)$/$1/;
+	return($ret);
+	}
+
+# return the leading path
+sub dname
+	{
+	my $ret=shift;
+	$ret =~ s/(^.*)[\\\/][^\\\/]+$/$1/;
+	return($ret);
+	}
+
+##############################################################
+# do a rule for each file that says 'compile' to new direcory
+# compile the files in '$files' into $to
+sub do_compile_rule
+	{
+	local($to,$files,$ex)=@_;
+	local($ret,$_,$n,$d,$s);
+
+	$files =~ s/\//$o/g if $o ne '/';
+	foreach (split(/\s+/,$files))
+		{
+		$n=&bname($_);
+		$d=&dname($_);
+		if (-f "${_}.c")
+			{
+			$ret.=&cc_compile_target("$to${o}$n$obj","${_}.c",$ex)
+			}
+		elsif (-f ($s="${d}${o}asm${o}${n}.pl") or
+		       ($s=~s/sha256/sha512/ and -f $s) or
+		       -f ($s="${d}${o}${n}.pl"))
+			{
+			$ret.=&perlasm_compile_target("$to${o}$n$obj",$s,$n);
+			}
+		elsif (-f ($s="${d}${o}asm${o}${n}.S") or
+		       -f ($s="${d}${o}${n}.S"))
+			{
+			$ret.=&Sasm_compile_target("$to${o}$n$obj",$s,$n);
+			}
+		else	{ die "no rule for $_"; }
+		}
+	return($ret);
+	}
+
+##############################################################
+# do a rule for each file that says 'compile' to new direcory
+sub perlasm_compile_target
+	{
+	my($target,$source,$bname)=@_;
+	my($ret);
+
+	$bname =~ s/(.*)\.[^\.]$/$1/;
+	$ret ="\$(TMP_D)$o$bname.asm: $source\n";
+	$ret.="\t\$(PERL) $source $asmtype \$(CFLAG) >\$\@\n\n";
+	$ret.="$target: \$(TMP_D)$o$bname.asm\n";
+	$ret.="\t\$(ASM) $afile\$\@ \$(TMP_D)$o$bname.asm\n\n";
+	return($ret);
+	}
+
+sub Sasm_compile_target
+	{
+	my($target,$source,$bname)=@_;
+	my($ret);
+
+	$bname =~ s/(.*)\.[^\.]$/$1/;
+	$ret ="\$(TMP_D)$o$bname.asm: $source\n";
+	$ret.="\t\$(CC) -E \$(CFLAG) $source >\$\@\n\n";
+	$ret.="$target: \$(TMP_D)$o$bname.asm\n";
+	$ret.="\t\$(ASM) $afile\$\@ \$(TMP_D)$o$bname.asm\n\n";
+	return($ret);
+	}
+
+sub cc_compile_target
+	{
+	local($target,$source,$ex_flags, $srcd)=@_;
+	local($ret);
+	
+	$ex_flags.=" -DMK1MF_BUILD -D$platform_cpp_symbol" if ($source =~ /cversion/);
+	$target =~ s/\//$o/g if $o ne "/";
+	$source =~ s/\//$o/g if $o ne "/";
+	$srcd = "\$(SRC_D)$o" unless defined $srcd;
+	$ret ="$target: $srcd$source\n\t";
+	$ret.="\$(CC) ${ofile}$target $ex_flags -c $srcd$source\n\n";
+	return($ret);
+	}
+
+##############################################################
+sub do_asm_rule
+	{
+	local($target,$src)=@_;
+	local($ret, at s, at t,$i);
+
+	$target =~ s/\//$o/g if $o ne "/";
+	$src =~ s/\//$o/g if $o ne "/";
+
+	@t=split(/\s+/,$target);
+	@s=split(/\s+/,$src);
+
+
+	for ($i=0; $i<=$#s; $i++)
+		{
+		my $objfile = $t[$i];
+		my $srcfile = $s[$i];
+
+		if ($perl_asm == 1)
+			{
+			my $plasm = $objfile;
+			$plasm =~ s/${obj}/.pl/;
+			$ret.="$srcfile: $plasm\n";
+			$ret.="\t\$(PERL) $plasm $asmtype \$(CFLAG) >$srcfile\n\n";
+			}
+
+		$ret.="$objfile: $srcfile\n";
+		$ret.="\t\$(ASM) $afile$objfile \$(SRC_D)$o$srcfile\n\n";
+		}
+	return($ret);
+	}
+
+sub do_shlib_rule
+	{
+	local($n,$def)=@_;
+	local($ret,$nn);
+	local($t);
+
+	($nn=$n) =~ tr/a-z/A-Z/;
+	$ret.="$n.dll: \$(${nn}OBJ)\n";
+	if ($vc && $w32)
+		{
+		$ret.="\t\$(MKSHLIB) $efile$n.dll $def @<<\n  \$(${nn}OBJ_F)\n<<\n";
+		}
+	$ret.="\n";
+	return($ret);
+	}
+
+# do a rule for each file that says 'copy' to new direcory on change
+sub do_copy_rule
+	{
+	local($to,$files,$p)=@_;
+	local($ret,$_,$n,$pp);
+	
+	$files =~ s/\//$o/g if $o ne '/';
+	foreach (split(/\s+/,$files))
+		{
+		$n=&bname($_);
+		if ($n =~ /bss_file/)
+			{ $pp=".c"; }
+		else	{ $pp=$p; }
+		$ret.="$to${o}$n$pp: \$(SRC_D)$o$_$pp\n\t\$(CP) \"\$(SRC_D)$o$_$pp\" \"$to${o}$n$pp\"\n\n";
+		}
+	return($ret);
+	}
+
+# Options picked up from the OPTIONS line in the top level Makefile
+# generated by Configure.
+
+sub read_options
+	{
+	# Many options are handled in a similar way. In particular
+	# no-xxx sets zero or more scalars to 1.
+	# Process these using the %valid_options hash containing the option
+	# name and reference to the scalars to set. In some cases the option
+	# needs no special handling and can be ignored: this is done by
+	# setting the value to 0.
+
+	my %valid_options = (
+		"no-rc2" => \$no_rc2,
+		"no-rc4" => \$no_rc4,
+		"no-rc5" => \$no_rc5,
+		"no-idea" => \$no_idea,
+		"no-aes" => \$no_aes,
+		"no-camellia" => \$no_camellia,
+		"no-seed" => \$no_seed,
+		"no-des" => \$no_des,
+		"no-bf" => \$no_bf,
+		"no-cast" => \$no_cast,
+		"no-md2" => \$no_md2,
+		"no-md4" => \$no_md4,
+		"no-md5" => \$no_md5,
+		"no-sha" => \$no_sha,
+		"no-sha1" => \$no_sha1,
+		"no-ripemd" => \$no_ripemd,
+		"no-mdc2" => \$no_mdc2,
+		"no-whirlpool" => \$no_whirlpool,
+		"no-patents" => 
+			[\$no_rc2, \$no_rc4, \$no_rc5, \$no_idea, \$no_rsa],
+		"no-rsa" => \$no_rsa,
+		"no-dsa" => \$no_dsa,
+		"no-dh" => \$no_dh,
+		"no-hmac" => \$no_hmac,
+		"no-asm" => \$no_asm,
+		"nasm" => \$nasm,
+		"nw-nasm" => \$nw_nasm,
+		"nw-mwasm" => \$nw_mwasm,
+		"gaswin" => \$gaswin,
+		"no-ssl2" => \$no_ssl2,
+		"no-ssl2-method" => 0,
+		"no-ssl3" => \$no_ssl3,
+		"no-ssl3-method" => 0,
+		"no-tlsext" => \$no_tlsext,
+		"no-srp" => \$no_srp,
+		"no-cms" => \$no_cms,
+		"no-ec2m" => \$no_ec2m,
+		"no-jpake" => \$no_jpake,
+		"no-ec_nistp_64_gcc_128" => 0,
+		"no-weak-ssl-ciphers" => \$no_weak_ssl,
+		"no-err" => \$no_err,
+		"no-sock" => \$no_sock,
+		"no-krb5" => \$no_krb5,
+		"no-ec" => \$no_ec,
+		"no-ecdsa" => \$no_ecdsa,
+		"no-ecdh" => \$no_ecdh,
+		"no-gost" => \$no_gost,
+		"no-engine" => \$no_engine,
+		"no-hw" => \$no_hw,
+		"no-rsax" => 0,
+		"just-ssl" =>
+			[\$no_rc2, \$no_idea, \$no_des, \$no_bf, \$no_cast,
+			  \$no_md2, \$no_sha, \$no_mdc2, \$no_dsa, \$no_dh,
+			  \$no_ssl2, \$no_err, \$no_ripemd, \$no_rc5,
+			  \$no_aes, \$no_camellia, \$no_seed, \$no_srp],
+		"rsaref" => 0,
+		"gcc" => \$gcc,
+		"debug" => \$debug,
+		"profile" => \$profile,
+		"shlib" => \$shlib,
+		"dll" => \$shlib,
+		"shared" => 0,
+		"no-sctp" => 0,
+		"no-srtp" => 0,
+		"no-gmp" => 0,
+		"no-rfc3779" => 0,
+		"no-montasm" => 0,
+		"no-shared" => 0,
+		"no-store" => 0,
+		"no-unit-test" => 0,
+		"no-zlib" => 0,
+		"no-zlib-dynamic" => 0,
+		"no-comp" => \$no_comp,
+		"fips" => \$fips
+		);
+
+	if (exists $valid_options{$_})
+		{
+		my $r = $valid_options{$_};
+		if ( ref $r eq "SCALAR")
+			{ $$r = 1;}
+		elsif ( ref $r eq "ARRAY")
+			{
+			my $r2;
+			foreach $r2 (@$r)
+				{
+				$$r2 = 1;
+				}
+			}
+		}
+	elsif (/^enable-zlib$/) { $zlib_opt = 1 if $zlib_opt == 0 }
+	elsif (/^enable-zlib-dynamic$/)
+		{
+		$zlib_opt = 2;
+		}
+	elsif (/^no-static-engine/)
+		{
+		$no_static_engine = 1;
+		}
+	elsif (/^enable-static-engine/)
+		{
+		$no_static_engine = 0;
+		}
+	# There are also enable-xxx options which correspond to
+	# the no-xxx. Since the scalars are enabled by default
+	# these can be ignored.
+	elsif (/^enable-/)
+		{
+		my $t = $_;
+		$t =~ s/^enable/no/;
+		if (exists $valid_options{$t})
+			{return 1;}
+		return 0;
+		}
+	# experimental-xxx is mostly like enable-xxx, but opensslconf.v
+	# will still set OPENSSL_NO_xxx unless we set OPENSSL_EXPERIMENTAL_xxx.
+	# (No need to fail if we don't know the algorithm -- this is for adventurous users only.)
+	elsif (/^experimental-/)
+		{
+		my $algo, $ALGO;
+		($algo = $_) =~ s/^experimental-//;
+		($ALGO = $algo) =~ tr/[a-z]/[A-Z]/;
+
+		$xcflags="-DOPENSSL_EXPERIMENTAL_$ALGO $xcflags";
+		
+		}
+	elsif (/^--with-krb5-flavor=(.*)$/)
+		{
+		my $krb5_flavor = $1;
+		if ($krb5_flavor =~ /^force-[Hh]eimdal$/)
+			{
+			$xcflags="-DKRB5_HEIMDAL $xcflags";
+			}
+		elsif ($krb5_flavor =~ /^MIT/i)
+			{
+			$xcflags="-DKRB5_MIT $xcflags";
+		 	if ($krb5_flavor =~ /^MIT[._-]*1[._-]*[01]/i)
+				{
+				$xcflags="-DKRB5_MIT_OLD11 $xcflags"
+				}
+			}
+		}
+	elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
+	elsif (/^-[lL].*$/)	{ $l_flags.="$_ "; }
+	elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/)
+		{ $c_flags.="$_ "; }
+	else { return(0); }
+	return(1);
+	}

Deleted: vendor-crypto/openssl/1.0.1u/util/mkdef.pl
===================================================================
--- vendor-crypto/openssl/dist/util/mkdef.pl	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/util/mkdef.pl	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,1552 +0,0 @@
-#!/usr/local/bin/perl -w
-#
-# generate a .def file
-#
-# It does this by parsing the header files and looking for the
-# prototyped functions: it then prunes the output.
-#
-# Intermediary files are created, call libeay.num and ssleay.num,...
-# Previously, they had the following format:
-#
-#	routine-name	nnnn
-#
-# But that isn't enough for a number of reasons, the first on being that
-# this format is (needlessly) very Win32-centric, and even then...
-# One of the biggest problems is that there's no information about what
-# routines should actually be used, which varies with what crypto algorithms
-# are disabled.  Also, some operating systems (for example VMS with VAX C)
-# need to keep track of the global variables as well as the functions.
-#
-# So, a remake of this script is done so as to include information on the
-# kind of symbol it is (function or variable) and what algorithms they're
-# part of.  This will allow easy translating to .def files or the corresponding
-# file in other operating systems (a .opt file for VMS, possibly with a .mar
-# file).
-#
-# The format now becomes:
-#
-#	routine-name	nnnn	info
-#
-# and the "info" part is actually a colon-separated string of fields with
-# the following meaning:
-#
-#	existence:platform:kind:algorithms
-#
-# - "existence" can be "EXIST" or "NOEXIST" depending on if the symbol is
-#   found somewhere in the source, 
-# - "platforms" is empty if it exists on all platforms, otherwise it contains
-#   comma-separated list of the platform, just as they are if the symbol exists
-#   for those platforms, or prepended with a "!" if not.  This helps resolve
-#   symbol name variants for platforms where the names are too long for the
-#   compiler or linker, or if the systems is case insensitive and there is a
-#   clash, or the symbol is implemented differently (see
-#   EXPORT_VAR_AS_FUNCTION).  This script assumes renaming of symbols is found
-#   in the file crypto/symhacks.h.
-#   The semantics for the platforms is that every item is checked against the
-#   environment.  For the negative items ("!FOO"), if any of them is false
-#   (i.e. "FOO" is true) in the environment, the corresponding symbol can't be
-#   used.  For the positive itms, if all of them are false in the environment,
-#   the corresponding symbol can't be used.  Any combination of positive and
-#   negative items are possible, and of course leave room for some redundancy.
-# - "kind" is "FUNCTION" or "VARIABLE".  The meaning of that is obvious.
-# - "algorithms" is a comma-separated list of algorithm names.  This helps
-#   exclude symbols that are part of an algorithm that some user wants to
-#   exclude.
-#
-
-my $debug=0;
-
-my $crypto_num= "util/libeay.num";
-my $ssl_num=    "util/ssleay.num";
-my $libname;
-
-my $do_update = 0;
-my $do_rewrite = 1;
-my $do_crypto = 0;
-my $do_ssl = 0;
-my $do_ctest = 0;
-my $do_ctestall = 0;
-my $do_checkexist = 0;
-
-my $VMSVAX=0;
-my $VMSNonVAX=0;
-my $VMS=0;
-my $W32=0;
-my $W16=0;
-my $NT=0;
-my $OS2=0;
-# Set this to make typesafe STACK definitions appear in DEF
-my $safe_stack_def = 0;
-
-my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT",
-			"EXPORT_VAR_AS_FUNCTION", "ZLIB", "OPENSSL_FIPS" );
-my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" );
-my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
-			 "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1",
-			 "SHA256", "SHA512", "RIPEMD",
-			 "MDC2", "WHIRLPOOL", "RSA", "DSA", "DH", "EC", "ECDH", "ECDSA", "EC2M",
-			 "HMAC", "AES", "CAMELLIA", "SEED", "GOST",
-			 # EC_NISTP_64_GCC_128
-			 "EC_NISTP_64_GCC_128",
-			 # Envelope "algorithms"
-			 "EVP", "X509", "ASN1_TYPEDEFS",
-			 # Helper "algorithms"
-			 "BIO", "COMP", "BUFFER", "LHASH", "STACK", "ERR",
-			 "LOCKING",
-			 # External "algorithms"
-			 "FP_API", "STDIO", "SOCK", "KRB5", "DGRAM",
-			 # Engines
-			 "STATIC_ENGINE", "ENGINE", "HW", "GMP",
-			 # RFC3779
-			 "RFC3779",
-			 # TLS
-			 "TLSEXT", "PSK", "SRP", "HEARTBEATS",
-			 # CMS
-			 "CMS",
-			 # CryptoAPI Engine
-			 "CAPIENG",
-			 # SSL v2
-			 "SSL2",
-			 # SSL v3 method
-			 "SSL3_METHOD",
-			 # JPAKE
-			 "JPAKE",
-			 # NEXTPROTONEG
-			 "NEXTPROTONEG",
-			 # Deprecated functions
-			 "DEPRECATED",
-			 # Hide SSL internals
-			 "SSL_INTERN",
-			 # SCTP
-		 	 "SCTP",
-			 # SRTP
-			 "SRTP",
-			 # Unit testing
-		 	 "UNIT_TEST");
-
-my $options="";
-open(IN,"<Makefile") || die "unable to open Makefile!\n";
-while(<IN>) {
-    $options=$1 if (/^OPTIONS=(.*)$/);
-}
-close(IN);
-
-# The following ciphers may be excluded (by Configure). This means functions
-# defined with ifndef(NO_XXX) are not included in the .def file, and everything
-# in directory xxx is ignored.
-my $no_rc2; my $no_rc4; my $no_rc5; my $no_idea; my $no_des; my $no_bf;
-my $no_cast; my $no_whirlpool; my $no_camellia; my $no_seed;
-my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
-my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
-my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
-my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
-my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
-my $no_jpake; my $no_srp; my $no_ssl2; my $no_ec2m; my $no_nistp_gcc; 
-my $no_nextprotoneg; my $no_sctp; my $no_srtp;
-my $no_unit_test; my $no_ssl3_method;
-
-my $fips;
-
-my $zlib;
-
-
-foreach (@ARGV, split(/ /, $options))
-	{
-	$debug=1 if $_ eq "debug";
-	$W32=1 if $_ eq "32";
-	$W16=1 if $_ eq "16";
-	if($_ eq "NT") {
-		$W32 = 1;
-		$NT = 1;
-	}
-	if ($_ eq "VMS-VAX") {
-		$VMS=1;
-		$VMSVAX=1;
-	}
-	if ($_ eq "VMS-NonVAX") {
-		$VMS=1;
-		$VMSNonVAX=1;
-	}
-	$VMS=1 if $_ eq "VMS";
-	$OS2=1 if $_ eq "OS2";
-	$fips=1 if /^fips/;
-	if ($_ eq "zlib" || $_ eq "enable-zlib" || $_ eq "zlib-dynamic"
-			 || $_ eq "enable-zlib-dynamic") {
-		$zlib = 1;
-	}
-
-	$do_ssl=1 if $_ eq "ssleay";
-	if ($_ eq "ssl") {
-		$do_ssl=1; 
-		$libname=$_
-	}
-	$do_crypto=1 if $_ eq "libeay";
-	if ($_ eq "crypto") {
-		$do_crypto=1;
-		$libname=$_;
-	}
-	$no_static_engine=1 if $_ eq "no-static-engine";
-	$no_static_engine=0 if $_ eq "enable-static-engine";
-	$do_update=1 if $_ eq "update";
-	$do_rewrite=1 if $_ eq "rewrite";
-	$do_ctest=1 if $_ eq "ctest";
-	$do_ctestall=1 if $_ eq "ctestall";
-	$do_checkexist=1 if $_ eq "exist";
-	#$safe_stack_def=1 if $_ eq "-DDEBUG_SAFESTACK";
-
-	if    (/^no-rc2$/)      { $no_rc2=1; }
-	elsif (/^no-rc4$/)      { $no_rc4=1; }
-	elsif (/^no-rc5$/)      { $no_rc5=1; }
-	elsif (/^no-idea$/)     { $no_idea=1; }
-	elsif (/^no-des$/)      { $no_des=1; $no_mdc2=1; }
-	elsif (/^no-bf$/)       { $no_bf=1; }
-	elsif (/^no-cast$/)     { $no_cast=1; }
-	elsif (/^no-whirlpool$/)     { $no_whirlpool=1; }
-	elsif (/^no-md2$/)      { $no_md2=1; }
-	elsif (/^no-md4$/)      { $no_md4=1; }
-	elsif (/^no-md5$/)      { $no_md5=1; }
-	elsif (/^no-sha$/)      { $no_sha=1; }
-	elsif (/^no-ripemd$/)   { $no_ripemd=1; }
-	elsif (/^no-mdc2$/)     { $no_mdc2=1; }
-	elsif (/^no-rsa$/)      { $no_rsa=1; }
-	elsif (/^no-dsa$/)      { $no_dsa=1; }
-	elsif (/^no-dh$/)       { $no_dh=1; }
-	elsif (/^no-ec$/)       { $no_ec=1; }
-	elsif (/^no-ecdsa$/)	{ $no_ecdsa=1; }
-	elsif (/^no-ecdh$/) 	{ $no_ecdh=1; }
-	elsif (/^no-hmac$/)	{ $no_hmac=1; }
-	elsif (/^no-aes$/)	{ $no_aes=1; }
-	elsif (/^no-camellia$/)	{ $no_camellia=1; }
-	elsif (/^no-seed$/)     { $no_seed=1; }
-	elsif (/^no-evp$/)	{ $no_evp=1; }
-	elsif (/^no-lhash$/)	{ $no_lhash=1; }
-	elsif (/^no-stack$/)	{ $no_stack=1; }
-	elsif (/^no-err$/)	{ $no_err=1; }
-	elsif (/^no-buffer$/)	{ $no_buffer=1; }
-	elsif (/^no-bio$/)	{ $no_bio=1; }
-	#elsif (/^no-locking$/)	{ $no_locking=1; }
-	elsif (/^no-comp$/)	{ $no_comp=1; }
-	elsif (/^no-dso$/)	{ $no_dso=1; }
-	elsif (/^no-krb5$/)	{ $no_krb5=1; }
-	elsif (/^no-engine$/)	{ $no_engine=1; }
-	elsif (/^no-hw$/)	{ $no_hw=1; }
-	elsif (/^no-gmp$/)	{ $no_gmp=1; }
-	elsif (/^no-rfc3779$/)	{ $no_rfc3779=1; }
-	elsif (/^no-tlsext$/)	{ $no_tlsext=1; }
-	elsif (/^no-cms$/)	{ $no_cms=1; }
-	elsif (/^no-ec2m$/)	{ $no_ec2m=1; }
-	elsif (/^no-ec_nistp_64_gcc_128$/)	{ $no_nistp_gcc=1; }
-	elsif (/^no-nextprotoneg$/)	{ $no_nextprotoneg=1; }
-	elsif (/^no-ssl2$/)	{ $no_ssl2=1; }
-	elsif (/^no-ssl3-method$/) { $no_ssl3_method=1; }
-	elsif (/^no-capieng$/)	{ $no_capieng=1; }
-	elsif (/^no-jpake$/)	{ $no_jpake=1; }
-	elsif (/^no-srp$/)	{ $no_srp=1; }
-	elsif (/^no-sctp$/)	{ $no_sctp=1; }
-	elsif (/^no-srtp$/)	{ $no_srtp=1; }
-	elsif (/^no-unit-test$/){ $no_unit_test=1; }
-	}
-
-
-if (!$libname) { 
-	if ($do_ssl) {
-		$libname="SSLEAY";
-	}
-	if ($do_crypto) {
-		$libname="LIBEAY";
-	}
-}
-
-# If no platform is given, assume WIN32
-if ($W32 + $W16 + $VMS + $OS2 == 0) {
-	$W32 = 1;
-}
-
-# Add extra knowledge
-if ($W16) {
-	$no_fp_api=1;
-}
-
-if (!$do_ssl && !$do_crypto)
-	{
-	print STDERR "usage: $0 ( ssl | crypto ) [ 16 | 32 | NT | OS2 ]\n";
-	exit(1);
-	}
-
-%ssl_list=&load_numbers($ssl_num);
-$max_ssl = $max_num;
-%crypto_list=&load_numbers($crypto_num);
-$max_crypto = $max_num;
-
-my $ssl="ssl/ssl.h";
-$ssl.=" ssl/kssl.h";
-$ssl.=" ssl/tls1.h";
-$ssl.=" ssl/srtp.h";
-
-my $crypto ="crypto/crypto.h";
-$crypto.=" crypto/cryptlib.h";
-$crypto.=" crypto/o_dir.h";
-$crypto.=" crypto/o_str.h";
-$crypto.=" crypto/o_time.h";
-$crypto.=" crypto/des/des.h crypto/des/des_old.h" ; # unless $no_des;
-$crypto.=" crypto/idea/idea.h" ; # unless $no_idea;
-$crypto.=" crypto/rc4/rc4.h" ; # unless $no_rc4;
-$crypto.=" crypto/rc5/rc5.h" ; # unless $no_rc5;
-$crypto.=" crypto/rc2/rc2.h" ; # unless $no_rc2;
-$crypto.=" crypto/bf/blowfish.h" ; # unless $no_bf;
-$crypto.=" crypto/cast/cast.h" ; # unless $no_cast;
-$crypto.=" crypto/whrlpool/whrlpool.h" ;
-$crypto.=" crypto/md2/md2.h" ; # unless $no_md2;
-$crypto.=" crypto/md4/md4.h" ; # unless $no_md4;
-$crypto.=" crypto/md5/md5.h" ; # unless $no_md5;
-$crypto.=" crypto/mdc2/mdc2.h" ; # unless $no_mdc2;
-$crypto.=" crypto/sha/sha.h" ; # unless $no_sha;
-$crypto.=" crypto/ripemd/ripemd.h" ; # unless $no_ripemd;
-$crypto.=" crypto/aes/aes.h" ; # unless $no_aes;
-$crypto.=" crypto/camellia/camellia.h" ; # unless $no_camellia;
-$crypto.=" crypto/seed/seed.h"; # unless $no_seed;
-
-$crypto.=" crypto/bn/bn.h";
-$crypto.=" crypto/rsa/rsa.h" ; # unless $no_rsa;
-$crypto.=" crypto/dsa/dsa.h" ; # unless $no_dsa;
-$crypto.=" crypto/dh/dh.h" ; # unless $no_dh;
-$crypto.=" crypto/ec/ec.h" ; # unless $no_ec;
-$crypto.=" crypto/ecdsa/ecdsa.h" ; # unless $no_ecdsa;
-$crypto.=" crypto/ecdh/ecdh.h" ; # unless $no_ecdh;
-$crypto.=" crypto/hmac/hmac.h" ; # unless $no_hmac;
-$crypto.=" crypto/cmac/cmac.h" ; # unless $no_hmac;
-
-$crypto.=" crypto/engine/engine.h"; # unless $no_engine;
-$crypto.=" crypto/stack/stack.h" ; # unless $no_stack;
-$crypto.=" crypto/buffer/buffer.h" ; # unless $no_buffer;
-$crypto.=" crypto/bio/bio.h" ; # unless $no_bio;
-$crypto.=" crypto/dso/dso.h" ; # unless $no_dso;
-$crypto.=" crypto/lhash/lhash.h" ; # unless $no_lhash;
-$crypto.=" crypto/conf/conf.h";
-$crypto.=" crypto/txt_db/txt_db.h";
-
-$crypto.=" crypto/evp/evp.h" ; # unless $no_evp;
-$crypto.=" crypto/objects/objects.h";
-$crypto.=" crypto/pem/pem.h";
-#$crypto.=" crypto/meth/meth.h";
-$crypto.=" crypto/asn1/asn1.h";
-$crypto.=" crypto/asn1/asn1t.h";
-$crypto.=" crypto/asn1/asn1_mac.h";
-$crypto.=" crypto/err/err.h" ; # unless $no_err;
-$crypto.=" crypto/pkcs7/pkcs7.h";
-$crypto.=" crypto/pkcs12/pkcs12.h";
-$crypto.=" crypto/x509/x509.h";
-$crypto.=" crypto/x509/x509_vfy.h";
-$crypto.=" crypto/x509v3/x509v3.h";
-$crypto.=" crypto/ts/ts.h";
-$crypto.=" crypto/rand/rand.h";
-$crypto.=" crypto/comp/comp.h" ; # unless $no_comp;
-$crypto.=" crypto/ocsp/ocsp.h";
-$crypto.=" crypto/ui/ui.h crypto/ui/ui_compat.h";
-$crypto.=" crypto/krb5/krb5_asn.h";
-#$crypto.=" crypto/store/store.h";
-$crypto.=" crypto/pqueue/pqueue.h";
-$crypto.=" crypto/cms/cms.h";
-$crypto.=" crypto/jpake/jpake.h";
-$crypto.=" crypto/modes/modes.h";
-$crypto.=" crypto/srp/srp.h";
-
-my $symhacks="crypto/symhacks.h";
-
-my @ssl_symbols = &do_defs("SSLEAY", $ssl, $symhacks);
-my @crypto_symbols = &do_defs("LIBEAY", $crypto, $symhacks);
-
-if ($do_update) {
-
-if ($do_ssl == 1) {
-
-	&maybe_add_info("SSLEAY",*ssl_list, at ssl_symbols);
-	if ($do_rewrite == 1) {
-		open(OUT, ">$ssl_num");
-		&rewrite_numbers(*OUT,"SSLEAY",*ssl_list, at ssl_symbols);
-	} else {
-		open(OUT, ">>$ssl_num");
-	}
-	&update_numbers(*OUT,"SSLEAY",*ssl_list,$max_ssl, at ssl_symbols);
-	close OUT;
-}
-
-if($do_crypto == 1) {
-
-	&maybe_add_info("LIBEAY",*crypto_list, at crypto_symbols);
-	if ($do_rewrite == 1) {
-		open(OUT, ">$crypto_num");
-		&rewrite_numbers(*OUT,"LIBEAY",*crypto_list, at crypto_symbols);
-	} else {
-		open(OUT, ">>$crypto_num");
-	}
-	&update_numbers(*OUT,"LIBEAY",*crypto_list,$max_crypto, at crypto_symbols);
-	close OUT;
-} 
-
-} elsif ($do_checkexist) {
-	&check_existing(*ssl_list, @ssl_symbols)
-		if $do_ssl == 1;
-	&check_existing(*crypto_list, @crypto_symbols)
-		if $do_crypto == 1;
-} elsif ($do_ctest || $do_ctestall) {
-
-	print <<"EOF";
-
-/* Test file to check all DEF file symbols are present by trying
- * to link to all of them. This is *not* intended to be run!
- */
-
-int main()
-{
-EOF
-	&print_test_file(*STDOUT,"SSLEAY",*ssl_list,$do_ctestall, at ssl_symbols)
-		if $do_ssl == 1;
-
-	&print_test_file(*STDOUT,"LIBEAY",*crypto_list,$do_ctestall, at crypto_symbols)
-		if $do_crypto == 1;
-
-	print "}\n";
-
-} else {
-
-	&print_def_file(*STDOUT,$libname,*ssl_list, at ssl_symbols)
-		if $do_ssl == 1;
-
-	&print_def_file(*STDOUT,$libname,*crypto_list, at crypto_symbols)
-		if $do_crypto == 1;
-
-}
-
-
-sub do_defs
-{
-	my($name,$files,$symhacksfile)=@_;
-	my $file;
-	my @ret;
-	my %syms;
-	my %platform;		# For anything undefined, we assume ""
-	my %kind;		# For anything undefined, we assume "FUNCTION"
-	my %algorithm;		# For anything undefined, we assume ""
-	my %variant;
-	my %variant_cnt;	# To be able to allocate "name{n}" if "name"
-				# is the same name as the original.
-	my $cpp;
-	my %unknown_algorithms = ();
-
-	foreach $file (split(/\s+/,$symhacksfile." ".$files))
-		{
-		print STDERR "DEBUG: starting on $file:\n" if $debug;
-		open(IN,"<$file") || die "unable to open $file:$!\n";
-		my $line = "", my $def= "";
-		my %tag = (
-			(map { $_ => 0 } @known_platforms),
-			(map { "OPENSSL_SYS_".$_ => 0 } @known_ossl_platforms),
-			(map { "OPENSSL_NO_".$_ => 0 } @known_algorithms),
-			NOPROTO		=> 0,
-			PERL5		=> 0,
-			_WINDLL		=> 0,
-			CONST_STRICT	=> 0,
-			TRUE		=> 1,
-		);
-		my $symhacking = $file eq $symhacksfile;
-		my @current_platforms = ();
-		my @current_algorithms = ();
-
-		# params: symbol, alias, platforms, kind
-		# The reason to put this subroutine in a variable is that
-		# it will otherwise create it's own, unshared, version of
-		# %tag and %variant...
-		my $make_variant = sub
-		{
-			my ($s, $a, $p, $k) = @_;
-			my ($a1, $a2);
-
-			print STDERR "DEBUG: make_variant: Entered with ",$s,", ",$a,", ",(defined($p)?$p:""),", ",(defined($k)?$k:""),"\n" if $debug;
-			if (defined($p))
-			{
-				$a1 = join(",",$p,
-					   grep(!/^$/,
-						map { $tag{$_} == 1 ? $_ : "" }
-						@known_platforms));
-			}
-			else
-			{
-				$a1 = join(",",
-					   grep(!/^$/,
-						map { $tag{$_} == 1 ? $_ : "" }
-						@known_platforms));
-			}
-			$a2 = join(",",
-				   grep(!/^$/,
-					map { $tag{"OPENSSL_SYS_".$_} == 1 ? $_ : "" }
-					@known_ossl_platforms));
-			print STDERR "DEBUG: make_variant: a1 = $a1; a2 = $a2\n" if $debug;
-			if ($a1 eq "") { $a1 = $a2; }
-			elsif ($a1 ne "" && $a2 ne "") { $a1 .= ",".$a2; }
-			if ($a eq $s)
-			{
-				if (!defined($variant_cnt{$s}))
-				{
-					$variant_cnt{$s} = 0;
-				}
-				$variant_cnt{$s}++;
-				$a .= "{$variant_cnt{$s}}";
-			}
-			my $toadd = $a.":".$a1.(defined($k)?":".$k:"");
-			my $togrep = $s.'(\{[0-9]+\})?:'.$a1.(defined($k)?":".$k:"");
-			if (!grep(/^$togrep$/,
-				  split(/;/, defined($variant{$s})?$variant{$s}:""))) {
-				if (defined($variant{$s})) { $variant{$s} .= ";"; }
-				$variant{$s} .= $toadd;
-			}
-			print STDERR "DEBUG: make_variant: Exit with variant of ",$s," = ",$variant{$s},"\n" if $debug;
-		};
-
-		print STDERR "DEBUG: parsing ----------\n" if $debug;
-		while(<IN>) {
-			if (/\/\* Error codes for the \w+ functions\. \*\//)
-				{
-				undef @tag;
-				last;
-				}
-			if ($line ne '') {
-				$_ = $line . $_;
-				$line = '';
-			}
-
-			if (/\\$/) {
-				chomp; # remove eol
-				chop; # remove ending backslash
-				$line = $_;
-				next;
-			}
-
-			if(/\/\*/) {
-				if (not /\*\//) {	# multiline comment...
-					$line = $_;	# ... just accumulate
-					next;
-				} else {
-					s/\/\*.*?\*\///gs;# wipe it
-				}
-			}
-
-			if ($cpp) {
-				$cpp++ if /^#\s*if/;
-				$cpp-- if /^#\s*endif/;
-				next;
-	    		}
-			$cpp = 1 if /^#.*ifdef.*cplusplus/;
-
-			s/{[^{}]*}//gs;                      # ignore {} blocks
-			print STDERR "DEBUG: \$def=\"$def\"\n" if $debug && $def ne "";
-			print STDERR "DEBUG: \$_=\"$_\"\n" if $debug;
-			if (/^\#\s*ifndef\s+(.*)/) {
-				push(@tag,"-");
-				push(@tag,$1);
-				$tag{$1}=-1;
-				print STDERR "DEBUG: $file: found tag $1 = -1\n" if $debug;
-			} elsif (/^\#\s*if\s+!defined\(([^\)]+)\)/) {
-				push(@tag,"-");
-				if (/^\#\s*if\s+(!defined\(([^\)]+)\)(\s+\&\&\s+!defined\(([^\)]+)\))*)$/) {
-					my $tmp_1 = $1;
-					my $tmp_;
-					foreach $tmp_ (split '\&\&',$tmp_1) {
-						$tmp_ =~ /!defined\(([^\)]+)\)/;
-						print STDERR "DEBUG: $file: found tag $1 = -1\n" if $debug;
-						push(@tag,$1);
-						$tag{$1}=-1;
-					}
-				} else {
-					print STDERR "Warning: $file: complicated expression: $_" if $debug; # because it is O...
-					print STDERR "DEBUG: $file: found tag $1 = -1\n" if $debug;
-					push(@tag,$1);
-					$tag{$1}=-1;
-				}
-			} elsif (/^\#\s*ifdef\s+(\S*)/) {
-				push(@tag,"-");
-				push(@tag,$1);
-				$tag{$1}=1;
-				print STDERR "DEBUG: $file: found tag $1 = 1\n" if $debug;
-			} elsif (/^\#\s*if\s+defined\(([^\)]+)\)/) {
-				push(@tag,"-");
-				if (/^\#\s*if\s+(defined\(([^\)]+)\)(\s+\|\|\s+defined\(([^\)]+)\))*)$/) {
-					my $tmp_1 = $1;
-					my $tmp_;
-					foreach $tmp_ (split '\|\|',$tmp_1) {
-						$tmp_ =~ /defined\(([^\)]+)\)/;
-						print STDERR "DEBUG: $file: found tag $1 = 1\n" if $debug;
-						push(@tag,$1);
-						$tag{$1}=1;
-					}
-				} else {
-					print STDERR "Warning: $file: complicated expression: $_\n" if $debug; # because it is O...
-					print STDERR "DEBUG: $file: found tag $1 = 1\n" if $debug;
-					push(@tag,$1);
-					$tag{$1}=1;
-				}
-			} elsif (/^\#\s*error\s+(\w+) is disabled\./) {
-				my $tag_i = $#tag;
-				while($tag[$tag_i] ne "-") {
-					if ($tag[$tag_i] eq "OPENSSL_NO_".$1) {
-						$tag{$tag[$tag_i]}=2;
-						print STDERR "DEBUG: $file: chaged tag $1 = 2\n" if $debug;
-					}
-					$tag_i--;
-				}
-			} elsif (/^\#\s*endif/) {
-				my $tag_i = $#tag;
-				while($tag_i > 0 && $tag[$tag_i] ne "-") {
-					my $t=$tag[$tag_i];
-					print STDERR "DEBUG: \$t=\"$t\"\n" if $debug;
-					if ($tag{$t}==2) {
-						$tag{$t}=-1;
-					} else {
-						$tag{$t}=0;
-					}
-					print STDERR "DEBUG: $file: changed tag ",$t," = ",$tag{$t},"\n" if $debug;
-					pop(@tag);
-					if ($t =~ /^OPENSSL_NO_([A-Z0-9_]+)$/) {
-						$t=$1;
-					} else {
-						$t="";
-					}
-					if ($t ne ""
-					    && !grep(/^$t$/, @known_algorithms)) {
-						$unknown_algorithms{$t} = 1;
-						#print STDERR "DEBUG: Added as unknown algorithm: $t\n" if $debug;
-					}
-					$tag_i--;
-				}
-				pop(@tag);
-			} elsif (/^\#\s*else/) {
-				my $tag_i = $#tag;
-				while($tag[$tag_i] ne "-") {
-					my $t=$tag[$tag_i];
-					$tag{$t}= -$tag{$t};
-					print STDERR "DEBUG: $file: changed tag ",$t," = ",$tag{$t},"\n" if $debug;
-					$tag_i--;
-				}
-			} elsif (/^\#\s*if\s+1/) {
-				push(@tag,"-");
-				# Dummy tag
-				push(@tag,"TRUE");
-				$tag{"TRUE"}=1;
-				print STDERR "DEBUG: $file: found 1\n" if $debug;
-			} elsif (/^\#\s*if\s+0/) {
-				push(@tag,"-");
-				# Dummy tag
-				push(@tag,"TRUE");
-				$tag{"TRUE"}=-1;
-				print STDERR "DEBUG: $file: found 0\n" if $debug;
-			} elsif (/^\#\s*define\s+(\w+)\s+(\w+)/
-				 && $symhacking && $tag{'TRUE'} != -1) {
-				# This is for aliasing.  When we find an alias,
-				# we have to invert
-				&$make_variant($1,$2);
-				print STDERR "DEBUG: $file: defined $1 = $2\n" if $debug;
-			}
-			if (/^\#/) {
-				@current_platforms =
-				    grep(!/^$/,
-					 map { $tag{$_} == 1 ? $_ :
-						   $tag{$_} == -1 ? "!".$_  : "" }
-					 @known_platforms);
-				push @current_platforms
-				    , grep(!/^$/,
-					   map { $tag{"OPENSSL_SYS_".$_} == 1 ? $_ :
-						     $tag{"OPENSSL_SYS_".$_} == -1 ? "!".$_  : "" }
-					   @known_ossl_platforms);
-				@current_algorithms =
-				    grep(!/^$/,
-					 map { $tag{"OPENSSL_NO_".$_} == -1 ? $_ : "" }
-					 @known_algorithms);
-				$def .=
-				    "#INFO:"
-					.join(',', at current_platforms).":"
-					    .join(',', at current_algorithms).";";
-				next;
-			}
-			if ($tag{'TRUE'} != -1) {
-				if (/^\s*DECLARE_STACK_OF\s*\(\s*(\w*)\s*\)/) {
-					next;
-				} elsif (/^\s*DECLARE_ASN1_ENCODE_FUNCTIONS\s*\(\s*(\w*)\s*,\s*(\w*)\s*,\s*(\w*)\s*\)/) {
-					$def .= "int d2i_$3(void);";
-					$def .= "int i2d_$3(void);";
-					# Variant for platforms that do not
-					# have to access globale variables
-					# in shared libraries through functions
-					$def .=
-					    "#INFO:"
-						.join(',',"!EXPORT_VAR_AS_FUNCTION", at current_platforms).":"
-						    .join(',', at current_algorithms).";";
-					$def .= "OPENSSL_EXTERN int $2_it;";
-					$def .=
-					    "#INFO:"
-						.join(',', at current_platforms).":"
-						    .join(',', at current_algorithms).";";
-					# Variant for platforms that have to
-					# access globale variables in shared
-					# libraries through functions
-					&$make_variant("$2_it","$2_it",
-						      "EXPORT_VAR_AS_FUNCTION",
-						      "FUNCTION");
-					next;
-				} elsif (/^\s*DECLARE_ASN1_FUNCTIONS_fname\s*\(\s*(\w*)\s*,\s*(\w*)\s*,\s*(\w*)\s*\)/) {
-					$def .= "int d2i_$3(void);";
-					$def .= "int i2d_$3(void);";
-					$def .= "int $3_free(void);";
-					$def .= "int $3_new(void);";
-					# Variant for platforms that do not
-					# have to access globale variables
-					# in shared libraries through functions
-					$def .=
-					    "#INFO:"
-						.join(',',"!EXPORT_VAR_AS_FUNCTION", at current_platforms).":"
-						    .join(',', at current_algorithms).";";
-					$def .= "OPENSSL_EXTERN int $2_it;";
-					$def .=
-					    "#INFO:"
-						.join(',', at current_platforms).":"
-						    .join(',', at current_algorithms).";";
-					# Variant for platforms that have to
-					# access globale variables in shared
-					# libraries through functions
-					&$make_variant("$2_it","$2_it",
-						      "EXPORT_VAR_AS_FUNCTION",
-						      "FUNCTION");
-					next;
-				} elsif (/^\s*DECLARE_ASN1_FUNCTIONS\s*\(\s*(\w*)\s*\)/ ||
-					 /^\s*DECLARE_ASN1_FUNCTIONS_const\s*\(\s*(\w*)\s*\)/) {
-					$def .= "int d2i_$1(void);";
-					$def .= "int i2d_$1(void);";
-					$def .= "int $1_free(void);";
-					$def .= "int $1_new(void);";
-					# Variant for platforms that do not
-					# have to access globale variables
-					# in shared libraries through functions
-					$def .=
-					    "#INFO:"
-						.join(',',"!EXPORT_VAR_AS_FUNCTION", at current_platforms).":"
-						    .join(',', at current_algorithms).";";
-					$def .= "OPENSSL_EXTERN int $1_it;";
-					$def .=
-					    "#INFO:"
-						.join(',', at current_platforms).":"
-						    .join(',', at current_algorithms).";";
-					# Variant for platforms that have to
-					# access globale variables in shared
-					# libraries through functions
-					&$make_variant("$1_it","$1_it",
-						      "EXPORT_VAR_AS_FUNCTION",
-						      "FUNCTION");
-					next;
-				} elsif (/^\s*DECLARE_ASN1_ENCODE_FUNCTIONS_const\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) {
-					$def .= "int d2i_$2(void);";
-					$def .= "int i2d_$2(void);";
-					# Variant for platforms that do not
-					# have to access globale variables
-					# in shared libraries through functions
-					$def .=
-					    "#INFO:"
-						.join(',',"!EXPORT_VAR_AS_FUNCTION", at current_platforms).":"
-						    .join(',', at current_algorithms).";";
-					$def .= "OPENSSL_EXTERN int $2_it;";
-					$def .=
-					    "#INFO:"
-						.join(',', at current_platforms).":"
-						    .join(',', at current_algorithms).";";
-					# Variant for platforms that have to
-					# access globale variables in shared
-					# libraries through functions
-					&$make_variant("$2_it","$2_it",
-						      "EXPORT_VAR_AS_FUNCTION",
-						      "FUNCTION");
-					next;
-				} elsif (/^\s*DECLARE_ASN1_ALLOC_FUNCTIONS\s*\(\s*(\w*)\s*\)/) {
-					$def .= "int $1_free(void);";
-					$def .= "int $1_new(void);";
-					next;
-				} elsif (/^\s*DECLARE_ASN1_FUNCTIONS_name\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) {
-					$def .= "int d2i_$2(void);";
-					$def .= "int i2d_$2(void);";
-					$def .= "int $2_free(void);";
-					$def .= "int $2_new(void);";
-					# Variant for platforms that do not
-					# have to access globale variables
-					# in shared libraries through functions
-					$def .=
-					    "#INFO:"
-						.join(',',"!EXPORT_VAR_AS_FUNCTION", at current_platforms).":"
-						    .join(',', at current_algorithms).";";
-					$def .= "OPENSSL_EXTERN int $2_it;";
-					$def .=
-					    "#INFO:"
-						.join(',', at current_platforms).":"
-						    .join(',', at current_algorithms).";";
-					# Variant for platforms that have to
-					# access globale variables in shared
-					# libraries through functions
-					&$make_variant("$2_it","$2_it",
-						      "EXPORT_VAR_AS_FUNCTION",
-						      "FUNCTION");
-					next;
-				} elsif (/^\s*DECLARE_ASN1_ITEM\s*\(\s*(\w*)\s*\)/) {
-					# Variant for platforms that do not
-					# have to access globale variables
-					# in shared libraries through functions
-					$def .=
-					    "#INFO:"
-						.join(',',"!EXPORT_VAR_AS_FUNCTION", at current_platforms).":"
-						    .join(',', at current_algorithms).";";
-					$def .= "OPENSSL_EXTERN int $1_it;";
-					$def .=
-					    "#INFO:"
-						.join(',', at current_platforms).":"
-						    .join(',', at current_algorithms).";";
-					# Variant for platforms that have to
-					# access globale variables in shared
-					# libraries through functions
-					&$make_variant("$1_it","$1_it",
-						      "EXPORT_VAR_AS_FUNCTION",
-						      "FUNCTION");
-					next;
-				} elsif (/^\s*DECLARE_ASN1_NDEF_FUNCTION\s*\(\s*(\w*)\s*\)/) {
-					$def .= "int i2d_$1_NDEF(void);";
-				} elsif (/^\s*DECLARE_ASN1_SET_OF\s*\(\s*(\w*)\s*\)/) {
-					next;
-				} elsif (/^\s*DECLARE_ASN1_PRINT_FUNCTION\s*\(\s*(\w*)\s*\)/) {
-					$def .= "int $1_print_ctx(void);";
-					next;
-				} elsif (/^\s*DECLARE_ASN1_PRINT_FUNCTION_name\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) {
-					$def .= "int $2_print_ctx(void);";
-					next;
-				} elsif (/^\s*DECLARE_PKCS12_STACK_OF\s*\(\s*(\w*)\s*\)/) {
-					next;
-				} elsif (/^DECLARE_PEM_rw\s*\(\s*(\w*)\s*,/ ||
-					 /^DECLARE_PEM_rw_cb\s*\(\s*(\w*)\s*,/ ||
-					 /^DECLARE_PEM_rw_const\s*\(\s*(\w*)\s*,/ ) {
-					# Things not in Win16
-					$def .=
-					    "#INFO:"
-						.join(',',"!WIN16", at current_platforms).":"
-						    .join(',', at current_algorithms).";";
-					$def .= "int PEM_read_$1(void);";
-					$def .= "int PEM_write_$1(void);";
-					$def .=
-					    "#INFO:"
-						.join(',', at current_platforms).":"
-						    .join(',', at current_algorithms).";";
-					# Things that are everywhere
-					$def .= "int PEM_read_bio_$1(void);";
-					$def .= "int PEM_write_bio_$1(void);";
-					next;
-				} elsif (/^DECLARE_PEM_write\s*\(\s*(\w*)\s*,/ ||
-					 /^DECLARE_PEM_write_cb\s*\(\s*(\w*)\s*,/ ) {
-					# Things not in Win16
-					$def .=
-					    "#INFO:"
-						.join(',',"!WIN16", at current_platforms).":"
-						    .join(',', at current_algorithms).";";
-					$def .= "int PEM_write_$1(void);";
-					$def .=
-					    "#INFO:"
-						.join(',', at current_platforms).":"
-						    .join(',', at current_algorithms).";";
-					# Things that are everywhere
-					$def .= "int PEM_write_bio_$1(void);";
-					next;
-				} elsif (/^DECLARE_PEM_read\s*\(\s*(\w*)\s*,/ ||
-					 /^DECLARE_PEM_read_cb\s*\(\s*(\w*)\s*,/ ) {
-					# Things not in Win16
-					$def .=
-					    "#INFO:"
-						.join(',',"!WIN16", at current_platforms).":"
-						    .join(',', at current_algorithms).";";
-					$def .= "int PEM_read_$1(void);";
-					$def .=
-					    "#INFO:"
-						.join(',', at current_platforms).":"
-						    .join(',', at current_algorithms).";";
-					# Things that are everywhere
-					$def .= "int PEM_read_bio_$1(void);";
-					next;
-				} elsif (/^OPENSSL_DECLARE_GLOBAL\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) {
-					# Variant for platforms that do not
-					# have to access globale variables
-					# in shared libraries through functions
-					$def .=
-					    "#INFO:"
-						.join(',',"!EXPORT_VAR_AS_FUNCTION", at current_platforms).":"
-						    .join(',', at current_algorithms).";";
-					$def .= "OPENSSL_EXTERN int _shadow_$2;";
-					$def .=
-					    "#INFO:"
-						.join(',', at current_platforms).":"
-						    .join(',', at current_algorithms).";";
-					# Variant for platforms that have to
-					# access globale variables in shared
-					# libraries through functions
-					&$make_variant("_shadow_$2","_shadow_$2",
-						      "EXPORT_VAR_AS_FUNCTION",
-						      "FUNCTION");
-				} elsif ($tag{'CONST_STRICT'} != 1) {
-					if (/\{|\/\*|\([^\)]*$/) {
-						$line = $_;
-					} else {
-						$def .= $_;
-					}
-				}
-			}
-		}
-		close(IN);
-
-		my $algs;
-		my $plays;
-
-		print STDERR "DEBUG: postprocessing ----------\n" if $debug;
-		foreach (split /;/, $def) {
-			my $s; my $k = "FUNCTION"; my $p; my $a;
-			s/^[\n\s]*//g;
-			s/[\n\s]*$//g;
-			next if(/\#undef/);
-			next if(/typedef\W/);
-			next if(/\#define/);
-
-			# Reduce argument lists to empty ()
-			# fold round brackets recursively: (t(*v)(t),t) -> (t{}{},t) -> {}
-			while(/\(.*\)/s) {
-				s/\([^\(\)]+\)/\{\}/gs;
-				s/\(\s*\*\s*(\w+)\s*\{\}\s*\)/$1/gs;	#(*f{}) -> f
-			}
-			# pretend as we didn't use curly braces: {} -> ()
-			s/\{\}/\(\)/gs;
-
-			s/STACK_OF\(\)/void/gs;
-			s/LHASH_OF\(\)/void/gs;
-
-			print STDERR "DEBUG: \$_ = \"$_\"\n" if $debug;
-			if (/^\#INFO:([^:]*):(.*)$/) {
-				$plats = $1;
-				$algs = $2;
-				print STDERR "DEBUG: found info on platforms ($plats) and algorithms ($algs)\n" if $debug;
-				next;
-			} elsif (/^\s*OPENSSL_EXTERN\s.*?(\w+(\{[0-9]+\})?)(\[[0-9]*\])*\s*$/) {
-				$s = $1;
-				$k = "VARIABLE";
-				print STDERR "DEBUG: found external variable $s\n" if $debug;
-			} elsif (/TYPEDEF_\w+_OF/s) {
-				next;
-			} elsif (/(\w+)\s*\(\).*/s) {	# first token prior [first] () is
-				$s = $1;		# a function name!
-				print STDERR "DEBUG: found function $s\n" if $debug;
-			} elsif (/\(/ and not (/=/)) {
-				print STDERR "File $file: cannot parse: $_;\n";
-				next;
-			} else {
-				next;
-			}
-
-			$syms{$s} = 1;
-			$kind{$s} = $k;
-
-			$p = $plats;
-			$a = $algs;
-			$a .= ",BF" if($s =~ /EVP_bf/);
-			$a .= ",CAST" if($s =~ /EVP_cast/);
-			$a .= ",DES" if($s =~ /EVP_des/);
-			$a .= ",DSA" if($s =~ /EVP_dss/);
-			$a .= ",IDEA" if($s =~ /EVP_idea/);
-			$a .= ",MD2" if($s =~ /EVP_md2/);
-			$a .= ",MD4" if($s =~ /EVP_md4/);
-			$a .= ",MD5" if($s =~ /EVP_md5/);
-			$a .= ",RC2" if($s =~ /EVP_rc2/);
-			$a .= ",RC4" if($s =~ /EVP_rc4/);
-			$a .= ",RC5" if($s =~ /EVP_rc5/);
-			$a .= ",RIPEMD" if($s =~ /EVP_ripemd/);
-			$a .= ",SHA" if($s =~ /EVP_sha/);
-			$a .= ",RSA" if($s =~ /EVP_(Open|Seal)(Final|Init)/);
-			$a .= ",RSA" if($s =~ /PEM_Seal(Final|Init|Update)/);
-			$a .= ",RSA" if($s =~ /RSAPrivateKey/);
-			$a .= ",RSA" if($s =~ /SSLv23?_((client|server)_)?method/);
-
-			$platform{$s} =
-			    &reduce_platforms((defined($platform{$s})?$platform{$s}.',':"").$p);
-			$algorithm{$s} .= ','.$a;
-
-			if (defined($variant{$s})) {
-				foreach $v (split /;/,$variant{$s}) {
-					(my $r, my $p, my $k) = split(/:/,$v);
-					my $ip = join ',',map({ /^!(.*)$/ ? $1 : "!".$_ } split /,/, $p);
-					$syms{$r} = 1;
-					if (!defined($k)) { $k = $kind{$s}; }
-					$kind{$r} = $k."(".$s.")";
-					$algorithm{$r} = $algorithm{$s};
-					$platform{$r} = &reduce_platforms($platform{$s}.",".$p.",".$p);
-					$platform{$s} = &reduce_platforms($platform{$s}.','.$ip.','.$ip);
-					print STDERR "DEBUG: \$variant{\"$s\"} = ",$v,"; \$r = $r; \$p = ",$platform{$r},"; \$a = ",$algorithm{$r},"; \$kind = ",$kind{$r},"\n" if $debug;
-				}
-			}
-			print STDERR "DEBUG: \$s = $s; \$p = ",$platform{$s},"; \$a = ",$algorithm{$s},"; \$kind = ",$kind{$s},"\n" if $debug;
-		}
-	}
-
-	# Prune the returned symbols
-
-        delete $syms{"bn_dump1"};
-	$platform{"BIO_s_log"} .= ",!WIN32,!WIN16,!macintosh";
-
-	$platform{"PEM_read_NS_CERT_SEQ"} = "VMS";
-	$platform{"PEM_write_NS_CERT_SEQ"} = "VMS";
-	$platform{"PEM_read_P8_PRIV_KEY_INFO"} = "VMS";
-	$platform{"PEM_write_P8_PRIV_KEY_INFO"} = "VMS";
-	$platform{"EVP_sha384"} = "!VMSVAX";
-	$platform{"EVP_sha512"} = "!VMSVAX";
-	$platform{"SHA384_Init"} = "!VMSVAX";
-	$platform{"SHA384_Transform"} = "!VMSVAX";
-	$platform{"SHA384_Update"} = "!VMSVAX";
-	$platform{"SHA384_Final"} = "!VMSVAX";
-	$platform{"SHA384"} = "!VMSVAX";
-	$platform{"SHA512_Init"} = "!VMSVAX";
-	$platform{"SHA512_Transform"} = "!VMSVAX";
-	$platform{"SHA512_Update"} = "!VMSVAX";
-	$platform{"SHA512_Final"} = "!VMSVAX";
-	$platform{"SHA512"} = "!VMSVAX";
-	$platform{"WHIRLPOOL_Init"} = "!VMSVAX";
-	$platform{"WHIRLPOOL"} = "!VMSVAX";
-	$platform{"WHIRLPOOL_BitUpdate"} = "!VMSVAX";
-	$platform{"EVP_whirlpool"} = "!VMSVAX";
-	$platform{"WHIRLPOOL_Final"} = "!VMSVAX";
-	$platform{"WHIRLPOOL_Update"} = "!VMSVAX";
-
-
-	# Info we know about
-
-	push @ret, map { $_."\\".&info_string($_,"EXIST",
-					      $platform{$_},
-					      $kind{$_},
-					      $algorithm{$_}) } keys %syms;
-
-	if (keys %unknown_algorithms) {
-		print STDERR "WARNING: mkdef.pl doesn't know the following algorithms:\n";
-		print STDERR "\t",join("\n\t",keys %unknown_algorithms),"\n";
-	}
-	return(@ret);
-}
-
-# Param: string of comma-separated platform-specs.
-sub reduce_platforms
-{
-	my ($platforms) = @_;
-	my $pl = defined($platforms) ? $platforms : "";
-	my %p = map { $_ => 0 } split /,/, $pl;
-	my $ret;
-
-	print STDERR "DEBUG: Entered reduce_platforms with \"$platforms\"\n"
-	    if $debug;
-	# We do this, because if there's code like the following, it really
-	# means the function exists in all cases and should therefore be
-	# everywhere.  By increasing and decreasing, we may attain 0:
-	#
-	# ifndef WIN16
-	#    int foo();
-	# else
-	#    int _fat foo();
-	# endif
-	foreach $platform (split /,/, $pl) {
-		if ($platform =~ /^!(.*)$/) {
-			$p{$1}--;
-		} else {
-			$p{$platform}++;
-		}
-	}
-	foreach $platform (keys %p) {
-		if ($p{$platform} == 0) { delete $p{$platform}; }
-	}
-
-	delete $p{""};
-
-	$ret = join(',',sort(map { $p{$_} < 0 ? "!".$_ : $_ } keys %p));
-	print STDERR "DEBUG: Exiting reduce_platforms with \"$ret\"\n"
-	    if $debug;
-	return $ret;
-}
-
-sub info_string {
-	(my $symbol, my $exist, my $platforms, my $kind, my $algorithms) = @_;
-
-	my %a = defined($algorithms) ?
-	    map { $_ => 1 } split /,/, $algorithms : ();
-	my $k = defined($kind) ? $kind : "FUNCTION";
-	my $ret;
-	my $p = &reduce_platforms($platforms);
-
-	delete $a{""};
-
-	$ret = $exist;
-	$ret .= ":".$p;
-	$ret .= ":".$k;
-	$ret .= ":".join(',',sort keys %a);
-	return $ret;
-}
-
-sub maybe_add_info {
-	(my $name, *nums, my @symbols) = @_;
-	my $sym;
-	my $new_info = 0;
-	my %syms=();
-
-	print STDERR "Updating $name info\n";
-	foreach $sym (@symbols) {
-		(my $s, my $i) = split /\\/, $sym;
-		if (defined($nums{$s})) {
-			$i =~ s/^(.*?:.*?:\w+)(\(\w+\))?/$1/;
-			(my $n, my $dummy) = split /\\/, $nums{$s};
-			if (!defined($dummy) || $i ne $dummy) {
-				$nums{$s} = $n."\\".$i;
-				$new_info++;
-				print STDERR "DEBUG: maybe_add_info for $s: \"$dummy\" => \"$i\"\n" if $debug;
-			}
-		}
-		$syms{$s} = 1;
-	}
-
-	my @s=sort { &parse_number($nums{$a},"n") <=> &parse_number($nums{$b},"n") } keys %nums;
-	foreach $sym (@s) {
-		(my $n, my $i) = split /\\/, $nums{$sym};
-		if (!defined($syms{$sym}) && $i !~ /^NOEXIST:/) {
-			$new_info++;
-			print STDERR "DEBUG: maybe_add_info for $sym: -> undefined\n" if $debug;
-		}
-	}
-	if ($new_info) {
-		print STDERR "$new_info old symbols got an info update\n";
-		if (!$do_rewrite) {
-			print STDERR "You should do a rewrite to fix this.\n";
-		}
-	} else {
-		print STDERR "No old symbols needed info update\n";
-	}
-}
-
-# Param: string of comma-separated keywords, each possibly prefixed with a "!"
-sub is_valid
-{
-	my ($keywords_txt,$platforms) = @_;
-	my (@keywords) = split /,/,$keywords_txt;
-	my ($falsesum, $truesum) = (0, 1);
-
-	# Param: one keyword
-	sub recognise
-	{
-		my ($keyword,$platforms) = @_;
-
-		if ($platforms) {
-			# platforms
-			if ($keyword eq "VMSVAX" && $VMSVAX) { return 1; }
-			if ($keyword eq "VMSNonVAX" && $VMSNonVAX) { return 1; }
-			if ($keyword eq "VMS" && $VMS) { return 1; }
-			if ($keyword eq "WIN32" && $W32) { return 1; }
-			if ($keyword eq "WIN16" && $W16) { return 1; }
-			if ($keyword eq "WINNT" && $NT) { return 1; }
-			if ($keyword eq "OS2" && $OS2) { return 1; }
-			# Special platforms:
-			# EXPORT_VAR_AS_FUNCTION means that global variables
-			# will be represented as functions.  This currently
-			# only happens on VMS-VAX.
-			if ($keyword eq "EXPORT_VAR_AS_FUNCTION" && ($VMSVAX || $W32 || $W16)) {
-				return 1;
-			}
-			if ($keyword eq "OPENSSL_FIPS" && $fips) {
-				return 1;
-			}
-			if ($keyword eq "ZLIB" && $zlib) { return 1; }
-			return 0;
-		} else {
-			# algorithms
-			if ($keyword eq "RC2" && $no_rc2) { return 0; }
-			if ($keyword eq "RC4" && $no_rc4) { return 0; }
-			if ($keyword eq "RC5" && $no_rc5) { return 0; }
-			if ($keyword eq "IDEA" && $no_idea) { return 0; }
-			if ($keyword eq "DES" && $no_des) { return 0; }
-			if ($keyword eq "BF" && $no_bf) { return 0; }
-			if ($keyword eq "CAST" && $no_cast) { return 0; }
-			if ($keyword eq "MD2" && $no_md2) { return 0; }
-			if ($keyword eq "MD4" && $no_md4) { return 0; }
-			if ($keyword eq "MD5" && $no_md5) { return 0; }
-			if ($keyword eq "SHA" && $no_sha) { return 0; }
-			if ($keyword eq "RIPEMD" && $no_ripemd) { return 0; }
-			if ($keyword eq "MDC2" && $no_mdc2) { return 0; }
-			if ($keyword eq "WHIRLPOOL" && $no_whirlpool) { return 0; }
-			if ($keyword eq "RSA" && $no_rsa) { return 0; }
-			if ($keyword eq "DSA" && $no_dsa) { return 0; }
-			if ($keyword eq "DH" && $no_dh) { return 0; }
-			if ($keyword eq "EC" && $no_ec) { return 0; }
-			if ($keyword eq "ECDSA" && $no_ecdsa) { return 0; }
-			if ($keyword eq "ECDH" && $no_ecdh) { return 0; }
-			if ($keyword eq "HMAC" && $no_hmac) { return 0; }
-			if ($keyword eq "AES" && $no_aes) { return 0; }
-			if ($keyword eq "CAMELLIA" && $no_camellia) { return 0; }
-			if ($keyword eq "SEED" && $no_seed) { return 0; }
-			if ($keyword eq "EVP" && $no_evp) { return 0; }
-			if ($keyword eq "LHASH" && $no_lhash) { return 0; }
-			if ($keyword eq "STACK" && $no_stack) { return 0; }
-			if ($keyword eq "ERR" && $no_err) { return 0; }
-			if ($keyword eq "BUFFER" && $no_buffer) { return 0; }
-			if ($keyword eq "BIO" && $no_bio) { return 0; }
-			if ($keyword eq "COMP" && $no_comp) { return 0; }
-			if ($keyword eq "DSO" && $no_dso) { return 0; }
-			if ($keyword eq "KRB5" && $no_krb5) { return 0; }
-			if ($keyword eq "ENGINE" && $no_engine) { return 0; }
-			if ($keyword eq "HW" && $no_hw) { return 0; }
-			if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
-			if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }
-			if ($keyword eq "GMP" && $no_gmp) { return 0; }
-			if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; }
-			if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; }
-			if ($keyword eq "PSK" && $no_psk) { return 0; }
-			if ($keyword eq "CMS" && $no_cms) { return 0; }
-			if ($keyword eq "EC2M" && $no_ec2m) { return 0; }
-			if ($keyword eq "NEXTPROTONEG" && $no_nextprotoneg) { return 0; }
-			if ($keyword eq "EC_NISTP_64_GCC_128" && $no_nistp_gcc)
-					{ return 0; }
-			if ($keyword eq "SSL2" && $no_ssl2) { return 0; }
-			if ($keyword eq "SSL3_METHOD" && $no_ssl3_method) { return 0; }
-			if ($keyword eq "CAPIENG" && $no_capieng) { return 0; }
-			if ($keyword eq "JPAKE" && $no_jpake) { return 0; }
-			if ($keyword eq "SRP" && $no_srp) { return 0; }
-			if ($keyword eq "SCTP" && $no_sctp) { return 0; }
-			if ($keyword eq "SRTP" && $no_srtp) { return 0; }
-			if ($keyword eq "UNIT_TEST" && $no_unit_test) { return 0; }
-			if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; }
-
-			# Nothing recognise as true
-			return 1;
-		}
-	}
-
-	foreach $k (@keywords) {
-		if ($k =~ /^!(.*)$/) {
-			$falsesum += &recognise($1,$platforms);
-		} else {
-			$truesum *= &recognise($k,$platforms);
-		}
-	}
-	print STDERR "DEBUG: [",$#keywords,",",$#keywords < 0,"] is_valid($keywords_txt) => (\!$falsesum) && $truesum = ",(!$falsesum) && $truesum,"\n" if $debug;
-	return (!$falsesum) && $truesum;
-}
-
-sub print_test_file
-{
-	(*OUT,my $name,*nums,my $testall,my @symbols)=@_;
-	my $n = 1; my @e; my @r;
-	my $sym; my $prev = ""; my $prefSSLeay;
-
-	(@e)=grep(/^SSLeay(\{[0-9]+\})?\\.*?:.*?:.*/, at symbols);
-	(@r)=grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:.*/ && !/^SSLeay(\{[0-9]+\})?\\.*?:.*?:.*/, at symbols);
-	@symbols=((sort @e),(sort @r));
-
-	foreach $sym (@symbols) {
-		(my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
-		my $v = 0;
-		$v = 1 if $i=~ /^.*?:.*?:VARIABLE/;
-		my $p = ($i =~ /^[^:]*:([^:]*):/,$1);
-		my $a = ($i =~ /^[^:]*:[^:]*:[^:]*:([^:]*)/,$1);
-		if (!defined($nums{$s})) {
-			print STDERR "Warning: $s does not have a number assigned\n"
-			    if(!$do_update);
-		} elsif (is_valid($p,1) && is_valid($a,0)) {
-			my $s2 = ($s =~ /^(.*?)(\{[0-9]+\})?$/, $1);
-			if ($prev eq $s2) {
-				print OUT "\t/* The following has already appeared previously */\n";
-				print STDERR "Warning: Symbol '",$s2,"' redefined. old=",($nums{$prev} =~ /^(.*?)\\/,$1),", new=",($nums{$s2} =~ /^(.*?)\\/,$1),"\n";
-			}
-			$prev = $s2;	# To warn about duplicates...
-
-			($nn,$ni)=($nums{$s2} =~ /^(.*?)\\(.*)$/);
-			if ($v) {
-				print OUT "\textern int $s2; /* type unknown */ /* $nn $ni */\n";
-			} else {
-				print OUT "\textern int $s2(); /* type unknown */ /* $nn $ni */\n";
-			}
-		}
-	}
-}
-
-sub get_version {
-   local *MF;
-   my $v = '?';
-   open MF, 'Makefile' or return $v;
-   while (<MF>) {
-     $v = $1, last if /^VERSION=(.*?)\s*$/;
-   }
-   close MF;
-   return $v;
-}
-
-sub print_def_file
-{
-	(*OUT,my $name,*nums,my @symbols)=@_;
-	my $n = 1; my @e; my @r; my @v; my $prev="";
-	my $liboptions="";
-	my $libname = $name;
-	my $http_vendor = 'www.openssl.org/';
-	my $version = get_version();
-	my $what = "OpenSSL: implementation of Secure Socket Layer";
-	my $description = "$what $version, $name - http://$http_vendor";
-
-	if ($W32)
-		{ $libname.="32"; }
-	elsif ($W16)
-		{ $libname.="16"; }
-	elsif ($OS2)
-		{ # DLL names should not clash on the whole system.
-		  # However, they should not have any particular relationship
-		  # to the name of the static library.  Chose descriptive names
-		  # (must be at most 8 chars).
-		  my %translate = (ssl => 'open_ssl', crypto => 'cryptssl');
-		  $libname = $translate{$name} || $name;
-		  $liboptions = <<EOO;
-INITINSTANCE
-DATA MULTIPLE NONSHARED
-EOO
-		  # Vendor field can't contain colon, drat; so we omit http://
-		  $description = "\@#$http_vendor:$version#\@$what; DLL for library $name.  Build for EMX -Zmtd";
-		}
-
-	print OUT <<"EOF";
-;
-; Definition file for the DLL version of the $name library from OpenSSL
-;
-
-LIBRARY         $libname	$liboptions
-
-EOF
-
-	if ($W16) {
-		print <<"EOF";
-CODE            PRELOAD MOVEABLE
-DATA            PRELOAD MOVEABLE SINGLE
-
-EXETYPE		WINDOWS
-
-HEAPSIZE	4096
-STACKSIZE	8192
-
-EOF
-	}
-
-	print "EXPORTS\n";
-
-	(@e)=grep(/^SSLeay(\{[0-9]+\})?\\.*?:.*?:FUNCTION/, at symbols);
-	(@r)=grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:FUNCTION/ && !/^SSLeay(\{[0-9]+\})?\\.*?:.*?:FUNCTION/, at symbols);
-	(@v)=grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:VARIABLE/, at symbols);
-	@symbols=((sort @e),(sort @r), (sort @v));
-
-
-	foreach $sym (@symbols) {
-		(my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
-		my $v = 0;
-		$v = 1 if $i =~ /^.*?:.*?:VARIABLE/;
-		if (!defined($nums{$s})) {
-			printf STDERR "Warning: $s does not have a number assigned\n"
-			    if(!$do_update);
-		} else {
-			(my $n, my $dummy) = split /\\/, $nums{$s};
-			my %pf = ();
-			my $p = ($i =~ /^[^:]*:([^:]*):/,$1);
-			my $a = ($i =~ /^[^:]*:[^:]*:[^:]*:([^:]*)/,$1);
-			if (is_valid($p,1) && is_valid($a,0)) {
-				my $s2 = ($s =~ /^(.*?)(\{[0-9]+\})?$/, $1);
-				if ($prev eq $s2) {
-					print STDERR "Warning: Symbol '",$s2,"' redefined. old=",($nums{$prev} =~ /^(.*?)\\/,$1),", new=",($nums{$s2} =~ /^(.*?)\\/,$1),"\n";
-				}
-				$prev = $s2;	# To warn about duplicates...
-				if($v && !$OS2) {
-					printf OUT "    %s%-39s @%-8d DATA\n",($W32)?"":"_",$s2,$n;
-				} else {
-					printf OUT "    %s%-39s @%d\n",($W32||$OS2)?"":"_",$s2,$n;
-				}
-			}
-		}
-	}
-	printf OUT "\n";
-}
-
-sub load_numbers
-{
-	my($name)=@_;
-	my(@a,%ret);
-
-	$max_num = 0;
-	$num_noinfo = 0;
-	$prev = "";
-	$prev_cnt = 0;
-
-	open(IN,"<$name") || die "unable to open $name:$!\n";
-	while (<IN>) {
-		chop;
-		s/#.*$//;
-		next if /^\s*$/;
-		@a=split;
-		if (defined $ret{$a[0]}) {
-			# This is actually perfectly OK
-			#print STDERR "Warning: Symbol '",$a[0],"' redefined. old=",$ret{$a[0]},", new=",$a[1],"\n";
-		}
-		if ($max_num > $a[1]) {
-			print STDERR "Warning: Number decreased from ",$max_num," to ",$a[1],"\n";
-		}
-		elsif ($max_num == $a[1]) {
-			# This is actually perfectly OK
-			#print STDERR "Warning: Symbol ",$a[0]," has same number as previous ",$prev,": ",$a[1],"\n";
-			if ($a[0] eq $prev) {
-				$prev_cnt++;
-				$a[0] .= "{$prev_cnt}";
-			}
-		}
-		else {
-			$prev_cnt = 0;
-		}
-		if ($#a < 2) {
-			# Existence will be proven later, in do_defs
-			$ret{$a[0]}=$a[1];
-			$num_noinfo++;
-		} else {
-			$ret{$a[0]}=$a[1]."\\".$a[2]; # \\ is a special marker
-		}
-		$max_num = $a[1] if $a[1] > $max_num;
-		$prev=$a[0];
-	}
-	if ($num_noinfo) {
-		print STDERR "Warning: $num_noinfo symbols were without info.";
-		if ($do_rewrite) {
-			printf STDERR "  The rewrite will fix this.\n";
-		} else {
-			printf STDERR "  You should do a rewrite to fix this.\n";
-		}
-	}
-	close(IN);
-	return(%ret);
-}
-
-sub parse_number
-{
-	(my $str, my $what) = @_;
-	(my $n, my $i) = split(/\\/,$str);
-	if ($what eq "n") {
-		return $n;
-	} else {
-		return $i;
-	}
-}
-
-sub rewrite_numbers
-{
-	(*OUT,$name,*nums, at symbols)=@_;
-	my $thing;
-
-	print STDERR "Rewriting $name\n";
-
-	my @r = grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:\w+\(\w+\)/, at symbols);
-	my $r; my %r; my %rsyms;
-	foreach $r (@r) {
-		(my $s, my $i) = split /\\/, $r;
-		my $a = $1 if $i =~ /^.*?:.*?:\w+\((\w+)\)/;
-		$i =~ s/^(.*?:.*?:\w+)\(\w+\)/$1/;
-		$r{$a} = $s."\\".$i;
-		$rsyms{$s} = 1;
-	}
-
-	my %syms = ();
-	foreach $_ (@symbols) {
-		(my $n, my $i) = split /\\/;
-		$syms{$n} = 1;
-	}
-
-	my @s=sort {
-	    &parse_number($nums{$a},"n") <=> &parse_number($nums{$b},"n")
-	    || $a cmp $b
-	} keys %nums;
-	foreach $sym (@s) {
-		(my $n, my $i) = split /\\/, $nums{$sym};
-		next if defined($i) && $i =~ /^.*?:.*?:\w+\(\w+\)/;
-		next if defined($rsyms{$sym});
-		print STDERR "DEBUG: rewrite_numbers for sym = ",$sym,": i = ",$i,", n = ",$n,", rsym{sym} = ",$rsyms{$sym},"syms{sym} = ",$syms{$sym},"\n" if $debug;
-		$i="NOEXIST::FUNCTION:"
-			if !defined($i) || $i eq "" || !defined($syms{$sym});
-		my $s2 = $sym;
-		$s2 =~ s/\{[0-9]+\}$//;
-		printf OUT "%s%-39s %d\t%s\n","",$s2,$n,$i;
-		if (exists $r{$sym}) {
-			(my $s, $i) = split /\\/,$r{$sym};
-			my $s2 = $s;
-			$s2 =~ s/\{[0-9]+\}$//;
-			printf OUT "%s%-39s %d\t%s\n","",$s2,$n,$i;
-		}
-	}
-}
-
-sub update_numbers
-{
-	(*OUT,$name,*nums,my $start_num, my @symbols)=@_;
-	my $new_syms = 0;
-
-	print STDERR "Updating $name numbers\n";
-
-	my @r = grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:\w+\(\w+\)/, at symbols);
-	my $r; my %r; my %rsyms;
-	foreach $r (@r) {
-		(my $s, my $i) = split /\\/, $r;
-		my $a = $1 if $i =~ /^.*?:.*?:\w+\((\w+)\)/;
-		$i =~ s/^(.*?:.*?:\w+)\(\w+\)/$1/;
-		$r{$a} = $s."\\".$i;
-		$rsyms{$s} = 1;
-	}
-
-	foreach $sym (@symbols) {
-		(my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
-		next if $i =~ /^.*?:.*?:\w+\(\w+\)/;
-		next if defined($rsyms{$sym});
-		die "ERROR: Symbol $sym had no info attached to it."
-		    if $i eq "";
-		if (!exists $nums{$s}) {
-			$new_syms++;
-			my $s2 = $s;
-			$s2 =~ s/\{[0-9]+\}$//;
-			printf OUT "%s%-39s %d\t%s\n","",$s2, ++$start_num,$i;
-			if (exists $r{$s}) {
-				($s, $i) = split /\\/,$r{$s};
-				$s =~ s/\{[0-9]+\}$//;
-				printf OUT "%s%-39s %d\t%s\n","",$s, $start_num,$i;
-			}
-		}
-	}
-	if($new_syms) {
-		print STDERR "$new_syms New symbols added\n";
-	} else {
-		print STDERR "No New symbols Added\n";
-	}
-}
-
-sub check_existing
-{
-	(*nums, my @symbols)=@_;
-	my %existing; my @remaining;
-	@remaining=();
-	foreach $sym (@symbols) {
-		(my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
-		$existing{$s}=1;
-	}
-	foreach $sym (keys %nums) {
-		if (!exists $existing{$sym}) {
-			push @remaining, $sym;
-		}
-	}
-	if(@remaining) {
-		print STDERR "The following symbols do not seem to exist:\n";
-		foreach $sym (@remaining) {
-			print STDERR "\t",$sym,"\n";
-		}
-	}
-}
-

Copied: vendor-crypto/openssl/1.0.1u/util/mkdef.pl (from rev 11605, vendor-crypto/openssl/dist/util/mkdef.pl)
===================================================================
--- vendor-crypto/openssl/1.0.1u/util/mkdef.pl	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/util/mkdef.pl	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,1556 @@
+#!/usr/local/bin/perl -w
+#
+# generate a .def file
+#
+# It does this by parsing the header files and looking for the
+# prototyped functions: it then prunes the output.
+#
+# Intermediary files are created, call libeay.num and ssleay.num,...
+# Previously, they had the following format:
+#
+#	routine-name	nnnn
+#
+# But that isn't enough for a number of reasons, the first on being that
+# this format is (needlessly) very Win32-centric, and even then...
+# One of the biggest problems is that there's no information about what
+# routines should actually be used, which varies with what crypto algorithms
+# are disabled.  Also, some operating systems (for example VMS with VAX C)
+# need to keep track of the global variables as well as the functions.
+#
+# So, a remake of this script is done so as to include information on the
+# kind of symbol it is (function or variable) and what algorithms they're
+# part of.  This will allow easy translating to .def files or the corresponding
+# file in other operating systems (a .opt file for VMS, possibly with a .mar
+# file).
+#
+# The format now becomes:
+#
+#	routine-name	nnnn	info
+#
+# and the "info" part is actually a colon-separated string of fields with
+# the following meaning:
+#
+#	existence:platform:kind:algorithms
+#
+# - "existence" can be "EXIST" or "NOEXIST" depending on if the symbol is
+#   found somewhere in the source, 
+# - "platforms" is empty if it exists on all platforms, otherwise it contains
+#   comma-separated list of the platform, just as they are if the symbol exists
+#   for those platforms, or prepended with a "!" if not.  This helps resolve
+#   symbol name variants for platforms where the names are too long for the
+#   compiler or linker, or if the systems is case insensitive and there is a
+#   clash, or the symbol is implemented differently (see
+#   EXPORT_VAR_AS_FUNCTION).  This script assumes renaming of symbols is found
+#   in the file crypto/symhacks.h.
+#   The semantics for the platforms is that every item is checked against the
+#   environment.  For the negative items ("!FOO"), if any of them is false
+#   (i.e. "FOO" is true) in the environment, the corresponding symbol can't be
+#   used.  For the positive itms, if all of them are false in the environment,
+#   the corresponding symbol can't be used.  Any combination of positive and
+#   negative items are possible, and of course leave room for some redundancy.
+# - "kind" is "FUNCTION" or "VARIABLE".  The meaning of that is obvious.
+# - "algorithms" is a comma-separated list of algorithm names.  This helps
+#   exclude symbols that are part of an algorithm that some user wants to
+#   exclude.
+#
+
+my $debug=0;
+
+my $crypto_num= "util/libeay.num";
+my $ssl_num=    "util/ssleay.num";
+my $libname;
+
+my $do_update = 0;
+my $do_rewrite = 1;
+my $do_crypto = 0;
+my $do_ssl = 0;
+my $do_ctest = 0;
+my $do_ctestall = 0;
+my $do_checkexist = 0;
+
+my $VMSVAX=0;
+my $VMSNonVAX=0;
+my $VMS=0;
+my $W32=0;
+my $W16=0;
+my $NT=0;
+my $OS2=0;
+# Set this to make typesafe STACK definitions appear in DEF
+my $safe_stack_def = 0;
+
+my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT",
+			"EXPORT_VAR_AS_FUNCTION", "ZLIB", "OPENSSL_FIPS" );
+my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" );
+my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
+			 "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1",
+			 "SHA256", "SHA512", "RIPEMD",
+			 "MDC2", "WHIRLPOOL", "RSA", "DSA", "DH", "EC", "ECDH", "ECDSA", "EC2M",
+			 "HMAC", "AES", "CAMELLIA", "SEED", "GOST",
+			 # EC_NISTP_64_GCC_128
+			 "EC_NISTP_64_GCC_128",
+			 # Envelope "algorithms"
+			 "EVP", "X509", "ASN1_TYPEDEFS",
+			 # Helper "algorithms"
+			 "BIO", "COMP", "BUFFER", "LHASH", "STACK", "ERR",
+			 "LOCKING",
+			 # External "algorithms"
+			 "FP_API", "STDIO", "SOCK", "KRB5", "DGRAM",
+			 # Engines
+			 "STATIC_ENGINE", "ENGINE", "HW", "GMP",
+			 # RFC3779
+			 "RFC3779",
+			 # TLS
+			 "TLSEXT", "PSK", "SRP", "HEARTBEATS",
+			 # CMS
+			 "CMS",
+			 # CryptoAPI Engine
+			 "CAPIENG",
+			 # SSL v2
+			 "SSL2",
+			 # SSL v2 method
+			 "SSL2_METHOD",
+			 # SSL v3 method
+			 "SSL3_METHOD",
+			 # JPAKE
+			 "JPAKE",
+			 # NEXTPROTONEG
+			 "NEXTPROTONEG",
+			 # Deprecated functions
+			 "DEPRECATED",
+			 # Hide SSL internals
+			 "SSL_INTERN",
+			 # SCTP
+		 	 "SCTP",
+			 # SRTP
+			 "SRTP",
+			 # Unit testing
+		 	 "UNIT_TEST");
+
+my $options="";
+open(IN,"<Makefile") || die "unable to open Makefile!\n";
+while(<IN>) {
+    $options=$1 if (/^OPTIONS=(.*)$/);
+}
+close(IN);
+
+# The following ciphers may be excluded (by Configure). This means functions
+# defined with ifndef(NO_XXX) are not included in the .def file, and everything
+# in directory xxx is ignored.
+my $no_rc2; my $no_rc4; my $no_rc5; my $no_idea; my $no_des; my $no_bf;
+my $no_cast; my $no_whirlpool; my $no_camellia; my $no_seed;
+my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
+my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
+my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
+my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
+my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
+my $no_jpake; my $no_srp; my $no_ssl2; my $no_ec2m; my $no_nistp_gcc; 
+my $no_nextprotoneg; my $no_sctp; my $no_srtp;
+my $no_unit_test; my $no_ssl3_method; my $no_ssl2_method;
+
+my $fips;
+
+my $zlib;
+
+
+foreach (@ARGV, split(/ /, $options))
+	{
+	$debug=1 if $_ eq "debug";
+	$W32=1 if $_ eq "32";
+	$W16=1 if $_ eq "16";
+	if($_ eq "NT") {
+		$W32 = 1;
+		$NT = 1;
+	}
+	if ($_ eq "VMS-VAX") {
+		$VMS=1;
+		$VMSVAX=1;
+	}
+	if ($_ eq "VMS-NonVAX") {
+		$VMS=1;
+		$VMSNonVAX=1;
+	}
+	$VMS=1 if $_ eq "VMS";
+	$OS2=1 if $_ eq "OS2";
+	$fips=1 if /^fips/;
+	if ($_ eq "zlib" || $_ eq "enable-zlib" || $_ eq "zlib-dynamic"
+			 || $_ eq "enable-zlib-dynamic") {
+		$zlib = 1;
+	}
+
+	$do_ssl=1 if $_ eq "ssleay";
+	if ($_ eq "ssl") {
+		$do_ssl=1; 
+		$libname=$_
+	}
+	$do_crypto=1 if $_ eq "libeay";
+	if ($_ eq "crypto") {
+		$do_crypto=1;
+		$libname=$_;
+	}
+	$no_static_engine=1 if $_ eq "no-static-engine";
+	$no_static_engine=0 if $_ eq "enable-static-engine";
+	$do_update=1 if $_ eq "update";
+	$do_rewrite=1 if $_ eq "rewrite";
+	$do_ctest=1 if $_ eq "ctest";
+	$do_ctestall=1 if $_ eq "ctestall";
+	$do_checkexist=1 if $_ eq "exist";
+	#$safe_stack_def=1 if $_ eq "-DDEBUG_SAFESTACK";
+
+	if    (/^no-rc2$/)      { $no_rc2=1; }
+	elsif (/^no-rc4$/)      { $no_rc4=1; }
+	elsif (/^no-rc5$/)      { $no_rc5=1; }
+	elsif (/^no-idea$/)     { $no_idea=1; }
+	elsif (/^no-des$/)      { $no_des=1; $no_mdc2=1; }
+	elsif (/^no-bf$/)       { $no_bf=1; }
+	elsif (/^no-cast$/)     { $no_cast=1; }
+	elsif (/^no-whirlpool$/)     { $no_whirlpool=1; }
+	elsif (/^no-md2$/)      { $no_md2=1; }
+	elsif (/^no-md4$/)      { $no_md4=1; }
+	elsif (/^no-md5$/)      { $no_md5=1; }
+	elsif (/^no-sha$/)      { $no_sha=1; }
+	elsif (/^no-ripemd$/)   { $no_ripemd=1; }
+	elsif (/^no-mdc2$/)     { $no_mdc2=1; }
+	elsif (/^no-rsa$/)      { $no_rsa=1; }
+	elsif (/^no-dsa$/)      { $no_dsa=1; }
+	elsif (/^no-dh$/)       { $no_dh=1; }
+	elsif (/^no-ec$/)       { $no_ec=1; }
+	elsif (/^no-ecdsa$/)	{ $no_ecdsa=1; }
+	elsif (/^no-ecdh$/) 	{ $no_ecdh=1; }
+	elsif (/^no-hmac$/)	{ $no_hmac=1; }
+	elsif (/^no-aes$/)	{ $no_aes=1; }
+	elsif (/^no-camellia$/)	{ $no_camellia=1; }
+	elsif (/^no-seed$/)     { $no_seed=1; }
+	elsif (/^no-evp$/)	{ $no_evp=1; }
+	elsif (/^no-lhash$/)	{ $no_lhash=1; }
+	elsif (/^no-stack$/)	{ $no_stack=1; }
+	elsif (/^no-err$/)	{ $no_err=1; }
+	elsif (/^no-buffer$/)	{ $no_buffer=1; }
+	elsif (/^no-bio$/)	{ $no_bio=1; }
+	#elsif (/^no-locking$/)	{ $no_locking=1; }
+	elsif (/^no-comp$/)	{ $no_comp=1; }
+	elsif (/^no-dso$/)	{ $no_dso=1; }
+	elsif (/^no-krb5$/)	{ $no_krb5=1; }
+	elsif (/^no-engine$/)	{ $no_engine=1; }
+	elsif (/^no-hw$/)	{ $no_hw=1; }
+	elsif (/^no-gmp$/)	{ $no_gmp=1; }
+	elsif (/^no-rfc3779$/)	{ $no_rfc3779=1; }
+	elsif (/^no-tlsext$/)	{ $no_tlsext=1; }
+	elsif (/^no-cms$/)	{ $no_cms=1; }
+	elsif (/^no-ec2m$/)	{ $no_ec2m=1; }
+	elsif (/^no-ec_nistp_64_gcc_128$/)	{ $no_nistp_gcc=1; }
+	elsif (/^no-nextprotoneg$/)	{ $no_nextprotoneg=1; }
+	elsif (/^no-ssl2$/)	{ $no_ssl2=1; }
+	elsif (/^no-ssl2-method$/) { $no_ssl2_method=1; }
+	elsif (/^no-ssl3-method$/) { $no_ssl3_method=1; }
+	elsif (/^no-capieng$/)	{ $no_capieng=1; }
+	elsif (/^no-jpake$/)	{ $no_jpake=1; }
+	elsif (/^no-srp$/)	{ $no_srp=1; }
+	elsif (/^no-sctp$/)	{ $no_sctp=1; }
+	elsif (/^no-srtp$/)	{ $no_srtp=1; }
+	elsif (/^no-unit-test$/){ $no_unit_test=1; }
+	}
+
+
+if (!$libname) { 
+	if ($do_ssl) {
+		$libname="SSLEAY";
+	}
+	if ($do_crypto) {
+		$libname="LIBEAY";
+	}
+}
+
+# If no platform is given, assume WIN32
+if ($W32 + $W16 + $VMS + $OS2 == 0) {
+	$W32 = 1;
+}
+
+# Add extra knowledge
+if ($W16) {
+	$no_fp_api=1;
+}
+
+if (!$do_ssl && !$do_crypto)
+	{
+	print STDERR "usage: $0 ( ssl | crypto ) [ 16 | 32 | NT | OS2 ]\n";
+	exit(1);
+	}
+
+%ssl_list=&load_numbers($ssl_num);
+$max_ssl = $max_num;
+%crypto_list=&load_numbers($crypto_num);
+$max_crypto = $max_num;
+
+my $ssl="ssl/ssl.h";
+$ssl.=" ssl/kssl.h";
+$ssl.=" ssl/tls1.h";
+$ssl.=" ssl/srtp.h";
+
+my $crypto ="crypto/crypto.h";
+$crypto.=" crypto/cryptlib.h";
+$crypto.=" crypto/o_dir.h";
+$crypto.=" crypto/o_str.h";
+$crypto.=" crypto/o_time.h";
+$crypto.=" crypto/des/des.h crypto/des/des_old.h" ; # unless $no_des;
+$crypto.=" crypto/idea/idea.h" ; # unless $no_idea;
+$crypto.=" crypto/rc4/rc4.h" ; # unless $no_rc4;
+$crypto.=" crypto/rc5/rc5.h" ; # unless $no_rc5;
+$crypto.=" crypto/rc2/rc2.h" ; # unless $no_rc2;
+$crypto.=" crypto/bf/blowfish.h" ; # unless $no_bf;
+$crypto.=" crypto/cast/cast.h" ; # unless $no_cast;
+$crypto.=" crypto/whrlpool/whrlpool.h" ;
+$crypto.=" crypto/md2/md2.h" ; # unless $no_md2;
+$crypto.=" crypto/md4/md4.h" ; # unless $no_md4;
+$crypto.=" crypto/md5/md5.h" ; # unless $no_md5;
+$crypto.=" crypto/mdc2/mdc2.h" ; # unless $no_mdc2;
+$crypto.=" crypto/sha/sha.h" ; # unless $no_sha;
+$crypto.=" crypto/ripemd/ripemd.h" ; # unless $no_ripemd;
+$crypto.=" crypto/aes/aes.h" ; # unless $no_aes;
+$crypto.=" crypto/camellia/camellia.h" ; # unless $no_camellia;
+$crypto.=" crypto/seed/seed.h"; # unless $no_seed;
+
+$crypto.=" crypto/bn/bn.h";
+$crypto.=" crypto/rsa/rsa.h" ; # unless $no_rsa;
+$crypto.=" crypto/dsa/dsa.h" ; # unless $no_dsa;
+$crypto.=" crypto/dh/dh.h" ; # unless $no_dh;
+$crypto.=" crypto/ec/ec.h" ; # unless $no_ec;
+$crypto.=" crypto/ecdsa/ecdsa.h" ; # unless $no_ecdsa;
+$crypto.=" crypto/ecdh/ecdh.h" ; # unless $no_ecdh;
+$crypto.=" crypto/hmac/hmac.h" ; # unless $no_hmac;
+$crypto.=" crypto/cmac/cmac.h" ; # unless $no_hmac;
+
+$crypto.=" crypto/engine/engine.h"; # unless $no_engine;
+$crypto.=" crypto/stack/stack.h" ; # unless $no_stack;
+$crypto.=" crypto/buffer/buffer.h" ; # unless $no_buffer;
+$crypto.=" crypto/bio/bio.h" ; # unless $no_bio;
+$crypto.=" crypto/dso/dso.h" ; # unless $no_dso;
+$crypto.=" crypto/lhash/lhash.h" ; # unless $no_lhash;
+$crypto.=" crypto/conf/conf.h";
+$crypto.=" crypto/txt_db/txt_db.h";
+
+$crypto.=" crypto/evp/evp.h" ; # unless $no_evp;
+$crypto.=" crypto/objects/objects.h";
+$crypto.=" crypto/pem/pem.h";
+#$crypto.=" crypto/meth/meth.h";
+$crypto.=" crypto/asn1/asn1.h";
+$crypto.=" crypto/asn1/asn1t.h";
+$crypto.=" crypto/asn1/asn1_mac.h";
+$crypto.=" crypto/err/err.h" ; # unless $no_err;
+$crypto.=" crypto/pkcs7/pkcs7.h";
+$crypto.=" crypto/pkcs12/pkcs12.h";
+$crypto.=" crypto/x509/x509.h";
+$crypto.=" crypto/x509/x509_vfy.h";
+$crypto.=" crypto/x509v3/x509v3.h";
+$crypto.=" crypto/ts/ts.h";
+$crypto.=" crypto/rand/rand.h";
+$crypto.=" crypto/comp/comp.h" ; # unless $no_comp;
+$crypto.=" crypto/ocsp/ocsp.h";
+$crypto.=" crypto/ui/ui.h crypto/ui/ui_compat.h";
+$crypto.=" crypto/krb5/krb5_asn.h";
+#$crypto.=" crypto/store/store.h";
+$crypto.=" crypto/pqueue/pqueue.h";
+$crypto.=" crypto/cms/cms.h";
+$crypto.=" crypto/jpake/jpake.h";
+$crypto.=" crypto/modes/modes.h";
+$crypto.=" crypto/srp/srp.h";
+
+my $symhacks="crypto/symhacks.h";
+
+my @ssl_symbols = &do_defs("SSLEAY", $ssl, $symhacks);
+my @crypto_symbols = &do_defs("LIBEAY", $crypto, $symhacks);
+
+if ($do_update) {
+
+if ($do_ssl == 1) {
+
+	&maybe_add_info("SSLEAY",*ssl_list, at ssl_symbols);
+	if ($do_rewrite == 1) {
+		open(OUT, ">$ssl_num");
+		&rewrite_numbers(*OUT,"SSLEAY",*ssl_list, at ssl_symbols);
+	} else {
+		open(OUT, ">>$ssl_num");
+	}
+	&update_numbers(*OUT,"SSLEAY",*ssl_list,$max_ssl, at ssl_symbols);
+	close OUT;
+}
+
+if($do_crypto == 1) {
+
+	&maybe_add_info("LIBEAY",*crypto_list, at crypto_symbols);
+	if ($do_rewrite == 1) {
+		open(OUT, ">$crypto_num");
+		&rewrite_numbers(*OUT,"LIBEAY",*crypto_list, at crypto_symbols);
+	} else {
+		open(OUT, ">>$crypto_num");
+	}
+	&update_numbers(*OUT,"LIBEAY",*crypto_list,$max_crypto, at crypto_symbols);
+	close OUT;
+} 
+
+} elsif ($do_checkexist) {
+	&check_existing(*ssl_list, @ssl_symbols)
+		if $do_ssl == 1;
+	&check_existing(*crypto_list, @crypto_symbols)
+		if $do_crypto == 1;
+} elsif ($do_ctest || $do_ctestall) {
+
+	print <<"EOF";
+
+/* Test file to check all DEF file symbols are present by trying
+ * to link to all of them. This is *not* intended to be run!
+ */
+
+int main()
+{
+EOF
+	&print_test_file(*STDOUT,"SSLEAY",*ssl_list,$do_ctestall, at ssl_symbols)
+		if $do_ssl == 1;
+
+	&print_test_file(*STDOUT,"LIBEAY",*crypto_list,$do_ctestall, at crypto_symbols)
+		if $do_crypto == 1;
+
+	print "}\n";
+
+} else {
+
+	&print_def_file(*STDOUT,$libname,*ssl_list, at ssl_symbols)
+		if $do_ssl == 1;
+
+	&print_def_file(*STDOUT,$libname,*crypto_list, at crypto_symbols)
+		if $do_crypto == 1;
+
+}
+
+
+sub do_defs
+{
+	my($name,$files,$symhacksfile)=@_;
+	my $file;
+	my @ret;
+	my %syms;
+	my %platform;		# For anything undefined, we assume ""
+	my %kind;		# For anything undefined, we assume "FUNCTION"
+	my %algorithm;		# For anything undefined, we assume ""
+	my %variant;
+	my %variant_cnt;	# To be able to allocate "name{n}" if "name"
+				# is the same name as the original.
+	my $cpp;
+	my %unknown_algorithms = ();
+
+	foreach $file (split(/\s+/,$symhacksfile." ".$files))
+		{
+		print STDERR "DEBUG: starting on $file:\n" if $debug;
+		open(IN,"<$file") || die "unable to open $file:$!\n";
+		my $line = "", my $def= "";
+		my %tag = (
+			(map { $_ => 0 } @known_platforms),
+			(map { "OPENSSL_SYS_".$_ => 0 } @known_ossl_platforms),
+			(map { "OPENSSL_NO_".$_ => 0 } @known_algorithms),
+			NOPROTO		=> 0,
+			PERL5		=> 0,
+			_WINDLL		=> 0,
+			CONST_STRICT	=> 0,
+			TRUE		=> 1,
+		);
+		my $symhacking = $file eq $symhacksfile;
+		my @current_platforms = ();
+		my @current_algorithms = ();
+
+		# params: symbol, alias, platforms, kind
+		# The reason to put this subroutine in a variable is that
+		# it will otherwise create it's own, unshared, version of
+		# %tag and %variant...
+		my $make_variant = sub
+		{
+			my ($s, $a, $p, $k) = @_;
+			my ($a1, $a2);
+
+			print STDERR "DEBUG: make_variant: Entered with ",$s,", ",$a,", ",(defined($p)?$p:""),", ",(defined($k)?$k:""),"\n" if $debug;
+			if (defined($p))
+			{
+				$a1 = join(",",$p,
+					   grep(!/^$/,
+						map { $tag{$_} == 1 ? $_ : "" }
+						@known_platforms));
+			}
+			else
+			{
+				$a1 = join(",",
+					   grep(!/^$/,
+						map { $tag{$_} == 1 ? $_ : "" }
+						@known_platforms));
+			}
+			$a2 = join(",",
+				   grep(!/^$/,
+					map { $tag{"OPENSSL_SYS_".$_} == 1 ? $_ : "" }
+					@known_ossl_platforms));
+			print STDERR "DEBUG: make_variant: a1 = $a1; a2 = $a2\n" if $debug;
+			if ($a1 eq "") { $a1 = $a2; }
+			elsif ($a1 ne "" && $a2 ne "") { $a1 .= ",".$a2; }
+			if ($a eq $s)
+			{
+				if (!defined($variant_cnt{$s}))
+				{
+					$variant_cnt{$s} = 0;
+				}
+				$variant_cnt{$s}++;
+				$a .= "{$variant_cnt{$s}}";
+			}
+			my $toadd = $a.":".$a1.(defined($k)?":".$k:"");
+			my $togrep = $s.'(\{[0-9]+\})?:'.$a1.(defined($k)?":".$k:"");
+			if (!grep(/^$togrep$/,
+				  split(/;/, defined($variant{$s})?$variant{$s}:""))) {
+				if (defined($variant{$s})) { $variant{$s} .= ";"; }
+				$variant{$s} .= $toadd;
+			}
+			print STDERR "DEBUG: make_variant: Exit with variant of ",$s," = ",$variant{$s},"\n" if $debug;
+		};
+
+		print STDERR "DEBUG: parsing ----------\n" if $debug;
+		while(<IN>) {
+			if (/\/\* Error codes for the \w+ functions\. \*\//)
+				{
+				undef @tag;
+				last;
+				}
+			if ($line ne '') {
+				$_ = $line . $_;
+				$line = '';
+			}
+
+			if (/\\$/) {
+				chomp; # remove eol
+				chop; # remove ending backslash
+				$line = $_;
+				next;
+			}
+
+			if(/\/\*/) {
+				if (not /\*\//) {	# multiline comment...
+					$line = $_;	# ... just accumulate
+					next;
+				} else {
+					s/\/\*.*?\*\///gs;# wipe it
+				}
+			}
+
+			if ($cpp) {
+				$cpp++ if /^#\s*if/;
+				$cpp-- if /^#\s*endif/;
+				next;
+	    		}
+			$cpp = 1 if /^#.*ifdef.*cplusplus/;
+
+			s/{[^{}]*}//gs;                      # ignore {} blocks
+			print STDERR "DEBUG: \$def=\"$def\"\n" if $debug && $def ne "";
+			print STDERR "DEBUG: \$_=\"$_\"\n" if $debug;
+			if (/^\#\s*ifndef\s+(.*)/) {
+				push(@tag,"-");
+				push(@tag,$1);
+				$tag{$1}=-1;
+				print STDERR "DEBUG: $file: found tag $1 = -1\n" if $debug;
+			} elsif (/^\#\s*if\s+!defined\(([^\)]+)\)/) {
+				push(@tag,"-");
+				if (/^\#\s*if\s+(!defined\(([^\)]+)\)(\s+\&\&\s+!defined\(([^\)]+)\))*)$/) {
+					my $tmp_1 = $1;
+					my $tmp_;
+					foreach $tmp_ (split '\&\&',$tmp_1) {
+						$tmp_ =~ /!defined\(([^\)]+)\)/;
+						print STDERR "DEBUG: $file: found tag $1 = -1\n" if $debug;
+						push(@tag,$1);
+						$tag{$1}=-1;
+					}
+				} else {
+					print STDERR "Warning: $file: complicated expression: $_" if $debug; # because it is O...
+					print STDERR "DEBUG: $file: found tag $1 = -1\n" if $debug;
+					push(@tag,$1);
+					$tag{$1}=-1;
+				}
+			} elsif (/^\#\s*ifdef\s+(\S*)/) {
+				push(@tag,"-");
+				push(@tag,$1);
+				$tag{$1}=1;
+				print STDERR "DEBUG: $file: found tag $1 = 1\n" if $debug;
+			} elsif (/^\#\s*if\s+defined\(([^\)]+)\)/) {
+				push(@tag,"-");
+				if (/^\#\s*if\s+(defined\(([^\)]+)\)(\s+\|\|\s+defined\(([^\)]+)\))*)$/) {
+					my $tmp_1 = $1;
+					my $tmp_;
+					foreach $tmp_ (split '\|\|',$tmp_1) {
+						$tmp_ =~ /defined\(([^\)]+)\)/;
+						print STDERR "DEBUG: $file: found tag $1 = 1\n" if $debug;
+						push(@tag,$1);
+						$tag{$1}=1;
+					}
+				} else {
+					print STDERR "Warning: $file: complicated expression: $_\n" if $debug; # because it is O...
+					print STDERR "DEBUG: $file: found tag $1 = 1\n" if $debug;
+					push(@tag,$1);
+					$tag{$1}=1;
+				}
+			} elsif (/^\#\s*error\s+(\w+) is disabled\./) {
+				my $tag_i = $#tag;
+				while($tag[$tag_i] ne "-") {
+					if ($tag[$tag_i] eq "OPENSSL_NO_".$1) {
+						$tag{$tag[$tag_i]}=2;
+						print STDERR "DEBUG: $file: chaged tag $1 = 2\n" if $debug;
+					}
+					$tag_i--;
+				}
+			} elsif (/^\#\s*endif/) {
+				my $tag_i = $#tag;
+				while($tag_i > 0 && $tag[$tag_i] ne "-") {
+					my $t=$tag[$tag_i];
+					print STDERR "DEBUG: \$t=\"$t\"\n" if $debug;
+					if ($tag{$t}==2) {
+						$tag{$t}=-1;
+					} else {
+						$tag{$t}=0;
+					}
+					print STDERR "DEBUG: $file: changed tag ",$t," = ",$tag{$t},"\n" if $debug;
+					pop(@tag);
+					if ($t =~ /^OPENSSL_NO_([A-Z0-9_]+)$/) {
+						$t=$1;
+					} else {
+						$t="";
+					}
+					if ($t ne ""
+					    && !grep(/^$t$/, @known_algorithms)) {
+						$unknown_algorithms{$t} = 1;
+						#print STDERR "DEBUG: Added as unknown algorithm: $t\n" if $debug;
+					}
+					$tag_i--;
+				}
+				pop(@tag);
+			} elsif (/^\#\s*else/) {
+				my $tag_i = $#tag;
+				while($tag[$tag_i] ne "-") {
+					my $t=$tag[$tag_i];
+					$tag{$t}= -$tag{$t};
+					print STDERR "DEBUG: $file: changed tag ",$t," = ",$tag{$t},"\n" if $debug;
+					$tag_i--;
+				}
+			} elsif (/^\#\s*if\s+1/) {
+				push(@tag,"-");
+				# Dummy tag
+				push(@tag,"TRUE");
+				$tag{"TRUE"}=1;
+				print STDERR "DEBUG: $file: found 1\n" if $debug;
+			} elsif (/^\#\s*if\s+0/) {
+				push(@tag,"-");
+				# Dummy tag
+				push(@tag,"TRUE");
+				$tag{"TRUE"}=-1;
+				print STDERR "DEBUG: $file: found 0\n" if $debug;
+			} elsif (/^\#\s*define\s+(\w+)\s+(\w+)/
+				 && $symhacking && $tag{'TRUE'} != -1) {
+				# This is for aliasing.  When we find an alias,
+				# we have to invert
+				&$make_variant($1,$2);
+				print STDERR "DEBUG: $file: defined $1 = $2\n" if $debug;
+			}
+			if (/^\#/) {
+				@current_platforms =
+				    grep(!/^$/,
+					 map { $tag{$_} == 1 ? $_ :
+						   $tag{$_} == -1 ? "!".$_  : "" }
+					 @known_platforms);
+				push @current_platforms
+				    , grep(!/^$/,
+					   map { $tag{"OPENSSL_SYS_".$_} == 1 ? $_ :
+						     $tag{"OPENSSL_SYS_".$_} == -1 ? "!".$_  : "" }
+					   @known_ossl_platforms);
+				@current_algorithms =
+				    grep(!/^$/,
+					 map { $tag{"OPENSSL_NO_".$_} == -1 ? $_ : "" }
+					 @known_algorithms);
+				$def .=
+				    "#INFO:"
+					.join(',', at current_platforms).":"
+					    .join(',', at current_algorithms).";";
+				next;
+			}
+			if ($tag{'TRUE'} != -1) {
+				if (/^\s*DECLARE_STACK_OF\s*\(\s*(\w*)\s*\)/) {
+					next;
+				} elsif (/^\s*DECLARE_ASN1_ENCODE_FUNCTIONS\s*\(\s*(\w*)\s*,\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+					$def .= "int d2i_$3(void);";
+					$def .= "int i2d_$3(void);";
+					# Variant for platforms that do not
+					# have to access globale variables
+					# in shared libraries through functions
+					$def .=
+					    "#INFO:"
+						.join(',',"!EXPORT_VAR_AS_FUNCTION", at current_platforms).":"
+						    .join(',', at current_algorithms).";";
+					$def .= "OPENSSL_EXTERN int $2_it;";
+					$def .=
+					    "#INFO:"
+						.join(',', at current_platforms).":"
+						    .join(',', at current_algorithms).";";
+					# Variant for platforms that have to
+					# access globale variables in shared
+					# libraries through functions
+					&$make_variant("$2_it","$2_it",
+						      "EXPORT_VAR_AS_FUNCTION",
+						      "FUNCTION");
+					next;
+				} elsif (/^\s*DECLARE_ASN1_FUNCTIONS_fname\s*\(\s*(\w*)\s*,\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+					$def .= "int d2i_$3(void);";
+					$def .= "int i2d_$3(void);";
+					$def .= "int $3_free(void);";
+					$def .= "int $3_new(void);";
+					# Variant for platforms that do not
+					# have to access globale variables
+					# in shared libraries through functions
+					$def .=
+					    "#INFO:"
+						.join(',',"!EXPORT_VAR_AS_FUNCTION", at current_platforms).":"
+						    .join(',', at current_algorithms).";";
+					$def .= "OPENSSL_EXTERN int $2_it;";
+					$def .=
+					    "#INFO:"
+						.join(',', at current_platforms).":"
+						    .join(',', at current_algorithms).";";
+					# Variant for platforms that have to
+					# access globale variables in shared
+					# libraries through functions
+					&$make_variant("$2_it","$2_it",
+						      "EXPORT_VAR_AS_FUNCTION",
+						      "FUNCTION");
+					next;
+				} elsif (/^\s*DECLARE_ASN1_FUNCTIONS\s*\(\s*(\w*)\s*\)/ ||
+					 /^\s*DECLARE_ASN1_FUNCTIONS_const\s*\(\s*(\w*)\s*\)/) {
+					$def .= "int d2i_$1(void);";
+					$def .= "int i2d_$1(void);";
+					$def .= "int $1_free(void);";
+					$def .= "int $1_new(void);";
+					# Variant for platforms that do not
+					# have to access globale variables
+					# in shared libraries through functions
+					$def .=
+					    "#INFO:"
+						.join(',',"!EXPORT_VAR_AS_FUNCTION", at current_platforms).":"
+						    .join(',', at current_algorithms).";";
+					$def .= "OPENSSL_EXTERN int $1_it;";
+					$def .=
+					    "#INFO:"
+						.join(',', at current_platforms).":"
+						    .join(',', at current_algorithms).";";
+					# Variant for platforms that have to
+					# access globale variables in shared
+					# libraries through functions
+					&$make_variant("$1_it","$1_it",
+						      "EXPORT_VAR_AS_FUNCTION",
+						      "FUNCTION");
+					next;
+				} elsif (/^\s*DECLARE_ASN1_ENCODE_FUNCTIONS_const\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+					$def .= "int d2i_$2(void);";
+					$def .= "int i2d_$2(void);";
+					# Variant for platforms that do not
+					# have to access globale variables
+					# in shared libraries through functions
+					$def .=
+					    "#INFO:"
+						.join(',',"!EXPORT_VAR_AS_FUNCTION", at current_platforms).":"
+						    .join(',', at current_algorithms).";";
+					$def .= "OPENSSL_EXTERN int $2_it;";
+					$def .=
+					    "#INFO:"
+						.join(',', at current_platforms).":"
+						    .join(',', at current_algorithms).";";
+					# Variant for platforms that have to
+					# access globale variables in shared
+					# libraries through functions
+					&$make_variant("$2_it","$2_it",
+						      "EXPORT_VAR_AS_FUNCTION",
+						      "FUNCTION");
+					next;
+				} elsif (/^\s*DECLARE_ASN1_ALLOC_FUNCTIONS\s*\(\s*(\w*)\s*\)/) {
+					$def .= "int $1_free(void);";
+					$def .= "int $1_new(void);";
+					next;
+				} elsif (/^\s*DECLARE_ASN1_FUNCTIONS_name\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+					$def .= "int d2i_$2(void);";
+					$def .= "int i2d_$2(void);";
+					$def .= "int $2_free(void);";
+					$def .= "int $2_new(void);";
+					# Variant for platforms that do not
+					# have to access globale variables
+					# in shared libraries through functions
+					$def .=
+					    "#INFO:"
+						.join(',',"!EXPORT_VAR_AS_FUNCTION", at current_platforms).":"
+						    .join(',', at current_algorithms).";";
+					$def .= "OPENSSL_EXTERN int $2_it;";
+					$def .=
+					    "#INFO:"
+						.join(',', at current_platforms).":"
+						    .join(',', at current_algorithms).";";
+					# Variant for platforms that have to
+					# access globale variables in shared
+					# libraries through functions
+					&$make_variant("$2_it","$2_it",
+						      "EXPORT_VAR_AS_FUNCTION",
+						      "FUNCTION");
+					next;
+				} elsif (/^\s*DECLARE_ASN1_ITEM\s*\(\s*(\w*)\s*\)/) {
+					# Variant for platforms that do not
+					# have to access globale variables
+					# in shared libraries through functions
+					$def .=
+					    "#INFO:"
+						.join(',',"!EXPORT_VAR_AS_FUNCTION", at current_platforms).":"
+						    .join(',', at current_algorithms).";";
+					$def .= "OPENSSL_EXTERN int $1_it;";
+					$def .=
+					    "#INFO:"
+						.join(',', at current_platforms).":"
+						    .join(',', at current_algorithms).";";
+					# Variant for platforms that have to
+					# access globale variables in shared
+					# libraries through functions
+					&$make_variant("$1_it","$1_it",
+						      "EXPORT_VAR_AS_FUNCTION",
+						      "FUNCTION");
+					next;
+				} elsif (/^\s*DECLARE_ASN1_NDEF_FUNCTION\s*\(\s*(\w*)\s*\)/) {
+					$def .= "int i2d_$1_NDEF(void);";
+				} elsif (/^\s*DECLARE_ASN1_SET_OF\s*\(\s*(\w*)\s*\)/) {
+					next;
+				} elsif (/^\s*DECLARE_ASN1_PRINT_FUNCTION\s*\(\s*(\w*)\s*\)/) {
+					$def .= "int $1_print_ctx(void);";
+					next;
+				} elsif (/^\s*DECLARE_ASN1_PRINT_FUNCTION_name\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+					$def .= "int $2_print_ctx(void);";
+					next;
+				} elsif (/^\s*DECLARE_PKCS12_STACK_OF\s*\(\s*(\w*)\s*\)/) {
+					next;
+				} elsif (/^DECLARE_PEM_rw\s*\(\s*(\w*)\s*,/ ||
+					 /^DECLARE_PEM_rw_cb\s*\(\s*(\w*)\s*,/ ||
+					 /^DECLARE_PEM_rw_const\s*\(\s*(\w*)\s*,/ ) {
+					# Things not in Win16
+					$def .=
+					    "#INFO:"
+						.join(',',"!WIN16", at current_platforms).":"
+						    .join(',', at current_algorithms).";";
+					$def .= "int PEM_read_$1(void);";
+					$def .= "int PEM_write_$1(void);";
+					$def .=
+					    "#INFO:"
+						.join(',', at current_platforms).":"
+						    .join(',', at current_algorithms).";";
+					# Things that are everywhere
+					$def .= "int PEM_read_bio_$1(void);";
+					$def .= "int PEM_write_bio_$1(void);";
+					next;
+				} elsif (/^DECLARE_PEM_write\s*\(\s*(\w*)\s*,/ ||
+					 /^DECLARE_PEM_write_cb\s*\(\s*(\w*)\s*,/ ) {
+					# Things not in Win16
+					$def .=
+					    "#INFO:"
+						.join(',',"!WIN16", at current_platforms).":"
+						    .join(',', at current_algorithms).";";
+					$def .= "int PEM_write_$1(void);";
+					$def .=
+					    "#INFO:"
+						.join(',', at current_platforms).":"
+						    .join(',', at current_algorithms).";";
+					# Things that are everywhere
+					$def .= "int PEM_write_bio_$1(void);";
+					next;
+				} elsif (/^DECLARE_PEM_read\s*\(\s*(\w*)\s*,/ ||
+					 /^DECLARE_PEM_read_cb\s*\(\s*(\w*)\s*,/ ) {
+					# Things not in Win16
+					$def .=
+					    "#INFO:"
+						.join(',',"!WIN16", at current_platforms).":"
+						    .join(',', at current_algorithms).";";
+					$def .= "int PEM_read_$1(void);";
+					$def .=
+					    "#INFO:"
+						.join(',', at current_platforms).":"
+						    .join(',', at current_algorithms).";";
+					# Things that are everywhere
+					$def .= "int PEM_read_bio_$1(void);";
+					next;
+				} elsif (/^OPENSSL_DECLARE_GLOBAL\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+					# Variant for platforms that do not
+					# have to access globale variables
+					# in shared libraries through functions
+					$def .=
+					    "#INFO:"
+						.join(',',"!EXPORT_VAR_AS_FUNCTION", at current_platforms).":"
+						    .join(',', at current_algorithms).";";
+					$def .= "OPENSSL_EXTERN int _shadow_$2;";
+					$def .=
+					    "#INFO:"
+						.join(',', at current_platforms).":"
+						    .join(',', at current_algorithms).";";
+					# Variant for platforms that have to
+					# access globale variables in shared
+					# libraries through functions
+					&$make_variant("_shadow_$2","_shadow_$2",
+						      "EXPORT_VAR_AS_FUNCTION",
+						      "FUNCTION");
+				} elsif ($tag{'CONST_STRICT'} != 1) {
+					if (/\{|\/\*|\([^\)]*$/) {
+						$line = $_;
+					} else {
+						$def .= $_;
+					}
+				}
+			}
+		}
+		close(IN);
+
+		my $algs;
+		my $plays;
+
+		print STDERR "DEBUG: postprocessing ----------\n" if $debug;
+		foreach (split /;/, $def) {
+			my $s; my $k = "FUNCTION"; my $p; my $a;
+			s/^[\n\s]*//g;
+			s/[\n\s]*$//g;
+			next if(/\#undef/);
+			next if(/typedef\W/);
+			next if(/\#define/);
+
+			# Reduce argument lists to empty ()
+			# fold round brackets recursively: (t(*v)(t),t) -> (t{}{},t) -> {}
+			while(/\(.*\)/s) {
+				s/\([^\(\)]+\)/\{\}/gs;
+				s/\(\s*\*\s*(\w+)\s*\{\}\s*\)/$1/gs;	#(*f{}) -> f
+			}
+			# pretend as we didn't use curly braces: {} -> ()
+			s/\{\}/\(\)/gs;
+
+			s/STACK_OF\(\)/void/gs;
+			s/LHASH_OF\(\)/void/gs;
+
+			print STDERR "DEBUG: \$_ = \"$_\"\n" if $debug;
+			if (/^\#INFO:([^:]*):(.*)$/) {
+				$plats = $1;
+				$algs = $2;
+				print STDERR "DEBUG: found info on platforms ($plats) and algorithms ($algs)\n" if $debug;
+				next;
+			} elsif (/^\s*OPENSSL_EXTERN\s.*?(\w+(\{[0-9]+\})?)(\[[0-9]*\])*\s*$/) {
+				$s = $1;
+				$k = "VARIABLE";
+				print STDERR "DEBUG: found external variable $s\n" if $debug;
+			} elsif (/TYPEDEF_\w+_OF/s) {
+				next;
+			} elsif (/(\w+)\s*\(\).*/s) {	# first token prior [first] () is
+				$s = $1;		# a function name!
+				print STDERR "DEBUG: found function $s\n" if $debug;
+			} elsif (/\(/ and not (/=/)) {
+				print STDERR "File $file: cannot parse: $_;\n";
+				next;
+			} else {
+				next;
+			}
+
+			$syms{$s} = 1;
+			$kind{$s} = $k;
+
+			$p = $plats;
+			$a = $algs;
+			$a .= ",BF" if($s =~ /EVP_bf/);
+			$a .= ",CAST" if($s =~ /EVP_cast/);
+			$a .= ",DES" if($s =~ /EVP_des/);
+			$a .= ",DSA" if($s =~ /EVP_dss/);
+			$a .= ",IDEA" if($s =~ /EVP_idea/);
+			$a .= ",MD2" if($s =~ /EVP_md2/);
+			$a .= ",MD4" if($s =~ /EVP_md4/);
+			$a .= ",MD5" if($s =~ /EVP_md5/);
+			$a .= ",RC2" if($s =~ /EVP_rc2/);
+			$a .= ",RC4" if($s =~ /EVP_rc4/);
+			$a .= ",RC5" if($s =~ /EVP_rc5/);
+			$a .= ",RIPEMD" if($s =~ /EVP_ripemd/);
+			$a .= ",SHA" if($s =~ /EVP_sha/);
+			$a .= ",RSA" if($s =~ /EVP_(Open|Seal)(Final|Init)/);
+			$a .= ",RSA" if($s =~ /PEM_Seal(Final|Init|Update)/);
+			$a .= ",RSA" if($s =~ /RSAPrivateKey/);
+			$a .= ",RSA" if($s =~ /SSLv23?_((client|server)_)?method/);
+
+			$platform{$s} =
+			    &reduce_platforms((defined($platform{$s})?$platform{$s}.',':"").$p);
+			$algorithm{$s} .= ','.$a;
+
+			if (defined($variant{$s})) {
+				foreach $v (split /;/,$variant{$s}) {
+					(my $r, my $p, my $k) = split(/:/,$v);
+					my $ip = join ',',map({ /^!(.*)$/ ? $1 : "!".$_ } split /,/, $p);
+					$syms{$r} = 1;
+					if (!defined($k)) { $k = $kind{$s}; }
+					$kind{$r} = $k."(".$s.")";
+					$algorithm{$r} = $algorithm{$s};
+					$platform{$r} = &reduce_platforms($platform{$s}.",".$p.",".$p);
+					$platform{$s} = &reduce_platforms($platform{$s}.','.$ip.','.$ip);
+					print STDERR "DEBUG: \$variant{\"$s\"} = ",$v,"; \$r = $r; \$p = ",$platform{$r},"; \$a = ",$algorithm{$r},"; \$kind = ",$kind{$r},"\n" if $debug;
+				}
+			}
+			print STDERR "DEBUG: \$s = $s; \$p = ",$platform{$s},"; \$a = ",$algorithm{$s},"; \$kind = ",$kind{$s},"\n" if $debug;
+		}
+	}
+
+	# Prune the returned symbols
+
+        delete $syms{"bn_dump1"};
+	$platform{"BIO_s_log"} .= ",!WIN32,!WIN16,!macintosh";
+
+	$platform{"PEM_read_NS_CERT_SEQ"} = "VMS";
+	$platform{"PEM_write_NS_CERT_SEQ"} = "VMS";
+	$platform{"PEM_read_P8_PRIV_KEY_INFO"} = "VMS";
+	$platform{"PEM_write_P8_PRIV_KEY_INFO"} = "VMS";
+	$platform{"EVP_sha384"} = "!VMSVAX";
+	$platform{"EVP_sha512"} = "!VMSVAX";
+	$platform{"SHA384_Init"} = "!VMSVAX";
+	$platform{"SHA384_Transform"} = "!VMSVAX";
+	$platform{"SHA384_Update"} = "!VMSVAX";
+	$platform{"SHA384_Final"} = "!VMSVAX";
+	$platform{"SHA384"} = "!VMSVAX";
+	$platform{"SHA512_Init"} = "!VMSVAX";
+	$platform{"SHA512_Transform"} = "!VMSVAX";
+	$platform{"SHA512_Update"} = "!VMSVAX";
+	$platform{"SHA512_Final"} = "!VMSVAX";
+	$platform{"SHA512"} = "!VMSVAX";
+	$platform{"WHIRLPOOL_Init"} = "!VMSVAX";
+	$platform{"WHIRLPOOL"} = "!VMSVAX";
+	$platform{"WHIRLPOOL_BitUpdate"} = "!VMSVAX";
+	$platform{"EVP_whirlpool"} = "!VMSVAX";
+	$platform{"WHIRLPOOL_Final"} = "!VMSVAX";
+	$platform{"WHIRLPOOL_Update"} = "!VMSVAX";
+
+
+	# Info we know about
+
+	push @ret, map { $_."\\".&info_string($_,"EXIST",
+					      $platform{$_},
+					      $kind{$_},
+					      $algorithm{$_}) } keys %syms;
+
+	if (keys %unknown_algorithms) {
+		print STDERR "WARNING: mkdef.pl doesn't know the following algorithms:\n";
+		print STDERR "\t",join("\n\t",keys %unknown_algorithms),"\n";
+	}
+	return(@ret);
+}
+
+# Param: string of comma-separated platform-specs.
+sub reduce_platforms
+{
+	my ($platforms) = @_;
+	my $pl = defined($platforms) ? $platforms : "";
+	my %p = map { $_ => 0 } split /,/, $pl;
+	my $ret;
+
+	print STDERR "DEBUG: Entered reduce_platforms with \"$platforms\"\n"
+	    if $debug;
+	# We do this, because if there's code like the following, it really
+	# means the function exists in all cases and should therefore be
+	# everywhere.  By increasing and decreasing, we may attain 0:
+	#
+	# ifndef WIN16
+	#    int foo();
+	# else
+	#    int _fat foo();
+	# endif
+	foreach $platform (split /,/, $pl) {
+		if ($platform =~ /^!(.*)$/) {
+			$p{$1}--;
+		} else {
+			$p{$platform}++;
+		}
+	}
+	foreach $platform (keys %p) {
+		if ($p{$platform} == 0) { delete $p{$platform}; }
+	}
+
+	delete $p{""};
+
+	$ret = join(',',sort(map { $p{$_} < 0 ? "!".$_ : $_ } keys %p));
+	print STDERR "DEBUG: Exiting reduce_platforms with \"$ret\"\n"
+	    if $debug;
+	return $ret;
+}
+
+sub info_string {
+	(my $symbol, my $exist, my $platforms, my $kind, my $algorithms) = @_;
+
+	my %a = defined($algorithms) ?
+	    map { $_ => 1 } split /,/, $algorithms : ();
+	my $k = defined($kind) ? $kind : "FUNCTION";
+	my $ret;
+	my $p = &reduce_platforms($platforms);
+
+	delete $a{""};
+
+	$ret = $exist;
+	$ret .= ":".$p;
+	$ret .= ":".$k;
+	$ret .= ":".join(',',sort keys %a);
+	return $ret;
+}
+
+sub maybe_add_info {
+	(my $name, *nums, my @symbols) = @_;
+	my $sym;
+	my $new_info = 0;
+	my %syms=();
+
+	print STDERR "Updating $name info\n";
+	foreach $sym (@symbols) {
+		(my $s, my $i) = split /\\/, $sym;
+		if (defined($nums{$s})) {
+			$i =~ s/^(.*?:.*?:\w+)(\(\w+\))?/$1/;
+			(my $n, my $dummy) = split /\\/, $nums{$s};
+			if (!defined($dummy) || $i ne $dummy) {
+				$nums{$s} = $n."\\".$i;
+				$new_info++;
+				print STDERR "DEBUG: maybe_add_info for $s: \"$dummy\" => \"$i\"\n" if $debug;
+			}
+		}
+		$syms{$s} = 1;
+	}
+
+	my @s=sort { &parse_number($nums{$a},"n") <=> &parse_number($nums{$b},"n") } keys %nums;
+	foreach $sym (@s) {
+		(my $n, my $i) = split /\\/, $nums{$sym};
+		if (!defined($syms{$sym}) && $i !~ /^NOEXIST:/) {
+			$new_info++;
+			print STDERR "DEBUG: maybe_add_info for $sym: -> undefined\n" if $debug;
+		}
+	}
+	if ($new_info) {
+		print STDERR "$new_info old symbols got an info update\n";
+		if (!$do_rewrite) {
+			print STDERR "You should do a rewrite to fix this.\n";
+		}
+	} else {
+		print STDERR "No old symbols needed info update\n";
+	}
+}
+
+# Param: string of comma-separated keywords, each possibly prefixed with a "!"
+sub is_valid
+{
+	my ($keywords_txt,$platforms) = @_;
+	my (@keywords) = split /,/,$keywords_txt;
+	my ($falsesum, $truesum) = (0, 1);
+
+	# Param: one keyword
+	sub recognise
+	{
+		my ($keyword,$platforms) = @_;
+
+		if ($platforms) {
+			# platforms
+			if ($keyword eq "VMSVAX" && $VMSVAX) { return 1; }
+			if ($keyword eq "VMSNonVAX" && $VMSNonVAX) { return 1; }
+			if ($keyword eq "VMS" && $VMS) { return 1; }
+			if ($keyword eq "WIN32" && $W32) { return 1; }
+			if ($keyword eq "WIN16" && $W16) { return 1; }
+			if ($keyword eq "WINNT" && $NT) { return 1; }
+			if ($keyword eq "OS2" && $OS2) { return 1; }
+			# Special platforms:
+			# EXPORT_VAR_AS_FUNCTION means that global variables
+			# will be represented as functions.  This currently
+			# only happens on VMS-VAX.
+			if ($keyword eq "EXPORT_VAR_AS_FUNCTION" && ($VMSVAX || $W32 || $W16)) {
+				return 1;
+			}
+			if ($keyword eq "OPENSSL_FIPS" && $fips) {
+				return 1;
+			}
+			if ($keyword eq "ZLIB" && $zlib) { return 1; }
+			return 0;
+		} else {
+			# algorithms
+			if ($keyword eq "RC2" && $no_rc2) { return 0; }
+			if ($keyword eq "RC4" && $no_rc4) { return 0; }
+			if ($keyword eq "RC5" && $no_rc5) { return 0; }
+			if ($keyword eq "IDEA" && $no_idea) { return 0; }
+			if ($keyword eq "DES" && $no_des) { return 0; }
+			if ($keyword eq "BF" && $no_bf) { return 0; }
+			if ($keyword eq "CAST" && $no_cast) { return 0; }
+			if ($keyword eq "MD2" && $no_md2) { return 0; }
+			if ($keyword eq "MD4" && $no_md4) { return 0; }
+			if ($keyword eq "MD5" && $no_md5) { return 0; }
+			if ($keyword eq "SHA" && $no_sha) { return 0; }
+			if ($keyword eq "RIPEMD" && $no_ripemd) { return 0; }
+			if ($keyword eq "MDC2" && $no_mdc2) { return 0; }
+			if ($keyword eq "WHIRLPOOL" && $no_whirlpool) { return 0; }
+			if ($keyword eq "RSA" && $no_rsa) { return 0; }
+			if ($keyword eq "DSA" && $no_dsa) { return 0; }
+			if ($keyword eq "DH" && $no_dh) { return 0; }
+			if ($keyword eq "EC" && $no_ec) { return 0; }
+			if ($keyword eq "ECDSA" && $no_ecdsa) { return 0; }
+			if ($keyword eq "ECDH" && $no_ecdh) { return 0; }
+			if ($keyword eq "HMAC" && $no_hmac) { return 0; }
+			if ($keyword eq "AES" && $no_aes) { return 0; }
+			if ($keyword eq "CAMELLIA" && $no_camellia) { return 0; }
+			if ($keyword eq "SEED" && $no_seed) { return 0; }
+			if ($keyword eq "EVP" && $no_evp) { return 0; }
+			if ($keyword eq "LHASH" && $no_lhash) { return 0; }
+			if ($keyword eq "STACK" && $no_stack) { return 0; }
+			if ($keyword eq "ERR" && $no_err) { return 0; }
+			if ($keyword eq "BUFFER" && $no_buffer) { return 0; }
+			if ($keyword eq "BIO" && $no_bio) { return 0; }
+			if ($keyword eq "COMP" && $no_comp) { return 0; }
+			if ($keyword eq "DSO" && $no_dso) { return 0; }
+			if ($keyword eq "KRB5" && $no_krb5) { return 0; }
+			if ($keyword eq "ENGINE" && $no_engine) { return 0; }
+			if ($keyword eq "HW" && $no_hw) { return 0; }
+			if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
+			if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }
+			if ($keyword eq "GMP" && $no_gmp) { return 0; }
+			if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; }
+			if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; }
+			if ($keyword eq "PSK" && $no_psk) { return 0; }
+			if ($keyword eq "CMS" && $no_cms) { return 0; }
+			if ($keyword eq "EC2M" && $no_ec2m) { return 0; }
+			if ($keyword eq "NEXTPROTONEG" && $no_nextprotoneg) { return 0; }
+			if ($keyword eq "EC_NISTP_64_GCC_128" && $no_nistp_gcc)
+					{ return 0; }
+			if ($keyword eq "SSL2" && $no_ssl2) { return 0; }
+			if ($keyword eq "SSL2_METHOD" && $no_ssl2_method) { return 0; }
+			if ($keyword eq "SSL3_METHOD" && $no_ssl3_method) { return 0; }
+			if ($keyword eq "CAPIENG" && $no_capieng) { return 0; }
+			if ($keyword eq "JPAKE" && $no_jpake) { return 0; }
+			if ($keyword eq "SRP" && $no_srp) { return 0; }
+			if ($keyword eq "SCTP" && $no_sctp) { return 0; }
+			if ($keyword eq "SRTP" && $no_srtp) { return 0; }
+			if ($keyword eq "UNIT_TEST" && $no_unit_test) { return 0; }
+			if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; }
+
+			# Nothing recognise as true
+			return 1;
+		}
+	}
+
+	foreach $k (@keywords) {
+		if ($k =~ /^!(.*)$/) {
+			$falsesum += &recognise($1,$platforms);
+		} else {
+			$truesum *= &recognise($k,$platforms);
+		}
+	}
+	print STDERR "DEBUG: [",$#keywords,",",$#keywords < 0,"] is_valid($keywords_txt) => (\!$falsesum) && $truesum = ",(!$falsesum) && $truesum,"\n" if $debug;
+	return (!$falsesum) && $truesum;
+}
+
+sub print_test_file
+{
+	(*OUT,my $name,*nums,my $testall,my @symbols)=@_;
+	my $n = 1; my @e; my @r;
+	my $sym; my $prev = ""; my $prefSSLeay;
+
+	(@e)=grep(/^SSLeay(\{[0-9]+\})?\\.*?:.*?:.*/, at symbols);
+	(@r)=grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:.*/ && !/^SSLeay(\{[0-9]+\})?\\.*?:.*?:.*/, at symbols);
+	@symbols=((sort @e),(sort @r));
+
+	foreach $sym (@symbols) {
+		(my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
+		my $v = 0;
+		$v = 1 if $i=~ /^.*?:.*?:VARIABLE/;
+		my $p = ($i =~ /^[^:]*:([^:]*):/,$1);
+		my $a = ($i =~ /^[^:]*:[^:]*:[^:]*:([^:]*)/,$1);
+		if (!defined($nums{$s})) {
+			print STDERR "Warning: $s does not have a number assigned\n"
+			    if(!$do_update);
+		} elsif (is_valid($p,1) && is_valid($a,0)) {
+			my $s2 = ($s =~ /^(.*?)(\{[0-9]+\})?$/, $1);
+			if ($prev eq $s2) {
+				print OUT "\t/* The following has already appeared previously */\n";
+				print STDERR "Warning: Symbol '",$s2,"' redefined. old=",($nums{$prev} =~ /^(.*?)\\/,$1),", new=",($nums{$s2} =~ /^(.*?)\\/,$1),"\n";
+			}
+			$prev = $s2;	# To warn about duplicates...
+
+			($nn,$ni)=($nums{$s2} =~ /^(.*?)\\(.*)$/);
+			if ($v) {
+				print OUT "\textern int $s2; /* type unknown */ /* $nn $ni */\n";
+			} else {
+				print OUT "\textern int $s2(); /* type unknown */ /* $nn $ni */\n";
+			}
+		}
+	}
+}
+
+sub get_version {
+   local *MF;
+   my $v = '?';
+   open MF, 'Makefile' or return $v;
+   while (<MF>) {
+     $v = $1, last if /^VERSION=(.*?)\s*$/;
+   }
+   close MF;
+   return $v;
+}
+
+sub print_def_file
+{
+	(*OUT,my $name,*nums,my @symbols)=@_;
+	my $n = 1; my @e; my @r; my @v; my $prev="";
+	my $liboptions="";
+	my $libname = $name;
+	my $http_vendor = 'www.openssl.org/';
+	my $version = get_version();
+	my $what = "OpenSSL: implementation of Secure Socket Layer";
+	my $description = "$what $version, $name - http://$http_vendor";
+
+	if ($W32)
+		{ $libname.="32"; }
+	elsif ($W16)
+		{ $libname.="16"; }
+	elsif ($OS2)
+		{ # DLL names should not clash on the whole system.
+		  # However, they should not have any particular relationship
+		  # to the name of the static library.  Chose descriptive names
+		  # (must be at most 8 chars).
+		  my %translate = (ssl => 'open_ssl', crypto => 'cryptssl');
+		  $libname = $translate{$name} || $name;
+		  $liboptions = <<EOO;
+INITINSTANCE
+DATA MULTIPLE NONSHARED
+EOO
+		  # Vendor field can't contain colon, drat; so we omit http://
+		  $description = "\@#$http_vendor:$version#\@$what; DLL for library $name.  Build for EMX -Zmtd";
+		}
+
+	print OUT <<"EOF";
+;
+; Definition file for the DLL version of the $name library from OpenSSL
+;
+
+LIBRARY         $libname	$liboptions
+
+EOF
+
+	if ($W16) {
+		print <<"EOF";
+CODE            PRELOAD MOVEABLE
+DATA            PRELOAD MOVEABLE SINGLE
+
+EXETYPE		WINDOWS
+
+HEAPSIZE	4096
+STACKSIZE	8192
+
+EOF
+	}
+
+	print "EXPORTS\n";
+
+	(@e)=grep(/^SSLeay(\{[0-9]+\})?\\.*?:.*?:FUNCTION/, at symbols);
+	(@r)=grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:FUNCTION/ && !/^SSLeay(\{[0-9]+\})?\\.*?:.*?:FUNCTION/, at symbols);
+	(@v)=grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:VARIABLE/, at symbols);
+	@symbols=((sort @e),(sort @r), (sort @v));
+
+
+	foreach $sym (@symbols) {
+		(my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
+		my $v = 0;
+		$v = 1 if $i =~ /^.*?:.*?:VARIABLE/;
+		if (!defined($nums{$s})) {
+			printf STDERR "Warning: $s does not have a number assigned\n"
+			    if(!$do_update);
+		} else {
+			(my $n, my $dummy) = split /\\/, $nums{$s};
+			my %pf = ();
+			my $p = ($i =~ /^[^:]*:([^:]*):/,$1);
+			my $a = ($i =~ /^[^:]*:[^:]*:[^:]*:([^:]*)/,$1);
+			if (is_valid($p,1) && is_valid($a,0)) {
+				my $s2 = ($s =~ /^(.*?)(\{[0-9]+\})?$/, $1);
+				if ($prev eq $s2) {
+					print STDERR "Warning: Symbol '",$s2,"' redefined. old=",($nums{$prev} =~ /^(.*?)\\/,$1),", new=",($nums{$s2} =~ /^(.*?)\\/,$1),"\n";
+				}
+				$prev = $s2;	# To warn about duplicates...
+				if($v && !$OS2) {
+					printf OUT "    %s%-39s @%-8d DATA\n",($W32)?"":"_",$s2,$n;
+				} else {
+					printf OUT "    %s%-39s @%d\n",($W32||$OS2)?"":"_",$s2,$n;
+				}
+			}
+		}
+	}
+	printf OUT "\n";
+}
+
+sub load_numbers
+{
+	my($name)=@_;
+	my(@a,%ret);
+
+	$max_num = 0;
+	$num_noinfo = 0;
+	$prev = "";
+	$prev_cnt = 0;
+
+	open(IN,"<$name") || die "unable to open $name:$!\n";
+	while (<IN>) {
+		chop;
+		s/#.*$//;
+		next if /^\s*$/;
+		@a=split;
+		if (defined $ret{$a[0]}) {
+			# This is actually perfectly OK
+			#print STDERR "Warning: Symbol '",$a[0],"' redefined. old=",$ret{$a[0]},", new=",$a[1],"\n";
+		}
+		if ($max_num > $a[1]) {
+			print STDERR "Warning: Number decreased from ",$max_num," to ",$a[1],"\n";
+		}
+		elsif ($max_num == $a[1]) {
+			# This is actually perfectly OK
+			#print STDERR "Warning: Symbol ",$a[0]," has same number as previous ",$prev,": ",$a[1],"\n";
+			if ($a[0] eq $prev) {
+				$prev_cnt++;
+				$a[0] .= "{$prev_cnt}";
+			}
+		}
+		else {
+			$prev_cnt = 0;
+		}
+		if ($#a < 2) {
+			# Existence will be proven later, in do_defs
+			$ret{$a[0]}=$a[1];
+			$num_noinfo++;
+		} else {
+			$ret{$a[0]}=$a[1]."\\".$a[2]; # \\ is a special marker
+		}
+		$max_num = $a[1] if $a[1] > $max_num;
+		$prev=$a[0];
+	}
+	if ($num_noinfo) {
+		print STDERR "Warning: $num_noinfo symbols were without info.";
+		if ($do_rewrite) {
+			printf STDERR "  The rewrite will fix this.\n";
+		} else {
+			printf STDERR "  You should do a rewrite to fix this.\n";
+		}
+	}
+	close(IN);
+	return(%ret);
+}
+
+sub parse_number
+{
+	(my $str, my $what) = @_;
+	(my $n, my $i) = split(/\\/,$str);
+	if ($what eq "n") {
+		return $n;
+	} else {
+		return $i;
+	}
+}
+
+sub rewrite_numbers
+{
+	(*OUT,$name,*nums, at symbols)=@_;
+	my $thing;
+
+	print STDERR "Rewriting $name\n";
+
+	my @r = grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:\w+\(\w+\)/, at symbols);
+	my $r; my %r; my %rsyms;
+	foreach $r (@r) {
+		(my $s, my $i) = split /\\/, $r;
+		my $a = $1 if $i =~ /^.*?:.*?:\w+\((\w+)\)/;
+		$i =~ s/^(.*?:.*?:\w+)\(\w+\)/$1/;
+		$r{$a} = $s."\\".$i;
+		$rsyms{$s} = 1;
+	}
+
+	my %syms = ();
+	foreach $_ (@symbols) {
+		(my $n, my $i) = split /\\/;
+		$syms{$n} = 1;
+	}
+
+	my @s=sort {
+	    &parse_number($nums{$a},"n") <=> &parse_number($nums{$b},"n")
+	    || $a cmp $b
+	} keys %nums;
+	foreach $sym (@s) {
+		(my $n, my $i) = split /\\/, $nums{$sym};
+		next if defined($i) && $i =~ /^.*?:.*?:\w+\(\w+\)/;
+		next if defined($rsyms{$sym});
+		print STDERR "DEBUG: rewrite_numbers for sym = ",$sym,": i = ",$i,", n = ",$n,", rsym{sym} = ",$rsyms{$sym},"syms{sym} = ",$syms{$sym},"\n" if $debug;
+		$i="NOEXIST::FUNCTION:"
+			if !defined($i) || $i eq "" || !defined($syms{$sym});
+		my $s2 = $sym;
+		$s2 =~ s/\{[0-9]+\}$//;
+		printf OUT "%s%-39s %d\t%s\n","",$s2,$n,$i;
+		if (exists $r{$sym}) {
+			(my $s, $i) = split /\\/,$r{$sym};
+			my $s2 = $s;
+			$s2 =~ s/\{[0-9]+\}$//;
+			printf OUT "%s%-39s %d\t%s\n","",$s2,$n,$i;
+		}
+	}
+}
+
+sub update_numbers
+{
+	(*OUT,$name,*nums,my $start_num, my @symbols)=@_;
+	my $new_syms = 0;
+
+	print STDERR "Updating $name numbers\n";
+
+	my @r = grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:\w+\(\w+\)/, at symbols);
+	my $r; my %r; my %rsyms;
+	foreach $r (@r) {
+		(my $s, my $i) = split /\\/, $r;
+		my $a = $1 if $i =~ /^.*?:.*?:\w+\((\w+)\)/;
+		$i =~ s/^(.*?:.*?:\w+)\(\w+\)/$1/;
+		$r{$a} = $s."\\".$i;
+		$rsyms{$s} = 1;
+	}
+
+	foreach $sym (@symbols) {
+		(my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
+		next if $i =~ /^.*?:.*?:\w+\(\w+\)/;
+		next if defined($rsyms{$sym});
+		die "ERROR: Symbol $sym had no info attached to it."
+		    if $i eq "";
+		if (!exists $nums{$s}) {
+			$new_syms++;
+			my $s2 = $s;
+			$s2 =~ s/\{[0-9]+\}$//;
+			printf OUT "%s%-39s %d\t%s\n","",$s2, ++$start_num,$i;
+			if (exists $r{$s}) {
+				($s, $i) = split /\\/,$r{$s};
+				$s =~ s/\{[0-9]+\}$//;
+				printf OUT "%s%-39s %d\t%s\n","",$s, $start_num,$i;
+			}
+		}
+	}
+	if($new_syms) {
+		print STDERR "$new_syms New symbols added\n";
+	} else {
+		print STDERR "No New symbols Added\n";
+	}
+}
+
+sub check_existing
+{
+	(*nums, my @symbols)=@_;
+	my %existing; my @remaining;
+	@remaining=();
+	foreach $sym (@symbols) {
+		(my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
+		$existing{$s}=1;
+	}
+	foreach $sym (keys %nums) {
+		if (!exists $existing{$sym}) {
+			push @remaining, $sym;
+		}
+	}
+	if(@remaining) {
+		print STDERR "The following symbols do not seem to exist:\n";
+		foreach $sym (@remaining) {
+			print STDERR "\t",$sym,"\n";
+		}
+	}
+}
+

Deleted: vendor-crypto/openssl/1.0.1u/util/pl/BC-32.pl
===================================================================
--- vendor-crypto/openssl/dist/util/pl/BC-32.pl	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/util/pl/BC-32.pl	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,139 +0,0 @@
-#!/usr/local/bin/perl
-# Borland C++ builder 3 and 4 -- Janez Jere <jj at void.si>
-#
-
-$ssl=	"ssleay32";
-$crypto="libeay32";
-
-$o='\\';
-$cp='copy';
-$rm='del';
-
-# C compiler stuff
-$cc='bcc32';
-$lflags="-ap -Tpe -x -Gn ";
-$mlflags='';
-
-$out_def="out32";
-$tmp_def="tmp32";
-$inc_def="inc32";
-#enable max error messages, disable most common warnings
-$cflags="-DWIN32_LEAN_AND_MEAN -q -w-ccc -w-rch -w-pia -w-aus -w-par -w-inl  -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp -D_strnicmp=strnicmp -D_timeb=timeb -D_ftime=ftime ";
-if ($debug)
-{
-    $cflags.="-Od -y -v -vi- -D_DEBUG";
-    $mlflags.=' ';
-}
-else
-{
-    $cflags.="-O2 -ff -fp";
-}
-
-$obj='.obj';
-$ofile="-o";
-
-# EXE linking stuff
-$link="ilink32";
-$efile="";
-$exep='.exe';
-if ($no_sock)
-	{ $ex_libs=""; }
-else	{ $ex_libs="cw32mt.lib import32.lib crypt32.lib ws2_32.lib"; }
-
-# static library stuff
-$mklib='tlib /P64';
-$ranlib='';
-$plib="";
-$libp=".lib";
-$shlibp=($shlib)?".dll":".lib";
-$lfile='';
-
-$shlib_ex_obj="";
-$app_ex_obj="c0x32.obj"; 
-
-$asm=(`nasm -v 2>NUL` ge `nasmw -v 2>NUL`?"nasm":"nasmw")." -f obj -d__omf__";
-$asm.=" -g" if $debug;
-$afile='-o';
-
-$bn_mulw_obj='';
-$bn_mulw_src='';
-$des_enc_obj='';
-$des_enc_src='';
-$bf_enc_obj='';
-$bf_enc_src='';
-
-if (!$no_asm)
-	{
-	$bn_mulw_obj='crypto\bn\asm\bn_win32.obj';
-	$bn_mulw_src='crypto\bn\asm\bn_win32.asm';
-	$des_enc_obj='crypto\des\asm\d_win32.obj crypto\des\asm\y_win32.obj';
-	$des_enc_src='crypto\des\asm\d_win32.asm crypto\des\asm\y_win32.asm';
-	$bf_enc_obj='crypto\bf\asm\b_win32.obj';
-	$bf_enc_src='crypto\bf\asm\b_win32.asm';
-	$cast_enc_obj='crypto\cast\asm\c_win32.obj';
-	$cast_enc_src='crypto\cast\asm\c_win32.asm';
-	$rc4_enc_obj='crypto\rc4\asm\r4_win32.obj';
-	$rc4_enc_src='crypto\rc4\asm\r4_win32.asm';
-	$rc5_enc_obj='crypto\rc5\asm\r5_win32.obj';
-	$rc5_enc_src='crypto\rc5\asm\r5_win32.asm';
-	$md5_asm_obj='crypto\md5\asm\m5_win32.obj';
-	$md5_asm_src='crypto\md5\asm\m5_win32.asm';
-	$sha1_asm_obj='crypto\sha\asm\s1_win32.obj';
-	$sha1_asm_src='crypto\sha\asm\s1_win32.asm';
-	$rmd160_asm_obj='crypto\ripemd\asm\rm_win32.obj';
-	$rmd160_asm_src='crypto\ripemd\asm\rm_win32.asm';
-	$cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM";
-	}
-
-if ($shlib)
-	{
-	$mlflags.=" $lflags /dll";
-#	$cflags =~ s| /MD| /MT|;
-	$lib_cflag=" /GD -D_WINDLL -D_DLL";
-	$out_def="out32dll";
-	$tmp_def="tmp32dll";
-	}
-
-sub do_lib_rule
-	{
-	local($objs,$target,$name,$shlib)=@_;
-	local($ret,$Name);
-
-	$taget =~ s/\//$o/g if $o ne '/';
-	($Name=$name) =~ tr/a-z/A-Z/;
-
-#	$target="\$(LIB_D)$o$target";
-	$ret.="$target: $objs\n";
-	if (!$shlib)
-		{
-		$ret.=<<___;
-	-\$(RM) $lfile$target
-	\$(MKLIB) $lfile$target \@&&!
-+\$(**: = &^
-+)
-!
-___
-		}
-	else
-		{
-		local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
-		$ex.=' ws2_32.lib gdi32.lib';
-		$ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n  \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
-		}
-	$ret.="\n";
-	return($ret);
-	}
-
-sub do_link_rule
-	{
-	local($target,$files,$dep_libs,$libs)=@_;
-	local($ret,$_);
-	
-	$file =~ s/\//$o/g if $o ne '/';
-	$n=&bname($target);
-	$ret.="$target: $files $dep_libs\n";
-	$ret.="\t\$(LINK) \$(LFLAGS) $files \$(APP_EX_OBJ), $target,, $libs\n\n";
-	return($ret);
-	}
-
-1;

Copied: vendor-crypto/openssl/1.0.1u/util/pl/BC-32.pl (from rev 11605, vendor-crypto/openssl/dist/util/pl/BC-32.pl)
===================================================================
--- vendor-crypto/openssl/1.0.1u/util/pl/BC-32.pl	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/util/pl/BC-32.pl	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,139 @@
+#!/usr/local/bin/perl
+# Borland C++ builder 3 and 4 -- Janez Jere <jj at void.si>
+#
+
+$ssl=	"ssleay32";
+$crypto="libeay32";
+
+$o='\\';
+$cp='copy';
+$rm='del';
+
+# C compiler stuff
+$cc='bcc32';
+$lflags="-ap -Tpe -x -Gn ";
+$mlflags='';
+
+$out_def="out32";
+$tmp_def="tmp32";
+$inc_def="inc32";
+#enable max error messages, disable most common warnings
+$cflags="-DWIN32_LEAN_AND_MEAN -q -w-ccc -w-rch -w-pia -w-aus -w-par -w-inl  -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp -D_strnicmp=strnicmp -D_timeb=timeb -D_ftime=ftime ";
+if ($debug)
+{
+    $cflags.="-Od -y -v -vi- -D_DEBUG";
+    $mlflags.=' ';
+}
+else
+{
+    $cflags.="-O2 -ff -fp";
+}
+
+$obj='.obj';
+$ofile="-o";
+
+# EXE linking stuff
+$link="ilink32";
+$efile="";
+$exep='.exe';
+if ($no_sock)
+	{ $ex_libs=""; }
+else	{ $ex_libs="cw32mt.lib import32.lib crypt32.lib ws2_32.lib"; }
+
+# static library stuff
+$mklib='tlib /P64';
+$ranlib='';
+$plib="";
+$libp=".lib";
+$shlibp=($shlib)?".dll":".lib";
+$lfile='';
+
+$shlib_ex_obj="";
+$app_ex_obj="c0x32.obj"; 
+
+$asm=(`nasm -v 2>NUL` ge `nasmw -v 2>NUL`?"nasm":"nasmw")." -f obj -d__omf__";
+$asm.=" -g" if $debug;
+$afile='-o';
+
+$bn_mulw_obj='';
+$bn_mulw_src='';
+$des_enc_obj='';
+$des_enc_src='';
+$bf_enc_obj='';
+$bf_enc_src='';
+
+if (!$no_asm)
+	{
+	$bn_mulw_obj='crypto\bn\asm\bn_win32.obj';
+	$bn_mulw_src='crypto\bn\asm\bn_win32.asm';
+	$des_enc_obj='crypto\des\asm\d_win32.obj crypto\des\asm\y_win32.obj';
+	$des_enc_src='crypto\des\asm\d_win32.asm crypto\des\asm\y_win32.asm';
+	$bf_enc_obj='crypto\bf\asm\b_win32.obj';
+	$bf_enc_src='crypto\bf\asm\b_win32.asm';
+	$cast_enc_obj='crypto\cast\asm\c_win32.obj';
+	$cast_enc_src='crypto\cast\asm\c_win32.asm';
+	$rc4_enc_obj='crypto\rc4\asm\r4_win32.obj';
+	$rc4_enc_src='crypto\rc4\asm\r4_win32.asm';
+	$rc5_enc_obj='crypto\rc5\asm\r5_win32.obj';
+	$rc5_enc_src='crypto\rc5\asm\r5_win32.asm';
+	$md5_asm_obj='crypto\md5\asm\m5_win32.obj';
+	$md5_asm_src='crypto\md5\asm\m5_win32.asm';
+	$sha1_asm_obj='crypto\sha\asm\s1_win32.obj';
+	$sha1_asm_src='crypto\sha\asm\s1_win32.asm';
+	$rmd160_asm_obj='crypto\ripemd\asm\rm_win32.obj';
+	$rmd160_asm_src='crypto\ripemd\asm\rm_win32.asm';
+	$cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM";
+	}
+
+if ($shlib)
+	{
+	$mlflags.=" $lflags /dll";
+#	$cflags =~ s| /MD| /MT|;
+	$lib_cflag=" /GD -D_WINDLL -D_DLL";
+	$out_def="out32dll";
+	$tmp_def="tmp32dll";
+	}
+
+sub do_lib_rule
+	{
+	local($objs,$target,$name,$shlib)=@_;
+	local($ret,$Name);
+
+	$taget =~ s/\//$o/g if $o ne '/';
+	($Name=$name) =~ tr/a-z/A-Z/;
+
+#	$target="\$(LIB_D)$o$target";
+	$ret.="$target: $objs\n";
+	if (!$shlib)
+		{
+		$ret.=<<___;
+	-\$(RM) $lfile$target
+	\$(MKLIB) $lfile$target \@&&!
++\$(**: = &^
++)
+!
+___
+		}
+	else
+		{
+		local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
+		$ex.=' ws2_32.lib gdi32.lib';
+		$ret.="\t\$(LINK_CMD) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n  \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
+		}
+	$ret.="\n";
+	return($ret);
+	}
+
+sub do_link_rule
+	{
+	local($target,$files,$dep_libs,$libs)=@_;
+	local($ret,$_);
+	
+	$file =~ s/\//$o/g if $o ne '/';
+	$n=&bname($target);
+	$ret.="$target: $files $dep_libs\n";
+	$ret.="\t\$(LINK_CMD) \$(LFLAGS) $files \$(APP_EX_OBJ), $target,, $libs\n\n";
+	return($ret);
+	}
+
+1;

Deleted: vendor-crypto/openssl/1.0.1u/util/pl/Mingw32.pl
===================================================================
--- vendor-crypto/openssl/dist/util/pl/Mingw32.pl	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/util/pl/Mingw32.pl	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,104 +0,0 @@
-#!/usr/local/bin/perl
-#
-# Mingw32.pl -- Mingw
-#
-
-$o='/';
-$cp='cp';
-$rm='rm -f';
-$mkdir='gmkdir';
-
-$o='\\';
-$cp='copy';
-$rm='del';
-$mkdir='mkdir';
-
-# C compiler stuff
-
-$cc='gcc';
-if ($debug)
-	{ $cflags="-DL_ENDIAN -DDSO_WIN32 -g2 -ggdb"; }
-else
-	{ $cflags="-DL_ENDIAN -DDSO_WIN32 -fomit-frame-pointer -O3 -mcpu=i486 -Wall"; }
-
-if ($gaswin and !$no_asm)
-	{
-        $bn_asm_obj='$(OBJ_D)\bn-win32.o';
-        $bn_asm_src='crypto/bn/asm/bn-win32.s';
-        $bnco_asm_obj='$(OBJ_D)\co-win32.o';
-        $bnco_asm_src='crypto/bn/asm/co-win32.s';
-        $des_enc_obj='$(OBJ_D)\d-win32.o $(OBJ_D)\y-win32.o';
-        $des_enc_src='crypto/des/asm/d-win32.s crypto/des/asm/y-win32.s';
-        $bf_enc_obj='$(OBJ_D)\b-win32.o';
-        $bf_enc_src='crypto/bf/asm/b-win32.s';
-#       $cast_enc_obj='$(OBJ_D)\c-win32.o';
-#       $cast_enc_src='crypto/cast/asm/c-win32.s';
-        $rc4_enc_obj='$(OBJ_D)\r4-win32.o';
-        $rc4_enc_src='crypto/rc4/asm/r4-win32.s';
-        $rc5_enc_obj='$(OBJ_D)\r5-win32.o';
-        $rc5_enc_src='crypto/rc5/asm/r5-win32.s';
-        $md5_asm_obj='$(OBJ_D)\m5-win32.o';
-        $md5_asm_src='crypto/md5/asm/m5-win32.s';
-        $rmd160_asm_obj='$(OBJ_D)\rm-win32.o';
-        $rmd160_asm_src='crypto/ripemd/asm/rm-win32.s';
-        $sha1_asm_obj='$(OBJ_D)\s1-win32.o';
-        $sha1_asm_src='crypto/sha/asm/s1-win32.s';
-	$cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DOPENSSL_BN_ASM_PART_WORDS";
-	}
-
-
-$obj='.o';
-$ofile='-o ';
-
-# EXE linking stuff
-$link='${CC}';
-$lflags='${CFLAGS}';
-$efile='-o ';
-$exep='';
-$ex_libs="-lws2_32 -lgdi32";
-
-# static library stuff
-$mklib='ar r';
-$mlflags='';
-$ranlib='ranlib';
-$plib='lib';
-$libp=".a";
-$shlibp=".a";
-$lfile='';
-
-$asm='as';
-$afile='-o ';
-#$bn_asm_obj="";
-#$bn_asm_src="";
-#$des_enc_obj="";
-#$des_enc_src="";
-#$bf_enc_obj="";
-#$bf_enc_src="";
-
-sub do_lib_rule
-	{
-	local($obj,$target,$name,$shlib)=@_;
-	local($ret,$_,$Name);
-
-	$target =~ s/\//$o/g if $o ne '/';
-	$target="$target";
-	($Name=$name) =~ tr/a-z/A-Z/;
-
-	$ret.="$target: \$(${Name}OBJ)\n";
-	$ret.="\tif exist $target \$(RM) $target\n";
-	$ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n";
-	$ret.="\t\$(RANLIB) $target\n\n";
-	}
-
-sub do_link_rule
-	{
-	local($target,$files,$dep_libs,$libs)=@_;
-	local($ret,$_);
-	
-	$file =~ s/\//$o/g if $o ne '/';
-	$n=&bname($target);
-	$ret.="$target: $files $dep_libs\n";
-	$ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n";
-	return($ret);
-	}
-1;

Copied: vendor-crypto/openssl/1.0.1u/util/pl/Mingw32.pl (from rev 11605, vendor-crypto/openssl/dist/util/pl/Mingw32.pl)
===================================================================
--- vendor-crypto/openssl/1.0.1u/util/pl/Mingw32.pl	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/util/pl/Mingw32.pl	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,104 @@
+#!/usr/local/bin/perl
+#
+# Mingw32.pl -- Mingw
+#
+
+$o='/';
+$cp='cp';
+$rm='rm -f';
+$mkdir='gmkdir';
+
+$o='\\';
+$cp='copy';
+$rm='del';
+$mkdir='mkdir';
+
+# C compiler stuff
+
+$cc='gcc';
+if ($debug)
+	{ $cflags="-DL_ENDIAN -DDSO_WIN32 -g2 -ggdb"; }
+else
+	{ $cflags="-DL_ENDIAN -DDSO_WIN32 -fomit-frame-pointer -O3 -mcpu=i486 -Wall"; }
+
+if ($gaswin and !$no_asm)
+	{
+        $bn_asm_obj='$(OBJ_D)\bn-win32.o';
+        $bn_asm_src='crypto/bn/asm/bn-win32.s';
+        $bnco_asm_obj='$(OBJ_D)\co-win32.o';
+        $bnco_asm_src='crypto/bn/asm/co-win32.s';
+        $des_enc_obj='$(OBJ_D)\d-win32.o $(OBJ_D)\y-win32.o';
+        $des_enc_src='crypto/des/asm/d-win32.s crypto/des/asm/y-win32.s';
+        $bf_enc_obj='$(OBJ_D)\b-win32.o';
+        $bf_enc_src='crypto/bf/asm/b-win32.s';
+#       $cast_enc_obj='$(OBJ_D)\c-win32.o';
+#       $cast_enc_src='crypto/cast/asm/c-win32.s';
+        $rc4_enc_obj='$(OBJ_D)\r4-win32.o';
+        $rc4_enc_src='crypto/rc4/asm/r4-win32.s';
+        $rc5_enc_obj='$(OBJ_D)\r5-win32.o';
+        $rc5_enc_src='crypto/rc5/asm/r5-win32.s';
+        $md5_asm_obj='$(OBJ_D)\m5-win32.o';
+        $md5_asm_src='crypto/md5/asm/m5-win32.s';
+        $rmd160_asm_obj='$(OBJ_D)\rm-win32.o';
+        $rmd160_asm_src='crypto/ripemd/asm/rm-win32.s';
+        $sha1_asm_obj='$(OBJ_D)\s1-win32.o';
+        $sha1_asm_src='crypto/sha/asm/s1-win32.s';
+	$cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DOPENSSL_BN_ASM_PART_WORDS";
+	}
+
+
+$obj='.o';
+$ofile='-o ';
+
+# EXE linking stuff
+$link='${CC}';
+$lflags='${CFLAGS}';
+$efile='-o ';
+$exep='';
+$ex_libs="-lws2_32 -lgdi32";
+
+# static library stuff
+$mklib='ar r';
+$mlflags='';
+$ranlib='ranlib';
+$plib='lib';
+$libp=".a";
+$shlibp=".a";
+$lfile='';
+
+$asm='as';
+$afile='-o ';
+#$bn_asm_obj="";
+#$bn_asm_src="";
+#$des_enc_obj="";
+#$des_enc_src="";
+#$bf_enc_obj="";
+#$bf_enc_src="";
+
+sub do_lib_rule
+	{
+	local($obj,$target,$name,$shlib)=@_;
+	local($ret,$_,$Name);
+
+	$target =~ s/\//$o/g if $o ne '/';
+	$target="$target";
+	($Name=$name) =~ tr/a-z/A-Z/;
+
+	$ret.="$target: \$(${Name}OBJ)\n";
+	$ret.="\tif exist $target \$(RM) $target\n";
+	$ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n";
+	$ret.="\t\$(RANLIB) $target\n\n";
+	}
+
+sub do_link_rule
+	{
+	local($target,$files,$dep_libs,$libs)=@_;
+	local($ret,$_);
+	
+	$file =~ s/\//$o/g if $o ne '/';
+	$n=&bname($target);
+	$ret.="$target: $files $dep_libs\n";
+	$ret.="\t\$(LINK_CMD) ${efile}$target \$(LFLAGS) $files $libs\n\n";
+	return($ret);
+	}
+1;

Deleted: vendor-crypto/openssl/1.0.1u/util/pl/OS2-EMX.pl
===================================================================
--- vendor-crypto/openssl/dist/util/pl/OS2-EMX.pl	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/util/pl/OS2-EMX.pl	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,120 +0,0 @@
-#!/usr/local/bin/perl
-#
-# OS2-EMX.pl - for EMX GCC on OS/2
-#
-
-$o='/';
-$cp='cp';
-$rm='rm -f';
-
-$preamble = "SHELL=sh\n";
-
-# C compiler stuff
-
-$cc='gcc';
-$cflags="-DL_ENDIAN -O3 -fomit-frame-pointer -m486 -Zmtd -Wall ";
-$cflags.="-Zomf " if $shlib;
-$shl_cflag="-Zdll";
-
-if ($debug) { 
-	$cflags.="-g "; 
-}
-
-$obj=$shlib ? '.obj' : '.o';
-$ofile='-o ';
-
-# EXE linking stuff
-$link='${CC}';
-$lflags='${CFLAGS} -Zbsd-signals -s';
-$efile='-o ';
-$exep='.exe';
-$ex_libs="-lsocket";
-
-# static library stuff
-$mklib='ar r';
-$mlflags='';
-$ranlib="ar s";
-$plib='';
-$libp=$shlib ? ".lib" : ".a";
-$shlibp=$shlib ? ".dll" : ".a";
-$lfile='';
-
-$asm=$shlib ? 'as -Zomf' : 'as';
-$afile='-o ';
-$bn_asm_obj="";
-$bn_asm_src="";
-$des_enc_obj="";
-$des_enc_src="";
-$bf_enc_obj="";
-$bf_enc_src="";
-
-if (!$no_asm)
-	{
-	$bn_asm_obj="crypto/bn/asm/bn-os2$obj crypto/bn/asm/co-os2$obj";
-	$bn_asm_src="crypto/bn/asm/bn-os2.asm crypto/bn/asm/co-os2.asm";
-	$des_enc_obj="crypto/des/asm/d-os2$obj crypto/des/asm/y-os2$obj";
-	$des_enc_src="crypto/des/asm/d-os2.asm crypto/des/asm/y-os2.asm";
-	$bf_enc_obj="crypto/bf/asm/b-os2$obj";
-	$bf_enc_src="crypto/bf/asm/b-os2.asm";
-	$cast_enc_obj="crypto/cast/asm/c-os2$obj";
-	$cast_enc_src="crypto/cast/asm/c-os2.asm";
-	$rc4_enc_obj="crypto/rc4/asm/r4-os2$obj";
-	$rc4_enc_src="crypto/rc4/asm/r4-os2.asm";
-	$rc5_enc_obj="crypto/rc5/asm/r5-os2$obj";
-	$rc5_enc_src="crypto/rc5/asm/r5-os2.asm";
-	$md5_asm_obj="crypto/md5/asm/m5-os2$obj";
-	$md5_asm_src="crypto/md5/asm/m5-os2.asm";
-	$sha1_asm_obj="crypto/sha/asm/s1-os2$obj";
-	$sha1_asm_src="crypto/sha/asm/s1-os2.asm";
-	$rmd160_asm_obj="crypto/ripemd/asm/rm-os2$obj";
-	$rmd160_asm_src="crypto/ripemd/asm/rm-os2.asm";
-	$cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DOPENSSL_BN_ASM_PART_WORDS";
-	}
-
-if ($shlib)
-	{
-	$mlflags.=" $lflags -Zdll";
-	$lib_cflag=" -D_DLL";
-	$out_def="out_dll";
-	$tmp_def="tmp_dll";
-	}
-
-sub do_lib_rule
-	{
-	local($obj,$target,$name,$shlib)=@_;
-	local($ret,$_,$Name);
-
-	$target =~ s/\//$o/g if $o ne '/';
-	$target="$target";
-	($Name=$name) =~ tr/a-z/A-Z/;
-
-	$ret.="$target: \$(${Name}OBJ)\n";
-	if (!$shlib) 
-		{
-		$ret.="\t\$(RM) $target\n";
-		$ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n";
-		$ret.="\t\$(RANLIB) $target\n\n";
-		}
-	else
-		{
-		local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
-		$ex.=' -lsocket';
-		$ret.="\t\$(LINK) \$(SHLIB_CFLAGS) \$(MLFLAGS) $efile$target \$(SHLIB_EX_OBJ) \$(${Name}OBJ) $ex os2/${Name}.def\n";
-		$ret.="\temximp -o $out_def/$name.a os2/${Name}.def\n";
-		$ret.="\temximp -o $out_def/$name.lib os2/${Name}.def\n\n";
-		}
-	}
-
-sub do_link_rule
-	{
-	local($target,$files,$dep_libs,$libs)=@_;
-	local($ret,$_);
-	
-	$file =~ s/\//$o/g if $o ne '/';
-	$n=&bname($target);
-	$ret.="$target: $files $dep_libs\n";
-	$ret.="\t\$(LINK) ${efile}$target \$(CFLAG) \$(LFLAGS) $files $libs\n\n";
-	return($ret);
-	}
-
-1;

Copied: vendor-crypto/openssl/1.0.1u/util/pl/OS2-EMX.pl (from rev 11605, vendor-crypto/openssl/dist/util/pl/OS2-EMX.pl)
===================================================================
--- vendor-crypto/openssl/1.0.1u/util/pl/OS2-EMX.pl	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/util/pl/OS2-EMX.pl	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,120 @@
+#!/usr/local/bin/perl
+#
+# OS2-EMX.pl - for EMX GCC on OS/2
+#
+
+$o='/';
+$cp='cp';
+$rm='rm -f';
+
+$preamble = "SHELL=sh\n";
+
+# C compiler stuff
+
+$cc='gcc';
+$cflags="-DL_ENDIAN -O3 -fomit-frame-pointer -m486 -Zmtd -Wall ";
+$cflags.="-Zomf " if $shlib;
+$shl_cflag="-Zdll";
+
+if ($debug) { 
+	$cflags.="-g "; 
+}
+
+$obj=$shlib ? '.obj' : '.o';
+$ofile='-o ';
+
+# EXE linking stuff
+$link='${CC}';
+$lflags='${CFLAGS} -Zbsd-signals -s';
+$efile='-o ';
+$exep='.exe';
+$ex_libs="-lsocket";
+
+# static library stuff
+$mklib='ar r';
+$mlflags='';
+$ranlib="ar s";
+$plib='';
+$libp=$shlib ? ".lib" : ".a";
+$shlibp=$shlib ? ".dll" : ".a";
+$lfile='';
+
+$asm=$shlib ? 'as -Zomf' : 'as';
+$afile='-o ';
+$bn_asm_obj="";
+$bn_asm_src="";
+$des_enc_obj="";
+$des_enc_src="";
+$bf_enc_obj="";
+$bf_enc_src="";
+
+if (!$no_asm)
+	{
+	$bn_asm_obj="crypto/bn/asm/bn-os2$obj crypto/bn/asm/co-os2$obj";
+	$bn_asm_src="crypto/bn/asm/bn-os2.asm crypto/bn/asm/co-os2.asm";
+	$des_enc_obj="crypto/des/asm/d-os2$obj crypto/des/asm/y-os2$obj";
+	$des_enc_src="crypto/des/asm/d-os2.asm crypto/des/asm/y-os2.asm";
+	$bf_enc_obj="crypto/bf/asm/b-os2$obj";
+	$bf_enc_src="crypto/bf/asm/b-os2.asm";
+	$cast_enc_obj="crypto/cast/asm/c-os2$obj";
+	$cast_enc_src="crypto/cast/asm/c-os2.asm";
+	$rc4_enc_obj="crypto/rc4/asm/r4-os2$obj";
+	$rc4_enc_src="crypto/rc4/asm/r4-os2.asm";
+	$rc5_enc_obj="crypto/rc5/asm/r5-os2$obj";
+	$rc5_enc_src="crypto/rc5/asm/r5-os2.asm";
+	$md5_asm_obj="crypto/md5/asm/m5-os2$obj";
+	$md5_asm_src="crypto/md5/asm/m5-os2.asm";
+	$sha1_asm_obj="crypto/sha/asm/s1-os2$obj";
+	$sha1_asm_src="crypto/sha/asm/s1-os2.asm";
+	$rmd160_asm_obj="crypto/ripemd/asm/rm-os2$obj";
+	$rmd160_asm_src="crypto/ripemd/asm/rm-os2.asm";
+	$cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DOPENSSL_BN_ASM_PART_WORDS";
+	}
+
+if ($shlib)
+	{
+	$mlflags.=" $lflags -Zdll";
+	$lib_cflag=" -D_DLL";
+	$out_def="out_dll";
+	$tmp_def="tmp_dll";
+	}
+
+sub do_lib_rule
+	{
+	local($obj,$target,$name,$shlib)=@_;
+	local($ret,$_,$Name);
+
+	$target =~ s/\//$o/g if $o ne '/';
+	$target="$target";
+	($Name=$name) =~ tr/a-z/A-Z/;
+
+	$ret.="$target: \$(${Name}OBJ)\n";
+	if (!$shlib) 
+		{
+		$ret.="\t\$(RM) $target\n";
+		$ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n";
+		$ret.="\t\$(RANLIB) $target\n\n";
+		}
+	else
+		{
+		local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
+		$ex.=' -lsocket';
+		$ret.="\t\$(LINK_CMD) \$(SHLIB_CFLAGS) \$(MLFLAGS) $efile$target \$(SHLIB_EX_OBJ) \$(${Name}OBJ) $ex os2/${Name}.def\n";
+		$ret.="\temximp -o $out_def/$name.a os2/${Name}.def\n";
+		$ret.="\temximp -o $out_def/$name.lib os2/${Name}.def\n\n";
+		}
+	}
+
+sub do_link_rule
+	{
+	local($target,$files,$dep_libs,$libs)=@_;
+	local($ret,$_);
+	
+	$file =~ s/\//$o/g if $o ne '/';
+	$n=&bname($target);
+	$ret.="$target: $files $dep_libs\n";
+	$ret.="\t\$(LINK_CMD) ${efile}$target \$(CFLAG) \$(LFLAGS) $files $libs\n\n";
+	return($ret);
+	}
+
+1;

Deleted: vendor-crypto/openssl/1.0.1u/util/pl/VC-32.pl
===================================================================
--- vendor-crypto/openssl/dist/util/pl/VC-32.pl	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/util/pl/VC-32.pl	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,403 +0,0 @@
-#!/usr/local/bin/perl
-# VC-32.pl - unified script for Microsoft Visual C++, covering Win32,
-# Win64 and WinCE [follow $FLAVOR variable to trace the differences].
-#
-
-$ssl=	"ssleay32";
-$crypto="libeay32";
-
-if ($fips && !$shlib)
-	{
-	$crypto="libeayfips32";
-	$crypto_compat = "libeaycompat32.lib";
-	}
-else
-	{
-	$crypto="libeay32";
-	}
-
-$o='\\';
-$cp='$(PERL) util/copy.pl';
-$mkdir='$(PERL) util/mkdir-p.pl';
-$rm='del /Q';
-
-$zlib_lib="zlib1.lib";
-
-# Santize -L options for ms link
-$l_flags =~ s/-L("\[^"]+")/\/libpath:$1/g;
-$l_flags =~ s/-L(\S+)/\/libpath:$1/g;
-
-my $ff = "";
-
-# C compiler stuff
-$cc='cl';
-if ($FLAVOR =~ /WIN64/)
-    {
-    # Note that we currently don't have /WX on Win64! There is a lot of
-    # warnings, but only of two types:
-    #
-    # C4344: conversion from '__int64' to 'int/long', possible loss of data
-    # C4267: conversion from 'size_t' to 'int/long', possible loss of data
-    #
-    # Amount of latter type is minimized by aliasing strlen to function of
-    # own desing and limiting its return value to 2GB-1 (see e_os.h). As
-    # per 0.9.8 release remaining warnings were explicitly examined and
-    # considered safe to ignore.
-    # 
-    $base_cflags= " $mf_cflag";
-    my $f = $shlib || $fips ?' /MD':' /MT';
-    $lib_cflag='/Zl' if (!$shlib);	# remove /DEFAULTLIBs from static lib
-    $opt_cflags=$f.' /Ox';
-    $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG';
-    $lflags="/nologo /subsystem:console /opt:ref";
-
-    *::perlasm_compile_target = sub {
-	my ($target,$source,$bname)=@_;
-	my $ret;
-
-	$bname =~ s/(.*)\.[^\.]$/$1/;
-	$ret=<<___;
-\$(TMP_D)$o$bname.asm: $source
-	set ASM=\$(ASM)
-	\$(PERL) $source \$\@
-
-$target: \$(TMP_D)$o$bname.asm
-	\$(ASM) $afile\$\@ \$(TMP_D)$o$bname.asm
-
-___
-	}
-    }
-elsif ($FLAVOR =~ /CE/)
-    {
-    # sanity check
-    die '%OSVERSION% is not defined'	if (!defined($ENV{'OSVERSION'}));
-    die '%PLATFORM% is not defined'	if (!defined($ENV{'PLATFORM'}));
-    die '%TARGETCPU% is not defined'	if (!defined($ENV{'TARGETCPU'}));
-
-    #
-    # Idea behind this is to mimic flags set by eVC++ IDE...
-    #
-    $wcevers = $ENV{'OSVERSION'};			# WCENNN
-    die '%OSVERSION% value is insane'	if ($wcevers !~ /^WCE([1-9])([0-9]{2})$/);
-    $wcecdefs = "-D_WIN32_WCE=$1$2 -DUNDER_CE=$1$2";	# -D_WIN32_WCE=NNN
-    $wcelflag = "/subsystem:windowsce,$1.$2";		# ...,N.NN
-
-    $wceplatf =  $ENV{'PLATFORM'};
-    $wceplatf =~ tr/a-z0-9 /A-Z0-9_/d;
-    $wcecdefs .= " -DWCE_PLATFORM_$wceplatf";
-
-    $wcetgt = $ENV{'TARGETCPU'};	# just shorter name...
-    SWITCH: for($wcetgt) {
-	/^X86/		&& do {	$wcecdefs.=" -Dx86 -D_X86_ -D_i386_ -Di_386_";
-				$wcelflag.=" /machine:IX86";	last; };
-	/^ARMV4[IT]/	&& do { $wcecdefs.=" -DARM -D_ARM_ -D$wcetgt";
-				$wcecdefs.=" -DTHUMB -D_THUMB_" if($wcetgt=~/T$/);
-				$wcecdefs.=" -QRarch4T -QRinterwork-return";
-				$wcelflag.=" /machine:THUMB";	last; };
-	/^ARM/		&& do {	$wcecdefs.=" -DARM -D_ARM_ -D$wcetgt";
-				$wcelflag.=" /machine:ARM";	last; };
-	/^MIPSIV/	&& do {	$wcecdefs.=" -DMIPS -D_MIPS_ -DR4000 -D$wcetgt";
-				$wcecdefs.=" -D_MIPS64 -QMmips4 -QMn32";
-				$wcelflag.=" /machine:MIPSFPU";	last; };
-	/^MIPS16/	&& do {	$wcecdefs.=" -DMIPS -D_MIPS_ -DR4000 -D$wcetgt";
-				$wcecdefs.=" -DMIPSII -QMmips16";
-				$wcelflag.=" /machine:MIPS16";	last; };
-	/^MIPSII/	&& do {	$wcecdefs.=" -DMIPS -D_MIPS_ -DR4000 -D$wcetgt";
-				$wcecdefs.=" -QMmips2";
-				$wcelflag.=" /machine:MIPS";	last; };
-	/^R4[0-9]{3}/	&& do {	$wcecdefs.=" -DMIPS -D_MIPS_ -DR4000";
-				$wcelflag.=" /machine:MIPS";	last; };
-	/^SH[0-9]/	&& do {	$wcecdefs.=" -D$wcetgt -D_$wcetgt_ -DSHx";
-				$wcecdefs.=" -Qsh4" if ($wcetgt =~ /^SH4/);
-				$wcelflag.=" /machine:$wcetgt";	last; };
-	{ $wcecdefs.=" -D$wcetgt -D_$wcetgt_";
-	  $wcelflag.=" /machine:$wcetgt";			last; };
-    }
-
-    $cc='$(CC)';
-    $base_cflags=' /W3 /WX /GF /Gy /nologo -DUNICODE -D_UNICODE -DOPENSSL_SYSNAME_WINCE -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DNO_CHMOD -DOPENSSL_SMALL_FOOTPRINT';
-    $base_cflags.=" $wcecdefs";
-    $base_cflags.=' -I$(WCECOMPAT)/include'		if (defined($ENV{'WCECOMPAT'}));
-    $base_cflags.=' -I$(PORTSDK_LIBPATH)/../../include'	if (defined($ENV{'PORTSDK_LIBPATH'}));
-    $opt_cflags=' /MC /O1i';	# optimize for space, but with intrinsics...
-    $dbg_cflags=' /MC /Od -DDEBUG -D_DEBUG';
-    $lflags="/nologo /opt:ref $wcelflag";
-    }
-else	# Win32
-    {
-    $base_cflags= " $mf_cflag";
-    my $f = $shlib || $fips ?' /MD':' /MT';
-    $lib_cflag='/Zl' if (!$shlib);	# remove /DEFAULTLIBs from static lib
-    $ff = "/fixed";
-    $opt_cflags=$f.' /Ox /O2 /Ob2';
-    $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG';
-    $lflags="/nologo /subsystem:console /opt:ref";
-    }
-$mlflags='';
-
-$out_def ="out32";	$out_def.="dll"			if ($shlib);
-			$out_def.='_$(TARGETCPU)'	if ($FLAVOR =~ /CE/);
-$tmp_def ="tmp32";	$tmp_def.="dll"			if ($shlib);
-			$tmp_def.='_$(TARGETCPU)'	if ($FLAVOR =~ /CE/);
-$inc_def="inc32";
-
-if ($debug)
-	{
-	$cflags=$dbg_cflags.$base_cflags;
-	}
-else
-	{
-	$cflags=$opt_cflags.$base_cflags;
-	}
-
-# generate symbols.pdb unconditionally
-$app_cflag.=" /Zi /Fd\$(TMP_D)/app";
-$lib_cflag.=" /Zi /Fd\$(TMP_D)/lib";
-$lflags.=" /debug";
-
-$obj='.obj';
-$asm_suffix='.asm';
-$ofile="/Fo";
-
-# EXE linking stuff
-$link="link";
-$rsc="rc";
-$efile="/out:";
-$exep='.exe';
-if ($no_sock)		{ $ex_libs=''; }
-elsif ($FLAVOR =~ /CE/)	{ $ex_libs='winsock.lib'; }
-else			{ $ex_libs='ws2_32.lib'; }
-
-if ($FLAVOR =~ /CE/)
-	{
-	$ex_libs.=' $(WCECOMPAT)/lib/wcecompatex.lib'	if (defined($ENV{'WCECOMPAT'}));
-	$ex_libs.=' $(PORTSDK_LIBPATH)/portlib.lib'	if (defined($ENV{'PORTSDK_LIBPATH'}));
-	$ex_libs.=' /nodefaultlib:oldnames.lib coredll.lib corelibc.lib' if ($ENV{'TARGETCPU'} eq "X86");
-	}
-else
-	{
-	$ex_libs.=' gdi32.lib advapi32.lib crypt32.lib user32.lib';
-	$ex_libs.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/ and `cl 2>&1` =~ /14\.00\.4[0-9]{4}\./);
-	# WIN32 UNICODE build gets linked with unicows.lib for
-	# backward compatibility with Win9x.
-	$ex_libs="unicows.lib $ex_libs" if ($FLAVOR =~ /WIN32/ and $cflags =~ /\-DUNICODE/);
-	}
-
-# static library stuff
-$mklib='lib /nologo';
-$ranlib='';
-$plib="";
-$libp=".lib";
-$shlibp=($shlib)?".dll":".lib";
-$lfile='/out:';
-
-$shlib_ex_obj="";
-$app_ex_obj="setargv.obj" if ($FLAVOR !~ /CE/);
-if ($FLAVOR =~ /WIN64A/) {
-	if (`nasm -v 2>NUL` =~ /NASM version ([0-9]+\.[0-9]+)/ && $1 >= 2.0) {
-		$asm='nasm -f win64 -DNEAR -Ox -g';
-		$afile='-o ';
-	} else {
-		$asm='ml64 /c /Cp /Cx /Zi';
-		$afile='/Fo';
-	}
-} elsif ($FLAVOR =~ /WIN64I/) {
-	$asm='ias -d debug';
-	$afile="-o ";
-} elsif ($nasm) {
-	my $ver=`nasm -v 2>NUL`;
-	my $vew=`nasmw -v 2>NUL`;
-	# pick newest version
-	$asm=($ver ge $vew?"nasm":"nasmw")." -f win32";
-	$asmtype="win32n";
-	$afile='-o ';
-} else {
-	$asm='ml /nologo /Cp /coff /c /Cx /Zi';
-	$afile='/Fo';
-	$asmtype="win32";
-}
-
-$bn_asm_obj='';
-$bn_asm_src='';
-$des_enc_obj='';
-$des_enc_src='';
-$bf_enc_obj='';
-$bf_enc_src='';
-
-if (!$no_asm)
-	{
-	win32_import_asm($mf_bn_asm, "bn", \$bn_asm_obj, \$bn_asm_src);
-	win32_import_asm($mf_aes_asm, "aes", \$aes_asm_obj, \$aes_asm_src);
-	win32_import_asm($mf_des_asm, "des", \$des_enc_obj, \$des_enc_src);
-	win32_import_asm($mf_bf_asm, "bf", \$bf_enc_obj, \$bf_enc_src);
-	win32_import_asm($mf_cast_asm, "cast", \$cast_enc_obj, \$cast_enc_src);
-	win32_import_asm($mf_rc4_asm, "rc4", \$rc4_enc_obj, \$rc4_enc_src);
-	win32_import_asm($mf_rc5_asm, "rc5", \$rc5_enc_obj, \$rc5_enc_src);
-	win32_import_asm($mf_md5_asm, "md5", \$md5_asm_obj, \$md5_asm_src);
-	win32_import_asm($mf_sha_asm, "sha", \$sha1_asm_obj, \$sha1_asm_src);
-	win32_import_asm($mf_rmd_asm, "ripemd", \$rmd160_asm_obj, \$rmd160_asm_src);
-	win32_import_asm($mf_wp_asm, "whrlpool", \$whirlpool_asm_obj, \$whirlpool_asm_src);
-	win32_import_asm($mf_cpuid_asm, "", \$cpuid_asm_obj, \$cpuid_asm_src);
-	$perl_asm = 1;
-	}
-
-if ($shlib && $FLAVOR !~ /CE/)
-	{
-	$mlflags.=" $lflags /dll";
-	$lib_cflag.=" -D_WINDLL";
-	#
-	# Engage Applink...
-	#
-	$app_ex_obj.=" \$(OBJ_D)\\applink.obj /implib:\$(TMP_D)\\junk.lib";
-	$cflags.=" -DOPENSSL_USE_APPLINK -I.";
-	# I'm open for better suggestions than overriding $banner...
-	$banner=<<'___';
-	@echo Building OpenSSL
-
-$(OBJ_D)\applink.obj:	ms\applink.c
-	$(CC) /Fo$(OBJ_D)\applink.obj $(APP_CFLAGS) -c ms\applink.c
-$(OBJ_D)\uplink.obj:	ms\uplink.c ms\applink.c
-	$(CC) /Fo$(OBJ_D)\uplink.obj $(SHLIB_CFLAGS) -c ms\uplink.c
-$(INCO_D)\applink.c:	ms\applink.c
-	$(CP) ms\applink.c $(INCO_D)\applink.c
-
-EXHEADER= $(EXHEADER) $(INCO_D)\applink.c
-
-LIBS_DEP=$(LIBS_DEP) $(OBJ_D)\applink.obj
-CRYPTOOBJ=$(OBJ_D)\uplink.obj $(CRYPTOOBJ)
-___
-	$banner.=<<'___' if ($FLAVOR =~ /WIN64/);
-CRYPTOOBJ=ms\uptable.obj $(CRYPTOOBJ)
-___
-	}
-elsif ($shlib && $FLAVOR =~ /CE/)
-	{
-	$mlflags.=" $lflags /dll";
-	$lflags.=' /entry:mainCRTstartup' if(defined($ENV{'PORTSDK_LIBPATH'}));
-	$lib_cflag.=" -D_WINDLL -D_DLL";
-	}
-
-sub do_lib_rule
-	{
-	my($objs,$target,$name,$shlib,$ign,$base_addr) = @_;
-	local($ret);
-
-	$taget =~ s/\//$o/g if $o ne '/';
-	my $base_arg;
-	if ($base_addr ne "")
-		{
-		$base_arg= " /base:$base_addr";
-		}
-	else
-		{
-		$base_arg = "";
-		}
-	if ($name ne "")
-		{
-		$name =~ tr/a-z/A-Z/;
-		$name = "/def:ms/${name}.def";
-		}
-
-#	$target="\$(LIB_D)$o$target";
-#	$ret.="$target: $objs\n";
-	if (!$shlib)
-		{
-#		$ret.="\t\$(RM) \$(O_$Name)\n";
-		$ret.="$target: $objs\n";
-		$ret.="\t\$(MKLIB) $lfile$target @<<\n  $objs\n<<\n";
-		}
-	else
-		{
-		local($ex)=($target =~ /O_CRYPTO/)?'':' $(L_CRYPTO)';
-		$ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/;
-
- 		if ($fips && $target =~ /O_CRYPTO/)
-			{
-			$ret.="$target: $objs \$(PREMAIN_DSO_EXE)";
-			$ret.="\n\tSET FIPS_LINK=\$(LINK)\n";
-			$ret.="\tSET FIPS_CC=\$(CC)\n";
-			$ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
-			$ret.="\tSET PREMAIN_DSO_EXE=\$(PREMAIN_DSO_EXE)\n";
-			$ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
-			$ret.="\tSET FIPS_TARGET=$target\n";
-			$ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
-			$ret.="\t\$(FIPSLINK) \$(MLFLAGS) $ff /map $base_arg $efile$target ";
-			$ret.="$name @<<\n  \$(SHLIB_EX_OBJ) $objs \$(EX_LIBS) ";
-			$ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n<<\n";
-			}
-		else
-			{
-			$ret.="$target: $objs";
-			$ret.="\n\t\$(LINK) \$(MLFLAGS) $efile$target $name @<<\n  \$(SHLIB_EX_OBJ) $objs $ex \$(EX_LIBS)\n<<\n";
-			}
-		$ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;2\n\n";
-		}
-	$ret.="\n";
-	return($ret);
-	}
-
-sub do_link_rule
-	{
-	my($target,$files,$dep_libs,$libs,$standalone)=@_;
-	local($ret,$_);
-	$file =~ s/\//$o/g if $o ne '/';
-	$n=&bname($target);
-	$ret.="$target: $files $dep_libs";
-	if ($standalone == 1)
-		{
-		$ret.=" \$(OBJ_D)${o}applink.obj\n";
-		$ret.="  \$(LINK) \$(LFLAGS) $efile$target @<<\n\t";
-		$ret.= "\$(EX_LIBS) \$(OBJ_D)${o}applink.obj " if ($files =~ /O_FIPSCANISTER/ && !$fipscanisterbuild);
-		$ret.="$files $libs\n<<\n";
-		}
-	elsif ($standalone == 2)
-		{
-		$ret.="\n";
-		$ret.="\tSET FIPS_LINK=\$(LINK)\n";
-		$ret.="\tSET FIPS_CC=\$(CC)\n";
-		$ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
-		$ret.="\tSET PREMAIN_DSO_EXE=\n";
-		$ret.="\tSET FIPS_TARGET=$target\n";
-		$ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
-		$ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
-		$ret.="\t\$(FIPSLINK) \$(LFLAGS) $ff /map $efile$target @<<\n";
-		$ret.="\t\$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n<<\n";
-		}
-	else
-		{
-		$ret.="\n";
-		$ret.="\t\$(LINK) \$(LFLAGS) $efile$target @<<\n";
-		$ret.="\t\$(APP_EX_OBJ) $files $libs\n<<\n";
-		}
-    	$ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;1\n\n";
-	return($ret);
-	}
-
-sub win32_import_asm
-	{
-	my ($mf_var, $asm_name, $oref, $sref) = @_;
-	my $asm_dir;
-	if ($asm_name eq "")
-		{
-		$asm_dir = "crypto\\";
-		}
-	else
-		{
-		$asm_dir = "crypto\\$asm_name\\asm\\";
-		}
-
-	$$oref = "";
-	$mf_var =~ s/\.o$/.obj/g;
-
-	foreach (split(/ /, $mf_var))
-		{
-		$$oref .= $asm_dir . $_ . " ";
-		}
-	$$oref =~ s/ $//;
-	$$sref = $$oref;
-	$$sref =~ s/\.obj/.asm/g;
-
-	}
-
-
-1;

Copied: vendor-crypto/openssl/1.0.1u/util/pl/VC-32.pl (from rev 11605, vendor-crypto/openssl/dist/util/pl/VC-32.pl)
===================================================================
--- vendor-crypto/openssl/1.0.1u/util/pl/VC-32.pl	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/util/pl/VC-32.pl	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,407 @@
+#!/usr/local/bin/perl
+# VC-32.pl - unified script for Microsoft Visual C++, covering Win32,
+# Win64 and WinCE [follow $FLAVOR variable to trace the differences].
+#
+
+$ssl=	"ssleay32";
+$crypto="libeay32";
+
+if ($fips && !$shlib)
+	{
+	$crypto="libeayfips32";
+	$crypto_compat = "libeaycompat32.lib";
+	}
+else
+	{
+	$crypto="libeay32";
+	}
+
+$o='\\';
+$cp='$(PERL) util/copy.pl';
+$mkdir='$(PERL) util/mkdir-p.pl';
+$rm='del /Q';
+
+$zlib_lib="zlib1.lib";
+
+# Santize -L options for ms link
+$l_flags =~ s/-L("\[^"]+")/\/libpath:$1/g;
+$l_flags =~ s/-L(\S+)/\/libpath:$1/g;
+
+my $ff = "";
+
+# C compiler stuff
+$cc='cl';
+if ($FLAVOR =~ /WIN64/)
+    {
+    # Note that we currently don't have /WX on Win64! There is a lot of
+    # warnings, but only of two types:
+    #
+    # C4344: conversion from '__int64' to 'int/long', possible loss of data
+    # C4267: conversion from 'size_t' to 'int/long', possible loss of data
+    #
+    # Amount of latter type is minimized by aliasing strlen to function of
+    # own desing and limiting its return value to 2GB-1 (see e_os.h). As
+    # per 0.9.8 release remaining warnings were explicitly examined and
+    # considered safe to ignore.
+    # 
+    $base_cflags= " $mf_cflag";
+    my $f = $shlib || $fips ?' /MD':' /MT';
+    $lib_cflag='/Zl' if (!$shlib);	# remove /DEFAULTLIBs from static lib
+    $opt_cflags=$f.' /Ox';
+    $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG';
+    $lflags="/nologo /subsystem:console /opt:ref";
+
+    *::perlasm_compile_target = sub {
+	my ($target,$source,$bname)=@_;
+	my $ret;
+
+	$bname =~ s/(.*)\.[^\.]$/$1/;
+	$ret=<<___;
+\$(TMP_D)$o$bname.asm: $source
+	set ASM=\$(ASM)
+	\$(PERL) $source \$\@
+
+$target: \$(TMP_D)$o$bname.asm
+	\$(ASM) $afile\$\@ \$(TMP_D)$o$bname.asm
+
+___
+	}
+    }
+elsif ($FLAVOR =~ /CE/)
+    {
+    # sanity check
+    die '%OSVERSION% is not defined'	if (!defined($ENV{'OSVERSION'}));
+    die '%PLATFORM% is not defined'	if (!defined($ENV{'PLATFORM'}));
+    die '%TARGETCPU% is not defined'	if (!defined($ENV{'TARGETCPU'}));
+
+    #
+    # Idea behind this is to mimic flags set by eVC++ IDE...
+    #
+    $wcevers = $ENV{'OSVERSION'};			# WCENNN
+    die '%OSVERSION% value is insane'	if ($wcevers !~ /^WCE([1-9])([0-9]{2})$/);
+    $wcecdefs = "-D_WIN32_WCE=$1$2 -DUNDER_CE=$1$2";	# -D_WIN32_WCE=NNN
+    $wcelflag = "/subsystem:windowsce,$1.$2";		# ...,N.NN
+
+    $wceplatf =  $ENV{'PLATFORM'};
+    $wceplatf =~ tr/a-z0-9 /A-Z0-9_/d;
+    $wcecdefs .= " -DWCE_PLATFORM_$wceplatf";
+
+    $wcetgt = $ENV{'TARGETCPU'};	# just shorter name...
+    SWITCH: for($wcetgt) {
+	/^X86/		&& do {	$wcecdefs.=" -Dx86 -D_X86_ -D_i386_ -Di_386_";
+				$wcelflag.=" /machine:IX86";	last; };
+	/^ARMV4[IT]/	&& do { $wcecdefs.=" -DARM -D_ARM_ -D$wcetgt";
+				$wcecdefs.=" -DTHUMB -D_THUMB_" if($wcetgt=~/T$/);
+				$wcecdefs.=" -QRarch4T -QRinterwork-return";
+				$wcelflag.=" /machine:THUMB";	last; };
+	/^ARM/		&& do {	$wcecdefs.=" -DARM -D_ARM_ -D$wcetgt";
+				$wcelflag.=" /machine:ARM";	last; };
+	/^MIPSIV/	&& do {	$wcecdefs.=" -DMIPS -D_MIPS_ -DR4000 -D$wcetgt";
+				$wcecdefs.=" -D_MIPS64 -QMmips4 -QMn32";
+				$wcelflag.=" /machine:MIPSFPU";	last; };
+	/^MIPS16/	&& do {	$wcecdefs.=" -DMIPS -D_MIPS_ -DR4000 -D$wcetgt";
+				$wcecdefs.=" -DMIPSII -QMmips16";
+				$wcelflag.=" /machine:MIPS16";	last; };
+	/^MIPSII/	&& do {	$wcecdefs.=" -DMIPS -D_MIPS_ -DR4000 -D$wcetgt";
+				$wcecdefs.=" -QMmips2";
+				$wcelflag.=" /machine:MIPS";	last; };
+	/^R4[0-9]{3}/	&& do {	$wcecdefs.=" -DMIPS -D_MIPS_ -DR4000";
+				$wcelflag.=" /machine:MIPS";	last; };
+	/^SH[0-9]/	&& do {	$wcecdefs.=" -D$wcetgt -D_$wcetgt_ -DSHx";
+				$wcecdefs.=" -Qsh4" if ($wcetgt =~ /^SH4/);
+				$wcelflag.=" /machine:$wcetgt";	last; };
+	{ $wcecdefs.=" -D$wcetgt -D_$wcetgt_";
+	  $wcelflag.=" /machine:$wcetgt";			last; };
+    }
+
+    $cc='$(CC)';
+    $base_cflags=' /W3 /WX /GF /Gy /nologo -DUNICODE -D_UNICODE -DOPENSSL_SYSNAME_WINCE -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DNO_CHMOD -DOPENSSL_SMALL_FOOTPRINT';
+    $base_cflags.=" $wcecdefs";
+    $base_cflags.=' -I$(WCECOMPAT)/include'		if (defined($ENV{'WCECOMPAT'}));
+    $base_cflags.=' -I$(PORTSDK_LIBPATH)/../../include'	if (defined($ENV{'PORTSDK_LIBPATH'}));
+    $opt_cflags=' /MC /O1i';	# optimize for space, but with intrinsics...
+    $dbg_cflags=' /MC /Od -DDEBUG -D_DEBUG';
+    $lflags="/nologo /opt:ref $wcelflag";
+    }
+else	# Win32
+    {
+    $base_cflags= " $mf_cflag";
+    my $f = $shlib || $fips ?' /MD':' /MT';
+    $lib_cflag='/Zl' if (!$shlib);	# remove /DEFAULTLIBs from static lib
+    $ff = "/fixed";
+    $opt_cflags=$f.' /Ox /O2 /Ob2';
+    $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG';
+    $lflags="/nologo /subsystem:console /opt:ref";
+    }
+$mlflags='';
+
+$out_def ="out32";	$out_def.="dll"			if ($shlib);
+			$out_def.='_$(TARGETCPU)'	if ($FLAVOR =~ /CE/);
+$tmp_def ="tmp32";	$tmp_def.="dll"			if ($shlib);
+			$tmp_def.='_$(TARGETCPU)'	if ($FLAVOR =~ /CE/);
+$inc_def="inc32";
+
+if ($debug)
+	{
+	$cflags=$dbg_cflags.$base_cflags;
+	}
+else
+	{
+	$cflags=$opt_cflags.$base_cflags;
+	}
+
+# generate symbols.pdb unconditionally
+$app_cflag.=" /Zi /Fd\$(TMP_D)/app";
+$lib_cflag.=" /Zi /Fd\$(TMP_D)/lib";
+$lflags.=" /debug";
+
+$obj='.obj';
+$asm_suffix='.asm';
+$ofile="/Fo";
+
+# EXE linking stuff
+$link="link";
+$rsc="rc";
+$efile="/out:";
+$exep='.exe';
+if ($no_sock)		{ $ex_libs=''; }
+elsif ($FLAVOR =~ /CE/)	{ $ex_libs='winsock.lib'; }
+else			{ $ex_libs='ws2_32.lib'; }
+
+if ($FLAVOR =~ /CE/)
+	{
+	$ex_libs.=' $(WCECOMPAT)/lib/wcecompatex.lib'	if (defined($ENV{'WCECOMPAT'}));
+	$ex_libs.=' $(PORTSDK_LIBPATH)/portlib.lib'	if (defined($ENV{'PORTSDK_LIBPATH'}));
+	$ex_libs.=' /nodefaultlib:oldnames.lib coredll.lib corelibc.lib' if ($ENV{'TARGETCPU'} eq "X86");
+	}
+else
+	{
+	$ex_libs.=' gdi32.lib advapi32.lib crypt32.lib user32.lib';
+	$ex_libs.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/ and `cl 2>&1` =~ /14\.00\.4[0-9]{4}\./);
+	# WIN32 UNICODE build gets linked with unicows.lib for
+	# backward compatibility with Win9x.
+	$ex_libs="unicows.lib $ex_libs" if ($FLAVOR =~ /WIN32/ and $cflags =~ /\-DUNICODE/);
+	}
+
+# static library stuff
+$mklib='lib /nologo';
+$ranlib='';
+$plib="";
+$libp=".lib";
+$shlibp=($shlib)?".dll":".lib";
+$lfile='/out:';
+
+$shlib_ex_obj="";
+$app_ex_obj="setargv.obj" if ($FLAVOR !~ /CE/);
+if ($FLAVOR =~ /WIN64A/) {
+	if (`nasm -v 2>NUL` =~ /NASM version ([0-9]+\.[0-9]+)/ && $1 >= 2.0) {
+		$asm='nasm -f win64 -DNEAR -Ox -g';
+		$afile='-o ';
+	} else {
+		$asm='ml64 /c /Cp /Cx /Zi';
+		$afile='/Fo';
+	}
+} elsif ($FLAVOR =~ /WIN64I/) {
+	$asm='ias -d debug';
+	$afile="-o ";
+} elsif ($nasm) {
+	my $ver=`nasm -v 2>NUL`;
+	my $vew=`nasmw -v 2>NUL`;
+	# pick newest version
+	$asm=($ver ge $vew?"nasm":"nasmw")." -f win32";
+	$asmtype="win32n";
+	$afile='-o ';
+} else {
+	$asm='ml /nologo /Cp /coff /c /Cx /Zi';
+	$afile='/Fo';
+	$asmtype="win32";
+}
+
+$bn_asm_obj='';
+$bn_asm_src='';
+$des_enc_obj='';
+$des_enc_src='';
+$bf_enc_obj='';
+$bf_enc_src='';
+
+if (!$no_asm)
+	{
+	win32_import_asm($mf_bn_asm, "bn", \$bn_asm_obj, \$bn_asm_src);
+	win32_import_asm($mf_aes_asm, "aes", \$aes_asm_obj, \$aes_asm_src);
+	win32_import_asm($mf_des_asm, "des", \$des_enc_obj, \$des_enc_src);
+	win32_import_asm($mf_bf_asm, "bf", \$bf_enc_obj, \$bf_enc_src);
+	win32_import_asm($mf_cast_asm, "cast", \$cast_enc_obj, \$cast_enc_src);
+	win32_import_asm($mf_rc4_asm, "rc4", \$rc4_enc_obj, \$rc4_enc_src);
+	win32_import_asm($mf_rc5_asm, "rc5", \$rc5_enc_obj, \$rc5_enc_src);
+	win32_import_asm($mf_md5_asm, "md5", \$md5_asm_obj, \$md5_asm_src);
+	win32_import_asm($mf_sha_asm, "sha", \$sha1_asm_obj, \$sha1_asm_src);
+	win32_import_asm($mf_rmd_asm, "ripemd", \$rmd160_asm_obj, \$rmd160_asm_src);
+	win32_import_asm($mf_wp_asm, "whrlpool", \$whirlpool_asm_obj, \$whirlpool_asm_src);
+	win32_import_asm($mf_cpuid_asm, "", \$cpuid_asm_obj, \$cpuid_asm_src);
+	$perl_asm = 1;
+	}
+
+if ($shlib && $FLAVOR !~ /CE/)
+	{
+	$mlflags.=" $lflags /dll";
+	$lib_cflag.=" -D_WINDLL";
+	#
+	# Engage Applink...
+	#
+	$app_ex_obj.=" \$(OBJ_D)\\applink.obj /implib:\$(TMP_D)\\junk.lib";
+	$cflags.=" -DOPENSSL_USE_APPLINK -I.";
+	# I'm open for better suggestions than overriding $banner...
+	$banner=<<'___';
+	@echo Building OpenSSL
+
+$(OBJ_D)\applink.obj:	ms\applink.c
+	$(CC) /Fo$(OBJ_D)\applink.obj $(APP_CFLAGS) -c ms\applink.c
+$(OBJ_D)\uplink.obj:	ms\uplink.c ms\applink.c
+	$(CC) /Fo$(OBJ_D)\uplink.obj $(SHLIB_CFLAGS) -c ms\uplink.c
+$(INCO_D)\applink.c:	ms\applink.c
+	$(CP) ms\applink.c $(INCO_D)\applink.c
+
+EXHEADER= $(EXHEADER) $(INCO_D)\applink.c
+
+LIBS_DEP=$(LIBS_DEP) $(OBJ_D)\applink.obj
+CRYPTOOBJ=$(OBJ_D)\uplink.obj $(CRYPTOOBJ)
+___
+	$banner.=<<'___' if ($FLAVOR =~ /WIN64/);
+CRYPTOOBJ=ms\uptable.obj $(CRYPTOOBJ)
+___
+	}
+elsif ($shlib && $FLAVOR =~ /CE/)
+	{
+	$mlflags.=" $lflags /dll";
+	$lflags.=' /entry:mainCRTstartup' if(defined($ENV{'PORTSDK_LIBPATH'}));
+	$lib_cflag.=" -D_WINDLL -D_DLL";
+	}
+
+sub do_lib_rule
+	{
+	my($objs,$target,$name,$shlib,$ign,$base_addr) = @_;
+	local($ret);
+
+	$taget =~ s/\//$o/g if $o ne '/';
+	my $base_arg;
+	if ($base_addr ne "")
+		{
+		$base_arg= " /base:$base_addr";
+		}
+	else
+		{
+		$base_arg = "";
+		}
+	if ($name ne "")
+		{
+		$name =~ tr/a-z/A-Z/;
+		$name = "/def:ms/${name}.def";
+		}
+
+#	$target="\$(LIB_D)$o$target";
+#	$ret.="$target: $objs\n";
+	if (!$shlib)
+		{
+#		$ret.="\t\$(RM) \$(O_$Name)\n";
+		$ret.="$target: $objs\n";
+		$ret.="\t\$(MKLIB) $lfile$target @<<\n  $objs\n<<\n";
+		}
+	else
+		{
+		local($ex)=($target =~ /O_CRYPTO/)?'':' $(L_CRYPTO)';
+		$ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/;
+
+ 		if ($fips && $target =~ /O_CRYPTO/)
+			{
+			$ret.="$target: $objs \$(PREMAIN_DSO_EXE)";
+			$ret.="\n\tSET FIPS_LINK=\$(LINK_CMD)\n";
+			$ret.="\tSET FIPS_CC=\$(CC)\n";
+			$ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
+			$ret.="\tSET PREMAIN_DSO_EXE=\$(PREMAIN_DSO_EXE)\n";
+			$ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
+			$ret.="\tSET FIPS_TARGET=$target\n";
+			$ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
+			$ret.="\t\$(FIPSLINK) \$(MLFLAGS) $ff /map $base_arg $efile$target ";
+			$ret.="$name @<<\n  \$(SHLIB_EX_OBJ) $objs \$(EX_LIBS) ";
+			$ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n<<\n";
+			}
+		else
+			{
+			$ret.="$target: $objs";
+			$ret.="\n\t\$(LINK_CMD) \$(MLFLAGS) $efile$target $name @<<\n  \$(SHLIB_EX_OBJ) $objs $ex \$(EX_LIBS)\n<<\n";
+			}
+		$ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;2\n\n";
+		}
+	$ret.="\n";
+	return($ret);
+	}
+
+sub do_link_rule
+	{
+	my($target,$files,$dep_libs,$libs,$standalone)=@_;
+	local($ret,$_);
+	$file =~ s/\//$o/g if $o ne '/';
+	$n=&bname($target);
+	$ret.="$target: $files $dep_libs";
+	if ($standalone == 1)
+		{
+		$ret.=" \$(OBJ_D)${o}applink.obj" if $shlib;
+		$ret.="\n";
+		$ret.="  \$(LINK_CMD) \$(LFLAGS) $efile$target @<<\n\t";
+		if ($files =~ /O_FIPSCANISTER/ && !$fipscanisterbuild) {
+			$ret.= "\$(EX_LIBS) ";
+			$ret.= "\$(OBJ_D)${o}applink.obj " if $shlib;
+		}
+		$ret.="$files $libs\n<<\n";
+		}
+	elsif ($standalone == 2)
+		{
+		$ret.="\n";
+		$ret.="\tSET FIPS_LINK=\$(LINK_CMD)\n";
+		$ret.="\tSET FIPS_CC=\$(CC)\n";
+		$ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
+		$ret.="\tSET PREMAIN_DSO_EXE=\n";
+		$ret.="\tSET FIPS_TARGET=$target\n";
+		$ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
+		$ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
+		$ret.="\t\$(FIPSLINK) \$(LFLAGS) $ff /map $efile$target @<<\n";
+		$ret.="\t\$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n<<\n";
+		}
+	else
+		{
+		$ret.="\n";
+		$ret.="\t\$(LINK_CMD) \$(LFLAGS) $efile$target @<<\n";
+		$ret.="\t\$(APP_EX_OBJ) $files $libs\n<<\n";
+		}
+    	$ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;1\n\n";
+	return($ret);
+	}
+
+sub win32_import_asm
+	{
+	my ($mf_var, $asm_name, $oref, $sref) = @_;
+	my $asm_dir;
+	if ($asm_name eq "")
+		{
+		$asm_dir = "crypto\\";
+		}
+	else
+		{
+		$asm_dir = "crypto\\$asm_name\\asm\\";
+		}
+
+	$$oref = "";
+	$mf_var =~ s/\.o$/.obj/g;
+
+	foreach (split(/ /, $mf_var))
+		{
+		$$oref .= $asm_dir . $_ . " ";
+		}
+	$$oref =~ s/ $//;
+	$$sref = $$oref;
+	$$sref =~ s/\.obj/.asm/g;
+
+	}
+
+
+1;

Deleted: vendor-crypto/openssl/1.0.1u/util/pl/linux.pl
===================================================================
--- vendor-crypto/openssl/dist/util/pl/linux.pl	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/util/pl/linux.pl	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,104 +0,0 @@
-#!/usr/local/bin/perl
-#
-# linux.pl - the standard unix makefile stuff.
-#
-
-$o='/';
-$cp='/bin/cp';
-$rm='/bin/rm -f';
-
-# C compiler stuff
-
-$cc='gcc';
-if ($debug)
-	{ $cflags="-g2 -ggdb -DREF_CHECK -DCRYPTO_MDEBUG"; }
-elsif ($profile)
-	{ $cflags="-pg -O3"; }
-else
-	{ $cflags="-O3 -fomit-frame-pointer"; }
-
-if (!$no_asm)
-	{
-	$bn_asm_obj='$(OBJ_D)/bn86-elf.o';
-	$bn_asm_src='crypto/bn/asm/bn86unix.cpp';
-	$bnco_asm_obj='$(OBJ_D)/co86-elf.o';
-	$bnco_asm_src='crypto/bn/asm/co86unix.cpp';
-	$des_enc_obj='$(OBJ_D)/dx86-elf.o $(OBJ_D)/yx86-elf.o';
-	$des_enc_src='crypto/des/asm/dx86unix.cpp crypto/des/asm/yx86unix.cpp';
-	$bf_enc_obj='$(OBJ_D)/bx86-elf.o';
-	$bf_enc_src='crypto/bf/asm/bx86unix.cpp';
-	$cast_enc_obj='$(OBJ_D)/cx86-elf.o';
-	$cast_enc_src='crypto/cast/asm/cx86unix.cpp';
-	$rc4_enc_obj='$(OBJ_D)/rx86-elf.o';
-	$rc4_enc_src='crypto/rc4/asm/rx86unix.cpp';
-	$rc5_enc_obj='$(OBJ_D)/r586-elf.o';
-	$rc5_enc_src='crypto/rc5/asm/r586unix.cpp';
-	$md5_asm_obj='$(OBJ_D)/mx86-elf.o';
-	$md5_asm_src='crypto/md5/asm/mx86unix.cpp';
-	$rmd160_asm_obj='$(OBJ_D)/rm86-elf.o';
-	$rmd160_asm_src='crypto/ripemd/asm/rm86unix.cpp';
-	$sha1_asm_obj='$(OBJ_D)/sx86-elf.o';
-	$sha1_asm_src='crypto/sha/asm/sx86unix.cpp';
-	$cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DOPENSSL_BN_ASM_PART_WORDS";
-	}
-
-$cflags.=" -DTERMIO -DL_ENDIAN -m486 -Wall";
-
-if ($shlib)
-	{
-	$shl_cflag=" -DPIC -fpic";
-	$shlibp=".so.$ssl_version";
-	$so_shlibp=".so";
-	}
-
-sub do_shlib_rule
-	{
-	local($obj,$target,$name,$shlib,$so_name)=@_;
-	local($ret,$_,$Name);
-
-	$target =~ s/\//$o/g if $o ne '/';
-	($Name=$name) =~ tr/a-z/A-Z/;
-
-	$ret.="$target: \$(${Name}OBJ)\n";
-	$ret.="\t\$(RM) target\n";
-	$ret.="\tgcc \${CFLAGS} -shared -Wl,-soname,$target -o $target \$(${Name}OBJ)\n";
-	($t=$target) =~ s/(^.*)\/[^\/]*$/$1/;
-	if ($so_name ne "")
-		{
-		$ret.="\t\$(RM) \$(LIB_D)$o$so_name\n";
-		$ret.="\tln -s $target \$(LIB_D)$o$so_name\n\n";
-		}
-	}
-
-sub do_link_rule
-	{
-	local($target,$files,$dep_libs,$libs)=@_;
-	local($ret,$_);
-	
-	$file =~ s/\//$o/g if $o ne '/';
-	$n=&bname($target);
-	$ret.="$target: $files $dep_libs\n";
-	$ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n";
-	return($ret);
-	}
-
-sub do_asm_rule
-	{
-	local($target,$src)=@_;
-	local($ret, at s, at t,$i);
-
-	$target =~ s/\//$o/g if $o ne "/";
-	$src =~ s/\//$o/g if $o ne "/";
-
-	@s=split(/\s+/,$src);
-	@t=split(/\s+/,$target);
-
-	for ($i=0; $i<=$#s; $i++)
-		{
-		$ret.="$t[$i]: $s[$i]\n";
-		$ret.="\tgcc -E -DELF \$(SRC_D)$o$s[$i]|\$(AS) $afile$t[$i]\n\n";
-		}
-	return($ret);
-	}
-
-1;

Copied: vendor-crypto/openssl/1.0.1u/util/pl/linux.pl (from rev 11605, vendor-crypto/openssl/dist/util/pl/linux.pl)
===================================================================
--- vendor-crypto/openssl/1.0.1u/util/pl/linux.pl	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/util/pl/linux.pl	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,104 @@
+#!/usr/local/bin/perl
+#
+# linux.pl - the standard unix makefile stuff.
+#
+
+$o='/';
+$cp='/bin/cp';
+$rm='/bin/rm -f';
+
+# C compiler stuff
+
+$cc='gcc';
+if ($debug)
+	{ $cflags="-g2 -ggdb -DREF_CHECK -DCRYPTO_MDEBUG"; }
+elsif ($profile)
+	{ $cflags="-pg -O3"; }
+else
+	{ $cflags="-O3 -fomit-frame-pointer"; }
+
+if (!$no_asm)
+	{
+	$bn_asm_obj='$(OBJ_D)/bn86-elf.o';
+	$bn_asm_src='crypto/bn/asm/bn86unix.cpp';
+	$bnco_asm_obj='$(OBJ_D)/co86-elf.o';
+	$bnco_asm_src='crypto/bn/asm/co86unix.cpp';
+	$des_enc_obj='$(OBJ_D)/dx86-elf.o $(OBJ_D)/yx86-elf.o';
+	$des_enc_src='crypto/des/asm/dx86unix.cpp crypto/des/asm/yx86unix.cpp';
+	$bf_enc_obj='$(OBJ_D)/bx86-elf.o';
+	$bf_enc_src='crypto/bf/asm/bx86unix.cpp';
+	$cast_enc_obj='$(OBJ_D)/cx86-elf.o';
+	$cast_enc_src='crypto/cast/asm/cx86unix.cpp';
+	$rc4_enc_obj='$(OBJ_D)/rx86-elf.o';
+	$rc4_enc_src='crypto/rc4/asm/rx86unix.cpp';
+	$rc5_enc_obj='$(OBJ_D)/r586-elf.o';
+	$rc5_enc_src='crypto/rc5/asm/r586unix.cpp';
+	$md5_asm_obj='$(OBJ_D)/mx86-elf.o';
+	$md5_asm_src='crypto/md5/asm/mx86unix.cpp';
+	$rmd160_asm_obj='$(OBJ_D)/rm86-elf.o';
+	$rmd160_asm_src='crypto/ripemd/asm/rm86unix.cpp';
+	$sha1_asm_obj='$(OBJ_D)/sx86-elf.o';
+	$sha1_asm_src='crypto/sha/asm/sx86unix.cpp';
+	$cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DOPENSSL_BN_ASM_PART_WORDS";
+	}
+
+$cflags.=" -DTERMIO -DL_ENDIAN -m486 -Wall";
+
+if ($shlib)
+	{
+	$shl_cflag=" -DPIC -fpic";
+	$shlibp=".so.$ssl_version";
+	$so_shlibp=".so";
+	}
+
+sub do_shlib_rule
+	{
+	local($obj,$target,$name,$shlib,$so_name)=@_;
+	local($ret,$_,$Name);
+
+	$target =~ s/\//$o/g if $o ne '/';
+	($Name=$name) =~ tr/a-z/A-Z/;
+
+	$ret.="$target: \$(${Name}OBJ)\n";
+	$ret.="\t\$(RM) target\n";
+	$ret.="\tgcc \${CFLAGS} -shared -Wl,-soname,$target -o $target \$(${Name}OBJ)\n";
+	($t=$target) =~ s/(^.*)\/[^\/]*$/$1/;
+	if ($so_name ne "")
+		{
+		$ret.="\t\$(RM) \$(LIB_D)$o$so_name\n";
+		$ret.="\tln -s $target \$(LIB_D)$o$so_name\n\n";
+		}
+	}
+
+sub do_link_rule
+	{
+	local($target,$files,$dep_libs,$libs)=@_;
+	local($ret,$_);
+	
+	$file =~ s/\//$o/g if $o ne '/';
+	$n=&bname($target);
+	$ret.="$target: $files $dep_libs\n";
+	$ret.="\t\$(LINK_CMD) ${efile}$target \$(LFLAGS) $files $libs\n\n";
+	return($ret);
+	}
+
+sub do_asm_rule
+	{
+	local($target,$src)=@_;
+	local($ret, at s, at t,$i);
+
+	$target =~ s/\//$o/g if $o ne "/";
+	$src =~ s/\//$o/g if $o ne "/";
+
+	@s=split(/\s+/,$src);
+	@t=split(/\s+/,$target);
+
+	for ($i=0; $i<=$#s; $i++)
+		{
+		$ret.="$t[$i]: $s[$i]\n";
+		$ret.="\tgcc -E -DELF \$(SRC_D)$o$s[$i]|\$(AS) $afile$t[$i]\n\n";
+		}
+	return($ret);
+	}
+
+1;

Deleted: vendor-crypto/openssl/1.0.1u/util/pl/netware.pl
===================================================================
--- vendor-crypto/openssl/dist/util/pl/netware.pl	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/util/pl/netware.pl	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,532 +0,0 @@
-# Metrowerks Codewarrior or gcc / nlmconv for NetWare
-#
-
-$version_header = "crypto/opensslv.h";
-open(IN, "$version_header") or die "Couldn't open $version_header: $!";
-while (<IN>) {
-  if (/^#define[\s\t]+OPENSSL_VERSION_NUMBER[\s\t]+0x(\d)(\d{2})(\d{2})(\d{2})/)
-  {
-    # die "OpenSSL version detected: $1.$2.$3.$4\n";
-    #$nlmvernum = "$1,$2,$3";
-    $nlmvernum = "$1,".($2*10+$3).",".($4*1);
-    #$nlmverstr = "$1.".($2*1).".".($3*1).($4?(chr(96+$4)):"");
-    break;
-  }
-}
-close(IN) or die "Couldn't close $version_header: $!";
-
-$readme_file = "README";
-open(IN, $readme_file) or die "Couldn't open $readme_file: $!";
-while (<IN>) {
-  if (/^[\s\t]+OpenSSL[\s\t]+(\d)\.(\d{1,2})\.(\d{1,2})([a-z])(.*)/)
-  {
-    #$nlmvernum = "$1,$2,$3";
-    #$nlmvernum = "$1,".($2*10+$3).",".($4*1);
-    $nlmverstr = "$1.$2.$3$4$5";
-  }
-  elsif (/^[\s\t]+(Copyright \(c\) \d{4}\-\d{4} The OpenSSL Project)$/)
-  {
-    $nlmcpystr = $1;
-  }
-  break if ($nlmvernum && $nlmcpystr);
-}
-close(IN) or die "Couldn't close $readme_file: $!";
-
-# Define stacksize here
-$nlmstack = "32768";
-
-# some default settings here in case we failed to find them in README
-$nlmvernum = "1,0,0" if (!$nlmvernum);
-$nlmverstr = "OpenSSL" if (!$nlmverstr);
-$nlmcpystr = "Copyright (c) 1998-now The OpenSSL Project" if (!$nlmcpystr);
-
-# die "OpenSSL copyright: $nlmcpystr\nOpenSSL verstring: $nlmverstr\nOpenSSL vernumber: $nlmvernum\n";
-
-# The import files and other misc imports needed to link
- at misc_imports = ("GetProcessSwitchCount", "RunningProcess",
-                 "GetSuperHighResolutionTimer");
-if ($LIBC)
-{
-   @import_files = ("libc.imp");
-   @module_files = ("libc");
-   $libarch = "LIBC";
-}
-else
-{
-   # clib build
-   @import_files = ("clib.imp");
-   push(@import_files, "socklib.imp") if ($BSDSOCK);
-   @module_files = ("clib");
-   # push(@misc_imports, "_rt_modu64%16", "_rt_divu64%16");
-   $libarch = "CLIB";
-}
-if ($BSDSOCK)
-{
-   $libarch .= "-BSD";
-}
-else
-{
-   $libarch .= "-WS2";
-   push(@import_files, "ws2nlm.imp");
-}
-
-# The "IMPORTS" environment variable must be set and point to the location
-# where import files (*.imp) can be found.
-# Example:  set IMPORTS=c:\ndk\nwsdk\imports
-$import_path = $ENV{"IMPORTS"} || die ("IMPORTS environment variable not set\n");
-
-
-# The "PRELUDE" environment variable must be set and point to the location
-# and name of the prelude source to link with ( nwpre.obj is recommended ).
-# Example: set PRELUDE=c:\codewar\novell support\metrowerks support\libraries\runtime\nwpre.obj
-$prelude = $ENV{"PRELUDE"} || die ("PRELUDE environment variable not set\n");
-
-# The "INCLUDES" environment variable must be set and point to the location
-# where import files (*.imp) can be found.
-$include_path = $ENV{"INCLUDE"} || die ("INCLUDES environment variable not set\n");
-$include_path =~ s/\\/\//g;
-$include_path = join(" -I", split(/;/, $include_path));
-
-# check for gcc compiler
-$gnuc = $ENV{"GNUC"};
-
-#$ssl=   "ssleay32";
-#$crypto="libeay32";
-
-if ($gnuc)
-{
-   # C compiler
-   $cc='gcc';
-   # Linker
-   $link='nlmconv';
-   # librarian
-   $mklib='ar';
-   $o='/';
-   # cp command
-   $cp='cp -af';
-   # rm command
-   $rm='rm -f';
-   # mv command
-   $mv='mv -f';
-   # mkdir command
-   $mkdir='gmkdir';
-   #$ranlib='ranlib';
-}
-else
-{
-   # C compiler
-   $cc='mwccnlm';
-   # Linker
-   $link='mwldnlm';
-   # librarian
-   $mklib='mwldnlm';
-   # Path separator
-   $o='\\';
-   # cp command
-   $cp='copy >nul:';
-   # rm command
-   $rm='del /f /q';
-}
-
-# assembler
-if ($nw_nasm)
-{
-   $asm=(`nasm -v 2>NUL` gt `nasmw -v 2>NUL`?"nasm":"nasmw");
-   if ($gnuc)
-   {
-      $asm.=" -s -f elf";
-   }
-   else
-   {
-      $asm.=" -s -f coff -d __coff__";
-   }
-   $afile="-o ";
-   $asm.=" -g" if $debug;
-}
-elsif ($nw_mwasm)
-{
-   $asm="mwasmnlm -maxerrors 20";
-   $afile="-o ";
-   $asm.=" -g" if $debug;
-}
-elsif ($nw_masm)
-{
-# masm assembly settings - it should be possible to use masm but haven't
-# got it working.
-# $asm='ml /Cp /coff /c /Cx';
-# $asm.=" /Zi" if $debug;
-# $afile='/Fo';
-   die("Support for masm assembler not yet functional\n");
-}
-else
-{
-   $asm="";
-   $afile="";
-}
-
-
-
-if ($gnuc)
-{
-   # compile flags for GNUC
-   # additional flags based upon debug | non-debug
-   if ($debug)
-   {
-      $cflags="-g -DDEBUG";
-   }
-   else
-   {
-      $cflags="-O2";
-   }
-   $cflags.=" -nostdinc -I$include_path \\
-         -fno-builtin -fpcc-struct-return -fno-strict-aliasing \\
-         -funsigned-char -Wall -Wno-unused -Wno-uninitialized";
-
-   # link flags
-   $lflags="-T";
-}
-else
-{
-   # compile flags for CodeWarrior
-   # additional flags based upon debug | non-debug
-   if ($debug)
-   {
-      $cflags="-opt off -g -sym internal -DDEBUG";
-   }
-   else
-   {
-   # CodeWarrior compiler has a problem with optimizations for floating
-   # points - no optimizations until further investigation
-   #      $cflags="-opt all";
-   }
-
-   # NOTES: Several c files in the crypto subdirectory include headers from
-   #        their local directories.  Metrowerks wouldn't find these h files
-   #        without adding individual include directives as compile flags
-   #        or modifying the c files.  Instead of adding individual include
-   #        paths for each subdirectory a recursive include directive
-   #        is used ( -ir crypto ).
-   #
-   #        A similar issue exists for the engines and apps subdirectories.
-   #
-   #        Turned off the "possible" warnings ( -w nopossible ).  Metrowerks
-   #        complained a lot about various stuff.  May want to turn back
-   #        on for further development.
-   $cflags.=" -nostdinc -ir crypto -ir ssl -ir engines -ir apps -I$include_path \\
-         -msgstyle gcc -align 4 -processor pentium -char unsigned \\
-         -w on -w nolargeargs -w nopossible -w nounusedarg -w nounusedexpr \\
-         -w noimplicitconv -relax_pointers -nosyspath -maxerrors 20";
-
-   # link flags
-   $lflags="-msgstyle gcc -zerobss -nostdlib -sym internal -commandfile";
-}
-
-# common defines
-$cflags.=" -DL_ENDIAN -DOPENSSL_SYSNAME_NETWARE -U_WIN32";
-
-# If LibC build add in NKS_LIBC define and set the entry/exit
-# routines - The default entry/exit routines are for CLib and don't exist
-# in LibC
-if ($LIBC)
-{
-   $cflags.=" -DNETWARE_LIBC";
-   $nlmstart = "_LibCPrelude";
-   $nlmexit = "_LibCPostlude";
-   @nlm_flags = ("pseudopreemption", "flag_on 64");
-}
-else
-{
-   $cflags.=" -DNETWARE_CLIB";
-   $nlmstart = "_Prelude";
-   $nlmexit = "_Stop";
-}
-
-# If BSD Socket support is requested, set a define for the compiler
-if ($BSDSOCK)
-{
-   $cflags.=" -DNETWARE_BSDSOCK";
-   if (!$LIBC)
-   {
-      $cflags.=" -DNETDB_USE_INTERNET";
-   }
-}
-
-
-# linking stuff
-# for the output directories use the mk1mf.pl values with "_nw" appended
-if ($shlib)
-{
-   if ($LIBC)
-   {
-      $out_def.="_nw_libc_nlm";
-      $tmp_def.="_nw_libc_nlm";
-      $inc_def.="_nw_libc_nlm";
-   }
-   else  # NETWARE_CLIB
-   {
-      $out_def.="_nw_clib_nlm";
-      $tmp_def.="_nw_clib_nlm";
-      $inc_def.="_nw_clib_nlm";
-   }
-}
-else
-{
-   if ($gnuc) # GNUC Tools
-   {
-      $libp=".a";
-      $shlibp=".a";
-      $lib_flags="-cr";
-   }
-   else       # CodeWarrior
-   {
-      $libp=".lib";
-      $shlibp=".lib";
-      $lib_flags="-nodefaults -type library -o";
-   }
-   if ($LIBC)
-   {
-      $out_def.="_nw_libc";
-      $tmp_def.="_nw_libc";
-      $inc_def.="_nw_libc";
-   }
-   else  # NETWARE_CLIB
-   {
-      $out_def.="_nw_clib";
-      $tmp_def.="_nw_clib";
-      $inc_def.="_nw_clib";
-   }
-}
-
-# used by mk1mf.pl
-$obj='.o';
-$ofile='-o ';
-$efile='';
-$exep='.nlm';
-$ex_libs='';
-
-if (!$no_asm)
-{
-   $bn_asm_obj="\$(OBJ_D)${o}bn-nw${obj}";
-   $bn_asm_src="crypto${o}bn${o}asm${o}bn-nw.asm";
-   $bnco_asm_obj="\$(OBJ_D)${o}co-nw${obj}";
-   $bnco_asm_src="crypto${o}bn${o}asm${o}co-nw.asm";
-   $aes_asm_obj="\$(OBJ_D)${o}a-nw${obj}";
-   $aes_asm_src="crypto${o}aes${o}asm${o}a-nw.asm";
-   $des_enc_obj="\$(OBJ_D)${o}d-nw${obj} \$(OBJ_D)${o}y-nw${obj}";
-   $des_enc_src="crypto${o}des${o}asm${o}d-nw.asm crypto${o}des${o}asm${o}y-nw.asm";
-   $bf_enc_obj="\$(OBJ_D)${o}b-nw${obj}";
-   $bf_enc_src="crypto${o}bf${o}asm${o}b-nw.asm";
-   $cast_enc_obj="\$(OBJ_D)${o}c-nw${obj}";
-   $cast_enc_src="crypto${o}cast${o}asm${o}c-nw.asm";
-   $rc4_enc_obj="\$(OBJ_D)${o}r4-nw${obj}";
-   $rc4_enc_src="crypto${o}rc4${o}asm${o}r4-nw.asm";
-   $rc5_enc_obj="\$(OBJ_D)${o}r5-nw${obj}";
-   $rc5_enc_src="crypto${o}rc5${o}asm${o}r5-nw.asm";
-   $md5_asm_obj="\$(OBJ_D)${o}m5-nw${obj}";
-   $md5_asm_src="crypto${o}md5${o}asm${o}m5-nw.asm";
-   $sha1_asm_obj="\$(OBJ_D)${o}s1-nw${obj} \$(OBJ_D)${o}sha256-nw${obj} \$(OBJ_D)${o}sha512-nw${obj}";
-   $sha1_asm_src="crypto${o}sha${o}asm${o}s1-nw.asm crypto${o}sha${o}asm${o}sha256-nw.asm crypto${o}sha${o}asm${o}sha512-nw.asm";
-   $rmd160_asm_obj="\$(OBJ_D)${o}rm-nw${obj}";
-   $rmd160_asm_src="crypto${o}ripemd${o}asm${o}rm-nw.asm";
-   $whirlpool_asm_obj="\$(OBJ_D)${o}wp-nw${obj}";
-   $whirlpool_asm_src="crypto${o}whrlpool${o}asm${o}wp-nw.asm";
-   $cpuid_asm_obj="\$(OBJ_D)${o}x86cpuid-nw${obj}";
-   $cpuid_asm_src="crypto${o}x86cpuid-nw.asm";
-   $cflags.=" -DOPENSSL_CPUID_OBJ -DBN_ASM -DOPENSSL_BN_ASM_PART_WORDS -DMD5_ASM -DWHIRLPOOL_ASM";
-   $cflags.=" -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM";
-   $cflags.=" -DAES_ASM -DRMD160_ASM";
-}
-else
-{
-   $bn_asm_obj='';
-   $bn_asm_src='';
-   $bnco_asm_obj='';
-   $bnco_asm_src='';
-   $aes_asm_obj='';
-   $aes_asm_src='';
-   $des_enc_obj='';
-   $des_enc_src='';
-   $bf_enc_obj='';
-   $bf_enc_src='';
-   $cast_enc_obj='';
-   $cast_enc_src='';
-   $rc4_enc_obj='';
-   $rc4_enc_src='';
-   $rc5_enc_obj='';
-   $rc5_enc_src='';
-   $md5_asm_obj='';
-   $md5_asm_src='';
-   $sha1_asm_obj='';
-   $sha1_asm_src='';
-   $rmd160_asm_obj='';
-   $rmd160_asm_src='';
-   $whirlpool_asm_obj='';
-   $whirlpool_asm_src='';
-   $cpuid_asm_obj='';
-   $cpuid_asm_src='';
-}
-
-# create the *.def linker command files in \openssl\netware\ directory
-sub do_def_file
-{
-   # strip off the leading path
-   my($target) = bname(shift);
-   my($i);
-
-   if ($target =~ /(.*).nlm/)
-   {
-      $target = $1;
-   }
-
-   # special case for openssl - the mk1mf.pl defines E_EXE = openssl
-   if ($target =~ /E_EXE/)
-   {
-      $target =~ s/\$\(E_EXE\)/openssl/;
-   }
-
-   # Note: originally tried to use full path ( \openssl\netware\$target.def )
-   # Metrowerks linker choked on this with an assertion failure. bug???
-   #
-   my($def_file) = "netware${o}$target.def";
-
-   open(DEF_OUT, ">$def_file") || die("unable to open file $def_file\n");
-
-   print( DEF_OUT "# command file generated by netware.pl for NLM target.\n" );
-   print( DEF_OUT "# do not edit this file - all your changes will be lost!!\n" );
-   print( DEF_OUT "#\n");
-   print( DEF_OUT "DESCRIPTION \"$target ($libarch) - OpenSSL $nlmverstr\"\n");
-   print( DEF_OUT "COPYRIGHT \"$nlmcpystr\"\n");
-   print( DEF_OUT "VERSION $nlmvernum\n");
-   print( DEF_OUT "STACK $nlmstack\n");
-   print( DEF_OUT "START $nlmstart\n");
-   print( DEF_OUT "EXIT $nlmexit\n");
-
-   # special case for openssl
-   if ($target eq "openssl")
-   {
-      print( DEF_OUT "SCREENNAME \"OpenSSL $nlmverstr\"\n");
-   }
-   else
-   {
-      print( DEF_OUT "SCREENNAME \"DEFAULT\"\n");
-   }
-
-   foreach $i (@misc_imports)
-   {
-      print( DEF_OUT "IMPORT $i\n");
-   }
-
-   foreach $i (@import_files)
-   {
-      print( DEF_OUT "IMPORT \@$import_path${o}$i\n");
-   }
-
-   foreach $i (@module_files)
-   {
-      print( DEF_OUT "MODULE $i\n");
-   }
-
-   foreach $i (@nlm_flags)
-   {
-      print( DEF_OUT "$i\n");
-   }
-
-   if ($gnuc)
-   {
-      if ($target =~ /openssl/)
-      {
-         print( DEF_OUT "INPUT ${tmp_def}${o}openssl${obj}\n");
-         print( DEF_OUT "INPUT ${tmp_def}${o}openssl${libp}\n");
-      }
-      else
-      {
-         print( DEF_OUT "INPUT ${tmp_def}${o}${target}${obj}\n");
-      }
-      print( DEF_OUT "INPUT $prelude\n");
-      print( DEF_OUT "INPUT ${out_def}${o}${ssl}${libp} ${out_def}${o}${crypto}${libp}\n");
-      print( DEF_OUT "OUTPUT $target.nlm\n");
-   }
-
-   close(DEF_OUT);
-   return($def_file);
-}
-
-sub do_lib_rule
-{
-   my($objs,$target,$name,$shlib)=@_;
-   my($ret);
-
-   $ret.="$target: $objs\n";
-   if (!$shlib)
-   {
-      $ret.="\t\@echo Building Lib: $name\n";
-      $ret.="\t\$(MKLIB) $lib_flags $target $objs\n";
-      $ret.="\t\@echo .\n"
-   }
-   else
-   {
-      die( "Building as NLM not currently supported!" );
-   }
-
-   $ret.="\n";
-   return($ret);
-}
-
-sub do_link_rule
-{
-   my($target,$files,$dep_libs,$libs)=@_;
-   my($ret);
-   my($def_file) = do_def_file($target);
-
-   $ret.="$target: $files $dep_libs\n";
-
-   # NOTE:  When building the test nlms no screen name is given
-   #  which causes the console screen to be used.  By using the console
-   #  screen there is no "<press any key to continue>" message which
-   #  requires user interaction.  The test script ( do_tests.pl ) needs
-   #  to be able to run the tests without requiring user interaction.
-   #
-   #  However, the sample program "openssl.nlm" is used by the tests and is
-   #  a interactive sample so a screen is desired when not be run by the
-   #  tests.  To solve the problem, two versions of the program are built:
-   #    openssl2 - no screen used by tests
-   #    openssl - default screen - use for normal interactive modes
-   #
-
-   # special case for openssl - the mk1mf.pl defines E_EXE = openssl
-   if ($target =~ /E_EXE/)
-   {
-      my($target2) = $target;
-
-      $target2 =~ s/\(E_EXE\)/\(E_EXE\)2/;
-
-      # openssl2
-      my($def_file2) = do_def_file($target2);
-
-      if ($gnuc)
-      {
-         $ret.="\t\$(MKLIB) $lib_flags \$(TMP_D)${o}\$(E_EXE).a \$(filter-out \$(TMP_D)${o}\$(E_EXE)${obj},$files)\n";
-         $ret.="\t\$(LINK) \$(LFLAGS) $def_file2\n";
-         $ret.="\t\@$mv \$(E_EXE)2.nlm \$(TEST_D)\n";
-      }
-      else
-      {
-         $ret.="\t\$(LINK) \$(LFLAGS) $def_file2 $files \"$prelude\" $libs -o $target2\n";
-      }
-   }
-   if ($gnuc)
-   {
-      $ret.="\t\$(LINK) \$(LFLAGS) $def_file\n";
-      $ret.="\t\@$mv \$(\@F) \$(TEST_D)\n";
-   }
-   else
-   {
-      $ret.="\t\$(LINK) \$(LFLAGS) $def_file $files \"$prelude\" $libs -o $target\n";
-   }
-
-   $ret.="\n";
-   return($ret);
-
-}
-
-1;

Copied: vendor-crypto/openssl/1.0.1u/util/pl/netware.pl (from rev 11605, vendor-crypto/openssl/dist/util/pl/netware.pl)
===================================================================
--- vendor-crypto/openssl/1.0.1u/util/pl/netware.pl	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/util/pl/netware.pl	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,532 @@
+# Metrowerks Codewarrior or gcc / nlmconv for NetWare
+#
+
+$version_header = "crypto/opensslv.h";
+open(IN, "$version_header") or die "Couldn't open $version_header: $!";
+while (<IN>) {
+  if (/^#define[\s\t]+OPENSSL_VERSION_NUMBER[\s\t]+0x(\d)(\d{2})(\d{2})(\d{2})/)
+  {
+    # die "OpenSSL version detected: $1.$2.$3.$4\n";
+    #$nlmvernum = "$1,$2,$3";
+    $nlmvernum = "$1,".($2*10+$3).",".($4*1);
+    #$nlmverstr = "$1.".($2*1).".".($3*1).($4?(chr(96+$4)):"");
+    break;
+  }
+}
+close(IN) or die "Couldn't close $version_header: $!";
+
+$readme_file = "README";
+open(IN, $readme_file) or die "Couldn't open $readme_file: $!";
+while (<IN>) {
+  if (/^[\s\t]+OpenSSL[\s\t]+(\d)\.(\d{1,2})\.(\d{1,2})([a-z])(.*)/)
+  {
+    #$nlmvernum = "$1,$2,$3";
+    #$nlmvernum = "$1,".($2*10+$3).",".($4*1);
+    $nlmverstr = "$1.$2.$3$4$5";
+  }
+  elsif (/^[\s\t]+(Copyright \(c\) \d{4}\-\d{4} The OpenSSL Project)$/)
+  {
+    $nlmcpystr = $1;
+  }
+  break if ($nlmvernum && $nlmcpystr);
+}
+close(IN) or die "Couldn't close $readme_file: $!";
+
+# Define stacksize here
+$nlmstack = "32768";
+
+# some default settings here in case we failed to find them in README
+$nlmvernum = "1,0,0" if (!$nlmvernum);
+$nlmverstr = "OpenSSL" if (!$nlmverstr);
+$nlmcpystr = "Copyright (c) 1998-now The OpenSSL Project" if (!$nlmcpystr);
+
+# die "OpenSSL copyright: $nlmcpystr\nOpenSSL verstring: $nlmverstr\nOpenSSL vernumber: $nlmvernum\n";
+
+# The import files and other misc imports needed to link
+ at misc_imports = ("GetProcessSwitchCount", "RunningProcess",
+                 "GetSuperHighResolutionTimer");
+if ($LIBC)
+{
+   @import_files = ("libc.imp");
+   @module_files = ("libc");
+   $libarch = "LIBC";
+}
+else
+{
+   # clib build
+   @import_files = ("clib.imp");
+   push(@import_files, "socklib.imp") if ($BSDSOCK);
+   @module_files = ("clib");
+   # push(@misc_imports, "_rt_modu64%16", "_rt_divu64%16");
+   $libarch = "CLIB";
+}
+if ($BSDSOCK)
+{
+   $libarch .= "-BSD";
+}
+else
+{
+   $libarch .= "-WS2";
+   push(@import_files, "ws2nlm.imp");
+}
+
+# The "IMPORTS" environment variable must be set and point to the location
+# where import files (*.imp) can be found.
+# Example:  set IMPORTS=c:\ndk\nwsdk\imports
+$import_path = $ENV{"IMPORTS"} || die ("IMPORTS environment variable not set\n");
+
+
+# The "PRELUDE" environment variable must be set and point to the location
+# and name of the prelude source to link with ( nwpre.obj is recommended ).
+# Example: set PRELUDE=c:\codewar\novell support\metrowerks support\libraries\runtime\nwpre.obj
+$prelude = $ENV{"PRELUDE"} || die ("PRELUDE environment variable not set\n");
+
+# The "INCLUDES" environment variable must be set and point to the location
+# where import files (*.imp) can be found.
+$include_path = $ENV{"INCLUDE"} || die ("INCLUDES environment variable not set\n");
+$include_path =~ s/\\/\//g;
+$include_path = join(" -I", split(/;/, $include_path));
+
+# check for gcc compiler
+$gnuc = $ENV{"GNUC"};
+
+#$ssl=   "ssleay32";
+#$crypto="libeay32";
+
+if ($gnuc)
+{
+   # C compiler
+   $cc='gcc';
+   # Linker
+   $link='nlmconv';
+   # librarian
+   $mklib='ar';
+   $o='/';
+   # cp command
+   $cp='cp -af';
+   # rm command
+   $rm='rm -f';
+   # mv command
+   $mv='mv -f';
+   # mkdir command
+   $mkdir='gmkdir';
+   #$ranlib='ranlib';
+}
+else
+{
+   # C compiler
+   $cc='mwccnlm';
+   # Linker
+   $link='mwldnlm';
+   # librarian
+   $mklib='mwldnlm';
+   # Path separator
+   $o='\\';
+   # cp command
+   $cp='copy >nul:';
+   # rm command
+   $rm='del /f /q';
+}
+
+# assembler
+if ($nw_nasm)
+{
+   $asm=(`nasm -v 2>NUL` gt `nasmw -v 2>NUL`?"nasm":"nasmw");
+   if ($gnuc)
+   {
+      $asm.=" -s -f elf";
+   }
+   else
+   {
+      $asm.=" -s -f coff -d __coff__";
+   }
+   $afile="-o ";
+   $asm.=" -g" if $debug;
+}
+elsif ($nw_mwasm)
+{
+   $asm="mwasmnlm -maxerrors 20";
+   $afile="-o ";
+   $asm.=" -g" if $debug;
+}
+elsif ($nw_masm)
+{
+# masm assembly settings - it should be possible to use masm but haven't
+# got it working.
+# $asm='ml /Cp /coff /c /Cx';
+# $asm.=" /Zi" if $debug;
+# $afile='/Fo';
+   die("Support for masm assembler not yet functional\n");
+}
+else
+{
+   $asm="";
+   $afile="";
+}
+
+
+
+if ($gnuc)
+{
+   # compile flags for GNUC
+   # additional flags based upon debug | non-debug
+   if ($debug)
+   {
+      $cflags="-g -DDEBUG";
+   }
+   else
+   {
+      $cflags="-O2";
+   }
+   $cflags.=" -nostdinc -I$include_path \\
+         -fno-builtin -fpcc-struct-return -fno-strict-aliasing \\
+         -funsigned-char -Wall -Wno-unused -Wno-uninitialized";
+
+   # link flags
+   $lflags="-T";
+}
+else
+{
+   # compile flags for CodeWarrior
+   # additional flags based upon debug | non-debug
+   if ($debug)
+   {
+      $cflags="-opt off -g -sym internal -DDEBUG";
+   }
+   else
+   {
+   # CodeWarrior compiler has a problem with optimizations for floating
+   # points - no optimizations until further investigation
+   #      $cflags="-opt all";
+   }
+
+   # NOTES: Several c files in the crypto subdirectory include headers from
+   #        their local directories.  Metrowerks wouldn't find these h files
+   #        without adding individual include directives as compile flags
+   #        or modifying the c files.  Instead of adding individual include
+   #        paths for each subdirectory a recursive include directive
+   #        is used ( -ir crypto ).
+   #
+   #        A similar issue exists for the engines and apps subdirectories.
+   #
+   #        Turned off the "possible" warnings ( -w nopossible ).  Metrowerks
+   #        complained a lot about various stuff.  May want to turn back
+   #        on for further development.
+   $cflags.=" -nostdinc -ir crypto -ir ssl -ir engines -ir apps -I$include_path \\
+         -msgstyle gcc -align 4 -processor pentium -char unsigned \\
+         -w on -w nolargeargs -w nopossible -w nounusedarg -w nounusedexpr \\
+         -w noimplicitconv -relax_pointers -nosyspath -maxerrors 20";
+
+   # link flags
+   $lflags="-msgstyle gcc -zerobss -nostdlib -sym internal -commandfile";
+}
+
+# common defines
+$cflags.=" -DL_ENDIAN -DOPENSSL_SYSNAME_NETWARE -U_WIN32";
+
+# If LibC build add in NKS_LIBC define and set the entry/exit
+# routines - The default entry/exit routines are for CLib and don't exist
+# in LibC
+if ($LIBC)
+{
+   $cflags.=" -DNETWARE_LIBC";
+   $nlmstart = "_LibCPrelude";
+   $nlmexit = "_LibCPostlude";
+   @nlm_flags = ("pseudopreemption", "flag_on 64");
+}
+else
+{
+   $cflags.=" -DNETWARE_CLIB";
+   $nlmstart = "_Prelude";
+   $nlmexit = "_Stop";
+}
+
+# If BSD Socket support is requested, set a define for the compiler
+if ($BSDSOCK)
+{
+   $cflags.=" -DNETWARE_BSDSOCK";
+   if (!$LIBC)
+   {
+      $cflags.=" -DNETDB_USE_INTERNET";
+   }
+}
+
+
+# linking stuff
+# for the output directories use the mk1mf.pl values with "_nw" appended
+if ($shlib)
+{
+   if ($LIBC)
+   {
+      $out_def.="_nw_libc_nlm";
+      $tmp_def.="_nw_libc_nlm";
+      $inc_def.="_nw_libc_nlm";
+   }
+   else  # NETWARE_CLIB
+   {
+      $out_def.="_nw_clib_nlm";
+      $tmp_def.="_nw_clib_nlm";
+      $inc_def.="_nw_clib_nlm";
+   }
+}
+else
+{
+   if ($gnuc) # GNUC Tools
+   {
+      $libp=".a";
+      $shlibp=".a";
+      $lib_flags="-cr";
+   }
+   else       # CodeWarrior
+   {
+      $libp=".lib";
+      $shlibp=".lib";
+      $lib_flags="-nodefaults -type library -o";
+   }
+   if ($LIBC)
+   {
+      $out_def.="_nw_libc";
+      $tmp_def.="_nw_libc";
+      $inc_def.="_nw_libc";
+   }
+   else  # NETWARE_CLIB
+   {
+      $out_def.="_nw_clib";
+      $tmp_def.="_nw_clib";
+      $inc_def.="_nw_clib";
+   }
+}
+
+# used by mk1mf.pl
+$obj='.o';
+$ofile='-o ';
+$efile='';
+$exep='.nlm';
+$ex_libs='';
+
+if (!$no_asm)
+{
+   $bn_asm_obj="\$(OBJ_D)${o}bn-nw${obj}";
+   $bn_asm_src="crypto${o}bn${o}asm${o}bn-nw.asm";
+   $bnco_asm_obj="\$(OBJ_D)${o}co-nw${obj}";
+   $bnco_asm_src="crypto${o}bn${o}asm${o}co-nw.asm";
+   $aes_asm_obj="\$(OBJ_D)${o}a-nw${obj}";
+   $aes_asm_src="crypto${o}aes${o}asm${o}a-nw.asm";
+   $des_enc_obj="\$(OBJ_D)${o}d-nw${obj} \$(OBJ_D)${o}y-nw${obj}";
+   $des_enc_src="crypto${o}des${o}asm${o}d-nw.asm crypto${o}des${o}asm${o}y-nw.asm";
+   $bf_enc_obj="\$(OBJ_D)${o}b-nw${obj}";
+   $bf_enc_src="crypto${o}bf${o}asm${o}b-nw.asm";
+   $cast_enc_obj="\$(OBJ_D)${o}c-nw${obj}";
+   $cast_enc_src="crypto${o}cast${o}asm${o}c-nw.asm";
+   $rc4_enc_obj="\$(OBJ_D)${o}r4-nw${obj}";
+   $rc4_enc_src="crypto${o}rc4${o}asm${o}r4-nw.asm";
+   $rc5_enc_obj="\$(OBJ_D)${o}r5-nw${obj}";
+   $rc5_enc_src="crypto${o}rc5${o}asm${o}r5-nw.asm";
+   $md5_asm_obj="\$(OBJ_D)${o}m5-nw${obj}";
+   $md5_asm_src="crypto${o}md5${o}asm${o}m5-nw.asm";
+   $sha1_asm_obj="\$(OBJ_D)${o}s1-nw${obj} \$(OBJ_D)${o}sha256-nw${obj} \$(OBJ_D)${o}sha512-nw${obj}";
+   $sha1_asm_src="crypto${o}sha${o}asm${o}s1-nw.asm crypto${o}sha${o}asm${o}sha256-nw.asm crypto${o}sha${o}asm${o}sha512-nw.asm";
+   $rmd160_asm_obj="\$(OBJ_D)${o}rm-nw${obj}";
+   $rmd160_asm_src="crypto${o}ripemd${o}asm${o}rm-nw.asm";
+   $whirlpool_asm_obj="\$(OBJ_D)${o}wp-nw${obj}";
+   $whirlpool_asm_src="crypto${o}whrlpool${o}asm${o}wp-nw.asm";
+   $cpuid_asm_obj="\$(OBJ_D)${o}x86cpuid-nw${obj}";
+   $cpuid_asm_src="crypto${o}x86cpuid-nw.asm";
+   $cflags.=" -DOPENSSL_CPUID_OBJ -DBN_ASM -DOPENSSL_BN_ASM_PART_WORDS -DMD5_ASM -DWHIRLPOOL_ASM";
+   $cflags.=" -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM";
+   $cflags.=" -DAES_ASM -DRMD160_ASM";
+}
+else
+{
+   $bn_asm_obj='';
+   $bn_asm_src='';
+   $bnco_asm_obj='';
+   $bnco_asm_src='';
+   $aes_asm_obj='';
+   $aes_asm_src='';
+   $des_enc_obj='';
+   $des_enc_src='';
+   $bf_enc_obj='';
+   $bf_enc_src='';
+   $cast_enc_obj='';
+   $cast_enc_src='';
+   $rc4_enc_obj='';
+   $rc4_enc_src='';
+   $rc5_enc_obj='';
+   $rc5_enc_src='';
+   $md5_asm_obj='';
+   $md5_asm_src='';
+   $sha1_asm_obj='';
+   $sha1_asm_src='';
+   $rmd160_asm_obj='';
+   $rmd160_asm_src='';
+   $whirlpool_asm_obj='';
+   $whirlpool_asm_src='';
+   $cpuid_asm_obj='';
+   $cpuid_asm_src='';
+}
+
+# create the *.def linker command files in \openssl\netware\ directory
+sub do_def_file
+{
+   # strip off the leading path
+   my($target) = bname(shift);
+   my($i);
+
+   if ($target =~ /(.*).nlm/)
+   {
+      $target = $1;
+   }
+
+   # special case for openssl - the mk1mf.pl defines E_EXE = openssl
+   if ($target =~ /E_EXE/)
+   {
+      $target =~ s/\$\(E_EXE\)/openssl/;
+   }
+
+   # Note: originally tried to use full path ( \openssl\netware\$target.def )
+   # Metrowerks linker choked on this with an assertion failure. bug???
+   #
+   my($def_file) = "netware${o}$target.def";
+
+   open(DEF_OUT, ">$def_file") || die("unable to open file $def_file\n");
+
+   print( DEF_OUT "# command file generated by netware.pl for NLM target.\n" );
+   print( DEF_OUT "# do not edit this file - all your changes will be lost!!\n" );
+   print( DEF_OUT "#\n");
+   print( DEF_OUT "DESCRIPTION \"$target ($libarch) - OpenSSL $nlmverstr\"\n");
+   print( DEF_OUT "COPYRIGHT \"$nlmcpystr\"\n");
+   print( DEF_OUT "VERSION $nlmvernum\n");
+   print( DEF_OUT "STACK $nlmstack\n");
+   print( DEF_OUT "START $nlmstart\n");
+   print( DEF_OUT "EXIT $nlmexit\n");
+
+   # special case for openssl
+   if ($target eq "openssl")
+   {
+      print( DEF_OUT "SCREENNAME \"OpenSSL $nlmverstr\"\n");
+   }
+   else
+   {
+      print( DEF_OUT "SCREENNAME \"DEFAULT\"\n");
+   }
+
+   foreach $i (@misc_imports)
+   {
+      print( DEF_OUT "IMPORT $i\n");
+   }
+
+   foreach $i (@import_files)
+   {
+      print( DEF_OUT "IMPORT \@$import_path${o}$i\n");
+   }
+
+   foreach $i (@module_files)
+   {
+      print( DEF_OUT "MODULE $i\n");
+   }
+
+   foreach $i (@nlm_flags)
+   {
+      print( DEF_OUT "$i\n");
+   }
+
+   if ($gnuc)
+   {
+      if ($target =~ /openssl/)
+      {
+         print( DEF_OUT "INPUT ${tmp_def}${o}openssl${obj}\n");
+         print( DEF_OUT "INPUT ${tmp_def}${o}openssl${libp}\n");
+      }
+      else
+      {
+         print( DEF_OUT "INPUT ${tmp_def}${o}${target}${obj}\n");
+      }
+      print( DEF_OUT "INPUT $prelude\n");
+      print( DEF_OUT "INPUT ${out_def}${o}${ssl}${libp} ${out_def}${o}${crypto}${libp}\n");
+      print( DEF_OUT "OUTPUT $target.nlm\n");
+   }
+
+   close(DEF_OUT);
+   return($def_file);
+}
+
+sub do_lib_rule
+{
+   my($objs,$target,$name,$shlib)=@_;
+   my($ret);
+
+   $ret.="$target: $objs\n";
+   if (!$shlib)
+   {
+      $ret.="\t\@echo Building Lib: $name\n";
+      $ret.="\t\$(MKLIB) $lib_flags $target $objs\n";
+      $ret.="\t\@echo .\n"
+   }
+   else
+   {
+      die( "Building as NLM not currently supported!" );
+   }
+
+   $ret.="\n";
+   return($ret);
+}
+
+sub do_link_rule
+{
+   my($target,$files,$dep_libs,$libs)=@_;
+   my($ret);
+   my($def_file) = do_def_file($target);
+
+   $ret.="$target: $files $dep_libs\n";
+
+   # NOTE:  When building the test nlms no screen name is given
+   #  which causes the console screen to be used.  By using the console
+   #  screen there is no "<press any key to continue>" message which
+   #  requires user interaction.  The test script ( do_tests.pl ) needs
+   #  to be able to run the tests without requiring user interaction.
+   #
+   #  However, the sample program "openssl.nlm" is used by the tests and is
+   #  a interactive sample so a screen is desired when not be run by the
+   #  tests.  To solve the problem, two versions of the program are built:
+   #    openssl2 - no screen used by tests
+   #    openssl - default screen - use for normal interactive modes
+   #
+
+   # special case for openssl - the mk1mf.pl defines E_EXE = openssl
+   if ($target =~ /E_EXE/)
+   {
+      my($target2) = $target;
+
+      $target2 =~ s/\(E_EXE\)/\(E_EXE\)2/;
+
+      # openssl2
+      my($def_file2) = do_def_file($target2);
+
+      if ($gnuc)
+      {
+         $ret.="\t\$(MKLIB) $lib_flags \$(TMP_D)${o}\$(E_EXE).a \$(filter-out \$(TMP_D)${o}\$(E_EXE)${obj},$files)\n";
+         $ret.="\t\$(LINK_CMD) \$(LFLAGS) $def_file2\n";
+         $ret.="\t\@$mv \$(E_EXE)2.nlm \$(TEST_D)\n";
+      }
+      else
+      {
+         $ret.="\t\$(LINK_CMD) \$(LFLAGS) $def_file2 $files \"$prelude\" $libs -o $target2\n";
+      }
+   }
+   if ($gnuc)
+   {
+      $ret.="\t\$(LINK_CMD) \$(LFLAGS) $def_file\n";
+      $ret.="\t\@$mv \$(\@F) \$(TEST_D)\n";
+   }
+   else
+   {
+      $ret.="\t\$(LINK_CMD) \$(LFLAGS) $def_file $files \"$prelude\" $libs -o $target\n";
+   }
+
+   $ret.="\n";
+   return($ret);
+
+}
+
+1;

Deleted: vendor-crypto/openssl/1.0.1u/util/pl/ultrix.pl
===================================================================
--- vendor-crypto/openssl/dist/util/pl/ultrix.pl	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/util/pl/ultrix.pl	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,38 +0,0 @@
-#!/usr/local/bin/perl
-#
-# linux.pl - the standard unix makefile stuff.
-#
-
-$o='/';
-$cp='/bin/cp';
-$rm='/bin/rm -f';
-
-# C compiler stuff
-
-$cc='cc';
-if ($debug)
-	{ $cflags="-g -DREF_CHECK -DCRYPTO_MDEBUG"; }
-else
-	{ $cflags="-O2"; }
-
-$cflags.=" -std1 -DL_ENDIAN";
-
-if (!$no_asm)
-	{
-	$bn_asm_obj='$(OBJ_D)/mips1.o';
-	$bn_asm_src='crypto/bn/asm/mips1.s';
-	}
-
-sub do_link_rule
-	{
-	local($target,$files,$dep_libs,$libs)=@_;
-	local($ret,$_);
-	
-	$file =~ s/\//$o/g if $o ne '/';
-	$n=&bname($target);
-	$ret.="$target: $files $dep_libs\n";
-	$ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n";
-	return($ret);
-	}
-
-1;

Copied: vendor-crypto/openssl/1.0.1u/util/pl/ultrix.pl (from rev 11605, vendor-crypto/openssl/dist/util/pl/ultrix.pl)
===================================================================
--- vendor-crypto/openssl/1.0.1u/util/pl/ultrix.pl	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/util/pl/ultrix.pl	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,38 @@
+#!/usr/local/bin/perl
+#
+# linux.pl - the standard unix makefile stuff.
+#
+
+$o='/';
+$cp='/bin/cp';
+$rm='/bin/rm -f';
+
+# C compiler stuff
+
+$cc='cc';
+if ($debug)
+	{ $cflags="-g -DREF_CHECK -DCRYPTO_MDEBUG"; }
+else
+	{ $cflags="-O2"; }
+
+$cflags.=" -std1 -DL_ENDIAN";
+
+if (!$no_asm)
+	{
+	$bn_asm_obj='$(OBJ_D)/mips1.o';
+	$bn_asm_src='crypto/bn/asm/mips1.s';
+	}
+
+sub do_link_rule
+	{
+	local($target,$files,$dep_libs,$libs)=@_;
+	local($ret,$_);
+	
+	$file =~ s/\//$o/g if $o ne '/';
+	$n=&bname($target);
+	$ret.="$target: $files $dep_libs\n";
+	$ret.="\t\$(LINK_CMD) ${efile}$target \$(LFLAGS) $files $libs\n\n";
+	return($ret);
+	}
+
+1;

Deleted: vendor-crypto/openssl/1.0.1u/util/pl/unix.pl
===================================================================
--- vendor-crypto/openssl/dist/util/pl/unix.pl	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/util/pl/unix.pl	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,96 +0,0 @@
-#!/usr/local/bin/perl
-#
-# unix.pl - the standard unix makefile stuff.
-#
-
-$o='/';
-$cp='/bin/cp';
-$rm='/bin/rm -f';
-
-# C compiler stuff
-
-if ($gcc)
-	{
-	$cc='gcc';
-	if ($debug)
-		{ $cflags="-g2 -ggdb"; }
-	else
-		{ $cflags="-O3 -fomit-frame-pointer"; }
-	}
-else
-	{
-	$cc='cc';
-	if ($debug)
-		{ $cflags="-g"; }
-	else
-		{ $cflags="-O"; }
-	}
-$obj='.o';
-$ofile='-o ';
-
-# EXE linking stuff
-$link='${CC}';
-$lflags='${CFLAGS}';
-$efile='-o ';
-$exep='';
-$ex_libs="";
-
-# static library stuff
-$mklib='ar r';
-$mlflags='';
-$ranlib=&which("ranlib") or $ranlib="true";
-$plib='lib';
-$libp=".a";
-$shlibp=".a";
-$lfile='';
-
-$asm='as';
-$afile='-o ';
-$bn_asm_obj="";
-$bn_asm_src="";
-$des_enc_obj="";
-$des_enc_src="";
-$bf_enc_obj="";
-$bf_enc_src="";
-
-sub do_lib_rule
-	{
-	local($obj,$target,$name,$shlib)=@_;
-	local($ret,$_,$Name);
-
-	$target =~ s/\//$o/g if $o ne '/';
-	$target="$target";
-	($Name=$name) =~ tr/a-z/A-Z/;
-
-	$ret.="$target: \$(${Name}OBJ)\n";
-	$ret.="\t\$(RM) $target\n";
-	$ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n";
-	$ret.="\t\$(RANLIB) $target\n\n";
-	}
-
-sub do_link_rule
-	{
-	local($target,$files,$dep_libs,$libs)=@_;
-	local($ret,$_);
-	
-	$file =~ s/\//$o/g if $o ne '/';
-	$n=&bname($target);
-	$ret.="$target: $files $dep_libs\n";
-	$ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n";
-	return($ret);
-	}
-
-sub which
-	{
-	my ($name)=@_;
-	my $path;
-	foreach $path (split /:/, $ENV{PATH})
-		{
-		if (-x "$path/$name")
-			{
-			return "$path/$name";
-			}
-		}
-	}
-
-1;

Copied: vendor-crypto/openssl/1.0.1u/util/pl/unix.pl (from rev 11605, vendor-crypto/openssl/dist/util/pl/unix.pl)
===================================================================
--- vendor-crypto/openssl/1.0.1u/util/pl/unix.pl	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/util/pl/unix.pl	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,96 @@
+#!/usr/local/bin/perl
+#
+# unix.pl - the standard unix makefile stuff.
+#
+
+$o='/';
+$cp='/bin/cp';
+$rm='/bin/rm -f';
+
+# C compiler stuff
+
+if ($gcc)
+	{
+	$cc='gcc';
+	if ($debug)
+		{ $cflags="-g2 -ggdb"; }
+	else
+		{ $cflags="-O3 -fomit-frame-pointer"; }
+	}
+else
+	{
+	$cc='cc';
+	if ($debug)
+		{ $cflags="-g"; }
+	else
+		{ $cflags="-O"; }
+	}
+$obj='.o';
+$ofile='-o ';
+
+# EXE linking stuff
+$link='${CC}';
+$lflags='${CFLAGS}';
+$efile='-o ';
+$exep='';
+$ex_libs="";
+
+# static library stuff
+$mklib='ar r';
+$mlflags='';
+$ranlib=&which("ranlib") or $ranlib="true";
+$plib='lib';
+$libp=".a";
+$shlibp=".a";
+$lfile='';
+
+$asm='as';
+$afile='-o ';
+$bn_asm_obj="";
+$bn_asm_src="";
+$des_enc_obj="";
+$des_enc_src="";
+$bf_enc_obj="";
+$bf_enc_src="";
+
+sub do_lib_rule
+	{
+	local($obj,$target,$name,$shlib)=@_;
+	local($ret,$_,$Name);
+
+	$target =~ s/\//$o/g if $o ne '/';
+	$target="$target";
+	($Name=$name) =~ tr/a-z/A-Z/;
+
+	$ret.="$target: \$(${Name}OBJ)\n";
+	$ret.="\t\$(RM) $target\n";
+	$ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n";
+	$ret.="\t\$(RANLIB) $target\n\n";
+	}
+
+sub do_link_rule
+	{
+	local($target,$files,$dep_libs,$libs)=@_;
+	local($ret,$_);
+	
+	$file =~ s/\//$o/g if $o ne '/';
+	$n=&bname($target);
+	$ret.="$target: $files $dep_libs\n";
+	$ret.="\t\$(LINK_CMD) ${efile}$target \$(LFLAGS) $files $libs\n\n";
+	return($ret);
+	}
+
+sub which
+	{
+	my ($name)=@_;
+	my $path;
+	foreach $path (split /:/, $ENV{PATH})
+		{
+		if (-x "$path/$name")
+			{
+			return "$path/$name";
+			}
+		}
+	}
+
+1;

Deleted: vendor-crypto/openssl/1.0.1u/util/ssleay.num
===================================================================
--- vendor-crypto/openssl/dist/util/ssleay.num	2018-07-08 16:09:31 UTC (rev 11604)
+++ vendor-crypto/openssl/1.0.1u/util/ssleay.num	2018-07-08 16:17:13 UTC (rev 11606)
@@ -1,323 +0,0 @@
-ERR_load_SSL_strings                    1	EXIST::FUNCTION:
-SSL_CIPHER_description                  2	EXIST::FUNCTION:
-SSL_CTX_add_client_CA                   3	EXIST::FUNCTION:
-SSL_CTX_add_session                     4	EXIST::FUNCTION:
-SSL_CTX_check_private_key               5	EXIST::FUNCTION:
-SSL_CTX_ctrl                            6	EXIST::FUNCTION:
-SSL_CTX_flush_sessions                  7	EXIST::FUNCTION:
-SSL_CTX_free                            8	EXIST::FUNCTION:
-SSL_CTX_get_client_CA_list              9	EXIST::FUNCTION:
-SSL_CTX_get_verify_callback             10	EXIST::FUNCTION:
-SSL_CTX_get_verify_mode                 11	EXIST::FUNCTION:
-SSL_CTX_new                             12	EXIST::FUNCTION:
-SSL_CTX_remove_session                  13	EXIST::FUNCTION:
-SSL_CTX_set_cipher_list                 15	EXIST::FUNCTION:
-SSL_CTX_set_client_CA_list              16	EXIST::FUNCTION:
-SSL_CTX_set_default_passwd_cb           17	EXIST::FUNCTION:
-SSL_CTX_set_ssl_version                 19	EXIST::FUNCTION:
-SSL_CTX_set_verify                      21	EXIST::FUNCTION:
-SSL_CTX_use_PrivateKey                  22	EXIST::FUNCTION:
-SSL_CTX_use_PrivateKey_ASN1             23	EXIST::FUNCTION:
-SSL_CTX_use_PrivateKey_file             24	EXIST::FUNCTION:STDIO
-SSL_CTX_use_RSAPrivateKey               25	EXIST::FUNCTION:RSA
-SSL_CTX_use_RSAPrivateKey_ASN1          26	EXIST::FUNCTION:RSA
-SSL_CTX_use_RSAPrivateKey_file          27	EXIST::FUNCTION:RSA,STDIO
-SSL_CTX_use_certificate                 28	EXIST::FUNCTION:
-SSL_CTX_use_certificate_ASN1            29	EXIST::FUNCTION:
-SSL_CTX_use_certificate_file            30	EXIST::FUNCTION:STDIO
-SSL_SESSION_free                        31	EXIST::FUNCTION:
-SSL_SESSION_new                         32	EXIST::FUNCTION:
-SSL_SESSION_print                       33	EXIST::FUNCTION:BIO
-SSL_SESSION_print_fp                    34	EXIST::FUNCTION:FP_API
-SSL_accept                              35	EXIST::FUNCTION:
-SSL_add_client_CA                       36	EXIST::FUNCTION:
-SSL_alert_desc_string                   37	EXIST::FUNCTION:
-SSL_alert_desc_string_long              38	EXIST::FUNCTION:
-SSL_alert_type_string                   39	EXIST::FUNCTION:
-SSL_alert_type_string_long              40	EXIST::FUNCTION:
-SSL_check_private_key                   41	EXIST::FUNCTION:
-SSL_clear                               42	EXIST::FUNCTION:
-SSL_connect                             43	EXIST::FUNCTION:
-SSL_copy_session_id                     44	EXIST::FUNCTION:
-SSL_ctrl                                45	EXIST::FUNCTION:
-SSL_dup                                 46	EXIST::FUNCTION:
-SSL_dup_CA_list                         47	EXIST::FUNCTION:
-SSL_free                                48	EXIST::FUNCTION:
-SSL_get_certificate                     49	EXIST::FUNCTION:
-SSL_get_cipher_list                     52	EXIST::FUNCTION:
-SSL_get_ciphers                         55	EXIST::FUNCTION:
-SSL_get_client_CA_list                  56	EXIST::FUNCTION:
-SSL_get_default_timeout                 57	EXIST::FUNCTION:
-SSL_get_error                           58	EXIST::FUNCTION:
-SSL_get_fd                              59	EXIST::FUNCTION:
-SSL_get_peer_cert_chain                 60	EXIST::FUNCTION:
-SSL_get_peer_certificate                61	EXIST::FUNCTION:
-SSL_get_rbio                            63	EXIST::FUNCTION:BIO
-SSL_get_read_ahead                      64	EXIST::FUNCTION:
-SSL_get_shared_ciphers                  65	EXIST::FUNCTION:
-SSL_get_ssl_method                      66	EXIST::FUNCTION:
-SSL_get_verify_callback                 69	EXIST::FUNCTION:
-SSL_get_verify_mode                     70	EXIST::FUNCTION:
-SSL_get_version                         71	EXIST::FUNCTION:
-SSL_get_wbio                            72	EXIST::FUNCTION:BIO
-SSL_load_client_CA_file                 73	EXIST::FUNCTION:STDIO
-SSL_load_error_strings                  74	EXIST::FUNCTION:
-SSL_new                                 75	EXIST::FUNCTION:
-SSL_peek                                76	EXIST::FUNCTION:
-SSL_pending                             77	EXIST::FUNCTION:
-SSL_read                                78	EXIST::FUNCTION:
-SSL_renegotiate                         79	EXIST::FUNCTION:
-SSL_rstate_string                       80	EXIST::FUNCTION:
-SSL_rstate_string_long                  81	EXIST::FUNCTION:
-SSL_set_accept_state                    82	EXIST::FUNCTION:
-SSL_set_bio                             83	EXIST::FUNCTION:BIO
-SSL_set_cipher_list                     84	EXIST::FUNCTION:
-SSL_set_client_CA_list                  85	EXIST::FUNCTION:
-SSL_set_connect_state                   86	EXIST::FUNCTION:
-SSL_set_fd                              87	EXIST::FUNCTION:SOCK
-SSL_set_read_ahead                      88	EXIST::FUNCTION:
-SSL_set_rfd                             89	EXIST::FUNCTION:SOCK
-SSL_set_session                         90	EXIST::FUNCTION:
-SSL_set_ssl_method                      91	EXIST::FUNCTION:
-SSL_set_verify                          94	EXIST::FUNCTION:
-SSL_set_wfd                             95	EXIST::FUNCTION:SOCK
-SSL_shutdown                            96	EXIST::FUNCTION:
-SSL_state_string                        97	EXIST::FUNCTION:
-SSL_state_string_long                   98	EXIST::FUNCTION:
-SSL_use_PrivateKey                      99	EXIST::FUNCTION:
-SSL_use_PrivateKey_ASN1                 100	EXIST::FUNCTION:
-SSL_use_PrivateKey_file                 101	EXIST::FUNCTION:STDIO
-SSL_use_RSAPrivateKey                   102	EXIST::FUNCTION:RSA
-SSL_use_RSAPrivateKey_ASN1              103	EXIST::FUNCTION:RSA
-SSL_use_RSAPrivateKey_file              104	EXIST::FUNCTION:RSA,STDIO
-SSL_use_certificate                     105	EXIST::FUNCTION:
-SSL_use_certificate_ASN1                106	EXIST::FUNCTION:
-SSL_use_certificate_file                107	EXIST::FUNCTION:STDIO
-SSL_write                               108	EXIST::FUNCTION:
-SSLeay_add_ssl_algorithms               109	NOEXIST::FUNCTION:
-SSLv23_client_method                    110	EXIST::FUNCTION:RSA
-SSLv23_method                           111	EXIST::FUNCTION:RSA
-SSLv23_server_method                    112	EXIST::FUNCTION:RSA
-SSLv2_client_method                     113	EXIST::FUNCTION:RSA,SSL2
-SSLv2_method                            114	EXIST::FUNCTION:RSA,SSL2
-SSLv2_server_method                     115	EXIST::FUNCTION:RSA,SSL2
-SSLv3_client_method                     116	EXIST::FUNCTION:SSL3_METHOD
-SSLv3_method                            117	EXIST::FUNCTION:SSL3_METHOD
-SSLv3_server_method                     118	EXIST::FUNCTION:SSL3_METHOD
-d2i_SSL_SESSION                         119	EXIST::FUNCTION:
-i2d_SSL_SESSION                         120	EXIST::FUNCTION:
-BIO_f_ssl                               121	EXIST::FUNCTION:BIO
-BIO_new_ssl                             122	EXIST::FUNCTION:BIO
-BIO_proxy_ssl_copy_session_id           123	NOEXIST::FUNCTION:
-BIO_ssl_copy_session_id                 124	EXIST::FUNCTION:BIO
-SSL_do_handshake                        125	EXIST::FUNCTION:
-SSL_get_privatekey                      126	EXIST::FUNCTION:
-SSL_get_current_cipher                  127	EXIST::FUNCTION:
-SSL_CIPHER_get_bits                     128	EXIST::FUNCTION:
-SSL_CIPHER_get_version                  129	EXIST::FUNCTION:
-SSL_CIPHER_get_name                     130	EXIST::FUNCTION:
-BIO_ssl_shutdown                        131	EXIST::FUNCTION:BIO
-SSL_SESSION_cmp                         132	NOEXIST::FUNCTION:
-SSL_SESSION_hash                        133	NOEXIST::FUNCTION:
-SSL_SESSION_get_time                    134	EXIST::FUNCTION:
-SSL_SESSION_set_time                    135	EXIST::FUNCTION:
-SSL_SESSION_get_timeout                 136	EXIST::FUNCTION:
-SSL_SESSION_set_timeout                 137	EXIST::FUNCTION:
-SSL_CTX_get_ex_data                     138	EXIST::FUNCTION:
-SSL_CTX_get_quiet_shutdown              140	EXIST::FUNCTION:
-SSL_CTX_load_verify_locations           141	EXIST::FUNCTION:
-SSL_CTX_set_default_verify_paths        142	EXIST:!VMS:FUNCTION:
-SSL_CTX_set_def_verify_paths            142	EXIST:VMS:FUNCTION:
-SSL_CTX_set_ex_data                     143	EXIST::FUNCTION:
-SSL_CTX_set_quiet_shutdown              145	EXIST::FUNCTION:
-SSL_SESSION_get_ex_data                 146	EXIST::FUNCTION:
-SSL_SESSION_set_ex_data                 148	EXIST::FUNCTION:
-SSL_get_SSL_CTX                         150	EXIST::FUNCTION:
-SSL_get_ex_data                         151	EXIST::FUNCTION:
-SSL_get_quiet_shutdown                  153	EXIST::FUNCTION:
-SSL_get_session                         154	EXIST::FUNCTION:
-SSL_get_shutdown                        155	EXIST::FUNCTION:
-SSL_get_verify_result                   157	EXIST::FUNCTION:
-SSL_set_ex_data                         158	EXIST::FUNCTION:
-SSL_set_info_callback                   160	EXIST::FUNCTION:
-SSL_set_quiet_shutdown                  161	EXIST::FUNCTION:
-SSL_set_shutdown                        162	EXIST::FUNCTION:
-SSL_set_verify_result                   163	EXIST::FUNCTION:
-SSL_version                             164	EXIST::FUNCTION:
-SSL_get_info_callback                   165	EXIST::FUNCTION:
-SSL_state                               166	EXIST::FUNCTION:
-SSL_CTX_get_ex_new_index                167	EXIST::FUNCTION:
-SSL_SESSION_get_ex_new_index            168	EXIST::FUNCTION:
-SSL_get_ex_new_index                    169	EXIST::FUNCTION:
-TLSv1_method                            170	EXIST::FUNCTION:
-TLSv1_server_method                     171	EXIST::FUNCTION:
-TLSv1_client_method                     172	EXIST::FUNCTION:
-BIO_new_buffer_ssl_connect              173	EXIST::FUNCTION:BIO
-BIO_new_ssl_connect                     174	EXIST::FUNCTION:BIO
-SSL_get_ex_data_X509_STORE_CTX_idx      175	EXIST:!VMS:FUNCTION:
-SSL_get_ex_d_X509_STORE_CTX_idx         175	EXIST:VMS:FUNCTION:
-SSL_CTX_set_tmp_dh_callback             176	EXIST::FUNCTION:DH
-SSL_CTX_set_tmp_rsa_callback            177	EXIST::FUNCTION:RSA
-SSL_CTX_set_timeout                     178	EXIST::FUNCTION:
-SSL_CTX_get_timeout                     179	EXIST::FUNCTION:
-SSL_CTX_get_cert_store                  180	EXIST::FUNCTION:
-SSL_CTX_set_cert_store                  181	EXIST::FUNCTION:
-SSL_want                                182	EXIST::FUNCTION:
-SSL_library_init                        183	EXIST::FUNCTION:
-SSL_COMP_add_compression_method         184	EXIST::FUNCTION:COMP
-SSL_add_file_cert_subjects_to_stack     185	EXIST:!VMS:FUNCTION:STDIO
-SSL_add_file_cert_subjs_to_stk          185	EXIST:VMS:FUNCTION:STDIO
-SSL_set_tmp_rsa_callback                186	EXIST::FUNCTION:RSA
-SSL_set_tmp_dh_callback                 187	EXIST::FUNCTION:DH
-SSL_add_dir_cert_subjects_to_stack      188	EXIST:!VMS:FUNCTION:STDIO
-SSL_add_dir_cert_subjs_to_stk           188	EXIST:VMS:FUNCTION:STDIO
-SSL_set_session_id_context              189	EXIST::FUNCTION:
-SSL_CTX_use_certificate_chain_file      222	EXIST:!VMS:FUNCTION:STDIO
-SSL_CTX_use_cert_chain_file             222	EXIST:VMS:FUNCTION:STDIO
-SSL_CTX_set_verify_depth                225	EXIST::FUNCTION:
-SSL_set_verify_depth                    226	EXIST::FUNCTION:
-SSL_CTX_get_verify_depth                228	EXIST::FUNCTION:
-SSL_get_verify_depth                    229	EXIST::FUNCTION:
-SSL_CTX_set_session_id_context          231	EXIST::FUNCTION:
-SSL_CTX_set_cert_verify_callback        232	EXIST:!VMS:FUNCTION:
-SSL_CTX_set_cert_verify_cb              232	EXIST:VMS:FUNCTION:
-SSL_test_functions                      233	EXIST::FUNCTION:UNIT_TEST
-SSL_CTX_set_default_passwd_cb_userdata  235	EXIST:!VMS:FUNCTION:
-SSL_CTX_set_def_passwd_cb_ud            235	EXIST:VMS:FUNCTION:
-SSL_set_purpose                         236	EXIST::FUNCTION:
-SSL_CTX_set_trust                       237	EXIST::FUNCTION:
-SSL_CTX_set_purpose                     238	EXIST::FUNCTION:
-SSL_set_trust                           239	EXIST::FUNCTION:
-SSL_get_finished                        240	EXIST::FUNCTION:
-SSL_get_peer_finished                   241	EXIST::FUNCTION:
-SSL_get1_session                        242	EXIST::FUNCTION:
-SSL_CTX_callback_ctrl                   243	EXIST::FUNCTION:
-SSL_callback_ctrl                       244	EXIST::FUNCTION:
-SSL_CTX_sessions                        245	EXIST::FUNCTION:
-SSL_get_rfd                             246	EXIST::FUNCTION:
-SSL_get_wfd                             247	EXIST::FUNCTION:
-kssl_cget_tkt                           248	EXIST::FUNCTION:KRB5
-SSL_has_matching_session_id             249	EXIST::FUNCTION:
-kssl_err_set                            250	EXIST::FUNCTION:KRB5
-kssl_ctx_show                           251	EXIST::FUNCTION:KRB5
-kssl_validate_times                     252	EXIST::FUNCTION:KRB5
-kssl_check_authent                      253	EXIST::FUNCTION:KRB5
-kssl_ctx_new                            254	EXIST::FUNCTION:KRB5
-kssl_build_principal_2                  255	EXIST::FUNCTION:KRB5
-kssl_skip_confound                      256	EXIST::FUNCTION:KRB5
-kssl_sget_tkt                           257	EXIST::FUNCTION:KRB5
-SSL_set_generate_session_id             258	EXIST::FUNCTION:
-kssl_ctx_setkey                         259	EXIST::FUNCTION:KRB5
-kssl_ctx_setprinc                       260	EXIST::FUNCTION:KRB5
-kssl_ctx_free                           261	EXIST::FUNCTION:KRB5
-kssl_krb5_free_data_contents            262	EXIST::FUNCTION:KRB5
-kssl_ctx_setstring                      263	EXIST::FUNCTION:KRB5
-SSL_CTX_set_generate_session_id         264	EXIST::FUNCTION:
-SSL_renegotiate_pending                 265	EXIST::FUNCTION:
-SSL_CTX_set_msg_callback                266	EXIST::FUNCTION:
-SSL_set_msg_callback                    267	EXIST::FUNCTION:
-DTLSv1_client_method                    268	EXIST::FUNCTION:
-SSL_CTX_set_tmp_ecdh_callback           269	EXIST::FUNCTION:ECDH
-SSL_set_tmp_ecdh_callback               270	EXIST::FUNCTION:ECDH
-SSL_COMP_get_name                       271	EXIST::FUNCTION:COMP
-SSL_get_current_compression             272	EXIST::FUNCTION:COMP
-DTLSv1_method                           273	EXIST::FUNCTION:
-SSL_get_current_expansion               274	EXIST::FUNCTION:COMP
-DTLSv1_server_method                    275	EXIST::FUNCTION:
-SSL_COMP_get_compression_methods        276	EXIST:!VMS:FUNCTION:COMP
-SSL_COMP_get_compress_methods           276	EXIST:VMS:FUNCTION:COMP
-SSL_SESSION_get_id                      277	EXIST::FUNCTION:
-SSL_CTX_sess_set_new_cb                 278	EXIST::FUNCTION:
-SSL_CTX_sess_get_get_cb                 279	EXIST::FUNCTION:
-SSL_CTX_sess_set_get_cb                 280	EXIST::FUNCTION:
-SSL_CTX_set_cookie_verify_cb            281	EXIST::FUNCTION:
-SSL_CTX_get_info_callback               282	EXIST::FUNCTION:
-SSL_CTX_set_cookie_generate_cb          283	EXIST::FUNCTION:
-SSL_CTX_set_client_cert_cb              284	EXIST::FUNCTION:
-SSL_CTX_sess_set_remove_cb              285	EXIST::FUNCTION:
-SSL_CTX_set_info_callback               286	EXIST::FUNCTION:
-SSL_CTX_sess_get_new_cb                 287	EXIST::FUNCTION:
-SSL_CTX_get_client_cert_cb              288	EXIST::FUNCTION:
-SSL_CTX_sess_get_remove_cb              289	EXIST::FUNCTION:
-SSL_set_SSL_CTX                         290	EXIST::FUNCTION:
-SSL_get_servername                      291	EXIST::FUNCTION:TLSEXT
-SSL_get_servername_type                 292	EXIST::FUNCTION:TLSEXT
-SSL_CTX_set_client_cert_engine          293	EXIST::FUNCTION:ENGINE
-SSL_CTX_use_psk_identity_hint           294	EXIST::FUNCTION:PSK
-SSL_CTX_set_psk_client_callback         295	EXIST::FUNCTION:PSK
-PEM_write_bio_SSL_SESSION               296	EXIST::FUNCTION:
-SSL_get_psk_identity_hint               297	EXIST::FUNCTION:PSK
-SSL_set_psk_server_callback             298	EXIST::FUNCTION:PSK
-SSL_use_psk_identity_hint               299	EXIST::FUNCTION:PSK
-SSL_set_psk_client_callback             300	EXIST::FUNCTION:PSK
-PEM_read_SSL_SESSION                    301	EXIST:!WIN16:FUNCTION:
-PEM_read_bio_SSL_SESSION                302	EXIST::FUNCTION:
-SSL_CTX_set_psk_server_callback         303	EXIST::FUNCTION:PSK
-SSL_get_psk_identity                    304	EXIST::FUNCTION:PSK
-PEM_write_SSL_SESSION                   305	EXIST:!WIN16:FUNCTION:
-SSL_set_session_ticket_ext              306	EXIST::FUNCTION:
-SSL_set_session_secret_cb               307	EXIST::FUNCTION:
-SSL_set_session_ticket_ext_cb           308	EXIST::FUNCTION:
-SSL_set1_param                          309	EXIST::FUNCTION:
-SSL_CTX_set1_param                      310	EXIST::FUNCTION:
-SSL_tls1_key_exporter                   311	NOEXIST::FUNCTION:
-SSL_renegotiate_abbreviated             312	EXIST::FUNCTION:
-TLSv1_1_method                          313	EXIST::FUNCTION:
-TLSv1_1_client_method                   314	EXIST::FUNCTION:
-TLSv1_1_server_method                   315	EXIST::FUNCTION:
-SSL_CTX_set_srp_client_pwd_callback     316	EXIST:!VMS:FUNCTION:SRP
-SSL_CTX_set_srp_client_pwd_cb           316	EXIST:VMS:FUNCTION:SRP
-SSL_get_srp_g                           317	EXIST::FUNCTION:SRP
-SSL_CTX_set_srp_username_callback       318	EXIST:!VMS:FUNCTION:SRP
-SSL_CTX_set_srp_un_cb                   318	EXIST:VMS:FUNCTION:SRP
-SSL_get_srp_userinfo                    319	EXIST::FUNCTION:SRP
-SSL_set_srp_server_param                320	EXIST::FUNCTION:SRP
-SSL_set_srp_server_param_pw             321	EXIST::FUNCTION:SRP
-SSL_get_srp_N                           322	EXIST::FUNCTION:SRP
-SSL_get_srp_username                    323	EXIST::FUNCTION:SRP
-SSL_CTX_set_srp_password                324	EXIST::FUNCTION:SRP
-SSL_CTX_set_srp_strength                325	EXIST::FUNCTION:SRP
-SSL_CTX_set_srp_verify_param_callback   326	EXIST:!VMS:FUNCTION:SRP
-SSL_CTX_set_srp_vfy_param_cb            326	EXIST:VMS:FUNCTION:SRP
-SSL_CTX_set_srp_miss_srp_un_cb          327	NOEXIST::FUNCTION:
-SSL_CTX_set_srp_missing_srp_username_callback 327	NOEXIST::FUNCTION:
-SSL_CTX_set_srp_cb_arg                  328	EXIST::FUNCTION:SRP
-SSL_CTX_set_srp_username                329	EXIST::FUNCTION:SRP
-SSL_CTX_SRP_CTX_init                    330	EXIST::FUNCTION:SRP
-SSL_SRP_CTX_init                        331	EXIST::FUNCTION:SRP
-SRP_Calc_A_param                        332	EXIST::FUNCTION:SRP
-SRP_generate_server_master_secret       333	EXIST:!VMS:FUNCTION:SRP
-SRP_gen_server_master_secret            333	EXIST:VMS:FUNCTION:SRP
-SSL_CTX_SRP_CTX_free                    334	EXIST::FUNCTION:SRP
-SRP_generate_client_master_secret       335	EXIST:!VMS:FUNCTION:SRP
-SRP_gen_client_master_secret            335	EXIST:VMS:FUNCTION:SRP
-SSL_srp_server_param_with_username      336	EXIST:!VMS:FUNCTION:SRP
-SSL_srp_server_param_with_un            336	EXIST:VMS:FUNCTION:SRP
-SRP_have_to_put_srp_username            337	NOEXIST::FUNCTION:
-SSL_SRP_CTX_free                        338	EXIST::FUNCTION:SRP
-SSL_set_debug                           339	EXIST::FUNCTION:
-SSL_SESSION_get0_peer                   340	EXIST::FUNCTION:
-TLSv1_2_client_method                   341	EXIST::FUNCTION:
-SSL_SESSION_set1_id_context             342	EXIST::FUNCTION:
-TLSv1_2_server_method                   343	EXIST::FUNCTION:
-SSL_cache_hit                           344	EXIST::FUNCTION:
-SSL_get0_kssl_ctx                       345	EXIST::FUNCTION:KRB5
-SSL_set0_kssl_ctx                       346	EXIST::FUNCTION:KRB5
-SSL_SESSION_get0_id                     347	NOEXIST::FUNCTION:
-SSL_set_state                           348	EXIST::FUNCTION:
-SSL_CIPHER_get_id                       349	EXIST::FUNCTION:
-TLSv1_2_method                          350	EXIST::FUNCTION:
-SSL_SESSION_get_id_len                  351	NOEXIST::FUNCTION:
-kssl_ctx_get0_client_princ              352	EXIST::FUNCTION:KRB5
-SSL_export_keying_material              353	EXIST::FUNCTION:TLSEXT
-SSL_set_tlsext_use_srtp                 354	EXIST::FUNCTION:SRTP
-SSL_CTX_set_next_protos_advertised_cb   355	EXIST:!VMS:FUNCTION:NEXTPROTONEG
-SSL_CTX_set_next_protos_adv_cb          355	EXIST:VMS:FUNCTION:NEXTPROTONEG
-SSL_get0_next_proto_negotiated          356	EXIST::FUNCTION:NEXTPROTONEG
-SSL_get_selected_srtp_profile           357	EXIST::FUNCTION:SRTP
-SSL_CTX_set_tlsext_use_srtp             358	EXIST::FUNCTION:SRTP
-SSL_select_next_proto                   359	EXIST::FUNCTION:NEXTPROTONEG
-SSL_get_srtp_profiles                   360	EXIST::FUNCTION:SRTP
-SSL_CTX_set_next_proto_select_cb        361	EXIST:!VMS:FUNCTION:NEXTPROTONEG
-SSL_CTX_set_next_proto_sel_cb           361	EXIST:VMS:FUNCTION:NEXTPROTONEG
-SSL_SESSION_get_compress_id             362	EXIST::FUNCTION:

Copied: vendor-crypto/openssl/1.0.1u/util/ssleay.num (from rev 11605, vendor-crypto/openssl/dist/util/ssleay.num)
===================================================================
--- vendor-crypto/openssl/1.0.1u/util/ssleay.num	                        (rev 0)
+++ vendor-crypto/openssl/1.0.1u/util/ssleay.num	2018-07-08 16:17:13 UTC (rev 11606)
@@ -0,0 +1,323 @@
+ERR_load_SSL_strings                    1	EXIST::FUNCTION:
+SSL_CIPHER_description                  2	EXIST::FUNCTION:
+SSL_CTX_add_client_CA                   3	EXIST::FUNCTION:
+SSL_CTX_add_session                     4	EXIST::FUNCTION:
+SSL_CTX_check_private_key               5	EXIST::FUNCTION:
+SSL_CTX_ctrl                            6	EXIST::FUNCTION:
+SSL_CTX_flush_sessions                  7	EXIST::FUNCTION:
+SSL_CTX_free                            8	EXIST::FUNCTION:
+SSL_CTX_get_client_CA_list              9	EXIST::FUNCTION:
+SSL_CTX_get_verify_callback             10	EXIST::FUNCTION:
+SSL_CTX_get_verify_mode                 11	EXIST::FUNCTION:
+SSL_CTX_new                             12	EXIST::FUNCTION:
+SSL_CTX_remove_session                  13	EXIST::FUNCTION:
+SSL_CTX_set_cipher_list                 15	EXIST::FUNCTION:
+SSL_CTX_set_client_CA_list              16	EXIST::FUNCTION:
+SSL_CTX_set_default_passwd_cb           17	EXIST::FUNCTION:
+SSL_CTX_set_ssl_version                 19	EXIST::FUNCTION:
+SSL_CTX_set_verify                      21	EXIST::FUNCTION:
+SSL_CTX_use_PrivateKey                  22	EXIST::FUNCTION:
+SSL_CTX_use_PrivateKey_ASN1             23	EXIST::FUNCTION:
+SSL_CTX_use_PrivateKey_file             24	EXIST::FUNCTION:STDIO
+SSL_CTX_use_RSAPrivateKey               25	EXIST::FUNCTION:RSA
+SSL_CTX_use_RSAPrivateKey_ASN1          26	EXIST::FUNCTION:RSA
+SSL_CTX_use_RSAPrivateKey_file          27	EXIST::FUNCTION:RSA,STDIO
+SSL_CTX_use_certificate                 28	EXIST::FUNCTION:
+SSL_CTX_use_certificate_ASN1            29	EXIST::FUNCTION:
+SSL_CTX_use_certificate_file            30	EXIST::FUNCTION:STDIO
+SSL_SESSION_free                        31	EXIST::FUNCTION:
+SSL_SESSION_new                         32	EXIST::FUNCTION:
+SSL_SESSION_print                       33	EXIST::FUNCTION:BIO
+SSL_SESSION_print_fp                    34	EXIST::FUNCTION:FP_API
+SSL_accept                              35	EXIST::FUNCTION:
+SSL_add_client_CA                       36	EXIST::FUNCTION:
+SSL_alert_desc_string                   37	EXIST::FUNCTION:
+SSL_alert_desc_string_long              38	EXIST::FUNCTION:
+SSL_alert_type_string                   39	EXIST::FUNCTION:
+SSL_alert_type_string_long              40	EXIST::FUNCTION:
+SSL_check_private_key                   41	EXIST::FUNCTION:
+SSL_clear                               42	EXIST::FUNCTION:
+SSL_connect                             43	EXIST::FUNCTION:
+SSL_copy_session_id                     44	EXIST::FUNCTION:
+SSL_ctrl                                45	EXIST::FUNCTION:
+SSL_dup                                 46	EXIST::FUNCTION:
+SSL_dup_CA_list                         47	EXIST::FUNCTION:
+SSL_free                                48	EXIST::FUNCTION:
+SSL_get_certificate                     49	EXIST::FUNCTION:
+SSL_get_cipher_list                     52	EXIST::FUNCTION:
+SSL_get_ciphers                         55	EXIST::FUNCTION:
+SSL_get_client_CA_list                  56	EXIST::FUNCTION:
+SSL_get_default_timeout                 57	EXIST::FUNCTION:
+SSL_get_error                           58	EXIST::FUNCTION:
+SSL_get_fd                              59	EXIST::FUNCTION:
+SSL_get_peer_cert_chain                 60	EXIST::FUNCTION:
+SSL_get_peer_certificate                61	EXIST::FUNCTION:
+SSL_get_rbio                            63	EXIST::FUNCTION:BIO
+SSL_get_read_ahead                      64	EXIST::FUNCTION:
+SSL_get_shared_ciphers                  65	EXIST::FUNCTION:
+SSL_get_ssl_method                      66	EXIST::FUNCTION:
+SSL_get_verify_callback                 69	EXIST::FUNCTION:
+SSL_get_verify_mode                     70	EXIST::FUNCTION:
+SSL_get_version                         71	EXIST::FUNCTION:
+SSL_get_wbio                            72	EXIST::FUNCTION:BIO
+SSL_load_client_CA_file                 73	EXIST::FUNCTION:STDIO
+SSL_load_error_strings                  74	EXIST::FUNCTION:
+SSL_new                                 75	EXIST::FUNCTION:
+SSL_peek                                76	EXIST::FUNCTION:
+SSL_pending                             77	EXIST::FUNCTION:
+SSL_read                                78	EXIST::FUNCTION:
+SSL_renegotiate                         79	EXIST::FUNCTION:
+SSL_rstate_string                       80	EXIST::FUNCTION:
+SSL_rstate_string_long                  81	EXIST::FUNCTION:
+SSL_set_accept_state                    82	EXIST::FUNCTION:
+SSL_set_bio                             83	EXIST::FUNCTION:BIO
+SSL_set_cipher_list                     84	EXIST::FUNCTION:
+SSL_set_client_CA_list                  85	EXIST::FUNCTION:
+SSL_set_connect_state                   86	EXIST::FUNCTION:
+SSL_set_fd                              87	EXIST::FUNCTION:SOCK
+SSL_set_read_ahead                      88	EXIST::FUNCTION:
+SSL_set_rfd                             89	EXIST::FUNCTION:SOCK
+SSL_set_session                         90	EXIST::FUNCTION:
+SSL_set_ssl_method                      91	EXIST::FUNCTION:
+SSL_set_verify                          94	EXIST::FUNCTION:
+SSL_set_wfd                             95	EXIST::FUNCTION:SOCK
+SSL_shutdown                            96	EXIST::FUNCTION:
+SSL_state_string                        97	EXIST::FUNCTION:
+SSL_state_string_long                   98	EXIST::FUNCTION:
+SSL_use_PrivateKey                      99	EXIST::FUNCTION:
+SSL_use_PrivateKey_ASN1                 100	EXIST::FUNCTION:
+SSL_use_PrivateKey_file                 101	EXIST::FUNCTION:STDIO
+SSL_use_RSAPrivateKey                   102	EXIST::FUNCTION:RSA
+SSL_use_RSAPrivateKey_ASN1              103	EXIST::FUNCTION:RSA
+SSL_use_RSAPrivateKey_file              104	EXIST::FUNCTION:RSA,STDIO
+SSL_use_certificate                     105	EXIST::FUNCTION:
+SSL_use_certificate_ASN1                106	EXIST::FUNCTION:
+SSL_use_certificate_file                107	EXIST::FUNCTION:STDIO
+SSL_write                               108	EXIST::FUNCTION:
+SSLeay_add_ssl_algorithms               109	NOEXIST::FUNCTION:
+SSLv23_client_method                    110	EXIST::FUNCTION:RSA
+SSLv23_method                           111	EXIST::FUNCTION:RSA
+SSLv23_server_method                    112	EXIST::FUNCTION:RSA
+SSLv2_client_method                     113	EXIST::FUNCTION:RSA,SSL2_METHOD
+SSLv2_method                            114	EXIST::FUNCTION:RSA,SSL2_METHOD
+SSLv2_server_method                     115	EXIST::FUNCTION:RSA,SSL2_METHOD
+SSLv3_client_method                     116	EXIST::FUNCTION:SSL3_METHOD
+SSLv3_method                            117	EXIST::FUNCTION:SSL3_METHOD
+SSLv3_server_method                     118	EXIST::FUNCTION:SSL3_METHOD
+d2i_SSL_SESSION                         119	EXIST::FUNCTION:
+i2d_SSL_SESSION                         120	EXIST::FUNCTION:
+BIO_f_ssl                               121	EXIST::FUNCTION:BIO
+BIO_new_ssl                             122	EXIST::FUNCTION:BIO
+BIO_proxy_ssl_copy_session_id           123	NOEXIST::FUNCTION:
+BIO_ssl_copy_session_id                 124	EXIST::FUNCTION:BIO
+SSL_do_handshake                        125	EXIST::FUNCTION:
+SSL_get_privatekey                      126	EXIST::FUNCTION:
+SSL_get_current_cipher                  127	EXIST::FUNCTION:
+SSL_CIPHER_get_bits                     128	EXIST::FUNCTION:
+SSL_CIPHER_get_version                  129	EXIST::FUNCTION:
+SSL_CIPHER_get_name                     130	EXIST::FUNCTION:
+BIO_ssl_shutdown                        131	EXIST::FUNCTION:BIO
+SSL_SESSION_cmp                         132	NOEXIST::FUNCTION:
+SSL_SESSION_hash                        133	NOEXIST::FUNCTION:
+SSL_SESSION_get_time                    134	EXIST::FUNCTION:
+SSL_SESSION_set_time                    135	EXIST::FUNCTION:
+SSL_SESSION_get_timeout                 136	EXIST::FUNCTION:
+SSL_SESSION_set_timeout                 137	EXIST::FUNCTION:
+SSL_CTX_get_ex_data                     138	EXIST::FUNCTION:
+SSL_CTX_get_quiet_shutdown              140	EXIST::FUNCTION:
+SSL_CTX_load_verify_locations           141	EXIST::FUNCTION:
+SSL_CTX_set_default_verify_paths        142	EXIST:!VMS:FUNCTION:
+SSL_CTX_set_def_verify_paths            142	EXIST:VMS:FUNCTION:
+SSL_CTX_set_ex_data                     143	EXIST::FUNCTION:
+SSL_CTX_set_quiet_shutdown              145	EXIST::FUNCTION:
+SSL_SESSION_get_ex_data                 146	EXIST::FUNCTION:
+SSL_SESSION_set_ex_data                 148	EXIST::FUNCTION:
+SSL_get_SSL_CTX                         150	EXIST::FUNCTION:
+SSL_get_ex_data                         151	EXIST::FUNCTION:
+SSL_get_quiet_shutdown                  153	EXIST::FUNCTION:
+SSL_get_session                         154	EXIST::FUNCTION:
+SSL_get_shutdown                        155	EXIST::FUNCTION:
+SSL_get_verify_result                   157	EXIST::FUNCTION:
+SSL_set_ex_data                         158	EXIST::FUNCTION:
+SSL_set_info_callback                   160	EXIST::FUNCTION:
+SSL_set_quiet_shutdown                  161	EXIST::FUNCTION:
+SSL_set_shutdown                        162	EXIST::FUNCTION:
+SSL_set_verify_result                   163	EXIST::FUNCTION:
+SSL_version                             164	EXIST::FUNCTION:
+SSL_get_info_callback                   165	EXIST::FUNCTION:
+SSL_state                               166	EXIST::FUNCTION:
+SSL_CTX_get_ex_new_index                167	EXIST::FUNCTION:
+SSL_SESSION_get_ex_new_index            168	EXIST::FUNCTION:
+SSL_get_ex_new_index                    169	EXIST::FUNCTION:
+TLSv1_method                            170	EXIST::FUNCTION:
+TLSv1_server_method                     171	EXIST::FUNCTION:
+TLSv1_client_method                     172	EXIST::FUNCTION:
+BIO_new_buffer_ssl_connect              173	EXIST::FUNCTION:BIO
+BIO_new_ssl_connect                     174	EXIST::FUNCTION:BIO
+SSL_get_ex_data_X509_STORE_CTX_idx      175	EXIST:!VMS:FUNCTION:
+SSL_get_ex_d_X509_STORE_CTX_idx         175	EXIST:VMS:FUNCTION:
+SSL_CTX_set_tmp_dh_callback             176	EXIST::FUNCTION:DH
+SSL_CTX_set_tmp_rsa_callback            177	EXIST::FUNCTION:RSA
+SSL_CTX_set_timeout                     178	EXIST::FUNCTION:
+SSL_CTX_get_timeout                     179	EXIST::FUNCTION:
+SSL_CTX_get_cert_store                  180	EXIST::FUNCTION:
+SSL_CTX_set_cert_store                  181	EXIST::FUNCTION:
+SSL_want                                182	EXIST::FUNCTION:
+SSL_library_init                        183	EXIST::FUNCTION:
+SSL_COMP_add_compression_method         184	EXIST::FUNCTION:COMP
+SSL_add_file_cert_subjects_to_stack     185	EXIST:!VMS:FUNCTION:STDIO
+SSL_add_file_cert_subjs_to_stk          185	EXIST:VMS:FUNCTION:STDIO
+SSL_set_tmp_rsa_callback                186	EXIST::FUNCTION:RSA
+SSL_set_tmp_dh_callback                 187	EXIST::FUNCTION:DH
+SSL_add_dir_cert_subjects_to_stack      188	EXIST:!VMS:FUNCTION:STDIO
+SSL_add_dir_cert_subjs_to_stk           188	EXIST:VMS:FUNCTION:STDIO
+SSL_set_session_id_context              189	EXIST::FUNCTION:
+SSL_CTX_use_certificate_chain_file      222	EXIST:!VMS:FUNCTION:STDIO
+SSL_CTX_use_cert_chain_file             222	EXIST:VMS:FUNCTION:STDIO
+SSL_CTX_set_verify_depth                225	EXIST::FUNCTION:
+SSL_set_verify_depth                    226	EXIST::FUNCTION:
+SSL_CTX_get_verify_depth                228	EXIST::FUNCTION:
+SSL_get_verify_depth                    229	EXIST::FUNCTION:
+SSL_CTX_set_session_id_context          231	EXIST::FUNCTION:
+SSL_CTX_set_cert_verify_callback        232	EXIST:!VMS:FUNCTION:
+SSL_CTX_set_cert_verify_cb              232	EXIST:VMS:FUNCTION:
+SSL_test_functions                      233	EXIST::FUNCTION:UNIT_TEST
+SSL_CTX_set_default_passwd_cb_userdata  235	EXIST:!VMS:FUNCTION:
+SSL_CTX_set_def_passwd_cb_ud            235	EXIST:VMS:FUNCTION:
+SSL_set_purpose                         236	EXIST::FUNCTION:
+SSL_CTX_set_trust                       237	EXIST::FUNCTION:
+SSL_CTX_set_purpose                     238	EXIST::FUNCTION:
+SSL_set_trust                           239	EXIST::FUNCTION:
+SSL_get_finished                        240	EXIST::FUNCTION:
+SSL_get_peer_finished                   241	EXIST::FUNCTION:
+SSL_get1_session                        242	EXIST::FUNCTION:
+SSL_CTX_callback_ctrl                   243	EXIST::FUNCTION:
+SSL_callback_ctrl                       244	EXIST::FUNCTION:
+SSL_CTX_sessions                        245	EXIST::FUNCTION:
+SSL_get_rfd                             246	EXIST::FUNCTION:
+SSL_get_wfd                             247	EXIST::FUNCTION:
+kssl_cget_tkt                           248	EXIST::FUNCTION:KRB5
+SSL_has_matching_session_id             249	EXIST::FUNCTION:
+kssl_err_set                            250	EXIST::FUNCTION:KRB5
+kssl_ctx_show                           251	EXIST::FUNCTION:KRB5
+kssl_validate_times                     252	EXIST::FUNCTION:KRB5
+kssl_check_authent                      253	EXIST::FUNCTION:KRB5
+kssl_ctx_new                            254	EXIST::FUNCTION:KRB5
+kssl_build_principal_2                  255	EXIST::FUNCTION:KRB5
+kssl_skip_confound                      256	EXIST::FUNCTION:KRB5
+kssl_sget_tkt                           257	EXIST::FUNCTION:KRB5
+SSL_set_generate_session_id             258	EXIST::FUNCTION:
+kssl_ctx_setkey                         259	EXIST::FUNCTION:KRB5
+kssl_ctx_setprinc                       260	EXIST::FUNCTION:KRB5
+kssl_ctx_free                           261	EXIST::FUNCTION:KRB5
+kssl_krb5_free_data_contents            262	EXIST::FUNCTION:KRB5
+kssl_ctx_setstring                      263	EXIST::FUNCTION:KRB5
+SSL_CTX_set_generate_session_id         264	EXIST::FUNCTION:
+SSL_renegotiate_pending                 265	EXIST::FUNCTION:
+SSL_CTX_set_msg_callback                266	EXIST::FUNCTION:
+SSL_set_msg_callback                    267	EXIST::FUNCTION:
+DTLSv1_client_method                    268	EXIST::FUNCTION:
+SSL_CTX_set_tmp_ecdh_callback           269	EXIST::FUNCTION:ECDH
+SSL_set_tmp_ecdh_callback               270	EXIST::FUNCTION:ECDH
+SSL_COMP_get_name                       271	EXIST::FUNCTION:COMP
+SSL_get_current_compression             272	EXIST::FUNCTION:COMP
+DTLSv1_method                           273	EXIST::FUNCTION:
+SSL_get_current_expansion               274	EXIST::FUNCTION:COMP
+DTLSv1_server_method                    275	EXIST::FUNCTION:
+SSL_COMP_get_compression_methods        276	EXIST:!VMS:FUNCTION:COMP
+SSL_COMP_get_compress_methods           276	EXIST:VMS:FUNCTION:COMP
+SSL_SESSION_get_id                      277	EXIST::FUNCTION:
+SSL_CTX_sess_set_new_cb                 278	EXIST::FUNCTION:
+SSL_CTX_sess_get_get_cb                 279	EXIST::FUNCTION:
+SSL_CTX_sess_set_get_cb                 280	EXIST::FUNCTION:
+SSL_CTX_set_cookie_verify_cb            281	EXIST::FUNCTION:
+SSL_CTX_get_info_callback               282	EXIST::FUNCTION:
+SSL_CTX_set_cookie_generate_cb          283	EXIST::FUNCTION:
+SSL_CTX_set_client_cert_cb              284	EXIST::FUNCTION:
+SSL_CTX_sess_set_remove_cb              285	EXIST::FUNCTION:
+SSL_CTX_set_info_callback               286	EXIST::FUNCTION:
+SSL_CTX_sess_get_new_cb                 287	EXIST::FUNCTION:
+SSL_CTX_get_client_cert_cb              288	EXIST::FUNCTION:
+SSL_CTX_sess_get_remove_cb              289	EXIST::FUNCTION:
+SSL_set_SSL_CTX                         290	EXIST::FUNCTION:
+SSL_get_servername                      291	EXIST::FUNCTION:TLSEXT
+SSL_get_servername_type                 292	EXIST::FUNCTION:TLSEXT
+SSL_CTX_set_client_cert_engine          293	EXIST::FUNCTION:ENGINE
+SSL_CTX_use_psk_identity_hint           294	EXIST::FUNCTION:PSK
+SSL_CTX_set_psk_client_callback         295	EXIST::FUNCTION:PSK
+PEM_write_bio_SSL_SESSION               296	EXIST::FUNCTION:
+SSL_get_psk_identity_hint               297	EXIST::FUNCTION:PSK
+SSL_set_psk_server_callback             298	EXIST::FUNCTION:PSK
+SSL_use_psk_identity_hint               299	EXIST::FUNCTION:PSK
+SSL_set_psk_client_callback             300	EXIST::FUNCTION:PSK
+PEM_read_SSL_SESSION                    301	EXIST:!WIN16:FUNCTION:
+PEM_read_bio_SSL_SESSION                302	EXIST::FUNCTION:
+SSL_CTX_set_psk_server_callback         303	EXIST::FUNCTION:PSK
+SSL_get_psk_identity                    304	EXIST::FUNCTION:PSK
+PEM_write_SSL_SESSION                   305	EXIST:!WIN16:FUNCTION:
+SSL_set_session_ticket_ext              306	EXIST::FUNCTION:
+SSL_set_session_secret_cb               307	EXIST::FUNCTION:
+SSL_set_session_ticket_ext_cb           308	EXIST::FUNCTION:
+SSL_set1_param                          309	EXIST::FUNCTION:
+SSL_CTX_set1_param                      310	EXIST::FUNCTION:
+SSL_tls1_key_exporter                   311	NOEXIST::FUNCTION:
+SSL_renegotiate_abbreviated             312	EXIST::FUNCTION:
+TLSv1_1_method                          313	EXIST::FUNCTION:
+TLSv1_1_client_method                   314	EXIST::FUNCTION:
+TLSv1_1_server_method                   315	EXIST::FUNCTION:
+SSL_CTX_set_srp_client_pwd_callback     316	EXIST:!VMS:FUNCTION:SRP
+SSL_CTX_set_srp_client_pwd_cb           316	EXIST:VMS:FUNCTION:SRP
+SSL_get_srp_g                           317	EXIST::FUNCTION:SRP
+SSL_CTX_set_srp_username_callback       318	EXIST:!VMS:FUNCTION:SRP
+SSL_CTX_set_srp_un_cb                   318	EXIST:VMS:FUNCTION:SRP
+SSL_get_srp_userinfo                    319	EXIST::FUNCTION:SRP
+SSL_set_srp_server_param                320	EXIST::FUNCTION:SRP
+SSL_set_srp_server_param_pw             321	EXIST::FUNCTION:SRP
+SSL_get_srp_N                           322	EXIST::FUNCTION:SRP
+SSL_get_srp_username                    323	EXIST::FUNCTION:SRP
+SSL_CTX_set_srp_password                324	EXIST::FUNCTION:SRP
+SSL_CTX_set_srp_strength                325	EXIST::FUNCTION:SRP
+SSL_CTX_set_srp_verify_param_callback   326	EXIST:!VMS:FUNCTION:SRP
+SSL_CTX_set_srp_vfy_param_cb            326	EXIST:VMS:FUNCTION:SRP
+SSL_CTX_set_srp_miss_srp_un_cb          327	NOEXIST::FUNCTION:
+SSL_CTX_set_srp_missing_srp_username_callback 327	NOEXIST::FUNCTION:
+SSL_CTX_set_srp_cb_arg                  328	EXIST::FUNCTION:SRP
+SSL_CTX_set_srp_username                329	EXIST::FUNCTION:SRP
+SSL_CTX_SRP_CTX_init                    330	EXIST::FUNCTION:SRP
+SSL_SRP_CTX_init                        331	EXIST::FUNCTION:SRP
+SRP_Calc_A_param                        332	EXIST::FUNCTION:SRP
+SRP_generate_server_master_secret       333	EXIST:!VMS:FUNCTION:SRP
+SRP_gen_server_master_secret            333	EXIST:VMS:FUNCTION:SRP
+SSL_CTX_SRP_CTX_free                    334	EXIST::FUNCTION:SRP
+SRP_generate_client_master_secret       335	EXIST:!VMS:FUNCTION:SRP
+SRP_gen_client_master_secret            335	EXIST:VMS:FUNCTION:SRP
+SSL_srp_server_param_with_username      336	EXIST:!VMS:FUNCTION:SRP
+SSL_srp_server_param_with_un            336	EXIST:VMS:FUNCTION:SRP
+SRP_have_to_put_srp_username            337	NOEXIST::FUNCTION:
+SSL_SRP_CTX_free                        338	EXIST::FUNCTION:SRP
+SSL_set_debug                           339	EXIST::FUNCTION:
+SSL_SESSION_get0_peer                   340	EXIST::FUNCTION:
+TLSv1_2_client_method                   341	EXIST::FUNCTION:
+SSL_SESSION_set1_id_context             342	EXIST::FUNCTION:
+TLSv1_2_server_method                   343	EXIST::FUNCTION:
+SSL_cache_hit                           344	EXIST::FUNCTION:
+SSL_get0_kssl_ctx                       345	EXIST::FUNCTION:KRB5
+SSL_set0_kssl_ctx                       346	EXIST::FUNCTION:KRB5
+SSL_SESSION_get0_id                     347	NOEXIST::FUNCTION:
+SSL_set_state                           348	EXIST::FUNCTION:
+SSL_CIPHER_get_id                       349	EXIST::FUNCTION:
+TLSv1_2_method                          350	EXIST::FUNCTION:
+SSL_SESSION_get_id_len                  351	NOEXIST::FUNCTION:
+kssl_ctx_get0_client_princ              352	EXIST::FUNCTION:KRB5
+SSL_export_keying_material              353	EXIST::FUNCTION:TLSEXT
+SSL_set_tlsext_use_srtp                 354	EXIST::FUNCTION:SRTP
+SSL_CTX_set_next_protos_advertised_cb   355	EXIST:!VMS:FUNCTION:NEXTPROTONEG
+SSL_CTX_set_next_protos_adv_cb          355	EXIST:VMS:FUNCTION:NEXTPROTONEG
+SSL_get0_next_proto_negotiated          356	EXIST::FUNCTION:NEXTPROTONEG
+SSL_get_selected_srtp_profile           357	EXIST::FUNCTION:SRTP
+SSL_CTX_set_tlsext_use_srtp             358	EXIST::FUNCTION:SRTP
+SSL_select_next_proto                   359	EXIST::FUNCTION:NEXTPROTONEG
+SSL_get_srtp_profiles                   360	EXIST::FUNCTION:SRTP
+SSL_CTX_set_next_proto_select_cb        361	EXIST:!VMS:FUNCTION:NEXTPROTONEG
+SSL_CTX_set_next_proto_sel_cb           361	EXIST:VMS:FUNCTION:NEXTPROTONEG
+SSL_SESSION_get_compress_id             362	EXIST::FUNCTION:



More information about the Midnightbsd-cvs mailing list